Enable use of NaCl for faster X64 Salsa20 implementations. Also include binary for OSX for easy build. Blazingly fast.

ext/bin/cnacl-osx-amd64/README.md

@@ -0,0 +1,53 @@
+# cNaCl
+
+    If you would like to be confusing, you could pronounce it sea-salt
+
+This is a fork NaCl by Daniel J. Bernstein and Tanja Lange.
+The build has been ported to cmake so it can be cross compiled and build output is reliable.
+Since it uses cmake, it could theoretically be built on windows but this has not been tested.
+It does compile using mingw32.
+
+## How do I make this thing work?
+
+    mkdir cbuild
+    cd cbuild
+    cmake ..
+    make
+
+## Ok now how about cross compiling?
+
+    mkdir cbuildw32
+    cd cbuildw32
+    cmake -DCMAKE_TOOLCHAIN_FILE=../CMakeWindows.txt ..
+    make
+
+## Why fork?
+
+NaCl builds using a shell script called `./do`. This script does compiling, testing, measuring
+and selection of the best implementation of each algorithm for the given machine. It also generates
+the header files which will be used.
+
+The problems with `./do` are it's slow, it tries compiling with multiple different compiler
+profiles, it's very platform independent but it doesn't run on Windows and most importantly, with
+compiling, testing and measuring so tightly bound, it is impossible to cross compile for a
+different operating system.
+
+
+## How it works
+
+The first time you build for a new ABI, it will trigger the traditional nacl `./do` script.
+What cNaCl does is parse the resulting headers from the `./do` build and create a plan so that it
+can repeat roughly the same build.
+
+If there is already a plan for the given ABI, the build uses this plan and the build is very fast.
+
+Plans are stored in `./cmake/plans/` and I will be adding plans as I find new ones.
+
+
+## What else is new?
+
+There is a problem with the `./do` build which prevents it from running on some ARM based machines,
+this was fixed by adding a more lax method for measuring CPU speed as a fall back.
+
+
+`#EOF#`

ext/bin/cnacl-osx-amd64/include/sodium/crypto_auth_hmacsha256.h

@@ -0,0 +1,27 @@
+#ifndef crypto_auth_hmacsha256_H
+#define crypto_auth_hmacsha256_H
+
+#define crypto_auth_hmacsha256_ref_BYTES 32
+#define crypto_auth_hmacsha256_ref_KEYBYTES 32
+#ifdef __cplusplus
+#include <string>
+extern std::string crypto_auth_hmacsha256_ref(const std::string &,const std::string &);
+extern void crypto_auth_hmacsha256_ref_verify(const std::string &,const std::string &,const std::string &);
+extern "C" {
+#endif
+extern int crypto_auth_hmacsha256_ref(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_auth_hmacsha256_ref_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_auth_hmacsha256 crypto_auth_hmacsha256_ref
+#define crypto_auth_hmacsha256_verify crypto_auth_hmacsha256_ref_verify
+#define crypto_auth_hmacsha256_BYTES crypto_auth_hmacsha256_ref_BYTES
+#define crypto_auth_hmacsha256_KEYBYTES crypto_auth_hmacsha256_ref_KEYBYTES
+#define crypto_auth_hmacsha256_IMPLEMENTATION "crypto_auth/hmacsha256/ref"
+#ifndef crypto_auth_hmacsha256_ref_VERSION
+#define crypto_auth_hmacsha256_ref_VERSION "-"
+#endif
+#define crypto_auth_hmacsha256_VERSION crypto_auth_hmacsha256_ref_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_auth_hmacsha512256.h

@@ -0,0 +1,27 @@
+#ifndef crypto_auth_hmacsha512256_H
+#define crypto_auth_hmacsha512256_H
+
+#define crypto_auth_hmacsha512256_ref_BYTES 32
+#define crypto_auth_hmacsha512256_ref_KEYBYTES 32
+#ifdef __cplusplus
+#include <string>
+extern std::string crypto_auth_hmacsha512256_ref(const std::string &,const std::string &);
+extern void crypto_auth_hmacsha512256_ref_verify(const std::string &,const std::string &,const std::string &);
+extern "C" {
+#endif
+extern int crypto_auth_hmacsha512256_ref(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_auth_hmacsha512256_ref_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_auth_hmacsha512256 crypto_auth_hmacsha512256_ref
+#define crypto_auth_hmacsha512256_verify crypto_auth_hmacsha512256_ref_verify
+#define crypto_auth_hmacsha512256_BYTES crypto_auth_hmacsha512256_ref_BYTES
+#define crypto_auth_hmacsha512256_KEYBYTES crypto_auth_hmacsha512256_ref_KEYBYTES
+#define crypto_auth_hmacsha512256_IMPLEMENTATION "crypto_auth/hmacsha512256/ref"
+#ifndef crypto_auth_hmacsha512256_ref_VERSION
+#define crypto_auth_hmacsha512256_ref_VERSION "-"
+#endif
+#define crypto_auth_hmacsha512256_VERSION crypto_auth_hmacsha512256_ref_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_box_curve25519xsalsa20poly1305.h

@@ -0,0 +1,44 @@
+#ifndef crypto_box_curve25519xsalsa20poly1305_H
+#define crypto_box_curve25519xsalsa20poly1305_H
+
+#define crypto_box_curve25519xsalsa20poly1305_ref_PUBLICKEYBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_ref_SECRETKEYBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_ref_BEFORENMBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_ref_NONCEBYTES 24
+#define crypto_box_curve25519xsalsa20poly1305_ref_ZEROBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_ref_BOXZEROBYTES 16
+#ifdef __cplusplus
+#include <string>
+extern std::string crypto_box_curve25519xsalsa20poly1305_ref(const std::string &,const std::string &,const std::string &,const std::string &);
+extern std::string crypto_box_curve25519xsalsa20poly1305_ref_open(const std::string &,const std::string &,const std::string &,const std::string &);
+extern std::string crypto_box_curve25519xsalsa20poly1305_ref_keypair(std::string *);
+extern "C" {
+#endif
+extern int crypto_box_curve25519xsalsa20poly1305_ref(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_ref_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_ref_keypair(unsigned char *,unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_ref_beforenm(unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_ref_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_ref_open_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_box_curve25519xsalsa20poly1305 crypto_box_curve25519xsalsa20poly1305_ref
+#define crypto_box_curve25519xsalsa20poly1305_open crypto_box_curve25519xsalsa20poly1305_ref_open
+#define crypto_box_curve25519xsalsa20poly1305_keypair crypto_box_curve25519xsalsa20poly1305_ref_keypair
+#define crypto_box_curve25519xsalsa20poly1305_beforenm crypto_box_curve25519xsalsa20poly1305_ref_beforenm
+#define crypto_box_curve25519xsalsa20poly1305_afternm crypto_box_curve25519xsalsa20poly1305_ref_afternm
+#define crypto_box_curve25519xsalsa20poly1305_open_afternm crypto_box_curve25519xsalsa20poly1305_ref_open_afternm
+#define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_ref_PUBLICKEYBYTES
+#define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_ref_SECRETKEYBYTES
+#define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_ref_BEFORENMBYTES
+#define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_ref_NONCEBYTES
+#define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ref_ZEROBYTES
+#define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_ref_BOXZEROBYTES
+#define crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION "crypto_box/curve25519xsalsa20poly1305/ref"
+#ifndef crypto_box_curve25519xsalsa20poly1305_ref_VERSION
+#define crypto_box_curve25519xsalsa20poly1305_ref_VERSION "-"
+#endif
+#define crypto_box_curve25519xsalsa20poly1305_VERSION crypto_box_curve25519xsalsa20poly1305_ref_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_core_hsalsa20.h

