Crypto related cleanups.

Moved Bunch of functions from net_crypto to crypto_core. decrypt_data_fast and decrypt_data_symmetric were the same thing therefore, removed decrypt_data_fast. Replaced all the crypto_secretbox_* defines with the equivalent crypto_box_* one. New define: crypto_box_KEYBYTES that is equal to crypto_box_BEFORENMBYTES.
2024-03-22 13:30:51 +08:00 · 2014-04-21 16:51:36 -04:00 · 2014-04-21 16:51:36 -04:00 · 9c6a8432ce
commit 9c6a8432ce
parent 1603ca974e
31 changed files with 377 additions and 532 deletions
--- a/auto_tests/TCP_test.c
+++ b/auto_tests/TCP_test.c
@ -89,7 +89,7 @@ START_TEST(test_basic)
    uint8_t r_req[2 + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES];
    uint16_t size = 1 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES;
    size = htons(size);
-    ret = encrypt_data_fast(f_shared_key, f_nonce, r_req_p, 1 + crypto_box_PUBLICKEYBYTES, r_req + 2);
+    ret = encrypt_data_symmetric(f_shared_key, f_nonce, r_req_p, 1 + crypto_box_PUBLICKEYBYTES, r_req + 2);
    increment_nonce(f_nonce);
    memcpy(r_req, &size, 2);
    uint32_t i;
@ -110,7 +110,7 @@ START_TEST(test_basic)
    memcpy(&size, packet_resp, 2);
    ck_assert_msg(ntohs(size) == 2 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES, "Wrong packet size.");
    uint8_t packet_resp_plain[4096];
-    ret = decrypt_data_fast(f_shared_key, f_nonce_r, packet_resp + 2, recv_data_len - 2, packet_resp_plain);
+    ret = decrypt_data_symmetric(f_shared_key, f_nonce_r, packet_resp + 2, recv_data_len - 2, packet_resp_plain);
    ck_assert_msg(ret != -1, "decryption failed");
    increment_nonce(f_nonce_r);
    ck_assert_msg(packet_resp_plain[0] == 1, "wrong packet id %u", packet_resp_plain[0]);
@ -179,7 +179,7 @@ int write_packet_TCP_secure_connection(struct sec_TCP_con *con, uint8_t *data, u
    uint16_t c_length = htons(length + crypto_box_MACBYTES);
    memcpy(packet, &c_length, sizeof(uint16_t));
-    int len = encrypt_data_fast(con->shared_key, con->sent_nonce, data, length, packet + sizeof(uint16_t));
+    int len = encrypt_data_symmetric(con->shared_key, con->sent_nonce, data, length, packet + sizeof(uint16_t));
    if ((unsigned int)len != (sizeof(packet) - sizeof(uint16_t)))
        return -1;
@ -194,7 +194,7 @@ int read_packet_sec_TCP(struct sec_TCP_con *con, uint8_t *data, uint16_t length)
 {
    int len;
    ck_assert_msg((len = recv(con->sock, data, length, 0)) == length, "wrong len %i\n", len);
-    ck_assert_msg((len = decrypt_data_fast(con->shared_key, con->recv_nonce, data + 2, length - 2, data)) != -1,
+    ck_assert_msg((len = decrypt_data_symmetric(con->shared_key, con->recv_nonce, data + 2, length - 2, data)) != -1,
                  "Decrypt failed");
    increment_nonce(con->recv_nonce);
    return len;
--- a/auto_tests/crypto_test.c
+++ b/auto_tests/crypto_test.c
@ -126,12 +126,12 @@ START_TEST(test_fast_known)
    ck_assert_msg(sizeof(test_c) == sizeof(c), "sanity check failed");
    ck_assert_msg(sizeof(test_m) == sizeof(m), "sanity check failed");
-    clen = encrypt_data_fast(k, nonce, test_m, sizeof(test_m) / sizeof(unsigned char), c);
+    clen = encrypt_data_symmetric(k, nonce, test_m, sizeof(test_m) / sizeof(unsigned char), c);
    ck_assert_msg(memcmp(test_c, c, sizeof(c)) == 0, "cyphertext doesn't match test vector");
    ck_assert_msg(clen == sizeof(c) / sizeof(unsigned char), "wrong ciphertext length");
-    mlen = decrypt_data_fast(k, nonce, test_c, sizeof(test_c) / sizeof(unsigned char), m);
+    mlen = decrypt_data_symmetric(k, nonce, test_c, sizeof(test_c) / sizeof(unsigned char), m);
    ck_assert_msg(memcmp(test_m, m, sizeof(m)) == 0, "decrypted text doesn't match test vector");
    ck_assert_msg(mlen == sizeof(m) / sizeof(unsigned char), "wrong plaintext length");
@ -186,8 +186,8 @@ START_TEST(test_endtoend)
        //Encrypt all four ways
        c1len = encrypt_data(pk2, sk1, n, m, mlen, c1);
        c2len = encrypt_data(pk1, sk2, n, m, mlen, c2);
-        c3len = encrypt_data_fast(k1, n, m, mlen, c3);
+        c3len = encrypt_data_symmetric(k1, n, m, mlen, c3);
-        c4len = encrypt_data_fast(k2, n, m, mlen, c4);
+        c4len = encrypt_data_symmetric(k2, n, m, mlen, c4);
        ck_assert_msg(c1len == c2len && c1len == c3len && c1len == c4len, "cyphertext lengths differ");
        ck_assert_msg(c1len == mlen + (int)crypto_box_MACBYTES, "wrong cyphertext length");
@ -197,8 +197,8 @@ START_TEST(test_endtoend)
        //Decrypt all four ways
        m1len = decrypt_data(pk2, sk1, n, c1, c1len, m1);
        m2len = decrypt_data(pk1, sk2, n, c1, c1len, m2);
-        m3len = decrypt_data_fast(k1, n, c1, c1len, m3);
+        m3len = decrypt_data_symmetric(k1, n, c1, c1len, m3);
-        m4len = decrypt_data_fast(k2, n, c1, c1len, m4);
+        m4len = decrypt_data_symmetric(k2, n, c1, c1len, m4);
        ck_assert_msg(m1len == m2len && m1len == m3len && m1len == m4len, "decrypted text lengths differ");
        ck_assert_msg(m1len == mlen, "wrong decrypted text length");
@ -233,13 +233,13 @@ START_TEST(test_large_data)
    //Generate key
    rand_bytes(k, crypto_box_BEFORENMBYTES);
-    c1len = encrypt_data_fast(k, n, m1, sizeof(m1), c1);
+    c1len = encrypt_data_symmetric(k, n, m1, sizeof(m1), c1);
-    c2len = encrypt_data_fast(k, n, m2, sizeof(m2), c2);
+    c2len = encrypt_data_symmetric(k, n, m2, sizeof(m2), c2);
    ck_assert_msg(c1len == sizeof(m1) + crypto_box_MACBYTES, "could not encrypt max size");
    ck_assert_msg(c2len == -1, "incorrectly succeeded encrypting massive size");
-    m1plen = decrypt_data_fast(k, n, c1, c1len, m1prime);
+    m1plen = decrypt_data_symmetric(k, n, c1, c1len, m1prime);
    ck_assert_msg(m1plen == sizeof(m1), "decrypted text lengths differ");
    ck_assert_msg(memcmp(m1prime, m1, sizeof(m1)) == 0, "decrypted texts differ");
@ -248,9 +248,9 @@ END_TEST
 START_TEST(test_large_data_symmetric)
 {
-    unsigned char k[crypto_secretbox_KEYBYTES];
+    unsigned char k[crypto_box_KEYBYTES];
-    unsigned char n[crypto_secretbox_NONCEBYTES];
+    unsigned char n[crypto_box_NONCEBYTES];
    unsigned char m1[16 * 16 * 16];
    unsigned char c1[sizeof(m1) + crypto_box_MACBYTES];
--- a/testing/crypto_speed_test.c
+++ b/testing/crypto_speed_test.c
@ -97,8 +97,8 @@ int main(int argc, char *argv[])
    starttime = get_time();
    for (trialno = 0; trialno < numtrials; trialno++) {
-        encrypt_data_fast(k1, n, m, sizeof(m), c);
+        encrypt_data_symmetric(k1, n, m, sizeof(m), c);
-        decrypt_data_fast(k2, n, c, sizeof(c), m);
+        decrypt_data_symmetric(k2, n, c, sizeof(c), m);
    }
    endtime = get_time();
--- a/toxav/msi.c
+++ b/toxav/msi.c
@ -932,11 +932,11 @@ int handle_recv_start ( MSISession *session, MSIMessage *msg )
    session->call->state = call_active;
-    session->call->key_peer = calloc ( sizeof ( uint8_t ), crypto_secretbox_KEYBYTES );
+    session->call->key_peer = calloc ( sizeof ( uint8_t ), crypto_box_KEYBYTES );
-    memcpy ( session->call->key_peer, msg->cryptokey.header_value, crypto_secretbox_KEYBYTES );
+    memcpy ( session->call->key_peer, msg->cryptokey.header_value, crypto_box_KEYBYTES );
-    session->call->nonce_peer = calloc ( sizeof ( uint8_t ), crypto_secretbox_NONCEBYTES );
+    session->call->nonce_peer = calloc ( sizeof ( uint8_t ), crypto_box_NONCEBYTES );
-    memcpy ( session->call->nonce_peer, msg->nonce.header_value,  crypto_secretbox_NONCEBYTES );
+    memcpy ( session->call->nonce_peer, msg->nonce.header_value,  crypto_box_NONCEBYTES );
    flush_peer_type ( session, msg, 0 );
@ -1030,24 +1030,24 @@ int handle_recv_starting ( MSISession *session, MSIMessage *msg )
    }
    /* Generate local key/nonce to send */
-    session->call->key_local = calloc ( sizeof ( uint8_t ), crypto_secretbox_KEYBYTES );
+    session->call->key_local = calloc ( sizeof ( uint8_t ), crypto_box_KEYBYTES );
    new_symmetric_key ( session->call->key_local );
-    session->call->nonce_local = calloc ( sizeof ( uint8_t ), crypto_secretbox_NONCEBYTES );
+    session->call->nonce_local = calloc ( sizeof ( uint8_t ), crypto_box_NONCEBYTES );
    new_nonce ( session->call->nonce_local );
    /* Save peer key/nonce */
