mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-04-04 13:47:39 +03:00
Code Issues Projects Releases Packages Wiki Activity

Revert "Remove support for xsalsapoly"

Browse source 
Apparently, a bunch of popular resolvers such as adguard, cleanbrowsing
and comodo still only support xsalsapoly o_O

Add a lying resolver check for old DNSCrypt servers.
This commit is contained in:
Frank Denis 2025-01-11 02:13:31 +01:00
parent 14af44d78a
commit 062dc53971
15 changed files with 1924 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

1
dnscrypt-proxy/common.go
View file

@ -18,6 +18,7 @@ type CryptoConstruction uint16
const ( const (
UndefinedConstruction CryptoConstruction = iota UndefinedConstruction CryptoConstruction = iota
XSalsa20Poly1305
XChacha20Poly1305 XChacha20Poly1305
) )

1
dnscrypt-proxy/config.go
View file

@ -154,6 +154,7 @@ func newConfig() Config {
BlockedQueryResponse: "hinfo", BlockedQueryResponse: "hinfo",
BrokenImplementations: BrokenImplementationsConfig{ BrokenImplementations: BrokenImplementationsConfig{
FragmentsBlocked: []string{ FragmentsBlocked: []string{
"cisco", "cisco-ipv6", "cisco-familyshield", "cisco-familyshield-ipv6",
"cleanbrowsing-adult", "cleanbrowsing-adult-ipv6", "cleanbrowsing-family", "cleanbrowsing-family-ipv6", "cleanbrowsing-security", "cleanbrowsing-security-ipv6", "cleanbrowsing-adult", "cleanbrowsing-adult-ipv6", "cleanbrowsing-family", "cleanbrowsing-family-ipv6", "cleanbrowsing-security", "cleanbrowsing-security-ipv6",
}, },
}, },

28
dnscrypt-proxy/crypto.go
View file

@ -9,6 +9,8 @@ import (
"github.com/jedisct1/dlog" "github.com/jedisct1/dlog"
"github.com/jedisct1/xsecretbox" "github.com/jedisct1/xsecretbox"
"golang.org/x/crypto/curve25519" "golang.org/x/crypto/curve25519"
"golang.org/x/crypto/nacl/box"
"golang.org/x/crypto/nacl/secretbox"
) )
const ( const (
@ -55,9 +57,19 @@ func ComputeSharedKey(
dlog.Criticalf("[%v] Weak XChaCha20 public key", providerName) dlog.Criticalf("[%v] Weak XChaCha20 public key", providerName)
} }
} else { } else {
dlog.Criticalf("[%v] Unsupported encryption system", providerName) box.Precompute(&sharedKey, serverPk, secretKey)
c := byte(0)
for i := 0; i < 32; i++ {
c |= sharedKey[i]
} }
return sharedKey if c == 0 {
dlog.Criticalf("[%v] Weak XSalsa20 public key", providerName)
if _, err := crypto_rand.Read(sharedKey[:]); err != nil {
dlog.Fatal(err)
}
}
}
return
} }
func (proxy *Proxy) Encrypt( func (proxy *Proxy) Encrypt(
@ -112,7 +124,9 @@ func (proxy *Proxy) Encrypt(
if serverInfo.CryptoConstruction == XChacha20Poly1305 { if serverInfo.CryptoConstruction == XChacha20Poly1305 {
encrypted = xsecretbox.Seal(encrypted, nonce, padded, sharedKey[:]) encrypted = xsecretbox.Seal(encrypted, nonce, padded, sharedKey[:])
} else { } else {
err = errors.New("Unsupported encryption system") var xsalsaNonce [24]byte
copy(xsalsaNonce[:], nonce)
encrypted = secretbox.Seal(encrypted, padded, &xsalsaNonce, sharedKey)
} }
return return
} }
@ -139,7 +153,13 @@ func (proxy *Proxy) Decrypt(
if serverInfo.CryptoConstruction == XChacha20Poly1305 { if serverInfo.CryptoConstruction == XChacha20Poly1305 {
packet, err = xsecretbox.Open(nil, serverNonce, encrypted[responseHeaderLen:], sharedKey[:]) packet, err = xsecretbox.Open(nil, serverNonce, encrypted[responseHeaderLen:], sharedKey[:])
} else { } else {
err = errors.New("Unsupported encryption system") var xsalsaServerNonce [24]byte
copy(xsalsaServerNonce[:], serverNonce)
var ok bool
packet, ok = secretbox.Open(nil, encrypted[responseHeaderLen:], &xsalsaServerNonce, sharedKey)
if !ok {
err = errors.New("Incorrect tag")
}
} }
if err != nil { if err != nil {
return encrypted, err return encrypted, err

8
dnscrypt-proxy/dnscrypt_certs.go
View file

@ -95,12 +95,12 @@ func FetchCurrentDNSCryptCert(
cryptoConstruction := CryptoConstruction(0) cryptoConstruction := CryptoConstruction(0)
switch esVersion := binary.BigEndian.Uint16(binCert[4:6]); esVersion { switch esVersion := binary.BigEndian.Uint16(binCert[4:6]); esVersion {
case 0x0001: case 0x0001:
dlog.Noticef("[%v] Deprecated, now unsupported encryption system", *serverName) cryptoConstruction = XSalsa20Poly1305
continue dlog.Noticef("[%v] should upgrade to XChaCha20 for encryption", *serverName)
case 0x0002: case 0x0002:
cryptoConstruction = XChacha20Poly1305 cryptoConstruction = XChacha20Poly1305
default: default:
dlog.Noticef("[%v] Unsupported encryption system", *serverName) dlog.Debugf("[%v] uses an unsupported encryption system", *serverName)
continue continue
} }
signature := binCert[8:72] signature := binCert[8:72]
@ -164,7 +164,7 @@ func FetchCurrentDNSCryptCert(
dlog.Debugf("[%v] Upgrading the construction from %v to %v", *serverName, certInfo.CryptoConstruction, cryptoConstruction) dlog.Debugf("[%v] Upgrading the construction from %v to %v", *serverName, certInfo.CryptoConstruction, cryptoConstruction)
} }
} }
if cryptoConstruction != XChacha20Poly1305 { if cryptoConstruction != XChacha20Poly1305 && cryptoConstruction != XSalsa20Poly1305 {
dlog.Noticef("[%v] Cryptographic construction %v not supported", *serverName, cryptoConstruction) dlog.Noticef("[%v] Cryptographic construction %v not supported", *serverName, cryptoConstruction)
continue continue
} }

6
dnscrypt-proxy/example-dnscrypt-proxy.toml
View file

@ -774,6 +774,10 @@ format = 'tsv'
[broken_implementations] [broken_implementations]
## Cisco servers currently cannot handle queries larger than 1472 bytes, and don't
## truncate responses larger than questions as expected by the DNSCrypt protocol.
## This prevents large responses from being received over UDP and over relays.
##
## Older versions of the `dnsdist` server software had a bug with queries larger ## Older versions of the `dnsdist` server software had a bug with queries larger
## than 1500 bytes. This is fixed since `dnsdist` version 1.5.0, but ## than 1500 bytes. This is fixed since `dnsdist` version 1.5.0, but
## some server may still run an outdated version. ## some server may still run an outdated version.
@ -781,7 +785,7 @@ format = 'tsv'
## The list below enables workarounds to make non-relayed usage more reliable ## The list below enables workarounds to make non-relayed usage more reliable
## until the servers are fixed. ## until the servers are fixed.
fragments_blocked = ['cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6'] fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cisco-sandbox', 'cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6']

34
dnscrypt-proxy/serversInfo.go
View file

@ -608,6 +608,27 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp
if err != nil { if err != nil {
return ServerInfo{}, err return ServerInfo{}, err
} }
if certInfo.CryptoConstruction == XSalsa20Poly1305 {
query := plainNXTestPacket(0xcafe)
msg, _, _, err := DNSExchange(
proxy,
proxy.mainProto,
&query,
stamp.ServerAddrStr,
dnscryptRelay,
&name,
false,
)
if err == nil {
if msg.Rcode != dns.RcodeNameError && msg.Id == 0xcafe {
dlog.Warnf("[%s] may be a lying resolver -- skipping", name)
return ServerInfo{}, fmt.Errorf("[%s] unexpected catchall response", name)
}
dlog.Debugf("[%s] seems to be also accessible over plain DNS", name)
}
}
return ServerInfo{ return ServerInfo{
Proto: stamps.StampProtoTypeDNSCrypt, Proto: stamps.StampProtoTypeDNSCrypt,
MagicQuery: certInfo.MagicQuery, MagicQuery: certInfo.MagicQuery,
@ -665,6 +686,19 @@ func dohNXTestPacket(msgID uint16) []byte {
return body return body
} }
func plainNXTestPacket(msgID uint16) dns.Msg {
msg := dns.Msg{}
qName := make([]byte, 16)
charset := "abcdefghijklmnopqrstuvwxyz"
for i := range qName {
qName[i] = charset[rand.Intn(len(charset))]
}
msg.SetQuestion(string(qName)+".test.dnscrypt.", dns.TypeNS)
msg.Id = msgID
msg.MsgHdr.RecursionDesired = true
return msg
}
func fetchDoHServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, isNew bool) (ServerInfo, error) { func fetchDoHServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, isNew bool) (ServerInfo, error) {
// If an IP has been provided, use it forever. // If an IP has been provided, use it forever.
// Or else, if the fallback server and the DoH server are operated // Or else, if the fallback server and the DoH server are operated

