xref: /PHP-8.4/ext/sodium/libsodium.c (revision fd2d8696)
1 /*
2    +----------------------------------------------------------------------+
3    | Copyright (c) The PHP Group                                          |
4    +----------------------------------------------------------------------+
5    | This source file is subject to version 3.01 of the PHP license,      |
6    | that is bundled with this package in the file LICENSE, and is        |
7    | available through the world-wide-web at the following url:           |
8    | https://www.php.net/license/3_01.txt                                 |
9    | If you did not receive a copy of the PHP license and are unable to   |
10    | obtain it through the world-wide-web, please send a note to          |
11    | license@php.net so we can mail you a copy immediately.               |
12    +----------------------------------------------------------------------+
13    | Authors: Frank Denis <jedisct1@php.net>                              |
14    +----------------------------------------------------------------------+
15 */
16 
17 #ifdef HAVE_CONFIG_H
18 # include "config.h"
19 #endif
20 
21 #include "php.h"
22 #include "ext/standard/info.h"
23 #include "php_libsodium.h"
24 #include "zend_attributes.h"
25 #include "zend_exceptions.h"
26 
27 #include <sodium.h>
28 #include <stdint.h>
29 #include <string.h>
30 
31 #define PHP_SODIUM_ZSTR_TRUNCATE(zs, len) do { ZSTR_LEN(zs) = (len); } while(0)
32 
33 static zend_class_entry *sodium_exception_ce;
34 
35 #if (defined(__amd64) || defined(__amd64__) || defined(__x86_64__) || defined(__i386__) || \
36 	 defined(_M_AMD64) || defined(_M_IX86) || defined(__aarch64__) || defined(_M_ARM64))
37 # define HAVE_AESGCM 1
38 #endif
39 
zend_string_checked_alloc(size_t len,int persistent)40 static zend_always_inline zend_string *zend_string_checked_alloc(size_t len, int persistent)
41 {
42 	zend_string *zs;
43 
44 	if (ZEND_MM_ALIGNED_SIZE(_ZSTR_STRUCT_SIZE(len)) < len) {
45 		zend_error_noreturn(E_ERROR, "Memory allocation too large (%zu bytes)", len);
46 	}
47 	zs = zend_string_alloc(len, persistent);
48 	ZSTR_VAL(zs)[len] = 0;
49 
50 	return zs;
51 }
52 
53 #ifndef crypto_kdf_BYTES_MIN
54 # define crypto_kdf_BYTES_MIN 16
55 # define crypto_kdf_BYTES_MAX 64
56 # define crypto_kdf_CONTEXTBYTES 8
57 # define crypto_kdf_KEYBYTES 32
58 #endif
59 
60 #ifndef crypto_kx_SEEDBYTES
61 # define crypto_kx_SEEDBYTES 32
62 # define crypto_kx_SESSIONKEYBYTES 32
63 # define crypto_kx_PUBLICKEYBYTES 32
64 # define crypto_kx_SECRETKEYBYTES 32
65 #endif
66 
67 #include "libsodium_arginfo.h"
68 
69 #ifndef crypto_aead_chacha20poly1305_IETF_KEYBYTES
70 # define crypto_aead_chacha20poly1305_IETF_KEYBYTES crypto_aead_chacha20poly1305_KEYBYTES
71 #endif
72 #ifndef crypto_aead_chacha20poly1305_IETF_NSECBYTES
73 # define crypto_aead_chacha20poly1305_IETF_NSECBYTES crypto_aead_chacha20poly1305_NSECBYTES
74 #endif
75 #ifndef crypto_aead_chacha20poly1305_IETF_ABYTES
76 # define crypto_aead_chacha20poly1305_IETF_ABYTES crypto_aead_chacha20poly1305_ABYTES
77 #endif
78 
79 #if defined(crypto_secretstream_xchacha20poly1305_ABYTES) && SODIUM_LIBRARY_VERSION_MAJOR < 10
80 # undef crypto_secretstream_xchacha20poly1305_ABYTES
81 #endif
82 
83 #ifndef crypto_pwhash_OPSLIMIT_MIN
84 # define crypto_pwhash_OPSLIMIT_MIN crypto_pwhash_OPSLIMIT_INTERACTIVE
85 #endif
86 #ifndef crypto_pwhash_MEMLIMIT_MIN
87 # define crypto_pwhash_MEMLIMIT_MIN crypto_pwhash_MEMLIMIT_INTERACTIVE
88 #endif
89 #ifndef crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN
90 # define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE
91 #endif
92 #ifndef crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN
93 # define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE
94 #endif
95 
96 /* Load after the "standard" module in order to give it
97  * priority in registering argon2i/argon2id password hashers.
98  */
99 static const zend_module_dep sodium_deps[] = {
100 	ZEND_MOD_REQUIRED("standard")
101 	ZEND_MOD_END
102 };
103 
104 zend_module_entry sodium_module_entry = {
105 	STANDARD_MODULE_HEADER_EX,
106 	NULL,
107 	sodium_deps,
108 	"sodium",
109 	ext_functions,
110 	PHP_MINIT(sodium),
111 	PHP_MSHUTDOWN(sodium),
112 	NULL,
113 	NULL,
114 	PHP_MINFO(sodium),
115 	PHP_SODIUM_VERSION,
116 	STANDARD_MODULE_PROPERTIES
117 };
118 /* }}} */
119 
120 #ifdef COMPILE_DL_SODIUM
ZEND_GET_MODULE(sodium)121 ZEND_GET_MODULE(sodium)
122 #endif
123 
124 /* Remove argument information from backtrace to prevent information leaks */
125 static void sodium_remove_param_values_from_backtrace(zend_object *obj) {
126 	zval rv;
127 	zval *trace = zend_read_property_ex(zend_get_exception_base(obj), obj, ZSTR_KNOWN(ZEND_STR_TRACE), /* silent */ false, &rv);
128 	if (trace && Z_TYPE_P(trace) == IS_ARRAY) {
129 		zval *frame;
130 		ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(trace), frame) {
131 			if (Z_TYPE_P(frame) == IS_ARRAY) {
132 				zval *args = zend_hash_find(Z_ARRVAL_P(frame), ZSTR_KNOWN(ZEND_STR_ARGS));
133 				if (args) {
134 					zval_ptr_dtor(args);
135 					ZVAL_EMPTY_ARRAY(args);
136 				}
137 			}
138 		} ZEND_HASH_FOREACH_END();
139 	}
140 }
141 
sodium_exception_create_object(zend_class_entry * ce)142 static zend_object *sodium_exception_create_object(zend_class_entry *ce) {
143 	zend_object *obj = zend_ce_exception->create_object(ce);
144 	sodium_remove_param_values_from_backtrace(obj);
145 	return obj;
146 }
147 
sodium_separate_string(zval * zv)148 static void sodium_separate_string(zval *zv) {
149 	ZEND_ASSERT(Z_TYPE_P(zv) == IS_STRING);
150 	if (!Z_REFCOUNTED_P(zv) || Z_REFCOUNT_P(zv) > 1) {
151 		zend_string *copy = zend_string_init(Z_STRVAL_P(zv), Z_STRLEN_P(zv), 0);
152 		Z_TRY_DELREF_P(zv);
153 		ZVAL_STR(zv, copy);
154 	}
155 }
156 
PHP_MINIT_FUNCTION(sodium)157 PHP_MINIT_FUNCTION(sodium)
158 {
159 	if (sodium_init() < 0) {
160 		zend_error_noreturn(E_ERROR, "sodium_init()");
161 	}
162 
163 	sodium_exception_ce = register_class_SodiumException(zend_ce_exception);
164 	sodium_exception_ce->create_object = sodium_exception_create_object;
165 
166 #if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
167 	if (FAILURE == PHP_MINIT(sodium_password_hash)(INIT_FUNC_ARGS_PASSTHRU)) {
168 		return FAILURE;
169 	}
170 #endif
171 
172 	register_libsodium_symbols(module_number);
173 
174 	return SUCCESS;
175 }
176 
PHP_MSHUTDOWN_FUNCTION(sodium)177 PHP_MSHUTDOWN_FUNCTION(sodium)
178 {
179 	randombytes_close();
180 	return SUCCESS;
181 }
182 
PHP_MINFO_FUNCTION(sodium)183 PHP_MINFO_FUNCTION(sodium)
184 {
185 	php_info_print_table_start();
186 	php_info_print_table_row(2, "sodium support", "enabled");
187 	php_info_print_table_row(2, "libsodium headers version", SODIUM_VERSION_STRING);
188 	php_info_print_table_row(2, "libsodium library version", sodium_version_string());
189 	php_info_print_table_end();
190 }
191 
PHP_FUNCTION(sodium_memzero)192 PHP_FUNCTION(sodium_memzero)
193 {
194 	zval      *buf_zv;
195 
196 	if (zend_parse_parameters(ZEND_NUM_ARGS(),
197 									"z", &buf_zv) == FAILURE) {
198 		sodium_remove_param_values_from_backtrace(EG(exception));
199 		RETURN_THROWS();
200 	}
201 	ZVAL_DEREF(buf_zv);
202 	if (Z_TYPE_P(buf_zv) != IS_STRING) {
203 		zend_throw_exception(sodium_exception_ce, "a PHP string is required", 0);
204 		RETURN_THROWS();
205 	}
206 	if (Z_REFCOUNTED_P(buf_zv) && Z_REFCOUNT_P(buf_zv) == 1) {
207 		char *buf = Z_STRVAL(*buf_zv);
208 		size_t buf_len = Z_STRLEN(*buf_zv);
209 		if (buf_len > 0) {
210 			sodium_memzero(buf, (size_t) buf_len);
211 		}
212 	}
213 	convert_to_null(buf_zv);
214 }
215 
PHP_FUNCTION(sodium_increment)216 PHP_FUNCTION(sodium_increment)
217 {
218 	zval          *val_zv;
219 	unsigned char *val;
220 	size_t         val_len;
221 
222 	if (zend_parse_parameters(ZEND_NUM_ARGS(),
223 									"z", &val_zv) == FAILURE) {
224 		sodium_remove_param_values_from_backtrace(EG(exception));
225 		RETURN_THROWS();
226 	}
227 	ZVAL_DEREF(val_zv);
228 	if (Z_TYPE_P(val_zv) != IS_STRING) {
229 		zend_throw_exception(sodium_exception_ce, "a PHP string is required", 0);
230 		RETURN_THROWS();
231 	}
232 
233 	sodium_separate_string(val_zv);
234 	val = (unsigned char *) Z_STRVAL(*val_zv);
235 	val_len = Z_STRLEN(*val_zv);
236 	sodium_increment(val, val_len);
237 }
238 
PHP_FUNCTION(sodium_add)239 PHP_FUNCTION(sodium_add)
240 {
241 	zval          *val_zv;
242 	unsigned char *val;
243 	unsigned char *addv;
244 	size_t         val_len;
245 	size_t         addv_len;
246 
247 	if (zend_parse_parameters(ZEND_NUM_ARGS(),
248 									"zs", &val_zv, &addv, &addv_len) == FAILURE) {
249 		sodium_remove_param_values_from_backtrace(EG(exception));
250 		RETURN_THROWS();
251 	}
252 	ZVAL_DEREF(val_zv);
253 	if (Z_TYPE_P(val_zv) != IS_STRING) {
254 		zend_throw_exception(sodium_exception_ce, "PHP strings are required", 0);
255 		RETURN_THROWS();
256 	}
257 
258 	sodium_separate_string(val_zv);
259 	val = (unsigned char *) Z_STRVAL(*val_zv);
260 	val_len = Z_STRLEN(*val_zv);
261 	if (val_len != addv_len) {
262 		zend_argument_error(sodium_exception_ce, 1, "and argument #2 ($string_2) must have the same length");
263 		RETURN_THROWS();
264 	}
265 	sodium_add(val, addv, val_len);
266 }
267 
PHP_FUNCTION(sodium_memcmp)268 PHP_FUNCTION(sodium_memcmp)
269 {
270 	char      *buf1;
271 	char      *buf2;
272 	size_t     len1;
273 	size_t     len2;
274 
275 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
276 									&buf1, &len1,
277 									&buf2, &len2) == FAILURE) {
278 		sodium_remove_param_values_from_backtrace(EG(exception));
279 		RETURN_THROWS();
280 	}
281 	if (len1 != len2) {
282 		zend_argument_error(sodium_exception_ce, 1, "and argument #2 ($string_2) must have the same length");
283 		RETURN_THROWS();
284 	}
285 	RETURN_LONG(sodium_memcmp(buf1, buf2, len1));
286 }
287 
PHP_FUNCTION(sodium_crypto_shorthash)288 PHP_FUNCTION(sodium_crypto_shorthash)
289 {
290 	zend_string   *hash;
291 	unsigned char *key;
292 	unsigned char *msg;
293 	size_t         key_len;
294 	size_t         msg_len;
295 
296 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
297 									&msg, &msg_len,
298 									&key, &key_len) == FAILURE) {
299 		sodium_remove_param_values_from_backtrace(EG(exception));
300 		RETURN_THROWS();
301 	}
302 	if (key_len != crypto_shorthash_KEYBYTES) {
303 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_SHORTHASH_KEYBYTES bytes long");
304 		RETURN_THROWS();
305 	}
306 	hash = zend_string_alloc(crypto_shorthash_BYTES, 0);
307 	if (crypto_shorthash((unsigned char *) ZSTR_VAL(hash), msg,
308 						 (unsigned long long) msg_len, key) != 0) {
309 		zend_string_efree(hash);
310 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
311 		RETURN_THROWS();
312 	}
313 	ZSTR_VAL(hash)[crypto_shorthash_BYTES] = 0;
314 
315 	RETURN_NEW_STR(hash);
316 }
317 
PHP_FUNCTION(sodium_crypto_secretbox)318 PHP_FUNCTION(sodium_crypto_secretbox)
319 {
320 	zend_string   *ciphertext;
321 	unsigned char *key;
322 	unsigned char *msg;
323 	unsigned char *nonce;
324 	size_t         key_len;
325 	size_t         msg_len;
326 	size_t         nonce_len;
327 
328 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss",
329 									&msg, &msg_len,
330 									&nonce, &nonce_len,
331 									&key, &key_len) == FAILURE) {
332 		sodium_remove_param_values_from_backtrace(EG(exception));
333 		RETURN_THROWS();
334 	}
335 	if (nonce_len != crypto_secretbox_NONCEBYTES) {
336 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_SECRETBOX_NONCEBYTES bytes long");
337 		RETURN_THROWS();
338 	}
339 	if (key_len != crypto_secretbox_KEYBYTES) {
340 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_SECRETBOX_KEYBYTES bytes long");
341 		RETURN_THROWS();
342 	}
343 	if (SIZE_MAX - msg_len <= crypto_secretbox_MACBYTES) {
344 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
345 		RETURN_THROWS();
346 	}
347 	ciphertext = zend_string_alloc((size_t) msg_len + crypto_secretbox_MACBYTES, 0);
348 	if (crypto_secretbox_easy((unsigned char *) ZSTR_VAL(ciphertext),
349 							  msg, (unsigned long long) msg_len,
350 							  nonce, key) != 0) {
351 		zend_string_efree(ciphertext);
352 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
353 		RETURN_THROWS();
354 	}
355 	ZSTR_VAL(ciphertext)[msg_len + crypto_secretbox_MACBYTES] = 0;
356 
357 	RETURN_NEW_STR(ciphertext);
358 }
359 
PHP_FUNCTION(sodium_crypto_secretbox_open)360 PHP_FUNCTION(sodium_crypto_secretbox_open)
361 {
362 	zend_string   *msg;
363 	unsigned char *key;
364 	unsigned char *ciphertext;
365 	unsigned char *nonce;
366 	size_t         key_len;
367 	size_t         ciphertext_len;
368 	size_t         nonce_len;
369 
370 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss",
371 									&ciphertext, &ciphertext_len,
372 									&nonce, &nonce_len,
373 									&key, &key_len) == FAILURE) {
374 		sodium_remove_param_values_from_backtrace(EG(exception));
375 		RETURN_THROWS();
376 	}
377 	if (nonce_len != crypto_secretbox_NONCEBYTES) {
378 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_SECRETBOX_NONCEBYTES bytes long");
379 		RETURN_THROWS();
380 	}
381 	if (key_len != crypto_secretbox_KEYBYTES) {
382 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_SECRETBOX_KEYBYTES bytes long");
383 		RETURN_THROWS();
384 	}
385 	if (ciphertext_len < crypto_secretbox_MACBYTES) {
386 		RETURN_FALSE;
387 	}
388 	msg = zend_string_alloc
389 		((size_t) ciphertext_len - crypto_secretbox_MACBYTES, 0);
390 	if (crypto_secretbox_open_easy((unsigned char *) ZSTR_VAL(msg), ciphertext,
391 								   (unsigned long long) ciphertext_len,
392 								   nonce, key) != 0) {
393 		zend_string_efree(msg);
394 		RETURN_FALSE;
395 	} else {
396 		ZSTR_VAL(msg)[ciphertext_len - crypto_secretbox_MACBYTES] = 0;
397 		RETURN_NEW_STR(msg);
398 	}
399 }
400 
PHP_FUNCTION(sodium_crypto_generichash)401 PHP_FUNCTION(sodium_crypto_generichash)
402 {
403 	zend_string   *hash;
404 	unsigned char *key = NULL;
405 	unsigned char *msg;
406 	zend_long      hash_len = crypto_generichash_BYTES;
407 	size_t         key_len = 0;
408 	size_t         msg_len;
409 
410 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|sl",
411 									&msg, &msg_len,
412 									&key, &key_len,
413 									&hash_len) == FAILURE) {
414 		sodium_remove_param_values_from_backtrace(EG(exception));
415 		RETURN_THROWS();
416 	}
417 	if (hash_len < crypto_generichash_BYTES_MIN ||
418 		hash_len > crypto_generichash_BYTES_MAX) {
419 		zend_throw_exception(sodium_exception_ce, "unsupported output length", 0);
420 		RETURN_THROWS();
421 	}
422 	if (key_len != 0 &&
423 		(key_len < crypto_generichash_KEYBYTES_MIN ||
424 		 key_len > crypto_generichash_KEYBYTES_MAX)) {
425 		zend_throw_exception(sodium_exception_ce, "unsupported key length", 0);
426 		RETURN_THROWS();
427 	}
428 	hash = zend_string_alloc(hash_len, 0);
429 	if (crypto_generichash((unsigned char *) ZSTR_VAL(hash), (size_t) hash_len,
430 						   msg, (unsigned long long) msg_len,
431 						   key, (size_t) key_len) != 0) {
432 		zend_string_efree(hash);
433 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
434 		RETURN_THROWS();
435 	}
436 	ZSTR_VAL(hash)[hash_len] = 0;
437 
438 	RETURN_NEW_STR(hash);
439 }
440 
PHP_FUNCTION(sodium_crypto_generichash_init)441 PHP_FUNCTION(sodium_crypto_generichash_init)
442 {
443 	crypto_generichash_state  state_tmp;
444 	zend_string              *state;
445 	unsigned char            *key = NULL;
446 	size_t                    state_len = sizeof (crypto_generichash_state);
447 	zend_long                 hash_len = crypto_generichash_BYTES;
448 	size_t                    key_len = 0;
449 
450 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "|sl",
451 									&key, &key_len,
452 									&hash_len) == FAILURE) {
453 		sodium_remove_param_values_from_backtrace(EG(exception));
454 		RETURN_THROWS();
455 	}
456 	if (hash_len < crypto_generichash_BYTES_MIN ||
457 		hash_len > crypto_generichash_BYTES_MAX) {
458 		zend_throw_exception(sodium_exception_ce, "unsupported output length", 0);
459 		RETURN_THROWS();
460 	}
461 	if (key_len != 0 &&
462 		(key_len < crypto_generichash_KEYBYTES_MIN ||
463 		 key_len > crypto_generichash_KEYBYTES_MAX)) {
464 		zend_throw_exception(sodium_exception_ce, "unsupported key length", 0);
465 		RETURN_THROWS();
466 	}
467 	memset(&state_tmp, 0, sizeof state_tmp);
468 	if (crypto_generichash_init((void *) &state_tmp, key, (size_t) key_len,
469 								(size_t) hash_len) != 0) {
470 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
471 		RETURN_THROWS();
472 	}
473 	state = zend_string_alloc(state_len, 0);
474 	memcpy(ZSTR_VAL(state), &state_tmp, state_len);
475 	sodium_memzero(&state_tmp, sizeof state_tmp);
476 	ZSTR_VAL(state)[state_len] = 0;
477 
478 	RETURN_STR(state);
479 }
480 
PHP_FUNCTION(sodium_crypto_generichash_update)481 PHP_FUNCTION(sodium_crypto_generichash_update)
482 {
483 	crypto_generichash_state  state_tmp;
484 	zval                     *state_zv;
485 	unsigned char            *msg;
486 	unsigned char            *state;
487 	size_t                    msg_len;
488 	size_t                    state_len;
489 
490 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "zs",
491 									&state_zv, &msg, &msg_len) == FAILURE) {
492 		sodium_remove_param_values_from_backtrace(EG(exception));
493 		RETURN_THROWS();
494 	}
495 	ZVAL_DEREF(state_zv);
496 	if (Z_TYPE_P(state_zv) != IS_STRING) {
497 		zend_argument_error(sodium_exception_ce, 1, "must be a reference to a state");
498 		RETURN_THROWS();
499 	}
500 	sodium_separate_string(state_zv);
501 	state = (unsigned char *) Z_STRVAL(*state_zv);
502 	state_len = Z_STRLEN(*state_zv);
503 	if (state_len != sizeof (crypto_generichash_state)) {
504 		zend_throw_exception(sodium_exception_ce, "incorrect state length", 0);
505 		RETURN_THROWS();
506 	}
507 	memcpy(&state_tmp, state, sizeof state_tmp);
508 	if (crypto_generichash_update((void *) &state_tmp, msg,
509 								  (unsigned long long) msg_len) != 0) {
510 		sodium_memzero(&state_tmp, sizeof state_tmp);
511 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
512 		RETURN_THROWS();
513 	}
514 	memcpy(state, &state_tmp, state_len);
515 	sodium_memzero(&state_tmp, sizeof state_tmp);
516 
517 	RETURN_TRUE;
518 }
519 
PHP_FUNCTION(sodium_crypto_generichash_final)520 PHP_FUNCTION(sodium_crypto_generichash_final)
521 {
522 	crypto_generichash_state  state_tmp;
523 	zend_string              *hash;
524 	zval                     *state_zv;
