+ crypto_kx_*() API

This doesn't include a full key exchange API yet.

.gitignore

@@ -113,6 +113,7 @@ test/default/hash
 test/default/hash3
 test/default/kdf
 test/default/keygen
+test/default/kx
 test/default/onetimeauth
 test/default/onetimeauth2
 test/default/onetimeauth7

ChangeLog

@@ -25,6 +25,7 @@ from being partially initialized.
  - A new `randombytes_buf_deterministic()` function was added to
 deterministically fill a memory region with pseudorandom data. This
 function can especially be useful to write reproducible tests.
+ - A priminary `crypto_kx_*()` API was added to compute shared session keys.
  - AVX2 detection is more reliable.
  - The pthreads library is not required any more when using MingW.
  - `contrib/Findsodium.cmake` was added as an example to include

builds/msvc/vs2010/libsodium/libsodium.vcxproj

@@ -109,6 +109,7 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_hash\sha512\cp\hash_sha512_cp.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_kdf\crypto_kdf.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_kdf\blake2b\kdf_blake2b.c" />
+    <ClCompile Include="..\..\..\..\src\libsodium\crypto_kx\crypto_kx.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\crypto_onetimeauth.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\poly1305\onetimeauth_poly1305.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\poly1305\donna\poly1305_donna.c" />
@@ -265,6 +266,7 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_int64.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kdf.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kdf_blake2b.h" />
+    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kx.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_onetimeauth.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_onetimeauth_poly1305.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_pwhash.h" />

builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters

@@ -117,6 +117,9 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_kdf\blake2b\kdf_blake2b.c">
       <Filter>crypto_kdf\blake2b</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\src\libsodium\crypto_kx\crypto_kx.c">
+      <Filter>crypto_kx</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\crypto_onetimeauth.c">
       <Filter>crypto_onetimeauth</Filter>
     </ClCompile>
@@ -581,6 +584,9 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kdf_blake2b.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
+    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kx.h">
+      <Filter>include\sodium</Filter>
+    </ClInclude>
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_onetimeauth.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
@@ -802,6 +808,9 @@
     <Filter Include="crypto_kdf\blake2b">
       <UniqueIdentifier>{3d42d2a2-b192-33dd-9162-508916414707}</UniqueIdentifier>
     </Filter>
+    <Filter Include="crypto_kx">
+      <UniqueIdentifier>{898b6bd5-1360-3a34-adcd-0fade7561685}</UniqueIdentifier>
+    </Filter>
     <Filter Include="crypto_onetimeauth">
       <UniqueIdentifier>{323c0a15-3c1d-39b2-9ec1-299deb299497}</UniqueIdentifier>
     </Filter>

builds/msvc/vs2012/libsodium/libsodium.vcxproj

@@ -109,6 +109,7 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_hash\sha512\cp\hash_sha512_cp.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_kdf\crypto_kdf.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_kdf\blake2b\kdf_blake2b.c" />
+    <ClCompile Include="..\..\..\..\src\libsodium\crypto_kx\crypto_kx.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\crypto_onetimeauth.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\poly1305\onetimeauth_poly1305.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\poly1305\donna\poly1305_donna.c" />
@@ -265,6 +266,7 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_int64.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kdf.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kdf_blake2b.h" />
+    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kx.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_onetimeauth.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_onetimeauth_poly1305.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_pwhash.h" />

builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters

@@ -117,6 +117,9 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_kdf\blake2b\kdf_blake2b.c">
       <Filter>crypto_kdf\blake2b</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\src\libsodium\crypto_kx\crypto_kx.c">
+      <Filter>crypto_kx</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\crypto_onetimeauth.c">
       <Filter>crypto_onetimeauth</Filter>
     </ClCompile>
@@ -581,6 +584,9 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kdf_blake2b.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
+    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kx.h">
+      <Filter>include\sodium</Filter>
+    </ClInclude>
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_onetimeauth.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
@@ -802,6 +808,9 @@
     <Filter Include="crypto_kdf\blake2b">
       <UniqueIdentifier>{3d42d2a2-b192-33dd-9162-508916414707}</UniqueIdentifier>
     </Filter>
+    <Filter Include="crypto_kx">
+      <UniqueIdentifier>{898b6bd5-1360-3a34-adcd-0fade7561685}</UniqueIdentifier>
+    </Filter>
     <Filter Include="crypto_onetimeauth">
       <UniqueIdentifier>{323c0a15-3c1d-39b2-9ec1-299deb299497}</UniqueIdentifier>
     </Filter>

