From 5c61e9fc27209659e54d716be1122207787c3c70 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Thu, 28 Jun 2018 14:05:07 +0100
Subject: [PATCH] Use the userenckey package from ai3/go-common
---
cmd/userenckey-tool/main.go | 64 --
dovecot/keyproxy.go | 9 +-
server/keystore.go | 10 +-
server/keystore_test.go | 11 +-
userenckey/decrypt.go | 62 --
userenckey/encrypt.go | 32 -
userenckey/encrypt_test.go | 24 -
userenckey/gen.go | 37 -
userenckey/gen_test.go | 20 -
.../ai3/go-common/userenckey/container.go | 125 +++
.../ai3/go-common/userenckey/key.go | 90 +++
.../ai3/go-common/userenckey}/pkcs8.go | 0
.../ai3/go-common/userenckey}/pkcs8_compat.go | 1 +
vendor/github.com/lunixbochs/struc/LICENSE | 19 +
vendor/github.com/lunixbochs/struc/README.md | 103 +++
vendor/github.com/lunixbochs/struc/binary.go | 52 ++
vendor/github.com/lunixbochs/struc/custom.go | 33 +
.../lunixbochs/struc/custom_float16.go | 78 ++
vendor/github.com/lunixbochs/struc/field.go | 288 +++++++
vendor/github.com/lunixbochs/struc/fields.go | 172 ++++
vendor/github.com/lunixbochs/struc/legacy.go | 16 +
vendor/github.com/lunixbochs/struc/packer.go | 13 +
vendor/github.com/lunixbochs/struc/parse.go | 230 ++++++
vendor/github.com/lunixbochs/struc/struc.go | 117 +++
vendor/github.com/lunixbochs/struc/types.go | 136 ++++
vendor/golang.org/x/crypto/argon2/argon2.go | 285 +++++++
vendor/golang.org/x/crypto/argon2/blake2b.go | 53 ++
.../x/crypto/argon2/blamka_amd64.go | 60 ++
.../golang.org/x/crypto/argon2/blamka_amd64.s | 243 ++++++
.../x/crypto/argon2/blamka_generic.go | 163 ++++
.../golang.org/x/crypto/argon2/blamka_ref.go | 15 +
vendor/golang.org/x/crypto/blake2b/blake2b.go | 289 +++++++
.../x/crypto/blake2b/blake2bAVX2_amd64.go | 37 +
.../x/crypto/blake2b/blake2bAVX2_amd64.s | 750 ++++++++++++++++++
.../x/crypto/blake2b/blake2b_amd64.go | 24 +
.../x/crypto/blake2b/blake2b_amd64.s | 281 +++++++
.../x/crypto/blake2b/blake2b_generic.go | 179 +++++
.../x/crypto/blake2b/blake2b_ref.go | 11 +
vendor/golang.org/x/crypto/blake2b/blake2x.go | 177 +++++
.../golang.org/x/crypto/blake2b/register.go | 32 +
vendor/golang.org/x/crypto/scrypt/scrypt.go | 2 +-
vendor/golang.org/x/sys/LICENSE | 27 +
vendor/golang.org/x/sys/PATENTS | 22 +
vendor/golang.org/x/sys/cpu/cpu.go | 38 +
vendor/golang.org/x/sys/cpu/cpu_arm.go | 7 +
vendor/golang.org/x/sys/cpu/cpu_arm64.go | 7 +
vendor/golang.org/x/sys/cpu/cpu_gc_x86.go | 16 +
vendor/golang.org/x/sys/cpu/cpu_gccgo.c | 43 +
vendor/golang.org/x/sys/cpu/cpu_gccgo.go | 26 +
vendor/golang.org/x/sys/cpu/cpu_mips64x.go | 9 +
vendor/golang.org/x/sys/cpu/cpu_mipsx.go | 9 +
vendor/golang.org/x/sys/cpu/cpu_ppc64x.go | 9 +
vendor/golang.org/x/sys/cpu/cpu_s390x.go | 7 +
vendor/golang.org/x/sys/cpu/cpu_x86.go | 55 ++
vendor/golang.org/x/sys/cpu/cpu_x86.s | 27 +
vendor/vendor.json | 40 +-
56 files changed, 4432 insertions(+), 253 deletions(-)
delete mode 100644 cmd/userenckey-tool/main.go
delete mode 100644 userenckey/decrypt.go
delete mode 100644 userenckey/encrypt.go
delete mode 100644 userenckey/encrypt_test.go
delete mode 100644 userenckey/gen.go
delete mode 100644 userenckey/gen_test.go
create mode 100644 vendor/git.autistici.org/ai3/go-common/userenckey/container.go
create mode 100644 vendor/git.autistici.org/ai3/go-common/userenckey/key.go
rename {userenckey => vendor/git.autistici.org/ai3/go-common/userenckey}/pkcs8.go (100%)
rename {userenckey => vendor/git.autistici.org/ai3/go-common/userenckey}/pkcs8_compat.go (97%)
create mode 100644 vendor/github.com/lunixbochs/struc/LICENSE
create mode 100644 vendor/github.com/lunixbochs/struc/README.md
create mode 100644 vendor/github.com/lunixbochs/struc/binary.go
create mode 100644 vendor/github.com/lunixbochs/struc/custom.go
create mode 100644 vendor/github.com/lunixbochs/struc/custom_float16.go
create mode 100644 vendor/github.com/lunixbochs/struc/field.go
create mode 100644 vendor/github.com/lunixbochs/struc/fields.go
create mode 100644 vendor/github.com/lunixbochs/struc/legacy.go
create mode 100644 vendor/github.com/lunixbochs/struc/packer.go
create mode 100644 vendor/github.com/lunixbochs/struc/parse.go
create mode 100644 vendor/github.com/lunixbochs/struc/struc.go
create mode 100644 vendor/github.com/lunixbochs/struc/types.go
create mode 100644 vendor/golang.org/x/crypto/argon2/argon2.go
create mode 100644 vendor/golang.org/x/crypto/argon2/blake2b.go
create mode 100644 vendor/golang.org/x/crypto/argon2/blamka_amd64.go
create mode 100644 vendor/golang.org/x/crypto/argon2/blamka_amd64.s
create mode 100644 vendor/golang.org/x/crypto/argon2/blamka_generic.go
create mode 100644 vendor/golang.org/x/crypto/argon2/blamka_ref.go
create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b.go
create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go
create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b_generic.go
create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2x.go
create mode 100644 vendor/golang.org/x/crypto/blake2b/register.go
create mode 100644 vendor/golang.org/x/sys/LICENSE
create mode 100644 vendor/golang.org/x/sys/PATENTS
create mode 100644 vendor/golang.org/x/sys/cpu/cpu.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_arm.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_arm64.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_gccgo.c
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_gccgo.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_mips64x.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_mipsx.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_s390x.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_x86.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_x86.s
diff --git a/cmd/userenckey-tool/main.go b/cmd/userenckey-tool/main.go
deleted file mode 100644
index 13b021eb..00000000
--- a/cmd/userenckey-tool/main.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package main
-
-import (
- "bytes"
- "encoding/base64"
- "flag"
- "fmt"
- "log"
- "os/exec"
-
- "git.autistici.org/id/keystore/userenckey"
-)
-
-var (
- doGenKeys = flag.Bool("gen-keys", false, "generate user encryption keys with the specified curve")
- curve = flag.String("curve", "secp224r1", "EC curve to use")
- password = flag.String("password", "", "password")
-)
-
-func genKeys() ([]byte, []byte, error) {
- priv, err := exec.Command("sh", "-c", fmt.Sprintf("openssl ecparam -name %s -genkey | openssl pkey", *curve)).Output()
- if err != nil {
- return nil, nil, err
- }
-
- cmd := exec.Command("sh", "-c", "openssl ec -pubout")
- cmd.Stdin = bytes.NewReader(priv)
- pub, err := cmd.Output()
- if err != nil {
- return nil, nil, err
- }
-
- priv, err = userenckey.Encrypt(priv, []byte(*password))
- if err != nil {
- return nil, nil, err
- }
-
- return priv, pub, err
-}
-
-func main() {
- log.SetFlags(0)
- flag.Parse()
-
- switch {
- case *doGenKeys:
- if *password == "" {
- log.Fatal("must specify --password")
- }
-
- priv, pub, err := genKeys()
- if err != nil {
- log.Fatal(err)
- }
- fmt.Printf(
- "public key: %s\nprivate key (encrypted): %s\n",
- base64.StdEncoding.EncodeToString(pub),
- base64.StdEncoding.EncodeToString(priv),
- )
-
- default:
- log.Fatal("no actions specified")
- }
-}
diff --git a/dovecot/keyproxy.go b/dovecot/keyproxy.go
index a7edf355..41a372eb 100644
--- a/dovecot/keyproxy.go
+++ b/dovecot/keyproxy.go
@@ -8,10 +8,10 @@ import (
"strings"
"git.autistici.org/ai3/go-common/clientutil"
+ "git.autistici.org/ai3/go-common/userenckey"
"git.autistici.org/id/keystore/backend"
"git.autistici.org/id/keystore/client"
- "git.autistici.org/id/keystore/userenckey"
)
// Config for the dovecot-keystore daemon.
@@ -139,11 +139,16 @@ func (s *KeyLookupProxy) lookupPassdb(ctx context.Context, username, password st
log.Printf("failed passdb lookup for %s (no keys)", username)
return nil, false, nil
}
- priv, err = userenckey.Decrypt(encKeys, []byte(password))
+ key, err := userenckey.Decrypt(encKeys, []byte(password))
if err != nil {
log.Printf("failed passdb lookup for %s (could not decrypt key)", username)
return nil, false, err
}
+ priv, err = key.PEM()
+ if err != nil {
+ log.Printf("failed passdb lookup for %s (obtained invalid key: %v)", username, err)
+ return nil, false, err
+ }
log.Printf("passdb lookup for %s (decrypted)", username)
return &passdbResponse{PrivateKey: s.b64encode(priv)}, true, nil
}
diff --git a/server/keystore.go b/server/keystore.go
index 4fad6dbf..c8d55344 100644
--- a/server/keystore.go
+++ b/server/keystore.go
@@ -9,10 +9,10 @@ import (
"sync"
"time"
+ "git.autistici.org/ai3/go-common/userenckey"
"git.autistici.org/id/go-sso"
"git.autistici.org/id/keystore/backend"
- "git.autistici.org/id/keystore/userenckey"
)
var (
@@ -159,10 +159,16 @@ func (s *KeyStore) Open(ctx context.Context, username, password string, ttlSecon
if err != nil {
return err
}
+ // Obtain the PEM representation of the private key and store
+ // that in memory.
+ pem, err := pkey.PEM()
+ if err != nil {
+ return err
+ }
s.mx.Lock()
s.userKeys[username] = userKey{
- pkey: pkey,
+ pkey: pem,
expiry: time.Now().Add(time.Duration(ttlSeconds) * time.Second),
}
s.mx.Unlock()
diff --git a/server/keystore_test.go b/server/keystore_test.go
index 3e734eae..3fa66c16 100644
--- a/server/keystore_test.go
+++ b/server/keystore_test.go
@@ -9,10 +9,10 @@ import (
"testing"
"time"
+ "git.autistici.org/ai3/go-common/userenckey"
"golang.org/x/crypto/ed25519"
"git.autistici.org/id/go-sso"
- "git.autistici.org/id/keystore/userenckey"
)
type testContext struct {
@@ -68,13 +68,14 @@ func (t *testDB) GetPrivateKeys(_ context.Context, username string) ([][]byte, e
}
var (
- privKey = []byte("fairly secret key")
+ privKey *userenckey.Key
pw = []byte("equally secret password")
encPrivKey []byte
)
func init() {
var err error
+ _, privKey, _ = userenckey.GenerateKey()
encPrivKey, err = userenckey.Encrypt(privKey, pw)
if err != nil {
panic(err)
@@ -115,8 +116,10 @@ func TestKeystore_OpenAndGet(t *testing.T) {
if err != nil {
t.Fatal("keystore.Get():", err)
}
- if !bytes.Equal(result, privKey) {
- t.Fatalf("keystore.Get() returned bad key: got %v, expected %v", result, privKey)
+
+ expectedPEM, _ := privKey.PEM()
+ if !bytes.Equal(result, expectedPEM) {
+ t.Fatalf("keystore.Get() returned bad key: got %v, expected %v", result, expectedPEM)
}
}
diff --git a/userenckey/decrypt.go b/userenckey/decrypt.go
deleted file mode 100644
index 99d7f711..00000000
--- a/userenckey/decrypt.go
+++ /dev/null
@@ -1,62 +0,0 @@
-package userenckey
-
-import (
- "errors"
-
- "github.com/miscreant/miscreant/go"
- "golang.org/x/crypto/scrypt"
-)
-
-// ErrBadPassword is returned on decryption failure.
-var ErrBadPassword = errors.New("could not decrypt key with password")
-
-const aeadAlgo = "AES-SIV"
-
-const (
- scryptN = 32768
- scryptR = 8
- scryptP = 1
- keyLen = 64
- saltLen = 32
-)
-
-// Decrypt one out of multiple keys with the specified password. The
-// keys share the same cleartext, but have been encrypted with
-// different passwords.
-func Decrypt(encKeys [][]byte, pw []byte) ([]byte, error) {
- for _, key := range encKeys {
- dec, err := decryptData(key, pw)
- if err == nil {
- return dec, nil
- }
- }
- return nil, ErrBadPassword
-}
-
-func kdf(pw, salt []byte) ([]byte, error) {
- return scrypt.Key(pw, salt, scryptN, scryptR, scryptP, keyLen)
-}
-
-func decryptData(data, pw []byte) ([]byte, error) {
- // The KDF salt is prepended to the encrypted key.
- if len(data) < saltLen {
- return nil, errors.New("short data")
- }
- salt := data[:saltLen]
- data = data[saltLen:]
-
- // Apply the key derivation function to the password to obtain
- // a 64 byte key.
- dk, err := kdf(pw, salt)
- if err != nil {
- return nil, err
- }
-
- // Set up the AES-SIV secret box.
- cipher, err := miscreant.NewAEAD(aeadAlgo, dk, 0)
- if err != nil {
- return nil, err
- }
-
- return cipher.Open(nil, nil, data, nil)
-}
diff --git a/userenckey/encrypt.go b/userenckey/encrypt.go
deleted file mode 100644
index 877b0381..00000000
--- a/userenckey/encrypt.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package userenckey
-
-import (
- "crypto/rand"
- "io"
-
- "github.com/miscreant/miscreant/go"
-)
-
-// Encrypt a key with a password and a random salt.
-func Encrypt(key, pw []byte) ([]byte, error) {
- salt := genRandomSalt()
- dk, err := kdf(pw, salt)
- if err != nil {
- return nil, err
- }
-
- cipher, err := miscreant.NewAEAD(aeadAlgo, dk, 0)
- if err != nil {
- return nil, err
- }
-
- return cipher.Seal(salt, nil, key, nil), nil
-}
-
-func genRandomSalt() []byte {
- var b [saltLen]byte
- if _, err := io.ReadFull(rand.Reader, b[:]); err != nil {
- panic(err)
- }
- return b[:]
-}
diff --git a/userenckey/encrypt_test.go b/userenckey/encrypt_test.go
deleted file mode 100644
index 36220c26..00000000
--- a/userenckey/encrypt_test.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package userenckey
-
-import (
- "bytes"
- "testing"
-)
-
-func TestEncrypt(t *testing.T) {
- pw := []byte("stracchino")
- key := []byte("this is a very secret key")
-
- enc, err := Encrypt(key, pw)
- if err != nil {
- t.Fatal("Encrypt():", err)
- }
-
- dec, err := Decrypt([][]byte{enc}, pw)
- if err != nil {
- t.Fatal("Decrypt():", err)
- }
- if !bytes.Equal(key, dec) {
- t.Fatalf("bad decrypted ciphertext: %v", dec)
- }
-}
diff --git a/userenckey/gen.go b/userenckey/gen.go
deleted file mode 100644
index f3cb4cee..00000000
--- a/userenckey/gen.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package userenckey
-
-import (
- "crypto/ecdsa"
- "crypto/elliptic"
- "crypto/rand"
- "crypto/x509"
- "encoding/pem"
-)
-
-func encodePublicKeyToPEM(pub *ecdsa.PublicKey) ([]byte, error) {
- der, err := x509.MarshalPKIXPublicKey(pub)
- if err != nil {
- return nil, err
- }
- return pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: der}), nil
-}
-
-// GenerateKey generates a new ECDSA key pair, and returns the
-// PEM-encoded public and private key (in order).
-func GenerateKey() ([]byte, []byte, error) {
- pkey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
- if err != nil {
- return nil, nil, err
- }
-
- privBytes, err := encodePrivateKeyToPEM(pkey)
- if err != nil {
- return nil, nil, err
- }
- pubBytes, err := encodePublicKeyToPEM(&pkey.PublicKey)
- if err != nil {
- return nil, nil, err
- }
-
- return pubBytes, privBytes, nil
-}
diff --git a/userenckey/gen_test.go b/userenckey/gen_test.go
deleted file mode 100644
index 1574845b..00000000
--- a/userenckey/gen_test.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package userenckey
-
-import (
- "bytes"
- "testing"
-)
-
-func TestGenerateKey(t *testing.T) {
- pub, priv, err := GenerateKey()
- if err != nil {
- t.Fatal(err)
- }
-
- if !bytes.HasPrefix(pub, []byte("-----BEGIN PUBLIC KEY-----")) {
- t.Errorf("bad public key: %s", string(pub))
- }
- if !bytes.HasPrefix(priv, []byte("-----BEGIN PRIVATE KEY-----")) {
- t.Errorf("bad private key: %s", string(priv))
- }
-}
diff --git a/vendor/git.autistici.org/ai3/go-common/userenckey/container.go b/vendor/git.autistici.org/ai3/go-common/userenckey/container.go
new file mode 100644
index 00000000..5da01a94
--- /dev/null
+++ b/vendor/git.autistici.org/ai3/go-common/userenckey/container.go
@@ -0,0 +1,125 @@
+package userenckey
+
+import (
+ "bytes"
+ "crypto/rand"
+ "errors"
+ "io"
+
+ "github.com/lunixbochs/struc"
+ "github.com/miscreant/miscreant/go"
+ "golang.org/x/crypto/argon2"
+)
+
+// Current algorithm: Argon2 KDF + AES-SIV key encryption.
+const algoArgon2AESSIV = 1
+
+const aeadAlgo = "AES-SIV"
+
+// Struct members have stupid names to reduce the size of the resulting gob!
+type argon2Params struct {
+ Time uint32 `struc:"uint32,little"`
+ Memory uint32 `struc:"uint32,little"`
+ Threads uint8 `struc:"uint8"`
+}
+
+// Default Argon2 parameters are tuned for a high-traffic
+// authentication service (<1ms per operation).
+var defaultArgon2Params = argon2Params{
+ Time: 1,
+ Memory: 4 * 1024,
+ Threads: 4,
+}
+
+const (
+ keyLen = 64
+ saltLen = 32
+)
+
+func argon2KDF(params argon2Params, salt, pw []byte) []byte {
+ return argon2.Key(pw, salt, params.Time, params.Memory, params.Threads, keyLen)
+}
+
+// An encrypted container stores an opaque blob of binary data along
+// with metadata about the encryption itself, to allow for a
+// controlled amount of algorithm malleability accounting for future
+// updates. The structure is binary-packed (as opposed to using higher
+// level serializations such as encoding/gob) because we'd like to be
+// able to read it from other languages if necessary.
+type container struct { // nolint: maligned
+ Algo uint8 `struc:"uint8"`
+ Params argon2Params
+ SaltLen uint8 `struc:"uint8,sizeof=Salt"`
+ Salt []byte
+ DataLen uint16 `struc:"uint16,little,sizeof=Data"`
+ Data []byte
+}
+
+// Convert to an opaque encoded ("wire") representation.
+func (c *container) Marshal() ([]byte, error) {
+ var buf bytes.Buffer
+ err := struc.Pack(&buf, c)
+ if err != nil {
+ return nil, err
+ }
+
+ return buf.Bytes(), nil
+}
+
+// Parse a key object from the wire representation.
+func unmarshalContainer(b []byte) (c container, err error) {
+ err = struc.Unpack(bytes.NewReader(b), &c)
+ return
+}
+
+func newContainer(data, pw []byte) (container, error) {
+ return encryptArgon2AESSIV(data, pw)
+}
+
+func (c container) decrypt(pw []byte) ([]byte, error) {
+ // Only one supported kdf/algo combination right now.
+ if c.Algo == algoArgon2AESSIV {
+ return c.decryptArgon2AESSIV(pw)
+ }
+ return nil, errors.New("unsupported algo")
+}
+
+func (c container) decryptArgon2AESSIV(pw []byte) ([]byte, error) {
+ // Run the KDF and create the AEAD cipher.
+ dk := argon2KDF(c.Params, c.Salt, pw)
+ cipher, err := miscreant.NewAEAD(aeadAlgo, dk, 0)
+ if err != nil {
+ return nil, err
+ }
+
+ // Decrypt the data and obtain the DER-encoded private key.
+ dec, err := cipher.Open(nil, nil, c.Data, nil)
+ return dec, err
+}
+
+func encryptArgon2AESSIV(data, pw []byte) (container, error) {
+ c := container{
+ Algo: algoArgon2AESSIV,
+ Params: defaultArgon2Params,
+ Salt: genRandomSalt(),
+ }
+
+ // Run the KDF and create the AEAD cipher.
+ dk := argon2KDF(c.Params, c.Salt, pw)
+ cipher, err := miscreant.NewAEAD(aeadAlgo, dk, 0)
+ if err != nil {
+ return container{}, err
+ }
+
+ // Encrypt the data (a DER-encoded ECDSA private key).
+ c.Data = cipher.Seal(nil, nil, data, nil)
+ return c, nil
+}
+
+func genRandomSalt() []byte {
+ var b [saltLen]byte
+ if _, err := io.ReadFull(rand.Reader, b[:]); err != nil {
+ panic(err)
+ }
+ return b[:]
+}
diff --git a/vendor/git.autistici.org/ai3/go-common/userenckey/key.go b/vendor/git.autistici.org/ai3/go-common/userenckey/key.go
new file mode 100644
index 00000000..d10c4df0
--- /dev/null
+++ b/vendor/git.autistici.org/ai3/go-common/userenckey/key.go
@@ -0,0 +1,90 @@
+package userenckey
+
+import (
+ "crypto/ecdsa"
+ "crypto/elliptic"
+ "crypto/rand"
+ "crypto/x509"
+ "encoding/pem"
+ "errors"
+)
+
+// ErrBadPassword is returned on decryption failure.
+var ErrBadPassword = errors.New("could not decrypt key with password")
+
+func encodePublicKeyToPEM(pub *ecdsa.PublicKey) ([]byte, error) {
+ der, err := x509.MarshalPKIXPublicKey(pub)
+ if err != nil {
+ return nil, err
+ }
+ return pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: der}), nil
+}
+
+// Key (unencrypted).
+type Key struct {
+ rawBytes []byte
+}
+
+// GenerateKey generates a new ECDSA key pair, and returns the
+// PEM-encoded public and private key (in order).
+func GenerateKey() ([]byte, *Key, error) {
+ priv, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ //privBytes, err := encodePrivateKeyToPEM(priv)
+ privBytes, err := x509.MarshalECPrivateKey(priv)
+ if err != nil {
+ return nil, nil, err
+ }
+ pubBytes, err := encodePublicKeyToPEM(&priv.PublicKey)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ return pubBytes, &Key{privBytes}, nil
+}
+
+// PEM returns the key in PEM-encoded format.