525 	unsigned char            *state;
526 	size_t                    state_len;
527 	zend_long                 hash_len = crypto_generichash_BYTES;
528 
529 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "z|l",
530 									&state_zv, &hash_len) == FAILURE) {
531 		sodium_remove_param_values_from_backtrace(EG(exception));
532 		RETURN_THROWS();
533 	}
534 	ZVAL_DEREF(state_zv);
535 	if (Z_TYPE_P(state_zv) != IS_STRING) {
536 		zend_argument_error(sodium_exception_ce, 1, "must be a reference to a state");
537 		RETURN_THROWS();
538 	}
539 	sodium_separate_string(state_zv);
540 	state = (unsigned char *) Z_STRVAL(*state_zv);
541 	state_len = Z_STRLEN(*state_zv);
542 	if (state_len != sizeof (crypto_generichash_state)) {
543 		zend_throw_exception(sodium_exception_ce, "incorrect state length", 0);
544 		RETURN_THROWS();
545 	}
546 	if (hash_len < crypto_generichash_BYTES_MIN ||
547 		hash_len > crypto_generichash_BYTES_MAX) {
548 		zend_throw_exception(sodium_exception_ce, "unsupported output length", 0);
549 		RETURN_THROWS();
550 	}
551 	hash = zend_string_alloc(hash_len, 0);
552 	memcpy(&state_tmp, state, sizeof state_tmp);
553 	if (crypto_generichash_final((void *) &state_tmp,
554 								 (unsigned char *) ZSTR_VAL(hash),
555 								 (size_t) hash_len) != 0) {
556 		sodium_memzero(&state_tmp, sizeof state_tmp);
557 		zend_string_efree(hash);
558 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
559 		RETURN_THROWS();
560 	}
561 	sodium_memzero(&state_tmp, sizeof state_tmp);
562 	sodium_memzero(state, state_len);
563 	convert_to_null(state_zv);
564 	ZSTR_VAL(hash)[hash_len] = 0;
565 
566 	RETURN_NEW_STR(hash);
567 }
568 
PHP_FUNCTION(sodium_crypto_box_keypair)569 PHP_FUNCTION(sodium_crypto_box_keypair)
570 {
571 	zend_string *keypair;
572 	size_t       keypair_len;
573 
574 	if (zend_parse_parameters_none() == FAILURE) {
575 		RETURN_THROWS();
576 	}
577 	keypair_len = crypto_box_SECRETKEYBYTES + crypto_box_PUBLICKEYBYTES;
578 	keypair = zend_string_alloc(keypair_len, 0);
579 	if (crypto_box_keypair((unsigned char *) ZSTR_VAL(keypair) +
580 						   crypto_box_SECRETKEYBYTES,
581 						   (unsigned char *) ZSTR_VAL(keypair)) != 0) {
582 		zend_string_efree(keypair);
583 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
584 		RETURN_THROWS();
585 	}
586 	ZSTR_VAL(keypair)[keypair_len] = 0;
587 
588 	RETURN_NEW_STR(keypair);
589 }
590 
PHP_FUNCTION(sodium_crypto_box_seed_keypair)591 PHP_FUNCTION(sodium_crypto_box_seed_keypair)
592 {
593 	zend_string   *keypair;
594 	unsigned char *seed;
595 	size_t         keypair_len;
596 	size_t         seed_len;
597 
598 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
599 									&seed, &seed_len) == FAILURE) {
600 		sodium_remove_param_values_from_backtrace(EG(exception));
601 		RETURN_THROWS();
602 	}
603 	if (seed_len != crypto_box_SEEDBYTES) {
604 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_BOX_SEEDBYTES bytes long");
605 		RETURN_THROWS();
606 	}
607 	keypair_len = crypto_box_SECRETKEYBYTES + crypto_box_PUBLICKEYBYTES;
608 	keypair = zend_string_alloc(keypair_len, 0);
609 	if (crypto_box_seed_keypair((unsigned char *) ZSTR_VAL(keypair) +
610 								 crypto_box_SECRETKEYBYTES,
611 								 (unsigned char *) ZSTR_VAL(keypair),
612 								 seed) != 0) {
613 		zend_string_efree(keypair);
614 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
615 		RETURN_THROWS();
616 	}
617 	ZSTR_VAL(keypair)[keypair_len] = 0;
618 
619 	RETURN_NEW_STR(keypair);
620 }
621 
PHP_FUNCTION(sodium_crypto_box_keypair_from_secretkey_and_publickey)622 PHP_FUNCTION(sodium_crypto_box_keypair_from_secretkey_and_publickey)
623 {
624 	zend_string *keypair;
625 	char        *publickey;
626 	char        *secretkey;
627 	size_t       keypair_len;
628 	size_t       publickey_len;
629 	size_t       secretkey_len;
630 
631 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
632 									&secretkey, &secretkey_len,
633 									&publickey, &publickey_len) == FAILURE) {
634 		sodium_remove_param_values_from_backtrace(EG(exception));
635 		RETURN_THROWS();
636 	}
637 	if (secretkey_len != crypto_box_SECRETKEYBYTES) {
638 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_BOX_SECRETKEYBYTES bytes long");
639 		RETURN_THROWS();
640 	}
641 	if (publickey_len != crypto_box_PUBLICKEYBYTES) {
642 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_BOX_PUBLICKEYBYTES bytes long");
643 		RETURN_THROWS();
644 	}
645 	keypair_len = crypto_box_SECRETKEYBYTES + crypto_box_PUBLICKEYBYTES;
646 	keypair = zend_string_alloc(keypair_len, 0);
647 	memcpy(ZSTR_VAL(keypair), secretkey, crypto_box_SECRETKEYBYTES);
648 	memcpy(ZSTR_VAL(keypair) + crypto_box_SECRETKEYBYTES, publickey,
649 		   crypto_box_PUBLICKEYBYTES);
650 	ZSTR_VAL(keypair)[keypair_len] = 0;
651 
652 	RETURN_STR(keypair);
653 }
654 
PHP_FUNCTION(sodium_crypto_box_secretkey)655 PHP_FUNCTION(sodium_crypto_box_secretkey)
656 {
657 	zend_string   *secretkey;
658 	unsigned char *keypair;
659 	size_t         keypair_len;
660 
661 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
662 									&keypair, &keypair_len) == FAILURE) {
663 		sodium_remove_param_values_from_backtrace(EG(exception));
664 		RETURN_THROWS();
665 	}
666 	if (keypair_len !=
667 		crypto_box_SECRETKEYBYTES + crypto_box_PUBLICKEYBYTES) {
668 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_BOX_KEYPAIRBYTES bytes long");
669 		RETURN_THROWS();
670 	}
671 	secretkey = zend_string_alloc(crypto_box_SECRETKEYBYTES, 0);
672 	memcpy(ZSTR_VAL(secretkey), keypair, crypto_box_SECRETKEYBYTES);
673 	ZSTR_VAL(secretkey)[crypto_box_SECRETKEYBYTES] = 0;
674 
675 	RETURN_STR(secretkey);
676 }
677 
PHP_FUNCTION(sodium_crypto_box_publickey)678 PHP_FUNCTION(sodium_crypto_box_publickey)
679 {
680 	zend_string   *publickey;
681 	unsigned char *keypair;
682 	size_t         keypair_len;
683 
684 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
685 									&keypair, &keypair_len) == FAILURE) {
686 		sodium_remove_param_values_from_backtrace(EG(exception));
687 		RETURN_THROWS();
688 	}
689 	if (keypair_len !=
690 		crypto_box_SECRETKEYBYTES + crypto_box_PUBLICKEYBYTES) {
691 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_BOX_KEYPAIRBYTES bytes long");
692 		RETURN_THROWS();
693 	}
694 	publickey = zend_string_alloc(crypto_box_PUBLICKEYBYTES, 0);
695 	memcpy(ZSTR_VAL(publickey), keypair + crypto_box_SECRETKEYBYTES,
696 		   crypto_box_PUBLICKEYBYTES);
697 	ZSTR_VAL(publickey)[crypto_box_PUBLICKEYBYTES] = 0;
698 
699 	RETURN_STR(publickey);
700 }
701 
PHP_FUNCTION(sodium_crypto_box_publickey_from_secretkey)702 PHP_FUNCTION(sodium_crypto_box_publickey_from_secretkey)
703 {
704 	zend_string   *publickey;
705 	unsigned char *secretkey;
706 	size_t         secretkey_len;
707 
708 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
709 									&secretkey, &secretkey_len) == FAILURE) {
710 		sodium_remove_param_values_from_backtrace(EG(exception));
711 		RETURN_THROWS();
712 	}
713 	if (secretkey_len != crypto_box_SECRETKEYBYTES) {
714 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_BOX_SECRETKEYBYTES bytes long");
715 		RETURN_THROWS();
716 	}
717 	publickey = zend_string_alloc(crypto_box_PUBLICKEYBYTES, 0);
718 	(void) sizeof(int[crypto_scalarmult_BYTES ==
719 					  crypto_box_PUBLICKEYBYTES ? 1 : -1]);
720 	(void) sizeof(int[crypto_scalarmult_SCALARBYTES ==
721 					  crypto_box_SECRETKEYBYTES ? 1 : -1]);
722 	crypto_scalarmult_base((unsigned char *) ZSTR_VAL(publickey), secretkey);
723 	ZSTR_VAL(publickey)[crypto_box_PUBLICKEYBYTES] = 0;
724 
725 	RETURN_STR(publickey);
726 }
727 
PHP_FUNCTION(sodium_crypto_box)728 PHP_FUNCTION(sodium_crypto_box)
729 {
730 	zend_string   *ciphertext;
731 	unsigned char *keypair;
732 	unsigned char *msg;
733 	unsigned char *nonce;
734 	unsigned char *publickey;
735 	unsigned char *secretkey;
736 	size_t         keypair_len;
737 	size_t         msg_len;
738 	size_t         nonce_len;
739 
740 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss",
741 									&msg, &msg_len,
742 									&nonce, &nonce_len,
743 									&keypair, &keypair_len) == FAILURE) {
744 		sodium_remove_param_values_from_backtrace(EG(exception));
745 		RETURN_THROWS();
746 	}
747 	if (nonce_len != crypto_box_NONCEBYTES) {
748 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_BOX_NONCEBYTES bytes long");
749 		RETURN_THROWS();
750 	}
751 	if (keypair_len != crypto_box_SECRETKEYBYTES + crypto_box_PUBLICKEYBYTES) {
752 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_BOX_KEYPAIRBYTES bytes long");
753 		RETURN_THROWS();
754 	}
755 	secretkey = keypair;
756 	publickey = keypair + crypto_box_SECRETKEYBYTES;
757 	if (SIZE_MAX - msg_len <= crypto_box_MACBYTES) {
758 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
759 		RETURN_THROWS();
760 	}
761 	ciphertext = zend_string_alloc((size_t) msg_len + crypto_box_MACBYTES, 0);
762 	if (crypto_box_easy((unsigned char *) ZSTR_VAL(ciphertext), msg,
763 						(unsigned long long) msg_len,
764 						nonce, publickey, secretkey) != 0) {
765 		zend_string_efree(ciphertext);
766 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
767 		RETURN_THROWS();
768 	}
769 	ZSTR_VAL(ciphertext)[msg_len + crypto_box_MACBYTES] = 0;
770 
771 	RETURN_NEW_STR(ciphertext);
772 }
773 
PHP_FUNCTION(sodium_crypto_box_open)774 PHP_FUNCTION(sodium_crypto_box_open)
775 {
776 	zend_string   *msg;
777 	unsigned char *ciphertext;
778 	unsigned char *keypair;
779 	unsigned char *nonce;
780 	unsigned char *publickey;
781 	unsigned char *secretkey;
782 	size_t         ciphertext_len;
783 	size_t         keypair_len;
784 	size_t         nonce_len;
785 
786 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss",
787 									&ciphertext, &ciphertext_len,
788 									&nonce, &nonce_len,
789 									&keypair, &keypair_len) == FAILURE) {
790 		sodium_remove_param_values_from_backtrace(EG(exception));
791 		RETURN_THROWS();
792 	}
793 	if (nonce_len != crypto_box_NONCEBYTES) {
794 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_BOX_NONCEBYTES bytes long");
795 		RETURN_THROWS();
796 	}
797 	if (keypair_len != crypto_box_SECRETKEYBYTES + crypto_box_PUBLICKEYBYTES) {
798 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_BOX_KEYPAIRBYTES bytes long");
799 		RETURN_THROWS();
800 	}
801 	secretkey = keypair;
802 	publickey = keypair + crypto_box_SECRETKEYBYTES;
803 	if (ciphertext_len < crypto_box_MACBYTES) {
804 		RETURN_FALSE;
805 	}
806 	msg = zend_string_alloc((size_t) ciphertext_len - crypto_box_MACBYTES, 0);
807 	if (crypto_box_open_easy((unsigned char *) ZSTR_VAL(msg), ciphertext,
808 							 (unsigned long long) ciphertext_len,
809 							 nonce, publickey, secretkey) != 0) {
810 		zend_string_efree(msg);
811 		RETURN_FALSE;
812 	} else {
813 		ZSTR_VAL(msg)[ciphertext_len - crypto_box_MACBYTES] = 0;
814 		RETURN_NEW_STR(msg);
815 	}
816 }
817 
PHP_FUNCTION(sodium_crypto_box_seal)818 PHP_FUNCTION(sodium_crypto_box_seal)
819 {
820 	zend_string   *ciphertext;
821 	unsigned char *msg;
822 	unsigned char *publickey;
823 	size_t         msg_len;
824 	size_t         publickey_len;
825 
826 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
827 									&msg, &msg_len,
828 									&publickey, &publickey_len) == FAILURE) {
829 		sodium_remove_param_values_from_backtrace(EG(exception));
830 		RETURN_THROWS();
831 	}
832 	if (publickey_len != crypto_box_PUBLICKEYBYTES) {
833 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_BOX_PUBLICKEYBYTES bytes long");
834 		RETURN_THROWS();
835 	}
836 	if (SIZE_MAX - msg_len <= crypto_box_SEALBYTES) {
837 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
838 		RETURN_THROWS();
839 	}
840 	ciphertext = zend_string_alloc((size_t) msg_len + crypto_box_SEALBYTES, 0);
841 	if (crypto_box_seal((unsigned char *) ZSTR_VAL(ciphertext), msg,
842 						(unsigned long long) msg_len, publickey) != 0) {
843 		zend_string_efree(ciphertext);
844 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
845 		RETURN_THROWS();
846 	}
847 	ZSTR_VAL(ciphertext)[msg_len + crypto_box_SEALBYTES] = 0;
848 
849 	RETURN_NEW_STR(ciphertext);
850 }
851 
PHP_FUNCTION(sodium_crypto_box_seal_open)852 PHP_FUNCTION(sodium_crypto_box_seal_open)
853 {
854 	zend_string   *msg;
855 	unsigned char *ciphertext;
856 	unsigned char *keypair;
857 	unsigned char *publickey;
858 	unsigned char *secretkey;
859 	size_t         ciphertext_len;
860 	size_t         keypair_len;
861 
862 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
863 									&ciphertext, &ciphertext_len,
864 									&keypair, &keypair_len) == FAILURE) {
865 		sodium_remove_param_values_from_backtrace(EG(exception));
866 		RETURN_THROWS();
867 	}
868 	if (keypair_len != crypto_box_SECRETKEYBYTES + crypto_box_PUBLICKEYBYTES) {
869 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_BOX_KEYPAIRBYTES bytes long");
870 		RETURN_THROWS();
871 	}
872 	secretkey = keypair;
873 	publickey = keypair + crypto_box_SECRETKEYBYTES;
874 	if (ciphertext_len < crypto_box_SEALBYTES) {
875 		RETURN_FALSE;
876 	}
877 	msg = zend_string_alloc((size_t) ciphertext_len - crypto_box_SEALBYTES, 0);
878 	if (crypto_box_seal_open((unsigned char *) ZSTR_VAL(msg), ciphertext,
879 							 (unsigned long long) ciphertext_len,
880 							 publickey, secretkey) != 0) {
881 		zend_string_efree(msg);
882 		RETURN_FALSE;
883 	} else {
884 		ZSTR_VAL(msg)[ciphertext_len - crypto_box_SEALBYTES] = 0;
885 		RETURN_NEW_STR(msg);
886 	}
887 }
888 
PHP_FUNCTION(sodium_crypto_sign_keypair)889 PHP_FUNCTION(sodium_crypto_sign_keypair)
890 {
891 	zend_string *keypair;
892 	size_t       keypair_len;
893 
894 	if (zend_parse_parameters_none() == FAILURE) {
895 		RETURN_THROWS();
896 	}
897 	keypair_len = crypto_sign_SECRETKEYBYTES + crypto_sign_PUBLICKEYBYTES;
898 	keypair = zend_string_alloc(keypair_len, 0);
899 	if (crypto_sign_keypair((unsigned char *) ZSTR_VAL(keypair) +
900 							crypto_sign_SECRETKEYBYTES,
901 							(unsigned char *) ZSTR_VAL(keypair)) != 0) {
902 		zend_string_efree(keypair);
903 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
904 		RETURN_THROWS();
905 	}
906 	ZSTR_VAL(keypair)[keypair_len] = 0;
907 
908 	RETURN_NEW_STR(keypair);
909 }
910 
PHP_FUNCTION(sodium_crypto_sign_seed_keypair)911 PHP_FUNCTION(sodium_crypto_sign_seed_keypair)
912 {
913 	zend_string   *keypair;
914 	unsigned char *seed;
915 	size_t         keypair_len;
916 	size_t         seed_len;
917 
918 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
919 									&seed, &seed_len) == FAILURE) {
920 		sodium_remove_param_values_from_backtrace(EG(exception));
921 		RETURN_THROWS();
922 	}
923 	if (seed_len != crypto_sign_SEEDBYTES) {
924 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_SIGN_SEEDBYTES bytes long");
925 		RETURN_THROWS();
926 	}
927 	keypair_len = crypto_sign_SECRETKEYBYTES + crypto_sign_PUBLICKEYBYTES;
928 	keypair = zend_string_alloc(keypair_len, 0);
929 	if (crypto_sign_seed_keypair((unsigned char *) ZSTR_VAL(keypair) +
930 								 crypto_sign_SECRETKEYBYTES,
931 								 (unsigned char *) ZSTR_VAL(keypair),
932 								 seed) != 0) {
933 		zend_string_efree(keypair);
934 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
935 		RETURN_THROWS();
936 	}
937 	ZSTR_VAL(keypair)[keypair_len] = 0;
938 
939 	RETURN_NEW_STR(keypair);
940 }
941 
PHP_FUNCTION(sodium_crypto_sign_keypair_from_secretkey_and_publickey)942 PHP_FUNCTION(sodium_crypto_sign_keypair_from_secretkey_and_publickey)
943 {
944 	zend_string *keypair;
945 	char        *publickey;
946 	char        *secretkey;
947 	size_t       keypair_len;
948 	size_t       publickey_len;
949 	size_t       secretkey_len;
950 
951 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
952 									&secretkey, &secretkey_len,
953 									&publickey, &publickey_len) == FAILURE) {
954 		sodium_remove_param_values_from_backtrace(EG(exception));
955 		RETURN_THROWS();
956 	}
957 	if (secretkey_len != crypto_sign_SECRETKEYBYTES) {
958 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_SIGN_SECRETKEYBYTES bytes long");
959 		RETURN_THROWS();
960 	}
961 	if (publickey_len != crypto_sign_PUBLICKEYBYTES) {
962 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES bytes long");
963 		RETURN_THROWS();
964 	}
965 	keypair_len = crypto_sign_SECRETKEYBYTES + crypto_sign_PUBLICKEYBYTES;
966 	keypair = zend_string_alloc(keypair_len, 0);
967 	memcpy(ZSTR_VAL(keypair), secretkey, crypto_sign_SECRETKEYBYTES);
968 	memcpy(ZSTR_VAL(keypair) + crypto_sign_SECRETKEYBYTES, publickey,
969 		   crypto_sign_PUBLICKEYBYTES);
970 	ZSTR_VAL(keypair)[keypair_len] = 0;
971 
972 	RETURN_STR(keypair);
973 }
974 
PHP_FUNCTION(sodium_crypto_sign_publickey_from_secretkey)975 PHP_FUNCTION(sodium_crypto_sign_publickey_from_secretkey)
976 {
977 	zend_string *publickey;
978 	char        *secretkey;
979 	size_t       secretkey_len;
980 
981 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
982 									&secretkey, &secretkey_len) == FAILURE) {
983 		sodium_remove_param_values_from_backtrace(EG(exception));
984 		RETURN_THROWS();
985 	}
986 	if (secretkey_len != crypto_sign_SECRETKEYBYTES) {
987 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_SIGN_SECRETKEYBYTES bytes long");
988 		RETURN_THROWS();
989 	}
990 	publickey = zend_string_alloc(crypto_sign_PUBLICKEYBYTES, 0);
991 
992 	if (crypto_sign_ed25519_sk_to_pk((unsigned char *) ZSTR_VAL(publickey),
993 									 (const unsigned char *) secretkey) != 0) {
994 		zend_string_efree(publickey);
995 		zend_throw_exception(sodium_exception_ce,
996 				   "internal error", 0);
997 		RETURN_THROWS();
998 	}
999 	ZSTR_VAL(publickey)[crypto_sign_PUBLICKEYBYTES] = 0;
1000 
1001 	RETURN_STR(publickey);
1002 }
1003 
PHP_FUNCTION(sodium_crypto_sign_secretkey)1004 PHP_FUNCTION(sodium_crypto_sign_secretkey)
1005 {
1006 	zend_string   *secretkey;
1007 	unsigned char *keypair;
1008 	size_t         keypair_len;
1009 
1010 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
1011 									&keypair, &keypair_len) == FAILURE) {
1012 		sodium_remove_param_values_from_backtrace(EG(exception));
1013 		RETURN_THROWS();
1014 	}
1015 	if (keypair_len !=
1016 		crypto_sign_SECRETKEYBYTES + crypto_sign_PUBLICKEYBYTES) {
1017 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_SIGN_KEYPAIRBYTES bytes long");
1018 		RETURN_THROWS();
1019 	}
1020 	secretkey = zend_string_alloc(crypto_sign_SECRETKEYBYTES, 0);
1021 	memcpy(ZSTR_VAL(secretkey), keypair, crypto_sign_SECRETKEYBYTES);
