Diff: STRATO-apps/wordpress_03/app/wp-includes/sodium_compat/src/Core/X25519.php

Keine Baseline-Datei – Diff nur gegen leer.
Baseline Vorherige Version
Zur Liste
1 -
1 + <?php
2 +
3 + if (class_exists('ParagonIE_Sodium_Core_X25519', false)) {
4 + return;
5 + }
6 +
7 + /**
8 + * Class ParagonIE_Sodium_Core_X25519
9 + */
10 + abstract class ParagonIE_Sodium_Core_X25519 extends ParagonIE_Sodium_Core_Curve25519
11 + {
12 + /**
13 + * Alters the objects passed to this method in place.
14 + *
15 + * @internal You should not use this directly from another application
16 + *
17 + * @param ParagonIE_Sodium_Core_Curve25519_Fe $f
18 + * @param ParagonIE_Sodium_Core_Curve25519_Fe $g
19 + * @param int $b
20 + * @return void
21 + * @psalm-suppress MixedAssignment
22 + */
23 + public static function fe_cswap(
24 + ParagonIE_Sodium_Core_Curve25519_Fe $f,
25 + ParagonIE_Sodium_Core_Curve25519_Fe $g,
26 + $b = 0
27 + ) {
28 + $b = -$b;
29 + $x0 = ($f->e0 ^ $g->e0) & $b;
30 + $x1 = ($f->e1 ^ $g->e1) & $b;
31 + $x2 = ($f->e2 ^ $g->e2) & $b;
32 + $x3 = ($f->e3 ^ $g->e3) & $b;
33 + $x4 = ($f->e4 ^ $g->e4) & $b;
34 + $x5 = ($f->e5 ^ $g->e5) & $b;
35 + $x6 = ($f->e6 ^ $g->e6) & $b;
36 + $x7 = ($f->e7 ^ $g->e7) & $b;
37 + $x8 = ($f->e8 ^ $g->e8) & $b;
38 + $x9 = ($f->e9 ^ $g->e9) & $b;
39 + $f->e0 ^= $x0;
40 + $f->e1 ^= $x1;
41 + $f->e2 ^= $x2;
42 + $f->e3 ^= $x3;
43 + $f->e4 ^= $x4;
44 + $f->e5 ^= $x5;
45 + $f->e6 ^= $x6;
46 + $f->e7 ^= $x7;
47 + $f->e8 ^= $x8;
48 + $f->e9 ^= $x9;
49 + $g->e0 ^= $x0;
50 + $g->e1 ^= $x1;
51 + $g->e2 ^= $x2;
52 + $g->e3 ^= $x3;
53 + $g->e4 ^= $x4;
54 + $g->e5 ^= $x5;
55 + $g->e6 ^= $x6;
56 + $g->e7 ^= $x7;
57 + $g->e8 ^= $x8;
58 + $g->e9 ^= $x9;
59 + }
60 +
61 + /**
62 + * @internal You should not use this directly from another application
63 + *
64 + * @param ParagonIE_Sodium_Core_Curve25519_Fe $f
65 + * @return ParagonIE_Sodium_Core_Curve25519_Fe
66 + */
67 + public static function fe_mul121666(ParagonIE_Sodium_Core_Curve25519_Fe $f)
68 + {
69 + $h0 = self::mul($f->e0, 121666, 17);
70 + $h1 = self::mul($f->e1, 121666, 17);
71 + $h2 = self::mul($f->e2, 121666, 17);
72 + $h3 = self::mul($f->e3, 121666, 17);
73 + $h4 = self::mul($f->e4, 121666, 17);
74 + $h5 = self::mul($f->e5, 121666, 17);
75 + $h6 = self::mul($f->e6, 121666, 17);
76 + $h7 = self::mul($f->e7, 121666, 17);
77 + $h8 = self::mul($f->e8, 121666, 17);
78 + $h9 = self::mul($f->e9, 121666, 17);
79 +
80 + $carry9 = ($h9 + (1 << 24)) >> 25;
81 + $h0 += self::mul($carry9, 19, 5);
82 + $h9 -= $carry9 << 25;
83 +
84 + $carry1 = ($h1 + (1 << 24)) >> 25;
85 + $h2 += $carry1;
86 + $h1 -= $carry1 << 25;
87 +
88 + $carry3 = ($h3 + (1 << 24)) >> 25;
89 + $h4 += $carry3;
90 + $h3 -= $carry3 << 25;
91 +
92 + $carry5 = ($h5 + (1 << 24)) >> 25;
