github-personal/ghorg
1
0
Fork 0
mirror of https://github.com/outbackdingo/ghorg.git synced 2026-01-27 18:18:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#309)

Browse Source 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.1.0 to 1.3.3.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.1.0...v1.3.3)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit is contained in:
dependabot[bot]
2023-05-26 15:14:47 -07:00
committed by GitHub
parent c72625e7c6
commit 86f0772eb0
28 changed files with 90 additions and 489 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@@ -20,7 +20,7 @@ require (
require (
github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
github.com/cloudflare/circl v1.1.0 // indirect
github.com/cloudflare/circl v1.3.3 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang/protobuf v1.5.3 // indirect

3
go.sum
View File

@@ -52,8 +52,9 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cloudflare/circl v1.1.0 h1:bZgT/A+cikZnKIwn7xL2OBj012Bmvho/o6RpRvv3GKY=
github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=

3
vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.go generated vendored
View File

@@ -4,9 +4,8 @@
package x25519
import (
"golang.org/x/sys/cpu"
fp "github.com/cloudflare/circl/math/fp25519"
"golang.org/x/sys/cpu"
)
var hasBmi2Adx = cpu.X86.HasBMI2 && cpu.X86.HasADX

9
vendor/github.com/cloudflare/circl/dh/x25519/doc.go generated vendored
View File

@@ -11,10 +11,9 @@ internally and returns false when the public key is invalid (i.e., it
is a low-order point).
References:
- [1] RFC7748 by Langley, Hamburg, Turner (https://rfc-editor.org/rfc/rfc7748.txt)
- [2] Curve25519 by Bernstein (https://cr.yp.to/ecdh.html)
- [3] Bernstein (https://cr.yp.to/ecdh.html#validate)
- [4] Cremers&Jackson (https://eprint.iacr.org/2019/526)
- [1] RFC7748 by Langley, Hamburg, Turner (https://rfc-editor.org/rfc/rfc7748.txt)
- [2] Curve25519 by Bernstein (https://cr.yp.to/ecdh.html)
- [3] Bernstein (https://cr.yp.to/ecdh.html#validate)
- [4] Cremers&Jackson (https://eprint.iacr.org/2019/526)
*/
package x25519

6
vendor/github.com/cloudflare/circl/dh/x25519/key.go generated vendored
View File

@@ -22,11 +22,11 @@ func (k *Key) clamp(in *Key) *Key {
// isValidPubKey verifies if the public key is not a low-order point.
func (k *Key) isValidPubKey() bool {
fp.Modp((*fp.Elt)(k))
isLowOrder := false
var isLowOrder int
for _, P := range lowOrderPoints {
isLowOrder = isLowOrder || subtle.ConstantTimeCompare(P[:], k[:]) != 0
isLowOrder |= subtle.ConstantTimeCompare(P[:], k[:])
}
return !isLowOrder
return isLowOrder == 0
}
// KeyGen obtains a public key given a secret key.

4
vendor/github.com/cloudflare/circl/dh/x25519/table.go generated vendored
View File

@@ -3,7 +3,9 @@ package x25519
import "github.com/cloudflare/circl/math/fp25519"
// tableGenerator contains the set of points:
// t[i] = (xi+1)/(xi-1),
//
// t[i] = (xi+1)/(xi-1),
//
// where (xi,yi) = 2^iG and G is the generator point
// Size = (256)*(256/8) = 8192 bytes.
var tableGenerator = [256 * fp25519.Size]byte{

3
vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.go generated vendored
View File

@@ -4,9 +4,8 @@
package x448
import (
"golang.org/x/sys/cpu"
fp "github.com/cloudflare/circl/math/fp448"
"golang.org/x/sys/cpu"
)
var hasBmi2Adx = cpu.X86.HasBMI2 && cpu.X86.HasADX

3
vendor/github.com/cloudflare/circl/dh/x448/curve_generic.go generated vendored
View File