-    session->call->key_peer = calloc ( sizeof ( uint8_t ), crypto_secretbox_KEYBYTES );
+    session->call->key_peer = calloc ( sizeof ( uint8_t ), crypto_box_KEYBYTES );
-    memcpy ( session->call->key_peer, msg->cryptokey.header_value, crypto_secretbox_KEYBYTES );
+    memcpy ( session->call->key_peer, msg->cryptokey.header_value, crypto_box_KEYBYTES );
-    session->call->nonce_peer = calloc ( sizeof ( uint8_t ), crypto_secretbox_NONCEBYTES );
+    session->call->nonce_peer = calloc ( sizeof ( uint8_t ), crypto_box_NONCEBYTES );
-    memcpy ( session->call->nonce_peer, msg->nonce.header_value,  crypto_secretbox_NONCEBYTES );
+    memcpy ( session->call->nonce_peer, msg->nonce.header_value,  crypto_box_NONCEBYTES );
    session->call->state = call_active;
    MSIMessage *_msg_start = msi_new_message ( TYPE_REQUEST, stringify_request ( start ) );
-    msi_msg_set_cryptokey ( _msg_start, session->call->key_local, crypto_secretbox_KEYBYTES );
+    msi_msg_set_cryptokey ( _msg_start, session->call->key_local, crypto_box_KEYBYTES );
-    msi_msg_set_nonce ( _msg_start, session->call->nonce_local, crypto_secretbox_NONCEBYTES );
+    msi_msg_set_nonce ( _msg_start, session->call->nonce_local, crypto_box_NONCEBYTES );
    send_message ( session, _msg_start, msg->friend_id );
    free_message ( _msg_start );
@ -1402,14 +1402,14 @@ int msi_answer ( MSISession *session, MSICallType call_type )
    /* Now set the local encryption key and pass it with STARTING message */
-    session->call->key_local = calloc ( sizeof ( uint8_t ), crypto_secretbox_KEYBYTES );
+    session->call->key_local = calloc ( sizeof ( uint8_t ), crypto_box_KEYBYTES );
    new_symmetric_key ( session->call->key_local );
-    session->call->nonce_local = calloc ( sizeof ( uint8_t ), crypto_secretbox_NONCEBYTES );
+    session->call->nonce_local = calloc ( sizeof ( uint8_t ), crypto_box_NONCEBYTES );
    new_nonce ( session->call->nonce_local );
-    msi_msg_set_cryptokey ( _msg_starting, session->call->key_local, crypto_secretbox_KEYBYTES );
+    msi_msg_set_cryptokey ( _msg_starting, session->call->key_local, crypto_box_KEYBYTES );
-    msi_msg_set_nonce ( _msg_starting, session->call->nonce_local, crypto_secretbox_NONCEBYTES );
+    msi_msg_set_nonce ( _msg_starting, session->call->nonce_local, crypto_box_NONCEBYTES );
    send_message ( session, _msg_starting, session->call->peers[session->call->peer_count - 1] );
    free_message ( _msg_starting );
--- a/toxav/rtp.c
+++ b/toxav/rtp.c
@ -168,8 +168,8 @@ inline__ void increase_nonce(uint8_t *nonce, uint16_t target)
    uint16_t _nonce_counter;
    uint8_t _reverse_bytes[2];
-    _reverse_bytes[0] = nonce[crypto_secretbox_NONCEBYTES - 1];
+    _reverse_bytes[0] = nonce[crypto_box_NONCEBYTES - 1];
-    _reverse_bytes[1] = nonce[crypto_secretbox_NONCEBYTES - 2];
+    _reverse_bytes[1] = nonce[crypto_box_NONCEBYTES - 2];
    bytes_to_U16(&_nonce_counter, _reverse_bytes );
@ -177,8 +177,8 @@ inline__ void increase_nonce(uint8_t *nonce, uint16_t target)
    if (_nonce_counter > UINT16_MAX - target ) { /* 2 bytes are not long enough */
        uint8_t _it = 3;
-        while ( _it <= crypto_secretbox_NONCEBYTES ) _it += ++nonce[crypto_secretbox_NONCEBYTES - _it] ?
+        while ( _it <= crypto_box_NONCEBYTES ) _it += ++nonce[crypto_box_NONCEBYTES - _it] ?
-                    crypto_secretbox_NONCEBYTES : 1;
+                    crypto_box_NONCEBYTES : 1;
        _nonce_counter = _nonce_counter - (UINT16_MAX - target ); /* Assign the rest of it */
    } else { /* Increase nonce */
@ -189,8 +189,8 @@ inline__ void increase_nonce(uint8_t *nonce, uint16_t target)
    /* Assign the last bytes */
    U16_to_bytes( _reverse_bytes, _nonce_counter);
-    nonce [crypto_secretbox_NONCEBYTES - 1] = _reverse_bytes[0];
+    nonce [crypto_box_NONCEBYTES - 1] = _reverse_bytes[0];
-    nonce [crypto_secretbox_NONCEBYTES - 2] = _reverse_bytes[1];
+    nonce [crypto_box_NONCEBYTES - 2] = _reverse_bytes[1];
 }
@ -496,7 +496,7 @@ int rtp_handle_packet ( void *object, IP_Port ip_port, uint8_t *data, uint32_t l
    RTPSession *_session = object;
    RTPMessage *_msg;
-    if ( !_session || length < 13 + crypto_secretbox_MACBYTES) /* 12 is the minimum length for rtp + desc. byte */
+    if ( !_session || length < 13 + crypto_box_MACBYTES) /* 12 is the minimum length for rtp + desc. byte */
        return -1;
    uint8_t _plain[MAX_UDP_PACKET_SIZE];
@ -505,8 +505,8 @@ int rtp_handle_packet ( void *object, IP_Port ip_port, uint8_t *data, uint32_t l
    bytes_to_U16(&_sequnum, data + 1);
    /* Clculate the right nonce */
-    uint8_t _calculated[crypto_secretbox_NONCEBYTES];
+    uint8_t _calculated[crypto_box_NONCEBYTES];
-    memcpy(_calculated, _session->decrypt_nonce, crypto_secretbox_NONCEBYTES);
+    memcpy(_calculated, _session->decrypt_nonce, crypto_box_NONCEBYTES);
    increase_nonce ( _calculated, _sequnum );
    /* Decrypt message */
@ -536,8 +536,8 @@ int rtp_handle_packet ( void *object, IP_Port ip_port, uint8_t *data, uint32_t l
            if ( _decrypted_length == -1 ) return -1; /* This is just an error */
            /* A new cycle setting. */
-            memcpy(_session->nonce_cycle, _session->decrypt_nonce, crypto_secretbox_NONCEBYTES);
+            memcpy(_session->nonce_cycle, _session->decrypt_nonce, crypto_box_NONCEBYTES);
-            memcpy(_session->decrypt_nonce, _calculated, crypto_secretbox_NONCEBYTES);
+            memcpy(_session->decrypt_nonce, _calculated, crypto_box_NONCEBYTES);
        }
    }
@ -735,8 +735,8 @@ int rtp_send_msg ( RTPSession *session, Messenger *messenger, const uint8_t *dat
    _send_data[0] = session->prefix;
    /* Generate the right nonce */
-    uint8_t _calculated[crypto_secretbox_NONCEBYTES];
+    uint8_t _calculated[crypto_box_NONCEBYTES];
-    memcpy(_calculated, session->encrypt_nonce, crypto_secretbox_NONCEBYTES);
+    memcpy(_calculated, session->encrypt_nonce, crypto_box_NONCEBYTES);
    increase_nonce ( _calculated, msg->header->sequnum );
    /* Need to skip 2 bytes that are for sequnum */
@ -760,7 +760,7 @@ int rtp_send_msg ( RTPSession *session, Messenger *messenger, const uint8_t *dat
    /* Set sequ number */
    if ( session->sequnum >= MAX_SEQU_NUM ) {
        session->sequnum = 0;
-        memcpy(session->encrypt_nonce, _calculated, crypto_secretbox_NONCEBYTES);
+        memcpy(session->encrypt_nonce, _calculated, crypto_box_NONCEBYTES);
    } else {
        session->sequnum++;
    }
@ -850,16 +850,16 @@ RTPSession *rtp_init_session ( int            payload_type,
    _retu->decrypt_key = decrypt_key;
    /* Need to allocate new memory */
-    _retu->encrypt_nonce = calloc ( crypto_secretbox_NONCEBYTES, sizeof (uint8_t) );
+    _retu->encrypt_nonce = calloc ( crypto_box_NONCEBYTES, sizeof (uint8_t) );
    assert(_retu->encrypt_nonce);
-    _retu->decrypt_nonce = calloc ( crypto_secretbox_NONCEBYTES, sizeof (uint8_t) );
+    _retu->decrypt_nonce = calloc ( crypto_box_NONCEBYTES, sizeof (uint8_t) );
    assert(_retu->decrypt_nonce);
-    _retu->nonce_cycle   = calloc ( crypto_secretbox_NONCEBYTES, sizeof (uint8_t) );
+    _retu->nonce_cycle   = calloc ( crypto_box_NONCEBYTES, sizeof (uint8_t) );
    assert(_retu->nonce_cycle);
-    memcpy(_retu->encrypt_nonce, encrypt_nonce, crypto_secretbox_NONCEBYTES);
+    memcpy(_retu->encrypt_nonce, encrypt_nonce, crypto_box_NONCEBYTES);
-    memcpy(_retu->decrypt_nonce, decrypt_nonce, crypto_secretbox_NONCEBYTES);
+    memcpy(_retu->decrypt_nonce, decrypt_nonce, crypto_box_NONCEBYTES);
-    memcpy(_retu->nonce_cycle  , decrypt_nonce, crypto_secretbox_NONCEBYTES);
+    memcpy(_retu->nonce_cycle  , decrypt_nonce, crypto_box_NONCEBYTES);
    _retu->csrc = calloc(1, sizeof (uint32_t));
    assert(_retu->csrc);
--- a/toxcore/DHT.c
+++ b/toxcore/DHT.c
@ -925,7 +925,7 @@ end:
    return 0;
 }
-#define NODES_ENCRYPTED_MESSAGE_LENGTH (crypto_secretbox_NONCEBYTES + sizeof(uint64_t) + sizeof(Node_format) + sizeof(Node_format) + crypto_secretbox_MACBYTES)
+#define NODES_ENCRYPTED_MESSAGE_LENGTH (crypto_box_NONCEBYTES + sizeof(uint64_t) + sizeof(Node_format) + sizeof(Node_format) + crypto_box_MACBYTES)
 /* Send a getnodes request.
