enmi-conf.org: comparison wp/wp-includes/sodium

equal deleted inserted replaced

-:48c4eec2b7e6
+:8c2e4d02f4ef
 const BASE64_VARIANT_URLSAFE_NO_PADDING = 7;
 const CRYPTO_AEAD_AES256GCM_KEYBYTES = 32;
 const CRYPTO_AEAD_AES256GCM_NSECBYTES = 0;
 const CRYPTO_AEAD_AES256GCM_NPUBBYTES = 12;
 const CRYPTO_AEAD_AES256GCM_ABYTES = 16;
+const CRYPTO_AEAD_AEGIS128L_KEYBYTES = 16;
+const CRYPTO_AEAD_AEGIS128L_NSECBYTES = 0;
+const CRYPTO_AEAD_AEGIS128L_NPUBBYTES = 16;
+const CRYPTO_AEAD_AEGIS128L_ABYTES = 32;
+const CRYPTO_AEAD_AEGIS256_KEYBYTES = 32;
+const CRYPTO_AEAD_AEGIS256_NSECBYTES = 0;
+const CRYPTO_AEAD_AEGIS256_NPUBBYTES = 32;
+const CRYPTO_AEAD_AEGIS256_ABYTES = 32;
 const CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES = 32;
 const CRYPTO_AEAD_CHACHA20POLY1305_NSECBYTES = 0;
 const CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES = 8;
 const CRYPTO_AEAD_CHACHA20POLY1305_ABYTES = 16;
 const CRYPTO_AEAD_CHACHA20POLY1305_IETF_KEYBYTES = 32;
 * @param string $val
 * @param string $addv
 * @return void
 * @throws SodiumException
 */
-public static function add(&$val, $addv)
+public static function add(
-{
+#[\SensitiveParameter]
+&$val,
+#[\SensitiveParameter]
+$addv
+) {
 $val_len = ParagonIE_Sodium_Core_Util::strlen($val);
 $addv_len = ParagonIE_Sodium_Core_Util::strlen($addv);
 if ($val_len !== $addv_len) {
 throw new SodiumException('values must have the same length');
 }
 * @param int $variant
 * @param string $ignore
 * @return string
 * @throws SodiumException
 */
-public static function base642bin($encoded, $variant, $ignore = '')
+public static function base642bin(
-{
+#[\SensitiveParameter]
+$encoded,
+$variant,
+$ignore = ''
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($encoded, 'string', 1);
 /** @var string $encoded */
 $encoded = (string) $encoded;
 * @param string $decoded
 * @param int $variant
 * @return string
 * @throws SodiumException
 */
-public static function bin2base64($decoded, $variant)
+public static function bin2base64(
-{
+#[\SensitiveParameter]
+$decoded,
+$variant
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($decoded, 'string', 1);
 /** @var string $decoded */
 $decoded = (string) $decoded;
 if (ParagonIE_Sodium_Core_Util::strlen($decoded) === 0) {
 * @return string        A hexadecimal-encoded string
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function bin2hex($string)
+public static function bin2hex(
-{
+#[\SensitiveParameter]
+$string
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($string, 'string', 1);
 if (self::useNewSodiumAPI()) {
 return (string) sodium_bin2hex($string);
 *                      If > 0 if the right operand is less than the left
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function compare($left, $right)
+public static function compare(
-{
+#[\SensitiveParameter]
+$left,
+#[\SensitiveParameter]
+$right
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($left, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($right, 'string', 2);
 if (self::useNewSodiumAPI()) {
 }
 if (self::use_fallback('compare')) {
 return (int) call_user_func('\\Sodium\\compare', $left, $right);
 }
 return ParagonIE_Sodium_Core_Util::compare($left, $right);
+}
+/**
+* Authenticated Encryption with Associated Data: Decryption
+*
+* Algorithm:
+*     AEGIS-128L
+*
+* @param string $ciphertext Encrypted message (with MAC appended)
+* @param string $assocData  Authenticated Associated Data (unencrypted)
+* @param string $nonce      Number to be used only Once; must be 32 bytes
+* @param string $key        Encryption key
+*
+* @return string            The original plaintext message
+* @throws SodiumException
+* @throws TypeError
+* @psalm-suppress MixedArgument
+* @psalm-suppress MixedInferredReturnType
+* @psalm-suppress MixedReturnStatement
+*/
+public static function crypto_aead_aegis128l_decrypt(
+$ciphertext = '',
+$assocData = '',
+$nonce = '',
+#[\SensitiveParameter]
+$key = ''
+) {
+ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
+ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
+ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3);
+ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);
+/* Input validation: */
+if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_AEGIS128L_NPUBBYTES) {
+throw new SodiumException('Nonce must be CRYPTO_AEAD_AEGIS_128L_NPUBBYTES long');
+}
+if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_AEGIS128L_KEYBYTES) {
+throw new SodiumException('Key must be CRYPTO_AEAD_AEGIS128L_KEYBYTES long');
+}
+$ct_length = ParagonIE_Sodium_Core_Util::strlen($ciphertext);
+if ($ct_length < self::CRYPTO_AEAD_AEGIS128L_ABYTES) {
+throw new SodiumException('Message must be at least CRYPTO_AEAD_AEGIS128L_ABYTES long');
+}
+$ct = ParagonIE_Sodium_Core_Util::substr(
+$ciphertext,
+0,
+$ct_length - self::CRYPTO_AEAD_AEGIS128L_ABYTES
+);
+$tag = ParagonIE_Sodium_Core_Util::substr(
+$ciphertext,
+$ct_length - self::CRYPTO_AEAD_AEGIS128L_ABYTES,
+self::CRYPTO_AEAD_AEGIS128L_ABYTES
+);
+return ParagonIE_Sodium_Core_AEGIS128L::decrypt($ct, $tag, $assocData, $key, $nonce);
+}
+/**
+* Authenticated Encryption with Associated Data: Encryption
+*
+* Algorithm:
+*     AEGIS-128L
+*
+* @param string $plaintext Message to be encrypted
+* @param string $assocData Authenticated Associated Data (unencrypted)
+* @param string $nonce     Number to be used only Once; must be 32 bytes
+* @param string $key       Encryption key
+*
+* @return string           Ciphertext with 32-byte authentication tag appended
+* @throws SodiumException
+* @throws TypeError
+* @psalm-suppress MixedArgument
+*/
+public static function crypto_aead_aegis128l_encrypt(
+#[\SensitiveParameter]
+$plaintext = '',
+$assocData = '',
+$nonce = '',
+#[\SensitiveParameter]
+$key = ''
+) {
+ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
+ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
+ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3);
+ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);
+/* Input validation: */
+if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_AEGIS128L_NPUBBYTES) {
+throw new SodiumException('Nonce must be CRYPTO_AEAD_AEGIS128L_KEYBYTES long');
+}
+if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_AEGIS128L_KEYBYTES) {
+throw new SodiumException('Key must be CRYPTO_AEAD_AEGIS128L_KEYBYTES long');
+}
+list($ct, $tag) = ParagonIE_Sodium_Core_AEGIS128L::encrypt($plaintext, $assocData, $key, $nonce);
+return $ct . $tag;
+}
+/**
+* Return a secure random key for use with the AEGIS-128L
+* symmetric AEAD interface.