182
vendor/golang.org/x/crypto/nacl/box/box.go generated vendored Normal file
View file

@ -0,0 +1,182 @@
// Copyright 2012 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
/*
Package box authenticates and encrypts small messages using public-key cryptography.
Box uses Curve25519, XSalsa20 and Poly1305 to encrypt and authenticate
messages. The length of messages is not hidden.
It is the caller's responsibility to ensure the uniqueness of noncesfor
example, by using nonce 1 for the first message, nonce 2 for the second
message, etc. Nonces are long enough that randomly generated nonces have
negligible risk of collision.
Messages should be small because:
1. The whole message needs to be held in memory to be processed.
2. Using large messages pressures implementations on small machines to decrypt
and process plaintext before authenticating it. This is very dangerous, and
this API does not allow it, but a protocol that uses excessive message sizes
might present some implementations with no other choice.
3. Fixed overheads will be sufficiently amortised by messages as small as 8KB.
4. Performance may be improved by working with messages that fit into data caches.
Thus large amounts of data should be chunked so that each message is small.
(Each message still needs a unique nonce.) If in doubt, 16KB is a reasonable
chunk size.
This package is interoperable with NaCl: https://nacl.cr.yp.to/box.html.
Anonymous sealing/opening is an extension of NaCl defined by and interoperable
with libsodium:
https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes.
*/
package box
import (
cryptorand "crypto/rand"
"io"
"golang.org/x/crypto/blake2b"
"golang.org/x/crypto/curve25519"
"golang.org/x/crypto/nacl/secretbox"
"golang.org/x/crypto/salsa20/salsa"
)
const (
// Overhead is the number of bytes of overhead when boxing a message.
Overhead = secretbox.Overhead
// AnonymousOverhead is the number of bytes of overhead when using anonymous
// sealed boxes.
AnonymousOverhead = Overhead + 32
)
// GenerateKey generates a new public/private key pair suitable for use with
// Seal and Open.
func GenerateKey(rand io.Reader) (publicKey, privateKey *[32]byte, err error) {
publicKey = new([32]byte)
privateKey = new([32]byte)
_, err = io.ReadFull(rand, privateKey[:])
if err != nil {
publicKey = nil
privateKey = nil
return
}
curve25519.ScalarBaseMult(publicKey, privateKey)
return
}
var zeros [16]byte
// Precompute calculates the shared key between peersPublicKey and privateKey
// and writes it to sharedKey. The shared key can be used with
// OpenAfterPrecomputation and SealAfterPrecomputation to speed up processing
// when using the same pair of keys repeatedly.
func Precompute(sharedKey, peersPublicKey, privateKey *[32]byte) {
curve25519.ScalarMult(sharedKey, privateKey, peersPublicKey)
salsa.HSalsa20(sharedKey, &zeros, sharedKey, &salsa.Sigma)
}
// Seal appends an encrypted and authenticated copy of message to out, which
// will be Overhead bytes longer than the original and must not overlap it. The
// nonce must be unique for each distinct message for a given pair of keys.
func Seal(out, message []byte, nonce *[24]byte, peersPublicKey, privateKey *[32]byte) []byte {
var sharedKey [32]byte
Precompute(&sharedKey, peersPublicKey, privateKey)
return secretbox.Seal(out, message, nonce, &sharedKey)
}
// SealAfterPrecomputation performs the same actions as Seal, but takes a
// shared key as generated by Precompute.
func SealAfterPrecomputation(out, message []byte, nonce *[24]byte, sharedKey *[32]byte) []byte {
return secretbox.Seal(out, message, nonce, sharedKey)
}
// Open authenticates and decrypts a box produced by Seal and appends the
// message to out, which must not overlap box. The output will be Overhead
// bytes smaller than box.
func Open(out, box []byte, nonce *[24]byte, peersPublicKey, privateKey *[32]byte) ([]byte, bool) {
var sharedKey [32]byte
Precompute(&sharedKey, peersPublicKey, privateKey)
return secretbox.Open(out, box, nonce, &sharedKey)
}
// OpenAfterPrecomputation performs the same actions as Open, but takes a
// shared key as generated by Precompute.
func OpenAfterPrecomputation(out, box []byte, nonce *[24]byte, sharedKey *[32]byte) ([]byte, bool) {
return secretbox.Open(out, box, nonce, sharedKey)
}
// SealAnonymous appends an encrypted and authenticated copy of message to out,
// which will be AnonymousOverhead bytes longer than the original and must not
// overlap it. This differs from Seal in that the sender is not required to
// provide a private key.
func SealAnonymous(out, message []byte, recipient *[32]byte, rand io.Reader) ([]byte, error) {
if rand == nil {
rand = cryptorand.Reader
}
ephemeralPub, ephemeralPriv, err := GenerateKey(rand)
if err != nil {
return nil, err
}
var nonce [24]byte
if err := sealNonce(ephemeralPub, recipient, &nonce); err != nil {
return nil, err
}
if total := len(out) + AnonymousOverhead + len(message); cap(out) < total {
original := out
out = make([]byte, 0, total)
out = append(out, original...)
}
out = append(out, ephemeralPub[:]...)
return Seal(out, message, &nonce, recipient, ephemeralPriv), nil
}
// OpenAnonymous authenticates and decrypts a box produced by SealAnonymous and
// appends the message to out, which must not overlap box. The output will be
// AnonymousOverhead bytes smaller than box.
func OpenAnonymous(out, box []byte, publicKey, privateKey *[32]byte) (message []byte, ok bool) {
if len(box) < AnonymousOverhead {
return nil, false
}
var ephemeralPub [32]byte
copy(ephemeralPub[:], box[:32])
var nonce [24]byte
if err := sealNonce(&ephemeralPub, publicKey, &nonce); err != nil {
return nil, false
}
return Open(out, box[32:], &nonce, &ephemeralPub, privateKey)
}
// sealNonce generates a 24 byte nonce that is a blake2b digest of the
// ephemeral public key and the receiver's public key.
func sealNonce(ephemeralPub, peersPublicKey *[32]byte, nonce *[24]byte) error {
h, err := blake2b.New(24, nil)
if err != nil {
return err
}
if _, err = h.Write(ephemeralPub[:]); err != nil {
return err
}
if _, err = h.Write(peersPublicKey[:]); err != nil {
return err
}
h.Sum(nonce[:0])
return nil
}

173
vendor/golang.org/x/crypto/nacl/secretbox/secretbox.go generated vendored Normal file
View file

