diff --git a/sys/conf/files b/sys/conf/files
index 6612756d081..ea562dd711c 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -188,6 +188,12 @@ include "crypto/nist_ctr_drbg/files.nist_ctr_drbg"
# ChaCha-based fast PRNG
include "crypto/cprng_fast/files.cprng_fast"
+# BLAKE2s, a cryptographic hash function optimized for 8- to 32-bit
+include "crypto/blake2/files.blake2s"
+
+# Various cryptography functions
+include "crypto/sodium/files.sodium"
+
#
# Kernel history/tracing. Old UVMHIST depends upon this.
#
diff --git a/sys/crypto/blake2/blake2.h b/sys/crypto/blake2/blake2.h
new file mode 100644
index 00000000000..7236187f5e5
--- /dev/null
+++ b/sys/crypto/blake2/blake2.h
@@ -0,0 +1,184 @@
+/* $NetBSD$ */
+/*
+ BLAKE2 reference source code package - optimized C implementations
+
+ Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+ To the extent possible under law, the author(s) have dedicated all copyright
+ and related and neighboring rights to this software to the public domain
+ worldwide. This software is distributed without any warranty.
+
+ You should have received a copy of the CC0 Public Domain Dedication along with
+ this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+*/
+#pragma once
+#ifndef __CRYPTO_BLAKE2_H__
+#define __CRYPTO_BLAKE2_H__
+
+#if 0
+#include <stddef.h>
+#include <stdint.h>
+#endif
+
+#if defined(_WIN32) || defined(__CYGWIN__)
+ #define BLAKE2_DLL_IMPORT __declspec(dllimport)
+ #define BLAKE2_DLL_EXPORT __declspec(dllexport)
+ #define BLAKE2_DLL_PRIVATE
+#elif __GNUC__ >= 4
+ #define BLAKE2_DLL_IMPORT __attribute__ ((visibility ("default")))
+ #define BLAKE2_DLL_EXPORT __attribute__ ((visibility ("default")))
+ #define BLAKE2_DLL_PRIVATE __attribute__ ((visibility ("hidden")))
+#else
+ #define BLAKE2_DLL_IMPORT
+ #define BLAKE2_DLL_EXPORT
+ #define BLAKE2_DLL_PRIVATE
+#endif
+
+#if defined(BLAKE2_DLL)
+ #if defined(BLAKE2_DLL_EXPORTS) // defined if we are building the DLL
+ #define BLAKE2_API BLAKE2_DLL_EXPORT
+ #else
+ #define BLAKE2_API BLAKE2_DLL_IMPORT
+ #endif
+ #define BLAKE2_PRIVATE BLAKE2_DLL_PRIVATE // must only be used by hidden logic
+#else
+ #define BLAKE2_API
+ #define BLAKE2_PRIVATE
+#endif
+
+#if defined(__cplusplus)
+extern "C" {
+#elif defined(_MSC_VER) && !defined(inline)
+#define inline __inline
+#endif
+
+ enum blake2s_constant
+ {
+ BLAKE2S_BLOCKBYTES = 64,
+ BLAKE2S_OUTBYTES = 32,
+ BLAKE2S_KEYBYTES = 32,
+ BLAKE2S_SALTBYTES = 8,
+ BLAKE2S_PERSONALBYTES = 8
+ };
+
+ enum blake2b_constant
+ {
+ BLAKE2B_BLOCKBYTES = 128,
+ BLAKE2B_OUTBYTES = 64,
+ BLAKE2B_KEYBYTES = 64,
+ BLAKE2B_SALTBYTES = 16,
+ BLAKE2B_PERSONALBYTES = 16
+ };
+
+#pragma pack(push, 1)
+ typedef struct __blake2s_param
+ {
+ uint8_t digest_length; // 1
+ uint8_t key_length; // 2
+ uint8_t fanout; // 3
+ uint8_t depth; // 4
+ uint32_t leaf_length; // 8
+ uint8_t node_offset[6];// 14
+ uint8_t node_depth; // 15
+ uint8_t inner_length; // 16
+ // uint8_t reserved[0];
+ uint8_t salt[BLAKE2S_SALTBYTES]; // 24
+ uint8_t personal[BLAKE2S_PERSONALBYTES]; // 32
+ } blake2s_param;
+
+ typedef struct __blake2s_state
+ {
+ uint32_t h[8];
+ uint32_t t[2];
+ uint32_t f[2];
+ uint8_t buf[2 * BLAKE2S_BLOCKBYTES];
+ uint32_t buflen;
+ uint8_t outlen;
+ uint8_t last_node;
+ } blake2s_state;
+
+ typedef struct __blake2b_param
+ {
+ uint8_t digest_length; // 1
+ uint8_t key_length; // 2
+ uint8_t fanout; // 3
+ uint8_t depth; // 4
+ uint32_t leaf_length; // 8
+ uint64_t node_offset; // 16
+ uint8_t node_depth; // 17
+ uint8_t inner_length; // 18
+ uint8_t reserved[14]; // 32
+ uint8_t salt[BLAKE2B_SALTBYTES]; // 48
+ uint8_t personal[BLAKE2B_PERSONALBYTES]; // 64
+ } blake2b_param;
+
+ typedef struct __blake2b_state
+ {
+ uint64_t h[8];
+ uint64_t t[2];
+ uint64_t f[2];
+ uint8_t buf[2 * BLAKE2B_BLOCKBYTES];
+ uint32_t buflen;
+ uint8_t outlen;
+ uint8_t last_node;
+ } blake2b_state;
+
+ typedef struct __blake2sp_state
+ {
+ blake2s_state S[8][1];
+ blake2s_state R[1];
+ uint8_t buf[8 * BLAKE2S_BLOCKBYTES];
+ uint32_t buflen;
+ uint8_t outlen;
+ } blake2sp_state;
+
+ typedef struct __blake2bp_state
+ {
+ blake2b_state S[4][1];
+ blake2b_state R[1];
+ uint8_t buf[4 * BLAKE2B_BLOCKBYTES];
+ uint32_t buflen;
+ uint8_t outlen;
+ } blake2bp_state;
+#pragma pack(pop)
+
+ // Streaming API
+ BLAKE2_API int blake2s_init( blake2s_state *S, size_t outlen );