+func (k *Key) PEM() ([]byte, error) {
+ // Parse the ASN.1 data and encode it with PKCS8 (in PEM format).
+ priv, err := k.PrivateKey()
+ if err != nil {
+ return nil, err
+ }
+
+ return encodePrivateKeyToPEM(priv)
+}
+
+// PrivateKey parses the DER-encoded ASN.1 data in Key and returns the
+// private key object.
+func (k *Key) PrivateKey() (*ecdsa.PrivateKey, error) {
+ return x509.ParseECPrivateKey(k.rawBytes)
+}
+
+// Encrypt a key with a password and a random salt.
+func Encrypt(key *Key, pw []byte) ([]byte, error) {
+ c, err := newContainer(key.rawBytes, pw)
+ if err != nil {
+ return nil, err
+ }
+ return c.Marshal()
+}
+
+// Decrypt one out of multiple keys with the specified password. The
+// keys share the same cleartext, but have been encrypted with
+// different passwords.
+func Decrypt(encKeys [][]byte, pw []byte) (*Key, error) {
+ for _, encKey := range encKeys {
+ c, err := unmarshalContainer(encKey)
+ if err != nil {
+ //log.Printf("parse error: %v", err)
+ continue
+ }
+ if dec, err := c.decrypt(pw); err == nil {
+ return &Key{dec}, nil
+ }
+ }
+ return nil, ErrBadPassword
+}
diff --git a/userenckey/pkcs8.go b/vendor/git.autistici.org/ai3/go-common/userenckey/pkcs8.go
similarity index 100%
rename from userenckey/pkcs8.go
rename to vendor/git.autistici.org/ai3/go-common/userenckey/pkcs8.go
diff --git a/userenckey/pkcs8_compat.go b/vendor/git.autistici.org/ai3/go-common/userenckey/pkcs8_compat.go
similarity index 97%
rename from userenckey/pkcs8_compat.go
rename to vendor/git.autistici.org/ai3/go-common/userenckey/pkcs8_compat.go
index a63b6f86..7f36efba 100644
--- a/userenckey/pkcs8_compat.go
+++ b/vendor/git.autistici.org/ai3/go-common/userenckey/pkcs8_compat.go
@@ -21,6 +21,7 @@ func encodePrivateKeyToPEM(priv *ecdsa.PrivateKey) ([]byte, error) {
}
pkcs1 := pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: der})
+ /* #nosec */
cmd := exec.Command("/usr/bin/openssl", "pkey")
cmd.Stdin = bytes.NewReader(pkcs1)
return cmd.Output()
diff --git a/vendor/github.com/lunixbochs/struc/LICENSE b/vendor/github.com/lunixbochs/struc/LICENSE
new file mode 100644
index 00000000..42e82633
--- /dev/null
+++ b/vendor/github.com/lunixbochs/struc/LICENSE
@@ -0,0 +1,19 @@
+Copyright (c) 2015 Ryan Hileman
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/vendor/github.com/lunixbochs/struc/README.md b/vendor/github.com/lunixbochs/struc/README.md
new file mode 100644
index 00000000..c8134971
--- /dev/null
+++ b/vendor/github.com/lunixbochs/struc/README.md
@@ -0,0 +1,103 @@
+[](https://travis-ci.org/lunixbochs/struc)
+
+struc
+====
+
+Struc exists to pack and unpack C-style structures from bytes, which is useful for binary files and network protocols. It could be considered an alternative to `encoding/binary`, which requires massive boilerplate for some similar operations.
+
+Take a look at an [example comparing `struc` and `encoding/binary`](https://bochs.info/p/cxvm9)
+
+Struc considers usability first. That said, it does cache reflection data and aims to be competitive with `encoding/binary` struct packing in every way, including performance.
+
+Example struct
+----
+
+```Go
+type Example struct {
+ Var int `struc:"int32,sizeof=Str"`
+ Str string
+ Weird []byte `struc:"[8]int64"`
+ Var []int `struc:"[]int32,little"`
+}
+```
+
+Struct tag format
+----
+
+ - ```Var []int `struc:"[]int32,little,sizeof=StringField"` ``` will pack Var as a slice of little-endian int32, and link it as the size of `StringField`.
+ - `sizeof=`: Indicates this field is a number used to track the length of a another field. `sizeof` fields are automatically updated on `Pack()` based on the current length of the tracked field, and are used to size the target field during `Unpack()`.
+ - Bare values will be parsed as type and endianness.
+
+Endian formats
+----
+
+ - `big` (default)
+ - `little`
+
+Recognized types
+----
+
+ - `pad` - this type ignores field contents and is backed by a `[length]byte` containing nulls
+ - `bool`
+ - `byte`
+ - `int8`, `uint8`
+ - `int16`, `uint16`
+ - `int32`, `uint32`
+ - `int64`, `uint64`
+ - `float32`
+ - `float64`
+
+Types can be indicated as arrays/slices using `[]` syntax. Example: `[]int64`, `[8]int32`.
+
+Bare slice types (those with no `[size]`) must have a linked `Sizeof` field.
+
+Private fields are ignored when packing and unpacking.
+
+Example code
+----
+
+```Go
+package main
+
+import (
+ "bytes"
+ "github.com/lunixbochs/struc"
+)
+
+type Example struct {
+ A int `struc:"big"`
+
+ // B will be encoded/decoded as a 16-bit int (a "short")
+ // but is stored as a native int in the struct
+ B int `struc:"int16"`
+
+ // the sizeof key links a buffer's size to any int field
+ Size int `struc:"int8,little,sizeof=Str"`
+ Str string
+
+ // you can get freaky if you want
+ Str2 string `struc:"[5]int64"`
+}
+
+func main() {
+ var buf bytes.Buffer
+ t := &Example{1, 2, 0, "test", "test2"}
+ err := struc.Pack(&buf, t)
+ o := &Example{}
+ err = struc.Unpack(&buf, o)
+}
+```
+
+Benchmark
+----
+
+`BenchmarkEncode` uses struc. `Stdlib` benchmarks use equivalent `encoding/binary` code. `Manual` encodes without any reflection, and should be considered an upper bound on performance (which generated code based on struc definitions should be able to achieve).
+
+```
+BenchmarkEncode 1000000 1265 ns/op
+BenchmarkStdlibEncode 1000000 1855 ns/op
+BenchmarkManualEncode 5000000 284 ns/op
+BenchmarkDecode 1000000 1259 ns/op
+BenchmarkStdlibDecode 1000000 1656 ns/op
+BenchmarkManualDecode 20000000 89.0 ns/op
+```
diff --git a/vendor/github.com/lunixbochs/struc/binary.go b/vendor/github.com/lunixbochs/struc/binary.go
new file mode 100644
index 00000000..4899d08f
--- /dev/null
+++ b/vendor/github.com/lunixbochs/struc/binary.go
@@ -0,0 +1,52 @@
+package struc
+
+import (
+ "encoding/binary"
+ "io"
+ "reflect"
+)
+
+type byteWriter struct {
+ buf []byte
+ pos int
+}
+
+func (b byteWriter) Write(p []byte) (int, error) {
+ capacity := len(b.buf) - b.pos
+ if capacity < len(p) {
+ p = p[:capacity]
+ }
+ if len(p) > 0 {
+ copy(b.buf[b.pos:], p)
+ b.pos += len(p)
+ }
+ return len(p), nil
+}
+
+type binaryFallback reflect.Value
+
+func (b binaryFallback) String() string {
+ return b.String()
+}
+
+func (b binaryFallback) Sizeof(val reflect.Value, options *Options) int {
+ return binary.Size(val.Interface())
+}
+
+func (b binaryFallback) Pack(buf []byte, val reflect.Value, options *Options) (int, error) {
+ tmp := byteWriter{buf: buf}
+ var order binary.ByteOrder = binary.BigEndian
+ if options.Order != nil {
+ order = options.Order
+ }
+ err := binary.Write(tmp, order, val.Interface())
+ return tmp.pos, err
+}
+
+func (b binaryFallback) Unpack(r io.Reader, val reflect.Value, options *Options) error {
+ var order binary.ByteOrder = binary.BigEndian
+ if options.Order != nil {
+ order = options.Order
+ }
+ return binary.Read(r, order, val.Interface())
+}
diff --git a/vendor/github.com/lunixbochs/struc/custom.go b/vendor/github.com/lunixbochs/struc/custom.go
new file mode 100644
index 00000000..c468dce5
--- /dev/null
+++ b/vendor/github.com/lunixbochs/struc/custom.go
@@ -0,0 +1,33 @@
+package struc
+
+import (
+ "io"
+ "reflect"
+)
+
+type Custom interface {
+ Pack(p []byte, opt *Options) (int, error)
+ Unpack(r io.Reader, length int, opt *Options) error
+ Size(opt *Options) int
+ String() string
+}
+
+type customFallback struct {
+ custom Custom
+}
+
+func (c customFallback) Pack(p []byte, val reflect.Value, opt *Options) (int, error) {
+ return c.custom.Pack(p, opt)
+}
+
+func (c customFallback) Unpack(r io.Reader, val reflect.Value, opt *Options) error {
+ return c.custom.Unpack(r, 1, opt)
+}
+
+func (c customFallback) Sizeof(val reflect.Value, opt *Options) int {
+ return c.custom.Size(opt)
+}
+
+func (c customFallback) String() string {
+ return c.custom.String()
+}
diff --git a/vendor/github.com/lunixbochs/struc/custom_float16.go b/vendor/github.com/lunixbochs/struc/custom_float16.go
new file mode 100644
index 00000000..722be765
--- /dev/null
+++ b/vendor/github.com/lunixbochs/struc/custom_float16.go
@@ -0,0 +1,78 @@
+package struc
+
+import (
+ "encoding/binary"
+ "io"
+ "math"
+ "strconv"
+)
+
+type Float16 float64
+
+func (f *Float16) Pack(p []byte, opt *Options) (int, error) {
+ order := opt.Order
+ if order == nil {
+ order = binary.BigEndian
+ }
+ sign := uint16(0)
+ if *f < 0 {
+ sign = 1
+ }
+ var frac, exp uint16
+ if math.IsInf(float64(*f), 0) {
+ exp = 0x1f
+ frac = 0
+ } else if math.IsNaN(float64(*f)) {
+ exp = 0x1f
+ frac = 1
+ } else {
+ bits := math.Float64bits(float64(*f))
+ exp64 := (bits >> 52) & 0x7ff
+ if exp64 != 0 {
+ exp = uint16((exp64 - 1023 + 15) & 0x1f)
+ }
+ frac = uint16((bits >> 42) & 0x3ff)
+ }
+ var out uint16
+ out |= sign << 15
+ out |= exp << 10
+ out |= frac & 0x3ff
+ order.PutUint16(p, out)
+ return 2, nil
+}
+func (f *Float16) Unpack(r io.Reader, length int, opt *Options) error {
+ order := opt.Order
+ if order == nil {
+ order = binary.BigEndian
+ }
+ var tmp [2]byte
+ if _, err := r.Read(tmp[:]); err != nil {
+ return err
+ }
+ val := order.Uint16(tmp[:2])
+ sign := (val >> 15) & 1
+ exp := int16((val >> 10) & 0x1f)
+ frac := val & 0x3ff
+ if exp == 0x1f {
+ if frac != 0 {
+ *f = Float16(math.NaN())
+ } else {
+ *f = Float16(math.Inf(int(sign)*-2 + 1))
+ }
+ } else {
+ var bits uint64
+ bits |= uint64(sign) << 63
+ bits |= uint64(frac) << 42
+ if exp > 0 {
+ bits |= uint64(exp-15+1023) << 52
+ }
+ *f = Float16(math.Float64frombits(bits))
+ }
+ return nil
+}
+func (f *Float16) Size(opt *Options) int {
+ return 2
+}
+func (f *Float16) String() string {
+ return strconv.FormatFloat(float64(*f), 'g', -1, 32)
+}
diff --git a/vendor/github.com/lunixbochs/struc/field.go b/vendor/github.com/lunixbochs/struc/field.go
new file mode 100644
index 00000000..6e59c2ab
--- /dev/null
+++ b/vendor/github.com/lunixbochs/struc/field.go
@@ -0,0 +1,288 @@
+package struc
+
+import (
+ "bytes"
+ "encoding/binary"
+ "fmt"
+ "math"
+ "reflect"
+)
+
+type Field struct {
+ Name string
+ Ptr bool
+ Index int
+ Type Type
+ defType Type
+ Array bool
+ Slice bool
+ Len int
+ Order binary.ByteOrder
+ Sizeof []int
+ Sizefrom []int
+ Fields Fields
+ kind reflect.Kind
+}
+
+func (f *Field) String() string {
+ var out string
+ if f.Type == Pad {
+ return fmt.Sprintf("{type: Pad, len: %d}", f.Len)
+ } else {
+ out = fmt.Sprintf("type: %s, order: %v", f.Type.String(), f.Order)
+ }
+ if f.Sizefrom != nil {
+ out += fmt.Sprintf(", sizefrom: %v", f.Sizefrom)
+ } else if f.Len > 0 {
+ out += fmt.Sprintf(", len: %d", f.Len)
+ }
+ if f.Sizeof != nil {
+ out += fmt.Sprintf(", sizeof: %v", f.Sizeof)
+ }
+ return "{" + out + "}"
+}
+
+func (f *Field) Size(val reflect.Value, options *Options) int {
+ typ := f.Type.Resolve(options)
+ size := 0
+ if typ == Struct {
+ vals := []reflect.Value{val}
+ if f.Slice {
+ vals = make([]reflect.Value, val.Len())
+ for i := 0; i < val.Len(); i++ {
+ vals[i] = val.Index(i)
+ }
+ }
+ for _, val := range vals {
+ size += f.Fields.Sizeof(val, options)
+ }
+ } else if typ == Pad {
+ size = f.Len
+ } else if f.Slice || f.kind == reflect.String {
+ length := val.Len()
+ if f.Len > 1 {
+ length = f.Len
+ }
+ size = length * typ.Size()
+ } else if typ == CustomType {
+ return val.Addr().Interface().(Custom).Size(options)
+ } else {
+ size = typ.Size()
+ }
+ align := options.ByteAlign
+ if align > 0 && size < align {
+ size = align
+ }
+ return size
+}
+
+func (f *Field) packVal(buf []byte, val reflect.Value, length int, options *Options) (size int, err error) {
+ order := f.Order
+ if options.Order != nil {
+ order = options.Order
+ }
+ if f.Ptr {
+ val = val.Elem()
+ }
+ typ := f.Type.Resolve(options)
+ switch typ {
+ case Struct:
+ return f.Fields.Pack(buf, val, options)
+ case Bool, Int8, Int16, Int32, Int64, Uint8, Uint16, Uint32, Uint64:
+ size = typ.Size()
+ var n uint64
+ switch f.kind {
+ case reflect.Bool:
+ if val.Bool() {
+ n = 1
+ } else {
+ n = 0
+ }
+ case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+ n = uint64(val.Int())
+ default:
+ n = val.Uint()
+ }
+ switch typ {
+ case Bool:
+ if n != 0 {
+ buf[0] = 1
+ } else {
+ buf[0] = 0
+ }
+ case Int8, Uint8:
+ buf[0] = byte(n)
+ case Int16, Uint16:
+ order.PutUint16(buf, uint16(n))
+ case Int32, Uint32:
+ order.PutUint32(buf, uint32(n))
+ case Int64, Uint64:
+ order.PutUint64(buf, uint64(n))
+ }
+ case Float32, Float64:
+ size = typ.Size()
+ n := val.Float()
+ switch typ {
+ case Float32:
+ order.PutUint32(buf, math.Float32bits(float32(n)))
+ case Float64:
+ order.PutUint64(buf, math.Float64bits(n))
+ }
+ case String:
+ switch f.kind {
+ case reflect.String:
+ size = val.Len()
+ copy(buf, []byte(val.String()))
+ default:
+ // TODO: handle kind != bytes here
+ size = val.Len()
+ copy(buf, val.Bytes())
+ }
+ case CustomType:
+ return val.Addr().Interface().(Custom).Pack(buf, options)
+ default:
+ panic(fmt.Sprintf("no pack handler for type: %s", typ))
+ }
+ return
+}
+
+func (f *Field) Pack(buf []byte, val reflect.Value, length int, options *Options) (int, error) {
+ typ := f.Type.Resolve(options)
+ if typ == Pad {
+ for i := 0; i < length; i++ {
+ buf[i] = 0
+ }
+ return length, nil
+ }
+ if f.Slice {
+ // special case strings and byte slices for performance
+ end := val.Len()
+ if !f.Array && typ == Uint8 && (f.defType == Uint8 || f.kind == reflect.String) {
+ var tmp []byte
+ if f.kind == reflect.String {
+ tmp = []byte(val.String())
+ } else {
+ tmp = val.Bytes()
+ }
+ copy(buf, tmp)
+ if end < length {
+ // TODO: allow configuring pad byte?
+ rep := bytes.Repeat([]byte{0}, length-end)
+ copy(buf[end:], rep)
+ return length, nil
+ }
+ return val.Len(), nil
+ }
+ pos := 0
+ var zero reflect.Value
+ if end < length {
+ zero = reflect.Zero(val.Type().Elem())
+ }
+ for i := 0; i < length; i++ {
+ cur := zero
+ if i < end {
+ cur = val.Index(i)
+ }
+ if n, err := f.packVal(buf[pos:], cur, 1, options); err != nil {
+ return pos, err
+ } else {
+ pos += n
+ }
+ }
+ return pos, nil
+ } else {
+ return f.packVal(buf, val, length, options)
+ }
+}
+
+func (f *Field) unpackVal(buf []byte, val reflect.Value, length int, options *Options) error {
+ order := f.Order
+ if options.Order != nil {
+ order = options.Order
+ }
+ if f.Ptr {
+ val = val.Elem()
+ }
+ typ := f.Type.Resolve(options)
+ switch typ {
+ case Float32, Float64:
+ var n float64
+ switch typ {
+ case Float32:
+ n = float64(math.Float32frombits(order.Uint32(buf)))
+ case Float64:
+ n = math.Float64frombits(order.Uint64(buf))
+ }
+ switch f.kind {
+ case reflect.Float32, reflect.Float64:
+ val.SetFloat(n)
+ default:
+ return fmt.Errorf("struc: refusing to unpack float into field %s of type %s", f.Name, f.kind.String())
+ }
+ case Bool, Int8, Int16, Int32, Int64, Uint8, Uint16, Uint32, Uint64:
+ var n uint64
+ switch typ {
+ case Int8:
+ n = uint64(int64(int8(buf[0])))
+ case Int16:
+ n = uint64(int64(int16(order.Uint16(buf))))
+ case Int32:
+ n = uint64(int64(int32(order.Uint32(buf))))
+ case Int64:
+ n = uint64(int64(order.Uint64(buf)))
+ case Bool, Uint8:
+ n = uint64(buf[0])
+ case Uint16:
+ n = uint64(order.Uint16(buf))
+ case Uint32:
+ n = uint64(order.Uint32(buf))
+ case Uint64:
+ n = uint64(order.Uint64(buf))
+ }
+ switch f.kind {
+ case reflect.Bool:
+ val.SetBool(n != 0)
+ case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+ val.SetInt(int64(n))
+ default:
+ val.SetUint(n)
+ }
+ default:
+ panic(fmt.Sprintf("no unpack handler for type: %s", typ))
+ }
+ return nil
+}
+
+func (f *Field) Unpack(buf []byte, val reflect.Value, length int, options *Options) error {
+ typ := f.Type.Resolve(options)
+ if typ == Pad || f.kind == reflect.String {
+ if typ == Pad {
+ return nil
+ } else {
+ val.SetString(string(buf))
+ return nil
+ }
+ } else if f.Slice {
+ if val.Cap() < length {
+ val.Set(reflect.MakeSlice(val.Type(), length, length))
+ } else if val.Len() < length {
+ val.Set(val.Slice(0, length))
+ }
+ // special case byte slices for performance
+ if !f.Array && typ == Uint8 && f.defType == Uint8 {
+ copy(val.Bytes(), buf[:length])
+ return nil
+ }
+ pos := 0
+ size := typ.Size()
+ for i := 0; i < length; i++ {
+ if err := f.unpackVal(buf[pos:pos+size], val.Index(i), 1, options); err != nil {
+ return err
+ }
+ pos += size
+ }
+ return nil
+ } else {
+ return f.unpackVal(buf, val, length, options)
+ }
+}
diff --git a/vendor/github.com/lunixbochs/struc/fields.go b/vendor/github.com/lunixbochs/struc/fields.go
new file mode 100644
index 00000000..5d591bf0
--- /dev/null
+++ b/vendor/github.com/lunixbochs/struc/fields.go
@@ -0,0 +1,172 @@
+package struc
+
+import (
+ "encoding/binary"
+ "fmt"
+ "io"
+ "reflect"
+ "strings"
+)
+
+type Fields []*Field
+
+func (f Fields) SetByteOrder(order binary.ByteOrder) {
+ for _, field := range f {
+ if field != nil {
+ field.Order = order
+ }
+ }
+}
+
+func (f Fields) String() string {
+ fields := make([]string, len(f))
+ for i, field := range f {
+ if field != nil {
+ fields[i] = field.String()
+ }
+ }
+ return "{" + strings.Join(fields, ", ") + "}"
+}
+
+func (f Fields) Sizeof(val reflect.Value, options *Options) int {
+ for val.Kind() == reflect.Ptr {
+ val = val.Elem()
+ }
+ size := 0
+ for i, field := range f {
+ if field != nil {
+ size += field.Size(val.Field(i), options)
+ }
+ }
+ return size
+}
+
+func (f Fields) sizefrom(val reflect.Value, index []int) int {
+ field := val.FieldByIndex(index)
+ switch field.Kind() {
+ case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+ return int(field.Int())
+ case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+ n := int(field.Uint())
+ // all the builtin array length types are native int
+ // so this guards against weird truncation
+ if n < 0 {
+ return 0
+ }
+ return n
+ default:
+ name := val.Type().FieldByIndex(index).Name
+ panic(fmt.Sprintf("sizeof field %T.%s not an integer type", val.Interface(), name))
+ }
+}
+
+func (f Fields) Pack(buf []byte, val reflect.Value, options *Options) (int, error) {
+ for val.Kind() == reflect.Ptr {
+ val = val.Elem()
+ }
+ pos := 0
+ for i, field := range f {
+ if field == nil {
+ continue
+ }
+ v := val.Field(i)
+ length := field.Len
+ if field.Sizefrom != nil {
+ length = f.sizefrom(val, field.Sizefrom)
+ }
+ if length <= 0 && field.Slice {
+ length = v.Len()
+ }
+ if field.Sizeof != nil {
+ length := val.FieldByIndex(field.Sizeof).Len()
+ switch field.kind {
+ case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+ // allocating a new int here has fewer side effects (doesn't update the original struct)
+ // but it's a wasteful allocation
+ // the old method might work if we just cast the temporary int/uint to the target type
+ v = reflect.New(v.Type()).Elem()
+ v.SetInt(int64(length))
+ case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+ v = reflect.New(v.Type()).Elem()
+ v.SetUint(uint64(length))
+ default:
+ panic(fmt.Sprintf("sizeof field is not int or uint type: %s, %s", field.Name, v.Type()))
+ }
+ }
+ if n, err := field.Pack(buf[pos:], v, length, options); err != nil {
+ return n, err
+ } else {
+ pos += n
+ }
+ }
+ return pos, nil
+}
+
+func (f Fields) Unpack(r io.Reader, val reflect.Value, options *Options) error {
+ for val.Kind() == reflect.Ptr {
+ val = val.Elem()
+ }
+ var tmp [8]byte
+ var buf []byte
+ for i, field := range f {
+ if field == nil {
+ continue
+ }
+ v := val.Field(i)
+ length := field.Len
+ if field.Sizefrom != nil {
+ length = f.sizefrom(val, field.Sizefrom)
+ }
+ if v.Kind() == reflect.Ptr && !v.Elem().IsValid() {
+ v.Set(reflect.New(v.Type().Elem()))
+ }
+ if field.Type == Struct {
+ if field.Slice {
+ vals := reflect.MakeSlice(v.Type(), length, length)
+ for i := 0; i < length; i++ {
+ v := vals.Index(i)
+ fields, err := parseFields(v)
+ if err != nil {
+ return err
+ }
+ if err := fields.Unpack(r, v, options); err != nil {
+ return err
+ }
+ }
+ v.Set(vals)
+ } else {
+ // TODO: DRY (we repeat the inner loop above)
+ fields, err := parseFields(v)
+ if err != nil {
+ return err
+ }
+ if err := fields.Unpack(r, v, options); err != nil {
+ return err
+ }
+ }
+ continue
+ } else {
+ typ := field.Type.Resolve(options)
+ if typ == CustomType {
+ if err := v.Addr().Interface().(Custom).Unpack(r, length, options); err != nil {
+ return err
+ }
+ } else {
+ size := length * field.Type.Resolve(options).Size()
+ if size < 8 {
+ buf = tmp[:size]
+ } else {
+ buf = make([]byte, size)
+ }
+ if _, err := io.ReadFull(r, buf); err != nil {
+ return err
+ }
+ err := field.Unpack(buf[:size], v, length, options)
+ if err != nil {
+ return err
+ }
+ }
+ }
+ }
+ return nil
+}
diff --git a/vendor/github.com/lunixbochs/struc/legacy.go b/vendor/github.com/lunixbochs/struc/legacy.go
new file mode 100644
index 00000000..5baf70d9
--- /dev/null
+++ b/vendor/github.com/lunixbochs/struc/legacy.go
@@ -0,0 +1,16 @@
+package struc
+
+import (
+ "encoding/binary"
+ "io"
+)
+
+// Deprecated. Use PackWithOptions.
