NaCl: Difference between revisions
m (→PHP binding) |
No edit summary |
||
Line 29: | Line 29: | ||
== C# / .Net implementation == | == C# / .Net implementation == | ||
This is a partial port directly from the original C sourcecode to pure ("unsafe") C# code. All code has been put into classes, and array operations had to be changed to use pointers. Only few | This is a partial port directly from the original C sourcecode to pure ("unsafe") C# code. All code has been put into classes, and array operations had to be changed to use pointers. Only few changes had to be made to the actual logic. | ||
The sourcecode, as well as a precompiled library are available at http://oss.ucis.nl/nacl/. Note that not all code has been ported yet. More specifically, everything needed to provide [http://nacl.cace-project.eu/box.html curve25519xsalsa20poly1305 crypto-box] functionality has been ported. | The sourcecode, as well as a precompiled library are available at http://oss.ucis.nl/nacl/. Note that not all code has been ported yet. More specifically, everything needed to provide [http://nacl.cace-project.eu/box.html curve25519xsalsa20poly1305 crypto-box] functionality has been ported. Signature functionality has been ported, but not published yet. | ||
Most of the ported code should be as secure as the original C code. The key generation procedure may be less secure, due to the use of a | Most of the ported code should be as secure as the original C code. The key generation procedure may be less secure, due to the use of a pseudo-random number generator (by default, depending on the .Net framework implementation). The C# code performs somewhat slower than the original C code, mostly because the original code is highly optimized for specific hardware. | ||
The C# NaCl library is currently used by the [[VNE]] library to provide [[QuickTun]] VPN tunnel functionality. | The C# NaCl library is currently used by the [[VNE]] library to provide [[QuickTun]] VPN tunnel functionality. | ||
Line 45: | Line 45: | ||
== PHP binding == | == PHP binding == | ||
An incomplete PHP extension to support is available in source form at http://oss.ucis.nl/hg/php_nacl/ and as a debian/ubuntu package at http://apt.ucis.nl/ (php5-nacl). | An incomplete PHP extension to support is available in source form at http://oss.ucis.nl/hg/php_nacl/ and as a debian/ubuntu package at http://apt.ucis.nl/ (php5-nacl). | ||
== Other implementations and bindings == | |||
* Python: http://mojzis.com/software/python-nacl/ |
Revision as of 16:59, 15 October 2011
"NaCl (pronounced "salt") is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools. Of course, other libraries already exist for these core operations. NaCl advances the state of the art by improving security, by improving usability, and by improving speed."
- Project website: http://nacl.cace-project.eu/
- D. J. Bernstein: http://cr.yp.to/
Python and C implementations
The NaCl library was originally implemented in Python. It was ported to C afterwards, later also providing C++ language bindings. The C sourcecode is available on http://nacl.cace-project.eu/, and is used in my QuickTun VPN software.
The C code is very straight-forward, and trivial to port to C# and JavaScript.
See NaCl/Windows for information on building NaCl on Windows.
See NaCl/Shared for information about building a shared, dynamically linkable library. A dynamic shared library and an automated way to build one on Debian/Ubuntu systems, are also available in the repository at http://apt.ucis.nl/.
Building only reference implementations
Sometimes it is desirable to build a generic platform independent library. In this case, it is recommended to only use the reference implementations of the provided primitives. To do so, the patch below can be used on the do script (patch do patchfile):
*** do.org 2011-02-27 17:47:19.997126841 +0100 --- do 2011-02-27 18:05:53.837122146 +0100 *************** *** 168,169 **** --- 168,173 ---- implementationdir=`dirname $doth` + implementation=`basename "$implementationdir"` + if [ "$implementation" != "ref" -a "$implementation" != "ref2" ]; then + continue; + fi opi=`echo "$implementationdir" | tr ./- ___`
C# / .Net implementation
This is a partial port directly from the original C sourcecode to pure ("unsafe") C# code. All code has been put into classes, and array operations had to be changed to use pointers. Only few changes had to be made to the actual logic. The sourcecode, as well as a precompiled library are available at http://oss.ucis.nl/nacl/. Note that not all code has been ported yet. More specifically, everything needed to provide curve25519xsalsa20poly1305 crypto-box functionality has been ported. Signature functionality has been ported, but not published yet.
Most of the ported code should be as secure as the original C code. The key generation procedure may be less secure, due to the use of a pseudo-random number generator (by default, depending on the .Net framework implementation). The C# code performs somewhat slower than the original C code, mostly because the original code is highly optimized for specific hardware.
The C# NaCl library is currently used by the VNE library to provide QuickTun VPN tunnel functionality.
Another partial C# port is available here as part of GbDns.
JavaScript implementation
This is another partial port based on the above C# sourcecode to pure browser-compliant JavaScript. It tries to resemble the original sourcecode as close as possible. The sourcecode, as well as an usage example, is available at http://oss.ucis.nl/nacl/js/. Note that only the curve25519xsalsa20poly1305 key generation has been implemented so far - but further porting should be trivial.
The key generation procedure may be less secure than the original code, due to the use of a possibly pseudo-random number generator. Also, browsers tend to be prone to all kinds of (cross-site) scripting attacks. The code is a lot slower than the original C code, as it's dynamically interpreted. Obviously, it performs best in Google Chrome, then comes Firefox, and is just terribly slow in MSIE. But hey, it works!
PHP binding
An incomplete PHP extension to support is available in source form at http://oss.ucis.nl/hg/php_nacl/ and as a debian/ubuntu package at http://apt.ucis.nl/ (php5-nacl).