Porting the NaCl cryptography library


NaCl is one of the most widely used cryptography libraries currently available. Tweet-NaCl distills it into an entirely understandable, auditable and portable 100-tweets worth of C code (no really: it is even on Twitter).

As part of Peergos, Ian and I really needed a set of crypto primitives that could be used in both a Javascript environment (ie. a browser) and in the JVM. Tweet-NaCl was already available in Javascript but we could not find a stable, working version written in pure Java...

Pure Java Tweet-NaCl

Java Tweet-NaCl is a pure Java port of the Tweet-NaCl cryptography library. The actual port was pretty easy except when it briefly turned into a regex-olympics competition to turn as much of the C to Java automatically.

To verify the correctness of our pure-Java port, we wrapped the pure-C Tweet-NaCl library in the Java Native Interface (JNI). This allowed us to directly test the various Tweet-NaCl API calls in the C-source and our Java port.

To verify that our port is compatible with the Javascript port we're using in Peergos, we also tested the entire API running the Javascript version in Nashorn.

So there you go: three implementations of the Tweet-NaCl library running in the same JVM:

  • The original C running in the JNI;
  • A Javascript port of the original C running in Nashorn;
  • Our new pure-Java port running directly.

And best of all, all tests are now passing!

Go Top