@@ -0,0 +1,27 @@
+#ifndef crypto_core_hsalsa20_H
+#define crypto_core_hsalsa20_H
+
+#define crypto_core_hsalsa20_ref_OUTPUTBYTES 32
+#define crypto_core_hsalsa20_ref_INPUTBYTES 16
+#define crypto_core_hsalsa20_ref_KEYBYTES 32
+#define crypto_core_hsalsa20_ref_CONSTBYTES 16
+#ifdef __cplusplus
+#include <string>
+extern "C" {
+#endif
+extern int crypto_core_hsalsa20_ref(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_core_hsalsa20 crypto_core_hsalsa20_ref
+#define crypto_core_hsalsa20_OUTPUTBYTES crypto_core_hsalsa20_ref_OUTPUTBYTES
+#define crypto_core_hsalsa20_INPUTBYTES crypto_core_hsalsa20_ref_INPUTBYTES
+#define crypto_core_hsalsa20_KEYBYTES crypto_core_hsalsa20_ref_KEYBYTES
+#define crypto_core_hsalsa20_CONSTBYTES crypto_core_hsalsa20_ref_CONSTBYTES
+#define crypto_core_hsalsa20_IMPLEMENTATION "crypto_core/hsalsa20/ref"
+#ifndef crypto_core_hsalsa20_ref_VERSION
+#define crypto_core_hsalsa20_ref_VERSION "-"
+#endif
+#define crypto_core_hsalsa20_VERSION crypto_core_hsalsa20_ref_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_core_salsa20.h

@@ -0,0 +1,27 @@
+#ifndef crypto_core_salsa20_H
+#define crypto_core_salsa20_H
+
+#define crypto_core_salsa20_ref_OUTPUTBYTES 64
+#define crypto_core_salsa20_ref_INPUTBYTES 16
+#define crypto_core_salsa20_ref_KEYBYTES 32
+#define crypto_core_salsa20_ref_CONSTBYTES 16
+#ifdef __cplusplus
+#include <string>
+extern "C" {
+#endif
+extern int crypto_core_salsa20_ref(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_core_salsa20 crypto_core_salsa20_ref
+#define crypto_core_salsa20_OUTPUTBYTES crypto_core_salsa20_ref_OUTPUTBYTES
+#define crypto_core_salsa20_INPUTBYTES crypto_core_salsa20_ref_INPUTBYTES
+#define crypto_core_salsa20_KEYBYTES crypto_core_salsa20_ref_KEYBYTES
+#define crypto_core_salsa20_CONSTBYTES crypto_core_salsa20_ref_CONSTBYTES
+#define crypto_core_salsa20_IMPLEMENTATION "crypto_core/salsa20/ref"
+#ifndef crypto_core_salsa20_ref_VERSION
+#define crypto_core_salsa20_ref_VERSION "-"
+#endif
+#define crypto_core_salsa20_VERSION crypto_core_salsa20_ref_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_core_salsa2012.h

@@ -0,0 +1,27 @@
+#ifndef crypto_core_salsa2012_H
+#define crypto_core_salsa2012_H
+
+#define crypto_core_salsa2012_ref_OUTPUTBYTES 64
+#define crypto_core_salsa2012_ref_INPUTBYTES 16
+#define crypto_core_salsa2012_ref_KEYBYTES 32
+#define crypto_core_salsa2012_ref_CONSTBYTES 16
+#ifdef __cplusplus
+#include <string>
+extern "C" {
+#endif
+extern int crypto_core_salsa2012_ref(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_core_salsa2012 crypto_core_salsa2012_ref
+#define crypto_core_salsa2012_OUTPUTBYTES crypto_core_salsa2012_ref_OUTPUTBYTES
+#define crypto_core_salsa2012_INPUTBYTES crypto_core_salsa2012_ref_INPUTBYTES
+#define crypto_core_salsa2012_KEYBYTES crypto_core_salsa2012_ref_KEYBYTES
+#define crypto_core_salsa2012_CONSTBYTES crypto_core_salsa2012_ref_CONSTBYTES
+#define crypto_core_salsa2012_IMPLEMENTATION "crypto_core/salsa2012/ref"
+#ifndef crypto_core_salsa2012_ref_VERSION
+#define crypto_core_salsa2012_ref_VERSION "-"
+#endif
+#define crypto_core_salsa2012_VERSION crypto_core_salsa2012_ref_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_core_salsa208.h

@@ -0,0 +1,27 @@
+#ifndef crypto_core_salsa208_H
+#define crypto_core_salsa208_H
+
+#define crypto_core_salsa208_ref_OUTPUTBYTES 64
+#define crypto_core_salsa208_ref_INPUTBYTES 16
+#define crypto_core_salsa208_ref_KEYBYTES 32
+#define crypto_core_salsa208_ref_CONSTBYTES 16
+#ifdef __cplusplus
+#include <string>
+extern "C" {
+#endif
+extern int crypto_core_salsa208_ref(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_core_salsa208 crypto_core_salsa208_ref
+#define crypto_core_salsa208_OUTPUTBYTES crypto_core_salsa208_ref_OUTPUTBYTES
+#define crypto_core_salsa208_INPUTBYTES crypto_core_salsa208_ref_INPUTBYTES
+#define crypto_core_salsa208_KEYBYTES crypto_core_salsa208_ref_KEYBYTES
+#define crypto_core_salsa208_CONSTBYTES crypto_core_salsa208_ref_CONSTBYTES
+#define crypto_core_salsa208_IMPLEMENTATION "crypto_core/salsa208/ref"
+#ifndef crypto_core_salsa208_ref_VERSION
+#define crypto_core_salsa208_ref_VERSION "-"
+#endif
+#define crypto_core_salsa208_VERSION crypto_core_salsa208_ref_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_hash_sha256.h

