updated dependencies

vendor/golang.org/x/crypto/blake2b/blake2b.go

@@ -2,8 +2,20 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package blake2b implements the BLAKE2b hash algorithm as
-// defined in RFC 7693.
+// Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693
+// and the extendable output function (XOF) BLAKE2Xb.
+//
+// BLAKE2b is optimized for 64-bit platforms—including NEON-enabled ARMs—and
+// produces digests of any size between 1 and 64 bytes.
+// For a detailed specification of BLAKE2b see https://blake2.net/blake2.pdf
+// and for BLAKE2Xb see https://blake2.net/blake2x.pdf
+//
+// If you aren't sure which function you need, use BLAKE2b (Sum512 or New512).
+// If you need a secret-key MAC (message authentication code), use the New512
+// function with a non-nil key.
+//
+// BLAKE2X is a construction to compute hash values larger than 64 bytes. It
+// can produce hash values between 0 and 4 GiB.
 package blake2b
 
 import (
@@ -29,7 +41,10 @@ var (
 	useSSE4 bool
 )
 
-var errKeySize = errors.New("blake2b: invalid key size")
+var (
+	errKeySize  = errors.New("blake2b: invalid key size")
+	errHashSize = errors.New("blake2b: invalid hash size")
+)
 
 var iv = [8]uint64{
 	0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,
@@ -62,18 +77,31 @@ func Sum256(data []byte) [Size256]byte {
 }
 
 // New512 returns a new hash.Hash computing the BLAKE2b-512 checksum. A non-nil
-// key turns the hash into a MAC. The key must between zero and 64 bytes long.
+// key turns the hash into a MAC. The key must be between zero and 64 bytes long.
 func New512(key []byte) (hash.Hash, error) { return newDigest(Size, key) }
 
 // New384 returns a new hash.Hash computing the BLAKE2b-384 checksum. A non-nil
-// key turns the hash into a MAC. The key must between zero and 64 bytes long.
+// key turns the hash into a MAC. The key must be between zero and 64 bytes long.
 func New384(key []byte) (hash.Hash, error) { return newDigest(Size384, key) }
 
 // New256 returns a new hash.Hash computing the BLAKE2b-256 checksum. A non-nil
-// key turns the hash into a MAC. The key must between zero and 64 bytes long.
+// key turns the hash into a MAC. The key must be between zero and 64 bytes long.
 func New256(key []byte) (hash.Hash, error) { return newDigest(Size256, key) }
 
+// New returns a new hash.Hash computing the BLAKE2b checksum with a custom length.
+// A non-nil key turns the hash into a MAC. The key must be between zero and 64 bytes long.
+// The hash size can be a value between 1 and 64 but it is highly recommended to use
+// values equal or greater than:
+// - 32 if BLAKE2b is used as a hash function (The key is zero bytes long).
+// - 16 if BLAKE2b is used as a MAC function (The key is at least 16 bytes long).
+// When the key is nil, the returned hash.Hash implements BinaryMarshaler
+// and BinaryUnmarshaler for state (de)serialization as documented by hash.Hash.
+func New(size int, key []byte) (hash.Hash, error) { return newDigest(size, key) }
+
 func newDigest(hashSize int, key []byte) (*digest, error) {
+	if hashSize < 1 || hashSize > Size {
+		return nil, errHashSize
+	}
 	if len(key) > Size {
 		return nil, errKeySize
 	}
@@ -126,6 +154,50 @@ type digest struct {
 	keyLen int
 }
 