93 + $h6 += $carry5;
94 + $h5 -= $carry5 << 25;
95 +
96 + $carry7 = ($h7 + (1 << 24)) >> 25;
97 + $h8 += $carry7;
98 + $h7 -= $carry7 << 25;
99 +
100 +
101 + $carry0 = ($h0 + (1 << 25)) >> 26;
102 + $h1 += $carry0;
103 + $h0 -= $carry0 << 26;
104 +
105 + $carry2 = ($h2 + (1 << 25)) >> 26;
106 + $h3 += $carry2;
107 + $h2 -= $carry2 << 26;
108 +
109 + $carry4 = ($h4 + (1 << 25)) >> 26;
110 + $h5 += $carry4;
111 + $h4 -= $carry4 << 26;
112 +
113 + $carry6 = ($h6 + (1 << 25)) >> 26;
114 + $h7 += $carry6;
115 + $h6 -= $carry6 << 26;
116 +
117 + $carry8 = ($h8 + (1 << 25)) >> 26;
118 + $h9 += $carry8;
119 + $h8 -= $carry8 << 26;
120 + return new ParagonIE_Sodium_Core_Curve25519_Fe($h0, $h1, $h2, $h3, $h4, $h5, $h6, $h7, $h8, $h9);
121 + }
122 +
123 + /**
124 + * @internal You should not use this directly from another application
125 + *
126 + * Inline comments preceded by # are from libsodium's ref10 code.
127 + *
128 + * @param string $n
129 + * @param string $p
130 + * @return string
131 + * @throws SodiumException
132 + * @throws TypeError
133 + */
134 + public static function crypto_scalarmult_curve25519_ref10($n, $p)
135 + {
136 + # for (i = 0;i < 32;++i) e[i] = n[i];
137 + $e = '' . $n;
138 + # e[0] &= 248;
139 + $e[0] = self::intToChr(
140 + self::chrToInt($e[0]) & 248
141 + );
142 + # e[31] &= 127;
143 + # e[31] |= 64;
144 + $e[31] = self::intToChr(
145 + (self::chrToInt($e[31]) & 127) | 64
146 + );
147 + # fe_frombytes(x1,p);
148 + $x1 = self::fe_frombytes($p);
149 + # fe_1(x2);
150 + $x2 = self::fe_1();
151 + # fe_0(z2);
152 + $z2 = self::fe_0();
153 + # fe_copy(x3,x1);
154 + $x3 = self::fe_copy($x1);
155 + # fe_1(z3);
156 + $z3 = self::fe_1();
157 +
158 + # swap = 0;
159 + /** @var int $swap */
160 + $swap = 0;
161 +
162 + # for (pos = 254;pos >= 0;--pos) {
163 + for ($pos = 254; $pos >= 0; --$pos) {
164 + # b = e[pos / 8] >> (pos & 7);
165 + /** @var int $b */
166 + $b = self::chrToInt(
167 + $e[(int) floor($pos / 8)]
168 + ) >> ($pos & 7);
169 + # b &= 1;
170 + $b &= 1;
171 + # swap ^= b;
172 + $swap ^= $b;
173 + # fe_cswap(x2,x3,swap);
174 + self::fe_cswap($x2, $x3, $swap);
175 + # fe_cswap(z2,z3,swap);
176 + self::fe_cswap($z2, $z3, $swap);
177 + # swap = b;
178 + $swap = $b;
179 + # fe_sub(tmp0,x3,z3);
180 + $tmp0 = self::fe_sub($x3, $z3);
181 + # fe_sub(tmp1,x2,z2);
182 + $tmp1 = self::fe_sub($x2, $z2);
183 +
184 + # fe_add(x2,x2,z2);
185 + $x2 = self::fe_add($x2, $z2);
186 +
187 + # fe_add(z2,x3,z3);
188 + $z2 = self::fe_add($x3, $z3);
189 +
190 + # fe_mul(z3,tmp0,x2);
191 + $z3 = self::fe_mul($tmp0, $x2);
192 +
193 + # fe_mul(z2,z2,tmp1);
194 + $z2 = self::fe_mul($z2, $tmp1);
195 +
196 + # fe_sq(tmp0,tmp1);
197 + $tmp0 = self::fe_sq($tmp1);
198 +
