/htdocs/wp-includes/sodium_compat/src/Core32/Curve25519.php

https://gitlab.com/VTTE/sitios-vtte · PHP · 1270 lines · 837 code · 99 blank · 334 comment · 19 complexity · 1710a1f551e1724849b60c0170863a7f MD5 · raw file 

    

  1. <?php
    2. 

  2. 

  3. if (class_exists('ParagonIE_Sodium_Core32_Curve25519', false)) {
    4. 

  4.     return;
    5. 

  5. }
    6. 

  6. 

  7. /**
    8. 

  8.  * Class ParagonIE_Sodium_Core32_Curve25519
    9. 

  9.  *
    10. 

  10.  * Implements Curve25519 core functions
    11. 

  11.  *
    12. 

  12.  * Based on the ref10 curve25519 code provided by libsodium
    13. 

  13.  *
    14. 

  14.  * @ref https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c
    15. 

  15.  */
    16. 

  16. abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core32_Curve25519_H
    17. 

  17. {
    18. 

  18.     /**
    19. 

  19.      * Get a field element of size 10 with a value of 0
    20. 

  20.      *
    21. 

  21.      * @internal You should not use this directly from another application
    22. 

  22.      *
    23. 

  23.      * @return ParagonIE_Sodium_Core32_Curve25519_Fe
    24. 

  24.      * @throws SodiumException
    25. 

  25.      * @throws TypeError
    26. 

  26.      */
    27. 

  27.     public static function fe_0()
    28. 

  28.     {
    29. 

  29.         return ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray(
    30. 

  30.             array(
    31. 

  31.                 new ParagonIE_Sodium_Core32_Int32(),
    32. 

  32.                 new ParagonIE_Sodium_Core32_Int32(),
    33. 

  33.                 new ParagonIE_Sodium_Core32_Int32(),
    34. 

  34.                 new ParagonIE_Sodium_Core32_Int32(),
    35. 

  35.                 new ParagonIE_Sodium_Core32_Int32(),
    36. 

  36.                 new ParagonIE_Sodium_Core32_Int32(),
    37. 

  37.                 new ParagonIE_Sodium_Core32_Int32(),
    38. 

  38.                 new ParagonIE_Sodium_Core32_Int32(),
    39. 

  39.                 new ParagonIE_Sodium_Core32_Int32(),
    40. 

  40.                 new ParagonIE_Sodium_Core32_Int32()
    41. 

  41.             )
    42. 

  42.         );
    43. 

  43.     }
    44. 

  44. 

  45.     /**
    46. 

  46.      * Get a field element of size 10 with a value of 1
    47. 

  47.      *
    48. 

  48.      * @internal You should not use this directly from another application
    49. 

  49.      *
    50. 

  50.      * @return ParagonIE_Sodium_Core32_Curve25519_Fe
    51. 

  51.      * @throws SodiumException
    52. 

  52.      * @throws TypeError
    53. 

  53.      */
    54. 

  54.     public static function fe_1()
    55. 

  55.     {
    56. 

  56.         return ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray(
    57. 

  57.             array(
    58. 

  58.                 ParagonIE_Sodium_Core32_Int32::fromInt(1),
    59. 

  59.                 new ParagonIE_Sodium_Core32_Int32(),
    60. 

  60.                 new ParagonIE_Sodium_Core32_Int32(),
    61. 

  61.                 new ParagonIE_Sodium_Core32_Int32(),
    62. 

  62.                 new ParagonIE_Sodium_Core32_Int32(),
    63. 

  63.                 new ParagonIE_Sodium_Core32_Int32(),
    64. 

  64.                 new ParagonIE_Sodium_Core32_Int32(),
    65. 

  65.                 new ParagonIE_Sodium_Core32_Int32(),
    66. 

  66.                 new ParagonIE_Sodium_Core32_Int32(),
    67. 

  67.                 new ParagonIE_Sodium_Core32_Int32()
    68. 

  68.             )
    69. 

  69.         );
    70. 

  70.     }
    71. 

  71. 

  72.     /**
    73. 

  73.      * Add two field elements.
    74. 

  74.      *
    75. 

  75.      * @internal You should not use this directly from another application
    76. 

  76.      *
    77. 

  77.      * @param ParagonIE_Sodium_Core32_Curve25519_Fe $f
    78. 

  78.      * @param ParagonIE_Sodium_Core32_Curve25519_Fe $g
    79. 

  79.      * @return ParagonIE_Sodium_Core32_Curve25519_Fe
    80. 

  80.      * @throws SodiumException
    81. 

  81.      * @throws TypeError
    82. 

  82.      * @psalm-suppress MixedAssignment
    83. 

  83.      * @psalm-suppress MixedMethodCall
    84. 

  84.      */
    85. 

  85.     public static function fe_add(
    86. 

  86.         ParagonIE_Sodium_Core32_Curve25519_Fe $f,
    87. 

  87.         ParagonIE_Sodium_Core32_Curve25519_Fe $g
    88. 

  88.     ) {
    89. 

  89.         $arr = array();
    90. 

  90.         for ($i = 0; $i < 10; ++$i) {
    91. 

  91.             $arr[$i] = $f[$i]->addInt32($g[$i]);
    92. 

  92.         }
    93. 

  93.         /** @var array<int, ParagonIE_Sodium_Core32_Int32> $arr */
    94. 

  94.         return ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray($arr);
    95. 

  95.     }
    96. 

  96. 

  97.     /**
    98. 

  98.      * Constant-time conditional move.
    99. 

  99.      *
    100. 

  100.      * @internal You should not use this directly from another application
    101. 

  101.      *
    102. 

  102.      * @param ParagonIE_Sodium_Core32_Curve25519_Fe $f
    103. 

  103.      * @param ParagonIE_Sodium_Core32_Curve25519_Fe $g
    104. 

  104.      * @param int $b
    105. 

  105.      * @return ParagonIE_Sodium_Core32_Curve25519_Fe
    106. 

  106.      * @throws SodiumException
    107. 

  107.      * @throws TypeError
    108. 

  108.      * @psalm-suppress MixedAssignment
    109. 

  109.      * @psalm-suppress MixedMethodCall
    110. 

  110.      */
    111. 

  111.     public static function fe_cmov(
    112. 

  112.         ParagonIE_Sodium_Core32_Curve25519_Fe $f,
    113. 

  113.         ParagonIE_Sodium_Core32_Curve25519_Fe $g,
    114. 

  114.         $b = 0
    115. 

  115.     ) {
    116. 

  116.         /** @var array<int, ParagonIE_Sodium_Core32_Int32> $h */
    117. 

  117.         $h = array();
    118. 

  118.         for ($i = 0; $i < 10; ++$i) {
    119. 

  119.             if (!($f[$i] instanceof ParagonIE_Sodium_Core32_Int32)) {
    120. 

  120.                 throw new TypeError('Expected Int32');
    121. 

  121.             }
    122. 

  122.             if (!($g[$i] instanceof ParagonIE_Sodium_Core32_Int32)) {
    123. 

  123.                 throw new TypeError('Expected Int32');
    124. 

  124.             }
    125. 

  125.             $h[$i] = $f[$i]->xorInt32(
    126. 

  126.                 $f[$i]->xorInt32($g[$i])->mask($b)
    127. 

  127.             );
    128. 

  128.         }
    129. 

  129.         /** @var array<int, ParagonIE_Sodium_Core32_Int32> $h */
    130. 

  130.         return ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray($h);
    131. 

  131.     }
    132. 

  132. 

  133.     /**
    134. 

  134.      * Create a copy of a field element.
    135. 

  135.      *
    136. 

  136.      * @internal You should not use this directly from another application
    137. 

  137.      *
    138. 

  138.      * @param ParagonIE_Sodium_Core32_Curve25519_Fe $f
    139. 

  139.      * @return ParagonIE_Sodium_Core32_Curve25519_Fe
    140. 

  140.      */
    141. 

  141.     public static function fe_copy(ParagonIE_Sodium_Core32_Curve25519_Fe $f)
    142. 

  142.     {
    143. 

  143.         $h = clone $f;
    144. 

  144.         return $h;
    145. 

  145.     }
    146. 

  146. 

  147.     /**
    148. 

  148.      * Give: 32-byte string.
    149. 

  149.      * Receive: A field element object to use for internal calculations.
    150. 

  150.      *
    151. 

  151.      * @internal You should not use this directly from another application
    152. 

  152.      *
    153. 

  153.      * @param string $s
    154. 

  154.      * @return ParagonIE_Sodium_Core32_Curve25519_Fe
    155. 

  155.      * @throws RangeException
    156. 

  156.      * @throws SodiumException
    157. 

  157.      * @throws TypeError
    158. 

  158.      * @psalm-suppress MixedMethodCall
    159. 

  159.      */
    160. 

  160.     public static function fe_frombytes($s)
    161. 

  161.     {
    162. 

  162.         if (self::strlen($s) !== 32) {
    163. 

  163.             throw new RangeException('Expected a 32-byte string.');
    164. 

  164.         }
    165. 

  165.         /** @var ParagonIE_Sodium_Core32_Int32 $h0 */
    166. 

  166.         $h0 = ParagonIE_Sodium_Core32_Int32::fromInt(
    167. 

  167.             self::load_4($s)
    168. 

  168.         );
    169. 

  169.         /** @var ParagonIE_Sodium_Core32_Int32 $h1 */
    170. 

  170.         $h1 = ParagonIE_Sodium_Core32_Int32::fromInt(
    171. 

  171.             self::load_3(self::substr($s, 4, 3)) << 6
    172. 

  172.         );
    173. 

  173.         /** @var ParagonIE_Sodium_Core32_Int32 $h2 */
    174. 

  174.         $h2 = ParagonIE_Sodium_Core32_Int32::fromInt(
    175. 

  175.             self::load_3(self::substr($s, 7, 3)) << 5
    176. 

  176.         );
    177. 

  177.         /** @var ParagonIE_Sodium_Core32_Int32 $h3 */
    178. 

  178.         $h3 = ParagonIE_Sodium_Core32_Int32::fromInt(
    179. 

  179.             self::load_3(self::substr($s, 10, 3)) << 3
    180. 

  180.         );
    181. 

  181.         /** @var ParagonIE_Sodium_Core32_Int32 $h4 */
    182. 

  182.         $h4 = ParagonIE_Sodium_Core32_Int32::fromInt(
    183. 

  183.             self::load_3(self::substr($s, 13, 3)) << 2
    184. 

  184.         );
    185. 

  185.         /** @var ParagonIE_Sodium_Core32_Int32 $h5 */
    186. 

  186.         $h5 = ParagonIE_Sodium_Core32_Int32::fromInt(
    187. 

  187.             self::load_4(self::substr($s, 16, 4))
    188. 

  188.         );
    189. 

  189.         /** @var ParagonIE_Sodium_Core32_Int32 $h6 */
    190. 

  190.         $h6 = ParagonIE_Sodium_Core32_Int32::fromInt(
    191. 

  191.             self::load_3(self::substr($s, 20, 3)) << 7
    192. 

  192.         );
    193. 

  193.         /** @var ParagonIE_Sodium_Core32_Int32 $h7 */
    194. 

  194.         $h7 = ParagonIE_Sodium_Core32_Int32::fromInt(
    195. 

  195.             self::load_3(self::substr($s, 23, 3)) << 5
    196. 

  196.         );
    197. 

  197.         /** @var ParagonIE_Sodium_Core32_Int32 $h8 */
    198. 

  198.         $h8 = ParagonIE_Sodium_Core32_Int32::fromInt(
    199. 

