1 // naclite.h - written and placed in the public domain by Jeffrey Walton 2 // based on public domain NaCl source code written by 3 // Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, 4 // Tanja Lange, Peter Schwabe and Sjaak Smetsers. 5 6 // The Tweet API was added to the Crypto++ library to cross-validate results. 7 // We debated over putting it in the Test namespace, but settled for the NaCl 8 // namespace to segregate it from other parts of the library. 9 10 /// \file naclite.h 11 /// \brief Crypto++ interface to TweetNaCl library (20140917) 12 /// \details TweetNaCl is a compact reimplementation of the NaCl library 13 /// by Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja 14 /// Lange, Peter Schwabe and Sjaak Smetsers. The library is less than 15 /// 20 KB in size and provides 25 of the NaCl library functions. 16 /// \details The compact library uses curve25519, XSalsa20, Poly1305 and 17 /// SHA-512 as default primitives, and includes both x25519 key exchange 18 /// and ed25519 signatures. The complete list of functions can be found 19 /// in <A 20 /// HREF="https://tweetnacl.cr.yp.to/tweetnacl-20140917.pdf">TweetNaCl: 21 /// A crypto library in 100 tweets</A> (20140917), Table 1, page 5. 22 /// \details Crypto++ rejects small order elements using libsodium's 23 /// blacklist. The TweetNaCl library allowed them but the library predated 24 /// the attack. If you wish to allow small elements then use the "unchecked" 25 /// versions of crypto_box_unchecked, crypto_box_open_unchecked and 26 /// crypto_box_beforenm_unchecked. 27 /// \details TweetNaCl is well written but not well optimzed. It runs about 28 /// 10x slower than optimized routines from libsodium. However, the library 29 /// is still 2x to 4x faster than the algorithms NaCl was designed to replace 30 /// and allows cross-checking results from an independent implementation. 31 /// \details The Crypto++ wrapper for TweetNaCl requires OS features. That is, 32 /// <tt>NO_OS_DEPENDENCE</tt> cannot be defined. It is due to TweetNaCl's 33 /// internal function <tt>randombytes</tt>. Crypto++ used 34 /// <tt>DefaultAutoSeededRNG</tt> within <tt>randombytes</tt>, so OS 35 /// integration must be enabled. You can use another generator like 36 /// <tt>RDRAND</tt> to avoid the restriction. 37 /// \sa <A HREF="https://cr.yp.to/highspeed/coolnacl-20120725.pdf">The security 38 /// impact of a new cryptographic library</A>, <A 39 /// HREF="https://tweetnacl.cr.yp.to/tweetnacl-20140917.pdf">TweetNaCl: 40 /// A crypto library in 100 tweets</A> (20140917), <A 41 /// HREF="https://eprint.iacr.org/2017/806.pdf">May the Fourth Be With You: 42 /// A Microarchitectural Side Channel Attack on Several Real-World 43 /// Applications of Curve25519</A>, <A 44 /// HREF="https://github.com/jedisct1/libsodium/commit/afabd7e7386e1194">libsodium 45 /// commit afabd7e7386e1194</A> and <A 46 /// HREF="https://tools.ietf.org/html/rfc7748">RFC 7748, Elliptic Curves for 47 /// Security</A>, Section 6. 48 /// \since Crypto++ 6.0 49 50 #ifndef CRYPTOPP_NACL_H 51 #define CRYPTOPP_NACL_H 52 53 #include "config.h" 54 #include "stdcpp.h" 55 56 #if defined(NO_OS_DEPENDENCE) || !defined(OS_RNG_AVAILABLE) 57 # define CRYPTOPP_DISABLE_NACL 1 58 #endif 59 60 #ifndef CRYPTOPP_DISABLE_NACL 61 62 NAMESPACE_BEGIN(CryptoPP) 63 NAMESPACE_BEGIN(NaCl) 64 65 /// \brief Hash size in bytes 66 /// \sa <A HREF="https://nacl.cr.yp.to/hash.html">NaCl crypto_hash documentation</A> 67 CRYPTOPP_CONSTANT(crypto_hash_BYTES = 64); 68 69 /// \brief Key size in bytes 70 /// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A> 71 CRYPTOPP_CONSTANT(crypto_stream_KEYBYTES = 32); 72 /// \brief Nonce size in bytes 73 /// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A> 74 CRYPTOPP_CONSTANT(crypto_stream_NONCEBYTES = 24); 75 76 /// \brief Key size in bytes 77 /// \sa <A HREF="https://nacl.cr.yp.to/auth.html">NaCl crypto_auth documentation</A> 78 CRYPTOPP_CONSTANT(crypto_auth_KEYBYTES = 32); 79 /// \brief Tag size in bytes 80 /// \sa <A HREF="https://nacl.cr.yp.to/auth.html">NaCl crypto_auth documentation</A> 81 CRYPTOPP_CONSTANT(crypto_auth_BYTES = 16); 82 83 /// \brief Key size in bytes 84 /// \sa <A HREF="https://nacl.cr.yp.to/onetimeauth.html">NaCl crypto_onetimeauth documentation</A> 85 CRYPTOPP_CONSTANT(crypto_onetimeauth_KEYBYTES = 32); 86 /// \brief Tag size in bytes 87 /// \sa <A HREF="https://nacl.cr.yp.to/onetimeauth.html">NaCl crypto_onetimeauth documentation</A> 88 CRYPTOPP_CONSTANT(crypto_onetimeauth_BYTES = 16); 89 90 /// \brief Key size in bytes 91 /// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A> 92 CRYPTOPP_CONSTANT(crypto_secretbox_KEYBYTES = 32); 93 /// \brief Nonce size in bytes 94 /// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A> 95 CRYPTOPP_CONSTANT(crypto_secretbox_NONCEBYTES = 24); 96 /// \brief Zero-padded message prefix in bytes 97 /// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A> 98 CRYPTOPP_CONSTANT(crypto_secretbox_ZEROBYTES = 32); 99 /// \brief Zero-padded message prefix in bytes 100 /// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A> 101 CRYPTOPP_CONSTANT(crypto_secretbox_BOXZEROBYTES = 16); 102 103 /// \brief Private key size in bytes 104 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A> 105 CRYPTOPP_CONSTANT(crypto_box_SECRETKEYBYTES = 32); 106 /// \brief Public key size in bytes 107 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A> 108 CRYPTOPP_CONSTANT(crypto_box_PUBLICKEYBYTES = 32); 109 /// \brief Nonce size in bytes 110 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A> 111 CRYPTOPP_CONSTANT(crypto_box_NONCEBYTES = 24); 112 /// \brief Message 0-byte prefix in bytes 113 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A> 114 CRYPTOPP_CONSTANT(crypto_box_ZEROBYTES = 32); 115 /// \brief Open box 0-byte prefix in bytes 116 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A> 117 CRYPTOPP_CONSTANT(crypto_box_BOXZEROBYTES = 16); 118 /// \brief Precomputation 0-byte prefix in bytes in bytes 119 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A> 120 CRYPTOPP_CONSTANT(crypto_box_BEFORENMBYTES = 32); 121 /// \brief MAC size in bytes 122 /// \details crypto_box_MACBYTES was missing from tweetnacl.h. Its is defined as 123 /// crypto_box_curve25519xsalsa20poly1305_MACBYTES, which is defined as 16U. 124 /// \sa <A HREF="https://nacl.cr.yp.to/hash.html">NaCl crypto_box documentation</A> 125 CRYPTOPP_CONSTANT(crypto_box_MACBYTES = 16); 126 127 /// \brief Private key size in bytes 128 /// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A> 129 CRYPTOPP_CONSTANT(crypto_sign_SECRETKEYBYTES = 64); 130 /// \brief Public key size in bytes 131 /// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A> 132 CRYPTOPP_CONSTANT(crypto_sign_PUBLICKEYBYTES = 32); 133 /// \brief Seed size in bytes 134 /// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A> 135 CRYPTOPP_CONSTANT(crypto_sign_SEEDBYTES = 32); 136 /// \brief Signature size in bytes 137 /// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A> 138 CRYPTOPP_CONSTANT(crypto_sign_BYTES = 64); 139 140 /// \brief Group element size in bytes 141 /// \sa <A HREF="https://nacl.cr.yp.to/scalarmult.html">NaCl crypto_scalarmult documentation</A> 142 CRYPTOPP_CONSTANT(crypto_scalarmult_BYTES = 32); 143 /// \brief Integer size in bytes 144 /// \sa <A HREF="https://nacl.cr.yp.to/scalarmult.html">NaCl crypto_scalarmult