Changeset 51002
- Timestamp:
- 05/25/2021 01:54:12 PM (3 years ago)
- Location:
- trunk/src/wp-includes/sodium_compat
- Files:
-
- 3 added
- 16 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/sodium_compat/LICENSE
r48845 r51002 1 /* 2 * ISC License 3 * 4 * Copyright (c) 2016-2019 5 * Paragon Initiative Enterprises <security at paragonie dot com> 6 * 7 * Copyright (c) 2013-2019 8 * Frank Denis <j at pureftpd dot org> 9 * 10 * Permission to use, copy, modify, and/or distribute this software for any 11 * purpose with or without fee is hereby granted, provided that the above 12 * copyright notice and this permission notice appear in all copies. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 15 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 17 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 18 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 */ 1 ISC License 2 3 Copyright (c) 2016-2021, Paragon Initiative Enterprises <security at paragonie dot com> 4 Copyright (c) 2013-2019, Frank Denis <j at pureftpd dot org> 5 6 Permission to use, copy, modify, and/or distribute this software for any 7 purpose with or without fee is hereby granted, provided that the above 8 copyright notice and this permission notice appear in all copies. 9 10 THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -
trunk/src/wp-includes/sodium_compat/autoload.php
r49056 r51002 42 42 } 43 43 44 /* Explicitly, always load the Compat class: */ 45 require_once dirname(__FILE__) . '/src/Compat.php'; 46 44 47 if (!class_exists('SodiumException', false)) { 45 48 require_once dirname(__FILE__) . '/src/SodiumException.php'; … … 62 65 assert(class_exists('ParagonIE_Sodium_Compat')); 63 66 } 64 require_once (dirname(__FILE__) . '/lib/php72compat.php'); 67 require_once(dirname(__FILE__) . '/lib/php72compat.php'); 68 } elseif (!function_exists('sodium_crypto_stream_xchacha20_xor')) { 69 // Older versions of {PHP, ext/sodium} will not define these 70 require_once(dirname(__FILE__) . '/lib/php72compat.php'); 65 71 } 72 require_once(dirname(__FILE__) . '/lib/ristretto255.php'); -
trunk/src/wp-includes/sodium_compat/composer.json
r49741 r51002 57 57 "phpunit/phpunit": "^3|^4|^5|^6|^7|^8|^9" 58 58 }, 59 "scripts": { 60 "test": "phpunit" 61 }, 59 62 "suggest": { 60 63 "ext-libsodium": "PHP < 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security.", -
trunk/src/wp-includes/sodium_compat/lib/php72compat.php
r49056 r51002 95 95 'CRYPTO_STREAM_KEYBYTES', 96 96 'CRYPTO_STREAM_NONCEBYTES', 97 'CRYPTO_STREAM_XCHACHA20_KEYBYTES', 98 'CRYPTO_STREAM_XCHACHA20_NONCEBYTES', 97 99 'LIBRARY_MAJOR_VERSION', 98 100 'LIBRARY_MINOR_VERSION', … … 1217 1219 } 1218 1220 } 1221 require_once dirname(__FILE__) . '/stream-xchacha20.php'; 1219 1222 if (!is_callable('sodium_hex2bin')) { 1220 1223 /** -
trunk/src/wp-includes/sodium_compat/lib/php72compat_const.php
r46858 r51002 89 89 const SODIUM_CRYPTO_STREAM_KEYBYTES = 32; 90 90 const SODIUM_CRYPTO_STREAM_NONCEBYTES = 24; 91 const SODIUM_CRYPTO_STREAM_XCHACHA20_KEYBYTES = 32; 92 const SODIUM_CRYPTO_STREAM_XCHACHA20_NONCEBYTES = 24; -
trunk/src/wp-includes/sodium_compat/lib/sodium_compat.php
r46858 r51002 392 392 $their_public, 393 393 $client_public, 394 $server_public 394 $server_public, 395 true 395 396 ); 396 397 } -
trunk/src/wp-includes/sodium_compat/src/Compat.php
r49056 r51002 81 81 const CRYPTO_BOX_NONCEBYTES = 24; 82 82 const CRYPTO_BOX_SEEDBYTES = 32; 83 const CRYPTO_CORE_RISTRETTO255_BYTES = 32; 84 const CRYPTO_CORE_RISTRETTO255_SCALARBYTES = 32; 85 const CRYPTO_CORE_RISTRETTO255_HASHBYTES = 64; 86 const CRYPTO_CORE_RISTRETTO255_NONREDUCEDSCALARBYTES = 64; 83 87 const CRYPTO_KDF_BYTES_MIN = 16; 84 88 const CRYPTO_KDF_BYTES_MAX = 64; … … 116 120 const CRYPTO_SCALARMULT_BYTES = 32; 117 121 const CRYPTO_SCALARMULT_SCALARBYTES = 32; 122 const CRYPTO_SCALARMULT_RISTRETTO255_BYTES = 32; 123 const CRYPTO_SCALARMULT_RISTRETTO255_SCALARBYTES = 32; 118 124 const CRYPTO_SHORTHASH_BYTES = 8; 119 125 const CRYPTO_SHORTHASH_KEYBYTES = 16; … … 136 142 const CRYPTO_STREAM_KEYBYTES = 32; 137 143 const CRYPTO_STREAM_NONCEBYTES = 24; 144 const CRYPTO_STREAM_XCHACHA20_KEYBYTES = 32; 145 const CRYPTO_STREAM_XCHACHA20_NONCEBYTES = 24; 138 146 139 147 /** … … 728 736 /* Type checks: */ 729 737 ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1); 730 ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2); 738 if (!is_null($assocData)) { 739 ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2); 740 } 731 741 ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3); 732 742 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4); … … 815 825 /* Type checks: */ 816 826 ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1); 817 ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2); 827 if (!is_null($assocData)) { 828 ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2); 829 } else { 830 $assocData = ''; 831 } 818 832 ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3); 819 833 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4); … … 886 900 /* Type checks: */ 887 901 ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1); 888 ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2); 902 if (!is_null($assocData)) { 903 ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2); 904 } else { 905 $assocData = ''; 906 } 889 907 ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3); 890 908 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4); … … 1689 1707 * @param string $client_public 1690 1708 * @param string $server_public 1691 * @return string 1692 * @throws SodiumException 1693 * @throws TypeError 1694 * @psalm-suppress MixedArgument 1695 */ 1696 public static function crypto_kx($my_secret, $their_public, $client_public, $server_public) 1709 * @param bool $dontFallback 1710 * @return string 1711 * @throws SodiumException 1712 * @throws TypeError 1713 * @psalm-suppress MixedArgument 1714 */ 1715 public static function crypto_kx($my_secret, $their_public, $client_public, $server_public, $dontFallback = false) 1697 1716 { 1698 1717 /* Type checks: */ … … 1716 1735 } 1717 1736 1718 if (self::useNewSodiumAPI() ) {1737 if (self::useNewSodiumAPI() && !$dontFallback) { 1719 1738 if (is_callable('sodium_crypto_kx')) { 1720 1739 return (string) sodium_crypto_kx( … … 3051 3070 } 3052 3071 3072 3073 /** 3074 * Expand a key and nonce into a keystream of pseudorandom bytes. 3075 * 3076 * @param int $len Number of bytes desired 3077 * @param string $nonce Number to be used Once; must be 24 bytes 3078 * @param string $key XChaCha20 key 3079 * @param bool $dontFallback 3080 * @return string Pseudorandom stream that can be XORed with messages 3081 * to provide encryption (but not authentication; see 3082 * Poly1305 or crypto_auth() for that, which is not 3083 * optional for security) 3084 * @throws SodiumException 3085 * @throws TypeError 3086 * @psalm-suppress MixedArgument 3087 */ 3088 public static function crypto_stream_xchacha20($len, $nonce, $key, $dontFallback = false) 3089 { 3090 /* Type checks: */ 3091 ParagonIE_Sodium_Core_Util::declareScalarType($len, 'int', 1); 3092 ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2); 3093 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 3); 3094 3095 /* Input validation: */ 3096 if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_STREAM_XCHACHA20_NONCEBYTES) { 3097 throw new SodiumException('Argument 2 must be CRYPTO_SECRETBOX_XCHACHA20_NONCEBYTES long.'); 3098 } 3099 if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_STREAM_XCHACHA20_KEYBYTES) { 3100 throw new SodiumException('Argument 3 must be CRYPTO_STREAM_XCHACHA20_KEYBYTES long.'); 3101 } 3102 3103 if (self::useNewSodiumAPI() && !$dontFallback) { 3104 return sodium_crypto_stream_xchacha20($len, $nonce, $key); 3105 } 3106 if (PHP_INT_SIZE === 4) { 3107 return ParagonIE_Sodium_Core32_XChaCha20::stream($len, $nonce, $key); 3108 } 3109 return ParagonIE_Sodium_Core_XChaCha20::stream($len, $nonce, $key); 3110 } 3111 3112 /** 3113 * DANGER! UNAUTHENTICATED ENCRYPTION! 3114 * 3115 * Unless you are following expert advice, do not used this feature. 3116 * 3117 * Algorithm: XChaCha20 3118 * 3119 * This DOES NOT provide ciphertext integrity. 