enmi-conf.org: comparison wp/wp-includes/sodium

equal deleted inserted replaced

-:be944660c56a
+:3d72ae0968f4
 public static function fe_frombytes($s)
 {
 if (self::strlen($s) !== 32) {
 throw new RangeException('Expected a 32-byte string.');
 }
-/** @var int $h0 */
 $h0 = self::load_4($s);
-/** @var int $h1 */
 $h1 = self::load_3(self::substr($s, 4, 3)) << 6;
-/** @var int $h2 */
 $h2 = self::load_3(self::substr($s, 7, 3)) << 5;
-/** @var int $h3 */
 $h3 = self::load_3(self::substr($s, 10, 3)) << 3;
-/** @var int $h4 */
 $h4 = self::load_3(self::substr($s, 13, 3)) << 2;
-/** @var int $h5 */
 $h5 = self::load_4(self::substr($s, 16, 4));
-/** @var int $h6 */
 $h6 = self::load_3(self::substr($s, 20, 3)) << 7;
-/** @var int $h7 */
 $h7 = self::load_3(self::substr($s, 23, 3)) << 5;
-/** @var int $h8 */
 $h8 = self::load_3(self::substr($s, 26, 3)) << 4;
-/** @var int $h9 */
 $h9 = (self::load_3(self::substr($s, 29, 3)) & 8388607) << 2;
-/** @var int $carry9 */
 $carry9 = ($h9 + (1 << 24)) >> 25;
 $h0 += self::mul($carry9, 19, 5);
 $h9 -= $carry9 << 25;
-/** @var int $carry1 */
 $carry1 = ($h1 + (1 << 24)) >> 25;
 $h2 += $carry1;
 $h1 -= $carry1 << 25;
-/** @var int $carry3 */
 $carry3 = ($h3 + (1 << 24)) >> 25;
 $h4 += $carry3;
 $h3 -= $carry3 << 25;
-/** @var int $carry5 */
 $carry5 = ($h5 + (1 << 24)) >> 25;
 $h6 += $carry5;
 $h5 -= $carry5 << 25;
-/** @var int $carry7 */
 $carry7 = ($h7 + (1 << 24)) >> 25;
 $h8 += $carry7;
 $h7 -= $carry7 << 25;
-/** @var int $carry0 */
 $carry0 = ($h0 + (1 << 25)) >> 26;
 $h1 += $carry0;
 $h0 -= $carry0 << 26;
-/** @var int $carry2 */
 $carry2 = ($h2 + (1 << 25)) >> 26;
 $h3 += $carry2;
 $h2 -= $carry2 << 26;
-/** @var int $carry4 */
 $carry4 = ($h4 + (1 << 25)) >> 26;
 $h5 += $carry4;
 $h4 -= $carry4 << 26;
-/** @var int $carry6 */
 $carry6 = ($h6 + (1 << 25)) >> 26;
 $h7 += $carry6;
 $h6 -= $carry6 << 26;
-/** @var int $carry8 */
 $carry8 = ($h8 + (1 << 25)) >> 26;
 $h9 += $carry8;
 $h8 -= $carry8 << 26;
 return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(
 * @param ParagonIE_Sodium_Core_Curve25519_Fe $h
 * @return string
 */
 public static function fe_tobytes(ParagonIE_Sodium_Core_Curve25519_Fe $h)
 {
-/** @var int $h0 */
 $h0 = (int) $h[0];
-/** @var int $h1 */
 $h1 = (int) $h[1];
-/** @var int $h2 */
 $h2 = (int) $h[2];
-/** @var int $h3 */
 $h3 = (int) $h[3];
-/** @var int $h4 */
 $h4 = (int) $h[4];
-/** @var int $h5 */
 $h5 = (int) $h[5];
-/** @var int $h6 */
 $h6 = (int) $h[6];
-/** @var int $h7 */
 $h7 = (int) $h[7];
-/** @var int $h8 */
 $h8 = (int) $h[8];
-/** @var int $h9 */
 $h9 = (int) $h[9];
-/** @var int $q */
 $q = (self::mul($h9, 19, 5) + (1 << 24)) >> 25;
-/** @var int $q */
 $q = ($h0 + $q) >> 26;
-/** @var int $q */
 $q = ($h1 + $q) >> 25;
-/** @var int $q */
 $q = ($h2 + $q) >> 26;
-/** @var int $q */
 $q = ($h3 + $q) >> 25;
-/** @var int $q */
 $q = ($h4 + $q) >> 26;
-/** @var int $q */
 $q = ($h5 + $q) >> 25;
-/** @var int $q */
 $q = ($h6 + $q) >> 26;
-/** @var int $q */
 $q = ($h7 + $q) >> 25;
-/** @var int $q */
 $q = ($h8 + $q) >> 26;
-/** @var int $q */
 $q = ($h9 + $q) >> 25;
 $h0 += self::mul($q, 19, 5);
-/** @var int $carry0 */
 $carry0 = $h0 >> 26;
 $h1 += $carry0;
 $h0 -= $carry0 << 26;
-/** @var int $carry1 */
 $carry1 = $h1 >> 25;
 $h2 += $carry1;
 $h1 -= $carry1 << 25;
-/** @var int $carry2 */
 $carry2 = $h2 >> 26;
 $h3 += $carry2;
 $h2 -= $carry2 << 26;
-/** @var int $carry3 */
 $carry3 = $h3 >> 25;
 $h4 += $carry3;
 $h3 -= $carry3 << 25;
-/** @var int $carry4 */
 $carry4 = $h4 >> 26;
 $h5 += $carry4;
 $h4 -= $carry4 << 26;
-/** @var int $carry5 */
 $carry5 = $h5 >> 25;
 $h6 += $carry5;
 $h5 -= $carry5 << 25;
-/** @var int $carry6 */
 $carry6 = $h6 >> 26;
 $h7 += $carry6;
 $h6 -= $carry6 << 26;
-/** @var int $carry7 */
 $carry7 = $h7 >> 25;
 $h8 += $carry7;
 $h7 -= $carry7 << 25;
-/** @var int $carry8 */
 $carry8 = $h8 >> 26;
 $h9 += $carry8;
 $h8 -= $carry8 << 26;
-/** @var int $carry9 */
 $carry9 = $h9 >> 25;
 $h9 -= $carry9 << 25;
 /**
 * @var array<int, int>
 */
 public static function fe_mul(
 ParagonIE_Sodium_Core_Curve25519_Fe $f,
 ParagonIE_Sodium_Core_Curve25519_Fe $g
 ) {
-/** @var int $f0 */
+// Ensure limbs aren't oversized.
