├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ └── bug_report.md └── workflows │ └── codeql-analysis.yml ├── .gitignore ├── .travis.yml ├── LICENSE ├── README.md ├── SECURITY.md ├── error.go ├── example └── main.go ├── go.mod ├── go.sum ├── password.go ├── password_test.go └── vendor ├── github.com ├── corpix │ └── uarand │ │ ├── .gitignore │ │ ├── .go-makefile.json │ │ ├── .travis.yml │ │ ├── LICENSE │ │ ├── Makefile │ │ ├── README.md │ │ ├── glide.lock │ │ ├── glide.yaml │ │ ├── uarand.go │ │ ├── useragents.go │ │ └── useragents.mk └── icrowley │ └── fake │ ├── .gitignore │ ├── .go-makefile.json │ ├── .travis.yml │ ├── LICENSE │ ├── Makefile │ ├── README.md │ ├── addresses.go │ ├── credit_cards.go │ ├── currencies.go │ ├── data.go │ ├── dates.go │ ├── fake.go │ ├── general.go │ ├── geo.go │ ├── glide.lock │ ├── glide.yaml │ ├── internet.go │ ├── jobs.go │ ├── lorem_ipsum.go │ ├── names.go │ ├── personal.go │ └── products.go ├── golang.org └── x │ ├── crypto │ ├── AUTHORS │ ├── CONTRIBUTORS │ ├── LICENSE │ ├── PATENTS │ ├── blake2b │ │ ├── blake2b.go │ │ ├── blake2bAVX2_amd64.go │ │ ├── blake2bAVX2_amd64.s │ │ ├── blake2b_amd64.go │ │ ├── blake2b_amd64.s │ │ ├── blake2b_generic.go │ │ ├── blake2b_ref.go │ │ ├── blake2x.go │ │ └── register.go │ ├── internal │ │ └── subtle │ │ │ ├── aliasing.go │ │ │ └── aliasing_appengine.go │ ├── nacl │ │ └── secretbox │ │ │ └── secretbox.go │ ├── pbkdf2 │ │ └── pbkdf2.go │ ├── poly1305 │ │ ├── poly1305.go │ │ ├── sum_amd64.go │ │ ├── sum_amd64.s │ │ ├── sum_arm.go │ │ ├── sum_arm.s │ │ ├── sum_noasm.go │ │ ├── sum_ref.go │ │ ├── sum_s390x.go │ │ ├── sum_s390x.s │ │ └── sum_vmsl_s390x.s │ ├── salsa20 │ │ └── salsa │ │ │ ├── hsalsa20.go │ │ │ ├── salsa2020_amd64.s │ │ │ ├── salsa208.go │ │ │ ├── salsa20_amd64.go │ │ │ └── salsa20_ref.go │ └── scrypt │ │ └── scrypt.go │ └── sys │ ├── AUTHORS │ ├── CONTRIBUTORS │ ├── LICENSE │ ├── PATENTS │ └── cpu │ ├── cpu.go │ ├── cpu_arm.go │ ├── cpu_arm64.go │ ├── cpu_gc_x86.go │ ├── cpu_gccgo.c │ ├── cpu_gccgo.go │ ├── cpu_linux.go │ ├── cpu_mips64x.go │ ├── cpu_mipsx.go │ ├── cpu_ppc64x.go │ ├── cpu_s390x.go │ ├── cpu_x86.go │ └── cpu_x86.s └── modules.txt /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: "[BUG]" 5 | labels: bug 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **Code Example to Reproduce** 14 | If applicable, add code example to reproduce your problem, wrap in code blocks ` ``` `. 15 | 16 | **Expected behavior** 17 | A clear and concise description of what you expected to happen. 18 | 19 | **Screenshots** 20 | If applicable, add screenshots to help explain your problem. 21 | 22 | **Platform (please complete the following information):** 23 | - OS and Version: [e.g. macOS 12, Windows 8] 24 | - Package Version [e.g. master, v1.0.0] 25 | - Go Version [e.g. 1.16] 26 | 27 | **Additional context** 28 | Add any other context about the problem here. 29 | -------------------------------------------------------------------------------- /.github/workflows/codeql-analysis.yml: -------------------------------------------------------------------------------- 1 | # For most projects, this workflow file will not need changing; you simply need 2 | # to commit it to your repository. 3 | # 4 | # You may wish to alter this file to override the set of languages analyzed, 5 | # or to provide custom queries or build logic. 6 | # 7 | # ******** NOTE ******** 8 | # We have attempted to detect the languages in your repository. Please check 9 | # the `language` matrix defined below to confirm you have the correct set of 10 | # supported CodeQL languages. 11 | # 12 | name: "CodeQL" 13 | 14 | on: 15 | push: 16 | branches: [ master ] 17 | pull_request: 18 | # The branches below must be a subset of the branches above 19 | branches: [ master ] 20 | schedule: 21 | - cron: '16 20 * * 4' 22 | 23 | jobs: 24 | analyze: 25 | name: Analyze 26 | runs-on: ubuntu-latest 27 | 28 | strategy: 29 | fail-fast: false 30 | matrix: 31 | language: [ 'go' ] 32 | # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] 33 | # Learn more: 34 | # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed 35 | 36 | steps: 37 | - name: Checkout repository 38 | uses: actions/checkout@v2 39 | 40 | # Initializes the CodeQL tools for scanning. 41 | - name: Initialize CodeQL 42 | uses: github/codeql-action/init@v1 43 | with: 44 | languages: ${{ matrix.language }} 45 | # If you wish to specify custom queries, you can do so here or in a config file. 46 | # By default, queries listed here will override any specified in a config file. 47 | # Prefix the list here with "+" to use these queries and those in the config file. 48 | # queries: ./path/to/local/query, your-org/your-repo/queries@main 49 | 50 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). 51 | # If this step fails, then you should remove it and run the build manually (see below) 52 | - name: Autobuild 53 | uses: github/codeql-action/autobuild@v1 54 | 55 | # ℹ️ Command-line programs to run using the OS shell. 56 | # 📚 https://git.io/JvXDl 57 | 58 | # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines 59 | # and modify them (or add more) to build your code if your project 60 | # uses a compiled language 61 | 62 | #- run: | 63 | # make bootstrap 64 | # make release 65 | 66 | - name: Perform CodeQL Analysis 67 | uses: github/codeql-action/analyze@v1 68 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: go 2 | 3 | os: 4 | - linux 5 | 6 | script: 7 | - go build -race -v . 8 | - go test -race -v ./ -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 dwin 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # goSecretBoxPassword 2 | 3 | [![Go Report Card](https://goreportcard.com/badge/github.com/dwin/goSecretBoxPassword)](https://goreportcard.com/report/github.com/dwin/goSecretBoxPassword) [![GoDoc](https://godoc.org/github.com/dwin/goSecretBoxPassword?status.svg)](https://godoc.org/github.com/dwin/goSecretBoxPassword) 4 | [![Build Status](https://travis-ci.org/dwin/goSecretBoxPassword.svg?branch=master)](https://travis-ci.org/dwin/goSecretBoxPassword) 5 | [![CodeQL](https://github.com/dwin/goSecretBoxPassword/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/dwin/goSecretBoxPassword/actions/workflows/codeql-analysis.yml) 6 | 7 | This is a Golang library for securing passwords it is based on the [Dropbox method for password storage](https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/). The both passphrases are first hashed with [Blake2b-512](https://godoc.org/golang.org/x/crypto/blake2b) then a random 64-bit salt is generated and a secure hash is generated using [Scrypt](https://godoc.org/golang.org/x/crypto/scrypt) with the user specified parameters. The salt is appended to resulting 56 byte hash for a total of 64 bytes. The masterpassphrase Scrypt output, which Dropbox describes as a global pepper, is then hashed with Blake2b-256 and is used as a key along with a 192-bit random nonce value for the user passphrase Scrypt output along with Scrypt salt to be encrypted using [NaCl Secretbox](https://godoc.org/golang.org/x/crypto/nacl/secretbox). NaCl Secretbox uses XSalsa20 and Poly1305 to encrypt and authenticate data. 8 | 9 | *All hashing and crypto is done by Go library packages. This is only a utility library to make the process described easier.* 10 | 11 | The primary changes from the Dropbox method are the use of Blake2b as both a password stretching and hashing method rather than SHA. This provides predictable and acceptable length input for both Scrypt and NaCl Secretbox rather than relying on users to provide sufficient length input. The other changes is the use of NaCl Secretbox using XSalsa20 for encryption and Poly1305 for authentication rather than AES-GCM. 12 | 13 | The resulting string is not more than 225 characters in length and contains an identifier, version (used for master passphrase version), the ciphertext Scrypt base-64 value, masterkey Scrypt salt as base-64, and user passphrase scrypt parameters as integers, followed by master passphrase Scrypt parameters in the same format with sections separated by `$`. 14 | 15 | You should not store the master passphrase with the password hashes. How you choose to store this value is up to you, but you should understand that losing the masterpassphrase will cause you to lose access to all passwords encrypted with this. According to the math, you should be able to use the same master passphrase for several quintillion passphrases without key exhaustion using XSalsa20 so you should feel free to use it for all users rather than attempting to rotate this. You can store the master passphrase and an environmental variable, CLI argument or come up with your own novel approach as long as you don't lose it. 16 | 17 | Using this method, even if the user credential database were to be compromised the attacker would first need to break the Secretbox encryption before being able to then attempt to crack the Scrypt passphrase hashes which would still only reveal the Blake2b-512 hash of the passphrase. By tuning the Scrypt parameters you can make the password hash derivation more costly (more time and resource consuming). You will need to balance security and speed. 18 | 19 | As of writing, secure recommendations for interactive logins are N=32768, r=8 and p=1. The parameters N, r, and p should be increased as memory latency and CPU parallelism increases; consider setting N to the highest power of 2 you can derive within an acceptable period of time. Because these parameters are combined to be stored with the output you should have no issue changing the settings without forcing users to update. There is also a version tag included to allow for future library updates without causing breaking changes for existing users. 20 | 21 | *The params are used for both the user passphrase and master passphrase hash, keep in mind that any settings is being done twice as thus Scrypt hashing params have twice the impact. I have considered creating an updated version where master or user passphrase hash is computed using a different algorithm or with different parameters to increase speed. This would not be a breaking change since there is a version included in all hash outputs.* 22 | 23 | Example Output: 24 | 25 | ```secBoxv1$0$G0Ke6q1upuoC+fs+cPvK5swmF8WNNxc9cWHwyp5pZtL/Yc+KmjD1x/43mjy/ySWj4uAFc92LL5tKmvsTCedFMqyNJ8URdzJ1MgdqmCgMIkOXy87JacKdLnxjyIWjeeNnLVxiCWjXhrI=$8OPoOpUeIf0=$32768$16$1$16384$8$1``` 26 | 27 | ## Usage 28 | 29 | Latest from Github: 30 | 31 | ```bash 32 | go get github.com/dwin/goSecretBoxPassword 33 | ``` 34 | 35 | ```go 36 | import "github.com/dwin/goSecretBoxPassword" 37 | ``` 38 | 39 | ### Future Plans 40 | 41 | - [x] Helper function for updating master passphrase without modifying user passphrase 42 | - [x] Allow seamless change of master passphrase using version code 43 | - [x] ~~Allow disable of Scrypt~~, use of different parameters ~~or algorithm~~ for master passphrase hash to increase speed or security 44 | 45 | ### Example 46 | 47 | ```go 48 | package main 49 | 50 | import ( 51 | "fmt" 52 | 53 | password "github.com/dwin/goSecretBoxPassword" 54 | ) 55 | 56 | // This should be from config file or environemnt variables rather than your source 57 | var mastPw = "masterpassword" 58 | 59 | func main() { 60 | userPw := "userpassword" 61 | // Hash and encrypt passphrase 62 | pwHash, err := password.Hash(userPw, mastPw, 0, password.ScryptParams{N: 32768, R: 16, P: 1}, password.DefaultParams) 63 | if err != nil { 64 | fmt.Println("Hash fail. ", err) 65 | } 66 | // Store pwHash to Database -> 67 | 68 | // -------- Verify ------------- 69 | // Get pwHash from database <- and compare to user input using same 70 | // masterpassword stored hash was created with. 71 | // Verify will return nil unless password does not match or other error occurs 72 | err = password.Verify(userPw, mastPw, pwHash) 73 | if err != nil { 74 | fmt.Println("Verify fail. ", err) 75 | } 76 | fmt.Println("Success") 77 | } 78 | ``` 79 | 80 | --- 81 | 82 | ## Contributors 83 | 84 | - [@dwin](https://github.com/dwin) 85 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Supported Versions 4 | 5 | Use this section to tell people about which versions of your project are 6 | currently being supported with security updates. 7 | 8 | | Version | Supported | 9 | | ------- | ------------------ | 10 | | 1.x.x | :white_check_mark: | 11 | | < 1.x | :x: | 12 | 13 | ## Reporting a Vulnerability 14 | 15 | If you are reporting a security vulnerability, please refrain from opening 16 | a GitHub issue and instead mail it to one of the maintainers listed in the README. 17 | -------------------------------------------------------------------------------- /error.go: -------------------------------------------------------------------------------- 1 | package password 2 | 3 | import "errors" 4 | 5 | var ( 6 | // ErrCiphertextVer indicates version sub-string mismatch normally; ex. "secBoxv1" 7 | ErrCiphertextVer = errors.New("Nonmatched ciphertext version") 8 | // ErrCiphertextFormat indicates input is not in expected format 9 | ErrCiphertextFormat = errors.New("Ciphertext input format not as expected") 10 | // ErrInvalidVersionUpdate indicates new version given not oldVersion + 1 or greater 11 | ErrInvalidVersionUpdate = errors.New("Invalid new version int, new master passphrase version must be greater than previous") 12 | // ErrPassphraseHashMismatch indicates invalid passphrase for supplied ciphertext 13 | ErrPassphraseHashMismatch = errors.New("Passphrase hash does not match supplied ciphertext") 14 | // ErrPassphraseLength indicates supplied passphrase is not at least MinLength 15 | ErrPassphraseLength = errors.New("Passphrase must be at least MinLength") 16 | // ErrSecretBoxDecryptFail indicates SecretBox decryption could not be completed 17 | ErrSecretBoxDecryptFail = errors.New("SecretBox decryption failed") 18 | // ErrScryptParamN indicates ScryptParams:N out of acceptable range 19 | ErrScryptParamN = errors.New("Given Scrypt (N) cost factor out of acceptable range") 20 | // ErrScryptParamR indicates ScryptParams:r out of acceptable range 21 | ErrScryptParamR = errors.New("Given Scrypt (r) cost factor out of acceptable range") 22 | // ErrScryptParamP indicates ScryptParams:p out of acceptable range 23 | ErrScryptParamP = errors.New("Given Scrypt (p) cost factor out of acceptable range") 24 | ) 25 | -------------------------------------------------------------------------------- /example/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | 6 | password "github.com/dwin/goSecretBoxPassword" 7 | ) 8 | 9 | // These should be from config file or environment variables rather than your source 10 | var mastPw0 = "masterpassword" 11 | var mastPw1 = "masterpassword1" 12 | 13 | func main() { 14 | userPw := "userpassword" 15 | // Hash and encrypt passphrase 16 | pwHash, err := password.Hash(userPw, mastPw0, 0, password.ScryptParams{N: 32768, R: 16, P: 1}, password.DefaultParams) 17 | if err != nil { 18 | fmt.Println("Hash fail. ", err) 19 | } 20 | // Store pwHash to Database 21 | 22 | // -------- Verify ------------- 23 | // Get pwHash from database and compare to user input using same masterpassword stored hash was created with 24 | // Verify will return nil unless password does not match or other error occurs 25 | err = password.Verify(userPw, mastPw0, pwHash) 26 | if err != nil { 27 | fmt.Println("Verify fail. ", err) 28 | } 29 | fmt.Println("Success") 30 | 31 | // --------- Update ------------ 32 | // Get pwhash from database and update using new masterpassphrase, version, and parameters 33 | updated, err := password.UpdateMaster(mastPw1, mastPw0, 1, pwHash, password.DefaultParams) 34 | if err != nil { 35 | fmt.Println("Update fail. ", err) 36 | } 37 | err = password.Verify(userPw, mastPw1, updated) 38 | if err != nil { 39 | fmt.Println("Verify fail. ", err) 40 | } 41 | fmt.Println("Success verifying updated hash") 42 | } 43 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/dwin/goSecretBoxPassword 2 | 3 | require ( 4 | github.com/corpix/uarand v0.0.0 // indirect 5 | github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428 6 | github.com/stretchr/testify v1.3.0 // indirect 7 | golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 8 | golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06 // indirect 9 | ) 10 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/corpix/uarand v0.0.0 h1:mNbzro1GwUcZ1hmO2rWXytkR3JBxNxxctzjyuhO+Aig= 2 | github.com/corpix/uarand v0.0.0/go.mod h1:JSm890tOkDN+M1jqN8pUGDKnzJrsVbJwSMHBY4zwz7M= 3 | github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= 4 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 5 | github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428 h1:Mo9W14pwbO9VfRe+ygqZ8dFbPpoIK1HFrG/zjTuQ+nc= 6 | github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428/go.mod h1:uhpZMVGznybq1itEKXj6RYw9I71qK4kH+OGMjRC4KEo= 7 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 8 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 9 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 10 | github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= 11 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= 12 | golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0= 13 | golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= 14 | golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06 h1:0oC8rFnE+74kEmuHZ46F6KHsMr5Gx2gUQPuNz28iQZM= 15 | golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 16 | -------------------------------------------------------------------------------- /password.go: -------------------------------------------------------------------------------- 1 | // Package password is a probably paranoid utility library for securly hashing and 2 | // encrypting passwords based on the Dropbox method. This implementation uses Blake2b, 3 | // Scrypt and XSalsa20-Poly1305 (via NaCl SecretBox) to create secure password hashes 4 | // that are also encrypted using a master passphrase. If the master passphrase is lost 5 | // you will lose access to all passwords encrypted with it so store is securely, my 6 | // recommendation is that you store it as an environmental variable or in a config file 7 | // to avoid storing it in source code. 8 | package password 9 | 10 | import ( 11 | "crypto/rand" 12 | "crypto/subtle" 13 | "encoding/base64" 14 | "encoding/hex" 15 | "fmt" 16 | "io" 17 | "strconv" 18 | "strings" 19 | "time" 20 | 21 | "golang.org/x/crypto/blake2b" 22 | "golang.org/x/crypto/nacl/secretbox" 23 | "golang.org/x/crypto/scrypt" 24 | ) 25 | 26 | var ( 27 | // MinLength changes the minimum passphrase and master passphrase length accepted 28 | MinLength = 8 29 | // DefaultParams defines Scrypt Parameters 30 | DefaultParams = ScryptParams{N: 16384, R: 8, P: 1} 31 | ) 32 | 33 | // ScryptParams sets the Scrypt devivation parameters used for hashing 34 | type ScryptParams struct { 35 | N int 36 | R int 37 | P int 38 | } 39 | 40 | // Hash takes passphrase ,masterpassphrase as strings, version indicator as int, and userparams and masterparams as ScryptParams and returns up to 225 char ciphertext string and error - ex. password.Hash("password1234", "masterpassphrase", 0, ScryptParams{N: 32768, R: 16, P: 1}, DefaultParams) 41 | func Hash(userpass, masterpass string, version int, userparams, masterparams ScryptParams) (pwHashOut string, err error) { 42 | sbpVersion := "v1" 43 | // Check for non-nil and at least min length password and masterKey 44 | if len(userpass) < MinLength { 45 | return "", ErrPassphraseLength 46 | } 47 | if len(masterpass) < MinLength { 48 | return "", ErrPassphraseLength 49 | } 50 | // Validate Scrypt Parameters 51 | err = validateParams(userparams) 52 | if err != nil { 53 | return 54 | } 55 | err = validateParams(masterparams) 56 | if err != nil { 57 | return 58 | } 59 | 60 | // 1) The plaintext password is transformed into a hash value using Blake2b-512 61 | userPwBlake := blake2b.Sum512([]byte(userpass)) 62 | // 2) Blake2b hash is hashed again using Scrypt with supplied params plus random 8 byte salt, generating 56 byte output with salt appended for 64 byte total output 63 | userpassScrypt, err := scryptHash(hex.EncodeToString(userPwBlake[:]), nil, userparams) 64 | 65 | // 3) Encrypt userpass Scrypt output with secretbox XSalsa20-Poly1305 encryption-authentication method using random 24 byte nonce and masterpass Scrypt hash 66 | encrypted, salt, err := encrypt(masterpass, userpassScrypt, masterparams) 67 | // 4) Generate base64 of Secretbox output and salt then format output string and return 68 | ciphertext := base64.StdEncoding.EncodeToString(encrypted) 69 | saltHex := base64.StdEncoding.EncodeToString(salt) 70 | pwHashOut = fmt.Sprintf("secBox%s$%v$%s$%s$%v$%v$%v$%v$%v$%v", sbpVersion, version, ciphertext, saltHex, userparams.N, userparams.R, userparams.P, masterparams.N, masterparams.R, masterparams.P) 71 | return pwHashOut, err 72 | } 73 | 74 | // Verify takes passphrase, masterpassphrase and ciphertext as strings and returns error if verification fails, else returns nil upon success 75 | func Verify(userpass, masterpass, ciphertext string) error { 76 | parts := strings.Split(ciphertext, "$") 77 | if len(parts) == 10 && parts[0] == "secBoxv1" { 78 | return verifyV1(userpass, masterpass, parts) 79 | } 80 | return ErrCiphertextVer 81 | } 82 | 83 | // GetHashVersion takes ciphertext string and returns goSecretBoxPassword version as int and error. 84 | func GetHashVersion(ciphertext string) (version int, err error) { 85 | parts := strings.Split(ciphertext, "$") 86 | s := strings.Trim(parts[0], "secBoxv") 87 | version, err = strconv.Atoi(s) 88 | if err != nil { 89 | return 90 | } 91 | return 92 | } 93 | 94 | // GetParams takes ciphertext string, returns user and master parameters and error. This may be useful for upgrading. 95 | func GetParams(ciphertext string) (userParams, masterParams ScryptParams, err error) { 96 | parts := strings.Split(ciphertext, "$") 97 | if len(parts) == 10 && parts[0] == "secBoxv1" { 98 | return getParams(parts) 99 | } 100 | return userParams, masterParams, ErrCiphertextFormat 101 | } 102 | 103 | // GetMasterVersion takes ciphertext string and returns master passphrase version as int and error. 104 | func GetMasterVersion(ciphertext string) (version int, err error) { 105 | parts := strings.Split(ciphertext, "$") 106 | version, err = strconv.Atoi(parts[1]) 107 | if err != nil { 108 | return 109 | } 110 | return 111 | } 112 | 113 | // UpdateMaster takes new master passphrase, old master passphrase as string, new version as int, cipertext as string, and new ScryptParams. It returns and updated hash output string and error. 114 | func UpdateMaster(newMaster, oldMaster string, newVersion int, ciphertext string, masterparams ScryptParams) (pwHashOut string, err error) { 115 | parts := strings.Split(ciphertext, "$") 116 | if len(parts) == 10 && parts[0] == "secBoxv1" { 117 | return updateMasterV1(newMaster, oldMaster, newVersion, parts, masterparams) 118 | } 119 | return "", ErrCiphertextFormat 120 | } 121 | func updateMasterV1(newMaster, oldMaster string, newVersion int, parts []string, masterparams ScryptParams) (newHash string, err error) { 122 | sbpVersion := "v1" 123 | // Update Secretbox Masterpass version 124 | cVer, err := strconv.Atoi(parts[1]) 125 | if err != nil { 126 | return 127 | } 128 | if newVersion <= cVer { 129 | return "", ErrInvalidVersionUpdate 130 | } 131 | // Extract Scrypt parameters from string 132 | userparams, oldMasterparams, err := getParams(parts) 133 | if err != nil { 134 | return "", err 135 | } 136 | // Regenerate Blake2b-256 hash (32 bytes) using masterpass for secretbox 137 | //masterpassHash := blake2b.Sum256([]byte(masterpass)) 138 | salt, err := base64.StdEncoding.DecodeString(parts[3]) 139 | masterpassScrypt, err := scryptHash(oldMaster, salt, oldMasterparams) 140 | if err != nil { 141 | return "", err 142 | } 143 | // Create 32 byte hash of masterpass Scrypt output for Secretbox 144 | mpScryptB2 := blake2b.Sum256(masterpassScrypt) 145 | // When you decrypt, you must use the same nonce and key you used to 146 | // encrypt the message. One way to achieve this is to store the nonce 147 | // alongside the encrypted message. Above, we stored the nonce in the first 148 | // 24 bytes of the encrypted text. 149 | encrypted, err := base64.StdEncoding.DecodeString(parts[2]) 150 | if err != nil { 151 | return "", err 152 | } 153 | var decryptNonce [24]byte 154 | copy(decryptNonce[:], encrypted[:24]) 155 | decrypted, ok := secretbox.Open(nil, encrypted[24:], &decryptNonce, &mpScryptB2) 156 | if !ok { 157 | return "", ErrSecretBoxDecryptFail 158 | } 159 | newEncrypted, newSalt, err := encrypt(newMaster, decrypted, masterparams) 160 | if err != nil { 161 | return 162 | } 163 | // 4) Generate base64 of Secretbox output and salt then format output string and return 164 | ciphertext := base64.StdEncoding.EncodeToString(newEncrypted) 165 | saltHex := base64.StdEncoding.EncodeToString(newSalt) 166 | newHash = fmt.Sprintf("secBox%s$%v$%s$%s$%v$%v$%v$%v$%v$%v", sbpVersion, newVersion, ciphertext, saltHex, userparams.N, userparams.R, userparams.P, masterparams.N, masterparams.R, masterparams.P) 167 | return 168 | } 169 | func encrypt(masterpass string, userpassScrypt []byte, masterparams ScryptParams) (secretboxOut, salt []byte, err error) { 170 | // Generate random salt for master passphrase Scrypt hash 171 | salt = make([]byte, 8) 172 | if _, err := io.ReadFull(rand.Reader, salt); err != nil { 173 | panic("rand salt failure") 174 | } 175 | // Generate Scrypt hash of masterpassphrase 176 | masterpassScrypt, err := scryptHash(masterpass, salt, masterparams) 177 | if err != nil { 178 | return 179 | } 180 | // Generate random nonce for secretbox 181 | var nonce [24]byte 182 | if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil { 183 | panic("rand nonce failure") 184 | } 185 | // Create 32 byte hash of masterpass Scrypt output for Secretbox 186 | mpScryptB2 := blake2b.Sum256(masterpassScrypt) 187 | // Encrypt userpass output and salt using masterpass Scrypt hash as key with the result appended to the nonce. 