Edit File by line

<?php

[0] Fix | Delete

[1] Fix | Delete

if (class_exists('ParagonIE_Sodium_Core32_Curve25519', false)) {

[2] Fix | Delete

return;

[3] Fix | Delete

}

[4] Fix | Delete

[5] Fix | Delete

/**

[6] Fix | Delete

* Class ParagonIE_Sodium_Core32_Curve25519

[7] Fix | Delete

[8] Fix | Delete

* Implements Curve25519 core functions

[9] Fix | Delete

[10] Fix | Delete

* Based on the ref10 curve25519 code provided by libsodium

[11] Fix | Delete

[12] Fix | Delete

* @ref https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c

[13] Fix | Delete

[14] Fix | Delete

abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core32_Curve25519_H

[15] Fix | Delete

{

[16] Fix | Delete

/**

[17] Fix | Delete

* Get a field element of size 10 with a value of 0

[18] Fix | Delete

[19] Fix | Delete

* @internal You should not use this directly from another application

[20] Fix | Delete

[21] Fix | Delete

* @return ParagonIE_Sodium_Core32_Curve25519_Fe

[22] Fix | Delete

* @throws SodiumException

[23] Fix | Delete

* @throws TypeError

[24] Fix | Delete

[25] Fix | Delete

public static function fe_0()

[26] Fix | Delete

{

[27] Fix | Delete

return ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray(

[28] Fix | Delete

array(

[29] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[30] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[31] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[32] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[33] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[34] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[35] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[36] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[37] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[38] Fix | Delete

new ParagonIE_Sodium_Core32_Int32()

[39] Fix | Delete

)

[40] Fix | Delete

);

[41] Fix | Delete

}

[42] Fix | Delete

[43] Fix | Delete

/**

[44] Fix | Delete

* Get a field element of size 10 with a value of 1

[45] Fix | Delete

[46] Fix | Delete

* @internal You should not use this directly from another application

[47] Fix | Delete

[48] Fix | Delete

* @return ParagonIE_Sodium_Core32_Curve25519_Fe

[49] Fix | Delete

* @throws SodiumException

[50] Fix | Delete

* @throws TypeError

[51] Fix | Delete

[52] Fix | Delete

public static function fe_1()

[53] Fix | Delete

{

[54] Fix | Delete

return ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray(

[55] Fix | Delete

array(

[56] Fix | Delete

ParagonIE_Sodium_Core32_Int32::fromInt(1),

[57] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[58] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[59] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[60] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[61] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[62] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[63] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[64] Fix | Delete

new ParagonIE_Sodium_Core32_Int32(),

[65] Fix | Delete

new ParagonIE_Sodium_Core32_Int32()

[66] Fix | Delete

)

[67] Fix | Delete

);

[68] Fix | Delete

}

[69] Fix | Delete

[70] Fix | Delete

/**

[71] Fix | Delete

* Add two field elements.

[72] Fix | Delete

[73] Fix | Delete

* @internal You should not use this directly from another application

[74] Fix | Delete

[75] Fix | Delete

* @param ParagonIE_Sodium_Core32_Curve25519_Fe $f

[76] Fix | Delete

* @param ParagonIE_Sodium_Core32_Curve25519_Fe $g

[77] Fix | Delete

* @return ParagonIE_Sodium_Core32_Curve25519_Fe

[78] Fix | Delete

* @throws SodiumException

[79] Fix | Delete

* @throws TypeError

[80] Fix | Delete

* @psalm-suppress MixedAssignment

[81] Fix | Delete

* @psalm-suppress MixedMethodCall

[82] Fix | Delete

[83] Fix | Delete

public static function fe_add(

[84] Fix | Delete

ParagonIE_Sodium_Core32_Curve25519_Fe $f,

[85] Fix | Delete

ParagonIE_Sodium_Core32_Curve25519_Fe $g

[86] Fix | Delete

) {

[87] Fix | Delete

$arr = array();

[88] Fix | Delete

for ($i = 0; $i < 10; ++$i) {

[89] Fix | Delete

$arr[$i] = $f[$i]->addInt32($g[$i]);

[90] Fix | Delete

}

[91] Fix | Delete

/** @var array<int, ParagonIE_Sodium_Core32_Int32> $arr */

[92] Fix | Delete

return ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray($arr);

[93] Fix | Delete

}

[94] Fix | Delete

[95] Fix | Delete

/**

[96] Fix | Delete

* Constant-time conditional move.