+ BLAKE2_API int blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen );
+ BLAKE2_API int blake2s_init_param( blake2s_state *S, const blake2s_param *P );
+ BLAKE2_API int blake2s_update( blake2s_state *S, const uint8_t *in, size_t inlen );
+ BLAKE2_API int blake2s_final( blake2s_state *S, uint8_t *out, size_t outlen );
+
+ BLAKE2_API int blake2b_init( blake2b_state *S, size_t outlen );
+ BLAKE2_API int blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen );
+ BLAKE2_API int blake2b_init_param( blake2b_state *S, const blake2b_param *P );
+ BLAKE2_API int blake2b_update( blake2b_state *S, const uint8_t *in, size_t inlen );
+ BLAKE2_API int blake2b_final( blake2b_state *S, uint8_t *out, size_t outlen );
+
+ BLAKE2_API int blake2sp_init( blake2sp_state *S, size_t outlen );
+ BLAKE2_API int blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen );
+ BLAKE2_API int blake2sp_update( blake2sp_state *S, const uint8_t *in, size_t inlen );
+ BLAKE2_API int blake2sp_final( blake2sp_state *S, uint8_t *out, size_t outlen );
+
+ BLAKE2_API int blake2bp_init( blake2bp_state *S, size_t outlen );
+ BLAKE2_API int blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen );
+ BLAKE2_API int blake2bp_update( blake2bp_state *S, const uint8_t *in, size_t inlen );
+ BLAKE2_API int blake2bp_final( blake2bp_state *S, uint8_t *out, size_t outlen );
+
+ // Simple API
+ BLAKE2_API int blake2s( uint8_t *out, const void *in, const void *key, size_t outlen, size_t inlen, size_t keylen );
+ BLAKE2_API int blake2b( uint8_t *out, const void *in, const void *key, size_t outlen, size_t inlen, size_t keylen );
+
+ BLAKE2_API int blake2sp( uint8_t *out, const void *in, const void *key, size_t outlen, size_t inlen, size_t keylen );
+ BLAKE2_API int blake2bp( uint8_t *out, const void *in, const void *key, size_t outlen, size_t inlen, size_t keylen );
+
+ static inline int blake2( uint8_t *out, const void *in, const void *key, size_t outlen, size_t inlen, size_t keylen )
+ {
+ return blake2b( out, in, key, outlen, inlen, keylen );
+ }
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* __CRYPTO_BLAKE2_H__ */
diff --git a/sys/crypto/blake2/files.blake2s b/sys/crypto/blake2/files.blake2s
new file mode 100644
index 00000000000..e942f01e1f1
--- /dev/null
+++ b/sys/crypto/blake2/files.blake2s
@@ -0,0 +1,3 @@
+# $NetBSD$
+
+include "external/cc0/libb2/conf/files.blake2s"
diff --git a/sys/crypto/sodium/crypto_aead_chacha20poly1305.h b/sys/crypto/sodium/crypto_aead_chacha20poly1305.h
new file mode 100644
index 00000000000..c7dc264cd56
--- /dev/null
+++ b/sys/crypto/sodium/crypto_aead_chacha20poly1305.h
@@ -0,0 +1,176 @@
+#ifndef crypto_aead_chacha20poly1305_H
+#define crypto_aead_chacha20poly1305_H
+
+#if 0
+#include <stddef.h>
+#endif
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+/* -- IETF ChaCha20-Poly1305 construction with a 96-bit nonce and a 32-bit internal counter -- */
+
+#define crypto_aead_chacha20poly1305_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_keybytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_nsecbytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_NPUBBYTES 12U
+
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_npubbytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_abytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX \
+ SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ietf_ABYTES, \
+ (64ULL * (1ULL << 32) - 64ULL) - crypto_aead_chacha20poly1305_ietf_ABYTES)
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c,
+ unsigned long long *clen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m,
+ unsigned long long *mlen_p,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c,
+ unsigned char *mac,
+ unsigned long long *maclen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *mac,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES]);
+
+/* -- Original ChaCha20-Poly1305 construction with a 64-bit nonce and a 64-bit internal counter -- */
+
+#define crypto_aead_chacha20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_keybytes(void);
+
+#define crypto_aead_chacha20poly1305_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_nsecbytes(void);
+
+#define crypto_aead_chacha20poly1305_NPUBBYTES 8U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_npubbytes(void);
