--- a/wp/wp-includes/sodium_compat/src/Compat.php Fri Sep 05 18:40:08 2025 +0200
+++ b/wp/wp-includes/sodium_compat/src/Compat.php Fri Sep 05 18:52:52 2025 +0200
@@ -59,6 +59,14 @@
const CRYPTO_AEAD_AES256GCM_NSECBYTES = 0;
const CRYPTO_AEAD_AES256GCM_NPUBBYTES = 12;
const CRYPTO_AEAD_AES256GCM_ABYTES = 16;
+ const CRYPTO_AEAD_AEGIS128L_KEYBYTES = 16;
+ const CRYPTO_AEAD_AEGIS128L_NSECBYTES = 0;
+ const CRYPTO_AEAD_AEGIS128L_NPUBBYTES = 16;
+ const CRYPTO_AEAD_AEGIS128L_ABYTES = 32;
+ const CRYPTO_AEAD_AEGIS256_KEYBYTES = 32;
+ const CRYPTO_AEAD_AEGIS256_NSECBYTES = 0;
+ const CRYPTO_AEAD_AEGIS256_NPUBBYTES = 32;
+ const CRYPTO_AEAD_AEGIS256_ABYTES = 32;
const CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES = 32;
const CRYPTO_AEAD_CHACHA20POLY1305_NSECBYTES = 0;
const CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES = 8;
@@ -155,8 +163,12 @@
* @return void
* @throws SodiumException
*/
- public static function add(&$val, $addv)
- {
+ public static function add(
+ #[\SensitiveParameter]
+ &$val,
+ #[\SensitiveParameter]
+ $addv
+ ) {
$val_len = ParagonIE_Sodium_Core_Util::strlen($val);
$addv_len = ParagonIE_Sodium_Core_Util::strlen($addv);
if ($val_len !== $addv_len) {
@@ -181,8 +193,12 @@
* @return string
* @throws SodiumException
*/
- public static function base642bin($encoded, $variant, $ignore = '')
- {
+ public static function base642bin(
+ #[\SensitiveParameter]
+ $encoded,
+ $variant,
+ $ignore = ''
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($encoded, 'string', 1);
@@ -224,8 +240,11 @@
* @return string
* @throws SodiumException
*/
- public static function bin2base64($decoded, $variant)
- {
+ public static function bin2base64(
+ #[\SensitiveParameter]
+ $decoded,
+ $variant
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($decoded, 'string', 1);
/** @var string $decoded */
@@ -257,8 +276,10 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function bin2hex($string)
- {
+ public static function bin2hex(
+ #[\SensitiveParameter]
+ $string
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($string, 'string', 1);
@@ -284,8 +305,12 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function compare($left, $right)
- {
+ public static function compare(
+ #[\SensitiveParameter]
+ $left,
+ #[\SensitiveParameter]
+ $right
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($left, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($right, 'string', 2);
@@ -300,6 +325,224 @@
}
/**
+ * Authenticated Encryption with Associated Data: Decryption
+ *
+ * Algorithm:
+ * AEGIS-128L
+ *
+ * @param string $ciphertext Encrypted message (with MAC appended)
+ * @param string $assocData Authenticated Associated Data (unencrypted)
+ * @param string $nonce Number to be used only Once; must be 32 bytes
+ * @param string $key Encryption key
+ *
+ * @return string The original plaintext message
+ * @throws SodiumException
+ * @throws TypeError
+ * @psalm-suppress MixedArgument
+ * @psalm-suppress MixedInferredReturnType
+ * @psalm-suppress MixedReturnStatement
+ */
+ public static function crypto_aead_aegis128l_decrypt(
+ $ciphertext = '',
+ $assocData = '',
+ $nonce = '',
+ #[\SensitiveParameter]
+ $key = ''
+ ) {
+ ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
+ ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
+ ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3);
+ ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);
+
+ /* Input validation: */
+ if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_AEGIS128L_NPUBBYTES) {
+ throw new SodiumException('Nonce must be CRYPTO_AEAD_AEGIS_128L_NPUBBYTES long');
+ }
+ if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_AEGIS128L_KEYBYTES) {
+ throw new SodiumException('Key must be CRYPTO_AEAD_AEGIS128L_KEYBYTES long');
+ }
+ $ct_length = ParagonIE_Sodium_Core_Util::strlen($ciphertext);
+ if ($ct_length < self::CRYPTO_AEAD_AEGIS128L_ABYTES) {
+ throw new SodiumException('Message must be at least CRYPTO_AEAD_AEGIS128L_ABYTES long');
+ }
+
+ $ct = ParagonIE_Sodium_Core_Util::substr(
+ $ciphertext,
+ 0,
+ $ct_length - self::CRYPTO_AEAD_AEGIS128L_ABYTES
+ );
+ $tag = ParagonIE_Sodium_Core_Util::substr(
+ $ciphertext,
+ $ct_length - self::CRYPTO_AEAD_AEGIS128L_ABYTES,
+ self::CRYPTO_AEAD_AEGIS128L_ABYTES
+ );
+ return ParagonIE_Sodium_Core_AEGIS128L::decrypt($ct, $tag, $assocData, $key, $nonce);
+ }
+
+ /**
+ * Authenticated Encryption with Associated Data: Encryption
+ *
+ * Algorithm:
+ * AEGIS-128L
+ *
+ * @param string $plaintext Message to be encrypted
+ * @param string $assocData Authenticated Associated Data (unencrypted)
+ * @param string $nonce Number to be used only Once; must be 32 bytes
+ * @param string $key Encryption key
+ *