@ -0,0 +1,173 @@
// Copyright 2012 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
/*
Package secretbox encrypts and authenticates small messages.
Secretbox uses XSalsa20 and Poly1305 to encrypt and authenticate messages with
secret-key cryptography. The length of messages is not hidden.
It is the caller's responsibility to ensure the uniqueness of noncesfor
example, by using nonce 1 for the first message, nonce 2 for the second
message, etc. Nonces are long enough that randomly generated nonces have
negligible risk of collision.
Messages should be small because:
1. The whole message needs to be held in memory to be processed.
2. Using large messages pressures implementations on small machines to decrypt
and process plaintext before authenticating it. This is very dangerous, and
this API does not allow it, but a protocol that uses excessive message sizes
might present some implementations with no other choice.
3. Fixed overheads will be sufficiently amortised by messages as small as 8KB.
4. Performance may be improved by working with messages that fit into data caches.
Thus large amounts of data should be chunked so that each message is small.
(Each message still needs a unique nonce.) If in doubt, 16KB is a reasonable
chunk size.
This package is interoperable with NaCl: https://nacl.cr.yp.to/secretbox.html.
*/
package secretbox
import (
"golang.org/x/crypto/internal/alias"
"golang.org/x/crypto/internal/poly1305"
"golang.org/x/crypto/salsa20/salsa"
)
// Overhead is the number of bytes of overhead when boxing a message.
const Overhead = poly1305.TagSize
// setup produces a sub-key and Salsa20 counter given a nonce and key.
func setup(subKey *[32]byte, counter *[16]byte, nonce *[24]byte, key *[32]byte) {
// We use XSalsa20 for encryption so first we need to generate a
// key and nonce with HSalsa20.
var hNonce [16]byte
copy(hNonce[:], nonce[:])
salsa.HSalsa20(subKey, &hNonce, key, &salsa.Sigma)
// The final 8 bytes of the original nonce form the new nonce.
copy(counter[:], nonce[16:])
}
// sliceForAppend takes a slice and a requested number of bytes. It returns a
// slice with the contents of the given slice followed by that many bytes and a
// second slice that aliases into it and contains only the extra bytes. If the
// original slice has sufficient capacity then no allocation is performed.
func sliceForAppend(in []byte, n int) (head, tail []byte) {
if total := len(in) + n; cap(in) >= total {
head = in[:total]
} else {
head = make([]byte, total)
copy(head, in)
}
tail = head[len(in):]
return
}
// Seal appends an encrypted and authenticated copy of message to out, which
// must not overlap message. The key and nonce pair must be unique for each
// distinct message and the output will be Overhead bytes longer than message.
func Seal(out, message []byte, nonce *[24]byte, key *[32]byte) []byte {
var subKey [32]byte
var counter [16]byte
setup(&subKey, &counter, nonce, key)
// The Poly1305 key is generated by encrypting 32 bytes of zeros. Since
// Salsa20 works with 64-byte blocks, we also generate 32 bytes of
// keystream as a side effect.
var firstBlock [64]byte
salsa.XORKeyStream(firstBlock[:], firstBlock[:], &counter, &subKey)
var poly1305Key [32]byte
copy(poly1305Key[:], firstBlock[:])
ret, out := sliceForAppend(out, len(message)+poly1305.TagSize)
if alias.AnyOverlap(out, message) {
panic("nacl: invalid buffer overlap")
}
// We XOR up to 32 bytes of message with the keystream generated from
// the first block.
firstMessageBlock := message
if len(firstMessageBlock) > 32 {
firstMessageBlock = firstMessageBlock[:32]
}
tagOut := out
out = out[poly1305.TagSize:]
for i, x := range firstMessageBlock {
out[i] = firstBlock[32+i] ^ x
}
message = message[len(firstMessageBlock):]
ciphertext := out
out = out[len(firstMessageBlock):]
// Now encrypt the rest.
counter[8] = 1
salsa.XORKeyStream(out, message, &counter, &subKey)
var tag [poly1305.TagSize]byte
poly1305.Sum(&tag, ciphertext, &poly1305Key)
copy(tagOut, tag[:])
return ret
}
// Open authenticates and decrypts a box produced by Seal and appends the
// message to out, which must not overlap box. The output will be Overhead
// bytes smaller than box.
func Open(out, box []byte, nonce *[24]byte, key *[32]byte) ([]byte, bool) {
if len(box) < Overhead {
return nil, false
}
var subKey [32]byte
var counter [16]byte
setup(&subKey, &counter, nonce, key)
// The Poly1305 key is generated by encrypting 32 bytes of zeros. Since
// Salsa20 works with 64-byte blocks, we also generate 32 bytes of
// keystream as a side effect.
var firstBlock [64]byte
salsa.XORKeyStream(firstBlock[:], firstBlock[:], &counter, &subKey)
var poly1305Key [32]byte
copy(poly1305Key[:], firstBlock[:])
var tag [poly1305.TagSize]byte
copy(tag[:], box)
if !poly1305.Verify(&tag, box[poly1305.TagSize:], &poly1305Key) {
return nil, false
}
ret, out := sliceForAppend(out, len(box)-Overhead)
if alias.AnyOverlap(out, box) {
panic("nacl: invalid buffer overlap")
}
// We XOR up to 32 bytes of box with the keystream generated from
// the first block.
box = box[Overhead:]
firstMessageBlock := box
if len(firstMessageBlock) > 32 {
firstMessageBlock = firstMessageBlock[:32]
}
for i, x := range firstMessageBlock {
out[i] = firstBlock[32+i] ^ x
}
box = box[len(firstMessageBlock):]
out = out[len(firstMessageBlock):]
// Now decrypt the rest.
counter[8] = 1
salsa.XORKeyStream(out, box, &counter, &subKey)
return ret, true
}

146
vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go generated vendored Normal file
View file

@ -0,0 +1,146 @@
// Copyright 2012 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package salsa provides low-level access to functions in the Salsa family.
package salsa
import "math/bits"
// Sigma is the Salsa20 constant for 256-bit keys.
var Sigma = [16]byte{'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2', '-', 'b', 'y', 't', 'e', ' ', 'k'}
// HSalsa20 applies the HSalsa20 core function to a 16-byte input in, 32-byte
// key k, and 16-byte constant c, and puts the result into the 32-byte array
// out.
func HSalsa20(out *[32]byte, in *[16]byte, k *[32]byte, c *[16]byte) {
x0 := uint32(c[0]) | uint32(c[1])<<8 | uint32(c[2])<<16 | uint32(c[3])<<24
x1 := uint32(k[0]) | uint32(k[1])<<8 | uint32(k[2])<<16 | uint32(k[3])<<24
x2 := uint32(k[4]) | uint32(k[5])<<8 | uint32(k[6])<<16 | uint32(k[7])<<24
x3 := uint32(k[8]) | uint32(k[9])<<8 | uint32(k[10])<<16 | uint32(k[11])<<24
x4 := uint32(k[12]) | uint32(k[13])<<8 | uint32(k[14])<<16 | uint32(k[15])<<24
x5 := uint32(c[4]) | uint32(c[5])<<8 | uint32(c[6])<<16 | uint32(c[7])<<24
x6 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24
x7 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24
x8 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24
x9 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24
x10 := uint32(c[8]) | uint32(c[9])<<8 | uint32(c[10])<<16 | uint32(c[11])<<24
x11 := uint32(k[16]) | uint32(k[17])<<8 | uint32(k[18])<<16 | uint32(k[19])<<24
x12 := uint32(k[20]) | uint32(k[21])<<8 | uint32(k[22])<<16 | uint32(k[23])<<24
x13 := uint32(k[24]) | uint32(k[25])<<8 | uint32(k[26])<<16 | uint32(k[27])<<24
x14 := uint32(k[28]) | uint32(k[29])<<8 | uint32(k[30])<<16 | uint32(k[31])<<24
x15 := uint32(c[12]) | uint32(c[13])<<8 | uint32(c[14])<<16 | uint32(c[15])<<24
for i := 0; i < 20; i += 2 {
u := x0 + x12
x4 ^= bits.RotateLeft32(u, 7)
u = x4 + x0
x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x4
x12 ^= bits.RotateLeft32(u, 13)
u = x12 + x8
x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x1
x9 ^= bits.RotateLeft32(u, 7)
u = x9 + x5
x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x9
x1 ^= bits.RotateLeft32(u, 13)
u = x1 + x13
x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x6
x14 ^= bits.RotateLeft32(u, 7)
u = x14 + x10
x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x14
x6 ^= bits.RotateLeft32(u, 13)
u = x6 + x2
x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x11
x3 ^= bits.RotateLeft32(u, 7)
u = x3 + x15
x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x3
x11 ^= bits.RotateLeft32(u, 13)
u = x11 + x7
x15 ^= bits.RotateLeft32(u, 18)
u = x0 + x3
x1 ^= bits.RotateLeft32(u, 7)
u = x1 + x0
x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x1
x3 ^= bits.RotateLeft32(u, 13)
u = x3 + x2
x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x4
x6 ^= bits.RotateLeft32(u, 7)
u = x6 + x5
x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x6
x4 ^= bits.RotateLeft32(u, 13)
u = x4 + x7
x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x9
x11 ^= bits.RotateLeft32(u, 7)
u = x11 + x10
x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x11
x9 ^= bits.RotateLeft32(u, 13)
u = x9 + x8
x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x14
x12 ^= bits.RotateLeft32(u, 7)
u = x12 + x15
x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x12
x14 ^= bits.RotateLeft32(u, 13)
u = x14 + x13
x15 ^= bits.RotateLeft32(u, 18)
}
out[0] = byte(x0)
out[1] = byte(x0 >> 8)
out[2] = byte(x0 >> 16)
out[3] = byte(x0 >> 24)
out[4] = byte(x5)
out[5] = byte(x5 >> 8)
out[6] = byte(x5 >> 16)
out[7] = byte(x5 >> 24)
out[8] = byte(x10)
out[9] = byte(x10 >> 8)
out[10] = byte(x10 >> 16)
out[11] = byte(x10 >> 24)
out[12] = byte(x15)
out[13] = byte(x15 >> 8)
out[14] = byte(x15 >> 16)
out[15] = byte(x15 >> 24)
out[16] = byte(x6)
out[17] = byte(x6 >> 8)
out[18] = byte(x6 >> 16)
out[19] = byte(x6 >> 24)
out[20] = byte(x7)
out[21] = byte(x7 >> 8)
out[22] = byte(x7 >> 16)
out[23] = byte(x7 >> 24)
out[24] = byte(x8)
out[25] = byte(x8 >> 8)
out[26] = byte(x8 >> 16)
out[27] = byte(x8 >> 24)
out[28] = byte(x9)
out[29] = byte(x9 >> 8)
out[30] = byte(x9 >> 16)
out[31] = byte(x9 >> 24)
}