builds/msvc/vs2013/libsodium/libsodium.vcxproj

@@ -109,6 +109,7 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_hash\sha512\cp\hash_sha512_cp.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_kdf\crypto_kdf.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_kdf\blake2b\kdf_blake2b.c" />
+    <ClCompile Include="..\..\..\..\src\libsodium\crypto_kx\crypto_kx.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\crypto_onetimeauth.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\poly1305\onetimeauth_poly1305.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\poly1305\donna\poly1305_donna.c" />
@@ -265,6 +266,7 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_int64.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kdf.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kdf_blake2b.h" />
+    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kx.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_onetimeauth.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_onetimeauth_poly1305.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_pwhash.h" />

builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters

@@ -117,6 +117,9 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_kdf\blake2b\kdf_blake2b.c">
       <Filter>crypto_kdf\blake2b</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\src\libsodium\crypto_kx\crypto_kx.c">
+      <Filter>crypto_kx</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\crypto_onetimeauth.c">
       <Filter>crypto_onetimeauth</Filter>
     </ClCompile>
@@ -581,6 +584,9 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kdf_blake2b.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
+    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kx.h">
+      <Filter>include\sodium</Filter>
+    </ClInclude>
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_onetimeauth.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
@@ -802,6 +808,9 @@
     <Filter Include="crypto_kdf\blake2b">
       <UniqueIdentifier>{3d42d2a2-b192-33dd-9162-508916414707}</UniqueIdentifier>
     </Filter>
+    <Filter Include="crypto_kx">
+      <UniqueIdentifier>{898b6bd5-1360-3a34-adcd-0fade7561685}</UniqueIdentifier>
+    </Filter>
     <Filter Include="crypto_onetimeauth">
       <UniqueIdentifier>{323c0a15-3c1d-39b2-9ec1-299deb299497}</UniqueIdentifier>
     </Filter>

builds/msvc/vs2015/libsodium/libsodium.vcxproj

@@ -109,6 +109,7 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_hash\sha512\cp\hash_sha512_cp.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_kdf\crypto_kdf.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_kdf\blake2b\kdf_blake2b.c" />
+    <ClCompile Include="..\..\..\..\src\libsodium\crypto_kx\crypto_kx.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\crypto_onetimeauth.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\poly1305\onetimeauth_poly1305.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\poly1305\donna\poly1305_donna.c" />
@@ -265,6 +266,7 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_int64.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kdf.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kdf_blake2b.h" />
+    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kx.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_onetimeauth.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_onetimeauth_poly1305.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_pwhash.h" />

builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters

@@ -117,6 +117,9 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_kdf\blake2b\kdf_blake2b.c">
       <Filter>crypto_kdf\blake2b</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\src\libsodium\crypto_kx\crypto_kx.c">
+      <Filter>crypto_kx</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\crypto_onetimeauth.c">
       <Filter>crypto_onetimeauth</Filter>
     </ClCompile>
@@ -581,6 +584,9 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kdf_blake2b.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
+    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kx.h">
+      <Filter>include\sodium</Filter>
+    </ClInclude>
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_onetimeauth.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
@@ -802,6 +808,9 @@
     <Filter Include="crypto_kdf\blake2b">
       <UniqueIdentifier>{3d42d2a2-b192-33dd-9162-508916414707}</UniqueIdentifier>
     </Filter>
+    <Filter Include="crypto_kx">
+      <UniqueIdentifier>{898b6bd5-1360-3a34-adcd-0fade7561685}</UniqueIdentifier>
+    </Filter>
     <Filter Include="crypto_onetimeauth">
       <UniqueIdentifier>{323c0a15-3c1d-39b2-9ec1-299deb299497}</UniqueIdentifier>
     </Filter>

