enmi-conf.org: wp/wp-includes/sodium_compat/src/Core/Ristretto255.php@8c2e4d02f4ef (annotated)

18 be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	1	<?php
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	2
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	3	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	4	* Class ParagonIE_Sodium_Core_Ristretto255
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	5	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	6	class ParagonIE_Sodium_Core_Ristretto255 extends ParagonIE_Sodium_Core_Ed25519
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	7	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	8	const crypto_core_ristretto255_HASHBYTES = 64;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	9	const HASH_SC_L = 48;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	10	const CORE_H2C_SHA256 = 1;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	11	const CORE_H2C_SHA512 = 2;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	12
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	13	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	14	* @param ParagonIE_Sodium_Core_Curve25519_Fe $f
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	15	* @param int $b
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	16	* @return ParagonIE_Sodium_Core_Curve25519_Fe
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	17	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	18	public static function fe_cneg(ParagonIE_Sodium_Core_Curve25519_Fe $f, $b)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	19	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	20	$negf = self::fe_neg($f);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	21	return self::fe_cmov($f, $negf, $b);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	22	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	23
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	24	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	25	* @param ParagonIE_Sodium_Core_Curve25519_Fe $f
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	26	* @return ParagonIE_Sodium_Core_Curve25519_Fe
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	27	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	28	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	29	public static function fe_abs(ParagonIE_Sodium_Core_Curve25519_Fe $f)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	30	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	31	return self::fe_cneg($f, self::fe_isnegative($f));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	32	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	33
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	34	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	35	* Returns 0 if this field element results in all NUL bytes.
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	36	*
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	37	* @internal You should not use this directly from another application
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	38	*
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	39	* @param ParagonIE_Sodium_Core_Curve25519_Fe $f
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	40	* @return int
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	41	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	42	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	43	public static function fe_iszero(ParagonIE_Sodium_Core_Curve25519_Fe $f)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	44	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	45	static $zero;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	46	if ($zero === null) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	47	$zero = str_repeat("\x00", 32);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	48	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	49	/** @var string $zero */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	50	$str = self::fe_tobytes($f);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	51
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	52	$d = 0;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	53	for ($i = 0; $i < 32; ++$i) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	54	$d \|= self::chrToInt($str[$i]);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	55	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	56	return (($d - 1) >> 31) & 1;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	57	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	58
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	59
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	60	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	61	* @param ParagonIE_Sodium_Core_Curve25519_Fe $u
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	62	* @param ParagonIE_Sodium_Core_Curve25519_Fe $v
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	63	* @return array{x: ParagonIE_Sodium_Core_Curve25519_Fe, nonsquare: int}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	64	*
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	65	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	66	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	67	public static function ristretto255_sqrt_ratio_m1(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	68	ParagonIE_Sodium_Core_Curve25519_Fe $u,
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	69	ParagonIE_Sodium_Core_Curve25519_Fe $v
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	70	) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	71	$sqrtm1 = ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(self::$sqrtm1);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	72
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	73	$v3 = self::fe_mul(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	74	self::fe_sq($v),
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	75	$v
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	76	); /* v3 = v^3 */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	77	$x = self::fe_mul(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	78	self::fe_mul(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	79	self::fe_sq($v3),
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	80	$u
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	81	),
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	82	$v
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	83	); /* x = uv^7 */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	84
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	85	$x = self::fe_mul(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	86	self::fe_mul(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	87	self::fe_pow22523($x), /* x = (uv^7)^((q-5)/8) */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	88	$v3
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	89	),
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	90	$u
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	91	); /* x = uv^3(uv^7)^((q-5)/8) */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	92
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	93	$vxx = self::fe_mul(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	94	self::fe_sq($x),
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	95	$v
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	96	); /* vx^2 */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	97
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	98	$m_root_check = self::fe_sub($vxx, $u); /* vx^2-u */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	99	$p_root_check = self::fe_add($vxx, $u); /* vx^2+u */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	100	$f_root_check = self::fe_mul($u, $sqrtm1); /* usqrt(-1) /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	101	$f_root_check = self::fe_add($vxx, $f_root_check); /* vx^2+usqrt(-1) /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	102
