<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.8.14"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>Crypto++: tweetnacl.cpp Source File</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
<tbody>
<tr style="height: 56px;">
<td id="projectalign" style="padding-left: 0.5em;">
<div id="projectname">Crypto++
 <span id="projectnumber">7.0</span>
</div>
<div id="projectbrief">Free C++ class library of cryptographic schemes</div>
</td>
</tr>
</tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.8.14 -->
<script type="text/javascript" src="menudata.js"></script>
<script type="text/javascript" src="menu.js"></script>
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
$(function() {
initMenu('',false,false,'search.php','Search');
});
/* @license-end */</script>
<div id="main-nav"></div>
</div><!-- top -->
<div class="header">
<div class="headertitle">
<div class="title">tweetnacl.cpp</div> </div>
</div><!--header-->
<div class="contents">
<div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno"> 1</span> <span class="comment">// tweetnacl.cpp - modified tweetnacl.c placed in public domain by Jeffrey Walton.</span></div><div class="line"><a name="l00002"></a><span class="lineno"> 2</span> <span class="comment">// The NaCl library and tweetnacl.c is public domain source code</span></div><div class="line"><a name="l00003"></a><span class="lineno"> 3</span> <span class="comment">// written by Daniel J. Bernstein, Bernard van Gastel, Wesley</span></div><div class="line"><a name="l00004"></a><span class="lineno"> 4</span> <span class="comment">// Janssen, Tanja Lange, Peter Schwabe and Sjaak Smetsers.</span></div><div class="line"><a name="l00005"></a><span class="lineno"> 5</span> </div><div class="line"><a name="l00006"></a><span class="lineno"> 6</span> <span class="preprocessor">#include "<a class="code" href="pch_8h.html">pch.h</a>"</span></div><div class="line"><a name="l00007"></a><span class="lineno"> 7</span> <span class="preprocessor">#include "<a class="code" href="config_8h.html">config.h</a>"</span></div><div class="line"><a name="l00008"></a><span class="lineno"> 8</span> <span class="preprocessor">#include "<a class="code" href="naclite_8h.html">naclite.h</a>"</span></div><div class="line"><a name="l00009"></a><span class="lineno"> 9</span> <span class="preprocessor">#include "<a class="code" href="misc_8h.html">misc.h</a>"</span></div><div class="line"><a name="l00010"></a><span class="lineno"> 10</span> <span class="preprocessor">#include "<a class="code" href="osrng_8h.html">osrng.h</a>"</span></div><div class="line"><a name="l00011"></a><span class="lineno"> 11</span> <span class="preprocessor">#include "<a class="code" href="stdcpp_8h.html">stdcpp.h</a>"</span></div><div class="line"><a name="l00012"></a><span class="lineno"> 12</span> </div><div class="line"><a name="l00013"></a><span class="lineno"> 13</span> <span class="comment">// Don't destroy const time properties when squashing warnings.</span></div><div class="line"><a name="l00014"></a><span class="lineno"> 14</span> <span class="preprocessor">#if CRYPTOPP_MSC_VERSION</span></div><div class="line"><a name="l00015"></a><span class="lineno"> 15</span> <span class="preprocessor"># pragma warning(disable: 4146 4242 4244 4245)</span></div><div class="line"><a name="l00016"></a><span class="lineno"> 16</span> <span class="preprocessor">#endif</span></div><div class="line"><a name="l00017"></a><span class="lineno"> 17</span> </div><div class="line"><a name="l00018"></a><span class="lineno"> 18</span> <span class="preprocessor">#ifndef CRYPTOPP_DISABLE_NACL</span></div><div class="line"><a name="l00019"></a><span class="lineno"> 19</span> </div><div class="line"><a name="l00020"></a><span class="lineno"> 20</span> NAMESPACE_BEGIN(<a class="code" href="namespace_crypto_p_p.html">CryptoPP</a>)</div><div class="line"><a name="l00021"></a><span class="lineno"> 21</span> NAMESPACE_BEGIN(<a class="code" href="namespace_na_cl.html">NaCl</a>)</div><div class="line"><a name="l00022"></a><span class="lineno"> 22</span> </div><div class="line"><a name="l00023"></a><span class="lineno"> 23</span> <span class="keyword">typedef</span> sword64 gf[16];</div><div class="line"><a name="l00024"></a><span class="lineno"> 24</span> </div><div class="line"><a name="l00025"></a><span class="lineno"> 25</span> <span class="keyword">static</span> <span class="keyword">const</span> byte</div><div class="line"><a name="l00026"></a><span class="lineno"> 26</span>  _0[32] = {0},</div><div class="line"><a name="l00027"></a><span class="lineno"> 27</span>  _9[32] = {9};</div><div class="line"><a name="l00028"></a><span class="lineno"> 28</span> </div><div class="line"><a name="l00029"></a><span class="lineno"> 29</span> <span class="keyword">static</span> <span class="keyword">const</span> gf</div><div class="line"><a name="l00030"></a><span class="lineno"> 30</span>  gf0 = {0},</div><div class="line"><a name="l00031"></a><span class="lineno"> 31</span>  gf1 = {1},</div><div class="line"><a name="l00032"></a><span class="lineno"> 32</span>  _121665 = {0xDB41,1},</div><div class="line"><a name="l00033"></a><span class="lineno"> 33</span>  D = {0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203},</div><div class="line"><a name="l00034"></a><span class="lineno"> 34</span>  D2 = {0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406},</div><div class="line"><a name="l00035"></a><span class="lineno"> 35</span>  X = {0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169},</div><div class="line"><a name="l00036"></a><span class="lineno"> 36</span>  Y = {0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666},</div><div class="line"><a name="l00037"></a><span class="lineno"> 37</span>  I = {0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83};</div><div class="line"><a name="l00038"></a><span class="lineno"> 38</span> </div><div class="line"><a name="l00039"></a><span class="lineno"> 39</span> <span class="comment">// Added by Crypto++ for TweetNaCl</span></div><div class="line"><a name="l00040"></a><span class="lineno"> 40</span> <span class="keyword">static</span> <span class="keywordtype">void</span> randombytes(byte * block, word64 size)</div><div class="line"><a name="l00041"></a><span class="lineno"> 41</span> {</div><div class="line"><a name="l00042"></a><span class="lineno"> 42</span>  <a class="code" href="class_default_auto_seeded_r_n_g.html">DefaultAutoSeededRNG</a> prng;</div><div class="line"><a name="l00043"></a><span class="lineno"> 43</span>  prng.GenerateBlock(block, (<span class="keywordtype">size_t</span>)size);</div><div class="line"><a name="l00044"></a><span class="lineno"> 44</span> }</div><div class="line"><a name="l00045"></a><span class="lineno"> 45</span> </div><div class="line"><a name="l00046"></a><span class="lineno"> 46</span> <span class="keyword">static</span> word32 L32(word32 x,<span class="keywordtype">int</span> c) { <span class="keywordflow">return</span> (x << c) | ((x&0xffffffff) >> (32 - c)); }</div><div class="line"><a name="l00047"></a><span class="lineno"> 47</span> </div><div class="line"><a name="l00048"></a><span class="lineno"> 48</span> <span class="keyword">static</span> word32 ld32(<span class="keyword">const</span> byte *x)</div><div class="line"><a name="l00049"></a><span class="lineno"> 49</span> {</div><div class="line"><a name="l00050"></a><span class="lineno"> 50</span>  word32 u = x[3];</div><div class="line"><a name="l00051"></a><span class="lineno"> 51</span>  u = (u<<8)|x[2];</div><div class="line"><a name="l00052"></a><span class="lineno"> 52</span>  u = (u<<8)|x[1];</div><div class="line"><a name="l00053"></a><span class="lineno"> 53</span>  <span class="keywordflow">return</span> (u<<8)|x[0];</div><div class="line"><a name="l00054"></a><span class="lineno"> 54</span> }</div><div class="line"><a name="l00055"></a><span class="lineno"> 55</span> </div><div class="line"><a name="l00056"></a><span class="lineno"> 56</span> <span class="keyword">static</span> word64 dl64(<span class="keyword">const</span> byte *x)</div><div class="line"><a name="l00057"></a><span class="lineno"> 57</span> {</div><div class="line"><a name="l00058"></a><span class="lineno"> 58</span>  word64 i,u=0;</div><div class="line"><a name="l00059"></a><span class="lineno"> 59</span>  <span class="keywordflow">for</span>(i=0; i<8; ++i) u=(u<<8)|x[i];</div><div class="line"><a name="l00060"></a><span class="lineno"> 60</span>  <span class="keywordflow">return</span> u;</div><div class="line"><a name="l00061"></a><span class="lineno"> 61</span> }</div><div class="line"><a name="l00062"></a><span class="lineno"> 62</span> </div><div class="line"><a name="l00063"></a><span class="lineno"> 63</span> <span class="keyword">static</span> <span class="keywordtype">void</span> st32(byte *x,word32 u)</div><div class="line"><a name="l00064"></a><span class="lineno"> 64</span> {</div><div class="line"><a name="l00065"></a><span class="lineno"> 65</span>  <span class="keywordtype">int</span> i;</div><div class="line"><a name="l00066"></a><span class="lineno"> 66</span>  <span class="keywordflow">for</span>(i=0; i<4; ++i) { x[i] = u; u >>= 8; }</div><div class="line"><a name="l00067"></a><span class="lineno"> 67</span> }</div><div class="line"><a name="l00068"></a><span class="lineno"> 68</span> </div><div class="line"><a name="l00069"></a><span class="lineno"> 69</span> <span class="keyword">static</span> <span class="keywordtype">void</span> ts64(byte *x,word64 u)</div><div class="line"><a name="l00070"></a><span class="lineno"> 70</span> {</div><div class="line"><a name="l00071"></a><span class="lineno"> 71</span>  <span class="keywordtype">int</span> i;</div><div class="line"><a name="l00072"></a><span class="lineno"> 72</span>  <span class="keywordflow">for</span> (i = 7;i >= 0;--i) { x[i] = u; u >>= 8; }</div><div class="line"><a name="l00073"></a><span class="lineno"> 73</span> }</div><div class="line"><a name="l00074"></a><span class="lineno"> 74</span> </div><div class="line"><a name="l00075"></a><span class="lineno"> 75</span> <span class="comment">// Extra cast due to Coverity CID 186949</span></div><div class="line"><a name="l00076"></a><span class="lineno"> 76</span> <span class="keyword">static</span> <span class="keywordtype">int</span> verify_n(<span class="keyword">const</span> byte *x,<span class="keyword">const</span> byte *y,word32 n)</div><div class="line"><a name="l00077"></a><span class="lineno"> 77</span> {</div><div class="line"><a name="l00078"></a><span class="lineno"> 78</span>  word32 i,d = 0;</div><div class="line"><a name="l00079"></a><span class="lineno"> 79</span>  <span class="keywordflow">for</span>(i=0; i<n; ++i) d |= x[i]^y[i];</div><div class="line"><a name="l00080"></a><span class="lineno"> 80</span>  <span class="keyword">const</span> sword32 v = (sword32) d;</div><div class="line"><a name="l00081"></a><span class="lineno"> 81</span>  <span class="keywordflow">return</span> (1 & ((word32)(v - 1) >> 8)) - 1;</div><div class="line"><a name="l00082"></a><span class="lineno"> 82</span> }</div><div class="line"><a name="l00083"></a><span class="lineno"> 83</span> </div><div class="line"><a name="l00084"></a><span class="lineno"><a class="line" href="naclite_8h.html#aec57f288b468ee38492c45557f736ca8"> 84</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#aec57f288b468ee38492c45557f736ca8">crypto_verify_16</a>(<span class="keyword">const</span> byte *x,<span class="keyword">const</span> byte *y)</div><div class="line"><a name="l00085"></a><span class="lineno"> 85</span> {</div><div class="line"><a name="l00086"></a><span class="lineno"> 86</span>  <span class="keywordflow">return</span> verify_n(x,y,16);</div><div class="line"><a name="l00087"></a><span class="lineno"> 87</span> }</div><div class="line"><a name="l00088"></a><span class="lineno"> 88</span> </div><div class="line"><a name="l00089"></a><span class="lineno"><a class="line" href="naclite_8h.html#a33256907cbe2f0a1788e13fa58c31eec"> 89</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a33256907cbe2f0a1788e13fa58c31eec">crypto_verify_32</a>(<span class="keyword">const</span> byte *x,<span class="keyword">const</span> byte *y)</div><div class="line"><a name="l00090"></a><span class="lineno"> 90</span> {</div><div class="line"><a name="l00091"></a><span class="lineno"> 91</span>  <span class="keywordflow">return</span> verify_n(x,y,32);</div><div class="line"><a name="l00092"></a><span class="lineno"> 92</span> }</div><div class="line"><a name="l00093"></a><span class="lineno"> 93</span> </div><div class="line"><a name="l00094"></a><span class="lineno"> 94</span> <span class="keyword">static</span> <span class="keywordtype">void</span> core(byte *out,<span class="keyword">const</span> byte *in,<span class="keyword">const</span> byte *k,<span class="keyword">const</span> byte *c,<span class="keywordtype">int</span> h)</div><div class="line"><a name="l00095"></a><span class="lineno"> 95</span> {</div><div class="line"><a name="l00096"></a><span class="lineno"> 96</span>  word32 w[16],x[16],y[16],t[4];</div><div class="line"><a name="l00097"></a><span class="lineno"> 97</span>  <span class="keywordtype">int</span> i,j,m;</div><div class="line"><a name="l00098"></a><span class="lineno"> 98</span> </div><div class="line"><a name="l00099"></a><span class="lineno"> 99</span>  <span class="keywordflow">for</span>(i=0; i<4; ++i) {</div><div class="line"><a name="l00100"></a><span class="lineno"> 100</span>  x[5*i] = ld32(c+4*i);</div><div class="line"><a name="l00101"></a><span class="lineno"> 101</span>  x[1+i] = ld32(k+4*i);</div><div class="line"><a name="l00102"></a><span class="lineno"> 102</span>  x[6+i] = ld32(in+4*i);</div><div class="line"><a name="l00103"></a><span class="lineno"> 103</span>  x[11+i] = ld32(k+16+4*i);</div><div class="line"><a name="l00104"></a><span class="lineno"> 104</span>  }</div><div class="line"><a name="l00105"></a><span class="lineno"> 105</span> </div><div class="line"><a name="l00106"></a><span class="lineno"> 106</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) y[i] = x[i];</div><div class="line"><a name="l00107"></a><span class="lineno"> 107</span> </div><div class="line"><a name="l00108"></a><span class="lineno"> 108</span>  <span class="keywordflow">for</span>(i=0; i<20; ++i) {</div><div class="line"><a name="l00109"></a><span class="lineno"> 109</span>  <span class="keywordflow">for</span>(j=0; j<4; ++j) {</div><div class="line"><a name="l00110"></a><span class="lineno"> 110</span>  <span class="keywordflow">for</span>(m=0; m<4; ++m) t[m] = x[(5*j+4*m)%16];</div><div class="line"><a name="l00111"></a><span class="lineno"> 111</span>  t[1] ^= L32(t[0]+t[3], 7);</div><div class="line"><a name="l00112"></a><span class="lineno"> 112</span>  t[2] ^= L32(t[1]+t[0], 9);</div><div class="line"><a name="l00113"></a><span class="lineno"> 113</span>  t[3] ^= L32(t[2]+t[1],13);</div><div class="line"><a name="l00114"></a><span class="lineno"> 114</span>  t[0] ^= L32(t[3]+t[2],18);</div><div class="line"><a name="l00115"></a><span class="lineno"> 115</span>  <span class="keywordflow">for</span>(m=0; m<4; ++m) w[4*j+(j+m)%4] = t[m];</div><div class="line"><a name="l00116"></a><span class="lineno"> 116</span>  }</div><div class="line"><a name="l00117"></a><span class="lineno"> 117</span>  <span class="keywordflow">for</span>(m=0; m<16; ++m) x[m] = w[m];</div><div class="line"><a name="l00118"></a><span class="lineno"> 118</span>  }</div><div class="line"><a name="l00119"></a><span class="lineno"> 119</span> </div><div class="line"><a name="l00120"></a><span class="lineno"> 120</span>  <span class="keywordflow">if</span> (h) {</div><div class="line"><a