+ * @return string Ciphertext with 32-byte authentication tag appended
+ * @throws SodiumException
+ * @throws TypeError
+ * @psalm-suppress MixedArgument
+ */
+ public static function crypto_aead_aegis128l_encrypt(
+ #[\SensitiveParameter]
+ $plaintext = '',
+ $assocData = '',
+ $nonce = '',
+ #[\SensitiveParameter]
+ $key = ''
+ ) {
+ ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
+ ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
+ ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3);
+ ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);
+
+ /* Input validation: */
+ if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_AEGIS128L_NPUBBYTES) {
+ throw new SodiumException('Nonce must be CRYPTO_AEAD_AEGIS128L_KEYBYTES long');
+ }
+ if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_AEGIS128L_KEYBYTES) {
+ throw new SodiumException('Key must be CRYPTO_AEAD_AEGIS128L_KEYBYTES long');
+ }
+
+ list($ct, $tag) = ParagonIE_Sodium_Core_AEGIS128L::encrypt($plaintext, $assocData, $key, $nonce);
+ return $ct . $tag;
+ }
+
+ /**
+ * Return a secure random key for use with the AEGIS-128L
+ * symmetric AEAD interface.
+ *
+ * @return string
+ * @throws Exception
+ * @throws Error
+ */
+ public static function crypto_aead_aegis128l_keygen()
+ {
+ return random_bytes(self::CRYPTO_AEAD_AEGIS128L_KEYBYTES);
+ }
+
+ /**
+ * Authenticated Encryption with Associated Data: Decryption
+ *
+ * Algorithm:
+ * AEGIS-256
+ *
+ * @param string $ciphertext Encrypted message (with MAC appended)
+ * @param string $assocData Authenticated Associated Data (unencrypted)
+ * @param string $nonce Number to be used only Once; must be 32 bytes
+ * @param string $key Encryption key
+ *
+ * @return string The original plaintext message
+ * @throws SodiumException
+ * @throws TypeError
+ * @psalm-suppress MixedArgument
+ * @psalm-suppress MixedInferredReturnType
+ * @psalm-suppress MixedReturnStatement
+ */
+ public static function crypto_aead_aegis256_decrypt(
+ $ciphertext = '',
+ $assocData = '',
+ $nonce = '',
+ #[\SensitiveParameter]
+ $key = ''
+ ) {
+ ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
+ ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
+ ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3);
+ ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);
+
+ /* Input validation: */
+ if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_AEGIS256_NPUBBYTES) {
+ throw new SodiumException('Nonce must be CRYPTO_AEAD_AEGIS256_NPUBBYTES long');
+ }
+ if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_AEGIS256_KEYBYTES) {
+ throw new SodiumException('Key must be CRYPTO_AEAD_AEGIS256_KEYBYTES long');
+ }
+ $ct_length = ParagonIE_Sodium_Core_Util::strlen($ciphertext);
+ if ($ct_length < self::CRYPTO_AEAD_AEGIS256_ABYTES) {
+ throw new SodiumException('Message must be at least CRYPTO_AEAD_AEGIS256_ABYTES long');
+ }
+
+ $ct = ParagonIE_Sodium_Core_Util::substr(
+ $ciphertext,
+ 0,
+ $ct_length - self::CRYPTO_AEAD_AEGIS256_ABYTES
+ );
+ $tag = ParagonIE_Sodium_Core_Util::substr(
+ $ciphertext,
+ $ct_length - self::CRYPTO_AEAD_AEGIS256_ABYTES,
+ self::CRYPTO_AEAD_AEGIS256_ABYTES
+ );
+ return ParagonIE_Sodium_Core_AEGIS256::decrypt($ct, $tag, $assocData, $key, $nonce);
+ }
+
+ /**
+ * Authenticated Encryption with Associated Data: Encryption
+ *
+ * Algorithm:
+ * AEGIS-256
+ *
+ * @param string $plaintext Message to be encrypted
+ * @param string $assocData Authenticated Associated Data (unencrypted)
+ * @param string $nonce Number to be used only Once; must be 32 bytes
+ * @param string $key Encryption key
+ *
+ * @return string Ciphertext with 32-byte authentication tag appended
+ * @throws SodiumException
+ * @throws TypeError
+ * @psalm-suppress MixedArgument
+ */
+ public static function crypto_aead_aegis256_encrypt(
+ #[\SensitiveParameter]
+ $plaintext = '',
+ $assocData = '',
+ $nonce = '',
+ #[\SensitiveParameter]
+ $key = ''
+ ) {
+ ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
+ ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
+ ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3);
+ ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);
+
+ /* Input validation: */
+ if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_AEGIS256_NPUBBYTES) {
+ throw new SodiumException('Nonce must be CRYPTO_AEAD_AEGIS128L_KEYBYTES long');
+ }
+ if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_AEGIS256_KEYBYTES) {
+ throw new SodiumException('Key must be CRYPTO_AEAD_AEGIS128L_KEYBYTES long');
+ }
+
+ list($ct, $tag) = ParagonIE_Sodium_Core_AEGIS256::encrypt($plaintext, $assocData, $key, $nonce);
+ return $ct . $tag;
+ }
+
+ /**
+ * Return a secure random key for use with the AEGIS-256
+ * symmetric AEAD interface.
