106 files changed, 2257 insertions, 0 deletions

diff --git a/nacl/tests/auth.c b/nacl/tests/auth.c
new file mode 100644
index 00000000..5086624e
--- /dev/null
+++ b/nacl/tests/auth.c
@@ -0,0 +1,19 @@
+#include <stdio.h>
+#include "crypto_auth_hmacsha512256.h"
+
+/* "Test Case 2" from RFC 4231 */
+unsigned char key[32] = "Jefe";
+unsigned char c[28] = "what do ya want for nothing?";
+
+unsigned char a[32];
+
+main()
+{
+  int i;
+  crypto_auth_hmacsha512256(a,c,sizeof c,key);
+  for (i = 0;i < 32;++i) {
+    printf(",0x%02x",(unsigned int) a[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/auth.out b/nacl/tests/auth.out
new file mode 100644
index 00000000..35e5909d
--- /dev/null
+++ b/nacl/tests/auth.out
@@ -0,0 +1,4 @@
+,0x16,0x4b,0x7a,0x7b,0xfc,0xf8,0x19,0xe2
+,0xe3,0x95,0xfb,0xe7,0x3b,0x56,0xe0,0xa3
+,0x87,0xbd,0x64,0x22,0x2e,0x83,0x1f,0xd6
+,0x10,0x27,0x0c,0xd7,0xea,0x25,0x05,0x54
diff --git a/nacl/tests/auth2.c b/nacl/tests/auth2.c
new file mode 100644
index 00000000..ba191de4
--- /dev/null
+++ b/nacl/tests/auth2.c
@@ -0,0 +1,34 @@
+/* "Test Case AUTH256-4" from RFC 4868 */
+
+#include <stdio.h>
+#include "crypto_auth_hmacsha256.h"
+
+unsigned char key[32] = {
+ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
+,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10
+,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18
+,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20
+} ;
+
+unsigned char c[50] = {
+ 0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd
+} ;
+
+unsigned char a[32];
+
+main()
+{
+  int i;
+  crypto_auth_hmacsha256(a,c,sizeof c,key);
+  for (i = 0;i < 32;++i) {
+    printf(",0x%02x",(unsigned int) a[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/auth2.out b/nacl/tests/auth2.out
new file mode 100644
index 00000000..955951a2
--- /dev/null
+++ b/nacl/tests/auth2.out
@@ -0,0 +1,4 @@
+,0x37,0x2e,0xfc,0xf9,0xb4,0x0b,0x35,0xc2
+,0x11,0x5b,0x13,0x46,0x90,0x3d,0x2e,0xf4
+,0x2f,0xce,0xd4,0x6f,0x08,0x46,0xe7,0x25
+,0x7b,0xb1,0x56,0xd3,0xd7,0xb3,0x0d,0x3f
diff --git a/nacl/tests/auth3.c b/nacl/tests/auth3.c
new file mode 100644
index 00000000..b713b388
--- /dev/null
+++ b/nacl/tests/auth3.c
@@ -0,0 +1,34 @@
+/* "Test Case AUTH256-4" from RFC 4868 */
+
+#include <stdio.h>
+#include "crypto_auth_hmacsha256.h"
+
+unsigned char key[32] = {
+ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
+,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10
+,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18
+,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20
+} ;
+
+unsigned char c[50] = {
+ 0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd
+} ;
+
+unsigned char a[32] = {
+ 0x37,0x2e,0xfc,0xf9,0xb4,0x0b,0x35,0xc2
+,0x11,0x5b,0x13,0x46,0x90,0x3d,0x2e,0xf4
+,0x2f,0xce,0xd4,0x6f,0x08,0x46,0xe7,0x25
+,0x7b,0xb1,0x56,0xd3,0xd7,0xb3,0x0d,0x3f
+} ;
+
+main()
+{
+  printf("%d\n",crypto_auth_hmacsha256_verify(a,c,sizeof c,key));
+  return 0;
+}
diff --git a/nacl/tests/auth3.out b/nacl/tests/auth3.out
new file mode 100644
index 00000000..573541ac
--- /dev/null
+++ b/nacl/tests/auth3.out
@@ -0,0 +1 @@
+0
diff --git a/nacl/tests/auth4.cpp b/nacl/tests/auth4.cpp
new file mode 100644
index 00000000..a94837d2
--- /dev/null
+++ b/nacl/tests/auth4.cpp
@@ -0,0 +1,44 @@
+/* "Test Case AUTH256-4" from RFC 4868 */
+
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_auth_hmacsha256.h"
+
+char key_bytes[32] = {
+ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
+,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10
+,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18
+,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20
+} ;
+
+char c_bytes[50] = {
+ 0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd
+} ;
+
+char a_bytes[32] = {
+ 0x37,0x2e,0xfc,0xf9,0xb4,0x0b,0x35,0xc2
+,0x11,0x5b,0x13,0x46,0x90,0x3d,0x2e,0xf4
+,0x2f,0xce,0xd4,0x6f,0x08,0x46,0xe7,0x25
+,0x7b,0xb1,0x56,0xd3,0xd7,0xb3,0x0d,0x3f
+} ;
+
+main()
+{
+  string key(key_bytes,sizeof key_bytes);
+  string c(c_bytes,sizeof c_bytes);
+  string a(a_bytes,sizeof a_bytes);
+  try {
+    crypto_auth_hmacsha256_verify(a,c,key);
+    printf("0\n");
+  } catch(const char *s) {
+    printf("%s\n",s);
+  }
+  return 0;
+}
diff --git a/nacl/tests/auth4.out b/nacl/tests/auth4.out
new file mode 100644
index 00000000..573541ac
--- /dev/null
+++ b/nacl/tests/auth4.out
@@ -0,0 +1 @@
+0
diff --git a/nacl/tests/auth5.c b/nacl/tests/auth5.c
new file mode 100644
index 00000000..d304a073
--- /dev/null
+++ b/nacl/tests/auth5.c
@@ -0,0 +1,36 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include "crypto_auth_hmacsha512256.h"
+#include "randombytes.h"
+
+unsigned char key[32];
+unsigned char c[10000];
+unsigned char a[32];
+
+main()
+{
+  int clen;
+  int i;
+  for (clen = 0;clen < 10000;++clen) {
+    randombytes(key,sizeof key);
+    randombytes(c,clen);
+    crypto_auth_hmacsha512256(a,c,clen,key);
+    if (crypto_auth_hmacsha512256_verify(a,c,clen,key) != 0) {
+      printf("fail %d\n",clen);
+      return 100;
+    }
+    if (clen > 0) {
+      c[random() % clen] += 1 + (random() % 255);
+      if (crypto_auth_hmacsha512256_verify(a,c,clen,key) == 0) {
+        printf("forgery %d\n",clen);
+        return 100;
+      }
+      a[random() % sizeof a] += 1 + (random() % 255);
+      if (crypto_auth_hmacsha512256_verify(a,c,clen,key) == 0) {
+        printf("forgery %d\n",clen);
+        return 100;
+      }
+    }
+  }
+  return 0;
+}
diff --git a/nacl/tests/auth5.out b/nacl/tests/auth5.out
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/tests/auth5.out
diff --git a/nacl/tests/auth6.cpp b/nacl/tests/auth6.cpp
new file mode 100644
index 00000000..dffb6388
--- /dev/null
+++ b/nacl/tests/auth6.cpp
@@ -0,0 +1,46 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include <stdlib.h>
+#include "crypto_auth_hmacsha512256.h"
+#include "randombytes.h"
+
+main()
+{
+  int clen;
+  int i;
+  for (clen = 0;clen < 10000;++clen) {
+    unsigned char key_bytes[32];
+    randombytes(key_bytes,sizeof key_bytes);
+    string key((char *) key_bytes,sizeof key_bytes);
+    unsigned char c_bytes[clen];
+    randombytes(c_bytes,sizeof c_bytes);
+    string c((char *) c_bytes,sizeof c_bytes);
+    string a = crypto_auth_hmacsha512256(c,key);
+    try {
+      crypto_auth_hmacsha512256_verify(a,c,key);
+    } catch(const char *s) {
+      printf("fail %d %s\n",clen,s);
+      return 100;
+    }
+    if (clen > 0) {
+      size_t pos = random() % clen;
+      c.replace(pos,1,1,c[pos] + 1 + (random() % 255));
+      try {
+        crypto_auth_hmacsha512256_verify(a,c,key);
+        printf("forgery %d\n",clen);
+      } catch(const char *s) {
+        ;
+      }
+      pos = random() % a.size();
+      a.replace(pos,1,1,a[pos] + 1 + (random() % 255));
+      try {
+        crypto_auth_hmacsha512256_verify(a,c,key);
+        printf("forgery %d\n",clen);
+      } catch(const char *s) {
+        ;
+      }
+    }
+  }
+  return 0;
+}
diff --git a/nacl/tests/auth6.out b/nacl/tests/auth6.out
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/tests/auth6.out
diff --git a/nacl/tests/box.c b/nacl/tests/box.c
new file mode 100644
index 00000000..b57a9883
--- /dev/null
+++ b/nacl/tests/box.c
@@ -0,0 +1,63 @@
+#include <stdio.h>
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+
+unsigned char alicesk[32] = {
+ 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
+,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
+,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
+,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
+} ;
+
+unsigned char bobpk[32] = {
+ 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
+,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
+,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
+,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f
+} ;
+
+unsigned char nonce[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+// API requires first 32 bytes to be 0
