Boyscouting for 32-bit mode

paragonie · Mar 23, 2022 · 78ae7d7 · 78ae7d7
1 parent 2d8442e
commit 78ae7d7
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 57 deletions.
diff --git a/src/Core/Curve25519.php b/src/Core/Curve25519.php
@@ -2550,7 +2550,7 @@ public static function sc_reduce($s)
         $s20 = 2097151 & (self::load_4(self::substr($s, 52, 4)) >> 4);
         $s21 = 2097151 & (self::load_3(self::substr($s, 55, 3)) >> 1);
         $s22 = 2097151 & (self::load_4(self::substr($s, 57, 4)) >> 6);
-        $s23 = (self::load_4(self::substr($s, 60, 4)) >> 3);
+        $s23 = 0x1fffffff & (self::load_4(self::substr($s, 60, 4)) >> 3);
 
         $s11 += self::mul($s23,  666643, 20);
         $s12 += self::mul($s23,  470296, 19);

diff --git a/src/Core32/Curve25519.php b/src/Core32/Curve25519.php
@@ -325,25 +325,15 @@ public static function fe_tobytes(ParagonIE_Sodium_Core32_Curve25519_Fe $h)
         $carry9 = $f[9]->shiftRight(25);
         $f[9] = $f[9]->subInt64($carry9->shiftLeft(25));
 
-        /** @var int $h0 */
         $h0 = $f[0]->toInt32()->toInt();
-        /** @var int $h1 */
         $h1 = $f[1]->toInt32()->toInt();
-        /** @var int $h2 */
         $h2 = $f[2]->toInt32()->toInt();
-        /** @var int $h3 */
         $h3 = $f[3]->toInt32()->toInt();
-        /** @var int $h4 */
         $h4 = $f[4]->toInt32()->toInt();
-        /** @var int $h5 */
         $h5 = $f[5]->toInt32()->toInt();
-        /** @var int $h6 */
         $h6 = $f[6]->toInt32()->toInt();
-        /** @var int $h7 */
         $h7 = $f[7]->toInt32()->toInt();
-        /** @var int $h8 */
         $h8 = $f[8]->toInt32()->toInt();
-        /** @var int $h9 */
         $h9 = $f[9]->toInt32()->toInt();
 
         /**
@@ -418,7 +408,6 @@ public static function fe_isnonzero(ParagonIE_Sodium_Core32_Curve25519_Fe $f)
         if ($zero === null) {
             $zero = str_repeat("\x00", 32);
         }
-        /** @var string $str */
         $str = self::fe_tobytes($f);
         /** @var string $zero */
         return !self::verify_32($str, $zero);
@@ -497,15 +486,10 @@ public static function fe_mul(
         $g7_19 = $g7->mulInt(19, 5);
         $g8_19 = $g8->mulInt(19, 5);
         $g9_19 = $g9->mulInt(19, 5);
-        /** @var ParagonIE_Sodium_Core32_Int64 $f1_2 */
         $f1_2 = $f1->shiftLeft(1);
-        /** @var ParagonIE_Sodium_Core32_Int64 $f3_2 */
         $f3_2 = $f3->shiftLeft(1);
-        /** @var ParagonIE_Sodium_Core32_Int64 $f5_2 */
         $f5_2 = $f5->shiftLeft(1);
-        /** @var ParagonIE_Sodium_Core32_Int64 $f7_2 */
         $f7_2 = $f7->shiftLeft(1);
-        /** @var ParagonIE_Sodium_Core32_Int64 $f9_2 */
         $f9_2 = $f9->shiftLeft(1);
         $f0g0    = $f0->mulInt64($g0, 27);
         $f0g1    = $f0->mulInt64($g1, 27);
@@ -775,28 +759,17 @@ public static function fe_neg(ParagonIE_Sodium_Core32_Curve25519_Fe $f)
      */
     public static function fe_sq(ParagonIE_Sodium_Core32_Curve25519_Fe $f)
     {
-        /** @var ParagonIE_Sodium_Core32_Int64 $f0 */
         $f0 = $f[0]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f1 */
         $f1 = $f[1]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f2 */
         $f2 = $f[2]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f3 */
         $f3 = $f[3]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f4 */
         $f4 = $f[4]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f5 */
         $f5 = $f[5]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f6 */
         $f6 = $f[6]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f7 */
         $f7 = $f[7]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f8 */
         $f8 = $f[8]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f9 */
         $f9 = $f[9]->toInt64();
 
-        /** @var ParagonIE_Sodium_Core32_Int64 $f0_2 */
         $f0_2 = $f0->shiftLeft(1);
         $f1_2 = $f1->shiftLeft(1);
         $f2_2 = $f2->shiftLeft(1);
@@ -810,7 +783,7 @@ public static function fe_sq(ParagonIE_Sodium_Core32_Curve25519_Fe $f)
         $f7_38 = $f7->mulInt(38, 6);
         $f8_19 = $f8->mulInt(19, 5);
         $f9_38 = $f9->mulInt(38, 6);
-        /** @var ParagonIE_Sodium_Core32_Int64 $f0f0*/
+
         $f0f0    = $f0->mulInt64($f0, 28);
         $f0f1_2  = $f0_2->mulInt64($f1, 28);
         $f0f2_2 =  $f0_2->mulInt64($f2, 28);
@@ -979,25 +952,15 @@ public static function fe_sq(ParagonIE_Sodium_Core32_Curve25519_Fe $f)
      */
     public static function fe_sq2(ParagonIE_Sodium_Core32_Curve25519_Fe $f)
     {
-        /** @var ParagonIE_Sodium_Core32_Int64 $f0 */
         $f0 = $f[0]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f1 */
         $f1 = $f[1]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f2 */
         $f2 = $f[2]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f3 */
         $f3 = $f[3]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f4 */
         $f4 = $f[4]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f5 */
         $f5 = $f[5]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f6 */
         $f6 = $f[6]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f7 */
         $f7 = $f[7]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f8 */
         $f8 = $f[8]->toInt64();
-        /** @var ParagonIE_Sodium_Core32_Int64 $f9 */
         $f9 = $f[9]->toInt64();
 