[97] Fix | Delete

[98] Fix | Delete

* @internal You should not use this directly from another application

[99] Fix | Delete

[100] Fix | Delete

* @param ParagonIE_Sodium_Core32_Curve25519_Fe $f

[101] Fix | Delete

* @param ParagonIE_Sodium_Core32_Curve25519_Fe $g

[102] Fix | Delete

* @param int $b

[103] Fix | Delete

* @return ParagonIE_Sodium_Core32_Curve25519_Fe

[104] Fix | Delete

* @throws SodiumException

[105] Fix | Delete

* @throws TypeError

[106] Fix | Delete

* @psalm-suppress MixedAssignment

[107] Fix | Delete

* @psalm-suppress MixedMethodCall

[108] Fix | Delete

[109] Fix | Delete

public static function fe_cmov(

[110] Fix | Delete

ParagonIE_Sodium_Core32_Curve25519_Fe $f,

[111] Fix | Delete

ParagonIE_Sodium_Core32_Curve25519_Fe $g,

[112] Fix | Delete

$b = 0

[113] Fix | Delete

) {

[114] Fix | Delete

/** @var array<int, ParagonIE_Sodium_Core32_Int32> $h */

[115] Fix | Delete

$h = array();

[116] Fix | Delete

for ($i = 0; $i < 10; ++$i) {

[117] Fix | Delete

if (!($f[$i] instanceof ParagonIE_Sodium_Core32_Int32)) {

[118] Fix | Delete

throw new TypeError('Expected Int32');

[119] Fix | Delete

}

[120] Fix | Delete

if (!($g[$i] instanceof ParagonIE_Sodium_Core32_Int32)) {

[121] Fix | Delete

throw new TypeError('Expected Int32');

[122] Fix | Delete

}

[123] Fix | Delete

$h[$i] = $f[$i]->xorInt32(

[124] Fix | Delete

$f[$i]->xorInt32($g[$i])->mask($b)

[125] Fix | Delete

);

[126] Fix | Delete

}

[127] Fix | Delete

/** @var array<int, ParagonIE_Sodium_Core32_Int32> $h */

[128] Fix | Delete

return ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray($h);

[129] Fix | Delete

}

[130] Fix | Delete

[131] Fix | Delete

/**

[132] Fix | Delete

* Create a copy of a field element.

[133] Fix | Delete

[134] Fix | Delete

* @internal You should not use this directly from another application

[135] Fix | Delete

[136] Fix | Delete

* @param ParagonIE_Sodium_Core32_Curve25519_Fe $f

[137] Fix | Delete

* @return ParagonIE_Sodium_Core32_Curve25519_Fe

[138] Fix | Delete

[139] Fix | Delete

public static function fe_copy(ParagonIE_Sodium_Core32_Curve25519_Fe $f)

[140] Fix | Delete

{

[141] Fix | Delete

$h = clone $f;

[142] Fix | Delete

return $h;

[143] Fix | Delete

}

[144] Fix | Delete

[145] Fix | Delete

/**

[146] Fix | Delete

* Give: 32-byte string.

[147] Fix | Delete

* Receive: A field element object to use for internal calculations.