   sendback_node is the node that it will send back the response to (set to NULL to disable this) */
@ -958,9 +958,9 @@ static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cli
                                       nonce,
                                       plain_message,
                                       sizeof(temp_time) + sizeof(reciever) + sizeof(Node_format),
-                                       encrypted_message + crypto_secretbox_NONCEBYTES);
+                                       encrypted_message + crypto_box_NONCEBYTES);
-    if (len_m != NODES_ENCRYPTED_MESSAGE_LENGTH - crypto_secretbox_NONCEBYTES)
+    if (len_m != NODES_ENCRYPTED_MESSAGE_LENGTH - crypto_box_NONCEBYTES)
        return -1;
    uint8_t data[1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES];
@ -973,7 +973,7 @@ static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cli
    uint8_t shared_key[crypto_box_BEFORENMBYTES];
    DHT_get_shared_key_sent(dht, shared_key, public_key);
-    int len = encrypt_data_fast( shared_key,
+    int len = encrypt_data_symmetric( shared_key,
                                 nonce,
                                 plain,
                                 CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH,
@ -1019,7 +1019,7 @@ static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_
        return -1;
    memcpy(plain + nodes_length, encrypted_data, NODES_ENCRYPTED_MESSAGE_LENGTH);
-    int len = encrypt_data_fast( shared_encryption_key,
+    int len = encrypt_data_symmetric( shared_encryption_key,
                                 nonce,
                                 plain,
                                 nodes_length + NODES_ENCRYPTED_MESSAGE_LENGTH,
@ -1052,7 +1052,7 @@ static int handle_getnodes(void *object, IP_Port source, uint8_t *packet, uint32
    uint8_t shared_key[crypto_box_BEFORENMBYTES];
    DHT_get_shared_key_recv(dht, shared_key, packet + 1);
-    int len = decrypt_data_fast( shared_key,
+    int len = decrypt_data_symmetric( shared_key,
                                 packet + 1 + CLIENT_ID_SIZE,
                                 packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
                                 CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES,
@ -1075,8 +1075,8 @@ static uint8_t sent_getnode_to_node(DHT *dht, uint8_t *client_id, IP_Port node_i
 {
    uint8_t plain_message[NODES_ENCRYPTED_MESSAGE_LENGTH];
-    if (decrypt_data_symmetric(dht->secret_symmetric_key, encrypted_data, encrypted_data + crypto_secretbox_NONCEBYTES,
+    if (decrypt_data_symmetric(dht->secret_symmetric_key, encrypted_data, encrypted_data + crypto_box_NONCEBYTES,
-                               NODES_ENCRYPTED_MESSAGE_LENGTH - crypto_secretbox_NONCEBYTES,
+                               NODES_ENCRYPTED_MESSAGE_LENGTH - crypto_box_NONCEBYTES,
                               plain_message) != sizeof(uint64_t) + sizeof(Node_format) * 2)
        return 0;
@ -1121,7 +1121,7 @@ static int handle_sendnodes_core(void *object, IP_Port source, uint8_t *packet,
    uint8_t plain[data_size + NODES_ENCRYPTED_MESSAGE_LENGTH];
    uint8_t shared_key[crypto_box_BEFORENMBYTES];
    DHT_get_shared_key_sent(dht, shared_key, packet + 1);
-    int len = decrypt_data_fast(
+    int len = decrypt_data_symmetric(
                  shared_key,
                  packet + 1 + CLIENT_ID_SIZE,
                  packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
--- a/toxcore/DHT.h
+++ b/toxcore/DHT.h
@ -177,7 +177,7 @@ typedef struct {
    uint32_t       close_bootstrap_times;
    /* Note: this key should not be/is not used to transmit any sensitive materials */
-    uint8_t      secret_symmetric_key[crypto_secretbox_KEYBYTES];
+    uint8_t      secret_symmetric_key[crypto_box_KEYBYTES];
    /* DHT keypair */
    uint8_t self_public_key[crypto_box_PUBLICKEYBYTES];
    uint8_t self_secret_key[crypto_box_SECRETKEYBYTES];
--- a/toxcore/Makefile.inc
+++ b/toxcore/Makefile.inc
@ -9,6 +9,8 @@ libtoxcore_la_SOURCES = ../toxcore/DHT.h \
                        ../toxcore/DHT.c \
                        ../toxcore/network.h \
                        ../toxcore/network.c \
                        ../toxcore/crypto_core.h \
                        ../toxcore/crypto_core.c \
                        ../toxcore/Lossless_UDP.h \
                        ../toxcore/Lossless_UDP.c \
                        ../toxcore/net_crypto.h \
--- a/toxcore/Messenger.c
+++ b/toxcore/Messenger.c
@ -2752,75 +2752,6 @@ int messenger_load(Messenger *m, uint8_t *data, uint32_t length)
        return -1;
 }
 /* return the size of data to pass to messenger_save_encrypted(...)
 *
 */
 uint32_t messenger_size_encrypted(Messenger *m)
 {
    return messenger_size(m) + crypto_secretbox_MACBYTES + crypto_secretbox_NONCEBYTES;
 }
 /* Save the messenger, encrypting the data with key of length key_length
 *
 * return 0 on success.
 * return -1 on failure.
 */
 int messenger_save_encrypted(Messenger *m, uint8_t *data, uint8_t *key, uint16_t key_length)
 {
    uint32_t m_size = messenger_size(m);
    uint8_t *plain_messenger = malloc(m_size);
    if (plain_messenger == NULL)
        return -1;
    messenger_save(m, plain_messenger);
    /* Hash the key with SHA256 to get a 32byte key. */
    uint8_t hash[crypto_hash_sha256_BYTES];
    crypto_hash_sha256(hash, key, key_length);
    random_nonce(data);
    encrypt_data_symmetric(hash, data, plain_messenger, m_size, data + crypto_secretbox_NONCEBYTES);
    memset(plain_messenger, 0, m_size);
    free(plain_messenger);
    memset(hash, 0, crypto_hash_sha256_BYTES);
    return 0;
 }
 /* Load the messenger from data of size length encrypted with key of key_length.
 *
 * return 0 on success.
 * return -1 on failure.
 */
 int messenger_load_encrypted(Messenger *m, uint8_t *data, uint32_t length, uint8_t *key, uint16_t key_length)
 {
    if (length <= crypto_secretbox_MACBYTES + crypto_secretbox_NONCEBYTES)
        return -1;
    uint8_t *plain_messenger = malloc(length);
    if (plain_messenger == NULL)
        return -1;
    /* Hash the key with SHA256 to get a 32byte key. */
    uint8_t hash[crypto_hash_sha256_BYTES];
    crypto_hash_sha256(hash, key, key_length);
    int len = decrypt_data_symmetric(hash, data, data + crypto_secretbox_NONCEBYTES, length - crypto_secretbox_NONCEBYTES,
                                     plain_messenger);
    int ret;
    if ((uint32_t)len == length - crypto_secretbox_NONCEBYTES - crypto_secretbox_MACBYTES) {
        ret = messenger_load(m, plain_messenger, length - crypto_secretbox_NONCEBYTES - crypto_secretbox_MACBYTES);
    } else {
        ret = -1;
    }
    memset(plain_messenger, 0, length);
    free(plain_messenger);
    memset(hash, 0, crypto_hash_sha256_BYTES);
    return ret;
 }
 /* Return the number of friends in the instance m.
 * You should use this to determine how much memory to allocate
 * for copy_friendlist. */
--- a/toxcore/Messenger.h
+++ b/toxcore/Messenger.h
@ -736,24 +736,6 @@ void messenger_save(Messenger *m, uint8_t *data);
 /* Load the messenger from data of size length. */
 int messenger_load(Messenger *m, uint8_t *data, uint32_t length);
 /* return the size of data to pass to messenger_save_encrypted(...)
 */
 uint32_t messenger_size_encrypted(Messenger *m);
 /* Save the messenger, encrypting the data with key of length key_length
 *
 * return 0 on success.
 * return -1 on failure.
 */
 int messenger_save_encrypted(Messenger *m, uint8_t *data, uint8_t *key, uint16_t key_length);
 /* Load the messenger from data of size length encrypted with key of key_length.
 *
 * return 0 on success.
 * return -1 on failure.
 */
 int messenger_load_encrypted(Messenger *m, uint8_t *data, uint32_t length, uint8_t *key, uint16_t key_length);
 /* Return the number of friends in the instance m.