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	103	$has_m_root = self::fe_iszero($m_root_check);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	104	$has_p_root = self::fe_iszero($p_root_check);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	105	$has_f_root = self::fe_iszero($f_root_check);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	106
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	107	$x_sqrtm1 = self::fe_mul($x, $sqrtm1); /* xsqrt(-1) /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	108
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	109	$x = self::fe_abs(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	110	self::fe_cmov($x, $x_sqrtm1, $has_p_root \| $has_f_root)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	111	);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	112	return array(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	113	'x' => $x,
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	114	'nonsquare' => $has_m_root \| $has_p_root
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	115	);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	116	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	117
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	118	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	119	* @param string $s
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	120	* @return int
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	121	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	122	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	123	public static function ristretto255_point_is_canonical($s)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	124	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	125	$c = (self::chrToInt($s[31]) & 0x7f) ^ 0x7f;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	126	for ($i = 30; $i > 0; --$i) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	127	$c \|= self::chrToInt($s[$i]) ^ 0xff;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	128	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	129	$c = ($c - 1) >> 8;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	130	$d = (0xed - 1 - self::chrToInt($s[0])) >> 8;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	131	$e = self::chrToInt($s[31]) >> 7;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	132
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	133	return 1 - ((($c & $d) \| $e \| self::chrToInt($s[0])) & 1);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	134	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	135
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	136	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	137	* @param string $s
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	138	* @param bool $skipCanonicalCheck
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	139	* @return array{h: ParagonIE_Sodium_Core_Curve25519_Ge_P3, res: int}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	140	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	141	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	142	public static function ristretto255_frombytes($s, $skipCanonicalCheck = false)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	143	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	144	if (!$skipCanonicalCheck) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	145	if (!self::ristretto255_point_is_canonical($s)) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	146	throw new SodiumException('S is not canonical');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	147	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	148	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	149
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	150	$s_ = self::fe_frombytes($s);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	151	$ss = self::fe_sq($s_); /* ss = s^2 */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	152
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	153	$u1 = self::fe_sub(self::fe_1(), $ss); /* u1 = 1-ss */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	154	$u1u1 = self::fe_sq($u1); /* u1u1 = u1^2 */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	155
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	156	$u2 = self::fe_add(self::fe_1(), $ss); /* u2 = 1+ss */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	157	$u2u2 = self::fe_sq($u2); /* u2u2 = u2^2 */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	158
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	159	$v = self::fe_mul(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	160	ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(self::$d),
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	161	$u1u1
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	162	); /* v = du1^2 /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	163	$v = self::fe_neg($v); /* v = -du1^2 /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	164	$v = self::fe_sub($v, $u2u2); /* v = -(du1^2)-u2^2 /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	165	$v_u2u2 = self::fe_mul($v, $u2u2); /* v_u2u2 = vu2^2 /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	166
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	167	// fe25519_1(one);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	168	// notsquare = ristretto255_sqrt_ratio_m1(inv_sqrt, one, v_u2u2);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	169	$one = self::fe_1();
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	170	$result = self::ristretto255_sqrt_ratio_m1($one, $v_u2u2);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	171	$inv_sqrt = $result['x'];
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	172	$notsquare = $result['nonsquare'];
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	173
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	174	$h = new ParagonIE_Sodium_Core_Curve25519_Ge_P3();
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	175
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	176	$h->X = self::fe_mul($inv_sqrt, $u2);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	177	$h->Y = self::fe_mul(self::fe_mul($inv_sqrt, $h->X), $v);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	178
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	179	$h->X = self::fe_mul($h->X, $s_);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	180	$h->X = self::fe_abs(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	181	self::fe_add($h->X, $h->X)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	182	);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	183	$h->Y = self::fe_mul($u1, $h->Y);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	184	$h->Z = self::fe_1();
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	185	$h->T = self::fe_mul($h->X, $h->Y);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	186
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	187	$res = - ((1 - $notsquare) \| self::fe_isnegative($h->T) \| self::fe_iszero($h->Y));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	188	return array('h' => $h, 'res' => $res);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	189	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	190
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	191	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	192	* @param ParagonIE_Sodium_Core_Curve25519_Ge_P3 $h
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	193	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	194	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	195	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	196	public static function ristretto255_p3_tobytes(ParagonIE_Sodium_Core_Curve25519_Ge_P3 $h)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	197	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	198	$sqrtm1 = ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(self::$sqrtm1);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	199	$invsqrtamd = ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(self::$invsqrtamd);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	200
