AVRNaCl – μNaCl for AVR ATmega
API and supported primitives
AVRNaCl implements the NaCl C API. The only difference between the NaCl C API and the API of AVRNaCl is that lengths of inputs are not passed as 64-bit unsigned integers, but as 16-bit unsigned integers (datatype crypto_uint16). For detailed documentation of the NaCl C API see the NaCl website. The following functions are currently supported by AVRNaCl. Functions marked in red use the additional randombytes function. The implementation of this function which is currently included in the AVRNacl archive is completely deterministic and must not be used to generate cryptographic keys. The only reason to include this function is for testing.
- crypto_auth = crypto_auth_hmacsha512256
- crypto_box = crypto_box_curve25519xsalsa20poly1305
- crypto_box_keypair = crypto_box_curve25519xsalsa20poly1305_keypair
- crypto_box_open = crypto_box_curve25519xsalsa20poly1305_open
- crypto_box_beforenm = crypto_box_curve25519xsalsa20poly1305_beforenm
- crypto_box_afternm = crypto_box_curve25519xsalsa20poly1305_afternm
- crypto_box_open_afternm = crypto_box_curve25519xsalsa20poly1305_open_afternm
- crypto_core = crypto_core_salsa20
- crypto_core_hsalsa20
- crypto_hashblocks = crypto_hash_sha512
- crypto_hash = crypto_hash_sha512
- crypto_onetimeauth = crypto_onetimeauth_poly1305
- crypto_onetimeauth_verify = crypto_onetimeauth_poly1305_verify
- crypto_scalarmult = crypto_scalarmult_curve25519
- crypto_scalarmult_base = crypto_scalarmult_curve25519_base
- crypto_dh = crypto_dh_curve25519
- crypto_dh_keypair = crypto_dh_curve25519_keypair
- crypto_secretbox = crypto_secretbox_xsalsa20poly1303
- crypto_secretbox_open = crypto_secretbox_xsalsa20poly1303_open
- crypto_sign = crypto_sign_ed25519
- crypto_sign_keypair = crypto_sign_ed25519_keypair
- crypto_sign_open = crypto_sign_ed25519_open
- crypto_stream = crypto_stream_xsalsa20
- crypto_stream_xor = crypto_stream_xsalsa20_xor
- crypto_stream_salsa20
- crypto_stream_salsa20_xor
- crypto_verify = crypto_verify16
- crypto_verify32
Build instructions
Installing an AVR GNU toolchain
In order to build AVRNaCl you need an AVR GNU toolchain installed. On a Debian (jessie) systems this is easily achieved by adding the following line to the file /etc/apt/sources.list:
and then the following commands (as root):
apt-get install gcc-avr binutils-avr avr-libc avrdude
Building AVRNaCl
First download and unpack AVRNaCl:
tar xjvf avrnacl-20140813.tar.bz2
cd avrnacl-20140813/
Now edit the file called config and set the following variables (in the example set to their default values):
CPUFREQ=16000000
CC=/usr/bin/avr-gcc
OBJCOPY=/usr/bin/avr-objcopy
AR=/usr/bin/avr-ar
STRIP=/usr/bin/avr-strip
Please make sure that the value of TARGET_DEVICE matches the -mmcu flag expected by gcc for your target microcontroller
and that the value of CPUFREQ matches the CPU frequency of the target microcontroller.
If you installed the AVR GNU toolchain as described above, the paths of avr-gcc, avr-objcopy, avr-ar, and avr-strip should
be correct; otherwise edit them to match your system.
Now you are ready to build AVRNaCl by running
This will build different versions of AVRNaCl:
- A version optimized for speed in avrnacl_fast/obj/libnacl.a
- A version optimized for size in avrnacl_small/obj/libnacl.a
- A reference version written entirely in C in avrnacl_8bitc/obj/libnacl.a
The header file for all these versions is the file avrnacl.h.
Testing and benchmarking
The make process described above also builds various hex files that run tests and benchmarks of AVRNaCl. AVRNaCl comes with three scripts that automate the process of programming a microcontroller with these tests and writing the results to log files. We use the Arduino MEGA development board with an ATmega2560 to run those tests and benchmarks. Some of the tests may not work on an ATmega with less flash and RAM (even though the library will work); the reason is that testvectors need additional space in RAM and the test code needs additional space in flash. To run tests and benchmarks first edit the file named config to set the following variables
TESTLOGFILE=test.log
SPEEDLOGFILE=speed.log
STACKLOGFILE=stack.log
The DEVICE_FILE variable sets the serial device file of the development board.
When connecting the Arduino MEGA through USB, this is most likely going to be the default value
/dev/ttyACM0. The other three variables set output file names of the test, the speed benchmark,
and the stack benchmark, respecitvely.
To run tests of all primitives of all implementations of AVRNaCl, simply run
This test will take about 2.5 hours and the results will be printed to the file configured by the variable TESTLOGFILE in config (by default test.log). It is also possible to run tests of only one implementation or only one primitive of one implementation. For example, to only test the "fast" implementation, run
Similarly, the script run_speed.sh performs a speed benchmarks and prints results to the file configured in the SPEEDLOGFILE variable and the script run_stack.sh performs stack benchmarks and prints results to the file configured in the STACKLOGFILE variable.