gravityview /
GravityView
@@ -7,8 +7,7 @@ discard block |
||
| 7 | 7 | /** |
| 8 | 8 | * Class ParagonIE_Sodium_Core_Ed25519 |
| 9 | 9 | */ |
| 10 | -abstract class ParagonIE_Sodium_Core_Ed25519 extends ParagonIE_Sodium_Core_Curve25519 |
|
| 11 | -{ |
|
| 10 | +abstract class ParagonIE_Sodium_Core_Ed25519 extends ParagonIE_Sodium_Core_Curve25519 { |
|
| 12 | 11 | const KEYPAIR_BYTES = 96; |
| 13 | 12 | const SEED_BYTES = 32; |
| 14 | 13 | const SCALAR_BYTES = 32; |
@@ -21,8 +20,7 @@ discard block |
||
| 21 | 20 | * @throws SodiumException |
| 22 | 21 | * @throws TypeError |
| 23 | 22 | */ |
| 24 | - public static function keypair() |
|
| 25 | - { |
|
| 23 | + public static function keypair() { |
|
| 26 | 24 | $seed = random_bytes(self::SEED_BYTES); |
| 27 | 25 | $pk = ''; |
| 28 | 26 | $sk = ''; |
@@ -40,8 +38,7 @@ discard block |
||
| 40 | 38 | * @throws SodiumException |
| 41 | 39 | * @throws TypeError |
| 42 | 40 | */ |
| 43 | - public static function seed_keypair(&$pk, &$sk, $seed) |
|
| 44 | - { |
|
| 41 | + public static function seed_keypair(&$pk, &$sk, $seed) { |
|
| 45 | 42 | if (self::strlen($seed) !== self::SEED_BYTES) { |
| 46 | 43 | throw new RangeException('crypto_sign keypair seed must be 32 bytes long'); |
| 47 | 44 | } |
@@ -59,8 +56,7 @@ discard block |
||
| 59 | 56 | * @return string |
| 60 | 57 | * @throws TypeError |
| 61 | 58 | */ |
| 62 | - public static function secretkey($keypair) |
|
| 63 | - { |
|
| 59 | + public static function secretkey($keypair) { |
|
| 64 | 60 | if (self::strlen($keypair) !== self::KEYPAIR_BYTES) { |
| 65 | 61 | throw new RangeException('crypto_sign keypair must be 96 bytes long'); |
| 66 | 62 | } |
@@ -74,8 +70,7 @@ discard block |
||
| 74 | 70 | * @return string |
| 75 | 71 | * @throws TypeError |
| 76 | 72 | */ |
| 77 | - public static function publickey($keypair) |
|
| 78 | - { |
|
| 73 | + public static function publickey($keypair) { |
|
| 79 | 74 | if (self::strlen($keypair) !== self::KEYPAIR_BYTES) { |
| 80 | 75 | throw new RangeException('crypto_sign keypair must be 96 bytes long'); |
| 81 | 76 | } |
@@ -90,8 +85,7 @@ discard block |
||
| 90 | 85 | * @throws SodiumException |
| 91 | 86 | * @throws TypeError |
| 92 | 87 | */ |
| 93 | - public static function publickey_from_secretkey($sk) |
|
| 94 | - { |
|
| 88 | + public static function publickey_from_secretkey($sk) { |
|
| 95 | 89 | /** @var string $sk */ |
| 96 | 90 | $sk = hash('sha512', self::substr($sk, 0, 32), true); |
| 97 | 91 | $sk[0] = self::intToChr( |
@@ -109,8 +103,7 @@ discard block |
||
| 109 | 103 | * @throws SodiumException |
| 110 | 104 | * @throws TypeError |
| 111 | 105 | */ |
| 112 | - public static function pk_to_curve25519($pk) |
|
| 113 | - { |
|
| 106 | + public static function pk_to_curve25519($pk) { |
|
| 114 | 107 | if (self::small_order($pk)) { |
| 115 | 108 | throw new SodiumException('Public key is on a small order'); |
| 116 | 109 | } |
@@ -150,8 +143,7 @@ discard block |
||
| 150 | 143 | * @throws SodiumException |
| 151 | 144 | * @throws TypeError |
| 152 | 145 | */ |
| 153 | - public static function sk_to_pk($sk) |
|
| 154 | - { |
|
| 146 | + public static function sk_to_pk($sk) { |
|
| 155 | 147 | return self::ge_p3_tobytes( |
| 156 | 148 | self::ge_scalarmult_base( |
| 157 | 149 | self::substr($sk, 0, 32) |
@@ -168,8 +160,7 @@ discard block |
||
| 168 | 160 | * @throws SodiumException |
| 169 | 161 | * @throws TypeError |
| 170 | 162 | */ |
| 171 | - public static function sign($message, $sk) |
|
| 172 | - { |
|
| 163 | + public static function sign($message, $sk) { |
|
| 173 | 164 | /** @var string $signature */ |
| 174 | 165 | $signature = self::sign_detached($message, $sk); |
| 175 | 166 | return $signature . $message; |
@@ -184,8 +175,7 @@ discard block |
||
| 184 | 175 | * @throws SodiumException |
| 185 | 176 | * @throws TypeError |
| 186 | 177 | */ |
| 187 | - public static function sign_open($message, $pk) |
|
| 188 | - { |
|
| 178 | + public static function sign_open($message, $pk) { |
|
| 189 | 179 | /** @var string $signature */ |
| 190 | 180 | $signature = self::substr($message, 0, 64); |
| 191 | 181 | |
@@ -207,8 +197,7 @@ discard block |
||
| 207 | 197 | * @throws SodiumException |
| 208 | 198 | * @throws TypeError |
| 209 | 199 | */ |
| 210 | - public static function sign_detached($message, $sk) |
|
| 211 | - { |
|
| 200 | + public static function sign_detached($message, $sk) { |
|
| 212 | 201 | # crypto_hash_sha512(az, sk, 32); |
| 213 | 202 | $az = hash('sha512', self::substr($sk, 0, 32), true); |
| 214 | 203 | |
@@ -272,8 +261,7 @@ discard block |
||
| 272 | 261 | * @throws SodiumException |
| 273 | 262 | * @throws TypeError |
| 274 | 263 | */ |
| 275 | - public static function verify_detached($sig, $message, $pk) |
|
| 276 | - { |
|
| 264 | + public static function verify_detached($sig, $message, $pk) { |
|
| 277 | 265 | if (self::strlen($sig) < 64) { |
| 278 | 266 | throw new SodiumException('Signature is too short'); |
| 279 | 267 | } |
@@ -339,8 +327,7 @@ discard block |
||
| 339 | 327 | * @throws SodiumException |
| 340 | 328 | * @throws TypeError |
| 341 | 329 | */ |
| 342 | - public static function check_S_lt_L($S) |
|
| 343 | - { |
|
| 330 | + public static function check_S_lt_L($S) { |
|
| 344 | 331 | if (self::strlen($S) < 32) { |
| 345 | 332 | throw new SodiumException('Signature must be 32 bytes'); |
| 346 | 333 | } |
@@ -375,8 +362,7 @@ discard block |
||
| 375 | 362 | * @throws SodiumException |
| 376 | 363 | * @throws TypeError |
| 377 | 364 | */ |
| 378 | - public static function small_order($R) |
|
| 379 | - { |
|
| 365 | + public static function small_order($R) { |
|
| 380 | 366 | /** @var array<int, array<int, int>> $blocklist */ |
| 381 | 367 | $blocklist = array( |
| 382 | 368 | /* 0 (order 4) */ |
@@ -484,8 +470,7 @@ discard block |
||
| 484 | 470 | * @return string |
| 485 | 471 | * @throws SodiumException |
| 486 | 472 | */ |
| 487 | - public static function scalar_complement($s) |
|
| 488 | - { |
|
| 473 | + public static function scalar_complement($s) { |
|
| 489 | 474 | $t_ = self::L . str_repeat("\x00", 32); |
| 490 | 475 | sodium_increment($t_); |
| 491 | 476 | $s_ = $s . str_repeat("\x00", 32); |
@@ -497,8 +482,7 @@ discard block |
||
| 497 | 482 | * @return string |
| 498 | 483 | * @throws SodiumException |
| 499 | 484 | */ |
| 500 | - public static function scalar_random() |
|
| 501 | - { |
|
| 485 | + public static function scalar_random() { |
|
| 502 | 486 | do { |
| 503 | 487 | $r = ParagonIE_Sodium_Compat::randombytes_buf(self::SCALAR_BYTES); |
| 504 | 488 | $r[self::SCALAR_BYTES - 1] = self::intToChr( |
@@ -515,8 +499,7 @@ discard block |
||
| 515 | 499 | * @return string |
| 516 | 500 | * @throws SodiumException |
| 517 | 501 | */ |
| 518 | - public static function scalar_negate($s) |
|
| 519 | - { |
|
| 502 | + public static function scalar_negate($s) { |
|
| 520 | 503 | $t_ = self::L . str_repeat("\x00", 32) ; |
| 521 | 504 | $s_ = $s . str_repeat("\x00", 32) ; |
| 522 | 505 | ParagonIE_Sodium_Compat::sub($t_, $s_); |
@@ -529,8 +512,7 @@ discard block |
||
| 529 | 512 | * @return string |
| 530 | 513 | * @throws SodiumException |
| 531 | 514 | */ |
| 532 | - public static function scalar_add($a, $b) |
|
| 533 | - { |
|
| 515 | + public static function scalar_add($a, $b) { |
|
| 534 | 516 | $a_ = $a . str_repeat("\x00", 32); |
| 535 | 517 | $b_ = $b . str_repeat("\x00", 32); |
| 536 | 518 | ParagonIE_Sodium_Compat::add($a_, $b_); |
@@ -543,8 +525,7 @@ discard block |
||
| 543 | 525 | * @return string |
| 544 | 526 | * @throws SodiumException |
| 545 | 527 | */ |
| 546 | - public static function scalar_sub($x, $y) |
|
| 547 | - { |
|
| 528 | + public static function scalar_sub($x, $y) { |
|
| 548 | 529 | $yn = self::scalar_negate($y); |
| 549 | 530 | return self::scalar_add($x, $yn); |
| 550 | 531 | } |
@@ -1,10 +1,10 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | if (class_exists('ParagonIE_Sodium_Core_Ed25519', false)) { |
| 4 | - return; |
|
| 4 | + return; |
|
| 5 | 5 | } |
| 6 | 6 | if (!class_exists('ParagonIE_Sodium_Core_Curve25519', false)) { |
| 7 | - require_once dirname(__FILE__) . '/Curve25519.php'; |
|
| 7 | + require_once dirname(__FILE__) . '/Curve25519.php'; |
|
| 8 | 8 | } |
| 9 | 9 | |
| 10 | 10 | /** |
@@ -12,543 +12,543 @@ discard block |
||
| 12 | 12 | */ |
| 13 | 13 | abstract class ParagonIE_Sodium_Core_Ed25519 extends ParagonIE_Sodium_Core_Curve25519 |
| 14 | 14 | { |
| 15 | - const KEYPAIR_BYTES = 96; |
|
| 16 | - const SEED_BYTES = 32; |
|
| 17 | - const SCALAR_BYTES = 32; |
|
| 18 | - |
|
| 19 | - /** |
|
| 20 | - * @internal You should not use this directly from another application |
|
| 21 | - * |
|
| 22 | - * @return string (96 bytes) |
|
| 23 | - * @throws Exception |
|
| 24 | - * @throws SodiumException |
|
| 25 | - * @throws TypeError |
|
| 26 | - */ |
|
| 27 | - public static function keypair() |
|
| 28 | - { |
|
| 29 | - $seed = random_bytes(self::SEED_BYTES); |
|
| 30 | - $pk = ''; |
|
| 31 | - $sk = ''; |
|
| 32 | - self::seed_keypair($pk, $sk, $seed); |
|
| 33 | - return $sk . $pk; |
|
| 34 | - } |
|
| 35 | - |
|
| 36 | - /** |
|
| 37 | - * @internal You should not use this directly from another application |
|
| 38 | - * |
|
| 39 | - * @param string $pk |
|
| 40 | - * @param string $sk |
|
| 41 | - * @param string $seed |
|
| 42 | - * @return string |
|
| 43 | - * @throws SodiumException |
|
| 44 | - * @throws TypeError |
|
| 45 | - */ |
|
| 46 | - public static function seed_keypair(&$pk, &$sk, $seed) |
|
| 47 | - { |
|
| 48 | - if (self::strlen($seed) !== self::SEED_BYTES) { |
|
| 49 | - throw new RangeException('crypto_sign keypair seed must be 32 bytes long'); |
|
| 50 | - } |
|
| 51 | - |
|
| 52 | - /** @var string $pk */ |
|
| 53 | - $pk = self::publickey_from_secretkey($seed); |
|
| 54 | - $sk = $seed . $pk; |
|
| 55 | - return $sk; |
|
| 56 | - } |
|
| 57 | - |
|
| 58 | - /** |
|
| 59 | - * @internal You should not use this directly from another application |
|
| 60 | - * |
|
| 61 | - * @param string $keypair |
|
| 62 | - * @return string |
|
| 63 | - * @throws TypeError |
|
| 64 | - */ |
|
| 65 | - public static function secretkey($keypair) |
|
| 66 | - { |
|
| 67 | - if (self::strlen($keypair) !== self::KEYPAIR_BYTES) { |
|
| 68 | - throw new RangeException('crypto_sign keypair must be 96 bytes long'); |
|
| 69 | - } |
|
| 70 | - return self::substr($keypair, 0, 64); |
|
| 71 | - } |
|
| 72 | - |
|
| 73 | - /** |
|
| 74 | - * @internal You should not use this directly from another application |
|
| 75 | - * |
|
| 76 | - * @param string $keypair |
|
| 77 | - * @return string |
|
| 78 | - * @throws TypeError |
|
| 79 | - */ |
|
| 80 | - public static function publickey($keypair) |
|
| 81 | - { |
|
| 82 | - if (self::strlen($keypair) !== self::KEYPAIR_BYTES) { |
|
| 83 | - throw new RangeException('crypto_sign keypair must be 96 bytes long'); |
|
| 84 | - } |
|
| 85 | - return self::substr($keypair, 64, 32); |
|
| 86 | - } |
|
| 87 | - |
|
| 88 | - /** |
|
| 89 | - * @internal You should not use this directly from another application |
|
| 90 | - * |
|
| 91 | - * @param string $sk |
|
| 92 | - * @return string |
|
| 93 | - * @throws SodiumException |
|
| 94 | - * @throws TypeError |
|
| 95 | - */ |
|
| 96 | - public static function publickey_from_secretkey($sk) |
|
| 97 | - { |
|
| 98 | - /** @var string $sk */ |
|
| 99 | - $sk = hash('sha512', self::substr($sk, 0, 32), true); |
|
| 100 | - $sk[0] = self::intToChr( |
|
| 101 | - self::chrToInt($sk[0]) & 248 |
|
| 102 | - ); |
|
| 103 | - $sk[31] = self::intToChr( |
|
| 104 | - (self::chrToInt($sk[31]) & 63) | 64 |
|
| 105 | - ); |
|
| 106 | - return self::sk_to_pk($sk); |
|
| 107 | - } |
|
| 108 | - |
|
| 109 | - /** |
|
| 110 | - * @param string $pk |
|
| 111 | - * @return string |
|
| 112 | - * @throws SodiumException |
|
| 113 | - * @throws TypeError |
|
| 114 | - */ |
|
| 115 | - public static function pk_to_curve25519($pk) |
|
| 116 | - { |
|
| 117 | - if (self::small_order($pk)) { |
|
| 118 | - throw new SodiumException('Public key is on a small order'); |
|
| 119 | - } |
|
| 120 | - $A = self::ge_frombytes_negate_vartime(self::substr($pk, 0, 32)); |
|
| 121 | - $p1 = self::ge_mul_l($A); |
|
| 122 | - if (!self::fe_isnonzero($p1->X)) { |
|
| 123 | - throw new SodiumException('Unexpected zero result'); |
|
| 124 | - } |
|
| 125 | - |
|
| 126 | - # fe_1(one_minus_y); |
|
| 127 | - # fe_sub(one_minus_y, one_minus_y, A.Y); |
|
| 128 | - # fe_invert(one_minus_y, one_minus_y); |
|
| 129 | - $one_minux_y = self::fe_invert( |
|
| 130 | - self::fe_sub( |
|
| 131 | - self::fe_1(), |
|
| 132 | - $A->Y |
|
| 133 | - ) |
|
| 134 | - ); |
|
| 135 | - |
|
| 136 | - # fe_1(x); |
|
| 137 | - # fe_add(x, x, A.Y); |
|
| 138 | - # fe_mul(x, x, one_minus_y); |
|
| 139 | - $x = self::fe_mul( |
|
| 140 | - self::fe_add(self::fe_1(), $A->Y), |
|
| 141 | - $one_minux_y |
|
| 142 | - ); |
|
| 143 | - |
|
| 144 | - # fe_tobytes(curve25519_pk, x); |
|
| 145 | - return self::fe_tobytes($x); |
|
| 146 | - } |
|
| 147 | - |
|
| 148 | - /** |
|
| 149 | - * @internal You should not use this directly from another application |
|
| 150 | - * |
|
| 151 | - * @param string $sk |
|
| 152 | - * @return string |
|
| 153 | - * @throws SodiumException |
|
| 154 | - * @throws TypeError |
|
| 155 | - */ |
|
| 156 | - public static function sk_to_pk($sk) |
|
| 157 | - { |
|
| 158 | - return self::ge_p3_tobytes( |
|
| 159 | - self::ge_scalarmult_base( |
|
| 160 | - self::substr($sk, 0, 32) |
|
| 161 | - ) |
|
| 162 | - ); |
|
| 163 | - } |
|
| 164 | - |
|
| 165 | - /** |
|
| 166 | - * @internal You should not use this directly from another application |
|
| 167 | - * |
|
| 168 | - * @param string $message |
|
| 169 | - * @param string $sk |
|
| 170 | - * @return string |
|
| 171 | - * @throws SodiumException |
|
| 172 | - * @throws TypeError |
|
| 173 | - */ |
|
| 174 | - public static function sign($message, $sk) |
|
| 175 | - { |
|
| 176 | - /** @var string $signature */ |
|
| 177 | - $signature = self::sign_detached($message, $sk); |
|
| 178 | - return $signature . $message; |
|
| 179 | - } |
|
| 180 | - |
|
| 181 | - /** |
|
| 182 | - * @internal You should not use this directly from another application |
|
| 183 | - * |
|
| 184 | - * @param string $message A signed message |
|
| 185 | - * @param string $pk Public key |
|
| 186 | - * @return string Message (without signature) |
|
| 187 | - * @throws SodiumException |
|
| 188 | - * @throws TypeError |
|
| 189 | - */ |
|
| 190 | - public static function sign_open($message, $pk) |
|
| 191 | - { |
|
| 192 | - /** @var string $signature */ |
|
| 193 | - $signature = self::substr($message, 0, 64); |
|
| 194 | - |
|
| 195 | - /** @var string $message */ |
|
| 196 | - $message = self::substr($message, 64); |
|
| 197 | - |
|
| 198 | - if (self::verify_detached($signature, $message, $pk)) { |
|
| 199 | - return $message; |
|
| 200 | - } |
|
| 201 | - throw new SodiumException('Invalid signature'); |
|
| 202 | - } |
|
| 203 | - |
|
| 204 | - /** |
|
| 205 | - * @internal You should not use this directly from another application |
|
| 206 | - * |
|
| 207 | - * @param string $message |
|
| 208 | - * @param string $sk |
|
| 209 | - * @return string |
|
| 210 | - * @throws SodiumException |
|
| 211 | - * @throws TypeError |
|
| 212 | - */ |
|
| 213 | - public static function sign_detached($message, $sk) |
|
| 214 | - { |
|
| 215 | - # crypto_hash_sha512(az, sk, 32); |
|
| 216 | - $az = hash('sha512', self::substr($sk, 0, 32), true); |
|
| 217 | - |
|
| 218 | - # az[0] &= 248; |
|
| 219 | - # az[31] &= 63; |
|
| 220 | - # az[31] |= 64; |
|
| 221 | - $az[0] = self::intToChr(self::chrToInt($az[0]) & 248); |
|
| 222 | - $az[31] = self::intToChr((self::chrToInt($az[31]) & 63) | 64); |
|
| 223 | - |
|
| 224 | - # crypto_hash_sha512_init(&hs); |
|
| 225 | - # crypto_hash_sha512_update(&hs, az + 32, 32); |
|
| 226 | - # crypto_hash_sha512_update(&hs, m, mlen); |
|
| 227 | - # crypto_hash_sha512_final(&hs, nonce); |
|
| 228 | - $hs = hash_init('sha512'); |
|
| 229 | - hash_update($hs, self::substr($az, 32, 32)); |
|
| 230 | - hash_update($hs, $message); |
|
| 231 | - $nonceHash = hash_final($hs, true); |
|
| 232 | - |
|
| 233 | - # memmove(sig + 32, sk + 32, 32); |
|
| 234 | - $pk = self::substr($sk, 32, 32); |
|
| 235 | - |
|
| 236 | - # sc_reduce(nonce); |
|
| 237 | - # ge_scalarmult_base(&R, nonce); |
|
| 238 | - # ge_p3_tobytes(sig, &R); |
|
| 239 | - $nonce = self::sc_reduce($nonceHash) . self::substr($nonceHash, 32); |
|
| 240 | - $sig = self::ge_p3_tobytes( |
|
| 241 | - self::ge_scalarmult_base($nonce) |
|
| 242 | - ); |
|
| 243 | - |
|
| 244 | - # crypto_hash_sha512_init(&hs); |
|
| 245 | - # crypto_hash_sha512_update(&hs, sig, 64); |
|
| 246 | - # crypto_hash_sha512_update(&hs, m, mlen); |
|
| 247 | - # crypto_hash_sha512_final(&hs, hram); |
|
| 248 | - $hs = hash_init('sha512'); |
|
| 249 | - hash_update($hs, self::substr($sig, 0, 32)); |
|
| 250 | - hash_update($hs, self::substr($pk, 0, 32)); |
|
| 251 | - hash_update($hs, $message); |
|
| 252 | - $hramHash = hash_final($hs, true); |
|
| 253 | - |
|
| 254 | - # sc_reduce(hram); |
|
| 255 | - # sc_muladd(sig + 32, hram, az, nonce); |
|
| 256 | - $hram = self::sc_reduce($hramHash); |
|
| 257 | - $sigAfter = self::sc_muladd($hram, $az, $nonce); |
|
| 258 | - $sig = self::substr($sig, 0, 32) . self::substr($sigAfter, 0, 32); |
|
| 259 | - |
|
| 260 | - try { |
|
| 261 | - ParagonIE_Sodium_Compat::memzero($az); |
|
| 262 | - } catch (SodiumException $ex) { |
|
| 263 | - $az = null; |
|
| 264 | - } |
|
| 265 | - return $sig; |
|
| 266 | - } |
|
| 267 | - |
|
| 268 | - /** |
|
| 269 | - * @internal You should not use this directly from another application |
|
| 270 | - * |
|
| 271 | - * @param string $sig |
|
| 272 | - * @param string $message |
|
| 273 | - * @param string $pk |
|
| 274 | - * @return bool |
|
| 275 | - * @throws SodiumException |
|
| 276 | - * @throws TypeError |
|
| 277 | - */ |
|
| 278 | - public static function verify_detached($sig, $message, $pk) |
|
| 279 | - { |
|
| 280 | - if (self::strlen($sig) < 64) { |
|
| 281 | - throw new SodiumException('Signature is too short'); |
|
| 282 | - } |
|
| 283 | - if ((self::chrToInt($sig[63]) & 240) && self::check_S_lt_L(self::substr($sig, 32, 32))) { |
|
| 284 | - throw new SodiumException('S < L - Invalid signature'); |
|
| 285 | - } |
|
| 286 | - if (self::small_order($sig)) { |
|
| 287 | - throw new SodiumException('Signature is on too small of an order'); |
|
| 288 | - } |
|
| 289 | - if ((self::chrToInt($sig[63]) & 224) !== 0) { |
|
| 290 | - throw new SodiumException('Invalid signature'); |
|
| 291 | - } |
|
| 292 | - $d = 0; |
|
| 293 | - for ($i = 0; $i < 32; ++$i) { |
|
| 294 | - $d |= self::chrToInt($pk[$i]); |
|
| 295 | - } |
|
| 296 | - if ($d === 0) { |
|
| 297 | - throw new SodiumException('All zero public key'); |
|
| 298 | - } |
|
| 299 | - |
|
| 300 | - /** @var bool The original value of ParagonIE_Sodium_Compat::$fastMult */ |
|
| 301 | - $orig = ParagonIE_Sodium_Compat::$fastMult; |
|
| 302 | - |
|
| 303 | - // Set ParagonIE_Sodium_Compat::$fastMult to true to speed up verification. |
|
| 304 | - ParagonIE_Sodium_Compat::$fastMult = true; |
|
| 305 | - |
|
| 306 | - /** @var ParagonIE_Sodium_Core_Curve25519_Ge_P3 $A */ |
|
| 307 | - $A = self::ge_frombytes_negate_vartime($pk); |
|
| 308 | - |
|
| 309 | - /** @var string $hDigest */ |
|
| 310 | - $hDigest = hash( |
|
| 311 | - 'sha512', |
|
| 312 | - self::substr($sig, 0, 32) . |
|
| 313 | - self::substr($pk, 0, 32) . |
|
| 314 | - $message, |
|
| 315 | - true |
|
| 316 | - ); |
|
| 317 | - |
|
| 318 | - /** @var string $h */ |
|
| 319 | - $h = self::sc_reduce($hDigest) . self::substr($hDigest, 32); |
|
| 320 | - |
|
| 321 | - /** @var ParagonIE_Sodium_Core_Curve25519_Ge_P2 $R */ |
|
| 322 | - $R = self::ge_double_scalarmult_vartime( |
|
| 323 | - $h, |
|
| 324 | - $A, |
|
| 325 | - self::substr($sig, 32) |
|
| 326 | - ); |
|
| 327 | - |
|
| 328 | - /** @var string $rcheck */ |
|
| 329 | - $rcheck = self::ge_tobytes($R); |
|
| 330 | - |
|
| 331 | - // Reset ParagonIE_Sodium_Compat::$fastMult to what it was before. |
|
| 332 | - ParagonIE_Sodium_Compat::$fastMult = $orig; |
|
| 333 | - |
|
| 334 | - return self::verify_32($rcheck, self::substr($sig, 0, 32)); |
|
| 335 | - } |
|
| 336 | - |
|
| 337 | - /** |
|
| 338 | - * @internal You should not use this directly from another application |
|
| 339 | - * |
|
| 340 | - * @param string $S |
|
| 341 | - * @return bool |
|
| 342 | - * @throws SodiumException |
|
| 343 | - * @throws TypeError |
|
| 344 | - */ |
|
| 345 | - public static function check_S_lt_L($S) |
|
| 346 | - { |
|
| 347 | - if (self::strlen($S) < 32) { |
|
| 348 | - throw new SodiumException('Signature must be 32 bytes'); |
|
| 349 | - } |
|
| 350 | - $L = array( |
|
| 351 | - 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, |
|
| 352 | - 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, |
|
| 353 | - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
|
| 354 | - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 |
|
| 355 | - ); |
|
| 356 | - $c = 0; |
|
| 357 | - $n = 1; |
|
| 358 | - $i = 32; |
|
| 359 | - |
|
| 360 | - /** @var array<int, int> $L */ |
|
| 361 | - do { |
|
| 362 | - --$i; |
|
| 363 | - $x = self::chrToInt($S[$i]); |
|
| 364 | - $c |= ( |
|
| 365 | - (($x - $L[$i]) >> 8) & $n |
|
| 366 | - ); |
|
| 367 | - $n &= ( |
|
| 368 | - (($x ^ $L[$i]) - 1) >> 8 |
|
| 369 | - ); |
|
| 370 | - } while ($i !== 0); |
|
| 371 | - |
|
| 372 | - return $c === 0; |
|
| 373 | - } |
|
| 374 | - |
|
| 375 | - /** |
|
| 376 | - * @param string $R |
|
| 377 | - * @return bool |
|
| 378 | - * @throws SodiumException |
|
| 379 | - * @throws TypeError |
|
| 380 | - */ |
|
| 381 | - public static function small_order($R) |
|
| 382 | - { |
|
| 383 | - /** @var array<int, array<int, int>> $blocklist */ |
|
| 384 | - $blocklist = array( |
|
| 385 | - /* 0 (order 4) */ |
|
| 386 | - array( |
|
| 387 | - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
|
| 388 | - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
|
| 389 | - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
|
| 390 | - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 |
|
| 391 | - ), |
|
| 392 | - /* 1 (order 1) */ |
|
| 393 | - array( |
|
| 394 | - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
|
| 395 | - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
|
| 396 | - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
|
| 397 | - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 |
|
| 398 | - ), |
|
| 399 | - /* 2707385501144840649318225287225658788936804267575313519463743609750303402022 (order 8) */ |
|
| 400 | - array( |
|
| 401 | - 0x26, 0xe8, 0x95, 0x8f, 0xc2, 0xb2, 0x27, 0xb0, |
|
| 402 | - 0x45, 0xc3, 0xf4, 0x89, 0xf2, 0xef, 0x98, 0xf0, |
|
| 403 | - 0xd5, 0xdf, 0xac, 0x05, 0xd3, 0xc6, 0x33, 0x39, |
|
| 404 | - 0xb1, 0x38, 0x02, 0x88, 0x6d, 0x53, 0xfc, 0x05 |
|
| 405 | - ), |
|
| 406 | - /* 55188659117513257062467267217118295137698188065244968500265048394206261417927 (order 8) */ |
|
| 407 | - array( |
|
| 408 | - 0xc7, 0x17, 0x6a, 0x70, 0x3d, 0x4d, 0xd8, 0x4f, |
|
| 409 | - 0xba, 0x3c, 0x0b, 0x76, 0x0d, 0x10, 0x67, 0x0f, |
|
| 410 | - 0x2a, 0x20, 0x53, 0xfa, 0x2c, 0x39, 0xcc, 0xc6, |
|
| 411 | - 0x4e, 0xc7, 0xfd, 0x77, 0x92, 0xac, 0x03, 0x7a |
|
| 412 | - ), |
|
| 413 | - /* p-1 (order 2) */ |
|
| 414 | - array( |
|
| 415 | - 0x13, 0xe8, 0x95, 0x8f, 0xc2, 0xb2, 0x27, 0xb0, |
|
| 416 | - 0x45, 0xc3, 0xf4, 0x89, 0xf2, 0xef, 0x98, 0xf0, |
|
| 417 | - 0xd5, 0xdf, 0xac, 0x05, 0xd3, 0xc6, 0x33, 0x39, |
|
| 418 | - 0xb1, 0x38, 0x02, 0x88, 0x6d, 0x53, 0xfc, 0x85 |
|
| 419 | - ), |
|
| 420 | - /* p (order 4) */ |
|
| 421 | - array( |
|
| 422 | - 0xb4, 0x17, 0x6a, 0x70, 0x3d, 0x4d, 0xd8, 0x4f, |
|
| 423 | - 0xba, 0x3c, 0x0b, 0x76, 0x0d, 0x10, 0x67, 0x0f, |
|
| 424 | - 0x2a, 0x20, 0x53, 0xfa, 0x2c, 0x39, 0xcc, 0xc6, |
|
| 425 | - 0x4e, 0xc7, 0xfd, 0x77, 0x92, 0xac, 0x03, 0xfa |
|
| 426 | - ), |
|
| 427 | - /* p+1 (order 1) */ |
|
| 428 | - array( |
|
| 429 | - 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 430 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 431 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 432 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f |
|
| 433 | - ), |
|
| 434 | - /* p+2707385501144840649318225287225658788936804267575313519463743609750303402022 (order 8) */ |
|
| 435 | - array( |
|
| 436 | - 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 437 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 438 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 439 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f |
|
| 440 | - ), |
|
| 441 | - /* p+55188659117513257062467267217118295137698188065244968500265048394206261417927 (order 8) */ |
|
| 442 | - array( |
|
| 443 | - 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 444 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 445 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 446 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f |
|
| 447 | - ), |
|
| 448 | - /* 2p-1 (order 2) */ |
|
| 449 | - array( |
|
| 450 | - 0xd9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 451 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 452 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 453 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff |
|
| 454 | - ), |
|
| 455 | - /* 2p (order 4) */ |
|
| 456 | - array( |
|
| 457 | - 0xda, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 458 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 459 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 460 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff |
|
| 461 | - ), |
|
| 462 | - /* 2p+1 (order 1) */ |
|
| 463 | - array( |
|
| 464 | - 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 465 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 466 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 467 | - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff |
|
| 468 | - ) |
|
| 469 | - ); |
|
| 470 | - /** @var int $countBlocklist */ |
|
| 471 | - $countBlocklist = count($blocklist); |
|
| 472 | - |
|
| 473 | - for ($i = 0; $i < $countBlocklist; ++$i) { |
|
| 474 | - $c = 0; |
|
| 475 | - for ($j = 0; $j < 32; ++$j) { |
|
| 476 | - $c |= self::chrToInt($R[$j]) ^ (int) $blocklist[$i][$j]; |
|
| 477 | - } |
|
| 478 | - if ($c === 0) { |
|
| 479 | - return true; |
|
| 480 | - } |
|
| 481 | - } |
|
| 482 | - return false; |
|
| 483 | - } |
|
| 484 | - |
|
| 485 | - /** |
|
| 486 | - * @param string $s |
|
| 487 | - * @return string |
|
| 488 | - * @throws SodiumException |
|
| 489 | - */ |
|
| 490 | - public static function scalar_complement($s) |
|
| 491 | - { |
|
| 492 | - $t_ = self::L . str_repeat("\x00", 32); |
|
| 493 | - sodium_increment($t_); |
|
| 494 | - $s_ = $s . str_repeat("\x00", 32); |
|
| 495 | - ParagonIE_Sodium_Compat::sub($t_, $s_); |
|
| 496 | - return self::sc_reduce($t_); |
|
| 497 | - } |
|
| 498 | - |
|
| 499 | - /** |
|
| 500 | - * @return string |
|
| 501 | - * @throws SodiumException |
|
| 502 | - */ |
|
| 503 | - public static function scalar_random() |
|
| 504 | - { |
|
| 505 | - do { |
|
| 506 | - $r = ParagonIE_Sodium_Compat::randombytes_buf(self::SCALAR_BYTES); |
|
| 507 | - $r[self::SCALAR_BYTES - 1] = self::intToChr( |
|
| 508 | - self::chrToInt($r[self::SCALAR_BYTES - 1]) & 0x1f |
|
| 509 | - ); |
|
| 510 | - } while ( |
|
| 511 | - !self::check_S_lt_L($r) || ParagonIE_Sodium_Compat::is_zero($r) |
|
| 512 | - ); |
|
| 513 | - return $r; |
|
| 514 | - } |
|
| 515 | - |
|
| 516 | - /** |
|
| 517 | - * @param string $s |
|
| 518 | - * @return string |
|
| 519 | - * @throws SodiumException |
|
| 520 | - */ |
|
| 521 | - public static function scalar_negate($s) |
|
| 522 | - { |
|
| 523 | - $t_ = self::L . str_repeat("\x00", 32) ; |
|
| 524 | - $s_ = $s . str_repeat("\x00", 32) ; |
|
| 525 | - ParagonIE_Sodium_Compat::sub($t_, $s_); |
|
| 526 | - return self::sc_reduce($t_); |
|
| 527 | - } |
|
| 528 | - |
|
| 529 | - /** |
|
| 530 | - * @param string $a |
|
| 531 | - * @param string $b |
|
| 532 | - * @return string |
|
| 533 | - * @throws SodiumException |
|
| 534 | - */ |
|
| 535 | - public static function scalar_add($a, $b) |
|
| 536 | - { |
|
| 537 | - $a_ = $a . str_repeat("\x00", 32); |
|
| 538 | - $b_ = $b . str_repeat("\x00", 32); |
|
| 539 | - ParagonIE_Sodium_Compat::add($a_, $b_); |
|
| 540 | - return self::sc_reduce($a_); |
|
| 541 | - } |
|
| 542 | - |
|
| 543 | - /** |
|
| 544 | - * @param string $x |
|
| 545 | - * @param string $y |
|
| 546 | - * @return string |
|
| 547 | - * @throws SodiumException |
|
| 548 | - */ |
|
| 549 | - public static function scalar_sub($x, $y) |
|
| 550 | - { |
|
| 551 | - $yn = self::scalar_negate($y); |
|
| 552 | - return self::scalar_add($x, $yn); |
|
| 553 | - } |
|
| 15 | + const KEYPAIR_BYTES = 96; |
|
| 16 | + const SEED_BYTES = 32; |
|
| 17 | + const SCALAR_BYTES = 32; |
|
| 18 | + |
|
| 19 | + /** |
|
| 20 | + * @internal You should not use this directly from another application |
|
| 21 | + * |
|
| 22 | + * @return string (96 bytes) |
|
| 23 | + * @throws Exception |
|
| 24 | + * @throws SodiumException |
|
| 25 | + * @throws TypeError |
|
| 26 | + */ |
|
| 27 | + public static function keypair() |
|
| 28 | + { |
|
| 29 | + $seed = random_bytes(self::SEED_BYTES); |
|
| 30 | + $pk = ''; |
|
| 31 | + $sk = ''; |
|
| 32 | + self::seed_keypair($pk, $sk, $seed); |
|
| 33 | + return $sk . $pk; |
|
| 34 | + } |
|
| 35 | + |
|
| 36 | + /** |
|
| 37 | + * @internal You should not use this directly from another application |
|
| 38 | + * |
|
| 39 | + * @param string $pk |
|
| 40 | + * @param string $sk |
|
| 41 | + * @param string $seed |
|
| 42 | + * @return string |
|
| 43 | + * @throws SodiumException |
|
| 44 | + * @throws TypeError |
|
| 45 | + */ |
|
| 46 | + public static function seed_keypair(&$pk, &$sk, $seed) |
|
| 47 | + { |
|
| 48 | + if (self::strlen($seed) !== self::SEED_BYTES) { |
|
| 49 | + throw new RangeException('crypto_sign keypair seed must be 32 bytes long'); |
|
| 50 | + } |
|
| 51 | + |
|
| 52 | + /** @var string $pk */ |
|
| 53 | + $pk = self::publickey_from_secretkey($seed); |
|
| 54 | + $sk = $seed . $pk; |
|
| 55 | + return $sk; |
|
| 56 | + } |
|
| 57 | + |
|
| 58 | + /** |
|
| 59 | + * @internal You should not use this directly from another application |
|
| 60 | + * |
|
| 61 | + * @param string $keypair |
|
| 62 | + * @return string |
|
| 63 | + * @throws TypeError |
|
| 64 | + */ |
|
| 65 | + public static function secretkey($keypair) |
|
| 66 | + { |
|
| 67 | + if (self::strlen($keypair) !== self::KEYPAIR_BYTES) { |
|
| 68 | + throw new RangeException('crypto_sign keypair must be 96 bytes long'); |
|
| 69 | + } |
|
| 70 | + return self::substr($keypair, 0, 64); |
|
| 71 | + } |
|
| 72 | + |
|
| 73 | + /** |
|
| 74 | + * @internal You should not use this directly from another application |
|
| 75 | + * |
|
| 76 | + * @param string $keypair |
|
| 77 | + * @return string |
|
| 78 | + * @throws TypeError |
|
| 79 | + */ |
|
| 80 | + public static function publickey($keypair) |
|
| 81 | + { |
|
| 82 | + if (self::strlen($keypair) !== self::KEYPAIR_BYTES) { |
|
| 83 | + throw new RangeException('crypto_sign keypair must be 96 bytes long'); |
