diff options
Diffstat (limited to 'vendor/paragonie/sodium_compat/src/Core32')
9 files changed, 1283 insertions, 1280 deletions
diff --git a/vendor/paragonie/sodium_compat/src/Core32/BLAKE2b.php b/vendor/paragonie/sodium_compat/src/Core32/BLAKE2b.php index cda1a2c..0fed21a 100644 --- a/vendor/paragonie/sodium_compat/src/Core32/BLAKE2b.php +++ b/vendor/paragonie/sodium_compat/src/Core32/BLAKE2b.php @@ -1,719 +1,719 @@ -<?php
-
-if (class_exists('ParagonIE_Sodium_Core_BLAKE2b', false)) {
- return;
-}
-
-/**
- * Class ParagonIE_Sodium_Core_BLAKE2b
- *
- * Based on the work of Devi Mandiri in devi/salt.
- */
-abstract class ParagonIE_Sodium_Core32_BLAKE2b extends ParagonIE_Sodium_Core_Util
-{
- /**
- * @var SplFixedArray
- */
- public static $iv;
-
- /**
- * @var array<int, array<int, int>>
- */
- public static $sigma = array(
- array( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15),
- array( 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3),
- array( 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4),
- array( 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8),
- array( 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13),
- array( 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9),
- array( 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11),
- array( 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10),
- array( 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5),
- array( 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0),
- array( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15),
- array( 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3)
- );
-
- const BLOCKBYTES = 128;
- const OUTBYTES = 64;
- const KEYBYTES = 64;
-
- /**
- * Turn two 32-bit integers into a fixed array representing a 64-bit integer.
- *
- * @internal You should not use this directly from another application
- *
- * @param int $high
- * @param int $low
- * @return ParagonIE_Sodium_Core32_Int64
- * @throws SodiumException
- * @throws TypeError
- */
- public static function new64($high, $low)
- {
- return ParagonIE_Sodium_Core32_Int64::fromInts($low, $high);
- }
-
- /**
- * Convert an arbitrary number into an SplFixedArray of two 32-bit integers
- * that represents a 64-bit integer.
- *
- * @internal You should not use this directly from another application
- *
- * @param int $num
- * @return ParagonIE_Sodium_Core32_Int64
- * @throws SodiumException
- * @throws TypeError
- */
- protected static function to64($num)
- {
- list($hi, $lo) = self::numericTo64BitInteger($num);
- return self::new64($hi, $lo);
- }
-
- /**
- * Adds two 64-bit integers together, returning their sum as a SplFixedArray
- * containing two 32-bit integers (representing a 64-bit integer).
- *
- * @internal You should not use this directly from another application
- *
- * @param ParagonIE_Sodium_Core32_Int64 $x
- * @param ParagonIE_Sodium_Core32_Int64 $y
- * @return ParagonIE_Sodium_Core32_Int64
- */
- protected static function add64($x, $y)
- {
- return $x->addInt64($y);
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param ParagonIE_Sodium_Core32_Int64 $x
- * @param ParagonIE_Sodium_Core32_Int64 $y
- * @param ParagonIE_Sodium_Core32_Int64 $z
- * @return ParagonIE_Sodium_Core32_Int64
- */
- public static function add364($x, $y, $z)
- {
- return $x->addInt64($y)->addInt64($z);
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param ParagonIE_Sodium_Core32_Int64 $x
- * @param ParagonIE_Sodium_Core32_Int64 $y
- * @return ParagonIE_Sodium_Core32_Int64
- * @throws TypeError
- */
- public static function xor64(ParagonIE_Sodium_Core32_Int64 $x, ParagonIE_Sodium_Core32_Int64 $y)
- {
- return $x->xorInt64($y);
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param ParagonIE_Sodium_Core32_Int64 $x
- * @param int $c
- * @return ParagonIE_Sodium_Core32_Int64
- * @throws SodiumException
- * @throws TypeError
- */
- public static function rotr64(ParagonIE_Sodium_Core32_Int64 $x, $c)
- {
- return $x->rotateRight($c);
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param SplFixedArray $x
- * @param int $i
- * @return ParagonIE_Sodium_Core32_Int64
- * @throws SodiumException
- * @throws TypeError
- */
- public static function load64($x, $i)
- {
- /** @var int $l */
- $l = (int) ($x[$i])
- | ((int) ($x[$i+1]) << 8)
- | ((int) ($x[$i+2]) << 16)
- | ((int) ($x[$i+3]) << 24);
- /** @var int $h */
- $h = (int) ($x[$i+4])
- | ((int) ($x[$i+5]) << 8)
- | ((int) ($x[$i+6]) << 16)
- | ((int) ($x[$i+7]) << 24);
- return self::new64($h, $l);
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param SplFixedArray $x
- * @param int $i
- * @param ParagonIE_Sodium_Core32_Int64 $u
- * @return void
- * @throws TypeError
- * @psalm-suppress MixedArgument
- * @psalm-suppress MixedAssignment
- * @psalm-suppress MixedArrayAccess
- * @psalm-suppress MixedArrayAssignment
- * @psalm-suppress MixedArrayOffset
- */
- public static function store64(SplFixedArray $x, $i, ParagonIE_Sodium_Core32_Int64 $u)
- {
- $v = clone $u;
- $maxLength = $x->getSize() - 1;
- for ($j = 0; $j < 8; ++$j) {
- $k = 3 - ($j >> 1);
- $x[$i] = $v->limbs[$k] & 0xff;
- if (++$i > $maxLength) {
- return;
- }
- $v->limbs[$k] >>= 8;
- }
- }
-
- /**
- * This just sets the $iv static variable.
- *
- * @internal You should not use this directly from another application
- *
- * @return void
- * @throws SodiumException
- * @throws TypeError
- */
- public static function pseudoConstructor()
- {
- static $called = false;
- if ($called) {
- return;
- }
- self::$iv = new SplFixedArray(8);
- self::$iv[0] = self::new64(0x6a09e667, 0xf3bcc908);
- self::$iv[1] = self::new64(0xbb67ae85, 0x84caa73b);
- self::$iv[2] = self::new64(0x3c6ef372, 0xfe94f82b);
- self::$iv[3] = self::new64(0xa54ff53a, 0x5f1d36f1);
- self::$iv[4] = self::new64(0x510e527f, 0xade682d1);
- self::$iv[5] = self::new64(0x9b05688c, 0x2b3e6c1f);
- self::$iv[6] = self::new64(0x1f83d9ab, 0xfb41bd6b);
- self::$iv[7] = self::new64(0x5be0cd19, 0x137e2179);
-
- $called = true;
- }
-
- /**
- * Returns a fresh BLAKE2 context.
- *
- * @internal You should not use this directly from another application
- *
- * @return SplFixedArray
- * @throws TypeError
- * @psalm-suppress MixedArgument
- * @psalm-suppress MixedAssignment
- * @psalm-suppress MixedArrayAccess
- * @psalm-suppress MixedArrayAssignment
- * @psalm-suppress MixedArrayOffset
- * @throws SodiumException
- * @throws TypeError
- */
- protected static function context()
- {
- $ctx = new SplFixedArray(6);
- $ctx[0] = new SplFixedArray(8); // h
- $ctx[1] = new SplFixedArray(2); // t
- $ctx[2] = new SplFixedArray(2); // f
- $ctx[3] = new SplFixedArray(256); // buf
- $ctx[4] = 0; // buflen
- $ctx[5] = 0; // last_node (uint8_t)
-
- for ($i = 8; $i--;) {
- $ctx[0][$i] = self::$iv[$i];
- }
- for ($i = 256; $i--;) {
- $ctx[3][$i] = 0;
- }
-
- $zero = self::new64(0, 0);
- $ctx[1][0] = $zero;
- $ctx[1][1] = $zero;
- $ctx[2][0] = $zero;
- $ctx[2][1] = $zero;
-
- return $ctx;
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param SplFixedArray $ctx
- * @param SplFixedArray $buf
- * @return void
- * @throws SodiumException
- * @throws TypeError
- * @psalm-suppress MixedArgument
- * @psalm-suppress MixedArrayAccess
- * @psalm-suppress MixedArrayAssignment
- * @psalm-suppress MixedAssignment
- */
- protected static function compress(SplFixedArray $ctx, SplFixedArray $buf)
- {
- $m = new SplFixedArray(16);
- $v = new SplFixedArray(16);
-
- for ($i = 16; $i--;) {
- $m[$i] = self::load64($buf, $i << 3);
- }
-
- for ($i = 8; $i--;) {
- $v[$i] = $ctx[0][$i];
- }
-
- $v[ 8] = self::$iv[0];
- $v[ 9] = self::$iv[1];
- $v[10] = self::$iv[2];
- $v[11] = self::$iv[3];
-
- $v[12] = self::xor64($ctx[1][0], self::$iv[4]);
- $v[13] = self::xor64($ctx[1][1], self::$iv[5]);
- $v[14] = self::xor64($ctx[2][0], self::$iv[6]);
- $v[15] = self::xor64($ctx[2][1], self::$iv[7]);
-
- for ($r = 0; $r < 12; ++$r) {
- $v = self::G($r, 0, 0, 4, 8, 12, $v, $m);
- $v = self::G($r, 1, 1, 5, 9, 13, $v, $m);
- $v = self::G($r, 2, 2, 6, 10, 14, $v, $m);
- $v = self::G($r, 3, 3, 7, 11, 15, $v, $m);
- $v = self::G($r, 4, 0, 5, 10, 15, $v, $m);
- $v = self::G($r, 5, 1, 6, 11, 12, $v, $m);
- $v = self::G($r, 6, 2, 7, 8, 13, $v, $m);
- $v = self::G($r, 7, 3, 4, 9, 14, $v, $m);
- }
-
- for ($i = 8; $i--;) {
- $ctx[0][$i] = self::xor64(
- $ctx[0][$i], self::xor64($v[$i], $v[$i+8])
- );
- }
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param int $r
- * @param int $i
- * @param int $a
- * @param int $b
- * @param int $c
- * @param int $d
- * @param SplFixedArray $v
- * @param SplFixedArray $m
- * @return SplFixedArray
- * @throws SodiumException
- * @throws TypeError
- * @psalm-suppress MixedArgument
- * @psalm-suppress MixedArrayOffset
- */
- public static function G($r, $i, $a, $b, $c, $d, SplFixedArray $v, SplFixedArray $m)
- {
- $v[$a] = self::add364($v[$a], $v[$b], $m[self::$sigma[$r][$i << 1]]);
- $v[$d] = self::rotr64(self::xor64($v[$d], $v[$a]), 32);
- $v[$c] = self::add64($v[$c], $v[$d]);
- $v[$b] = self::rotr64(self::xor64($v[$b], $v[$c]), 24);
- $v[$a] = self::add364($v[$a], $v[$b], $m[self::$sigma[$r][($i << 1) + 1]]);
