From 78b7f8ead8b62015ecab983387f2aba8c75e1f09 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 13 Jul 2017 21:53:15 +0800
Subject: [PATCH 001/341] Initial commit
---
.gitignore | 14 ++
LICENSE | 674 +++++++++++++++++++++++++++++++++++++++++++++++++++++
README.md | 2 +
3 files changed, 690 insertions(+)
create mode 100644 .gitignore
create mode 100644 LICENSE
create mode 100644 README.md
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a1338d6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,14 @@
+# Binaries for programs and plugins
+*.exe
+*.dll
+*.so
+*.dylib
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
+.glide/
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..9cecc1d
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,674 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so. This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software. The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable. Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products. If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ {one line to give the program's name and a brief idea of what it does.}
+ Copyright (C) {year} {name of author}
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ {project} Copyright (C) {year} {fullname}
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+.
+
+ The GNU General Public License does not permit incorporating your program
+into proprietary programs. If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License. But first, please read
+.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..d35e75f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,2 @@
+# glider
+glider is a forward proxy with several protocols support.
From 668d5bc47038453e7798a6d840f6081058991a3f Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 13 Jul 2017 21:55:41 +0800
Subject: [PATCH 002/341] first commit
---
.gitignore | 4 +
README.md | 111 +++++++++++++
conn.go | 54 +++++++
direct.go | 24 +++
dnstun.go | 81 ++++++++++
http.go | 250 +++++++++++++++++++++++++++++
main.go | 165 +++++++++++++++++++
mixed.go | 105 +++++++++++++
proxy.go | 152 ++++++++++++++++++
redir.go | 114 ++++++++++++++
redir_win.go | 17 ++
socks5.go | 436 +++++++++++++++++++++++++++++++++++++++++++++++++++
ss.go | 116 ++++++++++++++
strategy.go | 82 ++++++++++
tcptun.go | 66 ++++++++
15 files changed, 1777 insertions(+)
create mode 100644 conn.go
create mode 100644 direct.go
create mode 100644 dnstun.go
create mode 100644 http.go
create mode 100644 main.go
create mode 100644 mixed.go
create mode 100644 proxy.go
create mode 100644 redir.go
create mode 100644 redir_win.go
create mode 100644 socks5.go
create mode 100644 ss.go
create mode 100644 strategy.go
create mode 100644 tcptun.go
diff --git a/.gitignore b/.gitignore
index a1338d6..f32a420 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,7 @@
# Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
.glide/
+
+# custom
+glider
+doc/
diff --git a/README.md b/README.md
index d35e75f..d46cf24 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,113 @@
# glider
glider is a forward proxy with several protocols support.
+
+## Install
+
+ go get -u github.com/nadoo/glider
+
+## Build
+
+ cd $GOPATH/src/github.com/nadoo/glider
+ go build
+
+## Usage
+```bash
+glider v0.1 usage:
+ -checksite string
+ proxy check address (default "www.apple.com:443")
+ -duration int
+ proxy check duration(seconds) (default 30)
+ -f value
+ forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]
+ -l value
+ listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT
+ -s string
+ forward strategy, default: rr (default "rr")
+ -v verbose mode
+
+Available Schemas:
+ mixed: serve as a http/socks5 proxy on the same port. (default)
+ ss: ss proxy
+ socks5: socks5 proxy
+ http: http proxy
+ redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)
+ tcptun: a simple tcp tunnel
+ dnstun: listen on udp port and forward all dns requests to remote dns server via forwarders(tcp)
+
+Available schemas for different modes:
+ listen: mixed ss socks5 http redir tcptun dnstun
+ forward: ss socks5 http
+
+Available methods for ss:
+ AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20
+
+Available forward strategies:
+ rr: Round Robin mode
+ ha: High Availability mode
+
+Examples:
+ glider -l :8443 -v
+ -listen on :8443, serve as http/socks5 proxy on the same port.
+
+ glider -l ss://AEAD_CHACHA20_POLY1305:pass@:8443
+ -listen on 0.0.0.0:8443 as a shadowsocks server.
+
+ glider -l socks5://:1080 -v
+ -listen on :1080 as a socks5 proxy server, in verbose mode.
+
+ glider -l http://:8080 -f socks5://127.0.0.1:1080 -v
+ -listen on :8080 as a http proxy server, forward all requests via socks5 server.
+
+ glider -l redir://:1081 -f ss://method:pass@1.1.1.1:443
+ -listen on :1081 as a transparent redirect server, forward all requests via remote ss server.
+
+ glider -l tcptun://:80=2.2.2.2:80 -f ss://method:pass@1.1.1.1:443
+ -listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.
+
+ glider -l socks5://:1080 -l http://:8080 -f ss://method:pass@1.1.1.1:443
+ -listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.
+
+ glider -l redir://:1081 -l dnstun://:53=8.8.8.8:53 -f ss://method:pass@server1:port1,ss://method:pass@server2:port2
+ -listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.
+
+ glider -l socks5://:1080 -f ss://method:pass@server1:port1 -f ss://method:pass@server2:port2 -s rr
+ -listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.
+
+ glider -l mixed://:8443 -f ss://method:pass@server1:port1
+ -listen on :8443, serve as http/socks5 proxy, forward requests via server1.
+
+ glider -l mixed://:8443?http=1.1.1.1:80 -f ss://method:pass@server1:port1
+ -listen on :8443, serve as socks5 proxy, and forward all HTTP requests to 1.1.1.1:80.
+```
+
+## Service
+```bash
+cd /etc/systemd/system/
+vim glider.service
+```
+
+```bash
+[Unit]
+Description=glider
+After=network.target
+
+[Service]
+Type=simple
+ExecStartPre=/bin/mkdir -p /run/glider
+ExecStartPre=/bin/chown nobody:nobody /run/glider
+ExecStart=/opt/glider/glider -l redir://:7070 -l dnstun://:5353=8.8.8.8:53 -f ss://AEAD_CHACHA20_POLY1305:pass@yourhost:8443
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStop=/bin/kill -INT $MAINPID
+Restart=always
+User=nobody
+Group=nobody
+UMask=0027
+
+[Install]
+WantedBy=multi-user.target
+```
+
+```bash
+systemctl enable glider.service
+systemctl start glider.service
+```
diff --git a/conn.go b/conn.go
new file mode 100644
index 0000000..944e6ef
--- /dev/null
+++ b/conn.go
@@ -0,0 +1,54 @@
+package main
+
+import (
+ "bufio"
+ "io"
+ "net"
+ "time"
+)
+
+type conn struct {
+ r *bufio.Reader
+ net.Conn
+}
+
+func newConn(c net.Conn) conn {
+ return conn{bufio.NewReader(c), c}
+}
+
+func newConnSize(c net.Conn, n int) conn {
+ return conn{bufio.NewReaderSize(c, n), c}
+}
+
+func (c conn) Peek(n int) ([]byte, error) {
+ return c.r.Peek(n)
+}
+
+func (c conn) Read(p []byte) (int, error) {
+ return c.r.Read(p)
+}
+
+func relay(left, right net.Conn) (int64, int64, error) {
+ type res struct {
+ N int64
+ Err error
+ }
+ ch := make(chan res)
+
+ go func() {
+ n, err := io.Copy(right, left)
+ right.SetDeadline(time.Now()) // wake up the other goroutine blocking on right
+ left.SetDeadline(time.Now()) // wake up the other goroutine blocking on left
+ ch <- res{n, err}
+ }()
+
+ n, err := io.Copy(left, right)
+ right.SetDeadline(time.Now()) // wake up the other goroutine blocking on right
+ left.SetDeadline(time.Now()) // wake up the other goroutine blocking on left
+ rs := <-ch
+
+ if err == nil {
+ err = rs.Err
+ }
+ return n, rs.N, err
+}
diff --git a/direct.go b/direct.go
new file mode 100644
index 0000000..ceda39e
--- /dev/null
+++ b/direct.go
@@ -0,0 +1,24 @@
+package main
+
+import "net"
+
+// direct proxy
+type direct struct {
+ Proxy
+}
+
+// Direct proxy
+var Direct = &direct{Proxy: &proxy{addr: "127.0.0.1"}}
+
+// Direct proxy always enabled
+func (d *direct) Enabled() bool {
+ return true
+}
+
+func (d *direct) Dial(network, addr string) (net.Conn, error) {
+ c, err := net.Dial(network, addr)
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+ return c, err
+}
diff --git a/dnstun.go b/dnstun.go
new file mode 100644
index 0000000..f966878
--- /dev/null
+++ b/dnstun.go
@@ -0,0 +1,81 @@
+package main
+
+import (
+ "encoding/binary"
+ "io/ioutil"
+ "net"
+)
+
+type dnstun struct {
+ Proxy
+ addr string
+ raddr string
+}
+
+// DNSTunProxy returns a dns forwarder. client -> dns.udp -> glider -> forwarder -> remote dns addr
+func DNSTunProxy(addr, raddr string, upProxy Proxy) (Proxy, error) {
+ s := &dnstun{
+ Proxy: upProxy,
+ addr: addr,
+ raddr: raddr,
+ }
+
+ return s, nil
+}
+
+// ListenAndServe redirected requests as a server.
+func (s *dnstun) ListenAndServe() {
+ l, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ logf("failed to listen on %s: %v", s.addr, err)
+ return
+ }
+
+ logf("listening UDP on %s", s.addr)
+
+ for {
+ defer l.Close()
+
+ data := make([]byte, 512)
+ n, clientAddr, err := l.ReadFrom(data)
+ if err != nil {
+ logf("DNS local read error: %v", err)
+ continue
+ }
+
+ data = data[:n]
+ go func() {
+ rc, err := s.GetProxy().Dial("tcp", s.raddr)
+ if err != nil {
+ logf("failed to connect to server %v: %v", s.raddr, err)
+ return
+ }
+ defer rc.Close()
+
+ logf("proxy-dnstun %s[dns.udp] <-> %s[dns.tcp]", clientAddr.String(), s.raddr)
+
+ // 2 bytes length after tcp header, before dns message
+ length := make([]byte, 2)
+ binary.BigEndian.PutUint16(length, uint16(len(data)))
+ rc.Write(length)
+ rc.Write(data)
+
+ buf, err := ioutil.ReadAll(rc)
+ if err != nil {
+ logf("error in ioutil.ReadAll: %s\n", err)
+ return
+ }
+
+ // length is not needed in udp dns response. (2 bytes)
+ // SEE RFC1035, section 4.2.2 TCP: The message is prefixed with a two byte length field which gives the message length, excluding the two byte length field.
+ if len(buf) > 2 {
+ msg := buf[2:]
+ _, err = l.WriteTo(msg, clientAddr)
+ if err != nil {
+ logf("error in local write: %s\n", err)
+ }
+ }
+
+ }()
+ }
+}
diff --git a/http.go b/http.go
new file mode 100644
index 0000000..d7134b0
--- /dev/null
+++ b/http.go
@@ -0,0 +1,250 @@
+// http proxy
+// NOTE: never keep-alive so the implementation can be much easier.
+
+package main
+
+import (
+ "bufio"
+ "bytes"
+ "fmt"
+ "io"
+ "net"
+ "net/textproto"
+ "net/url"
+ "strings"
+ "time"
+)
+
+// httpproxy
+type httpproxy struct {
+ Proxy
+ addr string
+}
+
+// HTTPProxy returns a http proxy.
+func HTTPProxy(addr string, upProxy Proxy) (Proxy, error) {
+ s := &httpproxy{
+ Proxy: upProxy,
+ addr: addr,
+ }
+
+ return s, nil
+}
+
+// ListenAndServe .
+func (s *httpproxy) ListenAndServe() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ logf("failed to listen on %s: %v", s.addr, err)
+ return
+ }
+
+ logf("listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ logf("failed to accept: %v", err)
+ continue
+ }
+
+ go s.Serve(c)
+ }
+}
+
+// Serve .
+func (s *httpproxy) Serve(c net.Conn) {
+
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ reqR := bufio.NewReader(c)
+ reqTP := textproto.NewReader(reqR)
+ method, requestURI, proto, ok := parseFirstLine(reqTP)
+ if !ok {
+ return
+ }
+
+ if method == "CONNECT" {
+ s.servHTTPS(method, requestURI, proto, c)
+ return
+ }
+
+ reqHeader, err := reqTP.ReadMIMEHeader()
+ if err != nil {
+ logf("read header error:%s", err)
+ return
+ }
+ cleanHeaders(reqHeader)
+ // tell the remote server not to keep alive
+ reqHeader.Set("Connection", "close")
+
+ url, err := url.ParseRequestURI(requestURI)
+ if err != nil {
+ logf("parse request url error: %s", err)
+ return
+ }
+
+ var tgt = url.Host
+ if !strings.Contains(url.Host, ":") {
+ tgt += ":80"
+ }
+
+ rc, err := s.GetProxy().Dial("tcp", tgt)
+ if err != nil {
+ fmt.Fprintf(c, "%s 502 ERROR\r\n\r\n", proto)
+ logf("failed to dial: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ // GET http://example.com/a/index.htm HTTP/1.1 -->
+ // GET /a/index.htm HTTP/1.1
+ url.Scheme = ""
+ url.Host = ""
+ uri := url.String()
+
+ var reqBuf bytes.Buffer
+ writeFirstLine(method, uri, proto, &reqBuf)
+ writeHeaders(reqHeader, &reqBuf)
+
+ // send request to remote server
+ rc.Write(reqBuf.Bytes())
+
+ // copy the left request bytes to remote server. eg. length specificed or chunked body.
+ go func() {
+ io.Copy(rc, reqR)
+ rc.SetDeadline(time.Now())
+ c.SetDeadline(time.Now())
+ }()
+
+ respR := bufio.NewReader(rc)
+ respTP := textproto.NewReader(respR)
+ proto, code, status, ok := parseFirstLine(respTP)
+ if !ok {
+ return
+ }
+
+ respHeader, err := respTP.ReadMIMEHeader()
+ if err != nil {
+ logf("read header error:%s", err)
+ return
+ }
+
+ respHeader.Set("Proxy-Connection", "close")
+ respHeader.Set("Connection", "close")
+
+ var respBuf bytes.Buffer
+ writeFirstLine(proto, code, status, &respBuf)
+ writeHeaders(respHeader, &respBuf)
+
+ logf("proxy-http %s <-> %s", c.RemoteAddr(), tgt)
+ c.Write(respBuf.Bytes())
+
+ io.Copy(c, respR)
+
+}
+
+func (s *httpproxy) servHTTPS(method, requestURI, proto string, c net.Conn) {
+ rc, err := s.GetProxy().Dial("tcp", requestURI)
+ if err != nil {
+ c.Write([]byte(proto))
+ c.Write([]byte(" 502 ERROR\r\n\r\n"))
+ logf("failed to dial: %v", err)
+ return
+ }
+ c.Write([]byte("HTTP/1.0 200 Connection established\r\n\r\n"))
+
+ logf("proxy-https %s <-> %s", c.RemoteAddr(), requestURI)
+
+ _, _, err = relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ logf("relay error: %v", err)
+ }
+}
+
+// Dial connects to the address addr on the network net via the proxy.
+func (s *httpproxy) Dial(network, addr string) (net.Conn, error) {
+ c, err := s.GetProxy().Dial("tcp", s.addr)
+ if err != nil {
+ logf("dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ c.Write([]byte("CONNECT " + addr + " HTTP/1.0\r\n"))
+ // c.Write([]byte("Proxy-Connection: Keep-Alive\r\n"))
+
+ var b [1024]byte
+ n, err := c.Read(b[:])
+ if bytes.Contains(b[:n], []byte("200")) {
+ return c, err
+ }
+
+ return nil, err
+}
+
+// parseFirstLine parses "GET /foo HTTP/1.1" OR "HTTP/1.1 200 OK" into its three parts.
+func parseFirstLine(tp *textproto.Reader) (r1, r2, r3 string, ok bool) {
+ line, err := tp.ReadLine()
+ // logf("first line: %s", line)
+ if err != nil {
+ logf("read request line error:%s", err)
+ return
+ }
+
+ s1 := strings.Index(line, " ")
+ s2 := strings.Index(line[s1+1:], " ")
+ if s1 < 0 || s2 < 0 {
+ return
+ }
+ s2 += s1 + 1
+ return line[:s1], line[s1+1 : s2], line[s2+1:], true
+}
+
+func cleanHeaders(header textproto.MIMEHeader) {
+ header.Del("Proxy-Connection")
+ header.Del("Connection")
+ header.Del("Keep-Alive")
+ header.Del("Proxy-Authenticate")
+ header.Del("Proxy-Authorization")
+ header.Del("TE")
+ header.Del("Trailers")
+ header.Del("Transfer-Encoding")
+ header.Del("Upgrade")
+}
+
+func writeFirstLine(s1, s2, s3 string, buf *bytes.Buffer) {
+ buf.Write([]byte(s1))
+ buf.Write([]byte(" "))
+ buf.Write([]byte(s2))
+ buf.Write([]byte(" "))
+ buf.Write([]byte(s3))
+ buf.Write([]byte("\r\n"))
+}
+
+func writeHeaders(header textproto.MIMEHeader, buf *bytes.Buffer) {
+ for key, values := range header {
+ buf.Write([]byte(key))
+ buf.Write([]byte(": "))
+ for k, v := range values {
+ buf.Write([]byte(v))
+ if k > 0 {
+ buf.Write([]byte(" "))
+ }
+ }
+ buf.Write([]byte("\r\n"))
+ }
+
+ //header ended
+ buf.Write([]byte("\r\n"))
+}
diff --git a/main.go b/main.go
new file mode 100644
index 0000000..d9071d8
--- /dev/null
+++ b/main.go
@@ -0,0 +1,165 @@
+package main
+
+import (
+ "flag"
+ "fmt"
+ "log"
+ "os"
+ "os/signal"
+ "strings"
+ "syscall"
+)
+
+const version = "0.1"
+
+var config struct {
+ Verbose bool
+ Strategy string
+ CheckSite string
+ CheckDuration int
+}
+
+func logf(f string, v ...interface{}) {
+ if config.Verbose {
+ log.Printf(f, v...)
+ }
+}
+
+func usage() {
+ app := os.Args[0]
+ fmt.Fprintf(os.Stderr, "%s v%s usage:\n", app, version)
+ flag.PrintDefaults()
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "Available Schemas:\n")
+ fmt.Fprintf(os.Stderr, " mixed: serve as a http/socks5 proxy on the same port. (default)\n")
+ fmt.Fprintf(os.Stderr, " ss: ss proxy\n")
+ fmt.Fprintf(os.Stderr, " socks5: socks5 proxy\n")
+ fmt.Fprintf(os.Stderr, " http: http proxy\n")
+ fmt.Fprintf(os.Stderr, " redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)\n")
+ fmt.Fprintf(os.Stderr, " tcptun: a simple tcp tunnel\n")
+ fmt.Fprintf(os.Stderr, " dnstun: listen on udp port and forward all dns requests to remote dns server via forwarders(tcp)\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "Available schemas for different modes:\n")
+ fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir tcptun dnstun\n")
+ fmt.Fprintf(os.Stderr, " forward: ss socks5 http\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "Available methods for ss:\n")
+ fmt.Fprintf(os.Stderr, " "+ListCipher())
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "Available forward strategies:\n")
+ fmt.Fprintf(os.Stderr, " rr: Round Robin mode\n")
+ fmt.Fprintf(os.Stderr, " ha: High Availability mode\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "Examples:\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l :8443 -v\n")
+ fmt.Fprintf(os.Stderr, " -listen on :8443, serve as http/socks5 proxy on the same port.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l ss://AEAD_CHACHA20_POLY1305:pass@:8443\n")
+ fmt.Fprintf(os.Stderr, " -listen on 0.0.0.0:8443 as a shadowsocks server.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l socks5://:1080 -v\n")
+ fmt.Fprintf(os.Stderr, " -listen on :1080 as a socks5 proxy server, in verbose mode.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l http://:8080 -f socks5://127.0.0.1:1080 -v\n")
+ fmt.Fprintf(os.Stderr, " -listen on :8080 as a http proxy server, forward all requests via socks5 server.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l redir://:1081 -f ss://method:pass@1.1.1.1:443\n")
+ fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote ss server.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l tcptun://:80=2.2.2.2:80 -f ss://method:pass@1.1.1.1:443\n")
+ fmt.Fprintf(os.Stderr, " -listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l socks5://:1080 -l http://:8080 -f ss://method:pass@1.1.1.1:443\n")
+ fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l redir://:1081 -l dnstun://:53=8.8.8.8:53 -f ss://method:pass@server1:port1,ss://method:pass@server2:port2\n")
+ fmt.Fprintf(os.Stderr, " -listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l socks5://:1080 -f ss://method:pass@server1:port1 -f ss://method:pass@server2:port2 -s rr\n")
+ fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l mixed://:8443 -f ss://method:pass@server1:port1\n")
+ fmt.Fprintf(os.Stderr, " -listen on :8443, serve as http/socks5 proxy, forward requests via server1.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l mixed://:8443?http=1.1.1.1:80 -f ss://method:pass@server1:port1\n")
+ fmt.Fprintf(os.Stderr, " -listen on :8443, serve as socks5 proxy, and forward all HTTP requests to 1.1.1.1:80.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+}
+
+type arrFlags []string
+
+// implement flag.Value interface
+func (i *arrFlags) String() string {
+ return ""
+}
+
+// implement flag.Value interface
+func (i *arrFlags) Set(value string) error {
+ *i = append(*i, value)
+ return nil
+}
+
+func main() {
+
+ var flags struct {
+ Listen arrFlags
+ Forward arrFlags
+ }
+
+ flag.BoolVar(&config.Verbose, "v", false, "verbose mode")
+ flag.StringVar(&config.Strategy, "s", "rr", "forward strategy, default: rr")
+ flag.StringVar(&config.CheckSite, "checksite", "www.apple.com:443", "proxy check address")
+ flag.IntVar(&config.CheckDuration, "duration", 30, "proxy check duration(seconds)")
+
+ flag.Var(&flags.Listen, "l", "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
+ flag.Var(&flags.Forward, "f", "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
+
+ flag.Usage = usage
+ flag.Parse()
+
+ if len(flags.Listen) == 0 {
+ flag.Usage()
+ fmt.Fprintf(os.Stderr, "ERROR: listen url must be specified.\n")
+ return
+ }
+
+ var forwarders []Proxy
+ if len(flags.Forward) > 0 {
+ var err error
+ for _, chain := range flags.Forward {
+ var forward Proxy
+ for _, url := range strings.Split(chain, ",") {
+ forward, err = ProxyFromURL(url, forward)
+ if err != nil {
+ log.Fatal(err)
+ }
+ }
+ forwarders = append(forwarders, forward)
+ }
+ }
+
+ for _, forward := range forwarders {
+ go check(forward, config.CheckSite, config.CheckDuration)
+ }
+
+ if len(flags.Listen) > 0 {
+ for _, listen := range flags.Listen {
+ local, err := ProxyFromURL(listen, forwarders...)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ go local.ListenAndServe()
+ }
+ }
+
+ sigCh := make(chan os.Signal, 1)
+ signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
+ <-sigCh
+}
diff --git a/mixed.go b/mixed.go
new file mode 100644
index 0000000..a9a739c
--- /dev/null
+++ b/mixed.go
@@ -0,0 +1,105 @@
+package main
+
+import (
+ "bytes"
+ "net"
+)
+
+// https://www.ietf.org/rfc/rfc2616.txt, http methods must be uppercase.
+var httpMethods = [][]byte{
+ []byte("GET"),
+ []byte("POST"),
+ []byte("PUT"),
+ []byte("DELETE"),
+ []byte("CONNECT"),
+ []byte("HEAD"),
+ []byte("OPTIONS"),
+ []byte("TRACE"),
+}
+
+// mixedproxy
+type mixedproxy struct {
+ Proxy
+ http Proxy
+ socks5 Proxy
+ ss Proxy
+}
+
+// MixedProxy returns a http mixed proxy.
+func MixedProxy(network, addr, user, pass string, upProxy Proxy) (Proxy, error) {
+ p := &mixedproxy{
+ Proxy: upProxy,
+ }
+
+ p.http, _ = HTTPProxy(addr, upProxy)
+ p.socks5, _ = SOCKS5Proxy(network, addr, user, pass, upProxy)
+
+ if user != "" && pass != "" {
+ p.ss, _ = SSProxy(user, pass, upProxy)
+ }
+
+ return p, nil
+}
+
+// mixedproxy .
+func (p *mixedproxy) ListenAndServe() {
+ l, err := net.Listen("tcp", p.Addr())
+ if err != nil {
+ logf("failed to listen on %s: %v", p.Addr(), err)
+ return
+ }
+
+ logf("listening TCP on %s", p.Addr())
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ logf("failed to accept: %v", err)
+ continue
+ }
+
+ go func() {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ c := newConn(c)
+
+ if p.socks5 != nil {
+ head, err := c.Peek(1)
+ if err != nil {
+ logf("peek error: %s", err)
+ return
+ }
+
+ // check socks5, client send socksversion: 5 as the first byte
+ if head[0] == socks5Version {
+ p.socks5.Serve(c)
+ return
+ }
+ }
+
+ if p.http != nil {
+ head, err := c.Peek(8)
+ if err != nil {
+ logf("peek error: %s", err)
+ return
+ }
+
+ for _, method := range httpMethods {
+ if bytes.HasPrefix(head, method) {
+ p.http.Serve(c)
+ return
+ }
+ }
+ }
+
+ if p.ss != nil {
+ p.ss.Serve(c)
+ }
+
+ }()
+ }
+}
diff --git a/proxy.go b/proxy.go
new file mode 100644
index 0000000..5c45b48
--- /dev/null
+++ b/proxy.go
@@ -0,0 +1,152 @@
+package main
+
+import (
+ "errors"
+ "net"
+ "net/url"
+ "strings"
+ "time"
+)
+
+// A Proxy means to establish a connection and relay it.
+type Proxy interface {
+ // ListenAndServe as proxy server, use only in server mode.
+ ListenAndServe()
+
+ // Serve as proxy server, use only in server mode.
+ Serve(c net.Conn)
+
+ // Get address
+ Addr() string
+
+ // Get current proxy
+ CurrentProxy() Proxy
+
+ // Get a proxy according to the strategy
+ GetProxy() Proxy
+
+ // Switch to the next proxy
+ NextProxy() Proxy
+
+ // Get the status of proxy
+ Enabled() bool
+
+ // Set the proxy status
+ SetEnable(enable bool)
+
+ // Dial connects to the given address via the proxy.
+ Dial(network, addr string) (c net.Conn, err error)
+}
+
+// proxy
+type proxy struct {
+ addr string
+ forward Proxy
+ enabled bool
+}
+
+// newProxy .
+func newProxy(addr string, forward Proxy) Proxy {
+ if forward == nil {
+ forward = Direct
+ }
+
+ return &proxy{addr: addr, forward: forward, enabled: false}
+}
+
+func (p *proxy) ListenAndServe() { logf("base proxy ListenAndServe") }
+func (p *proxy) Serve(c net.Conn) { logf("base proxy Serve") }
+func (p *proxy) CurrentProxy() Proxy { return p.forward }
+func (p *proxy) GetProxy() Proxy { return p.forward }
+func (p *proxy) NextProxy() Proxy { return p.forward }
+func (p *proxy) Enabled() bool { return p.enabled }
+func (p *proxy) SetEnable(enable bool) { p.enabled = enable }
+func (p *proxy) Addr() string { return p.addr }
+
+func (p *proxy) Dial(network, addr string) (net.Conn, error) {
+ return p.forward.Dial(network, addr)
+}
+
+// ProxyFromURL parses url and get a Proxy
+// TODO: table
+func ProxyFromURL(s string, forwarders ...Proxy) (Proxy, error) {
+ if !strings.Contains(s, "://") {
+ s = "mixed://" + s
+ }
+
+ u, err := url.Parse(s)
+ if err != nil {
+ logf("parse err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+ var user, pass string
+ if u.User != nil {
+ user = u.User.Username()
+ pass, _ = u.User.Password()
+ }
+
+ var proxy Proxy
+ if forwarders == nil || len(forwarders) == 0 {
+ proxy = newProxy(addr, Direct)
+ } else if len(forwarders) == 1 {
+ proxy = newProxy(addr, forwarders[0])
+ } else if len(forwarders) > 1 {
+ switch config.Strategy {
+ case "rr":
+ proxy = newRRProxy(addr, forwarders)
+ logf("forward to remote servers in round robin mode.")
+ case "ha":
+ proxy = newHAProxy(addr, forwarders)
+ logf("forward to remote servers in high availability mode.")
+ default:
+ logf("not supported forward mode '%s', just use the first forward server.", config.Strategy)
+ proxy = newProxy(addr, forwarders[0])
+ }
+ }
+
+ switch u.Scheme {
+ case "ss":
+ p, err := SSProxy(user, pass, proxy)
+ return p, err
+ case "socks5":
+ return SOCKS5Proxy("tcp", addr, user, pass, proxy)
+ case "redir":
+ return RedirProxy(addr, proxy)
+ case "tcptun":
+ d := strings.Split(addr, "=")
+ return TCPTunProxy(d[0], d[1], proxy)
+ case "dnstun":
+ d := strings.Split(addr, "=")
+ return DNSTunProxy(d[0], d[1], proxy)
+ case "http":
+ return HTTPProxy(addr, proxy)
+ case "mixed":
+ return MixedProxy("tcp", addr, user, pass, proxy)
+ }
+
+ return nil, errors.New("unknown schema '" + u.Scheme + "'")
+}
+
+// Check proxy
+func check(p Proxy, target string, duration int) {
+ firstTime := true
+ for {
+ if !firstTime {
+ time.Sleep(time.Duration(duration) * time.Second)
+ }
+ firstTime = false
+
+ c, err := p.Dial("tcp", target)
+ if err != nil {
+ logf("proxy %s check error: %s, set to disabled.", p.Addr(), err)
+ p.SetEnable(false)
+ continue
+ }
+ defer c.Close()
+
+ p.SetEnable(true)
+ logf("proxy %s check ok.", p.Addr())
+ }
+}
diff --git a/redir.go b/redir.go
new file mode 100644
index 0000000..aad33ed
--- /dev/null
+++ b/redir.go
@@ -0,0 +1,114 @@
+// +build !windows
+
+package main
+
+import (
+ "errors"
+ "fmt"
+ "net"
+ "syscall"
+)
+
+const SO_ORIGINAL_DST = 80
+
+type redir struct {
+ Proxy
+ addr string
+}
+
+// RedirProxy returns a redirect proxy.
+func RedirProxy(addr string, upProxy Proxy) (Proxy, error) {
+ s := &redir{
+ Proxy: upProxy,
+ addr: addr,
+ }
+
+ return s, nil
+}
+
+// ListenAndServe redirected requests as a server.
+func (s *redir) ListenAndServe() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ logf("failed to listen on %s: %v", s.addr, err)
+ return
+ }
+
+ logf("listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ logf("failed to accept: %v", err)
+ continue
+ }
+
+ go func() {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ tgt, c, err := getOriginalDstAddr(c)
+ if err != nil {
+ logf("failed to get target address: %v", err)
+ return
+ }
+
+ rc, err := s.GetProxy().Dial("tcp", tgt.String())
+ if err != nil {
+ logf("failed to connect to target: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ logf("proxy-redir %s <-> %s", c.RemoteAddr(), tgt)
+ // go io.Copy(rc, c)
+ // io.Copy(c, rc)
+
+ _, _, err = relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ logf("relay error: %v", err)
+ }
+
+ }()
+ }
+}
+
+func getOriginalDstAddr(conn net.Conn) (addr net.Addr, c *net.TCPConn, err error) {
+ defer conn.Close()
+
+ fc, err := conn.(*net.TCPConn).File()
+ if err != nil {
+ return
+ }
+ defer fc.Close()
+
+ mreq, err := syscall.GetsockoptIPv6Mreq(int(fc.Fd()), syscall.IPPROTO_IP, SO_ORIGINAL_DST)
+ if err != nil {
+ return
+ }
+
+ // only ipv4 support
+ ip := net.IPv4(mreq.Multiaddr[4], mreq.Multiaddr[5], mreq.Multiaddr[6], mreq.Multiaddr[7])
+ port := uint16(mreq.Multiaddr[2])<<8 + uint16(mreq.Multiaddr[3])
+ addr, err = net.ResolveTCPAddr("tcp4", fmt.Sprintf("%s:%d", ip.String(), port))
+ if err != nil {
+ return
+ }
+
+ cc, err := net.FileConn(fc)
+ if err != nil {
+ return
+ }
+
+ c, ok := cc.(*net.TCPConn)
+ if !ok {
+ err = errors.New("not a TCP connection")
+ }
+ return
+}
diff --git a/redir_win.go b/redir_win.go
new file mode 100644
index 0000000..c6227b1
--- /dev/null
+++ b/redir_win.go
@@ -0,0 +1,17 @@
+// +build windows
+
+package main
+
+import "log"
+
+type redir struct{ Proxy }
+
+// RedirProxy returns a redirect proxy.
+func RedirProxy(addr string, upProxy Proxy) (Proxy, error) {
+ return &redir{Proxy: upProxy}, nil
+}
+
+// ListenAndServe redirected requests as a server.
+func (s *redir) ListenAndServe() {
+ log.Fatal("redir not supported on windows")
+}
diff --git a/socks5.go b/socks5.go
new file mode 100644
index 0000000..6043b43
--- /dev/null
+++ b/socks5.go
@@ -0,0 +1,436 @@
+// socks5 client:
+// https://github.com/golang/net/tree/master/proxy
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// socks5 server:
+// https://github.com/shadowsocks/go-shadowsocks2/tree/master/socks
+
+package main
+
+import (
+ "errors"
+ "io"
+ "net"
+ "strconv"
+)
+
+const socks5Version = 5
+
+const (
+ socks5AuthNone = 0
+ socks5AuthPassword = 2
+)
+
+// SOCKS request commands as defined in RFC 1928 section 4.
+const (
+ socks5Connect = 1
+ socks5Bind = 2
+ socks5UDPAssociate = 3
+)
+
+// SOCKS address types as defined in RFC 1928 section 5.
+const (
+ socks5IP4 = 1
+ socks5Domain = 3
+ socks5IP6 = 4
+)
+
+// MaxAddrLen is the maximum size of SOCKS address in bytes.
+const MaxAddrLen = 1 + 1 + 255 + 2
+
+// Addr represents a SOCKS address as defined in RFC 1928 section 5.
+type Addr []byte
+
+var socks5Errors = []string{
+ "",
+ "general failure",
+ "connection forbidden",
+ "network unreachable",
+ "host unreachable",
+ "connection refused",
+ "TTL expired",
+ "command not supported",
+ "address type not supported",
+}
+
+type socks5 struct {
+ Proxy
+ network, addr string
+ user, password string
+}
+
+// SOCKS5Proxy returns a Proxy that makes SOCKSv5 connections to the given address
+// with an optional username and password. See RFC 1928.
+func SOCKS5Proxy(network, addr, user, pass string, upProxy Proxy) (Proxy, error) {
+ s := &socks5{
+ Proxy: upProxy,
+ addr: addr,
+ user: user,
+ password: pass,
+ }
+
+ return s, nil
+}
+
+// ListenAndServe connects to the address addr on the network net via the SOCKS5 proxy.
+func (s *socks5) ListenAndServe() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ logf("failed to listen on %s: %v", s.addr, err)
+ return
+ }
+
+ logf("listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ logf("failed to accept: %v", err)
+ continue
+ }
+
+ go s.Serve(c)
+ }
+}
+
+func (s *socks5) Serve(c net.Conn) {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ tgt, err := s.handshake(c)
+ if err != nil {
+ logf("failed to get target address: %v", err)
+ return
+ }
+
+ rc, err := s.GetProxy().Dial("tcp", tgt.String())
+ if err != nil {
+ logf("failed to connect to target: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ logf("proxy-socks5 %s <-> %s", c.RemoteAddr(), tgt)
+
+ _, _, err = relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ logf("relay error: %v", err)
+ }
+}
+
+// Dial connects to the address addr on the network net via the SOCKS5 proxy.
+func (s *socks5) Dial(network, addr string) (net.Conn, error) {
+ switch network {
+ case "tcp", "tcp6", "tcp4":
+ default:
+ return nil, errors.New("proxy: no support for SOCKS5 proxy connections of type " + network)
+ }
+
+ c, err := s.GetProxy().Dial(s.network, s.addr)
+ if err != nil {
+ logf("dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ if err := s.connect(c, addr); err != nil {
+ c.Close()
+ return nil, err
+ }
+
+ return c, nil
+}
+
+// connect takes an existing connection to a socks5 proxy server,
+// and commands the server to extend that connection to target,
+// which must be a canonical address with a host and port.
+func (s *socks5) connect(conn net.Conn, target string) error {
+ host, portStr, err := net.SplitHostPort(target)
+ if err != nil {
+ return err
+ }
+
+ port, err := strconv.Atoi(portStr)
+ if err != nil {
+ return errors.New("proxy: failed to parse port number: " + portStr)
+ }
+ if port < 1 || port > 0xffff {
+ return errors.New("proxy: port number out of range: " + portStr)
+ }
+
+ // the size here is just an estimate
+ buf := make([]byte, 0, 6+len(host))
+
+ buf = append(buf, socks5Version)
+ if len(s.user) > 0 && len(s.user) < 256 && len(s.password) < 256 {
+ buf = append(buf, 2 /* num auth methods */, socks5AuthNone, socks5AuthPassword)
+ } else {
+ buf = append(buf, 1 /* num auth methods */, socks5AuthNone)
+ }
+
+ if _, err := conn.Write(buf); err != nil {
+ return errors.New("proxy: failed to write greeting to SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ if _, err := io.ReadFull(conn, buf[:2]); err != nil {
+ return errors.New("proxy: failed to read greeting from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+ if buf[0] != 5 {
+ return errors.New("proxy: SOCKS5 proxy at " + s.addr + " has unexpected version " + strconv.Itoa(int(buf[0])))
+ }
+ if buf[1] == 0xff {
+ return errors.New("proxy: SOCKS5 proxy at " + s.addr + " requires authentication")
+ }
+
+ if buf[1] == socks5AuthPassword {
+ buf = buf[:0]
+ buf = append(buf, 1 /* password protocol version */)
+ buf = append(buf, uint8(len(s.user)))
+ buf = append(buf, s.user...)
+ buf = append(buf, uint8(len(s.password)))
+ buf = append(buf, s.password...)
+
+ if _, err := conn.Write(buf); err != nil {
+ return errors.New("proxy: failed to write authentication request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ if _, err := io.ReadFull(conn, buf[:2]); err != nil {
+ return errors.New("proxy: failed to read authentication reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ if buf[1] != 0 {
+ return errors.New("proxy: SOCKS5 proxy at " + s.addr + " rejected username/password")
+ }
+ }
+
+ buf = buf[:0]
+ buf = append(buf, socks5Version, socks5Connect, 0 /* reserved */)
+
+ if ip := net.ParseIP(host); ip != nil {
+ if ip4 := ip.To4(); ip4 != nil {
+ buf = append(buf, socks5IP4)
+ ip = ip4
+ } else {
+ buf = append(buf, socks5IP6)
+ }
+ buf = append(buf, ip...)
+ } else {
+ if len(host) > 255 {
+ return errors.New("proxy: destination hostname too long: " + host)
+ }
+ buf = append(buf, socks5Domain)
+ buf = append(buf, byte(len(host)))
+ buf = append(buf, host...)
+ }
+ buf = append(buf, byte(port>>8), byte(port))
+
+ if _, err := conn.Write(buf); err != nil {
+ return errors.New("proxy: failed to write connect request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ if _, err := io.ReadFull(conn, buf[:4]); err != nil {
+ return errors.New("proxy: failed to read connect reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ failure := "unknown error"
+ if int(buf[1]) < len(socks5Errors) {
+ failure = socks5Errors[buf[1]]
+ }
+
+ if len(failure) > 0 {
+ return errors.New("proxy: SOCKS5 proxy at " + s.addr + " failed to connect: " + failure)
+ }
+
+ bytesToDiscard := 0
+ switch buf[3] {
+ case socks5IP4:
+ bytesToDiscard = net.IPv4len
+ case socks5IP6:
+ bytesToDiscard = net.IPv6len
+ case socks5Domain:
+ _, err := io.ReadFull(conn, buf[:1])
+ if err != nil {
+ return errors.New("proxy: failed to read domain length from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+ bytesToDiscard = int(buf[0])
+ default:
+ return errors.New("proxy: got unknown address type " + strconv.Itoa(int(buf[3])) + " from SOCKS5 proxy at " + s.addr)
+ }
+
+ if cap(buf) < bytesToDiscard {
+ buf = make([]byte, bytesToDiscard)
+ } else {
+ buf = buf[:bytesToDiscard]
+ }
+ if _, err := io.ReadFull(conn, buf); err != nil {
+ return errors.New("proxy: failed to read address from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ // Also need to discard the port number
+ if _, err := io.ReadFull(conn, buf[:2]); err != nil {
+ return errors.New("proxy: failed to read port from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ return nil
+}
+
+// Handshake fast-tracks SOCKS initialization to get target address to connect.
+func (s *socks5) handshake(rw io.ReadWriter) (Addr, error) {
+ // Read RFC 1928 for request and reply structure and sizes.
+ buf := make([]byte, MaxAddrLen)
+ // read VER, NMETHODS, METHODS
+ if _, err := io.ReadFull(rw, buf[:2]); err != nil {
+ return nil, err
+ }
+ nmethods := buf[1]
+ if _, err := io.ReadFull(rw, buf[:nmethods]); err != nil {
+ return nil, err
+ }
+ // write VER METHOD
+ if _, err := rw.Write([]byte{5, 0}); err != nil {
+ return nil, err
+ }
+ // read VER CMD RSV ATYP DST.ADDR DST.PORT
+ if _, err := io.ReadFull(rw, buf[:3]); err != nil {
+ return nil, err
+ }
+ if buf[1] != socks5Connect {
+ return nil, errors.New(socks5Errors[7])
+ }
+ addr, err := readAddr(rw, buf)
+ if err != nil {
+ return nil, err
+ }
+ // write VER REP RSV ATYP BND.ADDR BND.PORT
+ _, err = rw.Write([]byte{5, 0, 0, 1, 0, 0, 0, 0, 0, 0})
+ return addr, err
+}
+
+// String serializes SOCKS address a to string form.
+func (a Addr) String() string {
+ var host, port string
+
+ switch a[0] { // address type
+ case socks5Domain:
+ host = string(a[2 : 2+int(a[1])])
+ port = strconv.Itoa((int(a[2+int(a[1])]) << 8) | int(a[2+int(a[1])+1]))
+ case socks5IP4:
+ host = net.IP(a[1 : 1+net.IPv4len]).String()
+ port = strconv.Itoa((int(a[1+net.IPv4len]) << 8) | int(a[1+net.IPv4len+1]))
+ case socks5IP6:
+ host = net.IP(a[1 : 1+net.IPv6len]).String()
+ port = strconv.Itoa((int(a[1+net.IPv6len]) << 8) | int(a[1+net.IPv6len+1]))
+ }
+
+ return net.JoinHostPort(host, port)
+}
+
+func readAddr(r io.Reader, b []byte) (Addr, error) {
+ if len(b) < MaxAddrLen {
+ return nil, io.ErrShortBuffer
+ }
+ _, err := io.ReadFull(r, b[:1]) // read 1st byte for address type
+ if err != nil {
+ return nil, err
+ }
+
+ switch b[0] {
+ case socks5Domain:
+ _, err = io.ReadFull(r, b[1:2]) // read 2nd byte for domain length
+ if err != nil {
+ return nil, err
+ }
+ _, err = io.ReadFull(r, b[2:2+int(b[1])+2])
+ return b[:1+1+int(b[1])+2], err
+ case socks5IP4:
+ _, err = io.ReadFull(r, b[1:1+net.IPv4len+2])
+ return b[:1+net.IPv4len+2], err
+ case socks5IP6:
+ _, err = io.ReadFull(r, b[1:1+net.IPv6len+2])
+ return b[:1+net.IPv6len+2], err
+ }
+
+ return nil, errors.New(socks5Errors[8])
+}
+
+// ReadAddr reads just enough bytes from r to get a valid Addr.
+func ReadAddr(r io.Reader) (Addr, error) {
+ return readAddr(r, make([]byte, MaxAddrLen))
+}
+
+// SplitAddr slices a SOCKS address from beginning of b. Returns nil if failed.
+func SplitAddr(b []byte) Addr {
+ addrLen := 1
+ if len(b) < addrLen {
+ return nil
+ }
+
+ switch b[0] {
+ case socks5Domain:
+ if len(b) < 2 {
+ return nil
+ }
+ addrLen = 1 + 1 + int(b[1]) + 2
+ case socks5IP4:
+ addrLen = 1 + net.IPv4len + 2
+ case socks5IP6:
+ addrLen = 1 + net.IPv6len + 2
+ default:
+ return nil
+
+ }
+
+ if len(b) < addrLen {
+ return nil
+ }
+
+ return b[:addrLen]
+}
+
+// ParseAddr parses the address in string s. Returns nil if failed.
+func ParseAddr(s string) Addr {
+ var addr Addr
+ host, port, err := net.SplitHostPort(s)
+ if err != nil {
+ return nil
+ }
+ if ip := net.ParseIP(host); ip != nil {
+ if ip4 := ip.To4(); ip4 != nil {
+ addr = make([]byte, 1+net.IPv4len+2)
+ addr[0] = socks5IP4
+ copy(addr[1:], ip4)
+ } else {
+ addr = make([]byte, 1+net.IPv6len+2)
+ addr[0] = socks5IP6
+ copy(addr[1:], ip)
+ }
+ } else {
+ if len(host) > 255 {
+ return nil
+ }
+ addr = make([]byte, 1+1+len(host)+2)
+ addr[0] = socks5Domain
+ addr[1] = byte(len(host))
+ copy(addr[2:], host)
+ }
+
+ portnum, err := strconv.ParseUint(port, 10, 16)
+ if err != nil {
+ return nil
+ }
+
+ addr[len(addr)-2], addr[len(addr)-1] = byte(portnum>>8), byte(portnum)
+
+ return addr
+}
diff --git a/ss.go b/ss.go
new file mode 100644
index 0000000..6d24c3b
--- /dev/null
+++ b/ss.go
@@ -0,0 +1,116 @@
+package main
+
+import (
+ "errors"
+ "log"
+ "net"
+ "strings"
+
+ "github.com/shadowsocks/go-shadowsocks2/core"
+)
+
+// Shadowsocks
+type shadowsocks struct {
+ Proxy
+ core.StreamConnCipher
+}
+
+// SSProxy returns a shadowsocks proxy.
+func SSProxy(method, pass string, upProxy Proxy) (Proxy, error) {
+ ciph, err := core.PickCipher(method, nil, pass)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ s := &shadowsocks{
+ Proxy: upProxy,
+ StreamConnCipher: ciph,
+ }
+
+ return s, nil
+}
+
+// ListenAndServe shadowsocks requests as a server.
+func (s *shadowsocks) ListenAndServe() {
+ l, err := net.Listen("tcp", s.Addr())
+ if err != nil {
+ logf("failed to listen on %s: %v", s.Addr(), err)
+ return
+ }
+
+ logf("listening TCP on %s", s.Addr())
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ logf("failed to accept: %v", err)
+ continue
+ }
+ go s.Serve(c)
+ }
+}
+
+func (s *shadowsocks) Serve(c net.Conn) {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ c = s.StreamConnCipher.StreamConn(c)
+
+ tgt, err := ReadAddr(c)
+ if err != nil {
+ logf("failed to get target address: %v", err)
+ return
+ }
+
+ rc, err := s.GetProxy().Dial("tcp", tgt.String())
+ if err != nil {
+ logf("failed to connect to target: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ logf("proxy-ss %s <-> %s", c.RemoteAddr(), tgt)
+
+ _, _, err = relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ logf("relay error: %v", err)
+ }
+
+}
+
+// Dial connects to the address addr on the network net via the proxy.
+func (s *shadowsocks) Dial(network, addr string) (net.Conn, error) {
+ target := ParseAddr(addr)
+ if target == nil {
+ return nil, errors.New("Unable to parse address: " + addr)
+ }
+
+ c, err := s.GetProxy().Dial("tcp", s.Addr())
+ if err != nil {
+ logf("dial to %s error: %s", s.Addr(), err)
+ return nil, err
+ }
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ c = s.StreamConn(c)
+ if _, err = c.Write(target); err != nil {
+ c.Close()
+ return nil, err
+ }
+
+ return c, err
+}
+
+// ListCipher .
+func ListCipher() string {
+ return strings.Join(core.ListCipher(), " ")
+}
diff --git a/strategy.go b/strategy.go
new file mode 100644
index 0000000..5dc1706
--- /dev/null
+++ b/strategy.go
@@ -0,0 +1,82 @@
+package main
+
+import (
+ "net"
+ "time"
+)
+
+// strategyProxy
+type strategyProxy struct {
+ addr string
+ forwarders []Proxy
+ idx int
+}
+
+// newStrategyProxy .
+func newStrategyProxy(addr string, forwarders []Proxy) Proxy {
+ if len(forwarders) == 0 {
+ return Direct
+ } else if len(forwarders) == 1 {
+ return newProxy(addr, forwarders[0])
+ }
+
+ return &strategyProxy{addr: addr, forwarders: forwarders}
+}
+
+func (p *strategyProxy) ListenAndServe() {}
+func (p *strategyProxy) Serve(c net.Conn) {}
+func (p *strategyProxy) CurrentProxy() Proxy { return p.forwarders[p.idx] }
+func (p *strategyProxy) GetProxy() Proxy { return p.NextProxy() }
+
+func (p *strategyProxy) NextProxy() Proxy {
+ n := len(p.forwarders)
+ if n == 1 {
+ return p.forwarders[0]
+ }
+
+ p.idx = (p.idx + 1) % n
+ if !p.forwarders[p.idx].Enabled() {
+ return p.NextProxy()
+ }
+
+ return p.forwarders[p.idx]
+}
+
+func (p *strategyProxy) Enabled() bool { return true }
+func (p *strategyProxy) SetEnable(enable bool) {}
+
+func (p *strategyProxy) Check(proxy Proxy, target string, duration time.Duration) {}
+
+func (p *strategyProxy) Addr() string { return p.addr }
+
+func (p *strategyProxy) Dial(network, addr string) (net.Conn, error) {
+ return p.NextProxy().Dial(network, addr)
+}
+
+// round robin proxy
+type rrproxy struct {
+ Proxy
+}
+
+// newRRProxy .
+func newRRProxy(addr string, forwarders []Proxy) Proxy {
+ return newStrategyProxy(addr, forwarders)
+}
+
+// high availability proxy
+type haproxy struct {
+ Proxy
+}
+
+// newHAProxy .
+func newHAProxy(addr string, forwarders []Proxy) Proxy {
+ return newStrategyProxy(addr, forwarders)
+}
+
+func (p *haproxy) GetProxy() Proxy {
+ proxy := p.CurrentProxy()
+ if proxy.Enabled() == false {
+ return p.NextProxy()
+ }
+ return proxy
+}
diff --git a/tcptun.go b/tcptun.go
new file mode 100644
index 0000000..7b6abd4
--- /dev/null
+++ b/tcptun.go
@@ -0,0 +1,66 @@
+package main
+
+import "net"
+
+type tcptun struct {
+ Proxy
+ addr string
+ raddr string
+}
+
+// TCPTunProxy returns a redirect proxy.
+func TCPTunProxy(addr, raddr string, upProxy Proxy) (Proxy, error) {
+ s := &tcptun{
+ Proxy: upProxy,
+ addr: addr,
+ raddr: raddr,
+ }
+
+ return s, nil
+}
+
+// ListenAndServe redirected requests as a server.
+func (s *tcptun) ListenAndServe() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ logf("failed to listen on %s: %v", s.addr, err)
+ return
+ }
+
+ logf("listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ logf("failed to accept: %v", err)
+ continue
+ }
+
+ go func() {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ rc, err := s.GetProxy().Dial("tcp", s.raddr)
+ if err != nil {
+
+ logf("failed to connect to target: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ logf("proxy-tcptun %s <-> %s", c.RemoteAddr(), s.raddr)
+
+ _, _, err = relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ logf("relay error: %v", err)
+ }
+
+ }()
+ }
+}
From 76afdacf137df7c9c1abed2a2716799334af54d8 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 14 Jul 2017 11:20:02 +0800
Subject: [PATCH 003/341] add links in README.md
---
.gitignore | 3 +++
README.md | 4 ++++
2 files changed, 7 insertions(+)
diff --git a/.gitignore b/.gitignore
index f32a420..f342182 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,5 +14,8 @@
.glide/
# custom
+*.zip
+
glider
+
doc/
diff --git a/README.md b/README.md
index d46cf24..346d882 100644
--- a/README.md
+++ b/README.md
@@ -111,3 +111,7 @@ WantedBy=multi-user.target
systemctl enable glider.service
systemctl start glider.service
```
+
+## Thanks
+- [go-shadowsocks2](https://github.com/shadowsocks/go-shadowsocks2): the core ss protocol support
+- [gost](https://github.com/ginuerzh/gost): more protocols and more features
\ No newline at end of file
From 4772bfb7c6d7ac843cf09763acef7e7138f69ff1 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 14 Jul 2017 16:49:21 +0800
Subject: [PATCH 004/341] remove some feature help msg which haven't been
implemented yet.
---
README.md | 10 ++--------
main.go | 6 ------
2 files changed, 2 insertions(+), 14 deletions(-)
diff --git a/README.md b/README.md
index 346d882..453da30 100644
--- a/README.md
+++ b/README.md
@@ -72,12 +72,6 @@ Examples:
glider -l socks5://:1080 -f ss://method:pass@server1:port1 -f ss://method:pass@server2:port2 -s rr
-listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.
-
- glider -l mixed://:8443 -f ss://method:pass@server1:port1
- -listen on :8443, serve as http/socks5 proxy, forward requests via server1.
-
- glider -l mixed://:8443?http=1.1.1.1:80 -f ss://method:pass@server1:port1
- -listen on :8443, serve as socks5 proxy, and forward all HTTP requests to 1.1.1.1:80.
```
## Service
@@ -95,7 +89,7 @@ After=network.target
Type=simple
ExecStartPre=/bin/mkdir -p /run/glider
ExecStartPre=/bin/chown nobody:nobody /run/glider
-ExecStart=/opt/glider/glider -l redir://:7070 -l dnstun://:5353=8.8.8.8:53 -f ss://AEAD_CHACHA20_POLY1305:pass@yourhost:8443
+ExecStart=/opt/glider/glider -l redir://:7070 -l dnstun://:5353=8.8.8.8:53 -f ss://method:pass@yourhost:8443
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/bin/kill -INT $MAINPID
Restart=always
@@ -114,4 +108,4 @@ systemctl start glider.service
## Thanks
- [go-shadowsocks2](https://github.com/shadowsocks/go-shadowsocks2): the core ss protocol support
-- [gost](https://github.com/ginuerzh/gost): more protocols and more features
\ No newline at end of file
+- [gost](https://github.com/ginuerzh/gost): ideas and inspirations
\ No newline at end of file
diff --git a/main.go b/main.go
index d9071d8..0e7bbad 100644
--- a/main.go
+++ b/main.go
@@ -84,12 +84,6 @@ func usage() {
fmt.Fprintf(os.Stderr, " "+app+" -l socks5://:1080 -f ss://method:pass@server1:port1 -f ss://method:pass@server2:port2 -s rr\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l mixed://:8443 -f ss://method:pass@server1:port1\n")
- fmt.Fprintf(os.Stderr, " -listen on :8443, serve as http/socks5 proxy, forward requests via server1.\n")
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l mixed://:8443?http=1.1.1.1:80 -f ss://method:pass@server1:port1\n")
- fmt.Fprintf(os.Stderr, " -listen on :8443, serve as socks5 proxy, and forward all HTTP requests to 1.1.1.1:80.\n")
- fmt.Fprintf(os.Stderr, "\n")
}
type arrFlags []string
From c79a9ee36d6dab1d161eac51ddfb81a7b556eaed Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 14 Jul 2017 20:52:49 +0800
Subject: [PATCH 005/341] fixed a bug in proxy check which may leads to socket
error: too many open files.
---
main.go | 36 ++++++++++++++----------------------
proxy.go | 4 ++--
redir.go | 2 --
strategy.go | 4 ++++
4 files changed, 20 insertions(+), 26 deletions(-)
diff --git a/main.go b/main.go
index 0e7bbad..b214cfe 100644
--- a/main.go
+++ b/main.go
@@ -124,33 +124,25 @@ func main() {
}
var forwarders []Proxy
- if len(flags.Forward) > 0 {
+ for _, chain := range flags.Forward {
+ var forward Proxy
var err error
- for _, chain := range flags.Forward {
- var forward Proxy
- for _, url := range strings.Split(chain, ",") {
- forward, err = ProxyFromURL(url, forward)
- if err != nil {
- log.Fatal(err)
- }
- }
- forwarders = append(forwarders, forward)
- }
- }
-
- for _, forward := range forwarders {
- go check(forward, config.CheckSite, config.CheckDuration)
- }
-
- if len(flags.Listen) > 0 {
- for _, listen := range flags.Listen {
- local, err := ProxyFromURL(listen, forwarders...)
+ for _, url := range strings.Split(chain, ",") {
+ forward, err = ProxyFromURL(url, forward)
if err != nil {
log.Fatal(err)
}
-
- go local.ListenAndServe()
}
+ forwarders = append(forwarders, forward)
+ }
+
+ for _, listen := range flags.Listen {
+ local, err := ProxyFromURL(listen, forwarders...)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ go local.ListenAndServe()
}
sigCh := make(chan os.Signal, 1)
diff --git a/proxy.go b/proxy.go
index 5c45b48..0c5c8c8 100644
--- a/proxy.go
+++ b/proxy.go
@@ -88,7 +88,7 @@ func ProxyFromURL(s string, forwarders ...Proxy) (Proxy, error) {
}
var proxy Proxy
- if forwarders == nil || len(forwarders) == 0 {
+ if len(forwarders) == 0 {
proxy = newProxy(addr, Direct)
} else if len(forwarders) == 1 {
proxy = newProxy(addr, forwarders[0])
@@ -144,7 +144,7 @@ func check(p Proxy, target string, duration int) {
p.SetEnable(false)
continue
}
- defer c.Close()
+ c.Close()
p.SetEnable(true)
logf("proxy %s check ok.", p.Addr())
diff --git a/redir.go b/redir.go
index aad33ed..2193ef0 100644
--- a/redir.go
+++ b/redir.go
@@ -64,8 +64,6 @@ func (s *redir) ListenAndServe() {
defer rc.Close()
logf("proxy-redir %s <-> %s", c.RemoteAddr(), tgt)
- // go io.Copy(rc, c)
- // io.Copy(c, rc)
_, _, err = relay(c, rc)
if err != nil {
diff --git a/strategy.go b/strategy.go
index 5dc1706..c094716 100644
--- a/strategy.go
+++ b/strategy.go
@@ -20,6 +20,10 @@ func newStrategyProxy(addr string, forwarders []Proxy) Proxy {
return newProxy(addr, forwarders[0])
}
+ for _, forward := range forwarders {
+ go check(forward, config.CheckSite, config.CheckDuration)
+ }
+
return &strategyProxy{addr: addr, forwarders: forwarders}
}
From 1f13a8d1e89412960d3bf4096fa233995e346cfa Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 15 Jul 2017 10:41:52 +0800
Subject: [PATCH 006/341] fixed a bug in ha mode
---
main.go | 2 +-
mixed.go | 2 +-
proxy.go | 6 ++++--
strategy.go | 2 +-
4 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/main.go b/main.go
index b214cfe..48b64ff 100644
--- a/main.go
+++ b/main.go
@@ -10,7 +10,7 @@ import (
"syscall"
)
-const version = "0.1"
+const version = "0.1.1"
var config struct {
Verbose bool
diff --git a/mixed.go b/mixed.go
index a9a739c..e063cba 100644
--- a/mixed.go
+++ b/mixed.go
@@ -25,7 +25,7 @@ type mixedproxy struct {
ss Proxy
}
-// MixedProxy returns a http mixed proxy.
+// MixedProxy returns a mixed proxy.
func MixedProxy(network, addr, user, pass string, upProxy Proxy) (Proxy, error) {
p := &mixedproxy{
Proxy: upProxy,
diff --git a/proxy.go b/proxy.go
index 0c5c8c8..ba30ca9 100644
--- a/proxy.go
+++ b/proxy.go
@@ -138,15 +138,17 @@ func check(p Proxy, target string, duration int) {
}
firstTime = false
+ startTime := time.Now()
c, err := p.Dial("tcp", target)
if err != nil {
- logf("proxy %s check error: %s, set to disabled.", p.Addr(), err)
+ logf("proxy-check %s -> %s, error: %s, set to disabled.", p.Addr(), config.CheckSite, err)
p.SetEnable(false)
continue
}
+ dialTime := time.Since(startTime)
c.Close()
p.SetEnable(true)
- logf("proxy %s check ok.", p.Addr())
+ logf("proxy-check: %s -> %s, connect time: %d", p.Addr(), config.CheckSite, dialTime)
}
}
diff --git a/strategy.go b/strategy.go
index c094716..e09541e 100644
--- a/strategy.go
+++ b/strategy.go
@@ -74,7 +74,7 @@ type haproxy struct {
// newHAProxy .
func newHAProxy(addr string, forwarders []Proxy) Proxy {
- return newStrategyProxy(addr, forwarders)
+ return &haproxy{Proxy: newStrategyProxy(addr, forwarders)}
}
func (p *haproxy) GetProxy() Proxy {
From 0d01e8a4eb784f2ac3431ec046776052ddda18d4 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 16 Jul 2017 12:16:50 +0800
Subject: [PATCH 007/341] fixed a bug in strategy.go which may leads to
infinite recursion in the condition of all remote proxy disabled.
---
README.md | 5 -----
dnstun.go | 11 +++++------
http.go | 1 +
proxy.go | 9 +++++----
strategy.go | 14 +++++++++++---
5 files changed, 22 insertions(+), 18 deletions(-)
diff --git a/README.md b/README.md
index 453da30..6d0a37c 100644
--- a/README.md
+++ b/README.md
@@ -5,11 +5,6 @@ glider is a forward proxy with several protocols support.
go get -u github.com/nadoo/glider
-## Build
-
- cd $GOPATH/src/github.com/nadoo/glider
- go build
-
## Usage
```bash
glider v0.1 usage:
diff --git a/dnstun.go b/dnstun.go
index f966878..8fa4594 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -23,19 +23,18 @@ func DNSTunProxy(addr, raddr string, upProxy Proxy) (Proxy, error) {
return s, nil
}
-// ListenAndServe redirected requests as a server.
+// ListenAndServe .
func (s *dnstun) ListenAndServe() {
l, err := net.ListenPacket("udp", s.addr)
if err != nil {
logf("failed to listen on %s: %v", s.addr, err)
return
}
+ defer l.Close()
logf("listening UDP on %s", s.addr)
for {
- defer l.Close()
-
data := make([]byte, 512)
n, clientAddr, err := l.ReadFrom(data)
if err != nil {
@@ -60,7 +59,7 @@ func (s *dnstun) ListenAndServe() {
rc.Write(length)
rc.Write(data)
- buf, err := ioutil.ReadAll(rc)
+ resp, err := ioutil.ReadAll(rc)
if err != nil {
logf("error in ioutil.ReadAll: %s\n", err)
return
@@ -68,8 +67,8 @@ func (s *dnstun) ListenAndServe() {
// length is not needed in udp dns response. (2 bytes)
// SEE RFC1035, section 4.2.2 TCP: The message is prefixed with a two byte length field which gives the message length, excluding the two byte length field.
- if len(buf) > 2 {
- msg := buf[2:]
+ if len(resp) > 2 {
+ msg := resp[2:]
_, err = l.WriteTo(msg, clientAddr)
if err != nil {
logf("error in local write: %s\n", err)
diff --git a/http.go b/http.go
index d7134b0..b42766d 100644
--- a/http.go
+++ b/http.go
@@ -38,6 +38,7 @@ func (s *httpproxy) ListenAndServe() {
logf("failed to listen on %s: %v", s.addr, err)
return
}
+ defer l.Close()
logf("listening TCP on %s", s.addr)
diff --git a/proxy.go b/proxy.go
index ba30ca9..c9983c5 100644
--- a/proxy.go
+++ b/proxy.go
@@ -141,14 +141,15 @@ func check(p Proxy, target string, duration int) {
startTime := time.Now()
c, err := p.Dial("tcp", target)
if err != nil {
- logf("proxy-check %s -> %s, error: %s, set to disabled.", p.Addr(), config.CheckSite, err)
+ logf("proxy-check %s -> %s, set to DISABLED. error: %s", p.Addr(), config.CheckSite, err)
p.SetEnable(false)
continue
}
- dialTime := time.Since(startTime)
c.Close()
-
p.SetEnable(true)
- logf("proxy-check: %s -> %s, connect time: %d", p.Addr(), config.CheckSite, dialTime)
+
+ // TODO: choose the fastest proxy.
+ dialTime := time.Since(startTime)
+ logf("proxy-check: %s -> %s, connect time: %s", p.Addr(), config.CheckSite, dialTime.String())
}
}
diff --git a/strategy.go b/strategy.go
index e09541e..aa8eaa7 100644
--- a/strategy.go
+++ b/strategy.go
@@ -38,9 +38,17 @@ func (p *strategyProxy) NextProxy() Proxy {
return p.forwarders[0]
}
- p.idx = (p.idx + 1) % n
- if !p.forwarders[p.idx].Enabled() {
- return p.NextProxy()
+ found := false
+ for i := 0; i < n; i++ {
+ p.idx = (p.idx + 1) % n
+ if p.forwarders[p.idx].Enabled() {
+ found = true
+ break
+ }
+ }
+
+ if !found {
+ logf("NO AVALIABLE PROXY FOUND! please check your network or proxy server settings.")
}
return p.forwarders[p.idx]
From 0c5950e9e890977f003d9044854fc180ffa55c1d Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 16 Jul 2017 20:13:01 +0800
Subject: [PATCH 008/341] fixed a bug in upstream http proxy.
---
README.md | 4 ++--
http.go | 14 ++++++++------
main.go | 2 +-
strategy.go | 2 +-
4 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/README.md b/README.md
index 6d0a37c..0e20069 100644
--- a/README.md
+++ b/README.md
@@ -45,7 +45,7 @@ Examples:
-listen on :8443, serve as http/socks5 proxy on the same port.
glider -l ss://AEAD_CHACHA20_POLY1305:pass@:8443
- -listen on 0.0.0.0:8443 as a shadowsocks server.
+ -listen on 0.0.0.0:8443 as a ss server.
glider -l socks5://:1080 -v
-listen on :1080 as a socks5 proxy server, in verbose mode.
@@ -102,5 +102,5 @@ systemctl start glider.service
```
## Thanks
-- [go-shadowsocks2](https://github.com/shadowsocks/go-shadowsocks2): the core ss protocol support
+- [go-ss2](https://github.com/shadowsocks/go-shadowsocks2): the core ss protocol support
- [gost](https://github.com/ginuerzh/gost): ideas and inspirations
\ No newline at end of file
diff --git a/http.go b/http.go
index b42766d..205ea40 100644
--- a/http.go
+++ b/http.go
@@ -6,6 +6,7 @@ package main
import (
"bufio"
"bytes"
+ "errors"
"fmt"
"io"
"net"
@@ -157,6 +158,7 @@ func (s *httpproxy) servHTTPS(method, requestURI, proto string, c net.Conn) {
logf("failed to dial: %v", err)
return
}
+
c.Write([]byte("HTTP/1.0 200 Connection established\r\n\r\n"))
logf("proxy-https %s <-> %s", c.RemoteAddr(), requestURI)
@@ -172,26 +174,26 @@ func (s *httpproxy) servHTTPS(method, requestURI, proto string, c net.Conn) {
// Dial connects to the address addr on the network net via the proxy.
func (s *httpproxy) Dial(network, addr string) (net.Conn, error) {
- c, err := s.GetProxy().Dial("tcp", s.addr)
+ rc, err := s.GetProxy().Dial("tcp", s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
}
- if c, ok := c.(*net.TCPConn); ok {
+ if c, ok := rc.(*net.TCPConn); ok {
c.SetKeepAlive(true)
}
- c.Write([]byte("CONNECT " + addr + " HTTP/1.0\r\n"))
+ rc.Write([]byte("CONNECT " + addr + " HTTP/1.0\r\n"))
// c.Write([]byte("Proxy-Connection: Keep-Alive\r\n"))
var b [1024]byte
- n, err := c.Read(b[:])
+ n, err := rc.Read(b[:])
if bytes.Contains(b[:n], []byte("200")) {
- return c, err
+ return rc, err
}
- return nil, err
+ return nil, errors.New("cound not connect remote address:" + addr)
}
// parseFirstLine parses "GET /foo HTTP/1.1" OR "HTTP/1.1 200 OK" into its three parts.
diff --git a/main.go b/main.go
index 48b64ff..470bb19 100644
--- a/main.go
+++ b/main.go
@@ -10,7 +10,7 @@ import (
"syscall"
)
-const version = "0.1.1"
+const version = "0.1.3"
var config struct {
Verbose bool
diff --git a/strategy.go b/strategy.go
index aa8eaa7..acddc56 100644
--- a/strategy.go
+++ b/strategy.go
@@ -48,7 +48,7 @@ func (p *strategyProxy) NextProxy() Proxy {
}
if !found {
- logf("NO AVALIABLE PROXY FOUND! please check your network or proxy server settings.")
+ logf("NO AVAILABLE PROXY FOUND! please check your network or proxy server settings.")
}
return p.forwarders[p.idx]
From cacde72e04cb7a8ab5cc891e11f29384121f5803 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 18 Jul 2017 17:49:44 +0800
Subject: [PATCH 009/341] add simple config file support.
---
.gitignore | 3 +--
README.md | 42 ++++++++++++++++++--------------
main.go | 70 +++++++++++++++++++++++++++++------------------------
proxy.go | 8 +++---
strategy.go | 2 +-
5 files changed, 69 insertions(+), 56 deletions(-)
diff --git a/.gitignore b/.gitignore
index f342182..4e64827 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,7 +15,6 @@
# custom
*.zip
-
+*.conf
glider
-
doc/
diff --git a/README.md b/README.md
index 0e20069..ba2d431 100644
--- a/README.md
+++ b/README.md
@@ -7,18 +7,21 @@ glider is a forward proxy with several protocols support.
## Usage
```bash
-glider v0.1 usage:
- -checksite string
- proxy check address (default "www.apple.com:443")
- -duration int
+glider v0.2 usage:
+ -checkduration int
proxy check duration(seconds) (default 30)
- -f value
+ -checkhost string
+ proxy check address (default "www.apple.com:443")
+ -config string
+ config file path
+ -forward value
forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]
- -l value
+ -listen value
listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT
- -s string
+ -strategy string
forward strategy, default: rr (default "rr")
- -v verbose mode
+ -verbose
+ verbose mode
Available Schemas:
mixed: serve as a http/socks5 proxy on the same port. (default)
@@ -41,31 +44,34 @@ Available forward strategies:
ha: High Availability mode
Examples:
- glider -l :8443 -v
+ glider -config glider.conf
+ -run glider with specified config file.
+
+ glider -listen :8443
-listen on :8443, serve as http/socks5 proxy on the same port.
- glider -l ss://AEAD_CHACHA20_POLY1305:pass@:8443
- -listen on 0.0.0.0:8443 as a ss server.
+ glider -listen ss://AEAD_CHACHA20_POLY1305:pass@:8443
+ -listen on 0.0.0.0:8443 as a shadowsocks server.
- glider -l socks5://:1080 -v
+ glider -listen socks5://:1080 -verbose
-listen on :1080 as a socks5 proxy server, in verbose mode.
- glider -l http://:8080 -f socks5://127.0.0.1:1080 -v
+ glider -listen http://:8080 -forward socks5://127.0.0.1:1080
-listen on :8080 as a http proxy server, forward all requests via socks5 server.
- glider -l redir://:1081 -f ss://method:pass@1.1.1.1:443
+ glider -listen redir://:1081 -forward ss://method:pass@1.1.1.1:443
-listen on :1081 as a transparent redirect server, forward all requests via remote ss server.
- glider -l tcptun://:80=2.2.2.2:80 -f ss://method:pass@1.1.1.1:443
+ glider -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:443
-listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.
- glider -l socks5://:1080 -l http://:8080 -f ss://method:pass@1.1.1.1:443
+ glider -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:443
-listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.
- glider -l redir://:1081 -l dnstun://:53=8.8.8.8:53 -f ss://method:pass@server1:port1,ss://method:pass@server2:port2
+ glider -listen redir://:1081 -listen dnstun://:53=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2
-listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.
- glider -l socks5://:1080 -f ss://method:pass@server1:port1 -f ss://method:pass@server2:port2 -s rr
+ glider -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -s rr
-listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.
```
diff --git a/main.go b/main.go
index 470bb19..2fa270b 100644
--- a/main.go
+++ b/main.go
@@ -1,33 +1,40 @@
package main
import (
- "flag"
"fmt"
"log"
"os"
"os/signal"
"strings"
"syscall"
+
+ "github.com/nadoo/conflag"
)
-const version = "0.1.3"
+// VERSION .
+const VERSION = "0.2"
-var config struct {
+var conf struct {
Verbose bool
Strategy string
- CheckSite string
+ CheckHost string
CheckDuration int
+ Listen arrFlags
+ Forward arrFlags
}
+var flag = conflag.New()
+
func logf(f string, v ...interface{}) {
- if config.Verbose {
+ if conf.Verbose {
log.Printf(f, v...)
}
}
func usage() {
app := os.Args[0]
- fmt.Fprintf(os.Stderr, "%s v%s usage:\n", app, version)
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, "%s v%s usage:\n", app, VERSION)
flag.PrintDefaults()
fmt.Fprintf(os.Stderr, "\n")
@@ -57,31 +64,34 @@ func usage() {
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Examples:\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l :8443 -v\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -config glider.conf\n")
+ fmt.Fprintf(os.Stderr, " -run glider with specified config file.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen :8443\n")
fmt.Fprintf(os.Stderr, " -listen on :8443, serve as http/socks5 proxy on the same port.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l ss://AEAD_CHACHA20_POLY1305:pass@:8443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen ss://AEAD_CHACHA20_POLY1305:pass@:8443\n")
fmt.Fprintf(os.Stderr, " -listen on 0.0.0.0:8443 as a shadowsocks server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l socks5://:1080 -v\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -verbose\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as a socks5 proxy server, in verbose mode.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l http://:8080 -f socks5://127.0.0.1:1080 -v\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen http://:8080 -forward socks5://127.0.0.1:1080\n")
fmt.Fprintf(os.Stderr, " -listen on :8080 as a http proxy server, forward all requests via socks5 server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l redir://:1081 -f ss://method:pass@1.1.1.1:443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward ss://method:pass@1.1.1.1:443\n")
fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l tcptun://:80=2.2.2.2:80 -f ss://method:pass@1.1.1.1:443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:443\n")
fmt.Fprintf(os.Stderr, " -listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l socks5://:1080 -l http://:8080 -f ss://method:pass@1.1.1.1:443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:443\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l redir://:1081 -l dnstun://:53=8.8.8.8:53 -f ss://method:pass@server1:port1,ss://method:pass@server2:port2\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -listen dnstun://:53=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2\n")
fmt.Fprintf(os.Stderr, " -listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l socks5://:1080 -f ss://method:pass@server1:port1 -f ss://method:pass@server2:port2 -s rr\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -s rr\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.\n")
fmt.Fprintf(os.Stderr, "\n")
}
@@ -101,30 +111,28 @@ func (i *arrFlags) Set(value string) error {
func main() {
- var flags struct {
- Listen arrFlags
- Forward arrFlags
- }
-
- flag.BoolVar(&config.Verbose, "v", false, "verbose mode")
- flag.StringVar(&config.Strategy, "s", "rr", "forward strategy, default: rr")
- flag.StringVar(&config.CheckSite, "checksite", "www.apple.com:443", "proxy check address")
- flag.IntVar(&config.CheckDuration, "duration", 30, "proxy check duration(seconds)")
-
- flag.Var(&flags.Listen, "l", "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
- flag.Var(&flags.Forward, "f", "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
+ flag.BoolVar(&conf.Verbose, "verbose", false, "verbose mode")
+ flag.StringVar(&conf.Strategy, "strategy", "rr", "forward strategy, default: rr")
+ flag.StringVar(&conf.CheckHost, "checkhost", "www.apple.com:443", "proxy check address")
+ flag.IntVar(&conf.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
+ flag.Var(&conf.Listen, "listen", "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
+ flag.Var(&conf.Forward, "forward", "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
flag.Usage = usage
- flag.Parse()
+ err := flag.Parse()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "ERROR: %s\n", err)
+ return
+ }
- if len(flags.Listen) == 0 {
+ if len(conf.Listen) == 0 {
flag.Usage()
fmt.Fprintf(os.Stderr, "ERROR: listen url must be specified.\n")
return
}
var forwarders []Proxy
- for _, chain := range flags.Forward {
+ for _, chain := range conf.Forward {
var forward Proxy
var err error
for _, url := range strings.Split(chain, ",") {
@@ -136,7 +144,7 @@ func main() {
forwarders = append(forwarders, forward)
}
- for _, listen := range flags.Listen {
+ for _, listen := range conf.Listen {
local, err := ProxyFromURL(listen, forwarders...)
if err != nil {
log.Fatal(err)
diff --git a/proxy.go b/proxy.go
index c9983c5..b955ab3 100644
--- a/proxy.go
+++ b/proxy.go
@@ -93,7 +93,7 @@ func ProxyFromURL(s string, forwarders ...Proxy) (Proxy, error) {
} else if len(forwarders) == 1 {
proxy = newProxy(addr, forwarders[0])
} else if len(forwarders) > 1 {
- switch config.Strategy {
+ switch conf.Strategy {
case "rr":
proxy = newRRProxy(addr, forwarders)
logf("forward to remote servers in round robin mode.")
@@ -101,7 +101,7 @@ func ProxyFromURL(s string, forwarders ...Proxy) (Proxy, error) {
proxy = newHAProxy(addr, forwarders)
logf("forward to remote servers in high availability mode.")
default:
- logf("not supported forward mode '%s', just use the first forward server.", config.Strategy)
+ logf("not supported forward mode '%s', just use the first forward server.", conf.Strategy)
proxy = newProxy(addr, forwarders[0])
}
}
@@ -141,7 +141,7 @@ func check(p Proxy, target string, duration int) {
startTime := time.Now()
c, err := p.Dial("tcp", target)
if err != nil {
- logf("proxy-check %s -> %s, set to DISABLED. error: %s", p.Addr(), config.CheckSite, err)
+ logf("proxy-check %s -> %s, set to DISABLED. error: %s", p.Addr(), conf.CheckHost, err)
p.SetEnable(false)
continue
}
@@ -150,6 +150,6 @@ func check(p Proxy, target string, duration int) {
// TODO: choose the fastest proxy.
dialTime := time.Since(startTime)
- logf("proxy-check: %s -> %s, connect time: %s", p.Addr(), config.CheckSite, dialTime.String())
+ logf("proxy-check: %s -> %s, connect time: %s", p.Addr(), conf.CheckHost, dialTime.String())
}
}
diff --git a/strategy.go b/strategy.go
index acddc56..3716679 100644
--- a/strategy.go
+++ b/strategy.go
@@ -21,7 +21,7 @@ func newStrategyProxy(addr string, forwarders []Proxy) Proxy {
}
for _, forward := range forwarders {
- go check(forward, config.CheckSite, config.CheckDuration)
+ go check(forward, conf.CheckHost, conf.CheckDuration)
}
return &strategyProxy{addr: addr, forwarders: forwarders}
From e27e4822721d7dfa5c0dae095449b44c8eb426f1 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 18 Jul 2017 19:01:42 +0800
Subject: [PATCH 010/341] Revert "add simple config file support."
This reverts commit e9ef64bf6745494d0a33560de6226f371d63c9be.
---
.gitignore | 3 ++-
README.md | 42 ++++++++++++++-----------------
main.go | 72 ++++++++++++++++++++++++-----------------------------
proxy.go | 8 +++---
strategy.go | 2 +-
5 files changed, 57 insertions(+), 70 deletions(-)
diff --git a/.gitignore b/.gitignore
index 4e64827..f342182 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,6 +15,7 @@
# custom
*.zip
-*.conf
+
glider
+
doc/
diff --git a/README.md b/README.md
index ba2d431..0e20069 100644
--- a/README.md
+++ b/README.md
@@ -7,21 +7,18 @@ glider is a forward proxy with several protocols support.
## Usage
```bash
-glider v0.2 usage:
- -checkduration int
- proxy check duration(seconds) (default 30)
- -checkhost string
+glider v0.1 usage:
+ -checksite string
proxy check address (default "www.apple.com:443")
- -config string
- config file path
- -forward value
+ -duration int
+ proxy check duration(seconds) (default 30)
+ -f value
forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]
- -listen value
+ -l value
listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT
- -strategy string
+ -s string
forward strategy, default: rr (default "rr")
- -verbose
- verbose mode
+ -v verbose mode
Available Schemas:
mixed: serve as a http/socks5 proxy on the same port. (default)
@@ -44,34 +41,31 @@ Available forward strategies:
ha: High Availability mode
Examples:
- glider -config glider.conf
- -run glider with specified config file.
-
- glider -listen :8443
+ glider -l :8443 -v
-listen on :8443, serve as http/socks5 proxy on the same port.
- glider -listen ss://AEAD_CHACHA20_POLY1305:pass@:8443
- -listen on 0.0.0.0:8443 as a shadowsocks server.
+ glider -l ss://AEAD_CHACHA20_POLY1305:pass@:8443
+ -listen on 0.0.0.0:8443 as a ss server.
- glider -listen socks5://:1080 -verbose
+ glider -l socks5://:1080 -v
-listen on :1080 as a socks5 proxy server, in verbose mode.
- glider -listen http://:8080 -forward socks5://127.0.0.1:1080
+ glider -l http://:8080 -f socks5://127.0.0.1:1080 -v
-listen on :8080 as a http proxy server, forward all requests via socks5 server.
- glider -listen redir://:1081 -forward ss://method:pass@1.1.1.1:443
+ glider -l redir://:1081 -f ss://method:pass@1.1.1.1:443
-listen on :1081 as a transparent redirect server, forward all requests via remote ss server.
- glider -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:443
+ glider -l tcptun://:80=2.2.2.2:80 -f ss://method:pass@1.1.1.1:443
-listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.
- glider -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:443
+ glider -l socks5://:1080 -l http://:8080 -f ss://method:pass@1.1.1.1:443
-listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.
- glider -listen redir://:1081 -listen dnstun://:53=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2
+ glider -l redir://:1081 -l dnstun://:53=8.8.8.8:53 -f ss://method:pass@server1:port1,ss://method:pass@server2:port2
-listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.
- glider -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -s rr
+ glider -l socks5://:1080 -f ss://method:pass@server1:port1 -f ss://method:pass@server2:port2 -s rr
-listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.
```
diff --git a/main.go b/main.go
index 2fa270b..470bb19 100644
--- a/main.go
+++ b/main.go
@@ -1,40 +1,33 @@
package main
import (
+ "flag"
"fmt"
"log"
"os"
"os/signal"
"strings"
"syscall"
-
- "github.com/nadoo/conflag"
)
-// VERSION .
-const VERSION = "0.2"
+const version = "0.1.3"
-var conf struct {
+var config struct {
Verbose bool
Strategy string
- CheckHost string
+ CheckSite string
CheckDuration int
- Listen arrFlags
- Forward arrFlags
}
-var flag = conflag.New()
-
func logf(f string, v ...interface{}) {
- if conf.Verbose {
+ if config.Verbose {
log.Printf(f, v...)
}
}
func usage() {
app := os.Args[0]
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, "%s v%s usage:\n", app, VERSION)
+ fmt.Fprintf(os.Stderr, "%s v%s usage:\n", app, version)
flag.PrintDefaults()
fmt.Fprintf(os.Stderr, "\n")
@@ -64,34 +57,31 @@ func usage() {
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Examples:\n")
- fmt.Fprintf(os.Stderr, " "+app+" -config glider.conf\n")
- fmt.Fprintf(os.Stderr, " -run glider with specified config file.\n")
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen :8443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l :8443 -v\n")
fmt.Fprintf(os.Stderr, " -listen on :8443, serve as http/socks5 proxy on the same port.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen ss://AEAD_CHACHA20_POLY1305:pass@:8443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l ss://AEAD_CHACHA20_POLY1305:pass@:8443\n")
fmt.Fprintf(os.Stderr, " -listen on 0.0.0.0:8443 as a shadowsocks server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -verbose\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l socks5://:1080 -v\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as a socks5 proxy server, in verbose mode.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen http://:8080 -forward socks5://127.0.0.1:1080\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l http://:8080 -f socks5://127.0.0.1:1080 -v\n")
fmt.Fprintf(os.Stderr, " -listen on :8080 as a http proxy server, forward all requests via socks5 server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward ss://method:pass@1.1.1.1:443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l redir://:1081 -f ss://method:pass@1.1.1.1:443\n")
fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l tcptun://:80=2.2.2.2:80 -f ss://method:pass@1.1.1.1:443\n")
fmt.Fprintf(os.Stderr, " -listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l socks5://:1080 -l http://:8080 -f ss://method:pass@1.1.1.1:443\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -listen dnstun://:53=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l redir://:1081 -l dnstun://:53=8.8.8.8:53 -f ss://method:pass@server1:port1,ss://method:pass@server2:port2\n")
fmt.Fprintf(os.Stderr, " -listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -s rr\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -l socks5://:1080 -f ss://method:pass@server1:port1 -f ss://method:pass@server2:port2 -s rr\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.\n")
fmt.Fprintf(os.Stderr, "\n")
}
@@ -111,28 +101,30 @@ func (i *arrFlags) Set(value string) error {
func main() {
- flag.BoolVar(&conf.Verbose, "verbose", false, "verbose mode")
- flag.StringVar(&conf.Strategy, "strategy", "rr", "forward strategy, default: rr")
- flag.StringVar(&conf.CheckHost, "checkhost", "www.apple.com:443", "proxy check address")
- flag.IntVar(&conf.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
- flag.Var(&conf.Listen, "listen", "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
- flag.Var(&conf.Forward, "forward", "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
-
- flag.Usage = usage
- err := flag.Parse()
- if err != nil {
- fmt.Fprintf(os.Stderr, "ERROR: %s\n", err)
- return
+ var flags struct {
+ Listen arrFlags
+ Forward arrFlags
}
- if len(conf.Listen) == 0 {
+ flag.BoolVar(&config.Verbose, "v", false, "verbose mode")
+ flag.StringVar(&config.Strategy, "s", "rr", "forward strategy, default: rr")
+ flag.StringVar(&config.CheckSite, "checksite", "www.apple.com:443", "proxy check address")
+ flag.IntVar(&config.CheckDuration, "duration", 30, "proxy check duration(seconds)")
+
+ flag.Var(&flags.Listen, "l", "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
+ flag.Var(&flags.Forward, "f", "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
+
+ flag.Usage = usage
+ flag.Parse()
+
+ if len(flags.Listen) == 0 {
flag.Usage()
fmt.Fprintf(os.Stderr, "ERROR: listen url must be specified.\n")
return
}
var forwarders []Proxy
- for _, chain := range conf.Forward {
+ for _, chain := range flags.Forward {
var forward Proxy
var err error
for _, url := range strings.Split(chain, ",") {
@@ -144,7 +136,7 @@ func main() {
forwarders = append(forwarders, forward)
}
- for _, listen := range conf.Listen {
+ for _, listen := range flags.Listen {
local, err := ProxyFromURL(listen, forwarders...)
if err != nil {
log.Fatal(err)
diff --git a/proxy.go b/proxy.go
index b955ab3..c9983c5 100644
--- a/proxy.go
+++ b/proxy.go
@@ -93,7 +93,7 @@ func ProxyFromURL(s string, forwarders ...Proxy) (Proxy, error) {
} else if len(forwarders) == 1 {
proxy = newProxy(addr, forwarders[0])
} else if len(forwarders) > 1 {
- switch conf.Strategy {
+ switch config.Strategy {
case "rr":
proxy = newRRProxy(addr, forwarders)
logf("forward to remote servers in round robin mode.")
@@ -101,7 +101,7 @@ func ProxyFromURL(s string, forwarders ...Proxy) (Proxy, error) {
proxy = newHAProxy(addr, forwarders)
logf("forward to remote servers in high availability mode.")
default:
- logf("not supported forward mode '%s', just use the first forward server.", conf.Strategy)
+ logf("not supported forward mode '%s', just use the first forward server.", config.Strategy)
proxy = newProxy(addr, forwarders[0])
}
}
@@ -141,7 +141,7 @@ func check(p Proxy, target string, duration int) {
startTime := time.Now()
c, err := p.Dial("tcp", target)
if err != nil {
- logf("proxy-check %s -> %s, set to DISABLED. error: %s", p.Addr(), conf.CheckHost, err)
+ logf("proxy-check %s -> %s, set to DISABLED. error: %s", p.Addr(), config.CheckSite, err)
p.SetEnable(false)
continue
}
@@ -150,6 +150,6 @@ func check(p Proxy, target string, duration int) {
// TODO: choose the fastest proxy.
dialTime := time.Since(startTime)
- logf("proxy-check: %s -> %s, connect time: %s", p.Addr(), conf.CheckHost, dialTime.String())
+ logf("proxy-check: %s -> %s, connect time: %s", p.Addr(), config.CheckSite, dialTime.String())
}
}
diff --git a/strategy.go b/strategy.go
index 3716679..acddc56 100644
--- a/strategy.go
+++ b/strategy.go
@@ -21,7 +21,7 @@ func newStrategyProxy(addr string, forwarders []Proxy) Proxy {
}
for _, forward := range forwarders {
- go check(forward, conf.CheckHost, conf.CheckDuration)
+ go check(forward, config.CheckSite, config.CheckDuration)
}
return &strategyProxy{addr: addr, forwarders: forwarders}
From e4ce0edc397f6ee553234bf16b693678017db420 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 18 Jul 2017 19:25:54 +0800
Subject: [PATCH 011/341] add config file support.
---
.gitignore | 3 +-
README.md | 42 ++++++++++++++++------------
glider.conf.sample | 31 ++++++++++++++++++++
main.go | 70 ++++++++++++++++++++++++++--------------------
proxy.go | 8 +++---
strategy.go | 2 +-
6 files changed, 100 insertions(+), 56 deletions(-)
create mode 100644 glider.conf.sample
diff --git a/.gitignore b/.gitignore
index f342182..4e64827 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,7 +15,6 @@
# custom
*.zip
-
+*.conf
glider
-
doc/
diff --git a/README.md b/README.md
index 0e20069..034a91c 100644
--- a/README.md
+++ b/README.md
@@ -7,18 +7,21 @@ glider is a forward proxy with several protocols support.
## Usage
```bash
-glider v0.1 usage:
- -checksite string
- proxy check address (default "www.apple.com:443")
- -duration int
+glider v0.2 usage:
+ -checkduration int
proxy check duration(seconds) (default 30)
- -f value
+ -checkhost string
+ proxy check address (default "www.apple.com:443")
+ -config string
+ config file path
+ -forward value
forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]
- -l value
+ -listen value
listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT
- -s string
+ -strategy string
forward strategy, default: rr (default "rr")
- -v verbose mode
+ -verbose
+ verbose mode
Available Schemas:
mixed: serve as a http/socks5 proxy on the same port. (default)
@@ -41,31 +44,34 @@ Available forward strategies:
ha: High Availability mode
Examples:
- glider -l :8443 -v
+ glider -config glider.conf
+ -run glider with specified config file.
+
+ glider -listen :8443
-listen on :8443, serve as http/socks5 proxy on the same port.
- glider -l ss://AEAD_CHACHA20_POLY1305:pass@:8443
- -listen on 0.0.0.0:8443 as a ss server.
+ glider -listen ss://AEAD_CHACHA20_POLY1305:pass@:8443
+ -listen on 0.0.0.0:8443 as a shadowsocks server.
- glider -l socks5://:1080 -v
+ glider -listen socks5://:1080 -verbose
-listen on :1080 as a socks5 proxy server, in verbose mode.
- glider -l http://:8080 -f socks5://127.0.0.1:1080 -v
+ glider -listen http://:8080 -forward socks5://127.0.0.1:1080
-listen on :8080 as a http proxy server, forward all requests via socks5 server.
- glider -l redir://:1081 -f ss://method:pass@1.1.1.1:443
+ glider -listen redir://:1081 -forward ss://method:pass@1.1.1.1:443
-listen on :1081 as a transparent redirect server, forward all requests via remote ss server.
- glider -l tcptun://:80=2.2.2.2:80 -f ss://method:pass@1.1.1.1:443
+ glider -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:443
-listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.
- glider -l socks5://:1080 -l http://:8080 -f ss://method:pass@1.1.1.1:443
+ glider -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:443
-listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.
- glider -l redir://:1081 -l dnstun://:53=8.8.8.8:53 -f ss://method:pass@server1:port1,ss://method:pass@server2:port2
+ glider -listen redir://:1081 -listen dnstun://:53=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2
-listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.
- glider -l socks5://:1080 -f ss://method:pass@server1:port1 -f ss://method:pass@server2:port2 -s rr
+ glider -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -strategy rr
-listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.
```
diff --git a/glider.conf.sample b/glider.conf.sample
new file mode 100644
index 0000000..47aadf6
--- /dev/null
+++ b/glider.conf.sample
@@ -0,0 +1,31 @@
+### glider config file
+
+# verbose mode, print logs
+verbose
+
+# listen on 8443, serve as http/socks5 proxy on the same port.
+listen=:8443
+
+# listen on 8443 as a ss server.
+# listen=ss://AEAD_CHACHA20_POLY1305:pass@:8443
+
+# listen=http://:8080
+# listen=socks5://:1080
+# listen=redir://:1081
+
+# listen on udp port 53, forward dns requests via tcp protocol
+listen=dnstun://:53=8.8.8.8:53
+
+# upstream forward proxy
+forward=socks5://192.168.1.10:1080
+
+# upstream forward proxy
+forward=ss://method:pass@1.1.1.1:443
+
+# multiple upstream proxies forwad strategy
+strategy=rr
+
+# check address (to check a whether a forward proxy)
+checkhost=www.apple.com:443
+# check duration
+checkduration=30
diff --git a/main.go b/main.go
index 470bb19..fbc03c8 100644
--- a/main.go
+++ b/main.go
@@ -1,33 +1,40 @@
package main
import (
- "flag"
"fmt"
"log"
"os"
"os/signal"
"strings"
"syscall"
+
+ "github.com/nadoo/conflag"
)
-const version = "0.1.3"
+// VERSION .
+const VERSION = "0.2"
-var config struct {
+var conf struct {
Verbose bool
Strategy string
- CheckSite string
+ CheckHost string
CheckDuration int
+ Listen arrFlags
+ Forward arrFlags
}
+var flag = conflag.New()
+
func logf(f string, v ...interface{}) {
- if config.Verbose {
+ if conf.Verbose {
log.Printf(f, v...)
}
}
func usage() {
app := os.Args[0]
- fmt.Fprintf(os.Stderr, "%s v%s usage:\n", app, version)
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, "%s v%s usage:\n", app, VERSION)
flag.PrintDefaults()
fmt.Fprintf(os.Stderr, "\n")
@@ -57,31 +64,34 @@ func usage() {
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Examples:\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l :8443 -v\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -config glider.conf\n")
+ fmt.Fprintf(os.Stderr, " -run glider with specified config file.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen :8443\n")
fmt.Fprintf(os.Stderr, " -listen on :8443, serve as http/socks5 proxy on the same port.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l ss://AEAD_CHACHA20_POLY1305:pass@:8443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen ss://AEAD_CHACHA20_POLY1305:pass@:8443\n")
fmt.Fprintf(os.Stderr, " -listen on 0.0.0.0:8443 as a shadowsocks server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l socks5://:1080 -v\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -verbose\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as a socks5 proxy server, in verbose mode.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l http://:8080 -f socks5://127.0.0.1:1080 -v\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen http://:8080 -forward socks5://127.0.0.1:1080\n")
fmt.Fprintf(os.Stderr, " -listen on :8080 as a http proxy server, forward all requests via socks5 server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l redir://:1081 -f ss://method:pass@1.1.1.1:443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward ss://method:pass@1.1.1.1:443\n")
fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l tcptun://:80=2.2.2.2:80 -f ss://method:pass@1.1.1.1:443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:443\n")
fmt.Fprintf(os.Stderr, " -listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l socks5://:1080 -l http://:8080 -f ss://method:pass@1.1.1.1:443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:443\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l redir://:1081 -l dnstun://:53=8.8.8.8:53 -f ss://method:pass@server1:port1,ss://method:pass@server2:port2\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -listen dnstun://:53=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2\n")
fmt.Fprintf(os.Stderr, " -listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -l socks5://:1080 -f ss://method:pass@server1:port1 -f ss://method:pass@server2:port2 -s rr\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -strategy rr\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.\n")
fmt.Fprintf(os.Stderr, "\n")
}
@@ -101,30 +111,28 @@ func (i *arrFlags) Set(value string) error {
func main() {
- var flags struct {
- Listen arrFlags
- Forward arrFlags
- }
-
- flag.BoolVar(&config.Verbose, "v", false, "verbose mode")
- flag.StringVar(&config.Strategy, "s", "rr", "forward strategy, default: rr")
- flag.StringVar(&config.CheckSite, "checksite", "www.apple.com:443", "proxy check address")
- flag.IntVar(&config.CheckDuration, "duration", 30, "proxy check duration(seconds)")
-
- flag.Var(&flags.Listen, "l", "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
- flag.Var(&flags.Forward, "f", "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
+ flag.BoolVar(&conf.Verbose, "verbose", false, "verbose mode")
+ flag.StringVar(&conf.Strategy, "strategy", "rr", "forward strategy, default: rr")
+ flag.StringVar(&conf.CheckHost, "checkhost", "www.apple.com:443", "proxy check address")
+ flag.IntVar(&conf.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
+ flag.Var(&conf.Listen, "listen", "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
+ flag.Var(&conf.Forward, "forward", "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
flag.Usage = usage
- flag.Parse()
+ err := flag.Parse()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "ERROR: %s\n", err)
+ return
+ }
- if len(flags.Listen) == 0 {
+ if len(conf.Listen) == 0 {
flag.Usage()
fmt.Fprintf(os.Stderr, "ERROR: listen url must be specified.\n")
return
}
var forwarders []Proxy
- for _, chain := range flags.Forward {
+ for _, chain := range conf.Forward {
var forward Proxy
var err error
for _, url := range strings.Split(chain, ",") {
@@ -136,7 +144,7 @@ func main() {
forwarders = append(forwarders, forward)
}
- for _, listen := range flags.Listen {
+ for _, listen := range conf.Listen {
local, err := ProxyFromURL(listen, forwarders...)
if err != nil {
log.Fatal(err)
diff --git a/proxy.go b/proxy.go
index c9983c5..b955ab3 100644
--- a/proxy.go
+++ b/proxy.go
@@ -93,7 +93,7 @@ func ProxyFromURL(s string, forwarders ...Proxy) (Proxy, error) {
} else if len(forwarders) == 1 {
proxy = newProxy(addr, forwarders[0])
} else if len(forwarders) > 1 {
- switch config.Strategy {
+ switch conf.Strategy {
case "rr":
proxy = newRRProxy(addr, forwarders)
logf("forward to remote servers in round robin mode.")
@@ -101,7 +101,7 @@ func ProxyFromURL(s string, forwarders ...Proxy) (Proxy, error) {
proxy = newHAProxy(addr, forwarders)
logf("forward to remote servers in high availability mode.")
default:
- logf("not supported forward mode '%s', just use the first forward server.", config.Strategy)
+ logf("not supported forward mode '%s', just use the first forward server.", conf.Strategy)
proxy = newProxy(addr, forwarders[0])
}
}
@@ -141,7 +141,7 @@ func check(p Proxy, target string, duration int) {
startTime := time.Now()
c, err := p.Dial("tcp", target)
if err != nil {
- logf("proxy-check %s -> %s, set to DISABLED. error: %s", p.Addr(), config.CheckSite, err)
+ logf("proxy-check %s -> %s, set to DISABLED. error: %s", p.Addr(), conf.CheckHost, err)
p.SetEnable(false)
continue
}
@@ -150,6 +150,6 @@ func check(p Proxy, target string, duration int) {
// TODO: choose the fastest proxy.
dialTime := time.Since(startTime)
- logf("proxy-check: %s -> %s, connect time: %s", p.Addr(), config.CheckSite, dialTime.String())
+ logf("proxy-check: %s -> %s, connect time: %s", p.Addr(), conf.CheckHost, dialTime.String())
}
}
diff --git a/strategy.go b/strategy.go
index acddc56..3716679 100644
--- a/strategy.go
+++ b/strategy.go
@@ -21,7 +21,7 @@ func newStrategyProxy(addr string, forwarders []Proxy) Proxy {
}
for _, forward := range forwarders {
- go check(forward, config.CheckSite, config.CheckDuration)
+ go check(forward, conf.CheckHost, conf.CheckDuration)
}
return &strategyProxy{addr: addr, forwarders: forwarders}
From 97944e44e6423e3b74e8516fba0b08d82accd602 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 18 Jul 2017 19:45:35 +0800
Subject: [PATCH 012/341] update readme file.
---
README.md | 51 ++++++++++++++++++++++++++++++++++++++++++++--
glider.conf.sample | 4 ++++
2 files changed, 53 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 034a91c..2d32487 100644
--- a/README.md
+++ b/README.md
@@ -75,6 +75,52 @@ Examples:
-listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.
```
+## Config File
+Command:
+```bash
+glider -config glider.conf
+```
+Config file, **just use the command line flag name as the key name**:
+```bash
+cat < glider.conf.sample
+### glider config file
+
+# verbose mode, print logs
+verbose
+
+# listen on 8443, serve as http/socks5 proxy on the same port.
+listen=:8443
+
+# listen on 8443 as a ss server.
+# listen=ss://AEAD_CHACHA20_POLY1305:pass@:8443
+
+# listen=http://:8080
+# listen=socks5://:1080
+# listen=redir://:1081
+# listen=tcptun://:8080=1.1.1.1:80
+
+# listen on udp port 53, forward dns requests via tcp protocol
+listen=dnstun://:53=8.8.8.8:53
+
+# upstream forward proxy
+forward=socks5://192.168.1.10:1080
+
+# upstream forward proxy
+forward=ss://method:pass@1.1.1.1:443
+
+# upstream forward proxy (forward chain)
+forward=http://1.1.1.1:8080,socks5://2.2.2.2:1080
+
+# multiple upstream proxies forwad strategy
+strategy=rr
+
+# check address (to check a whether a forward proxy)
+checkhost=www.apple.com:443
+# check duration
+checkduration=30
+```
+
+
## Service
```bash
cd /etc/systemd/system/
@@ -107,6 +153,7 @@ systemctl enable glider.service
systemctl start glider.service
```
-## Thanks
+## Links
- [go-ss2](https://github.com/shadowsocks/go-shadowsocks2): the core ss protocol support
-- [gost](https://github.com/ginuerzh/gost): ideas and inspirations
\ No newline at end of file
+- [gost](https://github.com/ginuerzh/gost): ideas and inspirations
+- [conflag](https://github.com/nadoo/conflag): command line and config file parse support
\ No newline at end of file
diff --git a/glider.conf.sample b/glider.conf.sample
index 47aadf6..3e62e9b 100644
--- a/glider.conf.sample
+++ b/glider.conf.sample
@@ -12,6 +12,7 @@ listen=:8443
# listen=http://:8080
# listen=socks5://:1080
# listen=redir://:1081
+# listen=tcptun://:8080=1.1.1.1:80
# listen on udp port 53, forward dns requests via tcp protocol
listen=dnstun://:53=8.8.8.8:53
@@ -22,6 +23,9 @@ forward=socks5://192.168.1.10:1080
# upstream forward proxy
forward=ss://method:pass@1.1.1.1:443
+# upstream forward proxy (forward chain)
+forward=http://1.1.1.1:8080,socks5://2.2.2.2:1080
+
# multiple upstream proxies forwad strategy
strategy=rr
From cc6f1217647e6f4a8c780ff95d44c59f8b98acbd Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 18 Jul 2017 22:16:30 +0800
Subject: [PATCH 013/341] update README: add "PermissionsStartOnly=true" in
service file.
---
README.md | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 2d32487..677edeb 100644
--- a/README.md
+++ b/README.md
@@ -82,7 +82,6 @@ glider -config glider.conf
```
Config file, **just use the command line flag name as the key name**:
```bash
-cat < glider.conf.sample
### glider config file
# verbose mode, print logs
@@ -134,9 +133,11 @@ After=network.target
[Service]
Type=simple
+PermissionsStartOnly=true
ExecStartPre=/bin/mkdir -p /run/glider
ExecStartPre=/bin/chown nobody:nobody /run/glider
-ExecStart=/opt/glider/glider -l redir://:7070 -l dnstun://:5353=8.8.8.8:53 -f ss://method:pass@yourhost:8443
+# NOTE: change to your glider path
+ExecStart=/opt/glider/glider -config /opt/glider/glider.conf
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/bin/kill -INT $MAINPID
Restart=always
From a604f645f6e63d7d6124fb14a6cfdfa6955f7830 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 21 Jul 2017 18:58:51 +0800
Subject: [PATCH 014/341] added install info for ArchLinux
---
README.md | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 677edeb..8403177 100644
--- a/README.md
+++ b/README.md
@@ -2,8 +2,28 @@
glider is a forward proxy with several protocols support.
## Install
+Binary:
+- [https://github.com/nadoo/glider/releases](https://github.com/nadoo/glider/releases)
- go get -u github.com/nadoo/glider
+Go Get :
+```bash
+go get -u github.com/nadoo/glider
+```
+
+ArchLinux:
+```bash
+sudo pacman -S glider
+```
+
+## Run
+```bash
+glider -listen :8443 -verbose
+```
+
+with config file:
+```bash
+glider -config CONFIGPATH
+```
## Usage
```bash
@@ -157,4 +177,5 @@ systemctl start glider.service
## Links
- [go-ss2](https://github.com/shadowsocks/go-shadowsocks2): the core ss protocol support
- [gost](https://github.com/ginuerzh/gost): ideas and inspirations
-- [conflag](https://github.com/nadoo/conflag): command line and config file parse support
\ No newline at end of file
+- [conflag](https://github.com/nadoo/conflag): command line and config file parse support
+- [ArchLinux](https://www.archlinux.org): [https://www.archlinux.org/packages/community/x86_64/glider/](https://www.archlinux.org/packages/community/x86_64/glider/)
From 92d99d923caed54c2fe9d2955b956329b1fe0b47 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 23 Jul 2017 01:46:06 +0800
Subject: [PATCH 015/341] added more info to config example
---
README.md | 18 ++++-----
glider.conf.example | 94 +++++++++++++++++++++++++++++++++++++++++++++
glider.conf.sample | 35 -----------------
main.go | 7 ++++
4 files changed, 109 insertions(+), 45 deletions(-)
create mode 100644 glider.conf.example
delete mode 100644 glider.conf.sample
diff --git a/README.md b/README.md
index 8403177..2e7a849 100644
--- a/README.md
+++ b/README.md
@@ -63,6 +63,12 @@ Available forward strategies:
rr: Round Robin mode
ha: High Availability mode
+Config file format(see `glider.conf.example` as an example):
+ # COMMENT LINE
+ KEY=VALUE
+ KEY=VALUE
+ # KEY equals to command line flag name: listen forward strategy...
+
Examples:
glider -config glider.conf
-run glider with specified config file.
@@ -110,14 +116,6 @@ verbose
# listen on 8443, serve as http/socks5 proxy on the same port.
listen=:8443
-# listen on 8443 as a ss server.
-# listen=ss://AEAD_CHACHA20_POLY1305:pass@:8443
-
-# listen=http://:8080
-# listen=socks5://:1080
-# listen=redir://:1081
-# listen=tcptun://:8080=1.1.1.1:80
-
# listen on udp port 53, forward dns requests via tcp protocol
listen=dnstun://:53=8.8.8.8:53
@@ -138,7 +136,7 @@ checkhost=www.apple.com:443
# check duration
checkduration=30
```
-
+See [glider.conf.example](https://github.com/nadoo/glider/blob/master/glider.conf.example)
## Service
```bash
@@ -178,4 +176,4 @@ systemctl start glider.service
- [go-ss2](https://github.com/shadowsocks/go-shadowsocks2): the core ss protocol support
- [gost](https://github.com/ginuerzh/gost): ideas and inspirations
- [conflag](https://github.com/nadoo/conflag): command line and config file parse support
-- [ArchLinux](https://www.archlinux.org): [https://www.archlinux.org/packages/community/x86_64/glider/](https://www.archlinux.org/packages/community/x86_64/glider/)
+- [ArchLinux](https://www.archlinux.org/packages/community/x86_64/glider): a great linux distribution with glider pre-built package
diff --git a/glider.conf.example b/glider.conf.example
new file mode 100644
index 0000000..f4a7565
--- /dev/null
+++ b/glider.conf.example
@@ -0,0 +1,94 @@
+##########################################
+# __ _ _ ___ ____ ___
+# / /`_ | | | | | | \ | |_ | |_)
+# \_\_/ |_|__ |_| |_|_/ |_|__ |_| \
+#
+# Glider is a forward proxy with several protocols support.
+#
+# You can set up local listeners as proxy, and forward requests to internet via forwarders.
+#
+# |Forwarder ----------------->|
+# Listener --> | | Internet
+# |Forwarder,Forwarder...----->|
+#
+# -----------------------------------------------------------
+#
+# This is a sample configuration file for glider.
+#
+# Format is one option per line, legal options are the same
+# as the options legal on the command line. See "glider -help" for details.
+#
+# Comment line starts with "#", values set in the format:
+# KEY=VALUE
+#
+# -----------------------------------------------------------
+
+# Verbose mode, print logs
+verbose=True
+
+# LISTENERS
+# ---------
+# Local listeners, we can set up multiple listeners on different port with
+# different protocols.
+
+# listen on 8443, serve as http/socks5 proxy on the same port.
+listen=:8443
+
+# listen on 8448 as a ss server.
+# listen=ss://AEAD_CHACHA20_POLY1305:pass@:8448
+
+# listen on 8080 as a http proxy server.
+listen=http://:8080
+
+# listen on 1080 as a socks5 proxy server.
+listen=socks5://:1080
+
+# listen on 1081 as a linux transparent proxy server.
+# listen=redir://:1081
+
+# listen on 1082 as a tcp tunnel, all requests to :1082 will be forward to 1.1.1.1:80
+# listen=tcptun://:1082=1.1.1.1:80
+
+# listen on udp port 53, act as a local dns server,
+# forward all requests to 8.8.8.8:53 via tcp protocol,
+
+
+# FORWARDERS
+# ----------
+# Forwarders, we can setup multiple forwarders.
+
+# Socks5 proxy as forwarder
+#forward=socks5://192.168.1.10:1080
+
+# SS proxy as forwarder
+# forward=ss://method:pass@1.1.1.1:443
+
+# http proxy as forwarder
+# forward=http://1.1.1.1:8080
+
+
+# FORWARDER CHAIN
+# ---------------
+# We can setup a forward chain using 1 forward option,
+# use comma to separate different upstream forward proxies.
+#forward=http://1.1.1.1:8080,socks5://2.2.2.2:1080
+
+# FORWARDE STRATEGY
+# -----------------
+# If we set up multiple forwarders, we can use them in our own strategy.
+
+# Round Robin mode: rr
+# High Availability mode: ha
+strategy=rr
+
+
+# FORWARDERS CHECK
+# ----------------
+# We can check whether a forwarder is available.
+
+# Used to connect via forwarders, if the host is unreachable, the forwarder
+# will be set to disabled.
+checkhost=www.apple.com:443
+
+# check duration(seconds)
+checkduration=30
diff --git a/glider.conf.sample b/glider.conf.sample
deleted file mode 100644
index 3e62e9b..0000000
--- a/glider.conf.sample
+++ /dev/null
@@ -1,35 +0,0 @@
-### glider config file
-
-# verbose mode, print logs
-verbose
-
-# listen on 8443, serve as http/socks5 proxy on the same port.
-listen=:8443
-
-# listen on 8443 as a ss server.
-# listen=ss://AEAD_CHACHA20_POLY1305:pass@:8443
-
-# listen=http://:8080
-# listen=socks5://:1080
-# listen=redir://:1081
-# listen=tcptun://:8080=1.1.1.1:80
-
-# listen on udp port 53, forward dns requests via tcp protocol
-listen=dnstun://:53=8.8.8.8:53
-
-# upstream forward proxy
-forward=socks5://192.168.1.10:1080
-
-# upstream forward proxy
-forward=ss://method:pass@1.1.1.1:443
-
-# upstream forward proxy (forward chain)
-forward=http://1.1.1.1:8080,socks5://2.2.2.2:1080
-
-# multiple upstream proxies forwad strategy
-strategy=rr
-
-# check address (to check a whether a forward proxy)
-checkhost=www.apple.com:443
-# check duration
-checkduration=30
diff --git a/main.go b/main.go
index fbc03c8..9d8ebf8 100644
--- a/main.go
+++ b/main.go
@@ -63,6 +63,13 @@ func usage() {
fmt.Fprintf(os.Stderr, " ha: High Availability mode\n")
fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, "Config file format(see `"+app+".conf.example` as an example):\n")
+ fmt.Fprintf(os.Stderr, " # COMMENT LINE\n")
+ fmt.Fprintf(os.Stderr, " KEY=VALUE\n")
+ fmt.Fprintf(os.Stderr, " KEY=VALUE\n")
+ fmt.Fprintf(os.Stderr, " # KEY equals to command line flag name: listen forward strategy...\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
fmt.Fprintf(os.Stderr, "Examples:\n")
fmt.Fprintf(os.Stderr, " "+app+" -config glider.conf\n")
fmt.Fprintf(os.Stderr, " -run glider with specified config file.\n")
From f5052770c046d0ba93c526460756bc18482ad538 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 23 Jul 2017 01:57:05 +0800
Subject: [PATCH 016/341] update doc
---
README.md | 10 +++++++++-
glider.conf.example | 2 +-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 2e7a849..0f88c57 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,13 @@
# glider
glider is a forward proxy with several protocols support.
+We can set up local listeners as proxy, and forward requests to internet via forwarders.
+```
+ |Forwarder ----------------->|
+ Listener --> | | Internet
+ |Forwarder,Forwarder...----->|
+```
+
## Install
Binary:
- [https://github.com/nadoo/glider/releases](https://github.com/nadoo/glider/releases)
@@ -131,8 +138,9 @@ forward=http://1.1.1.1:8080,socks5://2.2.2.2:1080
# multiple upstream proxies forwad strategy
strategy=rr
-# check address (to check a whether a forward proxy)
+# check address (to check whether a host is reachable via forward proxy)
checkhost=www.apple.com:443
+
# check duration
checkduration=30
```
diff --git a/glider.conf.example b/glider.conf.example
index f4a7565..92ecf5e 100644
--- a/glider.conf.example
+++ b/glider.conf.example
@@ -5,7 +5,7 @@
#
# Glider is a forward proxy with several protocols support.
#
-# You can set up local listeners as proxy, and forward requests to internet via forwarders.
+# We can set up local listeners as proxy, and forward requests to internet via forwarders.
#
# |Forwarder ----------------->|
# Listener --> | | Internet
From 772eef1563a30a93eb205d71251eb37753eccd3b Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 24 Jul 2017 17:16:40 +0800
Subject: [PATCH 017/341] add systemd service file.
---
README.md | 37 +++----------------------------------
glider.conf.example | 2 +-
systemd/README.md | 14 ++++++++++++++
systemd/glider@.service | 12 ++++++++++++
4 files changed, 30 insertions(+), 35 deletions(-)
create mode 100644 systemd/README.md
create mode 100644 systemd/glider@.service
diff --git a/README.md b/README.md
index 0f88c57..df2bfaa 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
# glider
-glider is a forward proxy with several protocols support.
+glider is a forward proxy with multiple protocols support.
-We can set up local listeners as proxy, and forward requests to internet via forwarders.
+we can set up local listeners as proxy, and forward requests to internet via forwarders.
```
|Forwarder ----------------->|
Listener --> | | Internet
@@ -147,38 +147,7 @@ checkduration=30
See [glider.conf.example](https://github.com/nadoo/glider/blob/master/glider.conf.example)
## Service
-```bash
-cd /etc/systemd/system/
-vim glider.service
-```
-
-```bash
-[Unit]
-Description=glider
-After=network.target
-
-[Service]
-Type=simple
-PermissionsStartOnly=true
-ExecStartPre=/bin/mkdir -p /run/glider
-ExecStartPre=/bin/chown nobody:nobody /run/glider
-# NOTE: change to your glider path
-ExecStart=/opt/glider/glider -config /opt/glider/glider.conf
-ExecReload=/bin/kill -HUP $MAINPID
-ExecStop=/bin/kill -INT $MAINPID
-Restart=always
-User=nobody
-Group=nobody
-UMask=0027
-
-[Install]
-WantedBy=multi-user.target
-```
-
-```bash
-systemctl enable glider.service
-systemctl start glider.service
-```
+- Systemd: [https://github.com/nadoo/glider/blob/master/systemd/](https://github.com/nadoo/glider/blob/master/systemd/)
## Links
- [go-ss2](https://github.com/shadowsocks/go-shadowsocks2): the core ss protocol support
diff --git a/glider.conf.example b/glider.conf.example
index 92ecf5e..600b6b8 100644
--- a/glider.conf.example
+++ b/glider.conf.example
@@ -3,7 +3,7 @@
# / /`_ | | | | | | \ | |_ | |_)
# \_\_/ |_|__ |_| |_|_/ |_|__ |_| \
#
-# Glider is a forward proxy with several protocols support.
+# Glider is a forward proxy with multiple protocols support.
#
# We can set up local listeners as proxy, and forward requests to internet via forwarders.
#
diff --git a/systemd/README.md b/systemd/README.md
new file mode 100644
index 0000000..5450ec1
--- /dev/null
+++ b/systemd/README.md
@@ -0,0 +1,14 @@
+## Service
+```bash
+# copy service file to systemd
+cp systemd/glider@.service /etc/systemd/system/
+
+# copy config file to /etc/glider/
+mkdir /etc/glider/
+cp glider.conf.example /etc/glider/server.conf
+
+# enable and start service
+systemctl enable glider@server
+systemctl start glider@server
+```
+See [glider@.service](https://github.com/nadoo/glider/blob/master/sytemd/glider@.service)
\ No newline at end of file
diff --git a/systemd/glider@.service b/systemd/glider@.service
new file mode 100644
index 0000000..3c93c76
--- /dev/null
+++ b/systemd/glider@.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Glider Service (%i)
+After=network.target
+
+[Service]
+Type=simple
+User=nobody
+Restart=always
+ExecStart=/usr/bin/glider -config /etc/glider/%i.conf
+
+[Install]
+WantedBy=multi-user.target
From ded69cbb164f277ec4155c0bb11f35dfd3ebe563 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 24 Jul 2017 17:22:13 +0800
Subject: [PATCH 018/341] update systemd README file
---
systemd/README.md | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/systemd/README.md b/systemd/README.md
index 5450ec1..366cc5f 100644
--- a/systemd/README.md
+++ b/systemd/README.md
@@ -1,14 +1,23 @@
## Service
+
+service file:
+
```bash
# copy service file to systemd
cp systemd/glider@.service /etc/systemd/system/
+```
+config file: ***server***.conf
+```bash
# copy config file to /etc/glider/
mkdir /etc/glider/
cp glider.conf.example /etc/glider/server.conf
+```
+enable and start service: glider@***server***
+```bash
# enable and start service
systemctl enable glider@server
systemctl start glider@server
```
-See [glider@.service](https://github.com/nadoo/glider/blob/master/sytemd/glider@.service)
\ No newline at end of file
+See [glider@.service](https://github.com/nadoo/glider/blob/master/systemd/glider%40.service)
From 0dc3ea651f998b01ce44801ac2b11f31e21848e9 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 26 Jul 2017 18:56:24 +0800
Subject: [PATCH 019/341] parse domain in dns request playload. (prepare for
the forward rule and ipset management features.)
---
README.md | 5 +-
dnstun.go | 48 ++++++++++-
glider.conf.example | 2 +-
main.go | 1 +
redir.go | 112 -------------------------
redir_linux.go | 146 +++++++++++++++++++++++++++++++++
redir_linux_386.go | 17 ++++
redir_linux_other.go | 14 ++++
redir_win.go => redir_other.go | 2 +-
9 files changed, 229 insertions(+), 118 deletions(-)
delete mode 100644 redir.go
create mode 100644 redir_linux.go
create mode 100644 redir_linux_386.go
create mode 100644 redir_linux_other.go
rename redir_win.go => redir_other.go (94%)
diff --git a/README.md b/README.md
index df2bfaa..fe93d1d 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ we can set up local listeners as proxy, and forward requests to internet via for
```
|Forwarder ----------------->|
Listener --> | | Internet
- |Forwarder,Forwarder...----->|
+ |Forwarder --> Forwarder->...|
```
## Install
@@ -65,6 +65,7 @@ Available schemas for different modes:
Available methods for ss:
AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20
+ NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305
Available forward strategies:
rr: Round Robin mode
@@ -147,7 +148,7 @@ checkduration=30
See [glider.conf.example](https://github.com/nadoo/glider/blob/master/glider.conf.example)
## Service
-- Systemd: [https://github.com/nadoo/glider/blob/master/systemd/](https://github.com/nadoo/glider/blob/master/systemd/)
+- systemd: [https://github.com/nadoo/glider/blob/master/systemd/](https://github.com/nadoo/glider/blob/master/systemd/)
## Links
- [go-ss2](https://github.com/shadowsocks/go-shadowsocks2): the core ss protocol support
diff --git a/dnstun.go b/dnstun.go
index 8fa4594..625bf82 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -1,3 +1,5 @@
+// https://tools.ietf.org/html/rfc1035
+
package main
import (
@@ -6,6 +8,21 @@ import (
"net"
)
+// UDPDNSHeaderLen is the length of UDP dns msg header
+const UDPDNSHeaderLen = 12
+
+// TCPDNSHEADERLen is the length of TCP dns msg header
+const TCPDNSHEADERLen = 2 + UDPDNSHeaderLen
+
+// MaxUDPDNSLen is the max size of udp dns request.
+// https://tools.ietf.org/html/rfc1035#section-4.2.1
+// Messages carried by UDP are restricted to 512 bytes (not counting the IP
+// or UDP headers). Longer messages are truncated and the TC bit is set in
+// the header.
+// TODO: If the request length > 512 then the client will send TCP packets instead,
+// so we should also serve tcp requests.
+const MaxUDPDNSLen = 512
+
type dnstun struct {
Proxy
addr string
@@ -35,7 +52,8 @@ func (s *dnstun) ListenAndServe() {
logf("listening UDP on %s", s.addr)
for {
- data := make([]byte, 512)
+ data := make([]byte, MaxUDPDNSLen)
+
n, clientAddr, err := l.ReadFrom(data)
if err != nil {
logf("DNS local read error: %v", err)
@@ -43,7 +61,11 @@ func (s *dnstun) ListenAndServe() {
}
data = data[:n]
+
go func() {
+ // TODO: check domain rules and get a proper proxy.
+ domain := getDomain(data)
+
rc, err := s.GetProxy().Dial("tcp", s.raddr)
if err != nil {
logf("failed to connect to server %v: %v", s.raddr, err)
@@ -51,7 +73,7 @@ func (s *dnstun) ListenAndServe() {
}
defer rc.Close()
- logf("proxy-dnstun %s[dns.udp] <-> %s[dns.tcp]", clientAddr.String(), s.raddr)
+ logf("proxy-dnstun %s, %s <-> %s", domain, clientAddr.String(), s.raddr)
// 2 bytes length after tcp header, before dns message
length := make([]byte, 2)
@@ -78,3 +100,25 @@ func (s *dnstun) ListenAndServe() {
}()
}
}
+
+// getDomain from dns request playload, return []byte like:
+// []byte{'w', 'w', 'w', '.', 'm', 's', 'n', '.', 'c', 'o', 'm', '.'}
+// []byte("www.msn.com.")
+func getDomain(p []byte) []byte {
+ var ret []byte
+
+ for i := UDPDNSHeaderLen; i < len(p); {
+ l := int(p[i])
+
+ if l == 0 {
+ break
+ }
+
+ ret = append(ret, p[i+1:i+l+1]...)
+ ret = append(ret, '.')
+
+ i = i + l + 1
+ }
+
+ return ret
+}
diff --git a/glider.conf.example b/glider.conf.example
index 600b6b8..04063bf 100644
--- a/glider.conf.example
+++ b/glider.conf.example
@@ -9,7 +9,7 @@
#
# |Forwarder ----------------->|
# Listener --> | | Internet
-# |Forwarder,Forwarder...----->|
+# |Forwarder --> Forwarder->...|
#
# -----------------------------------------------------------
#
diff --git a/main.go b/main.go
index 9d8ebf8..2d91cf9 100644
--- a/main.go
+++ b/main.go
@@ -56,6 +56,7 @@ func usage() {
fmt.Fprintf(os.Stderr, "Available methods for ss:\n")
fmt.Fprintf(os.Stderr, " "+ListCipher())
fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Available forward strategies:\n")
diff --git a/redir.go b/redir.go
deleted file mode 100644
index 2193ef0..0000000
--- a/redir.go
+++ /dev/null
@@ -1,112 +0,0 @@
-// +build !windows
-
-package main
-
-import (
- "errors"
- "fmt"
- "net"
- "syscall"
-)
-
-const SO_ORIGINAL_DST = 80
-
-type redir struct {
- Proxy
- addr string
-}
-
-// RedirProxy returns a redirect proxy.
-func RedirProxy(addr string, upProxy Proxy) (Proxy, error) {
- s := &redir{
- Proxy: upProxy,
- addr: addr,
- }
-
- return s, nil
-}
-
-// ListenAndServe redirected requests as a server.
-func (s *redir) ListenAndServe() {
- l, err := net.Listen("tcp", s.addr)
- if err != nil {
- logf("failed to listen on %s: %v", s.addr, err)
- return
- }
-
- logf("listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
- if err != nil {
- logf("failed to accept: %v", err)
- continue
- }
-
- go func() {
- defer c.Close()
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- tgt, c, err := getOriginalDstAddr(c)
- if err != nil {
- logf("failed to get target address: %v", err)
- return
- }
-
- rc, err := s.GetProxy().Dial("tcp", tgt.String())
- if err != nil {
- logf("failed to connect to target: %v", err)
- return
- }
- defer rc.Close()
-
- logf("proxy-redir %s <-> %s", c.RemoteAddr(), tgt)
-
- _, _, err = relay(c, rc)
- if err != nil {
- if err, ok := err.(net.Error); ok && err.Timeout() {
- return // ignore i/o timeout
- }
- logf("relay error: %v", err)
- }
-
- }()
- }
-}
-
-func getOriginalDstAddr(conn net.Conn) (addr net.Addr, c *net.TCPConn, err error) {
- defer conn.Close()
-
- fc, err := conn.(*net.TCPConn).File()
- if err != nil {
- return
- }
- defer fc.Close()
-
- mreq, err := syscall.GetsockoptIPv6Mreq(int(fc.Fd()), syscall.IPPROTO_IP, SO_ORIGINAL_DST)
- if err != nil {
- return
- }
-
- // only ipv4 support
- ip := net.IPv4(mreq.Multiaddr[4], mreq.Multiaddr[5], mreq.Multiaddr[6], mreq.Multiaddr[7])
- port := uint16(mreq.Multiaddr[2])<<8 + uint16(mreq.Multiaddr[3])
- addr, err = net.ResolveTCPAddr("tcp4", fmt.Sprintf("%s:%d", ip.String(), port))
- if err != nil {
- return
- }
-
- cc, err := net.FileConn(fc)
- if err != nil {
- return
- }
-
- c, ok := cc.(*net.TCPConn)
- if !ok {
- err = errors.New("not a TCP connection")
- }
- return
-}
diff --git a/redir_linux.go b/redir_linux.go
new file mode 100644
index 0000000..cf64e8b
--- /dev/null
+++ b/redir_linux.go
@@ -0,0 +1,146 @@
+// getOrigDst:
+// https://github.com/shadowsocks/go-shadowsocks2/blob/master/tcp_linux.go#L30
+
+package main
+
+import (
+ "errors"
+ "net"
+ "syscall"
+ "unsafe"
+
+ "github.com/shadowsocks/go-shadowsocks2/socks"
+)
+
+const (
+ SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv4.h
+ IP6T_SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h
+)
+
+type redir struct {
+ Proxy
+ addr string
+}
+
+// RedirProxy returns a redirect proxy.
+func RedirProxy(addr string, upProxy Proxy) (Proxy, error) {
+ s := &redir{
+ Proxy: upProxy,
+ addr: addr,
+ }
+
+ return s, nil
+}
+
+// ListenAndServe redirected requests as a server.
+func (s *redir) ListenAndServe() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ logf("failed to listen on %s: %v", s.addr, err)
+ return
+ }
+
+ logf("listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ logf("failed to accept: %v", err)
+ continue
+ }
+
+ go func() {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ // tgt, c, err := getOriginalDstAddr(c)
+ tgt, err := getOrigDst(c, false)
+ if err != nil {
+ logf("failed to get target address: %v", err)
+ return
+ }
+
+ rc, err := s.GetProxy().Dial("tcp", tgt.String())
+ if err != nil {
+ logf("failed to connect to target: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ logf("proxy-redir %s <-> %s", c.RemoteAddr(), tgt)
+
+ _, _, err = relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ logf("relay error: %v", err)
+ }
+
+ }()
+ }
+}
+
+// Get the original destination of a TCP connection.
+func getOrigDst(conn net.Conn, ipv6 bool) (socks.Addr, error) {
+ c, ok := conn.(*net.TCPConn)
+ if !ok {
+ return nil, errors.New("only work with TCP connection")
+ }
+ f, err := c.File()
+ if err != nil {
+ return nil, err
+ }
+ defer f.Close()
+
+ fd := f.Fd()
+
+ // The File() call above puts both the original socket fd and the file fd in blocking mode.
+ // Set the file fd back to non-blocking mode and the original socket fd will become non-blocking as well.
+ // Otherwise blocking I/O will waste OS threads.
+ if err := syscall.SetNonblock(int(fd), true); err != nil {
+ return nil, err
+ }
+
+ if ipv6 {
+ return ipv6_getorigdst(fd)
+ }
+
+ return getorigdst(fd)
+}
+
+// Call getorigdst() from linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+func getorigdst(fd uintptr) (socks.Addr, error) {
+ raw := syscall.RawSockaddrInet4{}
+ siz := unsafe.Sizeof(raw)
+ if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IP, SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
+ return nil, err
+ }
+
+ addr := make([]byte, 1+net.IPv4len+2)
+ addr[0] = socks.AtypIPv4
+ copy(addr[1:1+net.IPv4len], raw.Addr[:])
+ port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian
+ addr[1+net.IPv4len], addr[1+net.IPv4len+1] = port[0], port[1]
+ return addr, nil
+}
+
+// Call ipv6_getorigdst() from linux/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+// NOTE: I haven't tried yet but it should work since Linux 3.8.