builds/msvc/vs2017/libsodium/libsodium.vcxproj

@@ -109,6 +109,7 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_hash\sha512\cp\hash_sha512_cp.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_kdf\crypto_kdf.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_kdf\blake2b\kdf_blake2b.c" />
+    <ClCompile Include="..\..\..\..\src\libsodium\crypto_kx\crypto_kx.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\crypto_onetimeauth.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\poly1305\onetimeauth_poly1305.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\poly1305\donna\poly1305_donna.c" />
@@ -265,6 +266,7 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_int64.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kdf.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kdf_blake2b.h" />
+    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kx.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_onetimeauth.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_onetimeauth_poly1305.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_pwhash.h" />

builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters

@@ -117,6 +117,9 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_kdf\blake2b\kdf_blake2b.c">
       <Filter>crypto_kdf\blake2b</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\src\libsodium\crypto_kx\crypto_kx.c">
+      <Filter>crypto_kx</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_onetimeauth\crypto_onetimeauth.c">
       <Filter>crypto_onetimeauth</Filter>
     </ClCompile>
@@ -581,6 +584,9 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kdf_blake2b.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
+    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_kx.h">
+      <Filter>include\sodium</Filter>
+    </ClInclude>
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_onetimeauth.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
@@ -802,6 +808,9 @@
     <Filter Include="crypto_kdf\blake2b">
       <UniqueIdentifier>{3d42d2a2-b192-33dd-9162-508916414707}</UniqueIdentifier>
     </Filter>
+    <Filter Include="crypto_kx">
+      <UniqueIdentifier>{898b6bd5-1360-3a34-adcd-0fade7561685}</UniqueIdentifier>
+    </Filter>
     <Filter Include="crypto_onetimeauth">
       <UniqueIdentifier>{323c0a15-3c1d-39b2-9ec1-299deb299497}</UniqueIdentifier>
     </Filter>

dist-build/emscripten-symbols.def

@@ -58,10 +58,10 @@ _crypto_auth_hmacsha512256_bytes 0 1
 _crypto_auth_hmacsha512256_final 0 1
 _crypto_auth_hmacsha512256_init 0 1
 _crypto_auth_hmacsha512256_keybytes 0 1
+_crypto_auth_hmacsha512256_keygen 0 1
 _crypto_auth_hmacsha512256_statebytes 0 1
 _crypto_auth_hmacsha512256_update 0 1
 _crypto_auth_hmacsha512256_verify 0 1
-_crypto_auth_hmacsha512256_keygen 0 1
 _crypto_auth_hmacsha512_bytes 0 1
 _crypto_auth_hmacsha512_final 0 1
 _crypto_auth_hmacsha512_init 0 1
@@ -169,12 +169,12 @@ _crypto_generichash_blake2b_init_salt_personal 0 1
 _crypto_generichash_blake2b_keybytes 0 1
 _crypto_generichash_blake2b_keybytes_max 0 1
 _crypto_generichash_blake2b_keybytes_min 0 1
+_crypto_generichash_blake2b_keygen 0 1
 _crypto_generichash_blake2b_personalbytes 0 1
 _crypto_generichash_blake2b_salt_personal 0 1
 _crypto_generichash_blake2b_saltbytes 0 1
 _crypto_generichash_blake2b_statebytes 0 1
 _crypto_generichash_blake2b_update 0 1
-_crypto_generichash_blake2b_keygen 0 1
 _crypto_generichash_bytes 1 1
 _crypto_generichash_bytes_max 1 1
 _crypto_generichash_bytes_min 1 1
@@ -214,6 +214,15 @@ _crypto_kdf_derive_from_key 1 1
 _crypto_kdf_keybytes 1 1
 _crypto_kdf_keygen 1 1
 _crypto_kdf_primitive 0 1
+_crypto_kx_client_session_keys 1 1
+_crypto_kx_keypair 1 1
+_crypto_kx_primitive 0 1
+_crypto_kx_publickeybytes 1 1
+_crypto_kx_secretkeybytes 1 1
+_crypto_kx_seed_keypair 1 1
+_crypto_kx_seedbytes 1 1
+_crypto_kx_server_session_keys 1 1
+_crypto_kx_sessionkeybytes 1 1
 _crypto_onetimeauth 0 1
 _crypto_onetimeauth_bytes 0 1
 _crypto_onetimeauth_final 0 1
@@ -225,10 +234,10 @@ _crypto_onetimeauth_poly1305_bytes 0 1
 _crypto_onetimeauth_poly1305_final 0 1
 _crypto_onetimeauth_poly1305_init 0 1
 _crypto_onetimeauth_poly1305_keybytes 0 1
-_crypto_onetimeauth_poly1305_update 0 1
-_crypto_onetimeauth_poly1305_verify 0 1
 _crypto_onetimeauth_poly1305_keygen 0 1
 _crypto_onetimeauth_poly1305_statebytes 0 1
+_crypto_onetimeauth_poly1305_update 0 1
+_crypto_onetimeauth_poly1305_verify 0 1
 _crypto_onetimeauth_primitive 0 1
 _crypto_onetimeauth_statebytes 0 1
 _crypto_onetimeauth_update 0 1
@@ -393,11 +402,11 @@ _crypto_stream_aes128ctr_xor 0 1
 _crypto_stream_aes128ctr_xor_afternm 0 1
 _crypto_stream_chacha20 0 1
 _crypto_stream_chacha20_ietf 0 1
+_crypto_stream_chacha20_ietf_keybytes 0 1
+_crypto_stream_chacha20_ietf_keygen 0 1
 _crypto_stream_chacha20_ietf_noncebytes 0 1
 _crypto_stream_chacha20_ietf_xor 0 1
 _crypto_stream_chacha20_ietf_xor_ic 0 1
-_crypto_stream_chacha20_ietf_keybytes 0 1
-_crypto_stream_chacha20_ietf_keygen 0 1
 _crypto_stream_chacha20_keybytes 0 1
 _crypto_stream_chacha20_keygen 0 1
 _crypto_stream_chacha20_noncebytes 0 1

