 Timestamp:
 05/25/2021 01:54:12 PM (3 years ago)
 File:

 1 edited
Legend:
 Unmodified
 Added
 Removed

trunk/src/wpincludes/sodium_compat/src/Core/Curve25519.php
r46586 r51002 87 87 $b *= 1; 88 88 for ($i = 0; $i < 10; ++$i) { 89 /** @var int $x */90 89 $x = (($f[$i] ^ $g[$i]) & $b); 91 $h[$i] = ( int) ((int) ($f[$i]) ^ $x);90 $h[$i] = ($f[$i]) ^ $x; 92 91 } 93 92 return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray($h); … … 702 701 $f0f0 = self::mul($f0, $f0, 25); 703 702 $f0f1_2 = self::mul($f0_2, $f1, 24); 704 $f0f2_2 = self::mul($f0_2, $f2, 2 5);703 $f0f2_2 = self::mul($f0_2, $f2, 26); 705 704 $f0f3_2 = self::mul($f0_2, $f3, 24); 706 705 $f0f4_2 = self::mul($f0_2, $f4, 25); … … 711 710 $f0f9_2 = self::mul($f0_2, $f9, 25); 712 711 $f1f1_2 = self::mul($f1_2, $f1, 24); 713 $f1f2_2 = self::mul($f1_2, $f2, 2 5);712 $f1f2_2 = self::mul($f1_2, $f2, 26); 714 713 $f1f3_4 = self::mul($f1_2, $f3_2, 25); 715 714 $f1f4_2 = self::mul($f1_2, $f4, 25); … … 719 718 $f1f8_2 = self::mul($f1_2, $f8, 25); 720 719 $f1f9_76 = self::mul($f9_38, $f1_2, 25); 721 $f2f2 = self::mul($f2, $f2, 2 5);720 $f2f2 = self::mul($f2, $f2, 26); 722 721 $f2f3_2 = self::mul($f2_2, $f3, 24); 723 722 $f2f4_2 = self::mul($f2_2, $f4, 25); 724 723 $f2f5_2 = self::mul($f2_2, $f5, 25); 725 724 $f2f6_2 = self::mul($f2_2, $f6, 25); 726 $f2f7_2 = self::mul($f2_2, $f7, 2 4);727 $f2f8_38 = self::mul($f8_19, $f2_2, 2 6);728 $f2f9_38 = self::mul($f9_38, $f2, 2 5);729 $f3f3_2 = self::mul($f3_2, $f3, 2 4);725 $f2f7_2 = self::mul($f2_2, $f7, 25); 726 $f2f8_38 = self::mul($f8_19, $f2_2, 27); 727 $f2f9_38 = self::mul($f9_38, $f2, 26); 728 $f3f3_2 = self::mul($f3_2, $f3, 25); 730 729 $f3f4_2 = self::mul($f3_2, $f4, 25); 731 730 $f3f5_4 = self::mul($f3_2, $f5_2, 26); … … 1586 1585 { 1587 1586 return new ParagonIE_Sodium_Core_Curve25519_Ge_P2( 1588 $p>X,1589 $p>Y,1590 $p>Z1587 self::fe_copy($p>X), 1588 self::fe_copy($p>Y), 1589 self::fe_copy($p>Z) 1591 1590 ); 1592 1591 } … … 1645 1644 public static function equal($b, $c) 1646 1645 { 1647 return (int) ((($b ^ $c)  1 & 0xffffffff) >> 31);1646 return (int) ((($b ^ $c)  1) >> 31) & 1; 1648 1647 } 1649 1648 … … 1659 1658 { 1660 1659 if (is_int($char)) { 1661 return $char < 0 ? 1 : 0;1660 return ($char >> 63) & 1; 1662 1661 } 1663 1662 $x = self::chrToInt(self::substr($char, 0, 1)); … … 1684 1683 } 1685 1684 return new ParagonIE_Sodium_Core_Curve25519_Ge_Precomp( 1686 self::fe_cmov($t>yplusx, $u>yplusx,$b),1685 self::fe_cmov($t>yplusx, $u>yplusx, $b), 1687 1686 self::fe_cmov($t>yminusx, $u>yminusx, $b), 1688 self::fe_cmov($t>xy2d, $u>xy2d,$b)1687 self::fe_cmov($t>xy2d, $u>xy2d, $b) 1689 1688 ); 1689 } 1690 1691 /** 1692 * @param ParagonIE_Sodium_Core_Curve25519_Ge_Cached $t 1693 * @param ParagonIE_Sodium_Core_Curve25519_Ge_Cached $u 1694 * @param int $b 1695 * @return ParagonIE_Sodium_Core_Curve25519_Ge_Cached 1696 */ 1697 public static function ge_cmov_cached( 1698 ParagonIE_Sodium_Core_Curve25519_Ge_Cached $t, 1699 ParagonIE_Sodium_Core_Curve25519_Ge_Cached $u, 1700 $b 1701 ) { 1702 $b &= 1; 1703 $ret = new ParagonIE_Sodium_Core_Curve25519_Ge_Cached(); 1704 $ret>YplusX = self::fe_cmov($t>YplusX, $u>YplusX, $b); 1705 $ret>YminusX = self::fe_cmov($t>YminusX, $u>YminusX, $b); 1706 $ret>Z = self::fe_cmov($t>Z, $u>Z, $b); 1707 $ret>T2d = self::fe_cmov($t>T2d, $u>T2d, $b); 1708 return $ret; 1709 } 1710 1711 /** 1712 * @param ParagonIE_Sodium_Core_Curve25519_Ge_Cached[] $cached 1713 * @param int $b 1714 * @return ParagonIE_Sodium_Core_Curve25519_Ge_Cached 1715 * @throws SodiumException 1716 */ 1717 public static function ge_cmov8_cached(array $cached, $b) 1718 { 1719 // const unsigned char bnegative = negative(b); 1720 // const unsigned char babs = b  (((bnegative) & b) * ((signed char) 1 << 1)); 1721 $bnegative = self::negative($b); 1722 $babs = $b  ((($bnegative) & $b) << 1); 1723 1724 // ge25519_cached_0(t); 1725 $t = new ParagonIE_Sodium_Core_Curve25519_Ge_Cached( 1726 self::fe_1(), 1727 self::fe_1(), 1728 self::fe_1(), 1729 self::fe_0() 1730 ); 1731 1732 // ge25519_cmov_cached(t, &cached[0], equal(babs, 1)); 1733 // ge25519_cmov_cached(t, &cached[1], equal(babs, 2)); 1734 // ge25519_cmov_cached(t, &cached[2], equal(babs, 3)); 1735 // ge25519_cmov_cached(t, &cached[3], equal(babs, 4)); 1736 // ge25519_cmov_cached(t, &cached[4], equal(babs, 5)); 1737 // ge25519_cmov_cached(t, &cached[5], equal(babs, 6)); 1738 // ge25519_cmov_cached(t, &cached[6], equal(babs, 7)); 1739 // ge25519_cmov_cached(t, &cached[7], equal(babs, 8)); 1740 for ($x = 0; $x < 8; ++$x) { 1741 $t = self::ge_cmov_cached($t, $cached[$x], self::equal($babs, $x + 1)); 1742 } 1743 1744 // fe25519_copy(minust.YplusX, t>YminusX); 1745 // fe25519_copy(minust.YminusX, t>YplusX); 1746 // fe25519_copy(minust.Z, t>Z); 1747 // fe25519_neg(minust.T2d, t>T2d); 1748 $minust = new ParagonIE_Sodium_Core_Curve25519_Ge_Cached( 1749 self::fe_copy($t>YminusX), 1750 self::fe_copy($t>YplusX), 1751 self::fe_copy($t>Z), 1752 self::fe_neg($t>T2d) 1753 ); 1754 return self::ge_cmov_cached($t, $minust, $bnegative); 1690 1755 } 1691 1756 … … 1924 1989 } 1925 1990 return $r; 1991 } 1992 1993 /** 1994 * @internal You should not use this directly from another application 1995 * 1996 * @param string $a 1997 * @param ParagonIE_Sodium_Core_Curve25519_Ge_P3 $p 1998 * @return ParagonIE_Sodium_Core_Curve25519_Ge_P3 1999 * @throws SodiumException 2000 * @throws TypeError 2001 * @psalmsuppress MixedAssignment 2002 * @psalmsuppress MixedOperand 2003 */ 2004 public static function ge_scalarmult($a, $p) 2005 { 2006 $e = array_fill(0, 64, 0); 2007 2008 /** @var ParagonIE_Sodium_Core_Curve25519_Ge_Cached[] $pi */ 2009 $pi = array(); 2010 2011 // ge25519_p3_to_cached(&pi[1  1], p); /* p */ 2012 $pi[0] = self::ge_p3_to_cached($p); 2013 2014 // ge25519_p3_dbl(&t2, p); 2015 // ge25519_p1p1_to_p3(&p2, &t2); 2016 // ge25519_p3_to_cached(&pi[2  1], &p2); /* 2p = 2*p */ 2017 $t2 = self::ge_p3_dbl($p); 2018 $p2 = self::ge_p1p1_to_p3($t2); 2019 $pi[1] = self::ge_p3_to_cached($p2); 2020 2021 // ge25519_add_cached(&t3, p, &pi[2  1]); 2022 // ge25519_p1p1_to_p3(&p3, &t3); 2023 // ge25519_p3_to_cached(&pi[3  1], &p3); /* 3p = 2p+p */ 2024 $t3 = self::ge_add($p, $pi[1]); 2025 $p3 = self::ge_p1p1_to_p3($t3); 2026 $pi[2] = self::ge_p3_to_cached($p3); 2027 2028 // ge25519_p3_dbl(&t4, &p2); 2029 // ge25519_p1p1_to_p3(&p4, &t4); 2030 // ge25519_p3_to_cached(&pi[4  1], &p4); /* 4p = 2*2p */ 2031 $t4 = self::ge_p3_dbl($p2); 2032 $p4 = self::ge_p1p1_to_p3($t4); 2033 $pi[3] = self::ge_p3_to_cached($p4); 2034 2035 // ge25519_add_cached(&t5, p, &pi[4  1]); 2036 // ge25519_p1p1_to_p3(&p5, &t5); 2037 // ge25519_p3_to_cached(&pi[5  1], &p5); /* 5p = 4p+p */ 2038 $t5 = self::ge_add($p, $pi[3]); 2039 $p5 = self::ge_p1p1_to_p3($t5); 2040 $pi[4] = self::ge_p3_to_cached($p5); 2041 2042 // ge25519_p3_dbl(&t6, &p3); 2043 // ge25519_p1p1_to_p3(&p6, &t6); 2044 // ge25519_p3_to_cached(&pi[6  1], &p6); /* 6p = 2*3p */ 2045 $t6 = self::ge_p3_dbl($p3); 2046 $p6 = self::ge_p1p1_to_p3($t6); 2047 $pi[5] = self::ge_p3_to_cached($p6); 2048 2049 // ge25519_add_cached(&t7, p, &pi[6  1]); 2050 // ge25519_p1p1_to_p3(&p7, &t7); 2051 // ge25519_p3_to_cached(&pi[7  1], &p7); /* 7p = 6p+p */ 2052 $t7 = self::ge_add($p, $pi[5]); 2053 $p7 = self::ge_p1p1_to_p3($t7); 2054 $pi[6] = self::ge_p3_to_cached($p7); 2055 2056 // ge25519_p3_dbl(&t8, &p4); 2057 // ge25519_p1p1_to_p3(&p8, &t8); 2058 // ge25519_p3_to_cached(&pi[8  1], &p8); /* 8p = 2*4p */ 2059 $t8 = self::ge_p3_dbl($p4); 2060 $p8 = self::ge_p1p1_to_p3($t8); 2061 $pi[7] = self::ge_p3_to_cached($p8); 2062 2063 2064 // for (i = 0; i < 32; ++i) { 2065 // e[2 * i + 0] = (a[i] >> 0) & 15; 2066 // e[2 * i + 1] = (a[i] >> 4) & 15; 2067 // } 2068 for ($i = 0; $i < 32; ++$i) { 2069 $e[($i << 1) ] = self::chrToInt($a[$i]) & 15; 2070 $e[($i << 1) + 1] = (self::chrToInt($a[$i]) >> 4) & 15; 2071 } 2072 // /* each e[i] is between 0 and 15 */ 2073 // /* e[63] is between 0 and 7 */ 2074 2075 // carry = 0; 2076 // for (i = 0; i < 63; ++i) { 2077 // e[i] += carry; 2078 // carry = e[i] + 8; 2079 // carry >>= 4; 2080 // e[i] = carry * ((signed char) 1 << 4); 2081 // } 2082 $carry = 0; 2083 for ($i = 0; $i < 64; ++$i) { 2084 $e[$i] += $carry; 2085 $carry = $e[$i] + 8; 2086 $carry >>= 4; 2087 $e[$i] = $carry << 4; 2088 } 2089 // e[63] += carry; 2090 // /* each e[i] is between 8 and 8 */ 2091 $e[63] += $carry; 2092 2093 // ge25519_p3_0(h); 2094 $h = self::ge_p3_0(); 2095 2096 // for (i = 63; i != 0; i) { 2097 for ($i = 63; $i != 0; $i) { 2098 // ge25519_cmov8_cached(&t, pi, e[i]); 2099 $t = self::ge_cmov8_cached($pi, $e[$i]); 2100 // ge25519_add_cached(&r, h, &t); 2101 $r = self::ge_add($h, $t); 2102 2103 // ge25519_p1p1_to_p2(&s, &r); 2104 // ge25519_p2_dbl(&r, &s); 2105 // ge25519_p1p1_to_p2(&s, &r); 2106 // ge25519_p2_dbl(&r, &s); 2107 // ge25519_p1p1_to_p2(&s, &r); 2108 // ge25519_p2_dbl(&r, &s); 2109 // ge25519_p1p1_to_p2(&s, &r); 2110 // ge25519_p2_dbl(&r, &s); 2111 $s = self::ge_p1p1_to_p2($r); 2112 $r = self::ge_p2_dbl($s); 2113 $s = self::ge_p1p1_to_p2($r); 2114 $r = self::ge_p2_dbl($s); 2115 $s = self::ge_p1p1_to_p2($r); 2116 $r = self::ge_p2_dbl($s); 2117 $s = self::ge_p1p1_to_p2($r); 2118 $r = self::ge_p2_dbl($s); 2119 2120 // ge25519_p1p1_to_p3(h, &r); /* *16 */ 2121 $h = self::ge_p1p1_to_p3($r); /* *16 */ 2122 } 2123 2124 // ge25519_cmov8_cached(&t, pi, e[i]); 2125 // ge25519_add_cached(&r, h, &t); 2126 // ge25519_p1p1_to_p3(h, &r); 2127 $t = self::ge_cmov8_cached($pi, $e[0]); 2128 $r = self::ge_add($h, $t); 2129 return self::ge_p1p1_to_p3($r); 1926 2130 } 1927 2131 … … 3000 3204 return self::ge_p1p1_to_p3($t); 3001 3205 } 3206 3207 /** 3208 * @param string $a 3209 * @param string $b 3210 * @return string 3211 */ 3212 public static function sc25519_mul($a, $b) 3213 { 3214 // int64_t a0 = 2097151 & load_3(a); 3215 // int64_t a1 = 2097151 & (load_4(a + 2) >> 5); 3216 // int64_t a2 = 2097151 & (load_3(a + 5) >> 2); 3217 // int64_t a3 = 2097151 & (load_4(a + 7) >> 7); 3218 // int64_t a4 = 2097151 & (load_4(a + 10) >> 4); 3219 // int64_t a5 = 2097151 & (load_3(a + 13) >> 1); 3220 // int64_t a6 = 2097151 & (load_4(a + 15) >> 6); 3221 // int64_t a7 = 2097151 & (load_3(a + 18) >> 3); 3222 // int64_t a8 = 2097151 & load_3(a + 21); 3223 // int64_t a9 = 2097151 & (load_4(a + 23) >> 5); 3224 // int64_t a10 = 2097151 & (load_3(a + 26) >> 2); 3225 // int64_t a11 = (load_4(a + 28) >> 7); 3226 $a0 = 2097151 & self::load_3(self::substr($a, 0, 3)); 3227 $a1 = 2097151 & (self::load_4(self::substr($a, 2, 4)) >> 5); 3228 $a2 = 2097151 & (self::load_3(self::substr($a, 5, 3)) >> 2); 3229 $a3 = 2097151 & (self::load_4(self::substr($a, 7, 4)) >> 7); 3230 $a4 = 2097151 & (self::load_4(self::substr($a, 10, 4)) >> 4); 3231 $a5 = 2097151 & (self::load_3(self::substr($a, 13, 3)) >> 1); 3232 $a6 = 2097151 & (self::load_4(self::substr($a, 