  199.             self::load_3(self::substr($s, 26, 3)) << 4
    200. 

  200.         );
    201. 

  201.         /** @var ParagonIE_Sodium_Core32_Int32 $h9 */
    202. 

  202.         $h9 = ParagonIE_Sodium_Core32_Int32::fromInt(
    203. 

  203.             (self::load_3(self::substr($s, 29, 3)) & 8388607) << 2
    204. 

  204.         );
    205. 

  205. 

  206.         $carry9 = $h9->addInt(1 << 24)->shiftRight(25);
    207. 

  207.         $h0 = $h0->addInt32($carry9->mulInt(19, 5));
    208. 

  208.         $h9 = $h9->subInt32($carry9->shiftLeft(25));
    209. 

  209. 

  210.         $carry1 = $h1->addInt(1 << 24)->shiftRight(25);
    211. 

  211.         $h2 = $h2->addInt32($carry1);
    212. 

  212.         $h1 = $h1->subInt32($carry1->shiftLeft(25));
    213. 

  213. 

  214.         $carry3 = $h3->addInt(1 << 24)->shiftRight(25);
    215. 

  215.         $h4 = $h4->addInt32($carry3);
    216. 

  216.         $h3 = $h3->subInt32($carry3->shiftLeft(25));
    217. 

  217. 

  218.         $carry5 = $h5->addInt(1 << 24)->shiftRight(25);
    219. 

  219.         $h6 = $h6->addInt32($carry5);
    220. 

  220.         $h5 = $h5->subInt32($carry5->shiftLeft(25));
    221. 

  221. 

  222.         $carry7 = $h7->addInt(1 << 24)->shiftRight(25);
    223. 

  223.         $h8 = $h8->addInt32($carry7);
    224. 

  224.         $h7 = $h7->subInt32($carry7->shiftLeft(25));
    225. 

  225. 

  226.         $carry0 = $h0->addInt(1 << 25)->shiftRight(26);
    227. 

  227.         $h1 = $h1->addInt32($carry0);
    228. 

  228.         $h0 = $h0->subInt32($carry0->shiftLeft(26));
    229. 

  229. 

  230.         $carry2 = $h2->addInt(1 << 25)->shiftRight(26);
    231. 

  231.         $h3 = $h3->addInt32($carry2);
    232. 

  232.         $h2 = $h2->subInt32($carry2->shiftLeft(26));
    233. 

  233. 

  234.         $carry4 = $h4->addInt(1 << 25)->shiftRight(26);
    235. 

  235.         $h5 = $h5->addInt32($carry4);
    236. 

  236.         $h4 = $h4->subInt32($carry4->shiftLeft(26));
    237. 

  237. 

  238.         $carry6 = $h6->addInt(1 << 25)->shiftRight(26);
    239. 

  239.         $h7 = $h7->addInt32($carry6);
    240. 

  240.         $h6 = $h6->subInt32($carry6->shiftLeft(26));
    241. 

  241. 

  242.         $carry8 = $h8->addInt(1 << 25)->shiftRight(26);
    243. 

  243.         $h9 = $h9->addInt32($carry8);
    244. 

  244.         $h8 = $h8->subInt32($carry8->shiftLeft(26));
    245. 

  245. 

  246.         return ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray(
    247. 

  247.             array($h0, $h1, $h2,$h3, $h4, $h5, $h6, $h7, $h8, $h9)
    248. 

  248.         );
    249. 

  249.     }
    250. 

  250. 

  251.     /**
    252. 

  252.      * Convert a field element to a byte string.
    253. 

  253.      *
    254. 

  254.      * @internal You should not use this directly from another application
    255. 

  255.      *
    256. 

  256.      * @param ParagonIE_Sodium_Core32_Curve25519_Fe $h
    257. 

  257.      * @return string
    258. 

  258.      * @throws SodiumException
    259. 

  259.      * @throws TypeError
    260. 

  260.      * @psalm-suppress MixedAssignment
    261. 

  261.      * @psalm-suppress MixedMethodCall
    262. 

  262.      */
    263. 

  263.     public static function fe_tobytes(ParagonIE_Sodium_Core32_Curve25519_Fe $h)
    264. 

  264.     {
    265. 

  265.         /**
    266. 

  266.          * @var ParagonIE_Sodium_Core32_Int64[] $f
    267. 

  267.          * @var ParagonIE_Sodium_Core32_Int64 $q
    268. 

  268.          */
    269. 

  269.         $f = array();
    270. 

  270. 

  271.         for ($i = 0; $i < 10; ++$i) {
    272. 

  272.             $f[$i] = $h[$i]->toInt64();
    273. 

  273.         }
    274. 

  274. 

  275.         $q = $f[9]->mulInt(19, 5)->addInt(1 << 14)->shiftRight(25)
    276. 

  276.             ->addInt64($f[0])->shiftRight(26)
    277. 

  277.             ->addInt64($f[1])->shiftRight(25)
    278. 

  278.             ->addInt64($f[2])->shiftRight(26)
    279. 

  279.             ->addInt64($f[3])->shiftRight(25)
    280. 

  280.             ->addInt64($f[4])->shiftRight(26)
    281. 

  281.             ->addInt64($f[5])->shiftRight(25)
    282. 

  282.             ->addInt64($f[6])->shiftRight(26)
    283. 

  283.             ->addInt64($f[7])->shiftRight(25)
    284. 

  284.             ->addInt64($f[8])->shiftRight(26)
    285. 

  285.             ->addInt64($f[9])->shiftRight(25);
    286. 

  286. 

  287.         $f[0] = $f[0]->addInt64($q->mulInt(19, 5));
    288. 

  288. 

  289.         $carry0 = $f[0]->shiftRight(26);
    290. 

  290.         $f[1] = $f[1]->addInt64($carry0);
    291. 

  291.         $f[0] = $f[0]->subInt64($carry0->shiftLeft(26));
    292. 

  292. 

  293.         $carry1 = $f[1]->shiftRight(25);
    294. 

  294.         $f[2] = $f[2]->addInt64($carry1);
    295. 

  295.         $f[1] = $f[1]->subInt64($carry1->shiftLeft(25));
    296. 

  296. 

  297.         $carry2 = $f[2]->shiftRight(26);
    298. 

  298.         $f[3] = $f[3]->addInt64($carry2);
    299. 

  299.         $f[2] = $f[2]->subInt64($carry2->shiftLeft(26));
    300. 

  300. 

  301.         $carry3 = $f[3]->shiftRight(25);
    302. 

  302.         $f[4] = $f[4]->addInt64($carry3);
    303. 

  303.         $f[3] = $f[3]->subInt64($carry3->shiftLeft(25));
    304. 

  304. 

  305.         $carry4 = $f[4]->shiftRight(26);
    306. 

  306.         $f[5] = $f[5]->addInt64($carry4);
    307. 

  307.         $f[4] = $f[4]->subInt64($carry4->shiftLeft(26));
    308. 

  308. 

  309.         $carry5 = $f[5]->shiftRight(25);
    310. 

  310.         $f[6] = $f[6]->addInt64($carry5);
    311. 

  311.         $f[5] = $f[5]->subInt64($carry5->shiftLeft(25));
    312. 

  312. 

  313.         $carry6 = $f[6]->shiftRight(26);
    314. 

  314.         $f[7] = $f[7]->addInt64($carry6);
    315. 

  315.         $f[6] = $f[6]->subInt64($carry6->shiftLeft(26));
    316. 

  316. 

  317.         $carry7 = $f[7]->shiftRight(25);
    318. 

  318.         $f[8] = $f[8]->addInt64($carry7);
    319. 

  319.         $f[7] = $f[7]->subInt64($carry7->shiftLeft(25));
    320. 

  320. 

  321.         $carry8 = $f[8]->shiftRight(26);
    322. 

  322.         $f[9] = $f[9]->addInt64($carry8);
    323. 

  323.         $f[8] = $f[8]->subInt64($carry8->shiftLeft(26));
    324. 

  324. 

  325.         $carry9 = $f[9]->shiftRight(25);
    326. 

  326.         $f[9] = $f[9]->subInt64($carry9->shiftLeft(25));
    327. 

  327. 

  328.         /** @var int $h0 */
    329. 

  329.         $h0 = $f[0]->toInt32()->toInt();
    330. 

  330.         /** @var int $h1 */
    331. 

  331.         $h1 = $f[1]->toInt32()->toInt();
    332. 

  332.         /** @var int $h2 */
    333. 

  333.         $h2 = $f[2]->toInt32()->toInt();
    334. 

  334.         /** @var int $h3 */
    335. 

  335.         $h3 = $f[3]->toInt32()->toInt();
    336. 

  336.         /** @var int $h4 */
    337. 

  337.         $h4 = $f[4]->toInt32()->toInt();
    338. 

  338.         /** @var int $h5 */
    339. 

  339.         $h5 = $f[5]->toInt32()->toInt();
    340. 

  340.         /** @var int $h6 */
    341. 

  341.         $h6 = $f[6]->toInt32()->toInt();
    342. 

  342.         /** @var int $h7 */
    343. 

  343.         $h7 = $f[7]->toInt32()->toInt();
    344. 

  344.         /** @var int $h8 */
    345. 

  345.         $h8 = $f[8]->toInt32()->toInt();
    346. 

  346.         /** @var int $h9 */
    347. 

  347.         $h9 = $f[9]->toInt32()->toInt();
    348. 

  348. 

  349.         /**
    350. 

  350.          * @var array<int, int>
    351. 

  351.          */
    352. 

  352.         $s = array(
    353. 

  353.             (int) (($h0 >> 0) & 0xff),
    354. 

  354.             (int) (($h0 >> 8) & 0xff),
    355. 

  355.             (int) (($h0 >> 16) & 0xff),
    356. 

  356.             (int) ((($h0 >> 24) | ($h1 << 2)) & 0xff),
    357. 

  357.             (int) (($h1 >> 6) & 0xff),
    358. 

  358.             (int) (($h1 >> 14) & 0xff),
    359. 

  359.             (int) ((($h1 >> 22) | ($h2 << 3)) & 0xff),
    360. 

  360.             (int) (($h2 >> 5) & 0xff),
    361. 

  361.             (int) (($h2 >> 13) & 0xff),
    362. 

  362.             (int) ((($h2 >> 21) | ($h3 << 5)) & 0xff),
    363. 

  363.             (int) (($h3 >> 3) & 0xff),
    364. 

  364.             (int) (($h3 >> 11) & 0xff),
    365. 

  365.             (int) ((($h3 >> 19) | ($h4 << 6)) & 0xff),
    366. 

  366.             (int) (($h4 >> 2) & 0xff),
    367. 

  367.             (int) (($h4 >> 10) & 0xff),
    368. 

  368.             (int) (($h4 >> 18) & 0xff),
    369. 

  369.             (int) (($h5 >> 0) & 0xff),
    370. 

  370.             (int) (($h5 >> 8) & 0xff),
    371. 

  371.             (int) (($h5 >> 16) & 0xff),
    372. 

  372.             (int) ((($h5 >> 24) | ($h6 << 1)) & 0xff),
    373. 

  373.             (int) (($h6 >> 7) & 0xff),
    374. 

  374.             (int) (($h6 >> 15) & 0xff),
    375. 

  375.             (int) ((($h6 >> 23) | ($h7 << 3)) & 0xff),
    376. 

  376.             (int) (($h7 >> 5) & 0xff),
    377. 

  377.             (int) (($h7 >> 13) & 0xff),
    378. 

  378.             (int) ((($h7 >> 21) | ($h8 << 4)) & 0xff),
    379. 

  379.             (int) (($h8 >> 4) & 0xff),
    380. 