201
vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go generated vendored Normal file
View file

@ -0,0 +1,201 @@
// Copyright 2012 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package salsa
import "math/bits"
// Core208 applies the Salsa20/8 core function to the 64-byte array in and puts
// the result into the 64-byte array out. The input and output may be the same array.
func Core208(out *[64]byte, in *[64]byte) {
j0 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24
j1 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24
j2 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24
j3 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24
j4 := uint32(in[16]) | uint32(in[17])<<8 | uint32(in[18])<<16 | uint32(in[19])<<24
j5 := uint32(in[20]) | uint32(in[21])<<8 | uint32(in[22])<<16 | uint32(in[23])<<24
j6 := uint32(in[24]) | uint32(in[25])<<8 | uint32(in[26])<<16 | uint32(in[27])<<24
j7 := uint32(in[28]) | uint32(in[29])<<8 | uint32(in[30])<<16 | uint32(in[31])<<24
j8 := uint32(in[32]) | uint32(in[33])<<8 | uint32(in[34])<<16 | uint32(in[35])<<24
j9 := uint32(in[36]) | uint32(in[37])<<8 | uint32(in[38])<<16 | uint32(in[39])<<24
j10 := uint32(in[40]) | uint32(in[41])<<8 | uint32(in[42])<<16 | uint32(in[43])<<24
j11 := uint32(in[44]) | uint32(in[45])<<8 | uint32(in[46])<<16 | uint32(in[47])<<24
j12 := uint32(in[48]) | uint32(in[49])<<8 | uint32(in[50])<<16 | uint32(in[51])<<24
j13 := uint32(in[52]) | uint32(in[53])<<8 | uint32(in[54])<<16 | uint32(in[55])<<24
j14 := uint32(in[56]) | uint32(in[57])<<8 | uint32(in[58])<<16 | uint32(in[59])<<24
j15 := uint32(in[60]) | uint32(in[61])<<8 | uint32(in[62])<<16 | uint32(in[63])<<24
x0, x1, x2, x3, x4, x5, x6, x7, x8 := j0, j1, j2, j3, j4, j5, j6, j7, j8
x9, x10, x11, x12, x13, x14, x15 := j9, j10, j11, j12, j13, j14, j15
for i := 0; i < 8; i += 2 {
u := x0 + x12
x4 ^= bits.RotateLeft32(u, 7)
u = x4 + x0
x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x4
x12 ^= bits.RotateLeft32(u, 13)
u = x12 + x8
x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x1
x9 ^= bits.RotateLeft32(u, 7)
u = x9 + x5
x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x9
x1 ^= bits.RotateLeft32(u, 13)
u = x1 + x13
x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x6
x14 ^= bits.RotateLeft32(u, 7)
u = x14 + x10
x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x14
x6 ^= bits.RotateLeft32(u, 13)
u = x6 + x2
x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x11
x3 ^= bits.RotateLeft32(u, 7)
u = x3 + x15
x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x3
x11 ^= bits.RotateLeft32(u, 13)
u = x11 + x7
x15 ^= bits.RotateLeft32(u, 18)
u = x0 + x3
x1 ^= bits.RotateLeft32(u, 7)
u = x1 + x0
x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x1
x3 ^= bits.RotateLeft32(u, 13)
u = x3 + x2
x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x4
x6 ^= bits.RotateLeft32(u, 7)
u = x6 + x5
x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x6
x4 ^= bits.RotateLeft32(u, 13)
u = x4 + x7
x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x9
x11 ^= bits.RotateLeft32(u, 7)
u = x11 + x10
x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x11
x9 ^= bits.RotateLeft32(u, 13)
u = x9 + x8
x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x14
x12 ^= bits.RotateLeft32(u, 7)
u = x12 + x15
x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x12
x14 ^= bits.RotateLeft32(u, 13)
u = x14 + x13
x15 ^= bits.RotateLeft32(u, 18)
}
x0 += j0
x1 += j1
x2 += j2
x3 += j3
x4 += j4
x5 += j5
x6 += j6
x7 += j7
x8 += j8
x9 += j9
x10 += j10
x11 += j11
x12 += j12
x13 += j13
x14 += j14
x15 += j15
out[0] = byte(x0)
out[1] = byte(x0 >> 8)
out[2] = byte(x0 >> 16)
out[3] = byte(x0 >> 24)
out[4] = byte(x1)
out[5] = byte(x1 >> 8)
out[6] = byte(x1 >> 16)
out[7] = byte(x1 >> 24)
out[8] = byte(x2)
out[9] = byte(x2 >> 8)
out[10] = byte(x2 >> 16)
out[11] = byte(x2 >> 24)
out[12] = byte(x3)
out[13] = byte(x3 >> 8)
out[14] = byte(x3 >> 16)
out[15] = byte(x3 >> 24)
out[16] = byte(x4)
out[17] = byte(x4 >> 8)
out[18] = byte(x4 >> 16)
out[19] = byte(x4 >> 24)
out[20] = byte(x5)
out[21] = byte(x5 >> 8)
out[22] = byte(x5 >> 16)
out[23] = byte(x5 >> 24)
out[24] = byte(x6)
out[25] = byte(x6 >> 8)
out[26] = byte(x6 >> 16)
out[27] = byte(x6 >> 24)
out[28] = byte(x7)
out[29] = byte(x7 >> 8)
out[30] = byte(x7 >> 16)
out[31] = byte(x7 >> 24)
out[32] = byte(x8)
out[33] = byte(x8 >> 8)
out[34] = byte(x8 >> 16)
out[35] = byte(x8 >> 24)
out[36] = byte(x9)
out[37] = byte(x9 >> 8)
out[38] = byte(x9 >> 16)
out[39] = byte(x9 >> 24)
out[40] = byte(x10)
out[41] = byte(x10 >> 8)
out[42] = byte(x10 >> 16)
out[43] = byte(x10 >> 24)
out[44] = byte(x11)
out[45] = byte(x11 >> 8)
out[46] = byte(x11 >> 16)
out[47] = byte(x11 >> 24)
out[48] = byte(x12)
out[49] = byte(x12 >> 8)
out[50] = byte(x12 >> 16)
out[51] = byte(x12 >> 24)
out[52] = byte(x13)
out[53] = byte(x13 >> 8)
out[54] = byte(x13 >> 16)
out[55] = byte(x13 >> 24)
out[56] = byte(x14)
out[57] = byte(x14 >> 8)
out[58] = byte(x14 >> 16)
out[59] = byte(x14 >> 24)
out[60] = byte(x15)
out[61] = byte(x15 >> 8)
out[62] = byte(x15 >> 16)
out[63] = byte(x15 >> 24)
}

23
vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go generated vendored Normal file
View file

@ -0,0 +1,23 @@
// Copyright 2012 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//go:build amd64 && !purego && gc
package salsa
//go:noescape
// salsa2020XORKeyStream is implemented in salsa20_amd64.s.
func salsa2020XORKeyStream(out, in *byte, n uint64, nonce, key *byte)
// XORKeyStream crypts bytes from in to out using the given key and counters.
// In and out must overlap entirely or not at all. Counter
// contains the raw salsa20 counter bytes (both nonce and block counter).
func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
if len(in) == 0 {
return
}
_ = out[len(in)-1]
salsa2020XORKeyStream(&out[0], &in[0], uint64(len(in)), &counter[0], &key[0])
}

880
vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.s generated vendored Normal file
View file