+func PackWithOrder(w io.Writer, data interface{}, order binary.ByteOrder) error {
+ return PackWithOptions(w, data, &Options{Order: order})
+}
+
+// Deprecated. Use UnpackWithOptions.
+func UnpackWithOrder(r io.Reader, data interface{}, order binary.ByteOrder) error {
+ return UnpackWithOptions(r, data, &Options{Order: order})
+}
diff --git a/vendor/github.com/lunixbochs/struc/packer.go b/vendor/github.com/lunixbochs/struc/packer.go
new file mode 100644
index 00000000..a3a91a22
--- /dev/null
+++ b/vendor/github.com/lunixbochs/struc/packer.go
@@ -0,0 +1,13 @@
+package struc
+
+import (
+ "io"
+ "reflect"
+)
+
+type Packer interface {
+ Pack(buf []byte, val reflect.Value, options *Options) (int, error)
+ Unpack(r io.Reader, val reflect.Value, options *Options) error
+ Sizeof(val reflect.Value, options *Options) int
+ String() string
+}
diff --git a/vendor/github.com/lunixbochs/struc/parse.go b/vendor/github.com/lunixbochs/struc/parse.go
new file mode 100644
index 00000000..43c5875f
--- /dev/null
+++ b/vendor/github.com/lunixbochs/struc/parse.go
@@ -0,0 +1,230 @@
+package struc
+
+import (
+ "encoding/binary"
+ "errors"
+ "fmt"
+ "reflect"
+ "regexp"
+ "strconv"
+ "strings"
+ "sync"
+)
+
+// struc:"int32,big,sizeof=Data,skip,sizefrom=Len"
+
+type strucTag struct {
+ Type string
+ Order binary.ByteOrder
+ Sizeof string
+ Skip bool
+ Sizefrom string
+}
+
+func parseStrucTag(tag reflect.StructTag) *strucTag {
+ t := &strucTag{
+ Order: binary.BigEndian,
+ }
+ tagStr := tag.Get("struc")
+ if tagStr == "" {
+ // someone's going to typo this (I already did once)
+ // sorry if you made a module actually using this tag
+ // and you're mad at me now
+ tagStr = tag.Get("struct")
+ }
+ for _, s := range strings.Split(tagStr, ",") {
+ if strings.HasPrefix(s, "sizeof=") {
+ tmp := strings.SplitN(s, "=", 2)
+ t.Sizeof = tmp[1]
+ } else if strings.HasPrefix(s, "sizefrom=") {
+ tmp := strings.SplitN(s, "=", 2)
+ t.Sizefrom = tmp[1]
+ } else if s == "big" {
+ t.Order = binary.BigEndian
+ } else if s == "little" {
+ t.Order = binary.LittleEndian
+ } else if s == "skip" {
+ t.Skip = true
+ } else {
+ t.Type = s
+ }
+ }
+ return t
+}
+
+var typeLenRe = regexp.MustCompile(`^\[(\d*)\]`)
+
+func parseField(f reflect.StructField) (fd *Field, tag *strucTag, err error) {
+ tag = parseStrucTag(f.Tag)
+ var ok bool
+ fd = &Field{
+ Name: f.Name,
+ Len: 1,
+ Order: tag.Order,
+ Slice: false,
+ kind: f.Type.Kind(),
+ }
+ switch fd.kind {
+ case reflect.Array:
+ fd.Slice = true
+ fd.Array = true
+ fd.Len = f.Type.Len()
+ fd.kind = f.Type.Elem().Kind()
+ case reflect.Slice:
+ fd.Slice = true
+ fd.Len = -1
+ fd.kind = f.Type.Elem().Kind()
+ case reflect.Ptr:
+ fd.Ptr = true
+ fd.kind = f.Type.Elem().Kind()
+ }
+ // check for custom types
+ tmp := reflect.New(f.Type)
+ if _, ok := tmp.Interface().(Custom); ok {
+ fd.Type = CustomType
+ return
+ }
+ var defTypeOk bool
+ fd.defType, defTypeOk = reflectTypeMap[fd.kind]
+ // find a type in the struct tag
+ pureType := typeLenRe.ReplaceAllLiteralString(tag.Type, "")
+ if fd.Type, ok = typeLookup[pureType]; ok {
+ fd.Len = 1
+ match := typeLenRe.FindAllStringSubmatch(tag.Type, -1)
+ if len(match) > 0 && len(match[0]) > 1 {
+ fd.Slice = true
+ first := match[0][1]
+ // Field.Len = -1 indicates a []slice
+ if first == "" {
+ fd.Len = -1
+ } else {
+ fd.Len, err = strconv.Atoi(first)
+ }
+ }
+ return
+ }
+ // the user didn't specify a type
+ switch f.Type {
+ case reflect.TypeOf(Size_t(0)):
+ fd.Type = SizeType
+ case reflect.TypeOf(Off_t(0)):
+ fd.Type = OffType
+ default:
+ if defTypeOk {
+ fd.Type = fd.defType
+ } else {
+ err = errors.New("struc: Could not find field type.")
+ }
+ }
+ return
+}
+
+func parseFieldsLocked(v reflect.Value) (Fields, error) {
+ // we need to repeat this logic because parseFields() below can't be recursively called due to locking
+ for v.Kind() == reflect.Ptr {
+ v = v.Elem()
+ }
+ t := v.Type()
+ if v.NumField() < 1 {
+ return nil, errors.New("struc: Struct has no fields.")
+ }
+ sizeofMap := make(map[string][]int)
+ fields := make(Fields, v.NumField())
+ for i := 0; i < t.NumField(); i++ {
+ field := t.Field(i)
+ f, tag, err := parseField(field)
+ if tag.Skip {
+ continue
+ }
+ if err != nil {
+ return nil, err
+ }
+ if !v.Field(i).CanSet() {
+ continue
+ }
+ f.Index = i
+ if tag.Sizeof != "" {
+ target, ok := t.FieldByName(tag.Sizeof)
+ if !ok {
+ return nil, fmt.Errorf("struc: `sizeof=%s` field does not exist", tag.Sizeof)
+ }
+ f.Sizeof = target.Index
+ sizeofMap[tag.Sizeof] = field.Index
+ }
+ if sizefrom, ok := sizeofMap[field.Name]; ok {
+ f.Sizefrom = sizefrom
+ }
+ if tag.Sizefrom != "" {
+ source, ok := t.FieldByName(tag.Sizefrom)
+ if !ok {
+ return nil, fmt.Errorf("struc: `sizefrom=%s` field does not exist", tag.Sizefrom)
+ }
+ f.Sizefrom = source.Index
+ }
+ if f.Len == -1 && f.Sizefrom == nil {
+ return nil, fmt.Errorf("struc: field `%s` is a slice with no length or sizeof field", field.Name)
+ }
+ // recurse into nested structs
+ // TODO: handle loops (probably by indirecting the []Field and putting pointer in cache)
+ if f.Type == Struct {
+ typ := field.Type
+ if f.Ptr {
+ typ = typ.Elem()
+ }
+ if f.Slice {
+ typ = typ.Elem()
+ }
+ f.Fields, err = parseFieldsLocked(reflect.New(typ))
+ if err != nil {
+ return nil, err
+ }
+ }
+ fields[i] = f
+ }
+ return fields, nil
+}
+
+var fieldCache = make(map[reflect.Type]Fields)
+var fieldCacheLock sync.RWMutex
+var parseLock sync.Mutex
+
+func fieldCacheLookup(t reflect.Type) Fields {
+ fieldCacheLock.RLock()
+ defer fieldCacheLock.RUnlock()
+ if cached, ok := fieldCache[t]; ok {
+ return cached
+ }
+ return nil
+}
+
+func parseFields(v reflect.Value) (Fields, error) {
+ for v.Kind() == reflect.Ptr {
+ v = v.Elem()
+ }
+ t := v.Type()
+
+ // fast path: hopefully the field parsing is already cached
+ if cached := fieldCacheLookup(t); cached != nil {
+ return cached, nil
+ }
+
+ // hold a global lock so multiple goroutines can't parse (the same) fields at once
+ parseLock.Lock()
+ defer parseLock.Unlock()
+
+ // check cache a second time, in case parseLock was just released by
+ // another thread who filled the cache for us
+ if cached := fieldCacheLookup(t); cached != nil {
+ return cached, nil
+ }
+
+ // no luck, time to parse and fill the cache ourselves
+ fields, err := parseFieldsLocked(v)
+ if err != nil {
+ return nil, err
+ }
+ fieldCacheLock.Lock()
+ fieldCache[t] = fields
+ fieldCacheLock.Unlock()
+ return fields, nil
+}
diff --git a/vendor/github.com/lunixbochs/struc/struc.go b/vendor/github.com/lunixbochs/struc/struc.go
new file mode 100644
index 00000000..3d85fe32
--- /dev/null
+++ b/vendor/github.com/lunixbochs/struc/struc.go
@@ -0,0 +1,117 @@
+package struc
+
+import (
+ "encoding/binary"
+ "fmt"
+ "io"
+ "reflect"
+)
+
+type Options struct {
+ ByteAlign int
+ PtrSize int
+ Order binary.ByteOrder
+}
+
+func (o *Options) Validate() error {
+ if o.PtrSize == 0 {
+ o.PtrSize = 32
+ } else {
+ switch o.PtrSize {
+ case 8, 16, 32, 64:
+ default:
+ return fmt.Errorf("Invalid Options.PtrSize: %d. Must be in (8, 16, 32, 64)", o.PtrSize)
+ }
+ }
+ return nil
+}
+
+var emptyOptions = &Options{}
+
+func prep(data interface{}) (reflect.Value, Packer, error) {
+ value := reflect.ValueOf(data)
+ for value.Kind() == reflect.Ptr {
+ next := value.Elem().Kind()
+ if next == reflect.Struct || next == reflect.Ptr {
+ value = value.Elem()
+ } else {
+ break
+ }
+ }
+ switch value.Kind() {
+ case reflect.Struct:
+ fields, err := parseFields(value)
+ return value, fields, err
+ default:
+ if !value.IsValid() {
+ return reflect.Value{}, nil, fmt.Errorf("Invalid reflect.Value for %+v", data)
+ }
+ if c, ok := data.(Custom); ok {
+ return value, customFallback{c}, nil
+ }
+ return value, binaryFallback(value), nil
+ }
+}
+
+func Pack(w io.Writer, data interface{}) error {
+ return PackWithOptions(w, data, nil)
+}
+
+func PackWithOptions(w io.Writer, data interface{}, options *Options) error {
+ if options == nil {
+ options = emptyOptions
+ }
+ if err := options.Validate(); err != nil {
+ return err
+ }
+ val, packer, err := prep(data)
+ if err != nil {
+ return err
+ }
+ if val.Type().Kind() == reflect.String {
+ val = val.Convert(reflect.TypeOf([]byte{}))
+ }
+ size := packer.Sizeof(val, options)
+ buf := make([]byte, size)
+ if _, err := packer.Pack(buf, val, options); err != nil {
+ return err
+ }
+ _, err = w.Write(buf)
+ return err
+}
+
+func Unpack(r io.Reader, data interface{}) error {
+ return UnpackWithOptions(r, data, nil)
+}
+
+func UnpackWithOptions(r io.Reader, data interface{}, options *Options) error {
+ if options == nil {
+ options = emptyOptions
+ }
+ if err := options.Validate(); err != nil {
+ return err
+ }
+ val, packer, err := prep(data)
+ if err != nil {
+ return err
+ }
+ return packer.Unpack(r, val, options)
+}
+
+func Sizeof(data interface{}) (int, error) {
+ return SizeofWithOptions(data, nil)
+}
+
+func SizeofWithOptions(data interface{}, options *Options) (int, error) {
+ if options == nil {
+ options = emptyOptions
+ }
+ if err := options.Validate(); err != nil {
+ return 0, err
+ }
+ val, packer, err := prep(data)
+ if err != nil {
+ return 0, err
+ }
+ return packer.Sizeof(val, options), nil
+}
diff --git a/vendor/github.com/lunixbochs/struc/types.go b/vendor/github.com/lunixbochs/struc/types.go
new file mode 100644
index 00000000..6ca97f48
--- /dev/null
+++ b/vendor/github.com/lunixbochs/struc/types.go
@@ -0,0 +1,136 @@
+package struc
+
+import (
+ "fmt"
+ "reflect"
+)
+
+type Type int
+
+const (
+ Invalid Type = iota
+ Pad
+ Bool
+ Int
+ Int8
+ Uint8
+ Int16
+ Uint16
+ Int32
+ Uint32
+ Int64
+ Uint64
+ Float32
+ Float64
+ String
+ Struct
+ Ptr
+
+ SizeType
+ OffType
+ CustomType
+)
+
+func (t Type) Resolve(options *Options) Type {
+ switch t {
+ case OffType:
+ switch options.PtrSize {
+ case 8:
+ return Int8
+ case 16:
+ return Int16
+ case 32:
+ return Int32
+ case 64:
+ return Int64
+ default:
+ panic(fmt.Sprintf("unsupported ptr bits: %d", options.PtrSize))
+ }
+ case SizeType:
+ switch options.PtrSize {
+ case 8:
+ return Uint8
+ case 16:
+ return Uint16
+ case 32:
+ return Uint32
+ case 64:
+ return Uint64
+ default:
+ panic(fmt.Sprintf("unsupported ptr bits: %d", options.PtrSize))
+ }
+ }
+ return t
+}
+
+func (t Type) String() string {
+ return typeNames[t]
+}
+
+func (t Type) Size() int {
+ switch t {
+ case SizeType, OffType:
+ panic("Size_t/Off_t types must be converted to another type using options.PtrSize")
+ case Pad, String, Int8, Uint8, Bool:
+ return 1
+ case Int16, Uint16:
+ return 2
+ case Int32, Uint32, Float32:
+ return 4
+ case Int64, Uint64, Float64:
+ return 8
+ default:
+ panic("Cannot resolve size of type:" + t.String())
+ }
+}
+
+var typeLookup = map[string]Type{
+ "pad": Pad,
+ "bool": Bool,
+ "byte": Uint8,
+ "int8": Int8,
+ "uint8": Uint8,
+ "int16": Int16,
+ "uint16": Uint16,
+ "int32": Int32,
+ "uint32": Uint32,
+ "int64": Int64,
+ "uint64": Uint64,
+ "float32": Float32,
+ "float64": Float64,
+
+ "size_t": SizeType,
+ "off_t": OffType,
+}
+
+var typeNames = map[Type]string{
+ CustomType: "Custom",
+}
+
+func init() {
+ for name, enum := range typeLookup {
+ typeNames[enum] = name
+ }
+}
+
+type Size_t uint64
+type Off_t int64
+
+var reflectTypeMap = map[reflect.Kind]Type{
+ reflect.Bool: Bool,
+ reflect.Int8: Int8,
+ reflect.Int16: Int16,
+ reflect.Int: Int32,
+ reflect.Int32: Int32,
+ reflect.Int64: Int64,
+ reflect.Uint8: Uint8,
+ reflect.Uint16: Uint16,
+ reflect.Uint: Uint32,
+ reflect.Uint32: Uint32,
+ reflect.Uint64: Uint64,
+ reflect.Float32: Float32,
+ reflect.Float64: Float64,
+ reflect.String: String,
+ reflect.Struct: Struct,
+ reflect.Ptr: Ptr,
+}
diff --git a/vendor/golang.org/x/crypto/argon2/argon2.go b/vendor/golang.org/x/crypto/argon2/argon2.go
new file mode 100644
index 00000000..b423feae
--- /dev/null
+++ b/vendor/golang.org/x/crypto/argon2/argon2.go
@@ -0,0 +1,285 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package argon2 implements the key derivation function Argon2.
+// Argon2 was selected as the winner of the Password Hashing Competition and can
+// be used to derive cryptographic keys from passwords.
+//
+// For a detailed specification of Argon2 see [1].
+//
+// If you aren't sure which function you need, use Argon2id (IDKey) and
+// the parameter recommendations for your scenario.
+//
+//
+// Argon2i
+//
+// Argon2i (implemented by Key) is the side-channel resistant version of Argon2.
+// It uses data-independent memory access, which is preferred for password
+// hashing and password-based key derivation. Argon2i requires more passes over
+// memory than Argon2id to protect from trade-off attacks. The recommended
+// parameters (taken from [2]) for non-interactive operations are time=3 and to
+// use the maximum available memory.
+//
+//
+// Argon2id
+//
+// Argon2id (implemented by IDKey) is a hybrid version of Argon2 combining
+// Argon2i and Argon2d. It uses data-independent memory access for the first
+// half of the first iteration over the memory and data-dependent memory access
+// for the rest. Argon2id is side-channel resistant and provides better brute-
+// force cost savings due to time-memory tradeoffs than Argon2i. The recommended
+// parameters for non-interactive operations (taken from [2]) are time=1 and to
+// use the maximum available memory.
+//
+// [1] https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf
+// [2] https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03#section-9.3
+package argon2
+
+import (
+ "encoding/binary"
+ "sync"
+
+ "golang.org/x/crypto/blake2b"
+)
+
+// The Argon2 version implemented by this package.
+const Version = 0x13
+
+const (
+ argon2d = iota
+ argon2i
+ argon2id
+)
+
+// Key derives a key from the password, salt, and cost parameters using Argon2i
+// returning a byte slice of length keyLen that can be used as cryptographic
+// key. The CPU cost and parallelism degree must be greater than zero.
+//
+// For example, you can get a derived key for e.g. AES-256 (which needs a
+// 32-byte key) by doing:
+//
+// key := argon2.Key([]byte("some password"), salt, 3, 32*1024, 4, 32)
+//
+// The draft RFC recommends[2] time=3, and memory=32*1024 is a sensible number.
+// If using that amount of memory (32 MB) is not possible in some contexts then
+// the time parameter can be increased to compensate.
+//
+// The time parameter specifies the number of passes over the memory and the
+// memory parameter specifies the size of the memory in KiB. For example
+// memory=32*1024 sets the memory cost to ~32 MB. The number of threads can be
+// adjusted to the number of available CPUs. The cost parameters should be
+// increased as memory latency and CPU parallelism increases. Remember to get a
+// good random salt.
+func Key(password, salt []byte, time, memory uint32, threads uint8, keyLen uint32) []byte {
+ return deriveKey(argon2i, password, salt, nil, nil, time, memory, threads, keyLen)
+}
+
+// IDKey derives a key from the password, salt, and cost parameters using
+// Argon2id returning a byte slice of length keyLen that can be used as
+// cryptographic key. The CPU cost and parallelism degree must be greater than
+// zero.
+//
+// For example, you can get a derived key for e.g. AES-256 (which needs a
+// 32-byte key) by doing:
+//
+// key := argon2.IDKey([]byte("some password"), salt, 1, 64*1024, 4, 32)
+//
+// The draft RFC recommends[2] time=1, and memory=64*1024 is a sensible number.
+// If using that amount of memory (64 MB) is not possible in some contexts then
+// the time parameter can be increased to compensate.
+//
+// The time parameter specifies the number of passes over the memory and the
+// memory parameter specifies the size of the memory in KiB. For example
+// memory=64*1024 sets the memory cost to ~64 MB. The number of threads can be
+// adjusted to the numbers of available CPUs. The cost parameters should be
+// increased as memory latency and CPU parallelism increases. Remember to get a
+// good random salt.
