Added tweetnacl extension

SquiLu-ext/randombytes.c

@@ -0,0 +1,33 @@
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+/* it's really stupid that there isn't a syscall for this */
+
+static int fd = -1;
+
+void randombytes(unsigned char *x,unsigned long long xlen) {
+  int i;
+
+  if (fd == -1) {
+    for (;;) {
+      fd = open("/dev/urandom",O_RDONLY);
+      if (fd != -1) break;
+      sleep(1);
+    }
+  }
+
+  while (xlen > 0) {
+    if (xlen < 1048576) i = (int)xlen; else i = 1048576;
+
+    i = (int)read(fd,x,i);
+    if (i < 1) {
+      sleep(1);
+      continue;
+    }
+
+    x += i;
+    xlen -= i;
+  }
+}

SquiLu-ext/randombytes.h

@@ -0,0 +1,24 @@
+/*
+randombytes/devurandom.h version 20080713
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef randombytes_devurandom_H
+#define randombytes_devurandom_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern void randombytes(unsigned char *,unsigned long long);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef randombytes_implementation
+#define randombytes_implementation "devurandom"
+#endif
+
+#endif

SquiLu-ext/sq_tweetnacl.cpp

@@ -0,0 +1,968 @@
+#include <squirrel.h>
+#include <stdint.h>
+#include <string.h>
+extern "C" {
+#include "tweetnacl.h"
+#include "randombytes.h"
+}
+
+typedef unsigned char* puc;
+typedef const puc cpuc;
+
+/* API: a = crypto_onetimeauth(m,k); */
+static SQRESULT sq_crypto_onetimeauth(HSQUIRRELVM v) {
+	const SQChar *m, *k;
+	SQInteger msize = 0, ksize = 0;
+	SQRESULT rc = 0;
+	if((rc = sq_getstr_and_size(v,2, &m, &msize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &k, &ksize)) != SQ_OK) return rc;
+
+	if (ksize != crypto_onetimeauth_KEYBYTES) return sq_throwerror(v, _SC("incorrect key length"));
+
+	SQChar *buffer = sq_getscratchpad(v, crypto_onetimeauth_BYTES);
+	if (!buffer) return sq_throwerror(v, _SC("could not allocate memory"));
+	crypto_onetimeauth((puc)buffer, (cpuc)m, msize, (cpuc)k);
+	sq_pushstring(v, buffer, crypto_onetimeauth_BYTES);
+	return 1;
+}
+/*
+const char pycrypto_onetimeauth__doc__[]=
+"crypto_onetimeauth(m,k) -> a\n\n\
+The crypto_onetimeauth function authenticates a message m\n\
+using a secret key k. The function returns an authenticator a.\n\
+The authenticator length is always crypto_onetimeauth_BYTES.\n\
+The function raises an exception if len(k) is not crypto_onetimeauth_KEYBYTES.\n\
+This uses Poly1305.\n\
+";
+*/
+
+/* API: crypto_onetimeauth_verify(a,m,k); */
+static SQRESULT sq_crypto_onetimeauth_verify(HSQUIRRELVM v) {
+
+	const SQChar *m, *k, *a;
+	SQInteger msize = 0, ksize = 0, alen = 0;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getstr_and_size(v,2, &a, &alen)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &m, &msize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,4, &k, &ksize)) != SQ_OK) return rc;
+
+	if (alen != crypto_onetimeauth_BYTES) return sq_throwerror(v, _SC("incorrect authenticator length"));
+	if (ksize != crypto_onetimeauth_KEYBYTES) return sq_throwerror(v, _SC("incorrect key length"));
+	if (crypto_onetimeauth_verify((cpuc)a, (cpuc)m, msize, (cpuc)k) != 0) return sq_throwerror(v, _SC("invalid authenticator"));
+
+	sq_pushbool(v, SQTrue);
+	return 1;
+}
+/*
+const char pycrypto_onetimeauth_verify__doc__[]=
+"crypto_onetimeauth_verify(a,m,k)\n\n\
+The crypto_onetimeauth_verify function checks that:\n\
+  len(k) is crypto_onetimeauth_KEYBYTES;\n\
+  len(a) is crypto_onetimeauth_BYTES;\n\
+  and a is a correct authenticator of a message m under the secret key k.\n\
+If any of these checks fail, the function raises an exception.\n\
+This uses Poly1305.\n\
+";
+*/
+
+/* API: h = crypto_hash(m); */
+static SQRESULT sq_crypto_hash(HSQUIRRELVM v) {
+
+	const SQChar *m;
+	SQInteger msize = 0;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getstr_and_size(v,2, &m, &msize)) != SQ_OK) return rc;
+
+	SQChar *buffer = sq_getscratchpad(v, crypto_hash_BYTES);
+	if (!buffer) return sq_throwerror(v, _SC("could not allocate memory"));
+
+	crypto_hash((puc)buffer, (cpuc)m, msize);
+
+	sq_pushstring(v, buffer, crypto_hash_BYTES);
+	return 1;
+}
+/*
+const char pycrypto_hash__doc__[]=
+"crypto_hash(m) -> h\n\n\
+The crypto_hash function hashes a message m.\n\
+It returns a hash h. The output length len(h) is always crypto_hash_BYTES.\n\
+This uses SHA512.\n\
+";
+*/
+
+/* API: crypto_verify_16(x,y); */
+static SQRESULT sq_crypto_verify_16(HSQUIRRELVM v) {
+
+	const SQChar *x, *y;
+	SQInteger xlen = 0, ylen = 0;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getstr_and_size(v,2, &x, &xlen)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &y, &ylen)) != SQ_OK) return rc;
+
+	if (xlen != crypto_verify_16_BYTES) return sq_throwerror(v, _SC("incorrect x-string length"));
+	if (ylen != crypto_verify_16_BYTES) return sq_throwerror(v, _SC("incorrect y-string length"));
+	if (crypto_verify_16((cpuc)x, (cpuc)y) != 0) return sq_throwerror(v, _SC("strings doesn't match"));
+
+	sq_pushbool(v, SQTrue);
+	return 1;
+}
+/*
+const char pycrypto_verify_16__doc__[]=
+"crypto_verify_16(x,y)\n\n\
+The crypto_verify_16 function checks that:\n\
+  len(x) is crypto_verify_16_BYTES;\n\
+  len(y) is crypto_verify_16_BYTES;\n\
+  and check if strings x and y has same content.\n\
+If any of these checks fail, the function raises an exception.\n\
+The time taken by crypto_verify_16 is independent of the contents of x and y.\n\
+";
+*/
+
+/* API: crypto_verify_32(x,y); */
+static SQRESULT sq_crypto_verify_32(HSQUIRRELVM v) {
+
+	const SQChar *x, *y;
+	SQInteger xlen = 0, ylen = 0;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getstr_and_size(v,2, &x, &xlen)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &y, &ylen)) != SQ_OK) return rc;
+
+	if (xlen != crypto_verify_32_BYTES) return sq_throwerror(v, _SC("incorrect x-string length"));
+	if (ylen != crypto_verify_32_BYTES) return sq_throwerror(v, _SC("incorrect y-string length"));
+	if (crypto_verify_32((cpuc)x, (cpuc)y) != 0) return sq_throwerror(v, _SC("strings doesn't match"));
+
+	sq_pushbool(v, SQTrue);
+	return 1;
+}
+/*
+const char pycrypto_verify_32__doc__[]=
+"crypto_verify_32(x,y)\n\n\
+The crypto_verify_32 function checks that:\n\
+  len(x) is crypto_verify_32_BYTES;\n\
+  len(y) is crypto_verify_32_BYTES;\n\
+  and check if strings x and y has same content.\n\
+If any of these checks fail, the function raises an exception.\n\
+The time taken by crypto_verify_32 is independent of the contents of x and y.\n\
+";
+*/
+
+/* API: crypto_scalarmult(n,p); */
+static SQRESULT sq_crypto_scalarmult(HSQUIRRELVM v) {
+
+	const SQChar *n, *p;
+	SQInteger nlen = 0, plen = 0;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getstr_and_size(v,2, &n, &nlen)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &p, &plen)) != SQ_OK) return rc;
+
+	if (nlen != crypto_scalarmult_SCALARBYTES) return sq_throwerror(v, _SC("incorrect scalar length"));
+	if (plen != crypto_scalarmult_BYTES) return sq_throwerror(v, _SC("incorrect element length"));
+
+	SQChar *buffer = sq_getscratchpad(v, crypto_scalarmult_BYTES);
+	if (!buffer) return sq_throwerror(v, _SC("could not allocate memory"));
+
+	crypto_scalarmult((puc)buffer, (cpuc)n, (cpuc)p);
+
+	sq_pushstring(v, buffer, crypto_scalarmult_BYTES);
+	return 1;
+}
+/*
+const char pycrypto_scalarmult__doc__[]=
+"crypto_scalarmult(n,p) -> q\n\n\
+This function multiplies a group element p by an integer n.\n\
+It returns the resulting group element q of length crypto_scalarmult_BYTES.\n\
+The function raises an exception if len(p) is not crypto_scalarmult_BYTES.\n\
+It also raises an exception if len(n) is not crypto_scalarmult_SCALARBYTES.\n\
+This uses Curve25519.\n\
+";
+*/
+
+/* API: crypto_scalarmult_base(n); */
+static SQRESULT sq_crypto_scalarmult_base(HSQUIRRELVM v) {
+
+	const SQChar *n;
+	SQInteger nlen = 0;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getstr_and_size(v,2, &n, &nlen)) != SQ_OK) return rc;
+
+	if (nlen != crypto_scalarmult_SCALARBYTES) return sq_throwerror(v, _SC("incorrect scalar length"));
+
+	SQChar *buffer = sq_getscratchpad(v, crypto_scalarmult_BYTES);
+	if (!buffer) return sq_throwerror(v, _SC("could not allocate memory"));
+
+	crypto_scalarmult_base((puc)buffer, (cpuc)n);
+	sq_pushstring(v, buffer, crypto_scalarmult_BYTES);
+	return 1;
+}
+/*
+const char pycrypto_scalarmult_base__doc__[]=
+"crypto_scalarmult_base(n,p) -> q\n\n\
+The crypto_scalarmult_base function computes\n\
+the scalar product of a standard group element and an integer n.\n\
+It returns the resulting group element q of length crypto_scalarmult_BYTES.\n\
+It raises an exception if len(n) is not crypto_scalarmult_SCALARBYTES.\n\
+This uses Curve25519 and the standard base point '9'.\n\
+";
+*/
+
+/* API: c = crypto_stream(clen,n,k); */
+static SQRESULT sq_crypto_stream(HSQUIRRELVM v) {
+
+	const SQChar *n, *k;