188 | secretboxOut = secretbox.Seal(nonce[:], userpassScrypt, &nonce, &mpScryptB2) 189 | return 190 | } 191 | func verifyV1(userpass, masterpass string, parts []string) (err error) { 192 | if len(parts) != 10 { 193 | return ErrCiphertextFormat 194 | } 195 | if parts[0] != "secBoxv1" { 196 | return ErrCiphertextVer 197 | } 198 | // Extract Scrypt parameters from string 199 | userparams, masterparams, err := getParams(parts) 200 | if err != nil { 201 | return err 202 | } 203 | // Regenerate Blake2b-256 hash (32 bytes) using masterpass for secretbox 204 | //masterpassHash := blake2b.Sum256([]byte(masterpass)) 205 | salt, err := base64.StdEncoding.DecodeString(parts[3]) 206 | masterpassScrypt, err := scryptHash(masterpass, salt, masterparams) 207 | if err != nil { 208 | return err 209 | } 210 | // Create 32 byte hash of masterpass Scrypt output for Secretbox 211 | mpScryptB2 := blake2b.Sum256(masterpassScrypt) 212 | // When you decrypt, you must use the same nonce and key you used to 213 | // encrypt the message. One way to achieve this is to store the nonce 214 | // alongside the encrypted message. Above, we stored the nonce in the first 215 | // 24 bytes of the encrypted text. 216 | encrypted, err := base64.StdEncoding.DecodeString(parts[2]) 217 | if err != nil { 218 | return err 219 | } 220 | var decryptNonce [24]byte 221 | copy(decryptNonce[:], encrypted[:24]) 222 | decrypted, ok := secretbox.Open(nil, encrypted[24:], &decryptNonce, &mpScryptB2) 223 | if !ok { 224 | return ErrSecretBoxDecryptFail 225 | } 226 | 227 | // Use scrypt to derive key for comparison 228 | // The plaintext password is transformed into a hash value using Blake2b-512 229 | userPwBlake := blake2b.Sum512([]byte(userpass)) 230 | userpassScrypt, err := scryptHash(hex.EncodeToString(userPwBlake[:]), []byte(decrypted[56:]), userparams) 231 | if err != nil { 232 | return err 233 | } 234 | 235 | // Compare given hash input to generated hash 236 | if res := subtle.ConstantTimeCompare(decrypted, userpassScrypt); res != 1 { 237 | // return nil only if supplied hash and computed hash from passphrase match 238 | return ErrPassphraseHashMismatch 239 | } 240 | 241 | return err 242 | } 243 | func validateParams(p ScryptParams) error { 244 | // Cost factor must be multiple of 2 245 | if p.N < 4096 || p.N > 600000 { 246 | return ErrScryptParamN 247 | } 248 | if p.R < 4 || p.R > 128 { 249 | return ErrScryptParamR 250 | } 251 | if p.P < 1 || p.P > 20 { 252 | return ErrScryptParamP 253 | } 254 | return nil 255 | } 256 | 257 | func scryptHash(p string, salt []byte, params ScryptParams) (hash []byte, err error) { 258 | if salt == nil { 259 | salt = make([]byte, 8) 260 | if _, err := io.ReadFull(rand.Reader, salt); err != nil { 261 | panic("rand salt failure") 262 | } 263 | } 264 | err = validateParams(params) 265 | if err != nil { 266 | return nil, err 267 | } 268 | // 1) The plaintext password is transformed into a hash value using Blake2b 269 | hashedPass := blake2b.Sum512([]byte(p)) 270 | 271 | // 2) Blake2b hash is hashed again using scrypt with high defaults plus supplied 8 byte salt, generating 56 byte output with salt appended for 64 byte total 272 | scryptHash, err := scrypt.Key([]byte(hashedPass[:]), salt, params.N, params.R, params.P, 56) 273 | if err != nil { 274 | return nil, err 275 | } 276 | output := make([]byte, 64) 277 | copy(output, scryptHash) 278 | copy(output[56:], salt) 279 | return output, err 280 | } 281 | func getParams(parts []string) (userparams, masterparams ScryptParams, err error) { 282 | // Get Scrypt parameters 283 | userparams.N, err = strconv.Atoi(parts[4]) 284 | if err != nil { 285 | return 286 | } 287 | userparams.R, err = strconv.Atoi(parts[5]) 288 | if err != nil { 289 | return 290 | } 291 | userparams.P, err = strconv.Atoi(parts[6]) 292 | if err != nil { 293 | return 294 | } 295 | err = validateParams(userparams) 296 | if err != nil { 297 | return 298 | } 299 | masterparams.N, err = strconv.Atoi(parts[7]) 300 | if err != nil { 301 | return 302 | } 303 | masterparams.R, err = strconv.Atoi(parts[8]) 304 | if err != nil { 305 | return 306 | } 307 | masterparams.P, err = strconv.Atoi(parts[9]) 308 | if err != nil { 309 | return 310 | } 311 | err = validateParams(masterparams) 312 | if err != nil { 313 | return 314 | } 315 | return 316 | } 317 | 318 | // Benchmark takes ScryptParams and returns the number of seconds elapsed as a float64 and error 319 | func Benchmark(params ScryptParams) (seconds float64, err error) { 320 | pw := "benchmarkpass" 321 | mPw := "benchmarkmasterpass" 322 | start := time.Now() 323 | _, err = Hash(pw, mPw, 0, params, DefaultParams) 324 | if err != nil { 325 | return 0, err 326 | } 327 | t := time.Now() 328 | elapsed := t.Sub(start) 329 | return elapsed.Seconds(), err 330 | 331 | } 332 | 333 | /* 334 | * goSecretBoxPassword - Golang Password Hashing & Encryption Library 335 | * Copyright (C) 2017 Darwin Smith 336 | * 337 | * This program is free software: you can redistribute it and/or modify 338 | * it under the terms of the GNU General Public License as published by 339 | * the Free Software Foundation, either version 3 of the License, or 340 | * (at your option) any later version. 341 | * 342 | * This program is distributed in the hope that it will be useful, 343 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 344 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 345 | * GNU General Public License for more details. 346 | * 347 | * You should have received a copy of the GNU General Public License 348 | * along with this program. If not, see . 349 | */ 350 | -------------------------------------------------------------------------------- /password_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | goSecretBoxPassword - Golang Password Hashing & Encryption Library 3 | Copyright (C) 2017 Darwin Smith 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | package password 19 | 20 | import ( 21 | "fmt" 22 | "testing" 23 | 24 | "github.com/icrowley/fake" 25 | ) 26 | 27 | func TestBench(t *testing.T) { 28 | // 2<<14 = 16384 29 | params := ScryptParams{N: 2 << 14, R: 8, P: 1} 30 | runs := 10 31 | total := 0.0 32 | for i := 0; i < runs; i++ { 33 | result, err := Benchmark(params) 34 | if err != nil { 35 | t.Log(err) 36 | t.FailNow() 37 | } 38 | total += result 39 | } 40 | 41 | fmt.Printf("Benchmark Result (avg): %v of %v runs, with Scrypt params: N:%v R:%v P:%v\n", total/float64(runs), runs, params.N, params.R, params.P) 42 | 43 | // Test Bench hash error 44 | result, err := Benchmark(ScryptParams{N: 2048, R: 8, P: 1}) 45 | if err != ErrScryptParamN && result != 0 { 46 | t.Log(err) 47 | t.FailNow() 48 | } 49 | } 50 | 51 | func TestHash(t *testing.T) { 52 | 53 | var total int 54 | runs := 52 55 | // Test expect success 56 | for i := 2; i < runs; i++ { 57 | // Generate Test Password 58 | testUserPass := fake.Password(i*4, 1000, true, true, true) 59 | testMasterPass := fake.Password(i*4, 1000, true, true, true) 60 | // Hash Password 61 | output, err := Hash(testUserPass, testMasterPass, 0, ScryptParams{N: 32768, R: 16, P: 1}, DefaultParams) 62 | if err != nil { 63 | t.Log(err) 64 | t.FailNow() 65 | } 66 | t.Logf("Output: " + output) 67 | 68 | // Check Output Length 69 | lgth := len(output) 70 | if lgth > 225 { 71 | t.Logf("Output Length over 225 chars at %v for input userpass length %v", lgth, len(testUserPass)) 72 | } 73 | total = total + lgth 74 | 75 | // Verify Password 76 | if err := Verify(testUserPass, testMasterPass, output); err != nil { 77 | t.Log(err) 78 | t.FailNow() 79 | } 80 | } 81 | fmt.Printf("Average length of %v runs: %v\n", runs, total/runs) 82 | 83 | // Test with Bad Params 84 | _, err := Hash("password1234", "masterpassphrase", 0, ScryptParams{N: 2048, R: 16, P: 1}, DefaultParams) 85 | if err != ErrScryptParamN { 86 | t.Log("Expected Scrypt N failure for user params") 87 | t.FailNow() 88 | } 89 | _, err = Hash("password1234", "masterpassphrase", 0, DefaultParams, ScryptParams{N: 2048, R: 16, P: 1}) 90 | if err != ErrScryptParamN { 91 | t.Log("Expected Scrypt N failure for master params") 92 | t.FailNow() 93 | } 94 | 95 | } 96 | func TestGetHashVersion(t *testing.T) { 97 | v, err := GetHashVersion("secBoxv1$0$tKTBCfdTcn5gA9xRR9yPNczryWV/f+7MVkdDgxFtuYuzvTcNGMNTHBE2pCoPjRjTDIN1449gwVHfrkzvkzWdwZBEUCVWVZFjlRTdu8kCD7uBDmfozwyX+U/T7k8cyfaHFgB8y8cPEvk=$Ek8NWSL34KE=$32768$16$1$16384$8$1") 98 | if err != nil { 99 | t.Log(err) 100 | t.FailNow() 101 | } 102 | fmt.Println("Hash Version: ", v) 103 | 104 | // Test with Bad Version; secBoxvb instead of expected secBoxv1 105 | _, err = GetHashVersion("secBoxvb$0$tKTBCfdTcn5gA9xRR9yPNczryWV/f+7MVkdDgxFtuYuzvTcNGMNTHBE2pCoPjRjTDIN1449gwVHfrkzvkzWdwZBEUCVWVZFjlRTdu8kCD7uBDmfozwyX+U/T7k8cyfaHFgB8y8cPEvk=$Ek8NWSL34KE=$32768$16$1$16384$8$1") 106 | if err == nil { 107 | t.Log("Expected int parse from string error") 108 | t.FailNow() 109 | } 110 | } 111 | 112 | func TestGetMasterVersion(t *testing.T) { 113 | v, err := GetMasterVersion("secBoxv1$0$tKTBCfdTcn5gA9xRR9yPNczryWV/f+7MVkdDgxFtuYuzvTcNGMNTHBE2pCoPjRjTDIN1449gwVHfrkzvkzWdwZBEUCVWVZFjlRTdu8kCD7uBDmfozwyX+U/T7k8cyfaHFgB8y8cPEvk=$Ek8NWSL34KE=$32768$16$1$16384$8$1") 114 | if err != nil { 115 | t.Log(err) 116 | t.FailNow() 117 | } 118 | fmt.Println("Master Version: ", v) 119 | 120 | // Test Bad Master Version; x instead of 0 121 | _, err = GetMasterVersion("secBoxv1$x$tKTBCfdTcn5gA9xRR9yPNczryWV/f+7MVkdDgxFtuYuzvTcNGMNTHBE2pCoPjRjTDIN1449gwVHfrkzvkzWdwZBEUCVWVZFjlRTdu8kCD7uBDmfozwyX+U/T7k8cyfaHFgB8y8cPEvk=$Ek8NWSL34KE=$32768$16$1$16384$8$1") 122 | if err == nil { 123 | t.Log("Expected string to int parse failure") 124 | t.FailNow() 125 | } 126 | } 127 | func TestGetParamsFromHash(t *testing.T) { 128 | user, master, err := GetParams("secBoxv1$1$5DxIID0p4uz073qNngNsxYhXKPJITbjdvpjLju/XKbbzKDjdXVvgCSVbNIjCAg2QvA8O4mC+/fZpExJJx9rVpgxeL4xH16kN5/AGHtaa3kPNlP0tB5dJjDbFsJVr7u/ar9v4hzwQYhk=$xGvsvszfJDY=$32768$16$1$16384$8$1") 129 | if err != nil { 130 | t.Log(err) 131 | t.FailNow() 132 | } 133 | fmt.Printf("From Hash-> User Params: N-%v R-%v P-%v Master Params: N-%v R-%v P-%v\n", user.N, user.R, user.P, master.N, master.R, master.P) 134 | 135 | // Test with Bad Format 136 | user, master, err = GetParams("secBoxv1$5DxIID0p4uz073qNngNsxYhXKPJITbjdvpjLju/XKbbzKDjdXVvgCSVbNIjCAg2QvA8O4mC+/fZpExJJx9rVpgxeL4xH16kN5/AGHtaa3kPNlP0tB5dJjDbFsJVr7u/ar9v4hzwQYhk=$xGvsvszfJDY=$32768$16$1$16384$8$1") 137 | if err != ErrCiphertextFormat { 138 | t.Log("Expected invalid format error") 139 | t.FailNow() 140 | } 141 | } 142 | func TestGetParams(t *testing.T) { 143 | parts := []string{"0", "1", "2", "3", "8192", "8", "1", "8192", "8", "1"} 144 | user, master, err := getParams(parts) 145 | if err != nil { 146 | t.Log(err) 147 | t.FailNow() 148 | } 149 | if user.N != 8192 || user.R != 8 || user.P != 1 { 150 | t.Log("Returned parameters do not match given") 151 | t.FailNow() 152 | } 153 | if master.N != 8192 || master.R != 8 || master.P != 1 { 154 | t.Log("Returned parameters do not match given") 155 | t.FailNow() 156 | } 157 | fmt.Printf("User Params: N-%v R-%v P-%v Master Params: N-%v R-%v P-%v\n", user.N, user.R, user.P, master.N, master.R, master.P) 158 | 159 | // Invalid Params parts[4]-parts[9], should return err for each 160 | for i := 4; i < len(parts); i++ { 161 | parts = []string{"0", "1", "2", "3", "8192", "8", "1", "8192", "8", "1"} 162 | 163 | parts[i] = "x" 164 | user, master, err = getParams(parts) 165 | if err == nil { 166 | t.Log(err) 167 | t.FailNow() 168 | } 169 | } 170 | 171 | } 172 | func TestUpdateMaster(t *testing.T) { 173 | output, err := Hash("password1234", "masterpassphrase", 0, ScryptParams{N: 32768, R: 16, P: 1}, DefaultParams) 174 | if err != nil { 175 | t.Log(err) 176 | t.FailNow() 177 | } 178 | fmt.Println("Output: " + output) 179 | fmt.Printf("Length: %v\n", len(output)) 180 | 181 | err = Verify("password1234", "masterpassphrase", output) 182 | if err != nil { 183 | t.Log(err) 184 | t.FailNow() 185 | } 186 | // Update then re-verify 187 | updated, err := UpdateMaster("masterpassphrase2", "masterpassphrase", 1, output, DefaultParams) 188 | if err != nil { 189 | t.Log(err) 190 | t.FailNow() 191 | } 192 | fmt.Println("Updated Output: " + updated) 193 | fmt.Printf("Updated Length: %v\n", len(updated)) 194 | err = Verify("password1234", "masterpassphrase2", updated) 195 | if err != nil { 196 | t.Log(err) 197 | t.FailNow() 198 | } 199 | 200 | // Test Bad Format Fail 201 | _, err = UpdateMaster("masterpassphrase2", "masterpassphrase", 1, "secBoxv1$l8W69jygGur7sa0669mAJnIuYgjsbkx4wd+RdDzwIn2Z49FJurWkJDx2NA8g+ED9Nn6vGCLNFoHXSDIDeDBvJXouxs5zyX6mVozceVAVO7IadrL4+KKohV3MzoVlgodUYeNToOVB/5A=$4LZVjQ8P9pA=$32768$16$1$16384$8$1", DefaultParams) 202 | if err != ErrCiphertextFormat { 203 | t.Log("Expected Ciphertext format failure") 204 | t.FailNow() 205 | } 206 | 207 | // Test Bad Params Fail 208 | _, err = UpdateMaster("masterpassphrase2", "masterpassphrase", 1, "secBoxv1$0$l8W69jygGur7sa0669mAJnIuYgjsbkx4wd+RdDzwIn2Z49FJurWkJDx2NA8g+ED9Nn6vGCLNFoHXSDIDeDBvJXouxs5zyX6mVozceVAVO7IadrL4+KKohV3MzoVlgodUYeNToOVB/5A=$4LZVjQ8P9pA=$32768$16$1$16384$8$1", ScryptParams{N: 2048, R: 8, P: 1}) 209 | if err != ErrScryptParamN { 210 | t.Log(err) 211 | t.Log("Expected Scrypt N param failure") 212 | t.FailNow() 213 | } 214 | 215 | // Test Bad Old Master passphrase, decrypt fail 216 | _, err = UpdateMaster("masterpassphrase2", "incorrectmaster", 1, "secBoxv1$0$l8W69jygGur7sa0669mAJnIuYgjsbkx4wd+RdDzwIn2Z49FJurWkJDx2NA8g+ED9Nn6vGCLNFoHXSDIDeDBvJXouxs5zyX6mVozceVAVO7IadrL4+KKohV3MzoVlgodUYeNToOVB/5A=$4LZVjQ8P9pA=$32768$16$1$16384$8$1", DefaultParams) 217 | if err != ErrSecretBoxDecryptFail { 218 | t.Log(err) 219 | t.Log("Expected decryption failure") 220 | t.FailNow() 221 | } 222 | } 223 | func TestUpdateMasterBadVersion(t *testing.T) { 224 | output, err := Hash("password1234", "masterpassphrase", 0, ScryptParams{N: 32768, R: 16, P: 1}, DefaultParams) 225 | if err != nil { 226 | t.Log(err) 227 | t.FailNow() 228 | } 229 | fmt.Println("Output: " + output) 230 | fmt.Printf("Length: %v\n", len(output)) 231 | 232 | err = Verify("password1234", "masterpassphrase", output) 233 | if err != nil { 234 | t.Log(err) 235 | t.FailNow() 236 | } 237 | // Update then re-verify 238 | _, err = UpdateMaster("masterpassphrase2", "masterpassphrase", 0, output, DefaultParams) 239 | if err != ErrInvalidVersionUpdate { 240 | t.Log("Expected Invalid Version update error") 241 | t.FailNow() 242 | } 243 | } 244 | func TestHashShortPassphrase(t *testing.T) { 245 | // Errors should not be nil, fail if errors nil 246 | _, err := Hash("pass", "masterpassphrase", 0, ScryptParams{N: 32768, R: 16, P: 1}, DefaultParams) 247 | if err != ErrPassphraseLength { 248 | t.Log("Expected Passphrase length failure") 249 | t.FailNow() 250 | } 251 | 252 | _, err = Hash("password1234", "master", 0, ScryptParams{N: 32768, R: 16, P: 1}, DefaultParams) 253 | if err != ErrPassphraseLength { 254 | t.Log("Expected Passphrase length failure") 255 | t.FailNow() 256 | } 257 | 258 | } 259 | 260 | func TestVerify(t *testing.T) { 261 | err := Verify("password1234", "masterpassphrase", "secBoxv1$0$Qk09Tgzi2w+z9mtPiwe6uLWPXMY8WQyI3oC7Sqz11PMcRzvqrOhd70fdBXEUmOeM91z2MytB9Lt4VQzjOs21KTYqMx9FwUR2qDa38fmQhT6pLOJCaptpMzgYLC1fvbq4suuW9XpB7RE=$2ZVcHyy/p9Q=$32768$16$1$16384$8$1") 262 | if err != nil { 263 | t.Log(err) 264 | t.FailNow() 265 | } 266 | } 267 | func TestVerifyV1(t *testing.T) { 268 | // Fail Length 269 | err := verifyV1("password1234", "masterpassphrase", []string{"secBoxv1", "Qk09Tgzi2w+z9mtPiwe6uLWPXMY8WQyI3oC7Sqz11PMcRzvqrOhd70fdBXEUmOeM91z2MytB9Lt4VQzjOs21KTYqMx9FwUR2qDa38fmQhT6pLOJCaptpMzgYLC1fvbq4suuW9XpB7RE=", "2ZVcHyy/p9Q=", "32768", "16", "1", "16384", "8", "1"}) 270 | if err != ErrCiphertextFormat { 271 | t.Log("Expected Format Failure") 272 | t.FailNow() 273 | } 274 | // Fail ciphertext version check 275 | err = verifyV1("password1234", "masterpassphrase", []string{"secBoxv0", "0", "Qk09Tgzi2w+z9mtPiwe6uLWPXMY8WQyI3oC7Sqz11PMcRzvqrOhd70fdBXEUmOeM91z2MytB9Lt4VQzjOs21KTYqMx9FwUR2qDa38fmQhT6pLOJCaptpMzgYLC1fvbq4suuW9XpB7RE=", "2ZVcHyy/p9Q=", "32768", "16", "1", "16384", "8", "1"}) 276 | if err != ErrCiphertextVer { 277 | t.Log("Expect Version Failure") 278 | t.FailNow() 279 | } 280 | } 281 | func TestVerifyFormat(t *testing.T) { 282 | err := Verify("password", "masterpassphrase", "secBoxv1$0$Qk09Tgzi2w+z9mtPiwe6uLWPXMY8WQyI3oC7Sqz11PMcRzvqrOhd70fdBXEUmOeM91z2MytB9Lt4VQzjOs21KTYqMx9FwUR2qDa38fmQhT6pLOJCaptpMzgYLC1fvbq4suuW9XpB7RE=$2ZVcHyy/p9Q=$32768$16$1$16384$8$1") 283 | if err == nil { 284 | t.Log(err) 285 | t.FailNow() 286 | } 287 | } 288 | 289 | func TestVerifyVersion(t *testing.T) { 290 | err := Verify("password", "masterpassphrase", "secBoxv0$0$Qk09Tgzi2w+z9mtPiwe6uLWPXMY8WQyI3oC7Sqz11PMcRzvqrOhd70fdBXEUmOeM91z2MytB9Lt4VQzjOs21KTYqMx9FwUR2qDa38fmQhT6pLOJCaptpMzgYLC1fvbq4suuW9XpB7RE=$2ZVcHyy/p9Q=$32768$16$1$16384$8$1") 291 | if err == nil { 292 | t.Log(err) 293 | t.FailNow() 294 | } 295 | } 296 | 297 | func TestVerifyParseParams(t *testing.T) { 298 | // These should fail if errors are not returned 299 | err := Verify("password", "masterpassphrase", "secBoxv0$0$Qk09Tgzi2w+z9mtPiwe6uLWPXMY8WQyI3oC7Sqz11PMcRzvqrOhd70fdBXEUmOeM91z2MytB9Lt4VQzjOs21KTYqMx9FwUR2qDa38fmQhT6pLOJCaptpMzgYLC1fvbq4suuW9XpB7RE=$2ZVcHyy/p9Q=$32768$16$1$16384$8$a") 300 | if err == nil { 301 | t.Log(err) 302 | t.FailNow() 303 | } 304 | err = Verify("password", "masterpassphrase", "secBoxv0$0$Qk09Tgzi2w+z9mtPiwe6uLWPXMY8WQyI3oC7Sqz11PMcRzvqrOhd70fdBXEUmOeM91z2MytB9Lt4VQzjOs21KTYqMx9FwUR2qDa38fmQhT6pLOJCaptpMzgYLC1fvbq4suuW9XpB7RE=$2ZVcHyy/p9Q=$32768$16$1$16384$b$1") 305 | if err == nil { 306 | t.Log(err) 307 | t.FailNow() 308 | } 309 | err = Verify("password", "masterpassphrase", "secBoxv0$0$Qk09Tgzi2w+z9mtPiwe6uLWPXMY8WQyI3oC7Sqz11PMcRzvqrOhd70fdBXEUmOeM91z2MytB9Lt4VQzjOs21KTYqMx9FwUR2qDa38fmQhT6pLOJCaptpMzgYLC1fvbq4suuW9XpB7RE=$2ZVcHyy/p9Q=$32768$16$1$c$b$1") 310 | if err == nil { 311 | t.Log(err) 312 | t.FailNow() 313 | } 314 | } 315 | 316 | func TestVerifyBadParams(t *testing.T) { 317 | err := Verify("password", "masterpassphrase", "secBoxv0$0$Qk09Tgzi2w+z9mtPiwe6uLWPXMY8WQyI3oC7Sqz11PMcRzvqrOhd70fdBXEUmOeM91z2MytB9Lt4VQzjOs21KTYqMx9FwUR2qDa38fmQhT6pLOJCaptpMzgYLC1fvbq4suuW9XpB7RE=$2ZVcHyy/p9Q=$32768$16$1$16384$999$1") 318 | if err == nil { 319 | t.Log(err) 320 | t.FailNow() 321 | } 322 | } 323 | func TestVerifyBadPassphrase(t *testing.T) { 324 | err := Verify("passw0rd", "masterpassphrase", "secBoxv1$0$Qk09Tgzi2w+z9mtPiwe6uLWPXMY8WQyI3oC7Sqz11PMcRzvqrOhd70fdBXEUmOeM91z2MytB9Lt4VQzjOs21KTYqMx9FwUR2qDa38fmQhT6pLOJCaptpMzgYLC1fvbq4suuW9XpB7RE=$2ZVcHyy/p9Q=$32768$16$1$16384$8$1") 325 | if err == nil { 326 | t.Log(err) 327 | t.FailNow() 328 | } 329 | } 330 | func TestVerifyBadMasterPass(t *testing.T) { 331 | err := Verify("password", "mast3rpassphrase", "secBoxv1$0$Qk09Tgzi2w+z9mtPiwe6uLWPXMY8WQyI3oC7Sqz11PMcRzvqrOhd70fdBXEUmOeM91z2MytB9Lt4VQzjOs21KTYqMx9FwUR2qDa38fmQhT6pLOJCaptpMzgYLC1fvbq4suuW9XpB7RE=$2ZVcHyy/p9Q=$32768$16$1$16384$8$1") 332 | if err == nil { 333 | t.Log(err) 334 | t.FailNow() 335 | } 336 | } 337 | func TestVerifyBadSalt(t *testing.T) { 338 | err := Verify("password", "mast3rpassphrase", "secBoxv1$0$Qk09Tgzi2w+z9mtPiwe6uLWPXMY8WQyI3oC7Sqz11PMcRzvqrOhd70fdBXEUmOeM91z2MytB9Lt4VQzjOs21KTYqMx9FwUR2qDa38fmQhT6pLOJCaptpMzgYLC1fvbq4suuW9XpB7RE=$2ZVbHyy/p9Q=$32768$16$1$16384$8$1") 339 | if err == nil { 340 | t.Log(err) 341 | t.FailNow() 342 | } 343 | } 344 | func TestValidateParams(t *testing.T) { 345 | // This should pass 346 | err := validateParams(ScryptParams{N: 65536, R: 32, P: 2}) 347 | if err != nil { 348 | t.Log(err) 349 | t.FailNow() 350 | } 351 | 352 | // These should fail 353 | err = validateParams(ScryptParams{N: 10, R: 32, P: 2}) 354 | if err == nil { 355 | t.Log(err) 356 | t.FailNow() 357 | } 358 | 359 | err = validateParams(ScryptParams{N: 601000, R: 32, P: 2}) 360 | if err == nil { 361 | t.Log(err) 362 | t.FailNow() 363 | } 364 | 365 | err = validateParams(ScryptParams{N: 32500, R: 2, P: 2}) 366 | if err == nil { 367 | t.Log(err) 368 | t.FailNow() 369 | } 370 | 371 | err = validateParams(ScryptParams{N: 32500, R: 130, P: 2}) 372 | if err == nil { 373 | t.Log(err) 374 | t.FailNow() 375 | } 376 | 377 | err = validateParams(ScryptParams{N: 32500, R: 32, P: 0}) 378 | if err == nil { 379 | t.Log(err) 380 | t.FailNow() 381 | } 382 | 383 | err = validateParams(ScryptParams{N: 32500, R: 32, P: 22}) 384 | if err == nil { 385 | t.Log(err) 386 | t.FailNow() 387 | } 388 | } 389 | -------------------------------------------------------------------------------- /vendor/github.com/corpix/uarand/.gitignore: -------------------------------------------------------------------------------- 1 | /build 2 | /vendor 3 | *~ 4 | -------------------------------------------------------------------------------- /vendor/github.com/corpix/uarand/.go-makefile.json: -------------------------------------------------------------------------------- 1 | { 2 | "build_id_generator": "0x$(shell echo $(version) | sha1sum | awk '{print $$1}')", 3 | "host": "github.com", 4 | "include": ["useragents.mk"], 5 | "kind": "package", 6 | "name": "uarand", 7 | "tool": [], 8 | "user": "corpix", 9 | "version_generator": "$(shell git rev-list --count HEAD).$(shell git rev-parse --short HEAD)", 10 | "version_variable": "cli.version" 11 | } 12 | -------------------------------------------------------------------------------- /vendor/github.com/corpix/uarand/.travis.yml: -------------------------------------------------------------------------------- 1 | language: go 2 | 3 | go: 4 | - 1.6 5 | - 1.7 6 | - 1.8 7 | - master 8 | 9 | script: make test 10 | -------------------------------------------------------------------------------- /vendor/github.com/corpix/uarand/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright © 2017 Dmitry Moskowski 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /vendor/github.com/corpix/uarand/Makefile: -------------------------------------------------------------------------------- 1 | .DEFAULT_GOAL = all 2 | 3 | numcpus := $(shell cat /proc/cpuinfo | grep '^processor\s*:' | wc -l) 4 | version := $(shell git rev-list --count HEAD).$(shell git rev-parse --short HEAD) 5 | 6 | name := uarand 7 | package := github.com/corpix/$(name) 8 | 9 | .PHONY: all 10 | all:: dependencies 11 | 12 | .PHONY: tools 13 | tools:: 14 | @if [ ! -e "$(GOPATH)"/bin/glide ]; then go get github.com/Masterminds/glide; fi 15 | @if [ ! -e "$(GOPATH)"/bin/glide-cleanup ]; then go get github.com/ngdinhtoan/glide-cleanup; fi 16 | @if [ ! -e "$(GOPATH)"/bin/glide-vc ]; then go get github.com/sgotti/glide-vc; fi 17 | @if [ ! -e "$(GOPATH)"/bin/godef ]; then go get github.com/rogpeppe/godef; fi 18 | @if [ ! -e "$(GOPATH)"/bin/gocode ]; then go get github.com/nsf/gocode; fi 19 | @if [ ! -e "$(GOPATH)"/bin/gometalinter ]; then go get github.com/alecthomas/gometalinter && gometalinter --install; fi 20 | @if [ ! -e "$(GOPATH)"/src/github.com/stretchr/testify/assert ]; then go get github.com/stretchr/testify/assert; fi 21 | 22 | .PHONY: dependencies 23 | dependencies:: tools 24 | glide install 25 | 26 | .PHONY: clean 27 | clean:: tools 28 | glide cache-clear 29 | 30 | .PHONY: test 31 | test:: dependencies 32 | go test -v \ 33 | $(shell glide novendor) 34 | 35 | .PHONY: bench 36 | bench:: dependencies 37 | go test \ 38 | -bench=. -v \ 39 | $(shell glide novendor) 40 | 41 | .PHONY: lint 42 | lint:: dependencies 43 | go vet $(shell glide novendor) 44 | gometalinter \ 45 | --deadline=5m \ 46 | --concurrency=$(numcpus) \ 47 | $(shell glide novendor) 48 | 49 | .PHONY: check 50 | check:: lint test 51 | 52 | include useragents.mk 53 | -------------------------------------------------------------------------------- /vendor/github.com/corpix/uarand/README.md: -------------------------------------------------------------------------------- 1 | uarand 2 | ---------------- 3 | 4 | [![Build Status](https://travis-ci.org/corpix/uarand.svg?branch=master)](https://travis-ci.org/corpix/uarand) 5 | 6 | Random user-agent producer for go. 7 | 8 | ## Example 9 | 10 | ``` go 11 | package main 12 | 13 | import ( 14 | "fmt" 15 | 16 | "github.com/corpix/uarand" 17 | ) 18 | 19 | func main() { 20 | fmt.Println(uarand.GetRandom()) 21 | } 22 | ``` 23 | 24 | Save it to `snippet.go` and run: 25 | 26 | ``` shell 27 | go run snippet.go 28 | ``` 29 | 30 | Which should produce something similar to: 31 | 32 | ``` text 33 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36 34 | ``` 35 | 36 | ## License 37 | 38 | MIT 39 | -------------------------------------------------------------------------------- /vendor/github.com/corpix/uarand/glide.lock: -------------------------------------------------------------------------------- 1 | hash: 400dee10adae21284f2563cb7178f4b5a30e69c9ed3954a5a32a8a618d5bdfeb 2 | updated: 2017-07-12T21:00:19.452016303Z 3 | imports: [] 4 | testImports: 5 | - name: github.com/davecgh/go-spew 6 | version: 6d212800a42e8ab5c146b8ace3490ee17e5225f9 7 | subpackages: 8 | - spew 9 | - name: github.com/pmezard/go-difflib 10 | version: d8ed2627bdf02c080bf22230dbb337003b7aba2d 11 | subpackages: 12 | - difflib 13 | - name: github.com/stretchr/testify 14 | version: 69483b4bd14f5845b5a1e55bca19e954e827f1d0 15 | subpackages: 16 | - assert 17 | -------------------------------------------------------------------------------- /vendor/github.com/corpix/uarand/glide.yaml: -------------------------------------------------------------------------------- 1 | package: github.com/corpix/uarand 2 | import: [] 3 | testImport: 4 | - package: github.com/stretchr/testify 5 | version: v1.1.4 6 | subpackages: 7 | - assert 8 | -------------------------------------------------------------------------------- /vendor/github.com/corpix/uarand/uarand.go: -------------------------------------------------------------------------------- 1 | package uarand 2 | 3 | import ( 4 | "math/rand" 5 | "time" 6 | ) 7 | 8 | var ( 9 | // Default is the UARand with default settings. 