+ *
+ * @return string
+ * @throws Exception
+ * @throws Error
+ */
+ public static function crypto_aead_aegis256_keygen()
+ {
+ return random_bytes(self::CRYPTO_AEAD_AEGIS256_KEYBYTES);
+ }
+
+ /**
* Is AES-256-GCM even available to use?
*
* @return bool
@@ -351,6 +594,7 @@
$ciphertext = '',
$assocData = '',
$nonce = '',
+ #[\SensitiveParameter]
$key = ''
) {
if (!self::crypto_aead_aes256gcm_is_available()) {
@@ -408,9 +652,11 @@
* @psalm-suppress MixedArgument
*/
public static function crypto_aead_aes256gcm_encrypt(
+ #[\SensitiveParameter]
$plaintext = '',
$assocData = '',
$nonce = '',
+ #[\SensitiveParameter]
$key = ''
) {
if (!self::crypto_aead_aes256gcm_is_available()) {
@@ -484,6 +730,7 @@
$ciphertext = '',
$assocData = '',
$nonce = '',
+ #[\SensitiveParameter]
$key = ''
) {
/* Type checks: */
@@ -561,9 +808,11 @@
* @psalm-suppress MixedArgument
*/
public static function crypto_aead_chacha20poly1305_encrypt(
+ #[\SensitiveParameter]
$plaintext = '',
$assocData = '',
$nonce = '',
+ #[\SensitiveParameter]
$key = ''
) {
/* Type checks: */
@@ -638,6 +887,7 @@
$ciphertext = '',
$assocData = '',
$nonce = '',
+ #[\SensitiveParameter]
$key = ''
) {
/* Type checks: */
@@ -728,9 +978,11 @@
* @psalm-suppress MixedArgument
*/
public static function crypto_aead_chacha20poly1305_ietf_encrypt(
+ #[\SensitiveParameter]
$plaintext = '',
$assocData = '',
$nonce = '',
+ #[\SensitiveParameter]
$key = ''
) {
/* Type checks: */
@@ -819,6 +1071,7 @@
$ciphertext = '',
$assocData = '',
$nonce = '',
+ #[\SensitiveParameter]
$key = '',
$dontFallback = false
) {
@@ -891,9 +1144,11 @@
* @psalm-suppress MixedArgument
*/
public static function crypto_aead_xchacha20poly1305_ietf_encrypt(
+ #[\SensitiveParameter]
$plaintext = '',
$assocData = '',
$nonce = '',
+ #[\SensitiveParameter]
$key = '',
$dontFallback = false
) {
@@ -971,8 +1226,11 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_auth($message, $key)
- {
+ public static function crypto_auth(
+ $message,
+ #[\SensitiveParameter]
+ $key
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 2);
@@ -1016,8 +1274,12 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_auth_verify($mac, $message, $key)
- {
+ public static function crypto_auth_verify(
+ $mac,
+ $message,
+ #[\SensitiveParameter]
+ $key
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($mac, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 2);
@@ -1060,8 +1322,12 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_box($plaintext, $nonce, $keypair)
- {
+ public static function crypto_box(
+ $plaintext,
+ $nonce,
+ #[\SensitiveParameter]
+ $keypair
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
@@ -1104,8 +1370,11 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_box_seal($plaintext, $publicKey)
- {
+ public static function crypto_box_seal(
+ #[\SensitiveParameter]
+ $plaintext,
+ $publicKey
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 2);
@@ -1142,8 +1411,11 @@
* @psalm-suppress MixedInferredReturnType
* @psalm-suppress MixedReturnStatement
*/
- public static function crypto_box_seal_open($ciphertext, $keypair)
- {
+ public static function crypto_box_seal_open(
+ $ciphertext,
+ #[\SensitiveParameter]
+ $keypair
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 2);
@@ -1205,8 +1477,11 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_box_keypair_from_secretkey_and_publickey($secretKey, $publicKey)
- {
+ public static function crypto_box_keypair_from_secretkey_and_publickey(
+ #[\SensitiveParameter]
+ $secretKey,
+ $publicKey
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 2);
@@ -1244,8 +1519,12 @@
* @psalm-suppress MixedInferredReturnType
* @psalm-suppress MixedReturnStatement
*/
- public static function crypto_box_open($ciphertext, $nonce, $keypair)
- {
+ public static function crypto_box_open(
+ $ciphertext,
+ $nonce,
+ #[\SensitiveParameter]
+ $keypair
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
@@ -1287,8 +1566,10 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_box_publickey($keypair)
- {
+ public static function crypto_box_publickey(
+ #[\SensitiveParameter]
+ $keypair
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1);
@@ -1318,8 +1599,10 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_box_publickey_from_secretkey($secretKey)
- {
+ public static function crypto_box_publickey_from_secretkey(
+ #[\SensitiveParameter]
+ $secretKey
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 1);
@@ -1349,8 +1632,10 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_box_secretkey($keypair)
- {