+	SQInteger nsize = 0, ksize = 0, clen = 0;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getinteger(v,2, &clen)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &n, &nsize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,4, &k, &ksize)) != SQ_OK) return rc;
+
+	if (nsize != crypto_stream_NONCEBYTES) return sq_throwerror(v, _SC("incorrect nonce length"));
+	if (ksize != crypto_stream_KEYBYTES) return sq_throwerror(v, _SC("incorrect key length"));
+	if (clen < 0) return sq_throwerror(v, _SC("incorrect clen"));
+
+	SQChar *buffer = sq_getscratchpad(v, clen);
+	if (!buffer) return sq_throwerror(v, _SC("could not allocate memory"));
+
+	crypto_stream((puc)buffer, clen, (cpuc)n, (cpuc)k);
+
+	sq_pushstring(v, buffer, clen);
+	return 1;
+}
+/*
+const char pycrypto_stream__doc__[]=
+"crypto_stream(clen,n,k) -> c\n\n\
+The crypto_stream function produces a clen-byte stream c\n\
+as a function of a secret key k and a nonce n.\n\
+The function raises an exception:\n\
+  if len(k) is not crypto_stream_KEYBYTES;\n\
+  if len(n) is not crypto_stream_NONCEBYTES;\n\
+  if clen is smaller than 0.\n\
+This uses XSalsa20, with a 24-byte nonce.\n\
+";
+*/
+
+/* API: c = crypto_stream_xor(m,n,k); */
+static SQRESULT sq_crypto_stream_xor(HSQUIRRELVM v) {
+
+	const SQChar *m, *n, *k;
+	SQInteger msize = 0, nsize = 0, ksize = 0;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getstr_and_size(v,2, &m, &msize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &n, &nsize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,4, &k, &ksize)) != SQ_OK) return rc;
+
+	if (nsize != crypto_stream_NONCEBYTES) return sq_throwerror(v, _SC("incorrect nonce length"));
+	if (ksize != crypto_stream_KEYBYTES) return sq_throwerror(v, _SC("incorrect key length"));
+
+	SQChar *buffer = sq_getscratchpad(v, msize);
+	if (!buffer) return sq_throwerror(v, _SC("could not allocate memory"));
+
+	crypto_stream_xor((puc)buffer, (cpuc)m, msize, (cpuc)n, (cpuc)k);
+	sq_pushstring(v, buffer, msize);
+	return 1;
+}
+/*
+const char pycrypto_stream_xor__doc__[]=
+"crypto_stream_xor(m,n,k) -> c\n\n\
+The crypto_stream_xor function encrypts a message m using a secret key k\n\
+and a nonce n. The crypto_stream_xor function returns the ciphertext c.\n\
+The function raises an exception:\n\
+  if len(k) is not crypto_stream_KEYBYTES;\n\
+  if len(n) is not crypto_stream_NONCEBYTES.\n\
+This uses XSalsa20, with a 24-byte nonce.\n\
+";
+*/
+
+/* API: sm = crypto_sign(m,sk); */
+static SQRESULT sq_crypto_sign(HSQUIRRELVM v) {
+
+	SQInteger mlen = 0, sksize = 0;
+	const SQChar *sk, *m;
+	unsigned long long smlen;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getstr_and_size(v,2, &m, &mlen)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &sk, &sksize)) != SQ_OK) return rc;
+
+	if (sksize != crypto_sign_SECRETKEYBYTES) return sq_throwerror(v, _SC("incorrect secret-key length"));
+
+	SQChar *buffer = sq_getscratchpad(v, mlen + crypto_sign_BYTES);
+	if (!buffer) return sq_throwerror(v, _SC("could not allocate memory"));
+
+	if (crypto_sign((puc)buffer, &smlen, (cpuc)m, mlen, (cpuc)sk) != 0)
+		return sq_throwerror(v, _SC("crypto_sign returns nonzero"));
+
+	sq_pushstring(v, buffer, smlen);
+	return 1;
+}
+/*
+const char pycrypto_sign__doc__[]=
+"crypto_sign(m,sk) -> sm\n\n\
+The crypto_sign function signs a message m using the sender's secret key sk.\n\
+The crypto_sign function returns the resulting signed message sm.\n\
+The function raises an exception if len(sk) is not crypto_sign_SECRETKEYBYTES.\n\
+This uses Ed25519.\n\
+";
+*/
+
+/* API: m = crypto_sign_open(sm,pk); */
+static SQRESULT sq_crypto_sign_open(HSQUIRRELVM v) {
+
+	const SQChar *sm, *pk;
+	SQInteger smlen=0, pksize=0;
+	unsigned long long mlen;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getstr_and_size(v,2, &sm, &smlen)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &pk, &pksize)) != SQ_OK) return rc;
+
+	if (pksize != crypto_sign_PUBLICKEYBYTES) return sq_throwerror(v, _SC("incorrect public-key length"));
+
+	SQChar *buffer = sq_getscratchpad(v, smlen);
+	if (!buffer) return sq_throwerror(v, _SC("could not allocate memory"));
+
+	if (crypto_sign_open((puc)buffer, &mlen, (cpuc)sm, smlen, (cpuc)pk) != 0)
+		return sq_throwerror(v, _SC("ciphertext fails verification"));
+
+	sq_pushstring(v, buffer, mlen);
+	return 1;
+}
+/*
+const char pycrypto_sign_open__doc__[]=
+"crypto_sign_open(sm,pk) -> m\n\n\
+The crypto_sign_open function verifies the signature in\n\
+sm using the receiver's secret key sk.\n\
+The crypto_sign_open function returns the message m.\n\n\
+If the signature fails verification, crypto_sign_open raises an exception.\n\
+The function also raises an exception if len(pk) is not crypto_sign_PUBLICKEYBYTES.\n\
+This uses Ed25519.\n\
+";
+*/
+
+/* API: (pk,sk) = crypto_sign_keypair(); */
+static SQRESULT sq_crypto_sign_keypair(HSQUIRRELVM v) {
+
+    const SQChar *seed;
+    SQInteger seedsize = 0;
+    unsigned char  *pk, *sk;
+
+    if(sq_gettop(v) > 1)
+    {
+        SQRESULT rc = 0;
+	    if((rc = sq_getstr_and_size(v,2, &seed, &seedsize)) != SQ_OK) return rc;
+	    if (seedsize != crypto_sign_SECRETKEYBYTES) return sq_throwerror(v, _SC("incorrect seed length"));
+    }
+
+    pk = (unsigned char *)sq_malloc(crypto_sign_PUBLICKEYBYTES);
+    if (!pk) return sq_throwerror(v, _SC("could not allocate memory"));
+
+    sk = (unsigned char *)sq_malloc(crypto_sign_SECRETKEYBYTES);
+    if (!sk) {
+        sq_free(pk, crypto_sign_PUBLICKEYBYTES);
+        return sq_throwerror(v, _SC("could not allocate memory"));
+    }
+
+    if(seedsize) memcpy(sk, seed, seedsize);
+
+    crypto_sign_keypair(pk, sk);
+    sq_newarray(v, 2);
+    sq_pushstring(v, (const SQChar*)pk, crypto_sign_PUBLICKEYBYTES);
+    sq_arrayset(v, -2, 0);
+    sq_pushstring(v, (const SQChar*)sk, crypto_sign_SECRETKEYBYTES);
+    sq_arrayset(v, -2, 1);
+
+    sq_free(pk, crypto_sign_PUBLICKEYBYTES);
+    sq_free(sk, crypto_sign_SECRETKEYBYTES);
+
+    return 1;
+}
+/*
+const char pycrypto_sign_keypair__doc__[]=
+"crypto_sign_keypair() -> (pk,sk)\n\n\
+The crypto_sign_keypair function randomly generates a secret key and\n\
+a corresponding public key. It returns tuple containing the secret key in sk and\n\
+public key in pk.\n\
+It guarantees that sk has crypto_sign_SECRETKEYBYTES bytes\n\
+and that pk has crypto_sign_PUBLICKEYBYTES bytes.\n\
+This uses Ed25519.\n\
+";
+*/
+
+static SQRESULT sq_crypto_sign_keypair_from_seed(HSQUIRRELVM v) {
+
+	return sq_crypto_sign_keypair(v);
+}
+/*
+const char pycrypto_sign_keypair_from_seed__doc__[]=
+"crypto_sign_keypair_from_seed(seed) -> (pk,sk)\n\n\
+The crypto_sign_keypair_from_seed function generates a secret key and\n\
+a corresponding public key from a user-provded seed. It returns\n\
+a tuple containing the secret key in sk and\n\
+public key in pk.\n\
+It guarantees that sk has crypto_sign_SECRETKEYBYTES bytes\n\
+and that pk has crypto_sign_PUBLICKEYBYTES bytes.\n\
+This uses Ed25519.\n\
+";
+*/
+
+/* API: c = crypto_secretbox(m,n,k); */
+static SQRESULT sq_crypto_secretbox(HSQUIRRELVM v) {
+
+	const SQChar *m, *n, *k;
+	SQInteger msize = 0, nsize = 0, ksize = 0;
+	SQInteger i;
+	//    unsigned long long mlen;
+	SQInteger mlen;
+	unsigned char *mpad;
+	unsigned char *cpad;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getstr_and_size(v,2, &m, &msize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &n, &nsize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,4, &k, &ksize)) != SQ_OK) return rc;
+
+
+	if (nsize != crypto_secretbox_NONCEBYTES) return sq_throwerror(v, _SC("incorrect nonce length"));
+	if (ksize != crypto_secretbox_KEYBYTES) return sq_throwerror(v, _SC("incorrect key length"));
+
+	mlen = msize + crypto_secretbox_ZEROBYTES;
+	mpad = (unsigned char *)sq_malloc(mlen);
+	if (!mpad) return sq_throwerror(v, _SC("could not allocate memory"));
+	cpad = (unsigned char *)sq_malloc(mlen);
+	if (!cpad) {
+		sq_free(mpad, mlen);
+		return sq_throwerror(v, _SC("could not allocate memory"));
+	}
+
+	for (i = 0; i < crypto_secretbox_ZEROBYTES; ++i) mpad[i] = 0;
+	for (i = crypto_secretbox_ZEROBYTES; i < mlen; ++i) mpad[i] = m[i - crypto_secretbox_ZEROBYTES];
+
+	crypto_secretbox(cpad, mpad, mlen, (cpuc)n, (cpuc)k);
+
+	sq_pushstring(v, (const SQChar*)cpad + crypto_secretbox_BOXZEROBYTES, mlen - crypto_secretbox_BOXZEROBYTES);
+
+	sq_free(mpad, mlen);
+	sq_free(cpad, mlen);
+	return 1;
+}
+/*
+const char pycrypto_secretbox__doc__[]=
+"crypto_secretbox(m,n,k) -> c\n\n\
+The crypto_secretbox function encrypts and authenticates\n\
+a message m using a secret key k and a nonce n. \n\
+The crypto_secretbox function returns the resulting ciphertext c. \n\
+The function raises an exception if len(k) is not crypto_secretbox_KEYBYTES.\n\
+The function also raises an exception if len(n) is not crypto_secretbox_NONCEBYTES.\n\
+This uses XSalsa20 (with a 24-byte nonce) and a 16-byte Poly1305 MAC.\n\
+";
+*/
+
+/* API: m = crypto_secretbox_open(c,n,k); */
+static SQRESULT sq_crypto_secretbox_open(HSQUIRRELVM v) {
+
+	const SQChar *c, *n, *k;