|
| 84 | + } |
|
| 85 | + return self::substr($keypair, 64, 32); |
|
| 86 | + } |
|
| 87 | + |
|
| 88 | + /** |
|
| 89 | + * @internal You should not use this directly from another application |
|
| 90 | + * |
|
| 91 | + * @param string $sk |
|
| 92 | + * @return string |
|
| 93 | + * @throws SodiumException |
|
| 94 | + * @throws TypeError |
|
| 95 | + */ |
|
| 96 | + public static function publickey_from_secretkey($sk) |
|
| 97 | + { |
|
| 98 | + /** @var string $sk */ |
|
| 99 | + $sk = hash('sha512', self::substr($sk, 0, 32), true); |
|
| 100 | + $sk[0] = self::intToChr( |
|
| 101 | + self::chrToInt($sk[0]) & 248 |
|
| 102 | + ); |
|
| 103 | + $sk[31] = self::intToChr( |
|
| 104 | + (self::chrToInt($sk[31]) & 63) | 64 |
|
| 105 | + ); |
|
| 106 | + return self::sk_to_pk($sk); |
|
| 107 | + } |
|
| 108 | + |
|
| 109 | + /** |
|
| 110 | + * @param string $pk |
|
| 111 | + * @return string |
|
| 112 | + * @throws SodiumException |
|
| 113 | + * @throws TypeError |
|
| 114 | + */ |
|
| 115 | + public static function pk_to_curve25519($pk) |
|
| 116 | + { |
|
| 117 | + if (self::small_order($pk)) { |
|
| 118 | + throw new SodiumException('Public key is on a small order'); |
|
| 119 | + } |
|
| 120 | + $A = self::ge_frombytes_negate_vartime(self::substr($pk, 0, 32)); |
|
| 121 | + $p1 = self::ge_mul_l($A); |
|
| 122 | + if (!self::fe_isnonzero($p1->X)) { |
|
| 123 | + throw new SodiumException('Unexpected zero result'); |
|
| 124 | + } |
|
| 125 | + |
|
| 126 | + # fe_1(one_minus_y); |
|
| 127 | + # fe_sub(one_minus_y, one_minus_y, A.Y); |
|
| 128 | + # fe_invert(one_minus_y, one_minus_y); |
|
| 129 | + $one_minux_y = self::fe_invert( |
|
| 130 | + self::fe_sub( |
|
| 131 | + self::fe_1(), |
|
| 132 | + $A->Y |
|
| 133 | + ) |
|
| 134 | + ); |
|
| 135 | + |
|
| 136 | + # fe_1(x); |
|
| 137 | + # fe_add(x, x, A.Y); |
|
| 138 | + # fe_mul(x, x, one_minus_y); |
|
| 139 | + $x = self::fe_mul( |
|
| 140 | + self::fe_add(self::fe_1(), $A->Y), |
|
| 141 | + $one_minux_y |
|
| 142 | + ); |
|
| 143 | + |
|
| 144 | + # fe_tobytes(curve25519_pk, x); |
|
| 145 | + return self::fe_tobytes($x); |
|
| 146 | + } |
|
| 147 | + |
|
| 148 | + /** |
|
| 149 | + * @internal You should not use this directly from another application |
|
| 150 | + * |
|
| 151 | + * @param string $sk |
|
| 152 | + * @return string |
|
| 153 | + * @throws SodiumException |
|
| 154 | + * @throws TypeError |
|
| 155 | + */ |
|
| 156 | + public static function sk_to_pk($sk) |
|
| 157 | + { |
|
| 158 | + return self::ge_p3_tobytes( |
|
| 159 | + self::ge_scalarmult_base( |
|
| 160 | + self::substr($sk, 0, 32) |
|
| 161 | + ) |
|
| 162 | + ); |
|
| 163 | + } |
|
| 164 | + |
|
| 165 | + /** |
|
| 166 | + * @internal You should not use this directly from another application |
|
| 167 | + * |
|
| 168 | + * @param string $message |
|
| 169 | + * @param string $sk |
|
| 170 | + * @return string |
|
| 171 | + * @throws SodiumException |
|
| 172 | + * @throws TypeError |
|
| 173 | + */ |
|
| 174 | + public static function sign($message, $sk) |
|
| 175 | + { |
|
| 176 | + /** @var string $signature */ |
|
| 177 | + $signature = self::sign_detached($message, $sk); |
|
| 178 | + return $signature . $message; |
|
| 179 | + } |
|
| 180 | + |
|
| 181 | + /** |
|
| 182 | + * @internal You should not use this directly from another application |
|
| 183 | + * |
|
| 184 | + * @param string $message A signed message |
|
| 185 | + * @param string $pk Public key |
|
| 186 | + * @return string Message (without signature) |
|
| 187 | + * @throws SodiumException |
|
| 188 | + * @throws TypeError |
|
| 189 | + */ |
|
| 190 | + public static function sign_open($message, $pk) |
|
| 191 | + { |
|
| 192 | + /** @var string $signature */ |
|
| 193 | + $signature = self::substr($message, 0, 64); |
|
| 194 | + |
|
| 195 | + /** @var string $message */ |
|
| 196 | + $message = self::substr($message, 64); |
|
| 197 | + |
|
| 198 | + if (self::verify_detached($signature, $message, $pk)) { |
|
| 199 | + return $message; |
|
| 200 | + } |
|
| 201 | + throw new SodiumException('Invalid signature'); |
|
| 202 | + } |
|
| 203 | + |
|
| 204 | + /** |
|
| 205 | + * @internal You should not use this directly from another application |
|
| 206 | + * |
|
| 207 | + * @param string $message |
|
| 208 | + * @param string $sk |
|
| 209 | + * @return string |
|
| 210 | + * @throws SodiumException |
|
| 211 | + * @throws TypeError |
|
| 212 | + */ |
|
| 213 | + public static function sign_detached($message, $sk) |
|
| 214 | + { |
|
| 215 | + # crypto_hash_sha512(az, sk, 32); |
|
| 216 | + $az = hash('sha512', self::substr($sk, 0, 32), true); |
|
| 217 | + |
|
| 218 | + # az[0] &= 248; |
|
| 219 | + # az[31] &= 63; |
|
| 220 | + # az[31] |= 64; |
|
| 221 | + $az[0] = self::intToChr(self::chrToInt($az[0]) & 248); |
|
| 222 | + $az[31] = self::intToChr((self::chrToInt($az[31]) & 63) | 64); |
|
| 223 | + |
|
| 224 | + # crypto_hash_sha512_init(&hs); |
|
| 225 | + # crypto_hash_sha512_update(&hs, az + 32, 32); |
|
| 226 | + # crypto_hash_sha512_update(&hs, m, mlen); |
|
| 227 | + # crypto_hash_sha512_final(&hs, nonce); |
|
| 228 | + $hs = hash_init('sha512'); |
|
| 229 | + hash_update($hs, self::substr($az, 32, 32)); |
|
| 230 | + hash_update($hs, $message); |
|
| 231 | + $nonceHash = hash_final($hs, true); |
|
| 232 | + |
|
| 233 | + # memmove(sig + 32, sk + 32, 32); |
|
| 234 | + $pk = self::substr($sk, 32, 32); |
|
| 235 | + |
|
| 236 | + # sc_reduce(nonce); |
|
| 237 | + # ge_scalarmult_base(&R, nonce); |
|
| 238 | + # ge_p3_tobytes(sig, &R); |
|
| 239 | + $nonce = self::sc_reduce($nonceHash) . self::substr($nonceHash, 32); |
|
| 240 | + $sig = self::ge_p3_tobytes( |
|
| 241 | + self::ge_scalarmult_base($nonce) |
|
| 242 | + ); |
|
| 243 | + |
|
| 244 | + # crypto_hash_sha512_init(&hs); |
|
| 245 | + # crypto_hash_sha512_update(&hs, sig, 64); |
|
| 246 | + # crypto_hash_sha512_update(&hs, m, mlen); |
|
| 247 | + # crypto_hash_sha512_final(&hs, hram); |
|
| 248 | + $hs = hash_init('sha512'); |
|
| 249 | + hash_update($hs, self::substr($sig, 0, 32)); |
|
| 250 | + hash_update($hs, self::substr($pk, 0, 32)); |
|
| 251 | + hash_update($hs, $message); |
|
| 252 | + $hramHash = hash_final($hs, true); |
|
| 253 | + |
|
| 254 | + # sc_reduce(hram); |
|
| 255 | + # sc_muladd(sig + 32, hram, az, nonce); |
|
| 256 | + $hram = self::sc_reduce($hramHash); |
|
| 257 | + $sigAfter = self::sc_muladd($hram, $az, $nonce); |
|
| 258 | + $sig = self::substr($sig, 0, 32) . self::substr($sigAfter, 0, 32); |
|
| 259 | + |
|
| 260 | + try { |
|
| 261 | + ParagonIE_Sodium_Compat::memzero($az); |
|
| 262 | + } catch (SodiumException $ex) { |
|
| 263 | + $az = null; |
|
| 264 | + } |
|
| 265 | + return $sig; |
|
| 266 | + } |
|
| 267 | + |
|
| 268 | + /** |
|
| 269 | + * @internal You should not use this directly from another application |
|
| 270 | + * |
|
| 271 | + * @param string $sig |
|
| 272 | + * @param string $message |
|
| 273 | + * @param string $pk |
|
| 274 | + * @return bool |
|
| 275 | + * @throws SodiumException |
|
| 276 | + * @throws TypeError |
|
| 277 | + */ |
|
| 278 | + public static function verify_detached($sig, $message, $pk) |
|
| 279 | + { |
|
| 280 | + if (self::strlen($sig) < 64) { |
|
| 281 | + throw new SodiumException('Signature is too short'); |
|
| 282 | + } |
|
| 283 | + if ((self::chrToInt($sig[63]) & 240) && self::check_S_lt_L(self::substr($sig, 32, 32))) { |
|
| 284 | + throw new SodiumException('S < L - Invalid signature'); |
|
| 285 | + } |
|
| 286 | + if (self::small_order($sig)) { |
|
| 287 | + throw new SodiumException('Signature is on too small of an order'); |
|
| 288 | + } |
|
| 289 | + if ((self::chrToInt($sig[63]) & 224) !== 0) { |
|
| 290 | + throw new SodiumException('Invalid signature'); |
|
| 291 | + } |
|
| 292 | + $d = 0; |
|
| 293 | + for ($i = 0; $i < 32; ++$i) { |
|
| 294 | + $d |= self::chrToInt($pk[$i]); |
|
| 295 | + } |
|
| 296 | + if ($d === 0) { |
|
| 297 | + throw new SodiumException('All zero public key'); |
|
| 298 | + } |
|
| 299 | + |
|
| 300 | + /** @var bool The original value of ParagonIE_Sodium_Compat::$fastMult */ |
|
| 301 | + $orig = ParagonIE_Sodium_Compat::$fastMult; |
|
| 302 | + |
|
| 303 | + // Set ParagonIE_Sodium_Compat::$fastMult to true to speed up verification. |
|
| 304 | + ParagonIE_Sodium_Compat::$fastMult = true; |
|
| 305 | + |
|
| 306 | + /** @var ParagonIE_Sodium_Core_Curve25519_Ge_P3 $A */ |
|
| 307 | + $A = self::ge_frombytes_negate_vartime($pk); |
|
| 308 | + |
|
| 309 | + /** @var string $hDigest */ |
|
| 310 | + $hDigest = hash( |
|
| 311 | + 'sha512', |
|
| 312 | + self::substr($sig, 0, 32) . |
|
| 313 | + self::substr($pk, 0, 32) . |
|
| 314 | + $message, |
|
| 315 | + true |
|
| 316 | + ); |
|
| 317 | + |
|
| 318 | + /** @var string $h */ |
|
| 319 | + $h = self::sc_reduce($hDigest) . self::substr($hDigest, 32); |
|
| 320 | + |
|
| 321 | + /** @var ParagonIE_Sodium_Core_Curve25519_Ge_P2 $R */ |
|
| 322 | + $R = self::ge_double_scalarmult_vartime( |
|
| 323 | + $h, |
|
| 324 | + $A, |
|
| 325 | + self::substr($sig, 32) |
|
| 326 | + ); |
|
| 327 | + |
|
| 328 | + /** @var string $rcheck */ |
|
| 329 | + $rcheck = self::ge_tobytes($R); |
|
| 330 | + |
|
| 331 | + // Reset ParagonIE_Sodium_Compat::$fastMult to what it was before. |
|
| 332 | + ParagonIE_Sodium_Compat::$fastMult = $orig; |
|
| 333 | + |
|
| 334 | + return self::verify_32($rcheck, self::substr($sig, 0, 32)); |
|
| 335 | + } |
|
| 336 | + |
|
| 337 | + /** |
|
| 338 | + * @internal You should not use this directly from another application |
|
| 339 | + * |
|
| 340 | + * @param string $S |
|
| 341 | + * @return bool |
|
| 342 | + * @throws SodiumException |
|
| 343 | + * @throws TypeError |
|
| 344 | + */ |
|
| 345 | + public static function check_S_lt_L($S) |
|
| 346 | + { |
|
| 347 | + if (self::strlen($S) < 32) { |
|
| 348 | + throw new SodiumException('Signature must be 32 bytes'); |
|
| 349 | + } |
|
| 350 | + $L = array( |
|
| 351 | + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, |
|
| 352 | + 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, |
|
| 353 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
|
| 354 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 |
|
| 355 | + ); |
|
| 356 | + $c = 0; |
|
| 357 | + $n = 1; |
|
| 358 | + $i = 32; |
|
| 359 | + |
|
| 360 | + /** @var array<int, int> $L */ |
|
| 361 | + do { |
|
| 362 | + --$i; |
|
| 363 | + $x = self::chrToInt($S[$i]); |
|
| 364 | + $c |= ( |
|
| 365 | + (($x - $L[$i]) >> 8) & $n |
|
| 366 | + ); |
|
| 367 | + $n &= ( |
|
| 368 | + (($x ^ $L[$i]) - 1) >> 8 |
|
| 369 | + ); |
|
| 370 | + } while ($i !== 0); |
|
| 371 | + |
|
| 372 | + return $c === 0; |
|
| 373 | + } |
|
| 374 | + |
|
| 375 | + /** |
|
| 376 | + * @param string $R |
|
| 377 | + * @return bool |
|
| 378 | + * @throws SodiumException |
|
| 379 | + * @throws TypeError |
|
| 380 | + */ |
|
| 381 | + public static function small_order($R) |
|
| 382 | + { |
|
| 383 | + /** @var array<int, array<int, int>> $blocklist */ |
|
| 384 | + $blocklist = array( |
|
| 385 | + /* 0 (order 4) */ |
|
| 386 | + array( |
|
| 387 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
|
| 388 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
|
| 389 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
|
| 390 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 |
|
| 391 | + ), |
|
| 392 | + /* 1 (order 1) */ |
|
| 393 | + array( |
|
| 394 | + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
|
| 395 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
|
| 396 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
|
| 397 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 |
|
| 398 | + ), |
|
| 399 | + /* 2707385501144840649318225287225658788936804267575313519463743609750303402022 (order 8) */ |
|
| 400 | + array( |
|
| 401 | + 0x26, 0xe8, 0x95, 0x8f, 0xc2, 0xb2, 0x27, 0xb0, |
|
| 402 | + 0x45, 0xc3, 0xf4, 0x89, 0xf2, 0xef, 0x98, 0xf0, |
|
| 403 | + 0xd5, 0xdf, 0xac, 0x05, 0xd3, 0xc6, 0x33, 0x39, |
|
| 404 | + 0xb1, 0x38, 0x02, 0x88, 0x6d, 0x53, 0xfc, 0x05 |
|
| 405 | + ), |
|
| 406 | + /* 55188659117513257062467267217118295137698188065244968500265048394206261417927 (order 8) */ |
|
| 407 | + array( |
|
| 408 | + 0xc7, 0x17, 0x6a, 0x70, 0x3d, 0x4d, 0xd8, 0x4f, |
|
| 409 | + 0xba, 0x3c, 0x0b, 0x76, 0x0d, 0x10, 0x67, 0x0f, |
|
| 410 | + 0x2a, 0x20, 0x53, 0xfa, 0x2c, 0x39, 0xcc, 0xc6, |
|
| 411 | + 0x4e, 0xc7, 0xfd, 0x77, 0x92, 0xac, 0x03, 0x7a |
|
| 412 | + ), |
|
| 413 | + /* p-1 (order 2) */ |
|
| 414 | + array( |
|
| 415 | + 0x13, 0xe8, 0x95, 0x8f, 0xc2, 0xb2, 0x27, 0xb0, |
|
| 416 | + 0x45, 0xc3, 0xf4, 0x89, 0xf2, 0xef, 0x98, 0xf0, |
|
| 417 | + 0xd5, 0xdf, 0xac, 0x05, 0xd3, 0xc6, 0x33, 0x39, |
|
| 418 | + 0xb1, 0x38, 0x02, 0x88, 0x6d, 0x53, 0xfc, 0x85 |
|
| 419 | + ), |
|
| 420 | + /* p (order 4) */ |
|
| 421 | + array( |
|
| 422 | + 0xb4, 0x17, 0x6a, 0x70, 0x3d, 0x4d, 0xd8, 0x4f, |
|
| 423 | + 0xba, 0x3c, 0x0b, 0x76, 0x0d, 0x10, 0x67, 0x0f, |
|
| 424 | + 0x2a, 0x20, 0x53, 0xfa, 0x2c, 0x39, 0xcc, 0xc6, |
|
| 425 | + 0x4e, 0xc7, 0xfd, 0x77, 0x92, 0xac, 0x03, 0xfa |
|
| 426 | + ), |
|
| 427 | + /* p+1 (order 1) */ |
|
| 428 | + array( |
|
| 429 | + 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 430 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 431 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 432 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f |
|
| 433 | + ), |
|
| 434 | + /* p+2707385501144840649318225287225658788936804267575313519463743609750303402022 (order 8) */ |
|
| 435 | + array( |
|
| 436 | + 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 437 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 438 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 439 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f |
|
| 440 | + ), |
|
| 441 | + /* p+55188659117513257062467267217118295137698188065244968500265048394206261417927 (order 8) */ |
|
| 442 | + array( |
|
| 443 | + 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 444 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 445 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 446 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f |
|
| 447 | + ), |
|
| 448 | + /* 2p-1 (order 2) */ |
|
| 449 | + array( |
|
| 450 | + 0xd9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 451 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 452 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 453 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff |
|
| 454 | + ), |
|
| 455 | + /* 2p (order 4) */ |
|
| 456 | + array( |
|
| 457 | + 0xda, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 458 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 459 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 460 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff |
|
| 461 | + ), |
|
| 462 | + /* 2p+1 (order 1) */ |
|
| 463 | + array( |
|
| 464 | + 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 465 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 466 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
|
| 467 | + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff |
|
| 468 | + ) |
|
| 469 | + ); |
|
| 470 | + /** @var int $countBlocklist */ |
|
| 471 | + $countBlocklist = count($blocklist); |
|
| 472 | + |
|
| 473 | + for ($i = 0; $i < $countBlocklist; ++$i) { |
|
| 474 | + $c = 0; |
|
| 475 | + for ($j = 0; $j < 32; ++$j) { |
|
| 476 | + $c |= self::chrToInt($R[$j]) ^ (int) $blocklist[$i][$j]; |
|
| 477 | + } |
|
| 478 | + if ($c === 0) { |
|
| 479 | + return true; |
|
| 480 | + } |
|
| 481 | + } |
|
| 482 | + return false; |
|
| 483 | + } |
|
| 484 | + |
|
| 485 | + /** |
|
| 486 | + * @param string $s |
|
| 487 | + * @return string |
|
| 488 | + * @throws SodiumException |
|
| 489 | + */ |
|
| 490 | + public static function scalar_complement($s) |
|
| 491 | + { |
|
| 492 | + $t_ = self::L . str_repeat("\x00", 32); |
|
| 493 | + sodium_increment($t_); |
|
| 494 | + $s_ = $s . str_repeat("\x00", 32); |
|
| 495 | + ParagonIE_Sodium_Compat::sub($t_, $s_); |
|
| 496 | + return self::sc_reduce($t_); |
|
| 497 | + } |
|
| 498 | + |
|
| 499 | + /** |
|
| 500 | + * @return string |
|
| 501 | + * @throws SodiumException |
|
| 502 | + */ |
|
| 503 | + public static function scalar_random() |
|
| 504 | + { |
|
| 505 | + do { |
|
| 506 | + $r = ParagonIE_Sodium_Compat::randombytes_buf(self::SCALAR_BYTES); |
|
| 507 | + $r[self::SCALAR_BYTES - 1] = self::intToChr( |
|
| 508 | + self::chrToInt($r[self::SCALAR_BYTES - 1]) & 0x1f |
|
| 509 | + ); |
|
| 510 | + } while ( |
|
| 511 | + !self::check_S_lt_L($r) || ParagonIE_Sodium_Compat::is_zero($r) |
|
| 512 | + ); |
|
| 513 | + return $r; |
|
| 514 | + } |
|
| 515 | + |
|
| 516 | + /** |
|
| 517 | + * @param string $s |
|
| 518 | + * @return string |
|
| 519 | + * @throws SodiumException |
|
| 520 | + */ |
|
| 521 | + public static function scalar_negate($s) |
|
| 522 | + { |
|
| 523 | + $t_ = self::L . str_repeat("\x00", 32) ; |
|
| 524 | + $s_ = $s . str_repeat("\x00", 32) ; |
|
| 525 | + ParagonIE_Sodium_Compat::sub($t_, $s_); |
|
| 526 | + return self::sc_reduce($t_); |
|
| 527 | + } |
|
| 528 | + |
|
| 529 | + /** |
|
| 530 | + * @param string $a |
|
| 531 | + * @param string $b |
|
| 532 | + * @return string |
|
| 533 | + * @throws SodiumException |
|
| 534 | + */ |
|
| 535 | + public static function scalar_add($a, $b) |
|
| 536 | + { |
|
| 537 | + $a_ = $a . str_repeat("\x00", 32); |
|
| 538 | + $b_ = $b . str_repeat("\x00", 32); |
|
| 539 | + ParagonIE_Sodium_Compat::add($a_, $b_); |
|
| 540 | + return self::sc_reduce($a_); |
|
| 541 | + } |
|
| 542 | + |
|
| 543 | + /** |
|
| 544 | + * @param string $x |
|
| 545 | + * @param string $y |
|
| 546 | + * @return string |
|
| 547 | + * @throws SodiumException |
|
| 548 | + */ |
|
| 549 | + public static function scalar_sub($x, $y) |
|
| 550 | + { |
|
| 551 | + $yn = self::scalar_negate($y); |
|
| 552 | + return self::scalar_add($x, $yn); |
|
| 553 | + } |
|
| 554 | 554 | } |
@@ -1,10 +1,10 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -if (class_exists('ParagonIE_Sodium_Core_Ed25519', false)) { |
|
| 3 | +if ( class_exists( 'ParagonIE_Sodium_Core_Ed25519', false ) ) { |
|
| 4 | 4 | return; |
| 5 | 5 | } |
| 6 | -if (!class_exists('ParagonIE_Sodium_Core_Curve25519', false)) { |
|
| 7 | - require_once dirname(__FILE__) . '/Curve25519.php'; |
|
| 6 | +if ( ! class_exists( 'ParagonIE_Sodium_Core_Curve25519', false ) ) { |
|
| 7 | + require_once dirname( __FILE__ ) . '/Curve25519.php'; |
|
| 8 | 8 | } |
| 9 | 9 | |
| 10 | 10 | /** |
@@ -26,10 +26,10 @@ discard block |
||
| 26 | 26 | */ |
| 27 | 27 | public static function keypair() |
| 28 | 28 | { |
| 29 | - $seed = random_bytes(self::SEED_BYTES); |
|
| 29 | + $seed = random_bytes( self::SEED_BYTES ); |
|
| 30 | 30 | $pk = ''; |
| 31 | 31 | $sk = ''; |
| 32 | - self::seed_keypair($pk, $sk, $seed); |
|
| 32 | + self::seed_keypair( $pk, $sk, $seed ); |
|
| 33 | 33 | return $sk . $pk; |
| 34 | 34 | } |
| 35 | 35 | |
@@ -43,14 +43,14 @@ discard block |
||
| 43 | 43 | * @throws SodiumException |
| 44 | 44 | * @throws TypeError |
| 45 | 45 | */ |
| 46 | - public static function seed_keypair(&$pk, &$sk, $seed) |
|
| 46 | + public static function seed_keypair( &$pk, &$sk, $seed ) |
|
| 47 | 47 | { |
| 48 | - if (self::strlen($seed) !== self::SEED_BYTES) { |
|
| 49 | - throw new RangeException('crypto_sign keypair seed must be 32 bytes long'); |
|
| 48 | + if ( self::strlen( $seed ) !== self::SEED_BYTES ) { |
|
| 49 | + throw new RangeException( 'crypto_sign keypair seed must be 32 bytes long' ); |
|
| 50 | 50 | } |
| 51 | 51 | |
| 52 | 52 | /** @var string $pk */ |
| 53 | - $pk = self::publickey_from_secretkey($seed); |
|
| 53 | + $pk = self::publickey_from_secretkey( $seed ); |
|
| 54 | 54 | $sk = $seed . $pk; |
| 55 | 55 | return $sk; |
| 56 | 56 | } |
@@ -62,12 +62,12 @@ discard block |
||
| 62 | 62 | * @return string |
| 63 | 63 | * @throws TypeError |
| 64 | 64 | */ |
| 65 | - public static function secretkey($keypair) |
|
| 65 | + public static function secretkey( $keypair ) |
|
| 66 | 66 | { |
| 67 | - if (self::strlen($keypair) !== self::KEYPAIR_BYTES) { |
|
| 68 | - throw new RangeException('crypto_sign keypair must be 96 bytes long'); |
|
| 67 | + if ( self::strlen( $keypair ) !== self::KEYPAIR_BYTES ) { |
|
| 68 | + throw new RangeException( 'crypto_sign keypair must be 96 bytes long' ); |
|
| 69 | 69 | } |
| 70 | - return self::substr($keypair, 0, 64); |
|
| 70 | + return self::substr( $keypair, 0, 64 ); |
|
| 71 | 71 | } |
| 72 | 72 | |
| 73 | 73 | /** |
@@ -77,12 +77,12 @@ discard block |
||
| 77 | 77 | * @return string |
| 78 | 78 | * @throws TypeError |
| 79 | 79 | */ |
| 80 | - public static function publickey($keypair) |
|
| 80 | + public static function publickey( $keypair ) |
|
| 81 | 81 | { |
| 82 | - if (self::strlen($keypair) !== self::KEYPAIR_BYTES) { |
|
| 83 | - throw new RangeException('crypto_sign keypair must be 96 bytes long'); |
|
| 82 | + if ( self::strlen( $keypair ) !== self::KEYPAIR_BYTES ) { |
|
| 83 | + throw new RangeException( 'crypto_sign keypair must be 96 bytes long' ); |
|
| 84 | 84 | } |
| 85 | - return self::substr($keypair, 64, 32); |
|
| 85 | + return self::substr( $keypair, 64, 32 ); |
|
| 86 | 86 | } |
| 87 | 87 | |
| 88 | 88 | /** |
@@ -93,17 +93,17 @@ discard block |
||
| 93 | 93 | * @throws SodiumException |
| 94 | 94 | * @throws TypeError |
| 95 | 95 | */ |
| 96 | - public static function publickey_from_secretkey($sk) |
|
| 96 | + public static function publickey_from_secretkey( $sk ) |
|
| 97 | 97 | { |
| 98 | 98 | /** @var string $sk */ |
| 99 | - $sk = hash('sha512', self::substr($sk, 0, 32), true); |
|
| 100 | - $sk[0] = self::intToChr( |
|
| 101 | - self::chrToInt($sk[0]) & 248 |
|
| 99 | + $sk = hash( 'sha512', self::substr( $sk, 0, 32 ), true ); |
|
| 100 | + $sk[ 0 ] = self::intToChr( |
|
| 101 | + self::chrToInt( $sk[ 0 ] ) & 248 |
|
| 102 | 102 | ); |
| 103 | - $sk[31] = self::intToChr( |
|
| 104 | - (self::chrToInt($sk[31]) & 63) | 64 |
|
| 103 | + $sk[ 31 ] = self::intToChr( |
|
| 104 | + ( self::chrToInt( $sk[ 31 ] ) & 63 ) | 64 |
|
| 105 | 105 | ); |
| 106 | - return self::sk_to_pk($sk); |
|
| 106 | + return self::sk_to_pk( $sk ); |
|
| 107 | 107 | } |
| 108 | 108 | |
| 109 | 109 | /** |
@@ -112,15 +112,15 @@ discard block |
||
| 112 | 112 | * @throws SodiumException |
| 113 | 113 | * @throws TypeError |
| 114 | 114 | */ |
| 115 | - public static function pk_to_curve25519($pk) |
|
| 115 | + public static function pk_to_curve25519( $pk ) |
|
| 116 | 116 | { |
| 117 | - if (self::small_order($pk)) { |
|
| 118 | - throw new SodiumException('Public key is on a small order'); |
|
| 117 | + if ( self::small_order( $pk ) ) { |
|
| 118 | + throw new SodiumException( 'Public key is on a small order' ); |
|
| 119 | 119 | } |
| 120 | - $A = self::ge_frombytes_negate_vartime(self::substr($pk, 0, 32)); |
|
| 121 | - $p1 = self::ge_mul_l($A); |
|
| 122 | - if (!self::fe_isnonzero($p1->X)) { |
|
| 123 | - throw new SodiumException('Unexpected zero result'); |
|
| 120 | + $A = self::ge_frombytes_negate_vartime( self::substr( $pk, 0, 32 ) ); |
|
| 121 | + $p1 = self::ge_mul_l( $A ); |
|
| 122 | + if ( ! self::fe_isnonzero( $p1->X ) ) { |
|
| 123 | + throw new SodiumException( 'Unexpected zero result' ); |
|
| 124 | 124 | } |
| 125 | 125 | |
| 126 | 126 | # fe_1(one_minus_y); |
@@ -137,12 +137,12 @@ discard block |
||
| 137 | 137 | # fe_add(x, x, A.Y); |
| 138 | 138 | # fe_mul(x, x, one_minus_y); |
| 139 | 139 | $x = self::fe_mul( |
| 140 | - self::fe_add(self::fe_1(), $A->Y), |
|
| 140 | + self::fe_add( self::fe_1(), $A->Y ), |
|
| 141 | 141 | $one_minux_y |
| 142 | 142 | ); |
| 143 | 143 | |
| 144 | 144 | # fe_tobytes(curve25519_pk, x); |
| 145 | - return self::fe_tobytes($x); |
|
| 145 | + return self::fe_tobytes( $x ); |
|
| 146 | 146 | } |
| 147 | 147 | |
| 148 | 148 | /** |
@@ -153,11 +153,11 @@ discard block |
||
| 153 | 153 | * @throws SodiumException |
| 154 | 154 | * @throws TypeError |
| 155 | 155 | */ |
| 156 | - public static function sk_to_pk($sk) |
|
| 156 | + public static function sk_to_pk( $sk ) |
|
| 157 | 157 | { |
| 158 | 158 | return self::ge_p3_tobytes( |
| 159 | 159 | self::ge_scalarmult_base( |
| 160 | - self::substr($sk, 0, 32) |
|
| 160 | + self::substr( $sk, 0, 32 ) |
|
| 161 | 161 | ) |
| 162 | 162 | ); |
| 163 | 163 | } |
@@ -171,10 +171,10 @@ discard block |
||
| 171 | 171 | * @throws SodiumException |
| 172 | 172 | * @throws TypeError |
| 173 | 173 | */ |
| 174 | - public static function sign($message, $sk) |
|
| 174 | + public static function sign( $message, $sk ) |
|
| 175 | 175 | { |
| 176 | 176 | /** @var string $signature */ |
| 177 | - $signature = self::sign_detached($message, $sk); |
|
| 177 | + $signature = self::sign_detached( $message, $sk ); |
|
| 178 | 178 | return $signature . $message; |
| 179 | 179 | } |
| 180 | 180 | |
@@ -187,18 +187,18 @@ discard block |
||
| 187 | 187 | * @throws SodiumException |
| 188 | 188 | * @throws TypeError |
| 189 | 189 | */ |
| 190 | - public static function sign_open($message, $pk) |
|
| 190 | + public static function sign_open( $message, $pk ) |
|
| 191 | 191 | { |
| 192 | 192 | /** @var string $signature */ |
| 193 | - $signature = self::substr($message, 0, 64); |
|
| 193 | + $signature = self::substr( $message, 0, 64 ); |
|
| 194 | 194 | |
| 195 | 195 | /** @var string $message */ |
| 196 | - $message = self::substr($message, 64); |
|
| 196 | + $message = self::substr( $message, 64 ); |
|
| 197 | 197 | |
| 198 | - if (self::verify_detached($signature, $message, $pk)) { |
|
| 198 | + if ( self::verify_detached( $signature, $message, $pk ) ) { |
|
| 199 | 199 | return $message; |
| 200 | 200 | } |
| 201 | - throw new SodiumException('Invalid signature'); |
|
| 201 | + throw new SodiumException( 'Invalid signature' ); |
|
| 202 | 202 | } |
| 203 | 203 | |
| 204 | 204 | /** |
@@ -210,56 +210,56 @@ discard block |
||
| 210 | 210 | * @throws SodiumException |
| 211 | 211 | * @throws TypeError |
| 212 | 212 | */ |
| 213 | - public static function sign_detached($message, $sk) |
|
| 213 | + public static function sign_detached( $message, $sk ) |
|
| 214 | 214 | { |
| 215 | 215 | # crypto_hash_sha512(az, sk, 32); |
| 216 | - $az = hash('sha512', self::substr($sk, 0, 32), true); |
|
| 216 | + $az = hash( 'sha512', self::substr( $sk, 0, 32 ), true ); |
|
| 217 | 217 | |
| 218 | 218 | # az[0] &= 248; |
| 219 | 219 | # az[31] &= 63; |
| 220 | 220 | # az[31] |= 64; |
| 221 | - $az[0] = self::intToChr(self::chrToInt($az[0]) & 248); |
|
| 222 | - $az[31] = self::intToChr((self::chrToInt($az[31]) & 63) | 64); |
|
| 221 | + $az[ 0 ] = self::intToChr( self::chrToInt( $az[ 0 ] ) & 248 ); |
|
| 222 | + $az[ 31 ] = self::intToChr( ( self::chrToInt( $az[ 31 ] ) & 63 ) | 64 ); |
|
| 223 | 223 | |
| 224 | 224 | # crypto_hash_sha512_init(&hs); |
| 225 | 225 | # crypto_hash_sha512_update(&hs, az + 32, 32); |
| 226 | 226 | # crypto_hash_sha512_update(&hs, m, mlen); |
| 227 | 227 | # crypto_hash_sha512_final(&hs, nonce); |
| 228 | - $hs = hash_init('sha512'); |
|
| 229 | - hash_update($hs, self::substr($az, 32, 32)); |
|
| 230 | - hash_update($hs, $message); |
|
| 231 | - $nonceHash = hash_final($hs, true); |
|
| 228 | + $hs = hash_init( 'sha512' ); |
|
| 229 | + hash_update( $hs, self::substr( $az, 32, 32 ) ); |
|
| 230 | + hash_update( $hs, $message ); |
|
| 231 | + $nonceHash = hash_final( $hs, true ); |
|
| 232 | 232 | |
| 233 | 233 | # memmove(sig + 32, sk + 32, 32); |
| 234 | - $pk = self::substr($sk, 32, 32); |
|
| 234 | + $pk = self::substr( $sk, 32, 32 ); |
|
| 235 | 235 | |
| 236 | 236 | # sc_reduce(nonce); |
| 237 | 237 | # ge_scalarmult_base(&R, nonce); |
| 238 | 238 | # ge_p3_tobytes(sig, &R); |
| 239 | - $nonce = self::sc_reduce($nonceHash) . self::substr($nonceHash, 32); |
|
| 239 | + $nonce = self::sc_reduce( $nonceHash ) . self::substr( $nonceHash, 32 ); |
|
| 240 | 240 | $sig = self::ge_p3_tobytes( |
| 241 | - self::ge_scalarmult_base($nonce) |
|
| 241 | + self::ge_scalarmult_base( $nonce ) |
|
| 242 | 242 | ); |
| 243 | 243 | |
| 244 | 244 | # crypto_hash_sha512_init(&hs); |
| 245 | 245 | # crypto_hash_sha512_update(&hs, sig, 64); |
| 246 | 246 | # crypto_hash_sha512_update(&hs, m, mlen); |
| 247 | 247 | # crypto_hash_sha512_final(&hs, hram); |
| 248 | - $hs = hash_init('sha512'); |
|
| 249 | - hash_update($hs, self::substr($sig, 0, 32)); |
|
| 250 | - hash_update($hs, self::substr($pk, 0, 32)); |
|
| 251 | - hash_update($hs, $message); |
|
| 252 | - $hramHash = hash_final($hs, true); |
|
| 248 | + $hs = hash_init( 'sha512' ); |
|
| 249 | + hash_update( $hs, self::substr( $sig, 0, 32 ) ); |
|
| 250 | + hash_update( $hs, self::substr( $pk, 0, 32 ) ); |
|
| 251 | + hash_update( $hs, $message ); |
|
| 252 | + $hramHash = hash_final( $hs, true ); |
|
| 253 | 253 | |
| 254 | 254 | # sc_reduce(hram); |
| 255 | 255 | # sc_muladd(sig + 32, hram, az, nonce); |
| 256 | - $hram = self::sc_reduce($hramHash); |
|
| 257 | - $sigAfter = self::sc_muladd($hram, $az, $nonce); |
|
| 258 | - $sig = self::substr($sig, 0, 32) . self::substr($sigAfter, 0, 32); |
|
| 256 | + $hram = self::sc_reduce( $hramHash ); |
|
| 257 | + $sigAfter = self::sc_muladd( $hram, $az, $nonce ); |
|
| 258 | + $sig = self::substr( $sig, 0, 32 ) . self::substr( $sigAfter, 0, 32 ); |
|
| 259 | 259 | |
| 260 | 260 | try { |
| 261 | - ParagonIE_Sodium_Compat::memzero($az); |
|
| 262 | - } catch (SodiumException $ex) { |
|
| 261 | + ParagonIE_Sodium_Compat::memzero( $az ); |
|
| 262 | + } catch ( SodiumException $ex ) { |
|
| 263 | 263 | $az = null; |
| 264 | 264 | } |
| 265 | 265 | return $sig; |
@@ -275,26 +275,26 @@ discard block |
||
| 275 | 275 | * @throws SodiumException |
| 276 | 276 | * @throws TypeError |
| 277 | 277 | */ |
| 278 | - public static function verify_detached($sig, $message, $pk) |
|
| 278 | + public static function verify_detached( $sig, $message, $pk ) |
|
| 279 | 279 | { |
| 280 | - if (self::strlen($sig) < 64) { |
|
| 281 | - throw new SodiumException('Signature is too short'); |
|
| 280 | + if ( self::strlen( $sig ) < 64 ) { |
|
| 281 | + throw new SodiumException( 'Signature is too short' ); |
|
| 282 | 282 | } |
| 283 | - if ((self::chrToInt($sig[63]) & 240) && self::check_S_lt_L(self::substr($sig, 32, 32))) { |
|
| 284 | - throw new SodiumException('S < L - Invalid signature'); |
|
| 283 | + if ( ( self::chrToInt( $sig[ 63 ] ) & 240 ) && self::check_S_lt_L( self::substr( $sig, 32, 32 ) ) ) { |
|
| 284 | + throw new SodiumException( 'S < L - Invalid signature' ); |
|
| 285 | 285 | } |
| 286 | - if (self::small_order($sig)) { |
|
| 287 | - throw new SodiumException('Signature is on too small of an order'); |
|
| 286 | + if ( self::small_order( $sig ) ) { |
|
| 287 | + throw new SodiumException( 'Signature is on too small of an order' ); |
|
| 288 | 288 | } |
| 289 | - if ((self::chrToInt($sig[63]) & 224) !== 0) { |
|
| 290 | - throw new SodiumException('Invalid signature'); |
|
| 289 | + if ( ( self::chrToInt( $sig[ 63 ] ) & 224 ) !== 0 ) { |
|
| 290 | + throw new SodiumException( 'Invalid signature' ); |
|
| 291 | 291 | } |
| 292 | 292 | $d = 0; |
| 293 | - for ($i = 0; $i < 32; ++$i) { |
|
| 294 | - $d |= self::chrToInt($pk[$i]); |
|
| 293 | + for ( $i = 0; $i < 32; ++$i ) { |
|