+func ipv6_getorigdst(fd uintptr) (socks.Addr, error) {
+ raw := syscall.RawSockaddrInet6{}
+ siz := unsafe.Sizeof(raw)
+ if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IPV6, IP6T_SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
+ return nil, err
+ }
+
+ addr := make([]byte, 1+net.IPv6len+2)
+ addr[0] = socks.AtypIPv6
+ copy(addr[1:1+net.IPv6len], raw.Addr[:])
+ port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian
+ addr[1+net.IPv6len], addr[1+net.IPv6len+1] = port[0], port[1]
+ return addr, nil
+}
diff --git a/redir_linux_386.go b/redir_linux_386.go
new file mode 100644
index 0000000..8b8db6f
--- /dev/null
+++ b/redir_linux_386.go
@@ -0,0 +1,17 @@
+package main
+
+import (
+ "syscall"
+ "unsafe"
+)
+
+const GETSOCKOPT = 15 // https://golang.org/src/syscall/syscall_linux_386.go#L183
+
+func socketcall(call, a0, a1, a2, a3, a4, a5 uintptr) error {
+ var a [6]uintptr
+ a[0], a[1], a[2], a[3], a[4], a[5] = a0, a1, a2, a3, a4, a5
+ if _, _, errno := syscall.Syscall6(syscall.SYS_SOCKETCALL, call, uintptr(unsafe.Pointer(&a)), 0, 0, 0, 0); errno != 0 {
+ return errno
+ }
+ return nil
+}
diff --git a/redir_linux_other.go b/redir_linux_other.go
new file mode 100644
index 0000000..96f9561
--- /dev/null
+++ b/redir_linux_other.go
@@ -0,0 +1,14 @@
+// +build linux,!386
+
+package main
+
+import "syscall"
+
+const GETSOCKOPT = syscall.SYS_GETSOCKOPT
+
+func socketcall(call, a0, a1, a2, a3, a4, a5 uintptr) error {
+ if _, _, errno := syscall.Syscall6(call, a0, a1, a2, a3, a4, a5); errno != 0 {
+ return errno
+ }
+ return nil
+}
diff --git a/redir_win.go b/redir_other.go
similarity index 94%
rename from redir_win.go
rename to redir_other.go
index c6227b1..7b68eea 100644
--- a/redir_win.go
+++ b/redir_other.go
@@ -1,4 +1,4 @@
-// +build windows
+// +build !linux
package main
From f6941b98d855b4fffc87a1706ac0e75a76af7cce Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 27 Jul 2017 01:22:56 +0800
Subject: [PATCH 020/341] add features info in README file.
---
README.md | 20 ++++++++++++++++++++
glider.conf.example | 3 ++-
rule.go | 1 +
systemd/README.md | 6 +++++-
4 files changed, 28 insertions(+), 2 deletions(-)
create mode 100644 rule.go
diff --git a/README.md b/README.md
index fe93d1d..602595b 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,26 @@ we can set up local listeners as proxy, and forward requests to internet via for
|Forwarder --> Forwarder->...|
```
+## Features
+Listen(local proxy):
+- Socks5 proxy
+- Http proxy
+- SS proxy
+- Linux transparent proxy(iptables redirect)
+- TCP tunnel
+- DNS tunnel(udp2tcp)
+
+Forward(upstream proxy):
+- Socks5 proxy
+- Http proxy
+- SS proxy
+
+General:
+- Forward chain
+- HA or RR strategy for multiple forwarders
+- Http and socks5 on the same port
+- Periodical proxy checking
+
## Install
Binary:
- [https://github.com/nadoo/glider/releases](https://github.com/nadoo/glider/releases)
diff --git a/glider.conf.example b/glider.conf.example
index 04063bf..e7bcb96 100644
--- a/glider.conf.example
+++ b/glider.conf.example
@@ -50,7 +50,8 @@ listen=socks5://:1080
# listen=tcptun://:1082=1.1.1.1:80
# listen on udp port 53, act as a local dns server,
-# forward all requests to 8.8.8.8:53 via tcp protocol,
+# forward all requests to 8.8.8.8:53 via tcp protocol
+# listen=dnstun://:53=8.8.8.8:53
# FORWARDERS
diff --git a/rule.go b/rule.go
new file mode 100644
index 0000000..06ab7d0
--- /dev/null
+++ b/rule.go
@@ -0,0 +1 @@
+package main
diff --git a/systemd/README.md b/systemd/README.md
index 366cc5f..e5b0931 100644
--- a/systemd/README.md
+++ b/systemd/README.md
@@ -1,7 +1,11 @@
## Service
-service file:
+binary file:
+```bash
+cp glider /usr/bin/
+```
+service file:
```bash
# copy service file to systemd
cp systemd/glider@.service /etc/systemd/system/
From 1ba0f38c9edeee6bc661034ceaf9a249de21851f Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 29 Jul 2017 18:15:22 +0800
Subject: [PATCH 021/341] fixed all known bugs
---
README.md | 12 +++++++++---
main.go | 10 ++++++++--
rule.go | 1 -
ss.go | 12 ++++++------
strategy.go | 4 +---
systemd/README.md | 2 +-
6 files changed, 25 insertions(+), 16 deletions(-)
delete mode 100644 rule.go
diff --git a/README.md b/README.md
index 602595b..919b5b6 100644
--- a/README.md
+++ b/README.md
@@ -43,15 +43,21 @@ sudo pacman -S glider
```
## Run
+command line:
```bash
glider -listen :8443 -verbose
```
-with config file:
+config file:
```bash
glider -config CONFIGPATH
```
+command line with config file:
+```bash
+glider -config CONFIGPATH -listen :8080 -verbose
+```
+
## Usage
```bash
glider v0.2 usage:
@@ -105,7 +111,7 @@ Examples:
-listen on :8443, serve as http/socks5 proxy on the same port.
glider -listen ss://AEAD_CHACHA20_POLY1305:pass@:8443
- -listen on 0.0.0.0:8443 as a shadowsocks server.
+ -listen on 0.0.0.0:8443 as a ss server.
glider -listen socks5://:1080 -verbose
-listen on :1080 as a socks5 proxy server, in verbose mode.
@@ -165,7 +171,7 @@ checkhost=www.apple.com:443
# check duration
checkduration=30
```
-See [glider.conf.example](https://github.com/nadoo/glider/blob/master/glider.conf.example)
+See [glider.conf.example](glider.conf.example)
## Service
- systemd: [https://github.com/nadoo/glider/blob/master/systemd/](https://github.com/nadoo/glider/blob/master/systemd/)
diff --git a/main.go b/main.go
index 2d91cf9..0bc02b2 100644
--- a/main.go
+++ b/main.go
@@ -12,7 +12,7 @@ import (
)
// VERSION .
-const VERSION = "0.2"
+const VERSION = "0.2.1"
var conf struct {
Verbose bool
@@ -79,7 +79,7 @@ func usage() {
fmt.Fprintf(os.Stderr, " -listen on :8443, serve as http/socks5 proxy on the same port.\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen ss://AEAD_CHACHA20_POLY1305:pass@:8443\n")
- fmt.Fprintf(os.Stderr, " -listen on 0.0.0.0:8443 as a shadowsocks server.\n")
+ fmt.Fprintf(os.Stderr, " -listen on 0.0.0.0:8443 as a ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -verbose\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as a socks5 proxy server, in verbose mode.\n")
@@ -161,6 +161,12 @@ func main() {
go local.ListenAndServe()
}
+ if len(forwarders) > 1 {
+ for _, forward := range forwarders {
+ go check(forward, conf.CheckHost, conf.CheckDuration)
+ }
+ }
+
sigCh := make(chan os.Signal, 1)
signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
<-sigCh
diff --git a/rule.go b/rule.go
deleted file mode 100644
index 06ab7d0..0000000
--- a/rule.go
+++ /dev/null
@@ -1 +0,0 @@
-package main
diff --git a/ss.go b/ss.go
index 6d24c3b..ba1c92a 100644
--- a/ss.go
+++ b/ss.go
@@ -9,8 +9,8 @@ import (
"github.com/shadowsocks/go-shadowsocks2/core"
)
-// Shadowsocks
-type shadowsocks struct {
+// ss
+type ss struct {
Proxy
core.StreamConnCipher
}
@@ -22,7 +22,7 @@ func SSProxy(method, pass string, upProxy Proxy) (Proxy, error) {
log.Fatal(err)
}
- s := &shadowsocks{
+ s := &ss{
Proxy: upProxy,
StreamConnCipher: ciph,
}
@@ -31,7 +31,7 @@ func SSProxy(method, pass string, upProxy Proxy) (Proxy, error) {
}
// ListenAndServe shadowsocks requests as a server.
-func (s *shadowsocks) ListenAndServe() {
+func (s *ss) ListenAndServe() {
l, err := net.Listen("tcp", s.Addr())
if err != nil {
logf("failed to listen on %s: %v", s.Addr(), err)
@@ -50,7 +50,7 @@ func (s *shadowsocks) ListenAndServe() {
}
}
-func (s *shadowsocks) Serve(c net.Conn) {
+func (s *ss) Serve(c net.Conn) {
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
@@ -85,7 +85,7 @@ func (s *shadowsocks) Serve(c net.Conn) {
}
// Dial connects to the address addr on the network net via the proxy.
-func (s *shadowsocks) Dial(network, addr string) (net.Conn, error) {
+func (s *ss) Dial(network, addr string) (net.Conn, error) {
target := ParseAddr(addr)
if target == nil {
return nil, errors.New("Unable to parse address: " + addr)
diff --git a/strategy.go b/strategy.go
index 3716679..08c2f9b 100644
--- a/strategy.go
+++ b/strategy.go
@@ -20,9 +20,7 @@ func newStrategyProxy(addr string, forwarders []Proxy) Proxy {
return newProxy(addr, forwarders[0])
}
- for _, forward := range forwarders {
- go check(forward, conf.CheckHost, conf.CheckDuration)
- }
+
return &strategyProxy{addr: addr, forwarders: forwarders}
}
diff --git a/systemd/README.md b/systemd/README.md
index e5b0931..21e87f8 100644
--- a/systemd/README.md
+++ b/systemd/README.md
@@ -24,4 +24,4 @@ enable and start service: glider@***server***
systemctl enable glider@server
systemctl start glider@server
```
-See [glider@.service](https://github.com/nadoo/glider/blob/master/systemd/glider%40.service)
+See [glider@.service](systemd/glider%40.service)
From 88dda17725da78aac177d209f096f59fe419f61e Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 29 Jul 2017 21:31:01 +0800
Subject: [PATCH 022/341] 1. optimized strategy proxy code. 2. changed config
name "checkhost" -> "checkwebsite" 3. optimized proxy check function.
---
dnstun.go | 4 +--
glider.conf.example | 3 +-
http.go | 5 ++-
main.go | 11 ++++---
mixed.go | 6 ++--
proxy.go | 63 +++++++++++++++++--------------------
socks5.go | 4 +--
ss.go | 7 +++--
strategy.go | 76 +++++++++++++++++++++++++--------------------
tcptun.go | 4 +--
10 files changed, 93 insertions(+), 90 deletions(-)
diff --git a/dnstun.go b/dnstun.go
index 625bf82..886a54c 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -24,7 +24,7 @@ const TCPDNSHEADERLen = 2 + UDPDNSHeaderLen
const MaxUDPDNSLen = 512
type dnstun struct {
- Proxy
+ *proxy
addr string
raddr string
}
@@ -32,7 +32,7 @@ type dnstun struct {
// DNSTunProxy returns a dns forwarder. client -> dns.udp -> glider -> forwarder -> remote dns addr
func DNSTunProxy(addr, raddr string, upProxy Proxy) (Proxy, error) {
s := &dnstun{
- Proxy: upProxy,
+ proxy: newProxy(addr, upProxy),
addr: addr,
raddr: raddr,
}
diff --git a/glider.conf.example b/glider.conf.example
index e7bcb96..3d38c53 100644
--- a/glider.conf.example
+++ b/glider.conf.example
@@ -89,7 +89,8 @@ strategy=rr
# Used to connect via forwarders, if the host is unreachable, the forwarder
# will be set to disabled.
-checkhost=www.apple.com:443
+# MUST BE A HTTP or HTTPS WEBSITE HOST ADDRESS
+checkwebsite=www.apple.com:443
# check duration(seconds)
checkduration=30
diff --git a/http.go b/http.go
index 205ea40..65d6a86 100644
--- a/http.go
+++ b/http.go
@@ -18,14 +18,14 @@ import (
// httpproxy
type httpproxy struct {
- Proxy
+ *proxy
addr string
}
// HTTPProxy returns a http proxy.
func HTTPProxy(addr string, upProxy Proxy) (Proxy, error) {
s := &httpproxy{
- Proxy: upProxy,
+ proxy: newProxy(addr, upProxy),
addr: addr,
}
@@ -56,7 +56,6 @@ func (s *httpproxy) ListenAndServe() {
// Serve .
func (s *httpproxy) Serve(c net.Conn) {
-
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
diff --git a/main.go b/main.go
index 0bc02b2..eb2fb7b 100644
--- a/main.go
+++ b/main.go
@@ -12,12 +12,12 @@ import (
)
// VERSION .
-const VERSION = "0.2.1"
+const VERSION = "0.3"
var conf struct {
Verbose bool
Strategy string
- CheckHost string
+ CheckWebSite string
CheckDuration int
Listen arrFlags
Forward arrFlags
@@ -121,7 +121,7 @@ func main() {
flag.BoolVar(&conf.Verbose, "verbose", false, "verbose mode")
flag.StringVar(&conf.Strategy, "strategy", "rr", "forward strategy, default: rr")
- flag.StringVar(&conf.CheckHost, "checkhost", "www.apple.com:443", "proxy check address")
+ flag.StringVar(&conf.CheckWebSite, "checkwebsite", "www.apple.com:443", "proxy check WEBSITE address")
flag.IntVar(&conf.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
flag.Var(&conf.Listen, "listen", "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
flag.Var(&conf.Forward, "forward", "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
@@ -152,8 +152,9 @@ func main() {
forwarders = append(forwarders, forward)
}
+ forwarder := newStrategyForwarder(conf.Strategy, forwarders)
for _, listen := range conf.Listen {
- local, err := ProxyFromURL(listen, forwarders...)
+ local, err := ProxyFromURL(listen, forwarder)
if err != nil {
log.Fatal(err)
}
@@ -163,7 +164,7 @@ func main() {
if len(forwarders) > 1 {
for _, forward := range forwarders {
- go check(forward, conf.CheckHost, conf.CheckDuration)
+ go check(forward, conf.CheckWebSite, conf.CheckDuration)
}
}
diff --git a/mixed.go b/mixed.go
index e063cba..684ed37 100644
--- a/mixed.go
+++ b/mixed.go
@@ -19,7 +19,7 @@ var httpMethods = [][]byte{
// mixedproxy
type mixedproxy struct {
- Proxy
+ *proxy
http Proxy
socks5 Proxy
ss Proxy
@@ -28,14 +28,14 @@ type mixedproxy struct {
// MixedProxy returns a mixed proxy.
func MixedProxy(network, addr, user, pass string, upProxy Proxy) (Proxy, error) {
p := &mixedproxy{
- Proxy: upProxy,
+ proxy: newProxy(addr, upProxy),
}
p.http, _ = HTTPProxy(addr, upProxy)
p.socks5, _ = SOCKS5Proxy(network, addr, user, pass, upProxy)
if user != "" && pass != "" {
- p.ss, _ = SSProxy(user, pass, upProxy)
+ p.ss, _ = SSProxy(addr, user, pass, upProxy)
}
return p, nil
diff --git a/proxy.go b/proxy.go
index b955ab3..e3ca974 100644
--- a/proxy.go
+++ b/proxy.go
@@ -2,6 +2,7 @@ package main
import (
"errors"
+ "io"
"net"
"net/url"
"strings"
@@ -46,12 +47,12 @@ type proxy struct {
}
// newProxy .
-func newProxy(addr string, forward Proxy) Proxy {
+func newProxy(addr string, forward Proxy) *proxy {
if forward == nil {
forward = Direct
}
- return &proxy{addr: addr, forward: forward, enabled: false}
+ return &proxy{addr: addr, forward: forward, enabled: true}
}
func (p *proxy) ListenAndServe() { logf("base proxy ListenAndServe") }
@@ -69,7 +70,7 @@ func (p *proxy) Dial(network, addr string) (net.Conn, error) {
// ProxyFromURL parses url and get a Proxy
// TODO: table
-func ProxyFromURL(s string, forwarders ...Proxy) (Proxy, error) {
+func ProxyFromURL(s string, forwarder Proxy) (Proxy, error) {
if !strings.Contains(s, "://") {
s = "mixed://" + s
}
@@ -87,43 +88,24 @@ func ProxyFromURL(s string, forwarders ...Proxy) (Proxy, error) {
pass, _ = u.User.Password()
}
- var proxy Proxy
- if len(forwarders) == 0 {
- proxy = newProxy(addr, Direct)
- } else if len(forwarders) == 1 {
- proxy = newProxy(addr, forwarders[0])
- } else if len(forwarders) > 1 {
- switch conf.Strategy {
- case "rr":
- proxy = newRRProxy(addr, forwarders)
- logf("forward to remote servers in round robin mode.")
- case "ha":
- proxy = newHAProxy(addr, forwarders)
- logf("forward to remote servers in high availability mode.")
- default:
- logf("not supported forward mode '%s', just use the first forward server.", conf.Strategy)
- proxy = newProxy(addr, forwarders[0])
- }
- }
-
switch u.Scheme {
case "ss":
- p, err := SSProxy(user, pass, proxy)
+ p, err := SSProxy(addr, user, pass, forwarder)
return p, err
case "socks5":
- return SOCKS5Proxy("tcp", addr, user, pass, proxy)
+ return SOCKS5Proxy("tcp", addr, user, pass, forwarder)
case "redir":
- return RedirProxy(addr, proxy)
+ return RedirProxy(addr, forwarder)
case "tcptun":
d := strings.Split(addr, "=")
- return TCPTunProxy(d[0], d[1], proxy)
+ return TCPTunProxy(d[0], d[1], forwarder)
case "dnstun":
d := strings.Split(addr, "=")
- return DNSTunProxy(d[0], d[1], proxy)
+ return DNSTunProxy(d[0], d[1], forwarder)
case "http":
- return HTTPProxy(addr, proxy)
+ return HTTPProxy(addr, forwarder)
case "mixed":
- return MixedProxy("tcp", addr, user, pass, proxy)
+ return MixedProxy("tcp", addr, user, pass, forwarder)
}
return nil, errors.New("unknown schema '" + u.Scheme + "'")
@@ -132,6 +114,8 @@ func ProxyFromURL(s string, forwarders ...Proxy) (Proxy, error) {
// Check proxy
func check(p Proxy, target string, duration int) {
firstTime := true
+ buf := make([]byte, 8)
+
for {
if !firstTime {
time.Sleep(time.Duration(duration) * time.Second)
@@ -141,15 +125,24 @@ func check(p Proxy, target string, duration int) {
startTime := time.Now()
c, err := p.Dial("tcp", target)
if err != nil {
- logf("proxy-check %s -> %s, set to DISABLED. error: %s", p.Addr(), conf.CheckHost, err)
p.SetEnable(false)
+ logf("proxy-check %s -> %s, set to DISABLED. error: %s", p.Addr(), target, err)
continue
}
- c.Close()
- p.SetEnable(true)
- // TODO: choose the fastest proxy.
- dialTime := time.Since(startTime)
- logf("proxy-check: %s -> %s, connect time: %s", p.Addr(), conf.CheckHost, dialTime.String())
+ c.Write([]byte("GET / HTTP/1.0"))
+ c.Write([]byte("\r\n\r\n"))
+
+ _, err = c.Read(buf)
+ if err != nil && err != io.EOF {
+ p.SetEnable(false)
+ logf("proxy-check %s -> %s, set to DISABLED. error: %s", p.Addr(), target, err)
+ } else {
+ p.SetEnable(true)
+ dialTime := time.Since(startTime)
+ logf("proxy-check: %s -> %s, connect time: %s", p.Addr(), target, dialTime.String())
+ }
+
+ c.Close()
}
}
diff --git a/socks5.go b/socks5.go
index 6043b43..aca2365 100644
--- a/socks5.go
+++ b/socks5.go
@@ -56,7 +56,7 @@ var socks5Errors = []string{
}
type socks5 struct {
- Proxy
+ *proxy
network, addr string
user, password string
}
@@ -65,7 +65,7 @@ type socks5 struct {
// with an optional username and password. See RFC 1928.
func SOCKS5Proxy(network, addr, user, pass string, upProxy Proxy) (Proxy, error) {
s := &socks5{
- Proxy: upProxy,
+ proxy: newProxy(addr, upProxy),
addr: addr,
user: user,
password: pass,
diff --git a/ss.go b/ss.go
index ba1c92a..e3a2ed6 100644
--- a/ss.go
+++ b/ss.go
@@ -11,19 +11,19 @@ import (
// ss
type ss struct {
- Proxy
+ *proxy
core.StreamConnCipher
}
// SSProxy returns a shadowsocks proxy.
-func SSProxy(method, pass string, upProxy Proxy) (Proxy, error) {
+func SSProxy(addr, method, pass string, upProxy Proxy) (Proxy, error) {
ciph, err := core.PickCipher(method, nil, pass)
if err != nil {
log.Fatal(err)
}
s := &ss{
- Proxy: upProxy,
+ proxy: newProxy(addr, upProxy),
StreamConnCipher: ciph,
}
@@ -86,6 +86,7 @@ func (s *ss) Serve(c net.Conn) {
// Dial connects to the address addr on the network net via the proxy.
func (s *ss) Dial(network, addr string) (net.Conn, error) {
+
target := ParseAddr(addr)
if target == nil {
return nil, errors.New("Unable to parse address: " + addr)
diff --git a/strategy.go b/strategy.go
index 08c2f9b..4d61580 100644
--- a/strategy.go
+++ b/strategy.go
@@ -5,32 +5,53 @@ import (
"time"
)
-// strategyProxy
-type strategyProxy struct {
- addr string
+// newStrategyForwarder .
+func newStrategyForwarder(strategy string, forwarders []Proxy) Proxy {
+ var proxy Proxy
+ if len(forwarders) == 0 {
+ proxy = Direct
+ } else if len(forwarders) == 1 {
+ proxy = forwarders[0]
+ } else if len(forwarders) > 1 {
+ switch strategy {
+ case "rr":
+ proxy = newRRProxy("", forwarders)
+ logf("forward to remote servers in round robin mode.")
+ case "ha":
+ proxy = newHAProxy("", forwarders)
+ logf("forward to remote servers in high availability mode.")
+ default:
+ logf("not supported forward mode '%s', just use the first forward server.", conf.Strategy)
+ proxy = forwarders[0]
+ }
+ }
+
+ return proxy
+}
+
+// rrProxy
+type rrProxy struct {
forwarders []Proxy
idx int
}
-// newStrategyProxy .
-func newStrategyProxy(addr string, forwarders []Proxy) Proxy {
+// newRRProxy .
+func newRRProxy(addr string, forwarders []Proxy) Proxy {
if len(forwarders) == 0 {
return Direct
} else if len(forwarders) == 1 {
return newProxy(addr, forwarders[0])
}
-
-
- return &strategyProxy{addr: addr, forwarders: forwarders}
+ return &rrProxy{forwarders: forwarders}
}
-func (p *strategyProxy) ListenAndServe() {}
-func (p *strategyProxy) Serve(c net.Conn) {}
-func (p *strategyProxy) CurrentProxy() Proxy { return p.forwarders[p.idx] }
-func (p *strategyProxy) GetProxy() Proxy { return p.NextProxy() }
+func (p *rrProxy) ListenAndServe() {}
+func (p *rrProxy) Serve(c net.Conn) {}
+func (p *rrProxy) CurrentProxy() Proxy { return p.forwarders[p.idx] }
+func (p *rrProxy) GetProxy() Proxy { return p.NextProxy() }
-func (p *strategyProxy) NextProxy() Proxy {
+func (p *rrProxy) NextProxy() Proxy {
n := len(p.forwarders)
if n == 1 {
return p.forwarders[0]
@@ -52,38 +73,25 @@ func (p *strategyProxy) NextProxy() Proxy {
return p.forwarders[p.idx]
}
-func (p *strategyProxy) Enabled() bool { return true }
-func (p *strategyProxy) SetEnable(enable bool) {}
-
-func (p *strategyProxy) Check(proxy Proxy, target string, duration time.Duration) {}
-
-func (p *strategyProxy) Addr() string { return p.addr }
-
-func (p *strategyProxy) Dial(network, addr string) (net.Conn, error) {
+func (p *rrProxy) Enabled() bool { return true }
+func (p *rrProxy) SetEnable(enable bool) {}
+func (p *rrProxy) Check(proxy Proxy, target string, duration time.Duration) {}
+func (p *rrProxy) Addr() string { return "" }
+func (p *rrProxy) Dial(network, addr string) (net.Conn, error) {
return p.NextProxy().Dial(network, addr)
}
-// round robin proxy
-type rrproxy struct {
- Proxy
-}
-
-// newRRProxy .
-func newRRProxy(addr string, forwarders []Proxy) Proxy {
- return newStrategyProxy(addr, forwarders)
-}
-
// high availability proxy
-type haproxy struct {
+type haProxy struct {
Proxy
}
// newHAProxy .
func newHAProxy(addr string, forwarders []Proxy) Proxy {
- return &haproxy{Proxy: newStrategyProxy(addr, forwarders)}
+ return &haProxy{Proxy: newRRProxy(addr, forwarders)}
}
-func (p *haproxy) GetProxy() Proxy {
+func (p *haProxy) GetProxy() Proxy {
proxy := p.CurrentProxy()
if proxy.Enabled() == false {
return p.NextProxy()
diff --git a/tcptun.go b/tcptun.go
index 7b6abd4..f933aaa 100644
--- a/tcptun.go
+++ b/tcptun.go
@@ -3,7 +3,7 @@ package main
import "net"
type tcptun struct {
- Proxy
+ *proxy
addr string
raddr string
}
@@ -11,7 +11,7 @@ type tcptun struct {
// TCPTunProxy returns a redirect proxy.
func TCPTunProxy(addr, raddr string, upProxy Proxy) (Proxy, error) {
s := &tcptun{
- Proxy: upProxy,
+ proxy: newProxy(addr, upProxy),
addr: addr,
raddr: raddr,
}
From bf692de636a3adf980792a33d931f33a88dcdd96 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 29 Jul 2017 23:20:27 +0800
Subject: [PATCH 023/341] change "func GetProxy() Proxy" to "GetProxy(dstAddr
string) Proxy" so we could add rule based proxy later
---
dnstun.go | 4 +---
http.go | 8 +++-----
mixed.go | 6 +++---
proxy.go | 18 +++++++++---------
redir_linux.go | 30 ------------------------------
socks5.go | 10 +++++-----
ss.go | 12 ++++++------
strategy.go | 10 +++++-----
tcptun.go | 4 +---
9 files changed, 33 insertions(+), 69 deletions(-)
diff --git a/dnstun.go b/dnstun.go
index 886a54c..8f96d7f 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -25,7 +25,6 @@ const MaxUDPDNSLen = 512
type dnstun struct {
*proxy
- addr string
raddr string
}
@@ -33,7 +32,6 @@ type dnstun struct {
func DNSTunProxy(addr, raddr string, upProxy Proxy) (Proxy, error) {
s := &dnstun{
proxy: newProxy(addr, upProxy),
- addr: addr,
raddr: raddr,
}
@@ -66,7 +64,7 @@ func (s *dnstun) ListenAndServe() {
// TODO: check domain rules and get a proper proxy.
domain := getDomain(data)
- rc, err := s.GetProxy().Dial("tcp", s.raddr)
+ rc, err := s.GetProxy(s.raddr).Dial("tcp", s.raddr)
if err != nil {
logf("failed to connect to server %v: %v", s.raddr, err)
return
diff --git a/http.go b/http.go
index 65d6a86..62cd8b0 100644
--- a/http.go
+++ b/http.go
@@ -19,14 +19,12 @@ import (
// httpproxy
type httpproxy struct {
*proxy
- addr string
}
// HTTPProxy returns a http proxy.
func HTTPProxy(addr string, upProxy Proxy) (Proxy, error) {
s := &httpproxy{
proxy: newProxy(addr, upProxy),
- addr: addr,
}
return s, nil
@@ -94,7 +92,7 @@ func (s *httpproxy) Serve(c net.Conn) {
tgt += ":80"
}
- rc, err := s.GetProxy().Dial("tcp", tgt)
+ rc, err := s.GetProxy(tgt).Dial("tcp", tgt)
if err != nil {
fmt.Fprintf(c, "%s 502 ERROR\r\n\r\n", proto)
logf("failed to dial: %v", err)
@@ -150,7 +148,7 @@ func (s *httpproxy) Serve(c net.Conn) {
}
func (s *httpproxy) servHTTPS(method, requestURI, proto string, c net.Conn) {
- rc, err := s.GetProxy().Dial("tcp", requestURI)
+ rc, err := s.GetProxy(requestURI).Dial("tcp", requestURI)
if err != nil {
c.Write([]byte(proto))
c.Write([]byte(" 502 ERROR\r\n\r\n"))
@@ -173,7 +171,7 @@ func (s *httpproxy) servHTTPS(method, requestURI, proto string, c net.Conn) {
// Dial connects to the address addr on the network net via the proxy.
func (s *httpproxy) Dial(network, addr string) (net.Conn, error) {
- rc, err := s.GetProxy().Dial("tcp", s.addr)
+ rc, err := s.GetProxy(s.addr).Dial("tcp", s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
diff --git a/mixed.go b/mixed.go
index 684ed37..ef99118 100644
--- a/mixed.go
+++ b/mixed.go
@@ -43,13 +43,13 @@ func MixedProxy(network, addr, user, pass string, upProxy Proxy) (Proxy, error)
// mixedproxy .
func (p *mixedproxy) ListenAndServe() {
- l, err := net.Listen("tcp", p.Addr())
+ l, err := net.Listen("tcp", p.addr)
if err != nil {
- logf("failed to listen on %s: %v", p.Addr(), err)
+ logf("failed to listen on %s: %v", p.addr, err)
return
}
- logf("listening TCP on %s", p.Addr())
+ logf("listening TCP on %s", p.addr)
for {
c, err := l.Accept()
diff --git a/proxy.go b/proxy.go
index e3ca974..a088ad3 100644
--- a/proxy.go
+++ b/proxy.go
@@ -24,7 +24,7 @@ type Proxy interface {
CurrentProxy() Proxy
// Get a proxy according to the strategy
- GetProxy() Proxy
+ GetProxy(dstAddr string) Proxy
// Switch to the next proxy
NextProxy() Proxy
@@ -55,14 +55,14 @@ func newProxy(addr string, forward Proxy) *proxy {
return &proxy{addr: addr, forward: forward, enabled: true}
}
-func (p *proxy) ListenAndServe() { logf("base proxy ListenAndServe") }
-func (p *proxy) Serve(c net.Conn) { logf("base proxy Serve") }
-func (p *proxy) CurrentProxy() Proxy { return p.forward }
-func (p *proxy) GetProxy() Proxy { return p.forward }
-func (p *proxy) NextProxy() Proxy { return p.forward }
-func (p *proxy) Enabled() bool { return p.enabled }
-func (p *proxy) SetEnable(enable bool) { p.enabled = enable }
-func (p *proxy) Addr() string { return p.addr }
+func (p *proxy) ListenAndServe() { logf("base proxy ListenAndServe") }
+func (p *proxy) Serve(c net.Conn) { logf("base proxy Serve") }
+func (p *proxy) CurrentProxy() Proxy { return p.forward }
+func (p *proxy) GetProxy(dstAddr string) Proxy { return p.forward }
+func (p *proxy) NextProxy() Proxy { return p.forward }
+func (p *proxy) Enabled() bool { return p.enabled }
+func (p *proxy) SetEnable(enable bool) { p.enabled = enable }
+func (p *proxy) Addr() string { return p.addr }
func (p *proxy) Dial(network, addr string) (net.Conn, error) {
return p.forward.Dial(network, addr)
diff --git a/redir_linux.go b/redir_linux.go
index cf64e8b..de23ae8 100644
--- a/redir_linux.go
+++ b/redir_linux.go
@@ -4,7 +4,6 @@
package main
import (
- "errors"
"net"
"syscall"
"unsafe"
@@ -56,7 +55,6 @@ func (s *redir) ListenAndServe() {
c.SetKeepAlive(true)
}
- // tgt, c, err := getOriginalDstAddr(c)
tgt, err := getOrigDst(c, false)
if err != nil {
logf("failed to get target address: %v", err)
@@ -84,34 +82,6 @@ func (s *redir) ListenAndServe() {
}
}
-// Get the original destination of a TCP connection.
-func getOrigDst(conn net.Conn, ipv6 bool) (socks.Addr, error) {
- c, ok := conn.(*net.TCPConn)
- if !ok {
- return nil, errors.New("only work with TCP connection")
- }
- f, err := c.File()
- if err != nil {
- return nil, err
- }
- defer f.Close()
-
- fd := f.Fd()
-
- // The File() call above puts both the original socket fd and the file fd in blocking mode.
- // Set the file fd back to non-blocking mode and the original socket fd will become non-blocking as well.
- // Otherwise blocking I/O will waste OS threads.
- if err := syscall.SetNonblock(int(fd), true); err != nil {
- return nil, err
- }
-
- if ipv6 {
- return ipv6_getorigdst(fd)
- }
-
- return getorigdst(fd)
-}
-
// Call getorigdst() from linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
func getorigdst(fd uintptr) (socks.Addr, error) {
raw := syscall.RawSockaddrInet4{}
diff --git a/socks5.go b/socks5.go
index aca2365..0414f51 100644
--- a/socks5.go
+++ b/socks5.go
@@ -57,8 +57,9 @@ var socks5Errors = []string{
type socks5 struct {
*proxy
- network, addr string
- user, password string
+ network string
+ user string
+ password string
}
// SOCKS5Proxy returns a Proxy that makes SOCKSv5 connections to the given address
@@ -66,7 +67,6 @@ type socks5 struct {
func SOCKS5Proxy(network, addr, user, pass string, upProxy Proxy) (Proxy, error) {
s := &socks5{
proxy: newProxy(addr, upProxy),
- addr: addr,
user: user,
password: pass,
}
@@ -108,7 +108,7 @@ func (s *socks5) Serve(c net.Conn) {
return
}
- rc, err := s.GetProxy().Dial("tcp", tgt.String())
+ rc, err := s.GetProxy(tgt.String()).Dial("tcp", tgt.String())
if err != nil {
logf("failed to connect to target: %v", err)
return
@@ -134,7 +134,7 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) {
return nil, errors.New("proxy: no support for SOCKS5 proxy connections of type " + network)
}
- c, err := s.GetProxy().Dial(s.network, s.addr)
+ c, err := s.GetProxy(s.addr).Dial(s.network, s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
diff --git a/ss.go b/ss.go
index e3a2ed6..d85ecd7 100644
--- a/ss.go
+++ b/ss.go
@@ -32,13 +32,13 @@ func SSProxy(addr, method, pass string, upProxy Proxy) (Proxy, error) {
// ListenAndServe shadowsocks requests as a server.
func (s *ss) ListenAndServe() {
- l, err := net.Listen("tcp", s.Addr())
+ l, err := net.Listen("tcp", s.addr)
if err != nil {
- logf("failed to listen on %s: %v", s.Addr(), err)
+ logf("failed to listen on %s: %v", s.addr, err)
return
}
- logf("listening TCP on %s", s.Addr())
+ logf("listening TCP on %s", s.addr)
for {
c, err := l.Accept()
@@ -65,7 +65,7 @@ func (s *ss) Serve(c net.Conn) {
return
}
- rc, err := s.GetProxy().Dial("tcp", tgt.String())
+ rc, err := s.GetProxy(tgt.String()).Dial("tcp", tgt.String())
if err != nil {
logf("failed to connect to target: %v", err)
return
@@ -92,9 +92,9 @@ func (s *ss) Dial(network, addr string) (net.Conn, error) {
return nil, errors.New("Unable to parse address: " + addr)
}
- c, err := s.GetProxy().Dial("tcp", s.Addr())
+ c, err := s.GetProxy(s.addr).Dial("tcp", s.addr)
if err != nil {
- logf("dial to %s error: %s", s.Addr(), err)
+ logf("dial to %s error: %s", s.addr, err)
return nil, err
}
diff --git a/strategy.go b/strategy.go
index 4d61580..14dd344 100644
--- a/strategy.go
+++ b/strategy.go
@@ -46,10 +46,10 @@ func newRRProxy(addr string, forwarders []Proxy) Proxy {
return &rrProxy{forwarders: forwarders}
}
-func (p *rrProxy) ListenAndServe() {}
-func (p *rrProxy) Serve(c net.Conn) {}
-func (p *rrProxy) CurrentProxy() Proxy { return p.forwarders[p.idx] }
-func (p *rrProxy) GetProxy() Proxy { return p.NextProxy() }
+func (p *rrProxy) ListenAndServe() {}
+func (p *rrProxy) Serve(c net.Conn) {}
+func (p *rrProxy) CurrentProxy() Proxy { return p.forwarders[p.idx] }
+func (p *rrProxy) GetProxy(dstAddr string) Proxy { return p.NextProxy() }
func (p *rrProxy) NextProxy() Proxy {
n := len(p.forwarders)
@@ -91,7 +91,7 @@ func newHAProxy(addr string, forwarders []Proxy) Proxy {
return &haProxy{Proxy: newRRProxy(addr, forwarders)}
}
-func (p *haProxy) GetProxy() Proxy {
+func (p *haProxy) GetProxy(dstAddr string) Proxy {
proxy := p.CurrentProxy()
if proxy.Enabled() == false {
return p.NextProxy()
diff --git a/tcptun.go b/tcptun.go
index f933aaa..0fbe677 100644
--- a/tcptun.go
+++ b/tcptun.go
@@ -4,7 +4,6 @@ import "net"
type tcptun struct {
*proxy
- addr string
raddr string
}
@@ -12,7 +11,6 @@ type tcptun struct {
func TCPTunProxy(addr, raddr string, upProxy Proxy) (Proxy, error) {
s := &tcptun{
proxy: newProxy(addr, upProxy),
- addr: addr,
raddr: raddr,
}
@@ -43,7 +41,7 @@ func (s *tcptun) ListenAndServe() {
c.SetKeepAlive(true)
}
- rc, err := s.GetProxy().Dial("tcp", s.raddr)
+ rc, err := s.GetProxy(s.raddr).Dial("tcp", s.raddr)
if err != nil {
logf("failed to connect to target: %v", err)
From 4dd429b7545f12c6ffa317879ded29876af68d90 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 30 Jul 2017 01:54:19 +0800
Subject: [PATCH 024/341] add proxy rule file support.
---
.gitignore | 1 +
direct.go | 15 +++++---
glider.conf.example | 7 ++++
main.go | 19 ++++++++++
office.rule.example | 29 +++++++++++++++
proxy.go | 8 ++--
rule.go | 91 +++++++++++++++++++++++++++++++++++++++++++++
rules.go | 89 ++++++++++++++++++++++++++++++++++++++++++++
strategy.go | 13 +++----
9 files changed, 254 insertions(+), 18 deletions(-)
create mode 100644 office.rule.example
create mode 100644 rule.go
create mode 100644 rules.go
diff --git a/.gitignore b/.gitignore
index 4e64827..7310a88 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,5 +16,6 @@
# custom
*.zip
*.conf
+*.rule
glider
doc/
diff --git a/direct.go b/direct.go
index ceda39e..a2deb56 100644
--- a/direct.go
+++ b/direct.go
@@ -4,16 +4,19 @@ import "net"
// direct proxy
type direct struct {
- Proxy
}
// Direct proxy
-var Direct = &direct{Proxy: &proxy{addr: "127.0.0.1"}}
+var Direct = &direct{}
-// Direct proxy always enabled
-func (d *direct) Enabled() bool {
- return true
-}
+func (d *direct) Addr() string { return "127.0.0.1" }
+func (d *direct) ListenAndServe() { logf("base proxy ListenAndServe") }
+func (d *direct) Serve(c net.Conn) { logf("base proxy Serve") }
+func (d *direct) CurrentProxy() Proxy { return d }
+func (d *direct) GetProxy(dstAddr string) Proxy { return d }
+func (d *direct) NextProxy() Proxy { return d }
+func (d *direct) Enabled() bool { return true }
+func (d *direct) SetEnable(enable bool) {}
func (d *direct) Dial(network, addr string) (net.Conn, error) {
c, err := net.Dial(network, addr)
diff --git a/glider.conf.example b/glider.conf.example
index 3d38c53..8656872 100644
--- a/glider.conf.example
+++ b/glider.conf.example
@@ -94,3 +94,10 @@ checkwebsite=www.apple.com:443
# check duration(seconds)
checkduration=30
+
+
+# RULE FILES
+# ----------
+# Specify additional forward rules
+#rulefile=office.rule
+#rulefile=home.rule
diff --git a/main.go b/main.go
index eb2fb7b..60cf25b 100644
--- a/main.go
+++ b/main.go
@@ -21,6 +21,7 @@ var conf struct {
CheckDuration int
Listen arrFlags
Forward arrFlags
+ RuleFile arrFlags
}
var flag = conflag.New()
@@ -125,6 +126,7 @@ func main() {
flag.IntVar(&conf.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
flag.Var(&conf.Listen, "listen", "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
flag.Var(&conf.Forward, "forward", "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
+ flag.Var(&conf.RuleFile, "rulefile", "rule file path")
flag.Usage = usage
err := flag.Parse()
@@ -139,6 +141,7 @@ func main() {
return
}
+ // global forwarders in xx.conf
var forwarders []Proxy
for _, chain := range conf.Forward {
var forward Proxy
@@ -152,7 +155,23 @@ func main() {
forwarders = append(forwarders, forward)
}
+ // combine forwarders to a singer strategy forwarder
forwarder := newStrategyForwarder(conf.Strategy, forwarders)
+
+ // rule forwarders
+ var ruleForwarders []*ruleForwarder
+ for _, ruleFile := range conf.RuleFile {
+ ruleForwarder, err := newRuleProxyFromFile(ruleFile)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ ruleForwarders = append(ruleForwarders, ruleForwarder)
+ }
+
+ // combine ruleforwarders and global strategy forwarder
+ forwarder = newRulesForwarder(ruleForwarders, forwarder)
+
for _, listen := range conf.Listen {
local, err := ProxyFromURL(listen, forwarder)
if err != nil {
diff --git a/office.rule.example b/office.rule.example
new file mode 100644
index 0000000..362c741
--- /dev/null
+++ b/office.rule.example
@@ -0,0 +1,29 @@
+# Glider rule configuration file.
+#
+# Format is the same as glider main config file.
+# EXCEPTION: Listeners are NOT allowed to setup here.
+
+# FORWARDERS
+# ----------
+# Forwarders, we can setup multiple forwarders.
+forward=socks5://192.168.1.10:1080
+forward=ss://method:pass@1.1.1.1:443
+forward=http://192.168.2.1:8080,socks5://192.168.2.2:1080
+
+strategy=rr
+
+checkwebsite=www.apple.com:443
+checkduration=30
+
+# DESTINATIONS
+# ------------
+# ALL destinations matches the following rules will be forward using forwarders specified above
+
+# matches abc.com and *.abc.com
+domain=abc.com
+
+# matches 1.1.1.1
+ip=1.1.1.1
+
+# matches 192.168.100.0/24
+cidr=192.168.100.0/24
diff --git a/proxy.go b/proxy.go
index a088ad3..17952f7 100644
--- a/proxy.go
+++ b/proxy.go
@@ -11,15 +11,15 @@ import (
// A Proxy means to establish a connection and relay it.
type Proxy interface {
+ // Get address
+ Addr() string
+
// ListenAndServe as proxy server, use only in server mode.
ListenAndServe()
// Serve as proxy server, use only in server mode.
Serve(c net.Conn)
- // Get address
- Addr() string
-
// Get current proxy
CurrentProxy() Proxy
@@ -55,6 +55,7 @@ func newProxy(addr string, forward Proxy) *proxy {
return &proxy{addr: addr, forward: forward, enabled: true}
}
+func (p *proxy) Addr() string { return p.addr }
func (p *proxy) ListenAndServe() { logf("base proxy ListenAndServe") }
func (p *proxy) Serve(c net.Conn) { logf("base proxy Serve") }
func (p *proxy) CurrentProxy() Proxy { return p.forward }
@@ -62,7 +63,6 @@ func (p *proxy) GetProxy(dstAddr string) Proxy { return p.forward }
func (p *proxy) NextProxy() Proxy { return p.forward }
func (p *proxy) Enabled() bool { return p.enabled }
func (p *proxy) SetEnable(enable bool) { p.enabled = enable }
-func (p *proxy) Addr() string { return p.addr }
func (p *proxy) Dial(network, addr string) (net.Conn, error) {
return p.forward.Dial(network, addr)
diff --git a/rule.go b/rule.go
new file mode 100644
index 0000000..c67a6a8
--- /dev/null
+++ b/rule.go
@@ -0,0 +1,91 @@
+package main
+
+import (
+ "fmt"
+ "log"
+ "net"
+ "os"
+ "strings"
+
+ "github.com/nadoo/conflag"
+)
+
+// ruleForwarder, every ruleForwarder points to a rule file
+type ruleForwarder struct {
+ Forward arrFlags
+ Strategy string
+ CheckWebSite string
+ CheckDuration int
+
+ Domain arrFlags
+ IP arrFlags
+ CIDR arrFlags
+
+ name string
+ sForwarder Proxy
+}
+
+// newRuleProxyFromFile .
+func newRuleProxyFromFile(ruleFile string) (*ruleForwarder, error) {
+ p := &ruleForwarder{name: ruleFile}
+
+ f := conflag.NewFromFile("rule", ruleFile)
+ f.Var(&p.Forward, "forward", "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
+ f.StringVar(&p.Strategy, "strategy", "rr", "forward strategy, default: rr")
+ f.StringVar(&p.CheckWebSite, "checkwebsite", "www.apple.com:443", "proxy check website address")
+ f.IntVar(&p.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
+
+ f.Var(&p.Domain, "domain", "domain")
+ f.Var(&p.IP, "ip", "ip")
+ f.Var(&p.CIDR, "cidr", "cidr")
+
+ err := f.Parse()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "ERROR: %s\n", err)
+ return nil, err
+ }
+
+ var forwarders []Proxy
+ for _, chain := range p.Forward {
+ var forward Proxy
+ var err error
+ for _, url := range strings.Split(chain, ",") {
+ forward, err = ProxyFromURL(url, forward)
+ if err != nil {
+ log.Fatal(err)
+ }
+ }
+ forwarders = append(forwarders, forward)
+ }
+
+ forwarder := newStrategyForwarder(p.Strategy, forwarders)
+
+ for _, forward := range forwarders {
+ go check(forward, p.CheckWebSite, p.CheckDuration)
+ }
+
+ p.sForwarder = forwarder
+
+ return p, err
+}
+
+func (p *ruleForwarder) Addr() string { return "rule forwarder" }
+func (p *ruleForwarder) ListenAndServe() {}
+func (p *ruleForwarder) Serve(c net.Conn) {}
+func (p *ruleForwarder) CurrentProxy() Proxy { return p.sForwarder.CurrentProxy() }
+
+func (p *ruleForwarder) GetProxy(dstAddr string) Proxy {
+
+ return p.sForwarder.NextProxy()
+}
+
+func (p *ruleForwarder) NextProxy() Proxy {
+ return p.sForwarder.NextProxy()
+}
+
+func (p *ruleForwarder) Enabled() bool { return true }
+func (p *ruleForwarder) SetEnable(enable bool) {}
+
+func (p *ruleForwarder) Dial(network, addr string) (net.Conn, error) {
+ return p.NextProxy().Dial(network, addr)
+}
diff --git a/rules.go b/rules.go
new file mode 100644
index 0000000..a860bf3
--- /dev/null
+++ b/rules.go
@@ -0,0 +1,89 @@
+package main
+
+import (
+ "net"
+ "strings"
+)
+
+type rulesForwarder struct {
+ globalForwarder Proxy
+
+ domainMap map[string]Proxy
+ ipMap map[string]Proxy
+ cidrMap map[string]Proxy
+}
+
+// newRulesForwarder .
+func newRulesForwarder(ruleForwarders []*ruleForwarder, globalForwarder Proxy) Proxy {
+ p := &rulesForwarder{globalForwarder: globalForwarder}
+
+ for _, f := range ruleForwarders {
+ p.domainMap = make(map[string]Proxy)
+ for _, domain := range f.Domain {
+ p.domainMap[domain] = f.sForwarder
+ }
+
+ p.ipMap = make(map[string]Proxy)
+ for _, ip := range f.IP {
+ p.ipMap[ip] = f.sForwarder
+ }
+
+ p.cidrMap = make(map[string]Proxy)
+ for _, cidr := range f.CIDR {
+ p.cidrMap[cidr] = f.sForwarder
+ }
+ }
+
+ return p
+}
+
+func (p *rulesForwarder) Addr() string { return "rule forwarder" }
+func (p *rulesForwarder) ListenAndServe() {}
+func (p *rulesForwarder) Serve(c net.Conn) {}
+func (p *rulesForwarder) CurrentProxy() Proxy { return p.globalForwarder.CurrentProxy() }
+
+func (p *rulesForwarder) GetProxy(dstAddr string) Proxy {
+
+ logf("dstAddr: %s", dstAddr)
+
+ host, _, err := net.SplitHostPort(dstAddr)
+ if err != nil {
+ // TODO: check here
+ logf("%s", err)
+ return p.globalForwarder.GetProxy(dstAddr)
+ }
+
+ // find ip
+ if ip := net.ParseIP(host); ip != nil {
+ // check cidr
+
+ // check ip
+ if p, ok := p.ipMap[ip.String()]; ok {
+ return p
+ }
+ }
+
+ domainParts := strings.Split(host, ".")
+ length := len(domainParts)
+ for i := length - 2; i >= 0; i-- {
+ domain := strings.Join(domainParts[i:length], ".")
+
+ // find in domainMap
+ if p, ok := p.domainMap[domain]; ok {
+ return p
+ }
+ }
+
+ return p.globalForwarder.GetProxy(dstAddr)
+}
+
+func (p *rulesForwarder) NextProxy() Proxy {
+ return p.globalForwarder.NextProxy()
+}
+
+func (p *rulesForwarder) Enabled() bool { return true }
+func (p *rulesForwarder) SetEnable(enable bool) {}
+
+func (p *rulesForwarder) Dial(network, addr string) (net.Conn, error) {
+ return p.GetProxy(addr).Dial(network, addr)
+}
diff --git a/strategy.go b/strategy.go
index 14dd344..b1967f7 100644
--- a/strategy.go
+++ b/strategy.go
@@ -1,9 +1,6 @@
package main
-import (
- "net"
- "time"
-)
+import "net"
// newStrategyForwarder .
func newStrategyForwarder(strategy string, forwarders []Proxy) Proxy {
@@ -46,6 +43,7 @@ func newRRProxy(addr string, forwarders []Proxy) Proxy {
return &rrProxy{forwarders: forwarders}
}
+func (p *rrProxy) Addr() string { return "strategy forwarder" }
func (p *rrProxy) ListenAndServe() {}
func (p *rrProxy) Serve(c net.Conn) {}
func (p *rrProxy) CurrentProxy() Proxy { return p.forwarders[p.idx] }
@@ -73,10 +71,9 @@ func (p *rrProxy) NextProxy() Proxy {
return p.forwarders[p.idx]
}
-func (p *rrProxy) Enabled() bool { return true }
-func (p *rrProxy) SetEnable(enable bool) {}
-func (p *rrProxy) Check(proxy Proxy, target string, duration time.Duration) {}
-func (p *rrProxy) Addr() string { return "" }
+func (p *rrProxy) Enabled() bool { return true }
+func (p *rrProxy) SetEnable(enable bool) {}
+
func (p *rrProxy) Dial(network, addr string) (net.Conn, error) {
return p.NextProxy().Dial(network, addr)
}
From 3d8c976bd054d3fd3b4edb65728918b6a007f9c6 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 30 Jul 2017 10:35:11 +0800
Subject: [PATCH 025/341] 1. add CIDR rule support; 2. update some docs; 3.
optimize rule.go codes.
---
README.md | 41 +++++++++++++++++++++++++++++++++++++----
main.go | 3 +++
rule.go | 28 +++-------------------------
rules.go | 31 +++++++++++++++++++------------
4 files changed, 62 insertions(+), 41 deletions(-)
diff --git a/README.md b/README.md
index 919b5b6..d06692f 100644
--- a/README.md
+++ b/README.md
@@ -23,9 +23,10 @@ Forward(upstream proxy):
- SS proxy
General:
+- Http and socks5 on the same port
- Forward chain
- HA or RR strategy for multiple forwarders
-- Http and socks5 on the same port
+- Destination rule proxy support
- Periodical proxy checking
## Install
@@ -60,17 +61,19 @@ glider -config CONFIGPATH -listen :8080 -verbose
## Usage
```bash
-glider v0.2 usage:
+glider v0.3 usage:
-checkduration int
proxy check duration(seconds) (default 30)
- -checkhost string
- proxy check address (default "www.apple.com:443")
+ -checkwebsite string
+ proxy check WEBSITE address (default "www.apple.com:443")
-config string
config file path
-forward value
forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]
-listen value
listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT
+ -rulefile value
+ rule file path
-strategy string
forward strategy, default: rr (default "rr")
-verbose
@@ -107,6 +110,9 @@ Examples:
glider -config glider.conf
-run glider with specified config file.
+ glider -config glider.conf -rulefile office.rule -rulefile home.rule
+ -run glider with specified global config file and rule config files.
+
glider -listen :8443
-listen on :8443, serve as http/socks5 proxy on the same port.
@@ -170,9 +176,36 @@ checkhost=www.apple.com:443
# check duration
checkduration=30
+
+# RULE FILES
+rulefile=office.rule
+rulefile=home.rule
```
See [glider.conf.example](glider.conf.example)
+## Rule File
+Rule file, **same as the config file but specify forwarders based on destinations**:
+```bash
+# YOU CAN USE ALL KEYS IN THE GLOBAL CONFIG FILE EXCEPT "listen", "rulefile"
+forward=socks5://192.168.1.10:1080
+forward=ss://method:pass@1.1.1.1:443
+forward=http://192.168.2.1:8080,socks5://192.168.2.2:1080
+strategy=rr
+checkwebsite=www.apple.com:443
+checkduration=30
+
+# YOU CAN SPECIFY DESTINATIONS TO USE THE ABOVE FORWARDERS
+# matches abc.com and *.abc.com
+domain=abc.com
+
+# matches 1.1.1.1
+ip=1.1.1.1
+
+# matches 192.168.100.0/24
+cidr=192.168.100.0/24
+```
+See [office.rule.example](office.rule.example)
+
## Service
- systemd: [https://github.com/nadoo/glider/blob/master/systemd/](https://github.com/nadoo/glider/blob/master/systemd/)
diff --git a/main.go b/main.go
index 60cf25b..d94002f 100644
--- a/main.go
+++ b/main.go
@@ -76,6 +76,9 @@ func usage() {
fmt.Fprintf(os.Stderr, " "+app+" -config glider.conf\n")
fmt.Fprintf(os.Stderr, " -run glider with specified config file.\n")
fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -config glider.conf -rulefile office.rule -rulefile home.rule\n")
+ fmt.Fprintf(os.Stderr, " -run glider with specified global config file and rule config files.\n")
+ fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen :8443\n")
fmt.Fprintf(os.Stderr, " -listen on :8443, serve as http/socks5 proxy on the same port.\n")
fmt.Fprintf(os.Stderr, "\n")
diff --git a/rule.go b/rule.go
index c67a6a8..a71cfab 100644
--- a/rule.go
+++ b/rule.go
@@ -3,7 +3,6 @@ package main
import (
"fmt"
"log"
- "net"
"os"
"strings"
@@ -21,8 +20,8 @@ type ruleForwarder struct {
IP arrFlags
CIDR arrFlags
- name string
- sForwarder Proxy
+ name string
+ Proxy
}
// newRuleProxyFromFile .
@@ -64,28 +63,7 @@ func newRuleProxyFromFile(ruleFile string) (*ruleForwarder, error) {
go check(forward, p.CheckWebSite, p.CheckDuration)
}
- p.sForwarder = forwarder
+ p.Proxy = forwarder
return p, err
}
-
-func (p *ruleForwarder) Addr() string { return "rule forwarder" }
-func (p *ruleForwarder) ListenAndServe() {}
-func (p *ruleForwarder) Serve(c net.Conn) {}
-func (p *ruleForwarder) CurrentProxy() Proxy { return p.sForwarder.CurrentProxy() }
-
-func (p *ruleForwarder) GetProxy(dstAddr string) Proxy {
-
- return p.sForwarder.NextProxy()
-}
-
-func (p *ruleForwarder) NextProxy() Proxy {
- return p.sForwarder.NextProxy()
-}
-
-func (p *ruleForwarder) Enabled() bool { return true }
-func (p *ruleForwarder) SetEnable(enable bool) {}
-
-func (p *ruleForwarder) Dial(network, addr string) (net.Conn, error) {
- return p.NextProxy().Dial(network, addr)
-}
diff --git a/rules.go b/rules.go
index a860bf3..a2679be 100644
--- a/rules.go
+++ b/rules.go
@@ -20,17 +20,17 @@ func newRulesForwarder(ruleForwarders []*ruleForwarder, globalForwarder Proxy) P
for _, f := range ruleForwarders {
p.domainMap = make(map[string]Proxy)
for _, domain := range f.Domain {
- p.domainMap[domain] = f.sForwarder
+ p.domainMap[domain] = f.Proxy
}
p.ipMap = make(map[string]Proxy)
for _, ip := range f.IP {
- p.ipMap[ip] = f.sForwarder
+ p.ipMap[ip] = f.Proxy
}
p.cidrMap = make(map[string]Proxy)
for _, cidr := range f.CIDR {
- p.cidrMap[cidr] = f.sForwarder
+ p.cidrMap[cidr] = f.Proxy
}
}
@@ -44,22 +44,29 @@ func (p *rulesForwarder) CurrentProxy() Proxy { return p.globalForwarder.Current
func (p *rulesForwarder) GetProxy(dstAddr string) Proxy {
- logf("dstAddr: %s", dstAddr)
-
+ // TODO: change to index finders
host, _, err := net.SplitHostPort(dstAddr)
if err != nil {
// TODO: check here
- logf("%s", err)
+ logf("SplitHostPort ERROR: %s", err)
return p.globalForwarder.GetProxy(dstAddr)
}
// find ip
if ip := net.ParseIP(host); ip != nil {
- // check cidr
-
// check ip
- if p, ok := p.ipMap[ip.String()]; ok {
- return p
+ if proxy, ok := p.ipMap[ip.String()]; ok {
+ return proxy
+ }
+
+ // check cidr
+ // TODO: do not parse cidr every time
+ for cidrStr, proxy := range p.cidrMap {
+ if _, net, err := net.ParseCIDR(cidrStr); err == nil {
+ if net.Contains(ip) {
+ return proxy
+ }
+ }
}
}
@@ -69,8 +76,8 @@ func (p *rulesForwarder) GetProxy(dstAddr string) Proxy {
domain := strings.Join(domainParts[i:length], ".")
// find in domainMap
- if p, ok := p.domainMap[domain]; ok {
- return p
+ if proxy, ok := p.domainMap[domain]; ok {
+ return proxy
}
}
From d9bfd95216010cee48025ff87c36cfc01a6f132b Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 30 Jul 2017 10:57:24 +0800
Subject: [PATCH 026/341] add TODO list in README file.
---
.gitignore | 2 +-
README.md | 10 +++++++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/.gitignore b/.gitignore
index 7310a88..3e1e8c8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,4 +18,4 @@
*.conf
*.rule
glider
-doc/
+bak/
diff --git a/README.md b/README.md
index d06692f..58ddfd8 100644
--- a/README.md
+++ b/README.md
@@ -26,8 +26,16 @@ General:
- Http and socks5 on the same port
- Forward chain
- HA or RR strategy for multiple forwarders
-- Destination rule proxy support
- Periodical proxy checking
+- Rule proxy based on destionation
+
+TODO:
+- Specify different remote dns server in rule file
+- IPSet management
+- Improve DNS forwarder to resolve domain name and add ip to ipset
+- TUN/TAP device support
+- Code refactoring: support proxy registering so it can be pluggable
+- Conditional compilation so we can abandon needless proxy type and get a smaller binary size
## Install
Binary:
From cfce89e79558d6f754528ba08bf648e00d8d7e5b Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 30 Jul 2017 11:44:34 +0800
Subject: [PATCH 027/341] add some example configs
---
.gitignore | 4 +-
README.md | 1 +
examples/README.md | 92 +++++++++++++++++++
examples/forward_chain/glider.conf | 8 ++
examples/multiple_forwarders/glider.conf | 21 +++++
examples/one_forwarder/glider.conf | 7 ++
examples/rule_default_direct/glider.conf | 9 ++
examples/rule_default_direct/office.rule | 29 ++++++
examples/rule_default_forwarder/bypass.rule | 8 ++
examples/rule_default_forwarder/glider.conf | 22 +++++
examples/rule_multiple_rule_files/glider.conf | 12 +++
examples/rule_multiple_rule_files/home.rule | 18 ++++
examples/rule_multiple_rule_files/office.rule | 18 ++++
examples/simple_proxy_service/glider.conf | 5 +
office.rule.example | 7 ++
15 files changed, 259 insertions(+), 2 deletions(-)
create mode 100644 examples/README.md
create mode 100644 examples/forward_chain/glider.conf
create mode 100644 examples/multiple_forwarders/glider.conf
create mode 100644 examples/one_forwarder/glider.conf
create mode 100644 examples/rule_default_direct/glider.conf
create mode 100644 examples/rule_default_direct/office.rule
create mode 100644 examples/rule_default_forwarder/bypass.rule
create mode 100644 examples/rule_default_forwarder/glider.conf
create mode 100644 examples/rule_multiple_rule_files/glider.conf
create mode 100644 examples/rule_multiple_rule_files/home.rule
create mode 100644 examples/rule_multiple_rule_files/office.rule
create mode 100644 examples/simple_proxy_service/glider.conf
diff --git a/.gitignore b/.gitignore
index 3e1e8c8..dafd4ed 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,7 +15,7 @@
# custom
*.zip
-*.conf
-*.rule
+/*.conf
+/*.rule
glider
bak/
diff --git a/README.md b/README.md
index 58ddfd8..f1463a6 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,7 @@ TODO:
- TUN/TAP device support
- Code refactoring: support proxy registering so it can be pluggable
- Conditional compilation so we can abandon needless proxy type and get a smaller binary size
+- SSH tunnel support
## Install
Binary:
diff --git a/examples/README.md b/examples/README.md
new file mode 100644
index 0000000..d10a2ef
--- /dev/null
+++ b/examples/README.md
@@ -0,0 +1,92 @@
+
+# Glider Configuration Examples
+
+## Simple Proxy Service
+Just listen on 8443 as HTTP/SOCKS5 proxy on the same port, forward all requests directly.
+
+```
+ Clients --> Listener --> Internet
+```
+
+- [simple_proxy_service](simple_proxy_service)
+
+## One remote upstream proxy
+
+```
+ Clients --> Listener --> Forwarder --> Internet
+```
+
+- [one_forwarder](one_forwarder)
+
+## One remote upstream PROXY CHAIN
+
+```
+ Clients --> Listener --> Forwarder1 --> Forwarder2 --> Internet
+```
+
+- [forward_chain](forward_chain)
+
+## Multiple upstream proxies
+
+```
+ |Forwarder ----------------->|
+ Clients --> Listener --> | | Internet
+ |Forwarder --> Forwarder->...|
+```
+
+- [multiple_forwarders](multiple_forwarders)
+
+
+## With Rule File: Default Direct, Rule file use forwarder
+
+Default:
+```
+ Clients --> Listener --> Internet
+```
+Destinations specified in rule file:
+```
+ |Forwarder ----------------->|
+ Clients --> Listener --> | | Internet
+ |Forwarder --> Forwarder->...|
+```
+
+- [rule_default_direct](rule_default_direct)
+
+
+## With Rule File: Default use forwarder, rule file use direct
+
+Default:
+```
+ |Forwarder ----------------->|
+ Clients --> Listener --> | | Internet
+ |Forwarder --> Forwarder->...|
+```
+
+Destinations specified in rule file:
+```
+ Clients --> Listener --> Internet
+```
+
+- [rule_default_forwarder](rule_default_forwarder)
+
+
+## With Rule File: multiple rule files
+
+Default:
+```
+ Clients --> Listener --> Internet
+```
+Destinations specified in rule file1:
+```
+ |Forwarder1 ----------------->|
+ Clients --> Listener --> | | Internet
+ |Forwarder2 --> Forwarder3->...|
+```
+Destinations specified in rule file2:
+```
+ |Forwarder4 ----------------->|
+ Clients --> Listener --> | | Internet
+ |Forwarder5 --> Forwarder6->...|
+```
+
+- [rule_multiple_rule_files](rule_multiple_rule_files)
\ No newline at end of file
diff --git a/examples/forward_chain/glider.conf b/examples/forward_chain/glider.conf
new file mode 100644
index 0000000..79d1c81
--- /dev/null
+++ b/examples/forward_chain/glider.conf
@@ -0,0 +1,8 @@
+
+# Verbose mode, print logs
+verbose=True
+
+listen=:8443
+
+# first connect forwarder1 then forwarder2 then internet
+forward=http://forwarder1:8080,socks5://forwarder2:1080,
\ No newline at end of file
diff --git a/examples/multiple_forwarders/glider.conf b/examples/multiple_forwarders/glider.conf
new file mode 100644
index 0000000..26f839a
--- /dev/null
+++ b/examples/multiple_forwarders/glider.conf
@@ -0,0 +1,21 @@
+
+# Verbose mode, print logs
+verbose=True
+
+listen=:8443
+
+# first connect forwarder1 then forwarder2 then internet
+forward=http://forwarder1:8080,socks5://forwarder2:1080,
+forward=http://1.1.1.1:8080
+
+# Round Robin mode: rr
+# High Availability mode: ha
+strategy=rr
+
+# Used to connect via forwarders, if the host is unreachable, the forwarder
+# will be set to disabled.
+# MUST BE A HTTP or HTTPS WEBSITE HOST ADDRESS
+checkwebsite=www.apple.com:443
+
+# check duration(seconds)
+checkduration=30
diff --git a/examples/one_forwarder/glider.conf b/examples/one_forwarder/glider.conf
new file mode 100644
index 0000000..a519c2e
--- /dev/null
+++ b/examples/one_forwarder/glider.conf
@@ -0,0 +1,7 @@
+
+# Verbose mode, print logs
+verbose=True
+
+listen=:8443
+
+forward=socks5://192.168.1.10:1080
\ No newline at end of file
diff --git a/examples/rule_default_direct/glider.conf b/examples/rule_default_direct/glider.conf
new file mode 100644
index 0000000..507a34f
--- /dev/null
+++ b/examples/rule_default_direct/glider.conf
@@ -0,0 +1,9 @@
+
+# Verbose mode, print logs
+verbose=True
+
+listen=:8443
+
+# NOTE HERE:
+# Specify a rule file
+rulefile=office.rule
\ No newline at end of file
diff --git a/examples/rule_default_direct/office.rule b/examples/rule_default_direct/office.rule
new file mode 100644
index 0000000..f8f731d
--- /dev/null
+++ b/examples/rule_default_direct/office.rule
@@ -0,0 +1,29 @@
+
+
+# first connect forwarder1 then forwarder2 then internet
+forward=http://forwarder1:8080,socks5://forwarder2:1080,
+forward=http://1.1.1.1:8080
+
+# Round Robin mode: rr
+# High Availability mode: ha
+strategy=rr
+
+checkwebsite=www.apple.com:443
+checkduration=30
+
+
+# matches abc.com and *.abc.com
+domain=abc.com
+
+# matches 1.1.1.1
+ip=1.1.1.1
+
+# matches 192.168.100.0/24
+cidr=192.168.100.0/24
+
+domain=example1.com
+domain=example2.com
+domain=example3.com
+ip=2.2.2.2
+ip=3.3.3.3
+cidr=172.16.0.0/24
diff --git a/examples/rule_default_forwarder/bypass.rule b/examples/rule_default_forwarder/bypass.rule
new file mode 100644
index 0000000..3cda452
--- /dev/null
+++ b/examples/rule_default_forwarder/bypass.rule
@@ -0,0 +1,8 @@
+
+# matches abc.com and *.abc.com
+domain=abc.com
+
+ip=127.0.0.1
+cidr=192.168.0.0/24
+cidr=192.168.1.0/24
+cidr=172.16.0.0/24
\ No newline at end of file
diff --git a/examples/rule_default_forwarder/glider.conf b/examples/rule_default_forwarder/glider.conf
new file mode 100644
index 0000000..99664f9
--- /dev/null
+++ b/examples/rule_default_forwarder/glider.conf
@@ -0,0 +1,22 @@
+
+
+# Verbose mode, print logs
+verbose=True
+
+listen=:8443
+
+# first connect forwarder1 then forwarder2 then internet
+forward=http://forwarder1:8080,socks5://forwarder2:1080,
+forward=http://1.1.1.1:8080
+
+# Round Robin mode: rr
+# High Availability mode: ha
+strategy=rr
+
+checkwebsite=www.apple.com:443
+checkduration=30
+
+
+# NOTE HERE:
+# Specify a rule file
+rulefile=bypass.rule
\ No newline at end of file
diff --git a/examples/rule_multiple_rule_files/glider.conf b/examples/rule_multiple_rule_files/glider.conf
new file mode 100644
index 0000000..43f291e
--- /dev/null
+++ b/examples/rule_multiple_rule_files/glider.conf
@@ -0,0 +1,12 @@
+
+# Verbose mode, print logs
+verbose=True
+
+listen=:8443
+
+# NOTE HERE:
+# specify a rule file
+rulefile=office.rule
+
+# specify another rule file
+rulefile=home.rule
\ No newline at end of file
diff --git a/examples/rule_multiple_rule_files/home.rule b/examples/rule_multiple_rule_files/home.rule
new file mode 100644
index 0000000..b104297
--- /dev/null
+++ b/examples/rule_multiple_rule_files/home.rule
@@ -0,0 +1,18 @@
+
+
+forward=http://forwarder4:8080
+
+# first connect forwarder1 then forwarder2 then internet
+forward=http://forwarder5:8080,socks6://forwarder3:1080,
+
+
+# Round Robin mode: rr
+# High Availability mode: ha
+strategy=rr
+
+checkwebsite=www.apple.com:443
+checkduration=30
+
+
+# matches 192.168.0.0/16
+cidr=192.168.0.0/16
diff --git a/examples/rule_multiple_rule_files/office.rule b/examples/rule_multiple_rule_files/office.rule
new file mode 100644
index 0000000..9283076
--- /dev/null
+++ b/examples/rule_multiple_rule_files/office.rule
@@ -0,0 +1,18 @@
+
+
+forward=http://forwarder1:8080
+
+# first connect forwarder1 then forwarder2 then internet
+forward=http://forwarder2:8080,socks5://forwarder3:1080,
+
+
+# Round Robin mode: rr
+# High Availability mode: ha
+strategy=rr
+
+checkwebsite=www.apple.com:443
+checkduration=30
+
+
+# matches 172.16.0.0/24
+cidr=172.16.0.0/24
diff --git a/examples/simple_proxy_service/glider.conf b/examples/simple_proxy_service/glider.conf
new file mode 100644
index 0000000..8c8e8c9
--- /dev/null
+++ b/examples/simple_proxy_service/glider.conf
@@ -0,0 +1,5 @@
+
+# Verbose mode, print logs
+verbose=True
+
+listen=:8443
\ No newline at end of file
diff --git a/office.rule.example b/office.rule.example
index 362c741..cb4b97a 100644
--- a/office.rule.example
+++ b/office.rule.example
@@ -27,3 +27,10 @@ ip=1.1.1.1
# matches 192.168.100.0/24
cidr=192.168.100.0/24
+
+domain=example1.com
+domain=example2.com
+domain=example3.com
+ip=2.2.2.2
+ip=3.3.3.3
+cidr=172.16.0.0/24
From 16ed700fd1f377d513582f395aa98d896e6b1a49 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 30 Jul 2017 11:53:16 +0800
Subject: [PATCH 028/341] add config examples link in README file
---
README.md | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index f1463a6..f296124 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,7 @@ General:
- Forward chain
- HA or RR strategy for multiple forwarders
- Periodical proxy checking
-- Rule proxy based on destionation
+- Rule proxy based on destionation: [Config Examples](examples)
TODO:
- Specify different remote dns server in rule file
@@ -190,7 +190,9 @@ checkduration=30
rulefile=office.rule
rulefile=home.rule
```
-See [glider.conf.example](glider.conf.example)
+See:
+- [glider.conf.example](glider.conf.example)
+- [examples](examples)
## Rule File
Rule file, **same as the config file but specify forwarders based on destinations**:
@@ -213,7 +215,9 @@ ip=1.1.1.1
# matches 192.168.100.0/24
cidr=192.168.100.0/24
```
-See [office.rule.example](office.rule.example)
+See:
+- [office.rule.example](office.rule.example)
+- [examples](examples)
## Service
- systemd: [https://github.com/nadoo/glider/blob/master/systemd/](https://github.com/nadoo/glider/blob/master/systemd/)
From 88c8eeff355f38b25c5f4bd91b662e481d2861ef Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 30 Jul 2017 12:03:19 +0800
Subject: [PATCH 029/341] fixed a bug in redir proxy.
---
redir_linux.go | 31 ++++++++++++++++++++++++++++++-
1 file changed, 30 insertions(+), 1 deletion(-)
diff --git a/redir_linux.go b/redir_linux.go
index de23ae8..1bf8f9a 100644
--- a/redir_linux.go
+++ b/redir_linux.go
@@ -4,6 +4,7 @@
package main
import (
+ "errors"
"net"
"syscall"
"unsafe"
@@ -61,7 +62,7 @@ func (s *redir) ListenAndServe() {
return
}
- rc, err := s.GetProxy().Dial("tcp", tgt.String())
+ rc, err := s.GetProxy(tgt.String()).Dial("tcp", tgt.String())
if err != nil {
logf("failed to connect to target: %v", err)
return
@@ -82,6 +83,34 @@ func (s *redir) ListenAndServe() {
}
}
+// Get the original destination of a TCP connection.
+func getOrigDst(conn net.Conn, ipv6 bool) (socks.Addr, error) {
+ c, ok := conn.(*net.TCPConn)
+ if !ok {
+ return nil, errors.New("only work with TCP connection")
+ }
+ f, err := c.File()
+ if err != nil {
+ return nil, err
+ }
+ defer f.Close()
+
+ fd := f.Fd()
+
+ // The File() call above puts both the original socket fd and the file fd in blocking mode.
+ // Set the file fd back to non-blocking mode and the original socket fd will become non-blocking as well.
+ // Otherwise blocking I/O will waste OS threads.
+ if err := syscall.SetNonblock(int(fd), true); err != nil {
+ return nil, err
+ }
+
+ if ipv6 {
+ return ipv6_getorigdst(fd)
+ }
+
+ return getorigdst(fd)
+}
+
// Call getorigdst() from linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
func getorigdst(fd uintptr) (socks.Addr, error) {
raw := syscall.RawSockaddrInet4{}
From 76fbaf2cecce94c5cc9dc02f6316f5035d50bc7f Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 30 Jul 2017 12:38:41 +0800
Subject: [PATCH 030/341] return strategy proxy if no rule file specified.
---
README.md | 2 +-
rules.go | 5 +++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index f296124..49dcbe5 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# glider
+# [glider](https://github.com/nadoo/glider)
glider is a forward proxy with multiple protocols support.
we can set up local listeners as proxy, and forward requests to internet via forwarders.
diff --git a/rules.go b/rules.go
index a2679be..64aee7f 100644
--- a/rules.go
+++ b/rules.go
@@ -15,6 +15,11 @@ type rulesForwarder struct {
// newRulesForwarder .
func newRulesForwarder(ruleForwarders []*ruleForwarder, globalForwarder Proxy) Proxy {
+
+ if len(ruleForwarders) == 0 {
+ return globalForwarder
+ }
+
p := &rulesForwarder{globalForwarder: globalForwarder}
for _, f := range ruleForwarders {
From aa67e5df413524ea4d81836f63e60c55fe9732a5 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 30 Jul 2017 13:04:57 +0800
Subject: [PATCH 031/341] fixed a mistake in config example
---
examples/forward_chain/glider.conf | 2 +-
examples/multiple_forwarders/glider.conf | 2 +-
examples/rule_default_direct/office.rule | 2 +-
examples/rule_default_forwarder/glider.conf | 2 +-
examples/rule_multiple_rule_files/home.rule | 2 +-
examples/rule_multiple_rule_files/office.rule | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/examples/forward_chain/glider.conf b/examples/forward_chain/glider.conf
index 79d1c81..168dec9 100644
--- a/examples/forward_chain/glider.conf
+++ b/examples/forward_chain/glider.conf
@@ -5,4 +5,4 @@ verbose=True
listen=:8443
# first connect forwarder1 then forwarder2 then internet
-forward=http://forwarder1:8080,socks5://forwarder2:1080,
\ No newline at end of file
+forward=http://forwarder1:8080,socks5://forwarder2:1080
\ No newline at end of file
diff --git a/examples/multiple_forwarders/glider.conf b/examples/multiple_forwarders/glider.conf
index 26f839a..370d931 100644
--- a/examples/multiple_forwarders/glider.conf
+++ b/examples/multiple_forwarders/glider.conf
@@ -5,7 +5,7 @@ verbose=True
listen=:8443
# first connect forwarder1 then forwarder2 then internet
-forward=http://forwarder1:8080,socks5://forwarder2:1080,
+forward=http://forwarder1:8080,socks5://forwarder2:1080
forward=http://1.1.1.1:8080
# Round Robin mode: rr
diff --git a/examples/rule_default_direct/office.rule b/examples/rule_default_direct/office.rule
index f8f731d..f1db4e7 100644
--- a/examples/rule_default_direct/office.rule
+++ b/examples/rule_default_direct/office.rule
@@ -1,7 +1,7 @@
# first connect forwarder1 then forwarder2 then internet
-forward=http://forwarder1:8080,socks5://forwarder2:1080,
+forward=http://forwarder1:8080,socks5://forwarder2:1080
forward=http://1.1.1.1:8080
# Round Robin mode: rr
diff --git a/examples/rule_default_forwarder/glider.conf b/examples/rule_default_forwarder/glider.conf
index 99664f9..a0e98a1 100644
--- a/examples/rule_default_forwarder/glider.conf
+++ b/examples/rule_default_forwarder/glider.conf
@@ -6,7 +6,7 @@ verbose=True
listen=:8443
# first connect forwarder1 then forwarder2 then internet
-forward=http://forwarder1:8080,socks5://forwarder2:1080,
+forward=http://forwarder1:8080,socks5://forwarder2:1080
forward=http://1.1.1.1:8080
# Round Robin mode: rr
diff --git a/examples/rule_multiple_rule_files/home.rule b/examples/rule_multiple_rule_files/home.rule
index b104297..9babf93 100644
--- a/examples/rule_multiple_rule_files/home.rule
+++ b/examples/rule_multiple_rule_files/home.rule
@@ -3,7 +3,7 @@
forward=http://forwarder4:8080
# first connect forwarder1 then forwarder2 then internet
-forward=http://forwarder5:8080,socks6://forwarder3:1080,
+forward=http://forwarder5:8080,socks6://forwarder3:1080
# Round Robin mode: rr
diff --git a/examples/rule_multiple_rule_files/office.rule b/examples/rule_multiple_rule_files/office.rule
index 9283076..bf2db09 100644
--- a/examples/rule_multiple_rule_files/office.rule
+++ b/examples/rule_multiple_rule_files/office.rule
@@ -3,7 +3,7 @@
forward=http://forwarder1:8080
# first connect forwarder1 then forwarder2 then internet
-forward=http://forwarder2:8080,socks5://forwarder3:1080,
+forward=http://forwarder2:8080,socks5://forwarder3:1080
# Round Robin mode: rr
From 83df90b8b2f352c45ef5753e28f3b0fa3ede3895 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 30 Jul 2017 13:33:50 +0800
Subject: [PATCH 032/341] fixed a bug in redir proxy.
---
redir_linux.go | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/redir_linux.go b/redir_linux.go
index 1bf8f9a..ff020ea 100644
--- a/redir_linux.go
+++ b/redir_linux.go
@@ -18,14 +18,14 @@ const (
)
type redir struct {
- Proxy
+ *proxy
addr string
}
// RedirProxy returns a redirect proxy.
func RedirProxy(addr string, upProxy Proxy) (Proxy, error) {
s := &redir{
- Proxy: upProxy,
+ proxy: newProxy(addr, upProxy),
addr: addr,
}
From 8527d48190bfd475175fe8efb426a650d9828069 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 30 Jul 2017 13:37:33 +0800
Subject: [PATCH 033/341] remove addr in redir proxy which is not needed.
---
redir_linux.go | 2 --
1 file changed, 2 deletions(-)
diff --git a/redir_linux.go b/redir_linux.go
index ff020ea..9d1a5ae 100644
--- a/redir_linux.go
+++ b/redir_linux.go
@@ -19,14 +19,12 @@ const (
type redir struct {
*proxy
- addr string
}
// RedirProxy returns a redirect proxy.
func RedirProxy(addr string, upProxy Proxy) (Proxy, error) {
s := &redir{
proxy: newProxy(addr, upProxy),
- addr: addr,
}
return s, nil
From a06d56cce05a6c71a3e5c3433500196ff819807d Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 31 Jul 2017 13:42:11 +0800
Subject: [PATCH 034/341] proxy chek: 1. improve check method: send a http get
request and check the response, if the first 4 byte is "HTTP" then the proxy
is avaliable. 2. if a proxy is disabled, increase the check duration. 3.
update related docs.
---
README.md | 18 ++++-----
examples/multiple_forwarders/glider.conf | 4 +-
examples/rule_default_direct/office.rule | 2 +-
examples/rule_default_forwarder/glider.conf | 2 +-
examples/rule_multiple_rule_files/home.rule | 2 +-
examples/rule_multiple_rule_files/office.rule | 4 +-
glider.conf.example | 6 +--
main.go | 10 ++---
office.rule.example | 4 +-
proxy.go | 37 ++++++++++++-------
rule.go | 2 +-
11 files changed, 51 insertions(+), 40 deletions(-)
diff --git a/README.md b/README.md
index 49dcbe5..07674af 100644
--- a/README.md
+++ b/README.md
@@ -70,11 +70,11 @@ glider -config CONFIGPATH -listen :8080 -verbose
## Usage
```bash
-glider v0.3 usage:
+glider v0.3.1 usage:
-checkduration int
proxy check duration(seconds) (default 30)
-checkwebsite string
- proxy check WEBSITE address (default "www.apple.com:443")
+ proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80 (default "www.apple.com")
-config string
config file path
-forward value
@@ -134,13 +134,13 @@ Examples:
glider -listen http://:8080 -forward socks5://127.0.0.1:1080
-listen on :8080 as a http proxy server, forward all requests via socks5 server.
- glider -listen redir://:1081 -forward ss://method:pass@1.1.1.1:443
+ glider -listen redir://:1081 -forward ss://method:pass@1.1.1.1:8443
-listen on :1081 as a transparent redirect server, forward all requests via remote ss server.
- glider -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:443
+ glider -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443
-listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.
- glider -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:443
+ glider -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:8443
-listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.
glider -listen redir://:1081 -listen dnstun://:53=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2
@@ -172,7 +172,7 @@ listen=dnstun://:53=8.8.8.8:53
forward=socks5://192.168.1.10:1080
# upstream forward proxy
-forward=ss://method:pass@1.1.1.1:443
+forward=ss://method:pass@1.1.1.1:8443
# upstream forward proxy (forward chain)
forward=http://1.1.1.1:8080,socks5://2.2.2.2:1080
@@ -181,7 +181,7 @@ forward=http://1.1.1.1:8080,socks5://2.2.2.2:1080
strategy=rr
# check address (to check whether a host is reachable via forward proxy)
-checkhost=www.apple.com:443
+checkhost=www.apple.com:8443
# check duration
checkduration=30
@@ -199,10 +199,10 @@ Rule file, **same as the config file but specify forwarders based on destination
```bash
# YOU CAN USE ALL KEYS IN THE GLOBAL CONFIG FILE EXCEPT "listen", "rulefile"
forward=socks5://192.168.1.10:1080
-forward=ss://method:pass@1.1.1.1:443
+forward=ss://method:pass@1.1.1.1:8443
forward=http://192.168.2.1:8080,socks5://192.168.2.2:1080
strategy=rr
-checkwebsite=www.apple.com:443
+checkwebsite=www.apple.com
checkduration=30
# YOU CAN SPECIFY DESTINATIONS TO USE THE ABOVE FORWARDERS
diff --git a/examples/multiple_forwarders/glider.conf b/examples/multiple_forwarders/glider.conf
index 370d931..91252f9 100644
--- a/examples/multiple_forwarders/glider.conf
+++ b/examples/multiple_forwarders/glider.conf
@@ -14,8 +14,8 @@ strategy=rr
# Used to connect via forwarders, if the host is unreachable, the forwarder
# will be set to disabled.
-# MUST BE A HTTP or HTTPS WEBSITE HOST ADDRESS
-checkwebsite=www.apple.com:443
+# MUST be a HTTP website server address, format: HOST[:PORT]. HTTPS NOT SUPPORTED.
+checkwebsite=www.apple.com
# check duration(seconds)
checkduration=30
diff --git a/examples/rule_default_direct/office.rule b/examples/rule_default_direct/office.rule
index f1db4e7..5b1330d 100644
--- a/examples/rule_default_direct/office.rule
+++ b/examples/rule_default_direct/office.rule
@@ -8,7 +8,7 @@ forward=http://1.1.1.1:8080
# High Availability mode: ha
strategy=rr
-checkwebsite=www.apple.com:443
+checkwebsite=www.apple.com
checkduration=30
diff --git a/examples/rule_default_forwarder/glider.conf b/examples/rule_default_forwarder/glider.conf
index a0e98a1..e98b807 100644
--- a/examples/rule_default_forwarder/glider.conf
+++ b/examples/rule_default_forwarder/glider.conf
@@ -13,7 +13,7 @@ forward=http://1.1.1.1:8080
# High Availability mode: ha
strategy=rr
-checkwebsite=www.apple.com:443
+checkwebsite=www.apple.com
checkduration=30
diff --git a/examples/rule_multiple_rule_files/home.rule b/examples/rule_multiple_rule_files/home.rule
index 9babf93..06759cb 100644
--- a/examples/rule_multiple_rule_files/home.rule
+++ b/examples/rule_multiple_rule_files/home.rule
@@ -10,7 +10,7 @@ forward=http://forwarder5:8080,socks6://forwarder3:1080
# High Availability mode: ha
strategy=rr
-checkwebsite=www.apple.com:443
+checkwebsite=www.apple.com
checkduration=30
diff --git a/examples/rule_multiple_rule_files/office.rule b/examples/rule_multiple_rule_files/office.rule
index bf2db09..3ff311f 100644
--- a/examples/rule_multiple_rule_files/office.rule
+++ b/examples/rule_multiple_rule_files/office.rule
@@ -2,7 +2,7 @@
forward=http://forwarder1:8080
-# first connect forwarder1 then forwarder2 then internet
+# first connect forwarder2 then forwarder3 then internet
forward=http://forwarder2:8080,socks5://forwarder3:1080
@@ -10,7 +10,7 @@ forward=http://forwarder2:8080,socks5://forwarder3:1080
# High Availability mode: ha
strategy=rr
-checkwebsite=www.apple.com:443
+checkwebsite=www.apple.com
checkduration=30
diff --git a/glider.conf.example b/glider.conf.example
index 8656872..0d62abb 100644
--- a/glider.conf.example
+++ b/glider.conf.example
@@ -62,7 +62,7 @@ listen=socks5://:1080
#forward=socks5://192.168.1.10:1080
# SS proxy as forwarder
-# forward=ss://method:pass@1.1.1.1:443
+# forward=ss://method:pass@1.1.1.1:8443
# http proxy as forwarder
# forward=http://1.1.1.1:8080
@@ -89,8 +89,8 @@ strategy=rr
# Used to connect via forwarders, if the host is unreachable, the forwarder
# will be set to disabled.
-# MUST BE A HTTP or HTTPS WEBSITE HOST ADDRESS
-checkwebsite=www.apple.com:443
+# MUST be a HTTP website server address, format: HOST[:PORT]. HTTPS NOT SUPPORTED.
+checkwebsite=www.apple.com
# check duration(seconds)
checkduration=30
diff --git a/main.go b/main.go
index d94002f..8e17b77 100644
--- a/main.go
+++ b/main.go
@@ -12,7 +12,7 @@ import (
)
// VERSION .
-const VERSION = "0.3"
+const VERSION = "0.3.1"
var conf struct {
Verbose bool
@@ -91,13 +91,13 @@ func usage() {
fmt.Fprintf(os.Stderr, " "+app+" -listen http://:8080 -forward socks5://127.0.0.1:1080\n")
fmt.Fprintf(os.Stderr, " -listen on :8080 as a http proxy server, forward all requests via socks5 server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward ss://method:pass@1.1.1.1:443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward ss://method:pass@1.1.1.1:8443\n")
fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443\n")
fmt.Fprintf(os.Stderr, " -listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:443\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:8443\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -listen dnstun://:53=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2\n")
@@ -125,7 +125,7 @@ func main() {
flag.BoolVar(&conf.Verbose, "verbose", false, "verbose mode")
flag.StringVar(&conf.Strategy, "strategy", "rr", "forward strategy, default: rr")
- flag.StringVar(&conf.CheckWebSite, "checkwebsite", "www.apple.com:443", "proxy check WEBSITE address")
+ flag.StringVar(&conf.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
flag.IntVar(&conf.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
flag.Var(&conf.Listen, "listen", "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
flag.Var(&conf.Forward, "forward", "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
diff --git a/office.rule.example b/office.rule.example
index cb4b97a..2635c84 100644
--- a/office.rule.example
+++ b/office.rule.example
@@ -7,12 +7,12 @@
# ----------
# Forwarders, we can setup multiple forwarders.
forward=socks5://192.168.1.10:1080
-forward=ss://method:pass@1.1.1.1:443
+forward=ss://method:pass@1.1.1.1:8443
forward=http://192.168.2.1:8080,socks5://192.168.2.2:1080
strategy=rr
-checkwebsite=www.apple.com:443
+checkwebsite=www.apple.com
checkduration=30
# DESTINATIONS
diff --git a/proxy.go b/proxy.go
index 17952f7..ff66ce0 100644
--- a/proxy.go
+++ b/proxy.go
@@ -1,6 +1,7 @@
package main
import (
+ "bytes"
"errors"
"io"
"net"
@@ -112,35 +113,45 @@ func ProxyFromURL(s string, forwarder Proxy) (Proxy, error) {
}
// Check proxy
-func check(p Proxy, target string, duration int) {
- firstTime := true
- buf := make([]byte, 8)
+func check(p Proxy, webhost string, duration int) {
+ retry := 1
+ buf := make([]byte, 4)
+
+ if strings.IndexByte(webhost, ':') == -1 {
+ webhost = webhost + ":80"
+ }
for {
- if !firstTime {
- time.Sleep(time.Duration(duration) * time.Second)
+ time.Sleep(time.Duration(duration) * time.Second * time.Duration(retry>>1))
+ retry <<= 1
+
+ if retry > 16 {
+ retry = 16
}
- firstTime = false
startTime := time.Now()
- c, err := p.Dial("tcp", target)
+ c, err := p.Dial("tcp", webhost)
if err != nil {
p.SetEnable(false)
- logf("proxy-check %s -> %s, set to DISABLED. error: %s", p.Addr(), target, err)
+ logf("proxy-check %s -> %s, set to DISABLED. error in dial: %s", p.Addr(), webhost, err)
continue
}
c.Write([]byte("GET / HTTP/1.0"))
c.Write([]byte("\r\n\r\n"))
- _, err = c.Read(buf)
- if err != nil && err != io.EOF {
+ _, err = io.ReadFull(c, buf)
+ if err != nil {
p.SetEnable(false)
- logf("proxy-check %s -> %s, set to DISABLED. error: %s", p.Addr(), target, err)
- } else {
+ logf("proxy-check %s -> %s, set to DISABLED. error in read: %s", p.Addr(), webhost, err)
+ } else if bytes.Equal([]byte("HTTP"), buf) {
p.SetEnable(true)
+ retry = 2
dialTime := time.Since(startTime)
- logf("proxy-check: %s -> %s, connect time: %s", p.Addr(), target, dialTime.String())
+ logf("proxy-check: %s -> %s, set to ENABLED. connect time: %s", p.Addr(), webhost, dialTime.String())
+ } else {
+ p.SetEnable(false)
+ logf("proxy-check %s -> %s, set to DISABLED. server response: %s", p.Addr(), webhost, buf)
}
c.Close()
diff --git a/rule.go b/rule.go
index a71cfab..060a70e 100644
--- a/rule.go
+++ b/rule.go
@@ -31,7 +31,7 @@ func newRuleProxyFromFile(ruleFile string) (*ruleForwarder, error) {
f := conflag.NewFromFile("rule", ruleFile)
f.Var(&p.Forward, "forward", "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
f.StringVar(&p.Strategy, "strategy", "rr", "forward strategy, default: rr")
- f.StringVar(&p.CheckWebSite, "checkwebsite", "www.apple.com:443", "proxy check website address")
+ f.StringVar(&p.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
f.IntVar(&p.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
f.Var(&p.Domain, "domain", "domain")
From b3b06cbfa5f4e5c096203026f890fb19dbecead3 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 31 Jul 2017 14:07:47 +0800
Subject: [PATCH 035/341] README: change checkhost -> checkwebsite
---
README.md | 6 ++++--
proxy.go | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 07674af..4098991 100644
--- a/README.md
+++ b/README.md
@@ -180,8 +180,10 @@ forward=http://1.1.1.1:8080,socks5://2.2.2.2:1080
# multiple upstream proxies forwad strategy
strategy=rr
-# check address (to check whether a host is reachable via forward proxy)
-checkhost=www.apple.com:8443
+# Used to connect via forwarders, if the host is unreachable, the forwarder
+# will be set to disabled.
+# MUST be a HTTP website server address, format: HOST[:PORT]. HTTPS NOT SUPPORTED.
+checkwebsite=www.apple.com
# check duration
checkduration=30
diff --git a/proxy.go b/proxy.go
index ff66ce0..1111831 100644
--- a/proxy.go
+++ b/proxy.go
@@ -148,7 +148,7 @@ func check(p Proxy, webhost string, duration int) {
p.SetEnable(true)
retry = 2
dialTime := time.Since(startTime)
- logf("proxy-check: %s -> %s, set to ENABLED. connect time: %s", p.Addr(), webhost, dialTime.String())
+ logf("proxy-check %s -> %s, set to ENABLED. connect time: %s", p.Addr(), webhost, dialTime.String())
} else {
p.SetEnable(false)
logf("proxy-check %s -> %s, set to DISABLED. server response: %s", p.Addr(), webhost, buf)
From f8f6308e92495cda41e7c1bea9b795652438fb75 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 31 Jul 2017 19:29:43 +0800
Subject: [PATCH 036/341] strategy: fixed a bug in haproxy which actually act
as a rrproxy.
---
ss.go | 2 +-
strategy.go | 6 +++++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/ss.go b/ss.go
index d85ecd7..df51774 100644
--- a/ss.go
+++ b/ss.go
@@ -19,7 +19,7 @@ type ss struct {
func SSProxy(addr, method, pass string, upProxy Proxy) (Proxy, error) {
ciph, err := core.PickCipher(method, nil, pass)
if err != nil {
- log.Fatal(err)
+ log.Fatalf("PickCipher for '%s', error: %s", method, err)
}
s := &ss{
diff --git a/strategy.go b/strategy.go
index b1967f7..d61487c 100644
--- a/strategy.go
+++ b/strategy.go
@@ -75,7 +75,7 @@ func (p *rrProxy) Enabled() bool { return true }
func (p *rrProxy) SetEnable(enable bool) {}
func (p *rrProxy) Dial(network, addr string) (net.Conn, error) {
- return p.NextProxy().Dial(network, addr)
+ return p.GetProxy(addr).Dial(network, addr)
}
// high availability proxy
@@ -95,3 +95,7 @@ func (p *haProxy) GetProxy(dstAddr string) Proxy {
}
return proxy
}
+
+func (p *haProxy) Dial(network, addr string) (net.Conn, error) {
+ return p.GetProxy(addr).Dial(network, addr)
+}
From 8cb0672df045f3a3f53245afd6ee86b4c1339625 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 1 Aug 2017 20:58:34 +0800
Subject: [PATCH 037/341] doc: update
---
README.md | 4 ++--
dnstun.go | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 4098991..518041b 100644
--- a/README.md
+++ b/README.md
@@ -189,8 +189,8 @@ checkwebsite=www.apple.com
checkduration=30
# RULE FILES
-rulefile=office.rule
-rulefile=home.rule
+#rulefile=office.rule
+#rulefile=home.rule
```
See:
- [glider.conf.example](glider.conf.example)
diff --git a/dnstun.go b/dnstun.go
index 8f96d7f..08239fa 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -61,7 +61,7 @@ func (s *dnstun) ListenAndServe() {
data = data[:n]
go func() {
- // TODO: check domain rules and get a proper proxy.
+ // TODO: check domain rules and get a proper upstream name server.
domain := getDomain(data)
rc, err := s.GetProxy(s.raddr).Dial("tcp", s.raddr)
From 7a919ed124506f0c15798ca5fc48a7e30d8b12e0 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 7 Aug 2017 15:06:26 +0800
Subject: [PATCH 038/341] dnstun: remove last dot in getDomain func
---
dnstun.go | 4 +++-
main.go | 2 +-
proxy.go | 2 +-
redir_other.go | 6 +++---
4 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/dnstun.go b/dnstun.go
index 08239fa..4cfc1c8 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -118,5 +118,7 @@ func getDomain(p []byte) []byte {
i = i + l + 1
}
- return ret
+ // TODO: check here
+ // domain name could not be null, so the length of ret always >= 1?
+ return ret[:len(ret)-1]
}
diff --git a/main.go b/main.go
index 8e17b77..5213c82 100644
--- a/main.go
+++ b/main.go
@@ -12,7 +12,7 @@ import (
)
// VERSION .
-const VERSION = "0.3.1"
+const VERSION = "0.4.0"
var conf struct {
Verbose bool
diff --git a/proxy.go b/proxy.go
index 1111831..86e7dd2 100644
--- a/proxy.go
+++ b/proxy.go
@@ -24,7 +24,7 @@ type Proxy interface {
// Get current proxy
CurrentProxy() Proxy
- // Get a proxy according to the strategy
+ // Get a proxy based on the destAddr and strategy
GetProxy(dstAddr string) Proxy
// Switch to the next proxy
diff --git a/redir_other.go b/redir_other.go
index 7b68eea..ce591c4 100644
--- a/redir_other.go
+++ b/redir_other.go
@@ -4,14 +4,14 @@ package main
import "log"
-type redir struct{ Proxy }
+type redir struct{ *proxy }
// RedirProxy returns a redirect proxy.
func RedirProxy(addr string, upProxy Proxy) (Proxy, error) {
- return &redir{Proxy: upProxy}, nil
+ return &redir{proxy: newProxy(addr, upProxy)}, nil
}
// ListenAndServe redirected requests as a server.
func (s *redir) ListenAndServe() {
- log.Fatal("redir not supported on windows")
+ log.Fatal("redir not supported on this os")
}
From 085e6ba040cd53f1e57b2cba7ffd9d88e58ea275 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 8 Aug 2017 09:49:32 +0800
Subject: [PATCH 039/341] change version
---
main.go | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/main.go b/main.go
index 5213c82..03c6967 100644
--- a/main.go
+++ b/main.go
@@ -12,7 +12,7 @@ import (
)
// VERSION .
-const VERSION = "0.4.0"
+const VERSION = "0.3.2"
var conf struct {
Verbose bool
@@ -117,6 +117,12 @@ func (i *arrFlags) String() string {
// implement flag.Value interface
func (i *arrFlags) Set(value string) error {
+ // for _, v := range *i {
+ // if v == value {
+ // return nil
+ // }
+ // }
+
*i = append(*i, value)
return nil
}
From ed788fd1c7979803e16cde94981e87389ad5098c Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 12 Aug 2017 12:20:25 +0800
Subject: [PATCH 040/341] general: use string slice instead of custom arrFlags
type.
---
main.go | 31 ++++++-------------------------
rule.go | 16 ++++++++--------
2 files changed, 14 insertions(+), 33 deletions(-)
diff --git a/main.go b/main.go
index 03c6967..59f7717 100644
--- a/main.go
+++ b/main.go
@@ -19,9 +19,9 @@ var conf struct {
Strategy string
CheckWebSite string
CheckDuration int
- Listen arrFlags
- Forward arrFlags
- RuleFile arrFlags
+ Listen []string
+ Forward []string
+ RuleFile []string
}
var flag = conflag.New()
@@ -108,34 +108,15 @@ func usage() {
fmt.Fprintf(os.Stderr, "\n")
}
-type arrFlags []string
-
-// implement flag.Value interface
-func (i *arrFlags) String() string {
- return ""
-}
-
-// implement flag.Value interface
-func (i *arrFlags) Set(value string) error {
- // for _, v := range *i {
- // if v == value {
- // return nil
- // }
- // }
-
- *i = append(*i, value)
- return nil
-}
-
func main() {
flag.BoolVar(&conf.Verbose, "verbose", false, "verbose mode")
flag.StringVar(&conf.Strategy, "strategy", "rr", "forward strategy, default: rr")
flag.StringVar(&conf.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
flag.IntVar(&conf.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
- flag.Var(&conf.Listen, "listen", "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
- flag.Var(&conf.Forward, "forward", "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
- flag.Var(&conf.RuleFile, "rulefile", "rule file path")
+ flag.StringSliceVar(&conf.Listen, "listen", nil, "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
+ flag.StringSliceVar(&conf.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
+ flag.StringSliceVar(&conf.RuleFile, "rulefile", nil, "rule file path")
flag.Usage = usage
err := flag.Parse()
diff --git a/rule.go b/rule.go
index 060a70e..24c50e7 100644
--- a/rule.go
+++ b/rule.go
@@ -11,14 +11,14 @@ import (
// ruleForwarder, every ruleForwarder points to a rule file
type ruleForwarder struct {
- Forward arrFlags
+ Forward []string
Strategy string
CheckWebSite string
CheckDuration int
- Domain arrFlags
- IP arrFlags
- CIDR arrFlags
+ Domain []string
+ IP []string
+ CIDR []string
name string
Proxy
@@ -29,14 +29,14 @@ func newRuleProxyFromFile(ruleFile string) (*ruleForwarder, error) {
p := &ruleForwarder{name: ruleFile}
f := conflag.NewFromFile("rule", ruleFile)
- f.Var(&p.Forward, "forward", "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
+ f.StringSliceVar(&p.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
f.StringVar(&p.Strategy, "strategy", "rr", "forward strategy, default: rr")
f.StringVar(&p.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
f.IntVar(&p.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
- f.Var(&p.Domain, "domain", "domain")
- f.Var(&p.IP, "ip", "ip")
- f.Var(&p.CIDR, "cidr", "cidr")
+ f.StringSliceVar(&p.Domain, "domain", nil, "domain")
+ f.StringSliceVar(&p.IP, "ip", nil, "ip")
+ f.StringSliceVar(&p.CIDR, "cidr", nil, "cidr")
err := f.Parse()
if err != nil {
From 1a14762d84e469140bcd2d84b65c5ff1f6d42e40 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 13 Aug 2017 20:25:21 +0800
Subject: [PATCH 041/341] general: change StringSlice to StringSliceUniq to
remove duplicate flag values
---
main.go | 6 +++---
rule.go | 8 ++++----
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/main.go b/main.go
index 59f7717..f2b2972 100644
--- a/main.go
+++ b/main.go
@@ -114,9 +114,9 @@ func main() {
flag.StringVar(&conf.Strategy, "strategy", "rr", "forward strategy, default: rr")
flag.StringVar(&conf.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
flag.IntVar(&conf.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
- flag.StringSliceVar(&conf.Listen, "listen", nil, "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
- flag.StringSliceVar(&conf.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
- flag.StringSliceVar(&conf.RuleFile, "rulefile", nil, "rule file path")
+ flag.StringSliceUniqVar(&conf.Listen, "listen", nil, "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
+ flag.StringSliceUniqVar(&conf.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
+ flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
flag.Usage = usage
err := flag.Parse()
diff --git a/rule.go b/rule.go
index 24c50e7..5b0e27d 100644
--- a/rule.go
+++ b/rule.go
@@ -29,14 +29,14 @@ func newRuleProxyFromFile(ruleFile string) (*ruleForwarder, error) {
p := &ruleForwarder{name: ruleFile}
f := conflag.NewFromFile("rule", ruleFile)
- f.StringSliceVar(&p.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
+ f.StringSliceUniqVar(&p.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
f.StringVar(&p.Strategy, "strategy", "rr", "forward strategy, default: rr")
f.StringVar(&p.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
f.IntVar(&p.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
- f.StringSliceVar(&p.Domain, "domain", nil, "domain")
- f.StringSliceVar(&p.IP, "ip", nil, "ip")
- f.StringSliceVar(&p.CIDR, "cidr", nil, "cidr")
+ f.StringSliceUniqVar(&p.Domain, "domain", nil, "domain")
+ f.StringSliceUniqVar(&p.IP, "ip", nil, "ip")
+ f.StringSliceUniqVar(&p.CIDR, "cidr", nil, "cidr")
err := f.Parse()
if err != nil {
From b29d972adc80d4b6560abe7d57c701fee093cc43 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 13 Aug 2017 23:51:08 +0800
Subject: [PATCH 042/341] dnstun: add the ability to support both udp and tcp
dns request
---
dns.go | 124 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
dnstun.go | 113 ++++++-------------------------------------------
proxy.go | 16 +++----
tcptun.go | 4 +-
4 files changed, 146 insertions(+), 111 deletions(-)
create mode 100644 dns.go
diff --git a/dns.go b/dns.go
new file mode 100644
index 0000000..a079de0
--- /dev/null
+++ b/dns.go
@@ -0,0 +1,124 @@
+// https://tools.ietf.org/html/rfc1035
+
+package main
+
+import (
+ "encoding/binary"
+ "io/ioutil"
+ "net"
+)
+
+// UDPDNSHeaderLen is the length of UDP dns msg header
+const UDPDNSHeaderLen = 12
+
+// TCPDNSHEADERLen is the length of TCP dns msg header
+const TCPDNSHEADERLen = 2 + UDPDNSHeaderLen
+
+// MaxUDPDNSLen is the max size of udp dns request.
+// https://tools.ietf.org/html/rfc1035#section-4.2.1
+// Messages carried by UDP are restricted to 512 bytes (not counting the IP
+// or UDP headers). Longer messages are truncated and the TC bit is set in
+// the header.
+// TODO: If the request length > 512 then the client will send TCP packets instead,
+// so we should also serve tcp requests.
+const MaxUDPDNSLen = 512
+
+type dns struct {
+ *proxy
+ raddr string
+}
+
+// DNSForwarder returns a dns forwarder. client -> dns.udp -> glider -> forwarder -> remote dns addr
+func DNSForwarder(addr, raddr string, upProxy Proxy) (Proxy, error) {
+ s := &dns{
+ proxy: newProxy(addr, upProxy),
+ raddr: raddr,
+ }
+
+ return s, nil
+}
+
+// ListenAndServe .
+func (s *dns) ListenAndServe() {
+ l, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ logf("failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer l.Close()
+
+ logf("listening UDP on %s", s.addr)
+
+ for {
+ data := make([]byte, MaxUDPDNSLen)
+
+ n, clientAddr, err := l.ReadFrom(data)
+ if err != nil {
+ logf("DNS local read error: %v", err)
+ continue
+ }
+
+ data = data[:n]
+
+ go func() {
+ // TODO: check domain rules and get a proper upstream name server.
+ domain := getDomain(data)
+
+ rc, err := s.GetProxy(s.raddr).Dial("tcp", s.raddr)
+ if err != nil {
+ logf("failed to connect to server %v: %v", s.raddr, err)
+ return
+ }
+ defer rc.Close()
+
+ logf("proxy-dns %s, %s <-> %s", domain, clientAddr.String(), s.raddr)
+
+ // 2 bytes length after tcp header, before dns message
+ length := make([]byte, 2)
+ binary.BigEndian.PutUint16(length, uint16(len(data)))
+ rc.Write(length)
+ rc.Write(data)
+
+ resp, err := ioutil.ReadAll(rc)
+ if err != nil {
+ logf("error in ioutil.ReadAll: %s\n", err)
+ return
+ }
+
+ // length is not needed in udp dns response. (2 bytes)
+ // SEE RFC1035, section 4.2.2 TCP: The message is prefixed with a two byte length field which gives the message length, excluding the two byte length field.
+ if len(resp) > 2 {
+ msg := resp[2:]
+ _, err = l.WriteTo(msg, clientAddr)
+ if err != nil {
+ logf("error in local write: %s\n", err)
+ }
+ }
+
+ }()
+ }
+}
+
+// getDomain from dns request playload, return []byte like:
+// []byte{'w', 'w', 'w', '.', 'm', 's', 'n', '.', 'c', 'o', 'm', '.'}
+// []byte("www.msn.com.")
+func getDomain(p []byte) []byte {
+ var ret []byte
+
+ for i := UDPDNSHeaderLen; i < len(p); {
+ l := int(p[i])
+
+ if l == 0 {
+ break
+ }
+
+ ret = append(ret, p[i+1:i+l+1]...)
+ ret = append(ret, '.')
+
+ i = i + l + 1
+ }
+
+ // TODO: check here
+ // domain name could not be null, so the length of ret always >= 1?
+ return ret[:len(ret)-1]
+}
diff --git a/dnstun.go b/dnstun.go
index 4cfc1c8..559728b 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -2,123 +2,34 @@
package main
-import (
- "encoding/binary"
- "io/ioutil"
- "net"
-)
-
-// UDPDNSHeaderLen is the length of UDP dns msg header
-const UDPDNSHeaderLen = 12
-
-// TCPDNSHEADERLen is the length of TCP dns msg header
-const TCPDNSHEADERLen = 2 + UDPDNSHeaderLen
-
-// MaxUDPDNSLen is the max size of udp dns request.
-// https://tools.ietf.org/html/rfc1035#section-4.2.1
-// Messages carried by UDP are restricted to 512 bytes (not counting the IP
-// or UDP headers). Longer messages are truncated and the TC bit is set in
-// the header.
-// TODO: If the request length > 512 then the client will send TCP packets instead,
-// so we should also serve tcp requests.
-const MaxUDPDNSLen = 512
-
type dnstun struct {
*proxy
raddr string
+
+ udp Proxy
+ tcp Proxy
}
-// DNSTunProxy returns a dns forwarder. client -> dns.udp -> glider -> forwarder -> remote dns addr
-func DNSTunProxy(addr, raddr string, upProxy Proxy) (Proxy, error) {
+// DNSTun returns a dns forwarder. client -> dns.udp -> glider -> forwarder -> remote dns addr
+func DNSTun(addr, raddr string, upProxy Proxy) (Proxy, error) {
s := &dnstun{
proxy: newProxy(addr, upProxy),
raddr: raddr,
}
+ s.udp, _ = DNSForwarder(addr, raddr, upProxy)
+ s.tcp, _ = TCPTun(addr, raddr, upProxy)
+
return s, nil
}
// ListenAndServe .
func (s *dnstun) ListenAndServe() {
- l, err := net.ListenPacket("udp", s.addr)
- if err != nil {
- logf("failed to listen on %s: %v", s.addr, err)
- return
+ if s.udp != nil {
+ go s.udp.ListenAndServe()
}
- defer l.Close()
- logf("listening UDP on %s", s.addr)
-
- for {
- data := make([]byte, MaxUDPDNSLen)
-
- n, clientAddr, err := l.ReadFrom(data)
- if err != nil {
- logf("DNS local read error: %v", err)
- continue
- }
-
- data = data[:n]
-
- go func() {
- // TODO: check domain rules and get a proper upstream name server.
- domain := getDomain(data)
-
- rc, err := s.GetProxy(s.raddr).Dial("tcp", s.raddr)
- if err != nil {
- logf("failed to connect to server %v: %v", s.raddr, err)
- return
- }
- defer rc.Close()
-
- logf("proxy-dnstun %s, %s <-> %s", domain, clientAddr.String(), s.raddr)
-
- // 2 bytes length after tcp header, before dns message
- length := make([]byte, 2)
- binary.BigEndian.PutUint16(length, uint16(len(data)))
- rc.Write(length)
- rc.Write(data)
-
- resp, err := ioutil.ReadAll(rc)
- if err != nil {
- logf("error in ioutil.ReadAll: %s\n", err)
- return
- }
-
- // length is not needed in udp dns response. (2 bytes)
- // SEE RFC1035, section 4.2.2 TCP: The message is prefixed with a two byte length field which gives the message length, excluding the two byte length field.
- if len(resp) > 2 {
- msg := resp[2:]
- _, err = l.WriteTo(msg, clientAddr)
- if err != nil {
- logf("error in local write: %s\n", err)
- }
- }
-
- }()
+ if s.tcp != nil {
+ s.tcp.ListenAndServe()
}
}
-
-// getDomain from dns request playload, return []byte like:
-// []byte{'w', 'w', 'w', '.', 'm', 's', 'n', '.', 'c', 'o', 'm', '.'}
-// []byte("www.msn.com.")
-func getDomain(p []byte) []byte {
- var ret []byte
-
- for i := UDPDNSHeaderLen; i < len(p); {
- l := int(p[i])
-
- if l == 0 {
- break
- }
-
- ret = append(ret, p[i+1:i+l+1]...)
- ret = append(ret, '.')
-
- i = i + l + 1
- }
-
- // TODO: check here
- // domain name could not be null, so the length of ret always >= 1?
- return ret[:len(ret)-1]
-}
diff --git a/proxy.go b/proxy.go
index 86e7dd2..87520a8 100644
--- a/proxy.go
+++ b/proxy.go
@@ -90,23 +90,23 @@ func ProxyFromURL(s string, forwarder Proxy) (Proxy, error) {
}
switch u.Scheme {
+ case "mixed":
+ return MixedProxy("tcp", addr, user, pass, forwarder)
+ case "http":
+ return HTTPProxy(addr, forwarder)
+ case "socks5":
+ return SOCKS5Proxy("tcp", addr, user, pass, forwarder)
case "ss":
p, err := SSProxy(addr, user, pass, forwarder)
return p, err
- case "socks5":
- return SOCKS5Proxy("tcp", addr, user, pass, forwarder)
case "redir":
return RedirProxy(addr, forwarder)
case "tcptun":
d := strings.Split(addr, "=")
- return TCPTunProxy(d[0], d[1], forwarder)
+ return TCPTun(d[0], d[1], forwarder)
case "dnstun":
d := strings.Split(addr, "=")
- return DNSTunProxy(d[0], d[1], forwarder)
- case "http":
- return HTTPProxy(addr, forwarder)
- case "mixed":
- return MixedProxy("tcp", addr, user, pass, forwarder)
+ return DNSTun(d[0], d[1], forwarder)
}
return nil, errors.New("unknown schema '" + u.Scheme + "'")
diff --git a/tcptun.go b/tcptun.go
index 0fbe677..8ccbbe5 100644
--- a/tcptun.go
+++ b/tcptun.go
@@ -7,8 +7,8 @@ type tcptun struct {
raddr string
}
-// TCPTunProxy returns a redirect proxy.
-func TCPTunProxy(addr, raddr string, upProxy Proxy) (Proxy, error) {
+// TCPTun returns a redirect proxy.
+func TCPTun(addr, raddr string, upProxy Proxy) (Proxy, error) {
s := &tcptun{
proxy: newProxy(addr, upProxy),
raddr: raddr,
From 5c0c2e926d00ee741ffe48590deac9c443980021 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 14 Aug 2017 00:02:05 +0800
Subject: [PATCH 043/341] doc: fixed link in systemd/README.md
---
dnstun.go | 2 +-
systemd/README.md | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/dnstun.go b/dnstun.go
index 559728b..2bfca59 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -10,7 +10,7 @@ type dnstun struct {
tcp Proxy
}
-// DNSTun returns a dns forwarder. client -> dns.udp -> glider -> forwarder -> remote dns addr
+// DNSTun returns a dns forwarder.
func DNSTun(addr, raddr string, upProxy Proxy) (Proxy, error) {
s := &dnstun{
proxy: newProxy(addr, upProxy),
diff --git a/systemd/README.md b/systemd/README.md
index 21e87f8..761b6b4 100644
--- a/systemd/README.md
+++ b/systemd/README.md
@@ -24,4 +24,4 @@ enable and start service: glider@***server***
systemctl enable glider@server
systemctl start glider@server
```
-See [glider@.service](systemd/glider%40.service)
+See [glider@.service](glider%40.service)
From 5fef07134926a8ef6d621b2738b49feeb26529d1 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 16 Aug 2017 13:20:12 +0800
Subject: [PATCH 044/341] dns: add experimental codes to specify different
remote dns server in rule file
---
dns.go | 49 ++++++++++++++++++++++++++++++++++++++-----------
main.go | 30 +++++++++++++++++++++++++++++-
rule.go | 6 ++++++
rules.go | 2 +-
4 files changed, 74 insertions(+), 13 deletions(-)
diff --git a/dns.go b/dns.go
index a079de0..f2ab29a 100644
--- a/dns.go
+++ b/dns.go
@@ -6,6 +6,7 @@ import (
"encoding/binary"
"io/ioutil"
"net"
+ "strings"
)
// UDPDNSHeaderLen is the length of UDP dns msg header
@@ -23,23 +24,26 @@ const TCPDNSHEADERLen = 2 + UDPDNSHeaderLen
// so we should also serve tcp requests.
const MaxUDPDNSLen = 512
-type dns struct {
+type DNS struct {
*proxy
- raddr string
+ dnsServer string
+
+ dnsServerMap map[string]string
}
// DNSForwarder returns a dns forwarder. client -> dns.udp -> glider -> forwarder -> remote dns addr
-func DNSForwarder(addr, raddr string, upProxy Proxy) (Proxy, error) {
- s := &dns{
- proxy: newProxy(addr, upProxy),
- raddr: raddr,
+func DNSForwarder(addr, raddr string, upProxy Proxy) (*DNS, error) {
+ s := &DNS{
+ proxy: newProxy(addr, upProxy),
+ dnsServer: raddr,
+ dnsServerMap: make(map[string]string),
}
return s, nil
}
// ListenAndServe .
-func (s *dns) ListenAndServe() {
+func (s *DNS) ListenAndServe() {
l, err := net.ListenPacket("udp", s.addr)
if err != nil {
logf("failed to listen on %s: %v", s.addr, err)
@@ -62,16 +66,18 @@ func (s *dns) ListenAndServe() {
go func() {
// TODO: check domain rules and get a proper upstream name server.
- domain := getDomain(data)
+ domain := string(getDomain(data))
- rc, err := s.GetProxy(s.raddr).Dial("tcp", s.raddr)
+ dnsServer := s.GetServer(domain)
+ // TODO: check here
+ rc, err := s.GetProxy(domain+":53").GetProxy(domain+":53").Dial("tcp", dnsServer)
if err != nil {
- logf("failed to connect to server %v: %v", s.raddr, err)
+ logf("failed to connect to server %v: %v", dnsServer, err)
return
}
defer rc.Close()
- logf("proxy-dns %s, %s <-> %s", domain, clientAddr.String(), s.raddr)
+ logf("proxy-dns %s, %s <-> %s", domain, clientAddr.String(), dnsServer)
// 2 bytes length after tcp header, before dns message
length := make([]byte, 2)
@@ -99,6 +105,27 @@ func (s *dns) ListenAndServe() {
}
}
+// SetServer .
+func (s *DNS) SetServer(domain, server string) {
+ s.dnsServerMap[domain] = server
+}
+
+// GetServer .
+func (s *DNS) GetServer(domain string) string {
+
+ domainParts := strings.Split(domain, ".")
+ length := len(domainParts)
+ for i := length - 2; i >= 0; i-- {
+ domain := strings.Join(domainParts[i:length], ".")
+
+ if server, ok := s.dnsServerMap[domain]; ok {
+ return server
+ }
+ }
+
+ return s.dnsServer
+}
+
// getDomain from dns request playload, return []byte like:
// []byte{'w', 'w', 'w', '.', 'm', 's', 'n', '.', 'c', 'o', 'm', '.'}
// []byte("www.msn.com.")
diff --git a/main.go b/main.go
index f2b2972..368c1f8 100644
--- a/main.go
+++ b/main.go
@@ -22,6 +22,11 @@ var conf struct {
Listen []string
Forward []string
RuleFile []string
+
+ DNS string
+ DNSServer []string
+
+ IPSet string
}
var flag = conflag.New()
@@ -118,6 +123,11 @@ func main() {
flag.StringSliceUniqVar(&conf.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
+ flag.StringVar(&conf.DNS, "dns", "", "dns listen address")
+ flag.StringSliceUniqVar(&conf.DNSServer, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
+
+ flag.StringVar(&conf.IPSet, "ipset", "glider", "ipset name")
+
flag.Usage = usage
err := flag.Parse()
if err != nil {
@@ -125,7 +135,7 @@ func main() {
return
}
- if len(conf.Listen) == 0 {
+ if len(conf.Listen) == 0 && conf.DNS == "" {
flag.Usage()
fmt.Fprintf(os.Stderr, "ERROR: listen url must be specified.\n")
return
@@ -177,6 +187,24 @@ func main() {
}
}
+ if conf.DNS != "" {
+ dns, err := DNSForwarder(conf.DNS, conf.DNSServer[0], forwarder)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ // rule
+ for _, frwder := range ruleForwarders {
+ for _, domain := range frwder.Domain {
+ if len(frwder.DNSServer) > 0 {
+ dns.SetServer(domain, frwder.DNSServer[0])
+ }
+ }
+ }
+
+ go dns.ListenAndServe()
+ }
+
sigCh := make(chan os.Signal, 1)
signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
<-sigCh
diff --git a/rule.go b/rule.go
index 5b0e27d..afd2081 100644
--- a/rule.go
+++ b/rule.go
@@ -16,6 +16,9 @@ type ruleForwarder struct {
CheckWebSite string
CheckDuration int
+ DNSServer []string
+ IPSet string
+
Domain []string
IP []string
CIDR []string
@@ -34,6 +37,9 @@ func newRuleProxyFromFile(ruleFile string) (*ruleForwarder, error) {
f.StringVar(&p.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
f.IntVar(&p.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
+ f.StringSliceUniqVar(&p.DNSServer, "dnsserver", nil, "remote dns server")
+ f.StringVar(&p.IPSet, "ipset", "", "ipset name")
+
f.StringSliceUniqVar(&p.Domain, "domain", nil, "domain")
f.StringSliceUniqVar(&p.IP, "ip", nil, "ip")
f.StringSliceUniqVar(&p.CIDR, "cidr", nil, "cidr")
diff --git a/rules.go b/rules.go
index 64aee7f..c71dc43 100644
--- a/rules.go
+++ b/rules.go
@@ -42,7 +42,7 @@ func newRulesForwarder(ruleForwarders []*ruleForwarder, globalForwarder Proxy) P
return p
}
-func (p *rulesForwarder) Addr() string { return "rule forwarder" }
+func (p *rulesForwarder) Addr() string { return "rules forwarder" }
func (p *rulesForwarder) ListenAndServe() {}
func (p *rulesForwarder) Serve(c net.Conn) {}
func (p *rulesForwarder) CurrentProxy() Proxy { return p.globalForwarder.CurrentProxy() }
From 4574ab1c1a6daf931ec6e4832534b18cbde16257 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 16 Aug 2017 22:37:42 +0800
Subject: [PATCH 045/341] general: optimize codes
---
dns.go | 4 ++--
dnstun.go | 16 ++++++++--------
http.go | 16 ++++++++--------
main.go | 10 +++++-----
mixed.go | 18 +++++++++---------
proxy.go | 18 +++++++++---------
redir_linux.go | 8 ++++----
redir_other.go | 10 +++++-----
rule.go | 12 ++++++------
rules.go | 26 +++++++++++++-------------
socks5.go | 20 ++++++++++----------
ss.go | 16 ++++++++--------
strategy.go | 6 +++---
tcptun.go | 12 ++++++------
14 files changed, 96 insertions(+), 96 deletions(-)
diff --git a/dns.go b/dns.go
index f2ab29a..a25a827 100644
--- a/dns.go
+++ b/dns.go
@@ -32,9 +32,9 @@ type DNS struct {
}
// DNSForwarder returns a dns forwarder. client -> dns.udp -> glider -> forwarder -> remote dns addr
-func DNSForwarder(addr, raddr string, upProxy Proxy) (*DNS, error) {
+func NewDNS(addr, raddr string, upProxy Proxy) (*DNS, error) {
s := &DNS{
- proxy: newProxy(addr, upProxy),
+ proxy: NewProxy(addr, upProxy),
dnsServer: raddr,
dnsServerMap: make(map[string]string),
}
diff --git a/dnstun.go b/dnstun.go
index 2bfca59..44d1d6a 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -2,7 +2,7 @@
package main
-type dnstun struct {
+type DNSTun struct {
*proxy
raddr string
@@ -10,21 +10,21 @@ type dnstun struct {
tcp Proxy
}
-// DNSTun returns a dns forwarder.
-func DNSTun(addr, raddr string, upProxy Proxy) (Proxy, error) {
- s := &dnstun{
- proxy: newProxy(addr, upProxy),
+// NewDNSTun returns a dns forwarder.
+func NewDNSTun(addr, raddr string, upProxy Proxy) (*DNSTun, error) {
+ s := &DNSTun{
+ proxy: NewProxy(addr, upProxy),
raddr: raddr,
}
- s.udp, _ = DNSForwarder(addr, raddr, upProxy)
- s.tcp, _ = TCPTun(addr, raddr, upProxy)
+ s.udp, _ = NewDNS(addr, raddr, upProxy)
+ s.tcp, _ = NewTCPTun(addr, raddr, upProxy)
return s, nil
}
// ListenAndServe .
-func (s *dnstun) ListenAndServe() {
+func (s *DNSTun) ListenAndServe() {
if s.udp != nil {
go s.udp.ListenAndServe()
}
diff --git a/http.go b/http.go
index 62cd8b0..f594626 100644
--- a/http.go
+++ b/http.go
@@ -17,21 +17,21 @@ import (
)
// httpproxy
-type httpproxy struct {
+type HTTPProxy struct {
*proxy
}
// HTTPProxy returns a http proxy.
-func HTTPProxy(addr string, upProxy Proxy) (Proxy, error) {
- s := &httpproxy{
- proxy: newProxy(addr, upProxy),
+func NewHTTPProxy(addr string, upProxy Proxy) (*HTTPProxy, error) {
+ s := &HTTPProxy{
+ proxy: NewProxy(addr, upProxy),
}
return s, nil
}
// ListenAndServe .
-func (s *httpproxy) ListenAndServe() {
+func (s *HTTPProxy) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
logf("failed to listen on %s: %v", s.addr, err)
@@ -53,7 +53,7 @@ func (s *httpproxy) ListenAndServe() {
}
// Serve .
-func (s *httpproxy) Serve(c net.Conn) {
+func (s *HTTPProxy) Serve(c net.Conn) {
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
@@ -147,7 +147,7 @@ func (s *httpproxy) Serve(c net.Conn) {
}
-func (s *httpproxy) servHTTPS(method, requestURI, proto string, c net.Conn) {
+func (s *HTTPProxy) servHTTPS(method, requestURI, proto string, c net.Conn) {
rc, err := s.GetProxy(requestURI).Dial("tcp", requestURI)
if err != nil {
c.Write([]byte(proto))
@@ -170,7 +170,7 @@ func (s *httpproxy) servHTTPS(method, requestURI, proto string, c net.Conn) {
}
// Dial connects to the address addr on the network net via the proxy.
-func (s *httpproxy) Dial(network, addr string) (net.Conn, error) {
+func (s *HTTPProxy) Dial(network, addr string) (net.Conn, error) {
rc, err := s.GetProxy(s.addr).Dial("tcp", s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
diff --git a/main.go b/main.go
index 368c1f8..89dd018 100644
--- a/main.go
+++ b/main.go
@@ -156,12 +156,12 @@ func main() {
}
// combine forwarders to a singer strategy forwarder
- forwarder := newStrategyForwarder(conf.Strategy, forwarders)
+ forwarder := NewStrategyForwarder(conf.Strategy, forwarders)
// rule forwarders
- var ruleForwarders []*ruleForwarder
+ var ruleForwarders []*RuleForwarder
for _, ruleFile := range conf.RuleFile {
- ruleForwarder, err := newRuleProxyFromFile(ruleFile)
+ ruleForwarder, err := NewRuleProxyFromFile(ruleFile)
if err != nil {
log.Fatal(err)
}
@@ -170,7 +170,7 @@ func main() {
}
// combine ruleforwarders and global strategy forwarder
- forwarder = newRulesForwarder(ruleForwarders, forwarder)
+ forwarder = NewRulesForwarder(ruleForwarders, forwarder)
for _, listen := range conf.Listen {
local, err := ProxyFromURL(listen, forwarder)
@@ -188,7 +188,7 @@ func main() {
}
if conf.DNS != "" {
- dns, err := DNSForwarder(conf.DNS, conf.DNSServer[0], forwarder)
+ dns, err := NewDNS(conf.DNS, conf.DNSServer[0], forwarder)
if err != nil {
log.Fatal(err)
}
diff --git a/mixed.go b/mixed.go
index ef99118..882b8bf 100644
--- a/mixed.go
+++ b/mixed.go
@@ -17,8 +17,8 @@ var httpMethods = [][]byte{
[]byte("TRACE"),
}
-// mixedproxy
-type mixedproxy struct {
+// MixedProxy .
+type MixedProxy struct {
*proxy
http Proxy
socks5 Proxy
@@ -26,23 +26,23 @@ type mixedproxy struct {
}
// MixedProxy returns a mixed proxy.
-func MixedProxy(network, addr, user, pass string, upProxy Proxy) (Proxy, error) {
- p := &mixedproxy{
- proxy: newProxy(addr, upProxy),
+func NewMixedProxy(network, addr, user, pass string, upProxy Proxy) (*MixedProxy, error) {
+ p := &MixedProxy{
+ proxy: NewProxy(addr, upProxy),
}
- p.http, _ = HTTPProxy(addr, upProxy)
- p.socks5, _ = SOCKS5Proxy(network, addr, user, pass, upProxy)
+ p.http, _ = NewHTTPProxy(addr, upProxy)
+ p.socks5, _ = NewSOCKS5Proxy(network, addr, user, pass, upProxy)
if user != "" && pass != "" {
- p.ss, _ = SSProxy(addr, user, pass, upProxy)
+ p.ss, _ = NewSSProxy(addr, user, pass, upProxy)
}
return p, nil
}
// mixedproxy .
-func (p *mixedproxy) ListenAndServe() {
+func (p *MixedProxy) ListenAndServe() {
l, err := net.Listen("tcp", p.addr)
if err != nil {
logf("failed to listen on %s: %v", p.addr, err)
diff --git a/proxy.go b/proxy.go
index 87520a8..eb741dc 100644
--- a/proxy.go
+++ b/proxy.go
@@ -47,8 +47,8 @@ type proxy struct {
enabled bool
}
-// newProxy .
-func newProxy(addr string, forward Proxy) *proxy {
+// NewProxy .
+func NewProxy(addr string, forward Proxy) *proxy {
if forward == nil {
forward = Direct
}
@@ -91,22 +91,22 @@ func ProxyFromURL(s string, forwarder Proxy) (Proxy, error) {
switch u.Scheme {
case "mixed":
- return MixedProxy("tcp", addr, user, pass, forwarder)
+ return NewMixedProxy("tcp", addr, user, pass, forwarder)
case "http":
- return HTTPProxy(addr, forwarder)
+ return NewHTTPProxy(addr, forwarder)
case "socks5":
- return SOCKS5Proxy("tcp", addr, user, pass, forwarder)
+ return NewSOCKS5Proxy("tcp", addr, user, pass, forwarder)
case "ss":
- p, err := SSProxy(addr, user, pass, forwarder)
+ p, err := NewSSProxy(addr, user, pass, forwarder)
return p, err
case "redir":
- return RedirProxy(addr, forwarder)
+ return NewRedirProxy(addr, forwarder)
case "tcptun":
d := strings.Split(addr, "=")
- return TCPTun(d[0], d[1], forwarder)
+ return NewTCPTun(d[0], d[1], forwarder)
case "dnstun":
d := strings.Split(addr, "=")
- return DNSTun(d[0], d[1], forwarder)
+ return NewDNSTun(d[0], d[1], forwarder)
}
return nil, errors.New("unknown schema '" + u.Scheme + "'")
diff --git a/redir_linux.go b/redir_linux.go
index 9d1a5ae..3edfb73 100644
--- a/redir_linux.go
+++ b/redir_linux.go
@@ -17,12 +17,12 @@ const (
IP6T_SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h
)
-type redir struct {
+type RedirProxy struct {
*proxy
}
-// RedirProxy returns a redirect proxy.