199 + # fe_sq(tmp1,x2);
200 + $tmp1 = self::fe_sq($x2);
201 +
202 + # fe_add(x3,z3,z2);
203 + $x3 = self::fe_add($z3, $z2);
204 +
205 + # fe_sub(z2,z3,z2);
206 + $z2 = self::fe_sub($z3, $z2);
207 +
208 + # fe_mul(x2,tmp1,tmp0);
209 + $x2 = self::fe_mul($tmp1, $tmp0);
210 +
211 + # fe_sub(tmp1,tmp1,tmp0);
212 + $tmp1 = self::fe_sub($tmp1, $tmp0);
213 +
214 + # fe_sq(z2,z2);
215 + $z2 = self::fe_sq($z2);
216 +
217 + # fe_mul121666(z3,tmp1);
218 + $z3 = self::fe_mul121666($tmp1);
219 +
220 + # fe_sq(x3,x3);
221 + $x3 = self::fe_sq($x3);
222 +
223 + # fe_add(tmp0,tmp0,z3);
224 + $tmp0 = self::fe_add($tmp0, $z3);
225 +
226 + # fe_mul(z3,x1,z2);
227 + $z3 = self::fe_mul($x1, $z2);
228 +
229 + # fe_mul(z2,tmp1,tmp0);
230 + $z2 = self::fe_mul($tmp1, $tmp0);
231 + }
232 +
233 + # fe_cswap(x2,x3,swap);
234 + self::fe_cswap($x2, $x3, $swap);
235 +
236 + # fe_cswap(z2,z3,swap);
237 + self::fe_cswap($z2, $z3, $swap);
238 +
239 + # fe_invert(z2,z2);
240 + $z2 = self::fe_invert($z2);
241 +
242 + # fe_mul(x2,x2,z2);
243 + $x2 = self::fe_mul($x2, $z2);
244 + # fe_tobytes(q,x2);
245 + return self::fe_tobytes($x2);
246 + }
247 +
248 + /**
249 + * @internal You should not use this directly from another application
250 + *
251 + * @param ParagonIE_Sodium_Core_Curve25519_Fe $edwardsY
252 + * @param ParagonIE_Sodium_Core_Curve25519_Fe $edwardsZ
253 + * @return ParagonIE_Sodium_Core_Curve25519_Fe
254 + */
255 + public static function edwards_to_montgomery(
256 + ParagonIE_Sodium_Core_Curve25519_Fe $edwardsY,
257 + ParagonIE_Sodium_Core_Curve25519_Fe $edwardsZ
258 + ) {
259 + $tempX = self::fe_add($edwardsZ, $edwardsY);
260 + $tempZ = self::fe_sub($edwardsZ, $edwardsY);
261 + $tempZ = self::fe_invert($tempZ);
262 + return self::fe_mul($tempX, $tempZ);
263 + }
264 +
265 + /**
266 + * @internal You should not use this directly from another application
267 + *
268 + * @param string $n
269 + * @return string
270 + * @throws SodiumException
271 + * @throws TypeError
272 + */
273 + public static function crypto_scalarmult_curve25519_ref10_base($n)
274 + {
275 + # for (i = 0;i < 32;++i) e[i] = n[i];
276 + $e = '' . $n;
277 +
278 + # e[0] &= 248;
279 + $e[0] = self::intToChr(
280 + self::chrToInt($e[0]) & 248
281 + );
282 +
283 + # e[31] &= 127;
284 + # e[31] |= 64;
285 + $e[31] = self::intToChr(
286 + (self::chrToInt($e[31]) & 127) | 64
287 + );
288 +
289 + $A = self::ge_scalarmult_base($e);
290 + if (
291 + !($A->Y instanceof ParagonIE_Sodium_Core_Curve25519_Fe)
292 + ||
293 + !($A->Z instanceof ParagonIE_Sodium_Core_Curve25519_Fe)
294 + ) {
295 + throw new TypeError('Null points encountered');
296 + }
297 + $pk = self::edwards_to_montgomery($A->Y, $A->Z);
298 + return self::fe_tobytes($pk);
299 + }
300 + }
301 +