+func IDKey(password, salt []byte, time, memory uint32, threads uint8, keyLen uint32) []byte {
+ return deriveKey(argon2id, password, salt, nil, nil, time, memory, threads, keyLen)
+}
+
+func deriveKey(mode int, password, salt, secret, data []byte, time, memory uint32, threads uint8, keyLen uint32) []byte {
+ if time < 1 {
+ panic("argon2: number of rounds too small")
+ }
+ if threads < 1 {
+ panic("argon2: parallelism degree too low")
+ }
+ h0 := initHash(password, salt, secret, data, time, memory, uint32(threads), keyLen, mode)
+
+ memory = memory / (syncPoints * uint32(threads)) * (syncPoints * uint32(threads))
+ if memory < 2*syncPoints*uint32(threads) {
+ memory = 2 * syncPoints * uint32(threads)
+ }
+ B := initBlocks(&h0, memory, uint32(threads))
+ processBlocks(B, time, memory, uint32(threads), mode)
+ return extractKey(B, memory, uint32(threads), keyLen)
+}
+
+const (
+ blockLength = 128
+ syncPoints = 4
+)
+
+type block [blockLength]uint64
+
+func initHash(password, salt, key, data []byte, time, memory, threads, keyLen uint32, mode int) [blake2b.Size + 8]byte {
+ var (
+ h0 [blake2b.Size + 8]byte
+ params [24]byte
+ tmp [4]byte
+ )
+
+ b2, _ := blake2b.New512(nil)
+ binary.LittleEndian.PutUint32(params[0:4], threads)
+ binary.LittleEndian.PutUint32(params[4:8], keyLen)
+ binary.LittleEndian.PutUint32(params[8:12], memory)
+ binary.LittleEndian.PutUint32(params[12:16], time)
+ binary.LittleEndian.PutUint32(params[16:20], uint32(Version))
+ binary.LittleEndian.PutUint32(params[20:24], uint32(mode))
+ b2.Write(params[:])
+ binary.LittleEndian.PutUint32(tmp[:], uint32(len(password)))
+ b2.Write(tmp[:])
+ b2.Write(password)
+ binary.LittleEndian.PutUint32(tmp[:], uint32(len(salt)))
+ b2.Write(tmp[:])
+ b2.Write(salt)
+ binary.LittleEndian.PutUint32(tmp[:], uint32(len(key)))
+ b2.Write(tmp[:])
+ b2.Write(key)
+ binary.LittleEndian.PutUint32(tmp[:], uint32(len(data)))
+ b2.Write(tmp[:])
+ b2.Write(data)
+ b2.Sum(h0[:0])
+ return h0
+}
+
+func initBlocks(h0 *[blake2b.Size + 8]byte, memory, threads uint32) []block {
+ var block0 [1024]byte
+ B := make([]block, memory)
+ for lane := uint32(0); lane < threads; lane++ {
+ j := lane * (memory / threads)
+ binary.LittleEndian.PutUint32(h0[blake2b.Size+4:], lane)
+
+ binary.LittleEndian.PutUint32(h0[blake2b.Size:], 0)
+ blake2bHash(block0[:], h0[:])
+ for i := range B[j+0] {
+ B[j+0][i] = binary.LittleEndian.Uint64(block0[i*8:])
+ }
+
+ binary.LittleEndian.PutUint32(h0[blake2b.Size:], 1)
+ blake2bHash(block0[:], h0[:])
+ for i := range B[j+1] {
+ B[j+1][i] = binary.LittleEndian.Uint64(block0[i*8:])
+ }
+ }
+ return B
+}
+
+func processBlocks(B []block, time, memory, threads uint32, mode int) {
+ lanes := memory / threads
+ segments := lanes / syncPoints
+
+ processSegment := func(n, slice, lane uint32, wg *sync.WaitGroup) {
+ var addresses, in, zero block
+ if mode == argon2i || (mode == argon2id && n == 0 && slice < syncPoints/2) {
+ in[0] = uint64(n)
+ in[1] = uint64(lane)
+ in[2] = uint64(slice)
+ in[3] = uint64(memory)
+ in[4] = uint64(time)
+ in[5] = uint64(mode)
+ }
+
+ index := uint32(0)
+ if n == 0 && slice == 0 {
+ index = 2 // we have already generated the first two blocks
+ if mode == argon2i || mode == argon2id {
+ in[6]++
+ processBlock(&addresses, &in, &zero)
+ processBlock(&addresses, &addresses, &zero)
+ }
+ }
+
+ offset := lane*lanes + slice*segments + index
+ var random uint64
+ for index < segments {
+ prev := offset - 1
+ if index == 0 && slice == 0 {
+ prev += lanes // last block in lane
+ }
+ if mode == argon2i || (mode == argon2id && n == 0 && slice < syncPoints/2) {
+ if index%blockLength == 0 {
+ in[6]++
+ processBlock(&addresses, &in, &zero)
+ processBlock(&addresses, &addresses, &zero)
+ }
+ random = addresses[index%blockLength]
+ } else {
+ random = B[prev][0]
+ }
+ newOffset := indexAlpha(random, lanes, segments, threads, n, slice, lane, index)
+ processBlockXOR(&B[offset], &B[prev], &B[newOffset])
+ index, offset = index+1, offset+1
+ }
+ wg.Done()
+ }
+
+ for n := uint32(0); n < time; n++ {
+ for slice := uint32(0); slice < syncPoints; slice++ {
+ var wg sync.WaitGroup
+ for lane := uint32(0); lane < threads; lane++ {
+ wg.Add(1)
+ go processSegment(n, slice, lane, &wg)
+ }
+ wg.Wait()
+ }
+ }
+
+}
+
+func extractKey(B []block, memory, threads, keyLen uint32) []byte {
+ lanes := memory / threads
+ for lane := uint32(0); lane < threads-1; lane++ {
+ for i, v := range B[(lane*lanes)+lanes-1] {
+ B[memory-1][i] ^= v
+ }
+ }
+
+ var block [1024]byte
+ for i, v := range B[memory-1] {
+ binary.LittleEndian.PutUint64(block[i*8:], v)
+ }
+ key := make([]byte, keyLen)
+ blake2bHash(key, block[:])
+ return key
+}
+
+func indexAlpha(rand uint64, lanes, segments, threads, n, slice, lane, index uint32) uint32 {
+ refLane := uint32(rand>>32) % threads
+ if n == 0 && slice == 0 {
+ refLane = lane
+ }
+ m, s := 3*segments, ((slice+1)%syncPoints)*segments
+ if lane == refLane {
+ m += index
+ }
+ if n == 0 {
+ m, s = slice*segments, 0
+ if slice == 0 || lane == refLane {
+ m += index
+ }
+ }
+ if index == 0 || lane == refLane {
+ m--
+ }
+ return phi(rand, uint64(m), uint64(s), refLane, lanes)
+}
+
+func phi(rand, m, s uint64, lane, lanes uint32) uint32 {
+ p := rand & 0xFFFFFFFF
+ p = (p * p) >> 32
+ p = (p * m) >> 32
+ return lane*lanes + uint32((s+m-(p+1))%uint64(lanes))
+}
diff --git a/vendor/golang.org/x/crypto/argon2/blake2b.go b/vendor/golang.org/x/crypto/argon2/blake2b.go
new file mode 100644
index 00000000..10f46948
--- /dev/null
+++ b/vendor/golang.org/x/crypto/argon2/blake2b.go
@@ -0,0 +1,53 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package argon2
+
+import (
+ "encoding/binary"
+ "hash"
+
+ "golang.org/x/crypto/blake2b"
+)
+
+// blake2bHash computes an arbitrary long hash value of in
+// and writes the hash to out.
+func blake2bHash(out []byte, in []byte) {
+ var b2 hash.Hash
+ if n := len(out); n < blake2b.Size {
+ b2, _ = blake2b.New(n, nil)
+ } else {
+ b2, _ = blake2b.New512(nil)
+ }
+
+ var buffer [blake2b.Size]byte
+ binary.LittleEndian.PutUint32(buffer[:4], uint32(len(out)))
+ b2.Write(buffer[:4])
+ b2.Write(in)
+
+ if len(out) <= blake2b.Size {
+ b2.Sum(out[:0])
+ return
+ }
+
+ outLen := len(out)
+ b2.Sum(buffer[:0])
+ b2.Reset()
+ copy(out, buffer[:32])
+ out = out[32:]
+ for len(out) > blake2b.Size {
+ b2.Write(buffer[:])
+ b2.Sum(buffer[:0])
+ copy(out, buffer[:32])
+ out = out[32:]
+ b2.Reset()
+ }
+
+ if outLen%blake2b.Size > 0 { // outLen > 64
+ r := ((outLen + 31) / 32) - 2 // ⌈τ /32⌉-2
+ b2, _ = blake2b.New(outLen-32*r, nil)
+ }
+ b2.Write(buffer[:])
+ b2.Sum(out[:0])
+}
diff --git a/vendor/golang.org/x/crypto/argon2/blamka_amd64.go b/vendor/golang.org/x/crypto/argon2/blamka_amd64.go
new file mode 100644
index 00000000..2fc1ec03
--- /dev/null
+++ b/vendor/golang.org/x/crypto/argon2/blamka_amd64.go
@@ -0,0 +1,60 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!gccgo,!appengine
+
+package argon2
+
+import "golang.org/x/sys/cpu"
+
+func init() {
+ useSSE4 = cpu.X86.HasSSE41
+}
+
+//go:noescape
+func mixBlocksSSE2(out, a, b, c *block)
+
+//go:noescape
+func xorBlocksSSE2(out, a, b, c *block)
+
+//go:noescape
+func blamkaSSE4(b *block)
+
+func processBlockSSE(out, in1, in2 *block, xor bool) {
+ var t block
+ mixBlocksSSE2(&t, in1, in2, &t)
+ if useSSE4 {
+ blamkaSSE4(&t)
+ } else {
+ for i := 0; i < blockLength; i += 16 {
+ blamkaGeneric(
+ &t[i+0], &t[i+1], &t[i+2], &t[i+3],
+ &t[i+4], &t[i+5], &t[i+6], &t[i+7],
+ &t[i+8], &t[i+9], &t[i+10], &t[i+11],
+ &t[i+12], &t[i+13], &t[i+14], &t[i+15],
+ )
+ }
+ for i := 0; i < blockLength/8; i += 2 {
+ blamkaGeneric(
+ &t[i], &t[i+1], &t[16+i], &t[16+i+1],
+ &t[32+i], &t[32+i+1], &t[48+i], &t[48+i+1],
+ &t[64+i], &t[64+i+1], &t[80+i], &t[80+i+1],
+ &t[96+i], &t[96+i+1], &t[112+i], &t[112+i+1],
+ )
+ }
+ }
+ if xor {
+ xorBlocksSSE2(out, in1, in2, &t)
+ } else {
+ mixBlocksSSE2(out, in1, in2, &t)
+ }
+}
+
+func processBlock(out, in1, in2 *block) {
+ processBlockSSE(out, in1, in2, false)
+}
+
+func processBlockXOR(out, in1, in2 *block) {
+ processBlockSSE(out, in1, in2, true)
+}
diff --git a/vendor/golang.org/x/crypto/argon2/blamka_amd64.s b/vendor/golang.org/x/crypto/argon2/blamka_amd64.s
new file mode 100644
index 00000000..74a6e733
--- /dev/null
+++ b/vendor/golang.org/x/crypto/argon2/blamka_amd64.s
@@ -0,0 +1,243 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!gccgo,!appengine
+
+#include "textflag.h"
+
+DATA ·c40<>+0x00(SB)/8, $0x0201000706050403
+DATA ·c40<>+0x08(SB)/8, $0x0a09080f0e0d0c0b
+GLOBL ·c40<>(SB), (NOPTR+RODATA), $16
+
+DATA ·c48<>+0x00(SB)/8, $0x0100070605040302
+DATA ·c48<>+0x08(SB)/8, $0x09080f0e0d0c0b0a
+GLOBL ·c48<>(SB), (NOPTR+RODATA), $16
+
+#define SHUFFLE(v2, v3, v4, v5, v6, v7, t1, t2) \
+ MOVO v4, t1; \
+ MOVO v5, v4; \
+ MOVO t1, v5; \
+ MOVO v6, t1; \
+ PUNPCKLQDQ v6, t2; \
+ PUNPCKHQDQ v7, v6; \
+ PUNPCKHQDQ t2, v6; \
+ PUNPCKLQDQ v7, t2; \
+ MOVO t1, v7; \
+ MOVO v2, t1; \
+ PUNPCKHQDQ t2, v7; \
+ PUNPCKLQDQ v3, t2; \
+ PUNPCKHQDQ t2, v2; \
+ PUNPCKLQDQ t1, t2; \
+ PUNPCKHQDQ t2, v3
+
+#define SHUFFLE_INV(v2, v3, v4, v5, v6, v7, t1, t2) \
+ MOVO v4, t1; \
+ MOVO v5, v4; \
+ MOVO t1, v5; \
+ MOVO v2, t1; \
+ PUNPCKLQDQ v2, t2; \
+ PUNPCKHQDQ v3, v2; \
+ PUNPCKHQDQ t2, v2; \
+ PUNPCKLQDQ v3, t2; \
+ MOVO t1, v3; \
+ MOVO v6, t1; \
+ PUNPCKHQDQ t2, v3; \
+ PUNPCKLQDQ v7, t2; \
+ PUNPCKHQDQ t2, v6; \
+ PUNPCKLQDQ t1, t2; \
+ PUNPCKHQDQ t2, v7
+
+#define HALF_ROUND(v0, v1, v2, v3, v4, v5, v6, v7, t0, c40, c48) \
+ MOVO v0, t0; \
+ PMULULQ v2, t0; \
+ PADDQ v2, v0; \
+ PADDQ t0, v0; \
+ PADDQ t0, v0; \
+ PXOR v0, v6; \
+ PSHUFD $0xB1, v6, v6; \
+ MOVO v4, t0; \
+ PMULULQ v6, t0; \
+ PADDQ v6, v4; \
+ PADDQ t0, v4; \
+ PADDQ t0, v4; \
+ PXOR v4, v2; \
+ PSHUFB c40, v2; \
+ MOVO v0, t0; \
+ PMULULQ v2, t0; \
+ PADDQ v2, v0; \
+ PADDQ t0, v0; \
+ PADDQ t0, v0; \
+ PXOR v0, v6; \
+ PSHUFB c48, v6; \
+ MOVO v4, t0; \
+ PMULULQ v6, t0; \
+ PADDQ v6, v4; \
+ PADDQ t0, v4; \
+ PADDQ t0, v4; \
+ PXOR v4, v2; \
+ MOVO v2, t0; \
+ PADDQ v2, t0; \
+ PSRLQ $63, v2; \
+ PXOR t0, v2; \
+ MOVO v1, t0; \
+ PMULULQ v3, t0; \
+ PADDQ v3, v1; \
+ PADDQ t0, v1; \
+ PADDQ t0, v1; \
+ PXOR v1, v7; \
+ PSHUFD $0xB1, v7, v7; \
+ MOVO v5, t0; \
+ PMULULQ v7, t0; \
+ PADDQ v7, v5; \
+ PADDQ t0, v5; \
+ PADDQ t0, v5; \
+ PXOR v5, v3; \
+ PSHUFB c40, v3; \
+ MOVO v1, t0; \
+ PMULULQ v3, t0; \
+ PADDQ v3, v1; \
+ PADDQ t0, v1; \
+ PADDQ t0, v1; \
+ PXOR v1, v7; \
+ PSHUFB c48, v7; \
+ MOVO v5, t0; \
+ PMULULQ v7, t0; \
+ PADDQ v7, v5; \
+ PADDQ t0, v5; \
+ PADDQ t0, v5; \
+ PXOR v5, v3; \
+ MOVO v3, t0; \
+ PADDQ v3, t0; \
+ PSRLQ $63, v3; \
+ PXOR t0, v3
+
+#define LOAD_MSG_0(block, off) \
+ MOVOU 8*(off+0)(block), X0; \
+ MOVOU 8*(off+2)(block), X1; \
+ MOVOU 8*(off+4)(block), X2; \
+ MOVOU 8*(off+6)(block), X3; \
+ MOVOU 8*(off+8)(block), X4; \
+ MOVOU 8*(off+10)(block), X5; \
+ MOVOU 8*(off+12)(block), X6; \
+ MOVOU 8*(off+14)(block), X7
+
+#define STORE_MSG_0(block, off) \
+ MOVOU X0, 8*(off+0)(block); \
+ MOVOU X1, 8*(off+2)(block); \
+ MOVOU X2, 8*(off+4)(block); \
+ MOVOU X3, 8*(off+6)(block); \
+ MOVOU X4, 8*(off+8)(block); \
+ MOVOU X5, 8*(off+10)(block); \
+ MOVOU X6, 8*(off+12)(block); \
+ MOVOU X7, 8*(off+14)(block)
+
+#define LOAD_MSG_1(block, off) \
+ MOVOU 8*off+0*8(block), X0; \
+ MOVOU 8*off+16*8(block), X1; \
+ MOVOU 8*off+32*8(block), X2; \
+ MOVOU 8*off+48*8(block), X3; \
+ MOVOU 8*off+64*8(block), X4; \
+ MOVOU 8*off+80*8(block), X5; \
+ MOVOU 8*off+96*8(block), X6; \
+ MOVOU 8*off+112*8(block), X7
+
+#define STORE_MSG_1(block, off) \
+ MOVOU X0, 8*off+0*8(block); \
+ MOVOU X1, 8*off+16*8(block); \
+ MOVOU X2, 8*off+32*8(block); \
+ MOVOU X3, 8*off+48*8(block); \
+ MOVOU X4, 8*off+64*8(block); \
+ MOVOU X5, 8*off+80*8(block); \
+ MOVOU X6, 8*off+96*8(block); \
+ MOVOU X7, 8*off+112*8(block)
+
+#define BLAMKA_ROUND_0(block, off, t0, t1, c40, c48) \
+ LOAD_MSG_0(block, off); \
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \
+ SHUFFLE(X2, X3, X4, X5, X6, X7, t0, t1); \
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \
+ SHUFFLE_INV(X2, X3, X4, X5, X6, X7, t0, t1); \
+ STORE_MSG_0(block, off)
+
+#define BLAMKA_ROUND_1(block, off, t0, t1, c40, c48) \
+ LOAD_MSG_1(block, off); \
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \
+ SHUFFLE(X2, X3, X4, X5, X6, X7, t0, t1); \
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \
+ SHUFFLE_INV(X2, X3, X4, X5, X6, X7, t0, t1); \
+ STORE_MSG_1(block, off)
+
+// func blamkaSSE4(b *block)
+TEXT ·blamkaSSE4(SB), 4, $0-8
+ MOVQ b+0(FP), AX
+
+ MOVOU ·c40<>(SB), X10
+ MOVOU ·c48<>(SB), X11
+
+ BLAMKA_ROUND_0(AX, 0, X8, X9, X10, X11)
+ BLAMKA_ROUND_0(AX, 16, X8, X9, X10, X11)
+ BLAMKA_ROUND_0(AX, 32, X8, X9, X10, X11)
+ BLAMKA_ROUND_0(AX, 48, X8, X9, X10, X11)
+ BLAMKA_ROUND_0(AX, 64, X8, X9, X10, X11)
+ BLAMKA_ROUND_0(AX, 80, X8, X9, X10, X11)
+ BLAMKA_ROUND_0(AX, 96, X8, X9, X10, X11)
+ BLAMKA_ROUND_0(AX, 112, X8, X9, X10, X11)
+
+ BLAMKA_ROUND_1(AX, 0, X8, X9, X10, X11)
+ BLAMKA_ROUND_1(AX, 2, X8, X9, X10, X11)
+ BLAMKA_ROUND_1(AX, 4, X8, X9, X10, X11)
+ BLAMKA_ROUND_1(AX, 6, X8, X9, X10, X11)
+ BLAMKA_ROUND_1(AX, 8, X8, X9, X10, X11)
+ BLAMKA_ROUND_1(AX, 10, X8, X9, X10, X11)
+ BLAMKA_ROUND_1(AX, 12, X8, X9, X10, X11)
+ BLAMKA_ROUND_1(AX, 14, X8, X9, X10, X11)
+ RET
+
+// func mixBlocksSSE2(out, a, b, c *block)
+TEXT ·mixBlocksSSE2(SB), 4, $0-32
+ MOVQ out+0(FP), DX
+ MOVQ a+8(FP), AX
+ MOVQ b+16(FP), BX
+ MOVQ a+24(FP), CX
+ MOVQ $128, BP
+
+loop:
+ MOVOU 0(AX), X0
+ MOVOU 0(BX), X1
+ MOVOU 0(CX), X2
+ PXOR X1, X0
+ PXOR X2, X0
+ MOVOU X0, 0(DX)
+ ADDQ $16, AX
+ ADDQ $16, BX
+ ADDQ $16, CX
+ ADDQ $16, DX
+ SUBQ $2, BP
+ JA loop
+ RET
+
+// func xorBlocksSSE2(out, a, b, c *block)
+TEXT ·xorBlocksSSE2(SB), 4, $0-32
+ MOVQ out+0(FP), DX
+ MOVQ a+8(FP), AX
+ MOVQ b+16(FP), BX
+ MOVQ a+24(FP), CX
+ MOVQ $128, BP
+
+loop:
+ MOVOU 0(AX), X0
+ MOVOU 0(BX), X1
+ MOVOU 0(CX), X2
+ MOVOU 0(DX), X3
+ PXOR X1, X0
+ PXOR X2, X0
+ PXOR X3, X0
+ MOVOU X0, 0(DX)
+ ADDQ $16, AX
+ ADDQ $16, BX
+ ADDQ $16, CX
+ ADDQ $16, DX
+ SUBQ $2, BP
+ JA loop
+ RET
diff --git a/vendor/golang.org/x/crypto/argon2/blamka_generic.go b/vendor/golang.org/x/crypto/argon2/blamka_generic.go
new file mode 100644
index 00000000..a481b224
--- /dev/null
+++ b/vendor/golang.org/x/crypto/argon2/blamka_generic.go
@@ -0,0 +1,163 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package argon2
+
+var useSSE4 bool
+
+func processBlockGeneric(out, in1, in2 *block, xor bool) {
+ var t block
+ for i := range t {
+ t[i] = in1[i] ^ in2[i]
+ }
+ for i := 0; i < blockLength; i += 16 {
+ blamkaGeneric(
+ &t[i+0], &t[i+1], &t[i+2], &t[i+3],
+ &t[i+4], &t[i+5], &t[i+6], &t[i+7],
+ &t[i+8], &t[i+9], &t[i+10], &t[i+11],
+ &t[i+12], &t[i+13], &t[i+14], &t[i+15],
+ )
+ }
+ for i := 0; i < blockLength/8; i += 2 {
+ blamkaGeneric(
+ &t[i], &t[i+1], &t[16+i], &t[16+i+1],
+ &t[32+i], &t[32+i+1], &t[48+i], &t[48+i+1],
+ &t[64+i], &t[64+i+1], &t[80+i], &t[80+i+1],
+ &t[96+i], &t[96+i+1], &t[112+i], &t[112+i+1],
+ )
+ }
+ if xor {
+ for i := range t {
+ out[i] ^= in1[i] ^ in2[i] ^ t[i]
+ }
+ } else {
+ for i := range t {
+ out[i] = in1[i] ^ in2[i] ^ t[i]
+ }
+ }
+}
+
+func blamkaGeneric(t00, t01, t02, t03, t04, t05, t06, t07, t08, t09, t10, t11, t12, t13, t14, t15 *uint64) {
+ v00, v01, v02, v03 := *t00, *t01, *t02, *t03
+ v04, v05, v06, v07 := *t04, *t05, *t06, *t07
+ v08, v09, v10, v11 := *t08, *t09, *t10, *t11
+ v12, v13, v14, v15 := *t12, *t13, *t14, *t15
+
+ v00 += v04 + 2*uint64(uint32(v00))*uint64(uint32(v04))
+ v12 ^= v00
+ v12 = v12>>32 | v12<<32
+ v08 += v12 + 2*uint64(uint32(v08))*uint64(uint32(v12))
+ v04 ^= v08
+ v04 = v04>>24 | v04<<40
+
+ v00 += v04 + 2*uint64(uint32(v00))*uint64(uint32(v04))
+ v12 ^= v00
+ v12 = v12>>16 | v12<<48
+ v08 += v12 + 2*uint64(uint32(v08))*uint64(uint32(v12))
+ v04 ^= v08
+ v04 = v04>>63 | v04<<1
+
+ v01 += v05 + 2*uint64(uint32(v01))*uint64(uint32(v05))
+ v13 ^= v01
+ v13 = v13>>32 | v13<<32
+ v09 += v13 + 2*uint64(uint32(v09))*uint64(uint32(v13))
+ v05 ^= v09
+ v05 = v05>>24 | v05<<40
+
+ v01 += v05 + 2*uint64(uint32(v01))*uint64(uint32(v05))
+ v13 ^= v01
+ v13 = v13>>16 | v13<<48
+ v09 += v13 + 2*uint64(uint32(v09))*uint64(uint32(v13))
+ v05 ^= v09
+ v05 = v05>>63 | v05<<1
+
+ v02 += v06 + 2*uint64(uint32(v02))*uint64(uint32(v06))
+ v14 ^= v02
+ v14 = v14>>32 | v14<<32
+ v10 += v14 + 2*uint64(uint32(v10))*uint64(uint32(v14))
+ v06 ^= v10
+ v06 = v06>>24 | v06<<40
+
+ v02 += v06 + 2*uint64(uint32(v02))*uint64(uint32(v06))
+ v14 ^= v02
+ v14 = v14>>16 | v14<<48
+ v10 += v14 + 2*uint64(uint32(v10))*uint64(uint32(v14))
+ v06 ^= v10
+ v06 = v06>>63 | v06<<1
+
+ v03 += v07 + 2*uint64(uint32(v03))*uint64(uint32(v07))
+ v15 ^= v03
+ v15 = v15>>32 | v15<<32
+ v11 += v15 + 2*uint64(uint32(v11))*uint64(uint32(v15))
+ v07 ^= v11
+ v07 = v07>>24 | v07<<40
+
+ v03 += v07 + 2*uint64(uint32(v03))*uint64(uint32(v07))
+ v15 ^= v03
+ v15 = v15>>16 | v15<<48
+ v11 += v15 + 2*uint64(uint32(v11))*uint64(uint32(v15))
+ v07 ^= v11
+ v07 = v07>>63 | v07<<1
+
+ v00 += v05 + 2*uint64(uint32(v00))*uint64(uint32(v05))
+ v15 ^= v00
+ v15 = v15>>32 | v15<<32
+ v10 += v15 + 2*uint64(uint32(v10))*uint64(uint32(v15))
+ v05 ^= v10
+ v05 = v05>>24 | v05<<40
+
+ v00 += v05 + 2*uint64(uint32(v00))*uint64(uint32(v05))
+ v15 ^= v00
+ v15 = v15>>16 | v15<<48
+ v10 += v15 + 2*uint64(uint32(v10))*uint64(uint32(v15))
+ v05 ^= v10
+ v05 = v05>>63 | v05<<1
+
+ v01 += v06 + 2*uint64(uint32(v01))*uint64(uint32(v06))
+ v12 ^= v01
+ v12 = v12>>32 | v12<<32
+ v11 += v12 + 2*uint64(uint32(v11))*uint64(uint32(v12))
+ v06 ^= v11
+ v06 = v06>>24 | v06<<40
+
+ v01 += v06 + 2*uint64(uint32(v01))*uint64(uint32(v06))
+ v12 ^= v01
+ v12 = v12>>16 | v12<<48
+ v11 += v12 + 2*uint64(uint32(v11))*uint64(uint32(v12))
+ v06 ^= v11
+ v06 = v06>>63 | v06<<1
+
+ v02 += v07 + 2*uint64(uint32(v02))*uint64(uint32(v07))
+ v13 ^= v02
+ v13 = v13>>32 | v13<<32
+ v08 += v13 + 2*uint64(uint32(v08))*uint64(uint32(v13))
+ v07 ^= v08
+ v07 = v07>>24 | v07<<40
+
+ v02 += v07 + 2*uint64(uint32(v02))*uint64(uint32(v07))
+ v13 ^= v02
+ v13 = v13>>16 | v13<<48
+ v08 += v13 + 2*uint64(uint32(v08))*uint64(uint32(v13))
+ v07 ^= v08
+ v07 = v07>>63 | v07<<1
+
+ v03 += v04 + 2*uint64(uint32(v03))*uint64(uint32(v04))
+ v14 ^= v03
+ v14 = v14>>32 | v14<<32
+ v09 += v14 + 2*uint64(uint32(v09))*uint64(uint32(v14))
+ v04 ^= v09
+ v04 = v04>>24 | v04<<40
+
+ v03 += v04 + 2*uint64(uint32(v03))*uint64(uint32(v04))
+ v14 ^= v03
+ v14 = v14>>16 | v14<<48
+ v09 += v14 + 2*uint64(uint32(v09))*uint64(uint32(v14))
+ v04 ^= v09
+ v04 = v04>>63 | v04<<1
+
+ *t00, *t01, *t02, *t03 = v00, v01, v02, v03
+ *t04, *t05, *t06, *t07 = v04, v05, v06, v07
+ *t08, *t09, *t10, *t11 = v08, v09, v10, v11
+ *t12, *t13, *t14, *t15 = v12, v13, v14, v15
+}
diff --git a/vendor/golang.org/x/crypto/argon2/blamka_ref.go b/vendor/golang.org/x/crypto/argon2/blamka_ref.go
new file mode 100644
index 00000000..baf7b551
--- /dev/null
+++ b/vendor/golang.org/x/crypto/argon2/blamka_ref.go
@@ -0,0 +1,15 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !amd64 appengine gccgo
+
+package argon2
+
+func processBlock(out, in1, in2 *block) {
+ processBlockGeneric(out, in1, in2, false)
+}
+
+func processBlockXOR(out, in1, in2 *block) {
+ processBlockGeneric(out, in1, in2, true)
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b.go b/vendor/golang.org/x/crypto/blake2b/blake2b.go
new file mode 100644
index 00000000..58ea8753
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b.go
@@ -0,0 +1,289 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693
+// and the extendable output function (XOF) BLAKE2Xb.