 * You should use this to determine how much memory to allocate
 * for copy_friendlist. */
--- a/toxcore/TCP_client.c
+++ b/toxcore/TCP_client.c
@ -74,7 +74,7 @@ static int generate_handshake(TCP_Client_Connection *TCP_conn, uint8_t *self_pub
    memcpy(plain + crypto_box_PUBLICKEYBYTES, TCP_conn->sent_nonce, crypto_box_NONCEBYTES);
    memcpy(TCP_conn->last_packet, self_public_key, crypto_box_PUBLICKEYBYTES);
    new_nonce(TCP_conn->last_packet + crypto_box_PUBLICKEYBYTES);
-    int len = encrypt_data_fast(TCP_conn->shared_key, TCP_conn->last_packet + crypto_box_PUBLICKEYBYTES, plain,
+    int len = encrypt_data_symmetric(TCP_conn->shared_key, TCP_conn->last_packet + crypto_box_PUBLICKEYBYTES, plain,
                                sizeof(plain), TCP_conn->last_packet + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES);
    if (len != sizeof(plain) + crypto_box_MACBYTES)
@ -93,7 +93,7 @@ static int generate_handshake(TCP_Client_Connection *TCP_conn, uint8_t *self_pub
 static int handle_handshake(TCP_Client_Connection *TCP_conn, uint8_t *data)
 {
    uint8_t plain[crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES];
-    int len = decrypt_data_fast(TCP_conn->shared_key, data, data + crypto_box_NONCEBYTES,
+    int len = decrypt_data_symmetric(TCP_conn->shared_key, data, data + crypto_box_NONCEBYTES,
                                TCP_SERVER_HANDSHAKE_SIZE - crypto_box_NONCEBYTES, plain);
    if (len != sizeof(plain))
@ -149,7 +149,7 @@ static int write_packet_TCP_secure_connection(TCP_Client_Connection *con, uint8_
    uint16_t c_length = htons(length + crypto_box_MACBYTES);
    memcpy(packet, &c_length, sizeof(uint16_t));
-    int len = encrypt_data_fast(con->shared_key, con->sent_nonce, data, length, packet + sizeof(uint16_t));
+    int len = encrypt_data_symmetric(con->shared_key, con->sent_nonce, data, length, packet + sizeof(uint16_t));
    if ((unsigned int)len != (sizeof(packet) - sizeof(uint16_t)))
        return -1;
--- a/toxcore/TCP_client.h
+++ b/toxcore/TCP_client.h
@ -24,7 +24,7 @@
 #ifndef TCP_CLIENT_H
 #define TCP_CLIENT_H
-#include "net_crypto.h"
+#include "crypto_core.h"
 #include "TCP_server.h"
 #define TCP_CONNECTION_TIMEOUT 10
--- a/toxcore/TCP_server.c
+++ b/toxcore/TCP_server.c
@ -258,7 +258,7 @@ int read_packet_TCP_secure_connection(sock_t sock, uint16_t *next_packet_length,
    *next_packet_length = 0;
-    int len = decrypt_data_fast(shared_key, recv_nonce, data_encrypted, len_packet, data);
+    int len = decrypt_data_symmetric(shared_key, recv_nonce, data_encrypted, len_packet, data);
    if (len + crypto_box_MACBYTES != len_packet)
        return -1;
@ -313,7 +313,7 @@ static int write_packet_TCP_secure_connection(TCP_Secure_Connection *con, uint8_
    uint16_t c_length = htons(length + crypto_box_MACBYTES);
    memcpy(packet, &c_length, sizeof(uint16_t));
-    int len = encrypt_data_fast(con->shared_key, con->sent_nonce, data, length, packet + sizeof(uint16_t));
+    int len = encrypt_data_symmetric(con->shared_key, con->sent_nonce, data, length, packet + sizeof(uint16_t));
    if ((unsigned int)len != (sizeof(packet) - sizeof(uint16_t)))
        return -1;
@ -356,7 +356,7 @@ static int handle_TCP_handshake(TCP_Secure_Connection *con, uint8_t *data, uint1
    uint8_t shared_key[crypto_box_BEFORENMBYTES];
    encrypt_precompute(data, self_secret_key, shared_key);
    uint8_t plain[TCP_HANDSHAKE_PLAIN_SIZE];
-    int len = decrypt_data_fast(shared_key, data + crypto_box_PUBLICKEYBYTES,
+    int len = decrypt_data_symmetric(shared_key, data + crypto_box_PUBLICKEYBYTES,
                                data + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, TCP_HANDSHAKE_PLAIN_SIZE + crypto_box_MACBYTES, plain);
    if (len != TCP_HANDSHAKE_PLAIN_SIZE)
@ -373,7 +373,7 @@ static int handle_TCP_handshake(TCP_Secure_Connection *con, uint8_t *data, uint1
    uint8_t response[TCP_SERVER_HANDSHAKE_SIZE];
    new_nonce(response);
-    len = encrypt_data_fast(shared_key, response, resp_plain, TCP_HANDSHAKE_PLAIN_SIZE, response + crypto_box_NONCEBYTES);
+    len = encrypt_data_symmetric(shared_key, response, resp_plain, TCP_HANDSHAKE_PLAIN_SIZE, response + crypto_box_NONCEBYTES);
    if (len != TCP_HANDSHAKE_PLAIN_SIZE + crypto_box_MACBYTES)
        return -1;
--- a/toxcore/TCP_server.h
+++ b/toxcore/TCP_server.h
@ -23,7 +23,7 @@
 #ifndef TCP_SERVER_H
 #define TCP_SERVER_H
-#include "net_crypto.h"
+#include "crypto_core.h"
 #include "onion.h"
 #if defined(_WIN32) || defined(__WIN32__) || defined(WIN32) || defined(__MACH__)
--- a/toxcore/crypto_core.c
+++ b/toxcore/crypto_core.c
@ -0,0 +1,168 @@
 /* net_crypto.c
 *
 * Functions for the core crypto.
 *
 * NOTE: This code has to be perfect. We don't mess around with encryption.
 *
 *  Copyright (C) 2013 Tox project All Rights Reserved.
 *
 *  This file is part of Tox.
 *
 *  Tox is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  Tox is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with Tox.  If not, see <http://www.gnu.org/licenses/>.
 *
 */
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include "crypto_core.h"
 /* Use this instead of memcmp; not vulnerable to timing attacks. */
 uint8_t crypto_iszero(uint8_t *mem, uint32_t length)
 {
    uint8_t check = 0;
    uint32_t i;
    for (i = 0; i < length; ++i) {
        check |= mem[i];
    }
    return check; // We return zero if mem is made out of zeroes.
 }
 /* Precomputes the shared key from their public_key and our secret_key.
 * This way we can avoid an expensive elliptic curve scalar multiply for each
 * encrypt/decrypt operation.
 * enc_key has to be crypto_box_BEFORENMBYTES bytes long.
 */
 void encrypt_precompute(uint8_t *public_key, uint8_t *secret_key, uint8_t *enc_key)
 {
    crypto_box_beforenm(enc_key, public_key, secret_key);
 }
 int encrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *plain, uint32_t length, uint8_t *encrypted)
 {
    if (length == 0)
        return -1;
    uint8_t temp_plain[length + crypto_box_ZEROBYTES];
    uint8_t temp_encrypted[length + crypto_box_MACBYTES + crypto_box_BOXZEROBYTES];
    memset(temp_plain, 0, crypto_box_ZEROBYTES);
    memcpy(temp_plain + crypto_box_ZEROBYTES, plain, length); // Pad the message with 32 0 bytes.
    if (crypto_box_afternm(temp_encrypted, temp_plain, length + crypto_box_ZEROBYTES, nonce, secret_key) != 0)
        return -1;
    /* Unpad the encrypted message. */
    memcpy(encrypted, temp_encrypted + crypto_box_BOXZEROBYTES, length + crypto_box_MACBYTES);
    return length + crypto_box_MACBYTES;
 }
 int decrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *encrypted, uint32_t length, uint8_t *plain)
 {
    if (length <= crypto_box_BOXZEROBYTES)
        return -1;
    uint8_t temp_plain[length + crypto_box_ZEROBYTES];
    uint8_t temp_encrypted[length + crypto_box_BOXZEROBYTES];
    memset(temp_plain, 0, crypto_box_BOXZEROBYTES);
    memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); // Pad the message with 16 0 bytes.
