diff --git a/.gitignore b/.gitignore
index e539f082..b0508a50 100644
--- a/.gitignore
+++ b/.gitignore
@@ -113,6 +113,7 @@ test/default/hash
test/default/hash3
test/default/kdf
test/default/keygen
+test/default/kx
test/default/onetimeauth
test/default/onetimeauth2
test/default/onetimeauth7
diff --git a/ChangeLog b/ChangeLog
index 286aeeb6..995547d9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -25,6 +25,7 @@ from being partially initialized.
- A new `randombytes_buf_deterministic()` function was added to
deterministically fill a memory region with pseudorandom data. This
function can especially be useful to write reproducible tests.
+ - A priminary `crypto_kx_*()` API was added to compute shared session keys.
- AVX2 detection is more reliable.
- The pthreads library is not required any more when using MingW.
- `contrib/Findsodium.cmake` was added as an example to include
diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj b/builds/msvc/vs2010/libsodium/libsodium.vcxproj
index f4f9a0a9..460b2bb3 100644
--- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj
+++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj
@@ -109,6 +109,7 @@
+
@@ -265,6 +266,7 @@
+
diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters
index 63b37dd9..e502d441 100644
--- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters
+++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters
@@ -117,6 +117,9 @@
crypto_kdf\blake2b
+
+ crypto_kx
+
crypto_onetimeauth
@@ -581,6 +584,9 @@
include\sodium
+
+ include\sodium
+
include\sodium
@@ -802,6 +808,9 @@
{3d42d2a2-b192-33dd-9162-508916414707}
+
+ {898b6bd5-1360-3a34-adcd-0fade7561685}
+
{323c0a15-3c1d-39b2-9ec1-299deb299497}
diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj b/builds/msvc/vs2012/libsodium/libsodium.vcxproj
index 172ae2f4..977f0c68 100644
--- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj
+++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj
@@ -109,6 +109,7 @@
+
@@ -265,6 +266,7 @@
+
diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters
index 63b37dd9..e502d441 100644
--- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters
+++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters
@@ -117,6 +117,9 @@
crypto_kdf\blake2b
+
+ crypto_kx
+
crypto_onetimeauth
@@ -581,6 +584,9 @@
include\sodium
+
+ include\sodium
+
include\sodium
@@ -802,6 +808,9 @@
{3d42d2a2-b192-33dd-9162-508916414707}
+
+ {898b6bd5-1360-3a34-adcd-0fade7561685}
+
{323c0a15-3c1d-39b2-9ec1-299deb299497}
diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj b/builds/msvc/vs2013/libsodium/libsodium.vcxproj
index 45b3701e..0296bfaa 100644
--- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj
+++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj
@@ -109,6 +109,7 @@
+
@@ -265,6 +266,7 @@
+
diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters
index 63b37dd9..e502d441 100644
--- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters
+++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters
@@ -117,6 +117,9 @@
crypto_kdf\blake2b
+
+ crypto_kx
+
crypto_onetimeauth
@@ -581,6 +584,9 @@
include\sodium
+
+ include\sodium
+
include\sodium
@@ -802,6 +808,9 @@
{3d42d2a2-b192-33dd-9162-508916414707}
+
+ {898b6bd5-1360-3a34-adcd-0fade7561685}
+
{323c0a15-3c1d-39b2-9ec1-299deb299497}