+//
+// For a detailed specification of BLAKE2b see https://blake2.net/blake2.pdf
+// and for BLAKE2Xb see https://blake2.net/blake2x.pdf
+//
+// If you aren't sure which function you need, use BLAKE2b (Sum512 or New512).
+// If you need a secret-key MAC (message authentication code), use the New512
+// function with a non-nil key.
+//
+// BLAKE2X is a construction to compute hash values larger than 64 bytes. It
+// can produce hash values between 0 and 4 GiB.
+package blake2b
+
+import (
+ "encoding/binary"
+ "errors"
+ "hash"
+)
+
+const (
+ // The blocksize of BLAKE2b in bytes.
+ BlockSize = 128
+ // The hash size of BLAKE2b-512 in bytes.
+ Size = 64
+ // The hash size of BLAKE2b-384 in bytes.
+ Size384 = 48
+ // The hash size of BLAKE2b-256 in bytes.
+ Size256 = 32
+)
+
+var (
+ useAVX2 bool
+ useAVX bool
+ useSSE4 bool
+)
+
+var (
+ errKeySize = errors.New("blake2b: invalid key size")
+ errHashSize = errors.New("blake2b: invalid hash size")
+)
+
+var iv = [8]uint64{
+ 0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,
+ 0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179,
+}
+
+// Sum512 returns the BLAKE2b-512 checksum of the data.
+func Sum512(data []byte) [Size]byte {
+ var sum [Size]byte
+ checkSum(&sum, Size, data)
+ return sum
+}
+
+// Sum384 returns the BLAKE2b-384 checksum of the data.
+func Sum384(data []byte) [Size384]byte {
+ var sum [Size]byte
+ var sum384 [Size384]byte
+ checkSum(&sum, Size384, data)
+ copy(sum384[:], sum[:Size384])
+ return sum384
+}
+
+// Sum256 returns the BLAKE2b-256 checksum of the data.
+func Sum256(data []byte) [Size256]byte {
+ var sum [Size]byte
+ var sum256 [Size256]byte
+ checkSum(&sum, Size256, data)
+ copy(sum256[:], sum[:Size256])
+ return sum256
+}
+
+// New512 returns a new hash.Hash computing the BLAKE2b-512 checksum. A non-nil
+// key turns the hash into a MAC. The key must between zero and 64 bytes long.
+func New512(key []byte) (hash.Hash, error) { return newDigest(Size, key) }
+
+// New384 returns a new hash.Hash computing the BLAKE2b-384 checksum. A non-nil
+// key turns the hash into a MAC. The key must between zero and 64 bytes long.
+func New384(key []byte) (hash.Hash, error) { return newDigest(Size384, key) }
+
+// New256 returns a new hash.Hash computing the BLAKE2b-256 checksum. A non-nil
+// key turns the hash into a MAC. The key must between zero and 64 bytes long.
+func New256(key []byte) (hash.Hash, error) { return newDigest(Size256, key) }
+
+// New returns a new hash.Hash computing the BLAKE2b checksum with a custom length.
+// A non-nil key turns the hash into a MAC. The key must between zero and 64 bytes long.
+// The hash size can be a value between 1 and 64 but it is highly recommended to use
+// values equal or greater than:
+// - 32 if BLAKE2b is used as a hash function (The key is zero bytes long).
+// - 16 if BLAKE2b is used as a MAC function (The key is at least 16 bytes long).
+// When the key is nil, the returned hash.Hash implements BinaryMarshaler
+// and BinaryUnmarshaler for state (de)serialization as documented by hash.Hash.
+func New(size int, key []byte) (hash.Hash, error) { return newDigest(size, key) }
+
+func newDigest(hashSize int, key []byte) (*digest, error) {
+ if hashSize < 1 || hashSize > Size {
+ return nil, errHashSize
+ }
+ if len(key) > Size {
+ return nil, errKeySize
+ }
+ d := &digest{
+ size: hashSize,
+ keyLen: len(key),
+ }
+ copy(d.key[:], key)
+ d.Reset()
+ return d, nil
+}
+
+func checkSum(sum *[Size]byte, hashSize int, data []byte) {
+ h := iv
+ h[0] ^= uint64(hashSize) | (1 << 16) | (1 << 24)
+ var c [2]uint64
+
+ if length := len(data); length > BlockSize {
+ n := length &^ (BlockSize - 1)
+ if length == n {
+ n -= BlockSize
+ }
+ hashBlocks(&h, &c, 0, data[:n])
+ data = data[n:]
+ }
+
+ var block [BlockSize]byte
+ offset := copy(block[:], data)
+ remaining := uint64(BlockSize - offset)
+ if c[0] < remaining {
+ c[1]--
+ }
+ c[0] -= remaining
+
+ hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:])
+
+ for i, v := range h[:(hashSize+7)/8] {
+ binary.LittleEndian.PutUint64(sum[8*i:], v)
+ }
+}
+
+type digest struct {
+ h [8]uint64
+ c [2]uint64
+ size int
+ block [BlockSize]byte
+ offset int
+
+ key [BlockSize]byte
+ keyLen int
+}
+
+const (
+ magic = "b2b"
+ marshaledSize = len(magic) + 8*8 + 2*8 + 1 + BlockSize + 1
+)
+
+func (d *digest) MarshalBinary() ([]byte, error) {
+ if d.keyLen != 0 {
+ return nil, errors.New("crypto/blake2b: cannot marshal MACs")
+ }
+ b := make([]byte, 0, marshaledSize)
+ b = append(b, magic...)
+ for i := 0; i < 8; i++ {
+ b = appendUint64(b, d.h[i])
+ }
+ b = appendUint64(b, d.c[0])
+ b = appendUint64(b, d.c[1])
+ // Maximum value for size is 64
+ b = append(b, byte(d.size))
+ b = append(b, d.block[:]...)
+ b = append(b, byte(d.offset))
+ return b, nil
+}
+
+func (d *digest) UnmarshalBinary(b []byte) error {
+ if len(b) < len(magic) || string(b[:len(magic)]) != magic {
+ return errors.New("crypto/blake2b: invalid hash state identifier")
+ }
+ if len(b) != marshaledSize {
+ return errors.New("crypto/blake2b: invalid hash state size")
+ }
+ b = b[len(magic):]
+ for i := 0; i < 8; i++ {
+ b, d.h[i] = consumeUint64(b)
+ }
+ b, d.c[0] = consumeUint64(b)
+ b, d.c[1] = consumeUint64(b)
+ d.size = int(b[0])
+ b = b[1:]
+ copy(d.block[:], b[:BlockSize])
+ b = b[BlockSize:]
+ d.offset = int(b[0])
+ return nil
+}
+
+func (d *digest) BlockSize() int { return BlockSize }
+
+func (d *digest) Size() int { return d.size }
+
+func (d *digest) Reset() {
+ d.h = iv
+ d.h[0] ^= uint64(d.size) | (uint64(d.keyLen) << 8) | (1 << 16) | (1 << 24)
+ d.offset, d.c[0], d.c[1] = 0, 0, 0
+ if d.keyLen > 0 {
+ d.block = d.key
+ d.offset = BlockSize
+ }
+}
+
+func (d *digest) Write(p []byte) (n int, err error) {
+ n = len(p)
+
+ if d.offset > 0 {
+ remaining := BlockSize - d.offset
+ if n <= remaining {
+ d.offset += copy(d.block[d.offset:], p)
+ return
+ }
+ copy(d.block[d.offset:], p[:remaining])
+ hashBlocks(&d.h, &d.c, 0, d.block[:])
+ d.offset = 0
+ p = p[remaining:]
+ }
+
+ if length := len(p); length > BlockSize {
+ nn := length &^ (BlockSize - 1)
+ if length == nn {
+ nn -= BlockSize
+ }
+ hashBlocks(&d.h, &d.c, 0, p[:nn])
+ p = p[nn:]
+ }
+
+ if len(p) > 0 {
+ d.offset += copy(d.block[:], p)
+ }
+
+ return
+}
+
+func (d *digest) Sum(sum []byte) []byte {
+ var hash [Size]byte
+ d.finalize(&hash)
+ return append(sum, hash[:d.size]...)
+}
+
+func (d *digest) finalize(hash *[Size]byte) {
+ var block [BlockSize]byte
+ copy(block[:], d.block[:d.offset])
+ remaining := uint64(BlockSize - d.offset)
+
+ c := d.c
+ if c[0] < remaining {
+ c[1]--
+ }
+ c[0] -= remaining
+
+ h := d.h
+ hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:])
+
+ for i, v := range h {
+ binary.LittleEndian.PutUint64(hash[8*i:], v)
+ }
+}
+
+func appendUint64(b []byte, x uint64) []byte {
+ var a [8]byte
+ binary.BigEndian.PutUint64(a[:], x)
+ return append(b, a[:]...)
+}
+
+func appendUint32(b []byte, x uint32) []byte {
+ var a [4]byte
+ binary.BigEndian.PutUint32(a[:], x)
+ return append(b, a[:]...)
+}
+
+func consumeUint64(b []byte) ([]byte, uint64) {
+ x := binary.BigEndian.Uint64(b)
+ return b[8:], x
+}
+
+func consumeUint32(b []byte) ([]byte, uint32) {
+ x := binary.BigEndian.Uint32(b)
+ return b[4:], x
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
new file mode 100644
index 00000000..4d31dd0f
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
@@ -0,0 +1,37 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.7,amd64,!gccgo,!appengine
+
+package blake2b
+
+import "golang.org/x/sys/cpu"
+
+func init() {
+ useAVX2 = cpu.X86.HasAVX2
+ useAVX = cpu.X86.HasAVX
+ useSSE4 = cpu.X86.HasSSE41
+}
+
+//go:noescape
+func hashBlocksAVX2(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+
+//go:noescape
+func hashBlocksAVX(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+
+//go:noescape
+func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+
+func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
+ switch {
+ case useAVX2:
+ hashBlocksAVX2(h, c, flag, blocks)
+ case useAVX:
+ hashBlocksAVX(h, c, flag, blocks)
+ case useSSE4:
+ hashBlocksSSE4(h, c, flag, blocks)
+ default:
+ hashBlocksGeneric(h, c, flag, blocks)
+ }
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
new file mode 100644
index 00000000..5593b1b3
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
@@ -0,0 +1,750 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.7,amd64,!gccgo,!appengine
+
+#include "textflag.h"
+
+DATA ·AVX2_iv0<>+0x00(SB)/8, $0x6a09e667f3bcc908
+DATA ·AVX2_iv0<>+0x08(SB)/8, $0xbb67ae8584caa73b
+DATA ·AVX2_iv0<>+0x10(SB)/8, $0x3c6ef372fe94f82b
+DATA ·AVX2_iv0<>+0x18(SB)/8, $0xa54ff53a5f1d36f1
+GLOBL ·AVX2_iv0<>(SB), (NOPTR+RODATA), $32
+
+DATA ·AVX2_iv1<>+0x00(SB)/8, $0x510e527fade682d1
+DATA ·AVX2_iv1<>+0x08(SB)/8, $0x9b05688c2b3e6c1f
+DATA ·AVX2_iv1<>+0x10(SB)/8, $0x1f83d9abfb41bd6b
+DATA ·AVX2_iv1<>+0x18(SB)/8, $0x5be0cd19137e2179
+GLOBL ·AVX2_iv1<>(SB), (NOPTR+RODATA), $32
+
+DATA ·AVX2_c40<>+0x00(SB)/8, $0x0201000706050403
+DATA ·AVX2_c40<>+0x08(SB)/8, $0x0a09080f0e0d0c0b
+DATA ·AVX2_c40<>+0x10(SB)/8, $0x0201000706050403
+DATA ·AVX2_c40<>+0x18(SB)/8, $0x0a09080f0e0d0c0b
+GLOBL ·AVX2_c40<>(SB), (NOPTR+RODATA), $32
+
+DATA ·AVX2_c48<>+0x00(SB)/8, $0x0100070605040302
+DATA ·AVX2_c48<>+0x08(SB)/8, $0x09080f0e0d0c0b0a
+DATA ·AVX2_c48<>+0x10(SB)/8, $0x0100070605040302
+DATA ·AVX2_c48<>+0x18(SB)/8, $0x09080f0e0d0c0b0a
+GLOBL ·AVX2_c48<>(SB), (NOPTR+RODATA), $32
+
+DATA ·AVX_iv0<>+0x00(SB)/8, $0x6a09e667f3bcc908
+DATA ·AVX_iv0<>+0x08(SB)/8, $0xbb67ae8584caa73b
+GLOBL ·AVX_iv0<>(SB), (NOPTR+RODATA), $16
+
+DATA ·AVX_iv1<>+0x00(SB)/8, $0x3c6ef372fe94f82b
+DATA ·AVX_iv1<>+0x08(SB)/8, $0xa54ff53a5f1d36f1
+GLOBL ·AVX_iv1<>(SB), (NOPTR+RODATA), $16
+
+DATA ·AVX_iv2<>+0x00(SB)/8, $0x510e527fade682d1
+DATA ·AVX_iv2<>+0x08(SB)/8, $0x9b05688c2b3e6c1f
+GLOBL ·AVX_iv2<>(SB), (NOPTR+RODATA), $16
+
+DATA ·AVX_iv3<>+0x00(SB)/8, $0x1f83d9abfb41bd6b
+DATA ·AVX_iv3<>+0x08(SB)/8, $0x5be0cd19137e2179
+GLOBL ·AVX_iv3<>(SB), (NOPTR+RODATA), $16
+
+DATA ·AVX_c40<>+0x00(SB)/8, $0x0201000706050403
+DATA ·AVX_c40<>+0x08(SB)/8, $0x0a09080f0e0d0c0b
+GLOBL ·AVX_c40<>(SB), (NOPTR+RODATA), $16
+
+DATA ·AVX_c48<>+0x00(SB)/8, $0x0100070605040302
+DATA ·AVX_c48<>+0x08(SB)/8, $0x09080f0e0d0c0b0a
+GLOBL ·AVX_c48<>(SB), (NOPTR+RODATA), $16
+
+#define VPERMQ_0x39_Y1_Y1 BYTE $0xc4; BYTE $0xe3; BYTE $0xfd; BYTE $0x00; BYTE $0xc9; BYTE $0x39
+#define VPERMQ_0x93_Y1_Y1 BYTE $0xc4; BYTE $0xe3; BYTE $0xfd; BYTE $0x00; BYTE $0xc9; BYTE $0x93
+#define VPERMQ_0x4E_Y2_Y2 BYTE $0xc4; BYTE $0xe3; BYTE $0xfd; BYTE $0x00; BYTE $0xd2; BYTE $0x4e
+#define VPERMQ_0x93_Y3_Y3 BYTE $0xc4; BYTE $0xe3; BYTE $0xfd; BYTE $0x00; BYTE $0xdb; BYTE $0x93
+#define VPERMQ_0x39_Y3_Y3 BYTE $0xc4; BYTE $0xe3; BYTE $0xfd; BYTE $0x00; BYTE $0xdb; BYTE $0x39
+
+#define ROUND_AVX2(m0, m1, m2, m3, t, c40, c48) \
+ VPADDQ m0, Y0, Y0; \
+ VPADDQ Y1, Y0, Y0; \
+ VPXOR Y0, Y3, Y3; \
+ VPSHUFD $-79, Y3, Y3; \
+ VPADDQ Y3, Y2, Y2; \
+ VPXOR Y2, Y1, Y1; \
+ VPSHUFB c40, Y1, Y1; \
+ VPADDQ m1, Y0, Y0; \
+ VPADDQ Y1, Y0, Y0; \
+ VPXOR Y0, Y3, Y3; \
+ VPSHUFB c48, Y3, Y3; \
+ VPADDQ Y3, Y2, Y2; \
+ VPXOR Y2, Y1, Y1; \
+ VPADDQ Y1, Y1, t; \
+ VPSRLQ $63, Y1, Y1; \
+ VPXOR t, Y1, Y1; \
+ VPERMQ_0x39_Y1_Y1; \
+ VPERMQ_0x4E_Y2_Y2; \
+ VPERMQ_0x93_Y3_Y3; \
+ VPADDQ m2, Y0, Y0; \
+ VPADDQ Y1, Y0, Y0; \
+ VPXOR Y0, Y3, Y3; \
+ VPSHUFD $-79, Y3, Y3; \
+ VPADDQ Y3, Y2, Y2; \
+ VPXOR Y2, Y1, Y1; \
+ VPSHUFB c40, Y1, Y1; \
+ VPADDQ m3, Y0, Y0; \
+ VPADDQ Y1, Y0, Y0; \
+ VPXOR Y0, Y3, Y3; \
+ VPSHUFB c48, Y3, Y3; \
+ VPADDQ Y3, Y2, Y2; \
+ VPXOR Y2, Y1, Y1; \
+ VPADDQ Y1, Y1, t; \
+ VPSRLQ $63, Y1, Y1; \
+ VPXOR t, Y1, Y1; \
+ VPERMQ_0x39_Y3_Y3; \
+ VPERMQ_0x4E_Y2_Y2; \
+ VPERMQ_0x93_Y1_Y1
+
+#define VMOVQ_SI_X11_0 BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x1E
+#define VMOVQ_SI_X12_0 BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x26
+#define VMOVQ_SI_X13_0 BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x2E
+#define VMOVQ_SI_X14_0 BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x36
+#define VMOVQ_SI_X15_0 BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x3E
+
+#define VMOVQ_SI_X11(n) BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x5E; BYTE $n
+#define VMOVQ_SI_X12(n) BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x66; BYTE $n
+#define VMOVQ_SI_X13(n) BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x6E; BYTE $n
+#define VMOVQ_SI_X14(n) BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x76; BYTE $n
+#define VMOVQ_SI_X15(n) BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x7E; BYTE $n
+
+#define VPINSRQ_1_SI_X11_0 BYTE $0xC4; BYTE $0x63; BYTE $0xA1; BYTE $0x22; BYTE $0x1E; BYTE $0x01
+#define VPINSRQ_1_SI_X12_0 BYTE $0xC4; BYTE $0x63; BYTE $0x99; BYTE $0x22; BYTE $0x26; BYTE $0x01
+#define VPINSRQ_1_SI_X13_0 BYTE $0xC4; BYTE $0x63; BYTE $0x91; BYTE $0x22; BYTE $0x2E; BYTE $0x01
+#define VPINSRQ_1_SI_X14_0 BYTE $0xC4; BYTE $0x63; BYTE $0x89; BYTE $0x22; BYTE $0x36; BYTE $0x01
+#define VPINSRQ_1_SI_X15_0 BYTE $0xC4; BYTE $0x63; BYTE $0x81; BYTE $0x22; BYTE $0x3E; BYTE $0x01
+