- $v[$d] = self::rotr64(self::xor64($v[$d], $v[$a]), 16);
- $v[$c] = self::add64($v[$c], $v[$d]);
- $v[$b] = self::rotr64(self::xor64($v[$b], $v[$c]), 63);
- return $v;
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param SplFixedArray $ctx
- * @param int $inc
- * @return void
- * @throws SodiumException
- * @throws TypeError
- * @psalm-suppress MixedArgument
- * @psalm-suppress MixedArrayAccess
- * @psalm-suppress MixedArrayAssignment
- */
- public static function increment_counter($ctx, $inc)
- {
- if ($inc < 0) {
- throw new SodiumException('Increasing by a negative number makes no sense.');
- }
- $t = self::to64($inc);
- # S->t is $ctx[1] in our implementation
-
- # S->t[0] = ( uint64_t )( t >> 0 );
- $ctx[1][0] = self::add64($ctx[1][0], $t);
-
- # S->t[1] += ( S->t[0] < inc );
- if (!($ctx[1][0] instanceof ParagonIE_Sodium_Core32_Int64)) {
- throw new TypeError('Not an int64');
- }
- /** @var ParagonIE_Sodium_Core32_Int64 $c*/
- $c = $ctx[1][0];
- if ($c->isLessThanInt($inc)) {
- $ctx[1][1] = self::add64($ctx[1][1], self::to64(1));
- }
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param SplFixedArray $ctx
- * @param SplFixedArray $p
- * @param int $plen
- * @return void
- * @throws SodiumException
- * @throws TypeError
- * @psalm-suppress MixedArgument
- * @psalm-suppress MixedAssignment
- * @psalm-suppress MixedArrayAccess
- * @psalm-suppress MixedArrayAssignment
- * @psalm-suppress MixedArrayOffset
- * @psalm-suppress MixedMethodCall
- * @psalm-suppress MixedOperand
- */
- public static function update(SplFixedArray $ctx, SplFixedArray $p, $plen)
- {
- self::pseudoConstructor();
-
- $offset = 0;
- while ($plen > 0) {
- $left = $ctx[4];
- $fill = 256 - $left;
-
- if ($plen > $fill) {
- # memcpy( S->buf + left, in, fill ); /* Fill buffer */
- for ($i = $fill; $i--;) {
- $ctx[3][$i + $left] = $p[$i + $offset];
- }
-
- # S->buflen += fill;
- $ctx[4] += $fill;
-
- # blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );
- self::increment_counter($ctx, 128);
-
- # blake2b_compress( S, S->buf ); /* Compress */
- self::compress($ctx, $ctx[3]);
-
- # memcpy( S->buf, S->buf + BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES ); /* Shift buffer left */
- for ($i = 128; $i--;) {
- $ctx[3][$i] = $ctx[3][$i + 128];
- }
-
- # S->buflen -= BLAKE2B_BLOCKBYTES;
- $ctx[4] -= 128;
-
- # in += fill;
- $offset += $fill;
-
- # inlen -= fill;
- $plen -= $fill;
- } else {
- for ($i = $plen; $i--;) {
- $ctx[3][$i + $left] = $p[$i + $offset];
- }
- $ctx[4] += $plen;
- $offset += $plen;
- $plen -= $plen;
- }
- }
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param SplFixedArray $ctx
- * @param SplFixedArray $out
- * @return SplFixedArray
- * @throws SodiumException
- * @throws TypeError
- * @psalm-suppress MixedArgument
- * @psalm-suppress MixedAssignment
- * @psalm-suppress MixedArrayAccess
- * @psalm-suppress MixedArrayAssignment
- * @psalm-suppress MixedArrayOffset
- * @psalm-suppress MixedMethodCall
- * @psalm-suppress MixedOperand
- */
- public static function finish(SplFixedArray $ctx, SplFixedArray $out)
- {
- self::pseudoConstructor();
- if ($ctx[4] > 128) {
- self::increment_counter($ctx, 128);
- self::compress($ctx, $ctx[3]);
- $ctx[4] -= 128;
- if ($ctx[4] > 128) {
- throw new SodiumException('Failed to assert that buflen <= 128 bytes');
- }
- for ($i = $ctx[4]; $i--;) {
- $ctx[3][$i] = $ctx[3][$i + 128];
- }
- }
-
- self::increment_counter($ctx, $ctx[4]);
- $ctx[2][0] = self::new64(0xffffffff, 0xffffffff);
-
- for ($i = 256 - $ctx[4]; $i--;) {
- /** @var int $i */
- $ctx[3][$i + $ctx[4]] = 0;
- }
-
- self::compress($ctx, $ctx[3]);
-
- $i = (int) (($out->getSize() - 1) / 8);
- for (; $i >= 0; --$i) {
- self::store64($out, $i << 3, $ctx[0][$i]);
- }
- return $out;
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param SplFixedArray|null $key
- * @param int $outlen
- * @param SplFixedArray|null $salt
- * @param SplFixedArray|null $personal
- * @return SplFixedArray
- * @throws SodiumException
- * @throws TypeError
- * @psalm-suppress MixedArgument
- * @psalm-suppress MixedAssignment
- * @psalm-suppress MixedArrayAccess
- * @psalm-suppress MixedArrayAssignment
- * @psalm-suppress MixedMethodCall
- */
- public static function init(
- $key = null,
- $outlen = 64,
- $salt = null,
- $personal = null
- ) {
- self::pseudoConstructor();
- $klen = 0;
-
- if ($key !== null) {
- if (count($key) > 64) {
- throw new SodiumException('Invalid key size');
- }
- $klen = count($key);
- }
-
- if ($outlen > 64) {
- throw new SodiumException('Invalid output size');
- }
-
- $ctx = self::context();
-
- $p = new SplFixedArray(64);
- // Zero our param buffer...
- for ($i = 64; --$i;) {
- $p[$i] = 0;
- }
-
- $p[0] = $outlen; // digest_length
- $p[1] = $klen; // key_length
- $p[2] = 1; // fanout
- $p[3] = 1; // depth
-
- if ($salt instanceof SplFixedArray) {
- // salt: [32] through [47]
- for ($i = 0; $i < 16; ++$i) {
- $p[32 + $i] = (int) $salt[$i];
- }
- }
- if ($personal instanceof SplFixedArray) {
- // personal: [48] through [63]
- for ($i = 0; $i < 16; ++$i) {
- $p[48 + $i] = (int) $personal[$i];
- }
- }
-
- $ctx[0][0] = self::xor64(
- $ctx[0][0],
- self::load64($p, 0)
- );
-
- if ($salt instanceof SplFixedArray || $personal instanceof SplFixedArray) {
- // We need to do what blake2b_init_param() does:
- for ($i = 1; $i < 8; ++$i) {
- $ctx[0][$i] = self::xor64(
- $ctx[0][$i],
- self::load64($p, $i << 3)
- );
- }
- }
-
- if ($klen > 0 && $key instanceof SplFixedArray) {
- $block = new SplFixedArray(128);
- for ($i = 128; $i--;) {
- $block[$i] = 0;
- }
- for ($i = $klen; $i--;) {
- $block[$i] = $key[$i];
- }
- self::update($ctx, $block, 128);
- $ctx[4] = 128;
- }
-
- return $ctx;
- }
-
- /**
- * Convert a string into an SplFixedArray of integers
- *
- * @internal You should not use this directly from another application
- *
- * @param string $str
- * @return SplFixedArray
- * @psalm-suppress MixedArgumentTypeCoercion
- */
- public static function stringToSplFixedArray($str = '')
- {
- $values = unpack('C*', $str);
- return SplFixedArray::fromArray(array_values($values));
- }
-
- /**
- * Convert an SplFixedArray of integers into a string
- *
- * @internal You should not use this directly from another application
- *
- * @param SplFixedArray $a
- * @return string
- */
- public static function SplFixedArrayToString(SplFixedArray $a)
- {
- /**
- * @var array<int, string|int>
- */
- $arr = $a->toArray();
- $c = $a->count();
- array_unshift($arr, str_repeat('C', $c));
- return (string) (call_user_func_array('pack', $arr));
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param SplFixedArray $ctx
- * @return string
- * @throws TypeError
- * @psalm-suppress MixedArgument
- * @psalm-suppress MixedArrayAccess
- * @psalm-suppress MixedArrayAssignment
- * @psalm-suppress MixedMethodCall
- */
- public static function contextToString(SplFixedArray $ctx)
- {
- $str = '';
- /** @var array<int, ParagonIE_Sodium_Core32_Int64> $ctxA */
- $ctxA = $ctx[0]->toArray();
-
- # uint64_t h[8];
- for ($i = 0; $i < 8; ++$i) {
- if (!($ctxA[$i] instanceof ParagonIE_Sodium_Core32_Int64)) {
- throw new TypeError('Not an instance of Int64');
- }
- /** @var ParagonIE_Sodium_Core32_Int64 $ctxAi */
- $ctxAi = $ctxA[$i];
- $str .= $ctxAi->toReverseString();
- }
-
- # uint64_t t[2];
- # uint64_t f[2];
- for ($i = 1; $i < 3; ++$i) {
- /** @var array<int, ParagonIE_Sodium_Core32_Int64> $ctxA */
- $ctxA = $ctx[$i]->toArray();
- /** @var ParagonIE_Sodium_Core32_Int64 $ctxA1 */
- $ctxA1 = $ctxA[0];
- /** @var ParagonIE_Sodium_Core32_Int64 $ctxA2 */
- $ctxA2 = $ctxA[1];
-
- $str .= $ctxA1->toReverseString();
- $str .= $ctxA2->toReverseString();
- }
-
- # uint8_t buf[2 * 128];
- $str .= self::SplFixedArrayToString($ctx[3]);
-
- /** @var int $ctx4 */
- $ctx4 = $ctx[4];
-
- # size_t buflen;
- $str .= implode('', array(
- self::intToChr($ctx4 & 0xff),
- self::intToChr(($ctx4 >> 8) & 0xff),
- self::intToChr(($ctx4 >> 16) & 0xff),
- self::intToChr(($ctx4 >> 24) & 0xff),
- "\x00\x00\x00\x00"
- /*
- self::intToChr(($ctx4 >> 32) & 0xff),
- self::intToChr(($ctx4 >> 40) & 0xff),
- self::intToChr(($ctx4 >> 48) & 0xff),
- self::intToChr(($ctx4 >> 56) & 0xff)
- */
- ));
- # uint8_t last_node;
- return $str . self::intToChr($ctx[5]) . str_repeat("\x00", 23);
- }
-
- /**
- * Creates an SplFixedArray containing other SplFixedArray elements, from
- * a string (compatible with \Sodium\crypto_generichash_{init, update, final})
- *
- * @internal You should not use this directly from another application
- *
- * @param string $string
- * @return SplFixedArray
- * @throws SodiumException
- * @throws TypeError
- * @psalm-suppress MixedArrayAccess
- * @psalm-suppress MixedArrayAssignment
- */
- public static function stringToContext($string)
- {
- $ctx = self::context();
-
- # uint64_t h[8];
- for ($i = 0; $i < 8; ++$i) {
- $ctx[0][$i] = ParagonIE_Sodium_Core32_Int64::fromReverseString(
- self::substr($string, (($i << 3) + 0), 8)
- );
- }
-
- # uint64_t t[2];
- # uint64_t f[2];
- for ($i = 1; $i < 3; ++$i) {
- $ctx[$i][1] = ParagonIE_Sodium_Core32_Int64::fromReverseString(
- self::substr($string, 72 + (($i - 1) << 4), 8)
