Merge branch 'encrypted_data' of https://github.com/dubslow/toxcore

23 files changed, 2938 insertions, 0 deletions

diff --git a/toxencryptsave/Makefile.inc b/toxencryptsave/Makefile.inc
new file mode 100644
index 00000000..b4f06c90
--- /dev/null
+++ b/toxencryptsave/Makefile.inc
@@ -0,0 +1,49 @@
+lib_LTLIBRARIES += libtoxencryptsave.la
+
+libtoxencryptsave_la_include_HEADERS = \
+                        ../toxencryptsave/toxencryptsave.h
+
+libtoxencryptsave_la_includedir = $(includedir)/tox
+
+libtoxencryptsave_la_SOURCES = ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_pwhash_scryptsalsa208sha256.h \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_scrypt.h \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/runtime.h \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/utils.c \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_scrypt-common.c \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/export.h \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.h \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/runtime.c \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/scrypt_platform.c \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/sysendian.h \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/utils.h \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h \
+                        ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c \
+                        ../toxencryptsave/toxencryptsave.h \
+                        ../toxencryptsave/toxencryptsave.c
+                        
+
+libtoxencryptsave_la_CFLAGS =   -I$(top_srcdir) \
+                        -I$(top_srcdir)/toxcore \
+                        $(LIBSODIUM_CFLAGS) \
+                        $(NACL_CFLAGS) \
+                        $(PTHREAD_CFLAGS)
+
+libtoxencryptsave_la_LDFLAGS =  $(TOXCORE_LT_LDFLAGS) \
+                        $(EXTRA_LT_LDFLAGS) \
+                        $(LIBSODIUM_LDFLAGS) \
+                        $(NACL_LDFLAGS) \
+                        $(MATH_LDFLAGS) \
+                        $(RT_LIBS) \
+                        $(WINSOCK2_LIBS)
+
+libtoxencryptsave_la_LIBADD =   $(LIBSODIUM_LIBS) \
+                        $(NACL_OBJECTS) \
+                        $(NAC_LIBS) \
+                        $(PTHREAD_LIBS) \
+                        libtoxcore.la
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h
new file mode 100644
index 00000000..994c0942
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h
@@ -0,0 +1,65 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+#ifndef crypto_auth_hmacsha256_H
+#define crypto_auth_hmacsha256_H
+
+#include <stddef.h>
+#include "crypto_hash_sha256.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# if __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_auth_hmacsha256_state {
+    crypto_hash_sha256_state ictx;
+    crypto_hash_sha256_state octx;
+} crypto_auth_hmacsha256_state;
+
+#define crypto_auth_hmacsha256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_bytes(void);
+
+#define crypto_auth_hmacsha256_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256(unsigned char *out,
+                           const unsigned char *in,
+                           unsigned long long inlen,
+                           const unsigned char *k);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_verify(const unsigned char *h,
+                                  const unsigned char *in,
+                                  unsigned long long inlen,
+                                  const unsigned char *k);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
+                                const unsigned char *key,
+                                size_t keylen);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
+                                  const unsigned char *in,
+                                  unsigned long long inlen);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
+                                 unsigned char *out);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h
new file mode 100644
index 00000000..cc6e3df1
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h
@@ -0,0 +1,61 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+#ifndef crypto_hash_sha256_H
+#define crypto_hash_sha256_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA256 for interoperatibility,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA256, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# if __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_hash_sha256_state {
+    uint32_t      state[8];
+    uint32_t      count[2];
+    unsigned char buf[64];
+} crypto_hash_sha256_state;
+
+#define crypto_hash_sha256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_hash_sha256_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash_sha256(unsigned char *out, const unsigned char *in,
+                       unsigned long long inlen);
+
+SODIUM_EXPORT
+int crypto_hash_sha256_init(crypto_hash_sha256_state *state);
+
+SODIUM_EXPORT
+int crypto_hash_sha256_update(crypto_hash_sha256_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen);
+
+SODIUM_EXPORT
+int crypto_hash_sha256_final(crypto_hash_sha256_state *state,
+                             unsigned char *out);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_pwhash_scryptsalsa208sha256.h b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_pwhash_scryptsalsa208sha256.h
new file mode 100644
index 00000000..5cb32f8d
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_pwhash_scryptsalsa208sha256.h
@@ -0,0 +1,92 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+#ifndef crypto_pwhash_scryptsalsa208sha256_H
+#define crypto_pwhash_scryptsalsa208sha256_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# if __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_scryptsalsa208sha256_SALTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_saltbytes(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_STRBYTES 102U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_strbytes(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_STRPREFIX "$7$"
+SODIUM_EXPORT
+const char *crypto_pwhash_scryptsalsa208sha256_strprefix(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE 524288ULL
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE 16777216ULL
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_interactive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE 33554432ULL
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE 1073741824ULL
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256(unsigned char * const out,
+                                       unsigned long long outlen,
+                                       const char * const passwd,
+                                       unsigned long long passwdlen,
+                                       const unsigned char * const salt,
+                                       unsigned long long opslimit,
+                                       size_t memlimit);
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
+                                           const char * const passwd,
+                                           unsigned long long passwdlen,
+                                           unsigned long long opslimit,
+                                           size_t memlimit);
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str_verify(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
+                                                  const char * const passwd,
+                                                  unsigned long long passwdlen);
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen,
+                                          const uint8_t * salt, size_t saltlen,
+                                          uint64_t N, uint32_t r, uint32_t p,
+                                          uint8_t * buf, size_t buflen);
+
+#ifdef __cplusplus
+}
+#endif
+
+/* Backward compatibility with version 0.5.0 */
+
+#define crypto_pwhash_scryptxsalsa208sha256_SALTBYTES crypto_pwhash_scryptsalsa208sha256_SALTBYTES
+#define crypto_pwhash_scryptxsalsa208sha256_saltbytes crypto_pwhash_scryptsalsa208sha256_saltbytes
+#define crypto_pwhash_scryptxsalsa208sha256_STRBYTES crypto_pwhash_scryptsalsa208sha256_STRBYTES
+#define crypto_pwhash_scryptxsalsa208sha256_strbytes crypto_pwhash_scryptsalsa208sha256_strbytes
+#define crypto_pwhash_scryptxsalsa208sha256 crypto_pwhash_scryptsalsa208sha256
+#define crypto_pwhash_scryptxsalsa208sha256_str crypto_pwhash_scryptsalsa208sha256_str
+#define crypto_pwhash_scryptxsalsa208sha256_str_verify crypto_pwhash_scryptsalsa208sha256_str_verify
+
+#endif
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_scrypt-common.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_scrypt-common.c
new file mode 100644
index 00000000..5a5c5525
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_scrypt-common.c
@@ -0,0 +1,257 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+/*-
+ * Copyright 2013 Alexander Peslyak
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdint.h>
+#include <string.h>
+
+#include "crypto_pwhash_scryptsalsa208sha256.h"
+#include "crypto_scrypt.h"
+#include "runtime.h"
+#include "utils.h"
+
+static const char * const itoa64 =
+    "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
+static uint8_t *
+encode64_uint32(uint8_t * dst, size_t dstlen, uint32_t src, uint32_t srcbits)
+{
+    uint32_t bit;
+
+    for (bit = 0; bit < srcbits; bit += 6) {
+        if (dstlen < 1) {
+            return NULL;
+        }
+        *dst++ = itoa64[src & 0x3f];
+        dstlen--;
+        src >>= 6;
+    }
+
+    return dst;
+}
+
+static uint8_t *
+encode64(uint8_t * dst, size_t dstlen, const uint8_t * src, size_t srclen)
+{
+    size_t i;
+
+    for (i = 0; i < srclen; ) {
+        uint8_t * dnext;
+        uint32_t value = 0, bits = 0;
+        do {
+            value |= (uint32_t)src[i++] << bits;
+            bits += 8;
+        } while (bits < 24 && i < srclen);
+        dnext = encode64_uint32(dst, dstlen, value, bits);
+        if (!dnext) {
+            return NULL;
+        }
+        dstlen -= dnext - dst;
+        dst = dnext;
+    }
+
+    return dst;
+}
+
+static int
+decode64_one(uint32_t * dst, uint8_t src)
+{
+    const char *ptr = strchr(itoa64, src);
+
+    if (ptr) {
+        *dst = ptr - itoa64;
+        return 0;
+    }
+    *dst = 0;
+    return -1;
+}
+
+static const uint8_t *
+decode64_uint32(uint32_t * dst, uint32_t dstbits, const uint8_t * src)
+{
+    uint32_t bit;
+    uint32_t value;
+
+    value = 0;
+    for (bit = 0; bit < dstbits; bit += 6) {
+        uint32_t one;
+        if (decode64_one(&one, *src)) {
+            *dst = 0;
+            return NULL;
+        }
+        src++;
+        value |= one << bit;
+    }
+
+    *dst = value;
+    return src;
+}
+
+uint8_t *
+escrypt_r(escrypt_local_t * local, const uint8_t * passwd, size_t passwdlen,
+          const uint8_t * setting, uint8_t * buf, size_t buflen)
+{
+    uint8_t        hash[crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES];
+    escrypt_kdf_t  escrypt_kdf;
+    const uint8_t *src;
+    const uint8_t *salt;
+    uint8_t       *dst;
+    size_t         prefixlen;
+    size_t         saltlen;
+    size_t         need;
+    uint64_t       N;
+    uint32_t       N_log2;
+    uint32_t       r;
+    uint32_t       p;
+
+    if (setting[0] != '$' || setting[1] != '7' || setting[2] != '$') {
+        return NULL;
+    }
+    src = setting + 3;
+
+    if (decode64_one(&N_log2, *src)) {
+        return NULL;
+    }
+    src++;
+    N = (uint64_t)1 << N_log2;
+
+    src = decode64_uint32(&r, 30, src);
+    if (!src) {
+        return NULL;
+    }
+    src = decode64_uint32(&p, 30, src);
+    if (!src) {
+        return NULL;
+    }
+    prefixlen = src - setting;
+
+    salt = src;
+    src = (uint8_t *) strrchr((char *)salt, '$');
+    if (src) {
+        saltlen = src - salt;
+    } else {
+        saltlen = strlen((char *)salt);
+    }
+    need = prefixlen + saltlen + 1 +
+        crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES_ENCODED + 1;
+    if (need > buflen || need < saltlen) {
+        return NULL;
+    }
+#if defined(HAVE_EMMINTRIN_H) || defined(_MSC_VER)
+    escrypt_kdf =
+        sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
+#else
+    escrypt_kdf = escrypt_kdf_nosse;
+#endif
+    if (escrypt_kdf(local, passwd, passwdlen, salt, saltlen,
+                    N, r, p, hash, sizeof(hash))) {
+        return NULL;
+    }
+
+    dst = buf;
+    memcpy(dst, setting, prefixlen + saltlen);
+    dst += prefixlen + saltlen;
+    *dst++ = '$';
+
+    dst = encode64(dst, buflen - (dst - buf), hash, sizeof(hash));
+    sodium_memzero(hash, sizeof hash);
+    if (!dst || dst >= buf + buflen) { /* Can't happen */
+        return NULL;
+    }
+    *dst = 0; /* NUL termination */
+
+    return buf;
+}
+
+uint8_t *
+escrypt_gensalt_r(uint32_t N_log2, uint32_t r, uint32_t p,
+                  const uint8_t * src, size_t srclen,
+                  uint8_t * buf, size_t buflen)
+{
+    uint8_t *dst;
+    size_t   prefixlen =
+        (sizeof "$7$" - 1U) + (1U /* N_log2 */) + (5U /* r */) + (5U /* p */);
+    size_t   saltlen = BYTES2CHARS(srclen);
+    size_t   need;
+
+    need = prefixlen + saltlen + 1;
+    if (need > buflen || need < saltlen || saltlen < srclen) {
+        return NULL;
+    }
+    if (N_log2 > 63 || ((uint64_t)r * (uint64_t)p >= (1U << 30))) {
+        return NULL;
+    }
+    dst = buf;
+    *dst++ = '$';
+    *dst++ = '7';
+    *dst++ = '$';
+
+    *dst++ = itoa64[N_log2];
+
+    dst = encode64_uint32(dst, buflen - (dst - buf), r, 30);
+    if (!dst) { /* Can't happen */
+        return NULL;
+    }
+    dst = encode64_uint32(dst, buflen - (dst - buf), p, 30);
+    if (!dst) { /* Can't happen */
+        return NULL;
+    }
+    dst = encode64(dst, buflen - (dst - buf), src, srclen);
+    if (!dst || dst >= buf + buflen) { /* Can't happen */
+        return NULL;
+    }
+    *dst = 0; /* NUL termination */
+
+    return buf;
+}
+
+int
+crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen,
+                                      const uint8_t * salt, size_t saltlen,
+                                      uint64_t N, uint32_t r, uint32_t p,
+                                      uint8_t * buf, size_t buflen)
+{
+    escrypt_kdf_t   escrypt_kdf;
+    escrypt_local_t local;
+    int             retval;
+
+    if (escrypt_init_local(&local)) {
+        return -1;
+    }
+#if defined(HAVE_EMMINTRIN_H) || defined(_MSC_VER)
+    escrypt_kdf =
+        sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
+#else
+    escrypt_kdf = escrypt_kdf_nosse;
+#endif
+    retval = escrypt_kdf(&local,
+                         passwd, passwdlen, salt, saltlen,
+                         N, r, p, buf, buflen);
+    if (escrypt_free_local(&local)) {
+        return -1;
+    }
+    return retval;
+}
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_scrypt.h b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_scrypt.h
new file mode 100644
index 00000000..3f0b7d72
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_scrypt.h
@@ -0,0 +1,93 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+/*-
+ * Copyright 2009 Colin Percival
+ * Copyright 2013 Alexander Peslyak
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * This file was originally written by Colin Percival as part of the Tarsnap
+ * online backup system.