@@ -0,0 +1,22 @@
+#ifndef crypto_hash_sha256_H
+#define crypto_hash_sha256_H
+
+#define crypto_hash_sha256_ref_BYTES 32
+#ifdef __cplusplus
+#include <string>
+extern std::string crypto_hash_sha256_ref(const std::string &);
+extern "C" {
+#endif
+extern int crypto_hash_sha256_ref(unsigned char *,const unsigned char *,unsigned long long);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_hash_sha256 crypto_hash_sha256_ref
+#define crypto_hash_sha256_BYTES crypto_hash_sha256_ref_BYTES
+#define crypto_hash_sha256_IMPLEMENTATION "crypto_hash/sha256/ref"
+#ifndef crypto_hash_sha256_ref_VERSION
+#define crypto_hash_sha256_ref_VERSION "-"
+#endif
+#define crypto_hash_sha256_VERSION crypto_hash_sha256_ref_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_hash_sha512.h

@@ -0,0 +1,22 @@
+#ifndef crypto_hash_sha512_H
+#define crypto_hash_sha512_H
+
+#define crypto_hash_sha512_ref_BYTES 64
+#ifdef __cplusplus
+#include <string>
+extern std::string crypto_hash_sha512_ref(const std::string &);
+extern "C" {
+#endif
+extern int crypto_hash_sha512_ref(unsigned char *,const unsigned char *,unsigned long long);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_hash_sha512 crypto_hash_sha512_ref
+#define crypto_hash_sha512_BYTES crypto_hash_sha512_ref_BYTES
+#define crypto_hash_sha512_IMPLEMENTATION "crypto_hash/sha512/ref"
+#ifndef crypto_hash_sha512_ref_VERSION
+#define crypto_hash_sha512_ref_VERSION "-"
+#endif
+#define crypto_hash_sha512_VERSION crypto_hash_sha512_ref_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_hashblocks_sha256.h

@@ -0,0 +1,23 @@
+#ifndef crypto_hashblocks_sha256_H
+#define crypto_hashblocks_sha256_H
+
+#define crypto_hashblocks_sha256_inplace_STATEBYTES 32
+#define crypto_hashblocks_sha256_inplace_BLOCKBYTES 64
+#ifdef __cplusplus
+#include <string>
+extern "C" {
+#endif
+extern int crypto_hashblocks_sha256_inplace(unsigned char *,const unsigned char *,unsigned long long);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_hashblocks_sha256 crypto_hashblocks_sha256_inplace
+#define crypto_hashblocks_sha256_STATEBYTES crypto_hashblocks_sha256_inplace_STATEBYTES
+#define crypto_hashblocks_sha256_BLOCKBYTES crypto_hashblocks_sha256_inplace_BLOCKBYTES
+#define crypto_hashblocks_sha256_IMPLEMENTATION "crypto_hashblocks/sha256/inplace"
+#ifndef crypto_hashblocks_sha256_inplace_VERSION
+#define crypto_hashblocks_sha256_inplace_VERSION "-"
+#endif
+#define crypto_hashblocks_sha256_VERSION crypto_hashblocks_sha256_inplace_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_hashblocks_sha512.h

@@ -0,0 +1,23 @@
+#ifndef crypto_hashblocks_sha512_H
+#define crypto_hashblocks_sha512_H
+
+#define crypto_hashblocks_sha512_ref_STATEBYTES 64
+#define crypto_hashblocks_sha512_ref_BLOCKBYTES 128
+#ifdef __cplusplus
+#include <string>
+extern "C" {
+#endif
+extern int crypto_hashblocks_sha512_ref(unsigned char *,const unsigned char *,unsigned long long);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_hashblocks_sha512 crypto_hashblocks_sha512_ref
+#define crypto_hashblocks_sha512_STATEBYTES crypto_hashblocks_sha512_ref_STATEBYTES
+#define crypto_hashblocks_sha512_BLOCKBYTES crypto_hashblocks_sha512_ref_BLOCKBYTES
+#define crypto_hashblocks_sha512_IMPLEMENTATION "crypto_hashblocks/sha512/ref"
+#ifndef crypto_hashblocks_sha512_ref_VERSION
+#define crypto_hashblocks_sha512_ref_VERSION "-"
+#endif
+#define crypto_hashblocks_sha512_VERSION crypto_hashblocks_sha512_ref_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_onetimeauth_poly1305.h

@@ -0,0 +1,27 @@
+#ifndef crypto_onetimeauth_poly1305_H
+#define crypto_onetimeauth_poly1305_H
+
+#define crypto_onetimeauth_poly1305_53_BYTES 16
+#define crypto_onetimeauth_poly1305_53_KEYBYTES 32
+#ifdef __cplusplus
+#include <string>
+extern std::string crypto_onetimeauth_poly1305_53(const std::string &,const std::string &);
+extern void crypto_onetimeauth_poly1305_53_verify(const std::string &,const std::string &,const std::string &);
+extern "C" {
+#endif
+extern int crypto_onetimeauth_poly1305_53(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_onetimeauth_poly1305_53_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_onetimeauth_poly1305 crypto_onetimeauth_poly1305_53
+#define crypto_onetimeauth_poly1305_verify crypto_onetimeauth_poly1305_53_verify
+#define crypto_onetimeauth_poly1305_BYTES crypto_onetimeauth_poly1305_53_BYTES
+#define crypto_onetimeauth_poly1305_KEYBYTES crypto_onetimeauth_poly1305_53_KEYBYTES
+#define crypto_onetimeauth_poly1305_IMPLEMENTATION "crypto_onetimeauth/poly1305/53"
+#ifndef crypto_onetimeauth_poly1305_53_VERSION
+#define crypto_onetimeauth_poly1305_53_VERSION "-"
+#endif
+#define crypto_onetimeauth_poly1305_VERSION crypto_onetimeauth_poly1305_53_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_scalarmult_curve25519.h