diff --git a/builds/msvc/vs2015/libsodium/libsodium.vcxproj b/builds/msvc/vs2015/libsodium/libsodium.vcxproj
index d038ee7d..df56f3c9 100644
--- a/builds/msvc/vs2015/libsodium/libsodium.vcxproj
+++ b/builds/msvc/vs2015/libsodium/libsodium.vcxproj
@@ -109,6 +109,7 @@
+
@@ -265,6 +266,7 @@
+
diff --git a/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters
index 63b37dd9..e502d441 100644
--- a/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters
+++ b/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters
@@ -117,6 +117,9 @@
crypto_kdf\blake2b
+
+ crypto_kx
+
crypto_onetimeauth
@@ -581,6 +584,9 @@
include\sodium
+
+ include\sodium
+
include\sodium
@@ -802,6 +808,9 @@
{3d42d2a2-b192-33dd-9162-508916414707}
+
+ {898b6bd5-1360-3a34-adcd-0fade7561685}
+
{323c0a15-3c1d-39b2-9ec1-299deb299497}
diff --git a/builds/msvc/vs2017/libsodium/libsodium.vcxproj b/builds/msvc/vs2017/libsodium/libsodium.vcxproj
index 4c7d9946..35129b42 100644
--- a/builds/msvc/vs2017/libsodium/libsodium.vcxproj
+++ b/builds/msvc/vs2017/libsodium/libsodium.vcxproj
@@ -109,6 +109,7 @@
+
@@ -265,6 +266,7 @@
+
diff --git a/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters
index 63b37dd9..e502d441 100644
--- a/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters
+++ b/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters
@@ -117,6 +117,9 @@
crypto_kdf\blake2b
+
+ crypto_kx
+
crypto_onetimeauth
@@ -581,6 +584,9 @@
include\sodium
+
+ include\sodium
+
include\sodium
@@ -802,6 +808,9 @@
{3d42d2a2-b192-33dd-9162-508916414707}
+
+ {898b6bd5-1360-3a34-adcd-0fade7561685}
+
{323c0a15-3c1d-39b2-9ec1-299deb299497}
diff --git a/dist-build/emscripten-symbols.def b/dist-build/emscripten-symbols.def
index ac6ed9b9..247d2b75 100644
--- a/dist-build/emscripten-symbols.def
+++ b/dist-build/emscripten-symbols.def
@@ -58,10 +58,10 @@ _crypto_auth_hmacsha512256_bytes 0 1
_crypto_auth_hmacsha512256_final 0 1
_crypto_auth_hmacsha512256_init 0 1
_crypto_auth_hmacsha512256_keybytes 0 1
+_crypto_auth_hmacsha512256_keygen 0 1
_crypto_auth_hmacsha512256_statebytes 0 1
_crypto_auth_hmacsha512256_update 0 1
_crypto_auth_hmacsha512256_verify 0 1
-_crypto_auth_hmacsha512256_keygen 0 1
_crypto_auth_hmacsha512_bytes 0 1
_crypto_auth_hmacsha512_final 0 1
_crypto_auth_hmacsha512_init 0 1
@@ -169,12 +169,12 @@ _crypto_generichash_blake2b_init_salt_personal 0 1
_crypto_generichash_blake2b_keybytes 0 1
_crypto_generichash_blake2b_keybytes_max 0 1
_crypto_generichash_blake2b_keybytes_min 0 1
+_crypto_generichash_blake2b_keygen 0 1
_crypto_generichash_blake2b_personalbytes 0 1
_crypto_generichash_blake2b_salt_personal 0 1
_crypto_generichash_blake2b_saltbytes 0 1
_crypto_generichash_blake2b_statebytes 0 1
_crypto_generichash_blake2b_update 0 1
-_crypto_generichash_blake2b_keygen 0 1
_crypto_generichash_bytes 1 1
_crypto_generichash_bytes_max 1 1
_crypto_generichash_bytes_min 1 1
@@ -214,6 +214,15 @@ _crypto_kdf_derive_from_key 1 1
_crypto_kdf_keybytes 1 1
_crypto_kdf_keygen 1 1
_crypto_kdf_primitive 0 1
+_crypto_kx_client_session_keys 1 1
+_crypto_kx_keypair 1 1
+_crypto_kx_primitive 0 1
+_crypto_kx_publickeybytes 1 1
+_crypto_kx_secretkeybytes 1 1
+_crypto_kx_seed_keypair 1 1
+_crypto_kx_seedbytes 1 1
+_crypto_kx_server_session_keys 1 1
+_crypto_kx_sessionkeybytes 1 1
_crypto_onetimeauth 0 1
_crypto_onetimeauth_bytes 0 1