documentation</A> 145 CRYPTOPP_CONSTANT(crypto_scalarmult_SCALARBYTES = 32); 146 147 /// \brief Encrypt and authenticate a message 148 /// \param c output byte buffer 149 /// \param m input byte buffer 150 /// \param d size of the input byte buffer 151 /// \param n nonce byte buffer 152 /// \param y other's public key 153 /// \param x private key 154 /// \details crypto_box() uses crypto_box_curve25519xsalsa20poly1305 155 /// \return 0 on success, non-0 otherwise 156 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A> 157 /// \since Crypto++ 6.0 158 int crypto_box(byte *c,const byte *m,word64 d,const byte *n,const byte *y,const byte *x); 159 160 /// \brief Verify and decrypt a message 161 /// \param m output byte buffer 162 /// \param c input byte buffer 163 /// \param d size of the input byte buffer 164 /// \param n nonce byte buffer 165 /// \param y other's public key 166 /// \param x private key 167 /// \details crypto_box_open() uses crypto_box_curve25519xsalsa20poly1305 168 /// \return 0 on success, non-0 otherwise 169 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A> 170 /// \since Crypto++ 6.0 171 int crypto_box_open(byte *m,const byte *c,word64 d,const byte *n,const byte *y,const byte *x); 172 173 /// \brief Generate a keypair for encryption 174 /// \param y public key byte buffer 175 /// \param x private key byte buffer 176 /// \return 0 on success, non-0 otherwise 177 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A> 178 /// \since Crypto++ 6.0 179 int crypto_box_keypair(byte *y,byte *x); 180 181 /// \brief Encrypt and authenticate a message 182 /// \param k shared secret byte buffer 183 /// \param y other's public key 184 /// \param x private key 185 /// \details crypto_box_beforenm() performs message-independent precomputation to derive the key. 186 /// Once the key is derived multiple calls to crypto_box_afternm() can be made to process the message. 187 /// \return 0 on success, non-0 otherwise 188 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A> 189 /// \since Crypto++ 6.0 190 int crypto_box_beforenm(byte *k,const byte *y,const byte *x); 191 192 /// \brief Encrypt and authenticate a message 193 /// \param m output byte buffer 194 /// \param c input byte buffer 195 /// \param d size of the input byte buffer 196 /// \param n nonce byte buffer 197 /// \param k shared secret byte buffer 198 /// \details crypto_box_afternm() performs message-dependent computation using the derived the key. 199 /// Once the key is derived using crypto_box_beforenm() multiple calls to crypto_box_afternm() 200 /// can be made to process the message. 201 /// \return 0 on success, non-0 otherwise 202 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A> 203 /// \since Crypto++ 6.0 204 int crypto_box_afternm(byte *c,const byte *m,word64 d,const byte *n,const byte *k); 205 206 /// \brief Verify and decrypt a message 207 /// \param m output byte buffer 208 /// \param c input byte buffer 209 /// \param d size of the input byte buffer 210 /// \param n nonce byte buffer 211 /// \param k shared secret byte buffer 212 /// \details crypto_box_afternm() performs message-dependent computation using the derived the key. 213 /// Once the key is derived using crypto_box_beforenm() multiple calls to crypto_box_open_afternm() 214 /// can be made to process the message. 215 /// \return 0 on success, non-0 otherwise 216 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A> 217 /// \since Crypto++ 6.0 218 int crypto_box_open_afternm(byte *m,const byte *c,word64 d,const byte *n,const byte *k); 219 220 /// \brief Encrypt and authenticate a message 221 /// \param c output byte buffer 222 /// \param m input byte buffer 223 /// \param d size of the input byte buffer 224 /// \param n nonce byte buffer 225 /// \param y other's public key 226 /// \param x private key 227 /// \details crypto_box() uses crypto_box_curve25519xsalsa20poly1305. 