TweetNaCl crypto library port to Android
Java HTML C CSS JavaScript Makefile
Latest commit 58d4f3d Apr 28, 2015 @twystd Updated to SDK 21

README.md

tweetnacl-android: version 1.00.0

TweetNaCl - Android NDK port

tweetnacl-android is a port of Dan Bernstein's TweetNaCl "crypto library in a 100 tweets" code to the Android NDK.

Version Info

tweetnacl: 20140427

Usage

  1. The simplest way to use the tweetnacl-android library is to clone the project into your workspace and reference the TweetNaCl project in the native-lib directory as an Android library project.

  2. Alternatively, copy the libs and src directories to your own project.

Building (Eclipse/ADT)

  1. To rebuild the native library:

    • create an entry for ndk.dir in the local.properties file in the native-lib project that points to your installation of the Android NDK
    • execute the 'clean' and 'build' targets in the build.xml Ant script
  2. Alternatively invoke the Android NDK ndk-build script from the jni directory in the native-lib project

  3. To build the 'benchmark' project:

    • update the Android section of the project properties so that the android-support-v7-appcompat library project references the Android SDK extras/android/support/v7/appcompat project (or a copy thereof)
    • for some (infinitely bizarre) reason you will probably have to update the v4 support library in both projects
    • for the same (infinitely bizarre) reason you will quite probably have to restart Eclipse/ADT after updating the v4 support library to get the project to build cleanly
  4. The 'test' project manifest references the 'benchmark' project and should build correctly once the 'benchmark' project builds cleanly.

Disclaimer

The JNI wrapper has been kept as 'thin' as possible to avoid compromising the careful design and coding of the original TweetNaCl implementation. However, cryptography being what it is, the wrapper may have (entirely inadvertently) introduced non-obvious vulnerabilities (for instance How to zero a buffer). So ....

USE ENTIRELY AT YOUR OWN RISK !

Notes

  1. There is a barely measureable (5%) but seemingly consistent performance improvement using GetByteArrayElements rather than GetByteArrayRegion.
  2. And pre-emptive apologies are probably in order for the fairly bleak spy-vs-spy themed benchmark app.

TODO

  1. tweetnacl/z: optional implementation with external buffer management
  2. See if ByteBuffer perform better for transferring data to/from native lib.
  3. (Cryptol ?)

References

  1. TweetNaCl
  2. TweetNaCl: A crypto library in 100 tweets
  3. Cryptography in NaCl
  4. TweetNaCl: How cr.yp.to’s developers got carried away by the carry bit
  5. NaCl: Cryptography for the Internet
  6. On NaCl: Undefined Behaviour
  7. Safe, Efficient, and Portable Rotate in C/C++
  8. StackOveflow:Is there a replacement for /dev/random on Android JNI
  9. Issue 42265:Android empties the entropy pool, resulting in blocking, user perceived lag/poor performance
  10. Android Developer's Blog:Some SecureRandom Thoughts
  11. How to zero a buffer
  12. Zeroing buffers is insufficient
  13. How to zero a buffer: Erratum