_crypto_onetimeauth_final 0 1
@@ -225,10 +234,10 @@ _crypto_onetimeauth_poly1305_bytes 0 1
_crypto_onetimeauth_poly1305_final 0 1
_crypto_onetimeauth_poly1305_init 0 1
_crypto_onetimeauth_poly1305_keybytes 0 1
-_crypto_onetimeauth_poly1305_update 0 1
-_crypto_onetimeauth_poly1305_verify 0 1
_crypto_onetimeauth_poly1305_keygen 0 1
_crypto_onetimeauth_poly1305_statebytes 0 1
+_crypto_onetimeauth_poly1305_update 0 1
+_crypto_onetimeauth_poly1305_verify 0 1
_crypto_onetimeauth_primitive 0 1
_crypto_onetimeauth_statebytes 0 1
_crypto_onetimeauth_update 0 1
@@ -393,11 +402,11 @@ _crypto_stream_aes128ctr_xor 0 1
_crypto_stream_aes128ctr_xor_afternm 0 1
_crypto_stream_chacha20 0 1
_crypto_stream_chacha20_ietf 0 1
+_crypto_stream_chacha20_ietf_keybytes 0 1
+_crypto_stream_chacha20_ietf_keygen 0 1
_crypto_stream_chacha20_ietf_noncebytes 0 1
_crypto_stream_chacha20_ietf_xor 0 1
_crypto_stream_chacha20_ietf_xor_ic 0 1
-_crypto_stream_chacha20_ietf_keybytes 0 1
-_crypto_stream_chacha20_ietf_keygen 0 1
_crypto_stream_chacha20_keybytes 0 1
_crypto_stream_chacha20_keygen 0 1
_crypto_stream_chacha20_noncebytes 0 1
diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh
index 0587deb9..68bc1523 100755
--- a/dist-build/emscripten.sh
+++ b/dist-build/emscripten.sh
@@ -1,8 +1,8 @@
#! /bin/sh
export MAKE_FLAGS='-j4'
-export EXPORTED_FUNCTIONS_STANDARD='["_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_verify","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_generichash","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_scalarbytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream_keygen","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_version_string"]'
-export EXPORTED_FUNCTIONS_SUMO='["_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_aes128ctr","_crypto_stream_aes128ctr_afternm","_crypto_stream_aes128ctr_beforenm","_crypto_stream_aes128ctr_beforenmbytes","_crypto_stream_aes128ctr_keybytes","_crypto_stream_aes128ctr_noncebytes","_crypto_stream_aes128ctr_xor","_crypto_stream_aes128ctr_xor_afternm","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_version_string"]'
+export EXPORTED_FUNCTIONS_STANDARD='["_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_verify","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_generichash","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_scalarbytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream_keygen","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_version_string"]'
+export EXPORTED_FUNCTIONS_SUMO='["_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_aes128ctr","_crypto_stream_aes128ctr_afternm","_crypto_stream_aes128ctr_beforenm","_crypto_stream_aes128ctr_beforenmbytes","_crypto_stream_aes128ctr_keybytes","_crypto_stream_aes128ctr_noncebytes","_crypto_stream_aes128ctr_xor","_crypto_stream_aes128ctr_xor_afternm","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_version_string"]'
export TOTAL_MEMORY=16777216
export TOTAL_MEMORY_SUMO=67108864
export LDFLAGS="-s RESERVED_FUNCTION_POINTERS=8"
diff --git a/libsodium.vcxproj b/libsodium.vcxproj
index 845df9d2..cd45bc11 100644
--- a/libsodium.vcxproj
+++ b/libsodium.vcxproj
@@ -347,6 +347,7 @@
+
@@ -503,6 +504,7 @@
+
diff --git a/libsodium.vcxproj.filters b/libsodium.vcxproj.filters
index fcfaa2db..2fed17c6 100644