  380.             (int) (($h8 >> 12) & 0xff),
    381. 

  381.             (int) ((($h8 >> 20) | ($h9 << 6)) & 0xff),
    382. 

  382.             (int) (($h9 >> 2) & 0xff),
    383. 

  383.             (int) (($h9 >> 10) & 0xff),
    384. 

  384.             (int) (($h9 >> 18) & 0xff)
    385. 

  385.         );
    386. 

  386.         return self::intArrayToString($s);
    387. 

  387.     }
    388. 

  388. 

  389.     /**
    390. 

  390.      * Is a field element negative? (1 = yes, 0 = no. Used in calculations.)
    391. 

  391.      *
    392. 

  392.      * @internal You should not use this directly from another application
    393. 

  393.      *
    394. 

  394.      * @param ParagonIE_Sodium_Core32_Curve25519_Fe $f
    395. 

  395.      * @return int
    396. 

  396.      * @throws SodiumException
    397. 

  397.      * @throws TypeError
    398. 

  398.      */
    399. 

  399.     public static function fe_isnegative(ParagonIE_Sodium_Core32_Curve25519_Fe $f)
    400. 

  400.     {
    401. 

  401.         $str = self::fe_tobytes($f);
    402. 

  402.         return (int) (self::chrToInt($str[0]) & 1);
    403. 

  403.     }
    404. 

  404. 

  405.     /**
    406. 

  406.      * Returns 0 if this field element results in all NUL bytes.
    407. 

  407.      *
    408. 

  408.      * @internal You should not use this directly from another application
    409. 

  409.      *
    410. 

  410.      * @param ParagonIE_Sodium_Core32_Curve25519_Fe $f
    411. 

  411.      * @return bool
    412. 

  412.      * @throws SodiumException
    413. 

  413.      * @throws TypeError
    414. 

  414.      */
    415. 

  415.     public static function fe_isnonzero(ParagonIE_Sodium_Core32_Curve25519_Fe $f)
    416. 

  416.     {
    417. 

  417.         static $zero;
    418. 

  418.         if ($zero === null) {
    419. 

  419.             $zero = str_repeat("\x00", 32);
    420. 

  420.         }
    421. 

  421.         /** @var string $str */
    422. 

  422.         $str = self::fe_tobytes($f);
    423. 

  423.         /** @var string $zero */
    424. 

  424.         return !self::verify_32($str, $zero);
    425. 

  425.     }
    426. 

  426. 

  427.     /**
    428. 

  428.      * Multiply two field elements
    429. 

  429.      *
    430. 

  430.      * h = f * g
    431. 

  431.      *
    432. 

  432.      * @internal You should not use this directly from another application
    433. 

  433.      *
    434. 

  434.      * @security Is multiplication a source of timing leaks? If so, can we do
    435. 

  435.      *           anything to prevent that from happening?
    436. 

  436.      *
    437. 

  437.      * @param ParagonIE_Sodium_Core32_Curve25519_Fe $f
    438. 

  438.      * @param ParagonIE_Sodium_Core32_Curve25519_Fe $g
    439. 

  439.      * @return ParagonIE_Sodium_Core32_Curve25519_Fe
    440. 

  440.      * @throws SodiumException
    441. 

  441.      * @throws TypeError
    442. 

  442.      */
    443. 

  443.     public static function fe_mul(
    444. 

  444.         ParagonIE_Sodium_Core32_Curve25519_Fe $f,
    445. 

  445.         ParagonIE_Sodium_Core32_Curve25519_Fe $g
    446. 

  446.     ) {
    447. 

  447.         /**
    448. 

  448.          * @var ParagonIE_Sodium_Core32_Int32[] $f
    449. 

  449.          * @var ParagonIE_Sodium_Core32_Int32[] $g
    450. 

  450.          * @var ParagonIE_Sodium_Core32_Int64 $f0
    451. 

  451.          * @var ParagonIE_Sodium_Core32_Int64 $f1
    452. 

  452.          * @var ParagonIE_Sodium_Core32_Int64 $f2
    453. 

  453.          * @var ParagonIE_Sodium_Core32_Int64 $f3
    454. 

  454.          * @var ParagonIE_Sodium_Core32_Int64 $f4
    455. 

  455.          * @var ParagonIE_Sodium_Core32_Int64 $f5
    456. 

  456.          * @var ParagonIE_Sodium_Core32_Int64 $f6
    457. 

  457.          * @var ParagonIE_Sodium_Core32_Int64 $f7
    458. 

  458.          * @var ParagonIE_Sodium_Core32_Int64 $f8
    459. 

  459.          * @var ParagonIE_Sodium_Core32_Int64 $f9
    460. 

  460.          * @var ParagonIE_Sodium_Core32_Int64 $g0
    461. 

  461.          * @var ParagonIE_Sodium_Core32_Int64 $g1
    462. 

  462.          * @var ParagonIE_Sodium_Core32_Int64 $g2
    463. 

  463.          * @var ParagonIE_Sodium_Core32_Int64 $g3
    464. 

  464.          * @var ParagonIE_Sodium_Core32_Int64 $g4
    465. 

  465.          * @var ParagonIE_Sodium_Core32_Int64 $g5
    466. 

  466.          * @var ParagonIE_Sodium_Core32_Int64 $g6
    467. 

  467.          * @var ParagonIE_Sodium_Core32_Int64 $g7
    468. 

  468.          * @var ParagonIE_Sodium_Core32_Int64 $g8
    469. 

  469.          * @var ParagonIE_Sodium_Core32_Int64 $g9
    470. 

  470.          */
    471. 

  471.         $f0 = $f[0]->toInt64();
    472. 

  472.         $f1 = $f[1]->toInt64();
    473. 

  473.         $f2 = $f[2]->toInt64();
    474. 

  474.         $f3 = $f[3]->toInt64();
    475. 

  475.         $f4 = $f[4]->toInt64();
    476. 

  476.         $f5 = $f[5]->toInt64();
    477. 

  477.         $f6 = $f[6]->toInt64();
    478. 

  478.         $f7 = $f[7]->toInt64();
    479. 

  479.         $f8 = $f[8]->toInt64();
    480. 

  480.         $f9 = $f[9]->toInt64();
    481. 

  481.         $g0 = $g[0]->toInt64();
    482. 

  482.         $g1 = $g[1]->toInt64();
    483. 

  483.         $g2 = $g[2]->toInt64();
    484. 

  484.         $g3 = $g[3]->toInt64();
    485. 

  485.         $g4 = $g[4]->toInt64();
    486. 

  486.         $g5 = $g[5]->toInt64();
    487. 

  487.         $g6 = $g[6]->toInt64();
    488. 

  488.         $g7 = $g[7]->toInt64();
    489. 

  489.         $g8 = $g[8]->toInt64();
    490. 

  490.         $g9 = $g[9]->toInt64();
    491. 

  491.         $g1_19 = $g1->mulInt(19, 5); /* 2^4 <= 19 <= 2^5, but we only want 5 bits */
    492. 

  492.         $g2_19 = $g2->mulInt(19, 5);
    493. 

  493.         $g3_19 = $g3->mulInt(19, 5);
    494. 

  494.         $g4_19 = $g4->mulInt(19, 5);
    495. 

  495.         $g5_19 = $g5->mulInt(19, 5);
    496. 

  496.         $g6_19 = $g6->mulInt(19, 5);
    497. 

  497.         $g7_19 = $g7->mulInt(19, 5);
    498. 

  498.         $g8_19 = $g8->mulInt(19, 5);
    499. 

  499.         $g9_19 = $g9->mulInt(19, 5);
    500. 

  500.         /** @var ParagonIE_Sodium_Core32_Int64 $f1_2 */
    501. 

  501.         $f1_2 = $f1->shiftLeft(1);
    502. 

  502.         /** @var ParagonIE_Sodium_Core32_Int64 $f3_2 */
    503. 

  503.         $f3_2 = $f3->shiftLeft(1);
    504. 

  504.         /** @var ParagonIE_Sodium_Core32_Int64 $f5_2 */
    505. 

  505.         $f5_2 = $f5->shiftLeft(1);
    506. 

  506.         /** @var ParagonIE_Sodium_Core32_Int64 $f7_2 */
    507. 

  507.         $f7_2 = $f7->shiftLeft(1);
    508. 

  508.         /** @var ParagonIE_Sodium_Core32_Int64 $f9_2 */
    509. 

  509.         $f9_2 = $f9->shiftLeft(1);
    510. 

  510.         $f0g0    = $f0->mulInt64($g0, 27);
    511. 

  511.         $f0g1    = $f0->mulInt64($g1, 27);
    512. 

  512.         $f0g2    = $f0->mulInt64($g2, 27);
    513. 

  513.         $f0g3    = $f0->mulInt64($g3, 27);
    514. 

  514.         $f0g4    = $f0->mulInt64($g4, 27);
    515. 

  515.         $f0g5    = $f0->mulInt64($g5, 27);
    516. 

  516.         $f0g6    = $f0->mulInt64($g6, 27);
    517. 

  517.         $f0g7    = $f0->mulInt64($g7, 27);
    518. 

  518.         $f0g8    = $f0->mulInt64($g8, 27);
    519. 

  519.         $f0g9    = $f0->mulInt64($g9, 27);
    520. 

  520.         $f1g0    = $f1->mulInt64($g0, 27);
    521. 

  521.         $f1g1_2  = $f1_2->mulInt64($g1, 27);
    522. 

  522.         $f1g2    = $f1->mulInt64($g2, 27);
    523. 

  523.         $f1g3_2  = $f1_2->mulInt64($g3, 27);
    524. 

  524.         $f1g4    = $f1->mulInt64($g4, 30);
    525. 

  525.         $f1g5_2  = $f1_2->mulInt64($g5, 30);
    526. 

  526.         $f1g6    = $f1->mulInt64($g6, 30);
    527. 

  527.         $f1g7_2  = $f1_2->mulInt64($g7, 30);
    528. 

  528.         $f1g8    = $f1->mulInt64($g8, 30);
    529. 

  529.         $f1g9_38 = $g9_19->mulInt64($f1_2, 30);
    530. 

  530.         $f2g0    = $f2->mulInt64($g0, 30);
    531. 

  531.         $f2g1    = $f2->mulInt64($g1, 29);
    532. 

  532.         $f2g2    = $f2->mulInt64($g2, 30);
    533. 

  533.         $f2g3    = $f2->mulInt64($g3, 29);
    534. 

  534.         $f2g4    = $f2->mulInt64($g4, 30);
    535. 

  535.         $f2g5    = $f2->mulInt64($g5, 29);
    536. 

  536.         $f2g6    = $f2->mulInt64($g6, 30);
    537. 

  537.         $f2g7    = $f2->mulInt64($g7, 29);
    538. 

  538.         $f2g8_19 = $g8_19->mulInt64($f2, 30);
    539. 

  539.         $f2g9_19 = $g9_19->mulInt64($f2, 30);
    540. 

  540.         $f3g0    = $f3->mulInt64($g0, 30);
    541. 

  541.         $f3g1_2  = $f3_2->mulInt64($g1, 30);
    542. 

  542.         $f3g2    = $f3->mulInt64($g2, 30);
    543. 

  543.         $f3g3_2  = $f3_2->mulInt64($g3, 30);
    544. 

  544.         $f3g4    = $f3->mulInt64($g4, 30);
    545. 

  545.         $f3g5_2  = $f3_2->mulInt64($g5, 30);
    546. 

  546.         $f3g6    = $f3->mulInt64($g6, 30);
    547. 

  547.         $f3g7_38 = $g7_19->mulInt64($f3_2, 30);
    548. 