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	201	$u1 = self::fe_add($h->Z, $h->Y); /* u1 = Z+Y */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	202	$zmy = self::fe_sub($h->Z, $h->Y); /* zmy = Z-Y */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	203	$u1 = self::fe_mul($u1, $zmy); /* u1 = (Z+Y)(Z-Y) /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	204	$u2 = self::fe_mul($h->X, $h->Y); /* u2 = XY /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	205
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	206	$u1_u2u2 = self::fe_mul(self::fe_sq($u2), $u1); /* u1_u2u2 = u1u2^2 /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	207	$one = self::fe_1();
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	208
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	209	// fe25519_1(one);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	210	// (void) ristretto255_sqrt_ratio_m1(inv_sqrt, one, u1_u2u2);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	211	$result = self::ristretto255_sqrt_ratio_m1($one, $u1_u2u2);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	212	$inv_sqrt = $result['x'];
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	213
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	214	$den1 = self::fe_mul($inv_sqrt, $u1); /* den1 = inv_sqrtu1 /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	215	$den2 = self::fe_mul($inv_sqrt, $u2); /* den2 = inv_sqrtu2 /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	216	$z_inv = self::fe_mul($h->T, self::fe_mul($den1, $den2)); /* z_inv = den1den2T */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	217
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	218	$ix = self::fe_mul($h->X, $sqrtm1); /* ix = Xsqrt(-1) /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	219	$iy = self::fe_mul($h->Y, $sqrtm1); /* iy = Ysqrt(-1) /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	220	$eden = self::fe_mul($den1, $invsqrtamd);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	221
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	222	$t_z_inv = self::fe_mul($h->T, $z_inv); /* t_z_inv = Tz_inv /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	223	$rotate = self::fe_isnegative($t_z_inv);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	224
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	225	$x_ = self::fe_copy($h->X);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	226	$y_ = self::fe_copy($h->Y);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	227	$den_inv = self::fe_copy($den2);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	228
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	229	$x_ = self::fe_cmov($x_, $iy, $rotate);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	230	$y_ = self::fe_cmov($y_, $ix, $rotate);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	231	$den_inv = self::fe_cmov($den_inv, $eden, $rotate);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	232
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	233	$x_z_inv = self::fe_mul($x_, $z_inv);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	234	$y_ = self::fe_cneg($y_, self::fe_isnegative($x_z_inv));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	235
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	236
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	237	// fe25519_sub(s_, h->Z, y_);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	238	// fe25519_mul(s_, den_inv, s_);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	239	// fe25519_abs(s_, s_);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	240	// fe25519_tobytes(s, s_);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	241	return self::fe_tobytes(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	242	self::fe_abs(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	243	self::fe_mul(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	244	$den_inv,
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	245	self::fe_sub($h->Z, $y_)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	246	)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	247	)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	248	);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	249	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	250
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	251	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	252	* @param ParagonIE_Sodium_Core_Curve25519_Fe $t
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	253	* @return ParagonIE_Sodium_Core_Curve25519_Ge_P3
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	254	*
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	255	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	256	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	257	public static function ristretto255_elligator(ParagonIE_Sodium_Core_Curve25519_Fe $t)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	258	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	259	$sqrtm1 = ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(self::$sqrtm1);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	260	$onemsqd = ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(self::$onemsqd);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	261	$d = ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(self::$d);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	262	$sqdmone = ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(self::$sqdmone);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	263	$sqrtadm1 = ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(self::$sqrtadm1);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	264
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	265	$one = self::fe_1();
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	266	$r = self::fe_mul($sqrtm1, self::fe_sq($t)); /* r = sqrt(-1)t^2 /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	267	$u = self::fe_mul(self::fe_add($r, $one), $onemsqd); /* u = (r+1)(1-d^2) /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	268	$c = self::fe_neg(self::fe_1()); /* c = -1 */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	269	$rpd = self::fe_add($r, $d); /* rpd = r+d */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	270
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	271	$v = self::fe_mul(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	272	self::fe_sub(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	273	$c,
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	274	self::fe_mul($r, $d)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	275	),
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	276	$rpd
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	277	); /* v = (c-rd)(r+d) */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	278
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	279	$result = self::ristretto255_sqrt_ratio_m1($u, $v);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	280	$s = $result['x'];
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	281	$wasnt_square = 1 - $result['nonsquare'];
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	282
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	283	$s_prime = self::fe_neg(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	284	self::fe_abs(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	285	self::fe_mul($s, $t)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	286	)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	287	); /* s_prime = -\|st\| /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	288	$s = self::fe_cmov($s, $s_prime, $wasnt_square);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	289	$c = self::fe_cmov($c, $r, $wasnt_square);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	290
