ParagonIE_Sodium_Core_Curve25519::fe_normalize() – Ensure limbs are less than 28 bits long to prevent float promotion.

You appear to be a bot. Output may be restricted

Description

Ensure limbs are less than 28 bits long to prevent float promotion.

This uses a constant-time conditional swap under the hood.

Usage

$ParagonIE_Sodium_Core_Curve25519_Fe = ParagonIE_Sodium_Core_Curve25519::fe_normalize( $f );

Parameters

$f
( ParagonIE_Sodium_Core_Curve25519_Fe ) required

Returns

ParagonIE_Sodium_Core_Curve25519_Fe

Source

File name: wordpress/wp-includes/sodium_compat/src/Core/Curve25519.php


Lines:

1 to 28 of 28
    public static function fe_normalize(ParagonIE_Sodium_Core_Curve25519_Fe $f)
    {
        $x = (PHP_INT_SIZE << 3) - 1; // 31 or 63

        $g = self::fe_copy($f);
        for ($i = 0; $i < 10; ++$i) {
            $mask = -(($g[$i] >> $x) & 1);

            /*
             * Get two candidate normalized values for $g[$i], depending on the sign of $g[$i]:
             */
            $a = $g[$i] & 0x7ffffff;
            $b = -((-$g[$i]) & 0x7ffffff);

            /*
             * Return the appropriate candidate value, based on the sign of the original input:
             *
             * The following is equivalent to this ternary:
             *
             * $g[$i] = (($g[$i] >> $x) & 1) ? $a : $b;
             *
             * Except what's written doesn't contain timing leaks.
             */
            $g[$i] = ($a ^ (($a ^ $b) & $mask));
        }
        return $g;
    }
 

 View on GitHub View on Trac