+*
+* @return string
+* @throws Exception
+* @throws Error
+*/
+public static function crypto_aead_aegis128l_keygen()
+{
+return random_bytes(self::CRYPTO_AEAD_AEGIS128L_KEYBYTES);
+}
+/**
+* Authenticated Encryption with Associated Data: Decryption
+*
+* Algorithm:
+*     AEGIS-256
+*
+* @param string $ciphertext Encrypted message (with MAC appended)
+* @param string $assocData  Authenticated Associated Data (unencrypted)
+* @param string $nonce      Number to be used only Once; must be 32 bytes
+* @param string $key        Encryption key
+*
+* @return string            The original plaintext message
+* @throws SodiumException
+* @throws TypeError
+* @psalm-suppress MixedArgument
+* @psalm-suppress MixedInferredReturnType
+* @psalm-suppress MixedReturnStatement
+*/
+public static function crypto_aead_aegis256_decrypt(
+$ciphertext = '',
+$assocData = '',
+$nonce = '',
+#[\SensitiveParameter]
+$key = ''
+) {
+ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
+ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
+ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3);
+ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);
+/* Input validation: */
+if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_AEGIS256_NPUBBYTES) {
+throw new SodiumException('Nonce must be CRYPTO_AEAD_AEGIS256_NPUBBYTES long');
+}
+if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_AEGIS256_KEYBYTES) {
+throw new SodiumException('Key must be CRYPTO_AEAD_AEGIS256_KEYBYTES long');
+}
+$ct_length = ParagonIE_Sodium_Core_Util::strlen($ciphertext);
+if ($ct_length < self::CRYPTO_AEAD_AEGIS256_ABYTES) {
+throw new SodiumException('Message must be at least CRYPTO_AEAD_AEGIS256_ABYTES long');
+}
+$ct = ParagonIE_Sodium_Core_Util::substr(
+$ciphertext,
+0,
+$ct_length - self::CRYPTO_AEAD_AEGIS256_ABYTES
+);
+$tag = ParagonIE_Sodium_Core_Util::substr(
+$ciphertext,
+$ct_length - self::CRYPTO_AEAD_AEGIS256_ABYTES,
+self::CRYPTO_AEAD_AEGIS256_ABYTES
+);
+return ParagonIE_Sodium_Core_AEGIS256::decrypt($ct, $tag, $assocData, $key, $nonce);
+}
+/**
+* Authenticated Encryption with Associated Data: Encryption
+*
+* Algorithm:
+*     AEGIS-256
+*
+* @param string $plaintext Message to be encrypted
+* @param string $assocData Authenticated Associated Data (unencrypted)
+* @param string $nonce Number to be used only Once; must be 32 bytes
+* @param string $key Encryption key
+*
+* @return string           Ciphertext with 32-byte authentication tag appended
+* @throws SodiumException
+* @throws TypeError
+* @psalm-suppress MixedArgument
+*/
+public static function crypto_aead_aegis256_encrypt(
+#[\SensitiveParameter]
+$plaintext = '',
+$assocData = '',
+$nonce = '',
+#[\SensitiveParameter]
+$key = ''
+) {
+ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
+ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
+ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3);
+ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);
+/* Input validation: */
+if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_AEGIS256_NPUBBYTES) {
+throw new SodiumException('Nonce must be CRYPTO_AEAD_AEGIS128L_KEYBYTES long');
+}
+if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_AEGIS256_KEYBYTES) {
+throw new SodiumException('Key must be CRYPTO_AEAD_AEGIS128L_KEYBYTES long');
+}
+list($ct, $tag) = ParagonIE_Sodium_Core_AEGIS256::encrypt($plaintext, $assocData, $key, $nonce);
+return $ct . $tag;
+}
+/**
+* Return a secure random key for use with the AEGIS-256
+* symmetric AEAD interface.
+*
+* @return string
+* @throws Exception
+* @throws Error
+*/
+public static function crypto_aead_aegis256_keygen()
+{
+return random_bytes(self::CRYPTO_AEAD_AEGIS256_KEYBYTES);
 }
 /**
 * Is AES-256-GCM even available to use?