+
+#define crypto_aead_chacha20poly1305_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_abytes(void);
+
+#define crypto_aead_chacha20poly1305_MESSAGEBYTES_MAX \
+ (SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ABYTES)
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
+ unsigned long long *clen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
+ unsigned long long *mlen_p,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c,
+ unsigned char *mac,
+ unsigned long long *maclen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *mac,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES]);
+
+/* Aliases */
+
+#define crypto_aead_chacha20poly1305_IETF_KEYBYTES crypto_aead_chacha20poly1305_ietf_KEYBYTES
+#define crypto_aead_chacha20poly1305_IETF_NSECBYTES crypto_aead_chacha20poly1305_ietf_NSECBYTES
+#define crypto_aead_chacha20poly1305_IETF_NPUBBYTES crypto_aead_chacha20poly1305_ietf_NPUBBYTES
+#define crypto_aead_chacha20poly1305_IETF_ABYTES crypto_aead_chacha20poly1305_ietf_ABYTES
+#define crypto_aead_chacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/sys/crypto/sodium/crypto_aead_xchacha20poly1305.h b/sys/crypto/sodium/crypto_aead_xchacha20poly1305.h
new file mode 100644
index 00000000000..32c945dcbb8
--- /dev/null
+++ b/sys/crypto/sodium/crypto_aead_xchacha20poly1305.h
@@ -0,0 +1,99 @@
+#ifndef crypto_aead_xchacha20poly1305_H
+#define crypto_aead_xchacha20poly1305_H
+
+#if 0
+#include <stddef.h>
+#endif
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_aead_xchacha20poly1305_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_keybytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_nsecbytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_NPUBBYTES 24U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_npubbytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_abytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX \
+ (SODIUM_SIZE_MAX - crypto_aead_xchacha20poly1305_ietf_ABYTES)
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c,
+ unsigned long long *clen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k);
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m,
+ unsigned long long *mlen_p,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c,
+ unsigned char *mac,
+ unsigned long long *maclen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k);
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *mac,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES]);
+
+/* Aliases */
+
+#define crypto_aead_xchacha20poly1305_IETF_KEYBYTES crypto_aead_xchacha20poly1305_ietf_KEYBYTES
+#define crypto_aead_xchacha20poly1305_IETF_NSECBYTES crypto_aead_xchacha20poly1305_ietf_NSECBYTES
+#define crypto_aead_xchacha20poly1305_IETF_NPUBBYTES crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
+#define crypto_aead_xchacha20poly1305_IETF_ABYTES crypto_aead_xchacha20poly1305_ietf_ABYTES
+#define crypto_aead_xchacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/sys/crypto/sodium/crypto_kx.h b/sys/crypto/sodium/crypto_kx.h
new file mode 100644
index 00000000000..f70c5025779
--- /dev/null
+++ b/sys/crypto/sodium/crypto_kx.h
@@ -0,0 +1,65 @@
+#ifndef crypto_kx_H
+#define crypto_kx_H
+
+#if 0
+#include <stddef.h>
+#endif
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kx_PUBLICKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_publickeybytes(void);
+
+#define crypto_kx_SECRETKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_secretkeybytes(void);
+
+#define crypto_kx_SEEDBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_seedbytes(void);
+
+#define crypto_kx_SESSIONKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_sessionkeybytes(void);
+
+#define crypto_kx_PRIMITIVE "x25519blake2b"
+SODIUM_EXPORT
+const char *crypto_kx_primitive(void);
+
+SODIUM_EXPORT
+int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+ unsigned char sk[crypto_kx_SECRETKEYBYTES],
+ const unsigned char seed[crypto_kx_SEEDBYTES]);
+
+SODIUM_EXPORT
+int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+ unsigned char sk[crypto_kx_SECRETKEYBYTES]);
+
+SODIUM_EXPORT
+int crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+ unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+ const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES],