@@ -0,0 +1,27 @@
+#ifndef crypto_scalarmult_curve25519_H
+#define crypto_scalarmult_curve25519_H
+
+#define crypto_scalarmult_curve25519_donna_c64_BYTES 32
+#define crypto_scalarmult_curve25519_donna_c64_SCALARBYTES 32
+#ifdef __cplusplus
+#include <string>
+extern std::string crypto_scalarmult_curve25519_donna_c64(const std::string &,const std::string &);
+extern std::string crypto_scalarmult_curve25519_donna_c64_base(const std::string &);
+extern "C" {
+#endif
+extern int crypto_scalarmult_curve25519_donna_c64(unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_scalarmult_curve25519_donna_c64_base(unsigned char *,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_scalarmult_curve25519 crypto_scalarmult_curve25519_donna_c64
+#define crypto_scalarmult_curve25519_base crypto_scalarmult_curve25519_donna_c64_base
+#define crypto_scalarmult_curve25519_BYTES crypto_scalarmult_curve25519_donna_c64_BYTES
+#define crypto_scalarmult_curve25519_SCALARBYTES crypto_scalarmult_curve25519_donna_c64_SCALARBYTES
+#define crypto_scalarmult_curve25519_IMPLEMENTATION "crypto_scalarmult/curve25519/donna_c64"
+#ifndef crypto_scalarmult_curve25519_donna_c64_VERSION
+#define crypto_scalarmult_curve25519_donna_c64_VERSION "-"
+#endif
+#define crypto_scalarmult_curve25519_VERSION crypto_scalarmult_curve25519_donna_c64_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_secretbox_xsalsa20poly1305.h

@@ -0,0 +1,31 @@
+#ifndef crypto_secretbox_xsalsa20poly1305_H
+#define crypto_secretbox_xsalsa20poly1305_H
+
+#define crypto_secretbox_xsalsa20poly1305_ref_KEYBYTES 32
+#define crypto_secretbox_xsalsa20poly1305_ref_NONCEBYTES 24
+#define crypto_secretbox_xsalsa20poly1305_ref_ZEROBYTES 32
+#define crypto_secretbox_xsalsa20poly1305_ref_BOXZEROBYTES 16
+#ifdef __cplusplus
+#include <string>
+extern std::string crypto_secretbox_xsalsa20poly1305_ref(const std::string &,const std::string &,const std::string &);
+extern std::string crypto_secretbox_xsalsa20poly1305_ref_open(const std::string &,const std::string &,const std::string &);
+extern "C" {
+#endif
+extern int crypto_secretbox_xsalsa20poly1305_ref(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_secretbox_xsalsa20poly1305_ref_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_secretbox_xsalsa20poly1305 crypto_secretbox_xsalsa20poly1305_ref
+#define crypto_secretbox_xsalsa20poly1305_open crypto_secretbox_xsalsa20poly1305_ref_open
+#define crypto_secretbox_xsalsa20poly1305_KEYBYTES crypto_secretbox_xsalsa20poly1305_ref_KEYBYTES
+#define crypto_secretbox_xsalsa20poly1305_NONCEBYTES crypto_secretbox_xsalsa20poly1305_ref_NONCEBYTES
+#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ref_ZEROBYTES
+#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_ref_BOXZEROBYTES
+#define crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION "crypto_secretbox/xsalsa20poly1305/ref"
+#ifndef crypto_secretbox_xsalsa20poly1305_ref_VERSION
+#define crypto_secretbox_xsalsa20poly1305_ref_VERSION "-"
+#endif
+#define crypto_secretbox_xsalsa20poly1305_VERSION crypto_secretbox_xsalsa20poly1305_ref_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_sign_edwards25519sha512batch.h

@@ -0,0 +1,32 @@
+#ifndef crypto_sign_edwards25519sha512batch_H
+#define crypto_sign_edwards25519sha512batch_H
+
+#define crypto_sign_edwards25519sha512batch_ref_SECRETKEYBYTES 64
+#define crypto_sign_edwards25519sha512batch_ref_PUBLICKEYBYTES 32
+#define crypto_sign_edwards25519sha512batch_ref_BYTES 64
+#ifdef __cplusplus
+#include <string>
+extern std::string crypto_sign_edwards25519sha512batch_ref(const std::string &,const std::string &);
+extern std::string crypto_sign_edwards25519sha512batch_ref_open(const std::string &,const std::string &);
+extern std::string crypto_sign_edwards25519sha512batch_ref_keypair(std::string *);
+extern "C" {
+#endif
+extern int crypto_sign_edwards25519sha512batch_ref(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_sign_edwards25519sha512batch_ref_open(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_sign_edwards25519sha512batch_ref_keypair(unsigned char *,unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_sign_edwards25519sha512batch crypto_sign_edwards25519sha512batch_ref
+#define crypto_sign_edwards25519sha512batch_open crypto_sign_edwards25519sha512batch_ref_open
+#define crypto_sign_edwards25519sha512batch_keypair crypto_sign_edwards25519sha512batch_ref_keypair
+#define crypto_sign_edwards25519sha512batch_BYTES crypto_sign_edwards25519sha512batch_ref_BYTES
+#define crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES crypto_sign_edwards25519sha512batch_ref_PUBLICKEYBYTES
+#define crypto_sign_edwards25519sha512batch_SECRETKEYBYTES crypto_sign_edwards25519sha512batch_ref_SECRETKEYBYTES
+#define crypto_sign_edwards25519sha512batch_IMPLEMENTATION "crypto_sign/edwards25519sha512batch/ref"
+#ifndef crypto_sign_edwards25519sha512batch_ref_VERSION
+#define crypto_sign_edwards25519sha512batch_ref_VERSION "-"
+#endif
+#define crypto_sign_edwards25519sha512batch_VERSION crypto_sign_edwards25519sha512batch_ref_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_stream_aes128ctr.h

@@ -0,0 +1,35 @@
+#ifndef crypto_stream_aes128ctr_H
+#define crypto_stream_aes128ctr_H
+
+#define crypto_stream_aes128ctr_portable_KEYBYTES 16
+#define crypto_stream_aes128ctr_portable_NONCEBYTES 16
+#define crypto_stream_aes128ctr_portable_BEFORENMBYTES 1408
+#ifdef __cplusplus
+#include <string>
+extern std::string crypto_stream_aes128ctr_portable(size_t,const std::string &,const std::string &);
+extern std::string crypto_stream_aes128ctr_portable_xor(const std::string &,const std::string &,const std::string &);
+extern "C" {
+#endif
+extern int crypto_stream_aes128ctr_portable(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_aes128ctr_portable_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_aes128ctr_portable_beforenm(unsigned char *,const unsigned char *);
+extern int crypto_stream_aes128ctr_portable_afternm(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_aes128ctr_portable_xor_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_stream_aes128ctr crypto_stream_aes128ctr_portable
+#define crypto_stream_aes128ctr_xor crypto_stream_aes128ctr_portable_xor
+#define crypto_stream_aes128ctr_beforenm crypto_stream_aes128ctr_portable_beforenm
+#define crypto_stream_aes128ctr_afternm crypto_stream_aes128ctr_portable_afternm
+#define crypto_stream_aes128ctr_xor_afternm crypto_stream_aes128ctr_portable_xor_afternm
+#define crypto_stream_aes128ctr_KEYBYTES crypto_stream_aes128ctr_portable_KEYBYTES
+#define crypto_stream_aes128ctr_NONCEBYTES crypto_stream_aes128ctr_portable_NONCEBYTES
+#define crypto_stream_aes128ctr_BEFORENMBYTES crypto_stream_aes128ctr_portable_BEFORENMBYTES
+#define crypto_stream_aes128ctr_IMPLEMENTATION "crypto_stream/aes128ctr/portable"
+#ifndef crypto_stream_aes128ctr_portable_VERSION
+#define crypto_stream_aes128ctr_portable_VERSION "-"
+#endif
+#define crypto_stream_aes128ctr_VERSION crypto_stream_aes128ctr_portable_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_stream_salsa20.h