- );
- $ctx[$i][0] = ParagonIE_Sodium_Core32_Int64::fromReverseString(
- self::substr($string, 64 + (($i - 1) << 4), 8)
- );
- }
-
- # uint8_t buf[2 * 128];
- $ctx[3] = self::stringToSplFixedArray(self::substr($string, 96, 256));
-
- # uint8_t buf[2 * 128];
- $int = 0;
- for ($i = 0; $i < 8; ++$i) {
- $int |= self::chrToInt($string[352 + $i]) << ($i << 3);
- }
- $ctx[4] = $int;
-
- return $ctx;
- }
-}
+<?php + +if (class_exists('ParagonIE_Sodium_Core_BLAKE2b', false)) { + return; +} + +/** + * Class ParagonIE_Sodium_Core_BLAKE2b + * + * Based on the work of Devi Mandiri in devi/salt. + */ +abstract class ParagonIE_Sodium_Core32_BLAKE2b extends ParagonIE_Sodium_Core_Util +{ + /** + * @var SplFixedArray + */ + public static $iv; + + /** + * @var array<int, array<int, int>> + */ + public static $sigma = array( + array( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15), + array( 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3), + array( 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4), + array( 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8), + array( 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13), + array( 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9), + array( 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11), + array( 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10), + array( 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5), + array( 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0), + array( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15), + array( 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3) + ); + + const BLOCKBYTES = 128; + const OUTBYTES = 64; + const KEYBYTES = 64; + + /** + * Turn two 32-bit integers into a fixed array representing a 64-bit integer. + * + * @internal You should not use this directly from another application + * + * @param int $high + * @param int $low + * @return ParagonIE_Sodium_Core32_Int64 + * @throws SodiumException + * @throws TypeError + */ + public static function new64($high, $low) + { + return ParagonIE_Sodium_Core32_Int64::fromInts($low, $high); + } + + /** + * Convert an arbitrary number into an SplFixedArray of two 32-bit integers + * that represents a 64-bit integer. + * + * @internal You should not use this directly from another application + * + * @param int $num + * @return ParagonIE_Sodium_Core32_Int64 + * @throws SodiumException + * @throws TypeError + */ + protected static function to64($num) + { + list($hi, $lo) = self::numericTo64BitInteger($num); + return self::new64($hi, $lo); + } + + /** + * Adds two 64-bit integers together, returning their sum as a SplFixedArray + * containing two 32-bit integers (representing a 64-bit integer). + * + * @internal You should not use this directly from another application + * + * @param ParagonIE_Sodium_Core32_Int64 $x + * @param ParagonIE_Sodium_Core32_Int64 $y + * @return ParagonIE_Sodium_Core32_Int64 + */ + protected static function add64($x, $y) + { + return $x->addInt64($y); + } + + /** + * @internal You should not use this directly from another application + * + * @param ParagonIE_Sodium_Core32_Int64 $x + * @param ParagonIE_Sodium_Core32_Int64 $y + * @param ParagonIE_Sodium_Core32_Int64 $z + * @return ParagonIE_Sodium_Core32_Int64 + */ + public static function add364($x, $y, $z) + { + return $x->addInt64($y)->addInt64($z); + } + + /** + * @internal You should not use this directly from another application + * + * @param ParagonIE_Sodium_Core32_Int64 $x + * @param ParagonIE_Sodium_Core32_Int64 $y + * @return ParagonIE_Sodium_Core32_Int64 + * @throws TypeError + */ + public static function xor64(ParagonIE_Sodium_Core32_Int64 $x, ParagonIE_Sodium_Core32_Int64 $y) + { + return $x->xorInt64($y); + } + + /** + * @internal You should not use this directly from another application + * + * @param ParagonIE_Sodium_Core32_Int64 $x + * @param int $c + * @return ParagonIE_Sodium_Core32_Int64 + * @throws SodiumException + * @throws TypeError + */ + public static function rotr64(ParagonIE_Sodium_Core32_Int64 $x, $c) + { + return $x->rotateRight($c); + } + + /** + * @internal You should not use this directly from another application + * + * @param SplFixedArray $x + * @param int $i + * @return ParagonIE_Sodium_Core32_Int64 + * @throws SodiumException + * @throws TypeError + */ + public static function load64($x, $i) + { + /** @var int $l */ + $l = (int) ($x[$i]) + | ((int) ($x[$i+1]) << 8) + | ((int) ($x[$i+2]) << 16) + | ((int) ($x[$i+3]) << 24); + /** @var int $h */ + $h = (int) ($x[$i+4]) + | ((int) ($x[$i+5]) << 8) + | ((int) ($x[$i+6]) << 16) + | ((int) ($x[$i+7]) << 24); + return self::new64($h, $l); + } + + /** + * @internal You should not use this directly from another application + * + * @param SplFixedArray $x + * @param int $i + * @param ParagonIE_Sodium_Core32_Int64 $u + * @return void + * @throws TypeError + * @psalm-suppress MixedArgument + * @psalm-suppress MixedAssignment + * @psalm-suppress MixedArrayAccess + * @psalm-suppress MixedArrayAssignment + * @psalm-suppress MixedArrayOffset + */ + public static function store64(SplFixedArray $x, $i, ParagonIE_Sodium_Core32_Int64 $u) + { + $v = clone $u; + $maxLength = $x->getSize() - 1; + for ($j = 0; $j < 8; ++$j) { + $k = 3 - ($j >> 1); + $x[$i] = $v->limbs[$k] & 0xff; + if (++$i > $maxLength) { + return; + } + $v->limbs[$k] >>= 8; + } + } + + /** + * This just sets the $iv static variable. + * + * @internal You should not use this directly from another application + * + * @return void + * @throws SodiumException + * @throws TypeError + */ + public static function pseudoConstructor() + { + static $called = false; + if ($called) { + return; + } + self::$iv = new SplFixedArray(8); + self::$iv[0] = self::new64(0x6a09e667, 0xf3bcc908); + self::$iv[1] = self::new64(0xbb67ae85, 0x84caa73b); + self::$iv[2] = self::new64(0x3c6ef372, 0xfe94f82b); + self::$iv[3] = self::new64(0xa54ff53a, 0x5f1d36f1); + self::$iv[4] = self::new64(0x510e527f, 0xade682d1); + self::$iv[5] = self::new64(0x9b05688c, 0x2b3e6c1f); + self::$iv[6] = self::new64(0x1f83d9ab, 0xfb41bd6b); + self::$iv[7] = self::new64(0x5be0cd19, 0x137e2179); + + $called = true; + } + + /** + * Returns a fresh BLAKE2 context. + * + * @internal You should not use this directly from another application + * + * @return SplFixedArray + * @throws TypeError + * @psalm-suppress MixedArgument + * @psalm-suppress MixedAssignment + * @psalm-suppress MixedArrayAccess + * @psalm-suppress MixedArrayAssignment + * @psalm-suppress MixedArrayOffset + * @throws SodiumException + * @throws TypeError + */ + protected static function context() + { + $ctx = new SplFixedArray(6); + $ctx[0] = new SplFixedArray(8); // h + $ctx[1] = new SplFixedArray(2); // t + $ctx[2] = new SplFixedArray(2); // f + $ctx[3] = new SplFixedArray(256); // buf + $ctx[4] = 0; // buflen + $ctx[5] = 0; // last_node (uint8_t) + + for ($i = 8; $i--;) { + $ctx[0][$i] = self::$iv[$i]; + } + for ($i = 256; $i--;) { + $ctx[3][$i] = 0; + } + + $zero = self::new64(0, 0); + $ctx[1][0] = $zero; + $ctx[1][1] = $zero; + $ctx[2][0] = $zero; + $ctx[2][1] = $zero; + + return $ctx; + } + + /** + * @internal You should not use this directly from another application + * + * @param SplFixedArray $ctx + * @param SplFixedArray $buf + * @return void + * @throws SodiumException + * @throws TypeError + * @psalm-suppress MixedArgument + * @psalm-suppress MixedArrayAccess + * @psalm-suppress MixedArrayAssignment + * @psalm-suppress MixedAssignment + */ + protected static function compress(SplFixedArray $ctx, SplFixedArray $buf) + { + $m = new SplFixedArray(16); + $v = new SplFixedArray(16); + + for ($i = 16; $i--;) { + $m[$i] = self::load64($buf, $i << 3); + } + + for ($i = 8; $i--;) { + $v[$i] = $ctx[0][$i]; + } + + $v[ 8] = self::$iv[0]; + $v[ 9] = self::$iv[1]; + $v[10] = self::$iv[2]; + $v[11] = self::$iv[3]; + + $v[12] = self::xor64($ctx[1][0], self::$iv[4]); + $v[13] = self::xor64($ctx[1][1], self::$iv[5]); + $v[14] = self::xor64($ctx[2][0], self::$iv[6]); + $v[15] = self::xor64($ctx[2][1], self::$iv[7]); + + for ($r = 0; $r < 12; ++$r) { + $v = self::G($r, 0, 0, 4, 8, 12, $v, $m); + $v = self::G($r, 1, 1, 5, 9, 13, $v, $m); + $v = self::G($r, 2, 2, 6, 10, 14, $v, $m); + $v = self::G($r, 3, 3, 7, 11, 15, $v, $m); + $v = self::G($r, 4, 0, 5, 10, 15, $v, $m); + $v = self::G($r, 5, 1, 6, 11, 12, $v, $m); + $v = self::G($r, 6, 2, 7, 8, 13, $v, $m); + $v = self::G($r, 7, 3, 4, 9, 14, $v, $m); + } + + for ($i = 8; $i--;) { + $ctx[0][$i] = self::xor64( + $ctx[0][$i], self::xor64($v[$i], $v[$i+8]) + ); + } + } + + /** + * @internal You should not use this directly from another application + * + * @param int $r + * @param int $i + * @param int $a + * @param int $b + * @param int $c + * @param int $d + * @param SplFixedArray $v + * @param SplFixedArray $m + * @return SplFixedArray + * @throws SodiumException + * @throws TypeError + * @psalm-suppress MixedArgument + * @psalm-suppress MixedArrayOffset + */ + public static function G($r, $i, $a, $b, $c, $d, SplFixedArray $v, SplFixedArray $m) + { + $v[$a] = self::add364($v[$a], $v[$b], $m[self::$sigma[$r][$i << 1]]); + $v[$d] = self::rotr64(self::xor64($v[$d], $v[$a]), 32); + $v[$c] = self::add64($v[$c], $v[$d]); + $v[$b] = self::rotr64(self::xor64($v[$b], $v[$c]), 24); + $v[$a] = self::add364($v[$a], $v[$b], $m[self::$sigma[$r][($i << 1) + 1]]); + $v[$d] = self::rotr64(self::xor64($v[$d], $v[$a]), 16); + $v[$c] = self::add64($v[$c], $v[$d]); + $v[$b] = self::rotr64(self::xor64($v[$b], $v[$c]), 63); + return $v; + } + + /** + * @internal You should not use this directly from another application + * + * @param SplFixedArray $ctx + * @param int $inc + * @return void + * @throws SodiumException + * @throws TypeError + * @psalm-suppress MixedArgument + * @psalm-suppress MixedArrayAccess + * @psalm-suppress MixedArrayAssignment + */ + public static function increment_counter($ctx, $inc) + { + if ($inc < 0) { + throw new SodiumException('Increasing by a negative number makes no sense.'); + } + $t = self::to64($inc); + # S->t is $ctx[1] in our implementation + + # S->t[0] = ( uint64_t )( t >> 0 ); + $ctx[1][0] = self::add64($ctx[1][0], $t); + + # S->t[1] += ( S->t[0] < inc ); + if (!