[ Index ] |
PHP Cross Reference of WordPress |
[Summary view] [Print] [Text view]
1 <?php 2 3 if (class_exists('ParagonIE_Sodium_Core_X25519', false)) { 4 return; 5 } 6 7 /** 8 * Class ParagonIE_Sodium_Core_X25519 9 */ 10 abstract class ParagonIE_Sodium_Core_X25519 extends ParagonIE_Sodium_Core_Curve25519 11 { 12 /** 13 * Alters the objects passed to this method in place. 14 * 15 * @internal You should not use this directly from another application 16 * 17 * @param ParagonIE_Sodium_Core_Curve25519_Fe $f 18 * @param ParagonIE_Sodium_Core_Curve25519_Fe $g 19 * @param int $b 20 * @return void 21 * @psalm-suppress MixedAssignment 22 */ 23 public static function fe_cswap( 24 ParagonIE_Sodium_Core_Curve25519_Fe $f, 25 ParagonIE_Sodium_Core_Curve25519_Fe $g, 26 $b = 0 27 ) { 28 $f0 = (int) $f[0]; 29 $f1 = (int) $f[1]; 30 $f2 = (int) $f[2]; 31 $f3 = (int) $f[3]; 32 $f4 = (int) $f[4]; 33 $f5 = (int) $f[5]; 34 $f6 = (int) $f[6]; 35 $f7 = (int) $f[7]; 36 $f8 = (int) $f[8]; 37 $f9 = (int) $f[9]; 38 $g0 = (int) $g[0]; 39 $g1 = (int) $g[1]; 40 $g2 = (int) $g[2]; 41 $g3 = (int) $g[3]; 42 $g4 = (int) $g[4]; 43 $g5 = (int) $g[5]; 44 $g6 = (int) $g[6]; 45 $g7 = (int) $g[7]; 46 $g8 = (int) $g[8]; 47 $g9 = (int) $g[9]; 48 $b = -$b; 49 $x0 = ($f0 ^ $g0) & $b; 50 $x1 = ($f1 ^ $g1) & $b; 51 $x2 = ($f2 ^ $g2) & $b; 52 $x3 = ($f3 ^ $g3) & $b; 53 $x4 = ($f4 ^ $g4) & $b; 54 $x5 = ($f5 ^ $g5) & $b; 55 $x6 = ($f6 ^ $g6) & $b; 56 $x7 = ($f7 ^ $g7) & $b; 57 $x8 = ($f8 ^ $g8) & $b; 58 $x9 = ($f9 ^ $g9) & $b; 59 $f[0] = $f0 ^ $x0; 60 $f[1] = $f1 ^ $x1; 61 $f[2] = $f2 ^ $x2; 62 $f[3] = $f3 ^ $x3; 63 $f[4] = $f4 ^ $x4; 64 $f[5] = $f5 ^ $x5; 65 $f[6] = $f6 ^ $x6; 66 $f[7] = $f7 ^ $x7; 67 $f[8] = $f8 ^ $x8; 68 $f[9] = $f9 ^ $x9; 69 $g[0] = $g0 ^ $x0; 70 $g[1] = $g1 ^ $x1; 71 $g[2] = $g2 ^ $x2; 72 $g[3] = $g3 ^ $x3; 73 $g[4] = $g4 ^ $x4; 74 $g[5] = $g5 ^ $x5; 75 $g[6] = $g6 ^ $x6; 76 $g[7] = $g7 ^ $x7; 77 $g[8] = $g8 ^ $x8; 78 $g[9] = $g9 ^ $x9; 79 } 80 81 /** 82 * @internal You should not use this directly from another application 83 * 84 * @param ParagonIE_Sodium_Core_Curve25519_Fe $f 85 * @return ParagonIE_Sodium_Core_Curve25519_Fe 86 */ 87 public static function fe_mul121666(ParagonIE_Sodium_Core_Curve25519_Fe $f) 88 { 89 $h = array( 90 self::mul((int) $f[0], 121666, 17), 91 self::mul((int) $f[1], 121666, 17), 92 self::mul((int) $f[2], 121666, 17), 93 self::mul((int) $f[3], 121666, 17), 94 self::mul((int) $f[4], 121666, 17), 95 self::mul((int) $f[5], 121666, 17), 96 self::mul((int) $f[6], 121666, 17), 97 self::mul((int) $f[7], 121666, 17), 98 self::mul((int) $f[8], 121666, 17), 99 self::mul((int) $f[9], 121666, 17) 100 ); 101 102 /** @var int $carry9 */ 103 $carry9 = ($h[9] + (1 << 24)) >> 25; 104 $h[0] += self::mul($carry9, 19, 5); 105 $h[9] -= $carry9 << 25; 106 /** @var int $carry1 */ 107 $carry1 = ($h[1] + (1 << 24)) >> 25; 108 $h[2] += $carry1; 109 $h[1] -= $carry1 << 25; 110 /** @var int $carry3 */ 111 $carry3 = ($h[3] + (1 << 24)) >> 25; 112 $h[4] += $carry3; 113 $h[3] -= $carry3 << 25; 114 /** @var int $carry5 */ 115 $carry5 = ($h[5] + (1 << 24)) >> 25; 116 $h[6] += $carry5; 117 $h[5] -= $carry5 << 25; 118 /** @var int $carry7 */ 119 $carry7 = ($h[7] + (1 << 24)) >> 25; 120 $h[8] += $carry7; 121 $h[7] -= $carry7 << 25; 122 123 /** @var int $carry0 */ 124 $carry0 = ($h[0] + (1 << 25)) >> 26; 125 $h[1] += $carry0; 126 $h[0] -= $carry0 << 26; 127 /** @var int $carry2 */ 128 $carry2 = ($h[2] + (1 << 25)) >> 26; 129 $h[3] += $carry2; 130 $h[2] -= $carry2 << 26; 131 /** @var int $carry4 */ 132 $carry4 = ($h[4] + (1 << 25)) >> 26; 133 $h[5] += $carry4; 134 $h[4] -= $carry4 << 26; 135 /** @var int $carry6 */ 136 $carry6 = ($h[6] + (1 << 25)) >> 26; 137 $h[7] += $carry6; 138 $h[6] -= $carry6 << 26; 139 /** @var int $carry8 */ 140 $carry8 = ($h[8] + (1 << 25)) >> 26; 141 $h[9] += $carry8; 142 $h[8] -= $carry8 << 26; 143 144 foreach ($h as $i => $value) { 145 $h[$i] = (int) $value; 146 } 147 return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray($h); 148 } 149 150 /** 151 * @internal You should not use this directly from another application 152 * 153 * Inline comments preceded by # are from libsodium's ref10 code. 154 * 155 * @param string $n 156 * @param string $p 157 * @return string 158 * @throws SodiumException 159 * @throws TypeError 160 */ 161 public static function crypto_scalarmult_curve25519_ref10($n, $p) 162 { 163 # for (i = 0;i < 32;++i) e[i] = n[i]; 164 $e = '' . $n; 165 # e[0] &= 248; 166 $e[0] = self::intToChr( 167 self::chrToInt($e[0]) & 248 168 ); 169 # e[31] &= 127; 170 # e[31] |= 64; 171 $e[31] = self::intToChr( 172 (self::chrToInt($e[31]) & 127) | 64 173 ); 174 # fe_frombytes(x1,p); 175 $x1 = self::fe_frombytes($p); 176 # fe_1(x2); 177 $x2 = self::fe_1(); 178 # fe_0(z2); 179 $z2 = self::fe_0(); 180 # fe_copy(x3,x1); 181 $x3 = self::fe_copy($x1); 182 # fe_1(z3); 183 $z3 = self::fe_1(); 184 185 # swap = 0; 186 /** @var int $swap */ 187 $swap = 0; 188 189 # for (pos = 254;pos >= 0;--pos) { 190 for ($pos = 254; $pos >= 0; --$pos) { 191 # b = e[pos / 8] >> (pos & 7); 192 /** @var int $b */ 193 $b = self::chrToInt( 194 $e[(int) floor($pos / 8)] 195 ) >> ($pos & 7); 196 # b &= 1; 197 $b &= 1; 198 # swap ^= b; 199 $swap ^= $b; 200 # fe_cswap(x2,x3,swap); 201 self::fe_cswap($x2, $x3, $swap); 202 # fe_cswap(z2,z3,swap); 203 self::fe_cswap($z2, $z3, $swap); 204 # swap = b; 205 $swap = $b; 206 # fe_sub(tmp0,x3,z3); 207 $tmp0 = self::fe_sub($x3, $z3); 208 # fe_sub(tmp1,x2,z2); 209 $tmp1 = self::fe_sub($x2, $z2); 210 211 # fe_add(x2,x2,z2); 212 $x2 = self::fe_add($x2, $z2); 213 214 # fe_add(z2,x3,z3); 215 $z2 = self::fe_add($x3, $z3); 216 217 # fe_mul(z3,tmp0,x2); 218 $z3 = self::fe_mul($tmp0, $x2); 219 220 # fe_mul(z2,z2,tmp1); 221 $z2 = self::fe_mul($z2, $tmp1); 222 223 # fe_sq(tmp0,tmp1); 224 $tmp0 = self::fe_sq($tmp1); 225 226 # fe_sq(tmp1,x2); 227 $tmp1 = self::fe_sq($x2); 228 229 # fe_add(x3,z3,z2); 230 $x3 = self::fe_add($z3, $z2); 231 232 # fe_sub(z2,z3,z2); 233 $z2 = self::fe_sub($z3, $z2); 234 235 # fe_mul(x2,tmp1,tmp0); 236 $x2 = self::fe_mul($tmp1, $tmp0); 237 238 # fe_sub(tmp1,tmp1,tmp0); 239 $tmp1 = self::fe_sub($tmp1, $tmp0); 240 241 # fe_sq(z2,z2); 242 $z2 = self::fe_sq($z2); 243 244 # fe_mul121666(z3,tmp1); 245 $z3 = self::fe_mul121666($tmp1); 246 247 # fe_sq(x3,x3); 248 $x3 = self::fe_sq($x3); 249 250 # fe_add(tmp0,tmp0,z3); 251 $tmp0 = self::fe_add($tmp0, $z3); 252 253 # fe_mul(z3,x1,z2); 254 $z3 = self::fe_mul($x1, $z2); 255 256 # fe_mul(z2,tmp1,tmp0); 257 $z2 = self::fe_mul($tmp1, $tmp0); 258 } 259 260 # fe_cswap(x2,x3,swap); 261 self::fe_cswap($x2, $x3, $swap); 262 263 # fe_cswap(z2,z3,swap); 264 self::fe_cswap($z2, $z3, $swap); 265 266 # fe_invert(z2,z2); 267 $z2 = self::fe_invert($z2); 268 269 # fe_mul(x2,x2,z2); 270 $x2 = self::fe_mul($x2, $z2); 271 # fe_tobytes(q,x2); 272 return self::fe_tobytes($x2); 273 } 274 275 /** 276 * @internal You should not use this directly from another application 277 * 278 * @param ParagonIE_Sodium_Core_Curve25519_Fe $edwardsY 279 * @param ParagonIE_Sodium_Core_Curve25519_Fe $edwardsZ 280 * @return ParagonIE_Sodium_Core_Curve25519_Fe 281 */ 282 public static function edwards_to_montgomery( 283 ParagonIE_Sodium_Core_Curve25519_Fe $edwardsY, 284 ParagonIE_Sodium_Core_Curve25519_Fe $edwardsZ 285 ) { 286 $tempX = self::fe_add($edwardsZ, $edwardsY); 287 $tempZ = self::fe_sub($edwardsZ, $edwardsY); 288 $tempZ = self::fe_invert($tempZ); 289 return self::fe_mul($tempX, $tempZ); 290 } 291 292 /** 293 * @internal You should not use this directly from another application 294 * 295 * @param string $n 296 * @return string 297 * @throws SodiumException 298 * @throws TypeError 299 */ 300 public static function crypto_scalarmult_curve25519_ref10_base($n) 301 { 302 # for (i = 0;i < 32;++i) e[i] = n[i]; 303 $e = '' . $n; 304 305 # e[0] &= 248; 306 $e[0] = self::intToChr( 307 self::chrToInt($e[0]) & 248 308 ); 309 310 # e[31] &= 127; 311 # e[31] |= 64; 312 $e[31] = self::intToChr( 313 (self::chrToInt($e[31]) & 127) | 64 314 ); 315 316 $A = self::ge_scalarmult_base($e); 317 if ( 318 !($A->Y instanceof ParagonIE_Sodium_Core_Curve25519_Fe) 319 || 320 !($A->Z instanceof ParagonIE_Sodium_Core_Curve25519_Fe) 321 ) { 322 throw new TypeError('Null points encountered'); 323 } 324 $pk = self::edwards_to_montgomery($A->Y, $A->Z); 325 return self::fe_tobytes($pk); 326 } 327 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Thu Sep 12 01:00:02 2024 | Cross-referenced by PHPXref 0.7.1 |