10 | Default = New( 11 | rand.New( 12 | rand.NewSource(time.Now().UnixNano()), 13 | ), 14 | ) 15 | ) 16 | 17 | // Randomizer represents some entity which could provide us an entropy. 18 | type Randomizer interface { 19 | Seed(n int64) 20 | Intn(n int) int 21 | } 22 | 23 | // UARand describes the user agent randomizer settings. 24 | type UARand struct { 25 | Randomizer 26 | UserAgents []string 27 | } 28 | 29 | // GetRandom returns a random user agent from UserAgents slice. 30 | func (u *UARand) GetRandom() string { 31 | return u.UserAgents[u.Intn(len(u.UserAgents))] 32 | } 33 | 34 | // GetRandom returns a random user agent from UserAgents slice. 35 | // This version is driven by Default configuration. 36 | func GetRandom() string { 37 | return Default.GetRandom() 38 | } 39 | 40 | // New return UserAgent randomizer settings with default user-agents list 41 | func New(r Randomizer) *UARand { 42 | return &UARand{r, UserAgents} 43 | } 44 | 45 | // NewWithCustomList return UserAgent randomizer settings with custom user-agents list 46 | func NewWithCustomList(userAgents []string) *UARand { 47 | r := rand.New(rand.NewSource(time.Now().UnixNano())) 48 | return &UARand{r, userAgents} 49 | } 50 | -------------------------------------------------------------------------------- /vendor/github.com/corpix/uarand/useragents.mk: -------------------------------------------------------------------------------- 1 | .PHONY: useragents.go 2 | useragents.go: 3 | curl -Ls -H'User-Agent: gotohellwithyour403' \ 4 | http://techpatterns.com/downloads/firefox/useragentswitcher.xml \ 5 | | ./scripts/extract-user-agents \ 6 | | ./scripts/generate-useragents-go $(name) \ 7 | > $@ 8 | go fmt $@ 9 | 10 | dependencies:: useragents.go 11 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled Object files, Static and Dynamic libs (Shared Objects) 2 | *.o 3 | *.a 4 | *.so 5 | 6 | # Folders 7 | _obj 8 | _test 9 | /vendor 10 | 11 | # Architecture specific extensions/prefixes 12 | *.[568vq] 13 | [568vq].out 14 | 15 | *.cgo1.go 16 | *.cgo2.c 17 | _cgo_defun.c 18 | _cgo_gotypes.go 19 | _cgo_export.* 20 | 21 | _testmain.go 22 | 23 | *.exe 24 | *.test 25 | *.prof 26 | .DS_Store 27 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/.go-makefile.json: -------------------------------------------------------------------------------- 1 | { 2 | "build_id_generator": "0x$(shell echo $(version) | sha1sum | awk '{print $$1}')", 3 | "host": "github.com", 4 | "include": [], 5 | "kind": "package", 6 | "name": "fake", 7 | "tool": [], 8 | "user": "icrowley", 9 | "version_generator": "$(shell git rev-list --count HEAD).$(shell git rev-parse --short HEAD)", 10 | "version_variable": "cli.version" 11 | } 12 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/.travis.yml: -------------------------------------------------------------------------------- 1 | sudo: false 2 | language: go 3 | 4 | go: 5 | - 1.6 6 | - 1.7 7 | - 1.8 8 | - master 9 | - tip 10 | 11 | script: make test 12 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Dmitry Afanasyev 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/Makefile: -------------------------------------------------------------------------------- 1 | .DEFAULT_GOAL = all 2 | 3 | numcpus := $(shell cat /proc/cpuinfo | grep '^processor\s*:' | wc -l) 4 | version := $(shell git rev-list --count HEAD).$(shell git rev-parse --short HEAD) 5 | 6 | name := fake 7 | package := github.com/icrowley/$(name) 8 | 9 | .PHONY: all 10 | all:: dependencies 11 | 12 | .PHONY: tools 13 | tools:: 14 | @if [ ! -e "$(GOPATH)"/bin/glide ]; then go get github.com/Masterminds/glide; fi 15 | @if [ ! -e "$(GOPATH)"/bin/godef ]; then go get github.com/rogpeppe/godef; fi 16 | @if [ ! -e "$(GOPATH)"/bin/gocode ]; then go get github.com/nsf/gocode; fi 17 | @if [ ! -e "$(GOPATH)"/bin/gometalinter ]; then go get github.com/alecthomas/gometalinter && gometalinter --install; fi 18 | @if [ ! -e "$(GOPATH)"/src/github.com/stretchr/testify/assert ]; then go get github.com/stretchr/testify/assert; fi 19 | 20 | .PHONY: dependencies 21 | dependencies:: tools 22 | glide install 23 | 24 | .PHONY: clean 25 | clean:: tools 26 | glide cache-clear 27 | 28 | .PHONY: test 29 | test:: dependencies 30 | go test -v \ 31 | $(shell glide novendor) 32 | 33 | .PHONY: bench 34 | bench:: dependencies 35 | go test \ 36 | -bench=. -v \ 37 | $(shell glide novendor) 38 | 39 | .PHONY: lint 40 | lint:: dependencies 41 | go vet $(shell glide novendor) 42 | gometalinter \ 43 | --deadline=5m \ 44 | --concurrency=$(numcpus) \ 45 | $(shell glide novendor) 46 | 47 | .PHONY: check 48 | check:: lint test 49 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/README.md: -------------------------------------------------------------------------------- 1 | [![Build Status](https://img.shields.io/travis/icrowley/fake.svg?style=flat)](https://travis-ci.org/icrowley/fake) [![Godoc](http://img.shields.io/badge/godoc-reference-blue.svg?style=flat)](https://godoc.org/github.com/icrowley/fake) [![license](http://img.shields.io/badge/license-MIT-red.svg?style=flat)](https://raw.githubusercontent.com/icrowley/fake/master/LICENSE) 2 | 3 | Fake 4 | ==== 5 | 6 | Fake is a fake data generator for Go (Golang), heavily inspired by the forgery and ffaker Ruby gems. 7 | 8 | ## About 9 | 10 | Most data and methods are ported from forgery/ffaker Ruby gems. 11 | For the list of available methods please look at https://godoc.org/github.com/icrowley/fake. 12 | Currently english and russian languages are available. 13 | 14 | Fake embeds samples data files unless you call `UseExternalData(true)` in order to be able to work without external files dependencies when compiled, so, if you add new data files or make changes to existing ones don't forget to regenerate data.go file using `github.com/mjibson/esc` tool and `esc -o data.go -pkg fake data` command (or you can just use `go generate` command if you are using Go 1.4 or later). 15 | 16 | ## Install 17 | 18 | ```shell 19 | go get github.com/icrowley/fake 20 | ``` 21 | 22 | ## Import 23 | 24 | ```go 25 | import ( 26 | "github.com/icrowley/fake" 27 | ) 28 | ``` 29 | 30 | ## Documentation 31 | 32 | Documentation can be found at godoc: 33 | 34 | https://godoc.org/github.com/icrowley/fake 35 | 36 | ## Test 37 | To run the project tests: 38 | 39 | ```shell 40 | cd test 41 | go test 42 | ``` 43 | 44 | ## Examples 45 | 46 | ```go 47 | name := fake.FirstName() 48 | fullname := fake.FullName() 49 | product := fake.Product() 50 | ``` 51 | 52 | Changing language: 53 | 54 | ```go 55 | err := fake.SetLang("ru") 56 | if err != nil { 57 | panic(err) 58 | } 59 | password := fake.SimplePassword() 60 | ``` 61 | 62 | Using english fallback: 63 | 64 | ```go 65 | err := fake.SetLang("ru") 66 | if err != nil { 67 | panic(err) 68 | } 69 | fake.EnFallback(true) 70 | password := fake.Paragraph() 71 | ``` 72 | 73 | Using external data: 74 | 75 | ```go 76 | fake.UseExternalData(true) 77 | password := fake.Paragraph() 78 | ``` 79 | 80 | ### Author 81 | 82 | Dmitry Afanasyev, 83 | http://twitter.com/i_crowley 84 | dimarzio1986@gmail.com 85 | 86 | 87 | ### Maintainers 88 | 89 | Dmitry Moskowski 90 | https://github.com/corpix 91 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/addresses.go: -------------------------------------------------------------------------------- 1 | package fake 2 | 3 | import "strconv" 4 | 5 | // Continent generates random continent 6 | func Continent() string { 7 | return lookup(lang, "continents", true) 8 | } 9 | 10 | // Country generates random country 11 | func Country() string { 12 | return lookup(lang, "countries", true) 13 | } 14 | 15 | // City generates random city 16 | func City() string { 17 | city := lookup(lang, "cities", true) 18 | switch r.Intn(5) { 19 | case 0: 20 | return join(cityPrefix(), city) 21 | case 1: 22 | return join(city, citySuffix()) 23 | default: 24 | return city 25 | } 26 | } 27 | 28 | func cityPrefix() string { 29 | return lookup(lang, "city_prefixes", false) 30 | } 31 | 32 | func citySuffix() string { 33 | return lookup(lang, "city_suffixes", false) 34 | } 35 | 36 | // State generates random state 37 | func State() string { 38 | return lookup(lang, "states", false) 39 | } 40 | 41 | // StateAbbrev generates random state abbreviation 42 | func StateAbbrev() string { 43 | return lookup(lang, "state_abbrevs", false) 44 | } 45 | 46 | // Street generates random street name 47 | func Street() string { 48 | street := lookup(lang, "streets", true) 49 | return join(street, streetSuffix()) 50 | } 51 | 52 | // StreetAddress generates random street name along with building number 53 | func StreetAddress() string { 54 | return join(Street(), strconv.Itoa(r.Intn(100))) 55 | } 56 | 57 | func streetSuffix() string { 58 | return lookup(lang, "street_suffixes", true) 59 | } 60 | 61 | // Zip generates random zip code using one of the formats specifies in zip_format file 62 | func Zip() string { 63 | return generate(lang, "zips", true) 64 | } 65 | 66 | // Phone generates random phone number using one of the formats format specified in phone_format file 67 | func Phone() string { 68 | return generate(lang, "phones", true) 69 | } 70 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/credit_cards.go: -------------------------------------------------------------------------------- 1 | package fake 2 | 3 | import ( 4 | "strings" 5 | 6 | "strconv" 7 | ) 8 | 9 | type creditCard struct { 10 | vendor string 11 | length int 12 | prefixes []int 13 | } 14 | 15 | var creditCards = map[string]creditCard{ 16 | "visa": {"VISA", 16, []int{4539, 4556, 4916, 4532, 4929, 40240071, 4485, 4716, 4}}, 17 | "mastercard": {"MasterCard", 16, []int{51, 52, 53, 54, 55}}, 18 | "amex": {"American Express", 15, []int{34, 37}}, 19 | "discover": {"Discover", 16, []int{6011}}, 20 | } 21 | 22 | // CreditCardType returns one of the following credit values: 23 | // VISA, MasterCard, American Express and Discover 24 | func CreditCardType() string { 25 | n := len(creditCards) 26 | var vendors []string 27 | for _, cc := range creditCards { 28 | vendors = append(vendors, cc.vendor) 29 | } 30 | 31 | return vendors[r.Intn(n)] 32 | } 33 | 34 | // CreditCardNum generated credit card number according to the card number rules 35 | func CreditCardNum(vendor string) string { 36 | if vendor != "" { 37 | vendor = strings.ToLower(vendor) 38 | } else { 39 | var vendors []string 40 | for v := range creditCards { 41 | vendors = append(vendors, v) 42 | } 43 | vendor = vendors[r.Intn(len(vendors))] 44 | } 45 | card := creditCards[vendor] 46 | prefix := strconv.Itoa(card.prefixes[r.Intn(len(card.prefixes))]) 47 | num := []rune(prefix) 48 | for i := 0; i < card.length-len(prefix); i++ { 49 | num = append(num, genCCDigit(num)) 50 | } 51 | return string(num) 52 | } 53 | 54 | func genCCDigit(num []rune) rune { 55 | sum := 0 56 | for i := len(num) - 1; i >= 0; i-- { 57 | n := int(num[i]) 58 | if i%2 != 0 { 59 | sum += n 60 | } else { 61 | if n*2 > 9 { 62 | sum += n*2 - 9 63 | } else { 64 | sum += n * 2 65 | } 66 | } 67 | } 68 | return rune(((sum/10+1)*10 - sum) % 10) 69 | } 70 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/currencies.go: -------------------------------------------------------------------------------- 1 | package fake 2 | 3 | // Currency generates currency name 4 | func Currency() string { 5 | return lookup(lang, "currencies", true) 6 | } 7 | 8 | // CurrencyCode generates currency code 9 | func CurrencyCode() string { 10 | return lookup(lang, "currency_codes", true) 11 | } 12 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/dates.go: -------------------------------------------------------------------------------- 1 | package fake 2 | 3 | // Day generates day of the month 4 | func Day() int { 5 | return r.Intn(31) + 1 6 | } 7 | 8 | // WeekDay generates name ot the week day 9 | func WeekDay() string { 10 | return lookup(lang, "weekdays", true) 11 | } 12 | 13 | // WeekDayShort generates abbreviated name of the week day 14 | func WeekDayShort() string { 15 | return lookup(lang, "weekdays_short", true) 16 | } 17 | 18 | // WeekdayNum generates number of the day of the week 19 | func WeekdayNum() int { 20 | return r.Intn(7) + 1 21 | } 22 | 23 | // Month generates month name 24 | func Month() string { 25 | return lookup(lang, "months", true) 26 | } 27 | 28 | // MonthShort generates abbreviated month name 29 | func MonthShort() string { 30 | return lookup(lang, "months_short", true) 31 | } 32 | 33 | // MonthNum generates month number (from 1 to 12) 34 | func MonthNum() int { 35 | return r.Intn(12) + 1 36 | } 37 | 38 | // Year generates year using the given boundaries 39 | func Year(from, to int) int { 40 | n := r.Intn(to-from) + 1 41 | return from + n 42 | } 43 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/fake.go: -------------------------------------------------------------------------------- 1 | /* 2 | Package fake is the fake data generatror for go (Golang), heavily inspired by forgery and ffaker Ruby gems 3 | 4 | Most data and methods are ported from forgery/ffaker Ruby gems. 5 | 6 | Currently english and russian languages are available. 7 | 8 | For the list of available methods please look at https://godoc.org/github.com/icrowley/fake. 9 | 10 | Fake embeds samples data files unless you call UseExternalData(true) in order to be able to work without external files dependencies when compiled, so, if you add new data files or make changes to existing ones don't forget to regenerate data.go file using github.com/mjibson/esc tool and esc -o data.go -pkg fake data command (or you can just use go generate command if you are using Go 1.4 or later). 11 | 12 | Examples: 13 | name := fake.FirstName() 14 | fullname = := fake.FullName() 15 | product := fake.Product() 16 | 17 | Changing language: 18 | err := fake.SetLang("ru") 19 | if err != nil { 20 | panic(err) 21 | } 22 | password := fake.SimplePassword() 23 | 24 | Using english fallback: 25 | err := fake.SetLang("ru") 26 | if err != nil { 27 | panic(err) 28 | } 29 | fake.EnFallback(true) 30 | password := fake.Paragraph() 31 | 32 | Using external data: 33 | fake.UseExternalData(true) 34 | password := fake.Paragraph() 35 | */ 36 | package fake 37 | 38 | import ( 39 | "fmt" 40 | "io/ioutil" 41 | "math/rand" 42 | "strconv" 43 | "strings" 44 | "sync" 45 | "time" 46 | ) 47 | 48 | //go:generate go get github.com/mjibson/esc 49 | //go:generate esc -o data.go -pkg fake data 50 | 51 | // cat/subcat/lang/samples 52 | type samplesTree map[string]map[string][]string 53 | 54 | var samplesLock sync.Mutex 55 | var samplesCache = make(samplesTree) 56 | var r = rand.New(&rndSrc{src: rand.NewSource(time.Now().UnixNano())}) 57 | var lang = "en" 58 | var useExternalData = false 59 | var enFallback = true 60 | var availLangs = GetLangs() 61 | 62 | var ( 63 | // ErrNoLanguageFn is the error that indicates that given language is not available 64 | ErrNoLanguageFn = func(lang string) error { return fmt.Errorf("The language passed (%s) is not available", lang) } 65 | // ErrNoSamplesFn is the error that indicates that there are no samples for the given language 66 | ErrNoSamplesFn = func(lang string) error { return fmt.Errorf("No samples found for language: %s", lang) } 67 | ) 68 | 69 | // Seed uses the provided seed value to initialize the internal PRNG to a 70 | // deterministic state. 71 | func Seed(seed int64) { 72 | r.Seed(seed) 73 | } 74 | 75 | type rndSrc struct { 76 | mtx sync.Mutex 77 | src rand.Source 78 | } 79 | 80 | func (s *rndSrc) Int63() int64 { 81 | s.mtx.Lock() 82 | n := s.src.Int63() 83 | s.mtx.Unlock() 84 | return n 85 | } 86 | 87 | func (s *rndSrc) Seed(n int64) { 88 | s.mtx.Lock() 89 | s.src.Seed(n) 90 | s.mtx.Unlock() 91 | } 92 | 93 | // GetLangs returns a slice of available languages 94 | func GetLangs() []string { 95 | var langs []string 96 | for k, v := range data { 97 | if v.isDir && k != "/" && k != "/data" { 98 | langs = append(langs, strings.Replace(k, "/data/", "", 1)) 99 | } 100 | } 101 | return langs 102 | } 103 | 104 | // SetLang sets the language in which the data should be generated 105 | // returns error if passed language is not available 106 | func SetLang(newLang string) error { 107 | found := false 108 | for _, l := range availLangs { 109 | if newLang == l { 110 | found = true 111 | break 112 | } 113 | } 114 | if !found { 115 | return ErrNoLanguageFn(newLang) 116 | } 117 | lang = newLang 118 | return nil 119 | } 120 | 121 | // UseExternalData sets the flag that allows using of external files as data providers (fake uses embedded ones by default) 122 | func UseExternalData(flag bool) { 123 | useExternalData = flag 124 | } 125 | 126 | // EnFallback sets the flag that allows fake to fallback to englsh samples if the ones for the used languaged are not available 127 | func EnFallback(flag bool) { 128 | enFallback = flag 129 | } 130 | 131 | func (st samplesTree) hasKeyPath(lang, cat string) bool { 132 | if _, ok := st[lang]; ok { 133 | if _, ok = st[lang][cat]; ok { 134 | return true 135 | } 136 | } 137 | return false 138 | } 139 | 140 | func join(parts ...string) string { 141 | var filtered []string 142 | for _, part := range parts { 143 | if part != "" { 144 | filtered = append(filtered, part) 145 | } 146 | } 147 | return strings.Join(filtered, " ") 148 | } 149 | 150 | func generate(lang, cat string, fallback bool) string { 151 | format := lookup(lang, cat+"_format", fallback) 152 | var result string 153 | for _, ru := range format { 154 | if ru != '#' { 155 | result += string(ru) 156 | } else { 157 | result += strconv.Itoa(r.Intn(10)) 158 | } 159 | } 160 | return result 161 | } 162 | 163 | func lookup(lang, cat string, fallback bool) string { 164 | samplesLock.Lock() 165 | s := _lookup(lang, cat, fallback) 166 | samplesLock.Unlock() 167 | return s 168 | } 169 | 170 | func _lookup(lang, cat string, fallback bool) string { 171 | var samples []string 172 | 173 | if samplesCache.hasKeyPath(lang, cat) { 174 | samples = samplesCache[lang][cat] 175 | } else { 176 | var err error 177 | samples, err = populateSamples(lang, cat) 178 | if err != nil { 179 | if lang != "en" && fallback && enFallback && err.Error() == ErrNoSamplesFn(lang).Error() { 180 | return _lookup("en", cat, false) 181 | } 182 | return "" 183 | } 184 | } 185 | 186 | return samples[r.Intn(len(samples))] 187 | } 188 | 189 | func populateSamples(lang, cat string) ([]string, error) { 190 | data, err := readFile(lang, cat) 191 | if err != nil { 192 | return nil, err 193 | } 194 | 195 | if _, ok := samplesCache[lang]; !ok { 196 | samplesCache[lang] = make(map[string][]string) 197 | } 198 | 199 | samples := strings.Split(strings.TrimSpace(string(data)), "\n") 200 | 201 | samplesCache[lang][cat] = samples 202 | return samples, nil 203 | } 204 | 205 | func readFile(lang, cat string) ([]byte, error) { 206 | fullpath := fmt.Sprintf("/data/%s/%s", lang, cat) 207 | file, err := FS(useExternalData).Open(fullpath) 208 | if err != nil { 209 | return nil, ErrNoSamplesFn(lang) 210 | } 211 | defer file.Close() 212 | 213 | return ioutil.ReadAll(file) 214 | } 215 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/general.go: -------------------------------------------------------------------------------- 1 | package fake 2 | 3 | var lowerLetters = []rune("abcdefghijklmnopqrstuvwxyz") 4 | var upperLetters = []rune("ABCDEFGHIJKLMNOPQRSTUVWXYZ") 5 | var numeric = []rune("0123456789") 6 | var specialChars = []rune(`!'@#$%^&*()_+-=[]{};:",./?`) 7 | var hexDigits = []rune("0123456789abcdef") 8 | 9 | func text(atLeast, atMost int, allowLower, allowUpper, allowNumeric, allowSpecial bool) string { 10 | allowedChars := []rune{} 11 | if allowLower { 12 | allowedChars = append(allowedChars, lowerLetters...) 13 | } 14 | if allowUpper { 15 | allowedChars = append(allowedChars, upperLetters...) 16 | } 17 | if allowNumeric { 18 | allowedChars = append(allowedChars, numeric...) 19 | } 20 | if allowSpecial { 21 | allowedChars = append(allowedChars, specialChars...) 22 | } 23 | 24 | result := []rune{} 25 | nTimes := r.Intn(atMost-atLeast+1) + atLeast 26 | for i := 0; i < nTimes; i++ { 27 | result = append(result, allowedChars[r.Intn(len(allowedChars))]) 28 | } 29 | return string(result) 30 | } 31 | 32 | // Password generates password with the length from atLeast to atMOst charachers, 33 | // allow* parameters specify whether corresponding symbols can be used 34 | func Password(atLeast, atMost int, allowUpper, allowNumeric, allowSpecial bool) string { 35 | return text(atLeast, atMost, true, allowUpper, allowNumeric, allowSpecial) 36 | } 37 | 38 | // SimplePassword is a wrapper around Password, 39 | // it generates password with the length from 6 to 12 symbols, with upper characters and numeric symbols allowed 40 | func SimplePassword() string { 41 | return Password(6, 12, true, true, false) 42 | } 43 | 44 | // Color generates color name 45 | func Color() string { 46 | return lookup(lang, "colors", true) 47 | } 48 | 49 | // DigitsN returns n digits as a string 50 | func DigitsN(n int) string { 51 | digits := make([]rune, n) 52 | for i := 0; i < n; i++ { 53 | digits[i] = numeric[r.Intn(len(numeric))] 54 | } 55 | return string(digits) 56 | } 57 | 58 | // Digits returns from 1 to 5 digits as a string 59 | func Digits() string { 60 | return DigitsN(r.Intn(5) + 1) 61 | } 62 | 63 | func hexDigitsStr(n int) string { 64 | var num []rune 65 | for i := 0; i < n; i++ { 66 | num = append(num, hexDigits[r.Intn(len(hexDigits))]) 67 | } 68 | return string(num) 69 | } 70 | 71 | // HexColor generates hex color name 72 | func HexColor() string { 73 | return hexDigitsStr(6) 74 | } 75 | 76 | // HexColorShort generates short hex color name 77 | func HexColorShort() string { 78 | return hexDigitsStr(3) 79 | } 80 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/geo.go: -------------------------------------------------------------------------------- 1 | package fake 2 | 3 | // Latitude generates latitude (from -90.0 to 90.0) 4 | func Latitude() float32 { 5 | return r.Float32()*180 - 90 6 | } 7 | 8 | // LatitudeDegrees generates latitude degrees (from -90 to 90) 9 | func LatitudeDegrees() int { 10 | return r.Intn(180) - 90 11 | } 12 | 13 | // LatitudeMinutes generates latitude minutes (from 0 to 60) 14 | func LatitudeMinutes() int { 15 | return r.Intn(60) 16 | } 17 | 18 | // LatitudeSeconds generates latitude seconds (from 0 to 60) 19 | func LatitudeSeconds() int { 20 | return r.Intn(60) 21 | } 22 | 23 | // LatitudeDirection generates latitude direction (N(orth) o S(outh)) 24 | func LatitudeDirection() string { 25 | if r.Intn(2) == 0 { 26 | return "N" 27 | } 28 | return "S" 29 | } 30 | 31 | // Longitude generates longitude (from -180 to 180) 32 | func Longitude() float32 { 33 | return r.Float32()*360 - 180 34 | } 35 | 36 | // LongitudeDegrees generates longitude degrees (from -180 to 180) 37 | func LongitudeDegrees() int { 38 | return r.Intn(360) - 180 39 | } 40 | 41 | // LongitudeMinutes generates (from 0 to 60) 42 | func LongitudeMinutes() int { 43 | return r.Intn(60) 44 | } 45 | 46 | // LongitudeSeconds generates (from 0 to 60) 47 | func LongitudeSeconds() int { 48 | return r.Intn(60) 49 | } 50 | 51 | // LongitudeDirection generates (W(est) or E(ast)) 52 | func LongitudeDirection() string { 53 | if r.Intn(2) == 0 { 54 | return "W" 55 | } 56 | return "E" 57 | } 58 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/glide.lock: -------------------------------------------------------------------------------- 1 | hash: 9238b15272824ad573d8ef645fb468cb646b72598c63eae8977c3410ebfebe4a 2 | updated: 2017-07-23T15:10:00.972860398Z 3 | imports: 4 | - name: github.com/corpix/uarand 5 | version: 031be390f409fb4bac8fb299e3bcd101479f89f8 6 | testImports: [] 7 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/glide.yaml: -------------------------------------------------------------------------------- 1 | package: github.com/icrowley/fake 2 | import: 3 | - package: github.com/corpix/uarand 4 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/internet.go: -------------------------------------------------------------------------------- 1 | package fake 2 | 3 | import ( 4 | "net" 5 | "strings" 6 | 7 | "github.com/corpix/uarand" 8 | ) 9 | 10 | // UserName generates user name in one of the following forms 11 | // first name + last name, letter + last names or concatenation of from 1 to 3 lowercased words 12 | func UserName() string { 13 | gender := randGender() 14 | switch r.Intn(3) { 15 | case 0: 16 | return lookup("en", gender+"_first_names", false) + lookup(lang, gender+"_last_names", false) 17 | case 1: 18 | return Character() + lookup(lang, gender+"_last_names", false) 19 | default: 20 | return strings.Replace(WordsN(r.Intn(3)+1), " ", "_", -1) 21 | } 22 | } 23 | 24 | // TopLevelDomain generates random top level domain 25 | func TopLevelDomain() string { 26 | return lookup(lang, "top_level_domains", true) 27 | } 28 | 29 | // DomainName generates random domain name 30 | func DomainName() string { 31 | return Company() + "." + TopLevelDomain() 32 | } 33 | 34 | // EmailAddress generates email address 35 | func EmailAddress() string { 36 | return UserName() + "@" + DomainName() 37 | } 38 | 39 | // EmailSubject generates random email subject 40 | func EmailSubject() string { 41 | return Sentence() 42 | } 43 | 44 | // EmailBody generates random email body 45 | func EmailBody() string { 46 | return Paragraphs() 47 | } 48 | 49 | // DomainZone generates random domain zone 50 | func DomainZone() string { 51 | return lookup(lang, "domain_zones", true) 52 | } 53 | 54 | // IPv4 generates IPv4 address 55 | func IPv4() string { 56 | size := 4 57 | ip := make([]byte, size) 58 | for i := 0; i < size; i++ { 59 | ip[i] = byte(r.Intn(256)) 60 | } 61 | return net.IP(ip).To4().String() 62 | } 63 | 64 | // IPv6 generates IPv6 address 65 | func IPv6() string { 66 | size := 16 67 | ip := make([]byte, size) 68 | for i := 0; i < size; i++ { 69 | ip[i] = byte(r.Intn(256)) 70 | } 71 | return net.IP(ip).To16().String() 72 | } 73 | 74 | // UserAgent generates a random user agent. 