[148] Fix | Delete

[149] Fix | Delete

* @internal You should not use this directly from another application

[150] Fix | Delete

[151] Fix | Delete

* @param string $s

[152] Fix | Delete

* @return ParagonIE_Sodium_Core32_Curve25519_Fe

[153] Fix | Delete

* @throws RangeException

[154] Fix | Delete

* @throws SodiumException

[155] Fix | Delete

* @throws TypeError

[156] Fix | Delete

* @psalm-suppress MixedMethodCall

[157] Fix | Delete

[158] Fix | Delete

public static function fe_frombytes($s)

[159] Fix | Delete

{

[160] Fix | Delete

if (self::strlen($s) !== 32) {

[161] Fix | Delete

throw new RangeException('Expected a 32-byte string.');

[162] Fix | Delete

}

[163] Fix | Delete

/** @var ParagonIE_Sodium_Core32_Int32 $h0 */

[164] Fix | Delete

$h0 = ParagonIE_Sodium_Core32_Int32::fromInt(

[165] Fix | Delete

self::load_4($s)

[166] Fix | Delete

);

[167] Fix | Delete

/** @var ParagonIE_Sodium_Core32_Int32 $h1 */

[168] Fix | Delete

$h1 = ParagonIE_Sodium_Core32_Int32::fromInt(

[169] Fix | Delete

self::load_3(self::substr($s, 4, 3)) << 6

[170] Fix | Delete

);

[171] Fix | Delete

/** @var ParagonIE_Sodium_Core32_Int32 $h2 */

[172] Fix | Delete

$h2 = ParagonIE_Sodium_Core32_Int32::fromInt(

[173] Fix | Delete

self::load_3(self::substr($s, 7, 3)) << 5

[174] Fix | Delete

);

[175] Fix | Delete

/** @var ParagonIE_Sodium_Core32_Int32 $h3 */

[176] Fix | Delete

$h3 = ParagonIE_Sodium_Core32_Int32::fromInt(

[177] Fix | Delete

self::load_3(self::substr($s, 10, 3)) << 3

[178] Fix | Delete

);

[179] Fix | Delete

/** @var ParagonIE_Sodium_Core32_Int32 $h4 */

[180] Fix | Delete

$h4 = ParagonIE_Sodium_Core32_Int32::fromInt(

[181] Fix | Delete

self::load_3(self::substr($s, 13, 3)) << 2

[182] Fix | Delete

);

[183] Fix | Delete

/** @var ParagonIE_Sodium_Core32_Int32 $h5 */

[184] Fix | Delete

$h5 = ParagonIE_Sodium_Core32_Int32::fromInt(

[185] Fix | Delete

self::load_4(self::substr($s, 16, 4))

[186] Fix | Delete

);

[187] Fix | Delete

/** @var ParagonIE_Sodium_Core32_Int32 $h6 */

[188] Fix | Delete

$h6 = ParagonIE_Sodium_Core32_Int32::fromInt(

[189] Fix | Delete

self::load_3(self::substr($s, 20, 3)) << 7

[190] Fix | Delete

);

[191] Fix | Delete

/** @var ParagonIE_Sodium_Core32_Int32 $h7 */

[192] Fix | Delete

$h7 = ParagonIE_Sodium_Core32_Int32::fromInt(

[193] Fix | Delete

self::load_3(self::substr($s, 23, 3)) << 5

[194] Fix | Delete

);

[195] Fix | Delete

/** @var ParagonIE_Sodium_Core32_Int32 $h8 */

[196] Fix | Delete

$h8 = ParagonIE_Sodium_Core32_Int32::fromInt(

[197] Fix | Delete

self::load_3(self::substr($s, 26, 3)) << 4

[198] Fix | Delete

);

[199] Fix | Delete

/** @var ParagonIE_Sodium_Core32_Int32 $h9 */

[200] Fix | Delete

$h9 = ParagonIE_Sodium_Core32_Int32::fromInt(

[201] Fix | Delete

(self::load_3(self::substr($s, 29, 3)) & 8388607) << 2

[202] Fix | Delete

);