@@ -18,6 +18,7 @@ func doubleGeneric(x, z *fp448.Elt) {
fp448.Mul(x, x, z)
fp448.Mul(z, t0, t1)
}
func diffAddGeneric(w *[5]fp448.Elt, b uint) {
mu, x1, z1, x2, z2 := &w[0], &w[1], &w[2], &w[3], &w[4]
fp448.Cswap(x1, x2, b)
@@ -30,6 +31,7 @@ func diffAddGeneric(w *[5]fp448.Elt, b uint) {
fp448.Mul(x1, x1, z2)
fp448.Mul(z1, z1, x2)
}
func ladderStepGeneric(w *[5]fp448.Elt, b uint) {
x1, x2, z2, x3, z3 := &w[0], &w[1], &w[2], &w[3], &w[4]
t0 := &fp448.Elt{}
@@ -52,6 +54,7 @@ func ladderStepGeneric(w *[5]fp448.Elt, b uint) {
fp448.Mul(x2, x2, z2)
fp448.Mul(z2, t0, t1)
}
func mulA24Generic(z, x *fp448.Elt) {
const A24 = 39082
const n = 8

9
vendor/github.com/cloudflare/circl/dh/x448/doc.go generated vendored
View File

@@ -11,10 +11,9 @@ internally and returns false when the public key is invalid (i.e., it
is a low-order point).
References:
- [1] RFC7748 by Langley, Hamburg, Turner (https://rfc-editor.org/rfc/rfc7748.txt)
- [2] Curve25519 by Bernstein (https://cr.yp.to/ecdh.html)
- [3] Bernstein (https://cr.yp.to/ecdh.html#validate)
- [4] Cremers&Jackson (https://eprint.iacr.org/2019/526)
- [1] RFC7748 by Langley, Hamburg, Turner (https://rfc-editor.org/rfc/rfc7748.txt)
- [2] Curve25519 by Bernstein (https://cr.yp.to/ecdh.html)
- [3] Bernstein (https://cr.yp.to/ecdh.html#validate)
- [4] Cremers&Jackson (https://eprint.iacr.org/2019/526)
*/
package x448

6
vendor/github.com/cloudflare/circl/dh/x448/key.go generated vendored
View File

@@ -22,11 +22,11 @@ func (k *Key) clamp(in *Key) *Key {
// isValidPubKey verifies if the public key is not a low-order point.
func (k *Key) isValidPubKey() bool {
fp.Modp((*fp.Elt)(k))
isLowOrder := false
var isLowOrder int
for _, P := range lowOrderPoints {
isLowOrder = isLowOrder || subtle.ConstantTimeCompare(P[:], k[:]) != 0
isLowOrder |= subtle.ConstantTimeCompare(P[:], k[:])
}
return !isLowOrder
return isLowOrder == 0
}
// KeyGen obtains a public key given a secret key.

4
vendor/github.com/cloudflare/circl/dh/x448/table.go generated vendored
View File

@@ -3,7 +3,9 @@ package x448
import fp "github.com/cloudflare/circl/math/fp448"
// tableGenerator contains the set of points:
// t[i] = (xi+1)/(xi-1),
//
// t[i] = (xi+1)/(xi-1),
//
// where (xi,yi) = 2^iG and G is the generator point
// Size = (448)*(448/8) = 25088 bytes.
var tableGenerator = [448 * fp.Size]byte{

2
vendor/github.com/cloudflare/circl/ecc/goldilocks/point.go generated vendored
View File

@@ -44,7 +44,7 @@ func FromBytes(in []byte) (*Point, error) {
if len(in) < fp.Size+1 {
return nil, errors.New("wrong input length")
}
var err = errors.New("invalid decoding")
err := errors.New("invalid decoding")
P := &Point{}
signX := in[fp.Size] >> 7
copy(P.y[:], in[:fp.Size])

2
vendor/github.com/cloudflare/circl/ecc/goldilocks/scalar.go generated vendored
View File

@@ -8,7 +8,7 @@ import (
// ScalarSize is the size (in bytes) of scalars.
const ScalarSize = 56 // 448 / 8
//_N is the number of 64-bit words to store scalars.
// _N is the number of 64-bit words to store scalars.
const _N = 7 // 448 / 64
// Scalar represents a positive integer stored in little-endian order.