+const (
+	magic         = "b2b"
+	marshaledSize = len(magic) + 8*8 + 2*8 + 1 + BlockSize + 1
+)
+
+func (d *digest) MarshalBinary() ([]byte, error) {
+	if d.keyLen != 0 {
+		return nil, errors.New("crypto/blake2b: cannot marshal MACs")
+	}
+	b := make([]byte, 0, marshaledSize)
+	b = append(b, magic...)
+	for i := 0; i < 8; i++ {
+		b = appendUint64(b, d.h[i])
+	}
+	b = appendUint64(b, d.c[0])
+	b = appendUint64(b, d.c[1])
+	// Maximum value for size is 64
+	b = append(b, byte(d.size))
+	b = append(b, d.block[:]...)
+	b = append(b, byte(d.offset))
+	return b, nil
+}
+
+func (d *digest) UnmarshalBinary(b []byte) error {
+	if len(b) < len(magic) || string(b[:len(magic)]) != magic {
+		return errors.New("crypto/blake2b: invalid hash state identifier")
+	}
+	if len(b) != marshaledSize {
+		return errors.New("crypto/blake2b: invalid hash state size")
+	}
+	b = b[len(magic):]
+	for i := 0; i < 8; i++ {
+		b, d.h[i] = consumeUint64(b)
+	}
+	b, d.c[0] = consumeUint64(b)
+	b, d.c[1] = consumeUint64(b)
+	d.size = int(b[0])
+	b = b[1:]
+	copy(d.block[:], b[:BlockSize])
+	b = b[BlockSize:]
+	d.offset = int(b[0])
+	return nil
+}
+
 func (d *digest) BlockSize() int { return BlockSize }
 
 func (d *digest) Size() int { return d.size }
@@ -171,7 +243,13 @@ func (d *digest) Write(p []byte) (n int, err error) {
 	return
 }
 
-func (d *digest) Sum(b []byte) []byte {
+func (d *digest) Sum(sum []byte) []byte {
+	var hash [Size]byte
+	d.finalize(&hash)
+	return append(sum, hash[:d.size]...)
+}
+
+func (d *digest) finalize(hash *[Size]byte) {
 	var block [BlockSize]byte
 	copy(block[:], d.block[:d.offset])
 	remaining := uint64(BlockSize - d.offset)
@@ -185,10 +263,29 @@ func (d *digest) Sum(b []byte) []byte {
 	h := d.h
 	hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:])
 
-	var sum [Size]byte
-	for i, v := range h[:(d.size+7)/8] {
-		binary.LittleEndian.PutUint64(sum[8*i:], v)
+	for i, v := range h {
+		binary.LittleEndian.PutUint64(hash[8*i:], v)
 	}
-
-	return append(b, sum[:d.size]...)
+}
+
+func appendUint64(b []byte, x uint64) []byte {
+	var a [8]byte
+	binary.BigEndian.PutUint64(a[:], x)
+	return append(b, a[:]...)
+}
+
+func appendUint32(b []byte, x uint32) []byte {
+	var a [4]byte
+	binary.BigEndian.PutUint32(a[:], x)
+	return append(b, a[:]...)
+}
+
+func consumeUint64(b []byte) ([]byte, uint64) {
+	x := binary.BigEndian.Uint64(b)
+	return b[8:], x
+}
+
+func consumeUint32(b []byte) ([]byte, uint32) {
+	x := binary.BigEndian.Uint32(b)
+	return b[4:], x
 }

vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go

@@ -6,21 +6,14 @@
 
 package blake2b
 
+import "golang.org/x/sys/cpu"
+
 func init() {
-	useAVX2 = supportsAVX2()
-	useAVX = supportsAVX()
-	useSSE4 = supportsSSE4()
+	useAVX2 = cpu.X86.HasAVX2
+	useAVX = cpu.X86.HasAVX
+	useSSE4 = cpu.X86.HasSSE41
 }
 
-//go:noescape
-func supportsSSE4() bool
-
-//go:noescape
-func supportsAVX() bool
-
-//go:noescape
-func supportsAVX2() bool
-
 //go:noescape
 func hashBlocksAVX2(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
 
@@ -31,13 +24,14 @@ func hashBlocksAVX(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
 func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
 
 func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
-	if useAVX2 {
+	switch {
+	case useAVX2:
 		hashBlocksAVX2(h, c, flag, blocks)
-	} else if useAVX {
+	case useAVX:
 		hashBlocksAVX(h, c, flag, blocks)
-	} else if useSSE4 {
+	case useSSE4:
 		hashBlocksSSE4(h, c, flag, blocks)
-	} else {
+	default:
 		hashBlocksGeneric(h, c, flag, blocks)
 	}
 }

vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s

@@ -748,15 +748,3 @@ noinc:
 