+ const unsigned char client_sk[crypto_kx_SECRETKEYBYTES],
+ const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES])
+ __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+ unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+ const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES],
+ const unsigned char server_sk[crypto_kx_SECRETKEYBYTES],
+ const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES])
+ __attribute__ ((warn_unused_result));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/sys/crypto/sodium/crypto_scalarmult.h b/sys/crypto/sodium/crypto_scalarmult.h
new file mode 100644
index 00000000000..e688f11e828
--- /dev/null
+++ b/sys/crypto/sodium/crypto_scalarmult.h
@@ -0,0 +1,46 @@
+#ifndef crypto_scalarmult_H
+#define crypto_scalarmult_H
+
+#if 0
+#include <stddef.h>
+#endif
+#include "crypto_scalarmult_curve25519.h"
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES
+SODIUM_EXPORT
+size_t crypto_scalarmult_bytes(void);
+
+#define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES
+SODIUM_EXPORT
+size_t crypto_scalarmult_scalarbytes(void);
+
+#define crypto_scalarmult_PRIMITIVE "curve25519"
+SODIUM_EXPORT
+const char *crypto_scalarmult_primitive(void);
+
+SODIUM_EXPORT
+int crypto_scalarmult_base(unsigned char *q, const unsigned char *n);
+
+/*
+ * NOTE: Do not use the result of this function directly.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult(unsigned char *q, const unsigned char *n,
+ const unsigned char *p)
+ __attribute__ ((warn_unused_result));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/sys/crypto/sodium/crypto_scalarmult_curve25519.h b/sys/crypto/sodium/crypto_scalarmult_curve25519.h
new file mode 100644
index 00000000000..92894c8519d
--- /dev/null
+++ b/sys/crypto/sodium/crypto_scalarmult_curve25519.h
@@ -0,0 +1,42 @@
+#ifndef crypto_scalarmult_curve25519_H
+#define crypto_scalarmult_curve25519_H
+
+#if 0
+#include <stddef.h>
+#endif
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_curve25519_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_curve25519_bytes(void);
+
+#define crypto_scalarmult_curve25519_SCALARBYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_curve25519_scalarbytes(void);
+
+/*
+ * NOTE: Do not use the result of this function directly.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n,
+ const unsigned char *p)
+ __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int crypto_scalarmult_curve25519_base(unsigned char *q, const unsigned char *n);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/sys/crypto/sodium/export.h b/sys/crypto/sodium/export.h
new file mode 100644
index 00000000000..0f624ae3c50
--- /dev/null
+++ b/sys/crypto/sodium/export.h
@@ -0,0 +1,53 @@
+
+#ifndef sodium_export_H
+#define sodium_export_H
+
+#ifndef __GNUC__
+# ifdef __attribute__
+# undef __attribute__
+# endif
+# define __attribute__(a)
+#endif
+
+#ifdef SODIUM_STATIC
+# define SODIUM_EXPORT
+# define SODIUM_EXPORT_WEAK
+#else
+# if defined(_MSC_VER)
+# ifdef SODIUM_DLL_EXPORT
+# define SODIUM_EXPORT __declspec(dllexport)
+# else
+# define SODIUM_EXPORT __declspec(dllimport)
+# endif
+# else
+# if defined(__SUNPRO_C)
+# ifndef __GNU_C__
+# define SODIUM_EXPORT __attribute__ (visibility(__global))
+# else
+# define SODIUM_EXPORT __attribute__ __global
+# endif
+# elif defined(_MSG_VER)
+# define SODIUM_EXPORT extern __declspec(dllexport)
+# else
+# define SODIUM_EXPORT __attribute__ ((visibility ("default")))
+# endif
+# endif
+# if defined(__ELF__) && !defined(SODIUM_DISABLE_WEAK_FUNCTIONS)
+# define SODIUM_EXPORT_WEAK SODIUM_EXPORT __attribute__((weak))
+# else
+# define SODIUM_EXPORT_WEAK SODIUM_EXPORT
+# endif
+#endif
+
+#ifndef CRYPTO_ALIGN
+# if defined(__INTEL_COMPILER) || defined(_MSC_VER)
+# define CRYPTO_ALIGN(x) __declspec(align(x))
+# else
+# define CRYPTO_ALIGN(x) __attribute__ ((aligned(x)))
+# endif
+#endif
+
+#define SODIUM_MIN(A, B) ((A) < (B) ? (A) : (B))
+#define SODIUM_SIZE_MAX SODIUM_MIN(UINT64_MAX, SIZE_MAX)
+
+#endif
diff --git a/sys/crypto/sodium/files.sodium b/sys/crypto/sodium/files.sodium
new file mode 100644
index 00000000000..6ea8d600ad1
--- /dev/null
+++ b/sys/crypto/sodium/files.sodium
@@ -0,0 +1,3 @@
+# $NetBSD$
+
+include "external/isc/libsodium/conf/files.libsodium"
diff --git a/sys/external/cc0/libb2/conf/files.blake2s b/sys/external/cc0/libb2/conf/files.blake2s