($ctx[1][0] instanceof ParagonIE_Sodium_Core32_Int64)) { + throw new TypeError('Not an int64'); + } + /** @var ParagonIE_Sodium_Core32_Int64 $c*/ + $c = $ctx[1][0]; + if ($c->isLessThanInt($inc)) { + $ctx[1][1] = self::add64($ctx[1][1], self::to64(1)); + } + } + + /** + * @internal You should not use this directly from another application + * + * @param SplFixedArray $ctx + * @param SplFixedArray $p + * @param int $plen + * @return void + * @throws SodiumException + * @throws TypeError + * @psalm-suppress MixedArgument + * @psalm-suppress MixedAssignment + * @psalm-suppress MixedArrayAccess + * @psalm-suppress MixedArrayAssignment + * @psalm-suppress MixedArrayOffset + * @psalm-suppress MixedMethodCall + * @psalm-suppress MixedOperand + */ + public static function update(SplFixedArray $ctx, SplFixedArray $p, $plen) + { + self::pseudoConstructor(); + + $offset = 0; + while ($plen > 0) { + $left = $ctx[4]; + $fill = 256 - $left; + + if ($plen > $fill) { + # memcpy( S->buf + left, in, fill ); /* Fill buffer */ + for ($i = $fill; $i--;) { + $ctx[3][$i + $left] = $p[$i + $offset]; + } + + # S->buflen += fill; + $ctx[4] += $fill; + + # blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES ); + self::increment_counter($ctx, 128); + + # blake2b_compress( S, S->buf ); /* Compress */ + self::compress($ctx, $ctx[3]); + + # memcpy( S->buf, S->buf + BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES ); /* Shift buffer left */ + for ($i = 128; $i--;) { + $ctx[3][$i] = $ctx[3][$i + 128]; + } + + # S->buflen -= BLAKE2B_BLOCKBYTES; + $ctx[4] -= 128; + + # in += fill; + $offset += $fill; + + # inlen -= fill; + $plen -= $fill; + } else { + for ($i = $plen; $i--;) { + $ctx[3][$i + $left] = $p[$i + $offset]; + } + $ctx[4] += $plen; + $offset += $plen; + $plen -= $plen; + } + } + } + + /** + * @internal You should not use this directly from another application + * + * @param SplFixedArray $ctx + * @param SplFixedArray $out + * @return SplFixedArray + * @throws SodiumException + * @throws TypeError + * @psalm-suppress MixedArgument + * @psalm-suppress MixedAssignment + * @psalm-suppress MixedArrayAccess + * @psalm-suppress MixedArrayAssignment + * @psalm-suppress MixedArrayOffset + * @psalm-suppress MixedMethodCall + * @psalm-suppress MixedOperand + */ + public static function finish(SplFixedArray $ctx, SplFixedArray $out) + { + self::pseudoConstructor(); + if ($ctx[4] > 128) { + self::increment_counter($ctx, 128); + self::compress($ctx, $ctx[3]); + $ctx[4] -= 128; + if ($ctx[4] > 128) { + throw new SodiumException('Failed to assert that buflen <= 128 bytes'); + } + for ($i = $ctx[4]; $i--;) { + $ctx[3][$i] = $ctx[3][$i + 128]; + } + } + + self::increment_counter($ctx, $ctx[4]); + $ctx[2][0] = self::new64(0xffffffff, 0xffffffff); + + for ($i = 256 - $ctx[4]; $i--;) { + /** @var int $i */ + $ctx[3][$i + $ctx[4]] = 0; + } + + self::compress($ctx, $ctx[3]); + + $i = (int) (($out->getSize() - 1) / 8); + for (; $i >= 0; --$i) { + self::store64($out, $i << 3, $ctx[0][$i]); + } + return $out; + } + + /** + * @internal You should not use this directly from another application + * + * @param SplFixedArray|null $key + * @param int $outlen + * @param SplFixedArray|null $salt + * @param SplFixedArray|null $personal + * @return SplFixedArray + * @throws SodiumException + * @throws TypeError + * @psalm-suppress MixedArgument + * @psalm-suppress MixedAssignment + * @psalm-suppress MixedArrayAccess + * @psalm-suppress MixedArrayAssignment + * @psalm-suppress MixedMethodCall + */ + public static function init( + $key = null, + $outlen = 64, + $salt = null, + $personal = null + ) { + self::pseudoConstructor(); + $klen = 0; + + if ($key !== null) { + if (count($key) > 64) { + throw new SodiumException('Invalid key size'); + } + $klen = count($key); + } + + if ($outlen > 64) { + throw new SodiumException('Invalid output size'); + } + + $ctx = self::context(); + + $p = new SplFixedArray(64); + // Zero our param buffer... + for ($i = 64; --$i;) { + $p[$i] = 0; + } + + $p[0] = $outlen; // digest_length + $p[1] = $klen; // key_length + $p[2] = 1; // fanout + $p[3] = 1; // depth + + if ($salt instanceof SplFixedArray) { + // salt: [32] through [47] + for ($i = 0; $i < 16; ++$i) { + $p[32 + $i] = (int) $salt[$i]; + } + } + if ($personal instanceof SplFixedArray) { + // personal: [48] through [63] + for ($i = 0; $i < 16; ++$i) { + $p[48 + $i] = (int) $personal[$i]; + } + } + + $ctx[0][0] = self::xor64( + $ctx[0][0], + self::load64($p, 0) + ); + + if ($salt instanceof SplFixedArray || $personal instanceof SplFixedArray) { + // We need to do what blake2b_init_param() does: + for ($i = 1; $i < 8; ++$i) { + $ctx[0][$i] = self::xor64( + $ctx[0][$i], + self::load64($p, $i << 3) + ); + } + } + + if ($klen > 0 && $key instanceof SplFixedArray) { + $block = new SplFixedArray(128); + for ($i = 128; $i--;) { + $block[$i] = 0; + } + for ($i = $klen; $i--;) { + $block[$i] = $key[$i]; + } + self::update($ctx, $block, 128); + $ctx[4] = 128; + } + + return $ctx; + } + + /** + * Convert a string into an SplFixedArray of integers + * + * @internal You should not use this directly from another application + * + * @param string $str + * @return SplFixedArray + * @psalm-suppress MixedArgumentTypeCoercion + */ + public static function stringToSplFixedArray($str = '') + { + $values = unpack('C*', $str); + return SplFixedArray::fromArray(array_values($values)); + } + + /** + * Convert an SplFixedArray of integers into a string + * + * @internal You should not use this directly from another application + * + * @param SplFixedArray $a + * @return string + */ + public static function SplFixedArrayToString(SplFixedArray $a) + { + /** + * @var array<int, string|int> + */ + $arr = $a->toArray(); + $c = $a->count(); + array_unshift($arr, str_repeat('C', $c)); + return (string) (call_user_func_array('pack', $arr)); + } + + /** + * @internal You should not use this directly from another application + * + * @param SplFixedArray $ctx + * @return string + * @throws TypeError + * @psalm-suppress MixedArgument + * @psalm-suppress MixedArrayAccess + * @psalm-suppress MixedArrayAssignment + * @psalm-suppress MixedMethodCall + */ + public static function contextToString(SplFixedArray $ctx) + { + $str = ''; + /** @var array<int, ParagonIE_Sodium_Core32_Int64> $ctxA */ + $ctxA = $ctx[0]->toArray(); + + # uint64_t h[8]; + for ($i = 0; $i < 8; ++$i) { + if (!($ctxA[$i] instanceof ParagonIE_Sodium_Core32_Int64)) { + throw new TypeError('Not an instance of Int64'); + } + /** @var ParagonIE_Sodium_Core32_Int64 $ctxAi */ + $ctxAi = $ctxA[$i]; + $str .= $ctxAi->toReverseString(); + } + + # uint64_t t[2]; + # uint64_t f[2]; + for ($i = 1; $i < 3; ++$i) { + /** @var array<int, ParagonIE_Sodium_Core32_Int64> $ctxA */ + $ctxA = $ctx[$i]->toArray(); + /** @var ParagonIE_Sodium_Core32_Int64 $ctxA1 */ + $ctxA1 = $ctxA[0]; + /** @var ParagonIE_Sodium_Core32_Int64 $ctxA2 */ + $ctxA2 = $ctxA[1]; + + $str .= $ctxA1->toReverseString(); + $str .= $ctxA2->toReverseString(); + } + + # uint8_t buf[2 * 128]; + $str .= self::SplFixedArrayToString($ctx[3]); + + /** @var int $ctx4 */ + $ctx4 = $ctx[4]; + + # size_t buflen; + $str .