+#define VPINSRQ_1_SI_X11(n) BYTE $0xC4; BYTE $0x63; BYTE $0xA1; BYTE $0x22; BYTE $0x5E; BYTE $n; BYTE $0x01
+#define VPINSRQ_1_SI_X12(n) BYTE $0xC4; BYTE $0x63; BYTE $0x99; BYTE $0x22; BYTE $0x66; BYTE $n; BYTE $0x01
+#define VPINSRQ_1_SI_X13(n) BYTE $0xC4; BYTE $0x63; BYTE $0x91; BYTE $0x22; BYTE $0x6E; BYTE $n; BYTE $0x01
+#define VPINSRQ_1_SI_X14(n) BYTE $0xC4; BYTE $0x63; BYTE $0x89; BYTE $0x22; BYTE $0x76; BYTE $n; BYTE $0x01
+#define VPINSRQ_1_SI_X15(n) BYTE $0xC4; BYTE $0x63; BYTE $0x81; BYTE $0x22; BYTE $0x7E; BYTE $n; BYTE $0x01
+
+#define VMOVQ_R8_X15 BYTE $0xC4; BYTE $0x41; BYTE $0xF9; BYTE $0x6E; BYTE $0xF8
+#define VPINSRQ_1_R9_X15 BYTE $0xC4; BYTE $0x43; BYTE $0x81; BYTE $0x22; BYTE $0xF9; BYTE $0x01
+
+// load msg: Y12 = (i0, i1, i2, i3)
+// i0, i1, i2, i3 must not be 0
+#define LOAD_MSG_AVX2_Y12(i0, i1, i2, i3) \
+ VMOVQ_SI_X12(i0*8); \
+ VMOVQ_SI_X11(i2*8); \
+ VPINSRQ_1_SI_X12(i1*8); \
+ VPINSRQ_1_SI_X11(i3*8); \
+ VINSERTI128 $1, X11, Y12, Y12
+
+// load msg: Y13 = (i0, i1, i2, i3)
+// i0, i1, i2, i3 must not be 0
+#define LOAD_MSG_AVX2_Y13(i0, i1, i2, i3) \
+ VMOVQ_SI_X13(i0*8); \
+ VMOVQ_SI_X11(i2*8); \
+ VPINSRQ_1_SI_X13(i1*8); \
+ VPINSRQ_1_SI_X11(i3*8); \
+ VINSERTI128 $1, X11, Y13, Y13
+
+// load msg: Y14 = (i0, i1, i2, i3)
+// i0, i1, i2, i3 must not be 0
+#define LOAD_MSG_AVX2_Y14(i0, i1, i2, i3) \
+ VMOVQ_SI_X14(i0*8); \
+ VMOVQ_SI_X11(i2*8); \
+ VPINSRQ_1_SI_X14(i1*8); \
+ VPINSRQ_1_SI_X11(i3*8); \
+ VINSERTI128 $1, X11, Y14, Y14
+
+// load msg: Y15 = (i0, i1, i2, i3)
+// i0, i1, i2, i3 must not be 0
+#define LOAD_MSG_AVX2_Y15(i0, i1, i2, i3) \
+ VMOVQ_SI_X15(i0*8); \
+ VMOVQ_SI_X11(i2*8); \
+ VPINSRQ_1_SI_X15(i1*8); \
+ VPINSRQ_1_SI_X11(i3*8); \
+ VINSERTI128 $1, X11, Y15, Y15
+
+#define LOAD_MSG_AVX2_0_2_4_6_1_3_5_7_8_10_12_14_9_11_13_15() \
+ VMOVQ_SI_X12_0; \
+ VMOVQ_SI_X11(4*8); \
+ VPINSRQ_1_SI_X12(2*8); \
+ VPINSRQ_1_SI_X11(6*8); \
+ VINSERTI128 $1, X11, Y12, Y12; \
+ LOAD_MSG_AVX2_Y13(1, 3, 5, 7); \
+ LOAD_MSG_AVX2_Y14(8, 10, 12, 14); \
+ LOAD_MSG_AVX2_Y15(9, 11, 13, 15)
+
+#define LOAD_MSG_AVX2_14_4_9_13_10_8_15_6_1_0_11_5_12_2_7_3() \
+ LOAD_MSG_AVX2_Y12(14, 4, 9, 13); \
+ LOAD_MSG_AVX2_Y13(10, 8, 15, 6); \
+ VMOVQ_SI_X11(11*8); \
+ VPSHUFD $0x4E, 0*8(SI), X14; \
+ VPINSRQ_1_SI_X11(5*8); \
+ VINSERTI128 $1, X11, Y14, Y14; \
+ LOAD_MSG_AVX2_Y15(12, 2, 7, 3)
+
+#define LOAD_MSG_AVX2_11_12_5_15_8_0_2_13_10_3_7_9_14_6_1_4() \
+ VMOVQ_SI_X11(5*8); \
+ VMOVDQU 11*8(SI), X12; \
+ VPINSRQ_1_SI_X11(15*8); \
+ VINSERTI128 $1, X11, Y12, Y12; \
+ VMOVQ_SI_X13(8*8); \
+ VMOVQ_SI_X11(2*8); \
+ VPINSRQ_1_SI_X13_0; \
+ VPINSRQ_1_SI_X11(13*8); \
+ VINSERTI128 $1, X11, Y13, Y13; \
+ LOAD_MSG_AVX2_Y14(10, 3, 7, 9); \
+ LOAD_MSG_AVX2_Y15(14, 6, 1, 4)
+
+#define LOAD_MSG_AVX2_7_3_13_11_9_1_12_14_2_5_4_15_6_10_0_8() \
+ LOAD_MSG_AVX2_Y12(7, 3, 13, 11); \
+ LOAD_MSG_AVX2_Y13(9, 1, 12, 14); \
+ LOAD_MSG_AVX2_Y14(2, 5, 4, 15); \
+ VMOVQ_SI_X15(6*8); \
+ VMOVQ_SI_X11_0; \
+ VPINSRQ_1_SI_X15(10*8); \
+ VPINSRQ_1_SI_X11(8*8); \
+ VINSERTI128 $1, X11, Y15, Y15
+
+#define LOAD_MSG_AVX2_9_5_2_10_0_7_4_15_14_11_6_3_1_12_8_13() \
+ LOAD_MSG_AVX2_Y12(9, 5, 2, 10); \
+ VMOVQ_SI_X13_0; \
+ VMOVQ_SI_X11(4*8); \
+ VPINSRQ_1_SI_X13(7*8); \
+ VPINSRQ_1_SI_X11(15*8); \
+ VINSERTI128 $1, X11, Y13, Y13; \
+ LOAD_MSG_AVX2_Y14(14, 11, 6, 3); \
+ LOAD_MSG_AVX2_Y15(1, 12, 8, 13)
+
+#define LOAD_MSG_AVX2_2_6_0_8_12_10_11_3_4_7_15_1_13_5_14_9() \
+ VMOVQ_SI_X12(2*8); \
+ VMOVQ_SI_X11_0; \
+ VPINSRQ_1_SI_X12(6*8); \
+ VPINSRQ_1_SI_X11(8*8); \
+ VINSERTI128 $1, X11, Y12, Y12; \
+ LOAD_MSG_AVX2_Y13(12, 10, 11, 3); \
+ LOAD_MSG_AVX2_Y14(4, 7, 15, 1); \
+ LOAD_MSG_AVX2_Y15(13, 5, 14, 9)
+
+#define LOAD_MSG_AVX2_12_1_14_4_5_15_13_10_0_6_9_8_7_3_2_11() \
+ LOAD_MSG_AVX2_Y12(12, 1, 14, 4); \
+ LOAD_MSG_AVX2_Y13(5, 15, 13, 10); \
+ VMOVQ_SI_X14_0; \
+ VPSHUFD $0x4E, 8*8(SI), X11; \
+ VPINSRQ_1_SI_X14(6*8); \
+ VINSERTI128 $1, X11, Y14, Y14; \
+ LOAD_MSG_AVX2_Y15(7, 3, 2, 11)
+
+#define LOAD_MSG_AVX2_13_7_12_3_11_14_1_9_5_15_8_2_0_4_6_10() \
+ LOAD_MSG_AVX2_Y12(13, 7, 12, 3); \
+ LOAD_MSG_AVX2_Y13(11, 14, 1, 9); \
+ LOAD_MSG_AVX2_Y14(5, 15, 8, 2); \
+ VMOVQ_SI_X15_0; \
+ VMOVQ_SI_X11(6*8); \
+ VPINSRQ_1_SI_X15(4*8); \
+ VPINSRQ_1_SI_X11(10*8); \
+ VINSERTI128 $1, X11, Y15, Y15
+
+#define LOAD_MSG_AVX2_6_14_11_0_15_9_3_8_12_13_1_10_2_7_4_5() \
+ VMOVQ_SI_X12(6*8); \
+ VMOVQ_SI_X11(11*8); \
+ VPINSRQ_1_SI_X12(14*8); \
+ VPINSRQ_1_SI_X11_0; \
+ VINSERTI128 $1, X11, Y12, Y12; \
+ LOAD_MSG_AVX2_Y13(15, 9, 3, 8); \
+ VMOVQ_SI_X11(1*8); \
+ VMOVDQU 12*8(SI), X14; \
+ VPINSRQ_1_SI_X11(10*8); \
+ VINSERTI128 $1, X11, Y14, Y14; \
+ VMOVQ_SI_X15(2*8); \
+ VMOVDQU 4*8(SI), X11; \
+ VPINSRQ_1_SI_X15(7*8); \
+ VINSERTI128 $1, X11, Y15, Y15
+
+#define LOAD_MSG_AVX2_10_8_7_1_2_4_6_5_15_9_3_13_11_14_12_0() \
+ LOAD_MSG_AVX2_Y12(10, 8, 7, 1); \
+ VMOVQ_SI_X13(2*8); \
+ VPSHUFD $0x4E, 5*8(SI), X11; \
+ VPINSRQ_1_SI_X13(4*8); \
+ VINSERTI128 $1, X11, Y13, Y13; \
+ LOAD_MSG_AVX2_Y14(15, 9, 3, 13); \
+ VMOVQ_SI_X15(11*8); \
+ VMOVQ_SI_X11(12*8); \
+ VPINSRQ_1_SI_X15(14*8); \
+ VPINSRQ_1_SI_X11_0; \
+ VINSERTI128 $1, X11, Y15, Y15
+
+// func hashBlocksAVX2(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+TEXT ·hashBlocksAVX2(SB), 4, $320-48 // frame size = 288 + 32 byte alignment
+ MOVQ h+0(FP), AX
+ MOVQ c+8(FP), BX
+ MOVQ flag+16(FP), CX
+ MOVQ blocks_base+24(FP), SI
+ MOVQ blocks_len+32(FP), DI
+
+ MOVQ SP, DX
+ MOVQ SP, R9
+ ADDQ $31, R9
+ ANDQ $~31, R9
+ MOVQ R9, SP
+
+ MOVQ CX, 16(SP)
+ XORQ CX, CX
+ MOVQ CX, 24(SP)
+
+ VMOVDQU ·AVX2_c40<>(SB), Y4
+ VMOVDQU ·AVX2_c48<>(SB), Y5
+
+ VMOVDQU 0(AX), Y8
+ VMOVDQU 32(AX), Y9
+ VMOVDQU ·AVX2_iv0<>(SB), Y6
+ VMOVDQU ·AVX2_iv1<>(SB), Y7
+
+ MOVQ 0(BX), R8
+ MOVQ 8(BX), R9
+ MOVQ R9, 8(SP)
+
+loop:
+ ADDQ $128, R8
+ MOVQ R8, 0(SP)
+ CMPQ R8, $128
+ JGE noinc
+ INCQ R9
+ MOVQ R9, 8(SP)
+
+noinc:
+ VMOVDQA Y8, Y0
+ VMOVDQA Y9, Y1
+ VMOVDQA Y6, Y2
+ VPXOR 0(SP), Y7, Y3
+
+ LOAD_MSG_AVX2_0_2_4_6_1_3_5_7_8_10_12_14_9_11_13_15()
+ VMOVDQA Y12, 32(SP)
+ VMOVDQA Y13, 64(SP)
+ VMOVDQA Y14, 96(SP)
+ VMOVDQA Y15, 128(SP)
+ ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+ LOAD_MSG_AVX2_14_4_9_13_10_8_15_6_1_0_11_5_12_2_7_3()
+ VMOVDQA Y12, 160(SP)
+ VMOVDQA Y13, 192(SP)
+ VMOVDQA Y14, 224(SP)
+ VMOVDQA Y15, 256(SP)
+
+ ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+ LOAD_MSG_AVX2_11_12_5_15_8_0_2_13_10_3_7_9_14_6_1_4()
+ ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+ LOAD_MSG_AVX2_7_3_13_11_9_1_12_14_2_5_4_15_6_10_0_8()
+ ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+ LOAD_MSG_AVX2_9_5_2_10_0_7_4_15_14_11_6_3_1_12_8_13()
+ ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+ LOAD_MSG_AVX2_2_6_0_8_12_10_11_3_4_7_15_1_13_5_14_9()
+ ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+ LOAD_MSG_AVX2_12_1_14_4_5_15_13_10_0_6_9_8_7_3_2_11()
+ ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+ LOAD_MSG_AVX2_13_7_12_3_11_14_1_9_5_15_8_2_0_4_6_10()
+ ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+ LOAD_MSG_AVX2_6_14_11_0_15_9_3_8_12_13_1_10_2_7_4_5()
+ ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+ LOAD_MSG_AVX2_10_8_7_1_2_4_6_5_15_9_3_13_11_14_12_0()
+ ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+
+ ROUND_AVX2(32(SP), 64(SP), 96(SP), 128(SP), Y10, Y4, Y5)
+ ROUND_AVX2(160(SP), 192(SP), 224(SP), 256(SP), Y10, Y4, Y5)
+
+ VPXOR Y0, Y8, Y8
+ VPXOR Y1, Y9, Y9
+ VPXOR Y2, Y8, Y8
+ VPXOR Y3, Y9, Y9
+
+ LEAQ 128(SI), SI
+ SUBQ $128, DI
+ JNE loop
+
+ MOVQ R8, 0(BX)
+ MOVQ R9, 8(BX)
+
+ VMOVDQU Y8, 0(AX)
+ VMOVDQU Y9, 32(AX)
+ VZEROUPPER
+
+ MOVQ DX, SP
+ RET
+
+#define VPUNPCKLQDQ_X2_X2_X15 BYTE $0xC5; BYTE $0x69; BYTE $0x6C; BYTE $0xFA
+#define VPUNPCKLQDQ_X3_X3_X15 BYTE $0xC5; BYTE $0x61; BYTE $0x6C; BYTE $0xFB
+#define VPUNPCKLQDQ_X7_X7_X15 BYTE $0xC5; BYTE $0x41; BYTE $0x6C; BYTE $0xFF
+#define VPUNPCKLQDQ_X13_X13_X15 BYTE $0xC4; BYTE $0x41; BYTE $0x11; BYTE $0x6C; BYTE $0xFD
+#define VPUNPCKLQDQ_X14_X14_X15 BYTE $0xC4; BYTE $0x41; BYTE $0x09; BYTE $0x6C; BYTE $0xFE
+
+#define VPUNPCKHQDQ_X15_X2_X2 BYTE $0xC4; BYTE $0xC1; BYTE $0x69; BYTE $0x6D; BYTE $0xD7
+#define VPUNPCKHQDQ_X15_X3_X3 BYTE $0xC4; BYTE $0xC1; BYTE $0x61; BYTE $0x6D; BYTE $0xDF
+#define VPUNPCKHQDQ_X15_X6_X6 BYTE $0xC4; BYTE $0xC1; BYTE $0x49; BYTE $0x6D; BYTE $0xF7
+#define VPUNPCKHQDQ_X15_X7_X7 BYTE $0xC4; BYTE $0xC1; BYTE $0x41; BYTE $0x6D; BYTE $0xFF
+#define VPUNPCKHQDQ_X15_X3_X2 BYTE $0xC4; BYTE $0xC1; BYTE $0x61; BYTE $0x6D; BYTE $0xD7
+#define VPUNPCKHQDQ_X15_X7_X6 BYTE $0xC4; BYTE $0xC1; BYTE $0x41; BYTE $0x6D; BYTE $0xF7
+#define VPUNPCKHQDQ_X15_X13_X3 BYTE $0xC4; BYTE $0xC1; BYTE $0x11; BYTE $0x6D; BYTE $0xDF
+#define VPUNPCKHQDQ_X15_X13_X7 BYTE $0xC4; BYTE $0xC1; BYTE $0x11; BYTE $0x6D; BYTE $0xFF
+
+#define SHUFFLE_AVX() \
+ VMOVDQA X6, X13; \
+ VMOVDQA X2, X14; \
+ VMOVDQA X4, X6; \
+ VPUNPCKLQDQ_X13_X13_X15; \
+ VMOVDQA X5, X4; \
+ VMOVDQA X6, X5; \
+ VPUNPCKHQDQ_X15_X7_X6; \
+ VPUNPCKLQDQ_X7_X7_X15; \
+ VPUNPCKHQDQ_X15_X13_X7; \
+ VPUNPCKLQDQ_X3_X3_X15; \
+ VPUNPCKHQDQ_X15_X2_X2; \
+ VPUNPCKLQDQ_X14_X14_X15; \
+ VPUNPCKHQDQ_X15_X3_X3; \
+
+#define SHUFFLE_AVX_INV() \
+ VMOVDQA X2, X13; \
+ VMOVDQA X4, X14; \
+ VPUNPCKLQDQ_X2_X2_X15; \
+ VMOVDQA X5, X4; \
+ VPUNPCKHQDQ_X15_X3_X2; \
+ VMOVDQA X14, X5; \
+ VPUNPCKLQDQ_X3_X3_X15; \
+ VMOVDQA X6, X14; \
+ VPUNPCKHQDQ_X15_X13_X3; \
+ VPUNPCKLQDQ_X7_X7_X15; \
+ VPUNPCKHQDQ_X15_X6_X6; \
+ VPUNPCKLQDQ_X14_X14_X15; \
+ VPUNPCKHQDQ_X15_X7_X7; \
+
+#define HALF_ROUND_AVX(v0, v1, v2, v3, v4, v5, v6, v7, m0, m1, m2, m3, t0, c40, c48) \
+ VPADDQ m0, v0, v0; \
+ VPADDQ v2, v0, v0; \
+ VPADDQ m1, v1, v1; \
+ VPADDQ v3, v1, v1; \
+ VPXOR v0, v6, v6; \
+ VPXOR v1, v7, v7; \
+ VPSHUFD $-79, v6, v6; \
+ VPSHUFD $-79, v7, v7; \
+ VPADDQ v6, v4, v4; \
+ VPADDQ v7, v5, v5; \
+ VPXOR v4, v2, v2; \
+ VPXOR v5, v3, v3; \
+ VPSHUFB c40, v2, v2; \
+ VPSHUFB c40, v3, v3; \
+ VPADDQ m2, v0, v0; \
+ VPADDQ v2, v0, v0; \
+ VPADDQ m3, v1, v1; \
+ VPADDQ v3, v1, v1; \
+ VPXOR v0, v6, v6; \
+ VPXOR v1, v7, v7; \
+ VPSHUFB c48, v6, v6; \
+ VPSHUFB c48, v7, v7; \
+ VPADDQ v6, v4, v4; \
+ VPADDQ v7, v5, v5; \
+ VPXOR v4, v2, v2; \
+ VPXOR v5, v3, v3; \
+ VPADDQ v2, v2, t0; \
+ VPSRLQ $63, v2, v2; \
+ VPXOR t0, v2, v2; \
+ VPADDQ v3, v3, t0; \
+ VPSRLQ $63, v3, v3; \
+ VPXOR t0, v3, v3
+
+// load msg: X12 = (i0, i1), X13 = (i2, i3), X14 = (i4, i5), X15 = (i6, i7)
+// i0, i1, i2, i3, i4, i5, i6, i7 must not be 0
+#define LOAD_MSG_AVX(i0, i1, i2, i3, i4, i5, i6, i7) \
+ VMOVQ_SI_X12(i0*8); \
+ VMOVQ_SI_X13(i2*8); \
+ VMOVQ_SI_X14(i4*8); \
+ VMOVQ_SI_X15(i6*8); \
+ VPINSRQ_1_SI_X12(i1*8); \
+ VPINSRQ_1_SI_X13(i3*8); \
+ VPINSRQ_1_SI_X14(i5*8); \
+ VPINSRQ_1_SI_X15(i7*8)
+
+// load msg: X12 = (0, 2), X13 = (4, 6), X14 = (1, 3), X15 = (5, 7)
+#define LOAD_MSG_AVX_0_2_4_6_1_3_5_7() \
+ VMOVQ_SI_X12_0; \
+ VMOVQ_SI_X13(4*8); \
+ VMOVQ_SI_X14(1*8); \
+ VMOVQ_SI_X15(5*8); \
+ VPINSRQ_1_SI_X12(2*8); \
+ VPINSRQ_1_SI_X13(6*8); \
+ VPINSRQ_1_SI_X14(3*8); \
+ VPINSRQ_1_SI_X15(7*8)
+
+// load msg: X12 = (1, 0), X13 = (11, 5), X14 = (12, 2), X15 = (7, 3)
+#define LOAD_MSG_AVX_1_0_11_5_12_2_7_3() \
+ VPSHUFD $0x4E, 0*8(SI), X12; \
+ VMOVQ_SI_X13(11*8); \
+ VMOVQ_SI_X14(12*8); \
+ VMOVQ_SI_X15(7*8); \
+ VPINSRQ_1_SI_X13(5*8); \
+ VPINSRQ_1_SI_X14(2*8); \
+ VPINSRQ_1_SI_X15(3*8)
+
+// load msg: X12 = (11, 12), X13 = (5, 15), X14 = (8, 0), X15 = (2, 13)
+#define LOAD_MSG_AVX_11_12_5_15_8_0_2_13() \
+ VMOVDQU 11*8(SI), X12; \
+ VMOVQ_SI_X13(5*8); \
+ VMOVQ_SI_X14(8*8); \
+ VMOVQ_SI_X15(2*8); \
+ VPINSRQ_1_SI_X13(15*8); \
+ VPINSRQ_1_SI_X14_0; \
+ VPINSRQ_1_SI_X15(13*8)
+
+// load msg: X12 = (2, 5), X13 = (4, 15), X14 = (6, 10), X15 = (0, 8)
+#define LOAD_MSG_AVX_2_5_4_15_6_10_0_8() \
+ VMOVQ_SI_X12(2*8); \
+ VMOVQ_SI_X13(4*8); \
+ VMOVQ_SI_X14(6*8); \
+ VMOVQ_SI_X15_0; \
+ VPINSRQ_1_SI_X12(5*8); \
+ VPINSRQ_1_SI_X13(15*8); \
+ VPINSRQ_1_SI_X14(10*8); \
+ VPINSRQ_1_SI_X15(8*8)
+
+// load msg: X12 = (9, 5), X13 = (2, 10), X14 = (0, 7), X15 = (4, 15)
+#define LOAD_MSG_AVX_9_5_2_10_0_7_4_15() \
+ VMOVQ_SI_X12(9*8); \
+ VMOVQ_SI_X13(2*8); \
+ VMOVQ_SI_X14_0; \
+ VMOVQ_SI_X15(4*8); \
+ VPINSRQ_1_SI_X12(5*8); \
+ VPINSRQ_1_SI_X13(10*8); \
+ VPINSRQ_1_SI_X14(7*8); \
+ VPINSRQ_1_SI_X15(15*8)
+
+// load msg: X12 = (2, 6), X13 = (0, 8), X14 = (12, 10), X15 = (11, 3)
+#define LOAD_MSG_AVX_2_6_0_8_12_10_11_3() \
+ VMOVQ_SI_X12(2*8); \
+ VMOVQ_SI_X13_0; \
+ VMOVQ_SI_X14(12*8); \
+ VMOVQ_SI_X15(11*8); \
+ VPINSRQ_1_SI_X12(6*8); \
+ VPINSRQ_1_SI_X13(8*8); \
+ VPINSRQ_1_SI_X14(10*8); \
+ VPINSRQ_1_SI_X15(3*8)
+
+// load msg: X12 = (0, 6), X13 = (9, 8), X14 = (7, 3), X15 = (2, 11)
+#define LOAD_MSG_AVX_0_6_9_8_7_3_2_11() \
+ MOVQ 0*8(SI), X12; \
+ VPSHUFD $0x4E, 8*8(SI), X13; \
+ MOVQ 7*8(SI), X14; \
+ MOVQ 2*8(SI), X15; \
+ VPINSRQ_1_SI_X12(6*8); \
+ VPINSRQ_1_SI_X14(3*8); \
+ VPINSRQ_1_SI_X15(11*8)
+
+// load msg: X12 = (6, 14), X13 = (11, 0), X14 = (15, 9), X15 = (3, 8)
+#define LOAD_MSG_AVX_6_14_11_0_15_9_3_8() \
+ MOVQ 6*8(SI), X12; \
+ MOVQ 11*8(SI), X13; \
+ MOVQ 15*8(SI), X14; \
+ MOVQ 3*8(SI), X15; \
+ VPINSRQ_1_SI_X12(14*8); \
+ VPINSRQ_1_SI_X13_0; \
+ VPINSRQ_1_SI_X14(9*8); \
+ VPINSRQ_1_SI_X15(8*8)
+
+// load msg: X12 = (5, 15), X13 = (8, 2), X14 = (0, 4), X15 = (6, 10)
+#define LOAD_MSG_AVX_5_15_8_2_0_4_6_10() \