+	SQInteger csize = 0, nsize = 0, ksize = 0;
+	long long i;
+	SQInteger clen;
+	unsigned char *mpad;
+	unsigned char *cpad;
+	SQRESULT rc = 1;
+
+	if((rc = sq_getstr_and_size(v,2, &c, &csize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &n, &nsize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,4, &k, &ksize)) != SQ_OK) return rc;
+
+	if (nsize != crypto_secretbox_NONCEBYTES) return sq_throwerror(v, _SC("incorrect nonce length"));
+	if (ksize != crypto_secretbox_KEYBYTES) return sq_throwerror(v, _SC("incorrect key length"));
+
+	clen = csize + crypto_secretbox_BOXZEROBYTES;
+
+	mpad = (unsigned char *)sq_malloc(clen);
+	if (!mpad) return sq_throwerror(v, _SC("could not allocate memory"));
+	cpad = (unsigned char *)sq_malloc(clen);
+	if (!cpad) {
+		sq_free(mpad, clen);
+		return sq_throwerror(v, _SC("could not allocate memory"));
+	}
+
+	for (i = 0; i < crypto_secretbox_BOXZEROBYTES; ++i) cpad[i] = 0;
+	for (i = crypto_secretbox_BOXZEROBYTES; i < clen; ++i) cpad[i] = c[i - crypto_secretbox_BOXZEROBYTES];
+
+	if (crypto_secretbox_open(mpad, cpad, clen, (cpuc)n, (cpuc)k) != 0) {
+		rc = sq_throwerror(v, _SC("ciphertext fails verification"));
+		goto done;
+	}
+	if (clen < crypto_secretbox_ZEROBYTES) {
+		rc =  sq_throwerror(v, _SC("ciphertext too short"));
+		goto done;
+	}
+
+	sq_pushstring(v, (const SQChar*)mpad + crypto_secretbox_BOXZEROBYTES, clen - crypto_secretbox_BOXZEROBYTES);
+	rc = 1;
+
+done:
+	sq_free(mpad, clen);
+	sq_free(cpad, clen);
+	return rc;
+}
+/*
+const char pycrypto_secretbox_open__doc__[]=
+"crypto_secretbox_open(c,n,k) -> m\n\n\
+The crypto_secretbox_open function verifies and decrypts \n\
+a ciphertext c using a secret key k and a nonce n.\n\
+The crypto_secretbox_open function returns the resulting plaintext m.\n\
+If the ciphertext fails verification, crypto_secretbox_open raises an exception.\n\
+The function also raises an exception if len(k) is not crypto_secretbox_KEYBYTES,\n\
+or if len(n) is not crypto_secretbox_NONCEBYTES.\n\
+This uses XSalsa20 (with a 24-byte nonce) and a 16-byte Poly1305 MAC.\n\
+";
+*/
+
+/* C API: c = crypto_box(m,n,pk,sk); */
+static SQRESULT sq_crypto_box(HSQUIRRELVM v) {
+
+	const SQChar *m, *n, *pk, *sk;
+	SQInteger msize = 0, nsize = 0, pksize = 0, sksize = 0;
+	long long i;
+	SQInteger mlen;
+	unsigned char *mpad;
+	unsigned char *cpad;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getstr_and_size(v,2, &m, &msize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &n, &nsize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,4, &pk, &pksize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,5, &sk, &sksize)) != SQ_OK) return rc;
+
+	if (nsize != crypto_box_NONCEBYTES) return sq_throwerror(v, _SC("incorrect nonce length"));
+	if (pksize != crypto_box_PUBLICKEYBYTES) return sq_throwerror(v, _SC("incorrect public-key length"));
+	if (sksize != crypto_box_SECRETKEYBYTES) return sq_throwerror(v, _SC("incorrect secret-key length"));
+
+	mlen = msize + crypto_box_ZEROBYTES;
+	mpad = (unsigned char *)sq_malloc(mlen);
+	if (!mpad) return sq_throwerror(v, _SC("could not allocate memory"));
+	cpad = (unsigned char *)sq_malloc(mlen);
+	if (!cpad) {
+		sq_free(mpad, mlen);
+		return sq_throwerror(v, _SC("could not allocate memory"));
+	}
+
+	for (i = 0; i < crypto_box_ZEROBYTES; ++i) mpad[i] = 0;
+	for (i = crypto_box_ZEROBYTES; i < mlen; ++i) mpad[i] = m[i - crypto_box_ZEROBYTES];
+
+	crypto_box(cpad, mpad, mlen, (cpuc)n, (cpuc)pk, (cpuc)sk);
+
+	sq_pushstring(v, (const SQChar*)cpad + crypto_box_BOXZEROBYTES, mlen - crypto_box_BOXZEROBYTES);
+
+	sq_free(mpad, mlen);
+	sq_free(cpad, mlen);
+	return 1;
+}
+/*
+const char pycrypto_box__doc__[]=
+"crypto_box(m,n,pk,sk) -> c\n\n\
+The crypto_box function encrypts and authenticates a message m\n\
+using the sender's secret key sk, the receiver's public key pk,\n\
+and a nonce n. The crypto_box function returns the resulting ciphertext c.\n\
+The function raises an exception if len(sk) is not crypto_box_SECRETKEYBYTES\n\
+or if len(pk) is not crypto_box_PUBLICKEYBYTES\n\
+or if len(n) is not crypto_box_NONCEBYTES.\n\
+This uses Curve25519, XSalsa20 (with a 24-byte nonce) and a 16-byte Poly1305 MAC.\n\
+";
+*/
+
+/* API: m = crypto_box_open(c,n,pk,sk); */
+static SQRESULT sq_crypto_box_open(HSQUIRRELVM v) {
+
+	const SQChar *c, *n, *pk, *sk;
+	SQInteger csize = 0, nsize = 0, pksize = 0, sksize = 0;
+	long long i;
+	SQInteger clen;
+	unsigned char *mpad;
+	unsigned char *cpad;
+	SQRESULT rc = 1;
+
+	if((rc = sq_getstr_and_size(v,2, &c, &csize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &n, &nsize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,4, &pk, &pksize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,5, &sk, &sksize)) != SQ_OK) return rc;
+
+	if (nsize != crypto_box_NONCEBYTES) return sq_throwerror(v, _SC("incorrect nonce length"));
+	if (pksize != crypto_box_PUBLICKEYBYTES) return sq_throwerror(v, _SC("incorrect public-key length"));
+	if (sksize != crypto_box_SECRETKEYBYTES) return sq_throwerror(v, _SC("incorrect secret-key length"));
+
+	clen = csize + crypto_box_BOXZEROBYTES;
+	mpad = (unsigned char *)sq_malloc(clen);
+	if (!mpad) return sq_throwerror(v, _SC("could not allocate memory"));
+	cpad = (unsigned char *)sq_malloc(clen);
+	if (!cpad) {
+		sq_free(mpad, clen);
+		return sq_throwerror(v, _SC("could not allocate memory"));
+	}
+
+	for (i = 0; i < crypto_box_BOXZEROBYTES; ++i) cpad[i] = 0;
+	for (i = crypto_box_BOXZEROBYTES; i < clen; ++i) cpad[i] = c[i - crypto_box_BOXZEROBYTES];
+
+	if (crypto_box_open(mpad, cpad, clen, (cpuc)n, (cpuc)pk, (cpuc)sk) != 0) {
+		rc = sq_throwerror(v, _SC("ciphertext fails verification"));
+		goto done;
+	}
+	if (clen < crypto_box_ZEROBYTES) {
+		rc =  sq_throwerror(v, _SC("ciphertext too short"));
+		goto done;
+	}
+
+	sq_pushstring(v, (const SQChar*)mpad + crypto_box_ZEROBYTES, clen - crypto_box_ZEROBYTES);
+	rc = 1;
+
+done:
+	sq_free(mpad, clen);
+	sq_free(cpad, clen);
+	return rc;
+}
+/*
+const char pycrypto_box_open__doc__[]=
+"crypto_box_open(c,n,pk,sk) -> m\n\n\
+The crypto_box_open function verifies and decrypts\n\
+a ciphertext c using the receiver's secret key sk,\n\
+the sender's public key pk, and a nonce n.\n\
+The crypto_box_open function returns the resulting plaintext m.\n\
+The function raises an exception if len(sk) is not crypto_box_SECRETKEYBYTES\n\
+or if len(pk) is not crypto_box_PUBLICKEYBYTES\n\
+or if len(n) is not crypto_box_NONCEBYTES.\n\
+This uses Curve25519, XSalsa20 (with a 24-byte nonce) and a 16-byte Poly1305 MAC.\n\
+";
+*/
+
+/* API: (pk,sk) = crypto_box_keypair(); */
+static SQRESULT sq_crypto_box_keypair(HSQUIRRELVM v) {
+
+	SQChar *pk, *sk;
+
+	pk = (SQChar*)sq_malloc(crypto_box_PUBLICKEYBYTES);
+	if (!pk) return sq_throwerror(v, _SC("could not allocate memory"));
+	sk = (SQChar *)sq_malloc(crypto_box_SECRETKEYBYTES);
+	if (!sk) {
+		sq_free(pk, crypto_box_PUBLICKEYBYTES);
+		return sq_throwerror(v, _SC("could not allocate memory"));
+	}
+
+	crypto_box_keypair((puc)pk, (puc)sk);
+
+	sq_newarray(v, 2);
+	sq_pushstring(v, pk, crypto_box_PUBLICKEYBYTES);
+	sq_arrayset(v, -2, 0);
+	sq_pushstring(v, sk, crypto_box_SECRETKEYBYTES);
+	sq_arrayset(v, -2, 1);
+
+	sq_free(pk, crypto_box_PUBLICKEYBYTES);
+	sq_free(sk, crypto_box_SECRETKEYBYTES);
+
+	return 1;
+}
+/*
+const char pycrypto_box_keypair__doc__[]=
+"crypto_box_keypair() -> (pk,sk)\n\n\
+The crypto_box_keypair function randomly generates a secret key and\n\
+a corresponding public key. It returns tuple containing the secret key in sk and\n\
+public key in pk.\n\
+It guarantees that sk has crypto_box_SECRETKEYBYTES bytes\n\
+and that pk has crypto_box_PUBLICKEYBYTES bytes.\n\
+This uses Curve25519.\n\
+";
+*/
+
+/* API: s = crypto_box_beforenm(pk,sk); */
+static SQRESULT sq_crypto_box_beforenm(HSQUIRRELVM v) {
+
+	const SQChar *pk, *sk, *ret;
+	SQInteger pklen=0, sklen=0;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getstr_and_size(v,2, &pk, &pklen)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &sk, &sklen)) != SQ_OK) return rc;
+
+	if (pklen != crypto_box_PUBLICKEYBYTES) return sq_throwerror(v, _SC("incorrect public-key length"));
+	if (sklen != crypto_box_SECRETKEYBYTES) return sq_throwerror(v, _SC("incorrect secret-key length"));
+
+	ret = sq_getscratchpad(v, crypto_box_BEFORENMBYTES);
+	if (!ret) return sq_throwerror(v, _SC("could not allocate memory"));
+
+	crypto_box_beforenm((puc)ret, (cpuc)pk, (cpuc)sk);
+
+	sq_pushstring(v, ret, crypto_box_BEFORENMBYTES);
+
+	return 1;
+}
+/*
+const char pycrypto_box_beforenm__doc__[]=
+"crypto_box_beforenm(pk,sk) -> s\n\n\
+Function crypto_box_beforenm computes a shared secret s from \n\
+public key pk and secret key sk\n\
+The function raises an exception if len(sk) is not crypto_box_SECRETKEYBYTES.\n\
+It also raises an exception if len(pk) is not crypto_box_PUBLICKEYBYTES.\n\
+This uses Curve25519, XSalsa20 (with a 24-byte nonce) and a 16-byte Poly1305 MAC.\n\
+";
+*/