+ */
+#ifndef _CRYPTO_SCRYPT_H_
+#define _CRYPTO_SCRYPT_H_
+
+#include <stdint.h>
+
+#define crypto_pwhash_scryptsalsa208sha256_STRPREFIXBYTES 14
+#define crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES 57
+#define crypto_pwhash_scryptsalsa208sha256_STRSALTBYTES 32
+#define crypto_pwhash_scryptsalsa208sha256_STRSALTBYTES_ENCODED 43
+#define crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES 32
+#define crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES_ENCODED 43
+
+#define BYTES2CHARS(bytes) ((((bytes) * 8) + 5) / 6)
+
+typedef struct {
+        void * base, * aligned;
+        size_t size;
+} escrypt_region_t;
+
+typedef escrypt_region_t escrypt_local_t;
+
+extern int escrypt_init_local(escrypt_local_t * __local);
+
+extern int escrypt_free_local(escrypt_local_t * __local);
+
+extern void *alloc_region(escrypt_region_t * region, size_t size);
+extern int free_region(escrypt_region_t * region);
+
+typedef int (*escrypt_kdf_t)(escrypt_local_t * __local,
+                             const uint8_t * __passwd, size_t __passwdlen,
+                             const uint8_t * __salt, size_t __saltlen,
+                             uint64_t __N, uint32_t __r, uint32_t __p,
+                             uint8_t * __buf, size_t __buflen);
+
+extern int escrypt_kdf_nosse(escrypt_local_t * __local,
+    const uint8_t * __passwd, size_t __passwdlen,
+    const uint8_t * __salt, size_t __saltlen,
+    uint64_t __N, uint32_t __r, uint32_t __p,
+    uint8_t * __buf, size_t __buflen);
+
+extern int escrypt_kdf_sse(escrypt_local_t * __local,
+    const uint8_t * __passwd, size_t __passwdlen,
+    const uint8_t * __salt, size_t __saltlen,
+    uint64_t __N, uint32_t __r, uint32_t __p,
+    uint8_t * __buf, size_t __buflen);
+
+extern uint8_t * escrypt_r(escrypt_local_t * __local,
+    const uint8_t * __passwd, size_t __passwdlen,
+    const uint8_t * __setting,
+    uint8_t * __buf, size_t __buflen);
+
+extern uint8_t * escrypt_gensalt_r(
+    uint32_t __N_log2, uint32_t __r, uint32_t __p,
+    const uint8_t * __src, size_t __srclen,
+    uint8_t * __buf, size_t __buflen);
+
+#endif /* !_CRYPTO_SCRYPT_H_ */
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/export.h b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/export.h
new file mode 100644
index 00000000..ee5b30f7
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/export.h
@@ -0,0 +1,38 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+#ifndef __SODIUM_EXPORT_H__
+#define __SODIUM_EXPORT_H__
+
+#ifndef __GNUC__
+# ifdef __attribute__
+#  undef __attribute__
+# endif
+# define __attribute__(a)
+#endif
+
+#ifdef SODIUM_STATIC
+# define SODIUM_EXPORT
+#else
+# if defined(_MSC_VER)
+#  ifdef DLL_EXPORT
+#   define SODIUM_EXPORT __declspec(dllexport)
+#  else
+#   define SODIUM_EXPORT __declspec(dllimport)
+#  endif
+# else
+#  if defined(__SUNPRO_C)
+#   define SODIUM_EXPORT __attribute__ __global
+#  elif defined(_MSG_VER)
+#   define SODIUM_EXPORT extern __declspec(dllexport)
+#  else
+#   define SODIUM_EXPORT __attribute__ ((visibility ("default")))
+#  endif
+# endif
+#endif
+
+#endif
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c
new file mode 100644
index 00000000..2fddc126
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c
@@ -0,0 +1,300 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+/*-
+ * Copyright 2005,2007,2009 Colin Percival
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+//#include "api.h"
+#include "crypto_hash_sha256.h"
+#include "utils.h"
+
+#include <sys/types.h>
+
+#include <limits.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* Avoid namespace collisions with BSD <sys/endian.h>. */
+#define be32dec _sha256_be32dec
+#define be32enc _sha256_be32enc
+
+static inline uint32_t
+be32dec(const void *pp)
+{
+    const uint8_t *p = (uint8_t const *)pp;
+
+    return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) +
+            ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24));
+}
+
+static inline void
+be32enc(void *pp, uint32_t x)
+{
+    uint8_t * p = (uint8_t *)pp;
+
+    p[3] = x & 0xff;
+    p[2] = (x >> 8) & 0xff;
+    p[1] = (x >> 16) & 0xff;
+    p[0] = (x >> 24) & 0xff;
+}
+
+static void
+be32enc_vect(unsigned char *dst, const uint32_t *src, size_t len)
+{
+    size_t i;
+
+    for (i = 0; i < len / 4; i++) {
+        be32enc(dst + i * 4, src[i]);
+    }
+}
+
+static void
+be32dec_vect(uint32_t *dst, const unsigned char *src, size_t len)
+{
+    size_t i;
+
+    for (i = 0; i < len / 4; i++) {
+        dst[i] = be32dec(src + i * 4);
+    }
+}
+
+#define Ch(x, y, z)     ((x & (y ^ z)) ^ z)
+#define Maj(x, y, z)    ((x & (y | z)) | (y & z))
+#define SHR(x, n)       (x >> n)
+#define ROTR(x, n)      ((x >> n) | (x << (32 - n)))
+#define S0(x)           (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
+#define S1(x)           (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
+#define s0(x)           (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
+#define s1(x)           (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
+
+#define RND(a, b, c, d, e, f, g, h, k)              \
+    t0 = h + S1(e) + Ch(e, f, g) + k;               \
+    t1 = S0(a) + Maj(a, b, c);                      \
+    d += t0;                                        \
+    h  = t0 + t1;
+
+#define RNDr(S, W, i, k)                    \
+    RND(S[(64 - i) % 8], S[(65 - i) % 8],   \
+        S[(66 - i) % 8], S[(67 - i) % 8],   \
+        S[(68 - i) % 8], S[(69 - i) % 8],   \
+        S[(70 - i) % 8], S[(71 - i) % 8],   \
+        W[i] + k)
+
+static void
+SHA256_Transform(uint32_t *state, const unsigned char block[64])
+{
+    uint32_t W[64];
+    uint32_t S[8];
+    uint32_t t0, t1;
+    int i;
+
+    be32dec_vect(W, block, 64);
+    for (i = 16; i < 64; i++) {
+        W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16];
+    }
+
+    memcpy(S, state, 32);
+
+    RNDr(S, W, 0, 0x428a2f98);
+    RNDr(S, W, 1, 0x71374491);
+    RNDr(S, W, 2, 0xb5c0fbcf);
+    RNDr(S, W, 3, 0xe9b5dba5);
+    RNDr(S, W, 4, 0x3956c25b);
+    RNDr(S, W, 5, 0x59f111f1);
+    RNDr(S, W, 6, 0x923f82a4);
+    RNDr(S, W, 7, 0xab1c5ed5);
+    RNDr(S, W, 8, 0xd807aa98);
+    RNDr(S, W, 9, 0x12835b01);
+    RNDr(S, W, 10, 0x243185be);
+    RNDr(S, W, 11, 0x550c7dc3);
+    RNDr(S, W, 12, 0x72be5d74);
+    RNDr(S, W, 13, 0x80deb1fe);
+    RNDr(S, W, 14, 0x9bdc06a7);
+    RNDr(S, W, 15, 0xc19bf174);
+    RNDr(S, W, 16, 0xe49b69c1);
+    RNDr(S, W, 17, 0xefbe4786);
+    RNDr(S, W, 18, 0x0fc19dc6);
+    RNDr(S, W, 19, 0x240ca1cc);
+    RNDr(S, W, 20, 0x2de92c6f);
+    RNDr(S, W, 21, 0x4a7484aa);
+    RNDr(S, W, 22, 0x5cb0a9dc);
+    RNDr(S, W, 23, 0x76f988da);
+    RNDr(S, W, 24, 0x983e5152);
+    RNDr(S, W, 25, 0xa831c66d);
+    RNDr(S, W, 26, 0xb00327c8);
+    RNDr(S, W, 27, 0xbf597fc7);
+    RNDr(S, W, 28, 0xc6e00bf3);
+    RNDr(S, W, 29, 0xd5a79147);
+    RNDr(S, W, 30, 0x06ca6351);
+    RNDr(S, W, 31, 0x14292967);
+    RNDr(S, W, 32, 0x27b70a85);
+    RNDr(S, W, 33, 0x2e1b2138);
+    RNDr(S, W, 34, 0x4d2c6dfc);
+    RNDr(S, W, 35, 0x53380d13);
+    RNDr(S, W, 36, 0x650a7354);
+    RNDr(S, W, 37, 0x766a0abb);
+    RNDr(S, W, 38, 0x81c2c92e);
+    RNDr(S, W, 39, 0x92722c85);
+    RNDr(S, W, 40, 0xa2bfe8a1);
+    RNDr(S, W, 41, 0xa81a664b);
+    RNDr(S, W, 42, 0xc24b8b70);
+    RNDr(S, W, 43, 0xc76c51a3);
+    RNDr(S, W, 44, 0xd192e819);
+    RNDr(S, W, 45, 0xd6990624);
+    RNDr(S, W, 46, 0xf40e3585);
+    RNDr(S, W, 47, 0x106aa070);
+    RNDr(S, W, 48, 0x19a4c116);
+    RNDr(S, W, 49, 0x1e376c08);
+    RNDr(S, W, 50, 0x2748774c);
+    RNDr(S, W, 51, 0x34b0bcb5);
+    RNDr(S, W, 52, 0x391c0cb3);
+    RNDr(S, W, 53, 0x4ed8aa4a);
+    RNDr(S, W, 54, 0x5b9cca4f);
+    RNDr(S, W, 55, 0x682e6ff3);
+    RNDr(S, W, 56, 0x748f82ee);
+    RNDr(S, W, 57, 0x78a5636f);
+    RNDr(S, W, 58, 0x84c87814);
+    RNDr(S, W, 59, 0x8cc70208);
+    RNDr(S, W, 60, 0x90befffa);
+    RNDr(S, W, 61, 0xa4506ceb);
+    RNDr(S, W, 62, 0xbef9a3f7);
+    RNDr(S, W, 63, 0xc67178f2);
+