libsodium.vcxproj

@@ -347,6 +347,7 @@
     <ClCompile Include="src\libsodium\crypto_hash\sha512\cp\hash_sha512_cp.c" />
     <ClCompile Include="src\libsodium\crypto_kdf\crypto_kdf.c" />
     <ClCompile Include="src\libsodium\crypto_kdf\blake2b\kdf_blake2b.c" />
+    <ClCompile Include="src\libsodium\crypto_kx\crypto_kx.c" />
     <ClCompile Include="src\libsodium\crypto_onetimeauth\crypto_onetimeauth.c" />
     <ClCompile Include="src\libsodium\crypto_onetimeauth\poly1305\onetimeauth_poly1305.c" />
     <ClCompile Include="src\libsodium\crypto_onetimeauth\poly1305\donna\poly1305_donna.c" />
@@ -503,6 +504,7 @@
     <ClInclude Include="src\libsodium\include\sodium\crypto_int64.h" />
     <ClInclude Include="src\libsodium\include\sodium\crypto_kdf.h" />
     <ClInclude Include="src\libsodium\include\sodium\crypto_kdf_blake2b.h" />
+    <ClInclude Include="src\libsodium\include\sodium\crypto_kx.h" />
     <ClInclude Include="src\libsodium\include\sodium\crypto_onetimeauth.h" />
     <ClInclude Include="src\libsodium\include\sodium\crypto_onetimeauth_poly1305.h" />
     <ClInclude Include="src\libsodium\include\sodium\crypto_pwhash.h" />

libsodium.vcxproj.filters

@@ -111,6 +111,9 @@
     <ClCompile Include="src\libsodium\crypto_kdf\blake2b\kdf_blake2b.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="src\libsodium\crypto_kx\crypto_kx.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
     <ClCompile Include="src\libsodium\crypto_onetimeauth\crypto_onetimeauth.c">
       <Filter>Source Files</Filter>
     </ClCompile>
@@ -575,6 +578,9 @@
     <ClInclude Include="src\libsodium\include\sodium\crypto_kdf_blake2b.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="src\libsodium\include\sodium\crypto_kx.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
     <ClInclude Include="src\libsodium\include\sodium\crypto_onetimeauth.h">
       <Filter>Header Files</Filter>
     </ClInclude>

