Changeset 51171 for branches/5.7/src/wp-includes/sodium_compat/src/Compat.php

Timestamp:

06/16/2021 05:28:49 PM (4 years ago)

Author:

SergeyBiryukov

Message:

Upgrade/Install: Update sodium_compat to v1.16.1.

The latest version of sodium_compat includes polyfills for new features slated to land in PHP 8.1:
​https://paragonie.com/blog/2021/05/ristretto255-for-php-community

It also fixes a race condition with the autoloader that caused an "undefined constant" error on some systems:
​https://github.com/paragonie/sodium_compat/issues/122

A full list of changes in this update can be found on GitHub:
​https://github.com/paragonie/sodium_compat/compare/v1.14.0...v1.16.1

Follow-up to [49741].

Props paragoninitiativeenterprises, oxyrealm.
Merges [51002] to the 5.7 branch.
Fixes #53274.

Location:

branches/5.7

Files:

• . (modified) (1 prop)
• src/wp-includes/sodium_compat/src/Compat.php (modified) (12 diffs)

branches/5.7/src/wp-includes/sodium_compat/src/Compat.php

@@ -81 +81 @@
     const CRYPTO_BOX_NONCEBYTES = 24;
     const CRYPTO_BOX_SEEDBYTES = 32;
+    const CRYPTO_CORE_RISTRETTO255_BYTES = 32;
+    const CRYPTO_CORE_RISTRETTO255_SCALARBYTES = 32;
+    const CRYPTO_CORE_RISTRETTO255_HASHBYTES = 64;
+    const CRYPTO_CORE_RISTRETTO255_NONREDUCEDSCALARBYTES = 64;
     const CRYPTO_KDF_BYTES_MIN = 16;
     const CRYPTO_KDF_BYTES_MAX = 64;
@@ -116 +120 @@
     const CRYPTO_SCALARMULT_BYTES = 32;
     const CRYPTO_SCALARMULT_SCALARBYTES = 32;
+    const CRYPTO_SCALARMULT_RISTRETTO255_BYTES = 32;
+    const CRYPTO_SCALARMULT_RISTRETTO255_SCALARBYTES = 32;
     const CRYPTO_SHORTHASH_BYTES = 8;
     const CRYPTO_SHORTHASH_KEYBYTES = 16;
@@ -136 +142 @@
     const CRYPTO_STREAM_KEYBYTES = 32;
     const CRYPTO_STREAM_NONCEBYTES = 24;
+    const CRYPTO_STREAM_XCHACHA20_KEYBYTES = 32;
+    const CRYPTO_STREAM_XCHACHA20_NONCEBYTES = 24;
 
     /**
@@ -728 +736 @@
         /* Type checks: */
         ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
-        ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
+        if (!is_null($assocData)) {
+            ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
+        }
         ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3);
         ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);
@@ -815 +825 @@
         /* Type checks: */
         ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
-        ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
+        if (!is_null($assocData)) {
+            ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
+        } else {
+            $assocData = '';
+        }
         ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3);
         ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);
@@ -886 +900 @@
         /* Type checks: */
         ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
-        ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
+        if (!is_null($assocData)) {
+            ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
+        } else {
+            $assocData = '';
+        }
         ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3);
         ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);
@@ -1689 +1707 @@
      * @param string $client_public
      * @param string $server_public
-     * @return string
-     * @throws SodiumException
-     * @throws TypeError
-     * @psalm-suppress MixedArgument
-     */
-    public static function crypto_kx($my_secret, $their_public, $client_public, $server_public)
+     * @param bool $dontFallback
+     * @return string
+     * @throws SodiumException
+     * @throws TypeError
+     * @psalm-suppress MixedArgument
+     */
+    public static function crypto_kx($my_secret, $their_public, $client_public, $server_public, $dontFallback = false)
     {
         /* Type checks: */
@@ -1716 +1735 @@
         }
 