@@ -0,0 +1,34 @@
+#ifndef crypto_stream_salsa20_H
+#define crypto_stream_salsa20_H
+
+#define crypto_stream_salsa20_amd64_xmm6_KEYBYTES 32
+#define crypto_stream_salsa20_amd64_xmm6_NONCEBYTES 8
+#ifdef __cplusplus
+#include <string>
+extern std::string crypto_stream_salsa20_amd64_xmm6(size_t,const std::string &,const std::string &);
+extern std::string crypto_stream_salsa20_amd64_xmm6_xor(const std::string &,const std::string &,const std::string &);
+extern "C" {
+#endif
+extern int crypto_stream_salsa20_amd64_xmm6(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa20_amd64_xmm6_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa20_amd64_xmm6_beforenm(unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa20_amd64_xmm6_afternm(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa20_amd64_xmm6_xor_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_stream_salsa20 crypto_stream_salsa20_amd64_xmm6
+#define crypto_stream_salsa20_xor crypto_stream_salsa20_amd64_xmm6_xor
+#define crypto_stream_salsa20_beforenm crypto_stream_salsa20_amd64_xmm6_beforenm
+#define crypto_stream_salsa20_afternm crypto_stream_salsa20_amd64_xmm6_afternm
+#define crypto_stream_salsa20_xor_afternm crypto_stream_salsa20_amd64_xmm6_xor_afternm
+#define crypto_stream_salsa20_KEYBYTES crypto_stream_salsa20_amd64_xmm6_KEYBYTES
+#define crypto_stream_salsa20_NONCEBYTES crypto_stream_salsa20_amd64_xmm6_NONCEBYTES
+#define crypto_stream_salsa20_BEFORENMBYTES crypto_stream_salsa20_amd64_xmm6_BEFORENMBYTES
+#define crypto_stream_salsa20_IMPLEMENTATION "crypto_stream/salsa20/amd64_xmm6"
+#ifndef crypto_stream_salsa20_amd64_xmm6_VERSION
+#define crypto_stream_salsa20_amd64_xmm6_VERSION "-"
+#endif
+#define crypto_stream_salsa20_VERSION crypto_stream_salsa20_amd64_xmm6_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_stream_salsa2012.h

@@ -0,0 +1,34 @@
+#ifndef crypto_stream_salsa2012_H
+#define crypto_stream_salsa2012_H
+
+#define crypto_stream_salsa2012_amd64_xmm6_KEYBYTES 32
+#define crypto_stream_salsa2012_amd64_xmm6_NONCEBYTES 8
+#ifdef __cplusplus
+#include <string>
+extern std::string crypto_stream_salsa2012_amd64_xmm6(size_t,const std::string &,const std::string &);
+extern std::string crypto_stream_salsa2012_amd64_xmm6_xor(const std::string &,const std::string &,const std::string &);
+extern "C" {
+#endif
+extern int crypto_stream_salsa2012_amd64_xmm6(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa2012_amd64_xmm6_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa2012_amd64_xmm6_beforenm(unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa2012_amd64_xmm6_afternm(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa2012_amd64_xmm6_xor_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_stream_salsa2012 crypto_stream_salsa2012_amd64_xmm6
+#define crypto_stream_salsa2012_xor crypto_stream_salsa2012_amd64_xmm6_xor
+#define crypto_stream_salsa2012_beforenm crypto_stream_salsa2012_amd64_xmm6_beforenm
+#define crypto_stream_salsa2012_afternm crypto_stream_salsa2012_amd64_xmm6_afternm
+#define crypto_stream_salsa2012_xor_afternm crypto_stream_salsa2012_amd64_xmm6_xor_afternm
+#define crypto_stream_salsa2012_KEYBYTES crypto_stream_salsa2012_amd64_xmm6_KEYBYTES
+#define crypto_stream_salsa2012_NONCEBYTES crypto_stream_salsa2012_amd64_xmm6_NONCEBYTES
+#define crypto_stream_salsa2012_BEFORENMBYTES crypto_stream_salsa2012_amd64_xmm6_BEFORENMBYTES
+#define crypto_stream_salsa2012_IMPLEMENTATION "crypto_stream/salsa2012/amd64_xmm6"
+#ifndef crypto_stream_salsa2012_amd64_xmm6_VERSION
+#define crypto_stream_salsa2012_amd64_xmm6_VERSION "-"
+#endif
+#define crypto_stream_salsa2012_VERSION crypto_stream_salsa2012_amd64_xmm6_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_stream_salsa208.h

@@ -0,0 +1,34 @@
+#ifndef crypto_stream_salsa208_H
+#define crypto_stream_salsa208_H
+
+#define crypto_stream_salsa208_amd64_xmm6_KEYBYTES 32
+#define crypto_stream_salsa208_amd64_xmm6_NONCEBYTES 8
+#ifdef __cplusplus
+#include <string>
+extern std::string crypto_stream_salsa208_amd64_xmm6(size_t,const std::string &,const std::string &);
+extern std::string crypto_stream_salsa208_amd64_xmm6_xor(const std::string &,const std::string &,const std::string &);
+extern "C" {
+#endif
+extern int crypto_stream_salsa208_amd64_xmm6(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa208_amd64_xmm6_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa208_amd64_xmm6_beforenm(unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa208_amd64_xmm6_afternm(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa208_amd64_xmm6_xor_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_stream_salsa208 crypto_stream_salsa208_amd64_xmm6
+#define crypto_stream_salsa208_xor crypto_stream_salsa208_amd64_xmm6_xor
+#define crypto_stream_salsa208_beforenm crypto_stream_salsa208_amd64_xmm6_beforenm
+#define crypto_stream_salsa208_afternm crypto_stream_salsa208_amd64_xmm6_afternm
+#define crypto_stream_salsa208_xor_afternm crypto_stream_salsa208_amd64_xmm6_xor_afternm
+#define crypto_stream_salsa208_KEYBYTES crypto_stream_salsa208_amd64_xmm6_KEYBYTES
+#define crypto_stream_salsa208_NONCEBYTES crypto_stream_salsa208_amd64_xmm6_NONCEBYTES
+#define crypto_stream_salsa208_BEFORENMBYTES crypto_stream_salsa208_amd64_xmm6_BEFORENMBYTES
+#define crypto_stream_salsa208_IMPLEMENTATION "crypto_stream/salsa208/amd64_xmm6"
+#ifndef crypto_stream_salsa208_amd64_xmm6_VERSION
+#define crypto_stream_salsa208_amd64_xmm6_VERSION "-"
+#endif
+#define crypto_stream_salsa208_VERSION crypto_stream_salsa208_amd64_xmm6_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_stream_xsalsa20.h