new file mode 100644
index 00000000000..45728fe730d
--- /dev/null
+++ b/sys/external/cc0/libb2/conf/files.blake2s
@@ -0,0 +1,9 @@
+# $NetBSD$
+
+#defflag BLAKE2S
+
+define blake2s
+#makeoptions blake2s CPPFLAGS+="-I$S/external/cc0/libb2/include -Wno-cast-qual -DSUFFIX="
+makeoptions blake2s "CPPFLAGS.blake2s-ref.c"+="-I$S/external/cc0/libb2/include -Wno-cast-qual -DSUFFIX="
+
+file external/cc0/libb2/dist/src/blake2s-ref.c
diff --git a/sys/external/cc0/libb2/include/config.h b/sys/external/cc0/libb2/include/config.h
new file mode 100644
index 00000000000..47eccb3e751
--- /dev/null
+++ b/sys/external/cc0/libb2/include/config.h
@@ -0,0 +1,149 @@
+/* src/config.h. Generated from config.h.in by configure. */
+/* src/config.h.in. Generated from configure.ac by autoheader. */
+
+/* Define if pointers to integers require aligned access */
+/* #undef HAVE_ALIGNED_ACCESS_REQUIRED */
+
+/* Support Altivec instructions */
+/* #undef HAVE_ALTIVEC */
+
+/* Support AVX (Advanced Vector Extensions) instructions */
+/* #undef HAVE_AVX */
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#define HAVE_DLFCN_H 1
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#define HAVE_INTTYPES_H 1
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the `memset' function. */
+#define HAVE_MEMSET 1
+
+/* Support mmx instructions */
+/* #undef HAVE_MMX */
+
+/* Support SSE (Streaming SIMD Extensions) instructions */
+/* #undef HAVE_SSE */
+
+/* Support SSE2 (Streaming SIMD Extensions 2) instructions */
+/* #undef HAVE_SSE2 */
+
+/* Support SSE3 (Streaming SIMD Extensions 3) instructions */
+/* #undef HAVE_SSE3 */
+
+/* Support SSSE4.1 (Streaming SIMD Extensions 4.1) instructions */
+/* #undef HAVE_SSE4_1 */
+
+/* Support SSSE4.2 (Streaming SIMD Extensions 4.2) instructions */
+/* #undef HAVE_SSE4_2 */
+
+/* Support SSSE3 (Supplemental Streaming SIMD Extensions 3) instructions */
+/* #undef HAVE_SSSE3 */
+
+/* Define to 1 if you have the <stddef.h> header file. */
+#define HAVE_STDDEF_H 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#define HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define to the sub-directory where libtool stores uninstalled libraries. */
+#define LT_OBJDIR ".libs/"
+
+/* machine is little-endian */
+#define NATIVE_LITTLE_ENDIAN 1
+
+/* Name of package */
+#define PACKAGE "libb2"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT "contact@blake2.net"
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "libb2"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "libb2 0.98"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "libb2"
+
+/* Define to the home page for this package. */
+#define PACKAGE_URL "https://blake2.net"
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "0.98"
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* Version number of package */
+#define VERSION "0.98"
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+ significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+# define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+/* # undef WORDS_BIGENDIAN */
+# endif
+#endif
+
+/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
+ <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+ #define below would cause a syntax error. */
+/* #undef _UINT32_T */
+
+/* Define for Solaris 2.5.1 so the uint64_t typedef from <sys/synch.h>,
+ <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+ #define below would cause a syntax error. */
+/* #undef _UINT64_T */
+
+/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
+ <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+ #define below would cause a syntax error. */
+/* #undef _UINT8_T */
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+ calls it, or to nothing if 'inline' is not supported under any name. */
+#ifndef __cplusplus
+/* #undef inline */
+#endif
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+/* #undef size_t */
+
+/* Define to the type of an unsigned integer type of width exactly 32 bits if
+ such a type exists and the standard includes do not define it. */
+/* #undef uint32_t */
+
+/* Define to the type of an unsigned integer type of width exactly 64 bits if
+ such a type exists and the standard includes do not define it. */
+/* #undef uint64_t */
+