| 294 | + $d |= self::chrToInt( $pk[ $i ] ); |
|
| 295 | 295 | } |
| 296 | - if ($d === 0) { |
|
| 297 | - throw new SodiumException('All zero public key'); |
|
| 296 | + if ( $d === 0 ) { |
|
| 297 | + throw new SodiumException( 'All zero public key' ); |
|
| 298 | 298 | } |
| 299 | 299 | |
| 300 | 300 | /** @var bool The original value of ParagonIE_Sodium_Compat::$fastMult */ |
@@ -304,34 +304,34 @@ discard block |
||
| 304 | 304 | ParagonIE_Sodium_Compat::$fastMult = true; |
| 305 | 305 | |
| 306 | 306 | /** @var ParagonIE_Sodium_Core_Curve25519_Ge_P3 $A */ |
| 307 | - $A = self::ge_frombytes_negate_vartime($pk); |
|
| 307 | + $A = self::ge_frombytes_negate_vartime( $pk ); |
|
| 308 | 308 | |
| 309 | 309 | /** @var string $hDigest */ |
| 310 | 310 | $hDigest = hash( |
| 311 | 311 | 'sha512', |
| 312 | - self::substr($sig, 0, 32) . |
|
| 313 | - self::substr($pk, 0, 32) . |
|
| 312 | + self::substr( $sig, 0, 32 ) . |
|
| 313 | + self::substr( $pk, 0, 32 ) . |
|
| 314 | 314 | $message, |
| 315 | 315 | true |
| 316 | 316 | ); |
| 317 | 317 | |
| 318 | 318 | /** @var string $h */ |
| 319 | - $h = self::sc_reduce($hDigest) . self::substr($hDigest, 32); |
|
| 319 | + $h = self::sc_reduce( $hDigest ) . self::substr( $hDigest, 32 ); |
|
| 320 | 320 | |
| 321 | 321 | /** @var ParagonIE_Sodium_Core_Curve25519_Ge_P2 $R */ |
| 322 | 322 | $R = self::ge_double_scalarmult_vartime( |
| 323 | 323 | $h, |
| 324 | 324 | $A, |
| 325 | - self::substr($sig, 32) |
|
| 325 | + self::substr( $sig, 32 ) |
|
| 326 | 326 | ); |
| 327 | 327 | |
| 328 | 328 | /** @var string $rcheck */ |
| 329 | - $rcheck = self::ge_tobytes($R); |
|
| 329 | + $rcheck = self::ge_tobytes( $R ); |
|
| 330 | 330 | |
| 331 | 331 | // Reset ParagonIE_Sodium_Compat::$fastMult to what it was before. |
| 332 | 332 | ParagonIE_Sodium_Compat::$fastMult = $orig; |
| 333 | 333 | |
| 334 | - return self::verify_32($rcheck, self::substr($sig, 0, 32)); |
|
| 334 | + return self::verify_32( $rcheck, self::substr( $sig, 0, 32 ) ); |
|
| 335 | 335 | } |
| 336 | 336 | |
| 337 | 337 | /** |
@@ -342,10 +342,10 @@ discard block |
||
| 342 | 342 | * @throws SodiumException |
| 343 | 343 | * @throws TypeError |
| 344 | 344 | */ |
| 345 | - public static function check_S_lt_L($S) |
|
| 345 | + public static function check_S_lt_L( $S ) |
|
| 346 | 346 | { |
| 347 | - if (self::strlen($S) < 32) { |
|
| 348 | - throw new SodiumException('Signature must be 32 bytes'); |
|
| 347 | + if ( self::strlen( $S ) < 32 ) { |
|
| 348 | + throw new SodiumException( 'Signature must be 32 bytes' ); |
|
| 349 | 349 | } |
| 350 | 350 | $L = array( |
| 351 | 351 | 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, |
@@ -360,14 +360,14 @@ discard block |
||
| 360 | 360 | /** @var array<int, int> $L */ |
| 361 | 361 | do { |
| 362 | 362 | --$i; |
| 363 | - $x = self::chrToInt($S[$i]); |
|
| 363 | + $x = self::chrToInt( $S[ $i ] ); |
|
| 364 | 364 | $c |= ( |
| 365 | - (($x - $L[$i]) >> 8) & $n |
|
| 365 | + ( ( $x - $L[ $i ] ) >> 8 ) & $n |
|
| 366 | 366 | ); |
| 367 | 367 | $n &= ( |
| 368 | - (($x ^ $L[$i]) - 1) >> 8 |
|
| 368 | + ( ( $x ^ $L[ $i ] ) - 1 ) >> 8 |
|
| 369 | 369 | ); |
| 370 | - } while ($i !== 0); |
|
| 370 | + } while ( $i !== 0 ); |
|
| 371 | 371 | |
| 372 | 372 | return $c === 0; |
| 373 | 373 | } |
@@ -378,7 +378,7 @@ discard block |
||
| 378 | 378 | * @throws SodiumException |
| 379 | 379 | * @throws TypeError |
| 380 | 380 | */ |
| 381 | - public static function small_order($R) |
|
| 381 | + public static function small_order( $R ) |
|
| 382 | 382 | { |
| 383 | 383 | /** @var array<int, array<int, int>> $blocklist */ |
| 384 | 384 | $blocklist = array( |
@@ -468,14 +468,14 @@ discard block |
||
| 468 | 468 | ) |
| 469 | 469 | ); |
| 470 | 470 | /** @var int $countBlocklist */ |
| 471 | - $countBlocklist = count($blocklist); |
|
| 471 | + $countBlocklist = count( $blocklist ); |
|
| 472 | 472 | |
| 473 | - for ($i = 0; $i < $countBlocklist; ++$i) { |
|
| 473 | + for ( $i = 0; $i < $countBlocklist; ++$i ) { |
|
| 474 | 474 | $c = 0; |
| 475 | - for ($j = 0; $j < 32; ++$j) { |
|
| 476 | - $c |= self::chrToInt($R[$j]) ^ (int) $blocklist[$i][$j]; |
|
| 475 | + for ( $j = 0; $j < 32; ++$j ) { |
|
| 476 | + $c |= self::chrToInt( $R[ $j ] ) ^ (int)$blocklist[ $i ][ $j ]; |
|
| 477 | 477 | } |
| 478 | - if ($c === 0) { |
|
| 478 | + if ( $c === 0 ) { |
|
| 479 | 479 | return true; |
| 480 | 480 | } |
| 481 | 481 | } |
@@ -487,13 +487,13 @@ discard block |
||
| 487 | 487 | * @return string |
| 488 | 488 | * @throws SodiumException |
| 489 | 489 | */ |
| 490 | - public static function scalar_complement($s) |
|
| 490 | + public static function scalar_complement( $s ) |
|
| 491 | 491 | { |
| 492 | - $t_ = self::L . str_repeat("\x00", 32); |
|
| 493 | - sodium_increment($t_); |
|
| 494 | - $s_ = $s . str_repeat("\x00", 32); |
|
| 495 | - ParagonIE_Sodium_Compat::sub($t_, $s_); |
|
| 496 | - return self::sc_reduce($t_); |
|
| 492 | + $t_ = self::L . str_repeat( "\x00", 32 ); |
|
| 493 | + sodium_increment( $t_ ); |
|
| 494 | + $s_ = $s . str_repeat( "\x00", 32 ); |
|
| 495 | + ParagonIE_Sodium_Compat::sub( $t_, $s_ ); |
|
| 496 | + return self::sc_reduce( $t_ ); |
|
| 497 | 497 | } |
| 498 | 498 | |
| 499 | 499 | /** |
@@ -503,12 +503,12 @@ discard block |
||
| 503 | 503 | public static function scalar_random() |
| 504 | 504 | { |
| 505 | 505 | do { |
| 506 | - $r = ParagonIE_Sodium_Compat::randombytes_buf(self::SCALAR_BYTES); |
|
| 507 | - $r[self::SCALAR_BYTES - 1] = self::intToChr( |
|
| 508 | - self::chrToInt($r[self::SCALAR_BYTES - 1]) & 0x1f |
|
| 506 | + $r = ParagonIE_Sodium_Compat::randombytes_buf( self::SCALAR_BYTES ); |
|
| 507 | + $r[ self::SCALAR_BYTES - 1 ] = self::intToChr( |
|
| 508 | + self::chrToInt( $r[ self::SCALAR_BYTES - 1 ] ) & 0x1f |
|
| 509 | 509 | ); |
| 510 | 510 | } while ( |
| 511 | - !self::check_S_lt_L($r) || ParagonIE_Sodium_Compat::is_zero($r) |
|
| 511 | + ! self::check_S_lt_L( $r ) || ParagonIE_Sodium_Compat::is_zero( $r ) |
|
| 512 | 512 | ); |
| 513 | 513 | return $r; |
| 514 | 514 | } |
@@ -518,12 +518,12 @@ discard block |
||
| 518 | 518 | * @return string |
| 519 | 519 | * @throws SodiumException |
| 520 | 520 | */ |
| 521 | - public static function scalar_negate($s) |
|
| 521 | + public static function scalar_negate( $s ) |
|
| 522 | 522 | { |
| 523 | - $t_ = self::L . str_repeat("\x00", 32) ; |
|
| 524 | - $s_ = $s . str_repeat("\x00", 32) ; |
|
| 525 | - ParagonIE_Sodium_Compat::sub($t_, $s_); |
|
| 526 | - return self::sc_reduce($t_); |
|
| 523 | + $t_ = self::L . str_repeat( "\x00", 32 ); |
|
| 524 | + $s_ = $s . str_repeat( "\x00", 32 ); |
|
| 525 | + ParagonIE_Sodium_Compat::sub( $t_, $s_ ); |
|
| 526 | + return self::sc_reduce( $t_ ); |
|
| 527 | 527 | } |
| 528 | 528 | |
| 529 | 529 | /** |
@@ -532,12 +532,12 @@ discard block |
||
| 532 | 532 | * @return string |
| 533 | 533 | * @throws SodiumException |
| 534 | 534 | */ |
| 535 | - public static function scalar_add($a, $b) |
|
| 535 | + public static function scalar_add( $a, $b ) |
|
| 536 | 536 | { |
| 537 | - $a_ = $a . str_repeat("\x00", 32); |
|
| 538 | - $b_ = $b . str_repeat("\x00", 32); |
|
| 539 | - ParagonIE_Sodium_Compat::add($a_, $b_); |
|
| 540 | - return self::sc_reduce($a_); |
|
| 537 | + $a_ = $a . str_repeat( "\x00", 32 ); |
|
| 538 | + $b_ = $b . str_repeat( "\x00", 32 ); |
|
| 539 | + ParagonIE_Sodium_Compat::add( $a_, $b_ ); |
|
| 540 | + return self::sc_reduce( $a_ ); |
|
| 541 | 541 | } |
| 542 | 542 | |
| 543 | 543 | /** |
@@ -546,9 +546,9 @@ discard block |
||
| 546 | 546 | * @return string |
| 547 | 547 | * @throws SodiumException |
| 548 | 548 | */ |
| 549 | - public static function scalar_sub($x, $y) |
|
| 549 | + public static function scalar_sub( $x, $y ) |
|
| 550 | 550 | { |
| 551 | - $yn = self::scalar_negate($y); |
|
| 552 | - return self::scalar_add($x, $yn); |
|
| 551 | + $yn = self::scalar_negate( $y ); |
|
| 552 | + return self::scalar_add( $x, $yn ); |
|
| 553 | 553 | } |
| 554 | 554 | } |
@@ -1,7 +1,7 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | if (class_exists('ParagonIE_Sodium_Core_SipHash', false)) { |
| 4 | - return; |
|
| 4 | + return; |
|
| 5 | 5 | } |
| 6 | 6 | |
| 7 | 7 | /** |
@@ -11,296 +11,296 @@ discard block |
||
| 11 | 11 | */ |
| 12 | 12 | class ParagonIE_Sodium_Core_SipHash extends ParagonIE_Sodium_Core_Util |
| 13 | 13 | { |
| 14 | - /** |
|
| 15 | - * @internal You should not use this directly from another application |
|
| 16 | - * |
|
| 17 | - * @param int[] $v |
|
| 18 | - * @return int[] |
|
| 19 | - * |
|
| 20 | - */ |
|
| 21 | - public static function sipRound(array $v) |
|
| 22 | - { |
|
| 23 | - # v0 += v1; |
|
| 24 | - list($v[0], $v[1]) = self::add( |
|
| 25 | - array($v[0], $v[1]), |
|
| 26 | - array($v[2], $v[3]) |
|
| 27 | - ); |
|
| 28 | - |
|
| 29 | - # v1=ROTL(v1,13); |
|
| 30 | - list($v[2], $v[3]) = self::rotl_64((int) $v[2], (int) $v[3], 13); |
|
| 31 | - |
|
| 32 | - # v1 ^= v0; |
|
| 33 | - $v[2] = (int) $v[2] ^ (int) $v[0]; |
|
| 34 | - $v[3] = (int) $v[3] ^ (int) $v[1]; |
|
| 35 | - |
|
| 36 | - # v0=ROTL(v0,32); |
|
| 37 | - list($v[0], $v[1]) = self::rotl_64((int) $v[0], (int) $v[1], 32); |
|
| 38 | - |
|
| 39 | - # v2 += v3; |
|
| 40 | - list($v[4], $v[5]) = self::add( |
|
| 41 | - array((int) $v[4], (int) $v[5]), |
|
| 42 | - array((int) $v[6], (int) $v[7]) |
|
| 43 | - ); |
|
| 44 | - |
|
| 45 | - # v3=ROTL(v3,16); |
|
| 46 | - list($v[6], $v[7]) = self::rotl_64((int) $v[6], (int) $v[7], 16); |
|
| 47 | - |
|
| 48 | - # v3 ^= v2; |
|
| 49 | - $v[6] = (int) $v[6] ^ (int) $v[4]; |
|
| 50 | - $v[7] = (int) $v[7] ^ (int) $v[5]; |
|
| 51 | - |
|
| 52 | - # v0 += v3; |
|
| 53 | - list($v[0], $v[1]) = self::add( |
|
| 54 | - array((int) $v[0], (int) $v[1]), |
|
| 55 | - array((int) $v[6], (int) $v[7]) |
|
| 56 | - ); |
|
| 57 | - |
|
| 58 | - # v3=ROTL(v3,21); |
|
| 59 | - list($v[6], $v[7]) = self::rotl_64((int) $v[6], (int) $v[7], 21); |
|
| 60 | - |
|
| 61 | - # v3 ^= v0; |
|
| 62 | - $v[6] = (int) $v[6] ^ (int) $v[0]; |
|
| 63 | - $v[7] = (int) $v[7] ^ (int) $v[1]; |
|
| 64 | - |
|
| 65 | - # v2 += v1; |
|
| 66 | - list($v[4], $v[5]) = self::add( |
|
| 67 | - array((int) $v[4], (int) $v[5]), |
|
| 68 | - array((int) $v[2], (int) $v[3]) |
|
| 69 | - ); |
|
| 70 | - |
|
| 71 | - # v1=ROTL(v1,17); |
|
| 72 | - list($v[2], $v[3]) = self::rotl_64((int) $v[2], (int) $v[3], 17); |
|
| 73 | - |
|
| 74 | - # v1 ^= v2;; |
|
| 75 | - $v[2] = (int) $v[2] ^ (int) $v[4]; |
|
| 76 | - $v[3] = (int) $v[3] ^ (int) $v[5]; |
|
| 77 | - |
|
| 78 | - # v2=ROTL(v2,32) |
|
| 79 | - list($v[4], $v[5]) = self::rotl_64((int) $v[4], (int) $v[5], 32); |
|
| 80 | - |
|
| 81 | - return $v; |
|
| 82 | - } |
|
| 83 | - |
|
| 84 | - /** |
|
| 85 | - * Add two 32 bit integers representing a 64-bit integer. |
|
| 86 | - * |
|
| 87 | - * @internal You should not use this directly from another application |
|
| 88 | - * |
|
| 89 | - * @param int[] $a |
|
| 90 | - * @param int[] $b |
|
| 91 | - * @return array<int, mixed> |
|
| 92 | - */ |
|
| 93 | - public static function add(array $a, array $b) |
|
| 94 | - { |
|
| 95 | - /** @var int $x1 */ |
|
| 96 | - $x1 = $a[1] + $b[1]; |
|
| 97 | - /** @var int $c */ |
|
| 98 | - $c = $x1 >> 32; // Carry if ($a + $b) > 0xffffffff |
|
| 99 | - /** @var int $x0 */ |
|
| 100 | - $x0 = $a[0] + $b[0] + $c; |
|
| 101 | - return array( |
|
| 102 | - $x0 & 0xffffffff, |
|
| 103 | - $x1 & 0xffffffff |
|
| 104 | - ); |
|
| 105 | - } |
|
| 106 | - |
|
| 107 | - /** |
|
| 108 | - * @internal You should not use this directly from another application |
|
| 109 | - * |
|
| 110 | - * @param int $int0 |
|
| 111 | - * @param int $int1 |
|
| 112 | - * @param int $c |
|
| 113 | - * @return array<int, mixed> |
|
| 114 | - */ |
|
| 115 | - public static function rotl_64($int0, $int1, $c) |
|
| 116 | - { |
|
| 117 | - $int0 &= 0xffffffff; |
|
| 118 | - $int1 &= 0xffffffff; |
|
| 119 | - $c &= 63; |
|
| 120 | - if ($c === 32) { |
|
| 121 | - return array($int1, $int0); |
|
| 122 | - } |
|
| 123 | - if ($c > 31) { |
|
| 124 | - $tmp = $int1; |
|
| 125 | - $int1 = $int0; |
|
| 126 | - $int0 = $tmp; |
|
| 127 | - $c &= 31; |
|
| 128 | - } |
|
| 129 | - if ($c === 0) { |
|
| 130 | - return array($int0, $int1); |
|
| 131 | - } |
|
| 132 | - return array( |
|
| 133 | - 0xffffffff & ( |
|
| 134 | - ($int0 << $c) |
|
| 135 | - | |
|
| 136 | - ($int1 >> (32 - $c)) |
|
| 137 | - ), |
|
| 138 | - 0xffffffff & ( |
|
| 139 | - ($int1 << $c) |
|
| 140 | - | |
|
| 141 | - ($int0 >> (32 - $c)) |
|
| 142 | - ), |
|
| 143 | - ); |
|
| 144 | - } |
|
| 145 | - |
|
| 146 | - /** |
|
| 147 | - * Implements Siphash-2-4 using only 32-bit numbers. |
|
| 148 | - * |
|
| 149 | - * When we split an int into two, the higher bits go to the lower index. |
|
| 150 | - * e.g. 0xDEADBEEFAB10C92D becomes [ |
|
| 151 | - * 0 => 0xDEADBEEF, |
|
| 152 | - * 1 => 0xAB10C92D |
|
| 153 | - * ]. |
|
| 154 | - * |
|
| 155 | - * @internal You should not use this directly from another application |
|
| 156 | - * |
|
| 157 | - * @param string $in |
|
| 158 | - * @param string $key |
|
| 159 | - * @return string |
|
| 160 | - * @throws SodiumException |
|
| 161 | - * @throws TypeError |
|
| 162 | - */ |
|
| 163 | - public static function sipHash24($in, $key) |
|
| 164 | - { |
|
| 165 | - $inlen = self::strlen($in); |
|
| 166 | - |
|
| 167 | - # /* "somepseudorandomlygeneratedbytes" */ |
|
| 168 | - # u64 v0 = 0x736f6d6570736575ULL; |
|
| 169 | - # u64 v1 = 0x646f72616e646f6dULL; |
|
| 170 | - # u64 v2 = 0x6c7967656e657261ULL; |
|
| 171 | - # u64 v3 = 0x7465646279746573ULL; |
|
| 172 | - $v = array( |
|
| 173 | - 0x736f6d65, // 0 |
|
| 174 | - 0x70736575, // 1 |
|
| 175 | - 0x646f7261, // 2 |
|
| 176 | - 0x6e646f6d, // 3 |
|
| 177 | - 0x6c796765, // 4 |
|
| 178 | - 0x6e657261, // 5 |
|
| 179 | - 0x74656462, // 6 |
|
| 180 | - 0x79746573 // 7 |
|
| 181 | - ); |
|
| 182 | - // v0 => $v[0], $v[1] |
|
| 183 | - // v1 => $v[2], $v[3] |
|
| 184 | - // v2 => $v[4], $v[5] |
|
| 185 | - // v3 => $v[6], $v[7] |
|
| 186 | - |
|
| 187 | - # u64 k0 = LOAD64_LE( k ); |
|
| 188 | - # u64 k1 = LOAD64_LE( k + 8 ); |
|
| 189 | - $k = array( |
|
| 190 | - self::load_4(self::substr($key, 4, 4)), |
|
| 191 | - self::load_4(self::substr($key, 0, 4)), |
|
| 192 | - self::load_4(self::substr($key, 12, 4)), |
|
| 193 | - self::load_4(self::substr($key, 8, 4)) |
|
| 194 | - ); |
|
| 195 | - // k0 => $k[0], $k[1] |
|
| 196 | - // k1 => $k[2], $k[3] |
|
| 197 | - |
|
| 198 | - # b = ( ( u64 )inlen ) << 56; |
|
| 199 | - $b = array( |
|
| 200 | - $inlen << 24, |
|
| 201 | - 0 |
|
| 202 | - ); |
|
| 203 | - // See docblock for why the 0th index gets the higher bits. |
|
| 204 | - |
|
| 205 | - # v3 ^= k1; |
|
| 206 | - $v[6] ^= $k[2]; |
|
| 207 | - $v[7] ^= $k[3]; |
|
| 208 | - # v2 ^= k0; |
|
| 209 | - $v[4] ^= $k[0]; |
|
| 210 | - $v[5] ^= $k[1]; |
|
| 211 | - # v1 ^= k1; |
|
| 212 | - $v[2] ^= $k[2]; |
|
| 213 | - $v[3] ^= $k[3]; |
|
| 214 | - # v0 ^= k0; |
|
| 215 | - $v[0] ^= $k[0]; |
|
| 216 | - $v[1] ^= $k[1]; |
|
| 217 | - |
|
| 218 | - $left = $inlen; |
|
| 219 | - # for ( ; in != end; in += 8 ) |
|
| 220 | - while ($left >= 8) { |
|
| 221 | - # m = LOAD64_LE( in ); |
|
| 222 | - $m = array( |
|
| 223 | - self::load_4(self::substr($in, 4, 4)), |
|
| 224 | - self::load_4(self::substr($in, 0, 4)) |
|
| 225 | - ); |
|
| 226 | - |
|
| 227 | - # v3 ^= m; |
|
| 228 | - $v[6] ^= $m[0]; |
|
| 229 | - $v[7] ^= $m[1]; |
|
| 230 | - |
|
| 231 | - # SIPROUND; |
|
| 232 | - # SIPROUND; |
|
| 233 | - $v = self::sipRound($v); |
|
| 234 | - $v = self::sipRound($v); |
|
| 235 | - |
|
| 236 | - # v0 ^= m; |
|
| 237 | - $v[0] ^= $m[0]; |
|
| 238 | - $v[1] ^= $m[1]; |
|
| 239 | - |
|
| 240 | - $in = self::substr($in, 8); |
|
| 241 | - $left -= 8; |
|
| 242 | - } |
|
| 243 | - |
|
| 244 | - # switch( left ) |
|
| 245 | - # { |
|
| 246 | - # case 7: b |= ( ( u64 )in[ 6] ) << 48; |
|
| 247 | - # case 6: b |= ( ( u64 )in[ 5] ) << 40; |
|
| 248 | - # case 5: b |= ( ( u64 )in[ 4] ) << 32; |
|
| 249 | - # case 4: b |= ( ( u64 )in[ 3] ) << 24; |
|
| 250 | - # case 3: b |= ( ( u64 )in[ 2] ) << 16; |
|
| 251 | - # case 2: b |= ( ( u64 )in[ 1] ) << 8; |
|
| 252 | - # case 1: b |= ( ( u64 )in[ 0] ); break; |
|
| 253 | - # case 0: break; |
|
| 254 | - # } |
|
| 255 | - switch ($left) { |
|
| 256 | - case 7: |
|
| 257 | - $b[0] |= self::chrToInt($in[6]) << 16; |
|
| 258 | - case 6: |
|
| 259 | - $b[0] |= self::chrToInt($in[5]) << 8; |
|
| 260 | - case 5: |
|
| 261 | - $b[0] |= self::chrToInt($in[4]); |
|
| 262 | - case 4: |
|
| 263 | - $b[1] |= self::chrToInt($in[3]) << 24; |
|
| 264 | - case 3: |
|
| 265 | - $b[1] |= self::chrToInt($in[2]) << 16; |
|
| 266 | - case 2: |
|
| 267 | - $b[1] |= self::chrToInt($in[1]) << 8; |
|
| 268 | - case 1: |
|
| 269 | - $b[1] |= self::chrToInt($in[0]); |
|
| 270 | - case 0: |
|
| 271 | - break; |
|
| 272 | - } |
|
| 273 | - // See docblock for why the 0th index gets the higher bits. |
|
| 274 | - |
|
| 275 | - # v3 ^= b; |
|
| 276 | - $v[6] ^= $b[0]; |
|
| 277 | - $v[7] ^= $b[1]; |
|
| 278 | - |
|
| 279 | - # SIPROUND; |
|
| 280 | - # SIPROUND; |
|
| 281 | - $v = self::sipRound($v); |
|
| 282 | - $v = self::sipRound($v); |
|
| 283 | - |
|
| 284 | - # v0 ^= b; |
|
| 285 | - $v[0] ^= $b[0]; |
|
| 286 | - $v[1] ^= $b[1]; |
|
| 287 | - |
|
| 288 | - // Flip the lower 8 bits of v2 which is ($v[4], $v[5]) in our implementation |
|
| 289 | - # v2 ^= 0xff; |
|
| 290 | - $v[5] ^= 0xff; |
|
| 291 | - |
|
| 292 | - # SIPROUND; |
|
| 293 | - # SIPROUND; |
|
| 294 | - # SIPROUND; |
|
| 295 | - # SIPROUND; |
|
| 296 | - $v = self::sipRound($v); |
|
| 297 | - $v = self::sipRound($v); |
|
| 298 | - $v = self::sipRound($v); |
|
| 299 | - $v = self::sipRound($v); |
|
| 300 | - |
|
| 301 | - # b = v0 ^ v1 ^ v2 ^ v3; |
|
| 302 | - # STORE64_LE( out, b ); |
|
| 303 | - return self::store32_le($v[1] ^ $v[3] ^ $v[5] ^ $v[7]) . |
|
| 304 | - self::store32_le($v[0] ^ $v[2] ^ $v[4] ^ $v[6]); |
|
| 305 | - } |
|
| 14 | + /** |
|
| 15 | + * @internal You should not use this directly from another application |
|
| 16 | + * |
|
| 17 | + * @param int[] $v |
|
| 18 | + * @return int[] |
|
| 19 | + * |
|
| 20 | + */ |
|
| 21 | + public static function sipRound(array $v) |
|
| 22 | + { |
|
| 23 | + # v0 += v1; |
|
| 24 | + list($v[0], $v[1]) = self::add( |
|
| 25 | + array($v[0], $v[1]), |
|
| 26 | + array($v[2], $v[3]) |
|
| 27 | + ); |
|
| 28 | + |
|
| 29 | + # v1=ROTL(v1,13); |
|
| 30 | + list($v[2], $v[3]) = self::rotl_64((int) $v[2], (int) $v[3], 13); |
|
| 31 | + |
|
| 32 | + # v1 ^= v0; |
|
| 33 | + $v[2] = (int) $v[2] ^ (int) $v[0]; |
|
| 34 | + $v[3] = (int) $v[3] ^ (int) $v[1]; |
|
| 35 | + |
|
| 36 | + # v0=ROTL(v0,32); |
|
| 37 | + list($v[0], $v[1]) = self::rotl_64((int) $v[0], (int) $v[1], 32); |
|
| 38 | + |
|
| 39 | + # v2 += v3; |
|
| 40 | + list($v[4], $v[5]) = self::add( |
|
| 41 | + array((int) $v[4], (int) $v[5]), |
|
| 42 | + array((int) $v[6], (int) $v[7]) |
|
| 43 | + ); |
|
| 44 | + |
|
| 45 | + # v3=ROTL(v3,16); |
|
| 46 | + list($v[6], $v[7]) = self::rotl_64((int) $v[6], (int) $v[7], 16); |
|
| 47 | + |
|
| 48 | + # v3 ^= v2; |
|
| 49 | + $v[6] = (int) $v[6] ^ (int) $v[4]; |
|
| 50 | + $v[7] = (int) $v[7] ^ (int) $v[5]; |
|
| 51 | + |
|
| 52 | + # v0 += v3; |
|
| 53 | + list($v[0], $v[1]) = self::add( |
|
| 54 | + array((int) $v[0], (int) $v[1]), |
|
| 55 | + array((int) $v[6], (int) $v[7]) |
|
| 56 | + ); |
|
| 57 | + |
|
| 58 | + # v3=ROTL(v3,21); |
|
| 59 | + list($v[6], $v[7]) = self::rotl_64((int) $v[6], (int) $v[7], 21); |
|
| 60 | + |
|
| 61 | + # v3 ^= v0; |
|
| 62 | + $v[6] = (int) $v[6] ^ (int) $v[0]; |
|
| 63 | + $v[7] = (int) $v[7] ^ (int) $v[1]; |
|
| 64 | + |
|
| 65 | + # v2 += v1; |
|
| 66 | + list($v[4], $v[5]) = self::add( |
|
| 67 | + array((int) $v[4], (int) $v[5]), |
|
| 68 | + array((int) $v[2], (int) $v[3]) |
|
| 69 | + ); |
|
| 70 | + |
|
| 71 | + # v1=ROTL(v1,17); |
|
| 72 | + list($v[2], $v[3]) = self::rotl_64((int) $v[2], (int) $v[3], 17); |
|
| 73 | + |
|
| 74 | + # v1 ^= v2;; |
|
| 75 | + $v[2] = (int) $v[2] ^ (int) $v[4]; |
|
| 76 | + $v[3] = (int) $v[3] ^ (int) $v[5]; |
|
| 77 | + |
|
| 78 | + # v2=ROTL(v2,32) |
|
| 79 | + list($v[4], $v[5]) = self::rotl_64((int) $v[4], (int) $v[5], 32); |
|
| 80 | + |
|
| 81 | + return $v; |
|
| 82 | + } |
|
| 83 | + |
|
| 84 | + /** |
|
| 85 | + * Add two 32 bit integers representing a 64-bit integer. |
|
| 86 | + * |
|
| 87 | + * @internal You should not use this directly from another application |
|
| 88 | + * |
|
| 89 | + * @param int[] $a |
|
| 90 | + * @param int[] $b |
|
| 91 | + * @return array<int, mixed> |
|
| 92 | + */ |
|
| 93 | + public static function add(array $a, array $b) |
|
| 94 | + { |
|
| 95 | + /** @var int $x1 */ |
|
| 96 | + $x1 = $a[1] + $b[1]; |
|
| 97 | + /** @var int $c */ |
|
| 98 | + $c = $x1 >> 32; // Carry if ($a + $b) > 0xffffffff |
|
| 99 | + /** @var int $x0 */ |
|
| 100 | + $x0 = $a[0] + $b[0] + $c; |
|
| 101 | + return array( |
|
| 102 | + $x0 & 0xffffffff, |
|
| 103 | + $x1 & 0xffffffff |
|
| 104 | + ); |
|
| 105 | + } |
|
| 106 | + |
|
| 107 | + /** |
|
| 108 | + * @internal You should not use this directly from another application |
|
| 109 | + * |
|
| 110 | + * @param int $int0 |
|
| 111 | + * @param int $int1 |
|
| 112 | + * @param int $c |
|
| 113 | + * @return array<int, mixed> |
|
| 114 | + */ |
|
| 115 | + public static function rotl_64($int0, $int1, $c) |
|
| 116 | + { |
|
| 117 | + $int0 &= 0xffffffff; |
|
| 118 | + $int1 &= 0xffffffff; |
|
| 119 | + $c &= 63; |
|
| 120 | + if ($c === 32) { |
|
| 121 | + return array($int1, $int0); |
|
| 122 | + } |
|
| 123 | + if ($c > 31) { |
|
| 124 | + $tmp = $int1; |
|
| 125 | + $int1 = $int0; |
|
| 126 | + $int0 = $tmp; |
|
| 127 | + $c &= 31; |
|
| 128 | + } |
|
| 129 | + if ($c === 0) { |
|
| 130 | + return array($int0, $int1); |
|
| 131 | + } |
|
| 132 | + return array( |
|
| 133 | + 0xffffffff & ( |
|
| 134 | + ($int0 << $c) |
|
| 135 | + | |
|
| 136 | + ($int1 >> (32 - $c)) |
|
| 137 | + ), |
|
| 138 | + 0xffffffff & ( |
|
| 139 | + ($int1 << $c) |
|
| 140 | + | |
|
| 141 | + ($int0 >> (32 - $c)) |
|
| 142 | + ), |
|
| 143 | + ); |
|
| 144 | + } |
|
| 145 | + |
|
| 146 | + /** |
|
| 147 | + * Implements Siphash-2-4 using only 32-bit numbers. |
|
| 148 | + * |
|
| 149 | + * When we split an int into two, the higher bits go to the lower index. |
|
| 150 | + * e.g. 0xDEADBEEFAB10C92D becomes [ |
|
| 151 | + * 0 => 0xDEADBEEF, |
|
| 152 | + * 1 => 0xAB10C92D |
|
| 153 | + * ]. |
|
| 154 | + * |
|
| 155 | + * @internal You should not use this directly from another application |
|
| 156 | + * |
|
| 157 | + * @param string $in |
|
| 158 | + * @param string $key |
|
| 159 | + * @return string |
|
| 160 | + * @throws SodiumException |
|
| 161 | + * @throws TypeError |
|
| 162 | + */ |
|
| 163 | + public static function sipHash24($in, $key) |
|
| 164 | + { |
|
| 165 | + $inlen = self::strlen($in); |
|
| 166 | + |
|
| 167 | + # /* "somepseudorandomlygeneratedbytes" */ |
|
| 168 | + # u64 v0 = 0x736f6d6570736575ULL; |
|
| 169 | + # u64 v1 = 0x646f72616e646f6dULL; |
|
| 170 | + # u64 v2 = 0x6c7967656e657261ULL; |
|
| 171 | + # u64 v3 = 0x7465646279746573ULL; |
|
| 172 | + $v = array( |
|
| 173 | + 0x736f6d65, // 0 |
|
| 174 | + 0x70736575, // 1 |
|
| 175 | + 0x646f7261, // 2 |
|
| 176 | + 0x6e646f6d, // 3 |
|
| 177 | + 0x6c796765, // 4 |
|
| 178 | + 0x6e657261, // 5 |
|
| 179 | + 0x74656462, // 6 |
|
| 180 | + 0x79746573 // 7 |
|
| 181 | + ); |
|
| 182 | + // v0 => $v[0], $v[1] |
|
| 183 | + // v1 => $v[2], $v[3] |
|
| 184 | + // v2 => $v[4], $v[5] |
|
| 185 | + // v3 => $v[6], $v[7] |
|
| 186 | + |
|
| 187 | + # u64 k0 = LOAD64_LE( k ); |
|
| 188 | + # u64 k1 = LOAD64_LE( k + 8 ); |
|
| 189 | + $k = array( |
|
| 190 | + self::load_4(self::substr($key, 4, 4)), |
|
| 191 | + self::load_4(self::substr($key, 0, 4)), |
|
| 192 | + self::load_4(self::substr($key, 12, 4)), |
|
| 193 | + self::load_4(self::substr($key, 8, 4)) |
|
| 194 | + ); |
|
| 195 | + // k0 => $k[0], $k[1] |
|
| 196 | + // k1 => $k[2], $k[3] |
|
| 197 | + |
|
| 198 | + # b = ( ( u64 )inlen ) << 56; |
|
| 199 | + $b = array( |
|
| 200 | + $inlen << 24, |
|
| 201 | + 0 |
|
| 202 | + ); |
|
| 203 | + // See docblock for why the 0th index gets the higher bits. |
|
| 204 | + |
|
| 205 | + # v3 ^= k1; |
|
| 206 | + $v[6] ^= $k[2]; |
|
| 207 | + $v[7] ^= $k[3]; |
|
| 208 | + # v2 ^= k0; |
|
| 209 | + $v[4] ^= $k[0]; |
|
| 210 | + $v[5] ^= $k[1]; |
|
| 211 | + # v1 ^= k1; |
|
| 212 | + $v[2] ^= $k[2]; |
|
| 213 | + $v[3] ^= $k[3]; |
|
| 214 | + # v0 ^= k0; |
|
| 215 | + $v[0] ^= $k[0]; |
|
| 216 | + $v[1] ^= $k[1]; |
|
| 217 | + |
|
| 218 | + $left = $inlen; |
|
| 219 | + # for ( ; in != end; in += 8 ) |
|
| 220 | + while ($left >= 8) { |
|
| 221 | + # m = LOAD64_LE( in ); |
|
| 222 | + $m = array( |
|
| 223 | + self::load_4(self::substr($in, 4, 4)), |
|
| 224 | + self::load_4(self::substr($in, 0, 4)) |
|
| 225 | + ); |
|
| 226 | + |
|
| 227 | + # v3 ^= m; |
|
| 228 | + $v[6] ^= $m[0]; |
|
| 229 | + $v[7] ^= $m[1]; |
|
| 230 | + |
|
| 231 | + # SIPROUND; |
|
| 232 | + # SIPROUND; |
|
| 233 | + $v = self::sipRound($v); |
|
| 234 | + $v = self::sipRound($v); |
|
| 235 | + |
|
| 236 | + # v0 ^= m; |
|
| 237 | + $v[0] ^= $m[0]; |
|
| 238 | + $v[1] ^= $m[1]; |
|
| 239 | + |
|
| 240 | + $in = self::substr($in, 8); |
|
| 241 | + $left -= 8; |
|
| 242 | + } |
|
| 243 | + |
|
| 244 | + # switch( left ) |
|
| 245 | + # { |
|
| 246 | + # case 7: b |= ( ( u64 )in[ 6] ) << 48; |
|
| 247 | + # case 6: b |= ( ( u64 )in[ 5] ) << 40; |
|
| 248 | + # case 5: b |= ( ( u64 )in[ 4] ) << 32; |
|
| 249 | + # case 4: b |= ( ( u64 )in[ 3] ) << 24; |
|
| 250 | + # case 3: b |= ( ( u64 )in[ 2] ) << 16; |
|
| 251 | + # case 2: b |= ( ( u64 )in[ 1] ) << 8; |
|
| 252 | + # case 1: b |= ( ( u64 )in[ 0] ); break; |
|
| 253 | + # case 0: break; |
|
| 254 | + # } |
|
| 255 | + switch ($left) { |
|
| 256 | + case 7: |
|
| 257 | + $b[0] |= self::chrToInt($in[6]) << 16; |
|
| 258 | + case 6: |
|
| 259 | + $b[0] |= self::chrToInt($in[5]) << 8; |
|
| 260 | + case 5: |
|
| 261 | + $b[0] |= self::chrToInt($in[4]); |
|
| 262 | + case 4: |
|
| 263 | + $b[1] |= self::chrToInt($in[3]) << 24; |
|
| 264 | + case 3: |
|
| 265 | + $b[1] |= self::chrToInt($in[2]) << 16; |
|
| 266 | + case 2: |
|
| 267 | + $b[1] |= self::chrToInt($in[1]) << 8; |
|
| 268 | + case 1: |
|
| 269 | + $b[1] |= self::chrToInt($in[0]); |
|
| 270 | + case 0: |
|
| 271 | + break; |
|
| 272 | + } |
|
| 273 | + // See docblock for why the 0th index gets the higher bits. |
|
| 274 | + |
|
| 275 | + # v3 ^= b; |
|
| 276 | + $v[6] ^= $b[0]; |
|
| 277 | + $v[7] ^= $b[1]; |
|
| 278 | + |
|
| 279 | + # SIPROUND; |
|
| 280 | + # SIPROUND; |
|
| 281 | + $v = self::sipRound($v); |
|
| 282 | + $v = self::sipRound($v); |
|
| 283 | + |
|
| 284 | + # v0 ^= b; |
|
| 285 | + $v[0] ^= $b[0]; |
|
| 286 | + $v[1] ^= $b[1]; |
|
| 287 | + |
|
| 288 | + // Flip the lower 8 bits of v2 which is ($v[4], $v[5]) in our implementation |
|
| 289 | + # v2 ^= 0xff; |
|
| 290 | + $v[5] ^= 0xff; |
|
| 291 | + |
|
| 292 | + # SIPROUND; |
|
| 293 | + # SIPROUND; |
|
| 294 | + # SIPROUND; |
|
| 295 | + # SIPROUND; |
|
| 296 | + $v = self::sipRound($v); |
|
| 297 | + $v = self::sipRound($v); |
|
| 298 | + $v = self::sipRound($v); |
|
| 299 | + $v = self::sipRound($v); |
|
| 300 | + |
|
| 301 | + # b = v0 ^ v1 ^ v2 ^ v3; |
|
| 302 | + # STORE64_LE( out, b ); |
|
| 303 | + return self::store32_le($v[1] ^ $v[3] ^ $v[5] ^ $v[7]) . |
|
| 304 | + self::store32_le($v[0] ^ $v[2] ^ $v[4] ^ $v[6]); |
|
| 305 | + } |
|
| 306 | 306 | } |
@@ -1,6 +1,6 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -if (class_exists('ParagonIE_Sodium_Core_SipHash', false)) { |
|
| 3 | +if ( class_exists( 'ParagonIE_Sodium_Core_SipHash', false ) ) { |
|
| 4 | 4 | return; |
| 5 | 5 | } |
| 6 | 6 | |
@@ -18,65 +18,65 @@ discard block |
||
| 18 | 18 | * @return int[] |
| 19 | 19 | * |
| 20 | 20 | */ |
| 21 | - public static function sipRound(array $v) |
|
| 21 | + public static function sipRound( array $v ) |
|
| 22 | 22 | { |
| 23 | 23 | # v0 += v1; |
| 24 | - list($v[0], $v[1]) = self::add( |
|
| 25 | - array($v[0], $v[1]), |
|
| 26 | - array($v[2], $v[3]) |
|
| 24 | + list( $v[ 0 ], $v[ 1 ] ) = self::add( |
|
| 25 | + array( $v[ 0 ], $v[ 1 ] ), |
|
| 26 | + array( $v[ 2 ], $v[ 3 ] ) |
|
| 27 | 27 | ); |
| 28 | 28 | |
| 29 | 29 | # v1=ROTL(v1,13); |
| 30 | - list($v[2], $v[3]) = self::rotl_64((int) $v[2], (int) $v[3], 13); |
|
| 30 | + list( $v[ 2 ], $v[ 3 ] ) = self::rotl_64( (int)$v[ 2 ], (int)$v[ 3 ], 13 ); |
|
| 31 | 31 | |
| 32 | 32 | # v1 ^= v0; |
| 33 | - $v[2] = (int) $v[2] ^ (int) $v[0]; |
|
| 34 | - $v[3] = (int) $v[3] ^ (int) $v[1]; |
|
| 33 | + $v[ 2 ] = (int)$v[ 2 ] ^ (int)$v[ 0 ]; |
|
| 34 | + $v[ 3 ] = (int)$v[ 3 ] ^ (int)$v[ 1 ]; |
|
| 35 | 35 | |
| 36 | 36 | # v0=ROTL(v0,32); |
| 37 | - list($v[0], $v[1]) = self::rotl_64((int) $v[0], (int) $v[1], 32); |
|
| 37 | + list( $v[ 0 ], $v[ 1 ] ) = self::rotl_64( (int)$v[ 0 ], (int)$v[ 1 ], 32 ); |
|
| 38 | 38 | |
| 39 | 39 | # v2 += v3; |
| 40 | - list($v[4], $v[5]) = self::add( |
|
| 41 | - array((int) $v[4], (int) $v[5]), |
|
| 42 | - array((int) $v[6], (int) $v[7]) |
|
| 40 | + list( $v[ 4 ], $v[ 5 ] ) = self::add( |
|
| 41 | + array( (int)$v[ 4 ], (int)$v[ 5 ] ), |
|
| 42 | + array( (int)$v[ 6 ], (int)$v[ 7 ] ) |
|
| 43 | 43 | ); |
| 44 | 44 | |
| 45 | 45 | # v3=ROTL(v3,16); |
| 46 | - list($v[6], $v[7]) = self::rotl_64((int) $v[6], (int) $v[7], 16); |
|
| 46 | + list( $v[ 6 ], $v[ 7 ] ) = self::rotl_64( (int)$v[ 6 ], (int)$v[ 7 ], 16 ); |
|
| 47 | 47 | |
| 48 | 48 | # v3 ^= v2; |
| 49 | - $v[6] = (int) $v[6] ^ (int) $v[4]; |
|
| 50 | - $v[7] = (int) $v[7] ^ (int) $v[5]; |
|
| 49 | + $v[ 6 ] = (int)$v[ 6 ] ^ (int)$v[ 4 ]; |
|
| 50 | + $v[ 7 ] = (int)$v[ 7 ] ^ (int)$v[ 5 ]; |
|
| 51 | 51 | |
| 52 | 52 | # v0 += v3; |
| 53 | - list($v[0], $v[1]) = self::add( |
|
| 54 | - array((int) $v[0], (int) $v[1]), |
|
| 55 | - array((int) $v[6], (int) $v[7]) |
|
| 53 | + list( $v[ 0 ], $v[ 1 ] ) = self::add( |
|
| 54 | + array( (int)$v[ 0 ], (int)$v[ 1 ] ), |
|
| 55 | + array( (int)$v[ 6 ], (int)$v[ 7 ] ) |
|
| 56 | 56 | ); |
| 57 | 57 | |
| 58 | 58 | # v3=ROTL(v3,21); |
| 59 | - list($v[6], $v[7]) = self::rotl_64((int) $v[6], (int) $v[7], 21); |
|
| 59 | + list( $v[ 6 ], $v[ 7 ] ) = self::rotl_64( (int)$v[ 6 ], (int)$v[ 7 ], 21 ); |
|
| 60 | 60 | |
| 61 | 61 | # v3 ^= v0; |
| 62 | - $v[6] = (int) $v[6] ^ (int) $v[0]; |
|
| 63 | - $v[7] = (int) $v[7] ^ (int) $v[1]; |
|
| 62 | + $v[ 6 ] = (int)$v[ 6 ] ^ (int)$v[ 0 ]; |
|
| 63 | + $v[ 7 ] = (int)$v[ 7 ] ^ (int)$v[ 1 ]; |
|
| 64 | 64 | |
| 65 | 65 | # v2 += v1; |
| 66 | - list($v[4], $v[5]) = self::add( |
|
| 67 | - array((int) $v[4], (int) $v[5]), |
|
| 68 | - array((int) $v[2], (int) $v[3]) |
|
| 66 | + list( $v[ 4 ], $v[ 5 ] ) = self::add( |
|
| 67 | + array( (int)$v[ 4 ], (int)$v[ 5 ] ), |
|
| 68 | + array( (int)$v[ 2 ], (int)$v[ 3 ] ) |
|
| 69 | 69 | ); |
| 70 | 70 | |
| 71 | 71 | # v1=ROTL(v1,17); |
| 72 | - list($v[2], $v[3]) = self::rotl_64((int) $v[2], (int) $v[3], 17); |
|
| 72 | + list( $v[ 2 ], $v[ 3 ] ) = self::rotl_64( (int)$v[ 2 ], (int)$v[ 3 ], 17 ); |
|
| 73 | 73 | |
| 74 | 74 | # v1 ^= v2;; |
| 75 | - $v[2] = (int) $v[2] ^ (int) $v[4]; |
|
| 76 | - $v[3] = (int) $v[3] ^ (int) $v[5]; |
|
| 75 | + $v[ 2 ] = (int)$v[ 2 ] ^ (int)$v[ 4 ]; |
|