@@ -0,0 +1,34 @@
+#ifndef crypto_stream_xsalsa20_H
+#define crypto_stream_xsalsa20_H
+
+#define crypto_stream_xsalsa20_ref_KEYBYTES 32
+#define crypto_stream_xsalsa20_ref_NONCEBYTES 24
+#ifdef __cplusplus
+#include <string>
+extern std::string crypto_stream_xsalsa20_ref(size_t,const std::string &,const std::string &);
+extern std::string crypto_stream_xsalsa20_ref_xor(const std::string &,const std::string &,const std::string &);
+extern "C" {
+#endif
+extern int crypto_stream_xsalsa20_ref(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_xsalsa20_ref_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_xsalsa20_ref_beforenm(unsigned char *,const unsigned char *);
+extern int crypto_stream_xsalsa20_ref_afternm(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_xsalsa20_ref_xor_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_stream_xsalsa20 crypto_stream_xsalsa20_ref
+#define crypto_stream_xsalsa20_xor crypto_stream_xsalsa20_ref_xor
+#define crypto_stream_xsalsa20_beforenm crypto_stream_xsalsa20_ref_beforenm
+#define crypto_stream_xsalsa20_afternm crypto_stream_xsalsa20_ref_afternm
+#define crypto_stream_xsalsa20_xor_afternm crypto_stream_xsalsa20_ref_xor_afternm
+#define crypto_stream_xsalsa20_KEYBYTES crypto_stream_xsalsa20_ref_KEYBYTES
+#define crypto_stream_xsalsa20_NONCEBYTES crypto_stream_xsalsa20_ref_NONCEBYTES
+#define crypto_stream_xsalsa20_BEFORENMBYTES crypto_stream_xsalsa20_ref_BEFORENMBYTES
+#define crypto_stream_xsalsa20_IMPLEMENTATION "crypto_stream/xsalsa20/ref"
+#ifndef crypto_stream_xsalsa20_ref_VERSION
+#define crypto_stream_xsalsa20_ref_VERSION "-"
+#endif
+#define crypto_stream_xsalsa20_VERSION crypto_stream_xsalsa20_ref_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_types.h

@@ -0,0 +1,11 @@
+#ifndef crypto_types_h
+#define crypto_types_h
+typedef short crypto_int16;
+typedef int crypto_int32;
+typedef long long crypto_int64;
+typedef signed char crypto_int8;
+typedef unsigned short crypto_uint16;
+typedef unsigned int crypto_uint32;
+typedef unsigned long long crypto_uint64;
+typedef unsigned char crypto_uint8;
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_verify_16.h

@@ -0,0 +1,21 @@
+#ifndef crypto_verify_16_H
+#define crypto_verify_16_H
+
+#define crypto_verify_16_ref_BYTES 16
+#ifdef __cplusplus
+#include <string>
+extern "C" {
+#endif
+extern int crypto_verify_16_ref(const unsigned char *,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_verify_16 crypto_verify_16_ref
+#define crypto_verify_16_BYTES crypto_verify_16_ref_BYTES
+#define crypto_verify_16_IMPLEMENTATION "crypto_verify/16/ref"
+#ifndef crypto_verify_16_ref_VERSION
+#define crypto_verify_16_ref_VERSION "-"
+#endif
+#define crypto_verify_16_VERSION crypto_verify_16_ref_VERSION
+
+#endif

ext/bin/cnacl-osx-amd64/include/sodium/crypto_verify_32.h

@@ -0,0 +1,21 @@
+#ifndef crypto_verify_32_H
+#define crypto_verify_32_H
+
+#define crypto_verify_32_ref_BYTES 32
+#ifdef __cplusplus
+#include <string>
+extern "C" {
+#endif
+extern int crypto_verify_32_ref(const unsigned char *,const unsigned char *);
+#ifdef __cplusplus
+}
+#endif
+#define crypto_verify_32 crypto_verify_32_ref
+#define crypto_verify_32_BYTES crypto_verify_32_ref_BYTES
+#define crypto_verify_32_IMPLEMENTATION "crypto_verify/32/ref"
+#ifndef crypto_verify_32_ref_VERSION
+#define crypto_verify_32_ref_VERSION "-"
+#endif
+#define crypto_verify_32_VERSION crypto_verify_32_ref_VERSION
+
+#endif

make-mac.mk

@@ -33,6 +33,12 @@ else
 	DEFS+=-DZT_SOFTWARE_UPDATE_DEFAULT="\"download\""
 endif
 
+# Use precompiled extremely fast Salsa20/12 from "cnacl" included in ext/bin
+# See https://github.com/cjdelisle/cnacl
+DEFS+=-DZT_USE_LIBSODIUM
+CFLAGS+=-Iext/bin/cnacl-osx-amd64/include
+LIBS+=ext/bin/cnacl-osx-amd64/libnacl.a
+
 ifeq ($(ZT_ENABLE_CLUSTER),1)
 	DEFS+=-DZT_ENABLE_CLUSTER
 endif

node/Identity.cpp

@@ -45,7 +45,7 @@ static inline void _computeMemoryHardHash(const void *publicKey,unsigned int pub
 	// ordinary Salsa20 is randomly seekable. This is good for a cipher
 	// but is not what we want for sequential memory-harndess.
 	memset(genmem,0,ZT_IDENTITY_GEN_MEMORY);
-	Salsa20 s20(digest,256,(char *)digest + 32);
+	Salsa20 s20(digest,(char *)digest + 32);
 	s20.crypt20((char *)genmem,(char *)genmem,64);
 	for(unsigned long i=64;i<ZT_IDENTITY_GEN_MEMORY;i+=64) {
 		unsigned long k = i - 64;

node/Node.cpp

@@ -66,9 +66,9 @@ Node::Node(void *uptr,void *tptr,const struct ZT_Node_Callbacks *callbacks,uint6
 	memset(_lastIdentityVerification,0,sizeof(_lastIdentityVerification));
 