3120 * 3121 * @param string $message Plaintext message 3122 * @param string $nonce Number to be used Once; must be 24 bytes 3123 * @param string $key Encryption key 3124 * @return string Encrypted text which is vulnerable to chosen- 3125 * ciphertext attacks unless you implement some 3126 * other mitigation to the ciphertext (i.e. 3127 * Encrypt then MAC) 3128 * @param bool $dontFallback 3129 * @throws SodiumException 3130 * @throws TypeError 3131 * @psalm-suppress MixedArgument 3132 */ 3133 public static function crypto_stream_xchacha20_xor($message, $nonce, $key, $dontFallback = false) 3134 { 3135 /* Type checks: */ 3136 ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1); 3137 ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2); 3138 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 3); 3139 3140 /* Input validation: */ 3141 if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_STREAM_XCHACHA20_NONCEBYTES) { 3142 throw new SodiumException('Argument 2 must be CRYPTO_SECRETBOX_XCHACHA20_NONCEBYTES long.'); 3143 } 3144 if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_STREAM_XCHACHA20_KEYBYTES) { 3145 throw new SodiumException('Argument 3 must be CRYPTO_SECRETBOX_XCHACHA20_KEYBYTES long.'); 3146 } 3147 3148 if (self::useNewSodiumAPI() && !$dontFallback) { 3149 return sodium_crypto_stream_xchacha20_xor($message, $nonce, $key); 3150 } 3151 if (PHP_INT_SIZE === 4) { 3152 return ParagonIE_Sodium_Core32_XChaCha20::streamXorIc($message, $nonce, $key); 3153 } 3154 return ParagonIE_Sodium_Core_XChaCha20::streamXorIc($message, $nonce, $key); 3155 } 3156 3157 /** 3158 * Return a secure random key for use with crypto_stream_xchacha20 3159 * 3160 * @return string 3161 * @throws Exception 3162 * @throws Error 3163 */ 3164 public static function crypto_stream_xchacha20_keygen() 3165 { 3166 return random_bytes(self::CRYPTO_STREAM_XCHACHA20_KEYBYTES); 3167 } 3168 3053 3169 /** 3054 3170 * Cache-timing-safe implementation of hex2bin(). … … 3113 3229 } 3114 3230 $var = $copy; 3231 } 3232 3233 /** 3234 * @param string $str 3235 * @return bool 3236 * 3237 * @throws SodiumException 3238 */ 3239 public static function is_zero($str) 3240 { 3241 $d = 0; 3242 for ($i = 0; $i < 32; ++$i) { 3243 $d |= ParagonIE_Sodium_Core_Util::chrToInt($str[$i]); 3244 } 3245 return ((($d - 1) >> 31) & 1) === 1; 3115 3246 } 3116 3247 … … 3453 3584 3454 3585 /** 3586 * @param string $p 3587 * @param bool $dontFallback 3588 * @return bool 3589 * @throws SodiumException 3590 */ 3591 public static function ristretto255_is_valid_point($p, $dontFallback = false) 3592 { 3593 if (self::useNewSodiumAPI() && !$dontFallback) { 3594 return sodium_crypto_core_ristretto255_is_valid_point($p); 3595 } 3596 try { 3597 $r = ParagonIE_Sodium_Core_Ristretto255::ristretto255_frombytes($p); 3598 return $r['res'] === 0 && 3599 ParagonIE_Sodium_Core_Ristretto255::ristretto255_point_is_canonical($p) === 1; 3600 } catch (SodiumException $ex) { 3601 if ($ex->getMessage() === 'S is not canonical') { 3602 return false; 3603 } 3604 throw $ex; 3605 } 3606 } 3607 3608 /** 3609 * @param string $p 3610 * @param string $q 3611 * @param bool $dontFallback 3612 * @return string 3613 * @throws SodiumException 3614 */ 3615 public static function ristretto255_add($p, $q, $dontFallback = false) 3616 { 3617 if (self::useNewSodiumAPI() && !$dontFallback) { 3618 return sodium_crypto_core_ristretto255_add($p, $q); 3619 } 3620 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_add($p, $q); 3621 } 3622 3623 /** 3624 * @param string $p 3625 * @param string $q 3626 * @param bool $dontFallback 3627 * @return string 3628 * @throws SodiumException 3629 */ 3630 public static function ristretto255_sub($p, $q, $dontFallback = false) 3631 { 3632 if (self::useNewSodiumAPI() && !$dontFallback) { 3633 return sodium_crypto_core_ristretto255_sub($p, $q); 3634 } 3635 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_sub($p, $q); 3636 } 3637 3638 /** 3639 * @param string $r 3640 * @param bool $dontFallback 3641 * @return string 3642 * 3643 * @throws SodiumException 3644 */ 3645 public static function ristretto255_from_hash($r, $dontFallback = false) 3646 { 3647 if (self::useNewSodiumAPI() && !$dontFallback) { 3648 return sodium_crypto_core_ristretto255_from_hash($r); 3649 } 3650 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_from_hash($r); 3651 } 3652 3653 /** 3654 * @param bool $dontFallback 3655 * @return string 3656 * 3657 * @throws SodiumException 3658 */ 3659 public static function ristretto255_random($dontFallback = false) 3660 { 3661 if (self::useNewSodiumAPI() && !$dontFallback) { 3662 return sodium_crypto_core_ristretto255_random(); 3663 } 3664 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_random(); 3665 } 3666 3667 /** 3668 * @param bool $dontFallback 3669 * @return string 3670 * 3671 * @throws SodiumException 3672 */ 3673 public static function ristretto255_scalar_random($dontFallback = false) 3674 { 3675 if (self::useNewSodiumAPI() && !$dontFallback) { 3676 return sodium_crypto_core_ristretto255_scalar_random(); 3677 } 3678 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_random(); 3679 } 3680 3681 /** 3682 * @param string $s 3683 * @param bool $dontFallback 3684 * @return string 3685 * @throws SodiumException 3686 */ 3687 public static function ristretto255_scalar_invert($s, $dontFallback = false) 3688 { 3689 if (self::useNewSodiumAPI() && !$dontFallback) { 3690 return sodium_crypto_core_ristretto255_scalar_invert($s); 3691 } 3692 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_invert($s); 3693 } 3694 /** 3695 * @param string $s 3696 * @param bool $dontFallback 3697 * @return string 3698 * @throws SodiumException 3699 */ 3700 public static function ristretto255_scalar_negate($s, $dontFallback = false) 3701 { 3702 if (self::useNewSodiumAPI() && !$dontFallback) { 3703 return sodium_crypto_core_ristretto255_scalar_negate($s); 3704 } 3705 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_negate($s); 3706 } 3707 3708 /** 3709 * @param string $s 3710 * @param bool $dontFallback 3711 * @return string 3712 * @throws SodiumException 3713 */ 3714 public static function ristretto255_scalar_complement($s, $dontFallback = false) 3715 { 3716 if (self::useNewSodiumAPI() && !$dontFallback) { 3717 return sodium_crypto_core_ristretto255_scalar_complement($s); 3718 } 3719 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_complement($s); 3720 } 3721 3722 /** 3723 * @param string $x 3724 * @param string $y 3725 * @param bool $dontFallback 3726 * @return string 3727 * @throws SodiumException 3728 */ 3729 public static function ristretto255_scalar_add($x, $y, $dontFallback = false) 3730 { 3731 if (self::useNewSodiumAPI() && !$dontFallback) { 3732 return sodium_crypto_core_ristretto255_scalar_add($x, $y); 3733 } 3734 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_add($x, $y); 3735 } 3736 3737 /** 3738 * @param string $x 3739 * @param string $y 3740 * @param bool $dontFallback 3741 * @return string 3742 * @throws SodiumException 3743 */ 3744 public static function ristretto255_scalar_sub($x, $y, $dontFallback = false) 3745 { 3746 if (self::useNewSodiumAPI() && !$dontFallback) { 3747 return sodium_crypto_core_ristretto255_scalar_sub($x, $y); 3748 } 3749 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_sub($x, $y); 3750 } 3751 3752 /** 3753 * @param string $x 3754 * @param string $y 3755 * @param bool $dontFallback 3756 * @return string 3757 * @throws SodiumException 3758 */ 3759 public static function ristretto255_scalar_mul($x, $y, $dontFallback = false) 3760 { 3761 if (self::useNewSodiumAPI() && !$dontFallback) { 3762 return sodium_crypto_core_ristretto255_scalar_mul($x, $y); 3763 } 3764 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_mul($x, $y); 3765 } 3766 3767 /** 3768 * @param string $n 3769 * @param string $p 3770 * @param bool $dontFallback 3771 * @return string 3772 * @throws SodiumException 3773 */ 3774 public static function scalarmult_ristretto255($n, $p, $dontFallback = false) 3775 { 3776 if (self::useNewSodiumAPI() && !$dontFallback) { 3777 return sodium_crypto_scalarmult_ristretto255($n, $p); 3778 } 3779 return ParagonIE_Sodium_Core_Ristretto255::scalarmult_ristretto255($n, $p); 3780 } 3781 3782 /** 3783 * @param string $n 3784 * @param string $p 3785 * @param bool $dontFallback 3786 * @return string 3787 * @throws SodiumException 3788 */ 3789 public static function scalarmult_ristretto255_base($n, $dontFallback = false) 3790 { 3791 if (self::useNewSodiumAPI() && !$dontFallback) { 3792 return sodium_crypto_scalarmult_ristretto255_base($n); 3793 } 3794 return ParagonIE_Sodium_Core_Ristretto255::scalarmult_ristretto255_base($n); 3795 } 3796 3797 /** 3798 * @param string $s 3799 * @param bool $dontFallback 3800 * @return string 3801 * @throws SodiumException 3802 */ 3803 public static function ristretto255_scalar_reduce($s, $dontFallback = false) 3804 { 3805 if (self::useNewSodiumAPI() && !$dontFallback) { 3806 return sodium_crypto_core_ristretto255_scalar_reduce($s); 3807 } 3808 return ParagonIE_Sodium_Core_Ristretto255::sc_reduce($s); 3809 } 3810 3811 /** 3455 3812 * Runtime testing method for 32-bit platforms. 3456 3813 * … … 3489 3846 3490 3847 /** 3848 * Add two numbers (little-endian unsigned), storing the value in the first 3849 * parameter. 3850 * 3851 * This mutates $val. 3852 * 3853 * @param string $val 3854 * @param string $addv 3855 * @return void 3856 * @throws SodiumException 3857 */ 3858 public static function sub(&$val, $addv) 3859 { 3860 $val_len = ParagonIE_Sodium_Core_Util::strlen($val); 3861 $addv_len = ParagonIE_Sodium_Core_Util::strlen($addv); 3862 if ($val_len !== $addv_len) { 3863 throw new SodiumException('values must have the same length'); 3864 } 3865 $A = ParagonIE_Sodium_Core_Util::stringToIntArray($val); 3866 $B = ParagonIE_Sodium_Core_Util::stringToIntArray($addv); 3867 3868 $c = 0; 3869 for ($i = 0; $i < $val_len; $i++) { 3870 $c = ($A[$i] - $B[$i] - $c); 3871 $A[$i] = ($c & 0xff); 3872 $c = ($c >> 8) & 1; 3873 } 3874 $val = ParagonIE_Sodium_Core_Util::intArrayToString($A); 3875 } 3876 3877 /** 3491 3878 * This emulates libsodium's version_string() function, except ours is 3492 3879 * prefixed with 'polyfill-'. -