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	291	// fe25519_sub(n, r, one); /* n = r-1 */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	292	// fe25519_mul(n, n, c); /* n = c(r-1) /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	293	// fe25519_mul(n, n, ed25519_sqdmone); /* n = c(r-1)(d-1)^2 */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	294	// fe25519_sub(n, n, v); /* n = c(r-1)(d-1)^2-v */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	295	$n = self::fe_sub(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	296	self::fe_mul(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	297	self::fe_mul(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	298	self::fe_sub($r, $one),
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	299	$c
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	300	),
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	301	$sqdmone
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	302	),
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	303	$v
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	304	); /* n = c(r-1)(d-1)^2-v */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	305
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	306	$w0 = self::fe_mul(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	307	self::fe_add($s, $s),
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	308	$v
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	309	); /* w0 = 2sv /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	310
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	311	$w1 = self::fe_mul($n, $sqrtadm1); /* w1 = nsqrt(ad-1) /
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	312	$ss = self::fe_sq($s); /* ss = s^2 */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	313	$w2 = self::fe_sub($one, $ss); /* w2 = 1-s^2 */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	314	$w3 = self::fe_add($one, $ss); /* w3 = 1+s^2 */
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	315
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	316	return new ParagonIE_Sodium_Core_Curve25519_Ge_P3(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	317	self::fe_mul($w0, $w3),
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	318	self::fe_mul($w2, $w1),
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	319	self::fe_mul($w1, $w3),
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	320	self::fe_mul($w0, $w2)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	321	);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	322	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	323
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	324	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	325	* @param string $h
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	326	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	327	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	328	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	329	public static function ristretto255_from_hash($h)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	330	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	331	if (self::strlen($h) !== 64) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	332	throw new SodiumException('Hash must be 64 bytes');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	333	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	334	//fe25519_frombytes(r0, h);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	335	//fe25519_frombytes(r1, h + 32);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	336	$r0 = self::fe_frombytes(self::substr($h, 0, 32));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	337	$r1 = self::fe_frombytes(self::substr($h, 32, 32));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	338
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	339	//ristretto255_elligator(&p0, r0);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	340	//ristretto255_elligator(&p1, r1);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	341	$p0 = self::ristretto255_elligator($r0);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	342	$p1 = self::ristretto255_elligator($r1);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	343
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	344	//ge25519_p3_to_cached(&p1_cached, &p1);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	345	//ge25519_add_cached(&p_p1p1, &p0, &p1_cached);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	346	$p_p1p1 = self::ge_add(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	347	$p0,
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	348	self::ge_p3_to_cached($p1)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	349	);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	350
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	351	//ge25519_p1p1_to_p3(&p, &p_p1p1);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	352	//ristretto255_p3_tobytes(s, &p);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	353	return self::ristretto255_p3_tobytes(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	354	self::ge_p1p1_to_p3($p_p1p1)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	355	);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	356	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	357
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	358	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	359	* @param string $p
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	360	* @return int
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	361	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	362	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	363	public static function is_valid_point($p)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	364	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	365	$result = self::ristretto255_frombytes($p);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	366	if ($result['res'] !== 0) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	367	return 0;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	368	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	369	return 1;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	370	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	371
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	372	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	373	* @param string $p
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	374	* @param string $q
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	375	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	376	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	377	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	378	public static function ristretto255_add($p, $q)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	379	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	380	$p_res = self::ristretto255_frombytes($p);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	381	$q_res = self::ristretto255_frombytes($q);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	382	if ($p_res['res'] !== 0 \|\| $q_res['res'] !== 0) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	383	throw new SodiumException('Could not add points');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	384	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	385	$p_p3 = $p_res['h'];
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	386	$q_p3 = $q_res['h'];
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	387	$q_cached = self::ge_p3_to_cached($q_p3);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	388	$r_p1p1 = self::ge_add($p_p3, $q_cached);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	389	$r_p3 = self::ge_p1p1_to_p3($r_p1p1);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	390	return self::ristretto255_p3_tobytes($r_p3);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	391	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	392
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	393	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	394	* @param string $p
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	395	* @param string $q