 *
 */
 public static function crypto_aead_aes256gcm_decrypt(
 $ciphertext = '',
 $assocData = '',
 $nonce = '',
+#[\SensitiveParameter]
 $key = ''
 ) {
 if (!self::crypto_aead_aes256gcm_is_available()) {
 throw new SodiumException('AES-256-GCM is not available');
 }
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
 public static function crypto_aead_aes256gcm_encrypt(
+#[\SensitiveParameter]
 $plaintext = '',
 $assocData = '',
 $nonce = '',
+#[\SensitiveParameter]
 $key = ''
 ) {
 if (!self::crypto_aead_aes256gcm_is_available()) {
 throw new SodiumException('AES-256-GCM is not available');
 }
 */
 public static function crypto_aead_chacha20poly1305_decrypt(
 $ciphertext = '',
 $assocData = '',
 $nonce = '',
+#[\SensitiveParameter]
 $key = ''
 ) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
 public static function crypto_aead_chacha20poly1305_encrypt(
+#[\SensitiveParameter]
 $plaintext = '',
 $assocData = '',
 $nonce = '',
+#[\SensitiveParameter]
 $key = ''
 ) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
 */
 public static function crypto_aead_chacha20poly1305_ietf_decrypt(
 $ciphertext = '',
 $assocData = '',
 $nonce = '',
+#[\SensitiveParameter]
 $key = ''
 ) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
 public static function crypto_aead_chacha20poly1305_ietf_encrypt(
+#[\SensitiveParameter]
 $plaintext = '',
 $assocData = '',
 $nonce = '',
+#[\SensitiveParameter]
 $key = ''
 ) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
 if (!is_null($assocData)) {
 */
 public static function crypto_aead_xchacha20poly1305_ietf_decrypt(
 $ciphertext = '',
 $assocData = '',
 $nonce = '',
+#[\SensitiveParameter]
 $key = '',
 $dontFallback = false
 ) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
 public static function crypto_aead_xchacha20poly1305_ietf_encrypt(
+#[\SensitiveParameter]
 $plaintext = '',
 $assocData = '',
 $nonce = '',
+#[\SensitiveParameter]
 $key = '',
 $dontFallback = false
 ) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
 * @return string         Message authentication code
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_auth($message, $key)
+public static function crypto_auth(
-{
+$message,
+#[\SensitiveParameter]
+$key
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 2);
 /* Input validation: */
 * @return bool           TRUE if authenticated, FALSE otherwise
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_auth_verify($mac, $message, $key)
+public static function crypto_auth_verify(
-{
+$mac,
+$message,
+#[\SensitiveParameter]
+$key
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($mac, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 3);
 * @return string           Ciphertext with 16-byte Poly1305 MAC
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_box($plaintext, $nonce, $keypair)
+public static function crypto_box(
-{
+$plaintext,
+$nonce,
+#[\SensitiveParameter]
+$keypair
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 3);
 *                          decrypt
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_box_seal($plaintext, $publicKey)
+public static function crypto_box_seal(
-{
+#[\SensitiveParameter]
+$plaintext,
+$publicKey
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 2);
 /* Input validation: */
 * @throws TypeError
 * @psalm-suppress MixedArgument
 * @psalm-suppress MixedInferredReturnType
 * @psalm-suppress MixedReturnStatement
 */
-public static function crypto_box_seal_open($ciphertext, $keypair)
+public static function crypto_box_seal_open(
-{
+$ciphertext,
+#[\SensitiveParameter]
+$keypair
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 2);
 /* Input validation: */
 * @return string    Keypair
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_box_keypair_from_secretkey_and_publickey($secretKey, $publicKey)
+public static function crypto_box_keypair_from_secretkey_and_publickey(
-{
+#[\SensitiveParameter]
+$secretKey,
+$publicKey
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 2);
 /* Input validation: */
 * @throws TypeError
 * @psalm-suppress MixedArgument
 * @psalm-suppress MixedInferredReturnType
 * @psalm-suppress MixedReturnStatement
 */
-public static function crypto_box_open($ciphertext, $nonce, $keypair)
+public static function crypto_box_open(
-{
+$ciphertext,
+$nonce,
+#[\SensitiveParameter]
+$keypair
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 3);
 * @return string         Your crypto_box public key
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_box_publickey($keypair)
+public static function crypto_box_publickey(
-{
+#[\SensitiveParameter]
+$keypair
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1);
 /* Input validation: */
 if (ParagonIE_Sodium_Core_Util::strlen($keypair) !== self::CRYPTO_BOX_KEYPAIRBYTES) {
 * @return string           The corresponding X25519 public key
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_box_publickey_from_secretkey($secretKey)
+public static function crypto_box_publickey_from_secretkey(
-{
+#[\SensitiveParameter]
+$secretKey
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 1);
 /* Input validation: */
 if (ParagonIE_Sodium_Core_Util::strlen($secretKey) !== self::CRYPTO_BOX_SECRETKEYBYTES) {
 * @return string         Your crypto_box secret key
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_box_secretkey($keypair)
+public static function crypto_box_secretkey(
-{
+#[\SensitiveParameter]
+$keypair
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1);
 /* Input validation: */
 if (ParagonIE_Sodium_Core_Util::strlen($keypair) !== self::CRYPTO_BOX_KEYPAIRBYTES) {
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 * @psalm-suppress UndefinedFunction
 */
-public static function crypto_box_seed_keypair($seed)
+public static function crypto_box_seed_keypair(
-{
+#[\SensitiveParameter]
+$seed
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($seed, 'string', 1);
 if (self::useNewSodiumAPI()) {
 return (string) sodium_crypto_box_seed_keypair($seed);
 * @return string              Raw binary