= implode('', array( + self::intToChr($ctx4 & 0xff), + self::intToChr(($ctx4 >> 8) & 0xff), + self::intToChr(($ctx4 >> 16) & 0xff), + self::intToChr(($ctx4 >> 24) & 0xff), + "\x00\x00\x00\x00" + /* + self::intToChr(($ctx4 >> 32) & 0xff), + self::intToChr(($ctx4 >> 40) & 0xff), + self::intToChr(($ctx4 >> 48) & 0xff), + self::intToChr(($ctx4 >> 56) & 0xff) + */ + )); + # uint8_t last_node; + return $str . self::intToChr($ctx[5]) . str_repeat("\x00", 23); + } + + /** + * Creates an SplFixedArray containing other SplFixedArray elements, from + * a string (compatible with \Sodium\crypto_generichash_{init, update, final}) + * + * @internal You should not use this directly from another application + * + * @param string $string + * @return SplFixedArray + * @throws SodiumException + * @throws TypeError + * @psalm-suppress MixedArrayAccess + * @psalm-suppress MixedArrayAssignment + */ + public static function stringToContext($string) + { + $ctx = self::context(); + + # uint64_t h[8]; + for ($i = 0; $i < 8; ++$i) { + $ctx[0][$i] = ParagonIE_Sodium_Core32_Int64::fromReverseString( + self::substr($string, (($i << 3) + 0), 8) + ); + } + + # uint64_t t[2]; + # uint64_t f[2]; + for ($i = 1; $i < 3; ++$i) { + $ctx[$i][1] = ParagonIE_Sodium_Core32_Int64::fromReverseString( + self::substr($string, 72 + (($i - 1) << 4), 8) + ); + $ctx[$i][0] = ParagonIE_Sodium_Core32_Int64::fromReverseString( + self::substr($string, 64 + (($i - 1) << 4), 8) + ); + } + + # uint8_t buf[2 * 128]; + $ctx[3] = self::stringToSplFixedArray(self::substr($string, 96, 256)); + + # uint8_t buf[2 * 128]; + $int = 0; + for ($i = 0; $i < 8; ++$i) { + $int |= self::chrToInt($string[352 + $i]) << ($i << 3); + } + $ctx[4] = $int; + + return $ctx; + } +} diff --git a/vendor/paragonie/sodium_compat/src/Core32/ChaCha20/Ctx.php b/vendor/paragonie/sodium_compat/src/Core32/ChaCha20/Ctx.php index 3f47d03..37b058f 100644 --- a/vendor/paragonie/sodium_compat/src/Core32/ChaCha20/Ctx.php +++ b/vendor/paragonie/sodium_compat/src/Core32/ChaCha20/Ctx.php @@ -70,6 +70,7 @@ class ParagonIE_Sodium_Core32_ChaCha20_Ctx extends ParagonIE_Sodium_Core32_Util * @param int|ParagonIE_Sodium_Core32_Int32 $value * @return void */ + #[ReturnTypeWillChange] public function offsetSet($offset, $value) { if (!is_int($offset)) { @@ -93,6 +94,7 @@ class ParagonIE_Sodium_Core32_ChaCha20_Ctx extends ParagonIE_Sodium_Core32_Util * @return bool * @psalm-suppress MixedArrayOffset */ + #[ReturnTypeWillChange] public function offsetExists($offset) { return isset($this->container[$offset]); @@ -105,6 +107,7 @@ class ParagonIE_Sodium_Core32_ChaCha20_Ctx extends ParagonIE_Sodium_Core32_Util * @return void * @psalm-suppress MixedArrayOffset */ + #[ReturnTypeWillChange] public function offsetUnset($offset) { unset($this->container[$offset]); @@ -117,6 +120,7 @@ class ParagonIE_Sodium_Core32_ChaCha20_Ctx extends ParagonIE_Sodium_Core32_Util * @return mixed|null * @psalm-suppress MixedArrayOffset */ + #[ReturnTypeWillChange] public function offsetGet($offset) { return isset($this->container[$offset]) diff --git a/vendor/paragonie/sodium_compat/src/Core32/Curve25519.php b/vendor/paragonie/sodium_compat/src/Core32/Curve25519.php index d6d700e..aafffcd 100644 --- a/vendor/paragonie/sodium_compat/src/Core32/Curve25519.php +++ b/vendor/paragonie/sodium_compat/src/Core32/Curve25519.php @@ -325,25 +325,15 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 $carry9 = $f[9]->shiftRight(25); $f[9] = $f[9]->subInt64($carry9->shiftLeft(25)); - /** @var int $h0 */ $h0 = $f[0]->toInt32()->toInt(); - /** @var int $h1 */ $h1 = $f[1]->toInt32()->toInt(); - /** @var int $h2 */ $h2 = $f[2]->toInt32()->toInt(); - /** @var int $h3 */ $h3 = $f[3]->toInt32()->toInt(); - /** @var int $h4 */ $h4 = $f[4]->toInt32()->toInt(); - /** @var int $h5 */ $h5 = $f[5]->toInt32()->toInt(); - /** @var int $h6 */ $h6 = $f[6]->toInt32()->toInt(); - /** @var int $h7 */ $h7 = $f[7]->toInt32()->toInt(); - /** @var int $h8 */ $h8 = $f[8]->toInt32()->toInt(); - /** @var int $h9 */ $h9 = $f[9]->toInt32()->toInt(); /** @@ -418,7 +408,6 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 if ($zero === null) { $zero = str_repeat("\x00", 32); } - /** @var string $str */ $str = self::fe_tobytes($f); /** @var string $zero */ return !self::verify_32($str, $zero); @@ -497,15 +486,10 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 $g7_19 = $g7->mulInt(19, 5); $g8_19 = $g8->mulInt(19, 5); $g9_19 = $g9->mulInt(19, 5); - /** @var ParagonIE_Sodium_Core32_Int64 $f1_2 */ $f1_2 = $f1->shiftLeft(1); - /** @var ParagonIE_Sodium_Core32_Int64 $f3_2 */ $f3_2 = $f3->shiftLeft(1); - /** @var ParagonIE_Sodium_Core32_Int64 $f5_2 */ $f5_2 = $f5->shiftLeft(1); - /** @var ParagonIE_Sodium_Core32_Int64 $f7_2 */ $f7_2 = $f7->shiftLeft(1); - /** @var ParagonIE_Sodium_Core32_Int64 $f9_2 */ $f9_2 = $f9->shiftLeft(1); $f0g0 = $f0->mulInt64($g0, 27); $f0g1 = $f0->mulInt64($g1, 27); @@ -775,28 +759,17 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 */ public static function fe_sq(ParagonIE_Sodium_Core32_Curve25519_Fe $f) { - /** @var ParagonIE_Sodium_Core32_Int64 $f0 */ $f0 = $f[0]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f1 */ $f1 = $f[1]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f2 */ $f2 = $f[2]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f3 */ $f3 = $f[3]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f4 */ $f4 = $f[4]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f5 */ $f5 = $f[5]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f6 */ $f6 = $f[6]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f7 */ $f7 = $f[7]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f8 */ $f8 = $f[8]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f9 */ $f9 = $f[9]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f0_2 */ $f0_2 = $f0->shiftLeft(1); $f1_2 = $f1->shiftLeft(1); $f2_2 = $f2->shiftLeft(1); @@ -810,7 +783,7 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 $f7_38 = $f7->mulInt(38, 6); $f8_19 = $f8->mulInt(19, 5); $f9_38 = $f9->mulInt(38, 6); - /** @var ParagonIE_Sodium_Core32_Int64 $f0f0*/ + $f0f0 = $f0->mulInt64($f0, 28); $f0f1_2 = $f0_2->mulInt64($f1, 28); $f0f2_2 = $f0_2->mulInt64($f2, 28); @@ -979,25 +952,15 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 */ public static function fe_sq2(ParagonIE_Sodium_Core32_Curve25519_Fe $f) { - /** @var ParagonIE_Sodium_Core32_Int64 $f0 */ $f0 = $f[0]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f1 */ $f1 = $f[1]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f2 */ $f2 = $f[2]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f3 */ $f3 = $f[3]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f4 */ $f4 = $f[4]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f5 */ $f5 = $f[5]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f6 */ $f6 = $f[6]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f7 */ $f7 = $f[7]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f8 */ $f8 = $f[8]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f9 */ $f9 = $f[9]->toInt64(); $f0_2 = $f0->shiftLeft(1); @@ -1479,7 +1442,6 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 { static $d = null; if (!$d) { - /** @var ParagonIE_Sodium_Core32_Curve25519_Fe $d */ $d = ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray( array( ParagonIE_Sodium_Core32_Int32::fromInt(self::$d[0]), @@ -1495,6 +1457,7 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 ) ); } + /** @var ParagonIE_Sodium_Core32_Curve25519_Fe $d */ # fe_frombytes(h->Y,s); # fe_1(h->Z); @@ -1833,7 +1796,14 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 */ public static function equal($b, $c) { - return (int) ((($b ^ $c) - 1 & 0xffffffff) >> 31); + $b0 = $b & 0xffff; + $b1 = ($b >> 16) & 0xffff; + $c0 = $c & 0xffff; + $c1 = ($c >> 16) & 0xffff; + + $d0 = (($b0 ^ $c0) - 1) >> 31; + $d1 = (($b1 ^ $c1) - 1) >> 31; + return ($d0 & $d1) & 1; } /** @@ -1850,7 +1820,6 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 return $char < 0 ? 1 : 0; } /** @var string $char */ - /** @var int $x */ $x = self::chrToInt(self::substr($char, 0, 1)); return (int) ($x >> 31); } @@ -1956,7 +1925,6 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 } $bnegative = self::negative($b); - /** @var int $babs */ $babs = $b - (((-$bnegative) & $b) << 1); $t = self::ge_precomp_0(); @@ -1964,7 +1932,7 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 $t = self::cmov( $t, $base[$pos][$i], - self::equal($babs, $i + 1) + -self::equal($babs, $i + 1) ); } $minusT = new ParagonIE_Sodium_Core32_Curve25519_Ge_Precomp( @@ -2230,9 +2198,7 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 $carry = 0; for ($i = 0; $i < 63; ++$i) { $e[$i] += $carry; - /** @var int $carry */ $carry = $e[$i] + 8; - /** @var int $carry */ $carry >>= 4; $e[$i] -= $carry << 4; } @@ -3140,7 +3106,6 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 */ public static function ge_mul_l(ParagonIE_Sodium_Core32_Curve25519_Ge_P3 $A) { - /** @var array<int, int> $aslide */ $aslide = array( 13, 0, 0, 0, 0, -1, 0, 0, 0, 0, -11, 0, 0, 0, 0, 0, 0, -5, 0, 0, 0, 0, 0, 0, -3, 0, 0, 0, 0, -13, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 3, 0, diff --git a/vendor/paragonie/sodium_compat/src/Core32/Curve25519/Fe.php b/vendor/paragonie/sodium_compat/src/Core32/Curve25519/Fe.php index 5fe10f7..21b3188 100644 --- a/vendor/paragonie/sodium_compat/src/Core32/Curve25519/Fe.php +++ b/vendor/paragonie/sodium_compat/src/Core32/Curve25519/Fe.php @@ -48,6 +48,9 @@ class ParagonIE_Sodium_Core32_Curve25519_Fe implements ArrayAccess } } else { for ($i = 0; $i < $count; ++$i) { + if (!($array[$i] instanceof ParagonIE_Sodium_Core32_Int32)) { + throw new TypeError('Expected ParagonIE_Sodium_Core32_Int32'); + } $array[$i]->overflow = 0; $obj->offsetSet($i, $array[$i]); } @@ -104,6 +107,7 @@ class ParagonIE_Sodium_Core32_Curve25519_Fe implements ArrayAccess * @throws SodiumException * @throws TypeError */ + #[ReturnTypeWillChange] public function offsetSet($offset, $value) { if (!($value instanceof ParagonIE_Sodium_Core32_Int32)) { @@ -124,6 +128,7 @@ class ParagonIE_Sodium_Core32_Curve25519_Fe implements ArrayAccess * @return bool * @psalm-suppress MixedArrayOffset */ + #[ReturnTypeWillChange] public function offsetExists($offset) { return isset($this->container[$offset]); @@ -136,6 +141,7 @@ class ParagonIE_Sodium_Core32_Curve25519_Fe implements ArrayAccess * @return void * @psalm-suppress MixedArrayOffset */ + #[ReturnTypeWillChange] public function offsetUnset($offset) { unset($this->container[$offset]); @@ -148,6 +154,7 @@ class ParagonIE_Sodium_Core32_Curve25519_Fe implements ArrayAccess * @return ParagonIE_Sodium_Core32_Int32 * @psalm-suppress MixedArrayOffset */ + #[ReturnTypeWillChange] public function offsetGet($offset) { if (!isset($this->container[$offset])) { diff --git a/vendor/paragonie/sodium_compat/src/Core32/Ed25519.php b/vendor/paragonie/sodium_compat/src/Core32/Ed25519.php index 284ff14..1b86b67 100644 --- a/vendor/paragonie/sodium_compat/src/Core32/Ed25519.php +++ b/vendor/paragonie/sodium_compat/src/Core32/Ed25519.php @@ -1,482 +1,485 @@ -<?php