    if (crypto_box_open_afternm(temp_plain, temp_encrypted, length + crypto_box_BOXZEROBYTES, nonce, secret_key) != 0)
        return -1;
    memcpy(plain, temp_plain + crypto_box_ZEROBYTES, length - crypto_box_MACBYTES);
    return length - crypto_box_MACBYTES;
 }
 int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
                 uint8_t *plain, uint32_t length, uint8_t *encrypted)
 {
    uint8_t k[crypto_box_BEFORENMBYTES];
    encrypt_precompute(public_key, secret_key, k);
    return encrypt_data_symmetric(k, nonce, plain, length, encrypted);
 }
 int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
                 uint8_t *encrypted, uint32_t length, uint8_t *plain)
 {
    uint8_t k[crypto_box_BEFORENMBYTES];
    encrypt_precompute(public_key, secret_key, k);
    return decrypt_data_symmetric(k, nonce, encrypted, length, plain);
 }
 /* Increment the given nonce by 1. */
 void increment_nonce(uint8_t *nonce)
 {
    uint32_t i;
    for (i = crypto_box_NONCEBYTES; i != 0; --i) {
        ++nonce[i - 1];
        if (nonce[i - 1] != 0)
            break;
    }
 }
 /* increment the given nonce by num */
 void increment_nonce_number(uint8_t *nonce, uint32_t num)
 {
    uint32_t num1, num2;
    memcpy(&num1, nonce + (crypto_box_NONCEBYTES - sizeof(num1)), sizeof(num1));
    num1 = ntohl(num1);
    num2 = num + num1;
    if (num2 < num1) {
        uint32_t i;
        for (i = crypto_box_NONCEBYTES - sizeof(num1); i != 0; --i) {
            ++nonce[i - 1];
            if (nonce[i - 1] != 0)
                break;
        }
    }
    num2 = htonl(num2);
    memcpy(nonce + (crypto_box_NONCEBYTES - sizeof(num2)), &num2, sizeof(num2));
 }
 /* Fill the given nonce with random bytes. */
 void random_nonce(uint8_t *nonce)
 {
    randombytes(nonce, crypto_box_NONCEBYTES);
 }
 /* Fill a key crypto_box_KEYBYTES big with random bytes */
 void new_symmetric_key(uint8_t *key)
 {
    randombytes(key, crypto_box_KEYBYTES);
 }
 static uint8_t base_nonce[crypto_box_NONCEBYTES];
 static uint8_t nonce_set = 0;
 /* Gives a nonce guaranteed to be different from previous ones.*/
 void new_nonce(uint8_t *nonce)
 {
    if (nonce_set == 0) {
        random_nonce(base_nonce);
        nonce_set = 1;
    }
    increment_nonce(base_nonce);
    memcpy(nonce, base_nonce, crypto_box_NONCEBYTES);
 }
--- a/toxcore/crypto_core.h
+++ b/toxcore/crypto_core.h
@ -0,0 +1,86 @@
 /* crypto_core.h
 *
 * Functions for the core crypto.
 *
 *  Copyright (C) 2013 Tox project All Rights Reserved.
 *
 *  This file is part of Tox.
 *
 *  Tox is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  Tox is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with Tox.  If not, see <http://www.gnu.org/licenses/>.
 *
 */
 #ifndef CORE_CRYPTO_H
 #define CORE_CRYPTO_H
 #include "network.h"
 /* return zero if the buffer contains only zeros. */
 uint8_t crypto_iszero(uint8_t *buffer, uint32_t blen);
 /* Encrypts plain of length length to encrypted of length + 16 using the
 * public key(32 bytes) of the receiver and the secret key of the sender and a 24 byte nonce.
 *
 *  return -1 if there was a problem.
 *  return length of encrypted data if everything was fine.
 */
 int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
                 uint8_t *plain, uint32_t length, uint8_t *encrypted);
 /* Decrypts encrypted of length length to plain of length length - 16 using the
 * public key(32 bytes) of the sender, the secret key of the receiver and a 24 byte nonce.
 *
 *  return -1 if there was a problem (decryption failed).
 *  return length of plain data if everything was fine.
 */
 int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
                 uint8_t *encrypted, uint32_t length, uint8_t *plain);
 /* Fast encrypt/decrypt operations. Use if this is not a one-time communication.
   encrypt_precompute does the shared-key generation once so it does not have
   to be preformed on every encrypt/decrypt. */
 void encrypt_precompute(uint8_t *public_key, uint8_t *secret_key, uint8_t *enc_key);
 /* Encrypts plain of length length to encrypted of length + 16 using a
 * secret key crypto_box_KEYBYTES big and a 24 byte nonce.
 *
 *  return -1 if there was a problem.
 *  return length of encrypted data if everything was fine.
 */
 int encrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *plain, uint32_t length, uint8_t *encrypted);
 /* Decrypts encrypted of length length to plain of length length - 16 using a
 * secret key crypto_box_KEYBYTES big and a 24 byte nonce.
 *
 *  return -1 if there was a problem (decryption failed).
 *  return length of plain data if everything was fine.
 */
 int decrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *encrypted, uint32_t length, uint8_t *plain);
 /* Increment the given nonce by 1. */
 void increment_nonce(uint8_t *nonce);
 /* increment the given nonce by num */
 void increment_nonce_number(uint8_t *nonce, uint32_t num);
 /* Fill the given nonce with random bytes. */
 void random_nonce(uint8_t *nonce);
 /* Fill a key crypto_box_KEYBYTES big with random bytes */
 void new_symmetric_key(uint8_t *key);
 /*Gives a nonce guaranteed to be different from previous ones.*/
 void new_nonce(uint8_t *nonce);
 #endif
--- a/toxcore/friend_requests.h
+++ b/toxcore/friend_requests.h
@ -25,8 +25,6 @@
 #define FRIEND_REQUESTS_H
 #include "onion_client.h"
 #include "net_crypto.h"
 typedef struct {
    uint32_t nospam;
--- a/toxcore/group_chats.c
+++ b/toxcore/group_chats.c
@ -26,8 +26,9 @@
 #include "config.h"
 #endif
-#include "group_chats.h"
+#include "DHT.h"
 #include "assoc.h"
 #include "group_chats.h"
 #include "LAN_discovery.h"
 #include "util.h"
--- a/toxcore/group_chats.h
+++ b/toxcore/group_chats.h
@ -25,8 +25,6 @@
 #ifndef GROUP_CHATS_H
 #define GROUP_CHATS_H
 #include "net_crypto.h"
 #define MAX_NICK_BYTES 128
 typedef struct {
--- a/toxcore/net_crypto.c
+++ b/toxcore/net_crypto.c
@ -35,202 +35,6 @@ static uint8_t crypt_connection_id_not_valid(Net_Crypto *c, int crypt_connection
    return (uint32_t)crypt_connection_id >= c->crypto_connections_length;
 }
 /* Use this instead of memcmp; not vulnerable to timing attacks. */
 uint8_t crypto_iszero(uint8_t *mem, uint32_t length)
 {
    uint8_t check = 0;
    uint32_t i;
    for (i = 0; i < length; ++i) {
        check |= mem[i];
    }
    return check; // We return zero if mem is made out of zeroes.
 }
 /* Precomputes the shared key from their public_key and our secret_key.
 * This way we can avoid an expensive elliptic curve scalar multiply for each
 * encrypt/decrypt operation.
 * enc_key has to be crypto_box_BEFORENMBYTES bytes long.
 */
 void encrypt_precompute(uint8_t *public_key, uint8_t *secret_key, uint8_t *enc_key)
 {
    crypto_box_beforenm(enc_key, public_key, secret_key);
 }
 /* Fast encrypt. Depends on enc_key from encrypt_precompute. */
 int encrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
                      uint8_t *plain, uint32_t length, uint8_t *encrypted)
 {
    if (length + crypto_box_MACBYTES > MAX_DATA_SIZE || length == 0)
        return -1;
    uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES] = {0};
    uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES];
    memcpy(temp_plain + crypto_box_ZEROBYTES, plain, length); // Pad the message with 32 0 bytes.
    crypto_box_afternm(temp_encrypted, temp_plain, length + crypto_box_ZEROBYTES, nonce, enc_key);
    if (crypto_iszero(temp_encrypted, crypto_box_BOXZEROBYTES) != 0)
        return -1;
    /* Unpad the encrypted message. */
    memcpy(encrypted, temp_encrypted + crypto_box_BOXZEROBYTES, length + crypto_box_MACBYTES);
    return length + crypto_box_MACBYTES;
 }
 /* Fast decrypt. Depends on enc_ley from encrypt_precompute. */
 int decrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
                      uint8_t *encrypted, uint32_t length, uint8_t *plain)
 {
    if (length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES)
        return -1;
    uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES];
    uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES] = {0};
    memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); // Pad the message with 16 0 bytes.
    if (crypto_box_open_afternm(temp_plain, temp_encrypted, length + crypto_box_BOXZEROBYTES,
                                nonce, enc_key) == -1)
        return -1;
    /* If decryption is successful the first crypto_box_ZEROBYTES of the message will be zero.
     * Apparently memcmp should not be used so we do this instead:
     */
    if (crypto_iszero(temp_plain, crypto_box_ZEROBYTES) != 0)
        return -1;
    /* Unpad the plain message. */
    memcpy(plain, temp_plain + crypto_box_ZEROBYTES, length - crypto_box_MACBYTES);
    return length - crypto_box_MACBYTES;
 }
 int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
                 uint8_t *plain, uint32_t length, uint8_t *encrypted)
 {
    uint8_t k[crypto_box_BEFORENMBYTES];
    encrypt_precompute(public_key, secret_key, k);
    return encrypt_data_fast(k, nonce, plain, length, encrypted);
 }
 int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
                 uint8_t *encrypted, uint32_t length, uint8_t *plain)
 {
    uint8_t k[crypto_box_BEFORENMBYTES];
    encrypt_precompute(public_key, secret_key, k);
    return decrypt_data_fast(k, nonce, encrypted, length, plain);
 }
 int encrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *plain, uint32_t length, uint8_t *encrypted)
 {
    if (length == 0)
        return -1;
    uint8_t temp_plain[length + crypto_secretbox_ZEROBYTES];
    uint8_t temp_encrypted[length + crypto_secretbox_MACBYTES + crypto_secretbox_BOXZEROBYTES];
    memset(temp_plain, 0, crypto_secretbox_ZEROBYTES);
    memcpy(temp_plain + crypto_secretbox_ZEROBYTES, plain, length); // Pad the message with 32 0 bytes.
    crypto_secretbox(temp_encrypted, temp_plain, length + crypto_secretbox_ZEROBYTES, nonce, secret_key);
    /* Unpad the encrypted message. */
    memcpy(encrypted, temp_encrypted + crypto_secretbox_BOXZEROBYTES, length + crypto_secretbox_MACBYTES);
    return length + crypto_secretbox_MACBYTES;
 }
 int decrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *encrypted, uint32_t length, uint8_t *plain)
 {
    if (length <= crypto_secretbox_BOXZEROBYTES)
        return -1;
    uint8_t temp_plain[length + crypto_secretbox_ZEROBYTES];
    uint8_t temp_encrypted[length + crypto_secretbox_BOXZEROBYTES];
    memset(temp_plain, 0, crypto_secretbox_BOXZEROBYTES);
    memcpy(temp_encrypted + crypto_secretbox_BOXZEROBYTES, encrypted, length); // Pad the message with 16 0 bytes.
