Upgrade github.com/cloudflare/circl

go.mod

@@ -108,7 +108,7 @@ require (
 	github.com/andybalholm/brotli v1.1.1 // indirect
 	github.com/bits-and-blooms/bitset v1.10.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/cloudflare/circl v1.6.1 // indirect
+	github.com/cloudflare/circl v1.6.3 // indirect
 	github.com/coreos/go-iptables v0.7.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dblohm7/wingoes v0.0.0-20230929194252-e994401fc077 // indirect

go.sum

@@ -59,6 +59,8 @@ github.com/cilium/ebpf v0.11.0 h1:V8gS/bTCCjX9uUnkUFUpPsksM8n1lXBAvHcpiFk1X2Y=
 github.com/cilium/ebpf v0.11.0/go.mod h1:WE7CZAnqOL2RouJ4f1uyNhqr2P4CCvXFIqdRDUgWsVs=
 github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
 github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
+github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8=
+github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4=
 github.com/cognusion/go-cache-lru v0.0.0-20170419142635-f73e2280ecea h1:9C2rdYRp8Vzwhm3sbFX0yYfB+70zKFRjn7cnPCucHSw=
 github.com/cognusion/go-cache-lru v0.0.0-20170419142635-f73e2280ecea/go.mod h1:MdyNkAe06D7xmJsf+MsLvbZKYNXuOHLKJrvw+x4LlcQ=
 github.com/coreos/go-iptables v0.7.0 h1:XWM3V+MPRr5/q51NuWSgU0fqMad64Zyxs8ZUoMsamr8=

vendor/github.com/cloudflare/circl/hpke/shortkem.go

@@ -103,7 +103,7 @@ func (s shortKEM) GenerateKeyPair() (kem.PublicKey, kem.PrivateKey, error) {
 func (s shortKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error) {
 	key, err := s.Curve.NewPrivateKey(data)
 	if err != nil {
-		return nil, err
+		return nil, ErrInvalidKEMPrivateKey
 	}
 
 	return &shortKEMPrivKey{s, key}, nil
@@ -112,7 +112,7 @@ func (s shortKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error)
 func (s shortKEM) UnmarshalBinaryPublicKey(data []byte) (kem.PublicKey, error) {
 	key, err := s.Curve.NewPublicKey(data)
 	if err != nil {
-		return nil, err
+		return nil, ErrInvalidKEMPublicKey
 	}
 
 	return &shortKEMPubKey{s, *key}, nil

vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go

@@ -14,14 +14,14 @@ import "unsafe"
 type storageBuf [maxRate / 8]uint64
 
 func (b *storageBuf) asBytes() *[maxRate]byte {
-	return (*[maxRate]byte)(unsafe.Pointer(b))
+	return (*[maxRate]byte)(unsafe.Pointer(b)) //nolint:gosec
 }
 
 // xorInuses unaligned reads and writes to update d.a to contain d.a
 // XOR buf.
 func xorIn(d *State, buf []byte) {
 	n := len(buf)
-	bw := (*[maxRate / 8]uint64)(unsafe.Pointer(&buf[0]))[: n/8 : n/8]
+	bw := (*[maxRate / 8]uint64)(unsafe.Pointer(&buf[0]))[: n/8 : n/8] //nolint:gosec
 	if n >= 72 {
 		d.a[0] ^= bw[0]
 		d.a[1] ^= bw[1]
@@ -56,6 +56,6 @@ func xorIn(d *State, buf []byte) {
 }
 
 func copyOut(d *State, buf []byte) {
-	ab := (*[maxRate]uint8)(unsafe.Pointer(&d.a[0]))
+	ab := (*[maxRate]uint8)(unsafe.Pointer(&d.a[0])) //nolint:gosec
 	copy(buf, ab[:])
 }