-        if (self::useNewSodiumAPI()) {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
             if (is_callable('sodium_crypto_kx')) {
                 return (string) sodium_crypto_kx(
@@ -3051 +3070 @@
     }
 
+
+    /**
+     * Expand a key and nonce into a keystream of pseudorandom bytes.
+     *
+     * @param int $len Number of bytes desired
+     * @param string $nonce Number to be used Once; must be 24 bytes
+     * @param string $key XChaCha20 key
+     * @param bool $dontFallback
+     * @return string       Pseudorandom stream that can be XORed with messages
+     *                      to provide encryption (but not authentication; see
+     *                      Poly1305 or crypto_auth() for that, which is not
+     *                      optional for security)
+     * @throws SodiumException
+     * @throws TypeError
+     * @psalm-suppress MixedArgument
+     */
+    public static function crypto_stream_xchacha20($len, $nonce, $key, $dontFallback = false)
+    {
+        /* Type checks: */
+        ParagonIE_Sodium_Core_Util::declareScalarType($len, 'int', 1);
+        ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
+        ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 3);
+
+        /* Input validation: */
+        if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_STREAM_XCHACHA20_NONCEBYTES) {
+            throw new SodiumException('Argument 2 must be CRYPTO_SECRETBOX_XCHACHA20_NONCEBYTES long.');
+        }
+        if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_STREAM_XCHACHA20_KEYBYTES) {
+            throw new SodiumException('Argument 3 must be CRYPTO_STREAM_XCHACHA20_KEYBYTES long.');
+        }
+
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_stream_xchacha20($len, $nonce, $key);
+        }
+        if (PHP_INT_SIZE === 4) {
+            return ParagonIE_Sodium_Core32_XChaCha20::stream($len, $nonce, $key);
+        }
+        return ParagonIE_Sodium_Core_XChaCha20::stream($len, $nonce, $key);
+    }
+
+    /**
+     * DANGER! UNAUTHENTICATED ENCRYPTION!
+     *
+     * Unless you are following expert advice, do not used this feature.
+     *
+     * Algorithm: XChaCha20
+     *
+     * This DOES NOT provide ciphertext integrity.
+     *
+     * @param string $message Plaintext message
+     * @param string $nonce Number to be used Once; must be 24 bytes
+     * @param string $key Encryption key
+     * @return string         Encrypted text which is vulnerable to chosen-
+     *                        ciphertext attacks unless you implement some
+     *                        other mitigation to the ciphertext (i.e.
+     *                        Encrypt then MAC)
+     * @param bool $dontFallback
+     * @throws SodiumException
+     * @throws TypeError
+     * @psalm-suppress MixedArgument
+     */
+    public static function crypto_stream_xchacha20_xor($message, $nonce, $key, $dontFallback = false)
+    {
+        /* Type checks: */
+        ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
+        ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
+        ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 3);
+
+        /* Input validation: */
+        if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_STREAM_XCHACHA20_NONCEBYTES) {
+            throw new SodiumException('Argument 2 must be CRYPTO_SECRETBOX_XCHACHA20_NONCEBYTES long.');
+        }
+        if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_STREAM_XCHACHA20_KEYBYTES) {
+            throw new SodiumException('Argument 3 must be CRYPTO_SECRETBOX_XCHACHA20_KEYBYTES long.');
+        }
+
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_stream_xchacha20_xor($message, $nonce, $key);
+        }
+        if (PHP_INT_SIZE === 4) {
+            return ParagonIE_Sodium_Core32_XChaCha20::streamXorIc($message, $nonce, $key);
+        }
+        return ParagonIE_Sodium_Core_XChaCha20::streamXorIc($message, $nonce, $key);
+    }
+
+    /**
+     * Return a secure random key for use with crypto_stream_xchacha20
+     *
+     * @return string
+     * @throws Exception
+     * @throws Error
+     */
+    public static function crypto_stream_xchacha20_keygen()
+    {
+        return random_bytes(self::CRYPTO_STREAM_XCHACHA20_KEYBYTES);
+    }
+
     /**
      * Cache-timing-safe implementation of hex2bin().
@@ -3113 +3229 @@
         }
         $var = $copy;
+    }
+
+    /**
+     * @param string $str
+     * @return bool
+     *
+     * @throws SodiumException
+     */
+    public static function is_zero($str)
+    {
+        $d = 0;
+        for ($i = 0; $i < 32; ++$i) {
+            $d |= ParagonIE_Sodium_Core_Util::chrToInt($str[$i]);
+        }
+        return ((($d - 1) >> 31) & 1) === 1;
     }
 