+
+/* API: c = crypto_box_afternm(m,n,k); */
+static SQRESULT sq_crypto_box_afternm(HSQUIRRELVM v) {
+
+	const SQChar *m, *n, *k;
+	SQInteger msize = 0, nsize = 0, ksize = 0;
+	long long i;
+	SQInteger mlen;
+	unsigned char *mpad;
+	unsigned char *cpad;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getstr_and_size(v,2, &m, &msize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &n, &nsize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,4, &k, &ksize)) != SQ_OK) return rc;
+
+	if (nsize != crypto_box_NONCEBYTES) return sq_throwerror(v, _SC("incorrect nonce length"));
+	if (ksize != crypto_box_BEFORENMBYTES) return sq_throwerror(v, _SC("incorrect key length"));
+
+	mlen = msize + crypto_box_ZEROBYTES;
+	mpad = (unsigned char *)sq_malloc(mlen);
+	if (!mpad) return sq_throwerror(v, _SC("could not allocate memory"));
+	cpad = (unsigned char *)sq_malloc(mlen);
+	if (!cpad) {
+		sq_free(mpad, mlen);
+		return sq_throwerror(v, _SC("could not allocate memory"));
+	}
+
+	for (i = 0; i < crypto_box_ZEROBYTES; ++i) mpad[i] = 0;
+	for (i = crypto_box_ZEROBYTES; i < mlen; ++i) mpad[i] = m[i - crypto_box_ZEROBYTES];
+
+	crypto_box_afternm(cpad, mpad, mlen, (cpuc)n, (cpuc)k);
+
+	sq_pushstring(v, (const SQChar*)cpad + crypto_box_BOXZEROBYTES, mlen - crypto_box_BOXZEROBYTES);
+
+	sq_free(mpad, mlen);
+	sq_free(cpad, mlen);
+	return 1;
+}
+/*
+const char pycrypto_box_afternm__doc__[]=
+"crypto_box_afternm(m,n,k) -> c\n\n\
+The crypto_box_afternm function encrypts and authenticates\n\
+a message m using a secret key k and a nonce n. \n\
+The crypto_box_afternm function returns the resulting ciphertext c. \n\
+The function raises an exception if len(k) is not crypto_box_BEFORENMBYTES.\n\
+The function also raises an exception if len(n) is not crypto_box_NONCEBYTES.\n\
+This uses Curve25519, XSalsa20 (with a 24-byte nonce) and a 16-byte Poly1305 MAC.\n\
+";
+*/
+
+/* API: m = crypto_box_open_afternm(c,n,k); */
+static SQRESULT sq_crypto_box_open_afternm(HSQUIRRELVM v) {
+
+	const SQChar *c, *n, *k;
+	SQInteger csize = 0, nsize = 0, ksize = 0;
+	long long i;
+	SQInteger clen;
+	unsigned char *mpad;
+	unsigned char *cpad;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getstr_and_size(v,2, &c, &csize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,3, &n, &nsize)) != SQ_OK) return rc;
+	if((rc = sq_getstr_and_size(v,4, &k, &ksize)) != SQ_OK) return rc;
+
+	if (nsize != crypto_box_NONCEBYTES) return sq_throwerror(v, _SC("incorrect nonce length"));
+	if (ksize != crypto_box_BEFORENMBYTES) return sq_throwerror(v, _SC("incorrect key length"));
+
+	clen = csize + crypto_box_BOXZEROBYTES;
+	mpad = (unsigned char *)sq_malloc(clen);
+	if (!mpad) return sq_throwerror(v, _SC("could not allocate memory"));
+	cpad = (unsigned char *)sq_malloc(clen);
+	if (!cpad) {
+		sq_free(mpad, clen);
+		return sq_throwerror(v, _SC("could not allocate memory"));
+	}
+
+	for (i = 0; i < crypto_box_BOXZEROBYTES; ++i) cpad[i] = 0;
+	for (i = crypto_box_BOXZEROBYTES; i < clen; ++i) cpad[i] = c[i - crypto_box_BOXZEROBYTES];
+
+	if (crypto_box_open_afternm(mpad, cpad, clen, (cpuc)n, (cpuc)k) != 0) {
+		rc = sq_throwerror(v, _SC("ciphertext fails verification"));
+		goto done;
+	}
+	if (clen < crypto_box_ZEROBYTES) {
+		rc =  sq_throwerror(v, _SC("ciphertext too short"));
+		goto done;
+	}
+
+	sq_pushstring(v, (const SQChar*)mpad + crypto_box_ZEROBYTES, clen - crypto_box_ZEROBYTES);
+    rc = 1;
+
+done:
+	sq_free(mpad, clen);
+	sq_free(cpad, clen);
+	return rc;
+}
+/*
+const char pycrypto_box_open_afternm__doc__[]=
+"crypto_box_open_afternm(c,n,k) -> m\n\n\
+The crypto_box_open_afternm function verifies and decrypts \n\
+a ciphertext c using a secret key k and a nonce n.\n\
+The crypto_box_open_afternm function returns the resulting plaintext m.\n\
+If the ciphertext fails verification, crypto_box_open_afternm raises an exception.\n\
+The function also raises an exception if len(k) is not crypto_box_BEFORENMBYTES,\n\
+or if len(n) is not crypto_box_NONCEBYTES.\n\
+This uses Curve25519, XSalsa20 (with a 24-byte nonce) and a 16-byte Poly1305 MAC.\n\
+";
+*/
+
+static SQRESULT sq_crypto_spk2epk(HSQUIRRELVM v) {
+
+	const SQChar *spk;
+	SQInteger spksize = 0;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getstr_and_size(v,2, &spk, &spksize)) != SQ_OK) return rc;
+
+	if (spksize != crypto_sign_PUBLICKEYBYTES) return sq_throwerror(v, _SC("incorrect public key length"));
+
+	SQChar *buffer = sq_getscratchpad(v, crypto_box_PUBLICKEYBYTES);
+	if (!buffer) return sq_throwerror(v, _SC("could not allocate memory"));
+
+	spk2epk((unsigned char *)buffer, (unsigned char *)spk);
+
+	sq_pushstring(v, buffer, crypto_box_PUBLICKEYBYTES);
+	return 1;
+}
+/*
+const char pyspk2epk__doc__[]=
+"spk2epk(spk) -> epk\n\n\
+The spk2epk function converts an ed25519 key (signing public key)\n\
+ to a corresponding curve25519 public key (encryption public key).";
+*/
+
+static SQRESULT sq_crypto_randombytes(HSQUIRRELVM v) {
+
+	SQInteger rsize = 0;
+	SQRESULT rc = 0;
+
+	if((rc = sq_getinteger(v,2, &rsize)) != SQ_OK) return rc;
+
+	SQChar *buffer = sq_getscratchpad(v, rsize);
+	if (!buffer) return sq_throwerror(v, _SC("could not allocate memory"));
+
+	randombytes((unsigned char *)buffer, rsize);
+
+	sq_pushstring(v, buffer, rsize);
+	return 1;
+}
+
+#define _DECL_FUNC(name,nparams,tycheck) {_SC("crypto_" #name),  sq_crypto_##name,nparams,tycheck}
+static SQRegFunction sq_tweetnacl_methods[] =
+{
+    _DECL_FUNC(onetimeauth,  3, _SC(".ss")),
+    _DECL_FUNC(onetimeauth_verify,  4, _SC(".sss")),
+    _DECL_FUNC(hash,  2, _SC(".s")),
+    _DECL_FUNC(verify_16,  3, _SC(".ss")),
+    _DECL_FUNC(verify_32,  3, _SC(".ss")),
+    _DECL_FUNC(scalarmult,  3, _SC(".ss")),
+    _DECL_FUNC(scalarmult_base,  3, _SC(".ss")),
+    _DECL_FUNC(stream,  4, _SC(".iss")),
+    _DECL_FUNC(stream_xor,  4, _SC(".sss")),
+    _DECL_FUNC(sign,  3, _SC(".ss")),
+    _DECL_FUNC(sign_open,  3, _SC(".ss")),
+    _DECL_FUNC(sign_keypair,  1, _SC(".")),
+    _DECL_FUNC(sign_keypair_from_seed,  2, _SC(".s")),
+    _DECL_FUNC(secretbox,  4, _SC(".sss")),
+    _DECL_FUNC(secretbox_open,  4, _SC(".sss")),
+    _DECL_FUNC(box,  5, _SC(".ssss")),
+    _DECL_FUNC(box_open,  5, _SC(".ssss")),
+    _DECL_FUNC(box_keypair,  1, _SC(".")),
+    _DECL_FUNC(box_beforenm,  3, _SC(".ss")),
+    _DECL_FUNC(box_afternm,  4, _SC(".sss")),
+    _DECL_FUNC(box_open_afternm,  4, _SC(".sss")),
+    _DECL_FUNC(spk2epk,  1, _SC(".s")),
+    _DECL_FUNC(randombytes,  2, _SC(".i")),
+    {0,0}
+};
+
+#undef _DECL_FUNC
+
+#define INT_CONST(v,num) 	sq_pushstring(v,_SC(#num),-1);sq_pushinteger(v,num);sq_newslot(v,-3,SQTrue);
+#define STR_CONST(v,str) 	sq_pushstring(v,_SC(#str),-1);sq_pushliteral(v,str);sq_newslot(v,-3,SQTrue);
+
+static void add_constants(HSQUIRRELVM v) {
+    STR_CONST(v, crypto_onetimeauth_PRIMITIVE);
+    STR_CONST(v, crypto_onetimeauth_IMPLEMENTATION);
+    STR_CONST(v, crypto_onetimeauth_VERSION);
+    INT_CONST(v, crypto_onetimeauth_BYTES);
+    INT_CONST(v, crypto_onetimeauth_KEYBYTES);
+    STR_CONST(v, crypto_hash_PRIMITIVE);
+    STR_CONST(v, crypto_hash_IMPLEMENTATION);
+    STR_CONST(v, crypto_hash_VERSION);
+    INT_CONST(v, crypto_hash_BYTES);
+    INT_CONST(v, crypto_verify_16_BYTES);
+    STR_CONST(v, crypto_verify_16_IMPLEMENTATION);
+    STR_CONST(v, crypto_verify_16_VERSION);
+    INT_CONST(v, crypto_verify_32_BYTES);
+    STR_CONST(v, crypto_verify_32_IMPLEMENTATION);
+    STR_CONST(v, crypto_verify_32_VERSION);
+    STR_CONST(v, crypto_scalarmult_PRIMITIVE);
+    STR_CONST(v, crypto_scalarmult_IMPLEMENTATION);
+    STR_CONST(v, crypto_scalarmult_VERSION);
+    INT_CONST(v, crypto_scalarmult_BYTES);
+    INT_CONST(v, crypto_scalarmult_SCALARBYTES);
+    STR_CONST(v, crypto_stream_PRIMITIVE);
+    STR_CONST(v, crypto_stream_IMPLEMENTATION);
+    STR_CONST(v, crypto_stream_VERSION);
+    INT_CONST(v, crypto_stream_KEYBYTES);
+    INT_CONST(v, crypto_stream_NONCEBYTES);
+    STR_CONST(v, crypto_sign_PRIMITIVE);
+    STR_CONST(v, crypto_sign_IMPLEMENTATION);
+    STR_CONST(v, crypto_sign_VERSION);
+    INT_CONST(v, crypto_sign_BYTES);
+    INT_CONST(v, crypto_sign_PUBLICKEYBYTES);
+    INT_CONST(v, crypto_sign_SECRETKEYBYTES);
+    STR_CONST(v, crypto_secretbox_PRIMITIVE);
+    STR_CONST(v, crypto_secretbox_IMPLEMENTATION);
+    STR_CONST(v, crypto_secretbox_VERSION);
+    INT_CONST(v, crypto_secretbox_KEYBYTES);
+    INT_CONST(v, crypto_secretbox_NONCEBYTES);
+    INT_CONST(v, crypto_secretbox_ZEROBYTES);
+    INT_CONST(v, crypto_secretbox_BOXZEROBYTES);
+    STR_CONST(v, crypto_box_PRIMITIVE);
+    STR_CONST(v, crypto_box_IMPLEMENTATION);
+    STR_CONST(v, crypto_box_VERSION);
+    INT_CONST(v, crypto_box_PUBLICKEYBYTES);
+    INT_CONST(v, crypto_box_SECRETKEYBYTES);
+    INT_CONST(v, crypto_box_BEFORENMBYTES);
+    INT_CONST(v, crypto_box_NONCEBYTES);
+    INT_CONST(v, crypto_box_ZEROBYTES);
+    INT_CONST(v, crypto_box_BOXZEROBYTES);
+    return;
+}