name="l00121"></a><span class="lineno"> 121</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) x[i] += y[i];</div><div class="line"><a name="l00122"></a><span class="lineno"> 122</span>  <span class="keywordflow">for</span>(i=0; i<4; ++i) {</div><div class="line"><a name="l00123"></a><span class="lineno"> 123</span>  x[5*i] -= ld32(c+4*i);</div><div class="line"><a name="l00124"></a><span class="lineno"> 124</span>  x[6+i] -= ld32(in+4*i);</div><div class="line"><a name="l00125"></a><span class="lineno"> 125</span>  }</div><div class="line"><a name="l00126"></a><span class="lineno"> 126</span>  <span class="keywordflow">for</span>(i=0; i<4; ++i) {</div><div class="line"><a name="l00127"></a><span class="lineno"> 127</span>  st32(out+4*i,x[5*i]);</div><div class="line"><a name="l00128"></a><span class="lineno"> 128</span>  st32(out+16+4*i,x[6+i]);</div><div class="line"><a name="l00129"></a><span class="lineno"> 129</span>  }</div><div class="line"><a name="l00130"></a><span class="lineno"> 130</span>  } <span class="keywordflow">else</span></div><div class="line"><a name="l00131"></a><span class="lineno"> 131</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) st32(out + 4 * i,x[i] + y[i]);</div><div class="line"><a name="l00132"></a><span class="lineno"> 132</span> }</div><div class="line"><a name="l00133"></a><span class="lineno"> 133</span> </div><div class="line"><a name="l00134"></a><span class="lineno"><a class="line" href="naclite_8h.html#a27fe78f07af893b38b8deaaa2c63f190"> 134</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a27fe78f07af893b38b8deaaa2c63f190">crypto_core_salsa20</a>(byte *out,<span class="keyword">const</span> byte *in,<span class="keyword">const</span> byte *k,<span class="keyword">const</span> byte *c)</div><div class="line"><a name="l00135"></a><span class="lineno"> 135</span> {</div><div class="line"><a name="l00136"></a><span class="lineno"> 136</span>  core(out,in,k,c,0);</div><div class="line"><a name="l00137"></a><span class="lineno"> 137</span>  <span class="keywordflow">return</span> 0;</div><div class="line"><a name="l00138"></a><span class="lineno"> 138</span> }</div><div class="line"><a name="l00139"></a><span class="lineno"> 139</span> </div><div class="line"><a name="l00140"></a><span class="lineno"><a class="line" href="naclite_8h.html#a3faa0eb09577f9f094fe05c5e7c0d505"> 140</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a3faa0eb09577f9f094fe05c5e7c0d505">crypto_core_hsalsa20</a>(byte *out,<span class="keyword">const</span> byte *in,<span class="keyword">const</span> byte *k,<span class="keyword">const</span> byte *c)</div><div class="line"><a name="l00141"></a><span class="lineno"> 141</span> {</div><div class="line"><a name="l00142"></a><span class="lineno"> 142</span>  core(out,in,k,c,1);</div><div class="line"><a name="l00143"></a><span class="lineno"> 143</span>  <span class="keywordflow">return</span> 0;</div><div class="line"><a name="l00144"></a><span class="lineno"> 144</span> }</div><div class="line"><a name="l00145"></a><span class="lineno"> 145</span> </div><div class="line"><a name="l00146"></a><span class="lineno"> 146</span> <span class="keyword">static</span> <span class="keyword">const</span> byte sigma[16] = {0x65,0x78,0x70,0x61,0x6E,0x64,0x20,0x33,0x32,0x2D,0x62,0x79,0x74,0x65,0x20,0x6B};</div><div class="line"><a name="l00147"></a><span class="lineno"> 147</span> </div><div class="line"><a name="l00148"></a><span class="lineno"><a class="line" href="naclite_8h.html#a025ced94bf40601aaca557f88e263520"> 148</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a025ced94bf40601aaca557f88e263520">crypto_stream_salsa20_xor</a>(byte *c,<span class="keyword">const</span> byte *m,word64 b,<span class="keyword">const</span> byte *n,<span class="keyword">const</span> byte *k)</div><div class="line"><a name="l00149"></a><span class="lineno"> 149</span> {</div><div class="line"><a name="l00150"></a><span class="lineno"> 150</span>  byte z[16],x[64];</div><div class="line"><a name="l00151"></a><span class="lineno"> 151</span>  word32 u,i;</div><div class="line"><a name="l00152"></a><span class="lineno"> 152</span>  <span class="keywordflow">if</span> (!b) <span class="keywordflow">return</span> 0;</div><div class="line"><a name="l00153"></a><span class="lineno"> 153</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) z[i] = 0;</div><div class="line"><a name="l00154"></a><span class="lineno"> 154</span>  <span class="keywordflow">for</span>(i=0; i<8; ++i) z[i] = n[i];</div><div class="line"><a name="l00155"></a><span class="lineno"> 155</span>  <span class="keywordflow">while</span> (b >= 64) {</div><div class="line"><a name="l00156"></a><span class="lineno"> 156</span>  <a class="code" href="naclite_8h.html#a27fe78f07af893b38b8deaaa2c63f190">crypto_core_salsa20</a>(x,z,k,sigma);</div><div class="line"><a name="l00157"></a><span class="lineno"> 157</span>  <span class="keywordflow">for</span>(i=0; i<64; ++i) c[i] = (m?m[i]:0) ^ x[i];</div><div class="line"><a name="l00158"></a><span class="lineno"> 158</span>  u = 1;</div><div class="line"><a name="l00159"></a><span class="lineno"> 159</span>  <span class="keywordflow">for</span> (i = 8;i < 16;++i) {</div><div class="line"><a name="l00160"></a><span class="lineno"> 160</span>  u += (word32) z[i];</div><div class="line"><a name="l00161"></a><span class="lineno"> 161</span>  z[i] = u;</div><div class="line"><a name="l00162"></a><span class="lineno"> 162</span>  u >>= 8;</div><div class="line"><a name="l00163"></a><span class="lineno"> 163</span>  }</div><div class="line"><a name="l00164"></a><span class="lineno"> 164</span>  b -= 64;</div><div class="line"><a name="l00165"></a><span class="lineno"> 165</span>  c += 64;</div><div class="line"><a name="l00166"></a><span class="lineno"> 166</span>  <span class="keywordflow">if</span> (m) m += 64;</div><div class="line"><a name="l00167"></a><span class="lineno"> 167</span>  }</div><div class="line"><a name="l00168"></a><span class="lineno"> 168</span>  <span class="keywordflow">if</span> (b) {</div><div class="line"><a name="l00169"></a><span class="lineno"> 169</span>  <a class="code" href="naclite_8h.html#a27fe78f07af893b38b8deaaa2c63f190">crypto_core_salsa20</a>(x,z,k,sigma);</div><div class="line"><a name="l00170"></a><span class="lineno"> 170</span>  <span class="keywordflow">for</span>(i=0; i<b; ++i) c[i] = (m?m[i]:0) ^ x[i];</div><div class="line"><a name="l00171"></a><span class="lineno"> 171</span>  }</div><div class="line"><a name="l00172"></a><span class="lineno"> 172</span>  <span class="keywordflow">return</span> 0;</div><div class="line"><a name="l00173"></a><span class="lineno"> 173</span> }</div><div class="line"><a name="l00174"></a><span class="lineno"> 174</span> </div><div class="line"><a name="l00175"></a><span class="lineno"><a class="line" href="naclite_8h.html#a5eaee390489d2a7b9998efa1ac46db37"> 175</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a5eaee390489d2a7b9998efa1ac46db37">crypto_stream_salsa20</a>(byte *c,word64 d,<span class="keyword">const</span> byte *n,<span class="keyword">const</span> byte *k)</div><div class="line"><a name="l00176"></a><span class="lineno"> 176</span> {</div><div class="line"><a name="l00177"></a><span class="lineno"> 177</span>  <span class="keywordflow">return</span> <a class="code" href="naclite_8h.html#a025ced94bf40601aaca557f88e263520">crypto_stream_salsa20_xor</a>(c,0,d,n,k);</div><div class="line"><a name="l00178"></a><span class="lineno"> 178</span> }</div><div class="line"><a name="l00179"></a><span class="lineno"> 179</span> </div><div class="line"><a name="l00180"></a><span class="lineno"><a class="line" href="naclite_8h.html#a00e45fd4091b32bba7fc1041b2b4e689"> 180</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a00e45fd4091b32bba7fc1041b2b4e689">crypto_stream</a>(byte *c,word64 d,<span class="keyword">const</span> byte *n,<span class="keyword">const</span> byte *k)</div><div class="line"><a name="l00181"></a><span class="lineno"> 181</span> {</div><div class="line"><a name="l00182"></a><span class="lineno"> 182</span>  byte s[32];</div><div class="line"><a name="l00183"></a><span class="lineno"> 183</span>  <a class="code" href="naclite_8h.html#a3faa0eb09577f9f094fe05c5e7c0d505">crypto_core_hsalsa20</a>(s,n,k,sigma);</div><div class="line"><a name="l00184"></a><span class="lineno"> 184</span>  <span class="keywordflow">return</span> <a class="code" href="naclite_8h.html#a5eaee390489d2a7b9998efa1ac46db37">crypto_stream_salsa20</a>(c,d,n+16,s);</div><div class="line"><a name="l00185"></a><span class="lineno"> 185</span> }</div><div class="line"><a name="l00186"></a><span class="lineno"> 186</span> </div><div class="line"><a name="l00187"></a><span class="lineno"><a class="line" href="naclite_8h.html#a3e5da87ad72613d0a6546c18623ec8da"> 187</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a3e5da87ad72613d0a6546c18623ec8da">crypto_stream_xor</a>(byte *c,<span class="keyword">const</span> byte *m,word64 d,<span class="keyword">const</span> byte *n,<span class="keyword">const</span> byte *k)</div><div class="line"><a name="l00188"></a><span class="lineno"> 188</span> {</div><div class="line"><a name="l00189"></a><span class="lineno"> 189</span>  byte s[32];</div><div class="line"><a name="l00190"></a><span class="lineno"> 190</span>  <a class="code" href="naclite_8h.html#a3faa0eb09577f9f094fe05c5e7c0d505">crypto_core_hsalsa20</a>(s,n,k,sigma);</div><div class="line"><a name="l00191"></a><span class="lineno"> 191</span>  <span class="keywordflow">return</span> <a class="code" href="naclite_8h.html#a025ced94bf40601aaca557f88e263520">crypto_stream_salsa20_xor</a>(c,m,d,n+16,s);</div><div class="line"><a name="l00192"></a><span class="lineno"> 192</span> }</div><div class="line"><a name="l00193"></a><span class="lineno"> 193</span> </div><div class="line"><a name="l00194"></a><span class="lineno"> 194</span> <span class="keyword">static</span> <span class="keywordtype">void</span> add1305(word32 *h,<span class="keyword">const</span> word32 *c)</div><div class="line"><a name="l00195"></a><span class="lineno"> 195</span> {</div><div class="line"><a name="l00196"></a><span class="lineno"> 196</span>  word32 j,u = 0;</div><div class="line"><a name="l00197"></a><span class="lineno"> 197</span>  <span class="keywordflow">for</span>(j=0; j<17; ++j) {</div><div class="line"><a name="l00198"></a><span class="lineno"> 198</span>  u += h[j] + c[j];</div><div class="line"><a name="l00199"></a><span class="lineno"> 199</span>  h[j] = u & 255;</div><div class="line"><a name="l00200"></a><span class="lineno"> 200</span>  u >>= 8;</div><div class="line"><a name="l00201"></a><span class="lineno"> 201</span>  }</div><div class="line"><a name="l00202"></a><span class="lineno"> 202</span> }</div><div class="line"><a name="l00203"></a><span class="lineno"> 203</span> </div><div class="line"><a name="l00204"></a><span class="lineno"> 204</span> <span class="keyword">static</span> <span class="keyword">const</span> word32 minusp[17] = {</div><div class="line"><a name="l00205"></a><span class="lineno"> 205</span>  5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252</div><div class="line"><a name="l00206"></a><span class="lineno"> 206</span> } ;</div><div class="line"><a name="l00207"></a><span class="lineno"> 207</span> </div><div class="line"><a name="l00208"></a><span class="lineno"><a class="line" href="naclite_8h.html#a42ae4588274ec80232448abb212de4c1"> 208</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a42ae4588274ec80232448abb212de4c1">crypto_onetimeauth</a>(byte *out,<span class="keyword">const</span> byte *m,word64 n,<span class="keyword">const</span> byte *k)</div><div class="line"><a name="l00209"></a><span class="lineno"> 209</span> {</div><div class="line"><a name="l00210"></a><span class="lineno"> 210</span>  word32 s,i,j,u,x[17],r[17],h[17],c[17],g[17];</div><div class="line"><a name="l00211"></a><span class="lineno"> 211</span> </div><div class="line"><a name="l00212"></a><span class="lineno"> 212</span>  <span class="keywordflow">for</span>(j=0; j<17; ++j) r[j]=h[j]=0;</div><div class="line"><a name="l00213"></a><span class="lineno"> 213</span>  <span class="keywordflow">for</span>(j=0; j<16; ++j) r[j]=k[j];</div><div class="line"><a name="l00214"></a><span class="lineno"> 214</span>  r[3]&=15;</div><div class="line"><a name="l00215"></a><span class="lineno"> 215</span>  r[4]&=252;</div><div class="line"><a name="l00216"></a><span class="lineno"> 216</span>  r[7]&=15;</div><div class="line"><a name="l00217"></a><span class="lineno"> 217</span>  r[8]&=252;</div><div class="line"><a name="l00218"></a><span class="lineno"> 218</span>  r[11]&=15;</div><div class="line"><a name="l00219"></a><span class="lineno"> 219</span>  r[12]&=252;</div><div class="line"><a name="l00220"></a><span class="lineno"> 220</span>  r[15]&=15;</div><div class="line"><a name="l00221"></a><span class="lineno"> 221</span> </div><div class="line"><a name="l00222"></a><span class="lineno"> 222</span>  <span class="keywordflow">while</span> (n > 0) {</div><div class="line"><a name="l00223"></a><span class="lineno"> 223</span>  <span class="keywordflow">for</span>(j=0; j<17; ++j) c[j] = 0;</div><div class="line"><a name="l00224"></a><span class="lineno"> 224</span>  <span class="keywordflow">for</span> (j = 0;(j < 16) && (j < n);++j) c[j] = m[j];</div><div class="line"><a name="l00225"></a><span class="lineno"> 225</span>  c[j] = 1;</div><div class="line"><a name="l00226"></a><span class="lineno"> 226</span>  m += j; n -= j;</div><div class="line"><a name="l00227"></a><span class="lineno"> 227</span>  add1305(h,c);</div><div class="line"><a name="l00228"></a><span class="lineno"> 228</span>  <span class="keywordflow">for</span>(i=0; i<17; ++i) {</div><div class="line"><a name="l00229"></a><span class="lineno"> 229</span>  x[i] = 0;</div><div class="line"><a name="l00230"></a><span class="lineno"> 230</span>  <span class="keywordflow">for</span>(j=0; j<17; ++j) x[i] += h[j] * ((j <= i) ? r[i - j] : 320 * r[i + 17 - j]);</div><div class="line"><a name="l00231"></a><span class="lineno"> 231</span>  }</div><div class="line"><a name="l00232"></a><span class="lineno"> 232</span>  <span class="keywordflow">for</span>(i=0; i<17; ++i) h[i] = x[i];</div><div class="line"><a name="l00233"></a><span class="lineno"> 233</span>  u = 0;</div><div class="line"><a name="l00234"></a><span class="lineno"> 234</span>  <span class="keywordflow">for</span>(j=0; j<16; ++j) {</div><div class="line"><a name="l00235"></a><span class="lineno"> 235</span>  u += h[j];</div><div class="line"><a name="l00236"></a><span class="lineno"> 236</span>  h[j] = u & 255;</div><div class="line"><a name="l00237"></a><span class="lineno"> 237</span>  u >>= 8;</div><div class="line"><a name="l00238"></a><span class="lineno"> 238</span>  }</div><div class="line"><a name="l00239"></a><span class="lineno"> 239</span>  u += h[16]; h[16] = u & 3;</div><div class="line"><a name="l00240"></a><span class="lineno"> 240</span>  u = 5 * (u >> 2);</div><div class="line"><a name="l00241"></a><span class="lineno"> 241</span>  <span class="keywordflow">for</span>(j=0; j<16; ++j) {</div><div class="line"><a name="l00242"></a><span class="lineno"> 242</span>  u += h[j];</div><div class="line"><a name="l00243"></a><span class="lineno"> 243</span>  h[j] = u & 255;</div><div class="line"><a name="l00244"></a><span class="lineno"> 244</span>  u >>= 8;</div><div class="line"><a name="l00245"></a><span class="lineno"> 245</span>  }</div><div class="line"><a name="l00246"></a><span class="lineno"> 246</span>  u += h[16]; h[16] = u;</div><div class="line"><a name="l00247"></a><span class="lineno"> 247</span>  }</div><div class="line"><a