@ -0,0 +1,880 @@
// Code generated by command: go run salsa20_amd64_asm.go -out ../salsa20_amd64.s -pkg salsa. DO NOT EDIT.
//go:build amd64 && !purego && gc
// func salsa2020XORKeyStream(out *byte, in *byte, n uint64, nonce *byte, key *byte)
// Requires: SSE2
TEXT ·salsa2020XORKeyStream(SB), $456-40
// This needs up to 64 bytes at 360(R12); hence the non-obvious frame size.
MOVQ out+0(FP), DI
MOVQ in+8(FP), SI
MOVQ n+16(FP), DX
MOVQ nonce+24(FP), CX
MOVQ key+32(FP), R8
MOVQ SP, R12
ADDQ $0x1f, R12
ANDQ $-32, R12
MOVQ DX, R9
MOVQ CX, DX
MOVQ R8, R10
CMPQ R9, $0x00
JBE DONE
MOVL 20(R10), CX
MOVL (R10), R8
MOVL (DX), AX
MOVL 16(R10), R11
MOVL CX, (R12)
MOVL R8, 4(R12)
MOVL AX, 8(R12)
MOVL R11, 12(R12)
MOVL 8(DX), CX
MOVL 24(R10), R8
MOVL 4(R10), AX
MOVL 4(DX), R11
MOVL CX, 16(R12)
MOVL R8, 20(R12)
MOVL AX, 24(R12)
MOVL R11, 28(R12)
MOVL 12(DX), CX
MOVL 12(R10), DX
MOVL 28(R10), R8
MOVL 8(R10), AX
MOVL DX, 32(R12)
MOVL CX, 36(R12)
MOVL R8, 40(R12)
MOVL AX, 44(R12)
MOVQ $0x61707865, DX
MOVQ $0x3320646e, CX
MOVQ $0x79622d32, R8
MOVQ $0x6b206574, AX
MOVL DX, 48(R12)
MOVL CX, 52(R12)
MOVL R8, 56(R12)
MOVL AX, 60(R12)
CMPQ R9, $0x00000100
JB BYTESBETWEEN1AND255
MOVOA 48(R12), X0
PSHUFL $0x55, X0, X1
PSHUFL $0xaa, X0, X2
PSHUFL $0xff, X0, X3
PSHUFL $0x00, X0, X0
MOVOA X1, 64(R12)
MOVOA X2, 80(R12)
MOVOA X3, 96(R12)
MOVOA X0, 112(R12)
MOVOA (R12), X0
PSHUFL $0xaa, X0, X1
PSHUFL $0xff, X0, X2
PSHUFL $0x00, X0, X3
PSHUFL $0x55, X0, X0
MOVOA X1, 128(R12)
MOVOA X2, 144(R12)
MOVOA X3, 160(R12)
MOVOA X0, 176(R12)
MOVOA 16(R12), X0
PSHUFL $0xff, X0, X1
PSHUFL $0x55, X0, X2
PSHUFL $0xaa, X0, X0
MOVOA X1, 192(R12)
MOVOA X2, 208(R12)
MOVOA X0, 224(R12)
MOVOA 32(R12), X0
PSHUFL $0x00, X0, X1
PSHUFL $0xaa, X0, X2
PSHUFL $0xff, X0, X0
MOVOA X1, 240(R12)
MOVOA X2, 256(R12)
MOVOA X0, 272(R12)
BYTESATLEAST256:
MOVL 16(R12), DX
MOVL 36(R12), CX
MOVL DX, 288(R12)
MOVL CX, 304(R12)
SHLQ $0x20, CX
ADDQ CX, DX
ADDQ $0x01, DX
MOVQ DX, CX
SHRQ $0x20, CX
MOVL DX, 292(R12)
MOVL CX, 308(R12)
ADDQ $0x01, DX
MOVQ DX, CX
SHRQ $0x20, CX
MOVL DX, 296(R12)
MOVL CX, 312(R12)
ADDQ $0x01, DX
MOVQ DX, CX
SHRQ $0x20, CX
MOVL DX, 300(R12)
MOVL CX, 316(R12)
ADDQ $0x01, DX
MOVQ DX, CX
SHRQ $0x20, CX
MOVL DX, 16(R12)
MOVL CX, 36(R12)
MOVQ R9, 352(R12)
MOVQ $0x00000014, DX
MOVOA 64(R12), X0
MOVOA 80(R12), X1
MOVOA 96(R12), X2
MOVOA 256(R12), X3
MOVOA 272(R12), X4
MOVOA 128(R12), X5
MOVOA 144(R12), X6
MOVOA 176(R12), X7
MOVOA 192(R12), X8
MOVOA 208(R12), X9
MOVOA 224(R12), X10
MOVOA 304(R12), X11
MOVOA 112(R12), X12
MOVOA 160(R12), X13
MOVOA 240(R12), X14
MOVOA 288(R12), X15
MAINLOOP1:
MOVOA X1, 320(R12)
MOVOA X2, 336(R12)
MOVOA X13, X1
PADDL X12, X1
MOVOA X1, X2
PSLLL $0x07, X1
PXOR X1, X14
PSRLL $0x19, X2
PXOR X2, X14
MOVOA X7, X1
PADDL X0, X1
MOVOA X1, X2
PSLLL $0x07, X1
PXOR X1, X11
PSRLL $0x19, X2
PXOR X2, X11
MOVOA X12, X1
PADDL X14, X1
MOVOA X1, X2
PSLLL $0x09, X1
PXOR X1, X15
PSRLL $0x17, X2
PXOR X2, X15
MOVOA X0, X1
PADDL X11, X1
MOVOA X1, X2
PSLLL $0x09, X1
PXOR X1, X9
PSRLL $0x17, X2
PXOR X2, X9
MOVOA X14, X1
PADDL X15, X1
MOVOA X1, X2
PSLLL $0x0d, X1
PXOR X1, X13
PSRLL $0x13, X2
PXOR X2, X13
MOVOA X11, X1
PADDL X9, X1
MOVOA X1, X2
PSLLL $0x0d, X1
PXOR X1, X7
PSRLL $0x13, X2
PXOR X2, X7
MOVOA X15, X1
PADDL X13, X1
MOVOA X1, X2
PSLLL $0x12, X1
PXOR X1, X12
PSRLL $0x0e, X2
PXOR X2, X12
MOVOA 320(R12), X1
MOVOA X12, 320(R12)
MOVOA X9, X2
PADDL X7, X2
MOVOA X2, X12
PSLLL $0x12, X2
PXOR X2, X0
PSRLL $0x0e, X12
PXOR X12, X0
MOVOA X5, X2
PADDL X1, X2
MOVOA X2, X12
PSLLL $0x07, X2
PXOR X2, X3
PSRLL $0x19, X12
PXOR X12, X3
MOVOA 336(R12), X2
MOVOA X0, 336(R12)
MOVOA X6, X0
PADDL X2, X0
MOVOA X0, X12
PSLLL $0x07, X0
PXOR X0, X4
PSRLL $0x19, X12
PXOR X12, X4
MOVOA X1, X0
PADDL X3, X0
MOVOA X0, X12
PSLLL $0x09, X0
PXOR X0, X10
PSRLL $0x17, X12
PXOR X12, X10
MOVOA X2, X0
PADDL X4, X0
MOVOA X0, X12
PSLLL $0x09, X0
PXOR X0, X8
PSRLL $0x17, X12
PXOR X12, X8
MOVOA X3, X0
PADDL X10, X0
MOVOA X0, X12
PSLLL $0x0d, X0
PXOR X0, X5
PSRLL $0x13, X12
PXOR X12, X5
MOVOA X4, X0
PADDL X8, X0
MOVOA X0, X12
PSLLL $0x0d, X0
PXOR X0, X6
PSRLL $0x13, X12
PXOR X12, X6
MOVOA X10, X0
PADDL X5, X0
MOVOA X0, X12
PSLLL $0x12, X0
PXOR X0, X1
PSRLL $0x0e, X12
PXOR X12, X1
MOVOA 320(R12), X0
MOVOA X1, 320(R12)
MOVOA X4, X1
PADDL X0, X1
MOVOA X1, X12
PSLLL $0x07, X1
PXOR X1, X7
PSRLL $0x19, X12
PXOR X12, X7
MOVOA X8, X1
PADDL X6, X1
MOVOA X1, X12
PSLLL $0x12, X1
PXOR X1, X2
PSRLL $0x0e, X12
PXOR X12, X2
MOVOA 336(R12), X12
MOVOA X2, 336(R12)
MOVOA X14, X1
PADDL X12, X1
MOVOA X1, X2
PSLLL $0x07, X1
PXOR X1, X5
PSRLL $0x19, X2
PXOR X2, X5
MOVOA X0, X1
PADDL X7, X1
MOVOA X1, X2
PSLLL $0x09, X1
PXOR X1, X10
PSRLL $0x17, X2
PXOR X2, X10
MOVOA X12, X1