+    for (i = 0; i < 8; i++) {
+        state[i] += S[i];
+    }
+
+    sodium_memzero((void *) W, sizeof W);
+    sodium_memzero((void *) S, sizeof S);
+    sodium_memzero((void *) &t0, sizeof t0);
+    sodium_memzero((void *) &t1, sizeof t1);
+}
+
+static unsigned char PAD[64] = {
+    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+static void
+SHA256_Pad(crypto_hash_sha256_state *state)
+{
+    unsigned char len[8];
+    uint32_t r, plen;
+
+    be32enc_vect(len, state->count, 8);
+
+    r = (state->count[1] >> 3) & 0x3f;
+    plen = (r < 56) ? (56 - r) : (120 - r);
+    crypto_hash_sha256_update(state, PAD, (unsigned long long) plen);
+
+    crypto_hash_sha256_update(state, len, 8);
+}
+
+int
+crypto_hash_sha256_init(crypto_hash_sha256_state *state)
+{
+    state->count[0] = state->count[1] = 0;
+
+    state->state[0] = 0x6A09E667;
+    state->state[1] = 0xBB67AE85;
+    state->state[2] = 0x3C6EF372;
+    state->state[3] = 0xA54FF53A;
+    state->state[4] = 0x510E527F;
+    state->state[5] = 0x9B05688C;
+    state->state[6] = 0x1F83D9AB;
+    state->state[7] = 0x5BE0CD19;
+
+    return 0;
+}
+
+int
+crypto_hash_sha256_update(crypto_hash_sha256_state *state,
+                          const unsigned char *in,
+                          unsigned long long inlen)
+{
+    uint32_t bitlen[2];
+    uint32_t r;
+
+    r = (state->count[1] >> 3) & 0x3f;
+
+    bitlen[1] = ((uint32_t)inlen) << 3;
+    bitlen[0] = (uint32_t)(inlen >> 29);
+
+    if ((state->count[1] += bitlen[1]) < bitlen[1]) {
+        state->count[0]++;
+    }
+    state->count[0] += bitlen[0];
+
+    if (inlen < 64 - r) {
+        memcpy(&state->buf[r], in, inlen);
+        return 0;
+    }
+    memcpy(&state->buf[r], in, 64 - r);
+    SHA256_Transform(state->state, state->buf);
+    in += 64 - r;
+    inlen -= 64 - r;
+
+    while (inlen >= 64) {
+        SHA256_Transform(state->state, in);
+        in += 64;
+        inlen -= 64;
+    }
+    memcpy(state->buf, in, inlen);
+
+    return 0;
+}
+
+int
+crypto_hash_sha256_final(crypto_hash_sha256_state *state,
+                         unsigned char *out)
+{
+    SHA256_Pad(state);
+    be32enc_vect(out, state->state, 32);
+    sodium_memzero((void *) state, sizeof *state);
+
+    return 0;
+}
+
+int
+crypto_hash(unsigned char *out, const unsigned char *in,
+            unsigned long long inlen)
+{
+    crypto_hash_sha256_state state;
+
+    crypto_hash_sha256_init(&state);
+    crypto_hash_sha256_update(&state, in, inlen);
+    crypto_hash_sha256_final(&state, out);
+
+    return 0;
+}
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c
new file mode 100644
index 00000000..2a268075
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c
@@ -0,0 +1,115 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+/*-
+ * Copyright 2005,2007,2009 Colin Percival
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+//#include "api.h"
+#include "crypto_auth_hmacsha256.h"
+#include "crypto_hash_sha256.h"
+#include "utils.h"
+
+#include <sys/types.h>
+
+#include <stdint.h>
+#include <string.h>
+
+int
+crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
+                            const unsigned char *key,
+                            size_t keylen)
+{
+    unsigned char pad[64];
+    unsigned char khash[32];
+    size_t        i;
+
+    if (keylen > 64) {
+        crypto_hash_sha256_init(&state->ictx);
+        crypto_hash_sha256_update(&state->ictx, key, keylen);
+        crypto_hash_sha256_final(&state->ictx, khash);
+        key = khash;
+        keylen = 32;
+    }
+    crypto_hash_sha256_init(&state->ictx);
+    memset(pad, 0x36, 64);
+    for (i = 0; i < keylen; i++) {
+        pad[i] ^= key[i];
+    }
+    crypto_hash_sha256_update(&state->ictx, pad, 64);
+
+    crypto_hash_sha256_init(&state->octx);
+    memset(pad, 0x5c, 64);
+    for (i = 0; i < keylen; i++) {
+        pad[i] ^= key[i];
+    }
+    crypto_hash_sha256_update(&state->octx, pad, 64);
+
+    sodium_memzero((void *) khash, sizeof khash);
+
+    return 0;
+}
+
+int
+crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+{
+    crypto_hash_sha256_update(&state->ictx, in, inlen);
+
+    return 0;
+}
+
+int
+crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
+                             unsigned char *out)
+{
+    unsigned char ihash[32];
+
+    crypto_hash_sha256_final(&state->ictx, ihash);
+    crypto_hash_sha256_update(&state->octx, ihash, 32);
+    crypto_hash_sha256_final(&state->octx, out);
+
+    sodium_memzero((void *) ihash, sizeof ihash);
+
+    return 0;
+}
+
+int
+crypto_auth(unsigned char *out, const unsigned char *in,
+            unsigned long long inlen, const unsigned char *k)
+{
+    crypto_auth_hmacsha256_state state;
+
+    crypto_auth_hmacsha256_init(&state, k, crypto_auth_hmacsha256_KEYBYTES);
+    crypto_auth_hmacsha256_update(&state, in, inlen);
+    crypto_auth_hmacsha256_final(&state, out);
+
+    return 0;
+}
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c
new file mode 100644
index 00000000..97d9ba68
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c
@@ -0,0 +1,309 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+/*-
+ * Copyright 2009 Colin Percival
+ * Copyright 2013 Alexander Peslyak
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * This file was originally written by Colin Percival as part of the Tarsnap
+ * online backup system.
+ */
+
+#include <errno.h>
+#include <limits.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../pbkdf2-sha256.h"
+#include "../sysendian.h"
+#include "../crypto_scrypt.h"
+
+static inline void
+blkcpy(void * dest, const void * src, size_t len)
+{
+        size_t * D = (size_t *) dest;
+        const size_t * S = (const size_t *) src;
+        size_t L = len / sizeof(size_t);
+        size_t i;
+
+        for (i = 0; i < L; i++)
+                D[i] = S[i];
+}
+
+static inline void
+blkxor(void * dest, const void * src, size_t len)
+{
+        size_t * D = (size_t *) dest;
+        const size_t * S = (const size_t *) src;
+        size_t L = len / sizeof(size_t);
+        size_t i;
+
+        for (i = 0; i < L; i++)
+                D[i] ^= S[i];
+}
+
+/**
+ * salsa20_8(B):
+ * Apply the salsa20/8 core to the provided block.
+ */
+static void
+salsa20_8(uint32_t B[16])
+{
+        uint32_t x[16];
+        size_t i;
+
+        blkcpy(x, B, 64);
+        for (i = 0; i < 8; i += 2) {
+#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
+                /* Operate on columns. */
+                x[ 4] ^= R(x[ 0]+x[12], 7);  x[ 8] ^= R(x[ 4]+x[ 0], 9);
+                x[12] ^= R(x[ 8]+x[ 4],13);  x[ 0] ^= R(x[12]+x[ 8],18);
+
+                x[ 9] ^= R(x[ 5]+x[ 1], 7);  x[13] ^= R(x[ 9]+x[ 5], 9);
+                x[ 1] ^= R(x[13]+x[ 9],13);  x[ 5] ^= R(x[ 1]+x[13],18);
+
+                x[14] ^= R(x[10]+x[ 6], 7);  x[ 2] ^= R(x[14]+x[10], 9);
+                x[ 6] ^= R(x[ 2]+x[14],13);  x[10] ^= R(x[ 6]+x[ 2],18);
+
+                x[ 3] ^= R(x[15]+x[11], 7);  x[ 7] ^= R(x[ 3]+x[15], 9);
+                x[11] ^= R(x[ 7]+x[ 3],13);  x[15] ^= R(x[11]+x[ 7],18);
+
+                /* Operate on rows. */
+                x[ 1] ^= R(x[ 0]+x[ 3], 7);  x[ 2] ^= R(x[ 1]+x[ 0], 9);
+                x[ 3] ^= R(x[ 2]+x[ 1],13);  x[ 0] ^= R(x[ 3]+x[ 2],18);
+
+                x[ 6] ^= R(x[ 5]+x[ 4], 7);  x[ 7] ^= R(x[ 6]+x[ 5], 9);
+                x[ 4] ^= R(x[ 7]+x[ 6],13);  x[ 5] ^= R(x[ 4]+x[ 7],18);
+
+                x[11] ^= R(x[10]+x[ 9], 7);  x[ 8] ^= R(x[11]+x[10], 9);
+                x[ 9] ^= R(x[ 8]+x[11],13);  x[10] ^= R(x[ 9]+x[ 8],18);
+
+                x[12] ^= R(x[15]+x[14], 7);  x[13] ^= R(x[12]+x[15], 9);
+                x[14] ^= R(x[13]+x[12],13);  x[15] ^= R(x[14]+x[13],18);
+#undef R
+        }
+        for (i = 0; i < 16; i++)
+                B[i] += x[i];
+}
+
+/**
+ * blockmix_salsa8(Bin, Bout, X, r):
+ * Compute Bout = BlockMix_{salsa20/8, r}(Bin).  The input Bin must be 128r
+ * bytes in length; the output Bout must also be the same size.  The
+ * temporary space X must be 64 bytes.