name="l00248"></a><span class="lineno"> 248</span> </div><div class="line"><a name="l00249"></a><span class="lineno"> 249</span>  <span class="keywordflow">for</span>(j=0; j<17; ++j) g[j] = h[j];</div><div class="line"><a name="l00250"></a><span class="lineno"> 250</span>  add1305(h,minusp);</div><div class="line"><a name="l00251"></a><span class="lineno"> 251</span>  s = -(h[16] >> 7);</div><div class="line"><a name="l00252"></a><span class="lineno"> 252</span>  <span class="keywordflow">for</span>(j=0; j<17; ++j) h[j] ^= s & (g[j] ^ h[j]);</div><div class="line"><a name="l00253"></a><span class="lineno"> 253</span> </div><div class="line"><a name="l00254"></a><span class="lineno"> 254</span>  <span class="keywordflow">for</span>(j=0; j<16; ++j) c[j] = k[j + 16];</div><div class="line"><a name="l00255"></a><span class="lineno"> 255</span>  c[16] = 0;</div><div class="line"><a name="l00256"></a><span class="lineno"> 256</span>  add1305(h,c);</div><div class="line"><a name="l00257"></a><span class="lineno"> 257</span>  <span class="keywordflow">for</span>(j=0; j<16; ++j) out[j] = h[j];</div><div class="line"><a name="l00258"></a><span class="lineno"> 258</span>  <span class="keywordflow">return</span> 0;</div><div class="line"><a name="l00259"></a><span class="lineno"> 259</span> }</div><div class="line"><a name="l00260"></a><span class="lineno"> 260</span> </div><div class="line"><a name="l00261"></a><span class="lineno"><a class="line" href="naclite_8h.html#aa296b9fdb62ddce1fe87043e626fd574"> 261</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#aa296b9fdb62ddce1fe87043e626fd574">crypto_onetimeauth_verify</a>(<span class="keyword">const</span> byte *h,<span class="keyword">const</span> byte *m,word64 n,<span class="keyword">const</span> byte *k)</div><div class="line"><a name="l00262"></a><span class="lineno"> 262</span> {</div><div class="line"><a name="l00263"></a><span class="lineno"> 263</span>  byte x[16];</div><div class="line"><a name="l00264"></a><span class="lineno"> 264</span>  <a class="code" href="naclite_8h.html#a42ae4588274ec80232448abb212de4c1">crypto_onetimeauth</a>(x,m,n,k);</div><div class="line"><a name="l00265"></a><span class="lineno"> 265</span>  <span class="keywordflow">return</span> <a class="code" href="naclite_8h.html#aec57f288b468ee38492c45557f736ca8">crypto_verify_16</a>(h,x);</div><div class="line"><a name="l00266"></a><span class="lineno"> 266</span> }</div><div class="line"><a name="l00267"></a><span class="lineno"> 267</span> </div><div class="line"><a name="l00268"></a><span class="lineno"><a class="line" href="naclite_8h.html#aceecda08cbfd5aa60ef23e608687f641"> 268</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#aceecda08cbfd5aa60ef23e608687f641">crypto_secretbox</a>(byte *c,<span class="keyword">const</span> byte *m,word64 d,<span class="keyword">const</span> byte *n,<span class="keyword">const</span> byte *k)</div><div class="line"><a name="l00269"></a><span class="lineno"> 269</span> {</div><div class="line"><a name="l00270"></a><span class="lineno"> 270</span>  <span class="keywordtype">int</span> i;</div><div class="line"><a name="l00271"></a><span class="lineno"> 271</span>  <span class="keywordflow">if</span> (d < 32) <span class="keywordflow">return</span> -1;</div><div class="line"><a name="l00272"></a><span class="lineno"> 272</span>  <a class="code" href="naclite_8h.html#a3e5da87ad72613d0a6546c18623ec8da">crypto_stream_xor</a>(c,m,d,n,k);</div><div class="line"><a name="l00273"></a><span class="lineno"> 273</span>  <a class="code" href="naclite_8h.html#a42ae4588274ec80232448abb212de4c1">crypto_onetimeauth</a>(c + 16,c + 32,d - 32,c);</div><div class="line"><a name="l00274"></a><span class="lineno"> 274</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) c[i] = 0;</div><div class="line"><a name="l00275"></a><span class="lineno"> 275</span>  <span class="keywordflow">return</span> 0;</div><div class="line"><a name="l00276"></a><span class="lineno"> 276</span> }</div><div class="line"><a name="l00277"></a><span class="lineno"> 277</span> </div><div class="line"><a name="l00278"></a><span class="lineno"><a class="line" href="naclite_8h.html#a1d943e9c5b6be5956c6af8256ffddaf5"> 278</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a1d943e9c5b6be5956c6af8256ffddaf5">crypto_secretbox_open</a>(byte *m,<span class="keyword">const</span> byte *c,word64 d,<span class="keyword">const</span> byte *n,<span class="keyword">const</span> byte *k)</div><div class="line"><a name="l00279"></a><span class="lineno"> 279</span> {</div><div class="line"><a name="l00280"></a><span class="lineno"> 280</span>  <span class="keywordtype">int</span> i;</div><div class="line"><a name="l00281"></a><span class="lineno"> 281</span>  byte x[32];</div><div class="line"><a name="l00282"></a><span class="lineno"> 282</span>  <span class="keywordflow">if</span> (d < 32) <span class="keywordflow">return</span> -1;</div><div class="line"><a name="l00283"></a><span class="lineno"> 283</span>  <a class="code" href="naclite_8h.html#a00e45fd4091b32bba7fc1041b2b4e689">crypto_stream</a>(x,32,n,k);</div><div class="line"><a name="l00284"></a><span class="lineno"> 284</span>  <span class="keywordflow">if</span> (<a class="code" href="naclite_8h.html#aa296b9fdb62ddce1fe87043e626fd574">crypto_onetimeauth_verify</a>(c + 16,c + 32,d - 32,x) != 0) <span class="keywordflow">return</span> -1;</div><div class="line"><a name="l00285"></a><span class="lineno"> 285</span>  <a class="code" href="naclite_8h.html#a3e5da87ad72613d0a6546c18623ec8da">crypto_stream_xor</a>(m,c,d,n,k);</div><div class="line"><a name="l00286"></a><span class="lineno"> 286</span>  <span class="keywordflow">for</span>(i=0; i<32; ++i) m[i] = 0;</div><div class="line"><a name="l00287"></a><span class="lineno"> 287</span>  <span class="keywordflow">return</span> 0;</div><div class="line"><a name="l00288"></a><span class="lineno"> 288</span> }</div><div class="line"><a name="l00289"></a><span class="lineno"> 289</span> </div><div class="line"><a name="l00290"></a><span class="lineno"> 290</span> <span class="keyword">static</span> <span class="keywordtype">void</span> set25519(gf r, <span class="keyword">const</span> gf a)</div><div class="line"><a name="l00291"></a><span class="lineno"> 291</span> {</div><div class="line"><a name="l00292"></a><span class="lineno"> 292</span>  <span class="keywordtype">int</span> i;</div><div class="line"><a name="l00293"></a><span class="lineno"> 293</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) r[i]=a[i];</div><div class="line"><a name="l00294"></a><span class="lineno"> 294</span> }</div><div class="line"><a name="l00295"></a><span class="lineno"> 295</span> </div><div class="line"><a name="l00296"></a><span class="lineno"> 296</span> <span class="keyword">static</span> <span class="keywordtype">void</span> car25519(gf o)</div><div class="line"><a name="l00297"></a><span class="lineno"> 297</span> {</div><div class="line"><a name="l00298"></a><span class="lineno"> 298</span>  <span class="keywordtype">int</span> i;</div><div class="line"><a name="l00299"></a><span class="lineno"> 299</span>  sword64 c;</div><div class="line"><a name="l00300"></a><span class="lineno"> 300</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) {</div><div class="line"><a name="l00301"></a><span class="lineno"> 301</span>  o[i]+=(1LL<<16);</div><div class="line"><a name="l00302"></a><span class="lineno"> 302</span>  c=o[i]>>16;</div><div class="line"><a name="l00303"></a><span class="lineno"> 303</span>  o[(i+1)*(i<15)]+=c-1+37*(c-1)*(i==15);</div><div class="line"><a name="l00304"></a><span class="lineno"> 304</span>  o[i]-=((word64)c)<<16;</div><div class="line"><a name="l00305"></a><span class="lineno"> 305</span>  }</div><div class="line"><a name="l00306"></a><span class="lineno"> 306</span> }</div><div class="line"><a name="l00307"></a><span class="lineno"> 307</span> </div><div class="line"><a name="l00308"></a><span class="lineno"> 308</span> <span class="keyword">static</span> <span class="keywordtype">void</span> sel25519(gf p,gf q,<span class="keywordtype">int</span> b)</div><div class="line"><a name="l00309"></a><span class="lineno"> 309</span> {</div><div class="line"><a name="l00310"></a><span class="lineno"> 310</span>  sword64 t,i,c=~(b-1);</div><div class="line"><a name="l00311"></a><span class="lineno"> 311</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) {</div><div class="line"><a name="l00312"></a><span class="lineno"> 312</span>  t= c&(p[i]^q[i]);</div><div class="line"><a name="l00313"></a><span class="lineno"> 313</span>  p[i]^=t;</div><div class="line"><a name="l00314"></a><span class="lineno"> 314</span>  q[i]^=t;</div><div class="line"><a name="l00315"></a><span class="lineno"> 315</span>  }</div><div class="line"><a name="l00316"></a><span class="lineno"> 316</span> }</div><div class="line"><a name="l00317"></a><span class="lineno"> 317</span> </div><div class="line"><a name="l00318"></a><span class="lineno"> 318</span> <span class="keyword">static</span> <span class="keywordtype">void</span> pack25519(byte *o,<span class="keyword">const</span> gf n)</div><div class="line"><a name="l00319"></a><span class="lineno"> 319</span> {</div><div class="line"><a name="l00320"></a><span class="lineno"> 320</span>  <span class="keywordtype">int</span> i,j,b;</div><div class="line"><a name="l00321"></a><span class="lineno"> 321</span>  gf m,t;</div><div class="line"><a name="l00322"></a><span class="lineno"> 322</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) t[i]=n[i];</div><div class="line"><a name="l00323"></a><span class="lineno"> 323</span>  car25519(t);</div><div class="line"><a name="l00324"></a><span class="lineno"> 324</span>  car25519(t);</div><div class="line"><a name="l00325"></a><span class="lineno"> 325</span>  car25519(t);</div><div class="line"><a name="l00326"></a><span class="lineno"> 326</span>  <span class="keywordflow">for</span>(j=0; j<2; ++j) {</div><div class="line"><a name="l00327"></a><span class="lineno"> 327</span>  m[0]=t[0]-0xffed;</div><div class="line"><a name="l00328"></a><span class="lineno"> 328</span>  <span class="keywordflow">for</span>(i=1;i<15;i++) {</div><div class="line"><a name="l00329"></a><span class="lineno"> 329</span>  m[i]=t[i]-0xffff-((m[i-1]>>16)&1);</div><div class="line"><a name="l00330"></a><span class="lineno"> 330</span>  m[i-1]&=0xffff;</div><div class="line"><a name="l00331"></a><span class="lineno"> 331</span>  }</div><div class="line"><a name="l00332"></a><span class="lineno"> 332</span>  m[15]=t[15]-0x7fff-((m[14]>>16)&1);</div><div class="line"><a name="l00333"></a><span class="lineno"> 333</span>  b=(m[15]>>16)&1;</div><div class="line"><a name="l00334"></a><span class="lineno"> 334</span>  m[14]&=0xffff;</div><div class="line"><a name="l00335"></a><span class="lineno"> 335</span>  sel25519(t,m,1-b);</div><div class="line"><a name="l00336"></a><span class="lineno"> 336</span>  }</div><div class="line"><a name="l00337"></a><span class="lineno"> 337</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) {</div><div class="line"><a name="l00338"></a><span class="lineno"> 338</span>  o[2*i]=t[i]&0xff;</div><div class="line"><a name="l00339"></a><span class="lineno"> 339</span>  o[2*i+1]=t[i]>>8;</div><div class="line"><a name="l00340"></a><span class="lineno"> 340</span>  }</div><div class="line"><a name="l00341"></a><span class="lineno"> 341</span> }</div><div class="line"><a name="l00342"></a><span class="lineno"> 342</span> </div><div class="line"><a name="l00343"></a><span class="lineno"> 343</span> <span class="keyword">static</span> <span class="keywordtype">int</span> neq25519(<span class="keyword">const</span> gf a, <span class="keyword">const</span> gf b)</div><div class="line"><a name="l00344"></a><span class="lineno"> 344</span> {</div><div class="line"><a name="l00345"></a><span class="lineno"> 345</span>  byte c[32],d[32];</div><div class="line"><a name="l00346"></a><span class="lineno"> 346</span>  pack25519(c,a);</div><div class="line"><a name="l00347"></a><span class="lineno"> 347</span>  pack25519(d,b);</div><div class="line"><a name="l00348"></a><span class="lineno"> 348</span>  <span class="keywordflow">return</span> <a class="code" href="naclite_8h.html#a33256907cbe2f0a1788e13fa58c31eec">crypto_verify_32</a>(c,d);</div><div class="line"><a name="l00349"></a><span class="lineno"> 349</span> }</div><div class="line"><a name="l00350"></a><span class="lineno"> 350</span> </div><div class="line"><a name="l00351"></a><span class="lineno"> 351</span> <span class="keyword">static</span> byte par25519(<span class="keyword">const</span> gf a)</div><div class="line"><a name="l00352"></a><span class="lineno"> 352</span> {</div><div class="line"><a name="l00353"></a><span class="lineno"> 353</span>  byte d[32];</div><div class="line"><a name="l00354"></a><span class="lineno"> 354</span>  pack25519(d,a);</div><div class="line"><a name="l00355"></a><span class="lineno"> 355</span>  <span class="keywordflow">return</span> d[0]&1;</div><div class="line"><a name="l00356"></a><span class="lineno"> 356</span> }</div><div class="line"><a name="l00357"></a><span class="lineno"> 357</span> </div><div class="line"><a name="l00358"></a><span class="lineno"> 358</span> <span class="keyword">static</span> <span class="keywordtype">void</span> unpack25519(gf o, <span class="keyword">const</span> byte *n)</div><div class="line"><a name="l00359"></a><span class="lineno"> 359</span> {</div><div class="line"><a name="l00360"></a><span class="lineno"> 360</span>  <span class="keywordtype">int</span> i;</div><div class="line"><a name="l00361"></a><span class="lineno"> 361</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) o[i]=n[2*i]+((sword64)n[2*i+1]<<8);</div><div class="line"><a name="l00362"></a><span class="lineno"> 362</span>  o[15]&=0x7fff;</div><div class="line"><a name="l00363"></a><span class="lineno"> 363</span> }</div><div class="line"><a name="l00364"></a><span class="lineno"> 364</span> </div><div class="line"><a name="l00365"></a><span class="lineno"> 365</span> <span class="keyword">static</span> <span class="keywordtype">void</span> A(gf o,<span class="keyword">const</span> gf a,<span class="keyword">const</span> gf b)</div><div class="line"><a name="l00366"></a><span class="lineno"> 366</span> {</div><div class="line"><a name="l00367"></a><span class="lineno"> 367</span>  <span class="keywordtype">int</span> i;</div><div class="line"><a name="l00368"></a><span class="lineno"> 368</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) o[i]=a[i]+b[i];</div><div class="line"><a name="l00369"></a><span class="lineno"> 369</span> }</div><div class="line"><a name="l00370"></a><span class="lineno"> 370</span> </div><div class="line"><a name="l00371"></a><span class="lineno"> 371</span> <span class="keyword">static</span> <span class="keywordtype">void</span> Z(gf o,<span class="keyword">const</span> gf a,<span class="keyword">const</span> gf b)</div><div class="line"><a name="l00372"></a><span class="lineno"> 372</span> {</div><div class="line"><a name="l00373"></a><span class="lineno"> 373</span>  <span class="keywordtype">int</span> i;</div><div class="line"><a name="l00374"></a><span class="lineno"> 374</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) o[i]=a[i]-b[i];</div><div class="line"><a name="l00375"></a><span class="lineno"> 375</span> }</div><div class="line"><a name="l00376"></a><span class="lineno"> 376</span> </div><div class="line"><a name="l00377"></a><span class="lineno"> 377</span> <span class="keyword">static</span> <span class="keywordtype">void</span> M(gf o,<span class="keyword">const</span> gf a,<span class="keyword">const</span> gf