+ public static function crypto_box_secretkey(
+ #[\SensitiveParameter]
+ $keypair
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1);
@@ -1381,8 +1666,10 @@
* @psalm-suppress MixedArgument
* @psalm-suppress UndefinedFunction
*/
- public static function crypto_box_seed_keypair($seed)
- {
+ public static function crypto_box_seed_keypair(
+ #[\SensitiveParameter]
+ $seed
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($seed, 'string', 1);
@@ -1411,8 +1698,12 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_generichash($message, $key = '', $length = self::CRYPTO_GENERICHASH_BYTES)
- {
+ public static function crypto_generichash(
+ $message,
+ #[\SensitiveParameter]
+ $key = '',
+ $length = self::CRYPTO_GENERICHASH_BYTES
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
if (is_null($key)) {
@@ -1455,8 +1746,11 @@
* @psalm-suppress ReferenceConstraintViolation
* @psalm-suppress ConflictingReferenceConstraint
*/
- public static function crypto_generichash_final(&$ctx, $length = self::CRYPTO_GENERICHASH_BYTES)
- {
+ public static function crypto_generichash_final(
+ #[\SensitiveParameter]
+ &$ctx,
+ $length = self::CRYPTO_GENERICHASH_BYTES
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($ctx, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($length, 'int', 2);
@@ -1500,8 +1794,11 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_generichash_init($key = '', $length = self::CRYPTO_GENERICHASH_BYTES)
- {
+ public static function crypto_generichash_init(
+ #[\SensitiveParameter]
+ $key = '',
+ $length = self::CRYPTO_GENERICHASH_BYTES
+ ) {
/* Type checks: */
if (is_null($key)) {
$key = '';
@@ -1545,6 +1842,7 @@
* @psalm-suppress MixedArgument
*/
public static function crypto_generichash_init_salt_personal(
+ #[\SensitiveParameter]
$key = '',
$length = self::CRYPTO_GENERICHASH_BYTES,
$salt = '',
@@ -1591,8 +1889,11 @@
* @psalm-suppress MixedArgument
* @psalm-suppress ReferenceConstraintViolation
*/
- public static function crypto_generichash_update(&$ctx, $message)
- {
+ public static function crypto_generichash_update(
+ #[\SensitiveParameter]
+ &$ctx,
+ $message
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($ctx, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 2);
@@ -1635,6 +1936,7 @@
$subkey_len,
$subkey_id,
$context,
+ #[\SensitiveParameter]
$key
) {
ParagonIE_Sodium_Core_Util::declareScalarType($subkey_len, 'int', 1);
@@ -1712,8 +2014,14 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_kx($my_secret, $their_public, $client_public, $server_public, $dontFallback = false)
- {
+ public static function crypto_kx(
+ #[\SensitiveParameter]
+ $my_secret,
+ $their_public,
+ $client_public,
+ $server_public,
+ $dontFallback = false
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($my_secret, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($their_public, 'string', 2);
@@ -1774,8 +2082,10 @@
* @return string
* @throws SodiumException
*/
- public static function crypto_kx_seed_keypair($seed)
- {
+ public static function crypto_kx_seed_keypair(
+ #[\SensitiveParameter]
+ $seed
+ ) {
ParagonIE_Sodium_Core_Util::declareScalarType($seed, 'string', 1);
$seed = (string) $seed;
@@ -1806,8 +2116,11 @@
* @return array{0: string, 1: string}
* @throws SodiumException
*/
- public static function crypto_kx_client_session_keys($keypair, $serverPublicKey)
- {
+ public static function crypto_kx_client_session_keys(
+ #[\SensitiveParameter]
+ $keypair,
+ $serverPublicKey
+ ) {
ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($serverPublicKey, 'string', 2);
@@ -1848,8 +2161,11 @@
* @return array{0: string, 1: string}
* @throws SodiumException
*/
- public static function crypto_kx_server_session_keys($keypair, $clientPublicKey)
- {
+ public static function crypto_kx_server_session_keys(
+ #[\SensitiveParameter]
+ $keypair,
+ $clientPublicKey
+ ) {
ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($clientPublicKey, 'string', 2);
@@ -1889,8 +2205,10 @@
* @return string
* @throws SodiumException
*/
- public static function crypto_kx_secretkey($kp)
- {
+ public static function crypto_kx_secretkey(
+ #[\SensitiveParameter]
+ $kp
+ ) {
return ParagonIE_Sodium_Core_Util::substr(
$kp,
0,
@@ -1924,8 +2242,15 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_pwhash($outlen, $passwd, $salt, $opslimit, $memlimit, $alg = null)
- {
+ public static function crypto_pwhash(
+ $outlen,
+ #[\SensitiveParameter]
+ $passwd,
+ $salt,
+ $opslimit,
+ $memlimit,
+ $alg = null
+ ) {
ParagonIE_Sodium_Core_Util::declareScalarType($outlen, 'int', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 2);