+unsigned char m[163] = {
+    0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
+} ;
+
+unsigned char c[163];
+
+main()
+{
+  int i;
+  crypto_box_curve25519xsalsa20poly1305(
+    c,m,163,nonce,bobpk,alicesk
+  );
+  for (i = 16;i < 163;++i) {
+    printf(",0x%02x",(unsigned int) c[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  printf("\n");
+  return 0;
+}
diff --git a/nacl/tests/box.out b/nacl/tests/box.out
new file mode 100644
index 00000000..2b6c51ea
--- /dev/null
+++ b/nacl/tests/box.out
@@ -0,0 +1,19 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
diff --git a/nacl/tests/box2.c b/nacl/tests/box2.c
new file mode 100644
index 00000000..0a531142
--- /dev/null
+++ b/nacl/tests/box2.c
@@ -0,0 +1,64 @@
+#include <stdio.h>
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+
+unsigned char bobsk[32] = {
+ 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b
+,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6
+,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd
+,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb
+} ;
+
+unsigned char alicepk[32] = {
+ 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54
+,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a
+,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4
+,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a
+} ;
+
+unsigned char nonce[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+// API requires first 16 bytes to be 0
+unsigned char c[163] = {
+    0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+unsigned char m[163];
+
+main()
+{
+  int i;
+  if (crypto_box_curve25519xsalsa20poly1305_open(
+       m,c,163,nonce,alicepk,bobsk
+     ) == 0) {
+    for (i = 32;i < 163;++i) {
+      printf(",0x%02x",(unsigned int) m[i]);
+      if (i % 8 == 7) printf("\n");
+    }
+    printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/box2.out b/nacl/tests/box2.out
new file mode 100644
index 00000000..c61d4557
--- /dev/null
+++ b/nacl/tests/box2.out
@@ -0,0 +1,17 @@
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
diff --git a/nacl/tests/box3.cpp b/nacl/tests/box3.cpp
new file mode 100644
index 00000000..db89dd03
--- /dev/null
+++ b/nacl/tests/box3.cpp
@@ -0,0 +1,60 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+
+char alicesk_bytes[32] = {
+ 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
+,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
+,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
+,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
+} ;
+
+char bobpk_bytes[32] = {
+ 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
+,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
+,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
+,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f
+} ;
+
+char nonce_bytes[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+char m_bytes[131] = {
+ 0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
+} ;
+
+main()
+{
+  int i;
+  string m(m_bytes,sizeof m_bytes);
+  string nonce(nonce_bytes,sizeof nonce_bytes);
+  string bobpk(bobpk_bytes,sizeof bobpk_bytes);
+  string alicesk(alicesk_bytes,sizeof alicesk_bytes);
+  string c = crypto_box_curve25519xsalsa20poly1305(m,nonce,bobpk,alicesk);
+  for (i = 0;i < c.size();++i) {
+    printf(",0x%02x",(unsigned int) (unsigned char) c[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  printf("\n");
+  return 0;
+}
diff --git a/nacl/tests/box3.out b/nacl/tests/box3.out
new file mode 100644
index 00000000..2b6c51ea
--- /dev/null
+++ b/nacl/tests/box3.out
@@ -0,0 +1,19 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
diff --git a/nacl/tests/box4.cpp b/nacl/tests/box4.cpp
new file mode 100644
index 00000000..7f48fcd6
--- /dev/null
+++ b/nacl/tests/box4.cpp
@@ -0,0 +1,66 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+
+char bobsk_bytes[32] = {
+ 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b
+,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6
+,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd
+,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb
+} ;
+
+char alicepk_bytes[32] = {
+ 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54
+,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a
+,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4
+,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a
+} ;
+
+char nonce_bytes[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+char c_bytes[147] = {
+ 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+main()
+{
+  int i;
+  string c(c_bytes,sizeof c_bytes);
+  string nonce(nonce_bytes,sizeof nonce_bytes);
+  string alicepk(alicepk_bytes,sizeof alicepk_bytes);
+  string bobsk(bobsk_bytes,sizeof bobsk_bytes);
+  try {
+    string m = crypto_box_curve25519xsalsa20poly1305_open(c,nonce,alicepk,bobsk);
+    for (i = 0;i < m.size();++i) {
+      printf(",0x%02x",(unsigned int) (unsigned char) m[i]);
+      if (i % 8 == 7) printf("\n");
+    }
+    printf("\n");
+  } catch(const char *s) {
+    printf("%s\n",s);
+  }
+  return 0;
+}
diff --git a/nacl/tests/box4.out b/nacl/tests/box4.out
new file mode 100644
index 00000000..c61d4557
--- /dev/null
+++ b/nacl/tests/box4.out
@@ -0,0 +1,17 @@
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
diff --git a/nacl/tests/box5.cpp b/nacl/tests/box5.cpp
new file mode 100644
index 00000000..366e2e30
--- /dev/null
+++ b/nacl/tests/box5.cpp
@@ -0,0 +1,30 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_box.h"
+#include "randombytes.h"
+
+main()
+{
+  int mlen;
+  for (mlen = 0;mlen < 1000;++mlen) {
+    string alicesk;
+    string alicepk = crypto_box_keypair(&alicesk);
+    string bobsk;
+    string bobpk = crypto_box_keypair(&bobsk);
+    unsigned char nbytes[crypto_box_NONCEBYTES];
+    randombytes(nbytes,crypto_box_NONCEBYTES);
+    string n((char *) nbytes,crypto_box_NONCEBYTES);
+    unsigned char mbytes[mlen];
+    randombytes(mbytes,mlen);
+    string m((char *) mbytes,mlen);
+    string c = crypto_box(m,n,bobpk,alicesk);
+    try {
+      string m2 = crypto_box_open(c,n,alicepk,bobsk);
+      if (m != m2) printf("bad decryption\n");
+    } catch(const char *s) {
+      printf("%s\n",s);
+    }
+  }
+  return 0;
+}
diff --git a/nacl/tests/box5.out b/nacl/tests/box5.out
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/tests/box5.out
diff --git a/nacl/tests/box6.cpp b/nacl/tests/box6.cpp
new file mode 100644
index 00000000..bab18105
--- /dev/null
+++ b/nacl/tests/box6.cpp
@@ -0,0 +1,43 @@
+#include <string>
+using std::string;
+#include <stdlib.h>
+#include <stdio.h>
+#include "crypto_box.h"
+#include "randombytes.h"
+
+main()
+{
+  int mlen;
+  for (mlen = 0;mlen < 1000;++mlen) {
+    string alicesk;
+    string alicepk = crypto_box_keypair(&alicesk);
+    string bobsk;
+    string bobpk = crypto_box_keypair(&bobsk);
+    unsigned char nbytes[crypto_box_NONCEBYTES];
+    randombytes(nbytes,crypto_box_NONCEBYTES);
+    string n((char *) nbytes,crypto_box_NONCEBYTES);
+    unsigned char mbytes[mlen];
+    randombytes(mbytes,mlen);
+    string m((char *) mbytes,mlen);
+    string c = crypto_box(m,n,bobpk,alicesk);
+    int caught = 0;
+    while (caught < 10) {
+      c.replace(random() % c.size(),1,1,random());
+      try {
+        string m2 = crypto_box_open(c,n,alicepk,bobsk);
+        if (m != m2) {
+          printf("forgery\n");
+          return 100;
+        }
+      } catch(const char *s) {
+        if (string(s) == string("ciphertext fails verification"))
+          ++caught;
+        else {
+          printf("%s\n",s);
+          return 111;
+        }
+      }
+    }
+  }
+  return 0;
+}
diff --git a/nacl/tests/box6.out b/nacl/tests/box6.out
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/tests/box6.out
diff --git a/nacl/tests/box7.c b/nacl/tests/box7.c
new file mode 100644
index 00000000..809301c1
--- /dev/null
+++ b/nacl/tests/box7.c
@@ -0,0 +1,36 @@
+#include <stdio.h>