b)</div><div class="line"><a name="l00378"></a><span class="lineno"> 378</span> {</div><div class="line"><a name="l00379"></a><span class="lineno"> 379</span>  sword64 i,j,t[31];</div><div class="line"><a name="l00380"></a><span class="lineno"> 380</span>  <span class="keywordflow">for</span>(i=0; i<31; ++i) t[i]=0;</div><div class="line"><a name="l00381"></a><span class="lineno"> 381</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) <span class="keywordflow">for</span>(j=0; j<16; ++j) t[i+j]+=a[i]*b[j];</div><div class="line"><a name="l00382"></a><span class="lineno"> 382</span>  <span class="keywordflow">for</span>(i=0; i<15; ++i) t[i]+=38*t[i+16];</div><div class="line"><a name="l00383"></a><span class="lineno"> 383</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) o[i]=t[i];</div><div class="line"><a name="l00384"></a><span class="lineno"> 384</span>  car25519(o);</div><div class="line"><a name="l00385"></a><span class="lineno"> 385</span>  car25519(o);</div><div class="line"><a name="l00386"></a><span class="lineno"> 386</span> }</div><div class="line"><a name="l00387"></a><span class="lineno"> 387</span> </div><div class="line"><a name="l00388"></a><span class="lineno"> 388</span> <span class="keyword">static</span> <span class="keywordtype">void</span> S(gf o,<span class="keyword">const</span> gf a)</div><div class="line"><a name="l00389"></a><span class="lineno"> 389</span> {</div><div class="line"><a name="l00390"></a><span class="lineno"> 390</span>  M(o,a,a);</div><div class="line"><a name="l00391"></a><span class="lineno"> 391</span> }</div><div class="line"><a name="l00392"></a><span class="lineno"> 392</span> </div><div class="line"><a name="l00393"></a><span class="lineno"> 393</span> <span class="keyword">static</span> <span class="keywordtype">void</span> inv25519(gf o,<span class="keyword">const</span> gf i)</div><div class="line"><a name="l00394"></a><span class="lineno"> 394</span> {</div><div class="line"><a name="l00395"></a><span class="lineno"> 395</span>  gf c;</div><div class="line"><a name="l00396"></a><span class="lineno"> 396</span>  <span class="keywordtype">int</span> a;</div><div class="line"><a name="l00397"></a><span class="lineno"> 397</span>  <span class="keywordflow">for</span>(a=0; a<16; ++a) c[a]=i[a];</div><div class="line"><a name="l00398"></a><span class="lineno"> 398</span>  <span class="keywordflow">for</span>(a=253;a>=0;a--) {</div><div class="line"><a name="l00399"></a><span class="lineno"> 399</span>  S(c,c);</div><div class="line"><a name="l00400"></a><span class="lineno"> 400</span>  <span class="keywordflow">if</span>(a!=2&&a!=4) M(c,c,i);</div><div class="line"><a name="l00401"></a><span class="lineno"> 401</span>  }</div><div class="line"><a name="l00402"></a><span class="lineno"> 402</span>  <span class="keywordflow">for</span>(a=0; a<16; ++a) o[a]=c[a];</div><div class="line"><a name="l00403"></a><span class="lineno"> 403</span> }</div><div class="line"><a name="l00404"></a><span class="lineno"> 404</span> </div><div class="line"><a name="l00405"></a><span class="lineno"> 405</span> <span class="keyword">static</span> <span class="keywordtype">void</span> pow2523(gf o,<span class="keyword">const</span> gf i)</div><div class="line"><a name="l00406"></a><span class="lineno"> 406</span> {</div><div class="line"><a name="l00407"></a><span class="lineno"> 407</span>  gf c;</div><div class="line"><a name="l00408"></a><span class="lineno"> 408</span>  <span class="keywordtype">int</span> a;</div><div class="line"><a name="l00409"></a><span class="lineno"> 409</span>  <span class="keywordflow">for</span>(a=0; a<16; ++a) c[a]=i[a];</div><div class="line"><a name="l00410"></a><span class="lineno"> 410</span>  <span class="keywordflow">for</span>(a=250;a>=0;a--) {</div><div class="line"><a name="l00411"></a><span class="lineno"> 411</span>  S(c,c);</div><div class="line"><a name="l00412"></a><span class="lineno"> 412</span>  <span class="keywordflow">if</span>(a!=1) M(c,c,i);</div><div class="line"><a name="l00413"></a><span class="lineno"> 413</span>  }</div><div class="line"><a name="l00414"></a><span class="lineno"> 414</span>  <span class="keywordflow">for</span>(a=0; a<16; ++a) o[a]=c[a];</div><div class="line"><a name="l00415"></a><span class="lineno"> 415</span> }</div><div class="line"><a name="l00416"></a><span class="lineno"> 416</span> </div><div class="line"><a name="l00417"></a><span class="lineno"> 417</span> <span class="comment">// https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c</span></div><div class="line"><a name="l00418"></a><span class="lineno"> 418</span> <span class="keyword">static</span> <span class="keywordtype">int</span> has_small_order(<span class="keyword">const</span> byte s[32])</div><div class="line"><a name="l00419"></a><span class="lineno"> 419</span> {</div><div class="line"><a name="l00420"></a><span class="lineno"> 420</span>  CRYPTOPP_ALIGN_DATA(16)</div><div class="line"><a name="l00421"></a><span class="lineno"> 421</span>  const byte blacklist[][32] = {</div><div class="line"><a name="l00422"></a><span class="lineno"> 422</span>  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },</div><div class="line"><a name="l00423"></a><span class="lineno"> 423</span>  { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },</div><div class="line"><a name="l00424"></a><span class="lineno"> 424</span>  { 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 },</div><div class="line"><a name="l00425"></a><span class="lineno"> 425</span>  { 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 },</div><div class="line"><a name="l00426"></a><span class="lineno"> 426</span>  { 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },</div><div class="line"><a name="l00427"></a><span class="lineno"> 427</span>  { 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },</div><div class="line"><a name="l00428"></a><span class="lineno"> 428</span>  { 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },</div><div class="line"><a name="l00429"></a><span class="lineno"> 429</span>  { 0xcd, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x80 },</div><div class="line"><a name="l00430"></a><span class="lineno"> 430</span>  { 0x4c, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0xd7 },</div><div class="line"><a name="l00431"></a><span class="lineno"> 431</span>  { 0xd9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },</div><div class="line"><a name="l00432"></a><span class="lineno"> 432</span>  { 0xda, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },</div><div class="line"><a name="l00433"></a><span class="lineno"> 433</span>  { 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }</div><div class="line"><a name="l00434"></a><span class="lineno"> 434</span>  };</div><div class="line"><a name="l00435"></a><span class="lineno"> 435</span>  <a class="code" href="misc_8h.html#a6b378b1b9b2d4654cc852c088742ba70">CRYPTOPP_COMPILE_ASSERT</a>(12 == <a class="code" href="misc_8h.html#a2d7e4464ea73d6393ebe78f952253426">COUNTOF</a>(blacklist));</div><div class="line"><a name="l00436"></a><span class="lineno"> 436</span> </div><div class="line"><a name="l00437"></a><span class="lineno"> 437</span>  byte c[12] = { 0 };</div><div class="line"><a name="l00438"></a><span class="lineno"> 438</span>  <span class="keywordflow">for</span> (<span class="keywordtype">size_t</span> j = 0; j < 32; j++) {</div><div class="line"><a name="l00439"></a><span class="lineno"> 439</span>  <span class="keywordflow">for</span> (<span class="keywordtype">size_t</span> i = 0; i < <a class="code" href="misc_8h.html#a2d7e4464ea73d6393ebe78f952253426">COUNTOF</a>(blacklist); i++) {</div><div class="line"><a name="l00440"></a><span class="lineno"> 440</span>  c[i] |= s[j] ^ blacklist[i][j];</div><div class="line"><a name="l00441"></a><span class="lineno"> 441</span>  }</div><div class="line"><a name="l00442"></a><span class="lineno"> 442</span>  }</div><div class="line"><a name="l00443"></a><span class="lineno"> 443</span> </div><div class="line"><a name="l00444"></a><span class="lineno"> 444</span>  <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> k = 0;</div><div class="line"><a name="l00445"></a><span class="lineno"> 445</span>  <span class="keywordflow">for</span> (<span class="keywordtype">size_t</span> i = 0; i < <a class="code" href="misc_8h.html#a2d7e4464ea73d6393ebe78f952253426">COUNTOF</a>(blacklist); i++) {</div><div class="line"><a name="l00446"></a><span class="lineno"> 446</span>  k |= (c[i] - 1);</div><div class="line"><a name="l00447"></a><span class="lineno"> 447</span>  }</div><div class="line"><a name="l00448"></a><span class="lineno"> 448</span> </div><div class="line"><a name="l00449"></a><span class="lineno"> 449</span>  <span class="keywordflow">return</span> (<span class="keywordtype">int</span>) ((k >> 8) & 1);</div><div class="line"><a name="l00450"></a><span class="lineno"> 450</span> }</div><div class="line"><a name="l00451"></a><span class="lineno"> 451</span> </div><div class="line"><a name="l00452"></a><span class="lineno"><a class="line" href="naclite_8h.html#a6c18d7ce2ad9a14a7dd5e2a2eade80a9"> 452</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a6c18d7ce2ad9a14a7dd5e2a2eade80a9">crypto_scalarmult</a>(byte *q,<span class="keyword">const</span> byte *n,<span class="keyword">const</span> byte *p)</div><div class="line"><a name="l00453"></a><span class="lineno"> 453</span> {</div><div class="line"><a name="l00454"></a><span class="lineno"> 454</span>  byte z[32];</div><div class="line"><a name="l00455"></a><span class="lineno"> 455</span>  sword64 x[80],r,i;</div><div class="line"><a name="l00456"></a><span class="lineno"> 456</span>  gf a,b,c,d,e,f;</div><div class="line"><a name="l00457"></a><span class="lineno"> 457</span>  <span class="keywordflow">for</span>(i=0; i<31; ++i) z[i]=n[i];</div><div class="line"><a name="l00458"></a><span class="lineno"> 458</span>  z[31]=(n[31]&127)|64;</div><div class="line"><a name="l00459"></a><span class="lineno"> 459</span>  z[0]&=248;</div><div class="line"><a name="l00460"></a><span class="lineno"> 460</span>  unpack25519(x,p);</div><div class="line"><a name="l00461"></a><span class="lineno"> 461</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) {</div><div class="line"><a name="l00462"></a><span class="lineno"> 462</span>  b[i]=x[i];</div><div class="line"><a name="l00463"></a><span class="lineno"> 463</span>  d[i]=a[i]=c[i]=0;</div><div class="line"><a name="l00464"></a><span class="lineno"> 464</span>  }</div><div class="line"><a name="l00465"></a><span class="lineno"> 465</span>  a[0]=d[0]=1;</div><div class="line"><a name="l00466"></a><span class="lineno"> 466</span>  <span class="keywordflow">for</span>(i=254;i>=0;--i) {</div><div class="line"><a name="l00467"></a><span class="lineno"> 467</span>  r=(z[i>>3]>>(i&7))&1;</div><div class="line"><a name="l00468"></a><span class="lineno"> 468</span>  sel25519(a,b,r);</div><div class="line"><a name="l00469"></a><span class="lineno"> 469</span>  sel25519(c,d,r);</div><div class="line"><a name="l00470"></a><span class="lineno"> 470</span>  A(e,a,c);</div><div class="line"><a name="l00471"></a><span class="lineno"> 471</span>  Z(a,a,c);</div><div class="line"><a name="l00472"></a><span class="lineno"> 472</span>  A(c,b,d);</div><div class="line"><a name="l00473"></a><span class="lineno"> 473</span>  Z(b,b,d);</div><div class="line"><a name="l00474"></a><span class="lineno"> 474</span>  S(d,e);</div><div class="line"><a name="l00475"></a><span class="lineno"> 475</span>  S(f,a);</div><div class="line"><a name="l00476"></a><span class="lineno"> 476</span>  M(a,c,a);</div><div class="line"><a name="l00477"></a><span class="lineno"> 477</span>  M(c,b,e);</div><div class="line"><a name="l00478"></a><span class="lineno"> 478</span>  A(e,a,c);</div><div class="line"><a name="l00479"></a><span class="lineno"> 479</span>  Z(a,a,c);</div><div class="line"><a name="l00480"></a><span class="lineno"> 480</span>  S(b,a);</div><div class="line"><a name="l00481"></a><span class="lineno"> 481</span>  Z(c,d,f);</div><div class="line"><a name="l00482"></a><span class="lineno"> 482</span>  M(a,c,_121665);</div><div class="line"><a name="l00483"></a><span class="lineno"> 483</span>  A(a,a,d);</div><div class="line"><a name="l00484"></a><span class="lineno"> 484</span>  M(c,c,a);</div><div class="line"><a name="l00485"></a><span class="lineno"> 485</span>  M(a,d,f);</div><div class="line"><a name="l00486"></a><span class="lineno"> 486</span>  M(d,b,x);</div><div class="line"><a name="l00487"></a><span class="lineno"> 487</span>  S(b,e);</div><div class="line"><a name="l00488"></a><span class="lineno"> 488</span>  sel25519(a,b,r);</div><div class="line"><a name="l00489"></a><span class="lineno"> 489</span>  sel25519(c,d,r);</div><div class="line"><a name="l00490"></a><span class="lineno"> 490</span>  }</div><div class="line"><a name="l00491"></a><span class="lineno"> 491</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) {</div><div class="line"><a name="l00492"></a><span class="lineno"> 492</span>  x[i+16]=a[i];</div><div class="line"><a name="l00493"></a><span class="lineno"> 493</span>  x[i+32]=c[i];</div><div class="line"><a name="l00494"></a><span class="lineno"> 494</span>  x[i+48]=b[i];</div><div class="line"><a name="l00495"></a><span class="lineno"> 495</span>  x[i+64]=d[i];</div><div class="line"><a name="l00496"></a><span class="lineno"> 496</span>  }</div><div class="line"><a name="l00497"></a><span class="lineno"> 497</span>  inv25519(x+32,x+32);</div><div class="line"><a name="l00498"></a><span class="lineno"> 498</span>  M(x+16,x+16,x+32);</div><div class="line"><a name="l00499"></a><span class="lineno"> 499</span>  pack25519(q,x+16);</div><div class="line"><a name="l00500"></a><span class="lineno"> 500</span>  <span class="keywordflow">return</span> 0;</div><div class="line"><a name="l00501"></a><span class="lineno"> 501</span> }</div><div class="line"><a name="l00502"></a><span class="lineno"> 502</span> </div><div class="line"><a name="l00503"></a><span class="lineno"><a class="line" href="naclite_8h.html#a5c724dc954ad94ef544ea52ee52ccd55"> 503</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a5c724dc954ad94ef544ea52ee52ccd55">crypto_scalarmult_base</a>(byte *q,<span class="keyword">const</span> byte *n)</div><div class="line"><a name="l00504"></a><span class="lineno"> 504</span> {</div><div class="line"><a name="l00505"></a><span class="lineno"> 505</span>  <span class="keywordflow">return</span> <a class="code" href="naclite_8h.html#a6c18d7ce2ad9a14a7dd5e2a2eade80a9">crypto_scalarmult</a>(q,n,_9);</div><div class="line"><a name="l00506"></a><span class="lineno"> 506</span> }</div><div class="line"><a name="l00507"></a><span class="lineno"> 507</span> </div><div class="line"><a name="l00508"></a><span class="lineno"><a class="line" href="naclite_8h.html#ac6b434452ee18da0bbdbd238e7f1000c"> 508</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#ac6b434452ee18da0bbdbd238e7f1000c">crypto_box_keypair</a>(byte *y,byte *x)</div><div class="line"><a name="l00509"></a><span class="lineno"> 509</span> {</div><div class="line"><a name="l00510"></a><span class="lineno"> 510</span>  randombytes(x,32);</div><div class="line"><a name="l00511"></a><span class="lineno"> 511</span>  <span class="keywordflow">return</span> <a class="code" href="naclite_8h.html#a5c724dc954ad94ef544ea52ee52ccd55">crypto_scalarmult_base</a>(y,x);</div><div class="line"><a name="l00512"></a><span class="lineno"> 512</span> }</div><div class="line"><a name="l00513"></a><span class="lineno"> 513</span> </div><div class="line"><a name="l00514"></a><span class="lineno"> 514</span> <span class="comment">// Avoid small order elements. Also see https://eprint.iacr.org/2017/806.pdf</span></div><div class="line"><a name="l00515"></a><span class="lineno"> 515</span> <span class="comment">// and https://github.com/jedisct1/libsodium/commit/675149b9b8b66ff4.