PADDL X5, X1
MOVOA X1, X2
PSLLL $0x09, X1
PXOR X1, X8
PSRLL $0x17, X2
PXOR X2, X8
MOVOA X7, X1
PADDL X10, X1
MOVOA X1, X2
PSLLL $0x0d, X1
PXOR X1, X4
PSRLL $0x13, X2
PXOR X2, X4
MOVOA X5, X1
PADDL X8, X1
MOVOA X1, X2
PSLLL $0x0d, X1
PXOR X1, X14
PSRLL $0x13, X2
PXOR X2, X14
MOVOA X10, X1
PADDL X4, X1
MOVOA X1, X2
PSLLL $0x12, X1
PXOR X1, X0
PSRLL $0x0e, X2
PXOR X2, X0
MOVOA 320(R12), X1
MOVOA X0, 320(R12)
MOVOA X8, X0
PADDL X14, X0
MOVOA X0, X2
PSLLL $0x12, X0
PXOR X0, X12
PSRLL $0x0e, X2
PXOR X2, X12
MOVOA X11, X0
PADDL X1, X0
MOVOA X0, X2
PSLLL $0x07, X0
PXOR X0, X6
PSRLL $0x19, X2
PXOR X2, X6
MOVOA 336(R12), X2
MOVOA X12, 336(R12)
MOVOA X3, X0
PADDL X2, X0
MOVOA X0, X12
PSLLL $0x07, X0
PXOR X0, X13
PSRLL $0x19, X12
PXOR X12, X13
MOVOA X1, X0
PADDL X6, X0
MOVOA X0, X12
PSLLL $0x09, X0
PXOR X0, X15
PSRLL $0x17, X12
PXOR X12, X15
MOVOA X2, X0
PADDL X13, X0
MOVOA X0, X12
PSLLL $0x09, X0
PXOR X0, X9
PSRLL $0x17, X12
PXOR X12, X9
MOVOA X6, X0
PADDL X15, X0
MOVOA X0, X12
PSLLL $0x0d, X0
PXOR X0, X11
PSRLL $0x13, X12
PXOR X12, X11
MOVOA X13, X0
PADDL X9, X0
MOVOA X0, X12
PSLLL $0x0d, X0
PXOR X0, X3
PSRLL $0x13, X12
PXOR X12, X3
MOVOA X15, X0
PADDL X11, X0
MOVOA X0, X12
PSLLL $0x12, X0
PXOR X0, X1
PSRLL $0x0e, X12
PXOR X12, X1
MOVOA X9, X0
PADDL X3, X0
MOVOA X0, X12
PSLLL $0x12, X0
PXOR X0, X2
PSRLL $0x0e, X12
PXOR X12, X2
MOVOA 320(R12), X12
MOVOA 336(R12), X0
SUBQ $0x02, DX
JA MAINLOOP1
PADDL 112(R12), X12
PADDL 176(R12), X7
PADDL 224(R12), X10
PADDL 272(R12), X4
MOVD X12, DX
MOVD X7, CX
MOVD X10, R8
MOVD X4, R9
PSHUFL $0x39, X12, X12
PSHUFL $0x39, X7, X7
PSHUFL $0x39, X10, X10
PSHUFL $0x39, X4, X4
XORL (SI), DX
XORL 4(SI), CX
XORL 8(SI), R8
XORL 12(SI), R9
MOVL DX, (DI)
MOVL CX, 4(DI)
MOVL R8, 8(DI)
MOVL R9, 12(DI)
MOVD X12, DX
MOVD X7, CX
MOVD X10, R8
MOVD X4, R9
PSHUFL $0x39, X12, X12
PSHUFL $0x39, X7, X7
PSHUFL $0x39, X10, X10
PSHUFL $0x39, X4, X4
XORL 64(SI), DX
XORL 68(SI), CX
XORL 72(SI), R8
XORL 76(SI), R9
MOVL DX, 64(DI)
MOVL CX, 68(DI)
MOVL R8, 72(DI)
MOVL R9, 76(DI)
MOVD X12, DX
MOVD X7, CX
MOVD X10, R8
MOVD X4, R9
PSHUFL $0x39, X12, X12
PSHUFL $0x39, X7, X7
PSHUFL $0x39, X10, X10
PSHUFL $0x39, X4, X4
XORL 128(SI), DX
XORL 132(SI), CX
XORL 136(SI), R8
XORL 140(SI), R9
MOVL DX, 128(DI)
MOVL CX, 132(DI)
MOVL R8, 136(DI)
MOVL R9, 140(DI)
MOVD X12, DX
MOVD X7, CX
MOVD X10, R8
MOVD X4, R9
XORL 192(SI), DX
XORL 196(SI), CX
XORL 200(SI), R8
XORL 204(SI), R9
MOVL DX, 192(DI)
MOVL CX, 196(DI)
MOVL R8, 200(DI)
MOVL R9, 204(DI)
PADDL 240(R12), X14
PADDL 64(R12), X0
PADDL 128(R12), X5
PADDL 192(R12), X8
MOVD X14, DX
MOVD X0, CX
MOVD X5, R8
MOVD X8, R9
PSHUFL $0x39, X14, X14
PSHUFL $0x39, X0, X0
PSHUFL $0x39, X5, X5
PSHUFL $0x39, X8, X8
XORL 16(SI), DX
XORL 20(SI), CX
XORL 24(SI), R8
XORL 28(SI), R9
MOVL DX, 16(DI)
MOVL CX, 20(DI)
MOVL R8, 24(DI)
MOVL R9, 28(DI)
MOVD X14, DX
MOVD X0, CX
MOVD X5, R8
MOVD X8, R9
PSHUFL $0x39, X14, X14
PSHUFL $0x39, X0, X0
PSHUFL $0x39, X5, X5
PSHUFL $0x39, X8, X8
XORL 80(SI), DX
XORL 84(SI), CX
XORL 88(SI), R8
XORL 92(SI), R9
MOVL DX, 80(DI)
MOVL CX, 84(DI)
MOVL R8, 88(DI)
MOVL R9, 92(DI)
MOVD X14, DX
MOVD X0, CX
MOVD X5, R8
MOVD X8, R9
PSHUFL $0x39, X14, X14
PSHUFL $0x39, X0, X0
PSHUFL $0x39, X5, X5
PSHUFL $0x39, X8, X8
XORL 144(SI), DX
XORL 148(SI), CX
XORL 152(SI), R8
XORL 156(SI), R9
MOVL DX, 144(DI)
MOVL CX, 148(DI)
MOVL R8, 152(DI)
MOVL R9, 156(DI)
MOVD X14, DX
MOVD X0, CX
MOVD X5, R8
MOVD X8, R9
XORL 208(SI), DX
XORL 212(SI), CX
XORL 216(SI), R8
XORL 220(SI), R9
MOVL DX, 208(DI)
MOVL CX, 212(DI)
MOVL R8, 216(DI)
MOVL R9, 220(DI)
PADDL 288(R12), X15
PADDL 304(R12), X11
PADDL 80(R12), X1
PADDL 144(R12), X6
MOVD X15, DX
MOVD X11, CX
MOVD X1, R8
MOVD X6, R9
PSHUFL $0x39, X15, X15
PSHUFL $0x39, X11, X11
PSHUFL $0x39, X1, X1
PSHUFL $0x39, X6, X6
XORL 32(SI), DX
XORL 36(SI), CX
XORL 40(SI), R8
XORL 44(SI), R9
MOVL DX, 32(DI)
MOVL CX, 36(DI)
MOVL R8, 40(DI)
MOVL R9, 44(DI)
MOVD X15, DX
MOVD X11, CX
MOVD X1, R8
MOVD X6, R9
PSHUFL $0x39, X15, X15
PSHUFL $0x39, X11, X11
PSHUFL $0x39, X1, X1
PSHUFL $0x39, X6, X6
XORL 96(SI), DX
XORL 100(SI), CX
XORL 104(SI), R8
XORL 108(SI), R9
MOVL DX, 96(DI)
MOVL CX, 100(DI)
MOVL R8, 104(DI)
MOVL R9, 108(DI)
MOVD X15, DX
MOVD X11, CX
MOVD X1, R8
MOVD X6, R9
PSHUFL $0x39, X15, X15
PSHUFL $0x39, X11, X11
PSHUFL $0x39, X1, X1
PSHUFL $0x39, X6, X6
XORL 160(SI), DX
XORL 164(SI), CX
XORL 168(SI), R8
XORL 172(SI), R9
MOVL DX, 160(DI)
MOVL CX, 164(DI)
MOVL R8, 168(DI)
MOVL R9, 172(DI)
MOVD X15, DX
MOVD X11, CX
MOVD X1, R8
MOVD X6, R9
XORL 224(SI), DX
XORL 228(SI), CX
XORL 232(SI), R8
XORL 236(SI), R9
MOVL DX, 224(DI)
MOVL CX, 228(DI)
MOVL R8, 232(DI)
MOVL R9, 236(DI)
PADDL 160(R12), X13
PADDL 208(R12), X9