 	MOVQ BP, SP
 	RET
-
-// func supportsAVX2() bool
-TEXT ·supportsAVX2(SB), 4, $0-1
-	MOVQ runtime·support_avx2(SB), AX
-	MOVB AX, ret+0(FP)
-	RET
-
-// func supportsAVX() bool
-TEXT ·supportsAVX(SB), 4, $0-1
-	MOVQ runtime·support_avx(SB), AX
-	MOVB AX, ret+0(FP)
-	RET

vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go

@@ -6,12 +6,11 @@
 
 package blake2b
 
-func init() {
-	useSSE4 = supportsSSE4()
-}
+import "golang.org/x/sys/cpu"
 
-//go:noescape
-func supportsSSE4() bool
+func init() {
+	useSSE4 = cpu.X86.HasSSE41
+}
 
 //go:noescape
 func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)

vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s

@@ -279,12 +279,3 @@ noinc:
 
 	MOVQ BP, SP
 	RET
-
-// func supportsSSE4() bool
-TEXT ·supportsSSE4(SB), 4, $0-1
-	MOVL $1, AX
-	CPUID
-	SHRL $19, CX  // Bit 19 indicates SSE4 support
-	ANDL $1, CX  // CX != 0 if support SSE4
-	MOVB CX, ret+0(FP)
-	RET

vendor/golang.org/x/crypto/blake2b/blake2b_generic.go

@@ -4,7 +4,10 @@
 
 package blake2b
 
-import "encoding/binary"
+import (
+	"encoding/binary"
+	"math/bits"
+)
 
 // the precomputed values for BLAKE2b
 // there are 12 16-byte arrays - one for each round
@@ -51,118 +54,118 @@ func hashBlocksGeneric(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
 			v0 += m[s[0]]
 			v0 += v4
 			v12 ^= v0
-			v12 = v12<<(64-32) | v12>>32
+			v12 = bits.RotateLeft64(v12, -32)
 			v8 += v12
 			v4 ^= v8
-			v4 = v4<<(64-24) | v4>>24
+			v4 = bits.RotateLeft64(v4, -24)
 			v1 += m[s[1]]
 			v1 += v5
 			v13 ^= v1
-			v13 = v13<<(64-32) | v13>>32
+			v13 = bits.RotateLeft64(v13, -32)
 			v9 += v13
 			v5 ^= v9
-			v5 = v5<<(64-24) | v5>>24
+			v5 = bits.RotateLeft64(v5, -24)
 			v2 += m[s[2]]
 			v2 += v6
 			v14 ^= v2
-			v14 = v14<<(64-32) | v14>>32
+			v14 = bits.RotateLeft64(v14, -32)
 			v10 += v14
 			v6 ^= v10
-			v6 = v6<<(64-24) | v6>>24
+			v6 = bits.RotateLeft64(v6, -24)
 			v3 += m[s[3]]
 			v3 += v7
 			v15 ^= v3
-			v15 = v15<<(64-32) | v15>>32
+			v15 = bits.RotateLeft64(v15, -32)
 			v11 += v15
 			v7 ^= v11
-			v7 = v7<<(64-24) | v7>>24
+			v7 = bits.RotateLeft64(v7, -24)
 
 			v0 += m[s[4]]
 			v0 += v4
 			v12 ^= v0
-			v12 = v12<<(64-16) | v12>>16
+			v12 = bits.RotateLeft64(v12, -16)
 			v8 += v12
 			v4 ^= v8
-			v4 = v4<<(64-63) | v4>>63
+			v4 = bits.RotateLeft64(v4, -63)
 			v1 += m[s[5]]
 			v1 += v5
 			v13 ^= v1
-			v13 = v13<<(64-16) | v13>>16
+			v13 = bits.RotateLeft64(v13, -16)
 			v9 += v13
 			v5 ^= v9
-			v5 = v5<<(64-63) | v5>>63
+			v5 = bits.RotateLeft64(v5, -63)
 			v2 += m[s[6]]
 			v2 += v6
 			v14 ^= v2
-			v14 = v14<<(64-16) | v14>>16
+			v14 = bits.RotateLeft64(v14, -16)
 			v10 += v14
 			v6 ^= v10
-			v6 = v6<<(64-63) | v6>>63
+			v6 = bits.RotateLeft64(v6, -63)
 			v3 += m[s[7]]
 			v3 += v7
 			v15 ^= v3
-			v15 = v15<<(64-16) | v15>>16
+			v15 = bits.RotateLeft64(v15, -16)
 			v11 += v15
 			v7 ^= v11
-			v7 = v7<<(64-63) | v7>>63
+			v7 = bits.RotateLeft64(v7, -63)
 
