You are here

Home » API reference » Automatic Updates 8 » Ed25519.php » ParagonIE_Sodium_Core32_Ed25519

public static function ParagonIE_Sodium_Core32_Ed25519::sign_detached in Automatic Updates 8

Same name and namespace in other branches
  1. 7 vendor/paragonie/sodium_compat/src/Core32/Ed25519.php \ParagonIE_Sodium_Core32_Ed25519::sign_detached()

@internal You should not use this directly from another application

Parameters

string $message:

string $sk:

Return value

string

Throws

SodiumException

TypeError

2 calls to ParagonIE_Sodium_Core32_Ed25519::sign_detached()
ParagonIE_Sodium_Core32_Ed25519::sign in vendor/paragonie/sodium_compat/src/Core32/Ed25519.php
@internal You should not use this directly from another application
ParagonIE_Sodium_Crypto32::sign_detached in vendor/paragonie/sodium_compat/src/Crypto32.php
Detached Ed25519 signature.

File

vendor/paragonie/sodium_compat/src/Core32/Ed25519.php, line 211

Class

ParagonIE_Sodium_Core32_Ed25519
Class ParagonIE_Sodium_Core32_Ed25519

Code

public static function sign_detached($message, $sk) {

  # crypto_hash_sha512(az, sk, 32);
  $az = hash('sha512', self::substr($sk, 0, 32), true);

  # az[0] &= 248;

  # az[31] &= 63;

  # az[31] |= 64;
  $az[0] = self::intToChr(self::chrToInt($az[0]) & 248);
  $az[31] = self::intToChr(self::chrToInt($az[31]) & 63 | 64);

  # crypto_hash_sha512_init(&hs);

  # crypto_hash_sha512_update(&hs, az + 32, 32);

  # crypto_hash_sha512_update(&hs, m, mlen);

  # crypto_hash_sha512_final(&hs, nonce);
  $hs = hash_init('sha512');
  hash_update($hs, self::substr($az, 32, 32));
  hash_update($hs, $message);
  $nonceHash = hash_final($hs, true);

  # memmove(sig + 32, sk + 32, 32);
  $pk = self::substr($sk, 32, 32);

  # sc_reduce(nonce);

  # ge_scalarmult_base(&R, nonce);

  # ge_p3_tobytes(sig, &R);
  $nonce = self::sc_reduce($nonceHash) . self::substr($nonceHash, 32);
  $sig = self::ge_p3_tobytes(self::ge_scalarmult_base($nonce));

  # crypto_hash_sha512_init(&hs);

  # crypto_hash_sha512_update(&hs, sig, 64);

  # crypto_hash_sha512_update(&hs, m, mlen);

  # crypto_hash_sha512_final(&hs, hram);
  $hs = hash_init('sha512');
  hash_update($hs, self::substr($sig, 0, 32));
  hash_update($hs, self::substr($pk, 0, 32));
  hash_update($hs, $message);
  $hramHash = hash_final($hs, true);

  # sc_reduce(hram);

  # sc_muladd(sig + 32, hram, az, nonce);
  $hram = self::sc_reduce($hramHash);
  $sigAfter = self::sc_muladd($hram, $az, $nonce);
  $sig = self::substr($sig, 0, 32) . self::substr($sigAfter, 0, 32);
  try {
    ParagonIE_Sodium_Compat::memzero($az);
  } catch (SodiumException $ex) {
    $az = null;
  }
  return $sig;
}