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_generichash($message, $key = '', $length = self::CRYPTO_GENERICHASH_BYTES)
+public static function crypto_generichash(
-{
+$message,
+#[\SensitiveParameter]
+$key = '',
+$length = self::CRYPTO_GENERICHASH_BYTES
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
 if (is_null($key)) {
 $key = '';
 }
 * @throws TypeError
 * @psalm-suppress MixedArgument
 * @psalm-suppress ReferenceConstraintViolation
 * @psalm-suppress ConflictingReferenceConstraint
 */
-public static function crypto_generichash_final(&$ctx, $length = self::CRYPTO_GENERICHASH_BYTES)
+public static function crypto_generichash_final(
-{
+#[\SensitiveParameter]
+&$ctx,
+$length = self::CRYPTO_GENERICHASH_BYTES
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($ctx, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($length, 'int', 2);
 if (self::useNewSodiumAPI()) {
 *                         (To be 100% compatible with ext/libsodium)
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_generichash_init($key = '', $length = self::CRYPTO_GENERICHASH_BYTES)
+public static function crypto_generichash_init(
-{
+#[\SensitiveParameter]
+$key = '',
+$length = self::CRYPTO_GENERICHASH_BYTES
+) {
 /* Type checks: */
 if (is_null($key)) {
 $key = '';
 }
 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 1);
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
 public static function crypto_generichash_init_salt_personal(
+#[\SensitiveParameter]
 $key = '',
 $length = self::CRYPTO_GENERICHASH_BYTES,
 $salt = '',
 $personal = ''
 ) {
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 * @psalm-suppress ReferenceConstraintViolation
 */
-public static function crypto_generichash_update(&$ctx, $message)
+public static function crypto_generichash_update(
-{
+#[\SensitiveParameter]
+&$ctx,
+$message
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($ctx, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 2);
 if (self::useNewSodiumAPI()) {
 */
 public static function crypto_kdf_derive_from_key(
 $subkey_len,
 $subkey_id,
 $context,
+#[\SensitiveParameter]
 $key
 ) {
 ParagonIE_Sodium_Core_Util::declareScalarType($subkey_len, 'int', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($subkey_id, 'int', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($context, 'string', 3);
 * @return string
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_kx($my_secret, $their_public, $client_public, $server_public, $dontFallback = false)
+public static function crypto_kx(
-{
+#[\SensitiveParameter]
+$my_secret,
+$their_public,
+$client_public,
+$server_public,
+$dontFallback = false
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($my_secret, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($their_public, 'string', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($client_public, 'string', 3);
 ParagonIE_Sodium_Core_Util::declareScalarType($server_public, 'string', 4);
 /**
 * @param string $seed
 * @return string
 * @throws SodiumException
 */
-public static function crypto_kx_seed_keypair($seed)
+public static function crypto_kx_seed_keypair(
-{
+#[\SensitiveParameter]
+$seed
+) {
 ParagonIE_Sodium_Core_Util::declareScalarType($seed, 'string', 1);
 $seed = (string) $seed;
 if (ParagonIE_Sodium_Core_Util::strlen($seed) !== self::CRYPTO_KX_SEEDBYTES) {
 * @param string $keypair
 * @param string $serverPublicKey
 * @return array{0: string, 1: string}
 * @throws SodiumException
 */
-public static function crypto_kx_client_session_keys($keypair, $serverPublicKey)
+public static function crypto_kx_client_session_keys(
-{
+#[\SensitiveParameter]
+$keypair,
+$serverPublicKey
+) {
 ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($serverPublicKey, 'string', 2);
 $keypair = (string) $keypair;
 $serverPublicKey = (string) $serverPublicKey;
 * @param string $keypair
 * @param string $clientPublicKey
 * @return array{0: string, 1: string}
 * @throws SodiumException
 */
-public static function crypto_kx_server_session_keys($keypair, $clientPublicKey)
+public static function crypto_kx_server_session_keys(
-{
+#[\SensitiveParameter]
+$keypair,
+$clientPublicKey
+) {
 ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($clientPublicKey, 'string', 2);
 $keypair = (string) $keypair;
 $clientPublicKey = (string) $clientPublicKey;
 /**
 * @param string $kp
 * @return string
 * @throws SodiumException
 */
-public static function crypto_kx_secretkey($kp)
+public static function crypto_kx_secretkey(
-{
+#[\SensitiveParameter]
+$kp
+) {
 return ParagonIE_Sodium_Core_Util::substr(
 $kp,
 0,
 self::CRYPTO_KX_SECRETKEYBYTES
 );
 * @return string
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_pwhash($outlen, $passwd, $salt, $opslimit, $memlimit, $alg = null)
+public static function crypto_pwhash(
-{
+$outlen,
+#[\SensitiveParameter]
+$passwd,
+$salt,
+$opslimit,
+$memlimit,
+$alg = null
+) {
 ParagonIE_Sodium_Core_Util::declareScalarType($outlen, 'int', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($salt,  'string', 3);
 ParagonIE_Sodium_Core_Util::declareScalarType($opslimit, 'int', 4);
 ParagonIE_Sodium_Core_Util::declareScalarType($memlimit, 'int', 5);
 * @return string
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_pwhash_str($passwd, $opslimit, $memlimit)
+public static function crypto_pwhash_str(
-{
+#[\SensitiveParameter]
+$passwd,
+$opslimit,
+$memlimit
+) {
 ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($opslimit, 'int', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($memlimit, 'int', 3);
 if (self::useNewSodiumAPI()) {
 * @param int $opslimit
 * @param int $memlimit
 * @return bool
 * @throws SodiumException
 */
-public static function crypto_pwhash_str_needs_rehash($hash, $opslimit, $memlimit)
+public static function crypto_pwhash_str_needs_rehash(
-{
+#[\SensitiveParameter]
+$hash,
+$opslimit,
+$memlimit
+) {
 ParagonIE_Sodium_Core_Util::declareScalarType($hash, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($opslimit, 'int', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($memlimit, 'int', 3);
 // Just grab the first 4 pieces.