75 | func UserAgent() string { 76 | return uarand.GetRandom() 77 | } 78 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/jobs.go: -------------------------------------------------------------------------------- 1 | package fake 2 | 3 | import ( 4 | "strings" 5 | ) 6 | 7 | // Company generates company name 8 | func Company() string { 9 | return lookup(lang, "companies", true) 10 | } 11 | 12 | // JobTitle generates job title 13 | func JobTitle() string { 14 | job := lookup(lang, "jobs", true) 15 | return strings.Replace(job, "#{N}", jobTitleSuffix(), 1) 16 | } 17 | 18 | func jobTitleSuffix() string { 19 | return lookup(lang, "jobs_suffixes", false) 20 | } 21 | 22 | // Industry generates industry name 23 | func Industry() string { 24 | return lookup(lang, "industries", true) 25 | } 26 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/lorem_ipsum.go: -------------------------------------------------------------------------------- 1 | package fake 2 | 3 | import ( 4 | "strings" 5 | ) 6 | 7 | // Character generates random character in the given language 8 | func Character() string { 9 | return lookup(lang, "characters", true) 10 | } 11 | 12 | // CharactersN generates n random characters in the given language 13 | func CharactersN(n int) string { 14 | var chars []string 15 | for i := 0; i < n; i++ { 16 | chars = append(chars, Character()) 17 | } 18 | return strings.Join(chars, "") 19 | } 20 | 21 | // Characters generates from 1 to 5 characters in the given language 22 | func Characters() string { 23 | return CharactersN(r.Intn(5) + 1) 24 | } 25 | 26 | // Word generates random word 27 | func Word() string { 28 | return lookup(lang, "words", true) 29 | } 30 | 31 | // WordsN generates n random words 32 | func WordsN(n int) string { 33 | words := make([]string, n) 34 | for i := 0; i < n; i++ { 35 | words[i] = Word() 36 | } 37 | return strings.Join(words, " ") 38 | } 39 | 40 | // Words generates from 1 to 5 random words 41 | func Words() string { 42 | return WordsN(r.Intn(5) + 1) 43 | } 44 | 45 | // Title generates from 2 to 5 titleized words 46 | func Title() string { 47 | return strings.ToTitle(WordsN(2 + r.Intn(4))) 48 | } 49 | 50 | // Sentence generates random sentence 51 | func Sentence() string { 52 | var words []string 53 | for i := 0; i < 3+r.Intn(12); i++ { 54 | word := Word() 55 | if r.Intn(5) == 0 { 56 | word += "," 57 | } 58 | words = append(words, Word()) 59 | } 60 | 61 | sentence := strings.Join(words, " ") 62 | 63 | if r.Intn(8) == 0 { 64 | sentence += "!" 65 | } else { 66 | sentence += "." 67 | } 68 | 69 | return sentence 70 | } 71 | 72 | // SentencesN generates n random sentences 73 | func SentencesN(n int) string { 74 | sentences := make([]string, n) 75 | for i := 0; i < n; i++ { 76 | sentences[i] = Sentence() 77 | } 78 | return strings.Join(sentences, " ") 79 | } 80 | 81 | // Sentences generates from 1 to 5 random sentences 82 | func Sentences() string { 83 | return SentencesN(r.Intn(5) + 1) 84 | } 85 | 86 | // Paragraph generates paragraph 87 | func Paragraph() string { 88 | return SentencesN(r.Intn(10) + 1) 89 | } 90 | 91 | // ParagraphsN generates n paragraphs 92 | func ParagraphsN(n int) string { 93 | var paragraphs []string 94 | for i := 0; i < n; i++ { 95 | paragraphs = append(paragraphs, Paragraph()) 96 | } 97 | return strings.Join(paragraphs, "\t") 98 | } 99 | 100 | // Paragraphs generates from 1 to 5 paragraphs 101 | func Paragraphs() string { 102 | return ParagraphsN(r.Intn(5) + 1) 103 | } 104 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/names.go: -------------------------------------------------------------------------------- 1 | package fake 2 | 3 | func randGender() string { 4 | g := "male" 5 | if r.Intn(2) == 0 { 6 | g = "female" 7 | } 8 | return g 9 | } 10 | 11 | func firstName(gender string) string { 12 | return lookup(lang, gender+"_first_names", true) 13 | } 14 | 15 | // MaleFirstName generates male first name 16 | func MaleFirstName() string { 17 | return firstName("male") 18 | } 19 | 20 | // FemaleFirstName generates female first name 21 | func FemaleFirstName() string { 22 | return firstName("female") 23 | } 24 | 25 | // FirstName generates first name 26 | func FirstName() string { 27 | return firstName(randGender()) 28 | } 29 | 30 | func lastName(gender string) string { 31 | return lookup(lang, gender+"_last_names", true) 32 | } 33 | 34 | // MaleLastName generates male last name 35 | func MaleLastName() string { 36 | return lastName("male") 37 | } 38 | 39 | // FemaleLastName generates female last name 40 | func FemaleLastName() string { 41 | return lastName("female") 42 | } 43 | 44 | // LastName generates last name 45 | func LastName() string { 46 | return lastName(randGender()) 47 | } 48 | 49 | func patronymic(gender string) string { 50 | return lookup(lang, gender+"_patronymics", false) 51 | } 52 | 53 | // MalePatronymic generates male patronymic 54 | func MalePatronymic() string { 55 | return patronymic("male") 56 | } 57 | 58 | // FemalePatronymic generates female patronymic 59 | func FemalePatronymic() string { 60 | return patronymic("female") 61 | } 62 | 63 | // Patronymic generates patronymic 64 | func Patronymic() string { 65 | return patronymic(randGender()) 66 | } 67 | 68 | func prefix(gender string) string { 69 | return lookup(lang, gender+"_name_prefixes", false) 70 | } 71 | 72 | func suffix(gender string) string { 73 | return lookup(lang, gender+"_name_suffixes", false) 74 | } 75 | 76 | func fullNameWithPrefix(gender string) string { 77 | return join(prefix(gender), firstName(gender), lastName(gender)) 78 | } 79 | 80 | // MaleFullNameWithPrefix generates prefixed male full name 81 | // if prefixes for the given language are available 82 | func MaleFullNameWithPrefix() string { 83 | return fullNameWithPrefix("male") 84 | } 85 | 86 | // FemaleFullNameWithPrefix generates prefixed female full name 87 | // if prefixes for the given language are available 88 | func FemaleFullNameWithPrefix() string { 89 | return fullNameWithPrefix("female") 90 | } 91 | 92 | // FullNameWithPrefix generates prefixed full name 93 | // if prefixes for the given language are available 94 | func FullNameWithPrefix() string { 95 | return fullNameWithPrefix(randGender()) 96 | } 97 | 98 | func fullNameWithSuffix(gender string) string { 99 | return join(firstName(gender), lastName(gender), suffix(gender)) 100 | } 101 | 102 | // MaleFullNameWithSuffix generates suffixed male full name 103 | // if suffixes for the given language are available 104 | func MaleFullNameWithSuffix() string { 105 | return fullNameWithPrefix("male") 106 | } 107 | 108 | // FemaleFullNameWithSuffix generates suffixed female full name 109 | // if suffixes for the given language are available 110 | func FemaleFullNameWithSuffix() string { 111 | return fullNameWithPrefix("female") 112 | } 113 | 114 | // FullNameWithSuffix generates suffixed full name 115 | // if suffixes for the given language are available 116 | func FullNameWithSuffix() string { 117 | return fullNameWithPrefix(randGender()) 118 | } 119 | 120 | func fullName(gender string) string { 121 | switch r.Intn(10) { 122 | case 0: 123 | return fullNameWithPrefix(gender) 124 | case 1: 125 | return fullNameWithSuffix(gender) 126 | default: 127 | return join(firstName(gender), lastName(gender)) 128 | } 129 | } 130 | 131 | // MaleFullName generates male full name 132 | // it can occasionally include prefix or suffix 133 | func MaleFullName() string { 134 | return fullName("male") 135 | } 136 | 137 | // FemaleFullName generates female full name 138 | // it can occasionally include prefix or suffix 139 | func FemaleFullName() string { 140 | return fullName("female") 141 | } 142 | 143 | // FullName generates full name 144 | // it can occasionally include prefix or suffix 145 | func FullName() string { 146 | return fullName(randGender()) 147 | } 148 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/personal.go: -------------------------------------------------------------------------------- 1 | package fake 2 | 3 | import ( 4 | "strings" 5 | ) 6 | 7 | // Gender generates random gender 8 | func Gender() string { 9 | return lookup(lang, "genders", true) 10 | } 11 | 12 | // GenderAbbrev returns first downcased letter of the random gender 13 | func GenderAbbrev() string { 14 | g := Gender() 15 | if g != "" { 16 | return strings.ToLower(string(g[0])) 17 | } 18 | return "" 19 | } 20 | 21 | // Language generates random human language 22 | func Language() string { 23 | return lookup(lang, "languages", true) 24 | } 25 | -------------------------------------------------------------------------------- /vendor/github.com/icrowley/fake/products.go: -------------------------------------------------------------------------------- 1 | package fake 2 | 3 | // Brand generates brand name 4 | func Brand() string { 5 | return Company() 6 | } 7 | 8 | // ProductName generates product name 9 | func ProductName() string { 10 | productName := lookup(lang, "adjectives", true) + " " + lookup(lang, "nouns", true) 11 | if r.Intn(2) == 1 { 12 | productName = lookup(lang, "adjectives", true) + " " + productName 13 | } 14 | return productName 15 | } 16 | 17 | // Product generates product title as brand + product name 18 | func Product() string { 19 | return Brand() + " " + ProductName() 20 | } 21 | 22 | // Model generates model name that consists of letters and digits, optionally with a hyphen between them 23 | func Model() string { 24 | seps := []string{"", " ", "-"} 25 | return CharactersN(r.Intn(3)+1) + seps[r.Intn(len(seps))] + Digits() 26 | } 27 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/AUTHORS: -------------------------------------------------------------------------------- 1 | # This source code refers to The Go Authors for copyright purposes. 2 | # The master list of authors is in the main Go distribution, 3 | # visible at https://tip.golang.org/AUTHORS. 4 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/CONTRIBUTORS: -------------------------------------------------------------------------------- 1 | # This source code was written by the Go contributors. 2 | # The master list of contributors is in the main Go distribution, 3 | # visible at https://tip.golang.org/CONTRIBUTORS. 4 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2009 The Go Authors. All rights reserved. 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are 5 | met: 6 | 7 | * Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above 10 | copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the 12 | distribution. 13 | * Neither the name of Google Inc. nor the names of its 14 | contributors may be used to endorse or promote products derived from 15 | this software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/PATENTS: -------------------------------------------------------------------------------- 1 | Additional IP Rights Grant (Patents) 2 | 3 | "This implementation" means the copyrightable works distributed by 4 | Google as part of the Go project. 5 | 6 | Google hereby grants to You a perpetual, worldwide, non-exclusive, 7 | no-charge, royalty-free, irrevocable (except as stated in this section) 8 | patent license to make, have made, use, offer to sell, sell, import, 9 | transfer and otherwise run, modify and propagate the contents of this 10 | implementation of Go, where such license applies only to those patent 11 | claims, both currently owned or controlled by Google and acquired in 12 | the future, licensable by Google that are necessarily infringed by this 13 | implementation of Go. This grant does not include claims that would be 14 | infringed only as a consequence of further modification of this 15 | implementation. If you or your agent or exclusive licensee institute or 16 | order or agree to the institution of patent litigation against any 17 | entity (including a cross-claim or counterclaim in a lawsuit) alleging 18 | that this implementation of Go or any code incorporated within this 19 | implementation of Go constitutes direct or contributory patent 20 | infringement, or inducement of patent infringement, then any patent 21 | rights granted to you under this License for this implementation of Go 22 | shall terminate as of the date such litigation is filed. 23 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/blake2b/blake2b.go: -------------------------------------------------------------------------------- 1 | // Copyright 2016 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693 6 | // and the extendable output function (XOF) BLAKE2Xb. 7 | // 8 | // For a detailed specification of BLAKE2b see https://blake2.net/blake2.pdf 9 | // and for BLAKE2Xb see https://blake2.net/blake2x.pdf 10 | // 11 | // If you aren't sure which function you need, use BLAKE2b (Sum512 or New512). 12 | // If you need a secret-key MAC (message authentication code), use the New512 13 | // function with a non-nil key. 14 | // 15 | // BLAKE2X is a construction to compute hash values larger than 64 bytes. It 16 | // can produce hash values between 0 and 4 GiB. 17 | package blake2b 18 | 19 | import ( 20 | "encoding/binary" 21 | "errors" 22 | "hash" 23 | ) 24 | 25 | const ( 26 | // The blocksize of BLAKE2b in bytes. 27 | BlockSize = 128 28 | // The hash size of BLAKE2b-512 in bytes. 29 | Size = 64 30 | // The hash size of BLAKE2b-384 in bytes. 31 | Size384 = 48 32 | // The hash size of BLAKE2b-256 in bytes. 33 | Size256 = 32 34 | ) 35 | 36 | var ( 37 | useAVX2 bool 38 | useAVX bool 39 | useSSE4 bool 40 | ) 41 | 42 | var ( 43 | errKeySize = errors.New("blake2b: invalid key size") 44 | errHashSize = errors.New("blake2b: invalid hash size") 45 | ) 46 | 47 | var iv = [8]uint64{ 48 | 0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1, 49 | 0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179, 50 | } 51 | 52 | // Sum512 returns the BLAKE2b-512 checksum of the data. 53 | func Sum512(data []byte) [Size]byte { 54 | var sum [Size]byte 55 | checkSum(&sum, Size, data) 56 | return sum 57 | } 58 | 59 | // Sum384 returns the BLAKE2b-384 checksum of the data. 60 | func Sum384(data []byte) [Size384]byte { 61 | var sum [Size]byte 62 | var sum384 [Size384]byte 63 | checkSum(&sum, Size384, data) 64 | copy(sum384[:], sum[:Size384]) 65 | return sum384 66 | } 67 | 68 | // Sum256 returns the BLAKE2b-256 checksum of the data. 69 | func Sum256(data []byte) [Size256]byte { 70 | var sum [Size]byte 71 | var sum256 [Size256]byte 72 | checkSum(&sum, Size256, data) 73 | copy(sum256[:], sum[:Size256]) 74 | return sum256 75 | } 76 | 77 | // New512 returns a new hash.Hash computing the BLAKE2b-512 checksum. A non-nil 78 | // key turns the hash into a MAC. The key must between zero and 64 bytes long. 79 | func New512(key []byte) (hash.Hash, error) { return newDigest(Size, key) } 80 | 81 | // New384 returns a new hash.Hash computing the BLAKE2b-384 checksum. A non-nil 82 | // key turns the hash into a MAC. The key must between zero and 64 bytes long. 83 | func New384(key []byte) (hash.Hash, error) { return newDigest(Size384, key) } 84 | 85 | // New256 returns a new hash.Hash computing the BLAKE2b-256 checksum. A non-nil 86 | // key turns the hash into a MAC. The key must between zero and 64 bytes long. 87 | func New256(key []byte) (hash.Hash, error) { return newDigest(Size256, key) } 88 | 89 | // New returns a new hash.Hash computing the BLAKE2b checksum with a custom length. 90 | // A non-nil key turns the hash into a MAC. The key must between zero and 64 bytes long. 91 | // The hash size can be a value between 1 and 64 but it is highly recommended to use 92 | // values equal or greater than: 93 | // - 32 if BLAKE2b is used as a hash function (The key is zero bytes long). 94 | // - 16 if BLAKE2b is used as a MAC function (The key is at least 16 bytes long). 95 | // When the key is nil, the returned hash.Hash implements BinaryMarshaler 96 | // and BinaryUnmarshaler for state (de)serialization as documented by hash.Hash. 97 | func New(size int, key []byte) (hash.Hash, error) { return newDigest(size, key) } 98 | 99 | func newDigest(hashSize int, key []byte) (*digest, error) { 100 | if hashSize < 1 || hashSize > Size { 101 | return nil, errHashSize 102 | } 103 | if len(key) > Size { 104 | return nil, errKeySize 105 | } 106 | d := &digest{ 107 | size: hashSize, 108 | keyLen: len(key), 109 | } 110 | copy(d.key[:], key) 111 | d.Reset() 112 | return d, nil 113 | } 114 | 115 | func checkSum(sum *[Size]byte, hashSize int, data []byte) { 116 | h := iv 117 | h[0] ^= uint64(hashSize) | (1 << 16) | (1 << 24) 118 | var c [2]uint64 119 | 120 | if length := len(data); length > BlockSize { 121 | n := length &^ (BlockSize - 1) 122 | if length == n { 123 | n -= BlockSize 124 | } 125 | hashBlocks(&h, &c, 0, data[:n]) 126 | data = data[n:] 127 | } 128 | 129 | var block [BlockSize]byte 130 | offset := copy(block[:], data) 131 | remaining := uint64(BlockSize - offset) 132 | if c[0] < remaining { 133 | c[1]-- 134 | } 135 | c[0] -= remaining 136 | 137 | hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:]) 138 | 139 | for i, v := range h[:(hashSize+7)/8] { 140 | binary.LittleEndian.PutUint64(sum[8*i:], v) 141 | } 142 | } 143 | 144 | type digest struct { 145 | h [8]uint64 146 | c [2]uint64 147 | size int 148 | block [BlockSize]byte 149 | offset int 150 | 151 | key [BlockSize]byte 152 | keyLen int 153 | } 154 | 155 | const ( 156 | magic = "b2b" 157 | marshaledSize = len(magic) + 8*8 + 2*8 + 1 + BlockSize + 1 158 | ) 159 | 160 | func (d *digest) MarshalBinary() ([]byte, error) { 161 | if d.keyLen != 0 { 162 | return nil, errors.New("crypto/blake2b: cannot marshal MACs") 163 | } 164 | b := make([]byte, 0, marshaledSize) 165 | b = append(b, magic...) 166 | for i := 0; i < 8; i++ { 167 | b = appendUint64(b, d.h[i]) 168 | } 169 | b = appendUint64(b, d.c[0]) 170 | b = appendUint64(b, d.c[1]) 171 | // Maximum value for size is 64 172 | b = append(b, byte(d.size)) 173 | b = append(b, d.block[:]...) 174 | b = append(b, byte(d.offset)) 175 | return b, nil 176 | } 177 | 178 | func (d *digest) UnmarshalBinary(b []byte) error { 179 | if len(b) < len(magic) || string(b[:len(magic)]) != magic { 180 | return errors.New("crypto/blake2b: invalid hash state identifier") 181 | } 182 | if len(b) != marshaledSize { 183 | return errors.New("crypto/blake2b: invalid hash state size") 184 | } 185 | b = b[len(magic):] 186 | for i := 0; i < 8; i++ { 187 | b, d.h[i] = consumeUint64(b) 188 | } 189 | b, d.c[0] = consumeUint64(b) 190 | b, d.c[1] = consumeUint64(b) 191 | d.size = int(b[0]) 192 | b = b[1:] 193 | copy(d.block[:], b[:BlockSize]) 194 | b = b[BlockSize:] 195 | d.offset = int(b[0]) 196 | return nil 197 | } 198 | 199 | func (d *digest) BlockSize() int { return BlockSize } 200 | 201 | func (d *digest) Size() int { return d.size } 202 | 203 | func (d *digest) Reset() { 204 | d.h = iv 205 | d.h[0] ^= uint64(d.size) | (uint64(d.keyLen) << 8) | (1 << 16) | (1 << 24) 206 | d.offset, d.c[0], d.c[1] = 0, 0, 0 207 | if d.keyLen > 0 { 208 | d.block = d.key 209 | d.offset = BlockSize 210 | } 211 | } 212 | 213 | func (d *digest) Write(p []byte) (n int, err error) { 214 | n = len(p) 215 | 216 | if d.offset > 0 { 217 | remaining := BlockSize - d.offset 218 | if n <= remaining { 219 | d.offset += copy(d.block[d.offset:], p) 220 | return 221 | } 222 | copy(d.block[d.offset:], p[:remaining]) 223 | hashBlocks(&d.h, &d.c, 0, d.block[:]) 224 | d.offset = 0 225 | p = p[remaining:] 226 | } 227 | 228 | if length := len(p); length > BlockSize { 229 | nn := length &^ (BlockSize - 1) 230 | if length == nn { 231 | nn -= BlockSize 232 | } 233 | hashBlocks(&d.h, &d.c, 0, p[:nn]) 234 | p = p[nn:] 235 | } 236 | 237 | if len(p) > 0 { 238 | d.offset += copy(d.block[:], p) 239 | } 240 | 241 | return 242 | } 243 | 244 | func (d *digest) Sum(sum []byte) []byte { 245 | var hash [Size]byte 246 | d.finalize(&hash) 247 | return append(sum, hash[:d.size]...) 248 | } 249 | 250 | func (d *digest) finalize(hash *[Size]byte) { 251 | var block [BlockSize]byte 252 | copy(block[:], d.block[:d.offset]) 253 | remaining := uint64(BlockSize - d.offset) 254 | 255 | c := d.c 256 | if c[0] < remaining { 257 | c[1]-- 258 | } 259 | c[0] -= remaining 260 | 261 | h := d.h 262 | hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:]) 263 | 264 | for i, v := range h { 265 | binary.LittleEndian.PutUint64(hash[8*i:], v) 266 | } 267 | } 268 | 269 | func appendUint64(b []byte, x uint64) []byte { 270 | var a [8]byte 271 | binary.BigEndian.PutUint64(a[:], x) 272 | return append(b, a[:]...) 273 | } 274 | 275 | func appendUint32(b []byte, x uint32) []byte { 276 | var a [4]byte 277 | binary.BigEndian.PutUint32(a[:], x) 278 | return append(b, a[:]...) 279 | } 280 | 281 | func consumeUint64(b []byte) ([]byte, uint64) { 282 | x := binary.BigEndian.Uint64(b) 283 | return b[8:], x 284 | } 285 | 286 | func consumeUint32(b []byte) ([]byte, uint32) { 287 | x := binary.BigEndian.Uint32(b) 288 | return b[4:], x 289 | } 290 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go: -------------------------------------------------------------------------------- 1 | // Copyright 2016 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build go1.7,amd64,!gccgo,!appengine 6 | 7 | package blake2b 8 | 9 | import "golang.org/x/sys/cpu" 10 | 11 | func init() { 12 | useAVX2 = cpu.X86.HasAVX2 13 | useAVX = cpu.X86.HasAVX 14 | useSSE4 = cpu.X86.HasSSE41 15 | } 16 | 17 | //go:noescape 18 | func hashBlocksAVX2(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) 19 | 20 | //go:noescape 21 | func hashBlocksAVX(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) 22 | 23 | //go:noescape 24 | func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) 25 | 26 | func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) { 27 | switch { 28 | case useAVX2: 29 | hashBlocksAVX2(h, c, flag, blocks) 30 | case useAVX: 31 | hashBlocksAVX(h, c, flag, blocks) 32 | case useSSE4: 33 | hashBlocksSSE4(h, c, flag, blocks) 34 | default: 35 | hashBlocksGeneric(h, c, flag, blocks) 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go: -------------------------------------------------------------------------------- 1 | // Copyright 2016 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build !go1.7,amd64,!gccgo,!appengine 6 | 7 | package blake2b 8 | 9 | import "golang.org/x/sys/cpu" 10 | 11 | func init() { 12 | useSSE4 = cpu.X86.HasSSE41 13 | } 14 | 15 | //go:noescape 16 | func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) 17 | 18 | func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) { 19 | if useSSE4 { 20 | hashBlocksSSE4(h, c, flag, blocks) 21 | } else { 22 | hashBlocksGeneric(h, c, flag, blocks) 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s: -------------------------------------------------------------------------------- 1 | // Copyright 2016 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build amd64,!gccgo,!appengine 6 | 7 | #include "textflag.h" 8 | 9 | DATA ·iv0<>+0x00(SB)/8, $0x6a09e667f3bcc908 10 | DATA ·iv0<>+0x08(SB)/8, $0xbb67ae8584caa73b 11 | GLOBL ·iv0<>(SB), (NOPTR+RODATA), $16 12 | 13 | DATA ·iv1<>+0x00(SB)/8, $0x3c6ef372fe94f82b 14 | DATA ·iv1<>+0x08(SB)/8, $0xa54ff53a5f1d36f1 15 | GLOBL ·iv1<>(SB), (NOPTR+RODATA), $16 16 | 17 | DATA ·iv2<>+0x00(SB)/8, $0x510e527fade682d1 18 | DATA ·iv2<>+0x08(SB)/8, $0x9b05688c2b3e6c1f 19 | GLOBL ·iv2<>(SB), (NOPTR+RODATA), $16 20 | 21 | DATA ·iv3<>+0x00(SB)/8, $0x1f83d9abfb41bd6b 22 | DATA ·iv3<>+0x08(SB)/8, $0x5be0cd19137e2179 23 | GLOBL ·iv3<>(SB), (NOPTR+RODATA), $16 24 | 25 | DATA ·c40<>+0x00(SB)/8, $0x0201000706050403 26 | DATA ·c40<>+0x08(SB)/8, $0x0a09080f0e0d0c0b 27 | GLOBL ·c40<>(SB), (NOPTR+RODATA), $16 28 | 29 | DATA ·c48<>+0x00(SB)/8, $0x0100070605040302 30 | DATA ·c48<>+0x08(SB)/8, $0x09080f0e0d0c0b0a 31 | GLOBL ·c48<>(SB), (NOPTR+RODATA), $16 32 | 33 | #define SHUFFLE(v2, v3, v4, v5, v6, v7, t1, t2) \ 34 | MOVO v4, t1; \ 35 | MOVO v5, v4; \ 36 | MOVO t1, v5; \ 37 | MOVO v6, t1; \ 38 | PUNPCKLQDQ v6, t2; \ 39 | PUNPCKHQDQ v7, v6; \ 40 | PUNPCKHQDQ t2, v6; \ 41 | PUNPCKLQDQ v7, t2; \ 42 | MOVO t1, v7; \ 43 | MOVO v2, t1; \ 44 | PUNPCKHQDQ t2, v7; \ 45 | PUNPCKLQDQ v3, t2; \ 46 | PUNPCKHQDQ t2, v2; \ 47 | PUNPCKLQDQ t1, t2; \ 48 | PUNPCKHQDQ t2, v3 49 | 50 | #define SHUFFLE_INV(v2, v3, v4, v5, v6, v7, t1, t2) \ 51 | MOVO v4, t1; \ 52 | MOVO v5, v4; \ 53 | MOVO t1, v5; \ 54 | MOVO v2, t1; \ 55 | PUNPCKLQDQ v2, t2; \ 56 | PUNPCKHQDQ v3, v2; \ 57 | PUNPCKHQDQ t2, v2; \ 58 | PUNPCKLQDQ v3, t2; \ 59 | MOVO t1, v3; \ 60 | MOVO v6, t1; \ 61 | PUNPCKHQDQ t2, v3; \ 62 | PUNPCKLQDQ v7, t2; \ 63 | PUNPCKHQDQ t2, v6; \ 64 | PUNPCKLQDQ t1, t2; \ 65 | PUNPCKHQDQ t2, v7 66 | 67 | #define HALF_ROUND(v0, v1, v2, v3, v4, v5, v6, v7, m0, m1, m2, m3, t0, c40, c48) \ 68 | PADDQ m0, v0; \ 69 | PADDQ m1, v1; \ 70 | PADDQ v2, v0; \ 71 | PADDQ v3, v1; \ 72 | PXOR v0, v6; \ 73 | PXOR v1, v7; \ 74 | PSHUFD $0xB1, v6, v6; \ 75 | PSHUFD $0xB1, v7, v7; \ 76 | PADDQ v6, v4; \ 77 | PADDQ v7, v5; \ 78 | PXOR v4, v2; \ 79 | PXOR v5, v3; \ 80 | PSHUFB c40, v2; \ 81 | PSHUFB c40, v3; \ 82 | PADDQ m2, v0; \ 83 | PADDQ m3, v1; \ 84 | PADDQ v2, v0; \ 85 | PADDQ v3, v1; \ 86 | PXOR v0, v6; \ 87 | PXOR v1, v7; \ 88 | PSHUFB c48, v6; \ 89 | PSHUFB c48, v7; \ 90 | PADDQ v6, v4; \ 91 | PADDQ v7, v5; \ 92 | PXOR v4, v2; \ 93 | PXOR v5, v3; \ 94 | MOVOU v2, t0; \ 95 | PADDQ v2, t0; \ 96 | PSRLQ $63, v2; \ 97 | PXOR t0, v2; \ 98 | MOVOU v3, t0; \ 99 | PADDQ v3, t0; \ 100 | PSRLQ $63, v3; \ 101 | PXOR t0, v3 102 | 103 | #define LOAD_MSG(m0, m1, m2, m3, src, i0, i1, i2, i3, i4, i5, i6, i7) \ 104 | MOVQ i0*8(src), m0; \ 105 | PINSRQ $1, i1*8(src), m0; \ 106 | MOVQ i2*8(src), m1; \ 107 | PINSRQ $1, i3*8(src), m1; \ 108 | MOVQ i4*8(src), m2; \ 109 | PINSRQ $1, i5*8(src), m2; \ 110 | MOVQ i6*8(src), m3; \ 111 | PINSRQ $1, i7*8(src), m3 112 | 113 | // func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) 114 | TEXT ·hashBlocksSSE4(SB), 4, $288-48 // frame size = 272 + 16 byte alignment 115 | MOVQ h+0(FP), AX 116 | MOVQ c+8(FP), BX 117 | MOVQ flag+16(FP), CX 118 | MOVQ blocks_base+24(FP), SI 119 | MOVQ blocks_len+32(FP), DI 120 | 121 | MOVQ SP, BP 122 | MOVQ SP, R9 123 | ADDQ $15, R9 124 | ANDQ $~15, R9 125 | MOVQ R9, SP 126 | 127 | MOVOU ·iv3<>(SB), X0 128 | MOVO X0, 0(SP) 129 | XORQ CX, 0(SP) // 