| 76 | + $v[ 3 ] = (int)$v[ 3 ] ^ (int)$v[ 5 ]; |
|
| 77 | 77 | |
| 78 | 78 | # v2=ROTL(v2,32) |
| 79 | - list($v[4], $v[5]) = self::rotl_64((int) $v[4], (int) $v[5], 32); |
|
| 79 | + list( $v[ 4 ], $v[ 5 ] ) = self::rotl_64( (int)$v[ 4 ], (int)$v[ 5 ], 32 ); |
|
| 80 | 80 | |
| 81 | 81 | return $v; |
| 82 | 82 | } |
@@ -90,14 +90,14 @@ discard block |
||
| 90 | 90 | * @param int[] $b |
| 91 | 91 | * @return array<int, mixed> |
| 92 | 92 | */ |
| 93 | - public static function add(array $a, array $b) |
|
| 93 | + public static function add( array $a, array $b ) |
|
| 94 | 94 | { |
| 95 | 95 | /** @var int $x1 */ |
| 96 | - $x1 = $a[1] + $b[1]; |
|
| 96 | + $x1 = $a[ 1 ] + $b[ 1 ]; |
|
| 97 | 97 | /** @var int $c */ |
| 98 | 98 | $c = $x1 >> 32; // Carry if ($a + $b) > 0xffffffff |
| 99 | 99 | /** @var int $x0 */ |
| 100 | - $x0 = $a[0] + $b[0] + $c; |
|
| 100 | + $x0 = $a[ 0 ] + $b[ 0 ] + $c; |
|
| 101 | 101 | return array( |
| 102 | 102 | $x0 & 0xffffffff, |
| 103 | 103 | $x1 & 0xffffffff |
@@ -112,33 +112,33 @@ discard block |
||
| 112 | 112 | * @param int $c |
| 113 | 113 | * @return array<int, mixed> |
| 114 | 114 | */ |
| 115 | - public static function rotl_64($int0, $int1, $c) |
|
| 115 | + public static function rotl_64( $int0, $int1, $c ) |
|
| 116 | 116 | { |
| 117 | 117 | $int0 &= 0xffffffff; |
| 118 | 118 | $int1 &= 0xffffffff; |
| 119 | 119 | $c &= 63; |
| 120 | - if ($c === 32) { |
|
| 121 | - return array($int1, $int0); |
|
| 120 | + if ( $c === 32 ) { |
|
| 121 | + return array( $int1, $int0 ); |
|
| 122 | 122 | } |
| 123 | - if ($c > 31) { |
|
| 123 | + if ( $c > 31 ) { |
|
| 124 | 124 | $tmp = $int1; |
| 125 | 125 | $int1 = $int0; |
| 126 | 126 | $int0 = $tmp; |
| 127 | 127 | $c &= 31; |
| 128 | 128 | } |
| 129 | - if ($c === 0) { |
|
| 130 | - return array($int0, $int1); |
|
| 129 | + if ( $c === 0 ) { |
|
| 130 | + return array( $int0, $int1 ); |
|
| 131 | 131 | } |
| 132 | 132 | return array( |
| 133 | 133 | 0xffffffff & ( |
| 134 | - ($int0 << $c) |
|
| 134 | + ( $int0 << $c ) |
|
| 135 | 135 | | |
| 136 | - ($int1 >> (32 - $c)) |
|
| 136 | + ( $int1 >> ( 32 - $c ) ) |
|
| 137 | 137 | ), |
| 138 | 138 | 0xffffffff & ( |
| 139 | - ($int1 << $c) |
|
| 139 | + ( $int1 << $c ) |
|
| 140 | 140 | | |
| 141 | - ($int0 >> (32 - $c)) |
|
| 141 | + ( $int0 >> ( 32 - $c ) ) |
|
| 142 | 142 | ), |
| 143 | 143 | ); |
| 144 | 144 | } |
@@ -160,9 +160,9 @@ discard block |
||
| 160 | 160 | * @throws SodiumException |
| 161 | 161 | * @throws TypeError |
| 162 | 162 | */ |
| 163 | - public static function sipHash24($in, $key) |
|
| 163 | + public static function sipHash24( $in, $key ) |
|
| 164 | 164 | { |
| 165 | - $inlen = self::strlen($in); |
|
| 165 | + $inlen = self::strlen( $in ); |
|
| 166 | 166 | |
| 167 | 167 | # /* "somepseudorandomlygeneratedbytes" */ |
| 168 | 168 | # u64 v0 = 0x736f6d6570736575ULL; |
@@ -187,10 +187,10 @@ discard block |
||
| 187 | 187 | # u64 k0 = LOAD64_LE( k ); |
| 188 | 188 | # u64 k1 = LOAD64_LE( k + 8 ); |
| 189 | 189 | $k = array( |
| 190 | - self::load_4(self::substr($key, 4, 4)), |
|
| 191 | - self::load_4(self::substr($key, 0, 4)), |
|
| 192 | - self::load_4(self::substr($key, 12, 4)), |
|
| 193 | - self::load_4(self::substr($key, 8, 4)) |
|
| 190 | + self::load_4( self::substr( $key, 4, 4 ) ), |
|
| 191 | + self::load_4( self::substr( $key, 0, 4 ) ), |
|
| 192 | + self::load_4( self::substr( $key, 12, 4 ) ), |
|
| 193 | + self::load_4( self::substr( $key, 8, 4 ) ) |
|
| 194 | 194 | ); |
| 195 | 195 | // k0 => $k[0], $k[1] |
| 196 | 196 | // k1 => $k[2], $k[3] |
@@ -203,41 +203,41 @@ discard block |
||
| 203 | 203 | // See docblock for why the 0th index gets the higher bits. |
| 204 | 204 | |
| 205 | 205 | # v3 ^= k1; |
| 206 | - $v[6] ^= $k[2]; |
|
| 207 | - $v[7] ^= $k[3]; |
|
| 206 | + $v[ 6 ] ^= $k[ 2 ]; |
|
| 207 | + $v[ 7 ] ^= $k[ 3 ]; |
|
| 208 | 208 | # v2 ^= k0; |
| 209 | - $v[4] ^= $k[0]; |
|
| 210 | - $v[5] ^= $k[1]; |
|
| 209 | + $v[ 4 ] ^= $k[ 0 ]; |
|
| 210 | + $v[ 5 ] ^= $k[ 1 ]; |
|
| 211 | 211 | # v1 ^= k1; |
| 212 | - $v[2] ^= $k[2]; |
|
| 213 | - $v[3] ^= $k[3]; |
|
| 212 | + $v[ 2 ] ^= $k[ 2 ]; |
|
| 213 | + $v[ 3 ] ^= $k[ 3 ]; |
|
| 214 | 214 | # v0 ^= k0; |
| 215 | - $v[0] ^= $k[0]; |
|
| 216 | - $v[1] ^= $k[1]; |
|
| 215 | + $v[ 0 ] ^= $k[ 0 ]; |
|
| 216 | + $v[ 1 ] ^= $k[ 1 ]; |
|
| 217 | 217 | |
| 218 | 218 | $left = $inlen; |
| 219 | 219 | # for ( ; in != end; in += 8 ) |
| 220 | - while ($left >= 8) { |
|
| 220 | + while ( $left >= 8 ) { |
|
| 221 | 221 | # m = LOAD64_LE( in ); |
| 222 | 222 | $m = array( |
| 223 | - self::load_4(self::substr($in, 4, 4)), |
|
| 224 | - self::load_4(self::substr($in, 0, 4)) |
|
| 223 | + self::load_4( self::substr( $in, 4, 4 ) ), |
|
| 224 | + self::load_4( self::substr( $in, 0, 4 ) ) |
|
| 225 | 225 | ); |
| 226 | 226 | |
| 227 | 227 | # v3 ^= m; |
| 228 | - $v[6] ^= $m[0]; |
|
| 229 | - $v[7] ^= $m[1]; |
|
| 228 | + $v[ 6 ] ^= $m[ 0 ]; |
|
| 229 | + $v[ 7 ] ^= $m[ 1 ]; |
|
| 230 | 230 | |
| 231 | 231 | # SIPROUND; |
| 232 | 232 | # SIPROUND; |
| 233 | - $v = self::sipRound($v); |
|
| 234 | - $v = self::sipRound($v); |
|
| 233 | + $v = self::sipRound( $v ); |
|
| 234 | + $v = self::sipRound( $v ); |
|
| 235 | 235 | |
| 236 | 236 | # v0 ^= m; |
| 237 | - $v[0] ^= $m[0]; |
|
| 238 | - $v[1] ^= $m[1]; |
|
| 237 | + $v[ 0 ] ^= $m[ 0 ]; |
|
| 238 | + $v[ 1 ] ^= $m[ 1 ]; |
|
| 239 | 239 | |
| 240 | - $in = self::substr($in, 8); |
|
| 240 | + $in = self::substr( $in, 8 ); |
|
| 241 | 241 | $left -= 8; |
| 242 | 242 | } |
| 243 | 243 | |
@@ -252,55 +252,55 @@ discard block |
||
| 252 | 252 | # case 1: b |= ( ( u64 )in[ 0] ); break; |
| 253 | 253 | # case 0: break; |
| 254 | 254 | # } |
| 255 | - switch ($left) { |
|
| 255 | + switch ( $left ) { |
|
| 256 | 256 | case 7: |
| 257 | - $b[0] |= self::chrToInt($in[6]) << 16; |
|
| 257 | + $b[ 0 ] |= self::chrToInt( $in[ 6 ] ) << 16; |
|
| 258 | 258 | case 6: |
| 259 | - $b[0] |= self::chrToInt($in[5]) << 8; |
|
| 259 | + $b[ 0 ] |= self::chrToInt( $in[ 5 ] ) << 8; |
|
| 260 | 260 | case 5: |
| 261 | - $b[0] |= self::chrToInt($in[4]); |
|
| 261 | + $b[ 0 ] |= self::chrToInt( $in[ 4 ] ); |
|
| 262 | 262 | case 4: |
| 263 | - $b[1] |= self::chrToInt($in[3]) << 24; |
|
| 263 | + $b[ 1 ] |= self::chrToInt( $in[ 3 ] ) << 24; |
|
| 264 | 264 | case 3: |
| 265 | - $b[1] |= self::chrToInt($in[2]) << 16; |
|
| 265 | + $b[ 1 ] |= self::chrToInt( $in[ 2 ] ) << 16; |
|
| 266 | 266 | case 2: |
| 267 | - $b[1] |= self::chrToInt($in[1]) << 8; |
|
| 267 | + $b[ 1 ] |= self::chrToInt( $in[ 1 ] ) << 8; |
|
| 268 | 268 | case 1: |
| 269 | - $b[1] |= self::chrToInt($in[0]); |
|
| 269 | + $b[ 1 ] |= self::chrToInt( $in[ 0 ] ); |
|
| 270 | 270 | case 0: |
| 271 | 271 | break; |
| 272 | 272 | } |
| 273 | 273 | // See docblock for why the 0th index gets the higher bits. |
| 274 | 274 | |
| 275 | 275 | # v3 ^= b; |
| 276 | - $v[6] ^= $b[0]; |
|
| 277 | - $v[7] ^= $b[1]; |
|
| 276 | + $v[ 6 ] ^= $b[ 0 ]; |
|
| 277 | + $v[ 7 ] ^= $b[ 1 ]; |
|
| 278 | 278 | |
| 279 | 279 | # SIPROUND; |
| 280 | 280 | # SIPROUND; |
| 281 | - $v = self::sipRound($v); |
|
| 282 | - $v = self::sipRound($v); |
|
| 281 | + $v = self::sipRound( $v ); |
|
| 282 | + $v = self::sipRound( $v ); |
|
| 283 | 283 | |
| 284 | 284 | # v0 ^= b; |
| 285 | - $v[0] ^= $b[0]; |
|
| 286 | - $v[1] ^= $b[1]; |
|
| 285 | + $v[ 0 ] ^= $b[ 0 ]; |
|
| 286 | + $v[ 1 ] ^= $b[ 1 ]; |
|
| 287 | 287 | |
| 288 | 288 | // Flip the lower 8 bits of v2 which is ($v[4], $v[5]) in our implementation |
| 289 | 289 | # v2 ^= 0xff; |
| 290 | - $v[5] ^= 0xff; |
|
| 290 | + $v[ 5 ] ^= 0xff; |
|
| 291 | 291 | |
| 292 | 292 | # SIPROUND; |
| 293 | 293 | # SIPROUND; |
| 294 | 294 | # SIPROUND; |
| 295 | 295 | # SIPROUND; |
| 296 | - $v = self::sipRound($v); |
|
| 297 | - $v = self::sipRound($v); |
|
| 298 | - $v = self::sipRound($v); |
|
| 299 | - $v = self::sipRound($v); |
|
| 296 | + $v = self::sipRound( $v ); |
|
| 297 | + $v = self::sipRound( $v ); |
|
| 298 | + $v = self::sipRound( $v ); |
|
| 299 | + $v = self::sipRound( $v ); |
|
| 300 | 300 | |
| 301 | 301 | # b = v0 ^ v1 ^ v2 ^ v3; |
| 302 | 302 | # STORE64_LE( out, b ); |
| 303 | - return self::store32_le($v[1] ^ $v[3] ^ $v[5] ^ $v[7]) . |
|
| 304 | - self::store32_le($v[0] ^ $v[2] ^ $v[4] ^ $v[6]); |
|
| 303 | + return self::store32_le( $v[ 1 ] ^ $v[ 3 ] ^ $v[ 5 ] ^ $v[ 7 ] ) . |
|
| 304 | + self::store32_le( $v[ 0 ] ^ $v[ 2 ] ^ $v[ 4 ] ^ $v[ 6 ] ); |
|
| 305 | 305 | } |
| 306 | 306 | } |
@@ -9,8 +9,7 @@ discard block |
||
| 9 | 9 | * |
| 10 | 10 | * Only uses 32-bit arithmetic, while the original SipHash used 64-bit integers |
| 11 | 11 | */ |
| 12 | -class ParagonIE_Sodium_Core_SipHash extends ParagonIE_Sodium_Core_Util |
|
| 13 | -{ |
|
| 12 | +class ParagonIE_Sodium_Core_SipHash extends ParagonIE_Sodium_Core_Util { |
|
| 14 | 13 | /** |
| 15 | 14 | * @internal You should not use this directly from another application |
| 16 | 15 | * |
@@ -18,8 +17,7 @@ discard block |
||
| 18 | 17 | * @return int[] |
| 19 | 18 | * |
| 20 | 19 | */ |
| 21 | - public static function sipRound(array $v) |
|
| 22 | - { |
|
| 20 | + public static function sipRound(array $v) { |
|
| 23 | 21 | # v0 += v1; |
| 24 | 22 | list($v[0], $v[1]) = self::add( |
| 25 | 23 | array($v[0], $v[1]), |
@@ -90,8 +88,7 @@ discard block |
||
| 90 | 88 | * @param int[] $b |
| 91 | 89 | * @return array<int, mixed> |
| 92 | 90 | */ |
| 93 | - public static function add(array $a, array $b) |
|
| 94 | - { |
|
| 91 | + public static function add(array $a, array $b) { |
|
| 95 | 92 | /** @var int $x1 */ |
| 96 | 93 | $x1 = $a[1] + $b[1]; |
| 97 | 94 | /** @var int $c */ |
@@ -112,8 +109,7 @@ discard block |
||
| 112 | 109 | * @param int $c |
| 113 | 110 | * @return array<int, mixed> |
| 114 | 111 | */ |
| 115 | - public static function rotl_64($int0, $int1, $c) |
|
| 116 | - { |
|
| 112 | + public static function rotl_64($int0, $int1, $c) { |
|
| 117 | 113 | $int0 &= 0xffffffff; |
| 118 | 114 | $int1 &= 0xffffffff; |
| 119 | 115 | $c &= 63; |
@@ -160,8 +156,7 @@ discard block |
||
| 160 | 156 | * @throws SodiumException |
| 161 | 157 | * @throws TypeError |
| 162 | 158 | */ |
| 163 | - public static function sipHash24($in, $key) |
|
| 164 | - { |
|
| 159 | + public static function sipHash24($in, $key) { |
|
| 165 | 160 | $inlen = self::strlen($in); |
| 166 | 161 | |
| 167 | 162 | # /* "somepseudorandomlygeneratedbytes" */ |
@@ -1,7 +1,7 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | if (class_exists('ParagonIE_Sodium_Core_XChaCha20', false)) { |
| 4 | - return; |
|
| 4 | + return; |
|
| 5 | 5 | } |
| 6 | 6 | |
| 7 | 7 | /** |
@@ -9,109 +9,109 @@ discard block |
||
| 9 | 9 | */ |
| 10 | 10 | class ParagonIE_Sodium_Core_XChaCha20 extends ParagonIE_Sodium_Core_HChaCha20 |
| 11 | 11 | { |
| 12 | - /** |
|
| 13 | - * @internal You should not use this directly from another application |
|
| 14 | - * |
|
| 15 | - * @param int $len |
|
| 16 | - * @param string $nonce |
|
| 17 | - * @param string $key |
|
| 18 | - * @return string |
|
| 19 | - * @throws SodiumException |
|
| 20 | - * @throws TypeError |
|
| 21 | - */ |
|
| 22 | - public static function stream($len = 64, $nonce = '', $key = '') |
|
| 23 | - { |
|
| 24 | - if (self::strlen($nonce) !== 24) { |
|
| 25 | - throw new SodiumException('Nonce must be 24 bytes long'); |
|
| 26 | - } |
|
| 27 | - return self::encryptBytes( |
|
| 28 | - new ParagonIE_Sodium_Core_ChaCha20_Ctx( |
|
| 29 | - self::hChaCha20( |
|
| 30 | - self::substr($nonce, 0, 16), |
|
| 31 | - $key |
|
| 32 | - ), |
|
| 33 | - self::substr($nonce, 16, 8) |
|
| 34 | - ), |
|
| 35 | - str_repeat("\x00", $len) |
|
| 36 | - ); |
|
| 37 | - } |
|
| 12 | + /** |
|
| 13 | + * @internal You should not use this directly from another application |
|
| 14 | + * |
|
| 15 | + * @param int $len |
|
| 16 | + * @param string $nonce |
|
| 17 | + * @param string $key |
|
| 18 | + * @return string |
|
| 19 | + * @throws SodiumException |
|
| 20 | + * @throws TypeError |
|
| 21 | + */ |
|
| 22 | + public static function stream($len = 64, $nonce = '', $key = '') |
|
| 23 | + { |
|
| 24 | + if (self::strlen($nonce) !== 24) { |
|
| 25 | + throw new SodiumException('Nonce must be 24 bytes long'); |
|
| 26 | + } |
|
| 27 | + return self::encryptBytes( |
|
| 28 | + new ParagonIE_Sodium_Core_ChaCha20_Ctx( |
|
| 29 | + self::hChaCha20( |
|
| 30 | + self::substr($nonce, 0, 16), |
|
| 31 | + $key |
|
| 32 | + ), |
|
| 33 | + self::substr($nonce, 16, 8) |
|
| 34 | + ), |
|
| 35 | + str_repeat("\x00", $len) |
|
| 36 | + ); |
|
| 37 | + } |
|
| 38 | 38 | |
| 39 | - /** |
|
| 40 | - * @internal You should not use this directly from another application |
|
| 41 | - * |
|
| 42 | - * @param int $len |
|
| 43 | - * @param string $nonce |
|
| 44 | - * @param string $key |
|
| 45 | - * @return string |
|
| 46 | - * @throws SodiumException |
|
| 47 | - * @throws TypeError |
|
| 48 | - */ |
|
| 49 | - public static function ietfStream($len = 64, $nonce = '', $key = '') |
|
| 50 | - { |
|
| 51 | - if (self::strlen($nonce) !== 24) { |
|
| 52 | - throw new SodiumException('Nonce must be 24 bytes long'); |
|
| 53 | - } |
|
| 54 | - return self::encryptBytes( |
|
| 55 | - new ParagonIE_Sodium_Core_ChaCha20_IetfCtx( |
|
| 56 | - self::hChaCha20( |
|
| 57 | - self::substr($nonce, 0, 16), |
|
| 58 | - $key |
|
| 59 | - ), |
|
| 60 | - "\x00\x00\x00\x00" . self::substr($nonce, 16, 8) |
|
| 61 | - ), |
|
| 62 | - str_repeat("\x00", $len) |
|
| 63 | - ); |
|
| 64 | - } |
|
| 39 | + /** |
|
| 40 | + * @internal You should not use this directly from another application |
|
| 41 | + * |
|
| 42 | + * @param int $len |
|
| 43 | + * @param string $nonce |
|
| 44 | + * @param string $key |
|
| 45 | + * @return string |
|
| 46 | + * @throws SodiumException |
|
| 47 | + * @throws TypeError |
|
| 48 | + */ |
|
| 49 | + public static function ietfStream($len = 64, $nonce = '', $key = '') |
|
| 50 | + { |
|
| 51 | + if (self::strlen($nonce) !== 24) { |
|
| 52 | + throw new SodiumException('Nonce must be 24 bytes long'); |
|
| 53 | + } |
|
| 54 | + return self::encryptBytes( |
|
| 55 | + new ParagonIE_Sodium_Core_ChaCha20_IetfCtx( |
|
| 56 | + self::hChaCha20( |
|
| 57 | + self::substr($nonce, 0, 16), |
|
| 58 | + $key |
|
| 59 | + ), |
|
| 60 | + "\x00\x00\x00\x00" . self::substr($nonce, 16, 8) |
|
| 61 | + ), |
|
| 62 | + str_repeat("\x00", $len) |
|
| 63 | + ); |
|
| 64 | + } |
|
| 65 | 65 | |
| 66 | - /** |
|
| 67 | - * @internal You should not use this directly from another application |
|
| 68 | - * |
|
| 69 | - * @param string $message |
|
| 70 | - * @param string $nonce |
|
| 71 | - * @param string $key |
|
| 72 | - * @param string $ic |
|
| 73 | - * @return string |
|
| 74 | - * @throws SodiumException |
|
| 75 | - * @throws TypeError |
|
| 76 | - */ |
|
| 77 | - public static function streamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 78 | - { |
|
| 79 | - if (self::strlen($nonce) !== 24) { |
|
| 80 | - throw new SodiumException('Nonce must be 24 bytes long'); |
|
| 81 | - } |
|
| 82 | - return self::encryptBytes( |
|
| 83 | - new ParagonIE_Sodium_Core_ChaCha20_Ctx( |
|
| 84 | - self::hChaCha20(self::substr($nonce, 0, 16), $key), |
|
| 85 | - self::substr($nonce, 16, 8), |
|
| 86 | - $ic |
|
| 87 | - ), |
|
| 88 | - $message |
|
| 89 | - ); |
|
| 90 | - } |
|
| 66 | + /** |
|
| 67 | + * @internal You should not use this directly from another application |
|
| 68 | + * |
|
| 69 | + * @param string $message |
|
| 70 | + * @param string $nonce |
|
| 71 | + * @param string $key |
|
| 72 | + * @param string $ic |
|
| 73 | + * @return string |
|
| 74 | + * @throws SodiumException |
|
| 75 | + * @throws TypeError |
|
| 76 | + */ |
|
| 77 | + public static function streamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 78 | + { |
|
| 79 | + if (self::strlen($nonce) !== 24) { |
|
| 80 | + throw new SodiumException('Nonce must be 24 bytes long'); |
|
| 81 | + } |
|
| 82 | + return self::encryptBytes( |
|
| 83 | + new ParagonIE_Sodium_Core_ChaCha20_Ctx( |
|
| 84 | + self::hChaCha20(self::substr($nonce, 0, 16), $key), |
|
| 85 | + self::substr($nonce, 16, 8), |
|
| 86 | + $ic |
|
| 87 | + ), |
|
| 88 | + $message |
|
| 89 | + ); |
|
| 90 | + } |
|
| 91 | 91 | |
| 92 | - /** |
|
| 93 | - * @internal You should not use this directly from another application |
|
| 94 | - * |
|
| 95 | - * @param string $message |
|
| 96 | - * @param string $nonce |
|
| 97 | - * @param string $key |
|
| 98 | - * @param string $ic |
|
| 99 | - * @return string |
|
| 100 | - * @throws SodiumException |
|
| 101 | - * @throws TypeError |
|
| 102 | - */ |
|
| 103 | - public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 104 | - { |
|
| 105 | - if (self::strlen($nonce) !== 24) { |
|
| 106 | - throw new SodiumException('Nonce must be 24 bytes long'); |
|
| 107 | - } |
|
| 108 | - return self::encryptBytes( |
|
| 109 | - new ParagonIE_Sodium_Core_ChaCha20_IetfCtx( |
|
| 110 | - self::hChaCha20(self::substr($nonce, 0, 16), $key), |
|
| 111 | - "\x00\x00\x00\x00" . self::substr($nonce, 16, 8), |
|
| 112 | - $ic |
|
| 113 | - ), |
|
| 114 | - $message |
|
| 115 | - ); |
|
| 116 | - } |
|
| 92 | + /** |
|
| 93 | + * @internal You should not use this directly from another application |
|
| 94 | + * |
|
| 95 | + * @param string $message |
|
| 96 | + * @param string $nonce |
|
| 97 | + * @param string $key |
|
| 98 | + * @param string $ic |
|
| 99 | + * @return string |
|
| 100 | + * @throws SodiumException |
|
| 101 | + * @throws TypeError |
|
| 102 | + */ |
|
| 103 | + public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 104 | + { |
|
| 105 | + if (self::strlen($nonce) !== 24) { |
|
| 106 | + throw new SodiumException('Nonce must be 24 bytes long'); |
|
| 107 | + } |
|
| 108 | + return self::encryptBytes( |
|
| 109 | + new ParagonIE_Sodium_Core_ChaCha20_IetfCtx( |
|
| 110 | + self::hChaCha20(self::substr($nonce, 0, 16), $key), |
|
| 111 | + "\x00\x00\x00\x00" . self::substr($nonce, 16, 8), |
|
| 112 | + $ic |
|
| 113 | + ), |
|
| 114 | + $message |
|
| 115 | + ); |
|
| 116 | + } |
|
| 117 | 117 | } |
@@ -1,6 +1,6 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -if (class_exists('ParagonIE_Sodium_Core_XChaCha20', false)) { |
|
| 3 | +if ( class_exists( 'ParagonIE_Sodium_Core_XChaCha20', false ) ) { |
|
| 4 | 4 | return; |
| 5 | 5 | } |
| 6 | 6 | |
@@ -19,20 +19,20 @@ discard block |
||
| 19 | 19 | * @throws SodiumException |
| 20 | 20 | * @throws TypeError |
| 21 | 21 | */ |
| 22 | - public static function stream($len = 64, $nonce = '', $key = '') |
|
| 22 | + public static function stream( $len = 64, $nonce = '', $key = '' ) |
|
| 23 | 23 | { |
| 24 | - if (self::strlen($nonce) !== 24) { |
|
| 25 | - throw new SodiumException('Nonce must be 24 bytes long'); |
|
| 24 | + if ( self::strlen( $nonce ) !== 24 ) { |
|
| 25 | + throw new SodiumException( 'Nonce must be 24 bytes long' ); |
|
| 26 | 26 | } |
| 27 | 27 | return self::encryptBytes( |
| 28 | 28 | new ParagonIE_Sodium_Core_ChaCha20_Ctx( |
| 29 | 29 | self::hChaCha20( |
| 30 | - self::substr($nonce, 0, 16), |
|
| 30 | + self::substr( $nonce, 0, 16 ), |
|
| 31 | 31 | $key |
| 32 | 32 | ), |
| 33 | - self::substr($nonce, 16, 8) |
|
| 33 | + self::substr( $nonce, 16, 8 ) |
|
| 34 | 34 | ), |
| 35 | - str_repeat("\x00", $len) |
|
| 35 | + str_repeat( "\x00", $len ) |
|
| 36 | 36 | ); |
| 37 | 37 | } |
| 38 | 38 | |
@@ -46,20 +46,20 @@ discard block |
||
| 46 | 46 | * @throws SodiumException |
| 47 | 47 | * @throws TypeError |
| 48 | 48 | */ |
| 49 | - public static function ietfStream($len = 64, $nonce = '', $key = '') |
|
| 49 | + public static function ietfStream( $len = 64, $nonce = '', $key = '' ) |
|
| 50 | 50 | { |
| 51 | - if (self::strlen($nonce) !== 24) { |
|
| 52 | - throw new SodiumException('Nonce must be 24 bytes long'); |
|
| 51 | + if ( self::strlen( $nonce ) !== 24 ) { |
|
| 52 | + throw new SodiumException( 'Nonce must be 24 bytes long' ); |
|
| 53 | 53 | } |
| 54 | 54 | return self::encryptBytes( |
| 55 | 55 | new ParagonIE_Sodium_Core_ChaCha20_IetfCtx( |
| 56 | 56 | self::hChaCha20( |
| 57 | - self::substr($nonce, 0, 16), |
|
| 57 | + self::substr( $nonce, 0, 16 ), |
|
| 58 | 58 | $key |
| 59 | 59 | ), |
| 60 | - "\x00\x00\x00\x00" . self::substr($nonce, 16, 8) |
|
| 60 | + "\x00\x00\x00\x00" . self::substr( $nonce, 16, 8 ) |
|
| 61 | 61 | ), |
| 62 | - str_repeat("\x00", $len) |
|
| 62 | + str_repeat( "\x00", $len ) |
|
| 63 | 63 | ); |
| 64 | 64 | } |
| 65 | 65 | |
@@ -74,15 +74,15 @@ discard block |
||
| 74 | 74 | * @throws SodiumException |
| 75 | 75 | * @throws TypeError |
| 76 | 76 | */ |
| 77 | - public static function streamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 77 | + public static function streamXorIc( $message, $nonce = '', $key = '', $ic = '' ) |
|
| 78 | 78 | { |
| 79 | - if (self::strlen($nonce) !== 24) { |
|
| 80 | - throw new SodiumException('Nonce must be 24 bytes long'); |
|
| 79 | + if ( self::strlen( $nonce ) !== 24 ) { |
|
| 80 | + throw new SodiumException( 'Nonce must be 24 bytes long' ); |
|
| 81 | 81 | } |
| 82 | 82 | return self::encryptBytes( |
| 83 | 83 | new ParagonIE_Sodium_Core_ChaCha20_Ctx( |
| 84 | - self::hChaCha20(self::substr($nonce, 0, 16), $key), |
|
| 85 | - self::substr($nonce, 16, 8), |
|
| 84 | + self::hChaCha20( self::substr( $nonce, 0, 16 ), $key ), |
|
| 85 | + self::substr( $nonce, 16, 8 ), |
|
| 86 | 86 | $ic |
| 87 | 87 | ), |
| 88 | 88 | $message |
@@ -100,15 +100,15 @@ discard block |
||
| 100 | 100 | * @throws SodiumException |
| 101 | 101 | * @throws TypeError |
| 102 | 102 | */ |
| 103 | - public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 103 | + public static function ietfStreamXorIc( $message, $nonce = '', $key = '', $ic = '' ) |
|
| 104 | 104 | { |
| 105 | - if (self::strlen($nonce) !== 24) { |
|
| 106 | - throw new SodiumException('Nonce must be 24 bytes long'); |
|
| 105 | + if ( self::strlen( $nonce ) !== 24 ) { |
|
| 106 | + throw new SodiumException( 'Nonce must be 24 bytes long' ); |
|
| 107 | 107 | } |
| 108 | 108 | return self::encryptBytes( |
| 109 | 109 | new ParagonIE_Sodium_Core_ChaCha20_IetfCtx( |
| 110 | - self::hChaCha20(self::substr($nonce, 0, 16), $key), |
|
| 111 | - "\x00\x00\x00\x00" . self::substr($nonce, 16, 8), |
|
| 110 | + self::hChaCha20( self::substr( $nonce, 0, 16 ), $key ), |
|
| 111 | + "\x00\x00\x00\x00" . self::substr( $nonce, 16, 8 ), |
|
| 112 | 112 | $ic |
| 113 | 113 | ), |
| 114 | 114 | $message |
@@ -7,8 +7,7 @@ discard block |
||
| 7 | 7 | /** |
| 8 | 8 | * Class ParagonIE_Sodium_Core_XChaCha20 |
| 9 | 9 | */ |
| 10 | -class ParagonIE_Sodium_Core_XChaCha20 extends ParagonIE_Sodium_Core_HChaCha20 |
|
| 11 | -{ |
|
| 10 | +class ParagonIE_Sodium_Core_XChaCha20 extends ParagonIE_Sodium_Core_HChaCha20 { |
|
| 12 | 11 | /** |
| 13 | 12 | * @internal You should not use this directly from another application |
| 14 | 13 | * |
@@ -19,8 +18,7 @@ discard block |
||
| 19 | 18 | * @throws SodiumException |
| 20 | 19 | * @throws TypeError |
| 21 | 20 | */ |
| 22 | - public static function stream($len = 64, $nonce = '', $key = '') |
|
| 23 | - { |
|
| 21 | + public static function stream($len = 64, $nonce = '', $key = '') { |
|
| 24 | 22 | if (self::strlen($nonce) !== 24) { |
| 25 | 23 | throw new SodiumException('Nonce must be 24 bytes long'); |
| 26 | 24 | } |
@@ -46,8 +44,7 @@ discard block |
||
| 46 | 44 | * @throws SodiumException |
| 47 | 45 | * @throws TypeError |
| 48 | 46 | */ |
| 49 | - public static function ietfStream($len = 64, $nonce = '', $key = '') |
|
| 50 | - { |
|
| 47 | + public static function ietfStream($len = 64, $nonce = '', $key = '') { |
|
| 51 | 48 | if (self::strlen($nonce) !== 24) { |
| 52 | 49 | throw new SodiumException('Nonce must be 24 bytes long'); |
| 53 | 50 | } |
@@ -74,8 +71,7 @@ discard block |
||
| 74 | 71 | * @throws SodiumException |
| 75 | 72 | * @throws TypeError |
| 76 | 73 | */ |
| 77 | - public static function streamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 78 | - { |
|
| 74 | + public static function streamXorIc($message, $nonce = '', $key = '', $ic = '') { |
|
| 79 | 75 | if (self::strlen($nonce) !== 24) { |
| 80 | 76 | throw new SodiumException('Nonce must be 24 bytes long'); |
| 81 | 77 | } |
@@ -100,8 +96,7 @@ discard block |
||
| 100 | 96 | * @throws SodiumException |
| 101 | 97 | * @throws TypeError |
| 102 | 98 | */ |
| 103 | - public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 104 | - { |
|
| 99 | + public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '') { |
|
| 105 | 100 | if (self::strlen($nonce) !== 24) { |
| 106 | 101 | throw new SodiumException('Nonce must be 24 bytes long'); |
| 107 | 102 | } |
@@ -1,7 +1,7 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | if (class_exists('ParagonIE_Sodium_Core_X25519', false)) { |
| 4 | - return; |
|
| 4 | + return; |
|
| 5 | 5 | } |
| 6 | 6 | |
| 7 | 7 | /** |
@@ -9,319 +9,319 @@ discard block |
||
| 9 | 9 | */ |
| 10 | 10 | abstract class ParagonIE_Sodium_Core_X25519 extends ParagonIE_Sodium_Core_Curve25519 |
| 11 | 11 | { |
| 12 | - /** |
|
| 13 | - * Alters the objects passed to this method in place. |
|
| 14 | - * |
|
| 15 | - * @internal You should not use this directly from another application |
|
| 16 | - * |
|
| 17 | - * @param ParagonIE_Sodium_Core_Curve25519_Fe $f |
|
| 18 | - * @param ParagonIE_Sodium_Core_Curve25519_Fe $g |
|
| 19 | - * @param int $b |
|
| 20 | - * @return void |
|
| 21 | - * @psalm-suppress MixedAssignment |
|
| 22 | - */ |
|
| 23 | - public static function fe_cswap( |
|
| 24 | - ParagonIE_Sodium_Core_Curve25519_Fe $f, |
|
| 25 | - ParagonIE_Sodium_Core_Curve25519_Fe $g, |
|
| 26 | - $b = 0 |
|
| 27 | - ) { |
|
| 28 | - $f0 = (int) $f[0]; |
|
| 29 | - $f1 = (int) $f[1]; |
|
| 30 | - $f2 = (int) $f[2]; |
|
| 31 | - $f3 = (int) $f[3]; |
|
| 32 | - $f4 = (int) $f[4]; |
|
| 33 | - $f5 = (int) $f[5]; |
|
| 34 | - $f6 = (int) $f[6]; |
|
| 35 | - $f7 = (int) $f[7]; |
|
| 36 | - $f8 = (int) $f[8]; |
|
| 37 | - $f9 = (int) $f[9]; |
|
| 38 | - $g0 = (int) $g[0]; |
|
| 39 | - $g1 = (int) $g[1]; |
|
| 40 | - $g2 = (int) $g[2]; |
|
| 41 | - $g3 = (int) $g[3]; |
|
| 42 | - $g4 = (int) $g[4]; |
|
| 43 | - $g5 = (int) $g[5]; |
|
| 44 | - $g6 = (int) $g[6]; |
|
| 45 | - $g7 = (int) $g[7]; |
|
| 46 | - $g8 = (int) $g[8]; |
|
| 47 | - $g9 = (int) $g[9]; |
|
| 48 | - $b = -$b; |
|
| 49 | - $x0 = ($f0 ^ $g0) & $b; |
|
| 50 | - $x1 = ($f1 ^ $g1) & $b; |
|
| 51 | - $x2 = ($f2 ^ $g2) & $b; |
|
| 52 | - $x3 = ($f3 ^ $g3) & $b; |
|
| 53 | - $x4 = ($f4 ^ $g4) & $b; |
|
| 54 | - $x5 = ($f5 ^ $g5) & $b; |
|
| 55 | - $x6 = ($f6 ^ $g6) & $b; |
|
| 56 | - $x7 = ($f7 ^ $g7) & $b; |
|
| 57 | - $x8 = ($f8 ^ $g8) & $b; |
|
| 58 | - $x9 = ($f9 ^ $g9) & $b; |
|
| 59 | - $f[0] = $f0 ^ $x0; |
|
| 60 | - $f[1] = $f1 ^ $x1; |
|
| 61 | - $f[2] = $f2 ^ $x2; |
|
| 62 | - $f[3] = $f3 ^ $x3; |
|
| 63 | - $f[4] = $f4 ^ $x4; |
|
| 64 | - $f[5] = $f5 ^ $x5; |
|
| 65 | - $f[6] = $f6 ^ $x6; |
|
| 66 | - $f[7] = $f7 ^ $x7; |
|
| 67 | - $f[8] = $f8 ^ $x8; |
|
| 68 | - $f[9] = $f9 ^ $x9; |
|
| 69 | - $g[0] = $g0 ^ $x0; |
|
| 70 | - $g[1] = $g1 ^ $x1; |
|
| 71 | - $g[2] = $g2 ^ $x2; |
|
| 72 | - $g[3] = $g3 ^ $x3; |
|
| 73 | - $g[4] = $g4 ^ $x4; |
|
| 74 | - $g[5] = $g5 ^ $x5; |
|
| 75 | - $g[6] = $g6 ^ $x6; |
|
| 76 | - $g[7] = $g7 ^ $x7; |
|
| 77 | - $g[8] = $g8 ^ $x8; |
|
| 78 | - $g[9] = $g9 ^ $x9; |
|
| 79 | - } |
|
| 80 | - |
|
| 81 | - /** |
|
| 82 | - * @internal You should not use this directly from another application |
|
| 83 | - * |
|
| 84 | - * @param ParagonIE_Sodium_Core_Curve25519_Fe $f |
|
| 85 | - * @return ParagonIE_Sodium_Core_Curve25519_Fe |
|
| 86 | - */ |
|
| 87 | - public static function fe_mul121666(ParagonIE_Sodium_Core_Curve25519_Fe $f) |
|
| 88 | - { |
|
| 89 | - $h = array( |
|
| 90 | - self::mul((int) $f[0], 121666, 17), |
|
| 91 | - self::mul((int) $f[1], 121666, 17), |
|
| 92 | - self::mul((int) $f[2], 121666, 17), |
|
| 93 | - self::mul((int) $f[3], 121666, 17), |
|
| 94 | - self::mul((int) $f[4], 121666, 17), |
|
| 95 | - self::mul((int) $f[5], 121666, 17), |
|
| 96 | - self::mul((int) $f[6], 121666, 17), |
|
| 97 | - self::mul((int) $f[7], 121666, 17), |
|
| 98 | - self::mul((int) $f[8], 121666, 17), |
|
| 99 | - self::mul((int) $f[9], 121666, 17) |
|
| 100 | - ); |
|
| 101 | - |
|
| 102 | - /** @var int $carry9 */ |
|
| 103 | - $carry9 = ($h[9] + (1 << 24)) >> 25; |
|
| 104 | - $h[0] += self::mul($carry9, 19, 5); |
|
| 105 | - $h[9] -= $carry9 << 25; |
|
| 106 | - /** @var int $carry1 */ |
|
| 107 | - $carry1 = ($h[1] + (1 << 24)) >> 25; |
|
| 108 | - $h[2] += $carry1; |
|
| 109 | - $h[1] -= $carry1 << 25; |
|
| 110 | - /** @var int $carry3 */ |
|
| 111 | - $carry3 = ($h[3] + (1 << 24)) >> 25; |
|
| 112 | - $h[4] += $carry3; |
|
| 113 | - $h[3] -= $carry3 << 25; |
|
| 114 | - /** @var int $carry5 */ |
|
| 115 | - $carry5 = ($h[5] + (1 << 24)) >> 25; |
|
| 116 | - $h[6] += $carry5; |
|
| 117 | - $h[5] -= $carry5 << 25; |
|
| 118 | - /** @var int $carry7 */ |
|
| 119 | - $carry7 = ($h[7] + (1 << 24)) >> 25; |
|
| 120 | - $h[8] += $carry7; |
|
| 121 | - $h[7] -= $carry7 << 25; |
|
| 122 | - |
|
| 123 | - /** @var int $carry0 */ |
|
| 124 | - $carry0 = ($h[0] + (1 << 25)) >> 26; |
|
| 125 | - $h[1] += $carry0; |
|
| 126 | - $h[0] -= $carry0 << 26; |
|
| 127 | - /** @var int $carry2 */ |
|
| 128 | - $carry2 = ($h[2] + (1 << 25)) >> 26; |
|
| 129 | - $h[3] += $carry2; |
|
| 130 | - $h[2] -= $carry2 << 26; |
|
| 131 | - /** @var int $carry4 */ |
|
| 132 | - $carry4 = ($h[4] + (1 << 25)) >> 26; |
|
| 133 | - $h[5] += $carry4; |
|
| 134 | - $h[4] -= $carry4 << 26; |
|
| 135 | - /** @var int $carry6 */ |
|
| 136 | - $carry6 = ($h[6] + (1 << 25)) >> 26; |
|
| 137 | - $h[7] += $carry6; |
|
| 138 | - $h[6] -= $carry6 << 26; |
|
| 139 | - /** @var int $carry8 */ |
|
| 140 | - $carry8 = ($h[8] + (1 << 25)) >> 26; |
|
| 141 | - $h[9] += $carry8; |
|
| 142 | - $h[8] -= $carry8 << 26; |
|
| 143 | - |
|
| 144 | - foreach ($h as $i => $value) { |
|
| 145 | - $h[$i] = (int) $value; |
|
| 146 | - } |
|
| 147 | - return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray($h); |
|
| 148 | - } |
|
| 149 | - |
|
| 150 | - /** |
|
| 151 | - * @internal You should not use this directly from another application |
|
| 152 | - * |
|
| 153 | - * Inline comments preceded by # are from libsodium's ref10 code. |
|
| 154 | - * |
|
| 155 | - * @param string $n |
|
| 156 | - * @param string $p |
|
| 157 | - * @return string |
|
| 158 | - * @throws SodiumException |
|
| 159 | - * @throws TypeError |
|
| 160 | - */ |
|
| 161 | - public static function crypto_scalarmult_curve25519_ref10($n, $p) |
|
| 162 | - { |
|
| 163 | - # for (i = 0;i < 32;++i) e[i] = n[i]; |
|
| 164 | - $e = '' . $n; |
|
| 165 | - # e[0] &= 248; |
|
| 166 | - $e[0] = self::intToChr( |
|
| 167 | - self::chrToInt($e[0]) & 248 |
|
| 168 | - ); |
|
| 169 | - # e[31] &= 127; |
|
| 170 | - # e[31] |= 64; |
|
| 171 | - $e[31] = self::intToChr( |
|
| 172 | - (self::chrToInt($e[31]) & 127) | 64 |
|
| 173 | - ); |
|
| 174 | - # fe_frombytes(x1,p); |
|
| 175 | - $x1 = self::fe_frombytes($p); |
|
| 176 | - # fe_1(x2); |
|
| 177 | - $x2 = self::fe_1(); |
|
| 178 | - # fe_0(z2); |
|
| 179 | - $z2 = self::fe_0(); |
|
| 180 | - # fe_copy(x3,x1); |
|
| 181 | - $x3 = self::fe_copy($x1); |
|
| 182 | - # fe_1(z3); |
|
| 183 | - $z3 = self::fe_1(); |
|
| 184 | - |
|
| 185 | - # swap = 0; |
|
| 186 | - /** @var int $swap */ |