+ */
+static void
+blockmix_salsa8(const uint32_t * Bin, uint32_t * Bout, uint32_t * X, size_t r)
+{
+        size_t i;
+
+        /* 1: X <-- B_{2r - 1} */
+        blkcpy(X, &Bin[(2 * r - 1) * 16], 64);
+
+        /* 2: for i = 0 to 2r - 1 do */
+        for (i = 0; i < 2 * r; i += 2) {
+                /* 3: X <-- H(X \xor B_i) */
+                blkxor(X, &Bin[i * 16], 64);
+                salsa20_8(X);
+
+                /* 4: Y_i <-- X */
+                /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
+                blkcpy(&Bout[i * 8], X, 64);
+
+                /* 3: X <-- H(X \xor B_i) */
+                blkxor(X, &Bin[i * 16 + 16], 64);
+                salsa20_8(X);
+
+                /* 4: Y_i <-- X */
+                /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
+                blkcpy(&Bout[i * 8 + r * 16], X, 64);
+        }
+}
+
+/**
+ * integerify(B, r):
+ * Return the result of parsing B_{2r-1} as a little-endian integer.
+ */
+static inline uint64_t
+integerify(const void * B, size_t r)
+{
+        const uint32_t * X = (const uint32_t *)((uintptr_t)(B) + (2 * r - 1) * 64);
+
+        return (((uint64_t)(X[1]) << 32) + X[0]);
+}
+
+/**
+ * smix(B, r, N, V, XY):
+ * Compute B = SMix_r(B, N).  The input B must be 128r bytes in length;
+ * the temporary storage V must be 128rN bytes in length; the temporary
+ * storage XY must be 256r + 64 bytes in length.  The value N must be a
+ * power of 2 greater than 1.  The arrays B, V, and XY must be aligned to a
+ * multiple of 64 bytes.
+ */
+static void
+smix(uint8_t * B, size_t r, uint64_t N, uint32_t * V, uint32_t * XY)
+{
+        uint32_t * X = XY;
+        uint32_t * Y = &XY[32 * r];
+        uint32_t * Z = &XY[64 * r];
+        uint64_t i;
+        uint64_t j;
+        size_t k;
+
+        /* 1: X <-- B */
+        for (k = 0; k < 32 * r; k++)
+                X[k] = le32dec(&B[4 * k]);
+
+        /* 2: for i = 0 to N - 1 do */
+        for (i = 0; i < N; i += 2) {
+                /* 3: V_i <-- X */
+                blkcpy(&V[i * (32 * r)], X, 128 * r);
+
+                /* 4: X <-- H(X) */
+                blockmix_salsa8(X, Y, Z, r);
+
+                /* 3: V_i <-- X */
+                blkcpy(&V[(i + 1) * (32 * r)], Y, 128 * r);
+
+                /* 4: X <-- H(X) */
+                blockmix_salsa8(Y, X, Z, r);
+        }
+
+        /* 6: for i = 0 to N - 1 do */
+        for (i = 0; i < N; i += 2) {
+                /* 7: j <-- Integerify(X) mod N */
+                j = integerify(X, r) & (N - 1);
+
+                /* 8: X <-- H(X \xor V_j) */
+                blkxor(X, &V[j * (32 * r)], 128 * r);
+                blockmix_salsa8(X, Y, Z, r);
+
+                /* 7: j <-- Integerify(X) mod N */
+                j = integerify(Y, r) & (N - 1);
+
+                /* 8: X <-- H(X \xor V_j) */
+                blkxor(Y, &V[j * (32 * r)], 128 * r);
+                blockmix_salsa8(Y, X, Z, r);
+        }
+        /* 10: B' <-- X */
+        for (k = 0; k < 32 * r; k++)
+                le32enc(&B[4 * k], X[k]);
+}
+
+/**
+ * escrypt_kdf(local, passwd, passwdlen, salt, saltlen,
+ *     N, r, p, buf, buflen):
+ * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r,
+ * p, buflen) and write the result into buf.  The parameters r, p, and buflen
+ * must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32.  The parameter N
+ * must be a power of 2 greater than 1.
+ *
+ * Return 0 on success; or -1 on error.
+ */
+int
+escrypt_kdf_nosse(escrypt_local_t * local,
+    const uint8_t * passwd, size_t passwdlen,
+    const uint8_t * salt, size_t saltlen,
+    uint64_t N, uint32_t _r, uint32_t _p,
+    uint8_t * buf, size_t buflen)
+{
+        size_t B_size, V_size, XY_size, need;
+        uint8_t * B;
+        uint32_t * V, * XY;
+    size_t r = _r, p = _p;
+        uint32_t i;
+
+        /* Sanity-check parameters. */
+#if SIZE_MAX > UINT32_MAX
+        if (buflen > (((uint64_t)(1) << 32) - 1) * 32) {
+                errno = EFBIG;
+                return -1;
+        }
+#endif
+        if ((uint64_t)(r) * (uint64_t)(p) >= (1 << 30)) {
+                errno = EFBIG;
+                return -1;
+        }
+        if (((N & (N - 1)) != 0) || (N < 2)) {
+                errno = EINVAL;
+                return -1;
+        }
+        if (r == 0 || p == 0) {
+                errno = EINVAL;
+                return -1;
+        }
+        if ((r > SIZE_MAX / 128 / p) ||
+#if SIZE_MAX / 256 <= UINT32_MAX
+            (r > SIZE_MAX / 256) ||
+#endif
+            (N > SIZE_MAX / 128 / r)) {
+                errno = ENOMEM;
+                return -1;
+        }
+
+        /* Allocate memory. */
+        B_size = (size_t)128 * r * p;
+        V_size = (size_t)128 * r * N;
+        need = B_size + V_size;
+        if (need < V_size) {
+                errno = ENOMEM;
+                return -1;
+        }
+        XY_size = (size_t)256 * r + 64;
+        need += XY_size;
+        if (need < XY_size) {
+                errno = ENOMEM;
+                return -1;
+        }
+        if (local->size < need) {
+                if (free_region(local))
+                        return -1;
+                if (!alloc_region(local, need))
+                        return -1;
+        }
+        B = (uint8_t *)local->aligned;
+        V = (uint32_t *)((uint8_t *)B + B_size);
+        XY = (uint32_t *)((uint8_t *)V + V_size);
+
+        /* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */
+        PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, B_size);
+
+        /* 2: for i = 0 to p - 1 do */
+        for (i = 0; i < p; i++) {
+                /* 3: B_i <-- MF(B_i, N) */
+                smix(&B[(size_t)128 * i * r], r, N, V, XY);
+        }
+
+        /* 5: DK <-- PBKDF2(P, B, 1, dkLen) */
+        PBKDF2_SHA256(passwd, passwdlen, B, B_size, 1, buf, buflen);
+
+        /* Success! */
+        return 0;
+}
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/note_to_maintainers.txt b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/note_to_maintainers.txt
new file mode 100644
index 00000000..66bbfe2d
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/note_to_maintainers.txt
@@ -0,0 +1,14 @@
+This folder is only meant for use with nacl, i.e. when sodium is unavailable.
+
+
+The files in this folder were mostly copied from
+https://github.com/jedisct1/libsodium/tree/0.7.0/src/libsodium/crypto_pwhash/scryptsalsa208sha256,
+with #ifdef VANILLA_NACL added around each of them as required for this module.
+
+export.h, utils.h, and runtime.h were copied from
+https://github.com/jedisct1/libsodium/tree/0.7.0/src/libsodium/include/sodium.
+utils.h was significantly truncated.
+
+utils.c and runtime.c were copied from 
+https://github.com/jedisct1/libsodium/blob/0.7.0/src/libsodium/sodium.
+utils.c was also significantly truncated.
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c
new file mode 100644
index 00000000..01eb7dff
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c
@@ -0,0 +1,91 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+/*-
+ * Copyright 2005,2007,2009 Colin Percival
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "crypto_auth_hmacsha256.h"
+#include "pbkdf2-sha256.h"
+#include "sysendian.h"
+#include "utils.h"
+
+/**
+ * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen):
+ * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and
+ * write the output to buf.  The value dkLen must be at most 32 * (2^32 - 1).
+ */
+void
+PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
+              size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen)
+{
+        crypto_auth_hmacsha256_state PShctx, hctx;
+        size_t          i;
+        uint8_t         ivec[4];
+        uint8_t         U[32];
+        uint8_t         T[32];
+        uint64_t        j;
+        int             k;
+        size_t          clen;
+
+    crypto_auth_hmacsha256_init(&PShctx, passwd, passwdlen);
+    crypto_auth_hmacsha256_update(&PShctx, salt, saltlen);
+
+        for (i = 0; i * 32 < dkLen; i++) {
+                be32enc(ivec, (uint32_t)(i + 1));
+                memcpy(&hctx, &PShctx, sizeof(crypto_auth_hmacsha256_state));
+                crypto_auth_hmacsha256_update(&hctx, ivec, 4);
+                crypto_auth_hmacsha256_final(&hctx, U);
+
+                memcpy(T, U, 32);
+
+                for (j = 2; j <= c; j++) {
+                        crypto_auth_hmacsha256_init(&hctx, passwd, passwdlen);
+                        crypto_auth_hmacsha256_update(&hctx, U, 32);
+                        crypto_auth_hmacsha256_final(&hctx, U);
+
+                        for (k = 0; k < 32; k++) {
+                                T[k] ^= U[k];
+            }
+                }
+
+                clen = dkLen - i * 32;
+                if (clen > 32) {
+                        clen = 32;
+        }
+                memcpy(&buf[i * 32], T, clen);
+        }
+    sodium_memzero((void *) &PShctx, sizeof PShctx);
+}
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.h b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.h
new file mode 100644
index 00000000..b74bc6a3
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.h
@@ -0,0 +1,52 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+/*-
+ * Copyright 2005,2007,2009 Colin Percival
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+#ifndef _SHA256_H_
+#define _SHA256_H_
+
+#include <sys/types.h>
+
+#include <stdint.h>
+
+#include "crypto_auth_hmacsha256.h"
+
+/**
+ * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen):
+ * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and
+ * write the output to buf.  The value dkLen must be at most 32 * (2^32 - 1).