@@ -3453 +3584 @@
 
     /**
+     * @param string $p
+     * @param bool $dontFallback
+     * @return bool
+     * @throws SodiumException
+     */
+    public static function ristretto255_is_valid_point($p, $dontFallback = false)
+    {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_core_ristretto255_is_valid_point($p);
+        }
+        try {
+            $r = ParagonIE_Sodium_Core_Ristretto255::ristretto255_frombytes($p);
+            return $r['res'] === 0 &&
+                ParagonIE_Sodium_Core_Ristretto255::ristretto255_point_is_canonical($p) === 1;
+        } catch (SodiumException $ex) {
+            if ($ex->getMessage() === 'S is not canonical') {
+                return false;
+            }
+            throw $ex;
+        }
+    }
+
+    /**
+     * @param string $p
+     * @param string $q
+     * @param bool $dontFallback
+     * @return string
+     * @throws SodiumException
+     */
+    public static function ristretto255_add($p, $q, $dontFallback = false)
+    {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_core_ristretto255_add($p, $q);
+        }
+        return ParagonIE_Sodium_Core_Ristretto255::ristretto255_add($p, $q);
+    }
+
+    /**
+     * @param string $p
+     * @param string $q
+     * @param bool $dontFallback
+     * @return string
+     * @throws SodiumException
+     */
+    public static function ristretto255_sub($p, $q, $dontFallback = false)
+    {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_core_ristretto255_sub($p, $q);
+        }
+        return ParagonIE_Sodium_Core_Ristretto255::ristretto255_sub($p, $q);
+    }
+
+    /**
+     * @param string $r
+     * @param bool $dontFallback
+     * @return string
+     *
+     * @throws SodiumException
+     */
+    public static function ristretto255_from_hash($r, $dontFallback = false)
+    {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_core_ristretto255_from_hash($r);
+        }
+        return ParagonIE_Sodium_Core_Ristretto255::ristretto255_from_hash($r);
+    }
+
+    /**
+     * @param bool $dontFallback
+     * @return string
+     *
+     * @throws SodiumException
+     */
+    public static function ristretto255_random($dontFallback = false)
+    {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_core_ristretto255_random();
+        }
+        return ParagonIE_Sodium_Core_Ristretto255::ristretto255_random();
+    }
+
+    /**
+     * @param bool $dontFallback
+     * @return string
+     *
+     * @throws SodiumException
+     */
+    public static function ristretto255_scalar_random($dontFallback = false)
+    {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_core_ristretto255_scalar_random();
+        }
+        return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_random();
+    }
+
+    /**
+     * @param string $s
+     * @param bool $dontFallback
+     * @return string
+     * @throws SodiumException
+     */
+    public static function ristretto255_scalar_invert($s, $dontFallback = false)
+    {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_core_ristretto255_scalar_invert($s);
+        }
+        return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_invert($s);
+    }
+    /**
+     * @param string $s
+     * @param bool $dontFallback
+     * @return string
+     * @throws SodiumException
+     */
+    public static function ristretto255_scalar_negate($s, $dontFallback = false)
+    {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_core_ristretto255_scalar_negate($s);
+        }
+        return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_negate($s);
+    }
+
+    /**
+     * @param string $s
+     * @param bool $dontFallback
+     * @return string
+     * @throws SodiumException
+     */
+    public static function ristretto255_scalar_complement($s, $dontFallback = false)
+    {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_core_ristretto255_scalar_complement($s);