+#include "crypto_box.h"
+#include "randombytes.h"
+
+unsigned char alicesk[crypto_box_SECRETKEYBYTES];
+unsigned char alicepk[crypto_box_PUBLICKEYBYTES];
+unsigned char bobsk[crypto_box_SECRETKEYBYTES];
+unsigned char bobpk[crypto_box_PUBLICKEYBYTES];
+unsigned char n[crypto_box_NONCEBYTES];
+unsigned char m[10000];
+unsigned char c[10000];
+unsigned char m2[10000];
+
+main()
+{
+  int mlen;
+  int i;
+
+  for (mlen = 0;mlen < 1000 && mlen + crypto_box_ZEROBYTES < sizeof m;++mlen) {
+    crypto_box_keypair(alicepk,alicesk);
+    crypto_box_keypair(bobpk,bobsk);
+    randombytes(n,crypto_box_NONCEBYTES);
+    randombytes(m + crypto_box_ZEROBYTES,mlen);
+    crypto_box(c,m,mlen + crypto_box_ZEROBYTES,n,bobpk,alicesk);
+    if (crypto_box_open(m2,c,mlen + crypto_box_ZEROBYTES,n,alicepk,bobsk) == 0) {
+      for (i = 0;i < mlen + crypto_box_ZEROBYTES;++i)
+        if (m2[i] != m[i]) {
+          printf("bad decryption\n");
+          break;
+        }
+    } else {
+      printf("ciphertext fails verification\n");
+    }
+  }
+  return 0;
+}
diff --git a/nacl/tests/box7.out b/nacl/tests/box7.out
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/tests/box7.out
diff --git a/nacl/tests/box8.c b/nacl/tests/box8.c
new file mode 100644
index 00000000..dac676ef
--- /dev/null
+++ b/nacl/tests/box8.c
@@ -0,0 +1,41 @@
+#include <stdio.h>
+#include "crypto_box.h"
+#include "randombytes.h"
+
+unsigned char alicesk[crypto_box_SECRETKEYBYTES];
+unsigned char alicepk[crypto_box_PUBLICKEYBYTES];
+unsigned char bobsk[crypto_box_SECRETKEYBYTES];
+unsigned char bobpk[crypto_box_PUBLICKEYBYTES];
+unsigned char n[crypto_box_NONCEBYTES];
+unsigned char m[10000];
+unsigned char c[10000];
+unsigned char m2[10000];
+
+main()
+{
+  int mlen;
+  int i;
+  int caught;
+
+  for (mlen = 0;mlen < 1000 && mlen + crypto_box_ZEROBYTES < sizeof m;++mlen) {
+    crypto_box_keypair(alicepk,alicesk);
+    crypto_box_keypair(bobpk,bobsk);
+    randombytes(n,crypto_box_NONCEBYTES);
+    randombytes(m + crypto_box_ZEROBYTES,mlen);
+    crypto_box(c,m,mlen + crypto_box_ZEROBYTES,n,bobpk,alicesk);
+    caught = 0;
+    while (caught < 10) {
+      c[random() % (mlen + crypto_box_ZEROBYTES)] = random();
+      if (crypto_box_open(m2,c,mlen + crypto_box_ZEROBYTES,n,alicepk,bobsk) == 0) {
+        for (i = 0;i < mlen + crypto_box_ZEROBYTES;++i)
+          if (m2[i] != m[i]) {
+            printf("forgery\n");
+            return 100;
+          }
+      } else {
+        ++caught;
+      }
+    }
+  }
+  return 0;
+}
diff --git a/nacl/tests/box8.out b/nacl/tests/box8.out
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/tests/box8.out
diff --git a/nacl/tests/core1.c b/nacl/tests/core1.c
new file mode 100644
index 00000000..9a8fc51d
--- /dev/null
+++ b/nacl/tests/core1.c
@@ -0,0 +1,30 @@
+#include <stdio.h>
+#include "crypto_core_hsalsa20.h"
+
+unsigned char shared[32] = {
+ 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1
+,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25
+,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33
+,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42
+} ;
+
+unsigned char zero[32] = { 0 };
+
+unsigned char c[16] = {
+ 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33
+,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b
+} ;
+
+unsigned char firstkey[32];
+
+main()
+{
+  int i;
+  crypto_core_hsalsa20(firstkey,zero,shared,c);
+  for (i = 0;i < 32;++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("0x%02x",(unsigned int) firstkey[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/core1.out b/nacl/tests/core1.out
new file mode 100644
index 00000000..715a489d
--- /dev/null
+++ b/nacl/tests/core1.out
@@ -0,0 +1,4 @@
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
diff --git a/nacl/tests/core2.c b/nacl/tests/core2.c
new file mode 100644
index 00000000..08402285
--- /dev/null
+++ b/nacl/tests/core2.c
@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include "crypto_core_hsalsa20.h"
+
+unsigned char firstkey[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+unsigned char nonceprefix[16] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+} ;
+
+unsigned char c[16] = {
+ 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33
+,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b
+} ;
+
+unsigned char secondkey[32];
+
+main()
+{
+  int i;
+  crypto_core_hsalsa20(secondkey,nonceprefix,firstkey,c);
+  for (i = 0;i < 32;++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("0x%02x",(unsigned int) secondkey[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/core2.out b/nacl/tests/core2.out
new file mode 100644
index 00000000..f4682af0
--- /dev/null
+++ b/nacl/tests/core2.out
@@ -0,0 +1,4 @@
+ 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9
+,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88
+,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9
+,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4
diff --git a/nacl/tests/core3.c b/nacl/tests/core3.c
new file mode 100644
index 00000000..4c759a5b
--- /dev/null
+++ b/nacl/tests/core3.c
@@ -0,0 +1,41 @@
+#include <stdio.h>
+#include "crypto_core_salsa20.h"
+#include "crypto_hash_sha256.h"
+
+unsigned char secondkey[32] = {
+ 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9
+,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88
+,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9
+,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4
+} ;
+
+unsigned char noncesuffix[8] = {
+ 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+unsigned char c[16] = {
+ 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33
+,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b
+} ;
+
+unsigned char in[16] = { 0 } ;
+
+unsigned char output[64 * 256 * 256];
+
+unsigned char h[32];
+
+main()
+{
+  int i;
+  long long pos = 0;
+  for (i = 0;i < 8;++i) in[i] = noncesuffix[i];
+  do {
+    do {
+      crypto_core_salsa20(output + pos,in,secondkey,c);
+      pos += 64;
+    } while (++in[8]);
+  } while (++in[9]);
+  crypto_hash_sha256(h,output,sizeof output);
+  for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n");
+  return 0;
+}
diff --git a/nacl/tests/core3.out b/nacl/tests/core3.out
new file mode 100644
index 00000000..5fa208c1
--- /dev/null
+++ b/nacl/tests/core3.out
@@ -0,0 +1 @@
+662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2
diff --git a/nacl/tests/core4.c b/nacl/tests/core4.c
new file mode 100644
index 00000000..1f238c5e
--- /dev/null
+++ b/nacl/tests/core4.c
@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include "crypto_core_salsa20.h"
+
+unsigned char k[32] = {
+   1,  2,  3,  4,  5,  6,  7,  8
+,  9, 10, 11, 12, 13, 14, 15, 16
+,201,202,203,204,205,206,207,208
+,209,210,211,212,213,214,215,216
+} ;
+
+unsigned char in[16] = {
+ 101,102,103,104,105,106,107,108
+,109,110,111,112,113,114,115,116
+} ;
+
+unsigned char c[16] = {
+ 101,120,112, 97,110,100, 32, 51
+, 50, 45, 98,121,116,101, 32,107
+} ;
+
+unsigned char out[64];
+
+main()
+{
+  int i;
+  crypto_core_salsa20(out,in,k,c);
+  for (i = 0;i < 64;++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("%3d",(unsigned int) out[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/core4.out b/nacl/tests/core4.out
new file mode 100644
index 00000000..d04e5b5e
--- /dev/null
+++ b/nacl/tests/core4.out
@@ -0,0 +1,8 @@
+  69, 37, 68, 39, 41, 15,107,193
+,255,139,122,  6,170,233,217, 98
+, 89,144,182,106, 21, 51,200, 65
+,239, 49,222, 34,215,114, 40,126
+,104,197,  7,225,197,153, 31,  2
+,102, 78, 76,176, 84,245,246,184
+,177,160,133,130,  6, 72,149,119
+,192,195,132,236,234,103,246, 74
diff --git a/nacl/tests/core5.c b/nacl/tests/core5.c
new file mode 100644
index 00000000..6353477d
--- /dev/null
+++ b/nacl/tests/core5.c
@@ -0,0 +1,32 @@
+#include <stdio.h>
+#include "crypto_core_hsalsa20.h"
+
+unsigned char k[32] = {
+ 0xee,0x30,0x4f,0xca,0x27,0x00,0x8d,0x8c