ParagonIE_Sodium_Core_Util::declareScalarType($salt, 'string', 3);
@@ -1976,8 +2301,12 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_pwhash_str($passwd, $opslimit, $memlimit)
- {
+ public static function crypto_pwhash_str(
+ #[\SensitiveParameter]
+ $passwd,
+ $opslimit,
+ $memlimit
+ ) {
ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($opslimit, 'int', 2);
ParagonIE_Sodium_Core_Util::declareScalarType($memlimit, 'int', 3);
@@ -2003,8 +2332,12 @@
* @return bool
* @throws SodiumException
*/
- public static function crypto_pwhash_str_needs_rehash($hash, $opslimit, $memlimit)
- {
+ public static function crypto_pwhash_str_needs_rehash(
+ #[\SensitiveParameter]
+ $hash,
+ $opslimit,
+ $memlimit
+ ) {
ParagonIE_Sodium_Core_Util::declareScalarType($hash, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($opslimit, 'int', 2);
ParagonIE_Sodium_Core_Util::declareScalarType($memlimit, 'int', 3);
@@ -2032,8 +2365,12 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_pwhash_str_verify($passwd, $hash)
- {
+ public static function crypto_pwhash_str_verify(
+ #[\SensitiveParameter]
+ $passwd,
+ #[\SensitiveParameter]
+ $hash
+ ) {
ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($hash, 'string', 2);
@@ -2059,8 +2396,14 @@
* @throws SodiumException
* @throws TypeError
*/
- public static function crypto_pwhash_scryptsalsa208sha256($outlen, $passwd, $salt, $opslimit, $memlimit)
- {
+ public static function crypto_pwhash_scryptsalsa208sha256(
+ $outlen,
+ #[\SensitiveParameter]
+ $passwd,
+ $salt,
+ $opslimit,
+ $memlimit
+ ) {
ParagonIE_Sodium_Core_Util::declareScalarType($outlen, 'int', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 2);
ParagonIE_Sodium_Core_Util::declareScalarType($salt, 'string', 3);
@@ -2119,8 +2462,12 @@
* @throws SodiumException
* @throws TypeError
*/
- public static function crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit, $memlimit)
- {
+ public static function crypto_pwhash_scryptsalsa208sha256_str(
+ #[\SensitiveParameter]
+ $passwd,
+ $opslimit,
+ $memlimit
+ ) {
ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($opslimit, 'int', 2);
ParagonIE_Sodium_Core_Util::declareScalarType($memlimit, 'int', 3);
@@ -2153,8 +2500,12 @@
* @throws SodiumException
* @throws TypeError
*/
- public static function crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash)
- {
+ public static function crypto_pwhash_scryptsalsa208sha256_str_verify(
+ #[\SensitiveParameter]
+ $passwd,
+ #[\SensitiveParameter]
+ $hash
+ ) {
ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($hash, 'string', 2);
@@ -2190,8 +2541,11 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_scalarmult($secretKey, $publicKey)
- {
+ public static function crypto_scalarmult(
+ #[\SensitiveParameter]
+ $secretKey,
+ $publicKey
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 2);
@@ -2234,8 +2588,10 @@
* @psalm-suppress TooFewArguments
* @psalm-suppress MixedArgument
*/
- public static function crypto_scalarmult_base($secretKey)
- {
+ public static function crypto_scalarmult_base(
+ #[\SensitiveParameter]
+ $secretKey
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 1);
@@ -2272,8 +2628,13 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_secretbox($plaintext, $nonce, $key)
- {
+ public static function crypto_secretbox(
+ #[\SensitiveParameter]
+ $plaintext,
+ $nonce,
+ #[\SensitiveParameter]
+ $key
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
@@ -2312,8 +2673,12 @@
* @psalm-suppress MixedInferredReturnType
* @psalm-suppress MixedReturnStatement
*/
- public static function crypto_secretbox_open($ciphertext, $nonce, $key)
- {
+ public static function crypto_secretbox_open(
+ $ciphertext,
+ $nonce,
+ #[\SensitiveParameter]
+ $key
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
@@ -2398,8 +2763,12 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_secretbox_xchacha20poly1305_open($ciphertext, $nonce, $key)
- {
+ public static function crypto_secretbox_xchacha20poly1305_open(
+ $ciphertext,
+ $nonce,
+ #[\SensitiveParameter]
+ $key
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
@@ -2425,8 +2794,10 @@
* @throws Exception
* @throws SodiumException
*/
- public static function crypto_secretstream_xchacha20poly1305_init_push($key)
- {
+ public static function crypto_secretstream_xchacha20poly1305_init_push(
+ #[\SensitiveParameter]
+ $key
+ ) {
if (PHP_INT_SIZE === 4) {
return ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_init_push($key);
}
@@ -2439,8 +2810,11 @@
* @return string Returns a state.