+ */
+void PBKDF2_SHA256(const uint8_t *, size_t, const uint8_t *, size_t,
+                   uint64_t, uint8_t *, size_t);
+
+#endif /* !_SHA256_H_ */
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c
new file mode 100644
index 00000000..52c51abc
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c
@@ -0,0 +1,211 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+#include <errno.h>
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+//#include <stdio.h>
+
+#include "crypto_pwhash_scryptsalsa208sha256.h"
+#include "crypto_scrypt.h"
+#include "randombytes.h"
+#include "utils.h"
+
+#define SETTING_SIZE(saltbytes) \
+    (sizeof "$7$" - 1U) + \
+    (1U /* N_log2 */) + (5U /* r */) + (5U /* p */) + BYTES2CHARS(saltbytes)
+
+static int
+pickparams(unsigned long long opslimit, const size_t memlimit,
+           uint32_t * const N_log2, uint32_t * const p, uint32_t * const r)
+{
+    unsigned long long maxN;
+    unsigned long long maxrp;
+
+    if (opslimit < 32768) {
+        opslimit = 32768;
+    }
+    *r = 8;
+    if (opslimit < memlimit / 32) {
+        *p = 1;
+        maxN = opslimit / (*r * 4);
+        for (*N_log2 = 1; *N_log2 < 63; *N_log2 += 1) {
+            if ((uint64_t)(1) << *N_log2 > maxN / 2) {
+                break;
+            }
+        }
+    } else {
+        maxN = memlimit / (*r * 128);
+        for (*N_log2 = 1; *N_log2 < 63; *N_log2 += 1) {
+            if ((uint64_t) (1) << *N_log2 > maxN / 2) {
+                break;
+            }
+        }
+        maxrp = (opslimit / 4) / ((uint64_t) (1) << *N_log2);
+        if (maxrp > 0x3fffffff) {
+            maxrp = 0x3fffffff;
+        }
+        *p = (uint32_t) (maxrp) / *r;
+    }
+    return 0;
+}
+
+size_t
+crypto_pwhash_scryptsalsa208sha256_saltbytes(void)
+{
+    return crypto_pwhash_scryptsalsa208sha256_SALTBYTES;
+}
+
+size_t
+crypto_pwhash_scryptsalsa208sha256_strbytes(void)
+{
+    return crypto_pwhash_scryptsalsa208sha256_STRBYTES;
+}
+
+const char *
+crypto_pwhash_scryptsalsa208sha256_strprefix(void)
+{
+    return crypto_pwhash_scryptsalsa208sha256_STRPREFIX;
+}
+
+size_t
+crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void)
+{
+    return crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE;
+}
+
+size_t
+crypto_pwhash_scryptsalsa208sha256_memlimit_interactive(void)
+{
+    return crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE;
+}
+
+size_t
+crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive(void)
+{
+    return crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE;
+}
+
+size_t
+crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive(void)
+{
+    return crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE;
+}
+
+int
+crypto_pwhash_scryptsalsa208sha256(unsigned char * const out,
+                                    unsigned long long outlen,
+                                    const char * const passwd,
+                                    unsigned long long passwdlen,
+                                    const unsigned char * const salt,
+                                    unsigned long long opslimit,
+                                    size_t memlimit)
+{
+    //fprintf(stderr, "Doing that dirty thang!!!!\n");
+    uint32_t N_log2;
+    uint32_t p;
+    uint32_t r;
+
+    memset(out, 0, outlen);
+    if (passwdlen > SIZE_MAX || outlen > SIZE_MAX) {
+        errno = EFBIG;
+        return -1;
+    }
+    if (pickparams(opslimit, memlimit, &N_log2, &p, &r) != 0) {
+        errno = EINVAL;
+        return -1;
+    }
+    return crypto_pwhash_scryptsalsa208sha256_ll((const uint8_t *) passwd,
+                                                 (size_t) passwdlen,
+                                                 (const uint8_t *) salt,
+                                                 crypto_pwhash_scryptsalsa208sha256_SALTBYTES,
+                                                 (uint64_t) (1) << N_log2, r, p,
+                                                 out, (size_t) outlen);
+}
+
+int
+crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
+                                        const char * const passwd,
+                                        unsigned long long passwdlen,
+                                        unsigned long long opslimit,
+                                        size_t memlimit)
+{
+    uint8_t         salt[crypto_pwhash_scryptsalsa208sha256_STRSALTBYTES];
+    char            setting[crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES + 1U];
+    escrypt_local_t escrypt_local;
+    uint32_t        N_log2;
+    uint32_t        p;
+    uint32_t        r;
+
+    memset(out, 0, crypto_pwhash_scryptsalsa208sha256_STRBYTES);
+    if (passwdlen > SIZE_MAX) {
+        errno = EFBIG;
+        return -1;
+    }
+    if (pickparams(opslimit, memlimit, &N_log2, &p, &r) != 0) {
+        errno = EINVAL;
+        return -1;
+    }
+    randombytes(salt, sizeof salt);
+    if (escrypt_gensalt_r(N_log2, r, p, salt, sizeof salt,
+                          (uint8_t *) setting, sizeof setting) == NULL) {
+        errno = EINVAL;
+        return -1;
+    }
+    if (escrypt_init_local(&escrypt_local) != 0) {
+        return -1;
+    }
+    if (escrypt_r(&escrypt_local, (const uint8_t *) passwd, (size_t) passwdlen,
+                  (const uint8_t *) setting, (uint8_t *) out,
+                  crypto_pwhash_scryptsalsa208sha256_STRBYTES) == NULL) {
+        escrypt_free_local(&escrypt_local);
+        errno = EINVAL;
+        return -1;
+    }
+    escrypt_free_local(&escrypt_local);
+
+    (void) sizeof
+        (int[SETTING_SIZE(crypto_pwhash_scryptsalsa208sha256_STRSALTBYTES)
+            == crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES ? 1 : -1]);
+    (void) sizeof
+        (int[crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES + 1U +
+             crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES_ENCODED + 1U
+             == crypto_pwhash_scryptsalsa208sha256_STRBYTES ? 1 : -1]);
+
+    return 0;
+}
+
+int
+crypto_pwhash_scryptsalsa208sha256_str_verify(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
+                                               const char * const passwd,
+                                               unsigned long long passwdlen)
+{
+    char            wanted[crypto_pwhash_scryptsalsa208sha256_STRBYTES];
+    escrypt_local_t escrypt_local;
+    int             ret = -1;
+
+    if (memchr(str, 0, crypto_pwhash_scryptsalsa208sha256_STRBYTES) !=
+        &str[crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1U]) {
+        return -1;
+    }
+    if (escrypt_init_local(&escrypt_local) != 0) {
+        return -1;
+    }
+    if (escrypt_r(&escrypt_local, (const uint8_t *) passwd, (size_t) passwdlen,
+                  (const uint8_t *) str, (uint8_t *) wanted,
+                  sizeof wanted) == NULL) {
+        escrypt_free_local(&escrypt_local);
+        return -1;
+    }
+    escrypt_free_local(&escrypt_local);
+    ret = sodium_memcmp(wanted, str, sizeof wanted);
+    sodium_memzero(wanted, sizeof wanted);
+
+    return ret;
+}
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/runtime.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/runtime.c
new file mode 100644
index 00000000..9b5c5131
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/runtime.c
@@ -0,0 +1,140 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+#ifdef HAVE_ANDROID_GETCPUFEATURES
+# include <cpu-features.h>
+#endif
+
+#include "runtime.h"
+
+typedef struct CPUFeatures_ {
+    int initialized;
+    int has_neon;
+    int has_sse2;
+    int has_sse3;
+} CPUFeatures;
+
+static CPUFeatures _cpu_features;
+
+#define CPUID_SSE2     0x04000000
+#define CPUIDECX_SSE3  0x00000001
+
+static int
+_sodium_runtime_arm_cpu_features(CPUFeatures * const cpu_features)
+{
+#ifndef __arm__
+    cpu_features->has_neon = 0;
+    return -1;
+#else
+# ifdef __APPLE__
+#  ifdef __ARM_NEON__
+    cpu_features->has_neon = 1;
+#  else
+    cpu_features->has_neon = 0;
+#  endif
+# elif defined(HAVE_ANDROID_GETCPUFEATURES) && defined(ANDROID_CPU_ARM_FEATURE_NEON)
+    cpu_features->has_neon =
+        (android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_NEON) != 0x0;
+# else
+    cpu_features->has_neon = 0;
+# endif
+    return 0;
+#endif
+}
+
+static void
+_cpuid(unsigned int cpu_info[4U], const unsigned int cpu_info_type)
+{
+#ifdef _MSC_VER
+    __cpuidex((int *) cpu_info, cpu_info_type, 0);
+#elif defined(HAVE_CPUID)
+    cpu_info[0] = cpu_info[1] = cpu_info[2] = cpu_info[3] = 0;
+# ifdef __i386__
+    __asm__ __volatile__ ("pushfl; pushfl; "
+                          "popl %0; "
+                          "movl %0, %1; xorl %2, %0; "
+                          "pushl %0; "
+                          "popfl; pushfl; popl %0; popfl" :
+                          "=&r" (cpu_info[0]), "=&r" (cpu_info[1]) :
+                          "i" (0x200000));
+    if (((cpu_info[0] ^ cpu_info[1]) & 0x200000) == 0x0) {
+        return;
+    }
+# endif
+# ifdef __i386__
+    __asm__ __volatile__ ("xchgl %%ebx, %k1; cpuid; xchgl %%ebx, %k1" :
+                          "=a" (cpu_info[0]), "=&r" (cpu_info[1]),
+                          "=c" (cpu_info[2]), "=d" (cpu_info[3]) :
+                          "0" (cpu_info_type), "2" (0U));
+# elif defined(__x86_64__)
+    __asm__ __volatile__ ("xchgq %%rbx, %q1; cpuid; xchgq %%rbx, %q1" :
+                          "=a" (cpu_info[0]), "=&r" (cpu_info[1]),
+                          "=c" (cpu_info[2]), "=d" (cpu_info[3]) :
+                          "0" (cpu_info_type), "2" (0U));
+# else
+    __asm__ __volatile__ ("cpuid" :
+                          "=a" (cpu_info[0]), "=b" (cpu_info[1]),
+                          "=c" (cpu_info[2]), "=d" (cpu_info[3]) :
+                          "0" (cpu_info_type), "2" (0U));
+# endif
+#else
+    cpu_info[0] = cpu_info[1] = cpu_info[2] = cpu_info[3] = 0;
+#endif
+}
+
+static int
+_sodium_runtime_intel_cpu_features(CPUFeatures * const cpu_features)
+{
+    unsigned int cpu_info[4];
+    unsigned int id;
+
+    _cpuid(cpu_info, 0x0);
+    if ((id = cpu_info[0]) == 0U) {
+        return -1;
+    }
+    _cpuid(cpu_info, 0x00000001);
+#ifndef HAVE_EMMINTRIN_H
+    cpu_features->has_sse2 = 0;
+#else