+,0x12,0x6f,0x90,0x02,0x79,0x01,0xd8,0x0f
+,0x7f,0x1d,0x8b,0x8d,0xc9,0x36,0xcf,0x3b
+,0x9f,0x81,0x96,0x92,0x82,0x7e,0x57,0x77
+} ;
+
+unsigned char in[16] = {
+ 0x81,0x91,0x8e,0xf2,0xa5,0xe0,0xda,0x9b
+,0x3e,0x90,0x60,0x52,0x1e,0x4b,0xb3,0x52
+} ;
+
+unsigned char c[16] = {
+ 101,120,112, 97,110,100, 32, 51
+, 50, 45, 98,121,116,101, 32,107
+} ;
+
+unsigned char out[32];
+
+main()
+{
+  int i;
+  crypto_core_hsalsa20(out,in,k,c);
+  for (i = 0;i < 32;++i) {
+    printf(",0x%02x",(unsigned int) out[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/core5.out b/nacl/tests/core5.out
new file mode 100644
index 00000000..562cf717
--- /dev/null
+++ b/nacl/tests/core5.out
@@ -0,0 +1,4 @@
+,0xbc,0x1b,0x30,0xfc,0x07,0x2c,0xc1,0x40
+,0x75,0xe4,0xba,0xa7,0x31,0xb5,0xa8,0x45
+,0xea,0x9b,0x11,0xe9,0xa5,0x19,0x1f,0x94
+,0xe1,0x8c,0xba,0x8f,0xd8,0x21,0xa7,0xcd
diff --git a/nacl/tests/core6.c b/nacl/tests/core6.c
new file mode 100644
index 00000000..67f35df9
--- /dev/null
+++ b/nacl/tests/core6.c
@@ -0,0 +1,47 @@
+#include <stdio.h>
+#include "crypto_core_salsa20.h"
+
+unsigned char k[32] = {
+ 0xee,0x30,0x4f,0xca,0x27,0x00,0x8d,0x8c
+,0x12,0x6f,0x90,0x02,0x79,0x01,0xd8,0x0f
+,0x7f,0x1d,0x8b,0x8d,0xc9,0x36,0xcf,0x3b
+,0x9f,0x81,0x96,0x92,0x82,0x7e,0x57,0x77
+} ;
+
+unsigned char in[16] = {
+ 0x81,0x91,0x8e,0xf2,0xa5,0xe0,0xda,0x9b
+,0x3e,0x90,0x60,0x52,0x1e,0x4b,0xb3,0x52
+} ;
+
+unsigned char c[16] = {
+ 101,120,112, 97,110,100, 32, 51
+, 50, 45, 98,121,116,101, 32,107
+} ;
+
+unsigned char out[64];
+
+void print(unsigned char *x,unsigned char *y)
+{
+  int i;
+  unsigned int borrow = 0;
+  for (i = 0;i < 4;++i) {
+    unsigned int xi = x[i];
+    unsigned int yi = y[i];
+    printf(",0x%02x",255 & (xi - yi - borrow));
+    borrow = (xi < yi + borrow);
+  }
+}
+
+main()
+{
+  crypto_core_salsa20(out,in,k,c);
+  print(out,c);
+  print(out + 20,c + 4); printf("\n");
+  print(out + 40,c + 8);
+  print(out + 60,c + 12); printf("\n");
+  print(out + 24,in);
+  print(out + 28,in + 4); printf("\n");
+  print(out + 32,in + 8);
+  print(out + 36,in + 12); printf("\n");
+  return 0;
+}
diff --git a/nacl/tests/core6.out b/nacl/tests/core6.out
new file mode 100644
index 00000000..562cf717
--- /dev/null
+++ b/nacl/tests/core6.out
@@ -0,0 +1,4 @@
+,0xbc,0x1b,0x30,0xfc,0x07,0x2c,0xc1,0x40
+,0x75,0xe4,0xba,0xa7,0x31,0xb5,0xa8,0x45
+,0xea,0x9b,0x11,0xe9,0xa5,0x19,0x1f,0x94
+,0xe1,0x8c,0xba,0x8f,0xd8,0x21,0xa7,0xcd
diff --git a/nacl/tests/hash.c b/nacl/tests/hash.c
new file mode 100644
index 00000000..8de470aa
--- /dev/null
+++ b/nacl/tests/hash.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include "crypto_hash.h"
+
+unsigned char x[8] = "testing\n";
+unsigned char h[crypto_hash_BYTES];
+
+int main()
+{
+  int i;
+  crypto_hash(h,x,sizeof x);
+  for (i = 0;i < crypto_hash_BYTES;++i) printf("%02x",(unsigned int) h[i]);
+  printf("\n");
+  return 0;
+}
diff --git a/nacl/tests/hash.out b/nacl/tests/hash.out
new file mode 100644
index 00000000..df582172
--- /dev/null
+++ b/nacl/tests/hash.out
@@ -0,0 +1 @@
+24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28
diff --git a/nacl/tests/hash2.cpp b/nacl/tests/hash2.cpp
new file mode 100644
index 00000000..6594620d
--- /dev/null
+++ b/nacl/tests/hash2.cpp
@@ -0,0 +1,18 @@
+#include <iostream>
+#include <string>
+using std::string;
+using std::cout;
+using std::hex;
+#include "crypto_hash.h"
+
+int main()
+{
+  string x = "testing\n";
+  string h = crypto_hash(x);
+  for (int i = 0;i < h.size();++i) {
+    cout << hex << (15 & (int) (h[i] >> 4));
+    cout << hex << (15 & (int) h[i]);
+  }
+  cout << "\n";
+  return 0;
+}
diff --git a/nacl/tests/hash2.out b/nacl/tests/hash2.out
new file mode 100644
index 00000000..df582172
--- /dev/null
+++ b/nacl/tests/hash2.out
@@ -0,0 +1 @@
+24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28
diff --git a/nacl/tests/hash3.c b/nacl/tests/hash3.c
new file mode 100644
index 00000000..10b89b90
--- /dev/null
+++ b/nacl/tests/hash3.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include "crypto_hash_sha512.h"
+
+unsigned char x[8] = "testing\n";
+unsigned char h[crypto_hash_sha512_BYTES];
+
+int main()
+{
+  int i;
+  crypto_hash_sha512(h,x,sizeof x);
+  for (i = 0;i < crypto_hash_sha512_BYTES;++i) printf("%02x",(unsigned int) h[i]);
+  printf("\n");
+  return 0;
+}
diff --git a/nacl/tests/hash3.out b/nacl/tests/hash3.out
new file mode 100644
index 00000000..df582172
--- /dev/null
+++ b/nacl/tests/hash3.out
@@ -0,0 +1 @@
+24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28
diff --git a/nacl/tests/hash4.cpp b/nacl/tests/hash4.cpp
new file mode 100644
index 00000000..1d0a3f37
--- /dev/null
+++ b/nacl/tests/hash4.cpp
@@ -0,0 +1,18 @@
+#include <iostream>
+#include <string>
+using std::string;
+using std::cout;
+using std::hex;
+#include "crypto_hash_sha512.h"
+
+int main()
+{
+  string x = "testing\n";
+  string h = crypto_hash_sha512(x);
+  for (int i = 0;i < h.size();++i) {
+    cout << hex << (15 & (int) (h[i] >> 4));
+    cout << hex << (15 & (int) h[i]);
+  }
+  cout << "\n";
+  return 0;
+}
diff --git a/nacl/tests/hash4.out b/nacl/tests/hash4.out
new file mode 100644
index 00000000..df582172
--- /dev/null
+++ b/nacl/tests/hash4.out
@@ -0,0 +1 @@
+24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28
diff --git a/nacl/tests/onetimeauth.c b/nacl/tests/onetimeauth.c
new file mode 100644
index 00000000..60a2df14
--- /dev/null
+++ b/nacl/tests/onetimeauth.c
@@ -0,0 +1,42 @@
+#include <stdio.h>
+#include "crypto_onetimeauth_poly1305.h"
+
+unsigned char rs[32] = {
+ 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
+,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
+,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
+,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80
+} ;
+
+unsigned char c[131] = {
+ 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+unsigned char a[16];
+
+main()
+{
+  int i;
+  crypto_onetimeauth_poly1305(a,c,131,rs);
+  for (i = 0;i < 16;++i) {
+    printf(",0x%02x",(unsigned int) a[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/onetimeauth.out b/nacl/tests/onetimeauth.out
new file mode 100644
index 00000000..6d914615
--- /dev/null
+++ b/nacl/tests/onetimeauth.out
@@ -0,0 +1,2 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
diff --git a/nacl/tests/onetimeauth2.c b/nacl/tests/onetimeauth2.c
new file mode 100644
index 00000000..64c1a9cd
--- /dev/null
+++ b/nacl/tests/onetimeauth2.c
@@ -0,0 +1,40 @@
+#include <stdio.h>
+#include "crypto_onetimeauth_poly1305.h"
+
+unsigned char rs[32] = {
+ 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
+,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
+,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
+,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80
+} ;
+
+unsigned char c[131] = {
+ 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+unsigned char a[16] = {
+ 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+} ;
+
+main()
+{
+  printf("%d\n",crypto_onetimeauth_poly1305_verify(a,c,131,rs));
+  return 0;
+}
diff --git a/nacl/tests/onetimeauth2.out b/nacl/tests/onetimeauth2.out
new file mode 100644
index 00000000..573541ac
--- /dev/null
+++ b/nacl/tests/onetimeauth2.out
@@ -0,0 +1 @@
+0
diff --git a/nacl/tests/onetimeauth5.cpp b/nacl/tests/onetimeauth5.cpp
new file mode 100644
index 00000000..884892ac
--- /dev/null
+++ b/nacl/tests/onetimeauth5.cpp
@@ -0,0 +1,46 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_onetimeauth_poly1305.h"
+
+char rs_bytes[32] = {
+ 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
+,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
+,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
+,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80
+} ;
+
+char c_bytes[131] = {
+ 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+unsigned char a[16];
+
+main()
+{
+  int i;
+  string c(c_bytes,sizeof c_bytes);
+  string rs(rs_bytes,sizeof rs_bytes);