12
vendor/github.com/cloudflare/circl/internal/sha3/doc.go generated vendored
View File

@@ -8,8 +8,7 @@
// Both types of hash function use the "sponge" construction and the Keccak
// permutation. For a detailed specification see http://keccak.noekeon.org/
//
//
// Guidance
// # Guidance
//
// If you aren't sure what function you need, use SHAKE256 with at least 64
// bytes of output. The SHAKE instances are faster than the SHA3 instances;
@@ -19,8 +18,7 @@
// secret key to the input, hash with SHAKE256 and read at least 32 bytes of
// output.
//
//
// Security strengths
// # Security strengths
//
// The SHA3-x (x equals 224, 256, 384, or 512) functions have a security
// strength against preimage attacks of x bits. Since they only produce "x"
@@ -31,8 +29,7 @@
// is used. Requesting more than 64 or 32 bytes of output, respectively, does
// not increase the collision-resistance of the SHAKE functions.
//
//
// The sponge construction
// # The sponge construction
//
// A sponge builds a pseudo-random function from a public pseudo-random
// permutation, by applying the permutation to a state of "rate + capacity"
@@ -50,8 +47,7 @@
// Since the KeccakF-1600 permutation is 1600 bits (200 bytes) wide, this means
// that the security strength of a sponge instance is equal to (1600 - bitrate) / 2.
//
//
// Recommendations
// # Recommendations
//
// The SHAKE functions are recommended for most new uses. They can produce
// output of arbitrary length. SHAKE256, with an output length of at least

4
vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go generated vendored
View File

@@ -2,13 +2,11 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//go:build !amd64 || appengine || gccgo
// +build !amd64 appengine gccgo
package sha3
// KeccakF1600 applies the Keccak permutation to a 1600b-wide
// state represented as a slice of 25 uint64s.
// nolint:funlen
func KeccakF1600(a *[25]uint64) {
// Implementation translated from Keccak-inplace.c
// in the keccak reference code.

14
vendor/github.com/cloudflare/circl/internal/sha3/keccakf_amd64.go generated vendored
View File

@@ -1,14 +0,0 @@
// Copyright 2015 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//go:build amd64 && !appengine && !gccgo
// +build amd64,!appengine,!gccgo
package sha3
// This function is implemented in keccakf_amd64.s.
//go:noescape
func KeccakF1600(state *[25]uint64)

390
vendor/github.com/cloudflare/circl/internal/sha3/keccakf_amd64.s generated vendored
View File

