Crypto++ 8.9
Free C++ class library of cryptographic schemes
Functions
naclite.h File Reference

Crypto++ interface to TweetNaCl library (20140917) More...

Go to the source code of this file.

Functions

int crypto_box (byte *c, const byte *m, word64 d, const byte *n, const byte *y, const byte *x)
 Encrypt and authenticate a message.
 
int crypto_box_open (byte *m, const byte *c, word64 d, const byte *n, const byte *y, const byte *x)
 Verify and decrypt a message.
 
int crypto_box_keypair (byte *y, byte *x)
 Generate a keypair for encryption.
 
int crypto_box_beforenm (byte *k, const byte *y, const byte *x)
 Encrypt and authenticate a message.
 
int crypto_box_afternm (byte *c, const byte *m, word64 d, const byte *n, const byte *k)
 Encrypt and authenticate a message.
 
int crypto_box_open_afternm (byte *m, const byte *c, word64 d, const byte *n, const byte *k)
 Verify and decrypt a message.
 
int crypto_box_unchecked (byte *c, const byte *m, word64 d, const byte *n, const byte *y, const byte *x)
 Encrypt and authenticate a message.
 
int crypto_box_open_unchecked (byte *m, const byte *c, word64 d, const byte *n, const byte *y, const byte *x)
 Verify and decrypt a message.
 
int crypto_box_beforenm_unchecked (byte *k, const byte *y, const byte *x)
 Encrypt and authenticate a message.
 
int crypto_core_salsa20 (byte *out, const byte *in, const byte *k, const byte *c)
 TODO.
 
int crypto_core_hsalsa20 (byte *out, const byte *in, const byte *k, const byte *c)
 TODO.
 
int crypto_hashblocks (byte *x, const byte *m, word64 n)
 Hash multiple blocks.
 
int crypto_hash (byte *out, const byte *m, word64 n)
 Hash a message.
 
int crypto_onetimeauth (byte *out, const byte *m, word64 n, const byte *k)
 Create an authentication tag for a message.
 
int crypto_onetimeauth_verify (const byte *h, const byte *m, word64 n, const byte *k)
 Verify an authentication tag on a message.
 
int crypto_scalarmult (byte *q, const byte *n, const byte *p)
 Scalar multiplication of a point.
 
int crypto_scalarmult_base (byte *q, const byte *n)
 Scalar multiplication of base point.
 
int crypto_secretbox (byte *c, const byte *m, word64 d, const byte *n, const byte *k)
 Encrypt and authenticate a message.
 
int crypto_secretbox_open (byte *m, const byte *c, word64 d, const byte *n, const byte *k)
 Verify and decrypt a message.
 
int crypto_sign (byte *sm, word64 *smlen, const byte *m, word64 n, const byte *sk)
 Sign a message.
 
int crypto_sign_open (byte *m, word64 *mlen, const byte *sm, word64 n, const byte *pk)
 Verify a message.
 
int crypto_sign_keypair (byte *pk, byte *sk)
 Generate a keypair for signing.
 
int crypto_sign_sk2pk (byte *pk, const byte *sk)
 Calculate a public key from a secret key.
 
int crypto_stream (byte *c, word64 d, const byte *n, const byte *k)
 Produce a keystream using XSalsa20.
 
int crypto_stream_xor (byte *c, const byte *m, word64 d, const byte *n, const byte *k)
 Encrypt a message using XSalsa20.
 
int crypto_stream_salsa20 (byte *c, word64 d, const byte *n, const byte *k)
 Produce a keystream using Salsa20.
 
int crypto_stream_salsa20_xor (byte *c, const byte *m, word64 b, const byte *n, const byte *k)
 Encrypt a message using Salsa20.
 
int crypto_verify_16 (const byte *x, const byte *y)
 Compare 16-byte buffers.
 
int crypto_verify_32 (const byte *x, const byte *y)
 Compare 32-byte buffers.
 

Detailed Description

Crypto++ interface to TweetNaCl library (20140917)

TweetNaCl is a compact reimplementation of the NaCl library by Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja Lange, Peter Schwabe and Sjaak Smetsers. The library is less than 20 KB in size and provides 25 of the NaCl library functions.

The compact library uses curve25519, XSalsa20, Poly1305 and SHA-512 as default primitives, and includes both x25519 key exchange and ed25519 signatures. The complete list of functions can be found in TweetNaCl: A crypto library in 100 tweets (20140917), Table 1, page 5.

Crypto++ rejects small order elements using libsodium's blacklist. The TweetNaCl library allowed them but the library predated the attack. If you wish to allow small elements then use the "unchecked" versions of crypto_box_unchecked, crypto_box_open_unchecked and crypto_box_beforenm_unchecked.