[203] Fix | Delete

[204] Fix | Delete

$carry9 = $h9->addInt(1 << 24)->shiftRight(25);

[205] Fix | Delete

$h0 = $h0->addInt32($carry9->mulInt(19, 5));

[206] Fix | Delete

$h9 = $h9->subInt32($carry9->shiftLeft(25));

[207] Fix | Delete

[208] Fix | Delete

$carry1 = $h1->addInt(1 << 24)->shiftRight(25);

[209] Fix | Delete

$h2 = $h2->addInt32($carry1);

[210] Fix | Delete

$h1 = $h1->subInt32($carry1->shiftLeft(25));

[211] Fix | Delete

[212] Fix | Delete

$carry3 = $h3->addInt(1 << 24)->shiftRight(25);

[213] Fix | Delete

$h4 = $h4->addInt32($carry3);

[214] Fix | Delete

$h3 = $h3->subInt32($carry3->shiftLeft(25));

[215] Fix | Delete

[216] Fix | Delete

$carry5 = $h5->addInt(1 << 24)->shiftRight(25);

[217] Fix | Delete

$h6 = $h6->addInt32($carry5);

[218] Fix | Delete

$h5 = $h5->subInt32($carry5->shiftLeft(25));

[219] Fix | Delete

[220] Fix | Delete

$carry7 = $h7->addInt(1 << 24)->shiftRight(25);

[221] Fix | Delete

$h8 = $h8->addInt32($carry7);

[222] Fix | Delete

$h7 = $h7->subInt32($carry7->shiftLeft(25));

[223] Fix | Delete

[224] Fix | Delete

$carry0 = $h0->addInt(1 << 25)->shiftRight(26);

[225] Fix | Delete

$h1 = $h1->addInt32($carry0);

[226] Fix | Delete

$h0 = $h0->subInt32($carry0->shiftLeft(26));

[227] Fix | Delete

[228] Fix | Delete

$carry2 = $h2->addInt(1 << 25)->shiftRight(26);

[229] Fix | Delete

$h3 = $h3->addInt32($carry2);

[230] Fix | Delete

$h2 = $h2->subInt32($carry2->shiftLeft(26));

[231] Fix | Delete

[232] Fix | Delete

$carry4 = $h4->addInt(1 << 25)->shiftRight(26);

[233] Fix | Delete

$h5 = $h5->addInt32($carry4);

[234] Fix | Delete

$h4 = $h4->subInt32($carry4->shiftLeft(26));

[235] Fix | Delete

[236] Fix | Delete

$carry6 = $h6->addInt(1 << 25)->shiftRight(26);

[237] Fix | Delete

$h7 = $h7->addInt32($carry6);

[238] Fix | Delete

$h6 = $h6->subInt32($carry6->shiftLeft(26));

[239] Fix | Delete

[240] Fix | Delete

$carry8 = $h8->addInt(1 << 25)->shiftRight(26);

[241] Fix | Delete

$h9 = $h9->addInt32($carry8);

[242] Fix | Delete

$h8 = $h8->subInt32($carry8->shiftLeft(26));

[243] Fix | Delete

[244] Fix | Delete

return ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray(

[245] Fix | Delete

array($h0, $h1, $h2,$h3, $h4, $h5, $h6, $h7, $h8, $h9)

[246] Fix | Delete

);

[247] Fix | Delete

}

[248] Fix | Delete

[249] Fix | Delete

/**

[250] Fix | Delete

* Convert a field element to a byte string.