src/libsodium/Makefile.am

@@ -35,6 +35,7 @@ libsodium_la_SOURCES = \
 	crypto_hash/sha512/cp/hash_sha512_cp.c \
 	crypto_kdf/blake2b/kdf_blake2b.c \
 	crypto_kdf/crypto_kdf.c \
+	crypto_kx/crypto_kx.c \
 	crypto_onetimeauth/crypto_onetimeauth.c \
 	crypto_onetimeauth/poly1305/onetimeauth_poly1305.c \
 	crypto_onetimeauth/poly1305/onetimeauth_poly1305.h \

src/libsodium/crypto_kx/crypto_kx.c

@@ -0,0 +1,136 @@
+
+#include <stddef.h>
+
+#include "crypto_generichash.h"
+#include "crypto_kx.h"
+#include "crypto_scalarmult.h"
+#include "private/common.h"
+#include "randombytes.h"
+#include "utils.h"
+
+int
+crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+                       unsigned char sk[crypto_kx_SECRETKEYBYTES],
+                       const unsigned char seed[crypto_kx_SEEDBYTES])
+{
+    crypto_generichash(sk, crypto_kx_SECRETKEYBYTES,
+                       seed, crypto_kx_SEEDBYTES, NULL, 0);
+    return crypto_scalarmult_base(pk, sk);
+}
+
+int
+crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+                  unsigned char sk[crypto_kx_SECRETKEYBYTES])
+{
+    COMPILER_ASSERT(crypto_kx_SECRETKEYBYTES == crypto_scalarmult_SCALARBYTES);
+    COMPILER_ASSERT(crypto_kx_PUBLICKEYBYTES == crypto_scalarmult_BYTES);
+
+    randombytes_buf(sk, crypto_kx_SECRETKEYBYTES);
+    return crypto_scalarmult_base(pk, sk);
+}
+
+int
+crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+                              unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+                              const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES],
+                              const unsigned char client_sk[crypto_kx_SECRETKEYBYTES],
+                              const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES])
+{
+    crypto_generichash_state h;
+    unsigned char            q[crypto_scalarmult_BYTES];
+    unsigned char            keys[2 * crypto_kx_SESSIONKEYBYTES];
+    int                      i;
+
+    if (rx == NULL) {
+        rx = tx;
+    }
+    if (tx == NULL) {
+        tx = rx;
+    }
+    if (crypto_scalarmult(q, client_sk, server_pk) != 0) {
+        return -1;
+    }
+    COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX);
+    crypto_generichash_init(&h, NULL, 0U, sizeof keys);
+    crypto_generichash_update(&h, q, crypto_scalarmult_BYTES);
+    sodium_memzero(q, sizeof q);
+    crypto_generichash_update(&h, client_pk, crypto_kx_PUBLICKEYBYTES);
+    crypto_generichash_update(&h, server_pk, crypto_kx_PUBLICKEYBYTES);
+    crypto_generichash_final(&h, keys, sizeof keys);
+    sodium_memzero(&h, sizeof h);
+    for (i = 0; i < crypto_kx_SESSIONKEYBYTES; i++) {
+        rx[i] = keys[i];
+        tx[i] = keys[i + crypto_kx_SESSIONKEYBYTES];
+    }
+    sodium_memzero(keys, sizeof keys);
+
+    return 0;
+}
+
+int
+crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+                              unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+                              const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES],
+                              const unsigned char server_sk[crypto_kx_SECRETKEYBYTES],
+                              const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES])
+{
+    crypto_generichash_state h;
+    unsigned char            q[crypto_scalarmult_BYTES];
+    unsigned char            keys[2 * crypto_kx_SESSIONKEYBYTES];
+    int                      i;
+
+    if (rx == NULL) {
+        rx = tx;
+    }
+    if (tx == NULL) {
+        tx = rx;
+    }
+    if (crypto_scalarmult(q, server_sk, client_pk) != 0) {
+        return -1;
+    }
+    COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX);
+    crypto_generichash_init(&h, NULL, 0U, sizeof keys);
+    crypto_generichash_update(&h, q, crypto_scalarmult_BYTES);
+    sodium_memzero(q, sizeof q);
+    crypto_generichash_update(&h, client_pk, crypto_kx_PUBLICKEYBYTES);
+    crypto_generichash_update(&h, server_pk, crypto_kx_PUBLICKEYBYTES);
+    crypto_generichash_final(&h, keys, sizeof keys);
+    sodium_memzero(&h, sizeof h);
+    for (i = 0; i < crypto_kx_SESSIONKEYBYTES; i++) {
+        tx[i] = keys[i];
+        rx[i] = keys[i + crypto_kx_SESSIONKEYBYTES];
+    }
+    sodium_memzero(keys, sizeof keys);
+
+    return 0;
+}
+
+size_t
+crypto_kx_publickeybytes(void)
+{
+    return crypto_kx_PUBLICKEYBYTES;
+}
+
+size_t
+crypto_kx_secretkeybytes(void)
+{
+    return crypto_kx_SECRETKEYBYTES;
+}
+
+size_t
+crypto_kx_seedbytes(void)
+{
+    return crypto_kx_SEEDBYTES;
+}
+
+size_t
+crypto_kx_sessionkeybytes(void)
+{
+    return crypto_kx_SESSIONKEYBYTES;
+}
+
+const char *
+crypto_kx_primitive(void)
+{
+    return crypto_kx_PRIMITIVE;
+}