</span></div><div class="line"><a name="l00516"></a><span class="lineno"><a class="line" href="naclite_8h.html#a09a1c4b3c26592ef93892feb67767113"> 516</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a09a1c4b3c26592ef93892feb67767113">crypto_box_beforenm</a>(byte *k,<span class="keyword">const</span> byte *y,<span class="keyword">const</span> byte *x)</div><div class="line"><a name="l00517"></a><span class="lineno"> 517</span> {</div><div class="line"><a name="l00518"></a><span class="lineno"> 518</span>  byte s[32];</div><div class="line"><a name="l00519"></a><span class="lineno"> 519</span>  <span class="keywordflow">if</span>(<a class="code" href="naclite_8h.html#a6c18d7ce2ad9a14a7dd5e2a2eade80a9">crypto_scalarmult</a>(s,x,y) != 0) <span class="keywordflow">return</span> -1;</div><div class="line"><a name="l00520"></a><span class="lineno"> 520</span>  <span class="keywordflow">if</span>(has_small_order(s) != 0) <span class="keywordflow">return</span> -1;</div><div class="line"><a name="l00521"></a><span class="lineno"> 521</span>  <span class="keywordflow">return</span> <a class="code" href="naclite_8h.html#a3faa0eb09577f9f094fe05c5e7c0d505">crypto_core_hsalsa20</a>(k,_0,s,sigma);</div><div class="line"><a name="l00522"></a><span class="lineno"> 522</span> }</div><div class="line"><a name="l00523"></a><span class="lineno"> 523</span> </div><div class="line"><a name="l00524"></a><span class="lineno"> 524</span> <span class="comment">// Allow small order elements. Also see https://eprint.iacr.org/2017/806.pdf</span></div><div class="line"><a name="l00525"></a><span class="lineno"><a class="line" href="naclite_8h.html#a3550ab7369eb2693c5bbc1f555ad6370"> 525</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a3550ab7369eb2693c5bbc1f555ad6370">crypto_box_beforenm_unchecked</a>(byte *k,<span class="keyword">const</span> byte *y,<span class="keyword">const</span> byte *x)</div><div class="line"><a name="l00526"></a><span class="lineno"> 526</span> {</div><div class="line"><a name="l00527"></a><span class="lineno"> 527</span>  byte s[32];</div><div class="line"><a name="l00528"></a><span class="lineno"> 528</span>  <span class="keywordflow">if</span>(<a class="code" href="naclite_8h.html#a6c18d7ce2ad9a14a7dd5e2a2eade80a9">crypto_scalarmult</a>(s,x,y) != 0) <span class="keywordflow">return</span> -1;</div><div class="line"><a name="l00529"></a><span class="lineno"> 529</span>  <span class="keywordflow">return</span> <a class="code" href="naclite_8h.html#a3faa0eb09577f9f094fe05c5e7c0d505">crypto_core_hsalsa20</a>(k,_0,s,sigma);</div><div class="line"><a name="l00530"></a><span class="lineno"> 530</span> }</div><div class="line"><a name="l00531"></a><span class="lineno"> 531</span> </div><div class="line"><a name="l00532"></a><span class="lineno"><a class="line" href="naclite_8h.html#a1d52a5464986fc0bbbce3bc114aa04ef"> 532</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a1d52a5464986fc0bbbce3bc114aa04ef">crypto_box_afternm</a>(byte *c,<span class="keyword">const</span> byte *m,word64 d,<span class="keyword">const</span> byte *n,<span class="keyword">const</span> byte *k)</div><div class="line"><a name="l00533"></a><span class="lineno"> 533</span> {</div><div class="line"><a name="l00534"></a><span class="lineno"> 534</span>  <span class="keywordflow">return</span> <a class="code" href="naclite_8h.html#aceecda08cbfd5aa60ef23e608687f641">crypto_secretbox</a>(c,m,d,n,k);</div><div class="line"><a name="l00535"></a><span class="lineno"> 535</span> }</div><div class="line"><a name="l00536"></a><span class="lineno"> 536</span> </div><div class="line"><a name="l00537"></a><span class="lineno"><a class="line" href="naclite_8h.html#aa99c97521c76b846df8ee4c591b55af2"> 537</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#aa99c97521c76b846df8ee4c591b55af2">crypto_box_open_afternm</a>(byte *m,<span class="keyword">const</span> byte *c,word64 d,<span class="keyword">const</span> byte *n,<span class="keyword">const</span> byte *k)</div><div class="line"><a name="l00538"></a><span class="lineno"> 538</span> {</div><div class="line"><a name="l00539"></a><span class="lineno"> 539</span>  <span class="keywordflow">return</span> <a class="code" href="naclite_8h.html#a1d943e9c5b6be5956c6af8256ffddaf5">crypto_secretbox_open</a>(m,c,d,n,k);</div><div class="line"><a name="l00540"></a><span class="lineno"> 540</span> }</div><div class="line"><a name="l00541"></a><span class="lineno"> 541</span> </div><div class="line"><a name="l00542"></a><span class="lineno"><a class="line" href="naclite_8h.html#a9901282f0662fae3ddc74986f8d7408c"> 542</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a9901282f0662fae3ddc74986f8d7408c">crypto_box</a>(byte *c, <span class="keyword">const</span> byte *m, word64 d, <span class="keyword">const</span> byte *n, <span class="keyword">const</span> byte *y, <span class="keyword">const</span> byte *x)</div><div class="line"><a name="l00543"></a><span class="lineno"> 543</span> {</div><div class="line"><a name="l00544"></a><span class="lineno"> 544</span>  byte k[32];</div><div class="line"><a name="l00545"></a><span class="lineno"> 545</span>  <span class="keywordflow">if</span> (<a class="code" href="naclite_8h.html#a09a1c4b3c26592ef93892feb67767113">crypto_box_beforenm</a>(k, y, x) != 0) <span class="keywordflow">return</span> -1;</div><div class="line"><a name="l00546"></a><span class="lineno"> 546</span>  <span class="keywordflow">return</span> <a class="code" href="naclite_8h.html#a1d52a5464986fc0bbbce3bc114aa04ef">crypto_box_afternm</a>(c, m, d, n, k);</div><div class="line"><a name="l00547"></a><span class="lineno"> 547</span> }</div><div class="line"><a name="l00548"></a><span class="lineno"> 548</span> </div><div class="line"><a name="l00549"></a><span class="lineno"><a class="line" href="naclite_8h.html#a470bad08d0811609c811491b97e3efd9"> 549</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a470bad08d0811609c811491b97e3efd9">crypto_box_unchecked</a>(byte *c, <span class="keyword">const</span> byte *m, word64 d, <span class="keyword">const</span> byte *n, <span class="keyword">const</span> byte *y, <span class="keyword">const</span> byte *x)</div><div class="line"><a name="l00550"></a><span class="lineno"> 550</span> {</div><div class="line"><a name="l00551"></a><span class="lineno"> 551</span>  byte k[32];</div><div class="line"><a name="l00552"></a><span class="lineno"> 552</span>  <a class="code" href="naclite_8h.html#a3550ab7369eb2693c5bbc1f555ad6370">crypto_box_beforenm_unchecked</a>(k, y, x);</div><div class="line"><a name="l00553"></a><span class="lineno"> 553</span>  <span class="keywordflow">return</span> <a class="code" href="naclite_8h.html#a1d52a5464986fc0bbbce3bc114aa04ef">crypto_box_afternm</a>(c, m, d, n, k);</div><div class="line"><a name="l00554"></a><span class="lineno"> 554</span> }</div><div class="line"><a name="l00555"></a><span class="lineno"> 555</span> </div><div class="line"><a name="l00556"></a><span class="lineno"><a class="line" href="naclite_8h.html#a42858b56b012c429f152a8795a294b7f"> 556</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a42858b56b012c429f152a8795a294b7f">crypto_box_open</a>(byte *m,<span class="keyword">const</span> byte *c,word64 d,<span class="keyword">const</span> byte *n,<span class="keyword">const</span> byte *y,<span class="keyword">const</span> byte *x)</div><div class="line"><a name="l00557"></a><span class="lineno"> 557</span> {</div><div class="line"><a name="l00558"></a><span class="lineno"> 558</span>  byte k[32];</div><div class="line"><a name="l00559"></a><span class="lineno"> 559</span>  <span class="keywordflow">if</span>(<a class="code" href="naclite_8h.html#a09a1c4b3c26592ef93892feb67767113">crypto_box_beforenm</a>(k,y,x) != 0) <span class="keywordflow">return</span> -1;</div><div class="line"><a name="l00560"></a><span class="lineno"> 560</span>  <span class="keywordflow">return</span> <a class="code" href="naclite_8h.html#aa99c97521c76b846df8ee4c591b55af2">crypto_box_open_afternm</a>(m,c,d,n,k);</div><div class="line"><a name="l00561"></a><span class="lineno"> 561</span> }</div><div class="line"><a name="l00562"></a><span class="lineno"> 562</span> </div><div class="line"><a name="l00563"></a><span class="lineno"><a class="line" href="naclite_8h.html#a5ef82c04c61482332e4b5dca5818fbf4"> 563</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a5ef82c04c61482332e4b5dca5818fbf4">crypto_box_open_unchecked</a>(byte *m,<span class="keyword">const</span> byte *c,word64 d,<span class="keyword">const</span> byte *n,<span class="keyword">const</span> byte *y,<span class="keyword">const</span> byte *x)</div><div class="line"><a name="l00564"></a><span class="lineno"> 564</span> {</div><div class="line"><a name="l00565"></a><span class="lineno"> 565</span>  byte k[32];</div><div class="line"><a name="l00566"></a><span class="lineno"> 566</span>  <a class="code" href="naclite_8h.html#a3550ab7369eb2693c5bbc1f555ad6370">crypto_box_beforenm_unchecked</a>(k,y,x);</div><div class="line"><a name="l00567"></a><span class="lineno"> 567</span>  <span class="keywordflow">return</span> <a class="code" href="naclite_8h.html#aa99c97521c76b846df8ee4c591b55af2">crypto_box_open_afternm</a>(m,c,d,n,k);</div><div class="line"><a name="l00568"></a><span class="lineno"> 568</span> }</div><div class="line"><a name="l00569"></a><span class="lineno"> 569</span> </div><div class="line"><a name="l00570"></a><span class="lineno"> 570</span> <span class="keyword">static</span> word64 R(word64 x,<span class="keywordtype">int</span> c) { <span class="keywordflow">return</span> (x >> c) | (x << (64 - c)); }</div><div class="line"><a name="l00571"></a><span class="lineno"> 571</span> <span class="keyword">static</span> word64 Ch(word64 x,word64 y,word64 z) { <span class="keywordflow">return</span> (x & y) ^ (~x & z); }</div><div class="line"><a name="l00572"></a><span class="lineno"> 572</span> <span class="keyword">static</span> word64 Maj(word64 x,word64 y,word64 z) { <span class="keywordflow">return</span> (x & y) ^ (x & z) ^ (y & z); }</div><div class="line"><a name="l00573"></a><span class="lineno"> 573</span> <span class="keyword">static</span> word64 Sigma0(word64 x) { <span class="keywordflow">return</span> R(x,28) ^ R(x,34) ^ R(x,39); }</div><div class="line"><a name="l00574"></a><span class="lineno"> 574</span> <span class="keyword">static</span> word64 Sigma1(word64 x) { <span class="keywordflow">return</span> R(x,14) ^ R(x,18) ^ R(x,41); }</div><div class="line"><a name="l00575"></a><span class="lineno"> 575</span> <span class="keyword">static</span> word64 sigma0(word64 x) { <span class="keywordflow">return</span> R(x, 1) ^ R(x, 8) ^ (x >> 7); }</div><div class="line"><a name="l00576"></a><span class="lineno"> 576</span> <span class="keyword">static</span> word64 sigma1(word64 x) { <span class="keywordflow">return</span> R(x,19) ^ R(x,61) ^ (x >> 6); }</div><div class="line"><a name="l00577"></a><span class="lineno"> 577</span> </div><div class="line"><a name="l00578"></a><span class="lineno"> 578</span> <span class="keyword">static</span> <span class="keyword">const</span> word64 K[80] =</div><div class="line"><a name="l00579"></a><span class="lineno"> 579</span> {</div><div class="line"><a name="l00580"></a><span class="lineno"> 580</span>  W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd), W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc),</div><div class="line"><a name="l00581"></a><span class="lineno"> 581</span>  W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019), W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118),</div><div class="line"><a name="l00582"></a><span class="lineno"> 582</span>  W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe), W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2),</div><div class="line"><a name="l00583"></a><span class="lineno"> 583</span>  W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1), W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694),</div><div class="line"><a name="l00584"></a><span class="lineno"> 584</span>  W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3), W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65),</div><div class="line"><a name="l00585"></a><span class="lineno"> 585</span>  W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483), W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5),</div><div class="line"><a name="l00586"></a><span class="lineno"> 586</span>  W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210), W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4),</div><div class="line"><a name="l00587"></a><span class="lineno"> 587</span>  W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725), W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70),</div><div class="line"><a name="l00588"></a><span class="lineno"> 588</span>  W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926), W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df),</div><div class="line"><a name="l00589"></a><span class="lineno"> 589</span>  W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8), W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b),</div><div class="line"><a name="l00590"></a><span class="lineno"> 590</span>  W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001), W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30),</div><div class="line"><a name="l00591"></a><span class="lineno"> 591</span>  W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910), W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8),</div><div class="line"><a name="l00592"></a><span class="lineno"> 592</span>  W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53), W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8),</div><div class="line"><a name="l00593"></a><span class="lineno"> 593</span>  W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb), W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3),</div><div class="line"><a name="l00594"></a><span class="lineno"> 594</span>  W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60), W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec),</div><div class="line"><a name="l00595"></a><span class="lineno"> 595</span>  W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9), W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b),</div><div class="line"><a name="l00596"></a><span class="lineno"> 596</span>  W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207), W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178),</div><div class="line"><a name="l00597"></a><span class="lineno"> 597</span>  W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6), W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b),</div><div class="line"><a name="l00598"></a><span class="lineno"> 598</span>  W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493), W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c),</div><div class="line"><a name="l00599"></a><span class="lineno"> 599</span>  W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a), W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817)</div><div class="line"><a name="l00600"></a><span class="lineno"> 600</span> };</div><div class="line"><a name="l00601"></a><span class="lineno"> 601</span> </div><div class="line"><a name="l00602"></a><span class="lineno"><a class="line" href="naclite_8h.html#a5dcfce19212ff730c854e733e13655e5"> 