1022 	ZSTR_VAL(secretkey)[crypto_sign_SECRETKEYBYTES] = 0;
1023 
1024 	RETURN_STR(secretkey);
1025 }
1026 
PHP_FUNCTION(sodium_crypto_sign_publickey)1027 PHP_FUNCTION(sodium_crypto_sign_publickey)
1028 {
1029 	zend_string   *publickey;
1030 	unsigned char *keypair;
1031 	size_t         keypair_len;
1032 
1033 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
1034 									&keypair, &keypair_len) == FAILURE) {
1035 		sodium_remove_param_values_from_backtrace(EG(exception));
1036 		RETURN_THROWS();
1037 	}
1038 	if (keypair_len !=
1039 		crypto_sign_SECRETKEYBYTES + crypto_sign_PUBLICKEYBYTES) {
1040 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_SIGN_KEYPAIRBYTES bytes long");
1041 		RETURN_THROWS();
1042 	}
1043 	publickey = zend_string_alloc(crypto_sign_PUBLICKEYBYTES, 0);
1044 	memcpy(ZSTR_VAL(publickey), keypair + crypto_sign_SECRETKEYBYTES,
1045 		   crypto_sign_PUBLICKEYBYTES);
1046 	ZSTR_VAL(publickey)[crypto_sign_PUBLICKEYBYTES] = 0;
1047 
1048 	RETURN_STR(publickey);
1049 }
1050 
PHP_FUNCTION(sodium_crypto_sign)1051 PHP_FUNCTION(sodium_crypto_sign)
1052 {
1053 	zend_string        *msg_signed;
1054 	unsigned char      *msg;
1055 	unsigned char      *secretkey;
1056 	unsigned long long  msg_signed_real_len;
1057 	size_t              msg_len;
1058 	size_t              msg_signed_len;
1059 	size_t              secretkey_len;
1060 
1061 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
1062 									&msg, &msg_len,
1063 									&secretkey, &secretkey_len) == FAILURE) {
1064 		sodium_remove_param_values_from_backtrace(EG(exception));
1065 		RETURN_THROWS();
1066 	}
1067 	if (secretkey_len != crypto_sign_SECRETKEYBYTES) {
1068 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_SIGN_SECRETKEYBYTES bytes long");
1069 		RETURN_THROWS();
1070 	}
1071 	if (SIZE_MAX - msg_len <= crypto_sign_BYTES) {
1072 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
1073 		RETURN_THROWS();
1074 	}
1075 	msg_signed_len = msg_len + crypto_sign_BYTES;
1076 	msg_signed = zend_string_alloc((size_t) msg_signed_len, 0);
1077 	if (crypto_sign((unsigned char *) ZSTR_VAL(msg_signed),
1078 					&msg_signed_real_len, msg,
1079 					(unsigned long long) msg_len, secretkey) != 0) {
1080 		zend_string_efree(msg_signed);
1081 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
1082 		RETURN_THROWS();
1083 	}
1084 	if (msg_signed_real_len >= SIZE_MAX || msg_signed_real_len > msg_signed_len) {
1085 		zend_string_efree(msg_signed);
1086 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
1087 		RETURN_THROWS();
1088 	}
1089 	PHP_SODIUM_ZSTR_TRUNCATE(msg_signed, (size_t) msg_signed_real_len);
1090 	ZSTR_VAL(msg_signed)[msg_signed_real_len] = 0;
1091 
1092 	RETURN_NEW_STR(msg_signed);
1093 }
1094 
PHP_FUNCTION(sodium_crypto_sign_open)1095 PHP_FUNCTION(sodium_crypto_sign_open)
1096 {
1097 	zend_string        *msg;
1098 	unsigned char      *msg_signed;
1099 	unsigned char      *publickey;
1100 	unsigned long long  msg_real_len;
1101 	size_t              msg_len;
1102 	size_t              msg_signed_len;
1103 	size_t              publickey_len;
1104 
1105 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
1106 									&msg_signed, &msg_signed_len,
1107 									&publickey, &publickey_len) == FAILURE) {
1108 		sodium_remove_param_values_from_backtrace(EG(exception));
1109 		RETURN_THROWS();
1110 	}
1111 	if (publickey_len != crypto_sign_PUBLICKEYBYTES) {
1112 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES bytes long");
1113 		RETURN_THROWS();
1114 	}
1115 	msg_len = msg_signed_len;
1116 	if (msg_len >= SIZE_MAX) {
1117 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
1118 		RETURN_THROWS();
1119 	}
1120 	msg = zend_string_alloc((size_t) msg_len, 0);
1121 	if (crypto_sign_open((unsigned char *) ZSTR_VAL(msg), &msg_real_len,
1122 						 msg_signed, (unsigned long long) msg_signed_len,
1123 						 publickey) != 0) {
1124 		zend_string_efree(msg);
1125 		RETURN_FALSE;
1126 	}
1127 	if (msg_real_len >= SIZE_MAX || msg_real_len > msg_signed_len) {
1128 		zend_string_efree(msg);
1129 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
1130 		RETURN_THROWS();
1131 	}
1132 	PHP_SODIUM_ZSTR_TRUNCATE(msg, (size_t) msg_real_len);
1133 	ZSTR_VAL(msg)[msg_real_len] = 0;
1134 
1135 	RETURN_NEW_STR(msg);
1136 }
1137 
PHP_FUNCTION(sodium_crypto_sign_detached)1138 PHP_FUNCTION(sodium_crypto_sign_detached)
1139 {
1140 	zend_string        *signature;
1141 	unsigned char      *msg;
1142 	unsigned char      *secretkey;
1143 	unsigned long long  signature_real_len;
1144 	size_t              msg_len;
1145 	size_t              secretkey_len;
1146 
1147 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
1148 									&msg, &msg_len,
1149 									&secretkey, &secretkey_len) == FAILURE) {
1150 		sodium_remove_param_values_from_backtrace(EG(exception));
1151 		RETURN_THROWS();
1152 	}
1153 	if (secretkey_len != crypto_sign_SECRETKEYBYTES) {
1154 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_SIGN_SECRETKEYBYTES bytes long");
1155 		RETURN_THROWS();
1156 	}
1157 	signature = zend_string_alloc((size_t) crypto_sign_BYTES, 0);
1158 	memset(ZSTR_VAL(signature), 0, (size_t) crypto_sign_BYTES);
1159 	if (crypto_sign_detached((unsigned char *) ZSTR_VAL(signature),
1160 							 &signature_real_len, msg,
1161 							 (unsigned long long) msg_len, secretkey) != 0) {
1162 		zend_string_efree(signature);
1163 		zend_throw_exception(sodium_exception_ce, "signature creation failed", 0);
1164 		RETURN_THROWS();
1165 	}
1166 	if (signature_real_len <= 0U || signature_real_len > crypto_sign_BYTES) {
1167 		zend_string_efree(signature);
1168 		zend_throw_exception(sodium_exception_ce, "signature has a bogus size", 0);
1169 		RETURN_THROWS();
1170 	}
1171 	PHP_SODIUM_ZSTR_TRUNCATE(signature, (size_t) signature_real_len);
1172 	ZSTR_VAL(signature)[signature_real_len] = 0;
1173 
1174 	RETURN_NEW_STR(signature);
1175 }
1176 
PHP_FUNCTION(sodium_crypto_sign_verify_detached)1177 PHP_FUNCTION(sodium_crypto_sign_verify_detached)
1178 {
1179 	unsigned char *msg;
1180 	unsigned char *publickey;
1181 	unsigned char *signature;
1182 	size_t         msg_len;
1183 	size_t         publickey_len;
1184 	size_t         signature_len;
1185 
1186 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss",
1187 									&signature, &signature_len,
1188 									&msg, &msg_len,
1189 									&publickey, &publickey_len) == FAILURE) {
1190 		sodium_remove_param_values_from_backtrace(EG(exception));
1191 		RETURN_THROWS();
1192 	}
1193 	if (signature_len != crypto_sign_BYTES) {
1194 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_SIGN_BYTES bytes long");
1195 		RETURN_THROWS();
1196 	}
1197 	if (publickey_len != crypto_sign_PUBLICKEYBYTES) {
1198 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES bytes long");
1199 		RETURN_THROWS();
1200 	}
1201 	if (crypto_sign_verify_detached(signature,
1202 									msg, (unsigned long long) msg_len,
1203 									publickey) != 0) {
1204 		RETURN_FALSE;
1205 	}
1206 	RETURN_TRUE;
1207 }
1208 
PHP_FUNCTION(sodium_crypto_stream)1209 PHP_FUNCTION(sodium_crypto_stream)
1210 {
1211 	zend_string   *ciphertext;
1212 	unsigned char *key;
1213 	unsigned char *nonce;
1214 	zend_long      ciphertext_len;
1215 	size_t         key_len;
1216 	size_t         nonce_len;
1217 
1218 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "lss",
1219 									&ciphertext_len,
1220 									&nonce, &nonce_len,
1221 									&key, &key_len) == FAILURE) {
1222 		sodium_remove_param_values_from_backtrace(EG(exception));
1223 		RETURN_THROWS();
1224 	}
1225 	if (ciphertext_len <= 0 || ciphertext_len >= SIZE_MAX) {
1226 		zend_argument_error(sodium_exception_ce, 1, "must be greater than 0");
1227 		RETURN_THROWS();
1228 	}
1229 	if (nonce_len != crypto_stream_NONCEBYTES) {
1230 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_STREAM_NONCEBYTES bytes long");
1231 		RETURN_THROWS();
1232 	}
1233 	if (key_len != crypto_stream_KEYBYTES) {
1234 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_STREAM_KEYBYTES bytes long");
1235 		RETURN_THROWS();
1236 	}
1237 	ciphertext = zend_string_alloc((size_t) ciphertext_len, 0);
1238 	if (crypto_stream((unsigned char *) ZSTR_VAL(ciphertext),
1239 					  (unsigned long long) ciphertext_len, nonce, key) != 0) {
1240 		zend_string_efree(ciphertext);
1241 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
1242 		RETURN_THROWS();
1243 	}
1244 	ZSTR_VAL(ciphertext)[ciphertext_len] = 0;
1245 
1246 	RETURN_NEW_STR(ciphertext);
1247 }
1248 
PHP_FUNCTION(sodium_crypto_stream_xor)1249 PHP_FUNCTION(sodium_crypto_stream_xor)
1250 {
1251 	zend_string   *ciphertext;
1252 	unsigned char *key;
1253 	unsigned char *msg;
1254 	unsigned char *nonce;
1255 	size_t         ciphertext_len;
1256 	size_t         key_len;
1257 	size_t         msg_len;
1258 	size_t         nonce_len;
1259 
1260 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss",
1261 									&msg, &msg_len,
1262 									&nonce, &nonce_len,
1263 									&key, &key_len) == FAILURE) {
1264 		sodium_remove_param_values_from_backtrace(EG(exception));
1265 		RETURN_THROWS();
1266 	}
1267 	if (nonce_len != crypto_stream_NONCEBYTES) {
1268 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_STREAM_NONCEBYTES bytes long");
1269 		RETURN_THROWS();
1270 	}
1271 	if (key_len != crypto_stream_KEYBYTES) {
1272 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_STREAM_KEYBYTES bytes long");
1273 		RETURN_THROWS();
1274 	}
1275 	ciphertext_len = msg_len;
1276 	ciphertext = zend_string_alloc((size_t) ciphertext_len, 0);
1277 	if (crypto_stream_xor((unsigned char *) ZSTR_VAL(ciphertext), msg,
1278 						  (unsigned long long) msg_len, nonce, key) != 0) {
1279 		zend_string_efree(ciphertext);
1280 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
1281 		RETURN_THROWS();
1282 	}
1283 	ZSTR_VAL(ciphertext)[ciphertext_len] = 0;
1284 
1285 	RETURN_NEW_STR(ciphertext);
1286 }
1287 
1288 #ifdef crypto_stream_xchacha20_KEYBYTES
PHP_FUNCTION(sodium_crypto_stream_xchacha20)1289 PHP_FUNCTION(sodium_crypto_stream_xchacha20)
1290 {
1291 	zend_string   *ciphertext;
1292 	unsigned char *key;
1293 	unsigned char *nonce;
1294 	zend_long      ciphertext_len;
1295 	size_t         key_len;
1296 	size_t         nonce_len;
1297 
1298 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "lss",
1299 									&ciphertext_len,
1300 									&nonce, &nonce_len,
1301 									&key, &key_len) == FAILURE) {
1302 		sodium_remove_param_values_from_backtrace(EG(exception));
1303 		RETURN_THROWS();
1304 	}
1305 	if (ciphertext_len <= 0 || ciphertext_len >= SIZE_MAX) {
1306 		zend_argument_error(sodium_exception_ce, 1, "must be greater than 0");
1307 		RETURN_THROWS();
1308 	}
1309 	if (nonce_len != crypto_stream_xchacha20_NONCEBYTES) {
1310 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_STREAM_XCHACHA20_NONCEBYTES bytes long");
1311 		RETURN_THROWS();
1312 	}
1313 	if (key_len != crypto_stream_xchacha20_KEYBYTES) {
1314 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_STREAM_XCHACHA20_KEYBYTES bytes long");
1315 		RETURN_THROWS();
1316 	}
1317 	ciphertext = zend_string_checked_alloc((size_t) ciphertext_len, 0);
1318 	if (crypto_stream_xchacha20((unsigned char *) ZSTR_VAL(ciphertext),
1319 								(unsigned long long) ciphertext_len, nonce, key) != 0) {
1320 		zend_string_free(ciphertext);
1321 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
1322 		RETURN_THROWS();
1323 	}
1324 	ZSTR_VAL(ciphertext)[ciphertext_len] = 0;
1325 
1326 	RETURN_NEW_STR(ciphertext);
1327 }
1328 
PHP_FUNCTION(sodium_crypto_stream_xchacha20_xor)1329 PHP_FUNCTION(sodium_crypto_stream_xchacha20_xor)
1330 {
1331 	zend_string   *ciphertext;
1332 	unsigned char *key;
1333 	unsigned char *msg;
1334 	unsigned char *nonce;
1335 	size_t         ciphertext_len;
1336 	size_t         key_len;
1337 	size_t         msg_len;
1338 	size_t         nonce_len;
1339 
1340 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss",
1341 									&msg, &msg_len,
1342 									&nonce, &nonce_len,
1343 									&key, &key_len) == FAILURE) {
1344 		sodium_remove_param_values_from_backtrace(EG(exception));
1345 		RETURN_THROWS();
1346 	}
1347 	if (nonce_len != crypto_stream_xchacha20_NONCEBYTES) {
1348 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_STREAM_XCHACHA20_NONCEBYTES bytes long");
1349 		RETURN_THROWS();
1350 	}
1351 	if (key_len != crypto_stream_xchacha20_KEYBYTES) {
1352 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_STREAM_XCHACHA20_KEYBYTES bytes long");
1353 		RETURN_THROWS();
1354 	}
1355 	ciphertext_len = msg_len;
1356 	ciphertext = zend_string_checked_alloc((size_t) ciphertext_len, 0);
1357 	if (crypto_stream_xchacha20_xor((unsigned char *) ZSTR_VAL(ciphertext), msg,
1358 									(unsigned long long) msg_len, nonce, key) != 0) {
1359 		zend_string_free(ciphertext);
1360 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
1361 		RETURN_THROWS();
1362 	}
1363 	ZSTR_VAL(ciphertext)[ciphertext_len] = 0;
1364 
1365 	RETURN_NEW_STR(ciphertext);
1366 }
1367 
PHP_FUNCTION(sodium_crypto_stream_xchacha20_xor_ic)1368 PHP_FUNCTION(sodium_crypto_stream_xchacha20_xor_ic)
1369 {
1370 	zend_string   *ciphertext;
1371 	unsigned char *key;
1372 	unsigned char *msg;
1373 	unsigned char *nonce;
1374 	zend_long      ic;
1375 
1376 	size_t         ciphertext_len;
1377 	size_t         key_len;
1378 	size_t         msg_len;
1379 	size_t         nonce_len;
1380 
1381 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssls",
1382 									&msg, &msg_len,
1383 									&nonce, &nonce_len,
1384 									&ic,
1385 									&key, &key_len) == FAILURE) {
1386 		sodium_remove_param_values_from_backtrace(EG(exception));
1387 		RETURN_THROWS();
1388 	}
1389 	if (nonce_len != crypto_stream_xchacha20_NONCEBYTES) {
1390 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_STREAM_XCHACHA20_NONCEBYTES bytes long");
1391 		RETURN_THROWS();
1392 	}
1393 	if (key_len != crypto_stream_xchacha20_KEYBYTES) {
1394 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_STREAM_XCHACHA20_KEYBYTES bytes long");
1395 		RETURN_THROWS();
1396 	}
1397 	ciphertext_len = msg_len;
1398 	ciphertext = zend_string_checked_alloc((size_t) ciphertext_len, 0);
1399 	if (crypto_stream_xchacha20_xor_ic((unsigned char *) ZSTR_VAL(ciphertext), msg,
1400 									   (unsigned long long) msg_len, nonce,
1401 									   (uint64_t) ic, key) != 0) {
1402 		zend_string_free(ciphertext);
1403 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
1404 		RETURN_THROWS();
1405 	}
1406 	ZSTR_VAL(ciphertext)[ciphertext_len] = 0;
1407 
1408 	RETURN_NEW_STR(ciphertext);
1409 }
1410 #endif
1411 
1412 #ifdef crypto_pwhash_SALTBYTES
PHP_FUNCTION(sodium_crypto_pwhash)1413 PHP_FUNCTION(sodium_crypto_pwhash)
1414 {
1415 	zend_string   *hash;
1416 	unsigned char *salt;
1417 	char          *passwd;
1418 	zend_long      hash_len;
1419 	zend_long      memlimit;
1420 	zend_long      opslimit;
1421 	zend_long      alg;
1422 	size_t         passwd_len;
1423 	size_t         salt_len;
1424 	int            ret;
1425 
1426 	alg = (zend_long) crypto_pwhash_ALG_DEFAULT;
1427 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "lssll|l",
1428 									&hash_len,
1429 									&passwd, &passwd_len,
1430 									&salt, &salt_len,
1431 									&opslimit, &memlimit, &alg) == FAILURE) {
1432 		sodium_remove_param_values_from_backtrace(EG(exception));
1433 		RETURN_THROWS();
1434 	}
1435 	if (hash_len <= 0) {
1436 		zend_argument_error(sodium_exception_ce, 1, "must be greater than 0");
1437 		RETURN_THROWS();
1438 	}
1439 	if (hash_len >= 0xffffffff) {
1440 		zend_argument_error(sodium_exception_ce, 1, "is too large");
1441 		RETURN_THROWS();
1442 	}
1443 	if (passwd_len >= 0xffffffff) {
1444 		zend_argument_error(sodium_exception_ce, 2, "is too long");
1445 		RETURN_THROWS();
1446 	}
1447 	if (opslimit <= 0) {
1448 		zend_argument_error(sodium_exception_ce, 4, "must be greater than 0");
1449 		RETURN_THROWS();
1450 	}
1451 	if (memlimit <= 0 || memlimit > SIZE_MAX) {
1452 		zend_argument_error(sodium_exception_ce, 5, "must be greater than 0");
1453 		RETURN_THROWS();
1454 	}
1455 	if (alg != crypto_pwhash_ALG_ARGON2I13
1456 # ifdef crypto_pwhash_ALG_ARGON2ID13
1457 		&& alg != crypto_pwhash_ALG_ARGON2ID13
1458 # endif
1459 		&& alg != crypto_pwhash_ALG_DEFAULT) {
1460 		zend_throw_exception(sodium_exception_ce, "unsupported password hashing algorithm", 0);
1461 		RETURN_THROWS();
1462 	}
1463 	if (passwd_len <= 0) {
1464 		zend_error(E_WARNING, "empty password");
1465 	}
1466 	if (salt_len != crypto_pwhash_SALTBYTES) {
1467 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_PWHASH_SALTBYTES bytes long");
1468 		RETURN_THROWS();
1469 	}
1470 	if (opslimit < crypto_pwhash_OPSLIMIT_MIN) {
1471 		zend_argument_error(sodium_exception_ce, 4, "must be greater than or equal to %d", crypto_pwhash_OPSLIMIT_MIN);
1472 		RETURN_THROWS();
1473 	}
1474 	if (memlimit < crypto_pwhash_MEMLIMIT_MIN) {
1475 		zend_argument_error(sodium_exception_ce, 5, "must be greater than or equal to %d", crypto_pwhash_MEMLIMIT_MIN);
1476 	}
1477 	hash = zend_string_alloc((size_t) hash_len, 0);
1478 	ret = -1;
1479 # ifdef crypto_pwhash_ALG_ARGON2ID13
1480 	if (alg == crypto_pwhash_ALG_ARGON2ID13) {
1481 		ret = crypto_pwhash_argon2id
1482 			((unsigned char *) ZSTR_VAL(hash), (unsigned long long) hash_len,
1483 			  passwd, (unsigned long long) passwd_len, salt,
1484 			  (unsigned long long) opslimit, (size_t) memlimit, (int) alg);
1485 	}
1486 # endif
1487 	if (ret == -1) {
1488 		ret = crypto_pwhash
1489 			((unsigned char *) ZSTR_VAL(hash), (unsigned long long) hash_len,
1490 			  passwd, (unsigned long long) passwd_len, salt,
1491 			  (unsigned long long) opslimit, (size_t) memlimit, (int) alg);
1492 	}
1493 	if (ret != 0) {
1494 		zend_string_efree(hash);
1495 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
1496 		RETURN_THROWS();
1497 	}
1498 	ZSTR_VAL(hash)[hash_len] = 0;
1499 
1500 	RETURN_NEW_STR(hash);
1501 }
1502 
PHP_FUNCTION(sodium_crypto_pwhash_str)1503 PHP_FUNCTION(sodium_crypto_pwhash_str)
1504 {
1505 	zend_string *hash_str;
1506 	char        *passwd;
1507 	zend_long    memlimit;
1508 	zend_long    opslimit;
1509 	size_t       passwd_len;
1510 	size_t       len;
1511 
1512 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sll",
1513 									&passwd, &passwd_len,
1514 									&opslimit, &memlimit) == FAILURE) {
1515 		sodium_remove_param_values_from_backtrace(EG(exception));
1516 		RETURN_THROWS();