* @throws Exception
*/
- public static function crypto_secretstream_xchacha20poly1305_init_pull($header, $key)
- {
+ public static function crypto_secretstream_xchacha20poly1305_init_pull(
+ $header,
+ #[\SensitiveParameter]
+ $key
+ ) {
if (ParagonIE_Sodium_Core_Util::strlen($header) < self::CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES) {
throw new SodiumException(
'header size should be SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES bytes'
@@ -2460,8 +2834,14 @@
* @return string
* @throws SodiumException
*/
- public static function crypto_secretstream_xchacha20poly1305_push(&$state, $msg, $aad = '', $tag = 0)
- {
+ public static function crypto_secretstream_xchacha20poly1305_push(
+ #[\SensitiveParameter]
+ &$state,
+ #[\SensitiveParameter]
+ $msg,
+ $aad = '',
+ $tag = 0
+ ) {
if (PHP_INT_SIZE === 4) {
return ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_push(
$state,
@@ -2485,8 +2865,12 @@
* @return bool|array{0: string, 1: int}
* @throws SodiumException
*/
- public static function crypto_secretstream_xchacha20poly1305_pull(&$state, $msg, $aad = '')
- {
+ public static function crypto_secretstream_xchacha20poly1305_pull(
+ #[\SensitiveParameter]
+ &$state,
+ $msg,
+ $aad = ''
+ ) {
if (PHP_INT_SIZE === 4) {
return ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_pull(
$state,
@@ -2515,8 +2899,10 @@
* @return void
* @throws SodiumException
*/
- public static function crypto_secretstream_xchacha20poly1305_rekey(&$state)
- {
+ public static function crypto_secretstream_xchacha20poly1305_rekey(
+ #[\SensitiveParameter]
+ &$state
+ ) {
if (PHP_INT_SIZE === 4) {
ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_rekey($state);
} else {
@@ -2536,8 +2922,11 @@
* @psalm-suppress MixedInferredReturnType
* @psalm-suppress MixedReturnStatement
*/
- public static function crypto_shorthash($message, $key)
- {
+ public static function crypto_shorthash(
+ $message,
+ #[\SensitiveParameter]
+ $key
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 2);
@@ -2586,8 +2975,11 @@
* @psalm-suppress MixedInferredReturnType
* @psalm-suppress MixedReturnStatement
*/
- public static function crypto_sign($message, $secretKey)
- {
+ public static function crypto_sign(
+ $message,
+ #[\SensitiveParameter]
+ $secretKey
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 2);
@@ -2622,8 +3014,10 @@
* @psalm-suppress MixedInferredReturnType
* @psalm-suppress MixedReturnStatement
*/
- public static function crypto_sign_open($signedMessage, $publicKey)
- {
+ public static function crypto_sign_open(
+ $signedMessage,
+ $publicKey
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($signedMessage, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 2);
@@ -2679,8 +3073,11 @@
* @return string
* @throws SodiumException
*/
- public static function crypto_sign_keypair_from_secretkey_and_publickey($sk, $pk)
- {
+ public static function crypto_sign_keypair_from_secretkey_and_publickey(
+ #[\SensitiveParameter]
+ $sk,
+ $pk
+ ) {
ParagonIE_Sodium_Core_Util::declareScalarType($sk, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($pk, 'string', 1);
$sk = (string) $sk;
@@ -2708,8 +3105,10 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_sign_seed_keypair($seed)
- {
+ public static function crypto_sign_seed_keypair(
+ #[\SensitiveParameter]
+ $seed
+ ) {
ParagonIE_Sodium_Core_Util::declareScalarType($seed, 'string', 1);
if (self::useNewSodiumAPI()) {
@@ -2737,8 +3136,10 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_sign_publickey($keypair)
- {
+ public static function crypto_sign_publickey(
+ #[\SensitiveParameter]
+ $keypair
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1);
@@ -2768,8 +3169,10 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_sign_publickey_from_secretkey($secretKey)
- {
+ public static function crypto_sign_publickey_from_secretkey(
+ #[\SensitiveParameter]
+ $secretKey
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 1);
@@ -2799,8 +3202,10 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_sign_secretkey($keypair)
- {
+ public static function crypto_sign_secretkey(
+ #[\SensitiveParameter]
+ $keypair
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1);
@@ -2833,8 +3238,11 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_sign_detached($message, $secretKey)
- {
+ public static function crypto_sign_detached(
+ $message,
+ #[\SensitiveParameter]
+ $secretKey
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 2);
@@ -2941,8 +3349,10 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_sign_ed25519_sk_to_curve25519($sk)
- {
+ public static function crypto_sign_ed25519_sk_to_curve25519(
+ #[\SensitiveParameter]
+ $sk