602</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a5dcfce19212ff730c854e733e13655e5">crypto_hashblocks</a>(byte *x,<span class="keyword">const</span> byte *m,word64 n)</div><div class="line"><a name="l00603"></a><span class="lineno"> 603</span> {</div><div class="line"><a name="l00604"></a><span class="lineno"> 604</span>  word64 z[8],b[8],a[8],w[16],t;</div><div class="line"><a name="l00605"></a><span class="lineno"> 605</span>  <span class="keywordtype">int</span> i,j;</div><div class="line"><a name="l00606"></a><span class="lineno"> 606</span> </div><div class="line"><a name="l00607"></a><span class="lineno"> 607</span>  <span class="keywordflow">for</span>(i=0; i<8; ++i) z[i] = a[i] = dl64(x + 8 * i);</div><div class="line"><a name="l00608"></a><span class="lineno"> 608</span> </div><div class="line"><a name="l00609"></a><span class="lineno"> 609</span>  <span class="keywordflow">while</span> (n >= 128) {</div><div class="line"><a name="l00610"></a><span class="lineno"> 610</span>  <span class="keywordflow">for</span>(i=0; i<16; ++i) w[i] = dl64(m + 8 * i);</div><div class="line"><a name="l00611"></a><span class="lineno"> 611</span> </div><div class="line"><a name="l00612"></a><span class="lineno"> 612</span>  <span class="keywordflow">for</span>(i=0; i<80; ++i) {</div><div class="line"><a name="l00613"></a><span class="lineno"> 613</span>  <span class="keywordflow">for</span>(j=0; j<8; ++j) b[j] = a[j];</div><div class="line"><a name="l00614"></a><span class="lineno"> 614</span>  t = a[7] + Sigma1(a[4]) + Ch(a[4],a[5],a[6]) + K[i] + w[i%16];</div><div class="line"><a name="l00615"></a><span class="lineno"> 615</span>  b[7] = t + Sigma0(a[0]) + Maj(a[0],a[1],a[2]);</div><div class="line"><a name="l00616"></a><span class="lineno"> 616</span>  b[3] += t;</div><div class="line"><a name="l00617"></a><span class="lineno"> 617</span>  <span class="keywordflow">for</span>(j=0; j<8; ++j) a[(j+1)%8] = b[j];</div><div class="line"><a name="l00618"></a><span class="lineno"> 618</span>  <span class="keywordflow">if</span> (i%16 == 15)</div><div class="line"><a name="l00619"></a><span class="lineno"> 619</span>  <span class="keywordflow">for</span>(j=0; j<16; ++j)</div><div class="line"><a name="l00620"></a><span class="lineno"> 620</span>  w[j] += w[(j+9)%16] + sigma0(w[(j+1)%16]) + sigma1(w[(j+14)%16]);</div><div class="line"><a name="l00621"></a><span class="lineno"> 621</span>  }</div><div class="line"><a name="l00622"></a><span class="lineno"> 622</span> </div><div class="line"><a name="l00623"></a><span class="lineno"> 623</span>  <span class="keywordflow">for</span>(i=0; i<8; ++i) { a[i] += z[i]; z[i] = a[i]; }</div><div class="line"><a name="l00624"></a><span class="lineno"> 624</span> </div><div class="line"><a name="l00625"></a><span class="lineno"> 625</span>  m += 128;</div><div class="line"><a name="l00626"></a><span class="lineno"> 626</span>  n -= 128;</div><div class="line"><a name="l00627"></a><span class="lineno"> 627</span>  }</div><div class="line"><a name="l00628"></a><span class="lineno"> 628</span> </div><div class="line"><a name="l00629"></a><span class="lineno"> 629</span>  <span class="keywordflow">for</span>(i=0; i<8; ++i) ts64(x+8*i,z[i]);</div><div class="line"><a name="l00630"></a><span class="lineno"> 630</span> </div><div class="line"><a name="l00631"></a><span class="lineno"> 631</span>  <span class="keywordflow">return</span> n;</div><div class="line"><a name="l00632"></a><span class="lineno"> 632</span> }</div><div class="line"><a name="l00633"></a><span class="lineno"> 633</span> </div><div class="line"><a name="l00634"></a><span class="lineno"> 634</span> <span class="keyword">static</span> <span class="keyword">const</span> byte iv[64] = {</div><div class="line"><a name="l00635"></a><span class="lineno"> 635</span>  0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08,</div><div class="line"><a name="l00636"></a><span class="lineno"> 636</span>  0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b,</div><div class="line"><a name="l00637"></a><span class="lineno"> 637</span>  0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b,</div><div class="line"><a name="l00638"></a><span class="lineno"> 638</span>  0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1,</div><div class="line"><a name="l00639"></a><span class="lineno"> 639</span>  0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1,</div><div class="line"><a name="l00640"></a><span class="lineno"> 640</span>  0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f,</div><div class="line"><a name="l00641"></a><span class="lineno"> 641</span>  0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b,</div><div class="line"><a name="l00642"></a><span class="lineno"> 642</span>  0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79</div><div class="line"><a name="l00643"></a><span class="lineno"> 643</span> } ;</div><div class="line"><a name="l00644"></a><span class="lineno"> 644</span> </div><div class="line"><a name="l00645"></a><span class="lineno"><a class="line" href="naclite_8h.html#a8a0d992ad3768945d2b8f4f04e40b23a"> 645</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a8a0d992ad3768945d2b8f4f04e40b23a">crypto_hash</a>(byte *out,<span class="keyword">const</span> byte *m,word64 n)</div><div class="line"><a name="l00646"></a><span class="lineno"> 646</span> {</div><div class="line"><a name="l00647"></a><span class="lineno"> 647</span>  byte h[64],x[256];</div><div class="line"><a name="l00648"></a><span class="lineno"> 648</span>  word64 i,b = n;</div><div class="line"><a name="l00649"></a><span class="lineno"> 649</span> </div><div class="line"><a name="l00650"></a><span class="lineno"> 650</span>  <span class="keywordflow">for</span>(i=0; i<64; ++i) h[i] = iv[i];</div><div class="line"><a name="l00651"></a><span class="lineno"> 651</span> </div><div class="line"><a name="l00652"></a><span class="lineno"> 652</span>  <a class="code" href="naclite_8h.html#a5dcfce19212ff730c854e733e13655e5">crypto_hashblocks</a>(h,m,n);</div><div class="line"><a name="l00653"></a><span class="lineno"> 653</span>  m += n;</div><div class="line"><a name="l00654"></a><span class="lineno"> 654</span>  n &= 127;</div><div class="line"><a name="l00655"></a><span class="lineno"> 655</span>  m -= n;</div><div class="line"><a name="l00656"></a><span class="lineno"> 656</span> </div><div class="line"><a name="l00657"></a><span class="lineno"> 657</span>  <span class="keywordflow">for</span>(i=0; i<256; ++i) x[i] = 0;</div><div class="line"><a name="l00658"></a><span class="lineno"> 658</span>  <span class="keywordflow">for</span>(i=0; i<n; ++i) x[i] = m[i];</div><div class="line"><a name="l00659"></a><span class="lineno"> 659</span>  x[n] = 128;</div><div class="line"><a name="l00660"></a><span class="lineno"> 660</span> </div><div class="line"><a name="l00661"></a><span class="lineno"> 661</span>  n = 256-128*(n<112);</div><div class="line"><a name="l00662"></a><span class="lineno"> 662</span>  x[n-9] = b >> 61;</div><div class="line"><a name="l00663"></a><span class="lineno"> 663</span>  ts64(x+n-8,b<<3);</div><div class="line"><a name="l00664"></a><span class="lineno"> 664</span>  <a class="code" href="naclite_8h.html#a5dcfce19212ff730c854e733e13655e5">crypto_hashblocks</a>(h,x,n);</div><div class="line"><a name="l00665"></a><span class="lineno"> 665</span> </div><div class="line"><a name="l00666"></a><span class="lineno"> 666</span>  <span class="keywordflow">for</span>(i=0; i<64; ++i) out[i] = h[i];</div><div class="line"><a name="l00667"></a><span class="lineno"> 667</span> </div><div class="line"><a name="l00668"></a><span class="lineno"> 668</span>  <span class="keywordflow">return</span> 0;</div><div class="line"><a name="l00669"></a><span class="lineno"> 669</span> }</div><div class="line"><a name="l00670"></a><span class="lineno"> 670</span> </div><div class="line"><a name="l00671"></a><span class="lineno"> 671</span> <span class="keyword">static</span> <span class="keywordtype">void</span> add(gf p[4],gf q[4])</div><div class="line"><a name="l00672"></a><span class="lineno"> 672</span> {</div><div class="line"><a name="l00673"></a><span class="lineno"> 673</span>  gf a,b,c,d,t,e,f,g,h;</div><div class="line"><a name="l00674"></a><span class="lineno"> 674</span> </div><div class="line"><a name="l00675"></a><span class="lineno"> 675</span>  Z(a, p[1], p[0]);</div><div class="line"><a name="l00676"></a><span class="lineno"> 676</span>  Z(t, q[1], q[0]);</div><div class="line"><a name="l00677"></a><span class="lineno"> 677</span>  M(a, a, t);</div><div class="line"><a name="l00678"></a><span class="lineno"> 678</span>  A(b, p[0], p[1]);</div><div class="line"><a name="l00679"></a><span class="lineno"> 679</span>  A(t, q[0], q[1]);</div><div class="line"><a name="l00680"></a><span class="lineno"> 680</span>  M(b, b, t);</div><div class="line"><a name="l00681"></a><span class="lineno"> 681</span>  M(c, p[3], q[3]);</div><div class="line"><a name="l00682"></a><span class="lineno"> 682</span>  M(c, c, D2);</div><div class="line"><a name="l00683"></a><span class="lineno"> 683</span>  M(d, p[2], q[2]);</div><div class="line"><a name="l00684"></a><span class="lineno"> 684</span>  A(d, d, d);</div><div class="line"><a name="l00685"></a><span class="lineno"> 685</span>  Z(e, b, a);</div><div class="line"><a name="l00686"></a><span class="lineno"> 686</span>  Z(f, d, c);</div><div class="line"><a name="l00687"></a><span class="lineno"> 687</span>  A(g, d, c);</div><div class="line"><a name="l00688"></a><span class="lineno"> 688</span>  A(h, b, a);</div><div class="line"><a name="l00689"></a><span class="lineno"> 689</span> </div><div class="line"><a name="l00690"></a><span class="lineno"> 690</span>  M(p[0], e, f);</div><div class="line"><a name="l00691"></a><span class="lineno"> 691</span>  M(p[1], h, g);</div><div class="line"><a name="l00692"></a><span class="lineno"> 692</span>  M(p[2], g, f);</div><div class="line"><a name="l00693"></a><span class="lineno"> 693</span>  M(p[3], e, h);</div><div class="line"><a name="l00694"></a><span class="lineno"> 694</span> }</div><div class="line"><a name="l00695"></a><span class="lineno"> 695</span> </div><div class="line"><a name="l00696"></a><span class="lineno"> 696</span> <span class="keyword">static</span> <span class="keywordtype">void</span> cswap(gf p[4],gf q[4],byte b)</div><div class="line"><a name="l00697"></a><span class="lineno"> 697</span> {</div><div class="line"><a name="l00698"></a><span class="lineno"> 698</span>  <span class="keywordtype">int</span> i;</div><div class="line"><a name="l00699"></a><span class="lineno"> 699</span>  <span class="keywordflow">for</span>(i=0; i<4; ++i)</div><div class="line"><a name="l00700"></a><span class="lineno"> 700</span>  sel25519(p[i],q[i],b);</div><div class="line"><a name="l00701"></a><span class="lineno"> 701</span> }</div><div class="line"><a name="l00702"></a><span class="lineno"> 702</span> </div><div class="line"><a name="l00703"></a><span class="lineno"> 703</span> <span class="keyword">static</span> <span class="keywordtype">void</span> pack(byte *r,gf p[4])</div><div class="line"><a name="l00704"></a><span class="lineno"> 704</span> {</div><div class="line"><a name="l00705"></a><span class="lineno"> 705</span>  gf tx, ty, zi;</div><div class="line"><a name="l00706"></a><span class="lineno"> 706</span>  inv25519(zi, p[2]);</div><div class="line"><a name="l00707"></a><span class="lineno"> 707</span>  M(tx, p[0], zi);</div><div class="line"><a name="l00708"></a><span class="lineno"> 708</span>  M(ty, p[1], zi);</div><div class="line"><a name="l00709"></a><span class="lineno"> 709</span>  pack25519(r, ty);</div><div class="line"><a name="l00710"></a><span class="lineno"> 710</span>  r[31] ^= par25519(tx) << 7;</div><div class="line"><a name="l00711"></a><span class="lineno"> 711</span> }</div><div class="line"><a name="l00712"></a><span class="lineno"> 712</span> </div><div class="line"><a name="l00713"></a><span class="lineno"> 713</span> <span class="keyword">static</span> <span class="keywordtype">void</span> scalarmult(gf p[4],gf q[4],<span class="keyword">const</span> byte *s)</div><div class="line"><a name="l00714"></a><span class="lineno"> 714</span> {</div><div class="line"><a name="l00715"></a><span class="lineno"> 715</span>  <span class="keywordtype">int</span> i;</div><div class="line"><a name="l00716"></a><span class="lineno"> 716</span>  set25519(p[0],gf0);</div><div class="line"><a name="l00717"></a><span class="lineno"> 717</span>  set25519(p[1],gf1);</div><div class="line"><a name="l00718"></a><span class="lineno"> 718</span>  set25519(p[2],gf1);</div><div class="line"><a name="l00719"></a><span class="lineno"> 719</span>  set25519(p[3],gf0);</div><div class="line"><a name="l00720"></a><span class="lineno"> 720</span>  <span class="keywordflow">for</span> (i = 255;i >= 0;--i) {</div><div class="line"><a name="l00721"></a><span class="lineno"> 721</span>  byte b = (s[i/8]>>(i&7))&1;</div><div class="line"><a name="l00722"></a><span class="lineno"> 722</span>  cswap(p,q,b);</div><div class="line"><a name="l00723"></a><span class="lineno"> 723</span>  add(q,p);</div><div class="line"><a name="l00724"></a><span class="lineno"> 724</span>  add(p,p);</div><div class="line"><a name="l00725"></a><span class="lineno"> 725</span>  cswap(p,q,b);</div><div class="line"><a name="l00726"></a><span class="lineno"> 726</span>  }</div><div class="line"><a name="l00727"></a><span class="lineno"> 727</span> }</div><div class="line"><a name="l00728"></a><span class="lineno"> 728</span> </div><div class="line"><a name="l00729"></a><span class="lineno"> 729</span> <span class="keyword">static</span> <span class="keywordtype">void</span> scalarbase(gf p[4],<span class="keyword">const</span> byte *s)</div><div class="line"><a name="l00730"></a><span class="lineno"> 730</span> {</div><div class="line"><a name="l00731"></a><span class="lineno"> 731</span>  gf q[4];</div><div class="line"><a name="l00732"></a><span class="lineno"> 732</span>  set25519(q[0],X);</div><div class="line"><a name="l00733"></a><span class="lineno"> 733</span>  set25519(q[1],Y);</div><div class="line"><a name="l00734"></a><span class="lineno"> 734</span>  set25519(q[2],gf1);</div><div class="line"><a name="l00735"></a><span class="lineno"> 735</span>  M(q[3],X,Y);</div><div class="line"><a name="l00736"></a><span class="lineno"> 736</span>  scalarmult(p,q,s);</div><div class="line"><a name="l00737"></a><span class="lineno"> 737</span> }</div><div class="line"><a name="l00738"></a><span class="lineno"> 738</span> </div><div class="line"><a name="l00739"></a><span class="lineno"><a class="line" href="naclite_8h.html#adf6198b5db146b4924d20835b9f0c61d"> 739</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#adf6198b5db146b4924d20835b9f0c61d">crypto_sign_keypair</a>(byte *pk, byte *sk)</div><div class="line"><a name="l00740"></a><span class="lineno"> 740</span> {</div><div class="line"><a name="l00741"></a><span class="lineno"> 741</span>  byte d[64];</div><div class="line"><a name="l00742"></a><span class="lineno"> 742</span>  gf p[4];</div><div class="line"><a name="l00743"></a><span class="lineno"> 743</span>  <span class="keywordtype">int</span> i;</div><div class="line"><a name="l00744"></a><span class="lineno"> 744</span> </div><div class="line"><a name="l00745"></a><span class="lineno"> 745</span>  randombytes(sk, 32);</div><div class="line"><a name="l00746"></a><span class="lineno"> 746</span>  <a class="code" href="naclite_8h.html#a8a0d992ad3768945d2b8f4f04e40b23a">crypto_hash</a>(d, sk, 32);</div><div class="line"><a name="l00747"></a><span class="lineno"> 747</span>  d[0] &= 248;</div><div class="line"><a name="l00748"></a><span class="lineno"> 