$auth->
update($aad);
# crypto_onetimeauth_poly1305_update(&poly1305_state, _pad0,
# (0x10 - adlen) & 0xf);
$auth->
update(str_repeat("\0",
((0x10 -
$aadlen) & 0xf
)));
# memset(block, 0, sizeof block);
# block[0] = tag;
# crypto_stream_chacha20_ietf_xor_ic(block, block, sizeof block,
# state->nonce, 1U, state->k);
$block = ParagonIE_Sodium_Core32_ChaCha20::
ietfStreamXorIc( ParagonIE_Sodium_Core32_Util::
intToChr($tag) .
str_repeat("\0", 63
),
$st->
getCombinedNonce(),
$st->
getKey(),
ParagonIE_Sodium_Core32_Util::
store64_le(1
) );
# crypto_onetimeauth_poly1305_update(&poly1305_state, block, sizeof block);
$auth->
update($block);
# out[0] = block[0];
$out =
$block[0
];
# c = out + (sizeof tag);