0(SP) = ·iv3 ^ (CX || 0) 130 | 131 | MOVOU ·c40<>(SB), X13 132 | MOVOU ·c48<>(SB), X14 133 | 134 | MOVOU 0(AX), X12 135 | MOVOU 16(AX), X15 136 | 137 | MOVQ 0(BX), R8 138 | MOVQ 8(BX), R9 139 | 140 | loop: 141 | ADDQ $128, R8 142 | CMPQ R8, $128 143 | JGE noinc 144 | INCQ R9 145 | 146 | noinc: 147 | MOVQ R8, X8 148 | PINSRQ $1, R9, X8 149 | 150 | MOVO X12, X0 151 | MOVO X15, X1 152 | MOVOU 32(AX), X2 153 | MOVOU 48(AX), X3 154 | MOVOU ·iv0<>(SB), X4 155 | MOVOU ·iv1<>(SB), X5 156 | MOVOU ·iv2<>(SB), X6 157 | 158 | PXOR X8, X6 159 | MOVO 0(SP), X7 160 | 161 | LOAD_MSG(X8, X9, X10, X11, SI, 0, 2, 4, 6, 1, 3, 5, 7) 162 | MOVO X8, 16(SP) 163 | MOVO X9, 32(SP) 164 | MOVO X10, 48(SP) 165 | MOVO X11, 64(SP) 166 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 167 | SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) 168 | LOAD_MSG(X8, X9, X10, X11, SI, 8, 10, 12, 14, 9, 11, 13, 15) 169 | MOVO X8, 80(SP) 170 | MOVO X9, 96(SP) 171 | MOVO X10, 112(SP) 172 | MOVO X11, 128(SP) 173 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 174 | SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) 175 | 176 | LOAD_MSG(X8, X9, X10, X11, SI, 14, 4, 9, 13, 10, 8, 15, 6) 177 | MOVO X8, 144(SP) 178 | MOVO X9, 160(SP) 179 | MOVO X10, 176(SP) 180 | MOVO X11, 192(SP) 181 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 182 | SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) 183 | LOAD_MSG(X8, X9, X10, X11, SI, 1, 0, 11, 5, 12, 2, 7, 3) 184 | MOVO X8, 208(SP) 185 | MOVO X9, 224(SP) 186 | MOVO X10, 240(SP) 187 | MOVO X11, 256(SP) 188 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 189 | SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) 190 | 191 | LOAD_MSG(X8, X9, X10, X11, SI, 11, 12, 5, 15, 8, 0, 2, 13) 192 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 193 | SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) 194 | LOAD_MSG(X8, X9, X10, X11, SI, 10, 3, 7, 9, 14, 6, 1, 4) 195 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 196 | SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) 197 | 198 | LOAD_MSG(X8, X9, X10, X11, SI, 7, 3, 13, 11, 9, 1, 12, 14) 199 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 200 | SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) 201 | LOAD_MSG(X8, X9, X10, X11, SI, 2, 5, 4, 15, 6, 10, 0, 8) 202 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 203 | SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) 204 | 205 | LOAD_MSG(X8, X9, X10, X11, SI, 9, 5, 2, 10, 0, 7, 4, 15) 206 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 207 | SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) 208 | LOAD_MSG(X8, X9, X10, X11, SI, 14, 11, 6, 3, 1, 12, 8, 13) 209 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 210 | SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) 211 | 212 | LOAD_MSG(X8, X9, X10, X11, SI, 2, 6, 0, 8, 12, 10, 11, 3) 213 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 214 | SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) 215 | LOAD_MSG(X8, X9, X10, X11, SI, 4, 7, 15, 1, 13, 5, 14, 9) 216 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 217 | SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) 218 | 219 | LOAD_MSG(X8, X9, X10, X11, SI, 12, 1, 14, 4, 5, 15, 13, 10) 220 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 221 | SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) 222 | LOAD_MSG(X8, X9, X10, X11, SI, 0, 6, 9, 8, 7, 3, 2, 11) 223 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 224 | SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) 225 | 226 | LOAD_MSG(X8, X9, X10, X11, SI, 13, 7, 12, 3, 11, 14, 1, 9) 227 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 228 | SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) 229 | LOAD_MSG(X8, X9, X10, X11, SI, 5, 15, 8, 2, 0, 4, 6, 10) 230 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 231 | SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) 232 | 233 | LOAD_MSG(X8, X9, X10, X11, SI, 6, 14, 11, 0, 15, 9, 3, 8) 234 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 235 | SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) 236 | LOAD_MSG(X8, X9, X10, X11, SI, 12, 13, 1, 10, 2, 7, 4, 5) 237 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 238 | SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) 239 | 240 | LOAD_MSG(X8, X9, X10, X11, SI, 10, 8, 7, 1, 2, 4, 6, 5) 241 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 242 | SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) 243 | LOAD_MSG(X8, X9, X10, X11, SI, 15, 9, 3, 13, 11, 14, 12, 0) 244 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) 245 | SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) 246 | 247 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 16(SP), 32(SP), 48(SP), 64(SP), X11, X13, X14) 248 | SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) 249 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 80(SP), 96(SP), 112(SP), 128(SP), X11, X13, X14) 250 | SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) 251 | 252 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 144(SP), 160(SP), 176(SP), 192(SP), X11, X13, X14) 253 | SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) 254 | HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 208(SP), 224(SP), 240(SP), 256(SP), X11, X13, X14) 255 | SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) 256 | 257 | MOVOU 32(AX), X10 258 | MOVOU 48(AX), X11 259 | PXOR X0, X12 260 | PXOR X1, X15 261 | PXOR X2, X10 262 | PXOR X3, X11 263 | PXOR X4, X12 264 | PXOR X5, X15 265 | PXOR X6, X10 266 | PXOR X7, X11 267 | MOVOU X10, 32(AX) 268 | MOVOU X11, 48(AX) 269 | 270 | LEAQ 128(SI), SI 271 | SUBQ $128, DI 272 | JNE loop 273 | 274 | MOVOU X12, 0(AX) 275 | MOVOU X15, 16(AX) 276 | 277 | MOVQ R8, 0(BX) 278 | MOVQ R9, 8(BX) 279 | 280 | MOVQ BP, SP 281 | RET 282 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/blake2b/blake2b_generic.go: -------------------------------------------------------------------------------- 1 | // Copyright 2016 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | package blake2b 6 | 7 | import "encoding/binary" 8 | 9 | // the precomputed values for BLAKE2b 10 | // there are 12 16-byte arrays - one for each round 11 | // the entries are calculated from the sigma constants. 12 | var precomputed = [12][16]byte{ 13 | {0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15}, 14 | {14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3}, 15 | {11, 12, 5, 15, 8, 0, 2, 13, 10, 3, 7, 9, 14, 6, 1, 4}, 16 | {7, 3, 13, 11, 9, 1, 12, 14, 2, 5, 4, 15, 6, 10, 0, 8}, 17 | {9, 5, 2, 10, 0, 7, 4, 15, 14, 11, 6, 3, 1, 12, 8, 13}, 18 | {2, 6, 0, 8, 12, 10, 11, 3, 4, 7, 15, 1, 13, 5, 14, 9}, 19 | {12, 1, 14, 4, 5, 15, 13, 10, 0, 6, 9, 8, 7, 3, 2, 11}, 20 | {13, 7, 12, 3, 11, 14, 1, 9, 5, 15, 8, 2, 0, 4, 6, 10}, 21 | {6, 14, 11, 0, 15, 9, 3, 8, 12, 13, 1, 10, 2, 7, 4, 5}, 22 | {10, 8, 7, 1, 2, 4, 6, 5, 15, 9, 3, 13, 11, 14, 12, 0}, 23 | {0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15}, // equal to the first 24 | {14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3}, // equal to the second 25 | } 26 | 27 | func hashBlocksGeneric(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) { 28 | var m [16]uint64 29 | c0, c1 := c[0], c[1] 30 | 31 | for i := 0; i < len(blocks); { 32 | c0 += BlockSize 33 | if c0 < BlockSize { 34 | c1++ 35 | } 36 | 37 | v0, v1, v2, v3, v4, v5, v6, v7 := h[0], h[1], h[2], h[3], h[4], h[5], h[6], h[7] 38 | v8, v9, v10, v11, v12, v13, v14, v15 := iv[0], iv[1], iv[2], iv[3], iv[4], iv[5], iv[6], iv[7] 39 | v12 ^= c0 40 | v13 ^= c1 41 | v14 ^= flag 42 | 43 | for j := range m { 44 | m[j] = binary.LittleEndian.Uint64(blocks[i:]) 45 | i += 8 46 | } 47 | 48 | for j := range precomputed { 49 | s := &(precomputed[j]) 50 | 51 | v0 += m[s[0]] 52 | v0 += v4 53 | v12 ^= v0 54 | v12 = v12<<(64-32) | v12>>32 55 | v8 += v12 56 | v4 ^= v8 57 | v4 = v4<<(64-24) | v4>>24 58 | v1 += m[s[1]] 59 | v1 += v5 60 | v13 ^= v1 61 | v13 = v13<<(64-32) | v13>>32 62 | v9 += v13 63 | v5 ^= v9 64 | v5 = v5<<(64-24) | v5>>24 65 | v2 += m[s[2]] 66 | v2 += v6 67 | v14 ^= v2 68 | v14 = v14<<(64-32) | v14>>32 69 | v10 += v14 70 | v6 ^= v10 71 | v6 = v6<<(64-24) | v6>>24 72 | v3 += m[s[3]] 73 | v3 += v7 74 | v15 ^= v3 75 | v15 = v15<<(64-32) | v15>>32 76 | v11 += v15 77 | v7 ^= v11 78 | v7 = v7<<(64-24) | v7>>24 79 | 80 | v0 += m[s[4]] 81 | v0 += v4 82 | v12 ^= v0 83 | v12 = v12<<(64-16) | v12>>16 84 | v8 += v12 85 | v4 ^= v8 86 | v4 = v4<<(64-63) | v4>>63 87 | v1 += m[s[5]] 88 | v1 += v5 89 | v13 ^= v1 90 | v13 = v13<<(64-16) | v13>>16 91 | v9 += v13 92 | v5 ^= v9 93 | v5 = v5<<(64-63) | v5>>63 94 | v2 += m[s[6]] 95 | v2 += v6 96 | v14 ^= v2 97 | v14 = v14<<(64-16) | v14>>16 98 | v10 += v14 99 | v6 ^= v10 100 | v6 = v6<<(64-63) | v6>>63 101 | v3 += m[s[7]] 102 | v3 += v7 103 | v15 ^= v3 104 | v15 = v15<<(64-16) | v15>>16 105 | v11 += v15 106 | v7 ^= v11 107 | v7 = v7<<(64-63) | v7>>63 108 | 109 | v0 += m[s[8]] 110 | v0 += v5 111 | v15 ^= v0 112 | v15 = v15<<(64-32) | v15>>32 113 | v10 += v15 114 | v5 ^= v10 115 | v5 = v5<<(64-24) | v5>>24 116 | v1 += m[s[9]] 117 | v1 += v6 118 | v12 ^= v1 119 | v12 = v12<<(64-32) | v12>>32 120 | v11 += v12 121 | v6 ^= v11 122 | v6 = v6<<(64-24) | v6>>24 123 | v2 += m[s[10]] 124 | v2 += v7 125 | v13 ^= v2 126 | v13 = v13<<(64-32) | v13>>32 127 | v8 += v13 128 | v7 ^= v8 129 | v7 = v7<<(64-24) | v7>>24 130 | v3 += m[s[11]] 131 | v3 += v4 132 | v14 ^= v3 133 | v14 = v14<<(64-32) | v14>>32 134 | v9 += v14 135 | v4 ^= v9 136 | v4 = v4<<(64-24) | v4>>24 137 | 138 | v0 += m[s[12]] 139 | v0 += v5 140 | v15 ^= v0 141 | v15 = v15<<(64-16) | v15>>16 142 | v10 += v15 143 | v5 ^= v10 144 | v5 = v5<<(64-63) | v5>>63 145 | v1 += m[s[13]] 146 | v1 += v6 147 | v12 ^= v1 148 | v12 = v12<<(64-16) | v12>>16 149 | v11 += v12 150 | v6 ^= v11 151 | v6 = v6<<(64-63) | v6>>63 152 | v2 += m[s[14]] 153 | v2 += v7 154 | v13 ^= v2 155 | v13 = v13<<(64-16) | v13>>16 156 | v8 += v13 157 | v7 ^= v8 158 | v7 = v7<<(64-63) | v7>>63 159 | v3 += m[s[15]] 160 | v3 += v4 161 | v14 ^= v3 162 | v14 = v14<<(64-16) | v14>>16 163 | v9 += v14 164 | v4 ^= v9 165 | v4 = v4<<(64-63) | v4>>63 166 | 167 | } 168 | 169 | h[0] ^= v0 ^ v8 170 | h[1] ^= v1 ^ v9 171 | h[2] ^= v2 ^ v10 172 | h[3] ^= v3 ^ v11 173 | h[4] ^= v4 ^ v12 174 | h[5] ^= v5 ^ v13 175 | h[6] ^= v6 ^ v14 176 | h[7] ^= v7 ^ v15 177 | } 178 | c[0], c[1] = c0, c1 179 | } 180 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/blake2b/blake2b_ref.go: -------------------------------------------------------------------------------- 1 | // Copyright 2016 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build !amd64 appengine gccgo 6 | 7 | package blake2b 8 | 9 | func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) { 10 | hashBlocksGeneric(h, c, flag, blocks) 11 | } 12 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/blake2b/blake2x.go: -------------------------------------------------------------------------------- 1 | // Copyright 2017 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | package blake2b 6 | 7 | import ( 8 | "encoding/binary" 9 | "errors" 10 | "io" 11 | ) 12 | 13 | // XOF defines the interface to hash functions that 14 | // support arbitrary-length output. 15 | type XOF interface { 16 | // Write absorbs more data into the hash's state. It panics if called 17 | // after Read. 18 | io.Writer 19 | 20 | // Read reads more output from the hash. It returns io.EOF if the limit 21 | // has been reached. 22 | io.Reader 23 | 24 | // Clone returns a copy of the XOF in its current state. 25 | Clone() XOF 26 | 27 | // Reset resets the XOF to its initial state. 28 | Reset() 29 | } 30 | 31 | // OutputLengthUnknown can be used as the size argument to NewXOF to indicate 32 | // the length of the output is not known in advance. 33 | const OutputLengthUnknown = 0 34 | 35 | // magicUnknownOutputLength is a magic value for the output size that indicates 36 | // an unknown number of output bytes. 37 | const magicUnknownOutputLength = (1 << 32) - 1 38 | 39 | // maxOutputLength is the absolute maximum number of bytes to produce when the 40 | // number of output bytes is unknown. 41 | const maxOutputLength = (1 << 32) * 64 42 | 43 | // NewXOF creates a new variable-output-length hash. The hash either produce a 44 | // known number of bytes (1 <= size < 2**32-1), or an unknown number of bytes 45 | // (size == OutputLengthUnknown). In the latter case, an absolute limit of 46 | // 256GiB applies. 47 | // 48 | // A non-nil key turns the hash into a MAC. The key must between 49 | // zero and 32 bytes long. 50 | func NewXOF(size uint32, key []byte) (XOF, error) { 51 | if len(key) > Size { 52 | return nil, errKeySize 53 | } 54 | if size == magicUnknownOutputLength { 55 | // 2^32-1 indicates an unknown number of bytes and thus isn't a 56 | // valid length. 57 | return nil, errors.New("blake2b: XOF length too large") 58 | } 59 | if size == OutputLengthUnknown { 60 | size = magicUnknownOutputLength 61 | } 62 | x := &xof{ 63 | d: digest{ 64 | size: Size, 65 | keyLen: len(key), 66 | }, 67 | length: size, 68 | } 69 | copy(x.d.key[:], key) 70 | x.Reset() 71 | return x, nil 72 | } 73 | 74 | type xof struct { 75 | d digest 76 | length uint32 77 | remaining uint64 78 | cfg, root, block [Size]byte 79 | offset int 80 | nodeOffset uint32 81 | readMode bool 82 | } 83 | 84 | func (x *xof) Write(p []byte) (n int, err error) { 85 | if x.readMode { 86 | panic("blake2b: write to XOF after read") 87 | } 88 | return x.d.Write(p) 89 | } 90 | 91 | func (x *xof) Clone() XOF { 92 | clone := *x 93 | return &clone 94 | } 95 | 96 | func (x *xof) Reset() { 97 | x.cfg[0] = byte(Size) 98 | binary.LittleEndian.PutUint32(x.cfg[4:], uint32(Size)) // leaf length 99 | binary.LittleEndian.PutUint32(x.cfg[12:], x.length) // XOF length 100 | x.cfg[17] = byte(Size) // inner hash size 101 | 102 | x.d.Reset() 103 | x.d.h[1] ^= uint64(x.length) << 32 104 | 105 | x.remaining = uint64(x.length) 106 | if x.remaining == magicUnknownOutputLength { 107 | x.remaining = maxOutputLength 108 | } 109 | x.offset, x.nodeOffset = 0, 0 110 | x.readMode = false 111 | } 112 | 113 | func (x *xof) Read(p []byte) (n int, err error) { 114 | if !x.readMode { 115 | x.d.finalize(&x.root) 116 | x.readMode = true 117 | } 118 | 119 | if x.remaining == 0 { 120 | return 0, io.EOF 121 | } 122 | 123 | n = len(p) 124 | if uint64(n) > x.remaining { 125 | n = int(x.remaining) 126 | p = p[:n] 127 | } 128 | 129 | if x.offset > 0 { 130 | blockRemaining := Size - x.offset 131 | if n < blockRemaining { 132 | x.offset += copy(p, x.block[x.offset:]) 133 | x.remaining -= uint64(n) 134 | return 135 | } 136 | copy(p, x.block[x.offset:]) 137 | p = p[blockRemaining:] 138 | x.offset = 0 139 | x.remaining -= uint64(blockRemaining) 140 | } 141 | 142 | for len(p) >= Size { 143 | binary.LittleEndian.PutUint32(x.cfg[8:], x.nodeOffset) 144 | x.nodeOffset++ 145 | 146 | x.d.initConfig(&x.cfg) 147 | x.d.Write(x.root[:]) 148 | x.d.finalize(&x.block) 149 | 150 | copy(p, x.block[:]) 151 | p = p[Size:] 152 | x.remaining -= uint64(Size) 153 | } 154 | 155 | if todo := len(p); todo > 0 { 156 | if x.remaining < uint64(Size) { 157 | x.cfg[0] = byte(x.remaining) 158 | } 159 | binary.LittleEndian.PutUint32(x.cfg[8:], x.nodeOffset) 160 | x.nodeOffset++ 161 | 162 | x.d.initConfig(&x.cfg) 163 | x.d.Write(x.root[:]) 164 | x.d.finalize(&x.block) 165 | 166 | x.offset = copy(p, x.block[:todo]) 167 | x.remaining -= uint64(todo) 168 | } 169 | return 170 | } 171 | 172 | func (d *digest) initConfig(cfg *[Size]byte) { 173 | d.offset, d.c[0], d.c[1] = 0, 0, 0 174 | for i := range d.h { 175 | d.h[i] = iv[i] ^ binary.LittleEndian.Uint64(cfg[i*8:]) 176 | } 177 | } 178 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/blake2b/register.go: -------------------------------------------------------------------------------- 1 | // Copyright 2017 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build go1.9 6 | 7 | package blake2b 8 | 9 | import ( 10 | "crypto" 11 | "hash" 12 | ) 13 | 14 | func init() { 15 | newHash256 := func() hash.Hash { 16 | h, _ := New256(nil) 17 | return h 18 | } 19 | newHash384 := func() hash.Hash { 20 | h, _ := New384(nil) 21 | return h 22 | } 23 | 24 | newHash512 := func() hash.Hash { 25 | h, _ := New512(nil) 26 | return h 27 | } 28 | 29 | crypto.RegisterHash(crypto.BLAKE2b_256, newHash256) 30 | crypto.RegisterHash(crypto.BLAKE2b_384, newHash384) 31 | crypto.RegisterHash(crypto.BLAKE2b_512, newHash512) 32 | } 33 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/internal/subtle/aliasing.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build !appengine 6 | 7 | // Package subtle implements functions that are often useful in cryptographic 8 | // code but require careful thought to use correctly. 9 | package subtle // import "golang.org/x/crypto/internal/subtle" 10 | 11 | import "unsafe" 12 | 13 | // AnyOverlap reports whether x and y share memory at any (not necessarily 14 | // corresponding) index. The memory beyond the slice length is ignored. 15 | func AnyOverlap(x, y []byte) bool { 16 | return len(x) > 0 && len(y) > 0 && 17 | uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) && 18 | uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1])) 19 | } 20 | 21 | // InexactOverlap reports whether x and y share memory at any non-corresponding 22 | // index. The memory beyond the slice length is ignored. Note that x and y can 23 | // have different lengths and still not have any inexact overlap. 24 | // 25 | // InexactOverlap can be used to implement the requirements of the crypto/cipher 26 | // AEAD, Block, BlockMode and Stream interfaces. 27 | func InexactOverlap(x, y []byte) bool { 28 | if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] { 29 | return false 30 | } 31 | return AnyOverlap(x, y) 32 | } 33 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/internal/subtle/aliasing_appengine.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build appengine 6 | 7 | // Package subtle implements functions that are often useful in cryptographic 8 | // code but require careful thought to use correctly. 9 | package subtle // import "golang.org/x/crypto/internal/subtle" 10 | 11 | // This is the Google App Engine standard variant based on reflect 12 | // because the unsafe package and cgo are disallowed. 13 | 14 | import "reflect" 15 | 16 | // AnyOverlap reports whether x and y share memory at any (not necessarily 17 | // corresponding) index. The memory beyond the slice length is ignored. 18 | func AnyOverlap(x, y []byte) bool { 19 | return len(x) > 0 && len(y) > 0 && 20 | reflect.ValueOf(&x[0]).Pointer() <= reflect.ValueOf(&y[len(y)-1]).Pointer() && 21 | reflect.ValueOf(&y[0]).Pointer() <= reflect.ValueOf(&x[len(x)-1]).Pointer() 22 | } 23 | 24 | // InexactOverlap reports whether x and y share memory at any non-corresponding 25 | // index. The memory beyond the slice length is ignored. Note that x and y can 26 | // have different lengths and still not have any inexact overlap. 27 | // 28 | // InexactOverlap can be used to implement the requirements of the crypto/cipher 29 | // AEAD, Block, BlockMode and Stream interfaces. 30 | func InexactOverlap(x, y []byte) bool { 31 | if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] { 32 | return false 33 | } 34 | return AnyOverlap(x, y) 35 | } 36 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/nacl/secretbox/secretbox.go: -------------------------------------------------------------------------------- 1 | // Copyright 2012 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | /* 6 | Package secretbox encrypts and authenticates small messages. 7 | 8 | Secretbox uses XSalsa20 and Poly1305 to encrypt and authenticate messages with 9 | secret-key cryptography. The length of messages is not hidden. 10 | 11 | It is the caller's responsibility to ensure the uniqueness of nonces—for 12 | example, by using nonce 1 for the first message, nonce 2 for the second 13 | message, etc. Nonces are long enough that randomly generated nonces have 14 | negligible risk of collision. 15 | 16 | Messages should be small because: 17 | 18 | 1. The whole message needs to be held in memory to be processed. 19 | 20 | 2. Using large messages pressures implementations on small machines to decrypt 21 | and process plaintext before authenticating it. This is very dangerous, and 22 | this API does not allow it, but a protocol that uses excessive message sizes 23 | might present some implementations with no other choice. 24 | 25 | 3. Fixed overheads will be sufficiently amortised by messages as small as 8KB. 26 | 27 | 4. Performance may be improved by working with messages that fit into data caches. 28 | 29 | Thus large amounts of data should be chunked so that each message is small. 30 | (Each message still needs a unique nonce.) If in doubt, 16KB is a reasonable 31 | chunk size. 32 | 33 | This package is interoperable with NaCl: https://nacl.cr.yp.to/secretbox.html. 34 | */ 35 | package secretbox // import "golang.org/x/crypto/nacl/secretbox" 36 | 37 | import ( 38 | "golang.org/x/crypto/internal/subtle" 39 | "golang.org/x/crypto/poly1305" 40 | "golang.org/x/crypto/salsa20/salsa" 41 | ) 42 | 43 | // Overhead is the number of bytes of overhead when boxing a message. 44 | const Overhead = poly1305.TagSize 45 | 46 | // setup produces a sub-key and Salsa20 counter given a nonce and key. 47 | func setup(subKey *[32]byte, counter *[16]byte, nonce *[24]byte, key *[32]byte) { 48 | // We use XSalsa20 for encryption so first we need to generate a 49 | // key and nonce with HSalsa20. 50 | var hNonce [16]byte 51 | copy(hNonce[:], nonce[:]) 52 | salsa.HSalsa20(subKey, &hNonce, key, &salsa.Sigma) 53 | 54 | // The final 8 bytes of the original nonce form the new nonce. 55 | copy(counter[:], nonce[16:]) 56 | } 57 | 58 | // sliceForAppend takes a slice and a requested number of bytes. It returns a 59 | // slice with the contents of the given slice followed by that many bytes and a 60 | // second slice that aliases into it and contains only the extra bytes. If the 61 | // original slice has sufficient capacity then no allocation is performed. 62 | func sliceForAppend(in []byte, n int) (head, tail []byte) { 63 | if total := len(in) + n; cap(in) >= total { 64 | head = in[:total] 65 | } else { 66 | head = make([]byte, total) 67 | copy(head, in) 68 | } 69 | tail = head[len(in):] 70 | return 71 | } 72 | 73 | // Seal appends an encrypted and authenticated copy of message to out, which 74 | // must not overlap message. The key and nonce pair must be unique for each 75 | // distinct message and the output will be Overhead bytes longer than message. 76 | func Seal(out, message []byte, nonce *[24]byte, key *[32]byte) []byte { 77 | var subKey [32]byte 78 | var counter [16]byte 79 | setup(&subKey, &counter, nonce, key) 80 | 81 | // The Poly1305 key is generated by encrypting 32 bytes of zeros. Since 82 | // Salsa20 works with 64-byte blocks, we also generate 32 bytes of 83 | // keystream as a side effect. 84 | var firstBlock [64]byte 85 | salsa.XORKeyStream(firstBlock[:], firstBlock[:], &counter, &subKey) 86 | 87 | var poly1305Key [32]byte 88 | copy(poly1305Key[:], firstBlock[:]) 89 | 90 | ret, out := sliceForAppend(out, len(message)+poly1305.TagSize) 91 | if subtle.AnyOverlap(out, message) { 92 | panic("nacl: invalid buffer overlap") 93 | } 94 | 95 | // We XOR up to 32 bytes of message with the keystream generated from 96 | // the first block. 97 | firstMessageBlock := message 98 | if len(firstMessageBlock) > 32 { 99 | firstMessageBlock = firstMessageBlock[:32] 100 | } 101 | 102 | tagOut := out 103 | out = out[poly1305.TagSize:] 104 | for i, x := range firstMessageBlock { 105 | out[i] = firstBlock[32+i] ^ x 106 | } 107 | message = message[len(firstMessageBlock):] 108 | ciphertext := out 109 | out = out[len(firstMessageBlock):] 110 | 111 | // Now encrypt the rest. 112 | counter[8] = 1 113 | salsa.XORKeyStream(out, message, &counter, &subKey) 114 | 115 | var tag [poly1305.TagSize]byte 116 | poly1305.Sum(&tag, ciphertext, &poly1305Key) 117 | copy(tagOut, tag[:]) 118 | 119 | return ret 120 | } 121 | 122 | // Open authenticates and decrypts a box produced by Seal and appends the 123 | // message to out, which must not overlap box. The output will be Overhead 124 | // bytes smaller than box. 125 | func Open(out, box []byte, nonce *[24]byte, key *[32]byte) ([]byte, bool) { 126 | if len(box) < Overhead { 127 | return nil, false 128 | } 129 | 130 | var subKey [32]byte 131 | var counter [16]byte 132 | setup(&subKey, &counter, nonce, key) 133 | 134 | // The Poly1305 key is generated by encrypting 32 bytes of zeros. Since 135 | // Salsa20 works with 64-byte blocks, we also generate 32 bytes of 136 | // keystream as a side effect. 137 | var firstBlock [64]byte 138 | salsa.XORKeyStream(firstBlock[:], firstBlock[:], &counter, &subKey) 139 | 140 | var poly1305Key [32]byte 141 | copy(poly1305Key[:], firstBlock[:]) 142 | var tag [poly1305.TagSize]byte 143 | copy(tag[:], box) 144 | 145 | if !poly1305.Verify(&tag, box[poly1305.TagSize:], &poly1305Key) { 146 | return nil, false 147 | } 148 | 149 | ret, out := sliceForAppend(out, len(box)-Overhead) 150 | if subtle.AnyOverlap(out, box) { 151 | panic("nacl: invalid buffer overlap") 152 | } 153 | 154 | // We XOR up to 32 bytes of box with the keystream generated from 155 | // the first block. 156 | box = box[Overhead:] 157 | firstMessageBlock := box 158 | if len(firstMessageBlock) > 32 { 159 | firstMessageBlock = firstMessageBlock[:32] 160 | } 161 | for i, x := range firstMessageBlock { 162 | out[i] = firstBlock[32+i] ^ x 163 | } 164 | 165 | box = box[len(firstMessageBlock):] 166 | out = out[len(firstMessageBlock):] 167 | 168 | // Now decrypt the rest. 169 | counter[8] = 1 170 | salsa.XORKeyStream(out, box, &counter, &subKey) 171 | 172 | return ret, true 173 | } 174 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go: -------------------------------------------------------------------------------- 1 | // Copyright 2012 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | /* 6 | Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 7 | 2898 / PKCS #5 v2.0. 