TweetNaCl is well written but not well optimzed. It runs about 10x slower than optimized routines from libsodium. However, the library is still 2x to 4x faster than the algorithms NaCl was designed to replace and allows cross-checking results from an independent implementation.

The Crypto++ wrapper for TweetNaCl requires OS features. That is, NO_OS_DEPENDENCE cannot be defined. It is due to TweetNaCl's internal function randombytes. Crypto++ used DefaultAutoSeededRNG within randombytes, so OS integration must be enabled. You can use another generator like RDRAND to avoid the restriction.

See also
The security impact of a new cryptographic library, TweetNaCl: A crypto library in 100 tweets (20140917), May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519, libsodium commit afabd7e7386e1194 and RFC 7748, Elliptic Curves for Security, Section 6.
Since
Crypto++ 6.0

Definition in file naclite.h.

Function Documentation

◆ crypto_box()

int crypto_box ( byte * c,
const byte * m,
word64 d,
const byte * n,
const byte * y,
const byte * x )

Encrypt and authenticate a message.

Parameters
coutput byte buffer
minput byte buffer
dsize of the input byte buffer
nnonce byte buffer
yother's public key
xprivate key

crypto_box() uses crypto_box_curve25519xsalsa20poly1305

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_box documentation
Since
Crypto++ 6.0

Definition at line 550 of file tweetnacl.cpp.

◆ crypto_box_open()

int crypto_box_open ( byte * m,
const byte * c,
word64 d,
const byte * n,
const byte * y,
const byte * x )

Verify and decrypt a message.

Parameters
moutput byte buffer
cinput byte buffer
dsize of the input byte buffer
nnonce byte buffer
yother's public key
xprivate key

crypto_box_open() uses crypto_box_curve25519xsalsa20poly1305

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_box documentation
Since
Crypto++ 6.0

Definition at line 564 of file tweetnacl.cpp.

◆ crypto_box_keypair()

int crypto_box_keypair ( byte * y,
byte * x )

Generate a keypair for encryption.

Parameters
ypublic key byte buffer
xprivate key byte buffer
Returns
0 on success, non-0 otherwise
See also
NaCl crypto_box documentation
Since
Crypto++ 6.0

Definition at line 516 of file tweetnacl.cpp.

◆ crypto_box_beforenm()

int crypto_box_beforenm ( byte * k,
const byte * y,
const byte * x )

Encrypt and authenticate a message.

Parameters
kshared secret byte buffer
yother's public key
xprivate key

crypto_box_beforenm() performs message-independent precomputation to derive the key. Once the key is derived multiple calls to crypto_box_afternm() can be made to process the message.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_box documentation
Since
Crypto++ 6.0

Definition at line 524 of file tweetnacl.cpp.

◆ crypto_box_afternm()

int crypto_box_afternm ( byte * c,
const byte * m,
word64 d,
const byte * n,
const byte * k )

Encrypt and authenticate a message.

Parameters
moutput byte buffer
cinput byte buffer
dsize of the input byte buffer
nnonce byte buffer
kshared secret byte buffer

crypto_box_afternm() performs message-dependent computation using the derived the key. Once the key is derived using crypto_box_beforenm() multiple calls to crypto_box_afternm() can be made to process the message.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_box documentation
Since
Crypto++ 6.0

Definition at line 540 of file tweetnacl.cpp.

◆ crypto_box_open_afternm()

int crypto_box_open_afternm ( byte * m,
const byte * c,
word64 d,
const byte * n,
const byte * k )

Verify and decrypt a message.

Parameters
moutput byte buffer
cinput byte buffer
dsize of the input byte buffer
nnonce byte buffer
kshared secret byte buffer

crypto_box_afternm() performs message-dependent computation using the derived the key. Once the key is derived using crypto_box_beforenm() multiple calls to crypto_box_open_afternm() can be made to process the message.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_box documentation
Since
Crypto++ 6.0

Definition at line 545 of file tweetnacl.cpp.

◆ crypto_box_unchecked()

int crypto_box_unchecked ( byte * c,
const byte * m,
word64 d,
const byte * n,
const byte * y,
const byte * x )

Encrypt and authenticate a message.

Parameters
coutput byte buffer
minput byte buffer
dsize of the input byte buffer
nnonce byte buffer
yother's public key
xprivate key

crypto_box() uses crypto_box_curve25519xsalsa20poly1305.

This version of crypto_box() does not check for small order elements. It can be unsafe but it exists for backwards compatibility with downlevel clients. Without the compatibility interop with early versions of NaCl, libsodium and other libraries does not exist. The downlevel interop may also be needed of cryptocurrencies like Bitcoin, Ethereum, Monero and Zcash.