+/* Define to the type of an unsigned integer type of width exactly 8 bits if
+ such a type exists and the standard includes do not define it. */
+/* #undef uint8_t */
diff --git a/sys/external/cc0/libb2/include/stddef.h b/sys/external/cc0/libb2/include/stddef.h
new file mode 100644
index 00000000000..c2a43e74385
--- /dev/null
+++ b/sys/external/cc0/libb2/include/stddef.h
@@ -0,0 +1,6 @@
+#ifdef _KERNEL
+#include <sys/cdefs.h>
+#include <sys/param.h>
+#include <sys/types.h>
+#endif
+
diff --git a/sys/external/cc0/libb2/include/stdint.h b/sys/external/cc0/libb2/include/stdint.h
new file mode 100644
index 00000000000..7816f2c1c7b
--- /dev/null
+++ b/sys/external/cc0/libb2/include/stdint.h
@@ -0,0 +1,4 @@
+#ifdef _KERNEL
+#include <sys/cdefs.h>
+#include <sys/null.h>
+#endif
diff --git a/sys/external/cc0/libb2/include/stdio.h b/sys/external/cc0/libb2/include/stdio.h
new file mode 100644
index 00000000000..06102cdccec
--- /dev/null
+++ b/sys/external/cc0/libb2/include/stdio.h
@@ -0,0 +1,7 @@
+#ifdef _KERNEL
+#include <sys/cdefs.h>
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/null.h>
+
+#endif
diff --git a/sys/external/cc0/libb2/include/string.h b/sys/external/cc0/libb2/include/string.h
new file mode 100644
index 00000000000..88fb59f579f
--- /dev/null
+++ b/sys/external/cc0/libb2/include/string.h
@@ -0,0 +1,9 @@
+#ifdef _KERNEL
+#include <sys/cdefs.h>
+#include <sys/types.h>
+
+extern void *memset(void *, int, size_t);
+extern void *memcpy(void * restrict, const void * restrict, size_t);
+extern void *memmove(void *, const void *, size_t);
+
+#endif
diff --git a/sys/external/isc/libsodium/conf/files.libsodium b/sys/external/isc/libsodium/conf/files.libsodium
new file mode 100644
index 00000000000..54031a27020
--- /dev/null
+++ b/sys/external/isc/libsodium/conf/files.libsodium
@@ -0,0 +1,34 @@
+defflag LIBSODIUM
+
+define libsodium
+makeoptions libsodium SODIUM_CPPFLAGS+="-I$S/external/isc/libsodium/include"
+makeoptions libsodium SODIUM_CPPFLAGS+="-I$S/external/isc/libsodium/dist/src/libsodium/include/sodium"
+makeoptions libsodium SODIUM_CPPFLAGS+="-Wno-unused-function -Wno-unused-variable -DHAVE_TI_MODE"
+
+makeoptions libsodium "CPPFLAGS.x25519_ref10.c"+="${SODIUM_CPPFLAGS}"
+makeoptions libsodium "CPPFLAGS.scalarmult_curve25519.c"+="${SODIUM_CPPFLAGS}"
+makeoptions libsodium "CPPFLAGS.crypto_scalarmult.c"+="${SODIUM_CPPFLAGS}"
+makeoptions libsodium "CPPFLAGS.poly1305_donna.c"+="${SODIUM_CPPFLAGS}"
+makeoptions libsodium "CPPFLAGS.onetimeauth_poly1305.c"+="${SODIUM_CPPFLAGS}"
+makeoptions libsodium "CPPFLAGS.crypto_onetimeauth.c"+="${SODIUM_CPPFLAGS}"
+makeoptions libsodium "CPPFLAGS.chacha20_ref.c"+="${SODIUM_CPPFLAGS}"
+makeoptions libsodium "CPPFLAGS.stream_chacha20.c"+="${SODIUM_CPPFLAGS}"
+makeoptions libsodium "CPPFLAGS.aead_xchacha20poly1305.c"+="${SODIUM_CPPFLAGS}"
+makeoptions libsodium "CPPFLAGS.aead_chacha20poly1305.c"+="${SODIUM_CPPFLAGS}"
+makeoptions libsodium "CPPFLAGS.core_hchacha20.c"+="${SODIUM_CPPFLAGS}"
+makeoptions libsodium "CPPFLAGS.ed25519_ref10.c"+="${SODIUM_CPPFLAGS}"
+
+file external/isc/libsodium/src/glue.c libsodium
+
+file external/isc/libsodium/dist/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c libsodium
+file external/isc/libsodium/dist/src/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519.c libsodium
+file external/isc/libsodium/dist/src/libsodium/crypto_scalarmult/crypto_scalarmult.c libsodium
+file external/isc/libsodium/dist/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.c libsodium
+file external/isc/libsodium/dist/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c libsodium
+file external/isc/libsodium/dist/src/libsodium/crypto_onetimeauth/crypto_onetimeauth.c libsodium
+file external/isc/libsodium/dist/src/libsodium/crypto_stream/chacha20/ref/chacha20_ref.c libsodium
+file external/isc/libsodium/dist/src/libsodium/crypto_stream/chacha20/stream_chacha20.c libsodium
+file external/isc/libsodium/dist/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c libsodium
+file external/isc/libsodium/dist/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c libsodium
+file external/isc/libsodium/dist/src/libsodium/crypto_core/hchacha20/core_hchacha20.c libsodium
+file external/isc/libsodium/dist/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c libsodium