228 /// \details This version of crypto_box() does not check for small order elements. It can be unsafe 229 /// but it exists for backwards compatibility with downlevel clients. Without the compatibility 230 /// interop with early versions of NaCl, libsodium and other libraries does not exist. The 231 /// downlevel interop may also be needed of cryptocurrencies like Bitcoin, Ethereum, Monero 232 /// and Zcash. 233 /// \return 0 on success, non-0 otherwise 234 /// \warning This version of crypto_box() does not check for small order elements. It should not 235 /// be used in new software. 236 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>, 237 /// <A HREF="https://eprint.iacr.org/2017/806.pdf">May the Fourth Be With You: A Microarchitectural 238 /// Side Channel Attack on Several Real-World Applications of Curve25519</A>, 239 /// <A HREF="https://github.com/jedisct1/libsodium/commit/afabd7e7386e1194">libsodium commit 240 /// afabd7e7386e1194</A>. 241 /// \since Crypto++ 6.0 242 int crypto_box_unchecked(byte *c,const byte *m,word64 d,const byte *n,const byte *y,const byte *x); 243 244 /// \brief Verify and decrypt a message 245 /// \param m output byte buffer 246 /// \param c input byte buffer 247 /// \param d size of the input byte buffer 248 /// \param n nonce byte buffer 249 /// \param y other's public key 250 /// \param x private key 251 /// \details crypto_box_open() uses crypto_box_curve25519xsalsa20poly1305. 252 /// \details This version of crypto_box_open() does not check for small order elements. It can be unsafe 253 /// but it exists for backwards compatibility with downlevel clients. Without the compatibility 254 /// interop with early versions of NaCl, libsodium and other libraries does not exist. The 255 /// downlevel interop may also be needed of cryptocurrencies like Bitcoin, Ethereum, Monero 256 /// and Zcash. 257 /// \return 0 on success, non-0 otherwise 258 /// \warning This version of crypto_box_open() does not check for small order elements. It should not 259 /// be used in new software. 260 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>, 261 /// <A HREF="https://eprint.iacr.org/2017/806.pdf">May the Fourth Be With You: A Microarchitectural 262 /// Side Channel Attack on Several Real-World Applications of Curve25519</A>, 263 /// <A HREF="https://github.com/jedisct1/libsodium/commit/afabd7e7386e1194">libsodium commit 264 /// afabd7e7386e1194</A>. 265 /// \since Crypto++ 6.0 266 int crypto_box_open_unchecked(byte *m,const byte *c,word64 d,const byte *n,const byte *y,const byte *x); 267 268 /// \brief Encrypt and authenticate a message 269 /// \param k shared secret byte buffer 270 /// \param y other's public key 271 /// \param x private key 272 /// \details crypto_box_beforenm() performs message-independent precomputation to derive the key. 273 /// Once the key is derived multiple calls to crypto_box_afternm() can be made to process the message. 274 /// \details This version of crypto_box_beforenm() does not check for small order elements. It can be unsafe 275 /// but it exists for backwards compatibility with downlevel clients. Without the compatibility 276 /// interop with early versions of NaCl, libsodium and other libraries does not exist. The 277 /// downlevel interop may also be needed of cryptocurrencies like Bitcoin, Ethereum, Monero 278 /// and Zcash. 279 /// \return 0 on success, non-0 otherwise 280 /// \warning This version of crypto_box_beforenm() does not check for small order elements. It should not 281 /// be used in new software. 