--- a/libsodium.vcxproj.filters
+++ b/libsodium.vcxproj.filters
@@ -111,6 +111,9 @@
Source Files
+
+ Source Files
+
Source Files
@@ -575,6 +578,9 @@
Header Files
+
+ Header Files
+
Header Files
diff --git a/src/libsodium/Makefile.am b/src/libsodium/Makefile.am
index 87d2ed2c..7c92462b 100644
--- a/src/libsodium/Makefile.am
+++ b/src/libsodium/Makefile.am
@@ -35,6 +35,7 @@ libsodium_la_SOURCES = \
crypto_hash/sha512/cp/hash_sha512_cp.c \
crypto_kdf/blake2b/kdf_blake2b.c \
crypto_kdf/crypto_kdf.c \
+ crypto_kx/crypto_kx.c \
crypto_onetimeauth/crypto_onetimeauth.c \
crypto_onetimeauth/poly1305/onetimeauth_poly1305.c \
crypto_onetimeauth/poly1305/onetimeauth_poly1305.h \
diff --git a/src/libsodium/crypto_kx/crypto_kx.c b/src/libsodium/crypto_kx/crypto_kx.c
new file mode 100644
index 00000000..ef878d94
--- /dev/null
+++ b/src/libsodium/crypto_kx/crypto_kx.c
@@ -0,0 +1,136 @@
+
+#include
+
+#include "crypto_generichash.h"
+#include "crypto_kx.h"
+#include "crypto_scalarmult.h"
+#include "private/common.h"
+#include "randombytes.h"
+#include "utils.h"
+
+int
+crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+ unsigned char sk[crypto_kx_SECRETKEYBYTES],
+ const unsigned char seed[crypto_kx_SEEDBYTES])
+{
+ crypto_generichash(sk, crypto_kx_SECRETKEYBYTES,
+ seed, crypto_kx_SEEDBYTES, NULL, 0);
+ return crypto_scalarmult_base(pk, sk);
+}
+
+int
+crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+ unsigned char sk[crypto_kx_SECRETKEYBYTES])
+{
+ COMPILER_ASSERT(crypto_kx_SECRETKEYBYTES == crypto_scalarmult_SCALARBYTES);
+ COMPILER_ASSERT(crypto_kx_PUBLICKEYBYTES == crypto_scalarmult_BYTES);
+
+ randombytes_buf(sk, crypto_kx_SECRETKEYBYTES);
+ return crypto_scalarmult_base(pk, sk);
+}
+
+int
+crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+ unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+ const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES],
+ const unsigned char client_sk[crypto_kx_SECRETKEYBYTES],
+ const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES])
+{
+ crypto_generichash_state h;
+ unsigned char q[crypto_scalarmult_BYTES];
+ unsigned char keys[2 * crypto_kx_SESSIONKEYBYTES];
+ int i;
+
+ if (rx == NULL) {
+ rx = tx;
+ }
+ if (tx == NULL) {
+ tx = rx;
+ }
+ if (crypto_scalarmult(q, client_sk, server_pk) != 0) {
+ return -1;
+ }
+ COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX);
+ crypto_generichash_init(&h, NULL, 0U, sizeof keys);
+ crypto_generichash_update(&h, q, crypto_scalarmult_BYTES);
+ sodium_memzero(q, sizeof q);
+ crypto_generichash_update(&h, client_pk, crypto_kx_PUBLICKEYBYTES);
+ crypto_generichash_update(&h, server_pk, crypto_kx_PUBLICKEYBYTES);
+ crypto_generichash_final(&h, keys, sizeof keys);
+ sodium_memzero(&h, sizeof h);
+ for (i = 0; i < crypto_kx_SESSIONKEYBYTES; i++) {
+ rx[i] = keys[i];
+ tx[i] = keys[i + crypto_kx_SESSIONKEYBYTES];
+ }
+ sodium_memzero(keys, sizeof keys);
+
+ return 0;
+}
+
+int
+crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+ unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+ const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES],
+ const unsigned char server_sk[crypto_kx_SECRETKEYBYTES],
+ const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES])
+{
+ crypto_generichash_state h;
+ unsigned char q[crypto_scalarmult_BYTES];
+ unsigned char keys[2 * crypto_kx_SESSIONKEYBYTES];