         $f0_2 = $f0->shiftLeft(1);
@@ -1479,7 +1442,6 @@ public static function ge_frombytes_negate_vartime($s)
     {
         static $d = null;
         if (!$d) {
-            /** @var ParagonIE_Sodium_Core32_Curve25519_Fe $d */
             $d = ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray(
                 array(
                     ParagonIE_Sodium_Core32_Int32::fromInt(self::$d[0]),
@@ -1495,6 +1457,7 @@ public static function ge_frombytes_negate_vartime($s)
                 )
             );
         }
+        /** @var ParagonIE_Sodium_Core32_Curve25519_Fe $d */
 
         # fe_frombytes(h->Y,s);
         # fe_1(h->Z);
@@ -2235,9 +2198,7 @@ public static function ge_scalarmult_base($a)
         $carry = 0;
         for ($i = 0; $i < 63; ++$i) {
             $e[$i] += $carry;
-            /** @var int $carry */
             $carry = $e[$i] + 8;
-            /** @var int $carry */
             $carry >>= 4;
             $e[$i] -= $carry << 4;
         }
@@ -3145,7 +3106,6 @@ public static function sc_reduce($s)
      */
     public static function ge_mul_l(ParagonIE_Sodium_Core32_Curve25519_Ge_P3 $A)
     {
-        /** @var array<int, int> $aslide */
         $aslide = array(
             13, 0, 0, 0, 0, -1, 0, 0, 0, 0, -11, 0, 0, 0, 0, 0, 0, -5, 0, 0, 0,
             0, 0, 0, -3, 0, 0, 0, 0, -13, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 3, 0,

diff --git a/src/Core32/XChaCha20.php b/src/Core32/XChaCha20.php
@@ -61,4 +61,27 @@ public static function streamXorIc($message, $nonce = '', $key = '', $ic = '')
             $message
         );
     }
+
+    /**
+     * @internal You should not use this directly from another application
+     *
+     * @param string $message
+     * @param string $nonce
+     * @param string $key
+     * @param string $ic
+     * @return string
+     * @throws SodiumException
+     * @throws TypeError
+     */
+    public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '')
+    {
+        return self::encryptBytes(
+            new ParagonIE_Sodium_Core32_ChaCha20_IetfCtx(
+                self::hChaCha20(self::substr($nonce, 0, 16), $key),
+                "\x00\x00\x00\x00" . self::substr($nonce, 16, 8),
+                $ic
+            ),
+            $message
+        );
+    }
 }
diff --git a/src/File.php b/src/File.php
@@ -1154,19 +1154,15 @@ public static function updateHashWithFile($hash, $fp, $size = 0)
      */
     private static function sign_core32($filePath, $secretKey)
     {
-        /** @var int|bool $size */
         $size = filesize($filePath);
         if (!is_int($size)) {
             throw new SodiumException('Could not obtain the file size');
         }
-        /** @var int $size */
 
-        /** @var resource|bool $fp */
         $fp = fopen($filePath, 'rb');
         if (!is_resource($fp)) {
             throw new SodiumException('Could not open input file for reading');
         }
-        /** @var resource $fp */
 
         /** @var string $az */
         $az = hash('sha512', self::substr($secretKey, 0, 32), true);
@@ -1179,16 +1175,9 @@ private static function sign_core32($filePath, $secretKey)
         /** @var resource $hs */
         $hs = self::updateHashWithFile($hs, $fp, $size);
 
-        /** @var string $nonceHash */
         $nonceHash = hash_final($hs, true);
-
-        /** @var string $pk */
         $pk = self::substr($secretKey, 32, 32);
-
-        /** @var string $nonce */
         $nonce = ParagonIE_Sodium_Core32_Ed25519::sc_reduce($nonceHash) . self::substr($nonceHash, 32);
-
-        /** @var string $sig */
         $sig = ParagonIE_Sodium_Core32_Ed25519::ge_p3_tobytes(
             ParagonIE_Sodium_Core32_Ed25519::ge_scalarmult_base($nonce)
         );
@@ -1199,13 +1188,10 @@ private static function sign_core32($filePath, $secretKey)
         /** @var resource $hs */
         $hs = self::updateHashWithFile($hs, $fp, $size);
 
-        /** @var string $hramHash */
         $hramHash = hash_final($hs, true);
 
-        /** @var string $hram */
         $hram = ParagonIE_Sodium_Core32_Ed25519::sc_reduce($hramHash);
 
-        /** @var string $sigAfter */
         $sigAfter = ParagonIE_Sodium_Core32_Ed25519::sc_muladd($hram, $az, $nonce);
 
         /** @var string $sig */
@@ -1243,6 +1229,7 @@ public static function verify_core32($sig, $filePath, $publicKey)
         if (ParagonIE_Sodium_Core32_Ed25519::small_order($sig)) {
             throw new SodiumException('Signature is on too small of an order');
         }
+
         if ((self::chrToInt($sig[63]) & 224) !== 0) {
             throw new SodiumException('Invalid signature');
         }