+  string a = crypto_onetimeauth_poly1305(c,rs);
+  for (i = 0;i < a.size();++i) {
+    printf(",0x%02x",(unsigned int) (unsigned char) a[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/onetimeauth5.out b/nacl/tests/onetimeauth5.out
new file mode 100644
index 00000000..6d914615
--- /dev/null
+++ b/nacl/tests/onetimeauth5.out
@@ -0,0 +1,2 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
diff --git a/nacl/tests/onetimeauth6.cpp b/nacl/tests/onetimeauth6.cpp
new file mode 100644
index 00000000..d79d4613
--- /dev/null
+++ b/nacl/tests/onetimeauth6.cpp
@@ -0,0 +1,50 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_onetimeauth_poly1305.h"
+
+char rs_bytes[32] = {
+ 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
+,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
+,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
+,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80
+} ;
+
+char c_bytes[131] = {
+ 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+char a_bytes[16] = {
+ 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+} ;
+
+main()
+{
+  string rs(rs_bytes,sizeof rs_bytes);
+  string c(c_bytes,sizeof c_bytes);
+  string a(a_bytes,sizeof a_bytes);
+  try {
+    crypto_onetimeauth_poly1305_verify(a,c,rs);
+    printf("0\n");
+  } catch(const char *s) {
+    printf("%s\n",s);
+  }
+  return 0;
+}
diff --git a/nacl/tests/onetimeauth6.out b/nacl/tests/onetimeauth6.out
new file mode 100644
index 00000000..573541ac
--- /dev/null
+++ b/nacl/tests/onetimeauth6.out
@@ -0,0 +1 @@
+0
diff --git a/nacl/tests/onetimeauth7.c b/nacl/tests/onetimeauth7.c
new file mode 100644
index 00000000..349b8751
--- /dev/null
+++ b/nacl/tests/onetimeauth7.c
@@ -0,0 +1,36 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include "crypto_onetimeauth_poly1305.h"
+#include "randombytes.h"
+
+unsigned char key[32];
+unsigned char c[10000];
+unsigned char a[16];
+
+main()
+{
+  int clen;
+  int i;
+  for (clen = 0;clen < 10000;++clen) {
+    randombytes(key,sizeof key);
+    randombytes(c,clen);
+    crypto_onetimeauth_poly1305(a,c,clen,key);
+    if (crypto_onetimeauth_poly1305_verify(a,c,clen,key) != 0) {
+      printf("fail %d\n",clen);
+      return 100;
+    }
+    if (clen > 0) {
+      c[random() % clen] += 1 + (random() % 255);
+      if (crypto_onetimeauth_poly1305_verify(a,c,clen,key) == 0) {
+        printf("forgery %d\n",clen);
+        return 100;
+      }
+      a[random() % sizeof a] += 1 + (random() % 255);
+      if (crypto_onetimeauth_poly1305_verify(a,c,clen,key) == 0) {
+        printf("forgery %d\n",clen);
+        return 100;
+      }
+    }
+  }
+  return 0;
+}
diff --git a/nacl/tests/onetimeauth7.out b/nacl/tests/onetimeauth7.out
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/tests/onetimeauth7.out
diff --git a/nacl/tests/onetimeauth8.cpp b/nacl/tests/onetimeauth8.cpp
new file mode 100644
index 00000000..ce554fb4
--- /dev/null
+++ b/nacl/tests/onetimeauth8.cpp
@@ -0,0 +1,46 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include <stdlib.h>
+#include "crypto_onetimeauth_poly1305.h"
+#include "randombytes.h"
+
+main()
+{
+  int clen;
+  int i;
+  for (clen = 0;clen < 10000;++clen) {
+    unsigned char key_bytes[32];
+    randombytes(key_bytes,sizeof key_bytes);
+    string key((char *) key_bytes,sizeof key_bytes);
+    unsigned char c_bytes[clen];
+    randombytes(c_bytes,sizeof c_bytes);
+    string c((char *) c_bytes,sizeof c_bytes);
+    string a = crypto_onetimeauth_poly1305(c,key);
+    try {
+      crypto_onetimeauth_poly1305_verify(a,c,key);
+    } catch(const char *s) {
+      printf("fail %d %s\n",clen,s);
+      return 100;
+    }
+    if (clen > 0) {
+      size_t pos = random() % clen;
+      c.replace(pos,1,1,c[pos] + 1 + (random() % 255));
+      try {
+        crypto_onetimeauth_poly1305_verify(a,c,key);
+        printf("forgery %d\n",clen);
+      } catch(const char *s) {
+        ;
+      }
+      pos = random() % a.size();
+      a.replace(pos,1,1,a[pos] + 1 + (random() % 255));
+      try {
+        crypto_onetimeauth_poly1305_verify(a,c,key);
+        printf("forgery %d\n",clen);
+      } catch(const char *s) {
+        ;
+      }
+    }
+  }
+  return 0;
+}
diff --git a/nacl/tests/onetimeauth8.out b/nacl/tests/onetimeauth8.out
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/tests/onetimeauth8.out
diff --git a/nacl/tests/scalarmult.c b/nacl/tests/scalarmult.c
new file mode 100644
index 00000000..d9265954
--- /dev/null
+++ b/nacl/tests/scalarmult.c
@@ -0,0 +1,23 @@
+#include <stdio.h>
+#include "crypto_scalarmult_curve25519.h"
+
+unsigned char alicesk[32] = {
+ 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
+,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
+,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
+,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
+} ;
+
+unsigned char alicepk[32];
+
+main()
+{
+  int i;
+  crypto_scalarmult_curve25519_base(alicepk,alicesk);
+  for (i = 0;i < 32;++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("0x%02x",(unsigned int) alicepk[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/scalarmult.out b/nacl/tests/scalarmult.out
new file mode 100644
index 00000000..ddd130d6
--- /dev/null
+++ b/nacl/tests/scalarmult.out
@@ -0,0 +1,4 @@
+ 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54
+,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a
+,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4
+,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a
diff --git a/nacl/tests/scalarmult2.c b/nacl/tests/scalarmult2.c
new file mode 100644
index 00000000..90e6360d
--- /dev/null
+++ b/nacl/tests/scalarmult2.c
@@ -0,0 +1,23 @@
+#include <stdio.h>
+#include "crypto_scalarmult_curve25519.h"
+
+unsigned char bobsk[32] = {
+ 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b
+,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6
+,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd
+,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb
+} ;
+
+unsigned char bobpk[32];
+
+main()
+{
+  int i;
+  crypto_scalarmult_curve25519_base(bobpk,bobsk);
+  for (i = 0;i < 32;++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("0x%02x",(unsigned int) bobpk[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/scalarmult2.out b/nacl/tests/scalarmult2.out
new file mode 100644
index 00000000..b5391865
--- /dev/null
+++ b/nacl/tests/scalarmult2.out
@@ -0,0 +1,4 @@
+ 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
+,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
+,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
+,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f
diff --git a/nacl/tests/scalarmult3.cpp b/nacl/tests/scalarmult3.cpp
new file mode 100644
index 00000000..4e8fef3d
--- /dev/null
+++ b/nacl/tests/scalarmult3.cpp
@@ -0,0 +1,31 @@
+#include <iostream>
+#include <iomanip>
+#include <string>
+using std::string;
+using std::cout;
+using std::setfill;
+using std::setw;
+using std::hex;
+#include "crypto_scalarmult_curve25519.h"
+
+char alicesk_bytes[32] = {
+ 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
+,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
+,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
+,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
+} ;
+
+main()
+{
+  int i;
+  cout << setfill('0');
+  string alicesk(alicesk_bytes,sizeof alicesk_bytes);
+  string alicepk = crypto_scalarmult_curve25519_base(alicesk);
+  for (i = 0;i < alicepk.size();++i) {
+    unsigned char c = alicepk[i];
+    if (i > 0) cout << ","; else cout << " ";
+    cout << "0x" << hex << setw(2) << (unsigned int) c;
+    if (i % 8 == 7) cout << "\n";
+  }
+  return 0;
+}
diff --git a/nacl/tests/scalarmult3.out b/nacl/tests/scalarmult3.out
new file mode 100644
index 00000000..ddd130d6
--- /dev/null
+++ b/nacl/tests/scalarmult3.out
@@ -0,0 +1,4 @@
+ 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54