|
| 187 | - $swap = 0; |
|
| 188 | - |
|
| 189 | - # for (pos = 254;pos >= 0;--pos) { |
|
| 190 | - for ($pos = 254; $pos >= 0; --$pos) { |
|
| 191 | - # b = e[pos / 8] >> (pos & 7); |
|
| 192 | - /** @var int $b */ |
|
| 193 | - $b = self::chrToInt( |
|
| 194 | - $e[(int) floor($pos / 8)] |
|
| 195 | - ) >> ($pos & 7); |
|
| 196 | - # b &= 1; |
|
| 197 | - $b &= 1; |
|
| 198 | - # swap ^= b; |
|
| 199 | - $swap ^= $b; |
|
| 200 | - # fe_cswap(x2,x3,swap); |
|
| 201 | - self::fe_cswap($x2, $x3, $swap); |
|
| 202 | - # fe_cswap(z2,z3,swap); |
|
| 203 | - self::fe_cswap($z2, $z3, $swap); |
|
| 204 | - # swap = b; |
|
| 205 | - $swap = $b; |
|
| 206 | - # fe_sub(tmp0,x3,z3); |
|
| 207 | - $tmp0 = self::fe_sub($x3, $z3); |
|
| 208 | - # fe_sub(tmp1,x2,z2); |
|
| 209 | - $tmp1 = self::fe_sub($x2, $z2); |
|
| 210 | - |
|
| 211 | - # fe_add(x2,x2,z2); |
|
| 212 | - $x2 = self::fe_add($x2, $z2); |
|
| 213 | - |
|
| 214 | - # fe_add(z2,x3,z3); |
|
| 215 | - $z2 = self::fe_add($x3, $z3); |
|
| 216 | - |
|
| 217 | - # fe_mul(z3,tmp0,x2); |
|
| 218 | - $z3 = self::fe_mul($tmp0, $x2); |
|
| 219 | - |
|
| 220 | - # fe_mul(z2,z2,tmp1); |
|
| 221 | - $z2 = self::fe_mul($z2, $tmp1); |
|
| 222 | - |
|
| 223 | - # fe_sq(tmp0,tmp1); |
|
| 224 | - $tmp0 = self::fe_sq($tmp1); |
|
| 225 | - |
|
| 226 | - # fe_sq(tmp1,x2); |
|
| 227 | - $tmp1 = self::fe_sq($x2); |
|
| 228 | - |
|
| 229 | - # fe_add(x3,z3,z2); |
|
| 230 | - $x3 = self::fe_add($z3, $z2); |
|
| 231 | - |
|
| 232 | - # fe_sub(z2,z3,z2); |
|
| 233 | - $z2 = self::fe_sub($z3, $z2); |
|
| 234 | - |
|
| 235 | - # fe_mul(x2,tmp1,tmp0); |
|
| 236 | - $x2 = self::fe_mul($tmp1, $tmp0); |
|
| 237 | - |
|
| 238 | - # fe_sub(tmp1,tmp1,tmp0); |
|
| 239 | - $tmp1 = self::fe_sub($tmp1, $tmp0); |
|
| 240 | - |
|
| 241 | - # fe_sq(z2,z2); |
|
| 242 | - $z2 = self::fe_sq($z2); |
|
| 243 | - |
|
| 244 | - # fe_mul121666(z3,tmp1); |
|
| 245 | - $z3 = self::fe_mul121666($tmp1); |
|
| 246 | - |
|
| 247 | - # fe_sq(x3,x3); |
|
| 248 | - $x3 = self::fe_sq($x3); |
|
| 249 | - |
|
| 250 | - # fe_add(tmp0,tmp0,z3); |
|
| 251 | - $tmp0 = self::fe_add($tmp0, $z3); |
|
| 252 | - |
|
| 253 | - # fe_mul(z3,x1,z2); |
|
| 254 | - $z3 = self::fe_mul($x1, $z2); |
|
| 255 | - |
|
| 256 | - # fe_mul(z2,tmp1,tmp0); |
|
| 257 | - $z2 = self::fe_mul($tmp1, $tmp0); |
|
| 258 | - } |
|
| 259 | - |
|
| 260 | - # fe_cswap(x2,x3,swap); |
|
| 261 | - self::fe_cswap($x2, $x3, $swap); |
|
| 262 | - |
|
| 263 | - # fe_cswap(z2,z3,swap); |
|
| 264 | - self::fe_cswap($z2, $z3, $swap); |
|
| 265 | - |
|
| 266 | - # fe_invert(z2,z2); |
|
| 267 | - $z2 = self::fe_invert($z2); |
|
| 268 | - |
|
| 269 | - # fe_mul(x2,x2,z2); |
|
| 270 | - $x2 = self::fe_mul($x2, $z2); |
|
| 271 | - # fe_tobytes(q,x2); |
|
| 272 | - return self::fe_tobytes($x2); |
|
| 273 | - } |
|
| 274 | - |
|
| 275 | - /** |
|
| 276 | - * @internal You should not use this directly from another application |
|
| 277 | - * |
|
| 278 | - * @param ParagonIE_Sodium_Core_Curve25519_Fe $edwardsY |
|
| 279 | - * @param ParagonIE_Sodium_Core_Curve25519_Fe $edwardsZ |
|
| 280 | - * @return ParagonIE_Sodium_Core_Curve25519_Fe |
|
| 281 | - */ |
|
| 282 | - public static function edwards_to_montgomery( |
|
| 283 | - ParagonIE_Sodium_Core_Curve25519_Fe $edwardsY, |
|
| 284 | - ParagonIE_Sodium_Core_Curve25519_Fe $edwardsZ |
|
| 285 | - ) { |
|
| 286 | - $tempX = self::fe_add($edwardsZ, $edwardsY); |
|
| 287 | - $tempZ = self::fe_sub($edwardsZ, $edwardsY); |
|
| 288 | - $tempZ = self::fe_invert($tempZ); |
|
| 289 | - return self::fe_mul($tempX, $tempZ); |
|
| 290 | - } |
|
| 291 | - |
|
| 292 | - /** |
|
| 293 | - * @internal You should not use this directly from another application |
|
| 294 | - * |
|
| 295 | - * @param string $n |
|
| 296 | - * @return string |
|
| 297 | - * @throws SodiumException |
|
| 298 | - * @throws TypeError |
|
| 299 | - */ |
|
| 300 | - public static function crypto_scalarmult_curve25519_ref10_base($n) |
|
| 301 | - { |
|
| 302 | - # for (i = 0;i < 32;++i) e[i] = n[i]; |
|
| 303 | - $e = '' . $n; |
|
| 304 | - |
|
| 305 | - # e[0] &= 248; |
|
| 306 | - $e[0] = self::intToChr( |
|
| 307 | - self::chrToInt($e[0]) & 248 |
|
| 308 | - ); |
|
| 309 | - |
|
| 310 | - # e[31] &= 127; |
|
| 311 | - # e[31] |= 64; |
|
| 312 | - $e[31] = self::intToChr( |
|
| 313 | - (self::chrToInt($e[31]) & 127) | 64 |
|
| 314 | - ); |
|
| 315 | - |
|
| 316 | - $A = self::ge_scalarmult_base($e); |
|
| 317 | - if ( |
|
| 318 | - !($A->Y instanceof ParagonIE_Sodium_Core_Curve25519_Fe) |
|
| 319 | - || |
|
| 320 | - !($A->Z instanceof ParagonIE_Sodium_Core_Curve25519_Fe) |
|
| 321 | - ) { |
|
| 322 | - throw new TypeError('Null points encountered'); |
|
| 323 | - } |
|
| 324 | - $pk = self::edwards_to_montgomery($A->Y, $A->Z); |
|
| 325 | - return self::fe_tobytes($pk); |
|
| 326 | - } |
|
| 12 | + /** |
|
| 13 | + * Alters the objects passed to this method in place. |
|
| 14 | + * |
|
| 15 | + * @internal You should not use this directly from another application |
|
| 16 | + * |
|
| 17 | + * @param ParagonIE_Sodium_Core_Curve25519_Fe $f |
|
| 18 | + * @param ParagonIE_Sodium_Core_Curve25519_Fe $g |
|
| 19 | + * @param int $b |
|
| 20 | + * @return void |
|
| 21 | + * @psalm-suppress MixedAssignment |
|
| 22 | + */ |
|
| 23 | + public static function fe_cswap( |
|
| 24 | + ParagonIE_Sodium_Core_Curve25519_Fe $f, |
|
| 25 | + ParagonIE_Sodium_Core_Curve25519_Fe $g, |
|
| 26 | + $b = 0 |
|
| 27 | + ) { |
|
| 28 | + $f0 = (int) $f[0]; |
|
| 29 | + $f1 = (int) $f[1]; |
|
| 30 | + $f2 = (int) $f[2]; |
|
| 31 | + $f3 = (int) $f[3]; |
|
| 32 | + $f4 = (int) $f[4]; |
|
| 33 | + $f5 = (int) $f[5]; |
|
| 34 | + $f6 = (int) $f[6]; |
|
| 35 | + $f7 = (int) $f[7]; |
|
| 36 | + $f8 = (int) $f[8]; |
|
| 37 | + $f9 = (int) $f[9]; |
|
| 38 | + $g0 = (int) $g[0]; |
|
| 39 | + $g1 = (int) $g[1]; |
|
| 40 | + $g2 = (int) $g[2]; |
|
| 41 | + $g3 = (int) $g[3]; |
|
| 42 | + $g4 = (int) $g[4]; |
|
| 43 | + $g5 = (int) $g[5]; |
|
| 44 | + $g6 = (int) $g[6]; |
|
| 45 | + $g7 = (int) $g[7]; |
|
| 46 | + $g8 = (int) $g[8]; |
|
| 47 | + $g9 = (int) $g[9]; |
|
| 48 | + $b = -$b; |
|
| 49 | + $x0 = ($f0 ^ $g0) & $b; |
|
| 50 | + $x1 = ($f1 ^ $g1) & $b; |
|
| 51 | + $x2 = ($f2 ^ $g2) & $b; |
|
| 52 | + $x3 = ($f3 ^ $g3) & $b; |
|
| 53 | + $x4 = ($f4 ^ $g4) & $b; |
|
| 54 | + $x5 = ($f5 ^ $g5) & $b; |
|
| 55 | + $x6 = ($f6 ^ $g6) & $b; |
|
| 56 | + $x7 = ($f7 ^ $g7) & $b; |
|
| 57 | + $x8 = ($f8 ^ $g8) & $b; |
|
| 58 | + $x9 = ($f9 ^ $g9) & $b; |
|
| 59 | + $f[0] = $f0 ^ $x0; |
|
| 60 | + $f[1] = $f1 ^ $x1; |
|
| 61 | + $f[2] = $f2 ^ $x2; |
|
| 62 | + $f[3] = $f3 ^ $x3; |
|
| 63 | + $f[4] = $f4 ^ $x4; |
|
| 64 | + $f[5] = $f5 ^ $x5; |
|
| 65 | + $f[6] = $f6 ^ $x6; |
|
| 66 | + $f[7] = $f7 ^ $x7; |
|
| 67 | + $f[8] = $f8 ^ $x8; |
|
| 68 | + $f[9] = $f9 ^ $x9; |
|
| 69 | + $g[0] = $g0 ^ $x0; |
|
| 70 | + $g[1] = $g1 ^ $x1; |
|
| 71 | + $g[2] = $g2 ^ $x2; |
|
| 72 | + $g[3] = $g3 ^ $x3; |
|
| 73 | + $g[4] = $g4 ^ $x4; |
|
| 74 | + $g[5] = $g5 ^ $x5; |
|
| 75 | + $g[6] = $g6 ^ $x6; |
|
| 76 | + $g[7] = $g7 ^ $x7; |
|
| 77 | + $g[8] = $g8 ^ $x8; |
|
| 78 | + $g[9] = $g9 ^ $x9; |
|
| 79 | + } |
|
| 80 | + |
|
| 81 | + /** |
|
| 82 | + * @internal You should not use this directly from another application |
|
| 83 | + * |
|
| 84 | + * @param ParagonIE_Sodium_Core_Curve25519_Fe $f |
|
| 85 | + * @return ParagonIE_Sodium_Core_Curve25519_Fe |
|
| 86 | + */ |
|
| 87 | + public static function fe_mul121666(ParagonIE_Sodium_Core_Curve25519_Fe $f) |
|
| 88 | + { |
|
| 89 | + $h = array( |
|
| 90 | + self::mul((int) $f[0], 121666, 17), |
|
| 91 | + self::mul((int) $f[1], 121666, 17), |
|
| 92 | + self::mul((int) $f[2], 121666, 17), |
|
| 93 | + self::mul((int) $f[3], 121666, 17), |
|
| 94 | + self::mul((int) $f[4], 121666, 17), |
|
| 95 | + self::mul((int) $f[5], 121666, 17), |
|
| 96 | + self::mul((int) $f[6], 121666, 17), |
|
| 97 | + self::mul((int) $f[7], 121666, 17), |
|
| 98 | + self::mul((int) $f[8], 121666, 17), |
|
| 99 | + self::mul((int) $f[9], 121666, 17) |
|
| 100 | + ); |
|
| 101 | + |
|
| 102 | + /** @var int $carry9 */ |
|
| 103 | + $carry9 = ($h[9] + (1 << 24)) >> 25; |
|
| 104 | + $h[0] += self::mul($carry9, 19, 5); |
|
| 105 | + $h[9] -= $carry9 << 25; |
|
| 106 | + /** @var int $carry1 */ |
|
| 107 | + $carry1 = ($h[1] + (1 << 24)) >> 25; |
|
| 108 | + $h[2] += $carry1; |
|
| 109 | + $h[1] -= $carry1 << 25; |
|
| 110 | + /** @var int $carry3 */ |
|
| 111 | + $carry3 = ($h[3] + (1 << 24)) >> 25; |
|
| 112 | + $h[4] += $carry3; |
|
| 113 | + $h[3] -= $carry3 << 25; |
|
| 114 | + /** @var int $carry5 */ |
|
| 115 | + $carry5 = ($h[5] + (1 << 24)) >> 25; |
|
| 116 | + $h[6] += $carry5; |
|
| 117 | + $h[5] -= $carry5 << 25; |
|
| 118 | + /** @var int $carry7 */ |
|
| 119 | + $carry7 = ($h[7] + (1 << 24)) >> 25; |
|
| 120 | + $h[8] += $carry7; |
|
| 121 | + $h[7] -= $carry7 << 25; |
|
| 122 | + |
|
| 123 | + /** @var int $carry0 */ |
|
| 124 | + $carry0 = ($h[0] + (1 << 25)) >> 26; |
|
| 125 | + $h[1] += $carry0; |
|
| 126 | + $h[0] -= $carry0 << 26; |
|
| 127 | + /** @var int $carry2 */ |
|
| 128 | + $carry2 = ($h[2] + (1 << 25)) >> 26; |
|
| 129 | + $h[3] += $carry2; |
|
| 130 | + $h[2] -= $carry2 << 26; |
|
| 131 | + /** @var int $carry4 */ |
|
| 132 | + $carry4 = ($h[4] + (1 << 25)) >> 26; |
|
| 133 | + $h[5] += $carry4; |
|
| 134 | + $h[4] -= $carry4 << 26; |
|
| 135 | + /** @var int $carry6 */ |
|
| 136 | + $carry6 = ($h[6] + (1 << 25)) >> 26; |
|
| 137 | + $h[7] += $carry6; |
|
| 138 | + $h[6] -= $carry6 << 26; |
|
| 139 | + /** @var int $carry8 */ |
|
| 140 | + $carry8 = ($h[8] + (1 << 25)) >> 26; |
|
| 141 | + $h[9] += $carry8; |
|
| 142 | + $h[8] -= $carry8 << 26; |
|
| 143 | + |
|
| 144 | + foreach ($h as $i => $value) { |
|
| 145 | + $h[$i] = (int) $value; |
|
| 146 | + } |
|
| 147 | + return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray($h); |
|
| 148 | + } |
|
| 149 | + |
|
| 150 | + /** |
|
| 151 | + * @internal You should not use this directly from another application |
|
| 152 | + * |
|
| 153 | + * Inline comments preceded by # are from libsodium's ref10 code. |
|
| 154 | + * |
|
| 155 | + * @param string $n |
|
| 156 | + * @param string $p |
|
| 157 | + * @return string |
|
| 158 | + * @throws SodiumException |
|
| 159 | + * @throws TypeError |
|
| 160 | + */ |
|
| 161 | + public static function crypto_scalarmult_curve25519_ref10($n, $p) |
|
| 162 | + { |
|
| 163 | + # for (i = 0;i < 32;++i) e[i] = n[i]; |
|
| 164 | + $e = '' . $n; |
|
| 165 | + # e[0] &= 248; |
|
| 166 | + $e[0] = self::intToChr( |
|
| 167 | + self::chrToInt($e[0]) & 248 |
|
| 168 | + ); |
|
| 169 | + # e[31] &= 127; |
|
| 170 | + # e[31] |= 64; |
|
| 171 | + $e[31] = self::intToChr( |
|
| 172 | + (self::chrToInt($e[31]) & 127) | 64 |
|
| 173 | + ); |
|
| 174 | + # fe_frombytes(x1,p); |
|
| 175 | + $x1 = self::fe_frombytes($p); |
|
| 176 | + # fe_1(x2); |
|
| 177 | + $x2 = self::fe_1(); |
|
| 178 | + # fe_0(z2); |
|
| 179 | + $z2 = self::fe_0(); |
|
| 180 | + # fe_copy(x3,x1); |
|
| 181 | + $x3 = self::fe_copy($x1); |
|
| 182 | + # fe_1(z3); |
|
| 183 | + $z3 = self::fe_1(); |
|
| 184 | + |
|
| 185 | + # swap = 0; |
|
| 186 | + /** @var int $swap */ |
|
| 187 | + $swap = 0; |
|
| 188 | + |
|
| 189 | + # for (pos = 254;pos >= 0;--pos) { |
|
| 190 | + for ($pos = 254; $pos >= 0; --$pos) { |
|
| 191 | + # b = e[pos / 8] >> (pos & 7); |
|
| 192 | + /** @var int $b */ |
|
| 193 | + $b = self::chrToInt( |
|
| 194 | + $e[(int) floor($pos / 8)] |
|
| 195 | + ) >> ($pos & 7); |
|
| 196 | + # b &= 1; |
|
| 197 | + $b &= 1; |
|
| 198 | + # swap ^= b; |
|
| 199 | + $swap ^= $b; |
|
| 200 | + # fe_cswap(x2,x3,swap); |
|
| 201 | + self::fe_cswap($x2, $x3, $swap); |
|
| 202 | + # fe_cswap(z2,z3,swap); |
|
| 203 | + self::fe_cswap($z2, $z3, $swap); |
|
| 204 | + # swap = b; |
|
| 205 | + $swap = $b; |
|
| 206 | + # fe_sub(tmp0,x3,z3); |
|
| 207 | + $tmp0 = self::fe_sub($x3, $z3); |
|
| 208 | + # fe_sub(tmp1,x2,z2); |
|
| 209 | + $tmp1 = self::fe_sub($x2, $z2); |
|
| 210 | + |
|
| 211 | + # fe_add(x2,x2,z2); |
|
| 212 | + $x2 = self::fe_add($x2, $z2); |
|
| 213 | + |
|
| 214 | + # fe_add(z2,x3,z3); |
|
| 215 | + $z2 = self::fe_add($x3, $z3); |
|
| 216 | + |
|
| 217 | + # fe_mul(z3,tmp0,x2); |
|
| 218 | + $z3 = self::fe_mul($tmp0, $x2); |
|
| 219 | + |
|
| 220 | + # fe_mul(z2,z2,tmp1); |
|
| 221 | + $z2 = self::fe_mul($z2, $tmp1); |
|
| 222 | + |
|
| 223 | + # fe_sq(tmp0,tmp1); |
|
| 224 | + $tmp0 = self::fe_sq($tmp1); |
|
| 225 | + |
|
| 226 | + # fe_sq(tmp1,x2); |
|
| 227 | + $tmp1 = self::fe_sq($x2); |
|
| 228 | + |
|
| 229 | + # fe_add(x3,z3,z2); |
|
| 230 | + $x3 = self::fe_add($z3, $z2); |
|
| 231 | + |
|
| 232 | + # fe_sub(z2,z3,z2); |
|
| 233 | + $z2 = self::fe_sub($z3, $z2); |
|
| 234 | + |
|
| 235 | + # fe_mul(x2,tmp1,tmp0); |
|
| 236 | + $x2 = self::fe_mul($tmp1, $tmp0); |
|
| 237 | + |
|
| 238 | + # fe_sub(tmp1,tmp1,tmp0); |
|
| 239 | + $tmp1 = self::fe_sub($tmp1, $tmp0); |
|
| 240 | + |
|
| 241 | + # fe_sq(z2,z2); |
|
| 242 | + $z2 = self::fe_sq($z2); |
|
| 243 | + |
|
| 244 | + # fe_mul121666(z3,tmp1); |
|
| 245 | + $z3 = self::fe_mul121666($tmp1); |
|
| 246 | + |
|
| 247 | + # fe_sq(x3,x3); |
|
| 248 | + $x3 = self::fe_sq($x3); |
|
| 249 | + |
|
| 250 | + # fe_add(tmp0,tmp0,z3); |
|
| 251 | + $tmp0 = self::fe_add($tmp0, $z3); |
|
| 252 | + |
|
| 253 | + # fe_mul(z3,x1,z2); |
|
| 254 | + $z3 = self::fe_mul($x1, $z2); |
|
| 255 | + |
|
| 256 | + # fe_mul(z2,tmp1,tmp0); |
|
| 257 | + $z2 = self::fe_mul($tmp1, $tmp0); |
|
| 258 | + } |
|
| 259 | + |
|
| 260 | + # fe_cswap(x2,x3,swap); |
|
| 261 | + self::fe_cswap($x2, $x3, $swap); |
|
| 262 | + |
|
| 263 | + # fe_cswap(z2,z3,swap); |
|
| 264 | + self::fe_cswap($z2, $z3, $swap); |
|
| 265 | + |
|
| 266 | + # fe_invert(z2,z2); |
|
| 267 | + $z2 = self::fe_invert($z2); |
|
| 268 | + |
|
| 269 | + # fe_mul(x2,x2,z2); |
|
| 270 | + $x2 = self::fe_mul($x2, $z2); |
|
| 271 | + # fe_tobytes(q,x2); |
|
| 272 | + return self::fe_tobytes($x2); |
|
| 273 | + } |
|
| 274 | + |
|
| 275 | + /** |
|
| 276 | + * @internal You should not use this directly from another application |
|
| 277 | + * |
|
| 278 | + * @param ParagonIE_Sodium_Core_Curve25519_Fe $edwardsY |
|
| 279 | + * @param ParagonIE_Sodium_Core_Curve25519_Fe $edwardsZ |
|
| 280 | + * @return ParagonIE_Sodium_Core_Curve25519_Fe |
|
| 281 | + */ |
|
| 282 | + public static function edwards_to_montgomery( |
|
| 283 | + ParagonIE_Sodium_Core_Curve25519_Fe $edwardsY, |
|
| 284 | + ParagonIE_Sodium_Core_Curve25519_Fe $edwardsZ |
|
| 285 | + ) { |
|
| 286 | + $tempX = self::fe_add($edwardsZ, $edwardsY); |
|
| 287 | + $tempZ = self::fe_sub($edwardsZ, $edwardsY); |
|
| 288 | + $tempZ = self::fe_invert($tempZ); |
|
| 289 | + return self::fe_mul($tempX, $tempZ); |
|
| 290 | + } |
|
| 291 | + |
|
| 292 | + /** |
|
| 293 | + * @internal You should not use this directly from another application |
|
| 294 | + * |
|
| 295 | + * @param string $n |
|
| 296 | + * @return string |
|
| 297 | + * @throws SodiumException |
|
| 298 | + * @throws TypeError |
|
| 299 | + */ |
|
| 300 | + public static function crypto_scalarmult_curve25519_ref10_base($n) |
|
| 301 | + { |
|
| 302 | + # for (i = 0;i < 32;++i) e[i] = n[i]; |
|
| 303 | + $e = '' . $n; |
|
| 304 | + |
|
| 305 | + # e[0] &= 248; |
|
| 306 | + $e[0] = self::intToChr( |
|
| 307 | + self::chrToInt($e[0]) & 248 |
|
| 308 | + ); |
|
| 309 | + |
|
| 310 | + # e[31] &= 127; |
|
| 311 | + # e[31] |= 64; |
|
| 312 | + $e[31] = self::intToChr( |
|
| 313 | + (self::chrToInt($e[31]) & 127) | 64 |
|
| 314 | + ); |
|
| 315 | + |
|
| 316 | + $A = self::ge_scalarmult_base($e); |
|
| 317 | + if ( |
|
| 318 | + !($A->Y instanceof ParagonIE_Sodium_Core_Curve25519_Fe) |
|
| 319 | + || |
|
| 320 | + !($A->Z instanceof ParagonIE_Sodium_Core_Curve25519_Fe) |
|
| 321 | + ) { |
|
| 322 | + throw new TypeError('Null points encountered'); |
|
| 323 | + } |
|
| 324 | + $pk = self::edwards_to_montgomery($A->Y, $A->Z); |
|
| 325 | + return self::fe_tobytes($pk); |
|
| 326 | + } |
|
| 327 | 327 | } |
@@ -1,6 +1,6 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -if (class_exists('ParagonIE_Sodium_Core_X25519', false)) { |
|
| 3 | +if ( class_exists( 'ParagonIE_Sodium_Core_X25519', false ) ) { |
|
| 4 | 4 | return; |
| 5 | 5 | } |
| 6 | 6 | |
@@ -25,57 +25,57 @@ discard block |
||
| 25 | 25 | ParagonIE_Sodium_Core_Curve25519_Fe $g, |
| 26 | 26 | $b = 0 |
| 27 | 27 | ) { |
| 28 | - $f0 = (int) $f[0]; |
|
| 29 | - $f1 = (int) $f[1]; |
|
| 30 | - $f2 = (int) $f[2]; |
|
| 31 | - $f3 = (int) $f[3]; |
|
| 32 | - $f4 = (int) $f[4]; |
|
| 33 | - $f5 = (int) $f[5]; |
|
| 34 | - $f6 = (int) $f[6]; |
|
| 35 | - $f7 = (int) $f[7]; |
|
| 36 | - $f8 = (int) $f[8]; |
|
| 37 | - $f9 = (int) $f[9]; |
|
| 38 | - $g0 = (int) $g[0]; |
|
| 39 | - $g1 = (int) $g[1]; |
|
| 40 | - $g2 = (int) $g[2]; |
|
| 41 | - $g3 = (int) $g[3]; |
|
| 42 | - $g4 = (int) $g[4]; |
|
| 43 | - $g5 = (int) $g[5]; |
|
| 44 | - $g6 = (int) $g[6]; |
|
| 45 | - $g7 = (int) $g[7]; |
|
| 46 | - $g8 = (int) $g[8]; |
|
| 47 | - $g9 = (int) $g[9]; |
|
| 28 | + $f0 = (int)$f[ 0 ]; |
|
| 29 | + $f1 = (int)$f[ 1 ]; |
|
| 30 | + $f2 = (int)$f[ 2 ]; |
|
| 31 | + $f3 = (int)$f[ 3 ]; |
|
| 32 | + $f4 = (int)$f[ 4 ]; |
|
| 33 | + $f5 = (int)$f[ 5 ]; |
|
| 34 | + $f6 = (int)$f[ 6 ]; |
|
| 35 | + $f7 = (int)$f[ 7 ]; |
|
| 36 | + $f8 = (int)$f[ 8 ]; |
|
| 37 | + $f9 = (int)$f[ 9 ]; |
|
| 38 | + $g0 = (int)$g[ 0 ]; |
|
| 39 | + $g1 = (int)$g[ 1 ]; |
|
| 40 | + $g2 = (int)$g[ 2 ]; |
|
| 41 | + $g3 = (int)$g[ 3 ]; |
|
| 42 | + $g4 = (int)$g[ 4 ]; |
|
| 43 | + $g5 = (int)$g[ 5 ]; |
|
| 44 | + $g6 = (int)$g[ 6 ]; |
|
| 45 | + $g7 = (int)$g[ 7 ]; |
|
| 46 | + $g8 = (int)$g[ 8 ]; |
|
| 47 | + $g9 = (int)$g[ 9 ]; |
|
| 48 | 48 | $b = -$b; |
| 49 | - $x0 = ($f0 ^ $g0) & $b; |
|
| 50 | - $x1 = ($f1 ^ $g1) & $b; |
|
| 51 | - $x2 = ($f2 ^ $g2) & $b; |
|
| 52 | - $x3 = ($f3 ^ $g3) & $b; |
|
| 53 | - $x4 = ($f4 ^ $g4) & $b; |
|
| 54 | - $x5 = ($f5 ^ $g5) & $b; |
|
| 55 | - $x6 = ($f6 ^ $g6) & $b; |
|
| 56 | - $x7 = ($f7 ^ $g7) & $b; |
|
| 57 | - $x8 = ($f8 ^ $g8) & $b; |
|
| 58 | - $x9 = ($f9 ^ $g9) & $b; |
|
| 59 | - $f[0] = $f0 ^ $x0; |
|
| 60 | - $f[1] = $f1 ^ $x1; |
|
| 61 | - $f[2] = $f2 ^ $x2; |
|
| 62 | - $f[3] = $f3 ^ $x3; |
|
| 63 | - $f[4] = $f4 ^ $x4; |
|
| 64 | - $f[5] = $f5 ^ $x5; |
|
| 65 | - $f[6] = $f6 ^ $x6; |
|
| 66 | - $f[7] = $f7 ^ $x7; |
|
| 67 | - $f[8] = $f8 ^ $x8; |
|
| 68 | - $f[9] = $f9 ^ $x9; |
|
| 69 | - $g[0] = $g0 ^ $x0; |
|
| 70 | - $g[1] = $g1 ^ $x1; |
|
| 71 | - $g[2] = $g2 ^ $x2; |
|
| 72 | - $g[3] = $g3 ^ $x3; |
|
| 73 | - $g[4] = $g4 ^ $x4; |
|
| 74 | - $g[5] = $g5 ^ $x5; |
|
| 75 | - $g[6] = $g6 ^ $x6; |
|
| 76 | - $g[7] = $g7 ^ $x7; |
|
| 77 | - $g[8] = $g8 ^ $x8; |
|
| 78 | - $g[9] = $g9 ^ $x9; |
|
| 49 | + $x0 = ( $f0 ^ $g0 ) & $b; |
|
| 50 | + $x1 = ( $f1 ^ $g1 ) & $b; |
|
| 51 | + $x2 = ( $f2 ^ $g2 ) & $b; |
|
| 52 | + $x3 = ( $f3 ^ $g3 ) & $b; |
|
| 53 | + $x4 = ( $f4 ^ $g4 ) & $b; |
|
| 54 | + $x5 = ( $f5 ^ $g5 ) & $b; |
|
| 55 | + $x6 = ( $f6 ^ $g6 ) & $b; |
|
| 56 | + $x7 = ( $f7 ^ $g7 ) & $b; |
|
| 57 | + $x8 = ( $f8 ^ $g8 ) & $b; |
|
| 58 | + $x9 = ( $f9 ^ $g9 ) & $b; |
|
| 59 | + $f[ 0 ] = $f0 ^ $x0; |
|
| 60 | + $f[ 1 ] = $f1 ^ $x1; |
|
| 61 | + $f[ 2 ] = $f2 ^ $x2; |
|
| 62 | + $f[ 3 ] = $f3 ^ $x3; |
|
| 63 | + $f[ 4 ] = $f4 ^ $x4; |
|
| 64 | + $f[ 5 ] = $f5 ^ $x5; |
|
| 65 | + $f[ 6 ] = $f6 ^ $x6; |
|
| 66 | + $f[ 7 ] = $f7 ^ $x7; |
|
| 67 | + $f[ 8 ] = $f8 ^ $x8; |
|
| 68 | + $f[ 9 ] = $f9 ^ $x9; |
|
| 69 | + $g[ 0 ] = $g0 ^ $x0; |
|
| 70 | + $g[ 1 ] = $g1 ^ $x1; |
|
| 71 | + $g[ 2 ] = $g2 ^ $x2; |
|
| 72 | + $g[ 3 ] = $g3 ^ $x3; |
|
| 73 | + $g[ 4 ] = $g4 ^ $x4; |
|
| 74 | + $g[ 5 ] = $g5 ^ $x5; |
|
| 75 | + $g[ 6 ] = $g6 ^ $x6; |
|
| 76 | + $g[ 7 ] = $g7 ^ $x7; |
|
| 77 | + $g[ 8 ] = $g8 ^ $x8; |
|
| 78 | + $g[ 9 ] = $g9 ^ $x9; |
|
| 79 | 79 | } |
| 80 | 80 | |
| 81 | 81 | /** |
@@ -84,67 +84,67 @@ discard block |
||
| 84 | 84 | * @param ParagonIE_Sodium_Core_Curve25519_Fe $f |
| 85 | 85 | * @return ParagonIE_Sodium_Core_Curve25519_Fe |
| 86 | 86 | */ |
| 87 | - public static function fe_mul121666(ParagonIE_Sodium_Core_Curve25519_Fe $f) |
|
| 87 | + public static function fe_mul121666( ParagonIE_Sodium_Core_Curve25519_Fe $f ) |
|
| 88 | 88 | { |
| 89 | 89 | $h = array( |
| 90 | - self::mul((int) $f[0], 121666, 17), |
|
| 91 | - self::mul((int) $f[1], 121666, 17), |
|
| 92 | - self::mul((int) $f[2], 121666, 17), |
|
| 93 | - self::mul((int) $f[3], 121666, 17), |
|
| 94 | - self::mul((int) $f[4], 121666, 17), |
|
| 95 | - self::mul((int) $f[5], 121666, 17), |
|
| 96 | - self::mul((int) $f[6], 121666, 17), |
|
| 97 | - self::mul((int) $f[7], 121666, 17), |
|
| 98 | - self::mul((int) $f[8], 121666, 17), |
|
| 99 | - self::mul((int) $f[9], 121666, 17) |
|
| 90 | + self::mul( (int)$f[ 0 ], 121666, 17 ), |
|
| 91 | + self::mul( (int)$f[ 1 ], 121666, 17 ), |
|
| 92 | + self::mul( (int)$f[ 2 ], 121666, 17 ), |
|
| 93 | + self::mul( (int)$f[ 3 ], 121666, 17 ), |
|
| 94 | + self::mul( (int)$f[ 4 ], 121666, 17 ), |
|
| 95 | + self::mul( (int)$f[ 5 ], 121666, 17 ), |
|
| 96 | + self::mul( (int)$f[ 6 ], 121666, 17 ), |
|
| 97 | + self::mul( (int)$f[ 7 ], 121666, 17 ), |
|
| 98 | + self::mul( (int)$f[ 8 ], 121666, 17 ), |
|
| 99 | + self::mul( (int)$f[ 9 ], 121666, 17 ) |
|
| 100 | 100 | ); |
| 101 | 101 | |
| 102 | 102 | /** @var int $carry9 */ |
| 103 | - $carry9 = ($h[9] + (1 << 24)) >> 25; |
|
| 104 | - $h[0] += self::mul($carry9, 19, 5); |
|
| 105 | - $h[9] -= $carry9 << 25; |
|
| 103 | + $carry9 = ( $h[ 9 ] + ( 1 << 24 ) ) >> 25; |
|
| 104 | + $h[ 0 ] += self::mul( $carry9, 19, 5 ); |
|
| 105 | + $h[ 9 ] -= $carry9 << 25; |
|
| 106 | 106 | /** @var int $carry1 */ |
| 107 | - $carry1 = ($h[1] + (1 << 24)) >> 25; |
|
| 108 | - $h[2] += $carry1; |
|
| 109 | - $h[1] -= $carry1 << 25; |
|
| 107 | + $carry1 = ( $h[ 1 ] + ( 1 << 24 ) ) >> 25; |
|
| 108 | + $h[ 2 ] += $carry1; |
|
| 109 | + $h[ 1 ] -= $carry1 << 25; |
|
| 110 | 110 | /** @var int $carry3 */ |
| 111 | - $carry3 = ($h[3] + (1 << 24)) >> 25; |
|
| 112 | - $h[4] += $carry3; |
|
| 113 | - $h[3] -= $carry3 << 25; |
|
| 111 | + $carry3 = ( $h[ 3 ] + ( 1 << 24 ) ) >> 25; |
|
| 112 | + $h[ 4 ] += $carry3; |
|
| 113 | + $h[ 3 ] -= $carry3 << 25; |
|
| 114 | 114 | /** @var int $carry5 */ |
| 115 | - $carry5 = ($h[5] + (1 << 24)) >> 25; |
|
| 116 | - $h[6] += $carry5; |
|
| 117 | - $h[5] -= $carry5 << 25; |
|
| 115 | + $carry5 = ( $h[ 5 ] + ( 1 << 24 ) ) >> 25; |
|
| 116 | + $h[ 6 ] += $carry5; |
|
| 117 | + $h[ 5 ] -= $carry5 << 25; |
|
| 118 | 118 | /** @var int $carry7 */ |
| 119 | - $carry7 = ($h[7] + (1 << 24)) >> 25; |
|
| 120 | - $h[8] += $carry7; |
|
| 121 | - $h[7] -= $carry7 << 25; |
|
| 119 | + $carry7 = ( $h[ 7 ] + ( 1 << 24 ) ) >> 25; |
|
| 120 | + $h[ 8 ] += $carry7; |
|
| 121 | + $h[ 7 ] -= $carry7 << 25; |
|
| 122 | 122 | |
| 123 | 123 | /** @var int $carry0 */ |
| 124 | - $carry0 = ($h[0] + (1 << 25)) >> 26; |
|
| 125 | - $h[1] += $carry0; |
|
| 126 | - $h[0] -= $carry0 << 26; |
|
| 124 | + $carry0 = ( $h[ 0 ] + ( 1 << 25 ) ) >> 26; |
|
| 125 | + $h[ 1 ] += $carry0; |
|
| 126 | + $h[ 0 ] -= $carry0 << 26; |
|
| 127 | 127 | /** @var int $carry2 */ |
| 128 | - $carry2 = ($h[2] + (1 << 25)) >> 26; |
|
| 129 | - $h[3] += $carry2; |
|
| 130 | - $h[2] -= $carry2 << 26; |
|
| 128 | + $carry2 = ( $h[ 2 ] + ( 1 << 25 ) ) >> 26; |
|
| 129 | + $h[ 3 ] += $carry2; |
|
| 130 | + $h[ 2 ] -= $carry2 << 26; |
|
| 131 | 131 | /** @var int $carry4 */ |
| 132 | - $carry4 = ($h[4] + (1 << 25)) >> 26; |
|
| 133 | - $h[5] += $carry4; |
|
| 134 | - $h[4] -= $carry4 << 26; |
|
| 132 | + $carry4 = ( $h[ 4 ] + ( 1 << 25 ) ) >> 26; |
|
| 133 | + $h[ 5 ] += $carry4; |
|
| 134 | + $h[ 4 ] -= $carry4 << 26; |
|
| 135 | 135 | /** @var int $carry6 */ |
| 136 | - $carry6 = ($h[6] + (1 << 25)) >> 26; |
|
| 137 | - $h[7] += $carry6; |
|
| 138 | - $h[6] -= $carry6 << 26; |
|
| 136 | + $carry6 = ( $h[ 6 ] + ( 1 << 25 ) ) >> 26; |
|
| 137 | + $h[ 7 ] += $carry6; |
|
| 138 | + $h[ 6 ] -= $carry6 << 26; |
|
| 139 | 139 | /** @var int $carry8 */ |
| 140 | - $carry8 = ($h[8] + (1 << 25)) >> 26; |
|
| 141 | - $h[9] += $carry8; |
|
| 142 | - $h[8] -= $carry8 << 26; |
|
| 140 | + $carry8 = ( $h[ 8 ] + ( 1 << 25 ) ) >> 26; |
|
| 141 | + $h[ 9 ] += $carry8; |
|
| 142 | + $h[ 8 ] -= $carry8 << 26; |
|
| 143 | 143 | |
| 144 | - foreach ($h as $i => $value) { |
|
| 145 | - $h[$i] = (int) $value; |
|
| 144 | + foreach ( $h as $i => $value ) { |
|
| 145 | + $h[ $i ] = (int)$value; |
|
| 146 | 146 | } |
| 147 | - return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray($h); |
|
| 147 | + return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( $h ); |
|
| 148 | 148 | } |
| 149 | 149 | |
| 150 | 150 | /** |
@@ -158,27 +158,27 @@ discard block |
||
| 158 | 158 | * @throws SodiumException |
| 159 | 159 | * @throws TypeError |
| 160 | 160 | */ |
| 161 | - public static function crypto_scalarmult_curve25519_ref10($n, $p) |
|
| 161 | + public static function crypto_scalarmult_curve25519_ref10( $n, $p ) |
|
| 162 | 162 | { |
| 163 | 163 | # for (i = 0;i < 32;++i) e[i] = n[i]; |
| 164 | 164 | $e = '' . $n; |
| 165 | 165 | # e[0] &= 248; |
| 166 | - $e[0] = self::intToChr( |
|
| 167 | - self::chrToInt($e[0]) & 248 |
|
| 166 | + $e[ 0 ] = self::intToChr( |
|
| 167 | + self::chrToInt( $e[ 0 ] ) & 248 |
|
| 168 | 168 | ); |
| 169 | 169 | # e[31] &= 127; |
| 170 | 170 | # e[31] |= 64; |
| 171 | - $e[31] = self::intToChr( |
|
| 172 | - (self::chrToInt($e[31]) & 127) | 64 |
|
| 171 | + $e[ 31 ] = self::intToChr( |
|
| 172 | + ( self::chrToInt( $e[ 31 ] ) & 127 ) | 64 |
|
| 173 | 173 | ); |
| 174 | 174 | # fe_frombytes(x1,p); |
| 175 | - $x1 = self::fe_frombytes($p); |
|
| 175 | + $x1 = self::fe_frombytes( $p ); |
|
| 176 | 176 | # fe_1(x2); |
| 177 | 177 | $x2 = self::fe_1(); |
| 178 | 178 | # fe_0(z2); |
| 179 | 179 | $z2 = self::fe_0(); |
| 180 | 180 | # fe_copy(x3,x1); |
| 181 | - $x3 = self::fe_copy($x1); |
|
| 181 | + $x3 = self::fe_copy( $x1 ); |
|
| 182 | 182 | # fe_1(z3); |
| 183 | 183 | $z3 = self::fe_1(); |
| 184 | 184 | |
@@ -187,89 +187,89 @@ discard block |
||
| 187 | 187 | $swap = 0; |
| 188 | 188 | |
| 189 | 189 | # for (pos = 254;pos >= 0;--pos) { |
| 190 | - for ($pos = 254; $pos >= 0; --$pos) { |
|
| 190 | + for ( $pos = 254; $pos >= 0; --$pos ) { |
|
| 191 | 191 | # b = e[pos / 8] >> (pos & 7); |
| 192 | 192 | /** @var int $b */ |
| 193 | 193 | $b = self::chrToInt( |
| 194 | - $e[(int) floor($pos / 8)] |
|
| 195 | - ) >> ($pos & 7); |
|
| 194 | + $e[ (int)floor( $pos / 8 ) ] |
|
| 195 | + ) >> ( $pos & 7 ); |
|
| 196 | 196 | # b &= 1; |
| 197 | 197 | $b &= 1; |
| 198 | 198 | # swap ^= b; |
| 199 | 199 | $swap ^= $b; |
| 200 | 200 | # fe_cswap(x2,x3,swap); |
| 201 | - self::fe_cswap($x2, $x3, $swap); |
|
| 201 | + self::fe_cswap( $x2, $x3, $swap ); |
|
| 202 | 202 | # fe_cswap(z2,z3,swap); |
| 203 | - self::fe_cswap($z2, $z3, $swap); |
|
| 203 | + self::fe_cswap( $z2, $z3, $swap ); |
|
| 204 | 204 | # swap = b; |
| 205 | 205 | $swap = $b; |
| 206 | 206 | # fe_sub(tmp0,x3,z3); |
| 207 | - $tmp0 = self::fe_sub($x3, $z3); |
|
| 207 | + $tmp0 = self::fe_sub( $x3, $z3 ); |
|
| 208 | 208 | # fe_sub(tmp1,x2,z2); |
| 209 | - $tmp1 = self::fe_sub($x2, $z2); |
|
| 209 | + $tmp1 = self::fe_sub( $x2, $z2 ); |
|
| 210 | 210 | |
| 211 | 211 | # fe_add(x2,x2,z2); |
| 212 | - $x2 = self::fe_add($x2, $z2); |
|
| 212 | + $x2 = self::fe_add( $x2, $z2 ); |
|
| 213 | 213 | |
| 214 | 214 | # fe_add(z2,x3,z3); |
| 215 | - $z2 = self::fe_add($x3, $z3); |
|
| 215 | + $z2 = self::fe_add( $x3, $z3 ); |
|
| 216 | 216 | |
| 217 | 217 | # fe_mul(z3,tmp0,x2); |
| 218 | - $z3 = self::fe_mul($tmp0, $x2); |
|
| 218 | + $z3 = self::fe_mul( $tmp0, $x2 ); |
|
| 219 | 219 | |
| 220 | 220 | # fe_mul(z2,z2,tmp1); |
| 221 | - $z2 = self::fe_mul($z2, $tmp1); |
|
| 221 | + $z2 = self::fe_mul( $z2, $tmp1 ); |
|
| 222 | 222 | |
| 223 | 223 | # fe_sq(tmp0,tmp1); |
| 224 | - $tmp0 = self::fe_sq($tmp1); |
|
| 224 | + $tmp0 = self::fe_sq( $tmp1 ); |
|
| 225 | 225 | |
| 226 | 226 | # fe_sq(tmp1,x2); |
| 227 | - $tmp1 = self::fe_sq($x2); |
|
| 227 | + $tmp1 = self::fe_sq( $x2 ); |
|
| 228 | 228 | |
| 229 | 229 | # fe_add(x3,z3,z2); |
| 230 | - $x3 = self::fe_add($z3, $z2); |
|
| 230 | + $x3 = self::fe_add( $z3, $z2 ); |
|
| 231 | 231 | |
| 232 | 232 | # fe_sub(z2,z3,z2); |
| 233 | - $z2 = self::fe_sub($z3, $z2); |
|
| 233 | + $z2 = self::fe_sub( $z3, $z2 ); |
|
| 234 | 234 | |
| 235 | 235 | # fe_mul(x2,tmp1,tmp0); |
| 236 | - $x2 = self::fe_mul($tmp1, $tmp0); |
|
| 236 | + $x2 = self::fe_mul( $tmp1, $tmp0 ); |
|
| 237 | 237 | |
| 238 | 238 | # fe_sub(tmp1,tmp1,tmp0); |
| 239 | - $tmp1 = self::fe_sub($tmp1, $tmp0); |
|
| 239 | + $tmp1 = self::fe_sub( $tmp1, $tmp0 ); |
|
| 240 | 240 | |
| 241 | 241 | # fe_sq(z2,z2); |
| 242 | - $z2 = self::fe_sq($z2); |
|
| 242 | + $z2 = self::fe_sq( $z2 ); |
|
| 243 | 243 | |
| 244 | 244 | # fe_mul121666(z3,tmp1); |
| 245 | - $z3 = self::fe_mul121666($tmp1); |
|
| 245 | + $z3 = self::fe_mul121666( $tmp1 ); |
|
| 246 | 246 | |
| 247 | 247 | # fe_sq(x3,x3); |
| 248 | - $x3 = self::fe_sq($x3); |
|
| 248 | + $x3 = self::fe_sq( $x3 ); |
|
| 249 | 249 | |
| 250 | 250 | # fe_add(tmp0,tmp0,z3); |
| 251 | - $tmp0 = self::fe_add($tmp0, $z3); |
|
| 251 | + $tmp0 = self::fe_add( $tmp0, $z3 ); |
|
| 252 | 252 | |
| 253 | 253 | # fe_mul(z3,x1,z2); |
| 254 | - $z3 = self::fe_mul($x1, $z2); |
|
| 254 | + $z3 = self::fe_mul( $x1, $z2 ); |
|
| 255 | 255 | |
| 256 | 256 | # fe_mul(z2,tmp1,tmp0); |
| 257 | - $z2 = self::fe_mul($tmp1, $tmp0); |
|
| 257 | + $z2 = self::fe_mul( $tmp1, $tmp0 ); |
|
| 258 | 258 | } |
| 259 | 259 | |
| 260 | 260 | # fe_cswap(x2,x3,swap); |
| 261 | - self::fe_cswap($x2, $x3, $swap); |
|
| 261 | + self::fe_cswap( $x2, $x3, $swap ); |
|
| 262 | 262 | |
| 263 | 263 | # fe_cswap(z2,z3,swap); |
| 264 | - self::fe_cswap($z2, $z3, $swap); |
|
| 264 | + self::fe_cswap( $z2, $z3, $swap ); |
|
| 265 | 265 | |
| 266 | 266 | # fe_invert(z2,z2); |
| 267 | - $z2 = self::fe_invert($z2); |
|
| 267 | + $z2 = self::fe_invert( $z2 ); |
|
| 268 | 268 | |
| 269 | 269 | # fe_mul(x2,x2,z2); |
| 270 | - $x2 = self::fe_mul($x2, $z2); |
|
| 270 | + $x2 = self::fe_mul( $x2, $z2 ); |
|
| 271 | 271 | # fe_tobytes(q,x2); |
| 272 | - return self::fe_tobytes($x2); |
|
| 272 | + return self::fe_tobytes( $x2 ); |
|
| 273 | 273 | } |
| 274 | 274 | |
| 275 | 275 | /** |
@@ -283,10 +283,10 @@ discard block |
||
| 283 | 283 | ParagonIE_Sodium_Core_Curve25519_Fe $edwardsY, |
| 284 | 284 | ParagonIE_Sodium_Core_Curve25519_Fe $edwardsZ |
| 285 | 285 | ) { |
| 286 | - $tempX = self::fe_add($edwardsZ, $edwardsY); |
|
| 287 | - $tempZ = self::fe_sub($edwardsZ, $edwardsY); |
|
| 288 | - $tempZ = self::fe_invert($tempZ); |
|
| 289 | - return self::fe_mul($tempX, $tempZ); |
|
| 286 | + $tempX = self::fe_add( $edwardsZ, $edwardsY ); |
|
| 287 | + $tempZ = self::fe_sub( $edwardsZ, $edwardsY ); |
|
| 288 | + $tempZ = self::fe_invert( $tempZ ); |
|
| 289 | + return self::fe_mul( $tempX, $tempZ ); |
|
| 290 | 290 | } |
| 291 | 291 | |
| 292 | 292 | /** |
@@ -297,31 +297,31 @@ discard block |
||
| 297 | 297 | * @throws SodiumException |
| 298 | 298 | * @throws TypeError |
| 299 | 299 | */ |
| 300 | - public static function crypto_scalarmult_curve25519_ref10_base($n) |
|
| 300 | + public static function crypto_scalarmult_curve25519_ref10_base( $n ) |
|
| 301 | 301 | { |
| 302 | 302 | # for (i = 0;i < 32;++i) e[i] = n[i]; |