-
-if (class_exists('ParagonIE_Sodium_Core32_Ed25519', false)) {
- return;
-}
-
-/**
- * Class ParagonIE_Sodium_Core32_Ed25519
- */
-abstract class ParagonIE_Sodium_Core32_Ed25519 extends ParagonIE_Sodium_Core32_Curve25519
-{
- const KEYPAIR_BYTES = 96;
- const SEED_BYTES = 32;
-
- /**
- * @internal You should not use this directly from another application
- *
- * @return string (96 bytes)
- * @throws Exception
- * @throws SodiumException
- * @throws TypeError
- */
- public static function keypair()
- {
- $seed = random_bytes(self::SEED_BYTES);
- $pk = '';
- $sk = '';
- self::seed_keypair($pk, $sk, $seed);
- return $sk . $pk;
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param string $pk
- * @param string $sk
- * @param string $seed
- * @return string
- * @throws SodiumException
- * @throws TypeError
- */
- public static function seed_keypair(&$pk, &$sk, $seed)
- {
- if (self::strlen($seed) !== self::SEED_BYTES) {
- throw new RangeException('crypto_sign keypair seed must be 32 bytes long');
- }
-
- /** @var string $pk */
- $pk = self::publickey_from_secretkey($seed);
- $sk = $seed . $pk;
- return $sk;
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param string $keypair
- * @return string
- * @throws TypeError
- */
- public static function secretkey($keypair)
- {
- if (self::strlen($keypair) !== self::KEYPAIR_BYTES) {
- throw new RangeException('crypto_sign keypair must be 96 bytes long');
- }
- return self::substr($keypair, 0, 64);
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param string $keypair
- * @return string
- * @throws RangeException
- * @throws TypeError
- */
- public static function publickey($keypair)
- {
- if (self::strlen($keypair) !== self::KEYPAIR_BYTES) {
- throw new RangeException('crypto_sign keypair must be 96 bytes long');
- }
- return self::substr($keypair, 64, 32);
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param string $sk
- * @return string
- * @throws SodiumException
- * @throws TypeError
- */
- public static function publickey_from_secretkey($sk)
- {
- /** @var string $sk */
- $sk = hash('sha512', self::substr($sk, 0, 32), true);
- $sk[0] = self::intToChr(
- self::chrToInt($sk[0]) & 248
- );
- $sk[31] = self::intToChr(
- (self::chrToInt($sk[31]) & 63) | 64
- );
- return self::sk_to_pk($sk);
- }
-
- /**
- * @param string $pk
- * @return string
- * @throws SodiumException
- * @throws TypeError
- */
- public static function pk_to_curve25519($pk)
- {
- if (self::small_order($pk)) {
- throw new SodiumException('Public key is on a small order');
- }
- $A = self::ge_frombytes_negate_vartime($pk);
- $p1 = self::ge_mul_l($A);
- if (!self::fe_isnonzero($p1->X)) {
- throw new SodiumException('Unexpected zero result');
- }
-
- # fe_1(one_minus_y);
- # fe_sub(one_minus_y, one_minus_y, A.Y);
- # fe_invert(one_minus_y, one_minus_y);
- $one_minux_y = self::fe_invert(
- self::fe_sub(
- self::fe_1(),
- $A->Y
- )
- );
-
-
- # fe_1(x);
- # fe_add(x, x, A.Y);
- # fe_mul(x, x, one_minus_y);
- $x = self::fe_mul(
- self::fe_add(self::fe_1(), $A->Y),
- $one_minux_y
- );
-
- # fe_tobytes(curve25519_pk, x);
- return self::fe_tobytes($x);
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param string $sk
- * @return string
- * @throws SodiumException
- * @throws TypeError
- */
- public static function sk_to_pk($sk)
- {
- return self::ge_p3_tobytes(
- self::ge_scalarmult_base(
- self::substr($sk, 0, 32)
- )
- );
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param string $message
- * @param string $sk
- * @return string
- * @throws SodiumException
- * @throws TypeError
- */
- public static function sign($message, $sk)
- {
- /** @var string $signature */
- $signature = self::sign_detached($message, $sk);
- return $signature . $message;
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param string $message A signed message
- * @param string $pk Public key
- * @return string Message (without signature)
- * @throws SodiumException
- * @throws TypeError
- */
- public static function sign_open($message, $pk)
- {
- /** @var string $signature */
- $signature = self::substr($message, 0, 64);
-
- /** @var string $message */
- $message = self::substr($message, 64);
-
- if (self::verify_detached($signature, $message, $pk)) {
- return $message;
- }
- throw new SodiumException('Invalid signature');
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param string $message
- * @param string $sk
- * @return string
- * @throws SodiumException
- * @throws TypeError
- * @psalm-suppress PossiblyInvalidArgument
- */
- public static function sign_detached($message, $sk)
- {
- # crypto_hash_sha512(az, sk, 32);
- $az = hash('sha512', self::substr($sk, 0, 32), true);
-
- # az[0] &= 248;
- # az[31] &= 63;
- # az[31] |= 64;
- $az[0] = self::intToChr(self::chrToInt($az[0]) & 248);
- $az[31] = self::intToChr((self::chrToInt($az[31]) & 63) | 64);
-
- # crypto_hash_sha512_init(&hs);
- # crypto_hash_sha512_update(&hs, az + 32, 32);
- # crypto_hash_sha512_update(&hs, m, mlen);
- # crypto_hash_sha512_final(&hs, nonce);
- $hs = hash_init('sha512');
- self::hash_update($hs, self::substr($az, 32, 32));
- self::hash_update($hs, $message);
- $nonceHash = hash_final($hs, true);
-
- # memmove(sig + 32, sk + 32, 32);
- $pk = self::substr($sk, 32, 32);
-
- # sc_reduce(nonce);
- # ge_scalarmult_base(&R, nonce);
- # ge_p3_tobytes(sig, &R);
- $nonce = self::sc_reduce($nonceHash) . self::substr($nonceHash, 32);
- $sig = self::ge_p3_tobytes(
- self::ge_scalarmult_base($nonce)
- );
-
- # crypto_hash_sha512_init(&hs);
- # crypto_hash_sha512_update(&hs, sig, 64);
- # crypto_hash_sha512_update(&hs, m, mlen);
- # crypto_hash_sha512_final(&hs, hram);
- $hs = hash_init('sha512');
- self::hash_update($hs, self::substr($sig, 0, 32));
- self::hash_update($hs, self::substr($pk, 0, 32));
- self::hash_update($hs, $message);
- $hramHash = hash_final($hs, true);
-
- # sc_reduce(hram);
- # sc_muladd(sig + 32, hram, az, nonce);
- $hram = self::sc_reduce($hramHash);
- $sigAfter = self::sc_muladd($hram, $az, $nonce);
- $sig = self::substr($sig, 0, 32) . self::substr($sigAfter, 0, 32);
-
- try {
- ParagonIE_Sodium_Compat::memzero($az);
- } catch (SodiumException $ex) {
- $az = null;
- }
- return $sig;
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param string $sig
- * @param string $message
- * @param string $pk
- * @return bool
- * @throws SodiumException
- * @throws TypeError
- */
- public static function verify_detached($sig, $message, $pk)
- {
- if (self::strlen($sig) < 64) {
- throw new SodiumException('Signature is too short');
- }
- if ((self::chrToInt($sig[63]) & 240) && self::check_S_lt_L(self::substr($sig, 32, 32))) {
- throw new SodiumException('S < L - Invalid signature');
- }
- if (self::small_order($sig)) {
- throw new SodiumException('Signature is on too small of an order');
- }
- if ((self::chrToInt($sig[63]) & 224) !== 0) {
- throw new SodiumException('Invalid signature');
- }
- $d = 0;
- for ($i = 0; $i < 32; ++$i) {
- $d |= self::chrToInt($pk[$i]);
- }
- if ($d === 0) {
- throw new SodiumException('All zero public key');
- }
-
- /** @var bool The original value of ParagonIE_Sodium_Compat::$fastMult */
- $orig = ParagonIE_Sodium_Compat::$fastMult;
-
- // Set ParagonIE_Sodium_Compat::$fastMult to true to speed up verification.
- ParagonIE_Sodium_Compat::$fastMult = true;
-
- /** @var ParagonIE_Sodium_Core32_Curve25519_Ge_P3 $A */
- $A = self::ge_frombytes_negate_vartime($pk);
-
- /** @var string $hDigest */
- $hDigest = hash(
- 'sha512',
- self::substr($sig, 0, 32) .
- self::substr($pk, 0, 32) .
- $message,
- true
- );
-
- /** @var string $h */
- $h = self::sc_reduce($hDigest) . self::substr($hDigest, 32);
-
- /** @var ParagonIE_Sodium_Core32_Curve25519_Ge_P2 $R */
- $R = self::ge_double_scalarmult_vartime(
- $h,
- $A,
- self::substr($sig, 32)
- );
-
- /** @var string $rcheck */
- $rcheck = self::ge_tobytes($R);
-
- // Reset ParagonIE_Sodium_Compat::$fastMult to what it was before.