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	396	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	397	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	398	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	399	public static function ristretto255_sub($p, $q)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	400	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	401	$p_res = self::ristretto255_frombytes($p);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	402	$q_res = self::ristretto255_frombytes($q);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	403	if ($p_res['res'] !== 0 \|\| $q_res['res'] !== 0) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	404	throw new SodiumException('Could not add points');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	405	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	406	$p_p3 = $p_res['h'];
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	407	$q_p3 = $q_res['h'];
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	408	$q_cached = self::ge_p3_to_cached($q_p3);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	409	$r_p1p1 = self::ge_sub($p_p3, $q_cached);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	410	$r_p3 = self::ge_p1p1_to_p3($r_p1p1);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	411	return self::ristretto255_p3_tobytes($r_p3);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	412	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	413
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	414
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	415	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	416	* @param int $hLen
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	417	* @param ?string $ctx
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	418	* @param string $msg
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	419	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	420	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	421	* @psalm-suppress PossiblyInvalidArgument hash API
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	422	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	423	protected static function h2c_string_to_hash_sha256($hLen, $ctx, $msg)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	424	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	425	$h = array_fill(0, $hLen, 0);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	426	$ctx_len = !is_null($ctx) ? self::strlen($ctx) : 0;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	427	if ($hLen > 0xff) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	428	throw new SodiumException('Hash must be less than 256 bytes');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	429	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	430
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	431	if ($ctx_len > 0xff) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	432	$st = hash_init('sha256');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	433	self::hash_update($st, "H2C-OVERSIZE-DST-");
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	434	self::hash_update($st, $ctx);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	435	$ctx = hash_final($st, true);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	436	$ctx_len = 32;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	437	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	438	$t = array(0, $hLen, 0);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	439	$ux = str_repeat("\0", 64);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	440	$st = hash_init('sha256');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	441	self::hash_update($st, $ux);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	442	self::hash_update($st, $msg);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	443	self::hash_update($st, self::intArrayToString($t));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	444	self::hash_update($st, $ctx);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	445	self::hash_update($st, self::intToChr($ctx_len));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	446	$u0 = hash_final($st, true);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	447
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	448	for ($i = 0; $i < $hLen; $i += 64) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	449	$ux = self::xorStrings($ux, $u0);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	450	++$t[2];
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	451	$st = hash_init('sha256');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	452	self::hash_update($st, $ux);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	453	self::hash_update($st, self::intToChr($t[2]));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	454	self::hash_update($st, $ctx);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	455	self::hash_update($st, self::intToChr($ctx_len));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	456	$ux = hash_final($st, true);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	457	$amount = min($hLen - $i, 64);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	458	for ($j = 0; $j < $amount; ++$j) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	459	$h[$i + $j] = self::chrToInt($ux[$i]);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	460	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	461	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	462	return self::intArrayToString(array_slice($h, 0, $hLen));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	463	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	464
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	465	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	466	* @param int $hLen
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	467	* @param ?string $ctx
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	468	* @param string $msg
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	469	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	470	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	471	* @psalm-suppress PossiblyInvalidArgument hash API
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	472	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	473	protected static function h2c_string_to_hash_sha512($hLen, $ctx, $msg)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	474	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	475	$h = array_fill(0, $hLen, 0);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	476	$ctx_len = !is_null($ctx) ? self::strlen($ctx) : 0;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	477	if ($hLen > 0xff) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	478	throw new SodiumException('Hash must be less than 256 bytes');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	479	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	480
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	481	if ($ctx_len > 0xff) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	482	$st = hash_init('sha256');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	483	self::hash_update($st, "H2C-OVERSIZE-DST-");
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	484	self::hash_update($st, $ctx);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	485	$ctx = hash_final($st, true);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	486	$ctx_len = 32;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	487	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	488	$t = array(0, $hLen, 0);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	489	$ux = str_repeat("\0", 128);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	490	$st = hash_init('sha512');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	491	self::hash_update($st, $ux);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	492	self::hash_update($st, $msg);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	493	self::hash_update($st, self::intArrayToString($t));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	494	self::hash_update($st, $ctx);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	495	self::hash_update($st, self::intToChr($ctx_len));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	496	$u0 = hash_final($st, true);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	497