+$f = self::fe_normalize($f);
+$g = self::fe_normalize($g);
 $f0 = $f[0];
-/** @var int $f1 */
 $f1 = $f[1];
-/** @var int $f2 */
 $f2 = $f[2];
-/** @var int $f3 */
 $f3 = $f[3];
-/** @var int $f4 */
 $f4 = $f[4];
-/** @var int $f5 */
 $f5 = $f[5];
-/** @var int $f6 */
 $f6 = $f[6];
-/** @var int $f7 */
 $f7 = $f[7];
-/** @var int $f8 */
 $f8 = $f[8];
-/** @var int $f9 */
 $f9 = $f[9];
-/** @var int $g0 */
 $g0 = $g[0];
-/** @var int $g1 */
 $g1 = $g[1];
-/** @var int $g2 */
 $g2 = $g[2];
-/** @var int $g3 */
 $g3 = $g[3];
-/** @var int $g4 */
 $g4 = $g[4];
-/** @var int $g5 */
 $g5 = $g[5];
-/** @var int $g6 */
 $g6 = $g[6];
-/** @var int $g7 */
 $g7 = $g[7];
-/** @var int $g8 */
 $g8 = $g[8];
-/** @var int $g9 */
 $g9 = $g[9];
 $g1_19 = self::mul($g1, 19, 5);
 $g2_19 = self::mul($g2, 19, 5);
 $g3_19 = self::mul($g3, 19, 5);
 $g4_19 = self::mul($g4, 19, 5);
 $g5_19 = self::mul($g5, 19, 5);
 $g6_19 = self::mul($g6, 19, 5);
 $g7_19 = self::mul($g7, 19, 5);
 $g8_19 = self::mul($g8, 19, 5);
 $g9_19 = self::mul($g9, 19, 5);
-/** @var int $f1_2 */
 $f1_2 = $f1 << 1;
-/** @var int $f3_2 */
 $f3_2 = $f3 << 1;
-/** @var int $f5_2 */
 $f5_2 = $f5 << 1;
-/** @var int $f7_2 */
 $f7_2 = $f7 << 1;
-/** @var int $f9_2 */
 $f9_2 = $f9 << 1;
 $f0g0    = self::mul($f0,    $g0, 26);
 $f0g1    = self::mul($f0,    $g1, 25);
 $f0g2    = self::mul($f0,    $g2, 26);
 $f0g3    = self::mul($f0,    $g3, 25);
 $f9g5_38 = self::mul($g5_19, $f9_2, 26);
 $f9g6_19 = self::mul($g6_19, $f9, 25);
 $f9g7_38 = self::mul($g7_19, $f9_2, 26);
 $f9g8_19 = self::mul($g8_19, $f9, 25);
 $f9g9_38 = self::mul($g9_19, $f9_2, 26);
 $h0 = $f0g0 + $f1g9_38 + $f2g8_19 + $f3g7_38 + $f4g6_19 + $f5g5_38 + $f6g4_19 + $f7g3_38 + $f8g2_19 + $f9g1_38;
 $h1 = $f0g1 + $f1g0    + $f2g9_19 + $f3g8_19 + $f4g7_19 + $f5g6_19 + $f6g5_19 + $f7g4_19 + $f8g3_19 + $f9g2_19;
 $h2 = $f0g2 + $f1g1_2  + $f2g0    + $f3g9_38 + $f4g8_19 + $f5g7_38 + $f6g6_19 + $f7g5_38 + $f8g4_19 + $f9g3_38;
 $h3 = $f0g3 + $f1g2    + $f2g1    + $f3g0    + $f4g9_19 + $f5g8_19 + $f6g7_19 + $f7g6_19 + $f8g5_19 + $f9g4_19;
 $h4 = $f0g4 + $f1g3_2  + $f2g2    + $f3g1_2  + $f4g0    + $f5g9_38 + $f6g8_19 + $f7g7_38 + $f8g6_19 + $f9g5_38;
 $h6 = $f0g6 + $f1g5_2  + $f2g4    + $f3g3_2  + $f4g2    + $f5g1_2  + $f6g0    + $f7g9_38 + $f8g8_19 + $f9g7_38;
 $h7 = $f0g7 + $f1g6    + $f2g5    + $f3g4    + $f4g3    + $f5g2    + $f6g1    + $f7g0    + $f8g9_19 + $f9g8_19;
 $h8 = $f0g8 + $f1g7_2  + $f2g6    + $f3g5_2  + $f4g4    + $f5g3_2  + $f6g2    + $f7g1_2  + $f8g0    + $f9g9_38;
 $h9 = $f0g9 + $f1g8    + $f2g7    + $f3g6    + $f4g5    + $f5g4    + $f6g3    + $f7g2    + $f8g1    + $f9g0   ;
-/** @var int $carry0 */
 $carry0 = ($h0 + (1 << 25)) >> 26;
 $h1 += $carry0;
 $h0 -= $carry0 << 26;
-/** @var int $carry4 */
 $carry4 = ($h4 + (1 << 25)) >> 26;
 $h5 += $carry4;
 $h4 -= $carry4 << 26;
-/** @var int $carry1 */
 $carry1 = ($h1 + (1 << 24)) >> 25;
 $h2 += $carry1;
 $h1 -= $carry1 << 25;
-/** @var int $carry5 */
 $carry5 = ($h5 + (1 << 24)) >> 25;
 $h6 += $carry5;
 $h5 -= $carry5 << 25;
-/** @var int $carry2 */
 $carry2 = ($h2 + (1 << 25)) >> 26;
 $h3 += $carry2;
 $h2 -= $carry2 << 26;
-/** @var int $carry6 */
 $carry6 = ($h6 + (1 << 25)) >> 26;
 $h7 += $carry6;
 $h6 -= $carry6 << 26;
-/** @var int $carry3 */
 $carry3 = ($h3 + (1 << 24)) >> 25;
 $h4 += $carry3;
 $h3 -= $carry3 << 25;
-/** @var int $carry7 */
 $carry7 = ($h7 + (1 << 24)) >> 25;
 $h8 += $carry7;
 $h7 -= $carry7 << 25;
-/** @var int $carry4 */
 $carry4 = ($h4 + (1 << 25)) >> 26;
 $h5 += $carry4;
 $h4 -= $carry4 << 26;
-/** @var int $carry8 */
 $carry8 = ($h8 + (1 << 25)) >> 26;
 $h9 += $carry8;
 $h8 -= $carry8 << 26;
-/** @var int $carry9 */
 $carry9 = ($h9 + (1 << 24)) >> 25;
 $h0 += self::mul($carry9, 19, 5);
 $h9 -= $carry9 << 25;
-/** @var int $carry0 */
 $carry0 = ($h0 + (1 << 25)) >> 26;
 $h1 += $carry0;
 $h0 -= $carry0 << 26;
-return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(
+return self::fe_normalize(
-array(
+ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(
-(int) $h0,
+array(
-(int) $h1,
+(int) $h0,
-(int) $h2,
+(int) $h1,
-(int) $h3,
+(int) $h2,
-(int) $h4,
+(int) $h3,
-(int) $h5,
+(int) $h4,
-(int) $h6,
+(int) $h5,
-(int) $h7,
+(int) $h6,
-(int) $h8,
+(int) $h7,
-(int) $h9
+(int) $h8,
+(int) $h9
+)
 )
 );
 }
 /**
 {
 $h = new ParagonIE_Sodium_Core_Curve25519_Fe();
 for ($i = 0; $i < 10; ++$i) {
 $h[$i] = -$f[$i];
 }
-return $h;
+return self::fe_normalize($h);
 }
 /**
 * Square a field element
 *
 * @param ParagonIE_Sodium_Core_Curve25519_Fe $f
 * @return ParagonIE_Sodium_Core_Curve25519_Fe
 */
 public static function fe_sq(ParagonIE_Sodium_Core_Curve25519_Fe $f)
 {
+$f = self::fe_normalize($f);
 $f0 = (int) $f[0];
 $f1 = (int) $f[1];
 $f2 = (int) $f[2];
 $f3 = (int) $f[3];
 $f4 = (int) $f[4];
 $f6 = (int) $f[6];
 $f7 = (int) $f[7];
 $f8 = (int) $f[8];
 $f9 = (int) $f[9];
-/** @var int $f0_2 */
 $f0_2 = $f0 << 1;
-/** @var int $f1_2 */
 $f1_2 = $f1 << 1;
-/** @var int $f2_2 */
 $f2_2 = $f2 << 1;
-/** @var int $f3_2 */
 $f3_2 = $f3 << 1;
-/** @var int $f4_2 */
 $f4_2 = $f4 << 1;
-/** @var int $f5_2 */
 $f5_2 = $f5 << 1;
-/** @var int $f6_2 */
 $f6_2 = $f6 << 1;
-/** @var int $f7_2 */
 $f7_2 = $f7 << 1;
 $f5_38 = self::mul($f5, 38, 6);
 $f6_19 = self::mul($f6, 19, 5);
 $f7_38 = self::mul($f7, 38, 6);
 $f8_19 = self::mul($f8, 19, 5);
 $f9_38 = self::mul($f9, 38, 6);
-$f0f0    = self::mul($f0,    $f0,    25);
+$f0f0    = self::mul($f0,    $f0,    26);