+    cpu_features->has_sse2 = ((cpu_info[3] & CPUID_SSE2) != 0x0);
+#endif
+
+#ifndef HAVE_PMMINTRIN_H
+    cpu_features->has_sse3 = 0;
+#else
+    cpu_features->has_sse3 = ((cpu_info[2] & CPUIDECX_SSE3) != 0x0);
+#endif
+
+    return 0;
+}
+
+int
+sodium_runtime_get_cpu_features(void)
+{
+    int ret = -1;
+
+    ret &= _sodium_runtime_arm_cpu_features(&_cpu_features);
+    ret &= _sodium_runtime_intel_cpu_features(&_cpu_features);
+    _cpu_features.initialized = 1;
+
+    return ret;
+}
+
+int
+sodium_runtime_has_neon(void) {
+    return _cpu_features.has_neon;
+}
+
+int
+sodium_runtime_has_sse2(void) {
+    return _cpu_features.has_sse2;
+}
+
+int
+sodium_runtime_has_sse3(void) {
+    return _cpu_features.has_sse3;
+}
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/runtime.h b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/runtime.h
new file mode 100644
index 00000000..874915ef
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/runtime.h
@@ -0,0 +1,33 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+#ifndef __SODIUM_RUNTIME_H__
+#define __SODIUM_RUNTIME_H__ 1
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int sodium_runtime_get_cpu_features(void);
+
+SODIUM_EXPORT
+int sodium_runtime_has_neon(void);
+
+SODIUM_EXPORT
+int sodium_runtime_has_sse2(void);
+
+SODIUM_EXPORT
+int sodium_runtime_has_sse3(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/scrypt_platform.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/scrypt_platform.c
new file mode 100644
index 00000000..58196514
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/scrypt_platform.c
@@ -0,0 +1,107 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+/*-
+ * Copyright 2013 Alexander Peslyak
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_SYS_MMAN_H
+# include <sys/mman.h>
+#endif
+#include <errno.h>
+#include <stdlib.h>
+
+#include "crypto_scrypt.h"
+#include "runtime.h"
+
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+# define MAP_ANON MAP_ANONYMOUS
+#endif
+
+void *
+alloc_region(escrypt_region_t * region, size_t size)
+{
+        uint8_t * base, * aligned;
+#ifdef MAP_ANON
+        if ((base = (uint8_t *) mmap(NULL, size, PROT_READ | PROT_WRITE,
+#ifdef MAP_NOCORE
+            MAP_ANON | MAP_PRIVATE | MAP_NOCORE,
+#else
+            MAP_ANON | MAP_PRIVATE,
+#endif
+            -1, 0)) == MAP_FAILED)
+                base = NULL;
+        aligned = base;
+#elif defined(HAVE_POSIX_MEMALIGN)
+        if ((errno = posix_memalign((void **) &base, 64, size)) != 0)
+                base = NULL;
+        aligned = base;
+#else
+        base = aligned = NULL;
+        if (size + 63 < size)
+                errno = ENOMEM;
+        else if ((base = (uint8_t *) malloc(size + 63)) != NULL) {
+                aligned = base + 63;
+                aligned -= (uintptr_t)aligned & 63;
+        }
+#endif
+        region->base = base;
+        region->aligned = aligned;
+        region->size = base ? size : 0;
+        return aligned;
+}
+
+static inline void
+init_region(escrypt_region_t * region)
+{
+        region->base = region->aligned = NULL;
+        region->size = 0;
+}
+
+int
+free_region(escrypt_region_t * region)
+{
+        if (region->base) {
+#ifdef MAP_ANON
+                if (munmap(region->base, region->size))
+                        return -1;
+#else
+                free(region->base);
+#endif
+        }
+        init_region(region);
+        return 0;
+}
+
+int
+escrypt_init_local(escrypt_local_t * local)
+{
+        init_region(local);
+        return 0;
+}
+
+int
+escrypt_free_local(escrypt_local_t * local)
+{
+        return free_region(local);
+}
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c
new file mode 100644
index 00000000..856a655e
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c
@@ -0,0 +1,398 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+/*-
+ * Copyright 2009 Colin Percival
+ * Copyright 2012,2013 Alexander Peslyak
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * This file was originally written by Colin Percival as part of the Tarsnap
+ * online backup system.
+ */
+
+#if defined(HAVE_EMMINTRIN_H) || defined(_MSC_VER)
+#if __GNUC__
+# pragma GCC target("sse2")
+#endif
+#include <emmintrin.h>
+#if defined(__XOP__) && defined(DISABLED)
+# include <x86intrin.h>
+#endif
+
+#include <errno.h>
+#include <limits.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../pbkdf2-sha256.h"
+#include "../sysendian.h"
+#include "../crypto_scrypt.h"
+
+#if defined(__XOP__) && defined(DISABLED)
+#define ARX(out, in1, in2, s) \
+        out = _mm_xor_si128(out, _mm_roti_epi32(_mm_add_epi32(in1, in2), s));
+#else
+#define ARX(out, in1, in2, s) \
+        { \
+                __m128i T = _mm_add_epi32(in1, in2); \
+                out = _mm_xor_si128(out, _mm_slli_epi32(T, s)); \
+                out = _mm_xor_si128(out, _mm_srli_epi32(T, 32-s)); \
+        }
+#endif
+
+#define SALSA20_2ROUNDS \
+        /* Operate on "columns". */ \
+        ARX(X1, X0, X3, 7) \
+        ARX(X2, X1, X0, 9) \
+        ARX(X3, X2, X1, 13) \
+        ARX(X0, X3, X2, 18) \
+\
+        /* Rearrange data. */ \
+        X1 = _mm_shuffle_epi32(X1, 0x93); \
+        X2 = _mm_shuffle_epi32(X2, 0x4E); \
+        X3 = _mm_shuffle_epi32(X3, 0x39); \
+\
+        /* Operate on "rows". */ \
+        ARX(X3, X0, X1, 7) \
+        ARX(X2, X3, X0, 9) \
+        ARX(X1, X2, X3, 13) \
+        ARX(X0, X1, X2, 18) \
+\
+        /* Rearrange data. */ \
+        X1 = _mm_shuffle_epi32(X1, 0x39); \
+        X2 = _mm_shuffle_epi32(X2, 0x4E); \
+        X3 = _mm_shuffle_epi32(X3, 0x93);
+
+/**
+ * Apply the salsa20/8 core to the block provided in (X0 ... X3) ^ (Z0 ... Z3).
+ */
+#define SALSA20_8_XOR(in, out) \
+        { \
+                __m128i Y0 = X0 = _mm_xor_si128(X0, (in)[0]); \
+                __m128i Y1 = X1 = _mm_xor_si128(X1, (in)[1]); \
+                __m128i Y2 = X2 = _mm_xor_si128(X2, (in)[2]); \
+                __m128i Y3 = X3 = _mm_xor_si128(X3, (in)[3]); \
+                SALSA20_2ROUNDS \
+                SALSA20_2ROUNDS \
+                SALSA20_2ROUNDS \
+                SALSA20_2ROUNDS \
+                (out)[0] = X0 = _mm_add_epi32(X0, Y0); \
+                (out)[1] = X1 = _mm_add_epi32(X1, Y1); \
+                (out)[2] = X2 = _mm_add_epi32(X2, Y2); \
+                (out)[3] = X3 = _mm_add_epi32(X3, Y3); \
+        }
+
+/**
+ * blockmix_salsa8(Bin, Bout, r):
+ * Compute Bout = BlockMix_{salsa20/8, r}(Bin).  The input Bin must be 128r
+ * bytes in length; the output Bout must also be the same size.
+ */
+static inline void
+blockmix_salsa8(const __m128i * Bin, __m128i * Bout, size_t r)
+{
+        __m128i X0, X1, X2, X3;
+        size_t i;
+
+        /* 1: X <-- B_{2r - 1} */
+        X0 = Bin[8 * r - 4];
+        X1 = Bin[8 * r - 3];
+        X2 = Bin[8 * r - 2];
+        X3 = Bin[8 * r - 1];
+
+        /* 3: X <-- H(X \xor B_i) */
+        /* 4: Y_i <-- X */
+        /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
+        SALSA20_8_XOR(Bin, Bout)
+
+        /* 2: for i = 0 to 2r - 1 do */
+        r--;
+        for (i = 0; i < r;) {
+                /* 3: X <-- H(X \xor B_i) */
+                /* 4: Y_i <-- X */
+                /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
+                SALSA20_8_XOR(&Bin[i * 8 + 4], &Bout[(r + i) * 4 + 4])
+
+                i++;
+
+                /* 3: X <-- H(X \xor B_i) */
+                /* 4: Y_i <-- X */
+                /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
+                SALSA20_8_XOR(&Bin[i * 8], &Bout[i * 4])
+        }
+
+        /* 3: X <-- H(X \xor B_i) */
+        /* 4: Y_i <-- X */
+        /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
+        SALSA20_8_XOR(&Bin[i * 8 + 4], &Bout[(r + i) * 4 + 4])
+}
+
+#define XOR4(in) \
+        X0 = _mm_xor_si128(X0, (in)[0]); \
+        X1 = _mm_xor_si128(X1, (in)[1]); \
+        X2 = _mm_xor_si128(X2, (in)[2]); \
+        X3 = _mm_xor_si128(X3, (in)[3]);
+
+#define XOR4_2(in1, in2) \
+        X0 = _mm_xor_si128((in1)[0], (in2)[0]); \
+        X1 = _mm_xor_si128((in1)[1], (in2)[1]); \
+        X2 = _mm_xor_si128((in1)[2], (in2)[2]); \
+        X3 = _mm_xor_si128((in1)[3], (in2)[3]);
+
+static inline uint32_t
+blockmix_salsa8_xor(const __m128i * Bin1, const __m128i * Bin2, __m128i * Bout,
+    size_t r)
+{
+        __m128i X0, X1, X2, X3;
+        size_t i;
+
+        /* 1: X <-- B_{2r - 1} */
+        XOR4_2(&Bin1[8 * r - 4], &Bin2[8 * r - 4])
+
+        /* 3: X <-- H(X \xor B_i) */
+        /* 4: Y_i <-- X */
+        /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
+        XOR4(Bin1)
+        SALSA20_8_XOR(Bin2, Bout)
+
+        /* 2: for i = 0 to 2r - 1 do */
+        r--;
+        for (i = 0; i < r;) {
+                /* 3: X <-- H(X \xor B_i) */
+                /* 4: Y_i <-- X */
+                /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
+                XOR4(&Bin1[i * 8 + 4])
+                SALSA20_8_XOR(&Bin2[i * 8 + 4], &Bout[(r + i) * 4 + 4])
+
+                i++;
+
+                /* 3: X <-- H(X \xor B_i) */
+                /* 4: Y_i <-- X */
+                /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
+                XOR4(&Bin1[i * 8])
+                SALSA20_8_XOR(&Bin2[i * 8], &Bout[i * 4])
+        }
+
+        /* 3: X <-- H(X \xor B_i) */
+        /* 4: Y_i <-- X */
+        /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
+        XOR4(&Bin1[i * 8 + 4])
+        SALSA20_8_XOR(&Bin2[i * 8 + 4], &Bout[(r + i) * 4 + 4])
+
+        return _mm_cvtsi128_si32(X0);
+}
+
+#undef ARX
+#undef SALSA20_2ROUNDS
+#undef SALSA20_8_XOR
+#undef XOR4
+#undef XOR4_2
+
+/**
+ * integerify(B, r):
+ * Return the result of parsing B_{2r-1} as a little-endian integer.
+ */
+static inline uint32_t
+integerify(const void * B, size_t r)
+{
+        return *(const uint32_t *)((uintptr_t)(B) + (2 * r - 1) * 64);
+}
+
+/**
+ * smix(B, r, N, V, XY):
+ * Compute B = SMix_r(B, N).  The input B must be 128r bytes in length;
+ * the temporary storage V must be 128rN bytes in length; the temporary
+ * storage XY must be 256r + 64 bytes in length.  The value N must be a
+ * power of 2 greater than 1.  The arrays B, V, and XY must be aligned to a
+ * multiple of 64 bytes.
