diff --git a/go.mod b/go.mod index 1dccc5c88..8558ac0ed 100644 --- a/go.mod +++ b/go.mod @@ -104,7 +104,7 @@ require ( github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa // indirect github.com/andybalholm/brotli v1.1.1 // indirect github.com/bits-and-blooms/bitset v1.10.0 // indirect - github.com/cloudflare/circl v1.6.1 // indirect + github.com/cloudflare/circl v1.6.3 // indirect github.com/coreos/go-iptables v0.7.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dblohm7/wingoes v0.0.0-20230929194252-e994401fc077 // indirect diff --git a/go.sum b/go.sum index 6b7a84412..784830c3d 100644 --- a/go.sum +++ b/go.sum @@ -51,10 +51,8 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/cilium/ebpf v0.11.0 h1:V8gS/bTCCjX9uUnkUFUpPsksM8n1lXBAvHcpiFk1X2Y= github.com/cilium/ebpf v0.11.0/go.mod h1:WE7CZAnqOL2RouJ4f1uyNhqr2P4CCvXFIqdRDUgWsVs= -github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys= -github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= -github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= -github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= +github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8= +github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4= github.com/cognusion/go-cache-lru v0.0.0-20170419142635-f73e2280ecea h1:9C2rdYRp8Vzwhm3sbFX0yYfB+70zKFRjn7cnPCucHSw= github.com/cognusion/go-cache-lru v0.0.0-20170419142635-f73e2280ecea/go.mod h1:MdyNkAe06D7xmJsf+MsLvbZKYNXuOHLKJrvw+x4LlcQ= github.com/coreos/go-iptables v0.7.0 h1:XWM3V+MPRr5/q51NuWSgU0fqMad64Zyxs8ZUoMsamr8= diff --git a/vendor/github.com/cloudflare/circl/hpke/shortkem.go b/vendor/github.com/cloudflare/circl/hpke/shortkem.go index 2a0787e0b..63cce6852 100644 --- a/vendor/github.com/cloudflare/circl/hpke/shortkem.go +++ b/vendor/github.com/cloudflare/circl/hpke/shortkem.go @@ -103,7 +103,7 @@ func (s shortKEM) GenerateKeyPair() (kem.PublicKey, kem.PrivateKey, error) { func (s shortKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error) { key, err := s.Curve.NewPrivateKey(data) if err != nil { - return nil, err + return nil, ErrInvalidKEMPrivateKey } return &shortKEMPrivKey{s, key}, nil @@ -112,7 +112,7 @@ func (s shortKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error) func (s shortKEM) UnmarshalBinaryPublicKey(data []byte) (kem.PublicKey, error) { key, err := s.Curve.NewPublicKey(data) if err != nil { - return nil, err + return nil, ErrInvalidKEMPublicKey } return &shortKEMPubKey{s, *key}, nil diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go b/vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go index 052fc8d32..091061346 100644 --- a/vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go +++ b/vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go @@ -14,14 +14,14 @@ import "unsafe" type storageBuf [maxRate / 8]uint64 func (b *storageBuf) asBytes() *[maxRate]byte { - return (*[maxRate]byte)(unsafe.Pointer(b)) + return (*[maxRate]byte)(unsafe.Pointer(b)) //nolint:gosec } // xorInuses unaligned reads and writes to update d.a to contain d.a // XOR buf. func xorIn(d *State, buf []byte) { n := len(buf) - bw := (*[maxRate / 8]uint64)(unsafe.Pointer(&buf[0]))[: n/8 : n/8] + bw := (*[maxRate / 8]uint64)(unsafe.Pointer(&buf[0]))[: n/8 : n/8] //nolint:gosec if n >= 72 { d.a[0] ^= bw[0] d.a[1] ^= bw[1] @@ -56,6 +56,6 @@ func xorIn(d *State, buf []byte) { } func copyOut(d *State, buf []byte) { - ab := (*[maxRate]uint8)(unsafe.Pointer(&d.a[0])) + ab := (*[maxRate]uint8)(unsafe.Pointer(&d.a[0])) //nolint:gosec copy(buf, ab[:]) } diff --git a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/arm64.go b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/arm64.go new file mode 100644 index 000000000..f6891b708 --- /dev/null +++ b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/arm64.go @@ -0,0 +1,83 @@ +//go:build arm64 && !purego +// +build arm64,!purego + +package common + +// Sets p to a + b. Does not normalize coefficients. +func (p *Poly) Add(a, b *Poly) { + polyAddARM64(p, a, b) +} + +// Sets p to a - b. Does not normalize coefficients. +func (p *Poly) Sub(a, b *Poly) { + polySubARM64(p, a, b) +} + +// Executes an in-place forward "NTT" on p. +// +// Assumes the coefficients are in absolute value ≤q. The resulting +// coefficients are in absolute value ≤7q. If the input is in Montgomery +// form, then the result is in Montgomery form and so (by linearity of the NTT) +// if the input is in regular form, then the result is also in regular form. +// The order of coefficients will be "tangled". These can be put back into +// their proper order by calling Detangle(). +func (p *Poly) NTT() { + p.nttGeneric() +} + +// Executes an in-place inverse "NTT" on p and multiply by the Montgomery +// factor R. +// +// Requires coefficients to be in "tangled" order, see Tangle(). +// Assumes the coefficients are in absolute value ≤q. The resulting +// coefficients are in absolute