8 | 9 | A key derivation function is useful when encrypting data based on a password 10 | or any other not-fully-random data. It uses a pseudorandom function to derive 11 | a secure encryption key based on the password. 12 | 13 | While v2.0 of the standard defines only one pseudorandom function to use, 14 | HMAC-SHA1, the drafted v2.1 specification allows use of all five FIPS Approved 15 | Hash Functions SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 for HMAC. To 16 | choose, you can pass the `New` functions from the different SHA packages to 17 | pbkdf2.Key. 18 | */ 19 | package pbkdf2 // import "golang.org/x/crypto/pbkdf2" 20 | 21 | import ( 22 | "crypto/hmac" 23 | "hash" 24 | ) 25 | 26 | // Key derives a key from the password, salt and iteration count, returning a 27 | // []byte of length keylen that can be used as cryptographic key. The key is 28 | // derived based on the method described as PBKDF2 with the HMAC variant using 29 | // the supplied hash function. 30 | // 31 | // For example, to use a HMAC-SHA-1 based PBKDF2 key derivation function, you 32 | // can get a derived key for e.g. AES-256 (which needs a 32-byte key) by 33 | // doing: 34 | // 35 | // dk := pbkdf2.Key([]byte("some password"), salt, 4096, 32, sha1.New) 36 | // 37 | // Remember to get a good random salt. At least 8 bytes is recommended by the 38 | // RFC. 39 | // 40 | // Using a higher iteration count will increase the cost of an exhaustive 41 | // search but will also make derivation proportionally slower. 42 | func Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte { 43 | prf := hmac.New(h, password) 44 | hashLen := prf.Size() 45 | numBlocks := (keyLen + hashLen - 1) / hashLen 46 | 47 | var buf [4]byte 48 | dk := make([]byte, 0, numBlocks*hashLen) 49 | U := make([]byte, hashLen) 50 | for block := 1; block <= numBlocks; block++ { 51 | // N.B.: || means concatenation, ^ means XOR 52 | // for each block T_i = U_1 ^ U_2 ^ ... ^ U_iter 53 | // U_1 = PRF(password, salt || uint(i)) 54 | prf.Reset() 55 | prf.Write(salt) 56 | buf[0] = byte(block >> 24) 57 | buf[1] = byte(block >> 16) 58 | buf[2] = byte(block >> 8) 59 | buf[3] = byte(block) 60 | prf.Write(buf[:4]) 61 | dk = prf.Sum(dk) 62 | T := dk[len(dk)-hashLen:] 63 | copy(U, T) 64 | 65 | // U_n = PRF(password, U_(n-1)) 66 | for n := 2; n <= iter; n++ { 67 | prf.Reset() 68 | prf.Write(U) 69 | U = U[:0] 70 | U = prf.Sum(U) 71 | for x := range U { 72 | T[x] ^= U[x] 73 | } 74 | } 75 | } 76 | return dk[:keyLen] 77 | } 78 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/poly1305/poly1305.go: -------------------------------------------------------------------------------- 1 | // Copyright 2012 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | /* 6 | Package poly1305 implements Poly1305 one-time message authentication code as 7 | specified in https://cr.yp.to/mac/poly1305-20050329.pdf. 8 | 9 | Poly1305 is a fast, one-time authentication function. It is infeasible for an 10 | attacker to generate an authenticator for a message without the key. However, a 11 | key must only be used for a single message. Authenticating two different 12 | messages with the same key allows an attacker to forge authenticators for other 13 | messages with the same key. 14 | 15 | Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was 16 | used with a fixed key in order to generate one-time keys from an nonce. 17 | However, in this package AES isn't used and the one-time key is specified 18 | directly. 19 | */ 20 | package poly1305 // import "golang.org/x/crypto/poly1305" 21 | 22 | import "crypto/subtle" 23 | 24 | // TagSize is the size, in bytes, of a poly1305 authenticator. 25 | const TagSize = 16 26 | 27 | // Verify returns true if mac is a valid authenticator for m with the given 28 | // key. 29 | func Verify(mac *[16]byte, m []byte, key *[32]byte) bool { 30 | var tmp [16]byte 31 | Sum(&tmp, m, key) 32 | return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1 33 | } 34 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/poly1305/sum_amd64.go: -------------------------------------------------------------------------------- 1 | // Copyright 2012 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build amd64,!gccgo,!appengine 6 | 7 | package poly1305 8 | 9 | // This function is implemented in sum_amd64.s 10 | //go:noescape 11 | func poly1305(out *[16]byte, m *byte, mlen uint64, key *[32]byte) 12 | 13 | // Sum generates an authenticator for m using a one-time key and puts the 14 | // 16-byte result into out. Authenticating two different messages with the same 15 | // key allows an attacker to forge messages at will. 16 | func Sum(out *[16]byte, m []byte, key *[32]byte) { 17 | var mPtr *byte 18 | if len(m) > 0 { 19 | mPtr = &m[0] 20 | } 21 | poly1305(out, mPtr, uint64(len(m)), key) 22 | } 23 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/poly1305/sum_amd64.s: -------------------------------------------------------------------------------- 1 | // Copyright 2012 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build amd64,!gccgo,!appengine 6 | 7 | #include "textflag.h" 8 | 9 | #define POLY1305_ADD(msg, h0, h1, h2) \ 10 | ADDQ 0(msg), h0; \ 11 | ADCQ 8(msg), h1; \ 12 | ADCQ $1, h2; \ 13 | LEAQ 16(msg), msg 14 | 15 | #define POLY1305_MUL(h0, h1, h2, r0, r1, t0, t1, t2, t3) \ 16 | MOVQ r0, AX; \ 17 | MULQ h0; \ 18 | MOVQ AX, t0; \ 19 | MOVQ DX, t1; \ 20 | MOVQ r0, AX; \ 21 | MULQ h1; \ 22 | ADDQ AX, t1; \ 23 | ADCQ $0, DX; \ 24 | MOVQ r0, t2; \ 25 | IMULQ h2, t2; \ 26 | ADDQ DX, t2; \ 27 | \ 28 | MOVQ r1, AX; \ 29 | MULQ h0; \ 30 | ADDQ AX, t1; \ 31 | ADCQ $0, DX; \ 32 | MOVQ DX, h0; \ 33 | MOVQ r1, t3; \ 34 | IMULQ h2, t3; \ 35 | MOVQ r1, AX; \ 36 | MULQ h1; \ 37 | ADDQ AX, t2; \ 38 | ADCQ DX, t3; \ 39 | ADDQ h0, t2; \ 40 | ADCQ $0, t3; \ 41 | \ 42 | MOVQ t0, h0; \ 43 | MOVQ t1, h1; \ 44 | MOVQ t2, h2; \ 45 | ANDQ $3, h2; \ 46 | MOVQ t2, t0; \ 47 | ANDQ $0xFFFFFFFFFFFFFFFC, t0; \ 48 | ADDQ t0, h0; \ 49 | ADCQ t3, h1; \ 50 | ADCQ $0, h2; \ 51 | SHRQ $2, t3, t2; \ 52 | SHRQ $2, t3; \ 53 | ADDQ t2, h0; \ 54 | ADCQ t3, h1; \ 55 | ADCQ $0, h2 56 | 57 | DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF 58 | DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC 59 | GLOBL ·poly1305Mask<>(SB), RODATA, $16 60 | 61 | // func poly1305(out *[16]byte, m *byte, mlen uint64, key *[32]key) 62 | TEXT ·poly1305(SB), $0-32 63 | MOVQ out+0(FP), DI 64 | MOVQ m+8(FP), SI 65 | MOVQ mlen+16(FP), R15 66 | MOVQ key+24(FP), AX 67 | 68 | MOVQ 0(AX), R11 69 | MOVQ 8(AX), R12 70 | ANDQ ·poly1305Mask<>(SB), R11 // r0 71 | ANDQ ·poly1305Mask<>+8(SB), R12 // r1 72 | XORQ R8, R8 // h0 73 | XORQ R9, R9 // h1 74 | XORQ R10, R10 // h2 75 | 76 | CMPQ R15, $16 77 | JB bytes_between_0_and_15 78 | 79 | loop: 80 | POLY1305_ADD(SI, R8, R9, R10) 81 | 82 | multiply: 83 | POLY1305_MUL(R8, R9, R10, R11, R12, BX, CX, R13, R14) 84 | SUBQ $16, R15 85 | CMPQ R15, $16 86 | JAE loop 87 | 88 | bytes_between_0_and_15: 89 | TESTQ R15, R15 90 | JZ done 91 | MOVQ $1, BX 92 | XORQ CX, CX 93 | XORQ R13, R13 94 | ADDQ R15, SI 95 | 96 | flush_buffer: 97 | SHLQ $8, BX, CX 98 | SHLQ $8, BX 99 | MOVB -1(SI), R13 100 | XORQ R13, BX 101 | DECQ SI 102 | DECQ R15 103 | JNZ flush_buffer 104 | 105 | ADDQ BX, R8 106 | ADCQ CX, R9 107 | ADCQ $0, R10 108 | MOVQ $16, R15 109 | JMP multiply 110 | 111 | done: 112 | MOVQ R8, AX 113 | MOVQ R9, BX 114 | SUBQ $0xFFFFFFFFFFFFFFFB, AX 115 | SBBQ $0xFFFFFFFFFFFFFFFF, BX 116 | SBBQ $3, R10 117 | CMOVQCS R8, AX 118 | CMOVQCS R9, BX 119 | MOVQ key+24(FP), R8 120 | ADDQ 16(R8), AX 121 | ADCQ 24(R8), BX 122 | 123 | MOVQ AX, 0(DI) 124 | MOVQ BX, 8(DI) 125 | RET 126 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/poly1305/sum_arm.go: -------------------------------------------------------------------------------- 1 | // Copyright 2015 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build arm,!gccgo,!appengine,!nacl 6 | 7 | package poly1305 8 | 9 | // This function is implemented in sum_arm.s 10 | //go:noescape 11 | func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]byte) 12 | 13 | // Sum generates an authenticator for m using a one-time key and puts the 14 | // 16-byte result into out. Authenticating two different messages with the same 15 | // key allows an attacker to forge messages at will. 16 | func Sum(out *[16]byte, m []byte, key *[32]byte) { 17 | var mPtr *byte 18 | if len(m) > 0 { 19 | mPtr = &m[0] 20 | } 21 | poly1305_auth_armv6(out, mPtr, uint32(len(m)), key) 22 | } 23 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/poly1305/sum_arm.s: -------------------------------------------------------------------------------- 1 | // Copyright 2015 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build arm,!gccgo,!appengine,!nacl 6 | 7 | #include "textflag.h" 8 | 9 | // This code was translated into a form compatible with 5a from the public 10 | // domain source by Andrew Moon: github.com/floodyberry/poly1305-opt/blob/master/app/extensions/poly1305. 11 | 12 | DATA ·poly1305_init_constants_armv6<>+0x00(SB)/4, $0x3ffffff 13 | DATA ·poly1305_init_constants_armv6<>+0x04(SB)/4, $0x3ffff03 14 | DATA ·poly1305_init_constants_armv6<>+0x08(SB)/4, $0x3ffc0ff 15 | DATA ·poly1305_init_constants_armv6<>+0x0c(SB)/4, $0x3f03fff 16 | DATA ·poly1305_init_constants_armv6<>+0x10(SB)/4, $0x00fffff 17 | GLOBL ·poly1305_init_constants_armv6<>(SB), 8, $20 18 | 19 | // Warning: the linker may use R11 to synthesize certain instructions. Please 20 | // take care and verify that no synthetic instructions use it. 21 | 22 | TEXT poly1305_init_ext_armv6<>(SB), NOSPLIT, $0 23 | // Needs 16 bytes of stack and 64 bytes of space pointed to by R0. (It 24 | // might look like it's only 60 bytes of space but the final four bytes 25 | // will be written by another function.) We need to skip over four 26 | // bytes of stack because that's saving the value of 'g'. 27 | ADD $4, R13, R8 28 | MOVM.IB [R4-R7], (R8) 29 | MOVM.IA.W (R1), [R2-R5] 30 | MOVW $·poly1305_init_constants_armv6<>(SB), R7 31 | MOVW R2, R8 32 | MOVW R2>>26, R9 33 | MOVW R3>>20, g 34 | MOVW R4>>14, R11 35 | MOVW R5>>8, R12 36 | ORR R3<<6, R9, R9 37 | ORR R4<<12, g, g 38 | ORR R5<<18, R11, R11 39 | MOVM.IA (R7), [R2-R6] 40 | AND R8, R2, R2 41 | AND R9, R3, R3 42 | AND g, R4, R4 43 | AND R11, R5, R5 44 | AND R12, R6, R6 45 | MOVM.IA.W [R2-R6], (R0) 46 | EOR R2, R2, R2 47 | EOR R3, R3, R3 48 | EOR R4, R4, R4 49 | EOR R5, R5, R5 50 | EOR R6, R6, R6 51 | MOVM.IA.W [R2-R6], (R0) 52 | MOVM.IA.W (R1), [R2-R5] 53 | MOVM.IA [R2-R6], (R0) 54 | ADD $20, R13, R0 55 | MOVM.DA (R0), [R4-R7] 56 | RET 57 | 58 | #define MOVW_UNALIGNED(Rsrc, Rdst, Rtmp, offset) \ 59 | MOVBU (offset+0)(Rsrc), Rtmp; \ 60 | MOVBU Rtmp, (offset+0)(Rdst); \ 61 | MOVBU (offset+1)(Rsrc), Rtmp; \ 62 | MOVBU Rtmp, (offset+1)(Rdst); \ 63 | MOVBU (offset+2)(Rsrc), Rtmp; \ 64 | MOVBU Rtmp, (offset+2)(Rdst); \ 65 | MOVBU (offset+3)(Rsrc), Rtmp; \ 66 | MOVBU Rtmp, (offset+3)(Rdst) 67 | 68 | TEXT poly1305_blocks_armv6<>(SB), NOSPLIT, $0 69 | // Needs 24 bytes of stack for saved registers and then 88 bytes of 70 | // scratch space after that. We assume that 24 bytes at (R13) have 71 | // already been used: four bytes for the link register saved in the 72 | // prelude of poly1305_auth_armv6, four bytes for saving the value of g 73 | // in that function and 16 bytes of scratch space used around 74 | // poly1305_finish_ext_armv6_skip1. 75 | ADD $24, R13, R12 76 | MOVM.IB [R4-R8, R14], (R12) 77 | MOVW R0, 88(R13) 78 | MOVW R1, 92(R13) 79 | MOVW R2, 96(R13) 80 | MOVW R1, R14 81 | MOVW R2, R12 82 | MOVW 56(R0), R8 83 | WORD $0xe1180008 // TST R8, R8 not working see issue 5921 84 | EOR R6, R6, R6 85 | MOVW.EQ $(1<<24), R6 86 | MOVW R6, 84(R13) 87 | ADD $116, R13, g 88 | MOVM.IA (R0), [R0-R9] 89 | MOVM.IA [R0-R4], (g) 90 | CMP $16, R12 91 | BLO poly1305_blocks_armv6_done 92 | 93 | poly1305_blocks_armv6_mainloop: 94 | WORD $0xe31e0003 // TST R14, #3 not working see issue 5921 95 | BEQ poly1305_blocks_armv6_mainloop_aligned 96 | ADD $100, R13, g 97 | MOVW_UNALIGNED(R14, g, R0, 0) 98 | MOVW_UNALIGNED(R14, g, R0, 4) 99 | MOVW_UNALIGNED(R14, g, R0, 8) 100 | MOVW_UNALIGNED(R14, g, R0, 12) 101 | MOVM.IA (g), [R0-R3] 102 | ADD $16, R14 103 | B poly1305_blocks_armv6_mainloop_loaded 104 | 105 | poly1305_blocks_armv6_mainloop_aligned: 106 | MOVM.IA.W (R14), [R0-R3] 107 | 108 | poly1305_blocks_armv6_mainloop_loaded: 109 | MOVW R0>>26, g 110 | MOVW R1>>20, R11 111 | MOVW R2>>14, R12 112 | MOVW R14, 92(R13) 113 | MOVW R3>>8, R4 114 | ORR R1<<6, g, g 115 | ORR R2<<12, R11, R11 116 | ORR R3<<18, R12, R12 117 | BIC $0xfc000000, R0, R0 118 | BIC $0xfc000000, g, g 119 | MOVW 84(R13), R3 120 | BIC $0xfc000000, R11, R11 121 | BIC $0xfc000000, R12, R12 122 | ADD R0, R5, R5 123 | ADD g, R6, R6 124 | ORR R3, R4, R4 125 | ADD R11, R7, R7 126 | ADD $116, R13, R14 127 | ADD R12, R8, R8 128 | ADD R4, R9, R9 129 | MOVM.IA (R14), [R0-R4] 130 | MULLU R4, R5, (R11, g) 131 | MULLU R3, R5, (R14, R12) 132 | MULALU R3, R6, (R11, g) 133 | MULALU R2, R6, (R14, R12) 134 | MULALU R2, R7, (R11, g) 135 | MULALU R1, R7, (R14, R12) 136 | ADD R4<<2, R4, R4 137 | ADD R3<<2, R3, R3 138 | MULALU R1, R8, (R11, g) 139 | MULALU R0, R8, (R14, R12) 140 | MULALU R0, R9, (R11, g) 141 | MULALU R4, R9, (R14, R12) 142 | MOVW g, 76(R13) 143 | MOVW R11, 80(R13) 144 | MOVW R12, 68(R13) 145 | MOVW R14, 72(R13) 146 | MULLU R2, R5, (R11, g) 147 | MULLU R1, R5, (R14, R12) 148 | MULALU R1, R6, (R11, g) 149 | MULALU R0, R6, (R14, R12) 150 | MULALU R0, R7, (R11, g) 151 | MULALU R4, R7, (R14, R12) 152 | ADD R2<<2, R2, R2 153 | ADD R1<<2, R1, R1 154 | MULALU R4, R8, (R11, g) 155 | MULALU R3, R8, (R14, R12) 156 | MULALU R3, R9, (R11, g) 157 | MULALU R2, R9, (R14, R12) 158 | MOVW g, 60(R13) 159 | MOVW R11, 64(R13) 160 | MOVW R12, 52(R13) 161 | MOVW R14, 56(R13) 162 | MULLU R0, R5, (R11, g) 163 | MULALU R4, R6, (R11, g) 164 | MULALU R3, R7, (R11, g) 165 | MULALU R2, R8, (R11, g) 166 | MULALU R1, R9, (R11, g) 167 | ADD $52, R13, R0 168 | MOVM.IA (R0), [R0-R7] 169 | MOVW g>>26, R12 170 | MOVW R4>>26, R14 171 | ORR R11<<6, R12, R12 172 | ORR R5<<6, R14, R14 173 | BIC $0xfc000000, g, g 174 | BIC $0xfc000000, R4, R4 175 | ADD.S R12, R0, R0 176 | ADC $0, R1, R1 177 | ADD.S R14, R6, R6 178 | ADC $0, R7, R7 179 | MOVW R0>>26, R12 180 | MOVW R6>>26, R14 181 | ORR R1<<6, R12, R12 182 | ORR R7<<6, R14, R14 183 | BIC $0xfc000000, R0, R0 184 | BIC $0xfc000000, R6, R6 185 | ADD R14<<2, R14, R14 186 | ADD.S R12, R2, R2 187 | ADC $0, R3, R3 188 | ADD R14, g, g 189 | MOVW R2>>26, R12 190 | MOVW g>>26, R14 191 | ORR R3<<6, R12, R12 192 | BIC $0xfc000000, g, R5 193 | BIC $0xfc000000, R2, R7 194 | ADD R12, R4, R4 195 | ADD R14, R0, R0 196 | MOVW R4>>26, R12 197 | BIC $0xfc000000, R4, R8 198 | ADD R12, R6, R9 199 | MOVW 96(R13), R12 200 | MOVW 92(R13), R14 201 | MOVW R0, R6 202 | CMP $32, R12 203 | SUB $16, R12, R12 204 | MOVW R12, 96(R13) 205 | BHS poly1305_blocks_armv6_mainloop 206 | 207 | poly1305_blocks_armv6_done: 208 | MOVW 88(R13), R12 209 | MOVW R5, 20(R12) 210 | MOVW R6, 24(R12) 211 | MOVW R7, 28(R12) 212 | MOVW R8, 32(R12) 213 | MOVW R9, 36(R12) 214 | ADD $48, R13, R0 215 | MOVM.DA (R0), [R4-R8, R14] 216 | RET 217 | 218 | #define MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp) \ 219 | MOVBU.P 1(Rsrc), Rtmp; \ 220 | MOVBU.P Rtmp, 1(Rdst); \ 221 | MOVBU.P 1(Rsrc), Rtmp; \ 222 | MOVBU.P Rtmp, 1(Rdst) 223 | 224 | #define MOVWP_UNALIGNED(Rsrc, Rdst, Rtmp) \ 225 | MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp); \ 226 | MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp) 227 | 228 | // func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]key) 229 | TEXT ·poly1305_auth_armv6(SB), $196-16 230 | // The value 196, just above, is the sum of 64 (the size of the context 231 | // structure) and 132 (the amount of stack needed). 232 | // 233 | // At this point, the stack pointer (R13) has been moved down. It 234 | // points to the saved link register and there's 196 bytes of free 235 | // space above it. 236 | // 237 | // The stack for this function looks like: 238 | // 239 | // +--------------------- 240 | // | 241 | // | 64 bytes of context structure 242 | // | 243 | // +--------------------- 244 | // | 245 | // | 112 bytes for poly1305_blocks_armv6 246 | // | 247 | // +--------------------- 248 | // | 16 bytes of final block, constructed at 249 | // | poly1305_finish_ext_armv6_skip8 250 | // +--------------------- 251 | // | four bytes of saved 'g' 252 | // +--------------------- 253 | // | lr, saved by prelude <- R13 points here 254 | // +--------------------- 255 | MOVW g, 4(R13) 256 | 257 | MOVW out+0(FP), R4 258 | MOVW m+4(FP), R5 259 | MOVW mlen+8(FP), R6 260 | MOVW key+12(FP), R7 261 | 262 | ADD $136, R13, R0 // 136 = 4 + 4 + 16 + 112 263 | MOVW R7, R1 264 | 265 | // poly1305_init_ext_armv6 will write to the stack from R13+4, but 266 | // that's ok because none of the other values have been written yet. 267 | BL poly1305_init_ext_armv6<>(SB) 268 | BIC.S $15, R6, R2 269 | BEQ poly1305_auth_armv6_noblocks 270 | ADD $136, R13, R0 271 | MOVW R5, R1 272 | ADD R2, R5, R5 273 | SUB R2, R6, R6 274 | BL poly1305_blocks_armv6<>(SB) 275 | 276 | poly1305_auth_armv6_noblocks: 277 | ADD $136, R13, R0 278 | MOVW R5, R1 279 | MOVW R6, R2 280 | MOVW R4, R3 281 | 282 | MOVW R0, R5 283 | MOVW R1, R6 284 | MOVW R2, R7 285 | MOVW R3, R8 286 | AND.S R2, R2, R2 287 | BEQ poly1305_finish_ext_armv6_noremaining 288 | EOR R0, R0 289 | ADD $8, R13, R9 // 8 = offset to 16 byte scratch space 290 | MOVW R0, (R9) 291 | MOVW R0, 4(R9) 292 | MOVW R0, 8(R9) 293 | MOVW R0, 12(R9) 294 | WORD $0xe3110003 // TST R1, #3 not working see issue 5921 295 | BEQ poly1305_finish_ext_armv6_aligned 296 | WORD $0xe3120008 // TST R2, #8 not working see issue 5921 297 | BEQ poly1305_finish_ext_armv6_skip8 298 | MOVWP_UNALIGNED(R1, R9, g) 299 | MOVWP_UNALIGNED(R1, R9, g) 300 | 301 | poly1305_finish_ext_armv6_skip8: 302 | WORD $0xe3120004 // TST $4, R2 not working see issue 5921 303 | BEQ poly1305_finish_ext_armv6_skip4 304 | MOVWP_UNALIGNED(R1, R9, g) 305 | 306 | poly1305_finish_ext_armv6_skip4: 307 | WORD $0xe3120002 // TST $2, R2 not working see issue 5921 308 | BEQ poly1305_finish_ext_armv6_skip2 309 | MOVHUP_UNALIGNED(R1, R9, g) 310 | B poly1305_finish_ext_armv6_skip2 311 | 312 | poly1305_finish_ext_armv6_aligned: 313 | WORD $0xe3120008 // TST R2, #8 not working see issue 5921 314 | BEQ poly1305_finish_ext_armv6_skip8_aligned 315 | MOVM.IA.W (R1), [g-R11] 316 | MOVM.IA.W [g-R11], (R9) 317 | 318 | poly1305_finish_ext_armv6_skip8_aligned: 319 | WORD $0xe3120004 // TST $4, R2 not working see issue 5921 320 | BEQ poly1305_finish_ext_armv6_skip4_aligned 321 | MOVW.P 4(R1), g 322 | MOVW.P g, 4(R9) 323 | 324 | poly1305_finish_ext_armv6_skip4_aligned: 325 | WORD $0xe3120002 // TST $2, R2 not working see issue 5921 326 | BEQ poly1305_finish_ext_armv6_skip2 327 | MOVHU.P 2(R1), g 328 | MOVH.P g, 2(R9) 329 | 330 | poly1305_finish_ext_armv6_skip2: 331 | WORD $0xe3120001 // TST $1, R2 not working see issue 5921 332 | BEQ poly1305_finish_ext_armv6_skip1 333 | MOVBU.P 1(R1), g 334 | MOVBU.P g, 1(R9) 335 | 336 | poly1305_finish_ext_armv6_skip1: 337 | MOVW $1, R11 338 | MOVBU R11, 0(R9) 339 | MOVW R11, 56(R5) 340 | MOVW R5, R0 341 | ADD $8, R13, R1 342 | MOVW $16, R2 343 | BL poly1305_blocks_armv6<>(SB) 344 | 345 | poly1305_finish_ext_armv6_noremaining: 346 | MOVW 20(R5), R0 347 | MOVW 24(R5), R1 348 | MOVW 28(R5), R2 349 | MOVW 32(R5), R3 350 | MOVW 36(R5), R4 351 | MOVW R4>>26, R12 352 | BIC $0xfc000000, R4, R4 353 | ADD R12<<2, R12, R12 354 | ADD R12, R0, R0 355 | MOVW R0>>26, R12 356 | BIC $0xfc000000, R0, R0 357 | ADD R12, R1, R1 358 | MOVW R1>>26, R12 359 | BIC $0xfc000000, R1, R1 360 | ADD R12, R2, R2 361 | MOVW R2>>26, R12 362 | BIC $0xfc000000, R2, R2 363 | ADD R12, R3, R3 364 | MOVW R3>>26, R12 365 | BIC $0xfc000000, R3, R3 366 | ADD R12, R4, R4 367 | ADD $5, R0, R6 368 | MOVW R6>>26, R12 369 | BIC $0xfc000000, R6, R6 370 | ADD R12, R1, R7 371 | MOVW R7>>26, R12 372 | BIC $0xfc000000, R7, R7 373 | ADD R12, R2, g 374 | MOVW g>>26, R12 375 | BIC $0xfc000000, g, g 376 | ADD R12, R3, R11 377 | MOVW $-(1<<26), R12 378 | ADD R11>>26, R12, R12 379 | BIC $0xfc000000, R11, R11 380 | ADD R12, R4, R9 381 | MOVW R9>>31, R12 382 | SUB $1, R12 383 | AND R12, R6, R6 384 | AND R12, R7, R7 385 | AND R12, g, g 386 | AND R12, R11, R11 387 | AND R12, R9, R9 388 | MVN R12, R12 389 | AND R12, R0, R0 390 | AND R12, R1, R1 391 | AND R12, R2, R2 392 | AND R12, R3, R3 393 | AND R12, R4, R4 394 | ORR R6, R0, R0 395 | ORR R7, R1, R1 396 | ORR g, R2, R2 397 | ORR R11, R3, R3 398 | ORR R9, R4, R4 399 | ORR R1<<26, R0, R0 400 | MOVW R1>>6, R1 401 | ORR R2<<20, R1, R1 402 | MOVW R2>>12, R2 403 | ORR R3<<14, R2, R2 404 | MOVW R3>>18, R3 405 | ORR R4<<8, R3, R3 406 | MOVW 40(R5), R6 407 | MOVW 44(R5), R7 408 | MOVW 48(R5), g 409 | MOVW 52(R5), R11 410 | ADD.S R6, R0, R0 411 | ADC.S R7, R1, R1 412 | ADC.S g, R2, R2 413 | ADC.S R11, R3, R3 414 | MOVM.IA [R0-R3], (R8) 415 | MOVW R5, R12 416 | EOR R0, R0, R0 417 | EOR R1, R1, R1 418 | EOR R2, R2, R2 419 | EOR R3, R3, R3 420 | EOR R4, R4, R4 421 | EOR R5, R5, R5 422 | EOR R6, R6, R6 423 | EOR R7, R7, R7 424 | MOVM.IA.W [R0-R7], (R12) 425 | MOVM.IA [R0-R7], (R12) 426 | MOVW 4(R13), g 427 | RET 428 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/poly1305/sum_noasm.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build s390x,!go1.11 !arm,!amd64,!s390x gccgo appengine nacl 6 | 7 | package poly1305 8 | 9 | // Sum generates an authenticator for msg using a one-time key and puts the 10 | // 16-byte result into out. Authenticating two different messages with the same 11 | // key allows an attacker to forge messages at will. 12 | func Sum(out *[TagSize]byte, msg []byte, key *[32]byte) { 13 | sumGeneric(out, msg, key) 14 | } 15 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/poly1305/sum_ref.go: -------------------------------------------------------------------------------- 1 | // Copyright 2012 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | package poly1305 6 | 7 | import "encoding/binary" 8 | 9 | // sumGeneric generates an authenticator for msg using a one-time key and 10 | // puts the 16-byte result into out. This is the generic implementation of 11 | // Sum and should be called if no assembly implementation is available. 12 | func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) { 13 | var ( 14 | h0, h1, h2, h3, h4 uint32 // the hash accumulators 15 | r0, r1, r2, r3, r4 uint64 // the r part of the key 16 | ) 17 | 18 | r0 = uint64(binary.LittleEndian.Uint32(key[0:]) & 0x3ffffff) 19 | r1 = uint64((binary.LittleEndian.Uint32(key[3:]) >> 2) & 0x3ffff03) 20 | r2 = uint64((binary.LittleEndian.Uint32(key[6:]) >> 4) & 0x3ffc0ff) 21 | r3 = uint64((binary.LittleEndian.Uint32(key[9:]) >> 6) & 0x3f03fff) 22 | r4 = uint64((binary.LittleEndian.Uint32(key[12:]) >> 8) & 0x00fffff) 23 | 24 | R1, R2, R3, R4 := r1*5, r2*5, r3*5, r4*5 25 | 26 | for len(msg) >= TagSize { 27 | // h += msg 28 | h0 += binary.LittleEndian.Uint32(msg[0:]) & 0x3ffffff 29 | h1 += (binary.LittleEndian.Uint32(msg[3:]) >> 2) & 0x3ffffff 30 | h2 += (binary.LittleEndian.Uint32(msg[6:]) >> 4) & 0x3ffffff 31 | h3 += (binary.LittleEndian.Uint32(msg[9:]) >> 6) & 0x3ffffff 32 | h4 += (binary.LittleEndian.Uint32(msg[12:]) >> 8) | (1 << 24) 33 | 34 | // h *= r 35 | d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1) 36 | d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2) 37 | d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3) 38 | d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4) 39 | d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0) 40 | 41 | // h %= p 42 | h0 = uint32(d0) & 0x3ffffff 43 | h1 = uint32(d1) & 0x3ffffff 44 | h2 = uint32(d2) & 0x3ffffff 45 | h3 = uint32(d3) & 0x3ffffff 46 | h4 = uint32(d4) & 0x3ffffff 47 | 48 | h0 += uint32(d4>>26) * 5 49 | h1 += h0 >> 26 50 | h0 = h0 & 0x3ffffff 51 | 52 | msg = msg[TagSize:] 53 | } 54 | 55 | if len(msg) > 0 { 56 | var block [TagSize]byte 57 | off := copy(block[:], msg) 58 | block[off] = 0x01 59 | 60 | // h += msg 61 | h0 += binary.LittleEndian.Uint32(block[0:]) & 0x3ffffff 62 | h1 += (binary.LittleEndian.Uint32(block[3:]) >> 2) & 0x3ffffff 63 | h2 += (binary.LittleEndian.Uint32(block[6:]) >> 4) & 0x3ffffff 64 | h3 += (binary.LittleEndian.Uint32(block[9:]) >> 6) & 0x3ffffff 65 | h4 += (binary.LittleEndian.Uint32(block[12:]) >> 8) 66 | 67 | // h *= r 68 | d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1) 69 | d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2) 70 | d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3) 71 | d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4) 72 | d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0) 73 | 74 | // h %= p 75 | h0 = uint32(d0) & 0x3ffffff 76 | h1 = uint32(d1) & 0x3ffffff 77 | h2 = uint32(d2) & 0x3ffffff 78 | h3 = uint32(d3) & 0x3ffffff 79 | h4 = uint32(d4) & 0x3ffffff 80 | 81 | h0 += uint32(d4>>26) * 5 82 | h1 += h0 >> 26 83 | h0 = h0 & 0x3ffffff 84 | } 85 | 86 | // h %= p reduction 87 | h2 += h1 >> 26 88 | h1 &= 0x3ffffff 89 | h3 += h2 >> 26 90 | h2 &= 0x3ffffff 91 | h4 += h3 >> 26 92 | h3 &= 0x3ffffff 93 | h0 += 5 * (h4 >> 26) 94 | h4 &= 0x3ffffff 95 | h1 += h0 >> 26 96 | h0 &= 0x3ffffff 97 | 98 | // h - p 99 | t0 := h0 + 5 100 | t1 := h1 + (t0 >> 26) 101 | t2 := h2 + (t1 >> 26) 102 | t3 := h3 + (t2 >> 26) 103 | t4 := h4 + (t3 >> 26) - (1 << 26) 104 | t0 &= 0x3ffffff 105 | t1 &= 0x3ffffff 106 | t2 &= 0x3ffffff 107 | t3 &= 0x3ffffff 108 | 109 | // select h if h < p else h - p 110 | t_mask := (t4 >> 31) - 1 111 | h_mask := ^t_mask 112 | h0 = (h0 & h_mask) | (t0 & t_mask) 113 | h1 = (h1 & h_mask) | (t1 & t_mask) 114 | h2 = (h2 & h_mask) | (t2 & t_mask) 115 | h3 = (h3 & h_mask) | (t3 & t_mask) 116 | h4 = (h4 & h_mask) | (t4 & t_mask) 117 | 118 | // h %= 2^128 119 | h0 |= h1 << 26 120 | h1 = ((h1 >> 6) | (h2 << 20)) 121 | h2 = ((h2 >> 12) | (h3 << 14)) 122 | h3 = ((h3 >> 18) | (h4 << 8)) 123 | 124 | // s: the s part of the key 125 | // tag = (h + s) % (2^128) 126 | t := uint64(h0) + uint64(binary.LittleEndian.Uint32(key[16:])) 127 | h0 = uint32(t) 128 | t = uint64(h1) + uint64(binary.LittleEndian.Uint32(key[20:])) + (t >> 32) 129 | h1 = uint32(t) 130 | t = uint64(h2) + uint64(binary.LittleEndian.Uint32(key[24:])) + (t >> 32) 131 | h2 = uint32(t) 132 | t = uint64(h3) + uint64(binary.LittleEndian.Uint32(key[28:])) + (t >> 32) 133 | h3 = uint32(t) 134 | 135 | binary.LittleEndian.PutUint32(out[0:], h0) 136 | binary.LittleEndian.PutUint32(out[4:], h1) 137 | binary.LittleEndian.PutUint32(out[8:], h2) 138 | binary.LittleEndian.PutUint32(out[12:], h3) 139 | } 140 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/poly1305/sum_s390x.