@@ -1,390 +0,0 @@
// Copyright 2015 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// +build amd64,!appengine,!gccgo
// This code was translated into a form compatible with 6a from the public
// domain sources at https://github.com/gvanas/KeccakCodePackage
// Offsets in state
#define _ba (0*8)
#define _be (1*8)
#define _bi (2*8)
#define _bo (3*8)
#define _bu (4*8)
#define _ga (5*8)
#define _ge (6*8)
#define _gi (7*8)
#define _go (8*8)
#define _gu (9*8)
#define _ka (10*8)
#define _ke (11*8)
#define _ki (12*8)
#define _ko (13*8)
#define _ku (14*8)
#define _ma (15*8)
#define _me (16*8)
#define _mi (17*8)
#define _mo (18*8)
#define _mu (19*8)
#define _sa (20*8)
#define _se (21*8)
#define _si (22*8)
#define _so (23*8)
#define _su (24*8)
// Temporary registers
#define rT1 AX
// Round vars
#define rpState DI
#define rpStack SP
#define rDa BX
#define rDe CX
#define rDi DX
#define rDo R8
#define rDu R9
#define rBa R10
#define rBe R11
#define rBi R12
#define rBo R13
#define rBu R14
#define rCa SI
#define rCe BP
#define rCi rBi
#define rCo rBo
#define rCu R15
#define MOVQ_RBI_RCE MOVQ rBi, rCe
#define XORQ_RT1_RCA XORQ rT1, rCa
#define XORQ_RT1_RCE XORQ rT1, rCe
#define XORQ_RBA_RCU XORQ rBa, rCu
#define XORQ_RBE_RCU XORQ rBe, rCu
#define XORQ_RDU_RCU XORQ rDu, rCu
#define XORQ_RDA_RCA XORQ rDa, rCa
#define XORQ_RDE_RCE XORQ rDe, rCe
#define mKeccakRound(iState, oState, rc, B_RBI_RCE, G_RT1_RCA, G_RT1_RCE, G_RBA_RCU, K_RT1_RCA, K_RT1_RCE, K_RBA_RCU, M_RT1_RCA, M_RT1_RCE, M_RBE_RCU, S_RDU_RCU, S_RDA_RCA, S_RDE_RCE) \
/* Prepare round */ \
MOVQ rCe, rDa; \
ROLQ $1, rDa; \
\
MOVQ _bi(iState), rCi; \
XORQ _gi(iState), rDi; \
XORQ rCu, rDa; \
XORQ _ki(iState), rCi; \
XORQ _mi(iState), rDi; \
XORQ rDi, rCi; \
\
MOVQ rCi, rDe; \
ROLQ $1, rDe; \
\
MOVQ _bo(iState), rCo; \
XORQ _go(iState), rDo; \
XORQ rCa, rDe; \
XORQ _ko(iState), rCo; \
XORQ _mo(iState), rDo; \
XORQ rDo, rCo; \
\
MOVQ rCo, rDi; \
ROLQ $1, rDi; \
\
MOVQ rCu, rDo; \
XORQ rCe, rDi; \
ROLQ $1, rDo; \
\
MOVQ rCa, rDu; \
XORQ rCi, rDo; \
ROLQ $1, rDu; \
\
/* Result b */ \
MOVQ _ba(iState), rBa; \
MOVQ _ge(iState), rBe; \
XORQ rCo, rDu; \
MOVQ _ki(iState), rBi; \
MOVQ _mo(iState), rBo; \
MOVQ _su(iState), rBu; \
XORQ rDe, rBe; \
ROLQ $44, rBe; \
XORQ rDi, rBi; \
XORQ rDa, rBa; \
ROLQ $43, rBi; \
\
MOVQ rBe, rCa; \
MOVQ rc, rT1; \
ORQ rBi, rCa; \
XORQ rBa, rT1; \
XORQ rT1, rCa; \
MOVQ rCa, _ba(oState); \
\
XORQ rDu, rBu; \
ROLQ $14, rBu; \
MOVQ rBa, rCu; \
ANDQ rBe, rCu; \
XORQ rBu, rCu; \
MOVQ rCu, _bu(oState); \
\
XORQ rDo, rBo; \
ROLQ $21, rBo; \
MOVQ rBo, rT1; \
ANDQ rBu, rT1; \
XORQ rBi, rT1; \
MOVQ rT1, _bi(oState); \
\
NOTQ rBi; \
ORQ rBa, rBu; \
ORQ rBo, rBi; \
XORQ rBo, rBu; \
XORQ rBe, rBi; \
MOVQ rBu, _bo(oState); \
MOVQ rBi, _be(oState); \
B_RBI_RCE; \
\
/* Result g */ \
MOVQ _gu(iState), rBe; \
XORQ rDu, rBe; \
MOVQ _ka(iState), rBi; \
ROLQ $20, rBe; \
XORQ rDa, rBi; \
ROLQ $3, rBi; \
MOVQ _bo(iState), rBa; \
MOVQ rBe, rT1; \
ORQ rBi, rT1; \
XORQ rDo, rBa; \
MOVQ _me(iState), rBo; \
MOVQ _si(iState), rBu; \
ROLQ $28, rBa; \
XORQ rBa, rT1; \
MOVQ rT1, _ga(oState); \
G_RT1_RCA; \
\
XORQ rDe, rBo; \
ROLQ $45, rBo; \
MOVQ rBi, rT1; \
ANDQ rBo, rT1; \
XORQ rBe, rT1; \
MOVQ rT1, _ge(oState); \
G_RT1_RCE; \
\
XORQ rDi, rBu; \
ROLQ $61, rBu; \
MOVQ rBu, rT1; \
ORQ rBa, rT1; \
XORQ rBo, rT1; \
MOVQ rT1, _go(oState); \
\
ANDQ rBe, rBa; \
XORQ rBu, rBa; \
MOVQ rBa, _gu(oState); \
NOTQ rBu; \
G_RBA_RCU; \
\
ORQ rBu, rBo; \
XORQ rBi, rBo; \
MOVQ rBo, _gi(oState); \
\
/* Result k */ \
MOVQ _be(iState), rBa; \
MOVQ _gi(iState), rBe; \
MOVQ _ko(iState), rBi; \
MOVQ _mu(iState), rBo; \
MOVQ _sa(iState), rBu; \
XORQ rDi, rBe; \
ROLQ $6, rBe; \
XORQ rDo, rBi; \
ROLQ $25, rBi; \
MOVQ rBe, rT1; \
ORQ rBi, rT1; \
XORQ rDe, rBa; \
ROLQ $1, rBa; \
XORQ rBa, rT1; \
MOVQ rT1, _ka(oState); \
K_RT1_RCA; \
\
XORQ rDu, rBo; \
ROLQ $8, rBo; \
MOVQ rBi, rT1; \
ANDQ rBo, rT1; \
XORQ rBe, rT1; \
MOVQ rT1, _ke(oState); \
K_RT1_RCE; \
\
XORQ rDa, rBu; \
ROLQ $18, rBu; \
NOTQ rBo; \
MOVQ rBo, rT1; \
ANDQ rBu, rT1; \
XORQ rBi, rT1; \
MOVQ rT1, _ki(oState); \
\
MOVQ rBu, rT1; \
ORQ rBa, rT1; \
XORQ rBo, rT1; \
MOVQ rT1, _ko(oState); \
\
ANDQ rBe, rBa; \
XORQ rBu, rBa; \
MOVQ rBa, _ku(oState); \
K_RBA_RCU; \
\
/* Result m */ \
MOVQ _ga(iState), rBe; \
XORQ rDa, rBe; \
MOVQ _ke(iState), rBi; \
ROLQ $36, rBe; \
XORQ rDe, rBi; \
MOVQ _bu(iState), rBa; \