value ≤q. If the input is in Montgomery +// form, then the result is in Montgomery form and so (by linearity) +// if the input is in regular form, then the result is also in regular form. +func (p *Poly) InvNTT() { + p.invNTTGeneric() +} + +// Sets p to the "pointwise" multiplication of a and b. +// +// That is: InvNTT(p) = InvNTT(a) * InvNTT(b). Assumes a and b are in +// Montgomery form. Products between coefficients of a and b must be strictly +// bounded in absolute value by 2¹⁵q. p will be in Montgomery form and +// bounded in absolute value by 2q. +// +// Requires a and b to be in "tangled" order, see Tangle(). p will be in +// tangled order as well. +func (p *Poly) MulHat(a, b *Poly) { + p.mulHatGeneric(a, b) +} + +// Puts p into the right form to be used with (among others) InvNTT(). +func (p *Poly) Tangle() { + // In the generic implementation there is no advantage to using a + // different order, so we use the standard order everywhere. +} + +// Puts p back into standard form. +func (p *Poly) Detangle() { + // In the generic implementation there is no advantage to using a + // different order, so we use the standard order everywhere. +} + +// Almost normalizes coefficients. +// +// Ensures each coefficient is in {0, …, q}. +func (p *Poly) BarrettReduce() { + p.barrettReduceGeneric() +} + +// Normalizes coefficients. +// +// Ensures each coefficient is in {0, …, q-1}. +func (p *Poly) Normalize() { + p.normalizeGeneric() +} + +//go:noescape +func polyAddARM64(p, a, b *Poly) + +//go:noescape +func polySubARM64(p, a, b *Poly) diff --git a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/arm64.s b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/arm64.s new file mode 100644 index 000000000..90c94a1a4 --- /dev/null +++ b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/arm64.s @@ -0,0 +1,53 @@ +//go:build arm64 && !purego + +#include "go_asm.h" +#include "textflag.h" + +// func polyAddARM64(p, a, b *Poly) +TEXT ·polyAddARM64(SB), NOSPLIT|NOFRAME, $0-24 + MOVD p+0(FP), R0 + MOVD a+8(FP), R1 + MOVD b+16(FP), R2 + + MOVW $(const_N / 32), R3 + +loop: + VLD1.P (64)(R1), [V0.H8, V1.H8, V2.H8, V3.H8] + VLD1.P (64)(R2), [V4.H8, V5.H8, V6.H8, V7.H8] + + VADD V4.H8, V0.H8, V0.H8 + VADD V5.H8, V1.H8, V1.H8 + VADD V6.H8, V2.H8, V2.H8 + VADD V7.H8, V3.H8, V3.H8 + + VST1.P [V0.H8, V1.H8, V2.H8, V3.H8], (64)(R0) + + SUBS $1, R3, R3 + BGT loop + + RET + + +// func polySubARM64(p, a, b *Poly) +TEXT ·polySubARM64(SB), NOSPLIT|NOFRAME, $0-24 + MOVD p+0(FP), R0 + MOVD a+8(FP), R1 + MOVD b+16(FP), R2 + + MOVW $(const_N / 32), R3 + +loop: + VLD1.P (64)(R1), [V0.H8, V1.H8, V2.H8, V3.H8] + VLD1.P (64)(R2), [V4.H8, V5.H8, V6.H8, V7.H8] + + VSUB V4.H8, V0.H8, V0.H8 + VSUB V5.H8, V1.H8, V1.H8 + VSUB V6.H8, V2.H8, V2.H8 + VSUB V7.H8, V3.H8, V3.H8 + + VST1.P [V0.H8, V1.H8, V2.H8, V3.H8], (64)(R0) + + SUBS $1, R3, R3 + BGT loop + + RET diff --git a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/generic.go b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/generic.go index 66e0e86dc..fd1e2950e 100644 --- a/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/generic.go +++ b/vendor/github.com/cloudflare/circl/pke/kyber/internal/common/generic.go @@ -1,5 +1,5 @@ -//go:build !amd64 || purego -// +build !amd64 purego +//go:build (!amd64 && !arm64) || purego +// +build !amd64,!arm64 purego package common diff --git a/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x.go b/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x.go index 20ac96f00..66b942cdf 100644 --- a/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x.go +++ b/vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x.go @@ -76,7 +76,7 @@ func IsEnabledX2() bool { return enabledX2 } // If turbo is true, applies 12-round variant instead of the usual 24. func (s *StateX4) Initialize(turbo bool) []uint64 { s.turbo = turbo - rp := unsafe.Pointer(&s.a[0]) + rp := unsafe.Pointer(&s.a[0]) //nolint:gosec // uint64s are always aligned by a multiple of 8. Compute the remainder // of the address modulo 32 divided by 8. @@ -96,7 +96,7 @@ func (s *StateX4) Initialize(turbo bool) []uint64 { // If turbo is true, applies 12-round variant instead of the usual 24. func (s *StateX2) Initialize(turbo bool) []uint64 { s.turbo = turbo - rp := unsafe.Pointer(&s.a[0]) + rp := unsafe.Pointer(&s.a[0]) //nolint:gosec // uint64s are always aligned by a multiple of 8. Compute the remainder // of the address modulo 32 divided by 8. diff --git a/vendor/modules.txt b/vendor/modules.txt index 65b15d639..65c736eab 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -96,7 +96,7 @@ github.com/cespare/xxhash # github.com/cheekybits/genny v0.0.0-20170328200008-9127e812e1e9 ## explicit github.com/cheekybits/genny/generic -# github.com/cloudflare/circl v1.6.1 +# github.com/cloudflare/circl v1.6.3 ## explicit; go 1.22.0 github.com/cloudflare/circl/dh/x25519 github.com/cloudflare/circl/dh/x448