    if (crypto_secretbox_open(temp_plain, temp_encrypted, length + crypto_secretbox_BOXZEROBYTES, nonce, secret_key) == -1)
        return -1;
    memcpy(plain, temp_plain + crypto_secretbox_ZEROBYTES, length - crypto_secretbox_MACBYTES);
    return length - crypto_secretbox_MACBYTES;
 }
 /* Increment the given nonce by 1. */
 void increment_nonce(uint8_t *nonce)
 {
    uint32_t i;
    for (i = crypto_box_NONCEBYTES; i != 0; --i) {
        ++nonce[i - 1];
        if (nonce[i - 1] != 0)
            break;
    }
 }
 /* increment the given nonce by num */
 void increment_nonce_number(uint8_t *nonce, uint32_t num)
 {
    uint32_t num1, num2;
    memcpy(&num1, nonce + (crypto_box_NONCEBYTES - sizeof(num1)), sizeof(num1));
    num1 = ntohl(num1);
    num2 = num + num1;
    if (num2 < num1) {
        uint32_t i;
        for (i = crypto_box_NONCEBYTES - sizeof(num1); i != 0; --i) {
            ++nonce[i - 1];
            if (nonce[i - 1] != 0)
                break;
        }
    }
    num2 = htonl(num2);
    memcpy(nonce + (crypto_box_NONCEBYTES - sizeof(num2)), &num2, sizeof(num2));
 }
 #if crypto_box_NONCEBYTES != crypto_secretbox_NONCEBYTES
 /*if they no longer equal each other, this function and the previous ones
 *must be split into two.
 */
 #error random_nonce(): crypto_box_NONCEBYTES must equal crypto_secretbox_NONCEBYTES.
 #endif
 /* Fill the given nonce with random bytes. */
 void random_nonce(uint8_t *nonce)
 {
    randombytes(nonce, crypto_box_NONCEBYTES);
 }
 /* Fill a key crypto_secretbox_KEYBYTES big with random bytes */
 void new_symmetric_key(uint8_t *key)
 {
    randombytes(key, crypto_secretbox_KEYBYTES);
 }
 static uint8_t base_nonce[crypto_box_NONCEBYTES];
 static uint8_t nonce_set = 0;
 #if crypto_box_NONCEBYTES != crypto_secretbox_NONCEBYTES
 /*if they no longer equal each other, this function must be split into two.*/
 #error new_nonce(): crypto_box_NONCEBYTES must equal crypto_secretbox_NONCEBYTES.
 #endif
 /* Gives a nonce guaranteed to be different from previous ones.*/
 void new_nonce(uint8_t *nonce)
 {
    if (nonce_set == 0) {
        random_nonce(base_nonce);
        nonce_set = 1;
    }
    increment_nonce(base_nonce);
    memcpy(nonce, base_nonce, crypto_box_NONCEBYTES);
 }
 /*  return 0 if there is no received data in the buffer.
 *  return -1  if the packet was discarded.
 *  return length of received data if successful.
@ -252,7 +56,7 @@ int read_cryptpacket(Net_Crypto *c, int crypt_connection_id, uint8_t *data)
    if (temp_data[0] != 3)
        return -1;
-    int len = decrypt_data_fast(c->crypto_connections[crypt_connection_id].shared_key,
+    int len = decrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key,
                                c->crypto_connections[crypt_connection_id].recv_nonce,
                                temp_data + 1, length - 1, data);
@ -290,7 +94,7 @@ int write_cryptpacket(Net_Crypto *c, int crypt_connection_id, uint8_t *data, uin
        return 0;
    uint8_t temp_data[MAX_DATA_SIZE];
-    int len = encrypt_data_fast(c->crypto_connections[crypt_connection_id].shared_key,
+    int len = encrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key,
                                c->crypto_connections[crypt_connection_id].sent_nonce,
                                data, length, temp_data + 1);
--- a/toxcore/net_crypto.h
+++ b/toxcore/net_crypto.h
@ -81,72 +81,6 @@ typedef struct {
 #include "DHT.h"
 /* return zero if the buffer contains only zeros. */
 uint8_t crypto_iszero(uint8_t *buffer, uint32_t blen);
 /* Encrypts plain of length length to encrypted of length + 16 using the
 * public key(32 bytes) of the receiver and the secret key of the sender and a 24 byte nonce.
 *
 *  return -1 if there was a problem.
 *  return length of encrypted data if everything was fine.
 */
 int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
                 uint8_t *plain, uint32_t length, uint8_t *encrypted);
 /* Decrypts encrypted of length length to plain of length length - 16 using the
 * public key(32 bytes) of the sender, the secret key of the receiver and a 24 byte nonce.
 *
 *  return -1 if there was a problem (decryption failed).
 *  return length of plain data if everything was fine.
 */
 int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
                 uint8_t *encrypted, uint32_t length, uint8_t *plain);
 /* Fast encrypt/decrypt operations. Use if this is not a one-time communication.
   encrypt_precompute does the shared-key generation once so it does not have
   to be preformed on every encrypt/decrypt. */
 void encrypt_precompute(uint8_t *public_key, uint8_t *secret_key, uint8_t *enc_key);
 /* Fast encrypt. Depends on enc_key from encrypt_precompute. */
 int encrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
                      uint8_t *plain, uint32_t length, uint8_t *encrypted);
 /* Fast decrypt. Depends on enc_ley from encrypt_precompute. */
 int decrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
                      uint8_t *encrypted, uint32_t length, uint8_t *plain);
 /* Encrypts plain of length length to encrypted of length + 16 using a
 * secret key crypto_secretbox_KEYBYTES big and a 24 byte nonce.
 *
 *  return -1 if there was a problem.
 *  return length of encrypted data if everything was fine.
 */
 int encrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *plain, uint32_t length, uint8_t *encrypted);
 /* Decrypts encrypted of length length to plain of length length - 16 using a
 * secret key crypto_secretbox_KEYBYTES big and a 24 byte nonce.
 *
 *  return -1 if there was a problem (decryption failed).
 *  return length of plain data if everything was fine.
 */
 int decrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *encrypted, uint32_t length, uint8_t *plain);
 /* Increment the given nonce by 1. */
 void increment_nonce(uint8_t *nonce);
 /* increment the given nonce by num */
 void increment_nonce_number(uint8_t *nonce, uint32_t num);
 /* Fill the given nonce with random bytes. */
 void random_nonce(uint8_t *nonce);
 /* Fill a key crypto_secretbox_KEYBYTES big with random bytes */
 void new_symmetric_key(uint8_t *key);
 /*Gives a nonce guaranteed to be different from previous ones.*/
 void new_nonce(uint8_t *nonce);
 /*  return 0 if there is no received data in the buffer.
 *  return -1  if the packet was discarded.
 *  return length of received data if successful.