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build s390x,go1.11,!gccgo,!appengine 6 | 7 | package poly1305 8 | 9 | // hasVectorFacility reports whether the machine supports 10 | // the vector facility (vx). 11 | func hasVectorFacility() bool 12 | 13 | // hasVMSLFacility reports whether the machine supports 14 | // Vector Multiply Sum Logical (VMSL). 15 | func hasVMSLFacility() bool 16 | 17 | var hasVX = hasVectorFacility() 18 | var hasVMSL = hasVMSLFacility() 19 | 20 | // poly1305vx is an assembly implementation of Poly1305 that uses vector 21 | // instructions. It must only be called if the vector facility (vx) is 22 | // available. 23 | //go:noescape 24 | func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]byte) 25 | 26 | // poly1305vmsl is an assembly implementation of Poly1305 that uses vector 27 | // instructions, including VMSL. It must only be called if the vector facility (vx) is 28 | // available and if VMSL is supported. 29 | //go:noescape 30 | func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]byte) 31 | 32 | // Sum generates an authenticator for m using a one-time key and puts the 33 | // 16-byte result into out. Authenticating two different messages with the same 34 | // key allows an attacker to forge messages at will. 35 | func Sum(out *[16]byte, m []byte, key *[32]byte) { 36 | if hasVX { 37 | var mPtr *byte 38 | if len(m) > 0 { 39 | mPtr = &m[0] 40 | } 41 | if hasVMSL && len(m) > 256 { 42 | poly1305vmsl(out, mPtr, uint64(len(m)), key) 43 | } else { 44 | poly1305vx(out, mPtr, uint64(len(m)), key) 45 | } 46 | } else { 47 | sumGeneric(out, m, key) 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/poly1305/sum_s390x.s: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build s390x,go1.11,!gccgo,!appengine 6 | 7 | #include "textflag.h" 8 | 9 | // Implementation of Poly1305 using the vector facility (vx). 10 | 11 | // constants 12 | #define MOD26 V0 13 | #define EX0 V1 14 | #define EX1 V2 15 | #define EX2 V3 16 | 17 | // temporaries 18 | #define T_0 V4 19 | #define T_1 V5 20 | #define T_2 V6 21 | #define T_3 V7 22 | #define T_4 V8 23 | 24 | // key (r) 25 | #define R_0 V9 26 | #define R_1 V10 27 | #define R_2 V11 28 | #define R_3 V12 29 | #define R_4 V13 30 | #define R5_1 V14 31 | #define R5_2 V15 32 | #define R5_3 V16 33 | #define R5_4 V17 34 | #define RSAVE_0 R5 35 | #define RSAVE_1 R6 36 | #define RSAVE_2 R7 37 | #define RSAVE_3 R8 38 | #define RSAVE_4 R9 39 | #define R5SAVE_1 V28 40 | #define R5SAVE_2 V29 41 | #define R5SAVE_3 V30 42 | #define R5SAVE_4 V31 43 | 44 | // message block 45 | #define F_0 V18 46 | #define F_1 V19 47 | #define F_2 V20 48 | #define F_3 V21 49 | #define F_4 V22 50 | 51 | // accumulator 52 | #define H_0 V23 53 | #define H_1 V24 54 | #define H_2 V25 55 | #define H_3 V26 56 | #define H_4 V27 57 | 58 | GLOBL ·keyMask<>(SB), RODATA, $16 59 | DATA ·keyMask<>+0(SB)/8, $0xffffff0ffcffff0f 60 | DATA ·keyMask<>+8(SB)/8, $0xfcffff0ffcffff0f 61 | 62 | GLOBL ·bswapMask<>(SB), RODATA, $16 63 | DATA ·bswapMask<>+0(SB)/8, $0x0f0e0d0c0b0a0908 64 | DATA ·bswapMask<>+8(SB)/8, $0x0706050403020100 65 | 66 | GLOBL ·constants<>(SB), RODATA, $64 67 | // MOD26 68 | DATA ·constants<>+0(SB)/8, $0x3ffffff 69 | DATA ·constants<>+8(SB)/8, $0x3ffffff 70 | // EX0 71 | DATA ·constants<>+16(SB)/8, $0x0006050403020100 72 | DATA ·constants<>+24(SB)/8, $0x1016151413121110 73 | // EX1 74 | DATA ·constants<>+32(SB)/8, $0x060c0b0a09080706 75 | DATA ·constants<>+40(SB)/8, $0x161c1b1a19181716 76 | // EX2 77 | DATA ·constants<>+48(SB)/8, $0x0d0d0d0d0d0f0e0d 78 | DATA ·constants<>+56(SB)/8, $0x1d1d1d1d1d1f1e1d 79 | 80 | // h = (f*g) % (2**130-5) [partial reduction] 81 | #define MULTIPLY(f0, f1, f2, f3, f4, g0, g1, g2, g3, g4, g51, g52, g53, g54, h0, h1, h2, h3, h4) \ 82 | VMLOF f0, g0, h0 \ 83 | VMLOF f0, g1, h1 \ 84 | VMLOF f0, g2, h2 \ 85 | VMLOF f0, g3, h3 \ 86 | VMLOF f0, g4, h4 \ 87 | VMLOF f1, g54, T_0 \ 88 | VMLOF f1, g0, T_1 \ 89 | VMLOF f1, g1, T_2 \ 90 | VMLOF f1, g2, T_3 \ 91 | VMLOF f1, g3, T_4 \ 92 | VMALOF f2, g53, h0, h0 \ 93 | VMALOF f2, g54, h1, h1 \ 94 | VMALOF f2, g0, h2, h2 \ 95 | VMALOF f2, g1, h3, h3 \ 96 | VMALOF f2, g2, h4, h4 \ 97 | VMALOF f3, g52, T_0, T_0 \ 98 | VMALOF f3, g53, T_1, T_1 \ 99 | VMALOF f3, g54, T_2, T_2 \ 100 | VMALOF f3, g0, T_3, T_3 \ 101 | VMALOF f3, g1, T_4, T_4 \ 102 | VMALOF f4, g51, h0, h0 \ 103 | VMALOF f4, g52, h1, h1 \ 104 | VMALOF f4, g53, h2, h2 \ 105 | VMALOF f4, g54, h3, h3 \ 106 | VMALOF f4, g0, h4, h4 \ 107 | VAG T_0, h0, h0 \ 108 | VAG T_1, h1, h1 \ 109 | VAG T_2, h2, h2 \ 110 | VAG T_3, h3, h3 \ 111 | VAG T_4, h4, h4 112 | 113 | // carry h0->h1 h3->h4, h1->h2 h4->h0, h0->h1 h2->h3, h3->h4 114 | #define REDUCE(h0, h1, h2, h3, h4) \ 115 | VESRLG $26, h0, T_0 \ 116 | VESRLG $26, h3, T_1 \ 117 | VN MOD26, h0, h0 \ 118 | VN MOD26, h3, h3 \ 119 | VAG T_0, h1, h1 \ 120 | VAG T_1, h4, h4 \ 121 | VESRLG $26, h1, T_2 \ 122 | VESRLG $26, h4, T_3 \ 123 | VN MOD26, h1, h1 \ 124 | VN MOD26, h4, h4 \ 125 | VESLG $2, T_3, T_4 \ 126 | VAG T_3, T_4, T_4 \ 127 | VAG T_2, h2, h2 \ 128 | VAG T_4, h0, h0 \ 129 | VESRLG $26, h2, T_0 \ 130 | VESRLG $26, h0, T_1 \ 131 | VN MOD26, h2, h2 \ 132 | VN MOD26, h0, h0 \ 133 | VAG T_0, h3, h3 \ 134 | VAG T_1, h1, h1 \ 135 | VESRLG $26, h3, T_2 \ 136 | VN MOD26, h3, h3 \ 137 | VAG T_2, h4, h4 138 | 139 | // expand in0 into d[0] and in1 into d[1] 140 | #define EXPAND(in0, in1, d0, d1, d2, d3, d4) \ 141 | VGBM $0x0707, d1 \ // d1=tmp 142 | VPERM in0, in1, EX2, d4 \ 143 | VPERM in0, in1, EX0, d0 \ 144 | VPERM in0, in1, EX1, d2 \ 145 | VN d1, d4, d4 \ 146 | VESRLG $26, d0, d1 \ 147 | VESRLG $30, d2, d3 \ 148 | VESRLG $4, d2, d2 \ 149 | VN MOD26, d0, d0 \ 150 | VN MOD26, d1, d1 \ 151 | VN MOD26, d2, d2 \ 152 | VN MOD26, d3, d3 153 | 154 | // pack h4:h0 into h1:h0 (no carry) 155 | #define PACK(h0, h1, h2, h3, h4) \ 156 | VESLG $26, h1, h1 \ 157 | VESLG $26, h3, h3 \ 158 | VO h0, h1, h0 \ 159 | VO h2, h3, h2 \ 160 | VESLG $4, h2, h2 \ 161 | VLEIB $7, $48, h1 \ 162 | VSLB h1, h2, h2 \ 163 | VO h0, h2, h0 \ 164 | VLEIB $7, $104, h1 \ 165 | VSLB h1, h4, h3 \ 166 | VO h3, h0, h0 \ 167 | VLEIB $7, $24, h1 \ 168 | VSRLB h1, h4, h1 169 | 170 | // if h > 2**130-5 then h -= 2**130-5 171 | #define MOD(h0, h1, t0, t1, t2) \ 172 | VZERO t0 \ 173 | VLEIG $1, $5, t0 \ 174 | VACCQ h0, t0, t1 \ 175 | VAQ h0, t0, t0 \ 176 | VONE t2 \ 177 | VLEIG $1, $-4, t2 \ 178 | VAQ t2, t1, t1 \ 179 | VACCQ h1, t1, t1 \ 180 | VONE t2 \ 181 | VAQ t2, t1, t1 \ 182 | VN h0, t1, t2 \ 183 | VNC t0, t1, t1 \ 184 | VO t1, t2, h0 185 | 186 | // func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]key) 187 | TEXT ·poly1305vx(SB), $0-32 188 | // This code processes up to 2 blocks (32 bytes) per iteration 189 | // using the algorithm described in: 190 | // NEON crypto, Daniel J. Bernstein & Peter Schwabe 191 | // https://cryptojedi.org/papers/neoncrypto-20120320.pdf 192 | LMG out+0(FP), R1, R4 // R1=out, R2=m, R3=mlen, R4=key 193 | 194 | // load MOD26, EX0, EX1 and EX2 195 | MOVD $·constants<>(SB), R5 196 | VLM (R5), MOD26, EX2 197 | 198 | // setup r 199 | VL (R4), T_0 200 | MOVD $·keyMask<>(SB), R6 201 | VL (R6), T_1 202 | VN T_0, T_1, T_0 203 | EXPAND(T_0, T_0, R_0, R_1, R_2, R_3, R_4) 204 | 205 | // setup r*5 206 | VLEIG $0, $5, T_0 207 | VLEIG $1, $5, T_0 208 | 209 | // store r (for final block) 210 | VMLOF T_0, R_1, R5SAVE_1 211 | VMLOF T_0, R_2, R5SAVE_2 212 | VMLOF T_0, R_3, R5SAVE_3 213 | VMLOF T_0, R_4, R5SAVE_4 214 | VLGVG $0, R_0, RSAVE_0 215 | VLGVG $0, R_1, RSAVE_1 216 | VLGVG $0, R_2, RSAVE_2 217 | VLGVG $0, R_3, RSAVE_3 218 | VLGVG $0, R_4, RSAVE_4 219 | 220 | // skip r**2 calculation 221 | CMPBLE R3, $16, skip 222 | 223 | // calculate r**2 224 | MULTIPLY(R_0, R_1, R_2, R_3, R_4, R_0, R_1, R_2, R_3, R_4, R5SAVE_1, R5SAVE_2, R5SAVE_3, R5SAVE_4, H_0, H_1, H_2, H_3, H_4) 225 | REDUCE(H_0, H_1, H_2, H_3, H_4) 226 | VLEIG $0, $5, T_0 227 | VLEIG $1, $5, T_0 228 | VMLOF T_0, H_1, R5_1 229 | VMLOF T_0, H_2, R5_2 230 | VMLOF T_0, H_3, R5_3 231 | VMLOF T_0, H_4, R5_4 232 | VLR H_0, R_0 233 | VLR H_1, R_1 234 | VLR H_2, R_2 235 | VLR H_3, R_3 236 | VLR H_4, R_4 237 | 238 | // initialize h 239 | VZERO H_0 240 | VZERO H_1 241 | VZERO H_2 242 | VZERO H_3 243 | VZERO H_4 244 | 245 | loop: 246 | CMPBLE R3, $32, b2 247 | VLM (R2), T_0, T_1 248 | SUB $32, R3 249 | MOVD $32(R2), R2 250 | EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4) 251 | VLEIB $4, $1, F_4 252 | VLEIB $12, $1, F_4 253 | 254 | multiply: 255 | VAG H_0, F_0, F_0 256 | VAG H_1, F_1, F_1 257 | VAG H_2, F_2, F_2 258 | VAG H_3, F_3, F_3 259 | VAG H_4, F_4, F_4 260 | MULTIPLY(F_0, F_1, F_2, F_3, F_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, H_0, H_1, H_2, H_3, H_4) 261 | REDUCE(H_0, H_1, H_2, H_3, H_4) 262 | CMPBNE R3, $0, loop 263 | 264 | finish: 265 | // sum vectors 266 | VZERO T_0 267 | VSUMQG H_0, T_0, H_0 268 | VSUMQG H_1, T_0, H_1 269 | VSUMQG H_2, T_0, H_2 270 | VSUMQG H_3, T_0, H_3 271 | VSUMQG H_4, T_0, H_4 272 | 273 | // h may be >= 2*(2**130-5) so we need to reduce it again 274 | REDUCE(H_0, H_1, H_2, H_3, H_4) 275 | 276 | // carry h1->h4 277 | VESRLG $26, H_1, T_1 278 | VN MOD26, H_1, H_1 279 | VAQ T_1, H_2, H_2 280 | VESRLG $26, H_2, T_2 281 | VN MOD26, H_2, H_2 282 | VAQ T_2, H_3, H_3 283 | VESRLG $26, H_3, T_3 284 | VN MOD26, H_3, H_3 285 | VAQ T_3, H_4, H_4 286 | 287 | // h is now < 2*(2**130-5) 288 | // pack h into h1 (hi) and h0 (lo) 289 | PACK(H_0, H_1, H_2, H_3, H_4) 290 | 291 | // if h > 2**130-5 then h -= 2**130-5 292 | MOD(H_0, H_1, T_0, T_1, T_2) 293 | 294 | // h += s 295 | MOVD $·bswapMask<>(SB), R5 296 | VL (R5), T_1 297 | VL 16(R4), T_0 298 | VPERM T_0, T_0, T_1, T_0 // reverse bytes (to big) 299 | VAQ T_0, H_0, H_0 300 | VPERM H_0, H_0, T_1, H_0 // reverse bytes (to little) 301 | VST H_0, (R1) 302 | 303 | RET 304 | 305 | b2: 306 | CMPBLE R3, $16, b1 307 | 308 | // 2 blocks remaining 309 | SUB $17, R3 310 | VL (R2), T_0 311 | VLL R3, 16(R2), T_1 312 | ADD $1, R3 313 | MOVBZ $1, R0 314 | CMPBEQ R3, $16, 2(PC) 315 | VLVGB R3, R0, T_1 316 | EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4) 317 | CMPBNE R3, $16, 2(PC) 318 | VLEIB $12, $1, F_4 319 | VLEIB $4, $1, F_4 320 | 321 | // setup [r²,r] 322 | VLVGG $1, RSAVE_0, R_0 323 | VLVGG $1, RSAVE_1, R_1 324 | VLVGG $1, RSAVE_2, R_2 325 | VLVGG $1, RSAVE_3, R_3 326 | VLVGG $1, RSAVE_4, R_4 327 | VPDI $0, R5_1, R5SAVE_1, R5_1 328 | VPDI $0, R5_2, R5SAVE_2, R5_2 329 | VPDI $0, R5_3, R5SAVE_3, R5_3 330 | VPDI $0, R5_4, R5SAVE_4, R5_4 331 | 332 | MOVD $0, R3 333 | BR multiply 334 | 335 | skip: 336 | VZERO H_0 337 | VZERO H_1 338 | VZERO H_2 339 | VZERO H_3 340 | VZERO H_4 341 | 342 | CMPBEQ R3, $0, finish 343 | 344 | b1: 345 | // 1 block remaining 346 | SUB $1, R3 347 | VLL R3, (R2), T_0 348 | ADD $1, R3 349 | MOVBZ $1, R0 350 | CMPBEQ R3, $16, 2(PC) 351 | VLVGB R3, R0, T_0 352 | VZERO T_1 353 | EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4) 354 | CMPBNE R3, $16, 2(PC) 355 | VLEIB $4, $1, F_4 356 | VLEIG $1, $1, R_0 357 | VZERO R_1 358 | VZERO R_2 359 | VZERO R_3 360 | VZERO R_4 361 | VZERO R5_1 362 | VZERO R5_2 363 | VZERO R5_3 364 | VZERO R5_4 365 | 366 | // setup [r, 1] 367 | VLVGG $0, RSAVE_0, R_0 368 | VLVGG $0, RSAVE_1, R_1 369 | VLVGG $0, RSAVE_2, R_2 370 | VLVGG $0, RSAVE_3, R_3 371 | VLVGG $0, RSAVE_4, R_4 372 | VPDI $0, R5SAVE_1, R5_1, R5_1 373 | VPDI $0, R5SAVE_2, R5_2, R5_2 374 | VPDI $0, R5SAVE_3, R5_3, R5_3 375 | VPDI $0, R5SAVE_4, R5_4, R5_4 376 | 377 | MOVD $0, R3 378 | BR multiply 379 | 380 | TEXT ·hasVectorFacility(SB), NOSPLIT, $24-1 381 | MOVD $x-24(SP), R1 382 | XC $24, 0(R1), 0(R1) // clear the storage 383 | MOVD $2, R0 // R0 is the number of double words stored -1 384 | WORD $0xB2B01000 // STFLE 0(R1) 385 | XOR R0, R0 // reset the value of R0 386 | MOVBZ z-8(SP), R1 387 | AND $0x40, R1 388 | BEQ novector 389 | 390 | vectorinstalled: 391 | // check if the vector instruction has been enabled 392 | VLEIB $0, $0xF, V16 393 | VLGVB $0, V16, R1 394 | CMPBNE R1, $0xF, novector 395 | MOVB $1, ret+0(FP) // have vx 396 | RET 397 | 398 | novector: 399 | MOVB $0, ret+0(FP) // no vx 400 | RET 401 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go: -------------------------------------------------------------------------------- 1 | // Copyright 2012 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // Package salsa provides low-level access to functions in the Salsa family. 6 | package salsa // import "golang.org/x/crypto/salsa20/salsa" 7 | 8 | // Sigma is the Salsa20 constant for 256-bit keys. 9 | var Sigma = [16]byte{'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2', '-', 'b', 'y', 't', 'e', ' ', 'k'} 10 | 11 | // HSalsa20 applies the HSalsa20 core function to a 16-byte input in, 32-byte 12 | // key k, and 16-byte constant c, and puts the result into the 32-byte array 13 | // out. 14 | func HSalsa20(out *[32]byte, in *[16]byte, k *[32]byte, c *[16]byte) { 15 | x0 := uint32(c[0]) | uint32(c[1])<<8 | uint32(c[2])<<16 | uint32(c[3])<<24 16 | x1 := uint32(k[0]) | uint32(k[1])<<8 | uint32(k[2])<<16 | uint32(k[3])<<24 17 | x2 := uint32(k[4]) | uint32(k[5])<<8 | uint32(k[6])<<16 | uint32(k[7])<<24 18 | x3 := uint32(k[8]) | uint32(k[9])<<8 | uint32(k[10])<<16 | uint32(k[11])<<24 19 | x4 := uint32(k[12]) | uint32(k[13])<<8 | uint32(k[14])<<16 | uint32(k[15])<<24 20 | x5 := uint32(c[4]) | uint32(c[5])<<8 | uint32(c[6])<<16 | uint32(c[7])<<24 21 | x6 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24 22 | x7 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24 23 | x8 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24 24 | x9 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24 25 | x10 := uint32(c[8]) | uint32(c[9])<<8 | uint32(c[10])<<16 | uint32(c[11])<<24 26 | x11 := uint32(k[16]) | uint32(k[17])<<8 | uint32(k[18])<<16 | uint32(k[19])<<24 27 | x12 := uint32(k[20]) | uint32(k[21])<<8 | uint32(k[22])<<16 | uint32(k[23])<<24 28 | x13 := uint32(k[24]) | uint32(k[25])<<8 | uint32(k[26])<<16 | uint32(k[27])<<24 29 | x14 := uint32(k[28]) | uint32(k[29])<<8 | uint32(k[30])<<16 | uint32(k[31])<<24 30 | x15 := uint32(c[12]) | uint32(c[13])<<8 | uint32(c[14])<<16 | uint32(c[15])<<24 31 | 32 | for i := 0; i < 20; i += 2 { 33 | u := x0 + x12 34 | x4 ^= u<<7 | u>>(32-7) 35 | u = x4 + x0 36 | x8 ^= u<<9 | u>>(32-9) 37 | u = x8 + x4 38 | x12 ^= u<<13 | u>>(32-13) 39 | u = x12 + x8 40 | x0 ^= u<<18 | u>>(32-18) 41 | 42 | u = x5 + x1 43 | x9 ^= u<<7 | u>>(32-7) 44 | u = x9 + x5 45 | x13 ^= u<<9 | u>>(32-9) 46 | u = x13 + x9 47 | x1 ^= u<<13 | u>>(32-13) 48 | u = x1 + x13 49 | x5 ^= u<<18 | u>>(32-18) 50 | 51 | u = x10 + x6 52 | x14 ^= u<<7 | u>>(32-7) 53 | u = x14 + x10 54 | x2 ^= u<<9 | u>>(32-9) 55 | u = x2 + x14 56 | x6 ^= u<<13 | u>>(32-13) 57 | u = x6 + x2 58 | x10 ^= u<<18 | u>>(32-18) 59 | 60 | u = x15 + x11 61 | x3 ^= u<<7 | u>>(32-7) 62 | u = x3 + x15 63 | x7 ^= u<<9 | u>>(32-9) 64 | u = x7 + x3 65 | x11 ^= u<<13 | u>>(32-13) 66 | u = x11 + x7 67 | x15 ^= u<<18 | u>>(32-18) 68 | 69 | u = x0 + x3 70 | x1 ^= u<<7 | u>>(32-7) 71 | u = x1 + x0 72 | x2 ^= u<<9 | u>>(32-9) 73 | u = x2 + x1 74 | x3 ^= u<<13 | u>>(32-13) 75 | u = x3 + x2 76 | x0 ^= u<<18 | u>>(32-18) 77 | 78 | u = x5 + x4 79 | x6 ^= u<<7 | u>>(32-7) 80 | u = x6 + x5 81 | x7 ^= u<<9 | u>>(32-9) 82 | u = x7 + x6 83 | x4 ^= u<<13 | u>>(32-13) 84 | u = x4 + x7 85 | x5 ^= u<<18 | u>>(32-18) 86 | 87 | u = x10 + x9 88 | x11 ^= u<<7 | u>>(32-7) 89 | u = x11 + x10 90 | x8 ^= u<<9 | u>>(32-9) 91 | u = x8 + x11 92 | x9 ^= u<<13 | u>>(32-13) 93 | u = x9 + x8 94 | x10 ^= u<<18 | u>>(32-18) 95 | 96 | u = x15 + x14 97 | x12 ^= u<<7 | u>>(32-7) 98 | u = x12 + x15 99 | x13 ^= u<<9 | u>>(32-9) 100 | u = x13 + x12 101 | x14 ^= u<<13 | u>>(32-13) 102 | u = x14 + x13 103 | x15 ^= u<<18 | u>>(32-18) 104 | } 105 | out[0] = byte(x0) 106 | out[1] = byte(x0 >> 8) 107 | out[2] = byte(x0 >> 16) 108 | out[3] = byte(x0 >> 24) 109 | 110 | out[4] = byte(x5) 111 | out[5] = byte(x5 >> 8) 112 | out[6] = byte(x5 >> 16) 113 | out[7] = byte(x5 >> 24) 114 | 115 | out[8] = byte(x10) 116 | out[9] = byte(x10 >> 8) 117 | out[10] = byte(x10 >> 16) 118 | out[11] = byte(x10 >> 24) 119 | 120 | out[12] = byte(x15) 121 | out[13] = byte(x15 >> 8) 122 | out[14] = byte(x15 >> 16) 123 | out[15] = byte(x15 >> 24) 124 | 125 | out[16] = byte(x6) 126 | out[17] = byte(x6 >> 8) 127 | out[18] = byte(x6 >> 16) 128 | out[19] = byte(x6 >> 24) 129 | 130 | out[20] = byte(x7) 131 | out[21] = byte(x7 >> 8) 132 | out[22] = byte(x7 >> 16) 133 | out[23] = byte(x7 >> 24) 134 | 135 | out[24] = byte(x8) 136 | out[25] = byte(x8 >> 8) 137 | out[26] = byte(x8 >> 16) 138 | out[27] = byte(x8 >> 24) 139 | 140 | out[28] = byte(x9) 141 | out[29] = byte(x9 >> 8) 142 | out[30] = byte(x9 >> 16) 143 | out[31] = byte(x9 >> 24) 144 | } 145 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go: -------------------------------------------------------------------------------- 1 | // Copyright 2012 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | package salsa 6 | 7 | // Core208 applies the Salsa20/8 core function to the 64-byte array in and puts 8 | // the result into the 64-byte array out. The input and output may be the same array. 9 | func Core208(out *[64]byte, in *[64]byte) { 10 | j0 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24 11 | j1 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24 12 | j2 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24 13 | j3 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24 14 | j4 := uint32(in[16]) | uint32(in[17])<<8 | uint32(in[18])<<16 | uint32(in[19])<<24 15 | j5 := uint32(in[20]) | uint32(in[21])<<8 | uint32(in[22])<<16 | uint32(in[23])<<24 16 | j6 := uint32(in[24]) | uint32(in[25])<<8 | uint32(in[26])<<16 | uint32(in[27])<<24 17 | j7 := uint32(in[28]) | uint32(in[29])<<8 | uint32(in[30])<<16 | uint32(in[31])<<24 18 | j8 := uint32(in[32]) | uint32(in[33])<<8 | uint32(in[34])<<16 | uint32(in[35])<<24 19 | j9 := uint32(in[36]) | uint32(in[37])<<8 | uint32(in[38])<<16 | uint32(in[39])<<24 20 | j10 := uint32(in[40]) | uint32(in[41])<<8 | uint32(in[42])<<16 | uint32(in[43])<<24 21 | j11 := uint32(in[44]) | uint32(in[45])<<8 | uint32(in[46])<<16 | uint32(in[47])<<24 22 | j12 := uint32(in[48]) | uint32(in[49])<<8 | uint32(in[50])<<16 | uint32(in[51])<<24 23 | j13 := uint32(in[52]) | uint32(in[53])<<8 | uint32(in[54])<<16 | uint32(in[55])<<24 24 | j14 := uint32(in[56]) | uint32(in[57])<<8 | uint32(in[58])<<16 | uint32(in[59])<<24 25 | j15 := uint32(in[60]) | uint32(in[61])<<8 | uint32(in[62])<<16 | uint32(in[63])<<24 26 | 27 | x0, x1, x2, x3, x4, x5, x6, x7, x8 := j0, j1, j2, j3, j4, j5, j6, j7, j8 28 | x9, x10, x11, x12, x13, x14, x15 := j9, j10, j11, j12, j13, j14, j15 29 | 30 | for i := 0; i < 8; i += 2 { 31 | u := x0 + x12 32 | x4 ^= u<<7 | u>>(32-7) 33 | u = x4 + x0 34 | x8 ^= u<<9 | u>>(32-9) 35 | u = x8 + x4 36 | x12 ^= u<<13 | u>>(32-13) 37 | u = x12 + x8 38 | x0 ^= u<<18 | u>>(32-18) 39 | 40 | u = x5 + x1 41 | x9 ^= u<<7 | u>>(32-7) 42 | u = x9 + x5 43 | x13 ^= u<<9 | u>>(32-9) 44 | u = x13 + x9 45 | x1 ^= u<<13 | u>>(32-13) 46 | u = x1 + x13 47 | x5 ^= u<<18 | u>>(32-18) 48 | 49 | u = x10 + x6 50 | x14 ^= u<<7 | u>>(32-7) 51 | u = x14 + x10 52 | x2 ^= u<<9 | u>>(32-9) 53 | u = x2 + x14 54 | x6 ^= u<<13 | u>>(32-13) 55 | u = x6 + x2 56 | x10 ^= u<<18 | u>>(32-18) 57 | 58 | u = x15 + x11 59 | x3 ^= u<<7 | u>>(32-7) 60 | u = x3 + x15 61 | x7 ^= u<<9 | u>>(32-9) 62 | u = x7 + x3 63 | x11 ^= u<<13 | u>>(32-13) 64 | u = x11 + x7 65 | x15 ^= u<<18 | u>>(32-18) 66 | 67 | u = x0 + x3 68 | x1 ^= u<<7 | u>>(32-7) 69 | u = x1 + x0 70 | x2 ^= u<<9 | u>>(32-9) 71 | u = x2 + x1 72 | x3 ^= u<<13 | u>>(32-13) 73 | u = x3 + x2 74 | x0 ^= u<<18 | u>>(32-18) 75 | 76 | u = x5 + x4 77 | x6 ^= u<<7 | u>>(32-7) 78 | u = x6 + x5 79 | x7 ^= u<<9 | u>>(32-9) 80 | u = x7 + x6 81 | x4 ^= u<<13 | u>>(32-13) 82 | u = x4 + x7 83 | x5 ^= u<<18 | u>>(32-18) 84 | 85 | u = x10 + x9 86 | x11 ^= u<<7 | u>>(32-7) 87 | u = x11 + x10 88 | x8 ^= u<<9 | u>>(32-9) 89 | u = x8 + x11 90 | x9 ^= u<<13 | u>>(32-13) 91 | u = x9 + x8 92 | x10 ^= u<<18 | u>>(32-18) 93 | 94 | u = x15 + x14 95 | x12 ^= u<<7 | u>>(32-7) 96 | u = x12 + x15 97 | x13 ^= u<<9 | u>>(32-9) 98 | u = x13 + x12 99 | x14 ^= u<<13 | u>>(32-13) 100 | u = x14 + x13 101 | x15 ^= u<<18 | u>>(32-18) 102 | } 103 | x0 += j0 104 | x1 += j1 105 | x2 += j2 106 | x3 += j3 107 | x4 += j4 108 | x5 += j5 109 | x6 += j6 110 | x7 += j7 111 | x8 += j8 112 | x9 += j9 113 | x10 += j10 114 | x11 += j11 115 | x12 += j12 116 | x13 += j13 117 | x14 += j14 118 | x15 += j15 119 | 120 | out[0] = byte(x0) 121 | out[1] = byte(x0 >> 8) 122 | out[2] = byte(x0 >> 16) 123 | out[3] = byte(x0 >> 24) 124 | 125 | out[4] = byte(x1) 126 | out[5] = byte(x1 >> 8) 127 | out[6] = byte(x1 >> 16) 128 | out[7] = byte(x1 >> 24) 129 | 130 | out[8] = byte(x2) 131 | out[9] = byte(x2 >> 8) 132 | out[10] = byte(x2 >> 16) 133 | out[11] = byte(x2 >> 24) 134 | 135 | out[12] = byte(x3) 136 | out[13] = byte(x3 >> 8) 137 | out[14] = byte(x3 >> 16) 138 | out[15] = byte(x3 >> 24) 139 | 140 | out[16] = byte(x4) 141 | out[17] = byte(x4 >> 8) 142 | out[18] = byte(x4 >> 16) 143 | out[19] = byte(x4 >> 24) 144 | 145 | out[20] = byte(x5) 146 | out[21] = byte(x5 >> 8) 147 | out[22] = byte(x5 >> 16) 148 | out[23] = byte(x5 >> 24) 149 | 150 | out[24] = byte(x6) 151 | out[25] = byte(x6 >> 8) 152 | out[26] = byte(x6 >> 16) 153 | out[27] = byte(x6 >> 24) 154 | 155 | out[28] = byte(x7) 156 | out[29] = byte(x7 >> 8) 157 | out[30] = byte(x7 >> 16) 158 | out[31] = byte(x7 >> 24) 159 | 160 | out[32] = byte(x8) 161 | out[33] = byte(x8 >> 8) 162 | out[34] = byte(x8 >> 16) 163 | out[35] = byte(x8 >> 24) 164 | 165 | out[36] = byte(x9) 166 | out[37] = byte(x9 >> 8) 167 | out[38] = byte(x9 >> 16) 168 | out[39] = byte(x9 >> 24) 169 | 170 | out[40] = byte(x10) 171 | out[41] = byte(x10 >> 8) 172 | out[42] = byte(x10 >> 16) 173 | out[43] = byte(x10 >> 24) 174 | 175 | out[44] = byte(x11) 176 | out[45] = byte(x11 >> 8) 177 | out[46] = byte(x11 >> 16) 178 | out[47] = byte(x11 >> 24) 179 | 180 | out[48] = byte(x12) 181 | out[49] = byte(x12 >> 8) 182 | out[50] = byte(x12 >> 16) 183 | out[51] = byte(x12 >> 24) 184 | 185 | out[52] = byte(x13) 186 | out[53] = byte(x13 >> 8) 187 | out[54] = byte(x13 >> 16) 188 | out[55] = byte(x13 >> 24) 189 | 190 | out[56] = byte(x14) 191 | out[57] = byte(x14 >> 8) 192 | out[58] = byte(x14 >> 16) 193 | out[59] = byte(x14 >> 24) 194 | 195 | out[60] = byte(x15) 196 | out[61] = byte(x15 >> 8) 197 | out[62] = byte(x15 >> 16) 198 | out[63] = byte(x15 >> 24) 199 | } 200 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go: -------------------------------------------------------------------------------- 1 | // Copyright 2012 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build amd64,!appengine,!gccgo 6 | 7 | package salsa 8 | 9 | // This function is implemented in salsa2020_amd64.s. 10 | 11 | //go:noescape 12 | 13 | func salsa2020XORKeyStream(out, in *byte, n uint64, nonce, key *byte) 14 | 15 | // XORKeyStream crypts bytes from in to out using the given key and counters. 16 | // In and out must overlap entirely or not at all. Counter 17 | // contains the raw salsa20 counter bytes (both nonce and block counter). 