-func RedirProxy(addr string, upProxy Proxy) (Proxy, error) {
+// NewRedirProxy returns a redirect proxy.
+func NewRedirProxy(addr string, upProxy Proxy) (*RedirProxy, error) {
s := &redir{
proxy: newProxy(addr, upProxy),
}
@@ -31,7 +31,7 @@ func RedirProxy(addr string, upProxy Proxy) (Proxy, error) {
}
// ListenAndServe redirected requests as a server.
-func (s *redir) ListenAndServe() {
+func (s *RedirProxy) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
logf("failed to listen on %s: %v", s.addr, err)
diff --git a/redir_other.go b/redir_other.go
index ce591c4..cbd92ab 100644
--- a/redir_other.go
+++ b/redir_other.go
@@ -4,14 +4,14 @@ package main
import "log"
-type redir struct{ *proxy }
+type RedirProxy struct{ *proxy }
-// RedirProxy returns a redirect proxy.
-func RedirProxy(addr string, upProxy Proxy) (Proxy, error) {
- return &redir{proxy: newProxy(addr, upProxy)}, nil
+// NewRedirProxy returns a redirect proxy.
+func NewRedirProxy(addr string, upProxy Proxy) (Proxy, error) {
+ return &RedirProxy{proxy: NewProxy(addr, upProxy)}, nil
}
// ListenAndServe redirected requests as a server.
-func (s *redir) ListenAndServe() {
+func (s *RedirProxy) ListenAndServe() {
log.Fatal("redir not supported on this os")
}
diff --git a/rule.go b/rule.go
index afd2081..db936d2 100644
--- a/rule.go
+++ b/rule.go
@@ -9,8 +9,8 @@ import (
"github.com/nadoo/conflag"
)
-// ruleForwarder, every ruleForwarder points to a rule file
-type ruleForwarder struct {
+// RuleForwarder, every ruleForwarder points to a rule file
+type RuleForwarder struct {
Forward []string
Strategy string
CheckWebSite string
@@ -27,9 +27,9 @@ type ruleForwarder struct {
Proxy
}
-// newRuleProxyFromFile .
-func newRuleProxyFromFile(ruleFile string) (*ruleForwarder, error) {
- p := &ruleForwarder{name: ruleFile}
+// NewRuleProxyFromFile .
+func NewRuleProxyFromFile(ruleFile string) (*RuleForwarder, error) {
+ p := &RuleForwarder{name: ruleFile}
f := conflag.NewFromFile("rule", ruleFile)
f.StringSliceUniqVar(&p.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
@@ -63,7 +63,7 @@ func newRuleProxyFromFile(ruleFile string) (*ruleForwarder, error) {
forwarders = append(forwarders, forward)
}
- forwarder := newStrategyForwarder(p.Strategy, forwarders)
+ forwarder := NewStrategyForwarder(p.Strategy, forwarders)
for _, forward := range forwarders {
go check(forward, p.CheckWebSite, p.CheckDuration)
diff --git a/rules.go b/rules.go
index c71dc43..fa5b794 100644
--- a/rules.go
+++ b/rules.go
@@ -5,7 +5,7 @@ import (
"strings"
)
-type rulesForwarder struct {
+type RulesForwarder struct {
globalForwarder Proxy
domainMap map[string]Proxy
@@ -13,14 +13,14 @@ type rulesForwarder struct {
cidrMap map[string]Proxy
}
-// newRulesForwarder .
-func newRulesForwarder(ruleForwarders []*ruleForwarder, globalForwarder Proxy) Proxy {
+// NewRulesForwarder .
+func NewRulesForwarder(ruleForwarders []*RuleForwarder, globalForwarder Proxy) Proxy {
if len(ruleForwarders) == 0 {
return globalForwarder
}
- p := &rulesForwarder{globalForwarder: globalForwarder}
+ p := &RulesForwarder{globalForwarder: globalForwarder}
for _, f := range ruleForwarders {
p.domainMap = make(map[string]Proxy)
@@ -42,12 +42,12 @@ func newRulesForwarder(ruleForwarders []*ruleForwarder, globalForwarder Proxy) P
return p
}
-func (p *rulesForwarder) Addr() string { return "rules forwarder" }
-func (p *rulesForwarder) ListenAndServe() {}
-func (p *rulesForwarder) Serve(c net.Conn) {}
-func (p *rulesForwarder) CurrentProxy() Proxy { return p.globalForwarder.CurrentProxy() }
+func (p *RulesForwarder) Addr() string { return "rules forwarder" }
+func (p *RulesForwarder) ListenAndServe() {}
+func (p *RulesForwarder) Serve(c net.Conn) {}
+func (p *RulesForwarder) CurrentProxy() Proxy { return p.globalForwarder.CurrentProxy() }
-func (p *rulesForwarder) GetProxy(dstAddr string) Proxy {
+func (p *RulesForwarder) GetProxy(dstAddr string) Proxy {
// TODO: change to index finders
host, _, err := net.SplitHostPort(dstAddr)
@@ -89,13 +89,13 @@ func (p *rulesForwarder) GetProxy(dstAddr string) Proxy {
return p.globalForwarder.GetProxy(dstAddr)
}
-func (p *rulesForwarder) NextProxy() Proxy {
+func (p *RulesForwarder) NextProxy() Proxy {
return p.globalForwarder.NextProxy()
}
-func (p *rulesForwarder) Enabled() bool { return true }
-func (p *rulesForwarder) SetEnable(enable bool) {}
+func (p *RulesForwarder) Enabled() bool { return true }
+func (p *RulesForwarder) SetEnable(enable bool) {}
-func (p *rulesForwarder) Dial(network, addr string) (net.Conn, error) {
+func (p *RulesForwarder) Dial(network, addr string) (net.Conn, error) {
return p.GetProxy(addr).Dial(network, addr)
}
diff --git a/socks5.go b/socks5.go
index 0414f51..7c82391 100644
--- a/socks5.go
+++ b/socks5.go
@@ -55,18 +55,18 @@ var socks5Errors = []string{
"address type not supported",
}
-type socks5 struct {
+type SOCKS5Proxy struct {
*proxy
network string
user string
password string
}
-// SOCKS5Proxy returns a Proxy that makes SOCKSv5 connections to the given address
+// NewSOCKS5Proxy returns a Proxy that makes SOCKSv5 connections to the given address
// with an optional username and password. See RFC 1928.
-func SOCKS5Proxy(network, addr, user, pass string, upProxy Proxy) (Proxy, error) {
- s := &socks5{
- proxy: newProxy(addr, upProxy),
+func NewSOCKS5Proxy(network, addr, user, pass string, upProxy Proxy) (*SOCKS5Proxy, error) {
+ s := &SOCKS5Proxy{
+ proxy: NewProxy(addr, upProxy),
user: user,
password: pass,
}
@@ -75,7 +75,7 @@ func SOCKS5Proxy(network, addr, user, pass string, upProxy Proxy) (Proxy, error)
}
// ListenAndServe connects to the address addr on the network net via the SOCKS5 proxy.
-func (s *socks5) ListenAndServe() {
+func (s *SOCKS5Proxy) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
logf("failed to listen on %s: %v", s.addr, err)
@@ -95,7 +95,7 @@ func (s *socks5) ListenAndServe() {
}
}
-func (s *socks5) Serve(c net.Conn) {
+func (s *SOCKS5Proxy) Serve(c net.Conn) {
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
@@ -127,7 +127,7 @@ func (s *socks5) Serve(c net.Conn) {
}
// Dial connects to the address addr on the network net via the SOCKS5 proxy.
-func (s *socks5) Dial(network, addr string) (net.Conn, error) {
+func (s *SOCKS5Proxy) Dial(network, addr string) (net.Conn, error) {
switch network {
case "tcp", "tcp6", "tcp4":
default:
@@ -155,7 +155,7 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) {
// connect takes an existing connection to a socks5 proxy server,
// and commands the server to extend that connection to target,
// which must be a canonical address with a host and port.
-func (s *socks5) connect(conn net.Conn, target string) error {
+func (s *SOCKS5Proxy) connect(conn net.Conn, target string) error {
host, portStr, err := net.SplitHostPort(target)
if err != nil {
return err
@@ -286,7 +286,7 @@ func (s *socks5) connect(conn net.Conn, target string) error {
}
// Handshake fast-tracks SOCKS initialization to get target address to connect.
-func (s *socks5) handshake(rw io.ReadWriter) (Addr, error) {
+func (s *SOCKS5Proxy) handshake(rw io.ReadWriter) (Addr, error) {
// Read RFC 1928 for request and reply structure and sizes.
buf := make([]byte, MaxAddrLen)
// read VER, NMETHODS, METHODS
diff --git a/ss.go b/ss.go
index df51774..66efb56 100644
--- a/ss.go
+++ b/ss.go
@@ -10,20 +10,20 @@ import (
)
// ss
-type ss struct {
+type SSProxy struct {
*proxy
core.StreamConnCipher
}
-// SSProxy returns a shadowsocks proxy.
-func SSProxy(addr, method, pass string, upProxy Proxy) (Proxy, error) {
+// NewSSProxy returns a shadowsocks proxy.
+func NewSSProxy(addr, method, pass string, upProxy Proxy) (*SSProxy, error) {
ciph, err := core.PickCipher(method, nil, pass)
if err != nil {
log.Fatalf("PickCipher for '%s', error: %s", method, err)
}
- s := &ss{
- proxy: newProxy(addr, upProxy),
+ s := &SSProxy{
+ proxy: NewProxy(addr, upProxy),
StreamConnCipher: ciph,
}
@@ -31,7 +31,7 @@ func SSProxy(addr, method, pass string, upProxy Proxy) (Proxy, error) {
}
// ListenAndServe shadowsocks requests as a server.
-func (s *ss) ListenAndServe() {
+func (s *SSProxy) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
logf("failed to listen on %s: %v", s.addr, err)
@@ -50,7 +50,7 @@ func (s *ss) ListenAndServe() {
}
}
-func (s *ss) Serve(c net.Conn) {
+func (s *SSProxy) Serve(c net.Conn) {
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
@@ -85,7 +85,7 @@ func (s *ss) Serve(c net.Conn) {
}
// Dial connects to the address addr on the network net via the proxy.
-func (s *ss) Dial(network, addr string) (net.Conn, error) {
+func (s *SSProxy) Dial(network, addr string) (net.Conn, error) {
target := ParseAddr(addr)
if target == nil {
diff --git a/strategy.go b/strategy.go
index d61487c..08036bf 100644
--- a/strategy.go
+++ b/strategy.go
@@ -2,8 +2,8 @@ package main
import "net"
-// newStrategyForwarder .
-func newStrategyForwarder(strategy string, forwarders []Proxy) Proxy {
+// NewStrategyForwarder .
+func NewStrategyForwarder(strategy string, forwarders []Proxy) Proxy {
var proxy Proxy
if len(forwarders) == 0 {
proxy = Direct
@@ -37,7 +37,7 @@ func newRRProxy(addr string, forwarders []Proxy) Proxy {
if len(forwarders) == 0 {
return Direct
} else if len(forwarders) == 1 {
- return newProxy(addr, forwarders[0])
+ return NewProxy(addr, forwarders[0])
}
return &rrProxy{forwarders: forwarders}
diff --git a/tcptun.go b/tcptun.go
index 8ccbbe5..20cc2df 100644
--- a/tcptun.go
+++ b/tcptun.go
@@ -2,15 +2,15 @@ package main
import "net"
-type tcptun struct {
+type TCPTun struct {
*proxy
raddr string
}
-// TCPTun returns a redirect proxy.
-func TCPTun(addr, raddr string, upProxy Proxy) (Proxy, error) {
- s := &tcptun{
- proxy: newProxy(addr, upProxy),
+// NewTCPTun returns a redirect proxy.
+func NewTCPTun(addr, raddr string, upProxy Proxy) (*TCPTun, error) {
+ s := &TCPTun{
+ proxy: NewProxy(addr, upProxy),
raddr: raddr,
}
@@ -18,7 +18,7 @@ func TCPTun(addr, raddr string, upProxy Proxy) (Proxy, error) {
}
// ListenAndServe redirected requests as a server.
-func (s *tcptun) ListenAndServe() {
+func (s *TCPTun) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
logf("failed to listen on %s: %v", s.addr, err)
From b2b3a9479879ef087cda6474da7aa6be39b4d52f Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 17 Aug 2017 20:26:46 +0800
Subject: [PATCH 046/341] redir: fixed a compile error on linux
---
redir_linux.go | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/redir_linux.go b/redir_linux.go
index 3edfb73..fbb6e6f 100644
--- a/redir_linux.go
+++ b/redir_linux.go
@@ -23,8 +23,8 @@ type RedirProxy struct {
// NewRedirProxy returns a redirect proxy.
func NewRedirProxy(addr string, upProxy Proxy) (*RedirProxy, error) {
- s := &redir{
- proxy: newProxy(addr, upProxy),
+ s := &RedirProxy{
+ proxy: NewProxy(addr, upProxy),
}
return s, nil
From 989d3c97873ddfd6b20510020af45b7275479965 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 20 Aug 2017 21:44:18 +0800
Subject: [PATCH 047/341] rules: add rules-dir folder config support
---
.gitignore | 3 +++
direct.go | 4 ++--
dns.go | 5 +++--
dnstun.go | 1 +
http.go | 4 ++--
main.go | 19 ++++++++++++++++---
mixed.go | 6 +++---
redir_other.go | 1 +
rule.go | 6 +++---
rules.go | 1 +
socks5.go | 2 ++
ss.go | 3 ++-
tcptun.go | 1 +
utils.go | 26 ++++++++++++++++++++++++++
14 files changed, 66 insertions(+), 16 deletions(-)
create mode 100644 utils.go
diff --git a/.gitignore b/.gitignore
index dafd4ed..3709d49 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,5 +17,8 @@
*.zip
/*.conf
/*.rule
+
+rules.d/*.rule
+
glider
bak/
diff --git a/direct.go b/direct.go
index a2deb56..84da69a 100644
--- a/direct.go
+++ b/direct.go
@@ -10,8 +10,8 @@ type direct struct {
var Direct = &direct{}
func (d *direct) Addr() string { return "127.0.0.1" }
-func (d *direct) ListenAndServe() { logf("base proxy ListenAndServe") }
-func (d *direct) Serve(c net.Conn) { logf("base proxy Serve") }
+func (d *direct) ListenAndServe() { logf("direct proxy ListenAndServe") }
+func (d *direct) Serve(c net.Conn) { logf("direct proxy Serve") }
func (d *direct) CurrentProxy() Proxy { return d }
func (d *direct) GetProxy(dstAddr string) Proxy { return d }
func (d *direct) NextProxy() Proxy { return d }
diff --git a/dns.go b/dns.go
index a25a827..1d689f9 100644
--- a/dns.go
+++ b/dns.go
@@ -24,6 +24,7 @@ const TCPDNSHEADERLen = 2 + UDPDNSHeaderLen
// so we should also serve tcp requests.
const MaxUDPDNSLen = 512
+// DNS .
type DNS struct {
*proxy
dnsServer string
@@ -31,7 +32,7 @@ type DNS struct {
dnsServerMap map[string]string
}
-// DNSForwarder returns a dns forwarder. client -> dns.udp -> glider -> forwarder -> remote dns addr
+// NewDNS returns a dns forwarder. client -> dns.udp -> glider -> forwarder -> remote dns addr
func NewDNS(addr, raddr string, upProxy Proxy) (*DNS, error) {
s := &DNS{
proxy: NewProxy(addr, upProxy),
@@ -70,7 +71,7 @@ func (s *DNS) ListenAndServe() {
dnsServer := s.GetServer(domain)
// TODO: check here
- rc, err := s.GetProxy(domain+":53").GetProxy(domain+":53").Dial("tcp", dnsServer)
+ rc, err := s.GetProxy(domain+":53").Dial("tcp", dnsServer)
if err != nil {
logf("failed to connect to server %v: %v", dnsServer, err)
return
diff --git a/dnstun.go b/dnstun.go
index 44d1d6a..0055204 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -2,6 +2,7 @@
package main
+// DNSTun .
type DNSTun struct {
*proxy
raddr string
diff --git a/http.go b/http.go
index f594626..811c14c 100644
--- a/http.go
+++ b/http.go
@@ -16,12 +16,12 @@ import (
"time"
)
-// httpproxy
+// HTTPProxy .
type HTTPProxy struct {
*proxy
}
-// HTTPProxy returns a http proxy.
+// NewHTTPProxy returns a http proxy.
func NewHTTPProxy(addr string, upProxy Proxy) (*HTTPProxy, error) {
s := &HTTPProxy{
proxy: NewProxy(addr, upProxy),
diff --git a/main.go b/main.go
index 89dd018..ae9f47b 100644
--- a/main.go
+++ b/main.go
@@ -12,7 +12,7 @@ import (
)
// VERSION .
-const VERSION = "0.3.2"
+const VERSION = "0.4.0"
var conf struct {
Verbose bool
@@ -22,6 +22,7 @@ var conf struct {
Listen []string
Forward []string
RuleFile []string
+ RulesDir string
DNS string
DNSServer []string
@@ -122,6 +123,7 @@ func main() {
flag.StringSliceUniqVar(&conf.Listen, "listen", nil, "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
flag.StringSliceUniqVar(&conf.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
+ flag.StringVar(&conf.RulesDir, "rules-dir", "rules.d", "rule file folder")
flag.StringVar(&conf.DNS, "dns", "", "dns listen address")
flag.StringSliceUniqVar(&conf.DNSServer, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
@@ -155,13 +157,24 @@ func main() {
forwarders = append(forwarders, forward)
}
- // combine forwarders to a singer strategy forwarder
+ // combine forwarders to a single strategy forwarder
forwarder := NewStrategyForwarder(conf.Strategy, forwarders)
// rule forwarders
var ruleForwarders []*RuleForwarder
for _, ruleFile := range conf.RuleFile {
- ruleForwarder, err := NewRuleProxyFromFile(ruleFile)
+ ruleForwarder, err := NewRuleForwarderFromFile(ruleFile)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ ruleForwarders = append(ruleForwarders, ruleForwarder)
+ }
+
+ // rules folder
+ ruleFolderFiles, _ := listDir(conf.RulesDir, ".rule")
+ for _, ruleFile := range ruleFolderFiles {
+ ruleForwarder, err := NewRuleForwarderFromFile(ruleFile)
if err != nil {
log.Fatal(err)
}
diff --git a/mixed.go b/mixed.go
index 882b8bf..5845aac 100644
--- a/mixed.go
+++ b/mixed.go
@@ -6,7 +6,7 @@ import (
)
// https://www.ietf.org/rfc/rfc2616.txt, http methods must be uppercase.
-var httpMethods = [][]byte{
+var httpMethods = [...][]byte{
[]byte("GET"),
[]byte("POST"),
[]byte("PUT"),
@@ -25,7 +25,7 @@ type MixedProxy struct {
ss Proxy
}
-// MixedProxy returns a mixed proxy.
+// NewMixedProxy returns a mixed proxy.
func NewMixedProxy(network, addr, user, pass string, upProxy Proxy) (*MixedProxy, error) {
p := &MixedProxy{
proxy: NewProxy(addr, upProxy),
@@ -41,7 +41,7 @@ func NewMixedProxy(network, addr, user, pass string, upProxy Proxy) (*MixedProxy
return p, nil
}
-// mixedproxy .
+// ListenAndServe .
func (p *MixedProxy) ListenAndServe() {
l, err := net.Listen("tcp", p.addr)
if err != nil {
diff --git a/redir_other.go b/redir_other.go
index cbd92ab..44e72fc 100644
--- a/redir_other.go
+++ b/redir_other.go
@@ -4,6 +4,7 @@ package main
import "log"
+// RedirProxy .
type RedirProxy struct{ *proxy }
// NewRedirProxy returns a redirect proxy.
diff --git a/rule.go b/rule.go
index db936d2..9946ad9 100644
--- a/rule.go
+++ b/rule.go
@@ -9,7 +9,7 @@ import (
"github.com/nadoo/conflag"
)
-// RuleForwarder, every ruleForwarder points to a rule file
+// RuleForwarder , every ruleForwarder points to a rule file
type RuleForwarder struct {
Forward []string
Strategy string
@@ -27,8 +27,8 @@ type RuleForwarder struct {
Proxy
}
-// NewRuleProxyFromFile .
-func NewRuleProxyFromFile(ruleFile string) (*RuleForwarder, error) {
+// NewRuleForwarderFromFile .
+func NewRuleForwarderFromFile(ruleFile string) (*RuleForwarder, error) {
p := &RuleForwarder{name: ruleFile}
f := conflag.NewFromFile("rule", ruleFile)
diff --git a/rules.go b/rules.go
index fa5b794..a5b751c 100644
--- a/rules.go
+++ b/rules.go
@@ -5,6 +5,7 @@ import (
"strings"
)
+// RulesForwarder .
type RulesForwarder struct {
globalForwarder Proxy
diff --git a/socks5.go b/socks5.go
index 7c82391..e266563 100644
--- a/socks5.go
+++ b/socks5.go
@@ -55,6 +55,7 @@ var socks5Errors = []string{
"address type not supported",
}
+// SOCKS5Proxy .
type SOCKS5Proxy struct {
*proxy
network string
@@ -95,6 +96,7 @@ func (s *SOCKS5Proxy) ListenAndServe() {
}
}
+// Serve .
func (s *SOCKS5Proxy) Serve(c net.Conn) {
defer c.Close()
diff --git a/ss.go b/ss.go
index 66efb56..39c8347 100644
--- a/ss.go
+++ b/ss.go
@@ -9,7 +9,7 @@ import (
"github.com/shadowsocks/go-shadowsocks2/core"
)
-// ss
+// SSProxy .
type SSProxy struct {
*proxy
core.StreamConnCipher
@@ -50,6 +50,7 @@ func (s *SSProxy) ListenAndServe() {
}
}
+// Serve .
func (s *SSProxy) Serve(c net.Conn) {
defer c.Close()
diff --git a/tcptun.go b/tcptun.go
index 20cc2df..49d9a92 100644
--- a/tcptun.go
+++ b/tcptun.go
@@ -2,6 +2,7 @@ package main
import "net"
+// TCPTun .
type TCPTun struct {
*proxy
raddr string
diff --git a/utils.go b/utils.go
new file mode 100644
index 0000000..0274232
--- /dev/null
+++ b/utils.go
@@ -0,0 +1,26 @@
+package main
+
+import (
+ "io/ioutil"
+ "os"
+ "strings"
+)
+
+func listDir(dirPth string, suffix string) (files []string, err error) {
+ files = make([]string, 0, 10)
+ dir, err := ioutil.ReadDir(dirPth)
+ if err != nil {
+ return nil, err
+ }
+ PthSep := string(os.PathSeparator)
+ suffix = strings.ToUpper(suffix)
+ for _, fi := range dir {
+ if fi.IsDir() {
+ continue
+ }
+ if strings.HasSuffix(strings.ToUpper(fi.Name()), suffix) {
+ files = append(files, dirPth+PthSep+fi.Name())
+ }
+ }
+ return files, nil
+}
From 0bff373a4e76826f4f813792970add9d9ba56c4c Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 20 Aug 2017 21:49:21 +0800
Subject: [PATCH 048/341] rules: add rules.d folder
---
rules.d/bypass.rule.example | 3 +++
office.rule.example => rules.d/office.rule.example | 0
2 files changed, 3 insertions(+)
create mode 100644 rules.d/bypass.rule.example
rename office.rule.example => rules.d/office.rule.example (100%)
diff --git a/rules.d/bypass.rule.example b/rules.d/bypass.rule.example
new file mode 100644
index 0000000..6fba3c9
--- /dev/null
+++ b/rules.d/bypass.rule.example
@@ -0,0 +1,3 @@
+
+ip=127.0.0.1
+cidr=192.168.1.0/24
\ No newline at end of file
diff --git a/office.rule.example b/rules.d/office.rule.example
similarity index 100%
rename from office.rule.example
rename to rules.d/office.rule.example
From dbc9fc7b5c3652b9ff2ff9f16e5f6037beb381e0 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 20 Aug 2017 21:51:54 +0800
Subject: [PATCH 049/341] README: fixed rule file link
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 518041b..f19303c 100644
--- a/README.md
+++ b/README.md
@@ -218,7 +218,7 @@ ip=1.1.1.1
cidr=192.168.100.0/24
```
See:
-- [office.rule.example](office.rule.example)
+- [office.rule.example](rules.d/office.rule.example)
- [examples](examples)
## Service
From dd5ba375828192f1db4252e595a2d8536ceb4d3e Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 21 Aug 2017 23:57:49 +0800
Subject: [PATCH 050/341] dns: add the ability to get resloved ip address of
domain. (so we can add ip address to ipset later)
---
dns.go | 116 ++++++++++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 95 insertions(+), 21 deletions(-)
diff --git a/dns.go b/dns.go
index 1d689f9..b47c861 100644
--- a/dns.go
+++ b/dns.go
@@ -9,20 +9,44 @@ import (
"strings"
)
-// UDPDNSHeaderLen is the length of UDP dns msg header
-const UDPDNSHeaderLen = 12
+// DNSUDPHeaderLen is the length of UDP dns msg header
+const DNSUDPHeaderLen = 12
-// TCPDNSHEADERLen is the length of TCP dns msg header
-const TCPDNSHEADERLen = 2 + UDPDNSHeaderLen
+// DNSTCPHeaderLen is the length of TCP dns msg header
+const DNSTCPHeaderLen = 2 + DNSUDPHeaderLen
-// MaxUDPDNSLen is the max size of udp dns request.
+// DNSUDPMaxLen is the max size of udp dns request.
// https://tools.ietf.org/html/rfc1035#section-4.2.1
// Messages carried by UDP are restricted to 512 bytes (not counting the IP
// or UDP headers). Longer messages are truncated and the TC bit is set in
// the header.
// TODO: If the request length > 512 then the client will send TCP packets instead,
// so we should also serve tcp requests.
-const MaxUDPDNSLen = 512
+const DNSUDPMaxLen = 512
+
+// DNSQueryTypeA ipv4
+const DNSQueryTypeA = 1
+
+// DNSQueryTypeAAAA ipv6
+const DNSQueryTypeAAAA = 28
+
+type dnsQuery struct {
+ DomainName string
+ QueryType uint16
+ QueryClass uint16
+ Offset int
+}
+
+type dnsAnswer struct {
+ DomainName string
+ QueryType uint16
+ QueryClass uint16
+ TTL uint32
+ DataLength uint16
+ Data []byte
+
+ IP string
+}
// DNS .
type DNS struct {
@@ -55,7 +79,7 @@ func (s *DNS) ListenAndServe() {
logf("listening UDP on %s", s.addr)
for {
- data := make([]byte, MaxUDPDNSLen)
+ data := make([]byte, DNSUDPMaxLen)
n, clientAddr, err := l.ReadFrom(data)
if err != nil {
@@ -67,7 +91,8 @@ func (s *DNS) ListenAndServe() {
go func() {
// TODO: check domain rules and get a proper upstream name server.
- domain := string(getDomain(data))
+ query := parseQuery(data)
+ domain := query.DomainName
dnsServer := s.GetServer(domain)
// TODO: check here
@@ -78,8 +103,6 @@ func (s *DNS) ListenAndServe() {
}
defer rc.Close()
- logf("proxy-dns %s, %s <-> %s", domain, clientAddr.String(), dnsServer)
-
// 2 bytes length after tcp header, before dns message
length := make([]byte, 2)
binary.BigEndian.PutUint16(length, uint16(len(data)))
@@ -92,16 +115,32 @@ func (s *DNS) ListenAndServe() {
return
}
+ var ip string
// length is not needed in udp dns response. (2 bytes)
// SEE RFC1035, section 4.2.2 TCP: The message is prefixed with a two byte length field which gives the message length, excluding the two byte length field.
if len(resp) > 2 {
msg := resp[2:]
+ // TODO: Get IP from response, check and add to ipset
+ query := parseQuery(msg)
+ if len(msg) > query.Offset {
+ answers := parseAnswers(msg[query.Offset:])
+ for _, answer := range answers {
+ if answer.IP != "" {
+ ip += answer.IP + ","
+ }
+
+ }
+
+ }
+
_, err = l.WriteTo(msg, clientAddr)
if err != nil {
logf("error in local write: %s\n", err)
}
}
+ logf("proxy-dns %s, %s <-> %s, ip: %s", domain, clientAddr.String(), dnsServer, ip)
+
}()
}
}
@@ -127,26 +166,61 @@ func (s *DNS) GetServer(domain string) string {
return s.dnsServer
}
-// getDomain from dns request playload, return []byte like:
-// []byte{'w', 'w', 'w', '.', 'm', 's', 'n', '.', 'c', 'o', 'm', '.'}
-// []byte("www.msn.com.")
-func getDomain(p []byte) []byte {
- var ret []byte
+func parseQuery(p []byte) *dnsQuery {
+ q := &dnsQuery{}
- for i := UDPDNSHeaderLen; i < len(p); {
+ var i int
+ var domain []byte
+ for i = DNSUDPHeaderLen; i < len(p); {
l := int(p[i])
if l == 0 {
+ i++
break
}
- ret = append(ret, p[i+1:i+l+1]...)
- ret = append(ret, '.')
+ domain = append(domain, p[i+1:i+l+1]...)
+ domain = append(domain, '.')
i = i + l + 1
}
- // TODO: check here
- // domain name could not be null, so the length of ret always >= 1?
- return ret[:len(ret)-1]
+ q.DomainName = string(domain[:len(domain)-1])
+ q.QueryType = binary.BigEndian.Uint16(p[i:])
+ q.QueryClass = binary.BigEndian.Uint16(p[i+2:])
+ q.Offset = i + 4
+
+ return q
+}
+
+func parseAnswers(p []byte) []*dnsAnswer {
+ var answers []*dnsAnswer
+
+ for i := 0; i < len(p); {
+ l := int(p[i])
+
+ if l == 0 {
+ i++
+ break
+ }
+
+ answer := &dnsAnswer{}
+ answer.QueryType = binary.BigEndian.Uint16(p[i+2:])
+ answer.QueryClass = binary.BigEndian.Uint16(p[i+4:])
+ answer.TTL = binary.BigEndian.Uint32(p[i+6:])
+ answer.DataLength = binary.BigEndian.Uint16(p[i+10:])
+ answer.Data = p[i+12 : i+12+int(answer.DataLength)]
+
+ if answer.QueryType == DNSQueryTypeA {
+ answer.IP = net.IP(answer.Data[:net.IPv4len]).String()
+ } else if answer.QueryType == DNSQueryTypeAAAA {
+ answer.IP = net.IP(answer.Data[:net.IPv6len]).String()
+ }
+
+ answers = append(answers, answer)
+
+ i = i + 12 + int(answer.DataLength)
+ }
+
+ return answers
}
From 652d49182a838a73f3422259a2baf167cb6c6769 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 23 Aug 2017 16:35:39 +0800
Subject: [PATCH 051/341] 1. general: restructured codes; 2. rule: add
dnsserver to ip rule map; 3. dns: add DNSAnswerHandler so we can define a
custom handler when a domain resolved
---
README.md | 3 +-
conf.go | 197 +++++++++++++++++++++++++++++++++++++++++++++++++
dialer.go | 49 ++++++++++++
direct.go | 9 +--
dns.go | 34 +++++++--
dnstun.go | 18 +++--
forwarder.go | 24 ++++++
http.go | 30 ++++----
main.go | 183 ++++++---------------------------------------
mixed.go | 108 ++++++++++++++-------------
proxy.go | 159 ---------------------------------------
redir_linux.go | 10 ++-
redir_other.go | 11 ++-
rule.go | 150 ++++++++++++++++++++++++-------------
rules.go | 102 -------------------------
server.go | 63 ++++++++++++++++
socks5.go | 35 +++++----
ss.go | 27 ++++---
strategy.go | 159 ++++++++++++++++++++++++++-------------
tcptun.go | 13 ++--
20 files changed, 725 insertions(+), 659 deletions(-)
create mode 100644 conf.go
create mode 100644 dialer.go
create mode 100644 forwarder.go
delete mode 100644 proxy.go
delete mode 100644 rules.go
create mode 100644 server.go
diff --git a/README.md b/README.md
index f19303c..26efab6 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,8 @@ General:
- Rule proxy based on destionation: [Config Examples](examples)
TODO:
-- Specify different remote dns server in rule file
+- Specify different remote dns server in rule file (DONE)
+- Improve DNS forwarder to resolve domain name and add ip to proxy rules (WIP)
- IPSet management
- Improve DNS forwarder to resolve domain name and add ip to ipset
- TUN/TAP device support
diff --git a/conf.go b/conf.go
new file mode 100644
index 0000000..89bab55
--- /dev/null
+++ b/conf.go
@@ -0,0 +1,197 @@
+package main
+
+import (
+ "fmt"
+ "log"
+ "os"
+
+ "github.com/nadoo/conflag"
+)
+
+var flag = conflag.New()
+
+var conf struct {
+ Verbose bool
+ Strategy string
+ CheckWebSite string
+ CheckDuration int
+ Listen []string
+ Forward []string
+ RuleFile []string
+ RulesDir string
+
+ DNS string
+ DNSServer []string
+
+ IPSet string
+
+ rules []*RuleConf
+}
+
+func confInit() {
+ flag.BoolVar(&conf.Verbose, "verbose", false, "verbose mode")
+ flag.StringVar(&conf.Strategy, "strategy", "rr", "forward strategy, default: rr")
+ flag.StringVar(&conf.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
+ flag.IntVar(&conf.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
+ flag.StringSliceUniqVar(&conf.Listen, "listen", nil, "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
+ flag.StringSliceUniqVar(&conf.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
+ flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
+ flag.StringVar(&conf.RulesDir, "rules-dir", "rules.d", "rule file folder")
+
+ flag.StringVar(&conf.DNS, "dns", "", "dns listen address")
+ flag.StringSliceUniqVar(&conf.DNSServer, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
+
+ flag.StringVar(&conf.IPSet, "ipset", "glider", "ipset name")
+
+ flag.Usage = usage
+ err := flag.Parse()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "ERROR: %s\n", err)
+ os.Exit(-1)
+ }
+
+ if len(conf.Listen) == 0 && conf.DNS == "" {
+ flag.Usage()
+ fmt.Fprintf(os.Stderr, "ERROR: listen url must be specified.\n")
+ os.Exit(-1)
+ }
+
+ // rulefiles
+ for _, ruleFile := range conf.RuleFile {
+ rule, err := NewRuleConfFromFile(ruleFile)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ conf.rules = append(conf.rules, rule)
+ }
+
+ ruleFolderFiles, _ := listDir(conf.RulesDir, ".rule")
+ for _, ruleFile := range ruleFolderFiles {
+ rule, err := NewRuleConfFromFile(ruleFile)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ conf.rules = append(conf.rules, rule)
+ }
+}
+
+// RuleConf , every ruleForwarder points to a rule file
+type RuleConf struct {
+ Forward []string
+ Strategy string
+ CheckWebSite string
+ CheckDuration int
+
+ DNSServer []string
+ IPSet string
+
+ Domain []string
+ IP []string
+ CIDR []string
+
+ name string
+}
+
+// NewRuleConfFromFile .
+func NewRuleConfFromFile(ruleFile string) (*RuleConf, error) {
+ p := &RuleConf{name: ruleFile}
+
+ f := conflag.NewFromFile("rule", ruleFile)
+ f.StringSliceUniqVar(&p.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
+ f.StringVar(&p.Strategy, "strategy", "rr", "forward strategy, default: rr")
+ f.StringVar(&p.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
+ f.IntVar(&p.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
+
+ f.StringSliceUniqVar(&p.DNSServer, "dnsserver", nil, "remote dns server")
+ f.StringVar(&p.IPSet, "ipset", "", "ipset name")
+
+ f.StringSliceUniqVar(&p.Domain, "domain", nil, "domain")
+ f.StringSliceUniqVar(&p.IP, "ip", nil, "ip")
+ f.StringSliceUniqVar(&p.CIDR, "cidr", nil, "cidr")
+
+ err := f.Parse()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "ERROR: %s\n", err)
+ return nil, err
+ }
+
+ return p, err
+}
+
+func usage() {
+ app := os.Args[0]
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, "%s v%s usage:\n", app, VERSION)
+ flag.PrintDefaults()
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "Available Schemas:\n")
+ fmt.Fprintf(os.Stderr, " mixed: serve as a http/socks5 proxy on the same port. (default)\n")
+ fmt.Fprintf(os.Stderr, " ss: ss proxy\n")
+ fmt.Fprintf(os.Stderr, " socks5: socks5 proxy\n")
+ fmt.Fprintf(os.Stderr, " http: http proxy\n")
+ fmt.Fprintf(os.Stderr, " redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)\n")
+ fmt.Fprintf(os.Stderr, " tcptun: a simple tcp tunnel\n")
+ fmt.Fprintf(os.Stderr, " dnstun: listen on udp port and forward all dns requests to remote dns server via forwarders(tcp)\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "Available schemas for different modes:\n")
+ fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir tcptun dnstun\n")
+ fmt.Fprintf(os.Stderr, " forward: ss socks5 http\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "Available methods for ss:\n")
+ // fmt.Fprintf(os.Stderr, " "+ListCipher())
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "Available forward strategies:\n")
+ fmt.Fprintf(os.Stderr, " rr: Round Robin mode\n")
+ fmt.Fprintf(os.Stderr, " ha: High Availability mode\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "Config file format(see `"+app+".conf.example` as an example):\n")
+ fmt.Fprintf(os.Stderr, " # COMMENT LINE\n")
+ fmt.Fprintf(os.Stderr, " KEY=VALUE\n")
+ fmt.Fprintf(os.Stderr, " KEY=VALUE\n")
+ fmt.Fprintf(os.Stderr, " # KEY equals to command line flag name: listen forward strategy...\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "Examples:\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -config glider.conf\n")
+ fmt.Fprintf(os.Stderr, " -run glider with specified config file.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -config glider.conf -rulefile office.rule -rulefile home.rule\n")
+ fmt.Fprintf(os.Stderr, " -run glider with specified global config file and rule config files.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen :8443\n")
+ fmt.Fprintf(os.Stderr, " -listen on :8443, serve as http/socks5 proxy on the same port.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen ss://AEAD_CHACHA20_POLY1305:pass@:8443\n")
+ fmt.Fprintf(os.Stderr, " -listen on 0.0.0.0:8443 as a ss server.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -verbose\n")
+ fmt.Fprintf(os.Stderr, " -listen on :1080 as a socks5 proxy server, in verbose mode.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen http://:8080 -forward socks5://127.0.0.1:1080\n")
+ fmt.Fprintf(os.Stderr, " -listen on :8080 as a http proxy server, forward all requests via socks5 server.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward ss://method:pass@1.1.1.1:8443\n")
+ fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote ss server.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443\n")
+ fmt.Fprintf(os.Stderr, " -listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:8443\n")
+ fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -listen dnstun://:53=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2\n")
+ fmt.Fprintf(os.Stderr, " -listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -strategy rr\n")
+ fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+}
diff --git a/dialer.go b/dialer.go
new file mode 100644
index 0000000..71c3ff9
--- /dev/null
+++ b/dialer.go
@@ -0,0 +1,49 @@
+package main
+
+import (
+ "errors"
+ "net"
+ "net/url"
+)
+
+// A Dialer means to establish a connection and relay it.
+type Dialer interface {
+ // Addr()
+ Addr() string
+
+ // Dial connects to the given address via the proxy.
+ Dial(network, addr string) (c net.Conn, err error)
+}
+
+// DialerFromURL parses url and get a Proxy
+// TODO: table
+func DialerFromURL(s string, cDialer Dialer) (Dialer, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ logf("parse err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+ var user, pass string
+ if u.User != nil {
+ user = u.User.Username()
+ pass, _ = u.User.Password()
+ }
+
+ if cDialer == nil {
+ cDialer = Direct
+ }
+
+ switch u.Scheme {
+ case "http":
+ return NewHTTP(addr, cDialer, nil)
+ case "socks5":
+ return NewSOCKS5("tcp", addr, user, pass, cDialer, nil)
+ case "ss":
+ p, err := NewSS(addr, user, pass, cDialer, nil)
+ return p, err
+ }
+
+ return nil, errors.New("unknown schema '" + u.Scheme + "'")
+}
diff --git a/direct.go b/direct.go
index 84da69a..59b03b2 100644
--- a/direct.go
+++ b/direct.go
@@ -9,14 +9,7 @@ type direct struct {
// Direct proxy
var Direct = &direct{}
-func (d *direct) Addr() string { return "127.0.0.1" }
-func (d *direct) ListenAndServe() { logf("direct proxy ListenAndServe") }
-func (d *direct) Serve(c net.Conn) { logf("direct proxy Serve") }
-func (d *direct) CurrentProxy() Proxy { return d }
-func (d *direct) GetProxy(dstAddr string) Proxy { return d }
-func (d *direct) NextProxy() Proxy { return d }
-func (d *direct) Enabled() bool { return true }
-func (d *direct) SetEnable(enable bool) {}
+func (d *direct) Addr() string { return "DIRECT" }
func (d *direct) Dial(network, addr string) (net.Conn, error) {
c, err := net.Dial(network, addr)
diff --git a/dns.go b/dns.go
index b47c861..66cecf1 100644
--- a/dns.go
+++ b/dns.go
@@ -38,7 +38,7 @@ type dnsQuery struct {
}
type dnsAnswer struct {
- DomainName string
+ // DomainName string
QueryType uint16
QueryClass uint16
TTL uint32
@@ -48,18 +48,26 @@ type dnsAnswer struct {
IP string
}
+// DNSAnswerHandler .
+type DNSAnswerHandler func(domain, ip string) error
+
// DNS .
type DNS struct {
- *proxy
+ *Forwarder // as proxy client
+ sDialer Dialer // dialer for server
+
dnsServer string
- dnsServerMap map[string]string
+ dnsServerMap map[string]string
+ answerHandlers []DNSAnswerHandler
}
// NewDNS returns a dns forwarder. client -> dns.udp -> glider -> forwarder -> remote dns addr
-func NewDNS(addr, raddr string, upProxy Proxy) (*DNS, error) {
+func NewDNS(addr, raddr string, sDialer Dialer) (*DNS, error) {
s := &DNS{
- proxy: NewProxy(addr, upProxy),
+ Forwarder: NewForwarder(addr, nil),
+ sDialer: sDialer,
+
dnsServer: raddr,
dnsServerMap: make(map[string]string),
}
@@ -95,8 +103,9 @@ func (s *DNS) ListenAndServe() {
domain := query.DomainName
dnsServer := s.GetServer(domain)
- // TODO: check here
- rc, err := s.GetProxy(domain+":53").Dial("tcp", dnsServer)
+
+ // TODO: check here; ADD dnsServer to rule ip lists
+ rc, err := s.sDialer.Dial("tcp", dnsServer)
if err != nil {
logf("failed to connect to server %v: %v", dnsServer, err)
return
@@ -129,6 +138,10 @@ func (s *DNS) ListenAndServe() {
ip += answer.IP + ","
}
+ for _, h := range s.answerHandlers {
+ h(query.DomainName, answer.IP)
+ }
+
}
}
@@ -139,7 +152,7 @@ func (s *DNS) ListenAndServe() {
}
}
- logf("proxy-dns %s, %s <-> %s, ip: %s", domain, clientAddr.String(), dnsServer, ip)
+ logf("proxy-dns %s <-> %s, %s: %s", clientAddr.String(), dnsServer, domain, ip)
}()
}
@@ -166,6 +179,11 @@ func (s *DNS) GetServer(domain string) string {
return s.dnsServer
}
+// AddAnswerHandler .
+func (s *DNS) AddAnswerHandler(h DNSAnswerHandler) {
+ s.answerHandlers = append(s.answerHandlers, h)
+}
+
func parseQuery(p []byte) *dnsQuery {
q := &dnsQuery{}
diff --git a/dnstun.go b/dnstun.go
index 0055204..df4b53f 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -4,22 +4,26 @@ package main
// DNSTun .
type DNSTun struct {
- *proxy
+ *Forwarder // as client
+ sDialer Dialer // dialer for server
+
raddr string
- udp Proxy
- tcp Proxy
+ udp *DNS
+ tcp *TCPTun
}
// NewDNSTun returns a dns forwarder.
-func NewDNSTun(addr, raddr string, upProxy Proxy) (*DNSTun, error) {
+func NewDNSTun(addr, raddr string, sDialer Dialer) (*DNSTun, error) {
s := &DNSTun{
- proxy: NewProxy(addr, upProxy),
+ Forwarder: NewForwarder(addr, nil),
+ sDialer: sDialer,
+
raddr: raddr,
}
- s.udp, _ = NewDNS(addr, raddr, upProxy)
- s.tcp, _ = NewTCPTun(addr, raddr, upProxy)
+ s.udp, _ = NewDNS(addr, raddr, sDialer)
+ s.tcp, _ = NewTCPTun(addr, raddr, sDialer)
return s, nil
}
diff --git a/forwarder.go b/forwarder.go
new file mode 100644
index 0000000..ffb1a80
--- /dev/null
+++ b/forwarder.go
@@ -0,0 +1,24 @@
+package main
+
+import "net"
+
+// Forwarder .
+type Forwarder struct {
+ addr string
+ cDialer Dialer
+}
+
+// NewForwarder .
+func NewForwarder(addr string, cDialer Dialer) *Forwarder {
+ if cDialer == nil {
+ cDialer = Direct
+ }
+
+ return &Forwarder{addr: addr, cDialer: cDialer}
+}
+
+func (p *Forwarder) Addr() string { return p.addr }
+
+func (p *Forwarder) Dial(network, addr string) (net.Conn, error) {
+ return p.cDialer.Dial(network, addr)
+}
diff --git a/http.go b/http.go
index 811c14c..e4d9ec4 100644
--- a/http.go
+++ b/http.go
@@ -16,22 +16,24 @@ import (
"time"
)
-// HTTPProxy .
-type HTTPProxy struct {
- *proxy
+// HTTP .
+type HTTP struct {
+ *Forwarder // as client
+ sDialer Dialer // dialer for server
}
-// NewHTTPProxy returns a http proxy.
-func NewHTTPProxy(addr string, upProxy Proxy) (*HTTPProxy, error) {
- s := &HTTPProxy{
- proxy: NewProxy(addr, upProxy),
+// NewHTTP returns a http proxy.
+func NewHTTP(addr string, cDialer Dialer, sDialer Dialer) (*HTTP, error) {
+ s := &HTTP{
+ Forwarder: NewForwarder(addr, cDialer),
+ sDialer: sDialer,
}
return s, nil
}
// ListenAndServe .
-func (s *HTTPProxy) ListenAndServe() {
+func (s *HTTP) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
logf("failed to listen on %s: %v", s.addr, err)
@@ -53,7 +55,7 @@ func (s *HTTPProxy) ListenAndServe() {
}
// Serve .
-func (s *HTTPProxy) Serve(c net.Conn) {
+func (s *HTTP) Serve(c net.Conn) {
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
@@ -92,7 +94,7 @@ func (s *HTTPProxy) Serve(c net.Conn) {
tgt += ":80"
}
- rc, err := s.GetProxy(tgt).Dial("tcp", tgt)
+ rc, err := s.sDialer.Dial("tcp", tgt)
if err != nil {
fmt.Fprintf(c, "%s 502 ERROR\r\n\r\n", proto)
logf("failed to dial: %v", err)
@@ -147,8 +149,8 @@ func (s *HTTPProxy) Serve(c net.Conn) {
}
-func (s *HTTPProxy) servHTTPS(method, requestURI, proto string, c net.Conn) {
- rc, err := s.GetProxy(requestURI).Dial("tcp", requestURI)
+func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
+ rc, err := s.sDialer.Dial("tcp", requestURI)
if err != nil {
c.Write([]byte(proto))
c.Write([]byte(" 502 ERROR\r\n\r\n"))
@@ -170,8 +172,8 @@ func (s *HTTPProxy) servHTTPS(method, requestURI, proto string, c net.Conn) {
}
// Dial connects to the address addr on the network net via the proxy.
-func (s *HTTPProxy) Dial(network, addr string) (net.Conn, error) {
- rc, err := s.GetProxy(s.addr).Dial("tcp", s.addr)
+func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
+ rc, err := s.cDialer.Dial("tcp", s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
diff --git a/main.go b/main.go
index ae9f47b..7850625 100644
--- a/main.go
+++ b/main.go
@@ -1,155 +1,30 @@
package main
import (
- "fmt"
"log"
"os"
"os/signal"
"strings"
"syscall"
-
- "github.com/nadoo/conflag"
)
// VERSION .
const VERSION = "0.4.0"
-var conf struct {
- Verbose bool
- Strategy string
- CheckWebSite string
- CheckDuration int
- Listen []string
- Forward []string
- RuleFile []string
- RulesDir string
-
- DNS string
- DNSServer []string
-
- IPSet string
-}
-
-var flag = conflag.New()
-
func logf(f string, v ...interface{}) {
if conf.Verbose {
log.Printf(f, v...)
}
}
-func usage() {
- app := os.Args[0]
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, "%s v%s usage:\n", app, VERSION)
- flag.PrintDefaults()
- fmt.Fprintf(os.Stderr, "\n")
-
- fmt.Fprintf(os.Stderr, "Available Schemas:\n")
- fmt.Fprintf(os.Stderr, " mixed: serve as a http/socks5 proxy on the same port. (default)\n")
- fmt.Fprintf(os.Stderr, " ss: ss proxy\n")
- fmt.Fprintf(os.Stderr, " socks5: socks5 proxy\n")
- fmt.Fprintf(os.Stderr, " http: http proxy\n")
- fmt.Fprintf(os.Stderr, " redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)\n")
- fmt.Fprintf(os.Stderr, " tcptun: a simple tcp tunnel\n")
- fmt.Fprintf(os.Stderr, " dnstun: listen on udp port and forward all dns requests to remote dns server via forwarders(tcp)\n")
- fmt.Fprintf(os.Stderr, "\n")
-
- fmt.Fprintf(os.Stderr, "Available schemas for different modes:\n")
- fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir tcptun dnstun\n")
- fmt.Fprintf(os.Stderr, " forward: ss socks5 http\n")
- fmt.Fprintf(os.Stderr, "\n")
-
- fmt.Fprintf(os.Stderr, "Available methods for ss:\n")
- fmt.Fprintf(os.Stderr, " "+ListCipher())
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305\n")
- fmt.Fprintf(os.Stderr, "\n")
-
- fmt.Fprintf(os.Stderr, "Available forward strategies:\n")
- fmt.Fprintf(os.Stderr, " rr: Round Robin mode\n")
- fmt.Fprintf(os.Stderr, " ha: High Availability mode\n")
- fmt.Fprintf(os.Stderr, "\n")
-
- fmt.Fprintf(os.Stderr, "Config file format(see `"+app+".conf.example` as an example):\n")
- fmt.Fprintf(os.Stderr, " # COMMENT LINE\n")
- fmt.Fprintf(os.Stderr, " KEY=VALUE\n")
- fmt.Fprintf(os.Stderr, " KEY=VALUE\n")
- fmt.Fprintf(os.Stderr, " # KEY equals to command line flag name: listen forward strategy...\n")
- fmt.Fprintf(os.Stderr, "\n")
-
- fmt.Fprintf(os.Stderr, "Examples:\n")
- fmt.Fprintf(os.Stderr, " "+app+" -config glider.conf\n")
- fmt.Fprintf(os.Stderr, " -run glider with specified config file.\n")
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -config glider.conf -rulefile office.rule -rulefile home.rule\n")
- fmt.Fprintf(os.Stderr, " -run glider with specified global config file and rule config files.\n")
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen :8443\n")
- fmt.Fprintf(os.Stderr, " -listen on :8443, serve as http/socks5 proxy on the same port.\n")
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen ss://AEAD_CHACHA20_POLY1305:pass@:8443\n")
- fmt.Fprintf(os.Stderr, " -listen on 0.0.0.0:8443 as a ss server.\n")
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -verbose\n")
- fmt.Fprintf(os.Stderr, " -listen on :1080 as a socks5 proxy server, in verbose mode.\n")
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen http://:8080 -forward socks5://127.0.0.1:1080\n")
- fmt.Fprintf(os.Stderr, " -listen on :8080 as a http proxy server, forward all requests via socks5 server.\n")
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward ss://method:pass@1.1.1.1:8443\n")
- fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote ss server.\n")
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443\n")
- fmt.Fprintf(os.Stderr, " -listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.\n")
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:8443\n")
- fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.\n")
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -listen dnstun://:53=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2\n")
- fmt.Fprintf(os.Stderr, " -listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.\n")
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -strategy rr\n")
- fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.\n")
- fmt.Fprintf(os.Stderr, "\n")
-}
-
-func main() {
-
- flag.BoolVar(&conf.Verbose, "verbose", false, "verbose mode")
- flag.StringVar(&conf.Strategy, "strategy", "rr", "forward strategy, default: rr")
- flag.StringVar(&conf.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
- flag.IntVar(&conf.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
- flag.StringSliceUniqVar(&conf.Listen, "listen", nil, "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
- flag.StringSliceUniqVar(&conf.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
- flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
- flag.StringVar(&conf.RulesDir, "rules-dir", "rules.d", "rule file folder")
-
- flag.StringVar(&conf.DNS, "dns", "", "dns listen address")
- flag.StringSliceUniqVar(&conf.DNSServer, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
-
- flag.StringVar(&conf.IPSet, "ipset", "glider", "ipset name")
-
- flag.Usage = usage
- err := flag.Parse()
- if err != nil {
- fmt.Fprintf(os.Stderr, "ERROR: %s\n", err)
- return
- }
-
- if len(conf.Listen) == 0 && conf.DNS == "" {
- flag.Usage()
- fmt.Fprintf(os.Stderr, "ERROR: listen url must be specified.\n")
- return
- }
-
+func dialerFromConf() Dialer {
// global forwarders in xx.conf
- var forwarders []Proxy
+ var forwarders []Dialer
for _, chain := range conf.Forward {
- var forward Proxy
+ var forward Dialer
var err error
for _, url := range strings.Split(chain, ",") {
- forward, err = ProxyFromURL(url, forward)
+ forward, err = DialerFromURL(url, forward)
if err != nil {
log.Fatal(err)
}
@@ -157,36 +32,18 @@ func main() {
forwarders = append(forwarders, forward)
}
- // combine forwarders to a single strategy forwarder
- forwarder := NewStrategyForwarder(conf.Strategy, forwarders)
+ forwarder := NewStrategyDialer(conf.Strategy, forwarders, conf.CheckWebSite, conf.CheckDuration)
- // rule forwarders
- var ruleForwarders []*RuleForwarder
- for _, ruleFile := range conf.RuleFile {
- ruleForwarder, err := NewRuleForwarderFromFile(ruleFile)
- if err != nil {
- log.Fatal(err)
- }
+ return NewRuleDialer(conf.rules, forwarder)
+}
- ruleForwarders = append(ruleForwarders, ruleForwarder)
- }
+func main() {
- // rules folder
- ruleFolderFiles, _ := listDir(conf.RulesDir, ".rule")
- for _, ruleFile := range ruleFolderFiles {
- ruleForwarder, err := NewRuleForwarderFromFile(ruleFile)
- if err != nil {
- log.Fatal(err)
- }
-
- ruleForwarders = append(ruleForwarders, ruleForwarder)
- }
-
- // combine ruleforwarders and global strategy forwarder
- forwarder = NewRulesForwarder(ruleForwarders, forwarder)
+ confInit()
+ sDialer := dialerFromConf()
for _, listen := range conf.Listen {
- local, err := ProxyFromURL(listen, forwarder)
+ local, err := ServerFromURL(listen, sDialer)
if err != nil {
log.Fatal(err)
}
@@ -194,20 +51,14 @@ func main() {
go local.ListenAndServe()
}
- if len(forwarders) > 1 {
- for _, forward := range forwarders {
- go check(forward, conf.CheckWebSite, conf.CheckDuration)
- }
- }
-
if conf.DNS != "" {
- dns, err := NewDNS(conf.DNS, conf.DNSServer[0], forwarder)
+ dns, err := NewDNS(conf.DNS, conf.DNSServer[0], sDialer)
if err != nil {
log.Fatal(err)
}
// rule
- for _, frwder := range ruleForwarders {
+ for _, frwder := range conf.rules {
for _, domain := range frwder.Domain {
if len(frwder.DNSServer) > 0 {
dns.SetServer(domain, frwder.DNSServer[0])
@@ -215,6 +66,14 @@ func main() {
}
}
+ // test here
+ dns.AddAnswerHandler(func(domain, ip string) error {
+ if ip != "" {
+ logf("domain: %s, ip: %s\n", domain, ip)
+ }
+ return nil
+ })
+
go dns.ListenAndServe()
}
diff --git a/mixed.go b/mixed.go
index 5845aac..95f625d 100644
--- a/mixed.go
+++ b/mixed.go
@@ -19,23 +19,26 @@ var httpMethods = [...][]byte{
// MixedProxy .
type MixedProxy struct {
- *proxy
- http Proxy
- socks5 Proxy
- ss Proxy
+ sDialer Dialer
+
+ addr string
+ http *HTTP
+ socks5 *SOCKS5
+ ss *SS
}
// NewMixedProxy returns a mixed proxy.
-func NewMixedProxy(network, addr, user, pass string, upProxy Proxy) (*MixedProxy, error) {
+func NewMixedProxy(network, addr, user, pass string, sDialer Dialer) (*MixedProxy, error) {
p := &MixedProxy{
- proxy: NewProxy(addr, upProxy),
+ sDialer: sDialer,
+ addr: addr,
}
- p.http, _ = NewHTTPProxy(addr, upProxy)
- p.socks5, _ = NewSOCKS5Proxy(network, addr, user, pass, upProxy)
+ p.http, _ = NewHTTP(addr, nil, sDialer)
+ p.socks5, _ = NewSOCKS5(network, addr, user, pass, nil, sDialer)
if user != "" && pass != "" {
- p.ss, _ = NewSSProxy(addr, user, pass, upProxy)
+ p.ss, _ = NewSS(addr, user, pass, nil, sDialer)
}
return p, nil
@@ -58,48 +61,49 @@ func (p *MixedProxy) ListenAndServe() {
continue
}
- go func() {
- defer c.Close()
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- c := newConn(c)
-
- if p.socks5 != nil {
- head, err := c.Peek(1)
- if err != nil {
- logf("peek error: %s", err)
- return
- }
-
- // check socks5, client send socksversion: 5 as the first byte
- if head[0] == socks5Version {
- p.socks5.Serve(c)
- return
- }
- }
-
- if p.http != nil {
- head, err := c.Peek(8)
- if err != nil {
- logf("peek error: %s", err)
- return
- }
-
- for _, method := range httpMethods {
- if bytes.HasPrefix(head, method) {
- p.http.Serve(c)
- return
- }
- }
- }
-
- if p.ss != nil {
- p.ss.Serve(c)
- }
-
- }()
+ go p.Serve(c)
+ }
+}
+
+func (p *MixedProxy) Serve(conn net.Conn) {
+ defer conn.Close()
+
+ if c, ok := conn.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ c := newConn(conn)
+
+ if p.socks5 != nil {
+ head, err := c.Peek(1)
+ if err != nil {
+ logf("peek error: %s", err)
+ return
+ }
+
+ // check socks5, client send socksversion: 5 as the first byte
+ if head[0] == socks5Version {
+ p.socks5.Serve(c)
+ return
+ }
+ }
+
+ if p.http != nil {
+ head, err := c.Peek(8)
+ if err != nil {
+ logf("peek error: %s", err)
+ return
+ }
+
+ for _, method := range httpMethods {
+ if bytes.HasPrefix(head, method) {
+ p.http.Serve(c)
+ return
+ }
+ }
+ }
+
+ if p.ss != nil {
+ p.ss.Serve(c)
}
}
diff --git a/proxy.go b/proxy.go
deleted file mode 100644
index eb741dc..0000000
--- a/proxy.go
+++ /dev/null
@@ -1,159 +0,0 @@
-package main
-
-import (
- "bytes"
- "errors"
- "io"
- "net"
- "net/url"
- "strings"
- "time"
-)
-
-// A Proxy means to establish a connection and relay it.
-type Proxy interface {
- // Get address
- Addr() string
-
- // ListenAndServe as proxy server, use only in server mode.
- ListenAndServe()
-
- // Serve as proxy server, use only in server mode.
- Serve(c net.Conn)
-
- // Get current proxy
- CurrentProxy() Proxy
-
- // Get a proxy based on the destAddr and strategy
- GetProxy(dstAddr string) Proxy
-
- // Switch to the next proxy
- NextProxy() Proxy
-
- // Get the status of proxy
- Enabled() bool
-
- // Set the proxy status
- SetEnable(enable bool)
-
- // Dial connects to the given address via the proxy.
- Dial(network, addr string) (c net.Conn, err error)
-}
-
-// proxy
-type proxy struct {
- addr string
- forward Proxy
- enabled bool
-}
-
-// NewProxy .
-func NewProxy(addr string, forward Proxy) *proxy {
- if forward == nil {
- forward = Direct
- }
-
- return &proxy{addr: addr, forward: forward, enabled: true}
-}
-
-func (p *proxy) Addr() string { return p.addr }
-func (p *proxy) ListenAndServe() { logf("base proxy ListenAndServe") }
-func (p *proxy) Serve(c net.Conn) { logf("base proxy Serve") }
-func (p *proxy) CurrentProxy() Proxy { return p.forward }
-func (p *proxy) GetProxy(dstAddr string) Proxy { return p.forward }
-func (p *proxy) NextProxy() Proxy { return p.forward }
-func (p *proxy) Enabled() bool { return p.enabled }
-func (p *proxy) SetEnable(enable bool) { p.enabled = enable }
-
-func (p *proxy) Dial(network, addr string) (net.Conn, error) {
- return p.forward.Dial(network, addr)
-}
-
-// ProxyFromURL parses url and get a Proxy
-// TODO: table
-func ProxyFromURL(s string, forwarder Proxy) (Proxy, error) {
- if !strings.Contains(s, "://") {
- s = "mixed://" + s
- }
-
- u, err := url.Parse(s)
- if err != nil {
- logf("parse err: %s", err)
- return nil, err
- }
-
- addr := u.Host
- var user, pass string
- if u.User != nil {
- user = u.User.Username()
- pass, _ = u.User.Password()
- }
-
- switch u.Scheme {
- case "mixed":
- return NewMixedProxy("tcp", addr, user, pass, forwarder)
- case "http":
- return NewHTTPProxy(addr, forwarder)
- case "socks5":
- return NewSOCKS5Proxy("tcp", addr, user, pass, forwarder)
- case "ss":
- p, err := NewSSProxy(addr, user, pass, forwarder)
- return p, err
- case "redir":
- return NewRedirProxy(addr, forwarder)
- case "tcptun":
- d := strings.Split(addr, "=")
- return NewTCPTun(d[0], d[1], forwarder)
- case "dnstun":
- d := strings.Split(addr, "=")
- return NewDNSTun(d[0], d[1], forwarder)
- }
-
- return nil, errors.New("unknown schema '" + u.Scheme + "'")
-}
-
-// Check proxy
-func check(p Proxy, webhost string, duration int) {
- retry := 1
- buf := make([]byte, 4)
-
- if strings.IndexByte(webhost, ':') == -1 {
- webhost = webhost + ":80"
- }
-
- for {
- time.Sleep(time.Duration(duration) * time.Second * time.Duration(retry>>1))
- retry <<= 1
-
- if retry > 16 {
- retry = 16
- }
-
- startTime := time.Now()
- c, err := p.Dial("tcp", webhost)
- if err != nil {
- p.SetEnable(false)
- logf("proxy-check %s -> %s, set to DISABLED. error in dial: %s", p.Addr(), webhost, err)
- continue
- }
-
- c.Write([]byte("GET / HTTP/1.0"))
- c.Write([]byte("\r\n\r\n"))
-
- _, err = io.ReadFull(c, buf)
- if err != nil {
- p.SetEnable(false)
- logf("proxy-check %s -> %s, set to DISABLED. error in read: %s", p.Addr(), webhost, err)
- } else if bytes.Equal([]byte("HTTP"), buf) {
- p.SetEnable(true)
- retry = 2
- dialTime := time.Since(startTime)
- logf("proxy-check %s -> %s, set to ENABLED. connect time: %s", p.Addr(), webhost, dialTime.String())
- } else {
- p.SetEnable(false)
- logf("proxy-check %s -> %s, set to DISABLED. server response: %s", p.Addr(), webhost, buf)
- }
-
- c.Close()
- }
-}
diff --git a/redir_linux.go b/redir_linux.go
index fbb6e6f..167e2ca 100644
--- a/redir_linux.go
+++ b/redir_linux.go
@@ -18,13 +18,15 @@ const (
)
type RedirProxy struct {
- *proxy
+ *Forwarder // as client
+ sDialer Dialer // dialer for server
}
// NewRedirProxy returns a redirect proxy.
-func NewRedirProxy(addr string, upProxy Proxy) (*RedirProxy, error) {
+func NewRedirProxy(addr string, sDialer Dialer) (*RedirProxy, error) {
s := &RedirProxy{
- proxy: NewProxy(addr, upProxy),
+ Forwarder: NewForwarder(addr, nil),
+ sDialer: sDialer,
}
return s, nil
@@ -60,7 +62,7 @@ func (s *RedirProxy) ListenAndServe() {
return
}
- rc, err := s.GetProxy(tgt.String()).Dial("tcp", tgt.String())
+ rc, err := s.sDialer.Dial("tcp", tgt.String())
if err != nil {
logf("failed to connect to target: %v", err)
return
diff --git a/redir_other.go b/redir_other.go
index 44e72fc..9487e7a 100644
--- a/redir_other.go
+++ b/redir_other.go
@@ -2,14 +2,17 @@
package main
-import "log"
+import (
+ "errors"
+ "log"
+)
// RedirProxy .
-type RedirProxy struct{ *proxy }
+type RedirProxy struct{}
// NewRedirProxy returns a redirect proxy.
-func NewRedirProxy(addr string, upProxy Proxy) (Proxy, error) {
- return &RedirProxy{proxy: NewProxy(addr, upProxy)}, nil
+func NewRedirProxy(addr string, sDialer Dialer) (*RedirProxy, error) {
+ return nil, errors.New("redir not supported on this os")
}
// ListenAndServe redirected requests as a server.
diff --git a/rule.go b/rule.go
index 9946ad9..55f76d9 100644
--- a/rule.go
+++ b/rule.go
@@ -1,75 +1,119 @@
package main
import (
- "fmt"
"log"
- "os"
+ "net"
"strings"
-
- "github.com/nadoo/conflag"
)
-// RuleForwarder , every ruleForwarder points to a rule file
-type RuleForwarder struct {
- Forward []string
- Strategy string
- CheckWebSite string
- CheckDuration int
+// RuleDialer .
+type RuleDialer struct {
+ gDialer Dialer
- DNSServer []string
- IPSet string
-
- Domain []string
- IP []string
- CIDR []string
-
- name string
- Proxy
+ domainMap map[string]Dialer
+ ipMap map[string]Dialer
+ cidrMap map[string]Dialer
}
-// NewRuleForwarderFromFile .
-func NewRuleForwarderFromFile(ruleFile string) (*RuleForwarder, error) {
- p := &RuleForwarder{name: ruleFile}
+// NewRuleDialer .
+func NewRuleDialer(rules []*RuleConf, gDialer Dialer) Dialer {
- f := conflag.NewFromFile("rule", ruleFile)
- f.StringSliceUniqVar(&p.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
- f.StringVar(&p.Strategy, "strategy", "rr", "forward strategy, default: rr")
- f.StringVar(&p.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
- f.IntVar(&p.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
-
- f.StringSliceUniqVar(&p.DNSServer, "dnsserver", nil, "remote dns server")
- f.StringVar(&p.IPSet, "ipset", "", "ipset name")
-
- f.StringSliceUniqVar(&p.Domain, "domain", nil, "domain")
- f.StringSliceUniqVar(&p.IP, "ip", nil, "ip")
- f.StringSliceUniqVar(&p.CIDR, "cidr", nil, "cidr")
-
- err := f.Parse()
- if err != nil {
- fmt.Fprintf(os.Stderr, "ERROR: %s\n", err)
- return nil, err
+ if len(rules) == 0 {
+ return gDialer
}
- var forwarders []Proxy
- for _, chain := range p.Forward {
- var forward Proxy
- var err error
- for _, url := range strings.Split(chain, ",") {
- forward, err = ProxyFromURL(url, forward)
+ rd := &RuleDialer{gDialer: gDialer}
+
+ for _, r := range rules {
+ var forwarders []Dialer
+ for _, chain := range r.Forward {
+ var forward Dialer
+ var err error
+ for _, url := range strings.Split(chain, ",") {
+ forward, err = DialerFromURL(url, forward)
+ if err != nil {
+ log.Fatal(err)
+ }
+ }
+ forwarders = append(forwarders, forward)
+ }
+
+ sd := NewStrategyDialer(r.Strategy, forwarders, r.CheckWebSite, r.CheckDuration)
+
+ rd.domainMap = make(map[string]Dialer)
+ for _, domain := range r.Domain {
+ rd.domainMap[domain] = sd
+ }
+
+ rd.ipMap = make(map[string]Dialer)
+ for _, ip := range r.IP {
+ rd.ipMap[ip] = sd
+ }
+
+ // dnsserver should use rule forwarder too
+ for _, dnss := range r.DNSServer {
+ ip, _, err := net.SplitHostPort(dnss)
if err != nil {
- log.Fatal(err)
+ logf("SplitHostPort ERROR: %s", err)
+ continue
+ }
+ rd.ipMap[ip] = sd
+ }
+
+ rd.cidrMap = make(map[string]Dialer)
+ for _, cidr := range r.CIDR {
+ rd.cidrMap[cidr] = sd
+ }
+ }
+
+ return rd
+}
+
+func (rd *RuleDialer) Addr() string { return "RULES" }
+
+func (p *RuleDialer) NextDialer(dstAddr string) Dialer {
+
+ // TODO: change to index finders
+ host, _, err := net.SplitHostPort(dstAddr)
+ if err != nil {
+ // TODO: check here
+ logf("SplitHostPort ERROR: %s", err)
+ return p.gDialer
+ }
+
+ // find ip
+ if ip := net.ParseIP(host); ip != nil {
+ // check ip
+ if d, ok := p.ipMap[ip.String()]; ok {
+ return d
+ }
+
+ // check cidr
+ // TODO: do not parse cidr every time
+ for cidrStr, d := range p.cidrMap {
+ if _, net, err := net.ParseCIDR(cidrStr); err == nil {
+ if net.Contains(ip) {
+ return d
+ }
}
}
- forwarders = append(forwarders, forward)
}
- forwarder := NewStrategyForwarder(p.Strategy, forwarders)
+ domainParts := strings.Split(host, ".")
+ length := len(domainParts)
+ for i := length - 2; i >= 0; i-- {
+ domain := strings.Join(domainParts[i:length], ".")
- for _, forward := range forwarders {
- go check(forward, p.CheckWebSite, p.CheckDuration)
+ // find in domainMap
+ if d, ok := p.domainMap[domain]; ok {
+ return d
+ }
}
- p.Proxy = forwarder
-
- return p, err
+ return p.gDialer
+}
+
+func (rd *RuleDialer) Dial(network, addr string) (net.Conn, error) {
+ d := rd.NextDialer(addr)
+ return d.Dial(network, addr)
}
diff --git a/rules.go b/rules.go
deleted file mode 100644
index a5b751c..0000000
--- a/rules.go
+++ /dev/null
@@ -1,102 +0,0 @@
-package main
-
-import (
- "net"
- "strings"
-)
-
-// RulesForwarder .
-type RulesForwarder struct {
- globalForwarder Proxy
-
- domainMap map[string]Proxy
- ipMap map[string]Proxy
- cidrMap map[string]Proxy
-}
-
-// NewRulesForwarder .
-func NewRulesForwarder(ruleForwarders []*RuleForwarder, globalForwarder Proxy) Proxy {
-
- if len(ruleForwarders) == 0 {
- return globalForwarder
- }
-
- p := &RulesForwarder{globalForwarder: globalForwarder}
-
- for _, f := range ruleForwarders {
- p.domainMap = make(map[string]Proxy)
- for _, domain := range f.Domain {
- p.domainMap[domain] = f.Proxy
- }
-
- p.ipMap = make(map[string]Proxy)
- for _, ip := range f.IP {
- p.ipMap[ip] = f.Proxy
- }
-
- p.cidrMap = make(map[string]Proxy)
- for _, cidr := range f.CIDR {
- p.cidrMap[cidr] = f.Proxy
- }
- }
-
- return p
-}
-
-func (p *RulesForwarder) Addr() string { return "rules forwarder" }
-func (p *RulesForwarder) ListenAndServe() {}
-func (p *RulesForwarder) Serve(c net.Conn) {}
-func (p *RulesForwarder) CurrentProxy() Proxy { return p.globalForwarder.CurrentProxy() }
-
-func (p *RulesForwarder) GetProxy(dstAddr string) Proxy {
-
- // TODO: change to index finders
- host, _, err := net.SplitHostPort(dstAddr)
- if err != nil {
- // TODO: check here
- logf("SplitHostPort ERROR: %s", err)
- return p.globalForwarder.GetProxy(dstAddr)
- }
-
- // find ip
- if ip := net.ParseIP(host); ip != nil {
- // check ip
- if proxy, ok := p.ipMap[ip.String()]; ok {
- return proxy
- }
-
- // check cidr
- // TODO: do not parse cidr every time
- for cidrStr, proxy := range p.cidrMap {
- if _, net, err := net.ParseCIDR(cidrStr); err == nil {
- if net.Contains(ip) {
- return proxy
- }
- }
- }
- }
-
- domainParts := strings.Split(host, ".")
- length := len(domainParts)
- for i := length - 2; i >= 0; i-- {
- domain := strings.Join(domainParts[i:length], ".")
-
- // find in domainMap
- if proxy, ok := p.domainMap[domain]; ok {
- return proxy
- }
- }
-
- return p.globalForwarder.GetProxy(dstAddr)
-}
-
-func (p *RulesForwarder) NextProxy() Proxy {
- return p.globalForwarder.NextProxy()
-}
-
-func (p *RulesForwarder) Enabled() bool { return true }
-func (p *RulesForwarder) SetEnable(enable bool) {}
-
-func (p *RulesForwarder) Dial(network, addr string) (net.Conn, error) {
- return p.GetProxy(addr).Dial(network, addr)
-}
diff --git a/server.go b/server.go
new file mode 100644
index 0000000..bbc5682
--- /dev/null
+++ b/server.go
@@ -0,0 +1,63 @@
+package main
+
+import (
+ "errors"
+ "net/url"
+ "strings"
+)
+
+// Server .
+type Server interface {
+ // ListenAndServe as proxy server, use only in server mode.
+ ListenAndServe()
+
+ // Serve
+ // Serve(c net.Conn)
+}
+
+// ServerFromURL parses url and get a Proxy
+// TODO: table
+func ServerFromURL(s string, sDialer Dialer) (Server, error) {
+ if !strings.Contains(s, "://") {
+ s = "mixed://" + s
+ }
+
+ u, err := url.Parse(s)
+ if err != nil {
+ logf("parse err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+ var user, pass string
+ if u.User != nil {
+ user = u.User.Username()
+ pass, _ = u.User.Password()
+ }
+
+ if sDialer == nil {
+ sDialer = Direct
+ }
+
+ switch u.Scheme {
+ case "mixed":
+ return NewMixedProxy("tcp", addr, user, pass, sDialer)
+ case "http":
+ return NewHTTP(addr, nil, sDialer)
+ case "socks5":
+ return NewSOCKS5("tcp", addr, user, pass, nil, sDialer)
+ case "ss":
+ p, err := NewSS(addr, user, pass, nil, sDialer)
+ return p, err
+ case "redir":
+ return NewRedirProxy(addr, sDialer)
+ case "tcptun":
+ d := strings.Split(addr, "=")
+ return NewTCPTun(d[0], d[1], sDialer)
+ case "dnstun":
+ d := strings.Split(addr, "=")
+ return NewDNSTun(d[0], d[1], sDialer)
+ }
+
+ return nil, errors.New("unknown schema '" + u.Scheme + "'")
+}
diff --git a/socks5.go b/socks5.go
index e266563..1922f5e 100644
--- a/socks5.go
+++ b/socks5.go
@@ -55,28 +55,31 @@ var socks5Errors = []string{
"address type not supported",
}
-// SOCKS5Proxy .
-type SOCKS5Proxy struct {
- *proxy
+// SOCKS5 .
+type SOCKS5 struct {
+ *Forwarder
+ sDialer Dialer
+
network string
user string
password string
}
-// NewSOCKS5Proxy returns a Proxy that makes SOCKSv5 connections to the given address
+// NewSOCKS5 returns a Proxy that makes SOCKSv5 connections to the given address
// with an optional username and password. See RFC 1928.
-func NewSOCKS5Proxy(network, addr, user, pass string, upProxy Proxy) (*SOCKS5Proxy, error) {
- s := &SOCKS5Proxy{
- proxy: NewProxy(addr, upProxy),
- user: user,
- password: pass,
+func NewSOCKS5(network, addr, user, pass string, cDialer Dialer, sDialer Dialer) (*SOCKS5, error) {
+ s := &SOCKS5{
+ Forwarder: NewForwarder(addr, cDialer),
+ sDialer: sDialer,
+ user: user,
+ password: pass,
}
return s, nil
}
// ListenAndServe connects to the address addr on the network net via the SOCKS5 proxy.
-func (s *SOCKS5Proxy) ListenAndServe() {
+func (s *SOCKS5) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
logf("failed to listen on %s: %v", s.addr, err)
@@ -97,7 +100,7 @@ func (s *SOCKS5Proxy) ListenAndServe() {
}
// Serve .
-func (s *SOCKS5Proxy) Serve(c net.Conn) {
+func (s *SOCKS5) Serve(c net.Conn) {
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
@@ -110,7 +113,7 @@ func (s *SOCKS5Proxy) Serve(c net.Conn) {
return
}
- rc, err := s.GetProxy(tgt.String()).Dial("tcp", tgt.String())
+ rc, err := s.sDialer.Dial("tcp", tgt.String())
if err != nil {
logf("failed to connect to target: %v", err)
return
@@ -129,14 +132,14 @@ func (s *SOCKS5Proxy) Serve(c net.Conn) {
}
// Dial connects to the address addr on the network net via the SOCKS5 proxy.
-func (s *SOCKS5Proxy) Dial(network, addr string) (net.Conn, error) {
+func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
switch network {
case "tcp", "tcp6", "tcp4":
default:
return nil, errors.New("proxy: no support for SOCKS5 proxy connections of type " + network)
}
- c, err := s.GetProxy(s.addr).Dial(s.network, s.addr)
+ c, err := s.cDialer.Dial(s.network, s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
@@ -157,7 +160,7 @@ func (s *SOCKS5Proxy) Dial(network, addr string) (net.Conn, error) {
// connect takes an existing connection to a socks5 proxy server,
// and commands the server to extend that connection to target,
// which must be a canonical address with a host and port.
-func (s *SOCKS5Proxy) connect(conn net.Conn, target string) error {
+func (s *SOCKS5) connect(conn net.Conn, target string) error {
host, portStr, err := net.SplitHostPort(target)
if err != nil {
return err
@@ -288,7 +291,7 @@ func (s *SOCKS5Proxy) connect(conn net.Conn, target string) error {
}
// Handshake fast-tracks SOCKS initialization to get target address to connect.
-func (s *SOCKS5Proxy) handshake(rw io.ReadWriter) (Addr, error) {
+func (s *SOCKS5) handshake(rw io.ReadWriter) (Addr, error) {
// Read RFC 1928 for request and reply structure and sizes.
buf := make([]byte, MaxAddrLen)
// read VER, NMETHODS, METHODS
diff --git a/ss.go b/ss.go
index 39c8347..923f220 100644
--- a/ss.go
+++ b/ss.go
@@ -9,21 +9,24 @@ import (
"github.com/shadowsocks/go-shadowsocks2/core"
)
-// SSProxy .
-type SSProxy struct {
- *proxy
+// SS .
+type SS struct {
+ *Forwarder
+ sDialer Dialer
+
core.StreamConnCipher
}
-// NewSSProxy returns a shadowsocks proxy.
-func NewSSProxy(addr, method, pass string, upProxy Proxy) (*SSProxy, error) {
+// NewSS returns a shadowsocks proxy.
+func NewSS(addr, method, pass string, cDialer Dialer, sDialer Dialer) (*SS, error) {
ciph, err := core.PickCipher(method, nil, pass)
if err != nil {
log.Fatalf("PickCipher for '%s', error: %s", method, err)
}
- s := &SSProxy{
- proxy: NewProxy(addr, upProxy),
+ s := &SS{
+ Forwarder: NewForwarder(addr, cDialer),
+ sDialer: sDialer,
StreamConnCipher: ciph,
}
@@ -31,7 +34,7 @@ func NewSSProxy(addr, method, pass string, upProxy Proxy) (*SSProxy, error) {
}
// ListenAndServe shadowsocks requests as a server.
-func (s *SSProxy) ListenAndServe() {
+func (s *SS) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
logf("failed to listen on %s: %v", s.addr, err)
@@ -51,7 +54,7 @@ func (s *SSProxy) ListenAndServe() {
}
// Serve .
-func (s *SSProxy) Serve(c net.Conn) {
+func (s *SS) Serve(c net.Conn) {
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
@@ -66,7 +69,7 @@ func (s *SSProxy) Serve(c net.Conn) {
return
}
- rc, err := s.GetProxy(tgt.String()).Dial("tcp", tgt.String())
+ rc, err := s.sDialer.Dial("tcp", tgt.String())
if err != nil {
logf("failed to connect to target: %v", err)
return
@@ -86,14 +89,14 @@ func (s *SSProxy) Serve(c net.Conn) {
}
// Dial connects to the address addr on the network net via the proxy.
-func (s *SSProxy) Dial(network, addr string) (net.Conn, error) {
+func (s *SS) Dial(network, addr string) (net.Conn, error) {
target := ParseAddr(addr)
if target == nil {
return nil, errors.New("Unable to parse address: " + addr)
}
- c, err := s.GetProxy(s.addr).Dial("tcp", s.addr)
+ c, err := s.cDialer.Dial("tcp", s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
diff --git a/strategy.go b/strategy.go
index 08036bf..02371ed 100644
--- a/strategy.go
+++ b/strategy.go
@@ -1,64 +1,80 @@
package main
-import "net"
+import (
+ "bytes"
+ "io"
+ "net"
+ "strings"
+ "time"
+)
-// NewStrategyForwarder .
-func NewStrategyForwarder(strategy string, forwarders []Proxy) Proxy {
- var proxy Proxy
- if len(forwarders) == 0 {
- proxy = Direct
- } else if len(forwarders) == 1 {
- proxy = forwarders[0]
- } else if len(forwarders) > 1 {
+// NewStrategyDialer .
+func NewStrategyDialer(strategy string, dialers []Dialer, website string, duration int) Dialer {
+ var dialer Dialer
+ if len(dialers) == 0 {
+ dialer = Direct
+ } else if len(dialers) == 1 {
+ dialer = dialers[0]
+ } else if len(dialers) > 1 {
switch strategy {
case "rr":
- proxy = newRRProxy("", forwarders)
+ dialer = newRRDialer(dialers, website, duration)
logf("forward to remote servers in round robin mode.")
case "ha":
- proxy = newHAProxy("", forwarders)
+ dialer = newHADialer(dialers, website, duration)
logf("forward to remote servers in high availability mode.")
default:
logf("not supported forward mode '%s', just use the first forward server.", conf.Strategy)
- proxy = forwarders[0]
+ dialer = dialers[0]
}
}
- return proxy
+ return dialer
}
-// rrProxy
-type rrProxy struct {
- forwarders []Proxy
- idx int
+// rrDialer
+type rrDialer struct {
+ dialers []Dialer
+ idx int
+
+ status map[int]bool
+
+ // for checking
+ website string
+ duration int
}
-// newRRProxy .
-func newRRProxy(addr string, forwarders []Proxy) Proxy {
- if len(forwarders) == 0 {
- return Direct
- } else if len(forwarders) == 1 {
- return NewProxy(addr, forwarders[0])
+// newRRDialer .
+func newRRDialer(dialers []Dialer, website string, duration int) *rrDialer {
+ rr := &rrDialer{dialers: dialers}
+
+ rr.status = make(map[int]bool)
+ rr.website = website
+ rr.duration = duration
+
+ for k := range dialers {
+ rr.status[k] = true
+ go rr.checkDialer(k)
}
- return &rrProxy{forwarders: forwarders}
+ return rr
}
-func (p *rrProxy) Addr() string { return "strategy forwarder" }
-func (p *rrProxy) ListenAndServe() {}
-func (p *rrProxy) Serve(c net.Conn) {}
-func (p *rrProxy) CurrentProxy() Proxy { return p.forwarders[p.idx] }
-func (p *rrProxy) GetProxy(dstAddr string) Proxy { return p.NextProxy() }
+func (rr *rrDialer) Addr() string { return "STRATEGY" }
+func (rr *rrDialer) Dial(network, addr string) (net.Conn, error) {
+ return rr.NextDialer().Dial(network, addr)
+}
-func (p *rrProxy) NextProxy() Proxy {
- n := len(p.forwarders)
+func (rr *rrDialer) NextDialer() Dialer {
+ n := len(rr.dialers)
if n == 1 {
- return p.forwarders[0]
+ rr.idx = 0
}
found := false
for i := 0; i < n; i++ {
- p.idx = (p.idx + 1) % n
- if p.forwarders[p.idx].Enabled() {
+ rr.idx = (rr.idx + 1) % n
+ if rr.status[rr.idx] {
found = true
break
}
@@ -68,34 +84,73 @@ func (p *rrProxy) NextProxy() Proxy {
logf("NO AVAILABLE PROXY FOUND! please check your network or proxy server settings.")
}
- return p.forwarders[p.idx]
+ return rr.dialers[rr.idx]
}
-func (p *rrProxy) Enabled() bool { return true }
-func (p *rrProxy) SetEnable(enable bool) {}
+// Check dialer
+func (rr *rrDialer) checkDialer(idx int) {
+ retry := 1
+ buf := make([]byte, 4)
-func (p *rrProxy) Dial(network, addr string) (net.Conn, error) {
- return p.GetProxy(addr).Dial(network, addr)
+ if strings.IndexByte(rr.website, ':') == -1 {
+ rr.website = rr.website + ":80"
+ }
+
+ d := rr.dialers[idx]
+
+ for {
+ time.Sleep(time.Duration(rr.duration) * time.Second * time.Duration(retry>>1))
+ retry <<= 1
+
+ if retry > 16 {
+ retry = 16
+ }
+
+ startTime := time.Now()
+ c, err := d.Dial("tcp", rr.website)
+ if err != nil {
+ rr.status[idx] = false
+ logf("proxy-check %s -> %s, set to DISABLED. error in dial: %s", d.Addr(), rr.website, err)
+ continue
+ }
+
+ c.Write([]byte("GET / HTTP/1.0"))
+ c.Write([]byte("\r\n\r\n"))
+
+ _, err = io.ReadFull(c, buf)
+ if err != nil {
+ rr.status[idx] = false
+ logf("proxy-check %s -> %s, set to DISABLED. error in read: %s", d.Addr(), rr.website, err)
+ } else if bytes.Equal([]byte("HTTP"), buf) {
+ rr.status[idx] = true
+ retry = 2
+ dialTime := time.Since(startTime)
+ logf("proxy-check %s -> %s, set to ENABLED. connect time: %s", d.Addr(), rr.website, dialTime.String())
+ } else {
+ rr.status[idx] = false
+ logf("proxy-check %s -> %s, set to DISABLED. server response: %s", d.Addr(), rr.website, buf)
+ }
+
+ c.Close()
+ }
}
// high availability proxy
-type haProxy struct {
- Proxy
+type haDialer struct {
+ *rrDialer
}
-// newHAProxy .
-func newHAProxy(addr string, forwarders []Proxy) Proxy {
- return &haProxy{Proxy: newRRProxy(addr, forwarders)}
+// newHADialer .
+func newHADialer(dialers []Dialer, webhost string, duration int) Dialer {
+ return &haDialer{rrDialer: newRRDialer(dialers, webhost, duration)}
}
-func (p *haProxy) GetProxy(dstAddr string) Proxy {
- proxy := p.CurrentProxy()
- if proxy.Enabled() == false {
- return p.NextProxy()
+func (ha *haDialer) Dial(network, addr string) (net.Conn, error) {
+ d := ha.dialers[ha.idx]
+
+ if !ha.status[ha.idx] {
+ d = ha.NextDialer()
}
- return proxy
-}
-func (p *haProxy) Dial(network, addr string) (net.Conn, error) {
- return p.GetProxy(addr).Dial(network, addr)
+ return d.Dial(network, addr)
}
diff --git a/tcptun.go b/tcptun.go
index 49d9a92..c9fe687 100644
--- a/tcptun.go
+++ b/tcptun.go
@@ -4,15 +4,18 @@ import "net"
// TCPTun .
type TCPTun struct {
- *proxy
+ *Forwarder
+ sDialer Dialer
+
raddr string
}
// NewTCPTun returns a redirect proxy.
-func NewTCPTun(addr, raddr string, upProxy Proxy) (*TCPTun, error) {
+func NewTCPTun(addr, raddr string, sDialer Dialer) (*TCPTun, error) {
s := &TCPTun{
- proxy: NewProxy(addr, upProxy),
- raddr: raddr,
+ Forwarder: NewForwarder(addr, nil),
+ sDialer: sDialer,
+ raddr: raddr,
}
return s, nil
@@ -42,7 +45,7 @@ func (s *TCPTun) ListenAndServe() {
c.SetKeepAlive(true)
}
- rc, err := s.GetProxy(s.raddr).Dial("tcp", s.raddr)
+ rc, err := s.sDialer.Dial("tcp", s.raddr)
if err != nil {
logf("failed to connect to target: %v", err)
From cba2f36b08ba4908b9a715e96f5a27318d897456 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 23 Aug 2017 17:45:57 +0800
Subject: [PATCH 052/341] forwarder: add NextDialer method so we can choose
dialer by domain name (not dns server) in dns proxy
---
.gitignore | 1 +
conf.go | 6 ++++--
dialer.go | 3 +++
direct.go | 2 ++
dns.go | 2 +-
forwarder.go | 4 ++++
rule.go | 13 +------------
strategy.go | 6 +++---
8 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/.gitignore b/.gitignore
index 3709d49..e16b335 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,6 +19,7 @@
/*.rule
rules.d/*.rule
+rules.d/*.list
glider
bak/
diff --git a/conf.go b/conf.go
index 89bab55..07c979e 100644
--- a/conf.go
+++ b/conf.go
@@ -79,6 +79,8 @@ func confInit() {
// RuleConf , every ruleForwarder points to a rule file
type RuleConf struct {
+ name string
+
Forward []string
Strategy string
CheckWebSite string
@@ -90,8 +92,6 @@ type RuleConf struct {
Domain []string
IP []string
CIDR []string
-
- name string
}
// NewRuleConfFromFile .
@@ -111,6 +111,8 @@ func NewRuleConfFromFile(ruleFile string) (*RuleConf, error) {
f.StringSliceUniqVar(&p.IP, "ip", nil, "ip")
f.StringSliceUniqVar(&p.CIDR, "cidr", nil, "cidr")
+ // f.StringSliceUniqVar(&p.Include, "include", nil, "include file path(eg: you can include a domain list file)")
+
err := f.Parse()
if err != nil {
fmt.Fprintf(os.Stderr, "ERROR: %s\n", err)
diff --git a/dialer.go b/dialer.go
index 71c3ff9..0296667 100644
--- a/dialer.go
+++ b/dialer.go
@@ -13,6 +13,9 @@ type Dialer interface {
// Dial connects to the given address via the proxy.
Dial(network, addr string) (c net.Conn, err error)
+
+ // Get the dialer by dstAddr
+ NextDialer(dstAddr string) Dialer
}
// DialerFromURL parses url and get a Proxy
diff --git a/direct.go b/direct.go
index 59b03b2..fa1e74e 100644
--- a/direct.go
+++ b/direct.go
@@ -18,3 +18,5 @@ func (d *direct) Dial(network, addr string) (net.Conn, error) {
}
return c, err
}
+
+func (d *direct) NextDialer(dstAddr string) Dialer { return d }
diff --git a/dns.go b/dns.go
index 66cecf1..908dd76 100644
--- a/dns.go
+++ b/dns.go
@@ -105,7 +105,7 @@ func (s *DNS) ListenAndServe() {
dnsServer := s.GetServer(domain)
// TODO: check here; ADD dnsServer to rule ip lists
- rc, err := s.sDialer.Dial("tcp", dnsServer)
+ rc, err := s.sDialer.NextDialer(domain+":53").Dial("tcp", dnsServer)
if err != nil {
logf("failed to connect to server %v: %v", dnsServer, err)
return
diff --git a/forwarder.go b/forwarder.go
index ffb1a80..cc72f16 100644
--- a/forwarder.go
+++ b/forwarder.go
@@ -22,3 +22,7 @@ func (p *Forwarder) Addr() string { return p.addr }
func (p *Forwarder) Dial(network, addr string) (net.Conn, error) {
return p.cDialer.Dial(network, addr)
}
+
+func (p *Forwarder) NextDialer(dstAddr string) Dialer {
+ return p.cDialer
+}
diff --git a/rule.go b/rule.go
index 55f76d9..9f87d32 100644
--- a/rule.go
+++ b/rule.go
@@ -50,16 +50,6 @@ func NewRuleDialer(rules []*RuleConf, gDialer Dialer) Dialer {
rd.ipMap[ip] = sd
}
- // dnsserver should use rule forwarder too
- for _, dnss := range r.DNSServer {
- ip, _, err := net.SplitHostPort(dnss)
- if err != nil {
- logf("SplitHostPort ERROR: %s", err)
- continue
- }
- rd.ipMap[ip] = sd
- }
-
rd.cidrMap = make(map[string]Dialer)
for _, cidr := range r.CIDR {
rd.cidrMap[cidr] = sd
@@ -114,6 +104,5 @@ func (p *RuleDialer) NextDialer(dstAddr string) Dialer {
}
func (rd *RuleDialer) Dial(network, addr string) (net.Conn, error) {
- d := rd.NextDialer(addr)
- return d.Dial(network, addr)
+ return rd.NextDialer(addr).Dial(network, addr)
}
diff --git a/strategy.go b/strategy.go
index 02371ed..312f5d8 100644
--- a/strategy.go
+++ b/strategy.go
@@ -62,10 +62,10 @@ func newRRDialer(dialers []Dialer, website string, duration int) *rrDialer {
func (rr *rrDialer) Addr() string { return "STRATEGY" }
func (rr *rrDialer) Dial(network, addr string) (net.Conn, error) {
- return rr.NextDialer().Dial(network, addr)
+ return rr.NextDialer(addr).Dial(network, addr)
}
-func (rr *rrDialer) NextDialer() Dialer {
+func (rr *rrDialer) NextDialer(dstAddr string) Dialer {
n := len(rr.dialers)
if n == 1 {
rr.idx = 0
@@ -149,7 +149,7 @@ func (ha *haDialer) Dial(network, addr string) (net.Conn, error) {
d := ha.dialers[ha.idx]
if !ha.status[ha.idx] {
- d = ha.NextDialer()
+ d = ha.NextDialer(addr)
}
return d.Dial(network, addr)
From 65f33beaa3f01c053286c8d74ae076130d1ea8ae Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 23 Aug 2017 18:04:20 +0800
Subject: [PATCH 053/341] log: add LogFunc so we can define a custom logger
---
log.go | 16 ++++++++++++++++
main.go | 6 ------
2 files changed, 16 insertions(+), 6 deletions(-)
create mode 100644 log.go
diff --git a/log.go b/log.go
new file mode 100644
index 0000000..b14bafe
--- /dev/null
+++ b/log.go
@@ -0,0 +1,16 @@
+package main
+
+import "log"
+
+// LogFunc .
+type LogFunc func(f string, v ...interface{})
+
+var logf LogFunc
+
+func init() {
+ logf = func(f string, v ...interface{}) {
+ if conf.Verbose {
+ log.Printf(f, v...)
+ }
+ }
+}
diff --git a/main.go b/main.go
index 7850625..772ae4c 100644
--- a/main.go
+++ b/main.go
@@ -11,12 +11,6 @@ import (
// VERSION .
const VERSION = "0.4.0"
-func logf(f string, v ...interface{}) {
- if conf.Verbose {
- log.Printf(f, v...)
- }
-}
-
func dialerFromConf() Dialer {
// global forwarders in xx.conf
var forwarders []Dialer
From 1b400d984e58e740b63529c950857b68171febe9 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 23 Aug 2017 18:58:24 +0800
Subject: [PATCH 054/341] rule: use new concurrent sync.Map instead of old map
---
main.go | 15 ++++---------
rule.go | 66 ++++++++++++++++++++++++++++++++++++++-------------------
2 files changed, 48 insertions(+), 33 deletions(-)
diff --git a/main.go b/main.go
index 772ae4c..c8d5fb3 100644
--- a/main.go
+++ b/main.go
@@ -26,15 +26,13 @@ func dialerFromConf() Dialer {
forwarders = append(forwarders, forward)
}
- forwarder := NewStrategyDialer(conf.Strategy, forwarders, conf.CheckWebSite, conf.CheckDuration)
-
- return NewRuleDialer(conf.rules, forwarder)
+ return NewStrategyDialer(conf.Strategy, forwarders, conf.CheckWebSite, conf.CheckDuration)
}
func main() {
confInit()
- sDialer := dialerFromConf()
+ sDialer := NewRuleDialer(conf.rules, dialerFromConf())
for _, listen := range conf.Listen {
local, err := ServerFromURL(listen, sDialer)
@@ -60,13 +58,8 @@ func main() {
}
}
- // test here
- dns.AddAnswerHandler(func(domain, ip string) error {
- if ip != "" {
- logf("domain: %s, ip: %s\n", domain, ip)
- }
- return nil
- })
+ // add a handler to update proxy rules when a domain resolved
+ dns.AddAnswerHandler(sDialer.AddDomainIP)
go dns.ListenAndServe()
}
diff --git a/rule.go b/rule.go
index 9f87d32..10802b7 100644
--- a/rule.go
+++ b/rule.go
@@ -4,24 +4,20 @@ import (
"log"
"net"
"strings"
+ "sync"
)
// RuleDialer .
type RuleDialer struct {
gDialer Dialer
- domainMap map[string]Dialer
- ipMap map[string]Dialer
- cidrMap map[string]Dialer
+ domainMap sync.Map
+ ipMap sync.Map
+ cidrMap sync.Map
}
// NewRuleDialer .
-func NewRuleDialer(rules []*RuleConf, gDialer Dialer) Dialer {
-
- if len(rules) == 0 {
- return gDialer
- }
-
+func NewRuleDialer(rules []*RuleConf, gDialer Dialer) *RuleDialer {
rd := &RuleDialer{gDialer: gDialer}
for _, r := range rules {
@@ -40,19 +36,16 @@ func NewRuleDialer(rules []*RuleConf, gDialer Dialer) Dialer {
sd := NewStrategyDialer(r.Strategy, forwarders, r.CheckWebSite, r.CheckDuration)
- rd.domainMap = make(map[string]Dialer)
for _, domain := range r.Domain {
- rd.domainMap[domain] = sd
+ rd.domainMap.Store(domain, sd)
}
- rd.ipMap = make(map[string]Dialer)
for _, ip := range r.IP {
- rd.ipMap[ip] = sd
+ rd.ipMap.Store(ip, sd)
}
- rd.cidrMap = make(map[string]Dialer)
for _, cidr := range r.CIDR {
- rd.cidrMap[cidr] = sd
+ rd.cidrMap.Store(cidr, sd)
}
}
@@ -74,19 +67,28 @@ func (p *RuleDialer) NextDialer(dstAddr string) Dialer {
// find ip
if ip := net.ParseIP(host); ip != nil {
// check ip
- if d, ok := p.ipMap[ip.String()]; ok {
- return d
+ if d, ok := p.ipMap.Load(ip.String()); ok {
+ return d.(Dialer)
}
+ var ret Dialer
// check cidr
// TODO: do not parse cidr every time
- for cidrStr, d := range p.cidrMap {
- if _, net, err := net.ParseCIDR(cidrStr); err == nil {
+ p.cidrMap.Range(func(key, value interface{}) bool {
+ if _, net, err := net.ParseCIDR(key.(string)); err == nil {
if net.Contains(ip) {
- return d
+ ret = value.(Dialer)
+ return false
}
}
+
+ return true
+ })
+
+ if ret != nil {
+ return ret
}
+
}
domainParts := strings.Split(host, ".")
@@ -95,8 +97,8 @@ func (p *RuleDialer) NextDialer(dstAddr string) Dialer {
domain := strings.Join(domainParts[i:length], ".")
// find in domainMap
- if d, ok := p.domainMap[domain]; ok {
- return d
+ if d, ok := p.domainMap.Load(domain); ok {
+ return d.(Dialer)
}
}
@@ -106,3 +108,23 @@ func (p *RuleDialer) NextDialer(dstAddr string) Dialer {
func (rd *RuleDialer) Dial(network, addr string) (net.Conn, error) {
return rd.NextDialer(addr).Dial(network, addr)
}
+
+// AddDomainIP used to update ipMap rules according to domainMap rule
+func (rd *RuleDialer) AddDomainIP(domain, ip string) error {
+ if ip != "" {
+ logf("domain: %s, ip: %s\n", domain, ip)
+
+ domainParts := strings.Split(domain, ".")
+ length := len(domainParts)
+ for i := length - 2; i >= 0; i-- {
+ domain := strings.Join(domainParts[i:length], ".")
+
+ // find in domainMap
+ if d, ok := rd.domainMap.Load(domain); ok {
+ rd.ipMap.Store(ip, d)
+ }
+ }
+
+ }
+ return nil
+}
From 6055efa537ca791b604d8ff5071630bec1f0de03 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 23 Aug 2017 21:11:08 +0800
Subject: [PATCH 055/341] rule: parse cidr once
---
rule.go | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/rule.go b/rule.go
index 10802b7..4ec0320 100644
--- a/rule.go
+++ b/rule.go
@@ -44,9 +44,12 @@ func NewRuleDialer(rules []*RuleConf, gDialer Dialer) *RuleDialer {
rd.ipMap.Store(ip, sd)
}
- for _, cidr := range r.CIDR {
- rd.cidrMap.Store(cidr, sd)
+ for _, s := range r.CIDR {
+ if _, cidr, err := net.ParseCIDR(s); err == nil {
+ rd.cidrMap.Store(cidr, sd)
+ }
}
+
}
return rd
@@ -73,13 +76,11 @@ func (p *RuleDialer) NextDialer(dstAddr string) Dialer {
var ret Dialer
// check cidr
- // TODO: do not parse cidr every time
p.cidrMap.Range(func(key, value interface{}) bool {
- if _, net, err := net.ParseCIDR(key.(string)); err == nil {
- if net.Contains(ip) {
- ret = value.(Dialer)
- return false
- }
+ cidr := key.(*net.IPNet)
+ if cidr.Contains(ip) {
+ ret = value.(Dialer)
+ return false
}
return true
From 0f2e490001c718d1a4bf492110c50708089cd849 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 23 Aug 2017 21:19:09 +0800
Subject: [PATCH 056/341] README: add go version info
---
README.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 26efab6..aa24825 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,7 @@ TODO:
Binary:
- [https://github.com/nadoo/glider/releases](https://github.com/nadoo/glider/releases)
-Go Get :
+Go Get : (requires Go 1.9 or newer)
```bash
go get -u github.com/nadoo/glider
```
@@ -227,6 +227,5 @@ See:
## Links
- [go-ss2](https://github.com/shadowsocks/go-shadowsocks2): the core ss protocol support
-- [gost](https://github.com/ginuerzh/gost): ideas and inspirations
- [conflag](https://github.com/nadoo/conflag): command line and config file parse support
- [ArchLinux](https://www.archlinux.org/packages/community/x86_64/glider): a great linux distribution with glider pre-built package
From 4e4e778f1d36ff7f1c3336fdcfb6cc32c4721007 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 23 Aug 2017 23:04:03 +0800
Subject: [PATCH 057/341] README: update TODO list
---
README.md | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index aa24825..65d67df 100644
--- a/README.md
+++ b/README.md
@@ -31,9 +31,10 @@ General:
TODO:
- Specify different remote dns server in rule file (DONE)
-- Improve DNS forwarder to resolve domain name and add ip to proxy rules (WIP)
+- Improve DNS forwarder to resolve domain name and add ip to proxy rules (DONE)
- IPSet management
- Improve DNS forwarder to resolve domain name and add ip to ipset
+- UDP Tunnel & UDP Relay
- TUN/TAP device support
- Code refactoring: support proxy registering so it can be pluggable
- Conditional compilation so we can abandon needless proxy type and get a smaller binary size
@@ -43,7 +44,7 @@ TODO:
Binary:
- [https://github.com/nadoo/glider/releases](https://github.com/nadoo/glider/releases)
-Go Get : (requires Go 1.9 or newer)
+Go Get (requires Go 1.9 or newer):
```bash
go get -u github.com/nadoo/glider
```
From 1a941cd09542c1c02a0964edecb7aac17b7a149b Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 24 Aug 2017 11:58:32 +0800
Subject: [PATCH 058/341] systemd: add CapabilityBoundingSet settings in
service file so that glider can listen on port below 1024 with none-root user
---
README.md | 18 +++++++++---------
conf.go | 1 +
systemd/glider@.service | 7 +++++++
3 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/README.md b/README.md
index 65d67df..bc44651 100644
--- a/README.md
+++ b/README.md
@@ -30,15 +30,15 @@ General:
- Rule proxy based on destionation: [Config Examples](examples)
TODO:
-- Specify different remote dns server in rule file (DONE)
-- Improve DNS forwarder to resolve domain name and add ip to proxy rules (DONE)
-- IPSet management
-- Improve DNS forwarder to resolve domain name and add ip to ipset
-- UDP Tunnel & UDP Relay
-- TUN/TAP device support
-- Code refactoring: support proxy registering so it can be pluggable
-- Conditional compilation so we can abandon needless proxy type and get a smaller binary size
-- SSH tunnel support
+- [x] Specify different remote dns server in rule file
+- [x] Improve DNS forwarder to resolve domain name and add ip to proxy rules
+- [ ] IPSet management
+- [ ] Improve DNS forwarder to resolve domain name and add ip to ipset
+- [ ] UDP Tunnel & UDP Relay
+- [ ] TUN/TAP device support
+- [ ] Code refactoring: support proxy registering so it can be pluggable
+- [ ] Conditional compilation so we can abandon needless proxy type and get a smaller binary size
+- [ ] SSH tunnel support
## Install
Binary:
diff --git a/conf.go b/conf.go
index 07c979e..7466ea0 100644
--- a/conf.go
+++ b/conf.go
@@ -66,6 +66,7 @@ func confInit() {
conf.rules = append(conf.rules, rule)
}
+ // TODO: allow to use relative dir to the config file
ruleFolderFiles, _ := listDir(conf.RulesDir, ".rule")
for _, ruleFile := range ruleFolderFiles {
rule, err := NewRuleConfFromFile(ruleFile)
diff --git a/systemd/glider@.service b/systemd/glider@.service
index 3c93c76..b634b35 100644
--- a/systemd/glider@.service
+++ b/systemd/glider@.service
@@ -6,7 +6,14 @@ After=network.target
Type=simple
User=nobody
Restart=always
+
+# NOTE: change to your glider path
ExecStart=/usr/bin/glider -config /etc/glider/%i.conf
+# work with systemd v229 or later, so glider can listen on port below 1024 with none-root user
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
+
[Install]
WantedBy=multi-user.target
From 419fa05171ce073fc9367af4e80b8cda2f476fc1 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 25 Aug 2017 20:32:51 +0800
Subject: [PATCH 059/341] conf: support relative path in "rules-dir" config
---
conf.go | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/conf.go b/conf.go
index 7466ea0..85b1063 100644
--- a/conf.go
+++ b/conf.go
@@ -4,6 +4,7 @@ import (
"fmt"
"log"
"os"
+ "path"
"github.com/nadoo/conflag"
)
@@ -66,8 +67,9 @@ func confInit() {
conf.rules = append(conf.rules, rule)
}
- // TODO: allow to use relative dir to the config file
+ conf.RulesDir = path.Join(flag.ConfDir(), conf.RulesDir)
ruleFolderFiles, _ := listDir(conf.RulesDir, ".rule")
+
for _, ruleFile := range ruleFolderFiles {
rule, err := NewRuleConfFromFile(ruleFile)
if err != nil {
From ada5cdfcc3abef8b35f802637f04533137e8151d Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 28 Aug 2017 19:23:32 +0800
Subject: [PATCH 060/341] ipset: add ipset management. REQUIRE CAP_NET_ADMIN
capability.
---
ipset_linux.go | 400 +++++++++++++++++++++++++++++++++++++++++++++++++
ipset_other.go | 16 ++
main.go | 8 +
3 files changed, 424 insertions(+)
create mode 100644 ipset_linux.go
create mode 100644 ipset_other.go
diff --git a/ipset_linux.go b/ipset_linux.go
new file mode 100644
index 0000000..9d95962
--- /dev/null
+++ b/ipset_linux.go
@@ -0,0 +1,400 @@
+// Apache License 2.0
+// @mdlayher https://github.com/mdlayher/netlink
+// Ref: https://github.com/vishvananda/netlink/blob/master/nl/nl_linux.go
+
+package main
+
+import (
+ "bytes"
+ "encoding/binary"
+ "log"
+ "net"
+ "strings"
+ "sync"
+ "sync/atomic"
+ "syscall"
+ "unsafe"
+)
+
+const NFNL_SUBSYS_IPSET = 6
+
+// http://git.netfilter.org/ipset/tree/include/libipset/linux_ip_set.h
+/* The protocol version */
+const IPSET_PROTOCOL = 6
+
+/* The max length of strings including NUL: set and type identifiers */
+const IPSET_MAXNAMELEN = 32
+
+/* Message types and commands */
+const IPSET_CMD_CREATE = 2
+const IPSET_CMD_ADD = 9
+const IPSET_CMD_DEL = 10
+
+/* Attributes at command level */
+const IPSET_ATTR_PROTOCOL = 1 /* 1: Protocol version */
+const IPSET_ATTR_SETNAME = 2 /* 2: Name of the set */
+const IPSET_ATTR_TYPENAME = 3 /* 3: Typename */
+const IPSET_ATTR_REVISION = 4 /* 4: Settype revision */
+const IPSET_ATTR_FAMILY = 5 /* 5: Settype family */
+const IPSET_ATTR_DATA = 7 /* 7: Nested attributes */
+
+const IPSET_ATTR_IP = 1
+
+/* IP specific attributes */
+const IPSET_ATTR_IPADDR_IPV4 = 1
+const IPSET_ATTR_IPADDR_IPV6 = 2
+
+const NLA_F_NESTED = (1 << 15)
+const NLA_F_NET_BYTEORDER = (1 << 14)
+
+var nextSeqNr uint32
+var nativeEndian binary.ByteOrder
+
+type IPSetManager struct {
+ fd int
+ lsa syscall.SockaddrNetlink
+
+ domainSet sync.Map
+}
+
+func NewIPSetManager(rules []*RuleConf) (*IPSetManager, error) {
+ fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_NETFILTER)
+ if err != nil {
+ logf("%s", err)
+ return nil, err
+ }
+ // defer syscall.Close(fd)
+
+ lsa := syscall.SockaddrNetlink{
+ Family: syscall.AF_NETLINK,
+ }
+
+ if err = syscall.Bind(fd, &lsa); err != nil {
+ logf("%s", err)
+ return nil, err
+ }
+
+ var domainSet sync.Map
+ for _, r := range rules {
+ CreateSet(fd, lsa, r.IPSet)
+
+ for _, domain := range r.Domain {
+ domainSet.Store(domain, r.IPSet)
+ }
+
+ for _, ip := range r.IP {
+ AddToSet(fd, lsa, r.IPSet, ip)
+ }
+
+ // TODO: add all ip in cidr to ipset
+ // for _, s := range r.CIDR {
+ // if _, cidr, err := net.ParseCIDR(s); err == nil {
+ // rd.cidrMap.Store(cidr, sd)
+ // }
+ // }
+ }
+
+ return &IPSetManager{fd: fd, lsa: lsa, domainSet: domainSet}, nil
+}
+
+// AddDomainIP used to update ipset according to domainSet rule
+func (m *IPSetManager) AddDomainIP(domain, ip string) error {
+ if ip != "" {
+ logf("domain: %s, ip: %s\n", domain, ip)
+
+ domainParts := strings.Split(domain, ".")
+ length := len(domainParts)
+ for i := length - 2; i >= 0; i-- {
+ domain := strings.Join(domainParts[i:length], ".")
+
+ // find in domainMap
+ if ipset, ok := m.domainSet.Load(domain); ok {
+ AddToSet(m.fd, m.lsa, ipset.(string), ip)
+ }
+ }
+
+ }
+ return nil
+}
+
+func CreateSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
+ if len(setName) > IPSET_MAXNAMELEN {
+ log.Fatal("ipset name too long")
+ }
+
+ // req := NewNetlinkRequest(1538, syscall.NLM_F_REQUEST)
+ req := NewNetlinkRequest(IPSET_CMD_CREATE|(NFNL_SUBSYS_IPSET<<8), syscall.NLM_F_REQUEST)
+
+ // TODO: support AF_INET6
+ nfgenMsg := NewNfGenMsg(syscall.AF_INET, 0, 0)
+ req.AddData(nfgenMsg)
+
+ attrProto := NewRtAttr(IPSET_ATTR_PROTOCOL, Uint8Attr(IPSET_PROTOCOL))
+ req.AddData(attrProto)
+
+ attrSiteName := NewRtAttr(IPSET_ATTR_SETNAME, ZeroTerminated(setName))
+ req.AddData(attrSiteName)
+
+ attrSiteType := NewRtAttr(IPSET_ATTR_TYPENAME, ZeroTerminated("hash:ip"))
+ req.AddData(attrSiteType)
+
+ attrRev := NewRtAttr(IPSET_ATTR_REVISION, Uint8Attr(1))
+ req.AddData(attrRev)
+
+ attrFamily := NewRtAttr(IPSET_ATTR_FAMILY, Uint8Attr(2))
+ req.AddData(attrFamily)
+
+ attrData := NewRtAttr(IPSET_ATTR_DATA|NLA_F_NESTED, nil)
+ req.AddData(attrData)
+
+ err := syscall.Sendto(fd, req.Serialize(), 0, &lsa)
+ logf("%s", err)
+}
+
+func AddToSet(fd int, lsa syscall.SockaddrNetlink, setName, ipStr string) {
+ if len(setName) > IPSET_MAXNAMELEN {
+ logf("ipset name too long")
+ }
+
+ ip := net.ParseIP(ipStr).To4()
+
+ req := NewNetlinkRequest(IPSET_CMD_ADD|(NFNL_SUBSYS_IPSET<<8), syscall.NLM_F_REQUEST)
+
+ // TODO: support AF_INET6
+ nfgenMsg := NewNfGenMsg(syscall.AF_INET, 0, 0)
+ req.AddData(nfgenMsg)
+
+ attrProto := NewRtAttr(IPSET_ATTR_PROTOCOL, Uint8Attr(IPSET_PROTOCOL))
+ req.AddData(attrProto)
+
+ attrSiteName := NewRtAttr(IPSET_ATTR_SETNAME, ZeroTerminated(setName))
+ req.AddData(attrSiteName)
+
+ attrNested := NewRtAttr(IPSET_ATTR_DATA|NLA_F_NESTED, nil)
+ attrIP := NewRtAttrChild(attrNested, IPSET_ATTR_IP|NLA_F_NESTED, nil)
+ NewRtAttrChild(attrIP, IPSET_ATTR_IPADDR_IPV4|NLA_F_NET_BYTEORDER, ip)
+ // NewRtAttrChild(attrNested, 9|NLA_F_NET_BYTEORDER, Uint32Attr(0))
+ req.AddData(attrNested)
+
+ err := syscall.Sendto(fd, req.Serialize(), 0, &lsa)
+ logf("%s", err)
+}
+
+// Get native endianness for the system
+func NativeEndian() binary.ByteOrder {
+ if nativeEndian == nil {
+ var x uint32 = 0x01020304
+ if *(*byte)(unsafe.Pointer(&x)) == 0x01 {
+ nativeEndian = binary.BigEndian
+ } else {
+ nativeEndian = binary.LittleEndian
+ }
+ }
+ return nativeEndian
+}
+
+func rtaAlignOf(attrlen int) int {
+ return (attrlen + syscall.RTA_ALIGNTO - 1) & ^(syscall.RTA_ALIGNTO - 1)
+}
+
+type NetlinkRequestData interface {
+ Len() int
+ Serialize() []byte
+}
+
+type NfGenMsg struct {
+ nfgenFamily uint8
+ version uint8
+ resID uint16
+}
+
+func NewNfGenMsg(nfgenFamily, version, resID int) *NfGenMsg {
+ return &NfGenMsg{
+ nfgenFamily: uint8(nfgenFamily),
+ version: uint8(version),
+ resID: uint16(resID),
+ }
+}
+
+func (m *NfGenMsg) Len() int {
+ return rtaAlignOf(4)
+}
+
+func (m *NfGenMsg) Serialize() []byte {
+ native := NativeEndian()
+
+ length := m.Len()
+ buf := make([]byte, rtaAlignOf(length))
+ buf[0] = m.nfgenFamily
+ buf[1] = m.version
+ native.PutUint16(buf[2:4], m.resID)
+ return buf
+}
+
+// Extend RtAttr to handle data and children
+type RtAttr struct {
+ syscall.RtAttr
+ Data []byte
+ children []NetlinkRequestData
+}
+
+// Create a new Extended RtAttr object
+func NewRtAttr(attrType int, data []byte) *RtAttr {
+ return &RtAttr{
+ RtAttr: syscall.RtAttr{
+ Type: uint16(attrType),
+ },
+ children: []NetlinkRequestData{},
+ Data: data,
+ }
+}
+
+// Create a new RtAttr obj anc add it as a child of an existing object
+func NewRtAttrChild(parent *RtAttr, attrType int, data []byte) *RtAttr {
+ attr := NewRtAttr(attrType, data)
+ parent.children = append(parent.children, attr)
+ return attr
+}
+
+func (a *RtAttr) Len() int {
+ if len(a.children) == 0 {
+ return (syscall.SizeofRtAttr + len(a.Data))
+ }
+
+ l := 0
+ for _, child := range a.children {
+ l += rtaAlignOf(child.Len())
+ }
+ l += syscall.SizeofRtAttr
+ return rtaAlignOf(l + len(a.Data))
+}
+
+// Serialize the RtAttr into a byte array
+// This can't just unsafe.cast because it must iterate through children.
+func (a *RtAttr) Serialize() []byte {
+ native := NativeEndian()
+
+ length := a.Len()
+ buf := make([]byte, rtaAlignOf(length))
+
+ next := 4
+ if a.Data != nil {
+ copy(buf[next:], a.Data)
+ next += rtaAlignOf(len(a.Data))
+ }
+ if len(a.children) > 0 {
+ for _, child := range a.children {
+ childBuf := child.Serialize()
+ copy(buf[next:], childBuf)
+ next += rtaAlignOf(len(childBuf))
+ }
+ }
+
+ if l := uint16(length); l != 0 {
+ native.PutUint16(buf[0:2], l)
+ }
+ native.PutUint16(buf[2:4], a.Type)
+ return buf
+}
+
+type NetlinkRequest struct {
+ syscall.NlMsghdr
+ Data []NetlinkRequestData
+ RawData []byte
+}
+
+// Create a new netlink request from proto and flags
+// Note the Len value will be inaccurate once data is added until
+// the message is serialized
+func NewNetlinkRequest(proto, flags int) *NetlinkRequest {
+ return &NetlinkRequest{
+ NlMsghdr: syscall.NlMsghdr{
+ Len: uint32(syscall.SizeofNlMsghdr),
+ Type: uint16(proto),
+ Flags: syscall.NLM_F_REQUEST | uint16(flags),
+ Seq: atomic.AddUint32(&nextSeqNr, 1),
+ // Pid: uint32(os.Getpid()),
+ },
+ }
+}
+
+// Serialize the Netlink Request into a byte array
+func (req *NetlinkRequest) Serialize() []byte {
+ length := syscall.SizeofNlMsghdr
+ dataBytes := make([][]byte, len(req.Data))
+ for i, data := range req.Data {
+ dataBytes[i] = data.Serialize()
+ length = length + len(dataBytes[i])
+ }
+ length += len(req.RawData)
+
+ req.Len = uint32(length)
+ b := make([]byte, length)
+ hdr := (*(*[syscall.SizeofNlMsghdr]byte)(unsafe.Pointer(req)))[:]
+ next := syscall.SizeofNlMsghdr
+ copy(b[0:next], hdr)
+ for _, data := range dataBytes {
+ for _, dataByte := range data {
+ b[next] = dataByte
+ next = next + 1
+ }
+ }
+ // Add the raw data if any
+ if len(req.RawData) > 0 {
+ copy(b[next:length], req.RawData)
+ }
+ return b
+}
+
+func (req *NetlinkRequest) AddData(data NetlinkRequestData) {
+ if data != nil {
+ req.Data = append(req.Data, data)
+ }
+}
+
+// AddRawData adds raw bytes to the end of the NetlinkRequest object during serialization
+func (req *NetlinkRequest) AddRawData(data []byte) {
+ if data != nil {
+ req.RawData = append(req.RawData, data...)
+ }
+}
+
+func Uint8Attr(v uint8) []byte {
+ return []byte{byte(v)}
+}
+
+func Uint16Attr(v uint16) []byte {
+ native := NativeEndian()
+ bytes := make([]byte, 2)
+ native.PutUint16(bytes, v)
+ return bytes
+}
+
+func Uint32Attr(v uint32) []byte {
+ native := NativeEndian()
+ bytes := make([]byte, 4)
+ native.PutUint32(bytes, v)
+ return bytes
+}
+
+func ZeroTerminated(s string) []byte {
+ bytes := make([]byte, len(s)+1)
+ for i := 0; i < len(s); i++ {
+ bytes[i] = s[i]
+ }
+ bytes[len(s)] = 0
+ return bytes
+}
+
+func NonZeroTerminated(s string) []byte {
+ bytes := make([]byte, len(s))
+ for i := 0; i < len(s); i++ {
+ bytes[i] = s[i]
+ }
+ return bytes
+}
+
+func BytesToString(b []byte) string {
+ n := bytes.Index(b, []byte{0})
+ return string(b[:n])
+}
diff --git a/ipset_other.go b/ipset_other.go
new file mode 100644
index 0000000..c10d654
--- /dev/null
+++ b/ipset_other.go
@@ -0,0 +1,16 @@
+// +build !linux
+
+package main
+
+import "errors"
+
+type IPSetManager struct {
+}
+
+func NewIPSetManager(rules []*RuleConf) (*IPSetManager, error) {
+ return nil, errors.New("ipset not supported on this os")
+}
+
+func (m *IPSetManager) AddDomainIP(domain, ip string) error {
+ return errors.New("ipset not supported on this os")
+}
diff --git a/main.go b/main.go
index c8d5fb3..aad00b6 100644
--- a/main.go
+++ b/main.go
@@ -43,6 +43,11 @@ func main() {
go local.ListenAndServe()
}
+ ipsetM, err := NewIPSetManager(conf.rules)
+ if err != nil {
+ logf("ipset error: %s", err)
+ }
+
if conf.DNS != "" {
dns, err := NewDNS(conf.DNS, conf.DNSServer[0], sDialer)
if err != nil {
@@ -60,6 +65,9 @@ func main() {
// add a handler to update proxy rules when a domain resolved
dns.AddAnswerHandler(sDialer.AddDomainIP)
+ if ipsetM != nil {
+ dns.AddAnswerHandler(ipsetM.AddDomainIP)
+ }
go dns.ListenAndServe()
}
From 4729fc57f3c205f4e096f7d7e4dd345813796cc3 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 28 Aug 2017 23:14:02 +0800
Subject: [PATCH 061/341] ipset: do not create ipset when ipset name is ""
---
README.md | 4 ++--
ipset_linux.go | 18 ++++++++++++++----
rule.go | 3 +--
3 files changed, 17 insertions(+), 8 deletions(-)
diff --git a/README.md b/README.md
index bc44651..591981c 100644
--- a/README.md
+++ b/README.md
@@ -32,8 +32,8 @@ General:
TODO:
- [x] Specify different remote dns server in rule file
- [x] Improve DNS forwarder to resolve domain name and add ip to proxy rules
-- [ ] IPSet management
-- [ ] Improve DNS forwarder to resolve domain name and add ip to ipset
+- [x] IPSet management
+- [x] Improve DNS forwarder to resolve domain name and add ip to ipset
- [ ] UDP Tunnel & UDP Relay
- [ ] TUN/TAP device support
- [ ] Code refactoring: support proxy registering so it can be pluggable
diff --git a/ipset_linux.go b/ipset_linux.go
index 9d95962..1c6e441 100644
--- a/ipset_linux.go
+++ b/ipset_linux.go
@@ -76,6 +76,11 @@ func NewIPSetManager(rules []*RuleConf) (*IPSetManager, error) {
var domainSet sync.Map
for _, r := range rules {
+
+ if r.IPSet == "" {
+ continue
+ }
+
CreateSet(fd, lsa, r.IPSet)
for _, domain := range r.Domain {
@@ -99,9 +104,8 @@ func NewIPSetManager(rules []*RuleConf) (*IPSetManager, error) {
// AddDomainIP used to update ipset according to domainSet rule
func (m *IPSetManager) AddDomainIP(domain, ip string) error {
- if ip != "" {
- logf("domain: %s, ip: %s\n", domain, ip)
+ if ip != "" {
domainParts := strings.Split(domain, ".")
length := len(domainParts)
for i := length - 2; i >= 0; i-- {
@@ -110,6 +114,7 @@ func (m *IPSetManager) AddDomainIP(domain, ip string) error {
// find in domainMap
if ipset, ok := m.domainSet.Load(domain); ok {
AddToSet(m.fd, m.lsa, ipset.(string), ip)
+ logf("ipset: domain: %s, ip: %s\n", domain, ip)
}
}
@@ -148,7 +153,10 @@ func CreateSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
req.AddData(attrData)
err := syscall.Sendto(fd, req.Serialize(), 0, &lsa)
- logf("%s", err)
+ if err != nil {
+ logf("%s", err)
+ }
+
}
func AddToSet(fd int, lsa syscall.SockaddrNetlink, setName, ipStr string) {
@@ -177,7 +185,9 @@ func AddToSet(fd int, lsa syscall.SockaddrNetlink, setName, ipStr string) {
req.AddData(attrNested)
err := syscall.Sendto(fd, req.Serialize(), 0, &lsa)
- logf("%s", err)
+ if err != nil {
+ logf("%s", err)
+ }
}
// Get native endianness for the system
diff --git a/rule.go b/rule.go
index 4ec0320..bb24e61 100644
--- a/rule.go
+++ b/rule.go
@@ -113,8 +113,6 @@ func (rd *RuleDialer) Dial(network, addr string) (net.Conn, error) {
// AddDomainIP used to update ipMap rules according to domainMap rule
func (rd *RuleDialer) AddDomainIP(domain, ip string) error {
if ip != "" {
- logf("domain: %s, ip: %s\n", domain, ip)
-
domainParts := strings.Split(domain, ".")
length := len(domainParts)
for i := length - 2; i >= 0; i-- {
@@ -123,6 +121,7 @@ func (rd *RuleDialer) AddDomainIP(domain, ip string) error {
// find in domainMap
if d, ok := rd.domainMap.Load(domain); ok {
rd.ipMap.Store(ip, d)
+ logf("rule: add domain: %s, ip: %s\n", domain, ip)
}
}
From 9d9fe7bfd869f72e83c6f77e1c2d4bdccda5660b Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 28 Aug 2017 23:14:52 +0800
Subject: [PATCH 062/341] systemd: add CAP_NET_ADMIN capability for ipset
---
systemd/glider@.service | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/systemd/glider@.service b/systemd/glider@.service
index b634b35..399292a 100644
--- a/systemd/glider@.service
+++ b/systemd/glider@.service
@@ -11,8 +11,10 @@ Restart=always
ExecStart=/usr/bin/glider -config /etc/glider/%i.conf
# work with systemd v229 or later, so glider can listen on port below 1024 with none-root user
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-AmbientCapabilities=CAP_NET_BIND_SERVICE
+# CAP_NET_ADMIN: ipset
+# CAP_NET_BIND_SERVICE: bind ports under 1024
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
[Install]
From 45a03ff62d2f5c401cf168ffc1f974d59e0fc8d1 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 29 Aug 2017 10:05:06 +0800
Subject: [PATCH 063/341] examples: add order number
---
conf.go | 2 --
.../glider.conf | 0
.../glider.conf | 0
.../glider.conf | 0
.../glider.conf | 0
.../glider.conf | 0
.../office.rule | 0
.../bypass.rule | 0
.../glider.conf | 0
.../glider.conf | 0
.../home.rule | 0
.../office.rule | 0
examples/README.md | 28 +++++++++----------
13 files changed, 14 insertions(+), 16 deletions(-)
rename examples/{simple_proxy_service => 1.simple_proxy_service}/glider.conf (100%)
rename examples/{one_forwarder => 2.one_forwarder}/glider.conf (100%)
rename examples/{forward_chain => 3.forward_chain}/glider.conf (100%)
rename examples/{multiple_forwarders => 4.multiple_forwarders}/glider.conf (100%)
rename examples/{rule_default_direct => 5.rule_default_direct}/glider.conf (100%)
rename examples/{rule_default_direct => 5.rule_default_direct}/office.rule (100%)
rename examples/{rule_default_forwarder => 6.rule_default_forwarder}/bypass.rule (100%)
rename examples/{rule_default_forwarder => 6.rule_default_forwarder}/glider.conf (100%)
rename examples/{rule_multiple_rule_files => 7.rule_multiple_rule_files}/glider.conf (100%)
rename examples/{rule_multiple_rule_files => 7.rule_multiple_rule_files}/home.rule (100%)
rename examples/{rule_multiple_rule_files => 7.rule_multiple_rule_files}/office.rule (100%)
diff --git a/conf.go b/conf.go
index 85b1063..7556142 100644
--- a/conf.go
+++ b/conf.go
@@ -114,8 +114,6 @@ func NewRuleConfFromFile(ruleFile string) (*RuleConf, error) {
f.StringSliceUniqVar(&p.IP, "ip", nil, "ip")
f.StringSliceUniqVar(&p.CIDR, "cidr", nil, "cidr")
- // f.StringSliceUniqVar(&p.Include, "include", nil, "include file path(eg: you can include a domain list file)")
-
err := f.Parse()
if err != nil {
fmt.Fprintf(os.Stderr, "ERROR: %s\n", err)
diff --git a/examples/simple_proxy_service/glider.conf b/examples/1.simple_proxy_service/glider.conf
similarity index 100%
rename from examples/simple_proxy_service/glider.conf
rename to examples/1.simple_proxy_service/glider.conf
diff --git a/examples/one_forwarder/glider.conf b/examples/2.one_forwarder/glider.conf
similarity index 100%
rename from examples/one_forwarder/glider.conf
rename to examples/2.one_forwarder/glider.conf
diff --git a/examples/forward_chain/glider.conf b/examples/3.forward_chain/glider.conf
similarity index 100%
rename from examples/forward_chain/glider.conf
rename to examples/3.forward_chain/glider.conf
diff --git a/examples/multiple_forwarders/glider.conf b/examples/4.multiple_forwarders/glider.conf
similarity index 100%
rename from examples/multiple_forwarders/glider.conf
rename to examples/4.multiple_forwarders/glider.conf
diff --git a/examples/rule_default_direct/glider.conf b/examples/5.rule_default_direct/glider.conf
similarity index 100%
rename from examples/rule_default_direct/glider.conf
rename to examples/5.rule_default_direct/glider.conf
diff --git a/examples/rule_default_direct/office.rule b/examples/5.rule_default_direct/office.rule
similarity index 100%
rename from examples/rule_default_direct/office.rule
rename to examples/5.rule_default_direct/office.rule
diff --git a/examples/rule_default_forwarder/bypass.rule b/examples/6.rule_default_forwarder/bypass.rule
similarity index 100%
rename from examples/rule_default_forwarder/bypass.rule
rename to examples/6.rule_default_forwarder/bypass.rule
diff --git a/examples/rule_default_forwarder/glider.conf b/examples/6.rule_default_forwarder/glider.conf
similarity index 100%
rename from examples/rule_default_forwarder/glider.conf
rename to examples/6.rule_default_forwarder/glider.conf
diff --git a/examples/rule_multiple_rule_files/glider.conf b/examples/7.rule_multiple_rule_files/glider.conf
similarity index 100%
rename from examples/rule_multiple_rule_files/glider.conf
rename to examples/7.rule_multiple_rule_files/glider.conf
diff --git a/examples/rule_multiple_rule_files/home.rule b/examples/7.rule_multiple_rule_files/home.rule
similarity index 100%
rename from examples/rule_multiple_rule_files/home.rule
rename to examples/7.rule_multiple_rule_files/home.rule
diff --git a/examples/rule_multiple_rule_files/office.rule b/examples/7.rule_multiple_rule_files/office.rule
similarity index 100%
rename from examples/rule_multiple_rule_files/office.rule
rename to examples/7.rule_multiple_rule_files/office.rule
diff --git a/examples/README.md b/examples/README.md
index d10a2ef..d0aa9a9 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -1,32 +1,32 @@
# Glider Configuration Examples
-## Simple Proxy Service
+## 1. Simple Proxy Service
Just listen on 8443 as HTTP/SOCKS5 proxy on the same port, forward all requests directly.