  548.         $f3g8_19 = $g8_19->mulInt64($f3, 30);
    549. 

  549.         $f3g9_38 = $g9_19->mulInt64($f3_2, 30);
    550. 

  550.         $f4g0    = $f4->mulInt64($g0, 30);
    551. 

  551.         $f4g1    = $f4->mulInt64($g1, 30);
    552. 

  552.         $f4g2    = $f4->mulInt64($g2, 30);
    553. 

  553.         $f4g3    = $f4->mulInt64($g3, 30);
    554. 

  554.         $f4g4    = $f4->mulInt64($g4, 30);
    555. 

  555.         $f4g5    = $f4->mulInt64($g5, 30);
    556. 

  556.         $f4g6_19 = $g6_19->mulInt64($f4, 30);
    557. 

  557.         $f4g7_19 = $g7_19->mulInt64($f4, 30);
    558. 

  558.         $f4g8_19 = $g8_19->mulInt64($f4, 30);
    559. 

  559.         $f4g9_19 = $g9_19->mulInt64($f4, 30);
    560. 

  560.         $f5g0    = $f5->mulInt64($g0, 30);
    561. 

  561.         $f5g1_2  = $f5_2->mulInt64($g1, 30);
    562. 

  562.         $f5g2    = $f5->mulInt64($g2, 30);
    563. 

  563.         $f5g3_2  = $f5_2->mulInt64($g3, 30);
    564. 

  564.         $f5g4    = $f5->mulInt64($g4, 30);
    565. 

  565.         $f5g5_38 = $g5_19->mulInt64($f5_2, 30);
    566. 

  566.         $f5g6_19 = $g6_19->mulInt64($f5, 30);
    567. 

  567.         $f5g7_38 = $g7_19->mulInt64($f5_2, 30);
    568. 

  568.         $f5g8_19 = $g8_19->mulInt64($f5, 30);
    569. 

  569.         $f5g9_38 = $g9_19->mulInt64($f5_2, 30);
    570. 

  570.         $f6g0    = $f6->mulInt64($g0, 30);
    571. 

  571.         $f6g1    = $f6->mulInt64($g1, 30);
    572. 

  572.         $f6g2    = $f6->mulInt64($g2, 30);
    573. 

  573.         $f6g3    = $f6->mulInt64($g3, 30);
    574. 

  574.         $f6g4_19 = $g4_19->mulInt64($f6, 30);
    575. 

  575.         $f6g5_19 = $g5_19->mulInt64($f6, 30);
    576. 

  576.         $f6g6_19 = $g6_19->mulInt64($f6, 30);
    577. 

  577.         $f6g7_19 = $g7_19->mulInt64($f6, 30);
    578. 

  578.         $f6g8_19 = $g8_19->mulInt64($f6, 30);
    579. 

  579.         $f6g9_19 = $g9_19->mulInt64($f6, 30);
    580. 

  580.         $f7g0    = $f7->mulInt64($g0, 30);
    581. 

  581.         $f7g1_2  = $g1->mulInt64($f7_2, 30);
    582. 

  582.         $f7g2    = $f7->mulInt64($g2, 30);
    583. 

  583.         $f7g3_38 = $g3_19->mulInt64($f7_2, 30);
    584. 

  584.         $f7g4_19 = $g4_19->mulInt64($f7, 30);
    585. 

  585.         $f7g5_38 = $g5_19->mulInt64($f7_2, 30);
    586. 

  586.         $f7g6_19 = $g6_19->mulInt64($f7, 30);
    587. 

  587.         $f7g7_38 = $g7_19->mulInt64($f7_2, 30);
    588. 

  588.         $f7g8_19 = $g8_19->mulInt64($f7, 30);
    589. 

  589.         $f7g9_38 = $g9_19->mulInt64($f7_2, 30);
    590. 

  590.         $f8g0    = $f8->mulInt64($g0, 30);
    591. 

  591.         $f8g1    = $f8->mulInt64($g1, 29);
    592. 

  592.         $f8g2_19 = $g2_19->mulInt64($f8, 30);
    593. 

  593.         $f8g3_19 = $g3_19->mulInt64($f8, 30);
    594. 

  594.         $f8g4_19 = $g4_19->mulInt64($f8, 30);
    595. 

  595.         $f8g5_19 = $g5_19->mulInt64($f8, 30);
    596. 

  596.         $f8g6_19 = $g6_19->mulInt64($f8, 30);
    597. 

  597.         $f8g7_19 = $g7_19->mulInt64($f8, 30);
    598. 

  598.         $f8g8_19 = $g8_19->mulInt64($f8, 30);
    599. 

  599.         $f8g9_19 = $g9_19->mulInt64($f8, 30);
    600. 

  600.         $f9g0    = $f9->mulInt64($g0, 30);
    601. 

  601.         $f9g1_38 = $g1_19->mulInt64($f9_2, 30);
    602. 

  602.         $f9g2_19 = $g2_19->mulInt64($f9, 30);
    603. 

  603.         $f9g3_38 = $g3_19->mulInt64($f9_2, 30);
    604. 

  604.         $f9g4_19 = $g4_19->mulInt64($f9, 30);
    605. 

  605.         $f9g5_38 = $g5_19->mulInt64($f9_2, 30);
    606. 

  606.         $f9g6_19 = $g6_19->mulInt64($f9, 30);
    607. 

  607.         $f9g7_38 = $g7_19->mulInt64($f9_2, 30);
    608. 

  608.         $f9g8_19 = $g8_19->mulInt64($f9, 30);
    609. 

  609.         $f9g9_38 = $g9_19->mulInt64($f9_2, 30);
    610. 

  610. 

  611.         // $h0 = $f0g0 + $f1g9_38 + $f2g8_19 + $f3g7_38 + $f4g6_19 + $f5g5_38 + $f6g4_19 + $f7g3_38 + $f8g2_19 + $f9g1_38;
    612. 

  612.         $h0 = $f0g0->addInt64($f1g9_38)->addInt64($f2g8_19)->addInt64($f3g7_38)
    613. 

  613.             ->addInt64($f4g6_19)->addInt64($f5g5_38)->addInt64($f6g4_19)
    614. 

  614.             ->addInt64($f7g3_38)->addInt64($f8g2_19)->addInt64($f9g1_38);
    615. 

  615. 

  616.         // $h1 = $f0g1 + $f1g0    + $f2g9_19 + $f3g8_19 + $f4g7_19 + $f5g6_19 + $f6g5_19 + $f7g4_19 + $f8g3_19 + $f9g2_19;
    617. 

  617.         $h1 = $f0g1->addInt64($f1g0)->addInt64($f2g9_19)->addInt64($f3g8_19)
    618. 

  618.             ->addInt64($f4g7_19)->addInt64($f5g6_19)->addInt64($f6g5_19)
    619. 

  619.             ->addInt64($f7g4_19)->addInt64($f8g3_19)->addInt64($f9g2_19);
    620. 

  620. 

  621.         // $h2 = $f0g2 + $f1g1_2  + $f2g0    + $f3g9_38 + $f4g8_19 + $f5g7_38 + $f6g6_19 + $f7g5_38 + $f8g4_19 + $f9g3_38;
    622. 

  622.         $h2 = $f0g2->addInt64($f1g1_2)->addInt64($f2g0)->addInt64($f3g9_38)
    623. 

  623.             ->addInt64($f4g8_19)->addInt64($f5g7_38)->addInt64($f6g6_19)
    624. 

  624.             ->addInt64($f7g5_38)->addInt64($f8g4_19)->addInt64($f9g3_38);
    625. 

  625. 

  626.         // $h3 = $f0g3 + $f1g2    + $f2g1    + $f3g0    + $f4g9_19 + $f5g8_19 + $f6g7_19 + $f7g6_19 + $f8g5_19 + $f9g4_19;
    627. 

  627.         $h3 = $f0g3->addInt64($f1g2)->addInt64($f2g1)->addInt64($f3g0)
    628. 

  628.             ->addInt64($f4g9_19)->addInt64($f5g8_19)->addInt64($f6g7_19)
    629. 

  629.             ->addInt64($f7g6_19)->addInt64($f8g5_19)->addInt64($f9g4_19);
    630. 

  630. 

  631.         // $h4 = $f0g4 + $f1g3_2  + $f2g2    + $f3g1_2  + $f4g0    + $f5g9_38 + $f6g8_19 + $f7g7_38 + $f8g6_19 + $f9g5_38;
    632. 

  632.         $h4 = $f0g4->addInt64($f1g3_2)->addInt64($f2g2)->addInt64($f3g1_2)
    633. 

  633.             ->addInt64($f4g0)->addInt64($f5g9_38)->addInt64($f6g8_19)
    634. 

  634.             ->addInt64($f7g7_38)->addInt64($f8g6_19)->addInt64($f9g5_38);
    635. 

  635. 

  636.         // $h5 = $f0g5 + $f1g4    + $f2g3    + $f3g2    + $f4g1    + $f5g0    + $f6g9_19 + $f7g8_19 + $f8g7_19 + $f9g6_19;
    637. 

  637.         $h5 = $f0g5->addInt64($f1g4)->addInt64($f2g3)->addInt64($f3g2)
    638. 

  638.             ->addInt64($f4g1)->addInt64($f5g0)->addInt64($f6g9_19)
    639. 

  639.             ->addInt64($f7g8_19)->addInt64($f8g7_19)->addInt64($f9g6_19);
    640. 

  640. 

  641.         // $h6 = $f0g6 + $f1g5_2  + $f2g4    + $f3g3_2  + $f4g2    + $f5g1_2  + $f6g0    + $f7g9_38 + $f8g8_19 + $f9g7_38;
    642. 

  642.         $h6 = $f0g6->addInt64($f1g5_2)->addInt64($f2g4)->addInt64($f3g3_2)
    643. 

  643.             ->addInt64($f4g2)->addInt64($f5g1_2)->addInt64($f6g0)
    644. 

  644.             ->addInt64($f7g9_38)->addInt64($f8g8_19)->addInt64($f9g7_38);
    645. 

  645. 

  646.         // $h7 = $f0g7 + $f1g6    + $f2g5    + $f3g4    + $f4g3    + $f5g2    + $f6g1    + $f7g0    + $f8g9_19 + $f9g8_19;
    647. 

  647.         $h7 = $f0g7->addInt64($f1g6)->addInt64($f2g5)->addInt64($f3g4)
    648. 

  648.             ->addInt64($f4g3)->addInt64($f5g2)->addInt64($f6g1)
    649. 

  649.             ->addInt64($f7g0)->addInt64($f8g9_19)->addInt64($f9g8_19);
    650. 

  650. 

  651.         // $h8 = $f0g8 + $f1g7_2  + $f2g6    + $f3g5_2  + $f4g4    + $f5g3_2  + $f6g2    + $f7g1_2  + $f8g0    + $f9g9_38;
    652. 

  652.         $h8 = $f0g8->addInt64($f1g7_2)->addInt64($f2g6)->addInt64($f3g5_2)
    653. 

  653.             ->addInt64($f4g4)->addInt64($f5g3_2)->addInt64($f6g2)
    654. 

  654.             ->addInt64($f7g1_2)->addInt64($f8g0)->addInt64($f9g9_38);
    655. 

  655. 

  656.         // $h9 = $f0g9 + $f1g8    + $f2g7    + $f3g6    + $f4g5    + $f5g4    + $f6g3    + $f7g2    + $f8g1    + $f9g0   ;
    657. 

  657.         $h9 = $f0g9->addInt64($f1g8)->addInt64($f2g7)->addInt64($f3g6)
    658. 