ROLQ $10, rBi; \
MOVQ rBe, rT1; \
MOVQ _mi(iState), rBo; \
ANDQ rBi, rT1; \
XORQ rDu, rBa; \
MOVQ _so(iState), rBu; \
ROLQ $27, rBa; \
XORQ rBa, rT1; \
MOVQ rT1, _ma(oState); \
M_RT1_RCA; \
\
XORQ rDi, rBo; \
ROLQ $15, rBo; \
MOVQ rBi, rT1; \
ORQ rBo, rT1; \
XORQ rBe, rT1; \
MOVQ rT1, _me(oState); \
M_RT1_RCE; \
\
XORQ rDo, rBu; \
ROLQ $56, rBu; \
NOTQ rBo; \
MOVQ rBo, rT1; \
ORQ rBu, rT1; \
XORQ rBi, rT1; \
MOVQ rT1, _mi(oState); \
\
ORQ rBa, rBe; \
XORQ rBu, rBe; \
MOVQ rBe, _mu(oState); \
\
ANDQ rBa, rBu; \
XORQ rBo, rBu; \
MOVQ rBu, _mo(oState); \
M_RBE_RCU; \
\
/* Result s */ \
MOVQ _bi(iState), rBa; \
MOVQ _go(iState), rBe; \
MOVQ _ku(iState), rBi; \
XORQ rDi, rBa; \
MOVQ _ma(iState), rBo; \
ROLQ $62, rBa; \
XORQ rDo, rBe; \
MOVQ _se(iState), rBu; \
ROLQ $55, rBe; \
\
XORQ rDu, rBi; \
MOVQ rBa, rDu; \
XORQ rDe, rBu; \
ROLQ $2, rBu; \
ANDQ rBe, rDu; \
XORQ rBu, rDu; \
MOVQ rDu, _su(oState); \
\
ROLQ $39, rBi; \
S_RDU_RCU; \
NOTQ rBe; \
XORQ rDa, rBo; \
MOVQ rBe, rDa; \
ANDQ rBi, rDa; \
XORQ rBa, rDa; \
MOVQ rDa, _sa(oState); \
S_RDA_RCA; \
\
ROLQ $41, rBo; \
MOVQ rBi, rDe; \
ORQ rBo, rDe; \
XORQ rBe, rDe; \
MOVQ rDe, _se(oState); \
S_RDE_RCE; \
\
MOVQ rBo, rDi; \
MOVQ rBu, rDo; \
ANDQ rBu, rDi; \
ORQ rBa, rDo; \
XORQ rBi, rDi; \
XORQ rBo, rDo; \
MOVQ rDi, _si(oState); \
MOVQ rDo, _so(oState) \
// func KeccakF1600(state *[25]uint64)
TEXT ·KeccakF1600(SB), 0, $200-8
MOVQ state+0(FP), rpState
// Convert the user state into an internal state
NOTQ _be(rpState)
NOTQ _bi(rpState)
NOTQ _go(rpState)
NOTQ _ki(rpState)
NOTQ _mi(rpState)
NOTQ _sa(rpState)
// Execute the KeccakF permutation
MOVQ _ba(rpState), rCa
MOVQ _be(rpState), rCe
MOVQ _bu(rpState), rCu
XORQ _ga(rpState), rCa
XORQ _ge(rpState), rCe
XORQ _gu(rpState), rCu
XORQ _ka(rpState), rCa
XORQ _ke(rpState), rCe
XORQ _ku(rpState), rCu
XORQ _ma(rpState), rCa
XORQ _me(rpState), rCe
XORQ _mu(rpState), rCu
XORQ _sa(rpState), rCa
XORQ _se(rpState), rCe
MOVQ _si(rpState), rDi
MOVQ _so(rpState), rDo
XORQ _su(rpState), rCu
mKeccakRound(rpState, rpStack, $0x0000000000000001, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpStack, rpState, $0x0000000000008082, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpState, rpStack, $0x800000000000808a, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpStack, rpState, $0x8000000080008000, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpState, rpStack, $0x000000000000808b, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpStack, rpState, $0x0000000080000001, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpState, rpStack, $0x8000000080008081, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpStack, rpState, $0x8000000000008009, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpState, rpStack, $0x000000000000008a, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpStack, rpState, $0x0000000000000088, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpState, rpStack, $0x0000000080008009, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpStack, rpState, $0x000000008000000a, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpState, rpStack, $0x000000008000808b, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpStack, rpState, $0x800000000000008b, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpState, rpStack, $0x8000000000008089, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpStack, rpState, $0x8000000000008003, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpState, rpStack, $0x8000000000008002, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpStack, rpState, $0x8000000000000080, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpState, rpStack, $0x000000000000800a, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpStack, rpState, $0x800000008000000a, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpState, rpStack, $0x8000000080008081, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpStack, rpState, $0x8000000000008080, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpState, rpStack, $0x0000000080000001, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
mKeccakRound(rpStack, rpState, $0x8000000080008008, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP)
// Revert the internal state to the user state
NOTQ _be(rpState)
NOTQ _bi(rpState)
NOTQ _go(rpState)
NOTQ _ki(rpState)
NOTQ _mi(rpState)
NOTQ _sa(rpState)
RET

