- Timestamp:
- 03/24/2022 03:18:31 PM (3 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/sodium_compat/src/Core/Curve25519.php
r51591 r52988 343 343 ParagonIE_Sodium_Core_Curve25519_Fe $g 344 344 ) { 345 // Ensure limbs aren't oversized. 346 $f = self::fe_normalize($f); 347 $g = self::fe_normalize($g); 345 348 $f0 = $f[0]; 346 349 $f1 = $f[1]; … … 477 480 $f9g8_19 = self::mul($g8_19, $f9, 25); 478 481 $f9g9_38 = self::mul($g9_19, $f9_2, 26); 482 479 483 $h0 = $f0g0 + $f1g9_38 + $f2g8_19 + $f3g7_38 + $f4g6_19 + $f5g5_38 + $f6g4_19 + $f7g3_38 + $f8g2_19 + $f9g1_38; 480 484 $h1 = $f0g1 + $f1g0 + $f2g9_19 + $f3g8_19 + $f4g7_19 + $f5g6_19 + $f6g5_19 + $f7g4_19 + $f8g3_19 + $f9g2_19; … … 531 535 $h0 -= $carry0 << 26; 532 536 533 return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( 534 array( 535 (int) $h0, 536 (int) $h1, 537 (int) $h2, 538 (int) $h3, 539 (int) $h4, 540 (int) $h5, 541 (int) $h6, 542 (int) $h7, 543 (int) $h8, 544 (int) $h9 537 return self::fe_normalize( 538 ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( 539 array( 540 (int) $h0, 541 (int) $h1, 542 (int) $h2, 543 (int) $h3, 544 (int) $h4, 545 (int) $h5, 546 (int) $h6, 547 (int) $h7, 548 (int) $h8, 549 (int) $h9 550 ) 545 551 ) 546 552 ); … … 564 570 $h[$i] = -$f[$i]; 565 571 } 566 return $h;572 return self::fe_normalize($h); 567 573 } 568 574 … … 579 585 public static function fe_sq(ParagonIE_Sodium_Core_Curve25519_Fe $f) 580 586 { 587 $f = self::fe_normalize($f); 581 588 $f0 = (int) $f[0]; 582 589 $f1 = (int) $f[1]; … … 712 719 $h0 -= $carry0 << 26; 713 720 714 return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( 715 array( 716 (int) $h0, 717 (int) $h1, 718 (int) $h2, 719 (int) $h3, 720 (int) $h4, 721 (int) $h5, 722 (int) $h6, 723 (int) $h7, 724 (int) $h8, 725 (int) $h9 721 return self::fe_normalize( 722 ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( 723 array( 724 (int) $h0, 725 (int) $h1, 726 (int) $h2, 727 (int) $h3, 728 (int) $h4, 729 (int) $h5, 730 (int) $h6, 731 (int) $h7, 732 (int) $h8, 733 (int) $h9 734 ) 726 735 ) 727 736 ); … … 741 750 public static function fe_sq2(ParagonIE_Sodium_Core_Curve25519_Fe $f) 742 751 { 752 $f = self::fe_normalize($f); 743 753 $f0 = (int) $f[0]; 744 754 $f1 = (int) $f[1]; … … 875 885 $h0 -= $carry0 << 26; 876 886 877 return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( 878 array( 879 (int) $h0, 880 (int) $h1, 881 (int) $h2, 882 (int) $h3, 883 (int) $h4, 884 (int) $h5, 885 (int) $h6, 886 (int) $h7, 887 (int) $h8, 888 (int) $h9 887 return self::fe_normalize( 888 ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( 889 array( 890 (int) $h0, 891 (int) $h1, 892 (int) $h2, 893 (int) $h3, 894 (int) $h4, 895 (int) $h5, 896 (int) $h6, 897 (int) $h7, 898 (int) $h8, 899 (int) $h9 900 ) 889 901 ) 890 902 ); … … 959 971 public static function fe_pow22523(ParagonIE_Sodium_Core_Curve25519_Fe $z) 960 972 { 973 $z = self::fe_normalize($z); 961 974 # fe_sq(t0, z); 962 975 # fe_sq(t1, t0); … … 1086 1099 public static function fe_sub(ParagonIE_Sodium_Core_Curve25519_Fe $f, ParagonIE_Sodium_Core_Curve25519_Fe $g) 1087 1100 { 1088 return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( 1089 array( 1090 (int) ($f[0] - $g[0]), 1091 (int) ($f[1] - $g[1]), 1092 (int) ($f[2] - $g[2]), 1093 (int) ($f[3] - $g[3]), 1094 (int) ($f[4] - $g[4]), 1095 (int) ($f[5] - $g[5]), 1096 (int) ($f[6] - $g[6]), 1097 (int) ($f[7] - $g[7]), 1098 (int) ($f[8] - $g[8]), 1099 (int) ($f[9] - $g[9]) 1101 return self::fe_normalize( 1102 ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( 1103 array( 1104 (int) ($f[0] - $g[0]), 1105 (int) ($f[1] - $g[1]), 1106 (int) ($f[2] - $g[2]), 1107 (int) ($f[3] - $g[3]), 1108 (int) ($f[4] - $g[4]), 1109 (int) ($f[5] - $g[5]), 1110 (int) ($f[6] - $g[6]), 1111 (int) ($f[7] - $g[7]), 1112 (int) ($f[8] - $g[8]), 1113 (int) ($f[9] - $g[9]) 1114 ) 1100 1115 ) 1101 1116 ); … … 2536 2551 $s21 = 2097151 & (self::load_3(self::substr($s, 55, 3)) >> 1); 2537 2552 $s22 = 2097151 & (self::load_4(self::substr($s, 57, 4)) >> 6); 2538 $s23 = (self::load_4(self::substr($s, 60, 4)) >> 3);2553 $s23 = 0x1fffffff & (self::load_4(self::substr($s, 60, 4)) >> 3); 2539 2554 2540 2555 $s11 += self::mul($s23, 666643, 20); … … 3783 3798 return self::intArrayToString($s_); 3784 3799 } 3800 3801 /** 3802 * Ensure limbs are less than 28 bits long to prevent float promotion. 3803 * 3804 * This uses a constant-time conditional swap under the hood. 3805 * 3806 * @param ParagonIE_Sodium_Core_Curve25519_Fe $f 3807 * @return ParagonIE_Sodium_Core_Curve25519_Fe 3808 */ 3809 public static function fe_normalize(ParagonIE_Sodium_Core_Curve25519_Fe $f) 3810 { 3811 $x = (PHP_INT_SIZE << 3) - 1; // 31 or 63 3812 3813 $g = self::fe_copy($f); 3814 for ($i = 0; $i < 10; ++$i) { 3815 $mask = -(($g[$i] >> $x) & 1); 3816 3817 /* 3818 * Get two candidate normalized values for $g[$i], depending on the sign of $g[$i]: 3819 */ 3820 $a = $g[$i] & 0x7ffffff; 3821 $b = -((-$g[$i]) & 0x7ffffff); 3822 3823 /* 3824 * Return the appropriate candidate value, based on the sign of the original input: 3825 * 3826 * The following is equivalent to this ternary: 3827 * 3828 * $g[$i] = (($g[$i] >> $x) & 1) ? $a : $b; 3829 * 3830 * Except what's written doesn't contain timing leaks. 3831 */ 3832 $g[$i] = ($a ^ (($a ^ $b) & $mask)); 3833 } 3834 return $g; 3835 } 3785 3836 }
Note: See TracChangeset
for help on using the changeset viewer.