curve25519 application for simple 'in place' protection of socket traffic

Hi everybody,

I hope this is the right place to discuss CURVE25519!

For a small project, I needed a way to do almost 'drop in' encryption
over nonblocking sockets. This ruled out a lot of existing libraries.
Plus doing crypto is fun! Especially for an amateur like me.

So, I decided to try out CURVE25519 + AES128-CTR.

My goals:
       Perfect forward secrecy
       Complete shrouding of all traffic (including negotiation)
except against main in the middle
       Authentication of server identity
       1-bit-in-1-bit-out
       High performance
       Small code base

Non-goals for now:
       Preventing timing attacks
       Message authentication
       Rekeying

I've implemented the following, using CURVE25519 and (for now) AES-128:
- you create & connect the socket, or create & bind it

- clients & servers have static CURVE25519 keys which change rarely

- both ends call establishSecret(sock): writes a random public key to