+#ifndef NTRACE
+static void naclbox_tracealgs(const bulkalgs *aa)
+{
+ const naclbox_algs *a = (const naclbox_algs *)aa;
+
+ trace(T_CRYPTO, "crypto: cipher = %s", a->c->name);
+ trace(T_CRYPTO, "crypto: mac = poly1305/128");
+}
+#endif
+
+#define naclbox_checkalgs aead_checkalgs
+#define naclbox_samealgsp aead_samealgsp
+
+static void naclbox_alginfo(const bulkalgs *aa, admin *adm)
+{
+ const naclbox_algs *a = (const naclbox_algs *)aa;
+ a_info(adm, "cipher=%s", a->c->name, "cipher-keysz=32", A_END);
+ a_info(adm, "mac=poly1305", "mac-tagsz=16", A_END);
+}
+
+#define naclbox_overhead aead_overhead
+#define naclbox_expsz aead_expsz
+#define naclbox_genkeys aead_genkeys
+
+typedef struct naclbox_chal {
+ bulkchal _b;
+ gcipher *c;
+} naclbox_chal;
+
+static bulkchal *naclbox_genchal(const bulkalgs *aa)
+{
+ const naclbox_algs *a = (const naclbox_algs *)aa;
+ naclbox_chal *c = CREATE(naclbox_chal);
+ rand_get(RAND_GLOBAL, buf_t, a->_b.ksz);
+ c->c = GC_INIT(a->c, buf_t, a->_b.ksz);
+ IF_TRACING(T_CHAL, {
+ trace(T_CHAL, "chal: generated new challenge key");
+ trace_block(T_CRYPTO, "chal: new key", buf_t, a->_b.ksz);
+ })
+ c->_b.tagsz = POLY1305_TAGSZ;
+ return (&c->_b);
+}
+
+static int naclbox_chaltag(bulkchal *bc, const void *m, size_t msz,
+ uint32 seq, void *t)
+{
+ naclbox_chal *c = (naclbox_chal *)bc;
+ poly1305_key pk;
+ poly1305_ctx pm;
+ octet b[POLY1305_KEYSZ + POLY1305_MASKSZ];
+
+ STATIC_ASSERT(SALSA20_NONCESZ <= sizeof(b), "Need more space for nonce");
+
+ memset(b, 0, SALSA20_NONCESZ - 4); STORE32(b + SALSA20_NONCESZ - 4, seq);
+ GC_SETIV(c->c, b); GC_ENCRYPT(c->c, 0, b, sizeof(b));
+ poly1305_keyinit(&pk, b, POLY1305_KEYSZ);
+ poly1305_macinit(&pm, &pk, b + POLY1305_KEYSZ);
+ if (msz) poly1305_hash(&pm, m, msz);
+ poly1305_done(&pm, t);