 	// Use Salsa20 alone as a high-quality non-crypto PRNG
-	char foo[32];
-	Utils::getSecureRandom(foo,32);
-	_prng.init(foo,256,foo);
+	char foo[64];
+	Utils::getSecureRandom(foo,64);
+	_prng.init(foo,foo + 32);
 	memset(_prngStream,0,sizeof(_prngStream));
 	_prng.crypt12(_prngStream,_prngStream,sizeof(_prngStream));
 

node/Packet.cpp

@@ -1074,7 +1074,7 @@ void Packet::armor(const void *key,bool encryptPayload,unsigned int counter)
 	setCipher(encryptPayload ? ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012 : ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_NONE);
 
 	_salsa20MangleKey((const unsigned char *)key,mangledKey);
-	Salsa20 s20(mangledKey,256,data + ZT_PACKET_IDX_IV);
+	Salsa20 s20(mangledKey,data + ZT_PACKET_IDX_IV);
 
 	// MAC key is always the first 32 bytes of the Salsa20 key stream
 	// This is the same construction DJB's NaCl library uses
@@ -1098,7 +1098,7 @@ bool Packet::dearmor(const void *key)
 
 	if ((cs == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_NONE)||(cs == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012)) {
 		_salsa20MangleKey((const unsigned char *)key,mangledKey);
-		Salsa20 s20(mangledKey,256,data + ZT_PACKET_IDX_IV);
+		Salsa20 s20(mangledKey,data + ZT_PACKET_IDX_IV);
 
 		s20.crypt12(ZERO_KEY,macKey,sizeof(macKey));
 		Poly1305::compute(mac,payload,payloadLen,macKey);
@@ -1120,7 +1120,7 @@ void Packet::cryptField(const void *key,unsigned int start,unsigned int len)
 	uint8_t iv[8];
 	for(int i=0;i<8;++i) iv[i] = data[i];
 	iv[7] &= 0xf8; // mask off least significant 3 bits of packet ID / IV since this is unset when this function gets called
-	Salsa20 s20(key,256,iv);
+	Salsa20 s20(key,iv);
 	s20.crypt12(data + start,data + start,len);
 }
 

node/Salsa20.cpp

@@ -10,6 +10,8 @@
 #include "Constants.hpp"
 #include "Salsa20.hpp"
 
+#ifndef ZT_USE_LIBSODIUM
+
 #define ROTATE(v,c) (((v) << (c)) | ((v) >> (32 - (c))))
 #define XOR(v,w) ((v) ^ (w))
 #define PLUS(v,w) ((uint32_t)((v) + (w)))
@@ -66,8 +68,7 @@ static const _s20sseconsts _S20SSECONSTANTS;
 
 namespace ZeroTier {
 
-void Salsa20::init(const void *key,unsigned int kbits,const void *iv)
-	throw()
+void Salsa20::init(const void *key,const void *iv)
 {
 #ifdef ZT_SALSA20_SSE
 	const uint32_t *k = (const uint32_t *)key;
@@ -78,14 +79,9 @@ void Salsa20::init(const void *key,unsigned int kbits,const void *iv)
 	_state.i[10] = k[1];
 	_state.i[7] = k[2];
 	_state.i[4] = k[3];
-	if (kbits == 256) {
-		k += 4;
-		_state.i[1] = 0x3320646e;
-		_state.i[2] = 0x79622d32;
-	} else {
-		_state.i[1] = 0x3120646e;
-		_state.i[2] = 0x79622d36;
-	}
+	k += 4;
+	_state.i[1] = 0x3320646e;
+	_state.i[2] = 0x79622d32;
 	_state.i[15] = k[0];
 	_state.i[12] = k[1];
 	_state.i[9] = k[2];
@@ -95,19 +91,14 @@ void Salsa20::init(const void *key,unsigned int kbits,const void *iv)
 	_state.i[5] = 0;
 	_state.i[8] = 0;
 #else
-	const char *constants;
+	const char *const constants = "expand 32-byte k";
 	const uint8_t *k = (const uint8_t *)key;
 
 	_state.i[1] = U8TO32_LITTLE(k + 0);
 	_state.i[2] = U8TO32_LITTLE(k + 4);
 	_state.i[3] = U8TO32_LITTLE(k + 8);
 	_state.i[4] = U8TO32_LITTLE(k + 12);
-	if (kbits == 256) { /* recommended */
-		k += 16;
-		constants = "expand 32-byte k";
-	} else { /* kbits == 128 */
-		constants = "expand 16-byte k";
-	}
+	k += 16;
 	_state.i[5] = U8TO32_LITTLE(constants + 4);
 	_state.i[6] = U8TO32_LITTLE(((const uint8_t *)iv) + 0);
 	_state.i[7] = U8TO32_LITTLE(((const uint8_t *)iv) + 4);
@@ -124,7 +115,6 @@ void Salsa20::init(const void *key,unsigned int kbits,const void *iv)
 }
 
 void Salsa20::crypt12(const void *in,void *out,unsigned int bytes)
-	throw()
 {
 	uint8_t tmp[64];
 	const uint8_t *m = (const uint8_t *)in;
@@ -624,7 +614,6 @@ void Salsa20::crypt12(const void *in,void *out,unsigned int bytes)
 }
 
 void Salsa20::crypt20(const void *in,void *out,unsigned int bytes)
-	throw()
 {
 	uint8_t tmp[64];
 	const uint8_t *m = (const uint8_t *)in;
@@ -1356,3 +1345,5 @@ void Salsa20::crypt20(const void *in,void *out,unsigned int bytes)
 }
 
 } // namespace ZeroTier
+
+#endif // !ZT_USE_LIBSODIUM

node/Salsa20.hpp

@@ -10,10 +10,82 @@
 #include <stdio.h>
 #include <stdint.h>
 #include <stdlib.h>
+#include <string.h>
 
 #include "Constants.hpp"
 #include "Utils.hpp"
 