trunk/src/wp-includes/sodium_compat/src/Core/BLAKE2b.php
r46858 r51002 645 645 * @param string $str 646 646 * @return SplFixedArray 647 * @psalm-suppress MixedArgumentTypeCoercion 647 648 */ 648 649 public static function stringToSplFixedArray($str = '') -
trunk/src/wp-includes/sodium_compat/src/Core/Curve25519.php
r46586 r51002 87 87 $b *= -1; 88 88 for ($i = 0; $i < 10; ++$i) { 89 /** @var int $x */90 89 $x = (($f[$i] ^ $g[$i]) & $b); 91 $h[$i] = ( int) ((int) ($f[$i]) ^ $x);90 $h[$i] = ($f[$i]) ^ $x; 92 91 } 93 92 return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray($h); … … 702 701 $f0f0 = self::mul($f0, $f0, 25); 703 702 $f0f1_2 = self::mul($f0_2, $f1, 24); 704 $f0f2_2 = self::mul($f0_2, $f2, 2 5);703 $f0f2_2 = self::mul($f0_2, $f2, 26); 705 704 $f0f3_2 = self::mul($f0_2, $f3, 24); 706 705 $f0f4_2 = self::mul($f0_2, $f4, 25); … … 711 710 $f0f9_2 = self::mul($f0_2, $f9, 25); 712 711 $f1f1_2 = self::mul($f1_2, $f1, 24); 713 $f1f2_2 = self::mul($f1_2, $f2, 2 5);712 $f1f2_2 = self::mul($f1_2, $f2, 26); 714 713 $f1f3_4 = self::mul($f1_2, $f3_2, 25); 715 714 $f1f4_2 = self::mul($f1_2, $f4, 25); … … 719 718 $f1f8_2 = self::mul($f1_2, $f8, 25); 720 719 $f1f9_76 = self::mul($f9_38, $f1_2, 25); 721 $f2f2 = self::mul($f2, $f2, 2 5);720 $f2f2 = self::mul($f2, $f2, 26); 722 721 $f2f3_2 = self::mul($f2_2, $f3, 24); 723 722 $f2f4_2 = self::mul($f2_2, $f4, 25); 724 723 $f2f5_2 = self::mul($f2_2, $f5, 25); 725 724 $f2f6_2 = self::mul($f2_2, $f6, 25); 726 $f2f7_2 = self::mul($f2_2, $f7, 2 4);727 $f2f8_38 = self::mul($f8_19, $f2_2, 2 6);728 $f2f9_38 = self::mul($f9_38, $f2, 2 5);729 $f3f3_2 = self::mul($f3_2, $f3, 2 4);725 $f2f7_2 = self::mul($f2_2, $f7, 25); 726 $f2f8_38 = self::mul($f8_19, $f2_2, 27); 727 $f2f9_38 = self::mul($f9_38, $f2, 26); 728 $f3f3_2 = self::mul($f3_2, $f3, 25); 730 729 $f3f4_2 = self::mul($f3_2, $f4, 25); 731 730 $f3f5_4 = self::mul($f3_2, $f5_2, 26); … … 1586 1585 { 1587 1586 return new ParagonIE_Sodium_Core_Curve25519_Ge_P2( 1588 $p->X,1589 $p->Y,1590 $p->Z1587 self::fe_copy($p->X), 1588 self::fe_copy($p->Y), 1589 self::fe_copy($p->Z) 1591 1590 ); 1592 1591 } … … 1645 1644 public static function equal($b, $c) 1646 1645 { 1647 return (int) ((($b ^ $c) - 1 & 0xffffffff) >> 31);1646 return (int) ((($b ^ $c) - 1) >> 31) & 1; 1648 1647 } 1649 1648 … … 1659 1658 { 1660 1659 if (is_int($char)) { 1661 return $char < 0 ? 1 : 0;1660 return ($char >> 63) & 1; 1662 1661 } 1663 1662 $x = self::chrToInt(self::substr($char, 0, 1)); … … 1684 1683 } 1685 1684 return new ParagonIE_Sodium_Core_Curve25519_Ge_Precomp( 1686 self::fe_cmov($t->yplusx, $u->yplusx,$b),1685 self::fe_cmov($t->yplusx, $u->yplusx, $b), 1687 1686 self::fe_cmov($t->yminusx, $u->yminusx, $b), 1688 self::fe_cmov($t->xy2d, $u->xy2d,$b)1687 self::fe_cmov($t->xy2d, $u->xy2d, $b) 1689 1688 ); 1689 } 1690 1691 /** 1692 * @param ParagonIE_Sodium_Core_Curve25519_Ge_Cached $t 1693 * @param ParagonIE_Sodium_Core_Curve25519_Ge_Cached $u 1694 * @param int $b 1695 * @return ParagonIE_Sodium_Core_Curve25519_Ge_Cached 1696 */ 1697 public static function ge_cmov_cached( 1698 ParagonIE_Sodium_Core_Curve25519_Ge_Cached $t, 1699 ParagonIE_Sodium_Core_Curve25519_Ge_Cached $u, 1700 $b 1701 ) { 1702 $b &= 1; 1703 $ret = new ParagonIE_Sodium_Core_Curve25519_Ge_Cached(); 1704 $ret->YplusX = self::fe_cmov($t->YplusX, $u->YplusX, $b); 1705 $ret->YminusX = self::fe_cmov($t->YminusX, $u->YminusX, $b); 1706 $ret->Z = self::fe_cmov($t->Z, $u->Z, $b); 1707 $ret->T2d = self::fe_cmov($t->T2d, $u->T2d, $b); 1708 return $ret; 1709 } 1710 1711 /** 1712 * @param ParagonIE_Sodium_Core_Curve25519_Ge_Cached[] $cached 1713 * @param int $b 1714 * @return ParagonIE_Sodium_Core_Curve25519_Ge_Cached 1715 * @throws SodiumException 1716 */ 1717 public static function ge_cmov8_cached(array $cached, $b) 1718 { 1719 // const unsigned char bnegative = negative(b); 1720 // const unsigned char babs = b - (((-bnegative) & b) * ((signed char) 1 << 1)); 1721 $bnegative = self::negative($b); 1722 $babs = $b - (((-$bnegative) & $b) << 1); 1723 1724 // ge25519_cached_0(t); 1725 $t = new ParagonIE_Sodium_Core_Curve25519_Ge_Cached( 1726 self::fe_1(), 1727 self::fe_1(), 1728 self::fe_1(), 1729 self::fe_0() 1730 ); 1731 1732 // ge25519_cmov_cached(t, &cached[0], equal(babs, 1)); 1733 // ge25519_cmov_cached(t, &cached[1], equal(babs, 2)); 1734 // ge25519_cmov_cached(t, &cached[2], equal(babs, 3)); 1735 // ge25519_cmov_cached(t, &cached[3], equal(babs, 4)); 1736 // ge25519_cmov_cached(t, &cached[4], equal(babs, 5)); 1737 // ge25519_cmov_cached(t, &cached[5], equal(babs, 6)); 1738 // ge25519_cmov_cached(t, &cached[6], equal(babs, 7)); 1739 // ge25519_cmov_cached(t, &cached[7], equal(babs, 8)); 1740 for ($x = 0; $x < 8; ++$x) { 1741 $t = self::ge_cmov_cached($t, $cached[$x], self::equal($babs, $x + 1)); 1742 } 1743 1744 // fe25519_copy(minust.YplusX, t->YminusX); 1745 // fe25519_copy(minust.YminusX, t->YplusX); 1746 // fe25519_copy(minust.Z, t->Z); 1747 // fe25519_neg(minust.T2d, t->T2d); 1748 $minust = new ParagonIE_Sodium_Core_Curve25519_Ge_Cached( 1749 self::fe_copy($t->YminusX), 1750 self::fe_copy($t->YplusX), 1751 self::fe_copy($t->Z), 1752 self::fe_neg($t->T2d) 1753 ); 1754 return self::ge_cmov_cached($t, $minust, $bnegative); 1690 1755 } 1691 1756 … … 1924 1989 } 1925 1990 return $r; 1991 } 1992 1993 /** 1994 * @internal You should not use this directly from another application 1995 * 1996 * @param string $a 1997 * @param ParagonIE_Sodium_Core_Curve25519_Ge_P3 $p 1998 * @return ParagonIE_Sodium_Core_Curve25519_Ge_P3 1999 * @throws SodiumException 2000 * @throws TypeError 2001 * @psalm-suppress MixedAssignment 2002 * @psalm-suppress MixedOperand 2003 */ 2004 public static function ge_scalarmult($a, $p) 2005 { 2006 $e = array_fill(0, 64, 0); 2007 2008 /** @var ParagonIE_Sodium_Core_Curve25519_Ge_Cached[] $pi */ 2009 $pi = array(); 2010 2011 // ge25519_p3_to_cached(&pi[1 - 1], p); /* p */ 2012 $pi[0] = self::ge_p3_to_cached($p); 2013 2014 // ge25519_p3_dbl(&t2, p); 2015 // ge25519_p1p1_to_p3(&p2, &t2); 2016 // ge25519_p3_to_cached(&pi[2 - 1], &p2); /* 2p = 2*p */ 2017 $t2 = self::ge_p3_dbl($p); 2018 $p2 = self::ge_p1p1_to_p3($t2); 2019 $pi[1] = self::ge_p3_to_cached($p2); 2020 2021 // ge25519_add_cached(&t3, p, &pi[2 - 1]); 2022 // ge25519_p1p1_to_p3(&p3, &t3); 2023 // ge25519_p3_to_cached(&pi[3 - 1], &p3); /* 3p = 2p+p */ 2024 $t3 = self::ge_add($p, $pi[1]); 2025 $p3 = self::ge_p1p1_to_p3($t3); 2026 $pi[2] = self::ge_p3_to_cached($p3); 2027 2028 // ge25519_p3_dbl(&t4, &p2); 2029 // ge25519_p1p1_to_p3(&p4, &t4); 2030 // ge25519_p3_to_cached(&pi[4 - 1], &p4); /* 4p = 2*2p */ 2031 $t4 = self::ge_p3_dbl($p2); 2032 $p4 = self::ge_p1p1_to_p3($t4); 2033 $pi[3] = self::ge_p3_to_cached($p4); 2034 2035 // ge25519_add_cached(&t5, p, &pi[4 - 1]); 2036 // ge25519_p1p1_to_p3(&p5, &t5); 2037 // ge25519_p3_to_cached(&pi[5 - 1], &p5); /* 5p = 4p+p */ 2038 $t5 = self::ge_add($p, $pi[3]); 2039 $p5 = self::ge_p1p1_to_p3($t5); 2040 $pi[4] = self::ge_p3_to_cached($p5); 2041 2042 // ge25519_p3_dbl(&t6, &p3); 2043 // ge25519_p1p1_to_p3(&p6, &t6); 2044 // ge25519_p3_to_cached(&pi[6 - 1], &p6); /* 6p = 2*3p */ 2045 $t6 = self::ge_p3_dbl($p3); 2046 $p6 = self::ge_p1p1_to_p3($t6); 2047 $pi[5] = self::ge_p3_to_cached($p6); 2048 2049 // ge25519_add_cached(&t7, p, &pi[6 - 1]); 2050 // ge25519_p1p1_to_p3(&p7, &t7); 2051 // ge25519_p3_to_cached(&pi[7 - 1], &p7); /* 7p = 6p+p */ 2052 $t7 = self::ge_add($p, $pi[5]); 2053 $p7 = self::ge_p1p1_to_p3($t7); 2054 $pi[6] = self::ge_p3_to_cached($p7); 2055 2056 // ge25519_p3_dbl(&t8, &p4); 2057 // ge25519_p1p1_to_p3(&p8, &t8); 2058 // ge25519_p3_to_cached(&pi[8 - 1], &p8); /* 8p = 2*4p */ 2059 $t8 = self::ge_p3_dbl($p4); 2060 $p8 = self::ge_p1p1_to_p3($t8); 2061 $pi[7] = self::ge_p3_to_cached($p8); 2062 2063 2064 // for (i = 0; i < 32; ++i) { 2065 // e[2 * i + 0] = (a[i] >> 0) & 15; 2066 // e[2 * i + 1] = (a[i] >> 4) & 15; 2067 // } 2068 for ($i = 0; $i < 32; ++$i) { 2069 $e[($i << 1) ] = self::chrToInt($a[$i]) & 15; 2070 $e[($i << 1) + 1] = (self::chrToInt($a[$i]) >> 4) & 15; 2071 } 