282 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>, 283 /// <A HREF="https://eprint.iacr.org/2017/806.pdf">May the Fourth Be With You: A Microarchitectural 284 /// Side Channel Attack on Several Real-World Applications of Curve25519</A>, 285 /// <A HREF="https://github.com/jedisct1/libsodium/commit/afabd7e7386e1194">libsodium commit 286 /// afabd7e7386e1194</A>. 287 /// \since Crypto++ 6.0 288 int crypto_box_beforenm_unchecked(byte *k,const byte *y,const byte *x); 289 290 /// \brief TODO 291 int crypto_core_salsa20(byte *out,const byte *in,const byte *k,const byte *c); 292 293 /// \brief TODO 294 /// \return 0 on success, non-0 otherwise 295 /// \since Crypto++ 6.0 296 int crypto_core_hsalsa20(byte *out,const byte *in,const byte *k,const byte *c); 297 298 /// \brief Hash multiple blocks 299 /// \details crypto_hashblocks() uses crypto_hashblocks_sha512. 300 /// \return 0 on success, non-0 otherwise 301 /// \sa <A HREF="https://nacl.cr.yp.to/hash.html">NaCl crypto_hash documentation</A> 302 /// \since Crypto++ 6.0 303 int crypto_hashblocks(byte *x,const byte *m,word64 n); 304 305 /// \brief Hash a message 306 /// \details crypto_hash() uses crypto_hash_sha512. 307 /// \return 0 on success, non-0 otherwise 308 /// \sa <A HREF="https://nacl.cr.yp.to/hash.html">NaCl crypto_hash documentation</A> 309 /// \since Crypto++ 6.0 310 int crypto_hash(byte *out,const byte *m,word64 n); 311 312 /// \brief Create an authentication tag for a message 313 /// \details crypto_onetimeauth() uses crypto_onetimeauth_poly1305. 314 /// \return 0 on success, non-0 otherwise 315 /// \sa <A HREF="https://nacl.cr.yp.to/onetimeauth.html">NaCl crypto_onetimeauth documentation</A> 316 /// \since Crypto++ 6.0 317 int crypto_onetimeauth(byte *out,const byte *m,word64 n,const byte *k); 318 319 /// \brief Verify an authentication tag on a message 320 /// \return 0 on success, non-0 otherwise 321 /// \sa <A HREF="https://nacl.cr.yp.to/onetimeauth.html">NaCl crypto_onetimeauth documentation</A> 322 /// \since Crypto++ 6.0 323 int crypto_onetimeauth_verify(const byte *h,const byte *m,word64 n,const byte *k); 324 325 /// \brief Scalar multiplication of a point 326 /// \details crypto_scalarmult() uses crypto_scalarmult_curve25519 327 /// \return 0 on success, non-0 otherwise 328 /// \sa <A HREF="https://nacl.cr.yp.to/scalarmult.html">NaCl crypto_scalarmult documentation</A> 329 /// \since Crypto++ 6.0 330 int crypto_scalarmult(byte *q,const byte *n,const byte *p); 331 332 /// \brief Scalar multiplication of base point 333 /// \details crypto_scalarmult_base() uses crypto_scalarmult_curve25519 334 /// \return 0 on success, non-0 otherwise 335 /// \sa <A HREF="https://nacl.cr.yp.to/scalarmult.html">NaCl crypto_scalarmult documentation</A> 336 /// \since Crypto++ 6.0 337 int crypto_scalarmult_base(byte *q,const byte *n); 338 339 /// \brief Encrypt and authenticate a message 340 /// \details crypto_secretbox() uses a symmetric key to encrypt and authenticate a message. 341 /// \return 0 on success, non-0 otherwise 342 /// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A> 343 /// \since Crypto++ 6.0 344 int crypto_secretbox(byte *c,const byte *m,word64 d,const byte *n,const byte *k); 345 346 /// \brief Verify and decrypt a message 347 /// \return 0 on success, non-0 otherwise 348 /// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A> 349 /// \since Crypto++ 6.0 350 int crypto_secretbox_open(byte *m,const byte *c,word64 d,const byte *n,const byte *k); 351 352 /// \brief Sign a message 353 /// \param sm output byte buffer 354 /// \param smlen size of the output byte buffer 355 /// \param m input byte buffer 356 /// \param n size of the input byte buffer 357 /// \param sk private key 358 /// \details crypto_sign() uses crypto_sign_ed25519. 