[251] Fix | Delete

[252] Fix | Delete

* @internal You should not use this directly from another application

[253] Fix | Delete

[254] Fix | Delete

* @param ParagonIE_Sodium_Core32_Curve25519_Fe $h

[255] Fix | Delete

* @return string

[256] Fix | Delete

* @throws SodiumException

[257] Fix | Delete

* @throws TypeError

[258] Fix | Delete

* @psalm-suppress MixedAssignment

[259] Fix | Delete

* @psalm-suppress MixedMethodCall

[260] Fix | Delete

[261] Fix | Delete

public static function fe_tobytes(ParagonIE_Sodium_Core32_Curve25519_Fe $h)

[262] Fix | Delete

{

[263] Fix | Delete

/**

[264] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64[] $f

[265] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $q

[266] Fix | Delete

[267] Fix | Delete

$f = array();

[268] Fix | Delete

[269] Fix | Delete

for ($i = 0; $i < 10; ++$i) {

[270] Fix | Delete

$f[$i] = $h[$i]->toInt64();

[271] Fix | Delete

}

[272] Fix | Delete

[273] Fix | Delete

$q = $f[9]->mulInt(19, 5)->addInt(1 << 14)->shiftRight(25)

[274] Fix | Delete

->addInt64($f[0])->shiftRight(26)

[275] Fix | Delete

->addInt64($f[1])->shiftRight(25)

[276] Fix | Delete

->addInt64($f[2])->shiftRight(26)

[277] Fix | Delete

->addInt64($f[3])->shiftRight(25)

[278] Fix | Delete

->addInt64($f[4])->shiftRight(26)

[279] Fix | Delete

->addInt64($f[5])->shiftRight(25)

[280] Fix | Delete

->addInt64($f[6])->shiftRight(26)

[281] Fix | Delete

->addInt64($f[7])->shiftRight(25)

[282] Fix | Delete

->addInt64($f[8])->shiftRight(26)

[283] Fix | Delete

->addInt64($f[9])->shiftRight(25);

[284] Fix | Delete

[285] Fix | Delete

$f[0] = $f[0]->addInt64($q->mulInt(19, 5));

[286] Fix | Delete

[287] Fix | Delete

$carry0 = $f[0]->shiftRight(26);

[288] Fix | Delete

$f[1] = $f[1]->addInt64($carry0);

[289] Fix | Delete

$f[0] = $f[0]->subInt64($carry0->shiftLeft(26));

[290] Fix | Delete

[291] Fix | Delete

$carry1 = $f[1]->shiftRight(25);

[292] Fix | Delete

$f[2] = $f[2]->addInt64($carry1);

[293] Fix | Delete

$f[1] = $f[1]->subInt64($carry1->shiftLeft(25));

[294] Fix | Delete

[295] Fix | Delete

$carry2 = $f[2]->shiftRight(26);

[296] Fix | Delete

$f[3] = $f[3]->addInt64($carry2);

[297] Fix | Delete

$f[2] = $f[2]->subInt64($carry2->shiftLeft(26));

[298] Fix | Delete

[299] Fix | Delete

$carry3 = $f[3]->shiftRight(25);

[300] Fix | Delete

$f[4] = $f[4]->addInt64($carry3);

[301] Fix | Delete

$f[3] = $f[3]->subInt64($carry3->shiftLeft(25));

[302] Fix | Delete

[303] Fix | Delete

$carry4 = $f[4]->shiftRight(26);

[304] Fix | Delete

$f[5] = $f[5]->addInt64($carry4);

[305] Fix | Delete

$f[4] = $f[4]->subInt64($carry4->shiftLeft(26));

[306] Fix | Delete

[307] Fix | Delete

$carry5 = $f[5]->shiftRight(25);

[308] Fix | Delete

$f[6] = $f[6]->addInt64($carry5);

[309] Fix | Delete

$f[5] = $f[5]->subInt64($carry5->shiftLeft(25));

[310] Fix | Delete

[311] Fix | Delete

$carry6 = $f[6]->shiftRight(26);

[312] Fix | Delete

$f[7] = $f[7]->addInt64($carry6);

[313] Fix | Delete

$f[6] = $f[6]->subInt64($carry6->shiftLeft(26));

[314] Fix | Delete

[315] Fix | Delete

$carry7 = $f[7]->shiftRight(25);

[316] Fix | Delete

$f[8] = $f[8]->addInt64($carry7);