| 303 | 303 | $e = '' . $n; |
| 304 | 304 | |
| 305 | 305 | # e[0] &= 248; |
| 306 | - $e[0] = self::intToChr( |
|
| 307 | - self::chrToInt($e[0]) & 248 |
|
| 306 | + $e[ 0 ] = self::intToChr( |
|
| 307 | + self::chrToInt( $e[ 0 ] ) & 248 |
|
| 308 | 308 | ); |
| 309 | 309 | |
| 310 | 310 | # e[31] &= 127; |
| 311 | 311 | # e[31] |= 64; |
| 312 | - $e[31] = self::intToChr( |
|
| 313 | - (self::chrToInt($e[31]) & 127) | 64 |
|
| 312 | + $e[ 31 ] = self::intToChr( |
|
| 313 | + ( self::chrToInt( $e[ 31 ] ) & 127 ) | 64 |
|
| 314 | 314 | ); |
| 315 | 315 | |
| 316 | - $A = self::ge_scalarmult_base($e); |
|
| 316 | + $A = self::ge_scalarmult_base( $e ); |
|
| 317 | 317 | if ( |
| 318 | - !($A->Y instanceof ParagonIE_Sodium_Core_Curve25519_Fe) |
|
| 318 | + ! ( $A->Y instanceof ParagonIE_Sodium_Core_Curve25519_Fe ) |
|
| 319 | 319 | || |
| 320 | - !($A->Z instanceof ParagonIE_Sodium_Core_Curve25519_Fe) |
|
| 320 | + ! ( $A->Z instanceof ParagonIE_Sodium_Core_Curve25519_Fe ) |
|
| 321 | 321 | ) { |
| 322 | - throw new TypeError('Null points encountered'); |
|
| 322 | + throw new TypeError( 'Null points encountered' ); |
|
| 323 | 323 | } |
| 324 | - $pk = self::edwards_to_montgomery($A->Y, $A->Z); |
|
| 325 | - return self::fe_tobytes($pk); |
|
| 324 | + $pk = self::edwards_to_montgomery( $A->Y, $A->Z ); |
|
| 325 | + return self::fe_tobytes( $pk ); |
|
| 326 | 326 | } |
| 327 | 327 | } |
@@ -7,8 +7,7 @@ discard block |
||
| 7 | 7 | /** |
| 8 | 8 | * Class ParagonIE_Sodium_Core_X25519 |
| 9 | 9 | */ |
| 10 | -abstract class ParagonIE_Sodium_Core_X25519 extends ParagonIE_Sodium_Core_Curve25519 |
|
| 11 | -{ |
|
| 10 | +abstract class ParagonIE_Sodium_Core_X25519 extends ParagonIE_Sodium_Core_Curve25519 { |
|
| 12 | 11 | /** |
| 13 | 12 | * Alters the objects passed to this method in place. |
| 14 | 13 | * |
@@ -84,8 +83,7 @@ discard block |
||
| 84 | 83 | * @param ParagonIE_Sodium_Core_Curve25519_Fe $f |
| 85 | 84 | * @return ParagonIE_Sodium_Core_Curve25519_Fe |
| 86 | 85 | */ |
| 87 | - public static function fe_mul121666(ParagonIE_Sodium_Core_Curve25519_Fe $f) |
|
| 88 | - { |
|
| 86 | + public static function fe_mul121666(ParagonIE_Sodium_Core_Curve25519_Fe $f) { |
|
| 89 | 87 | $h = array( |
| 90 | 88 | self::mul((int) $f[0], 121666, 17), |
| 91 | 89 | self::mul((int) $f[1], 121666, 17), |
@@ -158,8 +156,7 @@ discard block |
||
| 158 | 156 | * @throws SodiumException |
| 159 | 157 | * @throws TypeError |
| 160 | 158 | */ |
| 161 | - public static function crypto_scalarmult_curve25519_ref10($n, $p) |
|
| 162 | - { |
|
| 159 | + public static function crypto_scalarmult_curve25519_ref10($n, $p) { |
|
| 163 | 160 | # for (i = 0;i < 32;++i) e[i] = n[i]; |
| 164 | 161 | $e = '' . $n; |
| 165 | 162 | # e[0] &= 248; |
@@ -297,8 +294,7 @@ discard block |
||
| 297 | 294 | * @throws SodiumException |
| 298 | 295 | * @throws TypeError |
| 299 | 296 | */ |
| 300 | - public static function crypto_scalarmult_curve25519_ref10_base($n) |
|
| 301 | - { |
|
| 297 | + public static function crypto_scalarmult_curve25519_ref10_base($n) { |
|
| 302 | 298 | # for (i = 0;i < 32;++i) e[i] = n[i]; |
| 303 | 299 | $e = '' . $n; |
| 304 | 300 | |
@@ -1,7 +1,7 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | if (class_exists('ParagonIE_Sodium_Core_Poly1305', false)) { |
| 4 | - return; |
|
| 4 | + return; |
|
| 5 | 5 | } |
| 6 | 6 | |
| 7 | 7 | /** |
@@ -9,55 +9,55 @@ discard block |
||
| 9 | 9 | */ |
| 10 | 10 | abstract class ParagonIE_Sodium_Core_Poly1305 extends ParagonIE_Sodium_Core_Util |
| 11 | 11 | { |
| 12 | - const BLOCK_SIZE = 16; |
|
| 12 | + const BLOCK_SIZE = 16; |
|
| 13 | 13 | |
| 14 | - /** |
|
| 15 | - * @internal You should not use this directly from another application |
|
| 16 | - * |
|
| 17 | - * @param string $m |
|
| 18 | - * @param string $key |
|
| 19 | - * @return string |
|
| 20 | - * @throws SodiumException |
|
| 21 | - * @throws TypeError |
|
| 22 | - */ |
|
| 23 | - public static function onetimeauth($m, $key) |
|
| 24 | - { |
|
| 25 | - if (self::strlen($key) < 32) { |
|
| 26 | - throw new InvalidArgumentException( |
|
| 27 | - 'Key must be 32 bytes long.' |
|
| 28 | - ); |
|
| 29 | - } |
|
| 30 | - $state = new ParagonIE_Sodium_Core_Poly1305_State( |
|
| 31 | - self::substr($key, 0, 32) |
|
| 32 | - ); |
|
| 33 | - return $state |
|
| 34 | - ->update($m) |
|
| 35 | - ->finish(); |
|
| 36 | - } |
|
| 14 | + /** |
|
| 15 | + * @internal You should not use this directly from another application |
|
| 16 | + * |
|
| 17 | + * @param string $m |
|
| 18 | + * @param string $key |
|
| 19 | + * @return string |
|
| 20 | + * @throws SodiumException |
|
| 21 | + * @throws TypeError |
|
| 22 | + */ |
|
| 23 | + public static function onetimeauth($m, $key) |
|
| 24 | + { |
|
| 25 | + if (self::strlen($key) < 32) { |
|
| 26 | + throw new InvalidArgumentException( |
|
| 27 | + 'Key must be 32 bytes long.' |
|
| 28 | + ); |
|
| 29 | + } |
|
| 30 | + $state = new ParagonIE_Sodium_Core_Poly1305_State( |
|
| 31 | + self::substr($key, 0, 32) |
|
| 32 | + ); |
|
| 33 | + return $state |
|
| 34 | + ->update($m) |
|
| 35 | + ->finish(); |
|
| 36 | + } |
|
| 37 | 37 | |
| 38 | - /** |
|
| 39 | - * @internal You should not use this directly from another application |
|
| 40 | - * |
|
| 41 | - * @param string $mac |
|
| 42 | - * @param string $m |
|
| 43 | - * @param string $key |
|
| 44 | - * @return bool |
|
| 45 | - * @throws SodiumException |
|
| 46 | - * @throws TypeError |
|
| 47 | - */ |
|
| 48 | - public static function onetimeauth_verify($mac, $m, $key) |
|
| 49 | - { |
|
| 50 | - if (self::strlen($key) < 32) { |
|
| 51 | - throw new InvalidArgumentException( |
|
| 52 | - 'Key must be 32 bytes long.' |
|
| 53 | - ); |
|
| 54 | - } |
|
| 55 | - $state = new ParagonIE_Sodium_Core_Poly1305_State( |
|
| 56 | - self::substr($key, 0, 32) |
|
| 57 | - ); |
|
| 58 | - $calc = $state |
|
| 59 | - ->update($m) |
|
| 60 | - ->finish(); |
|
| 61 | - return self::verify_16($calc, $mac); |
|
| 62 | - } |
|
| 38 | + /** |
|
| 39 | + * @internal You should not use this directly from another application |
|
| 40 | + * |
|
| 41 | + * @param string $mac |
|
| 42 | + * @param string $m |
|
| 43 | + * @param string $key |
|
| 44 | + * @return bool |
|
| 45 | + * @throws SodiumException |
|
| 46 | + * @throws TypeError |
|
| 47 | + */ |
|
| 48 | + public static function onetimeauth_verify($mac, $m, $key) |
|
| 49 | + { |
|
| 50 | + if (self::strlen($key) < 32) { |
|
| 51 | + throw new InvalidArgumentException( |
|
| 52 | + 'Key must be 32 bytes long.' |
|
| 53 | + ); |
|
| 54 | + } |
|
| 55 | + $state = new ParagonIE_Sodium_Core_Poly1305_State( |
|
| 56 | + self::substr($key, 0, 32) |
|
| 57 | + ); |
|
| 58 | + $calc = $state |
|
| 59 | + ->update($m) |
|
| 60 | + ->finish(); |
|
| 61 | + return self::verify_16($calc, $mac); |
|
| 62 | + } |
|
| 63 | 63 | } |
@@ -1,6 +1,6 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -if (class_exists('ParagonIE_Sodium_Core_Poly1305', false)) { |
|
| 3 | +if ( class_exists( 'ParagonIE_Sodium_Core_Poly1305', false ) ) { |
|
| 4 | 4 | return; |
| 5 | 5 | } |
| 6 | 6 | |
@@ -20,18 +20,18 @@ discard block |
||
| 20 | 20 | * @throws SodiumException |
| 21 | 21 | * @throws TypeError |
| 22 | 22 | */ |
| 23 | - public static function onetimeauth($m, $key) |
|
| 23 | + public static function onetimeauth( $m, $key ) |
|
| 24 | 24 | { |
| 25 | - if (self::strlen($key) < 32) { |
|
| 25 | + if ( self::strlen( $key ) < 32 ) { |
|
| 26 | 26 | throw new InvalidArgumentException( |
| 27 | 27 | 'Key must be 32 bytes long.' |
| 28 | 28 | ); |
| 29 | 29 | } |
| 30 | 30 | $state = new ParagonIE_Sodium_Core_Poly1305_State( |
| 31 | - self::substr($key, 0, 32) |
|
| 31 | + self::substr( $key, 0, 32 ) |
|
| 32 | 32 | ); |
| 33 | 33 | return $state |
| 34 | - ->update($m) |
|
| 34 | + ->update( $m ) |
|
| 35 | 35 | ->finish(); |
| 36 | 36 | } |
| 37 | 37 | |
@@ -45,19 +45,19 @@ discard block |
||
| 45 | 45 | * @throws SodiumException |
| 46 | 46 | * @throws TypeError |
| 47 | 47 | */ |
| 48 | - public static function onetimeauth_verify($mac, $m, $key) |
|
| 48 | + public static function onetimeauth_verify( $mac, $m, $key ) |
|
| 49 | 49 | { |
| 50 | - if (self::strlen($key) < 32) { |
|
| 50 | + if ( self::strlen( $key ) < 32 ) { |
|
| 51 | 51 | throw new InvalidArgumentException( |
| 52 | 52 | 'Key must be 32 bytes long.' |
| 53 | 53 | ); |
| 54 | 54 | } |
| 55 | 55 | $state = new ParagonIE_Sodium_Core_Poly1305_State( |
| 56 | - self::substr($key, 0, 32) |
|
| 56 | + self::substr( $key, 0, 32 ) |
|
| 57 | 57 | ); |
| 58 | 58 | $calc = $state |
| 59 | - ->update($m) |
|
| 59 | + ->update( $m ) |
|
| 60 | 60 | ->finish(); |
| 61 | - return self::verify_16($calc, $mac); |
|
| 61 | + return self::verify_16( $calc, $mac ); |
|
| 62 | 62 | } |
| 63 | 63 | } |
@@ -7,8 +7,7 @@ discard block |
||
| 7 | 7 | /** |
| 8 | 8 | * Class ParagonIE_Sodium_Core_Poly1305 |
| 9 | 9 | */ |
| 10 | -abstract class ParagonIE_Sodium_Core_Poly1305 extends ParagonIE_Sodium_Core_Util |
|
| 11 | -{ |
|
| 10 | +abstract class ParagonIE_Sodium_Core_Poly1305 extends ParagonIE_Sodium_Core_Util { |
|
| 12 | 11 | const BLOCK_SIZE = 16; |
| 13 | 12 | |
| 14 | 13 | /** |
@@ -20,8 +19,7 @@ discard block |
||
| 20 | 19 | * @throws SodiumException |
| 21 | 20 | * @throws TypeError |
| 22 | 21 | */ |
| 23 | - public static function onetimeauth($m, $key) |
|
| 24 | - { |
|
| 22 | + public static function onetimeauth($m, $key) { |
|
| 25 | 23 | if (self::strlen($key) < 32) { |
| 26 | 24 | throw new InvalidArgumentException( |
| 27 | 25 | 'Key must be 32 bytes long.' |
@@ -45,8 +43,7 @@ discard block |
||
| 45 | 43 | * @throws SodiumException |
| 46 | 44 | * @throws TypeError |
| 47 | 45 | */ |
| 48 | - public static function onetimeauth_verify($mac, $m, $key) |
|
| 49 | - { |
|
| 46 | + public static function onetimeauth_verify($mac, $m, $key) { |
|
| 50 | 47 | if (self::strlen($key) < 32) { |
| 51 | 48 | throw new InvalidArgumentException( |
| 52 | 49 | 'Key must be 32 bytes long.' |
@@ -1,7 +1,7 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | if (class_exists('ParagonIE_Sodium_Core_XSalsa20', false)) { |
| 4 | - return; |
|
| 4 | + return; |
|
| 5 | 5 | } |
| 6 | 6 | |
| 7 | 7 | /** |
@@ -9,49 +9,49 @@ discard block |
||
| 9 | 9 | */ |
| 10 | 10 | abstract class ParagonIE_Sodium_Core_XSalsa20 extends ParagonIE_Sodium_Core_HSalsa20 |
| 11 | 11 | { |
| 12 | - /** |
|
| 13 | - * Expand a key and nonce into an xsalsa20 keystream. |
|
| 14 | - * |
|
| 15 | - * @internal You should not use this directly from another application |
|
| 16 | - * |
|
| 17 | - * @param int $len |
|
| 18 | - * @param string $nonce |
|
| 19 | - * @param string $key |
|
| 20 | - * @return string |
|
| 21 | - * @throws SodiumException |
|
| 22 | - * @throws TypeError |
|
| 23 | - */ |
|
| 24 | - public static function xsalsa20($len, $nonce, $key) |
|
| 25 | - { |
|
| 26 | - $ret = self::salsa20( |
|
| 27 | - $len, |
|
| 28 | - self::substr($nonce, 16, 8), |
|
| 29 | - self::hsalsa20($nonce, $key) |
|
| 30 | - ); |
|
| 31 | - return $ret; |
|
| 32 | - } |
|
| 12 | + /** |
|
| 13 | + * Expand a key and nonce into an xsalsa20 keystream. |
|
| 14 | + * |
|
| 15 | + * @internal You should not use this directly from another application |
|
| 16 | + * |
|
| 17 | + * @param int $len |
|
| 18 | + * @param string $nonce |
|
| 19 | + * @param string $key |
|
| 20 | + * @return string |
|
| 21 | + * @throws SodiumException |
|
| 22 | + * @throws TypeError |
|
| 23 | + */ |
|
| 24 | + public static function xsalsa20($len, $nonce, $key) |
|
| 25 | + { |
|
| 26 | + $ret = self::salsa20( |
|
| 27 | + $len, |
|
| 28 | + self::substr($nonce, 16, 8), |
|
| 29 | + self::hsalsa20($nonce, $key) |
|
| 30 | + ); |
|
| 31 | + return $ret; |
|
| 32 | + } |
|
| 33 | 33 | |
| 34 | - /** |
|
| 35 | - * Encrypt a string with XSalsa20. Doesn't provide integrity. |
|
| 36 | - * |
|
| 37 | - * @internal You should not use this directly from another application |
|
| 38 | - * |
|
| 39 | - * @param string $message |
|
| 40 | - * @param string $nonce |
|
| 41 | - * @param string $key |
|
| 42 | - * @return string |
|
| 43 | - * @throws SodiumException |
|
| 44 | - * @throws TypeError |
|
| 45 | - */ |
|
| 46 | - public static function xsalsa20_xor($message, $nonce, $key) |
|
| 47 | - { |
|
| 48 | - return self::xorStrings( |
|
| 49 | - $message, |
|
| 50 | - self::xsalsa20( |
|
| 51 | - self::strlen($message), |
|
| 52 | - $nonce, |
|
| 53 | - $key |
|
| 54 | - ) |
|
| 55 | - ); |
|
| 56 | - } |
|
| 34 | + /** |
|
| 35 | + * Encrypt a string with XSalsa20. Doesn't provide integrity. |
|
| 36 | + * |
|
| 37 | + * @internal You should not use this directly from another application |
|
| 38 | + * |
|
| 39 | + * @param string $message |
|
| 40 | + * @param string $nonce |
|
| 41 | + * @param string $key |
|
| 42 | + * @return string |
|
| 43 | + * @throws SodiumException |
|
| 44 | + * @throws TypeError |
|
| 45 | + */ |
|
| 46 | + public static function xsalsa20_xor($message, $nonce, $key) |
|
| 47 | + { |
|
| 48 | + return self::xorStrings( |
|
| 49 | + $message, |
|
| 50 | + self::xsalsa20( |
|
| 51 | + self::strlen($message), |
|
| 52 | + $nonce, |
|
| 53 | + $key |
|
| 54 | + ) |
|
| 55 | + ); |
|
| 56 | + } |
|
| 57 | 57 | } |
@@ -1,6 +1,6 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -if (class_exists('ParagonIE_Sodium_Core_XSalsa20', false)) { |
|
| 3 | +if ( class_exists( 'ParagonIE_Sodium_Core_XSalsa20', false ) ) { |
|
| 4 | 4 | return; |
| 5 | 5 | } |
| 6 | 6 | |
@@ -21,12 +21,12 @@ discard block |
||
| 21 | 21 | * @throws SodiumException |
| 22 | 22 | * @throws TypeError |
| 23 | 23 | */ |
| 24 | - public static function xsalsa20($len, $nonce, $key) |
|
| 24 | + public static function xsalsa20( $len, $nonce, $key ) |
|
| 25 | 25 | { |
| 26 | 26 | $ret = self::salsa20( |
| 27 | 27 | $len, |
| 28 | - self::substr($nonce, 16, 8), |
|
| 29 | - self::hsalsa20($nonce, $key) |
|
| 28 | + self::substr( $nonce, 16, 8 ), |
|
| 29 | + self::hsalsa20( $nonce, $key ) |
|
| 30 | 30 | ); |
| 31 | 31 | return $ret; |
| 32 | 32 | } |
@@ -43,12 +43,12 @@ discard block |
||
| 43 | 43 | * @throws SodiumException |
| 44 | 44 | * @throws TypeError |
| 45 | 45 | */ |
| 46 | - public static function xsalsa20_xor($message, $nonce, $key) |
|
| 46 | + public static function xsalsa20_xor( $message, $nonce, $key ) |
|
| 47 | 47 | { |
| 48 | 48 | return self::xorStrings( |
| 49 | 49 | $message, |
| 50 | 50 | self::xsalsa20( |
| 51 | - self::strlen($message), |
|
| 51 | + self::strlen( $message ), |
|
| 52 | 52 | $nonce, |
| 53 | 53 | $key |
| 54 | 54 | ) |
@@ -7,8 +7,7 @@ discard block |
||
| 7 | 7 | /** |
| 8 | 8 | * Class ParagonIE_Sodium_Core_XSalsa20 |
| 9 | 9 | */ |
| 10 | -abstract class ParagonIE_Sodium_Core_XSalsa20 extends ParagonIE_Sodium_Core_HSalsa20 |
|
| 11 | -{ |
|
| 10 | +abstract class ParagonIE_Sodium_Core_XSalsa20 extends ParagonIE_Sodium_Core_HSalsa20 { |
|
| 12 | 11 | /** |
| 13 | 12 | * Expand a key and nonce into an xsalsa20 keystream. |
| 14 | 13 | * |
@@ -21,8 +20,7 @@ discard block |
||
| 21 | 20 | * @throws SodiumException |
| 22 | 21 | * @throws TypeError |
| 23 | 22 | */ |
| 24 | - public static function xsalsa20($len, $nonce, $key) |
|
| 25 | - { |
|
| 23 | + public static function xsalsa20($len, $nonce, $key) { |
|
| 26 | 24 | $ret = self::salsa20( |
| 27 | 25 | $len, |
| 28 | 26 | self::substr($nonce, 16, 8), |
@@ -43,8 +41,7 @@ discard block |
||
| 43 | 41 | * @throws SodiumException |
| 44 | 42 | * @throws TypeError |
| 45 | 43 | */ |
| 46 | - public static function xsalsa20_xor($message, $nonce, $key) |
|
| 47 | - { |
|
| 44 | + public static function xsalsa20_xor($message, $nonce, $key) { |
|
| 48 | 45 | return self::xorStrings( |
| 49 | 46 | $message, |
| 50 | 47 | self::xsalsa20( |
@@ -1,7 +1,7 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | if (class_exists('ParagonIE_Sodium_Core_ChaCha20', false)) { |
| 4 | - return; |
|
| 4 | + return; |
|
| 5 | 5 | } |
| 6 | 6 | |
| 7 | 7 | /** |
@@ -9,80 +9,80 @@ discard block |
||
| 9 | 9 | */ |
| 10 | 10 | class ParagonIE_Sodium_Core_ChaCha20 extends ParagonIE_Sodium_Core_Util |
| 11 | 11 | { |
| 12 | - /** |
|
| 13 | - * Bitwise left rotation |
|
| 14 | - * |
|
| 15 | - * @internal You should not use this directly from another application |
|
| 16 | - * |
|
| 17 | - * @param int $v |
|
| 18 | - * @param int $n |
|
| 19 | - * @return int |
|
| 20 | - */ |
|
| 21 | - public static function rotate($v, $n) |
|
| 22 | - { |
|
| 23 | - $v &= 0xffffffff; |
|
| 24 | - $n &= 31; |
|
| 25 | - return (int) ( |
|
| 26 | - 0xffffffff & ( |
|
| 27 | - ($v << $n) |
|
| 28 | - | |
|
| 29 | - ($v >> (32 - $n)) |
|
| 30 | - ) |
|
| 31 | - ); |
|
| 32 | - } |
|
| 12 | + /** |
|
| 13 | + * Bitwise left rotation |
|
| 14 | + * |
|
| 15 | + * @internal You should not use this directly from another application |
|
| 16 | + * |
|
| 17 | + * @param int $v |
|
| 18 | + * @param int $n |
|
| 19 | + * @return int |
|
| 20 | + */ |
|
| 21 | + public static function rotate($v, $n) |
|
| 22 | + { |
|
| 23 | + $v &= 0xffffffff; |
|
| 24 | + $n &= 31; |
|
| 25 | + return (int) ( |
|
| 26 | + 0xffffffff & ( |
|
| 27 | + ($v << $n) |
|
| 28 | + | |
|
| 29 | + ($v >> (32 - $n)) |
|
| 30 | + ) |
|
| 31 | + ); |
|
| 32 | + } |
|
| 33 | 33 | |
| 34 | - /** |
|
| 35 | - * The ChaCha20 quarter round function. Works on four 32-bit integers. |
|
| 36 | - * |
|
| 37 | - * @internal You should not use this directly from another application |
|
| 38 | - * |
|
| 39 | - * @param int $a |
|
| 40 | - * @param int $b |
|
| 41 | - * @param int $c |
|
| 42 | - * @param int $d |
|
| 43 | - * @return array<int, int> |
|
| 44 | - */ |
|
| 45 | - protected static function quarterRound($a, $b, $c, $d) |
|
| 46 | - { |
|
| 47 | - # a = PLUS(a,b); d = ROTATE(XOR(d,a),16); |
|
| 48 | - /** @var int $a */ |
|
| 49 | - $a = ($a + $b) & 0xffffffff; |
|
| 50 | - $d = self::rotate($d ^ $a, 16); |
|
| 34 | + /** |
|
| 35 | + * The ChaCha20 quarter round function. Works on four 32-bit integers. |
|
| 36 | + * |
|
| 37 | + * @internal You should not use this directly from another application |
|
| 38 | + * |
|
| 39 | + * @param int $a |
|
| 40 | + * @param int $b |
|
| 41 | + * @param int $c |
|
| 42 | + * @param int $d |
|
| 43 | + * @return array<int, int> |
|
| 44 | + */ |
|
| 45 | + protected static function quarterRound($a, $b, $c, $d) |
|
| 46 | + { |
|
| 47 | + # a = PLUS(a,b); d = ROTATE(XOR(d,a),16); |
|
| 48 | + /** @var int $a */ |
|
| 49 | + $a = ($a + $b) & 0xffffffff; |
|
| 50 | + $d = self::rotate($d ^ $a, 16); |
|
| 51 | 51 | |
| 52 | - # c = PLUS(c,d); b = ROTATE(XOR(b,c),12); |
|
| 53 | - /** @var int $c */ |
|
| 54 | - $c = ($c + $d) & 0xffffffff; |
|
| 55 | - $b = self::rotate($b ^ $c, 12); |
|
| 52 | + # c = PLUS(c,d); b = ROTATE(XOR(b,c),12); |
|
| 53 | + /** @var int $c */ |
|
| 54 | + $c = ($c + $d) & 0xffffffff; |
|
| 55 | + $b = self::rotate($b ^ $c, 12); |
|
| 56 | 56 | |
| 57 | - # a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); |
|
| 58 | - /** @var int $a */ |
|
| 59 | - $a = ($a + $b) & 0xffffffff; |
|
| 60 | - $d = self::rotate($d ^ $a, 8); |
|
| 57 | + # a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); |
|
| 58 | + /** @var int $a */ |
|
| 59 | + $a = ($a + $b) & 0xffffffff; |
|
| 60 | + $d = self::rotate($d ^ $a, 8); |
|
| 61 | 61 | |
| 62 | - # c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); |
|
| 63 | - /** @var int $c */ |
|
| 64 | - $c = ($c + $d) & 0xffffffff; |
|
| 65 | - $b = self::rotate($b ^ $c, 7); |
|
| 66 | - return array((int) $a, (int) $b, (int) $c, (int) $d); |
|
| 67 | - } |
|
| 62 | + # c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); |
|
| 63 | + /** @var int $c */ |
|
| 64 | + $c = ($c + $d) & 0xffffffff; |
|
| 65 | + $b = self::rotate($b ^ $c, 7); |
|
| 66 | + return array((int) $a, (int) $b, (int) $c, (int) $d); |
|
| 67 | + } |
|
| 68 | 68 | |
| 69 | - /** |
|
| 70 | - * @internal You should not use this directly from another application |
|
| 71 | - * |
|
| 72 | - * @param ParagonIE_Sodium_Core_ChaCha20_Ctx $ctx |
|
| 73 | - * @param string $message |
|
| 74 | - * |
|
| 75 | - * @return string |
|
| 76 | - * @throws TypeError |
|
| 77 | - * @throws SodiumException |
|
| 78 | - */ |
|
| 79 | - public static function encryptBytes( |
|
| 80 | - ParagonIE_Sodium_Core_ChaCha20_Ctx $ctx, |
|
| 81 | - $message = '' |
|
| 82 | - ) { |
|
| 83 | - $bytes = self::strlen($message); |
|
| 69 | + /** |
|
| 70 | + * @internal You should not use this directly from another application |
|
| 71 | + * |
|
| 72 | + * @param ParagonIE_Sodium_Core_ChaCha20_Ctx $ctx |
|
| 73 | + * @param string $message |
|
| 74 | + * |
|
| 75 | + * @return string |
|
| 76 | + * @throws TypeError |
|
| 77 | + * @throws SodiumException |
|
| 78 | + */ |
|
| 79 | + public static function encryptBytes( |
|
| 80 | + ParagonIE_Sodium_Core_ChaCha20_Ctx $ctx, |
|
| 81 | + $message = '' |
|
| 82 | + ) { |
|
| 83 | + $bytes = self::strlen($message); |
|
| 84 | 84 | |
| 85 | - /* |
|
| 85 | + /* |
|
| 86 | 86 | j0 = ctx->input[0]; |
| 87 | 87 | j1 = ctx->input[1]; |
| 88 | 88 | j2 = ctx->input[2]; |
@@ -100,73 +100,73 @@ discard block |
||
| 100 | 100 | j14 = ctx->input[14]; |
| 101 | 101 | j15 = ctx->input[15]; |
| 102 | 102 | */ |
| 103 | - $j0 = (int) $ctx[0]; |
|
| 104 | - $j1 = (int) $ctx[1]; |
|
| 105 | - $j2 = (int) $ctx[2]; |
|
| 106 | - $j3 = (int) $ctx[3]; |
|
| 107 | - $j4 = (int) $ctx[4]; |
|
| 108 | - $j5 = (int) $ctx[5]; |
|
| 109 | - $j6 = (int) $ctx[6]; |
|
| 110 | - $j7 = (int) $ctx[7]; |
|
| 111 | - $j8 = (int) $ctx[8]; |
|
| 112 | - $j9 = (int) $ctx[9]; |
|
| 113 | - $j10 = (int) $ctx[10]; |
|
| 114 | - $j11 = (int) $ctx[11]; |
|
| 115 | - $j12 = (int) $ctx[12]; |
|
| 116 | - $j13 = (int) $ctx[13]; |
|
| 117 | - $j14 = (int) $ctx[14]; |
|
| 118 | - $j15 = (int) $ctx[15]; |
|
| 103 | + $j0 = (int) $ctx[0]; |
|
| 104 | + $j1 = (int) $ctx[1]; |
|
| 105 | + $j2 = (int) $ctx[2]; |
|
| 106 | + $j3 = (int) $ctx[3]; |
|
| 107 | + $j4 = (int) $ctx[4]; |
|
| 108 | + $j5 = (int) $ctx[5]; |
|
| 109 | + $j6 = (int) $ctx[6]; |
|
| 110 | + $j7 = (int) $ctx[7]; |
|
| 111 | + $j8 = (int) $ctx[8]; |
|
| 112 | + $j9 = (int) $ctx[9]; |
|
| 113 | + $j10 = (int) $ctx[10]; |
|
| 114 | + $j11 = (int) $ctx[11]; |
|
| 115 | + $j12 = (int) $ctx[12]; |
|
| 116 | + $j13 = (int) $ctx[13]; |
|
| 117 | + $j14 = (int) $ctx[14]; |
|
| 118 | + $j15 = (int) $ctx[15]; |
|
| 119 | 119 | |
| 120 | - $c = ''; |
|
| 121 | - for (;;) { |
|
| 122 | - if ($bytes < 64) { |
|
| 123 | - $message .= str_repeat("\x00", 64 - $bytes); |
|
| 124 | - } |
|
| 120 | + $c = ''; |
|
| 121 | + for (;;) { |
|
| 122 | + if ($bytes < 64) { |
|
| 123 | + $message .= str_repeat("\x00", 64 - $bytes); |
|
| 124 | + } |
|
| 125 | 125 | |
| 126 | - $x0 = (int) $j0; |
|
| 127 | - $x1 = (int) $j1; |
|
| 128 | - $x2 = (int) $j2; |
|
| 129 | - $x3 = (int) $j3; |
|
| 130 | - $x4 = (int) $j4; |
|
| 131 | - $x5 = (int) $j5; |
|
| 132 | - $x6 = (int) $j6; |
|
| 133 | - $x7 = (int) $j7; |
|
| 134 | - $x8 = (int) $j8; |
|
| 135 | - $x9 = (int) $j9; |
|
| 136 | - $x10 = (int) $j10; |
|
| 137 | - $x11 = (int) $j11; |
|
| 138 | - $x12 = (int) $j12; |
|
| 139 | - $x13 = (int) $j13; |
|
| 140 | - $x14 = (int) $j14; |
|
| 141 | - $x15 = (int) $j15; |
|
| 126 | + $x0 = (int) $j0; |
|
| 127 | + $x1 = (int) $j1; |
|
| 128 | + $x2 = (int) $j2; |
|
| 129 | + $x3 = (int) $j3; |
|
| 130 | + $x4 = (int) $j4; |
|
| 131 | + $x5 = (int) $j5; |
|
| 132 | + $x6 = (int) $j6; |
|
| 133 | + $x7 = (int) $j7; |
|
| 134 | + $x8 = (int) $j8; |
|
| 135 | + $x9 = (int) $j9; |
|
| 136 | + $x10 = (int) $j10; |
|
| 137 | + $x11 = (int) $j11; |
|
| 138 | + $x12 = (int) $j12; |
|
| 139 | + $x13 = (int) $j13; |
|
| 140 | + $x14 = (int) $j14; |
|
| 141 | + $x15 = (int) $j15; |
|
| 142 | 142 | |
| 143 | - # for (i = 20; i > 0; i -= 2) { |
|
| 144 | - for ($i = 20; $i > 0; $i -= 2) { |
|
| 145 | - # QUARTERROUND( x0, x4, x8, x12) |
|
| 146 | - list($x0, $x4, $x8, $x12) = self::quarterRound($x0, $x4, $x8, $x12); |
|
| 143 | + # for (i = 20; i > 0; i -= 2) { |
|
| 144 | + for ($i = 20; $i > 0; $i -= 2) { |
|
| 145 | + # QUARTERROUND( x0, x4, x8, x12) |
|
| 146 | + list($x0, $x4, $x8, $x12) = self::quarterRound($x0, $x4, $x8, $x12); |
|
| 147 | 147 | |
| 148 | - # QUARTERROUND( x1, x5, x9, x13) |
|
| 149 | - list($x1, $x5, $x9, $x13) = self::quarterRound($x1, $x5, $x9, $x13); |
|
| 148 | + # QUARTERROUND( x1, x5, x9, x13) |
|
| 149 | + list($x1, $x5, $x9, $x13) = self::quarterRound($x1, $x5, $x9, $x13); |
|
| 150 | 150 | |
| 151 | - # QUARTERROUND( x2, x6, x10, x14) |
|
| 152 | - list($x2, $x6, $x10, $x14) = self::quarterRound($x2, $x6, $x10, $x14); |
|
| 151 | + # QUARTERROUND( x2, x6, x10, x14) |
|
| 152 | + list($x2, $x6, $x10, $x14) = self::quarterRound($x2, $x6, $x10, $x14); |
|
| 153 | 153 | |
| 154 | - # QUARTERROUND( x3, x7, x11, x15) |
|
| 155 | - list($x3, $x7, $x11, $x15) = self::quarterRound($x3, $x7, $x11, $x15); |
|
| 154 | + # QUARTERROUND( x3, x7, x11, x15) |
|
| 155 | + list($x3, $x7, $x11, $x15) = self::quarterRound($x3, $x7, $x11, $x15); |
|
| 156 | 156 | |
| 157 | - # QUARTERROUND( x0, x5, x10, x15) |
|
| 158 | - list($x0, $x5, $x10, $x15) = self::quarterRound($x0, $x5, $x10, $x15); |
|
| 157 | + # QUARTERROUND( x0, x5, x10, x15) |
|
| 158 | + list($x0, $x5, $x10, $x15) = self::quarterRound($x0, $x5, $x10, $x15); |
|
| 159 | 159 | |
| 160 | - # QUARTERROUND( x1, x6, x11, x12) |
|
| 161 | - list($x1, $x6, $x11, $x12) = self::quarterRound($x1, $x6, $x11, $x12); |
|
| 160 | + # QUARTERROUND( x1, x6, x11, x12) |
|
| 161 | + list($x1, $x6, $x11, $x12) = self::quarterRound($x1, $x6, $x11, $x12); |
|
| 162 | 162 | |
| 163 | - # QUARTERROUND( x2, x7, x8, x13) |
|
| 164 | - list($x2, $x7, $x8, $x13) = self::quarterRound($x2, $x7, $x8, $x13); |
|
| 163 | + # QUARTERROUND( x2, x7, x8, x13) |
|
| 164 | + list($x2, $x7, $x8, $x13) = self::quarterRound($x2, $x7, $x8, $x13); |
|
| 165 | 165 | |
| 166 | - # QUARTERROUND( x3, x4, x9, x14) |
|
| 167 | - list($x3, $x4, $x9, $x14) = self::quarterRound($x3, $x4, $x9, $x14); |
|
| 168 | - } |
|
| 169 | - /* |
|
| 166 | + # QUARTERROUND( x3, x4, x9, x14) |
|
| 167 | + list($x3, $x4, $x9, $x14) = self::quarterRound($x3, $x4, $x9, $x14); |
|
| 168 | + } |
|
| 169 | + /* |
|
| 170 | 170 | x0 = PLUS(x0, j0); |
| 171 | 171 | x1 = PLUS(x1, j1); |
| 172 | 172 | x2 = PLUS(x2, j2); |
@@ -184,40 +184,40 @@ discard block |
||
| 184 | 184 | x14 = PLUS(x14, j14); |
| 185 | 185 | x15 = PLUS(x15, j15); |
| 186 | 186 | */ |
| 187 | - /** @var int $x0 */ |
|
| 188 | - $x0 = ($x0 & 0xffffffff) + $j0; |
|
| 189 | - /** @var int $x1 */ |
|
| 190 | - $x1 = ($x1 & 0xffffffff) + $j1; |
|
| 191 | - /** @var int $x2 */ |
|
| 192 | - $x2 = ($x2 & 0xffffffff) + $j2; |
|
| 193 | - /** @var int $x3 */ |
|
| 194 | - $x3 = ($x3 & 0xffffffff) + $j3; |
|
| 195 | - /** @var int $x4 */ |
|
| 196 | - $x4 = ($x4 & 0xffffffff) + $j4; |
|
| 197 | - /** @var int $x5 */ |
|
| 198 | - $x5 = ($x5 & 0xffffffff) + $j5; |
|
| 199 | - /** @var int $x6 */ |
|
| 200 | - $x6 = ($x6 & 0xffffffff) + $j6; |
|
| 201 | - /** @var int $x7 */ |
|
| 202 | - $x7 = ($x7 & 0xffffffff) + $j7; |
|
| 203 | - /** @var int $x8 */ |
|
| 204 | - $x8 = ($x8 & 0xffffffff) + $j8; |
|
| 205 | - /** @var int $x9 */ |
|
| 206 | - $x9 = ($x9 & 0xffffffff) + $j9; |
|
| 207 | - /** @var int $x10 */ |
|
| 208 | - $x10 = ($x10 & 0xffffffff) + $j10; |
|
| 209 | - /** @var int $x11 */ |
|
| 210 | - $x11 = ($x11 & 0xffffffff) + $j11; |
|
| 211 | - /** @var int $x12 */ |
|
| 212 | - $x12 = ($x12 & 0xffffffff) + $j12; |
|
| 213 | - /** @var int $x13 */ |
|
| 214 | - $x13 = ($x13 & 0xffffffff) + $j13; |
|
| 215 | - /** @var int $x14 */ |
|
| 216 | - $x14 = ($x14 & 0xffffffff) + $j14; |
|
| 217 | - /** @var int $x15 */ |
|
| 218 | - $x15 = ($x15 & 0xffffffff) + $j15; |
|
| 187 | + /** @var int $x0 */ |
|
| 188 | + $x0 = ($x0 & 0xffffffff) + $j0; |
|
| 189 | + /** @var int $x1 */ |
|
| 190 | + $x1 = ($x1 & 0xffffffff) + $j1; |
|
| 191 | + /** @var int $x2 */ |
|
| 192 | + $x2 = ($x2 & 0xffffffff) + $j2; |
|
| 193 | + /** @var int $x3 */ |
|
| 194 | + $x3 = ($x3 & 0xffffffff) + $j3; |
|
| 195 | + /** @var int $x4 */ |
|
| 196 | + $x4 = ($x4 & 0xffffffff) + $j4; |
|
| 197 | + /** @var int $x5 */ |
|
| 198 | + $x5 = ($x5 & 0xffffffff) + $j5; |
|
| 199 | + /** @var int $x6 */ |
|
| 200 | + $x6 = ($x6 & 0xffffffff) + $j6; |
|
| 201 | + /** @var int $x7 */ |
|
| 202 | + $x7 = ($x7 & 0xffffffff) + $j7; |
|
| 203 | + /** @var int $x8 */ |
|
| 204 | + $x8 = ($x8 & 0xffffffff) + $j8; |
|
| 205 | + /** @var int $x9 */ |
|
| 206 | + $x9 = ($x9 & 0xffffffff) + $j9; |
|
| 207 | + /** @var int $x10 */ |
|
| 208 | + $x10 = ($x10 & 0xffffffff) + $j10; |
|
| 209 | + /** @var int $x11 */ |
|
| 210 | + $x11 = ($x11 & 0xffffffff) + $j11; |
|
| 211 | + /** @var int $x12 */ |
|
| 212 | + $x12 = ($x12 & 0xffffffff) + $j12; |
|
| 213 | + /** @var int $x13 */ |
|
| 214 | + $x13 = ($x13 & 0xffffffff) + $j13; |
|
| 215 | + /** @var int $x14 */ |
|
| 216 | + $x14 = ($x14 & 0xffffffff) + $j14; |
|
| 217 | + /** @var int $x15 */ |
|
| 218 | + $x15 = ($x15 & 0xffffffff) + $j15; |
|
| 219 | 219 | |
| 220 | - /* |
|
| 220 | + /* |
|
| 221 | 221 | x0 = XOR(x0, LOAD32_LE(m + 0)); |
| 222 | 222 | x1 = XOR(x1, LOAD32_LE(m + 4)); |
| 223 | 223 | x2 = XOR(x2, LOAD32_LE(m + 8)); |
@@ -235,35 +235,35 @@ discard block |
||
| 235 | 235 | x14 = XOR(x14, LOAD32_LE(m + 56)); |
| 236 | 236 | x15 = XOR(x15, LOAD32_LE(m + 60)); |
| 237 | 237 | */ |
| 238 | - $x0 ^= self::load_4(self::substr($message, 0, 4)); |
|
| 239 | - $x1 ^= self::load_4(self::substr($message, 4, 4)); |
|
| 240 | - $x2 ^= self::load_4(self::substr($message, 8, 4)); |
|
| 241 | - $x3 ^= self::load_4(self::substr($message, 12, 4)); |
|
| 242 | - $x4 ^= self::load_4(self::substr($message, 16, 4)); |
|
| 243 | - $x5 ^= self::load_4(self::substr($message, 20, 4)); |
|
| 244 | - $x6 ^= self::load_4(self::substr($message, 24, 4)); |
|
| 245 | - $x7 ^= self::load_4(self::substr($message, 28, 4)); |
|
| 246 | - $x8 ^= self::load_4(self::substr($message, 32, 4)); |
|
| 247 | - $x9 ^= self::load_4(self::substr($message, 36, 4)); |
|
| 248 | - $x10 ^= self::load_4(self::substr($message, 40, 4)); |
|
| 249 | - $x11 ^= self::load_4(self::substr($message, 44, 4)); |
|
| 250 | - $x12 ^= self::load_4(self::substr($message, 48, 4)); |
|
| 251 | - $x13 ^= self::load_4(self::substr($message, 52, 4)); |
|
| 252 | - $x14 ^= self::load_4(self::substr($message, 56, 4)); |
|
| 253 | - $x15 ^= self::load_4(self::substr($message, 60, 4)); |
|
| 238 | + $x0 ^= self::load_4(self::substr($message, 0, 4)); |
|
| 239 | + $x1 ^= self::load_4(self::substr($message, 4, 4)); |
|
| 240 | + $x2 ^= self::load_4(self::substr($message, 8, 4)); |
|
| 241 | + $x3 ^= self::load_4(self::substr($message, 12, 4)); |
|
| 242 | + $x4 ^= self::load_4(self::substr($message, 16, 4)); |
|
| 243 | + $x5 ^= self::load_4(self::substr($message, 20, 4)); |
|
| 244 | + $x6 ^= self::load_4(self::substr($message, 24, 4)); |
|
| 245 | + $x7 ^= self::load_4(self::substr($message, 28, 4)); |
|
| 246 | + $x8 ^= self::load_4(self::substr($message, 32, 4)); |
|
| 247 | + $x9 ^= self::load_4(self::substr($message, 36, 4)); |
|
| 248 | + $x10 ^= self::load_4(self::substr($message, 40, 4)); |
|
| 249 | + $x11 ^= self::load_4(self::substr($message, 44, 4)); |
|