PADDL 256(R12), X3
PADDL 96(R12), X2
MOVD X13, DX
MOVD X9, CX
MOVD X3, R8
MOVD X2, R9
PSHUFL $0x39, X13, X13
PSHUFL $0x39, X9, X9
PSHUFL $0x39, X3, X3
PSHUFL $0x39, X2, X2
XORL 48(SI), DX
XORL 52(SI), CX
XORL 56(SI), R8
XORL 60(SI), R9
MOVL DX, 48(DI)
MOVL CX, 52(DI)
MOVL R8, 56(DI)
MOVL R9, 60(DI)
MOVD X13, DX
MOVD X9, CX
MOVD X3, R8
MOVD X2, R9
PSHUFL $0x39, X13, X13
PSHUFL $0x39, X9, X9
PSHUFL $0x39, X3, X3
PSHUFL $0x39, X2, X2
XORL 112(SI), DX
XORL 116(SI), CX
XORL 120(SI), R8
XORL 124(SI), R9
MOVL DX, 112(DI)
MOVL CX, 116(DI)
MOVL R8, 120(DI)
MOVL R9, 124(DI)
MOVD X13, DX
MOVD X9, CX
MOVD X3, R8
MOVD X2, R9
PSHUFL $0x39, X13, X13
PSHUFL $0x39, X9, X9
PSHUFL $0x39, X3, X3
PSHUFL $0x39, X2, X2
XORL 176(SI), DX
XORL 180(SI), CX
XORL 184(SI), R8
XORL 188(SI), R9
MOVL DX, 176(DI)
MOVL CX, 180(DI)
MOVL R8, 184(DI)
MOVL R9, 188(DI)
MOVD X13, DX
MOVD X9, CX
MOVD X3, R8
MOVD X2, R9
XORL 240(SI), DX
XORL 244(SI), CX
XORL 248(SI), R8
XORL 252(SI), R9
MOVL DX, 240(DI)
MOVL CX, 244(DI)
MOVL R8, 248(DI)
MOVL R9, 252(DI)
MOVQ 352(R12), R9
SUBQ $0x00000100, R9
ADDQ $0x00000100, SI
ADDQ $0x00000100, DI
CMPQ R9, $0x00000100
JAE BYTESATLEAST256
CMPQ R9, $0x00
JBE DONE
BYTESBETWEEN1AND255:
CMPQ R9, $0x40
JAE NOCOPY
MOVQ DI, DX
LEAQ 360(R12), DI
MOVQ R9, CX
REP; MOVSB
LEAQ 360(R12), DI
LEAQ 360(R12), SI
NOCOPY:
MOVQ R9, 352(R12)
MOVOA 48(R12), X0
MOVOA (R12), X1
MOVOA 16(R12), X2
MOVOA 32(R12), X3
MOVOA X1, X4
MOVQ $0x00000014, CX
MAINLOOP2:
PADDL X0, X4
MOVOA X0, X5
MOVOA X4, X6
PSLLL $0x07, X4
PSRLL $0x19, X6
PXOR X4, X3
PXOR X6, X3
PADDL X3, X5
MOVOA X3, X4
MOVOA X5, X6
PSLLL $0x09, X5
PSRLL $0x17, X6
PXOR X5, X2
PSHUFL $0x93, X3, X3
PXOR X6, X2
PADDL X2, X4
MOVOA X2, X5
MOVOA X4, X6
PSLLL $0x0d, X4
PSRLL $0x13, X6
PXOR X4, X1
PSHUFL $0x4e, X2, X2
PXOR X6, X1
PADDL X1, X5
MOVOA X3, X4
MOVOA X5, X6
PSLLL $0x12, X5
PSRLL $0x0e, X6
PXOR X5, X0
PSHUFL $0x39, X1, X1
PXOR X6, X0
PADDL X0, X4
MOVOA X0, X5
MOVOA X4, X6
PSLLL $0x07, X4
PSRLL $0x19, X6
PXOR X4, X1
PXOR X6, X1
PADDL X1, X5
MOVOA X1, X4
MOVOA X5, X6
PSLLL $0x09, X5
PSRLL $0x17, X6
PXOR X5, X2
PSHUFL $0x93, X1, X1
PXOR X6, X2
PADDL X2, X4
MOVOA X2, X5
MOVOA X4, X6
PSLLL $0x0d, X4
PSRLL $0x13, X6
PXOR X4, X3
PSHUFL $0x4e, X2, X2
PXOR X6, X3
PADDL X3, X5
MOVOA X1, X4
MOVOA X5, X6
PSLLL $0x12, X5
PSRLL $0x0e, X6
PXOR X5, X0
PSHUFL $0x39, X3, X3
PXOR X6, X0
PADDL X0, X4
MOVOA X0, X5
MOVOA X4, X6
PSLLL $0x07, X4
PSRLL $0x19, X6
PXOR X4, X3
PXOR X6, X3
PADDL X3, X5
MOVOA X3, X4
MOVOA X5, X6
PSLLL $0x09, X5
PSRLL $0x17, X6
PXOR X5, X2
PSHUFL $0x93, X3, X3
PXOR X6, X2
PADDL X2, X4
MOVOA X2, X5
MOVOA X4, X6
PSLLL $0x0d, X4
PSRLL $0x13, X6
PXOR X4, X1
PSHUFL $0x4e, X2, X2
PXOR X6, X1
PADDL X1, X5
MOVOA X3, X4
MOVOA X5, X6
PSLLL $0x12, X5
PSRLL $0x0e, X6
PXOR X5, X0
PSHUFL $0x39, X1, X1
PXOR X6, X0
PADDL X0, X4
MOVOA X0, X5
MOVOA X4, X6
PSLLL $0x07, X4
PSRLL $0x19, X6
PXOR X4, X1
PXOR X6, X1
PADDL X1, X5
MOVOA X1, X4
MOVOA X5, X6
PSLLL $0x09, X5
PSRLL $0x17, X6
PXOR X5, X2
PSHUFL $0x93, X1, X1
PXOR X6, X2
PADDL X2, X4
MOVOA X2, X5
MOVOA X4, X6
PSLLL $0x0d, X4
PSRLL $0x13, X6
PXOR X4, X3
PSHUFL $0x4e, X2, X2
PXOR X6, X3
SUBQ $0x04, CX
PADDL X3, X5
MOVOA X1, X4
MOVOA X5, X6
PSLLL $0x12, X5
PXOR X7, X7
PSRLL $0x0e, X6
PXOR X5, X0
PSHUFL $0x39, X3, X3
PXOR X6, X0
JA MAINLOOP2
PADDL 48(R12), X0
PADDL (R12), X1
PADDL 16(R12), X2
PADDL 32(R12), X3
MOVD X0, CX
MOVD X1, R8
MOVD X2, R9
MOVD X3, AX
PSHUFL $0x39, X0, X0
PSHUFL $0x39, X1, X1
PSHUFL $0x39, X2, X2
PSHUFL $0x39, X3, X3
XORL (SI), CX
XORL 48(SI), R8
XORL 32(SI), R9
XORL 16(SI), AX
MOVL CX, (DI)
MOVL R8, 48(DI)
MOVL R9, 32(DI)
MOVL AX, 16(DI)
MOVD X0, CX
MOVD X1, R8
MOVD X2, R9
MOVD X3, AX
PSHUFL $0x39, X0, X0
PSHUFL $0x39, X1, X1
PSHUFL $0x39, X2, X2
PSHUFL $0x39, X3, X3
XORL 20(SI), CX
XORL 4(SI), R8
XORL 52(SI), R9
XORL 36(SI), AX
MOVL CX, 20(DI)
MOVL R8, 4(DI)
MOVL R9, 52(DI)
MOVL AX, 36(DI)
MOVD X0, CX
MOVD X1, R8
MOVD X2, R9
MOVD X3, AX
PSHUFL $0x39, X0, X0
PSHUFL $0x39, X1, X1
PSHUFL $0x39, X2, X2
PSHUFL $0x39, X3, X3
XORL 40(SI), CX
XORL 24(SI), R8
XORL 8(SI), R9
XORL 56(SI), AX
MOVL CX, 40(DI)
MOVL R8, 24(DI)
MOVL R9, 8(DI)
MOVL AX, 56(DI)
MOVD X0, CX
MOVD X1, R8
MOVD X2, R9
MOVD X3, AX
XORL 60(SI), CX
XORL 44(SI), R8
XORL 28(SI), R9
XORL 12(SI), AX
MOVL CX, 60(DI)
MOVL R8, 44(DI)
MOVL R9, 28(DI)
MOVL AX, 12(DI)
MOVQ 352(R12), R9
MOVL 16(R12), CX
MOVL 36(R12), R8
ADDQ $0x01, CX
SHLQ $0x20, R8
ADDQ R8, CX
MOVQ CX, R8
SHRQ $0x20, R8
MOVL CX, 16(R12)
MOVL R8, 36(R12)
CMPQ R9, $0x40
JA BYTESATLEAST65
JAE BYTESATLEAST64
MOVQ DI, SI
MOVQ DX, DI
MOVQ R9, CX
REP; MOVSB
BYTESATLEAST64:
DONE:
RET
BYTESATLEAST65:
SUBQ $0x40, R9
ADDQ $0x40, DI
ADDQ $0x40, SI
JMP BYTESBETWEEN1AND255