[317] Fix | Delete

$f[7] = $f[7]->subInt64($carry7->shiftLeft(25));

[318] Fix | Delete

[319] Fix | Delete

$carry8 = $f[8]->shiftRight(26);

[320] Fix | Delete

$f[9] = $f[9]->addInt64($carry8);

[321] Fix | Delete

$f[8] = $f[8]->subInt64($carry8->shiftLeft(26));

[322] Fix | Delete

[323] Fix | Delete

$carry9 = $f[9]->shiftRight(25);

[324] Fix | Delete

$f[9] = $f[9]->subInt64($carry9->shiftLeft(25));

[325] Fix | Delete

[326] Fix | Delete

$h0 = $f[0]->toInt32()->toInt();

[327] Fix | Delete

$h1 = $f[1]->toInt32()->toInt();

[328] Fix | Delete

$h2 = $f[2]->toInt32()->toInt();

[329] Fix | Delete

$h3 = $f[3]->toInt32()->toInt();

[330] Fix | Delete

$h4 = $f[4]->toInt32()->toInt();

[331] Fix | Delete

$h5 = $f[5]->toInt32()->toInt();

[332] Fix | Delete

$h6 = $f[6]->toInt32()->toInt();

[333] Fix | Delete

$h7 = $f[7]->toInt32()->toInt();

[334] Fix | Delete

$h8 = $f[8]->toInt32()->toInt();

[335] Fix | Delete

$h9 = $f[9]->toInt32()->toInt();

[336] Fix | Delete

[337] Fix | Delete

/**

[338] Fix | Delete

* @var array<int, int>

[339] Fix | Delete

[340] Fix | Delete

$s = array(

[341] Fix | Delete

(int) (($h0 >> 0) & 0xff),

[342] Fix | Delete

(int) (($h0 >> 8) & 0xff),

[343] Fix | Delete

(int) (($h0 >> 16) & 0xff),

[344] Fix | Delete

(int) ((($h0 >> 24) | ($h1 << 2)) & 0xff),

[345] Fix | Delete

(int) (($h1 >> 6) & 0xff),

[346] Fix | Delete

(int) (($h1 >> 14) & 0xff),

[347] Fix | Delete

(int) ((($h1 >> 22) | ($h2 << 3)) & 0xff),

[348] Fix | Delete

(int) (($h2 >> 5) & 0xff),

[349] Fix | Delete

(int) (($h2 >> 13) & 0xff),

[350] Fix | Delete

(int) ((($h2 >> 21) | ($h3 << 5)) & 0xff),

[351] Fix | Delete

(int) (($h3 >> 3) & 0xff),

[352] Fix | Delete

(int) (($h3 >> 11) & 0xff),

[353] Fix | Delete

(int) ((($h3 >> 19) | ($h4 << 6)) & 0xff),

[354] Fix | Delete

(int) (($h4 >> 2) & 0xff),

[355] Fix | Delete

(int) (($h4 >> 10) & 0xff),

[356] Fix | Delete

(int) (($h4 >> 18) & 0xff),

[357] Fix | Delete

(int) (($h5 >> 0) & 0xff),

[358] Fix | Delete

(int) (($h5 >> 8) & 0xff),

[359] Fix | Delete

(int) (($h5 >> 16) & 0xff),

[360] Fix | Delete

(int) ((($h5 >> 24) | ($h6 << 1)) & 0xff),

[361] Fix | Delete

(int) (($h6 >> 7) & 0xff),

[362] Fix | Delete

(int) (($h6 >> 15) & 0xff),

[363] Fix | Delete

(int) ((($h6 >> 23) | ($h7 << 3)) & 0xff),

[364] Fix | Delete

(int) (($h7 >> 5) & 0xff),

[365] Fix | Delete

(int) (($h7 >> 13) & 0xff),

[366] Fix | Delete

(int) ((($h7 >> 21) | ($h8 << 4)) & 0xff),

[367] Fix | Delete

(int) (($h8 >> 4) & 0xff),

[368] Fix | Delete

(int) (($h8 >> 12) & 0xff),

[369] Fix | Delete

(int) ((($h8 >> 20) | ($h9 << 6)) & 0xff),

[370] Fix | Delete

(int) (($h9 >> 2) & 0xff),

[371] Fix | Delete

(int) (($h9 >> 10) & 0xff),

[372] Fix | Delete

(int) (($h9 >> 18) & 0xff)