+ MOVQ 5*8(SI), X12; \
+ MOVQ 8*8(SI), X13; \
+ MOVQ 0*8(SI), X14; \
+ MOVQ 6*8(SI), X15; \
+ VPINSRQ_1_SI_X12(15*8); \
+ VPINSRQ_1_SI_X13(2*8); \
+ VPINSRQ_1_SI_X14(4*8); \
+ VPINSRQ_1_SI_X15(10*8)
+
+// load msg: X12 = (12, 13), X13 = (1, 10), X14 = (2, 7), X15 = (4, 5)
+#define LOAD_MSG_AVX_12_13_1_10_2_7_4_5() \
+ VMOVDQU 12*8(SI), X12; \
+ MOVQ 1*8(SI), X13; \
+ MOVQ 2*8(SI), X14; \
+ VPINSRQ_1_SI_X13(10*8); \
+ VPINSRQ_1_SI_X14(7*8); \
+ VMOVDQU 4*8(SI), X15
+
+// load msg: X12 = (15, 9), X13 = (3, 13), X14 = (11, 14), X15 = (12, 0)
+#define LOAD_MSG_AVX_15_9_3_13_11_14_12_0() \
+ MOVQ 15*8(SI), X12; \
+ MOVQ 3*8(SI), X13; \
+ MOVQ 11*8(SI), X14; \
+ MOVQ 12*8(SI), X15; \
+ VPINSRQ_1_SI_X12(9*8); \
+ VPINSRQ_1_SI_X13(13*8); \
+ VPINSRQ_1_SI_X14(14*8); \
+ VPINSRQ_1_SI_X15_0
+
+// func hashBlocksAVX(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+TEXT ·hashBlocksAVX(SB), 4, $288-48 // frame size = 272 + 16 byte alignment
+ MOVQ h+0(FP), AX
+ MOVQ c+8(FP), BX
+ MOVQ flag+16(FP), CX
+ MOVQ blocks_base+24(FP), SI
+ MOVQ blocks_len+32(FP), DI
+
+ MOVQ SP, BP
+ MOVQ SP, R9
+ ADDQ $15, R9
+ ANDQ $~15, R9
+ MOVQ R9, SP
+
+ VMOVDQU ·AVX_c40<>(SB), X0
+ VMOVDQU ·AVX_c48<>(SB), X1
+ VMOVDQA X0, X8
+ VMOVDQA X1, X9
+
+ VMOVDQU ·AVX_iv3<>(SB), X0
+ VMOVDQA X0, 0(SP)
+ XORQ CX, 0(SP) // 0(SP) = ·AVX_iv3 ^ (CX || 0)
+
+ VMOVDQU 0(AX), X10
+ VMOVDQU 16(AX), X11
+ VMOVDQU 32(AX), X2
+ VMOVDQU 48(AX), X3
+
+ MOVQ 0(BX), R8
+ MOVQ 8(BX), R9
+
+loop:
+ ADDQ $128, R8
+ CMPQ R8, $128
+ JGE noinc
+ INCQ R9
+
+noinc:
+ VMOVQ_R8_X15
+ VPINSRQ_1_R9_X15
+
+ VMOVDQA X10, X0
+ VMOVDQA X11, X1
+ VMOVDQU ·AVX_iv0<>(SB), X4
+ VMOVDQU ·AVX_iv1<>(SB), X5
+ VMOVDQU ·AVX_iv2<>(SB), X6
+
+ VPXOR X15, X6, X6
+ VMOVDQA 0(SP), X7
+
+ LOAD_MSG_AVX_0_2_4_6_1_3_5_7()
+ VMOVDQA X12, 16(SP)
+ VMOVDQA X13, 32(SP)
+ VMOVDQA X14, 48(SP)
+ VMOVDQA X15, 64(SP)
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX()
+ LOAD_MSG_AVX(8, 10, 12, 14, 9, 11, 13, 15)
+ VMOVDQA X12, 80(SP)
+ VMOVDQA X13, 96(SP)
+ VMOVDQA X14, 112(SP)
+ VMOVDQA X15, 128(SP)
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX_INV()
+
+ LOAD_MSG_AVX(14, 4, 9, 13, 10, 8, 15, 6)
+ VMOVDQA X12, 144(SP)
+ VMOVDQA X13, 160(SP)
+ VMOVDQA X14, 176(SP)
+ VMOVDQA X15, 192(SP)
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX()
+ LOAD_MSG_AVX_1_0_11_5_12_2_7_3()
+ VMOVDQA X12, 208(SP)
+ VMOVDQA X13, 224(SP)
+ VMOVDQA X14, 240(SP)
+ VMOVDQA X15, 256(SP)
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX_INV()
+
+ LOAD_MSG_AVX_11_12_5_15_8_0_2_13()
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX()
+ LOAD_MSG_AVX(10, 3, 7, 9, 14, 6, 1, 4)
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX_INV()
+
+ LOAD_MSG_AVX(7, 3, 13, 11, 9, 1, 12, 14)
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX()
+ LOAD_MSG_AVX_2_5_4_15_6_10_0_8()
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX_INV()
+
+ LOAD_MSG_AVX_9_5_2_10_0_7_4_15()
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX()
+ LOAD_MSG_AVX(14, 11, 6, 3, 1, 12, 8, 13)
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX_INV()
+
+ LOAD_MSG_AVX_2_6_0_8_12_10_11_3()
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX()
+ LOAD_MSG_AVX(4, 7, 15, 1, 13, 5, 14, 9)
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX_INV()
+
+ LOAD_MSG_AVX(12, 1, 14, 4, 5, 15, 13, 10)
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX()
+ LOAD_MSG_AVX_0_6_9_8_7_3_2_11()
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX_INV()
+
+ LOAD_MSG_AVX(13, 7, 12, 3, 11, 14, 1, 9)
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX()
+ LOAD_MSG_AVX_5_15_8_2_0_4_6_10()
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX_INV()
+
+ LOAD_MSG_AVX_6_14_11_0_15_9_3_8()
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX()
+ LOAD_MSG_AVX_12_13_1_10_2_7_4_5()
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX_INV()
+
+ LOAD_MSG_AVX(10, 8, 7, 1, 2, 4, 6, 5)
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX()
+ LOAD_MSG_AVX_15_9_3_13_11_14_12_0()
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+ SHUFFLE_AVX_INV()
+
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 16(SP), 32(SP), 48(SP), 64(SP), X15, X8, X9)
+ SHUFFLE_AVX()
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 80(SP), 96(SP), 112(SP), 128(SP), X15, X8, X9)
+ SHUFFLE_AVX_INV()
+
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 144(SP), 160(SP), 176(SP), 192(SP), X15, X8, X9)
+ SHUFFLE_AVX()
+ HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 208(SP), 224(SP), 240(SP), 256(SP), X15, X8, X9)
+ SHUFFLE_AVX_INV()
+
+ VMOVDQU 32(AX), X14
+ VMOVDQU 48(AX), X15
+ VPXOR X0, X10, X10
+ VPXOR X1, X11, X11
+ VPXOR X2, X14, X14
+ VPXOR X3, X15, X15
+ VPXOR X4, X10, X10
+ VPXOR X5, X11, X11
+ VPXOR X6, X14, X2
+ VPXOR X7, X15, X3
+ VMOVDQU X2, 32(AX)
+ VMOVDQU X3, 48(AX)
+
+ LEAQ 128(SI), SI
+ SUBQ $128, DI
+ JNE loop
+
+ VMOVDQU X10, 0(AX)
+ VMOVDQU X11, 16(AX)
+
+ MOVQ R8, 0(BX)
+ MOVQ R9, 8(BX)
+ VZEROUPPER
+
+ MOVQ BP, SP
+ RET
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go
new file mode 100644
index 00000000..30e2fcd5
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go
@@ -0,0 +1,24 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !go1.7,amd64,!gccgo,!appengine
+
+package blake2b
+
+import "golang.org/x/sys/cpu"
+
+func init() {
+ useSSE4 = cpu.X86.HasSSE41
+}
+
+//go:noescape
+func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+
+func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
+ if useSSE4 {
+ hashBlocksSSE4(h, c, flag, blocks)
+ } else {
+ hashBlocksGeneric(h, c, flag, blocks)
+ }
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
new file mode 100644
index 00000000..578e947b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
@@ -0,0 +1,281 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!gccgo,!appengine
+
+#include "textflag.h"
+
+DATA ·iv0<>+0x00(SB)/8, $0x6a09e667f3bcc908
+DATA ·iv0<>+0x08(SB)/8, $0xbb67ae8584caa73b
+GLOBL ·iv0<>(SB), (NOPTR+RODATA), $16
+
+DATA ·iv1<>+0x00(SB)/8, $0x3c6ef372fe94f82b
+DATA ·iv1<>+0x08(SB)/8, $0xa54ff53a5f1d36f1
+GLOBL ·iv1<>(SB), (NOPTR+RODATA), $16
+
+DATA ·iv2<>+0x00(SB)/8, $0x510e527fade682d1
+DATA ·iv2<>+0x08(SB)/8, $0x9b05688c2b3e6c1f
+GLOBL ·iv2<>(SB), (NOPTR+RODATA), $16
+
+DATA ·iv3<>+0x00(SB)/8, $0x1f83d9abfb41bd6b
+DATA ·iv3<>+0x08(SB)/8, $0x5be0cd19137e2179
+GLOBL ·iv3<>(SB), (NOPTR+RODATA), $16
+
+DATA ·c40<>+0x00(SB)/8, $0x0201000706050403
+DATA ·c40<>+0x08(SB)/8, $0x0a09080f0e0d0c0b
+GLOBL ·c40<>(SB), (NOPTR+RODATA), $16
+
+DATA ·c48<>+0x00(SB)/8, $0x0100070605040302
+DATA ·c48<>+0x08(SB)/8, $0x09080f0e0d0c0b0a
+GLOBL ·c48<>(SB), (NOPTR+RODATA), $16
+
+#define SHUFFLE(v2, v3, v4, v5, v6, v7, t1, t2) \
+ MOVO v4, t1; \
+ MOVO v5, v4; \
+ MOVO t1, v5; \
+ MOVO v6, t1; \
+ PUNPCKLQDQ v6, t2; \
+ PUNPCKHQDQ v7, v6; \
+ PUNPCKHQDQ t2, v6; \
+ PUNPCKLQDQ v7, t2; \
+ MOVO t1, v7; \
+ MOVO v2, t1; \
+ PUNPCKHQDQ t2, v7; \
+ PUNPCKLQDQ v3, t2; \
+ PUNPCKHQDQ t2, v2; \
+ PUNPCKLQDQ t1, t2; \
+ PUNPCKHQDQ t2, v3
+
+#define SHUFFLE_INV(v2, v3, v4, v5, v6, v7, t1, t2) \
+ MOVO v4, t1; \
+ MOVO v5, v4; \
+ MOVO t1, v5; \
+ MOVO v2, t1; \
+ PUNPCKLQDQ v2, t2; \
+ PUNPCKHQDQ v3, v2; \
+ PUNPCKHQDQ t2, v2; \
+ PUNPCKLQDQ v3, t2; \
+ MOVO t1, v3; \
+ MOVO v6, t1; \
+ PUNPCKHQDQ t2, v3; \
+ PUNPCKLQDQ v7, t2; \
+ PUNPCKHQDQ t2, v6; \
+ PUNPCKLQDQ t1, t2; \
+ PUNPCKHQDQ t2, v7
+
+#define HALF_ROUND(v0, v1, v2, v3, v4, v5, v6, v7, m0, m1, m2, m3, t0, c40, c48) \
+ PADDQ m0, v0; \
+ PADDQ m1, v1; \
+ PADDQ v2, v0; \
+ PADDQ v3, v1; \
+ PXOR v0, v6; \
+ PXOR v1, v7; \
+ PSHUFD $0xB1, v6, v6; \
+ PSHUFD $0xB1, v7, v7; \
+ PADDQ v6, v4; \
+ PADDQ v7, v5; \
+ PXOR v4, v2; \
+ PXOR v5, v3; \
+ PSHUFB c40, v2; \
+ PSHUFB c40, v3; \
+ PADDQ m2, v0; \
+ PADDQ m3, v1; \
+ PADDQ v2, v0; \
+ PADDQ v3, v1; \
+ PXOR v0, v6; \
+ PXOR v1, v7; \
+ PSHUFB c48, v6; \
+ PSHUFB c48, v7; \
+ PADDQ v6, v4; \
+ PADDQ v7, v5; \
+ PXOR v4, v2; \
+ PXOR v5, v3; \
+ MOVOU v2, t0; \
+ PADDQ v2, t0; \
+ PSRLQ $63, v2; \
+ PXOR t0, v2; \
+ MOVOU v3, t0; \
+ PADDQ v3, t0; \
+ PSRLQ $63, v3; \
+ PXOR t0, v3
+
+#define LOAD_MSG(m0, m1, m2, m3, src, i0, i1, i2, i3, i4, i5, i6, i7) \
+ MOVQ i0*8(src), m0; \
+ PINSRQ $1, i1*8(src), m0; \
+ MOVQ i2*8(src), m1; \
+ PINSRQ $1, i3*8(src), m1; \
+ MOVQ i4*8(src), m2; \
+ PINSRQ $1, i5*8(src), m2; \
+ MOVQ i6*8(src), m3; \
+ PINSRQ $1, i7*8(src), m3
+
+// func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+TEXT ·hashBlocksSSE4(SB), 4, $288-48 // frame size = 272 + 16 byte alignment
+ MOVQ h+0(FP), AX
+ MOVQ c+8(FP), BX
+ MOVQ flag+16(FP), CX
+ MOVQ blocks_base+24(FP), SI
+ MOVQ blocks_len+32(FP), DI
+
+ MOVQ SP, BP
+ MOVQ SP, R9
+ ADDQ $15, R9
+ ANDQ $~15, R9
+ MOVQ R9, SP
+
+ MOVOU ·iv3<>(SB), X0
+ MOVO X0, 0(SP)
+ XORQ CX, 0(SP) // 0(SP) = ·iv3 ^ (CX || 0)
+
+ MOVOU ·c40<>(SB), X13
+ MOVOU ·c48<>(SB), X14
+
+ MOVOU 0(AX), X12
+ MOVOU 16(AX), X15
+
+ MOVQ 0(BX), R8
+ MOVQ 8(BX), R9
+
+loop:
+ ADDQ $128, R8
+ CMPQ R8, $128
+ JGE noinc
+ INCQ R9
+
+noinc:
+ MOVQ R8, X8
+ PINSRQ $1, R9, X8
+
+ MOVO X12, X0
+ MOVO X15, X1
+ MOVOU 32(AX), X2
+ MOVOU 48(AX), X3
+ MOVOU ·iv0<>(SB), X4
+ MOVOU ·iv1<>(SB), X5
+ MOVOU ·iv2<>(SB), X6
+
+ PXOR X8, X6
+ MOVO 0(SP), X7
+
+ LOAD_MSG(X8, X9, X10, X11, SI, 0, 2, 4, 6, 1, 3, 5, 7)
+ MOVO X8, 16(SP)
+ MOVO X9, 32(SP)
+ MOVO X10, 48(SP)
+ MOVO X11, 64(SP)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+ LOAD_MSG(X8, X9, X10, X11, SI, 8, 10, 12, 14, 9, 11, 13, 15)
+ MOVO X8, 80(SP)
+ MOVO X9, 96(SP)
+ MOVO X10, 112(SP)
+ MOVO X11, 128(SP)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+ LOAD_MSG(X8, X9, X10, X11, SI, 14, 4, 9, 13, 10, 8, 15, 6)
+ MOVO X8, 144(SP)
+ MOVO X9, 160(SP)
+ MOVO X10, 176(SP)
+ MOVO X11, 192(SP)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+ LOAD_MSG(X8, X9, X10, X11, SI, 1, 0, 11, 5, 12, 2, 7, 3)
+ MOVO X8, 208(SP)
+ MOVO X9, 224(SP)
+ MOVO X10, 240(SP)
+ MOVO X11, 256(SP)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+ LOAD_MSG(X8, X9, X10, X11, SI, 11, 12, 5, 15, 8, 0, 2, 13)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+ LOAD_MSG(X8, X9, X10, X11, SI, 10, 3, 7, 9, 14, 6, 1, 4)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+ LOAD_MSG(X8, X9, X10, X11, SI, 7, 3, 13, 11, 9, 1, 12, 14)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+ LOAD_MSG(X8, X9, X10, X11, SI, 2, 5, 4, 15, 6, 10, 0, 8)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+ LOAD_MSG(X8, X9, X10, X11, SI, 9, 5, 2, 10, 0, 7, 4, 15)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+ LOAD_MSG(X8, X9, X10, X11, SI, 14, 11, 6, 3, 1, 12, 8, 13)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+ LOAD_MSG(X8, X9, X10, X11, SI, 2, 6, 0, 8, 12, 10, 11, 3)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+ LOAD_MSG(X8, X9, X10, X11, SI, 4, 7, 15, 1, 13, 5, 14, 9)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+ LOAD_MSG(X8, X9, X10, X11, SI, 12, 1, 14, 4, 5, 15, 13, 10)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+ LOAD_MSG(X8, X9, X10, X11, SI, 0, 6, 9, 8, 7, 3, 2, 11)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+ LOAD_MSG(X8, X9, X10, X11, SI, 13, 7, 12, 3, 11, 14, 1, 9)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+ LOAD_MSG(X8, X9, X10, X11, SI, 5, 15, 8, 2, 0, 4, 6, 10)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+ LOAD_MSG(X8, X9, X10, X11, SI, 6, 14, 11, 0, 15, 9, 3, 8)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+ LOAD_MSG(X8, X9, X10, X11, SI, 12, 13, 1, 10, 2, 7, 4, 5)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+ LOAD_MSG(X8, X9, X10, X11, SI, 10, 8, 7, 1, 2, 4, 6, 5)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+ LOAD_MSG(X8, X9, X10, X11, SI, 15, 9, 3, 13, 11, 14, 12, 0)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+ SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 16(SP), 32(SP), 48(SP), 64(SP), X11, X13, X14)
+ SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 80(SP), 96(SP), 112(SP), 128(SP), X11, X13, X14)
+ SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 144(SP), 160(SP), 176(SP), 192(SP), X11, X13, X14)
+ SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+ HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 208(SP), 224(SP), 240(SP), 256(SP), X11, X13, X14)
+ SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+ MOVOU 32(AX), X10
+ MOVOU 48(AX), X11
+ PXOR X0, X12
+ PXOR X1, X15
+ PXOR X2, X10
+ PXOR X3, X11
+ PXOR X4, X12
+ PXOR X5, X15
+ PXOR X6, X10
+ PXOR X7, X11
+ MOVOU X10, 32(AX)
+ MOVOU X11, 48(AX)
+
+ LEAQ 128(SI), SI
+ SUBQ $128, DI
+ JNE loop
+
+ MOVOU X12, 0(AX)
+ MOVOU X15, 16(AX)
+
+ MOVQ R8, 0(BX)
+ MOVQ R9, 8(BX)
+
+ MOVQ BP, SP
+ RET
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_generic.go b/vendor/golang.org/x/crypto/blake2b/blake2b_generic.go
new file mode 100644
index 00000000..4bd2abc9
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_generic.go
@@ -0,0 +1,179 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package blake2b
+
+import "encoding/binary"
+
+// the precomputed values for BLAKE2b
+// there are 12 16-byte arrays - one for each round
+// the entries are calculated from the sigma constants.