+ int i;
+
+ if (rx == NULL) {
+ rx = tx;
+ }
+ if (tx == NULL) {
+ tx = rx;
+ }
+ if (crypto_scalarmult(q, server_sk, client_pk) != 0) {
+ return -1;
+ }
+ COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX);
+ crypto_generichash_init(&h, NULL, 0U, sizeof keys);
+ crypto_generichash_update(&h, q, crypto_scalarmult_BYTES);
+ sodium_memzero(q, sizeof q);
+ crypto_generichash_update(&h, client_pk, crypto_kx_PUBLICKEYBYTES);
+ crypto_generichash_update(&h, server_pk, crypto_kx_PUBLICKEYBYTES);
+ crypto_generichash_final(&h, keys, sizeof keys);
+ sodium_memzero(&h, sizeof h);
+ for (i = 0; i < crypto_kx_SESSIONKEYBYTES; i++) {
+ tx[i] = keys[i];
+ rx[i] = keys[i + crypto_kx_SESSIONKEYBYTES];
+ }
+ sodium_memzero(keys, sizeof keys);
+
+ return 0;
+}
+
+size_t
+crypto_kx_publickeybytes(void)
+{
+ return crypto_kx_PUBLICKEYBYTES;
+}
+
+size_t
+crypto_kx_secretkeybytes(void)
+{
+ return crypto_kx_SECRETKEYBYTES;
+}
+
+size_t
+crypto_kx_seedbytes(void)
+{
+ return crypto_kx_SEEDBYTES;
+}
+
+size_t
+crypto_kx_sessionkeybytes(void)
+{
+ return crypto_kx_SESSIONKEYBYTES;
+}
+
+const char *
+crypto_kx_primitive(void)
+{
+ return crypto_kx_PRIMITIVE;
+}
diff --git a/src/libsodium/include/Makefile.am b/src/libsodium/include/Makefile.am
index 66101afd..e45cc819 100644
--- a/src/libsodium/include/Makefile.am
+++ b/src/libsodium/include/Makefile.am
@@ -24,6 +24,7 @@ SODIUM_EXPORT = \
sodium/crypto_hash_sha512.h \
sodium/crypto_kdf.h \
sodium/crypto_kdf_blake2b.h \
+ sodium/crypto_kx.h \
sodium/crypto_onetimeauth.h \
sodium/crypto_onetimeauth_poly1305.h \
sodium/crypto_pwhash.h \
diff --git a/src/libsodium/include/sodium.h b/src/libsodium/include/sodium.h
index 043e0c3f..d0bb25c8 100644
--- a/src/libsodium/include/sodium.h
+++ b/src/libsodium/include/sodium.h
@@ -26,6 +26,7 @@
#include "sodium/crypto_hash_sha512.h"
#include "sodium/crypto_kdf.h"
#include "sodium/crypto_kdf_blake2b.h"
+#include "sodium/crypto_kx.h"
#include "sodium/crypto_onetimeauth.h"
#include "sodium/crypto_onetimeauth_poly1305.h"
#include "sodium/crypto_pwhash.h"
diff --git a/src/libsodium/include/sodium/crypto_kx.h b/src/libsodium/include/sodium/crypto_kx.h
new file mode 100644
index 00000000..d1fce90d
--- /dev/null
+++ b/src/libsodium/include/sodium/crypto_kx.h
@@ -0,0 +1,64 @@
+#ifndef crypto_kx_H
+#define crypto_kx_H
+
+#include
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kx_PUBLICKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_publickeybytes(void);
+
+#define crypto_kx_SECRETKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_secretkeybytes(void);
+
+#define crypto_kx_SEEDBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_seedbytes(void);
+
+#define crypto_kx_SESSIONKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_sessionkeybytes(void);
+
+#define crypto_kx_PRIMITIVE "x25519blake2b"
+SODIUM_EXPORT
+const char *crypto_kx_primitive(void);
+
+SODIUM_EXPORT
+int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+ unsigned char sk[crypto_kx_SECRETKEYBYTES],
+ const unsigned char seed[crypto_kx_SEEDBYTES]);
+
+SODIUM_EXPORT
+int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+ unsigned char sk[crypto_kx_SECRETKEYBYTES]);
+
+SODIUM_EXPORT
+int crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+ unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+ const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES],
