Add interface to TweetNaCl library #566
Conversation
This is Bernstein's compact, portable NaCl library. According to his paper on the library, it is 2x to 4x faster than the functions it was intended to replace, like RSA. However, it is also 2x to 4x times slower than optimized versions of NaCl algorithms
There's no real reason to merge here except that Git cannot determine when files are bitwise equal. Git insists on merging file X with an exact copy of file X. Derp...
The CI tests are hanging with a message "This job is configured to run on an OS X image that was retired on November 28, 2017. It was routed to our Xcode 8.3 image."
We also switch from a sed script to patch to update tweetnacl.c. There's too many changes now
When NO_OS_DEPENDENCE is in effect, we lose the random number generators we need
This define is missing in tweetnacl.h header
This define is missing in tweetnacl.h header
|
Thank you, @noloader! 🎉 👍 |
|
Epic PR, thank you @noloader 🎉 |
|
We renamed Earlier we added three functions to Bernstein's gear: Interop problems will likely occur for folks like Ethereum and Monero who are providing the high level protocols. Also see Hopwood's comments at libsodium's Commit afabd7e7386e. |
TweetNaCl is a compact reimplementation of the NaCl library by Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja Lange, Peter Schwabe and Sjaak Smetsers. The library is less than 20 KB in size and provides 25 of the NaCl library functions.
The compact library uses curve25519, XSalsa20, Poly1305 and SHA-512 as default primitives, and includes both x25519 key exchange and ed25519 signatures. The complete list of functions can be found in TweetNaCl: A crypto library in 100 tweets (20140917), Table 1, page 5.
Crypto++ retained the function names and signatures but switched to data types provided by
<stdint.h>to promote interoperability with Crypto++ and avoid size problems on platforms like Cygwin. For example, NaCl typdef'd u64 as an unsigned long long, but Cygwin, MinGW and MSYS are LP64 systems (not LLP64 systems). In addition, Crypto++ was missing NaCl's signed 64-bit integer i64.Crypto++ rejects small order elements using libsodium's blacklist. The TweetNaCl library allowed them but the library predated the attack. If you wish to allow small elements then use the "unchecked" versions of
crypto_box_unchecked,crypto_box_open_uncheckedandcrypto_box_beforenm_unchecked. Also see RFC 7748, Elliptic Curves for Security, Section 6.TweetNaCl is well written but not well optimized. It runs 2x to 3x slower than optimized routines from libsodium. However, the library is still 2x to 4x faster than the algorithms NaCl was designed to replace.
The Crypto++ wrapper for TweetNaCl requires OS features. That is,
NO_OS_DEPENDENCEcannot be defined. It is due to TweetNaCl's internal function randombytes. Crypto++ used DefaultAutoSeededRNG within randombytes, so OS integration must be enabled. You can use another generator like RDRAND to avoid the restriction.