+,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a
+,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4
+,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a
diff --git a/nacl/tests/scalarmult4.cpp b/nacl/tests/scalarmult4.cpp
new file mode 100644
index 00000000..8e4d64e9
--- /dev/null
+++ b/nacl/tests/scalarmult4.cpp
@@ -0,0 +1,31 @@
+#include <iostream>
+#include <iomanip>
+#include <string>
+using std::string;
+using std::cout;
+using std::setfill;
+using std::setw;
+using std::hex;
+#include "crypto_scalarmult_curve25519.h"
+
+char bobsk_bytes[32] = {
+ 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b
+,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6
+,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd
+,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb
+} ;
+
+main()
+{
+  int i;
+  cout << setfill('0');
+  string bobsk(bobsk_bytes,sizeof bobsk_bytes);
+  string bobpk = crypto_scalarmult_curve25519_base(bobsk);
+  for (i = 0;i < bobpk.size();++i) {
+    unsigned char c = bobpk[i];
+    if (i > 0) cout << ","; else cout << " ";
+    cout << "0x" << hex << setw(2) << (unsigned int) c;
+    if (i % 8 == 7) cout << "\n";
+  }
+  return 0;
+}
diff --git a/nacl/tests/scalarmult4.out b/nacl/tests/scalarmult4.out
new file mode 100644
index 00000000..b5391865
--- /dev/null
+++ b/nacl/tests/scalarmult4.out
@@ -0,0 +1,4 @@
+ 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
+,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
+,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
+,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f
diff --git a/nacl/tests/scalarmult5.c b/nacl/tests/scalarmult5.c
new file mode 100644
index 00000000..14f8159d
--- /dev/null
+++ b/nacl/tests/scalarmult5.c
@@ -0,0 +1,30 @@
+#include <stdio.h>
+#include "crypto_scalarmult_curve25519.h"
+
+unsigned char alicesk[32] = {
+ 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
+,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
+,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
+,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
+} ;
+
+unsigned char bobpk[32] = {
+ 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
+,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
+,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
+,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f
+} ;
+
+unsigned char k[32];
+
+main()
+{
+  int i;
+  crypto_scalarmult_curve25519(k,alicesk,bobpk);
+  for (i = 0;i < 32;++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("0x%02x",(unsigned int) k[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/scalarmult5.out b/nacl/tests/scalarmult5.out
new file mode 100644
index 00000000..bec21130
--- /dev/null
+++ b/nacl/tests/scalarmult5.out
@@ -0,0 +1,4 @@
+ 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1
+,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25
+,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33
+,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42
diff --git a/nacl/tests/scalarmult6.c b/nacl/tests/scalarmult6.c
new file mode 100644
index 00000000..89bf9bdd
--- /dev/null
+++ b/nacl/tests/scalarmult6.c
@@ -0,0 +1,30 @@
+#include <stdio.h>
+#include "crypto_scalarmult_curve25519.h"
+
+unsigned char bobsk[32] = {
+ 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b
+,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6
+,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd
+,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb
+} ;
+
+unsigned char alicepk[32] = {
+ 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54
+,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a
+,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4
+,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a
+} ;
+
+unsigned char k[32];
+
+main()
+{
+  int i;
+  crypto_scalarmult_curve25519(k,bobsk,alicepk);
+  for (i = 0;i < 32;++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("0x%02x",(unsigned int) k[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/scalarmult6.out b/nacl/tests/scalarmult6.out
new file mode 100644
index 00000000..bec21130
--- /dev/null
+++ b/nacl/tests/scalarmult6.out
@@ -0,0 +1,4 @@
+ 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1
+,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25
+,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33
+,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42
diff --git a/nacl/tests/scalarmult7.cpp b/nacl/tests/scalarmult7.cpp
new file mode 100644
index 00000000..8382d747
--- /dev/null
+++ b/nacl/tests/scalarmult7.cpp
@@ -0,0 +1,32 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_scalarmult_curve25519.h"
+
+char alicesk_bytes[32] = {
+ 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
+,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
+,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
+,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
+} ;
+
+char bobpk_bytes[32] = {
+ 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
+,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
+,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
+,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f
+} ;
+
+main()
+{
+  int i;
+  string alicesk(alicesk_bytes,sizeof alicesk_bytes);
+  string bobpk(bobpk_bytes,sizeof bobpk_bytes);
+  string k = crypto_scalarmult_curve25519(alicesk,bobpk);
+  for (i = 0;i < k.size();++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("0x%02x",(unsigned int) (unsigned char) k[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/scalarmult7.out b/nacl/tests/scalarmult7.out
new file mode 100644
index 00000000..bec21130
--- /dev/null
+++ b/nacl/tests/scalarmult7.out
@@ -0,0 +1,4 @@
+ 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1
+,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25
+,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33
+,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42
diff --git a/nacl/tests/secretbox.c b/nacl/tests/secretbox.c
new file mode 100644
index 00000000..773f5b62
--- /dev/null
+++ b/nacl/tests/secretbox.c
@@ -0,0 +1,56 @@
+#include <stdio.h>
+#include "crypto_secretbox_xsalsa20poly1305.h"
+
+unsigned char firstkey[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+unsigned char nonce[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+// API requires first 32 bytes to be 0
+unsigned char m[163] = {
+    0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
+} ;
+
+unsigned char c[163];
+
+main()
+{
+  int i;
+  crypto_secretbox_xsalsa20poly1305(
+    c,m,163,nonce,firstkey
+  );
+  for (i = 16;i < 163;++i) {
+    printf(",0x%02x",(unsigned int) c[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  printf("\n");
+  return 0;
+}
diff --git a/nacl/tests/secretbox.out b/nacl/tests/secretbox.out
new file mode 100644
index 00000000..2b6c51ea
--- /dev/null
+++ b/nacl/tests/secretbox.out
@@ -0,0 +1,19 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
diff --git a/nacl/tests/secretbox2.c b/nacl/tests/secretbox2.c
new file mode 100644
index 00000000..b6a2a937
--- /dev/null
+++ b/nacl/tests/secretbox2.c
@@ -0,0 +1,57 @@
+#include <stdio.h>
+#include "crypto_secretbox_xsalsa20poly1305.h"
+
+unsigned char firstkey[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+unsigned char nonce[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+// API requires first 16 bytes to be 0
+unsigned char c[163] = {
+    0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+unsigned char m[163];
+
+main()
+{
+  int i;
+  if (crypto_secretbox_xsalsa20poly1305_open(
+       m,c,163,nonce,firstkey
+      ) == 0) {
+    for (i = 32;i < 163;++i) {
+      printf(",0x%02x",(unsigned int) m[i]);
+      if (i % 8 == 7) printf("\n");
+    }
+    printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/secretbox2.out b/nacl/tests/secretbox2.out
new file mode 100644
index 00000000..c61d4557
--- /dev/null
+++ b/nacl/tests/secretbox2.out