748</span>  d[31] &= 127;</div><div class="line"><a name="l00749"></a><span class="lineno"> 749</span>  d[31] |= 64;</div><div class="line"><a name="l00750"></a><span class="lineno"> 750</span> </div><div class="line"><a name="l00751"></a><span class="lineno"> 751</span>  scalarbase(p,d);</div><div class="line"><a name="l00752"></a><span class="lineno"> 752</span>  pack(pk,p);</div><div class="line"><a name="l00753"></a><span class="lineno"> 753</span> </div><div class="line"><a name="l00754"></a><span class="lineno"> 754</span>  <span class="keywordflow">for</span>(i=0; i<32; ++i) sk[32 + i] = pk[i];</div><div class="line"><a name="l00755"></a><span class="lineno"> 755</span>  <span class="keywordflow">return</span> 0;</div><div class="line"><a name="l00756"></a><span class="lineno"> 756</span> }</div><div class="line"><a name="l00757"></a><span class="lineno"> 757</span> </div><div class="line"><a name="l00758"></a><span class="lineno"> 758</span> <span class="keyword">static</span> <span class="keyword">const</span> word64 L[32] = {0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10};</div><div class="line"><a name="l00759"></a><span class="lineno"> 759</span> </div><div class="line"><a name="l00760"></a><span class="lineno"> 760</span> <span class="keyword">static</span> <span class="keywordtype">void</span> modL(byte *r,sword64 x[64])</div><div class="line"><a name="l00761"></a><span class="lineno"> 761</span> {</div><div class="line"><a name="l00762"></a><span class="lineno"> 762</span>  sword64 carry,i,j;</div><div class="line"><a name="l00763"></a><span class="lineno"> 763</span>  <span class="keywordflow">for</span> (i = 63;i >= 32;--i) {</div><div class="line"><a name="l00764"></a><span class="lineno"> 764</span>  carry = 0;</div><div class="line"><a name="l00765"></a><span class="lineno"> 765</span>  <span class="keywordflow">for</span> (j = i - 32;j < i - 12;++j) {</div><div class="line"><a name="l00766"></a><span class="lineno"> 766</span>  x[j] += carry - 16 * x[i] * L[j - (i - 32)];</div><div class="line"><a name="l00767"></a><span class="lineno"> 767</span>  carry = (x[j] + 128) >> 8;</div><div class="line"><a name="l00768"></a><span class="lineno"> 768</span>  x[j] -= ((word64)carry) << 8;</div><div class="line"><a name="l00769"></a><span class="lineno"> 769</span>  }</div><div class="line"><a name="l00770"></a><span class="lineno"> 770</span>  x[j] += carry;</div><div class="line"><a name="l00771"></a><span class="lineno"> 771</span>  x[i] = 0;</div><div class="line"><a name="l00772"></a><span class="lineno"> 772</span>  }</div><div class="line"><a name="l00773"></a><span class="lineno"> 773</span>  carry = 0;</div><div class="line"><a name="l00774"></a><span class="lineno"> 774</span>  <span class="keywordflow">for</span>(j=0; j<32; ++j) {</div><div class="line"><a name="l00775"></a><span class="lineno"> 775</span>  x[j] += carry - (x[31] >> 4) * L[j];</div><div class="line"><a name="l00776"></a><span class="lineno"> 776</span>  carry = x[j] >> 8;</div><div class="line"><a name="l00777"></a><span class="lineno"> 777</span>  x[j] &= 255;</div><div class="line"><a name="l00778"></a><span class="lineno"> 778</span>  }</div><div class="line"><a name="l00779"></a><span class="lineno"> 779</span>  <span class="keywordflow">for</span>(j=0; j<32; ++j) x[j] -= carry * L[j];</div><div class="line"><a name="l00780"></a><span class="lineno"> 780</span>  <span class="keywordflow">for</span>(i=0; i<32; ++i) {</div><div class="line"><a name="l00781"></a><span class="lineno"> 781</span>  x[i+1] += x[i] >> 8;</div><div class="line"><a name="l00782"></a><span class="lineno"> 782</span>  r[i] = x[i] & 255;</div><div class="line"><a name="l00783"></a><span class="lineno"> 783</span>  }</div><div class="line"><a name="l00784"></a><span class="lineno"> 784</span> }</div><div class="line"><a name="l00785"></a><span class="lineno"> 785</span> </div><div class="line"><a name="l00786"></a><span class="lineno"> 786</span> <span class="keyword">static</span> <span class="keywordtype">void</span> reduce(byte *r)</div><div class="line"><a name="l00787"></a><span class="lineno"> 787</span> {</div><div class="line"><a name="l00788"></a><span class="lineno"> 788</span>  sword64 x[64],i;</div><div class="line"><a name="l00789"></a><span class="lineno"> 789</span>  <span class="keywordflow">for</span>(i=0; i<64; ++i) x[i] = (word64) r[i];</div><div class="line"><a name="l00790"></a><span class="lineno"> 790</span>  <span class="keywordflow">for</span>(i=0; i<64; ++i) r[i] = 0;</div><div class="line"><a name="l00791"></a><span class="lineno"> 791</span>  modL(r,x);</div><div class="line"><a name="l00792"></a><span class="lineno"> 792</span> }</div><div class="line"><a name="l00793"></a><span class="lineno"> 793</span> </div><div class="line"><a name="l00794"></a><span class="lineno"><a class="line" href="naclite_8h.html#afb36330ea01be7980c6fcce191710a77"> 794</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#afb36330ea01be7980c6fcce191710a77">crypto_sign</a>(byte *sm,word64 *smlen,<span class="keyword">const</span> byte *m,word64 n,<span class="keyword">const</span> byte *sk)</div><div class="line"><a name="l00795"></a><span class="lineno"> 795</span> {</div><div class="line"><a name="l00796"></a><span class="lineno"> 796</span>  byte d[64],h[64],r[64];</div><div class="line"><a name="l00797"></a><span class="lineno"> 797</span>  word64 i; sword64 j,x[64];</div><div class="line"><a name="l00798"></a><span class="lineno"> 798</span>  gf p[4];</div><div class="line"><a name="l00799"></a><span class="lineno"> 799</span> </div><div class="line"><a name="l00800"></a><span class="lineno"> 800</span>  <a class="code" href="naclite_8h.html#a8a0d992ad3768945d2b8f4f04e40b23a">crypto_hash</a>(d, sk, 32);</div><div class="line"><a name="l00801"></a><span class="lineno"> 801</span>  d[0] &= 248;</div><div class="line"><a name="l00802"></a><span class="lineno"> 802</span>  d[31] &= 127;</div><div class="line"><a name="l00803"></a><span class="lineno"> 803</span>  d[31] |= 64;</div><div class="line"><a name="l00804"></a><span class="lineno"> 804</span> </div><div class="line"><a name="l00805"></a><span class="lineno"> 805</span>  *smlen = n+64;</div><div class="line"><a name="l00806"></a><span class="lineno"> 806</span>  <span class="keywordflow">for</span>(i=0; i<n; ++i) sm[64 + i] = m[i];</div><div class="line"><a name="l00807"></a><span class="lineno"> 807</span>  <span class="keywordflow">for</span>(i=0; i<32; ++i) sm[32 + i] = d[32 + i];</div><div class="line"><a name="l00808"></a><span class="lineno"> 808</span> </div><div class="line"><a name="l00809"></a><span class="lineno"> 809</span>  <a class="code" href="naclite_8h.html#a8a0d992ad3768945d2b8f4f04e40b23a">crypto_hash</a>(r, sm+32, n+32);</div><div class="line"><a name="l00810"></a><span class="lineno"> 810</span>  reduce(r);</div><div class="line"><a name="l00811"></a><span class="lineno"> 811</span>  scalarbase(p,r);</div><div class="line"><a name="l00812"></a><span class="lineno"> 812</span>  pack(sm,p);</div><div class="line"><a name="l00813"></a><span class="lineno"> 813</span> </div><div class="line"><a name="l00814"></a><span class="lineno"> 814</span>  <span class="keywordflow">for</span>(i=0; i<32; ++i) sm[i+32] = sk[i+32];</div><div class="line"><a name="l00815"></a><span class="lineno"> 815</span>  <a class="code" href="naclite_8h.html#a8a0d992ad3768945d2b8f4f04e40b23a">crypto_hash</a>(h,sm,n + 64);</div><div class="line"><a name="l00816"></a><span class="lineno"> 816</span>  reduce(h);</div><div class="line"><a name="l00817"></a><span class="lineno"> 817</span> </div><div class="line"><a name="l00818"></a><span class="lineno"> 818</span>  <span class="keywordflow">for</span>(i=0; i<64; ++i) x[i] = 0;</div><div class="line"><a name="l00819"></a><span class="lineno"> 819</span>  <span class="keywordflow">for</span>(i=0; i<32; ++i) x[i] = (word64) r[i];</div><div class="line"><a name="l00820"></a><span class="lineno"> 820</span>  <span class="keywordflow">for</span>(i=0; i<32; ++i) <span class="keywordflow">for</span>(j=0; j<32; ++j) x[i+j] += h[i] * (word64) d[j];</div><div class="line"><a name="l00821"></a><span class="lineno"> 821</span>  modL(sm + 32,x);</div><div class="line"><a name="l00822"></a><span class="lineno"> 822</span> </div><div class="line"><a name="l00823"></a><span class="lineno"> 823</span>  <span class="keywordflow">return</span> 0;</div><div class="line"><a name="l00824"></a><span class="lineno"> 824</span> }</div><div class="line"><a name="l00825"></a><span class="lineno"> 825</span> </div><div class="line"><a name="l00826"></a><span class="lineno"> 826</span> <span class="keyword">static</span> <span class="keywordtype">int</span> unpackneg(gf r[4],<span class="keyword">const</span> byte p[32])</div><div class="line"><a name="l00827"></a><span class="lineno"> 827</span> {</div><div class="line"><a name="l00828"></a><span class="lineno"> 828</span>  gf t, chk, num, den, den2, den4, den6;</div><div class="line"><a name="l00829"></a><span class="lineno"> 829</span>  set25519(r[2],gf1);</div><div class="line"><a name="l00830"></a><span class="lineno"> 830</span>  unpack25519(r[1],p);</div><div class="line"><a name="l00831"></a><span class="lineno"> 831</span>  S(num,r[1]);</div><div class="line"><a name="l00832"></a><span class="lineno"> 832</span>  M(den,num,D);</div><div class="line"><a name="l00833"></a><span class="lineno"> 833</span>  Z(num,num,r[2]);</div><div class="line"><a name="l00834"></a><span class="lineno"> 834</span>  A(den,r[2],den);</div><div class="line"><a name="l00835"></a><span class="lineno"> 835</span> </div><div class="line"><a name="l00836"></a><span class="lineno"> 836</span>  S(den2,den);</div><div class="line"><a name="l00837"></a><span class="lineno"> 837</span>  S(den4,den2);</div><div class="line"><a name="l00838"></a><span class="lineno"> 838</span>  M(den6,den4,den2);</div><div class="line"><a name="l00839"></a><span class="lineno"> 839</span>  M(t,den6,num);</div><div class="line"><a name="l00840"></a><span class="lineno"> 840</span>  M(t,t,den);</div><div class="line"><a name="l00841"></a><span class="lineno"> 841</span> </div><div class="line"><a name="l00842"></a><span class="lineno"> 842</span>  pow2523(t,t);</div><div class="line"><a name="l00843"></a><span class="lineno"> 843</span>  M(t,t,num);</div><div class="line"><a name="l00844"></a><span class="lineno"> 844</span>  M(t,t,den);</div><div class="line"><a name="l00845"></a><span class="lineno"> 845</span>  M(t,t,den);</div><div class="line"><a name="l00846"></a><span class="lineno"> 846</span>  M(r[0],t,den);</div><div class="line"><a name="l00847"></a><span class="lineno"> 847</span> </div><div class="line"><a name="l00848"></a><span class="lineno"> 848</span>  S(chk,r[0]);</div><div class="line"><a name="l00849"></a><span class="lineno"> 849</span>  M(chk,chk,den);</div><div class="line"><a name="l00850"></a><span class="lineno"> 850</span>  <span class="keywordflow">if</span> (neq25519(chk, num)) M(r[0],r[0],I);</div><div class="line"><a name="l00851"></a><span class="lineno"> 851</span> </div><div class="line"><a name="l00852"></a><span class="lineno"> 852</span>  S(chk,r[0]);</div><div class="line"><a name="l00853"></a><span class="lineno"> 853</span>  M(chk,chk,den);</div><div class="line"><a name="l00854"></a><span class="lineno"> 854</span>  <span class="keywordflow">if</span> (neq25519(chk, num)) <span class="keywordflow">return</span> -1;</div><div class="line"><a name="l00855"></a><span class="lineno"> 855</span> </div><div class="line"><a name="l00856"></a><span class="lineno"> 856</span>  <span class="keywordflow">if</span> (par25519(r[0]) == (p[31]>>7)) Z(r[0],gf0,r[0]);</div><div class="line"><a name="l00857"></a><span class="lineno"> 857</span> </div><div class="line"><a name="l00858"></a><span class="lineno"> 858</span>  M(r[3],r[0],r[1]);</div><div class="line"><a name="l00859"></a><span class="lineno"> 859</span>  <span class="keywordflow">return</span> 0;</div><div class="line"><a name="l00860"></a><span class="lineno"> 860</span> }</div><div class="line"><a name="l00861"></a><span class="lineno"> 861</span> </div><div class="line"><a name="l00862"></a><span class="lineno"><a class="line" href="naclite_8h.html#a4b48b4f3787739f06245d76b09662854"> 862</a></span> <span class="keywordtype">int</span> <a class="code" href="naclite_8h.html#a4b48b4f3787739f06245d76b09662854">crypto_sign_open</a>(byte *m,word64 *mlen,<span class="keyword">const</span> byte *sm,word64 n,<span class="keyword">const</span> byte *pk)</div><div class="line"><a name="l00863"></a><span class="lineno"> 863</span> {</div><div class="line"><a name="l00864"></a><span class="lineno"> 864</span>  word32 i;</div><div class="line"><a name="l00865"></a><span class="lineno"> 865</span>  byte t[32],h[64];</div><div class="line"><a name="l00866"></a><span class="lineno"> 866</span>  gf p[4],q[4];</div><div class="line"><a name="l00867"></a><span class="lineno"> 867</span> </div><div class="line"><a name="l00868"></a><span class="lineno"> 868</span>  *mlen = -1;</div><div class="line"><a name="l00869"></a><span class="lineno"> 869</span>  <span class="keywordflow">if</span> (n < 64) <span class="keywordflow">return</span> -1;</div><div class="line"><a name="l00870"></a><span class="lineno"> 870</span> </div><div class="line"><a name="l00871"></a><span class="lineno"> 871</span>  <span class="keywordflow">if</span> (unpackneg(q,pk)) <span class="keywordflow">return</span> -1;</div><div class="line"><a name="l00872"></a><span class="lineno"> 872</span> </div><div class="line"><a name="l00873"></a><span class="lineno"> 873</span>  <span class="keywordflow">for</span>(i=0; i<n; ++i) m[i] = sm[i];</div><div class="line"><a name="l00874"></a><span class="lineno"> 874</span>  <span class="keywordflow">for</span>(i=0; i<32; ++i) m[i+32] = pk[i];</div><div class="line"><a name="l00875"></a><span class="lineno"> 875</span>  <a class="code" href="naclite_8h.html#a8a0d992ad3768945d2b8f4f04e40b23a">crypto_hash</a>(h,m,n);</div><div class="line"><a name="l00876"></a><span class="lineno"> 876</span>  reduce(h);</div><div class="line"><a name="l00877"></a><span class="lineno"> 877</span>  scalarmult(p,q,h);</div><div class="line"><a name="l00878"></a><span class="lineno"> 878</span> </div><div class="line"><a name="l00879"></a><span class="lineno"> 879</span>  scalarbase(q,sm + 32);</div><div class="line"><a name="l00880"></a><span class="lineno"> 880</span>  add(p,q);</div><div class="line"><a name="l00881"></a><span class="lineno"> 881</span>  pack(t,p);</div><div class="line"><a name="l00882"></a><span class="lineno"> 882</span> </div><div class="line"><a name="l00883"></a><span class="lineno"> 883</span>  n -= 64;</div><div class="line"><a name="l00884"></a><span class="lineno"> 884</span>  <span class="keywordflow">if</span> (<a class="code" href="naclite_8h.html#a33256907cbe2f0a1788e13fa58c31eec">crypto_verify_32</a>(sm, t)) {</div><div class="line"><a name="l00885"></a><span class="lineno"> 885</span>  <span class="keywordflow">for</span>(i=0; i<n; ++i) m[i] = 0;</div><div class="line"><a name="l00886"></a><span class="lineno"> 886</span>  <span class="keywordflow">return</span> -1;</div><div class="line"><a name="l00887"></a><span class="lineno"> 887</span>  }</div><div class="line"><a name="l00888"></a><span class="lineno"> 888</span> </div><div class="line"><a name="l00889"></a><span class="lineno"> 889</span>  <span class="keywordflow">for</span>(i=0; i<n; ++i) m[i] = sm[i + 64];</div><div class="line"><a name="l00890"></a><span class="lineno"> 890</span>  *mlen = n;</div><div class="line"><a name="l00891"></a><span class="lineno"> 891</span>  <span class="keywordflow">return</span> 0;</div><div class="line"><a name="l00892"></a><span class="lineno"> 892</span> }</div><div class="line"><a name="l00893"></a><span class="lineno"> 893</span> </div><div class="line"><a name="l00894"></a><span class="lineno"> 894</span> NAMESPACE_END <span class="comment">// CryptoPP</span></div><div class="line"><a name="l00895"></a><span class="lineno"> 895</span> NAMESPACE_END <span class="comment">// NaCl</span></div><div class="line"><a name="l00896"></a><span class="lineno"> 896</span> </div><div class="line"><a name="l00897"></a><span class="lineno"> 897</span> <span class="preprocessor">#endif // NO_OS_DEPENDENCE</span></div><div class="line"><a name="l00898"></a><span class="lineno"> 898</span> </div><div class="line"><a name="l00899"></a><span class="lineno"> 899</span> </div><div class="line"><a name="l00900"></a><span class="lineno"> 900</span> </div><div class="ttc" id="naclite_8h_html_a3e5da87ad72613d0a6546c18623ec8da"><div class="ttname"><a href="naclite_8h.html#a3e5da87ad72613d0a6546c18623ec8da">crypto_stream_xor</a></div><div class="ttdeci">int crypto_stream_xor(byte *c, const byte *m, word64 d, const byte *n, const byte *k)</div><div class="ttdoc">Encrypt a message using XSalsa20. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00187">tweetnacl.cpp:187</a></div></div>
