From 034c78bcde18768cfed42138c549fb393ffc7007 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jan 2024 16:47:11 +0000 Subject: [PATCH] Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.3 to 1.3.7. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.7) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../cloudflare/circl/hpke/hybridkem.go | 2 +- .../cloudflare/circl/hpke/shortkem.go | 2 +- .../github.com/cloudflare/circl/hpke/xkem.go | 2 +- .../cloudflare/circl/internal/sha3/keccakf.go | 12 +++++- .../cloudflare/circl/internal/sha3/sha3.go | 11 +++-- .../cloudflare/circl/internal/sha3/shake.go | 40 ++++++++++++++++++ vendor/github.com/cloudflare/circl/kem/kem.go | 2 +- .../cloudflare/circl/math/primes.go | 34 +++++++++++++++ .../circl/pke/kyber/internal/common/amd64.go | 2 +- .../circl/pke/kyber/internal/common/amd64.s | 10 ++--- .../circl/pke/kyber/internal/common/field.go | 2 +- .../circl/pke/kyber/internal/common/ntt.go | 2 +- .../circl/pke/kyber/internal/common/poly.go | 30 ++++++++----- .../circl/pke/kyber/internal/common/sample.go | 2 +- .../pke/kyber/internal/common/stubs_amd64.go | 1 - .../circl/pke/kyber/kyber768/internal/mat.go | 2 +- .../circl/simd/keccakf1600/f1600x.go | 42 ++++++++++++------- .../circl/simd/keccakf1600/f1600x2_arm64.go | 6 +-- .../circl/simd/keccakf1600/f1600x2_arm64.s | 10 ++++- .../circl/simd/keccakf1600/f1600x4_amd64.go | 4 +- .../circl/simd/keccakf1600/f1600x4_amd64.s | 17 +++++--- .../simd/keccakf1600/f1600x4stubs_amd64.go | 3 +- .../circl/simd/keccakf1600/fallback.go | 4 +- vendor/modules.txt | 2 +- 26 files changed, 184 insertions(+), 66 deletions(-) create mode 100644 vendor/github.com/cloudflare/circl/math/primes.go diff --git a/go.mod b/go.mod index 748ed7d..615b204 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.17 require ( github.com/DataDog/datadog-go/v5 v5.1.1 github.com/chris-wood/ohttp-go v0.0.0-20230523152405-45fb0d05eb13 - github.com/cloudflare/circl v1.3.3 + github.com/cloudflare/circl v1.3.7 google.golang.org/protobuf v1.28.1 ) diff --git a/go.sum b/go.sum index 8e655d6..a4b811e 100644 --- a/go.sum +++ b/go.sum @@ -6,8 +6,8 @@ github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N github.com/chris-wood/ohttp-go v0.0.0-20230523152405-45fb0d05eb13 h1:6KPUTuaINL/GlEf3Fd08p/JVVoVRX4Mh4GtsAJUKv7o= github.com/chris-wood/ohttp-go v0.0.0-20230523152405-45fb0d05eb13/go.mod h1:P/sVWl8F9KHJ1esPj/g1A5h8vfA3Ps9n6JOMNf6TszU= github.com/cloudflare/circl v1.3.3-0.20230418220640-795540340d5c/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= -github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= -github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/vendor/github.com/cloudflare/circl/hpke/hybridkem.go b/vendor/github.com/cloudflare/circl/hpke/hybridkem.go index 2abffef..74e1ea6 100644 --- a/vendor/github.com/cloudflare/circl/hpke/hybridkem.go +++ b/vendor/github.com/cloudflare/circl/hpke/hybridkem.go @@ -153,7 +153,7 @@ func (k *hybridKEMPubKey) Equal(pk kem.PublicKey) bool { k.pubB.Equal(k1.pubB) } -// Deterministicallly derives a keypair from a seed. If you're unsure, +// Deterministically derives a keypair from a seed. If you're unsure, // you're better off using GenerateKey(). // // Panics if seed is not of length SeedSize(). diff --git a/vendor/github.com/cloudflare/circl/hpke/shortkem.go b/vendor/github.com/cloudflare/circl/hpke/shortkem.go index ca0b884..e5c55e9 100644 --- a/vendor/github.com/cloudflare/circl/hpke/shortkem.go +++ b/vendor/github.com/cloudflare/circl/hpke/shortkem.go @@ -37,7 +37,7 @@ func (s shortKEM) calcDH(dh []byte, sk kem.PrivateKey, pk kem.PublicKey) error { return nil } -// Deterministicallly derives a keypair from a seed. If you're unsure, +// Deterministically derives a keypair from a seed. If you're unsure, // you're better off using GenerateKey(). // // Panics if seed is not of length SeedSize(). diff --git a/vendor/github.com/cloudflare/circl/hpke/xkem.go b/vendor/github.com/cloudflare/circl/hpke/xkem.go index 58ca2be..f11ab6b 100644 --- a/vendor/github.com/cloudflare/circl/hpke/xkem.go +++ b/vendor/github.com/cloudflare/circl/hpke/xkem.go @@ -48,7 +48,7 @@ func (x xKEM) calcDH(dh []byte, sk kem.PrivateKey, pk kem.PublicKey) error { return nil } -// Deterministicallly derives a keypair from a seed. If you're unsure, +// Deterministically derives a keypair from a seed. If you're unsure, // you're better off using GenerateKey(). // // Panics if seed is not of length SeedSize(). diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go b/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go index ab19d0a..1755fd1 100644 --- a/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go +++ b/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go @@ -6,13 +6,21 @@ package sha3 // KeccakF1600 applies the Keccak permutation to a 1600b-wide // state represented as a slice of 25 uint64s. +// If turbo is true, applies the 12-round variant instead of the +// regular 24-round variant. // nolint:funlen -func KeccakF1600(a *[25]uint64) { +func KeccakF1600(a *[25]uint64, turbo bool) { // Implementation translated from Keccak-inplace.c // in the keccak reference code. var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64 - for i := 0; i < 24; i += 4 { + i := 0 + + if turbo { + i = 12 + } + + for ; i < 24; i += 4 { // Combines the 5 steps in each round into 2 steps. // Unrolls 4 rounds per loop and spreads some steps across rounds. diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go b/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go index b35cd00..a0df5aa 100644 --- a/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go +++ b/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go @@ -51,6 +51,7 @@ type State struct { // Specific to SHA-3 and SHAKE. outputLen int // the default output size in bytes state spongeDirection // whether the sponge is absorbing or squeezing + turbo bool // Whether we're using 12 rounds instead of 24 } // BlockSize returns the rate of sponge underlying this hash function. @@ -86,11 +87,11 @@ func (d *State) permute() { xorIn(d, d.buf()) d.bufe = 0 d.bufo = 0 - KeccakF1600(&d.a) + KeccakF1600(&d.a, d.turbo) case spongeSqueezing: // If we're squeezing, we need to apply the permutation before // copying more output. - KeccakF1600(&d.a) + KeccakF1600(&d.a, d.turbo) d.bufe = d.rate d.bufo = 0 copyOut(d, d.buf()) @@ -136,7 +137,7 @@ func (d *State) Write(p []byte) (written int, err error) { // The fast path; absorb a full "rate" bytes of input and apply the permutation. xorIn(d, p[:d.rate]) p = p[d.rate:] - KeccakF1600(&d.a) + KeccakF1600(&d.a, d.turbo) } else { // The slow path; buffer the input until we can fill the sponge, and then xor it in. todo := d.rate - bufl @@ -193,3 +194,7 @@ func (d *State) Sum(in []byte) []byte { _, _ = dup.Read(hash) return append(in, hash...) } + +func (d *State) IsAbsorbing() bool { + return d.state == spongeAbsorbing +} diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/shake.go