Returns
0 on success, non-0 otherwise
Warning
This version of crypto_box() does not check for small order elements. It should not be used in new software.
See also
NaCl crypto_box documentation, May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519, libsodium commit afabd7e7386e1194.
Since
Crypto++ 6.0

Definition at line 557 of file tweetnacl.cpp.

◆ crypto_box_open_unchecked()

int crypto_box_open_unchecked ( byte * m,
const byte * c,
word64 d,
const byte * n,
const byte * y,
const byte * x )

Verify and decrypt a message.

Parameters
moutput byte buffer
cinput byte buffer
dsize of the input byte buffer
nnonce byte buffer
yother's public key
xprivate key

crypto_box_open() uses crypto_box_curve25519xsalsa20poly1305.

This version of crypto_box_open() does not check for small order elements. It can be unsafe but it exists for backwards compatibility with downlevel clients. Without the compatibility interop with early versions of NaCl, libsodium and other libraries does not exist. The downlevel interop may also be needed of cryptocurrencies like Bitcoin, Ethereum, Monero and Zcash.

Returns
0 on success, non-0 otherwise
Warning
This version of crypto_box_open() does not check for small order elements. It should not be used in new software.
See also
NaCl crypto_box documentation, May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519, libsodium commit afabd7e7386e1194.
Since
Crypto++ 6.0

Definition at line 571 of file tweetnacl.cpp.

◆ crypto_box_beforenm_unchecked()

int crypto_box_beforenm_unchecked ( byte * k,
const byte * y,
const byte * x )

Encrypt and authenticate a message.

Parameters
kshared secret byte buffer
yother's public key
xprivate key

crypto_box_beforenm() performs message-independent precomputation to derive the key. Once the key is derived multiple calls to crypto_box_afternm() can be made to process the message.

This version of crypto_box_beforenm() does not check for small order elements. It can be unsafe but it exists for backwards compatibility with downlevel clients. Without the compatibility interop with early versions of NaCl, libsodium and other libraries does not exist. The downlevel interop may also be needed of cryptocurrencies like Bitcoin, Ethereum, Monero and Zcash.

Returns
0 on success, non-0 otherwise
Warning
This version of crypto_box_beforenm() does not check for small order elements. It should not be used in new software.
See also
NaCl crypto_box documentation, May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519, libsodium commit afabd7e7386e1194.
Since
Crypto++ 6.0

Definition at line 533 of file tweetnacl.cpp.

◆ crypto_core_salsa20()

int crypto_core_salsa20 ( byte * out,
const byte * in,
const byte * k,
const byte * c )

TODO.

Definition at line 142 of file tweetnacl.cpp.

◆ crypto_core_hsalsa20()

int crypto_core_hsalsa20 ( byte * out,
const byte * in,
const byte * k,
const byte * c )

TODO.

Returns
0 on success, non-0 otherwise
Since
Crypto++ 6.0

Definition at line 148 of file tweetnacl.cpp.

◆ crypto_hashblocks()

int crypto_hashblocks ( byte * x,
const byte * m,
word64 n )

Hash multiple blocks.

crypto_hashblocks() uses crypto_hashblocks_sha512.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_hash documentation
Since
Crypto++ 6.0

Definition at line 610 of file tweetnacl.cpp.

◆ crypto_hash()

int crypto_hash ( byte * out,
const byte * m,
word64 n )

Hash a message.

crypto_hash() uses crypto_hash_sha512.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_hash documentation
Since
Crypto++ 6.0

Definition at line 653 of file tweetnacl.cpp.

◆ crypto_onetimeauth()

int crypto_onetimeauth ( byte * out,
const byte * m,
word64 n,
const byte * k )

Create an authentication tag for a message.

crypto_onetimeauth() uses crypto_onetimeauth_poly1305.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_onetimeauth documentation
Since
Crypto++ 6.0

Definition at line 216 of file tweetnacl.cpp.

◆ crypto_onetimeauth_verify()

int crypto_onetimeauth_verify ( const byte * h,
const byte * m,
word64 n,
const byte * k )

Verify an authentication tag on a message.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_onetimeauth documentation
Since
Crypto++ 6.0

Definition at line 269 of file tweetnacl.cpp.

◆ crypto_scalarmult()

int crypto_scalarmult ( byte * q,
const byte * n,
const byte * p )

Scalar multiplication of a point.

crypto_scalarmult() uses crypto_scalarmult_curve25519

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_scalarmult documentation
Since
Crypto++ 6.0

Definition at line 460 of file tweetnacl.cpp.