15, 4)) >> 6); 3233 $a7 = 2097151 & (self::load_3(self::substr($a, 18, 3)) >> 3); 3234 $a8 = 2097151 & self::load_3(self::substr($a, 21, 3)); 3235 $a9 = 2097151 & (self::load_4(self::substr($a, 23, 4)) >> 5); 3236 $a10 = 2097151 & (self::load_3(self::substr($a, 26, 3)) >> 2); 3237 $a11 = (self::load_4(self::substr($a, 28, 4)) >> 7); 3238 3239 // int64_t b0 = 2097151 & load_3(b); 3240 // int64_t b1 = 2097151 & (load_4(b + 2) >> 5); 3241 // int64_t b2 = 2097151 & (load_3(b + 5) >> 2); 3242 // int64_t b3 = 2097151 & (load_4(b + 7) >> 7); 3243 // int64_t b4 = 2097151 & (load_4(b + 10) >> 4); 3244 // int64_t b5 = 2097151 & (load_3(b + 13) >> 1); 3245 // int64_t b6 = 2097151 & (load_4(b + 15) >> 6); 3246 // int64_t b7 = 2097151 & (load_3(b + 18) >> 3); 3247 // int64_t b8 = 2097151 & load_3(b + 21); 3248 // int64_t b9 = 2097151 & (load_4(b + 23) >> 5); 3249 // int64_t b10 = 2097151 & (load_3(b + 26) >> 2); 3250 // int64_t b11 = (load_4(b + 28) >> 7); 3251 $b0 = 2097151 & self::load_3(self::substr($b, 0, 3)); 3252 $b1 = 2097151 & (self::load_4(self::substr($b, 2, 4)) >> 5); 3253 $b2 = 2097151 & (self::load_3(self::substr($b, 5, 3)) >> 2); 3254 $b3 = 2097151 & (self::load_4(self::substr($b, 7, 4)) >> 7); 3255 $b4 = 2097151 & (self::load_4(self::substr($b, 10, 4)) >> 4); 3256 $b5 = 2097151 & (self::load_3(self::substr($b, 13, 3)) >> 1); 3257 $b6 = 2097151 & (self::load_4(self::substr($b, 15, 4)) >> 6); 3258 $b7 = 2097151 & (self::load_3(self::substr($b, 18, 3)) >> 3); 3259 $b8 = 2097151 & self::load_3(self::substr($b, 21, 3)); 3260 $b9 = 2097151 & (self::load_4(self::substr($b, 23, 4)) >> 5); 3261 $b10 = 2097151 & (self::load_3(self::substr($b, 26, 3)) >> 2); 3262 $b11 = (self::load_4(self::substr($b, 28, 4)) >> 7); 3263 3264 // s0 = a0 * b0; 3265 // s1 = a0 * b1 + a1 * b0; 3266 // s2 = a0 * b2 + a1 * b1 + a2 * b0; 3267 // s3 = a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; 3268 // s4 = a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; 3269 // s5 = a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; 3270 // s6 = a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; 3271 // s7 = a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + 3272 // a6 * b1 + a7 * b0; 3273 // s8 = a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + 3274 // a6 * b2 + a7 * b1 + a8 * b0; 3275 // s9 = a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + 3276 // a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; 3277 // s10 = a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + 3278 // a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; 3279 // s11 = a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + 3280 // a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; 3281 // s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + 3282 // a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; 3283 // s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + 3284 // a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2; 3285 // s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + 3286 // a9 * b5 + a10 * b4 + a11 * b3; 3287 // s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + 3288 // a10 * b5 + a11 * b4; 3289 // s16 = 3290 // a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; 3291 // s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; 3292 // s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; 3293 // s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; 3294 // s20 = a9 * b11 + a10 * b10 + a11 * b9; 3295 // s21 = a10 * b11 + a11 * b10; 3296 // s22 = a11 * b11; 3297 // s23 = 0; 3298 $s0 = self::mul($a0, $b0, 22); 3299 $s1 = self::mul($a0, $b1, 22) + self::mul($a1, $b0, 22); 3300 $s2 = self::mul($a0, $b2, 22) + self::mul($a1, $b1, 22) + self::mul($a2, $b0, 22); 3301 $s3 = self::mul($a0, $b3, 22) + self::mul($a1, $b2, 22) + self::mul($a2, $b1, 22) + self::mul($a3, $b0, 22); 3302 $s4 = self::mul($a0, $b4, 22) + self::mul($a1, $b3, 22) + self::mul($a2, $b2, 22) + self::mul($a3, $b1, 22) + 3303 self::mul($a4, $b0, 22); 3304 $s5 = self::mul($a0, $b5, 22) + self::mul($a1, $b4, 22) + self::mul($a2, $b3, 22) + self::mul($a3, $b2, 22) + 3305 self::mul($a4, $b1, 22) + self::mul($a5, $b0, 22); 3306 $s6 = self::mul($a0, $b6, 22) + self::mul($a1, $b5, 22) + self::mul($a2, $b4, 22) + self::mul($a3, $b3, 22) + 3307 self::mul($a4, $b2, 22) + self::mul($a5, $b1, 22) + self::mul($a6, $b0, 22); 3308 $s7 = self::mul($a0, $b7, 22) + self::mul($a1, $b6, 22) + self::mul($a2, $b5, 22) + self::mul($a3, $b4, 22) + 3309 self::mul($a4, $b3, 22) + self::mul($a5, $b2, 22) + self::mul($a6, $b1, 22) + self::mul($a7, $b0, 22); 3310 $s8 = self::mul($a0, $b8, 22) + self::mul($a1, $b7, 22) + self::mul($a2, $b6, 22) + self::mul($a3, $b5, 22) + 3311 self::mul($a4, $b4, 22) + self::mul($a5, $b3, 22) + self::mul($a6, $b2, 22) + self::mul($a7, $b1, 22) + 3312 self::mul($a8, $b0, 22); 3313 $s9 = self::mul($a0, $b9, 22) + self::mul($a1, $b8, 22) + self::mul($a2, $b7, 22) + self::mul($a3, $b6, 22) + 3314 self::mul($a4, $b5, 22) + self::mul($a5, $b4, 22) + self::mul($a6, $b3, 22) + self::mul($a7, $b2, 22) + 3315 self::mul($a8, $b1, 22) + self::mul($a9, $b0, 22); 3316 $s10 = self::mul($a0, $b10, 22) + self::mul($a1, $b9, 22) + self::mul($a2, $b8, 22) + self::mul($a3, $b7, 22) + 3317 self::mul($a4, $b6, 22) + self::mul($a5, $b5, 22) + self::mul($a6, $b4, 22) + self::mul($a7, $b3, 22) + 3318 self::mul($a8, $b2, 22) + self::mul($a9, $b1, 