b/vendor/github.com/cloudflare/circl/internal/sha3/shake.go index b92c5b7..77817f7 100644 --- a/vendor/github.com/cloudflare/circl/internal/sha3/shake.go +++ b/vendor/github.com/cloudflare/circl/internal/sha3/shake.go @@ -57,6 +57,17 @@ func NewShake128() State { return State{rate: rate128, dsbyte: dsbyteShake} } +// NewTurboShake128 creates a new TurboSHAKE128 variable-output-length ShakeHash. +// Its generic security strength is 128 bits against all attacks if at +// least 32 bytes of its output are used. +// D is the domain separation byte and must be between 0x01 and 0x7f inclusive. +func NewTurboShake128(D byte) State { + if D == 0 || D > 0x7f { + panic("turboshake: D out of range") + } + return State{rate: rate128, dsbyte: D, turbo: true} +} + // NewShake256 creates a new SHAKE256 variable-output-length ShakeHash. // Its generic security strength is 256 bits against all attacks if // at least 64 bytes of its output are used. @@ -64,6 +75,17 @@ func NewShake256() State { return State{rate: rate256, dsbyte: dsbyteShake} } +// NewTurboShake256 creates a new TurboSHAKE256 variable-output-length ShakeHash. +// Its generic security strength is 256 bits against all attacks if +// at least 64 bytes of its output are used. +// D is the domain separation byte and must be between 0x01 and 0x7f inclusive. +func NewTurboShake256(D byte) State { + if D == 0 || D > 0x7f { + panic("turboshake: D out of range") + } + return State{rate: rate256, dsbyte: D, turbo: true} +} + // ShakeSum128 writes an arbitrary-length digest of data into hash. func ShakeSum128(hash, data []byte) { h := NewShake128() @@ -77,3 +99,21 @@ func ShakeSum256(hash, data []byte) { _, _ = h.Write(data) _, _ = h.Read(hash) } + +// TurboShakeSum128 writes an arbitrary-length digest of data into hash. +func TurboShakeSum128(hash, data []byte, D byte) { + h := NewTurboShake128(D) + _, _ = h.Write(data) + _, _ = h.Read(hash) +} + +// TurboShakeSum256 writes an arbitrary-length digest of data into hash. +func TurboShakeSum256(hash, data []byte, D byte) { + h := NewTurboShake256(D) + _, _ = h.Write(data) + _, _ = h.Read(hash) +} + +func (d *State) SwitchDS(D byte) { + d.dsbyte = D +} diff --git a/vendor/github.com/cloudflare/circl/kem/kem.go b/vendor/github.com/cloudflare/circl/kem/kem.go index ca550c6..6ab0aa3 100644 --- a/vendor/github.com/cloudflare/circl/kem/kem.go +++ b/vendor/github.com/cloudflare/circl/kem/kem.go @@ -63,7 +63,7 @@ type Scheme interface { // Size of packed public keys. PublicKeySize() int - // DeriveKeyPair deterministicallly derives a pair of keys from a seed. + // DeriveKeyPair deterministically derives a pair of keys from a seed. // Panics if the length of seed is not equal to the value returned by // SeedSize. DeriveKeyPair(seed []byte) (PublicKey, PrivateKey) diff --git a/vendor/github.com/cloudflare/circl/math/primes.go b/vendor/github.com/cloudflare/circl/math/primes.go new file mode 100644 index 0000000..158fd83 --- /dev/null +++ b/vendor/github.com/cloudflare/circl/math/primes.go @@ -0,0 +1,34 @@ +package math + +import ( + "crypto/rand" + "io" + "math/big" +) + +// IsSafePrime reports whether p is (probably) a safe prime. +// The prime p=2*q+1 is safe prime if both p and q are primes. +// Note that ProbablyPrime is not suitable for judging primes +// that an adversary may have crafted to fool the test. +func IsSafePrime(p *big.Int) bool { + pdiv2 := new(big.Int).Rsh(p, 1) + return p.ProbablyPrime(20) && pdiv2.ProbablyPrime(20) +} + +// SafePrime returns