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    SQRESULT sqext_register_tweetnacl(HSQUIRRELVM v)
+    {
+        sq_pushstring(v,_SC("tweetnacl"),-1);
+        sq_newtable(v);
+	add_constants(v);
+	sq_insert_reg_funcs(v, sq_tweetnacl_methods);
+
+        sq_rawset(v,-3);//insert tweetnacl
+        return 1;
+    }
+
+#ifdef __cplusplus
+}
+#endif

SquiLu-ext/tweetnacl.c

@@ -0,0 +1,771 @@
+#include "tweetnacl.h"
+#define FOR(i,n) for (i = 0;i < n;++i)
+#define sv static void
+
+typedef unsigned long u32;
+typedef unsigned long long u64;
+typedef long long i64;
+typedef i64 gf[16];
+extern void randombytes(u8 *,u64);
+
+static const u8
+  _0[16],
+  _9[32] = {9};
+static const gf
+  gf0,
+  gf1 = {1},
+  _121665 = {0xDB41,1},
+  D = {0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203},
+  D2 = {0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406},
+  X = {0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169},
+  Y = {0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666},
+  I = {0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83};
+
+static u32 L32(u32 x,int c) { return (x << c) | ((x&0xffffffff) >> (32 - c)); }
+
+static u32 ld32(const u8 *x) {
+  u32 u = x[3];
+  u = (u<<8)|x[2];
+  u = (u<<8)|x[1];
+  return (u<<8)|x[0];
+}
+
+static u64 dl64(const u8 *x) {
+  u64 i,u=0;
+  FOR(i,8) u=(u<<8)|x[i];
+  return u;
+}
+
+sv st32(u8 *x,u32 u) {
+  int i;
+  FOR(i,4) { x[i] = u; u >>= 8; }
+}
+
+sv ts64(u8 *x,u64 u) {
+  int i;
+  for (i = 7;i >= 0;--i) { x[i] = u; u >>= 8; }
+}
+
+static int vn(const u8 *x,const u8 *y,int n) {
+  u32 i,d = 0;
+  FOR(i,n) d |= x[i]^y[i];
+  return (1 & ((d - 1) >> 8)) - 1;
+}
+
+int crypto_verify_16(const u8 *x,const u8 *y) {
+  return vn(x,y,16);
+}
+
+int crypto_verify_32(const u8 *x,const u8 *y)
+{
+  return vn(x,y,32);
+}
+
+sv core(u8 *out,const u8 *in,const u8 *k,const u8 *c,int h) {
+  u32 w[16],x[16],y[16],t[4];
+  int i,j,m;
+
+  FOR(i,4) {
+    x[5*i] = ld32(c+4*i);
+    x[1+i] = ld32(k+4*i);
+    x[6+i] = ld32(in+4*i);
+    x[11+i] = ld32(k+16+4*i);
+  }
+
+  FOR(i,16) y[i] = x[i];
+
+  FOR(i,20) {
+    FOR(j,4) {
+      FOR(m,4) t[m] = x[(5*j+4*m)%16];
+      t[1] ^= L32(t[0]+t[3], 7);
+      t[2] ^= L32(t[1]+t[0], 9);
+      t[3] ^= L32(t[2]+t[1],13);
+      t[0] ^= L32(t[3]+t[2],18);
+      FOR(m,4) w[4*j+(j+m)%4] = t[m];
+    }
+    FOR(m,16) x[m] = w[m];
+  }
+
+  if (h) {
+    FOR(i,16) x[i] += y[i];
+    FOR(i,4) {
+      x[5*i] -= ld32(c+4*i);
+      x[6+i] -= ld32(in+4*i);
+    }
+    FOR(i,4) {
+      st32(out+4*i,x[5*i]);
+      st32(out+16+4*i,x[6+i]);
+    }
+  } else
+    FOR(i,16) st32(out + 4 * i,x[i] + y[i]);
+}
+
+int crypto_core_salsa20(u8 *out,const u8 *in,const u8 *k,const u8 *c) {
+  core(out,in,k,c,0);
+  return 0;
+}
+
+int crypto_core_hsalsa20(u8 *out,const u8 *in,const u8 *k,const u8 *c) {
+  core(out,in,k,c,1);
+  return 0;
+}
+
+static const u8 sigma[16] = "expand 32-byte k";
+
+int crypto_stream_salsa20_xor(u8 *c,const u8 *m,u64 b,
+			      const u8 *n,const u8 *k) {
+  u8 z[16],x[64];
+  u32 u,i;
+  if (!b) return 0;
+  FOR(i,16) z[i] = 0;
+  FOR(i,8) z[i] = n[i];
+  while (b >= 64) {
+    crypto_core_salsa20(x,z,k,sigma);
+    FOR(i,64) c[i] = (m?m[i]:0) ^ x[i];
+    u = 1;
+    for (i = 8;i < 16;++i) {
+      u += (u32) z[i];
+      z[i] = u;
+      u >>= 8;
+    }
+    b -= 64;
+    c += 64;
+    if (m) m += 64;
+  }
+  if (b) {
+    crypto_core_salsa20(x,z,k,sigma);
+    FOR(i,b) c[i] = (m?m[i]:0) ^ x[i];
+  }
+  return 0;
+}
+
+int crypto_stream_salsa20(u8 *c,u64 d,const u8 *n,const u8 *k) {
+  return crypto_stream_salsa20_xor(c,0,d,n,k);
+}
+
+int crypto_stream(u8 *c,u64 d,const u8 *n,const u8 *k) {
+  u8 s[32];
+  crypto_core_hsalsa20(s,n,k,sigma);
+  return crypto_stream_salsa20(c,d,n+16,s);
+}
+
+int crypto_stream_xor(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *k) {
+  u8 s[32];
+  crypto_core_hsalsa20(s,n,k,sigma);
+  return crypto_stream_salsa20_xor(c,m,d,n+16,s);
+}
+
+sv add1305(u32 *h,const u32 *c) {
+  u32 j,u = 0;
+  FOR(j,17) {
+    u += h[j] + c[j];
+    h[j] = u & 255;
+    u >>= 8;
+  }
+}
+
+static const u32 minusp[17] = {
+  5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252
+} ;
+
+int crypto_onetimeauth(u8 *out,const u8 *m,u64 n,const u8 *k) {
+  u32 s,i,j,u,x[17],r[17],h[17],c[17],g[17];
+
+  FOR(j,17) r[j]=h[j]=0;
+  FOR(j,16) r[j]=k[j];
+  r[3]&=15;
+  r[4]&=252;
+  r[7]&=15;
+  r[8]&=252;
+  r[11]&=15;
+  r[12]&=252;
+  r[15]&=15;
+
+  while (n > 0) {
+    FOR(j,17) c[j] = 0;
+    for (j = 0;(j < 16) && (j < n);++j) c[j] = m[j];
+    c[j] = 1;
+    m += j; n -= j;
+    add1305(h,c);
+    FOR(i,17) {
+      x[i] = 0;
+      FOR(j,17) x[i] += h[j] * ((j <= i) ? r[i - j] : 320 * r[i + 17 - j]);
+    }
+    FOR(i,17) h[i] = x[i];
+    u = 0;
+    FOR(j,16) {
+      u += h[j];
+      h[j] = u & 255;
+      u >>= 8;
+    }
+    u += h[16]; h[16] = u & 3;
+    u = 5 * (u >> 2);
+    FOR(j,16) {
+      u += h[j];
+      h[j] = u & 255;
+      u >>= 8;
+    }
+    u += h[16]; h[16] = u;
+  }
+
+  FOR(j,17) g[j] = h[j];
+  add1305(h,minusp);
+  s = -(h[16] >> 7);
+  FOR(j,17) h[j] ^= s & (g[j] ^ h[j]);
+
+  FOR(j,16) c[j] = k[j + 16];
+  c[16] = 0;
+  add1305(h,c);
+  FOR(j,16) out[j] = h[j];
+  return 0;
+}
+
+int crypto_onetimeauth_verify(const u8 *h,const u8 *m,u64 n,const u8 *k) {
+  u8 x[16];
+  crypto_onetimeauth(x,m,n,k);
+  return crypto_verify_16(h,x);
+}
+
+int crypto_secretbox(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *k) {
+  int i;
+  if (d < 32) return -1;
+  crypto_stream_xor(c,m,d,n,k);
+  crypto_onetimeauth(c + 16,c + 32,d - 32,c);
+  FOR(i,16) c[i] = 0;
+  return 0;
+}
+
+int crypto_secretbox_open(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *k) {
+  int i;
+  u8 x[32];
+  if (d < 32) return -1;
+  crypto_stream(x,32,n,k);
+  if (crypto_onetimeauth_verify(c + 16,c + 32,d - 32,x) != 0) return -1;
+  crypto_stream_xor(m,c,d,n,k);
+  FOR(i,32) m[i] = 0;
+  return 0;
+}
+
+sv set25519(gf r, const gf a) {
+  int i;
+  FOR(i,16) r[i]=a[i];
+}
+
+sv car25519(gf o) {
+  int i;
+  i64 c;
+  FOR(i,16) {
+    o[i]+=(1LL<<16);
+    c=o[i]>>16;
+    o[(i+1)*(i<15)]+=c-1+37*(c-1)*(i==15);
+    o[i]-=c<<16;
+  }
+}
+
+sv sel25519(gf p,gf q,i64 b) {
+  i64 t,i,c=~(b-1);
+  FOR(i,16) {
+    t= c&(p[i]^q[i]);
+    p[i]^=t;
+    q[i]^=t;
+  }
+}
+
+sv pack25519(u8 *o,const gf n) {
+  int i,j,b;
+  gf m,t;
+  FOR(i,16) t[i]=n[i];
+  car25519(t);
+  car25519(t);
+  car25519(t);
+  FOR(j,2) {
+    m[0]=t[0]-0xffed;
+    for(i=1;i<15;i++) {
+      m[i]=t[i]-0xffff-((m[i-1]>>16)&1);
+      m[i-1]&=0xffff;
+    }
+    m[15]=t[15]-0x7fff-((m[14]>>16)&1);
+    b=(m[15]>>16)&1;
+    m[14]&=0xffff;
+    sel25519(t,m,1-b);
+  }
+  FOR(i,16) {
+    o[2*i]=t[i]&0xff;
+    o[2*i+1]=t[i]>>8;
+  }
+}
+
+static int neq25519(const gf a, const gf b) {
+  u8 c[32],d[32];
+  pack25519(c,a);
+  pack25519(d,b);
+  return crypto_verify_32(c,d);
+}
+
+static u8 par25519(const gf a) {
+  u8 d[32];
+  pack25519(d,a);
+  return d[0]&1;
+}
+
+sv unpack25519(gf o, const u8 *n) {
+  int i;
+  FOR(i,16) o[i]=n[2*i]+((i64)n[2*i+1]<<8);
+  o[15]&=0x7fff;
+}
+
+sv A(gf o,const gf a,const gf b) {
+  int i;
+  FOR(i,16) o[i]=a[i]+b[i];
+}
+
+sv Z(gf o,const gf a,const gf b) {
+  int i;
+  FOR(i,16) o[i]=a[i]-b[i];
+}
+
+sv M(gf o,const gf a,const gf b) {
+  i64 i,j,t[31];
+  FOR(i,31) t[i]=0;
+  FOR(i,16) FOR(j,16) t[i+j]+=a[i]*b[j];
+  FOR(i,15) t[i]+=38*t[i+16];
+  FOR(i,16) o[i]=t[i];
+  car25519(o);
+  car25519(o);
+}
+
+sv S(gf o,const gf a) {
+  M(o,a,a);
+}
+
+sv inv25519(gf o,const gf i) {
+  gf c;
+  int a;
+  FOR(a,16) c[a]=i[a];
+  for(a=253;a>=0;a--) {
+    S(c,c);
+    if(a!=2&&a!=4) M(c,c,i);
+  }
+  FOR(a,16) o[a]=c[a];
+}
+
+sv pow2523(gf o,const gf i) {
+  gf c;
+  int a;
+  FOR(a,16) c[a]=i[a];
+  for(a=250;a>=0;a--) {
+    S(c,c);
+    if(a!=1) M(c,c,i);
+  }
+  FOR(a,16) o[a]=c[a];
+}
+
+int crypto_scalarmult(u8 *q,const u8 *n,const u8 *p) {
+  u8 z[32];
+  i64 x[80],r,i;
+  gf a,b,c,d,e,f;
+  FOR(i,31) z[i]=n[i];
+  z[31]=(n[31]&127)|64;
+  z[0]&=248;
+  unpack25519(x,p);
+  FOR(i,16) {
+    b[i]=x[i];
+    d[i]=a[i]=c[i]=0;
+  }
+  a[0]=d[0]=1;
+  for(i=254;i>=0;--i) {
+    r=(z[i>>3]>>(i&7))&1;
+    sel25519(a,b,r);
+    sel25519(c,d,r);
+    A(e,a,c);
+    Z(a,a,c);
+    A(c,b,d);
+    Z(b,b,d);
+    S(d,e);
+    S(f,a);
+    M(a,c,a);
+    M(c,b,e);
+    A(e,a,c);
+    Z(a,a,c);
+    S(b,a);
+    Z(c,d,f);
+    M(a,c,_121665);
+    A(a,a,d);
+    M(c,c,a);
+    M(a,d,f);
+    M(d,b,x);
+    S(b,e);
+    sel25519(a,b,r);
+    sel25519(c,d,r);
+  }
+  FOR(i,16) {
+    x[i+16]=a[i];
+    x[i+32]=c[i];
+    x[i+48]=b[i];
+    x[i+64]=d[i];
+  }
+  inv25519(x+32,x+32);
+  M(x+16,x+16,x+32);
+  pack25519(q,x+16);
+  return 0;
+}
+
+int crypto_scalarmult_base(u8 *q,const u8 *n) { 
+  return crypto_scalarmult(q,n,_9);
+}
+
+int crypto_box_keypair(u8 *y,u8 *x) {
+  randombytes(x,32);
+  return crypto_scalarmult_base(y,x);
+}
+