2072 // /* each e[i] is between 0 and 15 */ 2073 // /* e[63] is between 0 and 7 */ 2074 2075 // carry = 0; 2076 // for (i = 0; i < 63; ++i) { 2077 // e[i] += carry; 2078 // carry = e[i] + 8; 2079 // carry >>= 4; 2080 // e[i] -= carry * ((signed char) 1 << 4); 2081 // } 2082 $carry = 0; 2083 for ($i = 0; $i < 64; ++$i) { 2084 $e[$i] += $carry; 2085 $carry = $e[$i] + 8; 2086 $carry >>= 4; 2087 $e[$i] -= $carry << 4; 2088 } 2089 // e[63] += carry; 2090 // /* each e[i] is between -8 and 8 */ 2091 $e[63] += $carry; 2092 2093 // ge25519_p3_0(h); 2094 $h = self::ge_p3_0(); 2095 2096 // for (i = 63; i != 0; i--) { 2097 for ($i = 63; $i != 0; --$i) { 2098 // ge25519_cmov8_cached(&t, pi, e[i]); 2099 $t = self::ge_cmov8_cached($pi, $e[$i]); 2100 // ge25519_add_cached(&r, h, &t); 2101 $r = self::ge_add($h, $t); 2102 2103 // ge25519_p1p1_to_p2(&s, &r); 2104 // ge25519_p2_dbl(&r, &s); 2105 // ge25519_p1p1_to_p2(&s, &r); 2106 // ge25519_p2_dbl(&r, &s); 2107 // ge25519_p1p1_to_p2(&s, &r); 2108 // ge25519_p2_dbl(&r, &s); 2109 // ge25519_p1p1_to_p2(&s, &r); 2110 // ge25519_p2_dbl(&r, &s); 2111 $s = self::ge_p1p1_to_p2($r); 2112 $r = self::ge_p2_dbl($s); 2113 $s = self::ge_p1p1_to_p2($r); 2114 $r = self::ge_p2_dbl($s); 2115 $s = self::ge_p1p1_to_p2($r); 2116 $r = self::ge_p2_dbl($s); 2117 $s = self::ge_p1p1_to_p2($r); 2118 $r = self::ge_p2_dbl($s); 2119 2120 // ge25519_p1p1_to_p3(h, &r); /* *16 */ 2121 $h = self::ge_p1p1_to_p3($r); /* *16 */ 2122 } 2123 2124 // ge25519_cmov8_cached(&t, pi, e[i]); 2125 // ge25519_add_cached(&r, h, &t); 2126 // ge25519_p1p1_to_p3(h, &r); 2127 $t = self::ge_cmov8_cached($pi, $e[0]); 2128 $r = self::ge_add($h, $t); 2129 return self::ge_p1p1_to_p3($r); 1926 2130 } 1927 2131 … … 3000 3204 return self::ge_p1p1_to_p3($t); 3001 3205 } 3206 3207 /** 3208 * @param string $a 3209 * @param string $b 3210 * @return string 3211 */ 3212 public static function sc25519_mul($a, $b) 3213 { 3214 // int64_t a0 = 2097151 & load_3(a); 3215 // int64_t a1 = 2097151 & (load_4(a + 2) >> 5); 3216 // int64_t a2 = 2097151 & (load_3(a + 5) >> 2); 3217 // int64_t a3 = 2097151 & (load_4(a + 7) >> 7); 3218 // int64_t a4 = 2097151 & (load_4(a + 10) >> 4); 3219 // int64_t a5 = 2097151 & (load_3(a + 13) >> 1); 3220 // int64_t a6 = 2097151 & (load_4(a + 15) >> 6); 3221 // int64_t a7 = 2097151 & (load_3(a + 18) >> 3); 3222 // int64_t a8 = 2097151 & load_3(a + 21); 3223 // int64_t a9 = 2097151 & (load_4(a + 23) >> 5); 3224 // int64_t a10 = 2097151 & (load_3(a + 26) >> 2); 3225 // int64_t a11 = (load_4(a + 28) >> 7); 3226 $a0 = 2097151 & self::load_3(self::substr($a, 0, 3)); 3227 $a1 = 2097151 & (self::load_4(self::substr($a, 2, 4)) >> 5); 3228 $a2 = 2097151 & (self::load_3(self::substr($a, 5, 3)) >> 2); 3229 $a3 = 2097151 & (self::load_4(self::substr($a, 7, 4)) >> 7); 3230 $a4 = 2097151 & (self::load_4(self::substr($a, 10, 4)) >> 4); 3231 $a5 = 2097151 & (self::load_3(self::substr($a, 13, 3)) >> 1); 3232 $a6 = 2097151 & (self::load_4(self::substr($a, 15, 4)) >> 6); 3233 $a7 = 2097151 & (self::load_3(self::substr($a, 18, 3)) >> 3); 3234 $a8 = 2097151 & self::load_3(self::substr($a, 21, 3)); 3235 $a9 = 2097151 & (self::load_4(self::substr($a, 23, 4)) >> 5); 3236 $a10 = 2097151 & (self::load_3(self::substr($a, 26, 3)) >> 2); 3237 $a11 = (self::load_4(self::substr($a, 28, 4)) >> 7); 3238 3239 // int64_t b0 = 2097151 & load_3(b); 3240 // int64_t b1 = 2097151 & (load_4(b + 2) >> 5); 3241 // int64_t b2 = 2097151 & (load_3(b + 5) >> 2); 3242 // int64_t b3 = 2097151 & (load_4(b + 7) >> 7); 3243 // int64_t b4 = 2097151 & (load_4(b + 10) >> 4); 3244 // int64_t b5 = 2097151 & (load_3(b + 13) >> 1); 3245 // int64_t b6 = 2097151 & (load_4(b + 15) >> 6); 3246 // int64_t b7 = 2097151 & (load_3(b + 18) >> 3); 3247 // int64_t b8 = 2097151 & load_3(b + 21); 3248 // int64_t b9 = 2097151 & (load_4(b + 23) >> 5); 3249 // int64_t b10 = 2097151 & (load_3(b + 26) >> 2); 3250 // int64_t b11 = (load_4(b + 28) >> 7); 3251 $b0 = 2097151 & self::load_3(self::substr($b, 0, 3)); 3252 $b1 = 2097151 & (self::load_4(self::substr($b, 2, 4)) >> 5); 3253 $b2 = 2097151 & (self::load_3(self::substr($b, 5, 3)) >> 2); 3254 $b3 = 2097151 & (self::load_4(self::substr($b, 7, 4)) >> 7); 3255 $b4 = 2097151 & (self::load_4(self::substr($b, 10, 4)) >> 4); 3256 $b5 = 2097151 & (self::load_3(self::substr($b, 13, 3)) >> 1); 3257 $b6 = 2097151 & (self::load_4(self::substr($b, 15, 4)) >> 6); 3258 $b7 = 2097151 & (self::load_3(self::substr($b, 18, 3)) >> 3); 3259 $b8 = 2097151 & self::load_3(self::substr($b, 21, 3)); 3260 $b9 = 2097151 & (self::load_4(self::substr($b, 23, 4)) >> 5); 3261 $b10 = 2097151 & (self::load_3(self::substr($b, 26, 3)) >> 2); 3262 $b11 = (self::load_4(self::substr($b, 28, 4)) >> 7); 3263 3264 // s0 = a0 * b0; 3265 // s1 = a0 * b1 + a1 * b0; 3266 // s2 = a0 * b2 + a1 * b1 + a2 * b0; 3267 // s3 = a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; 3268 // s4 = a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; 3269 // s5 = a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; 3270 // s6 = a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; 3271 // s7 = a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + 3272 // a6 * b1 + a7 * b0; 3273 // s8 = a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + 3274 // a6 * b2 + a7 * b1 + a8 * b0; 3275 // s9 = a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + 3276 // a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; 3277 // s10 = a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + 3278 // a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; 3279 // s11 = a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + 3280 // a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; 3281 // s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + 3282 // a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; 3283 // s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + 3284 // a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2; 3285 // s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + 3286 // a9 * b5 + a10 * b4 + a11 * b3; 3287 // s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + 3288 // a10 * b5 + a11 * b4; 3289 // s16 = 3290 // a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; 3291 // s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; 3292 // s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; 3293 // s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; 3294 // s20 = a9 * b11 + a10 * b10 + a11 * b9; 3295 // s21 = a10 * b11 + a11 * b10; 3296 // s22 = a11 * b11; 3297 // s23 = 0; 3298 $s0 = self::mul($a0, $b0, 22); 3299 $s1 = self::mul($a0, $b1, 22) + self::mul($a1, $b0, 22); 3300 $s2 = self::mul($a0, $b2, 22) + self::mul($a1, $b1, 22) + self::mul($a2, $b0, 22); 3301 $s3 = self::mul($a0, $b3, 22) + self::mul($a1, $b2, 22) + self::mul($a2, $b1, 22) + self::mul($a3, $b0, 22); 3302 $s4 = self::mul($a0, $b4, 22) + self::mul($a1, $b3, 22) + self::mul($a2, $b2, 22) + self::mul($a3, $b1, 22) + 3303 self::mul($a4, $b0, 22); 3304 $s5 = self::mul($a0, $b5, 22) + self::mul($a1, $b4, 22) + self::mul($a2, $b3, 22) + self::mul($a3, $b2, 22) + 3305 self::mul($a4, $b1, 22) + self::mul($a5, $b0, 22); 3306 $s6 = self::mul($a0, $b6, 22) + self::mul($a1, $b5, 22) + self::mul($a2, $b4, 22) + self::mul($a3, $b3, 22) + 3307 self::mul($a4, $b2, 22) + self::mul($a5, $b1, 22) + self::mul($a6, $b0, 22); 3308 $s7 = self::mul($a0, $b7, 22) + self::mul($a1, $b6, 22) + self::mul($a2, $b5, 22) + self::mul($a3, $b4, 22) + 3309 self::mul($a4, $b3, 22) + self::mul($a5, $b2, 22) + self::mul($a6, $b1, 22) + self::mul($a7, $b0, 22); 3310 $s8 = self::mul($a0, $b8, 22) + self::mul($a1, $b7, 22) + self::mul($a2, $b6, 22) + self::mul($a3, $b5, 22) + 3311 self::mul($a4, $b4, 22) + self::mul($a5, $b3, 22) + self::mul($a6, $b2, 22) + self::mul($a7, $b1, 22) + 3312 self::mul($a8, $b0, 22); 3313 $s9 = self::mul($a0, $b9, 22) + self::mul($a1, $b8, 22) + self::mul($a2, $b7, 22) + self::mul($a3, $b6, 22) + 3314 self::mul($a4, $b5, 22) + self::mul($a5, $b4, 22) + self::mul($a6, $b3, 22) + self::mul($a7, $b2, 22) + 3315 self::mul($a8, $b1, 22) + self::mul($a9, $b0, 22); 3316 $s10 = self::mul($a0, $b10, 22) + self::mul($a1, $b9, 22) + self::mul($a2, $b8, 22) + self::mul($a3, $b7, 22) + 3317 self::mul($a4, $b6, 22) + self::mul($a5, $b5, 22) + self::mul($a6, $b4, 22) + self::mul($a7, $b3, 22) + 3318 self::mul($a8, $b2, 22) + self::mul($a9, $b1, 22) + self::mul($a10, $b0, 22); 3319 $s11 = self::mul($a0, $b11, 22) + self::mul($a1, $b10, 22) + self::mul($a2, $b9, 22) + self::mul($a3, $b8, 22) + 3320 self::mul($a4, $b7, 22) + self::mul($a5, $b6, 22) + self::mul($a6, $b5, 22) + self::mul($a7, $b4, 22) + 3321 self::mul($a8, $b3, 22) + self::mul($a9, $b2, 22) + self::mul($a10, $b1, 22) + self::mul($a11, $b0, 22); 3322 $s12 = self::mul($a1, $b11, 22) + self::mul($a2, $b10, 