@@ -0,0 +1,17 @@
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
diff --git a/nacl/tests/secretbox3.cpp b/nacl/tests/secretbox3.cpp
new file mode 100644
index 00000000..39ca7c53
--- /dev/null
+++ b/nacl/tests/secretbox3.cpp
@@ -0,0 +1,52 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_secretbox_xsalsa20poly1305.h"
+
+char firstkey_bytes[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+char nonce_bytes[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+char m_bytes[131] = {
+ 0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
+} ;
+
+main()
+{
+  int i;
+  string m(m_bytes,sizeof m_bytes);
+  string nonce(nonce_bytes,sizeof nonce_bytes);
+  string firstkey(firstkey_bytes,sizeof firstkey_bytes);
+  string c = crypto_secretbox_xsalsa20poly1305(m,nonce,firstkey);
+  for (i = 0;i < c.size();++i) {
+    printf(",0x%02x",(unsigned int) (unsigned char) c[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  printf("\n");
+  return 0;
+}
diff --git a/nacl/tests/secretbox3.out b/nacl/tests/secretbox3.out
new file mode 100644
index 00000000..2b6c51ea
--- /dev/null
+++ b/nacl/tests/secretbox3.out
@@ -0,0 +1,19 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
diff --git a/nacl/tests/secretbox4.cpp b/nacl/tests/secretbox4.cpp
new file mode 100644
index 00000000..416e4d9e
--- /dev/null
+++ b/nacl/tests/secretbox4.cpp
@@ -0,0 +1,54 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_secretbox_xsalsa20poly1305.h"
+
+char firstkey_bytes[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+char nonce_bytes[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+char c_bytes[147] = {
+ 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+main()
+{
+  int i;
+  string firstkey(firstkey_bytes,sizeof firstkey_bytes);
+  string nonce(nonce_bytes,sizeof nonce_bytes);
+  string c(c_bytes,sizeof c_bytes);
+  string m = crypto_secretbox_xsalsa20poly1305_open(c,nonce,firstkey);
+  for (i = 0;i < m.size();++i) {
+    printf(",0x%02x",(unsigned int) (unsigned char) m[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  printf("\n");
+  return 0;
+}
diff --git a/nacl/tests/secretbox4.out b/nacl/tests/secretbox4.out
new file mode 100644
index 00000000..c61d4557
--- /dev/null
+++ b/nacl/tests/secretbox4.out
@@ -0,0 +1,17 @@
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
diff --git a/nacl/tests/secretbox5.cpp b/nacl/tests/secretbox5.cpp
new file mode 100644
index 00000000..e8cc0eeb
--- /dev/null
+++ b/nacl/tests/secretbox5.cpp
@@ -0,0 +1,29 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_secretbox.h"
+#include "randombytes.h"
+
+main()
+{
+  int mlen;
+  for (mlen = 0;mlen < 1000;++mlen) {
+    unsigned char kbytes[crypto_secretbox_KEYBYTES];
+    randombytes(kbytes,crypto_secretbox_KEYBYTES);
+    string k((char *) kbytes,crypto_secretbox_KEYBYTES);
+    unsigned char nbytes[crypto_secretbox_NONCEBYTES];
+    randombytes(nbytes,crypto_secretbox_NONCEBYTES);
+    string n((char *) nbytes,crypto_secretbox_NONCEBYTES);
+    unsigned char mbytes[mlen];
+    randombytes(mbytes,mlen);
+    string m((char *) mbytes,mlen);
+    string c = crypto_secretbox(m,n,k);
+    try {
+      string m2 = crypto_secretbox_open(c,n,k);
+      if (m != m2) printf("bad decryption\n");
+    } catch(const char *s) {
+      printf("%s\n",s);
+    }
+  }
+  return 0;
+}
diff --git a/nacl/tests/secretbox5.out b/nacl/tests/secretbox5.out
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/tests/secretbox5.out
diff --git a/nacl/tests/secretbox6.cpp b/nacl/tests/secretbox6.cpp
new file mode 100644
index 00000000..e8274006
--- /dev/null
+++ b/nacl/tests/secretbox6.cpp
@@ -0,0 +1,42 @@
+#include <string>
+using std::string;
+#include <stdlib.h>
+#include <stdio.h>
+#include "crypto_secretbox.h"
+#include "randombytes.h"
+
+main()
+{
+  int mlen;
+  for (mlen = 0;mlen < 1000;++mlen) {
+    unsigned char kbytes[crypto_secretbox_KEYBYTES];
+    randombytes(kbytes,crypto_secretbox_KEYBYTES);
+    string k((char *) kbytes,crypto_secretbox_KEYBYTES);
+    unsigned char nbytes[crypto_secretbox_NONCEBYTES];
+    randombytes(nbytes,crypto_secretbox_NONCEBYTES);
+    string n((char *) nbytes,crypto_secretbox_NONCEBYTES);
+    unsigned char mbytes[mlen];
+    randombytes(mbytes,mlen);
+    string m((char *) mbytes,mlen);
+    string c = crypto_secretbox(m,n,k);
+    int caught = 0;
+    while (caught < 10) {
+      c.replace(random() % c.size(),1,1,random());
+      try {
+        string m2 = crypto_secretbox_open(c,n,k);
+        if (m != m2) {
+          printf("forgery\n");
+          return 100;
+        }
+      } catch(const char *s) {
+        if (string(s) == string("ciphertext fails verification"))
+          ++caught;
+        else {
+          printf("%s\n",s);
+          return 111;
+        }
+      }
+    }
+  }
+  return 0;
+}
diff --git a/nacl/tests/secretbox6.out b/nacl/tests/secretbox6.out
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/tests/secretbox6.out
diff --git a/nacl/tests/secretbox7.c b/nacl/tests/secretbox7.c
new file mode 100644
index 00000000..d4be9b49
--- /dev/null
+++ b/nacl/tests/secretbox7.c
@@ -0,0 +1,32 @@
+#include <stdio.h>
+#include "crypto_secretbox.h"
+#include "randombytes.h"
+
+unsigned char k[crypto_secretbox_KEYBYTES];
+unsigned char n[crypto_secretbox_NONCEBYTES];
+unsigned char m[10000];
+unsigned char c[10000];
+unsigned char m2[10000];
+
+main()
+{
+  int mlen;
+  int i;
+
+  for (mlen = 0;mlen < 1000 && mlen + crypto_secretbox_ZEROBYTES < sizeof m;++mlen) {
+    randombytes(k,crypto_secretbox_KEYBYTES);
+    randombytes(n,crypto_secretbox_NONCEBYTES);
+    randombytes(m + crypto_secretbox_ZEROBYTES,mlen);
+    crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k);
+    if (crypto_secretbox_open(m2,c,mlen + crypto_secretbox_ZEROBYTES,n,k) == 0) {
+      for (i = 0;i < mlen + crypto_secretbox_ZEROBYTES;++i)
+        if (m2[i] != m[i]) {
+          printf("bad decryption\n");
+          break;
+        }
+    } else {
+      printf("ciphertext fails verification\n");
+    }
+  }
+  return 0;
+}
diff --git a/nacl/tests/secretbox7.out b/nacl/tests/secretbox7.out
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/tests/secretbox7.out
diff --git a/nacl/tests/secretbox8.c b/nacl/tests/secretbox8.c
new file mode 100644
index 00000000..a6c75c23
--- /dev/null
+++ b/nacl/tests/secretbox8.c
@@ -0,0 +1,37 @@
+#include <stdio.h>
+#include "crypto_secretbox.h"
+#include "randombytes.h"
+
+unsigned char k[crypto_secretbox_KEYBYTES];
+unsigned char n[crypto_secretbox_NONCEBYTES];
+unsigned char m[10000];
+unsigned char c[10000];
+unsigned char m2[10000];
+
+main()
+{
+  int mlen;
+  int i;
+  int caught;
+
+  for (mlen = 0;mlen < 1000 && mlen + crypto_secretbox_ZEROBYTES < sizeof m;++mlen) {
+    randombytes(k,crypto_secretbox_KEYBYTES);
+    randombytes(n,crypto_secretbox_NONCEBYTES);
+    randombytes(m + crypto_secretbox_ZEROBYTES,mlen);
+    crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k);
+    caught = 0;
+    while (caught < 10) {
+      c[random() % (mlen + crypto_secretbox_ZEROBYTES)] = random();
+      if (crypto_secretbox_open(m2,c,mlen + crypto_secretbox_ZEROBYTES,n,k) == 0) {
+        for (i = 0;i < mlen + crypto_secretbox_ZEROBYTES;++i)
+          if (m2[i] != m[i]) {
+            printf("forgery\n");
+            return 100;
+          }
+      } else {
+        ++caught;
+      }
+    }
+  }
+  return 0;
+}
diff --git a/nacl/tests/secretbox8.out b/nacl/tests/secretbox8.out
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/tests/secretbox8.out
diff --git a/nacl/tests/stream.c b/nacl/tests/stream.c
new file mode 100644
index 00000000..ebb39398
--- /dev/null
+++ b/nacl/tests/stream.c
@@ -0,0 +1,29 @@
+#include <stdio.h>
+#include "crypto_stream_xsalsa20.h"
+#include "crypto_hash_sha256.h"
+
+unsigned char firstkey[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+unsigned char nonce[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+unsigned char output[4194304];