+int crypto_box_beforenm(u8 *k,const u8 *y,const u8 *x) {
+  u8 s[32];
+  crypto_scalarmult(s,x,y);
+  return crypto_core_hsalsa20(k,_0,s,sigma);
+}
+
+int crypto_box_afternm(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *k) {
+  return crypto_secretbox(c,m,d,n,k);
+}
+
+int crypto_box_open_afternm(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *k) {
+  return crypto_secretbox_open(m,c,d,n,k);
+}
+
+int crypto_box(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *y,const u8 *x) {
+  u8 k[32];
+  crypto_box_beforenm(k,y,x);
+  return crypto_box_afternm(c,m,d,n,k);
+}
+
+int crypto_box_open(u8 *m,const u8 *c,u64 d,const u8 *n,
+		    const u8 *y,const u8 *x) {
+  u8 k[32];
+  crypto_box_beforenm(k,y,x);
+  return crypto_box_open_afternm(m,c,d,n,k);
+}
+
+static u64 R(u64 x,int c) { return (x >> c) | (x << (64 - c)); }
+static u64 Ch(u64 x,u64 y,u64 z) { return (x & y) ^ (~x & z); }
+static u64 Maj(u64 x,u64 y,u64 z) { return (x & y) ^ (x & z) ^ (y & z); }
+static u64 Sigma0(u64 x) { return R(x,28) ^ R(x,34) ^ R(x,39); }
+static u64 Sigma1(u64 x) { return R(x,14) ^ R(x,18) ^ R(x,41); }
+static u64 sigma0(u64 x) { return R(x, 1) ^ R(x, 8) ^ (x >> 7); }
+static u64 sigma1(u64 x) { return R(x,19) ^ R(x,61) ^ (x >> 6); }
+
+static const u64 K[80] =  {
+  0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
+  0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
+  0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
+  0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
+  0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
+  0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
+  0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
+  0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
+  0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
+  0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
+  0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
+  0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
+  0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
+  0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
+  0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
+  0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
+  0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
+  0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
+  0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
+  0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
+};
+
+int crypto_hashblocks(u8 *x,const u8 *m,u64 n) {
+  u64 z[8],b[8],a[8],w[16],t;
+  int i,j;
+
+  FOR(i,8) z[i] = a[i] = dl64(x + 8 * i);
+
+  while (n >= 128) {
+    FOR(i,16) w[i] = dl64(m + 8 * i);
+
+    FOR(i,80) {
+      FOR(j,8) b[j] = a[j];
+      t = a[7] + Sigma1(a[4]) + Ch(a[4],a[5],a[6]) + K[i] + w[i%16];
+      b[7] = t + Sigma0(a[0]) + Maj(a[0],a[1],a[2]);
+      b[3] += t;
+      FOR(j,8) a[(j+1)%8] = b[j];
+      if (i%16 == 15)
+	FOR(j,16)
+	  w[j] += w[(j+9)%16] + sigma0(w[(j+1)%16]) + sigma1(w[(j+14)%16]);
+    }
+
+    FOR(i,8) { a[i] += z[i]; z[i] = a[i]; }
+
+    m += 128;
+    n -= 128;
+  }
+
+  FOR(i,8) ts64(x+8*i,z[i]);
+
+  return (int)n;
+}
+
+static const u8 iv[64] = {
+  0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08,
+  0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b,
+  0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b,
+  0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1,
+  0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1,
+  0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f,
+  0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b,
+  0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79
+} ;
+
+int crypto_hash(u8 *out,const u8 *m,u64 n) {
+  u8 h[64],x[256];
+  u64 i,b = n;
+
+  FOR(i,64) h[i] = iv[i];
+
+  crypto_hashblocks(h,m,n);
+  m += n;
+  n &= 127;
+  m -= n;
+
+  FOR(i,256) x[i] = 0;
+  FOR(i,n) x[i] = m[i];
+  x[n] = 128;
+
+  n = 256-128*(n<112);
+  x[n-9] = b >> 61;
+  ts64(x+n-8,b<<3);
+  crypto_hashblocks(h,x,n);
+
+  FOR(i,64) out[i] = h[i];
+
+  return 0;
+}
+
+sv add(gf p[4],gf q[4]) {
+  gf a,b,c,d,t,e,f,g,h;
+  
+  Z(a, p[1], p[0]);
+  Z(t, q[1], q[0]);
+  M(a, a, t);
+  A(b, p[0], p[1]);
+  A(t, q[0], q[1]);
+  M(b, b, t);
+  M(c, p[3], q[3]);
+  M(c, c, D2);
+  M(d, p[2], q[2]);
+  A(d, d, d);
+  Z(e, b, a);
+  Z(f, d, c);
+  A(g, d, c);
+  A(h, b, a);
+
+  M(p[0], e, f);
+  M(p[1], h, g);
+  M(p[2], g, f);
+  M(p[3], e, h);
+}
+
+sv cswap(gf p[4],gf q[4],u8 b) {
+  int i;
+  FOR(i,4)
+    sel25519(p[i],q[i],b);
+}
+
+sv pack(u8 *r,gf p[4]) {
+  gf tx, ty, zi;
+  inv25519(zi, p[2]); 
+  M(tx, p[0], zi);
+  M(ty, p[1], zi);
+  pack25519(r, ty);
+  r[31] ^= par25519(tx) << 7;
+}
+
+sv scalarmult(gf p[4],gf q[4],const u8 *s) {
+  int i;
+  set25519(p[0],gf0);
+  set25519(p[1],gf1);
+  set25519(p[2],gf1);
+  set25519(p[3],gf0);
+  for (i = 255;i >= 0;--i) {
+    u8 b = (s[i/8]>>(i&7))&1;
+    cswap(p,q,b);
+    add(q,p);
+    add(p,p);
+    cswap(p,q,b);
+  }
+}
+
+sv scalarbase(gf p[4],const u8 *s) {
+  gf q[4];
+  set25519(q[0],X);
+  set25519(q[1],Y);
+  set25519(q[2],gf1);
+  M(q[3],X,Y);
+  scalarmult(p,q,s);
+}
+
+int crypto_sign_keypair(u8 *pk, u8 *sk) {
+  randombytes(sk, 32);
+  return crypto_sign_keypair_from_seed(pk, sk);
+}
+
+int crypto_sign_keypair_from_seed(u8 *pk, u8 *sk) {
+  u8 d[64];
+  gf p[4];
+  int i;
+  
+  crypto_hash(d, sk, 32);
+  d[0] &= 248;
+  d[31] &= 127;
+  d[31] |= 64;
+
+  scalarbase(p,d);
+  pack(pk,p);
+
+  FOR(i,32) sk[32 + i] = pk[i];
+  return 0;
+}
+
+static const u64 L[32] = {0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10};
+
+sv modL(u8 *r,i64 x[64]) {
+  i64 carry,i,j;
+  for (i = 63;i >= 32;--i) {
+    carry = 0;
+    for (j = i - 32;j < i - 12;++j) {
+      x[j] += carry - 16 * x[i] * L[j - (i - 32)];
+      carry = (x[j] + 128) >> 8;
+      x[j] -= carry << 8;
+    }
+    x[j] += carry;
+    x[i] = 0;
+  }
+  carry = 0;
+  FOR(j,32) {
+    x[j] += carry - (x[31] >> 4) * L[j];
+    carry = x[j] >> 8;
+    x[j] &= 255;
+  }
+  FOR(j,32) x[j] -= carry * L[j];
+  FOR(i,32) {
+    x[i+1] += x[i] >> 8;
+    r[i] = x[i] & 255;
+  }
+}
+
+sv reduce(u8 *r) {
+  i64 x[64],i;
+  FOR(i,64) x[i] = (u64) r[i];
+  FOR(i,64) r[i] = 0;
+  modL(r,x);
+}
+
+int crypto_sign(u8 *sm,u64 *smlen,const u8 *m,u64 n,const u8 *sk) {
+  u8 d[64],h[64],r[64];
+  i64 i,j,x[64];
+  gf p[4];
+
+  crypto_hash(d, sk, 32);
+  d[0] &= 248;
+  d[31] &= 127;
+  d[31] |= 64;
+
+  *smlen = n+64;
+  FOR(i,n) sm[64 + i] = m[i];
+  FOR(i,32) sm[32 + i] = d[32 + i];
+
+  crypto_hash(r, sm+32, n+32);
+  reduce(r);
+  scalarbase(p,r);
+  pack(sm,p);
+
+  FOR(i,32) sm[i+32] = sk[i+32];
+  crypto_hash(h,sm,n + 64);
+  reduce(h);
+
+  FOR(i,64) x[i] = 0;
+  FOR(i,32) x[i] = (u64) r[i];
+  FOR(i,32) FOR(j,32) x[i+j] += h[i] * (u64) d[j];
+  modL(sm + 32,x);
+
+  return 0;
+}
+
+static int unpackneg(gf r[4],const u8 p[32]) {
+  gf t, chk, num, den, den2, den4, den6;
+  set25519(r[2],gf1);
+  unpack25519(r[1],p);
+  S(num,r[1]);
+  M(den,num,D);
+  Z(num,num,r[2]);
+  A(den,r[2],den);
+
+  S(den2,den);
+  S(den4,den2);
+  M(den6,den4,den2);
+  M(t,den6,num);
+  M(t,t,den);
+
+  pow2523(t,t);
+  M(t,t,num);
+  M(t,t,den);
+  M(t,t,den);
+  M(r[0],t,den);
+
+  S(chk,r[0]);
+  M(chk,chk,den);
+  if (neq25519(chk, num)) M(r[0],r[0],I);
+
+  S(chk,r[0]);
+  M(chk,chk,den);
+  if (neq25519(chk, num)) return -1;
+
+  if (par25519(r[0]) == (p[31]>>7)) Z(r[0],gf0,r[0]);
+
+  M(r[3],r[0],r[1]);
+  return 0;
+}
+
+int crypto_sign_open(u8 *m,u64 *mlen,const u8 *sm,u64 n,const u8 *pk) {
+  int i;
+  u8 t[32],h[64];
+  gf p[4],q[4];
+
+  *mlen = -1;
+  if (n < 64) return -1;
+
+  if (unpackneg(q,pk)) return -1;
+
+  FOR(i,n) m[i] = sm[i];
+  FOR(i,32) m[i+32] = pk[i];
+  crypto_hash(h,m,n);
+  reduce(h);
+  scalarmult(p,q,h);
+
+  scalarbase(q,sm + 32);
+  add(p,q);
+  pack(t,p);
+
+  n -= 64;
+  if (crypto_verify_32(sm, t)) {
+    FOR(i,n) m[i] = 0;
+    return -1;
+  }
+
+  FOR(i,n) m[i] = sm[i + 64];
+  *mlen = n;
+  return 0;
+}
+
+void spk2epk(u8* epk, u8* spk) {
+  gf n,d;
+  unpack25519(n, spk);
+  Z(d, gf1, n);
+  inv25519(d, d);
+  A(n, gf1, n);
+  M(n, n, d);
+  pack25519(epk, n);
+}

SquiLu-ext/tweetnacl.h

@@ -0,0 +1,276 @@
+#ifndef TWEETNACL_H
+#define TWEETNACL_H
+#define crypto_auth_PRIMITIVE "hmacsha512256"
+#define crypto_auth crypto_auth_hmacsha512256
+#define crypto_auth_verify crypto_auth_hmacsha512256_verify
+#define crypto_auth_BYTES crypto_auth_hmacsha512256_BYTES
+#define crypto_auth_KEYBYTES crypto_auth_hmacsha512256_KEYBYTES
+#define crypto_auth_IMPLEMENTATION crypto_auth_hmacsha512256_IMPLEMENTATION
+#define crypto_auth_VERSION crypto_auth_hmacsha512256_VERSION
+#define crypto_auth_hmacsha512256_tweet_BYTES 32
+#define crypto_auth_hmacsha512256_tweet_KEYBYTES 32
+extern int crypto_auth_hmacsha512256_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_auth_hmacsha512256_tweet_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+#define crypto_auth_hmacsha512256_tweet_VERSION "-"