<div class="ttc" id="naclite_8h_html_ac6b434452ee18da0bbdbd238e7f1000c"><div class="ttname"><a href="naclite_8h.html#ac6b434452ee18da0bbdbd238e7f1000c">crypto_box_keypair</a></div><div class="ttdeci">int crypto_box_keypair(byte *y, byte *x)</div><div class="ttdoc">Generate a keypair for encryption. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00508">tweetnacl.cpp:508</a></div></div>
<div class="ttc" id="namespace_na_cl_html"><div class="ttname"><a href="namespace_na_cl.html">NaCl</a></div><div class="ttdoc">Namespace containing NaCl library functions. </div><div class="ttdef"><b>Definition:</b> <a href="cryptlib_8h_source.html#l00543">cryptlib.h:543</a></div></div>
<div class="ttc" id="misc_8h_html"><div class="ttname"><a href="misc_8h.html">misc.h</a></div><div class="ttdoc">Utility functions for the Crypto++ library. </div></div>
<div class="ttc" id="naclite_8h_html_a8a0d992ad3768945d2b8f4f04e40b23a"><div class="ttname"><a href="naclite_8h.html#a8a0d992ad3768945d2b8f4f04e40b23a">crypto_hash</a></div><div class="ttdeci">int crypto_hash(byte *out, const byte *m, word64 n)</div><div class="ttdoc">Hash a message. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00645">tweetnacl.cpp:645</a></div></div>
<div class="ttc" id="naclite_8h_html_a3550ab7369eb2693c5bbc1f555ad6370"><div class="ttname"><a href="naclite_8h.html#a3550ab7369eb2693c5bbc1f555ad6370">crypto_box_beforenm_unchecked</a></div><div class="ttdeci">int crypto_box_beforenm_unchecked(byte *k, const byte *y, const byte *x)</div><div class="ttdoc">Encrypt and authenticate a message. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00525">tweetnacl.cpp:525</a></div></div>
<div class="ttc" id="naclite_8h_html_a5dcfce19212ff730c854e733e13655e5"><div class="ttname"><a href="naclite_8h.html#a5dcfce19212ff730c854e733e13655e5">crypto_hashblocks</a></div><div class="ttdeci">int crypto_hashblocks(byte *x, const byte *m, word64 n)</div><div class="ttdoc">Hash multiple blocks. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00602">tweetnacl.cpp:602</a></div></div>
<div class="ttc" id="naclite_8h_html_a9901282f0662fae3ddc74986f8d7408c"><div class="ttname"><a href="naclite_8h.html#a9901282f0662fae3ddc74986f8d7408c">crypto_box</a></div><div class="ttdeci">int crypto_box(byte *c, const byte *m, word64 d, const byte *n, const byte *y, const byte *x)</div><div class="ttdoc">Encrypt and authenticate a message. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00542">tweetnacl.cpp:542</a></div></div>
<div class="ttc" id="naclite_8h_html_a27fe78f07af893b38b8deaaa2c63f190"><div class="ttname"><a href="naclite_8h.html#a27fe78f07af893b38b8deaaa2c63f190">crypto_core_salsa20</a></div><div class="ttdeci">int crypto_core_salsa20(byte *out, const byte *in, const byte *k, const byte *c)</div><div class="ttdoc">TODO. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00134">tweetnacl.cpp:134</a></div></div>
<div class="ttc" id="naclite_8h_html_a1d52a5464986fc0bbbce3bc114aa04ef"><div class="ttname"><a href="naclite_8h.html#a1d52a5464986fc0bbbce3bc114aa04ef">crypto_box_afternm</a></div><div class="ttdeci">int crypto_box_afternm(byte *c, const byte *m, word64 d, const byte *n, const byte *k)</div><div class="ttdoc">Encrypt and authenticate a message. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00532">tweetnacl.cpp:532</a></div></div>
<div class="ttc" id="config_8h_html"><div class="ttname"><a href="config_8h.html">config.h</a></div><div class="ttdoc">Library configuration file. </div></div>
<div class="ttc" id="stdcpp_8h_html"><div class="ttname"><a href="stdcpp_8h.html">stdcpp.h</a></div><div class="ttdoc">Common C++ header files. </div></div>
<div class="ttc" id="naclite_8h_html_aa99c97521c76b846df8ee4c591b55af2"><div class="ttname"><a href="naclite_8h.html#aa99c97521c76b846df8ee4c591b55af2">crypto_box_open_afternm</a></div><div class="ttdeci">int crypto_box_open_afternm(byte *m, const byte *c, word64 d, const byte *n, const byte *k)</div><div class="ttdoc">Verify and decrypt a message. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00537">tweetnacl.cpp:537</a></div></div>
<div class="ttc" id="naclite_8h_html_a5ef82c04c61482332e4b5dca5818fbf4"><div class="ttname"><a href="naclite_8h.html#a5ef82c04c61482332e4b5dca5818fbf4">crypto_box_open_unchecked</a></div><div class="ttdeci">int crypto_box_open_unchecked(byte *m, const byte *c, word64 d, const byte *n, const byte *y, const byte *x)</div><div class="ttdoc">Verify and decrypt a message. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00563">tweetnacl.cpp:563</a></div></div>
<div class="ttc" id="naclite_8h_html_a4b48b4f3787739f06245d76b09662854"><div class="ttname"><a href="naclite_8h.html#a4b48b4f3787739f06245d76b09662854">crypto_sign_open</a></div><div class="ttdeci">int crypto_sign_open(byte *m, word64 *mlen, const byte *sm, word64 n, const byte *pk)</div><div class="ttdoc">Verify a message. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00862">tweetnacl.cpp:862</a></div></div>
<div class="ttc" id="naclite_8h_html_afb36330ea01be7980c6fcce191710a77"><div class="ttname"><a href="naclite_8h.html#afb36330ea01be7980c6fcce191710a77">crypto_sign</a></div><div class="ttdeci">int crypto_sign(byte *sm, word64 *smlen, const byte *m, word64 n, const byte *sk)</div><div class="ttdoc">Sign a message. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00794">tweetnacl.cpp:794</a></div></div>
<div class="ttc" id="naclite_8h_html_adf6198b5db146b4924d20835b9f0c61d"><div class="ttname"><a href="naclite_8h.html#adf6198b5db146b4924d20835b9f0c61d">crypto_sign_keypair</a></div><div class="ttdeci">int crypto_sign_keypair(byte *pk, byte *sk)</div><div class="ttdoc">Generate a keypair for signing. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00739">tweetnacl.cpp:739</a></div></div>
<div class="ttc" id="naclite_8h_html_a025ced94bf40601aaca557f88e263520"><div class="ttname"><a href="naclite_8h.html#a025ced94bf40601aaca557f88e263520">crypto_stream_salsa20_xor</a></div><div class="ttdeci">int crypto_stream_salsa20_xor(byte *c, const byte *m, word64 b, const byte *n, const byte *k)</div><div class="ttdoc">Encrypt a message using Salsa20. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00148">tweetnacl.cpp:148</a></div></div>
<div class="ttc" id="naclite_8h_html_a42ae4588274ec80232448abb212de4c1"><div class="ttname"><a href="naclite_8h.html#a42ae4588274ec80232448abb212de4c1">crypto_onetimeauth</a></div><div class="ttdeci">int crypto_onetimeauth(byte *out, const byte *m, word64 n, const byte *k)</div><div class="ttdoc">Create an authentication tag for a message. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00208">tweetnacl.cpp:208</a></div></div>
<div class="ttc" id="naclite_8h_html_aec57f288b468ee38492c45557f736ca8"><div class="ttname"><a href="naclite_8h.html#aec57f288b468ee38492c45557f736ca8">crypto_verify_16</a></div><div class="ttdeci">int crypto_verify_16(const byte *x, const byte *y)</div><div class="ttdoc">Compare 16-byte buffers. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00084">tweetnacl.cpp:84</a></div></div>
<div class="ttc" id="misc_8h_html_a6b378b1b9b2d4654cc852c088742ba70"><div class="ttname"><a href="misc_8h.html#a6b378b1b9b2d4654cc852c088742ba70">CRYPTOPP_COMPILE_ASSERT</a></div><div class="ttdeci">#define CRYPTOPP_COMPILE_ASSERT(expr)</div><div class="ttdoc">Compile time assertion. </div><div class="ttdef"><b>Definition:</b> <a href="misc_8h_source.html#l00144">misc.h:144</a></div></div>
<div class="ttc" id="naclite_8h_html_a1d943e9c5b6be5956c6af8256ffddaf5"><div class="ttname"><a href="naclite_8h.html#a1d943e9c5b6be5956c6af8256ffddaf5">crypto_secretbox_open</a></div><div class="ttdeci">int crypto_secretbox_open(byte *m, const byte *c, word64 d, const byte *n, const byte *k)</div><div class="ttdoc">Verify and decrypt a message. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00278">tweetnacl.cpp:278</a></div></div>
<div class="ttc" id="pch_8h_html"><div class="ttname"><a href="pch_8h.html">pch.h</a></div><div class="ttdoc">Precompiled header file. </div></div>
<div class="ttc" id="naclite_8h_html_a33256907cbe2f0a1788e13fa58c31eec"><div class="ttname"><a href="naclite_8h.html#a33256907cbe2f0a1788e13fa58c31eec">crypto_verify_32</a></div><div class="ttdeci">int crypto_verify_32(const byte *x, const byte *y)</div><div class="ttdoc">Compare 32-byte buffers. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00089">tweetnacl.cpp:89</a></div></div>
<div class="ttc" id="misc_8h_html_a2d7e4464ea73d6393ebe78f952253426"><div class="ttname"><a href="misc_8h.html#a2d7e4464ea73d6393ebe78f952253426">COUNTOF</a></div><div class="ttdeci">#define COUNTOF(arr)</div><div class="ttdoc">Counts elements in an array. </div><div class="ttdef"><b>Definition:</b> <a href="misc_8h_source.html#l00181">misc.h:181</a></div></div>
<div class="ttc" id="naclite_8h_html_a00e45fd4091b32bba7fc1041b2b4e689"><div class="ttname"><a href="naclite_8h.html#a00e45fd4091b32bba7fc1041b2b4e689">crypto_stream</a></div><div class="ttdeci">int crypto_stream(byte *c, word64 d, const byte *n, const byte *k)</div><div class="ttdoc">Produce a keystream using XSalsa20. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00180">tweetnacl.cpp:180</a></div></div>
<div class="ttc" id="naclite_8h_html"><div class="ttname"><a href="naclite_8h.html">naclite.h</a></div><div class="ttdoc">Crypto++ interface to TweetNaCl library (20140917) </div></div>
<div class="ttc" id="naclite_8h_html_a3faa0eb09577f9f094fe05c5e7c0d505"><div class="ttname"><a href="naclite_8h.html#a3faa0eb09577f9f094fe05c5e7c0d505">crypto_core_hsalsa20</a></div><div class="ttdeci">int crypto_core_hsalsa20(byte *out, const byte *in, const byte *k, const byte *c)</div><div class="ttdoc">TODO. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00140">tweetnacl.cpp:140</a></div></div>
<div class="ttc" id="naclite_8h_html_a470bad08d0811609c811491b97e3efd9"><div class="ttname"><a href="naclite_8h.html#a470bad08d0811609c811491b97e3efd9">crypto_box_unchecked</a></div><div class="ttdeci">int crypto_box_unchecked(byte *c, const byte *m, word64 d, const byte *n, const byte *y, const byte *x)</div><div class="ttdoc">Encrypt and authenticate a message. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00549">tweetnacl.cpp:549</a></div></div>
<div class="ttc" id="naclite_8h_html_a5c724dc954ad94ef544ea52ee52ccd55"><div class="ttname"><a href="naclite_8h.html#a5c724dc954ad94ef544ea52ee52ccd55">crypto_scalarmult_base</a></div><div class="ttdeci">int crypto_scalarmult_base(byte *q, const byte *n)</div><div class="ttdoc">Scalar multiplication of base point. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00503">tweetnacl.cpp:503</a></div></div>
<div class="ttc" id="namespace_crypto_p_p_html"><div class="ttname"><a href="namespace_crypto_p_p.html">CryptoPP</a></div><div class="ttdoc">Crypto++ library namespace. </div></div>
<div class="ttc" id="naclite_8h_html_a42858b56b012c429f152a8795a294b7f"><div class="ttname"><a href="naclite_8h.html#a42858b56b012c429f152a8795a294b7f">crypto_box_open</a></div><div class="ttdeci">int crypto_box_open(byte *m, const byte *c, word64 d, const byte *n, const byte *y, const byte *x)</div><div class="ttdoc">Verify and decrypt a message. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00556">tweetnacl.cpp:556</a></div></div>
<div class="ttc" id="naclite_8h_html_a6c18d7ce2ad9a14a7dd5e2a2eade80a9"><div class="ttname"><a href="naclite_8h.html#a6c18d7ce2ad9a14a7dd5e2a2eade80a9">crypto_scalarmult</a></div><div class="ttdeci">int crypto_scalarmult(byte *q, const byte *n, const byte *p)</div><div class="ttdoc">Scalar multiplication of a point. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00452">tweetnacl.cpp:452</a></div></div>
<div class="ttc" id="naclite_8h_html_a09a1c4b3c26592ef93892feb67767113"><div class="ttname"><a href="naclite_8h.html#a09a1c4b3c26592ef93892feb67767113">crypto_box_beforenm</a></div><div class="ttdeci">int crypto_box_beforenm(byte *k, const byte *y, const byte *x)</div><div class="ttdoc">Encrypt and authenticate a message. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00516">tweetnacl.cpp:516</a></div></div>
<div class="ttc" id="naclite_8h_html_aceecda08cbfd5aa60ef23e608687f641"><div class="ttname"><a href="naclite_8h.html#aceecda08cbfd5aa60ef23e608687f641">crypto_secretbox</a></div><div class="ttdeci">int crypto_secretbox(byte *c, const byte *m, word64 d, const byte *n, const byte *k)</div><div class="ttdoc">Encrypt and authenticate a message. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00268">tweetnacl.cpp:268</a></div></div>
<div class="ttc" id="naclite_8h_html_a5eaee390489d2a7b9998efa1ac46db37"><div class="ttname"><a href="naclite_8h.html#a5eaee390489d2a7b9998efa1ac46db37">crypto_stream_salsa20</a></div><div class="ttdeci">int crypto_stream_salsa20(byte *c, word64 d, const byte *n, const byte *k)</div><div class="ttdoc">Produce a keystream using Salsa20. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00175">tweetnacl.cpp:175</a></div></div>
<div class="ttc" id="naclite_8h_html_aa296b9fdb62ddce1fe87043e626fd574"><div class="ttname"><a href="naclite_8h.html#aa296b9fdb62ddce1fe87043e626fd574">crypto_onetimeauth_verify</a></div><div class="ttdeci">int crypto_onetimeauth_verify(const byte *h, const byte *m, word64 n, const byte *k)</div><div class="ttdoc">Verify an authentication tag on a message. </div><div class="ttdef"><b>Definition:</b> <a href="tweetnacl_8cpp_source.html#l00261">tweetnacl.cpp:261</a></div></div>
<div class="ttc" id="osrng_8h_html"><div class="ttname"><a href="osrng_8h.html">osrng.h</a></div><div class="ttdoc">Classes for access to the operating system&#39;s random number generators. </div></div>
<div class="ttc" id="class_default_auto_seeded_r_n_g_html"><div class="ttname"><a href="class_default_auto_seeded_r_n_g.html">DefaultAutoSeededRNG</a></div><div class="ttdoc">A typedef providing a default generator. </div><div class="ttdef"><b>Definition:</b> <a href="osrng_8h_source.html#l00263">osrng.h:263</a></div></div>
</div><!-- fragment --></div><!-- contents -->
<!-- start footer part -->
<hr class="footer"/><address class="footer"><small>
Generated on Sun Sep 16 2018 07:58:07 for Crypto++ by  <a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/>
</a> 1.8.14
</small></address>
</body>
</html>
distrib
>
Mageia
>
7
>
armv7hl
>
media
>
core-release
>
by-pkgid
>
0a67b807a02637f2cae68649d519a89d
>
files
>
3179