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	498	for ($i = 0; $i < $hLen; $i += 128) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	499	$ux = self::xorStrings($ux, $u0);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	500	++$t[2];
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	501	$st = hash_init('sha512');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	502	self::hash_update($st, $ux);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	503	self::hash_update($st, self::intToChr($t[2]));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	504	self::hash_update($st, $ctx);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	505	self::hash_update($st, self::intToChr($ctx_len));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	506	$ux = hash_final($st, true);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	507	$amount = min($hLen - $i, 128);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	508	for ($j = 0; $j < $amount; ++$j) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	509	$h[$i + $j] = self::chrToInt($ux[$i]);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	510	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	511	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	512	return self::intArrayToString(array_slice($h, 0, $hLen));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	513	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	514
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	515	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	516	* @param int $hLen
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	517	* @param ?string $ctx
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	518	* @param string $msg
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	519	* @param int $hash_alg
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	520	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	521	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	522	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	523	public static function h2c_string_to_hash($hLen, $ctx, $msg, $hash_alg)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	524	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	525	switch ($hash_alg) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	526	case self::CORE_H2C_SHA256:
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	527	return self::h2c_string_to_hash_sha256($hLen, $ctx, $msg);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	528	case self::CORE_H2C_SHA512:
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	529	return self::h2c_string_to_hash_sha512($hLen, $ctx, $msg);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	530	default:
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	531	throw new SodiumException('Invalid H2C hash algorithm');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	532	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	533	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	534
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	535	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	536	* @param ?string $ctx
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	537	* @param string $msg
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	538	* @param int $hash_alg
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	539	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	540	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	541	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	542	protected static function _string_to_element($ctx, $msg, $hash_alg)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	543	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	544	return self::ristretto255_from_hash(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	545	self::h2c_string_to_hash(self::crypto_core_ristretto255_HASHBYTES, $ctx, $msg, $hash_alg)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	546	);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	547	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	548
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	549	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	550	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	551	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	552	* @throws Exception
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	553	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	554	public static function ristretto255_random()
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	555	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	556	return self::ristretto255_from_hash(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	557	ParagonIE_Sodium_Compat::randombytes_buf(self::crypto_core_ristretto255_HASHBYTES)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	558	);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	559	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	560
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	561	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	562	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	563	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	564	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	565	public static function ristretto255_scalar_random()
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	566	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	567	return self::scalar_random();
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	568	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	569
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	570	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	571	* @param string $s
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	572	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	573	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	574	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	575	public static function ristretto255_scalar_complement($s)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	576	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	577	return self::scalar_complement($s);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	578	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	579
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	580
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	581	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	582	* @param string $s
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	583	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	584	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	585	public static function ristretto255_scalar_invert($s)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	586	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	587	return self::sc25519_invert($s);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	588	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	589
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	590	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	591	* @param string $s
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	592	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	593	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	594	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	595	public static function ristretto255_scalar_negate($s)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	596	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	597	return self::scalar_negate($s);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	598	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	599
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	600	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	601	* @param string $x
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	602	* @param string $y