22) + self::mul($a3, $b9, 22) + self::mul($a4, $b8, 22) + 3323 self::mul($a5, $b7, 22) + self::mul($a6, $b6, 22) + self::mul($a7, $b5, 22) + self::mul($a8, $b4, 22) + 3324 self::mul($a9, $b3, 22) + self::mul($a10, $b2, 22) + self::mul($a11, $b1, 22); 3325 $s13 = self::mul($a2, $b11, 22) + self::mul($a3, $b10, 22) + self::mul($a4, $b9, 22) + self::mul($a5, $b8, 22) + 3326 self::mul($a6, $b7, 22) + self::mul($a7, $b6, 22) + self::mul($a8, $b5, 22) + self::mul($a9, $b4, 22) + 3327 self::mul($a10, $b3, 22) + self::mul($a11, $b2, 22); 3328 $s14 = self::mul($a3, $b11, 22) + self::mul($a4, $b10, 22) + self::mul($a5, $b9, 22) + self::mul($a6, $b8, 22) + 3329 self::mul($a7, $b7, 22) + self::mul($a8, $b6, 22) + self::mul($a9, $b5, 22) + self::mul($a10, $b4, 22) + 3330 self::mul($a11, $b3, 22); 3331 $s15 = self::mul($a4, $b11, 22) + self::mul($a5, $b10, 22) + self::mul($a6, $b9, 22) + self::mul($a7, $b8, 22) + 3332 self::mul($a8, $b7, 22) + self::mul($a9, $b6, 22) + self::mul($a10, $b5, 22) + self::mul($a11, $b4, 22); 3333 $s16 = 3334 self::mul($a5, $b11, 22) + self::mul($a6, $b10, 22) + self::mul($a7, $b9, 22) + self::mul($a8, $b8, 22) + 3335 self::mul($a9, $b7, 22) + self::mul($a10, $b6, 22) + self::mul($a11, $b5, 22); 3336 $s17 = self::mul($a6, $b11, 22) + self::mul($a7, $b10, 22) + self::mul($a8, $b9, 22) + self::mul($a9, $b8, 22) + 3337 self::mul($a10, $b7, 22) + self::mul($a11, $b6, 22); 3338 $s18 = self::mul($a7, $b11, 22) + self::mul($a8, $b10, 22) + self::mul($a9, $b9, 22) + self::mul($a10, $b8, 22) 3339 + self::mul($a11, $b7, 22); 3340 $s19 = self::mul($a8, $b11, 22) + self::mul($a9, $b10, 22) + self::mul($a10, $b9, 22) + 3341 self::mul($a11, $b8, 22); 3342 $s20 = self::mul($a9, $b11, 22) + self::mul($a10, $b10, 22) + self::mul($a11, $b9, 22); 3343 $s21 = self::mul($a10, $b11, 22) + self::mul($a11, $b10, 22); 3344 $s22 = self::mul($a11, $b11, 22); 3345 $s23 = 0; 3346 3347 // carry0 = (s0 + (int64_t) (1L << 20)) >> 21; 3348 // s1 += carry0; 3349 // s0 -= carry0 * ((uint64_t) 1L << 21); 3350 $carry0 = ($s0 + (1 << 20)) >> 21; 3351 $s1 += $carry0; 3352 $s0 -= $carry0 << 21; 3353 // carry2 = (s2 + (int64_t) (1L << 20)) >> 21; 3354 // s3 += carry2; 3355 // s2 -= carry2 * ((uint64_t) 1L << 21); 3356 $carry2 = ($s2 + (1 << 20)) >> 21; 3357 $s3 += $carry2; 3358 $s2 -= $carry2 << 21; 3359 // carry4 = (s4 + (int64_t) (1L << 20)) >> 21; 3360 // s5 += carry4; 3361 // s4 -= carry4 * ((uint64_t) 1L << 21); 3362 $carry4 = ($s4 + (1 << 20)) >> 21; 3363 $s5 += $carry4; 3364 $s4 -= $carry4 << 21; 3365 // carry6 = (s6 + (int64_t) (1L << 20)) >> 21; 3366 // s7 += carry6; 3367 // s6 -= carry6 * ((uint64_t) 1L << 21); 3368 $carry6 = ($s6 + (1 << 20)) >> 21; 3369 $s7 += $carry6; 3370 $s6 -= $carry6 << 21; 3371 // carry8 = (s8 + (int64_t) (1L << 20)) >> 21; 3372 // s9 += carry8; 3373 // s8 -= carry8 * ((uint64_t) 1L << 21); 3374 $carry8 = ($s8 + (1 << 20)) >> 21; 3375 $s9 += $carry8; 3376 $s8 -= $carry8 << 21; 3377 // carry10 = (s10 + (int64_t) (1L << 20)) >> 21; 3378 // s11 += carry10; 3379 // s10 -= carry10 * ((uint64_t) 1L << 21); 3380 $carry10 = ($s10 + (1 << 20)) >> 21; 3381 $s11 += $carry10; 3382 $s10 -= $carry10 << 21; 3383 // carry12 = (s12 + (int64_t) (1L << 20)) >> 21; 3384 // s13 += carry12; 3385 // s12 -= carry12 * ((uint64_t) 1L << 21); 3386 $carry12 = ($s12 + (1 << 20)) >> 21; 3387 $s13 += $carry12; 3388 $s12 -= $carry12 << 21; 3389 // carry14 = (s14 + (int64_t) (1L << 20)) >> 21; 3390 // s15 += carry14; 3391 // s14 -= carry14 * ((uint64_t) 1L << 21); 3392 $carry14 = ($s14 + (1 << 20)) >> 21; 3393 $s15 += $carry14; 3394 $s14 -= $carry14 << 21; 3395 // carry16 = (s16 + (int64_t) (1L << 20)) >> 21; 3396 // s17 += carry16; 3397 // s16 -= carry16 * ((uint64_t) 1L << 21); 3398 $carry16 = ($s16 + (1 << 20)) >> 21; 3399 $s17 += $carry16; 3400 $s16 -= $carry16 << 21; 3401 // carry18 = (s18 + (int64_t) (1L << 20)) >> 21; 3402 // s19 += carry18; 3403 // s18 -= carry18 * ((uint64_t) 1L << 21); 3404 $carry18 = ($s18 + (1 << 20)) >> 21; 3405 $s19 += $carry18; 3406 $s18 -= $carry18 << 21; 3407 // carry20 = (s20 + (int64_t) (1L << 20)) >> 21; 3408 // s21 += carry20; 3409 // s20 -= carry20 * ((uint64_t) 1L << 21); 3410 $carry20 = ($s20 + (1 << 20)) >> 21; 3411 $s21 += $carry20; 3412 $s20 -= $carry20 << 21; 3413 // carry22 = (s22 + (int64_t) (1L << 20)) >> 21; 3414 // s23 += carry22; 3415 // s22 -= carry22 * ((uint64_t) 1L << 21); 3416 $carry22 = ($s22 + (1 << 20)) >> 21; 3417 $s23 += $carry22; 3418 $s22 -= $carry22 << 21; 3419 3420 // carry1 = (s1 + (int64_t) (1L << 20)) >> 21; 3421 // s2 += carry1; 3422 // s1 -= carry1 * ((uint64_t) 1L << 21); 3423 $carry1 = ($s1 + (1 << 20)) >> 21; 3424 $s2 += $carry1; 3425 $s1 -= $carry1 << 21; 3426 // carry3 = (s3 + (int64_t) (1L << 20)) >> 21; 3427 // s4 += carry3; 3428 // s3 -= carry3 * ((uint64_t) 1L << 21); 3429 $carry3 = ($s3 + (1 << 20)) >> 21; 3430 $s4 += $carry3; 3431 $s3 -= $carry3 << 21; 3432 // carry5 = (s5 + (int64_t) (1L << 20)) >> 21; 3433 // s6 += carry5; 3434 // s5 -= carry5 * ((uint64_t) 1L << 21); 3435 $carry5 = ($s5 + (1 << 20)) >> 21; 3436 $s6 += $carry5; 3437 $s5 -= $carry5 << 21; 3438 // carry7 = (s7 + (int64_t) (1L << 20)) >> 21; 3439 // s8 += carry7; 3440 // s7 -= carry7 * ((uint64_t) 1L << 21); 3441 $carry7 = ($s7 + (1 << 20)) >> 21; 3442 $s8 += $carry7; 3443 $s7 -= $carry7 << 21; 3444 // carry9 = (s9 + (int64_t) (1L << 20)) >> 21; 3445 // s10 += carry9; 3446 // s9 -= carry9 * ((uint64_t) 1L << 21); 3447 $carry9 = ($s9 + (1 << 20)) >> 21; 3448 $s10 += $carry9; 3449 $s9 -= $carry9 << 21; 3450 // carry11 = (s11 + (int64_t) (1L << 20)) >> 21; 3451 // s12 += carry11; 3452 // s11 -= carry11 * ((uint64_t) 1L << 21); 3453 $carry11 = ($s11 + (1 << 20)) >> 21; 3454 $s12 += $carry11; 3455 $s11 -= $carry11 << 21; 3456 // carry13 = (s13 + (int64_t) (1L << 20)) >> 21; 3457 // s14 += carry13; 3458 // s13 -= carry13 * ((uint64_t) 1L << 21); 3459 $carry13 = ($s13 + (1 << 20)) >> 21; 3460 $s14 += $carry13; 3461 $s13 -= $carry13 << 21; 3462 // carry15 = (s15 + (int64_t) (1L << 20)) >> 21; 3463 // s16 += carry15; 3464 // s15 -= carry15 * ((uint64_t) 1L << 21); 3465 $carry15 = ($s15 + (1 << 20)) >> 21; 3466 $s16 += $carry15; 3467 $s15 -= $carry15 << 21; 3468 // carry17 = (s17 + (int64_t) (1L << 20)) >> 21; 3469 // s18 += carry17; 3470 // s17 -= carry17 * ((uint64_t) 1L << 21); 3471 $carry17 = ($s17 + (1 << 20)) >> 21; 3472 $s18 += $carry17; 3473 $s17 -= $carry17 << 21; 3474 // carry19 = (s19 + (int64_t) (1L << 20)) >> 21; 3475 // s20 += carry19; 3476 // s19 -= carry19 * ((uint64_t) 1L << 21); 3477 $carry19 = ($s19 + (1 << 20)) >> 21; 3478 $s20 += $carry19; 3479 $s19 -= $carry19 << 21; 3480 // carry21 = (s21 + (int64_t) (1L << 20)) >> 21; 3481 // s22 += carry21; 3482 // s21 -= carry21 * ((uint64_t) 1L << 21); 3483 $carry21 = ($s21 + (1 << 20)) >> 21; 3484 $s22 += $carry21; 3485 $s21 -= $carry21 << 21; 3486 3487 // s11 += s23 * 666643; 3488 // s12 += s23 * 470296; 3489 // s13 += s23 * 654183; 3490 // s14 -= s23 * 997805; 3491 // s15 += s23 * 136657; 3492 // s16 -= s23 * 683901; 3493 $s11 += self::mul($s23, 666643, 20); 3494 $s12 += self::mul($s23, 470296, 19); 3495 $s13 += self::mul($s23, 654183, 20); 3496 $s14 -= self::mul($s23, 997805, 20); 3497 $s15 += self::mul($s23, 136657, 18); 3498 $s16 -= self::mul($s23, 683901, 20); 3499 3500 // s10 += s22 * 666643; 3501 // s11 += s22 * 470296; 3502 // s12 += s22 * 654183; 3503 // s13 -= s22 * 997805; 3504 // s14 += s22 * 136657; 3505 // s15 -= s22 * 683901; 3506 $s10 += self::mul($s22, 666643, 20); 3507 $s11 += self::mul($s22, 470296, 19); 3508 $s12 += self::mul($s22, 654183, 20); 3509 $s13 -= self::mul($s22, 997805, 20); 3510 $s14 += self::mul($s22, 136657, 18); 3511 $s15 -= self::mul($s22, 683901, 20); 3512 3513 // s9 += s21 * 666643; 3514 // s10 += s21 * 470296; 3515 // s11 += s21 * 654183; 3516 // s12 -= s21 * 997805; 3517 // s13 += s21 * 136657; 3518 // s14 -= s21 * 683901; 3519 $s9 += self::mul($s21, 666643, 20); 3520 $s10 += self::mul($s21, 470296, 19); 3521 $s11 += self::mul($s21, 654183, 20); 3522 $s12 -= self::mul($s21, 997805, 20); 3523 $s13 += self::mul($s21, 136657, 18); 3524 $s14 -= self::mul($s21, 683901, 20); 3525 3526 // s8 += s20 * 666643; 3527 // s9 += s20 * 470296; 3528 // s10 += s20 * 654183; 3529 // s11 -= s20 * 997805; 3530 // s12 += s20 * 136657; 3531 // s13 -= s20 * 683901; 3532 $s8 += self::mul($s20, 666643, 20); 3533 $s9 += self::mul($s20, 470296, 19); 3534 $s10 += self::mul($s20, 654183, 20); 3535 $s11 -= self::mul($s20, 997805, 20); 3536 $s12 += self::mul($s20, 136657, 18); 3537 $s13 -= self::mul($s20, 683901, 20); 3538 3539 // s7 += s19 * 666643; 3540 // s8 += s19 * 470296; 3541 // s9 += s19 * 654183; 3542 // s10 -= s19 * 997805; 3543 // s11 += s19 * 136657; 3544 // s12 -= s19 * 683901; 3545 $s7 += self::mul($s19, 666643, 20); 3546 $s8 += self::mul($s19, 470296, 19); 3547 $s9 += self::mul($s19, 654183, 20); 3548 $s10 -= self::mul($s19, 997805, 20); 3549 $s11 += self::mul($s19, 136657, 18); 3550 $s12 -= self::mul($s19, 683901, 20); 3551 3552 // s6 += s18 * 666643; 3553 // s7 += s18 * 470296; 3554 // s8 += s18 * 654183; 3555 // s9 -= s18 * 997805; 3556 // s10 += s18 * 136657; 3557 // s11 -= s18 * 683901; 3558 $s6 += self::mul($s18, 666643, 20); 3559 $s7 += self::mul($s18, 470296, 19); 3560 $s8 += self::mul($s18, 654183, 20); 3561 $s9 -= self::mul($s18, 997805, 20); 3562 $s10 += self::mul($s18, 136657, 18); 3563 $s11 -= self::mul($s18, 683901, 20); 3564 3565 // carry6 = (s6 + (int64_t) (1L << 20)) >> 21; 3566 // s7 += carry6; 3567 // s6 -= carry6 * ((uint64_t) 1L << 21); 3568 $carry6 = ($s6 + (1 << 20)) >> 21; 3569 $s7 += $carry6; 3570 $s6 -= $carry6 << 21; 3571 // carry8 = (s8 + (int64_t) (1L << 20)) >> 21; 3572 // s9 += carry8; 3573 // s8 -= carry8 * ((uint64_t) 1L << 21); 3574 $carry8 = ($s8 + (1 << 20)) >> 21; 3575 $s9 += $carry8; 3576 $s8 -= $carry8 << 21; 3577 // carry10 = (s10 + (int64_t) (1L << 20)) >> 21; 3578 // s11 += carry10; 3579 // s10 -= carry10 * ((uint64_t) 1L << 21); 3580 $carry10 = ($s10 + (1 << 20)) >> 21; 3581 $s11 += $carry10; 3582 $s10 -= $carry10 << 21; 3583 // carry12 = (s12 + (int64_t) (1L << 20)) >> 21; 3584 // s13 += carry12; 3585 // s12 -= carry12 * ((uint64_t) 1L << 21); 3586 $carry12 = ($s12 + (1 << 20)) >> 21; 3587 $s13 += $carry12; 3588 $s12 -= $carry12 << 21; 3589 // carry14 = (s14 + (int64_t) (1L << 20)) >> 21; 3590 // s15 += carry14; 3591 // s14 -= carry14 * ((uint64_t) 1L << 21); 3592 $carry14 = ($s14 + (1 << 20)) >> 21; 3593 $s15 += $carry14; 3594 $s14 -= $carry14 << 21; 3595 // carry16 = (s16 + (int64_t) (1L << 20)) >> 21; 3596 // s17 += carry16; 3597 // s16 -= carry16 * ((uint64_t) 1L << 21); 3598 $carry16 = ($s16 + (1 << 20)) >> 21; 3599 $s17 += $carry16; 3600 $s16 -= $carry16 << 21; 3601 3602 // carry7 = (s7 + (int64_t) (1L << 20)) >> 21; 3603 // s8 += carry7; 3604 // s7 -= carry7 * ((uint64_t) 1L << 21); 3605 $carry7 = ($s7 + (1 << 20)) >> 21; 3606 $s8 += $carry7; 3607 $s7 -= $carry7 << 21; 3608 // carry9 = (s9 + (int64_t) (1L << 20)) >> 21; 3609 // s10 += carry9; 3610 // s9 -= carry9 * ((uint64_t) 1L << 21); 3611 $carry9 = ($s9 + (1 << 20)) >> 21; 3612 $s10 += $carry9; 3613 $s9 -= $carry9 << 21; 3614 // carry11 = (s11 + (int64_t) (1L << 20)) >> 21; 3615 // s12 += carry11; 3616 // s11 -= carry11 * ((uint64_t) 1L << 21); 3617 $carry11 = ($s11 + (1 << 20)) >> 21; 3618 $s12 += $carry11; 3619 $s11 -= $carry11 << 21; 3620 // carry13 = (s13 + (int64_t) (1L << 20)) >> 21; 3621 // s14 += carry13; 3622 // s13 -= carry13 * ((uint64_t) 1L << 21); 3623 $carry13 = ($s13 + (1 << 20)) >> 21; 3624 $s14 += $carry13; 3625 $s13 -= $carry13 << 21; 3626 // carry15 = (s15 + (int64_t) (1L << 20)) >> 21; 3627 // s16 += carry15; 3628 // s15 -= carry15 * ((uint64_t) 1L << 21); 3629 $carry15 = ($s15 + (1 << 20)) >> 21; 3630 $s16 += $carry15; 3631 $s15 -= $carry15 << 21; 3632 3633 // s5 += s17 * 666643; 3634 // s6 += s17 * 470296; 3635 // s7 += s17 * 654183; 3636 // s8 -= s17 * 997805; 3637 // s9 += s17 * 136657; 3638 // s10 -= s17 * 683901; 3639 $s5 += self::mul($s17, 666643, 20); 3640 $s6 += self::mul($s17, 470296, 19); 3641 $s7 += self::mul($s17, 654183, 20); 3642 $s8 -= self::mul($s17, 997805, 20); 3643 $s9 += self::mul($s17, 136657, 18); 3644 $s10 -= self::mul($s17, 683901, 20); 3645 3646 // s4 += s16 * 666643; 3647 // s5 += s16 * 470296; 3648 // s6 += s16 * 654183; 3649 // s7 -= s16 * 997805; 3650 // s8 += s16 * 136657; 3651 // s9 -= s16 * 683901; 3652 $s4 += self::mul($s16, 666643, 20); 3653 $s5 += self::mul($s16, 470296, 19); 3654 $s6 += self::mul($s16, 654183, 20); 3655 $s7 -= self::mul($s16, 997805, 20); 3656 $s8 += self::mul($s16, 136657, 18); 3657 $s9 -= self::mul($s16, 683901, 20); 3658 3659 // s3 += s15 * 666643; 3660 // s4 += s15 * 470296; 3661 // s5 += s15 * 654183; 3662 // s6 -= s15 * 997805; 3663 // s7 += s15 * 136657; 3664 // s8 -= s15 * 683901; 3665 $s3 += self::mul($s15, 666643, 20); 3666 $s4 += self::mul($s15, 470296, 19); 3667 $s5 += self::mul($s15, 654183, 20); 3668 $s6 -= self::mul($s15, 997805, 20); 3669 $s7 += self::mul($s15, 136657, 18); 3670 $s8 -= self::mul($s15, 683901, 20); 3671 3672 // s2 += s14 * 666643; 3673 // s3 += s14 * 470296; 3674 // s4 += s14 * 654183; 3675 // s5 -= s14 * 997805; 3676 // s6 += s14 * 136657; 3677 // s7 -= s14 * 683901; 3678 $s2 += self::mul($s14, 666643, 20); 3679 $s3 += self::mul($s14, 470296, 19); 3680 $s4 += self::mul($s14, 654183, 20); 3681 $s5 -= self::mul($s14, 997805, 20); 3682 $s6 += self::mul($s14, 136657, 18); 3683 $s7 -= self::mul($s14, 683901, 20); 3684 3685 // s1 += s13 * 666643; 3686 // s2 += s13 * 470296; 3687 // s3 += s13 * 654183; 3688 // s4 -= s13 * 997805; 3689 // s5 += s13 * 136657; 3690 // s6 -= s13 * 683901; 3691 $s1 += self::mul($s13, 666643, 20); 3692 $s2 += self::mul($s13, 470296, 19); 3693 $s3 += self::mul($s13, 654183, 20); 3694 $s4 -= self::mul($s13, 997805, 20); 3695 $s5 += self::mul($s13, 136657, 18); 3696 $s6 -= self::mul($s13, 683901, 20); 3697 3698 // s0 += s12 * 666643; 3699 // s1 += s12 * 470296; 3700 // s2 += s12 * 654183; 3701 // s3 -= s12 * 997805; 3702 // s4 += s12 * 136657; 3703 // s5 -= s12 * 683901; 3704 // s12 = 0; 3705 $s0 += self::mul($s12, 666643, 20); 3706 $s1 += self::mul($s12, 470296, 19); 3707 $s2 += self::mul($s12, 654183, 20); 3708 $s3 -= self::mul($s12, 997805, 20); 3709 $s4 += self::mul($s12, 136657, 18); 3710 $s5 -= self::mul($s12, 683901, 20); 3711 $s12 = 0; 3712 3713 // carry0 = (s0 + (int64_t) (1L << 20)) >> 21; 3714 // s1 += carry0; 3715 // s0 -= carry0 * ((uint64_t) 1L << 21); 3716 $carry0 = ($s0 + (1 << 20)) >> 21; 3717 $s1 += $carry0; 3718 $s0 -= $carry0 << 21; 3719 // carry2 = (s2 + (int64_t) (1L << 20)) >> 21; 3720 // s3 += carry2; 3721 // s2 -= carry2 * ((uint64_t) 1L << 21); 3722 $carry2 = ($s2 + (1 << 20)) >> 21; 3723 $s3 += $carry2; 3724 $s2 -= $carry2 << 21; 3725 // carry4 = (s4 + (int64_t) (1L << 20)) >> 21; 3726 // s5 += carry4; 3727 // s4 -= carry4 * ((uint64_t) 1L << 21); 3728 $carry4 = ($s4 + (1 << 20)) >> 21; 3729 $s5 += $carry4; 3730 $s4 -= $carry4 << 21; 3731 // carry6 = (s6 + (int64_t) (1L << 20)) >> 21; 3732 // s7 += carry6; 3733 // s6 -= carry6 * ((uint64_t) 1L << 21); 3734 $carry6 = ($s6 + (1 << 20)) >> 21; 3735 $s7 += $carry6; 3736 $s6 -= $carry6 << 21; 3737 // carry8 = (s8 + (int64_t) (1L << 20)) >> 21; 3738 // s9 += carry8; 3739 // s8 -= carry8 * ((uint64_t) 1L << 21); 3740 $carry8 = ($s8 + (1 << 20)) >> 21; 3741 $s9 += $carry8; 3742 $s8 -= $carry8 << 21; 3743 // carry10 = (s10 + (int64_t) (1L << 20)) >> 21; 3744 // s11 += carry10; 3745 // s10 -= carry10 * ((uint64_t) 1L << 21); 3746 $carry10 = ($s10 + (1 << 20)) >> 21; 3747 $s11 += $carry10; 3748 $s10 -= $carry10 << 21; 3749 3750 // carry1 = (s1 + (int64_t) (1L << 20)) >> 21; 3751 // s2 += carry1; 3752 // s1 -= carry1 * ((uint64_t) 1L << 21); 3753 $carry1 = ($s1 + (1 << 20)) >> 21; 3754 $s2 += $carry1; 3755 $s1 -= $carry1 << 21; 3756 // carry3 = (s3 + (int64_t) (1L << 20)) >> 21; 3757 // s4 += carry3; 3758 // s3 -= carry3 * ((uint64_t) 1L << 21); 3759 $carry3 = ($s3 + (1 << 20)) >> 21; 3760 $s4 += $carry3; 3761 $s3 -= $carry3 << 21; 3762 // carry5 = (s5 + (int64_t) (1L << 20)) >> 21; 3763 // s6 += carry5; 3764 // s5 -= carry5 * ((uint64_t) 1L << 21); 3765 $carry5 = ($s5 + (1 << 20)) >> 21; 3766 $s6 += $carry5; 3767 $s5 -= $carry5 << 21; 3768 // carry7 = (s7 + (int64_t) (1L << 20)) >> 21; 3769 // s8 += carry7; 3770 // s7 -= carry7 * ((uint64_t) 1L << 21); 3771 $carry7 = ($s7 + (1 << 20)) >> 21; 3772 $s8 += $carry7; 3773 $s7 -= $carry7 << 21; 3774 // carry9 = (s9 + (int64_t) (1L << 20)) >> 21; 3775 // s10 += carry9; 3776 // s9 -= carry9 * ((uint64_t) 1L << 21); 3777 $carry9 = ($s9 + (1 << 20)) >> 21; 3778 $s10 += $carry9; 3779 $s9 -= $carry9 << 21; 3780 // carry11 = (s11 + (int64_t) (1L << 20)) >> 21; 3781 // s12 += carry11; 3782 // s11 -= carry11 * ((uint64_t) 1L << 21); 3783 $carry11 = ($s11 + (1 << 20)) >> 21; 3784 $s12 += $carry11; 3785 $s11 -= $carry11 << 21; 3786 3787 // s0 += s12 * 666643; 3788 // s1 += s12 * 470296; 3789 // s2 += s12 * 654183; 3790 // s3 -= s12 * 997805; 3791 // s4 += s12 * 136657; 3792 // s5 -= s12 * 683901; 3793 // s12 = 0; 3794 $s0 += self::mul($s12, 666643, 20); 3795 $s1 += self::mul($s12, 470296, 19); 3796 $s2 += self::mul($s12, 654183, 20); 3797 $s3 -= self::mul($s12, 997805, 20); 3798 $s4 += self::mul($s12, 136657, 18); 3799 $s5 -= self::mul($s12, 683901, 20); 3800 $s12 = 0; 3801 3802 // carry0 = s0 >> 21; 3803 // s1 += carry0; 3804 // s0 -= carry0 * ((uint64_t) 1L << 21); 3805 $carry0 = $s0 >> 21; 3806 $s1 += $carry0; 3807 $s0 -= $carry0 << 21; 3808 // carry1 = s1 >> 21; 3809 // s2 += carry1; 3810 // s1 -= carry1 * ((uint64_t) 1L << 21); 3811 $carry1 = $s1 >> 21; 3812 $s2 += $carry1; 3813 $s1 -= $carry1 << 21; 3814 // carry2 = s2 >> 21; 3815 // s3 += carry2; 3816 // s2 -= carry2 * ((uint64_t) 1L << 21); 3817 $carry2 = $s2 >> 21; 3818 $s3 += $carry2; 3819 $s2 -= $carry2 << 21; 3820 // carry3 = s3 >> 21; 3821 // s4 += carry3; 3822 // s3 -= carry3 * ((uint64_t) 1L << 21); 3823 $carry3 = $s3 >> 21; 3824 $s4 += $carry3; 3825 $s3 -= $carry3 << 21; 3826 // carry4 = s4 >> 21; 3827 // s5 += carry4; 3828 // s4 -= carry4 * ((uint64_t) 1L << 21); 3829 $carry4 = $s4 >> 21; 3830 $s5 += $carry4; 3831 $s4 -= $carry4 << 21; 3832 // carry5 = s5 >> 21; 3833 // s6 += carry5; 3834 // s5 -= carry5 * ((uint64_t) 1L << 21); 3835 $carry5 = $s5 >> 21; 3836 $s6 += $carry5; 3837 $s5 -= $carry5 << 21; 3838 // carry6 = s6 >> 21; 3839 // s7 += carry6; 3840 // s6 -= carry6 * ((uint64_t) 1L << 21); 3841 $carry6 = $s6 >> 21; 3842 $s7 += $carry6; 3843 $s6 -= $carry6 << 21; 3844 // carry7 = s7 >> 21; 3845 // s8 += carry7; 3846 // s7 -= carry7 * ((uint64_t) 1L << 21); 3847 $carry7 = $s7 >> 21; 3848 $s8 += $carry7; 3849 $s7 -= $carry7 << 21; 3850 // carry8 = s8 >> 21; 3851 // s9 += carry8; 3852 // s8 -= carry8 * ((uint64_t) 1L << 21); 3853 $carry8 = $s8 >> 21; 3854 $s9 += $carry8; 3855 $s8 -= $carry8 << 21; 3856 // carry9 = s9 >> 21; 3857 // s10 += carry9; 3858 // s9 -= carry9 * ((uint64_t) 1L << 21); 3859 $carry9 = $s9 >> 21; 3860 $s10 += $carry9; 3861 $s9 -= $carry9 << 21; 3862 // carry10 = s10 >> 21; 3863 // s11 += carry10; 3864 // s10 -= carry10 * ((uint64_t) 1L << 21); 3865 $carry10 = $s10 >> 21; 3866 $s11 += $carry10; 3867 $s10 -= $carry10 << 21; 3868 // carry11 = s11 >> 21; 3869 // s12 += carry11; 3870 // s11 -= carry11 * ((uint64_t) 1L << 21); 3871 $carry11 = $s11 >> 21; 3872 $s12 += $carry11; 3873 $s11 -= $carry11 << 21; 3874 3875 // s0 += s12 * 666643; 3876 // s1 += s12 * 470296; 3877 // s2 += s12 * 654183; 3878 // s3 -= s12 * 997805; 3879 // s4 += s12 * 136657; 3880 // s5 -= s12 * 683901; 3881 $s0 += self::mul($s12, 666643, 20); 3882 $s1 += self::mul($s12, 470296, 19); 3883 $s2 += self::mul($s12, 654183, 20); 3884 $s3 -= self::mul($s12, 997805, 20); 3885 $s4 += self::mul($s12, 136657, 18); 3886 $s5 -= self::mul($s12, 683901, 20); 3887 3888 // carry0 = s0 >> 21; 3889 // s1 += carry0; 3890 // s0 -= carry0 * ((uint64_t) 1L << 21); 3891 $carry0 = $s0 >> 21; 3892 $s1 += $carry0; 3893 $s0 -= $carry0 << 21; 3894 // carry1 = s1 >> 21; 3895 // s2 += carry1; 3896 // s1 -= carry1 * ((uint64_t) 1L << 21); 3897 $carry1 = $s1 >> 21; 3898 $s2 += $carry1; 3899 $s1 -= $carry1 << 21; 3900 // carry2 = s2 >> 21; 3901 // s3 += carry2; 3902 // s2 -= carry2 * ((uint64_t) 1L << 21); 3903 $carry2 = $s2 >> 21; 3904 $s3 += $carry2; 3905 $s2 -= $carry2 << 21; 3906 // carry3 = s3 >> 21; 3907 // s4 += carry3; 3908 // s3 -= carry3 * ((uint64_t) 1L << 21); 3909 $carry3 = $s3 >> 21; 3910 $s4 += $carry3; 3911 $s3 -= $carry3 << 21; 3912 // carry4 = s4 >> 21; 3913 // s5 += carry4; 3914 // s4 -= carry4 * ((uint64_t) 1L << 21); 3915 $carry4 = $s4 >> 21; 3916 $s5 += $carry4; 3917 $s4 -= $carry4 << 21; 3918 // carry5 = s5 >> 21; 3919 // s6 += carry5; 3920 // s5 -= carry5 * ((uint64_t) 1L << 21); 3921 $carry5 = $s5 >> 21; 3922 $s6 += $carry5; 3923 $s5 -= $carry5 << 21; 3924 // carry6 = s6 >> 21; 3925 // s7 += carry6; 3926 // s6 -= carry6 * ((uint64_t) 1L << 21); 3927 $carry6 = $s6 >> 21; 3928 $s7 += $carry6; 3929 $s6 -= $carry6 << 21; 3930 // carry7 = s7 >> 21; 3931 // s8 += carry7; 3932 // s7 -= carry7 * ((uint64_t) 1L << 21); 3933 $carry7 = $s7 >> 21; 3934 $s8 += $carry7; 3935 $s7 -= $carry7 << 21; 3936 // carry8 = s8 >> 21; 3937 // s9 += carry8; 3938 // s8 -= carry8 * ((uint64_t) 1L << 21); 3939 $carry8 = $s8 >> 21; 3940 $s9 += $carry8; 3941 $s8 -= $carry8 << 21; 3942 // carry9 = s9 >> 21; 3943 // s10 += carry9; 3944 // s9 -= carry9 * ((uint64_t) 1L << 21); 3945 $carry9 = $s9 >> 21; 3946 $s10 += $carry9; 3947 $s9 -= $carry9 << 21; 3948 // carry10 = s10 >> 21; 3949 // s11 += carry10; 3950 // s10 -= carry10 * ((uint64_t) 1L << 21); 3951 $carry10 = $s10 >> 21; 3952 $s11 += $carry10; 3953 $s10 -= $carry10 << 21; 3954 3955 $s = array_fill(0, 32, 0); 3956 // s[0] = s0 >> 0; 3957 $s[0] = $s0 >> 0; 3958 // s[1] = s0 >> 8; 3959 $s[1] = $s0 >> 8; 3960 // s[2] = (s0 >> 16) | (s1 * ((uint64_t) 1 << 5)); 3961 $s[2] = ($s0 >> 16) | ($s1 << 5); 3962 // s[3] = s1 >> 3; 3963 $s[3] = $s1 >> 3; 3964 // s[4] = s1 >> 11; 3965 $s[4] = $s1 >> 11; 3966 // s[5] = (s1 >> 19) | (s2 * ((uint64_t) 1 << 2)); 3967 $s[5] = ($s1 >> 19) | ($s2 << 2); 3968 // s[6] = s2 >> 6; 3969 $s[6] = $s2 >> 6; 3970 // s[7] = (s2 >> 14) | (s3 * ((uint64_t) 1 << 7)); 3971 $s[7] = ($s2 >> 14) | ($s3 << 7); 3972 // s[8] = s3 >> 1; 3973 $s[8] = $s3 >> 1; 3974 // s[9] = s3 >> 9; 3975 $s[9] = $s3 >> 9; 3976 // s[10] = (s3 >> 17) | (s4 * ((uint64_t) 1 << 4)); 3977 $s[10] = ($s3 >> 17) | ($s4 << 4); 3978 // s[11] = s4 >> 4; 3979 $s[11] = $s4 >> 4; 3980 // s[12] = s4 >> 12; 3981 $s[12] = $s4 >> 12; 3982 // s[13] = (s4 >> 20) | (s5 * ((uint64_t) 1 << 1)); 3983 $s[13] = ($s4 >> 20) | ($s5 << 1); 3984 // s[14] = s5 >> 7; 3985 $s[14] = $s5 >> 7; 3986 // s[15] = (s5 >> 15) | (s6 * ((uint64_t) 1 << 6)); 3987 $s[15] = ($s5 >> 15) | ($s6 << 6); 3988 // s[16] = s6 >> 2; 3989 $s[16] = $s6 >> 2; 3990 // s[17] = s6 >> 10; 3991 $s[17] = $s6 >> 10; 3992 // s[18] = (s6 >> 18) | (s7 * ((uint64_t) 1 << 3)); 3993 $s[18] = ($s6 >> 18) | ($s7 << 3); 3994 // s[19] = s7 >> 5; 3995 $s[19] = $s7 >> 5; 3996 // s[20] = s7 >> 13; 3997 $s[20] = $s7 >> 13; 3998 // s[21] = s8 >> 0; 3999 $s[21] = $s8 >> 0; 4000 // s[22] = s8 >> 8; 4001 $s[22] = $s8 >> 8; 4002 // s[23] = (s8 >> 16) | (s9 * ((uint64_t) 1 << 5)); 4003 $s[23] = ($s8 >> 16) | ($s9 << 5); 4004 // s[24] = s9 >> 3; 4005 $s[24] = $s9 >> 3; 4006 // s[25] = s9 >> 11; 4007 $s[25] = $s9 >> 11; 4008 // s[26] = (s9 >> 19) | (s10 * ((uint64_t) 1 << 2)); 4009 $s[26] = ($s9 >> 19) | ($s10 << 2); 4010 // s[27] = s10 >> 6; 4011 $s[27] = $s10 >> 6; 4012 // s[28] = (s10 >> 14) | (s11 * ((uint64_t) 1 << 7)); 4013 $s[28] = ($s10 >> 14) | ($s11 << 7); 4014 // s[29] = s11 >> 1; 4015 $s[29] = $s11 >> 1; 4016 // s[30] = s11 >> 9; 4017 $s[30] = $s11 >> 9; 4018 // s[31] = s11 >> 17; 4019 $s[31] = $s11 >> 17; 4020 return self::intArrayToString($s); 4021 } 4022 4023 /** 4024 * @param string $s 4025 * @return string 4026 */ 4027 public static function sc25519_sq($s) 4028 { 4029 return self::sc25519_mul($s, $s); 4030 } 4031 4032 /** 4033 * @param string $s 4034 * @param int $n 4035 * @param string $a 4036 * @return string 4037 */ 4038 public static function sc25519_sqmul($s, $n, $a) 4039 { 4040 for ($i = 0; $i < $n; ++$i) { 4041 $s = self::sc25519_sq($s); 4042 } 4043 return self::sc25519_mul($s, $a); 4044 } 4045 4046 /** 4047 * @param string $s 4048 * @return string 4049 */ 4050 public static function sc25519_invert($s) 4051 { 4052 $_10 = self::sc25519_sq($s); 4053 $_11 = self::sc25519_mul($s, $_10); 4054 $_100 = self::sc25519_mul($s, $_11); 4055 $_1000 = self::sc25519_sq($_100); 4056 $_1010 = self::sc25519_mul($_10, $_1000); 4057 $_1011 = self::sc25519_mul($s, $_1010); 4058 $_10000 = self::sc25519_sq($_1000); 4059 $_10110 = self::sc25519_sq($_1011); 4060 $_100000 = self::sc25519_mul($_1010, $_10110); 4061 $_100110 = self::sc25519_mul($_10000, $_10110); 4062 $_1000000 = self::sc25519_sq($_100000); 4063 $_1010000 = self::sc25519_mul($_10000, $_1000000); 4064 $_1010011 = self::sc25519_mul($_11, $_1010000); 4065 $_1100011 = self::sc25519_mul($_10000, $_1010011); 4066 $_1100111 = self::sc25519_mul($_100, $_1100011); 4067 $_1101011 = self::sc25519_mul($_100, $_1100111); 4068 $_10010011 = self::sc25519_mul($_1000000, $_1010011); 4069 $_10010111 = self::sc25519_mul($_100, $_10010011); 4070 $_10111101 = self::sc25519_mul($_100110, $_10010111); 4071 $_11010011 = self::sc25519_mul($_10110, $_10111101); 4072 $_11100111 = self::sc25519_mul($_1010000, $_10010111); 4073 $_11101011 = self::sc25519_mul($_100, $_11100111); 4074 $_11110101 = self::sc25519_mul($_1010, $_11101011); 4075 4076 $recip = self::sc25519_mul($_1011, $_11110101); 4077 $recip = self::sc25519_sqmul($recip, 126, $_1010011); 4078 $recip = self::sc25519_sqmul($recip, 9, $_10); 4079 $recip = self::sc25519_mul($recip, $_11110101); 4080 $recip = self::sc25519_sqmul($recip, 7, $_1100111); 4081 $recip = self::sc25519_sqmul($recip, 9, $_11110101); 4082 $recip = self::sc25519_sqmul($recip, 11, $_10111101); 4083 $recip = self::sc25519_sqmul($recip, 8, $_11100111); 4084 $recip = self::sc25519_sqmul($recip, 9, $_1101011); 4085 $recip = self::sc25519_sqmul($recip, 6, $_1011); 4086 $recip = self::sc25519_sqmul($recip, 14, $_10010011); 4087 $recip = self::sc25519_sqmul($recip, 10, $_1100011); 4088 $recip = self::sc25519_sqmul($recip, 9, $_10010111); 4089 $recip = self::sc25519_sqmul($recip, 10, $_11110101); 4090 $recip = self::sc25519_sqmul($recip, 8, $_11010011); 4091 return self::sc25519_sqmul($recip, 8, $_11101011); 4092 } 4093 4094 /** 4095 * @param string $s 4096 * @return string 4097 */ 4098 public static function clamp($s) 4099 { 4100 $s_ = self::stringToIntArray($s); 4101 $s_[0] &= 248; 4102 $s_[31] |= 64; 4103 $s_[31] &= 128; 4104 return self::intArrayToString($s_); 4105 } 3002 4106 } -