+#define crypto_auth_hmacsha512256 crypto_auth_hmacsha512256_tweet
+#define crypto_auth_hmacsha512256_verify crypto_auth_hmacsha512256_tweet_verify
+#define crypto_auth_hmacsha512256_BYTES crypto_auth_hmacsha512256_tweet_BYTES
+#define crypto_auth_hmacsha512256_KEYBYTES crypto_auth_hmacsha512256_tweet_KEYBYTES
+#define crypto_auth_hmacsha512256_VERSION crypto_auth_hmacsha512256_tweet_VERSION
+#define crypto_auth_hmacsha512256_IMPLEMENTATION "crypto_auth/hmacsha512256/tweet"
+#define crypto_box_PRIMITIVE "curve25519xsalsa20poly1305"
+#define crypto_box crypto_box_curve25519xsalsa20poly1305
+#define crypto_box_open crypto_box_curve25519xsalsa20poly1305_open
+#define crypto_box_keypair crypto_box_curve25519xsalsa20poly1305_keypair
+#define crypto_box_beforenm crypto_box_curve25519xsalsa20poly1305_beforenm
+#define crypto_box_afternm crypto_box_curve25519xsalsa20poly1305_afternm
+#define crypto_box_open_afternm crypto_box_curve25519xsalsa20poly1305_open_afternm
+#define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
+#define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES
+#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
+#define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES
+#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
+#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
+#define crypto_box_IMPLEMENTATION crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION
+#define crypto_box_VERSION crypto_box_curve25519xsalsa20poly1305_VERSION
+#define crypto_box_curve25519xsalsa20poly1305_tweet_PUBLICKEYBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_tweet_SECRETKEYBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_tweet_BEFORENMBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_tweet_NONCEBYTES 24
+#define crypto_box_curve25519xsalsa20poly1305_tweet_ZEROBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_tweet_BOXZEROBYTES 16
+extern int crypto_box_curve25519xsalsa20poly1305_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_tweet_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_tweet_keypair(unsigned char *,unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_tweet_beforenm(unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_tweet_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_tweet_open_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#define crypto_box_curve25519xsalsa20poly1305_tweet_VERSION "-"
+#define crypto_box_curve25519xsalsa20poly1305 crypto_box_curve25519xsalsa20poly1305_tweet
+#define crypto_box_curve25519xsalsa20poly1305_open crypto_box_curve25519xsalsa20poly1305_tweet_open
+#define crypto_box_curve25519xsalsa20poly1305_keypair crypto_box_curve25519xsalsa20poly1305_tweet_keypair
+#define crypto_box_curve25519xsalsa20poly1305_beforenm crypto_box_curve25519xsalsa20poly1305_tweet_beforenm
+#define crypto_box_curve25519xsalsa20poly1305_afternm crypto_box_curve25519xsalsa20poly1305_tweet_afternm
+#define crypto_box_curve25519xsalsa20poly1305_open_afternm crypto_box_curve25519xsalsa20poly1305_tweet_open_afternm
+#define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_tweet_PUBLICKEYBYTES
+#define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_tweet_SECRETKEYBYTES
+#define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_tweet_BEFORENMBYTES
+#define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_tweet_NONCEBYTES
+#define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_tweet_ZEROBYTES
+#define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_tweet_BOXZEROBYTES
+#define crypto_box_curve25519xsalsa20poly1305_VERSION crypto_box_curve25519xsalsa20poly1305_tweet_VERSION
+#define crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION "crypto_box/curve25519xsalsa20poly1305/tweet"
+#define crypto_core_PRIMITIVE "salsa20"
+#define crypto_core crypto_core_salsa20
+#define crypto_core_OUTPUTBYTES crypto_core_salsa20_OUTPUTBYTES
+#define crypto_core_INPUTBYTES crypto_core_salsa20_INPUTBYTES
+#define crypto_core_KEYBYTES crypto_core_salsa20_KEYBYTES
+#define crypto_core_CONSTBYTES crypto_core_salsa20_CONSTBYTES
+#define crypto_core_IMPLEMENTATION crypto_core_salsa20_IMPLEMENTATION
+#define crypto_core_VERSION crypto_core_salsa20_VERSION
+#define crypto_core_salsa20_tweet_OUTPUTBYTES 64
+#define crypto_core_salsa20_tweet_INPUTBYTES 16
+#define crypto_core_salsa20_tweet_KEYBYTES 32
+#define crypto_core_salsa20_tweet_CONSTBYTES 16
+extern int crypto_core_salsa20_tweet(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
+#define crypto_core_salsa20_tweet_VERSION "-"
+#define crypto_core_salsa20 crypto_core_salsa20_tweet
+#define crypto_core_salsa20_OUTPUTBYTES crypto_core_salsa20_tweet_OUTPUTBYTES
+#define crypto_core_salsa20_INPUTBYTES crypto_core_salsa20_tweet_INPUTBYTES
+#define crypto_core_salsa20_KEYBYTES crypto_core_salsa20_tweet_KEYBYTES
+#define crypto_core_salsa20_CONSTBYTES crypto_core_salsa20_tweet_CONSTBYTES
+#define crypto_core_salsa20_VERSION crypto_core_salsa20_tweet_VERSION
+#define crypto_core_salsa20_IMPLEMENTATION "crypto_core/salsa20/tweet"
+#define crypto_core_hsalsa20_tweet_OUTPUTBYTES 32
+#define crypto_core_hsalsa20_tweet_INPUTBYTES 16
+#define crypto_core_hsalsa20_tweet_KEYBYTES 32
+#define crypto_core_hsalsa20_tweet_CONSTBYTES 16
+extern int crypto_core_hsalsa20_tweet(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
+#define crypto_core_hsalsa20_tweet_VERSION "-"
+#define crypto_core_hsalsa20 crypto_core_hsalsa20_tweet
+#define crypto_core_hsalsa20_OUTPUTBYTES crypto_core_hsalsa20_tweet_OUTPUTBYTES
+#define crypto_core_hsalsa20_INPUTBYTES crypto_core_hsalsa20_tweet_INPUTBYTES
+#define crypto_core_hsalsa20_KEYBYTES crypto_core_hsalsa20_tweet_KEYBYTES
+#define crypto_core_hsalsa20_CONSTBYTES crypto_core_hsalsa20_tweet_CONSTBYTES
+#define crypto_core_hsalsa20_VERSION crypto_core_hsalsa20_tweet_VERSION
+#define crypto_core_hsalsa20_IMPLEMENTATION "crypto_core/hsalsa20/tweet"
+#define crypto_hashblocks_PRIMITIVE "sha512"
+#define crypto_hashblocks crypto_hashblocks_sha512
+#define crypto_hashblocks_STATEBYTES crypto_hashblocks_sha512_STATEBYTES
+#define crypto_hashblocks_BLOCKBYTES crypto_hashblocks_sha512_BLOCKBYTES
+#define crypto_hashblocks_IMPLEMENTATION crypto_hashblocks_sha512_IMPLEMENTATION
+#define crypto_hashblocks_VERSION crypto_hashblocks_sha512_VERSION
+#define crypto_hashblocks_sha512_tweet_STATEBYTES 64
+#define crypto_hashblocks_sha512_tweet_BLOCKBYTES 128
+extern int crypto_hashblocks_sha512_tweet(unsigned char *,const unsigned char *,unsigned long long);
+#define crypto_hashblocks_sha512_tweet_VERSION "-"
+#define crypto_hashblocks_sha512 crypto_hashblocks_sha512_tweet
+#define crypto_hashblocks_sha512_STATEBYTES crypto_hashblocks_sha512_tweet_STATEBYTES
+#define crypto_hashblocks_sha512_BLOCKBYTES crypto_hashblocks_sha512_tweet_BLOCKBYTES
+#define crypto_hashblocks_sha512_VERSION crypto_hashblocks_sha512_tweet_VERSION
+#define crypto_hashblocks_sha512_IMPLEMENTATION "crypto_hashblocks/sha512/tweet"
+#define crypto_hashblocks_sha256_tweet_STATEBYTES 32
+#define crypto_hashblocks_sha256_tweet_BLOCKBYTES 64
+extern int crypto_hashblocks_sha256_tweet(unsigned char *,const unsigned char *,unsigned long long);
+#define crypto_hashblocks_sha256_tweet_VERSION "-"
+#define crypto_hashblocks_sha256 crypto_hashblocks_sha256_tweet
+#define crypto_hashblocks_sha256_STATEBYTES crypto_hashblocks_sha256_tweet_STATEBYTES
+#define crypto_hashblocks_sha256_BLOCKBYTES crypto_hashblocks_sha256_tweet_BLOCKBYTES
+#define crypto_hashblocks_sha256_VERSION crypto_hashblocks_sha256_tweet_VERSION
+#define crypto_hashblocks_sha256_IMPLEMENTATION "crypto_hashblocks/sha256/tweet"
+#define crypto_hash_PRIMITIVE "sha512"
+#define crypto_hash crypto_hash_sha512
+#define crypto_hash_BYTES crypto_hash_sha512_BYTES
+#define crypto_hash_IMPLEMENTATION crypto_hash_sha512_IMPLEMENTATION
+#define crypto_hash_VERSION crypto_hash_sha512_VERSION
+#define crypto_hash_sha512_tweet_BYTES 64
+extern int crypto_hash_sha512_tweet(unsigned char *,const unsigned char *,unsigned long long);
+#define crypto_hash_sha512_tweet_VERSION "-"
+#define crypto_hash_sha512 crypto_hash_sha512_tweet
+#define crypto_hash_sha512_BYTES crypto_hash_sha512_tweet_BYTES
+#define crypto_hash_sha512_VERSION crypto_hash_sha512_tweet_VERSION
+#define crypto_hash_sha512_IMPLEMENTATION "crypto_hash/sha512/tweet"
+#define crypto_hash_sha256_tweet_BYTES 32
+extern int crypto_hash_sha256_tweet(unsigned char *,const unsigned char *,unsigned long long);
+#define crypto_hash_sha256_tweet_VERSION "-"
+#define crypto_hash_sha256 crypto_hash_sha256_tweet
+#define crypto_hash_sha256_BYTES crypto_hash_sha256_tweet_BYTES
+#define crypto_hash_sha256_VERSION crypto_hash_sha256_tweet_VERSION
+#define crypto_hash_sha256_IMPLEMENTATION "crypto_hash/sha256/tweet"
+#define crypto_onetimeauth_PRIMITIVE "poly1305"
+#define crypto_onetimeauth crypto_onetimeauth_poly1305
+#define crypto_onetimeauth_verify crypto_onetimeauth_poly1305_verify