+        }
+        return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_complement($s);
+    }
+
+    /**
+     * @param string $x
+     * @param string $y
+     * @param bool $dontFallback
+     * @return string
+     * @throws SodiumException
+     */
+    public static function ristretto255_scalar_add($x, $y, $dontFallback = false)
+    {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_core_ristretto255_scalar_add($x, $y);
+        }
+        return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_add($x, $y);
+    }
+
+    /**
+     * @param string $x
+     * @param string $y
+     * @param bool $dontFallback
+     * @return string
+     * @throws SodiumException
+     */
+    public static function ristretto255_scalar_sub($x, $y, $dontFallback = false)
+    {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_core_ristretto255_scalar_sub($x, $y);
+        }
+        return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_sub($x, $y);
+    }
+
+    /**
+     * @param string $x
+     * @param string $y
+     * @param bool $dontFallback
+     * @return string
+     * @throws SodiumException
+     */
+    public static function ristretto255_scalar_mul($x, $y, $dontFallback = false)
+    {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_core_ristretto255_scalar_mul($x, $y);
+        }
+        return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_mul($x, $y);
+    }
+
+    /**
+     * @param string $n
+     * @param string $p
+     * @param bool $dontFallback
+     * @return string
+     * @throws SodiumException
+     */
+    public static function scalarmult_ristretto255($n, $p, $dontFallback = false)
+    {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_scalarmult_ristretto255($n, $p);
+        }
+        return ParagonIE_Sodium_Core_Ristretto255::scalarmult_ristretto255($n, $p);
+    }
+
+    /**
+     * @param string $n
+     * @param string $p
+     * @param bool $dontFallback
+     * @return string
+     * @throws SodiumException
+     */
+    public static function scalarmult_ristretto255_base($n, $dontFallback = false)
+    {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_scalarmult_ristretto255_base($n);
+        }
+        return ParagonIE_Sodium_Core_Ristretto255::scalarmult_ristretto255_base($n);
+    }
+
+    /**
+     * @param string $s
+     * @param bool $dontFallback
+     * @return string
+     * @throws SodiumException
+     */
+    public static function ristretto255_scalar_reduce($s, $dontFallback = false)
+    {
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return sodium_crypto_core_ristretto255_scalar_reduce($s);
+        }
+        return ParagonIE_Sodium_Core_Ristretto255::sc_reduce($s);
+    }
+
+    /**
      * Runtime testing method for 32-bit platforms.
      *
@@ -3489 +3846 @@
 
     /**
+     * Add two numbers (little-endian unsigned), storing the value in the first
+     * parameter.
+     *
+     * This mutates $val.
+     *
+     * @param string $val
+     * @param string $addv
+     * @return void
+     * @throws SodiumException
+     */
+    public static function sub(&$val, $addv)
+    {
+        $val_len = ParagonIE_Sodium_Core_Util::strlen($val);
+        $addv_len = ParagonIE_Sodium_Core_Util::strlen($addv);
+        if ($val_len !== $addv_len) {
+            throw new SodiumException('values must have the same length');
+        }
+        $A = ParagonIE_Sodium_Core_Util::stringToIntArray($val);
+        $B = ParagonIE_Sodium_Core_Util::stringToIntArray($addv);
+
+        $c = 0;
+        for ($i = 0; $i < $val_len; $i++) {
+            $c = ($A[$i] - $B[$i] - $c);
+            $A[$i] = ($c & 0xff);
+            $c = ($c >> 8) & 1;
+        }
+        $val = ParagonIE_Sodium_Core_Util::intArrayToString($A);
+    }
+
+    /**
      * This emulates libsodium's version_string() function, except ours is
      * prefixed with 'polyfill-'.