-$f0f1_2  = self::mul($f0_2,  $f1,    24);
+$f0f1_2  = self::mul($f0_2,  $f1,    26);
 $f0f2_2  = self::mul($f0_2,  $f2,    26);
-$f0f3_2  = self::mul($f0_2,  $f3,    24);
+$f0f3_2  = self::mul($f0_2,  $f3,    26);
-$f0f4_2  = self::mul($f0_2,  $f4,    25);
+$f0f4_2  = self::mul($f0_2,  $f4,    26);
-$f0f5_2  = self::mul($f0_2,  $f5,    25);
+$f0f5_2  = self::mul($f0_2,  $f5,    26);
-$f0f6_2  = self::mul($f0_2,  $f6,    25);
+$f0f6_2  = self::mul($f0_2,  $f6,    26);
-$f0f7_2  = self::mul($f0_2,  $f7,    24);
+$f0f7_2  = self::mul($f0_2,  $f7,    26);
-$f0f8_2  = self::mul($f0_2,  $f8,    25);
+$f0f8_2  = self::mul($f0_2,  $f8,    26);
-$f0f9_2  = self::mul($f0_2,  $f9,    25);
+$f0f9_2  = self::mul($f0_2,  $f9,    26);
-$f1f1_2  = self::mul($f1_2,  $f1,    24);
+$f1f1_2  = self::mul($f1_2,  $f1,    26);
 $f1f2_2  = self::mul($f1_2,  $f2,    26);
-$f1f3_4  = self::mul($f1_2,  $f3_2,  25);
+$f1f3_4  = self::mul($f1_2,  $f3_2,  26);
-$f1f4_2  = self::mul($f1_2,  $f4,    25);
+$f1f4_2  = self::mul($f1_2,  $f4,    26);
 $f1f5_4  = self::mul($f1_2,  $f5_2,  26);
-$f1f6_2  = self::mul($f1_2,  $f6,    25);
+$f1f6_2  = self::mul($f1_2,  $f6,    26);
-$f1f7_4  = self::mul($f1_2,  $f7_2,  25);
+$f1f7_4  = self::mul($f1_2,  $f7_2,  26);
-$f1f8_2  = self::mul($f1_2,  $f8,    25);
+$f1f8_2  = self::mul($f1_2,  $f8,    26);
-$f1f9_76 = self::mul($f9_38, $f1_2,  25);
+$f1f9_76 = self::mul($f9_38, $f1_2,  27);
-$f2f2    = self::mul($f2,    $f2,    26);
+$f2f2    = self::mul($f2,    $f2,    27);
-$f2f3_2  = self::mul($f2_2,  $f3,    24);
+$f2f3_2  = self::mul($f2_2,  $f3,    27);
-$f2f4_2  = self::mul($f2_2,  $f4,    25);
+$f2f4_2  = self::mul($f2_2,  $f4,    27);
-$f2f5_2  = self::mul($f2_2,  $f5,    25);
+$f2f5_2  = self::mul($f2_2,  $f5,    27);
-$f2f6_2  = self::mul($f2_2,  $f6,    25);
+$f2f6_2  = self::mul($f2_2,  $f6,    27);
-$f2f7_2  = self::mul($f2_2,  $f7,    25);
+$f2f7_2  = self::mul($f2_2,  $f7,    27);
 $f2f8_38 = self::mul($f8_19, $f2_2,  27);
 $f2f9_38 = self::mul($f9_38, $f2,    26);
-$f3f3_2  = self::mul($f3_2,  $f3,    25);
+$f3f3_2  = self::mul($f3_2,  $f3,    26);
-$f3f4_2  = self::mul($f3_2,  $f4,    25);
+$f3f4_2  = self::mul($f3_2,  $f4,    26);
 $f3f5_4  = self::mul($f3_2,  $f5_2,  26);
-$f3f6_2  = self::mul($f3_2,  $f6,    25);
+$f3f6_2  = self::mul($f3_2,  $f6,    26);
-$f3f7_76 = self::mul($f7_38, $f3_2,  25);
+$f3f7_76 = self::mul($f7_38, $f3_2,  26);
-$f3f8_38 = self::mul($f8_19, $f3_2,  25);
+$f3f8_38 = self::mul($f8_19, $f3_2,  26);
-$f3f9_76 = self::mul($f9_38, $f3_2,  25);
+$f3f9_76 = self::mul($f9_38, $f3_2,  26);
-$f4f4    = self::mul($f4,    $f4,    25);
+$f4f4    = self::mul($f4,    $f4,    26);
-$f4f5_2  = self::mul($f4_2,  $f5,    25);
+$f4f5_2  = self::mul($f4_2,  $f5,    26);
-$f4f6_38 = self::mul($f6_19, $f4_2,  26);
+$f4f6_38 = self::mul($f6_19, $f4_2,  27);
-$f4f7_38 = self::mul($f7_38, $f4,    25);
+$f4f7_38 = self::mul($f7_38, $f4,    26);
-$f4f8_38 = self::mul($f8_19, $f4_2,  26);
+$f4f8_38 = self::mul($f8_19, $f4_2,  27);
-$f4f9_38 = self::mul($f9_38, $f4,    25);
+$f4f9_38 = self::mul($f9_38, $f4,    26);
-$f5f5_38 = self::mul($f5_38, $f5,    25);
+$f5f5_38 = self::mul($f5_38, $f5,    26);
 $f5f6_38 = self::mul($f6_19, $f5_2,  26);
 $f5f7_76 = self::mul($f7_38, $f5_2,  26);
 $f5f8_38 = self::mul($f8_19, $f5_2,  26);
 $f5f9_76 = self::mul($f9_38, $f5_2,  26);
-$f6f6_19 = self::mul($f6_19, $f6,    25);
+$f6f6_19 = self::mul($f6_19, $f6,    26);
-$f6f7_38 = self::mul($f7_38, $f6,    25);
+$f6f7_38 = self::mul($f7_38, $f6,    26);
-$f6f8_38 = self::mul($f8_19, $f6_2,  26);
+$f6f8_38 = self::mul($f8_19, $f6_2,  27);
-$f6f9_38 = self::mul($f9_38, $f6,    25);
+$f6f9_38 = self::mul($f9_38, $f6,    26);
-$f7f7_38 = self::mul($f7_38, $f7,    24);
+$f7f7_38 = self::mul($f7_38, $f7,    26);
-$f7f8_38 = self::mul($f8_19, $f7_2,  25);
+$f7f8_38 = self::mul($f8_19, $f7_2,  26);
-$f7f9_76 = self::mul($f9_38, $f7_2,  25);
+$f7f9_76 = self::mul($f9_38, $f7_2,  26);
-$f8f8_19 = self::mul($f8_19, $f8,    25);
+$f8f8_19 = self::mul($f8_19, $f8,    26);
-$f8f9_38 = self::mul($f9_38, $f8,    25);
+$f8f9_38 = self::mul($f9_38, $f8,    26);
-$f9f9_38 = self::mul($f9_38, $f9,    25);
+$f9f9_38 = self::mul($f9_38, $f9,    26);
 $h0 = $f0f0   + $f1f9_76 + $f2f8_38 + $f3f7_76 + $f4f6_38 + $f5f5_38;
 $h1 = $f0f1_2 + $f2f9_38 + $f3f8_38 + $f4f7_38 + $f5f6_38;
 $h2 = $f0f2_2 + $f1f1_2  + $f3f9_76 + $f4f8_38 + $f5f7_76 + $f6f6_19;
 $h3 = $f0f3_2 + $f1f2_2  + $f4f9_38 + $f5f8_38 + $f6f7_38;
 $h4 = $f0f4_2 + $f1f3_4  + $f2f2    + $f5f9_76 + $f6f8_38 + $f7f7_38;
 $h6 = $f0f6_2 + $f1f5_4  + $f2f4_2  + $f3f3_2  + $f7f9_76 + $f8f8_19;
 $h7 = $f0f7_2 + $f1f6_2  + $f2f5_2  + $f3f4_2  + $f8f9_38;
 $h8 = $f0f8_2 + $f1f7_4  + $f2f6_2  + $f3f5_4  + $f4f4    + $f9f9_38;
 $h9 = $f0f9_2 + $f1f8_2  + $f2f7_2  + $f3f6_2  + $f4f5_2;
-/** @var int $carry0 */
 $carry0 = ($h0 + (1 << 25)) >> 26;
 $h1 += $carry0;
 $h0 -= $carry0 << 26;
-/** @var int $carry4 */
 $carry4 = ($h4 + (1 << 25)) >> 26;
 $h5 += $carry4;
 $h4 -= $carry4 << 26;
-/** @var int $carry1 */
 $carry1 = ($h1 + (1 << 24)) >> 25;
 $h2 += $carry1;
 $h1 -= $carry1 << 25;
-/** @var int $carry5 */
 $carry5 = ($h5 + (1 << 24)) >> 25;
 $h6 += $carry5;
 $h5 -= $carry5 << 25;
-/** @var int $carry2 */
 $carry2 = ($h2 + (1 << 25)) >> 26;
 $h3 += $carry2;
 $h2 -= $carry2 << 26;
-/** @var int $carry6 */
 $carry6 = ($h6 + (1 << 25)) >> 26;
 $h7 += $carry6;