diff --git a/sys/external/isc/libsodium/include/assert.h b/sys/external/isc/libsodium/include/assert.h
new file mode 100644
index 00000000000..a37da9764e4
--- /dev/null
+++ b/sys/external/isc/libsodium/include/assert.h
@@ -0,0 +1,3 @@
+#include <sys/cdefs.h>
+#include <sys/param.h>
+#include <sys/systm.h>
diff --git a/sys/external/isc/libsodium/include/core.h b/sys/external/isc/libsodium/include/core.h
new file mode 100644
index 00000000000..fecef436e11
--- /dev/null
+++ b/sys/external/isc/libsodium/include/core.h
@@ -0,0 +1,12 @@
+/* This overwrites dist/src/libsodium/include/sodium/core.h */
+
+#include "../dist/src/libsodium/include/sodium/export.h"
+#define sodium_misuse() panic("sodium_misuse")
+
+#ifdef __x86_64__
+/* From Makefile generated by libsodium/configure on NetBSD/amd64 */
+#define HAVE_AMD64_ASM 1
+//#define HAVE_AVX_ASM 1
+#define HAVE_CPUID 1
+//#define HAVE_TI_MODE 1
+#endif
diff --git a/sys/external/isc/libsodium/include/crypto_verify_16.h b/sys/external/isc/libsodium/include/crypto_verify_16.h
new file mode 100644
index 00000000000..560017f64cf
--- /dev/null
+++ b/sys/external/isc/libsodium/include/crypto_verify_16.h
@@ -0,0 +1,9 @@
+/* This overwrites dist/src/libsodium/include/sodium/crypto_verify_16.h */
+
+/* dummy */
+static inline int
+crypto_verify_16(const unsigned char *x, const unsigned char *y)
+{
+
+ return 0;
+}
diff --git a/sys/external/isc/libsodium/include/errno.h b/sys/external/isc/libsodium/include/errno.h
new file mode 100644
index 00000000000..6ea901233e3
--- /dev/null
+++ b/sys/external/isc/libsodium/include/errno.h
@@ -0,0 +1,6 @@
+#include <sys/cdefs.h>
+#include <sys/errno.h>
+
+#define errno libsodium_errno
+
+extern int libsodium_errno;
diff --git a/sys/external/isc/libsodium/include/fcntl.h b/sys/external/isc/libsodium/include/fcntl.h
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/sys/external/isc/libsodium/include/limits.h b/sys/external/isc/libsodium/include/limits.h
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/sys/external/isc/libsodium/include/randombytes.h b/sys/external/isc/libsodium/include/randombytes.h
new file mode 100644
index 00000000000..22de14d66da
--- /dev/null
+++ b/sys/external/isc/libsodium/include/randombytes.h
@@ -0,0 +1,14 @@
+/* This overwrites dist/src/libsodium/include/sodium/randombytes.h */
+
+static inline void
+randombytes_buf(void * const buf, const size_t size)
+{
+
+ extern size_t cprng_fast(void *, size_t);
+ cprng_fast(buf, size);
+}
+
+static inline void
+randombytes_stir(void)
+{
+}
diff --git a/sys/external/isc/libsodium/include/signal.h b/sys/external/isc/libsodium/include/signal.h
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/sys/external/isc/libsodium/include/stddef.h b/sys/external/isc/libsodium/include/stddef.h
new file mode 100644
index 00000000000..8d12726645e
--- /dev/null
+++ b/sys/external/isc/libsodium/include/stddef.h
@@ -0,0 +1,3 @@
+#include <sys/cdefs.h>
+#include <sys/param.h>
+#include <sys/types.h>
diff --git a/sys/external/isc/libsodium/include/stdint.h b/sys/external/isc/libsodium/include/stdint.h
new file mode 100644
index 00000000000..d9b924292ec
--- /dev/null
+++ b/sys/external/isc/libsodium/include/stdint.h
@@ -0,0 +1,2 @@
+#include <sys/cdefs.h>
+#include <sys/null.h>
diff --git a/sys/external/isc/libsodium/include/stdio.h b/sys/external/isc/libsodium/include/stdio.h
new file mode 100644
index 00000000000..c2c2d8c73a9
--- /dev/null
+++ b/sys/external/isc/libsodium/include/stdio.h
@@ -0,0 +1,4 @@
+#include <sys/cdefs.h>
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/null.h>
diff --git a/sys/external/isc/libsodium/include/stdlib.h b/sys/external/isc/libsodium/include/stdlib.h
new file mode 100644
index 00000000000..580b647b1e7
--- /dev/null
+++ b/sys/external/isc/libsodium/include/stdlib.h
@@ -0,0 +1,8 @@
+#include <sys/cdefs.h>
+#include <sys/malloc.h>
+#undef malloc
+#undef free
+#define malloc(size) kern_malloc(size, 0)
+#define free(addr) kern_free(addr)
+
+#define abort() panic("abort")
diff --git a/sys/external/isc/libsodium/include/string.h b/sys/external/isc/libsodium/include/string.h
new file mode 100644
index 00000000000..c6964061aef
--- /dev/null
+++ b/sys/external/isc/libsodium/include/string.h
@@ -0,0 +1,6 @@
+#include <sys/cdefs.h>
+#include <sys/types.h>
+
+extern void *memset(void *, int, size_t);
