/** @var string $ciphertext - The encrypted message (sans MAC) */
$ciphertext = ParagonIE_Sodium_Core32_Util::
substr($message, 0,
$clen);
/** @var string The first block of the chacha20 keystream, used as a poly1305 key */
$block0 = ParagonIE_Sodium_Core32_ChaCha20::
stream( 32,
$nonce,
$key );
/* Recalculate the Poly1305 authentication tag (MAC): */
$state =
new ParagonIE_Sodium_Core32_Poly1305_State($block0);
try { ParagonIE_Sodium_Compat::
memzero($block0);
} catch (SodiumException
$ex) { $block0 = null;
} $state->
update($ad);
$state->
update(ParagonIE_Sodium_Core32_Util::
store64_le($adlen));
$state->
update($ciphertext);
$state->
update(ParagonIE_Sodium_Core32_Util::
store64_le($clen));
$computed_mac =
$state->
finish();