+
+unsigned char h[32];
+
+main()
+{
+  int i;
+  crypto_stream_xsalsa20(output,4194304,nonce,firstkey);
+  crypto_hash_sha256(h,output,sizeof output);
+  for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n");
+  return 0;
+}
diff --git a/nacl/tests/stream.out b/nacl/tests/stream.out
new file mode 100644
index 00000000..5fa208c1
--- /dev/null
+++ b/nacl/tests/stream.out
@@ -0,0 +1 @@
+662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2
diff --git a/nacl/tests/stream2.c b/nacl/tests/stream2.c
new file mode 100644
index 00000000..12f13de4
--- /dev/null
+++ b/nacl/tests/stream2.c
@@ -0,0 +1,27 @@
+#include <stdio.h>
+#include "crypto_stream_salsa20.h"
+#include "crypto_hash_sha256.h"
+
+unsigned char secondkey[32] = {
+ 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9
+,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88
+,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9
+,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4
+} ;
+
+unsigned char noncesuffix[8] = {
+ 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+unsigned char output[4194304];
+
+unsigned char h[32];
+
+main()
+{
+  int i;
+  crypto_stream_salsa20(output,4194304,noncesuffix,secondkey);
+  crypto_hash_sha256(h,output,sizeof output);
+  for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n");
+  return 0;
+}
diff --git a/nacl/tests/stream2.out b/nacl/tests/stream2.out
new file mode 100644
index 00000000..5fa208c1
--- /dev/null
+++ b/nacl/tests/stream2.out
@@ -0,0 +1 @@
+662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2
diff --git a/nacl/tests/stream3.c b/nacl/tests/stream3.c
new file mode 100644
index 00000000..7798dc18
--- /dev/null
+++ b/nacl/tests/stream3.c
@@ -0,0 +1,28 @@
+#include <stdio.h>
+#include "crypto_stream_xsalsa20.h"
+
+unsigned char firstkey[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+unsigned char nonce[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+unsigned char rs[32];
+
+main()
+{
+  int i;
+  crypto_stream_xsalsa20(rs,32,nonce,firstkey);
+  for (i = 0;i < 32;++i) {
+    printf(",0x%02x",(unsigned int) rs[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/stream3.out b/nacl/tests/stream3.out
new file mode 100644
index 00000000..9cd78798
--- /dev/null
+++ b/nacl/tests/stream3.out
@@ -0,0 +1,4 @@
+,0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
+,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
+,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
+,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80
diff --git a/nacl/tests/stream4.c b/nacl/tests/stream4.c
new file mode 100644
index 00000000..84d8c523
--- /dev/null
+++ b/nacl/tests/stream4.c
@@ -0,0 +1,53 @@
+#include <stdio.h>
+#include "crypto_stream_xsalsa20.h"
+
+unsigned char firstkey[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+unsigned char nonce[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+unsigned char m[163] = {
+    0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
+} ;
+
+unsigned char c[163];
+
+main()
+{
+  int i;
+  crypto_stream_xsalsa20_xor(c,m,163,nonce,firstkey);
+  for (i = 32;i < 163;++i) {
+    printf(",0x%02x",(unsigned int) c[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  printf("\n");
+  return 0;
+}
diff --git a/nacl/tests/stream4.out b/nacl/tests/stream4.out
new file mode 100644
index 00000000..0d3d8e94
--- /dev/null
+++ b/nacl/tests/stream4.out
@@ -0,0 +1,17 @@
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
diff --git a/nacl/tests/stream5.cpp b/nacl/tests/stream5.cpp
new file mode 100644
index 00000000..66f3839b
--- /dev/null
+++ b/nacl/tests/stream5.cpp
@@ -0,0 +1,29 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_stream_xsalsa20.h"
+#include "crypto_hash_sha256.h"
+
+char firstkey_bytes[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+char nonce_bytes[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+main()
+{
+  int i;
+  string firstkey(firstkey_bytes,sizeof firstkey_bytes);
+  string nonce(nonce_bytes,sizeof nonce_bytes);
+  string output = crypto_stream_xsalsa20(4194304,nonce,firstkey);
+  string h = crypto_hash_sha256(output);
+  for (i = 0;i < 32;++i) printf("%02x",(unsigned int) (unsigned char) h[i]); printf("\n");
+  return 0;
+}
diff --git a/nacl/tests/stream5.out b/nacl/tests/stream5.out
new file mode 100644
index 00000000..5fa208c1
--- /dev/null
+++ b/nacl/tests/stream5.out
@@ -0,0 +1 @@
+662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2
diff --git a/nacl/tests/stream6.cpp b/nacl/tests/stream6.cpp
new file mode 100644
index 00000000..d9ed61f7
--- /dev/null
+++ b/nacl/tests/stream6.cpp
@@ -0,0 +1,27 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_stream_salsa20.h"
+#include "crypto_hash_sha256.h"
+
+char secondkey_bytes[32] = {
+ 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9
+,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88
+,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9
+,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4
+} ;
+
+char noncesuffix_bytes[8] = {
+ 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+main()
+{
+  int i;
+  string secondkey(secondkey_bytes,sizeof secondkey_bytes);
+  string noncesuffix(noncesuffix_bytes,sizeof noncesuffix_bytes);
+  string output = crypto_stream_salsa20(4194304,noncesuffix,secondkey);
+  string h = crypto_hash_sha256(output);
+  for (i = 0;i < 32;++i) printf("%02x",(unsigned int) (unsigned char) h[i]); printf("\n");
+  return 0;
+}
diff --git a/nacl/tests/stream6.out b/nacl/tests/stream6.out
new file mode 100644
index 00000000..5fa208c1
--- /dev/null
+++ b/nacl/tests/stream6.out
@@ -0,0 +1 @@
+662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2
diff --git a/nacl/tests/stream7.cpp b/nacl/tests/stream7.cpp
new file mode 100644
index 00000000..d2f106e5
--- /dev/null
+++ b/nacl/tests/stream7.cpp
@@ -0,0 +1,30 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_stream_xsalsa20.h"
+
+char firstkey_bytes[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+char nonce_bytes[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+main()
+{
+  int i;
+  string firstkey(firstkey_bytes,sizeof firstkey_bytes);
+  string nonce(nonce_bytes,sizeof nonce_bytes);
+  string rs = crypto_stream_xsalsa20(32,nonce,firstkey);
+  for (i = 0;i < rs.size();++i) {
+    printf(",0x%02x",(unsigned int) (unsigned char) rs[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}
diff --git a/nacl/tests/stream7.out b/nacl/tests/stream7.out
new file mode 100644
index 00000000..9cd78798
--- /dev/null
+++ b/nacl/tests/stream7.out
@@ -0,0 +1,4 @@
+,0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
+,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
+,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
+,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80
diff --git a/nacl/tests/stream8.cpp b/nacl/tests/stream8.cpp
new file mode 100644
index 00000000..ea95d68f
--- /dev/null
+++ b/nacl/tests/stream8.cpp
@@ -0,0 +1,56 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_stream_xsalsa20.h"
+
+char firstkey_bytes[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+char nonce_bytes[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+char m_bytes[163] = {
+    0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
+} ;
+
+main()
+{
+  int i;
+  string firstkey(firstkey_bytes,sizeof firstkey_bytes);
+  string nonce(nonce_bytes,sizeof nonce_bytes);
+  string m(m_bytes,sizeof m_bytes);
+  string c = crypto_stream_xsalsa20_xor(m,nonce,firstkey);
+  for (i = 32;i < c.size();++i) {
+    printf(",0x%02x",(unsigned int) (unsigned char) c[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  printf("\n");
+  return 0;
+}
diff --git a/nacl/tests/stream8.out b/nacl/tests/stream8.out
new file mode 100644
index 00000000..0d3d8e94
--- /dev/null
+++ b/nacl/tests/stream8.out
@@ -0,0 +1,17 @@
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5