22) + self::mul($a10, $b0, 22); 3319 $s11 = self::mul($a0, $b11, 22) + self::mul($a1, $b10, 22) + self::mul($a2, $b9, 22) + self::mul($a3, $b8, 22) + 3320 self::mul($a4, $b7, 22) + self::mul($a5, $b6, 22) + self::mul($a6, $b5, 22) + self::mul($a7, $b4, 22) + 3321 self::mul($a8, $b3, 22) + self::mul($a9, $b2, 22) + self::mul($a10, $b1, 22) + self::mul($a11, $b0, 22); 3322 $s12 = self::mul($a1, $b11, 22) + self::mul($a2, $b10, 22) + self::mul($a3, $b9, 22) + self::mul($a4, $b8, 22) + 3323 self::mul($a5, $b7, 22) + self::mul($a6, $b6, 22) + self::mul($a7, $b5, 22) + self::mul($a8, $b4, 22) + 3324 self::mul($a9, $b3, 22) + self::mul($a10, $b2, 22) + self::mul($a11, $b1, 22); 3325 $s13 = self::mul($a2, $b11, 22) + self::mul($a3, $b10, 22) + self::mul($a4, $b9, 22) + self::mul($a5, $b8, 22) + 3326 self::mul($a6, $b7, 22) + self::mul($a7, $b6, 22) + self::mul($a8, $b5, 22) + self::mul($a9, $b4, 22) + 3327 self::mul($a10, $b3, 22) + self::mul($a11, $b2, 22); 3328 $s14 = self::mul($a3, $b11, 22) + self::mul($a4, $b10, 22) + self::mul($a5, $b9, 22) + self::mul($a6, $b8, 22) + 3329 self::mul($a7, $b7, 22) + self::mul($a8, $b6, 22) + self::mul($a9, $b5, 22) + self::mul($a10, $b4, 22) + 3330 self::mul($a11, $b3, 22); 3331 $s15 = self::mul($a4, $b11, 22) + self::mul($a5, $b10, 22) + self::mul($a6, $b9, 22) + self::mul($a7, $b8, 22) + 3332 self::mul($a8, $b7, 22) + self::mul($a9, $b6, 22) + self::mul($a10, $b5, 22) + self::mul($a11, $b4, 22); 3333 $s16 = 3334 self::mul($a5, $b11, 22) + self::mul($a6, $b10, 22) + self::mul($a7, $b9, 22) + self::mul($a8, $b8, 22) + 3335 self::mul($a9, $b7, 22) + self::mul($a10, $b6, 22) + self::mul($a11, $b5, 22); 3336 $s17 = self::mul($a6, $b11, 22) + self::mul($a7, $b10, 22) + self::mul($a8, $b9, 22) + self::mul($a9, $b8, 22) + 3337 self::mul($a10, $b7, 22) + self::mul($a11, $b6, 22); 3338 $s18 = self::mul($a7, $b11, 22) + self::mul($a8, $b10, 22) + self::mul($a9, $b9, 22) + self::mul($a10, $b8, 22) 3339 + self::mul($a11, $b7, 22); 3340 $s19 = self::mul($a8, $b11, 22) + self::mul($a9, $b10, 22) + self::mul($a10, $b9, 22) + 3341 self::mul($a11, $b8, 22); 3342 $s20 = self::mul($a9, $b11, 22) + self::mul($a10, $b10, 22) + self::mul($a11, $b9, 22); 3343 $s21 = self::mul($a10, $b11, 22) + self::mul($a11, $b10, 22); 3344 $s22 = self::mul($a11, $b11, 22); 3345 $s23 = 0; 3346 3347 // carry0 = (s0 + (int64_t) (1L << 20)) >> 21; 3348 // s1 += carry0; 3349 // s0 = carry0 * ((uint64_t) 1L << 21); 3350 $carry0 = ($s0 + (1 << 20)) >> 21; 3351 $s1 += $carry0; 3352 $s0 = $carry0 << 21; 3353 // carry2 = (s2 + (int64_t) (1L << 20)) >> 21; 3354 // s3 += carry2; 3355 // s2 = carry2 * ((uint64_t) 1L << 21); 3356 $carry2 = ($s2 + (1 << 20)) >> 21; 3357 $s3 += $carry2; 3358 $s2 = $carry2 << 21; 3359 // carry4 = (s4 + (int64_t) (1L << 20)) >> 21; 3360 // s5 += carry4; 3361 // s4 = carry4 * ((uint64_t) 1L << 21); 3362 $carry4 = ($s4 + (1 << 20)) >> 21; 3363 $s5 += $carry4; 3364 $s4 = $carry4 << 21; 3365 // carry6 = (s6 + (int64_t) (1L << 20)) >> 21; 3366 // s7 += carry6; 3367 // s6 = carry6 * ((uint64_t) 1L << 21); 3368 $carry6 = ($s6 + (1 << 20)) >> 21; 3369 $s7 += $carry6; 3370 $s6 = $carry6 << 21; 3371 // carry8 = (s8 + (int64_t) (1L << 20)) >> 21; 3372 // s9 += carry8; 3373 // s8 = carry8 * ((uint64_t) 1L << 21); 3374 $carry8 = ($s8 + (1 << 20)) >> 21; 3375 $s9 += $carry8; 3376 $s8 = $carry8 << 21; 3377 // carry10 = (s10 + (int64_t) (1L << 20)) >> 21; 3378 // s11 += carry10; 3379 // s10 = carry10 * ((uint64_t) 1L << 21); 3380 $carry10 = ($s10 + (1 << 20)) >> 21; 3381 $s11 += $carry10; 3382 $s10 = $carry10 << 21; 3383 // carry12 = (s12 + (int64_t) (1L << 20)) >> 21; 3384 // s13 += carry12; 3385 // s12 = carry12 * ((uint64_t) 1L << 21); 3386 $carry12 = ($s12 + (1 << 20)) >> 21; 3387 $s13 += $carry12; 3388 $s12 = $carry12 << 21; 3389 // carry14 = (s14 + (int64_t) (1L << 20)) >> 21; 3390 // s15 += carry14; 3391 // s14 = carry14 * ((uint64_t) 1L << 21); 3392 $carry14 = ($s14 + (1 << 20)) >> 21; 3393 $s15 += $carry14; 3394 $s14 = $carry14 << 21; 3395 // carry16 = (s16 + (int64_t) (1L << 20)) >> 21; 3396 // s17 += carry16; 3397 // s16 = carry16 * ((uint64_t) 1L << 21); 3398 $carry16 = ($s16 + (1 << 20)) >> 21; 3399 $s17 += $carry16; 3400 $s16 = $carry16 << 21; 3401 // carry18 = (s18 + (int64_t) (1L << 20)) >> 21; 3402 // s19 += carry18; 3403 // s18 = carry18 * ((uint64_t) 1L << 21); 3404 $carry18 = ($s18 + (1 << 20)) >> 21; 3405 $s19 += $carry18; 3406 $s18 = $carry18 << 21; 3407 // carry20 = (s20 + (int64_t) (1L << 20)) >> 21; 3408 // s21 += carry20; 3409 // s20 = carry20 * ((uint64_t) 1L << 21); 3410 $carry20 = ($s20 + (1 << 20)) >> 21; 3411 $s21 += $carry20; 3412 $s20 = $carry20 << 21; 3413 // carry22 = (s22 + (int64_t) (1L << 20)) >> 21; 3414 // s23 += carry22; 3415 // s22 = carry22 * ((uint64_t) 1L << 21); 3416 $carry22 = ($s22 + (1 << 20)) >> 21; 3417 $s23 += $carry22; 3418 $s22 = $carry22 << 21; 3419 3420 // carry1 = (s1 + (int64_t) (1L << 20)) >> 21; 3421 // s2 += carry1; 3422 // s1 = carry1 * ((uint64_t) 1L << 21); 3423 $carry1 = ($s1 + (1 << 20)) >> 21; 3424 $s2 += $carry1; 3425 $s1 = $carry1 << 21; 3426 // carry3 = (s3 + (int64_t) (1L << 20)) >> 21; 3427 // s4 += carry3; 3428 // s3 = carry3 * ((uint64_t) 1L << 21); 3429 $carry3 = ($s3 + (1 << 20)) >> 21; 3430 $s4 += $carry3; 3431 $s3 = $carry3 << 21; 3432 // carry5 = (s5 + (int64_t) (1L << 20)) >> 21; 3433 // s6 += carry5; 3434 // s5 = carry5 * ((uint64_t) 1L << 21); 3435 $carry5 = ($s5 + (1 << 20)) >> 21; 3436 $s6 += $carry5; 3437 $s5 = $carry5 << 21; 3438 // carry7 = (s7 + (int64_t) (1L << 20)) >> 21; 3439 // s8 += carry7; 3440 // s7 = carry7 * ((uint64_t) 1L << 21); 3441 $carry7 = ($s7 + (1 << 20)) >> 21; 3442 $s8 += $carry7; 3443 $s7 = $carry7 << 21; 3444 // carry9 = (s9 + (int64_t) (1L << 20)) >> 21; 3445 // s10 += carry9; 3446 // s9 = carry9 * ((uint64_t) 1L << 21); 3447 $carry9 = ($s9 + (1 << 20)) >> 21; 3448 $s10 += $carry9; 3449 $s9 = $carry9 << 21; 3450 // carry11 = (s11 + (int64_t) (1L << 20)) >> 21; 3451 // s12 += carry11; 3452 // s11 = carry11 * ((uint64_t) 1L << 21); 3453 $carry11 = ($s11 + (1 << 20)) >> 21; 3454 $s12 += $carry11; 3455 $s11 = $carry11 << 21; 3456 // carry13 = (s13 + (int64_t) (1L << 20)) >> 21; 3457 // s14 += carry13; 3458 // s13 = carry13 * ((uint64_t) 1L << 21); 3459 $carry13 = ($s13 + (1 << 20)) >> 21; 3460 $s14 += $carry13; 3461 $s13 = $carry13 << 21; 3462 // carry15 = (s15 + (int64_t) (1L << 20)) >> 21; 3463 // s16 += carry15; 3464 // s15 = carry15 * ((uint64_t) 1L << 21); 3465 $carry15 = ($s15 + (1 << 20)) >> 21; 3466 $s16 += $carry15; 3467 $s15 = $carry15 << 21; 3468 // carry17 = (s17 + (int64_t) (1L << 20)) >> 21; 3469 // s18 += carry17; 3470 // s17 = carry17 * ((uint64_t) 1L << 21); 3471 $carry17 = ($s17 + (1 << 20)) >> 21; 3472 $s18 += $carry17; 3473 $s17 = $carry17 << 21; 3474 // carry19 = (s19 + (int64_t) (1L << 20)) >> 21; 3475 // s20 += carry19; 3476 // s19 = carry19 * ((uint64_t) 1L << 21); 3477 $carry19 = ($s19 + (1 << 20)) >> 21; 3478 $s20 += $carry19; 3479 $s19 = $carry19 << 21; 3480 // carry21 = (s21 + (int64_t) (1L << 20)) >> 21; 3481 // s22 += carry21; 3482 // s21 = carry21 * ((uint64_t) 1L << 21); 3483 $carry21 = ($s21 + (1 << 20)) >> 21; 3484 $s22 += $carry21; 3485 $s21 = $carry21 << 21; 3486 3487 // s11 += s23 * 666643; 3488 // s12 += s23 * 470296; 3489 // s13 += s23 * 654183; 3490 // s14 = s23 * 997805; 3491 // s15 += s23 * 136657; 3492 // s16 = s23 * 683901; 3493 $s11 += self::mul($s23, 666643, 20); 3494 $s12 += self::mul($s23, 470296, 19); 3495 $s13 += self::mul($s23, 654183, 20); 3496 $s14 = self::mul($s23, 997805, 20); 3497 $s15 += self::mul($s23, 136657, 18); 3498 $s16 = self::mul($s23, 683901, 20); 3499 3500 // s10 += s22 * 666643; 3501 // s11 += s22 * 470296; 3502 // s12 += s22 * 654183; 3503 // s13 = s22 * 997805; 3504 // s14 += s22 * 136657; 3505 // s15 = s22 * 683901; 3506 $s10 += self::mul($s22, 666643, 20); 3507 $s11 += self::mul($s22, 470296, 19); 3508 $s12 += self::mul($s22, 654183, 20); 3509 $s13 = self::mul($s22, 997805, 20); 3510 $s14 += self::mul($s22, 136657, 18); 3511 $s15 = self::mul($s22, 683901, 20); 3512 3513 // s9 += s21 * 666643; 3514 // s10 += s21 * 470296; 3515 // s11 += s21 * 654183; 3516 // s12 = s21 * 997805; 3517 // s13 += s21 * 136657; 3518 // s14 = s21 * 683901; 3519 $s9 += self::mul($s21, 666643, 20); 3520 $s10 += self::mul($s21, 470296, 19); 3521 $s11 += self::mul($s21, 654183, 20); 3522 $s12 = self::mul($s21, 997805, 20); 3523 $s13 += self::mul($s21, 136657, 18); 3524 $s14 = self::mul($s21, 683901, 20); 3525 3526 // s8 += s20 * 666643; 3527 // s9 += s20 * 470296; 3528 // s10 += s20 * 654183; 3529 // s11 = s20 * 997805; 3530 // s12 += s20 * 136657; 3531 // s13 = s20 * 683901; 3532 $s8 += self::mul($s20, 666643, 20); 3533 $s9 += self::mul($s20, 470296, 19); 3534 $s10 += self::mul($s20, 654183, 20); 3535 $s11 = self::mul($s20, 997805, 20); 3536 $s12 += self::mul($s20, 136657, 18); 3537 $s13 = self::mul($s20, 683901, 20); 3538 3539 // s7 += s19 * 666643; 3540 // s8 += s19 * 470296; 3541 // s9 += s19 * 654183; 3542 // s10 = s19 * 997805; 3543 // s11 += s19 * 136657; 3544 // s12 = s19 * 683901; 3545 $s7 += self::mul($s19, 666643, 20); 3546 $s8 += self::mul($s19, 470296, 19); 3547 $s9 += self::mul($s19, 654183, 20); 3548 $s10 = self::mul($s19, 997805, 20); 3549 $s11 += self::mul($s19, 136657, 18); 3550 $s12 = self::mul($s19, 683901, 20); 3551 3552 // s6 += s18 * 666643; 3553 // s7 += s18 * 470296; 3554 // s8 += s18 * 654183; 3555 // s9 = s18 * 997805; 3556 // s10 += s18 * 136657; 3557 // s11 = s18 * 683901; 3558 $s6 += self::mul($s18, 666643, 20); 3559 $s7 += self::mul($s18, 470296, 19); 3560 $s8 += self::mul($s18, 654183, 20); 3561 $s9 = self::mul($s18, 997805, 20); 3562 $s10 += self::mul($s18, 136657, 18); 3563 $s11 = self::mul($s18, 683901, 20); 3564 3565 // carry6 = (s6 + (int64_t) (1L << 20)) >> 21; 3566 // s7 += carry6; 3567 // s6 = carry6 * ((uint64_t) 1L << 21); 3568 $carry6 = ($s6 + (1 << 20)) >> 21; 3569 $s7 += $carry6; 3570 $s6 = $carry6 << 21; 3571 // carry8 = (s8 + (int64_t) (1L << 20)) >> 21; 3572 // s9 += carry8; 3573 // s8 = carry8 * ((uint64_t) 1L << 21); 3574 $carry8 = ($s8 + (1 << 20)) >> 21; 3575 $s9 += $carry8; 3576 $s8 = $carry8 << 21; 3577 // carry10 = (s10 + (int64_t) (1L << 20)) >> 21; 3578 // s11 += carry10; 3579 // s10 = carry10 * ((uint64_t) 1L << 21); 3580 $carry10 = ($s10 + (1 << 20)) >> 21; 3581 $s11 += $carry10; 3582 $s10 = $carry10 << 21; 3583 // carry12 = (s12 + (int64_t) (1L << 20)) >> 21; 3584 // s13 += carry12; 3585 // s12 = carry12 * ((uint64_t) 1L << 21); 3586 $carry12 = ($s12 + (1 << 20)) >> 21; 3587 $s13 += $carry12; 3588 $s12 = $carry12 << 21; 3589 // carry14 = (s14 + (int64_t) (1L << 20)) >> 21; 3590 // s15 += carry14; 3591 // s14 = carry14 * ((uint64_t) 1L << 21); 3592 $carry14 = ($s14 + (1 << 20)) >> 21; 3593 $s15 += $carry14; 3594 $s14 = $carry14 << 21; 3595 // carry16 = (s16 + (int64_t) (1L << 20)) >> 21; 3596 // s17 += carry16; 3597 // s16 = carry16 * ((uint64_t) 1L << 21); 3598 $carry16 = ($s16 + (1 << 20)) >> 21; 3599 $s17 += $carry16; 3600 $s16 = $carry16 << 21; 3601 3602 // carry7 = (s7 + (int64_t) (1L << 20)) >> 21; 3603 // s8 += carry7; 3604 // s7 = carry7 * ((uint64_t) 1L << 21); 3605 $carry7 = ($s7 + (1 << 20)) >> 21; 3606 $s8 += $carry7; 3607 $s7 = $carry7 << 21; 3608 // carry9 = (s9 + (int64_t) (1L << 20)) >> 21; 3609 // s10 += carry9; 3610 // s9 = carry9 * ((uint64_t) 1L << 21); 3611 $carry9 = ($s9 + (1 << 20)) >> 21; 3612 $s10 += $carry9; 3613 $s9 = $carry9 << 21; 3614 // carry11 = (s11 + (int64_t) (1L << 20)) >> 21; 3615 // s12 += carry11; 3616 // s11 = carry11 * ((uint64_t) 1L << 21); 3617 $carry11 = ($s11 + (1 << 20)) >> 21; 3618 $s12 += $carry11; 3619 $s11 = $carry11 << 21; 3620 // carry13 = (s13 + (int64_t) (1L << 20)) >> 21; 3621 // s14 += carry13; 3622 // s13 = carry13 * ((uint64_t) 1L << 21); 3623 $carry13 = ($s13 + (1 << 20)) >> 21; 3624 $s14 += $carry13; 3625 $s13 = $carry13 << 21; 3626 // carry15 = (s15 + (int64_t) (1L << 20)) >> 21; 3627 // s16 += carry15; 3628 // s15 = carry15 * ((uint64_t) 1L << 21); 3629 $carry15 = ($s15 + (1 << 20)) >> 21; 3630 $s16 += $carry15; 3631 $s15 = $carry15 << 21; 3632 3633 // s5 += s17 * 666643; 3634 // s6 += s17 * 470296; 3635 // s7 += s17 * 654183; 3636 // s8 = s17 * 997805; 3637 // s9 += s17 * 136657; 3638 // s10 = s17 * 683901; 3639 $s5 += self::mul($s17, 666643, 20); 3640 $s6 += self::mul($s17, 470296, 19); 3641 $s7 += self::mul($s17, 654183, 20); 3642 $s8 = self::mul($s17, 997805, 20); 3643 $s9 += self::mul($s17, 136657, 18); 3644 $s10 = self::mul($s17, 683901, 20); 3645 3646 // s4 += s16 * 666643; 3647 // s5 += s16 * 470296; 3648 // s6 += s16 * 654183; 3649 // s7 = s16 * 997805; 3650 // s8 += s16 * 136657; 3651 // s9 = s16 * 683901; 3652 $s4 += self::mul($s16, 666643, 20); 3653 $s5 += self::mul($s16, 470296, 19); 3654 $s6 += self::mul($s16, 654183, 20); 3655 $s7 = self::mul($s16, 997805, 20); 3656 $s8 += self::mul($s16, 136657, 18); 3657 $s9 = self::mul($s16, 683901, 20); 3658 3659 // s3 += s15 * 666643; 3660 // s4 += s15 * 470296; 3661 // s5 += s15 * 654183; 3662 // s6 = s15 * 997805; 3663 // s7 += s15 * 136657; 3664 // s8 = s15 * 683901; 3665 $s3 += self::mul($s15, 666643, 20); 3666 $s4 += self::mul($s15, 470296, 19); 3667 $s5 += self::mul($s15, 654183, 20); 3668 $s6 = self::mul($s15, 997805, 20); 3669 $s7 += self::mul($s15, 136657, 18); 3670 $s8 = self::mul($s15, 683901, 20); 3671 3672 // s2 += s14 * 666643; 3673 // s3 += s14 * 470296; 3674 // s4 += s14 * 654183; 3675 // s5 = s14 * 997805; 3676 // s6 += s14 * 136657; 3677 // s7 = s14 * 683901; 3678 $s2 += self::mul($s14, 666643, 20); 3679 $s3 += self::mul($s14, 470296, 19); 3680 $s4 += self::mul($s14, 654183, 20); 3681 $s5 = self::mul($s14, 997805, 20); 3682 $s6 += self::mul($s14, 136657, 18); 3683 $s7 = self::mul($s14, 683901, 20); 3684 3685 // s1 += s13 * 666643; 3686 // s2 += s13 * 470296; 3687 // s3 += s13 * 654183; 3688 // s4 = s13 * 997805; 3689 // s5 += s13 * 136657; 3690 // s6 = s13 * 683901; 3691 $s1 += self::mul($s13, 666643, 20); 3692 $s2 += self::mul($s13, 470296, 19); 3693 $s3 += self::mul($s13, 654183, 20); 3694 $s4 = self::mul($s13, 997805, 20); 3695 $s5 += self::mul($s13, 136657, 18); 3696 $s6 = self::mul($s13, 683901, 20); 3697 3698 // s0 += s12 * 666643; 3699 // s1 += s12 * 470296; 3700 // s2 += s12 * 654183; 3701 // s3 = s12 * 997805; 3702 // s4 += s12 * 136657; 3703 // s5 = s12 * 683901; 3704 // s12 = 0; 3705 $s0 += self::mul($s12, 666643, 20); 3706 $s1 += self::mul($s12, 470296, 19); 3707 $s2 += self::mul($s12, 654183, 20); 3708 $s3 = self::mul($s12, 997805, 20); 3709 $s4 += self::mul($s12, 136657, 18); 3710 $s5 = self::mul($s12, 683901, 20); 3711 $s12 = 0; 3712 3713 // carry0 = (s0 + (int64_t) (1L << 20)) >> 21; 3714 // s1 += carry0; 3715 // s0 = carry0 * ((uint64_t) 1L << 21); 3716 $carry0 = ($s0 + (1 << 20)) >> 21; 3717 $s1 += $carry0; 3718 $s0 = $carry0 << 21; 3719 // carry2 = (s2 + (int64_t) (1L << 20)) >> 21; 3720 // s3 += carry2; 3721 // s2 = carry2 * ((uint64_t) 1L << 21); 3722 $carry2 = ($s2 + (1 << 20)) >> 21; 3723 $s3 += $carry2; 3724 $s2 = $carry2 << 21; 3725 // carry4 = (s4 + (int64_t) (1L << 20)) >> 21; 3726 // s5 += carry4; 3727 // s4 = carry4 * ((uint64_t) 1L << 21); 3728 $carry4 = ($s4 + (1 << 20)) >> 21; 3729 $s5 += $carry4; 3730 $s4 = $carry4 << 21; 3731 // carry6 = (s6 + (int64_t) (1L << 20)) >> 21; 3732 // s7 += carry6; 3733 // s6 = carry6 * ((uint64_t) 1L << 21); 3734 $carry6 = ($s6 + (1 << 20)) >> 21; 3735 $s7 += $carry6; 3736 $s6 = $carry6 << 21; 3737 // carry8 = (s8 + (int64_t) (1L << 20)) >> 21; 3738 // s9 += carry8; 3739 // s8 = carry8 * ((uint64_t) 1L << 21); 3740 $carry8 = ($s8 + (1 << 20)) >> 21; 3741 $s9 += $carry8; 3742 $s8 = $carry8 << 21; 3743 // carry10 = (s10 + (int64_t) (1L << 20)) >> 21; 3744 // s11 += carry10; 3745 // s10 = carry10 * ((uint64_t) 1L << 21); 3746 $carry10 = ($s10 + (1 << 20)) >> 21; 3747 $s11 += $carry10; 3748 $s10 = $carry10 << 21; 3749 3750 // carry1 = (s1 + (int64_t) (1L << 20)) >> 21; 3751 // s2 += carry1; 3752 // s1 = carry1 * ((uint64_t) 1L << 21); 3753 $carry1 = ($s1 + (1 << 20)) >> 21; 3754 $s2 += $carry1; 3755 $s1 = $carry1 << 21; 3756 // carry3 = (s3 + (int64_t) (1L << 20)) >> 21; 3757 // s4 += carry3; 3758 // s3 = carry3 * ((uint64_t) 1L << 21); 3759 $carry3 = ($s3 + (1 << 20)) >> 21; 3760 $s4 += $carry3; 3761 $s3 = $carry3 << 21; 3762 // carry5 = (s5 + (int64_t) (1L << 20)) >> 21; 3763 // s6 += carry5; 3764 // s5 = carry5 * ((uint64_t) 1L << 21); 3765 $carry5 = ($s5 + (1 << 20)) >> 21; 3766 $s6 += $carry5; 3767 $s5 = $carry5 << 21; 3768 // carry7 = (s7 + (int64_t) (1L << 20)) >> 21; 3769 // s8 += carry7; 3770 // s7 = carry7 * ((uint64_t) 1L << 21); 3771 $carry7 = ($s7 + (1 << 20)) >> 21; 3772 $s8 += $carry7; 3773 $s7 = $carry7 << 21; 3774 // carry9 = (s9 + (int64_t) (1L << 20)) >> 21; 3775 // s10 += carry9; 3776 // s9 = carry9 * ((uint64_t) 1L << 21); 3777 $carry9 = ($s9 + (1 << 20)) >> 21; 3778 $s10 += $carry9; 3779 $s9 = $carry9 << 21; 3780 // carry11 = (s11 + (int64_t) (1L << 20)) >> 21; 3781 // s12 += carry11; 3782 // s11 = carry11 * ((uint64_t) 1L << 21); 3783 $carry11 = ($s11 + (1 << 20)) >> 21; 3784 $s12 += $carry11; 3785 $s11 = $carry11 << 21; 3786 3787 // s0 += s12 * 666643; 3788 // s1 += s12 * 470296; 3789 // s2 += s12 * 654183; 3790 // s3 = s12 * 997805; 3791 // s4 += s12 * 136657; 3792 // s5 = s12 * 683901; 3793 // s12 = 0; 3794 $s0 += self::mul($s12, 666643, 20); 3795 $s1 += self::mul($s12, 470296, 19); 3796 $s2 += self::mul($s12, 654183, 20); 3797 $s3 = self::mul($s12, 997805, 20); 3798 $s4 += self::mul($s12, 136657, 18); 3799 $s5 = self::mul($s12, 683901, 20); 3800 $s12 = 0; 3801 3802 // carry0 = s0 >> 21; 3803 // s1 += carry0; 3804 // s0 = carry0 * ((uint64_t) 1L << 21); 3805 $carry0 = $s0 >> 21; 3806 $s1 += $carry0; 3807 $s0 = $carry0 << 21; 3808 // carry1 = s1 >> 21; 3809 // s2 += carry1; 3810 // s1 = carry1 * ((uint64_t) 1L << 21); 3811 $carry1 = $s1 >> 21; 3812 $s2 += $carry1; 3813 $s1 = $carry1 << 21; 3814 // carry2 = s2 >> 21; 3815 // s3 += carry2; 3816 // s2 = carry2 * ((uint64_t) 1L << 21); 3817 $carry2 = $s2 >> 21; 3818 $s3 += $carry2; 3819 $s2 = $carry2 << 21; 3820 // carry3 = s3 >> 21; 3821 // s4 += carry3; 3822 // s3 = carry3 * ((uint64_t) 1L << 21); 3823 $carry3 = $s3 >> 21; 3824 $s4 += $carry3; 3825 $s3 = $carry3 << 21; 3826 // carry4 = s4 >> 21; 3827 // s5 += carry4; 3828 // s4 = carry4 * ((uint64_t) 1L << 21); 3829 $carry4 = $s4 >> 21; 3830 $s5 += $carry4; 3831 $s4 = $carry4 << 21; 3832 // carry5 = s5 >> 21; 3833 // s6 += carry5; 3834 // s5 = carry5 * ((uint64_t) 1L << 21); 3835 $carry5 = $s5 >> 21; 3836 $s6 += $carry5; 3837 $s5 = $carry5 << 21; 3838 // carry6 = s6 >> 21; 3839 // s7 += carry6; 3840 // s6 = carry6 * ((uint64_t) 1L << 21); 3841 $carry6 = $s6 >> 21; 3842 $s7 += $carry6; 3843 $s6 = $carry6 << 21; 3844 // carry7 = s7 >> 21; 3845 // s8 += carry7; 3846 // s7 = carry7 * ((uint64_t) 1L << 21); 3847 $carry7 = $s7 >> 21; 3848 $s8 += $carry7; 3849 $s7 = $carry7 << 21; 3850 // carry8 = s8 >> 21; 3851 // s9 += carry8; 3852 // s8 = carry8 * ((uint64_t) 1L << 21); 3853 $carry8 = $s8 >> 21; 3854 $s9 += $carry8; 3855 $s8 = $carry8 << 21; 3856 // carry9 = s9 >> 21; 3857 // s10 += carry9; 3858 // s9 = carry9 * ((uint64_t) 1L << 21); 3859 $carry9 = $s9 >> 21; 3860 $s10 += $carry9; 3861 $s9 = $carry9 << 21; 3862 // carry10 = s10 >> 21; 3863 // s11 += carry10; 3864 // s10 = carry10 * ((uint64_t) 1L << 21); 3865 $carry10 = $s10 >> 21; 3866 $s11 += $carry10; 3867 $s10 = $carry10 << 21; 3868 // carry11 = s11 >> 21; 3869 // s12 += carry11; 3870 // s11 = carry11 * ((uint64_t) 1L << 21); 3871 $carry11 = $s11 >> 21; 3872 $s12 += $carry11; 3873 $s11 = $carry11 << 21; 3874 3875 // s0 += s12 * 666643; 3876 // s1 += s12 * 470296; 3877 // s2 += s12 * 654183; 3878 // s3 = s12 * 997805; 3879 // s4 += s12 * 136657; 3880 // s5 = s12 * 683901; 3881 $s0 += self::mul($s12, 666643, 20); 3882 $s1 += self::mul($s12, 470296, 19); 3883 $s2 += self::mul($s12, 654183, 20); 3884 $s3 = self::mul($s12, 997805, 20); 3885 $s4 += self::mul($s12, 136657, 18); 3886 $s5 = self::mul($s12, 683901, 20); 3887 3888 // carry0 = s0 >> 21; 3889 // s1 += carry0; 3890 // s0 = carry0 * ((uint64_t) 1L << 21); 3891 $carry0 = $s0 >> 21; 3892 $s1 += $carry0; 3893 $s0 = $carry0 << 21; 3894 // carry1 = s1 >> 21; 3895 // s2 += carry1; 3896 // s1 = carry1 * ((uint64_t) 1L << 21); 3897 $carry1 = $s1 >> 21; 3898 $s2 += $carry1; 3899 $s1 = $carry1 << 21; 3900 // carry2 = s2 >> 21; 3901 // s3 += carry2; 3902 // s2 = carry2 * ((uint64_t) 1L << 21); 3903 $carry2 = $s2 >> 21; 3904 $s3 += $carry2; 3905 $s2 = $carry2 << 21; 3906 // carry3 = s3 >> 21; 3907 // s4 += carry3; 3908 // s3 = carry3 * ((uint64_t) 1L << 21); 3909 $carry3 = $s3 >> 21; 3910 $s4 += $carry3; 3911 $s3 = $carry3 << 21; 3912 // carry4 = s4 >> 21; 3913 // s5 += carry4; 3914 // s4 = carry4 * ((uint64_t) 1L << 21); 3915 $carry4 = $s4 >> 21; 3916 $s5 += $carry4; 3917 $s4 = $carry4 << 21; 3918 // carry5 = s5 >> 21; 3919 // s6 += carry5; 3920 // s5 = carry5 * ((uint64_t) 1L << 21); 3921 $carry5 = $s5 >> 21; 3922 $s6 += $carry5; 3923 $s5 = $carry5 << 21; 3924 // carry6 = s6 >> 21; 3925 // s7 += carry6; 3926 // s6 = carry6 * ((uint64_t) 1L << 21); 3927 $carry6 = $s6 >> 21; 3928 $s7 += $carry6; 3929 $s6 = $carry6 << 21; 3930 // carry7 = s7 >> 21; 3931 // s8 += carry7; 3932 // s7 = carry7 * ((uint64_t) 1L << 21); 3933 $carry7 = $s7 >> 21; 3934 $s8 += $carry7; 3935 $s7 = $carry7 << 21; 3936 // carry8 = s8 >> 21; 3937 // s9 += carry8; 3938 // s8 = carry8 * ((uint64_t) 1L << 21); 3939 $carry8 = $s8 >> 21; 3940 $s9 += $carry8; 3941 $s8 = $carry8 << 21; 3942 // carry9 = s9 >> 21; 3943 // s10 += carry9; 3944 // s9 = carry9 * ((uint64_t) 1L << 21); 3945 $carry9 = $s9 >> 21; 3946 $s10 += $carry9; 3947 $s9 = $carry9 << 21; 3948 // carry10 = s10 >> 21; 3949 // s11 += carry10; 3950 // s10 = carry10 * ((uint64_t) 1L << 21); 3951 $carry10 = $s10 >> 21; 3952 $s11 += $carry10; 3953 $s10 = $carry10 << 21; 3954 3955 $s = array_fill(0, 32, 0); 3956 // s[0] = s0 >> 0; 3957 $s[0] = $s0 >> 0; 3958 // s[1] = s0 >> 8; 3959 $s[1] = $s0 >> 8; 3960 // s[2] = (s0 >> 16)  (s1 * ((uint64_t) 1 << 5)); 3961 $s[2] = ($s0 >> 16)  ($s1 << 5); 3962 // s[3] = s1 >> 3; 3963 $s[3] = $s1 >> 3; 3964 // s[4] = s1 >> 11; 3965 $s[4] = $s1 >> 11; 3966 // s[5] = (s1 >> 19)  (s2 * ((uint64_t) 1 << 2)); 3967 $s[5] = ($s1 >> 19)  ($s2 << 2); 3968 // s[6] = s2 >> 6; 3969 $s[6] = $s2 >> 6; 3970 // s[7] = (s2 >> 14)  (s3 * ((uint64_t) 1 << 7)); 3971 $s[7] = ($s2 >> 14)  ($s3 << 7); 3972 // s[8] = s3 >> 1; 3973 $s[8] = $s3 >> 1; 3974 // s[9] = s3 >> 9; 3975 $s[9] = $s3 >> 9; 3976 // s[10] = (s3 >> 17)  (s4 * ((uint64_t) 1 << 4)); 3977 $s[10] = ($s3 >> 17)  ($s4 << 4); 3978 // s[11] = s4 >> 4; 3979 $s[11] = $s4 >> 4; 3980 // s[12] = s4 >> 12; 3981 $s[12] = $s4 >> 12; 3982 // s[13] = (s4 >> 20)  (s5 * ((uint64_t) 1 << 1)); 3983 $s[13] = ($s4 >> 20)  ($s5 << 1); 3984 // s[14] = s5 >> 7; 3985 $s[14] = $s5 >> 7; 3986 // s[15] = (s5 >> 15)  (s6 * ((uint64_t) 1 << 6)); 3987 $s[15] = ($s5 >> 15)  ($s6 << 6); 3988 // s[16] = s6 >> 2; 3989 $s[16] = $s6 >> 2; 3990 // s[17] = s6 >> 10; 3991 $s[17] = $s6 >> 10; 3992 // s[18] = (s6 >> 18)  (s7 * ((uint64_t) 1 << 3)); 3993 $s[18] = ($s6 >> 18)  ($s7 << 3); 3994 // s[19] = s7 >> 5; 3995 $s[19] = $s7 >> 5; 3996 // s[20] = s7 >> 13; 3997 $s[20] = $s7 >> 13; 3998 // s[21] = s8 >> 0; 3999 $s[21] = $s8 >> 0; 4000 // s[22] = s8 >> 8; 4001 $s[22] = $s8 >> 8; 4002 // s[23] = (s8 >> 16)  (s9 * ((uint64_t) 1 << 5)); 4003 $s[23] = ($s8 >> 16)  ($s9 << 5); 4004 // s[24] = s9 >> 3; 4005 $s[24] = $s9 >> 3; 4006 // s[25] = s9 >> 11; 4007 $s[25] = $s9 >> 11; 4008 // s[26] = (s9 >> 19)  (s10 * ((uint64_t) 1 << 2)); 4009 $s[26] = ($s9 >> 19)  ($s10 << 2); 4010 // s[27] = s10 >> 6; 4011 $s[27] = $s10 >> 6; 4012 // s[28] = (s10 >> 14)  (s11 * ((uint64_t) 1 << 7)); 4013 $s[28] = ($s10 >> 14)  ($s11 << 7); 4014 // s[29] = s11 >> 1; 4015 $s[29] = $s11 >> 1; 4016 // s[30] = s11 >> 9; 4017 $s[30] = $s11 >> 9; 4018 // s[31] = s11 >> 17; 4019 $s[31] = $s11 >> 17; 4020 return self::intArrayToString($s); 4021 } 4022 4023 /** 4024 * @param string $s 4025 * @return string 4026 */ 4027 public static function sc25519_sq($s) 4028 { 4029 return self::sc25519_mul($s, $s); 4030 } 4031 4032 /** 4033 * @param string $s 4034 * @param int $n 4035 * @param string $a 4036 * @return string 4037 */ 4038 public static function sc25519_sqmul($s, $n, $a) 4039 { 4040 for ($i = 0; $i < $n; ++$i) { 4041 $s = self::sc25519_sq($s); 4042 } 4043 return self::sc25519_mul($s, $a); 4044 } 4045 4046 /** 4047 * @param string $s 4048 * @return string 4049 */ 4050 public static function sc25519_invert($s) 4051 { 4052 $_10 = self::sc25519_sq($s); 4053 $_11 = self::sc25519_mul($s, $_10); 4054 $_100 = self::sc25519_mul($s, $_11); 4055 $_1000 = self::sc25519_sq($_100); 4056 $_1010 = self::sc25519_mul($_10, $_1000); 4057 $_1011 = self::sc25519_mul($s, $_1010); 4058 $_10000 = self::sc25519_sq($_1000); 4059 $_10110 = self::sc25519_sq($_1011); 4060 $_100000 = self::sc25519_mul($_1010, $_10110); 4061 $_100110 = self::sc25519_mul($_10000, $_10110); 4062 $_1000000 = self::sc25519_sq($_100000); 4063 $_1010000 = self::sc25519_mul($_10000, $_1000000); 4064 $_1010011 = self::sc25519_mul($_11, $_1010000); 4065 $_1100011 = self::sc25519_mul($_10000, $_1010011); 4066 $_1100111 = self::sc25519_mul($_100, $_1100011); 4067 $_1101011 = self::sc25519_mul($_100, $_1100111); 4068 $_10010011 = self::sc25519_mul($_1000000, $_1010011); 4069 $_10010111 = self::sc25519_mul($_100, $_10010011); 4070 $_10111101 = self::sc25519_mul($_100110, $_10010111); 4071 $_11010011 = self::sc25519_mul($_10110, $_10111101); 4072 $_11100111 = self::sc25519_mul($_1010000, $_10010111); 4073 $_11101011 = self::sc25519_mul($_100, $_11100111); 4074 $_11110101 = self::sc25519_mul($_1010, $_11101011); 4075 4076 $recip = self::sc25519_mul($_1011, $_11110101); 4077 $recip = self::sc25519_sqmul($recip, 126, $_1010011); 4078 $recip = self::sc25519_sqmul($recip, 9, $_10); 4079 $recip = self::sc25519_mul($recip, $_11110101); 4080 $recip = self::sc25519_sqmul($recip, 7, $_1100111); 4081 $recip = self::sc25519_sqmul($recip, 9, $_11110101); 4082 $recip = self::sc25519_sqmul($recip, 11, $_10111101); 4083 $recip = self::sc25519_sqmul($recip, 8, $_11100111); 4084 $recip = self::sc25519_sqmul($recip, 9, $_1101011); 4085 $recip = self::sc25519_sqmul($recip, 6, $_1011); 4086 $recip = self::sc25519_sqmul($recip, 14, $_10010011); 4087 $recip = self::sc25519_sqmul($recip, 10, $_1100011); 4088 $recip = self::sc25519_sqmul($recip, 9, $_10010111); 4089 $recip = self::sc25519_sqmul($recip, 10, $_11110101); 4090 $recip = self::sc25519_sqmul($recip, 8, $_11010011); 4091 return self::sc25519_sqmul($recip, 8, $_11101011); 4092 } 4093 4094 /** 4095 * @param string $s 4096 * @return string 4097 */ 4098 public static function clamp($s) 4099 { 4100 $s_ = self::stringToIntArray($s); 4101 $s_[0] &= 248; 4102 $s_[31] = 64; 4103 $s_[31] &= 128; 4104 return self::intArrayToString($s_); 4105 } 3002 4106 }
Note: See TracChangeset
for help on using the changeset viewer.