```
Clients --> Listener --> Internet
```
-- [simple_proxy_service](simple_proxy_service)
+- [simple_proxy_service](1.simple_proxy_service)
-## One remote upstream proxy
+## 2. One remote upstream proxy
```
Clients --> Listener --> Forwarder --> Internet
```
-- [one_forwarder](one_forwarder)
+- [one_forwarder](2.one_forwarder)
-## One remote upstream PROXY CHAIN
+## 3. One remote upstream PROXY CHAIN
```
Clients --> Listener --> Forwarder1 --> Forwarder2 --> Internet
```
-- [forward_chain](forward_chain)
+- [forward_chain](3.forward_chain)
-## Multiple upstream proxies
+## 4. Multiple upstream proxies
```
|Forwarder ----------------->|
@@ -34,10 +34,10 @@ Just listen on 8443 as HTTP/SOCKS5 proxy on the same port, forward all requests
|Forwarder --> Forwarder->...|
```
-- [multiple_forwarders](multiple_forwarders)
+- [multiple_forwarders](4.multiple_forwarders)
-## With Rule File: Default Direct, Rule file use forwarder
+## 5. With Rule File: Default Direct, Rule file use forwarder
Default:
```
@@ -50,10 +50,10 @@ Destinations specified in rule file:
|Forwarder --> Forwarder->...|
```
-- [rule_default_direct](rule_default_direct)
+- [rule_default_direct](5.rule_default_direct)
-## With Rule File: Default use forwarder, rule file use direct
+## 6. With Rule File: Default use forwarder, rule file use direct
Default:
```
@@ -67,10 +67,10 @@ Destinations specified in rule file:
Clients --> Listener --> Internet
```
-- [rule_default_forwarder](rule_default_forwarder)
+- [rule_default_forwarder](6.rule_default_forwarder)
-## With Rule File: multiple rule files
+## 7. With Rule File: multiple rule files
Default:
```
@@ -89,4 +89,4 @@ Destinations specified in rule file2:
|Forwarder5 --> Forwarder6->...|
```
-- [rule_multiple_rule_files](rule_multiple_rule_files)
\ No newline at end of file
+- [rule_multiple_rule_files](7.rule_multiple_rule_files)
\ No newline at end of file
From e7dd21289f26e843b723961972c5d8379d69b394 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 29 Aug 2017 18:36:42 +0800
Subject: [PATCH 064/341] ipset: 1. ipset flush; 2. ipset in main config
---
README.md | 1 +
conf.go | 2 +-
ipset_linux.go | 102 ++++++++++++++++++++++++++++++++++++++-----------
ipset_other.go | 2 +-
main.go | 4 +-
5 files changed, 85 insertions(+), 26 deletions(-)
diff --git a/README.md b/README.md
index 591981c..2dbbb26 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,7 @@ TODO:
- [ ] TUN/TAP device support
- [ ] Code refactoring: support proxy registering so it can be pluggable
- [ ] Conditional compilation so we can abandon needless proxy type and get a smaller binary size
+- [ ] IPv6 support
- [ ] SSH tunnel support
## Install
diff --git a/conf.go b/conf.go
index 7556142..c18f9a4 100644
--- a/conf.go
+++ b/conf.go
@@ -42,7 +42,7 @@ func confInit() {
flag.StringVar(&conf.DNS, "dns", "", "dns listen address")
flag.StringSliceUniqVar(&conf.DNSServer, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
- flag.StringVar(&conf.IPSet, "ipset", "glider", "ipset name")
+ flag.StringVar(&conf.IPSet, "ipset", "", "ipset name")
flag.Usage = usage
err := flag.Parse()
diff --git a/ipset_linux.go b/ipset_linux.go
index 1c6e441..e0065c5 100644
--- a/ipset_linux.go
+++ b/ipset_linux.go
@@ -27,6 +27,7 @@ const IPSET_MAXNAMELEN = 32
/* Message types and commands */
const IPSET_CMD_CREATE = 2
+const IPSET_CMD_FLUSH = 4
const IPSET_CMD_ADD = 9
const IPSET_CMD_DEL = 10
@@ -38,7 +39,9 @@ const IPSET_ATTR_REVISION = 4 /* 4: Settype revision */
const IPSET_ATTR_FAMILY = 5 /* 5: Settype family */
const IPSET_ATTR_DATA = 7 /* 7: Nested attributes */
+/* CADT specific attributes */
const IPSET_ATTR_IP = 1
+const IPSET_ATTR_CIDR = 3
/* IP specific attributes */
const IPSET_ATTR_IPADDR_IPV4 = 1
@@ -54,10 +57,11 @@ type IPSetManager struct {
fd int
lsa syscall.SockaddrNetlink
+ mainSet string
domainSet sync.Map
}
-func NewIPSetManager(rules []*RuleConf) (*IPSetManager, error) {
+func NewIPSetManager(mainSet string, rules []*RuleConf) (*IPSetManager, error) {
fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_NETFILTER)
if err != nil {
logf("%s", err)
@@ -74,32 +78,37 @@ func NewIPSetManager(rules []*RuleConf) (*IPSetManager, error) {
return nil, err
}
- var domainSet sync.Map
+ m := &IPSetManager{fd: fd, lsa: lsa, mainSet: mainSet}
+
+ CreateSet(fd, lsa, mainSet)
+
for _, r := range rules {
- if r.IPSet == "" {
- continue
+ set := r.IPSet
+
+ if set != "" && set != m.mainSet {
+ CreateSet(fd, lsa, set)
+ } else {
+ set = m.mainSet
}
- CreateSet(fd, lsa, r.IPSet)
-
for _, domain := range r.Domain {
- domainSet.Store(domain, r.IPSet)
+ m.domainSet.Store(domain, set)
}
for _, ip := range r.IP {
+ AddToSet(fd, lsa, mainSet, ip)
AddToSet(fd, lsa, r.IPSet, ip)
}
- // TODO: add all ip in cidr to ipset
- // for _, s := range r.CIDR {
- // if _, cidr, err := net.ParseCIDR(s); err == nil {
- // rd.cidrMap.Store(cidr, sd)
- // }
- // }
+ for _, cidr := range r.CIDR {
+ AddToSet(fd, lsa, mainSet, cidr)
+ AddToSet(fd, lsa, r.IPSet, cidr)
+ }
+
}
- return &IPSetManager{fd: fd, lsa: lsa, domainSet: domainSet}, nil
+ return m, nil
}
// AddDomainIP used to update ipset according to domainSet rule
@@ -113,8 +122,8 @@ func (m *IPSetManager) AddDomainIP(domain, ip string) error {
// find in domainMap
if ipset, ok := m.domainSet.Load(domain); ok {
+ AddToSet(m.fd, m.lsa, m.mainSet, ip)
AddToSet(m.fd, m.lsa, ipset.(string), ip)
- logf("ipset: domain: %s, ip: %s\n", domain, ip)
}
}
@@ -123,11 +132,16 @@ func (m *IPSetManager) AddDomainIP(domain, ip string) error {
}
func CreateSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
+ if setName == "" {
+ return
+ }
+
if len(setName) > IPSET_MAXNAMELEN {
log.Fatal("ipset name too long")
}
- // req := NewNetlinkRequest(1538, syscall.NLM_F_REQUEST)
+ logf("ipset: create %s hash:net", setName)
+
req := NewNetlinkRequest(IPSET_CMD_CREATE|(NFNL_SUBSYS_IPSET<<8), syscall.NLM_F_REQUEST)
// TODO: support AF_INET6
@@ -140,7 +154,7 @@ func CreateSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
attrSiteName := NewRtAttr(IPSET_ATTR_SETNAME, ZeroTerminated(setName))
req.AddData(attrSiteName)
- attrSiteType := NewRtAttr(IPSET_ATTR_TYPENAME, ZeroTerminated("hash:ip"))
+ attrSiteType := NewRtAttr(IPSET_ATTR_TYPENAME, ZeroTerminated("hash:net"))
req.AddData(attrSiteType)
attrRev := NewRtAttr(IPSET_ATTR_REVISION, Uint8Attr(1))
@@ -157,14 +171,49 @@ func CreateSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
logf("%s", err)
}
+ FlushSet(fd, lsa, setName)
}
-func AddToSet(fd int, lsa syscall.SockaddrNetlink, setName, ipStr string) {
+func FlushSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
+ logf("ipset: flush %s", setName)
+
+ req := NewNetlinkRequest(IPSET_CMD_FLUSH|(NFNL_SUBSYS_IPSET<<8), syscall.NLM_F_REQUEST)
+
+ // TODO: support AF_INET6
+ req.AddData(NewNfGenMsg(syscall.AF_INET, 0, 0))
+ req.AddData(NewRtAttr(IPSET_ATTR_PROTOCOL, Uint8Attr(IPSET_PROTOCOL)))
+ req.AddData(NewRtAttr(IPSET_ATTR_SETNAME, ZeroTerminated(setName)))
+
+ err := syscall.Sendto(fd, req.Serialize(), 0, &lsa)
+ if err != nil {
+ logf("%s", err)
+ }
+
+}
+
+func AddToSet(fd int, lsa syscall.SockaddrNetlink, setName, entry string) {
+ if setName == "" {
+ return
+ }
+
if len(setName) > IPSET_MAXNAMELEN {
logf("ipset name too long")
}
- ip := net.ParseIP(ipStr).To4()
+ logf("ipset: add %s %s", setName, entry)
+
+ var ip net.IP
+ var cidr *net.IPNet
+
+ ip, cidr, err := net.ParseCIDR(entry)
+ if err != nil {
+ ip = net.ParseIP(entry)
+ }
+
+ if ip == nil {
+ logf("ipset: parse %s error", entry)
+ return
+ }
req := NewNetlinkRequest(IPSET_CMD_ADD|(NFNL_SUBSYS_IPSET<<8), syscall.NLM_F_REQUEST)
@@ -180,11 +229,20 @@ func AddToSet(fd int, lsa syscall.SockaddrNetlink, setName, ipStr string) {
attrNested := NewRtAttr(IPSET_ATTR_DATA|NLA_F_NESTED, nil)
attrIP := NewRtAttrChild(attrNested, IPSET_ATTR_IP|NLA_F_NESTED, nil)
- NewRtAttrChild(attrIP, IPSET_ATTR_IPADDR_IPV4|NLA_F_NET_BYTEORDER, ip)
- // NewRtAttrChild(attrNested, 9|NLA_F_NET_BYTEORDER, Uint32Attr(0))
+
+ // TODO: support ipV6
+ NewRtAttrChild(attrIP, IPSET_ATTR_IPADDR_IPV4|NLA_F_NET_BYTEORDER, ip.To4())
+
+ // for cidr prefix
+ if cidr != nil {
+ cidrPrefix, _ := cidr.Mask.Size()
+ NewRtAttrChild(attrNested, IPSET_ATTR_CIDR, Uint8Attr(uint8(cidrPrefix)))
+ }
+
+ NewRtAttrChild(attrNested, 9|NLA_F_NET_BYTEORDER, Uint32Attr(0))
req.AddData(attrNested)
- err := syscall.Sendto(fd, req.Serialize(), 0, &lsa)
+ err = syscall.Sendto(fd, req.Serialize(), 0, &lsa)
if err != nil {
logf("%s", err)
}
diff --git a/ipset_other.go b/ipset_other.go
index c10d654..1f2857f 100644
--- a/ipset_other.go
+++ b/ipset_other.go
@@ -7,7 +7,7 @@ import "errors"
type IPSetManager struct {
}
-func NewIPSetManager(rules []*RuleConf) (*IPSetManager, error) {
+func NewIPSetManager(mainSet string, rules []*RuleConf) (*IPSetManager, error) {
return nil, errors.New("ipset not supported on this os")
}
diff --git a/main.go b/main.go
index aad00b6..6ffed3a 100644
--- a/main.go
+++ b/main.go
@@ -43,9 +43,9 @@ func main() {
go local.ListenAndServe()
}
- ipsetM, err := NewIPSetManager(conf.rules)
+ ipsetM, err := NewIPSetManager(conf.IPSet, conf.rules)
if err != nil {
- logf("ipset error: %s", err)
+ logf("create ipset manager error: %s", err)
}
if conf.DNS != "" {
From ee6eec0b523887c5f6e8343d0a8aefb364986a66 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 31 Aug 2017 00:08:22 +0800
Subject: [PATCH 065/341] doc: update documents for ver0.4
---
.gitignore | 4 +--
README.md | 27 ++++++++++---------
conf.go | 4 +--
.../1.simple_proxy_service/glider.conf | 0
.../examples}/2.one_forwarder/glider.conf | 0
.../examples}/3.forward_chain/glider.conf | 0
.../4.multiple_forwarders/glider.conf | 0
.../5.rule_default_direct/glider.conf | 0
.../5.rule_default_direct/office.rule | 0
.../6.rule_default_forwarder/bypass.rule | 0
.../6.rule_default_forwarder/glider.conf | 0
.../7.rule_multiple_rule_files/glider.conf | 0
.../7.rule_multiple_rule_files/home.rule | 0
.../7.rule_multiple_rule_files/office.rule | 0
{examples => config/examples}/README.md | 0
.../glider.conf.example | 0
.../rules.d}/bypass.rule.example | 0
.../rules.d}/office.rule.example | 0
18 files changed, 19 insertions(+), 16 deletions(-)
rename {examples => config/examples}/1.simple_proxy_service/glider.conf (100%)
rename {examples => config/examples}/2.one_forwarder/glider.conf (100%)
rename {examples => config/examples}/3.forward_chain/glider.conf (100%)
rename {examples => config/examples}/4.multiple_forwarders/glider.conf (100%)
rename {examples => config/examples}/5.rule_default_direct/glider.conf (100%)
rename {examples => config/examples}/5.rule_default_direct/office.rule (100%)
rename {examples => config/examples}/6.rule_default_forwarder/bypass.rule (100%)
rename {examples => config/examples}/6.rule_default_forwarder/glider.conf (100%)
rename {examples => config/examples}/7.rule_multiple_rule_files/glider.conf (100%)
rename {examples => config/examples}/7.rule_multiple_rule_files/home.rule (100%)
rename {examples => config/examples}/7.rule_multiple_rule_files/office.rule (100%)
rename {examples => config/examples}/README.md (100%)
rename glider.conf.example => config/glider.conf.example (100%)
rename {rules.d => config/rules.d}/bypass.rule.example (100%)
rename {rules.d => config/rules.d}/office.rule.example (100%)
diff --git a/.gitignore b/.gitignore
index e16b335..f009e21 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,8 +18,8 @@
/*.conf
/*.rule
-rules.d/*.rule
-rules.d/*.list
+config/rules.d/*.rule
+config/rules.d/*.list
glider
bak/
diff --git a/README.md b/README.md
index 2dbbb26..176fb38 100644
--- a/README.md
+++ b/README.md
@@ -9,13 +9,18 @@ we can set up local listeners as proxy, and forward requests to internet via for
```
## Features
-Listen(local proxy):
+Listen(local server):
- Socks5 proxy
- Http proxy
- SS proxy
- Linux transparent proxy(iptables redirect)
- TCP tunnel
-- DNS tunnel(udp2tcp)
+- DNS forwarding server(udp2tcp)
+ - Listen on UDP and forward dns requests to remote dns server in TCP via forwarders
+ - Specify different upstream dns server based on destinations(in rule file)
+ - Tunnel mode: forward to a specified upstream dns server
+ - Add resolved IPs to proxy rules
+ - Add resolved IPs to ipset
Forward(upstream proxy):
- Socks5 proxy
@@ -27,14 +32,12 @@ General:
- Forward chain
- HA or RR strategy for multiple forwarders
- Periodical proxy checking
-- Rule proxy based on destionation: [Config Examples](examples)
+- Rule proxy based on destinations: [Config Examples](config/examples)
+- Ipset management
TODO:
-- [x] Specify different remote dns server in rule file
-- [x] Improve DNS forwarder to resolve domain name and add ip to proxy rules
-- [x] IPSet management
-- [x] Improve DNS forwarder to resolve domain name and add ip to ipset
-- [ ] UDP Tunnel & UDP Relay
+- [ ] UDP Tunnel
+- [ ] Linux tproxy support & UDP Relay
- [ ] TUN/TAP device support
- [ ] Code refactoring: support proxy registering so it can be pluggable
- [ ] Conditional compilation so we can abandon needless proxy type and get a smaller binary size
@@ -196,8 +199,8 @@ checkduration=30
#rulefile=home.rule
```
See:
-- [glider.conf.example](glider.conf.example)
-- [examples](examples)
+- [glider.conf.example](conf/glider.conf.example)
+- [examples](conf/examples)
## Rule File
Rule file, **same as the config file but specify forwarders based on destinations**:
@@ -221,8 +224,8 @@ ip=1.1.1.1
cidr=192.168.100.0/24
```
See:
-- [office.rule.example](rules.d/office.rule.example)
-- [examples](examples)
+- [office.rule.example](conf/rules.d/office.rule.example)
+- [examples](conf/examples)
## Service
- systemd: [https://github.com/nadoo/glider/blob/master/systemd/](https://github.com/nadoo/glider/blob/master/systemd/)
diff --git a/conf.go b/conf.go
index c18f9a4..bfd3866 100644
--- a/conf.go
+++ b/conf.go
@@ -39,7 +39,7 @@ func confInit() {
flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
flag.StringVar(&conf.RulesDir, "rules-dir", "rules.d", "rule file folder")
- flag.StringVar(&conf.DNS, "dns", "", "dns listen address")
+ flag.StringVar(&conf.DNS, "dns", "", "dns forwarder server listen address")
flag.StringSliceUniqVar(&conf.DNSServer, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
flag.StringVar(&conf.IPSet, "ipset", "", "ipset name")
@@ -146,7 +146,7 @@ func usage() {
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Available methods for ss:\n")
- // fmt.Fprintf(os.Stderr, " "+ListCipher())
+ fmt.Fprintf(os.Stderr, " "+ListCipher())
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305\n")
fmt.Fprintf(os.Stderr, "\n")
diff --git a/examples/1.simple_proxy_service/glider.conf b/config/examples/1.simple_proxy_service/glider.conf
similarity index 100%
rename from examples/1.simple_proxy_service/glider.conf
rename to config/examples/1.simple_proxy_service/glider.conf
diff --git a/examples/2.one_forwarder/glider.conf b/config/examples/2.one_forwarder/glider.conf
similarity index 100%
rename from examples/2.one_forwarder/glider.conf
rename to config/examples/2.one_forwarder/glider.conf
diff --git a/examples/3.forward_chain/glider.conf b/config/examples/3.forward_chain/glider.conf
similarity index 100%
rename from examples/3.forward_chain/glider.conf
rename to config/examples/3.forward_chain/glider.conf
diff --git a/examples/4.multiple_forwarders/glider.conf b/config/examples/4.multiple_forwarders/glider.conf
similarity index 100%
rename from examples/4.multiple_forwarders/glider.conf
rename to config/examples/4.multiple_forwarders/glider.conf
diff --git a/examples/5.rule_default_direct/glider.conf b/config/examples/5.rule_default_direct/glider.conf
similarity index 100%
rename from examples/5.rule_default_direct/glider.conf
rename to config/examples/5.rule_default_direct/glider.conf
diff --git a/examples/5.rule_default_direct/office.rule b/config/examples/5.rule_default_direct/office.rule
similarity index 100%
rename from examples/5.rule_default_direct/office.rule
rename to config/examples/5.rule_default_direct/office.rule
diff --git a/examples/6.rule_default_forwarder/bypass.rule b/config/examples/6.rule_default_forwarder/bypass.rule
similarity index 100%
rename from examples/6.rule_default_forwarder/bypass.rule
rename to config/examples/6.rule_default_forwarder/bypass.rule
diff --git a/examples/6.rule_default_forwarder/glider.conf b/config/examples/6.rule_default_forwarder/glider.conf
similarity index 100%
rename from examples/6.rule_default_forwarder/glider.conf
rename to config/examples/6.rule_default_forwarder/glider.conf
diff --git a/examples/7.rule_multiple_rule_files/glider.conf b/config/examples/7.rule_multiple_rule_files/glider.conf
similarity index 100%
rename from examples/7.rule_multiple_rule_files/glider.conf
rename to config/examples/7.rule_multiple_rule_files/glider.conf
diff --git a/examples/7.rule_multiple_rule_files/home.rule b/config/examples/7.rule_multiple_rule_files/home.rule
similarity index 100%
rename from examples/7.rule_multiple_rule_files/home.rule
rename to config/examples/7.rule_multiple_rule_files/home.rule
diff --git a/examples/7.rule_multiple_rule_files/office.rule b/config/examples/7.rule_multiple_rule_files/office.rule
similarity index 100%
rename from examples/7.rule_multiple_rule_files/office.rule
rename to config/examples/7.rule_multiple_rule_files/office.rule
diff --git a/examples/README.md b/config/examples/README.md
similarity index 100%
rename from examples/README.md
rename to config/examples/README.md
diff --git a/glider.conf.example b/config/glider.conf.example
similarity index 100%
rename from glider.conf.example
rename to config/glider.conf.example
diff --git a/rules.d/bypass.rule.example b/config/rules.d/bypass.rule.example
similarity index 100%
rename from rules.d/bypass.rule.example
rename to config/rules.d/bypass.rule.example
diff --git a/rules.d/office.rule.example b/config/rules.d/office.rule.example
similarity index 100%
rename from rules.d/office.rule.example
rename to config/rules.d/office.rule.example
From a839f8d195ae25b127d4a1fd942ea8385c137705 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 31 Aug 2017 00:53:24 +0800
Subject: [PATCH 066/341] config: add new settings in examples for ver 0.4
---
README.md | 34 ++++++++++++++++++++++++------
config/glider.conf.example | 31 +++++++++++++++++++++++++--
config/rules.d/bypass.rule.example | 6 +++++-
config/rules.d/office.list.example | 7 ++++++
config/rules.d/office.rule.example | 30 ++++++++++++++++++--------
5 files changed, 90 insertions(+), 18 deletions(-)
create mode 100644 config/rules.d/office.list.example
diff --git a/README.md b/README.md
index 176fb38..e41c819 100644
--- a/README.md
+++ b/README.md
@@ -34,6 +34,8 @@ General:
- Periodical proxy checking
- Rule proxy based on destinations: [Config Examples](config/examples)
- Ipset management
+ - Add ip/cidrs in rule files on startup
+ - Add resolved ips for domains in rule files by dns forwarder server
TODO:
- [ ] UDP Tunnel
@@ -171,8 +173,8 @@ verbose
# listen on 8443, serve as http/socks5 proxy on the same port.
listen=:8443
-# listen on udp port 53, forward dns requests via tcp protocol
-listen=dnstun://:53=8.8.8.8:53
+# listen on udp port 5353, forward dns requests via tcp protocol
+listen=dnstun://:5353=8.8.8.8:53
# upstream forward proxy
forward=socks5://192.168.1.10:1080
@@ -194,13 +196,26 @@ checkwebsite=www.apple.com
# check duration
checkduration=30
+
+# Setup a dns forwarding server
+dns://53
+# global remote dns server (you can specify different dns server in rule file)
+dnsserver=8.8.8.8:53
+
+# Create and mange ipset on linux based on destinations in rule files
+# - add ip/cidrs in rule files on startup
+# - add resolved ips for domains in rule files by dns forwarder server
+# Usually used in transparent proxy mode on linux
+ipset=glider
+
# RULE FILES
+rules-dir=rules.d
#rulefile=office.rule
#rulefile=home.rule
```
See:
-- [glider.conf.example](conf/glider.conf.example)
-- [examples](conf/examples)
+- [glider.conf.example](config/glider.conf.example)
+- [examples](config/examples)
## Rule File
Rule file, **same as the config file but specify forwarders based on destinations**:
@@ -213,6 +228,9 @@ strategy=rr
checkwebsite=www.apple.com
checkduration=30
+# DNS SERVER for domains in this rule file
+dnsserver=208.67.222.222:53
+
# YOU CAN SPECIFY DESTINATIONS TO USE THE ABOVE FORWARDERS
# matches abc.com and *.abc.com
domain=abc.com
@@ -222,10 +240,14 @@ ip=1.1.1.1
# matches 192.168.100.0/24
cidr=192.168.100.0/24
+
+# we can include a list file with only destinations settings
+include=office.list.example
+
```
See:
-- [office.rule.example](conf/rules.d/office.rule.example)
-- [examples](conf/examples)
+- [office.rule.example](config/rules.d/office.rule.example)
+- [examples](config/examples)
## Service
- systemd: [https://github.com/nadoo/glider/blob/master/systemd/](https://github.com/nadoo/glider/blob/master/systemd/)
diff --git a/config/glider.conf.example b/config/glider.conf.example
index 0d62abb..48f5679 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -49,9 +49,10 @@ listen=socks5://:1080
# listen on 1082 as a tcp tunnel, all requests to :1082 will be forward to 1.1.1.1:80
# listen=tcptun://:1082=1.1.1.1:80
-# listen on udp port 53, act as a local dns server,
+# a dnstun is a special dns forwarder server with a fixed remote dns
+# listen on udp port 5353, act as a local dns server,
# forward all requests to 8.8.8.8:53 via tcp protocol
-# listen=dnstun://:53=8.8.8.8:53
+# listen=dnstun://:5353=8.8.8.8:53
# FORWARDERS
@@ -74,6 +75,7 @@ listen=socks5://:1080
# use comma to separate different upstream forward proxies.
#forward=http://1.1.1.1:8080,socks5://2.2.2.2:1080
+
# FORWARDE STRATEGY
# -----------------
# If we set up multiple forwarders, we can use them in our own strategy.
@@ -96,8 +98,33 @@ checkwebsite=www.apple.com
checkduration=30
+# DNS FORWARDING SERVER
+# ----------------
+# A dns forwarding server listens on UDP and forward dns requests to remote dns server in TCP via forwarders
+# we can specify different upstream dns server in rule file for different destinations
+
+# Setup a dns forwarding server
+dns://53
+# global remote dns server (you can specify different dns server in rule file)
+dnsserver=8.8.8.8:53
+
+
+# IPSET MANAGEMENT
+# ----------------
+# Create and mange ipset on linux based on destinations in rule files
+# - add ip/cidrs in rule files on startup
+# - add resolved ips for domains in rule files by dns forwarder server
+# Usually used in transparent proxy mode on linux
+ipset=glider
+
+
# RULE FILES
# ----------
# Specify additional forward rules
+
+# specify rules folder, so all *.rule files under this folder will be parsed as rule file
+rules-dir=rules.d
+
+# specify a rule file
#rulefile=office.rule
#rulefile=home.rule
diff --git a/config/rules.d/bypass.rule.example b/config/rules.d/bypass.rule.example
index 6fba3c9..a7fafa0 100644
--- a/config/rules.d/bypass.rule.example
+++ b/config/rules.d/bypass.rule.example
@@ -1,3 +1,7 @@
+# Specify destinations in rule file without forwarders, so glider will bypass
+# all forwarders and direct connect them instead
+
ip=127.0.0.1
-cidr=192.168.1.0/24
\ No newline at end of file
+cidr=192.168.1.0/24
+domain=bypass.com
diff --git a/config/rules.d/office.list.example b/config/rules.d/office.list.example
new file mode 100644
index 0000000..cf20b6d
--- /dev/null
+++ b/config/rules.d/office.list.example
@@ -0,0 +1,7 @@
+
+domain=mycompany.com
+domain=mycompany1.com
+ip=4.4.4.4
+ip=5.5.5.5
+cidr=cidr=172.16.101.0/24
+cidr=cidr=172.16.102.0/24
\ No newline at end of file
diff --git a/config/rules.d/office.rule.example b/config/rules.d/office.rule.example
index 2635c84..fabf3bb 100644
--- a/config/rules.d/office.rule.example
+++ b/config/rules.d/office.rule.example
@@ -10,27 +10,39 @@ forward=socks5://192.168.1.10:1080
forward=ss://method:pass@1.1.1.1:8443
forward=http://192.168.2.1:8080,socks5://192.168.2.2:1080
+# STRATEGY for multiple forwarders. rr|ha
strategy=rr
+# FORWARDER CHECK SETTINGS
checkwebsite=www.apple.com
checkduration=30
+# DNS SERVER for domains in this rule file
+dnsserver=208.67.222.222:53
+
+# IPSET
+# specify a ipset for destinations in this rule file
+#ipset=office
+
# DESTINATIONS
# ------------
# ALL destinations matches the following rules will be forward using forwarders specified above
-# matches abc.com and *.abc.com
-domain=abc.com
-
-# matches 1.1.1.1
-ip=1.1.1.1
-
-# matches 192.168.100.0/24
-cidr=192.168.100.0/24
+# INCLUDE FILE
+# we can include a list file with only destinations settings
+include=office.list.example
+# matches example.com and *.example.com
+domain=example.com
domain=example1.com
domain=example2.com
domain=example3.com
+
+# matches ip
+ip=1.1.1.1
ip=2.2.2.2
ip=3.3.3.3
-cidr=172.16.0.0/24
+
+# matches a ip net
+cidr=192.168.100.0/24
+cidr=172.16.100.0/24
From 432dc9485bb15fa6ab689b60bc6533e91e00364a Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 31 Aug 2017 01:19:49 +0800
Subject: [PATCH 067/341] examples: add example 7. Transparent Proxy with
dnsmasq
---
.../7.rule_multiple_rule_files/glider.conf | 8 +---
.../{ => rules.d}/home.rule | 0
.../{ => rules.d}/office.rule | 0
.../README.md | 43 +++++++++++++++++++
.../glider.conf | 16 +++++++
.../rules.d/home.rule | 18 ++++++++
.../rules.d/office.rule | 18 ++++++++
.../glider.conf | 8 ++++
config/glider.conf.example | 2 +-
9 files changed, 106 insertions(+), 7 deletions(-)
rename config/examples/7.rule_multiple_rule_files/{ => rules.d}/home.rule (100%)
rename config/examples/7.rule_multiple_rule_files/{ => rules.d}/office.rule (100%)
create mode 100644 config/examples/8.transparent_proxy_with_dnsmasq/README.md
create mode 100644 config/examples/8.transparent_proxy_with_dnsmasq/glider.conf
create mode 100644 config/examples/8.transparent_proxy_with_dnsmasq/rules.d/home.rule
create mode 100644 config/examples/8.transparent_proxy_with_dnsmasq/rules.d/office.rule
create mode 100644 config/examples/9.transparent_proxy_without_dnsmasq/glider.conf
diff --git a/config/examples/7.rule_multiple_rule_files/glider.conf b/config/examples/7.rule_multiple_rule_files/glider.conf
index 43f291e..07a480f 100644
--- a/config/examples/7.rule_multiple_rule_files/glider.conf
+++ b/config/examples/7.rule_multiple_rule_files/glider.conf
@@ -4,9 +4,5 @@ verbose=True
listen=:8443
-# NOTE HERE:
-# specify a rule file
-rulefile=office.rule
-
-# specify another rule file
-rulefile=home.rule
\ No newline at end of file
+# parse all *.rule files in rules.d folder
+rules-dir=rules.d
diff --git a/config/examples/7.rule_multiple_rule_files/home.rule b/config/examples/7.rule_multiple_rule_files/rules.d/home.rule
similarity index 100%
rename from config/examples/7.rule_multiple_rule_files/home.rule
rename to config/examples/7.rule_multiple_rule_files/rules.d/home.rule
diff --git a/config/examples/7.rule_multiple_rule_files/office.rule b/config/examples/7.rule_multiple_rule_files/rules.d/office.rule
similarity index 100%
rename from config/examples/7.rule_multiple_rule_files/office.rule
rename to config/examples/7.rule_multiple_rule_files/rules.d/office.rule
diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/README.md b/config/examples/8.transparent_proxy_with_dnsmasq/README.md
new file mode 100644
index 0000000..6017073
--- /dev/null
+++ b/config/examples/8.transparent_proxy_with_dnsmasq/README.md
@@ -0,0 +1,43 @@
+
+## 7. Transparent Proxy with dnsmasq
+
+#### Setup a redirect proxy and a dnstunnel with glider
+glider.conf
+```bash
+verbose=True
+listen=redir://:1081
+listen=dnstun://5353=8.8.8.8:53
+forward=http://forwarder1:8080,socks5://forwarder2:1080
+forward=http://1.1.1.1:8080
+strategy=rr
+checkwebsite=www.apple.com
+checkduration=30
+```
+
+#### Create a ipset manually
+```bash
+ipset create myset hash:ip
+```
+
+#### Config dnsmasq
+```bash
+server=/example1.com/127.0.0.1#5353
+ipset=/example1.com/myset
+server=/example2.com/127.0.0.1#5353
+ipset=/example2.com/myset
+server=/example3.com/127.0.0.1#5353
+ipset=/example4.com/myset
+```
+
+#### Config iptables on your linux gateway
+```bash
+iptables -t nat -I PREROUTING -p tcp -m set --match-set myset dst -j REDIRECT --to-ports 1081
+iptables -t nat -I OUTPUT -p tcp -m set --match-set myset dst -j REDIRECT --to-ports 1081
+```
+
+Now you can startup glider and dnsmasq, the whole process:
+1. all dns requests for domain example1.com will be forward to glider(:5353) by dnsmasq
+2. glider will forward dns requests to 8.8.8.8:53 in tcp via forwarders
+3. the resolved ip address will be add to ipset "myset" by dnsmasq
+4. all tcp requests to example1.com will be redirect to glider(:1081)
+5. glider then forward requests to example1.com via forwarders
diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf b/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf
new file mode 100644
index 0000000..c13a953
--- /dev/null
+++ b/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf
@@ -0,0 +1,16 @@
+
+# Verbose mode, print logs
+verbose=True
+
+listen=redir://:1081
+listen=dnstun://5353=8.8.8.8:53
+
+forward=http://forwarder1:8080,socks5://forwarder2:1080
+forward=http://1.1.1.1:8080
+
+strategy=rr
+checkwebsite=www.apple.com
+checkduration=30
+
+# parse all *.rule files in rules.d folder
+#rules-dir=rules.d
diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/rules.d/home.rule b/config/examples/8.transparent_proxy_with_dnsmasq/rules.d/home.rule
new file mode 100644
index 0000000..06759cb
--- /dev/null
+++ b/config/examples/8.transparent_proxy_with_dnsmasq/rules.d/home.rule
@@ -0,0 +1,18 @@
+
+
+forward=http://forwarder4:8080
+
+# first connect forwarder1 then forwarder2 then internet
+forward=http://forwarder5:8080,socks6://forwarder3:1080
+
+
+# Round Robin mode: rr
+# High Availability mode: ha
+strategy=rr
+
+checkwebsite=www.apple.com
+checkduration=30
+
+
+# matches 192.168.0.0/16
+cidr=192.168.0.0/16
diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/rules.d/office.rule b/config/examples/8.transparent_proxy_with_dnsmasq/rules.d/office.rule
new file mode 100644
index 0000000..3ff311f
--- /dev/null
+++ b/config/examples/8.transparent_proxy_with_dnsmasq/rules.d/office.rule
@@ -0,0 +1,18 @@
+
+
+forward=http://forwarder1:8080
+
+# first connect forwarder2 then forwarder3 then internet
+forward=http://forwarder2:8080,socks5://forwarder3:1080
+
+
+# Round Robin mode: rr
+# High Availability mode: ha
+strategy=rr
+
+checkwebsite=www.apple.com
+checkduration=30
+
+
+# matches 172.16.0.0/24
+cidr=172.16.0.0/24
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/glider.conf b/config/examples/9.transparent_proxy_without_dnsmasq/glider.conf
new file mode 100644
index 0000000..07a480f
--- /dev/null
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/glider.conf
@@ -0,0 +1,8 @@
+
+# Verbose mode, print logs
+verbose=True
+
+listen=:8443
+
+# parse all *.rule files in rules.d folder
+rules-dir=rules.d
diff --git a/config/glider.conf.example b/config/glider.conf.example
index 48f5679..a5f1721 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -113,7 +113,7 @@ dnsserver=8.8.8.8:53
# ----------------
# Create and mange ipset on linux based on destinations in rule files
# - add ip/cidrs in rule files on startup
-# - add resolved ips for domains in rule files by dns forwarder server
+# - add resolved ips for domains in rule files by dns forwarding server
# Usually used in transparent proxy mode on linux
ipset=glider
From 5b9dc1563af4ec6247586284bc610473f8da3900 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 31 Aug 2017 01:23:26 +0800
Subject: [PATCH 068/341] examples: add link in README file
---
.../examples/8.transparent_proxy_with_dnsmasq/README.md | 2 +-
config/examples/README.md | 8 +++++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/README.md b/config/examples/8.transparent_proxy_with_dnsmasq/README.md
index 6017073..1a40945 100644
--- a/config/examples/8.transparent_proxy_with_dnsmasq/README.md
+++ b/config/examples/8.transparent_proxy_with_dnsmasq/README.md
@@ -1,5 +1,5 @@
-## 7. Transparent Proxy with dnsmasq
+## 8. Transparent Proxy with dnsmasq
#### Setup a redirect proxy and a dnstunnel with glider
glider.conf
diff --git a/config/examples/README.md b/config/examples/README.md
index d0aa9a9..f4af294 100644
--- a/config/examples/README.md
+++ b/config/examples/README.md
@@ -89,4 +89,10 @@ Destinations specified in rule file2:
|Forwarder5 --> Forwarder6->...|
```
-- [rule_multiple_rule_files](7.rule_multiple_rule_files)
\ No newline at end of file
+- [rule_multiple_rule_files](7.rule_multiple_rule_files)
+
+## 8. Transparent Proxy with Dnsmasq
+- [transparent_proxy_with_dnsmasq](8.transparent_proxy_with_dnsmasq)
+
+## 9. Transparent Proxy without Dnsmasq
+- [transparent_proxy_without_dnsmasq](9.transparent_proxy_without_dnsmasq)
\ No newline at end of file
From 73f0987b965746bc45eb5c48142c56bd4a57948b Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 31 Aug 2017 11:03:34 +0800
Subject: [PATCH 069/341] examples: add 9. Transparent Proxy without dnsmasq
---
README.md | 4 +-
.../glider.conf | 3 -
.../README.md | 60 +++++++++++++++++++
.../glider.conf | 10 +++-
.../rules.d/home.rule | 0
.../rules.d/office.list | 7 +++
.../rules.d/office.rule | 15 ++++-
7 files changed, 90 insertions(+), 9 deletions(-)
create mode 100644 config/examples/9.transparent_proxy_without_dnsmasq/README.md
rename config/examples/{8.transparent_proxy_with_dnsmasq => 9.transparent_proxy_without_dnsmasq}/rules.d/home.rule (100%)
create mode 100644 config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.list
rename config/examples/{8.transparent_proxy_with_dnsmasq => 9.transparent_proxy_without_dnsmasq}/rules.d/office.rule (50%)
diff --git a/README.md b/README.md
index e41c819..331b612 100644
--- a/README.md
+++ b/README.md
@@ -34,8 +34,8 @@ General:
- Periodical proxy checking
- Rule proxy based on destinations: [Config Examples](config/examples)
- Ipset management
- - Add ip/cidrs in rule files on startup
- - Add resolved ips for domains in rule files by dns forwarder server
+ - Add ip/cidrs from rule files on startup
+ - Add resolved ips for domains from rule files by dns forwarding server
TODO:
- [ ] UDP Tunnel
diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf b/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf
index c13a953..ea68297 100644
--- a/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf
+++ b/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf
@@ -11,6 +11,3 @@ forward=http://1.1.1.1:8080
strategy=rr
checkwebsite=www.apple.com
checkduration=30
-
-# parse all *.rule files in rules.d folder
-#rules-dir=rules.d
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/README.md b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
new file mode 100644
index 0000000..0b4062e
--- /dev/null
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
@@ -0,0 +1,60 @@
+
+## 9. Transparent Proxy without dnsmasq
+
+In this mode, glider will act as the following roles:
+1. A transparent proxy server
+2. A dns forwarding server
+3. A ipset manager
+so you don't need any dns server in your network.
+
+#### Glider Configuration
+##### glider.conf
+```bash
+verbose=True
+# as a redir proxy
+listen=redir://:1081
+# as a dns forwarding server
+dns=:53
+dnsserver=8.8.8.8:53
+# as a ipset manager
+ipset=glider
+# specify rule files
+rules-dir=rules.d
+```
+
+##### office.rule
+```bash
+# add your forwarders
+forward=http://forwarder1:8080,socks5://forwarder2:1080
+forward=http://1.1.1.1:8080
+strategy=rr
+checkwebsite=www.apple.com
+checkduration=30
+# specify a different dns server(if need)
+dnsserver=208.67.222.222:53
+
+# specify destinations
+#include=office.list.example
+domain=example1.com
+domain=example2.com
+# matches ip
+ip=1.1.1.1
+ip=2.2.2.2
+# matches a ip net
+cidr=192.168.100.0/24
+cidr=172.16.100.0/24
+```
+
+#### Config iptables on your linux gateway
+```bash
+iptables -t nat -I PREROUTING -p tcp -m set --match-set glider dst -j REDIRECT --to-ports 1081
+iptables -t nat -I OUTPUT -p tcp -m set --match-set glider dst -j REDIRECT --to-ports 1081
+```
+
+Now you can startup glider and dnsmasq, the whole process:
+1.
+1. all dns requests for domain example1.com will be forward to glider(:5353) by dnsmasq
+2. glider will forward dns requests to 8.8.8.8:53 in tcp via forwarders
+3. the resolved ip address will be add to ipset "myset" by dnsmasq
+4. all tcp requests to example1.com will be redirect to glider(:1081)
+5. glider then forward requests to example1.com via forwarders
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/glider.conf b/config/examples/9.transparent_proxy_without_dnsmasq/glider.conf
index 07a480f..b78826c 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/glider.conf
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/glider.conf
@@ -2,7 +2,15 @@
# Verbose mode, print logs
verbose=True
-listen=:8443
+# as a redir proxy
+listen=redir://:1081
+
+# as a dns forwarding server
+dns=:53
+dnsserver=8.8.8.8:53
+
+# as a ipset manager
+ipset=glider
# parse all *.rule files in rules.d folder
rules-dir=rules.d
diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/rules.d/home.rule b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/home.rule
similarity index 100%
rename from config/examples/8.transparent_proxy_with_dnsmasq/rules.d/home.rule
rename to config/examples/9.transparent_proxy_without_dnsmasq/rules.d/home.rule
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.list b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.list
new file mode 100644
index 0000000..cf20b6d
--- /dev/null
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.list
@@ -0,0 +1,7 @@
+
+domain=mycompany.com
+domain=mycompany1.com
+ip=4.4.4.4
+ip=5.5.5.5
+cidr=cidr=172.16.101.0/24
+cidr=cidr=172.16.102.0/24
\ No newline at end of file
diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/rules.d/office.rule b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.rule
similarity index 50%
rename from config/examples/8.transparent_proxy_with_dnsmasq/rules.d/office.rule
rename to config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.rule
index 3ff311f..f6db0fb 100644
--- a/config/examples/8.transparent_proxy_with_dnsmasq/rules.d/office.rule
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.rule
@@ -9,10 +9,19 @@ forward=http://forwarder2:8080,socks5://forwarder3:1080
# Round Robin mode: rr
# High Availability mode: ha
strategy=rr
-
checkwebsite=www.apple.com
checkduration=30
+# specify a different dns server(if need)
+dnsserver=208.67.222.222:53
-# matches 172.16.0.0/24
-cidr=172.16.0.0/24
+# specify destinations
+#include=office.list
+domain=example1.com
+domain=example2.com
+# matches ip
+ip=1.1.1.1
+ip=2.2.2.2
+# matches a ip net
+cidr=192.168.100.0/24
+cidr=172.16.100.0/24
From 95aa3fa38f6081d359f0f2d1902d34d747afb31a Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 31 Aug 2017 11:30:27 +0800
Subject: [PATCH 070/341] examples: update doc for "9. Transparent Proxy
without dnsmasq"
---
.../README.md | 2 +-
.../README.md | 44 +++++++++++++++----
2 files changed, 37 insertions(+), 9 deletions(-)
diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/README.md b/config/examples/8.transparent_proxy_with_dnsmasq/README.md
index 1a40945..c56c668 100644
--- a/config/examples/8.transparent_proxy_with_dnsmasq/README.md
+++ b/config/examples/8.transparent_proxy_with_dnsmasq/README.md
@@ -35,7 +35,7 @@ iptables -t nat -I PREROUTING -p tcp -m set --match-set myset dst -j REDIRECT --
iptables -t nat -I OUTPUT -p tcp -m set --match-set myset dst -j REDIRECT --to-ports 1081
```
-Now you can startup glider and dnsmasq, the whole process:
+#### When client requests network, the whole process:
1. all dns requests for domain example1.com will be forward to glider(:5353) by dnsmasq
2. glider will forward dns requests to 8.8.8.8:53 in tcp via forwarders
3. the resolved ip address will be add to ipset "myset" by dnsmasq
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/README.md b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
index 0b4062e..a0a2a98 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/README.md
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
@@ -1,23 +1,29 @@
## 9. Transparent Proxy without dnsmasq
+### Glider Roles:
In this mode, glider will act as the following roles:
1. A transparent proxy server
2. A dns forwarding server
3. A ipset manager
+
so you don't need any dns server in your network.
#### Glider Configuration
##### glider.conf
```bash
verbose=True
+
# as a redir proxy
listen=redir://:1081
+
# as a dns forwarding server
dns=:53
dnsserver=8.8.8.8:53
+
# as a ipset manager
ipset=glider
+
# specify rule files
rules-dir=rules.d
```
@@ -30,11 +36,13 @@ forward=http://1.1.1.1:8080
strategy=rr
checkwebsite=www.apple.com
checkduration=30
+
# specify a different dns server(if need)
dnsserver=208.67.222.222:53
# specify destinations
-#include=office.list.example
+include=office.list
+
domain=example1.com
domain=example2.com
# matches ip
@@ -45,16 +53,36 @@ cidr=192.168.100.0/24
cidr=172.16.100.0/24
```
+##### office.list
+```bash
+# destinations list
+domain=mycompany.com
+domain=mycompany1.com
+ip=4.4.4.4
+ip=5.5.5.5
+cidr=cidr=172.16.101.0/24
+cidr=cidr=172.16.102.0/24
+```
+
#### Config iptables on your linux gateway
```bash
iptables -t nat -I PREROUTING -p tcp -m set --match-set glider dst -j REDIRECT --to-ports 1081
iptables -t nat -I OUTPUT -p tcp -m set --match-set glider dst -j REDIRECT --to-ports 1081
```
-Now you can startup glider and dnsmasq, the whole process:
-1.
-1. all dns requests for domain example1.com will be forward to glider(:5353) by dnsmasq
-2. glider will forward dns requests to 8.8.8.8:53 in tcp via forwarders
-3. the resolved ip address will be add to ipset "myset" by dnsmasq
-4. all tcp requests to example1.com will be redirect to glider(:1081)
-5. glider then forward requests to example1.com via forwarders
+#### Client DNS settings
+use the linux server'ip as your dns server
+
+#### When client requesting to access http://example1.com(in office.rule), the whole process:
+- dns resolving:
+ 1. client send a udp dns request to linux server, and the glider will receive the request(as it listen on default dns port :53)
+ 2. upstream dns server choice: glider will lookup it's rule config and find out the dns server to use for this domain(matched "example1.com" in office.rule, so 208.67.222.222:53 will be choosen)
+ 3. glider uses the forwarder in office.rule to ask 208.67.222.222:53 for the resolve answers
+ 4. glider updates it's office rule config, add the resolved ip address to it
+ 5. glider adds the resolved ip into ipset "glider", and return the dns answer to client
+- access the destination:
+ 1. client send http request to the resolved ip of example1.com
+ 2. as the default gateway, linux server will get the request
+ 3. iptabes matches the ip in ipset "glider" and redirect this request to :1081(glider)
+ 4. glider will now get the request and find the ip in the office rule, and then choose the forwarder in office.rule to complete the request
+
From 9110354b230afa32e1c2dff8fefddb6ca5ea8758 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 31 Aug 2017 11:45:01 +0800
Subject: [PATCH 071/341] doc: update README files
---
README.md | 92 +------------------
config/README.md | 91 ++++++++++++++++++
.../README.md | 15 +--
3 files changed, 104 insertions(+), 94 deletions(-)
create mode 100644 config/README.md
diff --git a/README.md b/README.md
index 331b612..7fe6f9b 100644
--- a/README.md
+++ b/README.md
@@ -158,96 +158,14 @@ Examples:
-listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.
```
-## Config File
-Command:
-```bash
-glider -config glider.conf
-```
-Config file, **just use the command line flag name as the key name**:
-```bash
-### glider config file
-
-# verbose mode, print logs
-verbose
-
-# listen on 8443, serve as http/socks5 proxy on the same port.
-listen=:8443
-
-# listen on udp port 5353, forward dns requests via tcp protocol
-listen=dnstun://:5353=8.8.8.8:53
-
-# upstream forward proxy
-forward=socks5://192.168.1.10:1080
-
-# upstream forward proxy
-forward=ss://method:pass@1.1.1.1:8443
-
-# upstream forward proxy (forward chain)
-forward=http://1.1.1.1:8080,socks5://2.2.2.2:1080
-
-# multiple upstream proxies forwad strategy
-strategy=rr
-
-# Used to connect via forwarders, if the host is unreachable, the forwarder
-# will be set to disabled.
-# MUST be a HTTP website server address, format: HOST[:PORT]. HTTPS NOT SUPPORTED.
-checkwebsite=www.apple.com
-
-# check duration
-checkduration=30
-
-
-# Setup a dns forwarding server
-dns://53
-# global remote dns server (you can specify different dns server in rule file)
-dnsserver=8.8.8.8:53
-
-# Create and mange ipset on linux based on destinations in rule files
-# - add ip/cidrs in rule files on startup
-# - add resolved ips for domains in rule files by dns forwarder server
-# Usually used in transparent proxy mode on linux
-ipset=glider
-
-# RULE FILES
-rules-dir=rules.d
-#rulefile=office.rule
-#rulefile=home.rule
-```
-See:
+## Advance Usage
+- [config file & rule file](config)
- [glider.conf.example](config/glider.conf.example)
-- [examples](config/examples)
-
-## Rule File
-Rule file, **same as the config file but specify forwarders based on destinations**:
-```bash
-# YOU CAN USE ALL KEYS IN THE GLOBAL CONFIG FILE EXCEPT "listen", "rulefile"
-forward=socks5://192.168.1.10:1080
-forward=ss://method:pass@1.1.1.1:8443
-forward=http://192.168.2.1:8080,socks5://192.168.2.2:1080
-strategy=rr
-checkwebsite=www.apple.com
-checkduration=30
-
-# DNS SERVER for domains in this rule file
-dnsserver=208.67.222.222:53
-
-# YOU CAN SPECIFY DESTINATIONS TO USE THE ABOVE FORWARDERS
-# matches abc.com and *.abc.com
-domain=abc.com
-
-# matches 1.1.1.1
-ip=1.1.1.1
-
-# matches 192.168.100.0/24
-cidr=192.168.100.0/24
-
-# we can include a list file with only destinations settings
-include=office.list.example
-
-```
-See:
- [office.rule.example](config/rules.d/office.rule.example)
- [examples](config/examples)
+- Transparent Proxy:
+ - [with dnsmasq](config/examples/8.transparent_proxy_with_dnsmasq)
+ - [without dnsmasq](config/examples/9.transparent_proxy_without_dnsmasq)
## Service
- systemd: [https://github.com/nadoo/glider/blob/master/systemd/](https://github.com/nadoo/glider/blob/master/systemd/)
diff --git a/config/README.md b/config/README.md
new file mode 100644
index 0000000..05e8137
--- /dev/null
+++ b/config/README.md
@@ -0,0 +1,91 @@
+
+## Config File
+Command:
+```bash
+glider -config glider.conf
+```
+Config file, **just use the command line flag name as the key name**:
+```bash
+### glider config file
+
+# verbose mode, print logs
+verbose
+
+# listen on 8443, serve as http/socks5 proxy on the same port.
+listen=:8443
+
+# listen on udp port 5353, forward dns requests via tcp protocol
+listen=dnstun://:5353=8.8.8.8:53
+
+# upstream forward proxy
+forward=socks5://192.168.1.10:1080
+
+# upstream forward proxy
+forward=ss://method:pass@1.1.1.1:8443
+
+# upstream forward proxy (forward chain)
+forward=http://1.1.1.1:8080,socks5://2.2.2.2:1080
+
+# multiple upstream proxies forwad strategy
+strategy=rr
+
+# Used to connect via forwarders, if the host is unreachable, the forwarder
+# will be set to disabled.
+# MUST be a HTTP website server address, format: HOST[:PORT]. HTTPS NOT SUPPORTED.
+checkwebsite=www.apple.com
+
+# check duration
+checkduration=30
+
+
+# Setup a dns forwarding server
+dns://53
+# global remote dns server (you can specify different dns server in rule file)
+dnsserver=8.8.8.8:53
+
+# Create and mange ipset on linux based on destinations in rule files
+# - add ip/cidrs in rule files on startup
+# - add resolved ips for domains in rule files by dns forwarder server
+# Usually used in transparent proxy mode on linux
+ipset=glider
+
+# RULE FILES
+rules-dir=rules.d
+#rulefile=office.rule
+#rulefile=home.rule
+```
+See:
+- [glider.conf.example](config/glider.conf.example)
+- [examples](config/examples)
+
+## Rule File
+Rule file, **same as the config file but specify forwarders based on destinations**:
+```bash
+# YOU CAN USE ALL KEYS IN THE GLOBAL CONFIG FILE EXCEPT "listen", "rulefile"
+forward=socks5://192.168.1.10:1080
+forward=ss://method:pass@1.1.1.1:8443
+forward=http://192.168.2.1:8080,socks5://192.168.2.2:1080
+strategy=rr
+checkwebsite=www.apple.com
+checkduration=30
+
+# DNS SERVER for domains in this rule file
+dnsserver=208.67.222.222:53
+
+# YOU CAN SPECIFY DESTINATIONS TO USE THE ABOVE FORWARDERS
+# matches abc.com and *.abc.com
+domain=abc.com
+
+# matches 1.1.1.1
+ip=1.1.1.1
+
+# matches 192.168.100.0/24
+cidr=192.168.100.0/24
+
+# we can include a list file with only destinations settings
+include=office.list.example
+
+```
+See:
+- [office.rule.example](rules.d/office.rule.example)
+- [examples](examples)
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/README.md b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
index a0a2a98..64a821d 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/README.md
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
@@ -1,8 +1,9 @@
## 9. Transparent Proxy without dnsmasq
-### Glider Roles:
-In this mode, glider will act as the following roles:
+PC Client -> Gateway with glider running(linux box) -> Upstream Forwarders -> Internet
+
+#### In this mode, glider will act as the following roles:
1. A transparent proxy server
2. A dns forwarding server
3. A ipset manager
@@ -75,14 +76,14 @@ use the linux server'ip as your dns server
#### When client requesting to access http://example1.com(in office.rule), the whole process:
- dns resolving:
- 1. client send a udp dns request to linux server, and the glider will receive the request(as it listen on default dns port :53)
+ 1. client sends a udp dns request to linux server, and glider will receive the request(as it listen on default dns port :53)
2. upstream dns server choice: glider will lookup it's rule config and find out the dns server to use for this domain(matched "example1.com" in office.rule, so 208.67.222.222:53 will be choosen)
3. glider uses the forwarder in office.rule to ask 208.67.222.222:53 for the resolve answers
4. glider updates it's office rule config, add the resolved ip address to it
5. glider adds the resolved ip into ipset "glider", and return the dns answer to client
-- access the destination:
- 1. client send http request to the resolved ip of example1.com
- 2. as the default gateway, linux server will get the request
+- destination accessing:
+ 1. client sends http request to the resolved ip of example1.com
+ 2. linux gateway server will get the request
3. iptabes matches the ip in ipset "glider" and redirect this request to :1081(glider)
- 4. glider will now get the request and find the ip in the office rule, and then choose the forwarder in office.rule to complete the request
+ 4. glider finds the ip in office rule, and then choose a forwarder in office.rule to complete the request
From 376195b593fd336786fc4e550137cb712ab6065f Mon Sep 17 00:00:00 2001
From: Soff
Date: Sat, 2 Sep 2017 21:37:51 +0800
Subject: [PATCH 072/341] Update office.list.example
'cidr=' duplicated
---
config/rules.d/office.list.example | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/config/rules.d/office.list.example b/config/rules.d/office.list.example
index cf20b6d..7a53ca3 100644
--- a/config/rules.d/office.list.example
+++ b/config/rules.d/office.list.example
@@ -3,5 +3,5 @@ domain=mycompany.com
domain=mycompany1.com
ip=4.4.4.4
ip=5.5.5.5
-cidr=cidr=172.16.101.0/24
-cidr=cidr=172.16.102.0/24
\ No newline at end of file
+cidr=172.16.101.0/24
+cidr=172.16.102.0/24
From e34b787ea56d2a50dab0a07b242295af29549dd5 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 3 Sep 2017 01:05:56 +0800
Subject: [PATCH 073/341] doc: update README file
---
README.md | 42 ++++++++++++++++++++------------------
config/glider.conf.example | 2 +-
2 files changed, 23 insertions(+), 21 deletions(-)
diff --git a/README.md b/README.md
index 7fe6f9b..535449d 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
# [glider](https://github.com/nadoo/glider)
-glider is a forward proxy with multiple protocols support.
+glider is a forward proxy with multiple protocols support, and also a dns forwarding server with ipset management features(like dnsmasq).
-we can set up local listeners as proxy, and forward requests to internet via forwarders.
+we can set up local listeners as proxy servers, and forward requests to internet via forwarders.
```
|Forwarder ----------------->|
Listener --> | | Internet
@@ -9,33 +9,36 @@ we can set up local listeners as proxy, and forward requests to internet via for
```
## Features
-Listen(local server):
+Listen(local proxy server):
- Socks5 proxy
- Http proxy
- SS proxy
- Linux transparent proxy(iptables redirect)
- TCP tunnel
-- DNS forwarding server(udp2tcp)
- - Listen on UDP and forward dns requests to remote dns server in TCP via forwarders
- - Specify different upstream dns server based on destinations(in rule file)
- - Tunnel mode: forward to a specified upstream dns server
- - Add resolved IPs to proxy rules
- - Add resolved IPs to ipset
+- DNS Tunnel(udp2tcp)
-Forward(upstream proxy):
+Forward(upstream proxy server):
- Socks5 proxy
- Http proxy
- SS proxy
+DNS Forwarding Server(udp2tcp)
+- Listen on UDP and forward dns requests to remote dns server in TCP via forwarders
+- Specify different upstream dns server based on destinations(in rule file)
+- Tunnel mode: forward to a fixed upstream dns server
+- Add resolved IPs to proxy rules
+- Add resolved IPs to ipset
+
+Ipset Management
+- Add ip/cidrs from rule files on startup
+- Add resolved ips for domains from rule files by dns forwarding server
+
General:
- Http and socks5 on the same port
- Forward chain
- HA or RR strategy for multiple forwarders
- Periodical proxy checking
- Rule proxy based on destinations: [Config Examples](config/examples)
-- Ipset management
- - Add ip/cidrs from rule files on startup
- - Add resolved ips for domains from rule files by dns forwarding server
TODO:
- [ ] UDP Tunnel
@@ -159,13 +162,12 @@ Examples:
```
## Advance Usage
-- [config file & rule file](config)
-- [glider.conf.example](config/glider.conf.example)
-- [office.rule.example](config/rules.d/office.rule.example)
-- [examples](config/examples)
-- Transparent Proxy:
- - [with dnsmasq](config/examples/8.transparent_proxy_with_dnsmasq)
- - [without dnsmasq](config/examples/9.transparent_proxy_without_dnsmasq)
+- [ConfigFile](config)
+ - [glider.conf.example](config/glider.conf.example)
+ - [office.rule.example](config/rules.d/office.rule.example)
+- [Examples](config/examples)
+ - [Transparent proxy with dnsmasq](config/examples/8.transparent_proxy_with_dnsmasq)
+ - [Transparent proxy without dnsmasq](config/examples/9.transparent_proxy_without_dnsmasq)
## Service
- systemd: [https://github.com/nadoo/glider/blob/master/systemd/](https://github.com/nadoo/glider/blob/master/systemd/)
diff --git a/config/glider.conf.example b/config/glider.conf.example
index a5f1721..e0c15f6 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -3,7 +3,7 @@
# / /`_ | | | | | | \ | |_ | |_)
# \_\_/ |_|__ |_| |_|_/ |_|__ |_| \
#
-# Glider is a forward proxy with multiple protocols support.
+# Glider is a forward proxy with multiple protocols support, and also a dns forwarding server with ipset management features(like dnsmasq).
#
# We can set up local listeners as proxy, and forward requests to internet via forwarders.
#
From efb10297934142b29e56957317344db7b6e291bd Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 3 Sep 2017 01:18:01 +0800
Subject: [PATCH 074/341] doc: correct mistakes in README file
---
README.md | 4 ++--
.../examples/8.transparent_proxy_with_dnsmasq/README.md | 4 ++--
.../9.transparent_proxy_without_dnsmasq/README.md | 9 ++++-----
3 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/README.md b/README.md
index 535449d..d67d8a8 100644
--- a/README.md
+++ b/README.md
@@ -22,14 +22,14 @@ Forward(upstream proxy server):
- Http proxy
- SS proxy
-DNS Forwarding Server(udp2tcp)
+DNS Forwarding Server(udp2tcp):
- Listen on UDP and forward dns requests to remote dns server in TCP via forwarders
- Specify different upstream dns server based on destinations(in rule file)
- Tunnel mode: forward to a fixed upstream dns server
- Add resolved IPs to proxy rules
- Add resolved IPs to ipset
-Ipset Management
+Ipset Management:
- Add ip/cidrs from rule files on startup
- Add resolved ips for domains from rule files by dns forwarding server
diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/README.md b/config/examples/8.transparent_proxy_with_dnsmasq/README.md
index c56c668..6084d58 100644
--- a/config/examples/8.transparent_proxy_with_dnsmasq/README.md
+++ b/config/examples/8.transparent_proxy_with_dnsmasq/README.md
@@ -38,6 +38,6 @@ iptables -t nat -I OUTPUT -p tcp -m set --match-set myset dst -j REDIRECT --to-p
#### When client requests network, the whole process:
1. all dns requests for domain example1.com will be forward to glider(:5353) by dnsmasq
2. glider will forward dns requests to 8.8.8.8:53 in tcp via forwarders
-3. the resolved ip address will be add to ipset "myset" by dnsmasq
-4. all tcp requests to example1.com will be redirect to glider(:1081)
+3. the resolved ip address will be added to ipset "myset" by dnsmasq
+4. all tcp requests to example1.com will be redirect to glider(:1081) by iptables
5. glider then forward requests to example1.com via forwarders
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/README.md b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
index 64a821d..af75191 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/README.md
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
@@ -72,18 +72,17 @@ iptables -t nat -I OUTPUT -p tcp -m set --match-set glider dst -j REDIRECT --to-
```
#### Client DNS settings
-use the linux server'ip as your dns server
+use the linux server's ip as your dns server
-#### When client requesting to access http://example1.com(in office.rule), the whole process:
-- dns resolving:
+#### When client requesting to access http://example1.com (in office.rule), the whole process:
+- Dns resolving:
1. client sends a udp dns request to linux server, and glider will receive the request(as it listen on default dns port :53)
2. upstream dns server choice: glider will lookup it's rule config and find out the dns server to use for this domain(matched "example1.com" in office.rule, so 208.67.222.222:53 will be choosen)
3. glider uses the forwarder in office.rule to ask 208.67.222.222:53 for the resolve answers
4. glider updates it's office rule config, add the resolved ip address to it
5. glider adds the resolved ip into ipset "glider", and return the dns answer to client
-- destination accessing:
+- Destination accessing:
1. client sends http request to the resolved ip of example1.com
2. linux gateway server will get the request
3. iptabes matches the ip in ipset "glider" and redirect this request to :1081(glider)
4. glider finds the ip in office rule, and then choose a forwarder in office.rule to complete the request
-
From 02349958140ff4c6fafb64b44261869e1fa3cb35 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 4 Sep 2017 00:21:12 +0800
Subject: [PATCH 075/341] doc: format
---
README.md | 8 +++----
.../README.md | 23 ++++++++++---------
2 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/README.md b/README.md
index d67d8a8..48e967c 100644
--- a/README.md
+++ b/README.md
@@ -53,7 +53,7 @@ TODO:
Binary:
- [https://github.com/nadoo/glider/releases](https://github.com/nadoo/glider/releases)
-Go Get (requires Go 1.9 or newer):
+Go Get (requires **Go 1.9 or newer**):
```bash
go get -u github.com/nadoo/glider
```
@@ -166,13 +166,13 @@ Examples:
- [glider.conf.example](config/glider.conf.example)
- [office.rule.example](config/rules.d/office.rule.example)
- [Examples](config/examples)
- - [Transparent proxy with dnsmasq](config/examples/8.transparent_proxy_with_dnsmasq)
- - [Transparent proxy without dnsmasq](config/examples/9.transparent_proxy_without_dnsmasq)
+ - [transparent proxy with dnsmasq](config/examples/8.transparent_proxy_with_dnsmasq)
+ - [transparent proxy without dnsmasq](config/examples/9.transparent_proxy_without_dnsmasq)
## Service
- systemd: [https://github.com/nadoo/glider/blob/master/systemd/](https://github.com/nadoo/glider/blob/master/systemd/)
## Links
-- [go-ss2](https://github.com/shadowsocks/go-shadowsocks2): the core ss protocol support
+- [go-ss2](https://github.com/shadowsocks/go-shadowsocks2): ss protocol support
- [conflag](https://github.com/nadoo/conflag): command line and config file parse support
- [ArchLinux](https://www.archlinux.org/packages/community/x86_64/glider): a great linux distribution with glider pre-built package
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/README.md b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
index af75191..da874f9 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/README.md
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
@@ -75,14 +75,15 @@ iptables -t nat -I OUTPUT -p tcp -m set --match-set glider dst -j REDIRECT --to-
use the linux server's ip as your dns server
#### When client requesting to access http://example1.com (in office.rule), the whole process:
-- Dns resolving:
- 1. client sends a udp dns request to linux server, and glider will receive the request(as it listen on default dns port :53)
- 2. upstream dns server choice: glider will lookup it's rule config and find out the dns server to use for this domain(matched "example1.com" in office.rule, so 208.67.222.222:53 will be choosen)
- 3. glider uses the forwarder in office.rule to ask 208.67.222.222:53 for the resolve answers
- 4. glider updates it's office rule config, add the resolved ip address to it
- 5. glider adds the resolved ip into ipset "glider", and return the dns answer to client
-- Destination accessing:
- 1. client sends http request to the resolved ip of example1.com
- 2. linux gateway server will get the request
- 3. iptabes matches the ip in ipset "glider" and redirect this request to :1081(glider)
- 4. glider finds the ip in office rule, and then choose a forwarder in office.rule to complete the request
+Dns Resolving:
+1. client sends a udp dns request to linux server, and glider will receive the request(as it listen on default dns port :53)
+2. upstream dns server choice: glider will lookup it's rule config and find out the dns server to use for this domain(matched "example1.com" in office.rule, so 208.67.222.222:53 will be choosen)
+3. glider uses the forwarder in office.rule to ask 208.67.222.222:53 for the resolve answers
+4. glider updates it's office rule config, add the resolved ip address to it
+5. glider adds the resolved ip into ipset "glider", and return the dns answer to client
+
+Destination Accessing:
+1. client sends http request to the resolved ip of example1.com
+2. linux gateway server will get the request
+3. iptabes matches the ip in ipset "glider" and redirect this request to :1081(glider)
+4. glider finds the ip in office rule, and then choose a forwarder in office.rule to complete the request
From 6a9b2cb8c9578eaf7b04ac14fd875f770dd80aad Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 4 Sep 2017 00:42:20 +0800
Subject: [PATCH 076/341] doc: update
---
.gitignore | 1 +
.../examples/9.transparent_proxy_without_dnsmasq/README.md | 2 +-
config/rules.d/bypass.rule.example | 7 -------
3 files changed, 2 insertions(+), 8 deletions(-)
delete mode 100644 config/rules.d/bypass.rule.example
diff --git a/.gitignore b/.gitignore
index f009e21..89e981d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,3 +23,4 @@ config/rules.d/*.list
glider
bak/
+rules.d/
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/README.md b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
index da874f9..5186b98 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/README.md
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
@@ -75,7 +75,7 @@ iptables -t nat -I OUTPUT -p tcp -m set --match-set glider dst -j REDIRECT --to-
use the linux server's ip as your dns server
#### When client requesting to access http://example1.com (in office.rule), the whole process:
-Dns Resolving:
+DNS Resolving:
1. client sends a udp dns request to linux server, and glider will receive the request(as it listen on default dns port :53)
2. upstream dns server choice: glider will lookup it's rule config and find out the dns server to use for this domain(matched "example1.com" in office.rule, so 208.67.222.222:53 will be choosen)
3. glider uses the forwarder in office.rule to ask 208.67.222.222:53 for the resolve answers
diff --git a/config/rules.d/bypass.rule.example b/config/rules.d/bypass.rule.example
deleted file mode 100644
index a7fafa0..0000000
--- a/config/rules.d/bypass.rule.example
+++ /dev/null
@@ -1,7 +0,0 @@
-
-# Specify destinations in rule file without forwarders, so glider will bypass
-# all forwarders and direct connect them instead
-
-ip=127.0.0.1
-cidr=192.168.1.0/24
-domain=bypass.com
From eb51142ebb3c849d7397e9304ce1f4aca27d1228 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 4 Sep 2017 00:43:47 +0800
Subject: [PATCH 077/341] doc: add direct.rule.example
---
.gitignore | 4 ++--
config/rules.d/direct.rule.example | 7 +++++++
2 files changed, 9 insertions(+), 2 deletions(-)
create mode 100644 config/rules.d/direct.rule.example
diff --git a/.gitignore b/.gitignore
index 89e981d..098dc82 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,5 +22,5 @@ config/rules.d/*.rule
config/rules.d/*.list
glider
-bak/
-rules.d/
+/bak/
+/rules.d/
diff --git a/config/rules.d/direct.rule.example b/config/rules.d/direct.rule.example
new file mode 100644
index 0000000..a7fafa0
--- /dev/null
+++ b/config/rules.d/direct.rule.example
@@ -0,0 +1,7 @@
+
+# Specify destinations in rule file without forwarders, so glider will bypass
+# all forwarders and direct connect them instead
+
+ip=127.0.0.1
+cidr=192.168.1.0/24
+domain=bypass.com
From 1088bb19bc78b9db304f588be8e5c547372ddadb Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 4 Sep 2017 23:32:12 +0800
Subject: [PATCH 078/341] fix #10
---
conf.go | 21 ++++++++++++---------
main.go | 2 +-
socks5.go | 2 +-
3 files changed, 14 insertions(+), 11 deletions(-)
diff --git a/conf.go b/conf.go
index bfd3866..7b2ac9e 100644
--- a/conf.go
+++ b/conf.go
@@ -37,7 +37,7 @@ func confInit() {
flag.StringSliceUniqVar(&conf.Listen, "listen", nil, "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
flag.StringSliceUniqVar(&conf.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
- flag.StringVar(&conf.RulesDir, "rules-dir", "rules.d", "rule file folder")
+ flag.StringVar(&conf.RulesDir, "rules-dir", "", "rule file folder")
flag.StringVar(&conf.DNS, "dns", "", "dns forwarder server listen address")
flag.StringSliceUniqVar(&conf.DNSServer, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
@@ -67,17 +67,20 @@ func confInit() {
conf.rules = append(conf.rules, rule)
}
- conf.RulesDir = path.Join(flag.ConfDir(), conf.RulesDir)
- ruleFolderFiles, _ := listDir(conf.RulesDir, ".rule")
+ if conf.RulesDir != "" {
+ conf.RulesDir = path.Join(flag.ConfDir(), conf.RulesDir)
+ ruleFolderFiles, _ := listDir(conf.RulesDir, ".rule")
- for _, ruleFile := range ruleFolderFiles {
- rule, err := NewRuleConfFromFile(ruleFile)
- if err != nil {
- log.Fatal(err)
+ for _, ruleFile := range ruleFolderFiles {
+ rule, err := NewRuleConfFromFile(ruleFile)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ conf.rules = append(conf.rules, rule)
}
-
- conf.rules = append(conf.rules, rule)
}
+
}
// RuleConf , every ruleForwarder points to a rule file
diff --git a/main.go b/main.go
index 6ffed3a..b57fd36 100644
--- a/main.go
+++ b/main.go
@@ -9,7 +9,7 @@ import (
)
// VERSION .
-const VERSION = "0.4.0"
+const VERSION = "0.4.1"
func dialerFromConf() Dialer {
// global forwarders in xx.conf
diff --git a/socks5.go b/socks5.go
index 1922f5e..5b6326f 100644
--- a/socks5.go
+++ b/socks5.go
@@ -139,7 +139,7 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
return nil, errors.New("proxy: no support for SOCKS5 proxy connections of type " + network)
}
- c, err := s.cDialer.Dial(s.network, s.addr)
+ c, err := s.cDialer.Dial(network, s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
From 8bc8ee387658a8d357ea43ae397948f00e2766c8 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 6 Sep 2017 16:21:27 +0800
Subject: [PATCH 079/341] mixed: remove ss from mixed proxy
---
README.md | 1 +
dns.go | 8 ++++----
mixed.go | 8 --------
3 files changed, 5 insertions(+), 12 deletions(-)
diff --git a/README.md b/README.md
index 48e967c..13e671a 100644
--- a/README.md
+++ b/README.md
@@ -41,6 +41,7 @@ General:
- Rule proxy based on destinations: [Config Examples](config/examples)
TODO:
+- [ ] UDP over TCP
- [ ] UDP Tunnel
- [ ] Linux tproxy support & UDP Relay
- [ ] TUN/TAP device support
diff --git a/dns.go b/dns.go
index 908dd76..397db47 100644
--- a/dns.go
+++ b/dns.go
@@ -77,19 +77,19 @@ func NewDNS(addr, raddr string, sDialer Dialer) (*DNS, error) {
// ListenAndServe .
func (s *DNS) ListenAndServe() {
- l, err := net.ListenPacket("udp", s.addr)
+ c, err := net.ListenPacket("udp", s.addr)
if err != nil {
logf("failed to listen on %s: %v", s.addr, err)
return
}
- defer l.Close()
+ defer c.Close()
logf("listening UDP on %s", s.addr)
for {
data := make([]byte, DNSUDPMaxLen)
- n, clientAddr, err := l.ReadFrom(data)
+ n, clientAddr, err := c.ReadFrom(data)
if err != nil {
logf("DNS local read error: %v", err)
continue
@@ -146,7 +146,7 @@ func (s *DNS) ListenAndServe() {
}
- _, err = l.WriteTo(msg, clientAddr)
+ _, err = c.WriteTo(msg, clientAddr)
if err != nil {
logf("error in local write: %s\n", err)
}
diff --git a/mixed.go b/mixed.go
index 95f625d..e6faed5 100644
--- a/mixed.go
+++ b/mixed.go
@@ -24,7 +24,6 @@ type MixedProxy struct {
addr string
http *HTTP
socks5 *SOCKS5
- ss *SS
}
// NewMixedProxy returns a mixed proxy.
@@ -37,10 +36,6 @@ func NewMixedProxy(network, addr, user, pass string, sDialer Dialer) (*MixedProx
p.http, _ = NewHTTP(addr, nil, sDialer)
p.socks5, _ = NewSOCKS5(network, addr, user, pass, nil, sDialer)
- if user != "" && pass != "" {
- p.ss, _ = NewSS(addr, user, pass, nil, sDialer)
- }
-
return p, nil
}
@@ -103,7 +98,4 @@ func (p *MixedProxy) Serve(conn net.Conn) {
}
}
- if p.ss != nil {
- p.ss.Serve(c)
- }
}
From 30f340dc866f3d62cac97089458be0b5a549c2a1 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 6 Sep 2017 18:52:22 +0800
Subject: [PATCH 080/341] ss: add udp support as server mode
---
conn.go | 27 ++++++++++++++
socks5.go | 16 +++++++--
ss.go | 103 ++++++++++++++++++++++++++++++++++++++++++++++--------
tcptun.go | 2 +-
4 files changed, 130 insertions(+), 18 deletions(-)
diff --git a/conn.go b/conn.go
index 944e6ef..d217c1f 100644
--- a/conn.go
+++ b/conn.go
@@ -52,3 +52,30 @@ func relay(left, right net.Conn) (int64, int64, error) {
}
return n, rs.N, err
}
+
+// copy from src to dst at target with read timeout
+func timedCopy(dst net.PacketConn, target net.Addr, src net.PacketConn, timeout time.Duration, srcIncluded bool) error {
+ buf := make([]byte, udpBufSize)
+
+ for {
+ src.SetReadDeadline(time.Now().Add(timeout))
+ n, raddr, err := src.ReadFrom(buf)
+ if err != nil {
+ return err
+ }
+
+ if srcIncluded { // server -> client: add original packet source
+ srcAddr := ParseAddr(raddr.String())
+ copy(buf[len(srcAddr):], buf[:n])
+ copy(buf, srcAddr)
+ _, err = dst.WriteTo(buf[:len(srcAddr)+n], target)
+ } else { // client -> user: strip original packet source
+ srcAddr := SplitAddr(buf[:n])
+ _, err = dst.WriteTo(buf[len(srcAddr):n], target)
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+}
diff --git a/socks5.go b/socks5.go
index 5b6326f..12c30b8 100644
--- a/socks5.go
+++ b/socks5.go
@@ -326,7 +326,7 @@ func (s *SOCKS5) handshake(rw io.ReadWriter) (Addr, error) {
func (a Addr) String() string {
var host, port string
- switch a[0] { // address type
+ switch ATYP(a[0]) { // address type
case socks5Domain:
host = string(a[2 : 2+int(a[1])])
port = strconv.Itoa((int(a[2+int(a[1])]) << 8) | int(a[2+int(a[1])+1]))
@@ -341,6 +341,16 @@ func (a Addr) String() string {
return net.JoinHostPort(host, port)
}
+// UoT udp over tcp
+func UoT(b byte) bool {
+ return b&0x8 == 0x8
+}
+
+// ATYP return the address type
+func ATYP(b byte) int {
+ return int(b &^ 0x8)
+}
+
func readAddr(r io.Reader, b []byte) (Addr, error) {
if len(b) < MaxAddrLen {
return nil, io.ErrShortBuffer
@@ -350,7 +360,7 @@ func readAddr(r io.Reader, b []byte) (Addr, error) {
return nil, err
}
- switch b[0] {
+ switch ATYP(b[0]) {
case socks5Domain:
_, err = io.ReadFull(r, b[1:2]) // read 2nd byte for domain length
if err != nil {
@@ -381,7 +391,7 @@ func SplitAddr(b []byte) Addr {
return nil
}
- switch b[0] {
+ switch ATYP(b[0]) {
case socks5Domain:
if len(b) < 2 {
return nil
diff --git a/ss.go b/ss.go
index 923f220..f22cb49 100644
--- a/ss.go
+++ b/ss.go
@@ -5,16 +5,21 @@ import (
"log"
"net"
"strings"
+ "sync"
+ "time"
"github.com/shadowsocks/go-shadowsocks2/core"
+ "github.com/shadowsocks/go-shadowsocks2/socks"
)
+const udpBufSize = 64 * 1024
+
// SS .
type SS struct {
*Forwarder
sDialer Dialer
- core.StreamConnCipher
+ core.Cipher
}
// NewSS returns a shadowsocks proxy.
@@ -25,53 +30,59 @@ func NewSS(addr, method, pass string, cDialer Dialer, sDialer Dialer) (*SS, erro
}
s := &SS{
- Forwarder: NewForwarder(addr, cDialer),
- sDialer: sDialer,
- StreamConnCipher: ciph,
+ Forwarder: NewForwarder(addr, cDialer),
+ sDialer: sDialer,
+ Cipher: ciph,
}
return s, nil
}
-// ListenAndServe shadowsocks requests as a server.
+// ListenAndServe serves ss requests.
func (s *SS) ListenAndServe() {
+ go s.ListenAndServeUDP()
+ s.ListenAndServeTCP()
+}
+
+// ListenAndServeTCP serves tcp ss requests.
+func (s *SS) ListenAndServeTCP() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
- logf("failed to listen on %s: %v", s.addr, err)
+ logf("proxy-ss failed to listen on %s: %v", s.addr, err)
return
}
- logf("listening TCP on %s", s.addr)
+ logf("proxy-ss listening TCP on %s", s.addr)
for {
c, err := l.Accept()
if err != nil {
- logf("failed to accept: %v", err)
+ logf("proxy-ss failed to accept: %v", err)
continue
}
- go s.Serve(c)
+ go s.ServeTCP(c)
}
}
-// Serve .
-func (s *SS) Serve(c net.Conn) {
+// ServeTCP .
+func (s *SS) ServeTCP(c net.Conn) {
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
c.SetKeepAlive(true)
}
- c = s.StreamConnCipher.StreamConn(c)
+ c = s.StreamConn(c)
tgt, err := ReadAddr(c)
if err != nil {
- logf("failed to get target address: %v", err)
+ logf("proxy-ss failed to get target address: %v", err)
return
}
rc, err := s.sDialer.Dial("tcp", tgt.String())
if err != nil {
- logf("failed to connect to target: %v", err)
+ logf("proxy-ss failed to connect to target: %v", err)
return
}
defer rc.Close()
@@ -88,6 +99,70 @@ func (s *SS) Serve(c net.Conn) {
}
+// ListenAndServeUDP serves udp ss requests.
+func (s *SS) ListenAndServeUDP() {
+ c, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ logf("proxy-ss failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer c.Close()
+
+ logf("proxy-ss listening UDP on %s", s.addr)
+
+ c = s.PacketConn(c)
+
+ var nm sync.Map
+ buf := make([]byte, udpBufSize)
+
+ for {
+ n, raddr, err := c.ReadFrom(buf)
+ if err != nil {
+ logf("UDP remote read error: %v", err)
+ continue
+ }
+
+ tgtAddr := socks.SplitAddr(buf[:n])
+ if tgtAddr == nil {
+ logf("failed to split target address from packet: %q", buf[:n])
+ continue
+ }
+
+ tgtUDPAddr, err := net.ResolveUDPAddr("udp", tgtAddr.String())
+ if err != nil {
+ logf("failed to resolve target UDP address: %v", err)
+ continue
+ }
+
+ payload := buf[len(tgtAddr):n]
+
+ var pc net.PacketConn
+ v, _ := nm.Load(raddr.String())
+ if v == nil {
+ pc, err = net.ListenPacket("udp", "")
+ if err != nil {
+ logf("UDP remote listen error: %v", err)
+ continue
+ }
+
+ nm.Store(raddr.String(), pc)
+ go func() {
+ timedCopy(c, raddr, pc, 5*time.Minute, true)
+ pc.Close()
+ nm.Delete(raddr.String())
+ }()
+ }
+
+ pc = pc.(net.PacketConn)
+ _, err = pc.WriteTo(payload, tgtUDPAddr) // accept only UDPAddr despite the signature
+ if err != nil {
+ logf("UDP remote write error: %v", err)
+ continue
+ }
+
+ }
+}
+
// Dial connects to the address addr on the network net via the proxy.
func (s *SS) Dial(network, addr string) (net.Conn, error) {
diff --git a/tcptun.go b/tcptun.go
index c9fe687..9a89196 100644
--- a/tcptun.go
+++ b/tcptun.go
@@ -10,7 +10,7 @@ type TCPTun struct {
raddr string
}
-// NewTCPTun returns a redirect proxy.
+// NewTCPTun returns a tcptun proxy.
func NewTCPTun(addr, raddr string, sDialer Dialer) (*TCPTun, error) {
s := &TCPTun{
Forwarder: NewForwarder(addr, nil),
From e32bf1a0f6225239baedf768a2dc19848a2f0b48 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 7 Sep 2017 23:50:10 +0800
Subject: [PATCH 081/341] server: remove network parameter in server mode
---
dialer.go | 2 +-
mixed.go | 4 ++--
server.go | 4 ++--
socks5.go | 5 ++---
ss.go | 2 +-
5 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/dialer.go b/dialer.go
index 0296667..e6f091b 100644
--- a/dialer.go
+++ b/dialer.go
@@ -42,7 +42,7 @@ func DialerFromURL(s string, cDialer Dialer) (Dialer, error) {
case "http":
return NewHTTP(addr, cDialer, nil)
case "socks5":
- return NewSOCKS5("tcp", addr, user, pass, cDialer, nil)
+ return NewSOCKS5(addr, user, pass, cDialer, nil)
case "ss":
p, err := NewSS(addr, user, pass, cDialer, nil)
return p, err
diff --git a/mixed.go b/mixed.go
index e6faed5..c666881 100644
--- a/mixed.go
+++ b/mixed.go
@@ -27,14 +27,14 @@ type MixedProxy struct {
}
// NewMixedProxy returns a mixed proxy.
-func NewMixedProxy(network, addr, user, pass string, sDialer Dialer) (*MixedProxy, error) {
+func NewMixedProxy(addr, user, pass string, sDialer Dialer) (*MixedProxy, error) {
p := &MixedProxy{
sDialer: sDialer,
addr: addr,
}
p.http, _ = NewHTTP(addr, nil, sDialer)
- p.socks5, _ = NewSOCKS5(network, addr, user, pass, nil, sDialer)
+ p.socks5, _ = NewSOCKS5(addr, user, pass, nil, sDialer)
return p, nil
}
diff --git a/server.go b/server.go
index bbc5682..ea0edc7 100644
--- a/server.go
+++ b/server.go
@@ -41,11 +41,11 @@ func ServerFromURL(s string, sDialer Dialer) (Server, error) {
switch u.Scheme {
case "mixed":
- return NewMixedProxy("tcp", addr, user, pass, sDialer)
+ return NewMixedProxy(addr, user, pass, sDialer)
case "http":
return NewHTTP(addr, nil, sDialer)
case "socks5":
- return NewSOCKS5("tcp", addr, user, pass, nil, sDialer)
+ return NewSOCKS5(addr, user, pass, nil, sDialer)
case "ss":
p, err := NewSS(addr, user, pass, nil, sDialer)
return p, err
diff --git a/socks5.go b/socks5.go
index 12c30b8..7cb772f 100644
--- a/socks5.go
+++ b/socks5.go
@@ -60,14 +60,13 @@ type SOCKS5 struct {
*Forwarder
sDialer Dialer
- network string
user string
password string
}
// NewSOCKS5 returns a Proxy that makes SOCKSv5 connections to the given address
// with an optional username and password. See RFC 1928.
-func NewSOCKS5(network, addr, user, pass string, cDialer Dialer, sDialer Dialer) (*SOCKS5, error) {
+func NewSOCKS5(addr, user, pass string, cDialer Dialer, sDialer Dialer) (*SOCKS5, error) {
s := &SOCKS5{
Forwarder: NewForwarder(addr, cDialer),
sDialer: sDialer,
@@ -136,7 +135,7 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
switch network {
case "tcp", "tcp6", "tcp4":
default:
- return nil, errors.New("proxy: no support for SOCKS5 proxy connections of type " + network)
+ return nil, errors.New("proxy-socks5: no support for connection type " + network)
}
c, err := s.cDialer.Dial(network, s.addr)
diff --git a/ss.go b/ss.go
index f22cb49..aa9332e 100644
--- a/ss.go
+++ b/ss.go
@@ -171,7 +171,7 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
return nil, errors.New("Unable to parse address: " + addr)
}
- c, err := s.cDialer.Dial("tcp", s.addr)
+ c, err := s.cDialer.Dial(network, s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
From 0e8263ddfa905c35c029fb8ae79bfd7091fea1d9 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 8 Sep 2017 12:07:57 +0800
Subject: [PATCH 082/341] uottun: add udp over tcp local server support
---
uottun.go | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 68 insertions(+)
create mode 100644 uottun.go
diff --git a/uottun.go b/uottun.go
new file mode 100644
index 0000000..0cc77f7
--- /dev/null
+++ b/uottun.go
@@ -0,0 +1,68 @@
+package main
+
+import (
+ "io/ioutil"
+ "net"
+)
+
+// UoTTun udp over tcp tunnel
+type UoTTun struct {
+ *Forwarder
+ sDialer Dialer
+
+ raddr string
+}
+
+// NewUoTTun returns a UoTTun proxy.
+func NewUoTTun(addr, raddr string, sDialer Dialer) (*UoTTun, error) {
+ s := &UoTTun{
+ Forwarder: NewForwarder(addr, nil),
+ sDialer: sDialer,
+ raddr: raddr,
+ }
+
+ return s, nil
+}
+
+// ListenAndServe redirected requests as a server.
+func (s *UoTTun) ListenAndServe() {
+
+ c, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ logf("proxy-uottun failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer c.Close()
+
+ logf("proxy-uottun listening UDP on %s", s.addr)
+
+ buf := make([]byte, udpBufSize)
+
+ for {
+ n, clientAddr, err := c.ReadFrom(buf)
+ if err != nil {
+ logf("proxy-uottun read error: %v", err)
+ continue
+ }
+
+ // NOTE: acturally udp over tcp
+ rc, err := s.sDialer.Dial("udp", s.raddr)
+ if err != nil {
+ logf("failed to connect to server %v: %v", s.raddr, err)
+ continue
+ }
+
+ rc.Write(buf[:n])
+
+ resp, err := ioutil.ReadAll(rc)
+ if err != nil {
+ logf("error in ioutil.ReadAll: %s\n", err)
+ return
+ }
+ rc.Close()
+
+ c.WriteTo(resp, clientAddr)
+
+ logf("proxy-uottun %s <-> %s", clientAddr, s.raddr)
+ }
+}
From aeb0acab33f4add80e44807f2a82eb87caa08a85 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 8 Sep 2017 12:09:57 +0800
Subject: [PATCH 083/341] ss: add udp over tcp support
---
README.md | 2 +-
server.go | 3 +++
ss.go | 42 +++++++++++++++++++++++++++++++++++++++---
3 files changed, 43 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index 13e671a..0ee874f 100644
--- a/README.md
+++ b/README.md
@@ -41,7 +41,7 @@ General:
- Rule proxy based on destinations: [Config Examples](config/examples)
TODO:
-- [ ] UDP over TCP
+- [x] UDP over TCP (ss)
- [ ] UDP Tunnel
- [ ] Linux tproxy support & UDP Relay
- [ ] TUN/TAP device support
diff --git a/server.go b/server.go
index ea0edc7..1054c45 100644
--- a/server.go
+++ b/server.go
@@ -57,6 +57,9 @@ func ServerFromURL(s string, sDialer Dialer) (Server, error) {
case "dnstun":
d := strings.Split(addr, "=")
return NewDNSTun(d[0], d[1], sDialer)
+ case "uottun":
+ d := strings.Split(addr, "=")
+ return NewUoTTun(d[0], d[1], sDialer)
}
return nil, errors.New("unknown schema '" + u.Scheme + "'")
diff --git a/ss.go b/ss.go
index aa9332e..5d4600a 100644
--- a/ss.go
+++ b/ss.go
@@ -12,7 +12,7 @@ import (
"github.com/shadowsocks/go-shadowsocks2/socks"
)
-const udpBufSize = 64 * 1024
+const udpBufSize = 65536
// SS .
type SS struct {
@@ -40,7 +40,7 @@ func NewSS(addr, method, pass string, cDialer Dialer, sDialer Dialer) (*SS, erro
// ListenAndServe serves ss requests.
func (s *SS) ListenAndServe() {
- go s.ListenAndServeUDP()
+ // go s.ListenAndServeUDP()
s.ListenAndServeTCP()
}
@@ -80,6 +80,37 @@ func (s *SS) ServeTCP(c net.Conn) {
return
}
+ // udp over tcp
+ if UoT(tgt[0]) {
+ rc, err := net.ListenPacket("udp", "")
+ if err != nil {
+ logf("UDP remote listen error: %v", err)
+ }
+ defer rc.Close()
+
+ req := make([]byte, udpBufSize)
+ n, err := c.Read(req)
+ if err != nil {
+ logf("error in ioutil.ReadAll: %s\n", err)
+ return
+ }
+
+ tgtAddr, _ := net.ResolveUDPAddr("udp", tgt.String())
+ rc.WriteTo(req[:n], tgtAddr)
+
+ buf := make([]byte, udpBufSize)
+ n, _, err = rc.ReadFrom(buf)
+ if err != nil {
+ logf("proxy-uottun read error: %v", err)
+ }
+
+ c.Write(buf[:n])
+
+ logf("proxy-ss %s <-tcp-> %s <-> %s <-udp-> %s ", c.RemoteAddr(), c.LocalAddr(), rc.LocalAddr(), tgt)
+
+ return
+ }
+
rc, err := s.sDialer.Dial("tcp", tgt.String())
if err != nil {
logf("proxy-ss failed to connect to target: %v", err)
@@ -171,7 +202,12 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
return nil, errors.New("Unable to parse address: " + addr)
}
- c, err := s.cDialer.Dial(network, s.addr)
+ // udp over tcp tag
+ if network == "udp" {
+ target[0] = target[0] | 0x8
+ }
+
+ c, err := s.cDialer.Dial("tcp", s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
From aab127d9011e28ae96f415e0e9bd845625c62bd9 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 8 Sep 2017 12:10:22 +0800
Subject: [PATCH 084/341] doc: update todo list
---
README.md | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 0ee874f..45d0239 100644
--- a/README.md
+++ b/README.md
@@ -41,9 +41,8 @@ General:
- Rule proxy based on destinations: [Config Examples](config/examples)
TODO:
-- [x] UDP over TCP (ss)
-- [ ] UDP Tunnel
-- [ ] Linux tproxy support & UDP Relay
+- [x] UDP over TCP Tunnel (client <-udp-> uottun <-tcp-> ss <-udp-> target)
+- [ ] Linux tproxy support
- [ ] TUN/TAP device support
- [ ] Code refactoring: support proxy registering so it can be pluggable
- [ ] Conditional compilation so we can abandon needless proxy type and get a smaller binary size
From 9fef98fd5b6862c713da75fe35914bf63f05b7df Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 8 Sep 2017 12:35:49 +0800
Subject: [PATCH 085/341] ss: remove unused codes
---
ss.go | 81 +++--------------------------------------------------------
1 file changed, 4 insertions(+), 77 deletions(-)
diff --git a/ss.go b/ss.go
index 5d4600a..965576d 100644
--- a/ss.go
+++ b/ss.go
@@ -5,11 +5,8 @@ import (
"log"
"net"
"strings"
- "sync"
- "time"
"github.com/shadowsocks/go-shadowsocks2/core"
- "github.com/shadowsocks/go-shadowsocks2/socks"
)
const udpBufSize = 65536
@@ -40,12 +37,6 @@ func NewSS(addr, method, pass string, cDialer Dialer, sDialer Dialer) (*SS, erro
// ListenAndServe serves ss requests.
func (s *SS) ListenAndServe() {
- // go s.ListenAndServeUDP()
- s.ListenAndServeTCP()
-}
-
-// ListenAndServeTCP serves tcp ss requests.
-func (s *SS) ListenAndServeTCP() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
logf("proxy-ss failed to listen on %s: %v", s.addr, err)
@@ -60,12 +51,12 @@ func (s *SS) ListenAndServeTCP() {
logf("proxy-ss failed to accept: %v", err)
continue
}
- go s.ServeTCP(c)
+ go s.Serve(c)
}
}
-// ServeTCP .
-func (s *SS) ServeTCP(c net.Conn) {
+// Serve .
+func (s *SS) Serve(c net.Conn) {
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
@@ -106,7 +97,7 @@ func (s *SS) ServeTCP(c net.Conn) {
c.Write(buf[:n])
- logf("proxy-ss %s <-tcp-> %s <-> %s <-udp-> %s ", c.RemoteAddr(), c.LocalAddr(), rc.LocalAddr(), tgt)
+ logf("proxy-ss %s <-tcp-> %s - %s <-udp-> %s ", c.RemoteAddr(), c.LocalAddr(), rc.LocalAddr(), tgt)
return
}
@@ -130,70 +121,6 @@ func (s *SS) ServeTCP(c net.Conn) {
}
-// ListenAndServeUDP serves udp ss requests.
-func (s *SS) ListenAndServeUDP() {
- c, err := net.ListenPacket("udp", s.addr)
- if err != nil {
- logf("proxy-ss failed to listen on %s: %v", s.addr, err)
- return
- }
- defer c.Close()
-
- logf("proxy-ss listening UDP on %s", s.addr)
-
- c = s.PacketConn(c)
-
- var nm sync.Map
- buf := make([]byte, udpBufSize)
-
- for {
- n, raddr, err := c.ReadFrom(buf)
- if err != nil {
- logf("UDP remote read error: %v", err)
- continue
- }
-
- tgtAddr := socks.SplitAddr(buf[:n])
- if tgtAddr == nil {
- logf("failed to split target address from packet: %q", buf[:n])
- continue
- }
-
- tgtUDPAddr, err := net.ResolveUDPAddr("udp", tgtAddr.String())
- if err != nil {
- logf("failed to resolve target UDP address: %v", err)
- continue
- }
-
- payload := buf[len(tgtAddr):n]
-
- var pc net.PacketConn
- v, _ := nm.Load(raddr.String())
- if v == nil {
- pc, err = net.ListenPacket("udp", "")
- if err != nil {
- logf("UDP remote listen error: %v", err)
- continue
- }
-
- nm.Store(raddr.String(), pc)
- go func() {
- timedCopy(c, raddr, pc, 5*time.Minute, true)
- pc.Close()
- nm.Delete(raddr.String())
- }()
- }
-
- pc = pc.(net.PacketConn)
- _, err = pc.WriteTo(payload, tgtUDPAddr) // accept only UDPAddr despite the signature
- if err != nil {
- logf("UDP remote write error: %v", err)
- continue
- }
-
- }
-}
-
// Dial connects to the address addr on the network net via the proxy.
func (s *SS) Dial(network, addr string) (net.Conn, error) {
From 4fe5eb97bbfe395062b12817bac91af90534d0fb Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 8 Sep 2017 15:25:10 +0800
Subject: [PATCH 086/341] ss: support proxy chain in udp over tcp mode
---
conn.go | 27 ---------------------------
rule.go | 2 +-
ss.go | 15 ++++++++++++---
3 files changed, 13 insertions(+), 31 deletions(-)
diff --git a/conn.go b/conn.go
index d217c1f..944e6ef 100644
--- a/conn.go
+++ b/conn.go
@@ -52,30 +52,3 @@ func relay(left, right net.Conn) (int64, int64, error) {
}
return n, rs.N, err
}
-
-// copy from src to dst at target with read timeout
-func timedCopy(dst net.PacketConn, target net.Addr, src net.PacketConn, timeout time.Duration, srcIncluded bool) error {
- buf := make([]byte, udpBufSize)
-
- for {
- src.SetReadDeadline(time.Now().Add(timeout))
- n, raddr, err := src.ReadFrom(buf)
- if err != nil {
- return err
- }
-
- if srcIncluded { // server -> client: add original packet source
- srcAddr := ParseAddr(raddr.String())
- copy(buf[len(srcAddr):], buf[:n])
- copy(buf, srcAddr)
- _, err = dst.WriteTo(buf[:len(srcAddr)+n], target)
- } else { // client -> user: strip original packet source
- srcAddr := SplitAddr(buf[:n])
- _, err = dst.WriteTo(buf[len(srcAddr):n], target)
- }
-
- if err != nil {
- return err
- }
- }
-}
diff --git a/rule.go b/rule.go
index bb24e61..21451f4 100644
--- a/rule.go
+++ b/rule.go
@@ -63,7 +63,7 @@ func (p *RuleDialer) NextDialer(dstAddr string) Dialer {
host, _, err := net.SplitHostPort(dstAddr)
if err != nil {
// TODO: check here
- logf("SplitHostPort ERROR: %s", err)
+ // logf("proxy-rule SplitHostPort ERROR: %s", err)
return p.gDialer
}
diff --git a/ss.go b/ss.go
index 965576d..cf71d49 100644
--- a/ss.go
+++ b/ss.go
@@ -71,8 +71,12 @@ func (s *SS) Serve(c net.Conn) {
return
}
- // udp over tcp
- if UoT(tgt[0]) {
+ dialer := s.sDialer.NextDialer("")
+
+ // udp over tcp?
+ uot := UoT(tgt[0])
+ if uot && dialer.Addr() == "DIRECT" {
+
rc, err := net.ListenPacket("udp", "")
if err != nil {
logf("UDP remote listen error: %v", err)
@@ -102,7 +106,12 @@ func (s *SS) Serve(c net.Conn) {
return
}
- rc, err := s.sDialer.Dial("tcp", tgt.String())
+ network := "tcp"
+ if uot {
+ network = "udp"
+ }
+
+ rc, err := dialer.Dial(network, tgt.String())
if err != nil {
logf("proxy-ss failed to connect to target: %v", err)
return
From fdbb9a503496812cee8023c4e3abff422a960871 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 9 Sep 2017 15:06:44 +0800
Subject: [PATCH 087/341] tproxy: add base udp tproxy listener codes
---
README.md | 2 +-
config/README.md | 2 +-
redir_linux.go | 14 +++++-----
redir_other.go | 2 +-
socks5.go | 2 +-
tcptun.go | 2 +-
tproxy.go | 68 ++++++++++++++++++++++++++++++++++++++++++++++++
tproxy_other.go | 20 ++++++++++++++
uottun.go | 2 +-
9 files changed, 100 insertions(+), 14 deletions(-)
create mode 100644 tproxy.go
create mode 100644 tproxy_other.go
diff --git a/README.md b/README.md
index 45d0239..e9369ec 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ General:
TODO:
- [x] UDP over TCP Tunnel (client <-udp-> uottun <-tcp-> ss <-udp-> target)
-- [ ] Linux tproxy support
+- [ ] Transparent UDP proxy (linux tproxy)
- [ ] TUN/TAP device support
- [ ] Code refactoring: support proxy registering so it can be pluggable
- [ ] Conditional compilation so we can abandon needless proxy type and get a smaller binary size
diff --git a/config/README.md b/config/README.md
index 05e8137..cc110f1 100644
--- a/config/README.md
+++ b/config/README.md
@@ -43,7 +43,7 @@ dns://53
# global remote dns server (you can specify different dns server in rule file)
dnsserver=8.8.8.8:53
-# Create and mange ipset on linux based on destinations in rule files
+# Create and manage ipset on linux based on destinations in rule files
# - add ip/cidrs in rule files on startup
# - add resolved ips for domains in rule files by dns forwarder server
# Usually used in transparent proxy mode on linux
diff --git a/redir_linux.go b/redir_linux.go
index 167e2ca..a2879bf 100644
--- a/redir_linux.go
+++ b/redir_linux.go
@@ -8,8 +8,6 @@ import (
"net"
"syscall"
"unsafe"
-
- "github.com/shadowsocks/go-shadowsocks2/socks"
)
const (
@@ -32,7 +30,7 @@ func NewRedirProxy(addr string, sDialer Dialer) (*RedirProxy, error) {
return s, nil
}
-// ListenAndServe redirected requests as a server.
+// ListenAndServe .
func (s *RedirProxy) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
@@ -84,7 +82,7 @@ func (s *RedirProxy) ListenAndServe() {
}
// Get the original destination of a TCP connection.
-func getOrigDst(conn net.Conn, ipv6 bool) (socks.Addr, error) {
+func getOrigDst(conn net.Conn, ipv6 bool) (Addr, error) {
c, ok := conn.(*net.TCPConn)
if !ok {
return nil, errors.New("only work with TCP connection")
@@ -112,7 +110,7 @@ func getOrigDst(conn net.Conn, ipv6 bool) (socks.Addr, error) {
}
// Call getorigdst() from linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
-func getorigdst(fd uintptr) (socks.Addr, error) {
+func getorigdst(fd uintptr) (Addr, error) {
raw := syscall.RawSockaddrInet4{}
siz := unsafe.Sizeof(raw)
if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IP, SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
@@ -120,7 +118,7 @@ func getorigdst(fd uintptr) (socks.Addr, error) {
}
addr := make([]byte, 1+net.IPv4len+2)
- addr[0] = socks.AtypIPv4
+ addr[0] = socks5IP4
copy(addr[1:1+net.IPv4len], raw.Addr[:])
port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian
addr[1+net.IPv4len], addr[1+net.IPv4len+1] = port[0], port[1]
@@ -129,7 +127,7 @@ func getorigdst(fd uintptr) (socks.Addr, error) {
// Call ipv6_getorigdst() from linux/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
// NOTE: I haven't tried yet but it should work since Linux 3.8.
-func ipv6_getorigdst(fd uintptr) (socks.Addr, error) {
+func ipv6_getorigdst(fd uintptr) (Addr, error) {
raw := syscall.RawSockaddrInet6{}
siz := unsafe.Sizeof(raw)
if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IPV6, IP6T_SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
@@ -137,7 +135,7 @@ func ipv6_getorigdst(fd uintptr) (socks.Addr, error) {
}
addr := make([]byte, 1+net.IPv6len+2)
- addr[0] = socks.AtypIPv6
+ addr[0] = socks5IP6
copy(addr[1:1+net.IPv6len], raw.Addr[:])
port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian
addr[1+net.IPv6len], addr[1+net.IPv6len+1] = port[0], port[1]
diff --git a/redir_other.go b/redir_other.go
index 9487e7a..41cf4df 100644
--- a/redir_other.go
+++ b/redir_other.go
@@ -15,7 +15,7 @@ func NewRedirProxy(addr string, sDialer Dialer) (*RedirProxy, error) {
return nil, errors.New("redir not supported on this os")
}
-// ListenAndServe redirected requests as a server.
+// ListenAndServe .
func (s *RedirProxy) ListenAndServe() {
log.Fatal("redir not supported on this os")
}
diff --git a/socks5.go b/socks5.go
index 7cb772f..300b890 100644
--- a/socks5.go
+++ b/socks5.go
@@ -77,7 +77,7 @@ func NewSOCKS5(addr, user, pass string, cDialer Dialer, sDialer Dialer) (*SOCKS5
return s, nil
}
-// ListenAndServe connects to the address addr on the network net via the SOCKS5 proxy.
+// ListenAndServe .
func (s *SOCKS5) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
diff --git a/tcptun.go b/tcptun.go
index 9a89196..51626e1 100644
--- a/tcptun.go
+++ b/tcptun.go
@@ -21,7 +21,7 @@ func NewTCPTun(addr, raddr string, sDialer Dialer) (*TCPTun, error) {
return s, nil
}
-// ListenAndServe redirected requests as a server.
+// ListenAndServe .
func (s *TCPTun) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
diff --git a/tproxy.go b/tproxy.go
new file mode 100644
index 0000000..5db9e67
--- /dev/null
+++ b/tproxy.go
@@ -0,0 +1,68 @@
+// +build linux
+
+package main
+
+import (
+ "net"
+ "syscall"
+)
+
+type TProxy struct {
+ *Forwarder // as client
+ sDialer Dialer // dialer for server
+}
+
+// NewTProxy returns a tproxy.
+func NewTProxy(addr string, sDialer Dialer) (*TProxy, error) {
+ s := &TProxy{
+ Forwarder: NewForwarder(addr, nil),
+ sDialer: sDialer,
+ }
+
+ return s, nil
+}
+
+// ListenAndServe .
+func (s *TProxy) ListenAndServe() {
+ // go s.ListenAndServeTCP()
+ s.ListenAndServeUDP()
+}
+
+func (s *TProxy) ListenAndServeTCP() {
+
+}
+
+func (s *TProxy) ListenAndServeUDP() {
+ laddr, err := net.ResolveUDPAddr("udp", s.addr)
+ if err != nil {
+ logf("proxy-tproxy failed to resolve addr %s: %v", s.addr, err)
+ return
+ }
+
+ listener, err := net.ListenUDP("udp", laddr)
+ if err != nil {
+ logf("proxy-tproxy failed to listen on %s: %v", s.addr, err)
+ return
+ }
+
+ fd, err := listener.File()
+ if err != nil {
+ logf("proxy-tproxy failed to get file descriptor: %v", err)
+ return
+ }
+ defer fd.Close()
+
+ fileDescriptor := int(fd.Fd())
+ if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_IP, syscall.IP_TRANSPARENT, 1); err != nil {
+ syscall.Close(fileDescriptor)
+ logf("proxy-tproxy failed to set socket option IP_TRANSPARENT: %v", err)
+ return
+ }
+
+ if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_IP, syscall.IP_RECVORIGDSTADDR, 1); err != nil {
+ syscall.Close(fileDescriptor)
+ logf("proxy-tproxy failed to set socket option IP_RECVORIGDSTADDR: %v", err)
+ return
+ }
+
+}
diff --git a/tproxy_other.go b/tproxy_other.go
new file mode 100644
index 0000000..ff8b3c1
--- /dev/null
+++ b/tproxy_other.go
@@ -0,0 +1,20 @@
+// +build !linux
+
+package main
+
+import (
+ "errors"
+ "log"
+)
+
+type TProxy struct{}
+
+// NewTProxy returns a tproxy.
+func NewTProxy(addr string, sDialer Dialer) (*TProxy, error) {
+ return nil, errors.New("tproxy not supported on this os")
+}
+
+// ListenAndServe .
+func (s *TProxy) ListenAndServe() {
+ log.Fatal("tproxy not supported on this os")
+}
diff --git a/uottun.go b/uottun.go
index 0cc77f7..9803832 100644
--- a/uottun.go
+++ b/uottun.go
@@ -24,7 +24,7 @@ func NewUoTTun(addr, raddr string, sDialer Dialer) (*UoTTun, error) {
return s, nil
}
-// ListenAndServe redirected requests as a server.
+// ListenAndServe .
func (s *UoTTun) ListenAndServe() {
c, err := net.ListenPacket("udp", s.addr)
From 061f64733c1170a048a7e0db22ca6ab535420d15 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 10 Sep 2017 19:42:26 +0800
Subject: [PATCH 088/341] ci: add travis-ci config file
---
.travis.yml | 6 ++++++
1 file changed, 6 insertions(+)
create mode 100644 .travis.yml
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..5792b69
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,6 @@
+language: go
+
+go:
+ - 1.9
+ - tip
+
From 53466d8183fd2ce85fe17504a29fe83a5523da83 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 10 Sep 2017 19:48:53 +0800
Subject: [PATCH 089/341] doc: add build status, go report card, licese icons
---
README.md | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/README.md b/README.md
index e9369ec..928fac0 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,9 @@
# [glider](https://github.com/nadoo/glider)
+
+[](https://travis-ci.org/nadoo/glider)
+[](https://goreportcard.com/report/github.com/nadoo/glider)
+[](https://github.com/nadoo/glider/blob/master/LICENSE)
+
glider is a forward proxy with multiple protocols support, and also a dns forwarding server with ipset management features(like dnsmasq).
we can set up local listeners as proxy servers, and forward requests to internet via forwarders.
From 7ba0773fd792c43321254b04c77ff2bcbe5d9974 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 10 Sep 2017 20:33:35 +0800
Subject: [PATCH 090/341] general: add some comments to functions
---
dns.go | 2 +-
dnstun.go | 4 ++--
forwarder.go | 7 +++++--
http.go | 2 +-
ipset_linux.go | 4 +++-
ipset_other.go | 6 ++++--
log.go | 2 +-
mixed.go | 2 +-
redir_linux_386.go | 3 ++-
redir_other.go | 2 +-
rule.go | 7 +++++--
server.go | 2 +-
socks5.go | 2 +-
strategy.go | 6 +++---
tcptun.go | 2 +-
tproxy.go | 5 ++++-
tproxy_other.go | 1 +
17 files changed, 37 insertions(+), 22 deletions(-)
diff --git a/dns.go b/dns.go
index 397db47..25149e1 100644
--- a/dns.go
+++ b/dns.go
@@ -62,7 +62,7 @@ type DNS struct {
answerHandlers []DNSAnswerHandler
}
-// NewDNS returns a dns forwarder. client -> dns.udp -> glider -> forwarder -> remote dns addr
+// NewDNS returns a dns forwarder. client[dns.udp] -> glider[tcp] -> forwarder[dns.tcp] -> remote dns addr
func NewDNS(addr, raddr string, sDialer Dialer) (*DNS, error) {
s := &DNS{
Forwarder: NewForwarder(addr, nil),
diff --git a/dnstun.go b/dnstun.go
index df4b53f..2c0c04c 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -2,7 +2,7 @@
package main
-// DNSTun .
+// DNSTun struct
type DNSTun struct {
*Forwarder // as client
sDialer Dialer // dialer for server
@@ -13,7 +13,7 @@ type DNSTun struct {
tcp *TCPTun
}
-// NewDNSTun returns a dns forwarder.
+// NewDNSTun returns a dns tunnel forwarder.
func NewDNSTun(addr, raddr string, sDialer Dialer) (*DNSTun, error) {
s := &DNSTun{
Forwarder: NewForwarder(addr, nil),
diff --git a/forwarder.go b/forwarder.go
index cc72f16..ea34525 100644
--- a/forwarder.go
+++ b/forwarder.go
@@ -2,13 +2,13 @@ package main
import "net"
-// Forwarder .
+// Forwarder struct
type Forwarder struct {
addr string
cDialer Dialer
}
-// NewForwarder .
+// NewForwarder returns a base forwarder
func NewForwarder(addr string, cDialer Dialer) *Forwarder {
if cDialer == nil {
cDialer = Direct
@@ -17,12 +17,15 @@ func NewForwarder(addr string, cDialer Dialer) *Forwarder {
return &Forwarder{addr: addr, cDialer: cDialer}
}
+// Addr returns forwarder's address
func (p *Forwarder) Addr() string { return p.addr }
+// Dial to remote addr via cDialer
func (p *Forwarder) Dial(network, addr string) (net.Conn, error) {
return p.cDialer.Dial(network, addr)
}
+// NextDialer returns the next cDialer
func (p *Forwarder) NextDialer(dstAddr string) Dialer {
return p.cDialer
}
diff --git a/http.go b/http.go
index e4d9ec4..f8d4f8c 100644
--- a/http.go
+++ b/http.go
@@ -16,7 +16,7 @@ import (
"time"
)
-// HTTP .
+// HTTP struct
type HTTP struct {
*Forwarder // as client
sDialer Dialer // dialer for server
diff --git a/ipset_linux.go b/ipset_linux.go
index e0065c5..48b68d7 100644
--- a/ipset_linux.go
+++ b/ipset_linux.go
@@ -53,6 +53,7 @@ const NLA_F_NET_BYTEORDER = (1 << 14)
var nextSeqNr uint32
var nativeEndian binary.ByteOrder
+// IPSetManager struct
type IPSetManager struct {
fd int
lsa syscall.SockaddrNetlink
@@ -61,6 +62,7 @@ type IPSetManager struct {
domainSet sync.Map
}
+// NewIPSetManager returns a IPSetManager
func NewIPSetManager(mainSet string, rules []*RuleConf) (*IPSetManager, error) {
fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_NETFILTER)
if err != nil {
@@ -111,7 +113,7 @@ func NewIPSetManager(mainSet string, rules []*RuleConf) (*IPSetManager, error) {
return m, nil
}
-// AddDomainIP used to update ipset according to domainSet rule
+// AddDomainIP implements the DNSAnswerHandler function, used to update ipset according to domainSet rule
func (m *IPSetManager) AddDomainIP(domain, ip string) error {
if ip != "" {
diff --git a/ipset_other.go b/ipset_other.go
index 1f2857f..5d99bfe 100644
--- a/ipset_other.go
+++ b/ipset_other.go
@@ -4,13 +4,15 @@ package main
import "errors"
-type IPSetManager struct {
-}
+// IPSetManager struct
+type IPSetManager struct{}
+// NewIPSetManager returns a IPSetManager
func NewIPSetManager(mainSet string, rules []*RuleConf) (*IPSetManager, error) {
return nil, errors.New("ipset not supported on this os")
}
+// AddDomainIP implements the DNSAnswerHandler function
func (m *IPSetManager) AddDomainIP(domain, ip string) error {
return errors.New("ipset not supported on this os")
}
diff --git a/log.go b/log.go
index b14bafe..dd88acc 100644
--- a/log.go
+++ b/log.go
@@ -2,7 +2,7 @@ package main
import "log"
-// LogFunc .
+// LogFunc defines a simple log function
type LogFunc func(f string, v ...interface{})
var logf LogFunc
diff --git a/mixed.go b/mixed.go
index c666881..7e2f6ac 100644
--- a/mixed.go
+++ b/mixed.go
@@ -17,7 +17,7 @@ var httpMethods = [...][]byte{
[]byte("TRACE"),
}
-// MixedProxy .
+// MixedProxy struct
type MixedProxy struct {
sDialer Dialer
diff --git a/redir_linux_386.go b/redir_linux_386.go
index 8b8db6f..d19d48f 100644
--- a/redir_linux_386.go
+++ b/redir_linux_386.go
@@ -5,7 +5,8 @@ import (
"unsafe"
)
-const GETSOCKOPT = 15 // https://golang.org/src/syscall/syscall_linux_386.go#L183
+// https://github.com/golang/go/blob/9e6b79a5dfb2f6fe4301ced956419a0da83bd025/src/syscall/syscall_linux_386.go#L196
+const GETSOCKOPT = 15
func socketcall(call, a0, a1, a2, a3, a4, a5 uintptr) error {
var a [6]uintptr
diff --git a/redir_other.go b/redir_other.go
index 41cf4df..c26f857 100644
--- a/redir_other.go
+++ b/redir_other.go
@@ -7,7 +7,7 @@ import (
"log"
)
-// RedirProxy .
+// RedirProxy struct
type RedirProxy struct{}
// NewRedirProxy returns a redirect proxy.
diff --git a/rule.go b/rule.go
index 21451f4..920d486 100644
--- a/rule.go
+++ b/rule.go
@@ -7,7 +7,7 @@ import (
"sync"
)
-// RuleDialer .
+// RuleDialer struct
type RuleDialer struct {
gDialer Dialer
@@ -16,7 +16,7 @@ type RuleDialer struct {
cidrMap sync.Map
}
-// NewRuleDialer .
+// NewRuleDialer returns a new rule dialer
func NewRuleDialer(rules []*RuleConf, gDialer Dialer) *RuleDialer {
rd := &RuleDialer{gDialer: gDialer}
@@ -55,8 +55,10 @@ func NewRuleDialer(rules []*RuleConf, gDialer Dialer) *RuleDialer {
return rd
}
+// Addr returns RuleDialer's address, always be "RULES"
func (rd *RuleDialer) Addr() string { return "RULES" }
+// NextDialer return next dialer according to rule
func (p *RuleDialer) NextDialer(dstAddr string) Dialer {
// TODO: change to index finders
@@ -106,6 +108,7 @@ func (p *RuleDialer) NextDialer(dstAddr string) Dialer {
return p.gDialer
}
+// Dial dials to targer addr and return a conn
func (rd *RuleDialer) Dial(network, addr string) (net.Conn, error) {
return rd.NextDialer(addr).Dial(network, addr)
}
diff --git a/server.go b/server.go
index 1054c45..ebc6ab6 100644
--- a/server.go
+++ b/server.go
@@ -6,7 +6,7 @@ import (
"strings"
)
-// Server .
+// Server interface
type Server interface {
// ListenAndServe as proxy server, use only in server mode.
ListenAndServe()
diff --git a/socks5.go b/socks5.go
index 300b890..68ebd08 100644
--- a/socks5.go
+++ b/socks5.go
@@ -55,7 +55,7 @@ var socks5Errors = []string{
"address type not supported",
}
-// SOCKS5 .
+// SOCKS5 struct
type SOCKS5 struct {
*Forwarder
sDialer Dialer
diff --git a/strategy.go b/strategy.go
index 312f5d8..4f6dd8c 100644
--- a/strategy.go
+++ b/strategy.go
@@ -8,7 +8,7 @@ import (
"time"
)
-// NewStrategyDialer .
+// NewStrategyDialer returns a new Strategy Dialer
func NewStrategyDialer(strategy string, dialers []Dialer, website string, duration int) Dialer {
var dialer Dialer
if len(dialers) == 0 {
@@ -32,7 +32,7 @@ func NewStrategyDialer(strategy string, dialers []Dialer, website string, durati
return dialer
}
-// rrDialer
+// rrDialer is the base struct of strategy dialer
type rrDialer struct {
dialers []Dialer
idx int
@@ -44,7 +44,7 @@ type rrDialer struct {
duration int
}
-// newRRDialer .
+// newRRDialer returns a new rrDialer
func newRRDialer(dialers []Dialer, website string, duration int) *rrDialer {
rr := &rrDialer{dialers: dialers}
diff --git a/tcptun.go b/tcptun.go
index 51626e1..bd1934b 100644
--- a/tcptun.go
+++ b/tcptun.go
@@ -2,7 +2,7 @@ package main
import "net"
-// TCPTun .
+// TCPTun struct
type TCPTun struct {
*Forwarder
sDialer Dialer
diff --git a/tproxy.go b/tproxy.go
index 5db9e67..0058e93 100644
--- a/tproxy.go
+++ b/tproxy.go
@@ -7,6 +7,7 @@ import (
"syscall"
)
+// TProxy struct
type TProxy struct {
*Forwarder // as client
sDialer Dialer // dialer for server
@@ -28,10 +29,12 @@ func (s *TProxy) ListenAndServe() {
s.ListenAndServeUDP()
}
+// ListenAndServeTCP .
func (s *TProxy) ListenAndServeTCP() {
-
+ logf("proxy-tproxy tcp mode not supported now, please use 'redir' instead")
}
+// ListenAndServeUDP .
func (s *TProxy) ListenAndServeUDP() {
laddr, err := net.ResolveUDPAddr("udp", s.addr)
if err != nil {
diff --git a/tproxy_other.go b/tproxy_other.go
index ff8b3c1..f5dbaeb 100644
--- a/tproxy_other.go
+++ b/tproxy_other.go
@@ -7,6 +7,7 @@ import (
"log"
)
+// TProxy struct
type TProxy struct{}
// NewTProxy returns a tproxy.
From 1cf0c4898201c6c69d08dd4c6aecd5f1ffaa7a47 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 11 Sep 2017 00:25:57 +0800
Subject: [PATCH 091/341] doc: add some badges
---
README.md | 3 +++
1 file changed, 3 insertions(+)
diff --git a/README.md b/README.md
index 928fac0..8499be2 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,9 @@
[](https://travis-ci.org/nadoo/glider)
[](https://goreportcard.com/report/github.com/nadoo/glider)
+[](https://github.com/nadoo/glider/releases)
+[](https://github.com/nadoo/glider/releases)
+[](https://github.com/nadoo/glider/issues)
[](https://github.com/nadoo/glider/blob/master/LICENSE)
glider is a forward proxy with multiple protocols support, and also a dns forwarding server with ipset management features(like dnsmasq).
From c27ccc14733f4d2a019d88d9feeabb248a6b52b7 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 11 Sep 2017 00:28:40 +0800
Subject: [PATCH 092/341] doc: update README
---
README.md | 1 -
1 file changed, 1 deletion(-)
diff --git a/README.md b/README.md
index 8499be2..2d676e1 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,6 @@
[](https://goreportcard.com/report/github.com/nadoo/glider)
[](https://github.com/nadoo/glider/releases)
[](https://github.com/nadoo/glider/releases)
-[](https://github.com/nadoo/glider/issues)
[](https://github.com/nadoo/glider/blob/master/LICENSE)
glider is a forward proxy with multiple protocols support, and also a dns forwarding server with ipset management features(like dnsmasq).
From 3dc02c246b7736ea3454c02e1dbda07885e42ead Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 11 Sep 2017 00:42:28 +0800
Subject: [PATCH 093/341] doc: add go version badge
---
README.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 2d676e1..3c1335a 100644
--- a/README.md
+++ b/README.md
@@ -2,9 +2,10 @@
[](https://travis-ci.org/nadoo/glider)
[](https://goreportcard.com/report/github.com/nadoo/glider)
+[](https://golang.org/dl/)
+[](https://github.com/nadoo/glider/blob/master/LICENSE)
[](https://github.com/nadoo/glider/releases)
[](https://github.com/nadoo/glider/releases)
-[](https://github.com/nadoo/glider/blob/master/LICENSE)
glider is a forward proxy with multiple protocols support, and also a dns forwarding server with ipset management features(like dnsmasq).
From 4b0388a47d5af6cc1b6a2af6f832854f65de0b5a Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 11 Sep 2017 15:02:59 +0800
Subject: [PATCH 094/341] udptun: use routine to handle upstream connection
---
README.md | 4 +--
tproxy.go | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
uottun.go | 32 +++++++++++----------
3 files changed, 102 insertions(+), 20 deletions(-)
diff --git a/README.md b/README.md
index 3c1335a..bb2b225 100644
--- a/README.md
+++ b/README.md
@@ -2,8 +2,6 @@
[](https://travis-ci.org/nadoo/glider)
[](https://goreportcard.com/report/github.com/nadoo/glider)
-[](https://golang.org/dl/)
-[](https://github.com/nadoo/glider/blob/master/LICENSE)
[](https://github.com/nadoo/glider/releases)
[](https://github.com/nadoo/glider/releases)
@@ -61,7 +59,7 @@ TODO:
Binary:
- [https://github.com/nadoo/glider/releases](https://github.com/nadoo/glider/releases)
-Go Get (requires **Go 1.9 or newer**):
+Go Get (requires **Go 1.9+** ):
```bash
go get -u github.com/nadoo/glider
```
diff --git a/tproxy.go b/tproxy.go
index 0058e93..03e74ad 100644
--- a/tproxy.go
+++ b/tproxy.go
@@ -1,10 +1,18 @@
// +build linux
+// ref: https://www.kernel.org/doc/Documentation/networking/tproxy.txt
+// @LiamHaworth: https://github.com/LiamHaworth/go-tproxy/blob/master/tproxy_udp.go
+
package main
import (
+ "bytes"
+ "encoding/binary"
+ "fmt"
"net"
+ "strconv"
"syscall"
+ "unsafe"
)
// TProxy struct
@@ -42,13 +50,13 @@ func (s *TProxy) ListenAndServeUDP() {
return
}
- listener, err := net.ListenUDP("udp", laddr)
+ lc, err := net.ListenUDP("udp", laddr)
if err != nil {
logf("proxy-tproxy failed to listen on %s: %v", s.addr, err)
return
}
- fd, err := listener.File()
+ fd, err := lc.File()
if err != nil {
logf("proxy-tproxy failed to get file descriptor: %v", err)
return
@@ -68,4 +76,78 @@ func (s *TProxy) ListenAndServeUDP() {
return
}
+ for {
+
+ buf := make([]byte, 1024)
+ _, srcAddr, dstAddr, err := ReadFromUDP(lc, buf)
+ if err != nil {
+ if netErr, ok := err.(net.Error); ok && netErr.Temporary() {
+ logf("proxy-tproxy Temporary error while reading data: %s", netErr)
+ }
+
+ logf("proxy-tproxy Unrecoverable error while reading data: %s", err)
+ return
+ }
+
+ logf("proxy-tproxy Accepting UDP connection from %s with destination of %s", srcAddr.String(), dstAddr.String())
+
+ }
+
+}
+
+// ReadFromUDP reads a UDP packet from c, copying the payload into b.
+// It returns the number of bytes copied into b and the return address
+// that was on the packet.
+//
+// Out-of-band data is also read in so that the original destination
+// address can be identified and parsed.
+func ReadFromUDP(conn *net.UDPConn, b []byte) (int, *net.UDPAddr, *net.UDPAddr, error) {
+ oob := make([]byte, 1024)
+ n, oobn, _, addr, err := conn.ReadMsgUDP(b, oob)
+ if err != nil {
+ return 0, nil, nil, err
+ }
+
+ msgs, err := syscall.ParseSocketControlMessage(oob[:oobn])
+ if err != nil {
+ return 0, nil, nil, fmt.Errorf("parsing socket control message: %s", err)
+ }
+
+ var originalDst *net.UDPAddr
+ for _, msg := range msgs {
+ if msg.Header.Level == syscall.SOL_IP && msg.Header.Type == syscall.IP_RECVORIGDSTADDR {
+ originalDstRaw := &syscall.RawSockaddrInet4{}
+ if err = binary.Read(bytes.NewReader(msg.Data), binary.LittleEndian, originalDstRaw); err != nil {
+ return 0, nil, nil, fmt.Errorf("reading original destination address: %s", err)
+ }
+
+ switch originalDstRaw.Family {
+ case syscall.AF_INET:
+ pp := (*syscall.RawSockaddrInet4)(unsafe.Pointer(originalDstRaw))
+ p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+ originalDst = &net.UDPAddr{
+ IP: net.IPv4(pp.Addr[0], pp.Addr[1], pp.Addr[2], pp.Addr[3]),
+ Port: int(p[0])<<8 + int(p[1]),
+ }
+
+ case syscall.AF_INET6:
+ pp := (*syscall.RawSockaddrInet6)(unsafe.Pointer(originalDstRaw))
+ p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+ originalDst = &net.UDPAddr{
+ IP: net.IP(pp.Addr[:]),
+ Port: int(p[0])<<8 + int(p[1]),
+ Zone: strconv.Itoa(int(pp.Scope_id)),
+ }
+
+ default:
+ return 0, nil, nil, fmt.Errorf("original destination is an unsupported network family")
+ }
+ }
+ }
+
+ if originalDst == nil {
+ return 0, nil, nil, fmt.Errorf("unable to obtain original destination: %s", err)
+ }
+
+ return n, addr, originalDst, nil
}
diff --git a/uottun.go b/uottun.go
index 9803832..62e6247 100644
--- a/uottun.go
+++ b/uottun.go
@@ -45,24 +45,26 @@ func (s *UoTTun) ListenAndServe() {
continue
}
- // NOTE: acturally udp over tcp
- rc, err := s.sDialer.Dial("udp", s.raddr)
- if err != nil {
- logf("failed to connect to server %v: %v", s.raddr, err)
- continue
- }
+ go func() {
+ // NOTE: acturally udp over tcp
+ rc, err := s.sDialer.Dial("udp", s.raddr)
+ if err != nil {
+ logf("failed to connect to server %v: %v", s.raddr, err)
+ return
+ }
- rc.Write(buf[:n])
+ rc.Write(buf[:n])
- resp, err := ioutil.ReadAll(rc)
- if err != nil {
- logf("error in ioutil.ReadAll: %s\n", err)
- return
- }
- rc.Close()
+ resp, err := ioutil.ReadAll(rc)
+ if err != nil {
+ logf("error in ioutil.ReadAll: %s\n", err)
+ return
+ }
+ rc.Close()
- c.WriteTo(resp, clientAddr)
+ c.WriteTo(resp, clientAddr)
- logf("proxy-uottun %s <-> %s", clientAddr, s.raddr)
+ logf("proxy-uottun %s <-> %s", clientAddr, s.raddr)
+ }()
}
}
From 54e3f2ac6b9a2195a2a02bb76634d0a3505d02d0 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 16 Sep 2017 23:10:10 +0800
Subject: [PATCH 095/341] tproxy: use continue instead of return
---
README.md | 2 +-
tproxy.go | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index bb2b225..693a1b1 100644
--- a/README.md
+++ b/README.md
@@ -167,7 +167,7 @@ Examples:
-listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.