1517 	}
1518 	if (opslimit <= 0) {
1519 		zend_argument_error(sodium_exception_ce, 2, "must be greater than 0");
1520 		RETURN_THROWS();
1521 	}
1522 	if (memlimit <= 0 || memlimit > SIZE_MAX) {
1523 		zend_argument_error(sodium_exception_ce, 3, "must be greater than 0");
1524 		RETURN_THROWS();
1525 	}
1526 	if (passwd_len >= 0xffffffff) {
1527 		zend_argument_error(sodium_exception_ce, 1, "is too long");
1528 		RETURN_THROWS();
1529 	}
1530 	if (passwd_len <= 0) {
1531 		zend_error(E_WARNING, "empty password");
1532 	}
1533 	if (opslimit < crypto_pwhash_OPSLIMIT_MIN) {
1534 		zend_argument_error(sodium_exception_ce, 2, "must be greater than or equal to %d", crypto_pwhash_OPSLIMIT_MIN);
1535 	}
1536 	if (memlimit < crypto_pwhash_MEMLIMIT_MIN) {
1537 		zend_argument_error(sodium_exception_ce, 3, "must be greater than or equal to %d", crypto_pwhash_MEMLIMIT_MIN);
1538 	}
1539 	hash_str = zend_string_alloc(crypto_pwhash_STRBYTES - 1, 0);
1540 	if (crypto_pwhash_str
1541 		(ZSTR_VAL(hash_str), passwd, (unsigned long long) passwd_len,
1542 		 (unsigned long long) opslimit, (size_t) memlimit) != 0) {
1543 		zend_string_efree(hash_str);
1544 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
1545 		RETURN_THROWS();
1546 	}
1547 	ZSTR_VAL(hash_str)[crypto_pwhash_STRBYTES - 1] = 0;
1548 
1549 	len = strlen(ZSTR_VAL(hash_str));
1550 	PHP_SODIUM_ZSTR_TRUNCATE(hash_str, len);
1551 
1552 	RETURN_NEW_STR(hash_str);
1553 }
1554 
1555 #if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
PHP_FUNCTION(sodium_crypto_pwhash_str_needs_rehash)1556 PHP_FUNCTION(sodium_crypto_pwhash_str_needs_rehash)
1557 {
1558 	char      *hash_str;
1559 	zend_long  memlimit;
1560 	zend_long  opslimit;
1561 	size_t     hash_str_len;
1562 
1563 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sll",
1564 									&hash_str, &hash_str_len, &opslimit, &memlimit) == FAILURE) {
1565 		RETURN_THROWS();
1566 	}
1567 	if (crypto_pwhash_str_needs_rehash(hash_str, opslimit, memlimit) == 0) {
1568 		RETURN_FALSE;
1569 	}
1570 	RETURN_TRUE;
1571 }
1572 #endif
1573 
PHP_FUNCTION(sodium_crypto_pwhash_str_verify)1574 PHP_FUNCTION(sodium_crypto_pwhash_str_verify)
1575 {
1576 	char      *hash_str;
1577 	char      *passwd;
1578 	size_t     hash_str_len;
1579 	size_t     passwd_len;
1580 
1581 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
1582 									&hash_str, &hash_str_len,
1583 									&passwd, &passwd_len) == FAILURE) {
1584 		sodium_remove_param_values_from_backtrace(EG(exception));
1585 		RETURN_THROWS();
1586 	}
1587 	if (passwd_len >= 0xffffffff) {
1588 		zend_argument_error(sodium_exception_ce, 2, "is too long");
1589 		RETURN_THROWS();
1590 	}
1591 	if (passwd_len <= 0) {
1592 		zend_error(E_WARNING, "empty password");
1593 	}
1594 	if (crypto_pwhash_str_verify
1595 		(hash_str, passwd, (unsigned long long) passwd_len) == 0) {
1596 		RETURN_TRUE;
1597 	}
1598 	RETURN_FALSE;
1599 }
1600 #endif
1601 
1602 #ifdef crypto_pwhash_scryptsalsa208sha256_SALTBYTES
PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256)1603 PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256)
1604 {
1605 	zend_string   *hash;
1606 	unsigned char *salt;
1607 	char          *passwd;
1608 	zend_long      hash_len;
1609 	zend_long      memlimit;
1610 	zend_long      opslimit;
1611 	size_t         passwd_len;
1612 	size_t         salt_len;
1613 
1614 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "lssll",
1615 									&hash_len,
1616 									&passwd, &passwd_len,
1617 									&salt, &salt_len,
1618 									&opslimit, &memlimit) == FAILURE) {
1619 		sodium_remove_param_values_from_backtrace(EG(exception));
1620 		RETURN_THROWS();
1621 	}
1622 	if (hash_len <= 0 || hash_len >= SIZE_MAX || hash_len > 0x1fffffffe0ULL) {
1623 		zend_argument_error(sodium_exception_ce, 1, "must be greater than 0");
1624 		RETURN_THROWS();
1625 	}
1626 	if (opslimit <= 0) {
1627 		zend_argument_error(sodium_exception_ce, 4, "must be greater than 0");
1628 		RETURN_THROWS();
1629 	}
1630 	if (memlimit <= 0 || memlimit > SIZE_MAX) {
1631 		zend_argument_error(sodium_exception_ce, 5, "must be greater than 0");
1632 		RETURN_THROWS();
1633 	}
1634 	if (passwd_len <= 0) {
1635 		zend_error(E_WARNING, "empty password");
1636 	}
1637 	if (salt_len != crypto_pwhash_scryptsalsa208sha256_SALTBYTES) {
1638 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES bytes long");
1639 		RETURN_THROWS();
1640 	}
1641 	if (opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE) {
1642 		zend_argument_error(sodium_exception_ce, 4, "must be greater than or equal to %d", crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE);
1643 	}
1644 	if (memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) {
1645 		zend_argument_error(sodium_exception_ce, 5, "must be greater than or equal to %d", crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE);
1646 	}
1647 	hash = zend_string_alloc((size_t) hash_len, 0);
1648 	if (crypto_pwhash_scryptsalsa208sha256
1649 		((unsigned char *) ZSTR_VAL(hash), (unsigned long long) hash_len,
1650 		 passwd, (unsigned long long) passwd_len, salt,
1651 		 (unsigned long long) opslimit, (size_t) memlimit) != 0) {
1652 		zend_string_efree(hash);
1653 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
1654 		RETURN_THROWS();
1655 	}
1656 	ZSTR_VAL(hash)[hash_len] = 0;
1657 
1658 	RETURN_NEW_STR(hash);
1659 }
1660 
PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str)1661 PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str)
1662 {
1663 	zend_string *hash_str;
1664 	char        *passwd;
1665 	zend_long    memlimit;
1666 	zend_long    opslimit;
1667 	size_t       passwd_len;
1668 
1669 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sll",
1670 									&passwd, &passwd_len,
1671 									&opslimit, &memlimit) == FAILURE) {
1672 		sodium_remove_param_values_from_backtrace(EG(exception));
1673 		RETURN_THROWS();
1674 	}
1675 	if (opslimit <= 0) {
1676 		zend_argument_error(sodium_exception_ce, 2, "must be greater than 0");
1677 		RETURN_THROWS();
1678 	}
1679 	if (memlimit <= 0 || memlimit > SIZE_MAX) {
1680 		zend_argument_error(sodium_exception_ce, 3, "must be greater than 0");
1681 		RETURN_THROWS();
1682 	}
1683 	if (passwd_len <= 0) {
1684 		zend_error(E_WARNING, "empty password");
1685 	}
1686 	if (opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE) {
1687 		zend_argument_error(sodium_exception_ce, 2, "must be greater than or equal to %d", crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE);
1688 	}
1689 	if (memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) {
1690 		zend_argument_error(sodium_exception_ce, 3, "must be greater than or equal to %d", crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE);
1691 	}
1692 	hash_str = zend_string_alloc
1693 		(crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1, 0);
1694 	if (crypto_pwhash_scryptsalsa208sha256_str
1695 		(ZSTR_VAL(hash_str), passwd, (unsigned long long) passwd_len,
1696 		 (unsigned long long) opslimit, (size_t) memlimit) != 0) {
1697 		zend_string_efree(hash_str);
1698 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
1699 		RETURN_THROWS();
1700 	}
1701 	ZSTR_VAL(hash_str)[crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1] = 0;
1702 
1703 	RETURN_NEW_STR(hash_str);
1704 }
1705 
PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str_verify)1706 PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str_verify)
1707 {
1708 	char      *hash_str;
1709 	char      *passwd;
1710 	size_t     hash_str_len;
1711 	size_t     passwd_len;
1712 
1713 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
1714 									&hash_str, &hash_str_len,
1715 									&passwd, &passwd_len) == FAILURE) {
1716 		sodium_remove_param_values_from_backtrace(EG(exception));
1717 		RETURN_THROWS();
1718 	}
1719 	if (passwd_len <= 0) {
1720 		zend_error(E_WARNING, "empty password");
1721 	}
1722 	if (hash_str_len != crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1) {
1723 		zend_error(E_WARNING, "wrong size for the hashed password");
1724 		RETURN_FALSE;
1725 	}
1726 	if (crypto_pwhash_scryptsalsa208sha256_str_verify
1727 		(hash_str, passwd, (unsigned long long) passwd_len) == 0) {
1728 		RETURN_TRUE;
1729 	}
1730 	RETURN_FALSE;
1731 }
1732 #endif
1733 
PHP_FUNCTION(sodium_crypto_aead_aes256gcm_is_available)1734 PHP_FUNCTION(sodium_crypto_aead_aes256gcm_is_available)
1735 {
1736 	if (zend_parse_parameters_none() == FAILURE) {
1737 		RETURN_THROWS();
1738 	}
1739 #ifdef HAVE_AESGCM
1740 	RETURN_BOOL(crypto_aead_aes256gcm_is_available());
1741 #else
1742 	RETURN_FALSE;
1743 #endif
1744 }
1745 
1746 #ifdef HAVE_AESGCM
PHP_FUNCTION(sodium_crypto_aead_aes256gcm_encrypt)1747 PHP_FUNCTION(sodium_crypto_aead_aes256gcm_encrypt)
1748 {
1749 	zend_string        *ciphertext;
1750 	unsigned char      *ad;
1751 	unsigned char      *msg;
1752 	unsigned char      *npub;
1753 	unsigned char      *secretkey;
1754 	unsigned long long  ciphertext_real_len;
1755 	size_t              ad_len;
1756 	size_t              ciphertext_len;
1757 	size_t              msg_len;
1758 	size_t              npub_len;
1759 	size_t              secretkey_len;
1760 
1761 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss",
1762 									&msg, &msg_len,
1763 									&ad, &ad_len,
1764 									&npub, &npub_len,
1765 									&secretkey, &secretkey_len) == FAILURE) {
1766 		sodium_remove_param_values_from_backtrace(EG(exception));
1767 		RETURN_THROWS();
1768 	}
1769 	if (npub_len != crypto_aead_aes256gcm_NPUBBYTES) {
1770 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_AEAD_AES256GCM_NPUBBYTES bytes long");
1771 		RETURN_THROWS();
1772 	}
1773 	if (secretkey_len != crypto_aead_aes256gcm_KEYBYTES) {
1774 		zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_AES256GCM_KEYBYTES bytes long");
1775 		RETURN_THROWS();
1776 	}
1777 	if (SIZE_MAX - msg_len <= crypto_aead_aes256gcm_ABYTES) {
1778 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
1779 		RETURN_THROWS();
1780 	}
1781 	if ((unsigned long long) msg_len > (16ULL * ((1ULL << 32) - 2ULL)) - crypto_aead_aes256gcm_ABYTES) {
1782 		zend_throw_exception(sodium_exception_ce, "message too long for a single key", 0);
1783 		RETURN_THROWS();
1784 	}
1785 	ciphertext_len = msg_len + crypto_aead_aes256gcm_ABYTES;
1786 	ciphertext = zend_string_alloc((size_t) ciphertext_len, 0);
1787 	if (crypto_aead_aes256gcm_encrypt
1788 		((unsigned char *) ZSTR_VAL(ciphertext), &ciphertext_real_len, msg,
1789 		 (unsigned long long) msg_len,
1790 		 ad, (unsigned long long) ad_len, NULL, npub, secretkey) != 0) {
1791 		zend_string_efree(ciphertext);
1792 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
1793 		RETURN_THROWS();
1794 	}
1795 	if (ciphertext_real_len <= 0U || ciphertext_real_len >= SIZE_MAX ||
1796 		ciphertext_real_len > ciphertext_len) {
1797 		zend_string_efree(ciphertext);
1798 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
1799 		RETURN_THROWS();
1800 	}
1801 	PHP_SODIUM_ZSTR_TRUNCATE(ciphertext, (size_t) ciphertext_real_len);
1802 	ZSTR_VAL(ciphertext)[ciphertext_real_len] = 0;
1803 
1804 	RETURN_NEW_STR(ciphertext);
1805 }
1806 
PHP_FUNCTION(sodium_crypto_aead_aes256gcm_decrypt)1807 PHP_FUNCTION(sodium_crypto_aead_aes256gcm_decrypt)
1808 {
1809 	zend_string        *msg;
1810 	unsigned char      *ad;
1811 	unsigned char      *ciphertext;
1812 	unsigned char      *npub;
1813 	unsigned char      *secretkey;
1814 	unsigned long long  msg_real_len;
1815 	size_t              ad_len;
1816 	size_t              ciphertext_len;
1817 	size_t              msg_len;
1818 	size_t              npub_len;
1819 	size_t              secretkey_len;
1820 
1821 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss",
1822 									&ciphertext, &ciphertext_len,
1823 									&ad, &ad_len,
1824 									&npub, &npub_len,
1825 									&secretkey, &secretkey_len) == FAILURE) {
1826 		sodium_remove_param_values_from_backtrace(EG(exception));
1827 		RETURN_THROWS();
1828 	}
1829 	if (npub_len != crypto_aead_aes256gcm_NPUBBYTES) {
1830 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_AEAD_AES256GCM_NPUBBYTES bytes long");
1831 		RETURN_THROWS();
1832 	}
1833 	if (secretkey_len != crypto_aead_aes256gcm_KEYBYTES) {
1834 		zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_AES256GCM_KEYBYTES bytes long");
1835 		RETURN_THROWS();
1836 	}
1837 	if (ciphertext_len < crypto_aead_aes256gcm_ABYTES) {
1838 		RETURN_FALSE;
1839 	}
1840 	if (ciphertext_len - crypto_aead_aes256gcm_ABYTES > 16ULL * ((1ULL << 32) - 2ULL)) {
1841 		zend_argument_error(sodium_exception_ce, 1, "is too long");
1842 		RETURN_THROWS();
1843 	}
1844 	msg_len = ciphertext_len;
1845 	if (msg_len >= SIZE_MAX) {
1846 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
1847 		RETURN_THROWS();
1848 	}
1849 	msg = zend_string_alloc((size_t) msg_len, 0);
1850 	if (crypto_aead_aes256gcm_decrypt
1851 		((unsigned char *) ZSTR_VAL(msg), &msg_real_len, NULL,
1852 		 ciphertext, (unsigned long long) ciphertext_len,
1853 		 ad, (unsigned long long) ad_len, npub, secretkey) != 0) {
1854 		zend_string_efree(msg);
1855 		RETURN_FALSE;
1856 	}
1857 	if (msg_real_len >= SIZE_MAX || msg_real_len > msg_len) {
1858 		zend_string_efree(msg);
1859 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
1860 		RETURN_THROWS();
1861 	}
1862 	PHP_SODIUM_ZSTR_TRUNCATE(msg, (size_t) msg_real_len);
1863 	ZSTR_VAL(msg)[msg_real_len] = 0;
1864 
1865 	RETURN_NEW_STR(msg);
1866 }
1867 #endif
1868 
1869 #ifdef crypto_aead_aegis128l_KEYBYTES
PHP_FUNCTION(sodium_crypto_aead_aegis128l_encrypt)1870 PHP_FUNCTION(sodium_crypto_aead_aegis128l_encrypt)
1871 {
1872 	zend_string        *ciphertext;
1873 	unsigned char      *ad;
1874 	unsigned char      *msg;
1875 	unsigned char      *npub;
1876 	unsigned char      *secretkey;
1877 	unsigned long long  ciphertext_real_len;
1878 	size_t              ad_len;
1879 	size_t              ciphertext_len;
1880 	size_t              msg_len;
1881 	size_t              npub_len;
1882 	size_t              secretkey_len;
1883 
1884 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss",
1885 							  &msg, &msg_len,
1886 							  &ad, &ad_len,
1887 							  &npub, &npub_len,
1888 							  &secretkey, &secretkey_len) == FAILURE) {
1889 		sodium_remove_param_values_from_backtrace(EG(exception));
1890 		RETURN_THROWS();
1891 	}
1892 	if (npub_len != crypto_aead_aegis128l_NPUBBYTES) {
1893 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_AEAD_AEGIS128L_NPUBBYTES bytes long");
1894 		RETURN_THROWS();
1895 	}
1896 	if (secretkey_len != crypto_aead_aegis128l_KEYBYTES) {
1897 		zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_AEGIS128L_KEYBYTES bytes long");
1898 		RETURN_THROWS();
1899 	}
1900 	if (SIZE_MAX - msg_len <= crypto_aead_aegis128l_ABYTES) {
1901 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
1902 		RETURN_THROWS();
1903 	}
1904 	ciphertext_len = msg_len + crypto_aead_aegis128l_ABYTES;
1905 	ciphertext = zend_string_alloc((size_t) ciphertext_len, 0);
1906 	if (crypto_aead_aegis128l_encrypt
1907 		((unsigned char *) ZSTR_VAL(ciphertext), &ciphertext_real_len, msg,
1908 		 (unsigned long long) msg_len,
1909 		 ad, (unsigned long long) ad_len, NULL, npub, secretkey) != 0) {
1910 		zend_string_efree(ciphertext);
1911 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
1912 		RETURN_THROWS();
1913 	}
1914 	if (ciphertext_real_len <= 0U || ciphertext_real_len >= SIZE_MAX ||
1915 		ciphertext_real_len > ciphertext_len) {
1916 		zend_string_efree(ciphertext);
1917 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
1918 		RETURN_THROWS();
1919 	}
1920 	PHP_SODIUM_ZSTR_TRUNCATE(ciphertext, (size_t) ciphertext_real_len);
1921 	ZSTR_VAL(ciphertext)[ciphertext_real_len] = 0;
1922 
1923 	RETURN_NEW_STR(ciphertext);
1924 }
1925 
PHP_FUNCTION(sodium_crypto_aead_aegis128l_decrypt)1926 PHP_FUNCTION(sodium_crypto_aead_aegis128l_decrypt)
1927 {
1928 	zend_string        *msg;
1929 	unsigned char      *ad;
1930 	unsigned char      *ciphertext;
1931 	unsigned char      *npub;
1932 	unsigned char      *secretkey;
1933 	unsigned long long  msg_real_len;
1934 	size_t              ad_len;
1935 	size_t              ciphertext_len;
1936 	size_t              msg_len;
1937 	size_t              npub_len;
1938 	size_t              secretkey_len;
1939 
1940 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss",
1941 							  &ciphertext, &ciphertext_len,
1942 							  &ad, &ad_len,
1943 							  &npub, &npub_len,
1944 							  &secretkey, &secretkey_len) == FAILURE) {
1945 		sodium_remove_param_values_from_backtrace(EG(exception));
1946 		RETURN_THROWS();
1947 	}
1948 	if (npub_len != crypto_aead_aegis128l_NPUBBYTES) {
1949 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_AEAD_AEGIS128L_NPUBBYTES bytes long");
1950 		RETURN_THROWS();
1951 	}
1952 	if (secretkey_len != crypto_aead_aegis128l_KEYBYTES) {
1953 		zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_AEGIS128L_KEYBYTES bytes long");
1954 		RETURN_THROWS();
1955 	}
1956 	if (ciphertext_len < crypto_aead_aegis128l_ABYTES) {
1957 		RETURN_FALSE;
1958 	}
1959 	msg_len = ciphertext_len;
1960 	if (msg_len >= SIZE_MAX) {
1961 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
1962 		RETURN_THROWS();
1963 	}
1964 	msg = zend_string_alloc((size_t) msg_len, 0);
1965 	if (crypto_aead_aegis128l_decrypt
1966 		((unsigned char *) ZSTR_VAL(msg), &msg_real_len, NULL,
1967 		 ciphertext, (unsigned long long) ciphertext_len,
1968 		 ad, (unsigned long long) ad_len, npub, secretkey) != 0) {
1969 		zend_string_efree(msg);
1970 		RETURN_FALSE;
1971 	}
1972 	if (msg_real_len >= SIZE_MAX || msg_real_len > msg_len) {
1973 		zend_string_efree(msg);
1974 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
1975 		RETURN_THROWS();
1976 	}
1977 	PHP_SODIUM_ZSTR_TRUNCATE(msg, (size_t) msg_real_len);
1978 	ZSTR_VAL(msg)[msg_real_len] = 0;
1979 
1980 	RETURN_NEW_STR(msg);
1981 }
1982 #endif
1983 
1984 #ifdef crypto_aead_aegis256_KEYBYTES
PHP_FUNCTION(sodium_crypto_aead_aegis256_encrypt)1985 PHP_FUNCTION(sodium_crypto_aead_aegis256_encrypt)
1986 {
1987 	zend_string        *ciphertext;
1988 	unsigned char      *ad;
1989 	unsigned char      *msg;
1990 	unsigned char      *npub;
1991 	unsigned char      *secretkey;
1992 	unsigned long long  ciphertext_real_len;
1993 	size_t              ad_len;
1994 	size_t              ciphertext_len;
1995 	size_t              msg_len;
1996 	size_t              npub_len;
1997 	size_t              secretkey_len;