 			v0 += m[s[8]]
 			v0 += v5
 			v15 ^= v0
-			v15 = v15<<(64-32) | v15>>32
+			v15 = bits.RotateLeft64(v15, -32)
 			v10 += v15
 			v5 ^= v10
-			v5 = v5<<(64-24) | v5>>24
+			v5 = bits.RotateLeft64(v5, -24)
 			v1 += m[s[9]]
 			v1 += v6
 			v12 ^= v1
-			v12 = v12<<(64-32) | v12>>32
+			v12 = bits.RotateLeft64(v12, -32)
 			v11 += v12
 			v6 ^= v11
-			v6 = v6<<(64-24) | v6>>24
+			v6 = bits.RotateLeft64(v6, -24)
 			v2 += m[s[10]]
 			v2 += v7
 			v13 ^= v2
-			v13 = v13<<(64-32) | v13>>32
+			v13 = bits.RotateLeft64(v13, -32)
 			v8 += v13
 			v7 ^= v8
-			v7 = v7<<(64-24) | v7>>24
+			v7 = bits.RotateLeft64(v7, -24)
 			v3 += m[s[11]]
 			v3 += v4
 			v14 ^= v3
-			v14 = v14<<(64-32) | v14>>32
+			v14 = bits.RotateLeft64(v14, -32)
 			v9 += v14
 			v4 ^= v9
-			v4 = v4<<(64-24) | v4>>24
+			v4 = bits.RotateLeft64(v4, -24)
 
 			v0 += m[s[12]]
 			v0 += v5
 			v15 ^= v0
-			v15 = v15<<(64-16) | v15>>16
+			v15 = bits.RotateLeft64(v15, -16)
 			v10 += v15
 			v5 ^= v10
-			v5 = v5<<(64-63) | v5>>63
+			v5 = bits.RotateLeft64(v5, -63)
 			v1 += m[s[13]]
 			v1 += v6
 			v12 ^= v1
-			v12 = v12<<(64-16) | v12>>16
+			v12 = bits.RotateLeft64(v12, -16)
 			v11 += v12
 			v6 ^= v11
-			v6 = v6<<(64-63) | v6>>63
+			v6 = bits.RotateLeft64(v6, -63)
 			v2 += m[s[14]]
 			v2 += v7
 			v13 ^= v2
-			v13 = v13<<(64-16) | v13>>16
+			v13 = bits.RotateLeft64(v13, -16)
 			v8 += v13
 			v7 ^= v8
-			v7 = v7<<(64-63) | v7>>63
+			v7 = bits.RotateLeft64(v7, -63)
 			v3 += m[s[15]]
 			v3 += v4
 			v14 ^= v3
-			v14 = v14<<(64-16) | v14>>16
+			v14 = bits.RotateLeft64(v14, -16)
 			v9 += v14
 			v4 ^= v9
-			v4 = v4<<(64-63) | v4>>63
+			v4 = bits.RotateLeft64(v4, -63)
 