```
-## Advance Usage
+## Advanced Usage
- [ConfigFile](config)
- [glider.conf.example](config/glider.conf.example)
- [office.rule.example](config/rules.d/office.rule.example)
diff --git a/tproxy.go b/tproxy.go
index 03e74ad..b61750d 100644
--- a/tproxy.go
+++ b/tproxy.go
@@ -77,16 +77,16 @@ func (s *TProxy) ListenAndServeUDP() {
}
for {
-
buf := make([]byte, 1024)
_, srcAddr, dstAddr, err := ReadFromUDP(lc, buf)
if err != nil {
if netErr, ok := err.(net.Error); ok && netErr.Temporary() {
- logf("proxy-tproxy Temporary error while reading data: %s", netErr)
+ logf("proxy-tproxy temporary reading data error: %s", netErr)
+ continue
}
logf("proxy-tproxy Unrecoverable error while reading data: %s", err)
- return
+ continue
}
logf("proxy-tproxy Accepting UDP connection from %s with destination of %s", srcAddr.String(), dstAddr.String())
From 65e3940bd65dc8f72c3aea60a28d2c678b2d6dc5 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 21 Sep 2017 23:07:04 +0800
Subject: [PATCH 096/341] rule: change receiver name
---
mixed.go | 1 +
rule.go | 12 ++++++------
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/mixed.go b/mixed.go
index 7e2f6ac..4c44a7b 100644
--- a/mixed.go
+++ b/mixed.go
@@ -60,6 +60,7 @@ func (p *MixedProxy) ListenAndServe() {
}
}
+// Serve .
func (p *MixedProxy) Serve(conn net.Conn) {
defer conn.Close()
diff --git a/rule.go b/rule.go
index 920d486..475d63c 100644
--- a/rule.go
+++ b/rule.go
@@ -59,26 +59,26 @@ func NewRuleDialer(rules []*RuleConf, gDialer Dialer) *RuleDialer {
func (rd *RuleDialer) Addr() string { return "RULES" }
// NextDialer return next dialer according to rule
-func (p *RuleDialer) NextDialer(dstAddr string) Dialer {
+func (rd *RuleDialer) NextDialer(dstAddr string) Dialer {
// TODO: change to index finders
host, _, err := net.SplitHostPort(dstAddr)
if err != nil {
// TODO: check here
// logf("proxy-rule SplitHostPort ERROR: %s", err)
- return p.gDialer
+ return rd.gDialer
}
// find ip
if ip := net.ParseIP(host); ip != nil {
// check ip
- if d, ok := p.ipMap.Load(ip.String()); ok {
+ if d, ok := rd.ipMap.Load(ip.String()); ok {
return d.(Dialer)
}
var ret Dialer
// check cidr
- p.cidrMap.Range(func(key, value interface{}) bool {
+ rd.cidrMap.Range(func(key, value interface{}) bool {
cidr := key.(*net.IPNet)
if cidr.Contains(ip) {
ret = value.(Dialer)
@@ -100,12 +100,12 @@ func (p *RuleDialer) NextDialer(dstAddr string) Dialer {
domain := strings.Join(domainParts[i:length], ".")
// find in domainMap
- if d, ok := p.domainMap.Load(domain); ok {
+ if d, ok := rd.domainMap.Load(domain); ok {
return d.(Dialer)
}
}
- return p.gDialer
+ return rd.gDialer
}
// Dial dials to targer addr and return a conn
From 97dda6148397c704e0d95b4c0775be02924234b7 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 21 Sep 2017 23:13:44 +0800
Subject: [PATCH 097/341] redir: avoid underscore in func name
---
redir_linux.go | 10 ++++++----
redir_linux_other.go | 1 +
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/redir_linux.go b/redir_linux.go
index a2879bf..170397b 100644
--- a/redir_linux.go
+++ b/redir_linux.go
@@ -11,8 +11,10 @@ import (
)
const (
- SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv4.h
- IP6T_SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h
+ // from linux/include/uapi/linux/netfilter_ipv4.h
+ SO_ORIGINAL_DST = 80
+ // from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h
+ IP6T_SO_ORIGINAL_DST = 80
)
type RedirProxy struct {
@@ -103,7 +105,7 @@ func getOrigDst(conn net.Conn, ipv6 bool) (Addr, error) {
}
if ipv6 {
- return ipv6_getorigdst(fd)
+ return getorigdstIPv6(fd)
}
return getorigdst(fd)
@@ -127,7 +129,7 @@ func getorigdst(fd uintptr) (Addr, error) {
// Call ipv6_getorigdst() from linux/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
// NOTE: I haven't tried yet but it should work since Linux 3.8.
-func ipv6_getorigdst(fd uintptr) (Addr, error) {
+func getorigdstIPv6(fd uintptr) (Addr, error) {
raw := syscall.RawSockaddrInet6{}
siz := unsafe.Sizeof(raw)
if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IPV6, IP6T_SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
diff --git a/redir_linux_other.go b/redir_linux_other.go
index 96f9561..6589afc 100644
--- a/redir_linux_other.go
+++ b/redir_linux_other.go
@@ -4,6 +4,7 @@ package main
import "syscall"
+// GETSOCKOPT from syscall
const GETSOCKOPT = syscall.SYS_GETSOCKOPT
func socketcall(call, a0, a1, a2, a3, a4, a5 uintptr) error {
From ade87c9588738440ff48eeabfde4c640417ad8f3 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 2 Oct 2017 19:39:57 +0800
Subject: [PATCH 098/341] ipset: add comments
---
ipset_linux.go | 2 ++
redir_linux.go | 5 +++--
server.go | 3 ---
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/ipset_linux.go b/ipset_linux.go
index 48b68d7..708f8f0 100644
--- a/ipset_linux.go
+++ b/ipset_linux.go
@@ -16,6 +16,8 @@ import (
"unsafe"
)
+// netfilter netlink message types
+// https://github.com/torvalds/linux/blob/9e66317d3c92ddaab330c125dfe9d06eee268aff/include/uapi/linux/netfilter/nfnetlink.h#L56
const NFNL_SUBSYS_IPSET = 6
// http://git.netfilter.org/ipset/tree/include/libipset/linux_ip_set.h
diff --git a/redir_linux.go b/redir_linux.go
index 170397b..7335218 100644
--- a/redir_linux.go
+++ b/redir_linux.go
@@ -11,12 +11,13 @@ import (
)
const (
- // from linux/include/uapi/linux/netfilter_ipv4.h
+ // SO_ORIGINAL_DST from linux/include/uapi/linux/netfilter_ipv4.h
SO_ORIGINAL_DST = 80
- // from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h
+ // IP6T_SO_ORIGINAL_DST from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h
IP6T_SO_ORIGINAL_DST = 80
)
+// RedirProxy struct
type RedirProxy struct {
*Forwarder // as client
sDialer Dialer // dialer for server
diff --git a/server.go b/server.go
index ebc6ab6..a2c8581 100644
--- a/server.go
+++ b/server.go
@@ -10,9 +10,6 @@ import (
type Server interface {
// ListenAndServe as proxy server, use only in server mode.
ListenAndServe()
-
- // Serve
- // Serve(c net.Conn)
}
// ServerFromURL parses url and get a Proxy
From 8ef2944f1ab6383bb94b3f7c76d5bdace0c4e6d0 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 18 Oct 2017 21:47:32 +0800
Subject: [PATCH 099/341] log: optimize logs for redir and socks5
---
redir_linux.go | 12 ++++++------
socks5.go | 10 +++++-----
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/redir_linux.go b/redir_linux.go
index 7335218..81fbbcb 100644
--- a/redir_linux.go
+++ b/redir_linux.go
@@ -37,16 +37,16 @@ func NewRedirProxy(addr string, sDialer Dialer) (*RedirProxy, error) {
func (s *RedirProxy) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
- logf("failed to listen on %s: %v", s.addr, err)
+ logf("proxy-redir failed to listen on %s: %v", s.addr, err)
return
}
- logf("listening TCP on %s", s.addr)
+ logf("proxy-redir listening TCP on %s", s.addr)
for {
c, err := l.Accept()
if err != nil {
- logf("failed to accept: %v", err)
+ logf("proxy-redir failed to accept: %v", err)
continue
}
@@ -59,13 +59,13 @@ func (s *RedirProxy) ListenAndServe() {
tgt, err := getOrigDst(c, false)
if err != nil {
- logf("failed to get target address: %v", err)
+ logf("proxy-redir failed to get target address: %v", err)
return
}
rc, err := s.sDialer.Dial("tcp", tgt.String())
if err != nil {
- logf("failed to connect to target: %v", err)
+ logf("proxy-redir failed to connect to target: %v", err)
return
}
defer rc.Close()
@@ -77,7 +77,7 @@ func (s *RedirProxy) ListenAndServe() {
if err, ok := err.(net.Error); ok && err.Timeout() {
return // ignore i/o timeout
}
- logf("relay error: %v", err)
+ logf("proxy-redir relay error: %v", err)
}
}()
diff --git a/socks5.go b/socks5.go
index 68ebd08..4c6fa03 100644
--- a/socks5.go
+++ b/socks5.go
@@ -81,16 +81,16 @@ func NewSOCKS5(addr, user, pass string, cDialer Dialer, sDialer Dialer) (*SOCKS5
func (s *SOCKS5) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
- logf("failed to listen on %s: %v", s.addr, err)
+ logf("proxy-socks5 failed to listen on %s: %v", s.addr, err)
return
}
- logf("listening TCP on %s", s.addr)
+ logf("proxy-socks5 listening TCP on %s", s.addr)
for {
c, err := l.Accept()
if err != nil {
- logf("failed to accept: %v", err)
+ logf("proxy-socks5 failed to accept: %v", err)
continue
}
@@ -108,13 +108,13 @@ func (s *SOCKS5) Serve(c net.Conn) {
tgt, err := s.handshake(c)
if err != nil {
- logf("failed to get target address: %v", err)
+ logf("proxy-socks5 failed to get target address: %v", err)
return
}
rc, err := s.sDialer.Dial("tcp", tgt.String())
if err != nil {
- logf("failed to connect to target: %v", err)
+ logf("proxy-socks5 failed to connect to target: %v", err)
return
}
defer rc.Close()
From 49198b01b86e56365de6adbe4d10b201678b10d3 Mon Sep 17 00:00:00 2001
From: ksafe
Date: Mon, 30 Oct 2017 23:05:39 +0800
Subject: [PATCH 100/341] Update glider.conf.example
dns port config error
---
config/glider.conf.example | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/glider.conf.example b/config/glider.conf.example
index e0c15f6..fb70285 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -104,7 +104,7 @@ checkduration=30
# we can specify different upstream dns server in rule file for different destinations
# Setup a dns forwarding server
-dns://53
+dns=:53
# global remote dns server (you can specify different dns server in rule file)
dnsserver=8.8.8.8:53
From ae7c62efe519bdb8b6dec4a5895065c28d15b09e Mon Sep 17 00:00:00 2001
From: amarkowski
Date: Fri, 3 Nov 2017 11:55:15 +0100
Subject: [PATCH 101/341] use sync.Map in status
---
strategy.go | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/strategy.go b/strategy.go
index 4f6dd8c..98307e3 100644
--- a/strategy.go
+++ b/strategy.go
@@ -6,6 +6,7 @@ import (
"net"
"strings"
"time"
+ "sync"
)
// NewStrategyDialer returns a new Strategy Dialer
@@ -37,7 +38,7 @@ type rrDialer struct {
dialers []Dialer
idx int
- status map[int]bool
+ status sync.Map
// for checking
website string
@@ -48,12 +49,11 @@ type rrDialer struct {
func newRRDialer(dialers []Dialer, website string, duration int) *rrDialer {
rr := &rrDialer{dialers: dialers}
- rr.status = make(map[int]bool)
rr.website = website
rr.duration = duration
for k := range dialers {
- rr.status[k] = true
+ rr.status.Store(k,true)
go rr.checkDialer(k)
}
@@ -74,7 +74,8 @@ func (rr *rrDialer) NextDialer(dstAddr string) Dialer {
found := false
for i := 0; i < n; i++ {
rr.idx = (rr.idx + 1) % n
- if rr.status[rr.idx] {
+ result, ok := rr.status.Load(rr.idx)
+ if (ok && result.(bool)) {
found = true
break
}
@@ -109,7 +110,7 @@ func (rr *rrDialer) checkDialer(idx int) {
startTime := time.Now()
c, err := d.Dial("tcp", rr.website)
if err != nil {
- rr.status[idx] = false
+ rr.status.Store(idx, false)
logf("proxy-check %s -> %s, set to DISABLED. error in dial: %s", d.Addr(), rr.website, err)
continue
}
@@ -119,15 +120,15 @@ func (rr *rrDialer) checkDialer(idx int) {
_, err = io.ReadFull(c, buf)
if err != nil {
- rr.status[idx] = false
+ rr.status.Store(idx, false)
logf("proxy-check %s -> %s, set to DISABLED. error in read: %s", d.Addr(), rr.website, err)
} else if bytes.Equal([]byte("HTTP"), buf) {
- rr.status[idx] = true
+ rr.status.Store(idx, true)
retry = 2
dialTime := time.Since(startTime)
logf("proxy-check %s -> %s, set to ENABLED. connect time: %s", d.Addr(), rr.website, dialTime.String())
} else {
- rr.status[idx] = false
+ rr.status.Store(idx, false)
logf("proxy-check %s -> %s, set to DISABLED. server response: %s", d.Addr(), rr.website, buf)
}
@@ -148,7 +149,9 @@ func newHADialer(dialers []Dialer, webhost string, duration int) Dialer {
func (ha *haDialer) Dial(network, addr string) (net.Conn, error) {
d := ha.dialers[ha.idx]
- if !ha.status[ha.idx] {
+ result, ok := ha.status.Load(ha.idx)
+
+ if (ok && !result.(bool)) {
d = ha.NextDialer(addr)
}
From 1aae8a574b17f516145fa6f9c87711eb5b6f17f0 Mon Sep 17 00:00:00 2001
From: nodarret
Date: Tue, 7 Nov 2017 13:04:19 +0100
Subject: [PATCH 102/341] bump version
---
main.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/main.go b/main.go
index b57fd36..81c6709 100644
--- a/main.go
+++ b/main.go
@@ -9,7 +9,7 @@ import (
)
// VERSION .
-const VERSION = "0.4.1"
+const VERSION = "0.4.1.1"
func dialerFromConf() Dialer {
// global forwarders in xx.conf
From 632f45448b85ca81dd9bf641e9aa9460cb823ff5 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 17 Dec 2017 00:36:53 +0800
Subject: [PATCH 103/341] http: add basic auth in client mode
---
README.md | 4 ++--
dialer.go | 2 +-
http.go | 13 ++++++++++++-
mixed.go | 2 +-
server.go | 2 +-
5 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/README.md b/README.md
index 693a1b1..e16be36 100644
--- a/README.md
+++ b/README.md
@@ -35,7 +35,7 @@ DNS Forwarding Server(udp2tcp):
- Add resolved IPs to proxy rules
- Add resolved IPs to ipset
-Ipset Management:
+IPSet Management:
- Add ip/cidrs from rule files on startup
- Add resolved ips for domains from rule files by dns forwarding server
@@ -47,7 +47,7 @@ General:
- Rule proxy based on destinations: [Config Examples](config/examples)
TODO:
-- [x] UDP over TCP Tunnel (client <-udp-> uottun <-tcp-> ss <-udp-> target)
+- [x] UDP over TCP Tunnel (client <--udp--> glider/uottun <--tcp--> ss <--udp--> target)
- [ ] Transparent UDP proxy (linux tproxy)
- [ ] TUN/TAP device support
- [ ] Code refactoring: support proxy registering so it can be pluggable
diff --git a/dialer.go b/dialer.go
index e6f091b..d792700 100644
--- a/dialer.go
+++ b/dialer.go
@@ -40,7 +40,7 @@ func DialerFromURL(s string, cDialer Dialer) (Dialer, error) {
switch u.Scheme {
case "http":
- return NewHTTP(addr, cDialer, nil)
+ return NewHTTP(addr, user, pass, cDialer, nil)
case "socks5":
return NewSOCKS5(addr, user, pass, cDialer, nil)
case "ss":
diff --git a/http.go b/http.go
index f8d4f8c..780939e 100644
--- a/http.go
+++ b/http.go
@@ -6,6 +6,7 @@ package main
import (
"bufio"
"bytes"
+ "encoding/base64"
"errors"
"fmt"
"io"
@@ -20,13 +21,18 @@ import (
type HTTP struct {
*Forwarder // as client
sDialer Dialer // dialer for server
+
+ user string
+ password string
}
// NewHTTP returns a http proxy.
-func NewHTTP(addr string, cDialer Dialer, sDialer Dialer) (*HTTP, error) {
+func NewHTTP(addr, user, pass string, cDialer Dialer, sDialer Dialer) (*HTTP, error) {
s := &HTTP{
Forwarder: NewForwarder(addr, cDialer),
sDialer: sDialer,
+ user: user,
+ password: pass,
}
return s, nil
@@ -186,6 +192,11 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
rc.Write([]byte("CONNECT " + addr + " HTTP/1.0\r\n"))
// c.Write([]byte("Proxy-Connection: Keep-Alive\r\n"))
+ if s.user != "" && s.password != "" {
+ auth := s.user + ":" + s.password
+ rc.Write([]byte("Authorization: Basic " + base64.StdEncoding.EncodeToString([]byte(auth)) + "\r\n"))
+ }
+
var b [1024]byte
n, err := rc.Read(b[:])
if bytes.Contains(b[:n], []byte("200")) {
diff --git a/mixed.go b/mixed.go
index 4c44a7b..e952722 100644
--- a/mixed.go
+++ b/mixed.go
@@ -33,7 +33,7 @@ func NewMixedProxy(addr, user, pass string, sDialer Dialer) (*MixedProxy, error)
addr: addr,
}
- p.http, _ = NewHTTP(addr, nil, sDialer)
+ p.http, _ = NewHTTP(addr, user, pass, nil, sDialer)
p.socks5, _ = NewSOCKS5(addr, user, pass, nil, sDialer)
return p, nil
diff --git a/server.go b/server.go
index a2c8581..e0a3907 100644
--- a/server.go
+++ b/server.go
@@ -40,7 +40,7 @@ func ServerFromURL(s string, sDialer Dialer) (Server, error) {
case "mixed":
return NewMixedProxy(addr, user, pass, sDialer)
case "http":
- return NewHTTP(addr, nil, sDialer)
+ return NewHTTP(addr, user, pass, nil, sDialer)
case "socks5":
return NewSOCKS5(addr, user, pass, nil, sDialer)
case "ss":
From 1889de7f7ff0d197a5b613edd14fb36e9509fbd0 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 17 Dec 2017 01:01:11 +0800
Subject: [PATCH 104/341] http: Proxy-Authorization header
---
http.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/http.go b/http.go
index 780939e..cdfc031 100644
--- a/http.go
+++ b/http.go
@@ -194,7 +194,7 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
if s.user != "" && s.password != "" {
auth := s.user + ":" + s.password
- rc.Write([]byte("Authorization: Basic " + base64.StdEncoding.EncodeToString([]byte(auth)) + "\r\n"))
+ rc.Write([]byte("Proxy-Authorization: Basic " + base64.StdEncoding.EncodeToString([]byte(auth)) + "\r\n"))
}
var b [1024]byte
From 3b73599b7b1cdc711376256d503cb29eb2a66cd0 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 17 Dec 2017 11:24:25 +0800
Subject: [PATCH 105/341] http: add header ending in http proxy client mode
---
http.go | 2 ++
1 file changed, 2 insertions(+)
diff --git a/http.go b/http.go
index cdfc031..7d4fff4 100644
--- a/http.go
+++ b/http.go
@@ -197,6 +197,8 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
rc.Write([]byte("Proxy-Authorization: Basic " + base64.StdEncoding.EncodeToString([]byte(auth)) + "\r\n"))
}
+ rc.Write([]byte("\r\n"))
+
var b [1024]byte
n, err := rc.Read(b[:])
if bytes.Contains(b[:n], []byte("200")) {
From a045e545046bdf5627adcae05e69a372907f9f8a Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 17 Dec 2017 14:46:24 +0800
Subject: [PATCH 106/341] http: optimized proxy client
---
http.go | 16 +++++++++++-----
main.go | 2 +-
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/http.go b/http.go
index 7d4fff4..e182919 100644
--- a/http.go
+++ b/http.go
@@ -190,22 +190,28 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
}
rc.Write([]byte("CONNECT " + addr + " HTTP/1.0\r\n"))
- // c.Write([]byte("Proxy-Connection: Keep-Alive\r\n"))
+ rc.Write([]byte("Proxy-Connection: close\r\n"))
if s.user != "" && s.password != "" {
auth := s.user + ":" + s.password
rc.Write([]byte("Proxy-Authorization: Basic " + base64.StdEncoding.EncodeToString([]byte(auth)) + "\r\n"))
}
+ //header ended
rc.Write([]byte("\r\n"))
- var b [1024]byte
- n, err := rc.Read(b[:])
- if bytes.Contains(b[:n], []byte("200")) {
+ respR := bufio.NewReader(rc)
+ respTP := textproto.NewReader(respR)
+ _, code, _, ok := parseFirstLine(respTP)
+ if ok && code == "200" {
return rc, err
+ } else if code == "407" {
+ logf("proxy-http: authencation needed by proxy %s", s.addr)
+ } else if code == "405" {
+ logf("proxy-http: 'CONNECT' method not allowed by proxy %s", s.addr)
}
- return nil, errors.New("cound not connect remote address:" + addr)
+ return nil, errors.New("cound not connect remote address: " + addr + ". error code: " + code)
}
// parseFirstLine parses "GET /foo HTTP/1.1" OR "HTTP/1.1 200 OK" into its three parts.
diff --git a/main.go b/main.go
index 81c6709..d985c33 100644
--- a/main.go
+++ b/main.go
@@ -9,7 +9,7 @@ import (
)
// VERSION .
-const VERSION = "0.4.1.1"
+const VERSION = "0.4.2"
func dialerFromConf() Dialer {
// global forwarders in xx.conf
From 47022d6d274e61bf0c96eea8178f8db915566f93 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 20 Dec 2017 15:13:45 +0800
Subject: [PATCH 107/341] ss: fixed #17, bypass rule has no effect in the
following situation: 1. has global forwarder; 2. has bypass rules; 3. use ss
proxy server;
---
ss.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ss.go b/ss.go
index cf71d49..56889be 100644
--- a/ss.go
+++ b/ss.go
@@ -71,7 +71,7 @@ func (s *SS) Serve(c net.Conn) {
return
}
- dialer := s.sDialer.NextDialer("")
+ dialer := s.sDialer.NextDialer(tgt.String())
// udp over tcp?
uot := UoT(tgt[0])
From a560864ef1a75b78a54bf874853e39a45700fbf7 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 21 Dec 2017 10:10:56 +0800
Subject: [PATCH 108/341] dns: imporve dns client to be compatible with
upstream dnsmasq servers
---
dns.go | 38 +++++++++++++++++++++++---------------
main.go | 2 +-
rule.go | 1 -
3 files changed, 24 insertions(+), 17 deletions(-)
diff --git a/dns.go b/dns.go
index 25149e1..5f5ebac 100644
--- a/dns.go
+++ b/dns.go
@@ -4,7 +4,7 @@ package main
import (
"encoding/binary"
- "io/ioutil"
+ "io"
"net"
"strings"
)
@@ -98,13 +98,11 @@ func (s *DNS) ListenAndServe() {
data = data[:n]
go func() {
- // TODO: check domain rules and get a proper upstream name server.
query := parseQuery(data)
domain := query.DomainName
dnsServer := s.GetServer(domain)
- // TODO: check here; ADD dnsServer to rule ip lists
rc, err := s.sDialer.NextDialer(domain+":53").Dial("tcp", dnsServer)
if err != nil {
logf("failed to connect to server %v: %v", dnsServer, err)
@@ -113,26 +111,36 @@ func (s *DNS) ListenAndServe() {
defer rc.Close()
// 2 bytes length after tcp header, before dns message
- length := make([]byte, 2)
- binary.BigEndian.PutUint16(length, uint16(len(data)))
- rc.Write(length)
+ reqLen := make([]byte, 2)
+ binary.BigEndian.PutUint16(reqLen, uint16(len(data)))
+ rc.Write(reqLen)
rc.Write(data)
- resp, err := ioutil.ReadAll(rc)
+ // fmt.Printf("dns req len %d:\n%s\n\n", reqLen, hex.Dump(data[:]))
+
+ var respLen uint16
+ err = binary.Read(rc, binary.BigEndian, &respLen)
if err != nil {
- logf("error in ioutil.ReadAll: %s\n", err)
+ logf("proxy-dns: error in read respLen %s\n", err)
return
}
+ respMsg := make([]byte, respLen)
+ _, err = io.ReadFull(rc, respMsg)
+ if err != nil {
+ logf("proxy-dns: error in read respMsg %s\n", err)
+ return
+ }
+
+ // fmt.Printf("dns resp len %d:\n%s\n\n", respLen, hex.Dump(respMsg[:]))
+
var ip string
// length is not needed in udp dns response. (2 bytes)
// SEE RFC1035, section 4.2.2 TCP: The message is prefixed with a two byte length field which gives the message length, excluding the two byte length field.
- if len(resp) > 2 {
- msg := resp[2:]
- // TODO: Get IP from response, check and add to ipset
- query := parseQuery(msg)
- if len(msg) > query.Offset {
- answers := parseAnswers(msg[query.Offset:])
+ if respLen > 0 {
+ query := parseQuery(respMsg)
+ if len(respMsg) > query.Offset {
+ answers := parseAnswers(respMsg[query.Offset:])
for _, answer := range answers {
if answer.IP != "" {
ip += answer.IP + ","
@@ -146,7 +154,7 @@ func (s *DNS) ListenAndServe() {
}
- _, err = c.WriteTo(msg, clientAddr)
+ _, err = c.WriteTo(respMsg, clientAddr)
if err != nil {
logf("error in local write: %s\n", err)
}
diff --git a/main.go b/main.go
index d985c33..b627fc6 100644
--- a/main.go
+++ b/main.go
@@ -9,7 +9,7 @@ import (
)
// VERSION .
-const VERSION = "0.4.2"
+const VERSION = "0.4.3"
func dialerFromConf() Dialer {
// global forwarders in xx.conf
diff --git a/rule.go b/rule.go
index 475d63c..4769439 100644
--- a/rule.go
+++ b/rule.go
@@ -61,7 +61,6 @@ func (rd *RuleDialer) Addr() string { return "RULES" }
// NextDialer return next dialer according to rule
func (rd *RuleDialer) NextDialer(dstAddr string) Dialer {
- // TODO: change to index finders
host, _, err := net.SplitHostPort(dstAddr)
if err != nil {
// TODO: check here
From 13bc2d4a2e020cbf9d8fea9bd8712a3bdbb00752 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 24 Dec 2017 23:13:53 +0800
Subject: [PATCH 109/341] doc: correct a mistake in example config file
---
.../9.transparent_proxy_without_dnsmasq/rules.d/home.rule | 2 +-
dns.go | 6 +++---
http.go | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/home.rule b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/home.rule
index 06759cb..956afbb 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/home.rule
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/home.rule
@@ -3,7 +3,7 @@
forward=http://forwarder4:8080
# first connect forwarder1 then forwarder2 then internet
-forward=http://forwarder5:8080,socks6://forwarder3:1080
+forward=http://forwarder5:8080,socks5://forwarder3:1080
# Round Robin mode: rr
diff --git a/dns.go b/dns.go
index 5f5ebac..72f7aca 100644
--- a/dns.go
+++ b/dns.go
@@ -121,14 +121,14 @@ func (s *DNS) ListenAndServe() {
var respLen uint16
err = binary.Read(rc, binary.BigEndian, &respLen)
if err != nil {
- logf("proxy-dns: error in read respLen %s\n", err)
+ logf("proxy-dns error in read respLen %s\n", err)
return
}
respMsg := make([]byte, respLen)
_, err = io.ReadFull(rc, respMsg)
if err != nil {
- logf("proxy-dns: error in read respMsg %s\n", err)
+ logf("proxy-dns error in read respMsg %s\n", err)
return
}
@@ -156,7 +156,7 @@ func (s *DNS) ListenAndServe() {
_, err = c.WriteTo(respMsg, clientAddr)
if err != nil {
- logf("error in local write: %s\n", err)
+ logf("proxy-dns error in local write: %s\n", err)
}
}
diff --git a/http.go b/http.go
index e182919..523fd33 100644
--- a/http.go
+++ b/http.go
@@ -206,9 +206,9 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
if ok && code == "200" {
return rc, err
} else if code == "407" {
- logf("proxy-http: authencation needed by proxy %s", s.addr)
+ logf("proxy-http authencation needed by proxy %s", s.addr)
} else if code == "405" {
- logf("proxy-http: 'CONNECT' method not allowed by proxy %s", s.addr)
+ logf("proxy-http 'CONNECT' method not allowed by proxy %s", s.addr)
}
return nil, errors.New("cound not connect remote address: " + addr + ". error code: " + code)
From ee9a8ceb3af1c47452e9e1e36934b0ac00085e27 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 4 Jan 2018 15:26:18 +0800
Subject: [PATCH 110/341] conf: show help before error exit
---
conf.go | 1 +
1 file changed, 1 insertion(+)
diff --git a/conf.go b/conf.go
index 7b2ac9e..a8a6f7f 100644
--- a/conf.go
+++ b/conf.go
@@ -47,6 +47,7 @@ func confInit() {
flag.Usage = usage
err := flag.Parse()
if err != nil {
+ flag.Usage()
fmt.Fprintf(os.Stderr, "ERROR: %s\n", err)
os.Exit(-1)
}
From ee0da7cacbe13155fc8984f138d11aea9ae0abd9 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 5 Jan 2018 12:29:06 +0800
Subject: [PATCH 111/341] dns: parse answers only when query type is A or AAAA
---
dns.go | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/dns.go b/dns.go
index 72f7aca..43c8f50 100644
--- a/dns.go
+++ b/dns.go
@@ -139,7 +139,8 @@ func (s *DNS) ListenAndServe() {
// SEE RFC1035, section 4.2.2 TCP: The message is prefixed with a two byte length field which gives the message length, excluding the two byte length field.
if respLen > 0 {
query := parseQuery(respMsg)
- if len(respMsg) > query.Offset {
+ if (query.QueryType == DNSQueryTypeA || query.QueryType == DNSQueryTypeAAAA) &&
+ len(respMsg) > query.Offset {
answers := parseAnswers(respMsg[query.Offset:])
for _, answer := range answers {
if answer.IP != "" {
@@ -160,7 +161,7 @@ func (s *DNS) ListenAndServe() {
}
}
- logf("proxy-dns %s <-> %s, %s: %s", clientAddr.String(), dnsServer, domain, ip)
+ logf("proxy-dns %s <-> %s, type: %d, %s: %s", clientAddr.String(), dnsServer, query.QueryType, domain, ip)
}()
}
@@ -231,6 +232,10 @@ func parseAnswers(p []byte) []*dnsAnswer {
}
answer := &dnsAnswer{}
+
+ // https://tools.ietf.org/html/rfc1035#section-4.1.4
+ // i+2 assumes the ANSWER always using "Message compression", start with 2 bytes offset of the query domain.
+ // TODO: check here
answer.QueryType = binary.BigEndian.Uint16(p[i+2:])
answer.QueryClass = binary.BigEndian.Uint16(p[i+4:])
answer.TTL = binary.BigEndian.Uint32(p[i+6:])
From 9354caac5cd84231bbbbdd58cf232f9d6299a2d9 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 6 Jan 2018 13:33:09 +0800
Subject: [PATCH 112/341] dns: optimized the parse answer function
---
dns.go | 28 ++++++++++++++++------------
ipset_linux.go | 10 +++++-----
2 files changed, 21 insertions(+), 17 deletions(-)
diff --git a/dns.go b/dns.go
index 43c8f50..b1000cf 100644
--- a/dns.go
+++ b/dns.go
@@ -224,23 +224,27 @@ func parseAnswers(p []byte) []*dnsAnswer {
var answers []*dnsAnswer
for i := 0; i < len(p); {
- l := int(p[i])
- if l == 0 {
- i++
+ // https://tools.ietf.org/html/rfc1035#section-4.1.4
+ // "Message compression",
+ // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ // | 1 1| OFFSET |
+ // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+ if p[i]>>6 == 3 {
+ i += 2
+ } else {
+ // TODO: none compressed query name and Additional records will be ignored
break
}
answer := &dnsAnswer{}
- // https://tools.ietf.org/html/rfc1035#section-4.1.4
- // i+2 assumes the ANSWER always using "Message compression", start with 2 bytes offset of the query domain.
- // TODO: check here
- answer.QueryType = binary.BigEndian.Uint16(p[i+2:])
- answer.QueryClass = binary.BigEndian.Uint16(p[i+4:])
- answer.TTL = binary.BigEndian.Uint32(p[i+6:])
- answer.DataLength = binary.BigEndian.Uint16(p[i+10:])
- answer.Data = p[i+12 : i+12+int(answer.DataLength)]
+ answer.QueryType = binary.BigEndian.Uint16(p[i:])
+ answer.QueryClass = binary.BigEndian.Uint16(p[i+2:])
+ answer.TTL = binary.BigEndian.Uint32(p[i+4:])
+ answer.DataLength = binary.BigEndian.Uint16(p[i+8:])
+ answer.Data = p[i+10 : i+10+int(answer.DataLength)]
if answer.QueryType == DNSQueryTypeA {
answer.IP = net.IP(answer.Data[:net.IPv4len]).String()
@@ -250,7 +254,7 @@ func parseAnswers(p []byte) []*dnsAnswer {
answers = append(answers, answer)
- i = i + 12 + int(answer.DataLength)
+ i = i + 10 + int(answer.DataLength)
}
return answers
diff --git a/ipset_linux.go b/ipset_linux.go
index 708f8f0..68046a6 100644
--- a/ipset_linux.go
+++ b/ipset_linux.go
@@ -141,10 +141,10 @@ func CreateSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
}
if len(setName) > IPSET_MAXNAMELEN {
- log.Fatal("ipset name too long")
+ log.Fatal("ipset: name too long")
}
- logf("ipset: create %s hash:net", setName)
+ logf("ipset create %s hash:net", setName)
req := NewNetlinkRequest(IPSET_CMD_CREATE|(NFNL_SUBSYS_IPSET<<8), syscall.NLM_F_REQUEST)
@@ -179,7 +179,7 @@ func CreateSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
}
func FlushSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
- logf("ipset: flush %s", setName)
+ logf("ipset flush %s", setName)
req := NewNetlinkRequest(IPSET_CMD_FLUSH|(NFNL_SUBSYS_IPSET<<8), syscall.NLM_F_REQUEST)
@@ -201,10 +201,10 @@ func AddToSet(fd int, lsa syscall.SockaddrNetlink, setName, entry string) {
}
if len(setName) > IPSET_MAXNAMELEN {
- logf("ipset name too long")
+ logf("ipset: name too long")
}
- logf("ipset: add %s %s", setName, entry)
+ logf("ipset add %s %s", setName, entry)
var ip net.IP
var cidr *net.IPNet
From 5f661de379306aa37ac2648ea00411770cec9069 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 6 Jan 2018 14:44:58 +0800
Subject: [PATCH 113/341] rule: optimized log format
---
rule.go | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/rule.go b/rule.go
index 4769439..32985c0 100644
--- a/rule.go
+++ b/rule.go
@@ -34,19 +34,19 @@ func NewRuleDialer(rules []*RuleConf, gDialer Dialer) *RuleDialer {
forwarders = append(forwarders, forward)
}
- sd := NewStrategyDialer(r.Strategy, forwarders, r.CheckWebSite, r.CheckDuration)
+ sDialer := NewStrategyDialer(r.Strategy, forwarders, r.CheckWebSite, r.CheckDuration)
for _, domain := range r.Domain {
- rd.domainMap.Store(domain, sd)
+ rd.domainMap.Store(domain, sDialer)
}
for _, ip := range r.IP {
- rd.ipMap.Store(ip, sd)
+ rd.ipMap.Store(ip, sDialer)
}
for _, s := range r.CIDR {
if _, cidr, err := net.ParseCIDR(s); err == nil {
- rd.cidrMap.Store(cidr, sd)
+ rd.cidrMap.Store(cidr, sDialer)
}
}
@@ -71,8 +71,8 @@ func (rd *RuleDialer) NextDialer(dstAddr string) Dialer {
// find ip
if ip := net.ParseIP(host); ip != nil {
// check ip
- if d, ok := rd.ipMap.Load(ip.String()); ok {
- return d.(Dialer)
+ if dialer, ok := rd.ipMap.Load(ip.String()); ok {
+ return dialer.(Dialer)
}
var ret Dialer
@@ -99,8 +99,8 @@ func (rd *RuleDialer) NextDialer(dstAddr string) Dialer {
domain := strings.Join(domainParts[i:length], ".")
// find in domainMap
- if d, ok := rd.domainMap.Load(domain); ok {
- return d.(Dialer)
+ if dialer, ok := rd.domainMap.Load(domain); ok {
+ return dialer.(Dialer)
}
}
@@ -118,12 +118,12 @@ func (rd *RuleDialer) AddDomainIP(domain, ip string) error {
domainParts := strings.Split(domain, ".")
length := len(domainParts)
for i := length - 2; i >= 0; i-- {
- domain := strings.Join(domainParts[i:length], ".")
+ pDomain := strings.Join(domainParts[i:length], ".")
// find in domainMap
- if d, ok := rd.domainMap.Load(domain); ok {
- rd.ipMap.Store(ip, d)
- logf("rule: add domain: %s, ip: %s\n", domain, ip)
+ if dialer, ok := rd.domainMap.Load(pDomain); ok {
+ rd.ipMap.Store(ip, dialer)
+ logf("rule add `ip=%s`, based on rule: `domain=%s`, domain/ip: %s/%s\n", ip, pDomain, domain, ip)
}
}
From 99ad1eb7629e9cffff71d2f77a718a2e428b2aad Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 8 Jan 2018 18:14:57 +0800
Subject: [PATCH 114/341] ss: support udp in server mode
---
conn.go | 27 ++++++++++++++++++
dns.go | 7 +++--
main.go | 18 ++++++------
rule.go | 12 ++++----
socks5.go | 2 +-
ss.go | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++---
6 files changed, 129 insertions(+), 22 deletions(-)
diff --git a/conn.go b/conn.go
index 944e6ef..d217c1f 100644
--- a/conn.go
+++ b/conn.go
@@ -52,3 +52,30 @@ func relay(left, right net.Conn) (int64, int64, error) {
}
return n, rs.N, err
}
+
+// copy from src to dst at target with read timeout
+func timedCopy(dst net.PacketConn, target net.Addr, src net.PacketConn, timeout time.Duration, srcIncluded bool) error {
+ buf := make([]byte, udpBufSize)
+
+ for {
+ src.SetReadDeadline(time.Now().Add(timeout))
+ n, raddr, err := src.ReadFrom(buf)
+ if err != nil {
+ return err
+ }
+
+ if srcIncluded { // server -> client: add original packet source
+ srcAddr := ParseAddr(raddr.String())
+ copy(buf[len(srcAddr):], buf[:n])
+ copy(buf, srcAddr)
+ _, err = dst.WriteTo(buf[:len(srcAddr)+n], target)
+ } else { // client -> user: strip original packet source
+ srcAddr := SplitAddr(buf[:n])
+ _, err = dst.WriteTo(buf[len(srcAddr):n], target)
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+}
diff --git a/dns.go b/dns.go
index b1000cf..cb0ebc1 100644
--- a/dns.go
+++ b/dns.go
@@ -138,10 +138,15 @@ func (s *DNS) ListenAndServe() {
// length is not needed in udp dns response. (2 bytes)
// SEE RFC1035, section 4.2.2 TCP: The message is prefixed with a two byte length field which gives the message length, excluding the two byte length field.
if respLen > 0 {
+
+ // run handle functions before send to client so RULE and IPSET can take effect
+ // TODO: add PRE_HANDLERS
query := parseQuery(respMsg)
if (query.QueryType == DNSQueryTypeA || query.QueryType == DNSQueryTypeAAAA) &&
len(respMsg) > query.Offset {
+
answers := parseAnswers(respMsg[query.Offset:])
+
for _, answer := range answers {
if answer.IP != "" {
ip += answer.IP + ","
@@ -150,9 +155,7 @@ func (s *DNS) ListenAndServe() {
for _, h := range s.answerHandlers {
h(query.DomainName, answer.IP)
}
-
}
-
}
_, err = c.WriteTo(respMsg, clientAddr)
diff --git a/main.go b/main.go
index b627fc6..909ce8e 100644
--- a/main.go
+++ b/main.go
@@ -13,20 +13,20 @@ const VERSION = "0.4.3"
func dialerFromConf() Dialer {
// global forwarders in xx.conf
- var forwarders []Dialer
+ var fwdrs []Dialer
for _, chain := range conf.Forward {
- var forward Dialer
+ var fwdr Dialer
var err error
for _, url := range strings.Split(chain, ",") {
- forward, err = DialerFromURL(url, forward)
+ fwdr, err = DialerFromURL(url, fwdr)
if err != nil {
log.Fatal(err)
}
}
- forwarders = append(forwarders, forward)
+ fwdrs = append(fwdrs, fwdr)
}
- return NewStrategyDialer(conf.Strategy, forwarders, conf.CheckWebSite, conf.CheckDuration)
+ return NewStrategyDialer(conf.Strategy, fwdrs, conf.CheckWebSite, conf.CheckDuration)
}
func main() {
@@ -55,10 +55,10 @@ func main() {
}
// rule
- for _, frwder := range conf.rules {
- for _, domain := range frwder.Domain {
- if len(frwder.DNSServer) > 0 {
- dns.SetServer(domain, frwder.DNSServer[0])
+ for _, fwdr := range conf.rules {
+ for _, domain := range fwdr.Domain {
+ if len(fwdr.DNSServer) > 0 {
+ dns.SetServer(domain, fwdr.DNSServer[0])
}
}
}
diff --git a/rule.go b/rule.go
index 32985c0..5a38473 100644
--- a/rule.go
+++ b/rule.go
@@ -21,20 +21,20 @@ func NewRuleDialer(rules []*RuleConf, gDialer Dialer) *RuleDialer {
rd := &RuleDialer{gDialer: gDialer}
for _, r := range rules {
- var forwarders []Dialer
+ var fwdrs []Dialer
for _, chain := range r.Forward {
- var forward Dialer
+ var fwdr Dialer
var err error
for _, url := range strings.Split(chain, ",") {
- forward, err = DialerFromURL(url, forward)
+ fwdr, err = DialerFromURL(url, fwdr)
if err != nil {
log.Fatal(err)
}
}
- forwarders = append(forwarders, forward)
+ fwdrs = append(fwdrs, fwdr)
}
- sDialer := NewStrategyDialer(r.Strategy, forwarders, r.CheckWebSite, r.CheckDuration)
+ sDialer := NewStrategyDialer(r.Strategy, fwdrs, r.CheckWebSite, r.CheckDuration)
for _, domain := range r.Domain {
rd.domainMap.Store(domain, sDialer)
@@ -123,7 +123,7 @@ func (rd *RuleDialer) AddDomainIP(domain, ip string) error {
// find in domainMap
if dialer, ok := rd.domainMap.Load(pDomain); ok {
rd.ipMap.Store(ip, dialer)
- logf("rule add `ip=%s`, based on rule: `domain=%s`, domain/ip: %s/%s\n", ip, pDomain, domain, ip)
+ logf("rule add ip=%s, based on rule: domain=%s & domain/ip: %s/%s\n", ip, pDomain, domain, ip)
}
}
diff --git a/socks5.go b/socks5.go
index 4c6fa03..3e686fd 100644
--- a/socks5.go
+++ b/socks5.go
@@ -126,7 +126,7 @@ func (s *SOCKS5) Serve(c net.Conn) {
if err, ok := err.(net.Error); ok && err.Timeout() {
return // ignore i/o timeout
}
- logf("relay error: %v", err)
+ logf("proxy-socks5 relay error: %v", err)
}
}
diff --git a/ss.go b/ss.go
index 56889be..68fb7f0 100644
--- a/ss.go
+++ b/ss.go
@@ -5,6 +5,8 @@ import (
"log"
"net"
"strings"
+ "sync"
+ "time"
"github.com/shadowsocks/go-shadowsocks2/core"
)
@@ -37,6 +39,12 @@ func NewSS(addr, method, pass string, cDialer Dialer, sDialer Dialer) (*SS, erro
// ListenAndServe serves ss requests.
func (s *SS) ListenAndServe() {
+ go s.ListenAndServeUDP()
+ s.ListenAndServeTCP()
+}
+
+// ListenAndServeTCP serves tcp ss requests.
+func (s *SS) ListenAndServeTCP() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
logf("proxy-ss failed to listen on %s: %v", s.addr, err)
@@ -51,12 +59,12 @@ func (s *SS) ListenAndServe() {
logf("proxy-ss failed to accept: %v", err)
continue
}
- go s.Serve(c)
+ go s.ServeTCP(c)
}
}
-// Serve .
-func (s *SS) Serve(c net.Conn) {
+// ServeTCP serves tcp ss requests.
+func (s *SS) ServeTCP(c net.Conn) {
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
@@ -125,7 +133,76 @@ func (s *SS) Serve(c net.Conn) {
if err, ok := err.(net.Error); ok && err.Timeout() {
return // ignore i/o timeout
}
- logf("relay error: %v", err)
+ logf("proxy-ss relay error: %v", err)
+ }
+
+}
+
+// ListenAndServeUDP serves udp ss requests.
+// TODO: Forwarder chain not supported now.
+func (s *SS) ListenAndServeUDP() {
+ c, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ logf("proxy-ss-udp failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer c.Close()
+
+ logf("proxy-ss-udp listening UDP on %s", s.addr)
+
+ c = s.PacketConn(c)
+
+ var nm sync.Map
+ buf := make([]byte, udpBufSize)
+
+ for {
+ n, raddr, err := c.ReadFrom(buf)
+ if err != nil {
+ logf("proxy-ss-udp remote read error: %v", err)
+ continue
+ }
+
+ tgtAddr := SplitAddr(buf[:n])
+ if tgtAddr == nil {
+ logf("proxy-ss-udp failed to split target address from packet: %q", buf[:n])
+ continue
+ }
+
+ tgtUDPAddr, err := net.ResolveUDPAddr("udp", tgtAddr.String())
+ if err != nil {
+ logf("proxy-ss-udp failed to resolve target UDP address: %v", err)
+ continue
+ }
+
+ logf("proxy-ss-udp %s <-> %s", raddr, tgtAddr)
+
+ payload := buf[len(tgtAddr):n]
+
+ var pc net.PacketConn
+ v, ok := nm.Load(raddr.String())
+ if !ok && v == nil {
+ pc, err = net.ListenPacket("udp", "")
+ if err != nil {
+ logf("proxy-ss-udp remote listen error: %v", err)
+ continue
+ }
+
+ nm.Store(raddr.String(), pc)
+ go func() {
+ timedCopy(c, raddr, pc, 5*time.Minute, true)
+ pc.Close()
+ nm.Delete(raddr.String())
+ }()
+ } else {
+ pc = v.(net.PacketConn)
+ }
+
+ _, err = pc.WriteTo(payload, tgtUDPAddr) // accept only UDPAddr despite the signature
+ if err != nil {
+ logf("proxy-ss-udp remote write error: %v", err)
+ continue
+ }
+
}
}
From 050489806cbc071a1f77c788e723514081e1252e Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 8 Jan 2018 22:28:11 +0800
Subject: [PATCH 115/341] dns: add tcp support
---
dialer.go | 3 +-
dns.go | 118 +++++++++++++++++++++++++++++++++++++++++++++++++++---
dnstun.go | 13 ++----
server.go | 3 +-
4 files changed, 119 insertions(+), 18 deletions(-)
diff --git a/dialer.go b/dialer.go
index d792700..4b8b66c 100644
--- a/dialer.go
+++ b/dialer.go
@@ -44,8 +44,7 @@ func DialerFromURL(s string, cDialer Dialer) (Dialer, error) {
case "socks5":
return NewSOCKS5(addr, user, pass, cDialer, nil)
case "ss":
- p, err := NewSS(addr, user, pass, cDialer, nil)
- return p, err
+ return NewSS(addr, user, pass, cDialer, nil)
}
return nil, errors.New("unknown schema '" + u.Scheme + "'")
diff --git a/dns.go b/dns.go
index cb0ebc1..859908d 100644
--- a/dns.go
+++ b/dns.go
@@ -77,21 +77,27 @@ func NewDNS(addr, raddr string, sDialer Dialer) (*DNS, error) {
// ListenAndServe .
func (s *DNS) ListenAndServe() {
+ go s.ListenAndServeTCP()
+ s.ListenAndServeUDP()
+}
+
+// ListenAndServeUDP .
+func (s *DNS) ListenAndServeUDP() {
c, err := net.ListenPacket("udp", s.addr)
if err != nil {
- logf("failed to listen on %s: %v", s.addr, err)
+ logf("proxy-dns failed to listen on %s: %v", s.addr, err)
return
}
defer c.Close()
- logf("listening UDP on %s", s.addr)
+ logf("proxy-dns listening UDP on %s", s.addr)
for {
data := make([]byte, DNSUDPMaxLen)
n, clientAddr, err := c.ReadFrom(data)
if err != nil {
- logf("DNS local read error: %v", err)
+ logf("proxy-dns DNS local read error: %v", err)
continue
}
@@ -101,11 +107,14 @@ func (s *DNS) ListenAndServe() {
query := parseQuery(data)
domain := query.DomainName
- dnsServer := s.GetServer(domain)
+ dnsServer := s.dnsServer
+ if dnsServer == "" {
+ dnsServer = s.GetServer(domain)
+ }
rc, err := s.sDialer.NextDialer(domain+":53").Dial("tcp", dnsServer)
if err != nil {
- logf("failed to connect to server %v: %v", dnsServer, err)
+ logf("proxy-dns failed to connect to server %v: %v", dnsServer, err)
return
}
defer rc.Close()
@@ -170,6 +179,105 @@ func (s *DNS) ListenAndServe() {
}
}
+// ListenAndServeTCP .
+func (s *DNS) ListenAndServeTCP() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ logf("proxy-dns-tcp error: %v", err)
+ return
+ }
+
+ logf("proxy-dns-tcp listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ logf("proxy-dns-tcp error: failed to accept: %v", err)
+ continue
+ }
+ go s.ServeTCP(c)
+ }
+}
+
+// ServeTCP .
+func (s *DNS) ServeTCP(c net.Conn) {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ var reqLen uint16
+ if err := binary.Read(c, binary.BigEndian, &reqLen); err != nil {
+ logf("proxy-dns-tcp failed to read request length: %v", err)
+ return
+ }
+
+ reqMsg := make([]byte, reqLen)
+ _, err := io.ReadFull(c, reqMsg)
+ if err != nil {
+ logf("proxy-dns-tcp error in read reqMsg %s\n", err)
+ return
+ }
+
+ query := parseQuery(reqMsg)
+ domain := query.DomainName
+
+ dnsServer := s.dnsServer
+ if dnsServer == "" {
+ dnsServer = s.GetServer(domain)
+ }
+
+ rc, err := s.sDialer.NextDialer(domain+":53").Dial("tcp", dnsServer)
+ if err != nil {
+ logf("proxy-dns failed to connect to server %v: %v", dnsServer, err)
+ return
+ }
+ defer rc.Close()
+
+ binary.Write(rc, binary.BigEndian, reqLen)
+ binary.Write(rc, binary.BigEndian, reqMsg)
+
+ var respLen uint16
+ if err := binary.Read(rc, binary.BigEndian, &respLen); err != nil {
+ logf("proxy-dns-tcp failed to read response length: %v", err)
+ return
+ }
+
+ respMsg := make([]byte, respLen)
+ _, err = io.ReadFull(rc, respMsg)
+ if err != nil {
+ logf("proxy-dns-tcp error in read respMsg %s\n", err)
+ return
+ }
+
+ var ip string
+ if respLen > 0 {
+ query := parseQuery(respMsg)
+ if (query.QueryType == DNSQueryTypeA || query.QueryType == DNSQueryTypeAAAA) &&
+ len(respMsg) > query.Offset {
+
+ answers := parseAnswers(respMsg[query.Offset:])
+
+ for _, answer := range answers {
+ if answer.IP != "" {
+ ip += answer.IP + ","
+ }
+
+ for _, h := range s.answerHandlers {
+ h(query.DomainName, answer.IP)
+ }
+ }
+ }
+
+ binary.Write(c, binary.BigEndian, respLen)
+ binary.Write(c, binary.BigEndian, respMsg)
+ }
+
+ logf("proxy-dns-tcp %s <-> %s, type: %d, %s: %s", c.RemoteAddr(), dnsServer, query.QueryType, domain, ip)
+
+}
+
// SetServer .
func (s *DNS) SetServer(domain, server string) {
s.dnsServerMap[domain] = server
diff --git a/dnstun.go b/dnstun.go
index 2c0c04c..be6de21 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -9,7 +9,7 @@ type DNSTun struct {
raddr string
- udp *DNS
+ dns *DNS
tcp *TCPTun
}
@@ -22,19 +22,14 @@ func NewDNSTun(addr, raddr string, sDialer Dialer) (*DNSTun, error) {
raddr: raddr,
}
- s.udp, _ = NewDNS(addr, raddr, sDialer)
- s.tcp, _ = NewTCPTun(addr, raddr, sDialer)
+ s.dns, _ = NewDNS(addr, raddr, sDialer)
return s, nil
}
// ListenAndServe .
func (s *DNSTun) ListenAndServe() {
- if s.udp != nil {
- go s.udp.ListenAndServe()
- }
-
- if s.tcp != nil {
- s.tcp.ListenAndServe()
+ if s.dns != nil {
+ go s.dns.ListenAndServe()
}
}
diff --git a/server.go b/server.go
index e0a3907..426af03 100644
--- a/server.go
+++ b/server.go
@@ -44,8 +44,7 @@ func ServerFromURL(s string, sDialer Dialer) (Server, error) {
case "socks5":
return NewSOCKS5(addr, user, pass, nil, sDialer)
case "ss":
- p, err := NewSS(addr, user, pass, nil, sDialer)
- return p, err
+ return NewSS(addr, user, pass, nil, sDialer)
case "redir":
return NewRedirProxy(addr, sDialer)
case "tcptun":
From a652f8db0447da1bae86a0d2514fe7d29917f3de Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 8 Jan 2018 23:37:58 +0800
Subject: [PATCH 116/341] dns: add a parameter in dns struct to identify tunnel
---
dns.go | 43 ++++++++++++++++++++++++++++++-------------
dnstun.go | 2 +-
main.go | 10 +++++-----
3 files changed, 36 insertions(+), 19 deletions(-)
diff --git a/dns.go b/dns.go
index 859908d..f1fee8a 100644
--- a/dns.go
+++ b/dns.go
@@ -4,6 +4,8 @@ package main
import (
"encoding/binary"
+ "encoding/hex"
+ "fmt"
"io"
"net"
"strings"
@@ -56,6 +58,8 @@ type DNS struct {
*Forwarder // as proxy client
sDialer Dialer // dialer for server
+ tunnel bool
+
dnsServer string
dnsServerMap map[string]string
@@ -63,11 +67,13 @@ type DNS struct {
}
// NewDNS returns a dns forwarder. client[dns.udp] -> glider[tcp] -> forwarder[dns.tcp] -> remote dns addr
-func NewDNS(addr, raddr string, sDialer Dialer) (*DNS, error) {
+func NewDNS(addr, raddr string, sDialer Dialer, tunnel bool) (*DNS, error) {
s := &DNS{
Forwarder: NewForwarder(addr, nil),
sDialer: sDialer,
+ tunnel: tunnel,
+
dnsServer: raddr,
dnsServerMap: make(map[string]string),
}
@@ -90,7 +96,7 @@ func (s *DNS) ListenAndServeUDP() {
}
defer c.Close()
- logf("proxy-dns listening UDP on %s", s.addr)
+ logf("proxy-dns listening on udp:%s", s.addr)
for {
data := make([]byte, DNSUDPMaxLen)
@@ -107,9 +113,9 @@ func (s *DNS) ListenAndServeUDP() {
query := parseQuery(data)
domain := query.DomainName
- dnsServer := s.dnsServer
- if dnsServer == "" {
- dnsServer = s.GetServer(domain)
+ dnsServer := s.GetServer(domain)
+ if s.tunnel {
+ dnsServer = s.dnsServer
}
rc, err := s.sDialer.NextDialer(domain+":53").Dial("tcp", dnsServer)
@@ -122,6 +128,7 @@ func (s *DNS) ListenAndServeUDP() {
// 2 bytes length after tcp header, before dns message
reqLen := make([]byte, 2)
binary.BigEndian.PutUint16(reqLen, uint16(len(data)))
+
rc.Write(reqLen)
rc.Write(data)
@@ -187,7 +194,7 @@ func (s *DNS) ListenAndServeTCP() {
return
}
- logf("proxy-dns-tcp listening TCP on %s", s.addr)
+ logf("proxy-dns-tcp listening on tcp:%s", s.addr)
for {
c, err := l.Accept()
@@ -223,9 +230,9 @@ func (s *DNS) ServeTCP(c net.Conn) {
query := parseQuery(reqMsg)
domain := query.DomainName
- dnsServer := s.dnsServer
- if dnsServer == "" {
- dnsServer = s.GetServer(domain)
+ dnsServer := s.GetServer(domain)
+ if s.tunnel {
+ dnsServer = s.dnsServer
}
rc, err := s.sDialer.NextDialer(domain+":53").Dial("tcp", dnsServer)
@@ -235,8 +242,12 @@ func (s *DNS) ServeTCP(c net.Conn) {
}
defer rc.Close()
- binary.Write(rc, binary.BigEndian, reqLen)
- binary.Write(rc, binary.BigEndian, reqMsg)
+ if err := binary.Write(rc, binary.BigEndian, reqLen); err != nil {
+
+ }
+ if err := binary.Write(rc, binary.BigEndian, reqMsg); err != nil {
+
+ }
var respLen uint16
if err := binary.Read(rc, binary.BigEndian, &respLen); err != nil {
@@ -251,6 +262,8 @@ func (s *DNS) ServeTCP(c net.Conn) {
return
}
+ fmt.Printf("dns resp len %d:\n%s\n\n", respLen, hex.Dump(respMsg[:]))
+
var ip string
if respLen > 0 {
query := parseQuery(respMsg)
@@ -270,8 +283,12 @@ func (s *DNS) ServeTCP(c net.Conn) {
}
}
- binary.Write(c, binary.BigEndian, respLen)
- binary.Write(c, binary.BigEndian, respMsg)
+ if err := binary.Write(c, binary.BigEndian, respLen); err != nil {
+ logf("proxy-dns-tcp error in local write respLen: %s\n", err)
+ }
+ if err := binary.Write(c, binary.BigEndian, respMsg); err != nil {
+ logf("proxy-dns-tcp error in local write respMsg: %s\n", err)
+ }
}
logf("proxy-dns-tcp %s <-> %s, type: %d, %s: %s", c.RemoteAddr(), dnsServer, query.QueryType, domain, ip)
diff --git a/dnstun.go b/dnstun.go
index be6de21..27dad71 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -22,7 +22,7 @@ func NewDNSTun(addr, raddr string, sDialer Dialer) (*DNSTun, error) {
raddr: raddr,
}
- s.dns, _ = NewDNS(addr, raddr, sDialer)
+ s.dns, _ = NewDNS(addr, raddr, sDialer, true)
return s, nil
}
diff --git a/main.go b/main.go
index 909ce8e..8a9193c 100644
--- a/main.go
+++ b/main.go
@@ -49,16 +49,16 @@ func main() {
}
if conf.DNS != "" {
- dns, err := NewDNS(conf.DNS, conf.DNSServer[0], sDialer)
+ dns, err := NewDNS(conf.DNS, conf.DNSServer[0], sDialer, false)
if err != nil {
log.Fatal(err)
}
// rule
- for _, fwdr := range conf.rules {
- for _, domain := range fwdr.Domain {
- if len(fwdr.DNSServer) > 0 {
- dns.SetServer(domain, fwdr.DNSServer[0])
+ for _, r := range conf.rules {
+ for _, domain := range r.Domain {
+ if len(r.DNSServer) > 0 {
+ dns.SetServer(domain, r.DNSServer[0])
}
}
}
From 969034fb9778c7eb86e78a8b4cf8039a967afddb Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 9 Jan 2018 13:11:55 +0800
Subject: [PATCH 117/341] dns: move tcp and udp process to handleReqMsg
function
---
dns.go | 135 ++++++++++++++++++++-------------------------------------
1 file changed, 46 insertions(+), 89 deletions(-)
diff --git a/dns.go b/dns.go
index f1fee8a..f1c565c 100644
--- a/dns.go
+++ b/dns.go
@@ -4,8 +4,7 @@ package main
import (
"encoding/binary"
- "encoding/hex"
- "fmt"
+ "errors"
"io"
"net"
"strings"
@@ -110,77 +109,15 @@ func (s *DNS) ListenAndServeUDP() {
data = data[:n]
go func() {
- query := parseQuery(data)
- domain := query.DomainName
- dnsServer := s.GetServer(domain)
- if s.tunnel {
- dnsServer = s.dnsServer
- }
+ _, respMsg := s.handleReqMsg(uint16(len(data)), data)
- rc, err := s.sDialer.NextDialer(domain+":53").Dial("tcp", dnsServer)
+ _, err = c.WriteTo(respMsg, clientAddr)
if err != nil {
- logf("proxy-dns failed to connect to server %v: %v", dnsServer, err)
- return
- }
- defer rc.Close()
-
- // 2 bytes length after tcp header, before dns message
- reqLen := make([]byte, 2)
- binary.BigEndian.PutUint16(reqLen, uint16(len(data)))
-
- rc.Write(reqLen)
- rc.Write(data)
-
- // fmt.Printf("dns req len %d:\n%s\n\n", reqLen, hex.Dump(data[:]))
-
- var respLen uint16
- err = binary.Read(rc, binary.BigEndian, &respLen)
- if err != nil {
- logf("proxy-dns error in read respLen %s\n", err)
- return
+ logf("proxy-dns error in local write: %s\n", err)
}
- respMsg := make([]byte, respLen)
- _, err = io.ReadFull(rc, respMsg)
- if err != nil {
- logf("proxy-dns error in read respMsg %s\n", err)
- return
- }
-
- // fmt.Printf("dns resp len %d:\n%s\n\n", respLen, hex.Dump(respMsg[:]))
-
- var ip string
- // length is not needed in udp dns response. (2 bytes)
- // SEE RFC1035, section 4.2.2 TCP: The message is prefixed with a two byte length field which gives the message length, excluding the two byte length field.
- if respLen > 0 {
-
- // run handle functions before send to client so RULE and IPSET can take effect
- // TODO: add PRE_HANDLERS
- query := parseQuery(respMsg)
- if (query.QueryType == DNSQueryTypeA || query.QueryType == DNSQueryTypeAAAA) &&
- len(respMsg) > query.Offset {
-
- answers := parseAnswers(respMsg[query.Offset:])
-
- for _, answer := range answers {
- if answer.IP != "" {
- ip += answer.IP + ","
- }
-
- for _, h := range s.answerHandlers {
- h(query.DomainName, answer.IP)
- }
- }
- }
-
- _, err = c.WriteTo(respMsg, clientAddr)
- if err != nil {
- logf("proxy-dns error in local write: %s\n", err)
- }
- }
-
- logf("proxy-dns %s <-> %s, type: %d, %s: %s", clientAddr.String(), dnsServer, query.QueryType, domain, ip)
+ // logf("proxy-dns %s <-> %s, type: %d, %s: %s", clientAddr.String(), dnsServer, query.QueryType, domain, ip)
}()
}
@@ -223,19 +160,37 @@ func (s *DNS) ServeTCP(c net.Conn) {
reqMsg := make([]byte, reqLen)
_, err := io.ReadFull(c, reqMsg)
if err != nil {
- logf("proxy-dns-tcp error in read reqMsg %s\n", err)
+ logf("proxy-dns-tcp error in read reqMsg %s", err)
return
}
- query := parseQuery(reqMsg)
- domain := query.DomainName
+ respLen, respMsg := s.handleReqMsg(reqLen, reqMsg)
- dnsServer := s.GetServer(domain)
+ if err := binary.Write(c, binary.BigEndian, respLen); err != nil {
+ logf("proxy-dns-tcp error in local write respLen: %s\n", err)
+ }
+ if err := binary.Write(c, binary.BigEndian, respMsg); err != nil {
+ logf("proxy-dns-tcp error in local write respMsg: %s\n", err)
+ }
+
+ // logf("proxy-dns-tcp %s <-> %s, type: %d, %s: %s", c.RemoteAddr(), dnsServer, query.QueryType, domain, ip)
+}
+
+// handle request msg and return response msg
+func (s *DNS) handleReqMsg(reqLen uint16, reqMsg []byte) (respLen uint16, respMsg []byte) {
+
+ query, err := parseQuery(reqMsg)
+ if err != nil {
+ logf("proxy-dns-tcp error in parseQuery reqMsg %s", err)
+ return
+ }
+
+ dnsServer := s.GetServer(query.DomainName)
if s.tunnel {
dnsServer = s.dnsServer
}
- rc, err := s.sDialer.NextDialer(domain+":53").Dial("tcp", dnsServer)
+ rc, err := s.sDialer.NextDialer(query.DomainName+":53").Dial("tcp", dnsServer)
if err != nil {
logf("proxy-dns failed to connect to server %v: %v", dnsServer, err)
return
@@ -243,30 +198,34 @@ func (s *DNS) ServeTCP(c net.Conn) {
defer rc.Close()
if err := binary.Write(rc, binary.BigEndian, reqLen); err != nil {
-
+ logf("proxy-dns failed to connect to server %v: %v", dnsServer, err)
}
if err := binary.Write(rc, binary.BigEndian, reqMsg); err != nil {
-
+ logf("proxy-dns failed to connect to server %v: %v", dnsServer, err)
}
- var respLen uint16
if err := binary.Read(rc, binary.BigEndian, &respLen); err != nil {
logf("proxy-dns-tcp failed to read response length: %v", err)
return
}
- respMsg := make([]byte, respLen)
+ respMsg = make([]byte, respLen)
_, err = io.ReadFull(rc, respMsg)
if err != nil {
logf("proxy-dns-tcp error in read respMsg %s\n", err)
return
}
- fmt.Printf("dns resp len %d:\n%s\n\n", respLen, hex.Dump(respMsg[:]))
+ // fmt.Printf("dns resp len %d:\n%s\n\n", respLen, hex.Dump(respMsg[:]))
var ip string
if respLen > 0 {
- query := parseQuery(respMsg)
+ query, err := parseQuery(respMsg)
+ if err != nil {
+ logf("proxy-dns error in parseQuery respMsg %s", err)
+ return
+ }
+
if (query.QueryType == DNSQueryTypeA || query.QueryType == DNSQueryTypeAAAA) &&
len(respMsg) > query.Offset {
@@ -283,16 +242,9 @@ func (s *DNS) ServeTCP(c net.Conn) {
}
}
- if err := binary.Write(c, binary.BigEndian, respLen); err != nil {
- logf("proxy-dns-tcp error in local write respLen: %s\n", err)
- }
- if err := binary.Write(c, binary.BigEndian, respMsg); err != nil {
- logf("proxy-dns-tcp error in local write respMsg: %s\n", err)
- }
}
- logf("proxy-dns-tcp %s <-> %s, type: %d, %s: %s", c.RemoteAddr(), dnsServer, query.QueryType, domain, ip)
-
+ return
}
// SetServer .
@@ -321,7 +273,7 @@ func (s *DNS) AddAnswerHandler(h DNSAnswerHandler) {
s.answerHandlers = append(s.answerHandlers, h)
}
-func parseQuery(p []byte) *dnsQuery {
+func parseQuery(p []byte) (*dnsQuery, error) {
q := &dnsQuery{}
var i int
@@ -341,11 +293,16 @@ func parseQuery(p []byte) *dnsQuery {
}
q.DomainName = string(domain[:len(domain)-1])
+
+ if len(p) < i+4 {
+ return nil, errors.New("parseQuery error, not enough data")
+ }
+
q.QueryType = binary.BigEndian.Uint16(p[i:])
q.QueryClass = binary.BigEndian.Uint16(p[i+2:])
q.Offset = i + 4
- return q
+ return q, nil
}
func parseAnswers(p []byte) []*dnsAnswer {
From 2e10672c3b32760e82147a6ceba24743df2f011f Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 9 Jan 2018 23:43:56 +0800
Subject: [PATCH 118/341] dns: add some comment
---
dns.go | 256 +++++++++++++++++++++++++++++++++++++++------------------
1 file changed, 174 insertions(+), 82 deletions(-)
diff --git a/dns.go b/dns.go
index f1c565c..640a1a6 100644
--- a/dns.go
+++ b/dns.go
@@ -10,11 +10,8 @@ import (
"strings"
)
-// DNSUDPHeaderLen is the length of UDP dns msg header
-const DNSUDPHeaderLen = 12
-
-// DNSTCPHeaderLen is the length of TCP dns msg header
-const DNSTCPHeaderLen = 2 + DNSUDPHeaderLen
+// DNSHeaderLen is the length of dns msg header
+const DNSHeaderLen = 12
// DNSUDPMaxLen is the max size of udp dns request.
// https://tools.ietf.org/html/rfc1035#section-4.2.1
@@ -25,26 +22,114 @@ const DNSTCPHeaderLen = 2 + DNSUDPHeaderLen
// so we should also serve tcp requests.
const DNSUDPMaxLen = 512
-// DNSQueryTypeA ipv4
-const DNSQueryTypeA = 1
+// DNSQTypeA ipv4
+const DNSQTypeA = 1
-// DNSQueryTypeAAAA ipv6
-const DNSQueryTypeAAAA = 28
+// DNSQTypeAAAA ipv6
+const DNSQTypeAAAA = 28
-type dnsQuery struct {
- DomainName string
- QueryType uint16
- QueryClass uint16
- Offset int
+// DNSMsg format
+// https://tools.ietf.org/html/rfc1035#section-4.1
+// All communications inside of the domain protocol are carried in a single
+// format called a message. The top level format of message is divided
+// into 5 sections (some of which are empty in certain cases) shown below:
+//
+// +---------------------+
+// | Header |
+// +---------------------+
+// | Question | the question for the name server
+// +---------------------+
+// | Answer | RRs answering the question
+// +---------------------+
+// | Authority | RRs pointing toward an authority
+// +---------------------+
+// | Additional | RRs holding additional information
+type DNSMsg struct {
+ DNSHeader
+ Questions []*DNSQuestion
+ Answers []*DNSRR
}
-type dnsAnswer struct {
- // DomainName string
- QueryType uint16
- QueryClass uint16
- TTL uint32
- DataLength uint16
- Data []byte
+// DNSHeader format
+// https://tools.ietf.org/html/rfc1035#section-4.1.1
+// The header contains the following fields:
+//
+// 1 1 1 1 1 1
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | ID |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// |QR| Opcode |AA|TC|RD|RA| Z | RCODE |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | QDCOUNT |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | ANCOUNT |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | NSCOUNT |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | ARCOUNT |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+//
+type DNSHeader struct {
+ ID uint16
+}
+
+// DNSQuestion format
+// https://tools.ietf.org/html/rfc1035#section-4.1.2
+// The question section is used to carry the "question" in most queries,
+// i.e., the parameters that define what is being asked. The section
+// contains QDCOUNT (usually 1) entries, each of the following format:
+//
+// 1 1 1 1 1 1
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | |
+// / QNAME /
+// / /
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | QTYPE |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | QCLASS |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+type DNSQuestion struct {
+ QNAME string
+ QTYPE uint16
+ QCLASS uint16
+
+ Offset int
+}
+
+// DNSRR format
+// https://tools.ietf.org/html/rfc1035#section-3.2.1
+// All RRs have the same top level format shown below:
+//
+// 1 1 1 1 1 1
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | |
+// / /
+// / NAME /
+// | |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | TYPE |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | CLASS |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | TTL |
+// | |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | RDLENGTH |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
+// / RDATA /
+// / /
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+type DNSRR struct {
+ // NAME string
+ TYPE uint16
+ CLASS uint16
+ TTL uint32
+ RDLENGTH uint16
+ RDATA []byte
IP string
}
@@ -57,12 +142,12 @@ type DNS struct {
*Forwarder // as proxy client
sDialer Dialer // dialer for server
- tunnel bool
+ Tunnel bool
- dnsServer string
+ DNSServer string
- dnsServerMap map[string]string
- answerHandlers []DNSAnswerHandler
+ DNSServerMap map[string]string
+ AnswerHandlers []DNSAnswerHandler
}
// NewDNS returns a dns forwarder. client[dns.udp] -> glider[tcp] -> forwarder[dns.tcp] -> remote dns addr
@@ -71,10 +156,10 @@ func NewDNS(addr, raddr string, sDialer Dialer, tunnel bool) (*DNS, error) {
Forwarder: NewForwarder(addr, nil),
sDialer: sDialer,
- tunnel: tunnel,
+ Tunnel: tunnel,
- dnsServer: raddr,
- dnsServerMap: make(map[string]string),
+ DNSServer: raddr,
+ DNSServerMap: make(map[string]string),
}
return s, nil
@@ -90,31 +175,34 @@ func (s *DNS) ListenAndServe() {
func (s *DNS) ListenAndServeUDP() {
c, err := net.ListenPacket("udp", s.addr)
if err != nil {
- logf("proxy-dns failed to listen on %s: %v", s.addr, err)
+ logf("proxy-dns failed to listen on %s, error: %v", s.addr, err)
return
}
defer c.Close()
- logf("proxy-dns listening on udp:%s", s.addr)
+ logf("proxy-dns listening UDP on %s", s.addr)
for {
- data := make([]byte, DNSUDPMaxLen)
-
- n, clientAddr, err := c.ReadFrom(data)
+ b := make([]byte, DNSUDPMaxLen)
+ n, clientAddr, err := c.ReadFrom(b)
if err != nil {
- logf("proxy-dns DNS local read error: %v", err)
+ logf("proxy-dns local read error: %v", err)
continue
}
- data = data[:n]
+ reqLen := uint16(n)
+ if reqLen <= DNSHeaderLen {
+ logf("proxy-dns not enough data")
+ continue
+ }
+ b = b[:n]
go func() {
-
- _, respMsg := s.handleReqMsg(uint16(len(data)), data)
-
+ _, respMsg := s.handleReqMsg(reqLen, b)
_, err = c.WriteTo(respMsg, clientAddr)
if err != nil {
- logf("proxy-dns error in local write: %s\n", err)
+ logf("proxy-dns error in local write: %s", err)
+ return
}
// logf("proxy-dns %s <-> %s, type: %d, %s: %s", clientAddr.String(), dnsServer, query.QueryType, domain, ip)
@@ -131,7 +219,7 @@ func (s *DNS) ListenAndServeTCP() {
return
}
- logf("proxy-dns-tcp listening on tcp:%s", s.addr)
+ logf("proxy-dns-tcp listening TCP on %s", s.addr)
for {
c, err := l.Accept()
@@ -157,6 +245,11 @@ func (s *DNS) ServeTCP(c net.Conn) {
return
}
+ if reqLen <= DNSHeaderLen {
+ logf("proxy-dns not enough data")
+ return
+ }
+
reqMsg := make([]byte, reqLen)
_, err := io.ReadFull(c, reqMsg)
if err != nil {
@@ -165,7 +258,6 @@ func (s *DNS) ServeTCP(c net.Conn) {
}
respLen, respMsg := s.handleReqMsg(reqLen, reqMsg)
-
if err := binary.Write(c, binary.BigEndian, respLen); err != nil {
logf("proxy-dns-tcp error in local write respLen: %s\n", err)
}
@@ -178,19 +270,19 @@ func (s *DNS) ServeTCP(c net.Conn) {
// handle request msg and return response msg
func (s *DNS) handleReqMsg(reqLen uint16, reqMsg []byte) (respLen uint16, respMsg []byte) {
-
- query, err := parseQuery(reqMsg)
+ // fmt.Printf("dns req len %d:\n%s\n\n", reqLen, hex.Dump(reqMsg[:]))
+ query, err := parseQuestion(reqMsg)
if err != nil {
- logf("proxy-dns-tcp error in parseQuery reqMsg %s", err)
+ logf("proxy-dns error in parseQuestion reqMsg %s", err)
return
}
- dnsServer := s.GetServer(query.DomainName)
- if s.tunnel {
- dnsServer = s.dnsServer
+ dnsServer := s.GetServer(query.QNAME)
+ if s.Tunnel {
+ dnsServer = s.DNSServer
}
- rc, err := s.sDialer.NextDialer(query.DomainName+":53").Dial("tcp", dnsServer)
+ rc, err := s.sDialer.NextDialer(query.QNAME+":53").Dial("tcp", dnsServer)
if err != nil {
logf("proxy-dns failed to connect to server %v: %v", dnsServer, err)
return
@@ -198,21 +290,23 @@ func (s *DNS) handleReqMsg(reqLen uint16, reqMsg []byte) (respLen uint16, respMs
defer rc.Close()
if err := binary.Write(rc, binary.BigEndian, reqLen); err != nil {
- logf("proxy-dns failed to connect to server %v: %v", dnsServer, err)
+ logf("proxy-dns failed to write req length: %v", err)
+ return
}
if err := binary.Write(rc, binary.BigEndian, reqMsg); err != nil {
- logf("proxy-dns failed to connect to server %v: %v", dnsServer, err)
+ logf("proxy-dns failed to write req message: %v", err)
+ return
}
if err := binary.Read(rc, binary.BigEndian, &respLen); err != nil {
- logf("proxy-dns-tcp failed to read response length: %v", err)
+ logf("proxy-dns failed to read response length: %v", err)
return
}
respMsg = make([]byte, respLen)
_, err = io.ReadFull(rc, respMsg)
if err != nil {
- logf("proxy-dns-tcp error in read respMsg %s\n", err)
+ logf("proxy-dns error in read respMsg %s\n", err)
return
}
@@ -220,24 +314,23 @@ func (s *DNS) handleReqMsg(reqLen uint16, reqMsg []byte) (respLen uint16, respMs
var ip string
if respLen > 0 {
- query, err := parseQuery(respMsg)
+ query, err := parseQuestion(respMsg)
if err != nil {
- logf("proxy-dns error in parseQuery respMsg %s", err)
+ logf("proxy-dns error in parseQuestion respMsg %s", err)
return
}
- if (query.QueryType == DNSQueryTypeA || query.QueryType == DNSQueryTypeAAAA) &&
+ if (query.QTYPE == DNSQTypeA || query.QTYPE == DNSQTypeAAAA) &&
len(respMsg) > query.Offset {
answers := parseAnswers(respMsg[query.Offset:])
-
for _, answer := range answers {
if answer.IP != "" {
ip += answer.IP + ","
}
- for _, h := range s.answerHandlers {
- h(query.DomainName, answer.IP)
+ for _, h := range s.AnswerHandlers {
+ h(query.QNAME, answer.IP)
}
}
}
@@ -249,36 +342,35 @@ func (s *DNS) handleReqMsg(reqLen uint16, reqMsg []byte) (respLen uint16, respMs
// SetServer .
func (s *DNS) SetServer(domain, server string) {
- s.dnsServerMap[domain] = server
+ s.DNSServerMap[domain] = server
}
// GetServer .
func (s *DNS) GetServer(domain string) string {
-
domainParts := strings.Split(domain, ".")
length := len(domainParts)
for i := length - 2; i >= 0; i-- {
domain := strings.Join(domainParts[i:length], ".")
- if server, ok := s.dnsServerMap[domain]; ok {
+ if server, ok := s.DNSServerMap[domain]; ok {
return server
}
}
- return s.dnsServer
+ return s.DNSServer
}
// AddAnswerHandler .
func (s *DNS) AddAnswerHandler(h DNSAnswerHandler) {
- s.answerHandlers = append(s.answerHandlers, h)
+ s.AnswerHandlers = append(s.AnswerHandlers, h)
}
-func parseQuery(p []byte) (*dnsQuery, error) {
- q := &dnsQuery{}
+func parseQuestion(p []byte) (*DNSQuestion, error) {
+ q := &DNSQuestion{}
var i int
var domain []byte
- for i = DNSUDPHeaderLen; i < len(p); {
+ for i = DNSHeaderLen; i < len(p); {
l := int(p[i])
if l == 0 {
@@ -292,21 +384,21 @@ func parseQuery(p []byte) (*dnsQuery, error) {
i = i + l + 1
}
- q.DomainName = string(domain[:len(domain)-1])
+ q.QNAME = string(domain[:len(domain)-1])
if len(p) < i+4 {
- return nil, errors.New("parseQuery error, not enough data")
+ return nil, errors.New("parseQuestion error, not enough data")
}
- q.QueryType = binary.BigEndian.Uint16(p[i:])
- q.QueryClass = binary.BigEndian.Uint16(p[i+2:])
+ q.QTYPE = binary.BigEndian.Uint16(p[i:])
+ q.QCLASS = binary.BigEndian.Uint16(p[i+2:])
q.Offset = i + 4
return q, nil
}
-func parseAnswers(p []byte) []*dnsAnswer {
- var answers []*dnsAnswer
+func parseAnswers(p []byte) []*DNSRR {
+ var answers []*DNSRR
for i := 0; i < len(p); {
@@ -323,23 +415,23 @@ func parseAnswers(p []byte) []*dnsAnswer {
break
}
- answer := &dnsAnswer{}
+ answer := &DNSRR{}
- answer.QueryType = binary.BigEndian.Uint16(p[i:])
- answer.QueryClass = binary.BigEndian.Uint16(p[i+2:])
+ answer.TYPE = binary.BigEndian.Uint16(p[i:])
+ answer.CLASS = binary.BigEndian.Uint16(p[i+2:])
answer.TTL = binary.BigEndian.Uint32(p[i+4:])
- answer.DataLength = binary.BigEndian.Uint16(p[i+8:])
- answer.Data = p[i+10 : i+10+int(answer.DataLength)]
+ answer.RDLENGTH = binary.BigEndian.Uint16(p[i+8:])
+ answer.RDATA = p[i+10 : i+10+int(answer.RDLENGTH)]
- if answer.QueryType == DNSQueryTypeA {
- answer.IP = net.IP(answer.Data[:net.IPv4len]).String()
- } else if answer.QueryType == DNSQueryTypeAAAA {
- answer.IP = net.IP(answer.Data[:net.IPv6len]).String()
+ if answer.TYPE == DNSQTypeA {
+ answer.IP = net.IP(answer.RDATA[:net.IPv4len]).String()
+ } else if answer.TYPE == DNSQTypeAAAA {
+ answer.IP = net.IP(answer.RDATA[:net.IPv6len]).String()
}
answers = append(answers, answer)
- i = i + 10 + int(answer.DataLength)
+ i = i + 10 + int(answer.RDLENGTH)
}
return answers
From bebfa0e48e518c4f27329bd02e95727a91906cff Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 10 Jan 2018 12:25:57 +0800
Subject: [PATCH 119/341] dns: fixed a bug in parseQuestion which may leads to
a panic
---
dns.go | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/dns.go b/dns.go
index 640a1a6..6c0fb35 100644
--- a/dns.go
+++ b/dns.go
@@ -196,9 +196,9 @@ func (s *DNS) ListenAndServeUDP() {
continue
}
- b = b[:n]
+ reqMsg := b[:n]
go func() {
- _, respMsg := s.handleReqMsg(reqLen, b)
+ _, respMsg := s.Exchange(reqLen, reqMsg)
_, err = c.WriteTo(respMsg, clientAddr)
if err != nil {
logf("proxy-dns error in local write: %s", err)
@@ -246,7 +246,7 @@ func (s *DNS) ServeTCP(c net.Conn) {
}
if reqLen <= DNSHeaderLen {
- logf("proxy-dns not enough data")
+ logf("proxy-dns-tcp not enough data")
return
}
@@ -257,7 +257,7 @@ func (s *DNS) ServeTCP(c net.Conn) {
return
}
- respLen, respMsg := s.handleReqMsg(reqLen, reqMsg)
+ respLen, respMsg := s.Exchange(reqLen, reqMsg)
if err := binary.Write(c, binary.BigEndian, respLen); err != nil {
logf("proxy-dns-tcp error in local write respLen: %s\n", err)
}
@@ -268,8 +268,8 @@ func (s *DNS) ServeTCP(c net.Conn) {
// logf("proxy-dns-tcp %s <-> %s, type: %d, %s: %s", c.RemoteAddr(), dnsServer, query.QueryType, domain, ip)
}
-// handle request msg and return response msg
-func (s *DNS) handleReqMsg(reqLen uint16, reqMsg []byte) (respLen uint16, respMsg []byte) {
+// Exchange handles request msg and return response msg
+func (s *DNS) Exchange(reqLen uint16, reqMsg []byte) (respLen uint16, respMsg []byte) {
// fmt.Printf("dns req len %d:\n%s\n\n", reqLen, hex.Dump(reqMsg[:]))
query, err := parseQuestion(reqMsg)
if err != nil {
@@ -367,10 +367,11 @@ func (s *DNS) AddAnswerHandler(h DNSAnswerHandler) {
func parseQuestion(p []byte) (*DNSQuestion, error) {
q := &DNSQuestion{}
+ lenP := len(p)
var i int
var domain []byte
- for i = DNSHeaderLen; i < len(p); {
+ for i = DNSHeaderLen; i < lenP; {
l := int(p[i])
if l == 0 {
@@ -378,6 +379,10 @@ func parseQuestion(p []byte) (*DNSQuestion, error) {
break
}
+ if lenP <= i+l+1 {
+ return nil, errors.New("parseQuestion error, not enough data for QNAME")
+ }
+
domain = append(domain, p[i+1:i+l+1]...)
domain = append(domain, '.')
From e91d4bcb6e0b8f587a0a30eb865ec876af1774f2 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 10 Jan 2018 13:11:13 +0800
Subject: [PATCH 120/341] ipset: avoid adding twice
---
dns.go | 8 ++++----
ipset_linux.go | 7 +++----
2 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/dns.go b/dns.go
index 6c0fb35..3e680f6 100644
--- a/dns.go
+++ b/dns.go
@@ -270,7 +270,7 @@ func (s *DNS) ServeTCP(c net.Conn) {
// Exchange handles request msg and return response msg
func (s *DNS) Exchange(reqLen uint16, reqMsg []byte) (respLen uint16, respMsg []byte) {
- // fmt.Printf("dns req len %d:\n%s\n\n", reqLen, hex.Dump(reqMsg[:]))
+ // fmt.Printf("\ndns req len %d:\n%s\n", reqLen, hex.Dump(reqMsg[:]))
query, err := parseQuestion(reqMsg)
if err != nil {
logf("proxy-dns error in parseQuestion reqMsg %s", err)
@@ -310,7 +310,7 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte) (respLen uint16, respMsg []
return
}
- // fmt.Printf("dns resp len %d:\n%s\n\n", respLen, hex.Dump(respMsg[:]))
+ // fmt.Printf("\ndns resp len %d:\n%s\n", respLen, hex.Dump(respMsg[:]))
var ip string
if respLen > 0 {
@@ -380,7 +380,7 @@ func parseQuestion(p []byte) (*DNSQuestion, error) {
}
if lenP <= i+l+1 {
- return nil, errors.New("parseQuestion error, not enough data for QNAME")
+ return nil, errors.New("not enough data for QNAME")
}
domain = append(domain, p[i+1:i+l+1]...)
@@ -392,7 +392,7 @@ func parseQuestion(p []byte) (*DNSQuestion, error) {
q.QNAME = string(domain[:len(domain)-1])
if len(p) < i+4 {
- return nil, errors.New("parseQuestion error, not enough data")
+ return nil, errors.New("not enough data")
}
q.QTYPE = binary.BigEndian.Uint16(p[i:])
diff --git a/ipset_linux.go b/ipset_linux.go
index 68046a6..edb94f4 100644
--- a/ipset_linux.go
+++ b/ipset_linux.go
@@ -83,11 +83,9 @@ func NewIPSetManager(mainSet string, rules []*RuleConf) (*IPSetManager, error) {
}
m := &IPSetManager{fd: fd, lsa: lsa, mainSet: mainSet}
-
CreateSet(fd, lsa, mainSet)
for _, r := range rules {
-
set := r.IPSet
if set != "" && set != m.mainSet {
@@ -117,7 +115,6 @@ func NewIPSetManager(mainSet string, rules []*RuleConf) (*IPSetManager, error) {
// AddDomainIP implements the DNSAnswerHandler function, used to update ipset according to domainSet rule
func (m *IPSetManager) AddDomainIP(domain, ip string) error {
-
if ip != "" {
domainParts := strings.Split(domain, ".")
length := len(domainParts)
@@ -127,7 +124,9 @@ func (m *IPSetManager) AddDomainIP(domain, ip string) error {
// find in domainMap
if ipset, ok := m.domainSet.Load(domain); ok {
AddToSet(m.fd, m.lsa, m.mainSet, ip)
- AddToSet(m.fd, m.lsa, ipset.(string), ip)
+ if ipset.(string) != m.mainSet {
+ AddToSet(m.fd, m.lsa, ipset.(string), ip)
+ }
}
}
From ff632f23a6e210df6889d7c133f18f48a80e4b5d Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 11 Jan 2018 14:44:24 +0800
Subject: [PATCH 121/341] dns: change parseAnswers function to return error
---
dns.go | 136 +++++++++++++++++++++++++++++++++------------------------
1 file changed, 80 insertions(+), 56 deletions(-)
diff --git a/dns.go b/dns.go
index 3e680f6..ed9b05c 100644
--- a/dns.go
+++ b/dns.go
@@ -44,11 +44,11 @@ const DNSQTypeAAAA = 28
// | Authority | RRs pointing toward an authority
// +---------------------+
// | Additional | RRs holding additional information
-type DNSMsg struct {
- DNSHeader
- Questions []*DNSQuestion
- Answers []*DNSRR
-}
+// type DNSMsg struct {
+// DNSHeader
+// Questions []DNSQuestion
+// Answers []DNSRR
+// }
// DNSHeader format
// https://tools.ietf.org/html/rfc1035#section-4.1.1
@@ -70,9 +70,9 @@ type DNSMsg struct {
// | ARCOUNT |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//
-type DNSHeader struct {
- ID uint16
-}
+// type DNSHeader struct {
+// ID uint16
+// }
// DNSQuestion format
// https://tools.ietf.org/html/rfc1035#section-4.1.2
@@ -134,8 +134,8 @@ type DNSRR struct {
IP string
}
-// DNSAnswerHandler .
-type DNSAnswerHandler func(domain, ip string) error
+// DNSAnswerHandler function handles the dns TypeA or TypeAAAA answer
+type DNSAnswerHandler func(Domain, ip string) error
// DNS .
type DNS struct {
@@ -191,22 +191,26 @@ func (s *DNS) ListenAndServeUDP() {
}
reqLen := uint16(n)
- if reqLen <= DNSHeaderLen {
+ // TODO: check here
+ if reqLen <= DNSHeaderLen+2 {
logf("proxy-dns not enough data")
continue
}
reqMsg := b[:n]
go func() {
- _, respMsg := s.Exchange(reqLen, reqMsg)
+ _, respMsg, err := s.Exchange(reqLen, reqMsg, clientAddr.String())
+ if err != nil {
+ logf("proxy-dns error in exchange: %s", err)
+ return
+ }
+
_, err = c.WriteTo(respMsg, clientAddr)
if err != nil {
logf("proxy-dns error in local write: %s", err)
return
}
- // logf("proxy-dns %s <-> %s, type: %d, %s: %s", clientAddr.String(), dnsServer, query.QueryType, domain, ip)
-
}()
}
}
@@ -241,11 +245,12 @@ func (s *DNS) ServeTCP(c net.Conn) {
var reqLen uint16
if err := binary.Read(c, binary.BigEndian, &reqLen); err != nil {
- logf("proxy-dns-tcp failed to read request length: %v", err)
+ logf("proxy-dns-tcp failed to get request length: %v", err)
return
}
- if reqLen <= DNSHeaderLen {
+ // TODO: check here
+ if reqLen <= DNSHeaderLen+2 {
logf("proxy-dns-tcp not enough data")
return
}
@@ -257,29 +262,34 @@ func (s *DNS) ServeTCP(c net.Conn) {
return
}
- respLen, respMsg := s.Exchange(reqLen, reqMsg)
- if err := binary.Write(c, binary.BigEndian, respLen); err != nil {
- logf("proxy-dns-tcp error in local write respLen: %s\n", err)
- }
- if err := binary.Write(c, binary.BigEndian, respMsg); err != nil {
- logf("proxy-dns-tcp error in local write respMsg: %s\n", err)
- }
-
- // logf("proxy-dns-tcp %s <-> %s, type: %d, %s: %s", c.RemoteAddr(), dnsServer, query.QueryType, domain, ip)
-}
-
-// Exchange handles request msg and return response msg
-func (s *DNS) Exchange(reqLen uint16, reqMsg []byte) (respLen uint16, respMsg []byte) {
- // fmt.Printf("\ndns req len %d:\n%s\n", reqLen, hex.Dump(reqMsg[:]))
- query, err := parseQuestion(reqMsg)
+ respLen, respMsg, err := s.Exchange(reqLen, reqMsg, c.RemoteAddr().String())
if err != nil {
- logf("proxy-dns error in parseQuestion reqMsg %s", err)
+ logf("proxy-dns-tcp error in exchange: %s", err)
return
}
- dnsServer := s.GetServer(query.QNAME)
- if s.Tunnel {
- dnsServer = s.DNSServer
+ if err := binary.Write(c, binary.BigEndian, respLen); err != nil {
+ logf("proxy-dns-tcp error in local write respLen: %s", err)
+ return
+ }
+ if err := binary.Write(c, binary.BigEndian, respMsg); err != nil {
+ logf("proxy-dns-tcp error in local write respMsg: %s", err)
+ return
+ }
+}
+
+// Exchange handles request msg and returns response msg
+func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint16, respMsg []byte, err error) {
+ // fmt.Printf("\ndns req len %d:\n%s\n", reqLen, hex.Dump(reqMsg[:]))
+ query, err := parseQuestion(reqMsg)
+ if err != nil {
+ logf("proxy-dns error in parseQuestion reqMsg: %s", err)
+ return
+ }
+
+ dnsServer := s.DNSServer
+ if !s.Tunnel {
+ dnsServer = s.GetServer(query.QNAME)
}
rc, err := s.sDialer.NextDialer(query.QNAME+":53").Dial("tcp", dnsServer)
@@ -289,16 +299,16 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte) (respLen uint16, respMsg []
}
defer rc.Close()
- if err := binary.Write(rc, binary.BigEndian, reqLen); err != nil {
+ if err = binary.Write(rc, binary.BigEndian, reqLen); err != nil {
logf("proxy-dns failed to write req length: %v", err)
return
}
- if err := binary.Write(rc, binary.BigEndian, reqMsg); err != nil {
+ if err = binary.Write(rc, binary.BigEndian, reqMsg); err != nil {
logf("proxy-dns failed to write req message: %v", err)
return
}
- if err := binary.Read(rc, binary.BigEndian, &respLen); err != nil {
+ if err = binary.Read(rc, binary.BigEndian, &respLen); err != nil {
logf("proxy-dns failed to read response length: %v", err)
return
}
@@ -313,30 +323,35 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte) (respLen uint16, respMsg []
// fmt.Printf("\ndns resp len %d:\n%s\n", respLen, hex.Dump(respMsg[:]))
var ip string
- if respLen > 0 {
- query, err := parseQuestion(respMsg)
+ respReq, err := parseQuestion(respMsg)
+ if err != nil {
+ logf("proxy-dns error in parseQuestion respMsg: %s", err)
+ return
+ }
+
+ if (respReq.QTYPE == DNSQTypeA || respReq.QTYPE == DNSQTypeAAAA) &&
+ len(respMsg) > respReq.Offset {
+
+ var answers []*DNSRR
+ answers, err = parseAnswers(respMsg[respReq.Offset:])
if err != nil {
- logf("proxy-dns error in parseQuestion respMsg %s", err)
+ logf("proxy-dns error in parseAnswers: %s", err)
return
}
- if (query.QTYPE == DNSQTypeA || query.QTYPE == DNSQTypeAAAA) &&
- len(respMsg) > query.Offset {
+ for _, answer := range answers {
+ for _, h := range s.AnswerHandlers {
+ h(respReq.QNAME, answer.IP)
+ }
- answers := parseAnswers(respMsg[query.Offset:])
- for _, answer := range answers {
- if answer.IP != "" {
- ip += answer.IP + ","
- }
-
- for _, h := range s.AnswerHandlers {
- h(query.QNAME, answer.IP)
- }
+ if answer.IP != "" {
+ ip += answer.IP + ","
}
}
}
+ logf("proxy-dns %s <-> %s, type: %d, %s: %s", addr, dnsServer, query.QTYPE, query.QNAME, ip)
return
}
@@ -389,9 +404,13 @@ func parseQuestion(p []byte) (*DNSQuestion, error) {
i = i + l + 1
}
+ if len(domain) == 0 {
+ return nil, errors.New("no QNAME")
+ }
+
q.QNAME = string(domain[:len(domain)-1])
- if len(p) < i+4 {
+ if lenP < i+4 {
return nil, errors.New("not enough data")
}
@@ -402,10 +421,11 @@ func parseQuestion(p []byte) (*DNSQuestion, error) {
return q, nil
}
-func parseAnswers(p []byte) []*DNSRR {
+func parseAnswers(p []byte) ([]*DNSRR, error) {
var answers []*DNSRR
+ lenP := len(p)
- for i := 0; i < len(p); {
+ for i := 0; i < lenP; {
// https://tools.ietf.org/html/rfc1035#section-4.1.4
// "Message compression",
@@ -420,6 +440,10 @@ func parseAnswers(p []byte) []*DNSRR {
break
}
+ if lenP <= i+10 {
+ return nil, errors.New("not enough data")
+ }
+
answer := &DNSRR{}
answer.TYPE = binary.BigEndian.Uint16(p[i:])
@@ -439,5 +463,5 @@ func parseAnswers(p []byte) []*DNSRR {
i = i + 10 + int(answer.RDLENGTH)
}
- return answers
+ return answers, nil
}
From 1368cf777094f72bf3019051a92a29456e1d7571 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 11 Jan 2018 23:14:09 +0800
Subject: [PATCH 122/341] uottun: support local udp 2 udp forwarding when there
are no remote forwarders
---
README.md | 3 ++-
dns.go | 1 +
ss.go | 1 -
uottun.go | 23 +++++++++++++++--------
4 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/README.md b/README.md
index e16be36..2c0f799 100644
--- a/README.md
+++ b/README.md
@@ -48,7 +48,8 @@ General:
TODO:
- [x] UDP over TCP Tunnel (client <--udp--> glider/uottun <--tcp--> ss <--udp--> target)
-- [ ] Transparent UDP proxy (linux tproxy)
+- [ ] Transparent UDP proxy (iptables tproxy)
+- [ ] DNS Cache
- [ ] TUN/TAP device support
- [ ] Code refactoring: support proxy registering so it can be pluggable
- [ ] Conditional compilation so we can abandon needless proxy type and get a smaller binary size
diff --git a/dns.go b/dns.go
index ed9b05c..6ee4773 100644
--- a/dns.go
+++ b/dns.go
@@ -279,6 +279,7 @@ func (s *DNS) ServeTCP(c net.Conn) {
}
// Exchange handles request msg and returns response msg
+// TODO: multiple questions support, parse header to get the number of questions
func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint16, respMsg []byte, err error) {
// fmt.Printf("\ndns req len %d:\n%s\n", reqLen, hex.Dump(reqMsg[:]))
query, err := parseQuestion(reqMsg)
diff --git a/ss.go b/ss.go
index 68fb7f0..fba69f7 100644
--- a/ss.go
+++ b/ss.go
@@ -209,7 +209,6 @@ func (s *SS) ListenAndServeUDP() {
// Dial connects to the address addr on the network net via the proxy.
func (s *SS) Dial(network, addr string) (net.Conn, error) {
-
target := ParseAddr(addr)
if target == nil {
return nil, errors.New("Unable to parse address: " + addr)
diff --git a/uottun.go b/uottun.go
index 62e6247..97abd28 100644
--- a/uottun.go
+++ b/uottun.go
@@ -3,6 +3,7 @@ package main
import (
"io/ioutil"
"net"
+ "time"
)
// UoTTun udp over tcp tunnel
@@ -26,7 +27,6 @@ func NewUoTTun(addr, raddr string, sDialer Dialer) (*UoTTun, error) {
// ListenAndServe .
func (s *UoTTun) ListenAndServe() {
-
c, err := net.ListenPacket("udp", s.addr)
if err != nil {
logf("proxy-uottun failed to listen on %s: %v", s.addr, err)
@@ -55,14 +55,21 @@ func (s *UoTTun) ListenAndServe() {
rc.Write(buf[:n])
- resp, err := ioutil.ReadAll(rc)
- if err != nil {
- logf("error in ioutil.ReadAll: %s\n", err)
- return
+ // no remote forwarder
+ if urc, ok := rc.(*net.UDPConn); ok {
+ go func() {
+ timedCopy(c, clientAddr, urc, 5*time.Minute, false)
+ urc.Close()
+ }()
+ } else { // remote forwarder, udp over tcp
+ resp, err := ioutil.ReadAll(rc)
+ if err != nil {
+ logf("error in ioutil.ReadAll: %s\n", err)
+ return
+ }
+ rc.Close()
+ c.WriteTo(resp, clientAddr)
}
- rc.Close()
-
- c.WriteTo(resp, clientAddr)
logf("proxy-uottun %s <-> %s", clientAddr, s.raddr)
}()
From 824c9b378883001f661aba0734163d0072dc5e99 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 12 Jan 2018 20:11:21 +0800
Subject: [PATCH 123/341] udptun: add udp tunnel support
---
dialer.go | 3 +++
direct.go | 13 ++++++++++
http.go | 5 ++++
main.go | 2 +-
rule.go | 8 +++++-
server.go | 3 +++
socks5.go | 5 ++++
ss.go | 28 ++++++++++++++++++--
strategy.go | 12 ++++++---
udptun.go | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++
uottun.go | 9 ++++---
11 files changed, 150 insertions(+), 12 deletions(-)
create mode 100644 udptun.go
diff --git a/dialer.go b/dialer.go
index 4b8b66c..e3d7d91 100644
--- a/dialer.go
+++ b/dialer.go
@@ -14,6 +14,9 @@ type Dialer interface {
// Dial connects to the given address via the proxy.
Dial(network, addr string) (c net.Conn, err error)
+ // DialUDP returns a UDP PacketConn
+ DialUDP(network, addr string) (c net.PacketConn, err error)
+
// Get the dialer by dstAddr
NextDialer(dstAddr string) Dialer
}
diff --git a/direct.go b/direct.go
index fa1e74e..d8f7775 100644
--- a/direct.go
+++ b/direct.go
@@ -12,6 +12,9 @@ var Direct = &direct{}
func (d *direct) Addr() string { return "DIRECT" }
func (d *direct) Dial(network, addr string) (net.Conn, error) {
+ if network == "uot" {
+ network = "udp"
+ }
c, err := net.Dial(network, addr)
if c, ok := c.(*net.TCPConn); ok {
c.SetKeepAlive(true)
@@ -19,4 +22,14 @@ func (d *direct) Dial(network, addr string) (net.Conn, error) {
return c, err
}
+func (d *direct) DialUDP(network, addr string) (net.PacketConn, error) {
+ uAddr, err := net.ResolveUDPAddr(network, addr)
+ if err != nil {
+ logf("ResolveUDPAddr error: %s", err)
+ return nil, err
+ }
+
+ return net.DialUDP("udp", nil, uAddr)
+}
+
func (d *direct) NextDialer(dstAddr string) Dialer { return d }
diff --git a/http.go b/http.go
index 523fd33..54e984a 100644
--- a/http.go
+++ b/http.go
@@ -214,6 +214,11 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
return nil, errors.New("cound not connect remote address: " + addr + ". error code: " + code)
}
+// DialUDP .
+func (s *HTTP) DialUDP(network, addr string) (net.PacketConn, error) {
+ return nil, errors.New("udp not supported by http proxy now")
+}
+
// parseFirstLine parses "GET /foo HTTP/1.1" OR "HTTP/1.1 200 OK" into its three parts.
func parseFirstLine(tp *textproto.Reader) (r1, r2, r3 string, ok bool) {
line, err := tp.ReadLine()
diff --git a/main.go b/main.go
index 8a9193c..b741cfa 100644
--- a/main.go
+++ b/main.go
@@ -9,7 +9,7 @@ import (
)
// VERSION .
-const VERSION = "0.4.3"
+const VERSION = "0.5.0"
func dialerFromConf() Dialer {
// global forwarders in xx.conf
diff --git a/rule.go b/rule.go
index 5a38473..ad9d186 100644
--- a/rule.go
+++ b/rule.go
@@ -56,7 +56,8 @@ func NewRuleDialer(rules []*RuleConf, gDialer Dialer) *RuleDialer {
}
// Addr returns RuleDialer's address, always be "RULES"
-func (rd *RuleDialer) Addr() string { return "RULES" }
+// func (rd *RuleDialer) Addr() string { return "RULES" }
+func (rd *RuleDialer) Addr() string { return rd.gDialer.Addr() }
// NextDialer return next dialer according to rule
func (rd *RuleDialer) NextDialer(dstAddr string) Dialer {
@@ -112,6 +113,11 @@ func (rd *RuleDialer) Dial(network, addr string) (net.Conn, error) {
return rd.NextDialer(addr).Dial(network, addr)
}
+// DialUDP .
+func (rd *RuleDialer) DialUDP(network, addr string) (net.PacketConn, error) {
+ return rd.NextDialer(addr).DialUDP(network, addr)
+}
+
// AddDomainIP used to update ipMap rules according to domainMap rule
func (rd *RuleDialer) AddDomainIP(domain, ip string) error {
if ip != "" {
diff --git a/server.go b/server.go
index 426af03..248b622 100644
--- a/server.go
+++ b/server.go
@@ -50,6 +50,9 @@ func ServerFromURL(s string, sDialer Dialer) (Server, error) {
case "tcptun":
d := strings.Split(addr, "=")
return NewTCPTun(d[0], d[1], sDialer)
+ case "udptun":
+ d := strings.Split(addr, "=")
+ return NewUDPTun(d[0], d[1], sDialer)
case "dnstun":
d := strings.Split(addr, "=")
return NewDNSTun(d[0], d[1], sDialer)
diff --git a/socks5.go b/socks5.go
index 3e686fd..bad9425 100644
--- a/socks5.go
+++ b/socks5.go
@@ -156,6 +156,11 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
return c, nil
}
+// DialUDP .
+func (s *SOCKS5) DialUDP(network, addr string) (net.PacketConn, error) {
+ return nil, errors.New("udp not supported by socks5 proxy now")
+}
+
// connect takes an existing connection to a socks5 proxy server,
// and commands the server to extend that connection to target,
// which must be a canonical address with a host and port.
diff --git a/ss.go b/ss.go
index fba69f7..2647d84 100644
--- a/ss.go
+++ b/ss.go
@@ -214,11 +214,22 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
return nil, errors.New("Unable to parse address: " + addr)
}
- // udp over tcp tag
- if network == "udp" {
+ switch network {
+ case "tcp":
+ return s.DialTCP(target)
+ case "uot":
target[0] = target[0] | 0x8
+ return s.DialTCP(target)
+ // case "udp":
+ // return s.DialUDP(target)
+ default:
+ return nil, errors.New("Unknown schema: " + network)
}
+}
+
+// DialTCP connects to the address addr via the proxy.
+func (s *SS) DialTCP(target Addr) (net.Conn, error) {
c, err := s.cDialer.Dial("tcp", s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
@@ -238,6 +249,19 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
return c, err
}
+// DialUDP .
+func (s *SS) DialUDP(network, addr string) (net.PacketConn, error) {
+ target := ParseAddr(addr)
+ if target == nil {
+ return nil, errors.New("Unable to parse address: " + addr)
+ }
+
+ c, _ := net.ListenPacket(network, "")
+ c = s.PacketConn(c)
+
+ return c, nil
+}
+
// ListCipher .
func ListCipher() string {
return strings.Join(core.ListCipher(), " ")
diff --git a/strategy.go b/strategy.go
index 98307e3..6c2efdc 100644
--- a/strategy.go
+++ b/strategy.go
@@ -5,8 +5,8 @@ import (
"io"
"net"
"strings"
- "time"
"sync"
+ "time"
)
// NewStrategyDialer returns a new Strategy Dialer
@@ -53,7 +53,7 @@ func newRRDialer(dialers []Dialer, website string, duration int) *rrDialer {
rr.duration = duration
for k := range dialers {
- rr.status.Store(k,true)
+ rr.status.Store(k, true)
go rr.checkDialer(k)
}
@@ -65,6 +65,10 @@ func (rr *rrDialer) Dial(network, addr string) (net.Conn, error) {
return rr.NextDialer(addr).Dial(network, addr)
}
+func (rr *rrDialer) DialUDP(network, addr string) (net.PacketConn, error) {
+ return rr.NextDialer(addr).DialUDP(network, addr)
+}
+
func (rr *rrDialer) NextDialer(dstAddr string) Dialer {
n := len(rr.dialers)
if n == 1 {
@@ -75,7 +79,7 @@ func (rr *rrDialer) NextDialer(dstAddr string) Dialer {
for i := 0; i < n; i++ {
rr.idx = (rr.idx + 1) % n
result, ok := rr.status.Load(rr.idx)
- if (ok && result.(bool)) {
+ if ok && result.(bool) {
found = true
break
}
@@ -151,7 +155,7 @@ func (ha *haDialer) Dial(network, addr string) (net.Conn, error) {
result, ok := ha.status.Load(ha.idx)
- if (ok && !result.(bool)) {
+ if ok && !result.(bool) {
d = ha.NextDialer(addr)
}
diff --git a/udptun.go b/udptun.go
new file mode 100644
index 0000000..6a766d1
--- /dev/null
+++ b/udptun.go
@@ -0,0 +1,74 @@
+package main
+
+import (
+ "net"
+ "time"
+)
+
+// UDPTun struct
+type UDPTun struct {
+ *Forwarder
+ sDialer Dialer
+
+ raddr string
+}
+
+// NewUDPTun returns a UDPTun proxy.
+func NewUDPTun(addr, raddr string, sDialer Dialer) (*UDPTun, error) {
+ s := &UDPTun{
+ Forwarder: NewForwarder(addr, nil),
+ sDialer: sDialer,
+ raddr: raddr,
+ }
+
+ return s, nil
+}
+
+// ListenAndServe .
+func (s *UDPTun) ListenAndServe() {
+ c, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ logf("proxy-udptun failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer c.Close()
+
+ logf("proxy-udptun listening UDP on %s", s.addr)
+
+ // var nm sync.Map
+ buf := make([]byte, udpBufSize)
+ tgt := ParseAddr(s.raddr)
+ copy(buf, tgt)
+
+ for {
+ n, clientAddr, err := c.ReadFrom(buf[len(tgt):])
+ if err != nil {
+ logf("proxy-udptun read error: %v", err)
+ continue
+ }
+
+ go func() {
+ rc, err := s.sDialer.DialUDP("udp", s.raddr)
+ if err != nil {
+ logf("proxy-udptun failed to connect to server %v: %v", s.raddr, err)
+ return
+ }
+
+ // TODO: check here, get the correct sDialer's addr
+ sUDPAddr, err := net.ResolveUDPAddr("udp", s.sDialer.Addr())
+ if err != nil {
+ logf("proxy-udptun failed to ResolveUDPAddr %", s.sDialer.Addr())
+ return
+ }
+
+ rc.WriteTo(buf[:len(tgt)+n], sUDPAddr)
+
+ go func() {
+ timedCopy(c, clientAddr, rc, 5*time.Minute, false)
+ rc.Close()
+ }()
+
+ logf("proxy-udptun %s <-> %s", clientAddr, s.raddr)
+ }()
+ }
+}
diff --git a/uottun.go b/uottun.go
index 97abd28..fce3874 100644
--- a/uottun.go
+++ b/uottun.go
@@ -46,21 +46,22 @@ func (s *UoTTun) ListenAndServe() {
}
go func() {
- // NOTE: acturally udp over tcp
- rc, err := s.sDialer.Dial("udp", s.raddr)
+ rc, err := s.sDialer.Dial("uot", s.raddr)
if err != nil {
- logf("failed to connect to server %v: %v", s.raddr, err)
+ logf("proxy-uottun failed to connect to server %v: %v", s.raddr, err)
return
}
rc.Write(buf[:n])
- // no remote forwarder
+ // no remote forwarder, just a local udp forwarder
if urc, ok := rc.(*net.UDPConn); ok {
+
go func() {
timedCopy(c, clientAddr, urc, 5*time.Minute, false)
urc.Close()
}()
+
} else { // remote forwarder, udp over tcp
resp, err := ioutil.ReadAll(rc)
if err != nil {
From 4670c9931e53a6bd1a22f22f4c577365b48dae1a Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 13 Jan 2018 13:20:15 +0800
Subject: [PATCH 124/341] conn: add the ability to get outbound ip
---
conn.go | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/conn.go b/conn.go
index d217c1f..6ce6c6d 100644
--- a/conn.go
+++ b/conn.go
@@ -3,6 +3,7 @@ package main
import (
"bufio"
"io"
+ "log"
"net"
"time"
)
@@ -79,3 +80,16 @@ func timedCopy(dst net.PacketConn, target net.Addr, src net.PacketConn, timeout
}
}
}
+
+// OutboundIP returns preferred outbound ip of this machine
+func OutboundIP() net.IP {
+ conn, err := net.Dial("udp", "8.8.8.8:80")
+ if err != nil {
+ log.Fatal(err)
+ }
+ defer conn.Close()
+
+ localAddr := conn.LocalAddr().(*net.UDPAddr)
+
+ return localAddr.IP
+}
From 950ed2b4269a3f760ab84580d4134a338e786a37 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 13 Jan 2018 14:25:55 +0800
Subject: [PATCH 125/341] http: add param to send 'X-Forwarded-For' header. #18
---
dialer.go | 2 +-
http.go | 28 +++++++++++++++++++++++++---
mixed.go | 4 ++--
server.go | 4 ++--
udptun.go | 2 +-
5 files changed, 31 insertions(+), 9 deletions(-)
diff --git a/dialer.go b/dialer.go
index e3d7d91..4c17b32 100644
--- a/dialer.go
+++ b/dialer.go
@@ -43,7 +43,7 @@ func DialerFromURL(s string, cDialer Dialer) (Dialer, error) {
switch u.Scheme {
case "http":
- return NewHTTP(addr, user, pass, cDialer, nil)
+ return NewHTTP(addr, user, pass, "", cDialer, nil)
case "socks5":
return NewSOCKS5(addr, user, pass, cDialer, nil)
case "ss":
diff --git a/http.go b/http.go
index 54e984a..a129c16 100644
--- a/http.go
+++ b/http.go
@@ -24,15 +24,27 @@ type HTTP struct {
user string
password string
+ xff bool
+
+ selfip string
}
// NewHTTP returns a http proxy.
-func NewHTTP(addr, user, pass string, cDialer Dialer, sDialer Dialer) (*HTTP, error) {
+func NewHTTP(addr, user, pass, rawQuery string, cDialer Dialer, sDialer Dialer) (*HTTP, error) {
s := &HTTP{
Forwarder: NewForwarder(addr, cDialer),
sDialer: sDialer,
user: user,
password: pass,
+ xff: false,
+ selfip: OutboundIP().String(),
+ }
+
+ p, _ := url.ParseQuery(rawQuery)
+ if v, ok := p["xff"]; ok {
+ if v[0] == "true" {
+ s.xff = true
+ }
}
return s, nil
@@ -89,6 +101,16 @@ func (s *HTTP) Serve(c net.Conn) {
// tell the remote server not to keep alive
reqHeader.Set("Connection", "close")
+ // X-Forwarded-For
+ if s.xff {
+ if reqHeader.Get("") != "" {
+ reqHeader.Add("X-Forwarded-For", ",")
+ }
+ reqHeader.Add("X-Forwarded-For", c.RemoteAddr().(*net.TCPAddr).IP.String())
+ reqHeader.Add("X-Forwarded-For", ",")
+ reqHeader.Add("X-Forwarded-For", s.selfip)
+ }
+
url, err := url.ParseRequestURI(requestURI)
if err != nil {
logf("parse request url error: %s", err)
@@ -211,12 +233,12 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
logf("proxy-http 'CONNECT' method not allowed by proxy %s", s.addr)
}
- return nil, errors.New("cound not connect remote address: " + addr + ". error code: " + code)
+ return nil, errors.New("proxy-http cound not connect remote address: " + addr + ". error code: " + code)
}
// DialUDP .
func (s *HTTP) DialUDP(network, addr string) (net.PacketConn, error) {
- return nil, errors.New("udp not supported by http proxy now")
+ return nil, errors.New("proxy-http udp not supported by http proxy now")
}
// parseFirstLine parses "GET /foo HTTP/1.1" OR "HTTP/1.1 200 OK" into its three parts.
diff --git a/mixed.go b/mixed.go
index e952722..93b69df 100644
--- a/mixed.go
+++ b/mixed.go
@@ -27,13 +27,13 @@ type MixedProxy struct {
}
// NewMixedProxy returns a mixed proxy.
-func NewMixedProxy(addr, user, pass string, sDialer Dialer) (*MixedProxy, error) {
+func NewMixedProxy(addr, user, pass, rawQuery string, sDialer Dialer) (*MixedProxy, error) {
p := &MixedProxy{
sDialer: sDialer,
addr: addr,
}
- p.http, _ = NewHTTP(addr, user, pass, nil, sDialer)
+ p.http, _ = NewHTTP(addr, user, pass, rawQuery, nil, sDialer)
p.socks5, _ = NewSOCKS5(addr, user, pass, nil, sDialer)
return p, nil
diff --git a/server.go b/server.go
index 248b622..4c1951a 100644
--- a/server.go
+++ b/server.go
@@ -38,9 +38,9 @@ func ServerFromURL(s string, sDialer Dialer) (Server, error) {
switch u.Scheme {
case "mixed":
- return NewMixedProxy(addr, user, pass, sDialer)
+ return NewMixedProxy(addr, user, pass, u.RawQuery, sDialer)
case "http":
- return NewHTTP(addr, user, pass, nil, sDialer)
+ return NewHTTP(addr, user, pass, u.RawQuery, nil, sDialer)
case "socks5":
return NewSOCKS5(addr, user, pass, nil, sDialer)
case "ss":
diff --git a/udptun.go b/udptun.go
index 6a766d1..aaeb8a5 100644
--- a/udptun.go
+++ b/udptun.go
@@ -57,7 +57,7 @@ func (s *UDPTun) ListenAndServe() {
// TODO: check here, get the correct sDialer's addr
sUDPAddr, err := net.ResolveUDPAddr("udp", s.sDialer.Addr())
if err != nil {
- logf("proxy-udptun failed to ResolveUDPAddr %", s.sDialer.Addr())
+ logf("proxy-udptun failed to ResolveUDPAddr %s", s.sDialer.Addr())
return
}
From 21935fc6b95c5f66049fd2a55b250036d370f1f6 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 13 Jan 2018 14:34:49 +0800
Subject: [PATCH 126/341] conn: change OutboundIP to return string
---
conn.go | 10 ++++------
http.go | 2 +-
2 files changed, 5 insertions(+), 7 deletions(-)
diff --git a/conn.go b/conn.go
index 6ce6c6d..ddab0c6 100644
--- a/conn.go
+++ b/conn.go
@@ -3,7 +3,6 @@ package main
import (
"bufio"
"io"
- "log"
"net"
"time"
)
@@ -82,14 +81,13 @@ func timedCopy(dst net.PacketConn, target net.Addr, src net.PacketConn, timeout
}
// OutboundIP returns preferred outbound ip of this machine
-func OutboundIP() net.IP {
+func OutboundIP() string {
conn, err := net.Dial("udp", "8.8.8.8:80")
if err != nil {
- log.Fatal(err)
+ logf("get outbound ip error: %s", err)
+ return ""
}
defer conn.Close()
- localAddr := conn.LocalAddr().(*net.UDPAddr)
-
- return localAddr.IP
+ return conn.LocalAddr().(*net.UDPAddr).IP.String()
}
diff --git a/http.go b/http.go
index a129c16..48b6684 100644
--- a/http.go
+++ b/http.go
@@ -37,7 +37,7 @@ func NewHTTP(addr, user, pass, rawQuery string, cDialer Dialer, sDialer Dialer)
user: user,
password: pass,
xff: false,
- selfip: OutboundIP().String(),
+ selfip: OutboundIP(),
}
p, _ := url.ParseQuery(rawQuery)
From 045531d68d31422ed48d52c2e57233e4bb3da3ed Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 13 Jan 2018 14:36:13 +0800
Subject: [PATCH 127/341] http: fixed a bug in reqHeader.Get
---
http.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/http.go b/http.go
index 48b6684..1beb95e 100644
--- a/http.go
+++ b/http.go
@@ -103,7 +103,7 @@ func (s *HTTP) Serve(c net.Conn) {
// X-Forwarded-For
if s.xff {
- if reqHeader.Get("") != "" {
+ if reqHeader.Get("X-Forwarded-For") != "" {
reqHeader.Add("X-Forwarded-For", ",")
}
reqHeader.Add("X-Forwarded-For", c.RemoteAddr().(*net.TCPAddr).IP.String())
From 5b2518fac03a31ae64e1e45f6c9719e123b24140 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 13 Jan 2018 20:08:49 +0800
Subject: [PATCH 128/341] strategy: optimize code
---
strategy.go | 43 ++++++++++++++++++++++---------------------
1 file changed, 22 insertions(+), 21 deletions(-)
diff --git a/strategy.go b/strategy.go
index 6c2efdc..2852dcc 100644
--- a/strategy.go
+++ b/strategy.go
@@ -10,24 +10,26 @@ import (
)
// NewStrategyDialer returns a new Strategy Dialer
-func NewStrategyDialer(strategy string, dialers []Dialer, website string, duration int) Dialer {
- var dialer Dialer
+func NewStrategyDialer(strategy string, dialers []Dialer, website string, interval int) Dialer {
if len(dialers) == 0 {
- dialer = Direct
- } else if len(dialers) == 1 {
+ return Direct
+ }
+
+ if len(dialers) == 1 {
+ return dialers[0]
+ }
+
+ var dialer Dialer
+ switch strategy {
+ case "rr":
+ dialer = newRRDialer(dialers, website, interval)
+ logf("forward to remote servers in round robin mode.")
+ case "ha":
+ dialer = newHADialer(dialers, website, interval)
+ logf("forward to remote servers in high availability mode.")
+ default:
+ logf("not supported forward mode '%s', just use the first forward server.", conf.Strategy)
dialer = dialers[0]
- } else if len(dialers) > 1 {
- switch strategy {
- case "rr":
- dialer = newRRDialer(dialers, website, duration)
- logf("forward to remote servers in round robin mode.")
- case "ha":
- dialer = newHADialer(dialers, website, duration)
- logf("forward to remote servers in high availability mode.")
- default:
- logf("not supported forward mode '%s', just use the first forward server.", conf.Strategy)
- dialer = dialers[0]
- }
}
return dialer
@@ -42,15 +44,15 @@ type rrDialer struct {
// for checking
website string
- duration int
+ interval int
}
// newRRDialer returns a new rrDialer
-func newRRDialer(dialers []Dialer, website string, duration int) *rrDialer {
+func newRRDialer(dialers []Dialer, website string, interval int) *rrDialer {
rr := &rrDialer{dialers: dialers}
rr.website = website
- rr.duration = duration
+ rr.interval = interval
for k := range dialers {
rr.status.Store(k, true)
@@ -104,7 +106,7 @@ func (rr *rrDialer) checkDialer(idx int) {
d := rr.dialers[idx]
for {
- time.Sleep(time.Duration(rr.duration) * time.Second * time.Duration(retry>>1))
+ time.Sleep(time.Duration(rr.interval) * time.Second * time.Duration(retry>>1))
retry <<= 1
if retry > 16 {
@@ -154,7 +156,6 @@ func (ha *haDialer) Dial(network, addr string) (net.Conn, error) {
d := ha.dialers[ha.idx]
result, ok := ha.status.Load(ha.idx)
-
if ok && !result.(bool) {
d = ha.NextDialer(addr)
}
From b33127fba52f121bb4b517cb2b537eca0fb50ae0 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 13 Jan 2018 22:31:22 +0800
Subject: [PATCH 129/341] udptun: support direct mode
---
direct.go | 3 ---
ss.go | 2 +-
udptun.go | 39 +++++++++++++++++++++++++++++++++++++++
uottun.go | 2 +-
4 files changed, 41 insertions(+), 5 deletions(-)
diff --git a/direct.go b/direct.go
index d8f7775..a83a2a9 100644
--- a/direct.go
+++ b/direct.go
@@ -12,9 +12,6 @@ var Direct = &direct{}
func (d *direct) Addr() string { return "DIRECT" }
func (d *direct) Dial(network, addr string) (net.Conn, error) {
- if network == "uot" {
- network = "udp"
- }
c, err := net.Dial(network, addr)
if c, ok := c.(*net.TCPConn); ok {
c.SetKeepAlive(true)
diff --git a/ss.go b/ss.go
index 2647d84..f31a949 100644
--- a/ss.go
+++ b/ss.go
@@ -217,7 +217,7 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
switch network {
case "tcp":
return s.DialTCP(target)
- case "uot":
+ case "udp":
target[0] = target[0] | 0x8
return s.DialTCP(target)
// case "udp":
diff --git a/udptun.go b/udptun.go
index aaeb8a5..e21dcc9 100644
--- a/udptun.go
+++ b/udptun.go
@@ -35,6 +35,45 @@ func (s *UDPTun) ListenAndServe() {
logf("proxy-udptun listening UDP on %s", s.addr)
+ if s.sDialer.Addr() == "DIRECT" {
+ s.ServeDirect(c)
+ } else {
+ s.ServeSS(c)
+ }
+
+}
+
+// ServeDirect .
+func (s *UDPTun) ServeDirect(c net.PacketConn) {
+ buf := make([]byte, udpBufSize)
+
+ for {
+ n, clientAddr, err := c.ReadFrom(buf)
+ if err != nil {
+ logf("proxy-udptun read error: %v", err)
+ continue
+ }
+
+ rc, err := s.sDialer.Dial("udp", s.raddr)
+ if err != nil {
+ logf("proxy-udptun failed to connect to server %v: %v", s.raddr, err)
+ return
+ }
+
+ if urc, ok := rc.(*net.UDPConn); ok {
+ urc.Write(buf[:n])
+ go func() {
+ timedCopy(c, clientAddr, urc, 5*time.Minute, false)
+ urc.Close()
+ }()
+ }
+
+ logf("proxy-udptun %s <-> %s", clientAddr, s.raddr)
+ }
+}
+
+// ServeSS .
+func (s *UDPTun) ServeSS(c net.PacketConn) {
// var nm sync.Map
buf := make([]byte, udpBufSize)
tgt := ParseAddr(s.raddr)
diff --git a/uottun.go b/uottun.go
index fce3874..fabf99a 100644
--- a/uottun.go
+++ b/uottun.go
@@ -46,7 +46,7 @@ func (s *UoTTun) ListenAndServe() {
}
go func() {
- rc, err := s.sDialer.Dial("uot", s.raddr)
+ rc, err := s.sDialer.Dial("udp", s.raddr)
if err != nil {
logf("proxy-uottun failed to connect to server %v: %v", s.raddr, err)
return
From c51cc70b0bf17707be712593c492b04b0d08fa7c Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 14 Jan 2018 20:37:38 +0800
Subject: [PATCH 130/341] udptun: use net.Conn instead of net.PacketConn
---
dialer.go | 3 ---
direct.go | 17 ++++--------
http.go | 5 ----
rule.go | 5 ----
socks5.go | 5 ----
ss.go | 77 +++++++++++++++++++++++++++++++++++++++++------------
strategy.go | 4 ---
udptun.go | 73 +++++++++++---------------------------------------
uottun.go | 48 ++++++++++++++++-----------------
9 files changed, 103 insertions(+), 134 deletions(-)
diff --git a/dialer.go b/dialer.go
index 4c17b32..50733b3 100644
--- a/dialer.go
+++ b/dialer.go
@@ -14,9 +14,6 @@ type Dialer interface {
// Dial connects to the given address via the proxy.
Dial(network, addr string) (c net.Conn, err error)
- // DialUDP returns a UDP PacketConn
- DialUDP(network, addr string) (c net.PacketConn, err error)
-
// Get the dialer by dstAddr
NextDialer(dstAddr string) Dialer
}
diff --git a/direct.go b/direct.go
index a83a2a9..33013e7 100644
--- a/direct.go
+++ b/direct.go
@@ -3,8 +3,7 @@ package main
import "net"
// direct proxy
-type direct struct {
-}
+type direct struct{}
// Direct proxy
var Direct = &direct{}
@@ -12,6 +11,10 @@ var Direct = &direct{}
func (d *direct) Addr() string { return "DIRECT" }
func (d *direct) Dial(network, addr string) (net.Conn, error) {
+ if network == "uot" {
+ network = "udp"
+ }
+
c, err := net.Dial(network, addr)
if c, ok := c.(*net.TCPConn); ok {
c.SetKeepAlive(true)
@@ -19,14 +22,4 @@ func (d *direct) Dial(network, addr string) (net.Conn, error) {
return c, err
}
-func (d *direct) DialUDP(network, addr string) (net.PacketConn, error) {
- uAddr, err := net.ResolveUDPAddr(network, addr)
- if err != nil {
- logf("ResolveUDPAddr error: %s", err)
- return nil, err
- }
-
- return net.DialUDP("udp", nil, uAddr)
-}
-
func (d *direct) NextDialer(dstAddr string) Dialer { return d }
diff --git a/http.go b/http.go
index 1beb95e..335a569 100644
--- a/http.go
+++ b/http.go
@@ -236,11 +236,6 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
return nil, errors.New("proxy-http cound not connect remote address: " + addr + ". error code: " + code)
}
-// DialUDP .