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	603	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	604	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	605	public static function ristretto255_scalar_add($x, $y)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	606	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	607	return self::scalar_add($x, $y);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	608	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	609
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	610	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	611	* @param string $x
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	612	* @param string $y
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	613	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	614	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	615	public static function ristretto255_scalar_sub($x, $y)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	616	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	617	return self::scalar_sub($x, $y);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	618	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	619
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	620	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	621	* @param string $x
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	622	* @param string $y
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	623	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	624	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	625	public static function ristretto255_scalar_mul($x, $y)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	626	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	627	return self::sc25519_mul($x, $y);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	628	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	629
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	630	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	631	* @param string $ctx
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	632	* @param string $msg
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	633	* @param int $hash_alg
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	634	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	635	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	636	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	637	public static function ristretto255_scalar_from_string($ctx, $msg, $hash_alg)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	638	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	639	$h = array_fill(0, 64, 0);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	640	$h_be = self::stringToIntArray(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	641	self::h2c_string_to_hash(
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	642	self::HASH_SC_L, $ctx, $msg, $hash_alg
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	643	)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	644	);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	645
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	646	for ($i = 0; $i < self::HASH_SC_L; ++$i) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	647	$h[$i] = $h_be[self::HASH_SC_L - 1 - $i];
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	648	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	649	return self::ristretto255_scalar_reduce(self::intArrayToString($h));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	650	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	651
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	652	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	653	* @param string $s
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	654	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	655	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	656	public static function ristretto255_scalar_reduce($s)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	657	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	658	return self::sc_reduce($s);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	659	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	660
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	661	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	662	* @param string $n
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	663	* @param string $p
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	664	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	665	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	666	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	667	public static function scalarmult_ristretto255($n, $p)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	668	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	669	if (self::strlen($n) !== 32) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	670	throw new SodiumException('Scalar must be 32 bytes, ' . self::strlen($p) . ' given.');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	671	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	672	if (self::strlen($p) !== 32) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	673	throw new SodiumException('Point must be 32 bytes, ' . self::strlen($p) . ' given.');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	674	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	675	$result = self::ristretto255_frombytes($p);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	676	if ($result['res'] !== 0) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	677	throw new SodiumException('Could not multiply points');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	678	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	679	$P = $result['h'];
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	680
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	681	$t = self::stringToIntArray($n);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	682	$t[31] &= 0x7f;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	683	$Q = self::ge_scalarmult(self::intArrayToString($t), $P);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	684	$q = self::ristretto255_p3_tobytes($Q);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	685	if (ParagonIE_Sodium_Compat::is_zero($q)) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	686	throw new SodiumException('An unknown error has occurred');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	687	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	688	return $q;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	689	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	690
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	691	/**
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	692	* @param string $n
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	693	* @return string
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	694	* @throws SodiumException
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	695	*/
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	696	public static function scalarmult_ristretto255_base($n)
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	697	{
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	698	$t = self::stringToIntArray($n);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	699	$t[31] &= 0x7f;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	700	$Q = self::ge_scalarmult_base(self::intArrayToString($t));
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	701	$q = self::ristretto255_p3_tobytes($Q);
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	702	if (ParagonIE_Sodium_Compat::is_zero($q)) {
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	703	throw new SodiumException('An unknown error has occurred');
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	704	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	705	return $q;
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	706	}
be944660c56a Site enmi version 09/2022 ymh <ymh.work@gmail.com> parents: diff changeset	707	}

author	ymh <ymh.work@gmail.com>
	Fri, 05 Sep 2025 18:52:52 +0200
changeset 22	8c2e4d02f4ef
parent 18	be944660c56a
permissions	-rw-r--r--