<?php
if (!defined('SODIUM_COMPAT_AEGIS_C0')) {
define('SODIUM_COMPAT_AEGIS_C0', "\x00\x01\x01\x02\x03\x05\x08\x0d\x15\x22\x37\x59\x90\xe9\x79\x62");
}
if (!defined('SODIUM_COMPAT_AEGIS_C1')) {
define('SODIUM_COMPAT_AEGIS_C1', "\xdb\x3d\x18\x55\x6d\xc2\x2f\xf1\x20\x11\x31\x42\x73\xb5\x28\xdd");
}
class ParagonIE_Sodium_Core_AEGIS256 extends ParagonIE_Sodium_Core_AES
{
/**
* @param string $ct
* @param string $tag
* @param string $ad
* @param string $key
* @param string $nonce
* @return string
* @throws SodiumException
*/
public static function decrypt($ct, $tag, $ad, $key, $nonce)
{
$state = self::init($key, $nonce);
// ad_blocks = Split(ZeroPad(ad, 128), 128)
$ad_blocks = (self::strlen($ad) + 15) >> 4;
// for ai in ad_blocks:
// Absorb(ai)
for ($i = 0; $i < $ad_blocks; ++$i) {
$ai = self::substr($ad, $i << 4, 16);
if (self::strlen($ai) < 16) {
$ai = str_pad($ai, 16, "\0", STR_PAD_RIGHT);
}
$state->absorb($ai);
}
$msg = '';
$cn = self::strlen($ct) & 15;
$ct_blocks = self::strlen($ct) >> 4;
// ct_blocks = Split(ZeroPad(ct, 128), 128)
// cn = Tail(ct, |ct| mod 128)
for ($i = 0; $i < $ct_blocks; ++$i) {
$msg .= $state->dec(self::substr($ct, $i << 4, 16));
}
// if cn is not empty:
// msg = msg || DecPartial(cn)
if ($cn) {
$start = $ct_blocks << 4;
$msg .= $state->decPartial(self::substr($ct, $start, $cn));
}
$expected_tag = $state->finalize(
self::strlen($ad) << 3,
self::strlen($msg) << 3
);
if (!self::hashEquals($expected_tag, $tag)) {
try {
// The RFC says to erase msg, so we shall try:
ParagonIE_Sodium_Compat::memzero($msg);
} catch (SodiumException $ex) {
// Do nothing if we cannot memzero
}
throw new SodiumException('verification failed');
}
return $msg;
}
/**
* @param string $msg
* @param string $ad
* @param string $key
* @param string $nonce
* @return array
* @throws SodiumException
*/
public static function encrypt($msg, $ad, $key, $nonce)
{
$state = self::init($key, $nonce);
$ad_len = self::strlen($ad);
$msg_len = self::strlen($msg);
$ad_blocks = ($ad_len + 15) >> 4;
for ($i = 0; $i < $ad_blocks; ++$i) {
$ai = self::substr($ad, $i << 4, 16);
if (self::strlen($ai) < 16) {
$ai = str_pad($ai, 16, "\0", STR_PAD_RIGHT);
}
$state->absorb($ai);
}
$ct = '';
$msg_blocks = ($msg_len + 15) >> 4;
for ($i = 0; $i < $msg_blocks; ++$i) {
$xi = self::substr($msg, $i << 4, 16);
if (self::strlen($xi) < 16) {
$xi = str_pad($xi, 16, "\0", STR_PAD_RIGHT);
}
$ct .= $state->enc($xi);
}
$tag = $state->finalize(
$ad_len << 3,
$msg_len << 3
);
return array(
self::substr($ct, 0, $msg_len),
$tag
);
}
/**
* @param string $key
* @param string $nonce
* @return ParagonIE_Sodium_Core_AEGIS_State256
*/
public static function init($key, $nonce)
{
return ParagonIE_Sodium_Core_AEGIS_State256::init($key, $nonce);
}
}
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| AEGIS | Folder | 0755 |
|
|
| AES | Folder | 0755 |
|
|
| Base64 | Folder | 0755 |
|
|
| ChaCha20 | Folder | 0755 |
|
|
| Curve25519 | Folder | 0755 |
|
|
| Poly1305 | Folder | 0755 |
|
|
| SecretStream | Folder | 0755 |
|
|
| AEGIS128L.php | File | 3.58 KB | 0644 |
|
| AEGIS256.php | File | 3.51 KB | 0644 |
|
| AES.php | File | 15.51 KB | 0644 |
|
| BLAKE2b.php | File | 23.63 KB | 0644 |
|
| ChaCha20.php | File | 12.63 KB | 0644 |
|
| Curve25519.php | File | 139.29 KB | 0644 |
|
| Ed25519.php | File | 17.07 KB | 0644 |
|
| HChaCha20.php | File | 3.78 KB | 0644 |
|
| HSalsa20.php | File | 3.59 KB | 0644 |
|
| Poly1305.php | File | 1.54 KB | 0644 |
|
| Ristretto255.php | File | 21.37 KB | 0644 |
|
| Salsa20.php | File | 8.04 KB | 0644 |
|
| SipHash.php | File | 8.04 KB | 0644 |
|
| Util.php | File | 28.25 KB | 0644 |
|
| X25519.php | File | 9.23 KB | 0644 |
|
| XChaCha20.php | File | 3.29 KB | 0644 |
|
| XSalsa20.php | File | 1.34 KB | 0644 |
|