  658.             ->addInt64($f4g5)->addInt64($f5g4)->addInt64($f6g3)
    659. 

  659.             ->addInt64($f7g2)->addInt64($f8g1)->addInt64($f9g0);
    660. 

  660. 

  661.         /**
    662. 

  662.          * @var ParagonIE_Sodium_Core32_Int64 $h0
    663. 

  663.          * @var ParagonIE_Sodium_Core32_Int64 $h1
    664. 

  664.          * @var ParagonIE_Sodium_Core32_Int64 $h2
    665. 

  665.          * @var ParagonIE_Sodium_Core32_Int64 $h3
    666. 

  666.          * @var ParagonIE_Sodium_Core32_Int64 $h4
    667. 

  667.          * @var ParagonIE_Sodium_Core32_Int64 $h5
    668. 

  668.          * @var ParagonIE_Sodium_Core32_Int64 $h6
    669. 

  669.          * @var ParagonIE_Sodium_Core32_Int64 $h7
    670. 

  670.          * @var ParagonIE_Sodium_Core32_Int64 $h8
    671. 

  671.          * @var ParagonIE_Sodium_Core32_Int64 $h9
    672. 

  672.          * @var ParagonIE_Sodium_Core32_Int64 $carry0
    673. 

  673.          * @var ParagonIE_Sodium_Core32_Int64 $carry1
    674. 

  674.          * @var ParagonIE_Sodium_Core32_Int64 $carry2
    675. 

  675.          * @var ParagonIE_Sodium_Core32_Int64 $carry3
    676. 

  676.          * @var ParagonIE_Sodium_Core32_Int64 $carry4
    677. 

  677.          * @var ParagonIE_Sodium_Core32_Int64 $carry5
    678. 

  678.          * @var ParagonIE_Sodium_Core32_Int64 $carry6
    679. 

  679.          * @var ParagonIE_Sodium_Core32_Int64 $carry7
    680. 

  680.          * @var ParagonIE_Sodium_Core32_Int64 $carry8
    681. 

  681.          * @var ParagonIE_Sodium_Core32_Int64 $carry9
    682. 

  682.          */
    683. 

  683.         $carry0 = $h0->addInt(1 << 25)->shiftRight(26);
    684. 

  684.         $h1 = $h1->addInt64($carry0);
    685. 

  685.         $h0 = $h0->subInt64($carry0->shiftLeft(26));
    686. 

  686.         $carry4 = $h4->addInt(1 << 25)->shiftRight(26);
    687. 

  687.         $h5 = $h5->addInt64($carry4);
    688. 

  688.         $h4 = $h4->subInt64($carry4->shiftLeft(26));
    689. 

  689. 

  690.         $carry1 = $h1->addInt(1 << 24)->shiftRight(25);
    691. 

  691.         $h2 = $h2->addInt64($carry1);
    692. 

  692.         $h1 = $h1->subInt64($carry1->shiftLeft(25));
    693. 

  693.         $carry5 = $h5->addInt(1 << 24)->shiftRight(25);
    694. 

  694.         $h6 = $h6->addInt64($carry5);
    695. 

  695.         $h5 = $h5->subInt64($carry5->shiftLeft(25));
    696. 

  696. 

  697.         $carry2 = $h2->addInt(1 << 25)->shiftRight(26);
    698. 

  698.         $h3 = $h3->addInt64($carry2);
    699. 

  699.         $h2 = $h2->subInt64($carry2->shiftLeft(26));
    700. 

  700.         $carry6 = $h6->addInt(1 << 25)->shiftRight(26);
    701. 

  701.         $h7 = $h7->addInt64($carry6);
    702. 

  702.         $h6 = $h6->subInt64($carry6->shiftLeft(26));
    703. 

  703. 

  704.         $carry3 = $h3->addInt(1 << 24)->shiftRight(25);
    705. 

  705.         $h4 = $h4->addInt64($carry3);
    706. 

  706.         $h3 = $h3->subInt64($carry3->shiftLeft(25));
    707. 

  707.         $carry7 = $h7->addInt(1 << 24)->shiftRight(25);
    708. 

  708.         $h8 = $h8->addInt64($carry7);
    709. 

  709.         $h7 = $h7->subInt64($carry7->shiftLeft(25));
    710. 

  710. 

  711.         $carry4 = $h4->addInt(1 << 25)->shiftRight(26);
    712. 

  712.         $h5 = $h5->addInt64($carry4);
    713. 

  713.         $h4 = $h4->subInt64($carry4->shiftLeft(26));
    714. 

  714.         $carry8 = $h8->addInt(1 << 25)->shiftRight(26);
    715. 

  715.         $h9 = $h9->addInt64($carry8);
    716. 

  716.         $h8 = $h8->subInt64($carry8->shiftLeft(26));
    717. 

  717. 

  718.         $carry9 = $h9->addInt(1 << 24)->shiftRight(25);
    719. 

  719.         $h0 = $h0->addInt64($carry9->mulInt(19, 5));
    720. 

  720.         $h9 = $h9->subInt64($carry9->shiftLeft(25));
    721. 

  721. 

  722.         $carry0 = $h0->addInt(1 << 25)->shiftRight(26);
    723. 

  723.         $h1 = $h1->addInt64($carry0);
    724. 

  724.         $h0 = $h0->subInt64($carry0->shiftLeft(26));
    725. 

  725. 

  726.         return ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray(
    727. 

  727.             array(
    728. 

  728.                 $h0->toInt32(),
    729. 

  729.                 $h1->toInt32(),
    730. 

  730.                 $h2->toInt32(),
    731. 

  731.                 $h3->toInt32(),
    732. 

  732.                 $h4->toInt32(),
    733. 

  733.                 $h5->toInt32(),
    734. 

  734.                 $h6->toInt32(),
    735. 

  735.                 $h7->toInt32(),
    736. 

  736.                 $h8->toInt32(),
    737. 

  737.                 $h9->toInt32()
    738. 

  738.             )
    739. 

  739.         );
    740. 

  740.     }
    741. 

  741. 

  742.     /**
    743. 

  743.      * Get the negative values for each piece of the field element.
    744. 

  744.      *
    745. 

  745.      * h = -f
    746. 

  746.      *
    747. 

  747.      * @internal You should not use this directly from another application
    748. 

  748.      *
    749. 

  749.      * @param ParagonIE_Sodium_Core32_Curve25519_Fe $f
    750. 

  750.      * @return ParagonIE_Sodium_Core32_Curve25519_Fe
    751. 

  751.      * @psalm-suppress MixedAssignment
    752. 

  752.      * @psalm-suppress MixedMethodCall
    753. 

  753.      */
    754. 

  754.     public static function fe_neg(ParagonIE_Sodium_Core32_Curve25519_Fe $f)
    755. 

  755.     {
    756. 

  756.         $h = new ParagonIE_Sodium_Core32_Curve25519_Fe();
    757. 

  757.         for ($i = 0; $i < 10; ++$i) {
    758. 

  758.             $h[$i] = $h[$i]->subInt32($f[$i]);
    759. 

  759.         }
    760. 

  760.         return $h;
    761. 

  761.     }
    762. 

  762. 

  763.     /**
    764. 

  764.      * Square a field element
    765. 

  765.      *
    766. 

  766.      * h = f * f
    767. 

  767.      *
    768. 

  768.      * @internal You should not use this directly from another application
    769. 

  769.      *
    770. 

  770.      * @param ParagonIE_Sodium_Core32_Curve25519_Fe $f
    771. 

  771.      * @return ParagonIE_Sodium_Core32_Curve25519_Fe
    772. 

  772.      * @throws SodiumException
    773. 

  773.      * @throws TypeError
    774. 

  774.      * @psalm-suppress MixedMethodCall
    775. 

  775.      */
    776. 

  776.     public static function fe_sq(ParagonIE_Sodium_Core32_Curve25519_Fe $f)
    777. 

  777.     {
    778. 

  778.         /** @var ParagonIE_Sodium_Core32_Int64 $f0 */
    779. 

  779.         $f0 = $f[0]->toInt64();
    780. 

  780.         /** @var ParagonIE_Sodium_Core32_Int64 $f1 */
    781. 

  781.         $f1 = $f[1]->toInt64();
    782. 

  782.         /** @var ParagonIE_Sodium_Core32_Int64 $f2 */
    783. 

  783.         $f2 = $f[2]->toInt64();
    784. 

  784.         /** @var ParagonIE_Sodium_Core32_Int64 $f3 */
    785. 

  785.         $f3 = $f[3]->toInt64();
    786. 

  786.         /** @var ParagonIE_Sodium_Core32_Int64 $f4 */
    787. 

  787.         $f4 = $f[4]->toInt64();
    788. 

  788.         /** @var ParagonIE_Sodium_Core32_Int64 $f5 */
    789. 

  789.         $f5 = $f[5]->toInt64();
    790. 

  790.         /** @var ParagonIE_Sodium_Core32_Int64 $f6 */
    791. 

  791.         $f6 = $f[6]->toInt64();
    792. 

  792.         /** @var ParagonIE_Sodium_Core32_Int64 $f7 */
    793. 

  793.         $f7 = $f[7]->toInt64();
    794. 

  794.         /** @var ParagonIE_Sodium_Core32_Int64 $f8 */
    795. 

  795.         $f8 = $f[8]->toInt64();
    796. 

  796.         /** @var ParagonIE_Sodium_Core32_Int64 $f9 */
    797. 

  797.         $f9 = $f[9]->toInt64();
    798. 

  798. 

  799.         /** @var ParagonIE_Sodium_Core32_Int64 $f0_2 */
    800. 

  800.         $f0_2 = $f0->shiftLeft(1);
    801. 

  801.         $f1_2 = $f1->shiftLeft(1);
    802. 

  802.         $f2_2 = $f2->shiftLeft(1);
    803. 

  803.         $f3_2 = $f3->shiftLeft(1);
    804. 

  804.         $f4_2 = $f4->shiftLeft(1);
    805. 

  805.         $f5_2 = $f5->shiftLeft(1);
    806. 

  806.         $f6_2 = $f6->shiftLeft(1);
    807. 

  807.         $f7_2 = $f7->shiftLeft(1);
    808. 

  808.         $f5_38 = $f5->mulInt(38, 6);
    809. 

  809.         $f6_19 = $f6->mulInt(19, 5);
    810. 

  810.         $f7_38 = $f7->mulInt(38, 6);
    811. 

  811.         $f8_19 = $f8->mulInt(19, 5);
    812. 

  812.         $f9_38 = $f9->mulInt(38, 6);
    813. 

  813.         /** @var ParagonIE_Sodium_Core32_Int64 $f0f0*/
    814. 

  814.         $f0f0    = $f0->mulInt64($f0, 28);
    815. 

  815.         $f0f1_2  = $f0_2->mulInt64($f1, 28);
    816. 

  816.         $f0f2_2 =  $f0_2->mulInt64($f2, 28);
    817. 

  817.         $f0f3_2 =  $f0_2->mulInt64($f3, 28);
    818. 

  818.         $f0f4_2 =  $f0_2->mulInt64($f4, 28);
    819. 

  819.         $f0f5_2 =  $f0_2->mulInt64($f5, 28);
    820. 

  820.         $f0f6_2 =  $f0_2->mulInt64($f6, 28);
    821. 

  821.         $f0f7_2 =  $f0_2->mulInt64($f7, 28);
    822. 

  822.         $f0f8_2 =  $f0_2->mulInt64($f8, 28);
    823. 

  823.         $f0f9_2 =  $f0_2->mulInt64($f9, 28);
    824. 

  824. 