trunk/src/wp-includes/sodium_compat/src/Core/Curve25519/H.php
r46586 r51002 1465 1465 11406482 1466 1466 ); 1467 1468 /** 1469 * 1 / sqrt(a - d) 1470 * 1471 * @var array<int, int> 1472 */ 1473 protected static $invsqrtamd = array( 1474 6111485, 1475 4156064, 1476 -27798727, 1477 12243468, 1478 -25904040, 1479 120897, 1480 20826367, 1481 -7060776, 1482 6093568, 1483 -1986012 1484 ); 1485 1486 /** 1487 * sqrt(ad - 1) with a = -1 (mod p) 1488 * 1489 * @var array<int, int> 1490 */ 1491 protected static $sqrtadm1 = array( 1492 24849947, 1493 -153582, 1494 -23613485, 1495 6347715, 1496 -21072328, 1497 -667138, 1498 -25271143, 1499 -15367704, 1500 -870347, 1501 14525639 1502 ); 1503 1504 /** 1505 * 1 - d ^ 2 1506 * 1507 * @var array<int, int> 1508 */ 1509 protected static $onemsqd = array( 1510 6275446, 1511 -16617371, 1512 -22938544, 1513 -3773710, 1514 11667077, 1515 7397348, 1516 -27922721, 1517 1766195, 1518 -24433858, 1519 672203 1520 ); 1521 1522 /** 1523 * (d - 1) ^ 2 1524 * @var array<int, int> 1525 */ 1526 protected static $sqdmone = array( 1527 15551795, 1528 -11097455, 1529 -13425098, 1530 -10125071, 1531 -11896535, 1532 10178284, 1533 -26634327, 1534 4729244, 1535 -5282110, 1536 -10116402 1537 ); 1538 1539 1540 /* 1541 * 2^252+27742317777372353535851937790883648493 1542 static const unsigned char L[] = { 1543 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 1544 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1545 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 1546 }; 1547 */ 1548 const L = "\xed\xd3\xf5\x5c\x1a\x63\x12\x58\xd6\x9c\xf7\xa2\xde\xf9\xde\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10"; 1467 1549 } -
trunk/src/wp-includes/sodium_compat/src/Core/Ed25519.php
r48121 r51002 12 12 const KEYPAIR_BYTES = 96; 13 13 const SEED_BYTES = 32; 14 const SCALAR_BYTES = 32; 14 15 15 16 /** … … 478 479 return false; 479 480 } 481 482 /** 483 * @param string $s 484 * @return string 485 * @throws SodiumException 486 */ 487 public static function scalar_complement($s) 488 { 489 $t_ = self::L . str_repeat("\x00", 32); 490 sodium_increment($t_); 491 $s_ = $s . str_repeat("\x00", 32); 492 ParagonIE_Sodium_Compat::sub($t_, $s_); 493 return self::sc_reduce($t_); 494 } 495 496 /** 497 * @return string 498 * @throws SodiumException 499 */ 500 public static function scalar_random() 501 { 502 do { 503 $r = ParagonIE_Sodium_Compat::randombytes_buf(self::SCALAR_BYTES); 504 $r[self::SCALAR_BYTES - 1] = self::intToChr( 505 self::chrToInt($r[self::SCALAR_BYTES - 1]) & 0x1f 506 ); 507 } while ( 508 !self::check_S_lt_L($r) || ParagonIE_Sodium_Compat::is_zero($r) 509 ); 510 return $r; 511 } 512 513 /** 514 * @param string $s 515 * @return string 516 * @throws SodiumException 517 */ 518 public static function scalar_negate($s) 519 { 520 $t_ = self::L . str_repeat("\x00", 32) ; 521 $s_ = $s . str_repeat("\x00", 32) ; 522 ParagonIE_Sodium_Compat::sub($t_, $s_); 523 return self::sc_reduce($t_); 524 } 525 526 /** 527 * @param string $a 528 * @param string $b 529 * @return string 530 * @throws SodiumException 531 */ 532 public static function scalar_add($a, $b) 533 { 534 $a_ = $a . str_repeat("\x00", 32); 535 $b_ = $b . str_repeat("\x00", 32); 536 ParagonIE_Sodium_Compat::add($a_, $b_); 537 return self::sc_reduce($a_); 538 } 539 540 /** 541 * @param string $x 542 * @param string $y 543 * @return string 544 * @throws SodiumException 545 */ 546 public static function scalar_sub($x, $y) 547 { 548 $yn = self::scalar_negate($y); 549 return self::scalar_add($x, $yn); 550 } 480 551 } -
trunk/src/wp-includes/sodium_compat/src/Core/SipHash.php
r49741 r51002 15 15 * @internal You should not use this directly from another application 16 16 * 17 * @param array<array-key, int>$v18 * @return array<array-key, int>17 * @param int[] $v 18 * @return int[] 19 19 * 20 20 */ -
trunk/src/wp-includes/sodium_compat/src/Core/Util.php
r49741 r51002 288 288 289 289 /** 290 * Catch hash_update() failures and throw instead of silently proceding 291 * 292 * @param HashContext|resource &$hs 293 * @param string $data 294 * @return void 295 * @throws SodiumException 296 * @psalm-suppress PossiblyInvalidArgument 297 */ 298 protected static function hash_update(&$hs, $data) 299 { 300 if (!hash_update($hs, $data)) { 301 throw new SodiumException('hash_update() failed'); 302 } 303 } 304 305 /** 290 306 * Convert a hexadecimal string into a binary string without cache-timing 291 307 * leaks -
trunk/src/wp-includes/sodium_compat/src/Core32/BLAKE2b.php
r46858 r51002 578 578 * @param string $str 579 579 * @return SplFixedArray 580 * @psalm-suppress MixedArgumentTypeCoercion 580 581 */ 581 582 public static function stringToSplFixedArray($str = '') -
trunk/src/wp-includes/sodium_compat/src/Core32/Ed25519.php
r48121 r51002 208 208 * @throws SodiumException 209 209 * @throws TypeError 210 * @psalm-suppress PossiblyInvalidArgument 210 211 */ 211 212 public static function sign_detached($message, $sk) … … 225 226 # crypto_hash_sha512_final(&hs, nonce); 226 227 $hs = hash_init('sha512'); 227 hash_update($hs, self::substr($az, 32, 32));228 hash_update($hs, $message);228 self::hash_update($hs, self::substr($az, 32, 32)); 229 self::hash_update($hs, $message); 229 230 $nonceHash = hash_final($hs, true); 230 231 … … 245 246 # crypto_hash_sha512_final(&hs, hram); 246 247 $hs = hash_init('sha512'); 247 hash_update($hs, self::substr($sig, 0, 32));248 hash_update($hs, self::substr($pk, 0, 32));249 hash_update($hs, $message);248 self::hash_update($hs, self::substr($sig, 0, 32)); 249 self::hash_update($hs, self::substr($pk, 0, 32)); 250 self::hash_update($hs, $message); 250 251 $hramHash = hash_final($hs, true); 251 252 -
trunk/src/wp-includes/sodium_compat/src/File.php
r49741 r51002 598 598 599 599 $hs = hash_init('sha512'); 600 hash_update($hs, self::substr($az, 32, 32));600 self::hash_update($hs, self::substr($az, 32, 32)); 601 601 /** @var resource $hs */ 602 602 $hs = self::updateHashWithFile($hs, $fp, $size); … … 617 617 618 618 $hs = hash_init('sha512'); 619 hash_update($hs, self::substr($sig, 0, 32));620 hash_update($hs, self::substr($pk, 0, 32));619 self::hash_update($hs, self::substr($sig, 0, 32)); 620 self::hash_update($hs, self::substr($pk, 0, 32)); 621 621 /** @var resource $hs */ 622 622 $hs = self::updateHashWithFile($hs, $fp, $size); … … 729 729 730 730 $hs = hash_init('sha512'); 731 hash_update($hs, self::substr($sig, 0, 32));732 hash_update($hs, self::substr($publicKey, 0, 32));731 self::hash_update($hs, self::substr($sig, 0, 32)); 732 self::hash_update($hs, self::substr($publicKey, 0, 32)); 733 733 /** @var resource $hs */ 734 734 $hs = self::updateHashWithFile($hs, $fp, $size); … … 1084 1084 * loading the entire file into memory. 1085 1085 * 1086 * @param resource| object $hash1086 * @param resource|HashContext $hash 1087 1087 * @param resource $fp 1088 1088 * @param int $size … … 1134 1134 /** @var string $message */ 1135 1135 /** @psalm-suppress InvalidArgument */ 1136 hash_update($hash, $message);1136 self::hash_update($hash, $message); 1137 1137 } 1138 1138 // Reset file pointer's position … … 1176 1176 1177 1177 $hs = hash_init('sha512'); 1178 hash_update($hs, self::substr($az, 32, 32));1178 self::hash_update($hs, self::substr($az, 32, 32)); 1179 1179 /** @var resource $hs */ 1180 1180 $hs = self::updateHashWithFile($hs, $fp, $size); … … 1195 1195 1196 1196 $hs = hash_init('sha512'); 1197 hash_update($hs, self::substr($sig, 0, 32));1198 hash_update($hs, self::substr($pk, 0, 32));1197 self::hash_update($hs, self::substr($sig, 0, 32)); 1198 self::hash_update($hs, self::substr($pk, 0, 32)); 1199 1199 /** @var resource $hs */ 1200 1200 $hs = self::updateHashWithFile($hs, $fp, $size); … … 1279 1279 1280 1280 $hs = hash_init('sha512'); 1281 hash_update($hs, self::substr($sig, 0, 32));1282 hash_update($hs, self::substr($publicKey, 0, 32));1281 self::hash_update($hs, self::substr($sig, 0, 32)); 1282 self::hash_update($hs, self::substr($publicKey, 0, 32)); 1283 1283 /** @var resource $hs */ 1284 1284 $hs = self::updateHashWithFile($hs, $fp, $size); … … 1528 1528 $pos = self::ftell($ifp); 1529 1529 1530 /** @var int $iter */1531 $iter = 1;1532 1533 /** @var int $incr */1534 $incr = self::BUFFER_SIZE >> 6;1535 1536 1530 while ($mlen > 0) { 1537 1531 $blockSize = $mlen > self::BUFFER_SIZE … … 1544 1538 $state->update($ciphertext); 1545 1539 $mlen -= $blockSize; 1546 $iter += $incr;1547 1540 } 1548 1541 $res = ParagonIE_Sodium_Core32_Util::verify_16($tag, $state->finish());
Note: See TracChangeset
for help on using the changeset viewer.