18 | func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) { 19 | if len(in) == 0 { 20 | return 21 | } 22 | _ = out[len(in)-1] 23 | salsa2020XORKeyStream(&out[0], &in[0], uint64(len(in)), &counter[0], &key[0]) 24 | } 25 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go: -------------------------------------------------------------------------------- 1 | // Copyright 2012 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build !amd64 appengine gccgo 6 | 7 | package salsa 8 | 9 | const rounds = 20 10 | 11 | // core applies the Salsa20 core function to 16-byte input in, 32-byte key k, 12 | // and 16-byte constant c, and puts the result into 64-byte array out. 13 | func core(out *[64]byte, in *[16]byte, k *[32]byte, c *[16]byte) { 14 | j0 := uint32(c[0]) | uint32(c[1])<<8 | uint32(c[2])<<16 | uint32(c[3])<<24 15 | j1 := uint32(k[0]) | uint32(k[1])<<8 | uint32(k[2])<<16 | uint32(k[3])<<24 16 | j2 := uint32(k[4]) | uint32(k[5])<<8 | uint32(k[6])<<16 | uint32(k[7])<<24 17 | j3 := uint32(k[8]) | uint32(k[9])<<8 | uint32(k[10])<<16 | uint32(k[11])<<24 18 | j4 := uint32(k[12]) | uint32(k[13])<<8 | uint32(k[14])<<16 | uint32(k[15])<<24 19 | j5 := uint32(c[4]) | uint32(c[5])<<8 | uint32(c[6])<<16 | uint32(c[7])<<24 20 | j6 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24 21 | j7 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24 22 | j8 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24 23 | j9 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24 24 | j10 := uint32(c[8]) | uint32(c[9])<<8 | uint32(c[10])<<16 | uint32(c[11])<<24 25 | j11 := uint32(k[16]) | uint32(k[17])<<8 | uint32(k[18])<<16 | uint32(k[19])<<24 26 | j12 := uint32(k[20]) | uint32(k[21])<<8 | uint32(k[22])<<16 | uint32(k[23])<<24 27 | j13 := uint32(k[24]) | uint32(k[25])<<8 | uint32(k[26])<<16 | uint32(k[27])<<24 28 | j14 := uint32(k[28]) | uint32(k[29])<<8 | uint32(k[30])<<16 | uint32(k[31])<<24 29 | j15 := uint32(c[12]) | uint32(c[13])<<8 | uint32(c[14])<<16 | uint32(c[15])<<24 30 | 31 | x0, x1, x2, x3, x4, x5, x6, x7, x8 := j0, j1, j2, j3, j4, j5, j6, j7, j8 32 | x9, x10, x11, x12, x13, x14, x15 := j9, j10, j11, j12, j13, j14, j15 33 | 34 | for i := 0; i < rounds; i += 2 { 35 | u := x0 + x12 36 | x4 ^= u<<7 | u>>(32-7) 37 | u = x4 + x0 38 | x8 ^= u<<9 | u>>(32-9) 39 | u = x8 + x4 40 | x12 ^= u<<13 | u>>(32-13) 41 | u = x12 + x8 42 | x0 ^= u<<18 | u>>(32-18) 43 | 44 | u = x5 + x1 45 | x9 ^= u<<7 | u>>(32-7) 46 | u = x9 + x5 47 | x13 ^= u<<9 | u>>(32-9) 48 | u = x13 + x9 49 | x1 ^= u<<13 | u>>(32-13) 50 | u = x1 + x13 51 | x5 ^= u<<18 | u>>(32-18) 52 | 53 | u = x10 + x6 54 | x14 ^= u<<7 | u>>(32-7) 55 | u = x14 + x10 56 | x2 ^= u<<9 | u>>(32-9) 57 | u = x2 + x14 58 | x6 ^= u<<13 | u>>(32-13) 59 | u = x6 + x2 60 | x10 ^= u<<18 | u>>(32-18) 61 | 62 | u = x15 + x11 63 | x3 ^= u<<7 | u>>(32-7) 64 | u = x3 + x15 65 | x7 ^= u<<9 | u>>(32-9) 66 | u = x7 + x3 67 | x11 ^= u<<13 | u>>(32-13) 68 | u = x11 + x7 69 | x15 ^= u<<18 | u>>(32-18) 70 | 71 | u = x0 + x3 72 | x1 ^= u<<7 | u>>(32-7) 73 | u = x1 + x0 74 | x2 ^= u<<9 | u>>(32-9) 75 | u = x2 + x1 76 | x3 ^= u<<13 | u>>(32-13) 77 | u = x3 + x2 78 | x0 ^= u<<18 | u>>(32-18) 79 | 80 | u = x5 + x4 81 | x6 ^= u<<7 | u>>(32-7) 82 | u = x6 + x5 83 | x7 ^= u<<9 | u>>(32-9) 84 | u = x7 + x6 85 | x4 ^= u<<13 | u>>(32-13) 86 | u = x4 + x7 87 | x5 ^= u<<18 | u>>(32-18) 88 | 89 | u = x10 + x9 90 | x11 ^= u<<7 | u>>(32-7) 91 | u = x11 + x10 92 | x8 ^= u<<9 | u>>(32-9) 93 | u = x8 + x11 94 | x9 ^= u<<13 | u>>(32-13) 95 | u = x9 + x8 96 | x10 ^= u<<18 | u>>(32-18) 97 | 98 | u = x15 + x14 99 | x12 ^= u<<7 | u>>(32-7) 100 | u = x12 + x15 101 | x13 ^= u<<9 | u>>(32-9) 102 | u = x13 + x12 103 | x14 ^= u<<13 | u>>(32-13) 104 | u = x14 + x13 105 | x15 ^= u<<18 | u>>(32-18) 106 | } 107 | x0 += j0 108 | x1 += j1 109 | x2 += j2 110 | x3 += j3 111 | x4 += j4 112 | x5 += j5 113 | x6 += j6 114 | x7 += j7 115 | x8 += j8 116 | x9 += j9 117 | x10 += j10 118 | x11 += j11 119 | x12 += j12 120 | x13 += j13 121 | x14 += j14 122 | x15 += j15 123 | 124 | out[0] = byte(x0) 125 | out[1] = byte(x0 >> 8) 126 | out[2] = byte(x0 >> 16) 127 | out[3] = byte(x0 >> 24) 128 | 129 | out[4] = byte(x1) 130 | out[5] = byte(x1 >> 8) 131 | out[6] = byte(x1 >> 16) 132 | out[7] = byte(x1 >> 24) 133 | 134 | out[8] = byte(x2) 135 | out[9] = byte(x2 >> 8) 136 | out[10] = byte(x2 >> 16) 137 | out[11] = byte(x2 >> 24) 138 | 139 | out[12] = byte(x3) 140 | out[13] = byte(x3 >> 8) 141 | out[14] = byte(x3 >> 16) 142 | out[15] = byte(x3 >> 24) 143 | 144 | out[16] = byte(x4) 145 | out[17] = byte(x4 >> 8) 146 | out[18] = byte(x4 >> 16) 147 | out[19] = byte(x4 >> 24) 148 | 149 | out[20] = byte(x5) 150 | out[21] = byte(x5 >> 8) 151 | out[22] = byte(x5 >> 16) 152 | out[23] = byte(x5 >> 24) 153 | 154 | out[24] = byte(x6) 155 | out[25] = byte(x6 >> 8) 156 | out[26] = byte(x6 >> 16) 157 | out[27] = byte(x6 >> 24) 158 | 159 | out[28] = byte(x7) 160 | out[29] = byte(x7 >> 8) 161 | out[30] = byte(x7 >> 16) 162 | out[31] = byte(x7 >> 24) 163 | 164 | out[32] = byte(x8) 165 | out[33] = byte(x8 >> 8) 166 | out[34] = byte(x8 >> 16) 167 | out[35] = byte(x8 >> 24) 168 | 169 | out[36] = byte(x9) 170 | out[37] = byte(x9 >> 8) 171 | out[38] = byte(x9 >> 16) 172 | out[39] = byte(x9 >> 24) 173 | 174 | out[40] = byte(x10) 175 | out[41] = byte(x10 >> 8) 176 | out[42] = byte(x10 >> 16) 177 | out[43] = byte(x10 >> 24) 178 | 179 | out[44] = byte(x11) 180 | out[45] = byte(x11 >> 8) 181 | out[46] = byte(x11 >> 16) 182 | out[47] = byte(x11 >> 24) 183 | 184 | out[48] = byte(x12) 185 | out[49] = byte(x12 >> 8) 186 | out[50] = byte(x12 >> 16) 187 | out[51] = byte(x12 >> 24) 188 | 189 | out[52] = byte(x13) 190 | out[53] = byte(x13 >> 8) 191 | out[54] = byte(x13 >> 16) 192 | out[55] = byte(x13 >> 24) 193 | 194 | out[56] = byte(x14) 195 | out[57] = byte(x14 >> 8) 196 | out[58] = byte(x14 >> 16) 197 | out[59] = byte(x14 >> 24) 198 | 199 | out[60] = byte(x15) 200 | out[61] = byte(x15 >> 8) 201 | out[62] = byte(x15 >> 16) 202 | out[63] = byte(x15 >> 24) 203 | } 204 | 205 | // XORKeyStream crypts bytes from in to out using the given key and counters. 206 | // In and out must overlap entirely or not at all. Counter 207 | // contains the raw salsa20 counter bytes (both nonce and block counter). 208 | func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) { 209 | var block [64]byte 210 | var counterCopy [16]byte 211 | copy(counterCopy[:], counter[:]) 212 | 213 | for len(in) >= 64 { 214 | core(&block, &counterCopy, key, &Sigma) 215 | for i, x := range block { 216 | out[i] = in[i] ^ x 217 | } 218 | u := uint32(1) 219 | for i := 8; i < 16; i++ { 220 | u += uint32(counterCopy[i]) 221 | counterCopy[i] = byte(u) 222 | u >>= 8 223 | } 224 | in = in[64:] 225 | out = out[64:] 226 | } 227 | 228 | if len(in) > 0 { 229 | core(&block, &counterCopy, key, &Sigma) 230 | for i, v := range in { 231 | out[i] = v ^ block[i] 232 | } 233 | } 234 | } 235 | -------------------------------------------------------------------------------- /vendor/golang.org/x/crypto/scrypt/scrypt.go: -------------------------------------------------------------------------------- 1 | // Copyright 2012 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // Package scrypt implements the scrypt key derivation function as defined in 6 | // Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard 7 | // Functions" (https://www.tarsnap.com/scrypt/scrypt.pdf). 8 | package scrypt // import "golang.org/x/crypto/scrypt" 9 | 10 | import ( 11 | "crypto/sha256" 12 | "errors" 13 | 14 | "golang.org/x/crypto/pbkdf2" 15 | ) 16 | 17 | const maxInt = int(^uint(0) >> 1) 18 | 19 | // blockCopy copies n numbers from src into dst. 20 | func blockCopy(dst, src []uint32, n int) { 21 | copy(dst, src[:n]) 22 | } 23 | 24 | // blockXOR XORs numbers from dst with n numbers from src. 25 | func blockXOR(dst, src []uint32, n int) { 26 | for i, v := range src[:n] { 27 | dst[i] ^= v 28 | } 29 | } 30 | 31 | // salsaXOR applies Salsa20/8 to the XOR of 16 numbers from tmp and in, 32 | // and puts the result into both tmp and out. 33 | func salsaXOR(tmp *[16]uint32, in, out []uint32) { 34 | w0 := tmp[0] ^ in[0] 35 | w1 := tmp[1] ^ in[1] 36 | w2 := tmp[2] ^ in[2] 37 | w3 := tmp[3] ^ in[3] 38 | w4 := tmp[4] ^ in[4] 39 | w5 := tmp[5] ^ in[5] 40 | w6 := tmp[6] ^ in[6] 41 | w7 := tmp[7] ^ in[7] 42 | w8 := tmp[8] ^ in[8] 43 | w9 := tmp[9] ^ in[9] 44 | w10 := tmp[10] ^ in[10] 45 | w11 := tmp[11] ^ in[11] 46 | w12 := tmp[12] ^ in[12] 47 | w13 := tmp[13] ^ in[13] 48 | w14 := tmp[14] ^ in[14] 49 | w15 := tmp[15] ^ in[15] 50 | 51 | x0, x1, x2, x3, x4, x5, x6, x7, x8 := w0, w1, w2, w3, w4, w5, w6, w7, w8 52 | x9, x10, x11, x12, x13, x14, x15 := w9, w10, w11, w12, w13, w14, w15 53 | 54 | for i := 0; i < 8; i += 2 { 55 | u := x0 + x12 56 | x4 ^= u<<7 | u>>(32-7) 57 | u = x4 + x0 58 | x8 ^= u<<9 | u>>(32-9) 59 | u = x8 + x4 60 | x12 ^= u<<13 | u>>(32-13) 61 | u = x12 + x8 62 | x0 ^= u<<18 | u>>(32-18) 63 | 64 | u = x5 + x1 65 | x9 ^= u<<7 | u>>(32-7) 66 | u = x9 + x5 67 | x13 ^= u<<9 | u>>(32-9) 68 | u = x13 + x9 69 | x1 ^= u<<13 | u>>(32-13) 70 | u = x1 + x13 71 | x5 ^= u<<18 | u>>(32-18) 72 | 73 | u = x10 + x6 74 | x14 ^= u<<7 | u>>(32-7) 75 | u = x14 + x10 76 | x2 ^= u<<9 | u>>(32-9) 77 | u = x2 + x14 78 | x6 ^= u<<13 | u>>(32-13) 79 | u = x6 + x2 80 | x10 ^= u<<18 | u>>(32-18) 81 | 82 | u = x15 + x11 83 | x3 ^= u<<7 | u>>(32-7) 84 | u = x3 + x15 85 | x7 ^= u<<9 | u>>(32-9) 86 | u = x7 + x3 87 | x11 ^= u<<13 | u>>(32-13) 88 | u = x11 + x7 89 | x15 ^= u<<18 | u>>(32-18) 90 | 91 | u = x0 + x3 92 | x1 ^= u<<7 | u>>(32-7) 93 | u = x1 + x0 94 | x2 ^= u<<9 | u>>(32-9) 95 | u = x2 + x1 96 | x3 ^= u<<13 | u>>(32-13) 97 | u = x3 + x2 98 | x0 ^= u<<18 | u>>(32-18) 99 | 100 | u = x5 + x4 101 | x6 ^= u<<7 | u>>(32-7) 102 | u = x6 + x5 103 | x7 ^= u<<9 | u>>(32-9) 104 | u = x7 + x6 105 | x4 ^= u<<13 | u>>(32-13) 106 | u = x4 + x7 107 | x5 ^= u<<18 | u>>(32-18) 108 | 109 | u = x10 + x9 110 | x11 ^= u<<7 | u>>(32-7) 111 | u = x11 + x10 112 | x8 ^= u<<9 | u>>(32-9) 113 | u = x8 + x11 114 | x9 ^= u<<13 | u>>(32-13) 115 | u = x9 + x8 116 | x10 ^= u<<18 | u>>(32-18) 117 | 118 | u = x15 + x14 119 | x12 ^= u<<7 | u>>(32-7) 120 | u = x12 + x15 121 | x13 ^= u<<9 | u>>(32-9) 122 | u = x13 + x12 123 | x14 ^= u<<13 | u>>(32-13) 124 | u = x14 + x13 125 | x15 ^= u<<18 | u>>(32-18) 126 | } 127 | x0 += w0 128 | x1 += w1 129 | x2 += w2 130 | x3 += w3 131 | x4 += w4 132 | x5 += w5 133 | x6 += w6 134 | x7 += w7 135 | x8 += w8 136 | x9 += w9 137 | x10 += w10 138 | x11 += w11 139 | x12 += w12 140 | x13 += w13 141 | x14 += w14 142 | x15 += w15 143 | 144 | out[0], tmp[0] = x0, x0 145 | out[1], tmp[1] = x1, x1 146 | out[2], tmp[2] = x2, x2 147 | out[3], tmp[3] = x3, x3 148 | out[4], tmp[4] = x4, x4 149 | out[5], tmp[5] = x5, x5 150 | out[6], tmp[6] = x6, x6 151 | out[7], tmp[7] = x7, x7 152 | out[8], tmp[8] = x8, x8 153 | out[9], tmp[9] = x9, x9 154 | out[10], tmp[10] = x10, x10 155 | out[11], tmp[11] = x11, x11 156 | out[12], tmp[12] = x12, x12 157 | out[13], tmp[13] = x13, x13 158 | out[14], tmp[14] = x14, x14 159 | out[15], tmp[15] = x15, x15 160 | } 161 | 162 | func blockMix(tmp *[16]uint32, in, out []uint32, r int) { 163 | blockCopy(tmp[:], in[(2*r-1)*16:], 16) 164 | for i := 0; i < 2*r; i += 2 { 165 | salsaXOR(tmp, in[i*16:], out[i*8:]) 166 | salsaXOR(tmp, in[i*16+16:], out[i*8+r*16:]) 167 | } 168 | } 169 | 170 | func integer(b []uint32, r int) uint64 { 171 | j := (2*r - 1) * 16 172 | return uint64(b[j]) | uint64(b[j+1])<<32 173 | } 174 | 175 | func smix(b []byte, r, N int, v, xy []uint32) { 176 | var tmp [16]uint32 177 | x := xy 178 | y := xy[32*r:] 179 | 180 | j := 0 181 | for i := 0; i < 32*r; i++ { 182 | x[i] = uint32(b[j]) | uint32(b[j+1])<<8 | uint32(b[j+2])<<16 | uint32(b[j+3])<<24 183 | j += 4 184 | } 185 | for i := 0; i < N; i += 2 { 186 | blockCopy(v[i*(32*r):], x, 32*r) 187 | blockMix(&tmp, x, y, r) 188 | 189 | blockCopy(v[(i+1)*(32*r):], y, 32*r) 190 | blockMix(&tmp, y, x, r) 191 | } 192 | for i := 0; i < N; i += 2 { 193 | j := int(integer(x, r) & uint64(N-1)) 194 | blockXOR(x, v[j*(32*r):], 32*r) 195 | blockMix(&tmp, x, y, r) 196 | 197 | j = int(integer(y, r) & uint64(N-1)) 198 | blockXOR(y, v[j*(32*r):], 32*r) 199 | blockMix(&tmp, y, x, r) 200 | } 201 | j = 0 202 | for _, v := range x[:32*r] { 203 | b[j+0] = byte(v >> 0) 204 | b[j+1] = byte(v >> 8) 205 | b[j+2] = byte(v >> 16) 206 | b[j+3] = byte(v >> 24) 207 | j += 4 208 | } 209 | } 210 | 211 | // Key derives a key from the password, salt, and cost parameters, returning 212 | // a byte slice of length keyLen that can be used as cryptographic key. 213 | // 214 | // N is a CPU/memory cost parameter, which must be a power of two greater than 1. 215 | // r and p must satisfy r * p < 2³⁰. If the parameters do not satisfy the 216 | // limits, the function returns a nil byte slice and an error. 217 | // 218 | // For example, you can get a derived key for e.g. AES-256 (which needs a 219 | // 32-byte key) by doing: 220 | // 221 | // dk, err := scrypt.Key([]byte("some password"), salt, 32768, 8, 1, 32) 222 | // 223 | // The recommended parameters for interactive logins as of 2017 are N=32768, r=8 224 | // and p=1. The parameters N, r, and p should be increased as memory latency and 225 | // CPU parallelism increases; consider setting N to the highest power of 2 you 226 | // can derive within 100 milliseconds. Remember to get a good random salt. 227 | func Key(password, salt []byte, N, r, p, keyLen int) ([]byte, error) { 228 | if N <= 1 || N&(N-1) != 0 { 229 | return nil, errors.New("scrypt: N must be > 1 and a power of 2") 230 | } 231 | if uint64(r)*uint64(p) >= 1<<30 || r > maxInt/128/p || r > maxInt/256 || N > maxInt/128/r { 232 | return nil, errors.New("scrypt: parameters are too large") 233 | } 234 | 235 | xy := make([]uint32, 64*r) 236 | v := make([]uint32, 32*N*r) 237 | b := pbkdf2.Key(password, salt, 1, p*128*r, sha256.New) 238 | 239 | for i := 0; i < p; i++ { 240 | smix(b[i*128*r:], r, N, v, xy) 241 | } 242 | 243 | return pbkdf2.Key(password, b, 1, keyLen, sha256.New), nil 244 | } 245 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/AUTHORS: -------------------------------------------------------------------------------- 1 | # This source code refers to The Go Authors for copyright purposes. 2 | # The master list of authors is in the main Go distribution, 3 | # visible at http://tip.golang.org/AUTHORS. 4 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/CONTRIBUTORS: -------------------------------------------------------------------------------- 1 | # This source code was written by the Go contributors. 2 | # The master list of contributors is in the main Go distribution, 3 | # visible at http://tip.golang.org/CONTRIBUTORS. 4 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2009 The Go Authors. All rights reserved. 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are 5 | met: 6 | 7 | * Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above 10 | copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the 12 | distribution. 13 | * Neither the name of Google Inc. nor the names of its 14 | contributors may be used to endorse or promote products derived from 15 | this software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/PATENTS: -------------------------------------------------------------------------------- 1 | Additional IP Rights Grant (Patents) 2 | 3 | "This implementation" means the copyrightable works distributed by 4 | Google as part of the Go project. 5 | 6 | Google hereby grants to You a perpetual, worldwide, non-exclusive, 7 | no-charge, royalty-free, irrevocable (except as stated in this section) 8 | patent license to make, have made, use, offer to sell, sell, import, 9 | transfer and otherwise run, modify and propagate the contents of this 10 | implementation of Go, where such license applies only to those patent 11 | claims, both currently owned or controlled by Google and acquired in 12 | the future, licensable by Google that are necessarily infringed by this 13 | implementation of Go. This grant does not include claims that would be 14 | infringed only as a consequence of further modification of this 15 | implementation. If you or your agent or exclusive licensee institute or 16 | order or agree to the institution of patent litigation against any 17 | entity (including a cross-claim or counterclaim in a lawsuit) alleging 18 | that this implementation of Go or any code incorporated within this 19 | implementation of Go constitutes direct or contributory patent 20 | infringement, or inducement of patent infringement, then any patent 21 | rights granted to you under this License for this implementation of Go 22 | shall terminate as of the date such litigation is filed. 23 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/cpu/cpu.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // Package cpu implements processor feature detection for 6 | // various CPU architectures. 7 | package cpu 8 | 9 | // CacheLinePad is used to pad structs to avoid false sharing. 10 | type CacheLinePad struct{ _ [cacheLineSize]byte } 11 | 12 | // X86 contains the supported CPU features of the 13 | // current X86/AMD64 platform. If the current platform 14 | // is not X86/AMD64 then all feature flags are false. 15 | // 16 | // X86 is padded to avoid false sharing. Further the HasAVX 17 | // and HasAVX2 are only set if the OS supports XMM and YMM 18 | // registers in addition to the CPUID feature bit being set. 19 | var X86 struct { 20 | _ CacheLinePad 21 | HasAES bool // AES hardware implementation (AES NI) 22 | HasADX bool // Multi-precision add-carry instruction extensions 23 | HasAVX bool // Advanced vector extension 24 | HasAVX2 bool // Advanced vector extension 2 25 | HasBMI1 bool // Bit manipulation instruction set 1 26 | HasBMI2 bool // Bit manipulation instruction set 2 27 | HasERMS bool // Enhanced REP for MOVSB and STOSB 28 | HasFMA bool // Fused-multiply-add instructions 29 | HasOSXSAVE bool // OS supports XSAVE/XRESTOR for saving/restoring XMM registers. 30 | HasPCLMULQDQ bool // PCLMULQDQ instruction - most often used for AES-GCM 31 | HasPOPCNT bool // Hamming weight instruction POPCNT. 32 | HasSSE2 bool // Streaming SIMD extension 2 (always available on amd64) 33 | HasSSE3 bool // Streaming SIMD extension 3 34 | HasSSSE3 bool // Supplemental streaming SIMD extension 3 35 | HasSSE41 bool // Streaming SIMD extension 4 and 4.1 36 | HasSSE42 bool // Streaming SIMD extension 4 and 4.2 37 | _ CacheLinePad 38 | } 39 | 40 | // ARM64 contains the supported CPU features of the 41 | // current ARMv8(aarch64) platform. If the current platform 42 | // is not arm64 then all feature flags are false. 43 | var ARM64 struct { 44 | _ CacheLinePad 45 | HasFP bool // Floating-point instruction set (always available) 46 | HasASIMD bool // Advanced SIMD (always available) 47 | HasEVTSTRM bool // Event stream support 48 | HasAES bool // AES hardware implementation 49 | HasPMULL bool // Polynomial multiplication instruction set 50 | HasSHA1 bool // SHA1 hardware implementation 51 | HasSHA2 bool // SHA2 hardware implementation 52 | HasCRC32 bool // CRC32 hardware implementation 53 | HasATOMICS bool // Atomic memory operation instruction set 54 | HasFPHP bool // Half precision floating-point instruction set 55 | HasASIMDHP bool // Advanced SIMD half precision instruction set 56 | HasCPUID bool // CPUID identification scheme registers 57 | HasASIMDRDM bool // Rounding double multiply add/subtract instruction set 58 | HasJSCVT bool // Javascript conversion from floating-point to integer 59 | HasFCMA bool // Floating-point multiplication and addition of complex numbers 60 | HasLRCPC bool // Release Consistent processor consistent support 61 | HasDCPOP bool // Persistent memory support 62 | HasSHA3 bool // SHA3 hardware implementation 63 | HasSM3 bool // SM3 hardware implementation 64 | HasSM4 bool // SM4 hardware implementation 65 | HasASIMDDP bool // Advanced SIMD double precision instruction set 66 | HasSHA512 bool // SHA512 hardware implementation 67 | HasSVE bool // Scalable Vector Extensions 68 | HasASIMDFHM bool // Advanced SIMD multiplication FP16 to FP32 69 | _ CacheLinePad 70 | } 71 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/cpu/cpu_arm.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | package cpu 6 | 7 | const cacheLineSize = 32 8 | 9 | func doinit() {} 10 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/cpu/cpu_arm64.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | package cpu 6 | 7 | const cacheLineSize = 64 8 | 9 | // HWCAP/HWCAP2 bits. These are exposed by Linux. 10 | const ( 11 | hwcap_FP = 1 << 0 12 | hwcap_ASIMD = 1 << 1 13 | hwcap_EVTSTRM = 1 << 2 14 | hwcap_AES = 1 << 3 15 | hwcap_PMULL = 1 << 4 16 | hwcap_SHA1 = 1 << 5 17 | hwcap_SHA2 = 1 << 6 18 | hwcap_CRC32 = 1 << 7 19 | hwcap_ATOMICS = 1 << 8 20 | hwcap_FPHP = 1 << 9 21 | hwcap_ASIMDHP = 1 << 10 22 | hwcap_CPUID = 1 << 11 23 | hwcap_ASIMDRDM = 1 << 12 24 | hwcap_JSCVT = 1 << 13 25 | hwcap_FCMA = 1 << 14 26 | hwcap_LRCPC = 1 << 15 27 | hwcap_DCPOP = 1 << 16 28 | hwcap_SHA3 = 1 << 17 29 | hwcap_SM3 = 1 << 18 30 | hwcap_SM4 = 1 << 19 31 | hwcap_ASIMDDP = 1 << 20 32 | hwcap_SHA512 = 1 << 21 33 | hwcap_SVE = 1 << 22 34 | hwcap_ASIMDFHM = 1 << 23 35 | ) 36 | 37 | func doinit() { 38 | // HWCAP feature bits 39 | ARM64.HasFP = isSet(HWCap, hwcap_FP) 40 | ARM64.HasASIMD = isSet(HWCap, hwcap_ASIMD) 41 | ARM64.HasEVTSTRM = isSet(HWCap, hwcap_EVTSTRM) 42 | ARM64.HasAES = isSet(HWCap, hwcap_AES) 43 | ARM64.HasPMULL = isSet(HWCap, hwcap_PMULL) 44 | ARM64.HasSHA1 = isSet(HWCap, hwcap_SHA1) 45 | ARM64.HasSHA2 = isSet(HWCap, hwcap_SHA2) 46 | ARM64.HasCRC32 = isSet(HWCap, hwcap_CRC32) 47 | ARM64.HasATOMICS = isSet(HWCap, hwcap_ATOMICS) 48 | ARM64.HasFPHP = isSet(HWCap, hwcap_FPHP) 49 | ARM64.HasASIMDHP = isSet(HWCap, hwcap_ASIMDHP) 50 | ARM64.HasCPUID = isSet(HWCap, hwcap_CPUID) 51 | ARM64.HasASIMDRDM = isSet(HWCap, hwcap_ASIMDRDM) 52 | ARM64.HasJSCVT = isSet(HWCap, hwcap_JSCVT) 53 | ARM64.HasFCMA = isSet(HWCap, hwcap_FCMA) 54 | ARM64.HasLRCPC = isSet(HWCap, hwcap_LRCPC) 55 | ARM64.HasDCPOP = isSet(HWCap, hwcap_DCPOP) 56 | ARM64.HasSHA3 = isSet(HWCap, hwcap_SHA3) 57 | ARM64.HasSM3 = isSet(HWCap, hwcap_SM3) 58 | ARM64.HasSM4 = isSet(HWCap, hwcap_SM4) 59 | ARM64.HasASIMDDP = isSet(HWCap, hwcap_ASIMDDP) 60 | ARM64.HasSHA512 = isSet(HWCap, hwcap_SHA512) 61 | ARM64.HasSVE = isSet(HWCap, hwcap_SVE) 62 | ARM64.HasASIMDFHM = isSet(HWCap, hwcap_ASIMDFHM) 63 | } 64 | 65 | func isSet(hwc uint, value uint) bool { 66 | return hwc&value != 0 67 | } 68 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/cpu/cpu_gc_x86.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build 386 amd64 amd64p32 6 | // +build !gccgo 7 | 8 | package cpu 9 | 10 | // cpuid is implemented in cpu_x86.s for gc compiler 11 | // and in cpu_gccgo.c for gccgo. 12 | func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) 13 | 14 | // xgetbv with ecx = 0 is implemented in cpu_x86.s for gc compiler 15 | // and in cpu_gccgo.c for gccgo. 16 | func xgetbv() (eax, edx uint32) 17 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/cpu/cpu_gccgo.c: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build 386 amd64 amd64p32 6 | // +build gccgo 7 | 8 | #include 9 | #include 10 | 11 | // Need to wrap __get_cpuid_count because it's declared as static. 12 | int 13 | gccgoGetCpuidCount(uint32_t leaf, uint32_t subleaf, 14 | uint32_t *eax, uint32_t *ebx, 15 | uint32_t *ecx, uint32_t *edx) 16 | { 17 | return __get_cpuid_count(leaf, subleaf, eax, ebx, ecx, edx); 18 | } 19 | 20 | // xgetbv reads the contents of an XCR (Extended Control Register) 21 | // specified in the ECX register into registers EDX:EAX. 22 | // Currently, the only supported value for XCR is 0. 23 | // 24 | // TODO: Replace with a better alternative: 25 | // 26 | // #include 27 | // 28 | // #pragma GCC target("xsave") 29 | // 30 | // void gccgoXgetbv(uint32_t *eax, uint32_t *edx) { 31 | // unsigned long long x = _xgetbv(0); 32 | // *eax = x & 0xffffffff; 33 | // *edx = (x >> 32) & 0xffffffff; 34 | // } 35 | // 36 | // Note that _xgetbv is defined starting with GCC 8. 37 | void 38 | gccgoXgetbv(uint32_t *eax, uint32_t *edx) 39 | { 40 | __asm(" xorl %%ecx, %%ecx\n" 41 | " xgetbv" 42 | : "=a"(*eax), "=d"(*edx)); 43 | } 44 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/cpu/cpu_gccgo.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build 386 amd64 amd64p32 6 | // +build gccgo 7 | 8 | package cpu 9 | 10 | //extern gccgoGetCpuidCount 11 | func gccgoGetCpuidCount(eaxArg, ecxArg uint32, eax, ebx, ecx, edx *uint32) 12 | 13 | func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) { 14 | var a, b, c, d uint32 15 | gccgoGetCpuidCount(eaxArg, ecxArg, &a, &b, &c, &d) 16 | return a, b, c, d 17 | } 18 | 19 | //extern gccgoXgetbv 20 | func gccgoXgetbv(eax, edx *uint32) 21 | 22 | func xgetbv() (eax, edx uint32) { 23 | var a, d uint32 24 | gccgoXgetbv(&a, &d) 25 | return a, d 26 | } 27 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/cpu/cpu_linux.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | //+build !amd64,!amd64p32,!386 6 | 7 | package cpu 8 | 9 | import ( 10 | "encoding/binary" 11 | "io/ioutil" 12 | ) 13 | 14 | const ( 15 | _AT_HWCAP = 16 16 | _AT_HWCAP2 = 26 17 | 18 | procAuxv = "/proc/self/auxv" 19 | 20 | uintSize uint = 32 << (^uint(0) >> 63) 21 | ) 22 | 23 | // For those platforms don't have a 'cpuid' equivalent we use HWCAP/HWCAP2 24 | // These are initialized in cpu_$GOARCH.go 25 | // and should not be changed after they are initialized. 26 | var HWCap uint 27 | var HWCap2 uint 28 | 29 | func init() { 30 | buf, err := ioutil.ReadFile(procAuxv) 31 | if err != nil { 32 | panic("read proc auxv failed: " + err.Error()) 33 | } 34 | 35 | pb := int(uintSize / 8) 36 | 37 | for i := 0; i < len(buf)-pb*2; i += pb * 2 { 38 | var tag, val uint 39 | switch uintSize { 40 | case 32: 41 | tag = uint(binary.LittleEndian.Uint32(buf[i:])) 42 | val = uint(binary.LittleEndian.Uint32(buf[i+pb:])) 43 | case 64: 44 | tag = uint(binary.LittleEndian.Uint64(buf[i:])) 45 | val = uint(binary.LittleEndian.Uint64(buf[i+pb:])) 46 | } 47 | switch tag { 48 | case _AT_HWCAP: 49 | HWCap = val 50 | case _AT_HWCAP2: 51 | HWCap2 = val 52 | } 53 | } 54 | doinit() 55 | } 56 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/cpu/cpu_mips64x.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build mips64 mips64le 6 | 7 | package cpu 8 | 9 | const cacheLineSize = 32 10 | 11 | func doinit() {} 12 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/cpu/cpu_mipsx.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build mips mipsle 6 | 7 | package cpu 8 | 9 | const cacheLineSize = 32 10 | 11 | func doinit() {} 12 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/cpu/cpu_ppc64x.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build ppc64 ppc64le 6 | 7 | package cpu 8 | 9 | const cacheLineSize = 128 10 | 11 | func doinit() {} 12 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/cpu/cpu_s390x.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | package cpu 6 | 7 | const cacheLineSize = 256 8 | 9 | func doinit() {} 10 | -------------------------------------------------------------------------------- /vendor/golang.org/x/sys/cpu/cpu_x86.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build 386 amd64 amd64p32 6 | 7 | package cpu 8 | 9 | const cacheLineSize = 64 10 | 11 | func init() { 12 | maxID, _, _, _ := cpuid(0, 0) 13 | 14 | if maxID < 1 { 15 | return 16 | } 17 | 18 | _, _, ecx1, edx1 := cpuid(1, 0) 19 | X86.HasSSE2 = isSet(26, edx1) 20 | 21 | X86.HasSSE3 = isSet(0, ecx1) 22 | X86.HasPCLMULQDQ = isSet(1, ecx1) 23 | X86.HasSSSE3 = isSet(9, ecx1) 24 | X86.HasFMA = isSet(12, ecx1) 25 | X86.HasSSE41 = isSet(19, ecx1) 26 | X86.HasSSE42 = isSet(20, ecx1) 27 | X86.HasPOPCNT = isSet(23, ecx1) 28 | X86.HasAES = isSet(25, ecx1) 29 | X86.HasOSXSAVE = isSet(27, ecx1) 30 | 31 | osSupportsAVX := false 32 | // For XGETBV, OSXSAVE bit is required and sufficient. 33 | if X86.HasOSXSAVE { 34 | eax, _ := xgetbv() 35 | // Check if XMM and YMM registers have OS support. 36 | osSupportsAVX = isSet(1, eax) && isSet(2, eax) 37 | } 38 | 39 | X86.HasAVX = isSet(28, ecx1) && osSupportsAVX 40 | 41 | if maxID < 7 { 42 | return 43 | } 44 | 45 | _, ebx7, _, _ := cpuid(7, 0) 46 | X86.HasBMI1 = isSet(3, ebx7) 47 | X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX 48 | X86.HasBMI2 = isSet(8, ebx7) 49 | X86.HasERMS = isSet(9, ebx7) 50 | X86.HasADX = isSet(19, ebx7) 51 | } 52 | 53 | func isSet(bitpos uint, value uint32) bool { 54 | return value&(1<