- ParagonIE_Sodium_Compat::$fastMult = $orig;
-
- return self::verify_32($rcheck, self::substr($sig, 0, 32));
- }
-
- /**
- * @internal You should not use this directly from another application
- *
- * @param string $S
- * @return bool
- * @throws SodiumException
- * @throws TypeError
- */
- public static function check_S_lt_L($S)
- {
- if (self::strlen($S) < 32) {
- throw new SodiumException('Signature must be 32 bytes');
- }
- static $L = array(
- 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
- 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
- );
- /** @var array<int, int> $L */
- $c = 0;
- $n = 1;
- $i = 32;
-
- do {
- --$i;
- $x = self::chrToInt($S[$i]);
- $c |= (
- (($x - $L[$i]) >> 8) & $n
- );
- $n &= (
- (($x ^ $L[$i]) - 1) >> 8
- );
- } while ($i !== 0);
-
- return $c === 0;
- }
-
- /**
- * @param string $R
- * @return bool
- * @throws SodiumException
- * @throws TypeError
- */
- public static function small_order($R)
- {
- static $blocklist = array(
- /* 0 (order 4) */
- array(
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- ),
- /* 1 (order 1) */
- array(
- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- ),
- /* 2707385501144840649318225287225658788936804267575313519463743609750303402022 (order 8) */
- array(
- 0x26, 0xe8, 0x95, 0x8f, 0xc2, 0xb2, 0x27, 0xb0,
- 0x45, 0xc3, 0xf4, 0x89, 0xf2, 0xef, 0x98, 0xf0,
- 0xd5, 0xdf, 0xac, 0x05, 0xd3, 0xc6, 0x33, 0x39,
- 0xb1, 0x38, 0x02, 0x88, 0x6d, 0x53, 0xfc, 0x05
- ),
- /* 55188659117513257062467267217118295137698188065244968500265048394206261417927 (order 8) */
- array(
- 0xc7, 0x17, 0x6a, 0x70, 0x3d, 0x4d, 0xd8, 0x4f,
- 0xba, 0x3c, 0x0b, 0x76, 0x0d, 0x10, 0x67, 0x0f,
- 0x2a, 0x20, 0x53, 0xfa, 0x2c, 0x39, 0xcc, 0xc6,
- 0x4e, 0xc7, 0xfd, 0x77, 0x92, 0xac, 0x03, 0x7a
- ),
- /* p-1 (order 2) */
- array(
- 0x13, 0xe8, 0x95, 0x8f, 0xc2, 0xb2, 0x27, 0xb0,
- 0x45, 0xc3, 0xf4, 0x89, 0xf2, 0xef, 0x98, 0xf0,
- 0xd5, 0xdf, 0xac, 0x05, 0xd3, 0xc6, 0x33, 0x39,
- 0xb1, 0x38, 0x02, 0x88, 0x6d, 0x53, 0xfc, 0x85
- ),
- /* p (order 4) */
- array(
- 0xb4, 0x17, 0x6a, 0x70, 0x3d, 0x4d, 0xd8, 0x4f,
- 0xba, 0x3c, 0x0b, 0x76, 0x0d, 0x10, 0x67, 0x0f,
- 0x2a, 0x20, 0x53, 0xfa, 0x2c, 0x39, 0xcc, 0xc6,
- 0x4e, 0xc7, 0xfd, 0x77, 0x92, 0xac, 0x03, 0xfa
- ),
- /* p+1 (order 1) */
- array(
- 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
- ),
- /* p+2707385501144840649318225287225658788936804267575313519463743609750303402022 (order 8) */
- array(
- 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
- ),
- /* p+55188659117513257062467267217118295137698188065244968500265048394206261417927 (order 8) */
- array(
- 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
- ),
- /* 2p-1 (order 2) */
- array(
- 0xd9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
- ),
- /* 2p (order 4) */
- array(
- 0xda, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
- ),
- /* 2p+1 (order 1) */
- array(
- 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
- )
- );
- /** @var array<int, array<int, int>> $blocklist */
- $countBlocklist = count($blocklist);
-
- for ($i = 0; $i < $countBlocklist; ++$i) {
- $c = 0;
- for ($j = 0; $j < 32; ++$j) {
- $c |= self::chrToInt($R[$j]) ^ $blocklist[$i][$j];
- }
- if ($c === 0) {
- return true;
- }
- }
- return false;
- }
-}
+<?php + +if (class_exists('ParagonIE_Sodium_Core32_Ed25519', false)) { + return; +} +if (!class_exists('ParagonIE_Sodium_Core32_Curve25519')) { + require_once dirname(__FILE__) . '/Curve25519.php'; +} + +/** + * Class ParagonIE_Sodium_Core32_Ed25519 + */ +abstract class ParagonIE_Sodium_Core32_Ed25519 extends ParagonIE_Sodium_Core32_Curve25519 +{ + const KEYPAIR_BYTES = 96; + const SEED_BYTES = 32; + + /** + * @internal You should not use this directly from another application + * + * @return string (96 bytes) + * @throws Exception + * @throws SodiumException + * @throws TypeError + */ + public static function keypair() + { + $seed = random_bytes(self::SEED_BYTES); + $pk = ''; + $sk = ''; + self::seed_keypair($pk, $sk, $seed); + return $sk . $pk; + } + + /** + * @internal You should not use this directly from another application + * + * @param string $pk + * @param string $sk + * @param string $seed + * @return string + * @throws SodiumException + * @throws TypeError + */ + public static function seed_keypair(&$pk, &$sk, $seed) + { + if (self::strlen($seed) !== self::SEED_BYTES) { + throw new RangeException('crypto_sign keypair seed must be 32 bytes long'); + } + + /** @var string $pk */ + $pk = self::publickey_from_secretkey($seed); + $sk = $seed . $pk; + return $sk; + } + + /** + * @internal You should not use this directly from another application + * + * @param string $keypair + * @return string + * @throws TypeError + */ + public static function secretkey($keypair) + { + if (self::strlen($keypair) !== self::KEYPAIR_BYTES) { + throw new RangeException('crypto_sign keypair must be 96 bytes long'); + } + return self::substr($keypair, 0, 64); + } + + /** + * @internal You should not use this directly from another application + * + * @param string $keypair + * @return string + * @throws RangeException + * @throws TypeError + */ + public static function publickey($keypair) + { + if (self::strlen($keypair) !== self::KEYPAIR_BYTES) { + throw new RangeException('crypto_sign keypair must be 96 bytes long'); + } + return self::substr($keypair, 64, 32); + } + + /** + * @internal You should not use this directly from another application + * + * @param string $sk + * @return string + * @throws SodiumException + * @throws TypeError + */ + public static function publickey_from_secretkey($sk) + { + /** @var string $sk */ + $sk = hash('sha512', self::substr($sk, 0, 32), true); + $sk[0] = self::intToChr( + self::chrToInt($sk[0]) & 248 + ); + $sk[31] = self::intToChr( + (self::chrToInt($sk[31]) & 63) | 64 + ); + return self::sk_to_pk($sk); + } + + /** + * @param string $pk + * @return string + * @throws SodiumException + * @throws TypeError + */ + public static function pk_to_curve25519($pk) + { + if (self::small_order($pk)) { + throw new SodiumException('Public key is on a small order'); + } + $A = self::ge_frombytes_negate_vartime($pk); + $p1 = self::ge_mul_l($A); + if (!self::fe_isnonzero($p1->X)) { + throw new SodiumException('Unexpected zero result'); + } + + # fe_1(one_minus_y); + # fe_sub(one_minus_y, one_minus_y, A.Y); + # fe_invert(one_minus_y, one_minus_y); + $one_minux_y = self::fe_invert( + self::fe_sub( + self::fe_1(), + $A->Y + ) + ); + + + # fe_1(x); + # fe_add(x, x, A.Y); + # fe_mul(x, x, one_minus_y); + $x = self::fe_mul( + self::fe_add(self::fe_1(), $A->Y), + $one_minux_y + ); + + # fe_tobytes(curve25519_pk, x); + return self::fe_tobytes($x); + } + + /** + * @internal You should not use this directly from another application + * + * @param string $sk + * @return string + * @throws SodiumException + * @throws TypeError + */ + public static function sk_to_pk($sk) + { + return self::ge_p3_tobytes( + self::ge_scalarmult_base( + self::substr($sk, 0, 32) + ) + ); + } + + /** + * @internal You should not use this directly from another application + * + * @param string $message + * @param string $sk + * @return string + * @throws SodiumException + * @throws TypeError + */ + public static function sign($message, $sk) + { + /** @var string $signature */ + $signature = self::sign_detached($message, $sk); + return $signature . $message; + } + + /** + * @internal You should not use this directly from another application + * + * @param string $message A signed message + * @param string $pk Public key + * @return string Message (without signature) + * @throws SodiumException + * @throws TypeError + */ + public static function sign_open($message, $pk) + { + /** @var string $signature */ + $signature = self::substr($message, 0, 64); + + /** @var string $message */ + $message = self::substr($message, 64); + + if (self::verify_detached($signature, $message, $pk)) { + return $message; + } + throw new SodiumException('Invalid signature'); + } + + /** + * @internal You should not use this directly from another application + * + * @param string $message + * @param string $sk + * @return string + * @throws SodiumException + * @throws TypeError + * @psalm-suppress PossiblyInvalidArgument + */ + public static function sign_detached($message, $sk) + { + # crypto_hash_sha512(az, sk, 32); + $az = hash('sha512', self::substr($sk, 0, 32), true); + + # az[0] &= 248; + # az[31] &= 63; + # az[31] |= 64; + $az[0] = self::intToChr(self::chrToInt($az[0]) & 248); + $az[31] = self::intToChr((self::chrToInt($az[31]) & 63) | 64); + + # crypto_hash_sha512_init(&hs); + # crypto_hash_sha512_update(&hs, az + 32, 32); + # crypto_hash_sha512_update(&hs, m, mlen); + # crypto_hash_sha512_final(&hs, nonce); + $hs = hash_init('sha512'); + self::hash_update($hs, self::substr($az, 32, 32)); + self::hash_update($hs, $message); + $nonceHash = hash_final($hs, true); + + # memmove(sig + 32, sk + 32, 32); + $pk = self::substr($sk, 32, 32); + + # sc_reduce(nonce); + # ge_scalarmult_base(&R, nonce); + # ge_p3_tobytes(sig, &R); + $nonce = self::sc_reduce($nonceHash) . self::substr($nonceHash, 32); + $sig = self::ge_p3_tobytes( + self::ge_scalarmult_base($nonce) + ); + + # crypto_hash_sha512_init(&hs); + # crypto_hash_sha512_update(&hs, sig, 64); + # crypto_hash_sha512_update(&hs, m, mlen); + # crypto_hash_sha512_final(&hs, hram); + $hs = hash_init('sha512'); + self::hash_update($hs, self::substr($sig, 0, 32)); + self::hash_update($hs, self::substr($pk, 0, 32)); + self::hash_update($hs, $message); + $hramHash = hash_final($hs, true); + + # sc_reduce(hram); + # sc_muladd(sig + 32, hram, az, nonce); + $hram = self::sc_reduce($hramHash); + $sigAfter = self::sc_muladd($hram, $az, $nonce); + $sig = self::substr($sig, 0, 32) . self::substr($sigAfter, 0, 32); + + try { + ParagonIE_Sodium_Compat::memzero($az); + } catch (SodiumException $ex) { + $az = null; + } + return $sig; + } + + /** + * @internal You should not use this directly from another application + * + * @param string $sig + * @param string $message + * @param string $pk + * @return bool + * @throws SodiumException + * @throws TypeError + */ + public static function verify_detached($sig, $message, $pk) + { + if (self::strlen($sig) < 64) { + throw new SodiumException('Signature is too short'); + } + if ((self::chrToInt($sig[63]) & 240) && self::check_S_lt_L(self::substr($sig, 32, 32))) { + throw new SodiumException('S < L - Invalid signature'); + } + if (self::small_order($sig)) { + throw new SodiumException('Signature is on too small of an order'); + } + if ((self::chrToInt($sig[63]) & 224) !