  825.         $f1f1_2 = $f1_2->mulInt64($f1, 28);
    826. 

  826.         $f1f2_2 = $f1_2->mulInt64($f2, 28);
    827. 

  827.         $f1f3_4 = $f1_2->mulInt64($f3_2, 28);
    828. 

  828.         $f1f4_2 = $f1_2->mulInt64($f4, 28);
    829. 

  829.         $f1f5_4 = $f1_2->mulInt64($f5_2, 30);
    830. 

  830.         $f1f6_2 = $f1_2->mulInt64($f6, 28);
    831. 

  831.         $f1f7_4 = $f1_2->mulInt64($f7_2, 28);
    832. 

  832.         $f1f8_2 = $f1_2->mulInt64($f8, 28);
    833. 

  833.         $f1f9_76 = $f9_38->mulInt64($f1_2, 30);
    834. 

  834. 

  835.         $f2f2 = $f2->mulInt64($f2, 28);
    836. 

  836.         $f2f3_2 = $f2_2->mulInt64($f3, 28);
    837. 

  837.         $f2f4_2 = $f2_2->mulInt64($f4, 28);
    838. 

  838.         $f2f5_2 = $f2_2->mulInt64($f5, 28);
    839. 

  839.         $f2f6_2 = $f2_2->mulInt64($f6, 28);
    840. 

  840.         $f2f7_2 = $f2_2->mulInt64($f7, 28);
    841. 

  841.         $f2f8_38 = $f8_19->mulInt64($f2_2, 30);
    842. 

  842.         $f2f9_38 = $f9_38->mulInt64($f2, 30);
    843. 

  843. 

  844.         $f3f3_2 = $f3_2->mulInt64($f3, 28);
    845. 

  845.         $f3f4_2 = $f3_2->mulInt64($f4, 28);
    846. 

  846.         $f3f5_4 = $f3_2->mulInt64($f5_2, 30);
    847. 

  847.         $f3f6_2 = $f3_2->mulInt64($f6, 28);
    848. 

  848.         $f3f7_76 = $f7_38->mulInt64($f3_2, 30);
    849. 

  849.         $f3f8_38 = $f8_19->mulInt64($f3_2, 30);
    850. 

  850.         $f3f9_76 = $f9_38->mulInt64($f3_2, 30);
    851. 

  851. 

  852.         $f4f4 = $f4->mulInt64($f4, 28);
    853. 

  853.         $f4f5_2 = $f4_2->mulInt64($f5, 28);
    854. 

  854.         $f4f6_38 = $f6_19->mulInt64($f4_2, 30);
    855. 

  855.         $f4f7_38 = $f7_38->mulInt64($f4, 30);
    856. 

  856.         $f4f8_38 = $f8_19->mulInt64($f4_2, 30);
    857. 

  857.         $f4f9_38 = $f9_38->mulInt64($f4, 30);
    858. 

  858. 

  859.         $f5f5_38 = $f5_38->mulInt64($f5, 30);
    860. 

  860.         $f5f6_38 = $f6_19->mulInt64($f5_2, 30);
    861. 

  861.         $f5f7_76 = $f7_38->mulInt64($f5_2, 30);
    862. 

  862.         $f5f8_38 = $f8_19->mulInt64($f5_2, 30);
    863. 

  863.         $f5f9_76 = $f9_38->mulInt64($f5_2, 30);
    864. 

  864. 

  865.         $f6f6_19 = $f6_19->mulInt64($f6, 30);
    866. 

  866.         $f6f7_38 = $f7_38->mulInt64($f6, 30);
    867. 

  867.         $f6f8_38 = $f8_19->mulInt64($f6_2, 30);
    868. 

  868.         $f6f9_38 = $f9_38->mulInt64($f6, 30);
    869. 

  869. 

  870.         $f7f7_38 = $f7_38->mulInt64($f7, 28);
    871. 

  871.         $f7f8_38 = $f8_19->mulInt64($f7_2, 30);
    872. 

  872.         $f7f9_76 = $f9_38->mulInt64($f7_2, 30);
    873. 

  873. 

  874.         $f8f8_19 = $f8_19->mulInt64($f8, 30);
    875. 

  875.         $f8f9_38 = $f9_38->mulInt64($f8, 30);
    876. 

  876. 

  877.         $f9f9_38 = $f9_38->mulInt64($f9, 28);
    878. 

  878. 

  879.         $h0 = $f0f0->addInt64($f1f9_76)->addInt64($f2f8_38)->addInt64($f3f7_76)->addInt64($f4f6_38)->addInt64($f5f5_38);
    880. 

  880.         $h1 = $f0f1_2->addInt64($f2f9_38)->addInt64($f3f8_38)->addInt64($f4f7_38)->addInt64($f5f6_38);
    881. 

  881.         $h2 = $f0f2_2->addInt64($f1f1_2)->addInt64($f3f9_76)->addInt64($f4f8_38)->addInt64($f5f7_76)->addInt64($f6f6_19);
    882. 

  882.         $h3 = $f0f3_2->addInt64($f1f2_2)->addInt64($f4f9_38)->addInt64($f5f8_38)->addInt64($f6f7_38);
    883. 

  883.         $h4 = $f0f4_2->addInt64($f1f3_4)->addInt64($f2f2)->addInt64($f5f9_76)->addInt64($f6f8_38)->addInt64($f7f7_38);
    884. 

  884.         $h5 = $f0f5_2->addInt64($f1f4_2)->addInt64($f2f3_2)->addInt64($f6f9_38)->addInt64($f7f8_38);
    885. 

  885.         $h6 = $f0f6_2->addInt64($f1f5_4)->addInt64($f2f4_2)->addInt64($f3f3_2)->addInt64($f7f9_76)->addInt64($f8f8_19);
    886. 

  886.         $h7 = $f0f7_2->addInt64($f1f6_2)->addInt64($f2f5_2)->addInt64($f3f4_2)->addInt64($f8f9_38);
    887. 

  887.         $h8 = $f0f8_2->addInt64($f1f7_4)->addInt64($f2f6_2)->addInt64($f3f5_4)->addInt64($f4f4)->addInt64($f9f9_38);
    888. 

  888.         $h9 = $f0f9_2->addInt64($f1f8_2)->addInt64($f2f7_2)->addInt64($f3f6_2)->addInt64($f4f5_2);
    889. 

  889. 

  890.         /**
    891. 

  891.          * @var ParagonIE_Sodium_Core32_Int64 $h0
    892. 

  892.          * @var ParagonIE_Sodium_Core32_Int64 $h1
    893. 

  893.          * @var ParagonIE_Sodium_Core32_Int64 $h2
    894. 

  894.          * @var ParagonIE_Sodium_Core32_Int64 $h3
    895. 

  895.          * @var ParagonIE_Sodium_Core32_Int64 $h4
    896. 

  896.          * @var ParagonIE_Sodium_Core32_Int64 $h5
    897. 

  897.          * @var ParagonIE_Sodium_Core32_Int64 $h6
    898. 

  898.          * @var ParagonIE_Sodium_Core32_Int64 $h7
    899. 

  899.          * @var ParagonIE_Sodium_Core32_Int64 $h8
    900. 

  900.          * @var ParagonIE_Sodium_Core32_Int64 $h9
    901. 

  901.          */
    902. 

  902. 

  903.         $carry0 = $h0->addInt(1 << 25)->shiftRight(26);
    904. 

  904.         $h1 = $h1->addInt64($carry0);
    905. 

  905.         $h0 = $h0->subInt64($carry0->shiftLeft(26));
    906. 

  906. 

  907.         $carry4 = $h4->addInt(1 << 25)->shiftRight(26);
    908. 

  908.         $h5 = $h5->addInt64($carry4);
    909. 

  909.         $h4 = $h4->subInt64($carry4->shiftLeft(26));
    910. 

  910. 

  911.         $carry1 = $h1->addInt(1 << 24)->shiftRight(25);
    912. 

  912.         $h2 = $h2->addInt64($carry1);
    913. 

  913.         $h1 = $h1->subInt64($carry1->shiftLeft(25));
    914. 

  914. 

  915.         $carry5 = $h5->addInt(1 << 24)->shiftRight(25);
    916. 

  916.         $h6 = $h6->addInt64($carry5);
    917. 

  917.         $h5 = $h5->subInt64($carry5->shiftLeft(25));
    918. 

  918. 

  919.         $carry2 = $h2->addInt(1 << 25)->shiftRight(26);
    920. 

  920.         $h3 = $h3->addInt64($carry2);
    921. 

  921.         $h2 = $h2->subInt64($carry2->shiftLeft(26));
    922. 

  922. 

  923.         $carry6 = $h6->addInt(1 << 25)->shiftRight(26);
    924. 

  924.         $h7 = $h7->addInt64($carry6);
    925. 

  925.         $h6 = $h6->subInt64($carry6->shiftLeft(26));
    926. 

  926. 

  927.         $carry3 = $h3->addInt(1 << 24)->shiftRight(25);
    928. 

  928.         $h4 = $h4->addInt64($carry3);
    929. 

  929.         $h3 = $h3->subInt64($carry3->shiftLeft(25));
    930. 

  930. 

  931.         $carry7 = $h7->addInt(1 << 24)->shiftRight(25);
    932. 

  932.         $h8 = $h8->addInt64($carry7);
    933. 

  933.         $h7 = $h7->subInt64($carry7->shiftLeft(25));
    934. 

  934. 

  935.         $carry4 = $h4->addInt(1 << 25)->shiftRight(26);
    936. 

  936.         $h5 = $h5->addInt64($carry4);
    937. 

  937.         $h4 = $h4->subInt64($carry4->shiftLeft(26));
    938. 

  938. 

  939.         $carry8 = $h8->addInt(1 << 25)->shiftRight(26);
    940. 

  940.         $h9 = $h9->addInt64($carry8);
    941. 

  941.         $h8 = $h8->subInt64($carry8->shiftLeft(26));
    942. 

  942. 

  943.         $carry9 = $h9->addInt(1 << 24)->shiftRight(25);
    944. 

  944.         $h0 = $h0->addInt64($carry9->mulInt(19, 5));
    945. 

  945.         $h9 = $h9->subInt64($carry9->shiftLeft(25));
    946. 

  946. 

  947.         $carry0 = $h0->addInt(1 << 25)->shiftRight(26);
    948. 

  948.         $h1 = $h1->addInt64($carry0);
    949. 

  949.         $h0 = $h0->subInt64($carry0->shiftLeft(26));
    950. 

  950. 

  951.         return ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray(
    952. 

  952.             array(
    953. 

  953.                 $h0->toInt32(),
    954. 

  954.                 $h1->toInt32(),
    955. 

  955.                 $h2->toInt32(),
    956. 

  956.                 $h3->toInt32(),
    957. 

  957.                 $h4->toInt32(),
    958. 

  958.                 $h5->toInt32(),
    959. 

  959.                 $h6->toInt32(),
    960. 

  960.                 $h7->toInt32(),
    961. 

  961.                 $h8->toInt32(),
    962. 

  962.                 $h9->toInt32()
    963. 

  963.             )
    964. 

  964.         );
    965. 

  965.     }
    966. 

  966. 

  967.     /**
    968. 

  968.      * Square and double a field element
    969. 

  969.      *
    970. 

  970.      * h = 2 * f * f
    971. 

  971.      *
    972. 

  972.      * @internal You should not use this directly from another application
    973. 

  973.      *
    974. 

  974.      * @param ParagonIE_Sodium_Core32_Curve25519_Fe $f
    975. 

  975.      * @return ParagonIE_Sodium_Core32_Curve25519_Fe
    976. 