vendor/github.com/cloudflare/circl/pke/kyber/internal/common/arm64.go

@@ -0,0 +1,83 @@
+//go:build arm64 && !purego
+// +build arm64,!purego
+
+package common
+
+// Sets p to a + b.  Does not normalize coefficients.
+func (p *Poly) Add(a, b *Poly) {
+	polyAddARM64(p, a, b)
+}
+
+// Sets p to a - b.  Does not normalize coefficients.
+func (p *Poly) Sub(a, b *Poly) {
+	polySubARM64(p, a, b)
+}
+
+// Executes an in-place forward "NTT" on p.
+//
+// Assumes the coefficients are in absolute value ≤q.  The resulting
+// coefficients are in absolute value ≤7q.  If the input is in Montgomery
+// form, then the result is in Montgomery form and so (by linearity of the NTT)
+// if the input is in regular form, then the result is also in regular form.
+// The order of coefficients will be "tangled". These can be put back into
+// their proper order by calling Detangle().
+func (p *Poly) NTT() {
+	p.nttGeneric()
+}
+
+// Executes an in-place inverse "NTT" on p and multiply by the Montgomery
+// factor R.
+//
+// Requires coefficients to be in "tangled" order, see Tangle().
+// Assumes the coefficients are in absolute value ≤q.  The resulting
+// coefficients are in absolute value ≤q.  If the input is in Montgomery
+// form, then the result is in Montgomery form and so (by linearity)
+// if the input is in regular form, then the result is also in regular form.
+func (p *Poly) InvNTT() {
+	p.invNTTGeneric()
+}
+
+// Sets p to the "pointwise" multiplication of a and b.
+//
+// That is: InvNTT(p) = InvNTT(a) * InvNTT(b).  Assumes a and b are in
+// Montgomery form.  Products between coefficients of a and b must be strictly
+// bounded in absolute value by 2¹⁵q.  p will be in Montgomery form and
+// bounded in absolute value by 2q.
+//
+// Requires a and b to be in "tangled" order, see Tangle().  p will be in
+// tangled order as well.
+func (p *Poly) MulHat(a, b *Poly) {
+	p.mulHatGeneric(a, b)
+}
+
+// Puts p into the right form to be used with (among others) InvNTT().
+func (p *Poly) Tangle() {
+	// In the generic implementation there is no advantage to using a
+	// different order, so we use the standard order everywhere.
+}
+
+// Puts p back into standard form.
+func (p *Poly) Detangle() {
+	// In the generic implementation there is no advantage to using a
+	// different order, so we use the standard order everywhere.
+}
+
+// Almost normalizes coefficients.
+//
+// Ensures each coefficient is in {0, …, q}.
+func (p *Poly) BarrettReduce() {
+	p.barrettReduceGeneric()
+}
+
+// Normalizes coefficients.
+//
+// Ensures each coefficient is in {0, …, q-1}.
+func (p *Poly) Normalize() {
+	p.normalizeGeneric()
+}
+
+//go:noescape
+func polyAddARM64(p, a, b *Poly)
+
+//go:noescape
+func polySubARM64(p, a, b *Poly)

vendor/github.com/cloudflare/circl/pke/kyber/internal/common/arm64.s

@@ -0,0 +1,53 @@
+//go:build arm64 && !purego
+
+#include "go_asm.h"
+#include "textflag.h"
+
+// func polyAddARM64(p, a, b *Poly)
+TEXT ·polyAddARM64(SB), NOSPLIT|NOFRAME, $0-24
+    MOVD    p+0(FP), R0
+    MOVD    a+8(FP), R1
+    MOVD    b+16(FP), R2
+
+    MOVW    $(const_N / 32), R3
+
+loop:
+    VLD1.P  (64)(R1), [V0.H8, V1.H8, V2.H8, V3.H8]
+    VLD1.P  (64)(R2), [V4.H8, V5.H8, V6.H8, V7.H8]
+
+    VADD    V4.H8, V0.H8, V0.H8
+    VADD    V5.H8, V1.H8, V1.H8
+    VADD    V6.H8, V2.H8, V2.H8
+    VADD    V7.H8, V3.H8, V3.H8
+
+    VST1.P  [V0.H8, V1.H8, V2.H8, V3.H8], (64)(R0)
+
+    SUBS    $1, R3, R3
+    BGT     loop
+
+    RET
+
+
+// func polySubARM64(p, a, b *Poly)
+TEXT ·polySubARM64(SB), NOSPLIT|NOFRAME, $0-24
+    MOVD    p+0(FP), R0
+    MOVD    a+8(FP), R1
+    MOVD    b+16(FP), R2
+
+    MOVW    $(const_N / 32), R3
+
+loop:
+    VLD1.P  (64)(R1), [V0.H8, V1.H8, V2.H8, V3.H8]
+    VLD1.P  (64)(R2), [V4.H8, V5.H8, V6.H8, V7.H8]
+
+    VSUB    V4.H8, V0.H8, V0.H8
+    VSUB    V5.H8, V1.H8, V1.H8
+    VSUB    V6.H8, V2.H8, V2.H8
+    VSUB    V7.H8, V3.H8, V3.H8
+
+    VST1.P  [V0.H8, V1.H8, V2.H8, V3.H8], (64)(R0)
+
+    SUBS    $1, R3, R3
+    BGT     loop
+
+    RET