 * @return bool
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_pwhash_str_verify($passwd, $hash)
+public static function crypto_pwhash_str_verify(
-{
+#[\SensitiveParameter]
+$passwd,
+#[\SensitiveParameter]
+$hash
+) {
 ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($hash, 'string', 2);
 if (self::useNewSodiumAPI()) {
 return (bool) sodium_crypto_pwhash_str_verify($passwd, $hash);
 * @param int $memlimit
 * @return string
 * @throws SodiumException
 * @throws TypeError
 */
-public static function crypto_pwhash_scryptsalsa208sha256($outlen, $passwd, $salt, $opslimit, $memlimit)
+public static function crypto_pwhash_scryptsalsa208sha256(
-{
+$outlen,
+#[\SensitiveParameter]
+$passwd,
+$salt,
+$opslimit,
+$memlimit
+) {
 ParagonIE_Sodium_Core_Util::declareScalarType($outlen, 'int', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($salt,  'string', 3);
 ParagonIE_Sodium_Core_Util::declareScalarType($opslimit, 'int', 4);
 ParagonIE_Sodium_Core_Util::declareScalarType($memlimit, 'int', 5);
 * @param int $memlimit
 * @return string
 * @throws SodiumException
 * @throws TypeError
 */
-public static function crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit, $memlimit)
+public static function crypto_pwhash_scryptsalsa208sha256_str(
-{
+#[\SensitiveParameter]
+$passwd,
+$opslimit,
+$memlimit
+) {
 ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($opslimit, 'int', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($memlimit, 'int', 3);
 if (self::useNewSodiumAPI()) {
 * @param string $hash
 * @return bool
 * @throws SodiumException
 * @throws TypeError
 */
-public static function crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash)
+public static function crypto_pwhash_scryptsalsa208sha256_str_verify(
-{
+#[\SensitiveParameter]
+$passwd,
+#[\SensitiveParameter]
+$hash
+) {
 ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($hash, 'string', 2);
 if (self::useNewSodiumAPI()) {
 return (bool) sodium_crypto_pwhash_scryptsalsa208sha256_str_verify(
 * @return string
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_scalarmult($secretKey, $publicKey)
+public static function crypto_scalarmult(
-{
+#[\SensitiveParameter]
+$secretKey,
+$publicKey
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 2);
 /* Input validation: */
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress TooFewArguments
 * @psalm-suppress MixedArgument
 */
-public static function crypto_scalarmult_base($secretKey)
+public static function crypto_scalarmult_base(
-{
+#[\SensitiveParameter]
+$secretKey
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 1);
 /* Input validation: */
 if (ParagonIE_Sodium_Core_Util::strlen($secretKey) !== self::CRYPTO_BOX_SECRETKEYBYTES) {
 * @return string           Ciphertext with Poly1305 MAC
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_secretbox($plaintext, $nonce, $key)
+public static function crypto_secretbox(
-{
+#[\SensitiveParameter]
+$plaintext,
+$nonce,
+#[\SensitiveParameter]
+$key
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 3);
 * @throws TypeError
 * @psalm-suppress MixedArgument
 * @psalm-suppress MixedInferredReturnType
 * @psalm-suppress MixedReturnStatement
 */
-public static function crypto_secretbox_open($ciphertext, $nonce, $key)
+public static function crypto_secretbox_open(
-{
+$ciphertext,
+$nonce,
+#[\SensitiveParameter]
+$key
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 3);
 * @return string            Original plaintext message
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_secretbox_xchacha20poly1305_open($ciphertext, $nonce, $key)
+public static function crypto_secretbox_xchacha20poly1305_open(
-{
+$ciphertext,
+$nonce,
+#[\SensitiveParameter]
+$key
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 3);
 * @param string $key
 * @return array<int, string> Returns a state and a header.
 * @throws Exception
 * @throws SodiumException
 */
-public static function crypto_secretstream_xchacha20poly1305_init_push($key)
+public static function crypto_secretstream_xchacha20poly1305_init_push(
-{
+#[\SensitiveParameter]
+$key
+) {
 if (PHP_INT_SIZE === 4) {
 return ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_init_push($key);
 }
 return ParagonIE_Sodium_Crypto::secretstream_xchacha20poly1305_init_push($key);
 }
 * @param string $header
 * @param string $key
 * @return string Returns a state.