  976.      * @throws SodiumException
    977. 

  977.      * @throws TypeError
    978. 

  978.      * @psalm-suppress MixedMethodCall
    979. 

  979.      */
    980. 

  980.     public static function fe_sq2(ParagonIE_Sodium_Core32_Curve25519_Fe $f)
    981. 

  981.     {
    982. 

  982.         /** @var ParagonIE_Sodium_Core32_Int64 $f0 */
    983. 

  983.         $f0 = $f[0]->toInt64();
    984. 

  984.         /** @var ParagonIE_Sodium_Core32_Int64 $f1 */
    985. 

  985.         $f1 = $f[1]->toInt64();
    986. 

  986.         /** @var ParagonIE_Sodium_Core32_Int64 $f2 */
    987. 

  987.         $f2 = $f[2]->toInt64();
    988. 

  988.         /** @var ParagonIE_Sodium_Core32_Int64 $f3 */
    989. 

  989.         $f3 = $f[3]->toInt64();
    990. 

  990.         /** @var ParagonIE_Sodium_Core32_Int64 $f4 */
    991. 

  991.         $f4 = $f[4]->toInt64();
    992. 

  992.         /** @var ParagonIE_Sodium_Core32_Int64 $f5 */
    993. 

  993.         $f5 = $f[5]->toInt64();
    994. 

  994.         /** @var ParagonIE_Sodium_Core32_Int64 $f6 */
    995. 

  995.         $f6 = $f[6]->toInt64();
    996. 

  996.         /** @var ParagonIE_Sodium_Core32_Int64 $f7 */
    997. 

  997.         $f7 = $f[7]->toInt64();
    998. 

  998.         /** @var ParagonIE_Sodium_Core32_Int64 $f8 */
    999. 

  999.         $f8 = $f[8]->toInt64();
    1000. 

  1000.         /** @var ParagonIE_Sodium_Core32_Int64 $f9 */
    1001. 

  1001.         $f9 = $f[9]->toInt64();
    1002. 

  1002. 

  1003.         $f0_2 = $f0->shiftLeft(1);
    1004. 

  1004.         $f1_2 = $f1->shiftLeft(1);
    1005. 

  1005.         $f2_2 = $f2->shiftLeft(1);
    1006. 

  1006.         $f3_2 = $f3->shiftLeft(1);
    1007. 

  1007.         $f4_2 = $f4->shiftLeft(1);
    1008. 

  1008.         $f5_2 = $f5->shiftLeft(1);
    1009. 

  1009.         $f6_2 = $f6->shiftLeft(1);
    1010. 

  1010.         $f7_2 = $f7->shiftLeft(1);
    1011. 

  1011.         $f5_38 = $f5->mulInt(38, 6); /* 1.959375*2^30 */
    1012. 

  1012.         $f6_19 = $f6->mulInt(19, 5); /* 1.959375*2^30 */
    1013. 

  1013.         $f7_38 = $f7->mulInt(38, 6); /* 1.959375*2^30 */
    1014. 

  1014.         $f8_19 = $f8->mulInt(19, 5); /* 1.959375*2^30 */
    1015. 

  1015.         $f9_38 = $f9->mulInt(38, 6); /* 1.959375*2^30 */
    1016. 

  1016.         $f0f0 = $f0->mulInt64($f0, 28);
    1017. 

  1017.         $f0f1_2 = $f0_2->mulInt64($f1, 28);
    1018. 

  1018.         $f0f2_2 = $f0_2->mulInt64($f2, 28);
    1019. 

  1019.         $f0f3_2 = $f0_2->mulInt64($f3, 28);
    1020. 

  1020.         $f0f4_2 = $f0_2->mulInt64($f4, 28);
    1021. 

  1021.         $f0f5_2 = $f0_2->mulInt64($f5, 28);
    1022. 

  1022.         $f0f6_2 = $f0_2->mulInt64($f6, 28);
    1023. 

  1023.         $f0f7_2 = $f0_2->mulInt64($f7, 28);
    1024. 

  1024.         $f0f8_2 = $f0_2->mulInt64($f8, 28);
    1025. 

  1025.         $f0f9_2 = $f0_2->mulInt64($f9, 28);
    1026. 

  1026.         $f1f1_2 = $f1_2->mulInt64($f1, 28);
    1027. 

  1027.         $f1f2_2 = $f1_2->mulInt64($f2, 28);
    1028. 

  1028.         $f1f3_4 = $f1_2->mulInt64($f3_2, 29);
    1029. 

  1029.         $f1f4_2 = $f1_2->mulInt64($f4, 28);
    1030. 

  1030.         $f1f5_4 = $f1_2->mulInt64($f5_2, 29);
    1031. 

  1031.         $f1f6_2 = $f1_2->mulInt64($f6, 28);
    1032. 

  1032.         $f1f7_4 = $f1_2->mulInt64($f7_2, 29);
    1033. 

  1033.         $f1f8_2 = $f1_2->mulInt64($f8, 28);
    1034. 

  1034.         $f1f9_76 = $f9_38->mulInt64($f1_2, 29);
    1035. 

  1035.         $f2f2 = $f2->mulInt64($f2, 28);
    1036. 

  1036.         $f2f3_2 = $f2_2->mulInt64($f3, 28);
    1037. 

  1037.         $f2f4_2 = $f2_2->mulInt64($f4, 28);
    1038. 

  1038.         $f2f5_2 = $f2_2->mulInt64($f5, 28);
    1039. 

  1039.         $f2f6_2 = $f2_2->mulInt64($f6, 28);
    1040. 

  1040.         $f2f7_2 = $f2_2->mulInt64($f7, 28);
    1041. 

  1041.         $f2f8_38 = $f8_19->mulInt64($f2_2, 29);
    1042. 

  1042.         $f2f9_38 = $f9_38->mulInt64($f2, 29);
    1043. 

  1043.         $f3f3_2 = $f3_2->mulInt64($f3, 28);
    1044. 

  1044.         $f3f4_2 = $f3_2->mulInt64($f4, 28);
    1045. 

  1045.         $f3f5_4 = $f3_2->mulInt64($f5_2, 28);
    1046. 

  1046.         $f3f6_2 = $f3_2->mulInt64($f6, 28);
    1047. 

  1047.         $f3f7_76 = $f7_38->mulInt64($f3_2, 29);
    1048. 

  1048.         $f3f8_38 = $f8_19->mulInt64($f3_2, 29);
    1049. 

  1049.         $f3f9_76 = $f9_38->mulInt64($f3_2, 29);
    1050. 

  1050.         $f4f4 = $f4->mulInt64($f4, 28);
    1051. 

  1051.         $f4f5_2 = $f4_2->mulInt64($f5, 28);
    1052. 

  1052.         $f4f6_38 = $f6_19->mulInt64($f4_2, 29);
    1053. 

  1053.         $f4f7_38 = $f7_38->mulInt64($f4, 29);
    1054. 

  1054.         $f4f8_38 = $f8_19->mulInt64($f4_2, 29);
    1055. 

  1055.         $f4f9_38 = $f9_38->mulInt64($f4, 29);
    1056. 

  1056.         $f5f5_38 = $f5_38->mulInt64($f5, 29);
    1057. 

  1057.         $f5f6_38 = $f6_19->mulInt64($f5_2, 29);
    1058. 

  1058.         $f5f7_76 = $f7_38->mulInt64($f5_2, 29);
    1059. 

  1059.         $f5f8_38 = $f8_19->mulInt64($f5_2, 29);
    1060. 

  1060.         $f5f9_76 = $f9_38->mulInt64($f5_2, 29);
    1061. 

  1061.         $f6f6_19 = $f6_19->mulInt64($f6, 29);
    1062. 

  1062.         $f6f7_38 = $f7_38->mulInt64($f6, 29);
    1063. 

  1063.         $f6f8_38 = $f8_19->mulInt64($f6_2, 29);
    1064. 

  1064.         $f6f9_38 = $f9_38->mulInt64($f6, 29);
    1065. 

  1065.         $f7f7_38 = $f7_38->mulInt64($f7, 29);
    1066. 

  1066.         $f7f8_38 = $f8_19->mulInt64($f7_2, 29);
    1067. 

  1067.         $f7f9_76 = $f9_38->mulInt64($f7_2, 29);
    1068. 

  1068.         $f8f8_19 = $f8_19->mulInt64($f8, 29);
    1069. 

  1069.         $f8f9_38 = $f9_38->mulInt64($f8, 29);
    1070. 

  1070.         $f9f9_38 = $f9_38->mulInt64($f9, 29);
    1071. 

  1071. 

  1072.         $h0 = $f0f0->addInt64($f1f9_76)->addInt64($f2f8_38)->addInt64($f3f7_76)->addInt64($f4f6_38)->addInt64($f5f5_38);
    1073. 

  1073.         $h1 = $f0f1_2->addInt64($f2f9_38)->addInt64($f3f8_38)->addInt64($f4f7_38)->addInt64($f5f6_38);
    1074. 

  1074.         $h2 = $f0f2_2->addInt64($f1f1_2)->addInt64($f3f9_76)->addInt64($f4f8_38)->addInt64($f5f7_76)->addInt64($f6f6_19);
    1075. 

  1075.         $h3 = $f0f3_2->addInt64($f1f2_2)->addInt64($f4f9_38)->addInt64($f5f8_38)->addInt64($f6f7_38);
    1076. 

  1076.         $h4 = $f0f4_2->addInt64($f1f3_4)->addInt64($f2f2)->addInt64($f5f9_76)->addInt64($f6f8_38)->addInt64($f7f7_38);
    1077. 

  1077.         $h5 = $f0f5_2->addInt64($f1f4_2)->addInt64($f2f3_2)->addInt64($f6f9_38)->addInt64($f7f8_38);
    1078. 

  1078.         $h6 = $f0f6_2->addInt64($f1f5_4)->addInt64($f2f4_2)->addInt64($f3f3_2)->addInt64($f7f9_76)->addInt64($f8f8_19);
    1079. 

  1079.         $h7 = $f0f7_2->addInt64($f1f6_2)->addInt64($f2f5_2)->addInt64($f3f4_2)->addInt64($f8f9_38);
    1080. 

  1080.         $h8 = $f0f8_2->addInt64($f1f7_4)->addInt64($f2f6_2)->addInt64($f3f5_4)->addInt64($f4f4)->addInt64($f9f9_38);
    1081. 

  1081.         $h9 = $f0f9_2->addInt64($f1f8_2)->addInt64($f2f7_2)->addInt64($f3f6_2)->addInt64($f4f5_2);
    1082. 

  1082. 

  1083.         /**
    1084. 

  1084.          * @var ParagonIE_Sodium_Core32_Int64 $h0
    1085. 

  1085.          * @var ParagonIE_Sodium_Core32_Int64 $h1
    1086. 

  1086.          * @var ParagonIE_Sodium_Core32_Int64 $h2
    1087. 

  1087.          * @var ParagonIE_Sodium_Core32_Int64 $h3
    1088. 

  1088.          * @var ParagonIE_Sodium_Core32_Int64 $h4
    1089. 

  1089.          * @var ParagonIE_Sodium_Core32_Int64 $h5
    1090. 

  1090.          * @var ParagonIE_Sodium_Core32_Int64 $h6
    1091. 

  1091.          * @var ParagonIE_Sodium_Core32_Int64 $h7
    1092. 

  1092.          * @var ParagonIE_Sodium_Core32_Int64 $h8
    1093. 

  1093.          * @var ParagonIE_Sodium_Core32_Int64 $h9
    1094. 

  1094.          */
    1095. 