1
vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.h generated vendored
View File

@@ -99,6 +99,7 @@
// Uses: AX, DX, R8-R15, FLAGS
// Instr: x86_64, bmi2, adx
#define integerMulAdx(z,x,y) \
MOVL $0,R15; \
MOVQ 0+y, DX; XORL AX, AX; \
MULXQ 0+x, AX, R8; MOVQ AX, 0+z; \
MULXQ 8+x, AX, R9; ADCXQ AX, R8; \

1
vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.h generated vendored
View File

@@ -158,6 +158,7 @@
// Uses: AX, DX, R8-R15, FLAGS
// Instr: x86_64, bmi2, adx
#define integerMulAdx(z,x,y) \
MOVL $0,R15; \
MOVQ 0+y, DX; XORL AX, AX; MOVQ $0, R8; \
MULXQ 0+x, AX, R9; MOVQ AX, 0+z; \
MULXQ 8+x, AX, R10; ADCXQ AX, R9; \

11
vendor/github.com/cloudflare/circl/math/fp448/fuzzer.go generated vendored
View File

@@ -2,11 +2,12 @@
// +build gofuzz
// How to run the fuzzer:
// $ go get -u github.com/dvyukov/go-fuzz/go-fuzz
// $ go get -u github.com/dvyukov/go-fuzz/go-fuzz-build
// $ go-fuzz-build -libfuzzer -func FuzzReduction -o lib.a
// $ clang -fsanitize=fuzzer lib.a -o fu.exe
// $ ./fu.exe
//
// $ go get -u github.com/dvyukov/go-fuzz/go-fuzz
// $ go get -u github.com/dvyukov/go-fuzz/go-fuzz-build
// $ go-fuzz-build -libfuzzer -func FuzzReduction -o lib.a
// $ clang -fsanitize=fuzzer lib.a -o fu.exe
// $ ./fu.exe
package fp448
import (

4
vendor/github.com/cloudflare/circl/math/mlsbset/mlsbset.go generated vendored
View File

@@ -2,8 +2,8 @@
//
// References: "Efficient and secure algorithms for GLV-based scalar
// multiplication and their implementation on GLVGLS curves" by (Faz-Hernandez et al.)
// - https://doi.org/10.1007/s13389-014-0085-7
// - https://eprint.iacr.org/2013/158
// - https://doi.org/10.1007/s13389-014-0085-7
// - https://eprint.iacr.org/2013/158
package mlsbset
import (