◆ crypto_scalarmult_base()

int crypto_scalarmult_base ( byte * q,
const byte * n )

Scalar multiplication of base point.

crypto_scalarmult_base() uses crypto_scalarmult_curve25519

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_scalarmult documentation
Since
Crypto++ 6.0

Definition at line 511 of file tweetnacl.cpp.

◆ crypto_secretbox()

int crypto_secretbox ( byte * c,
const byte * m,
word64 d,
const byte * n,
const byte * k )

Encrypt and authenticate a message.

crypto_secretbox() uses a symmetric key to encrypt and authenticate a message.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_secretbox documentation
Since
Crypto++ 6.0

Definition at line 276 of file tweetnacl.cpp.

◆ crypto_secretbox_open()

int crypto_secretbox_open ( byte * m,
const byte * c,
word64 d,
const byte * n,
const byte * k )

Verify and decrypt a message.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_secretbox documentation
Since
Crypto++ 6.0

Definition at line 286 of file tweetnacl.cpp.

◆ crypto_sign()

int crypto_sign ( byte * sm,
word64 * smlen,
const byte * m,
word64 n,
const byte * sk )

Sign a message.

Parameters
smoutput byte buffer
smlensize of the output byte buffer
minput byte buffer
nsize of the input byte buffer
skprivate key

crypto_sign() uses crypto_sign_ed25519.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_sign documentation
Since
Crypto++ 6.0

Definition at line 821 of file tweetnacl.cpp.

◆ crypto_sign_open()

int crypto_sign_open ( byte * m,
word64 * mlen,
const byte * sm,
word64 n,
const byte * pk )

Verify a message.

Parameters
moutput byte buffer
mlensize of the output byte buffer
sminput byte buffer
nsize of the input byte buffer
pkpublic key
Returns
0 on success, non-0 otherwise
See also
NaCl crypto_sign documentation
Since
Crypto++ 6.0

Definition at line 889 of file tweetnacl.cpp.

◆ crypto_sign_keypair()

int crypto_sign_keypair ( byte * pk,
byte * sk )

Generate a keypair for signing.

Parameters
pkpublic key byte buffer
skprivate key byte buffer

crypto_sign_keypair() creates an ed25519 keypair.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_sign documentation
Since
Crypto++ 6.0

Definition at line 747 of file tweetnacl.cpp.

◆ crypto_sign_sk2pk()

int crypto_sign_sk2pk ( byte * pk,
const byte * sk )

Calculate a public key from a secret key.

Parameters
pkpublic key byte buffer
skprivate key byte buffer

crypto_sign_sk2pk() creates an ed25519 public key from an existing 32-byte secret key. The function does not backfill the tail bytes of the secret key with the calculated public key.

crypto_sign_sk2pk() is not part of libsodium or Tweet API. It was added for interop with some anonymous routing protocols.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_sign documentation
Since
Crypto++ 8.0

Definition at line 766 of file tweetnacl.cpp.

◆ crypto_stream()

int crypto_stream ( byte * c,
word64 d,
const byte * n,
const byte * k )

Produce a keystream using XSalsa20.

crypto_stream() uses crypto_stream_xsalsa20

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_stream documentation
Since
Crypto++ 6.0

Definition at line 188 of file tweetnacl.cpp.

◆ crypto_stream_xor()

int crypto_stream_xor ( byte * c,
const byte * m,
word64 d,
const byte * n,
const byte * k )

Encrypt a message using XSalsa20.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_stream documentation
Since
Crypto++ 6.0

Definition at line 195 of file tweetnacl.cpp.

◆ crypto_stream_salsa20()

int crypto_stream_salsa20 ( byte * c,
word64 d,
const byte * n,
const byte * k )

Produce a keystream using Salsa20.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_stream documentation
Since
Crypto++ 6.0

Definition at line 183 of file tweetnacl.cpp.

◆ crypto_stream_salsa20_xor()

int crypto_stream_salsa20_xor ( byte * c,
const byte * m,
word64 b,
const byte * n,
const byte * k )

Encrypt a message using Salsa20.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_stream documentation
Since
Crypto++ 6.0

Definition at line 156 of file tweetnacl.cpp.

◆ crypto_verify_16()

int crypto_verify_16 ( const byte * x,
const byte * y )

Compare 16-byte buffers.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_verify documentation
Since
Crypto++ 6.0

Definition at line 92 of file tweetnacl.cpp.

◆ crypto_verify_32()

int crypto_verify_32 ( const byte * x,
const byte * y )

Compare 32-byte buffers.

Returns
0 on success, non-0 otherwise
See also
NaCl crypto_verify documentation
Since
Crypto++ 6.0

Definition at line 97 of file tweetnacl.cpp.