 $h6 -= $carry6 << 26;
-/** @var int $carry3 */
 $carry3 = ($h3 + (1 << 24)) >> 25;
 $h4 += $carry3;
 $h3 -= $carry3 << 25;
-/** @var int $carry7 */
 $carry7 = ($h7 + (1 << 24)) >> 25;
 $h8 += $carry7;
 $h7 -= $carry7 << 25;
-/** @var int $carry4 */
 $carry4 = ($h4 + (1 << 25)) >> 26;
 $h5 += $carry4;
 $h4 -= $carry4 << 26;
-/** @var int $carry8 */
 $carry8 = ($h8 + (1 << 25)) >> 26;
 $h9 += $carry8;
 $h8 -= $carry8 << 26;
-/** @var int $carry9 */
 $carry9 = ($h9 + (1 << 24)) >> 25;
 $h0 += self::mul($carry9, 19, 5);
 $h9 -= $carry9 << 25;
-/** @var int $carry0 */
 $carry0 = ($h0 + (1 << 25)) >> 26;
 $h1 += $carry0;
 $h0 -= $carry0 << 26;
-return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(
+return self::fe_normalize(
-array(
+ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(
-(int) $h0,
+array(
-(int) $h1,
+(int) $h0,
-(int) $h2,
+(int) $h1,
-(int) $h3,
+(int) $h2,
-(int) $h4,
+(int) $h3,
-(int) $h5,
+(int) $h4,
-(int) $h6,
+(int) $h5,
-(int) $h7,
+(int) $h6,
-(int) $h8,
+(int) $h7,
-(int) $h9
+(int) $h8,
+(int) $h9
+)
 )
 );
 }
 * @param ParagonIE_Sodium_Core_Curve25519_Fe $f
 * @return ParagonIE_Sodium_Core_Curve25519_Fe
 */
 public static function fe_sq2(ParagonIE_Sodium_Core_Curve25519_Fe $f)
 {
+$f = self::fe_normalize($f);
 $f0 = (int) $f[0];
 $f1 = (int) $f[1];
 $f2 = (int) $f[2];
 $f3 = (int) $f[3];
 $f4 = (int) $f[4];
 $f6 = (int) $f[6];
 $f7 = (int) $f[7];
 $f8 = (int) $f[8];
 $f9 = (int) $f[9];
-/** @var int $f0_2 */
 $f0_2 = $f0 << 1;
-/** @var int $f1_2 */
 $f1_2 = $f1 << 1;
-/** @var int $f2_2 */
 $f2_2 = $f2 << 1;
-/** @var int $f3_2 */
 $f3_2 = $f3 << 1;
-/** @var int $f4_2 */
 $f4_2 = $f4 << 1;
-/** @var int $f5_2 */
 $f5_2 = $f5 << 1;
-/** @var int $f6_2 */
 $f6_2 = $f6 << 1;
-/** @var int $f7_2 */
 $f7_2 = $f7 << 1;
 $f5_38 = self::mul($f5, 38, 6); /* 1.959375*2^30 */
 $f6_19 = self::mul($f6, 19, 5); /* 1.959375*2^30 */
 $f7_38 = self::mul($f7, 38, 6); /* 1.959375*2^30 */
 $f8_19 = self::mul($f8, 19, 5); /* 1.959375*2^30 */
 $f7f9_76 = self::mul($f9_38, $f7_2, 24);
 $f8f8_19 = self::mul($f8_19, $f8, 24);
 $f8f9_38 = self::mul($f9_38, $f8, 24);
 $f9f9_38 = self::mul($f9_38, $f9, 24);
-/** @var int $h0 */
 $h0 = (int) ($f0f0 + $f1f9_76 + $f2f8_38 + $f3f7_76 + $f4f6_38 + $f5f5_38) << 1;
-/** @var int $h1 */
 $h1 = (int) ($f0f1_2 + $f2f9_38 + $f3f8_38 + $f4f7_38 + $f5f6_38) << 1;
-/** @var int $h2 */
 $h2 = (int) ($f0f2_2 + $f1f1_2  + $f3f9_76 + $f4f8_38 + $f5f7_76 + $f6f6_19) << 1;
-/** @var int $h3 */
 $h3 = (int) ($f0f3_2 + $f1f2_2  + $f4f9_38 + $f5f8_38 + $f6f7_38) << 1;
-/** @var int $h4 */
 $h4 = (int) ($f0f4_2 + $f1f3_4  + $f2f2    + $f5f9_76 + $f6f8_38 + $f7f7_38) << 1;
-/** @var int $h5 */
 $h5 = (int) ($f0f5_2 + $f1f4_2  + $f2f3_2  + $f6f9_38 + $f7f8_38) << 1;
-/** @var int $h6 */
 $h6 = (int) ($f0f6_2 + $f1f5_4  + $f2f4_2  + $f3f3_2  + $f7f9_76 + $f8f8_19) << 1;
-/** @var int $h7 */
 $h7 = (int) ($f0f7_2 + $f1f6_2  + $f2f5_2  + $f3f4_2  + $f8f9_38) << 1;
-/** @var int $h8 */
 $h8 = (int) ($f0f8_2 + $f1f7_4  + $f2f6_2  + $f3f5_4  + $f4f4    + $f9f9_38) << 1;
-/** @var int $h9 */
 $h9 = (int) ($f0f9_2 + $f1f8_2  + $f2f7_2  + $f3f6_2  + $f4f5_2) << 1;
-/** @var int $carry0 */
 $carry0 = ($h0 + (1 << 25)) >> 26;
 $h1 += $carry0;
 $h0 -= $carry0 << 26;
-/** @var int $carry4 */
 $carry4 = ($h4 + (1 << 25)) >> 26;
 $h5 += $carry4;
 $h4 -= $carry4 << 26;
-/** @var int $carry1 */
 $carry1 = ($h1 + (1 << 24)) >> 25;
 $h2 += $carry1;
 $h1 -= $carry1 << 25;
-/** @var int $carry5 */
 $carry5 = ($h5 + (1 << 24)) >> 25;
 $h6 += $carry5;
 $h5 -= $carry5 << 25;
-/** @var int $carry2 */
 $carry2 = ($h2 + (1 << 25)) >> 26;
 $h3 += $carry2;
 $h2 -= $carry2 << 26;
-/** @var int $carry6 */
 $carry6 = ($h6 + (1 << 25)) >> 26;
 $h7 += $carry6;
 $h6 -= $carry6 << 26;
-/** @var int $carry3 */
 $carry3 = ($h3 + (1 << 24)) >> 25;
 $h4 += $carry3;
 $h3 -= $carry3 << 25;
-/** @var int $carry7 */
 $carry7 = ($h7 + (1 << 24)) >> 25;
 $h8 += $carry7;
 $h7 -= $carry7 << 25;
-/** @var int $carry4 */
 $carry4 = ($h4 + (1 << 25)) >> 26;
 $h5 += $carry4;
 $h4 -= $carry4 << 26;
-/** @var int $carry8 */
 $carry8 = ($h8 + (1 << 25)) >> 26;
 $h9 += $carry8;
 $h8 -= $carry8 << 26;
-/** @var int $carry9 */
 $carry9 = ($h9 + (1 << 24)) >> 25;
 $h0 += self::mul($carry9, 19, 5);
 $h9 -= $carry9 << 25;
-/** @var int $carry0 */
 $carry0 = ($h0 + (1 << 25)) >> 26;
 $h1 += $carry0;
 $h0 -= $carry0 << 26;
-return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(
+return self::fe_normalize(
-array(
+ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(
-(int) $h0,
+array(
-(int) $h1,
+(int) $h0,
-(int) $h2,
+(int) $h1,
-(int) $h3,
+(int) $h2,
-(int) $h4,
+(int) $h3,
-(int) $h5,
+(int) $h4,
-(int) $h6,
+(int) $h5,
-(int) $h7,
+(int) $h6,
-(int) $h8,
+(int) $h7,
-(int) $h9
+(int) $h8,
+(int) $h9
+)
 )
 );
 }
 /**
 * @param ParagonIE_Sodium_Core_Curve25519_Fe $z
 * @return ParagonIE_Sodium_Core_Curve25519_Fe
 */
 public static function fe_pow22523(ParagonIE_Sodium_Core_Curve25519_Fe $z)
 {
+$z = self::fe_normalize($z);
 # fe_sq(t0, z);
 # fe_sq(t1, t0);
 # fe_sq(t1, t1);
 # fe_mul(t1, z, t1);
 # fe_mul(t0, t0, t1);
 * @return ParagonIE_Sodium_Core_Curve25519_Fe
 * @psalm-suppress MixedOperand
 */
 public static function fe_sub(ParagonIE_Sodium_Core_Curve25519_Fe $f, ParagonIE_Sodium_Core_Curve25519_Fe $g)
 {
-return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(
+return self::fe_normalize(
-array(
+ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(
-(int) ($f[0] - $g[0]),
+array(
-(int) ($f[1] - $g[1]),
+(int) ($f[0] - $g[0]),
-(int) ($f[2] - $g[2]),
+(int) ($f[1] - $g[1]),
-(int) ($f[3] - $g[3]),
+(int) ($f[2] - $g[2]),
-(int) ($f[4] - $g[4]),
+(int) ($f[3] - $g[3]),
-(int) ($f[5] - $g[5]),
+(int) ($f[4] - $g[4]),
-(int) ($f[6] - $g[6]),
+(int) ($f[5] - $g[5]),
-(int) ($f[7] - $g[7]),
+(int) ($f[6] - $g[6]),
-(int) ($f[8] - $g[8]),
+(int) ($f[7] - $g[7]),
-(int) ($f[9] - $g[9])
+(int) ($f[8] - $g[8]),
+(int) ($f[9] - $g[9])
+)
 )
 );
 }
 /**
 }
 if ($pos < 0 || $pos > 31) {
 throw new RangeException('Position is out of range [0, 31]');
 }
-/** @var int $bnegative */
 $bnegative = self::negative($b);
-/** @var int $babs */
 $babs = $b - (((-$bnegative) & $b) << 1);
 $t = self::ge_precomp_0();
 for ($i = 0; $i < 8; ++$i) {
 $t = self::cmov(
 //            carry = e[i] + 8;
 //            carry >>= 4;
 //            e[i] -= carry * ((signed char) 1 << 4);
 //        }
 $carry = 0;
-for ($i = 0; $i < 64; ++$i) {
+for ($i = 0; $i < 63; ++$i) {
 $e[$i] += $carry;
 $carry = $e[$i] + 8;
 $carry >>= 4;
 $e[$i] -= $carry << 4;
 }
 /** @var array<int, int> $e */
 $e = array();
 $r = new ParagonIE_Sodium_Core_Curve25519_Ge_P1p1();
 for ($i = 0; $i < 32; ++$i) {
-/** @var int $dbl */
 $dbl = (int) $i << 1;
 $e[$dbl] = (int) self::chrToInt($a[$i]) & 15;
 $e[$dbl + 1] = (int) (self::chrToInt($a[$i]) >> 4) & 15;
 }
-/** @var int $carry */
 $carry = 0;
 for ($i = 0; $i < 63; ++$i) {
 $e[$i] += $carry;
-/** @var int $carry */
 $carry = $e[$i] + 8;
-/** @var int $carry */
 $carry >>= 4;
 $e[$i] -= $carry << 4;
 }
-/** @var array<int, int> $e */
 $e[63] += (int) $carry;
 $h = self::ge_p3_0();
 for ($i = 1; $i < 64; $i += 2) {
 * @return string
 * @throws TypeError
 */
 public static function sc_muladd($a, $b, $c)
 {
-/** @var int $a0 */
 $a0 = 2097151 & self::load_3(self::substr($a, 0, 3));
-/** @var int $a1 */
 $a1 = 2097151 & (self::load_4(self::substr($a, 2, 4)) >> 5);
-/** @var int $a2 */
 $a2 = 2097151 & (self::load_3(self::substr($a, 5, 3)) >> 2);
-/** @var int $a3 */
 $a3 = 2097151 & (self::load_4(self::substr($a, 7, 4)) >> 7);
-/** @var int $a4 */
 $a4 = 2097151 & (self::load_4(self::substr($a, 10, 4)) >> 4);
-/** @var int $a5 */
 $a5 = 2097151 & (self::load_3(self::substr($a, 13, 3)) >> 1);
-/** @var int $a6 */
 $a6 = 2097151 & (self::load_4(self::substr($a, 15, 4)) >> 6);
-/** @var int $a7 */
 $a7 = 2097151 & (self::load_3(self::substr($a, 18, 3)) >> 3);
-/** @var int $a8 */
 $a8 = 2097151 & self::load_3(self::substr($a, 21, 3));
-/** @var int $a9 */
 $a9 = 2097151 & (self::load_4(self::substr($a, 23, 4)) >> 5);
-/** @var int $a10 */
 $a10 = 2097151 & (self::load_3(self::substr($a, 26, 3)) >> 2);
-/** @var int $a11 */
 $a11 = (self::load_4(self::substr($a, 28, 4)) >> 7);
-/** @var int $b0 */
 $b0 = 2097151 & self::load_3(self::substr($b, 0, 3));
-/** @var int $b1 */
 $b1 = 2097151 & (self::load_4(self::substr($b, 2, 4)) >> 5);
-/** @var int $b2 */
 $b2 = 2097151 & (self::load_3(self::substr($b, 5, 3)) >> 2);
-/** @var int $b3 */
 $b3 = 2097151 & (self::load_4(self::substr($b, 7, 4)) >> 7);
-/** @var int $b4 */
 $b4 = 2097151 & (self::load_4(self::substr($b, 10, 4)) >> 4);
-/** @var int $b5 */
 $b5 = 2097151 & (self::load_3(self::substr($b, 13, 3)) >> 1);
-/** @var int $b6 */
 $b6 = 2097151 & (self::load_4(self::substr($b, 15, 4)) >> 6);
-/** @var int $b7 */
 $b7 = 2097151 & (self::load_3(self::substr($b, 18, 3)) >> 3);
-/** @var int $b8 */
 $b8 = 2097151 & self::load_3(self::substr($b, 21, 3));
-/** @var int $b9 */
 $b9 = 2097151 & (self::load_4(self::substr($b, 23, 4)) >> 5);
-/** @var int $b10 */
 $b10 = 2097151 & (self::load_3(self::substr($b, 26, 3)) >> 2);
-/** @var int $b11 */
 $b11 = (self::load_4(self::substr($b, 28, 4)) >> 7);
-/** @var int $c0 */
 $c0 = 2097151 & self::load_3(self::substr($c, 0, 3));
-/** @var int $c1 */
 $c1 = 2097151 & (self::load_4(self::substr($c, 2, 4)) >> 5);
-/** @var int $c2 */
 $c2 = 2097151 & (self::load_3(self::substr($c, 5, 3)) >> 2);
-/** @var int $c3 */
 $c3 = 2097151 & (self::load_4(self::substr($c, 7, 4)) >> 7);
-/** @var int $c4 */
 $c4 = 2097151 & (self::load_4(self::substr($c, 10, 4)) >> 4);
-/** @var int $c5 */
 $c5 = 2097151 & (self::load_3(self::substr($c, 13, 3)) >> 1);
-/** @var int $c6 */
 $c6 = 2097151 & (self::load_4(self::substr($c, 15, 4)) >> 6);
-/** @var int $c7 */
 $c7 = 2097151 & (self::load_3(self::substr($c, 18, 3)) >> 3);
-/** @var int $c8 */
 $c8 = 2097151 & self::load_3(self::substr($c, 21, 3));
-/** @var int $c9 */
 $c9 = 2097151 & (self::load_4(self::substr($c, 23, 4)) >> 5);
-/** @var int $c10 */
 $c10 = 2097151 & (self::load_3(self::substr($c, 26, 3)) >> 2);
-/** @var int $c11 */
 $c11 = (self::load_4(self::substr($c, 28, 4)) >> 7);
 /* Can't really avoid the pyramid here: */
 $s0 = $c0 + self::mul($a0, $b0, 24);
 $s1 = $c1 + self::mul($a0, $b1, 24) + self::mul($a1, $b0, 24);
 $s20 = self::mul($a9, $b11, 24) + self::mul($a10, $b10, 24) + self::mul($a11, $b9, 24);
 $s21 = self::mul($a10, $b11, 24) + self::mul($a11, $b10, 24);
 $s22 = self::mul($a11, $b11, 24);
 $s23 = 0;
-/** @var int $carry0 */
 $carry0 = ($s0 + (1 << 20)) >> 21;
 $s1 += $carry0;
 $s0 -= $carry0 << 21;
-/** @var int $carry2 */
 $carry2 = ($s2 + (1 << 20)) >> 21;
 $s3 += $carry2;
 $s2 -= $carry2 << 21;
-/** @var int $carry4 */
 $carry4 = ($s4 + (1 << 20)) >> 21;
 $s5 += $carry4;
 $s4 -= $carry4 << 21;