 * @throws Exception
 */
-public static function crypto_secretstream_xchacha20poly1305_init_pull($header, $key)
+public static function crypto_secretstream_xchacha20poly1305_init_pull(
-{
+$header,
+#[\SensitiveParameter]
+$key
+) {
 if (ParagonIE_Sodium_Core_Util::strlen($header) < self::CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES) {
 throw new SodiumException(
 'header size should be SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES bytes'
 );
 }
 * @param string $aad
 * @param int $tag
 * @return string
 * @throws SodiumException
 */
-public static function crypto_secretstream_xchacha20poly1305_push(&$state, $msg, $aad = '', $tag = 0)
+public static function crypto_secretstream_xchacha20poly1305_push(
-{
+#[\SensitiveParameter]
+&$state,
+#[\SensitiveParameter]
+$msg,
+$aad = '',
+$tag = 0
+) {
 if (PHP_INT_SIZE === 4) {
 return ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_push(
 $state,
 $msg,
 $aad,
 * @param string $msg
 * @param string $aad
 * @return bool|array{0: string, 1: int}
 * @throws SodiumException
 */
-public static function crypto_secretstream_xchacha20poly1305_pull(&$state, $msg, $aad = '')
+public static function crypto_secretstream_xchacha20poly1305_pull(
-{
+#[\SensitiveParameter]
+&$state,
+$msg,
+$aad = ''
+) {
 if (PHP_INT_SIZE === 4) {
 return ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_pull(
 $state,
 $msg,
 $aad
 /**
 * @param string $state
 * @return void
 * @throws SodiumException
 */
-public static function crypto_secretstream_xchacha20poly1305_rekey(&$state)
+public static function crypto_secretstream_xchacha20poly1305_rekey(
-{
+#[\SensitiveParameter]
+&$state
+) {
 if (PHP_INT_SIZE === 4) {
 ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_rekey($state);
 } else {
 ParagonIE_Sodium_Crypto::secretstream_xchacha20poly1305_rekey($state);
 }
 * @throws TypeError
 * @psalm-suppress MixedArgument
 * @psalm-suppress MixedInferredReturnType
 * @psalm-suppress MixedReturnStatement
 */
-public static function crypto_shorthash($message, $key)
+public static function crypto_shorthash(
-{
+$message,
+#[\SensitiveParameter]
+$key
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 2);
 /* Input validation: */
 * @throws TypeError
 * @psalm-suppress MixedArgument
 * @psalm-suppress MixedInferredReturnType
 * @psalm-suppress MixedReturnStatement
 */
-public static function crypto_sign($message, $secretKey)
+public static function crypto_sign(
-{
+$message,
+#[\SensitiveParameter]
+$secretKey
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 2);
 /* Input validation: */
 * @throws TypeError
 * @psalm-suppress MixedArgument
 * @psalm-suppress MixedInferredReturnType
 * @psalm-suppress MixedReturnStatement
 */
-public static function crypto_sign_open($signedMessage, $publicKey)
+public static function crypto_sign_open(
-{
+$signedMessage,
+$publicKey
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($signedMessage, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 2);
 /* Input validation: */
 * @param string $sk
 * @param string $pk
 * @return string
 * @throws SodiumException
 */
-public static function crypto_sign_keypair_from_secretkey_and_publickey($sk, $pk)
+public static function crypto_sign_keypair_from_secretkey_and_publickey(
-{
+#[\SensitiveParameter]
+$sk,
+$pk
+)  {
 ParagonIE_Sodium_Core_Util::declareScalarType($sk, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($pk, 'string', 1);
 $sk = (string) $sk;
 $pk = (string) $pk;
 * @return string      Keypair
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_sign_seed_keypair($seed)
+public static function crypto_sign_seed_keypair(
-{
+#[\SensitiveParameter]
+$seed
+) {
 ParagonIE_Sodium_Core_Util::declareScalarType($seed, 'string', 1);
 if (self::useNewSodiumAPI()) {
 return sodium_crypto_sign_seed_keypair($seed);
 }
 * @return string         Public key
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_sign_publickey($keypair)
+public static function crypto_sign_publickey(
-{
+#[\SensitiveParameter]
+$keypair
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1);
 /* Input validation: */
 if (ParagonIE_Sodium_Core_Util::strlen($keypair) !== self::CRYPTO_SIGN_KEYPAIRBYTES) {
 * @return string           The corresponding Ed25519 public key
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_sign_publickey_from_secretkey($secretKey)
+public static function crypto_sign_publickey_from_secretkey(
-{
+#[\SensitiveParameter]
+$secretKey
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 1);
 /* Input validation: */
 if (ParagonIE_Sodium_Core_Util::strlen($secretKey) !== self::CRYPTO_SIGN_SECRETKEYBYTES) {
 * @return string         Secret key
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_sign_secretkey($keypair)
+public static function crypto_sign_secretkey(
-{
+#[\SensitiveParameter]
+$keypair
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1);
 /* Input validation: */
 if (ParagonIE_Sodium_Core_Util::strlen($keypair) !== self::CRYPTO_SIGN_KEYPAIRBYTES) {
 * @return string           Digital signature
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_sign_detached($message, $secretKey)
+public static function crypto_sign_detached(
-{
+$message,
+#[\SensitiveParameter]
+$secretKey
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 2);
 /* Input validation: */
 * @return string
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_sign_ed25519_sk_to_curve25519($sk)
+public static function crypto_sign_ed25519_sk_to_curve25519(
-{
+#[\SensitiveParameter]
+$sk
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($sk, 'string', 1);
 /* Input validation: */
 if (ParagonIE_Sodium_Core_Util::strlen($sk) < self::CRYPTO_SIGN_SEEDBYTES) {