+#ifdef ZT_USE_LIBSODIUM
+
+#include <sodium/crypto_stream_salsa20.h>
+#include <sodium/crypto_stream_salsa2012.h>
+
+namespace ZeroTier {
+
+/**
+ * Salsa20 stream cipher
+ */
+class Salsa20
+{
+public:
+	Salsa20() {}
+	~Salsa20() { Utils::burn(_k,sizeof(_k)); }
+
+	/**
+	 * @param key 256-bit (32 byte) key
+	 * @param iv 64-bit initialization vector
+	 */
+	Salsa20(const void *key,const void *iv)
+	{
+		memcpy(_k,key,32);
+		memcpy(&_iv,iv,8);
+	}
+
+	/**
+	 * Initialize cipher
+	 *
+	 * @param key Key bits
+	 * @param iv 64-bit initialization vector
+	 */
+	inline void init(const void *key,const void *iv)
+	{
+		memcpy(_k,key,32);
+		memcpy(&_iv,iv,8);
+	}
+
+	/**
+	 * Encrypt/decrypt data using Salsa20/12
+	 *
+	 * @param in Input data
+	 * @param out Output buffer
+	 * @param bytes Length of data
+	 */
+	inline void crypt12(const void *in,void *out,unsigned int bytes)
+	{
+		crypto_stream_salsa2012_xor(reinterpret_cast<unsigned char *>(out),reinterpret_cast<const unsigned char *>(in),bytes,reinterpret_cast<const unsigned char *>(&_iv),reinterpret_cast<const unsigned char *>(_k));
+	}
+
+	/**
+	 * Encrypt/decrypt data using Salsa20/20
+	 *
+	 * @param in Input data
+	 * @param out Output buffer
+	 * @param bytes Length of data
+	 */
+	inline void crypt20(const void *in,void *out,unsigned int bytes)
+	{
+		crypto_stream_salsa20_xor(reinterpret_cast<unsigned char *>(out),reinterpret_cast<const unsigned char *>(in),bytes,reinterpret_cast<const unsigned char *>(&_iv),reinterpret_cast<const unsigned char *>(_k));
+	}
+
+private:
+	uint64_t _k[4];
+	uint64_t _iv;
+};
+
+} // namespace ZeroTier
+
+#else // !ZT_USE_LIBSODIUM
+
 #if (!defined(ZT_SALSA20_SSE)) && (defined(__SSE2__) || defined(__WINDOWS__))
 #define ZT_SALSA20_SSE 1
 #endif
@@ -30,30 +102,25 @@ namespace ZeroTier {
 class Salsa20
 {
 public:
-	Salsa20() throw() {}
-
+	Salsa20() {}
 	~Salsa20() { Utils::burn(&_state,sizeof(_state)); }
 
 	/**
-	 * @param key Key bits
-	 * @param kbits Number of key bits: 128 or 256 (recommended)
+	 * @param key 256-bit (32 byte) key
 	 * @param iv 64-bit initialization vector
 	 */
-	Salsa20(const void *key,unsigned int kbits,const void *iv)
-		throw()
+	Salsa20(const void *key,const void *iv)
 	{
-		init(key,kbits,iv);
+		init(key,iv);
 	}
 
 	/**
 	 * Initialize cipher
 	 *
 	 * @param key Key bits
-	 * @param kbits Number of key bits: 128 or 256 (recommended)
 	 * @param iv 64-bit initialization vector
 	 */
-	void init(const void *key,unsigned int kbits,const void *iv)
-		throw();
+	void init(const void *key,const void *iv);
 
 	/**
 	 * Encrypt/decrypt data using Salsa20/12
@@ -62,8 +129,7 @@ public:
 	 * @param out Output buffer
 	 * @param bytes Length of data
 	 */
-	void crypt12(const void *in,void *out,unsigned int bytes)
-		throw();
+	void crypt12(const void *in,void *out,unsigned int bytes);
 
 	/**
 	 * Encrypt/decrypt data using Salsa20/20
@@ -72,8 +138,7 @@ public:
 	 * @param out Output buffer
 	 * @param bytes Length of data
 	 */
-	void crypt20(const void *in,void *out,unsigned int bytes)
-		throw();
+	void crypt20(const void *in,void *out,unsigned int bytes);
 
 private:
 	union {
@@ -86,4 +151,6 @@ private:
 
 } // namespace ZeroTier
 
+#endif // ZT_USE_LIBSODIUM
+
 #endif

node/Utils.cpp

@@ -156,7 +156,7 @@ void Utils::getSecureRandom(void *buf,unsigned int bytes)
 		s20Key[1] = (uint64_t)buf; // address of buf
 		s20Key[2] = (uint64_t)s20Key; // address of s20Key[]
 		s20Key[3] = (uint64_t)&s20; // address of s20
-		s20.init(s20Key,256,s20Key);
+		s20.init(s20Key,s20Key);
 	}
 
 #ifdef __WINDOWS__

selftest.cpp

@@ -153,16 +153,16 @@ static int testCrypto()
 		memset(buf2,0,sizeof(buf2));
 		memset(buf3,0,sizeof(buf3));
 		Salsa20 s20;
-		s20.init("12345678123456781234567812345678",256,"12345678");
+		s20.init("12345678123456781234567812345678","12345678");
 		s20.crypt20(buf1,buf2,sizeof(buf1));
-		s20.init("12345678123456781234567812345678",256,"12345678");
+		s20.init("12345678123456781234567812345678","12345678");
 		s20.crypt20(buf2,buf3,sizeof(buf2));
 		if (memcmp(buf1,buf3,sizeof(buf1))) {
 			std::cout << "FAIL (encrypt/decrypt test)" << std::endl;
 			return -1;
 		}
 	}
-	Salsa20 s20(s20TV0Key,256,s20TV0Iv);
+	Salsa20 s20(s20TV0Key,s20TV0Iv);
 	memset(buf1,0,sizeof(buf1));
 	memset(buf2,0,sizeof(buf2));
 	s20.crypt20(buf1,buf2,64);
@@ -170,7 +170,7 @@ static int testCrypto()
 		std::cout << "FAIL (test vector 0)" << std::endl;
 		return -1;
 	}
-	s20.init(s2012TV0Key,256,s2012TV0Iv);
+	s20.init(s2012TV0Key,s2012TV0Iv);
 	memset(buf1,0,sizeof(buf1));
 	memset(buf2,0,sizeof(buf2));
 	s20.crypt12(buf1,buf2,64);
@@ -191,7 +191,7 @@ static int testCrypto()
 		unsigned char *bb = (unsigned char *)::malloc(1234567);
 		for(unsigned int i=0;i<1234567;++i)
 			bb[i] = (unsigned char)i;
-		Salsa20 s20(s20TV0Key,256,s20TV0Iv);
+		Salsa20 s20(s20TV0Key,s20TV0Iv);
 		double bytes = 0.0;
 		uint64_t start = OSUtils::now();
 		for(unsigned int i=0;i<200;++i) {
@@ -209,7 +209,7 @@ static int testCrypto()
 		unsigned char *bb = (unsigned char *)::malloc(1234567);
 		for(unsigned int i=0;i<1234567;++i)
 			bb[i] = (unsigned char)i;
-		Salsa20 s20(s20TV0Key,256,s20TV0Iv);
+		Salsa20 s20(s20TV0Key,s20TV0Iv);
 		double bytes = 0.0;
 		uint64_t start = OSUtils::now();
 		for(unsigned int i=0;i<200;++i) {