vendor/github.com/cloudflare/circl/pke/kyber/internal/common/generic.go

@@ -1,5 +1,5 @@
-//go:build !amd64 || purego
-// +build !amd64 purego
+//go:build (!amd64 && !arm64) || purego
+// +build !amd64,!arm64 purego
 
 package common
 

vendor/github.com/cloudflare/circl/simd/keccakf1600/f1600x.go

@@ -76,7 +76,7 @@ func IsEnabledX2() bool { return enabledX2 }
 // If turbo is true, applies 12-round variant instead of the usual 24.
 func (s *StateX4) Initialize(turbo bool) []uint64 {
 	s.turbo = turbo
-	rp := unsafe.Pointer(&s.a[0])
+	rp := unsafe.Pointer(&s.a[0]) //nolint:gosec
 
 	// uint64s are always aligned by a multiple of 8.  Compute the remainder
 	// of the address modulo 32 divided by 8.
@@ -96,7 +96,7 @@ func (s *StateX4) Initialize(turbo bool) []uint64 {
 // If turbo is true, applies 12-round variant instead of the usual 24.
 func (s *StateX2) Initialize(turbo bool) []uint64 {
 	s.turbo = turbo
-	rp := unsafe.Pointer(&s.a[0])
+	rp := unsafe.Pointer(&s.a[0]) //nolint:gosec
 
 	// uint64s are always aligned by a multiple of 8.  Compute the remainder
 	// of the address modulo 32 divided by 8.

vendor/github.com/klauspost/cpuid/v2/CONTRIBUTING.txt

@@ -1,35 +1,35 @@
-Developer Certificate of Origin
-Version 1.1
-
-Copyright (C) 2015- Klaus Post & Contributors.
-Email: klauspost@gmail.com
-
-Everyone is permitted to copy and distribute verbatim copies of this
-license document, but changing it is not allowed.
-
-
-Developer's Certificate of Origin 1.1
-
-By making a contribution to this project, I certify that:
-
-(a) The contribution was created in whole or in part by me and I
-    have the right to submit it under the open source license
-    indicated in the file; or
-
-(b) The contribution is based upon previous work that, to the best
-    of my knowledge, is covered under an appropriate open source
-    license and I have the right under that license to submit that
-    work with modifications, whether created in whole or in part
-    by me, under the same open source license (unless I am
-    permitted to submit under a different license), as indicated
-    in the file; or
-
-(c) The contribution was provided directly to me by some other
-    person who certified (a), (b) or (c) and I have not modified
-    it.
-
-(d) I understand and agree that this project and the contribution
-    are public and that a record of the contribution (including all
-    personal information I submit with it, including my sign-off) is
-    maintained indefinitely and may be redistributed consistent with
-    this project or the open source license(s) involved.
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2015- Klaus Post & Contributors.
+Email: klauspost@gmail.com
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.

vendor/modules.txt

@@ -104,7 +104,7 @@ github.com/cespare/xxhash
 # github.com/cheekybits/genny v0.0.0-20170328200008-9127e812e1e9
 ## explicit
 github.com/cheekybits/genny/generic
-# github.com/cloudflare/circl v1.6.1
+# github.com/cloudflare/circl v1.6.3
 ## explicit; go 1.22.0
 github.com/cloudflare/circl/dh/x25519
 github.com/cloudflare/circl/dh/x448