--- a/toxcore/network.h
+++ b/toxcore/network.h
@ -102,15 +102,12 @@ typedef int sock_t;
 #include <sodium.h>
 #else
 #include <crypto_box.h>
 #include <crypto_secretbox.h>
 #include <randombytes.h>
 #include <crypto_hash_sha256.h>
 #define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES)
 #endif
-#ifndef crypto_secretbox_MACBYTES
+#define crypto_box_KEYBYTES (crypto_box_BEFORENMBYTES)
 #define crypto_secretbox_MACBYTES (crypto_secretbox_ZEROBYTES - crypto_secretbox_BOXZEROBYTES)
 #endif
 #ifndef IPV6_ADD_MEMBERSHIP
 #ifdef  IPV6_JOIN_GROUP
--- a/toxcore/onion.c
+++ b/toxcore/onion.c
@ -111,7 +111,7 @@ int send_onion_packet(Networking_Core *net, Onion_Path *path, IP_Port dest, uint
    memcpy(step2, &path->ip_port3, sizeof(IP_Port));
    memcpy(step2 + sizeof(IP_Port), path->public_key3, crypto_box_PUBLICKEYBYTES);
-    int len = encrypt_data_fast(path->shared_key3, nonce, step1, sizeof(step1),
+    int len = encrypt_data_symmetric(path->shared_key3, nonce, step1, sizeof(step1),
                                step2 + sizeof(IP_Port) + crypto_box_PUBLICKEYBYTES);
    if ((uint32_t)len != sizeof(IP_Port) + length + crypto_box_MACBYTES)
@ -120,7 +120,7 @@ int send_onion_packet(Networking_Core *net, Onion_Path *path, IP_Port dest, uint
    uint8_t step3[sizeof(IP_Port) + SEND_BASE * 2 + length];
    memcpy(step3, &path->ip_port2, sizeof(IP_Port));
    memcpy(step3 + sizeof(IP_Port), path->public_key2, crypto_box_PUBLICKEYBYTES);
-    len = encrypt_data_fast(path->shared_key2, nonce, step2, sizeof(step2),
+    len = encrypt_data_symmetric(path->shared_key2, nonce, step2, sizeof(step2),
                            step3 + sizeof(IP_Port) + crypto_box_PUBLICKEYBYTES);
    if ((uint32_t)len != sizeof(IP_Port) + SEND_BASE + length + crypto_box_MACBYTES)
@ -131,7 +131,7 @@ int send_onion_packet(Networking_Core *net, Onion_Path *path, IP_Port dest, uint
    memcpy(packet + 1, nonce, crypto_box_NONCEBYTES);
    memcpy(packet + 1 + crypto_box_NONCEBYTES, path->public_key1, crypto_box_PUBLICKEYBYTES);
-    len = encrypt_data_fast(path->shared_key1, nonce, step3, sizeof(step3),
+    len = encrypt_data_symmetric(path->shared_key1, nonce, step3, sizeof(step3),
                            packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES);
    if ((uint32_t)len != sizeof(IP_Port) + SEND_BASE * 2 + length + crypto_box_MACBYTES)
@ -175,7 +175,7 @@ static int handle_send_initial(void *object, IP_Port source, uint8_t *packet, ui
    uint8_t plain[MAX_ONION_SIZE];
    uint8_t shared_key[crypto_box_BEFORENMBYTES];
    get_shared_key(&onion->shared_keys_1, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
-    int len = decrypt_data_fast(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
+    int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
                                length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES), plain);
    if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES))
@ -198,12 +198,12 @@ int onion_send_1(Onion *onion, uint8_t *plain, uint32_t len, IP_Port source, uin
    uint8_t *ret_part = data + data_len;
    new_nonce(ret_part);
    len = encrypt_data_symmetric(onion->secret_symmetric_key, ret_part, (uint8_t *)&source, sizeof(IP_Port),
-                                 ret_part + crypto_secretbox_NONCEBYTES);
+                                 ret_part + crypto_box_NONCEBYTES);
-    if (len != sizeof(IP_Port) + crypto_secretbox_MACBYTES)
+    if (len != sizeof(IP_Port) + crypto_box_MACBYTES)
        return 1;
-    data_len += crypto_secretbox_NONCEBYTES + len;
+    data_len += crypto_box_NONCEBYTES + len;
    if ((uint32_t)sendpacket(onion->net, send_to, data, data_len) != data_len)
        return 1;
@ -226,7 +226,7 @@ static int handle_send_1(void *object, IP_Port source, uint8_t *packet, uint32_t
    uint8_t plain[MAX_ONION_SIZE];
    uint8_t shared_key[crypto_box_BEFORENMBYTES];
    get_shared_key(&onion->shared_keys_2, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
-    int len = decrypt_data_fast(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
+    int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
                                length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_1), plain);
    if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_1 + crypto_box_MACBYTES))
@ -247,12 +247,12 @@ static int handle_send_1(void *object, IP_Port source, uint8_t *packet, uint32_t
    memcpy(ret_data, &source, sizeof(IP_Port));
    memcpy(ret_data + sizeof(IP_Port), packet + (length - RETURN_1), RETURN_1);
    len = encrypt_data_symmetric(onion->secret_symmetric_key, ret_part, ret_data, sizeof(ret_data),
-                                 ret_part + crypto_secretbox_NONCEBYTES);
+                                 ret_part + crypto_box_NONCEBYTES);
-    if (len != RETURN_2 - crypto_secretbox_NONCEBYTES)
+    if (len != RETURN_2 - crypto_box_NONCEBYTES)
        return 1;
-    data_len += crypto_secretbox_NONCEBYTES + len;
+    data_len += crypto_box_NONCEBYTES + len;
    if ((uint32_t)sendpacket(onion->net, send_to, data, data_len) != data_len)
        return 1;
@ -275,7 +275,7 @@ static int handle_send_2(void *object, IP_Port source, uint8_t *packet, uint32_t
    uint8_t plain[MAX_ONION_SIZE];
    uint8_t shared_key[crypto_box_BEFORENMBYTES];
    get_shared_key(&onion->shared_keys_3, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
-    int len = decrypt_data_fast(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
+    int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
                                length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2), plain);
    if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2 + crypto_box_MACBYTES))
@ -294,9 +294,9 @@ static int handle_send_2(void *object, IP_Port source, uint8_t *packet, uint32_t
    memcpy(ret_data, &source, sizeof(IP_Port));
    memcpy(ret_data + sizeof(IP_Port), packet + (length - RETURN_2), RETURN_2);
    len = encrypt_data_symmetric(onion->secret_symmetric_key, ret_part, ret_data, sizeof(ret_data),
-                                 ret_part + crypto_secretbox_NONCEBYTES);
+                                 ret_part + crypto_box_NONCEBYTES);
-    if (len != RETURN_3 - crypto_secretbox_NONCEBYTES)
+    if (len != RETURN_3 - crypto_box_NONCEBYTES)
        return 1;
    data_len += RETURN_3;
@ -321,8 +321,8 @@ static int handle_recv_3(void *object, IP_Port source, uint8_t *packet, uint32_t
    change_symmetric_key(onion);
    uint8_t plain[sizeof(IP_Port) + RETURN_2];
-    int len = decrypt_data_symmetric(onion->secret_symmetric_key, packet + 1, packet + 1 + crypto_secretbox_NONCEBYTES,
+    int len = decrypt_data_symmetric(onion->secret_symmetric_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES,
-                                     sizeof(IP_Port) + RETURN_2 + crypto_secretbox_MACBYTES, plain);
+                                     sizeof(IP_Port) + RETURN_2 + crypto_box_MACBYTES, plain);
    if ((uint32_t)len != sizeof(plain))
        return 1;
@ -355,8 +355,8 @@ static int handle_recv_2(void *object, IP_Port source, uint8_t *packet, uint32_t
    change_symmetric_key(onion);
    uint8_t plain[sizeof(IP_Port) + RETURN_1];
-    int len = decrypt_data_symmetric(onion->secret_symmetric_key, packet + 1, packet + 1 + crypto_secretbox_NONCEBYTES,
+    int len = decrypt_data_symmetric(onion->secret_symmetric_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES,
-                                     sizeof(IP_Port) + RETURN_1 + crypto_secretbox_MACBYTES, plain);
+                                     sizeof(IP_Port) + RETURN_1 + crypto_box_MACBYTES, plain);
    if ((uint32_t)len != sizeof(plain))
        return 1;
@ -390,8 +390,8 @@ static int handle_recv_1(void *object, IP_Port source, uint8_t *packet, uint32_t
    IP_Port send_to;
-    int len = decrypt_data_symmetric(onion->secret_symmetric_key, packet + 1, packet + 1 + crypto_secretbox_NONCEBYTES,
+    int len = decrypt_data_symmetric(onion->secret_symmetric_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES,
-                                     sizeof(IP_Port) + crypto_secretbox_MACBYTES, (uint8_t *) &send_to);
+                                     sizeof(IP_Port) + crypto_box_MACBYTES, (uint8_t *) &send_to);
    if ((uint32_t)len != sizeof(IP_Port))
        return 1;
--- a/toxcore/onion.h
+++ b/toxcore/onion.h
@ -28,7 +28,7 @@
 typedef struct {
    DHT     *dht;
    Networking_Core *net;
-    uint8_t secret_symmetric_key[crypto_secretbox_KEYBYTES];
+    uint8_t secret_symmetric_key[crypto_box_KEYBYTES];
    uint64_t timestamp;
    Shared_Keys shared_keys_1;
@ -39,9 +39,9 @@ typedef struct {
    void *callback_object;
 } Onion;
-#define ONION_RETURN_1 (crypto_secretbox_NONCEBYTES + sizeof(IP_Port) + crypto_secretbox_MACBYTES)
+#define ONION_RETURN_1 (crypto_box_NONCEBYTES + sizeof(IP_Port) + crypto_box_MACBYTES)
-#define ONION_RETURN_2 (crypto_secretbox_NONCEBYTES + sizeof(IP_Port) + crypto_secretbox_MACBYTES + ONION_RETURN_1)
+#define ONION_RETURN_2 (crypto_box_NONCEBYTES + sizeof(IP_Port) + crypto_box_MACBYTES + ONION_RETURN_1)
-#define ONION_RETURN_3 (crypto_secretbox_NONCEBYTES + sizeof(IP_Port) + crypto_secretbox_MACBYTES + ONION_RETURN_2)
+#define ONION_RETURN_3 (crypto_box_NONCEBYTES + sizeof(IP_Port) + crypto_box_MACBYTES + ONION_RETURN_2)
 #define ONION_SEND_BASE (crypto_box_PUBLICKEYBYTES + sizeof(IP_Port) + crypto_box_MACBYTES)
 #define ONION_SEND_3 (crypto_box_NONCEBYTES + ONION_SEND_BASE + ONION_RETURN_2)
--- a/toxcore/onion_announce.c
+++ b/toxcore/onion_announce.c