[373] Fix | Delete

);

[374] Fix | Delete

return self::intArrayToString($s);

[375] Fix | Delete

}

[376] Fix | Delete

[377] Fix | Delete

/**

[378] Fix | Delete

* Is a field element negative? (1 = yes, 0 = no. Used in calculations.)

[379] Fix | Delete

[380] Fix | Delete

* @internal You should not use this directly from another application

[381] Fix | Delete

[382] Fix | Delete

* @param ParagonIE_Sodium_Core32_Curve25519_Fe $f

[383] Fix | Delete

* @return int

[384] Fix | Delete

* @throws SodiumException

[385] Fix | Delete

* @throws TypeError

[386] Fix | Delete

[387] Fix | Delete

public static function fe_isnegative(ParagonIE_Sodium_Core32_Curve25519_Fe $f)

[388] Fix | Delete

{

[389] Fix | Delete

$str = self::fe_tobytes($f);

[390] Fix | Delete

return (int) (self::chrToInt($str[0]) & 1);

[391] Fix | Delete

}

[392] Fix | Delete

[393] Fix | Delete

/**

[394] Fix | Delete

* Returns 0 if this field element results in all NUL bytes.

[395] Fix | Delete

[396] Fix | Delete

* @internal You should not use this directly from another application

[397] Fix | Delete

[398] Fix | Delete

* @param ParagonIE_Sodium_Core32_Curve25519_Fe $f

[399] Fix | Delete

* @return bool

[400] Fix | Delete

* @throws SodiumException

[401] Fix | Delete

* @throws TypeError

[402] Fix | Delete

[403] Fix | Delete

public static function fe_isnonzero(ParagonIE_Sodium_Core32_Curve25519_Fe $f)

[404] Fix | Delete

{

[405] Fix | Delete

static $zero;

[406] Fix | Delete

if ($zero === null) {

[407] Fix | Delete

$zero = str_repeat("\x00", 32);

[408] Fix | Delete

}

[409] Fix | Delete

$str = self::fe_tobytes($f);

[410] Fix | Delete

/** @var string $zero */

[411] Fix | Delete

return !self::verify_32($str, $zero);

[412] Fix | Delete

}

[413] Fix | Delete

[414] Fix | Delete

/**

[415] Fix | Delete

* Multiply two field elements

[416] Fix | Delete

[417] Fix | Delete

* h = f * g

[418] Fix | Delete

[419] Fix | Delete

* @internal You should not use this directly from another application

[420] Fix | Delete

[421] Fix | Delete

* @security Is multiplication a source of timing leaks? If so, can we do

[422] Fix | Delete

* anything to prevent that from happening?