| 250 | + $x12 ^= self::load_4(self::substr($message, 48, 4)); |
|
| 251 | + $x13 ^= self::load_4(self::substr($message, 52, 4)); |
|
| 252 | + $x14 ^= self::load_4(self::substr($message, 56, 4)); |
|
| 253 | + $x15 ^= self::load_4(self::substr($message, 60, 4)); |
|
| 254 | 254 | |
| 255 | - /* |
|
| 255 | + /* |
|
| 256 | 256 | j12 = PLUSONE(j12); |
| 257 | 257 | if (!j12) { |
| 258 | 258 | j13 = PLUSONE(j13); |
| 259 | 259 | } |
| 260 | 260 | */ |
| 261 | - ++$j12; |
|
| 262 | - if ($j12 & 0xf0000000) { |
|
| 263 | - throw new SodiumException('Overflow'); |
|
| 264 | - } |
|
| 261 | + ++$j12; |
|
| 262 | + if ($j12 & 0xf0000000) { |
|
| 263 | + throw new SodiumException('Overflow'); |
|
| 264 | + } |
|
| 265 | 265 | |
| 266 | - /* |
|
| 266 | + /* |
|
| 267 | 267 | STORE32_LE(c + 0, x0); |
| 268 | 268 | STORE32_LE(c + 4, x1); |
| 269 | 269 | STORE32_LE(c + 8, x2); |
@@ -281,115 +281,115 @@ discard block |
||
| 281 | 281 | STORE32_LE(c + 56, x14); |
| 282 | 282 | STORE32_LE(c + 60, x15); |
| 283 | 283 | */ |
| 284 | - $block = self::store32_le((int) ($x0 & 0xffffffff)) . |
|
| 285 | - self::store32_le((int) ($x1 & 0xffffffff)) . |
|
| 286 | - self::store32_le((int) ($x2 & 0xffffffff)) . |
|
| 287 | - self::store32_le((int) ($x3 & 0xffffffff)) . |
|
| 288 | - self::store32_le((int) ($x4 & 0xffffffff)) . |
|
| 289 | - self::store32_le((int) ($x5 & 0xffffffff)) . |
|
| 290 | - self::store32_le((int) ($x6 & 0xffffffff)) . |
|
| 291 | - self::store32_le((int) ($x7 & 0xffffffff)) . |
|
| 292 | - self::store32_le((int) ($x8 & 0xffffffff)) . |
|
| 293 | - self::store32_le((int) ($x9 & 0xffffffff)) . |
|
| 294 | - self::store32_le((int) ($x10 & 0xffffffff)) . |
|
| 295 | - self::store32_le((int) ($x11 & 0xffffffff)) . |
|
| 296 | - self::store32_le((int) ($x12 & 0xffffffff)) . |
|
| 297 | - self::store32_le((int) ($x13 & 0xffffffff)) . |
|
| 298 | - self::store32_le((int) ($x14 & 0xffffffff)) . |
|
| 299 | - self::store32_le((int) ($x15 & 0xffffffff)); |
|
| 284 | + $block = self::store32_le((int) ($x0 & 0xffffffff)) . |
|
| 285 | + self::store32_le((int) ($x1 & 0xffffffff)) . |
|
| 286 | + self::store32_le((int) ($x2 & 0xffffffff)) . |
|
| 287 | + self::store32_le((int) ($x3 & 0xffffffff)) . |
|
| 288 | + self::store32_le((int) ($x4 & 0xffffffff)) . |
|
| 289 | + self::store32_le((int) ($x5 & 0xffffffff)) . |
|
| 290 | + self::store32_le((int) ($x6 & 0xffffffff)) . |
|
| 291 | + self::store32_le((int) ($x7 & 0xffffffff)) . |
|
| 292 | + self::store32_le((int) ($x8 & 0xffffffff)) . |
|
| 293 | + self::store32_le((int) ($x9 & 0xffffffff)) . |
|
| 294 | + self::store32_le((int) ($x10 & 0xffffffff)) . |
|
| 295 | + self::store32_le((int) ($x11 & 0xffffffff)) . |
|
| 296 | + self::store32_le((int) ($x12 & 0xffffffff)) . |
|
| 297 | + self::store32_le((int) ($x13 & 0xffffffff)) . |
|
| 298 | + self::store32_le((int) ($x14 & 0xffffffff)) . |
|
| 299 | + self::store32_le((int) ($x15 & 0xffffffff)); |
|
| 300 | 300 | |
| 301 | - /* Partial block */ |
|
| 302 | - if ($bytes < 64) { |
|
| 303 | - $c .= self::substr($block, 0, $bytes); |
|
| 304 | - break; |
|
| 305 | - } |
|
| 301 | + /* Partial block */ |
|
| 302 | + if ($bytes < 64) { |
|
| 303 | + $c .= self::substr($block, 0, $bytes); |
|
| 304 | + break; |
|
| 305 | + } |
|
| 306 | 306 | |
| 307 | - /* Full block */ |
|
| 308 | - $c .= $block; |
|
| 309 | - $bytes -= 64; |
|
| 310 | - if ($bytes <= 0) { |
|
| 311 | - break; |
|
| 312 | - } |
|
| 313 | - $message = self::substr($message, 64); |
|
| 314 | - } |
|
| 315 | - /* end for(;;) loop */ |
|
| 307 | + /* Full block */ |
|
| 308 | + $c .= $block; |
|
| 309 | + $bytes -= 64; |
|
| 310 | + if ($bytes <= 0) { |
|
| 311 | + break; |
|
| 312 | + } |
|
| 313 | + $message = self::substr($message, 64); |
|
| 314 | + } |
|
| 315 | + /* end for(;;) loop */ |
|
| 316 | 316 | |
| 317 | - $ctx[12] = $j12; |
|
| 318 | - $ctx[13] = $j13; |
|
| 319 | - return $c; |
|
| 320 | - } |
|
| 317 | + $ctx[12] = $j12; |
|
| 318 | + $ctx[13] = $j13; |
|
| 319 | + return $c; |
|
| 320 | + } |
|
| 321 | 321 | |
| 322 | - /** |
|
| 323 | - * @internal You should not use this directly from another application |
|
| 324 | - * |
|
| 325 | - * @param int $len |
|
| 326 | - * @param string $nonce |
|
| 327 | - * @param string $key |
|
| 328 | - * @return string |
|
| 329 | - * @throws SodiumException |
|
| 330 | - * @throws TypeError |
|
| 331 | - */ |
|
| 332 | - public static function stream($len = 64, $nonce = '', $key = '') |
|
| 333 | - { |
|
| 334 | - return self::encryptBytes( |
|
| 335 | - new ParagonIE_Sodium_Core_ChaCha20_Ctx($key, $nonce), |
|
| 336 | - str_repeat("\x00", $len) |
|
| 337 | - ); |
|
| 338 | - } |
|
| 322 | + /** |
|
| 323 | + * @internal You should not use this directly from another application |
|
| 324 | + * |
|
| 325 | + * @param int $len |
|
| 326 | + * @param string $nonce |
|
| 327 | + * @param string $key |
|
| 328 | + * @return string |
|
| 329 | + * @throws SodiumException |
|
| 330 | + * @throws TypeError |
|
| 331 | + */ |
|
| 332 | + public static function stream($len = 64, $nonce = '', $key = '') |
|
| 333 | + { |
|
| 334 | + return self::encryptBytes( |
|
| 335 | + new ParagonIE_Sodium_Core_ChaCha20_Ctx($key, $nonce), |
|
| 336 | + str_repeat("\x00", $len) |
|
| 337 | + ); |
|
| 338 | + } |
|
| 339 | 339 | |
| 340 | - /** |
|
| 341 | - * @internal You should not use this directly from another application |
|
| 342 | - * |
|
| 343 | - * @param int $len |
|
| 344 | - * @param string $nonce |
|
| 345 | - * @param string $key |
|
| 346 | - * @return string |
|
| 347 | - * @throws SodiumException |
|
| 348 | - * @throws TypeError |
|
| 349 | - */ |
|
| 350 | - public static function ietfStream($len, $nonce = '', $key = '') |
|
| 351 | - { |
|
| 352 | - return self::encryptBytes( |
|
| 353 | - new ParagonIE_Sodium_Core_ChaCha20_IetfCtx($key, $nonce), |
|
| 354 | - str_repeat("\x00", $len) |
|
| 355 | - ); |
|
| 356 | - } |
|
| 340 | + /** |
|
| 341 | + * @internal You should not use this directly from another application |
|
| 342 | + * |
|
| 343 | + * @param int $len |
|
| 344 | + * @param string $nonce |
|
| 345 | + * @param string $key |
|
| 346 | + * @return string |
|
| 347 | + * @throws SodiumException |
|
| 348 | + * @throws TypeError |
|
| 349 | + */ |
|
| 350 | + public static function ietfStream($len, $nonce = '', $key = '') |
|
| 351 | + { |
|
| 352 | + return self::encryptBytes( |
|
| 353 | + new ParagonIE_Sodium_Core_ChaCha20_IetfCtx($key, $nonce), |
|
| 354 | + str_repeat("\x00", $len) |
|
| 355 | + ); |
|
| 356 | + } |
|
| 357 | 357 | |
| 358 | - /** |
|
| 359 | - * @internal You should not use this directly from another application |
|
| 360 | - * |
|
| 361 | - * @param string $message |
|
| 362 | - * @param string $nonce |
|
| 363 | - * @param string $key |
|
| 364 | - * @param string $ic |
|
| 365 | - * @return string |
|
| 366 | - * @throws SodiumException |
|
| 367 | - * @throws TypeError |
|
| 368 | - */ |
|
| 369 | - public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 370 | - { |
|
| 371 | - return self::encryptBytes( |
|
| 372 | - new ParagonIE_Sodium_Core_ChaCha20_IetfCtx($key, $nonce, $ic), |
|
| 373 | - $message |
|
| 374 | - ); |
|
| 375 | - } |
|
| 358 | + /** |
|
| 359 | + * @internal You should not use this directly from another application |
|
| 360 | + * |
|
| 361 | + * @param string $message |
|
| 362 | + * @param string $nonce |
|
| 363 | + * @param string $key |
|
| 364 | + * @param string $ic |
|
| 365 | + * @return string |
|
| 366 | + * @throws SodiumException |
|
| 367 | + * @throws TypeError |
|
| 368 | + */ |
|
| 369 | + public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 370 | + { |
|
| 371 | + return self::encryptBytes( |
|
| 372 | + new ParagonIE_Sodium_Core_ChaCha20_IetfCtx($key, $nonce, $ic), |
|
| 373 | + $message |
|
| 374 | + ); |
|
| 375 | + } |
|
| 376 | 376 | |
| 377 | - /** |
|
| 378 | - * @internal You should not use this directly from another application |
|
| 379 | - * |
|
| 380 | - * @param string $message |
|
| 381 | - * @param string $nonce |
|
| 382 | - * @param string $key |
|
| 383 | - * @param string $ic |
|
| 384 | - * @return string |
|
| 385 | - * @throws SodiumException |
|
| 386 | - * @throws TypeError |
|
| 387 | - */ |
|
| 388 | - public static function streamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 389 | - { |
|
| 390 | - return self::encryptBytes( |
|
| 391 | - new ParagonIE_Sodium_Core_ChaCha20_Ctx($key, $nonce, $ic), |
|
| 392 | - $message |
|
| 393 | - ); |
|
| 394 | - } |
|
| 377 | + /** |
|
| 378 | + * @internal You should not use this directly from another application |
|
| 379 | + * |
|
| 380 | + * @param string $message |
|
| 381 | + * @param string $nonce |
|
| 382 | + * @param string $key |
|
| 383 | + * @param string $ic |
|
| 384 | + * @return string |
|
| 385 | + * @throws SodiumException |
|
| 386 | + * @throws TypeError |
|
| 387 | + */ |
|
| 388 | + public static function streamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 389 | + { |
|
| 390 | + return self::encryptBytes( |
|
| 391 | + new ParagonIE_Sodium_Core_ChaCha20_Ctx($key, $nonce, $ic), |
|
| 392 | + $message |
|
| 393 | + ); |
|
| 394 | + } |
|
| 395 | 395 | } |
@@ -7,8 +7,7 @@ discard block |
||
| 7 | 7 | /** |
| 8 | 8 | * Class ParagonIE_Sodium_Core_ChaCha20 |
| 9 | 9 | */ |
| 10 | -class ParagonIE_Sodium_Core_ChaCha20 extends ParagonIE_Sodium_Core_Util |
|
| 11 | -{ |
|
| 10 | +class ParagonIE_Sodium_Core_ChaCha20 extends ParagonIE_Sodium_Core_Util { |
|
| 12 | 11 | /** |
| 13 | 12 | * Bitwise left rotation |
| 14 | 13 | * |
@@ -18,8 +17,7 @@ discard block |
||
| 18 | 17 | * @param int $n |
| 19 | 18 | * @return int |
| 20 | 19 | */ |
| 21 | - public static function rotate($v, $n) |
|
| 22 | - { |
|
| 20 | + public static function rotate($v, $n) { |
|
| 23 | 21 | $v &= 0xffffffff; |
| 24 | 22 | $n &= 31; |
| 25 | 23 | return (int) ( |
@@ -42,8 +40,7 @@ discard block |
||
| 42 | 40 | * @param int $d |
| 43 | 41 | * @return array<int, int> |
| 44 | 42 | */ |
| 45 | - protected static function quarterRound($a, $b, $c, $d) |
|
| 46 | - { |
|
| 43 | + protected static function quarterRound($a, $b, $c, $d) { |
|
| 47 | 44 | # a = PLUS(a,b); d = ROTATE(XOR(d,a),16); |
| 48 | 45 | /** @var int $a */ |
| 49 | 46 | $a = ($a + $b) & 0xffffffff; |
@@ -329,8 +326,7 @@ discard block |
||
| 329 | 326 | * @throws SodiumException |
| 330 | 327 | * @throws TypeError |
| 331 | 328 | */ |
| 332 | - public static function stream($len = 64, $nonce = '', $key = '') |
|
| 333 | - { |
|
| 329 | + public static function stream($len = 64, $nonce = '', $key = '') { |
|
| 334 | 330 | return self::encryptBytes( |
| 335 | 331 | new ParagonIE_Sodium_Core_ChaCha20_Ctx($key, $nonce), |
| 336 | 332 | str_repeat("\x00", $len) |
@@ -347,8 +343,7 @@ discard block |
||
| 347 | 343 | * @throws SodiumException |
| 348 | 344 | * @throws TypeError |
| 349 | 345 | */ |
| 350 | - public static function ietfStream($len, $nonce = '', $key = '') |
|
| 351 | - { |
|
| 346 | + public static function ietfStream($len, $nonce = '', $key = '') { |
|
| 352 | 347 | return self::encryptBytes( |
| 353 | 348 | new ParagonIE_Sodium_Core_ChaCha20_IetfCtx($key, $nonce), |
| 354 | 349 | str_repeat("\x00", $len) |
@@ -366,8 +361,7 @@ discard block |
||
| 366 | 361 | * @throws SodiumException |
| 367 | 362 | * @throws TypeError |
| 368 | 363 | */ |
| 369 | - public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 370 | - { |
|
| 364 | + public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '') { |
|
| 371 | 365 | return self::encryptBytes( |
| 372 | 366 | new ParagonIE_Sodium_Core_ChaCha20_IetfCtx($key, $nonce, $ic), |
| 373 | 367 | $message |
@@ -385,8 +379,7 @@ discard block |
||
| 385 | 379 | * @throws SodiumException |
| 386 | 380 | * @throws TypeError |
| 387 | 381 | */ |
| 388 | - public static function streamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 389 | - { |
|
| 382 | + public static function streamXorIc($message, $nonce = '', $key = '', $ic = '') { |
|
| 390 | 383 | return self::encryptBytes( |
| 391 | 384 | new ParagonIE_Sodium_Core_ChaCha20_Ctx($key, $nonce, $ic), |
| 392 | 385 | $message |
@@ -1,6 +1,6 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -if (class_exists('ParagonIE_Sodium_Core_ChaCha20', false)) { |
|
| 3 | +if ( class_exists( 'ParagonIE_Sodium_Core_ChaCha20', false ) ) { |
|
| 4 | 4 | return; |
| 5 | 5 | } |
| 6 | 6 | |
@@ -18,15 +18,15 @@ discard block |
||
| 18 | 18 | * @param int $n |
| 19 | 19 | * @return int |
| 20 | 20 | */ |
| 21 | - public static function rotate($v, $n) |
|
| 21 | + public static function rotate( $v, $n ) |
|
| 22 | 22 | { |
| 23 | 23 | $v &= 0xffffffff; |
| 24 | 24 | $n &= 31; |
| 25 | - return (int) ( |
|
| 25 | + return (int)( |
|
| 26 | 26 | 0xffffffff & ( |
| 27 | - ($v << $n) |
|
| 27 | + ( $v << $n ) |
|
| 28 | 28 | | |
| 29 | - ($v >> (32 - $n)) |
|
| 29 | + ( $v >> ( 32 - $n ) ) |
|
| 30 | 30 | ) |
| 31 | 31 | ); |
| 32 | 32 | } |
@@ -42,28 +42,28 @@ discard block |
||
| 42 | 42 | * @param int $d |
| 43 | 43 | * @return array<int, int> |
| 44 | 44 | */ |
| 45 | - protected static function quarterRound($a, $b, $c, $d) |
|
| 45 | + protected static function quarterRound( $a, $b, $c, $d ) |
|
| 46 | 46 | { |
| 47 | 47 | # a = PLUS(a,b); d = ROTATE(XOR(d,a),16); |
| 48 | 48 | /** @var int $a */ |
| 49 | - $a = ($a + $b) & 0xffffffff; |
|
| 50 | - $d = self::rotate($d ^ $a, 16); |
|
| 49 | + $a = ( $a + $b ) & 0xffffffff; |
|
| 50 | + $d = self::rotate( $d ^ $a, 16 ); |
|
| 51 | 51 | |
| 52 | 52 | # c = PLUS(c,d); b = ROTATE(XOR(b,c),12); |
| 53 | 53 | /** @var int $c */ |
| 54 | - $c = ($c + $d) & 0xffffffff; |
|
| 55 | - $b = self::rotate($b ^ $c, 12); |
|
| 54 | + $c = ( $c + $d ) & 0xffffffff; |
|
| 55 | + $b = self::rotate( $b ^ $c, 12 ); |
|
| 56 | 56 | |
| 57 | 57 | # a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); |
| 58 | 58 | /** @var int $a */ |
| 59 | - $a = ($a + $b) & 0xffffffff; |
|
| 60 | - $d = self::rotate($d ^ $a, 8); |
|
| 59 | + $a = ( $a + $b ) & 0xffffffff; |
|
| 60 | + $d = self::rotate( $d ^ $a, 8 ); |
|
| 61 | 61 | |
| 62 | 62 | # c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); |
| 63 | 63 | /** @var int $c */ |
| 64 | - $c = ($c + $d) & 0xffffffff; |
|
| 65 | - $b = self::rotate($b ^ $c, 7); |
|
| 66 | - return array((int) $a, (int) $b, (int) $c, (int) $d); |
|
| 64 | + $c = ( $c + $d ) & 0xffffffff; |
|
| 65 | + $b = self::rotate( $b ^ $c, 7 ); |
|
| 66 | + return array( (int)$a, (int)$b, (int)$c, (int)$d ); |
|
| 67 | 67 | } |
| 68 | 68 | |
| 69 | 69 | /** |
@@ -80,7 +80,7 @@ discard block |
||
| 80 | 80 | ParagonIE_Sodium_Core_ChaCha20_Ctx $ctx, |
| 81 | 81 | $message = '' |
| 82 | 82 | ) { |
| 83 | - $bytes = self::strlen($message); |
|
| 83 | + $bytes = self::strlen( $message ); |
|
| 84 | 84 | |
| 85 | 85 | /* |
| 86 | 86 | j0 = ctx->input[0]; |
@@ -100,71 +100,71 @@ discard block |
||
| 100 | 100 | j14 = ctx->input[14]; |
| 101 | 101 | j15 = ctx->input[15]; |
| 102 | 102 | */ |
| 103 | - $j0 = (int) $ctx[0]; |
|
| 104 | - $j1 = (int) $ctx[1]; |
|
| 105 | - $j2 = (int) $ctx[2]; |
|
| 106 | - $j3 = (int) $ctx[3]; |
|
| 107 | - $j4 = (int) $ctx[4]; |
|
| 108 | - $j5 = (int) $ctx[5]; |
|
| 109 | - $j6 = (int) $ctx[6]; |
|
| 110 | - $j7 = (int) $ctx[7]; |
|
| 111 | - $j8 = (int) $ctx[8]; |
|
| 112 | - $j9 = (int) $ctx[9]; |
|
| 113 | - $j10 = (int) $ctx[10]; |
|
| 114 | - $j11 = (int) $ctx[11]; |
|
| 115 | - $j12 = (int) $ctx[12]; |
|
| 116 | - $j13 = (int) $ctx[13]; |
|
| 117 | - $j14 = (int) $ctx[14]; |
|
| 118 | - $j15 = (int) $ctx[15]; |
|
| 103 | + $j0 = (int)$ctx[ 0 ]; |
|
| 104 | + $j1 = (int)$ctx[ 1 ]; |
|
| 105 | + $j2 = (int)$ctx[ 2 ]; |
|
| 106 | + $j3 = (int)$ctx[ 3 ]; |
|
| 107 | + $j4 = (int)$ctx[ 4 ]; |
|
| 108 | + $j5 = (int)$ctx[ 5 ]; |
|
| 109 | + $j6 = (int)$ctx[ 6 ]; |
|
| 110 | + $j7 = (int)$ctx[ 7 ]; |
|
| 111 | + $j8 = (int)$ctx[ 8 ]; |
|
| 112 | + $j9 = (int)$ctx[ 9 ]; |
|
| 113 | + $j10 = (int)$ctx[ 10 ]; |
|
| 114 | + $j11 = (int)$ctx[ 11 ]; |
|
| 115 | + $j12 = (int)$ctx[ 12 ]; |
|
| 116 | + $j13 = (int)$ctx[ 13 ]; |
|
| 117 | + $j14 = (int)$ctx[ 14 ]; |
|
| 118 | + $j15 = (int)$ctx[ 15 ]; |
|
| 119 | 119 | |
| 120 | 120 | $c = ''; |
| 121 | - for (;;) { |
|
| 122 | - if ($bytes < 64) { |
|
| 123 | - $message .= str_repeat("\x00", 64 - $bytes); |
|
| 121 | + for ( ;; ) { |
|
| 122 | + if ( $bytes < 64 ) { |
|
| 123 | + $message .= str_repeat( "\x00", 64 - $bytes ); |
|
| 124 | 124 | } |
| 125 | 125 | |
| 126 | - $x0 = (int) $j0; |
|
| 127 | - $x1 = (int) $j1; |
|
| 128 | - $x2 = (int) $j2; |
|
| 129 | - $x3 = (int) $j3; |
|
| 130 | - $x4 = (int) $j4; |
|
| 131 | - $x5 = (int) $j5; |
|
| 132 | - $x6 = (int) $j6; |
|
| 133 | - $x7 = (int) $j7; |
|
| 134 | - $x8 = (int) $j8; |
|
| 135 | - $x9 = (int) $j9; |
|
| 136 | - $x10 = (int) $j10; |
|
| 137 | - $x11 = (int) $j11; |
|
| 138 | - $x12 = (int) $j12; |
|
| 139 | - $x13 = (int) $j13; |
|
| 140 | - $x14 = (int) $j14; |
|
| 141 | - $x15 = (int) $j15; |
|
| 126 | + $x0 = (int)$j0; |
|
| 127 | + $x1 = (int)$j1; |
|
| 128 | + $x2 = (int)$j2; |
|
| 129 | + $x3 = (int)$j3; |
|
| 130 | + $x4 = (int)$j4; |
|
| 131 | + $x5 = (int)$j5; |
|
| 132 | + $x6 = (int)$j6; |
|
| 133 | + $x7 = (int)$j7; |
|
| 134 | + $x8 = (int)$j8; |
|
| 135 | + $x9 = (int)$j9; |
|
| 136 | + $x10 = (int)$j10; |
|
| 137 | + $x11 = (int)$j11; |
|
| 138 | + $x12 = (int)$j12; |
|
| 139 | + $x13 = (int)$j13; |
|
| 140 | + $x14 = (int)$j14; |
|
| 141 | + $x15 = (int)$j15; |
|
| 142 | 142 | |
| 143 | 143 | # for (i = 20; i > 0; i -= 2) { |
| 144 | - for ($i = 20; $i > 0; $i -= 2) { |
|
| 144 | + for ( $i = 20; $i > 0; $i -= 2 ) { |
|
| 145 | 145 | # QUARTERROUND( x0, x4, x8, x12) |
| 146 | - list($x0, $x4, $x8, $x12) = self::quarterRound($x0, $x4, $x8, $x12); |
|
| 146 | + list( $x0, $x4, $x8, $x12 ) = self::quarterRound( $x0, $x4, $x8, $x12 ); |
|
| 147 | 147 | |
| 148 | 148 | # QUARTERROUND( x1, x5, x9, x13) |
| 149 | - list($x1, $x5, $x9, $x13) = self::quarterRound($x1, $x5, $x9, $x13); |
|
| 149 | + list( $x1, $x5, $x9, $x13 ) = self::quarterRound( $x1, $x5, $x9, $x13 ); |
|
| 150 | 150 | |
| 151 | 151 | # QUARTERROUND( x2, x6, x10, x14) |
| 152 | - list($x2, $x6, $x10, $x14) = self::quarterRound($x2, $x6, $x10, $x14); |
|
| 152 | + list( $x2, $x6, $x10, $x14 ) = self::quarterRound( $x2, $x6, $x10, $x14 ); |
|
| 153 | 153 | |
| 154 | 154 | # QUARTERROUND( x3, x7, x11, x15) |
| 155 | - list($x3, $x7, $x11, $x15) = self::quarterRound($x3, $x7, $x11, $x15); |
|
| 155 | + list( $x3, $x7, $x11, $x15 ) = self::quarterRound( $x3, $x7, $x11, $x15 ); |
|
| 156 | 156 | |
| 157 | 157 | # QUARTERROUND( x0, x5, x10, x15) |
| 158 | - list($x0, $x5, $x10, $x15) = self::quarterRound($x0, $x5, $x10, $x15); |
|
| 158 | + list( $x0, $x5, $x10, $x15 ) = self::quarterRound( $x0, $x5, $x10, $x15 ); |
|
| 159 | 159 | |
| 160 | 160 | # QUARTERROUND( x1, x6, x11, x12) |
| 161 | - list($x1, $x6, $x11, $x12) = self::quarterRound($x1, $x6, $x11, $x12); |
|
| 161 | + list( $x1, $x6, $x11, $x12 ) = self::quarterRound( $x1, $x6, $x11, $x12 ); |
|
| 162 | 162 | |
| 163 | 163 | # QUARTERROUND( x2, x7, x8, x13) |
| 164 | - list($x2, $x7, $x8, $x13) = self::quarterRound($x2, $x7, $x8, $x13); |
|
| 164 | + list( $x2, $x7, $x8, $x13 ) = self::quarterRound( $x2, $x7, $x8, $x13 ); |
|
| 165 | 165 | |
| 166 | 166 | # QUARTERROUND( x3, x4, x9, x14) |
| 167 | - list($x3, $x4, $x9, $x14) = self::quarterRound($x3, $x4, $x9, $x14); |
|
| 167 | + list( $x3, $x4, $x9, $x14 ) = self::quarterRound( $x3, $x4, $x9, $x14 ); |
|
| 168 | 168 | } |
| 169 | 169 | /* |
| 170 | 170 | x0 = PLUS(x0, j0); |
@@ -185,37 +185,37 @@ discard block |
||
| 185 | 185 | x15 = PLUS(x15, j15); |
| 186 | 186 | */ |
| 187 | 187 | /** @var int $x0 */ |
| 188 | - $x0 = ($x0 & 0xffffffff) + $j0; |
|
| 188 | + $x0 = ( $x0 & 0xffffffff ) + $j0; |
|
| 189 | 189 | /** @var int $x1 */ |
| 190 | - $x1 = ($x1 & 0xffffffff) + $j1; |
|
| 190 | + $x1 = ( $x1 & 0xffffffff ) + $j1; |
|
| 191 | 191 | /** @var int $x2 */ |
| 192 | - $x2 = ($x2 & 0xffffffff) + $j2; |
|
| 192 | + $x2 = ( $x2 & 0xffffffff ) + $j2; |
|
| 193 | 193 | /** @var int $x3 */ |
| 194 | - $x3 = ($x3 & 0xffffffff) + $j3; |
|
| 194 | + $x3 = ( $x3 & 0xffffffff ) + $j3; |
|
| 195 | 195 | /** @var int $x4 */ |
| 196 | - $x4 = ($x4 & 0xffffffff) + $j4; |
|
| 196 | + $x4 = ( $x4 & 0xffffffff ) + $j4; |
|
| 197 | 197 | /** @var int $x5 */ |
| 198 | - $x5 = ($x5 & 0xffffffff) + $j5; |
|
| 198 | + $x5 = ( $x5 & 0xffffffff ) + $j5; |
|
| 199 | 199 | /** @var int $x6 */ |
| 200 | - $x6 = ($x6 & 0xffffffff) + $j6; |
|
| 200 | + $x6 = ( $x6 & 0xffffffff ) + $j6; |
|
| 201 | 201 | /** @var int $x7 */ |
| 202 | - $x7 = ($x7 & 0xffffffff) + $j7; |
|
| 202 | + $x7 = ( $x7 & 0xffffffff ) + $j7; |
|
| 203 | 203 | /** @var int $x8 */ |
| 204 | - $x8 = ($x8 & 0xffffffff) + $j8; |
|
| 204 | + $x8 = ( $x8 & 0xffffffff ) + $j8; |
|
| 205 | 205 | /** @var int $x9 */ |
| 206 | - $x9 = ($x9 & 0xffffffff) + $j9; |
|
| 206 | + $x9 = ( $x9 & 0xffffffff ) + $j9; |
|
| 207 | 207 | /** @var int $x10 */ |
| 208 | - $x10 = ($x10 & 0xffffffff) + $j10; |
|
| 208 | + $x10 = ( $x10 & 0xffffffff ) + $j10; |
|
| 209 | 209 | /** @var int $x11 */ |
| 210 | - $x11 = ($x11 & 0xffffffff) + $j11; |
|
| 210 | + $x11 = ( $x11 & 0xffffffff ) + $j11; |
|
| 211 | 211 | /** @var int $x12 */ |
| 212 | - $x12 = ($x12 & 0xffffffff) + $j12; |
|
| 212 | + $x12 = ( $x12 & 0xffffffff ) + $j12; |
|
| 213 | 213 | /** @var int $x13 */ |
| 214 | - $x13 = ($x13 & 0xffffffff) + $j13; |
|
| 214 | + $x13 = ( $x13 & 0xffffffff ) + $j13; |
|
| 215 | 215 | /** @var int $x14 */ |
| 216 | - $x14 = ($x14 & 0xffffffff) + $j14; |
|
| 216 | + $x14 = ( $x14 & 0xffffffff ) + $j14; |
|
| 217 | 217 | /** @var int $x15 */ |
| 218 | - $x15 = ($x15 & 0xffffffff) + $j15; |
|
| 218 | + $x15 = ( $x15 & 0xffffffff ) + $j15; |
|
| 219 | 219 | |
| 220 | 220 | /* |
| 221 | 221 | x0 = XOR(x0, LOAD32_LE(m + 0)); |
@@ -235,22 +235,22 @@ discard block |
||
| 235 | 235 | x14 = XOR(x14, LOAD32_LE(m + 56)); |
| 236 | 236 | x15 = XOR(x15, LOAD32_LE(m + 60)); |
| 237 | 237 | */ |
| 238 | - $x0 ^= self::load_4(self::substr($message, 0, 4)); |
|
| 239 | - $x1 ^= self::load_4(self::substr($message, 4, 4)); |
|
| 240 | - $x2 ^= self::load_4(self::substr($message, 8, 4)); |
|
| 241 | - $x3 ^= self::load_4(self::substr($message, 12, 4)); |
|
| 242 | - $x4 ^= self::load_4(self::substr($message, 16, 4)); |
|
| 243 | - $x5 ^= self::load_4(self::substr($message, 20, 4)); |
|
| 244 | - $x6 ^= self::load_4(self::substr($message, 24, 4)); |
|
| 245 | - $x7 ^= self::load_4(self::substr($message, 28, 4)); |
|
| 246 | - $x8 ^= self::load_4(self::substr($message, 32, 4)); |
|
| 247 | - $x9 ^= self::load_4(self::substr($message, 36, 4)); |
|
| 248 | - $x10 ^= self::load_4(self::substr($message, 40, 4)); |
|
| 249 | - $x11 ^= self::load_4(self::substr($message, 44, 4)); |
|
| 250 | - $x12 ^= self::load_4(self::substr($message, 48, 4)); |
|
| 251 | - $x13 ^= self::load_4(self::substr($message, 52, 4)); |
|
| 252 | - $x14 ^= self::load_4(self::substr($message, 56, 4)); |
|
| 253 | - $x15 ^= self::load_4(self::substr($message, 60, 4)); |
|
| 238 | + $x0 ^= self::load_4( self::substr( $message, 0, 4 ) ); |
|
| 239 | + $x1 ^= self::load_4( self::substr( $message, 4, 4 ) ); |
|
| 240 | + $x2 ^= self::load_4( self::substr( $message, 8, 4 ) ); |
|
| 241 | + $x3 ^= self::load_4( self::substr( $message, 12, 4 ) ); |
|
| 242 | + $x4 ^= self::load_4( self::substr( $message, 16, 4 ) ); |
|
| 243 | + $x5 ^= self::load_4( self::substr( $message, 20, 4 ) ); |
|
| 244 | + $x6 ^= self::load_4( self::substr( $message, 24, 4 ) ); |
|
| 245 | + $x7 ^= self::load_4( self::substr( $message, 28, 4 ) ); |
|
| 246 | + $x8 ^= self::load_4( self::substr( $message, 32, 4 ) ); |
|
| 247 | + $x9 ^= self::load_4( self::substr( $message, 36, 4 ) ); |
|
| 248 | + $x10 ^= self::load_4( self::substr( $message, 40, 4 ) ); |
|
| 249 | + $x11 ^= self::load_4( self::substr( $message, 44, 4 ) ); |
|
| 250 | + $x12 ^= self::load_4( self::substr( $message, 48, 4 ) ); |
|
| 251 | + $x13 ^= self::load_4( self::substr( $message, 52, 4 ) ); |
|
| 252 | + $x14 ^= self::load_4( self::substr( $message, 56, 4 ) ); |
|
| 253 | + $x15 ^= self::load_4( self::substr( $message, 60, 4 ) ); |
|
| 254 | 254 | |
| 255 | 255 | /* |
| 256 | 256 | j12 = PLUSONE(j12); |
@@ -259,8 +259,8 @@ discard block |
||
| 259 | 259 | } |
| 260 | 260 | */ |
| 261 | 261 | ++$j12; |
| 262 | - if ($j12 & 0xf0000000) { |
|
| 263 | - throw new SodiumException('Overflow'); |
|
| 262 | + if ( $j12 & 0xf0000000 ) { |
|
| 263 | + throw new SodiumException( 'Overflow' ); |
|
| 264 | 264 | } |
| 265 | 265 | |
| 266 | 266 | /* |
@@ -281,41 +281,41 @@ discard block |
||
| 281 | 281 | STORE32_LE(c + 56, x14); |
| 282 | 282 | STORE32_LE(c + 60, x15); |
| 283 | 283 | */ |
| 284 | - $block = self::store32_le((int) ($x0 & 0xffffffff)) . |
|
| 285 | - self::store32_le((int) ($x1 & 0xffffffff)) . |
|
| 286 | - self::store32_le((int) ($x2 & 0xffffffff)) . |
|
| 287 | - self::store32_le((int) ($x3 & 0xffffffff)) . |
|
| 288 | - self::store32_le((int) ($x4 & 0xffffffff)) . |
|
| 289 | - self::store32_le((int) ($x5 & 0xffffffff)) . |
|
| 290 | - self::store32_le((int) ($x6 & 0xffffffff)) . |
|
| 291 | - self::store32_le((int) ($x7 & 0xffffffff)) . |
|
| 292 | - self::store32_le((int) ($x8 & 0xffffffff)) . |
|
| 293 | - self::store32_le((int) ($x9 & 0xffffffff)) . |
|
| 294 | - self::store32_le((int) ($x10 & 0xffffffff)) . |
|
| 295 | - self::store32_le((int) ($x11 & 0xffffffff)) . |
|
| 296 | - self::store32_le((int) ($x12 & 0xffffffff)) . |
|
| 297 | - self::store32_le((int) ($x13 & 0xffffffff)) . |
|
| 298 | - self::store32_le((int) ($x14 & 0xffffffff)) . |
|
| 299 | - self::store32_le((int) ($x15 & 0xffffffff)); |
|
| 284 | + $block = self::store32_le( (int)( $x0 & 0xffffffff ) ) . |
|
| 285 | + self::store32_le( (int)( $x1 & 0xffffffff ) ) . |
|
| 286 | + self::store32_le( (int)( $x2 & 0xffffffff ) ) . |
|
| 287 | + self::store32_le( (int)( $x3 & 0xffffffff ) ) . |
|
| 288 | + self::store32_le( (int)( $x4 & 0xffffffff ) ) . |
|
| 289 | + self::store32_le( (int)( $x5 & 0xffffffff ) ) . |
|
| 290 | + self::store32_le( (int)( $x6 & 0xffffffff ) ) . |
|
| 291 | + self::store32_le( (int)( $x7 & 0xffffffff ) ) . |
|
| 292 | + self::store32_le( (int)( $x8 & 0xffffffff ) ) . |
|
| 293 | + self::store32_le( (int)( $x9 & 0xffffffff ) ) . |
|
| 294 | + self::store32_le( (int)( $x10 & 0xffffffff ) ) . |
|
| 295 | + self::store32_le( (int)( $x11 & 0xffffffff ) ) . |
|
| 296 | + self::store32_le( (int)( $x12 & 0xffffffff ) ) . |
|
| 297 | + self::store32_le( (int)( $x13 & 0xffffffff ) ) . |
|
| 298 | + self::store32_le( (int)( $x14 & 0xffffffff ) ) . |
|
| 299 | + self::store32_le( (int)( $x15 & 0xffffffff ) ); |
|
| 300 | 300 | |
| 301 | 301 | /* Partial block */ |
| 302 | - if ($bytes < 64) { |
|
| 303 | - $c .= self::substr($block, 0, $bytes); |
|
| 302 | + if ( $bytes < 64 ) { |
|
| 303 | + $c .= self::substr( $block, 0, $bytes ); |
|
| 304 | 304 | break; |
| 305 | 305 | } |
| 306 | 306 | |
| 307 | 307 | /* Full block */ |
| 308 | 308 | $c .= $block; |
| 309 | 309 | $bytes -= 64; |
| 310 | - if ($bytes <= 0) { |
|
| 310 | + if ( $bytes <= 0 ) { |
|
| 311 | 311 | break; |
| 312 | 312 | } |
| 313 | - $message = self::substr($message, 64); |
|
| 313 | + $message = self::substr( $message, 64 ); |
|
| 314 | 314 | } |
| 315 | 315 | /* end for(;;) loop */ |
| 316 | 316 | |
| 317 | - $ctx[12] = $j12; |
|
| 318 | - $ctx[13] = $j13; |
|
| 317 | + $ctx[ 12 ] = $j12; |
|
| 318 | + $ctx[ 13 ] = $j13; |
|
| 319 | 319 | return $c; |
| 320 | 320 | } |
| 321 | 321 | |
@@ -329,11 +329,11 @@ discard block |
||
| 329 | 329 | * @throws SodiumException |
| 330 | 330 | * @throws TypeError |
| 331 | 331 | */ |
| 332 | - public static function stream($len = 64, $nonce = '', $key = '') |
|
| 332 | + public static function stream( $len = 64, $nonce = '', $key = '' ) |
|
| 333 | 333 | { |
| 334 | 334 | return self::encryptBytes( |
| 335 | - new ParagonIE_Sodium_Core_ChaCha20_Ctx($key, $nonce), |
|
| 336 | - str_repeat("\x00", $len) |
|
| 335 | + new ParagonIE_Sodium_Core_ChaCha20_Ctx( $key, $nonce ), |
|
| 336 | + str_repeat( "\x00", $len ) |
|
| 337 | 337 | ); |
| 338 | 338 | } |
| 339 | 339 | |
@@ -347,11 +347,11 @@ discard block |
||
| 347 | 347 | * @throws SodiumException |
| 348 | 348 | * @throws TypeError |
| 349 | 349 | */ |
| 350 | - public static function ietfStream($len, $nonce = '', $key = '') |
|
| 350 | + public static function ietfStream( $len, $nonce = '', $key = '' ) |
|
| 351 | 351 | { |
| 352 | 352 | return self::encryptBytes( |
| 353 | - new ParagonIE_Sodium_Core_ChaCha20_IetfCtx($key, $nonce), |
|
| 354 | - str_repeat("\x00", $len) |
|
| 353 | + new ParagonIE_Sodium_Core_ChaCha20_IetfCtx( $key, $nonce ), |
|
| 354 | + str_repeat( "\x00", $len ) |
|
| 355 | 355 | ); |
| 356 | 356 | } |
| 357 | 357 | |
@@ -366,10 +366,10 @@ discard block |
||
| 366 | 366 | * @throws SodiumException |
| 367 | 367 | * @throws TypeError |
| 368 | 368 | */ |
| 369 | - public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 369 | + public static function ietfStreamXorIc( $message, $nonce = '', $key = '', $ic = '' ) |
|
| 370 | 370 | { |
| 371 | 371 | return self::encryptBytes( |
| 372 | - new ParagonIE_Sodium_Core_ChaCha20_IetfCtx($key, $nonce, $ic), |
|
| 372 | + new ParagonIE_Sodium_Core_ChaCha20_IetfCtx( $key, $nonce, $ic ), |
|
| 373 | 373 | $message |
| 374 | 374 | ); |
| 375 | 375 | } |
@@ -385,10 +385,10 @@ discard block |
||
| 385 | 385 | * @throws SodiumException |
| 386 | 386 | * @throws TypeError |
| 387 | 387 | */ |
| 388 | - public static function streamXorIc($message, $nonce = '', $key = '', $ic = '') |
|
| 388 | + public static function streamXorIc( $message, $nonce = '', $key = '', $ic = '' ) |
|
| 389 | 389 | { |
| 390 | 390 | return self::encryptBytes( |
| 391 | - new ParagonIE_Sodium_Core_ChaCha20_Ctx($key, $nonce, $ic), |
|
| 391 | + new ParagonIE_Sodium_Core_ChaCha20_Ctx( $key, $nonce, $ic ), |
|
| 392 | 392 | $message |
| 393 | 393 | ); |
| 394 | 394 | } |
@@ -1,7 +1,7 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | if (class_exists('ParagonIE_Sodium_Core_HChaCha20', false)) { |
| 4 | - return; |
|
| 4 | + return; |
|
| 5 | 5 | } |
| 6 | 6 | |
| 7 | 7 | /** |
@@ -9,100 +9,100 @@ discard block |
||
| 9 | 9 | */ |
| 10 | 10 | class ParagonIE_Sodium_Core_HChaCha20 extends ParagonIE_Sodium_Core_ChaCha20 |
| 11 | 11 | { |
| 12 | - /** |
|
| 13 | - * @param string $in |
|
| 14 | - * @param string $key |
|
| 15 | - * @param string|null $c |
|
| 16 | - * @return string |
|
| 17 | - * @throws TypeError |
|
| 18 | - */ |
|
| 19 | - public static function hChaCha20($in = '', $key = '', $c = null) |
|
| 20 | - { |
|
| 21 | - $ctx = array(); |
|
| 12 | + /** |
|
| 13 | + * @param string $in |
|
| 14 | + * @param string $key |
|
| 15 | + * @param string|null $c |
|
| 16 | + * @return string |
|
| 17 | + * @throws TypeError |
|
| 18 | + */ |
|
| 19 | + public static function hChaCha20($in = '', $key = '', $c = null) |
|
| 20 | + { |
|
| 21 | + $ctx = array(); |
|
| 22 | 22 | |
| 23 | - if ($c === null) { |
|
| 24 | - $ctx[0] = 0x61707865; |
|
| 25 | - $ctx[1] = 0x3320646e; |
|
| 26 | - $ctx[2] = 0x79622d32; |
|
| 27 | - $ctx[3] = 0x6b206574; |
|
| 28 | - } else { |
|
| 29 | - $ctx[0] = self::load_4(self::substr($c, 0, 4)); |