@ -115,11 +115,11 @@ static void generate_ping_id(Onion_Announce *onion_a, uint64_t time, uint8_t *pu
                             uint8_t *ping_id)
 {
    time /= PING_ID_TIMEOUT;
-    uint8_t data[crypto_secretbox_KEYBYTES + sizeof(time) + crypto_box_PUBLICKEYBYTES + sizeof(ret_ip_port)];
+    uint8_t data[crypto_box_KEYBYTES + sizeof(time) + crypto_box_PUBLICKEYBYTES + sizeof(ret_ip_port)];
-    memcpy(data, onion_a->secret_bytes, crypto_secretbox_KEYBYTES);
+    memcpy(data, onion_a->secret_bytes, crypto_box_KEYBYTES);
-    memcpy(data + crypto_secretbox_KEYBYTES, &time, sizeof(time));
+    memcpy(data + crypto_box_KEYBYTES, &time, sizeof(time));
-    memcpy(data + crypto_secretbox_KEYBYTES + sizeof(time), public_key, crypto_box_PUBLICKEYBYTES);
+    memcpy(data + crypto_box_KEYBYTES + sizeof(time), public_key, crypto_box_PUBLICKEYBYTES);
-    memcpy(data + crypto_secretbox_KEYBYTES + sizeof(time) + crypto_box_PUBLICKEYBYTES, &ret_ip_port, sizeof(ret_ip_port));
+    memcpy(data + crypto_box_KEYBYTES + sizeof(time) + crypto_box_PUBLICKEYBYTES, &ret_ip_port, sizeof(ret_ip_port));
    crypto_hash_sha256(ping_id, data, sizeof(data));
 }
@ -221,7 +221,7 @@ static int handle_announce_request(void *object, IP_Port source, uint8_t *packet
    get_shared_key(&onion_a->shared_keys_recv, shared_key, onion_a->dht->self_secret_key, packet_public_key);
    uint8_t plain[ONION_PING_ID_SIZE + crypto_box_PUBLICKEYBYTES + crypto_box_PUBLICKEYBYTES + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH];
-    int len = decrypt_data_fast(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
+    int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
                                ONION_PING_ID_SIZE + crypto_box_PUBLICKEYBYTES + crypto_box_PUBLICKEYBYTES + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH +
                                crypto_box_MACBYTES, plain);
@ -278,7 +278,7 @@ static int handle_announce_request(void *object, IP_Port source, uint8_t *packet
    }
    uint8_t data[ONION_ANNOUNCE_RESPONSE_MAX_SIZE];
-    len = encrypt_data_fast(shared_key, nonce, pl, 1 + ONION_PING_ID_SIZE + nodes_length,
+    len = encrypt_data_symmetric(shared_key, nonce, pl, 1 + ONION_PING_ID_SIZE + nodes_length,
                            data + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES);
    if (len != 1 + ONION_PING_ID_SIZE + nodes_length + crypto_box_MACBYTES)
--- a/toxcore/onion_announce.h
+++ b/toxcore/onion_announce.h
@ -29,7 +29,7 @@
 #define ONION_ANNOUNCE_TIMEOUT 300
 #define ONION_PING_ID_SIZE crypto_hash_sha256_BYTES
-#define ONION_ANNOUNCE_SENDBACK_DATA_LENGTH (crypto_secretbox_NONCEBYTES + sizeof(uint32_t) + sizeof(uint64_t) + crypto_box_PUBLICKEYBYTES + sizeof(IP_Port) + crypto_secretbox_MACBYTES)
+#define ONION_ANNOUNCE_SENDBACK_DATA_LENGTH (crypto_box_NONCEBYTES + sizeof(uint32_t) + sizeof(uint64_t) + crypto_box_PUBLICKEYBYTES + sizeof(IP_Port) + crypto_box_MACBYTES)
 #define ONION_ANNOUNCE_RESPONSE_MIN_SIZE (1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES + 1 + ONION_PING_ID_SIZE + crypto_box_MACBYTES)
 #define ONION_ANNOUNCE_RESPONSE_MAX_SIZE (ONION_ANNOUNCE_RESPONSE_MIN_SIZE + sizeof(Node_format)*MAX_SENT_NODES)
@ -52,8 +52,8 @@ typedef struct {
    DHT     *dht;
    Networking_Core *net;
    Onion_Announce_Entry entries[ONION_ANNOUNCE_MAX_ENTRIES];
-    /* This is crypto_secretbox_KEYBYTES long just so we can use new_symmetric_key() to fill it */
+    /* This is crypto_box_KEYBYTES long just so we can use new_symmetric_key() to fill it */
-    uint8_t secret_bytes[crypto_secretbox_KEYBYTES];
+    uint8_t secret_bytes[crypto_box_KEYBYTES];
    Shared_Keys shared_keys_recv;
 } Onion_Announce;
--- a/toxcore/onion_client.c
+++ b/toxcore/onion_client.c
@ -116,9 +116,9 @@ static int new_sendback(Onion_Client *onion_c, uint32_t num, uint8_t *public_key
    memcpy(plain + sizeof(uint32_t) + sizeof(uint64_t) + crypto_box_PUBLICKEYBYTES, &ip_port, sizeof(IP_Port));
    int len = encrypt_data_symmetric(onion_c->secret_symmetric_key, sendback, plain, sizeof(plain),
-                                     sendback + crypto_secretbox_NONCEBYTES);
+                                     sendback + crypto_box_NONCEBYTES);
-    if ((uint32_t)len + crypto_secretbox_NONCEBYTES != ONION_ANNOUNCE_SENDBACK_DATA_LENGTH)
+    if ((uint32_t)len + crypto_box_NONCEBYTES != ONION_ANNOUNCE_SENDBACK_DATA_LENGTH)
        return -1;
    return 0;
@ -137,8 +137,8 @@ static int new_sendback(Onion_Client *onion_c, uint32_t num, uint8_t *public_key
 static uint32_t check_sendback(Onion_Client *onion_c, uint8_t *sendback, uint8_t *ret_pubkey, IP_Port *ret_ip_port)
 {
    uint8_t plain[sizeof(uint32_t) + sizeof(uint64_t) + crypto_box_PUBLICKEYBYTES + sizeof(IP_Port)];
-    int len = decrypt_data_symmetric(onion_c->secret_symmetric_key, sendback, sendback + crypto_secretbox_NONCEBYTES,
+    int len = decrypt_data_symmetric(onion_c->secret_symmetric_key, sendback, sendback + crypto_box_NONCEBYTES,
-                                     ONION_ANNOUNCE_SENDBACK_DATA_LENGTH - crypto_secretbox_NONCEBYTES, plain);
+                                     ONION_ANNOUNCE_SENDBACK_DATA_LENGTH - crypto_box_NONCEBYTES, plain);
    if ((uint32_t)len != sizeof(plain))
        return ~0;
--- a/toxcore/onion_client.h
+++ b/toxcore/onion_client.h
@ -113,7 +113,7 @@ typedef struct {
    Onion_Client_Paths onion_paths;
-    uint8_t secret_symmetric_key[crypto_secretbox_KEYBYTES];
+    uint8_t secret_symmetric_key[crypto_box_KEYBYTES];
    uint64_t last_run;
    uint8_t temp_public_key[crypto_box_PUBLICKEYBYTES];
--- a/toxcore/ping.c
+++ b/toxcore/ping.c
@ -168,7 +168,7 @@ int send_ping_request(PING *ping, IP_Port ipp, uint8_t *client_id)
    new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce
-    rc = encrypt_data_fast(shared_key,
+    rc = encrypt_data_symmetric(shared_key,
                           pk + 1 + CLIENT_ID_SIZE,
                           (uint8_t *) &ping_id, sizeof(ping_id),
                           pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES);
@ -193,7 +193,7 @@ static int send_ping_response(PING *ping, IP_Port ipp, uint8_t *client_id, uint6
    new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce
    // Encrypt ping_id using recipient privkey
-    rc = encrypt_data_fast(shared_encryption_key,
+    rc = encrypt_data_symmetric(shared_encryption_key,
                           pk + 1 + CLIENT_ID_SIZE,
                           (uint8_t *) &ping_id, sizeof(ping_id),
                           pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES );
@ -222,7 +222,7 @@ static int handle_ping_request(void *_dht, IP_Port source, uint8_t *packet, uint
    // Decrypt ping_id
    DHT_get_shared_key_recv(dht, shared_key, packet + 1);
-    rc = decrypt_data_fast(shared_key,
+    rc = decrypt_data_symmetric(shared_key,
                           packet + 1 + CLIENT_ID_SIZE,
                           packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
                           sizeof(ping_id) + crypto_box_MACBYTES,
@ -259,7 +259,7 @@ static int handle_ping_response(void *_dht, IP_Port source, uint8_t *packet, uin
    --ping_index;
    // Decrypt ping_id
-    rc = decrypt_data_fast(ping->pings[ping_index].shared_key,
+    rc = decrypt_data_symmetric(ping->pings[ping_index].shared_key,
                           packet + 1 + CLIENT_ID_SIZE,
                           packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
                           sizeof(ping_id) + crypto_box_MACBYTES,
--- a/toxcore/tox.c
+++ b/toxcore/tox.c
@ -829,33 +829,3 @@ int tox_load(Tox *tox, uint8_t *data, uint32_t length)
    Messenger *m = tox;
    return messenger_load(m, data, length);
 }
 /* return the size of data to pass to messenger_save_encrypted(...)
 */
 uint32_t tox_size_encrypted(Tox *tox)
 {
    Messenger *m = tox;
    return messenger_size_encrypted(m);
 }
 /* Save the messenger, encrypting the data with key of length key_length
 *
 * return 0 on success.
 * return -1 on failure.
 */
 int tox_save_encrypted(Tox *tox, uint8_t *data, uint8_t *key, uint16_t key_length)
 {
    Messenger *m = tox;
    return messenger_save_encrypted(m, data, key, key_length);
 }
 /* Load the messenger from data of size length encrypted with key of key_length.
 *
 * return 0 on success.
 * return -1 on failure.
 */
 int tox_load_encrypted(Tox *tox, uint8_t *data, uint32_t length, uint8_t *key, uint16_t key_length)
 {
    Messenger *m = tox;
    return messenger_load_encrypted(m, data, length, key, key_length);
 }
--- a/toxcore/tox.h
+++ b/toxcore/tox.h
@ -702,32 +702,6 @@ void tox_save(Tox *tox, uint8_t *data);
 */
 int tox_load(Tox *tox, uint8_t *data, uint32_t length);
 /**/
 /* return the size of data to pass to messenger_save_encrypted(...)
 */
 uint32_t tox_size_encrypted(Tox *tox);
 /* Save the messenger, encrypting the data with key of length key_length
 *
 * This functions simply calls and then encrypt the output of tox_save(..)
 * with crypto_secretbox(...) from NaCl/libsodium with the key
 * given to crypto_secretbox(...) being the SHA256 sum of the key
 * passed to this function.
 *
 * return 0 on success.
 * return -1 on failure.
 */
 int tox_save_encrypted(Tox *tox, uint8_t *data, uint8_t *key, uint16_t key_length);
 /* Load the messenger from data of size length encrypted with key of key_length.
 *
 * return 0 on success.
 * return -1 on failure.
 */
 int tox_load_encrypted(Tox *tox, uint8_t *data, uint32_t length, uint8_t *key, uint16_t key_length);
 #ifdef __cplusplus
 }
 #endif