-func (s *HTTP) DialUDP(network, addr string) (net.PacketConn, error) {
- return nil, errors.New("proxy-http udp not supported by http proxy now")
-}
-
// parseFirstLine parses "GET /foo HTTP/1.1" OR "HTTP/1.1 200 OK" into its three parts.
func parseFirstLine(tp *textproto.Reader) (r1, r2, r3 string, ok bool) {
line, err := tp.ReadLine()
diff --git a/rule.go b/rule.go
index ad9d186..3102909 100644
--- a/rule.go
+++ b/rule.go
@@ -113,11 +113,6 @@ func (rd *RuleDialer) Dial(network, addr string) (net.Conn, error) {
return rd.NextDialer(addr).Dial(network, addr)
}
-// DialUDP .
-func (rd *RuleDialer) DialUDP(network, addr string) (net.PacketConn, error) {
- return rd.NextDialer(addr).DialUDP(network, addr)
-}
-
// AddDomainIP used to update ipMap rules according to domainMap rule
func (rd *RuleDialer) AddDomainIP(domain, ip string) error {
if ip != "" {
diff --git a/socks5.go b/socks5.go
index bad9425..3e686fd 100644
--- a/socks5.go
+++ b/socks5.go
@@ -156,11 +156,6 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
return c, nil
}
-// DialUDP .
-func (s *SOCKS5) DialUDP(network, addr string) (net.PacketConn, error) {
- return nil, errors.New("udp not supported by socks5 proxy now")
-}
-
// connect takes an existing connection to a socks5 proxy server,
// and commands the server to extend that connection to target,
// which must be a canonical address with a host and port.
diff --git a/ss.go b/ss.go
index f31a949..3674b87 100644
--- a/ss.go
+++ b/ss.go
@@ -207,6 +207,11 @@ func (s *SS) ListenAndServeUDP() {
}
+// ListCipher .
+func ListCipher() string {
+ return strings.Join(core.ListCipher(), " ")
+}
+
// Dial connects to the address addr on the network net via the proxy.
func (s *SS) Dial(network, addr string) (net.Conn, error) {
target := ParseAddr(addr)
@@ -216,12 +221,12 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
switch network {
case "tcp":
- return s.DialTCP(target)
- case "udp":
+ return s.dialTCP(target)
+ case "uot":
target[0] = target[0] | 0x8
- return s.DialTCP(target)
- // case "udp":
- // return s.DialUDP(target)
+ return s.dialTCP(target)
+ case "udp":
+ return s.dialUDP(target)
default:
return nil, errors.New("Unknown schema: " + network)
}
@@ -229,7 +234,7 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
}
// DialTCP connects to the address addr via the proxy.
-func (s *SS) DialTCP(target Addr) (net.Conn, error) {
+func (s *SS) dialTCP(target Addr) (net.Conn, error) {
c, err := s.cDialer.Dial("tcp", s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
@@ -249,20 +254,58 @@ func (s *SS) DialTCP(target Addr) (net.Conn, error) {
return c, err
}
-// DialUDP .
-func (s *SS) DialUDP(network, addr string) (net.PacketConn, error) {
- target := ParseAddr(addr)
- if target == nil {
- return nil, errors.New("Unable to parse address: " + addr)
+// TODO: support forwarder chain
+func (s *SS) dialUDP(target Addr) (net.Conn, error) {
+ c, err := net.ListenPacket("udp", "")
+ if err != nil {
+ logf("proxy-ss dialudp failed to listen packet: %v", err)
+ return nil, err
}
- c, _ := net.ListenPacket(network, "")
- c = s.PacketConn(c)
+ sUDPAddr, err := net.ResolveUDPAddr("udp", s.Addr())
+ suc := &ssUDPConn{
+ PacketConn: s.PacketConn(c),
+ addr: sUDPAddr,
+ target: target,
+ }
- return c, nil
+ return suc, err
}
-// ListCipher .
-func ListCipher() string {
- return strings.Join(core.ListCipher(), " ")
+type ssUDPConn struct {
+ net.PacketConn
+
+ addr net.Addr
+ target Addr
+}
+
+func (uc *ssUDPConn) Read(b []byte) (int, error) {
+ buf := make([]byte, len(b))
+ n, raddr, err := uc.PacketConn.ReadFrom(buf)
+ if err != nil {
+ return 0, err
+ }
+
+ srcAddr := ParseAddr(raddr.String())
+ copy(b, buf[len(srcAddr):])
+
+ return n - len(srcAddr), err
+}
+
+func (uc *ssUDPConn) Write(b []byte) (int, error) {
+ buf := make([]byte, len(uc.target)+len(b))
+ copy(buf, uc.target)
+ copy(buf[len(uc.target):], b)
+
+ // logf("Write: \n%s", hex.Dump(buf))
+
+ return uc.PacketConn.WriteTo(buf, uc.addr)
+}
+
+func (uc *ssUDPConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+ return 0, errors.New("not available")
+}
+
+func (uc *ssUDPConn) RemoteAddr() net.Addr {
+ return uc.addr
}
diff --git a/strategy.go b/strategy.go
index 2852dcc..1af69d0 100644
--- a/strategy.go
+++ b/strategy.go
@@ -67,10 +67,6 @@ func (rr *rrDialer) Dial(network, addr string) (net.Conn, error) {
return rr.NextDialer(addr).Dial(network, addr)
}
-func (rr *rrDialer) DialUDP(network, addr string) (net.PacketConn, error) {
- return rr.NextDialer(addr).DialUDP(network, addr)
-}
-
func (rr *rrDialer) NextDialer(dstAddr string) Dialer {
n := len(rr.dialers)
if n == 1 {
diff --git a/udptun.go b/udptun.go
index e21dcc9..46990b8 100644
--- a/udptun.go
+++ b/udptun.go
@@ -2,7 +2,6 @@ package main
import (
"net"
- "time"
)
// UDPTun struct
@@ -35,18 +34,7 @@ func (s *UDPTun) ListenAndServe() {
logf("proxy-udptun listening UDP on %s", s.addr)
- if s.sDialer.Addr() == "DIRECT" {
- s.ServeDirect(c)
- } else {
- s.ServeSS(c)
- }
-
-}
-
-// ServeDirect .
-func (s *UDPTun) ServeDirect(c net.PacketConn) {
buf := make([]byte, udpBufSize)
-
for {
n, clientAddr, err := c.ReadFrom(buf)
if err != nil {
@@ -57,57 +45,26 @@ func (s *UDPTun) ServeDirect(c net.PacketConn) {
rc, err := s.sDialer.Dial("udp", s.raddr)
if err != nil {
logf("proxy-udptun failed to connect to server %v: %v", s.raddr, err)
- return
- }
-
- if urc, ok := rc.(*net.UDPConn); ok {
- urc.Write(buf[:n])
- go func() {
- timedCopy(c, clientAddr, urc, 5*time.Minute, false)
- urc.Close()
- }()
- }
-
- logf("proxy-udptun %s <-> %s", clientAddr, s.raddr)
- }
-}
-
-// ServeSS .
-func (s *UDPTun) ServeSS(c net.PacketConn) {
- // var nm sync.Map
- buf := make([]byte, udpBufSize)
- tgt := ParseAddr(s.raddr)
- copy(buf, tgt)
-
- for {
- n, clientAddr, err := c.ReadFrom(buf[len(tgt):])
- if err != nil {
- logf("proxy-udptun read error: %v", err)
continue
}
- go func() {
- rc, err := s.sDialer.DialUDP("udp", s.raddr)
- if err != nil {
- logf("proxy-udptun failed to connect to server %v: %v", s.raddr, err)
- return
- }
+ n, err = rc.Write(buf[:n])
+ if err != nil {
+ logf("proxy-udptun rc.Write error: %v", err)
+ continue
+ }
- // TODO: check here, get the correct sDialer's addr
- sUDPAddr, err := net.ResolveUDPAddr("udp", s.sDialer.Addr())
- if err != nil {
- logf("proxy-udptun failed to ResolveUDPAddr %s", s.sDialer.Addr())
- return
- }
+ buf = make([]byte, udpBufSize)
+ n, err = rc.Read(buf)
+ if err != nil {
+ logf("proxy-udptun rc.Read error: %v", err)
+ continue
+ }
+ rc.Close()
- rc.WriteTo(buf[:len(tgt)+n], sUDPAddr)
+ // logf("rc resp: \n%s", hex.Dump(buf[:n]))
- go func() {
- timedCopy(c, clientAddr, rc, 5*time.Minute, false)
- rc.Close()
- }()
-
- logf("proxy-udptun %s <-> %s", clientAddr, s.raddr)
- }()
+ c.WriteTo(buf[:n], clientAddr)
+ logf("proxy-udptun %s <-> %s", clientAddr, s.raddr)
}
}
diff --git a/uottun.go b/uottun.go
index fabf99a..a87c886 100644
--- a/uottun.go
+++ b/uottun.go
@@ -45,34 +45,32 @@ func (s *UoTTun) ListenAndServe() {
continue
}
- go func() {
- rc, err := s.sDialer.Dial("udp", s.raddr)
+ rc, err := s.sDialer.Dial("uot", s.raddr)
+ if err != nil {
+ logf("proxy-uottun failed to connect to server %v: %v", s.raddr, err)
+ return
+ }
+
+ rc.Write(buf[:n])
+
+ // no remote forwarder, just a local udp forwarder
+ if urc, ok := rc.(*net.UDPConn); ok {
+
+ go func() {
+ timedCopy(c, clientAddr, urc, 5*time.Minute, false)
+ urc.Close()
+ }()
+
+ } else { // remote forwarder, udp over tcp
+ resp, err := ioutil.ReadAll(rc)
if err != nil {
- logf("proxy-uottun failed to connect to server %v: %v", s.raddr, err)
+ logf("error in ioutil.ReadAll: %s\n", err)
return
}
+ rc.Close()
+ c.WriteTo(resp, clientAddr)
+ }
- rc.Write(buf[:n])
-
- // no remote forwarder, just a local udp forwarder
- if urc, ok := rc.(*net.UDPConn); ok {
-
- go func() {
- timedCopy(c, clientAddr, urc, 5*time.Minute, false)
- urc.Close()
- }()
-
- } else { // remote forwarder, udp over tcp
- resp, err := ioutil.ReadAll(rc)
- if err != nil {
- logf("error in ioutil.ReadAll: %s\n", err)
- return
- }
- rc.Close()
- c.WriteTo(resp, clientAddr)
- }
-
- logf("proxy-uottun %s <-> %s", clientAddr, s.raddr)
- }()
+ logf("proxy-uottun %s <-> %s", clientAddr, s.raddr)
}
}
From 7e9e737922389237df0de867548dd2430d9241fe Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 14 Jan 2018 21:16:54 +0800
Subject: [PATCH 131/341] http: add 'X-Forwarded-For' in response header
---
http.go | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/http.go b/http.go
index 335a569..898c0c2 100644
--- a/http.go
+++ b/http.go
@@ -166,6 +166,15 @@ func (s *HTTP) Serve(c net.Conn) {
respHeader.Set("Proxy-Connection", "close")
respHeader.Set("Connection", "close")
+ if s.xff {
+ if respHeader.Get("X-Forwarded-For") != "" {
+ respHeader.Add("X-Forwarded-For", ",")
+ }
+ respHeader.Add("X-Forwarded-For", rc.RemoteAddr().(*net.TCPAddr).IP.String())
+ respHeader.Add("X-Forwarded-For", ",")
+ respHeader.Add("X-Forwarded-For", s.selfip)
+ }
+
var respBuf bytes.Buffer
writeFirstLine(proto, code, status, &respBuf)
writeHeaders(respHeader, &respBuf)
From 12f15be1dcd08ee0dae97a022150da69dd1906af Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 16 Jan 2018 10:39:40 +0800
Subject: [PATCH 132/341] http: add param xsi for "X-Server-IP" header
---
http.go | 18 ++++++++++--------
systemd/glider@.service | 1 +
uottun.go | 6 ++----
3 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/http.go b/http.go
index 898c0c2..10d259a 100644
--- a/http.go
+++ b/http.go
@@ -24,7 +24,8 @@ type HTTP struct {
user string
password string
- xff bool
+ xff bool // X-Forwarded-For
+ xsi bool // X-Server-IP
selfip string
}
@@ -47,6 +48,12 @@ func NewHTTP(addr, user, pass, rawQuery string, cDialer Dialer, sDialer Dialer)
}
}
+ if v, ok := p["xsi"]; ok {
+ if v[0] == "true" {
+ s.xsi = true
+ }
+ }
+
return s, nil
}
@@ -166,13 +173,8 @@ func (s *HTTP) Serve(c net.Conn) {
respHeader.Set("Proxy-Connection", "close")
respHeader.Set("Connection", "close")
- if s.xff {
- if respHeader.Get("X-Forwarded-For") != "" {
- respHeader.Add("X-Forwarded-For", ",")
- }
- respHeader.Add("X-Forwarded-For", rc.RemoteAddr().(*net.TCPAddr).IP.String())
- respHeader.Add("X-Forwarded-For", ",")
- respHeader.Add("X-Forwarded-For", s.selfip)
+ if s.xsi {
+ respHeader.Set("X-Server-IP", rc.RemoteAddr().(*net.TCPAddr).IP.String())
}
var respBuf bytes.Buffer
diff --git a/systemd/glider@.service b/systemd/glider@.service
index 399292a..2b7d464 100644
--- a/systemd/glider@.service
+++ b/systemd/glider@.service
@@ -1,6 +1,7 @@
[Unit]
Description=Glider Service (%i)
After=network.target
+Before=iptables.service ip6tables.service
[Service]
Type=simple
diff --git a/uottun.go b/uottun.go
index a87c886..fcd05e0 100644
--- a/uottun.go
+++ b/uottun.go
@@ -48,24 +48,22 @@ func (s *UoTTun) ListenAndServe() {
rc, err := s.sDialer.Dial("uot", s.raddr)
if err != nil {
logf("proxy-uottun failed to connect to server %v: %v", s.raddr, err)
- return
+ continue
}
rc.Write(buf[:n])
// no remote forwarder, just a local udp forwarder
if urc, ok := rc.(*net.UDPConn); ok {
-
go func() {
timedCopy(c, clientAddr, urc, 5*time.Minute, false)
urc.Close()
}()
-
} else { // remote forwarder, udp over tcp
resp, err := ioutil.ReadAll(rc)
if err != nil {
logf("error in ioutil.ReadAll: %s\n", err)
- return
+ continue
}
rc.Close()
c.WriteTo(resp, clientAddr)
From 31930f2955cb1a054032f6ec3dfdb38e8722110b Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 17 Jan 2018 00:26:38 +0800
Subject: [PATCH 133/341] udptun: add DialUDP to forwarders
---
dialer.go | 3 ++
direct.go | 21 +++++++++-
http.go | 7 +++-
rule.go | 4 ++
socks5.go | 5 +++
ss.go | 85 +++++++++++++++++++++++++++--------------
strategy.go | 15 ++++++++
systemd/glider@.service | 1 -
udptun.go | 6 +--
9 files changed, 113 insertions(+), 34 deletions(-)
diff --git a/dialer.go b/dialer.go
index 50733b3..c20e7da 100644
--- a/dialer.go
+++ b/dialer.go
@@ -14,6 +14,9 @@ type Dialer interface {
// Dial connects to the given address via the proxy.
Dial(network, addr string) (c net.Conn, err error)
+ // DialUDP connects to the given address via the proxy.
+ DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error)
+
// Get the dialer by dstAddr
NextDialer(dstAddr string) Dialer
}
diff --git a/direct.go b/direct.go
index 33013e7..084a3e7 100644
--- a/direct.go
+++ b/direct.go
@@ -1,6 +1,8 @@
package main
-import "net"
+import (
+ "net"
+)
// direct proxy
type direct struct{}
@@ -16,10 +18,27 @@ func (d *direct) Dial(network, addr string) (net.Conn, error) {
}
c, err := net.Dial(network, addr)
+ if err != nil {
+ return nil, err
+ }
+
if c, ok := c.(*net.TCPConn); ok {
c.SetKeepAlive(true)
}
+
return c, err
}
+// DialUDP connects to the given address via the proxy.
+func (d *direct) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ pc, err = net.ListenPacket(network, "")
+ if err != nil {
+ logf("ListenPacket error: %s", err)
+ return nil, nil, err
+ }
+
+ uAddr, err := net.ResolveUDPAddr("udp", addr)
+ return pc, uAddr, nil
+}
+
func (d *direct) NextDialer(dstAddr string) Dialer { return d }
diff --git a/http.go b/http.go
index 10d259a..218efbb 100644
--- a/http.go
+++ b/http.go
@@ -212,7 +212,7 @@ func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
// Dial connects to the address addr on the network net via the proxy.
func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
- rc, err := s.cDialer.Dial("tcp", s.addr)
+ rc, err := s.cDialer.Dial(network, s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
@@ -247,6 +247,11 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
return nil, errors.New("proxy-http cound not connect remote address: " + addr + ". error code: " + code)
}
+// DialUDP connects to the given address via the proxy.
+func (s *HTTP) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ return nil, nil, errors.New("DialUDP not supported")
+}
+
// parseFirstLine parses "GET /foo HTTP/1.1" OR "HTTP/1.1 200 OK" into its three parts.
func parseFirstLine(tp *textproto.Reader) (r1, r2, r3 string, ok bool) {
line, err := tp.ReadLine()
diff --git a/rule.go b/rule.go
index 3102909..5e04d8a 100644
--- a/rule.go
+++ b/rule.go
@@ -113,6 +113,10 @@ func (rd *RuleDialer) Dial(network, addr string) (net.Conn, error) {
return rd.NextDialer(addr).Dial(network, addr)
}
+func (rd *RuleDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ return rd.NextDialer(addr).DialUDP(network, addr)
+}
+
// AddDomainIP used to update ipMap rules according to domainMap rule
func (rd *RuleDialer) AddDomainIP(domain, ip string) error {
if ip != "" {
diff --git a/socks5.go b/socks5.go
index 3e686fd..e025144 100644
--- a/socks5.go
+++ b/socks5.go
@@ -156,6 +156,11 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
return c, nil
}
+// DialUDP connects to the given address via the proxy.
+func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ return nil, nil, errors.New("DialUDP not supported")
+}
+
// connect takes an existing connection to a socks5 proxy server,
// and commands the server to extend that connection to target,
// which must be a canonical address with a host and port.
diff --git a/ss.go b/ss.go
index 3674b87..afe9b03 100644
--- a/ss.go
+++ b/ss.go
@@ -225,8 +225,8 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
case "uot":
target[0] = target[0] | 0x8
return s.dialTCP(target)
- case "udp":
- return s.dialUDP(target)
+ // case "udp":
+ // return s.dialUDP(target)
default:
return nil, errors.New("Unknown schema: " + network)
}
@@ -254,34 +254,51 @@ func (s *SS) dialTCP(target Addr) (net.Conn, error) {
return c, err
}
-// TODO: support forwarder chain
-func (s *SS) dialUDP(target Addr) (net.Conn, error) {
- c, err := net.ListenPacket("udp", "")
+// DialUDP connects to the given address via the proxy.
+func (s *SS) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ // TODO: check forward chain
+ pc, nextHop, err := s.cDialer.DialUDP(network, addr)
if err != nil {
- logf("proxy-ss dialudp failed to listen packet: %v", err)
- return nil, err
+ logf("proxy-ss dialudp to %s error: %s", addr, err)
+ return nil, nil, err
}
- sUDPAddr, err := net.ResolveUDPAddr("udp", s.Addr())
- suc := &ssUDPConn{
- PacketConn: s.PacketConn(c),
- addr: sUDPAddr,
- target: target,
- }
+ nextHopAddr := ParseAddr(nextHop.String())
+ writeTo, err = net.ResolveUDPAddr("udp", s.Addr())
- return suc, err
+ pkc := NewPktConn(s.PacketConn(pc), writeTo, nextHopAddr, true)
+
+ return pkc, writeTo, err
}
-type ssUDPConn struct {
+// PktConn wraps a net.PacketConn and support Write method like net.Conn
+type PktConn struct {
net.PacketConn
- addr net.Addr
- target Addr
+ addr net.Addr // write to and read from addr
+ target Addr
+ tgtHeader bool
}
-func (uc *ssUDPConn) Read(b []byte) (int, error) {
+// NewPktConn returns a PktConn
+func NewPktConn(c net.PacketConn, addr net.Addr, target Addr, tgtHeader bool) *PktConn {
+ pc := &PktConn{
+ PacketConn: c,
+ addr: addr,
+ target: target,
+ tgtHeader: tgtHeader}
+ return pc
+}
+
+func (pc *PktConn) Read(b []byte) (int, error) {
+
+ if !pc.tgtHeader {
+ n, _, err := pc.PacketConn.ReadFrom(b)
+ return n, err
+ }
+
buf := make([]byte, len(b))
- n, raddr, err := uc.PacketConn.ReadFrom(buf)
+ n, raddr, err := pc.PacketConn.ReadFrom(buf)
if err != nil {
return 0, err
}
@@ -292,20 +309,32 @@ func (uc *ssUDPConn) Read(b []byte) (int, error) {
return n - len(srcAddr), err
}
-func (uc *ssUDPConn) Write(b []byte) (int, error) {
- buf := make([]byte, len(uc.target)+len(b))
- copy(buf, uc.target)
- copy(buf[len(uc.target):], b)
+func (pc *PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
+
+ n, err := pc.Read(b)
+
+ // TODO: Addr
+ return n, nil, err
+}
+
+func (pc *PktConn) Write(b []byte) (int, error) {
+ if !pc.tgtHeader {
+ return pc.PacketConn.WriteTo(b, pc.addr)
+ }
+
+ buf := make([]byte, len(pc.target)+len(b))
+ copy(buf, pc.target)
+ copy(buf[len(pc.target):], b)
// logf("Write: \n%s", hex.Dump(buf))
- return uc.PacketConn.WriteTo(buf, uc.addr)
+ return pc.PacketConn.WriteTo(buf, pc.addr)
}
-func (uc *ssUDPConn) WriteTo(b []byte, addr net.Addr) (int, error) {
- return 0, errors.New("not available")
+func (pc *PktConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+ return pc.Write(b)
}
-func (uc *ssUDPConn) RemoteAddr() net.Addr {
- return uc.addr
+func (pc *PktConn) RemoteAddr() net.Addr {
+ return pc.addr
}
diff --git a/strategy.go b/strategy.go
index 1af69d0..d87e841 100644
--- a/strategy.go
+++ b/strategy.go
@@ -67,6 +67,10 @@ func (rr *rrDialer) Dial(network, addr string) (net.Conn, error) {
return rr.NextDialer(addr).Dial(network, addr)
}
+func (rr *rrDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ return rr.NextDialer(addr).DialUDP(network, addr)
+}
+
func (rr *rrDialer) NextDialer(dstAddr string) Dialer {
n := len(rr.dialers)
if n == 1 {
@@ -158,3 +162,14 @@ func (ha *haDialer) Dial(network, addr string) (net.Conn, error) {
return d.Dial(network, addr)
}
+
+func (ha *haDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ d := ha.dialers[ha.idx]
+
+ result, ok := ha.status.Load(ha.idx)
+ if ok && !result.(bool) {
+ d = ha.NextDialer(addr)
+ }
+
+ return d.DialUDP(network, addr)
+}
diff --git a/systemd/glider@.service b/systemd/glider@.service
index 2b7d464..2891ffe 100644
--- a/systemd/glider@.service
+++ b/systemd/glider@.service
@@ -1,6 +1,5 @@
[Unit]
Description=Glider Service (%i)
-After=network.target
Before=iptables.service ip6tables.service
[Service]
diff --git a/udptun.go b/udptun.go
index 46990b8..d6f3f34 100644
--- a/udptun.go
+++ b/udptun.go
@@ -42,20 +42,20 @@ func (s *UDPTun) ListenAndServe() {
continue
}
- rc, err := s.sDialer.Dial("udp", s.raddr)
+ rc, wt, err := s.sDialer.DialUDP("udp", s.raddr)
if err != nil {
logf("proxy-udptun failed to connect to server %v: %v", s.raddr, err)
continue
}
- n, err = rc.Write(buf[:n])
+ n, err = rc.WriteTo(buf[:n], wt)
if err != nil {
logf("proxy-udptun rc.Write error: %v", err)
continue
}
buf = make([]byte, udpBufSize)
- n, err = rc.Read(buf)
+ n, _, err = rc.ReadFrom(buf)
if err != nil {
logf("proxy-udptun rc.Read error: %v", err)
continue
From e1e8908ae24651076a33a2a4b6247307e4950462 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 17 Jan 2018 00:42:24 +0800
Subject: [PATCH 134/341] ss: optimize dial and pktconn code
---
ss.go | 36 +++++++++++-------------------------
1 file changed, 11 insertions(+), 25 deletions(-)
diff --git a/ss.go b/ss.go
index afe9b03..512214e 100644
--- a/ss.go
+++ b/ss.go
@@ -219,22 +219,10 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
return nil, errors.New("Unable to parse address: " + addr)
}
- switch network {
- case "tcp":
- return s.dialTCP(target)
- case "uot":
+ if network == "uot" {
target[0] = target[0] | 0x8
- return s.dialTCP(target)
- // case "udp":
- // return s.dialUDP(target)
- default:
- return nil, errors.New("Unknown schema: " + network)
}
-}
-
-// DialTCP connects to the address addr via the proxy.
-func (s *SS) dialTCP(target Addr) (net.Conn, error) {
c, err := s.cDialer.Dial("tcp", s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
@@ -252,6 +240,7 @@ func (s *SS) dialTCP(target Addr) (net.Conn, error) {
}
return c, err
+
}
// DialUDP connects to the given address via the proxy.
@@ -282,6 +271,7 @@ type PktConn struct {
// NewPktConn returns a PktConn
func NewPktConn(c net.PacketConn, addr net.Addr, target Addr, tgtHeader bool) *PktConn {
+
pc := &PktConn{
PacketConn: c,
addr: addr,
@@ -291,30 +281,26 @@ func NewPktConn(c net.PacketConn, addr net.Addr, target Addr, tgtHeader bool) *P
}
func (pc *PktConn) Read(b []byte) (int, error) {
+ n, _, err := pc.ReadFrom(b)
+ return n, err
+}
+
+func (pc *PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
if !pc.tgtHeader {
- n, _, err := pc.PacketConn.ReadFrom(b)
- return n, err
+ return pc.PacketConn.ReadFrom(b)
}
buf := make([]byte, len(b))
n, raddr, err := pc.PacketConn.ReadFrom(buf)
if err != nil {
- return 0, err
+ return n, raddr, err
}
srcAddr := ParseAddr(raddr.String())
copy(b, buf[len(srcAddr):])
- return n - len(srcAddr), err
-}
-
-func (pc *PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
-
- n, err := pc.Read(b)
-
- // TODO: Addr
- return n, nil, err
+ return n - len(srcAddr), raddr, err
}
func (pc *PktConn) Write(b []byte) (int, error) {
From 9ac6db498e3e165c2b492e969394577d4539bdf4 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 17 Jan 2018 22:44:04 +0800
Subject: [PATCH 135/341] udptun: optimize code
---
udptun.go | 55 +++++++++++++++++++++++++++++++++++--------------------
1 file changed, 35 insertions(+), 20 deletions(-)
diff --git a/udptun.go b/udptun.go
index d6f3f34..aafc1ff 100644
--- a/udptun.go
+++ b/udptun.go
@@ -1,7 +1,9 @@
package main
import (
+ "encoding/hex"
"net"
+ "time"
)
// UDPTun struct
@@ -35,6 +37,7 @@ func (s *UDPTun) ListenAndServe() {
logf("proxy-udptun listening UDP on %s", s.addr)
buf := make([]byte, udpBufSize)
+
for {
n, clientAddr, err := c.ReadFrom(buf)
if err != nil {
@@ -42,29 +45,41 @@ func (s *UDPTun) ListenAndServe() {
continue
}
- rc, wt, err := s.sDialer.DialUDP("udp", s.raddr)
- if err != nil {
- logf("proxy-udptun failed to connect to server %v: %v", s.raddr, err)
- continue
- }
+ logf("ClientAddr: %s", clientAddr)
+ logf("ReadFrom:\n%s", hex.Dump(buf[:n]))
- n, err = rc.WriteTo(buf[:n], wt)
- if err != nil {
- logf("proxy-udptun rc.Write error: %v", err)
- continue
- }
+ go func() {
+ rc, wt, err := s.sDialer.DialUDP("udp", s.raddr)
+ if err != nil {
+ logf("proxy-udptun failed to connect to server %v: %v", s.raddr, err)
+ return
+ }
- buf = make([]byte, udpBufSize)
- n, _, err = rc.ReadFrom(buf)
- if err != nil {
- logf("proxy-udptun rc.Read error: %v", err)
- continue
- }
- rc.Close()
+ logf("WriteTo")
+ n, err = rc.WriteTo(buf[:n], wt)
+ if err != nil {
+ logf("proxy-udptun rc.Write error: %v", err)
+ return
+ }
- // logf("rc resp: \n%s", hex.Dump(buf[:n]))
+ logf("ReadFrom")
+
+ rcBuf := make([]byte, udpBufSize)
+ rc.SetReadDeadline(time.Now().Add(time.Minute))
+
+ n, _, err = rc.ReadFrom(rcBuf)
+ if err != nil {
+ logf("proxy-udptun rc.Read error: %v", err)
+ return
+ }
+ rc.Close()
+
+ // logf("rc resp: \n%s", hex.Dump(buf[:n]))
+
+ logf("c.WriteTo")
+ c.WriteTo(rcBuf[:n], clientAddr)
+ logf("proxy-udptun %s <-> %s", clientAddr, s.raddr)
+ }()
- c.WriteTo(buf[:n], clientAddr)
- logf("proxy-udptun %s <-> %s", clientAddr, s.raddr)
}
}
From 65e6caaa397b2c1dcaeb16086c9fe9bed69baea2 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 18 Jan 2018 18:12:17 +0800
Subject: [PATCH 136/341] ss: support udp forward chain
---
direct.go | 6 ++---
forwarder.go | 5 +++++
ss.go | 63 ++++++++++++++++++----------------------------------
udptun.go | 10 ---------
4 files changed, 30 insertions(+), 54 deletions(-)
diff --git a/direct.go b/direct.go
index 084a3e7..b0084dd 100644
--- a/direct.go
+++ b/direct.go
@@ -30,15 +30,15 @@ func (d *direct) Dial(network, addr string) (net.Conn, error) {
}
// DialUDP connects to the given address via the proxy.
-func (d *direct) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- pc, err = net.ListenPacket(network, "")
+func (d *direct) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ pc, err := net.ListenPacket(network, "")
if err != nil {
logf("ListenPacket error: %s", err)
return nil, nil, err
}
uAddr, err := net.ResolveUDPAddr("udp", addr)
- return pc, uAddr, nil
+ return pc, uAddr, err
}
func (d *direct) NextDialer(dstAddr string) Dialer { return d }
diff --git a/forwarder.go b/forwarder.go
index ea34525..d48a220 100644
--- a/forwarder.go
+++ b/forwarder.go
@@ -25,6 +25,11 @@ func (p *Forwarder) Dial(network, addr string) (net.Conn, error) {
return p.cDialer.Dial(network, addr)
}
+// DialUDP to remote addr via cDialer
+func (p *Forwarder) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ return p.cDialer.DialUDP(network, addr)
+}
+
// NextDialer returns the next cDialer
func (p *Forwarder) NextDialer(dstAddr string) Dialer {
return p.cDialer
diff --git a/ss.go b/ss.go
index 512214e..87fbee0 100644
--- a/ss.go
+++ b/ss.go
@@ -5,7 +5,6 @@ import (
"log"
"net"
"strings"
- "sync"
"time"
"github.com/shadowsocks/go-shadowsocks2/core"
@@ -139,7 +138,6 @@ func (s *SS) ServeTCP(c net.Conn) {
}
// ListenAndServeUDP serves udp ss requests.
-// TODO: Forwarder chain not supported now.
func (s *SS) ListenAndServeUDP() {
c, err := net.ListenPacket("udp", s.addr)
if err != nil {
@@ -151,8 +149,6 @@ func (s *SS) ListenAndServeUDP() {
logf("proxy-ss-udp listening UDP on %s", s.addr)
c = s.PacketConn(c)
-
- var nm sync.Map
buf := make([]byte, udpBufSize)
for {
@@ -168,41 +164,34 @@ func (s *SS) ListenAndServeUDP() {
continue
}
- tgtUDPAddr, err := net.ResolveUDPAddr("udp", tgtAddr.String())
- if err != nil {
- logf("proxy-ss-udp failed to resolve target UDP address: %v", err)
- continue
- }
-
logf("proxy-ss-udp %s <-> %s", raddr, tgtAddr)
payload := buf[len(tgtAddr):n]
- var pc net.PacketConn
- v, ok := nm.Load(raddr.String())
- if !ok && v == nil {
- pc, err = net.ListenPacket("udp", "")
- if err != nil {
- logf("proxy-ss-udp remote listen error: %v", err)
- continue
- }
-
- nm.Store(raddr.String(), pc)
- go func() {
- timedCopy(c, raddr, pc, 5*time.Minute, true)
- pc.Close()
- nm.Delete(raddr.String())
- }()
- } else {
- pc = v.(net.PacketConn)
+ rc, nexHop, err := s.sDialer.DialUDP("udp", tgtAddr.String())
+ if err != nil {
+ logf("proxy-ss-udp remote listen error: %v", err)
+ continue
}
- _, err = pc.WriteTo(payload, tgtUDPAddr) // accept only UDPAddr despite the signature
+ _, err = rc.WriteTo(payload, nexHop) // accept only UDPAddr despite the signature
if err != nil {
logf("proxy-ss-udp remote write error: %v", err)
continue
}
+ rcBuf := make([]byte, udpBufSize)
+ rc.SetReadDeadline(time.Now().Add(time.Minute))
+ copy(rcBuf, tgtAddr)
+
+ n, _, err = rc.ReadFrom(rcBuf[len(tgtAddr):])
+ if err != nil {
+ logf("proxy-ss-udp rc.Read error: %v", err)
+ return
+ }
+ rc.Close()
+
+ c.WriteTo(rcBuf[:len(tgtAddr)+n], raddr)
}
}
@@ -244,20 +233,15 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
}
// DialUDP connects to the given address via the proxy.
-func (s *SS) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- // TODO: check forward chain
- pc, nextHop, err := s.cDialer.DialUDP(network, addr)
+func (s *SS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ pc, nextHop, err := s.cDialer.DialUDP(network, s.addr)
if err != nil {
- logf("proxy-ss dialudp to %s error: %s", addr, err)
+ logf("proxy-ss dialudp to %s error: %s", s.addr, err)
return nil, nil, err
}
- nextHopAddr := ParseAddr(nextHop.String())
- writeTo, err = net.ResolveUDPAddr("udp", s.Addr())
-
- pkc := NewPktConn(s.PacketConn(pc), writeTo, nextHopAddr, true)
-
- return pkc, writeTo, err
+ pkc := NewPktConn(s.PacketConn(pc), nextHop, ParseAddr(addr), true)
+ return pkc, nextHop, err
}
// PktConn wraps a net.PacketConn and support Write method like net.Conn
@@ -271,7 +255,6 @@ type PktConn struct {
// NewPktConn returns a PktConn
func NewPktConn(c net.PacketConn, addr net.Addr, target Addr, tgtHeader bool) *PktConn {
-
pc := &PktConn{
PacketConn: c,
addr: addr,
@@ -312,8 +295,6 @@ func (pc *PktConn) Write(b []byte) (int, error) {
copy(buf, pc.target)
copy(buf[len(pc.target):], b)
- // logf("Write: \n%s", hex.Dump(buf))
-
return pc.PacketConn.WriteTo(buf, pc.addr)
}
diff --git a/udptun.go b/udptun.go
index aafc1ff..3ffcb1c 100644
--- a/udptun.go
+++ b/udptun.go
@@ -1,7 +1,6 @@
package main
import (
- "encoding/hex"
"net"
"time"
)
@@ -45,9 +44,6 @@ func (s *UDPTun) ListenAndServe() {
continue
}
- logf("ClientAddr: %s", clientAddr)
- logf("ReadFrom:\n%s", hex.Dump(buf[:n]))
-
go func() {
rc, wt, err := s.sDialer.DialUDP("udp", s.raddr)
if err != nil {
@@ -55,15 +51,12 @@ func (s *UDPTun) ListenAndServe() {
return
}
- logf("WriteTo")
n, err = rc.WriteTo(buf[:n], wt)
if err != nil {
logf("proxy-udptun rc.Write error: %v", err)
return
}
- logf("ReadFrom")
-
rcBuf := make([]byte, udpBufSize)
rc.SetReadDeadline(time.Now().Add(time.Minute))
@@ -74,9 +67,6 @@ func (s *UDPTun) ListenAndServe() {
}
rc.Close()
- // logf("rc resp: \n%s", hex.Dump(buf[:n]))
-
- logf("c.WriteTo")
c.WriteTo(rcBuf[:n], clientAddr)
logf("proxy-udptun %s <-> %s", clientAddr, s.raddr)
}()
From 38de018d91f17a26892437b893355115dd96952b Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 20 Jan 2018 15:08:23 +0800
Subject: [PATCH 137/341] ss: add nat map in ListenAndServeUDP
---
.gitignore | 1 +
conn.go | 16 ++------
ss.go | 113 +++++++++++++++++++++++++----------------------------
uottun.go | 2 +-
4 files changed, 59 insertions(+), 73 deletions(-)
diff --git a/.gitignore b/.gitignore
index 098dc82..bea015c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
# Binaries for programs and plugins
*.exe
+*.exe~
*.dll
*.so
*.dylib
diff --git a/conn.go b/conn.go
index ddab0c6..e433b41 100644
--- a/conn.go
+++ b/conn.go
@@ -54,26 +54,16 @@ func relay(left, right net.Conn) (int64, int64, error) {
}
// copy from src to dst at target with read timeout
-func timedCopy(dst net.PacketConn, target net.Addr, src net.PacketConn, timeout time.Duration, srcIncluded bool) error {
+func timedCopy(dst net.PacketConn, target net.Addr, src net.PacketConn, timeout time.Duration) error {
buf := make([]byte, udpBufSize)
-
for {
src.SetReadDeadline(time.Now().Add(timeout))
- n, raddr, err := src.ReadFrom(buf)
+ n, _, err := src.ReadFrom(buf)
if err != nil {
return err
}
- if srcIncluded { // server -> client: add original packet source
- srcAddr := ParseAddr(raddr.String())
- copy(buf[len(srcAddr):], buf[:n])
- copy(buf, srcAddr)
- _, err = dst.WriteTo(buf[:len(srcAddr)+n], target)
- } else { // client -> user: strip original packet source
- srcAddr := SplitAddr(buf[:n])
- _, err = dst.WriteTo(buf[len(srcAddr):n], target)
- }
-
+ _, err = dst.WriteTo(buf[:n], target)
if err != nil {
return err
}
diff --git a/ss.go b/ss.go
index 87fbee0..e393d04 100644
--- a/ss.go
+++ b/ss.go
@@ -5,6 +5,7 @@ import (
"log"
"net"
"strings"
+ "sync"
"time"
"github.com/shadowsocks/go-shadowsocks2/core"
@@ -139,61 +140,59 @@ func (s *SS) ServeTCP(c net.Conn) {
// ListenAndServeUDP serves udp ss requests.
func (s *SS) ListenAndServeUDP() {
- c, err := net.ListenPacket("udp", s.addr)
+ lc, err := net.ListenPacket("udp", s.addr)
if err != nil {
logf("proxy-ss-udp failed to listen on %s: %v", s.addr, err)
return
}
- defer c.Close()
+ defer lc.Close()
+
+ lc = s.PacketConn(lc)
logf("proxy-ss-udp listening UDP on %s", s.addr)
- c = s.PacketConn(c)
+ var nm sync.Map
buf := make([]byte, udpBufSize)
for {
+ c := NewPktConn(lc, nil, nil, true)
+
n, raddr, err := c.ReadFrom(buf)
if err != nil {
logf("proxy-ss-udp remote read error: %v", err)
continue
}
- tgtAddr := SplitAddr(buf[:n])
- if tgtAddr == nil {
- logf("proxy-ss-udp failed to split target address from packet: %q", buf[:n])
- continue
+ logf("proxy-ss-udp %s <-> %s", raddr, c.tgtAddr)
+
+ var pc *PktConn
+ v, ok := nm.Load(raddr.String())
+ if !ok && v == nil {
+ lpc, nextHop, err := s.sDialer.DialUDP("udp", c.tgtAddr.String())
+ if err != nil {
+ logf("proxy-ss-udp remote listen error: %v", err)
+ continue
+ }
+
+ pc = NewPktConn(lpc, nextHop, nil, false)
+ nm.Store(raddr.String(), pc)
+
+ go func() {
+ timedCopy(c, raddr, pc, 1*time.Minute)
+ pc.Close()
+ nm.Delete(raddr.String())
+ }()
+
+ } else {
+ pc = v.(*PktConn)
}
- logf("proxy-ss-udp %s <-> %s", raddr, tgtAddr)
-
- payload := buf[len(tgtAddr):n]
-
- rc, nexHop, err := s.sDialer.DialUDP("udp", tgtAddr.String())
- if err != nil {
- logf("proxy-ss-udp remote listen error: %v", err)
- continue
- }
-
- _, err = rc.WriteTo(payload, nexHop) // accept only UDPAddr despite the signature
+ _, err = pc.WriteTo(buf[:n], pc.writeAddr)
if err != nil {
logf("proxy-ss-udp remote write error: %v", err)
continue
}
-
- rcBuf := make([]byte, udpBufSize)
- rc.SetReadDeadline(time.Now().Add(time.Minute))
- copy(rcBuf, tgtAddr)
-
- n, _, err = rc.ReadFrom(rcBuf[len(tgtAddr):])
- if err != nil {
- logf("proxy-ss-udp rc.Read error: %v", err)
- return
- }
- rc.Close()
-
- c.WriteTo(rcBuf[:len(tgtAddr)+n], raddr)
}
-
}
// ListCipher .
@@ -248,28 +247,23 @@ func (s *SS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
type PktConn struct {
net.PacketConn
- addr net.Addr // write to and read from addr
- target Addr
+ writeAddr net.Addr // write to and read from addr
+
+ tgtAddr Addr
tgtHeader bool
}
// NewPktConn returns a PktConn
-func NewPktConn(c net.PacketConn, addr net.Addr, target Addr, tgtHeader bool) *PktConn {
+func NewPktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr Addr, tgtHeader bool) *PktConn {
pc := &PktConn{
PacketConn: c,
- addr: addr,
- target: target,
+ writeAddr: writeAddr,
+ tgtAddr: tgtAddr,
tgtHeader: tgtHeader}
return pc
}
-func (pc *PktConn) Read(b []byte) (int, error) {
- n, _, err := pc.ReadFrom(b)
- return n, err
-}
-
func (pc *PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
-
if !pc.tgtHeader {
return pc.PacketConn.ReadFrom(b)
}
@@ -280,28 +274,29 @@ func (pc *PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
return n, raddr, err
}
- srcAddr := ParseAddr(raddr.String())
- copy(b, buf[len(srcAddr):])
+ tgtAddr := SplitAddr(buf)
+ copy(b, buf[len(tgtAddr):])
- return n - len(srcAddr), raddr, err
-}
-
-func (pc *PktConn) Write(b []byte) (int, error) {
- if !pc.tgtHeader {
- return pc.PacketConn.WriteTo(b, pc.addr)
+ //test
+ if pc.writeAddr == nil {
+ pc.writeAddr = raddr
}
- buf := make([]byte, len(pc.target)+len(b))
- copy(buf, pc.target)
- copy(buf[len(pc.target):], b)
+ if pc.tgtAddr == nil {
+ pc.tgtAddr = tgtAddr
+ }
- return pc.PacketConn.WriteTo(buf, pc.addr)
+ return n - len(tgtAddr), raddr, err
}
func (pc *PktConn) WriteTo(b []byte, addr net.Addr) (int, error) {
- return pc.Write(b)
-}
+ if !pc.tgtHeader {
+ return pc.PacketConn.WriteTo(b, addr)
+ }
-func (pc *PktConn) RemoteAddr() net.Addr {
- return pc.addr
+ buf := make([]byte, len(pc.tgtAddr)+len(b))
+ copy(buf, pc.tgtAddr)
+ copy(buf[len(pc.tgtAddr):], b)
+
+ return pc.PacketConn.WriteTo(buf, pc.writeAddr)
}
diff --git a/uottun.go b/uottun.go
index fcd05e0..7373b74 100644
--- a/uottun.go
+++ b/uottun.go
@@ -56,7 +56,7 @@ func (s *UoTTun) ListenAndServe() {
// no remote forwarder, just a local udp forwarder
if urc, ok := rc.(*net.UDPConn); ok {
go func() {
- timedCopy(c, clientAddr, urc, 5*time.Minute, false)
+ timedCopy(c, clientAddr, urc, 5*time.Minute)
urc.Close()
}()
} else { // remote forwarder, udp over tcp
From 47820cccba25559e81b6b1df81a5e1bcaa85fafa Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 20 Jan 2018 15:23:56 +0800
Subject: [PATCH 138/341] uottun: serve in goroutine
---
ss.go | 2 +-
uottun.go | 18 ++++++++++--------
2 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/ss.go b/ss.go
index e393d04..c045d3b 100644
--- a/ss.go
+++ b/ss.go
@@ -178,7 +178,7 @@ func (s *SS) ListenAndServeUDP() {
nm.Store(raddr.String(), pc)
go func() {
- timedCopy(c, raddr, pc, 1*time.Minute)
+ timedCopy(c, raddr, pc, 2*time.Minute)
pc.Close()
nm.Delete(raddr.String())
}()
diff --git a/uottun.go b/uottun.go
index 7373b74..5e910d6 100644
--- a/uottun.go
+++ b/uottun.go
@@ -53,21 +53,23 @@ func (s *UoTTun) ListenAndServe() {
rc.Write(buf[:n])
- // no remote forwarder, just a local udp forwarder
- if urc, ok := rc.(*net.UDPConn); ok {
- go func() {
- timedCopy(c, clientAddr, urc, 5*time.Minute)
+ go func() {
+ // no remote forwarder, just a local udp forwarder
+ if urc, ok := rc.(*net.UDPConn); ok {
+ timedCopy(c, clientAddr, urc, 2*time.Minute)
urc.Close()
- }()
- } else { // remote forwarder, udp over tcp
+ return
+ }
+
+ // remote forwarder, udp over tcp
resp, err := ioutil.ReadAll(rc)
if err != nil {
logf("error in ioutil.ReadAll: %s\n", err)
- continue
+ return
}
rc.Close()
c.WriteTo(resp, clientAddr)
- }
+ }()
logf("proxy-uottun %s <-> %s", clientAddr, s.raddr)
}
From 601e0ddcdaef389c96de88cab0a67ce3551ad4dd Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 20 Jan 2018 15:36:53 +0800
Subject: [PATCH 139/341] udptun: add nat map
---
ss.go | 6 +++---
udptun.go | 48 +++++++++++++++++++++++++++---------------------
uottun.go | 3 +--
3 files changed, 31 insertions(+), 26 deletions(-)
diff --git a/ss.go b/ss.go
index c045d3b..d85bd33 100644
--- a/ss.go
+++ b/ss.go
@@ -163,14 +163,12 @@ func (s *SS) ListenAndServeUDP() {
continue
}
- logf("proxy-ss-udp %s <-> %s", raddr, c.tgtAddr)
-
var pc *PktConn
v, ok := nm.Load(raddr.String())
if !ok && v == nil {
lpc, nextHop, err := s.sDialer.DialUDP("udp", c.tgtAddr.String())
if err != nil {
- logf("proxy-ss-udp remote listen error: %v", err)
+ logf("proxy-ss-udp remote dial error: %v", err)
continue
}
@@ -192,6 +190,8 @@ func (s *SS) ListenAndServeUDP() {
logf("proxy-ss-udp remote write error: %v", err)
continue
}
+
+ logf("proxy-ss-udp %s <-> %s", raddr, c.tgtAddr)
}
}
diff --git a/udptun.go b/udptun.go
index 3ffcb1c..7c14cbf 100644
--- a/udptun.go
+++ b/udptun.go
@@ -2,6 +2,7 @@ package main
import (
"net"
+ "sync"
"time"
)
@@ -35,41 +36,46 @@ func (s *UDPTun) ListenAndServe() {
logf("proxy-udptun listening UDP on %s", s.addr)
+ var nm sync.Map
buf := make([]byte, udpBufSize)
for {
- n, clientAddr, err := c.ReadFrom(buf)
+ n, raddr, err := c.ReadFrom(buf)
if err != nil {
logf("proxy-udptun read error: %v", err)
continue
}
- go func() {
- rc, wt, err := s.sDialer.DialUDP("udp", s.raddr)
+ var pc net.PacketConn
+ var writeAddr net.Addr
+
+ v, ok := nm.Load(raddr.String())
+ if !ok && v == nil {
+
+ pc, writeAddr, err = s.sDialer.DialUDP("udp", s.raddr)
if err != nil {
- logf("proxy-udptun failed to connect to server %v: %v", s.raddr, err)
- return
+ logf("proxy-udptun remote dial error: %v", err)
+ continue
}
- n, err = rc.WriteTo(buf[:n], wt)
- if err != nil {
- logf("proxy-udptun rc.Write error: %v", err)
- return
- }
+ nm.Store(raddr.String(), pc)
+ go func() {
+ timedCopy(c, raddr, pc, 2*time.Minute)
+ pc.Close()
+ nm.Delete(raddr.String())
+ }()
- rcBuf := make([]byte, udpBufSize)
- rc.SetReadDeadline(time.Now().Add(time.Minute))
+ } else {
+ pc = v.(net.PacketConn)
+ }
- n, _, err = rc.ReadFrom(rcBuf)
- if err != nil {
- logf("proxy-udptun rc.Read error: %v", err)
- return
- }
- rc.Close()
+ _, err = pc.WriteTo(buf[:n], writeAddr)
+ if err != nil {
+ logf("proxy-udptun remote write error: %v", err)
+ continue
+ }
- c.WriteTo(rcBuf[:n], clientAddr)
- logf("proxy-udptun %s <-> %s", clientAddr, s.raddr)
- }()
+ logf("proxy-udptun %s <-> %s", raddr, s.raddr)
}
}
diff --git a/uottun.go b/uottun.go
index 5e910d6..7b99c9a 100644
--- a/uottun.go
+++ b/uottun.go
@@ -51,8 +51,6 @@ func (s *UoTTun) ListenAndServe() {
continue
}
- rc.Write(buf[:n])
-
go func() {
// no remote forwarder, just a local udp forwarder
if urc, ok := rc.(*net.UDPConn); ok {
@@ -71,6 +69,7 @@ func (s *UoTTun) ListenAndServe() {
c.WriteTo(resp, clientAddr)
}()
+ rc.Write(buf[:n])
logf("proxy-uottun %s <-> %s", clientAddr, s.raddr)
}
}
From 6b4d2582cabc496fbd8d755f27ff4ed340c370eb Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 20 Jan 2018 22:13:04 +0800
Subject: [PATCH 140/341] socks5: support udp in server mode
---
README.md | 6 +-
http.go | 2 +-
mixed.go | 15 +++--
socks5.go | 196 +++++++++++++++++++++++++++++++++++++++++++++++-------
ss.go | 2 +-
udptun.go | 1 +
uottun.go | 7 +-
7 files changed, 195 insertions(+), 34 deletions(-)
diff --git a/README.md b/README.md
index 2c0f799..5e43056 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ Listen(local proxy server):
- SS proxy
- Linux transparent proxy(iptables redirect)
- TCP tunnel
-- DNS Tunnel(udp2tcp)
+- UDP over TCP tunnel
Forward(upstream proxy server):
- Socks5 proxy
@@ -47,7 +47,9 @@ General:
- Rule proxy based on destinations: [Config Examples](config/examples)
TODO:
-- [x] UDP over TCP Tunnel (client <--udp--> glider/uottun <--tcp--> ss <--udp--> target)
+
+- [x] UDP tunnel
+- [x] UDP over TCP Tunnel (client <--udp--> glider/uottun <--tcp--> glider/ss <--udp--> target)
- [ ] Transparent UDP proxy (iptables tproxy)
- [ ] DNS Cache
- [ ] TUN/TAP device support
diff --git a/http.go b/http.go
index 218efbb..dc5f877 100644
--- a/http.go
+++ b/http.go
@@ -249,7 +249,7 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
// DialUDP connects to the given address via the proxy.
func (s *HTTP) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- return nil, nil, errors.New("DialUDP not supported")
+ return nil, nil, errors.New("http client does not support udp")
}
// parseFirstLine parses "GET /foo HTTP/1.1" OR "HTTP/1.1 200 OK" into its three parts.
diff --git a/mixed.go b/mixed.go
index 93b69df..05cc724 100644
--- a/mixed.go
+++ b/mixed.go
@@ -41,18 +41,21 @@ func NewMixedProxy(addr, user, pass, rawQuery string, sDialer Dialer) (*MixedPro
// ListenAndServe .
func (p *MixedProxy) ListenAndServe() {
+
+ go p.socks5.ListenAndServeUDP()
+
l, err := net.Listen("tcp", p.addr)
if err != nil {
- logf("failed to listen on %s: %v", p.addr, err)
+ logf("proxy-mixed failed to listen on %s: %v", p.addr, err)
return
}
- logf("listening TCP on %s", p.addr)
+ logf("proxy-mixed listening TCP on %s", p.addr)
for {
c, err := l.Accept()
if err != nil {
- logf("failed to accept: %v", err)
+ logf("proxy-mixed failed to accept: %v", err)
continue
}
@@ -73,13 +76,13 @@ func (p *MixedProxy) Serve(conn net.Conn) {
if p.socks5 != nil {
head, err := c.Peek(1)
if err != nil {
- logf("peek error: %s", err)
+ logf("proxy-mixed peek error: %s", err)
return
}
// check socks5, client send socksversion: 5 as the first byte
if head[0] == socks5Version {
- p.socks5.Serve(c)
+ p.socks5.ServeTCP(c)
return
}
}
@@ -87,7 +90,7 @@ func (p *MixedProxy) Serve(conn net.Conn) {
if p.http != nil {
head, err := c.Peek(8)
if err != nil {
- logf("peek error: %s", err)
+ logf("proxy-mixed peek error: %s", err)
return
}
diff --git a/socks5.go b/socks5.go
index e025144..ac7154c 100644
--- a/socks5.go
+++ b/socks5.go
@@ -14,6 +14,8 @@ import (
"io"
"net"
"strconv"
+ "sync"
+ "time"
)
const socks5Version = 5
@@ -43,16 +45,17 @@ const MaxAddrLen = 1 + 1 + 255 + 2
// Addr represents a SOCKS address as defined in RFC 1928 section 5.
type Addr []byte
-var socks5Errors = []string{
- "",
- "general failure",
- "connection forbidden",
- "network unreachable",
- "host unreachable",
- "connection refused",
- "TTL expired",
- "command not supported",
- "address type not supported",
+var socks5Errors = []error{
+ errors.New(""),
+ errors.New("general failure"),
+ errors.New("connection forbidden"),
+ errors.New("network unreachable"),
+ errors.New("host unreachable"),
+ errors.New("connection refused"),
+ errors.New("TTL expired"),
+ errors.New("command not supported"),
+ errors.New("address type not supported"),
+ errors.New("socks5UDPAssociate"),
}
// SOCKS5 struct
@@ -77,8 +80,14 @@ func NewSOCKS5(addr, user, pass string, cDialer Dialer, sDialer Dialer) (*SOCKS5
return s, nil
}
-// ListenAndServe .
+// ListenAndServe serves socks5 requests.
func (s *SOCKS5) ListenAndServe() {
+ go s.ListenAndServeUDP()
+ s.ListenAndServeTCP()
+}
+
+// ListenAndServeTCP .
+func (s *SOCKS5) ListenAndServeTCP() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
logf("proxy-socks5 failed to listen on %s: %v", s.addr, err)
@@ -94,12 +103,12 @@ func (s *SOCKS5) ListenAndServe() {
continue
}
- go s.Serve(c)
+ go s.ServeTCP(c)
}
}
-// Serve .
-func (s *SOCKS5) Serve(c net.Conn) {
+// ServeTCP .
+func (s *SOCKS5) ServeTCP(c net.Conn) {
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
@@ -108,6 +117,20 @@ func (s *SOCKS5) Serve(c net.Conn) {
tgt, err := s.handshake(c)
if err != nil {
+ // UDP: keep the connection until disconnect then free the UDP socket
+ if err == socks5Errors[9] {
+ buf := []byte{}
+ // block here
+ for {
+ _, err := c.Read(buf)
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ continue
+ }
+ logf("UDP Associate End.")
+ return
+ }
+ }
+
logf("proxy-socks5 failed to get target address: %v", err)
return
}
@@ -130,6 +153,62 @@ func (s *SOCKS5) Serve(c net.Conn) {
}
}
+// ListenAndServeUDP serves udp requests.
+func (s *SOCKS5) ListenAndServeUDP() {
+ lc, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ logf("proxy-socks5-udp failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer lc.Close()
+
+ logf("proxy-socks5-udp listening UDP on %s", s.addr)
+
+ var nm sync.Map
+ buf := make([]byte, udpBufSize)
+
+ for {
+ c := NewSocks5PktConn(lc, nil, nil, true)
+
+ n, raddr, err := c.ReadFrom(buf)
+ if err != nil {
+ logf("proxy-socks5-udp remote read error: %v", err)
+ continue
+ }
+
+ var pc *Socks5PktConn
+ v, ok := nm.Load(raddr.String())
+ if !ok && v == nil {
+ lpc, nextHop, err := s.sDialer.DialUDP("udp", c.tgtAddr.String())
+ if err != nil {
+ logf("proxy-socks5-udp remote dial error: %v", err)
+ continue
+ }
+
+ pc = NewSocks5PktConn(lpc, nextHop, nil, false)
+ nm.Store(raddr.String(), pc)
+
+ go func() {
+ timedCopy(c, raddr, pc, 2*time.Minute)
+ pc.Close()
+ nm.Delete(raddr.String())
+ }()
+
+ } else {
+ pc = v.(*Socks5PktConn)
+ }
+
+ _, err = pc.WriteTo(buf[:n], pc.writeAddr)
+ if err != nil {
+ logf("proxy-socks5-udp remote write error: %v", err)
+ continue
+ }
+
+ logf("proxy-socks5-udp %s <-> %s", raddr, c.tgtAddr)
+ }
+
+}
+
// Dial connects to the address addr on the network net via the SOCKS5 proxy.
func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
switch network {
@@ -158,7 +237,7 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
// DialUDP connects to the given address via the proxy.
func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- return nil, nil, errors.New("DialUDP not supported")
+ return nil, nil, errors.New("sock5 client does not support udp now")
}
// connect takes an existing connection to a socks5 proxy server,
@@ -254,7 +333,7 @@ func (s *SOCKS5) connect(conn net.Conn, target string) error {
failure := "unknown error"
if int(buf[1]) < len(socks5Errors) {
- failure = socks5Errors[buf[1]]
+ failure = socks5Errors[buf[1]].Error()
}
if len(failure) > 0 {
@@ -314,16 +393,26 @@ func (s *SOCKS5) handshake(rw io.ReadWriter) (Addr, error) {
if _, err := io.ReadFull(rw, buf[:3]); err != nil {
return nil, err
}
- if buf[1] != socks5Connect {
- return nil, errors.New(socks5Errors[7])
- }
+ cmd := buf[1]
addr, err := readAddr(rw, buf)
if err != nil {
return nil, err
}
- // write VER REP RSV ATYP BND.ADDR BND.PORT
- _, err = rw.Write([]byte{5, 0, 0, 1, 0, 0, 0, 0, 0, 0})
- return addr, err
+ switch cmd {
+ case socks5Connect:
+ _, err = rw.Write([]byte{5, 0, 0, 1, 0, 0, 0, 0, 0, 0}) // SOCKS v5, reply succeeded
+ case socks5UDPAssociate:
+ listenAddr := ParseAddr(rw.(net.Conn).LocalAddr().String())
+ _, err = rw.Write(append([]byte{5, 0, 0}, listenAddr...)) // SOCKS v5, reply succeeded
+ if err != nil {
+ return nil, socks5Errors[7]
+ }
+ err = socks5Errors[9]
+ default:
+ return nil, socks5Errors[7]
+ }
+
+ return addr, err // skip VER, CMD, RSV fields
}
// String serializes SOCKS address a to string form.
@@ -380,7 +469,7 @@ func readAddr(r io.Reader, b []byte) (Addr, error) {
return b[:1+net.IPv6len+2], err
}
- return nil, errors.New(socks5Errors[8])
+ return nil, socks5Errors[8]
}
// ReadAddr reads just enough bytes from r to get a valid Addr.
@@ -453,3 +542,64 @@ func ParseAddr(s string) Addr {
return addr
}
+
+// Socks5PktConn .
+type Socks5PktConn struct {
+ net.PacketConn
+
+ writeAddr net.Addr // write to and read from addr
+
+ tgtAddr Addr
+ tgtHeader bool
+}
+
+// NewSocks5PktConn returns a Socks5PktConn
+func NewSocks5PktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr Addr, tgtHeader bool) *Socks5PktConn {
+ pc := &Socks5PktConn{
+ PacketConn: c,
+ writeAddr: writeAddr,
+ tgtAddr: tgtAddr,
+ tgtHeader: tgtHeader}
+ return pc
+}
+
+func (pc *Socks5PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
+ if !pc.tgtHeader {
+ return pc.PacketConn.ReadFrom(b)
+ }
+
+ buf := make([]byte, len(b))
+ n, raddr, err := pc.PacketConn.ReadFrom(buf)
+ if err != nil {
+ return n, raddr, err
+ }
+
+ // https://tools.ietf.org/html/rfc1928#section-7
+ // +----+------+------+----------+----------+----------+
+ // |RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA |
+ // +----+------+------+----------+----------+----------+
+ // | 2 | 1 | 1 | Variable | 2 | Variable |
+ // +----+------+------+----------+----------+----------+
+ tgtAddr := SplitAddr(buf[3:])
+ copy(b, buf[3+len(tgtAddr):])
+
+ //test
+ if pc.writeAddr == nil {
+ pc.writeAddr = raddr
+ }
+
+ if pc.tgtAddr == nil {
+ pc.tgtAddr = tgtAddr
+ }
+
+ return n - len(tgtAddr), raddr, err
+}
+
+func (pc *Socks5PktConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+ if !pc.tgtHeader {
+ return pc.PacketConn.WriteTo(b, addr)
+ }
+
+ buf := append(append([]byte{0, 0, 0}, b[:]...))
+ return pc.PacketConn.WriteTo(buf, pc.writeAddr)
+}
diff --git a/ss.go b/ss.go
index d85bd33..a63952e 100644
--- a/ss.go
+++ b/ss.go
@@ -243,7 +243,7 @@ func (s *SS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
return pkc, nextHop, err
}
-// PktConn wraps a net.PacketConn and support Write method like net.Conn
+// PktConn .
type PktConn struct {
net.PacketConn
diff --git a/udptun.go b/udptun.go
index 7c14cbf..4c6f16f 100644
--- a/udptun.go
+++ b/udptun.go
@@ -59,6 +59,7 @@ func (s *UDPTun) ListenAndServe() {
}
nm.Store(raddr.String(), pc)
+
go func() {
timedCopy(c, raddr, pc, 2*time.Minute)
pc.Close()
diff --git a/uottun.go b/uottun.go
index 7b99c9a..27c9330 100644
--- a/uottun.go
+++ b/uottun.go
@@ -69,7 +69,12 @@ func (s *UoTTun) ListenAndServe() {
c.WriteTo(resp, clientAddr)
}()
- rc.Write(buf[:n])
+ _, err = rc.Write(buf[:n])
+ if err != nil {
+ logf("proxy-uottun remote write error: %v", err)
+ continue
+ }
+
logf("proxy-uottun %s <-> %s", clientAddr, s.raddr)
}
}
From 124e1a301322624c2de2046babe9039889807861 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 20 Jan 2018 23:27:22 +0800
Subject: [PATCH 141/341] doc: update README and help info
---
README.md | 36 ++++++++++++++++++++++++++----------
conf.go | 9 ++++++++-
2 files changed, 34 insertions(+), 11 deletions(-)
diff --git a/README.md b/README.md
index 5e43056..d2332ea 100644
--- a/README.md
+++ b/README.md
@@ -16,17 +16,19 @@ we can set up local listeners as proxy servers, and forward requests to internet
## Features
Listen(local proxy server):
-- Socks5 proxy
-- Http proxy
-- SS proxy
+- Socks5 proxy(tcp&udp)
+- Http proxy(tcp)
+- SS proxy(tcp&udp)
- Linux transparent proxy(iptables redirect)
- TCP tunnel
+- UDP tunnel
- UDP over TCP tunnel
+- DNS Tunnel(udp2tcp)
Forward(upstream proxy server):
-- Socks5 proxy
-- Http proxy
-- SS proxy
+- Socks5 proxy(tcp)
+- Http proxy(tcp)
+- SS proxy(tcp&udp&uot)
DNS Forwarding Server(udp2tcp):
- Listen on UDP and forward dns requests to remote dns server in TCP via forwarders
@@ -48,8 +50,7 @@ General:
TODO:
-- [x] UDP tunnel
-- [x] UDP over TCP Tunnel (client <--udp--> glider/uottun <--tcp--> glider/ss <--udp--> target)
+- [ ] Socks5 UDP client
- [ ] Transparent UDP proxy (iptables tproxy)
- [ ] DNS Cache
- [ ] TUN/TAP device support
@@ -90,19 +91,27 @@ glider -config CONFIGPATH -listen :8080 -verbose
## Usage
```bash
-glider v0.3.1 usage:
+glider v0.5.0 usage:
-checkduration int
proxy check duration(seconds) (default 30)
-checkwebsite string
proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80 (default "www.apple.com")
-config string
config file path
+ -dns string
+ dns forwarder server listen address
+ -dnsserver value
+ remote dns server
-forward value
forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]
+ -ipset string
+ ipset name
-listen value
listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT
-rulefile value
rule file path
+ -rules-dir string
+ rule file folder
-strategy string
forward strategy, default: rr (default "rr")
-verbose
@@ -115,10 +124,11 @@ Available Schemas:
http: http proxy
redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)
tcptun: a simple tcp tunnel
+ udptun: a simple udp tunnel
dnstun: listen on udp port and forward all dns requests to remote dns server via forwarders(tcp)
Available schemas for different modes:
- listen: mixed ss socks5 http redir tcptun dnstun
+ listen: mixed ss socks5 http redir tcptun udptun dnstun
forward: ss socks5 http
Available methods for ss:
@@ -160,6 +170,12 @@ Examples:
glider -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443
-listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.
+ glider -listen udptun://:53=8.8.8.8:53 -forward ss://method:pass@1.1.1.1:8443
+ -listen on :53 and forward all udp requests to 8.8.8.8:53 via remote ss server.
+
+ glider -listen uottun://:53=8.8.8.8:53 -forward ss://method:pass@1.1.1.1:8443
+ -listen on :53 and forward all udp requests via udp over tcp tunnel.
+
glider -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:8443
-listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.
diff --git a/conf.go b/conf.go
index a8a6f7f..0d1d680 100644
--- a/conf.go
+++ b/conf.go
@@ -141,11 +141,12 @@ func usage() {
fmt.Fprintf(os.Stderr, " http: http proxy\n")
fmt.Fprintf(os.Stderr, " redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)\n")
fmt.Fprintf(os.Stderr, " tcptun: a simple tcp tunnel\n")
+ fmt.Fprintf(os.Stderr, " udptun: a simple udp tunnel\n")
fmt.Fprintf(os.Stderr, " dnstun: listen on udp port and forward all dns requests to remote dns server via forwarders(tcp)\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Available schemas for different modes:\n")
- fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir tcptun dnstun\n")
+ fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir tcptun udptun dnstun\n")
fmt.Fprintf(os.Stderr, " forward: ss socks5 http\n")
fmt.Fprintf(os.Stderr, "\n")
@@ -192,6 +193,12 @@ func usage() {
fmt.Fprintf(os.Stderr, " "+app+" -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443\n")
fmt.Fprintf(os.Stderr, " -listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen udptun://:53=8.8.8.8:53 -forward ss://method:pass@1.1.1.1:8443\n")
+ fmt.Fprintf(os.Stderr, " -listen on :53 and forward all udp requests to 8.8.8.8:53 via remote ss server.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen uottun://:53=8.8.8.8:53 -forward ss://method:pass@1.1.1.1:8443\n")
+ fmt.Fprintf(os.Stderr, " -listen on :53 and forward all udp requests via udp over tcp tunnel.\n")
+ fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:8443\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
From 61f7131d5373d81447948b0a65334f7ec3956fe0 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 20 Jan 2018 23:31:36 +0800
Subject: [PATCH 142/341] doc: add udp over tcp tunnel info
---
README.md | 7 ++++---
conf.go | 7 ++++---
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/README.md b/README.md
index d2332ea..fc52836 100644
--- a/README.md
+++ b/README.md
@@ -123,12 +123,13 @@ Available Schemas:
socks5: socks5 proxy
http: http proxy
redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)
- tcptun: a simple tcp tunnel
- udptun: a simple udp tunnel
+ tcptun: tcp tunnel
+ udptun: udp tunnel
+ uottun: udp over tcp tunnel
dnstun: listen on udp port and forward all dns requests to remote dns server via forwarders(tcp)
Available schemas for different modes:
- listen: mixed ss socks5 http redir tcptun udptun dnstun
+ listen: mixed ss socks5 http redir tcptun udptun uottun dnstun
forward: ss socks5 http
Available methods for ss:
diff --git a/conf.go b/conf.go
index 0d1d680..ba231a0 100644
--- a/conf.go
+++ b/conf.go
@@ -140,13 +140,14 @@ func usage() {
fmt.Fprintf(os.Stderr, " socks5: socks5 proxy\n")
fmt.Fprintf(os.Stderr, " http: http proxy\n")
fmt.Fprintf(os.Stderr, " redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)\n")
- fmt.Fprintf(os.Stderr, " tcptun: a simple tcp tunnel\n")
- fmt.Fprintf(os.Stderr, " udptun: a simple udp tunnel\n")
+ fmt.Fprintf(os.Stderr, " tcptun: tcp tunnel\n")
+ fmt.Fprintf(os.Stderr, " udptun: udp tunnel\n")
+ fmt.Fprintf(os.Stderr, " uottun: udp over tcp tunnel\n")
fmt.Fprintf(os.Stderr, " dnstun: listen on udp port and forward all dns requests to remote dns server via forwarders(tcp)\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Available schemas for different modes:\n")
- fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir tcptun udptun dnstun\n")
+ fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir tcptun udptun uottun dnstun\n")
fmt.Fprintf(os.Stderr, " forward: ss socks5 http\n")
fmt.Fprintf(os.Stderr, "\n")
From b2d40b69ffb242f2069dd1f36a75984f6c9c4f2d Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 21 Jan 2018 00:31:10 +0800
Subject: [PATCH 143/341] general: add comments
---
direct.go | 2 +-
ipset_linux.go | 7 ++++---
rule.go | 1 +
socks5.go | 2 ++
ss.go | 6 ++++--
5 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/direct.go b/direct.go
index b0084dd..576d06a 100644
--- a/direct.go
+++ b/direct.go
@@ -29,7 +29,7 @@ func (d *direct) Dial(network, addr string) (net.Conn, error) {
return c, err
}
-// DialUDP connects to the given address via the proxy.
+// DialUDP connects to the given address via the proxy
func (d *direct) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
pc, err := net.ListenPacket(network, "")
if err != nil {
diff --git a/ipset_linux.go b/ipset_linux.go
index edb94f4..eddb5e0 100644
--- a/ipset_linux.go
+++ b/ipset_linux.go
@@ -18,16 +18,17 @@ import (
// netfilter netlink message types
// https://github.com/torvalds/linux/blob/9e66317d3c92ddaab330c125dfe9d06eee268aff/include/uapi/linux/netfilter/nfnetlink.h#L56
+// NFNL_SUBSYS_IPSET
const NFNL_SUBSYS_IPSET = 6
// http://git.netfilter.org/ipset/tree/include/libipset/linux_ip_set.h
-/* The protocol version */
+// IPSET_PROTOCOL: The protocol version
const IPSET_PROTOCOL = 6
-/* The max length of strings including NUL: set and type identifiers */
+// IPSET_MAXNAMELEN: The max length of strings including NUL: set and type identifiers
const IPSET_MAXNAMELEN = 32
-/* Message types and commands */
+// Message types and commands
const IPSET_CMD_CREATE = 2
const IPSET_CMD_FLUSH = 4
const IPSET_CMD_ADD = 9
diff --git a/rule.go b/rule.go
index 5e04d8a..2a11419 100644
--- a/rule.go
+++ b/rule.go
@@ -113,6 +113,7 @@ func (rd *RuleDialer) Dial(network, addr string) (net.Conn, error) {
return rd.NextDialer(addr).Dial(network, addr)
}
+// DialUDP connects to the given address via the proxy
func (rd *RuleDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
return rd.NextDialer(addr).DialUDP(network, addr)
}
diff --git a/socks5.go b/socks5.go
index ac7154c..32b0184 100644
--- a/socks5.go
+++ b/socks5.go
@@ -563,6 +563,7 @@ func NewSocks5PktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr Addr, tgtHea
return pc
}
+// ReadFrom overrides the original function from net.PacketConn
func (pc *Socks5PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
if !pc.tgtHeader {
return pc.PacketConn.ReadFrom(b)
@@ -595,6 +596,7 @@ func (pc *Socks5PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
return n - len(tgtAddr), raddr, err
}
+// WriteTo overrides the original function from net.PacketConn
func (pc *Socks5PktConn) WriteTo(b []byte, addr net.Addr) (int, error) {
if !pc.tgtHeader {
return pc.PacketConn.WriteTo(b, addr)
diff --git a/ss.go b/ss.go
index a63952e..d7adbab 100644
--- a/ss.go
+++ b/ss.go
@@ -87,14 +87,14 @@ func (s *SS) ServeTCP(c net.Conn) {
rc, err := net.ListenPacket("udp", "")
if err != nil {
- logf("UDP remote listen error: %v", err)
+ logf("proxy-ss UDP remote listen error: %v", err)
}
defer rc.Close()
req := make([]byte, udpBufSize)
n, err := c.Read(req)
if err != nil {
- logf("error in ioutil.ReadAll: %s\n", err)
+ logf("proxy-ss error in ioutil.ReadAll: %s\n", err)
return
}
@@ -263,6 +263,7 @@ func NewPktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr Addr, tgtHeader bo
return pc
}
+// ReadFrom overrides the original function from net.PacketConn
func (pc *PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
if !pc.tgtHeader {
return pc.PacketConn.ReadFrom(b)
@@ -289,6 +290,7 @@ func (pc *PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
return n - len(tgtAddr), raddr, err
}
+// WriteTo overrides the original function from net.PacketConn
func (pc *PktConn) WriteTo(b []byte, addr net.Addr) (int, error) {
if !pc.tgtHeader {
return pc.PacketConn.WriteTo(b, addr)
From 0d9f588e1f3fc87644a247c961874f34ff531294 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 22 Jan 2018 00:40:04 +0800
Subject: [PATCH 144/341] socks5: support udp in client mode
---
README.md | 6 +++---
socks5.go | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 58 insertions(+), 5 deletions(-)
diff --git a/README.md b/README.md
index fc52836..fd2a4a6 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ we can set up local listeners as proxy servers, and forward requests to internet
```
## Features
-Listen(local proxy server):
+Listen (local proxy server):
- Socks5 proxy(tcp&udp)
- Http proxy(tcp)
- SS proxy(tcp&udp)
@@ -25,12 +25,12 @@ Listen(local proxy server):
- UDP over TCP tunnel
- DNS Tunnel(udp2tcp)
-Forward(upstream proxy server):
+Forward (local proxy client/upstream proxy server):
- Socks5 proxy(tcp)
- Http proxy(tcp)
- SS proxy(tcp&udp&uot)
-DNS Forwarding Server(udp2tcp):
+DNS Forwarding Server (udp2tcp):
- Listen on UDP and forward dns requests to remote dns server in TCP via forwarders
- Specify different upstream dns server based on destinations(in rule file)
- Tunnel mode: forward to a fixed upstream dns server
diff --git a/socks5.go b/socks5.go
index 32b0184..96b940d 100644
--- a/socks5.go
+++ b/socks5.go
@@ -1,3 +1,5 @@
+// https://tools.ietf.org/html/rfc1928
+
// socks5 client:
// https://github.com/golang/net/tree/master/proxy
// Copyright 2011 The Go Authors. All rights reserved.
@@ -237,7 +239,56 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
// DialUDP connects to the given address via the proxy.
func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- return nil, nil, errors.New("sock5 client does not support udp now")
+ // TODO: keep tcp connection until udp ended
+ c, err := s.cDialer.Dial("tcp", s.addr)
+ if err != nil {
+ logf("proxy-socks5 dialudp dial tcp to %s error: %s", s.addr, err)
+ return nil, nil, err
+ }
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ // send VER, NMETHODS, METHODS
+ c.Write([]byte{5, 1, 0})
+
+ buf := make([]byte, MaxAddrLen)
+ // read VER METHOD
+ if _, err := io.ReadFull(c, buf[:2]); err != nil {
+ return nil, nil, err
+ }
+
+ dstAddr := ParseAddr(s.Addr())
+ // write VER CMD RSV ATYP DST.ADDR DST.PORT
+ c.Write(append([]byte{5, socks5UDPAssociate, 0}, dstAddr...))
+
+ // read VER REP RSV ATYP DST.ADDR DST.PORT
+ if _, err := io.ReadFull(c, buf[:3]); err != nil {
+ return nil, nil, err
+ }
+
+ rep := buf[1]
+ if rep != 0 {
+ logf("proxy-socks5 server reply: %d, not succeeded", rep)
+ return nil, nil, errors.New("server connect failed")
+ }
+
+ uAddr, err := readAddr(c, buf)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ logf("proxy-socks5 udp dial uAddr: %s", uAddr)
+
+ pc, nextHop, err := s.cDialer.DialUDP(network, uAddr.String())
+ if err != nil {
+ logf("proxy-socks5 dialudp to %s error: %s", uAddr.String(), err)
+ return nil, nil, err
+ }
+
+ pkc := NewSocks5PktConn(pc, nextHop, ParseAddr(addr), true)
+ return pkc, nextHop, err
}
// connect takes an existing connection to a socks5 proxy server,
@@ -602,6 +653,8 @@ func (pc *Socks5PktConn) WriteTo(b []byte, addr net.Addr) (int, error) {
return pc.PacketConn.WriteTo(b, addr)
}
- buf := append(append([]byte{0, 0, 0}, b[:]...))
+ // buf := append([]byte{0, 0, 0}, b[:]...)
+ buf := append([]byte{0, 0, 0}, pc.tgtAddr...)
+ buf = append(buf, b[:]...)
return pc.PacketConn.WriteTo(buf, pc.writeAddr)
}
From 24d30cdca780dccce605fca2e6a4f30e74c2222b Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 22 Jan 2018 00:51:28 +0800
Subject: [PATCH 145/341] socks5: fixed a bug in ReadFrom
---
socks5.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/socks5.go b/socks5.go
index 96b940d..3842153 100644
--- a/socks5.go
+++ b/socks5.go
@@ -644,7 +644,7 @@ func (pc *Socks5PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
pc.tgtAddr = tgtAddr
}
- return n - len(tgtAddr), raddr, err
+ return n - len(tgtAddr) - 3, raddr, err
}
// WriteTo overrides the original function from net.PacketConn
From b35da7048d619249101da2a7fef52ce23a4a9c84 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 22 Jan 2018 01:10:47 +0800
Subject: [PATCH 146/341] socks5: keep tcp control connection until udp
connection closed
---
socks5.go | 37 ++++++++++++++++++++++++++++++++-----
1 file changed, 32 insertions(+), 5 deletions(-)
diff --git a/socks5.go b/socks5.go
index 3842153..9f648f6 100644
--- a/socks5.go
+++ b/socks5.go
@@ -170,7 +170,7 @@ func (s *SOCKS5) ListenAndServeUDP() {
buf := make([]byte, udpBufSize)
for {
- c := NewSocks5PktConn(lc, nil, nil, true)
+ c := NewSocks5PktConn(lc, nil, nil, true, nil)
n, raddr, err := c.ReadFrom(buf)
if err != nil {
@@ -187,7 +187,7 @@ func (s *SOCKS5) ListenAndServeUDP() {
continue
}
- pc = NewSocks5PktConn(lpc, nextHop, nil, false)
+ pc = NewSocks5PktConn(lpc, nextHop, nil, false, nil)
nm.Store(raddr.String(), pc)
go func() {
@@ -287,7 +287,7 @@ func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.A
return nil, nil, err
}
- pkc := NewSocks5PktConn(pc, nextHop, ParseAddr(addr), true)
+ pkc := NewSocks5PktConn(pc, nextHop, ParseAddr(addr), true, c)
return pkc, nextHop, err
}
@@ -602,15 +602,33 @@ type Socks5PktConn struct {
tgtAddr Addr
tgtHeader bool
+
+ ctrlConn net.Conn // tcp control conn
}
// NewSocks5PktConn returns a Socks5PktConn
-func NewSocks5PktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr Addr, tgtHeader bool) *Socks5PktConn {
+func NewSocks5PktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr Addr, tgtHeader bool, ctrlConn net.Conn) *Socks5PktConn {
pc := &Socks5PktConn{
PacketConn: c,
writeAddr: writeAddr,
tgtAddr: tgtAddr,
- tgtHeader: tgtHeader}
+ tgtHeader: tgtHeader,
+ ctrlConn: ctrlConn}
+
+ if ctrlConn != nil {
+ go func() {
+ buf := []byte{}
+ for {
+ _, err := ctrlConn.Read(buf)
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ continue
+ }
+ logf("UDP Associate End.")
+ return
+ }
+ }()
+ }
+
return pc
}
@@ -658,3 +676,12 @@ func (pc *Socks5PktConn) WriteTo(b []byte, addr net.Addr) (int, error) {
buf = append(buf, b[:]...)
return pc.PacketConn.WriteTo(buf, pc.writeAddr)
}
+
+// Close .
+func (pc *Socks5PktConn) Close() error {
+ if pc.ctrlConn != nil {
+ pc.ctrlConn.Close()
+ }
+
+ return pc.PacketConn.Close()
+}
From d8a78df402f155c81fa3c9af29c6f878ac31a105 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 22 Jan 2018 22:40:38 +0800
Subject: [PATCH 147/341] socks5: fixed a bug in dialudp
---
socks5.go | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/socks5.go b/socks5.go
index 9f648f6..4480649 100644
--- a/socks5.go
+++ b/socks5.go
@@ -239,7 +239,6 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
// DialUDP connects to the given address via the proxy.
func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- // TODO: keep tcp connection until udp ended
c, err := s.cDialer.Dial("tcp", s.addr)
if err != nil {
logf("proxy-socks5 dialudp dial tcp to %s error: %s", s.addr, err)
@@ -259,11 +258,11 @@ func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.A
return nil, nil, err
}
- dstAddr := ParseAddr(s.Addr())
+ dstAddr := ParseAddr(addr)
// write VER CMD RSV ATYP DST.ADDR DST.PORT
c.Write(append([]byte{5, socks5UDPAssociate, 0}, dstAddr...))
- // read VER REP RSV ATYP DST.ADDR DST.PORT
+ // read VER REP RSV ATYP BND.ADDR BND.PORT
if _, err := io.ReadFull(c, buf[:3]); err != nil {
return nil, nil, err
}
@@ -279,15 +278,13 @@ func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.A
return nil, nil, err
}
- logf("proxy-socks5 udp dial uAddr: %s", uAddr)
-
pc, nextHop, err := s.cDialer.DialUDP(network, uAddr.String())
if err != nil {
logf("proxy-socks5 dialudp to %s error: %s", uAddr.String(), err)
return nil, nil, err
}
- pkc := NewSocks5PktConn(pc, nextHop, ParseAddr(addr), true, c)
+ pkc := NewSocks5PktConn(pc, nextHop, dstAddr, true, c)
return pkc, nextHop, err
}
From 24f5c98ca9f4dca3b09ad471cb348fb35f0ae657 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 22 Jan 2018 23:24:33 +0800
Subject: [PATCH 148/341] doc: update README
---
README.md | 3 +--
socks5.go | 4 ++--
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index fd2a4a6..6346878 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ Listen (local proxy server):
- DNS Tunnel(udp2tcp)
Forward (local proxy client/upstream proxy server):
-- Socks5 proxy(tcp)
+- Socks5 proxy(tcp&udp)
- Http proxy(tcp)
- SS proxy(tcp&udp&uot)
@@ -50,7 +50,6 @@ General:
TODO:
-- [ ] Socks5 UDP client
- [ ] Transparent UDP proxy (iptables tproxy)
- [ ] DNS Cache
- [ ] TUN/TAP device support
diff --git a/socks5.go b/socks5.go
index 4480649..ce6fbd4 100644
--- a/socks5.go
+++ b/socks5.go
@@ -128,7 +128,7 @@ func (s *SOCKS5) ServeTCP(c net.Conn) {
if err, ok := err.(net.Error); ok && err.Timeout() {
continue
}
- logf("UDP Associate End.")
+ logf("proxy-socks5 servetcp udp associate end")
return
}
}
@@ -620,7 +620,7 @@ func NewSocks5PktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr Addr, tgtHea
if err, ok := err.(net.Error); ok && err.Timeout() {
continue
}
- logf("UDP Associate End.")
+ logf("proxy-socks5 dialudp udp associate end")
return
}
}()
From 98c90f33fde8b45fab28c48d6aa68aa83d903371 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 24 Jan 2018 12:46:02 +0800
Subject: [PATCH 149/341] doc: add some info about udptun/uottun
---
.../examples/9.transparent_proxy_without_dnsmasq/README.md | 5 +++++
config/glider.conf.example | 6 ++++++
2 files changed, 11 insertions(+)
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/README.md b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
index 5186b98..4d6bd44 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/README.md
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
@@ -10,6 +10,11 @@ PC Client -> Gateway with glider running(linux box) -> Upstream Forwarders -> In
so you don't need any dns server in your network.
+#### Create a ipset manually
+```bash
+ipset create glider hash:net
+```
+
#### Glider Configuration
##### glider.conf
```bash
diff --git a/config/glider.conf.example b/config/glider.conf.example
index fb70285..fb4fae4 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -49,6 +49,12 @@ listen=socks5://:1080
# listen on 1082 as a tcp tunnel, all requests to :1082 will be forward to 1.1.1.1:80
# listen=tcptun://:1082=1.1.1.1:80
+# listen on 1083 as a udp tunnel, all requests to :1083 will be forward to 1.1.1.1:53
+# listen=udptun://:1083=1.1.1.1:53
+
+# listen on 1084 as a udp over tcp tunnel, all requests to :1084 will be forward to 1.1.1.1:53
+# listen=uottun://:1084=1.1.1.1:53
+
# a dnstun is a special dns forwarder server with a fixed remote dns
# listen on udp port 5353, act as a local dns server,
# forward all requests to 8.8.8.8:53 via tcp protocol
From 6909a4a37291b8c0178ed698256c250fda8d79e4 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 29 Jan 2018 23:33:53 +0800
Subject: [PATCH 150/341] strategy: write once in proxy check
---
strategy.go | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/strategy.go b/strategy.go
index d87e841..668bee0 100644
--- a/strategy.go
+++ b/strategy.go
@@ -121,8 +121,7 @@ func (rr *rrDialer) checkDialer(idx int) {
continue
}
- c.Write([]byte("GET / HTTP/1.0"))
- c.Write([]byte("\r\n\r\n"))
+ c.Write([]byte("GET / HTTP/1.0\r\n\r\n"))
_, err = io.ReadFull(c, buf)
if err != nil {
From e3b716206a8c5582b43ed8395a89ba499588a3a7 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 30 Jan 2018 23:11:04 +0800
Subject: [PATCH 151/341] rule: compare domains as lowercase
---
rule.go | 8 +++-----
socks5.go | 1 -
2 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/rule.go b/rule.go
index 2a11419..dca32c0 100644
--- a/rule.go
+++ b/rule.go
@@ -37,7 +37,7 @@ func NewRuleDialer(rules []*RuleConf, gDialer Dialer) *RuleDialer {
sDialer := NewStrategyDialer(r.Strategy, fwdrs, r.CheckWebSite, r.CheckDuration)
for _, domain := range r.Domain {
- rd.domainMap.Store(domain, sDialer)
+ rd.domainMap.Store(strings.ToLower(domain), sDialer)
}
for _, ip := range r.IP {
@@ -56,12 +56,10 @@ func NewRuleDialer(rules []*RuleConf, gDialer Dialer) *RuleDialer {
}
// Addr returns RuleDialer's address, always be "RULES"
-// func (rd *RuleDialer) Addr() string { return "RULES" }
-func (rd *RuleDialer) Addr() string { return rd.gDialer.Addr() }
+func (rd *RuleDialer) Addr() string { return "RULE DIALER, DEFAULT: " + rd.gDialer.Addr() }
// NextDialer return next dialer according to rule
func (rd *RuleDialer) NextDialer(dstAddr string) Dialer {
-
host, _, err := net.SplitHostPort(dstAddr)
if err != nil {
// TODO: check here
@@ -124,7 +122,7 @@ func (rd *RuleDialer) AddDomainIP(domain, ip string) error {
domainParts := strings.Split(domain, ".")
length := len(domainParts)
for i := length - 2; i >= 0; i-- {
- pDomain := strings.Join(domainParts[i:length], ".")
+ pDomain := strings.ToLower(strings.Join(domainParts[i:length], "."))
// find in domainMap
if dialer, ok := rd.domainMap.Load(pDomain); ok {
diff --git a/socks5.go b/socks5.go
index ce6fbd4..8fbb92d 100644
--- a/socks5.go
+++ b/socks5.go
@@ -668,7 +668,6 @@ func (pc *Socks5PktConn) WriteTo(b []byte, addr net.Addr) (int, error) {
return pc.PacketConn.WriteTo(b, addr)
}
- // buf := append([]byte{0, 0, 0}, b[:]...)
buf := append([]byte{0, 0, 0}, pc.tgtAddr...)
buf = append(buf, b[:]...)
return pc.PacketConn.WriteTo(buf, pc.writeAddr)
From 984d78cc09b5797f204ca1c62481d98ca428b10c Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 8 Feb 2018 11:13:21 +0800
Subject: [PATCH 152/341] doc: update command example
---
socks5.go | 2 +-
systemd/README.md | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/socks5.go b/socks5.go
index 8fbb92d..45cd83b 100644
--- a/socks5.go
+++ b/socks5.go
@@ -128,7 +128,7 @@ func (s *SOCKS5) ServeTCP(c net.Conn) {
if err, ok := err.(net.Error); ok && err.Timeout() {
continue
}
- logf("proxy-socks5 servetcp udp associate end")
+ // logf("proxy-socks5 servetcp udp associate end")
return
}
}
diff --git a/systemd/README.md b/systemd/README.md
index 761b6b4..2b2df3d 100644
--- a/systemd/README.md
+++ b/systemd/README.md
@@ -15,7 +15,7 @@ config file: ***server***.conf
```bash
# copy config file to /etc/glider/
mkdir /etc/glider/
-cp glider.conf.example /etc/glider/server.conf
+cp ./config/glider.conf.example /etc/glider/server.conf
```
enable and start service: glider@***server***
From 34bbb6a57ba3bee03cb269762bd42f2505079d56 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 25 Feb 2018 12:31:48 +0800
Subject: [PATCH 153/341] doc: correct spell mistake
---
README.md | 2 +-
conf.go | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 6346878..3524cc3 100644
--- a/README.md
+++ b/README.md
@@ -183,7 +183,7 @@ Examples:
-listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.
glider -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -strategy rr
- -listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.
+ -listen on :1080 as socks5 server, forward requests via server1 and server2 in round robin mode.
```
## Advanced Usage
diff --git a/conf.go b/conf.go
index ba231a0..f20ce5b 100644
--- a/conf.go
+++ b/conf.go
@@ -207,6 +207,6 @@ func usage() {
fmt.Fprintf(os.Stderr, " -listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -strategy rr\n")
- fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode.\n")
+ fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, forward requests via server1 and server2 in round robin mode.\n")
fmt.Fprintf(os.Stderr, "\n")
}
From 555d7f2058041d16f01ee8715a9c358b3d8f1923 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 19 Mar 2018 00:38:24 +0800
Subject: [PATCH 154/341] socks5: fixed a bug which may leads to panic when
received a invalid socks5 udp request #20
---
socks5.go | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/socks5.go b/socks5.go
index 45cd83b..8d06d7e 100644
--- a/socks5.go
+++ b/socks5.go
@@ -181,6 +181,11 @@ func (s *SOCKS5) ListenAndServeUDP() {
var pc *Socks5PktConn
v, ok := nm.Load(raddr.String())
if !ok && v == nil {
+ if c.tgtAddr == nil {
+ logf("proxy-socks5-udp can not get target address, not a valid request")
+ continue
+ }
+
lpc, nextHop, err := s.sDialer.DialUDP("udp", c.tgtAddr.String())
if err != nil {
logf("proxy-socks5-udp remote dial error: %v", err)
From 6e32720c1ce0fb7d1dd7f04f00a9fc900596f372 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 20 Mar 2018 18:50:41 +0800
Subject: [PATCH 155/341] version: bump to v0.5.1
---
README.md | 2 +-
main.go | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 3524cc3..f128827 100644
--- a/README.md
+++ b/README.md
@@ -90,7 +90,7 @@ glider -config CONFIGPATH -listen :8080 -verbose
## Usage
```bash
-glider v0.5.0 usage:
+glider v0.5.1 usage:
-checkduration int
proxy check duration(seconds) (default 30)
-checkwebsite string
diff --git a/main.go b/main.go
index b741cfa..dc525f5 100644
--- a/main.go
+++ b/main.go
@@ -9,7 +9,7 @@ import (
)
// VERSION .
-const VERSION = "0.5.0"
+const VERSION = "0.5.1"
func dialerFromConf() Dialer {
// global forwarders in xx.conf
From f785fa9d6c704081cbbd73031c9b88c10609fcb5 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 24 Mar 2018 19:55:06 +0800
Subject: [PATCH 156/341] general: combine cdialer and sdialer
---
dialer.go | 12 ++++++------
dns.go | 12 ++++++------
dnstun.go | 12 ++++++------
forwarder.go | 36 ------------------------------------
http.go | 33 +++++++++++++++++++--------------
mixed.go | 12 ++++++------
server.go | 24 ++++++++++++------------
socks5.go | 31 ++++++++++++++++++-------------
ss.go | 26 ++++++++++++++++----------
tcptun.go | 14 +++++++-------
tproxy.go | 10 +++++-----
udptun.go | 14 +++++++-------
uottun.go | 14 +++++++-------
13 files changed, 115 insertions(+), 135 deletions(-)
delete mode 100644 forwarder.go
diff --git a/dialer.go b/dialer.go
index c20e7da..6576995 100644
--- a/dialer.go
+++ b/dialer.go
@@ -23,7 +23,7 @@ type Dialer interface {
// DialerFromURL parses url and get a Proxy
// TODO: table
-func DialerFromURL(s string, cDialer Dialer) (Dialer, error) {
+func DialerFromURL(s string, dialer Dialer) (Dialer, error) {
u, err := url.Parse(s)
if err != nil {
logf("parse err: %s", err)
@@ -37,17 +37,17 @@ func DialerFromURL(s string, cDialer Dialer) (Dialer, error) {
pass, _ = u.User.Password()
}
- if cDialer == nil {
- cDialer = Direct
+ if dialer == nil {
+ dialer = Direct
}
switch u.Scheme {
case "http":
- return NewHTTP(addr, user, pass, "", cDialer, nil)
+ return NewHTTP(addr, user, pass, "", dialer)
case "socks5":
- return NewSOCKS5(addr, user, pass, cDialer, nil)
+ return NewSOCKS5(addr, user, pass, dialer)
case "ss":
- return NewSS(addr, user, pass, cDialer, nil)
+ return NewSS(addr, user, pass, dialer)
}
return nil, errors.New("unknown schema '" + u.Scheme + "'")
diff --git a/dns.go b/dns.go
index 6ee4773..c26cfe7 100644
--- a/dns.go
+++ b/dns.go
@@ -139,8 +139,8 @@ type DNSAnswerHandler func(Domain, ip string) error
// DNS .
type DNS struct {
- *Forwarder // as proxy client
- sDialer Dialer // dialer for server
+ dialer Dialer
+ addr string
Tunnel bool
@@ -151,10 +151,10 @@ type DNS struct {
}
// NewDNS returns a dns forwarder. client[dns.udp] -> glider[tcp] -> forwarder[dns.tcp] -> remote dns addr
-func NewDNS(addr, raddr string, sDialer Dialer, tunnel bool) (*DNS, error) {
+func NewDNS(addr, raddr string, dialer Dialer, tunnel bool) (*DNS, error) {
s := &DNS{
- Forwarder: NewForwarder(addr, nil),
- sDialer: sDialer,
+ dialer: dialer,
+ addr: addr,
Tunnel: tunnel,
@@ -293,7 +293,7 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint1
dnsServer = s.GetServer(query.QNAME)
}
- rc, err := s.sDialer.NextDialer(query.QNAME+":53").Dial("tcp", dnsServer)
+ rc, err := s.dialer.NextDialer(query.QNAME+":53").Dial("tcp", dnsServer)
if err != nil {
logf("proxy-dns failed to connect to server %v: %v", dnsServer, err)
return
diff --git a/dnstun.go b/dnstun.go
index 27dad71..609d0d4 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -4,8 +4,8 @@ package main
// DNSTun struct
type DNSTun struct {
- *Forwarder // as client
- sDialer Dialer // dialer for server
+ dialer Dialer
+ addr string
raddr string
@@ -14,15 +14,15 @@ type DNSTun struct {
}
// NewDNSTun returns a dns tunnel forwarder.
-func NewDNSTun(addr, raddr string, sDialer Dialer) (*DNSTun, error) {
+func NewDNSTun(addr, raddr string, dialer Dialer) (*DNSTun, error) {
s := &DNSTun{
- Forwarder: NewForwarder(addr, nil),
- sDialer: sDialer,
+ dialer: dialer,
+ addr: addr,
raddr: raddr,
}
- s.dns, _ = NewDNS(addr, raddr, sDialer, true)
+ s.dns, _ = NewDNS(addr, raddr, dialer, true)
return s, nil
}
diff --git a/forwarder.go b/forwarder.go
deleted file mode 100644
index d48a220..0000000
--- a/forwarder.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package main
-
-import "net"
-
-// Forwarder struct
-type Forwarder struct {
- addr string
- cDialer Dialer
-}
-
-// NewForwarder returns a base forwarder
-func NewForwarder(addr string, cDialer Dialer) *Forwarder {
- if cDialer == nil {
- cDialer = Direct
- }
-
- return &Forwarder{addr: addr, cDialer: cDialer}
-}
-
-// Addr returns forwarder's address
-func (p *Forwarder) Addr() string { return p.addr }
-
-// Dial to remote addr via cDialer
-func (p *Forwarder) Dial(network, addr string) (net.Conn, error) {
- return p.cDialer.Dial(network, addr)
-}
-
-// DialUDP to remote addr via cDialer
-func (p *Forwarder) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- return p.cDialer.DialUDP(network, addr)
-}
-
-// NextDialer returns the next cDialer
-func (p *Forwarder) NextDialer(dstAddr string) Dialer {
- return p.cDialer
-}
diff --git a/http.go b/http.go
index dc5f877..ba8a937 100644
--- a/http.go
+++ b/http.go
@@ -19,9 +19,8 @@ import (
// HTTP struct
type HTTP struct {
- *Forwarder // as client
- sDialer Dialer // dialer for server
-
+ dialer Dialer
+ addr string
user string
password string
xff bool // X-Forwarded-For
@@ -31,14 +30,14 @@ type HTTP struct {
}
// NewHTTP returns a http proxy.
-func NewHTTP(addr, user, pass, rawQuery string, cDialer Dialer, sDialer Dialer) (*HTTP, error) {
+func NewHTTP(addr, user, pass, rawQuery string, dialer Dialer) (*HTTP, error) {
s := &HTTP{
- Forwarder: NewForwarder(addr, cDialer),
- sDialer: sDialer,
- user: user,
- password: pass,
- xff: false,
- selfip: OutboundIP(),
+ dialer: dialer,
+ addr: addr,
+ user: user,
+ password: pass,
+ xff: false,
+ selfip: OutboundIP(),
}
p, _ := url.ParseQuery(rawQuery)
@@ -129,7 +128,7 @@ func (s *HTTP) Serve(c net.Conn) {
tgt += ":80"
}
- rc, err := s.sDialer.Dial("tcp", tgt)
+ rc, err := s.dialer.Dial("tcp", tgt)
if err != nil {
fmt.Fprintf(c, "%s 502 ERROR\r\n\r\n", proto)
logf("failed to dial: %v", err)
@@ -189,7 +188,7 @@ func (s *HTTP) Serve(c net.Conn) {
}
func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
- rc, err := s.sDialer.Dial("tcp", requestURI)
+ rc, err := s.dialer.Dial("tcp", requestURI)
if err != nil {
c.Write([]byte(proto))
c.Write([]byte(" 502 ERROR\r\n\r\n"))
@@ -199,7 +198,7 @@ func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
c.Write([]byte("HTTP/1.0 200 Connection established\r\n\r\n"))
- logf("proxy-https %s <-> %s", c.RemoteAddr(), requestURI)
+ logf("proxy-http %s <-> %s [connect]", c.RemoteAddr(), requestURI)
_, _, err = relay(c, rc)
if err != nil {
@@ -210,9 +209,15 @@ func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
}
}
+// Addr returns forwarder's address
+func (s *HTTP) Addr() string { return s.addr }
+
+// NextDialer returns the next dialer
+func (s *HTTP) NextDialer(dstAddr string) Dialer { return s.dialer }
+
// Dial connects to the address addr on the network net via the proxy.
func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
- rc, err := s.cDialer.Dial(network, s.addr)
+ rc, err := s.dialer.Dial(network, s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
diff --git a/mixed.go b/mixed.go
index 05cc724..85e20a7 100644
--- a/mixed.go
+++ b/mixed.go
@@ -19,7 +19,7 @@ var httpMethods = [...][]byte{
// MixedProxy struct
type MixedProxy struct {
- sDialer Dialer
+ dialer Dialer
addr string
http *HTTP
@@ -27,14 +27,14 @@ type MixedProxy struct {
}
// NewMixedProxy returns a mixed proxy.
-func NewMixedProxy(addr, user, pass, rawQuery string, sDialer Dialer) (*MixedProxy, error) {
+func NewMixedProxy(addr, user, pass, rawQuery string, dialer Dialer) (*MixedProxy, error) {
p := &MixedProxy{
- sDialer: sDialer,
- addr: addr,
+ dialer: dialer,
+ addr: addr,
}
- p.http, _ = NewHTTP(addr, user, pass, rawQuery, nil, sDialer)
- p.socks5, _ = NewSOCKS5(addr, user, pass, nil, sDialer)
+ p.http, _ = NewHTTP(addr, user, pass, rawQuery, dialer)
+ p.socks5, _ = NewSOCKS5(addr, user, pass, dialer)
return p, nil
}
diff --git a/server.go b/server.go
index 4c1951a..cf557fc 100644
--- a/server.go
+++ b/server.go
@@ -14,7 +14,7 @@ type Server interface {
// ServerFromURL parses url and get a Proxy
// TODO: table
-func ServerFromURL(s string, sDialer Dialer) (Server, error) {
+func ServerFromURL(s string, dialer Dialer) (Server, error) {
if !strings.Contains(s, "://") {
s = "mixed://" + s
}
@@ -32,33 +32,33 @@ func ServerFromURL(s string, sDialer Dialer) (Server, error) {
pass, _ = u.User.Password()
}
- if sDialer == nil {
- sDialer = Direct
+ if dialer == nil {
+ dialer = Direct
}
switch u.Scheme {
case "mixed":
- return NewMixedProxy(addr, user, pass, u.RawQuery, sDialer)
+ return NewMixedProxy(addr, user, pass, u.RawQuery, dialer)
case "http":
- return NewHTTP(addr, user, pass, u.RawQuery, nil, sDialer)
+ return NewHTTP(addr, user, pass, u.RawQuery, dialer)
case "socks5":
- return NewSOCKS5(addr, user, pass, nil, sDialer)
+ return NewSOCKS5(addr, user, pass, dialer)
case "ss":
- return NewSS(addr, user, pass, nil, sDialer)
+ return NewSS(addr, user, pass, dialer)
case "redir":
- return NewRedirProxy(addr, sDialer)
+ return NewRedirProxy(addr, dialer)
case "tcptun":
d := strings.Split(addr, "=")
- return NewTCPTun(d[0], d[1], sDialer)
+ return NewTCPTun(d[0], d[1], dialer)
case "udptun":
d := strings.Split(addr, "=")
- return NewUDPTun(d[0], d[1], sDialer)
+ return NewUDPTun(d[0], d[1], dialer)
case "dnstun":
d := strings.Split(addr, "=")
- return NewDNSTun(d[0], d[1], sDialer)
+ return NewDNSTun(d[0], d[1], dialer)
case "uottun":
d := strings.Split(addr, "=")
- return NewUoTTun(d[0], d[1], sDialer)
+ return NewUoTTun(d[0], d[1], dialer)
}
return nil, errors.New("unknown schema '" + u.Scheme + "'")
diff --git a/socks5.go b/socks5.go
index 8d06d7e..71c47c5 100644
--- a/socks5.go
+++ b/socks5.go
@@ -62,21 +62,20 @@ var socks5Errors = []error{
// SOCKS5 struct
type SOCKS5 struct {
- *Forwarder
- sDialer Dialer
-
+ dialer Dialer
+ addr string
user string
password string
}
// NewSOCKS5 returns a Proxy that makes SOCKSv5 connections to the given address
// with an optional username and password. See RFC 1928.
-func NewSOCKS5(addr, user, pass string, cDialer Dialer, sDialer Dialer) (*SOCKS5, error) {
+func NewSOCKS5(addr, user, pass string, dialer Dialer) (*SOCKS5, error) {
s := &SOCKS5{
- Forwarder: NewForwarder(addr, cDialer),
- sDialer: sDialer,
- user: user,
- password: pass,
+ dialer: dialer,
+ addr: addr,
+ user: user,
+ password: pass,
}
return s, nil
@@ -137,7 +136,7 @@ func (s *SOCKS5) ServeTCP(c net.Conn) {
return
}
- rc, err := s.sDialer.Dial("tcp", tgt.String())
+ rc, err := s.dialer.Dial("tcp", tgt.String())
if err != nil {
logf("proxy-socks5 failed to connect to target: %v", err)
return
@@ -186,7 +185,7 @@ func (s *SOCKS5) ListenAndServeUDP() {
continue
}
- lpc, nextHop, err := s.sDialer.DialUDP("udp", c.tgtAddr.String())
+ lpc, nextHop, err := s.dialer.DialUDP("udp", c.tgtAddr.String())
if err != nil {
logf("proxy-socks5-udp remote dial error: %v", err)
continue
@@ -216,6 +215,12 @@ func (s *SOCKS5) ListenAndServeUDP() {
}
+// Addr returns forwarder's address
+func (s *SOCKS5) Addr() string { return s.addr }
+
+// NextDialer returns the next dialer
+func (s *SOCKS5) NextDialer(dstAddr string) Dialer { return s.dialer }
+
// Dial connects to the address addr on the network net via the SOCKS5 proxy.
func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
switch network {
@@ -224,7 +229,7 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
return nil, errors.New("proxy-socks5: no support for connection type " + network)
}
- c, err := s.cDialer.Dial(network, s.addr)
+ c, err := s.dialer.Dial(network, s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
@@ -244,7 +249,7 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
// DialUDP connects to the given address via the proxy.
func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- c, err := s.cDialer.Dial("tcp", s.addr)
+ c, err := s.dialer.Dial("tcp", s.addr)
if err != nil {
logf("proxy-socks5 dialudp dial tcp to %s error: %s", s.addr, err)
return nil, nil, err
@@ -283,7 +288,7 @@ func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.A
return nil, nil, err
}
- pc, nextHop, err := s.cDialer.DialUDP(network, uAddr.String())
+ pc, nextHop, err := s.dialer.DialUDP(network, uAddr.String())
if err != nil {
logf("proxy-socks5 dialudp to %s error: %s", uAddr.String(), err)
return nil, nil, err
diff --git a/ss.go b/ss.go
index d7adbab..4e6e612 100644
--- a/ss.go
+++ b/ss.go
@@ -15,23 +15,23 @@ const udpBufSize = 65536
// SS .
type SS struct {
- *Forwarder
- sDialer Dialer
+ dialer Dialer
+ addr string
core.Cipher
}
// NewSS returns a shadowsocks proxy.
-func NewSS(addr, method, pass string, cDialer Dialer, sDialer Dialer) (*SS, error) {
+func NewSS(addr, method, pass string, dialer Dialer) (*SS, error) {
ciph, err := core.PickCipher(method, nil, pass)
if err != nil {
log.Fatalf("PickCipher for '%s', error: %s", method, err)
}
s := &SS{
- Forwarder: NewForwarder(addr, cDialer),
- sDialer: sDialer,
- Cipher: ciph,
+ dialer: dialer,
+ addr: addr,
+ Cipher: ciph,
}
return s, nil
@@ -79,7 +79,7 @@ func (s *SS) ServeTCP(c net.Conn) {
return
}
- dialer := s.sDialer.NextDialer(tgt.String())
+ dialer := s.dialer.NextDialer(tgt.String())
// udp over tcp?
uot := UoT(tgt[0])
@@ -166,7 +166,7 @@ func (s *SS) ListenAndServeUDP() {
var pc *PktConn
v, ok := nm.Load(raddr.String())
if !ok && v == nil {
- lpc, nextHop, err := s.sDialer.DialUDP("udp", c.tgtAddr.String())
+ lpc, nextHop, err := s.dialer.DialUDP("udp", c.tgtAddr.String())
if err != nil {
logf("proxy-ss-udp remote dial error: %v", err)
continue
@@ -200,6 +200,12 @@ func ListCipher() string {
return strings.Join(core.ListCipher(), " ")
}
+// Addr returns forwarder's address
+func (s *SS) Addr() string { return s.addr }
+
+// NextDialer returns the next dialer
+func (s *SS) NextDialer(dstAddr string) Dialer { return s.dialer }
+
// Dial connects to the address addr on the network net via the proxy.
func (s *SS) Dial(network, addr string) (net.Conn, error) {
target := ParseAddr(addr)
@@ -211,7 +217,7 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
target[0] = target[0] | 0x8
}
- c, err := s.cDialer.Dial("tcp", s.addr)
+ c, err := s.dialer.Dial("tcp", s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
@@ -233,7 +239,7 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
// DialUDP connects to the given address via the proxy.
func (s *SS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- pc, nextHop, err := s.cDialer.DialUDP(network, s.addr)
+ pc, nextHop, err := s.dialer.DialUDP(network, s.addr)
if err != nil {
logf("proxy-ss dialudp to %s error: %s", s.addr, err)
return nil, nil, err
diff --git a/tcptun.go b/tcptun.go
index bd1934b..f671bd1 100644
--- a/tcptun.go
+++ b/tcptun.go
@@ -4,18 +4,18 @@ import "net"
// TCPTun struct
type TCPTun struct {
- *Forwarder
- sDialer Dialer
+ dialer Dialer
+ addr string
raddr string
}
// NewTCPTun returns a tcptun proxy.
-func NewTCPTun(addr, raddr string, sDialer Dialer) (*TCPTun, error) {
+func NewTCPTun(addr, raddr string, dialer Dialer) (*TCPTun, error) {
s := &TCPTun{
- Forwarder: NewForwarder(addr, nil),
- sDialer: sDialer,
- raddr: raddr,
+ dialer: dialer,
+ addr: addr,
+ raddr: raddr,
}
return s, nil
@@ -45,7 +45,7 @@ func (s *TCPTun) ListenAndServe() {
c.SetKeepAlive(true)
}
- rc, err := s.sDialer.Dial("tcp", s.raddr)
+ rc, err := s.dialer.Dial("tcp", s.raddr)
if err != nil {
logf("failed to connect to target: %v", err)
diff --git a/tproxy.go b/tproxy.go
index b61750d..cefae56 100644
--- a/tproxy.go
+++ b/tproxy.go
@@ -17,15 +17,15 @@ import (
// TProxy struct
type TProxy struct {
- *Forwarder // as client
- sDialer Dialer // dialer for server
+ dialer Dialer
+ addr string
}
// NewTProxy returns a tproxy.
-func NewTProxy(addr string, sDialer Dialer) (*TProxy, error) {
+func NewTProxy(addr string, dialer Dialer) (*TProxy, error) {
s := &TProxy{
- Forwarder: NewForwarder(addr, nil),
- sDialer: sDialer,
+ dialer: dialer,
+ addr: addr,
}
return s, nil
diff --git a/udptun.go b/udptun.go
index 4c6f16f..498d103 100644
--- a/udptun.go
+++ b/udptun.go
@@ -8,18 +8,18 @@ import (
// UDPTun struct
type UDPTun struct {
- *Forwarder
- sDialer Dialer
+ dialer Dialer
+ addr string
raddr string
}
// NewUDPTun returns a UDPTun proxy.
-func NewUDPTun(addr, raddr string, sDialer Dialer) (*UDPTun, error) {
+func NewUDPTun(addr, raddr string, dialer Dialer) (*UDPTun, error) {
s := &UDPTun{
- Forwarder: NewForwarder(addr, nil),
- sDialer: sDialer,
- raddr: raddr,
+ dialer: dialer,
+ addr: addr,
+ raddr: raddr,
}
return s, nil
@@ -52,7 +52,7 @@ func (s *UDPTun) ListenAndServe() {
v, ok := nm.Load(raddr.String())
if !ok && v == nil {
- pc, writeAddr, err = s.sDialer.DialUDP("udp", s.raddr)
+ pc, writeAddr, err = s.dialer.DialUDP("udp", s.raddr)
if err != nil {
logf("proxy-udptun remote dial error: %v", err)
continue
diff --git a/uottun.go b/uottun.go
index 27c9330..1f633e1 100644
--- a/uottun.go
+++ b/uottun.go
@@ -8,18 +8,18 @@ import (
// UoTTun udp over tcp tunnel
type UoTTun struct {
- *Forwarder
- sDialer Dialer
+ dialer Dialer
+ addr string
raddr string
}
// NewUoTTun returns a UoTTun proxy.
-func NewUoTTun(addr, raddr string, sDialer Dialer) (*UoTTun, error) {
+func NewUoTTun(addr, raddr string, dialer Dialer) (*UoTTun, error) {
s := &UoTTun{
- Forwarder: NewForwarder(addr, nil),
- sDialer: sDialer,
- raddr: raddr,
+ dialer: dialer,
+ addr: addr,
+ raddr: raddr,
}
return s, nil
@@ -45,7 +45,7 @@ func (s *UoTTun) ListenAndServe() {
continue
}
- rc, err := s.sDialer.Dial("uot", s.raddr)
+ rc, err := s.dialer.Dial("uot", s.raddr)
if err != nil {
logf("proxy-uottun failed to connect to server %v: %v", s.raddr, err)
continue
From e76998f44b38abf635a477ce72d9b35f02d11c37 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 24 Mar 2018 19:57:46 +0800
Subject: [PATCH 157/341] general: combine cdialer and sdialer
---
dialer.go | 12 ++++++------
dns.go | 12 ++++++------
dnstun.go | 12 ++++++------
forwarder.go | 36 ------------------------------------
http.go | 33 +++++++++++++++++++--------------
mixed.go | 12 ++++++------
redir_linux.go | 12 ++++++------
server.go | 24 ++++++++++++------------
socks5.go | 31 ++++++++++++++++++-------------
ss.go | 26 ++++++++++++++++----------
tcptun.go | 14 +++++++-------
tproxy.go | 10 +++++-----
udptun.go | 14 +++++++-------
uottun.go | 14 +++++++-------
14 files changed, 121 insertions(+), 141 deletions(-)
delete mode 100644 forwarder.go
diff --git a/dialer.go b/dialer.go
index c20e7da..6576995 100644
--- a/dialer.go
+++ b/dialer.go
@@ -23,7 +23,7 @@ type Dialer interface {
// DialerFromURL parses url and get a Proxy
// TODO: table
-func DialerFromURL(s string, cDialer Dialer) (Dialer, error) {
+func DialerFromURL(s string, dialer Dialer) (Dialer, error) {
u, err := url.Parse(s)
if err != nil {
logf("parse err: %s", err)
@@ -37,17 +37,17 @@ func DialerFromURL(s string, cDialer Dialer) (Dialer, error) {
pass, _ = u.User.Password()
}
- if cDialer == nil {
- cDialer = Direct
+ if dialer == nil {
+ dialer = Direct
}
switch u.Scheme {
case "http":
- return NewHTTP(addr, user, pass, "", cDialer, nil)
+ return NewHTTP(addr, user, pass, "", dialer)
case "socks5":
- return NewSOCKS5(addr, user, pass, cDialer, nil)
+ return NewSOCKS5(addr, user, pass, dialer)
case "ss":
- return NewSS(addr, user, pass, cDialer, nil)
+ return NewSS(addr, user, pass, dialer)
}
return nil, errors.New("unknown schema '" + u.Scheme + "'")
diff --git a/dns.go b/dns.go
index 6ee4773..c26cfe7 100644
--- a/dns.go
+++ b/dns.go
@@ -139,8 +139,8 @@ type DNSAnswerHandler func(Domain, ip string) error
// DNS .
type DNS struct {
- *Forwarder // as proxy client
- sDialer Dialer // dialer for server
+ dialer Dialer
+ addr string
Tunnel bool
@@ -151,10 +151,10 @@ type DNS struct {
}
// NewDNS returns a dns forwarder. client[dns.udp] -> glider[tcp] -> forwarder[dns.tcp] -> remote dns addr
-func NewDNS(addr, raddr string, sDialer Dialer, tunnel bool) (*DNS, error) {
+func NewDNS(addr, raddr string, dialer Dialer, tunnel bool) (*DNS, error) {
s := &DNS{
- Forwarder: NewForwarder(addr, nil),
- sDialer: sDialer,
+ dialer: dialer,
+ addr: addr,
Tunnel: tunnel,
@@ -293,7 +293,7 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint1
dnsServer = s.GetServer(query.QNAME)
}
- rc, err := s.sDialer.NextDialer(query.QNAME+":53").Dial("tcp", dnsServer)
+ rc, err := s.dialer.NextDialer(query.QNAME+":53").Dial("tcp", dnsServer)
if err != nil {
logf("proxy-dns failed to connect to server %v: %v", dnsServer, err)
return
diff --git a/dnstun.go b/dnstun.go
index 27dad71..609d0d4 100644
--- a/dnstun.go
+++ b/dnstun.go
@@ -4,8 +4,8 @@ package main
// DNSTun struct
type DNSTun struct {
- *Forwarder // as client
- sDialer Dialer // dialer for server
+ dialer Dialer
+ addr string
raddr string
@@ -14,15 +14,15 @@ type DNSTun struct {
}
// NewDNSTun returns a dns tunnel forwarder.
-func NewDNSTun(addr, raddr string, sDialer Dialer) (*DNSTun, error) {
+func NewDNSTun(addr, raddr string, dialer Dialer) (*DNSTun, error) {
s := &DNSTun{
- Forwarder: NewForwarder(addr, nil),
- sDialer: sDialer,
+ dialer: dialer,
+ addr: addr,
raddr: raddr,
}
- s.dns, _ = NewDNS(addr, raddr, sDialer, true)
+ s.dns, _ = NewDNS(addr, raddr, dialer, true)
return s, nil
}
diff --git a/forwarder.go b/forwarder.go
deleted file mode 100644
index d48a220..0000000
--- a/forwarder.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package main
-
-import "net"
-
-// Forwarder struct
-type Forwarder struct {
- addr string
- cDialer Dialer
-}
-
-// NewForwarder returns a base forwarder
-func NewForwarder(addr string, cDialer Dialer) *Forwarder {
- if cDialer == nil {
- cDialer = Direct
- }
-
- return &Forwarder{addr: addr, cDialer: cDialer}
-}
-
-// Addr returns forwarder's address
-func (p *Forwarder) Addr() string { return p.addr }
-
-// Dial to remote addr via cDialer
-func (p *Forwarder) Dial(network, addr string) (net.Conn, error) {
- return p.cDialer.Dial(network, addr)
-}
-
-// DialUDP to remote addr via cDialer
-func (p *Forwarder) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- return p.cDialer.DialUDP(network, addr)
-}
-
-// NextDialer returns the next cDialer
-func (p *Forwarder) NextDialer(dstAddr string) Dialer {
- return p.cDialer
-}
diff --git a/http.go b/http.go
index dc5f877..ba8a937 100644
--- a/http.go
+++ b/http.go
@@ -19,9 +19,8 @@ import (
// HTTP struct
type HTTP struct {
- *Forwarder // as client
- sDialer Dialer // dialer for server
-
+ dialer Dialer
+ addr string
user string
password string
xff bool // X-Forwarded-For
@@ -31,14 +30,14 @@ type HTTP struct {
}
// NewHTTP returns a http proxy.
-func NewHTTP(addr, user, pass, rawQuery string, cDialer Dialer, sDialer Dialer) (*HTTP, error) {
+func NewHTTP(addr, user, pass, rawQuery string, dialer Dialer) (*HTTP, error) {
s := &HTTP{
- Forwarder: NewForwarder(addr, cDialer),
- sDialer: sDialer,
- user: user,
- password: pass,
- xff: false,
- selfip: OutboundIP(),
+ dialer: dialer,
+ addr: addr,
+ user: user,
+ password: pass,
+ xff: false,
+ selfip: OutboundIP(),
}
p, _ := url.ParseQuery(rawQuery)
@@ -129,7 +128,7 @@ func (s *HTTP) Serve(c net.Conn) {
tgt += ":80"
}
- rc, err := s.sDialer.Dial("tcp", tgt)
+ rc, err := s.dialer.Dial("tcp", tgt)
if err != nil {
fmt.Fprintf(c, "%s 502 ERROR\r\n\r\n", proto)
logf("failed to dial: %v", err)
@@ -189,7 +188,7 @@ func (s *HTTP) Serve(c net.Conn) {
}
func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
- rc, err := s.sDialer.Dial("tcp", requestURI)
+ rc, err := s.dialer.Dial("tcp", requestURI)
if err != nil {
c.Write([]byte(proto))
c.Write([]byte(" 502 ERROR\r\n\r\n"))
@@ -199,7 +198,7 @@ func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
c.Write([]byte("HTTP/1.0 200 Connection established\r\n\r\n"))
- logf("proxy-https %s <-> %s", c.RemoteAddr(), requestURI)
+ logf("proxy-http %s <-> %s [connect]", c.RemoteAddr(), requestURI)
_, _, err = relay(c, rc)
if err != nil {
@@ -210,9 +209,15 @@ func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
}
}
+// Addr returns forwarder's address
+func (s *HTTP) Addr() string { return s.addr }
+
+// NextDialer returns the next dialer
+func (s *HTTP) NextDialer(dstAddr string) Dialer { return s.dialer }
+
// Dial connects to the address addr on the network net via the proxy.
func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
- rc, err := s.cDialer.Dial(network, s.addr)
+ rc, err := s.dialer.Dial(network, s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
diff --git a/mixed.go b/mixed.go
index 05cc724..85e20a7 100644
--- a/mixed.go
+++ b/mixed.go
@@ -19,7 +19,7 @@ var httpMethods = [...][]byte{
// MixedProxy struct
type MixedProxy struct {
- sDialer Dialer
+ dialer Dialer
addr string
http *HTTP
@@ -27,14 +27,14 @@ type MixedProxy struct {
}
// NewMixedProxy returns a mixed proxy.
-func NewMixedProxy(addr, user, pass, rawQuery string, sDialer Dialer) (*MixedProxy, error) {
+func NewMixedProxy(addr, user, pass, rawQuery string, dialer Dialer) (*MixedProxy, error) {
p := &MixedProxy{
- sDialer: sDialer,
- addr: addr,
+ dialer: dialer,
+ addr: addr,
}
- p.http, _ = NewHTTP(addr, user, pass, rawQuery, nil, sDialer)
- p.socks5, _ = NewSOCKS5(addr, user, pass, nil, sDialer)
+ p.http, _ = NewHTTP(addr, user, pass, rawQuery, dialer)
+ p.socks5, _ = NewSOCKS5(addr, user, pass, dialer)
return p, nil
}
diff --git a/redir_linux.go b/redir_linux.go
index 81fbbcb..0b2c6d8 100644
--- a/redir_linux.go
+++ b/redir_linux.go
@@ -19,15 +19,15 @@ const (
// RedirProxy struct
type RedirProxy struct {
- *Forwarder // as client
- sDialer Dialer // dialer for server
+ dialer Dialer
+ addr string
}
// NewRedirProxy returns a redirect proxy.
-func NewRedirProxy(addr string, sDialer Dialer) (*RedirProxy, error) {
+func NewRedirProxy(addr string, dialer Dialer) (*RedirProxy, error) {
s := &RedirProxy{
- Forwarder: NewForwarder(addr, nil),
- sDialer: sDialer,
+ dialer: dialer,
+ addr: addr,
}
return s, nil
@@ -63,7 +63,7 @@ func (s *RedirProxy) ListenAndServe() {
return
}
- rc, err := s.sDialer.Dial("tcp", tgt.String())
+ rc, err := s.dialer.Dial("tcp", tgt.String())
if err != nil {
logf("proxy-redir failed to connect to target: %v", err)
return
diff --git a/server.go b/server.go
index 4c1951a..cf557fc 100644
--- a/server.go
+++ b/server.go
@@ -14,7 +14,7 @@ type Server interface {
// ServerFromURL parses url and get a Proxy
// TODO: table
-func ServerFromURL(s string, sDialer Dialer) (Server, error) {
+func ServerFromURL(s string, dialer Dialer) (Server, error) {
if !strings.Contains(s, "://") {
s = "mixed://" + s
}
@@ -32,33 +32,33 @@ func ServerFromURL(s string, sDialer Dialer) (Server, error) {
pass, _ = u.User.Password()
}
- if sDialer == nil {
- sDialer = Direct
+ if dialer == nil {
+ dialer = Direct
}
switch u.Scheme {
case "mixed":
- return NewMixedProxy(addr, user, pass, u.RawQuery, sDialer)
+ return NewMixedProxy(addr, user, pass, u.RawQuery, dialer)
case "http":
- return NewHTTP(addr, user, pass, u.RawQuery, nil, sDialer)
+ return NewHTTP(addr, user, pass, u.RawQuery, dialer)
case "socks5":
- return NewSOCKS5(addr, user, pass, nil, sDialer)
+ return NewSOCKS5(addr, user, pass, dialer)
case "ss":
- return NewSS(addr, user, pass, nil, sDialer)
+ return NewSS(addr, user, pass, dialer)
case "redir":
- return NewRedirProxy(addr, sDialer)
+ return NewRedirProxy(addr, dialer)
case "tcptun":
d := strings.Split(addr, "=")
- return NewTCPTun(d[0], d[1], sDialer)
+ return NewTCPTun(d[0], d[1], dialer)
case "udptun":
d := strings.Split(addr, "=")
- return NewUDPTun(d[0], d[1], sDialer)
+ return NewUDPTun(d[0], d[1], dialer)
case "dnstun":
d := strings.Split(addr, "=")
- return NewDNSTun(d[0], d[1], sDialer)
+ return NewDNSTun(d[0], d[1], dialer)
case "uottun":
d := strings.Split(addr, "=")
- return NewUoTTun(d[0], d[1], sDialer)
+ return NewUoTTun(d[0], d[1], dialer)
}
return nil, errors.New("unknown schema '" + u.Scheme + "'")
diff --git a/socks5.go b/socks5.go
index 8d06d7e..71c47c5 100644
--- a/socks5.go
+++ b/socks5.go
@@ -62,21 +62,20 @@ var socks5Errors = []error{
// SOCKS5 struct
type SOCKS5 struct {
- *Forwarder
- sDialer Dialer
-
+ dialer Dialer
+ addr string
user string
password string
}
// NewSOCKS5 returns a Proxy that makes SOCKSv5 connections to the given address
// with an optional username and password. See RFC 1928.
-func NewSOCKS5(addr, user, pass string, cDialer Dialer, sDialer Dialer) (*SOCKS5, error) {
+func NewSOCKS5(addr, user, pass string, dialer Dialer) (*SOCKS5, error) {
s := &SOCKS5{
- Forwarder: NewForwarder(addr, cDialer),
- sDialer: sDialer,
- user: user,
- password: pass,
+ dialer: dialer,
+ addr: addr,
+ user: user,
+ password: pass,
}
return s, nil
@@ -137,7 +136,7 @@ func (s *SOCKS5) ServeTCP(c net.Conn) {
return
}
- rc, err := s.sDialer.Dial("tcp", tgt.String())
+ rc, err := s.dialer.Dial("tcp", tgt.String())
if err != nil {
logf("proxy-socks5 failed to connect to target: %v", err)
return
@@ -186,7 +185,7 @@ func (s *SOCKS5) ListenAndServeUDP() {
continue
}
- lpc, nextHop, err := s.sDialer.DialUDP("udp", c.tgtAddr.String())
+ lpc, nextHop, err := s.dialer.DialUDP("udp", c.tgtAddr.String())
if err != nil {
logf("proxy-socks5-udp remote dial error: %v", err)
continue
@@ -216,6 +215,12 @@ func (s *SOCKS5) ListenAndServeUDP() {
}
+// Addr returns forwarder's address
+func (s *SOCKS5) Addr() string { return s.addr }
+
+// NextDialer returns the next dialer
+func (s *SOCKS5) NextDialer(dstAddr string) Dialer { return s.dialer }
+
// Dial connects to the address addr on the network net via the SOCKS5 proxy.
func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
switch network {
@@ -224,7 +229,7 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
return nil, errors.New("proxy-socks5: no support for connection type " + network)
}
- c, err := s.cDialer.Dial(network, s.addr)
+ c, err := s.dialer.Dial(network, s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
@@ -244,7 +249,7 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
// DialUDP connects to the given address via the proxy.
func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- c, err := s.cDialer.Dial("tcp", s.addr)
+ c, err := s.dialer.Dial("tcp", s.addr)
if err != nil {
logf("proxy-socks5 dialudp dial tcp to %s error: %s", s.addr, err)
return nil, nil, err
@@ -283,7 +288,7 @@ func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.A
return nil, nil, err
}
- pc, nextHop, err := s.cDialer.DialUDP(network, uAddr.String())
+ pc, nextHop, err := s.dialer.DialUDP(network, uAddr.String())
if err != nil {
logf("proxy-socks5 dialudp to %s error: %s", uAddr.String(), err)
return nil, nil, err
diff --git a/ss.go b/ss.go
index d7adbab..4e6e612 100644
--- a/ss.go
+++ b/ss.go
@@ -15,23 +15,23 @@ const udpBufSize = 65536
// SS .
type SS struct {
- *Forwarder
- sDialer Dialer
+ dialer Dialer
+ addr string
core.Cipher
}
// NewSS returns a shadowsocks proxy.