14
vendor/golang.org/x/crypto/salsa20/salsa/salsa20_noasm.go generated vendored Normal file
View file

@ -0,0 +1,14 @@
// Copyright 2019 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//go:build !amd64 || purego || !gc
package salsa
// XORKeyStream crypts bytes from in to out using the given key and counters.
// In and out must overlap entirely or not at all. Counter
// contains the raw salsa20 counter bytes (both nonce and block counter).
func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
genericXORKeyStream(out, in, counter, key)
}

233
vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go generated vendored Normal file
View file

@ -0,0 +1,233 @@
// Copyright 2012 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package salsa
import "math/bits"
const rounds = 20
// core applies the Salsa20 core function to 16-byte input in, 32-byte key k,
// and 16-byte constant c, and puts the result into 64-byte array out.
func core(out *[64]byte, in *[16]byte, k *[32]byte, c *[16]byte) {
j0 := uint32(c[0]) | uint32(c[1])<<8 | uint32(c[2])<<16 | uint32(c[3])<<24
j1 := uint32(k[0]) | uint32(k[1])<<8 | uint32(k[2])<<16 | uint32(k[3])<<24
j2 := uint32(k[4]) | uint32(k[5])<<8 | uint32(k[6])<<16 | uint32(k[7])<<24
j3 := uint32(k[8]) | uint32(k[9])<<8 | uint32(k[10])<<16 | uint32(k[11])<<24
j4 := uint32(k[12]) | uint32(k[13])<<8 | uint32(k[14])<<16 | uint32(k[15])<<24
j5 := uint32(c[4]) | uint32(c[5])<<8 | uint32(c[6])<<16 | uint32(c[7])<<24
j6 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24
j7 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24
j8 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24
j9 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24
j10 := uint32(c[8]) | uint32(c[9])<<8 | uint32(c[10])<<16 | uint32(c[11])<<24
j11 := uint32(k[16]) | uint32(k[17])<<8 | uint32(k[18])<<16 | uint32(k[19])<<24
j12 := uint32(k[20]) | uint32(k[21])<<8 | uint32(k[22])<<16 | uint32(k[23])<<24
j13 := uint32(k[24]) | uint32(k[25])<<8 | uint32(k[26])<<16 | uint32(k[27])<<24
j14 := uint32(k[28]) | uint32(k[29])<<8 | uint32(k[30])<<16 | uint32(k[31])<<24
j15 := uint32(c[12]) | uint32(c[13])<<8 | uint32(c[14])<<16 | uint32(c[15])<<24
x0, x1, x2, x3, x4, x5, x6, x7, x8 := j0, j1, j2, j3, j4, j5, j6, j7, j8
x9, x10, x11, x12, x13, x14, x15 := j9, j10, j11, j12, j13, j14, j15
for i := 0; i < rounds; i += 2 {
u := x0 + x12
x4 ^= bits.RotateLeft32(u, 7)
u = x4 + x0
x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x4
x12 ^= bits.RotateLeft32(u, 13)
u = x12 + x8
x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x1
x9 ^= bits.RotateLeft32(u, 7)
u = x9 + x5
x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x9
x1 ^= bits.RotateLeft32(u, 13)
u = x1 + x13
x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x6
x14 ^= bits.RotateLeft32(u, 7)
u = x14 + x10
x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x14
x6 ^= bits.RotateLeft32(u, 13)
u = x6 + x2
x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x11
x3 ^= bits.RotateLeft32(u, 7)
u = x3 + x15
x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x3
x11 ^= bits.RotateLeft32(u, 13)
u = x11 + x7
x15 ^= bits.RotateLeft32(u, 18)
u = x0 + x3
x1 ^= bits.RotateLeft32(u, 7)
u = x1 + x0
x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x1
x3 ^= bits.RotateLeft32(u, 13)
u = x3 + x2
x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x4
x6 ^= bits.RotateLeft32(u, 7)
u = x6 + x5
x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x6
x4 ^= bits.RotateLeft32(u, 13)
u = x4 + x7
x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x9
x11 ^= bits.RotateLeft32(u, 7)
u = x11 + x10
x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x11
x9 ^= bits.RotateLeft32(u, 13)
u = x9 + x8
x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x14
x12 ^= bits.RotateLeft32(u, 7)
u = x12 + x15
x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x12
x14 ^= bits.RotateLeft32(u, 13)
u = x14 + x13
x15 ^= bits.RotateLeft32(u, 18)
}
x0 += j0
x1 += j1
x2 += j2
x3 += j3
x4 += j4
x5 += j5
x6 += j6
x7 += j7
x8 += j8
x9 += j9
x10 += j10
x11 += j11
x12 += j12
x13 += j13
x14 += j14
x15 += j15
out[0] = byte(x0)
out[1] = byte(x0 >> 8)
out[2] = byte(x0 >> 16)
out[3] = byte(x0 >> 24)
out[4] = byte(x1)
out[5] = byte(x1 >> 8)
out[6] = byte(x1 >> 16)
out[7] = byte(x1 >> 24)
out[8] = byte(x2)
out[9] = byte(x2 >> 8)
out[10] = byte(x2 >> 16)
out[11] = byte(x2 >> 24)
out[12] = byte(x3)
out[13] = byte(x3 >> 8)
out[14] = byte(x3 >> 16)
out[15] = byte(x3 >> 24)
out[16] = byte(x4)
out[17] = byte(x4 >> 8)
out[18] = byte(x4 >> 16)
out[19] = byte(x4 >> 24)
out[20] = byte(x5)
out[21] = byte(x5 >> 8)
out[22] = byte(x5 >> 16)
out[23] = byte(x5 >> 24)
out[24] = byte(x6)
out[25] = byte(x6 >> 8)
out[26] = byte(x6 >> 16)
out[27] = byte(x6 >> 24)
out[28] = byte(x7)
out[29] = byte(x7 >> 8)
out[30] = byte(x7 >> 16)
out[31] = byte(x7 >> 24)
out[32] = byte(x8)
out[33] = byte(x8 >> 8)
out[34] = byte(x8 >> 16)
out[35] = byte(x8 >> 24)
out[36] = byte(x9)
out[37] = byte(x9 >> 8)
out[38] = byte(x9 >> 16)
out[39] = byte(x9 >> 24)
out[40] = byte(x10)
out[41] = byte(x10 >> 8)
out[42] = byte(x10 >> 16)
out[43] = byte(x10 >> 24)
out[44] = byte(x11)
out[45] = byte(x11 >> 8)
out[46] = byte(x11 >> 16)
out[47] = byte(x11 >> 24)
out[48] = byte(x12)
out[49] = byte(x12 >> 8)
out[50] = byte(x12 >> 16)
out[51] = byte(x12 >> 24)
out[52] = byte(x13)
out[53] = byte(x13 >> 8)
out[54] = byte(x13 >> 16)
out[55] = byte(x13 >> 24)
out[56] = byte(x14)
out[57] = byte(x14 >> 8)
out[58] = byte(x14 >> 16)
out[59] = byte(x14 >> 24)
out[60] = byte(x15)
out[61] = byte(x15 >> 8)
out[62] = byte(x15 >> 16)
out[63] = byte(x15 >> 24)
}
// genericXORKeyStream is the generic implementation of XORKeyStream to be used
// when no assembly implementation is available.
func genericXORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
var block [64]byte
var counterCopy [16]byte
copy(counterCopy[:], counter[:])
for len(in) >= 64 {
core(&block, &counterCopy, key, &Sigma)
for i, x := range block {
out[i] = in[i] ^ x
}
u := uint32(1)
for i := 8; i < 16; i++ {
u += uint32(counterCopy[i])
counterCopy[i] = byte(u)
u >>= 8
}
in = in[64:]
out = out[64:]
}
if len(in) > 0 {
core(&block, &counterCopy, key, &Sigma)
for i, v := range in {
out[i] = v ^ block[i]
}
}
}

3
vendor/modules.txt vendored
View file

@ -142,7 +142,10 @@ golang.org/x/crypto/ed25519
golang.org/x/crypto/hkdf golang.org/x/crypto/hkdf
golang.org/x/crypto/internal/alias golang.org/x/crypto/internal/alias
golang.org/x/crypto/internal/poly1305 golang.org/x/crypto/internal/poly1305
golang.org/x/crypto/nacl/box
golang.org/x/crypto/nacl/secretbox
golang.org/x/crypto/poly1305 golang.org/x/crypto/poly1305
golang.org/x/crypto/salsa20/salsa
# golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8 # golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8
## explicit; go 1.22.0 ## explicit; go 1.22.0
golang.org/x/exp/rand golang.org/x/exp/rand