a number of the given bit length that is a safe prime with high probability. +// The number returned p=2*q+1 is a safe prime if both p and q are primes. +// SafePrime will return error for any error returned by rand.Read or if bits < 2. +func SafePrime(random io.Reader, bits int) (*big.Int, error) { + one := big.NewInt(1) + p := new(big.Int) + for { + q, err := rand.Prime(random, bits-1) + if err != nil { + return nil, err + } + p.Lsh(q, 1).Add(p, one) + if p.ProbablyPrime(20) { + return p, nil + } + } +} diff --git a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/amd64.go b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/amd64.go index 7962916..6ffd94b 100644 --- a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/amd64.go +++ b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/amd64.go @@ -10,7 +10,7 @@ import ( // ZetasAVX2 contains all ζ used in NTT (like the Zetas array), but also // the values int16(zeta * 62209) for each zeta, which is used in // Montgomery reduction. There is some duplication and reordering as -// compared to Zetas to make it more covenient for use with AVX2. +// compared to Zetas to make it more convenient for use with AVX2. var ZetasAVX2 = [...]int16{ // level 1: int16(Zetas[1]*62209) and Zetas[1] 31499, 2571, diff --git a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/amd64.s b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/amd64.s index d820546..f721482 100644 --- a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/amd64.s +++ b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/amd64.s @@ -1,6 +1,6 @@ // Code generated by command: go run src.go -out ../amd64.s -stubs ../stubs_amd64.go -pkg common. DO NOT EDIT. -// +build amd64 +//go:build amd64 #include "textflag.h" @@ -1445,11 +1445,11 @@ TEXT ·mulHatAVX2(SB), NOSPLIT, $8-24 MOVQ a+8(FP), CX MOVQ b+16(FP), DX LEAQ ·ZetasAVX2+0(SB), BX - MOVL $0xfffff301, BP - VMOVD BP, X0 + MOVL $0xfffff301, SI + VMOVD SI, X0 VPBROADCASTW X0, Y14 - MOVL $0x00000d01, BP - VMOVD BP, X0 + MOVL $0x00000d01, SI + VMOVD SI, X0 VPBROADCASTW X0, Y15 VMOVDQU (CX), Y0 VMOVDQU 32(CX), Y1 diff --git a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/field.go b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/field.go index 33744df..31e93ed 100644 --- a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/field.go +++ b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/field.go @@ -17,7 +17,7 @@ func montReduce(x int32) int16 { // we have int32(int64(a)*int64(b)) = int32(a*b) and so the result is ok. m := int16(x * 62209) - // Note that x - m q is divisable by R; indeed modulo R we have + // Note that x - m q is divisible by R; indeed modulo R we have // // x - m q ≡ x - x q' q ≡ x - x q⁻¹ q ≡ x - x = 0. // diff --git a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/ntt.go b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/ntt.go index c1abaf2..5e565b3 100644 --- a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/ntt.go +++ b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/ntt.go @@ -146,7 +146,7 @@ func (p *Poly) invNTTGeneric() { k := 127 // Index into Zetas r := -1 // Index into InvNTTReductions. - // We basically do the oppposite of NTT, but postpone dividing by 2 in the + // We basically do the opposite of NTT, but postpone dividing by 2 in the // inverse of the Cooley-Tukey butterfly and accumulate that into a big // division by 2⁷ at the end. See the comments in the NTT() function. diff --git