-/** @var int $carry6 */
 $carry6 = ($s6 + (1 << 20)) >> 21;
 $s7 += $carry6;
 $s6 -= $carry6 << 21;
-/** @var int $carry8 */
 $carry8 = ($s8 + (1 << 20)) >> 21;
 $s9 += $carry8;
 $s8 -= $carry8 << 21;
-/** @var int $carry10 */
 $carry10 = ($s10 + (1 << 20)) >> 21;
 $s11 += $carry10;
 $s10 -= $carry10 << 21;
-/** @var int $carry12 */
 $carry12 = ($s12 + (1 << 20)) >> 21;
 $s13 += $carry12;
 $s12 -= $carry12 << 21;
-/** @var int $carry14 */
 $carry14 = ($s14 + (1 << 20)) >> 21;
 $s15 += $carry14;
 $s14 -= $carry14 << 21;
-/** @var int $carry16 */
 $carry16 = ($s16 + (1 << 20)) >> 21;
 $s17 += $carry16;
 $s16 -= $carry16 << 21;
-/** @var int $carry18 */
 $carry18 = ($s18 + (1 << 20)) >> 21;
 $s19 += $carry18;
 $s18 -= $carry18 << 21;
-/** @var int $carry20 */
 $carry20 = ($s20 + (1 << 20)) >> 21;
 $s21 += $carry20;
 $s20 -= $carry20 << 21;
-/** @var int $carry22 */
 $carry22 = ($s22 + (1 << 20)) >> 21;
 $s23 += $carry22;
 $s22 -= $carry22 << 21;
-/** @var int $carry1 */
 $carry1 = ($s1 + (1 << 20)) >> 21;
 $s2 += $carry1;
 $s1 -= $carry1 << 21;
-/** @var int $carry3 */
 $carry3 = ($s3 + (1 << 20)) >> 21;
 $s4 += $carry3;
 $s3 -= $carry3 << 21;
-/** @var int $carry5 */
 $carry5 = ($s5 + (1 << 20)) >> 21;
 $s6 += $carry5;
 $s5 -= $carry5 << 21;
-/** @var int $carry7 */
 $carry7 = ($s7 + (1 << 20)) >> 21;
 $s8 += $carry7;
 $s7 -= $carry7 << 21;
-/** @var int $carry9 */
 $carry9 = ($s9 + (1 << 20)) >> 21;
 $s10 += $carry9;
 $s9 -= $carry9 << 21;
-/** @var int $carry11 */
 $carry11 = ($s11 + (1 << 20)) >> 21;
 $s12 += $carry11;
 $s11 -= $carry11 << 21;
-/** @var int $carry13 */
 $carry13 = ($s13 + (1 << 20)) >> 21;
 $s14 += $carry13;
 $s13 -= $carry13 << 21;
-/** @var int $carry15 */
 $carry15 = ($s15 + (1 << 20)) >> 21;
 $s16 += $carry15;
 $s15 -= $carry15 << 21;
-/** @var int $carry17 */
 $carry17 = ($s17 + (1 << 20)) >> 21;
 $s18 += $carry17;
 $s17 -= $carry17 << 21;
-/** @var int $carry19 */
 $carry19 = ($s19 + (1 << 20)) >> 21;
 $s20 += $carry19;
 $s19 -= $carry19 << 21;
-/** @var int $carry21 */
 $carry21 = ($s21 + (1 << 20)) >> 21;
 $s22 += $carry21;
 $s21 -= $carry21 << 21;
 $s11 += self::mul($s23, 666643, 20);
 $s8  += self::mul($s18,  654183, 20);
 $s9  -= self::mul($s18,  997805, 20);
 $s10 += self::mul($s18,  136657, 18);
 $s11 -= self::mul($s18,  683901, 20);
-/** @var int $carry6 */
 $carry6 = ($s6 + (1 << 20)) >> 21;
 $s7 += $carry6;
 $s6 -= $carry6 << 21;
-/** @var int $carry8 */
 $carry8 = ($s8 + (1 << 20)) >> 21;
 $s9 += $carry8;
 $s8 -= $carry8 << 21;
-/** @var int $carry10 */
 $carry10 = ($s10 + (1 << 20)) >> 21;
 $s11 += $carry10;
 $s10 -= $carry10 << 21;
-/** @var int $carry12 */
 $carry12 = ($s12 + (1 << 20)) >> 21;
 $s13 += $carry12;
 $s12 -= $carry12 << 21;
-/** @var int $carry14 */
 $carry14 = ($s14 + (1 << 20)) >> 21;
 $s15 += $carry14;
 $s14 -= $carry14 << 21;
-/** @var int $carry16 */
 $carry16 = ($s16 + (1 << 20)) >> 21;
 $s17 += $carry16;
 $s16 -= $carry16 << 21;
-/** @var int $carry7 */
 $carry7 = ($s7 + (1 << 20)) >> 21;
 $s8 += $carry7;
 $s7 -= $carry7 << 21;
-/** @var int $carry9 */
 $carry9 = ($s9 + (1 << 20)) >> 21;
 $s10 += $carry9;
 $s9 -= $carry9 << 21;
-/** @var int $carry11 */
 $carry11 = ($s11 + (1 << 20)) >> 21;
 $s12 += $carry11;
 $s11 -= $carry11 << 21;
-/** @var int $carry13 */
 $carry13 = ($s13 + (1 << 20)) >> 21;
 $s14 += $carry13;
 $s13 -= $carry13 << 21;
-/** @var int $carry15 */
 $carry15 = ($s15 + (1 << 20)) >> 21;
 $s16 += $carry15;
 $s15 -= $carry15 << 21;
 $s5  += self::mul($s17,  666643, 20);
 $s3 -= self::mul($s12,  997805, 20);
 $s4 += self::mul($s12,  136657, 18);
 $s5 -= self::mul($s12,  683901, 20);
 $s12 = 0;
-/** @var int $carry0 */
 $carry0 = ($s0 + (1 << 20)) >> 21;
 $s1 += $carry0;
 $s0 -= $carry0 << 21;
-/** @var int $carry2 */
 $carry2 = ($s2 + (1 << 20)) >> 21;
 $s3 += $carry2;
 $s2 -= $carry2 << 21;
-/** @var int $carry4 */
 $carry4 = ($s4 + (1 << 20)) >> 21;
 $s5 += $carry4;
 $s4 -= $carry4 << 21;
-/** @var int $carry6 */
 $carry6 = ($s6 + (1 << 20)) >> 21;
 $s7 += $carry6;
 $s6 -= $carry6 << 21;
-/** @var int $carry8 */
 $carry8 = ($s8 + (1 << 20)) >> 21;
 $s9 += $carry8;
 $s8 -= $carry8 << 21;
-/** @var int $carry10 */
 $carry10 = ($s10 + (1 << 20)) >> 21;
 $s11 += $carry10;
 $s10 -= $carry10 << 21;
-/** @var int $carry1 */
 $carry1 = ($s1 + (1 << 20)) >> 21;
 $s2 += $carry1;
 $s1 -= $carry1 << 21;
-/** @var int $carry3 */
 $carry3 = ($s3 + (1 << 20)) >> 21;
 $s4 += $carry3;
 $s3 -= $carry3 << 21;
-/** @var int $carry5 */
 $carry5 = ($s5 + (1 << 20)) >> 21;
 $s6 += $carry5;
 $s5 -= $carry5 << 21;
-/** @var int $carry7 */
 $carry7 = ($s7 + (1 << 20)) >> 21;
 $s8 += $carry7;
 $s7 -= $carry7 << 21;
-/** @var int $carry9 */
 $carry9 = ($s9 + (1 << 20)) >> 21;
 $s10 += $carry9;
 $s9 -= $carry9 << 21;
-/** @var int $carry11 */
 $carry11 = ($s11 + (1 << 20)) >> 21;
 $s12 += $carry11;
 $s11 -= $carry11 << 21;
 $s0 += self::mul($s12,  666643, 20);
 $s3 -= self::mul($s12,  997805, 20);
 $s4 += self::mul($s12,  136657, 18);
 $s5 -= self::mul($s12,  683901, 20);
 $s12 = 0;
-/** @var int $carry0 */
 $carry0 = $s0 >> 21;
 $s1 += $carry0;
 $s0 -= $carry0 << 21;
-/** @var int $carry1 */
 $carry1 = $s1 >> 21;
 $s2 += $carry1;
 $s1 -= $carry1 << 21;
-/** @var int $carry2 */
 $carry2 = $s2 >> 21;
 $s3 += $carry2;
 $s2 -= $carry2 << 21;
-/** @var int $carry3 */
 $carry3 = $s3 >> 21;
 $s4 += $carry3;
 $s3 -= $carry3 << 21;
-/** @var int $carry4 */
 $carry4 = $s4 >> 21;