1998 
1999 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss",
2000 							  &msg, &msg_len,
2001 							  &ad, &ad_len,
2002 							  &npub, &npub_len,
2003 							  &secretkey, &secretkey_len) == FAILURE) {
2004 		sodium_remove_param_values_from_backtrace(EG(exception));
2005 		RETURN_THROWS();
2006 	}
2007 	if (npub_len != crypto_aead_aegis256_NPUBBYTES) {
2008 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_AEAD_AEGIS256_NPUBBYTES bytes long");
2009 		RETURN_THROWS();
2010 	}
2011 	if (secretkey_len != crypto_aead_aegis256_KEYBYTES) {
2012 		zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_AEGIS256_KEYBYTES bytes long");
2013 		RETURN_THROWS();
2014 	}
2015 	if (SIZE_MAX - msg_len <= crypto_aead_aegis256_ABYTES) {
2016 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2017 		RETURN_THROWS();
2018 	}
2019 	ciphertext_len = msg_len + crypto_aead_aegis256_ABYTES;
2020 	ciphertext = zend_string_alloc((size_t) ciphertext_len, 0);
2021 	if (crypto_aead_aegis256_encrypt
2022 		((unsigned char *) ZSTR_VAL(ciphertext), &ciphertext_real_len, msg,
2023 		 (unsigned long long) msg_len,
2024 		 ad, (unsigned long long) ad_len, NULL, npub, secretkey) != 0) {
2025 		zend_string_efree(ciphertext);
2026 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
2027 		RETURN_THROWS();
2028 	}
2029 	if (ciphertext_real_len <= 0U || ciphertext_real_len >= SIZE_MAX ||
2030 		ciphertext_real_len > ciphertext_len) {
2031 		zend_string_efree(ciphertext);
2032 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2033 		RETURN_THROWS();
2034 	}
2035 	PHP_SODIUM_ZSTR_TRUNCATE(ciphertext, (size_t) ciphertext_real_len);
2036 	ZSTR_VAL(ciphertext)[ciphertext_real_len] = 0;
2037 
2038 	RETURN_NEW_STR(ciphertext);
2039 }
2040 
PHP_FUNCTION(sodium_crypto_aead_aegis256_decrypt)2041 PHP_FUNCTION(sodium_crypto_aead_aegis256_decrypt)
2042 {
2043 	zend_string        *msg;
2044 	unsigned char      *ad;
2045 	unsigned char      *ciphertext;
2046 	unsigned char      *npub;
2047 	unsigned char      *secretkey;
2048 	unsigned long long  msg_real_len;
2049 	size_t              ad_len;
2050 	size_t              ciphertext_len;
2051 	size_t              msg_len;
2052 	size_t              npub_len;
2053 	size_t              secretkey_len;
2054 
2055 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss",
2056 							  &ciphertext, &ciphertext_len,
2057 							  &ad, &ad_len,
2058 							  &npub, &npub_len,
2059 							  &secretkey, &secretkey_len) == FAILURE) {
2060 		sodium_remove_param_values_from_backtrace(EG(exception));
2061 		RETURN_THROWS();
2062 	}
2063 	if (npub_len != crypto_aead_aegis256_NPUBBYTES) {
2064 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_AEAD_AEGIS256_NPUBBYTES bytes long");
2065 		RETURN_THROWS();
2066 	}
2067 	if (secretkey_len != crypto_aead_aegis256_KEYBYTES) {
2068 		zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_AEGIS256_KEYBYTES bytes long");
2069 		RETURN_THROWS();
2070 	}
2071 	if (ciphertext_len < crypto_aead_aegis256_ABYTES) {
2072 		RETURN_FALSE;
2073 	}
2074 	msg_len = ciphertext_len;
2075 	if (msg_len >= SIZE_MAX) {
2076 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2077 		RETURN_THROWS();
2078 	}
2079 	msg = zend_string_alloc((size_t) msg_len, 0);
2080 	if (crypto_aead_aegis256_decrypt
2081 		((unsigned char *) ZSTR_VAL(msg), &msg_real_len, NULL,
2082 		 ciphertext, (unsigned long long) ciphertext_len,
2083 		 ad, (unsigned long long) ad_len, npub, secretkey) != 0) {
2084 		zend_string_efree(msg);
2085 		RETURN_FALSE;
2086 	}
2087 	if (msg_real_len >= SIZE_MAX || msg_real_len > msg_len) {
2088 		zend_string_efree(msg);
2089 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2090 		RETURN_THROWS();
2091 	}
2092 	PHP_SODIUM_ZSTR_TRUNCATE(msg, (size_t) msg_real_len);
2093 	ZSTR_VAL(msg)[msg_real_len] = 0;
2094 
2095 	RETURN_NEW_STR(msg);
2096 }
2097 #endif
2098 
PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_encrypt)2099 PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_encrypt)
2100 {
2101 	zend_string        *ciphertext;
2102 	unsigned char      *ad;
2103 	unsigned char      *msg;
2104 	unsigned char      *npub;
2105 	unsigned char      *secretkey;
2106 	unsigned long long  ciphertext_real_len;
2107 	size_t              ad_len;
2108 	size_t              ciphertext_len;
2109 	size_t              msg_len;
2110 	size_t              npub_len;
2111 	size_t              secretkey_len;
2112 
2113 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss",
2114 							  &msg, &msg_len,
2115 							  &ad, &ad_len,
2116 							  &npub, &npub_len,
2117 							  &secretkey, &secretkey_len) == FAILURE) {
2118 		sodium_remove_param_values_from_backtrace(EG(exception));
2119 		RETURN_THROWS();
2120 	}
2121 	if (npub_len != crypto_aead_chacha20poly1305_NPUBBYTES) {
2122 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES bytes long");
2123 		RETURN_THROWS();
2124 	}
2125 	if (secretkey_len != crypto_aead_chacha20poly1305_KEYBYTES) {
2126 		zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES bytes long");
2127 		RETURN_THROWS();
2128 	}
2129 	if (SIZE_MAX - msg_len <= crypto_aead_chacha20poly1305_ABYTES) {
2130 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2131 		RETURN_THROWS();
2132 	}
2133 	ciphertext_len = msg_len + crypto_aead_chacha20poly1305_ABYTES;
2134 	ciphertext = zend_string_alloc((size_t) ciphertext_len, 0);
2135 	if (crypto_aead_chacha20poly1305_encrypt
2136 		((unsigned char *) ZSTR_VAL(ciphertext), &ciphertext_real_len, msg,
2137 		 (unsigned long long) msg_len,
2138 		 ad, (unsigned long long) ad_len, NULL, npub, secretkey) != 0) {
2139 		zend_string_efree(ciphertext);
2140 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
2141 		RETURN_THROWS();
2142 	}
2143 	if (ciphertext_real_len <= 0U || ciphertext_real_len >= SIZE_MAX ||
2144 		ciphertext_real_len > ciphertext_len) {
2145 		zend_string_efree(ciphertext);
2146 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2147 		RETURN_THROWS();
2148 	}
2149 	PHP_SODIUM_ZSTR_TRUNCATE(ciphertext, (size_t) ciphertext_real_len);
2150 	ZSTR_VAL(ciphertext)[ciphertext_real_len] = 0;
2151 
2152 	RETURN_NEW_STR(ciphertext);
2153 }
2154 
PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_decrypt)2155 PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_decrypt)
2156 {
2157 	zend_string        *msg;
2158 	unsigned char      *ad;
2159 	unsigned char      *ciphertext;
2160 	unsigned char      *npub;
2161 	unsigned char      *secretkey;
2162 	unsigned long long  msg_real_len;
2163 	size_t              ad_len;
2164 	size_t              ciphertext_len;
2165 	size_t              msg_len;
2166 	size_t              npub_len;
2167 	size_t              secretkey_len;
2168 
2169 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss",
2170 									&ciphertext, &ciphertext_len,
2171 									&ad, &ad_len,
2172 									&npub, &npub_len,
2173 									&secretkey, &secretkey_len) == FAILURE) {
2174 		sodium_remove_param_values_from_backtrace(EG(exception));
2175 		RETURN_THROWS();
2176 	}
2177 	if (npub_len != crypto_aead_chacha20poly1305_NPUBBYTES) {
2178 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES bytes long");
2179 		RETURN_THROWS();
2180 	}
2181 	if (secretkey_len != crypto_aead_chacha20poly1305_KEYBYTES) {
2182 		zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES bytes long");
2183 		RETURN_THROWS();
2184 	}
2185 	if (ciphertext_len < crypto_aead_chacha20poly1305_ABYTES) {
2186 		RETURN_FALSE;
2187 	}
2188 	msg_len = ciphertext_len;
2189 	if (msg_len >= SIZE_MAX) {
2190 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2191 		RETURN_THROWS();
2192 	}
2193 	msg = zend_string_alloc((size_t) msg_len, 0);
2194 	if (crypto_aead_chacha20poly1305_decrypt
2195 		((unsigned char *) ZSTR_VAL(msg), &msg_real_len, NULL,
2196 		 ciphertext, (unsigned long long) ciphertext_len,
2197 		 ad, (unsigned long long) ad_len, npub, secretkey) != 0) {
2198 		zend_string_efree(msg);
2199 		RETURN_FALSE;
2200 	}
2201 	if (msg_real_len >= SIZE_MAX || msg_real_len > msg_len) {
2202 		zend_string_efree(msg);
2203 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2204 		RETURN_THROWS();
2205 	}
2206 	PHP_SODIUM_ZSTR_TRUNCATE(msg, (size_t) msg_real_len);
2207 	ZSTR_VAL(msg)[msg_real_len] = 0;
2208 
2209 	RETURN_NEW_STR(msg);
2210 }
2211 
PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_ietf_encrypt)2212 PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_ietf_encrypt)
2213 {
2214 	zend_string        *ciphertext;
2215 	unsigned char      *ad;
2216 	unsigned char      *msg;
2217 	unsigned char      *npub;
2218 	unsigned char      *secretkey;
2219 	unsigned long long  ciphertext_real_len;
2220 	size_t              ad_len;
2221 	size_t              ciphertext_len;
2222 	size_t              msg_len;
2223 	size_t              npub_len;
2224 	size_t              secretkey_len;
2225 
2226 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss",
2227 									&msg, &msg_len,
2228 									&ad, &ad_len,
2229 									&npub, &npub_len,
2230 									&secretkey, &secretkey_len) == FAILURE) {
2231 		sodium_remove_param_values_from_backtrace(EG(exception));
2232 		RETURN_THROWS();
2233 	}
2234 	if (npub_len != crypto_aead_chacha20poly1305_IETF_NPUBBYTES) {
2235 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES bytes long");
2236 		RETURN_THROWS();
2237 	}
2238 	if (secretkey_len != crypto_aead_chacha20poly1305_IETF_KEYBYTES) {
2239 		zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_KEYBYTES bytes long");
2240 		RETURN_THROWS();
2241 	}
2242 	if (SIZE_MAX - msg_len <= crypto_aead_chacha20poly1305_IETF_ABYTES) {
2243 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2244 		RETURN_THROWS();
2245 	}
2246 	if ((unsigned long long) msg_len > 64ULL * (1ULL << 32) - 64ULL) {
2247 		zend_throw_exception(sodium_exception_ce, "message too long for a single key", 0);
2248 		RETURN_THROWS();
2249 	}
2250 	ciphertext_len = msg_len + crypto_aead_chacha20poly1305_IETF_ABYTES;
2251 	ciphertext = zend_string_alloc((size_t) ciphertext_len, 0);
2252 	if (crypto_aead_chacha20poly1305_ietf_encrypt
2253 		((unsigned char *) ZSTR_VAL(ciphertext), &ciphertext_real_len, msg,
2254 		 (unsigned long long) msg_len,
2255 		 ad, (unsigned long long) ad_len, NULL, npub, secretkey) != 0) {
2256 		zend_string_efree(ciphertext);
2257 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
2258 		RETURN_THROWS();
2259 	}
2260 	if (ciphertext_real_len <= 0U || ciphertext_real_len >= SIZE_MAX ||
2261 		ciphertext_real_len > ciphertext_len) {
2262 		zend_string_efree(ciphertext);
2263 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2264 		RETURN_THROWS();
2265 	}
2266 	PHP_SODIUM_ZSTR_TRUNCATE(ciphertext, (size_t) ciphertext_real_len);
2267 	ZSTR_VAL(ciphertext)[ciphertext_real_len] = 0;
2268 
2269 	RETURN_NEW_STR(ciphertext);
2270 }
2271 
PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_ietf_decrypt)2272 PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_ietf_decrypt)
2273 {
2274 	zend_string        *msg;
2275 	unsigned char      *ad;
2276 	unsigned char      *ciphertext;
2277 	unsigned char      *npub;
2278 	unsigned char      *secretkey;
2279 	unsigned long long  msg_real_len;
2280 	size_t              ad_len;
2281 	size_t              ciphertext_len;
2282 	size_t              msg_len;
2283 	size_t              npub_len;
2284 	size_t              secretkey_len;
2285 
2286 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss",
2287 									&ciphertext, &ciphertext_len,
2288 									&ad, &ad_len,
2289 									&npub, &npub_len,
2290 									&secretkey, &secretkey_len) == FAILURE) {
2291 		sodium_remove_param_values_from_backtrace(EG(exception));
2292 		RETURN_THROWS();
2293 	}
2294 	if (npub_len != crypto_aead_chacha20poly1305_IETF_NPUBBYTES) {
2295 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES bytes long");
2296 		RETURN_THROWS();
2297 	}
2298 	if (secretkey_len != crypto_aead_chacha20poly1305_IETF_KEYBYTES) {
2299 		zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_KEYBYTES bytes long");
2300 		RETURN_THROWS();
2301 	}
2302 	msg_len = ciphertext_len;
2303 	if (msg_len >= SIZE_MAX) {
2304 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2305 		RETURN_THROWS();
2306 	}
2307 	if (ciphertext_len < crypto_aead_chacha20poly1305_IETF_ABYTES) {
2308 		RETURN_FALSE;
2309 	}
2310 	if ((unsigned long long) ciphertext_len -
2311 		crypto_aead_chacha20poly1305_IETF_ABYTES > 64ULL * (1ULL << 32) - 64ULL) {
2312 		zend_throw_exception(sodium_exception_ce, "message too long for a single key", 0);
2313 		RETURN_THROWS();
2314 	}
2315 	msg = zend_string_alloc((size_t) msg_len, 0);
2316 	if (crypto_aead_chacha20poly1305_ietf_decrypt
2317 		((unsigned char *) ZSTR_VAL(msg), &msg_real_len, NULL,
2318 		 ciphertext, (unsigned long long) ciphertext_len,
2319 		 ad, (unsigned long long) ad_len, npub, secretkey) != 0) {
2320 		zend_string_efree(msg);
2321 		RETURN_FALSE;
2322 	}
2323 	if (msg_real_len >= SIZE_MAX || msg_real_len > msg_len) {
2324 		zend_string_efree(msg);
2325 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2326 		RETURN_THROWS();
2327 	}
2328 	PHP_SODIUM_ZSTR_TRUNCATE(msg, (size_t) msg_real_len);
2329 	ZSTR_VAL(msg)[msg_real_len] = 0;
2330 
2331 	RETURN_NEW_STR(msg);
2332 }
2333 
2334 #ifdef crypto_aead_xchacha20poly1305_IETF_NPUBBYTES
PHP_FUNCTION(sodium_crypto_aead_xchacha20poly1305_ietf_encrypt)2335 PHP_FUNCTION(sodium_crypto_aead_xchacha20poly1305_ietf_encrypt)
2336 {
2337 	zend_string        *ciphertext;
2338 	unsigned char      *ad;
2339 	unsigned char      *msg;
2340 	unsigned char      *npub;
2341 	unsigned char      *secretkey;
2342 	unsigned long long  ciphertext_real_len;
2343 	size_t              ad_len;
2344 	size_t              ciphertext_len;
2345 	size_t              msg_len;
2346 	size_t              npub_len;
2347 	size_t              secretkey_len;
2348 
2349 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss",
2350 									&msg, &msg_len,
2351 									&ad, &ad_len,
2352 									&npub, &npub_len,
2353 									&secretkey, &secretkey_len) == FAILURE) {
2354 		sodium_remove_param_values_from_backtrace(EG(exception));
2355 		RETURN_THROWS();
2356 	}
2357 	if (npub_len != crypto_aead_xchacha20poly1305_IETF_NPUBBYTES) {
2358 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES bytes long");
2359 		RETURN_THROWS();
2360 	}
2361 	if (secretkey_len != crypto_aead_xchacha20poly1305_IETF_KEYBYTES) {
2362 		zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_KEYBYTES bytes long");
2363 		RETURN_THROWS();
2364 	}
2365 	if (SIZE_MAX - msg_len <= crypto_aead_xchacha20poly1305_IETF_ABYTES) {
2366 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2367 		RETURN_THROWS();
2368 	}
2369 	ciphertext_len = msg_len + crypto_aead_xchacha20poly1305_IETF_ABYTES;
2370 	ciphertext = zend_string_alloc((size_t) ciphertext_len, 0);
2371 	if (crypto_aead_xchacha20poly1305_ietf_encrypt
2372 		((unsigned char *) ZSTR_VAL(ciphertext), &ciphertext_real_len, msg,
2373 		 (unsigned long long) msg_len,
2374 		 ad, (unsigned long long) ad_len, NULL, npub, secretkey) != 0) {
2375 		zend_string_efree(ciphertext);
2376 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
2377 		RETURN_THROWS();
2378 	}
2379 	if (ciphertext_real_len <= 0U || ciphertext_real_len >= SIZE_MAX ||
2380 		ciphertext_real_len > ciphertext_len) {
2381 		zend_string_efree(ciphertext);
2382 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2383 		RETURN_THROWS();
2384 	}
2385 	PHP_SODIUM_ZSTR_TRUNCATE(ciphertext, (size_t) ciphertext_real_len);
2386 	ZSTR_VAL(ciphertext)[ciphertext_real_len] = 0;
2387 
2388 	RETURN_NEW_STR(ciphertext);
2389 }
2390 
PHP_FUNCTION(sodium_crypto_aead_xchacha20poly1305_ietf_decrypt)2391 PHP_FUNCTION(sodium_crypto_aead_xchacha20poly1305_ietf_decrypt)
2392 {
2393 	zend_string        *msg;
2394 	unsigned char      *ad;
2395 	unsigned char      *ciphertext;
2396 	unsigned char      *npub;
2397 	unsigned char      *secretkey;
2398 	unsigned long long  msg_real_len;
2399 	size_t              ad_len;
2400 	size_t              ciphertext_len;
2401 	size_t              msg_len;
2402 	size_t              npub_len;
2403 	size_t              secretkey_len;
2404 
2405 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss",
2406 									&ciphertext, &ciphertext_len,
2407 									&ad, &ad_len,
2408 									&npub, &npub_len,
2409 									&secretkey, &secretkey_len) == FAILURE) {
2410 		sodium_remove_param_values_from_backtrace(EG(exception));
2411 		RETURN_THROWS();
2412 	}
2413 	if (npub_len != crypto_aead_xchacha20poly1305_IETF_NPUBBYTES) {
2414 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES bytes long");
2415 		RETURN_THROWS();
2416 	}
2417 	if (secretkey_len != crypto_aead_xchacha20poly1305_IETF_KEYBYTES) {
2418 		zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_KEYBYTES bytes long");
2419 		RETURN_THROWS();
2420 	}
2421 	if (ciphertext_len < crypto_aead_xchacha20poly1305_IETF_ABYTES) {
2422 		RETURN_FALSE;
2423 	}
2424 	msg_len = ciphertext_len;
2425 	if (msg_len - crypto_aead_xchacha20poly1305_IETF_ABYTES >= SIZE_MAX) {
2426 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2427 		RETURN_THROWS();
2428 	}
2429 	if ((unsigned long long) ciphertext_len -
2430 		crypto_aead_xchacha20poly1305_IETF_ABYTES > 64ULL * (1ULL << 32) - 64ULL) {
2431 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2432 		RETURN_THROWS();
2433 	}
2434 	msg = zend_string_alloc((size_t) msg_len, 0);
2435 	if (crypto_aead_xchacha20poly1305_ietf_decrypt
2436 		((unsigned char *) ZSTR_VAL(msg), &msg_real_len, NULL,
2437 		 ciphertext, (unsigned long long) ciphertext_len,
2438 		 ad, (unsigned long long) ad_len, npub, secretkey) != 0) {
2439 		zend_string_efree(msg);
2440 		RETURN_FALSE;
2441 	}
2442 	if (msg_real_len >= SIZE_MAX || msg_real_len > msg_len) {
2443 		zend_string_efree(msg);
2444 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2445 		RETURN_THROWS();
2446 	}
2447 	PHP_SODIUM_ZSTR_TRUNCATE(msg, (size_t) msg_real_len);
2448 	ZSTR_VAL(msg)[msg_real_len] = 0;
2449 
2450 	RETURN_NEW_STR(msg);
2451 }
2452 #endif
2453 
PHP_FUNCTION(sodium_bin2hex)2454 PHP_FUNCTION(sodium_bin2hex)
2455 {
2456 	zend_string   *hex;
2457 	unsigned char *bin;
2458 	size_t         bin_len;
2459 	size_t         hex_len;
2460 
2461 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
2462 									&bin, &bin_len) == FAILURE) {
2463 		sodium_remove_param_values_from_backtrace(EG(exception));
2464 		RETURN_THROWS();