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($sk, 'string', 1);
@@ -2983,8 +3393,12 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_stream($len, $nonce, $key)
- {
+ public static function crypto_stream(
+ $len,
+ $nonce,
+ #[\SensitiveParameter]
+ $key
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($len, 'int', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
@@ -3030,8 +3444,13 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_stream_xor($message, $nonce, $key)
- {
+ public static function crypto_stream_xor(
+ #[\SensitiveParameter]
+ $message,
+ $nonce,
+ #[\SensitiveParameter]
+ $key
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
@@ -3085,8 +3504,13 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_stream_xchacha20($len, $nonce, $key, $dontFallback = false)
- {
+ public static function crypto_stream_xchacha20(
+ $len,
+ $nonce,
+ #[\SensitiveParameter]
+ $key,
+ $dontFallback = false
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($len, 'int', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
@@ -3130,8 +3554,14 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_stream_xchacha20_xor($message, $nonce, $key, $dontFallback = false)
- {
+ public static function crypto_stream_xchacha20_xor(
+ #[\SensitiveParameter]
+ $message,
+ $nonce,
+ #[\SensitiveParameter]
+ $key,
+ $dontFallback = false
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
@@ -3176,8 +3606,15 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key, $dontFallback = false)
- {
+ public static function crypto_stream_xchacha20_xor_ic(
+ #[\SensitiveParameter]
+ $message,
+ $nonce,
+ $counter,
+ #[\SensitiveParameter]
+ $key,
+ $dontFallback = false
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
@@ -3226,8 +3663,11 @@
* @psalm-suppress TooFewArguments
* @psalm-suppress MixedArgument
*/
- public static function hex2bin($string, $ignore = '')
- {
+ public static function hex2bin(
+ #[\SensitiveParameter]
+ $string,
+ $ignore = ''
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($string, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($ignore, 'string', 2);
@@ -3253,8 +3693,10 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function increment(&$var)
- {
+ public static function increment(
+ #[\SensitiveParameter]
+ &$var
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($var, 'string', 1);
@@ -3287,8 +3729,10 @@
*
* @throws SodiumException
*/
- public static function is_zero($str)
- {
+ public static function is_zero(
+ #[\SensitiveParameter]
+ $str
+ ) {
$d = 0;
for ($i = 0; $i < 32; ++$i) {
$d |= ParagonIE_Sodium_Core_Util::chrToInt($str[$i]);
@@ -3342,8 +3786,12 @@
* @throws TypeError
* @psalm-suppress MixedArgument
*/
- public static function memcmp($left, $right)
- {
+ public static function memcmp(
+ #[\SensitiveParameter]
+ $left,
+ #[\SensitiveParameter]
+ $right
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($left, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($right, 'string', 2);
@@ -3371,8 +3819,10 @@
* @throws TypeError
* @psalm-suppress TooFewArguments
*/
- public static function memzero(&$var)
- {
+ public static function memzero(
+ #[\SensitiveParameter]
+ &$var
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($var, 'string', 1);
@@ -3402,8 +3852,12 @@
* @return string
* @throws SodiumException
*/
- public static function pad($unpadded, $blockSize, $dontFallback = false)
- {
+ public static function pad(
+ #[\SensitiveParameter]
+ $unpadded,
+ $blockSize,
+ $dontFallback = false
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($unpadded, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($blockSize, 'int', 2);
@@ -3488,8 +3942,12 @@
* @return string
* @throws SodiumException
*/
- public static function unpad($padded, $blockSize, $dontFallback = false)
- {
+ public static function unpad(
+ #[\SensitiveParameter]
+ $padded,
+ $blockSize,
+ $dontFallback = false
+ ) {
/* Type checks: */
ParagonIE_Sodium_Core_Util::declareScalarType($padded, 'string', 1);
ParagonIE_Sodium_Core_Util::declareScalarType($blockSize, 'int', 2);
@@ -3643,8 +4101,11 @@
* @return bool
* @throws SodiumException
*/
- public static function ristretto255_is_valid_point($p, $dontFallback = false)
- {
+ public static function ristretto255_is_valid_point(
+ #[\SensitiveParameter]
+ $p,
+ $dontFallback = false
+ ) {
if (self::useNewSodiumAPI() && !$dontFallback) {
return sodium_crypto_core_ristretto255_is_valid_point($p);
}
@@ -3667,8 +4128,13 @@
* @return string
* @throws SodiumException
*/
- public static function ristretto255_add($p, $q, $dontFallback = false)
- {
+ public static function ristretto255_add(
+ #[\SensitiveParameter]
+ $p,
+ #[\SensitiveParameter]
+ $q,
+ $dontFallback = false