 *                      optional for security)
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_stream($len, $nonce, $key)
+public static function crypto_stream(
-{
+$len,
+$nonce,
+#[\SensitiveParameter]
+$key
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($len, 'int', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 3);
 *                        Encrypt then MAC)
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_stream_xor($message, $nonce, $key)
+public static function crypto_stream_xor(
-{
+#[\SensitiveParameter]
+$message,
+$nonce,
+#[\SensitiveParameter]
+$key
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 3);
 *                      optional for security)
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_stream_xchacha20($len, $nonce, $key, $dontFallback = false)
+public static function crypto_stream_xchacha20(
-{
+$len,
+$nonce,
+#[\SensitiveParameter]
+$key,
+$dontFallback = false
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($len, 'int', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 3);
 * @param bool $dontFallback
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_stream_xchacha20_xor($message, $nonce, $key, $dontFallback = false)
+public static function crypto_stream_xchacha20_xor(
-{
+#[\SensitiveParameter]
+$message,
+$nonce,
+#[\SensitiveParameter]
+$key,
+$dontFallback = false
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 3);
 * @param bool $dontFallback
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key, $dontFallback = false)
+public static function crypto_stream_xchacha20_xor_ic(
-{
+#[\SensitiveParameter]
+$message,
+$nonce,
+$counter,
+#[\SensitiveParameter]
+$key,
+$dontFallback = false
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
 ParagonIE_Sodium_Core_Util::declareScalarType($counter, 'int', 3);
 ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress TooFewArguments
 * @psalm-suppress MixedArgument
 */
-public static function hex2bin($string, $ignore = '')
+public static function hex2bin(
-{
+#[\SensitiveParameter]
+$string,
+$ignore = ''
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($string, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($ignore, 'string', 2);
 if (self::useNewSodiumAPI()) {
 * @return void
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function increment(&$var)
+public static function increment(
-{
+#[\SensitiveParameter]
+&$var
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($var, 'string', 1);
 if (self::useNewSodiumAPI()) {
 sodium_increment($var);
 * @param string $str
 * @return bool
 *
 * @throws SodiumException
 */
-public static function is_zero($str)
+public static function is_zero(
-{
+#[\SensitiveParameter]
+$str
+) {
 $d = 0;
 for ($i = 0; $i < 32; ++$i) {
 $d |= ParagonIE_Sodium_Core_Util::chrToInt($str[$i]);
 }
 return ((($d - 1) >> 31) & 1) === 1;
 * @return int
 * @throws SodiumException
 * @throws TypeError
 * @psalm-suppress MixedArgument
 */
-public static function memcmp($left, $right)
+public static function memcmp(
-{
+#[\SensitiveParameter]
+$left,
+#[\SensitiveParameter]
+$right
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($left, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($right, 'string', 2);
 if (self::useNewSodiumAPI()) {
 * @return void
 * @throws SodiumException (Unless libsodium is installed)
 * @throws TypeError
 * @psalm-suppress TooFewArguments
 */
-public static function memzero(&$var)
+public static function memzero(
-{
+#[\SensitiveParameter]
+&$var
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($var, 'string', 1);
 if (self::useNewSodiumAPI()) {
 /** @psalm-suppress MixedArgument */
 * @param int $blockSize
 * @param bool $dontFallback
 * @return string
 * @throws SodiumException
 */
-public static function pad($unpadded, $blockSize, $dontFallback = false)
+public static function pad(
-{
+#[\SensitiveParameter]
+$unpadded,
+$blockSize,
+$dontFallback = false
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($unpadded, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($blockSize, 'int', 2);
 $unpadded = (string) $unpadded;
 * @param int $blockSize
 * @param bool $dontFallback
 * @return string
 * @throws SodiumException
 */
-public static function unpad($padded, $blockSize, $dontFallback = false)
+public static function unpad(
-{
+#[\SensitiveParameter]
+$padded,
+$blockSize,
+$dontFallback = false
+) {
 /* Type checks: */
 ParagonIE_Sodium_Core_Util::declareScalarType($padded, 'string', 1);
 ParagonIE_Sodium_Core_Util::declareScalarType($blockSize, 'int', 2);
 $padded = (string) $padded;
 * @param string $p
 * @param bool $dontFallback
 * @return bool
 * @throws SodiumException
 */
-public static function ristretto255_is_valid_point($p, $dontFallback = false)
+public static function ristretto255_is_valid_point(
-{
+#[\SensitiveParameter]
+$p,
+$dontFallback = false
+) {
 if (self::useNewSodiumAPI() && !$dontFallback) {
 return sodium_crypto_core_ristretto255_is_valid_point($p);
 }
 try {
 $r = ParagonIE_Sodium_Core_Ristretto255::ristretto255_frombytes($p);
 * @param string $q
 * @param bool $dontFallback
 * @return string
 * @throws SodiumException
 */
-public static function ristretto255_add($p, $q, $dontFallback = false)
+public static function ristretto255_add(
-{
+#[\SensitiveParameter]
+$p,
+#[\SensitiveParameter]
+$q,
+$dontFallback = false
+) {
 if (self::useNewSodiumAPI() && !$dontFallback) {
 return sodium_crypto_core_ristretto255_add($p, $q);
 }
 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_add($p, $q);
 }
 * @param string $q
 * @param bool $dontFallback
 * @return string
 * @throws SodiumException
 */