 		}
 

vendor/golang.org/x/crypto/blake2b/blake2x.go

@@ -0,0 +1,177 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package blake2b
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+)
+
+// XOF defines the interface to hash functions that
+// support arbitrary-length output.
+type XOF interface {
+	// Write absorbs more data into the hash's state. It panics if called
+	// after Read.
+	io.Writer
+
+	// Read reads more output from the hash. It returns io.EOF if the limit
+	// has been reached.
+	io.Reader
+
+	// Clone returns a copy of the XOF in its current state.
+	Clone() XOF
+
+	// Reset resets the XOF to its initial state.
+	Reset()
+}
+
+// OutputLengthUnknown can be used as the size argument to NewXOF to indicate
+// the length of the output is not known in advance.
+const OutputLengthUnknown = 0
+
+// magicUnknownOutputLength is a magic value for the output size that indicates
+// an unknown number of output bytes.
+const magicUnknownOutputLength = (1 << 32) - 1
+
+// maxOutputLength is the absolute maximum number of bytes to produce when the
+// number of output bytes is unknown.
+const maxOutputLength = (1 << 32) * 64
+
+// NewXOF creates a new variable-output-length hash. The hash either produce a
+// known number of bytes (1 <= size < 2**32-1), or an unknown number of bytes
+// (size == OutputLengthUnknown). In the latter case, an absolute limit of
+// 256GiB applies.
+//
+// A non-nil key turns the hash into a MAC. The key must between
+// zero and 32 bytes long.
+func NewXOF(size uint32, key []byte) (XOF, error) {
+	if len(key) > Size {
+		return nil, errKeySize
+	}
+	if size == magicUnknownOutputLength {
+		// 2^32-1 indicates an unknown number of bytes and thus isn't a
+		// valid length.
+		return nil, errors.New("blake2b: XOF length too large")
+	}
+	if size == OutputLengthUnknown {
+		size = magicUnknownOutputLength
+	}
+	x := &xof{
+		d: digest{
+			size:   Size,
+			keyLen: len(key),
+		},
+		length: size,
+	}
+	copy(x.d.key[:], key)
+	x.Reset()
+	return x, nil
+}
+
+type xof struct {
+	d                digest
+	length           uint32
+	remaining        uint64
+	cfg, root, block [Size]byte
+	offset           int
+	nodeOffset       uint32
+	readMode         bool
+}
+
+func (x *xof) Write(p []byte) (n int, err error) {
+	if x.readMode {
+		panic("blake2b: write to XOF after read")
+	}
+	return x.d.Write(p)
+}
+
+func (x *xof) Clone() XOF {
+	clone := *x
+	return &clone
+}
+
+func (x *xof) Reset() {
+	x.cfg[0] = byte(Size)
+	binary.LittleEndian.PutUint32(x.cfg[4:], uint32(Size)) // leaf length
+	binary.LittleEndian.PutUint32(x.cfg[12:], x.length)    // XOF length
+	x.cfg[17] = byte(Size)                                 // inner hash size
+
+	x.d.Reset()
+	x.d.h[1] ^= uint64(x.length) << 32
+
+	x.remaining = uint64(x.length)
+	if x.remaining == magicUnknownOutputLength {
+		x.remaining = maxOutputLength
+	}
+	x.offset, x.nodeOffset = 0, 0
+	x.readMode = false
+}
+
+func (x *xof) Read(p []byte) (n int, err error) {
+	if !x.readMode {
+		x.d.finalize(&x.root)
+		x.readMode = true
+	}
+
+	if x.remaining == 0 {
+		return 0, io.EOF
+	}
+
+	n = len(p)
+	if uint64(n) > x.remaining {
+		n = int(x.remaining)
+		p = p[:n]
+	}
+
+	if x.offset > 0 {
+		blockRemaining := Size - x.offset
+		if n < blockRemaining {
+			x.offset += copy(p, x.block[x.offset:])
+			x.remaining -= uint64(n)
+			return
+		}
+		copy(p, x.block[x.offset:])
+		p = p[blockRemaining:]
+		x.offset = 0
+		x.remaining -= uint64(blockRemaining)
+	}
+
+	for len(p) >= Size {
+		binary.LittleEndian.PutUint32(x.cfg[8:], x.nodeOffset)
+		x.nodeOffset++
+
+		x.d.initConfig(&x.cfg)
+		x.d.Write(x.root[:])
+		x.d.finalize(&x.block)
+
+		copy(p, x.block[:])
+		p = p[Size:]
+		x.remaining -= uint64(Size)
+	}
+
+	if todo := len(p); todo > 0 {
+		if x.remaining < uint64(Size) {
+			x.cfg[0] = byte(x.remaining)
+		}
+		binary.LittleEndian.PutUint32(x.cfg[8:], x.nodeOffset)
+		x.nodeOffset++
+
+		x.d.initConfig(&x.cfg)
+		x.d.Write(x.root[:])
+		x.d.finalize(&x.block)
+
+		x.offset = copy(p, x.block[:todo])
+		x.remaining -= uint64(todo)
+	}
+	return
+}
+
+func (d *digest) initConfig(cfg *[Size]byte) {
+	d.offset, d.c[0], d.c[1] = 0, 0, 0
+	for i := range d.h {
+		d.h[i] = iv[i] ^ binary.LittleEndian.Uint64(cfg[i*8:])
+	}
+}