== 0) { + throw new SodiumException('Invalid signature'); + } + $d = 0; + for ($i = 0; $i < 32; ++$i) { + $d |= self::chrToInt($pk[$i]); + } + if ($d === 0) { + throw new SodiumException('All zero public key'); + } + + /** @var bool The original value of ParagonIE_Sodium_Compat::$fastMult */ + $orig = ParagonIE_Sodium_Compat::$fastMult; + + // Set ParagonIE_Sodium_Compat::$fastMult to true to speed up verification. + ParagonIE_Sodium_Compat::$fastMult = true; + + /** @var ParagonIE_Sodium_Core32_Curve25519_Ge_P3 $A */ + $A = self::ge_frombytes_negate_vartime($pk); + + /** @var string $hDigest */ + $hDigest = hash( + 'sha512', + self::substr($sig, 0, 32) . + self::substr($pk, 0, 32) . + $message, + true + ); + + /** @var string $h */ + $h = self::sc_reduce($hDigest) . self::substr($hDigest, 32); + + /** @var ParagonIE_Sodium_Core32_Curve25519_Ge_P2 $R */ + $R = self::ge_double_scalarmult_vartime( + $h, + $A, + self::substr($sig, 32) + ); + + /** @var string $rcheck */ + $rcheck = self::ge_tobytes($R); + + // Reset ParagonIE_Sodium_Compat::$fastMult to what it was before. + ParagonIE_Sodium_Compat::$fastMult = $orig; + + return self::verify_32($rcheck, self::substr($sig, 0, 32)); + } + + /** + * @internal You should not use this directly from another application + * + * @param string $S + * @return bool + * @throws SodiumException + * @throws TypeError + */ + public static function check_S_lt_L($S) + { + if (self::strlen($S) < 32) { + throw new SodiumException('Signature must be 32 bytes'); + } + static $L = array( + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, + 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 + ); + /** @var array<int, int> $L */ + $c = 0; + $n = 1; + $i = 32; + + do { + --$i; + $x = self::chrToInt($S[$i]); + $c |= ( + (($x - $L[$i]) >> 8) & $n + ); + $n &= ( + (($x ^ $L[$i]) - 1) >> 8 + ); + } while ($i !== 0); + + return $c === 0; + } + + /** + * @param string $R + * @return bool + * @throws SodiumException + * @throws TypeError + */ + public static function small_order($R) + { + static $blocklist = array( + /* 0 (order 4) */ + array( + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + ), + /* 1 (order 1) */ + array( + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + ), + /* 2707385501144840649318225287225658788936804267575313519463743609750303402022 (order 8) */ + array( + 0x26, 0xe8, 0x95, 0x8f, 0xc2, 0xb2, 0x27, 0xb0, + 0x45, 0xc3, 0xf4, 0x89, 0xf2, 0xef, 0x98, 0xf0, + 0xd5, 0xdf, 0xac, 0x05, 0xd3, 0xc6, 0x33, 0x39, + 0xb1, 0x38, 0x02, 0x88, 0x6d, 0x53, 0xfc, 0x05 + ), + /* 55188659117513257062467267217118295137698188065244968500265048394206261417927 (order 8) */ + array( + 0xc7, 0x17, 0x6a, 0x70, 0x3d, 0x4d, 0xd8, 0x4f, + 0xba, 0x3c, 0x0b, 0x76, 0x0d, 0x10, 0x67, 0x0f, + 0x2a, 0x20, 0x53, 0xfa, 0x2c, 0x39, 0xcc, 0xc6, + 0x4e, 0xc7, 0xfd, 0x77, 0x92, 0xac, 0x03, 0x7a + ), + /* p-1 (order 2) */ + array( + 0x13, 0xe8, 0x95, 0x8f, 0xc2, 0xb2, 0x27, 0xb0, + 0x45, 0xc3, 0xf4, 0x89, 0xf2, 0xef, 0x98, 0xf0, + 0xd5, 0xdf, 0xac, 0x05, 0xd3, 0xc6, 0x33, 0x39, + 0xb1, 0x38, 0x02, 0x88, 0x6d, 0x53, 0xfc, 0x85 + ), + /* p (order 4) */ + array( + 0xb4, 0x17, 0x6a, 0x70, 0x3d, 0x4d, 0xd8, 0x4f, + 0xba, 0x3c, 0x0b, 0x76, 0x0d, 0x10, 0x67, 0x0f, + 0x2a, 0x20, 0x53, 0xfa, 0x2c, 0x39, 0xcc, 0xc6, + 0x4e, 0xc7, 0xfd, 0x77, 0x92, 0xac, 0x03, 0xfa + ), + /* p+1 (order 1) */ + array( + 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f + ), + /* p+2707385501144840649318225287225658788936804267575313519463743609750303402022 (order 8) */ + array( + 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f + ), + /* p+55188659117513257062467267217118295137698188065244968500265048394206261417927 (order 8) */ + array( + 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f + ), + /* 2p-1 (order 2) */ + array( + 0xd9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff + ), + /* 2p (order 4) */ + array( + 0xda, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff + ), + /* 2p+1 (order 1) */ + array( + 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff + ) + ); + /** @var array<int, array<int, int>> $blocklist */ + $countBlocklist = count($blocklist); + + for ($i = 0; $i < $countBlocklist; ++$i) { + $c = 0; + for ($j = 0; $j < 32; ++$j) { + $c |= self::chrToInt($R[$j]) ^ $blocklist[$i][$j]; + } + if ($c === 0) { + return true; + } + } + return false; + } +} diff --git a/vendor/paragonie/sodium_compat/src/Core32/Int32.php b/vendor/paragonie/sodium_compat/src/Core32/Int32.php index c3a1790..8182155 100644 --- a/vendor/paragonie/sodium_compat/src/Core32/Int32.php +++ b/vendor/paragonie/sodium_compat/src/Core32/Int32.php @@ -138,9 +138,10 @@ class ParagonIE_Sodium_Core32_Int32 public function mask($m = 0) { /** @var int $hi */ - $hi = ($m >> 16) & 0xffff; + $hi = ((int) $m >> 16); + $hi &= 0xffff; /** @var int $lo */ - $lo = ($m & 0xffff); + $lo = ((int) $m) & 0xffff; return new ParagonIE_Sodium_Core32_Int32( array( (int) ($this->limbs[0] & $hi), @@ -168,8 +169,8 @@ class ParagonIE_Sodium_Core32_Int32 for ($j = 0; $j < $a_l; ++$j) { $b_j = $b[$j]; $product = ($a_i * $b_j) + $r[$i + $j]; - $carry = ($product >> $baseLog2 & 0xffff); - $r[$i + $j] = ($product - (int) ($carry * $base)) & 0xffff; + $carry = ((int) $product >> $baseLog2 & 0xffff); + $r[$i + $j] = ((int) $product - (int) ($carry * $base)) & 0xffff; $r[$i + $j + 1] += $carry; } } diff --git a/vendor/paragonie/sodium_compat/src/Core32/Int64.php b/vendor/paragonie/sodium_compat/src/Core32/Int64.php index dd06a3f..e94d798 100644 --- a/vendor/paragonie/sodium_compat/src/Core32/Int64.php +++ b/vendor/paragonie/sodium_compat/src/Core32/Int64.php @@ -337,9 +337,9 @@ class ParagonIE_Sodium_Core32_Int64 $a_i = $a[$i]; for ($j = 0; $j < $a_l; ++$j) { $b_j = $b[$j]; - $product = ($a_i * $b_j) + $r[$i + $j]; - $carry = ($product >> $baseLog2 & 0xffff); - $r[$i + $j] = ($product - (int) ($carry * $base)) & 0xffff; + $product = (($a_i * $b_j) + $r[$i + $j]); + $carry = (((int) $product >> $baseLog2) & 0xffff); + $r[$i + $j] = ((int) $product - (int) ($carry * $base)) & 0xffff; $r[$i + $j + 1] += $carry; } } diff --git a/vendor/paragonie/sodium_compat/src/Core32/Poly1305/State.php b/vendor/paragonie/sodium_compat/src/Core32/Poly1305/State.php index d80e1ff..90d0362 100644 --- a/vendor/paragonie/sodium_compat/src/Core32/Poly1305/State.php +++ b/vendor/paragonie/sodium_compat/src/Core32/Poly1305/State.php @@ -255,39 +255,39 @@ class ParagonIE_Sodium_Core32_Poly1305_State extends ParagonIE_Sodium_Core32_Uti /* h *= r */ $d0 = $zero - ->addInt64($h0->mulInt64($r0, 25)) - ->addInt64($s4->mulInt64($h1, 26)) - ->addInt64($s3->mulInt64($h2, 26)) - ->addInt64($s2->mulInt64($h3, 26)) - ->addInt64($s1->mulInt64($h4, 26)); + ->addInt64($h0->mulInt64($r0, 27)) + ->addInt64($s4->mulInt64($h1, 27)) + ->addInt64($s3->mulInt64($h2, 27)) + ->addInt64($s2->mulInt64($h3, 27)) + ->addInt64($s1->mulInt64($h4, 27)); $d1 = $zero - ->addInt64($h0->mulInt64($r1, 25)) - ->addInt64($h1->mulInt64($r0, 25)) - ->addInt64($s4->mulInt64($h2, 26)) - ->addInt64($s3->mulInt64($h3, 26)) - ->addInt64($s2->mulInt64($h4, 26)); + ->addInt64($h0->mulInt64($r1, 27)) + ->addInt64($h1->mulInt64($r0, 27)) + ->addInt64($s4->mulInt64($h2, 27)) + ->addInt64($s3->mulInt64($h3, 27)) + ->addInt64($s2->mulInt64($h4, 27)); $d2 = $zero - ->addInt64($h0->mulInt64($r2, 25)) - ->addInt64($h1->mulInt64($r1, 25)) - ->addInt64($h2->mulInt64($r0, 25)) - ->addInt64($s4->mulInt64($h3, 26)) - ->addInt64($s3->mulInt64($h4, 26)); + ->addInt64($h0->mulInt64($r2, 27)) + ->addInt64($h1->mulInt64($r1, 27)) + ->addInt64($h2->mulInt64($r0, 27)) + ->addInt64($s4->mulInt64($h3, 27)) + ->addInt64($s3->mulInt64($h4, 27)); $d3 = $zero - ->addInt64($h0->mulInt64($r3, 25)) - ->addInt64($h1->mulInt64($r2, 25)) - ->addInt64($h2->mulInt64($r1, 25)) - ->addInt64($h3->mulInt64($r0, 25)) - ->addInt64($s4->mulInt64($h4, 26)); + ->addInt64($h0->mulInt64($r3, 27)) + ->addInt64($h1->mulInt64($r2, 27)) + ->addInt64($h2->mulInt64($r1, 27)) + ->addInt64($h3->mulInt64($r0, 27)) + ->addInt64($s4->mulInt64($h4, 27)); $d4 = $zero - ->addInt64($h0->mulInt64($r4, 25)) - ->addInt64($h1->mulInt64($r3, 25)) - ->addInt64($h2->mulInt64($r2, 25)) - ->addInt64($h3->mulInt64($r1, 25)) - ->addInt64($h4->mulInt64($r0, 25)); + ->addInt64($h0->mulInt64($r4, 27)) + ->addInt64($h1->mulInt64($r3, 27)) + ->addInt64($h2->mulInt64($r2, 27)) + ->addInt64($h3->mulInt64($r1, 27)) + ->addInt64($h4->mulInt64($r0, 27)); /* (partial) h %= p */ $c = $d0->shiftRight(26); @@ -419,7 +419,7 @@ class ParagonIE_Sodium_Core32_Poly1305_State extends ParagonIE_Sodium_Core32_Uti $g4 = $g4->mask($mask); /** @var int $mask */ - $mask = (~$mask) & 0xffffffff; + $mask = ~$mask; $h0 = $h0->mask($mask)->orInt32($g0); $h1 = $h1->mask($mask)->orInt32($g1); diff --git a/vendor/paragonie/sodium_compat/src/Core32/XChaCha20.php b/vendor/paragonie/sodium_compat/src/Core32/XChaCha20.php index 1dfc859..404e8d2 100644 --- a/vendor/paragonie/sodium_compat/src/Core32/XChaCha20.php +++ b/vendor/paragonie/sodium_compat/src/Core32/XChaCha20.php @@ -61,4 +61,27 @@ class ParagonIE_Sodium_Core32_XChaCha20 extends ParagonIE_Sodium_Core32_HChaCha2 $message ); } + + /** + * @internal You should not use this directly from another application + * + * @param string $message + * @param string $nonce + * @param string $key + * @param string $ic + * @return string + * @throws SodiumException + * @throws TypeError + */ + public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '') + { + return self::encryptBytes( + new ParagonIE_Sodium_Core32_ChaCha20_IetfCtx( + self::hChaCha20(self::substr($nonce, 0, 16), $key), + "\x00\x00\x00\x00" . self::substr($nonce, 16, 8), + $ic + ), + $message + ); + } } |