359 /// \return 0 on success, non-0 otherwise 360 /// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A> 361 /// \since Crypto++ 6.0 362 int crypto_sign(byte *sm,word64 *smlen,const byte *m,word64 n,const byte *sk); 363 364 /// \brief Verify a message 365 /// \param m output byte buffer 366 /// \param mlen size of the output byte buffer 367 /// \param sm input byte buffer 368 /// \param n size of the input byte buffer 369 /// \param pk public key 370 /// \return 0 on success, non-0 otherwise 371 /// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A> 372 /// \since Crypto++ 6.0 373 int crypto_sign_open(byte *m,word64 *mlen,const byte *sm,word64 n,const byte *pk); 374 375 /// \brief Generate a keypair for signing 376 /// \param pk public key byte buffer 377 /// \param sk private key byte buffer 378 /// \details crypto_sign_keypair() creates an ed25519 keypair. 379 /// \return 0 on success, non-0 otherwise 380 /// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A> 381 /// \since Crypto++ 6.0 382 int crypto_sign_keypair(byte *pk, byte *sk); 383 384 /// \brief Calculate a public key from a secret key 385 /// \param pk public key byte buffer 386 /// \param sk private key byte buffer 387 /// \details crypto_sign_sk2pk() creates an ed25519 public key from an existing 388 /// 32-byte secret key. The function does not backfill the tail bytes of the 389 /// secret key with the calculated public key. 390 /// \details crypto_sign_sk2pk() is not part of libsodium or Tweet API. It was 391 /// added for interop with some anonymous routing protocols. 392 /// \return 0 on success, non-0 otherwise 393 /// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A> 394 /// \since Crypto++ 8.0 395 int crypto_sign_sk2pk(byte *pk, const byte *sk); 396 397 /// \brief Produce a keystream using XSalsa20 398 /// \details crypto_stream() uses crypto_stream_xsalsa20 399 /// \return 0 on success, non-0 otherwise 400 /// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A> 401 /// \since Crypto++ 6.0 402 int crypto_stream(byte *c,word64 d,const byte *n,const byte *k); 403 404 /// \brief Encrypt a message using XSalsa20 405 /// \return 0 on success, non-0 otherwise 406 /// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A> 407 /// \since Crypto++ 6.0 408 int crypto_stream_xor(byte *c,const byte *m,word64 d,const byte *n,const byte *k); 409 410 /// \brief Produce a keystream using Salsa20 411 /// \return 0 on success, non-0 otherwise 412 /// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A> 413 /// \since Crypto++ 6.0 414 int crypto_stream_salsa20(byte *c,word64 d,const byte *n,const byte *k); 415 416 /// \brief Encrypt a message using Salsa20 417 /// \return 0 on success, non-0 otherwise 418 /// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A> 419 /// \since Crypto++ 6.0 420 int crypto_stream_salsa20_xor(byte *c,const byte *m,word64 b,const byte *n,const byte *k); 421 422 /// \brief Compare 16-byte buffers 423 /// \return 0 on success, non-0 otherwise 424 /// \sa <A HREF="https://nacl.cr.yp.to/verify.html">NaCl crypto_verify documentation</A> 425 /// \since Crypto++ 6.0 426 int crypto_verify_16(const byte *x,const byte *y); 427 428 /// \brief Compare 32-byte buffers 429 /// \return 0 on success, non-0 otherwise 430 /// \sa <A HREF="https://nacl.cr.yp.to/verify.html">NaCl crypto_verify documentation</A> 431 /// \since Crypto++ 6.0 432 int crypto_verify_32(const byte *x,const byte *y); 433 434 NAMESPACE_END // CryptoPP 435 NAMESPACE_END // NaCl 436 437 #endif // CRYPTOPP_DISABLE_NACL 438 #endif // CRYPTOPP_NACL_H 439