18
vendor/github.com/cloudflare/circl/math/wnaf.go generated vendored
View File

@@ -9,15 +9,15 @@ import "math/big"
// output has ceil(l/(w-1)) digits.
//
// Restrictions:
// - n is odd and n > 0.
// - 1 < w < 32.
// - l >= bit length of n.
// - n is odd and n > 0.
// - 1 < w < 32.
// - l >= bit length of n.
//
// References:
// - Alg.6 in "Exponent Recoding and Regular Exponentiation Algorithms"
// by Joye-Tunstall. http://doi.org/10.1007/978-3-642-02384-2_21
// - Alg.6 in "Selecting Elliptic Curves for Cryptography: An Efficiency and
// Security Analysis" by Bos et al. http://doi.org/10.1007/s13389-015-0097-y
// - Alg.6 in "Exponent Recoding and Regular Exponentiation Algorithms"
// by Joye-Tunstall. http://doi.org/10.1007/978-3-642-02384-2_21
// - Alg.6 in "Selecting Elliptic Curves for Cryptography: An Efficiency and
// Security Analysis" by Bos et al. http://doi.org/10.1007/s13389-015-0097-y
func SignedDigit(n *big.Int, w, l uint) []int32 {
if n.Sign() <= 0 || n.Bit(0) == 0 {
panic("n must be non-zero, odd, and positive")
@@ -51,8 +51,8 @@ func SignedDigit(n *big.Int, w, l uint) []int32 {
// 1 < w < 32. The returned slice L holds n = sum( L[i]*2^i ).
//
// Reference:
// - Alg.9 "Efficient arithmetic on Koblitz curves" by Solinas.
// http://doi.org/10.1023/A:1008306223194
// - Alg.9 "Efficient arithmetic on Koblitz curves" by Solinas.
// http://doi.org/10.1023/A:1008306223194
func OmegaNAF(n *big.Int, w uint) (L []int32) {
if n.Sign() < 0 {
panic("n must be positive")

23
vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go generated vendored
View File

@@ -3,12 +3,12 @@
// This package provides optimized implementations of the three signature
// variants and maintaining closer compatiblilty with crypto/ed25519.
//
// | Scheme Name | Sign Function | Verification | Context |
// |-------------|-------------------|---------------|-------------------|
// | Ed25519 | Sign | Verify | None |
// | Ed25519Ph | SignPh | VerifyPh | Yes, can be empty |
// | Ed25519Ctx | SignWithCtx | VerifyWithCtx | Yes, non-empty |
// | All above | (PrivateKey).Sign | VerifyAny | As above |
// | Scheme Name | Sign Function | Verification | Context |
// |-------------|-------------------|---------------|-------------------|
// | Ed25519 | Sign | Verify | None |
// | Ed25519Ph | SignPh | VerifyPh | Yes, can be empty |
// | Ed25519Ctx | SignWithCtx | VerifyWithCtx | Yes, non-empty |
// | All above | (PrivateKey).Sign | VerifyAny | As above |
//
// Specific functions for sign and verify are defined. A generic signing
// function for all schemes is available through the crypto.Signer interface,
@@ -20,7 +20,7 @@
// in this package. While Ed25519Ph accepts an empty context, Ed25519Ctx
// enforces non-empty context strings.
//
// Compatibility with crypto.ed25519
// # Compatibility with crypto.ed25519
//
// These functions are compatible with the “Ed25519” function defined in
// RFC-8032. However, unlike RFC 8032's formulation, this package's private
@@ -30,9 +30,9 @@
//
// References
//
// - RFC-8032: https://rfc-editor.org/rfc/rfc8032.txt
// - Ed25519: https://ed25519.cr.yp.to/
// - EdDSA: High-speed high-security signatures. https://doi.org/10.1007/s13389-012-0027-1
// - RFC-8032: https://rfc-editor.org/rfc/rfc8032.txt
// - Ed25519: https://ed25519.cr.yp.to/
// - EdDSA: High-speed high-security signatures. https://doi.org/10.1007/s13389-012-0027-1
package ed25519
import (
@@ -152,7 +152,8 @@ func (pub PublicKey) Equal(x crypto.PublicKey) bool {
func (priv PrivateKey) Sign(
rand io.Reader,
message []byte,
opts crypto.SignerOpts) (signature []byte, err error) {
opts crypto.SignerOpts,
) (signature []byte, err error) {
var ctx string
var scheme SchemeID
if o, ok := opts.(SignerOptions); ok {

7
vendor/github.com/cloudflare/circl/sign/ed25519/mult.go generated vendored
View File