+ const unsigned char client_sk[crypto_kx_SECRETKEYBYTES],
+ const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES])
+ __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+ unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+ const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES],
+ const unsigned char server_sk[crypto_kx_SECRETKEYBYTES],
+ const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES])
+ __attribute__ ((warn_unused_result));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/test/default/Makefile.am b/test/default/Makefile.am
index 577635ab..2d505fca 100644
--- a/test/default/Makefile.am
+++ b/test/default/Makefile.am
@@ -36,6 +36,7 @@ EXTRA_DIST = \
hash3.exp \
kdf.exp \
keygen.exp \
+ kx.exp \
onetimeauth.exp \
onetimeauth2.exp \
onetimeauth7.exp \
@@ -103,6 +104,7 @@ DISTCLEANFILES = \
hash3.res \
kdf.res \
keygen.res \
+ kx.res \
onetimeauth.res \
onetimeauth2.res \
onetimeauth7.res \
@@ -171,6 +173,7 @@ CLEANFILES = \
hash3.final \
kdf.final \
keygen.final \
+ kx.final \
onetimeauth.final \
onetimeauth2.final \
onetimeauth7.final \
@@ -234,6 +237,7 @@ CLEANFILES = \
hash3.nexe \
kdf.nexe \
keygen.nexe \
+ kx.nexe \
onetimeauth.nexe \
onetimeauth2.nexe \
onetimeauth7.nexe \
@@ -309,6 +313,7 @@ TESTS_TARGETS = \
hash3 \
kdf \
keygen \
+ kx \
onetimeauth \
onetimeauth2 \
onetimeauth7 \
@@ -449,6 +454,9 @@ kdf_LDADD = $(TESTS_LDADD)
keygen_SOURCE = cmptest.h keygen.c
keygen_LDADD = $(TESTS_LDADD)
+kx_SOURCE = cmptest.h kx.c
+kx_LDADD = $(TESTS_LDADD)
+
onetimeauth_SOURCE = cmptest.h onetimeauth.c
onetimeauth_LDADD = $(TESTS_LDADD)
diff --git a/test/default/kx.c b/test/default/kx.c
new file mode 100644
index 00000000..dcc247f5
--- /dev/null
+++ b/test/default/kx.c
@@ -0,0 +1,119 @@
+
+#define TEST_NAME "kx"
+#include "cmptest.h"
+
+static void
+tv_kx(void)
+{
+ unsigned char *seed;
+ unsigned char *client_pk, *client_sk;
+ unsigned char *client_rx, *client_tx;
+ unsigned char *server_pk, *server_sk;
+ unsigned char *server_rx, *server_tx;
+ char hex[65];
+ int i;
+
+ seed = (unsigned char *) sodium_malloc(crypto_kx_SEEDBYTES);
+ for (i = 0; i < crypto_kx_SEEDBYTES; i++) {
+ seed[i] = (unsigned char) i;
+ }
+ client_pk = (unsigned char *) sodium_malloc(crypto_kx_PUBLICKEYBYTES);
+ client_sk = (unsigned char *) sodium_malloc(crypto_kx_SECRETKEYBYTES);
+ crypto_kx_seed_keypair(client_pk, client_sk, seed);
+
+ sodium_bin2hex(hex, sizeof hex, client_pk, crypto_kx_PUBLICKEYBYTES);
+ printf("client_pk: [%s]\n", hex);
+ sodium_bin2hex(hex, sizeof hex, client_sk, crypto_kx_SECRETKEYBYTES);
+ printf("client_sk: [%s]\n", hex);
+
+ server_pk = (unsigned char *) sodium_malloc(crypto_kx_PUBLICKEYBYTES);
+ server_sk = (unsigned char *) sodium_malloc(crypto_kx_SECRETKEYBYTES);
+ crypto_kx_keypair(server_pk, server_sk);
+
+ client_rx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
+ client_tx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
+
+ if (crypto_kx_client_session_keys(client_rx, client_tx,
+ client_pk, client_sk, server_pk) != 0) {
+ printf("crypto_kx_client_session_keys() failed\n");
+ }
+
+ server_rx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
+ server_tx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
+