2465 	}
2466 	if (bin_len >= SIZE_MAX / 2U) {
2467 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2468 		RETURN_THROWS();
2469 	}
2470 	hex_len = bin_len * 2U;
2471 	hex = zend_string_alloc((size_t) hex_len, 0);
2472 	sodium_bin2hex(ZSTR_VAL(hex), hex_len + 1U, bin, bin_len);
2473 	ZSTR_VAL(hex)[hex_len] = 0;
2474 
2475 	RETURN_STR(hex);
2476 }
2477 
PHP_FUNCTION(sodium_hex2bin)2478 PHP_FUNCTION(sodium_hex2bin)
2479 {
2480 	zend_string   *bin;
2481 	const char    *end;
2482 	char          *hex;
2483 	char          *ignore = NULL;
2484 	size_t         bin_real_len;
2485 	size_t         bin_len;
2486 	size_t         hex_len;
2487 	size_t         ignore_len = 0;
2488 
2489 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|s",
2490 									&hex, &hex_len,
2491 									&ignore, &ignore_len) == FAILURE) {
2492 		sodium_remove_param_values_from_backtrace(EG(exception));
2493 		RETURN_THROWS();
2494 	}
2495 	bin_len = hex_len / 2;
2496 	bin = zend_string_alloc(bin_len, 0);
2497 	if (sodium_hex2bin((unsigned char *) ZSTR_VAL(bin), bin_len, hex, hex_len,
2498 					   ignore, &bin_real_len, &end) != 0 ||
2499 		end != hex + hex_len) {
2500 		zend_string_efree(bin);
2501 		zend_argument_error(sodium_exception_ce, 1, "must be a valid hexadecimal string");
2502 		RETURN_THROWS();
2503 	}
2504 	if (bin_real_len >= SIZE_MAX || bin_real_len > bin_len) {
2505 		zend_string_efree(bin);
2506 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2507 		RETURN_THROWS();
2508 	}
2509 	PHP_SODIUM_ZSTR_TRUNCATE(bin, (size_t) bin_real_len);
2510 	ZSTR_VAL(bin)[bin_real_len] = 0;
2511 
2512 	RETURN_NEW_STR(bin);
2513 }
2514 
2515 #ifdef sodium_base64_VARIANT_ORIGINAL
PHP_FUNCTION(sodium_bin2base64)2516 PHP_FUNCTION(sodium_bin2base64)
2517 {
2518 	zend_string   *b64;
2519 	unsigned char *bin;
2520 	zend_long      variant;
2521 	size_t         bin_len;
2522 	size_t         b64_len;
2523 
2524 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sl",
2525 									&bin, &bin_len, &variant) == FAILURE) {
2526 		sodium_remove_param_values_from_backtrace(EG(exception));
2527 		RETURN_THROWS();
2528 	}
2529 	if ((((unsigned int) variant) & ~ 0x6U) != 0x1U) {
2530 		zend_argument_error(sodium_exception_ce, 2, "must be a valid base64 variant identifier");
2531 		RETURN_THROWS();
2532 	}
2533 	if (bin_len >= SIZE_MAX / 4U * 3U - 3U - 1U) {
2534 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2535 		RETURN_THROWS();
2536 	}
2537 	b64_len = sodium_base64_ENCODED_LEN(bin_len, variant);
2538 	b64 = zend_string_alloc((size_t) b64_len - 1U, 0);
2539 	sodium_bin2base64(ZSTR_VAL(b64), b64_len, bin, bin_len, (int) variant);
2540 
2541 	RETURN_STR(b64);
2542 }
2543 
PHP_FUNCTION(sodium_base642bin)2544 PHP_FUNCTION(sodium_base642bin)
2545 {
2546 	zend_string   *bin;
2547 	char          *b64;
2548 	const char    *end;
2549 	char          *ignore = NULL;
2550 	zend_long      variant;
2551 	size_t         bin_real_len;
2552 	size_t         bin_len;
2553 	size_t         b64_len;
2554 	size_t         ignore_len = 0;
2555 
2556 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sl|s",
2557 									&b64, &b64_len, &variant,
2558 									&ignore, &ignore_len) == FAILURE) {
2559 		sodium_remove_param_values_from_backtrace(EG(exception));
2560 		RETURN_THROWS();
2561 	}
2562 	if ((((unsigned int) variant) & ~ 0x6U) != 0x1U) {
2563 		zend_argument_error(sodium_exception_ce, 2, "must be a valid base64 variant identifier");
2564 		RETURN_THROWS();
2565 	}
2566 	bin_len = b64_len / 4U * 3U + 2U;
2567 	bin = zend_string_alloc(bin_len, 0);
2568 	if (sodium_base642bin((unsigned char *) ZSTR_VAL(bin), bin_len,
2569 						  b64, b64_len,
2570 						  ignore, &bin_real_len, &end, (int) variant) != 0 ||
2571 		end != b64 + b64_len) {
2572 		zend_string_efree(bin);
2573 		zend_argument_error(sodium_exception_ce, 1, "must be a valid base64 string");
2574 		RETURN_THROWS();
2575 	}
2576 	if (bin_real_len >= SIZE_MAX || bin_real_len > bin_len) {
2577 		zend_string_efree(bin);
2578 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
2579 		RETURN_THROWS();
2580 	}
2581 	PHP_SODIUM_ZSTR_TRUNCATE(bin, (size_t) bin_real_len);
2582 	ZSTR_VAL(bin)[bin_real_len] = 0;
2583 
2584 	RETURN_NEW_STR(bin);
2585 }
2586 #endif
2587 
PHP_FUNCTION(sodium_crypto_scalarmult)2588 PHP_FUNCTION(sodium_crypto_scalarmult)
2589 {
2590 	zend_string   *q;
2591 	unsigned char *n;
2592 	unsigned char *p;
2593 	size_t         n_len;
2594 	size_t         p_len;
2595 
2596 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
2597 									&n, &n_len, &p, &p_len) == FAILURE) {
2598 		sodium_remove_param_values_from_backtrace(EG(exception));
2599 		RETURN_THROWS();
2600 	}
2601 	if (n_len != crypto_scalarmult_SCALARBYTES) {
2602 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_SCALARMULT_SCALARBYTES bytes long");
2603 		RETURN_THROWS();
2604 	}
2605 	if (p_len != crypto_scalarmult_BYTES) {
2606 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_SCALARMULT_SCALARBYTES bytes long");
2607 		RETURN_THROWS();
2608 	}
2609 	q = zend_string_alloc(crypto_scalarmult_BYTES, 0);
2610 	if (crypto_scalarmult((unsigned char *) ZSTR_VAL(q), n, p) != 0) {
2611 		zend_string_efree(q);
2612 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
2613 		RETURN_THROWS();
2614 	}
2615 	ZSTR_VAL(q)[crypto_scalarmult_BYTES] = 0;
2616 
2617 	RETURN_NEW_STR(q);
2618 }
2619 
2620 #ifdef crypto_core_ristretto255_HASHBYTES
PHP_FUNCTION(sodium_crypto_scalarmult_ristretto255)2621 PHP_FUNCTION(sodium_crypto_scalarmult_ristretto255)
2622 {
2623 	zend_string   *q;
2624 	unsigned char *n;
2625 	unsigned char *p;
2626 	size_t         n_len;
2627 	size_t         p_len;
2628 
2629 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
2630 									&n, &n_len, &p, &p_len) == FAILURE) {
2631 		sodium_remove_param_values_from_backtrace(EG(exception));
2632 		RETURN_THROWS();
2633 	}
2634 	if (n_len != crypto_scalarmult_ristretto255_SCALARBYTES) {
2635 		zend_argument_error(sodium_exception_ce, 1,
2636 							"must be SODIUM_CRYPTO_SCALARMULT_RISTRETTO255_SCALARBYTES bytes long");
2637 		RETURN_THROWS();
2638 	}
2639 	if (p_len != crypto_scalarmult_ristretto255_BYTES) {
2640 		zend_argument_error(sodium_exception_ce, 2,
2641 							"must be SODIUM_CRYPTO_SCALARMULT_RISTRETTO255_BYTES bytes long");
2642 		RETURN_THROWS();
2643 	}
2644 	q = zend_string_alloc(crypto_scalarmult_ristretto255_BYTES, 0);
2645 	if (crypto_scalarmult_ristretto255((unsigned char *) ZSTR_VAL(q), n, p) != 0) {
2646 		zend_string_efree(q);
2647 		zend_throw_exception(sodium_exception_ce, "Result is identity element", 0);
2648 		RETURN_THROWS();
2649 	}
2650 	ZSTR_VAL(q)[crypto_scalarmult_ristretto255_BYTES] = 0;
2651 
2652 	RETURN_NEW_STR(q);
2653 }
2654 
PHP_FUNCTION(sodium_crypto_scalarmult_ristretto255_base)2655 PHP_FUNCTION(sodium_crypto_scalarmult_ristretto255_base)
2656 {
2657 	zend_string   *q;
2658 	unsigned char *n;
2659 	size_t         n_len;
2660 
2661 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
2662 							  &n, &n_len) == FAILURE) {
2663 		sodium_remove_param_values_from_backtrace(EG(exception));
2664 		RETURN_THROWS();
2665 	}
2666 	if (n_len != crypto_scalarmult_ristretto255_SCALARBYTES) {
2667 		zend_argument_error(sodium_exception_ce, 1,
2668 							"must be SODIUM_CRYPTO_SCALARMULT_RISTRETTO255_SCALARBYTES bytes long");
2669 		RETURN_THROWS();
2670 	}
2671 	q = zend_string_alloc(crypto_scalarmult_ristretto255_BYTES, 0);
2672 	if (crypto_scalarmult_ristretto255_base((unsigned char *) ZSTR_VAL(q), n) != 0) {
2673 		zend_string_efree(q);
2674 		zend_argument_error(sodium_exception_ce, 1, "must not be zero", 0);
2675 		RETURN_THROWS();
2676 	}
2677 	ZSTR_VAL(q)[crypto_scalarmult_BYTES] = 0;
2678 
2679 	RETURN_NEW_STR(q);
2680 }
2681 #endif
2682 
PHP_FUNCTION(sodium_crypto_kx_seed_keypair)2683 PHP_FUNCTION(sodium_crypto_kx_seed_keypair)
2684 {
2685 	unsigned char *sk;
2686 	unsigned char *pk;
2687 	unsigned char *seed;
2688 	size_t         seed_len;
2689 	zend_string   *keypair;
2690 
2691 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
2692 									&seed, &seed_len) == FAILURE) {
2693 		sodium_remove_param_values_from_backtrace(EG(exception));
2694 		RETURN_THROWS();
2695 	}
2696 	if (seed_len != crypto_kx_SEEDBYTES) {
2697 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_KX_SEEDBYTES bytes long");
2698 		RETURN_THROWS();
2699 	}
2700 	(void) sizeof(int[crypto_scalarmult_SCALARBYTES == crypto_kx_PUBLICKEYBYTES ? 1 : -1]);
2701 	(void) sizeof(int[crypto_scalarmult_SCALARBYTES == crypto_kx_SECRETKEYBYTES ? 1 : -1]);
2702 	keypair = zend_string_alloc(crypto_kx_SECRETKEYBYTES + crypto_kx_PUBLICKEYBYTES, 0);
2703 	sk = (unsigned char *) ZSTR_VAL(keypair);
2704 	pk = sk + crypto_kx_SECRETKEYBYTES;
2705 	crypto_generichash(sk, crypto_kx_SECRETKEYBYTES,
2706 					   seed, crypto_kx_SEEDBYTES, NULL, 0);
2707 	if (crypto_scalarmult_base(pk, sk) != 0) {
2708 		zend_string_efree(keypair);
2709 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
2710 		RETURN_THROWS();
2711 	}
2712 	ZSTR_VAL(keypair)[crypto_kx_SECRETKEYBYTES + crypto_kx_PUBLICKEYBYTES] = 0;
2713 	RETURN_STR(keypair);
2714 }
2715 
PHP_FUNCTION(sodium_crypto_kx_keypair)2716 PHP_FUNCTION(sodium_crypto_kx_keypair)
2717 {
2718 	unsigned char *sk;
2719 	unsigned char *pk;
2720 	zend_string   *keypair;
2721 
2722 	if (zend_parse_parameters_none() == FAILURE) {
2723 		RETURN_THROWS();
2724 	}
2725 	keypair = zend_string_alloc(crypto_kx_SECRETKEYBYTES + crypto_kx_PUBLICKEYBYTES, 0);
2726 	sk = (unsigned char *) ZSTR_VAL(keypair);
2727 	pk = sk + crypto_kx_SECRETKEYBYTES;
2728 	randombytes_buf(sk, crypto_kx_SECRETKEYBYTES);
2729 	if (crypto_scalarmult_base(pk, sk) != 0) {
2730 		zend_string_efree(keypair);
2731 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
2732 		RETURN_THROWS();
2733 	}
2734 	ZSTR_VAL(keypair)[crypto_kx_SECRETKEYBYTES + crypto_kx_PUBLICKEYBYTES] = 0;
2735 	RETURN_STR(keypair);
2736 }
2737 
PHP_FUNCTION(sodium_crypto_kx_secretkey)2738 PHP_FUNCTION(sodium_crypto_kx_secretkey)
2739 {
2740 	zend_string   *secretkey;
2741 	unsigned char *keypair;
2742 	size_t         keypair_len;
2743 
2744 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
2745 									&keypair, &keypair_len) == FAILURE) {
2746 		sodium_remove_param_values_from_backtrace(EG(exception));
2747 		RETURN_THROWS();
2748 	}
2749 	if (keypair_len !=
2750 		crypto_kx_SECRETKEYBYTES + crypto_kx_PUBLICKEYBYTES) {
2751 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_KX_KEYPAIRBYTES bytes long");
2752 		RETURN_THROWS();
2753 	}
2754 	secretkey = zend_string_alloc(crypto_kx_SECRETKEYBYTES, 0);
2755 	memcpy(ZSTR_VAL(secretkey), keypair, crypto_kx_SECRETKEYBYTES);
2756 	ZSTR_VAL(secretkey)[crypto_kx_SECRETKEYBYTES] = 0;
2757 
2758 	RETURN_STR(secretkey);
2759 }
2760 
PHP_FUNCTION(sodium_crypto_kx_publickey)2761 PHP_FUNCTION(sodium_crypto_kx_publickey)
2762 {
2763 	zend_string   *publickey;
2764 	unsigned char *keypair;
2765 	size_t         keypair_len;
2766 
2767 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
2768 									&keypair, &keypair_len) == FAILURE) {
2769 		sodium_remove_param_values_from_backtrace(EG(exception));
2770 		RETURN_THROWS();
2771 	}
2772 	if (keypair_len !=
2773 		crypto_kx_SECRETKEYBYTES + crypto_kx_PUBLICKEYBYTES) {
2774 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_KX_KEYPAIRBYTES bytes long");
2775 		RETURN_THROWS();
2776 	}
2777 	publickey = zend_string_alloc(crypto_kx_PUBLICKEYBYTES, 0);
2778 	memcpy(ZSTR_VAL(publickey), keypair + crypto_kx_SECRETKEYBYTES,
2779 		   crypto_kx_PUBLICKEYBYTES);
2780 	ZSTR_VAL(publickey)[crypto_kx_PUBLICKEYBYTES] = 0;
2781 
2782 	RETURN_STR(publickey);
2783 }
2784 
PHP_FUNCTION(sodium_crypto_kx_client_session_keys)2785 PHP_FUNCTION(sodium_crypto_kx_client_session_keys)
2786 {
2787 	crypto_generichash_state h;
2788 	unsigned char  q[crypto_scalarmult_BYTES];
2789 	unsigned char *keypair;
2790 	unsigned char *client_sk;
2791 	unsigned char *client_pk;
2792 	unsigned char *server_pk;
2793 	unsigned char  session_keys[2 * crypto_kx_SESSIONKEYBYTES];
2794 	size_t         keypair_len;
2795 	size_t         server_pk_len;
2796 
2797 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
2798 									&keypair, &keypair_len,
2799 									&server_pk, &server_pk_len) == FAILURE) {
2800 		sodium_remove_param_values_from_backtrace(EG(exception));
2801 		RETURN_THROWS();
2802 	}
2803 	if (keypair_len != crypto_kx_SECRETKEYBYTES + crypto_kx_PUBLICKEYBYTES) {
2804 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_KX_KEYPAIRBYTES bytes long");
2805 		RETURN_THROWS();
2806 	}
2807 	if (server_pk_len != crypto_kx_PUBLICKEYBYTES) {
2808 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_KX_PUBLICKEYBYTES bytes long");
2809 		RETURN_THROWS();
2810 	}
2811 	client_sk = &keypair[0];
2812 	client_pk = &keypair[crypto_kx_SECRETKEYBYTES];
2813 	(void) sizeof(int[crypto_scalarmult_SCALARBYTES == crypto_kx_PUBLICKEYBYTES ? 1 : -1]);
2814 	(void) sizeof(int[crypto_scalarmult_SCALARBYTES == crypto_kx_SECRETKEYBYTES ? 1 : -1]);
2815 	if (crypto_scalarmult(q, client_sk, server_pk) != 0) {
2816 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
2817 		RETURN_THROWS();
2818 	}
2819 	crypto_generichash_init(&h, NULL, 0U, 2 * crypto_kx_SESSIONKEYBYTES);
2820 	crypto_generichash_update(&h, q, sizeof q);
2821 	sodium_memzero(q, sizeof q);
2822 	crypto_generichash_update(&h, client_pk, crypto_kx_PUBLICKEYBYTES);
2823 	crypto_generichash_update(&h, server_pk, crypto_kx_PUBLICKEYBYTES);
2824 	crypto_generichash_final(&h, session_keys, 2 * crypto_kx_SESSIONKEYBYTES);
2825 	sodium_memzero(&h, sizeof h);
2826 	array_init(return_value);
2827 	add_next_index_stringl(return_value,
2828 						   (const char *) session_keys,
2829 						   crypto_kx_SESSIONKEYBYTES);
2830 	add_next_index_stringl(return_value,
2831 						   (const char *) session_keys + crypto_kx_SESSIONKEYBYTES,
2832 						   crypto_kx_SESSIONKEYBYTES);
2833 }
2834 
PHP_FUNCTION(sodium_crypto_kx_server_session_keys)2835 PHP_FUNCTION(sodium_crypto_kx_server_session_keys)
2836 {
2837 	crypto_generichash_state h;
2838 	unsigned char  q[crypto_scalarmult_BYTES];
2839 	unsigned char *keypair;
2840 	unsigned char *server_sk;
2841 	unsigned char *server_pk;
2842 	unsigned char *client_pk;
2843 	unsigned char  session_keys[2 * crypto_kx_SESSIONKEYBYTES];
2844 	size_t         keypair_len;
2845 	size_t         client_pk_len;
2846 
2847 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
2848 									&keypair, &keypair_len,
2849 									&client_pk, &client_pk_len) == FAILURE) {
2850 		sodium_remove_param_values_from_backtrace(EG(exception));
2851 		RETURN_THROWS();
2852 	}
2853 	if (keypair_len != crypto_kx_SECRETKEYBYTES + crypto_kx_PUBLICKEYBYTES) {
2854 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_KX_KEYPAIRBYTES bytes long");
2855 		RETURN_THROWS();
2856 	}
2857 	if (client_pk_len != crypto_kx_PUBLICKEYBYTES) {
2858 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_KX_PUBLICKEYBYTES bytes long");
2859 		RETURN_THROWS();
2860 	}
2861 	server_sk = &keypair[0];
2862 	server_pk = &keypair[crypto_kx_SECRETKEYBYTES];
2863 	(void) sizeof(int[crypto_scalarmult_SCALARBYTES == crypto_kx_PUBLICKEYBYTES ? 1 : -1]);
2864 	(void) sizeof(int[crypto_scalarmult_SCALARBYTES == crypto_kx_SECRETKEYBYTES ? 1 : -1]);
2865 	if (crypto_scalarmult(q, server_sk, client_pk) != 0) {
2866 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
2867 		RETURN_THROWS();
2868 	}
2869 	crypto_generichash_init(&h, NULL, 0U, 2 * crypto_kx_SESSIONKEYBYTES);
2870 	crypto_generichash_update(&h, q, sizeof q);
2871 	sodium_memzero(q, sizeof q);
2872 	crypto_generichash_update(&h, client_pk, crypto_kx_PUBLICKEYBYTES);
2873 	crypto_generichash_update(&h, server_pk, crypto_kx_PUBLICKEYBYTES);
2874 	crypto_generichash_final(&h, session_keys, 2 * crypto_kx_SESSIONKEYBYTES);
2875 	sodium_memzero(&h, sizeof h);
2876 	array_init(return_value);
2877 	add_next_index_stringl(return_value,
2878 						   (const char *) session_keys + crypto_kx_SESSIONKEYBYTES,
2879 						   crypto_kx_SESSIONKEYBYTES);
2880 	add_next_index_stringl(return_value,
2881 						   (const char *) session_keys,
2882 						   crypto_kx_SESSIONKEYBYTES);
2883 }
2884 
PHP_FUNCTION(sodium_crypto_auth)2885 PHP_FUNCTION(sodium_crypto_auth)
2886 {
2887 	zend_string *mac;
2888 	char        *key;
2889 	char        *msg;
2890 	size_t       msg_len;
2891 	size_t       key_len;
2892 
2893 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
2894 									&msg, &msg_len,
2895 									&key, &key_len) == FAILURE) {
2896 		sodium_remove_param_values_from_backtrace(EG(exception));
2897 		RETURN_THROWS();
2898 	}
2899 	if (key_len != crypto_auth_KEYBYTES) {
2900 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_AUTH_KEYBYTES bytes long");
2901 		RETURN_THROWS();
2902 	}
2903 	mac = zend_string_alloc(crypto_auth_BYTES, 0);
2904 	if (crypto_auth((unsigned char *) ZSTR_VAL(mac),
2905 					(const unsigned char *) msg, msg_len,
2906 					(const unsigned char *) key) != 0) {
2907 		zend_string_efree(mac);
2908 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
2909 		RETURN_THROWS();
2910 	}
2911 	ZSTR_VAL(mac)[crypto_auth_BYTES] = 0;
2912 
2913 	RETURN_STR(mac);
2914 }
2915 
PHP_FUNCTION(sodium_crypto_auth_verify)2916 PHP_FUNCTION(sodium_crypto_auth_verify)
2917 {
2918 	char      *mac;
2919 	char      *key;
2920 	char      *msg;
2921 	size_t     mac_len;
2922 	size_t     msg_len;
2923 	size_t     key_len;
2924 
2925 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss",
2926 									&mac, &mac_len,
2927 									&msg, &msg_len,
2928 									&key, &key_len) == FAILURE) {
2929 		sodium_remove_param_values_from_backtrace(EG(exception));
2930 		RETURN_THROWS();
2931 	}
2932 	if (key_len != crypto_auth_KEYBYTES) {
2933 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_AUTH_KEYBYTES bytes long");
2934 		RETURN_THROWS();
2935 	}
2936 	if (mac_len != crypto_auth_BYTES) {
2937 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_AUTH_BYTES bytes long");
2938 		RETURN_THROWS();
2939 	}
2940 	if (crypto_auth_verify((const unsigned char *) mac,
2941 						   (const unsigned char *) msg, msg_len,
2942 						   (const unsigned char *) key) != 0) {
2943 		RETURN_FALSE;
2944 	}
2945 	RETURN_TRUE;
2946 }
2947 
PHP_FUNCTION(sodium_crypto_sign_ed25519_sk_to_curve25519)2948 PHP_FUNCTION(sodium_crypto_sign_ed25519_sk_to_curve25519)
2949 {
2950 	zend_string *ecdhkey;