-func NewSS(addr, method, pass string, cDialer Dialer, sDialer Dialer) (*SS, error) {
+func NewSS(addr, method, pass string, dialer Dialer) (*SS, error) {
ciph, err := core.PickCipher(method, nil, pass)
if err != nil {
log.Fatalf("PickCipher for '%s', error: %s", method, err)
}
s := &SS{
- Forwarder: NewForwarder(addr, cDialer),
- sDialer: sDialer,
- Cipher: ciph,
+ dialer: dialer,
+ addr: addr,
+ Cipher: ciph,
}
return s, nil
@@ -79,7 +79,7 @@ func (s *SS) ServeTCP(c net.Conn) {
return
}
- dialer := s.sDialer.NextDialer(tgt.String())
+ dialer := s.dialer.NextDialer(tgt.String())
// udp over tcp?
uot := UoT(tgt[0])
@@ -166,7 +166,7 @@ func (s *SS) ListenAndServeUDP() {
var pc *PktConn
v, ok := nm.Load(raddr.String())
if !ok && v == nil {
- lpc, nextHop, err := s.sDialer.DialUDP("udp", c.tgtAddr.String())
+ lpc, nextHop, err := s.dialer.DialUDP("udp", c.tgtAddr.String())
if err != nil {
logf("proxy-ss-udp remote dial error: %v", err)
continue
@@ -200,6 +200,12 @@ func ListCipher() string {
return strings.Join(core.ListCipher(), " ")
}
+// Addr returns forwarder's address
+func (s *SS) Addr() string { return s.addr }
+
+// NextDialer returns the next dialer
+func (s *SS) NextDialer(dstAddr string) Dialer { return s.dialer }
+
// Dial connects to the address addr on the network net via the proxy.
func (s *SS) Dial(network, addr string) (net.Conn, error) {
target := ParseAddr(addr)
@@ -211,7 +217,7 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
target[0] = target[0] | 0x8
}
- c, err := s.cDialer.Dial("tcp", s.addr)
+ c, err := s.dialer.Dial("tcp", s.addr)
if err != nil {
logf("dial to %s error: %s", s.addr, err)
return nil, err
@@ -233,7 +239,7 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
// DialUDP connects to the given address via the proxy.
func (s *SS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- pc, nextHop, err := s.cDialer.DialUDP(network, s.addr)
+ pc, nextHop, err := s.dialer.DialUDP(network, s.addr)
if err != nil {
logf("proxy-ss dialudp to %s error: %s", s.addr, err)
return nil, nil, err
diff --git a/tcptun.go b/tcptun.go
index bd1934b..f671bd1 100644
--- a/tcptun.go
+++ b/tcptun.go
@@ -4,18 +4,18 @@ import "net"
// TCPTun struct
type TCPTun struct {
- *Forwarder
- sDialer Dialer
+ dialer Dialer
+ addr string
raddr string
}
// NewTCPTun returns a tcptun proxy.
-func NewTCPTun(addr, raddr string, sDialer Dialer) (*TCPTun, error) {
+func NewTCPTun(addr, raddr string, dialer Dialer) (*TCPTun, error) {
s := &TCPTun{
- Forwarder: NewForwarder(addr, nil),
- sDialer: sDialer,
- raddr: raddr,
+ dialer: dialer,
+ addr: addr,
+ raddr: raddr,
}
return s, nil
@@ -45,7 +45,7 @@ func (s *TCPTun) ListenAndServe() {
c.SetKeepAlive(true)
}
- rc, err := s.sDialer.Dial("tcp", s.raddr)
+ rc, err := s.dialer.Dial("tcp", s.raddr)
if err != nil {
logf("failed to connect to target: %v", err)
diff --git a/tproxy.go b/tproxy.go
index b61750d..cefae56 100644
--- a/tproxy.go
+++ b/tproxy.go
@@ -17,15 +17,15 @@ import (
// TProxy struct
type TProxy struct {
- *Forwarder // as client
- sDialer Dialer // dialer for server
+ dialer Dialer
+ addr string
}
// NewTProxy returns a tproxy.
-func NewTProxy(addr string, sDialer Dialer) (*TProxy, error) {
+func NewTProxy(addr string, dialer Dialer) (*TProxy, error) {
s := &TProxy{
- Forwarder: NewForwarder(addr, nil),
- sDialer: sDialer,
+ dialer: dialer,
+ addr: addr,
}
return s, nil
diff --git a/udptun.go b/udptun.go
index 4c6f16f..498d103 100644
--- a/udptun.go
+++ b/udptun.go
@@ -8,18 +8,18 @@ import (
// UDPTun struct
type UDPTun struct {
- *Forwarder
- sDialer Dialer
+ dialer Dialer
+ addr string
raddr string
}
// NewUDPTun returns a UDPTun proxy.
-func NewUDPTun(addr, raddr string, sDialer Dialer) (*UDPTun, error) {
+func NewUDPTun(addr, raddr string, dialer Dialer) (*UDPTun, error) {
s := &UDPTun{
- Forwarder: NewForwarder(addr, nil),
- sDialer: sDialer,
- raddr: raddr,
+ dialer: dialer,
+ addr: addr,
+ raddr: raddr,
}
return s, nil
@@ -52,7 +52,7 @@ func (s *UDPTun) ListenAndServe() {
v, ok := nm.Load(raddr.String())
if !ok && v == nil {
- pc, writeAddr, err = s.sDialer.DialUDP("udp", s.raddr)
+ pc, writeAddr, err = s.dialer.DialUDP("udp", s.raddr)
if err != nil {
logf("proxy-udptun remote dial error: %v", err)
continue
diff --git a/uottun.go b/uottun.go
index 27c9330..1f633e1 100644
--- a/uottun.go
+++ b/uottun.go
@@ -8,18 +8,18 @@ import (
// UoTTun udp over tcp tunnel
type UoTTun struct {
- *Forwarder
- sDialer Dialer
+ dialer Dialer
+ addr string
raddr string
}
// NewUoTTun returns a UoTTun proxy.
-func NewUoTTun(addr, raddr string, sDialer Dialer) (*UoTTun, error) {
+func NewUoTTun(addr, raddr string, dialer Dialer) (*UoTTun, error) {
s := &UoTTun{
- Forwarder: NewForwarder(addr, nil),
- sDialer: sDialer,
- raddr: raddr,
+ dialer: dialer,
+ addr: addr,
+ raddr: raddr,
}
return s, nil
@@ -45,7 +45,7 @@ func (s *UoTTun) ListenAndServe() {
continue
}
- rc, err := s.sDialer.Dial("uot", s.raddr)
+ rc, err := s.dialer.Dial("uot", s.raddr)
if err != nil {
logf("proxy-uottun failed to connect to server %v: %v", s.raddr, err)
continue
From 6cf3070d7d086646eeb0af3dcd1a867f7f37dfaf Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 24 Mar 2018 22:37:22 +0800
Subject: [PATCH 158/341] general: change NextDialer func
---
http.go | 5 ++---
mixed.go | 2 +-
socks5.go | 2 +-
ss.go | 2 +-
4 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/http.go b/http.go
index ba8a937..2e7e3cf 100644
--- a/http.go
+++ b/http.go
@@ -25,8 +25,7 @@ type HTTP struct {
password string
xff bool // X-Forwarded-For
xsi bool // X-Server-IP
-
- selfip string
+ selfip string
}
// NewHTTP returns a http proxy.
@@ -213,7 +212,7 @@ func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
func (s *HTTP) Addr() string { return s.addr }
// NextDialer returns the next dialer
-func (s *HTTP) NextDialer(dstAddr string) Dialer { return s.dialer }
+func (s *HTTP) NextDialer(dstAddr string) Dialer { return s.dialer.NextDialer(dstAddr) }
// Dial connects to the address addr on the network net via the proxy.
func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
diff --git a/mixed.go b/mixed.go
index 85e20a7..fc29de6 100644
--- a/mixed.go
+++ b/mixed.go
@@ -20,8 +20,8 @@ var httpMethods = [...][]byte{
// MixedProxy struct
type MixedProxy struct {
dialer Dialer
-
addr string
+
http *HTTP
socks5 *SOCKS5
}
diff --git a/socks5.go b/socks5.go
index 71c47c5..b4c1e5a 100644
--- a/socks5.go
+++ b/socks5.go
@@ -219,7 +219,7 @@ func (s *SOCKS5) ListenAndServeUDP() {
func (s *SOCKS5) Addr() string { return s.addr }
// NextDialer returns the next dialer
-func (s *SOCKS5) NextDialer(dstAddr string) Dialer { return s.dialer }
+func (s *SOCKS5) NextDialer(dstAddr string) Dialer { return s.dialer.NextDialer(dstAddr) }
// Dial connects to the address addr on the network net via the SOCKS5 proxy.
func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
diff --git a/ss.go b/ss.go
index 4e6e612..617af55 100644
--- a/ss.go
+++ b/ss.go
@@ -204,7 +204,7 @@ func ListCipher() string {
func (s *SS) Addr() string { return s.addr }
// NextDialer returns the next dialer
-func (s *SS) NextDialer(dstAddr string) Dialer { return s.dialer }
+func (s *SS) NextDialer(dstAddr string) Dialer { return s.dialer.NextDialer(dstAddr) }
// Dial connects to the address addr on the network net via the proxy.
func (s *SS) Dial(network, addr string) (net.Conn, error) {
From d7c12ab2ab59353976b87da6753b031270c87bf0 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 25 Mar 2018 10:37:53 +0800
Subject: [PATCH 159/341] travis: add 1.10.x version
---
.travis.yml | 5 +++--
main.go | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 5792b69..1eceb67 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,6 +1,7 @@
language: go
go:
- - 1.9
- - tip
+ - "1.9.x"
+ - "1.10.x"
+ - master
diff --git a/main.go b/main.go
index dc525f5..5c80aea 100644
--- a/main.go
+++ b/main.go
@@ -9,7 +9,7 @@ import (
)
// VERSION .
-const VERSION = "0.5.1"
+const VERSION = "0.5.2"
func dialerFromConf() Dialer {
// global forwarders in xx.conf
From d406a8edde800cbfae4eaf7958ca3e0e100d9ce4 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 17 May 2018 00:04:09 +0800
Subject: [PATCH 160/341] ssr: add ssr support
---
dialer.go | 2 +
http.go | 12 ++---
ss.go | 4 +-
ssr.go | 132 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 142 insertions(+), 8 deletions(-)
create mode 100644 ssr.go
diff --git a/dialer.go b/dialer.go
index 6576995..f6dd9c5 100644
--- a/dialer.go
+++ b/dialer.go
@@ -48,6 +48,8 @@ func DialerFromURL(s string, dialer Dialer) (Dialer, error) {
return NewSOCKS5(addr, user, pass, dialer)
case "ss":
return NewSS(addr, user, pass, dialer)
+ case "ssr":
+ return NewSSR(addr, user, pass, u.RawQuery, dialer)
}
return nil, errors.New("unknown schema '" + u.Scheme + "'")
diff --git a/http.go b/http.go
index 2e7e3cf..b2b49fd 100644
--- a/http.go
+++ b/http.go
@@ -69,7 +69,7 @@ func (s *HTTP) ListenAndServe() {
for {
c, err := l.Accept()
if err != nil {
- logf("failed to accept: %v", err)
+ logf("proxy-http failed to accept: %v", err)
continue
}
@@ -130,7 +130,7 @@ func (s *HTTP) Serve(c net.Conn) {
rc, err := s.dialer.Dial("tcp", tgt)
if err != nil {
fmt.Fprintf(c, "%s 502 ERROR\r\n\r\n", proto)
- logf("failed to dial: %v", err)
+ logf("proxy-http failed to dial: %v", err)
return
}
defer rc.Close()
@@ -164,7 +164,7 @@ func (s *HTTP) Serve(c net.Conn) {
respHeader, err := respTP.ReadMIMEHeader()
if err != nil {
- logf("read header error:%s", err)
+ logf("proxy-http read header error:%s", err)
return
}
@@ -191,7 +191,7 @@ func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
if err != nil {
c.Write([]byte(proto))
c.Write([]byte(" 502 ERROR\r\n\r\n"))
- logf("failed to dial: %v", err)
+ logf("proxy-http failed to dial: %v", err)
return
}
@@ -218,7 +218,7 @@ func (s *HTTP) NextDialer(dstAddr string) Dialer { return s.dialer.NextDialer(ds
func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
rc, err := s.dialer.Dial(network, s.addr)
if err != nil {
- logf("dial to %s error: %s", s.addr, err)
+ logf("proxy-http dial to %s error: %s", s.addr, err)
return nil, err
}
@@ -261,7 +261,7 @@ func parseFirstLine(tp *textproto.Reader) (r1, r2, r3 string, ok bool) {
line, err := tp.ReadLine()
// logf("first line: %s", line)
if err != nil {
- logf("read request line error:%s", err)
+ logf("proxy-http read request line error:%s", err)
return
}
diff --git a/ss.go b/ss.go
index 617af55..08788fb 100644
--- a/ss.go
+++ b/ss.go
@@ -210,7 +210,7 @@ func (s *SS) NextDialer(dstAddr string) Dialer { return s.dialer.NextDialer(dstA
func (s *SS) Dial(network, addr string) (net.Conn, error) {
target := ParseAddr(addr)
if target == nil {
- return nil, errors.New("Unable to parse address: " + addr)
+ return nil, errors.New("proxy-ss unable to parse address: " + addr)
}
if network == "uot" {
@@ -219,7 +219,7 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
c, err := s.dialer.Dial("tcp", s.addr)
if err != nil {
- logf("dial to %s error: %s", s.addr, err)
+ logf("proxy-ss dial to %s error: %s", s.addr, err)
return nil, err
}
diff --git a/ssr.go b/ssr.go
new file mode 100644
index 0000000..991d082
--- /dev/null
+++ b/ssr.go
@@ -0,0 +1,132 @@
+package main
+
+import (
+ "errors"
+ "net"
+ "net/url"
+ "strconv"
+ "strings"
+
+ shadowsocksr "github.com/sun8911879/shadowsocksR"
+ "github.com/sun8911879/shadowsocksR/obfs"
+ "github.com/sun8911879/shadowsocksR/protocol"
+ "github.com/sun8911879/shadowsocksR/ssr"
+)
+
+// SSR .
+type SSR struct {
+ dialer Dialer
+ addr string
+
+ EncryptMethod string
+ EncryptPassword string
+ Obfs string
+ ObfsParam string
+ ObfsData interface{}
+ Protocol string
+ ProtocolParam string
+ ProtocolData interface{}
+}
+
+// NewSSR returns a shadowsocksr proxy, ssr://method:pass@host:port/rawQuery
+func NewSSR(addr, method, pass, rawQuery string, dialer Dialer) (*SSR, error) {
+ s := &SSR{
+ dialer: dialer,
+ addr: addr,
+ EncryptMethod: method,
+ EncryptPassword: pass,
+ }
+
+ p, _ := url.ParseQuery(rawQuery)
+ if v, ok := p["protocol"]; ok {
+ s.Protocol = v[0]
+ }
+ if v, ok := p["protocol_param"]; ok {
+ s.ProtocolParam = v[0]
+ }
+ if v, ok := p["obfs"]; ok {
+ s.Obfs = v[0]
+ }
+ if v, ok := p["obfs_param"]; ok {
+ s.ObfsParam = v[0]
+ }
+
+ return s, nil
+}
+
+// Addr returns forwarder's address
+func (s *SSR) Addr() string { return s.addr }
+
+// NextDialer returns the next dialer
+func (s *SSR) NextDialer(dstAddr string) Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial connects to the address addr on the network net via the proxy.
+func (s *SSR) Dial(network, addr string) (net.Conn, error) {
+ target := ParseAddr(addr)
+ if target == nil {
+ return nil, errors.New("proxy-ssr unable to parse address: " + addr)
+ }
+
+ cipher, err := shadowsocksr.NewStreamCipher(s.EncryptMethod, s.EncryptPassword)
+ if err != nil {
+ return nil, err
+ }
+
+ c, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ logf("proxy-ssr dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ ssrconn := shadowsocksr.NewSSTCPConn(c, cipher)
+ if ssrconn.Conn == nil || ssrconn.RemoteAddr() == nil {
+ return nil, errors.New("proxy-ssr nil connection")
+ }
+
+ // should initialize obfs/protocol now
+ rs := strings.Split(ssrconn.RemoteAddr().String(), ":")
+ port, _ := strconv.Atoi(rs[1])
+
+ ssrconn.IObfs = obfs.NewObfs(s.Obfs)
+ obfsServerInfo := &ssr.ServerInfoForObfs{
+ Host: rs[0],
+ Port: uint16(port),
+ TcpMss: 1460,
+ Param: s.ObfsParam,
+ }
+ ssrconn.IObfs.SetServerInfo(obfsServerInfo)
+ ssrconn.IProtocol = protocol.NewProtocol(s.Protocol)
+ protocolServerInfo := &ssr.ServerInfoForObfs{
+ Host: rs[0],
+ Port: uint16(port),
+ TcpMss: 1460,
+ Param: s.ProtocolParam,
+ }
+ ssrconn.IProtocol.SetServerInfo(protocolServerInfo)
+
+ if s.ObfsData == nil {
+ s.ObfsData = ssrconn.IObfs.GetData()
+ }
+ ssrconn.IObfs.SetData(s.ObfsData)
+
+ if s.ProtocolData == nil {
+ s.ProtocolData = ssrconn.IProtocol.GetData()
+ }
+ ssrconn.IProtocol.SetData(s.ProtocolData)
+
+ if _, err := ssrconn.Write(target); err != nil {
+ ssrconn.Close()
+ return nil, err
+ }
+
+ return ssrconn, err
+}
+
+// DialUDP connects to the given address via the proxy.
+func (s *SSR) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ return nil, nil, errors.New("proxy-ssr udp not supported now")
+}
From 113a96fd18e2cd1ad503636fcb45ee596159d76b Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 17 May 2018 10:16:00 +0800
Subject: [PATCH 161/341] doc: add some info for ssr
---
README.md | 18 ++++++++++++++----
conf.go | 19 +++++++++++++++----
main.go | 2 +-
3 files changed, 30 insertions(+), 9 deletions(-)
diff --git a/README.md b/README.md
index f128827..5d819ec 100644
--- a/README.md
+++ b/README.md
@@ -29,6 +29,7 @@ Forward (local proxy client/upstream proxy server):
- Socks5 proxy(tcp&udp)
- Http proxy(tcp)
- SS proxy(tcp&udp&uot)
+- SSR proxy(tcp)
DNS Forwarding Server (udp2tcp):
- Listen on UDP and forward dns requests to remote dns server in TCP via forwarders
@@ -90,7 +91,7 @@ glider -config CONFIGPATH -listen :8080 -verbose
## Usage
```bash
-glider v0.5.1 usage:
+glider v0.5.3 usage:
-checkduration int
proxy check duration(seconds) (default 30)
-checkwebsite string
@@ -102,11 +103,11 @@ glider v0.5.1 usage:
-dnsserver value
remote dns server
-forward value
- forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]
+ forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]
-ipset string
ipset name
-listen value
- listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT
+ listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS
-rulefile value
rule file path
-rules-dir string
@@ -129,12 +130,18 @@ Available Schemas:
Available schemas for different modes:
listen: mixed ss socks5 http redir tcptun udptun uottun dnstun
- forward: ss socks5 http
+ forward: ss socks5 http ssr
+
+SS schema:
+ ss://method:pass@host:port
Available methods for ss:
AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20
NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305
+SSR schema:
+ ssr://method:pass@host:port?protocol=xxx&protocol_param=yyy&obfs=zzz&obfs_param=xyz
+
Available forward strategies:
rr: Round Robin mode
ha: High Availability mode
@@ -167,6 +174,9 @@ Examples:
glider -listen redir://:1081 -forward ss://method:pass@1.1.1.1:8443
-listen on :1081 as a transparent redirect server, forward all requests via remote ss server.
+ glider -listen redir://:1081 -forward ssr://method:pass@1.1.1.1:8444?protocol=a&protocol_param=b&obfs=c&obfs_param=d
+ -listen on :1081 as a transparent redirect server, forward all requests via remote ssr server.
+
glider -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443
-listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.
diff --git a/conf.go b/conf.go
index f20ce5b..094c125 100644
--- a/conf.go
+++ b/conf.go
@@ -34,8 +34,8 @@ func confInit() {
flag.StringVar(&conf.Strategy, "strategy", "rr", "forward strategy, default: rr")
flag.StringVar(&conf.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
flag.IntVar(&conf.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
- flag.StringSliceUniqVar(&conf.Listen, "listen", nil, "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT")
- flag.StringSliceUniqVar(&conf.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
+ flag.StringSliceUniqVar(&conf.Listen, "listen", nil, "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS")
+ flag.StringSliceUniqVar(&conf.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]")
flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
flag.StringVar(&conf.RulesDir, "rules-dir", "", "rule file folder")
@@ -106,7 +106,7 @@ func NewRuleConfFromFile(ruleFile string) (*RuleConf, error) {
p := &RuleConf{name: ruleFile}
f := conflag.NewFromFile("rule", ruleFile)
- f.StringSliceUniqVar(&p.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT]")
+ f.StringSliceUniqVar(&p.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]")
f.StringVar(&p.Strategy, "strategy", "rr", "forward strategy, default: rr")
f.StringVar(&p.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
f.IntVar(&p.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
@@ -148,7 +148,11 @@ func usage() {
fmt.Fprintf(os.Stderr, "Available schemas for different modes:\n")
fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir tcptun udptun uottun dnstun\n")
- fmt.Fprintf(os.Stderr, " forward: ss socks5 http\n")
+ fmt.Fprintf(os.Stderr, " forward: ss socks5 http ssr\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "SS schema:\n")
+ fmt.Fprintf(os.Stderr, " ss://method:pass@host:port\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Available methods for ss:\n")
@@ -157,6 +161,10 @@ func usage() {
fmt.Fprintf(os.Stderr, " NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305\n")
fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, "SSR schema:\n")
+ fmt.Fprintf(os.Stderr, " ssr://method:pass@host:port?protocol=xxx&protocol_param=yyy&obfs=zzz&obfs_param=xyz\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
fmt.Fprintf(os.Stderr, "Available forward strategies:\n")
fmt.Fprintf(os.Stderr, " rr: Round Robin mode\n")
fmt.Fprintf(os.Stderr, " ha: High Availability mode\n")
@@ -191,6 +199,9 @@ func usage() {
fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward ss://method:pass@1.1.1.1:8443\n")
fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward ssr://method:pass@1.1.1.1:8444?protocol=a&protocol_param=b&obfs=c&obfs_param=d\n")
+ fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote ssr server.\n")
+ fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443\n")
fmt.Fprintf(os.Stderr, " -listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
diff --git a/main.go b/main.go
index 5c80aea..3a5ec29 100644
--- a/main.go
+++ b/main.go
@@ -9,7 +9,7 @@ import (
)
// VERSION .
-const VERSION = "0.5.2"
+const VERSION = "0.5.3"
func dialerFromConf() Dialer {
// global forwarders in xx.conf
From a25cc5cfe39c6a343aa90b02e4d3e85ae5d8b468 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 20 May 2018 16:59:48 +0800
Subject: [PATCH 162/341] doc: update ssr info
---
README.md | 1 +
conf.go | 1 +
http.go | 2 +-
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 5d819ec..b4e4574 100644
--- a/README.md
+++ b/README.md
@@ -122,6 +122,7 @@ Available Schemas:
ss: ss proxy
socks5: socks5 proxy
http: http proxy
+ ssr: ssr proxy
redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)
tcptun: tcp tunnel
udptun: udp tunnel
diff --git a/conf.go b/conf.go
index 094c125..7e55cb2 100644
--- a/conf.go
+++ b/conf.go
@@ -139,6 +139,7 @@ func usage() {
fmt.Fprintf(os.Stderr, " ss: ss proxy\n")
fmt.Fprintf(os.Stderr, " socks5: socks5 proxy\n")
fmt.Fprintf(os.Stderr, " http: http proxy\n")
+ fmt.Fprintf(os.Stderr, " ssr: ssr proxy\n")
fmt.Fprintf(os.Stderr, " redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)\n")
fmt.Fprintf(os.Stderr, " tcptun: tcp tunnel\n")
fmt.Fprintf(os.Stderr, " udptun: udp tunnel\n")
diff --git a/http.go b/http.go
index b2b49fd..aebc5df 100644
--- a/http.go
+++ b/http.go
@@ -261,7 +261,7 @@ func parseFirstLine(tp *textproto.Reader) (r1, r2, r3 string, ok bool) {
line, err := tp.ReadLine()
// logf("first line: %s", line)
if err != nil {
- logf("proxy-http read request line error:%s", err)
+ logf("proxy-http read first line error:%s", err)
return
}
From dcd02cebd9c9220b95ca65151491128e0457ead8 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 22 May 2018 12:19:57 +0800
Subject: [PATCH 163/341] ssr: check obfs and protocol type
---
README.md | 4 ++--
conf.go | 2 +-
config/README.md | 2 +-
http.go | 12 +++++++-----
main.go | 2 +-
ss.go | 2 +-
ssr.go | 9 +++++++++
7 files changed, 22 insertions(+), 11 deletions(-)
diff --git a/README.md b/README.md
index b4e4574..2025004 100644
--- a/README.md
+++ b/README.md
@@ -91,7 +91,7 @@ glider -config CONFIGPATH -listen :8080 -verbose
## Usage
```bash
-glider v0.5.3 usage:
+glider v0.5.2 usage:
-checkduration int
proxy check duration(seconds) (default 30)
-checkwebsite string
@@ -175,7 +175,7 @@ Examples:
glider -listen redir://:1081 -forward ss://method:pass@1.1.1.1:8443
-listen on :1081 as a transparent redirect server, forward all requests via remote ss server.
- glider -listen redir://:1081 -forward ssr://method:pass@1.1.1.1:8444?protocol=a&protocol_param=b&obfs=c&obfs_param=d
+ glider -listen redir://:1081 -forward "ssr://method:pass@1.1.1.1:8444?protocol=a&protocol_param=b&obfs=c&obfs_param=d"
-listen on :1081 as a transparent redirect server, forward all requests via remote ssr server.
glider -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443
diff --git a/conf.go b/conf.go
index 7e55cb2..fcd6bd9 100644
--- a/conf.go
+++ b/conf.go
@@ -200,7 +200,7 @@ func usage() {
fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward ss://method:pass@1.1.1.1:8443\n")
fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward ssr://method:pass@1.1.1.1:8444?protocol=a&protocol_param=b&obfs=c&obfs_param=d\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward \"ssr://method:pass@1.1.1.1:8444?protocol=a&protocol_param=b&obfs=c&obfs_param=d\"\n")
fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote ssr server.\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443\n")
diff --git a/config/README.md b/config/README.md
index cc110f1..89da5d8 100644
--- a/config/README.md
+++ b/config/README.md
@@ -39,7 +39,7 @@ checkduration=30
# Setup a dns forwarding server
-dns://53
+dns=:53
# global remote dns server (you can specify different dns server in rule file)
dnsserver=8.8.8.8:53
diff --git a/http.go b/http.go
index aebc5df..69fedd7 100644
--- a/http.go
+++ b/http.go
@@ -118,7 +118,7 @@ func (s *HTTP) Serve(c net.Conn) {
url, err := url.ParseRequestURI(requestURI)
if err != nil {
- logf("parse request url error: %s", err)
+ logf("proxy-http parse request url error: %s", err)
return
}
@@ -150,9 +150,11 @@ func (s *HTTP) Serve(c net.Conn) {
// copy the left request bytes to remote server. eg. length specificed or chunked body.
go func() {
- io.Copy(rc, reqR)
- rc.SetDeadline(time.Now())
- c.SetDeadline(time.Now())
+ if _, err := reqR.Peek(1); err == nil {
+ io.Copy(rc, reqR)
+ rc.SetDeadline(time.Now())
+ c.SetDeadline(time.Now())
+ }
}()
respR := bufio.NewReader(rc)
@@ -197,7 +199,7 @@ func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
c.Write([]byte("HTTP/1.0 200 Connection established\r\n\r\n"))
- logf("proxy-http %s <-> %s [connect]", c.RemoteAddr(), requestURI)
+ logf("proxy-http %s <-> %s [c]", c.RemoteAddr(), requestURI)
_, _, err = relay(c, rc)
if err != nil {
diff --git a/main.go b/main.go
index 3a5ec29..5c80aea 100644
--- a/main.go
+++ b/main.go
@@ -9,7 +9,7 @@ import (
)
// VERSION .
-const VERSION = "0.5.3"
+const VERSION = "0.5.2"
func dialerFromConf() Dialer {
// global forwarders in xx.conf
diff --git a/ss.go b/ss.go
index 08788fb..c65f90f 100644
--- a/ss.go
+++ b/ss.go
@@ -25,7 +25,7 @@ type SS struct {
func NewSS(addr, method, pass string, dialer Dialer) (*SS, error) {
ciph, err := core.PickCipher(method, nil, pass)
if err != nil {
- log.Fatalf("PickCipher for '%s', error: %s", method, err)
+ log.Fatalf("proxy-ss PickCipher for '%s', error: %s", method, err)
}
s := &SS{
diff --git a/ssr.go b/ssr.go
index 991d082..8fc369e 100644
--- a/ssr.go
+++ b/ssr.go
@@ -92,6 +92,10 @@ func (s *SSR) Dial(network, addr string) (net.Conn, error) {
port, _ := strconv.Atoi(rs[1])
ssrconn.IObfs = obfs.NewObfs(s.Obfs)
+ if ssrconn.IObfs == nil {
+ return nil, errors.New("proxy-ssr unsupported obfs type: " + s.Obfs)
+ }
+
obfsServerInfo := &ssr.ServerInfoForObfs{
Host: rs[0],
Port: uint16(port),
@@ -99,7 +103,12 @@ func (s *SSR) Dial(network, addr string) (net.Conn, error) {
Param: s.ObfsParam,
}
ssrconn.IObfs.SetServerInfo(obfsServerInfo)
+
ssrconn.IProtocol = protocol.NewProtocol(s.Protocol)
+ if ssrconn.IProtocol == nil {
+ return nil, errors.New("proxy-ssr unsupported protocol type: " + s.Protocol)
+ }
+
protocolServerInfo := &ssr.ServerInfoForObfs{
Host: rs[0],
Port: uint16(port),
From baf8fc47a5bfeee172974aa9e36aaae3f9f8d4f8 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 22 May 2018 20:44:09 +0800
Subject: [PATCH 164/341] doc: update config example for ssr
---
config/glider.conf.example | 3 +++
1 file changed, 3 insertions(+)
diff --git a/config/glider.conf.example b/config/glider.conf.example
index fb4fae4..2c56712 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -71,6 +71,9 @@ listen=socks5://:1080
# SS proxy as forwarder
# forward=ss://method:pass@1.1.1.1:8443
+# SSR proxy as forwarder
+# forward=ssr://method:pass@1.1.1.1:8443?protocol=auth_aes128_md5&protocol_param=xxx&obfs=tls1.2_ticket_auth&obfs_param=yyy
+
# http proxy as forwarder
# forward=http://1.1.1.1:8080
From ffd663c4515f9c58a671040c7dde4c3d3c142bf4 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 27 May 2018 21:41:04 +0800
Subject: [PATCH 165/341] systemd: update service file
---
systemd/glider@.service | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/systemd/glider@.service b/systemd/glider@.service
index 2891ffe..ea8f6a2 100644
--- a/systemd/glider@.service
+++ b/systemd/glider@.service
@@ -1,6 +1,6 @@
[Unit]
Description=Glider Service (%i)
-Before=iptables.service ip6tables.service
+After=network.target iptables.service ip6tables.service
[Service]
Type=simple
From 3e09aa9ce0bc7be292261f7432462c4ee9b0021c Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 3 Jun 2018 13:54:16 +0800
Subject: [PATCH 166/341] doc: update spell mistakes
---
README.md | 12 ++++++------
conf.go | 14 +++++++-------
dialer.go | 2 +-
server.go | 2 +-
4 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/README.md b/README.md
index 2025004..6ab0949 100644
--- a/README.md
+++ b/README.md
@@ -103,11 +103,11 @@ glider v0.5.2 usage:
-dnsserver value
remote dns server
-forward value
- forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]
+ forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]
-ipset string
ipset name
-listen value
- listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS
+ listen url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS
-rulefile value
rule file path
-rules-dir string
@@ -117,7 +117,7 @@ glider v0.5.2 usage:
-verbose
verbose mode
-Available Schemas:
+Available Schemes:
mixed: serve as a http/socks5 proxy on the same port. (default)
ss: ss proxy
socks5: socks5 proxy
@@ -129,18 +129,18 @@ Available Schemas:
uottun: udp over tcp tunnel
dnstun: listen on udp port and forward all dns requests to remote dns server via forwarders(tcp)
-Available schemas for different modes:
+Available schemes for different modes:
listen: mixed ss socks5 http redir tcptun udptun uottun dnstun
forward: ss socks5 http ssr
-SS schema:
+SS scheme:
ss://method:pass@host:port
Available methods for ss:
AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20
NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305
-SSR schema:
+SSR scheme:
ssr://method:pass@host:port?protocol=xxx&protocol_param=yyy&obfs=zzz&obfs_param=xyz
Available forward strategies:
diff --git a/conf.go b/conf.go
index fcd6bd9..b56f894 100644
--- a/conf.go
+++ b/conf.go
@@ -34,8 +34,8 @@ func confInit() {
flag.StringVar(&conf.Strategy, "strategy", "rr", "forward strategy, default: rr")
flag.StringVar(&conf.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
flag.IntVar(&conf.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
- flag.StringSliceUniqVar(&conf.Listen, "listen", nil, "listen url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS")
- flag.StringSliceUniqVar(&conf.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]")
+ flag.StringSliceUniqVar(&conf.Listen, "listen", nil, "listen url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS")
+ flag.StringSliceUniqVar(&conf.Forward, "forward", nil, "forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]")
flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
flag.StringVar(&conf.RulesDir, "rules-dir", "", "rule file folder")
@@ -106,7 +106,7 @@ func NewRuleConfFromFile(ruleFile string) (*RuleConf, error) {
p := &RuleConf{name: ruleFile}
f := conflag.NewFromFile("rule", ruleFile)
- f.StringSliceUniqVar(&p.Forward, "forward", nil, "forward url, format: SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEMA://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]")
+ f.StringSliceUniqVar(&p.Forward, "forward", nil, "forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]")
f.StringVar(&p.Strategy, "strategy", "rr", "forward strategy, default: rr")
f.StringVar(&p.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
f.IntVar(&p.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
@@ -134,7 +134,7 @@ func usage() {
flag.PrintDefaults()
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, "Available Schemas:\n")
+ fmt.Fprintf(os.Stderr, "Available Schemes:\n")
fmt.Fprintf(os.Stderr, " mixed: serve as a http/socks5 proxy on the same port. (default)\n")
fmt.Fprintf(os.Stderr, " ss: ss proxy\n")
fmt.Fprintf(os.Stderr, " socks5: socks5 proxy\n")
@@ -147,12 +147,12 @@ func usage() {
fmt.Fprintf(os.Stderr, " dnstun: listen on udp port and forward all dns requests to remote dns server via forwarders(tcp)\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, "Available schemas for different modes:\n")
+ fmt.Fprintf(os.Stderr, "Available schemes for different modes:\n")
fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir tcptun udptun uottun dnstun\n")
fmt.Fprintf(os.Stderr, " forward: ss socks5 http ssr\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, "SS schema:\n")
+ fmt.Fprintf(os.Stderr, "SS scheme:\n")
fmt.Fprintf(os.Stderr, " ss://method:pass@host:port\n")
fmt.Fprintf(os.Stderr, "\n")
@@ -162,7 +162,7 @@ func usage() {
fmt.Fprintf(os.Stderr, " NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, "SSR schema:\n")
+ fmt.Fprintf(os.Stderr, "SSR scheme:\n")
fmt.Fprintf(os.Stderr, " ssr://method:pass@host:port?protocol=xxx&protocol_param=yyy&obfs=zzz&obfs_param=xyz\n")
fmt.Fprintf(os.Stderr, "\n")
diff --git a/dialer.go b/dialer.go
index f6dd9c5..6721ef7 100644
--- a/dialer.go
+++ b/dialer.go
@@ -52,5 +52,5 @@ func DialerFromURL(s string, dialer Dialer) (Dialer, error) {
return NewSSR(addr, user, pass, u.RawQuery, dialer)
}
- return nil, errors.New("unknown schema '" + u.Scheme + "'")
+ return nil, errors.New("unknown scheme '" + u.Scheme + "'")
}
diff --git a/server.go b/server.go
index cf557fc..559099b 100644
--- a/server.go
+++ b/server.go
@@ -61,5 +61,5 @@ func ServerFromURL(s string, dialer Dialer) (Server, error) {
return NewUoTTun(d[0], d[1], dialer)
}
- return nil, errors.New("unknown schema '" + u.Scheme + "'")
+ return nil, errors.New("unknown scheme '" + u.Scheme + "'")
}
From 58e79394856379f4bdd111babb76fc4270072e08 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 26 Jun 2018 16:03:03 +0800
Subject: [PATCH 167/341] version: bump to 0.5.3
---
main.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/main.go b/main.go
index 5c80aea..3a5ec29 100644
--- a/main.go
+++ b/main.go
@@ -9,7 +9,7 @@ import (
)
// VERSION .
-const VERSION = "0.5.2"
+const VERSION = "0.5.3"
func dialerFromConf() Dialer {
// global forwarders in xx.conf
From fbbae713142329a0e0f6c40e1f410589e3051f86 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 26 Jun 2018 16:15:48 +0800
Subject: [PATCH 168/341] general: move proxy to separate package
---
conn.go => common/conn/conn.go | 30 +-
common/log/log.go | 16 +
common/socks/socks.go | 173 ++++++++++
conf.go | 2 +-
dns.go | 55 +--
dnstun.go | 35 --
features.go | 12 +
features_linux.go | 5 +
ipset_linux.go | 23 +-
log.go | 16 -
main.go | 26 +-
mixed.go | 105 ------
dialer.go => proxy/dialer.go | 40 ++-
direct.go => proxy/direct.go | 6 +-
http.go => proxy/http/http.go | 112 +++---
proxy/mixed/mixed.go | 127 +++++++
redir_linux.go => proxy/redir/redir_linux.go | 58 +++-
.../redir/redir_linux_386.go | 2 +-
.../redir/redir_linux_other.go | 2 +-
proxy/server.go | 48 +++
socks5.go => proxy/socks5/socks5.go | 322 ++++++------------
ss.go => proxy/ss/ss.go | 103 ++++--
ssr.go => proxy/ssr/ssr.go | 60 +++-
proxy/tcptun/tcptun.go | 94 +++++
tproxy.go => proxy/tproxy/tproxy.go | 0
.../tproxy/tproxy_other.go | 0
proxy/udptun/udptun.go | 106 ++++++
proxy/uottun/uottun.go | 104 ++++++
redir_other.go | 21 --
rule.go | 26 +-
server.go | 65 ----
strategy.go | 35 +-
tcptun.go | 68 ----
udptun.go | 82 -----
uottun.go | 80 -----
35 files changed, 1127 insertions(+), 932 deletions(-)
rename conn.go => common/conn/conn.go (66%)
create mode 100644 common/log/log.go
create mode 100644 common/socks/socks.go
delete mode 100644 dnstun.go
create mode 100644 features.go
create mode 100644 features_linux.go
delete mode 100644 log.go
delete mode 100644 mixed.go
rename dialer.go => proxy/dialer.go (54%)
rename direct.go => proxy/direct.go (89%)
rename http.go => proxy/http/http.go (72%)
create mode 100644 proxy/mixed/mixed.go
rename redir_linux.go => proxy/redir/redir_linux.go (69%)
rename redir_linux_386.go => proxy/redir/redir_linux_386.go (97%)
rename redir_linux_other.go => proxy/redir/redir_linux_other.go (95%)
create mode 100644 proxy/server.go
rename socks5.go => proxy/socks5/socks5.go (62%)
rename ss.go => proxy/ss/ss.go (65%)
rename ssr.go => proxy/ssr/ssr.go (72%)
create mode 100644 proxy/tcptun/tcptun.go
rename tproxy.go => proxy/tproxy/tproxy.go (100%)
rename tproxy_other.go => proxy/tproxy/tproxy_other.go (100%)
create mode 100644 proxy/udptun/udptun.go
create mode 100644 proxy/uottun/uottun.go
delete mode 100644 redir_other.go
delete mode 100644 server.go
delete mode 100644 tcptun.go
delete mode 100644 udptun.go
delete mode 100644 uottun.go
diff --git a/conn.go b/common/conn/conn.go
similarity index 66%
rename from conn.go
rename to common/conn/conn.go
index e433b41..e33ca6e 100644
--- a/conn.go
+++ b/common/conn/conn.go
@@ -1,34 +1,38 @@
-package main
+package conn
import (
"bufio"
"io"
"net"
"time"
+
+ "github.com/nadoo/glider/common/log"
)
-type conn struct {
+const UDPBufSize = 65536
+
+type Conn struct {
r *bufio.Reader
net.Conn
}
-func newConn(c net.Conn) conn {
- return conn{bufio.NewReader(c), c}
+func NewConn(c net.Conn) Conn {
+ return Conn{bufio.NewReader(c), c}
}
-func newConnSize(c net.Conn, n int) conn {
- return conn{bufio.NewReaderSize(c, n), c}
+func NewConnSize(c net.Conn, n int) Conn {
+ return Conn{bufio.NewReaderSize(c, n), c}
}
-func (c conn) Peek(n int) ([]byte, error) {
+func (c Conn) Peek(n int) ([]byte, error) {
return c.r.Peek(n)
}
-func (c conn) Read(p []byte) (int, error) {
+func (c Conn) Read(p []byte) (int, error) {
return c.r.Read(p)
}
-func relay(left, right net.Conn) (int64, int64, error) {
+func Relay(left, right net.Conn) (int64, int64, error) {
type res struct {
N int64
Err error
@@ -53,9 +57,9 @@ func relay(left, right net.Conn) (int64, int64, error) {
return n, rs.N, err
}
-// copy from src to dst at target with read timeout
-func timedCopy(dst net.PacketConn, target net.Addr, src net.PacketConn, timeout time.Duration) error {
- buf := make([]byte, udpBufSize)
+// TimedCopy copy from src to dst at target with read timeout
+func TimedCopy(dst net.PacketConn, target net.Addr, src net.PacketConn, timeout time.Duration) error {
+ buf := make([]byte, UDPBufSize)
for {
src.SetReadDeadline(time.Now().Add(timeout))
n, _, err := src.ReadFrom(buf)
@@ -74,7 +78,7 @@ func timedCopy(dst net.PacketConn, target net.Addr, src net.PacketConn, timeout
func OutboundIP() string {
conn, err := net.Dial("udp", "8.8.8.8:80")
if err != nil {
- logf("get outbound ip error: %s", err)
+ log.F("get outbound ip error: %s", err)
return ""
}
defer conn.Close()
diff --git a/common/log/log.go b/common/log/log.go
new file mode 100644
index 0000000..ae80f47
--- /dev/null
+++ b/common/log/log.go
@@ -0,0 +1,16 @@
+package log
+
+import "log"
+
+// Func defines a simple log function
+type Func func(f string, v ...interface{})
+
+var F Func
+
+func Fatal(v ...interface{}) {
+ log.Fatal(v)
+}
+
+func Fatalf(f string, v ...interface{}) {
+ log.Fatalf(f, v)
+}
diff --git a/common/socks/socks.go b/common/socks/socks.go
new file mode 100644
index 0000000..09f9515
--- /dev/null
+++ b/common/socks/socks.go
@@ -0,0 +1,173 @@
+package socks
+
+import (
+ "errors"
+ "io"
+ "net"
+ "strconv"
+)
+
+const (
+ AuthNone = 0
+ AuthPassword = 2
+)
+
+// SOCKS request commands as defined in RFC 1928 section 4.
+const (
+ CmdConnect = 1
+ CmdBind = 2
+ CmdUDPAssociate = 3
+)
+
+// SOCKS address types as defined in RFC 1928 section 5.
+const (
+ ATypeIP4 = 1
+ ATypeDomain = 3
+ ATypeIP6 = 4
+)
+
+// MaxAddrLen is the maximum size of SOCKS address in bytes.
+const MaxAddrLen = 1 + 1 + 255 + 2
+
+var Errors = []error{
+ errors.New(""),
+ errors.New("general failure"),
+ errors.New("connection forbidden"),
+ errors.New("network unreachable"),
+ errors.New("host unreachable"),
+ errors.New("connection refused"),
+ errors.New("TTL expired"),
+ errors.New("command not supported"),
+ errors.New("address type not supported"),
+ errors.New("socks5UDPAssociate"),
+}
+
+type Addr []byte
+
+// String serializes SOCKS address a to string form.
+func (a Addr) String() string {
+ var host, port string
+
+ switch ATYP(a[0]) { // address type
+ case ATypeDomain:
+ host = string(a[2 : 2+int(a[1])])
+ port = strconv.Itoa((int(a[2+int(a[1])]) << 8) | int(a[2+int(a[1])+1]))
+ case ATypeIP4:
+ host = net.IP(a[1 : 1+net.IPv4len]).String()
+ port = strconv.Itoa((int(a[1+net.IPv4len]) << 8) | int(a[1+net.IPv4len+1]))
+ case ATypeIP6:
+ host = net.IP(a[1 : 1+net.IPv6len]).String()
+ port = strconv.Itoa((int(a[1+net.IPv6len]) << 8) | int(a[1+net.IPv6len+1]))
+ }
+
+ return net.JoinHostPort(host, port)
+}
+
+// UoT udp over tcp
+func UoT(b byte) bool {
+ return b&0x8 == 0x8
+}
+
+// ATYP return the address type
+func ATYP(b byte) int {
+ return int(b &^ 0x8)
+}
+
+func ReadAddrBuf(r io.Reader, b []byte) (Addr, error) {
+ if len(b) < MaxAddrLen {
+ return nil, io.ErrShortBuffer
+ }
+ _, err := io.ReadFull(r, b[:1]) // read 1st byte for address type
+ if err != nil {
+ return nil, err
+ }
+
+ switch ATYP(b[0]) {
+ case ATypeDomain:
+ _, err = io.ReadFull(r, b[1:2]) // read 2nd byte for domain length
+ if err != nil {
+ return nil, err
+ }
+ _, err = io.ReadFull(r, b[2:2+int(b[1])+2])
+ return b[:1+1+int(b[1])+2], err
+ case ATypeIP4:
+ _, err = io.ReadFull(r, b[1:1+net.IPv4len+2])
+ return b[:1+net.IPv4len+2], err
+ case ATypeIP6:
+ _, err = io.ReadFull(r, b[1:1+net.IPv6len+2])
+ return b[:1+net.IPv6len+2], err
+ }
+
+ return nil, Errors[8]
+}
+
+// ReadAddr reads just enough bytes from r to get a valid Addr.
+func ReadAddr(r io.Reader) (Addr, error) {
+ return ReadAddrBuf(r, make([]byte, MaxAddrLen))
+}
+
+// SplitAddr slices a SOCKS address from beginning of b. Returns nil if failed.
+func SplitAddr(b []byte) Addr {
+ addrLen := 1
+ if len(b) < addrLen {
+ return nil
+ }
+
+ switch ATYP(b[0]) {
+ case ATypeDomain:
+ if len(b) < 2 {
+ return nil
+ }
+ addrLen = 1 + 1 + int(b[1]) + 2
+ case ATypeIP4:
+ addrLen = 1 + net.IPv4len + 2
+ case ATypeIP6:
+ addrLen = 1 + net.IPv6len + 2
+ default:
+ return nil
+
+ }
+
+ if len(b) < addrLen {
+ return nil
+ }
+
+ return b[:addrLen]
+}
+
+// ParseAddr parses the address in string s. Returns nil if failed.
+func ParseAddr(s string) Addr {
+ var addr Addr
+ host, port, err := net.SplitHostPort(s)
+ if err != nil {
+ return nil
+ }
+ if ip := net.ParseIP(host); ip != nil {
+ if ip4 := ip.To4(); ip4 != nil {
+ addr = make([]byte, 1+net.IPv4len+2)
+ addr[0] = ATypeIP4
+ copy(addr[1:], ip4)
+ } else {
+ addr = make([]byte, 1+net.IPv6len+2)
+ addr[0] = ATypeIP6
+ copy(addr[1:], ip)
+ }
+ } else {
+ if len(host) > 255 {
+ return nil
+ }
+ addr = make([]byte, 1+1+len(host)+2)
+ addr[0] = ATypeDomain
+ addr[1] = byte(len(host))
+ copy(addr[2:], host)
+ }
+
+ portnum, err := strconv.ParseUint(port, 10, 16)
+ if err != nil {
+ return nil
+ }
+
+ addr[len(addr)-2], addr[len(addr)-1] = byte(portnum>>8), byte(portnum)
+
+ return addr
+}
diff --git a/conf.go b/conf.go
index b56f894..19ce152 100644
--- a/conf.go
+++ b/conf.go
@@ -157,7 +157,7 @@ func usage() {
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Available methods for ss:\n")
- fmt.Fprintf(os.Stderr, " "+ListCipher())
+ fmt.Fprintf(os.Stderr, " AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305\n")
fmt.Fprintf(os.Stderr, "\n")
diff --git a/dns.go b/dns.go
index c26cfe7..97006ee 100644
--- a/dns.go
+++ b/dns.go
@@ -8,6 +8,9 @@ import (
"io"
"net"
"strings"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
)
// DNSHeaderLen is the length of dns msg header
@@ -139,7 +142,7 @@ type DNSAnswerHandler func(Domain, ip string) error
// DNS .
type DNS struct {
- dialer Dialer
+ dialer proxy.Dialer
addr string
Tunnel bool
@@ -151,7 +154,7 @@ type DNS struct {
}
// NewDNS returns a dns forwarder. client[dns.udp] -> glider[tcp] -> forwarder[dns.tcp] -> remote dns addr
-func NewDNS(addr, raddr string, dialer Dialer, tunnel bool) (*DNS, error) {
+func NewDNS(addr, raddr string, dialer proxy.Dialer, tunnel bool) (*DNS, error) {
s := &DNS{
dialer: dialer,
addr: addr,
@@ -175,25 +178,25 @@ func (s *DNS) ListenAndServe() {
func (s *DNS) ListenAndServeUDP() {
c, err := net.ListenPacket("udp", s.addr)
if err != nil {
- logf("proxy-dns failed to listen on %s, error: %v", s.addr, err)
+ log.F("proxy-dns failed to listen on %s, error: %v", s.addr, err)
return
}
defer c.Close()
- logf("proxy-dns listening UDP on %s", s.addr)
+ log.F("proxy-dns listening UDP on %s", s.addr)
for {
b := make([]byte, DNSUDPMaxLen)
n, clientAddr, err := c.ReadFrom(b)
if err != nil {
- logf("proxy-dns local read error: %v", err)
+ log.F("proxy-dns local read error: %v", err)
continue
}
reqLen := uint16(n)
// TODO: check here
if reqLen <= DNSHeaderLen+2 {
- logf("proxy-dns not enough data")
+ log.F("proxy-dns not enough data")
continue
}
@@ -201,13 +204,13 @@ func (s *DNS) ListenAndServeUDP() {
go func() {
_, respMsg, err := s.Exchange(reqLen, reqMsg, clientAddr.String())
if err != nil {
- logf("proxy-dns error in exchange: %s", err)
+ log.F("proxy-dns error in exchange: %s", err)
return
}
_, err = c.WriteTo(respMsg, clientAddr)
if err != nil {
- logf("proxy-dns error in local write: %s", err)
+ log.F("proxy-dns error in local write: %s", err)
return
}
@@ -219,16 +222,16 @@ func (s *DNS) ListenAndServeUDP() {
func (s *DNS) ListenAndServeTCP() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
- logf("proxy-dns-tcp error: %v", err)
+ log.F("proxy-dns-tcp error: %v", err)
return
}
- logf("proxy-dns-tcp listening TCP on %s", s.addr)
+ log.F("proxy-dns-tcp listening TCP on %s", s.addr)
for {
c, err := l.Accept()
if err != nil {
- logf("proxy-dns-tcp error: failed to accept: %v", err)
+ log.F("proxy-dns-tcp error: failed to accept: %v", err)
continue
}
go s.ServeTCP(c)
@@ -245,35 +248,35 @@ func (s *DNS) ServeTCP(c net.Conn) {
var reqLen uint16
if err := binary.Read(c, binary.BigEndian, &reqLen); err != nil {
- logf("proxy-dns-tcp failed to get request length: %v", err)
+ log.F("proxy-dns-tcp failed to get request length: %v", err)
return
}
// TODO: check here
if reqLen <= DNSHeaderLen+2 {
- logf("proxy-dns-tcp not enough data")
+ log.F("proxy-dns-tcp not enough data")
return
}
reqMsg := make([]byte, reqLen)
_, err := io.ReadFull(c, reqMsg)
if err != nil {
- logf("proxy-dns-tcp error in read reqMsg %s", err)
+ log.F("proxy-dns-tcp error in read reqMsg %s", err)
return
}
respLen, respMsg, err := s.Exchange(reqLen, reqMsg, c.RemoteAddr().String())
if err != nil {
- logf("proxy-dns-tcp error in exchange: %s", err)
+ log.F("proxy-dns-tcp error in exchange: %s", err)
return
}
if err := binary.Write(c, binary.BigEndian, respLen); err != nil {
- logf("proxy-dns-tcp error in local write respLen: %s", err)
+ log.F("proxy-dns-tcp error in local write respLen: %s", err)
return
}
if err := binary.Write(c, binary.BigEndian, respMsg); err != nil {
- logf("proxy-dns-tcp error in local write respMsg: %s", err)
+ log.F("proxy-dns-tcp error in local write respMsg: %s", err)
return
}
}
@@ -284,7 +287,7 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint1
// fmt.Printf("\ndns req len %d:\n%s\n", reqLen, hex.Dump(reqMsg[:]))
query, err := parseQuestion(reqMsg)
if err != nil {
- logf("proxy-dns error in parseQuestion reqMsg: %s", err)
+ log.F("proxy-dns error in parseQuestion reqMsg: %s", err)
return
}
@@ -295,29 +298,29 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint1
rc, err := s.dialer.NextDialer(query.QNAME+":53").Dial("tcp", dnsServer)
if err != nil {
- logf("proxy-dns failed to connect to server %v: %v", dnsServer, err)
+ log.F("proxy-dns failed to connect to server %v: %v", dnsServer, err)
return
}
defer rc.Close()
if err = binary.Write(rc, binary.BigEndian, reqLen); err != nil {
- logf("proxy-dns failed to write req length: %v", err)
+ log.F("proxy-dns failed to write req length: %v", err)
return
}
if err = binary.Write(rc, binary.BigEndian, reqMsg); err != nil {
- logf("proxy-dns failed to write req message: %v", err)
+ log.F("proxy-dns failed to write req message: %v", err)
return
}
if err = binary.Read(rc, binary.BigEndian, &respLen); err != nil {
- logf("proxy-dns failed to read response length: %v", err)
+ log.F("proxy-dns failed to read response length: %v", err)
return
}
respMsg = make([]byte, respLen)
_, err = io.ReadFull(rc, respMsg)
if err != nil {
- logf("proxy-dns error in read respMsg %s\n", err)
+ log.F("proxy-dns error in read respMsg %s\n", err)
return
}
@@ -326,7 +329,7 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint1
var ip string
respReq, err := parseQuestion(respMsg)
if err != nil {
- logf("proxy-dns error in parseQuestion respMsg: %s", err)
+ log.F("proxy-dns error in parseQuestion respMsg: %s", err)
return
}
@@ -336,7 +339,7 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint1
var answers []*DNSRR
answers, err = parseAnswers(respMsg[respReq.Offset:])
if err != nil {
- logf("proxy-dns error in parseAnswers: %s", err)
+ log.F("proxy-dns error in parseAnswers: %s", err)
return
}
@@ -352,7 +355,7 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint1
}
- logf("proxy-dns %s <-> %s, type: %d, %s: %s", addr, dnsServer, query.QTYPE, query.QNAME, ip)
+ log.F("proxy-dns %s <-> %s, type: %d, %s: %s", addr, dnsServer, query.QTYPE, query.QNAME, ip)
return
}
diff --git a/dnstun.go b/dnstun.go
deleted file mode 100644
index 609d0d4..0000000
--- a/dnstun.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// https://tools.ietf.org/html/rfc1035
-
-package main
-
-// DNSTun struct
-type DNSTun struct {
- dialer Dialer
- addr string
-
- raddr string
-
- dns *DNS
- tcp *TCPTun
-}
-
-// NewDNSTun returns a dns tunnel forwarder.
-func NewDNSTun(addr, raddr string, dialer Dialer) (*DNSTun, error) {
- s := &DNSTun{
- dialer: dialer,
- addr: addr,
-
- raddr: raddr,
- }
-
- s.dns, _ = NewDNS(addr, raddr, dialer, true)
-
- return s, nil
-}
-
-// ListenAndServe .
-func (s *DNSTun) ListenAndServe() {
- if s.dns != nil {
- go s.dns.ListenAndServe()
- }
-}
diff --git a/features.go b/features.go
new file mode 100644
index 0000000..3bcb351
--- /dev/null
+++ b/features.go
@@ -0,0 +1,12 @@
+package main
+
+import (
+ _ "github.com/nadoo/glider/proxy/http"
+ _ "github.com/nadoo/glider/proxy/mixed"
+ _ "github.com/nadoo/glider/proxy/socks5"
+ _ "github.com/nadoo/glider/proxy/ss"
+ _ "github.com/nadoo/glider/proxy/ssr"
+ _ "github.com/nadoo/glider/proxy/tcptun"
+ _ "github.com/nadoo/glider/proxy/udptun"
+ _ "github.com/nadoo/glider/proxy/uottun"
+)
diff --git a/features_linux.go b/features_linux.go
new file mode 100644
index 0000000..636e616
--- /dev/null
+++ b/features_linux.go
@@ -0,0 +1,5 @@
+package main
+
+import (
+ _ "github.com/nadoo/glider/proxy/redir"
+)
diff --git a/ipset_linux.go b/ipset_linux.go
index eddb5e0..67e9222 100644
--- a/ipset_linux.go
+++ b/ipset_linux.go
@@ -7,13 +7,14 @@ package main
import (
"bytes"
"encoding/binary"
- "log"
"net"
"strings"
"sync"
"sync/atomic"
"syscall"
"unsafe"
+
+ "github.com/nadoo/glider/common/log"
)
// netfilter netlink message types
@@ -69,7 +70,7 @@ type IPSetManager struct {
func NewIPSetManager(mainSet string, rules []*RuleConf) (*IPSetManager, error) {
fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_NETFILTER)
if err != nil {
- logf("%s", err)
+ log.F("%s", err)
return nil, err
}
// defer syscall.Close(fd)
@@ -79,7 +80,7 @@ func NewIPSetManager(mainSet string, rules []*RuleConf) (*IPSetManager, error) {
}
if err = syscall.Bind(fd, &lsa); err != nil {
- logf("%s", err)
+ log.F("%s", err)
return nil, err
}
@@ -144,7 +145,7 @@ func CreateSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
log.Fatal("ipset: name too long")
}
- logf("ipset create %s hash:net", setName)
+ log.F("ipset create %s hash:net", setName)
req := NewNetlinkRequest(IPSET_CMD_CREATE|(NFNL_SUBSYS_IPSET<<8), syscall.NLM_F_REQUEST)
@@ -172,14 +173,14 @@ func CreateSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
err := syscall.Sendto(fd, req.Serialize(), 0, &lsa)
if err != nil {
- logf("%s", err)
+ log.F("%s", err)
}
FlushSet(fd, lsa, setName)
}
func FlushSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
- logf("ipset flush %s", setName)
+ log.F("ipset flush %s", setName)
req := NewNetlinkRequest(IPSET_CMD_FLUSH|(NFNL_SUBSYS_IPSET<<8), syscall.NLM_F_REQUEST)
@@ -190,7 +191,7 @@ func FlushSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
err := syscall.Sendto(fd, req.Serialize(), 0, &lsa)
if err != nil {
- logf("%s", err)
+ log.F("%s", err)
}
}
@@ -201,10 +202,10 @@ func AddToSet(fd int, lsa syscall.SockaddrNetlink, setName, entry string) {
}
if len(setName) > IPSET_MAXNAMELEN {
- logf("ipset: name too long")
+ log.F("ipset: name too long")
}
- logf("ipset add %s %s", setName, entry)
+ log.F("ipset add %s %s", setName, entry)
var ip net.IP
var cidr *net.IPNet
@@ -215,7 +216,7 @@ func AddToSet(fd int, lsa syscall.SockaddrNetlink, setName, entry string) {
}
if ip == nil {
- logf("ipset: parse %s error", entry)
+ log.F("ipset: parse %s error", entry)
return
}
@@ -248,7 +249,7 @@ func AddToSet(fd int, lsa syscall.SockaddrNetlink, setName, entry string) {
err = syscall.Sendto(fd, req.Serialize(), 0, &lsa)
if err != nil {
- logf("%s", err)
+ log.F("%s", err)
}
}
diff --git a/log.go b/log.go
deleted file mode 100644
index dd88acc..0000000
--- a/log.go
+++ /dev/null
@@ -1,16 +0,0 @@
-package main
-
-import "log"
-
-// LogFunc defines a simple log function
-type LogFunc func(f string, v ...interface{})
-
-var logf LogFunc
-
-func init() {
- logf = func(f string, v ...interface{}) {
- if conf.Verbose {
- log.Printf(f, v...)
- }
- }
-}
diff --git a/main.go b/main.go
index 5c80aea..6fe1c33 100644
--- a/main.go
+++ b/main.go
@@ -1,24 +1,27 @@
package main
import (
- "log"
+ stdlog "log"
"os"
"os/signal"
"strings"
"syscall"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
)
// VERSION .
-const VERSION = "0.5.2"
+const VERSION = "0.6.0"
-func dialerFromConf() Dialer {
+func dialerFromConf() proxy.Dialer {
// global forwarders in xx.conf
- var fwdrs []Dialer
+ var fwdrs []proxy.Dialer
for _, chain := range conf.Forward {
- var fwdr Dialer
+ var fwdr proxy.Dialer
var err error
for _, url := range strings.Split(chain, ",") {
- fwdr, err = DialerFromURL(url, fwdr)
+ fwdr, err = proxy.DialerFromURL(url, fwdr)
if err != nil {
log.Fatal(err)
}
@@ -32,10 +35,17 @@ func dialerFromConf() Dialer {
func main() {
confInit()
+
+ log.F = func(f string, v ...interface{}) {
+ if conf.Verbose {
+ stdlog.Printf(f, v...)
+ }
+ }
+
sDialer := NewRuleDialer(conf.rules, dialerFromConf())
for _, listen := range conf.Listen {
- local, err := ServerFromURL(listen, sDialer)
+ local, err := proxy.ServerFromURL(listen, sDialer)
if err != nil {
log.Fatal(err)
}
@@ -45,7 +55,7 @@ func main() {
ipsetM, err := NewIPSetManager(conf.IPSet, conf.rules)
if err != nil {
- logf("create ipset manager error: %s", err)
+ log.F("create ipset manager error: %s", err)
}
if conf.DNS != "" {
diff --git a/mixed.go b/mixed.go
deleted file mode 100644
index fc29de6..0000000
--- a/mixed.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package main
-
-import (
- "bytes"
- "net"
-)
-
-// https://www.ietf.org/rfc/rfc2616.txt, http methods must be uppercase.
-var httpMethods = [...][]byte{
- []byte("GET"),
- []byte("POST"),
- []byte("PUT"),
- []byte("DELETE"),
- []byte("CONNECT"),
- []byte("HEAD"),
- []byte("OPTIONS"),
- []byte("TRACE"),
-}
-
-// MixedProxy struct
-type MixedProxy struct {
- dialer Dialer
- addr string
-
- http *HTTP
- socks5 *SOCKS5
-}
-
-// NewMixedProxy returns a mixed proxy.
-func NewMixedProxy(addr, user, pass, rawQuery string, dialer Dialer) (*MixedProxy, error) {
- p := &MixedProxy{
- dialer: dialer,
- addr: addr,
- }
-
- p.http, _ = NewHTTP(addr, user, pass, rawQuery, dialer)
- p.socks5, _ = NewSOCKS5(addr, user, pass, dialer)
-
- return p, nil
-}
-
-// ListenAndServe .
-func (p *MixedProxy) ListenAndServe() {
-
- go p.socks5.ListenAndServeUDP()
-
- l, err := net.Listen("tcp", p.addr)
- if err != nil {
- logf("proxy-mixed failed to listen on %s: %v", p.addr, err)
- return
- }
-
- logf("proxy-mixed listening TCP on %s", p.addr)
-
- for {
- c, err := l.Accept()
- if err != nil {
- logf("proxy-mixed failed to accept: %v", err)
- continue
- }
-
- go p.Serve(c)
- }
-}
-
-// Serve .
-func (p *MixedProxy) Serve(conn net.Conn) {
- defer conn.Close()
-
- if c, ok := conn.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- c := newConn(conn)
-
- if p.socks5 != nil {
- head, err := c.Peek(1)
- if err != nil {
- logf("proxy-mixed peek error: %s", err)
- return
- }
-
- // check socks5, client send socksversion: 5 as the first byte
- if head[0] == socks5Version {
- p.socks5.ServeTCP(c)
- return
- }
- }
-
- if p.http != nil {
- head, err := c.Peek(8)
- if err != nil {
- logf("proxy-mixed peek error: %s", err)
- return
- }
-
- for _, method := range httpMethods {
- if bytes.HasPrefix(head, method) {
- p.http.Serve(c)
- return
- }
- }
- }
-
-}
diff --git a/dialer.go b/proxy/dialer.go
similarity index 54%
rename from dialer.go
rename to proxy/dialer.go
index 6721ef7..b25b3d1 100644
--- a/dialer.go
+++ b/proxy/dialer.go
@@ -1,12 +1,15 @@
-package main
+package proxy
import (
"errors"
"net"
"net/url"
+ "strings"
+
+ "github.com/nadoo/glider/common/log"
)
-// A Dialer means to establish a connection and relay it.
+// A proxy.Dialer means to establish a connection and relay it.
type Dialer interface {
// Addr()
Addr() string
@@ -21,35 +24,30 @@ type Dialer interface {
NextDialer(dstAddr string) Dialer
}
-// DialerFromURL parses url and get a Proxy
-// TODO: table
+type DialerCreator func(s string, dialer Dialer) (Dialer, error)
+
+var (
+ dialerMap = make(map[string]DialerCreator)
+)
+
+func RegisterDialer(name string, c DialerCreator) {
+ dialerMap[name] = c
+}
+
func DialerFromURL(s string, dialer Dialer) (Dialer, error) {
u, err := url.Parse(s)
if err != nil {
- logf("parse err: %s", err)
+ log.F("parse err: %s", err)
return nil, err
}
- addr := u.Host
- var user, pass string
- if u.User != nil {
- user = u.User.Username()
- pass, _ = u.User.Password()
- }
-
if dialer == nil {
dialer = Direct
}
- switch u.Scheme {
- case "http":
- return NewHTTP(addr, user, pass, "", dialer)
- case "socks5":
- return NewSOCKS5(addr, user, pass, dialer)
- case "ss":
- return NewSS(addr, user, pass, dialer)
- case "ssr":
- return NewSSR(addr, user, pass, u.RawQuery, dialer)
+ c, ok := dialerMap[strings.ToLower(u.Scheme)]
+ if ok {
+ return c(s, dialer)
}
return nil, errors.New("unknown scheme '" + u.Scheme + "'")
diff --git a/direct.go b/proxy/direct.go
similarity index 89%
rename from direct.go
rename to proxy/direct.go
index 576d06a..2652e7a 100644
--- a/direct.go
+++ b/proxy/direct.go
@@ -1,7 +1,9 @@
-package main
+package proxy
import (
"net"
+
+ "github.com/nadoo/glider/common/log"
)
// direct proxy
@@ -33,7 +35,7 @@ func (d *direct) Dial(network, addr string) (net.Conn, error) {
func (d *direct) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
pc, err := net.ListenPacket(network, "")
if err != nil {
- logf("ListenPacket error: %s", err)
+ log.F("ListenPacket error: %s", err)
return nil, nil, err
}
diff --git a/http.go b/proxy/http/http.go
similarity index 72%
rename from http.go
rename to proxy/http/http.go
index 69fedd7..4ef64ed 100644
--- a/http.go
+++ b/proxy/http/http.go
@@ -1,7 +1,7 @@
// http proxy
// NOTE: never keep-alive so the implementation can be much easier.
-package main
+package http
import (
"bufio"
@@ -15,61 +15,75 @@ import (
"net/url"
"strings"
"time"
+
+ "github.com/nadoo/glider/common/conn"
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
)
// HTTP struct
type HTTP struct {
- dialer Dialer
+ dialer proxy.Dialer
addr string
user string
password string
- xff bool // X-Forwarded-For
- xsi bool // X-Server-IP
- selfip string
+}
+
+func init() {
+ proxy.RegisterDialer("http", NewHTTPDialer)
+ proxy.RegisterServer("http", NewHTTPServer)
}
// NewHTTP returns a http proxy.
-func NewHTTP(addr, user, pass, rawQuery string, dialer Dialer) (*HTTP, error) {
- s := &HTTP{
+func NewHTTP(s string, dialer proxy.Dialer) (*HTTP, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+ var user, pass string
+ if u.User != nil {
+ user = u.User.Username()
+ pass, _ = u.User.Password()
+ }
+
+ h := &HTTP{
dialer: dialer,
addr: addr,
user: user,
password: pass,
- xff: false,
- selfip: OutboundIP(),
}
- p, _ := url.ParseQuery(rawQuery)
- if v, ok := p["xff"]; ok {
- if v[0] == "true" {
- s.xff = true
- }
- }
+ return h, nil
+}
- if v, ok := p["xsi"]; ok {
- if v[0] == "true" {
- s.xsi = true
- }
- }
+// NewHTTPDialer returns a http proxy dialer.
+func NewHTTPDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewHTTP(s, dialer)
+}
- return s, nil
+// NewHTTPServer returns a http proxy server.
+func NewHTTPServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewHTTP(s, dialer)
}
// ListenAndServe .
func (s *HTTP) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
- logf("failed to listen on %s: %v", s.addr, err)
+ log.F("failed to listen on %s: %v", s.addr, err)
return
}
defer l.Close()
- logf("listening TCP on %s", s.addr)
+ log.F("listening TCP on %s", s.addr)
for {
c, err := l.Accept()
if err != nil {
- logf("proxy-http failed to accept: %v", err)
+ log.F("proxy-http failed to accept: %v", err)
continue
}
@@ -99,7 +113,7 @@ func (s *HTTP) Serve(c net.Conn) {
reqHeader, err := reqTP.ReadMIMEHeader()
if err != nil {
- logf("read header error:%s", err)
+ log.F("read header error:%s", err)
return
}
cleanHeaders(reqHeader)
@@ -107,18 +121,18 @@ func (s *HTTP) Serve(c net.Conn) {
reqHeader.Set("Connection", "close")
// X-Forwarded-For
- if s.xff {
- if reqHeader.Get("X-Forwarded-For") != "" {
- reqHeader.Add("X-Forwarded-For", ",")
- }
- reqHeader.Add("X-Forwarded-For", c.RemoteAddr().(*net.TCPAddr).IP.String())
- reqHeader.Add("X-Forwarded-For", ",")
- reqHeader.Add("X-Forwarded-For", s.selfip)
- }
+ // if s.xff {
+ // if reqHeader.Get("X-Forwarded-For") != "" {
+ // reqHeader.Add("X-Forwarded-For", ",")
+ // }
+ // reqHeader.Add("X-Forwarded-For", c.RemoteAddr().(*net.TCPAddr).IP.String())
+ // reqHeader.Add("X-Forwarded-For", ",")
+ // reqHeader.Add("X-Forwarded-For", s.selfip)
+ // }
url, err := url.ParseRequestURI(requestURI)
if err != nil {
- logf("proxy-http parse request url error: %s", err)
+ log.F("proxy-http parse request url error: %s", err)
return
}
@@ -130,7 +144,7 @@ func (s *HTTP) Serve(c net.Conn) {
rc, err := s.dialer.Dial("tcp", tgt)
if err != nil {
fmt.Fprintf(c, "%s 502 ERROR\r\n\r\n", proto)
- logf("proxy-http failed to dial: %v", err)
+ log.F("proxy-http failed to dial: %v", err)
return
}
defer rc.Close()
@@ -166,22 +180,18 @@ func (s *HTTP) Serve(c net.Conn) {
respHeader, err := respTP.ReadMIMEHeader()
if err != nil {
- logf("proxy-http read header error:%s", err)
+ log.F("proxy-http read header error:%s", err)
return
}
respHeader.Set("Proxy-Connection", "close")
respHeader.Set("Connection", "close")
- if s.xsi {
- respHeader.Set("X-Server-IP", rc.RemoteAddr().(*net.TCPAddr).IP.String())
- }
-
var respBuf bytes.Buffer
writeFirstLine(proto, code, status, &respBuf)
writeHeaders(respHeader, &respBuf)
- logf("proxy-http %s <-> %s", c.RemoteAddr(), tgt)
+ log.F("proxy-http %s <-> %s", c.RemoteAddr(), tgt)
c.Write(respBuf.Bytes())
io.Copy(c, respR)
@@ -193,20 +203,20 @@ func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
if err != nil {
c.Write([]byte(proto))
c.Write([]byte(" 502 ERROR\r\n\r\n"))
- logf("proxy-http failed to dial: %v", err)
+ log.F("proxy-http failed to dial: %v", err)
return
}
c.Write([]byte("HTTP/1.0 200 Connection established\r\n\r\n"))
- logf("proxy-http %s <-> %s [c]", c.RemoteAddr(), requestURI)
+ log.F("proxy-http %s <-> %s [c]", c.RemoteAddr(), requestURI)
- _, _, err = relay(c, rc)
+ _, _, err = conn.Relay(c, rc)
if err != nil {
if err, ok := err.(net.Error); ok && err.Timeout() {
return // ignore i/o timeout
}
- logf("relay error: %v", err)
+ log.F("relay error: %v", err)
}
}
@@ -214,13 +224,13 @@ func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
func (s *HTTP) Addr() string { return s.addr }
// NextDialer returns the next dialer
-func (s *HTTP) NextDialer(dstAddr string) Dialer { return s.dialer.NextDialer(dstAddr) }
+func (s *HTTP) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
// Dial connects to the address addr on the network net via the proxy.
func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
rc, err := s.dialer.Dial(network, s.addr)
if err != nil {
- logf("proxy-http dial to %s error: %s", s.addr, err)
+ log.F("proxy-http dial to %s error: %s", s.addr, err)
return nil, err
}
@@ -245,9 +255,9 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
if ok && code == "200" {
return rc, err
} else if code == "407" {
- logf("proxy-http authencation needed by proxy %s", s.addr)
+ log.F("proxy-http authencation needed by proxy %s", s.addr)
} else if code == "405" {
- logf("proxy-http 'CONNECT' method not allowed by proxy %s", s.addr)
+ log.F("proxy-http 'CONNECT' method not allowed by proxy %s", s.addr)
}
return nil, errors.New("proxy-http cound not connect remote address: " + addr + ". error code: " + code)
@@ -261,9 +271,9 @@ func (s *HTTP) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Add
// parseFirstLine parses "GET /foo HTTP/1.1" OR "HTTP/1.1 200 OK" into its three parts.
func parseFirstLine(tp *textproto.Reader) (r1, r2, r3 string, ok bool) {
line, err := tp.ReadLine()
- // logf("first line: %s", line)
+ // log.F("first line: %s", line)
if err != nil {
- logf("proxy-http read first line error:%s", err)
+ log.F("proxy-http read first line error:%s", err)
return
}
diff --git a/proxy/mixed/mixed.go b/proxy/mixed/mixed.go
new file mode 100644
index 0000000..f6f17d8
--- /dev/null
+++ b/proxy/mixed/mixed.go
@@ -0,0 +1,127 @@
+package mixed
+
+import (
+ "bytes"
+ "net"
+ "net/url"
+
+ "github.com/nadoo/glider/common/conn"
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+ "github.com/nadoo/glider/proxy/http"
+ "github.com/nadoo/glider/proxy/socks5"
+)
+
+// https://www.ietf.org/rfc/rfc2616.txt, http methods must be uppercase.
+var httpMethods = [...][]byte{
+ []byte("GET"),
+ []byte("POST"),
+ []byte("PUT"),
+ []byte("DELETE"),
+ []byte("CONNECT"),
+ []byte("HEAD"),
+ []byte("OPTIONS"),
+ []byte("TRACE"),
+}
+
+// MixedProxy struct
+type MixedProxy struct {
+ dialer proxy.Dialer
+ addr string
+
+ http *http.HTTP
+ socks5 *socks5.SOCKS5
+}
+
+func init() {
+ proxy.RegisterServer("mixed", NewMixedProxyServer)
+}
+
+// NewMixedProxy returns a mixed proxy.
+func NewMixedProxy(s string, dialer proxy.Dialer) (*MixedProxy, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse err: %s", err)
+ return nil, err
+ }
+
+ p := &MixedProxy{
+ dialer: dialer,
+ addr: u.Host,
+ }
+
+ p.http, _ = http.NewHTTP(s, dialer)
+ p.socks5, _ = socks5.NewSOCKS5(s, dialer)
+
+ return p, nil
+}
+
+// NewMixedProxyServer returns a mixed proxy server.
+func NewMixedProxyServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewMixedProxy(s, dialer)
+}
+
+// ListenAndServe .
+func (p *MixedProxy) ListenAndServe() {
+
+ go p.socks5.ListenAndServeUDP()
+
+ l, err := net.Listen("tcp", p.addr)
+ if err != nil {
+ log.F("proxy-mixed failed to listen on %s: %v", p.addr, err)
+ return
+ }
+
+ log.F("proxy-mixed listening TCP on %s", p.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("proxy-mixed failed to accept: %v", err)
+ continue
+ }
+
+ go p.Serve(c)
+ }
+}
+
+// Serve .
+func (p *MixedProxy) Serve(c net.Conn) {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ cc := conn.NewConn(c)
+
+ if p.socks5 != nil {
+ head, err := cc.Peek(1)
+ if err != nil {
+ log.F("proxy-mixed peek error: %s", err)
+ return
+ }
+
+ // check socks5, client send socksversion: 5 as the first byte
+ if head[0] == socks5.Version {
+ p.socks5.ServeTCP(cc)
+ return
+ }
+ }
+
+ if p.http != nil {
+ head, err := cc.Peek(8)
+ if err != nil {
+ log.F("proxy-mixed peek error: %s", err)
+ return
+ }
+
+ for _, method := range httpMethods {
+ if bytes.HasPrefix(head, method) {
+ p.http.Serve(cc)
+ return
+ }
+ }
+ }
+
+}
diff --git a/redir_linux.go b/proxy/redir/redir_linux.go
similarity index 69%
rename from redir_linux.go
rename to proxy/redir/redir_linux.go
index 0b2c6d8..a0e971a 100644
--- a/redir_linux.go
+++ b/proxy/redir/redir_linux.go
@@ -1,13 +1,19 @@
// getOrigDst:
// https://github.com/shadowsocks/go-shadowsocks2/blob/master/tcp_linux.go#L30
-package main
+package redir
import (
"errors"
"net"
+ "net/url"
"syscall"
"unsafe"
+
+ "github.com/nadoo/glider/common/conn"
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/common/socks"
+ "github.com/nadoo/glider/proxy"
)
const (
@@ -19,34 +25,50 @@ const (
// RedirProxy struct
type RedirProxy struct {
- dialer Dialer
+ dialer proxy.Dialer
addr string
}
+func init() {
+ proxy.RegisterServer("redir", NewRedirServer)
+}
+
// NewRedirProxy returns a redirect proxy.
-func NewRedirProxy(addr string, dialer Dialer) (*RedirProxy, error) {
- s := &RedirProxy{
+func NewRedirProxy(s string, dialer proxy.Dialer) (*RedirProxy, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+ r := &RedirProxy{
dialer: dialer,
addr: addr,
}
- return s, nil
+ return r, nil
+}
+
+// NewRedirServer returns a redir server.
+func NewRedirServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewRedirProxy(s, dialer)
}
// ListenAndServe .
func (s *RedirProxy) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
- logf("proxy-redir failed to listen on %s: %v", s.addr, err)
+ log.F("proxy-redir failed to listen on %s: %v", s.addr, err)
return
}
- logf("proxy-redir listening TCP on %s", s.addr)
+ log.F("proxy-redir listening TCP on %s", s.addr)
for {
c, err := l.Accept()
if err != nil {
- logf("proxy-redir failed to accept: %v", err)
+ log.F("proxy-redir failed to accept: %v", err)
continue
}
@@ -59,25 +81,25 @@ func (s *RedirProxy) ListenAndServe() {
tgt, err := getOrigDst(c, false)
if err != nil {
- logf("proxy-redir failed to get target address: %v", err)
+ log.F("proxy-redir failed to get target address: %v", err)
return
}
rc, err := s.dialer.Dial("tcp", tgt.String())
if err != nil {
- logf("proxy-redir failed to connect to target: %v", err)
+ log.F("proxy-redir failed to connect to target: %v", err)
return
}
defer rc.Close()
- logf("proxy-redir %s <-> %s", c.RemoteAddr(), tgt)
+ log.F("proxy-redir %s <-> %s", c.RemoteAddr(), tgt)
- _, _, err = relay(c, rc)
+ _, _, err = conn.Relay(c, rc)
if err != nil {
if err, ok := err.(net.Error); ok && err.Timeout() {
return // ignore i/o timeout
}
- logf("proxy-redir relay error: %v", err)
+ log.F("proxy-redir relay error: %v", err)
}
}()
@@ -85,7 +107,7 @@ func (s *RedirProxy) ListenAndServe() {
}
// Get the original destination of a TCP connection.
-func getOrigDst(conn net.Conn, ipv6 bool) (Addr, error) {
+func getOrigDst(conn net.Conn, ipv6 bool) (socks.Addr, error) {
c, ok := conn.(*net.TCPConn)
if !ok {
return nil, errors.New("only work with TCP connection")
@@ -113,7 +135,7 @@ func getOrigDst(conn net.Conn, ipv6 bool) (Addr, error) {
}
// Call getorigdst() from linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
-func getorigdst(fd uintptr) (Addr, error) {
+func getorigdst(fd uintptr) (socks.Addr, error) {
raw := syscall.RawSockaddrInet4{}
siz := unsafe.Sizeof(raw)
if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IP, SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
@@ -121,7 +143,7 @@ func getorigdst(fd uintptr) (Addr, error) {
}
addr := make([]byte, 1+net.IPv4len+2)
- addr[0] = socks5IP4
+ addr[0] = socks.ATypeIP4
copy(addr[1:1+net.IPv4len], raw.Addr[:])
port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian
addr[1+net.IPv4len], addr[1+net.IPv4len+1] = port[0], port[1]
@@ -130,7 +152,7 @@ func getorigdst(fd uintptr) (Addr, error) {
// Call ipv6_getorigdst() from linux/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
// NOTE: I haven't tried yet but it should work since Linux 3.8.
-func getorigdstIPv6(fd uintptr) (Addr, error) {
+func getorigdstIPv6(fd uintptr) (socks.Addr, error) {
raw := syscall.RawSockaddrInet6{}
siz := unsafe.Sizeof(raw)
if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IPV6, IP6T_SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
@@ -138,7 +160,7 @@ func getorigdstIPv6(fd uintptr) (Addr, error) {
}
addr := make([]byte, 1+net.IPv6len+2)
- addr[0] = socks5IP6
+ addr[0] = socks.ATypeIP6
copy(addr[1:1+net.IPv6len], raw.Addr[:])
port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian
addr[1+net.IPv6len], addr[1+net.IPv6len+1] = port[0], port[1]
diff --git a/redir_linux_386.go b/proxy/redir/redir_linux_386.go
similarity index 97%
rename from redir_linux_386.go
rename to proxy/redir/redir_linux_386.go
index d19d48f..c8fca33 100644
--- a/redir_linux_386.go
+++ b/proxy/redir/redir_linux_386.go
@@ -1,4 +1,4 @@
-package main
+package redir
import (
"syscall"
diff --git a/redir_linux_other.go b/proxy/redir/redir_linux_other.go
similarity index 95%
rename from redir_linux_other.go
rename to proxy/redir/redir_linux_other.go
index 6589afc..a2677b9 100644
--- a/redir_linux_other.go
+++ b/proxy/redir/redir_linux_other.go
@@ -1,6 +1,6 @@
// +build linux,!386
-package main
+package redir
import "syscall"
diff --git a/proxy/server.go b/proxy/server.go
new file mode 100644
index 0000000..3e7bd60
--- /dev/null
+++ b/proxy/server.go
@@ -0,0 +1,48 @@
+package proxy
+
+import (
+ "errors"
+ "net/url"
+ "strings"
+
+ "github.com/nadoo/glider/common/log"
+)
+
+// Server interface
+type Server interface {
+ // ListenAndServe as proxy server, use only in server mode.
+ ListenAndServe()
+}
+
+type ServerCreator func(s string, dialer Dialer) (Server, error)
+
+var (
+ serverMap = make(map[string]ServerCreator)
+)
+
+func RegisterServer(name string, c ServerCreator) {
+ serverMap[name] = c
+}
+
+func ServerFromURL(s string, dialer Dialer) (Server, error) {
+ if !strings.Contains(s, "://") {
+ s = "mixed://" + s
+ }
+
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse err: %s", err)
+ return nil, err
+ }
+
+ if dialer == nil {
+ dialer = Direct
+ }
+
+ c, ok := serverMap[strings.ToLower(u.Scheme)]
+ if ok {
+ return c(s, dialer)
+ }
+
+ return nil, errors.New("unknown scheme '" + u.Scheme + "'")
+}
diff --git a/socks5.go b/proxy/socks5/socks5.go
similarity index 62%
rename from socks5.go
rename to proxy/socks5/socks5.go
index b4c1e5a..2d88581 100644
--- a/socks5.go
+++ b/proxy/socks5/socks5.go
@@ -9,76 +9,72 @@
// socks5 server:
// https://github.com/shadowsocks/go-shadowsocks2/tree/master/socks
-package main
+package socks5
import (
"errors"
"io"
"net"
+ "net/url"
"strconv"
"sync"
"time"
+
+ "github.com/nadoo/glider/common/conn"
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/common/socks"
+ "github.com/nadoo/glider/proxy"
)
-const socks5Version = 5
-
-const (
- socks5AuthNone = 0
- socks5AuthPassword = 2
-)
-
-// SOCKS request commands as defined in RFC 1928 section 4.
-const (
- socks5Connect = 1
- socks5Bind = 2
- socks5UDPAssociate = 3
-)
-
-// SOCKS address types as defined in RFC 1928 section 5.
-const (
- socks5IP4 = 1
- socks5Domain = 3
- socks5IP6 = 4
-)
-
-// MaxAddrLen is the maximum size of SOCKS address in bytes.
-const MaxAddrLen = 1 + 1 + 255 + 2
-
-// Addr represents a SOCKS address as defined in RFC 1928 section 5.
-type Addr []byte
-
-var socks5Errors = []error{
- errors.New(""),
- errors.New("general failure"),
- errors.New("connection forbidden"),
- errors.New("network unreachable"),
- errors.New("host unreachable"),
- errors.New("connection refused"),
- errors.New("TTL expired"),
- errors.New("command not supported"),
- errors.New("address type not supported"),
- errors.New("socks5UDPAssociate"),
-}
+const Version = 5
// SOCKS5 struct
type SOCKS5 struct {
- dialer Dialer
+ dialer proxy.Dialer
addr string
user string
password string
}
-// NewSOCKS5 returns a Proxy that makes SOCKSv5 connections to the given address
+func init() {
+ proxy.RegisterDialer("socks5", NewSocks5Dialer)
+ proxy.RegisterServer("socks5", NewSocks5Server)
+}
+
+// NewSOCKS5 returns a Proxy that makes SOCKS v5 connections to the given address
// with an optional username and password. See RFC 1928.
-func NewSOCKS5(addr, user, pass string, dialer Dialer) (*SOCKS5, error) {
- s := &SOCKS5{
+func NewSOCKS5(s string, dialer proxy.Dialer) (*SOCKS5, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+ var user, pass string
+ if u.User != nil {
+ user = u.User.Username()
+ pass, _ = u.User.Password()
+ }
+
+ h := &SOCKS5{
dialer: dialer,
addr: addr,
user: user,
password: pass,
}
- return s, nil
+ return h, nil
+}
+
+// NewSocks5Dialer returns a socks5 proxy dialer.
+func NewSocks5Dialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewSOCKS5(s, dialer)
+}
+
+// NewSocks5Server returns a socks5 proxy server.
+func NewSocks5Server(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewSOCKS5(s, dialer)
}
// ListenAndServe serves socks5 requests.
@@ -91,16 +87,16 @@ func (s *SOCKS5) ListenAndServe() {
func (s *SOCKS5) ListenAndServeTCP() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
- logf("proxy-socks5 failed to listen on %s: %v", s.addr, err)
+ log.F("proxy-socks5 failed to listen on %s: %v", s.addr, err)
return
}
- logf("proxy-socks5 listening TCP on %s", s.addr)
+ log.F("proxy-socks5 listening TCP on %s", s.addr)
for {
c, err := l.Accept()
if err != nil {
- logf("proxy-socks5 failed to accept: %v", err)
+ log.F("proxy-socks5 failed to accept: %v", err)
continue
}
@@ -119,7 +115,7 @@ func (s *SOCKS5) ServeTCP(c net.Conn) {
tgt, err := s.handshake(c)
if err != nil {
// UDP: keep the connection until disconnect then free the UDP socket
- if err == socks5Errors[9] {
+ if err == socks.Errors[9] {
buf := []byte{}
// block here
for {
@@ -127,30 +123,30 @@ func (s *SOCKS5) ServeTCP(c net.Conn) {
if err, ok := err.(net.Error); ok && err.Timeout() {
continue
}
- // logf("proxy-socks5 servetcp udp associate end")
+ // log.F("proxy-socks5 servetcp udp associate end")
return
}
}
- logf("proxy-socks5 failed to get target address: %v", err)
+ log.F("proxy-socks5 failed to get target address: %v", err)
return
}
rc, err := s.dialer.Dial("tcp", tgt.String())
if err != nil {
- logf("proxy-socks5 failed to connect to target: %v", err)
+ log.F("proxy-socks5 failed to connect to target: %v", err)
return
}
defer rc.Close()
- logf("proxy-socks5 %s <-> %s", c.RemoteAddr(), tgt)
+ log.F("proxy-socks5 %s <-> %s", c.RemoteAddr(), tgt)
- _, _, err = relay(c, rc)
+ _, _, err = conn.Relay(c, rc)
if err != nil {
if err, ok := err.(net.Error); ok && err.Timeout() {
return // ignore i/o timeout
}
- logf("proxy-socks5 relay error: %v", err)
+ log.F("proxy-socks5 relay error: %v", err)
}
}
@@ -158,22 +154,22 @@ func (s *SOCKS5) ServeTCP(c net.Conn) {
func (s *SOCKS5) ListenAndServeUDP() {
lc, err := net.ListenPacket("udp", s.addr)
if err != nil {
- logf("proxy-socks5-udp failed to listen on %s: %v", s.addr, err)
+ log.F("proxy-socks5-udp failed to listen on %s: %v", s.addr, err)
return
}
defer lc.Close()
- logf("proxy-socks5-udp listening UDP on %s", s.addr)
+ log.F("proxy-socks5-udp listening UDP on %s", s.addr)
var nm sync.Map
- buf := make([]byte, udpBufSize)
+ buf := make([]byte, conn.UDPBufSize)
for {
c := NewSocks5PktConn(lc, nil, nil, true, nil)
n, raddr, err := c.ReadFrom(buf)
if err != nil {
- logf("proxy-socks5-udp remote read error: %v", err)
+ log.F("proxy-socks5-udp remote read error: %v", err)
continue
}
@@ -181,13 +177,13 @@ func (s *SOCKS5) ListenAndServeUDP() {
v, ok := nm.Load(raddr.String())
if !ok && v == nil {
if c.tgtAddr == nil {
- logf("proxy-socks5-udp can not get target address, not a valid request")
+ log.F("proxy-socks5-udp can not get target address, not a valid request")
continue
}
lpc, nextHop, err := s.dialer.DialUDP("udp", c.tgtAddr.String())
if err != nil {
- logf("proxy-socks5-udp remote dial error: %v", err)
+ log.F("proxy-socks5-udp remote dial error: %v", err)
continue
}
@@ -195,7 +191,7 @@ func (s *SOCKS5) ListenAndServeUDP() {
nm.Store(raddr.String(), pc)
go func() {
- timedCopy(c, raddr, pc, 2*time.Minute)
+ conn.TimedCopy(c, raddr, pc, 2*time.Minute)
pc.Close()
nm.Delete(raddr.String())
}()
@@ -206,11 +202,11 @@ func (s *SOCKS5) ListenAndServeUDP() {
_, err = pc.WriteTo(buf[:n], pc.writeAddr)
if err != nil {
- logf("proxy-socks5-udp remote write error: %v", err)
+ log.F("proxy-socks5-udp remote write error: %v", err)
continue
}
- logf("proxy-socks5-udp %s <-> %s", raddr, c.tgtAddr)
+ log.F("proxy-socks5-udp %s <-> %s", raddr, c.tgtAddr)
}
}
@@ -219,7 +215,7 @@ func (s *SOCKS5) ListenAndServeUDP() {
func (s *SOCKS5) Addr() string { return s.addr }
// NextDialer returns the next dialer
-func (s *SOCKS5) NextDialer(dstAddr string) Dialer { return s.dialer.NextDialer(dstAddr) }
+func (s *SOCKS5) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
// Dial connects to the address addr on the network net via the SOCKS5 proxy.
func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
@@ -231,7 +227,7 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
c, err := s.dialer.Dial(network, s.addr)
if err != nil {
- logf("dial to %s error: %s", s.addr, err)
+ log.F("dial to %s error: %s", s.addr, err)
return nil, err
}
@@ -251,7 +247,7 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
c, err := s.dialer.Dial("tcp", s.addr)
if err != nil {
- logf("proxy-socks5 dialudp dial tcp to %s error: %s", s.addr, err)
+ log.F("proxy-socks5 dialudp dial tcp to %s error: %s", s.addr, err)
return nil, nil, err
}
@@ -262,15 +258,15 @@ func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.A
// send VER, NMETHODS, METHODS
c.Write([]byte{5, 1, 0})
- buf := make([]byte, MaxAddrLen)
+ buf := make([]byte, socks.MaxAddrLen)
// read VER METHOD
if _, err := io.ReadFull(c, buf[:2]); err != nil {
return nil, nil, err
}
- dstAddr := ParseAddr(addr)
+ dstAddr := socks.ParseAddr(addr)
// write VER CMD RSV ATYP DST.ADDR DST.PORT
- c.Write(append([]byte{5, socks5UDPAssociate, 0}, dstAddr...))
+ c.Write(append([]byte{5, socks.CmdUDPAssociate, 0}, dstAddr...))
// read VER REP RSV ATYP BND.ADDR BND.PORT
if _, err := io.ReadFull(c, buf[:3]); err != nil {
@@ -279,18 +275,18 @@ func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.A
rep := buf[1]
if rep != 0 {
- logf("proxy-socks5 server reply: %d, not succeeded", rep)
+ log.F("proxy-socks5 server reply: %d, not succeeded", rep)
return nil, nil, errors.New("server connect failed")
}
- uAddr, err := readAddr(c, buf)
+ uAddr, err := socks.ReadAddrBuf(c, buf)
if err != nil {
return nil, nil, err
}
pc, nextHop, err := s.dialer.DialUDP(network, uAddr.String())
if err != nil {
- logf("proxy-socks5 dialudp to %s error: %s", uAddr.String(), err)
+ log.F("proxy-socks5 dialudp to %s error: %s", uAddr.String(), err)
return nil, nil, err
}
@@ -318,11 +314,11 @@ func (s *SOCKS5) connect(conn net.Conn, target string) error {
// the size here is just an estimate
buf := make([]byte, 0, 6+len(host))
- buf = append(buf, socks5Version)
+ buf = append(buf, Version)
if len(s.user) > 0 && len(s.user) < 256 && len(s.password) < 256 {
- buf = append(buf, 2 /* num auth methods */, socks5AuthNone, socks5AuthPassword)
+ buf = append(buf, 2 /* num auth methods */, socks.AuthNone, socks.AuthPassword)
} else {
- buf = append(buf, 1 /* num auth methods */, socks5AuthNone)
+ buf = append(buf, 1 /* num auth methods */, socks.AuthNone)
}
if _, err := conn.Write(buf); err != nil {
@@ -339,7 +335,7 @@ func (s *SOCKS5) connect(conn net.Conn, target string) error {
return errors.New("proxy: SOCKS5 proxy at " + s.addr + " requires authentication")
}
- if buf[1] == socks5AuthPassword {
+ if buf[1] == socks.AuthPassword {
buf = buf[:0]
buf = append(buf, 1 /* password protocol version */)
buf = append(buf, uint8(len(s.user)))
@@ -361,21 +357,21 @@ func (s *SOCKS5) connect(conn net.Conn, target string) error {
}
buf = buf[:0]
- buf = append(buf, socks5Version, socks5Connect, 0 /* reserved */)
+ buf = append(buf, Version, socks.CmdConnect, 0 /* reserved */)
if ip := net.ParseIP(host); ip != nil {
if ip4 := ip.To4(); ip4 != nil {
- buf = append(buf, socks5IP4)
+ buf = append(buf, socks.ATypeIP4)
ip = ip4
} else {
- buf = append(buf, socks5IP6)
+ buf = append(buf, socks.ATypeIP6)
}
buf = append(buf, ip...)
} else {
if len(host) > 255 {
return errors.New("proxy: destination hostname too long: " + host)
}
- buf = append(buf, socks5Domain)
+ buf = append(buf, socks.ATypeDomain)
buf = append(buf, byte(len(host)))
buf = append(buf, host...)
}
@@ -390,8 +386,8 @@ func (s *SOCKS5) connect(conn net.Conn, target string) error {
}
failure := "unknown error"
- if int(buf[1]) < len(socks5Errors) {
- failure = socks5Errors[buf[1]].Error()
+ if int(buf[1]) < len(socks.Errors) {
+ failure = socks.Errors[buf[1]].Error()
}
if len(failure) > 0 {
@@ -400,11 +396,11 @@ func (s *SOCKS5) connect(conn net.Conn, target string) error {
bytesToDiscard := 0
switch buf[3] {
- case socks5IP4:
+ case socks.ATypeIP4:
bytesToDiscard = net.IPv4len
- case socks5IP6:
+ case socks.ATypeIP6:
bytesToDiscard = net.IPv6len
- case socks5Domain:
+ case socks.ATypeDomain:
_, err := io.ReadFull(conn, buf[:1])
if err != nil {
return errors.New("proxy: failed to read domain length from SOCKS5 proxy at " + s.addr + ": " + err.Error())
@@ -432,9 +428,9 @@ func (s *SOCKS5) connect(conn net.Conn, target string) error {
}
// Handshake fast-tracks SOCKS initialization to get target address to connect.
-func (s *SOCKS5) handshake(rw io.ReadWriter) (Addr, error) {
+func (s *SOCKS5) handshake(rw io.ReadWriter) (socks.Addr, error) {
// Read RFC 1928 for request and reply structure and sizes.
- buf := make([]byte, MaxAddrLen)
+ buf := make([]byte, socks.MaxAddrLen)
// read VER, NMETHODS, METHODS
if _, err := io.ReadFull(rw, buf[:2]); err != nil {
return nil, err
@@ -452,169 +448,41 @@ func (s *SOCKS5) handshake(rw io.ReadWriter) (Addr, error) {
return nil, err
}
cmd := buf[1]
- addr, err := readAddr(rw, buf)
+ addr, err := socks.ReadAddrBuf(rw, buf)
if err != nil {
return nil, err
}
switch cmd {
- case socks5Connect:
+ case socks.CmdConnect:
_, err = rw.Write([]byte{5, 0, 0, 1, 0, 0, 0, 0, 0, 0}) // SOCKS v5, reply succeeded
- case socks5UDPAssociate:
- listenAddr := ParseAddr(rw.(net.Conn).LocalAddr().String())
+ case socks.CmdUDPAssociate:
+ listenAddr := socks.ParseAddr(rw.(net.Conn).LocalAddr().String())
_, err = rw.Write(append([]byte{5, 0, 0}, listenAddr...)) // SOCKS v5, reply succeeded
if err != nil {
- return nil, socks5Errors[7]
+ return nil, socks.Errors[7]
}
- err = socks5Errors[9]
+ err = socks.Errors[9]
default:
- return nil, socks5Errors[7]
+ return nil, socks.Errors[7]
}
return addr, err // skip VER, CMD, RSV fields
}
-// String serializes SOCKS address a to string form.
-func (a Addr) String() string {
- var host, port string
-
- switch ATYP(a[0]) { // address type
- case socks5Domain:
- host = string(a[2 : 2+int(a[1])])
- port = strconv.Itoa((int(a[2+int(a[1])]) << 8) | int(a[2+int(a[1])+1]))
- case socks5IP4:
- host = net.IP(a[1 : 1+net.IPv4len]).String()
- port = strconv.Itoa((int(a[1+net.IPv4len]) << 8) | int(a[1+net.IPv4len+1]))
- case socks5IP6:
- host = net.IP(a[1 : 1+net.IPv6len]).String()
- port = strconv.Itoa((int(a[1+net.IPv6len]) << 8) | int(a[1+net.IPv6len+1]))
- }
-
- return net.JoinHostPort(host, port)
-}
-
-// UoT udp over tcp
-func UoT(b byte) bool {
- return b&0x8 == 0x8
-}
-
-// ATYP return the address type
-func ATYP(b byte) int {
- return int(b &^ 0x8)
-}
-
-func readAddr(r io.Reader, b []byte) (Addr, error) {
- if len(b) < MaxAddrLen {
- return nil, io.ErrShortBuffer
- }
- _, err := io.ReadFull(r, b[:1]) // read 1st byte for address type
- if err != nil {
- return nil, err
- }
-
- switch ATYP(b[0]) {
- case socks5Domain:
- _, err = io.ReadFull(r, b[1:2]) // read 2nd byte for domain length
- if err != nil {
- return nil, err
- }
- _, err = io.ReadFull(r, b[2:2+int(b[1])+2])
- return b[:1+1+int(b[1])+2], err
- case socks5IP4:
- _, err = io.ReadFull(r, b[1:1+net.IPv4len+2])
- return b[:1+net.IPv4len+2], err
- case socks5IP6:
- _, err = io.ReadFull(r, b[1:1+net.IPv6len+2])
- return b[:1+net.IPv6len+2], err
- }
-
- return nil, socks5Errors[8]
-}
-
-// ReadAddr reads just enough bytes from r to get a valid Addr.
-func ReadAddr(r io.Reader) (Addr, error) {
- return readAddr(r, make([]byte, MaxAddrLen))
-}
-
-// SplitAddr slices a SOCKS address from beginning of b. Returns nil if failed.
-func SplitAddr(b []byte) Addr {
- addrLen := 1
- if len(b) < addrLen {
- return nil
- }
-
- switch ATYP(b[0]) {
- case socks5Domain:
- if len(b) < 2 {
- return nil
- }
- addrLen = 1 + 1 + int(b[1]) + 2
- case socks5IP4:
- addrLen = 1 + net.IPv4len + 2
- case socks5IP6:
- addrLen = 1 + net.IPv6len + 2
- default:
- return nil
-
- }
-
- if len(b) < addrLen {
- return nil
- }
-
- return b[:addrLen]
-}
-
-// ParseAddr parses the address in string s. Returns nil if failed.
-func ParseAddr(s string) Addr {
- var addr Addr
- host, port, err := net.SplitHostPort(s)
- if err != nil {
- return nil
- }
- if ip := net.ParseIP(host); ip != nil {
- if ip4 := ip.To4(); ip4 != nil {
- addr = make([]byte, 1+net.IPv4len+2)
- addr[0] = socks5IP4
- copy(addr[1:], ip4)
- } else {
- addr = make([]byte, 1+net.IPv6len+2)
- addr[0] = socks5IP6
- copy(addr[1:], ip)
- }
- } else {
- if len(host) > 255 {
- return nil
- }
- addr = make([]byte, 1+1+len(host)+2)
- addr[0] = socks5Domain
- addr[1] = byte(len(host))
- copy(addr[2:], host)
- }
-
- portnum, err := strconv.ParseUint(port, 10, 16)
- if err != nil {
- return nil
- }
-
- addr[len(addr)-2], addr[len(addr)-1] = byte(portnum>>8), byte(portnum)
-
- return addr
-}
-
// Socks5PktConn .
type Socks5PktConn struct {
net.PacketConn
writeAddr net.Addr // write to and read from addr
- tgtAddr Addr
+ tgtAddr socks.Addr
tgtHeader bool
ctrlConn net.Conn // tcp control conn
}
// NewSocks5PktConn returns a Socks5PktConn
-func NewSocks5PktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr Addr, tgtHeader bool, ctrlConn net.Conn) *Socks5PktConn {
+func NewSocks5PktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr socks.Addr, tgtHeader bool, ctrlConn net.Conn) *Socks5PktConn {
pc := &Socks5PktConn{
PacketConn: c,
writeAddr: writeAddr,
@@ -630,7 +498,7 @@ func NewSocks5PktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr Addr, tgtHea
if err, ok := err.(net.Error); ok && err.Timeout() {
continue
}
- logf("proxy-socks5 dialudp udp associate end")
+ log.F("proxy-socks5 dialudp udp associate end")
return
}
}()
@@ -657,7 +525,7 @@ func (pc *Socks5PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
// +----+------+------+----------+----------+----------+
// | 2 | 1 | 1 | Variable | 2 | Variable |
// +----+------+------+----------+----------+----------+
- tgtAddr := SplitAddr(buf[3:])
+ tgtAddr := socks.SplitAddr(buf[3:])
copy(b, buf[3+len(tgtAddr):])
//test
diff --git a/ss.go b/proxy/ss/ss.go
similarity index 65%
rename from ss.go
rename to proxy/ss/ss.go
index c65f90f..1bcb609 100644
--- a/ss.go
+++ b/proxy/ss/ss.go
@@ -1,40 +1,73 @@
-package main
+package ss
import (
"errors"
- "log"
"net"
+ "net/url"
"strings"
"sync"
"time"
"github.com/shadowsocks/go-shadowsocks2/core"
+
+ "github.com/nadoo/glider/common/conn"
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/common/socks"
+ "github.com/nadoo/glider/proxy"
)
const udpBufSize = 65536
// SS .
type SS struct {
- dialer Dialer
+ dialer proxy.Dialer
addr string
core.Cipher
}
+func init() {
+ proxy.RegisterDialer("ss", NewSSDialer)
+ proxy.RegisterServer("ss", NewSSServer)
+}
+
// NewSS returns a shadowsocks proxy.
-func NewSS(addr, method, pass string, dialer Dialer) (*SS, error) {
+func NewSS(s string, dialer proxy.Dialer) (*SS, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+ var method, pass string
+ if u.User != nil {
+ method = u.User.Username()
+ pass, _ = u.User.Password()
+ }
+
ciph, err := core.PickCipher(method, nil, pass)
if err != nil {
log.Fatalf("proxy-ss PickCipher for '%s', error: %s", method, err)
}
- s := &SS{
+ p := &SS{
dialer: dialer,
addr: addr,
Cipher: ciph,
}
- return s, nil
+ return p, nil
+}
+
+// NewSSDialer returns a ss proxy dialer.
+func NewSSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewSS(s, dialer)
+}
+
+// NewSSServer returns a ss proxy server.
+func NewSSServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewSS(s, dialer)
}
// ListenAndServe serves ss requests.
@@ -47,16 +80,16 @@ func (s *SS) ListenAndServe() {
func (s *SS) ListenAndServeTCP() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
- logf("proxy-ss failed to listen on %s: %v", s.addr, err)
+ log.F("proxy-ss failed to listen on %s: %v", s.addr, err)
return
}
- logf("proxy-ss listening TCP on %s", s.addr)
+ log.F("proxy-ss listening TCP on %s", s.addr)
for {
c, err := l.Accept()
if err != nil {
- logf("proxy-ss failed to accept: %v", err)
+ log.F("proxy-ss failed to accept: %v", err)
continue
}
go s.ServeTCP(c)
@@ -73,28 +106,28 @@ func (s *SS) ServeTCP(c net.Conn) {
c = s.StreamConn(c)
- tgt, err := ReadAddr(c)
+ tgt, err := socks.ReadAddr(c)
if err != nil {
- logf("proxy-ss failed to get target address: %v", err)
+ log.F("proxy-ss failed to get target address: %v", err)
return
}
dialer := s.dialer.NextDialer(tgt.String())
// udp over tcp?
- uot := UoT(tgt[0])
+ uot := socks.UoT(tgt[0])
if uot && dialer.Addr() == "DIRECT" {
rc, err := net.ListenPacket("udp", "")
if err != nil {
- logf("proxy-ss UDP remote listen error: %v", err)
+ log.F("proxy-ss UDP remote listen error: %v", err)
}
defer rc.Close()
req := make([]byte, udpBufSize)
n, err := c.Read(req)
if err != nil {
- logf("proxy-ss error in ioutil.ReadAll: %s\n", err)
+ log.F("proxy-ss error in ioutil.ReadAll: %s\n", err)
return
}
@@ -104,12 +137,12 @@ func (s *SS) ServeTCP(c net.Conn) {
buf := make([]byte, udpBufSize)
n, _, err = rc.ReadFrom(buf)
if err != nil {
- logf("proxy-uottun read error: %v", err)
+ log.F("proxy-uottun read error: %v", err)
}
c.Write(buf[:n])
- logf("proxy-ss %s <-tcp-> %s - %s <-udp-> %s ", c.RemoteAddr(), c.LocalAddr(), rc.LocalAddr(), tgt)
+ log.F("proxy-ss %s <-tcp-> %s - %s <-udp-> %s ", c.RemoteAddr(), c.LocalAddr(), rc.LocalAddr(), tgt)
return
}
@@ -121,19 +154,19 @@ func (s *SS) ServeTCP(c net.Conn) {
rc, err := dialer.Dial(network, tgt.String())
if err != nil {
- logf("proxy-ss failed to connect to target: %v", err)
+ log.F("proxy-ss failed to connect to target: %v", err)
return
}
defer rc.Close()
- logf("proxy-ss %s <-> %s", c.RemoteAddr(), tgt)
+ log.F("proxy-ss %s <-> %s", c.RemoteAddr(), tgt)
- _, _, err = relay(c, rc)
+ _, _, err = conn.Relay(c, rc)
if err != nil {
if err, ok := err.(net.Error); ok && err.Timeout() {
return // ignore i/o timeout
}
- logf("proxy-ss relay error: %v", err)
+ log.F("proxy-ss relay error: %v", err)
}
}
@@ -142,14 +175,14 @@ func (s *SS) ServeTCP(c net.Conn) {
func (s *SS) ListenAndServeUDP() {
lc, err := net.ListenPacket("udp", s.addr)
if err != nil {
- logf("proxy-ss-udp failed to listen on %s: %v", s.addr, err)
+ log.F("proxy-ss-udp failed to listen on %s: %v", s.addr, err)
return
}
defer lc.Close()
lc = s.PacketConn(lc)
- logf("proxy-ss-udp listening UDP on %s", s.addr)
+ log.F("proxy-ss-udp listening UDP on %s", s.addr)
var nm sync.Map
buf := make([]byte, udpBufSize)
@@ -159,7 +192,7 @@ func (s *SS) ListenAndServeUDP() {
n, raddr, err := c.ReadFrom(buf)
if err != nil {
- logf("proxy-ss-udp remote read error: %v", err)
+ log.F("proxy-ss-udp remote read error: %v", err)
continue
}
@@ -168,7 +201,7 @@ func (s *SS) ListenAndServeUDP() {
if !ok && v == nil {
lpc, nextHop, err := s.dialer.DialUDP("udp", c.tgtAddr.String())
if err != nil {
- logf("proxy-ss-udp remote dial error: %v", err)
+ log.F("proxy-ss-udp remote dial error: %v", err)
continue
}
@@ -176,7 +209,7 @@ func (s *SS) ListenAndServeUDP() {
nm.Store(raddr.String(), pc)
go func() {
- timedCopy(c, raddr, pc, 2*time.Minute)
+ conn.TimedCopy(c, raddr, pc, 2*time.Minute)
pc.Close()
nm.Delete(raddr.String())
}()
@@ -187,11 +220,11 @@ func (s *SS) ListenAndServeUDP() {
_, err = pc.WriteTo(buf[:n], pc.writeAddr)
if err != nil {
- logf("proxy-ss-udp remote write error: %v", err)
+ log.F("proxy-ss-udp remote write error: %v", err)
continue
}
- logf("proxy-ss-udp %s <-> %s", raddr, c.tgtAddr)
+ log.F("proxy-ss-udp %s <-> %s", raddr, c.tgtAddr)
}
}
@@ -204,11 +237,11 @@ func ListCipher() string {
func (s *SS) Addr() string { return s.addr }
// NextDialer returns the next dialer
-func (s *SS) NextDialer(dstAddr string) Dialer { return s.dialer.NextDialer(dstAddr) }
+func (s *SS) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
// Dial connects to the address addr on the network net via the proxy.
func (s *SS) Dial(network, addr string) (net.Conn, error) {
- target := ParseAddr(addr)
+ target := socks.ParseAddr(addr)
if target == nil {
return nil, errors.New("proxy-ss unable to parse address: " + addr)
}
@@ -219,7 +252,7 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
c, err := s.dialer.Dial("tcp", s.addr)
if err != nil {
- logf("proxy-ss dial to %s error: %s", s.addr, err)
+ log.F("proxy-ss dial to %s error: %s", s.addr, err)
return nil, err
}
@@ -241,11 +274,11 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
func (s *SS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
pc, nextHop, err := s.dialer.DialUDP(network, s.addr)
if err != nil {
- logf("proxy-ss dialudp to %s error: %s", s.addr, err)
+ log.F("proxy-ss dialudp to %s error: %s", s.addr, err)
return nil, nil, err
}
- pkc := NewPktConn(s.PacketConn(pc), nextHop, ParseAddr(addr), true)
+ pkc := NewPktConn(s.PacketConn(pc), nextHop, socks.ParseAddr(addr), true)
return pkc, nextHop, err
}
@@ -255,12 +288,12 @@ type PktConn struct {
writeAddr net.Addr // write to and read from addr
- tgtAddr Addr
+ tgtAddr socks.Addr
tgtHeader bool
}
// NewPktConn returns a PktConn
-func NewPktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr Addr, tgtHeader bool) *PktConn {
+func NewPktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr socks.Addr, tgtHeader bool) *PktConn {
pc := &PktConn{
PacketConn: c,
writeAddr: writeAddr,
@@ -281,7 +314,7 @@ func (pc *PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
return n, raddr, err
}
- tgtAddr := SplitAddr(buf)
+ tgtAddr := socks.SplitAddr(buf)
copy(b, buf[len(tgtAddr):])
//test
diff --git a/ssr.go b/proxy/ssr/ssr.go
similarity index 72%
rename from ssr.go
rename to proxy/ssr/ssr.go
index 8fc369e..6f9b7b7 100644
--- a/ssr.go
+++ b/proxy/ssr/ssr.go
@@ -1,4 +1,4 @@
-package main
+package ssr
import (
"errors"
@@ -11,11 +11,15 @@ import (
"github.com/sun8911879/shadowsocksR/obfs"
"github.com/sun8911879/shadowsocksR/protocol"
"github.com/sun8911879/shadowsocksR/ssr"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/common/socks"
+ "github.com/nadoo/glider/proxy"
)
// SSR .
type SSR struct {
- dialer Dialer
+ dialer proxy.Dialer
addr string
EncryptMethod string
@@ -28,41 +32,63 @@ type SSR struct {
ProtocolData interface{}
}
+func init() {
+ proxy.RegisterDialer("ssr", NewSSRDialer)
+}
+
// NewSSR returns a shadowsocksr proxy, ssr://method:pass@host:port/rawQuery
-func NewSSR(addr, method, pass, rawQuery string, dialer Dialer) (*SSR, error) {
- s := &SSR{
+func NewSSR(s string, dialer proxy.Dialer) (*SSR, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+ var method, pass string
+ if u.User != nil {
+ method = u.User.Username()
+ pass, _ = u.User.Password()
+ }
+
+ p := &SSR{
dialer: dialer,
addr: addr,
EncryptMethod: method,
EncryptPassword: pass,
}
- p, _ := url.ParseQuery(rawQuery)
- if v, ok := p["protocol"]; ok {
- s.Protocol = v[0]
+ q, _ := url.ParseQuery(u.RawQuery)
+ if v, ok := q["protocol"]; ok {
+ p.Protocol = v[0]
}
- if v, ok := p["protocol_param"]; ok {
- s.ProtocolParam = v[0]
+ if v, ok := q["protocol_param"]; ok {
+ p.ProtocolParam = v[0]
}
- if v, ok := p["obfs"]; ok {
- s.Obfs = v[0]
+ if v, ok := q["obfs"]; ok {
+ p.Obfs = v[0]
}
- if v, ok := p["obfs_param"]; ok {
- s.ObfsParam = v[0]
+ if v, ok := q["obfs_param"]; ok {
+ p.ObfsParam = v[0]
}
- return s, nil
+ return p, nil
+}
+
+// NewSSRDialer returns a ssr proxy dialer.
+func NewSSRDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewSSR(s, dialer)
}
// Addr returns forwarder's address
func (s *SSR) Addr() string { return s.addr }
// NextDialer returns the next dialer
-func (s *SSR) NextDialer(dstAddr string) Dialer { return s.dialer.NextDialer(dstAddr) }
+func (s *SSR) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
// Dial connects to the address addr on the network net via the proxy.
func (s *SSR) Dial(network, addr string) (net.Conn, error) {
- target := ParseAddr(addr)
+ target := socks.ParseAddr(addr)
if target == nil {
return nil, errors.New("proxy-ssr unable to parse address: " + addr)
}
@@ -74,7 +100,7 @@ func (s *SSR) Dial(network, addr string) (net.Conn, error) {
c, err := s.dialer.Dial("tcp", s.addr)
if err != nil {
- logf("proxy-ssr dial to %s error: %s", s.addr, err)
+ log.F("proxy-ssr dial to %s error: %s", s.addr, err)
return nil, err
}
diff --git a/proxy/tcptun/tcptun.go b/proxy/tcptun/tcptun.go
new file mode 100644
index 0000000..f212219
--- /dev/null
+++ b/proxy/tcptun/tcptun.go
@@ -0,0 +1,94 @@
+package tcptun
+
+import (
+ "net"
+ "net/url"
+ "strings"
+
+ "github.com/nadoo/glider/common/conn"
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+// TCPTun struct
+type TCPTun struct {
+ dialer proxy.Dialer
+ addr string
+
+ raddr string
+}
+
+func init() {
+ proxy.RegisterServer("tcptun", NewTCPTunServer)
+}
+
+// NewTCPTun returns a tcptun proxy.
+func NewTCPTun(s string, dialer proxy.Dialer) (*TCPTun, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+ d := strings.Split(addr, "=")
+
+ p := &TCPTun{
+ dialer: dialer,
+ addr: d[0],
+ raddr: d[1],
+ }
+
+ return p, nil
+}
+
+// NewTCPTunServer returns a udp tunnel server.
+func NewTCPTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewTCPTun(s, dialer)
+}
+
+// ListenAndServe .
+func (s *TCPTun) ListenAndServe() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ log.F("failed to listen on %s: %v", s.addr, err)
+ return
+ }
+
+ log.F("listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("failed to accept: %v", err)
+ continue
+ }
+
+ go func() {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ rc, err := s.dialer.Dial("tcp", s.raddr)
+ if err != nil {
+
+ log.F("failed to connect to target: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ log.F("proxy-tcptun %s <-> %s", c.RemoteAddr(), s.raddr)
+
+ _, _, err = conn.Relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ log.F("relay error: %v", err)
+ }
+
+ }()
+ }
+}
diff --git a/tproxy.go b/proxy/tproxy/tproxy.go
similarity index 100%
rename from tproxy.go
rename to proxy/tproxy/tproxy.go
diff --git a/tproxy_other.go b/proxy/tproxy/tproxy_other.go
similarity index 100%
rename from tproxy_other.go
rename to proxy/tproxy/tproxy_other.go
diff --git a/proxy/udptun/udptun.go b/proxy/udptun/udptun.go
new file mode 100644
index 0000000..36c15de
--- /dev/null
+++ b/proxy/udptun/udptun.go
@@ -0,0 +1,106 @@
+package udptun
+
+import (
+ "net"
+ "net/url"
+ "strings"
+ "sync"
+ "time"
+
+ "github.com/nadoo/glider/common/conn"
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+// UDPTun struct
+type UDPTun struct {
+ dialer proxy.Dialer
+ addr string
+
+ raddr string
+}
+
+func init() {
+ proxy.RegisterServer("udptun", NewUDPTunServer)
+}
+
+// NewUDPTun returns a UDPTun proxy.
+func NewUDPTun(s string, dialer proxy.Dialer) (*UDPTun, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+ d := strings.Split(addr, "=")
+
+ p := &UDPTun{
+ dialer: dialer,
+ addr: d[0],
+ raddr: d[1],
+ }
+
+ return p, nil
+}
+
+// NewUDPTunServer returns a udp tunnel server.
+func NewUDPTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewUDPTun(s, dialer)
+}
+
+// ListenAndServe .
+func (s *UDPTun) ListenAndServe() {
+ c, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ log.F("proxy-udptun failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer c.Close()
+
+ log.F("proxy-udptun listening UDP on %s", s.addr)
+
+ var nm sync.Map
+ buf := make([]byte, conn.UDPBufSize)
+
+ for {
+ n, raddr, err := c.ReadFrom(buf)
+ if err != nil {
+ log.F("proxy-udptun read error: %v", err)
+ continue
+ }
+
+ var pc net.PacketConn
+ var writeAddr net.Addr
+
+ v, ok := nm.Load(raddr.String())
+ if !ok && v == nil {
+
+ pc, writeAddr, err = s.dialer.DialUDP("udp", s.raddr)
+ if err != nil {
+ log.F("proxy-udptun remote dial error: %v", err)
+ continue
+ }
+
+ nm.Store(raddr.String(), pc)
+
+ go func() {
+ conn.TimedCopy(c, raddr, pc, 2*time.Minute)
+ pc.Close()
+ nm.Delete(raddr.String())
+ }()
+
+ } else {
+ pc = v.(net.PacketConn)
+ }
+
+ _, err = pc.WriteTo(buf[:n], writeAddr)
+ if err != nil {
+ log.F("proxy-udptun remote write error: %v", err)
+ continue
+ }
+
+ log.F("proxy-udptun %s <-> %s", raddr, s.raddr)
+
+ }
+}
diff --git a/proxy/uottun/uottun.go b/proxy/uottun/uottun.go
new file mode 100644
index 0000000..b082a86
--- /dev/null
+++ b/proxy/uottun/uottun.go
@@ -0,0 +1,104 @@
+package uottun
+
+import (
+ "io/ioutil"
+ "net"
+ "net/url"
+ "strings"
+ "time"
+
+ "github.com/nadoo/glider/common/conn"
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+// UoTTun udp over tcp tunnel
+type UoTTun struct {
+ dialer proxy.Dialer
+ addr string
+
+ raddr string
+}
+
+func init() {
+ proxy.RegisterServer("uottun", NewUoTTunServer)
+}
+
+// NewUoTTun returns a UoTTun proxy.
+func NewUoTTun(s string, dialer proxy.Dialer) (*UoTTun, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+ d := strings.Split(addr, "=")
+
+ p := &UoTTun{
+ dialer: dialer,
+ addr: d[0],
+ raddr: d[1],
+ }
+
+ return p, nil
+}
+
+// NewUoTTunServer returns a uot tunnel server.
+func NewUoTTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewUoTTun(s, dialer)
+}
+
+// ListenAndServe .
+func (s *UoTTun) ListenAndServe() {
+ c, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ log.F("proxy-uottun failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer c.Close()
+
+ log.F("proxy-uottun listening UDP on %s", s.addr)
+
+ buf := make([]byte, conn.UDPBufSize)
+
+ for {
+ n, clientAddr, err := c.ReadFrom(buf)
+ if err != nil {
+ log.F("proxy-uottun read error: %v", err)
+ continue
+ }
+
+ rc, err := s.dialer.Dial("uot", s.raddr)
+ if err != nil {
+ log.F("proxy-uottun failed to connect to server %v: %v", s.raddr, err)
+ continue
+ }
+
+ go func() {
+ // no remote forwarder, just a local udp forwarder
+ if urc, ok := rc.(*net.UDPConn); ok {
+ conn.TimedCopy(c, clientAddr, urc, 2*time.Minute)
+ urc.Close()
+ return
+ }
+
+ // remote forwarder, udp over tcp
+ resp, err := ioutil.ReadAll(rc)
+ if err != nil {
+ log.F("error in ioutil.ReadAll: %s\n", err)
+ return
+ }
+ rc.Close()
+ c.WriteTo(resp, clientAddr)
+ }()
+
+ _, err = rc.Write(buf[:n])
+ if err != nil {
+ log.F("proxy-uottun remote write error: %v", err)
+ continue
+ }
+
+ log.F("proxy-uottun %s <-> %s", clientAddr, s.raddr)
+ }
+}
diff --git a/redir_other.go b/redir_other.go
deleted file mode 100644
index c26f857..0000000
--- a/redir_other.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// +build !linux
-
-package main
-
-import (
- "errors"
- "log"
-)
-
-// RedirProxy struct
-type RedirProxy struct{}
-
-// NewRedirProxy returns a redirect proxy.
-func NewRedirProxy(addr string, sDialer Dialer) (*RedirProxy, error) {
- return nil, errors.New("redir not supported on this os")
-}
-
-// ListenAndServe .
-func (s *RedirProxy) ListenAndServe() {
- log.Fatal("redir not supported on this os")
-}
diff --git a/rule.go b/rule.go
index dca32c0..c837140 100644
--- a/rule.go
+++ b/rule.go
@@ -1,15 +1,17 @@
package main
import (
- "log"
"net"
"strings"
"sync"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
)
// RuleDialer struct
type RuleDialer struct {
- gDialer Dialer
+ gDialer proxy.Dialer
domainMap sync.Map
ipMap sync.Map
@@ -17,16 +19,16 @@ type RuleDialer struct {
}
// NewRuleDialer returns a new rule dialer
-func NewRuleDialer(rules []*RuleConf, gDialer Dialer) *RuleDialer {
+func NewRuleDialer(rules []*RuleConf, gDialer proxy.Dialer) *RuleDialer {
rd := &RuleDialer{gDialer: gDialer}
for _, r := range rules {
- var fwdrs []Dialer
+ var fwdrs []proxy.Dialer
for _, chain := range r.Forward {
- var fwdr Dialer
+ var fwdr proxy.Dialer
var err error
for _, url := range strings.Split(chain, ",") {
- fwdr, err = DialerFromURL(url, fwdr)
+ fwdr, err = proxy.DialerFromURL(url, fwdr)
if err != nil {
log.Fatal(err)
}
@@ -59,7 +61,7 @@ func NewRuleDialer(rules []*RuleConf, gDialer Dialer) *RuleDialer {
func (rd *RuleDialer) Addr() string { return "RULE DIALER, DEFAULT: " + rd.gDialer.Addr() }
// NextDialer return next dialer according to rule
-func (rd *RuleDialer) NextDialer(dstAddr string) Dialer {
+func (rd *RuleDialer) NextDialer(dstAddr string) proxy.Dialer {
host, _, err := net.SplitHostPort(dstAddr)
if err != nil {
// TODO: check here
@@ -71,15 +73,15 @@ func (rd *RuleDialer) NextDialer(dstAddr string) Dialer {
if ip := net.ParseIP(host); ip != nil {
// check ip
if dialer, ok := rd.ipMap.Load(ip.String()); ok {
- return dialer.(Dialer)
+ return dialer.(proxy.Dialer)
}
- var ret Dialer
+ var ret proxy.Dialer
// check cidr
rd.cidrMap.Range(func(key, value interface{}) bool {
cidr := key.(*net.IPNet)
if cidr.Contains(ip) {
- ret = value.(Dialer)
+ ret = value.(proxy.Dialer)
return false
}
@@ -99,7 +101,7 @@ func (rd *RuleDialer) NextDialer(dstAddr string) Dialer {
// find in domainMap
if dialer, ok := rd.domainMap.Load(domain); ok {
- return dialer.(Dialer)
+ return dialer.(proxy.Dialer)
}
}
@@ -127,7 +129,7 @@ func (rd *RuleDialer) AddDomainIP(domain, ip string) error {
// find in domainMap
if dialer, ok := rd.domainMap.Load(pDomain); ok {
rd.ipMap.Store(ip, dialer)
- logf("rule add ip=%s, based on rule: domain=%s & domain/ip: %s/%s\n", ip, pDomain, domain, ip)
+ log.F("rule add ip=%s, based on rule: domain=%s & domain/ip: %s/%s\n", ip, pDomain, domain, ip)
}
}
diff --git a/server.go b/server.go
deleted file mode 100644
index 559099b..0000000
--- a/server.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package main
-
-import (
- "errors"
- "net/url"
- "strings"
-)
-
-// Server interface
-type Server interface {
- // ListenAndServe as proxy server, use only in server mode.
- ListenAndServe()
-}
-
-// ServerFromURL parses url and get a Proxy
-// TODO: table
-func ServerFromURL(s string, dialer Dialer) (Server, error) {
- if !strings.Contains(s, "://") {
- s = "mixed://" + s
- }
-
- u, err := url.Parse(s)
- if err != nil {
- logf("parse err: %s", err)
- return nil, err
- }
-
- addr := u.Host
- var user, pass string
- if u.User != nil {
- user = u.User.Username()
- pass, _ = u.User.Password()
- }
-
- if dialer == nil {
- dialer = Direct
- }
-
- switch u.Scheme {
- case "mixed":
- return NewMixedProxy(addr, user, pass, u.RawQuery, dialer)
- case "http":
- return NewHTTP(addr, user, pass, u.RawQuery, dialer)
- case "socks5":
- return NewSOCKS5(addr, user, pass, dialer)
- case "ss":
- return NewSS(addr, user, pass, dialer)
- case "redir":
- return NewRedirProxy(addr, dialer)
- case "tcptun":
- d := strings.Split(addr, "=")
- return NewTCPTun(d[0], d[1], dialer)
- case "udptun":
- d := strings.Split(addr, "=")
- return NewUDPTun(d[0], d[1], dialer)
- case "dnstun":
- d := strings.Split(addr, "=")
- return NewDNSTun(d[0], d[1], dialer)
- case "uottun":
- d := strings.Split(addr, "=")
- return NewUoTTun(d[0], d[1], dialer)
- }
-
- return nil, errors.New("unknown scheme '" + u.Scheme + "'")
-}
diff --git a/strategy.go b/strategy.go
index 668bee0..a04d1f5 100644
--- a/strategy.go
+++ b/strategy.go
@@ -7,28 +7,31 @@ import (
"strings"
"sync"
"time"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
)
-// NewStrategyDialer returns a new Strategy Dialer
-func NewStrategyDialer(strategy string, dialers []Dialer, website string, interval int) Dialer {
+// NewStrategyDialer returns a new Strategy proxy.Dialer
+func NewStrategyDialer(strategy string, dialers []proxy.Dialer, website string, interval int) proxy.Dialer {
if len(dialers) == 0 {
- return Direct
+ return proxy.Direct
}
if len(dialers) == 1 {
return dialers[0]
}
- var dialer Dialer
+ var dialer proxy.Dialer
switch strategy {
case "rr":
dialer = newRRDialer(dialers, website, interval)
- logf("forward to remote servers in round robin mode.")
+ log.F("forward to remote servers in round robin mode.")
case "ha":
dialer = newHADialer(dialers, website, interval)
- logf("forward to remote servers in high availability mode.")