-public static function ristretto255_sub($p, $q, $dontFallback = false)
+public static function ristretto255_sub(
-{
+#[\SensitiveParameter]
+$p,
+#[\SensitiveParameter]
+$q,
+$dontFallback = false
+) {
 if (self::useNewSodiumAPI() && !$dontFallback) {
 return sodium_crypto_core_ristretto255_sub($p, $q);
 }
 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_sub($p, $q);
 }
 * @param bool $dontFallback
 * @return string
 *
 * @throws SodiumException
 */
-public static function ristretto255_from_hash($r, $dontFallback = false)
+public static function ristretto255_from_hash(
-{
+#[\SensitiveParameter]
+$r,
+$dontFallback = false
+) {
 if (self::useNewSodiumAPI() && !$dontFallback) {
 return sodium_crypto_core_ristretto255_from_hash($r);
 }
 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_from_hash($r);
 }
 * @param string $s
 * @param bool $dontFallback
 * @return string
 * @throws SodiumException
 */
-public static function ristretto255_scalar_invert($s, $dontFallback = false)
+public static function ristretto255_scalar_invert(
-{
+#[\SensitiveParameter]
+$s,
+$dontFallback = false
+) {
 if (self::useNewSodiumAPI() && !$dontFallback) {
 return sodium_crypto_core_ristretto255_scalar_invert($s);
 }
 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_invert($s);
 }
 * @param string $s
 * @param bool $dontFallback
 * @return string
 * @throws SodiumException
 */
-public static function ristretto255_scalar_negate($s, $dontFallback = false)
+public static function ristretto255_scalar_negate(
-{
+#[\SensitiveParameter]
+$s,
+$dontFallback = false
+) {
 if (self::useNewSodiumAPI() && !$dontFallback) {
 return sodium_crypto_core_ristretto255_scalar_negate($s);
 }
 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_negate($s);
 }
 * @param string $s
 * @param bool $dontFallback
 * @return string
 * @throws SodiumException
 */
-public static function ristretto255_scalar_complement($s, $dontFallback = false)
+public static function ristretto255_scalar_complement(
-{
+#[\SensitiveParameter]
+$s,
+$dontFallback = false
+) {
 if (self::useNewSodiumAPI() && !$dontFallback) {
 return sodium_crypto_core_ristretto255_scalar_complement($s);
 }
 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_complement($s);
 }
 * @param string $y
 * @param bool $dontFallback
 * @return string
 * @throws SodiumException
 */
-public static function ristretto255_scalar_add($x, $y, $dontFallback = false)
+public static function ristretto255_scalar_add(
-{
+#[\SensitiveParameter]
+$x,
+#[\SensitiveParameter]
+$y,
+$dontFallback = false
+) {
 if (self::useNewSodiumAPI() && !$dontFallback) {
 return sodium_crypto_core_ristretto255_scalar_add($x, $y);
 }
 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_add($x, $y);
 }
 * @param string $y
 * @param bool $dontFallback
 * @return string
 * @throws SodiumException
 */
-public static function ristretto255_scalar_sub($x, $y, $dontFallback = false)
+public static function ristretto255_scalar_sub(
-{
+#[\SensitiveParameter]
+$x,
+#[\SensitiveParameter]
+$y,
+$dontFallback = false
+) {
 if (self::useNewSodiumAPI() && !$dontFallback) {
 return sodium_crypto_core_ristretto255_scalar_sub($x, $y);
 }
 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_sub($x, $y);
 }
 * @param string $y
 * @param bool $dontFallback
 * @return string
 * @throws SodiumException
 */
-public static function ristretto255_scalar_mul($x, $y, $dontFallback = false)
+public static function ristretto255_scalar_mul(
-{
+#[\SensitiveParameter]
+$x,
+#[\SensitiveParameter]
+$y,
+$dontFallback = false
+) {
 if (self::useNewSodiumAPI() && !$dontFallback) {
 return sodium_crypto_core_ristretto255_scalar_mul($x, $y);
 }
 return ParagonIE_Sodium_Core_Ristretto255::ristretto255_scalar_mul($x, $y);
 }
 * @param string $p
 * @param bool $dontFallback
 * @return string
 * @throws SodiumException
 */
-public static function scalarmult_ristretto255($n, $p, $dontFallback = false)
+public static function scalarmult_ristretto255(
-{
+#[\SensitiveParameter]
+$n,
+#[\SensitiveParameter]
+$p,
+$dontFallback = false
+) {
 if (self::useNewSodiumAPI() && !$dontFallback) {
 return sodium_crypto_scalarmult_ristretto255($n, $p);
 }
 return ParagonIE_Sodium_Core_Ristretto255::scalarmult_ristretto255($n, $p);
 }
 * @param string $p
 * @param bool $dontFallback
 * @return string
 * @throws SodiumException
 */
-public static function scalarmult_ristretto255_base($n, $dontFallback = false)
+public static function scalarmult_ristretto255_base(
-{
+#[\SensitiveParameter]
+$n,
+$dontFallback = false
+) {
 if (self::useNewSodiumAPI() && !$dontFallback) {
 return sodium_crypto_scalarmult_ristretto255_base($n);
 }
 return ParagonIE_Sodium_Core_Ristretto255::scalarmult_ristretto255_base($n);
 }
 * @param string $s
 * @param bool $dontFallback
 * @return string
 * @throws SodiumException
 */
-public static function ristretto255_scalar_reduce($s, $dontFallback = false)
+public static function ristretto255_scalar_reduce(
-{
+#[\SensitiveParameter]
+$s,
+$dontFallback = false
+) {
 if (self::useNewSodiumAPI() && !$dontFallback) {
 return sodium_crypto_core_ristretto255_scalar_reduce($s);
 }
 return ParagonIE_Sodium_Core_Ristretto255::sc_reduce($s);
 }
 * @param string $val
 * @param string $addv
 * @return void
 * @throws SodiumException
 */
-public static function sub(&$val, $addv)
+public static function sub(
-{
+#[\SensitiveParameter]
+&$val,
+#[\SensitiveParameter]
+$addv
+) {
 $val_len = ParagonIE_Sodium_Core_Util::strlen($val);
 $addv_len = ParagonIE_Sodium_Core_Util::strlen($addv);
 if ($val_len !== $addv_len) {
 throw new SodiumException('values must have the same length');
 }

changeset 22	8c2e4d02f4ef
parent 21	48c4eec2b7e6