+ */
+static void
+smix(uint8_t * B, size_t r, uint32_t N, void * V, void * XY)
+{
+        size_t s = 128 * r;
+        __m128i * X = (__m128i *) V, * Y;
+        uint32_t * X32 = (uint32_t *) V;
+        uint32_t i, j;
+        size_t k;
+
+        /* 1: X <-- B */
+        /* 3: V_i <-- X */
+        for (k = 0; k < 2 * r; k++) {
+                for (i = 0; i < 16; i++) {
+                        X32[k * 16 + i] =
+                            le32dec(&B[(k * 16 + (i * 5 % 16)) * 4]);
+                }
+        }
+
+        /* 2: for i = 0 to N - 1 do */
+        for (i = 1; i < N - 1; i += 2) {
+                /* 4: X <-- H(X) */
+                /* 3: V_i <-- X */
+                Y = (__m128i *)((uintptr_t)(V) + i * s);
+                blockmix_salsa8(X, Y, r);
+
+                /* 4: X <-- H(X) */
+                /* 3: V_i <-- X */
+                X = (__m128i *)((uintptr_t)(V) + (i + 1) * s);
+                blockmix_salsa8(Y, X, r);
+        }
+
+        /* 4: X <-- H(X) */
+        /* 3: V_i <-- X */
+        Y = (__m128i *)((uintptr_t)(V) + i * s);
+        blockmix_salsa8(X, Y, r);
+
+        /* 4: X <-- H(X) */
+        /* 3: V_i <-- X */
+        X = (__m128i *) XY;
+        blockmix_salsa8(Y, X, r);
+
+        X32 = (uint32_t *) XY;
+        Y = (__m128i *)((uintptr_t)(XY) + s);
+
+        /* 7: j <-- Integerify(X) mod N */
+        j = integerify(X, r) & (N - 1);
+
+        /* 6: for i = 0 to N - 1 do */
+        for (i = 0; i < N; i += 2) {
+                __m128i * V_j = (__m128i *)((uintptr_t)(V) + j * s);
+
+                /* 8: X <-- H(X \xor V_j) */
+                /* 7: j <-- Integerify(X) mod N */
+                j = blockmix_salsa8_xor(X, V_j, Y, r) & (N - 1);
+                V_j = (__m128i *)((uintptr_t)(V) + j * s);
+
+                /* 8: X <-- H(X \xor V_j) */
+                /* 7: j <-- Integerify(X) mod N */
+                j = blockmix_salsa8_xor(Y, V_j, X, r) & (N - 1);
+        }
+
+        /* 10: B' <-- X */
+        for (k = 0; k < 2 * r; k++) {
+                for (i = 0; i < 16; i++) {
+                        le32enc(&B[(k * 16 + (i * 5 % 16)) * 4],
+                            X32[k * 16 + i]);
+                }
+        }
+}
+
+/**
+ * escrypt_kdf(local, passwd, passwdlen, salt, saltlen,
+ *     N, r, p, buf, buflen):
+ * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r,
+ * p, buflen) and write the result into buf.  The parameters r, p, and buflen
+ * must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32.  The parameter N
+ * must be a power of 2 greater than 1.
+ *
+ * Return 0 on success; or -1 on error.
+ */
+int
+escrypt_kdf_sse(escrypt_local_t * local,
+    const uint8_t * passwd, size_t passwdlen,
+    const uint8_t * salt, size_t saltlen,
+    uint64_t N, uint32_t _r, uint32_t _p,
+    uint8_t * buf, size_t buflen)
+{
+        size_t B_size, V_size, XY_size, need;
+        uint8_t * B;
+        uint32_t * V, * XY;
+    size_t r = _r, p = _p;
+        uint32_t i;
+
+        /* Sanity-check parameters. */
+#if SIZE_MAX > UINT32_MAX
+        if (buflen > (((uint64_t)(1) << 32) - 1) * 32) {
+                errno = EFBIG;
+                return -1;
+        }
+#endif
+        if ((uint64_t)(r) * (uint64_t)(p) >= (1 << 30)) {
+                errno = EFBIG;
+                return -1;
+        }
+        if (N > UINT32_MAX) {
+                errno = EFBIG;
+                return -1;
+        }
+        if (((N & (N - 1)) != 0) || (N < 2)) {
+                errno = EINVAL;
+                return -1;
+        }
+        if (r == 0 || p == 0) {
+                errno = EINVAL;
+                return -1;
+        }
+        if ((r > SIZE_MAX / 128 / p) ||
+#if SIZE_MAX / 256 <= UINT32_MAX
+            (r > SIZE_MAX / 256) ||
+#endif
+            (N > SIZE_MAX / 128 / r)) {
+                errno = ENOMEM;
+                return -1;
+        }
+
+        /* Allocate memory. */
+        B_size = (size_t)128 * r * p;
+        V_size = (size_t)128 * r * N;
+        need = B_size + V_size;
+        if (need < V_size) {
+                errno = ENOMEM;
+                return -1;
+        }
+        XY_size = (size_t)256 * r + 64;
+        need += XY_size;
+        if (need < XY_size) {
+                errno = ENOMEM;
+                return -1;
+        }
+        if (local->size < need) {
+                if (free_region(local))
+                        return -1;
+                if (!alloc_region(local, need))
+                        return -1;
+        }
+        B = (uint8_t *)local->aligned;
+        V = (uint32_t *)((uint8_t *)B + B_size);
+        XY = (uint32_t *)((uint8_t *)V + V_size);
+
+        /* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */
+        PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, B_size);
+
+        /* 2: for i = 0 to p - 1 do */
+        for (i = 0; i < p; i++) {
+                /* 3: B_i <-- MF(B_i, N) */
+                smix(&B[(size_t)128 * i * r], r, N, V, XY);
+        }
+
+        /* 5: DK <-- PBKDF2(P, B, 1, dkLen) */
+        PBKDF2_SHA256(passwd, passwdlen, B, B_size, 1, buf, buflen);
+
+        /* Success! */
+        return 0;
+}
+#endif
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/sysendian.h b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/sysendian.h
new file mode 100644
index 00000000..04e5c1ed
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/sysendian.h
@@ -0,0 +1,153 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+#ifndef _SYSENDIAN_H_
+#define _SYSENDIAN_H_
+
+#include <stdint.h>
+
+/* Avoid namespace collisions with BSD <sys/endian.h>. */
+#define be16dec scrypt_be16dec
+#define be16enc scrypt_be16enc
+#define be32dec scrypt_be32dec
+#define be32enc scrypt_be32enc
+#define be64dec scrypt_be64dec
+#define be64enc scrypt_be64enc
+#define le16dec scrypt_le16dec
+#define le16enc scrypt_le16enc
+#define le32dec scrypt_le32dec
+#define le32enc scrypt_le32enc
+#define le64dec scrypt_le64dec
+#define le64enc scrypt_le64enc
+
+static inline uint16_t
+be16dec(const void *pp)
+{
+        const uint8_t *p = (uint8_t const *)pp;
+
+        return ((uint16_t)(p[1]) + ((uint16_t)(p[0]) << 8));
+}
+
+static inline void
+be16enc(void *pp, uint16_t x)
+{
+        uint8_t * p = (uint8_t *)pp;
+
+        p[1] = x & 0xff;
+        p[0] = (x >> 8) & 0xff;
+}
+
+static inline uint32_t
+be32dec(const void *pp)
+{
+        const uint8_t *p = (uint8_t const *)pp;
+
+        return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) +
+            ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24));
+}
+
+static inline void
+be32enc(void *pp, uint32_t x)
+{
+        uint8_t * p = (uint8_t *)pp;
+
+        p[3] = x & 0xff;
+        p[2] = (x >> 8) & 0xff;
+        p[1] = (x >> 16) & 0xff;
+        p[0] = (x >> 24) & 0xff;
+}
+
+static inline uint64_t
+be64dec(const void *pp)
+{
+        const uint8_t *p = (uint8_t const *)pp;
+
+        return ((uint64_t)(p[7]) + ((uint64_t)(p[6]) << 8) +
+            ((uint64_t)(p[5]) << 16) + ((uint64_t)(p[4]) << 24) +
+            ((uint64_t)(p[3]) << 32) + ((uint64_t)(p[2]) << 40) +
+            ((uint64_t)(p[1]) << 48) + ((uint64_t)(p[0]) << 56));
+}
+
+static inline void
+be64enc(void *pp, uint64_t x)
+{
+        uint8_t * p = (uint8_t *)pp;
+
+        p[7] = x & 0xff;
+        p[6] = (x >> 8) & 0xff;
+        p[5] = (x >> 16) & 0xff;
+        p[4] = (x >> 24) & 0xff;
+        p[3] = (x >> 32) & 0xff;
+        p[2] = (x >> 40) & 0xff;
+        p[1] = (x >> 48) & 0xff;
+        p[0] = (x >> 56) & 0xff;
+}
+
+static inline uint16_t
+le16dec(const void *pp)
+{
+        const uint8_t *p = (uint8_t const *)pp;
+
+        return ((uint16_t)(p[0]) + ((uint16_t)(p[1]) << 8));
+}
+
+static inline void
+le16enc(void *pp, uint16_t x)
+{
+        uint8_t * p = (uint8_t *)pp;
+
+        p[0] = x & 0xff;
+        p[1] = (x >> 8) & 0xff;
+}
+
+static inline uint32_t
+le32dec(const void *pp)
+{
+        const uint8_t *p = (uint8_t const *)pp;
+
+        return ((uint32_t)(p[0]) + ((uint32_t)(p[1]) << 8) +
+            ((uint32_t)(p[2]) << 16) + ((uint32_t)(p[3]) << 24));
+}
+
+static inline void
+le32enc(void *pp, uint32_t x)
+{
+        uint8_t * p = (uint8_t *)pp;
+
+        p[0] = x & 0xff;
+        p[1] = (x >> 8) & 0xff;
+        p[2] = (x >> 16) & 0xff;
+        p[3] = (x >> 24) & 0xff;
+}
+
+static inline uint64_t
+le64dec(const void *pp)
+{
+        const uint8_t *p = (uint8_t const *)pp;
+
+        return ((uint64_t)(p[0]) + ((uint64_t)(p[1]) << 8) +
+            ((uint64_t)(p[2]) << 16) + ((uint64_t)(p[3]) << 24) +
+            ((uint64_t)(p[4]) << 32) + ((uint64_t)(p[5]) << 40) +
+            ((uint64_t)(p[6]) << 48) + ((uint64_t)(p[7]) << 56));
+}
+
+static inline void
+le64enc(void *pp, uint64_t x)
+{
+        uint8_t * p = (uint8_t *)pp;
+
+        p[0] = x & 0xff;
+        p[1] = (x >> 8) & 0xff;
+        p[2] = (x >> 16) & 0xff;
+        p[3] = (x >> 24) & 0xff;
+        p[4] = (x >> 32) & 0xff;
+        p[5] = (x >> 40) & 0xff;
+        p[6] = (x >> 48) & 0xff;
+        p[7] = (x >> 56) & 0xff;
+}
+
+#endif /* !_SYSENDIAN_H_ */
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/utils.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/utils.c
new file mode 100644
index 00000000..e61ccf3e
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/utils.c
@@ -0,0 +1,78 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+#ifndef __STDC_WANT_LIB_EXT1__
+# define __STDC_WANT_LIB_EXT1__ 1
+#endif
+#include <assert.h>
+#include <errno.h>
+#include <limits.h>
+#include <signal.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef HAVE_SYS_MMAN_H
+# include <sys/mman.h>
+#endif
+
+#include "utils.h"
+
+#ifdef _WIN32
+# include <windows.h>
+# include <wincrypt.h>
+#else
+# include <unistd.h>
+#endif
+
+#ifdef HAVE_WEAK_SYMBOLS
+__attribute__((weak)) void
+__sodium_dummy_symbol_to_prevent_lto(void * const pnt, const size_t len)
+{
+    (void) pnt;
+    (void) len;
+}
+#endif
+
+void
+sodium_memzero(void * const pnt, const size_t len)
+{
+#ifdef _WIN32
+    SecureZeroMemory(pnt, len);
+#elif defined(HAVE_MEMSET_S)
+    if (memset_s(pnt, (rsize_t) len, 0, (rsize_t) len) != 0) {
+        abort();
+    }
+#elif defined(HAVE_EXPLICIT_BZERO)
+    explicit_bzero(pnt, len);
+#elif HAVE_WEAK_SYMBOLS
+    memset(pnt, 0, len);
+    __sodium_dummy_symbol_to_prevent_lto(pnt, len);
+#else
+    volatile unsigned char *pnt_ = (volatile unsigned char *) pnt;
+    size_t                     i = (size_t) 0U;
+
+    while (i < len) {
+        pnt_[i++] = 0U;
+    }
+#endif
+}
+
+int
+sodium_memcmp(const void * const b1_, const void * const b2_, size_t len)
+{
+    const unsigned char *b1 = (const unsigned char *) b1_;
+    const unsigned char *b2 = (const unsigned char *) b2_;
+    size_t               i;
+    unsigned char        d = (unsigned char) 0U;
+
+    for (i = 0U; i < len; i++) {
+        d |= b1[i] ^ b2[i];
+    }
+    return (int) ((1 & ((d - 1) >> 8)) - 1);
+}
+
+#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/utils.h b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/utils.h
new file mode 100644
index 00000000..fb2020c3
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/utils.h
@@ -0,0 +1,40 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+
+#ifndef __SODIUM_UTILS_H__
+#define __SODIUM_UTILS_H__
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(__cplusplus) || !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
+# define _SODIUM_C99(X)
+#else
+# define _SODIUM_C99(X) X
+#endif
+
+SODIUM_EXPORT
+void sodium_memzero(void * const pnt, const size_t len);
+
+/* WARNING: sodium_memcmp() must be used to verify if two secret keys
+ * are equal, in constant time.