src/libsodium/include/Makefile.am

@@ -24,6 +24,7 @@ SODIUM_EXPORT = \
 	sodium/crypto_hash_sha512.h \
 	sodium/crypto_kdf.h \
 	sodium/crypto_kdf_blake2b.h \
+	sodium/crypto_kx.h \
 	sodium/crypto_onetimeauth.h \
 	sodium/crypto_onetimeauth_poly1305.h \
 	sodium/crypto_pwhash.h \

src/libsodium/include/sodium.h

@@ -26,6 +26,7 @@
 #include "sodium/crypto_hash_sha512.h"
 #include "sodium/crypto_kdf.h"
 #include "sodium/crypto_kdf_blake2b.h"
+#include "sodium/crypto_kx.h"
 #include "sodium/crypto_onetimeauth.h"
 #include "sodium/crypto_onetimeauth_poly1305.h"
 #include "sodium/crypto_pwhash.h"

src/libsodium/include/sodium/crypto_kx.h

@@ -0,0 +1,64 @@
+#ifndef crypto_kx_H
+#define crypto_kx_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kx_PUBLICKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_publickeybytes(void);
+
+#define crypto_kx_SECRETKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_secretkeybytes(void);
+
+#define crypto_kx_SEEDBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_seedbytes(void);
+
+#define crypto_kx_SESSIONKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_sessionkeybytes(void);
+
+#define crypto_kx_PRIMITIVE "x25519blake2b"
+SODIUM_EXPORT
+const char *crypto_kx_primitive(void);
+
+SODIUM_EXPORT
+int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+                           unsigned char sk[crypto_kx_SECRETKEYBYTES],
+                           const unsigned char seed[crypto_kx_SEEDBYTES]);
+
+SODIUM_EXPORT
+int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+                      unsigned char sk[crypto_kx_SECRETKEYBYTES]);
+
+SODIUM_EXPORT
+int crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+                                  unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+                                  const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES],
+                                  const unsigned char client_sk[crypto_kx_SECRETKEYBYTES],
+                                  const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES])
+            __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+                                  unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+                                  const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES],
+                                  const unsigned char server_sk[crypto_kx_SECRETKEYBYTES],
+                                  const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES])
+            __attribute__ ((warn_unused_result));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif

test/default/Makefile.am

@@ -36,6 +36,7 @@ EXTRA_DIST = \
 	hash3.exp \
 	kdf.exp \
 	keygen.exp \
+	kx.exp \
 	onetimeauth.exp \
 	onetimeauth2.exp \
 	onetimeauth7.exp \
@@ -103,6 +104,7 @@ DISTCLEANFILES = \
 	hash3.res \
 	kdf.res \
 	keygen.res \
+	kx.res \
 	onetimeauth.res \
 	onetimeauth2.res \
 	onetimeauth7.res \
@@ -171,6 +173,7 @@ CLEANFILES = \
 	hash3.final \
 	kdf.final \
 	keygen.final \
+	kx.final \
 	onetimeauth.final \
 	onetimeauth2.final \
 	onetimeauth7.final \
@@ -234,6 +237,7 @@ CLEANFILES = \
 	hash3.nexe \
 	kdf.nexe \
 	keygen.nexe \
+	kx.nexe \
 	onetimeauth.nexe \
 	onetimeauth2.nexe \
 	onetimeauth7.nexe \
@@ -309,6 +313,7 @@ TESTS_TARGETS = \
 	hash3 \
 	kdf \
 	keygen \
+	kx \
 	onetimeauth \
 	onetimeauth2 \
 	onetimeauth7 \
@@ -449,6 +454,9 @@ kdf_LDADD                 = $(TESTS_LDADD)
 keygen_SOURCE             = cmptest.h keygen.c
 keygen_LDADD              = $(TESTS_LDADD)
 
+kx_SOURCE                 = cmptest.h kx.c
+kx_LDADD                  = $(TESTS_LDADD)
+
 onetimeauth_SOURCE        = cmptest.h onetimeauth.c
 onetimeauth_LDADD         = $(TESTS_LDADD)
 