+ ) {
if (self::useNewSodiumAPI() && !$dontFallback) {
return sodium_crypto_core_ristretto255_add($p, $q);
}
@@ -3682,8 +4148,13 @@
* @return string
* @throws SodiumException
*/
- public static function ristretto255_sub($p, $q, $dontFallback = false)
- {
+ public static function ristretto255_sub(
+ #[\SensitiveParameter]
+ $p,
+ #[\SensitiveParameter]
+ $q,
+ $dontFallback = false
+ ) {
if (self::useNewSodiumAPI() && !$dontFallback) {
return sodium_crypto_core_ristretto255_sub($p, $q);
}
@@ -3697,8 +4168,11 @@
*
* @throws SodiumException
*/
- public static function ristretto255_from_hash($r, $dontFallback = false)
- {
+ public static function ristretto255_from_hash(
+ #[\SensitiveParameter]
+ $r,
+ $dontFallback = false
+ ) {
if (self::useNewSodiumAPI() && !$dontFallback) {
return sodium_crypto_core_ristretto255_from_hash($r);
}
@@ -3739,8 +4213,11 @@
* @return string
* @throws SodiumException
*/
- public static function ristretto255_scalar_invert($s, $dontFallback = false)
- {
+ public static function ristretto255_scalar_invert(
+ #[\SensitiveParameter]
+ $s,
+ $dontFallback = false
+ ) {
if (self::useNewSodiumAPI() && !$dontFallback) {
return sodium_crypto_core_ristretto255_scalar_invert($s);
}
@@ -3752,8 +4229,11 @@
* @return string
* @throws SodiumException
*/
- public static function ristretto255_scalar_negate($s, $dontFallback = false)
- {
+ public static function ristretto255_scalar_negate(
+ #[\SensitiveParameter]
+ $s,
+ $dontFallback = false
+ ) {
if (self::useNewSodiumAPI() && !$dontFallback) {
return sodium_crypto_core_ristretto255_scalar_negate($s);
}
@@ -3766,8 +4246,11 @@
* @return string
* @throws SodiumException
*/
- public static function ristretto255_scalar_complement($s, $dontFallback = false)
- {
+ public static function ristretto255_scalar_complement(
+ #[\SensitiveParameter]
+ $s,
+ $dontFallback = false
+ ) {
if (self::useNewSodiumAPI() && !$dontFallback) {
return sodium_crypto_core_ristretto255_scalar_complement($s);
}
@@ -3781,8 +4264,13 @@
* @return string
* @throws SodiumException
*/
- public static function ristretto255_scalar_add($x, $y, $dontFallback = false)
- {
+ public static function ristretto255_scalar_add(
+ #[\SensitiveParameter]
+ $x,
+ #[\SensitiveParameter]
+ $y,
+ $dontFallback = false
+ ) {
if (self::useNewSodiumAPI() && !$dontFallback) {
return sodium_crypto_core_ristretto255_scalar_add($x, $y);
}
@@ -3796,8 +4284,13 @@
* @return string
* @throws SodiumException
*/
- public static function ristretto255_scalar_sub($x, $y, $dontFallback = false)
- {
+ public static function ristretto255_scalar_sub(
+ #[\SensitiveParameter]
+ $x,
+ #[\SensitiveParameter]
+ $y,
+ $dontFallback = false
+ ) {
if (self::useNewSodiumAPI() && !$dontFallback) {
return sodium_crypto_core_ristretto255_scalar_sub($x, $y);
}
@@ -3811,8 +4304,13 @@
* @return string
* @throws SodiumException
*/
- public static function ristretto255_scalar_mul($x, $y, $dontFallback = false)
- {
+ public static function ristretto255_scalar_mul(
+ #[\SensitiveParameter]
+ $x,
+ #[\SensitiveParameter]
+ $y,
+ $dontFallback = false
+ ) {
if (self::useNewSodiumAPI() && !$dontFallback) {
return sodium_crypto_core_ristretto255_scalar_mul($x, $y);
}
@@ -3826,8 +4324,13 @@
* @return string
* @throws SodiumException
*/
- public static function scalarmult_ristretto255($n, $p, $dontFallback = false)
- {
+ public static function scalarmult_ristretto255(
+ #[\SensitiveParameter]
+ $n,
+ #[\SensitiveParameter]
+ $p,
+ $dontFallback = false
+ ) {
if (self::useNewSodiumAPI() && !$dontFallback) {
return sodium_crypto_scalarmult_ristretto255($n, $p);
}
@@ -3841,8 +4344,11 @@
* @return string
* @throws SodiumException
*/
- public static function scalarmult_ristretto255_base($n, $dontFallback = false)
- {
+ public static function scalarmult_ristretto255_base(
+ #[\SensitiveParameter]
+ $n,
+ $dontFallback = false
+ ) {
if (self::useNewSodiumAPI() && !$dontFallback) {
return sodium_crypto_scalarmult_ristretto255_base($n);
}
@@ -3855,8 +4361,11 @@
* @return string
* @throws SodiumException
*/
- public static function ristretto255_scalar_reduce($s, $dontFallback = false)
- {
+ public static function ristretto255_scalar_reduce(
+ #[\SensitiveParameter]
+ $s,
+ $dontFallback = false
+ ) {
if (self::useNewSodiumAPI() && !$dontFallback) {
return sodium_crypto_core_ristretto255_scalar_reduce($s);
}
@@ -3910,8 +4419,12 @@
* @return void
* @throws SodiumException
*/
- public static function sub(&$val, $addv)
- {
+ public static function sub(
+ #[\SensitiveParameter]
+ &$val,
+ #[\SensitiveParameter]
+ $addv
+ ) {
$val_len = ParagonIE_Sodium_Core_Util::strlen($val);
$addv_len = ParagonIE_Sodium_Core_Util::strlen($addv);
if ($val_len !== $addv_len) {