2951 	char        *eddsakey;
2952 	size_t       eddsakey_len;
2953 
2954 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
2955 									&eddsakey, &eddsakey_len) == FAILURE) {
2956 		sodium_remove_param_values_from_backtrace(EG(exception));
2957 		RETURN_THROWS();
2958 	}
2959 	if (eddsakey_len != crypto_sign_SECRETKEYBYTES) {
2960 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_SIGN_SECRETKEYBYTES bytes long");
2961 		RETURN_THROWS();
2962 	}
2963 	ecdhkey = zend_string_alloc(crypto_box_SECRETKEYBYTES, 0);
2964 
2965 	if (crypto_sign_ed25519_sk_to_curve25519((unsigned char *) ZSTR_VAL(ecdhkey),
2966 											 (const unsigned char *) eddsakey) != 0) {
2967 		zend_string_efree(ecdhkey);
2968 		zend_throw_exception(sodium_exception_ce, "conversion failed", 0);
2969 		RETURN_THROWS();
2970 	}
2971 	ZSTR_VAL(ecdhkey)[crypto_box_SECRETKEYBYTES] = 0;
2972 
2973 	RETURN_STR(ecdhkey);
2974 }
2975 
PHP_FUNCTION(sodium_crypto_sign_ed25519_pk_to_curve25519)2976 PHP_FUNCTION(sodium_crypto_sign_ed25519_pk_to_curve25519)
2977 {
2978 	zend_string *ecdhkey;
2979 	char        *eddsakey;
2980 	size_t       eddsakey_len;
2981 
2982 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
2983 									&eddsakey, &eddsakey_len) == FAILURE) {
2984 		sodium_remove_param_values_from_backtrace(EG(exception));
2985 		RETURN_THROWS();
2986 	}
2987 	if (eddsakey_len != crypto_sign_PUBLICKEYBYTES) {
2988 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES bytes long");
2989 		RETURN_THROWS();
2990 	}
2991 	ecdhkey = zend_string_alloc(crypto_sign_PUBLICKEYBYTES, 0);
2992 
2993 	if (crypto_sign_ed25519_pk_to_curve25519((unsigned char *) ZSTR_VAL(ecdhkey),
2994 											 (const unsigned char *) eddsakey) != 0) {
2995 		zend_string_efree(ecdhkey);
2996 		zend_throw_exception(sodium_exception_ce, "conversion failed", 0);
2997 		RETURN_THROWS();
2998 	}
2999 	ZSTR_VAL(ecdhkey)[crypto_box_PUBLICKEYBYTES] = 0;
3000 
3001 	RETURN_STR(ecdhkey);
3002 }
3003 
PHP_FUNCTION(sodium_compare)3004 PHP_FUNCTION(sodium_compare)
3005 {
3006 	char      *buf1;
3007 	char      *buf2;
3008 	size_t     len1;
3009 	size_t     len2;
3010 
3011 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
3012 									&buf1, &len1,
3013 									&buf2, &len2) == FAILURE) {
3014 		sodium_remove_param_values_from_backtrace(EG(exception));
3015 		RETURN_THROWS();
3016 	}
3017 	if (len1 != len2) {
3018 		zend_argument_error(sodium_exception_ce, 1, "and argument #2 ($string_2) must have the same length");
3019 		RETURN_THROWS();
3020 	} else {
3021 		RETURN_LONG(sodium_compare((const unsigned char *) buf1,
3022 								   (const unsigned char *) buf2, (size_t) len1));
3023 	}
3024 }
3025 
3026 #ifdef HAVE_AESGCM
PHP_FUNCTION(sodium_crypto_aead_aes256gcm_keygen)3027 PHP_FUNCTION(sodium_crypto_aead_aes256gcm_keygen)
3028 {
3029 	unsigned char key[crypto_aead_aes256gcm_KEYBYTES];
3030 
3031 	if (zend_parse_parameters_none() == FAILURE) {
3032 		RETURN_THROWS();
3033 	}
3034 	randombytes_buf(key, sizeof key);
3035 	RETURN_STRINGL((const char *) key, sizeof key);
3036 }
3037 #endif
3038 
3039 #ifdef crypto_aead_aegis128l_KEYBYTES
PHP_FUNCTION(sodium_crypto_aead_aegis128l_keygen)3040 PHP_FUNCTION(sodium_crypto_aead_aegis128l_keygen)
3041 {
3042 	unsigned char key[crypto_aead_aegis128l_KEYBYTES];
3043 
3044 	if (zend_parse_parameters_none() == FAILURE) {
3045 		RETURN_THROWS();
3046 	}
3047 	crypto_aead_aegis128l_keygen(key);
3048 	RETURN_STRINGL((const char *) key, sizeof key);
3049 }
3050 #endif
3051 
3052 #ifdef crypto_aead_aegis256_KEYBYTES
PHP_FUNCTION(sodium_crypto_aead_aegis256_keygen)3053 PHP_FUNCTION(sodium_crypto_aead_aegis256_keygen)
3054 {
3055 	unsigned char key[crypto_aead_aegis256_KEYBYTES];
3056 
3057 	if (zend_parse_parameters_none() == FAILURE) {
3058 		RETURN_THROWS();
3059 	}
3060 	crypto_aead_aegis256_keygen(key);
3061 	RETURN_STRINGL((const char *) key, sizeof key);
3062 }
3063 #endif
3064 
PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_keygen)3065 PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_keygen)
3066 {
3067 	unsigned char key[crypto_aead_chacha20poly1305_KEYBYTES];
3068 
3069 	if (zend_parse_parameters_none() == FAILURE) {
3070 		RETURN_THROWS();
3071 	}
3072 	randombytes_buf(key, sizeof key);
3073 	RETURN_STRINGL((const char *) key, sizeof key);
3074 }
3075 
PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_ietf_keygen)3076 PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_ietf_keygen)
3077 {
3078 	unsigned char key[crypto_aead_chacha20poly1305_IETF_KEYBYTES];
3079 
3080 	if (zend_parse_parameters_none() == FAILURE) {
3081 		RETURN_THROWS();
3082 	}
3083 	randombytes_buf(key, sizeof key);
3084 	RETURN_STRINGL((const char *) key, sizeof key);
3085 }
3086 
3087 #ifdef crypto_aead_xchacha20poly1305_IETF_NPUBBYTES
PHP_FUNCTION(sodium_crypto_aead_xchacha20poly1305_ietf_keygen)3088 PHP_FUNCTION(sodium_crypto_aead_xchacha20poly1305_ietf_keygen)
3089 {
3090 	unsigned char key[crypto_aead_xchacha20poly1305_IETF_KEYBYTES];
3091 
3092 	if (zend_parse_parameters_none() == FAILURE) {
3093 		RETURN_THROWS();
3094 	}
3095 	randombytes_buf(key, sizeof key);
3096 	RETURN_STRINGL((const char *) key, sizeof key);
3097 }
3098 #endif
3099 
PHP_FUNCTION(sodium_crypto_auth_keygen)3100 PHP_FUNCTION(sodium_crypto_auth_keygen)
3101 {
3102 	unsigned char key[crypto_auth_KEYBYTES];
3103 
3104 	if (zend_parse_parameters_none() == FAILURE) {
3105 		RETURN_THROWS();
3106 	}
3107 	randombytes_buf(key, sizeof key);
3108 	RETURN_STRINGL((const char *) key, sizeof key);
3109 }
3110 
PHP_FUNCTION(sodium_crypto_generichash_keygen)3111 PHP_FUNCTION(sodium_crypto_generichash_keygen)
3112 {
3113 	unsigned char key[crypto_generichash_KEYBYTES];
3114 
3115 	if (zend_parse_parameters_none() == FAILURE) {
3116 		RETURN_THROWS();
3117 	}
3118 	randombytes_buf(key, sizeof key);
3119 	RETURN_STRINGL((const char *) key, sizeof key);
3120 }
3121 
PHP_FUNCTION(sodium_crypto_kdf_keygen)3122 PHP_FUNCTION(sodium_crypto_kdf_keygen)
3123 {
3124 	unsigned char key[crypto_kdf_KEYBYTES];
3125 
3126 	if (zend_parse_parameters_none() == FAILURE) {
3127 		RETURN_THROWS();
3128 	}
3129 	randombytes_buf(key, sizeof key);
3130 	RETURN_STRINGL((const char *) key, sizeof key);
3131 }
3132 
PHP_FUNCTION(sodium_crypto_secretbox_keygen)3133 PHP_FUNCTION(sodium_crypto_secretbox_keygen)
3134 {
3135 	unsigned char key[crypto_secretbox_KEYBYTES];
3136 
3137 	if (zend_parse_parameters_none() == FAILURE) {
3138 		RETURN_THROWS();
3139 	}
3140 	randombytes_buf(key, sizeof key);
3141 	RETURN_STRINGL((const char *) key, sizeof key);
3142 }
3143 
PHP_FUNCTION(sodium_crypto_shorthash_keygen)3144 PHP_FUNCTION(sodium_crypto_shorthash_keygen)
3145 {
3146 	unsigned char key[crypto_shorthash_KEYBYTES];
3147 
3148 	if (zend_parse_parameters_none() == FAILURE) {
3149 		RETURN_THROWS();
3150 	}
3151 	randombytes_buf(key, sizeof key);
3152 	RETURN_STRINGL((const char *) key, sizeof key);
3153 }
3154 
PHP_FUNCTION(sodium_crypto_stream_keygen)3155 PHP_FUNCTION(sodium_crypto_stream_keygen)
3156 {
3157 	unsigned char key[crypto_stream_KEYBYTES];
3158 
3159 	if (zend_parse_parameters_none() == FAILURE) {
3160 		RETURN_THROWS();
3161 	}
3162 	randombytes_buf(key, sizeof key);
3163 	RETURN_STRINGL((const char *) key, sizeof key);
3164 }
3165 #ifdef crypto_stream_xchacha20_KEYBYTES
PHP_FUNCTION(sodium_crypto_stream_xchacha20_keygen)3166 PHP_FUNCTION(sodium_crypto_stream_xchacha20_keygen)
3167 {
3168 	unsigned char key[crypto_stream_xchacha20_KEYBYTES];
3169 
3170 	if (zend_parse_parameters_none() == FAILURE) {
3171 		return;
3172 	}
3173 	randombytes_buf(key, sizeof key);
3174 	RETURN_STRINGL((const char *) key, sizeof key);
3175 }
3176 #endif
3177 
PHP_FUNCTION(sodium_crypto_kdf_derive_from_key)3178 PHP_FUNCTION(sodium_crypto_kdf_derive_from_key)
3179 {
3180 	unsigned char  ctx_padded[crypto_generichash_blake2b_PERSONALBYTES];
3181 #ifndef crypto_kdf_PRIMITIVE
3182 	unsigned char  salt[crypto_generichash_blake2b_SALTBYTES];
3183 #endif
3184 	char          *ctx;
3185 	char          *key;
3186 	zend_string   *subkey;
3187 	zend_long      subkey_id;
3188 	zend_long      subkey_len;
3189 	size_t         ctx_len;
3190 	size_t         key_len;
3191 
3192 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "llss",
3193 									&subkey_len,
3194 									&subkey_id,
3195 									&ctx, &ctx_len,
3196 									&key, &key_len) == FAILURE) {
3197 		sodium_remove_param_values_from_backtrace(EG(exception));
3198 		RETURN_THROWS();
3199 	}
3200 	if (subkey_len < crypto_kdf_BYTES_MIN) {
3201 		zend_argument_error(sodium_exception_ce, 1, "must be greater than or equal to SODIUM_CRYPTO_KDF_BYTES_MIN");
3202 		RETURN_THROWS();
3203 	}
3204 	if (subkey_len > crypto_kdf_BYTES_MAX || subkey_len > SIZE_MAX) {
3205 		zend_argument_error(sodium_exception_ce, 1, "must be less than or equal to SODIUM_CRYPTO_KDF_BYTES_MAX");
3206 		RETURN_THROWS();
3207 	}
3208 	if (subkey_id < 0) {
3209 		zend_argument_error(sodium_exception_ce, 2, "must be greater than or equal to 0");
3210 		RETURN_THROWS();
3211 	}
3212 	if (ctx_len != crypto_kdf_CONTEXTBYTES) {
3213 		zend_argument_error(sodium_exception_ce, 3, "must be SODIUM_CRYPTO_KDF_CONTEXTBYTES bytes long");
3214 		RETURN_THROWS();
3215 	}
3216 	if (key_len != crypto_kdf_KEYBYTES) {
3217 		zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_KDF_BYTES_MIN bytes long");
3218 		RETURN_THROWS();
3219 	}
3220 	memcpy(ctx_padded, ctx, crypto_kdf_CONTEXTBYTES);
3221 	memset(ctx_padded + crypto_kdf_CONTEXTBYTES, 0, sizeof ctx_padded - crypto_kdf_CONTEXTBYTES);
3222 	subkey = zend_string_alloc((size_t) subkey_len, 0);
3223 #ifdef crypto_kdf_PRIMITIVE
3224 	crypto_kdf_derive_from_key((unsigned char *) ZSTR_VAL(subkey),
3225 							   (size_t) subkey_len, (uint64_t) subkey_id,
3226 							   ctx, (const unsigned char *) key);
3227 #else
3228 	salt[0] = (unsigned char) (((uint64_t) subkey_id)      );
3229 	salt[1] = (unsigned char) (((uint64_t) subkey_id) >>  8);
3230 	salt[2] = (unsigned char) (((uint64_t) subkey_id) >> 16);
3231 	salt[3] = (unsigned char) (((uint64_t) subkey_id) >> 24);
3232 	salt[4] = (unsigned char) (((uint64_t) subkey_id) >> 32);
3233 	salt[5] = (unsigned char) (((uint64_t) subkey_id) >> 40);
3234 	salt[6] = (unsigned char) (((uint64_t) subkey_id) >> 48);
3235 	salt[7] = (unsigned char) (((uint64_t) subkey_id) >> 56);
3236 	memset(salt + 8, 0, (sizeof salt) - 8);
3237 	crypto_generichash_blake2b_salt_personal((unsigned char *) ZSTR_VAL(subkey),
3238 											 (size_t) subkey_len,
3239 											 NULL, 0,
3240 											 (const unsigned char *) key,
3241 											 crypto_kdf_KEYBYTES,
3242 											 salt, ctx_padded);
3243 #endif
3244 	ZSTR_VAL(subkey)[subkey_len] = 0;
3245 
3246 	RETURN_STR(subkey);
3247 }
3248 
PHP_FUNCTION(sodium_pad)3249 PHP_FUNCTION(sodium_pad)
3250 {
3251 	zend_string    *padded;
3252 	char           *unpadded;
3253 	zend_long       blocksize;
3254 	volatile size_t st;
3255 	size_t          i, j, k;
3256 	size_t          unpadded_len;
3257 	size_t          xpadlen;
3258 	size_t          xpadded_len;
3259 
3260 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sl",
3261 									&unpadded, &unpadded_len, &blocksize) == FAILURE) {
3262 		sodium_remove_param_values_from_backtrace(EG(exception));
3263 		RETURN_THROWS();
3264 	}
3265 	if (blocksize <= 0) {
3266 		zend_argument_error(sodium_exception_ce, 2, "must be greater than 0");
3267 		RETURN_THROWS();
3268 	}
3269 	if (blocksize > SIZE_MAX) {
3270 		zend_argument_error(sodium_exception_ce, 2, "is too large");
3271 		RETURN_THROWS();
3272 	}
3273 	xpadlen = blocksize - 1U;
3274 	if ((blocksize & (blocksize - 1U)) == 0U) {
3275 		xpadlen -= unpadded_len & ((size_t) blocksize - 1U);
3276 	} else {
3277 		xpadlen -= unpadded_len % (size_t) blocksize;
3278 	}
3279 	if ((size_t) SIZE_MAX - unpadded_len <= xpadlen) {
3280 		zend_throw_exception(sodium_exception_ce, "input is too large", 0);
3281 		RETURN_THROWS();
3282 	}
3283 	xpadded_len = unpadded_len + xpadlen;
3284 	padded = zend_string_alloc(xpadded_len + 1U, 0);
3285 	if (unpadded_len > 0) {
3286 		st = 1U;
3287 		i = 0U;
3288 		k = unpadded_len;
3289 		for (j = 0U; j <= xpadded_len; j++) {
3290 			ZSTR_VAL(padded)[j] = unpadded[i];
3291 			k -= st;
3292 			st = (size_t) (~(((( (((uint64_t) k) >> 48) | (((uint64_t) k) >> 32) |
3293 								 (k >> 16) | k) & 0xffff) - 1U) >> 16)) & 1U;
3294 			i += st;
3295 		}
3296 	}
3297 #if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
3298 	if (sodium_pad(NULL, (unsigned char *) ZSTR_VAL(padded), unpadded_len,
3299 				   (size_t) blocksize, xpadded_len + 1U) != 0) {
3300 		zend_string_efree(padded);
3301 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
3302 		RETURN_THROWS();
3303 	}
3304 #else
3305 	{
3306 		char                   *tail;
3307 		volatile unsigned char  mask;
3308 		unsigned char           barrier_mask;
3309 
3310 		tail = &ZSTR_VAL(padded)[xpadded_len];
3311 		mask = 0U;
3312 		for (i = 0; i < blocksize; i++) {
3313 			barrier_mask = (unsigned char)
3314 				(((i ^ xpadlen) - 1U) >> ((sizeof(size_t) - 1U) * CHAR_BIT));
3315 			tail[-i] = (tail[-i] & mask) | (0x80 & barrier_mask);
3316 			mask |= barrier_mask;
3317 		}
3318 	}
3319 #endif
3320 	ZSTR_VAL(padded)[xpadded_len + 1U] = 0;
3321 
3322 	RETURN_STR(padded);
3323 }
3324 
PHP_FUNCTION(sodium_unpad)3325 PHP_FUNCTION(sodium_unpad)
3326 {
3327 	zend_string *unpadded;
3328 	char        *padded;
3329 	size_t       padded_len;
3330 	size_t       unpadded_len;
3331 	zend_long    blocksize;
3332 	int          ret;
3333 
3334 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sl",
3335 									&padded, &padded_len, &blocksize) == FAILURE) {
3336 		sodium_remove_param_values_from_backtrace(EG(exception));
3337 		RETURN_THROWS();
3338 	}
3339 	if (blocksize <= 0) {
3340 		zend_argument_error(sodium_exception_ce, 2, "must be greater than 0");
3341 		RETURN_THROWS();
3342 	}
3343 	if (blocksize > SIZE_MAX) {
3344 		zend_argument_error(sodium_exception_ce, 2, "is too large");
3345 		RETURN_THROWS();
3346 	}
3347 	if (padded_len < blocksize) {
3348 		zend_argument_error(sodium_exception_ce, 1, "must be at least as long as the block size");
3349 		RETURN_THROWS();
3350 	}
3351 
3352 #if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
3353 	ret = sodium_unpad(&unpadded_len, (const unsigned char *) padded,
3354 					   padded_len, (size_t) blocksize);
3355 #else
3356 	{
3357 		const char      *tail;
3358 		unsigned char    acc = 0U;
3359 		unsigned char    c;
3360 		unsigned char    valid = 0U;
3361 		volatile size_t  pad_len = 0U;
3362 		size_t           i;
3363 		size_t           is_barrier;
3364 
3365 		tail = &padded[padded_len - 1U];
3366 
3367 		for (i = 0U; i < (size_t) blocksize; i++) {
3368 			c = tail[-i];
3369 			is_barrier =
3370 				(( (acc - 1U) & (pad_len - 1U) & ((c ^ 0x80) - 1U) ) >> 8) & 1U;
3371 			acc |= c;
3372 			pad_len |= i & (1U + ~is_barrier);
3373 			valid |= (unsigned char) is_barrier;
3374 		}
3375 		unpadded_len = padded_len - 1U - pad_len;
3376 		ret = (int) (valid - 1U);
3377 	}
3378 #endif
3379 	if (ret != 0 || unpadded_len > LONG_MAX) {
3380 		zend_throw_exception(sodium_exception_ce, "invalid padding", 0);
3381 		RETURN_THROWS();
3382 	}
3383 	unpadded = zend_string_init(padded, padded_len, 0);
3384 	PHP_SODIUM_ZSTR_TRUNCATE(unpadded, unpadded_len);
3385 	ZSTR_VAL(unpadded)[unpadded_len] = 0;
3386 	RETURN_STR(unpadded);
3387 }
3388 
3389 #ifdef crypto_secretstream_xchacha20poly1305_ABYTES
PHP_FUNCTION(sodium_crypto_secretstream_xchacha20poly1305_keygen)3390 PHP_FUNCTION(sodium_crypto_secretstream_xchacha20poly1305_keygen)
3391 {
3392 	unsigned char key[crypto_secretstream_xchacha20poly1305_KEYBYTES];
3393 
3394 	if (zend_parse_parameters_none() == FAILURE) {
3395 		RETURN_THROWS();
3396 	}
3397 	randombytes_buf(key, sizeof key);
3398 	RETURN_STRINGL((const char *) key, sizeof key);
3399 }
3400 
PHP_FUNCTION(sodium_crypto_secretstream_xchacha20poly1305_init_push)3401 PHP_FUNCTION(sodium_crypto_secretstream_xchacha20poly1305_init_push)
3402 {
3403 	crypto_secretstream_xchacha20poly1305_state  state;
3404 	unsigned char                                header[crypto_secretstream_xchacha20poly1305_HEADERBYTES];
3405 	unsigned char                               *key;
3406 	size_t                                       key_len;
3407 
3408 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
3409 									&key, &key_len) == FAILURE) {
3410 		sodium_remove_param_values_from_backtrace(EG(exception));
3411 		RETURN_THROWS();
3412 	}
3413 	if (key_len != crypto_secretstream_xchacha20poly1305_KEYBYTES) {
3414 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_KEYBYTES bytes long");
3415 		RETURN_THROWS();
3416 	}
3417 	if (crypto_secretstream_xchacha20poly1305_init_push(&state,
3418 														header, key) != 0) {
3419 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
3420 		RETURN_THROWS();
3421 	}
3422 	array_init(return_value);
3423 	add_next_index_stringl(return_value, (const char *) &state, sizeof state);
3424 	add_next_index_stringl(return_value, (const char *) header, sizeof header);
3425 }
3426 
PHP_FUNCTION(sodium_crypto_secretstream_xchacha20poly1305_push)3427 PHP_FUNCTION(sodium_crypto_secretstream_xchacha20poly1305_push)
3428 {
3429 	zval               *state_zv;
3430 	zend_string        *c;
3431 	unsigned char      *ad = NULL;
3432 	unsigned char      *msg;
3433 	unsigned char      *state;
3434 	unsigned long long  c_real_len;
3435 	zend_long           tag = crypto_secretstream_xchacha20poly1305_TAG_MESSAGE;
3436 	size_t              ad_len = (size_t) 0U;
3437 	size_t              c_len;
3438 	size_t              msg_len;
3439 	size_t              state_len;
3440 
3441 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "zs|sl",
3442 									&state_zv,
3443 									&msg, &msg_len, &ad, &ad_len, &tag) == FAILURE) {
3444 		sodium_remove_param_values_from_backtrace(EG(exception));
3445 		RETURN_THROWS();
3446 	}
3447 	ZVAL_DEREF(state_zv);
3448 	if (Z_TYPE_P(state_zv) != IS_STRING) {
3449 		zend_argument_error(sodium_exception_ce, 1, "must be a reference to a state");
3450 		RETURN_THROWS();
3451 	}
3452 	sodium_separate_string(state_zv);
3453 	state = (unsigned char *) Z_STRVAL(*state_zv);
3454 	state_len = Z_STRLEN(*state_zv);
3455 	if (state_len != sizeof (crypto_secretstream_xchacha20poly1305_state)) {
3456 		zend_argument_error(sodium_exception_ce, 1, "must have a correct length");