+extern void *memcpy(void * restrict, const void * restrict, size_t);
+extern void *memmove(void *, const void *, size_t);
diff --git a/sys/external/isc/libsodium/include/time.h b/sys/external/isc/libsodium/include/time.h
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/sys/external/isc/libsodium/include/unistd.h b/sys/external/isc/libsodium/include/unistd.h
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/sys/external/isc/libsodium/include/utils.h b/sys/external/isc/libsodium/include/utils.h
new file mode 100644
index 00000000000..0a1883f1aca
--- /dev/null
+++ b/sys/external/isc/libsodium/include/utils.h
@@ -0,0 +1,27 @@
+#ifndef __SODIUM_UTILS_H__
+#define __SODIUM_UTILS_H__
+
+/* This overwrites dist/src/libsodium/include/sodium/utils.h */
+
+#define SODIUM_C99(X) X
+
+static inline void
+sodium_memzero(void *const pnt, const size_t len)
+{
+
+ explicit_memset(pnt, 0, len);
+}
+
+/* Just copied from dist/src/libsodium/sodium/utils.c */
+static inline int
+sodium_is_zero(const unsigned char *n, const size_t nlen)
+{
+ size_t i;
+ volatile unsigned char d = 0U;
+
+ for (i = 0U; i < nlen; i++) {
+ d |= n[i];
+ }
+ return 1 & ((d - 1) >> 8);
+}
+#endif /* __SODIUM_UTILS_H__ */
diff --git a/sys/external/isc/libsodium/src/glue.c b/sys/external/isc/libsodium/src/glue.c
new file mode 100644
index 00000000000..4257991503b
--- /dev/null
+++ b/sys/external/isc/libsodium/src/glue.c
@@ -0,0 +1 @@
+int libsodium_errno;
diff --git a/sys/rump/kern/lib/libcrypto/Makefile b/sys/rump/kern/lib/libcrypto/Makefile
index c78a6f79b25..a5dbaa35e19 100644
--- a/sys/rump/kern/lib/libcrypto/Makefile
+++ b/sys/rump/kern/lib/libcrypto/Makefile
@@ -1,13 +1,29 @@
# $NetBSD: Makefile,v 1.4 2015/10/19 16:16:37 pooka Exp $
#
+SODIUM_IMPORTDIR=${.CURDIR}/../../../../external/isc/libsodium
+SODIUM_DIR=${.CURDIR}/../../../../external/isc/libsodium/dist/src/libsodium
+
.PATH: ${.CURDIR}/../../../../crypto/arc4 \
${.CURDIR}/../../../../crypto/blowfish \
${.CURDIR}/../../../../crypto/camellia \
${.CURDIR}/../../../../crypto/cast128 \
${.CURDIR}/../../../../crypto/des \
${.CURDIR}/../../../../crypto/rijndael \
- ${.CURDIR}/../../../../crypto/skipjack
+ ${.CURDIR}/../../../../crypto/skipjack \
+ ${.CURDIR}/../../../../external/cc0/libb2/dist/src \
+ ${SODIUM_DIR}/crypto_scalarmult/curve25519/ref10 \
+ ${SODIUM_DIR}/crypto_scalarmult/curve25519 \
+ ${SODIUM_DIR}/crypto_scalarmult \
+ ${SODIUM_DIR}/crypto_onetimeauth/poly1305/donna \
+ ${SODIUM_DIR}/crypto_onetimeauth/poly1305 \
+ ${SODIUM_DIR}/crypto_onetimeauth \
+ ${SODIUM_DIR}/crypto_stream/chacha20/ref \
+ ${SODIUM_DIR}/crypto_stream/chacha20 \
+ ${SODIUM_DIR}/crypto_aead/xchacha20poly1305/sodium \
+ ${SODIUM_DIR}/crypto_aead/chacha20poly1305/sodium \
+ ${SODIUM_DIR}/crypto_core/hchacha20 \
+ ${SODIUM_DIR}/crypto_core/ed25519/ref10
LIB= rumpkern_crypto
COMMENT=Cryptographic routines
@@ -34,5 +50,35 @@ SRCS+= des_ecb.c des_setkey.c des_enc.c des_cbc.c des_module.c
# skipjack
SRCS+= skipjack.c
+# BLAKE2
+SRCS+= blake2s-ref.c
+CPPFLAGS.blake2s-ref.c+= -I${.CURDIR}/../../../../external/cc0/libb2/include \
+ -Wno-cast-qual -DSUFFIX=
+
+# Various cryptography functions
+SODIUM_CPPFLAGS=
+SODIUM_CPPFLAGS+= -I${SODIUM_IMPORTDIR}/include
+SODIUM_CPPFLAGS+= -I${SODIUM_IMPORTDIR}/dist/src/libsodium/include/sodium
+SODIUM_CPPFLAGS+= -Wno-unused-function -Wno-unused-variable -DHAVE_TI_MODE
+
+CPPFLAGS.x25519_ref10.c+= ${SODIUM_CPPFLAGS}
+CPPFLAGS.scalarmult_curve25519.c+= ${SODIUM_CPPFLAGS}
+CPPFLAGS.crypto_scalarmult.c+= ${SODIUM_CPPFLAGS}
+CPPFLAGS.poly1305_donna.c+= ${SODIUM_CPPFLAGS}
+CPPFLAGS.onetimeauth_poly1305.c+= ${SODIUM_CPPFLAGS}
+CPPFLAGS.crypto_onetimeauth.c+= ${SODIUM_CPPFLAGS}
+CPPFLAGS.chacha20_ref.c+= ${SODIUM_CPPFLAGS}
+CPPFLAGS.stream_chacha20.c+= ${SODIUM_CPPFLAGS}
+CPPFLAGS.aead_xchacha20poly1305.c+= ${SODIUM_CPPFLAGS}
+CPPFLAGS.aead_chacha20poly1305.c+= ${SODIUM_CPPFLAGS}
+CPPFLAGS.core_hchacha20.c+= ${SODIUM_CPPFLAGS}
+CPPFLAGS.ed25519_ref10.c+= ${SODIUM_CPPFLAGS}
+
+SRCS+= x25519_ref10.c scalarmult_curve25519.c crypto_scalarmult.c
+SRCS+= poly1305_donna.c onetimeauth_poly1305.c
+SRCS+= crypto_onetimeauth.c chacha20_ref.c stream_chacha20.c
+SRCS+= aead_xchacha20poly1305.c aead_chacha20poly1305.c
+SRCS+= core_hchacha20.c ed25519_ref10.c
+
.include <bsd.lib.mk>
.include <bsd.klinks.mk>