@@ -29,9 +29,10 @@ const (
// mLSBRecoding is the odd-only modified LSB-set.
//
// Reference:
// "Efficient and secure algorithms for GLV-based scalar multiplication and
// their implementation on GLVGLS curves" by (Faz-Hernandez et al.)
// http://doi.org/10.1007/s13389-014-0085-7.
//
// "Efficient and secure algorithms for GLV-based scalar multiplication and
// their implementation on GLVGLS curves" by (Faz-Hernandez et al.)
// http://doi.org/10.1007/s13389-014-0085-7.
func mLSBRecoding(L []int8, k []byte) {
const ee = (fxT + fxW*fxV - 1) / (fxW * fxV)
const dd = ee * fxV

12
vendor/github.com/cloudflare/circl/sign/ed25519/point.go generated vendored
View File

@@ -2,11 +2,13 @@ package ed25519
import fp "github.com/cloudflare/circl/math/fp25519"
type pointR1 struct{ x, y, z, ta, tb fp.Elt }
type pointR2 struct {
pointR3
z2 fp.Elt
}
type (
pointR1 struct{ x, y, z, ta, tb fp.Elt }
pointR2 struct {
pointR3
z2 fp.Elt
}
)
type pointR3 struct{ addYX, subYX, dt2 fp.Elt }
func (P *pointR1) neg() {

19
vendor/github.com/cloudflare/circl/sign/ed448/ed448.go generated vendored
View File

@@ -2,11 +2,11 @@
//
// This package implements two signature variants.
//
// | Scheme Name | Sign Function | Verification | Context |
// |-------------|-------------------|---------------|-------------------|
// | Ed448 | Sign | Verify | Yes, can be empty |
// | Ed448Ph | SignPh | VerifyPh | Yes, can be empty |
// | All above | (PrivateKey).Sign | VerifyAny | As above |
// | Scheme Name | Sign Function | Verification | Context |
// |-------------|-------------------|---------------|-------------------|
// | Ed448 | Sign | Verify | Yes, can be empty |
// | Ed448Ph | SignPh | VerifyPh | Yes, can be empty |
// | All above | (PrivateKey).Sign | VerifyAny | As above |
//
// Specific functions for sign and verify are defined. A generic signing
// function for all schemes is available through the crypto.Signer interface,
@@ -18,9 +18,9 @@
//
// References:
//
// - RFC8032 https://rfc-editor.org/rfc/rfc8032.txt
// - EdDSA for more curves https://eprint.iacr.org/2015/677
// - High-speed high-security signatures. https://doi.org/10.1007/s13389-012-0027-1
// - RFC8032: https://rfc-editor.org/rfc/rfc8032.txt
// - EdDSA for more curves: https://eprint.iacr.org/2015/677
// - High-speed high-security signatures: https://doi.org/10.1007/s13389-012-0027-1
package ed448
import (
@@ -139,7 +139,8 @@ func (pub PublicKey) MarshalBinary() (data []byte, err error) {
func (priv PrivateKey) Sign(
rand io.Reader,
message []byte,
opts crypto.SignerOpts) (signature []byte, err error) {
opts crypto.SignerOpts,
) (signature []byte, err error) {
var ctx string
var scheme SchemeID

3
vendor/github.com/cloudflare/circl/sign/sign.go generated vendored
View File

@@ -2,7 +2,7 @@
//
// A register of schemes is available in the package
//
// github.com/cloudflare/circl/sign/schemes
// github.com/cloudflare/circl/sign/schemes
package sign
import (
@@ -31,7 +31,6 @@ type PublicKey interface {
type PrivateKey interface {
// Returns the signature scheme for this private key.
Scheme() Scheme
Equal(crypto.PrivateKey) bool
// For compatibility with Go standard library
crypto.Signer

4
vendor/modules.txt vendored
View File

@@ -24,8 +24,8 @@ github.com/ProtonMail/go-crypto/openpgp/s2k
# github.com/bradleyfalzon/ghinstallation/v2 v2.4.0
## explicit; go 1.13
github.com/bradleyfalzon/ghinstallation/v2
# github.com/cloudflare/circl v1.1.0
## explicit; go 1.15
# github.com/cloudflare/circl v1.3.3
## explicit; go 1.19
github.com/cloudflare/circl/dh/x25519
github.com/cloudflare/circl/dh/x448
github.com/cloudflare/circl/ecc/goldilocks