You are here

Home » API reference » Automatic Updates 8 » Curve25519.php » ParagonIE_Sodium_Core_Curve25519

public static function ParagonIE_Sodium_Core_Curve25519::ge_frombytes_negate_vartime in Automatic Updates 8

Same name and namespace in other branches
  1. 7 vendor/paragonie/sodium_compat/src/Core/Curve25519.php \ParagonIE_Sodium_Core_Curve25519::ge_frombytes_negate_vartime()

@internal You should not use this directly from another application

Parameters

string $s:

Return value

ParagonIE_Sodium_Core_Curve25519_Ge_P3

Throws

SodiumException

TypeError

2 calls to ParagonIE_Sodium_Core_Curve25519::ge_frombytes_negate_vartime()
ParagonIE_Sodium_Core_Ed25519::pk_to_curve25519 in vendor/paragonie/sodium_compat/src/Core/Ed25519.php
ParagonIE_Sodium_Core_Ed25519::verify_detached in vendor/paragonie/sodium_compat/src/Core/Ed25519.php
@internal You should not use this directly from another application

File

vendor/paragonie/sodium_compat/src/Core/Curve25519.php, line 1337

Class

ParagonIE_Sodium_Core_Curve25519
Class ParagonIE_Sodium_Core_Curve25519

Code

public static function ge_frombytes_negate_vartime($s) {
  static $d = null;
  if (!$d) {
    $d = ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(self::$d);
  }

  # fe_frombytes(h->Y,s);

  # fe_1(h->Z);
  $h = new ParagonIE_Sodium_Core_Curve25519_Ge_P3(self::fe_0(), self::fe_frombytes($s), self::fe_1());

  # fe_sq(u,h->Y);

  # fe_mul(v,u,d);

  # fe_sub(u,u,h->Z);       /* u = y^2-1 */

  # fe_add(v,v,h->Z);       /* v = dy^2+1 */
  $u = self::fe_sq($h->Y);

  /** @var ParagonIE_Sodium_Core_Curve25519_Fe $d */
  $v = self::fe_mul($u, $d);
  $u = self::fe_sub($u, $h->Z);

  /* u =  y^2 - 1 */
  $v = self::fe_add($v, $h->Z);

  /* v = dy^2 + 1 */

  # fe_sq(v3,v);

  # fe_mul(v3,v3,v);        /* v3 = v^3 */

  # fe_sq(h->X,v3);

  # fe_mul(h->X,h->X,v);

  # fe_mul(h->X,h->X,u);    /* x = uv^7 */
  $v3 = self::fe_sq($v);
  $v3 = self::fe_mul($v3, $v);

  /* v3 = v^3 */
  $h->X = self::fe_sq($v3);
  $h->X = self::fe_mul($h->X, $v);
  $h->X = self::fe_mul($h->X, $u);

  /* x = uv^7 */

  # fe_pow22523(h->X,h->X); /* x = (uv^7)^((q-5)/8) */

  # fe_mul(h->X,h->X,v3);

  # fe_mul(h->X,h->X,u);    /* x = uv^3(uv^7)^((q-5)/8) */
  $h->X = self::fe_pow22523($h->X);

  /* x = (uv^7)^((q-5)/8) */
  $h->X = self::fe_mul($h->X, $v3);
  $h->X = self::fe_mul($h->X, $u);

  /* x = uv^3(uv^7)^((q-5)/8) */

  # fe_sq(vxx,h->X);

  # fe_mul(vxx,vxx,v);

  # fe_sub(check,vxx,u);    /* vx^2-u */
  $vxx = self::fe_sq($h->X);
  $vxx = self::fe_mul($vxx, $v);
  $check = self::fe_sub($vxx, $u);

  /* vx^2 - u */

  # if (fe_isnonzero(check)) {

  #     fe_add(check,vxx,u);  /* vx^2+u */

  #     if (fe_isnonzero(check)) {

  #         return -1;

  #     }

  #     fe_mul(h->X,h->X,sqrtm1);

  # }
  if (self::fe_isnonzero($check)) {
    $check = self::fe_add($vxx, $u);

    /* vx^2 + u */
    if (self::fe_isnonzero($check)) {
      throw new RangeException('Internal check failed.');
    }
    $h->X = self::fe_mul($h->X, ParagonIE_Sodium_Core_Curve25519_Fe::fromArray(self::$sqrtm1));
  }

  # if (fe_isnegative(h->X) == (s[31] >> 7)) {

  #     fe_neg(h->X,h->X);

  # }
  $i = self::chrToInt($s[31]);
  if (self::fe_isnegative($h->X) === $i >> 7) {
    $h->X = self::fe_neg($h->X);
  }

  # fe_mul(h->T,h->X,h->Y);
  $h->T = self::fe_mul($h->X, $h->Y);
  return $h;
}