  1095.         $h0 = $h0->shiftLeft(1);
    1096. 

  1096.         $h1 = $h1->shiftLeft(1);
    1097. 

  1097.         $h2 = $h2->shiftLeft(1);
    1098. 

  1098.         $h3 = $h3->shiftLeft(1);
    1099. 

  1099.         $h4 = $h4->shiftLeft(1);
    1100. 

  1100.         $h5 = $h5->shiftLeft(1);
    1101. 

  1101.         $h6 = $h6->shiftLeft(1);
    1102. 

  1102.         $h7 = $h7->shiftLeft(1);
    1103. 

  1103.         $h8 = $h8->shiftLeft(1);
    1104. 

  1104.         $h9 = $h9->shiftLeft(1);
    1105. 

  1105. 

  1106.         $carry0 = $h0->addInt(1 << 25)->shiftRight(26);
    1107. 

  1107.         $h1 = $h1->addInt64($carry0);
    1108. 

  1108.         $h0 = $h0->subInt64($carry0->shiftLeft(26));
    1109. 

  1109.         $carry4 = $h4->addInt(1 << 25)->shiftRight(26);
    1110. 

  1110.         $h5 = $h5->addInt64($carry4);
    1111. 

  1111.         $h4 = $h4->subInt64($carry4->shiftLeft(26));
    1112. 

  1112. 

  1113.         $carry1 = $h1->addInt(1 << 24)->shiftRight(25);
    1114. 

  1114.         $h2 = $h2->addInt64($carry1);
    1115. 

  1115.         $h1 = $h1->subInt64($carry1->shiftLeft(25));
    1116. 

  1116.         $carry5 = $h5->addInt(1 << 24)->shiftRight(25);
    1117. 

  1117.         $h6 = $h6->addInt64($carry5);
    1118. 

  1118.         $h5 = $h5->subInt64($carry5->shiftLeft(25));
    1119. 

  1119. 

  1120.         $carry2 = $h2->addInt(1 << 25)->shiftRight(26);
    1121. 

  1121.         $h3 = $h3->addInt64($carry2);
    1122. 

  1122.         $h2 = $h2->subInt64($carry2->shiftLeft(26));
    1123. 

  1123.         $carry6 = $h6->addInt(1 << 25)->shiftRight(26);
    1124. 

  1124.         $h7 = $h7->addInt64($carry6);
    1125. 

  1125.         $h6 = $h6->subInt64($carry6->shiftLeft(26));
    1126. 

  1126. 

  1127.         $carry3 = $h3->addInt(1 << 24)->shiftRight(25);
    1128. 

  1128.         $h4 = $h4->addInt64($carry3);
    1129. 

  1129.         $h3 = $h3->subInt64($carry3->shiftLeft(25));
    1130. 

  1130.         $carry7 = $h7->addInt(1 << 24)->shiftRight(25);
    1131. 

  1131.         $h8 = $h8->addInt64($carry7);
    1132. 

  1132.         $h7 = $h7->subInt64($carry7->shiftLeft(25));
    1133. 

  1133. 

  1134.         $carry4 = $h4->addInt(1 << 25)->shiftRight(26);
    1135. 

  1135.         $h5 = $h5->addInt64($carry4);
    1136. 

  1136.         $h4 = $h4->subInt64($carry4->shiftLeft(26));
    1137. 

  1137.         $carry8 = $h8->addInt(1 << 25)->shiftRight(26);
    1138. 

  1138.         $h9 = $h9->addInt64($carry8);
    1139. 

  1139.         $h8 = $h8->subInt64($carry8->shiftLeft(26));
    1140. 

  1140. 

  1141.         $carry9 = $h9->addInt(1 << 24)->shiftRight(25);
    1142. 

  1142.         $h0 = $h0->addInt64($carry9->mulInt(19, 5));
    1143. 

  1143.         $h9 = $h9->subInt64($carry9->shiftLeft(25));
    1144. 

  1144. 

  1145.         $carry0 = $h0->addInt(1 << 25)->shiftRight(26);
    1146. 

  1146.         $h1 = $h1->addInt64($carry0);
    1147. 

  1147.         $h0 = $h0->subInt64($carry0->shiftLeft(26));
    1148. 

  1148. 

  1149.         return ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray(
    1150. 

  1150.             array(
    1151. 

  1151.                 $h0->toInt32(),
    1152. 

  1152.                 $h1->toInt32(),
    1153. 

  1153.                 $h2->toInt32(),
    1154. 

  1154.                 $h3->toInt32(),
    1155. 

  1155.                 $h4->toInt32(),
    1156. 

  1156.                 $h5->toInt32(),
    1157. 

  1157.                 $h6->toInt32(),
    1158. 

  1158.                 $h7->toInt32(),
    1159. 

  1159.                 $h8->toInt32(),
    1160. 

  1160.                 $h9->toInt32()
    1161. 

  1161.             )
    1162. 

  1162.         );
    1163. 

  1163.     }
    1164. 

  1164. 

  1165.     /**
    1166. 

  1166.      * @internal You should not use this directly from another application
    1167. 

  1167.      *
    1168. 

  1168.      * @param ParagonIE_Sodium_Core32_Curve25519_Fe $Z
    1169. 

  1169.      * @return ParagonIE_Sodium_Core32_Curve25519_Fe
    1170. 

  1170.      * @throws SodiumException
    1171. 

  1171.      * @throws TypeError
    1172. 

  1172.      */
    1173. 

  1173.     public static function fe_invert(ParagonIE_Sodium_Core32_Curve25519_Fe $Z)
    1174. 

  1174.     {
    1175. 

  1175.         $z = clone $Z;
    1176. 

  1176.         $t0 = self::fe_sq($z);
    1177. 

  1177.         $t1 = self::fe_sq($t0);
    1178. 

  1178.         $t1 = self::fe_sq($t1);
    1179. 

  1179.         $t1 = self::fe_mul($z, $t1);
    1180. 

  1180.         $t0 = self::fe_mul($t0, $t1);
    1181. 

  1181.         $t2 = self::fe_sq($t0);
    1182. 

  1182.         $t1 = self::fe_mul($t1, $t2);
    1183. 

  1183.         $t2 = self::fe_sq($t1);
    1184. 

  1184.         for ($i = 1; $i < 5; ++$i) {
    1185. 

  1185.             $t2 = self::fe_sq($t2);
    1186. 

  1186.         }
    1187. 

  1187.         $t1 = self::fe_mul($t2, $t1);
    1188. 

  1188.         $t2 = self::fe_sq($t1);
    1189. 

  1189.         for ($i = 1; $i < 10; ++$i) {
    1190. 

  1190.             $t2 = self::fe_sq($t2);
    1191. 

  1191.         }
    1192. 

  1192.         $t2 = self::fe_mul($t2, $t1);
    1193. 

  1193.         $t3 = self::fe_sq($t2);
    1194. 

  1194.         for ($i = 1; $i < 20; ++$i) {
    1195. 

  1195.             $t3 = self::fe_sq($t3);
    1196. 

  1196.         }
    1197. 

  1197.         $t2 = self::fe_mul($t3, $t2);
    1198. 

  1198.         $t2 = self::fe_sq($t2);
    1199. 

  1199.         for ($i = 1; $i < 10; ++$i) {
    1200. 

  1200.             $t2 = self::fe_sq($t2);
    1201. 

  1201.         }
    1202. 

  1202.         $t1 = self::fe_mul($t2, $t1);
    1203. 

  1203.         $t2 = self::fe_sq($t1);
    1204. 

  1204.         for ($i = 1; $i < 50; ++$i) {
    1205. 

  1205.             $t2 = self::fe_sq($t2);
    1206. 

  1206.         }
    1207. 

  1207.         $t2 = self::fe_mul($t2, $t1);
    1208. 

  1208.         $t3 = self::fe_sq($t2);
    1209. 

  1209.         for ($i = 1; $i < 100; ++$i) {
    1210. 

  1210.             $t3 = self::fe_sq($t3);
    1211. 

  1211.         }
    1212. 

  1212.         $t2 = self::fe_mul($t3, $t2);
    1213. 

  1213.         $t2 = self::fe_sq($t2);
    1214. 

  1214.         for ($i = 1; $i < 50; ++$i) {
    1215. 

  1215.             $t2 = self::fe_sq($t2);
    1216. 

  1216.         }
    1217. 

  1217.         $t1 = self::fe_mul($t2, $t1);
    1218. 

  1218.         $t1 = self::fe_sq($t1);
    1219. 

  1219.         for ($i = 1; $i < 5; ++$i) {
    1220. 

  1220.             $t1 = self::fe_sq($t1);
    1221. 

  1221.         }
    1222. 

  1222.         return self::fe_mul($t1, $t0);
    1223. 

  1223.     }
    1224. 

  1224. 

  1225.     /**
    1226. 

  1226.      * @internal You should not use this directly from another application
    1227. 

  1227.      *
    1228. 

  1228.      * @ref https://github.com/jedisct1/libsodium/blob/68564326e1e9dc57ef03746f85734232d20ca6fb/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c#L1054-L1106
    1229. 

  1229.      *
    1230. 

  1230.      * @param ParagonIE_Sodium_Core32_Curve25519_Fe $z
    1231. 

  1231.      * @return ParagonIE_Sodium_Core32_Curve25519_Fe
    1232. 

  1232.      * @throws SodiumException
    1233. 

  1233.      * @throws TypeError
    1234. 

  1234.      */
    1235. 

  1235.     public static function fe_pow22523(ParagonIE_Sodium_Core32_Curve25519_Fe $z)
    1236. 

  1236.     {
    1237. 

  1237.         # fe_sq(t0, z);
    1238. 

  1238.         # fe_sq(t1, t0);
    1239. 

  1239.         # fe_sq(t1, t1);
    1240. 

  1240.         # fe_mul(t1, z, t1);
    1241. 

  1241.         # fe_mul(t0, t0, t1);
    1242. 

  1242.         # fe_sq(t0, t0);
    1243. 

  1243.         # fe_mul(t0, t1, t0);
    1244. 

  1244.         # fe_sq(t1, t0);
    1245. 

  1245.         $t0 = self::fe_sq($z);
    1246. 

  1246.         $t1 = self::fe_sq($t0);
    1247. 

  1247.         $t1 = self::fe_sq($t1);
    1248. 

  1248.         $t1 = self::fe_mul($z, $t1);
    1249. 

  1249.         $t0 = self::fe_mul($t0, $t1);
    1250. 

  1250.         $t0 = self::fe_sq($t0);
    1251. 

  1251.         $t0 = self::fe_mul($t1, $t0);
    1252. 

  1252.         $t1 = self::fe_sq($t0);
    1253. 

  1253. 

  1254.         # for (i = 1; i < 5; ++i) {
    1255. 

  1255.         #     fe_sq(t1, t1);
    1256. 

  1256.         # }
    1257. 

  1257.         for ($i = 1; $i < 5; ++$i) {
    1258. 

  1258.             $t1 = self::fe_sq($t1);
    1259. 

  1259.         }
    1260. 

  1260. 

  1261.         # fe_mul(t0, t1, t0);
    1262. 

  1262.         # fe_sq(t1, t0);
    1263. 

  1263.         $t0 = self::fe_mul($t1, $t0);
    1264. 

  1264.         $t1 = self::fe_sq($t0);
    1265. 

  1265. 

  1266.         # for (i = 1; i < 10; ++i) {
    1267. 

  1267.         #     fe_sq(t1, t1);
    1268. 

  1268.         # }
    1269. 

  1269.         for ($i = 1; $i < 10; ++$i) {
    1270. 

  1270.             $t1 =
    1271.