$key );
/* Recalculate the Poly1305 authentication tag (MAC): */
$state =
new ParagonIE_Sodium_Core32_Poly1305_State($block0);
try { ParagonIE_Sodium_Compat::
memzero($block0);
} catch (SodiumException
$ex) { $block0 = null;
} $state->
update($ad);
$state->
update(ParagonIE_Sodium_Core32_Util::
store64_le($adlen));
$state->
update($ciphertext);
$state->
update(ParagonIE_Sodium_Core32_Util::
store64_le($clen));
$computed_mac =
$state->
finish();
/* Compare the given MAC with the recalculated MAC: */
if (!ParagonIE_Sodium_Core32_Util::
verify_16($computed_mac,
$mac)) { throw new SodiumException('Invalid MAC'
);
} // Here, we know that the MAC is valid, so we decrypt and return the plaintext
return ParagonIE_Sodium_Core32_ChaCha20::
streamXorIc(