3457 		RETURN_THROWS();
3458 	}
3459 	if (msg_len > crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX ||
3460 		msg_len > SIZE_MAX - crypto_secretstream_xchacha20poly1305_ABYTES) {
3461 		zend_argument_error(sodium_exception_ce, 2, "must be at most SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_MESSAGEBYTES_MAX bytes long");
3462 		RETURN_THROWS();
3463 	}
3464 	if (tag < 0 || tag > 255) {
3465 		zend_argument_error(sodium_exception_ce, 4, "must be in the range of 0-255");
3466 		RETURN_THROWS();
3467 	}
3468 	c_len = msg_len + crypto_secretstream_xchacha20poly1305_ABYTES;
3469 	c = zend_string_alloc((size_t) c_len, 0);
3470 	if (crypto_secretstream_xchacha20poly1305_push
3471 		((void *) state, (unsigned char *) ZSTR_VAL(c), &c_real_len,
3472 		 msg, (unsigned long long) msg_len, ad, (unsigned long long) ad_len,
3473 		 (unsigned char) tag) != 0) {
3474 		zend_string_efree(c);
3475 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
3476 		RETURN_THROWS();
3477 	}
3478 	if (c_real_len <= 0U || c_real_len >= SIZE_MAX || c_real_len > c_len) {
3479 		zend_string_efree(c);
3480 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
3481 		RETURN_THROWS();
3482 	}
3483 	PHP_SODIUM_ZSTR_TRUNCATE(c, (size_t) c_real_len);
3484 	ZSTR_VAL(c)[c_real_len] = 0;
3485 
3486 	RETURN_NEW_STR(c);
3487 }
3488 
PHP_FUNCTION(sodium_crypto_secretstream_xchacha20poly1305_init_pull)3489 PHP_FUNCTION(sodium_crypto_secretstream_xchacha20poly1305_init_pull)
3490 {
3491 	crypto_secretstream_xchacha20poly1305_state  state;
3492 	unsigned char                               *header;
3493 	unsigned char                               *key;
3494 	size_t                                       header_len;
3495 	size_t                                       key_len;
3496 
3497 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
3498 									&header, &header_len,
3499 									&key, &key_len) == FAILURE) {
3500 		sodium_remove_param_values_from_backtrace(EG(exception));
3501 		RETURN_THROWS();
3502 	}
3503 	if (header_len != crypto_secretstream_xchacha20poly1305_HEADERBYTES) {
3504 		zend_argument_error(sodium_exception_ce, 1, "must be SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES bytes long");
3505 		RETURN_THROWS();
3506 	}
3507 	if (key_len != crypto_secretstream_xchacha20poly1305_KEYBYTES) {
3508 		zend_argument_error(sodium_exception_ce, 2, "must be SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_KEYBYTES bytes long");
3509 		RETURN_THROWS();
3510 	}
3511 	if (crypto_secretstream_xchacha20poly1305_init_pull(&state,
3512 														header, key) != 0) {
3513 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
3514 		RETURN_THROWS();
3515 	}
3516 	RETURN_STRINGL((const char *) &state, sizeof state);
3517 }
3518 
PHP_FUNCTION(sodium_crypto_secretstream_xchacha20poly1305_pull)3519 PHP_FUNCTION(sodium_crypto_secretstream_xchacha20poly1305_pull)
3520 {
3521 	zval               *state_zv;
3522 	zend_string        *msg;
3523 	unsigned char      *ad = NULL;
3524 	unsigned char      *c;
3525 	unsigned char      *state;
3526 	unsigned long long  msg_real_len;
3527 	size_t              ad_len = (size_t) 0U;
3528 	size_t              msg_len;
3529 	size_t              c_len;
3530 	size_t              state_len;
3531 	unsigned char       tag;
3532 
3533 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "zs|s",
3534 									&state_zv,
3535 									&c, &c_len, &ad, &ad_len) == FAILURE) {
3536 		sodium_remove_param_values_from_backtrace(EG(exception));
3537 		RETURN_THROWS();
3538 	}
3539 	ZVAL_DEREF(state_zv);
3540 	if (Z_TYPE_P(state_zv) != IS_STRING) {
3541 		zend_argument_error(sodium_exception_ce, 1, "must be a reference to a state");
3542 		RETURN_THROWS();
3543 	}
3544 	sodium_separate_string(state_zv);
3545 	state = (unsigned char *) Z_STRVAL(*state_zv);
3546 	state_len = Z_STRLEN(*state_zv);
3547 	if (state_len != sizeof (crypto_secretstream_xchacha20poly1305_state)) {
3548 		zend_throw_exception(sodium_exception_ce, "incorrect state length", 0);
3549 		RETURN_THROWS();
3550 	}
3551 	if (c_len < crypto_secretstream_xchacha20poly1305_ABYTES) {
3552 		RETURN_FALSE;
3553 	}
3554 	msg_len = c_len - crypto_secretstream_xchacha20poly1305_ABYTES;
3555 	msg = zend_string_alloc((size_t) msg_len, 0);
3556 	if (crypto_secretstream_xchacha20poly1305_pull
3557 		((void *) state, (unsigned char *) ZSTR_VAL(msg), &msg_real_len, &tag,
3558 		 c, (unsigned long long) c_len, ad, (unsigned long long) ad_len) != 0) {
3559 		zend_string_efree(msg);
3560 		RETURN_FALSE;
3561 	}
3562 	if (msg_real_len >= SIZE_MAX || msg_real_len > msg_len) {
3563 		zend_string_efree(msg);
3564 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
3565 		RETURN_THROWS();
3566 	}
3567 	PHP_SODIUM_ZSTR_TRUNCATE(msg, (size_t) msg_real_len);
3568 	ZSTR_VAL(msg)[msg_real_len] = 0;
3569 	array_init(return_value);
3570 	add_next_index_str(return_value, msg);
3571 	add_next_index_long(return_value, (long) tag);
3572 }
3573 
PHP_FUNCTION(sodium_crypto_secretstream_xchacha20poly1305_rekey)3574 PHP_FUNCTION(sodium_crypto_secretstream_xchacha20poly1305_rekey)
3575 {
3576 	zval          *state_zv;
3577 	unsigned char *state;
3578 	size_t         state_len;
3579 
3580 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "z", &state_zv) == FAILURE) {
3581 		sodium_remove_param_values_from_backtrace(EG(exception));
3582 		RETURN_THROWS();
3583 	}
3584 	ZVAL_DEREF(state_zv);
3585 	if (Z_TYPE_P(state_zv) != IS_STRING) {
3586 		zend_argument_error(sodium_exception_ce, 1, "must be a reference to a state");
3587 		RETURN_THROWS();
3588 	}
3589 	sodium_separate_string(state_zv);
3590 	state = (unsigned char *) Z_STRVAL(*state_zv);
3591 	state_len = Z_STRLEN(*state_zv);
3592 	if (state_len != sizeof (crypto_secretstream_xchacha20poly1305_state)) {
3593 		zend_throw_exception(sodium_exception_ce, "incorrect state length", 0);
3594 		RETURN_THROWS();
3595 	}
3596 	crypto_secretstream_xchacha20poly1305_rekey((void *) state);
3597 }
3598 #endif
3599 
3600 #ifdef crypto_core_ristretto255_HASHBYTES
PHP_FUNCTION(sodium_crypto_core_ristretto255_add)3601 PHP_FUNCTION(sodium_crypto_core_ristretto255_add)
3602 {
3603 	zend_string   *r;
3604 	unsigned char *p;
3605 	unsigned char *q;
3606 	size_t         p_len;
3607 	size_t         q_len;
3608 
3609 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
3610 									&p, &p_len, &q, &q_len) == FAILURE) {
3611 		sodium_remove_param_values_from_backtrace(EG(exception));
3612 		RETURN_THROWS();
3613 	}
3614 	if (p_len != crypto_core_ristretto255_BYTES) {
3615 		zend_argument_error(sodium_exception_ce, 1,
3616 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_BYTES bytes long");
3617 		RETURN_THROWS();
3618 	}
3619 	if (q_len != crypto_core_ristretto255_BYTES) {
3620 		zend_argument_error(sodium_exception_ce, 2,
3621 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_BYTES bytes long");
3622 		RETURN_THROWS();
3623 	}
3624 	r = zend_string_alloc(crypto_core_ristretto255_BYTES, 0);
3625 	if (crypto_core_ristretto255_add((unsigned char *) ZSTR_VAL(r), p, q) != 0) {
3626 		zend_string_efree(r);
3627 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
3628 		RETURN_THROWS();
3629 	}
3630 	ZSTR_VAL(r)[crypto_core_ristretto255_BYTES] = 0;
3631 	RETURN_NEW_STR(r);
3632 }
3633 
PHP_FUNCTION(sodium_crypto_core_ristretto255_from_hash)3634 PHP_FUNCTION(sodium_crypto_core_ristretto255_from_hash)
3635 {
3636 	zend_string   *r;
3637 	unsigned char *s;
3638 	size_t         s_len;
3639 
3640 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
3641 							  &s, &s_len) == FAILURE) {
3642 		sodium_remove_param_values_from_backtrace(EG(exception));
3643 		RETURN_THROWS();
3644 	}
3645 	if (s_len != crypto_core_ristretto255_HASHBYTES) {
3646 		zend_argument_error(sodium_exception_ce, 1,
3647 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_HASHBYTES bytes long");
3648 		RETURN_THROWS();
3649 	}
3650 	r = zend_string_alloc(crypto_core_ristretto255_SCALARBYTES, 0);
3651 	if (crypto_core_ristretto255_from_hash((unsigned char *) ZSTR_VAL(r), s) != 0) {
3652 		zend_string_efree(r);
3653 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
3654 		RETURN_THROWS();
3655 	}
3656 	ZSTR_VAL(r)[crypto_core_ristretto255_SCALARBYTES] = 0;
3657 	RETURN_NEW_STR(r);
3658 }
3659 
PHP_FUNCTION(sodium_crypto_core_ristretto255_is_valid_point)3660 PHP_FUNCTION(sodium_crypto_core_ristretto255_is_valid_point)
3661 {
3662 	unsigned char *s;
3663 	size_t         s_len;
3664 
3665 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
3666 							  &s, &s_len) == FAILURE) {
3667 		sodium_remove_param_values_from_backtrace(EG(exception));
3668 		RETURN_THROWS();
3669 	}
3670 	if (s_len != crypto_core_ristretto255_BYTES) {
3671 		zend_argument_error(sodium_exception_ce, 1,
3672 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_BYTES bytes long");
3673 		RETURN_THROWS();
3674 	}
3675 	RETURN_BOOL(crypto_core_ristretto255_is_valid_point(s));
3676 }
3677 
PHP_FUNCTION(sodium_crypto_core_ristretto255_random)3678 PHP_FUNCTION(sodium_crypto_core_ristretto255_random)
3679 {
3680 	zend_string   *r;
3681 
3682 	if (zend_parse_parameters_none() == FAILURE) {
3683 		RETURN_THROWS();
3684 	}
3685 	r = zend_string_alloc(crypto_core_ristretto255_BYTES, 0);
3686 	crypto_core_ristretto255_random((unsigned char *) ZSTR_VAL(r));
3687 	ZSTR_VAL(r)[crypto_core_ristretto255_BYTES] = 0;
3688 	RETURN_NEW_STR(r);
3689 }
3690 
PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_add)3691 PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_add)
3692 {
3693 	zend_string   *r;
3694 	unsigned char *p;
3695 	unsigned char *q;
3696 	size_t         p_len;
3697 	size_t         q_len;
3698 
3699 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
3700 									&p, &p_len, &q, &q_len) == FAILURE) {
3701 		sodium_remove_param_values_from_backtrace(EG(exception));
3702 		RETURN_THROWS();
3703 	}
3704 	if (p_len != crypto_core_ristretto255_SCALARBYTES) {
3705 		zend_argument_error(sodium_exception_ce, 1,
3706 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_SCALARBYTES bytes long");
3707 		RETURN_THROWS();
3708 	}
3709 	if (q_len != crypto_core_ristretto255_SCALARBYTES) {
3710 		zend_argument_error(sodium_exception_ce, 2,
3711 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_SCALARBYTES bytes long");
3712 		RETURN_THROWS();
3713 	}
3714 	r = zend_string_alloc(crypto_core_ristretto255_BYTES, 0);
3715 	crypto_core_ristretto255_scalar_add((unsigned char *) ZSTR_VAL(r), p, q);
3716 	ZSTR_VAL(r)[crypto_core_ristretto255_SCALARBYTES] = 0;
3717 	RETURN_NEW_STR(r);
3718 }
3719 
PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_complement)3720 PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_complement)
3721 {
3722 	zend_string   *r;
3723 	unsigned char *s;
3724 	size_t         s_len;
3725 
3726 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
3727 							  &s, &s_len) == FAILURE) {
3728 		sodium_remove_param_values_from_backtrace(EG(exception));
3729 		RETURN_THROWS();
3730 	}
3731 	if (s_len != crypto_core_ristretto255_SCALARBYTES) {
3732 		zend_argument_error(sodium_exception_ce, 1,
3733 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_SCALARBYTES bytes long");
3734 		RETURN_THROWS();
3735 	}
3736 	r = zend_string_alloc(crypto_core_ristretto255_SCALARBYTES, 0);
3737 	crypto_core_ristretto255_scalar_complement((unsigned char *) ZSTR_VAL(r), s);
3738 	ZSTR_VAL(r)[crypto_core_ristretto255_SCALARBYTES] = 0;
3739 	RETURN_NEW_STR(r);
3740 }
3741 
PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_invert)3742 PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_invert)
3743 {
3744 	zend_string   *r;
3745 	unsigned char *s;
3746 	size_t         s_len;
3747 
3748 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
3749 							  &s, &s_len) == FAILURE) {
3750 		sodium_remove_param_values_from_backtrace(EG(exception));
3751 		RETURN_THROWS();
3752 	}
3753 	if (s_len != crypto_core_ristretto255_SCALARBYTES) {
3754 		zend_argument_error(sodium_exception_ce, 1,
3755 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_SCALARBYTES bytes long");
3756 		RETURN_THROWS();
3757 	}
3758 	r = zend_string_alloc(crypto_core_ristretto255_SCALARBYTES, 0);
3759 	if (crypto_core_ristretto255_scalar_invert((unsigned char *) ZSTR_VAL(r), s) != 0) {
3760 		zend_string_efree(r);
3761 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
3762 		RETURN_THROWS();
3763 	}
3764 	ZSTR_VAL(r)[crypto_core_ristretto255_SCALARBYTES] = 0;
3765 	RETURN_NEW_STR(r);
3766 }
3767 
PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_mul)3768 PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_mul)
3769 {
3770 	zend_string   *r;
3771 	unsigned char *x;
3772 	unsigned char *y;
3773 	size_t         x_len;
3774 	size_t         y_len;
3775 
3776 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
3777 									&x, &x_len, &y, &y_len) == FAILURE) {
3778 		sodium_remove_param_values_from_backtrace(EG(exception));
3779 		RETURN_THROWS();
3780 	}
3781 	if (x_len != crypto_core_ristretto255_SCALARBYTES) {
3782 		zend_argument_error(sodium_exception_ce, 1,
3783 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_SCALARBYTES bytes long");
3784 		RETURN_THROWS();
3785 	}
3786 	if (y_len != crypto_core_ristretto255_SCALARBYTES) {
3787 		zend_argument_error(sodium_exception_ce, 2,
3788 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_SCALARBYTES bytes long");
3789 		RETURN_THROWS();
3790 	}
3791 	r = zend_string_alloc(crypto_core_ristretto255_BYTES, 0);
3792 	crypto_core_ristretto255_scalar_mul((unsigned char *) ZSTR_VAL(r), x, y);
3793 	ZSTR_VAL(r)[crypto_core_ristretto255_SCALARBYTES] = 0;
3794 	RETURN_NEW_STR(r);
3795 }
3796 
PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_negate)3797 PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_negate)
3798 {
3799 	zend_string   *r;
3800 	unsigned char *s;
3801 	size_t         s_len;
3802 
3803 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
3804 							  &s, &s_len) == FAILURE) {
3805 		sodium_remove_param_values_from_backtrace(EG(exception));
3806 		RETURN_THROWS();
3807 	}
3808 	if (s_len != crypto_core_ristretto255_SCALARBYTES) {
3809 		zend_argument_error(sodium_exception_ce, 1,
3810 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_SCALARBYTES bytes long");
3811 		RETURN_THROWS();
3812 	}
3813 	r = zend_string_alloc(crypto_core_ristretto255_SCALARBYTES, 0);
3814 	crypto_core_ristretto255_scalar_negate((unsigned char *) ZSTR_VAL(r), s);
3815 	ZSTR_VAL(r)[crypto_core_ristretto255_SCALARBYTES] = 0;
3816 	RETURN_NEW_STR(r);
3817 }
3818 
PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_random)3819 PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_random)
3820 {
3821 	zend_string   *r;
3822 
3823 	if (zend_parse_parameters_none() == FAILURE) {
3824 		RETURN_THROWS();
3825 	};
3826 	r = zend_string_alloc(crypto_core_ristretto255_SCALARBYTES, 0);
3827 	crypto_core_ristretto255_scalar_random((unsigned char *) ZSTR_VAL(r));
3828 	ZSTR_VAL(r)[crypto_core_ristretto255_SCALARBYTES] = 0;
3829 	RETURN_NEW_STR(r);
3830 }
3831 
PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_reduce)3832 PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_reduce)
3833 {
3834 	zend_string   *r;
3835 	unsigned char *s;
3836 	size_t         s_len;
3837 
3838 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s",
3839 							  &s, &s_len) == FAILURE) {
3840 		sodium_remove_param_values_from_backtrace(EG(exception));
3841 		RETURN_THROWS();
3842 	}
3843 	if (s_len != crypto_core_ristretto255_NONREDUCEDSCALARBYTES) {
3844 		zend_argument_error(sodium_exception_ce, 1,
3845 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_NONREDUCEDSCALARBYTES bytes long");
3846 		RETURN_THROWS();
3847 	}
3848 	r = zend_string_alloc(crypto_core_ristretto255_SCALARBYTES, 0);
3849 	crypto_core_ristretto255_scalar_reduce((unsigned char *) ZSTR_VAL(r), s);
3850 	ZSTR_VAL(r)[crypto_core_ristretto255_SCALARBYTES] = 0;
3851 	RETURN_NEW_STR(r);
3852 }
3853 
PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_sub)3854 PHP_FUNCTION(sodium_crypto_core_ristretto255_scalar_sub)
3855 {
3856 	zend_string   *r;
3857 	unsigned char *p;
3858 	unsigned char *q;
3859 	size_t         p_len;
3860 	size_t         q_len;
3861 
3862 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
3863 									&p, &p_len, &q, &q_len) == FAILURE) {
3864 		sodium_remove_param_values_from_backtrace(EG(exception));
3865 		RETURN_THROWS();
3866 	}
3867 	if (p_len != crypto_core_ristretto255_SCALARBYTES) {
3868 		zend_argument_error(sodium_exception_ce, 1,
3869 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_SCALARBYTES bytes long");
3870 		RETURN_THROWS();
3871 	}
3872 	if (q_len != crypto_core_ristretto255_SCALARBYTES) {
3873 		zend_argument_error(sodium_exception_ce, 2,
3874 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_SCALARBYTES bytes long");
3875 		RETURN_THROWS();
3876 	}
3877 	r = zend_string_alloc(crypto_core_ristretto255_BYTES, 0);
3878 	crypto_core_ristretto255_scalar_sub((unsigned char *) ZSTR_VAL(r), p, q);
3879 	ZSTR_VAL(r)[crypto_core_ristretto255_SCALARBYTES] = 0;
3880 	RETURN_NEW_STR(r);
3881 }
3882 
PHP_FUNCTION(sodium_crypto_core_ristretto255_sub)3883 PHP_FUNCTION(sodium_crypto_core_ristretto255_sub)
3884 {
3885 	zend_string   *r;
3886 	unsigned char *p;
3887 	unsigned char *q;
3888 	size_t         p_len;
3889 	size_t         q_len;
3890 
3891 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss",
3892 									&p, &p_len, &q, &q_len) == FAILURE) {
3893 		sodium_remove_param_values_from_backtrace(EG(exception));
3894 		RETURN_THROWS();
3895 	}
3896 	if (p_len != crypto_core_ristretto255_BYTES) {
3897 		zend_argument_error(sodium_exception_ce, 1,
3898 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_BYTES bytes long");
3899 		RETURN_THROWS();
3900 	}
3901 	if (q_len != crypto_core_ristretto255_BYTES) {
3902 		zend_argument_error(sodium_exception_ce, 2,
3903 							"must be SODIUM_CRYPTO_CORE_RISTRETTO255_BYTES bytes long");
3904 		RETURN_THROWS();
3905 	}
3906 	r = zend_string_alloc(crypto_core_ristretto255_BYTES, 0);
3907 	if (crypto_core_ristretto255_sub((unsigned char *) ZSTR_VAL(r), p, q) != 0) {
3908 		zend_string_efree(r);
3909 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
3910 		RETURN_THROWS();
3911 	}
3912 	ZSTR_VAL(r)[crypto_core_ristretto255_BYTES] = 0;
3913 	RETURN_NEW_STR(r);
3914 }
3915 #endif
3916