a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/poly.go b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/poly.go index f684215..f580e91 100644 --- a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/poly.go +++ b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/poly.go @@ -43,7 +43,7 @@ func (p *Poly) normalizeGeneric() { // Multiplies p in-place by the Montgomery factor 2¹⁶. // -// Coefficients of p can be artbitray. Resulting coefficients are bounded +// Coefficients of p can be arbitrary. Resulting coefficients are bounded // in absolute value by q. func (p *Poly) ToMont() { for i := 0; i < N; i++ { @@ -166,7 +166,7 @@ func (p *Poly) CompressMessageTo(m []byte) { // Set p to Decompress_q(m, 1). // -// Assumes d is in {3, 4, 5, 10, 11}. p will be normalized. +// Assumes d is in {4, 5, 10, 11}. p will be normalized. func (p *Poly) Decompress(m []byte, d int) { // Decompress_q(x, d) = ⌈(q/2ᵈ)x⌋ // = ⌊(q/2ᵈ)x+½⌋ @@ -244,20 +244,28 @@ func (p *Poly) Decompress(m []byte, d int) { // Writes Compress_q(p, d) to m. // -// Assumes p is normalized and d is in {3, 4, 5, 10, 11}. +// Assumes p is normalized and d is in {4, 5, 10, 11}. func (p *Poly) CompressTo(m []byte, d int) { // Compress_q(x, d) = ⌈(2ᵈ/q)x⌋ mod⁺ 2ᵈ // = ⌊(2ᵈ/q)x+½⌋ mod⁺ 2ᵈ // = ⌊((x << d) + q/2) / q⌋ mod⁺ 2ᵈ // = DIV((x << d) + q/2, q) & ((1<>e, where a/(2^e) ≈ 1/q. + // For d in {10,11} we use 20,642,679/2^36, which computes division by x/q + // correctly for 0 ≤ x < 41,522,616, which fits (q << 11) + q/2 comfortably. + // For d in {4,5} we use 315/2^20, which doesn't compute division by x/q + // correctly for all inputs, but it's close enough that the end result + // of the compression is correct. The advantage is that we do not need + // to use a 64-bit intermediate value. switch d { case 4: var t [8]uint16 idx := 0 for i := 0; i < N/8; i++ { for j := 0; j < 8; j++ { - t[j] = uint16(((uint32(p[8*i+j])<<4)+uint32(Q)/2)/ - uint32(Q)) & ((1 << 4) - 1) + t[j] = uint16((((uint32(p[8*i+j])<<4)+uint32(Q)/2)*315)>> + 20) & ((1 << 4) - 1) } m[idx] = byte(t[0]) | byte(t[1]<<4) m[idx+1] = byte(t[2]) | byte(t[3]<<4) @@ -271,8 +279,8 @@ func (p *Poly) CompressTo(m []byte, d int) { idx := 0 for i := 0; i < N/8; i++ { for j := 0; j < 8; j++ { - t[j] = uint16(((uint32(p[8*i+j])<<5)+uint32(Q)/2)/ - uint32(Q)) & ((1 << 5) - 1) + t[j] = uint16((((uint32(p[8*i+j])<<5)+uint32(Q)/2)*315)>> + 20) & ((1 << 5) - 1) } m[idx] = byte(t[0]) | byte(t[1]<<5) m[idx+1] = byte(t[1]>>3) | byte(t[2]<<2) | byte(t[3]<<7) @@ -287,8 +295,8 @@ func (p *Poly) CompressTo(m []byte, d int) { idx := 0 for i := 0; i < N/4; i++ { for j := 0; j < 4; j++ { - t[j] = uint16(((uint32(p[4*i+j])<<10)+uint32(Q)/2)/ - uint32(Q)) & ((1 << 10) - 1) + t[j] = uint16((uint64((uint32(p[4*i+j])<<10)+uint32(Q)/2)* + 20642679)>>36) & ((1 << 10) - 1) } m[idx] = byte(t[0]) m[idx+1] = byte(t[0]>>8) | byte(t[1]<<2) @@ -302,8 +310,8 @@ func (p *Poly) CompressTo(m []byte, d int) { idx := 0 for i := 0; i < N/8; i++ { for j := 0; j < 8; j++ { - t[j] = uint16(((uint32(p[8*i+j])<<11)+uint32(Q)/2)/ - uint32(Q)) & ((1 << 11) - 1) + t[j] = uint16((uint64((uint32(p[8*i+j])<<11)+uint32(Q)/2)* + 20642679)>>36) & ((1 << 11) - 1) } m[idx] = byte(t[0]) m[idx+1] = byte(t[0]>>8) | byte(t[1]<<3) diff --git a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/sample.go b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/sample.go index 1f15f32..ed5a33d 100644 --- a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/sample.go +++ b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/sample.go @@ -100,7 +100,7 @@ func (p *Poly) DeriveNoise2(seed []byte, nonce uint8) { // Can only be called when DeriveX4Available is true. func PolyDeriveUniformX4(ps [4]*Poly, seed *[32]byte, xs, ys [4]uint8) { var perm keccakf1600.StateX4 - state := perm.Initialize() + state := perm.Initialize(false) // Absorb the seed in the four states for i := 0; i < 4; i++ { diff --git a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/stubs_amd64.go b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/stubs_amd64.go index dd86999..cf14cff 100644 --- a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/stubs_amd64.go +++ b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/stubs_amd64.go @@ -1,7 +1,6 @@ // Code generated by command: go run src.go -out ../amd64.s -stubs ../stubs_amd64.go -pkg common. DO NOT EDIT. //go:build amd64 -// +build amd64 package common diff --git a/vendor/github.com/cloudflare/circl/pke/kyber/kyber768/internal/mat.go b/vendor/github.com/cloudflare/circl/pke/kyber/kyber768/internal/mat.go index e8a35af..404aacf 100644 --- a/vendor/github.com/cloudflare/circl/pke/kyber/kyber768/internal/mat.go +++ b/vendor/github.com/cloudflare/circl/pke/kyber/kyber768/internal/mat.go @@ -73,7 +73,7 @@ func (m *Mat) Derive(seed *[32]byte, transpose bool) { } } -// Tranposes A in place. +// Transposes A in place. func (m *Mat) Transpose() { for i := 0; i < K-1; i++ { for j := i + 1; j < K; j++ { diff --git a/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x.go b/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x.go index 7ce0c2e..20ac96f 100644 --- a/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x.go +++ b/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x.go @@ -17,6 +17,7 @@ package keccakf1600 import ( + "runtime" "unsafe" "github.com/cloudflare/circl/internal/sha3" @@ -37,6 +38,9 @@ type StateX4 struct { // Offset into a that is 32 byte aligned. offset int + + // If true, permute will use 12-round keccak instead of 24-round keccak + turbo bool } // StateX2 contains state for the two-way permutation including the two @@ -53,6 +57,9 @@ type StateX2 struct { // Offset into a that is 32 byte aligned. offset int + + // If true, permute will use 12-round keccak instead of 24-round keccak + turbo bool } // IsEnabledX4 returns true if the architecture supports a four-way SIMD @@ -61,15 +68,14 @@ func IsEnabledX4() bool { return cpu.X86.HasAVX2 } // IsEnabledX2 returns true if the architecture supports a two-way SIMD // implementation provided in this package. -func IsEnabledX2() bool { - // After Go 1.16 the flag cpu.ARM64.HasSHA3 is no longer exposed. - return false -} +func IsEnabledX2() bool { return enabledX2 } // Initialize the state and returns the buffer on which the four permutations // will act: a uint64 slice of length 100. The first permutation will act // on {a[0], a[4], ..., a[96]}, the second on {a[1], a[5], ..., a[97]}, etc. -func (s *StateX4) Initialize() []uint64 { +// If turbo is true, applies 12-round variant instead of the usual 24. +func (s *StateX4) Initialize(turbo bool) []uint64 { + s.turbo = turbo rp := unsafe.Pointer(&s.a[0]) // uint64s are always aligned by a multiple of 8. Compute the remainder @@ -87,7 +93,9 @@ func (s *StateX4) Initialize() []uint64 { // Initialize the state and returns the buffer on which the two permutations // will act: a uint64 slice of length 50. The first permutation will act // on {a[0], a[2], ..., a[48]} and the