+#define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES
+#define crypto_onetimeauth_KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES
+#define crypto_onetimeauth_IMPLEMENTATION crypto_onetimeauth_poly1305_IMPLEMENTATION
+#define crypto_onetimeauth_VERSION crypto_onetimeauth_poly1305_VERSION
+#define crypto_onetimeauth_poly1305_tweet_BYTES 16
+#define crypto_onetimeauth_poly1305_tweet_KEYBYTES 32
+extern int crypto_onetimeauth_poly1305_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_onetimeauth_poly1305_tweet_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+#define crypto_onetimeauth_poly1305_tweet_VERSION "-"
+#define crypto_onetimeauth_poly1305 crypto_onetimeauth_poly1305_tweet
+#define crypto_onetimeauth_poly1305_verify crypto_onetimeauth_poly1305_tweet_verify
+#define crypto_onetimeauth_poly1305_BYTES crypto_onetimeauth_poly1305_tweet_BYTES
+#define crypto_onetimeauth_poly1305_KEYBYTES crypto_onetimeauth_poly1305_tweet_KEYBYTES
+#define crypto_onetimeauth_poly1305_VERSION crypto_onetimeauth_poly1305_tweet_VERSION
+#define crypto_onetimeauth_poly1305_IMPLEMENTATION "crypto_onetimeauth/poly1305/tweet"
+#define crypto_scalarmult_PRIMITIVE "curve25519"
+#define crypto_scalarmult crypto_scalarmult_curve25519
+#define crypto_scalarmult_base crypto_scalarmult_curve25519_base
+#define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES
+#define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES
+#define crypto_scalarmult_IMPLEMENTATION crypto_scalarmult_curve25519_IMPLEMENTATION
+#define crypto_scalarmult_VERSION crypto_scalarmult_curve25519_VERSION
+#define crypto_scalarmult_curve25519_tweet_BYTES 32
+#define crypto_scalarmult_curve25519_tweet_SCALARBYTES 32
+extern int crypto_scalarmult_curve25519_tweet(unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_scalarmult_curve25519_tweet_base(unsigned char *,const unsigned char *);
+#define crypto_scalarmult_curve25519_tweet_VERSION "-"
+#define crypto_scalarmult_curve25519 crypto_scalarmult_curve25519_tweet
+#define crypto_scalarmult_curve25519_base crypto_scalarmult_curve25519_tweet_base
+#define crypto_scalarmult_curve25519_BYTES crypto_scalarmult_curve25519_tweet_BYTES
+#define crypto_scalarmult_curve25519_SCALARBYTES crypto_scalarmult_curve25519_tweet_SCALARBYTES
+#define crypto_scalarmult_curve25519_VERSION crypto_scalarmult_curve25519_tweet_VERSION
+#define crypto_scalarmult_curve25519_IMPLEMENTATION "crypto_scalarmult/curve25519/tweet"
+#define crypto_secretbox_PRIMITIVE "xsalsa20poly1305"
+#define crypto_secretbox crypto_secretbox_xsalsa20poly1305
+#define crypto_secretbox_open crypto_secretbox_xsalsa20poly1305_open
+#define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES
+#define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES
+#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES
+#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES
+#define crypto_secretbox_IMPLEMENTATION crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION
+#define crypto_secretbox_VERSION crypto_secretbox_xsalsa20poly1305_VERSION
+#define crypto_secretbox_xsalsa20poly1305_tweet_KEYBYTES 32
+#define crypto_secretbox_xsalsa20poly1305_tweet_NONCEBYTES 24
+#define crypto_secretbox_xsalsa20poly1305_tweet_ZEROBYTES 32
+#define crypto_secretbox_xsalsa20poly1305_tweet_BOXZEROBYTES 16
+extern int crypto_secretbox_xsalsa20poly1305_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_secretbox_xsalsa20poly1305_tweet_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#define crypto_secretbox_xsalsa20poly1305_tweet_VERSION "-"
+#define crypto_secretbox_xsalsa20poly1305 crypto_secretbox_xsalsa20poly1305_tweet
+#define crypto_secretbox_xsalsa20poly1305_open crypto_secretbox_xsalsa20poly1305_tweet_open
+#define crypto_secretbox_xsalsa20poly1305_KEYBYTES crypto_secretbox_xsalsa20poly1305_tweet_KEYBYTES
+#define crypto_secretbox_xsalsa20poly1305_NONCEBYTES crypto_secretbox_xsalsa20poly1305_tweet_NONCEBYTES
+#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES crypto_secretbox_xsalsa20poly1305_tweet_ZEROBYTES
+#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_tweet_BOXZEROBYTES
+#define crypto_secretbox_xsalsa20poly1305_VERSION crypto_secretbox_xsalsa20poly1305_tweet_VERSION
+#define crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION "crypto_secretbox/xsalsa20poly1305/tweet"
+#define crypto_sign_PRIMITIVE "ed25519"
+#define crypto_sign crypto_sign_ed25519
+#define crypto_sign_open crypto_sign_ed25519_open
+#define crypto_sign_keypair crypto_sign_ed25519_keypair
+#define crypto_sign_BYTES crypto_sign_ed25519_BYTES
+#define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES
+#define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES
+#define crypto_sign_IMPLEMENTATION crypto_sign_ed25519_IMPLEMENTATION
+#define crypto_sign_VERSION crypto_sign_ed25519_VERSION
+#define crypto_sign_ed25519_tweet_BYTES 64
+#define crypto_sign_ed25519_tweet_PUBLICKEYBYTES 32
+#define crypto_sign_ed25519_tweet_SECRETKEYBYTES 64
+extern int crypto_sign_ed25519_tweet(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_sign_ed25519_tweet_open(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_sign_ed25519_tweet_keypair(unsigned char *,unsigned char *);
+#define crypto_sign_ed25519_tweet_VERSION "-"
+#define crypto_sign_ed25519 crypto_sign_ed25519_tweet
+#define crypto_sign_ed25519_open crypto_sign_ed25519_tweet_open
+#define crypto_sign_ed25519_keypair crypto_sign_ed25519_tweet_keypair
+#define crypto_sign_ed25519_BYTES crypto_sign_ed25519_tweet_BYTES
+#define crypto_sign_ed25519_PUBLICKEYBYTES crypto_sign_ed25519_tweet_PUBLICKEYBYTES
+#define crypto_sign_ed25519_SECRETKEYBYTES crypto_sign_ed25519_tweet_SECRETKEYBYTES
+#define crypto_sign_ed25519_VERSION crypto_sign_ed25519_tweet_VERSION
+#define crypto_sign_ed25519_IMPLEMENTATION "crypto_sign/ed25519/tweet"
+#define crypto_stream_PRIMITIVE "xsalsa20"
+#define crypto_stream crypto_stream_xsalsa20
+#define crypto_stream_xor crypto_stream_xsalsa20_xor
+#define crypto_stream_KEYBYTES crypto_stream_xsalsa20_KEYBYTES
+#define crypto_stream_NONCEBYTES crypto_stream_xsalsa20_NONCEBYTES
+#define crypto_stream_IMPLEMENTATION crypto_stream_xsalsa20_IMPLEMENTATION
+#define crypto_stream_VERSION crypto_stream_xsalsa20_VERSION
+#define crypto_stream_xsalsa20_tweet_KEYBYTES 32
+#define crypto_stream_xsalsa20_tweet_NONCEBYTES 24
+extern int crypto_stream_xsalsa20_tweet(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_xsalsa20_tweet_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#define crypto_stream_xsalsa20_tweet_VERSION "-"
+#define crypto_stream_xsalsa20 crypto_stream_xsalsa20_tweet
+#define crypto_stream_xsalsa20_xor crypto_stream_xsalsa20_tweet_xor
+#define crypto_stream_xsalsa20_KEYBYTES crypto_stream_xsalsa20_tweet_KEYBYTES
+#define crypto_stream_xsalsa20_NONCEBYTES crypto_stream_xsalsa20_tweet_NONCEBYTES
+#define crypto_stream_xsalsa20_VERSION crypto_stream_xsalsa20_tweet_VERSION
+#define crypto_stream_xsalsa20_IMPLEMENTATION "crypto_stream/xsalsa20/tweet"
+#define crypto_stream_salsa20_tweet_KEYBYTES 32
+#define crypto_stream_salsa20_tweet_NONCEBYTES 8
+extern int crypto_stream_salsa20_tweet(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa20_tweet_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#define crypto_stream_salsa20_tweet_VERSION "-"
+#define crypto_stream_salsa20 crypto_stream_salsa20_tweet
+#define crypto_stream_salsa20_xor crypto_stream_salsa20_tweet_xor
+#define crypto_stream_salsa20_KEYBYTES crypto_stream_salsa20_tweet_KEYBYTES
+#define crypto_stream_salsa20_NONCEBYTES crypto_stream_salsa20_tweet_NONCEBYTES
+#define crypto_stream_salsa20_VERSION crypto_stream_salsa20_tweet_VERSION
+#define crypto_stream_salsa20_IMPLEMENTATION "crypto_stream/salsa20/tweet"
+#define crypto_verify_PRIMITIVE "16"
+#define crypto_verify crypto_verify_16
+#define crypto_verify_BYTES crypto_verify_16_BYTES
+#define crypto_verify_IMPLEMENTATION crypto_verify_16_IMPLEMENTATION
+#define crypto_verify_VERSION crypto_verify_16_VERSION
+#define crypto_verify_16_tweet_BYTES 16
+extern int crypto_verify_16_tweet(const unsigned char *,const unsigned char *);
+#define crypto_verify_16_tweet_VERSION "-"
+#define crypto_verify_16 crypto_verify_16_tweet
+#define crypto_verify_16_BYTES crypto_verify_16_tweet_BYTES
+#define crypto_verify_16_VERSION crypto_verify_16_tweet_VERSION
+#define crypto_verify_16_IMPLEMENTATION "crypto_verify/16/tweet"
+#define crypto_verify_32_tweet_BYTES 32
+extern int crypto_verify_32_tweet(const unsigned char *,const unsigned char *);
+#define crypto_verify_32_tweet_VERSION "-"
+#define crypto_verify_32 crypto_verify_32_tweet
+#define crypto_verify_32_BYTES crypto_verify_32_tweet_BYTES
+#define crypto_verify_32_VERSION crypto_verify_32_tweet_VERSION
+#define crypto_verify_32_IMPLEMENTATION "crypto_verify/32/tweet"
+#endif
+
+typedef unsigned char u8;
+int crypto_sign_keypair_from_seed(u8 *pk, u8 *sk);
+void spk2epk(u8* epk, u8* spk);