public static int CryptoSecretboxOpen(byte[] M, byte[] C, long Clen, byte[] N, byte[] K) { if (Clen < 32) { return(-1); } byte[] subkeyp = new byte[32]; Xsalsa20.CryptoStream(subkeyp, 32, N, K); if (Poly1305.CryptoOnetimeauthVerify(C, 16, C, 32, Clen - 32, subkeyp) != 0) { return(-1); } Xsalsa20.CryptoStreamXor(M, C, Clen, N, K); for (int i = 0; i < 32; ++i) { M[i] = 0; } return(0); }