[423] Fix | Delete

[424] Fix | Delete

* @param ParagonIE_Sodium_Core32_Curve25519_Fe $f

[425] Fix | Delete

* @param ParagonIE_Sodium_Core32_Curve25519_Fe $g

[426] Fix | Delete

* @return ParagonIE_Sodium_Core32_Curve25519_Fe

[427] Fix | Delete

* @throws SodiumException

[428] Fix | Delete

* @throws TypeError

[429] Fix | Delete

[430] Fix | Delete

public static function fe_mul(

[431] Fix | Delete

ParagonIE_Sodium_Core32_Curve25519_Fe $f,

[432] Fix | Delete

ParagonIE_Sodium_Core32_Curve25519_Fe $g

[433] Fix | Delete

) {

[434] Fix | Delete

/**

[435] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int32[] $f

[436] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int32[] $g

[437] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $f0

[438] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $f1

[439] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $f2

[440] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $f3

[441] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $f4

[442] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $f5

[443] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $f6

[444] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $f7

[445] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $f8

[446] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $f9

[447] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $g0

[448] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $g1

[449] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $g2

[450] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $g3

[451] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $g4

[452] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $g5

[453] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $g6

[454] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $g7

[455] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $g8

[456] Fix | Delete

* @var ParagonIE_Sodium_Core32_Int64 $g9

[457] Fix | Delete

[458] Fix | Delete

$f0 = $f[0]->toInt64();

[459] Fix | Delete

$f1 = $f[1]->toInt64();

[460] Fix | Delete

$f2 = $f[2]->toInt64();

[461] Fix | Delete

$f3 = $f[3]->toInt64();

[462] Fix | Delete

$f4 = $f[4]->toInt64();

[463] Fix | Delete

$f5 = $f[5]->toInt64();

[464] Fix | Delete

$f6 = $f[6]->toInt64();

[465] Fix | Delete

$f7 = $f[7]->toInt64();

[466] Fix | Delete

$f8 = $f[8]->toInt64();

[467] Fix | Delete

$f9 = $f[9]->toInt64();

[468] Fix | Delete

$g0 = $g[0]->toInt64();

[469] Fix | Delete

$g1 = $g[1]->toInt64();

[470] Fix | Delete

$g2 = $g[2]->toInt64();

[471] Fix | Delete

$g3 = $g[3]->toInt64();

[472] Fix | Delete

$g4 = $g[4]->toInt64();

[473] Fix | Delete

$g5 = $g[5]->toInt64();

[474] Fix | Delete

$g6 = $g[6]->toInt64();

[475] Fix | Delete

$g7 = $g[7]->toInt64();

[476] Fix | Delete

$g8 = $g[8]->toInt64();

[477] Fix | Delete

$g9 = $g[9]->toInt64();

[478] Fix | Delete

$g1_19 = $g1->mulInt(19, 5); /* 2^4 <= 19 <= 2^5, but we only want 5 bits */

[479] Fix | Delete

$g2_19 = $g2->mulInt(19, 5);

[480] Fix | Delete

$g3_19 = $g3->mulInt(19, 5);

[481] Fix | Delete

$g4_19 = $g4->mulInt(19, 5);

[482] Fix | Delete

$g5_19 = $g5->mulInt(19, 5);

[483] Fix | Delete

$g6_19 = $g6->mulInt(19, 5);

[484] Fix | Delete

$g7_19 = $g7->mulInt(19, 5);

[485] Fix | Delete

$g8_19 = $g8->mulInt(19, 5);

[486] Fix | Delete

$g9_19 = $g9->mulInt(19, 5);

[487] Fix | Delete

$f1_2 = $f1->shiftLeft(1);

[488] Fix | Delete

$f3_2 = $f3->shiftLeft(1);

[489] Fix | Delete

$f5_2 = $f5->shiftLeft(1);

[490] Fix | Delete

$f7_2 = $f7->shiftLeft(1);

[491] Fix | Delete

$f9_2 = $f9->shiftLeft(1);

[492] Fix | Delete

$f0g0 = $f0->mulInt64($g0, 27);

[493] Fix | Delete

$f0g1 = $f0->mulInt64($g1, 27);

[494] Fix | Delete

$f0g2 = $f0->mulInt64($g2, 27);

[495] Fix | Delete

$f0g3 = $f0->mulInt64($g3, 27);

[496] Fix | Delete

$f0g4 = $f0->mulInt64($g4, 27);

[497] Fix | Delete

$f0g5 = $f0->mulInt64($g5, 27);

[498] Fix | Delete

$f0g6 = $f0->mulInt64($g6, 27);

[499] Fix | Delete

12 3 4 5 6 7