second on {a[1], a[3], ..., a[49]}. -func (s *StateX2) Initialize() []uint64 { +// If turbo is true, applies 12-round variant instead of the usual 24. +func (s *StateX2) Initialize(turbo bool) []uint64 { + s.turbo = turbo rp := unsafe.Pointer(&s.a[0]) // uint64s are always aligned by a multiple of 8. Compute the remainder @@ -106,9 +114,9 @@ func (s *StateX2) Initialize() []uint64 { // returned from Initialize(). func (s *StateX4) Permute() { if IsEnabledX4() { - permuteSIMDx4(s.a[s.offset:]) + permuteSIMDx4(s.a[s.offset:], s.turbo) } else { - permuteScalarX4(s.a[s.offset:]) // A slower generic implementation. + permuteScalarX4(s.a[s.offset:], s.turbo) // A slower generic implementation. } } @@ -116,34 +124,40 @@ func (s *StateX4) Permute() { // returned from Initialize(). func (s *StateX2) Permute() { if IsEnabledX2() { - permuteSIMDx2(s.a[s.offset:]) + permuteSIMDx2(s.a[s.offset:], s.turbo) } else { - permuteScalarX2(s.a[s.offset:]) // A slower generic implementation. + permuteScalarX2(s.a[s.offset:], s.turbo) // A slower generic implementation. } } -func permuteScalarX4(a []uint64) { +func permuteScalarX4(a []uint64, turbo bool) { var buf [25]uint64 for i := 0; i < 4; i++ { for j := 0; j < 25; j++ { buf[j] = a[4*j+i] } - sha3.KeccakF1600(&buf) + sha3.KeccakF1600(&buf, turbo) for j := 0; j < 25; j++ { a[4*j+i] = buf[j] } } } -func permuteScalarX2(a []uint64) { +func permuteScalarX2(a []uint64, turbo bool) { var buf [25]uint64 for i := 0; i < 2; i++ { for j := 0; j < 25; j++ { buf[j] = a[2*j+i] } - sha3.KeccakF1600(&buf) + sha3.KeccakF1600(&buf, turbo) for j := 0; j < 25; j++ { a[2*j+i] = buf[j] } } } + +var enabledX2 bool + +func init() { + enabledX2 = runtime.GOARCH == "arm64" && runtime.GOOS == "darwin" +} diff --git a/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x2_arm64.go b/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x2_arm64.go index 75461dd..44f0543 100644 --- a/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x2_arm64.go +++ b/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x2_arm64.go @@ -5,9 +5,9 @@ package keccakf1600 import "github.com/cloudflare/circl/internal/sha3" -func permuteSIMDx2(state []uint64) { f1600x2ARM(&state[0], &sha3.RC) } +func permuteSIMDx2(state []uint64, turbo bool) { f1600x2ARM(&state[0], &sha3.RC, turbo) } -func permuteSIMDx4(state []uint64) { permuteScalarX4(state) } +func permuteSIMDx4(state []uint64, turbo bool) { permuteScalarX4(state, turbo) } //go:noescape -func f1600x2ARM(state *uint64, rc *[24]uint64) +func f1600x2ARM(state *uint64, rc *[24]uint64, turbo bool) diff --git a/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x2_arm64.s b/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x2_arm64.s index 1e8547f..68dd0e3 100644 --- a/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x2_arm64.s +++ b/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x2_arm64.s @@ -4,8 +4,8 @@ #include "textflag.h" -// func f1600x2ARM(state *uint64, rc *[24]uint64) -TEXT ·f1600x2ARM(SB), NOSPLIT, $0-16 +// func f1600x2ARM(state *uint64, rc *[24]uint64, turbo bool) +TEXT ·f1600x2ARM(SB), NOSPLIT, $0-17 MOVD state+0(FP), R0 MOVD rc+8(FP), R1 MOVD R0, R2 @@ -19,6 +19,12 @@ TEXT ·f1600x2ARM(SB), NOSPLIT, $0-16 VLD1.P 64(R0), [V20.B16, V21.B16, V22.B16, V23.B16] VLD1.P (R0), [V24.B16] + MOVBU turbo+16(FP), R4 + CBZ R4, loop + + SUB $12, R3, R3 + ADD $96, R1, R1 + loop: // Execute theta but without xorring into the state yet. VEOR3 V10.B16, V5.B16, V0.B16, V25.B16 diff --git