|
| 30 | - $ctx[1] = self::load_4(self::substr($c, 4, 4)); |
|
| 31 | - $ctx[2] = self::load_4(self::substr($c, 8, 4)); |
|
| 32 | - $ctx[3] = self::load_4(self::substr($c, 12, 4)); |
|
| 33 | - } |
|
| 34 | - $ctx[4] = self::load_4(self::substr($key, 0, 4)); |
|
| 35 | - $ctx[5] = self::load_4(self::substr($key, 4, 4)); |
|
| 36 | - $ctx[6] = self::load_4(self::substr($key, 8, 4)); |
|
| 37 | - $ctx[7] = self::load_4(self::substr($key, 12, 4)); |
|
| 38 | - $ctx[8] = self::load_4(self::substr($key, 16, 4)); |
|
| 39 | - $ctx[9] = self::load_4(self::substr($key, 20, 4)); |
|
| 40 | - $ctx[10] = self::load_4(self::substr($key, 24, 4)); |
|
| 41 | - $ctx[11] = self::load_4(self::substr($key, 28, 4)); |
|
| 42 | - $ctx[12] = self::load_4(self::substr($in, 0, 4)); |
|
| 43 | - $ctx[13] = self::load_4(self::substr($in, 4, 4)); |
|
| 44 | - $ctx[14] = self::load_4(self::substr($in, 8, 4)); |
|
| 45 | - $ctx[15] = self::load_4(self::substr($in, 12, 4)); |
|
| 46 | - return self::hChaCha20Bytes($ctx); |
|
| 47 | - } |
|
| 23 | + if ($c === null) { |
|
| 24 | + $ctx[0] = 0x61707865; |
|
| 25 | + $ctx[1] = 0x3320646e; |
|
| 26 | + $ctx[2] = 0x79622d32; |
|
| 27 | + $ctx[3] = 0x6b206574; |
|
| 28 | + } else { |
|
| 29 | + $ctx[0] = self::load_4(self::substr($c, 0, 4)); |
|
| 30 | + $ctx[1] = self::load_4(self::substr($c, 4, 4)); |
|
| 31 | + $ctx[2] = self::load_4(self::substr($c, 8, 4)); |
|
| 32 | + $ctx[3] = self::load_4(self::substr($c, 12, 4)); |
|
| 33 | + } |
|
| 34 | + $ctx[4] = self::load_4(self::substr($key, 0, 4)); |
|
| 35 | + $ctx[5] = self::load_4(self::substr($key, 4, 4)); |
|
| 36 | + $ctx[6] = self::load_4(self::substr($key, 8, 4)); |
|
| 37 | + $ctx[7] = self::load_4(self::substr($key, 12, 4)); |
|
| 38 | + $ctx[8] = self::load_4(self::substr($key, 16, 4)); |
|
| 39 | + $ctx[9] = self::load_4(self::substr($key, 20, 4)); |
|
| 40 | + $ctx[10] = self::load_4(self::substr($key, 24, 4)); |
|
| 41 | + $ctx[11] = self::load_4(self::substr($key, 28, 4)); |
|
| 42 | + $ctx[12] = self::load_4(self::substr($in, 0, 4)); |
|
| 43 | + $ctx[13] = self::load_4(self::substr($in, 4, 4)); |
|
| 44 | + $ctx[14] = self::load_4(self::substr($in, 8, 4)); |
|
| 45 | + $ctx[15] = self::load_4(self::substr($in, 12, 4)); |
|
| 46 | + return self::hChaCha20Bytes($ctx); |
|
| 47 | + } |
|
| 48 | 48 | |
| 49 | - /** |
|
| 50 | - * @param array $ctx |
|
| 51 | - * @return string |
|
| 52 | - * @throws TypeError |
|
| 53 | - */ |
|
| 54 | - protected static function hChaCha20Bytes(array $ctx) |
|
| 55 | - { |
|
| 56 | - $x0 = (int) $ctx[0]; |
|
| 57 | - $x1 = (int) $ctx[1]; |
|
| 58 | - $x2 = (int) $ctx[2]; |
|
| 59 | - $x3 = (int) $ctx[3]; |
|
| 60 | - $x4 = (int) $ctx[4]; |
|
| 61 | - $x5 = (int) $ctx[5]; |
|
| 62 | - $x6 = (int) $ctx[6]; |
|
| 63 | - $x7 = (int) $ctx[7]; |
|
| 64 | - $x8 = (int) $ctx[8]; |
|
| 65 | - $x9 = (int) $ctx[9]; |
|
| 66 | - $x10 = (int) $ctx[10]; |
|
| 67 | - $x11 = (int) $ctx[11]; |
|
| 68 | - $x12 = (int) $ctx[12]; |
|
| 69 | - $x13 = (int) $ctx[13]; |
|
| 70 | - $x14 = (int) $ctx[14]; |
|
| 71 | - $x15 = (int) $ctx[15]; |
|
| 49 | + /** |
|
| 50 | + * @param array $ctx |
|
| 51 | + * @return string |
|
| 52 | + * @throws TypeError |
|
| 53 | + */ |
|
| 54 | + protected static function hChaCha20Bytes(array $ctx) |
|
| 55 | + { |
|
| 56 | + $x0 = (int) $ctx[0]; |
|
| 57 | + $x1 = (int) $ctx[1]; |
|
| 58 | + $x2 = (int) $ctx[2]; |
|
| 59 | + $x3 = (int) $ctx[3]; |
|
| 60 | + $x4 = (int) $ctx[4]; |
|
| 61 | + $x5 = (int) $ctx[5]; |
|
| 62 | + $x6 = (int) $ctx[6]; |
|
| 63 | + $x7 = (int) $ctx[7]; |
|
| 64 | + $x8 = (int) $ctx[8]; |
|
| 65 | + $x9 = (int) $ctx[9]; |
|
| 66 | + $x10 = (int) $ctx[10]; |
|
| 67 | + $x11 = (int) $ctx[11]; |
|
| 68 | + $x12 = (int) $ctx[12]; |
|
| 69 | + $x13 = (int) $ctx[13]; |
|
| 70 | + $x14 = (int) $ctx[14]; |
|
| 71 | + $x15 = (int) $ctx[15]; |
|
| 72 | 72 | |
| 73 | - for ($i = 0; $i < 10; ++$i) { |
|
| 74 | - # QUARTERROUND( x0, x4, x8, x12) |
|
| 75 | - list($x0, $x4, $x8, $x12) = self::quarterRound($x0, $x4, $x8, $x12); |
|
| 73 | + for ($i = 0; $i < 10; ++$i) { |
|
| 74 | + # QUARTERROUND( x0, x4, x8, x12) |
|
| 75 | + list($x0, $x4, $x8, $x12) = self::quarterRound($x0, $x4, $x8, $x12); |
|
| 76 | 76 | |
| 77 | - # QUARTERROUND( x1, x5, x9, x13) |
|
| 78 | - list($x1, $x5, $x9, $x13) = self::quarterRound($x1, $x5, $x9, $x13); |
|
| 77 | + # QUARTERROUND( x1, x5, x9, x13) |
|
| 78 | + list($x1, $x5, $x9, $x13) = self::quarterRound($x1, $x5, $x9, $x13); |
|
| 79 | 79 | |
| 80 | - # QUARTERROUND( x2, x6, x10, x14) |
|
| 81 | - list($x2, $x6, $x10, $x14) = self::quarterRound($x2, $x6, $x10, $x14); |
|
| 80 | + # QUARTERROUND( x2, x6, x10, x14) |
|
| 81 | + list($x2, $x6, $x10, $x14) = self::quarterRound($x2, $x6, $x10, $x14); |
|
| 82 | 82 | |
| 83 | - # QUARTERROUND( x3, x7, x11, x15) |
|
| 84 | - list($x3, $x7, $x11, $x15) = self::quarterRound($x3, $x7, $x11, $x15); |
|
| 83 | + # QUARTERROUND( x3, x7, x11, x15) |
|
| 84 | + list($x3, $x7, $x11, $x15) = self::quarterRound($x3, $x7, $x11, $x15); |
|
| 85 | 85 | |
| 86 | - # QUARTERROUND( x0, x5, x10, x15) |
|
| 87 | - list($x0, $x5, $x10, $x15) = self::quarterRound($x0, $x5, $x10, $x15); |
|
| 86 | + # QUARTERROUND( x0, x5, x10, x15) |
|
| 87 | + list($x0, $x5, $x10, $x15) = self::quarterRound($x0, $x5, $x10, $x15); |
|
| 88 | 88 | |
| 89 | - # QUARTERROUND( x1, x6, x11, x12) |
|
| 90 | - list($x1, $x6, $x11, $x12) = self::quarterRound($x1, $x6, $x11, $x12); |
|
| 89 | + # QUARTERROUND( x1, x6, x11, x12) |
|
| 90 | + list($x1, $x6, $x11, $x12) = self::quarterRound($x1, $x6, $x11, $x12); |
|
| 91 | 91 | |
| 92 | - # QUARTERROUND( x2, x7, x8, x13) |
|
| 93 | - list($x2, $x7, $x8, $x13) = self::quarterRound($x2, $x7, $x8, $x13); |
|
| 92 | + # QUARTERROUND( x2, x7, x8, x13) |
|
| 93 | + list($x2, $x7, $x8, $x13) = self::quarterRound($x2, $x7, $x8, $x13); |
|
| 94 | 94 | |
| 95 | - # QUARTERROUND( x3, x4, x9, x14) |
|
| 96 | - list($x3, $x4, $x9, $x14) = self::quarterRound($x3, $x4, $x9, $x14); |
|
| 97 | - } |
|
| 95 | + # QUARTERROUND( x3, x4, x9, x14) |
|
| 96 | + list($x3, $x4, $x9, $x14) = self::quarterRound($x3, $x4, $x9, $x14); |
|
| 97 | + } |
|
| 98 | 98 | |
| 99 | - return self::store32_le((int) ($x0 & 0xffffffff)) . |
|
| 100 | - self::store32_le((int) ($x1 & 0xffffffff)) . |
|
| 101 | - self::store32_le((int) ($x2 & 0xffffffff)) . |
|
| 102 | - self::store32_le((int) ($x3 & 0xffffffff)) . |
|
| 103 | - self::store32_le((int) ($x12 & 0xffffffff)) . |
|
| 104 | - self::store32_le((int) ($x13 & 0xffffffff)) . |
|
| 105 | - self::store32_le((int) ($x14 & 0xffffffff)) . |
|
| 106 | - self::store32_le((int) ($x15 & 0xffffffff)); |
|
| 107 | - } |
|
| 99 | + return self::store32_le((int) ($x0 & 0xffffffff)) . |
|
| 100 | + self::store32_le((int) ($x1 & 0xffffffff)) . |
|
| 101 | + self::store32_le((int) ($x2 & 0xffffffff)) . |
|
| 102 | + self::store32_le((int) ($x3 & 0xffffffff)) . |
|
| 103 | + self::store32_le((int) ($x12 & 0xffffffff)) . |
|
| 104 | + self::store32_le((int) ($x13 & 0xffffffff)) . |
|
| 105 | + self::store32_le((int) ($x14 & 0xffffffff)) . |
|
| 106 | + self::store32_le((int) ($x15 & 0xffffffff)); |
|
| 107 | + } |
|
| 108 | 108 | } |
@@ -7,8 +7,7 @@ discard block |
||
| 7 | 7 | /** |
| 8 | 8 | * Class ParagonIE_Sodium_Core_HChaCha20 |
| 9 | 9 | */ |
| 10 | -class ParagonIE_Sodium_Core_HChaCha20 extends ParagonIE_Sodium_Core_ChaCha20 |
|
| 11 | -{ |
|
| 10 | +class ParagonIE_Sodium_Core_HChaCha20 extends ParagonIE_Sodium_Core_ChaCha20 { |
|
| 12 | 11 | /** |
| 13 | 12 | * @param string $in |
| 14 | 13 | * @param string $key |
@@ -16,8 +15,7 @@ discard block |
||
| 16 | 15 | * @return string |
| 17 | 16 | * @throws TypeError |
| 18 | 17 | */ |
| 19 | - public static function hChaCha20($in = '', $key = '', $c = null) |
|
| 20 | - { |
|
| 18 | + public static function hChaCha20($in = '', $key = '', $c = null) { |
|
| 21 | 19 | $ctx = array(); |
| 22 | 20 | |
| 23 | 21 | if ($c === null) { |
@@ -51,8 +49,7 @@ discard block |
||
| 51 | 49 | * @return string |
| 52 | 50 | * @throws TypeError |
| 53 | 51 | */ |
| 54 | - protected static function hChaCha20Bytes(array $ctx) |
|
| 55 | - { |
|
| 52 | + protected static function hChaCha20Bytes(array $ctx) { |
|
| 56 | 53 | $x0 = (int) $ctx[0]; |
| 57 | 54 | $x1 = (int) $ctx[1]; |
| 58 | 55 | $x2 = (int) $ctx[2]; |
@@ -1,6 +1,6 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -if (class_exists('ParagonIE_Sodium_Core_HChaCha20', false)) { |
|
| 3 | +if ( class_exists( 'ParagonIE_Sodium_Core_HChaCha20', false ) ) { |
|
| 4 | 4 | return; |
| 5 | 5 | } |
| 6 | 6 | |
@@ -16,34 +16,34 @@ discard block |
||
| 16 | 16 | * @return string |
| 17 | 17 | * @throws TypeError |
| 18 | 18 | */ |
| 19 | - public static function hChaCha20($in = '', $key = '', $c = null) |
|
| 19 | + public static function hChaCha20( $in = '', $key = '', $c = null ) |
|
| 20 | 20 | { |
| 21 | 21 | $ctx = array(); |
| 22 | 22 | |
| 23 | - if ($c === null) { |
|
| 24 | - $ctx[0] = 0x61707865; |
|
| 25 | - $ctx[1] = 0x3320646e; |
|
| 26 | - $ctx[2] = 0x79622d32; |
|
| 27 | - $ctx[3] = 0x6b206574; |
|
| 23 | + if ( $c === null ) { |
|
| 24 | + $ctx[ 0 ] = 0x61707865; |
|
| 25 | + $ctx[ 1 ] = 0x3320646e; |
|
| 26 | + $ctx[ 2 ] = 0x79622d32; |
|
| 27 | + $ctx[ 3 ] = 0x6b206574; |
|
| 28 | 28 | } else { |
| 29 | - $ctx[0] = self::load_4(self::substr($c, 0, 4)); |
|
| 30 | - $ctx[1] = self::load_4(self::substr($c, 4, 4)); |
|
| 31 | - $ctx[2] = self::load_4(self::substr($c, 8, 4)); |
|
| 32 | - $ctx[3] = self::load_4(self::substr($c, 12, 4)); |
|
| 29 | + $ctx[ 0 ] = self::load_4( self::substr( $c, 0, 4 ) ); |
|
| 30 | + $ctx[ 1 ] = self::load_4( self::substr( $c, 4, 4 ) ); |
|
| 31 | + $ctx[ 2 ] = self::load_4( self::substr( $c, 8, 4 ) ); |
|
| 32 | + $ctx[ 3 ] = self::load_4( self::substr( $c, 12, 4 ) ); |
|
| 33 | 33 | } |
| 34 | - $ctx[4] = self::load_4(self::substr($key, 0, 4)); |
|
| 35 | - $ctx[5] = self::load_4(self::substr($key, 4, 4)); |
|
| 36 | - $ctx[6] = self::load_4(self::substr($key, 8, 4)); |
|
| 37 | - $ctx[7] = self::load_4(self::substr($key, 12, 4)); |
|
| 38 | - $ctx[8] = self::load_4(self::substr($key, 16, 4)); |
|
| 39 | - $ctx[9] = self::load_4(self::substr($key, 20, 4)); |
|
| 40 | - $ctx[10] = self::load_4(self::substr($key, 24, 4)); |
|
| 41 | - $ctx[11] = self::load_4(self::substr($key, 28, 4)); |
|
| 42 | - $ctx[12] = self::load_4(self::substr($in, 0, 4)); |
|
| 43 | - $ctx[13] = self::load_4(self::substr($in, 4, 4)); |
|
| 44 | - $ctx[14] = self::load_4(self::substr($in, 8, 4)); |
|
| 45 | - $ctx[15] = self::load_4(self::substr($in, 12, 4)); |
|
| 46 | - return self::hChaCha20Bytes($ctx); |
|
| 34 | + $ctx[ 4 ] = self::load_4( self::substr( $key, 0, 4 ) ); |
|
| 35 | + $ctx[ 5 ] = self::load_4( self::substr( $key, 4, 4 ) ); |
|
| 36 | + $ctx[ 6 ] = self::load_4( self::substr( $key, 8, 4 ) ); |
|
| 37 | + $ctx[ 7 ] = self::load_4( self::substr( $key, 12, 4 ) ); |
|
| 38 | + $ctx[ 8 ] = self::load_4( self::substr( $key, 16, 4 ) ); |
|
| 39 | + $ctx[ 9 ] = self::load_4( self::substr( $key, 20, 4 ) ); |
|
| 40 | + $ctx[ 10 ] = self::load_4( self::substr( $key, 24, 4 ) ); |
|
| 41 | + $ctx[ 11 ] = self::load_4( self::substr( $key, 28, 4 ) ); |
|
| 42 | + $ctx[ 12 ] = self::load_4( self::substr( $in, 0, 4 ) ); |
|
| 43 | + $ctx[ 13 ] = self::load_4( self::substr( $in, 4, 4 ) ); |
|
| 44 | + $ctx[ 14 ] = self::load_4( self::substr( $in, 8, 4 ) ); |
|
| 45 | + $ctx[ 15 ] = self::load_4( self::substr( $in, 12, 4 ) ); |
|
| 46 | + return self::hChaCha20Bytes( $ctx ); |
|
| 47 | 47 | } |
| 48 | 48 | |
| 49 | 49 | /** |
@@ -51,58 +51,58 @@ discard block |
||
| 51 | 51 | * @return string |
| 52 | 52 | * @throws TypeError |
| 53 | 53 | */ |
| 54 | - protected static function hChaCha20Bytes(array $ctx) |
|
| 54 | + protected static function hChaCha20Bytes( array $ctx ) |
|
| 55 | 55 | { |
| 56 | - $x0 = (int) $ctx[0]; |
|
| 57 | - $x1 = (int) $ctx[1]; |
|
| 58 | - $x2 = (int) $ctx[2]; |
|
| 59 | - $x3 = (int) $ctx[3]; |
|
| 60 | - $x4 = (int) $ctx[4]; |
|
| 61 | - $x5 = (int) $ctx[5]; |
|
| 62 | - $x6 = (int) $ctx[6]; |
|
| 63 | - $x7 = (int) $ctx[7]; |
|
| 64 | - $x8 = (int) $ctx[8]; |
|
| 65 | - $x9 = (int) $ctx[9]; |
|
| 66 | - $x10 = (int) $ctx[10]; |
|
| 67 | - $x11 = (int) $ctx[11]; |
|
| 68 | - $x12 = (int) $ctx[12]; |
|
| 69 | - $x13 = (int) $ctx[13]; |
|
| 70 | - $x14 = (int) $ctx[14]; |
|
| 71 | - $x15 = (int) $ctx[15]; |
|
| 56 | + $x0 = (int)$ctx[ 0 ]; |
|
| 57 | + $x1 = (int)$ctx[ 1 ]; |
|
| 58 | + $x2 = (int)$ctx[ 2 ]; |
|
| 59 | + $x3 = (int)$ctx[ 3 ]; |
|
| 60 | + $x4 = (int)$ctx[ 4 ]; |
|
| 61 | + $x5 = (int)$ctx[ 5 ]; |
|
| 62 | + $x6 = (int)$ctx[ 6 ]; |
|
| 63 | + $x7 = (int)$ctx[ 7 ]; |
|
| 64 | + $x8 = (int)$ctx[ 8 ]; |
|
| 65 | + $x9 = (int)$ctx[ 9 ]; |
|
| 66 | + $x10 = (int)$ctx[ 10 ]; |
|
| 67 | + $x11 = (int)$ctx[ 11 ]; |
|
| 68 | + $x12 = (int)$ctx[ 12 ]; |
|
| 69 | + $x13 = (int)$ctx[ 13 ]; |
|
| 70 | + $x14 = (int)$ctx[ 14 ]; |
|
| 71 | + $x15 = (int)$ctx[ 15 ]; |
|
| 72 | 72 | |
| 73 | - for ($i = 0; $i < 10; ++$i) { |
|
| 73 | + for ( $i = 0; $i < 10; ++$i ) { |
|
| 74 | 74 | # QUARTERROUND( x0, x4, x8, x12) |
| 75 | - list($x0, $x4, $x8, $x12) = self::quarterRound($x0, $x4, $x8, $x12); |
|
| 75 | + list( $x0, $x4, $x8, $x12 ) = self::quarterRound( $x0, $x4, $x8, $x12 ); |
|
| 76 | 76 | |
| 77 | 77 | # QUARTERROUND( x1, x5, x9, x13) |
| 78 | - list($x1, $x5, $x9, $x13) = self::quarterRound($x1, $x5, $x9, $x13); |
|
| 78 | + list( $x1, $x5, $x9, $x13 ) = self::quarterRound( $x1, $x5, $x9, $x13 ); |
|
| 79 | 79 | |
| 80 | 80 | # QUARTERROUND( x2, x6, x10, x14) |
| 81 | - list($x2, $x6, $x10, $x14) = self::quarterRound($x2, $x6, $x10, $x14); |
|
| 81 | + list( $x2, $x6, $x10, $x14 ) = self::quarterRound( $x2, $x6, $x10, $x14 ); |
|
| 82 | 82 | |
| 83 | 83 | # QUARTERROUND( x3, x7, x11, x15) |
| 84 | - list($x3, $x7, $x11, $x15) = self::quarterRound($x3, $x7, $x11, $x15); |
|
| 84 | + list( $x3, $x7, $x11, $x15 ) = self::quarterRound( $x3, $x7, $x11, $x15 ); |
|
| 85 | 85 | |
| 86 | 86 | # QUARTERROUND( x0, x5, x10, x15) |
| 87 | - list($x0, $x5, $x10, $x15) = self::quarterRound($x0, $x5, $x10, $x15); |
|
| 87 | + list( $x0, $x5, $x10, $x15 ) = self::quarterRound( $x0, $x5, $x10, $x15 ); |
|
| 88 | 88 | |
| 89 | 89 | # QUARTERROUND( x1, x6, x11, x12) |
| 90 | - list($x1, $x6, $x11, $x12) = self::quarterRound($x1, $x6, $x11, $x12); |
|
| 90 | + list( $x1, $x6, $x11, $x12 ) = self::quarterRound( $x1, $x6, $x11, $x12 ); |
|
| 91 | 91 | |
| 92 | 92 | # QUARTERROUND( x2, x7, x8, x13) |
| 93 | - list($x2, $x7, $x8, $x13) = self::quarterRound($x2, $x7, $x8, $x13); |
|
| 93 | + list( $x2, $x7, $x8, $x13 ) = self::quarterRound( $x2, $x7, $x8, $x13 ); |
|
| 94 | 94 | |
| 95 | 95 | # QUARTERROUND( x3, x4, x9, x14) |
| 96 | - list($x3, $x4, $x9, $x14) = self::quarterRound($x3, $x4, $x9, $x14); |
|
| 96 | + list( $x3, $x4, $x9, $x14 ) = self::quarterRound( $x3, $x4, $x9, $x14 ); |
|
| 97 | 97 | } |
| 98 | 98 | |
| 99 | - return self::store32_le((int) ($x0 & 0xffffffff)) . |
|
| 100 | - self::store32_le((int) ($x1 & 0xffffffff)) . |
|
| 101 | - self::store32_le((int) ($x2 & 0xffffffff)) . |
|
| 102 | - self::store32_le((int) ($x3 & 0xffffffff)) . |
|
| 103 | - self::store32_le((int) ($x12 & 0xffffffff)) . |
|
| 104 | - self::store32_le((int) ($x13 & 0xffffffff)) . |
|
| 105 | - self::store32_le((int) ($x14 & 0xffffffff)) . |
|
| 106 | - self::store32_le((int) ($x15 & 0xffffffff)); |
|
| 99 | + return self::store32_le( (int)( $x0 & 0xffffffff ) ) . |
|
| 100 | + self::store32_le( (int)( $x1 & 0xffffffff ) ) . |
|
| 101 | + self::store32_le( (int)( $x2 & 0xffffffff ) ) . |
|
| 102 | + self::store32_le( (int)( $x3 & 0xffffffff ) ) . |
|
| 103 | + self::store32_le( (int)( $x12 & 0xffffffff ) ) . |
|
| 104 | + self::store32_le( (int)( $x13 & 0xffffffff ) ) . |
|
| 105 | + self::store32_le( (int)( $x14 & 0xffffffff ) ) . |
|
| 106 | + self::store32_le( (int)( $x15 & 0xffffffff ) ); |
|
| 107 | 107 | } |
| 108 | 108 | } |
@@ -1,7 +1,7 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | if (class_exists('ParagonIE_Sodium_Core_HSalsa20', false)) { |
| 4 | - return; |
|
| 4 | + return; |
|
| 5 | 5 | } |
| 6 | 6 | |
| 7 | 7 | /** |
@@ -9,88 +9,88 @@ discard block |
||
| 9 | 9 | */ |
| 10 | 10 | abstract class ParagonIE_Sodium_Core_HSalsa20 extends ParagonIE_Sodium_Core_Salsa20 |
| 11 | 11 | { |
| 12 | - /** |
|
| 13 | - * Calculate an hsalsa20 hash of a single block |
|
| 14 | - * |
|
| 15 | - * HSalsa20 doesn't have a counter and will never be used for more than |
|
| 16 | - * one block (used to derive a subkey for xsalsa20). |
|
| 17 | - * |
|
| 18 | - * @internal You should not use this directly from another application |
|
| 19 | - * |
|
| 20 | - * @param string $in |
|
| 21 | - * @param string $k |
|
| 22 | - * @param string|null $c |
|
| 23 | - * @return string |
|
| 24 | - * @throws TypeError |
|
| 25 | - */ |
|
| 26 | - public static function hsalsa20($in, $k, $c = null) |
|
| 27 | - { |
|
| 28 | - if ($c === null) { |
|
| 29 | - $x0 = 0x61707865; |
|
| 30 | - $x5 = 0x3320646e; |
|
| 31 | - $x10 = 0x79622d32; |
|
| 32 | - $x15 = 0x6b206574; |
|
| 33 | - } else { |
|
| 34 | - $x0 = self::load_4(self::substr($c, 0, 4)); |
|
| 35 | - $x5 = self::load_4(self::substr($c, 4, 4)); |
|
| 36 | - $x10 = self::load_4(self::substr($c, 8, 4)); |
|
| 37 | - $x15 = self::load_4(self::substr($c, 12, 4)); |
|
| 38 | - } |
|
| 39 | - $x1 = self::load_4(self::substr($k, 0, 4)); |
|
| 40 | - $x2 = self::load_4(self::substr($k, 4, 4)); |
|
| 41 | - $x3 = self::load_4(self::substr($k, 8, 4)); |
|
| 42 | - $x4 = self::load_4(self::substr($k, 12, 4)); |
|
| 43 | - $x11 = self::load_4(self::substr($k, 16, 4)); |
|
| 44 | - $x12 = self::load_4(self::substr($k, 20, 4)); |
|
| 45 | - $x13 = self::load_4(self::substr($k, 24, 4)); |
|
| 46 | - $x14 = self::load_4(self::substr($k, 28, 4)); |
|
| 47 | - $x6 = self::load_4(self::substr($in, 0, 4)); |
|
| 48 | - $x7 = self::load_4(self::substr($in, 4, 4)); |
|
| 49 | - $x8 = self::load_4(self::substr($in, 8, 4)); |
|
| 50 | - $x9 = self::load_4(self::substr($in, 12, 4)); |
|
| 12 | + /** |
|
| 13 | + * Calculate an hsalsa20 hash of a single block |
|
| 14 | + * |
|
| 15 | + * HSalsa20 doesn't have a counter and will never be used for more than |
|
| 16 | + * one block (used to derive a subkey for xsalsa20). |
|
| 17 | + * |
|
| 18 | + * @internal You should not use this directly from another application |
|
| 19 | + * |
|
| 20 | + * @param string $in |
|
| 21 | + * @param string $k |
|
| 22 | + * @param string|null $c |
|
| 23 | + * @return string |
|
| 24 | + * @throws TypeError |
|
| 25 | + */ |
|
| 26 | + public static function hsalsa20($in, $k, $c = null) |
|
| 27 | + { |
|
| 28 | + if ($c === null) { |
|
| 29 | + $x0 = 0x61707865; |
|
| 30 | + $x5 = 0x3320646e; |
|
| 31 | + $x10 = 0x79622d32; |
|
| 32 | + $x15 = 0x6b206574; |
|
| 33 | + } else { |
|
| 34 | + $x0 = self::load_4(self::substr($c, 0, 4)); |
|
| 35 | + $x5 = self::load_4(self::substr($c, 4, 4)); |
|
| 36 | + $x10 = self::load_4(self::substr($c, 8, 4)); |
|
| 37 | + $x15 = self::load_4(self::substr($c, 12, 4)); |
|
| 38 | + } |
|
| 39 | + $x1 = self::load_4(self::substr($k, 0, 4)); |
|
| 40 | + $x2 = self::load_4(self::substr($k, 4, 4)); |
|
| 41 | + $x3 = self::load_4(self::substr($k, 8, 4)); |
|
| 42 | + $x4 = self::load_4(self::substr($k, 12, 4)); |
|
| 43 | + $x11 = self::load_4(self::substr($k, 16, 4)); |
|
| 44 | + $x12 = self::load_4(self::substr($k, 20, 4)); |
|
| 45 | + $x13 = self::load_4(self::substr($k, 24, 4)); |
|
| 46 | + $x14 = self::load_4(self::substr($k, 28, 4)); |
|
| 47 | + $x6 = self::load_4(self::substr($in, 0, 4)); |
|
| 48 | + $x7 = self::load_4(self::substr($in, 4, 4)); |
|
| 49 | + $x8 = self::load_4(self::substr($in, 8, 4)); |
|
| 50 | + $x9 = self::load_4(self::substr($in, 12, 4)); |
|
| 51 | 51 | |
| 52 | - for ($i = self::ROUNDS; $i > 0; $i -= 2) { |
|
| 53 | - $x4 ^= self::rotate($x0 + $x12, 7); |
|
| 54 | - $x8 ^= self::rotate($x4 + $x0, 9); |
|
| 55 | - $x12 ^= self::rotate($x8 + $x4, 13); |
|
| 56 | - $x0 ^= self::rotate($x12 + $x8, 18); |
|
| 57 | - $x9 ^= self::rotate($x5 + $x1, 7); |
|
| 58 | - $x13 ^= self::rotate($x9 + $x5, 9); |
|
| 59 | - $x1 ^= self::rotate($x13 + $x9, 13); |
|
| 60 | - $x5 ^= self::rotate($x1 + $x13, 18); |
|
| 61 | - $x14 ^= self::rotate($x10 + $x6, 7); |
|
| 62 | - $x2 ^= self::rotate($x14 + $x10, 9); |
|
| 63 | - $x6 ^= self::rotate($x2 + $x14, 13); |
|
| 64 | - $x10 ^= self::rotate($x6 + $x2, 18); |
|
| 65 | - $x3 ^= self::rotate($x15 + $x11, 7); |
|
| 66 | - $x7 ^= self::rotate($x3 + $x15, 9); |
|
| 67 | - $x11 ^= self::rotate($x7 + $x3, 13); |
|
| 68 | - $x15 ^= self::rotate($x11 + $x7, 18); |
|
| 69 | - $x1 ^= self::rotate($x0 + $x3, 7); |
|
| 70 | - $x2 ^= self::rotate($x1 + $x0, 9); |
|
| 71 | - $x3 ^= self::rotate($x2 + $x1, 13); |
|
| 72 | - $x0 ^= self::rotate($x3 + $x2, 18); |
|
| 73 | - $x6 ^= self::rotate($x5 + $x4, 7); |
|
| 74 | - $x7 ^= self::rotate($x6 + $x5, 9); |
|
| 75 | - $x4 ^= self::rotate($x7 + $x6, 13); |
|
| 76 | - $x5 ^= self::rotate($x4 + $x7, 18); |
|
| 77 | - $x11 ^= self::rotate($x10 + $x9, 7); |
|
| 78 | - $x8 ^= self::rotate($x11 + $x10, 9); |
|
| 79 | - $x9 ^= self::rotate($x8 + $x11, 13); |
|
| 80 | - $x10 ^= self::rotate($x9 + $x8, 18); |
|
| 81 | - $x12 ^= self::rotate($x15 + $x14, 7); |
|
| 82 | - $x13 ^= self::rotate($x12 + $x15, 9); |
|
| 83 | - $x14 ^= self::rotate($x13 + $x12, 13); |
|
| 84 | - $x15 ^= self::rotate($x14 + $x13, 18); |
|
| 85 | - } |
|
| 52 | + for ($i = self::ROUNDS; $i > 0; $i -= 2) { |
|
| 53 | + $x4 ^= self::rotate($x0 + $x12, 7); |
|
| 54 | + $x8 ^= self::rotate($x4 + $x0, 9); |
|
| 55 | + $x12 ^= self::rotate($x8 + $x4, 13); |
|
| 56 | + $x0 ^= self::rotate($x12 + $x8, 18); |
|
| 57 | + $x9 ^= self::rotate($x5 + $x1, 7); |
|
| 58 | + $x13 ^= self::rotate($x9 + $x5, 9); |
|
| 59 | + $x1 ^= self::rotate($x13 + $x9, 13); |
|
| 60 | + $x5 ^= self::rotate($x1 + $x13, 18); |
|
| 61 | + $x14 ^= self::rotate($x10 + $x6, 7); |
|
| 62 | + $x2 ^= self::rotate($x14 + $x10, 9); |
|
| 63 | + $x6 ^= self::rotate($x2 + $x14, 13); |
|
| 64 | + $x10 ^= self::rotate($x6 + $x2, 18); |
|
| 65 | + $x3 ^= self::rotate($x15 + $x11, 7); |
|
| 66 | + $x7 ^= self::rotate($x3 + $x15, 9); |
|
| 67 | + $x11 ^= self::rotate($x7 + $x3, 13); |
|
| 68 | + $x15 ^= self::rotate($x11 + $x7, 18); |
|
| 69 | + $x1 ^= self::rotate($x0 + $x3, 7); |
|
| 70 | + $x2 ^= self::rotate($x1 + $x0, 9); |
|
| 71 | + $x3 ^= self::rotate($x2 + $x1, 13); |
|
| 72 | + $x0 ^= self::rotate($x3 + $x2, 18); |
|
| 73 | + $x6 ^= self::rotate($x5 + $x4, 7); |
|
| 74 | + $x7 ^= self::rotate($x6 + $x5, 9); |
|
| 75 | + $x4 ^= self::rotate($x7 + $x6, 13); |
|
| 76 | + $x5 ^= self::rotate($x4 + $x7, 18); |
|
| 77 | + $x11 ^= self::rotate($x10 + $x9, 7); |
|
| 78 | + $x8 ^= self::rotate($x11 + $x10, 9); |
|
| 79 | + $x9 ^= self::rotate($x8 + $x11, 13); |
|
| 80 | + $x10 ^= self::rotate($x9 + $x8, 18); |
|
| 81 | + $x12 ^= self::rotate($x15 + $x14, 7); |
|
| 82 | + $x13 ^= self::rotate($x12 + $x15, 9); |
|
| 83 | + $x14 ^= self::rotate($x13 + $x12, 13); |
|
| 84 | + $x15 ^= self::rotate($x14 + $x13, 18); |
|
| 85 | + } |
|
| 86 | 86 | |
| 87 | - return self::store32_le($x0) . |
|
| 88 | - self::store32_le($x5) . |
|
| 89 | - self::store32_le($x10) . |
|
| 90 | - self::store32_le($x15) . |
|
| 91 | - self::store32_le($x6) . |
|
| 92 | - self::store32_le($x7) . |
|
| 93 | - self::store32_le($x8) . |
|
| 94 | - self::store32_le($x9); |
|
| 95 | - } |
|
| 87 | + return self::store32_le($x0) . |
|
| 88 | + self::store32_le($x5) . |
|
| 89 | + self::store32_le($x10) . |
|
| 90 | + self::store32_le($x15) . |
|
| 91 | + self::store32_le($x6) . |
|
| 92 | + self::store32_le($x7) . |
|
| 93 | + self::store32_le($x8) . |
|
| 94 | + self::store32_le($x9); |
|
| 95 | + } |
|
| 96 | 96 | } |
@@ -1,6 +1,6 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -if (class_exists('ParagonIE_Sodium_Core_HSalsa20', false)) { |
|
| 3 | +if ( class_exists( 'ParagonIE_Sodium_Core_HSalsa20', false ) ) { |
|
| 4 | 4 | return; |
| 5 | 5 | } |
| 6 | 6 | |
@@ -23,74 +23,74 @@ discard block |
||
| 23 | 23 | * @return string |
| 24 | 24 | * @throws TypeError |
| 25 | 25 | */ |
| 26 | - public static function hsalsa20($in, $k, $c = null) |
|
| 26 | + public static function hsalsa20( $in, $k, $c = null ) |
|
| 27 | 27 | { |
| 28 | - if ($c === null) { |
|
| 28 | + if ( $c === null ) { |
|
| 29 | 29 | $x0 = 0x61707865; |
| 30 | 30 | $x5 = 0x3320646e; |
| 31 | 31 | $x10 = 0x79622d32; |
| 32 | 32 | $x15 = 0x6b206574; |
| 33 | 33 | } else { |
| 34 | - $x0 = self::load_4(self::substr($c, 0, 4)); |
|
| 35 | - $x5 = self::load_4(self::substr($c, 4, 4)); |
|
| 36 | - $x10 = self::load_4(self::substr($c, 8, 4)); |
|
| 37 | - $x15 = self::load_4(self::substr($c, 12, 4)); |
|
| 34 | + $x0 = self::load_4( self::substr( $c, 0, 4 ) ); |
|
| 35 | + $x5 = self::load_4( self::substr( $c, 4, 4 ) ); |
|
| 36 | + $x10 = self::load_4( self::substr( $c, 8, 4 ) ); |
|
| 37 | + $x15 = self::load_4( self::substr( $c, 12, 4 ) ); |
|
| 38 | 38 | } |
| 39 | - $x1 = self::load_4(self::substr($k, 0, 4)); |
|
| 40 | - $x2 = self::load_4(self::substr($k, 4, 4)); |
|
| 41 | - $x3 = self::load_4(self::substr($k, 8, 4)); |
|
| 42 | - $x4 = self::load_4(self::substr($k, 12, 4)); |
|
| 43 | - $x11 = self::load_4(self::substr($k, 16, 4)); |
|
| 44 | - $x12 = self::load_4(self::substr($k, 20, 4)); |
|
| 45 | - $x13 = self::load_4(self::substr($k, 24, 4)); |
|
| 46 | - $x14 = self::load_4(self::substr($k, 28, 4)); |
|
| 47 | - $x6 = self::load_4(self::substr($in, 0, 4)); |
|
| 48 | - $x7 = self::load_4(self::substr($in, 4, 4)); |
|
| 49 | - $x8 = self::load_4(self::substr($in, 8, 4)); |
|
| 50 | - $x9 = self::load_4(self::substr($in, 12, 4)); |
|
| 39 | + $x1 = self::load_4( self::substr( $k, 0, 4 ) ); |
|
| 40 | + $x2 = self::load_4( self::substr( $k, 4, 4 ) ); |
|
| 41 | + $x3 = self::load_4( self::substr( $k, 8, 4 ) ); |
|
| 42 | + $x4 = self::load_4( self::substr( $k, 12, 4 ) ); |
|
| 43 | + $x11 = self::load_4( self::substr( $k, 16, 4 ) ); |
|
| 44 | + $x12 = self::load_4( self::substr( $k, 20, 4 ) ); |
|
| 45 | + $x13 = self::load_4( self::substr( $k, 24, 4 ) ); |
|
| 46 | + $x14 = self::load_4( self::substr( $k, 28, 4 ) ); |
|
| 47 | + $x6 = self::load_4( self::substr( $in, 0, 4 ) ); |
|
| 48 | + $x7 = self::load_4( self::substr( $in, 4, 4 ) ); |
|
| 49 | + $x8 = self::load_4( self::substr( $in, 8, 4 ) ); |
|
| 50 | + $x9 = self::load_4( self::substr( $in, 12, 4 ) ); |
|
| 51 | 51 | |
| 52 | - for ($i = self::ROUNDS; $i > 0; $i -= 2) { |
|
| 53 | - $x4 ^= self::rotate($x0 + $x12, 7); |
|
| 54 | - $x8 ^= self::rotate($x4 + $x0, 9); |
|
| 55 | - $x12 ^= self::rotate($x8 + $x4, 13); |
|
| 56 | - $x0 ^= self::rotate($x12 + $x8, 18); |
|
| 57 | - $x9 ^= self::rotate($x5 + $x1, 7); |
|
| 58 | - $x13 ^= self::rotate($x9 + $x5, 9); |
|
| 59 | - $x1 ^= self::rotate($x13 + $x9, 13); |
|
| 60 | - $x5 ^= self::rotate($x1 + $x13, 18); |
|
| 61 | - $x14 ^= self::rotate($x10 + $x6, 7); |
|
| 62 | - $x2 ^= self::rotate($x14 + $x10, 9); |
|
| 63 | - $x6 ^= self::rotate($x2 + $x14, 13); |
|
| 64 | - $x10 ^= self::rotate($x6 + $x2, 18); |
|
| 65 | - $x3 ^= self::rotate($x15 + $x11, 7); |
|
| 66 | - $x7 ^= self::rotate($x3 + $x15, 9); |
|
| 67 | - $x11 ^= self::rotate($x7 + $x3, 13); |
|
| 68 | - $x15 ^= self::rotate($x11 + $x7, 18); |
|
| 69 | - $x1 ^= self::rotate($x0 + $x3, 7); |
|
| 70 | - $x2 ^= self::rotate($x1 + $x0, 9); |
|
| 71 | - $x3 ^= self::rotate($x2 + $x1, 13); |
|
| 72 | - $x0 ^= self::rotate($x3 + $x2, 18); |
|
| 73 | - $x6 ^= self::rotate($x5 + $x4, 7); |
|
| 74 | - $x7 ^= self::rotate($x6 + $x5, 9); |
|
| 75 | - $x4 ^= self::rotate($x7 + $x6, 13); |
|
| 76 | - $x5 ^= self::rotate($x4 + $x7, 18); |
|
| 77 | - $x11 ^= self::rotate($x10 + $x9, 7); |
|
| 78 | - $x8 ^= self::rotate($x11 + $x10, 9); |
|
| 79 | - $x9 ^= self::rotate($x8 + $x11, 13); |
|
| 80 | - $x10 ^= self::rotate($x9 + $x8, 18); |
|
| 81 | - $x12 ^= self::rotate($x15 + $x14, 7); |
|
| 82 | - $x13 ^= self::rotate($x12 + $x15, 9); |
|
| 83 | - $x14 ^= self::rotate($x13 + $x12, 13); |
|
| 84 | - $x15 ^= self::rotate($x14 + $x13, 18); |
|
| 52 | + for ( $i = self::ROUNDS; $i > 0; $i -= 2 ) { |
|
| 53 | + $x4 ^= self::rotate( $x0 + $x12, 7 ); |
|
| 54 | + $x8 ^= self::rotate( $x4 + $x0, 9 ); |
|
| 55 | + $x12 ^= self::rotate( $x8 + $x4, 13 ); |
|
| 56 | + $x0 ^= self::rotate( $x12 + $x8, 18 ); |
|
| 57 | + $x9 ^= self::rotate( $x5 + $x1, 7 ); |
|
| 58 | + $x13 ^= self::rotate( $x9 + $x5, 9 ); |
|
| 59 | + $x1 ^= self::rotate( $x13 + $x9, 13 ); |
|
| 60 | + $x5 ^= self::rotate( $x1 + $x13, 18 ); |
|
| 61 | + $x14 ^= self::rotate( $x10 + $x6, 7 ); |
|
| 62 | + $x2 ^= self::rotate( $x14 + $x10, 9 ); |
|
| 63 | + $x6 ^= self::rotate( $x2 + $x14, 13 ); |
|
| 64 | + $x10 ^= self::rotate( $x6 + $x2, 18 ); |
|
| 65 | + $x3 ^= self::rotate( $x15 + $x11, 7 ); |
|
| 66 | + $x7 ^= self::rotate( $x3 + $x15, 9 ); |
|
| 67 | + $x11 ^= self::rotate( $x7 + $x3, 13 ); |
|
| 68 | + $x15 ^= self::rotate( $x11 + $x7, 18 ); |
|
| 69 | + $x1 ^= self::rotate( $x0 + $x3, 7 ); |
|
| 70 | + $x2 ^= self::rotate( $x1 + $x0, 9 ); |
|
| 71 | + $x3 ^= self::rotate( $x2 + $x1, 13 ); |
|
| 72 | + $x0 ^= self::rotate( $x3 + $x2, 18 ); |
|
| 73 | + $x6 ^= self::rotate( $x5 + $x4, 7 ); |
|
| 74 | + $x7 ^= self::rotate( $x6 + $x5, 9 ); |
|
| 75 | + $x4 ^= self::rotate( $x7 + $x6, 13 ); |
|
| 76 | + $x5 ^= self::rotate( $x4 + $x7, 18 ); |
|
| 77 | + $x11 ^= self::rotate( $x10 + $x9, 7 ); |
|
| 78 | + $x8 ^= self::rotate( $x11 + $x10, 9 ); |
|
| 79 | + $x9 ^= self::rotate( $x8 + $x11, 13 ); |
|
| 80 | + $x10 ^= self::rotate( $x9 + $x8, 18 ); |
|
| 81 | + $x12 ^= self::rotate( $x15 + $x14, 7 ); |
|
| 82 | + $x13 ^= self::rotate( $x12 + $x15, 9 ); |
|
| 83 | + $x14 ^= self::rotate( $x13 + $x12, 13 ); |
|
| 84 | + $x15 ^= self::rotate( $x14 + $x13, 18 ); |
|
| 85 | 85 | } |
| 86 | 86 | |
| 87 | - return self::store32_le($x0) . |
|
| 88 | - self::store32_le($x5) . |
|
| 89 | - self::store32_le($x10) . |
|
| 90 | - self::store32_le($x15) . |
|
| 91 | - self::store32_le($x6) . |
|
| 92 | - self::store32_le($x7) . |
|
| 93 | - self::store32_le($x8) . |
|
| 94 | - self::store32_le($x9); |
|
| 87 | + return self::store32_le( $x0 ) . |
|
| 88 | + self::store32_le( $x5 ) . |
|
| 89 | + self::store32_le( $x10 ) . |
|
| 90 | + self::store32_le( $x15 ) . |
|
| 91 | + self::store32_le( $x6 ) . |
|
| 92 | + self::store32_le( $x7 ) . |
|
| 93 | + self::store32_le( $x8 ) . |
|
| 94 | + self::store32_le( $x9 ); |
|
| 95 | 95 | } |
| 96 | 96 | } |
@@ -7,8 +7,7 @@ discard block |
||
| 7 | 7 | /** |
| 8 | 8 | * Class ParagonIE_Sodium_Core_HSalsa20 |
| 9 | 9 | */ |
| 10 | -abstract class ParagonIE_Sodium_Core_HSalsa20 extends ParagonIE_Sodium_Core_Salsa20 |
|
| 11 | -{ |
|
| 10 | +abstract class ParagonIE_Sodium_Core_HSalsa20 extends ParagonIE_Sodium_Core_Salsa20 { |
|
| 12 | 11 | /** |
| 13 | 12 | * Calculate an hsalsa20 hash of a single block |
| 14 | 13 | * |
@@ -23,8 +22,7 @@ discard block |
||
| 23 | 22 | * @return string |
| 24 | 23 | * @throws TypeError |
| 25 | 24 | */ |
| 26 | - public static function hsalsa20($in, $k, $c = null) |
|
| 27 | - { |
|
| 25 | + public static function hsalsa20($in, $k, $c = null) { |
|
| 28 | 26 | if ($c === null) { |
| 29 | 27 | $x0 = 0x61707865; |
| 30 | 28 | $x5 = 0x3320646e; |