+ * It returns 0 if the keys are equal, and -1 if they differ.
+ * This function is not designed for lexicographical comparisons.
+ */
+SODIUM_EXPORT
+int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+#endif
diff --git a/toxencryptsave/toxencryptsave.c b/toxencryptsave/toxencryptsave.c
new file mode 100644
index 00000000..89c47a03
--- /dev/null
+++ b/toxencryptsave/toxencryptsave.c
@@ -0,0 +1,174 @@
+/* toxencryptsave.c
+ *
+ * The Tox encrypted save functions.
+ *
+ *  Copyright (C) 2013 Tox project All Rights Reserved.
+ *
+ *  This file is part of Tox.
+ *
+ *  Tox is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Tox is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with Tox.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "toxencryptsave.h"
+#include "../toxcore/crypto_core.h"
+
+#ifdef VANILLA_NACL
+#include "crypto_pwhash_scryptsalsa208sha256/crypto_pwhash_scryptsalsa208sha256.h"
+#include "crypto_pwhash_scryptsalsa208sha256/utils.h" /* sodium_memzero */
+#endif
+
+/* This "module" provides functions analogous to tox_load and tox_save in toxcore
+ * Clients should consider alerting their users that, unlike plain data, if even one bit
+ * becomes corrupted, the data will be entirely unrecoverable.
+ * Ditto if they forget their password, there is no way to recover the data.
+ */
+
+/*  return size of the messenger data (for encrypted saving). */
+uint32_t tox_encrypted_size(const Tox *tox)
+{
+    return tox_size(tox) + crypto_box_MACBYTES + crypto_box_NONCEBYTES
+           + crypto_pwhash_scryptsalsa208sha256_SALTBYTES + TOX_ENC_SAVE_MAGIC_LENGTH;
+}
+
+/* Save the messenger data encrypted with the given password.
+ * data must be at least tox_encrypted_size().
+ *
+ * returns 0 on success
+ * returns -1 on failure
+ */
+int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint32_t pplength)
+{
+    if (pplength == 0)
+        return -1;
+
+    /* First derive a key from the password */
+    /* http://doc.libsodium.org/key_derivation/README.html */
+    /* note that, according to the documentation, a generic pwhash interface will be created
+     * once the pwhash competition (https://password-hashing.net/) is over */
+    uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES];
+    uint8_t key[crypto_box_KEYBYTES];
+    randombytes(salt, sizeof salt);
+
+    if (crypto_pwhash_scryptsalsa208sha256(
+                key, sizeof(key), passphrase, pplength, salt,
+                crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE * 2, /* slightly stronger */
+                crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) != 0) {
+        /* out of memory most likely */
+        return -1;
+    }
+
+    /* calling sodium_memzero segfaults, but printing passphrase works, so... libsodium bug?
+     * ...eh, it's not segfaulting anywhere else, so I'll assume pebkac...
+    sodium_memzero(passphrase, pplength); /* wipe plaintext pw */
+
+    /* next get plain save data */
+    uint32_t temp_size = tox_size(tox);
+    uint8_t temp_data[temp_size];
+    tox_save(tox, temp_data);
+
+    /* the output data consists of, in order:
+     * magic number, salt, nonce, mac, enc_data
+     * where the mac is automatically prepended by the encrypt()
+     * the magic+salt+nonce is called the prefix
+     * I'm not sure what else I'm supposed to do with the salt and nonce, since we
+     * need them to decrypt the data
+     */
+
+    /* first add the prefix */
+    uint8_t nonce[crypto_box_NONCEBYTES];
+    random_nonce(nonce);
+
+    memcpy(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH);
+    data += TOX_ENC_SAVE_MAGIC_LENGTH;
+    memcpy(data, salt, crypto_pwhash_scryptsalsa208sha256_SALTBYTES);
+    data += crypto_pwhash_scryptsalsa208sha256_SALTBYTES;
+    memcpy(data, nonce, crypto_box_NONCEBYTES);
+    data += crypto_box_NONCEBYTES;
+
+    /* now encrypt */
+    if (encrypt_data_symmetric(key, nonce, temp_data, temp_size, data)
+            != temp_size + crypto_box_MACBYTES) {
+        return -1;
+    }
+
+    return 0;
+}
+
+/* Load the messenger from encrypted data of size length.
+ *
+ * returns 0 on success
+ * returns -1 on failure
+ */
+int tox_encrypted_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t *passphrase, uint32_t pplength)
+{
+    if (length <= crypto_box_MACBYTES + crypto_box_NONCEBYTES + crypto_pwhash_scryptsalsa208sha256_SALTBYTES +
+            TOX_ENC_SAVE_MAGIC_LENGTH)
+        return -1;
+
+    if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) != 0)
+        return -1;
+
+    data += TOX_ENC_SAVE_MAGIC_LENGTH;
+
+    uint32_t decrypt_length = length - crypto_box_MACBYTES - crypto_box_NONCEBYTES
+                              - crypto_pwhash_scryptsalsa208sha256_SALTBYTES - TOX_ENC_SAVE_MAGIC_LENGTH;
+    uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES];
+    uint8_t nonce[crypto_box_NONCEBYTES];
+
+    memcpy(salt, data, crypto_pwhash_scryptsalsa208sha256_SALTBYTES);
+    data += crypto_pwhash_scryptsalsa208sha256_SALTBYTES;
+    memcpy(nonce, data, crypto_box_NONCEBYTES);
+    data += crypto_box_NONCEBYTES;
+
+    /* derive the key */
+    uint8_t key[crypto_box_KEYBYTES];
+
+    if (crypto_pwhash_scryptsalsa208sha256(
+                key, sizeof(key), passphrase, pplength, salt,
+                crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE * 2, /* slightly stronger */
+                crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) != 0) {
+        /* out of memory most likely */
+        return -1;
+    }
+
+    /* sodium_memzero(passphrase, pplength); /* wipe plaintext pw */
+
+    /* decrypt the data */
+    uint8_t temp_data[decrypt_length];
+
+    if (decrypt_data_symmetric(key, nonce, data, decrypt_length + crypto_box_MACBYTES, temp_data)
+            != decrypt_length) {
+        return -1;
+    }
+
+    return tox_load(tox, temp_data, decrypt_length);
+}
+
+/* Determines whether or not the given data is encrypted (by checking the magic number)
+ *
+ * returns 1 if it is encrypted
+ * returns 0 otherwise
+ */
+int tox_is_data_encrypted(const uint8_t *data)
+{
+    if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) == 0)
+        return 1;
+    else
+        return 0;
+}
diff --git a/toxencryptsave/toxencryptsave.h b/toxencryptsave/toxencryptsave.h
new file mode 100644
index 00000000..64617b27
--- /dev/null
+++ b/toxencryptsave/toxencryptsave.h
@@ -0,0 +1,68 @@
+/* toxencryptsave.h
+ *
+ * The Tox encrypted save functions.
+ *
+ *  Copyright (C) 2013 Tox project All Rights Reserved.
+ *
+ *  This file is part of Tox.
+ *
+ *  Tox is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Tox is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with Tox.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef TOXENCRYPTSAVE_H
+#define TOXENCRYPTSAVE_H
+
+#include "../toxcore/tox.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* This "module" provides functions analogous to tox_load and tox_save in toxcore
+ * Clients should consider alerting their users that, unlike plain data, if even one bit
+ * becomes corrupted, the data will be entirely unrecoverable.
+ * Ditto if they forget their password, there is no way to recover the data.
+ */
+
+/*  return size of the messenger data (for encrypted saving). */
+uint32_t tox_encrypted_size(const Tox *tox);
+
+/* Save the messenger data encrypted with the given password.
+ * data must be at least tox_encrypted_size().
+ *
+ * returns 0 on success
+ * returns -1 on failure
+ */
+int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint32_t pplength);
+
+/* Load the messenger from encrypted data of size length.
+ *
+ * returns 0 on success
+ * returns -1 on failure
+ */
+int tox_encrypted_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t *passphrase, uint32_t pplength);
+
+/* Determines whether or not the given data is encrypted (by checking the magic number)
+ *
+ * returns 1 if it is encrypted
+ * returns 0 otherwise
+ */
+int tox_is_data_encrypted(const uint8_t *data);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif