: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in
if (class_exists('ParagonIE_Sodium_Core_X25519', false)) {
* Class ParagonIE_Sodium_Core_X25519
abstract class ParagonIE_Sodium_Core_X25519 extends ParagonIE_Sodium_Core_Curve25519
* Alters the objects passed to this method in place.
* @internal You should not use this directly from another application
* @param ParagonIE_Sodium_Core_Curve25519_Fe $f
* @param ParagonIE_Sodium_Core_Curve25519_Fe $g
* @psalm-suppress MixedAssignment
public static function fe_cswap(
ParagonIE_Sodium_Core_Curve25519_Fe $f,
ParagonIE_Sodium_Core_Curve25519_Fe $g,
* @internal You should not use this directly from another application
* @param ParagonIE_Sodium_Core_Curve25519_Fe $f
* @return ParagonIE_Sodium_Core_Curve25519_Fe
public static function fe_mul121666(ParagonIE_Sodium_Core_Curve25519_Fe $f)
self::mul((int) $f[0], 121666, 17),
self::mul((int) $f[1], 121666, 17),
self::mul((int) $f[2], 121666, 17),
self::mul((int) $f[3], 121666, 17),
self::mul((int) $f[4], 121666, 17),
self::mul((int) $f[5], 121666, 17),
self::mul((int) $f[6], 121666, 17),
self::mul((int) $f[7], 121666, 17),
self::mul((int) $f[8], 121666, 17),
self::mul((int) $f[9], 121666, 17)
$carry9 = ($h[9] + (1 << 24)) >> 25;
$h[0] += self::mul($carry9, 19, 5);
$carry1 = ($h[1] + (1 << 24)) >> 25;
$carry3 = ($h[3] + (1 << 24)) >> 25;
$carry5 = ($h[5] + (1 << 24)) >> 25;
$carry7 = ($h[7] + (1 << 24)) >> 25;
$carry0 = ($h[0] + (1 << 25)) >> 26;
$carry2 = ($h[2] + (1 << 25)) >> 26;
$carry4 = ($h[4] + (1 << 25)) >> 26;
$carry6 = ($h[6] + (1 << 25)) >> 26;
$carry8 = ($h[8] + (1 << 25)) >> 26;
foreach ($h as $i => $value) {
return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray($h);
* @internal You should not use this directly from another application
* Inline comments preceded by # are from libsodium's ref10 code.
* @throws SodiumException
public static function crypto_scalarmult_curve25519_ref10($n, $p)
# for (i = 0;i < 32;++i) e[i] = n[i];
self::chrToInt($e[0]) & 248
(self::chrToInt($e[31]) & 127) | 64
$x1 = self::fe_frombytes($p);
$x3 = self::fe_copy($x1);
# for (pos = 254;pos >= 0;--pos) {
for ($pos = 254; $pos >= 0; --$pos) {
# b = e[pos / 8] >> (pos & 7);
$e[(int) floor($pos / 8)]
self::fe_cswap($x2, $x3, $swap);
self::fe_cswap($z2, $z3, $swap);
$tmp0 = self::fe_sub($x3, $z3);
$tmp1 = self::fe_sub($x2, $z2);
$x2 = self::fe_add($x2, $z2);
$z2 = self::fe_add($x3, $z3);
$z3 = self::fe_mul($tmp0, $x2);
$z2 = self::fe_mul($z2, $tmp1);
$tmp0 = self::fe_sq($tmp1);
$tmp1 = self::fe_sq($x2);
$x3 = self::fe_add($z3, $z2);
$z2 = self::fe_sub($z3, $z2);
$x2 = self::fe_mul($tmp1, $tmp0);
# fe_sub(tmp1,tmp1,tmp0);
$tmp1 = self::fe_sub($tmp1, $tmp0);
$z3 = self::fe_mul121666($tmp1);
$tmp0 = self::fe_add($tmp0, $z3);
$z3 = self::fe_mul($x1, $z2);
$z2 = self::fe_mul($tmp1, $tmp0);
self::fe_cswap($x2, $x3, $swap);
self::fe_cswap($z2, $z3, $swap);
$z2 = self::fe_invert($z2);
$x2 = self::fe_mul($x2, $z2);
return self::fe_tobytes($x2);
* @internal You should not use this directly from another application
* @param ParagonIE_Sodium_Core_Curve25519_Fe $edwardsY
* @param ParagonIE_Sodium_Core_Curve25519_Fe $edwardsZ
* @return ParagonIE_Sodium_Core_Curve25519_Fe
public static function edwards_to_montgomery(
ParagonIE_Sodium_Core_Curve25519_Fe $edwardsY,
ParagonIE_Sodium_Core_Curve25519_Fe $edwardsZ
$tempX = self::fe_add($edwardsZ, $edwardsY);
$tempZ = self::fe_sub($edwardsZ, $edwardsY);
$tempZ = self::fe_invert($tempZ);
return self::fe_mul($tempX, $tempZ);
* @internal You should not use this directly from another application
* @throws SodiumException
public static function crypto_scalarmult_curve25519_ref10_base($n)
# for (i = 0;i < 32;++i) e[i] = n[i];
self::chrToInt($e[0]) & 248
(self::chrToInt($e[31]) & 127) | 64
$A = self::ge_scalarmult_base($e);
!($A->Y instanceof ParagonIE_Sodium_Core_Curve25519_Fe)
!($A->Z instanceof ParagonIE_Sodium_Core_Curve25519_Fe)
throw new TypeError('Null points encountered');
$pk = self::edwards_to_montgomery($A->Y, $A->Z);
return self::fe_tobytes($pk);
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