test/default/kx.c

@@ -0,0 +1,119 @@
+
+#define TEST_NAME "kx"
+#include "cmptest.h"
+
+static void
+tv_kx(void)
+{
+    unsigned char *seed;
+    unsigned char *client_pk, *client_sk;
+    unsigned char *client_rx, *client_tx;
+    unsigned char *server_pk, *server_sk;
+    unsigned char *server_rx, *server_tx;
+    char           hex[65];
+    int            i;
+
+    seed = (unsigned char *) sodium_malloc(crypto_kx_SEEDBYTES);
+    for (i = 0; i < crypto_kx_SEEDBYTES; i++) {
+        seed[i] = (unsigned char) i;
+    }
+    client_pk = (unsigned char *) sodium_malloc(crypto_kx_PUBLICKEYBYTES);
+    client_sk = (unsigned char *) sodium_malloc(crypto_kx_SECRETKEYBYTES);
+    crypto_kx_seed_keypair(client_pk, client_sk, seed);
+
+    sodium_bin2hex(hex, sizeof hex, client_pk, crypto_kx_PUBLICKEYBYTES);
+    printf("client_pk: [%s]\n", hex);
+    sodium_bin2hex(hex, sizeof hex, client_sk, crypto_kx_SECRETKEYBYTES);
+    printf("client_sk: [%s]\n", hex);
+
+    server_pk = (unsigned char *) sodium_malloc(crypto_kx_PUBLICKEYBYTES);
+    server_sk = (unsigned char *) sodium_malloc(crypto_kx_SECRETKEYBYTES);
+    crypto_kx_keypair(server_pk, server_sk);
+
+    client_rx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
+    client_tx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
+
+    if (crypto_kx_client_session_keys(client_rx, client_tx,
+                                      client_pk, client_sk, server_pk) != 0) {
+        printf("crypto_kx_client_session_keys() failed\n");
+    }
+
+    server_rx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
+    server_tx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
+
+    if (crypto_kx_server_session_keys(server_rx, server_tx,
+                                      server_pk, server_sk, client_pk) != 0) {
+        printf("crypto_kx_server_session_keys() failed\n");
+    }
+    if (memcmp(server_rx, client_tx, crypto_kx_SESSIONKEYBYTES) != 0 ||
+        memcmp(server_tx, client_rx, crypto_kx_SESSIONKEYBYTES) != 0) {
+        printf("client session keys != server session keys\n");
+    }
+
+    sodium_increment(client_pk, crypto_kx_PUBLICKEYBYTES);
+    if (crypto_kx_server_session_keys(server_rx, server_tx,
+                                      server_pk, server_sk, client_pk) != 0) {
+        printf("crypto_kx_server_session_keys() failed\n");
+    }
+    if (memcmp(server_rx, client_tx, crypto_kx_SESSIONKEYBYTES) == 0 &&
+        memcmp(server_tx, client_rx, crypto_kx_SESSIONKEYBYTES) == 0) {
+        printf("peer's public key is ignored\n");
+    }
+
+    crypto_kx_keypair(client_pk, client_sk);
+    if (crypto_kx_server_session_keys(server_rx, server_tx,
+                                      server_pk, server_sk, client_pk) != 0) {
+        printf("crypto_kx_server_session_keys() failed\n");
+    }
+    if (memcmp(server_rx, client_tx, crypto_kx_SESSIONKEYBYTES) == 0 ||
+        memcmp(server_tx, client_rx, crypto_kx_SESSIONKEYBYTES) == 0) {
+        printf("session keys are constant\n");
+    }
+
+    crypto_kx_seed_keypair(client_pk, client_sk, seed);
+    sodium_increment(seed, crypto_kx_SEEDBYTES);
+    crypto_kx_seed_keypair(server_pk, server_sk, seed);
+    if (crypto_kx_server_session_keys(server_rx, server_tx,
+                                      server_pk, server_sk, client_pk) != 0) {
+        printf("crypto_kx_server_session_keys() failed\n");
+    }
+    sodium_bin2hex(hex, sizeof hex, server_rx, crypto_kx_SESSIONKEYBYTES);
+    printf("server_rx: [%s]\n", hex);
+    sodium_bin2hex(hex, sizeof hex, server_tx, crypto_kx_SESSIONKEYBYTES);
+    printf("server_tx: [%s]\n", hex);
+
+    if (crypto_kx_client_session_keys(client_rx, client_tx,
+                                      client_pk, client_sk, server_pk) != 0) {
+        printf("crypto_kx_client_session_keys() failed\n");
+    }
+    sodium_bin2hex(hex, sizeof hex, client_rx, crypto_kx_SESSIONKEYBYTES);
+    printf("client_rx: [%s]\n", hex);
+    sodium_bin2hex(hex, sizeof hex, client_tx, crypto_kx_SESSIONKEYBYTES);
+    printf("client_tx: [%s]\n", hex);
+
+    sodium_free(client_rx);
+    sodium_free(client_tx);
+    sodium_free(server_rx);
+    sodium_free(server_tx);
+    sodium_free(server_sk);
+    sodium_free(server_pk);
+    sodium_free(client_sk);
+    sodium_free(client_pk);
+    sodium_free(seed);
+
+    assert(strcmp(crypto_kx_primitive(), crypto_kx_PRIMITIVE) == 0);
+    assert(crypto_kx_publickeybytes() == crypto_kx_PUBLICKEYBYTES);
+    assert(crypto_kx_secretkeybytes() == crypto_kx_SECRETKEYBYTES);
+    assert(crypto_kx_seedbytes() == crypto_kx_SEEDBYTES);
+    assert(crypto_kx_sessionkeybytes() == crypto_kx_SESSIONKEYBYTES);
+
+    printf("tv_kx: ok\n");
+}
+
+int
+main(void)
+{
+    tv_kx();
+
+    return 0;
+}

test/default/kx.exp

@@ -0,0 +1,7 @@
+client_pk: [0e0216223f147143d32615a91189c288c1728cba3cc5f9f621b1026e03d83129]
+client_sk: [cb2f5160fc1f7e05a55ef49d340b48da2e5a78099d53393351cd579dd42503d6]
+server_rx: [62c8f4fa81800abd0577d99918d129b65deb789af8c8351f391feb0cbf238604]
+server_tx: [749519c68059bce69f7cfcc7b387a3de1a1e8237d110991323bf62870115731a]
+client_rx: [749519c68059bce69f7cfcc7b387a3de1a1e8237d110991323bf62870115731a]
+client_tx: [62c8f4fa81800abd0577d99918d129b65deb789af8c8351f391feb0cbf238604]
+tv_kx: ok