+ if (crypto_kx_server_session_keys(server_rx, server_tx,
+ server_pk, server_sk, client_pk) != 0) {
+ printf("crypto_kx_server_session_keys() failed\n");
+ }
+ if (memcmp(server_rx, client_tx, crypto_kx_SESSIONKEYBYTES) != 0 ||
+ memcmp(server_tx, client_rx, crypto_kx_SESSIONKEYBYTES) != 0) {
+ printf("client session keys != server session keys\n");
+ }
+
+ sodium_increment(client_pk, crypto_kx_PUBLICKEYBYTES);
+ if (crypto_kx_server_session_keys(server_rx, server_tx,
+ server_pk, server_sk, client_pk) != 0) {
+ printf("crypto_kx_server_session_keys() failed\n");
+ }
+ if (memcmp(server_rx, client_tx, crypto_kx_SESSIONKEYBYTES) == 0 &&
+ memcmp(server_tx, client_rx, crypto_kx_SESSIONKEYBYTES) == 0) {
+ printf("peer's public key is ignored\n");
+ }
+
+ crypto_kx_keypair(client_pk, client_sk);
+ if (crypto_kx_server_session_keys(server_rx, server_tx,
+ server_pk, server_sk, client_pk) != 0) {
+ printf("crypto_kx_server_session_keys() failed\n");
+ }
+ if (memcmp(server_rx, client_tx, crypto_kx_SESSIONKEYBYTES) == 0 ||
+ memcmp(server_tx, client_rx, crypto_kx_SESSIONKEYBYTES) == 0) {
+ printf("session keys are constant\n");
+ }
+
+ crypto_kx_seed_keypair(client_pk, client_sk, seed);
+ sodium_increment(seed, crypto_kx_SEEDBYTES);
+ crypto_kx_seed_keypair(server_pk, server_sk, seed);
+ if (crypto_kx_server_session_keys(server_rx, server_tx,
+ server_pk, server_sk, client_pk) != 0) {
+ printf("crypto_kx_server_session_keys() failed\n");
+ }
+ sodium_bin2hex(hex, sizeof hex, server_rx, crypto_kx_SESSIONKEYBYTES);
+ printf("server_rx: [%s]\n", hex);
+ sodium_bin2hex(hex, sizeof hex, server_tx, crypto_kx_SESSIONKEYBYTES);
+ printf("server_tx: [%s]\n", hex);
+
+ if (crypto_kx_client_session_keys(client_rx, client_tx,
+ client_pk, client_sk, server_pk) != 0) {
+ printf("crypto_kx_client_session_keys() failed\n");
+ }
+ sodium_bin2hex(hex, sizeof hex, client_rx, crypto_kx_SESSIONKEYBYTES);
+ printf("client_rx: [%s]\n", hex);
+ sodium_bin2hex(hex, sizeof hex, client_tx, crypto_kx_SESSIONKEYBYTES);
+ printf("client_tx: [%s]\n", hex);
+
+ sodium_free(client_rx);
+ sodium_free(client_tx);
+ sodium_free(server_rx);
+ sodium_free(server_tx);
+ sodium_free(server_sk);
+ sodium_free(server_pk);
+ sodium_free(client_sk);
+ sodium_free(client_pk);
+ sodium_free(seed);
+
+ assert(strcmp(crypto_kx_primitive(), crypto_kx_PRIMITIVE) == 0);
+ assert(crypto_kx_publickeybytes() == crypto_kx_PUBLICKEYBYTES);
+ assert(crypto_kx_secretkeybytes() == crypto_kx_SECRETKEYBYTES);
+ assert(crypto_kx_seedbytes() == crypto_kx_SEEDBYTES);
+ assert(crypto_kx_sessionkeybytes() == crypto_kx_SESSIONKEYBYTES);
+
+ printf("tv_kx: ok\n");
+}
+
+int
+main(void)
+{
+ tv_kx();
+
+ return 0;
+}
diff --git a/test/default/kx.exp b/test/default/kx.exp
new file mode 100644
index 00000000..b9db6d52
--- /dev/null
+++ b/test/default/kx.exp
@@ -0,0 +1,7 @@
+client_pk: [0e0216223f147143d32615a91189c288c1728cba3cc5f9f621b1026e03d83129]
+client_sk: [cb2f5160fc1f7e05a55ef49d340b48da2e5a78099d53393351cd579dd42503d6]
+server_rx: [62c8f4fa81800abd0577d99918d129b65deb789af8c8351f391feb0cbf238604]
+server_tx: [749519c68059bce69f7cfcc7b387a3de1a1e8237d110991323bf62870115731a]
+client_rx: [749519c68059bce69f7cfcc7b387a3de1a1e8237d110991323bf62870115731a]
+client_tx: [62c8f4fa81800abd0577d99918d129b65deb789af8c8351f391feb0cbf238604]
+tv_kx: ok