 $s5 += $carry4;
 $s4 -= $carry4 << 21;
-/** @var int $carry5 */
 $carry5 = $s5 >> 21;
 $s6 += $carry5;
 $s5 -= $carry5 << 21;
-/** @var int $carry6 */
 $carry6 = $s6 >> 21;
 $s7 += $carry6;
 $s6 -= $carry6 << 21;
-/** @var int $carry7 */
 $carry7 = $s7 >> 21;
 $s8 += $carry7;
 $s7 -= $carry7 << 21;
-/** @var int $carry8 */
 $carry8 = $s8 >> 21;
 $s9 += $carry8;
 $s8 -= $carry8 << 21;
-/** @var int $carry9 */
 $carry9 = $s9 >> 21;
 $s10 += $carry9;
 $s9 -= $carry9 << 21;
-/** @var int $carry10 */
 $carry10 = $s10 >> 21;
 $s11 += $carry10;
 $s10 -= $carry10 << 21;
-/** @var int $carry11 */
 $carry11 = $s11 >> 21;
 $s12 += $carry11;
 $s11 -= $carry11 << 21;
 $s0 += self::mul($s12,  666643, 20);
 $s2 += self::mul($s12,  654183, 20);
 $s3 -= self::mul($s12,  997805, 20);
 $s4 += self::mul($s12,  136657, 18);
 $s5 -= self::mul($s12,  683901, 20);
-/** @var int $carry0 */
 $carry0 = $s0 >> 21;
 $s1 += $carry0;
 $s0 -= $carry0 << 21;
-/** @var int $carry1 */
 $carry1 = $s1 >> 21;
 $s2 += $carry1;
 $s1 -= $carry1 << 21;
-/** @var int $carry2 */
 $carry2 = $s2 >> 21;
 $s3 += $carry2;
 $s2 -= $carry2 << 21;
-/** @var int $carry3 */
 $carry3 = $s3 >> 21;
 $s4 += $carry3;
 $s3 -= $carry3 << 21;
-/** @var int $carry4 */
 $carry4 = $s4 >> 21;
 $s5 += $carry4;
 $s4 -= $carry4 << 21;
-/** @var int $carry5 */
 $carry5 = $s5 >> 21;
 $s6 += $carry5;
 $s5 -= $carry5 << 21;
-/** @var int $carry6 */
 $carry6 = $s6 >> 21;
 $s7 += $carry6;
 $s6 -= $carry6 << 21;
-/** @var int $carry7 */
 $carry7 = $s7 >> 21;
 $s8 += $carry7;
 $s7 -= $carry7 << 21;
-/** @var int $carry8 */
 $carry8 = $s8 >> 21;
 $s9 += $carry8;
 $s8 -= $carry8 << 21;
-/** @var int $carry9 */
 $carry9 = $s9 >> 21;
 $s10 += $carry9;
 $s9 -= $carry9 << 21;
-/** @var int $carry10 */
 $carry10 = $s10 >> 21;
 $s11 += $carry10;
 $s10 -= $carry10 << 21;
 /**
 * @return string
 * @throws TypeError
 */
 public static function sc_reduce($s)
 {
-/** @var int $s0 */
 $s0 = 2097151 & self::load_3(self::substr($s, 0, 3));
-/** @var int $s1 */
 $s1 = 2097151 & (self::load_4(self::substr($s, 2, 4)) >> 5);
-/** @var int $s2 */
 $s2 = 2097151 & (self::load_3(self::substr($s, 5, 3)) >> 2);
-/** @var int $s3 */
 $s3 = 2097151 & (self::load_4(self::substr($s, 7, 4)) >> 7);
-/** @var int $s4 */
 $s4 = 2097151 & (self::load_4(self::substr($s, 10, 4)) >> 4);
-/** @var int $s5 */
 $s5 = 2097151 & (self::load_3(self::substr($s, 13, 3)) >> 1);
-/** @var int $s6 */
 $s6 = 2097151 & (self::load_4(self::substr($s, 15, 4)) >> 6);
-/** @var int $s7 */
 $s7 = 2097151 & (self::load_3(self::substr($s, 18, 4)) >> 3);
-/** @var int $s8 */
 $s8 = 2097151 & self::load_3(self::substr($s, 21, 3));
-/** @var int $s9 */
 $s9 = 2097151 & (self::load_4(self::substr($s, 23, 4)) >> 5);
-/** @var int $s10 */
 $s10 = 2097151 & (self::load_3(self::substr($s, 26, 3)) >> 2);
-/** @var int $s11 */
 $s11 = 2097151 & (self::load_4(self::substr($s, 28, 4)) >> 7);
-/** @var int $s12 */
 $s12 = 2097151 & (self::load_4(self::substr($s, 31, 4)) >> 4);
-/** @var int $s13 */
 $s13 = 2097151 & (self::load_3(self::substr($s, 34, 3)) >> 1);
-/** @var int $s14 */
 $s14 = 2097151 & (self::load_4(self::substr($s, 36, 4)) >> 6);
-/** @var int $s15 */
 $s15 = 2097151 & (self::load_3(self::substr($s, 39, 4)) >> 3);
-/** @var int $s16 */
 $s16 = 2097151 & self::load_3(self::substr($s, 42, 3));
-/** @var int $s17 */
 $s17 = 2097151 & (self::load_4(self::substr($s, 44, 4)) >> 5);
-/** @var int $s18 */
 $s18 = 2097151 & (self::load_3(self::substr($s, 47, 3)) >> 2);
-/** @var int $s19 */
 $s19 = 2097151 & (self::load_4(self::substr($s, 49, 4)) >> 7);
-/** @var int $s20 */
 $s20 = 2097151 & (self::load_4(self::substr($s, 52, 4)) >> 4);
-/** @var int $s21 */
 $s21 = 2097151 & (self::load_3(self::substr($s, 55, 3)) >> 1);
-/** @var int $s22 */
 $s22 = 2097151 & (self::load_4(self::substr($s, 57, 4)) >> 6);
-/** @var int $s23 */
+$s23 = 0x1fffffff & (self::load_4(self::substr($s, 60, 4)) >> 3);
-$s23 = (self::load_4(self::substr($s, 60, 4)) >> 3);
 $s11 += self::mul($s23,  666643, 20);
 $s12 += self::mul($s23,  470296, 19);
 $s13 += self::mul($s23,  654183, 20);
 $s14 -= self::mul($s23,  997805, 20);
 $s8  += self::mul($s18,  654183, 20);
 $s9  -= self::mul($s18,  997805, 20);
 $s10 += self::mul($s18,  136657, 18);
 $s11 -= self::mul($s18,  683901, 20);
-/** @var int $carry6 */
 $carry6 = ($s6 + (1 << 20)) >> 21;
 $s7 += $carry6;
 $s6 -= $carry6 << 21;
-/** @var int $carry8 */
 $carry8 = ($s8 + (1 << 20)) >> 21;
 $s9 += $carry8;
 $s8 -= $carry8 << 21;
-/** @var int $carry10 */
 $carry10 = ($s10 + (1 << 20)) >> 21;
 $s11 += $carry10;
 $s10 -= $carry10 << 21;
-/** @var int $carry12 */
 $carry12 = ($s12 + (1 << 20)) >> 21;
 $s13 += $carry12;
 $s12 -= $carry12 << 21;
-/** @var int $carry14 */
 $carry14 = ($s14 + (1 << 20)) >> 21;
 $s15 += $carry14;
 $s14 -= $carry14 << 21;
-/** @var int $carry16 */
 $carry16 = ($s16 + (1 << 20)) >> 21;
 $s17 += $carry16;
 $s16 -= $carry16 << 21;
-/** @var int $carry7 */
 $carry7 = ($s7 + (1 << 20)) >> 21;
 $s8 += $carry7;
 $s7 -= $carry7 << 21;
-/** @var int $carry9 */
 $carry9 = ($s9 + (1 << 20)) >> 21;
 $s10 += $carry9;
 $s9 -= $carry9 << 21;
-/** @var int $carry11 */
 $carry11 = ($s11 + (1 << 20)) >> 21;
 $s12 += $carry11;
 $s11 -= $carry11 << 21;
-/** @var int $carry13 */
 $carry13 = ($s13 + (1 << 20)) >> 21;
 $s14 += $carry13;
 $s13 -= $carry13 << 21;
-/** @var int $carry15 */
 $carry15 = ($s15 + (1 << 20)) >> 21;