a/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x4_amd64.go b/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x4_amd64.go index ac5c658..669ce65 100644 --- a/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x4_amd64.go +++ b/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x4_amd64.go @@ -2,6 +2,6 @@ package keccakf1600 import "github.com/cloudflare/circl/internal/sha3" -func permuteSIMDx4(state []uint64) { f1600x4AVX2(&state[0], &sha3.RC) } +func permuteSIMDx4(state []uint64, turbo bool) { f1600x4AVX2(&state[0], &sha3.RC, turbo) } -func permuteSIMDx2(state []uint64) { permuteScalarX2(state) } +func permuteSIMDx2(state []uint64, turbo bool) { permuteScalarX2(state, turbo) } diff --git a/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x4_amd64.s b/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x4_amd64.s index 194981f..314a855 100644 --- a/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x4_amd64.s +++ b/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x4_amd64.s @@ -1,15 +1,20 @@ // Code generated by command: go run src.go -out ../../f1600x4_amd64.s -stubs ../../f1600x4stubs_amd64.go -pkg keccakf1600. DO NOT EDIT. -// +build amd64 +//go:build amd64 #include "textflag.h" -// func f1600x4AVX2(state *uint64, rc *[24]uint64) +// func f1600x4AVX2(state *uint64, rc *[24]uint64, turbo bool) // Requires: AVX, AVX2 -TEXT ·f1600x4AVX2(SB), NOSPLIT, $0-16 - MOVQ state+0(FP), AX - MOVQ rc+8(FP), CX - MOVQ $0x0000000000000006, DX +TEXT ·f1600x4AVX2(SB), NOSPLIT, $0-17 + MOVQ state+0(FP), AX + MOVQ rc+8(FP), CX + MOVQ $0x0000000000000006, DX + MOVBQZX turbo+16(FP), BX + TESTQ BX, BX + JZ loop + MOVQ $0x0000000000000003, DX + ADDQ $0x60, CX loop: VMOVDQA (AX), Y0 diff --git a/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x4stubs_amd64.go b/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x4stubs_amd64.go index 76c6cf9..de28944 100644 --- a/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x4stubs_amd64.go +++ b/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x4stubs_amd64.go @@ -1,9 +1,8 @@ // Code generated by command: go run src.go -out ../../f1600x4_amd64.s -stubs ../../f1600x4stubs_amd64.go -pkg keccakf1600. DO NOT EDIT. //go:build amd64 -// +build amd64 package keccakf1600 //go:noescape -func f1600x4AVX2(state *uint64, rc *[24]uint64) +func f1600x4AVX2(state *uint64, rc *[24]uint64, turbo bool) diff --git a/vendor/github.com/cloudflare/circl/simd/keccakf1600/fallback.go b/vendor/github.com/cloudflare/circl/simd/keccakf1600/fallback.go index 5d56c09..5287c1f 100644 --- a/vendor/github.com/cloudflare/circl/simd/keccakf1600/fallback.go +++ b/vendor/github.com/cloudflare/circl/simd/keccakf1600/fallback.go @@ -3,6 +3,6 @@ package keccakf1600 -func permuteSIMDx2(state []uint64) { permuteScalarX2(state) } +func permuteSIMDx2(state []uint64, turbo bool) { permuteScalarX2(state, turbo) } -func permuteSIMDx4(state []uint64) { permuteScalarX4(state) } +func permuteSIMDx4(state []uint64, turbo bool) { permuteScalarX4(state, turbo) } diff --git a/vendor/modules.txt b/vendor/modules.txt index d6aa4bb..7e627cd 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -8,7 +8,7 @@ github.com/Microsoft/go-winio/pkg/guid # github.com/chris-wood/ohttp-go v0.0.0-20230523152405-45fb0d05eb13 ## explicit; go 1.15 github.com/chris-wood/ohttp-go -# github.com/cloudflare/circl v1.3.3 +# github.com/cloudflare/circl v1.3.7 ## explicit; go 1.19 github.com/cloudflare/circl/dh/x25519 github.com/cloudflare/circl/dh/x448