+var precomputed = [12][16]byte{
+ {0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15},
+ {14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3},
+ {11, 12, 5, 15, 8, 0, 2, 13, 10, 3, 7, 9, 14, 6, 1, 4},
+ {7, 3, 13, 11, 9, 1, 12, 14, 2, 5, 4, 15, 6, 10, 0, 8},
+ {9, 5, 2, 10, 0, 7, 4, 15, 14, 11, 6, 3, 1, 12, 8, 13},
+ {2, 6, 0, 8, 12, 10, 11, 3, 4, 7, 15, 1, 13, 5, 14, 9},
+ {12, 1, 14, 4, 5, 15, 13, 10, 0, 6, 9, 8, 7, 3, 2, 11},
+ {13, 7, 12, 3, 11, 14, 1, 9, 5, 15, 8, 2, 0, 4, 6, 10},
+ {6, 14, 11, 0, 15, 9, 3, 8, 12, 13, 1, 10, 2, 7, 4, 5},
+ {10, 8, 7, 1, 2, 4, 6, 5, 15, 9, 3, 13, 11, 14, 12, 0},
+ {0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15}, // equal to the first
+ {14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3}, // equal to the second
+}
+
+func hashBlocksGeneric(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
+ var m [16]uint64
+ c0, c1 := c[0], c[1]
+
+ for i := 0; i < len(blocks); {
+ c0 += BlockSize
+ if c0 < BlockSize {
+ c1++
+ }
+
+ v0, v1, v2, v3, v4, v5, v6, v7 := h[0], h[1], h[2], h[3], h[4], h[5], h[6], h[7]
+ v8, v9, v10, v11, v12, v13, v14, v15 := iv[0], iv[1], iv[2], iv[3], iv[4], iv[5], iv[6], iv[7]
+ v12 ^= c0
+ v13 ^= c1
+ v14 ^= flag
+
+ for j := range m {
+ m[j] = binary.LittleEndian.Uint64(blocks[i:])
+ i += 8
+ }
+
+ for j := range precomputed {
+ s := &(precomputed[j])
+
+ v0 += m[s[0]]
+ v0 += v4
+ v12 ^= v0
+ v12 = v12<<(64-32) | v12>>32
+ v8 += v12
+ v4 ^= v8
+ v4 = v4<<(64-24) | v4>>24
+ v1 += m[s[1]]
+ v1 += v5
+ v13 ^= v1
+ v13 = v13<<(64-32) | v13>>32
+ v9 += v13
+ v5 ^= v9
+ v5 = v5<<(64-24) | v5>>24
+ v2 += m[s[2]]
+ v2 += v6
+ v14 ^= v2
+ v14 = v14<<(64-32) | v14>>32
+ v10 += v14
+ v6 ^= v10
+ v6 = v6<<(64-24) | v6>>24
+ v3 += m[s[3]]
+ v3 += v7
+ v15 ^= v3
+ v15 = v15<<(64-32) | v15>>32
+ v11 += v15
+ v7 ^= v11
+ v7 = v7<<(64-24) | v7>>24
+
+ v0 += m[s[4]]
+ v0 += v4
+ v12 ^= v0
+ v12 = v12<<(64-16) | v12>>16
+ v8 += v12
+ v4 ^= v8
+ v4 = v4<<(64-63) | v4>>63
+ v1 += m[s[5]]
+ v1 += v5
+ v13 ^= v1
+ v13 = v13<<(64-16) | v13>>16
+ v9 += v13
+ v5 ^= v9
+ v5 = v5<<(64-63) | v5>>63
+ v2 += m[s[6]]
+ v2 += v6
+ v14 ^= v2
+ v14 = v14<<(64-16) | v14>>16
+ v10 += v14
+ v6 ^= v10
+ v6 = v6<<(64-63) | v6>>63
+ v3 += m[s[7]]
+ v3 += v7
+ v15 ^= v3
+ v15 = v15<<(64-16) | v15>>16
+ v11 += v15
+ v7 ^= v11
+ v7 = v7<<(64-63) | v7>>63
+
+ v0 += m[s[8]]
+ v0 += v5
+ v15 ^= v0
+ v15 = v15<<(64-32) | v15>>32
+ v10 += v15
+ v5 ^= v10
+ v5 = v5<<(64-24) | v5>>24
+ v1 += m[s[9]]
+ v1 += v6
+ v12 ^= v1
+ v12 = v12<<(64-32) | v12>>32
+ v11 += v12
+ v6 ^= v11
+ v6 = v6<<(64-24) | v6>>24
+ v2 += m[s[10]]
+ v2 += v7
+ v13 ^= v2
+ v13 = v13<<(64-32) | v13>>32
+ v8 += v13
+ v7 ^= v8
+ v7 = v7<<(64-24) | v7>>24
+ v3 += m[s[11]]
+ v3 += v4
+ v14 ^= v3
+ v14 = v14<<(64-32) | v14>>32
+ v9 += v14
+ v4 ^= v9
+ v4 = v4<<(64-24) | v4>>24
+
+ v0 += m[s[12]]
+ v0 += v5
+ v15 ^= v0
+ v15 = v15<<(64-16) | v15>>16
+ v10 += v15
+ v5 ^= v10
+ v5 = v5<<(64-63) | v5>>63
+ v1 += m[s[13]]
+ v1 += v6
+ v12 ^= v1
+ v12 = v12<<(64-16) | v12>>16
+ v11 += v12
+ v6 ^= v11
+ v6 = v6<<(64-63) | v6>>63
+ v2 += m[s[14]]
+ v2 += v7
+ v13 ^= v2
+ v13 = v13<<(64-16) | v13>>16
+ v8 += v13
+ v7 ^= v8
+ v7 = v7<<(64-63) | v7>>63
+ v3 += m[s[15]]
+ v3 += v4
+ v14 ^= v3
+ v14 = v14<<(64-16) | v14>>16
+ v9 += v14
+ v4 ^= v9
+ v4 = v4<<(64-63) | v4>>63
+
+ }
+
+ h[0] ^= v0 ^ v8
+ h[1] ^= v1 ^ v9
+ h[2] ^= v2 ^ v10
+ h[3] ^= v3 ^ v11
+ h[4] ^= v4 ^ v12
+ h[5] ^= v5 ^ v13
+ h[6] ^= v6 ^ v14
+ h[7] ^= v7 ^ v15
+ }
+ c[0], c[1] = c0, c1
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go b/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
new file mode 100644
index 00000000..da156a1b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
@@ -0,0 +1,11 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !amd64 appengine gccgo
+
+package blake2b
+
+func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
+ hashBlocksGeneric(h, c, flag, blocks)
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2x.go b/vendor/golang.org/x/crypto/blake2b/blake2x.go
new file mode 100644
index 00000000..c814496a
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2x.go
@@ -0,0 +1,177 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package blake2b
+
+import (
+ "encoding/binary"
+ "errors"
+ "io"
+)
+
+// XOF defines the interface to hash functions that
+// support arbitrary-length output.
+type XOF interface {
+ // Write absorbs more data into the hash's state. It panics if called
+ // after Read.
+ io.Writer
+
+ // Read reads more output from the hash. It returns io.EOF if the limit
+ // has been reached.
+ io.Reader
+
+ // Clone returns a copy of the XOF in its current state.
+ Clone() XOF
+
+ // Reset resets the XOF to its initial state.
+ Reset()
+}
+
+// OutputLengthUnknown can be used as the size argument to NewXOF to indicate
+// the the length of the output is not known in advance.
+const OutputLengthUnknown = 0
+
+// magicUnknownOutputLength is a magic value for the output size that indicates
+// an unknown number of output bytes.
+const magicUnknownOutputLength = (1 << 32) - 1
+
+// maxOutputLength is the absolute maximum number of bytes to produce when the
+// number of output bytes is unknown.
+const maxOutputLength = (1 << 32) * 64
+
+// NewXOF creates a new variable-output-length hash. The hash either produce a
+// known number of bytes (1 <= size < 2**32-1), or an unknown number of bytes
+// (size == OutputLengthUnknown). In the latter case, an absolute limit of
+// 256GiB applies.
+//
+// A non-nil key turns the hash into a MAC. The key must between
+// zero and 32 bytes long.
+func NewXOF(size uint32, key []byte) (XOF, error) {
+ if len(key) > Size {
+ return nil, errKeySize
+ }
+ if size == magicUnknownOutputLength {
+ // 2^32-1 indicates an unknown number of bytes and thus isn't a
+ // valid length.
+ return nil, errors.New("blake2b: XOF length too large")
+ }
+ if size == OutputLengthUnknown {
+ size = magicUnknownOutputLength
+ }
+ x := &xof{
+ d: digest{
+ size: Size,
+ keyLen: len(key),
+ },
+ length: size,
+ }
+ copy(x.d.key[:], key)
+ x.Reset()
+ return x, nil
+}
+
+type xof struct {
+ d digest
+ length uint32
+ remaining uint64
+ cfg, root, block [Size]byte
+ offset int
+ nodeOffset uint32
+ readMode bool
+}
+
+func (x *xof) Write(p []byte) (n int, err error) {
+ if x.readMode {
+ panic("blake2b: write to XOF after read")
+ }
+ return x.d.Write(p)
+}
+
+func (x *xof) Clone() XOF {
+ clone := *x
+ return &clone
+}
+
+func (x *xof) Reset() {
+ x.cfg[0] = byte(Size)
+ binary.LittleEndian.PutUint32(x.cfg[4:], uint32(Size)) // leaf length
+ binary.LittleEndian.PutUint32(x.cfg[12:], x.length) // XOF length
+ x.cfg[17] = byte(Size) // inner hash size
+
+ x.d.Reset()
+ x.d.h[1] ^= uint64(x.length) << 32
+
+ x.remaining = uint64(x.length)
+ if x.remaining == magicUnknownOutputLength {
+ x.remaining = maxOutputLength
+ }
+ x.offset, x.nodeOffset = 0, 0
+ x.readMode = false
+}
+
+func (x *xof) Read(p []byte) (n int, err error) {
+ if !x.readMode {
+ x.d.finalize(&x.root)
+ x.readMode = true
+ }
+
+ if x.remaining == 0 {
+ return 0, io.EOF
+ }
+
+ n = len(p)
+ if uint64(n) > x.remaining {
+ n = int(x.remaining)
+ p = p[:n]
+ }
+
+ if x.offset > 0 {
+ blockRemaining := Size - x.offset
+ if n < blockRemaining {
+ x.offset += copy(p, x.block[x.offset:])
+ x.remaining -= uint64(n)
+ return
+ }
+ copy(p, x.block[x.offset:])
+ p = p[blockRemaining:]
+ x.offset = 0
+ x.remaining -= uint64(blockRemaining)
+ }
+
+ for len(p) >= Size {
+ binary.LittleEndian.PutUint32(x.cfg[8:], x.nodeOffset)
+ x.nodeOffset++
+
+ x.d.initConfig(&x.cfg)
+ x.d.Write(x.root[:])
+ x.d.finalize(&x.block)
+
+ copy(p, x.block[:])
+ p = p[Size:]
+ x.remaining -= uint64(Size)
+ }
+
+ if todo := len(p); todo > 0 {
+ if x.remaining < uint64(Size) {
+ x.cfg[0] = byte(x.remaining)
+ }
+ binary.LittleEndian.PutUint32(x.cfg[8:], x.nodeOffset)
+ x.nodeOffset++
+
+ x.d.initConfig(&x.cfg)
+ x.d.Write(x.root[:])
+ x.d.finalize(&x.block)
+
+ x.offset = copy(p, x.block[:todo])
+ x.remaining -= uint64(todo)
+ }
+ return
+}
+
+func (d *digest) initConfig(cfg *[Size]byte) {
+ d.offset, d.c[0], d.c[1] = 0, 0, 0
+ for i := range d.h {
+ d.h[i] = iv[i] ^ binary.LittleEndian.Uint64(cfg[i*8:])
+ }
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/register.go b/vendor/golang.org/x/crypto/blake2b/register.go
new file mode 100644
index 00000000..efd689af
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/register.go
@@ -0,0 +1,32 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.9
+
+package blake2b
+
+import (
+ "crypto"
+ "hash"
+)
+
+func init() {
+ newHash256 := func() hash.Hash {
+ h, _ := New256(nil)
+ return h
+ }
+ newHash384 := func() hash.Hash {
+ h, _ := New384(nil)
+ return h
+ }
+
+ newHash512 := func() hash.Hash {
+ h, _ := New512(nil)
+ return h
+ }
+
+ crypto.RegisterHash(crypto.BLAKE2b_256, newHash256)
+ crypto.RegisterHash(crypto.BLAKE2b_384, newHash384)
+ crypto.RegisterHash(crypto.BLAKE2b_512, newHash512)
+}
diff --git a/vendor/golang.org/x/crypto/scrypt/scrypt.go b/vendor/golang.org/x/crypto/scrypt/scrypt.go
index ff28aaef..9b25b5ac 100644
--- a/vendor/golang.org/x/crypto/scrypt/scrypt.go
+++ b/vendor/golang.org/x/crypto/scrypt/scrypt.go
@@ -218,7 +218,7 @@ func smix(b []byte, r, N int, v, xy []uint32) {
// For example, you can get a derived key for e.g. AES-256 (which needs a
// 32-byte key) by doing:
//
-// dk, err := scrypt.Key([]byte("some password"), salt, 16384, 8, 1, 32)
+// dk, err := scrypt.Key([]byte("some password"), salt, 32768, 8, 1, 32)
//
// The recommended parameters for interactive logins as of 2017 are N=32768, r=8
// and p=1. The parameters N, r, and p should be increased as memory latency and
diff --git a/vendor/golang.org/x/sys/LICENSE b/vendor/golang.org/x/sys/LICENSE
new file mode 100644
index 00000000..6a66aea5
--- /dev/null
+++ b/vendor/golang.org/x/sys/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+ * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/golang.org/x/sys/PATENTS b/vendor/golang.org/x/sys/PATENTS
new file mode 100644
index 00000000..73309904
--- /dev/null
+++ b/vendor/golang.org/x/sys/PATENTS
@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go. This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation. If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.
diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go
new file mode 100644
index 00000000..3d88f866
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu.go
@@ -0,0 +1,38 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cpu implements processor feature detection for
+// various CPU architectures.
+package cpu
+
+// CacheLinePad is used to pad structs to avoid false sharing.
+type CacheLinePad struct{ _ [cacheLineSize]byte }
+
+// X86 contains the supported CPU features of the
+// current X86/AMD64 platform. If the current platform
+// is not X86/AMD64 then all feature flags are false.
+//
+// X86 is padded to avoid false sharing. Further the HasAVX
+// and HasAVX2 are only set if the OS supports XMM and YMM
+// registers in addition to the CPUID feature bit being set.
+var X86 struct {
+ _ CacheLinePad
+ HasAES bool // AES hardware implementation (AES NI)
+ HasADX bool // Multi-precision add-carry instruction extensions
+ HasAVX bool // Advanced vector extension
+ HasAVX2 bool // Advanced vector extension 2
+ HasBMI1 bool // Bit manipulation instruction set 1
+ HasBMI2 bool // Bit manipulation instruction set 2
+ HasERMS bool // Enhanced REP for MOVSB and STOSB
+ HasFMA bool // Fused-multiply-add instructions
+ HasOSXSAVE bool // OS supports XSAVE/XRESTOR for saving/restoring XMM registers.
+ HasPCLMULQDQ bool // PCLMULQDQ instruction - most often used for AES-GCM
+ HasPOPCNT bool // Hamming weight instruction POPCNT.
+ HasSSE2 bool // Streaming SIMD extension 2 (always available on amd64)
+ HasSSE3 bool // Streaming SIMD extension 3
+ HasSSSE3 bool // Supplemental streaming SIMD extension 3
+ HasSSE41 bool // Streaming SIMD extension 4 and 4.1
+ HasSSE42 bool // Streaming SIMD extension 4 and 4.2
+ _ CacheLinePad
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm.go b/vendor/golang.org/x/sys/cpu/cpu_arm.go
new file mode 100644
index 00000000..d93036f7
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm.go
@@ -0,0 +1,7 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 32
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
new file mode 100644
index 00000000..1d2ab290
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
@@ -0,0 +1,7 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 64
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
new file mode 100644
index 00000000..f7cb4697
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
@@ -0,0 +1,16 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+// +build !gccgo
+
+package cpu
+
+// cpuid is implemented in cpu_x86.s for gc compiler
+// and in cpu_gccgo.c for gccgo.
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
+
+// xgetbv with ecx = 0 is implemented in cpu_x86.s for gc compiler
+// and in cpu_gccgo.c for gccgo.
+func xgetbv() (eax, edx uint32)
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo.c b/vendor/golang.org/x/sys/cpu/cpu_gccgo.c
new file mode 100644
index 00000000..e363c7d1
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo.c
@@ -0,0 +1,43 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+// +build gccgo
+
+#include <cpuid.h>
+#include <stdint.h>
+
+// Need to wrap __get_cpuid_count because it's declared as static.
+int
+gccgoGetCpuidCount(uint32_t leaf, uint32_t subleaf,
+ uint32_t *eax, uint32_t *ebx,
+ uint32_t *ecx, uint32_t *edx)
+{
+ return __get_cpuid_count(leaf, subleaf, eax, ebx, ecx, edx);
+}
+
+// xgetbv reads the contents of an XCR (Extended Control Register)
+// specified in the ECX register into registers EDX:EAX.
+// Currently, the only supported value for XCR is 0.
+//
+// TODO: Replace with a better alternative:
+//
+// #include <xsaveintrin.h>
+//
+// #pragma GCC target("xsave")
+//
+// void gccgoXgetbv(uint32_t *eax, uint32_t *edx) {
+// unsigned long long x = _xgetbv(0);
+// *eax = x & 0xffffffff;
+// *edx = (x >> 32) & 0xffffffff;
+// }
+//
+// Note that _xgetbv is defined starting with GCC 8.
+void
+gccgoXgetbv(uint32_t *eax, uint32_t *edx)
+{
+ __asm(" xorl %%ecx, %%ecx\n"
+ " xgetbv"
+ : "=a"(*eax), "=d"(*edx));
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo.go
new file mode 100644
index 00000000..ba49b91b
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo.go
@@ -0,0 +1,26 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+// +build gccgo
+
+package cpu
+
+//extern gccgoGetCpuidCount
+func gccgoGetCpuidCount(eaxArg, ecxArg uint32, eax, ebx, ecx, edx *uint32)
+
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) {
+ var a, b, c, d uint32
+ gccgoGetCpuidCount(eaxArg, ecxArg, &a, &b, &c, &d)
+ return a, b, c, d
+}
+
+//extern gccgoXgetbv
+func gccgoXgetbv(eax, edx *uint32)
+
+func xgetbv() (eax, edx uint32) {
+ var a, d uint32
+ gccgoXgetbv(&a, &d)
+ return a, d
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
new file mode 100644
index 00000000..6165f121
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
@@ -0,0 +1,9 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build mips64 mips64le
+
+package cpu
+
+const cacheLineSize = 32
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
new file mode 100644
index 00000000..1269eee8
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
@@ -0,0 +1,9 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build mips mipsle
+
+package cpu
+
+const cacheLineSize = 32
diff --git a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
new file mode 100644
index 00000000..d10759a5
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
@@ -0,0 +1,9 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build ppc64 ppc64le
+
+package cpu
+
+const cacheLineSize = 128
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
new file mode 100644
index 00000000..684c4f00
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
@@ -0,0 +1,7 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 256
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go
new file mode 100644
index 00000000..71e288b0
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go
@@ -0,0 +1,55 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+
+package cpu
+
+const cacheLineSize = 64
+
+func init() {
+ maxID, _, _, _ := cpuid(0, 0)
+
+ if maxID < 1 {
+ return
+ }
+
+ _, _, ecx1, edx1 := cpuid(1, 0)
+ X86.HasSSE2 = isSet(26, edx1)
+
+ X86.HasSSE3 = isSet(0, ecx1)
+ X86.HasPCLMULQDQ = isSet(1, ecx1)
+ X86.HasSSSE3 = isSet(9, ecx1)
+ X86.HasFMA = isSet(12, ecx1)
+ X86.HasSSE41 = isSet(19, ecx1)
+ X86.HasSSE42 = isSet(20, ecx1)
+ X86.HasPOPCNT = isSet(23, ecx1)
+ X86.HasAES = isSet(25, ecx1)
+ X86.HasOSXSAVE = isSet(27, ecx1)
+
+ osSupportsAVX := false
+ // For XGETBV, OSXSAVE bit is required and sufficient.
+ if X86.HasOSXSAVE {
+ eax, _ := xgetbv()
+ // Check if XMM and YMM registers have OS support.
+ osSupportsAVX = isSet(1, eax) && isSet(2, eax)
+ }
+
+ X86.HasAVX = isSet(28, ecx1) && osSupportsAVX
+
+ if maxID < 7 {
+ return
+ }
+
+ _, ebx7, _, _ := cpuid(7, 0)
+ X86.HasBMI1 = isSet(3, ebx7)
+ X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX
+ X86.HasBMI2 = isSet(8, ebx7)
+ X86.HasERMS = isSet(9, ebx7)
+ X86.HasADX = isSet(19, ebx7)
+}
+
+func isSet(bitpos uint, value uint32) bool {
+ return value&(1<<bitpos) != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.s b/vendor/golang.org/x/sys/cpu/cpu_x86.s
new file mode 100644
index 00000000..47f08412
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.s
@@ -0,0 +1,27 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+// +build !gccgo
+
+#include "textflag.h"
+
+// func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·cpuid(SB), NOSPLIT, $0-24
+ MOVL eaxArg+0(FP), AX
+ MOVL ecxArg+4(FP), CX
+ CPUID
+ MOVL AX, eax+8(FP)
+ MOVL BX, ebx+12(FP)
+ MOVL CX, ecx+16(FP)
+ MOVL DX, edx+20(FP)
+ RET
+
+// func xgetbv() (eax, edx uint32)
+TEXT ·xgetbv(SB),NOSPLIT,$0-8
+ MOVL $0, CX
+ XGETBV
+ MOVL AX, eax+0(FP)
+ MOVL DX, edx+4(FP)
+ RET
diff --git a/vendor/vendor.json b/vendor/vendor.json
index 350f5ddd..5ddd7c90 100644
--- a/vendor/vendor.json
+++ b/vendor/vendor.json
@@ -32,6 +32,12 @@
"revision": "a65293114a1adbb45d047a8f9014a307ec0d9051",
"revisionTime": "2018-01-12T09:10:27Z"
},
+ {
+ "checksumSHA1": "OY/kamdVCtqr00dhc+STq7ApbmA=",
+ "path": "git.autistici.org/ai3/go-common/userenckey",
+ "revision": "9c87d6c357e641c4ad4af0c06db87e0b04f1e6f0",
+ "revisionTime": "2018-06-28T09:11:42Z"
+ },
{
"checksumSHA1": "zvdsYaPEZrgcsRJy1bOo6YF5rVQ=",
"path": "git.autistici.org/id/go-sso",
@@ -68,6 +74,12 @@
"revision": "17ce1425424ab154092bbb43af630bd647f3bb0d",
"revisionTime": "2017-09-02T00:04:52Z"
},
+ {
+ "checksumSHA1": "D5EG5yMsbtHqKbzBVbxFMKEMDNY=",
+ "path": "github.com/lunixbochs/struc",
+ "revision": "02e4c2afbb2ac4bae6876f52c8273fc4cf5a4b0a",
+ "revisionTime": "2018-04-08T20:38:00Z"
+ },
{
"checksumSHA1": "bKMZjd2wPw13VwoE7mBeSv5djFA=",
"path": "github.com/matttproud/golang_protobuf_extensions/pbutil",
@@ -152,6 +164,18 @@
"revision": "6de226b0d5f040ed85b88c82c381709b98277f3d",
"revisionTime": "2017-05-22T02:22:41Z"
},
+ {
+ "checksumSHA1": "FwW3Vv4jW0Nv7V2SZC7x/Huj5M4=",
+ "path": "golang.org/x/crypto/argon2",
+ "revision": "a49355c7e3f8fe157a85be2f77e6e269a0f89602",
+ "revisionTime": "2018-06-20T09:14:27Z"
+ },
+ {
+ "checksumSHA1": "ejjxT0+wDWWncfh0Rt3lSH4IbXQ=",
+ "path": "golang.org/x/crypto/blake2b",
+ "revision": "a49355c7e3f8fe157a85be2f77e6e269a0f89602",
+ "revisionTime": "2018-06-20T09:14:27Z"
+ },
{
"checksumSHA1": "X6Q8nYb+KXh+64AKHwWOOcyijHQ=",
"origin": "git.autistici.org/id/go-sso/vendor/golang.org/x/crypto/ed25519",
@@ -169,14 +193,14 @@
{
"checksumSHA1": "1MGpGDQqnUoRpv7VEcQrXOBydXE=",
"path": "golang.org/x/crypto/pbkdf2",
- "revision": "2509b142fb2b797aa7587dad548f113b2c0f20ce",
- "revisionTime": "2017-10-23T14:45:55Z"
+ "revision": "a49355c7e3f8fe157a85be2f77e6e269a0f89602",
+ "revisionTime": "2018-06-20T09:14:27Z"
},
{
- "checksumSHA1": "dHh6VeHcbNg11miGjGEl8LbPe7w=",
+ "checksumSHA1": "sx1nQShs40UKtcJZNJuvYtGesaI=",
"path": "golang.org/x/crypto/scrypt",
- "revision": "2509b142fb2b797aa7587dad548f113b2c0f20ce",
- "revisionTime": "2017-10-23T14:45:55Z"
+ "revision": "a49355c7e3f8fe157a85be2f77e6e269a0f89602",
+ "revisionTime": "2018-06-20T09:14:27Z"
},
{
"checksumSHA1": "dr5+PfIRzXeN+l1VG+s0lea9qz8=",
@@ -184,6 +208,12 @@
"revision": "66aacef3dd8a676686c7ae3716979581e8b03c47",
"revisionTime": "2016-09-14T00:11:54Z"
},
+ {
+ "checksumSHA1": "REkmyB368pIiip76LiqMLspgCRk=",
+ "path": "golang.org/x/sys/cpu",
+ "revision": "c4afb3effaa53fd9a06ca61262dc7ce8df4c081b",
+ "revisionTime": "2018-06-26T06:41:42Z"
+ },
{
"checksumSHA1": "xsaHqy6/sonLV6xIxTNh4FfkWbU=",
"path": "gopkg.in/asn1-ber.v1",
--
GitLab