 $s16 += $carry15;
 $s15 -= $carry15 << 21;
 $s5  += self::mul($s17,  666643, 20);
 $s3 -= self::mul($s12,  997805, 20);
 $s4 += self::mul($s12,  136657, 18);
 $s5 -= self::mul($s12,  683901, 20);
 $s12 = 0;
-/** @var int $carry0 */
 $carry0 = ($s0 + (1 << 20)) >> 21;
 $s1 += $carry0;
 $s0 -= $carry0 << 21;
-/** @var int $carry2 */
 $carry2 = ($s2 + (1 << 20)) >> 21;
 $s3 += $carry2;
 $s2 -= $carry2 << 21;
-/** @var int $carry4 */
 $carry4 = ($s4 + (1 << 20)) >> 21;
 $s5 += $carry4;
 $s4 -= $carry4 << 21;
-/** @var int $carry6 */
 $carry6 = ($s6 + (1 << 20)) >> 21;
 $s7 += $carry6;
 $s6 -= $carry6 << 21;
-/** @var int $carry8 */
 $carry8 = ($s8 + (1 << 20)) >> 21;
 $s9 += $carry8;
 $s8 -= $carry8 << 21;
-/** @var int $carry10 */
 $carry10 = ($s10 + (1 << 20)) >> 21;
 $s11 += $carry10;
 $s10 -= $carry10 << 21;
-/** @var int $carry1 */
 $carry1 = ($s1 + (1 << 20)) >> 21;
 $s2 += $carry1;
 $s1 -= $carry1 << 21;
-/** @var int $carry3 */
 $carry3 = ($s3 + (1 << 20)) >> 21;
 $s4 += $carry3;
 $s3 -= $carry3 << 21;
-/** @var int $carry5 */
 $carry5 = ($s5 + (1 << 20)) >> 21;
 $s6 += $carry5;
 $s5 -= $carry5 << 21;
-/** @var int $carry7 */
 $carry7 = ($s7 + (1 << 20)) >> 21;
 $s8 += $carry7;
 $s7 -= $carry7 << 21;
-/** @var int $carry9 */
 $carry9 = ($s9 + (1 << 20)) >> 21;
 $s10 += $carry9;
 $s9 -= $carry9 << 21;
-/** @var int $carry11 */
 $carry11 = ($s11 + (1 << 20)) >> 21;
 $s12 += $carry11;
 $s11 -= $carry11 << 21;
 $s0 += self::mul($s12,  666643, 20);
 $s3 -= self::mul($s12,  997805, 20);
 $s4 += self::mul($s12,  136657, 18);
 $s5 -= self::mul($s12,  683901, 20);
 $s12 = 0;
-/** @var int $carry0 */
 $carry0 = $s0 >> 21;
 $s1 += $carry0;
 $s0 -= $carry0 << 21;
-/** @var int $carry1 */
 $carry1 = $s1 >> 21;
 $s2 += $carry1;
 $s1 -= $carry1 << 21;
-/** @var int $carry2 */
 $carry2 = $s2 >> 21;
 $s3 += $carry2;
 $s2 -= $carry2 << 21;
-/** @var int $carry3 */
 $carry3 = $s3 >> 21;
 $s4 += $carry3;
 $s3 -= $carry3 << 21;
-/** @var int $carry4 */
 $carry4 = $s4 >> 21;
 $s5 += $carry4;
 $s4 -= $carry4 << 21;
-/** @var int $carry5 */
 $carry5 = $s5 >> 21;
 $s6 += $carry5;
 $s5 -= $carry5 << 21;
-/** @var int $carry6 */
 $carry6 = $s6 >> 21;
 $s7 += $carry6;
 $s6 -= $carry6 << 21;
-/** @var int $carry7 */
 $carry7 = $s7 >> 21;
 $s8 += $carry7;
 $s7 -= $carry7 << 21;
-/** @var int $carry8 */
 $carry8 = $s8 >> 21;
 $s9 += $carry8;
 $s8 -= $carry8 << 21;
-/** @var int $carry9 */
 $carry9 = $s9 >> 21;
 $s10 += $carry9;
 $s9 -= $carry9 << 21;
-/** @var int $carry10 */
 $carry10 = $s10 >> 21;
 $s11 += $carry10;
 $s10 -= $carry10 << 21;
-/** @var int $carry11 */
 $carry11 = $s11 >> 21;
 $s12 += $carry11;
 $s11 -= $carry11 << 21;
 $s0 += self::mul($s12,  666643, 20);
 $s2 += self::mul($s12,  654183, 20);
 $s3 -= self::mul($s12,  997805, 20);
 $s4 += self::mul($s12,  136657, 18);
 $s5 -= self::mul($s12,  683901, 20);
-/** @var int $carry0 */
 $carry0 = $s0 >> 21;
 $s1 += $carry0;
 $s0 -= $carry0 << 21;
-/** @var int $carry1 */
 $carry1 = $s1 >> 21;
 $s2 += $carry1;
 $s1 -= $carry1 << 21;
-/** @var int $carry2 */
 $carry2 = $s2 >> 21;
 $s3 += $carry2;
 $s2 -= $carry2 << 21;
-/** @var int $carry3 */
 $carry3 = $s3 >> 21;
 $s4 += $carry3;
 $s3 -= $carry3 << 21;
-/** @var int $carry4 */
 $carry4 = $s4 >> 21;
 $s5 += $carry4;
 $s4 -= $carry4 << 21;
-/** @var int $carry5 */
 $carry5 = $s5 >> 21;
 $s6 += $carry5;
 $s5 -= $carry5 << 21;
-/** @var int $carry6 */
 $carry6 = $s6 >> 21;
 $s7 += $carry6;
 $s6 -= $carry6 << 21;
-/** @var int $carry7 */
 $carry7 = $s7 >> 21;
 $s8 += $carry7;
 $s7 -= $carry7 << 21;
-/** @var int $carry8 */
 $carry8 = $s8 >> 21;
 $s9 += $carry8;
 $s8 -= $carry8 << 21;
-/** @var int $carry9 */
 $carry9 = $s9 >> 21;
 $s10 += $carry9;
 $s9 -= $carry9 << 21;
-/** @var int $carry10 */
 $carry10 = $s10 >> 21;
 $s11 += $carry10;
 $s10 -= $carry10 << 21;
 /**
 * @param ParagonIE_Sodium_Core_Curve25519_Ge_P3 $A
 * @return ParagonIE_Sodium_Core_Curve25519_Ge_P3
 */
 public static function ge_mul_l(ParagonIE_Sodium_Core_Curve25519_Ge_P3 $A)
 {
-/** @var array<int, int> $aslide */
 $aslide = array(
 13, 0, 0, 0, 0, -1, 0, 0, 0, 0, -11, 0, 0, 0, 0, 0, 0, -5, 0, 0, 0,
 0, 0, 0, -3, 0, 0, 0, 0, -13, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 3, 0,
 0, 0, 0, -13, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 11, 0, 0, 0,
 0, 0, 11, 0, 0, 0, 0, -13, 0, 0, 0, 0, 0, 0, -3, 0, 0, 0, 0, 0, -1,
 $s_[0] &= 248;
 $s_[31] |= 64;
 $s_[31] &= 128;
 return self::intArrayToString($s_);
 }
+/**
+* Ensure limbs are less than 28 bits long to prevent float promotion.
+*
+* This uses a constant-time conditional swap under the hood.
+*
+* @param ParagonIE_Sodium_Core_Curve25519_Fe $f
+* @return ParagonIE_Sodium_Core_Curve25519_Fe
+*/
+public static function fe_normalize(ParagonIE_Sodium_Core_Curve25519_Fe $f)
+{
+$x = (PHP_INT_SIZE << 3) - 1; // 31 or 63
+$g = self::fe_copy($f);
+for ($i = 0; $i < 10; ++$i) {
+$mask = -(($g[$i] >> $x) & 1);
+/*
+* Get two candidate normalized values for $g[$i], depending on the sign of $g[$i]:
+*/
+$a = $g[$i] & 0x7ffffff;
+$b = -((-$g[$i]) & 0x7ffffff);
+/*
+* Return the appropriate candidate value, based on the sign of the original input:
+*
+* The following is equivalent to this ternary:
+*
+* $g[$i] = (($g[$i] >> $x) & 1) ? $a : $b;
+*
+* Except what's written doesn't contain timing leaks.
+*/
+$g[$i] = ($a ^ (($a ^ $b) & $mask));
+}
+return $g;
+}
 }

changeset 19	3d72ae0968f4
parent 18	be944660c56a