+ log.F("forward to remote servers in high availability mode.")
default:
- logf("not supported forward mode '%s', just use the first forward server.", conf.Strategy)
+ log.F("not supported forward mode '%s', just use the first forward server.", conf.Strategy)
dialer = dialers[0]
}
@@ -37,7 +40,7 @@ func NewStrategyDialer(strategy string, dialers []Dialer, website string, interv
// rrDialer is the base struct of strategy dialer
type rrDialer struct {
- dialers []Dialer
+ dialers []proxy.Dialer
idx int
status sync.Map
@@ -48,7 +51,7 @@ type rrDialer struct {
}
// newRRDialer returns a new rrDialer
-func newRRDialer(dialers []Dialer, website string, interval int) *rrDialer {
+func newRRDialer(dialers []proxy.Dialer, website string, interval int) *rrDialer {
rr := &rrDialer{dialers: dialers}
rr.website = website
@@ -71,7 +74,7 @@ func (rr *rrDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo ne
return rr.NextDialer(addr).DialUDP(network, addr)
}
-func (rr *rrDialer) NextDialer(dstAddr string) Dialer {
+func (rr *rrDialer) NextDialer(dstAddr string) proxy.Dialer {
n := len(rr.dialers)
if n == 1 {
rr.idx = 0
@@ -88,7 +91,7 @@ func (rr *rrDialer) NextDialer(dstAddr string) Dialer {
}
if !found {
- logf("NO AVAILABLE PROXY FOUND! please check your network or proxy server settings.")
+ log.F("NO AVAILABLE PROXY FOUND! please check your network or proxy server settings.")
}
return rr.dialers[rr.idx]
@@ -117,7 +120,7 @@ func (rr *rrDialer) checkDialer(idx int) {
c, err := d.Dial("tcp", rr.website)
if err != nil {
rr.status.Store(idx, false)
- logf("proxy-check %s -> %s, set to DISABLED. error in dial: %s", d.Addr(), rr.website, err)
+ log.F("proxy-check %s -> %s, set to DISABLED. error in dial: %s", d.Addr(), rr.website, err)
continue
}
@@ -126,15 +129,15 @@ func (rr *rrDialer) checkDialer(idx int) {
_, err = io.ReadFull(c, buf)
if err != nil {
rr.status.Store(idx, false)
- logf("proxy-check %s -> %s, set to DISABLED. error in read: %s", d.Addr(), rr.website, err)
+ log.F("proxy-check %s -> %s, set to DISABLED. error in read: %s", d.Addr(), rr.website, err)
} else if bytes.Equal([]byte("HTTP"), buf) {
rr.status.Store(idx, true)
retry = 2
dialTime := time.Since(startTime)
- logf("proxy-check %s -> %s, set to ENABLED. connect time: %s", d.Addr(), rr.website, dialTime.String())
+ log.F("proxy-check %s -> %s, set to ENABLED. connect time: %s", d.Addr(), rr.website, dialTime.String())
} else {
rr.status.Store(idx, false)
- logf("proxy-check %s -> %s, set to DISABLED. server response: %s", d.Addr(), rr.website, buf)
+ log.F("proxy-check %s -> %s, set to DISABLED. server response: %s", d.Addr(), rr.website, buf)
}
c.Close()
@@ -147,7 +150,7 @@ type haDialer struct {
}
// newHADialer .
-func newHADialer(dialers []Dialer, webhost string, duration int) Dialer {
+func newHADialer(dialers []proxy.Dialer, webhost string, duration int) proxy.Dialer {
return &haDialer{rrDialer: newRRDialer(dialers, webhost, duration)}
}
diff --git a/tcptun.go b/tcptun.go
deleted file mode 100644
index f671bd1..0000000
--- a/tcptun.go
+++ /dev/null
@@ -1,68 +0,0 @@
-package main
-
-import "net"
-
-// TCPTun struct
-type TCPTun struct {
- dialer Dialer
- addr string
-
- raddr string
-}
-
-// NewTCPTun returns a tcptun proxy.
-func NewTCPTun(addr, raddr string, dialer Dialer) (*TCPTun, error) {
- s := &TCPTun{
- dialer: dialer,
- addr: addr,
- raddr: raddr,
- }
-
- return s, nil
-}
-
-// ListenAndServe .
-func (s *TCPTun) ListenAndServe() {
- l, err := net.Listen("tcp", s.addr)
- if err != nil {
- logf("failed to listen on %s: %v", s.addr, err)
- return
- }
-
- logf("listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
- if err != nil {
- logf("failed to accept: %v", err)
- continue
- }
-
- go func() {
- defer c.Close()
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- rc, err := s.dialer.Dial("tcp", s.raddr)
- if err != nil {
-
- logf("failed to connect to target: %v", err)
- return
- }
- defer rc.Close()
-
- logf("proxy-tcptun %s <-> %s", c.RemoteAddr(), s.raddr)
-
- _, _, err = relay(c, rc)
- if err != nil {
- if err, ok := err.(net.Error); ok && err.Timeout() {
- return // ignore i/o timeout
- }
- logf("relay error: %v", err)
- }
-
- }()
- }
-}
diff --git a/udptun.go b/udptun.go
deleted file mode 100644
index 498d103..0000000
--- a/udptun.go
+++ /dev/null
@@ -1,82 +0,0 @@
-package main
-
-import (
- "net"
- "sync"
- "time"
-)
-
-// UDPTun struct
-type UDPTun struct {
- dialer Dialer
- addr string
-
- raddr string
-}
-
-// NewUDPTun returns a UDPTun proxy.
-func NewUDPTun(addr, raddr string, dialer Dialer) (*UDPTun, error) {
- s := &UDPTun{
- dialer: dialer,
- addr: addr,
- raddr: raddr,
- }
-
- return s, nil
-}
-
-// ListenAndServe .
-func (s *UDPTun) ListenAndServe() {
- c, err := net.ListenPacket("udp", s.addr)
- if err != nil {
- logf("proxy-udptun failed to listen on %s: %v", s.addr, err)
- return
- }
- defer c.Close()
-
- logf("proxy-udptun listening UDP on %s", s.addr)
-
- var nm sync.Map
- buf := make([]byte, udpBufSize)
-
- for {
- n, raddr, err := c.ReadFrom(buf)
- if err != nil {
- logf("proxy-udptun read error: %v", err)
- continue
- }
-
- var pc net.PacketConn
- var writeAddr net.Addr
-
- v, ok := nm.Load(raddr.String())
- if !ok && v == nil {
-
- pc, writeAddr, err = s.dialer.DialUDP("udp", s.raddr)
- if err != nil {
- logf("proxy-udptun remote dial error: %v", err)
- continue
- }
-
- nm.Store(raddr.String(), pc)
-
- go func() {
- timedCopy(c, raddr, pc, 2*time.Minute)
- pc.Close()
- nm.Delete(raddr.String())
- }()
-
- } else {
- pc = v.(net.PacketConn)
- }
-
- _, err = pc.WriteTo(buf[:n], writeAddr)
- if err != nil {
- logf("proxy-udptun remote write error: %v", err)
- continue
- }
-
- logf("proxy-udptun %s <-> %s", raddr, s.raddr)
-
- }
-}
diff --git a/uottun.go b/uottun.go
deleted file mode 100644
index 1f633e1..0000000
--- a/uottun.go
+++ /dev/null
@@ -1,80 +0,0 @@
-package main
-
-import (
- "io/ioutil"
- "net"
- "time"
-)
-
-// UoTTun udp over tcp tunnel
-type UoTTun struct {
- dialer Dialer
- addr string
-
- raddr string
-}
-
-// NewUoTTun returns a UoTTun proxy.
-func NewUoTTun(addr, raddr string, dialer Dialer) (*UoTTun, error) {
- s := &UoTTun{
- dialer: dialer,
- addr: addr,
- raddr: raddr,
- }
-
- return s, nil
-}
-
-// ListenAndServe .
-func (s *UoTTun) ListenAndServe() {
- c, err := net.ListenPacket("udp", s.addr)
- if err != nil {
- logf("proxy-uottun failed to listen on %s: %v", s.addr, err)
- return
- }
- defer c.Close()
-
- logf("proxy-uottun listening UDP on %s", s.addr)
-
- buf := make([]byte, udpBufSize)
-
- for {
- n, clientAddr, err := c.ReadFrom(buf)
- if err != nil {
- logf("proxy-uottun read error: %v", err)
- continue
- }
-
- rc, err := s.dialer.Dial("uot", s.raddr)
- if err != nil {
- logf("proxy-uottun failed to connect to server %v: %v", s.raddr, err)
- continue
- }
-
- go func() {
- // no remote forwarder, just a local udp forwarder
- if urc, ok := rc.(*net.UDPConn); ok {
- timedCopy(c, clientAddr, urc, 2*time.Minute)
- urc.Close()
- return
- }
-
- // remote forwarder, udp over tcp
- resp, err := ioutil.ReadAll(rc)
- if err != nil {
- logf("error in ioutil.ReadAll: %s\n", err)
- return
- }
- rc.Close()
- c.WriteTo(resp, clientAddr)
- }()
-
- _, err = rc.Write(buf[:n])
- if err != nil {
- logf("proxy-uottun remote write error: %v", err)
- continue
- }
-
- logf("proxy-uottun %s <-> %s", clientAddr, s.raddr)
- }
-}
From 1aa2dc0b075d22019280f100a2c9de49a44c58a4 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 26 Jun 2018 16:30:04 +0800
Subject: [PATCH 169/341] ss: use variable from conn package
---
proxy/ss/ss.go | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/proxy/ss/ss.go b/proxy/ss/ss.go
index 1bcb609..383d89e 100644
--- a/proxy/ss/ss.go
+++ b/proxy/ss/ss.go
@@ -16,8 +16,6 @@ import (
"github.com/nadoo/glider/proxy"
)
-const udpBufSize = 65536
-
// SS .
type SS struct {
dialer proxy.Dialer
@@ -124,7 +122,7 @@ func (s *SS) ServeTCP(c net.Conn) {
}
defer rc.Close()
- req := make([]byte, udpBufSize)
+ req := make([]byte, conn.UDPBufSize)
n, err := c.Read(req)
if err != nil {
log.F("proxy-ss error in ioutil.ReadAll: %s\n", err)
@@ -134,7 +132,7 @@ func (s *SS) ServeTCP(c net.Conn) {
tgtAddr, _ := net.ResolveUDPAddr("udp", tgt.String())
rc.WriteTo(req[:n], tgtAddr)
- buf := make([]byte, udpBufSize)
+ buf := make([]byte, conn.UDPBufSize)
n, _, err = rc.ReadFrom(buf)
if err != nil {
log.F("proxy-uottun read error: %v", err)
@@ -185,7 +183,7 @@ func (s *SS) ListenAndServeUDP() {
log.F("proxy-ss-udp listening UDP on %s", s.addr)
var nm sync.Map
- buf := make([]byte, udpBufSize)
+ buf := make([]byte, conn.UDPBufSize)
for {
c := NewPktConn(lc, nil, nil, true)
From 3adf3b30b5b3269ac1ce3620c86a4f0cdfcc767d Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 26 Jun 2018 16:45:46 +0800
Subject: [PATCH 170/341] tproxy: remove non-linux codes
---
features_linux.go | 1 +
proxy/tproxy/{tproxy.go => tproxy_linux.go} | 51 ++++++++++++++-------
proxy/tproxy/tproxy_other.go | 21 ---------
3 files changed, 36 insertions(+), 37 deletions(-)
rename proxy/tproxy/{tproxy.go => tproxy_linux.go} (72%)
delete mode 100644 proxy/tproxy/tproxy_other.go
diff --git a/features_linux.go b/features_linux.go
index 636e616..87c6457 100644
--- a/features_linux.go
+++ b/features_linux.go
@@ -2,4 +2,5 @@ package main
import (
_ "github.com/nadoo/glider/proxy/redir"
+ // _ "github.com/nadoo/glider/proxy/tproxy"
)
diff --git a/proxy/tproxy/tproxy.go b/proxy/tproxy/tproxy_linux.go
similarity index 72%
rename from proxy/tproxy/tproxy.go
rename to proxy/tproxy/tproxy_linux.go
index cefae56..d4a4595 100644
--- a/proxy/tproxy/tproxy.go
+++ b/proxy/tproxy/tproxy_linux.go
@@ -1,34 +1,53 @@
-// +build linux
-
// ref: https://www.kernel.org/doc/Documentation/networking/tproxy.txt
// @LiamHaworth: https://github.com/LiamHaworth/go-tproxy/blob/master/tproxy_udp.go
-package main
+package tproxy
import (
"bytes"
"encoding/binary"
"fmt"
"net"
+ "net/url"
"strconv"
"syscall"
"unsafe"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
)
// TProxy struct
type TProxy struct {
- dialer Dialer
+ dialer proxy.Dialer
addr string
}
+func init() {
+ proxy.RegisterServer("tproxy", NewTProxyServer)
+}
+
// NewTProxy returns a tproxy.
-func NewTProxy(addr string, dialer Dialer) (*TProxy, error) {
- s := &TProxy{
+func NewTProxy(s string, dialer proxy.Dialer) (*TProxy, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+
+ p := &TProxy{
dialer: dialer,
addr: addr,
}
- return s, nil
+ return p, nil
+}
+
+// NewTProxyServer returns a udp tunnel server.
+func NewTProxyServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewTProxy(s, dialer)
}
// ListenAndServe .
@@ -39,26 +58,26 @@ func (s *TProxy) ListenAndServe() {
// ListenAndServeTCP .
func (s *TProxy) ListenAndServeTCP() {
- logf("proxy-tproxy tcp mode not supported now, please use 'redir' instead")
+ log.F("proxy-tproxy tcp mode not supported now, please use 'redir' instead")
}
// ListenAndServeUDP .
func (s *TProxy) ListenAndServeUDP() {
laddr, err := net.ResolveUDPAddr("udp", s.addr)
if err != nil {
- logf("proxy-tproxy failed to resolve addr %s: %v", s.addr, err)
+ log.F("proxy-tproxy failed to resolve addr %s: %v", s.addr, err)
return
}
lc, err := net.ListenUDP("udp", laddr)
if err != nil {
- logf("proxy-tproxy failed to listen on %s: %v", s.addr, err)
+ log.F("proxy-tproxy failed to listen on %s: %v", s.addr, err)
return
}
fd, err := lc.File()
if err != nil {
- logf("proxy-tproxy failed to get file descriptor: %v", err)
+ log.F("proxy-tproxy failed to get file descriptor: %v", err)
return
}
defer fd.Close()
@@ -66,13 +85,13 @@ func (s *TProxy) ListenAndServeUDP() {
fileDescriptor := int(fd.Fd())
if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_IP, syscall.IP_TRANSPARENT, 1); err != nil {
syscall.Close(fileDescriptor)
- logf("proxy-tproxy failed to set socket option IP_TRANSPARENT: %v", err)
+ log.F("proxy-tproxy failed to set socket option IP_TRANSPARENT: %v", err)
return
}
if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_IP, syscall.IP_RECVORIGDSTADDR, 1); err != nil {
syscall.Close(fileDescriptor)
- logf("proxy-tproxy failed to set socket option IP_RECVORIGDSTADDR: %v", err)
+ log.F("proxy-tproxy failed to set socket option IP_RECVORIGDSTADDR: %v", err)
return
}
@@ -81,15 +100,15 @@ func (s *TProxy) ListenAndServeUDP() {
_, srcAddr, dstAddr, err := ReadFromUDP(lc, buf)
if err != nil {
if netErr, ok := err.(net.Error); ok && netErr.Temporary() {
- logf("proxy-tproxy temporary reading data error: %s", netErr)
+ log.F("proxy-tproxy temporary reading data error: %s", netErr)
continue
}
- logf("proxy-tproxy Unrecoverable error while reading data: %s", err)
+ log.F("proxy-tproxy Unrecoverable error while reading data: %s", err)
continue
}
- logf("proxy-tproxy Accepting UDP connection from %s with destination of %s", srcAddr.String(), dstAddr.String())
+ log.F("proxy-tproxy Accepting UDP connection from %s with destination of %s", srcAddr.String(), dstAddr.String())
}
diff --git a/proxy/tproxy/tproxy_other.go b/proxy/tproxy/tproxy_other.go
deleted file mode 100644
index f5dbaeb..0000000
--- a/proxy/tproxy/tproxy_other.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// +build !linux
-
-package main
-
-import (
- "errors"
- "log"
-)
-
-// TProxy struct
-type TProxy struct{}
-
-// NewTProxy returns a tproxy.
-func NewTProxy(addr string, sDialer Dialer) (*TProxy, error) {
- return nil, errors.New("tproxy not supported on this os")
-}
-
-// ListenAndServe .
-func (s *TProxy) ListenAndServe() {
- log.Fatal("tproxy not supported on this os")
-}
From 36246d9d0804f6895af0c1a3cae29ed77f65d2e7 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 26 Jun 2018 17:00:13 +0800
Subject: [PATCH 171/341] log: add a default implement of func F
---
common/conn/conn.go | 7 +++++++
common/log/log.go | 6 +++++-
common/socks/socks.go | 4 ++++
main.go | 11 +++++------
proxy/dialer.go | 5 ++++-
proxy/server.go | 3 +++
proxy/socks5/socks5.go | 1 +
7 files changed, 29 insertions(+), 8 deletions(-)
diff --git a/common/conn/conn.go b/common/conn/conn.go
index e33ca6e..34ff05d 100644
--- a/common/conn/conn.go
+++ b/common/conn/conn.go
@@ -9,29 +9,36 @@ import (
"github.com/nadoo/glider/common/log"
)
+// UDPBufSize is the size of udp buffer
const UDPBufSize = 65536
+// Conn struct
type Conn struct {
r *bufio.Reader
net.Conn
}
+// NewConn .
func NewConn(c net.Conn) Conn {
return Conn{bufio.NewReader(c), c}
}
+// NewConnSize .
func NewConnSize(c net.Conn, n int) Conn {
return Conn{bufio.NewReaderSize(c, n), c}
}
+// Peek .
func (c Conn) Peek(n int) ([]byte, error) {
return c.r.Peek(n)
}
+// Read .
func (c Conn) Read(p []byte) (int, error) {
return c.r.Read(p)
}
+// Relay .
func Relay(left, right net.Conn) (int64, int64, error) {
type res struct {
N int64
diff --git a/common/log/log.go b/common/log/log.go
index ae80f47..edc967f 100644
--- a/common/log/log.go
+++ b/common/log/log.go
@@ -5,12 +5,16 @@ import "log"
// Func defines a simple log function
type Func func(f string, v ...interface{})
-var F Func
+// F is the main log function
+var F Func = func(f string, v ...interface{}) {
+}
+// Fatal log and exit
func Fatal(v ...interface{}) {
log.Fatal(v)
}
+// Fatalf log and exit
func Fatalf(f string, v ...interface{}) {
log.Fatalf(f, v)
}
diff --git a/common/socks/socks.go b/common/socks/socks.go
index 09f9515..7532402 100644
--- a/common/socks/socks.go
+++ b/common/socks/socks.go
@@ -7,6 +7,7 @@ import (
"strconv"
)
+// SOCKS auth type
const (
AuthNone = 0
AuthPassword = 2
@@ -29,6 +30,7 @@ const (
// MaxAddrLen is the maximum size of SOCKS address in bytes.
const MaxAddrLen = 1 + 1 + 255 + 2
+// Errors are socks5 errors
var Errors = []error{
errors.New(""),
errors.New("general failure"),
@@ -42,6 +44,7 @@ var Errors = []error{
errors.New("socks5UDPAssociate"),
}
+// Addr .
type Addr []byte
// String serializes SOCKS address a to string form.
@@ -73,6 +76,7 @@ func ATYP(b byte) int {
return int(b &^ 0x8)
}
+// ReadAddrBuf reads just enough bytes from r to get a valid Addr.
func ReadAddrBuf(r io.Reader, b []byte) (Addr, error) {
if len(b) < MaxAddrLen {
return nil, io.ErrShortBuffer
diff --git a/main.go b/main.go
index 6fe1c33..e9334c9 100644
--- a/main.go
+++ b/main.go
@@ -1,7 +1,6 @@
package main
import (
- stdlog "log"
"os"
"os/signal"
"strings"
@@ -36,11 +35,11 @@ func main() {
confInit()
- log.F = func(f string, v ...interface{}) {
- if conf.Verbose {
- stdlog.Printf(f, v...)
- }
- }
+ // log.F = func(f string, v ...interface{}) {
+ // if conf.Verbose {
+ // stdlog.Printf(f, v...)
+ // }
+ // }
sDialer := NewRuleDialer(conf.rules, dialerFromConf())
diff --git a/proxy/dialer.go b/proxy/dialer.go
index b25b3d1..7762b5b 100644
--- a/proxy/dialer.go
+++ b/proxy/dialer.go
@@ -9,7 +9,7 @@ import (
"github.com/nadoo/glider/common/log"
)
-// A proxy.Dialer means to establish a connection and relay it.
+// Dialer means to establish a connection and relay it.
type Dialer interface {
// Addr()
Addr() string
@@ -24,16 +24,19 @@ type Dialer interface {
NextDialer(dstAddr string) Dialer
}
+// DialerCreator is a function to create dialers.
type DialerCreator func(s string, dialer Dialer) (Dialer, error)
var (
dialerMap = make(map[string]DialerCreator)
)
+// RegisterDialer is used to register a dialer
func RegisterDialer(name string, c DialerCreator) {
dialerMap[name] = c
}
+// DialerFromURL calls the registered creator to create dialers.
func DialerFromURL(s string, dialer Dialer) (Dialer, error) {
u, err := url.Parse(s)
if err != nil {
diff --git a/proxy/server.go b/proxy/server.go
index 3e7bd60..4bc4e1d 100644
--- a/proxy/server.go
+++ b/proxy/server.go
@@ -14,16 +14,19 @@ type Server interface {
ListenAndServe()
}
+// ServerCreator is a function to create proxy servers.
type ServerCreator func(s string, dialer Dialer) (Server, error)
var (
serverMap = make(map[string]ServerCreator)
)
+// RegisterServer is used to register a proxy server
func RegisterServer(name string, c ServerCreator) {
serverMap[name] = c
}
+// ServerFromURL calls the registered creator to create proxy servers.
func ServerFromURL(s string, dialer Dialer) (Server, error) {
if !strings.Contains(s, "://") {
s = "mixed://" + s
diff --git a/proxy/socks5/socks5.go b/proxy/socks5/socks5.go
index 2d88581..a76734b 100644
--- a/proxy/socks5/socks5.go
+++ b/proxy/socks5/socks5.go
@@ -26,6 +26,7 @@ import (
"github.com/nadoo/glider/proxy"
)
+// Version: socks5 version
const Version = 5
// SOCKS5 struct
From 86cb9523d1a3110580e9297a9c610dde1de835c9 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 26 Jun 2018 17:09:41 +0800
Subject: [PATCH 172/341] main: custom log.F function
---
common/log/log.go | 6 +++---
main.go | 11 ++++++-----
proxy/socks5/socks5.go | 2 +-
3 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/common/log/log.go b/common/log/log.go
index edc967f..3022cab 100644
--- a/common/log/log.go
+++ b/common/log/log.go
@@ -1,6 +1,6 @@
package log
-import "log"
+import stdlog "log"
// Func defines a simple log function
type Func func(f string, v ...interface{})
@@ -11,10 +11,10 @@ var F Func = func(f string, v ...interface{}) {
// Fatal log and exit
func Fatal(v ...interface{}) {
- log.Fatal(v)
+ stdlog.Fatal(v)
}
// Fatalf log and exit
func Fatalf(f string, v ...interface{}) {
- log.Fatalf(f, v)
+ stdlog.Fatalf(f, v)
}
diff --git a/main.go b/main.go
index e9334c9..6fe1c33 100644
--- a/main.go
+++ b/main.go
@@ -1,6 +1,7 @@
package main
import (
+ stdlog "log"
"os"
"os/signal"
"strings"
@@ -35,11 +36,11 @@ func main() {
confInit()
- // log.F = func(f string, v ...interface{}) {
- // if conf.Verbose {
- // stdlog.Printf(f, v...)
- // }
- // }
+ log.F = func(f string, v ...interface{}) {
+ if conf.Verbose {
+ stdlog.Printf(f, v...)
+ }
+ }
sDialer := NewRuleDialer(conf.rules, dialerFromConf())
diff --git a/proxy/socks5/socks5.go b/proxy/socks5/socks5.go
index a76734b..1768814 100644
--- a/proxy/socks5/socks5.go
+++ b/proxy/socks5/socks5.go
@@ -26,7 +26,7 @@ import (
"github.com/nadoo/glider/proxy"
)
-// Version: socks5 version
+// Version is socks5 version number
const Version = 5
// SOCKS5 struct
From ea7c8bcfadd83797c9b81cb0e31b1a26b5b96a8c Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 26 Jun 2018 20:43:47 +0800
Subject: [PATCH 173/341] main: optimize code
---
common/log/log.go | 7 +++----
features.go | 12 ------------
main.go | 9 +++++++++
features_linux.go => main_linux.go | 0
4 files changed, 12 insertions(+), 16 deletions(-)
delete mode 100644 features.go
rename features_linux.go => main_linux.go (100%)
diff --git a/common/log/log.go b/common/log/log.go
index 3022cab..9bf4e1c 100644
--- a/common/log/log.go
+++ b/common/log/log.go
@@ -6,15 +6,14 @@ import stdlog "log"
type Func func(f string, v ...interface{})
// F is the main log function
-var F Func = func(f string, v ...interface{}) {
-}
+var F Func = func(string, ...interface{}) {}
// Fatal log and exit
func Fatal(v ...interface{}) {
- stdlog.Fatal(v)
+ stdlog.Fatal(v...)
}
// Fatalf log and exit
func Fatalf(f string, v ...interface{}) {
- stdlog.Fatalf(f, v)
+ stdlog.Fatalf(f, v...)
}
diff --git a/features.go b/features.go
deleted file mode 100644
index 3bcb351..0000000
--- a/features.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package main
-
-import (
- _ "github.com/nadoo/glider/proxy/http"
- _ "github.com/nadoo/glider/proxy/mixed"
- _ "github.com/nadoo/glider/proxy/socks5"
- _ "github.com/nadoo/glider/proxy/ss"
- _ "github.com/nadoo/glider/proxy/ssr"
- _ "github.com/nadoo/glider/proxy/tcptun"
- _ "github.com/nadoo/glider/proxy/udptun"
- _ "github.com/nadoo/glider/proxy/uottun"
-)
diff --git a/main.go b/main.go
index 6fe1c33..ffc8198 100644
--- a/main.go
+++ b/main.go
@@ -9,6 +9,15 @@ import (
"github.com/nadoo/glider/common/log"
"github.com/nadoo/glider/proxy"
+
+ _ "github.com/nadoo/glider/proxy/http"
+ _ "github.com/nadoo/glider/proxy/mixed"
+ _ "github.com/nadoo/glider/proxy/socks5"
+ _ "github.com/nadoo/glider/proxy/ss"
+ _ "github.com/nadoo/glider/proxy/ssr"
+ _ "github.com/nadoo/glider/proxy/tcptun"
+ _ "github.com/nadoo/glider/proxy/udptun"
+ _ "github.com/nadoo/glider/proxy/uottun"
)
// VERSION .
diff --git a/features_linux.go b/main_linux.go
similarity index 100%
rename from features_linux.go
rename to main_linux.go
From 5867055b109e5f92b01e8f874fc70438b4a44c5f Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 26 Jun 2018 21:22:24 +0800
Subject: [PATCH 174/341] dns: move dns to package, add dnstun support
---
dns.go => dns/dns.go | 76 +++++++++++++++++++++---------------------
main.go | 12 ++++---
proxy/dnstun/dnstun.go | 65 ++++++++++++++++++++++++++++++++++++
3 files changed, 110 insertions(+), 43 deletions(-)
rename dns.go => dns/dns.go (90%)
create mode 100644 proxy/dnstun/dnstun.go
diff --git a/dns.go b/dns/dns.go
similarity index 90%
rename from dns.go
rename to dns/dns.go
index 97006ee..3ccea19 100644
--- a/dns.go
+++ b/dns/dns.go
@@ -1,6 +1,6 @@
// https://tools.ietf.org/html/rfc1035
-package main
+package dns
import (
"encoding/binary"
@@ -13,25 +13,25 @@ import (
"github.com/nadoo/glider/proxy"
)
-// DNSHeaderLen is the length of dns msg header
-const DNSHeaderLen = 12
+// HeaderLen is the length of dns msg header
+const HeaderLen = 12
-// DNSUDPMaxLen is the max size of udp dns request.
+// UDPMaxLen is the max size of udp dns request.
// https://tools.ietf.org/html/rfc1035#section-4.2.1
// Messages carried by UDP are restricted to 512 bytes (not counting the IP
// or UDP headers). Longer messages are truncated and the TC bit is set in
// the header.
// TODO: If the request length > 512 then the client will send TCP packets instead,
// so we should also serve tcp requests.
-const DNSUDPMaxLen = 512
+const UDPMaxLen = 512
-// DNSQTypeA ipv4
-const DNSQTypeA = 1
+// QType .
+const (
+ QTypeA = 1 //ipv4
+ QTypeAAAA = 28 ///ipv6
+)
-// DNSQTypeAAAA ipv6
-const DNSQTypeAAAA = 28
-
-// DNSMsg format
+// Msg format
// https://tools.ietf.org/html/rfc1035#section-4.1
// All communications inside of the domain protocol are carried in a single
// format called a message. The top level format of message is divided
@@ -47,13 +47,13 @@ const DNSQTypeAAAA = 28
// | Authority | RRs pointing toward an authority
// +---------------------+
// | Additional | RRs holding additional information
-// type DNSMsg struct {
-// DNSHeader
-// Questions []DNSQuestion
-// Answers []DNSRR
+// type Msg struct {
+// Header
+// Questions []Question
+// Answers []RR
// }
-// DNSHeader format
+// Header format
// https://tools.ietf.org/html/rfc1035#section-4.1.1
// The header contains the following fields:
//
@@ -73,11 +73,11 @@ const DNSQTypeAAAA = 28
// | ARCOUNT |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//
-// type DNSHeader struct {
+// type Header struct {
// ID uint16
// }
-// DNSQuestion format
+// Question format
// https://tools.ietf.org/html/rfc1035#section-4.1.2
// The question section is used to carry the "question" in most queries,
// i.e., the parameters that define what is being asked. The section
@@ -94,7 +94,7 @@ const DNSQTypeAAAA = 28
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | QCLASS |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-type DNSQuestion struct {
+type Question struct {
QNAME string
QTYPE uint16
QCLASS uint16
@@ -102,7 +102,7 @@ type DNSQuestion struct {
Offset int
}
-// DNSRR format
+// RR format
// https://tools.ietf.org/html/rfc1035#section-3.2.1
// All RRs have the same top level format shown below:
//
@@ -126,7 +126,7 @@ type DNSQuestion struct {
// / RDATA /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-type DNSRR struct {
+type RR struct {
// NAME string
TYPE uint16
CLASS uint16
@@ -137,8 +137,8 @@ type DNSRR struct {
IP string
}
-// DNSAnswerHandler function handles the dns TypeA or TypeAAAA answer
-type DNSAnswerHandler func(Domain, ip string) error
+// AnswerHandler function handles the dns TypeA or TypeAAAA answer
+type AnswerHandler func(Domain, ip string) error
// DNS .
type DNS struct {
@@ -150,7 +150,7 @@ type DNS struct {
DNSServer string
DNSServerMap map[string]string
- AnswerHandlers []DNSAnswerHandler
+ AnswerHandlers []AnswerHandler
}
// NewDNS returns a dns forwarder. client[dns.udp] -> glider[tcp] -> forwarder[dns.tcp] -> remote dns addr
@@ -186,7 +186,7 @@ func (s *DNS) ListenAndServeUDP() {
log.F("proxy-dns listening UDP on %s", s.addr)
for {
- b := make([]byte, DNSUDPMaxLen)
+ b := make([]byte, UDPMaxLen)
n, clientAddr, err := c.ReadFrom(b)
if err != nil {
log.F("proxy-dns local read error: %v", err)
@@ -195,7 +195,7 @@ func (s *DNS) ListenAndServeUDP() {
reqLen := uint16(n)
// TODO: check here
- if reqLen <= DNSHeaderLen+2 {
+ if reqLen <= HeaderLen+2 {
log.F("proxy-dns not enough data")
continue
}
@@ -253,7 +253,7 @@ func (s *DNS) ServeTCP(c net.Conn) {
}
// TODO: check here
- if reqLen <= DNSHeaderLen+2 {
+ if reqLen <= HeaderLen+2 {
log.F("proxy-dns-tcp not enough data")
return
}
@@ -333,10 +333,10 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint1
return
}
- if (respReq.QTYPE == DNSQTypeA || respReq.QTYPE == DNSQTypeAAAA) &&
+ if (respReq.QTYPE == QTypeA || respReq.QTYPE == QTypeAAAA) &&
len(respMsg) > respReq.Offset {
- var answers []*DNSRR
+ var answers []*RR
answers, err = parseAnswers(respMsg[respReq.Offset:])
if err != nil {
log.F("proxy-dns error in parseAnswers: %s", err)
@@ -380,17 +380,17 @@ func (s *DNS) GetServer(domain string) string {
}
// AddAnswerHandler .
-func (s *DNS) AddAnswerHandler(h DNSAnswerHandler) {
+func (s *DNS) AddAnswerHandler(h AnswerHandler) {
s.AnswerHandlers = append(s.AnswerHandlers, h)
}
-func parseQuestion(p []byte) (*DNSQuestion, error) {
- q := &DNSQuestion{}
+func parseQuestion(p []byte) (*Question, error) {
+ q := &Question{}
lenP := len(p)
var i int
var domain []byte
- for i = DNSHeaderLen; i < lenP; {
+ for i = HeaderLen; i < lenP; {
l := int(p[i])
if l == 0 {
@@ -425,8 +425,8 @@ func parseQuestion(p []byte) (*DNSQuestion, error) {
return q, nil
}
-func parseAnswers(p []byte) ([]*DNSRR, error) {
- var answers []*DNSRR
+func parseAnswers(p []byte) ([]*RR, error) {
+ var answers []*RR
lenP := len(p)
for i := 0; i < lenP; {
@@ -448,7 +448,7 @@ func parseAnswers(p []byte) ([]*DNSRR, error) {
return nil, errors.New("not enough data")
}
- answer := &DNSRR{}
+ answer := &RR{}
answer.TYPE = binary.BigEndian.Uint16(p[i:])
answer.CLASS = binary.BigEndian.Uint16(p[i+2:])
@@ -456,9 +456,9 @@ func parseAnswers(p []byte) ([]*DNSRR, error) {
answer.RDLENGTH = binary.BigEndian.Uint16(p[i+8:])
answer.RDATA = p[i+10 : i+10+int(answer.RDLENGTH)]
- if answer.TYPE == DNSQTypeA {
+ if answer.TYPE == QTypeA {
answer.IP = net.IP(answer.RDATA[:net.IPv4len]).String()
- } else if answer.TYPE == DNSQTypeAAAA {
+ } else if answer.TYPE == QTypeAAAA {
answer.IP = net.IP(answer.RDATA[:net.IPv6len]).String()
}
diff --git a/main.go b/main.go
index ffc8198..9533e40 100644
--- a/main.go
+++ b/main.go
@@ -8,8 +8,10 @@ import (
"syscall"
"github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/dns"
"github.com/nadoo/glider/proxy"
+ _ "github.com/nadoo/glider/proxy/dnstun"
_ "github.com/nadoo/glider/proxy/http"
_ "github.com/nadoo/glider/proxy/mixed"
_ "github.com/nadoo/glider/proxy/socks5"
@@ -68,7 +70,7 @@ func main() {
}
if conf.DNS != "" {
- dns, err := NewDNS(conf.DNS, conf.DNSServer[0], sDialer, false)
+ d, err := dns.NewDNS(conf.DNS, conf.DNSServer[0], sDialer, false)
if err != nil {
log.Fatal(err)
}
@@ -77,18 +79,18 @@ func main() {
for _, r := range conf.rules {
for _, domain := range r.Domain {
if len(r.DNSServer) > 0 {
- dns.SetServer(domain, r.DNSServer[0])
+ d.SetServer(domain, r.DNSServer[0])
}
}
}
// add a handler to update proxy rules when a domain resolved
- dns.AddAnswerHandler(sDialer.AddDomainIP)
+ d.AddAnswerHandler(sDialer.AddDomainIP)
if ipsetM != nil {
- dns.AddAnswerHandler(ipsetM.AddDomainIP)
+ d.AddAnswerHandler(ipsetM.AddDomainIP)
}
- go dns.ListenAndServe()
+ go d.ListenAndServe()
}
sigCh := make(chan os.Signal, 1)
diff --git a/proxy/dnstun/dnstun.go b/proxy/dnstun/dnstun.go
new file mode 100644
index 0000000..872ee4e
--- /dev/null
+++ b/proxy/dnstun/dnstun.go
@@ -0,0 +1,65 @@
+// https://tools.ietf.org/html/rfc1035
+
+package dnstun
+
+import (
+ "net/url"
+ "strings"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/dns"
+ "github.com/nadoo/glider/proxy"
+ "github.com/nadoo/glider/proxy/tcptun"
+)
+
+// DNSTun struct
+type DNSTun struct {
+ dialer proxy.Dialer
+ addr string
+
+ raddr string
+
+ dns *dns.DNS
+ tcp *tcptun.TCPTun
+}
+
+func init() {
+ proxy.RegisterServer("dnstun", NewDNSTunServer)
+}
+
+// NewDNSTun returns a dns tunnel forwarder.
+func NewDNSTun(s string, dialer proxy.Dialer) (*DNSTun, error) {
+
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+ d := strings.Split(addr, "=")
+
+ addr, raddr := d[0], d[1]
+
+ p := &DNSTun{
+ dialer: dialer,
+ addr: addr,
+ raddr: raddr,
+ }
+
+ p.dns, _ = dns.NewDNS(addr, raddr, dialer, true)
+
+ return p, nil
+}
+
+// NewDNSTunServer returns a dns tunnel server.
+func NewDNSTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewDNSTun(s, dialer)
+}
+
+// ListenAndServe .
+func (s *DNSTun) ListenAndServe() {
+ if s.dns != nil {
+ go s.dns.ListenAndServe()
+ }
+}
From fde057259337b697eff6df2cda8f0bb656581e17 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 26 Jun 2018 22:32:24 +0800
Subject: [PATCH 175/341] vmess: add experimental vemss support
---
main.go | 1 +
proxy/dnstun/dnstun.go | 1 -
proxy/vmess/vmess.go | 177 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 178 insertions(+), 1 deletion(-)
create mode 100644 proxy/vmess/vmess.go
diff --git a/main.go b/main.go
index 9533e40..565e40d 100644
--- a/main.go
+++ b/main.go
@@ -20,6 +20,7 @@ import (
_ "github.com/nadoo/glider/proxy/tcptun"
_ "github.com/nadoo/glider/proxy/udptun"
_ "github.com/nadoo/glider/proxy/uottun"
+ _ "github.com/nadoo/glider/proxy/vmess"
)
// VERSION .
diff --git a/proxy/dnstun/dnstun.go b/proxy/dnstun/dnstun.go
index 872ee4e..d167c76 100644
--- a/proxy/dnstun/dnstun.go
+++ b/proxy/dnstun/dnstun.go
@@ -38,7 +38,6 @@ func NewDNSTun(s string, dialer proxy.Dialer) (*DNSTun, error) {
addr := u.Host
d := strings.Split(addr, "=")
-
addr, raddr := d[0], d[1]
p := &DNSTun{
diff --git a/proxy/vmess/vmess.go b/proxy/vmess/vmess.go
new file mode 100644
index 0000000..39f2eaa
--- /dev/null
+++ b/proxy/vmess/vmess.go
@@ -0,0 +1,177 @@
+package vmess
+
+import (
+ "context"
+ "errors"
+ "net"
+ "net/url"
+ "strconv"
+ "strings"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+
+ "v2ray.com/core"
+ "v2ray.com/core/app/dispatcher"
+ "v2ray.com/core/app/proxyman"
+ v2net "v2ray.com/core/common/net"
+ "v2ray.com/core/common/protocol"
+ "v2ray.com/core/common/serial"
+ "v2ray.com/core/proxy/vmess"
+ "v2ray.com/core/proxy/vmess/outbound"
+ "v2ray.com/core/transport/internet"
+ "v2ray.com/core/transport/internet/tls"
+
+ _ "v2ray.com/core/app/proxyman/outbound"
+ _ "v2ray.com/core/transport/internet/tcp"
+)
+
+// VMess .
+type VMess struct {
+ dialer proxy.Dialer
+ addr string
+
+ uuid string
+ alertID uint32
+ network string
+ security string
+
+ config *core.Config
+ instance *core.Instance
+}
+
+func init() {
+ proxy.RegisterDialer("vmess", NewVMessDialer)
+}
+
+// NewVMess returns a vmess proxy.
+func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse url err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+ host := u.Hostname()
+ port, err := strconv.ParseUint(u.Port(), 10, 32)
+ if err != nil {
+ log.F("parse port err: %s", err)
+ return nil, err
+ }
+
+ var uuid, aid string
+ if u.User != nil {
+ uuid = u.User.Username()
+ aid, _ = u.User.Password()
+ }
+
+ alertID, err := strconv.ParseUint(aid, 10, 32)
+ if err != nil {
+ log.F("parse alertID err: %s", err)
+ return nil, err
+ }
+
+ config := &core.Config{
+ App: []*serial.TypedMessage{
+ serial.ToTypedMessage(&dispatcher.Config{}),
+ serial.ToTypedMessage(&proxyman.OutboundConfig{}),
+ },
+ Outbound: []*core.OutboundHandlerConfig{{
+ ProxySettings: serial.ToTypedMessage(&outbound.Config{
+ Receiver: []*protocol.ServerEndpoint{
+ {
+ Address: v2net.NewIPOrDomain(v2net.ParseAddress(host)),
+ Port: uint32(port),
+ User: []*protocol.User{
+ {
+ Account: serial.ToTypedMessage(&vmess.Account{
+ Id: uuid,
+ AlterId: uint32(alertID),
+ SecuritySettings: &protocol.SecurityConfig{
+ Type: protocol.SecurityType_NONE,
+ },
+ }),
+ },
+ },
+ },
+ },
+ }),
+ SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{
+ StreamSettings: &internet.StreamConfig{
+ Protocol: internet.TransportProtocol_TCP,
+ SecurityType: serial.GetMessageType(&tls.Config{}),
+ SecuritySettings: []*serial.TypedMessage{
+ serial.ToTypedMessage(&tls.Config{
+ AllowInsecure: true,
+ }),
+ },
+ },
+ })},
+ },
+ }
+
+ v, err := core.New(config)
+ if err != nil {
+ log.Fatal("Failed to create V: ", err.Error())
+ }
+
+ p := &VMess{
+ dialer: dialer,
+ addr: addr,
+
+ uuid: uuid,
+ alertID: uint32(alertID),
+ network: "tcp",
+ security: "tls",
+
+ config: config,
+ instance: v,
+ }
+
+ return p, nil
+}
+
+// NewVMessDialer returns a vmess proxy dialer.
+func NewVMessDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewVMess(s, dialer)
+}
+
+// Addr returns forwarder's address
+func (s *VMess) Addr() string { return s.addr }
+
+// NextDialer returns the next dialer
+func (s *VMess) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial connects to the address addr on the network net via the proxy.
+func (s *VMess) Dial(network, addr string) (net.Conn, error) {
+
+ // c, err := s.dialer.Dial("tcp", s.addr)
+
+ d := strings.Split(addr, ":")
+ host, portStr := d[0], d[1]
+ port, err := strconv.ParseUint(portStr, 10, 32)
+ if err != nil {
+ log.F("parse portStr err: %s", err)
+ return nil, err
+ }
+
+ // TODO: does not support upstream dialer now
+ c, err := core.Dial(context.Background(), s.instance, v2net.TCPDestination(v2net.ParseAddress(host), v2net.Port(port)))
+ if err != nil {
+ log.F("proxy-vmess dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ return c, err
+
+}
+
+// DialUDP connects to the given address via the proxy.
+func (s *VMess) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ return nil, nil, errors.New("vmess client does not support udp now")
+}
From f3db1980cf75f8ca9430c153f03921aaa6b9fc16 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 28 Jun 2018 09:49:23 +0800
Subject: [PATCH 176/341] general: tidy code
---
README.md | 3 --
ipset_linux.go | 56 +++++++++++++----------
proxy/http/http.go | 11 +----
proxy/socks5/packet.go | 99 ++++++++++++++++++++++++++++++++++++++++
proxy/socks5/socks5.go | 101 ++---------------------------------------
proxy/ss/packet.go | 67 +++++++++++++++++++++++++++
proxy/ss/ss.go | 60 ------------------------
proxy/vmess/vmess.go | 26 +++++++----
8 files changed, 222 insertions(+), 201 deletions(-)
create mode 100644 proxy/socks5/packet.go
create mode 100644 proxy/ss/packet.go
diff --git a/README.md b/README.md
index 6ab0949..7019b8d 100644
--- a/README.md
+++ b/README.md
@@ -50,12 +50,9 @@ General:
- Rule proxy based on destinations: [Config Examples](config/examples)
TODO:
-
- [ ] Transparent UDP proxy (iptables tproxy)
- [ ] DNS Cache
- [ ] TUN/TAP device support
-- [ ] Code refactoring: support proxy registering so it can be pluggable
-- [ ] Conditional compilation so we can abandon needless proxy type and get a smaller binary size
- [ ] IPv6 support
- [ ] SSH tunnel support
diff --git a/ipset_linux.go b/ipset_linux.go
index 67e9222..f3cd02d 100644
--- a/ipset_linux.go
+++ b/ipset_linux.go
@@ -17,42 +17,52 @@ import (
"github.com/nadoo/glider/common/log"
)
-// netfilter netlink message types
+// NFNL_SUBSYS_IPSET netfilter netlink message types
// https://github.com/torvalds/linux/blob/9e66317d3c92ddaab330c125dfe9d06eee268aff/include/uapi/linux/netfilter/nfnetlink.h#L56
-// NFNL_SUBSYS_IPSET
const NFNL_SUBSYS_IPSET = 6
// http://git.netfilter.org/ipset/tree/include/libipset/linux_ip_set.h
-// IPSET_PROTOCOL: The protocol version
+// IPSET_PROTOCOL The protocol version
const IPSET_PROTOCOL = 6
-// IPSET_MAXNAMELEN: The max length of strings including NUL: set and type identifiers
+// IPSET_MAXNAMELEN The max length of strings including NUL: set and type identifiers
const IPSET_MAXNAMELEN = 32
// Message types and commands
-const IPSET_CMD_CREATE = 2
-const IPSET_CMD_FLUSH = 4
-const IPSET_CMD_ADD = 9
-const IPSET_CMD_DEL = 10
+const (
+ IPSET_CMD_CREATE = 2
+ IPSET_CMD_FLUSH = 4
+ IPSET_CMD_ADD = 9
+ IPSET_CMD_DEL = 10
+)
-/* Attributes at command level */
-const IPSET_ATTR_PROTOCOL = 1 /* 1: Protocol version */
-const IPSET_ATTR_SETNAME = 2 /* 2: Name of the set */
-const IPSET_ATTR_TYPENAME = 3 /* 3: Typename */
-const IPSET_ATTR_REVISION = 4 /* 4: Settype revision */
-const IPSET_ATTR_FAMILY = 5 /* 5: Settype family */
-const IPSET_ATTR_DATA = 7 /* 7: Nested attributes */
+// Attributes at command level
+const (
+ IPSET_ATTR_PROTOCOL = 1 /* 1: Protocol version */
+ IPSET_ATTR_SETNAME = 2 /* 2: Name of the set */
+ IPSET_ATTR_TYPENAME = 3 /* 3: Typename */
+ IPSET_ATTR_REVISION = 4 /* 4: Settype revision */
+ IPSET_ATTR_FAMILY = 5 /* 5: Settype family */
+ IPSET_ATTR_DATA = 7 /* 7: Nested attributes */
+)
-/* CADT specific attributes */
-const IPSET_ATTR_IP = 1
-const IPSET_ATTR_CIDR = 3
+// CADT specific attributes
+const (
+ IPSET_ATTR_IP = 1
+ IPSET_ATTR_CIDR = 3
+)
-/* IP specific attributes */
-const IPSET_ATTR_IPADDR_IPV4 = 1
-const IPSET_ATTR_IPADDR_IPV6 = 2
+// IP specific attributes
+const (
+ IPSET_ATTR_IPADDR_IPV4 = 1
+ IPSET_ATTR_IPADDR_IPV6 = 2
+)
-const NLA_F_NESTED = (1 << 15)
-const NLA_F_NET_BYTEORDER = (1 << 14)
+// ATTR flags
+const (
+ NLA_F_NESTED = (1 << 15)
+ NLA_F_NET_BYTEORDER = (1 << 14)
+)
var nextSeqNr uint32
var nativeEndian binary.ByteOrder
diff --git a/proxy/http/http.go b/proxy/http/http.go
index 4ef64ed..a013518 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -117,19 +117,10 @@ func (s *HTTP) Serve(c net.Conn) {
return
}
cleanHeaders(reqHeader)
+
// tell the remote server not to keep alive
reqHeader.Set("Connection", "close")
- // X-Forwarded-For
- // if s.xff {
- // if reqHeader.Get("X-Forwarded-For") != "" {
- // reqHeader.Add("X-Forwarded-For", ",")
- // }
- // reqHeader.Add("X-Forwarded-For", c.RemoteAddr().(*net.TCPAddr).IP.String())
- // reqHeader.Add("X-Forwarded-For", ",")
- // reqHeader.Add("X-Forwarded-For", s.selfip)
- // }
-
url, err := url.ParseRequestURI(requestURI)
if err != nil {
log.F("proxy-http parse request url error: %s", err)
diff --git a/proxy/socks5/packet.go b/proxy/socks5/packet.go
new file mode 100644
index 0000000..289323c
--- /dev/null
+++ b/proxy/socks5/packet.go
@@ -0,0 +1,99 @@
+package socks5
+
+import (
+ "net"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/common/socks"
+)
+
+// PktConn .
+type PktConn struct {
+ net.PacketConn
+
+ writeAddr net.Addr // write to and read from addr
+
+ tgtAddr socks.Addr
+ tgtHeader bool
+
+ ctrlConn net.Conn // tcp control conn
+}
+
+// NewPktConn returns a PktConn
+func NewPktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr socks.Addr, tgtHeader bool, ctrlConn net.Conn) *PktConn {
+ pc := &PktConn{
+ PacketConn: c,
+ writeAddr: writeAddr,
+ tgtAddr: tgtAddr,
+ tgtHeader: tgtHeader,
+ ctrlConn: ctrlConn}
+
+ if ctrlConn != nil {
+ go func() {
+ buf := []byte{}
+ for {
+ _, err := ctrlConn.Read(buf)
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ continue
+ }
+ log.F("proxy-socks5 dialudp udp associate end")
+ return
+ }
+ }()
+ }
+
+ return pc
+}
+
+// ReadFrom overrides the original function from net.PacketConn
+func (pc *PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
+ if !pc.tgtHeader {
+ return pc.PacketConn.ReadFrom(b)
+ }
+
+ buf := make([]byte, len(b))
+ n, raddr, err := pc.PacketConn.ReadFrom(buf)
+ if err != nil {
+ return n, raddr, err
+ }
+
+ // https://tools.ietf.org/html/rfc1928#section-7
+ // +----+------+------+----------+----------+----------+
+ // |RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA |
+ // +----+------+------+----------+----------+----------+
+ // | 2 | 1 | 1 | Variable | 2 | Variable |
+ // +----+------+------+----------+----------+----------+
+ tgtAddr := socks.SplitAddr(buf[3:])
+ copy(b, buf[3+len(tgtAddr):])
+
+ //test
+ if pc.writeAddr == nil {
+ pc.writeAddr = raddr
+ }
+
+ if pc.tgtAddr == nil {
+ pc.tgtAddr = tgtAddr
+ }
+
+ return n - len(tgtAddr) - 3, raddr, err
+}
+
+// WriteTo overrides the original function from net.PacketConn
+func (pc *PktConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+ if !pc.tgtHeader {
+ return pc.PacketConn.WriteTo(b, addr)
+ }
+
+ buf := append([]byte{0, 0, 0}, pc.tgtAddr...)
+ buf = append(buf, b[:]...)
+ return pc.PacketConn.WriteTo(buf, pc.writeAddr)
+}
+
+// Close .
+func (pc *PktConn) Close() error {
+ if pc.ctrlConn != nil {
+ pc.ctrlConn.Close()
+ }
+
+ return pc.PacketConn.Close()
+}
diff --git a/proxy/socks5/socks5.go b/proxy/socks5/socks5.go
index 1768814..2e9c784 100644
--- a/proxy/socks5/socks5.go
+++ b/proxy/socks5/socks5.go
@@ -166,7 +166,7 @@ func (s *SOCKS5) ListenAndServeUDP() {
buf := make([]byte, conn.UDPBufSize)
for {
- c := NewSocks5PktConn(lc, nil, nil, true, nil)
+ c := NewPktConn(lc, nil, nil, true, nil)
n, raddr, err := c.ReadFrom(buf)
if err != nil {
@@ -174,7 +174,7 @@ func (s *SOCKS5) ListenAndServeUDP() {
continue
}
- var pc *Socks5PktConn
+ var pc *PktConn
v, ok := nm.Load(raddr.String())
if !ok && v == nil {
if c.tgtAddr == nil {
@@ -188,7 +188,7 @@ func (s *SOCKS5) ListenAndServeUDP() {
continue
}
- pc = NewSocks5PktConn(lpc, nextHop, nil, false, nil)
+ pc = NewPktConn(lpc, nextHop, nil, false, nil)
nm.Store(raddr.String(), pc)
go func() {
@@ -198,7 +198,7 @@ func (s *SOCKS5) ListenAndServeUDP() {
}()
} else {
- pc = v.(*Socks5PktConn)
+ pc = v.(*PktConn)
}
_, err = pc.WriteTo(buf[:n], pc.writeAddr)
@@ -291,7 +291,7 @@ func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.A
return nil, nil, err
}
- pkc := NewSocks5PktConn(pc, nextHop, dstAddr, true, c)
+ pkc := NewPktConn(pc, nextHop, dstAddr, true, c)
return pkc, nextHop, err
}
@@ -469,94 +469,3 @@ func (s *SOCKS5) handshake(rw io.ReadWriter) (socks.Addr, error) {
return addr, err // skip VER, CMD, RSV fields
}
-
-// Socks5PktConn .
-type Socks5PktConn struct {
- net.PacketConn
-
- writeAddr net.Addr // write to and read from addr
-
- tgtAddr socks.Addr
- tgtHeader bool
-
- ctrlConn net.Conn // tcp control conn
-}
-
-// NewSocks5PktConn returns a Socks5PktConn
-func NewSocks5PktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr socks.Addr, tgtHeader bool, ctrlConn net.Conn) *Socks5PktConn {
- pc := &Socks5PktConn{
- PacketConn: c,
- writeAddr: writeAddr,
- tgtAddr: tgtAddr,
- tgtHeader: tgtHeader,
- ctrlConn: ctrlConn}
-
- if ctrlConn != nil {
- go func() {
- buf := []byte{}
- for {
- _, err := ctrlConn.Read(buf)
- if err, ok := err.(net.Error); ok && err.Timeout() {
- continue
- }
- log.F("proxy-socks5 dialudp udp associate end")
- return
- }
- }()
- }
-
- return pc
-}
-
-// ReadFrom overrides the original function from net.PacketConn
-func (pc *Socks5PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
- if !pc.tgtHeader {
- return pc.PacketConn.ReadFrom(b)
- }
-
- buf := make([]byte, len(b))
- n, raddr, err := pc.PacketConn.ReadFrom(buf)
- if err != nil {
- return n, raddr, err
- }
-
- // https://tools.ietf.org/html/rfc1928#section-7
- // +----+------+------+----------+----------+----------+
- // |RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA |
- // +----+------+------+----------+----------+----------+
- // | 2 | 1 | 1 | Variable | 2 | Variable |
- // +----+------+------+----------+----------+----------+
- tgtAddr := socks.SplitAddr(buf[3:])
- copy(b, buf[3+len(tgtAddr):])
-
- //test
- if pc.writeAddr == nil {
- pc.writeAddr = raddr
- }
-
- if pc.tgtAddr == nil {
- pc.tgtAddr = tgtAddr
- }
-
- return n - len(tgtAddr) - 3, raddr, err
-}
-
-// WriteTo overrides the original function from net.PacketConn
-func (pc *Socks5PktConn) WriteTo(b []byte, addr net.Addr) (int, error) {
- if !pc.tgtHeader {
- return pc.PacketConn.WriteTo(b, addr)
- }
-
- buf := append([]byte{0, 0, 0}, pc.tgtAddr...)
- buf = append(buf, b[:]...)
- return pc.PacketConn.WriteTo(buf, pc.writeAddr)
-}
-
-// Close .
-func (pc *Socks5PktConn) Close() error {
- if pc.ctrlConn != nil {
- pc.ctrlConn.Close()
- }
-
- return pc.PacketConn.Close()
-}
diff --git a/proxy/ss/packet.go b/proxy/ss/packet.go
new file mode 100644
index 0000000..91edf60
--- /dev/null
+++ b/proxy/ss/packet.go
@@ -0,0 +1,67 @@
+package ss
+
+import (
+ "net"
+
+ "github.com/nadoo/glider/common/socks"
+)
+
+// PktConn .
+type PktConn struct {
+ net.PacketConn
+
+ writeAddr net.Addr // write to and read from addr
+
+ tgtAddr socks.Addr
+ tgtHeader bool
+}
+
+// NewPktConn returns a PktConn
+func NewPktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr socks.Addr, tgtHeader bool) *PktConn {
+ pc := &PktConn{
+ PacketConn: c,
+ writeAddr: writeAddr,
+ tgtAddr: tgtAddr,
+ tgtHeader: tgtHeader}
+ return pc
+}
+
+// ReadFrom overrides the original function from net.PacketConn
+func (pc *PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
+ if !pc.tgtHeader {
+ return pc.PacketConn.ReadFrom(b)
+ }
+
+ buf := make([]byte, len(b))
+ n, raddr, err := pc.PacketConn.ReadFrom(buf)
+ if err != nil {
+ return n, raddr, err
+ }
+
+ tgtAddr := socks.SplitAddr(buf)
+ copy(b, buf[len(tgtAddr):])
+
+ //test
+ if pc.writeAddr == nil {
+ pc.writeAddr = raddr
+ }
+
+ if pc.tgtAddr == nil {
+ pc.tgtAddr = tgtAddr
+ }
+
+ return n - len(tgtAddr), raddr, err
+}
+
+// WriteTo overrides the original function from net.PacketConn
+func (pc *PktConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+ if !pc.tgtHeader {
+ return pc.PacketConn.WriteTo(b, addr)
+ }
+
+ buf := make([]byte, len(pc.tgtAddr)+len(b))
+ copy(buf, pc.tgtAddr)
+ copy(buf[len(pc.tgtAddr):], b)
+
+ return pc.PacketConn.WriteTo(buf, pc.writeAddr)
+}
diff --git a/proxy/ss/ss.go b/proxy/ss/ss.go
index 383d89e..0df4f46 100644
--- a/proxy/ss/ss.go
+++ b/proxy/ss/ss.go
@@ -279,63 +279,3 @@ func (s *SS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
pkc := NewPktConn(s.PacketConn(pc), nextHop, socks.ParseAddr(addr), true)
return pkc, nextHop, err
}
-
-// PktConn .
-type PktConn struct {
- net.PacketConn
-
- writeAddr net.Addr // write to and read from addr
-
- tgtAddr socks.Addr
- tgtHeader bool
-}
-
-// NewPktConn returns a PktConn
-func NewPktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr socks.Addr, tgtHeader bool) *PktConn {
- pc := &PktConn{
- PacketConn: c,
- writeAddr: writeAddr,
- tgtAddr: tgtAddr,
- tgtHeader: tgtHeader}
- return pc
-}
-
-// ReadFrom overrides the original function from net.PacketConn
-func (pc *PktConn) ReadFrom(b []byte) (int, net.Addr, error) {
- if !pc.tgtHeader {
- return pc.PacketConn.ReadFrom(b)
- }
-
- buf := make([]byte, len(b))
- n, raddr, err := pc.PacketConn.ReadFrom(buf)
- if err != nil {
- return n, raddr, err
- }
-
- tgtAddr := socks.SplitAddr(buf)
- copy(b, buf[len(tgtAddr):])
-
- //test
- if pc.writeAddr == nil {
- pc.writeAddr = raddr
- }
-
- if pc.tgtAddr == nil {
- pc.tgtAddr = tgtAddr
- }
-
- return n - len(tgtAddr), raddr, err
-}
-
-// WriteTo overrides the original function from net.PacketConn
-func (pc *PktConn) WriteTo(b []byte, addr net.Addr) (int, error) {
- if !pc.tgtHeader {
- return pc.PacketConn.WriteTo(b, addr)
- }
-
- buf := make([]byte, len(pc.tgtAddr)+len(b))
- copy(buf, pc.tgtAddr)
- copy(buf[len(pc.tgtAddr):], b)
-
- return pc.PacketConn.WriteTo(buf, pc.writeAddr)
-}
diff --git a/proxy/vmess/vmess.go b/proxy/vmess/vmess.go
index 39f2eaa..524091f 100644
--- a/proxy/vmess/vmess.go
+++ b/proxy/vmess/vmess.go
@@ -22,6 +22,7 @@ import (
"v2ray.com/core/transport/internet"
"v2ray.com/core/transport/internet/tls"
+ // needed
_ "v2ray.com/core/app/proxyman/outbound"
_ "v2ray.com/core/transport/internet/tcp"
)
@@ -31,10 +32,12 @@ type VMess struct {
dialer proxy.Dialer
addr string
- uuid string
- alertID uint32
- network string
- security string
+ uuid string
+ alertID uint32
+
+ outboundSecurity string
+ streamProtocol string
+ streamSecurity string
config *core.Config
instance *core.Instance
@@ -120,10 +123,12 @@ func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
dialer: dialer,
addr: addr,
- uuid: uuid,
- alertID: uint32(alertID),
- network: "tcp",
- security: "tls",
+ uuid: uuid,
+ alertID: uint32(alertID),
+
+ outboundSecurity: "auto",
+ streamProtocol: "tcp",
+ streamSecurity: "tls",
config: config,
instance: v,
@@ -157,7 +162,10 @@ func (s *VMess) Dial(network, addr string) (net.Conn, error) {
}
// TODO: does not support upstream dialer now
- c, err := core.Dial(context.Background(), s.instance, v2net.TCPDestination(v2net.ParseAddress(host), v2net.Port(port)))
+ c, err := core.Dial(context.Background(),
+ s.instance,
+ v2net.TCPDestination(v2net.ParseAddress(host), v2net.Port(port)))
+
if err != nil {
log.F("proxy-vmess dial to %s error: %s", s.addr, err)
return nil, err
From 7fda4f8710ebc253e23b3461a2203be3065dea12 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 28 Jun 2018 11:20:48 +0800
Subject: [PATCH 177/341] dns: optimize code
---
dns/dns.go | 19 +++++++++----------
ipset_linux.go | 14 +++++++++++++-
2 files changed, 22 insertions(+), 11 deletions(-)
diff --git a/dns/dns.go b/dns/dns.go
index 3ccea19..bb4f71e 100644
--- a/dns/dns.go
+++ b/dns/dns.go
@@ -291,10 +291,7 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint1
return
}
- dnsServer := s.DNSServer
- if !s.Tunnel {
- dnsServer = s.GetServer(query.QNAME)
- }
+ dnsServer := s.GetServer(query.QNAME)
rc, err := s.dialer.NextDialer(query.QNAME+":53").Dial("tcp", dnsServer)
if err != nil {
@@ -366,13 +363,15 @@ func (s *DNS) SetServer(domain, server string) {
// GetServer .
func (s *DNS) GetServer(domain string) string {
- domainParts := strings.Split(domain, ".")
- length := len(domainParts)
- for i := length - 2; i >= 0; i-- {
- domain := strings.Join(domainParts[i:length], ".")
+ if !s.Tunnel {
+ domainParts := strings.Split(domain, ".")
+ length := len(domainParts)
+ for i := length - 2; i >= 0; i-- {
+ domain := strings.Join(domainParts[i:length], ".")
- if server, ok := s.DNSServerMap[domain]; ok {
- return server
+ if server, ok := s.DNSServerMap[domain]; ok {
+ return server
+ }
}
}
diff --git a/ipset_linux.go b/ipset_linux.go
index f3cd02d..ba93d6f 100644
--- a/ipset_linux.go
+++ b/ipset_linux.go
@@ -21,8 +21,8 @@ import (
// https://github.com/torvalds/linux/blob/9e66317d3c92ddaab330c125dfe9d06eee268aff/include/uapi/linux/netfilter/nfnetlink.h#L56
const NFNL_SUBSYS_IPSET = 6
-// http://git.netfilter.org/ipset/tree/include/libipset/linux_ip_set.h
// IPSET_PROTOCOL The protocol version
+// http://git.netfilter.org/ipset/tree/include/libipset/linux_ip_set.h
const IPSET_PROTOCOL = 6
// IPSET_MAXNAMELEN The max length of strings including NUL: set and type identifiers
@@ -146,6 +146,7 @@ func (m *IPSetManager) AddDomainIP(domain, ip string) error {
return nil
}
+// CreateSet create a ipset
func CreateSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
if setName == "" {
return
@@ -189,6 +190,7 @@ func CreateSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
FlushSet(fd, lsa, setName)
}
+// FlushSet flush a ipset
func FlushSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
log.F("ipset flush %s", setName)
@@ -206,6 +208,7 @@ func FlushSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
}
+// AddToSet adds an entry to ipset
func AddToSet(fd int, lsa syscall.SockaddrNetlink, setName, entry string) {
if setName == "" {
return
@@ -280,6 +283,7 @@ func rtaAlignOf(attrlen int) int {
return (attrlen + syscall.RTA_ALIGNTO - 1) & ^(syscall.RTA_ALIGNTO - 1)
}
+// NetlinkRequestData .
type NetlinkRequestData interface {
Len() int
Serialize() []byte
@@ -291,6 +295,7 @@ type NfGenMsg struct {
resID uint16
}
+// NewNfGenMsg .
func NewNfGenMsg(nfgenFamily, version, resID int) *NfGenMsg {
return &NfGenMsg{
nfgenFamily: uint8(nfgenFamily),
@@ -429,6 +434,7 @@ func (req *NetlinkRequest) Serialize() []byte {
return b
}
+// AddData add data to request
func (req *NetlinkRequest) AddData(data NetlinkRequestData) {
if data != nil {
req.Data = append(req.Data, data)
@@ -442,10 +448,12 @@ func (req *NetlinkRequest) AddRawData(data []byte) {
}
}
+// Uint8Attr .
func Uint8Attr(v uint8) []byte {
return []byte{byte(v)}
}
+// Uint16Attr .
func Uint16Attr(v uint16) []byte {
native := NativeEndian()
bytes := make([]byte, 2)
@@ -453,6 +461,7 @@ func Uint16Attr(v uint16) []byte {
return bytes
}
+// Uint32Attr .
func Uint32Attr(v uint32) []byte {
native := NativeEndian()
bytes := make([]byte, 4)
@@ -460,6 +469,7 @@ func Uint32Attr(v uint32) []byte {
return bytes
}
+// ZeroTerminated .
func ZeroTerminated(s string) []byte {
bytes := make([]byte, len(s)+1)
for i := 0; i < len(s); i++ {
@@ -469,6 +479,7 @@ func ZeroTerminated(s string) []byte {
return bytes
}
+// NonZeroTerminated .
func NonZeroTerminated(s string) []byte {
bytes := make([]byte, len(s))
for i := 0; i < len(s); i++ {
@@ -477,6 +488,7 @@ func NonZeroTerminated(s string) []byte {
return bytes
}
+// BytesToString .
func BytesToString(b []byte) string {
n := bytes.Index(b, []byte{0})
return string(b[:n])
From 9dbc0acc8815d398164dbfbb7b569c455945faf1 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 28 Jun 2018 11:25:58 +0800
Subject: [PATCH 178/341] ipset: optimize code
---
ipset_linux.go | 47 +++++++++++++++++------------------------------
1 file changed, 17 insertions(+), 30 deletions(-)
diff --git a/ipset_linux.go b/ipset_linux.go
index ba93d6f..f0c15b1 100644
--- a/ipset_linux.go
+++ b/ipset_linux.go
@@ -161,26 +161,13 @@ func CreateSet(fd int, lsa syscall.SockaddrNetlink, setName string) {
req := NewNetlinkRequest(IPSET_CMD_CREATE|(NFNL_SUBSYS_IPSET<<8), syscall.NLM_F_REQUEST)
// TODO: support AF_INET6
- nfgenMsg := NewNfGenMsg(syscall.AF_INET, 0, 0)
- req.AddData(nfgenMsg)
-
- attrProto := NewRtAttr(IPSET_ATTR_PROTOCOL, Uint8Attr(IPSET_PROTOCOL))
- req.AddData(attrProto)
-
- attrSiteName := NewRtAttr(IPSET_ATTR_SETNAME, ZeroTerminated(setName))
- req.AddData(attrSiteName)
-
- attrSiteType := NewRtAttr(IPSET_ATTR_TYPENAME, ZeroTerminated("hash:net"))
- req.AddData(attrSiteType)
-
- attrRev := NewRtAttr(IPSET_ATTR_REVISION, Uint8Attr(1))
- req.AddData(attrRev)
-
- attrFamily := NewRtAttr(IPSET_ATTR_FAMILY, Uint8Attr(2))
- req.AddData(attrFamily)
-
- attrData := NewRtAttr(IPSET_ATTR_DATA|NLA_F_NESTED, nil)
- req.AddData(attrData)
+ req.AddData(NewNfGenMsg(syscall.AF_INET, 0, 0))
+ req.AddData(NewRtAttr(IPSET_ATTR_PROTOCOL, Uint8Attr(IPSET_PROTOCOL)))
+ req.AddData(NewRtAttr(IPSET_ATTR_SETNAME, ZeroTerminated(setName)))
+ req.AddData(NewRtAttr(IPSET_ATTR_TYPENAME, ZeroTerminated("hash:net")))
+ req.AddData(NewRtAttr(IPSET_ATTR_REVISION, Uint8Attr(1)))
+ req.AddData(NewRtAttr(IPSET_ATTR_FAMILY, Uint8Attr(2)))
+ req.AddData(NewRtAttr(IPSET_ATTR_DATA|NLA_F_NESTED, nil))
err := syscall.Sendto(fd, req.Serialize(), 0, &lsa)
if err != nil {
@@ -236,14 +223,9 @@ func AddToSet(fd int, lsa syscall.SockaddrNetlink, setName, entry string) {
req := NewNetlinkRequest(IPSET_CMD_ADD|(NFNL_SUBSYS_IPSET<<8), syscall.NLM_F_REQUEST)
// TODO: support AF_INET6
- nfgenMsg := NewNfGenMsg(syscall.AF_INET, 0, 0)
- req.AddData(nfgenMsg)
-
- attrProto := NewRtAttr(IPSET_ATTR_PROTOCOL, Uint8Attr(IPSET_PROTOCOL))
- req.AddData(attrProto)
-
- attrSiteName := NewRtAttr(IPSET_ATTR_SETNAME, ZeroTerminated(setName))
- req.AddData(attrSiteName)
+ req.AddData(NewNfGenMsg(syscall.AF_INET, 0, 0))
+ req.AddData(NewRtAttr(IPSET_ATTR_PROTOCOL, Uint8Attr(IPSET_PROTOCOL)))
+ req.AddData(NewRtAttr(IPSET_ATTR_SETNAME, ZeroTerminated(setName)))
attrNested := NewRtAttr(IPSET_ATTR_DATA|NLA_F_NESTED, nil)
attrIP := NewRtAttrChild(attrNested, IPSET_ATTR_IP|NLA_F_NESTED, nil)
@@ -266,7 +248,7 @@ func AddToSet(fd int, lsa syscall.SockaddrNetlink, setName, entry string) {
}
}
-// Get native endianness for the system
+// NativeEndian get native endianness for the system
func NativeEndian() binary.ByteOrder {
if nativeEndian == nil {
var x uint32 = 0x01020304
@@ -289,6 +271,7 @@ type NetlinkRequestData interface {
Serialize() []byte
}
+// NfGenMsg .
type NfGenMsg struct {
nfgenFamily uint8
version uint8
@@ -304,10 +287,12 @@ func NewNfGenMsg(nfgenFamily, version, resID int) *NfGenMsg {
}
}
+// Len .
func (m *NfGenMsg) Len() int {
return rtaAlignOf(4)
}
+// Serialize .
func (m *NfGenMsg) Serialize() []byte {
native := NativeEndian()
@@ -344,6 +329,7 @@ func NewRtAttrChild(parent *RtAttr, attrType int, data []byte) *RtAttr {
return attr
}
+// Len .
func (a *RtAttr) Len() int {
if len(a.children) == 0 {
return (syscall.SizeofRtAttr + len(a.Data))
@@ -385,13 +371,14 @@ func (a *RtAttr) Serialize() []byte {
return buf
}
+// NetlinkRequest .
type NetlinkRequest struct {
syscall.NlMsghdr
Data []NetlinkRequestData
RawData []byte
}
-// Create a new netlink request from proto and flags
+// NewNetlinkRequest create a new netlink request from proto and flags
// Note the Len value will be inaccurate once data is added until
// the message is serialized
func NewNetlinkRequest(proto, flags int) *NetlinkRequest {
From 20273b48bebdd1803ebf44f736f25b16bf0cd99d Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 28 Jun 2018 20:45:24 +0800
Subject: [PATCH 179/341] tls: add experimental tls support
---
ipset_linux.go | 6 ++--
main.go | 1 +
proxy/tls/tls.go | 83 ++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 87 insertions(+), 3 deletions(-)
create mode 100644 proxy/tls/tls.go
diff --git a/ipset_linux.go b/ipset_linux.go
index f0c15b1..aade239 100644
--- a/ipset_linux.go
+++ b/ipset_linux.go
@@ -304,14 +304,14 @@ func (m *NfGenMsg) Serialize() []byte {
return buf
}
-// Extend RtAttr to handle data and children
+// RtAttr Extend RtAttr to handle data and children
type RtAttr struct {
syscall.RtAttr
Data []byte
children []NetlinkRequestData
}
-// Create a new Extended RtAttr object
+// NewRtAttr Create a new Extended RtAttr object
func NewRtAttr(attrType int, data []byte) *RtAttr {
return &RtAttr{
RtAttr: syscall.RtAttr{
@@ -322,7 +322,7 @@ func NewRtAttr(attrType int, data []byte) *RtAttr {
}
}
-// Create a new RtAttr obj anc add it as a child of an existing object
+// NewRtAttrChild Create a new RtAttr obj anc add it as a child of an existing object
func NewRtAttrChild(parent *RtAttr, attrType int, data []byte) *RtAttr {
attr := NewRtAttr(attrType, data)
parent.children = append(parent.children, attr)
diff --git a/main.go b/main.go
index 565e40d..d3a5a0d 100644
--- a/main.go
+++ b/main.go
@@ -18,6 +18,7 @@ import (
_ "github.com/nadoo/glider/proxy/ss"
_ "github.com/nadoo/glider/proxy/ssr"
_ "github.com/nadoo/glider/proxy/tcptun"
+ _ "github.com/nadoo/glider/proxy/tls"
_ "github.com/nadoo/glider/proxy/udptun"
_ "github.com/nadoo/glider/proxy/uottun"
_ "github.com/nadoo/glider/proxy/vmess"
diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go
new file mode 100644
index 0000000..f36e812
--- /dev/null
+++ b/proxy/tls/tls.go
@@ -0,0 +1,83 @@
+package tls
+
+import (
+ stdtls "crypto/tls"
+ "errors"
+ "net"
+ "net/url"
+ "strings"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+// TLS .
+type TLS struct {
+ dialer proxy.Dialer
+ addr string
+
+ serverName string
+}
+
+func init() {
+ proxy.RegisterDialer("tls", NewTLSDialer)
+}
+
+// NewTLS returns a tls proxy.
+func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse url err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+
+ colonPos := strings.LastIndex(addr, ":")
+ if colonPos == -1 {
+ colonPos = len(addr)
+ }
+ serverName := addr[:colonPos]
+
+ p := &TLS{
+ dialer: dialer,
+ addr: addr,
+ serverName: serverName,
+ }
+
+ return p, nil
+}
+
+// NewTLSDialer returns a tls proxy dialer.
+func NewTLSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewTLS(s, dialer)
+}
+
+// Addr returns forwarder's address
+func (s *TLS) Addr() string { return s.addr }
+
+// NextDialer returns the next dialer
+func (s *TLS) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial connects to the address addr on the network net via the proxy.
+func (s *TLS) Dial(network, addr string) (net.Conn, error) {
+ cc, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ log.F("proxy-tls dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ conf := &stdtls.Config{
+ ServerName: s.serverName,
+ //InsecureSkipVerify: true,
+ }
+
+ c := stdtls.Client(cc, conf)
+ err = c.Handshake()
+ return c, err
+}
+
+// DialUDP connects to the given address via the proxy.
+func (s *TLS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ return nil, nil, errors.New("tls client does not support udp now")
+}
From cce6fcf6ef13c59e0ee97cecc89cbeb0adb3577a Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 28 Jun 2018 22:57:34 +0800
Subject: [PATCH 180/341] v2ray: move the stock v2ray-core proxy to v2ray
package
---
main.go | 5 +-
proxy/http/http.go | 2 +-
proxy/v2ray/v2ray.go | 185 +++++++++++++++++++++++++++++++++++++++++++
proxy/vmess/vmess.go | 111 ++------------------------
4 files changed, 194 insertions(+), 109 deletions(-)
create mode 100644 proxy/v2ray/v2ray.go
diff --git a/main.go b/main.go
index d3a5a0d..c9e6496 100644
--- a/main.go
+++ b/main.go
@@ -18,10 +18,11 @@ import (
_ "github.com/nadoo/glider/proxy/ss"
_ "github.com/nadoo/glider/proxy/ssr"
_ "github.com/nadoo/glider/proxy/tcptun"
- _ "github.com/nadoo/glider/proxy/tls"
+ // _ "github.com/nadoo/glider/proxy/tls"
_ "github.com/nadoo/glider/proxy/udptun"
_ "github.com/nadoo/glider/proxy/uottun"
- _ "github.com/nadoo/glider/proxy/vmess"
+ // _ "github.com/nadoo/glider/proxy/v2ray"
+ // _ "github.com/nadoo/glider/proxy/vmess"
)
// VERSION .
diff --git a/proxy/http/http.go b/proxy/http/http.go
index a013518..edf5a5a 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -251,7 +251,7 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
log.F("proxy-http 'CONNECT' method not allowed by proxy %s", s.addr)
}
- return nil, errors.New("proxy-http cound not connect remote address: " + addr + ". error code: " + code)
+ return nil, errors.New("proxy-http can not connect remote address: " + addr + ". error code: " + code)
}
// DialUDP connects to the given address via the proxy.
diff --git a/proxy/v2ray/v2ray.go b/proxy/v2ray/v2ray.go
new file mode 100644
index 0000000..2b58146
--- /dev/null
+++ b/proxy/v2ray/v2ray.go
@@ -0,0 +1,185 @@
+package v2ray
+
+import (
+ "context"
+ "errors"
+ "net"
+ "net/url"
+ "strconv"
+ "strings"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+
+ "v2ray.com/core"
+ "v2ray.com/core/app/dispatcher"
+ "v2ray.com/core/app/proxyman"
+ v2net "v2ray.com/core/common/net"
+ "v2ray.com/core/common/protocol"
+ "v2ray.com/core/common/serial"
+ "v2ray.com/core/proxy/vmess"
+ "v2ray.com/core/proxy/vmess/outbound"
+ "v2ray.com/core/transport/internet"
+ "v2ray.com/core/transport/internet/tls"
+
+ // needed
+ _ "v2ray.com/core/app/proxyman/outbound"
+ _ "v2ray.com/core/transport/internet/tcp"
+)
+
+// V2Ray .
+type V2Ray struct {
+ dialer proxy.Dialer
+ addr string
+
+ uuid string
+ alertID uint32
+
+ outboundSecurity string
+ streamProtocol string
+ streamSecurity string
+
+ config *core.Config
+ instance *core.Instance
+}
+
+func init() {
+ proxy.RegisterDialer("v2ray", NewV2RayDialer)
+}
+
+// NewV2Ray returns a v2ray proxy.
+func NewV2Ray(s string, dialer proxy.Dialer) (*V2Ray, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse url err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+ host := u.Hostname()
+ port, err := strconv.ParseUint(u.Port(), 10, 32)
+ if err != nil {
+ log.F("parse port err: %s", err)
+ return nil, err
+ }
+
+ var uuid, aid string
+ if u.User != nil {
+ uuid = u.User.Username()
+ aid, _ = u.User.Password()
+ }
+
+ alertID, err := strconv.ParseUint(aid, 10, 32)
+ if err != nil {
+ log.F("parse alertID err: %s", err)
+ return nil, err
+ }
+
+ config := &core.Config{
+ App: []*serial.TypedMessage{
+ serial.ToTypedMessage(&dispatcher.Config{}),
+ serial.ToTypedMessage(&proxyman.OutboundConfig{}),
+ },
+ Outbound: []*core.OutboundHandlerConfig{{
+ ProxySettings: serial.ToTypedMessage(&outbound.Config{
+ Receiver: []*protocol.ServerEndpoint{
+ {
+ Address: v2net.NewIPOrDomain(v2net.ParseAddress(host)),
+ Port: uint32(port),
+ User: []*protocol.User{
+ {
+ Account: serial.ToTypedMessage(&vmess.Account{
+ Id: uuid,
+ AlterId: uint32(alertID),
+ SecuritySettings: &protocol.SecurityConfig{
+ Type: protocol.SecurityType_NONE,
+ },
+ }),
+ },
+ },
+ },
+ },
+ }),
+ SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{
+ StreamSettings: &internet.StreamConfig{
+ Protocol: internet.TransportProtocol_TCP,
+ SecurityType: serial.GetMessageType(&tls.Config{}),
+ SecuritySettings: []*serial.TypedMessage{
+ serial.ToTypedMessage(&tls.Config{
+ AllowInsecure: true,
+ }),
+ },
+ },
+ })},
+ },
+ }
+
+ v, err := core.New(config)
+ if err != nil {
+ log.Fatal("Failed to create V: ", err.Error())
+ }
+
+ p := &V2Ray{
+ dialer: dialer,
+ addr: addr,
+
+ uuid: uuid,
+ alertID: uint32(alertID),
+
+ outboundSecurity: "auto",
+ streamProtocol: "tcp",
+ streamSecurity: "tls",
+
+ config: config,
+ instance: v,
+ }
+
+ return p, nil
+}
+
+// NewV2RayDialer returns a v2ray proxy dialer.
+func NewV2RayDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewV2Ray(s, dialer)
+}
+
+// Addr returns forwarder's address
+func (s *V2Ray) Addr() string { return s.addr }
+
+// NextDialer returns the next dialer
+func (s *V2Ray) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial connects to the address addr on the network net via the proxy.
+func (s *V2Ray) Dial(network, addr string) (net.Conn, error) {
+
+ // c, err := s.dialer.Dial("tcp", s.addr)
+
+ d := strings.Split(addr, ":")
+ host, portStr := d[0], d[1]
+ port, err := strconv.ParseUint(portStr, 10, 32)
+ if err != nil {
+ log.F("parse portStr err: %s", err)
+ return nil, err
+ }
+
+ // TODO: does not support upstream dialer now
+ c, err := core.Dial(context.Background(),
+ s.instance,
+ v2net.TCPDestination(v2net.ParseAddress(host), v2net.Port(port)))
+
+ if err != nil {
+ log.F("proxy-v2ray dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ return c, err
+
+}
+
+// DialUDP connects to the given address via the proxy.
+func (s *V2Ray) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ return nil, nil, errors.New("v2ray client does not support udp now")
+}
diff --git a/proxy/vmess/vmess.go b/proxy/vmess/vmess.go
index 524091f..aeea8d2 100644
--- a/proxy/vmess/vmess.go
+++ b/proxy/vmess/vmess.go
@@ -1,30 +1,13 @@
package vmess
import (
- "context"
"errors"
"net"
"net/url"
"strconv"
- "strings"
"github.com/nadoo/glider/common/log"
"github.com/nadoo/glider/proxy"
-
- "v2ray.com/core"
- "v2ray.com/core/app/dispatcher"
- "v2ray.com/core/app/proxyman"
- v2net "v2ray.com/core/common/net"
- "v2ray.com/core/common/protocol"
- "v2ray.com/core/common/serial"
- "v2ray.com/core/proxy/vmess"
- "v2ray.com/core/proxy/vmess/outbound"
- "v2ray.com/core/transport/internet"
- "v2ray.com/core/transport/internet/tls"
-
- // needed
- _ "v2ray.com/core/app/proxyman/outbound"
- _ "v2ray.com/core/transport/internet/tcp"
)
// VMess .
@@ -38,9 +21,6 @@ type VMess struct {
outboundSecurity string
streamProtocol string
streamSecurity string
-
- config *core.Config
- instance *core.Instance
}
func init() {
@@ -56,12 +36,6 @@ func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
}
addr := u.Host
- host := u.Hostname()
- port, err := strconv.ParseUint(u.Port(), 10, 32)
- if err != nil {
- log.F("parse port err: %s", err)
- return nil, err
- }
var uuid, aid string
if u.User != nil {
@@ -75,63 +49,14 @@ func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
return nil, err
}
- config := &core.Config{
- App: []*serial.TypedMessage{
- serial.ToTypedMessage(&dispatcher.Config{}),
- serial.ToTypedMessage(&proxyman.OutboundConfig{}),
- },
- Outbound: []*core.OutboundHandlerConfig{{
- ProxySettings: serial.ToTypedMessage(&outbound.Config{
- Receiver: []*protocol.ServerEndpoint{
- {
- Address: v2net.NewIPOrDomain(v2net.ParseAddress(host)),
- Port: uint32(port),
- User: []*protocol.User{
- {
- Account: serial.ToTypedMessage(&vmess.Account{
- Id: uuid,
- AlterId: uint32(alertID),
- SecuritySettings: &protocol.SecurityConfig{
- Type: protocol.SecurityType_NONE,
- },
- }),
- },
- },
- },
- },
- }),
- SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{
- StreamSettings: &internet.StreamConfig{
- Protocol: internet.TransportProtocol_TCP,
- SecurityType: serial.GetMessageType(&tls.Config{}),
- SecuritySettings: []*serial.TypedMessage{
- serial.ToTypedMessage(&tls.Config{
- AllowInsecure: true,
- }),
- },
- },
- })},
- },
- }
-
- v, err := core.New(config)
- if err != nil {
- log.Fatal("Failed to create V: ", err.Error())
- }
-
p := &VMess{
- dialer: dialer,
- addr: addr,
-
- uuid: uuid,
- alertID: uint32(alertID),
-
+ dialer: dialer,
+ addr: addr,
+ uuid: uuid,
+ alertID: uint32(alertID),
outboundSecurity: "auto",
streamProtocol: "tcp",
streamSecurity: "tls",
-
- config: config,
- instance: v,
}
return p, nil
@@ -150,33 +75,7 @@ func (s *VMess) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDi
// Dial connects to the address addr on the network net via the proxy.
func (s *VMess) Dial(network, addr string) (net.Conn, error) {
-
- // c, err := s.dialer.Dial("tcp", s.addr)
-
- d := strings.Split(addr, ":")
- host, portStr := d[0], d[1]
- port, err := strconv.ParseUint(portStr, 10, 32)
- if err != nil {
- log.F("parse portStr err: %s", err)
- return nil, err
- }
-
- // TODO: does not support upstream dialer now
- c, err := core.Dial(context.Background(),
- s.instance,
- v2net.TCPDestination(v2net.ParseAddress(host), v2net.Port(port)))
-
- if err != nil {
- log.F("proxy-vmess dial to %s error: %s", s.addr, err)
- return nil, err
- }
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- return c, err
-
+ return nil, nil
}
// DialUDP connects to the given address via the proxy.
From 4a72e7900290b9af9fc432ea2e22b0d5f44d1569 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 28 Jun 2018 23:20:04 +0800
Subject: [PATCH 181/341] tls: allow InsecureSkipVerify
---
dns/dns.go | 48 ++++++++++++++++++------------------
main.go | 2 +-
proxy/http/http.go | 24 +++++++++---------
proxy/mixed/mixed.go | 10 ++++----
proxy/redir/redir_linux.go | 14 +++++------
proxy/socks5/packet.go | 2 +-
proxy/socks5/socks5.go | 38 ++++++++++++++--------------
proxy/ss/ss.go | 43 ++++++++++++++++----------------
proxy/ssr/ssr.go | 12 ++++-----
proxy/tcptun/tcptun.go | 2 +-
proxy/tls/tls.go | 6 ++---
proxy/tproxy/tproxy_linux.go | 18 +++++++-------
proxy/udptun/udptun.go | 12 ++++-----
proxy/uottun/uottun.go | 12 ++++-----
proxy/v2ray/v2ray.go | 2 +-
rule.go | 2 +-
strategy.go | 8 +++---
17 files changed, 127 insertions(+), 128 deletions(-)
diff --git a/dns/dns.go b/dns/dns.go
index bb4f71e..86d919f 100644
--- a/dns/dns.go
+++ b/dns/dns.go
@@ -178,25 +178,25 @@ func (s *DNS) ListenAndServe() {
func (s *DNS) ListenAndServeUDP() {
c, err := net.ListenPacket("udp", s.addr)
if err != nil {
- log.F("proxy-dns failed to listen on %s, error: %v", s.addr, err)
+ log.F("[dns] failed to listen on %s, error: %v", s.addr, err)
return
}
defer c.Close()
- log.F("proxy-dns listening UDP on %s", s.addr)
+ log.F("[dns] listening UDP on %s", s.addr)
for {
b := make([]byte, UDPMaxLen)
n, clientAddr, err := c.ReadFrom(b)
if err != nil {
- log.F("proxy-dns local read error: %v", err)
+ log.F("[dns] local read error: %v", err)
continue
}
reqLen := uint16(n)
// TODO: check here
if reqLen <= HeaderLen+2 {
- log.F("proxy-dns not enough data")
+ log.F("[dns] not enough data")
continue
}
@@ -204,13 +204,13 @@ func (s *DNS) ListenAndServeUDP() {
go func() {
_, respMsg, err := s.Exchange(reqLen, reqMsg, clientAddr.String())
if err != nil {
- log.F("proxy-dns error in exchange: %s", err)
+ log.F("[dns] error in exchange: %s", err)
return
}
_, err = c.WriteTo(respMsg, clientAddr)
if err != nil {
- log.F("proxy-dns error in local write: %s", err)
+ log.F("[dns] error in local write: %s", err)
return
}
@@ -222,16 +222,16 @@ func (s *DNS) ListenAndServeUDP() {
func (s *DNS) ListenAndServeTCP() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
- log.F("proxy-dns-tcp error: %v", err)
+ log.F("[dns]-tcp error: %v", err)
return
}
- log.F("proxy-dns-tcp listening TCP on %s", s.addr)
+ log.F("[dns]-tcp listening TCP on %s", s.addr)
for {
c, err := l.Accept()
if err != nil {
- log.F("proxy-dns-tcp error: failed to accept: %v", err)
+ log.F("[dns]-tcp error: failed to accept: %v", err)
continue
}
go s.ServeTCP(c)
@@ -248,35 +248,35 @@ func (s *DNS) ServeTCP(c net.Conn) {
var reqLen uint16
if err := binary.Read(c, binary.BigEndian, &reqLen); err != nil {
- log.F("proxy-dns-tcp failed to get request length: %v", err)
+ log.F("[dns]-tcp failed to get request length: %v", err)
return
}
// TODO: check here
if reqLen <= HeaderLen+2 {
- log.F("proxy-dns-tcp not enough data")
+ log.F("[dns]-tcp not enough data")
return
}
reqMsg := make([]byte, reqLen)
_, err := io.ReadFull(c, reqMsg)
if err != nil {
- log.F("proxy-dns-tcp error in read reqMsg %s", err)
+ log.F("[dns]-tcp error in read reqMsg %s", err)
return
}
respLen, respMsg, err := s.Exchange(reqLen, reqMsg, c.RemoteAddr().String())
if err != nil {
- log.F("proxy-dns-tcp error in exchange: %s", err)
+ log.F("[dns]-tcp error in exchange: %s", err)
return
}
if err := binary.Write(c, binary.BigEndian, respLen); err != nil {
- log.F("proxy-dns-tcp error in local write respLen: %s", err)
+ log.F("[dns]-tcp error in local write respLen: %s", err)
return
}
if err := binary.Write(c, binary.BigEndian, respMsg); err != nil {
- log.F("proxy-dns-tcp error in local write respMsg: %s", err)
+ log.F("[dns]-tcp error in local write respMsg: %s", err)
return
}
}
@@ -287,7 +287,7 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint1
// fmt.Printf("\ndns req len %d:\n%s\n", reqLen, hex.Dump(reqMsg[:]))
query, err := parseQuestion(reqMsg)
if err != nil {
- log.F("proxy-dns error in parseQuestion reqMsg: %s", err)
+ log.F("[dns] error in parseQuestion reqMsg: %s", err)
return
}
@@ -295,29 +295,29 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint1
rc, err := s.dialer.NextDialer(query.QNAME+":53").Dial("tcp", dnsServer)
if err != nil {
- log.F("proxy-dns failed to connect to server %v: %v", dnsServer, err)
+ log.F("[dns] failed to connect to server %v: %v", dnsServer, err)
return
}
defer rc.Close()
if err = binary.Write(rc, binary.BigEndian, reqLen); err != nil {
- log.F("proxy-dns failed to write req length: %v", err)
+ log.F("[dns] failed to write req length: %v", err)
return
}
if err = binary.Write(rc, binary.BigEndian, reqMsg); err != nil {
- log.F("proxy-dns failed to write req message: %v", err)
+ log.F("[dns] failed to write req message: %v", err)
return
}
if err = binary.Read(rc, binary.BigEndian, &respLen); err != nil {
- log.F("proxy-dns failed to read response length: %v", err)
+ log.F("[dns] failed to read response length: %v", err)
return
}
respMsg = make([]byte, respLen)
_, err = io.ReadFull(rc, respMsg)
if err != nil {
- log.F("proxy-dns error in read respMsg %s\n", err)
+ log.F("[dns] error in read respMsg %s\n", err)
return
}
@@ -326,7 +326,7 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint1
var ip string
respReq, err := parseQuestion(respMsg)
if err != nil {
- log.F("proxy-dns error in parseQuestion respMsg: %s", err)
+ log.F("[dns] error in parseQuestion respMsg: %s", err)
return
}
@@ -336,7 +336,7 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint1
var answers []*RR
answers, err = parseAnswers(respMsg[respReq.Offset:])
if err != nil {
- log.F("proxy-dns error in parseAnswers: %s", err)
+ log.F("[dns] error in parseAnswers: %s", err)
return
}
@@ -352,7 +352,7 @@ func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint1
}
- log.F("proxy-dns %s <-> %s, type: %d, %s: %s", addr, dnsServer, query.QTYPE, query.QNAME, ip)
+ log.F("[dns] %s <-> %s, type: %d, %s: %s", addr, dnsServer, query.QTYPE, query.QNAME, ip)
return
}
diff --git a/main.go b/main.go
index c9e6496..d315207 100644
--- a/main.go
+++ b/main.go
@@ -18,7 +18,7 @@ import (
_ "github.com/nadoo/glider/proxy/ss"
_ "github.com/nadoo/glider/proxy/ssr"
_ "github.com/nadoo/glider/proxy/tcptun"
- // _ "github.com/nadoo/glider/proxy/tls"
+ _ "github.com/nadoo/glider/proxy/tls"
_ "github.com/nadoo/glider/proxy/udptun"
_ "github.com/nadoo/glider/proxy/uottun"
// _ "github.com/nadoo/glider/proxy/v2ray"
diff --git a/proxy/http/http.go b/proxy/http/http.go
index edf5a5a..06e31ff 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -83,7 +83,7 @@ func (s *HTTP) ListenAndServe() {
for {
c, err := l.Accept()
if err != nil {
- log.F("proxy-http failed to accept: %v", err)
+ log.F("[http] failed to accept: %v", err)
continue
}
@@ -123,7 +123,7 @@ func (s *HTTP) Serve(c net.Conn) {
url, err := url.ParseRequestURI(requestURI)
if err != nil {
- log.F("proxy-http parse request url error: %s", err)
+ log.F("[http] parse request url error: %s", err)
return
}
@@ -135,7 +135,7 @@ func (s *HTTP) Serve(c net.Conn) {
rc, err := s.dialer.Dial("tcp", tgt)
if err != nil {
fmt.Fprintf(c, "%s 502 ERROR\r\n\r\n", proto)
- log.F("proxy-http failed to dial: %v", err)
+ log.F("[http] failed to dial: %v", err)
return
}
defer rc.Close()
@@ -171,7 +171,7 @@ func (s *HTTP) Serve(c net.Conn) {
respHeader, err := respTP.ReadMIMEHeader()
if err != nil {
- log.F("proxy-http read header error:%s", err)
+ log.F("[http] read header error:%s", err)
return
}
@@ -182,7 +182,7 @@ func (s *HTTP) Serve(c net.Conn) {
writeFirstLine(proto, code, status, &respBuf)
writeHeaders(respHeader, &respBuf)
- log.F("proxy-http %s <-> %s", c.RemoteAddr(), tgt)
+ log.F("[http] %s <-> %s", c.RemoteAddr(), tgt)
c.Write(respBuf.Bytes())
io.Copy(c, respR)
@@ -194,13 +194,13 @@ func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
if err != nil {
c.Write([]byte(proto))
c.Write([]byte(" 502 ERROR\r\n\r\n"))
- log.F("proxy-http failed to dial: %v", err)
+ log.F("[http] failed to dial: %v", err)
return
}
c.Write([]byte("HTTP/1.0 200 Connection established\r\n\r\n"))
- log.F("proxy-http %s <-> %s [c]", c.RemoteAddr(), requestURI)
+ log.F("[http] %s <-> %s [c]", c.RemoteAddr(), requestURI)
_, _, err = conn.Relay(c, rc)
if err != nil {
@@ -221,7 +221,7 @@ func (s *HTTP) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDia
func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
rc, err := s.dialer.Dial(network, s.addr)
if err != nil {
- log.F("proxy-http dial to %s error: %s", s.addr, err)
+ log.F("[http] dial to %s error: %s", s.addr, err)
return nil, err
}
@@ -246,12 +246,12 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
if ok && code == "200" {
return rc, err
} else if code == "407" {
- log.F("proxy-http authencation needed by proxy %s", s.addr)
+ log.F("[http] authencation needed by proxy %s", s.addr)
} else if code == "405" {
- log.F("proxy-http 'CONNECT' method not allowed by proxy %s", s.addr)
+ log.F("[http] 'CONNECT' method not allowed by proxy %s", s.addr)
}
- return nil, errors.New("proxy-http can not connect remote address: " + addr + ". error code: " + code)
+ return nil, errors.New("[http] can not connect remote address: " + addr + ". error code: " + code)
}
// DialUDP connects to the given address via the proxy.
@@ -264,7 +264,7 @@ func parseFirstLine(tp *textproto.Reader) (r1, r2, r3 string, ok bool) {
line, err := tp.ReadLine()
// log.F("first line: %s", line)
if err != nil {
- log.F("proxy-http read first line error:%s", err)
+ log.F("[http] read first line error:%s", err)
return
}
diff --git a/proxy/mixed/mixed.go b/proxy/mixed/mixed.go
index f6f17d8..5780d8b 100644
--- a/proxy/mixed/mixed.go
+++ b/proxy/mixed/mixed.go
@@ -68,16 +68,16 @@ func (p *MixedProxy) ListenAndServe() {
l, err := net.Listen("tcp", p.addr)
if err != nil {
- log.F("proxy-mixed failed to listen on %s: %v", p.addr, err)
+ log.F("[mixed] failed to listen on %s: %v", p.addr, err)
return
}
- log.F("proxy-mixed listening TCP on %s", p.addr)
+ log.F("[mixed] listening TCP on %s", p.addr)
for {
c, err := l.Accept()
if err != nil {
- log.F("proxy-mixed failed to accept: %v", err)
+ log.F("[mixed] failed to accept: %v", err)
continue
}
@@ -98,7 +98,7 @@ func (p *MixedProxy) Serve(c net.Conn) {
if p.socks5 != nil {
head, err := cc.Peek(1)
if err != nil {
- log.F("proxy-mixed peek error: %s", err)
+ log.F("[mixed] peek error: %s", err)
return
}
@@ -112,7 +112,7 @@ func (p *MixedProxy) Serve(c net.Conn) {
if p.http != nil {
head, err := cc.Peek(8)
if err != nil {
- log.F("proxy-mixed peek error: %s", err)
+ log.F("[mixed] peek error: %s", err)
return
}
diff --git a/proxy/redir/redir_linux.go b/proxy/redir/redir_linux.go
index a0e971a..d1da12b 100644
--- a/proxy/redir/redir_linux.go
+++ b/proxy/redir/redir_linux.go
@@ -59,16 +59,16 @@ func NewRedirServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
func (s *RedirProxy) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
- log.F("proxy-redir failed to listen on %s: %v", s.addr, err)
+ log.F("[redir] failed to listen on %s: %v", s.addr, err)
return
}
- log.F("proxy-redir listening TCP on %s", s.addr)
+ log.F("[redir] listening TCP on %s", s.addr)
for {
c, err := l.Accept()
if err != nil {
- log.F("proxy-redir failed to accept: %v", err)
+ log.F("[redir] failed to accept: %v", err)
continue
}
@@ -81,25 +81,25 @@ func (s *RedirProxy) ListenAndServe() {
tgt, err := getOrigDst(c, false)
if err != nil {
- log.F("proxy-redir failed to get target address: %v", err)
+ log.F("[redir] failed to get target address: %v", err)
return
}
rc, err := s.dialer.Dial("tcp", tgt.String())
if err != nil {
- log.F("proxy-redir failed to connect to target: %v", err)
+ log.F("[redir] failed to connect to target: %v", err)
return
}
defer rc.Close()
- log.F("proxy-redir %s <-> %s", c.RemoteAddr(), tgt)
+ log.F("[redir] %s <-> %s", c.RemoteAddr(), tgt)
_, _, err = conn.Relay(c, rc)
if err != nil {
if err, ok := err.(net.Error); ok && err.Timeout() {
return // ignore i/o timeout
}
- log.F("proxy-redir relay error: %v", err)
+ log.F("[redir] relay error: %v", err)
}
}()
diff --git a/proxy/socks5/packet.go b/proxy/socks5/packet.go
index 289323c..665a6c4 100644
--- a/proxy/socks5/packet.go
+++ b/proxy/socks5/packet.go
@@ -36,7 +36,7 @@ func NewPktConn(c net.PacketConn, writeAddr net.Addr, tgtAddr socks.Addr, tgtHea
if err, ok := err.(net.Error); ok && err.Timeout() {
continue
}
- log.F("proxy-socks5 dialudp udp associate end")
+ log.F("[socks5] dialudp udp associate end")
return
}
}()
diff --git a/proxy/socks5/socks5.go b/proxy/socks5/socks5.go
index 2e9c784..95b0836 100644
--- a/proxy/socks5/socks5.go
+++ b/proxy/socks5/socks5.go
@@ -88,16 +88,16 @@ func (s *SOCKS5) ListenAndServe() {
func (s *SOCKS5) ListenAndServeTCP() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
- log.F("proxy-socks5 failed to listen on %s: %v", s.addr, err)
+ log.F("[socks5] failed to listen on %s: %v", s.addr, err)
return
}
- log.F("proxy-socks5 listening TCP on %s", s.addr)
+ log.F("[socks5] listening TCP on %s", s.addr)
for {
c, err := l.Accept()
if err != nil {
- log.F("proxy-socks5 failed to accept: %v", err)
+ log.F("[socks5] failed to accept: %v", err)
continue
}
@@ -124,30 +124,30 @@ func (s *SOCKS5) ServeTCP(c net.Conn) {
if err, ok := err.(net.Error); ok && err.Timeout() {
continue
}
- // log.F("proxy-socks5 servetcp udp associate end")
+ // log.F("[socks5] servetcp udp associate end")
return
}
}
- log.F("proxy-socks5 failed to get target address: %v", err)
+ log.F("[socks5] failed to get target address: %v", err)
return
}
rc, err := s.dialer.Dial("tcp", tgt.String())
if err != nil {
- log.F("proxy-socks5 failed to connect to target: %v", err)
+ log.F("[socks5] failed to connect to target: %v", err)
return
}
defer rc.Close()
- log.F("proxy-socks5 %s <-> %s", c.RemoteAddr(), tgt)
+ log.F("[socks5] %s <-> %s", c.RemoteAddr(), tgt)
_, _, err = conn.Relay(c, rc)
if err != nil {
if err, ok := err.(net.Error); ok && err.Timeout() {
return // ignore i/o timeout
}
- log.F("proxy-socks5 relay error: %v", err)
+ log.F("[socks5] relay error: %v", err)
}
}
@@ -155,12 +155,12 @@ func (s *SOCKS5) ServeTCP(c net.Conn) {
func (s *SOCKS5) ListenAndServeUDP() {
lc, err := net.ListenPacket("udp", s.addr)
if err != nil {
- log.F("proxy-socks5-udp failed to listen on %s: %v", s.addr, err)
+ log.F("[socks5-udp] failed to listen on %s: %v", s.addr, err)
return
}
defer lc.Close()
- log.F("proxy-socks5-udp listening UDP on %s", s.addr)
+ log.F("[socks5-udp] listening UDP on %s", s.addr)
var nm sync.Map
buf := make([]byte, conn.UDPBufSize)
@@ -170,7 +170,7 @@ func (s *SOCKS5) ListenAndServeUDP() {
n, raddr, err := c.ReadFrom(buf)
if err != nil {
- log.F("proxy-socks5-udp remote read error: %v", err)
+ log.F("[socks5-udp] remote read error: %v", err)
continue
}
@@ -178,13 +178,13 @@ func (s *SOCKS5) ListenAndServeUDP() {
v, ok := nm.Load(raddr.String())
if !ok && v == nil {
if c.tgtAddr == nil {
- log.F("proxy-socks5-udp can not get target address, not a valid request")
+ log.F("[socks5-udp] can not get target address, not a valid request")
continue
}
lpc, nextHop, err := s.dialer.DialUDP("udp", c.tgtAddr.String())
if err != nil {
- log.F("proxy-socks5-udp remote dial error: %v", err)
+ log.F("[socks5-udp] remote dial error: %v", err)
continue
}
@@ -203,11 +203,11 @@ func (s *SOCKS5) ListenAndServeUDP() {
_, err = pc.WriteTo(buf[:n], pc.writeAddr)
if err != nil {
- log.F("proxy-socks5-udp remote write error: %v", err)
+ log.F("[socks5-udp] remote write error: %v", err)
continue
}
- log.F("proxy-socks5-udp %s <-> %s", raddr, c.tgtAddr)
+ log.F("[socks5-udp] %s <-> %s", raddr, c.tgtAddr)
}
}
@@ -223,7 +223,7 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
switch network {
case "tcp", "tcp6", "tcp4":
default:
- return nil, errors.New("proxy-socks5: no support for connection type " + network)
+ return nil, errors.New("[socks5]: no support for connection type " + network)
}
c, err := s.dialer.Dial(network, s.addr)
@@ -248,7 +248,7 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
c, err := s.dialer.Dial("tcp", s.addr)
if err != nil {
- log.F("proxy-socks5 dialudp dial tcp to %s error: %s", s.addr, err)
+ log.F("[socks5] dialudp dial tcp to %s error: %s", s.addr, err)
return nil, nil, err
}
@@ -276,7 +276,7 @@ func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.A
rep := buf[1]
if rep != 0 {
- log.F("proxy-socks5 server reply: %d, not succeeded", rep)
+ log.F("[socks5] server reply: %d, not succeeded", rep)
return nil, nil, errors.New("server connect failed")
}
@@ -287,7 +287,7 @@ func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.A
pc, nextHop, err := s.dialer.DialUDP(network, uAddr.String())
if err != nil {
- log.F("proxy-socks5 dialudp to %s error: %s", uAddr.String(), err)
+ log.F("[socks5] dialudp to %s error: %s", uAddr.String(), err)
return nil, nil, err
}
diff --git a/proxy/ss/ss.go b/proxy/ss/ss.go
index 0df4f46..145baec 100644
--- a/proxy/ss/ss.go
+++ b/proxy/ss/ss.go
@@ -46,7 +46,7 @@ func NewSS(s string, dialer proxy.Dialer) (*SS, error) {
ciph, err := core.PickCipher(method, nil, pass)
if err != nil {
- log.Fatalf("proxy-ss PickCipher for '%s', error: %s", method, err)
+ log.Fatalf("[ss] PickCipher for '%s', error: %s", method, err)
}
p := &SS{
@@ -78,16 +78,16 @@ func (s *SS) ListenAndServe() {
func (s *SS) ListenAndServeTCP() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
- log.F("proxy-ss failed to listen on %s: %v", s.addr, err)
+ log.F("[ss] failed to listen on %s: %v", s.addr, err)
return
}
- log.F("proxy-ss listening TCP on %s", s.addr)
+ log.F("[ss] listening TCP on %s", s.addr)
for {
c, err := l.Accept()
if err != nil {
- log.F("proxy-ss failed to accept: %v", err)
+ log.F("[ss] failed to accept: %v", err)
continue
}
go s.ServeTCP(c)
@@ -106,7 +106,7 @@ func (s *SS) ServeTCP(c net.Conn) {
tgt, err := socks.ReadAddr(c)
if err != nil {
- log.F("proxy-ss failed to get target address: %v", err)
+ log.F("[ss] failed to get target address: %v", err)
return
}
@@ -115,17 +115,16 @@ func (s *SS) ServeTCP(c net.Conn) {
// udp over tcp?
uot := socks.UoT(tgt[0])
if uot && dialer.Addr() == "DIRECT" {
-
rc, err := net.ListenPacket("udp", "")
if err != nil {
- log.F("proxy-ss UDP remote listen error: %v", err)
+ log.F("[ss-uottun] UDP remote listen error: %v", err)
}
defer rc.Close()
req := make([]byte, conn.UDPBufSize)
n, err := c.Read(req)
if err != nil {
- log.F("proxy-ss error in ioutil.ReadAll: %s\n", err)
+ log.F("[ss-uottun] error in ioutil.ReadAll: %s\n", err)
return
}
@@ -135,12 +134,12 @@ func (s *SS) ServeTCP(c net.Conn) {
buf := make([]byte, conn.UDPBufSize)
n, _, err = rc.ReadFrom(buf)
if err != nil {
- log.F("proxy-uottun read error: %v", err)
+ log.F("[ss-uottun] read error: %v", err)
}
c.Write(buf[:n])
- log.F("proxy-ss %s <-tcp-> %s - %s <-udp-> %s ", c.RemoteAddr(), c.LocalAddr(), rc.LocalAddr(), tgt)
+ log.F("[ss] %s <-tcp-> %s - %s <-udp-> %s ", c.RemoteAddr(), c.LocalAddr(), rc.LocalAddr(), tgt)
return
}
@@ -152,19 +151,19 @@ func (s *SS) ServeTCP(c net.Conn) {
rc, err := dialer.Dial(network, tgt.String())
if err != nil {
- log.F("proxy-ss failed to connect to target: %v", err)
+ log.F("[ss] failed to connect to target: %v", err)
return
}
defer rc.Close()
- log.F("proxy-ss %s <-> %s", c.RemoteAddr(), tgt)
+ log.F("[ss] %s <-> %s", c.RemoteAddr(), tgt)
_, _, err = conn.Relay(c, rc)
if err != nil {
if err, ok := err.(net.Error); ok && err.Timeout() {
return // ignore i/o timeout
}
- log.F("proxy-ss relay error: %v", err)
+ log.F("[ss] relay error: %v", err)
}
}
@@ -173,14 +172,14 @@ func (s *SS) ServeTCP(c net.Conn) {
func (s *SS) ListenAndServeUDP() {
lc, err := net.ListenPacket("udp", s.addr)
if err != nil {
- log.F("proxy-ss-udp failed to listen on %s: %v", s.addr, err)
+ log.F("[ss-udp] failed to listen on %s: %v", s.addr, err)
return
}
defer lc.Close()
lc = s.PacketConn(lc)
- log.F("proxy-ss-udp listening UDP on %s", s.addr)
+ log.F("[ss-udp] listening UDP on %s", s.addr)
var nm sync.Map
buf := make([]byte, conn.UDPBufSize)
@@ -190,7 +189,7 @@ func (s *SS) ListenAndServeUDP() {
n, raddr, err := c.ReadFrom(buf)
if err != nil {
- log.F("proxy-ss-udp remote read error: %v", err)
+ log.F("[ss-udp] remote read error: %v", err)
continue
}
@@ -199,7 +198,7 @@ func (s *SS) ListenAndServeUDP() {
if !ok && v == nil {
lpc, nextHop, err := s.dialer.DialUDP("udp", c.tgtAddr.String())
if err != nil {
- log.F("proxy-ss-udp remote dial error: %v", err)
+ log.F("[ss-udp] remote dial error: %v", err)
continue
}
@@ -218,11 +217,11 @@ func (s *SS) ListenAndServeUDP() {
_, err = pc.WriteTo(buf[:n], pc.writeAddr)
if err != nil {
- log.F("proxy-ss-udp remote write error: %v", err)
+ log.F("[ss-udp] remote write error: %v", err)
continue
}
- log.F("proxy-ss-udp %s <-> %s", raddr, c.tgtAddr)
+ log.F("[ss-udp] %s <-> %s", raddr, c.tgtAddr)
}
}
@@ -241,7 +240,7 @@ func (s *SS) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDiale
func (s *SS) Dial(network, addr string) (net.Conn, error) {
target := socks.ParseAddr(addr)
if target == nil {
- return nil, errors.New("proxy-ss unable to parse address: " + addr)
+ return nil, errors.New("[ss] unable to parse address: " + addr)
}
if network == "uot" {
@@ -250,7 +249,7 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
c, err := s.dialer.Dial("tcp", s.addr)
if err != nil {
- log.F("proxy-ss dial to %s error: %s", s.addr, err)
+ log.F("[ss] dial to %s error: %s", s.addr, err)
return nil, err
}
@@ -272,7 +271,7 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
func (s *SS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
pc, nextHop, err := s.dialer.DialUDP(network, s.addr)
if err != nil {
- log.F("proxy-ss dialudp to %s error: %s", s.addr, err)
+ log.F("[ss] dialudp to %s error: %s", s.addr, err)
return nil, nil, err
}
diff --git a/proxy/ssr/ssr.go b/proxy/ssr/ssr.go
index 6f9b7b7..887746c 100644
--- a/proxy/ssr/ssr.go
+++ b/proxy/ssr/ssr.go
@@ -90,7 +90,7 @@ func (s *SSR) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDial
func (s *SSR) Dial(network, addr string) (net.Conn, error) {
target := socks.ParseAddr(addr)
if target == nil {
- return nil, errors.New("proxy-ssr unable to parse address: " + addr)
+ return nil, errors.New("[ssr] unable to parse address: " + addr)
}
cipher, err := shadowsocksr.NewStreamCipher(s.EncryptMethod, s.EncryptPassword)
@@ -100,7 +100,7 @@ func (s *SSR) Dial(network, addr string) (net.Conn, error) {
c, err := s.dialer.Dial("tcp", s.addr)
if err != nil {
- log.F("proxy-ssr dial to %s error: %s", s.addr, err)
+ log.F("[ssr] dial to %s error: %s", s.addr, err)
return nil, err
}
@@ -110,7 +110,7 @@ func (s *SSR) Dial(network, addr string) (net.Conn, error) {
ssrconn := shadowsocksr.NewSSTCPConn(c, cipher)
if ssrconn.Conn == nil || ssrconn.RemoteAddr() == nil {
- return nil, errors.New("proxy-ssr nil connection")
+ return nil, errors.New("[ssr] nil connection")
}
// should initialize obfs/protocol now
@@ -119,7 +119,7 @@ func (s *SSR) Dial(network, addr string) (net.Conn, error) {
ssrconn.IObfs = obfs.NewObfs(s.Obfs)
if ssrconn.IObfs == nil {
- return nil, errors.New("proxy-ssr unsupported obfs type: " + s.Obfs)
+ return nil, errors.New("[ssr] unsupported obfs type: " + s.Obfs)
}
obfsServerInfo := &ssr.ServerInfoForObfs{
@@ -132,7 +132,7 @@ func (s *SSR) Dial(network, addr string) (net.Conn, error) {
ssrconn.IProtocol = protocol.NewProtocol(s.Protocol)
if ssrconn.IProtocol == nil {
- return nil, errors.New("proxy-ssr unsupported protocol type: " + s.Protocol)
+ return nil, errors.New("[ssr] unsupported protocol type: " + s.Protocol)
}
protocolServerInfo := &ssr.ServerInfoForObfs{
@@ -163,5 +163,5 @@ func (s *SSR) Dial(network, addr string) (net.Conn, error) {
// DialUDP connects to the given address via the proxy.
func (s *SSR) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- return nil, nil, errors.New("proxy-ssr udp not supported now")
+ return nil, nil, errors.New("[ssr] udp not supported now")
}
diff --git a/proxy/tcptun/tcptun.go b/proxy/tcptun/tcptun.go
index f212219..2f2a6c7 100644
--- a/proxy/tcptun/tcptun.go
+++ b/proxy/tcptun/tcptun.go
@@ -79,7 +79,7 @@ func (s *TCPTun) ListenAndServe() {
}
defer rc.Close()
- log.F("proxy-tcptun %s <-> %s", c.RemoteAddr(), s.raddr)
+ log.F("[tcptun] %s <-> %s", c.RemoteAddr(), s.raddr)
_, _, err = conn.Relay(c, rc)
if err != nil {
diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go
index f36e812..ae3c9ac 100644
--- a/proxy/tls/tls.go
+++ b/proxy/tls/tls.go
@@ -63,13 +63,13 @@ func (s *TLS) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDial
func (s *TLS) Dial(network, addr string) (net.Conn, error) {
cc, err := s.dialer.Dial("tcp", s.addr)
if err != nil {
- log.F("proxy-tls dial to %s error: %s", s.addr, err)
+ log.F("[tls] dial to %s error: %s", s.addr, err)
return nil, err
}
conf := &stdtls.Config{
- ServerName: s.serverName,
- //InsecureSkipVerify: true,
+ ServerName: s.serverName,
+ InsecureSkipVerify: true,
}
c := stdtls.Client(cc, conf)
diff --git a/proxy/tproxy/tproxy_linux.go b/proxy/tproxy/tproxy_linux.go
index d4a4595..6398eb4 100644
--- a/proxy/tproxy/tproxy_linux.go
+++ b/proxy/tproxy/tproxy_linux.go
@@ -58,26 +58,26 @@ func (s *TProxy) ListenAndServe() {
// ListenAndServeTCP .
func (s *TProxy) ListenAndServeTCP() {
- log.F("proxy-tproxy tcp mode not supported now, please use 'redir' instead")
+ log.F("[tproxy] tcp mode not supported now, please use 'redir' instead")
}
// ListenAndServeUDP .
func (s *TProxy) ListenAndServeUDP() {
laddr, err := net.ResolveUDPAddr("udp", s.addr)
if err != nil {
- log.F("proxy-tproxy failed to resolve addr %s: %v", s.addr, err)
+ log.F("[tproxy] failed to resolve addr %s: %v", s.addr, err)
return
}
lc, err := net.ListenUDP("udp", laddr)
if err != nil {
- log.F("proxy-tproxy failed to listen on %s: %v", s.addr, err)
+ log.F("[tproxy] failed to listen on %s: %v", s.addr, err)
return
}
fd, err := lc.File()
if err != nil {
- log.F("proxy-tproxy failed to get file descriptor: %v", err)
+ log.F("[tproxy] failed to get file descriptor: %v", err)
return
}
defer fd.Close()
@@ -85,13 +85,13 @@ func (s *TProxy) ListenAndServeUDP() {
fileDescriptor := int(fd.Fd())
if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_IP, syscall.IP_TRANSPARENT, 1); err != nil {
syscall.Close(fileDescriptor)
- log.F("proxy-tproxy failed to set socket option IP_TRANSPARENT: %v", err)
+ log.F("[tproxy] failed to set socket option IP_TRANSPARENT: %v", err)
return
}
if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_IP, syscall.IP_RECVORIGDSTADDR, 1); err != nil {
syscall.Close(fileDescriptor)
- log.F("proxy-tproxy failed to set socket option IP_RECVORIGDSTADDR: %v", err)
+ log.F("[tproxy] failed to set socket option IP_RECVORIGDSTADDR: %v", err)
return
}
@@ -100,15 +100,15 @@ func (s *TProxy) ListenAndServeUDP() {
_, srcAddr, dstAddr, err := ReadFromUDP(lc, buf)
if err != nil {
if netErr, ok := err.(net.Error); ok && netErr.Temporary() {
- log.F("proxy-tproxy temporary reading data error: %s", netErr)
+ log.F("[tproxy] temporary reading data error: %s", netErr)
continue
}
- log.F("proxy-tproxy Unrecoverable error while reading data: %s", err)
+ log.F("[tproxy] Unrecoverable error while reading data: %s", err)
continue
}
- log.F("proxy-tproxy Accepting UDP connection from %s with destination of %s", srcAddr.String(), dstAddr.String())
+ log.F("[tproxy] Accepting UDP connection from %s with destination of %s", srcAddr.String(), dstAddr.String())
}
diff --git a/proxy/udptun/udptun.go b/proxy/udptun/udptun.go
index 36c15de..8fb72ff 100644
--- a/proxy/udptun/udptun.go
+++ b/proxy/udptun/udptun.go
@@ -53,12 +53,12 @@ func NewUDPTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
func (s *UDPTun) ListenAndServe() {
c, err := net.ListenPacket("udp", s.addr)
if err != nil {
- log.F("proxy-udptun failed to listen on %s: %v", s.addr, err)
+ log.F("[udptun] failed to listen on %s: %v", s.addr, err)
return
}
defer c.Close()
- log.F("proxy-udptun listening UDP on %s", s.addr)
+ log.F("[udptun] listening UDP on %s", s.addr)
var nm sync.Map
buf := make([]byte, conn.UDPBufSize)
@@ -66,7 +66,7 @@ func (s *UDPTun) ListenAndServe() {
for {
n, raddr, err := c.ReadFrom(buf)
if err != nil {
- log.F("proxy-udptun read error: %v", err)
+ log.F("[udptun] read error: %v", err)
continue
}
@@ -78,7 +78,7 @@ func (s *UDPTun) ListenAndServe() {
pc, writeAddr, err = s.dialer.DialUDP("udp", s.raddr)
if err != nil {
- log.F("proxy-udptun remote dial error: %v", err)
+ log.F("[udptun] remote dial error: %v", err)
continue
}
@@ -96,11 +96,11 @@ func (s *UDPTun) ListenAndServe() {
_, err = pc.WriteTo(buf[:n], writeAddr)
if err != nil {
- log.F("proxy-udptun remote write error: %v", err)
+ log.F("[udptun] remote write error: %v", err)
continue
}
- log.F("proxy-udptun %s <-> %s", raddr, s.raddr)
+ log.F("[udptun] %s <-> %s", raddr, s.raddr)
}
}
diff --git a/proxy/uottun/uottun.go b/proxy/uottun/uottun.go
index b082a86..f43418c 100644
--- a/proxy/uottun/uottun.go
+++ b/proxy/uottun/uottun.go
@@ -53,25 +53,25 @@ func NewUoTTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
func (s *UoTTun) ListenAndServe() {
c, err := net.ListenPacket("udp", s.addr)
if err != nil {
- log.F("proxy-uottun failed to listen on %s: %v", s.addr, err)
+ log.F("[uottun] failed to listen on %s: %v", s.addr, err)
return
}
defer c.Close()
- log.F("proxy-uottun listening UDP on %s", s.addr)
+ log.F("[uottun] listening UDP on %s", s.addr)
buf := make([]byte, conn.UDPBufSize)
for {
n, clientAddr, err := c.ReadFrom(buf)
if err != nil {
- log.F("proxy-uottun read error: %v", err)
+ log.F("[uottun] read error: %v", err)
continue
}
rc, err := s.dialer.Dial("uot", s.raddr)
if err != nil {
- log.F("proxy-uottun failed to connect to server %v: %v", s.raddr, err)
+ log.F("[uottun] failed to connect to server %v: %v", s.raddr, err)
continue
}
@@ -95,10 +95,10 @@ func (s *UoTTun) ListenAndServe() {
_, err = rc.Write(buf[:n])
if err != nil {
- log.F("proxy-uottun remote write error: %v", err)
+ log.F("[uottun] remote write error: %v", err)
continue
}
- log.F("proxy-uottun %s <-> %s", clientAddr, s.raddr)
+ log.F("[uottun] %s <-> %s", clientAddr, s.raddr)
}
}
diff --git a/proxy/v2ray/v2ray.go b/proxy/v2ray/v2ray.go
index 2b58146..f0f36b1 100644
--- a/proxy/v2ray/v2ray.go
+++ b/proxy/v2ray/v2ray.go
@@ -167,7 +167,7 @@ func (s *V2Ray) Dial(network, addr string) (net.Conn, error) {
v2net.TCPDestination(v2net.ParseAddress(host), v2net.Port(port)))
if err != nil {
- log.F("proxy-v2ray dial to %s error: %s", s.addr, err)
+ log.F("[v2ray] dial to %s error: %s", s.addr, err)
return nil, err
}
diff --git a/rule.go b/rule.go
index c837140..f45e237 100644
--- a/rule.go
+++ b/rule.go
@@ -65,7 +65,7 @@ func (rd *RuleDialer) NextDialer(dstAddr string) proxy.Dialer {
host, _, err := net.SplitHostPort(dstAddr)
if err != nil {
// TODO: check here
- // logf("proxy-rule SplitHostPort ERROR: %s", err)
+ // logf("[rule] SplitHostPort ERROR: %s", err)
return rd.gDialer
}
diff --git a/strategy.go b/strategy.go
index a04d1f5..3324d85 100644
--- a/strategy.go
+++ b/strategy.go
@@ -120,7 +120,7 @@ func (rr *rrDialer) checkDialer(idx int) {
c, err := d.Dial("tcp", rr.website)
if err != nil {
rr.status.Store(idx, false)
- log.F("proxy-check %s -> %s, set to DISABLED. error in dial: %s", d.Addr(), rr.website, err)
+ log.F("[check] %s -> %s, set to DISABLED. error in dial: %s", d.Addr(), rr.website, err)
continue
}
@@ -129,15 +129,15 @@ func (rr *rrDialer) checkDialer(idx int) {
_, err = io.ReadFull(c, buf)
if err != nil {
rr.status.Store(idx, false)
- log.F("proxy-check %s -> %s, set to DISABLED. error in read: %s", d.Addr(), rr.website, err)
+ log.F("[check] %s -> %s, set to DISABLED. error in read: %s", d.Addr(), rr.website, err)
} else if bytes.Equal([]byte("HTTP"), buf) {
rr.status.Store(idx, true)
retry = 2
dialTime := time.Since(startTime)
- log.F("proxy-check %s -> %s, set to ENABLED. connect time: %s", d.Addr(), rr.website, dialTime.String())
+ log.F("[check] %s -> %s, set to ENABLED. connect time: %s", d.Addr(), rr.website, dialTime.String())
} else {
rr.status.Store(idx, false)
- log.F("proxy-check %s -> %s, set to DISABLED. server response: %s", d.Addr(), rr.website, buf)
+ log.F("[check] %s -> %s, set to DISABLED. server response: %s", d.Addr(), rr.website, buf)
}
c.Close()
From 385f5d779067269b996653b3a17de3963b242ddc Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 3 Jul 2018 00:31:43 +0800
Subject: [PATCH 182/341] vmess: worked in SecTypeNone mode
---
README.md | 1 +
common/socks/socks.go | 34 +++---
main.go | 3 +-
proxy/redir/redir_linux.go | 4 +-
proxy/socks5/socks5.go | 12 +--
proxy/v2ray/v2ray.go | 185 --------------------------------
proxy/vmess/addr.go | 61 +++++++++++
proxy/vmess/client.go | 214 +++++++++++++++++++++++++++++++++++++
proxy/vmess/user.go | 37 +++++++
proxy/vmess/vmess.go | 49 ++++++---
10 files changed, 372 insertions(+), 228 deletions(-)
delete mode 100644 proxy/v2ray/v2ray.go
create mode 100644 proxy/vmess/addr.go
create mode 100644 proxy/vmess/client.go
create mode 100644 proxy/vmess/user.go
diff --git a/README.md b/README.md
index 7019b8d..6f2782e 100644
--- a/README.md
+++ b/README.md
@@ -52,6 +52,7 @@ General:
TODO:
- [ ] Transparent UDP proxy (iptables tproxy)
- [ ] DNS Cache
+- [ ] Performance tuning
- [ ] TUN/TAP device support
- [ ] IPv6 support
- [ ] SSH tunnel support
diff --git a/common/socks/socks.go b/common/socks/socks.go
index 7532402..d5a5ec1 100644
--- a/common/socks/socks.go
+++ b/common/socks/socks.go
@@ -22,9 +22,9 @@ const (
// SOCKS address types as defined in RFC 1928 section 5.
const (
- ATypeIP4 = 1
- ATypeDomain = 3
- ATypeIP6 = 4
+ ATypIP4 = 1
+ ATypDomain = 3
+ ATypIP6 = 4
)
// MaxAddrLen is the maximum size of SOCKS address in bytes.
@@ -52,13 +52,13 @@ func (a Addr) String() string {
var host, port string
switch ATYP(a[0]) { // address type
- case ATypeDomain:
+ case ATypDomain:
host = string(a[2 : 2+int(a[1])])
port = strconv.Itoa((int(a[2+int(a[1])]) << 8) | int(a[2+int(a[1])+1]))
- case ATypeIP4:
+ case ATypIP4:
host = net.IP(a[1 : 1+net.IPv4len]).String()
port = strconv.Itoa((int(a[1+net.IPv4len]) << 8) | int(a[1+net.IPv4len+1]))
- case ATypeIP6:
+ case ATypIP6:
host = net.IP(a[1 : 1+net.IPv6len]).String()
port = strconv.Itoa((int(a[1+net.IPv6len]) << 8) | int(a[1+net.IPv6len+1]))
}
@@ -66,12 +66,12 @@ func (a Addr) String() string {
return net.JoinHostPort(host, port)
}
-// UoT udp over tcp
+// UoT returns whether it is udp over tcp
func UoT(b byte) bool {
return b&0x8 == 0x8
}
-// ATYP return the address type
+// ATYP returns the address type
func ATYP(b byte) int {
return int(b &^ 0x8)
}
@@ -87,17 +87,17 @@ func ReadAddrBuf(r io.Reader, b []byte) (Addr, error) {
}
switch ATYP(b[0]) {
- case ATypeDomain:
+ case ATypDomain:
_, err = io.ReadFull(r, b[1:2]) // read 2nd byte for domain length
if err != nil {
return nil, err
}
_, err = io.ReadFull(r, b[2:2+int(b[1])+2])
return b[:1+1+int(b[1])+2], err
- case ATypeIP4:
+ case ATypIP4:
_, err = io.ReadFull(r, b[1:1+net.IPv4len+2])
return b[:1+net.IPv4len+2], err
- case ATypeIP6:
+ case ATypIP6:
_, err = io.ReadFull(r, b[1:1+net.IPv6len+2])
return b[:1+net.IPv6len+2], err
}
@@ -118,14 +118,14 @@ func SplitAddr(b []byte) Addr {
}
switch ATYP(b[0]) {
- case ATypeDomain:
+ case ATypDomain:
if len(b) < 2 {
return nil
}
addrLen = 1 + 1 + int(b[1]) + 2
- case ATypeIP4:
+ case ATypIP4:
addrLen = 1 + net.IPv4len + 2
- case ATypeIP6:
+ case ATypIP6:
addrLen = 1 + net.IPv6len + 2
default:
return nil
@@ -149,11 +149,11 @@ func ParseAddr(s string) Addr {
if ip := net.ParseIP(host); ip != nil {
if ip4 := ip.To4(); ip4 != nil {
addr = make([]byte, 1+net.IPv4len+2)
- addr[0] = ATypeIP4
+ addr[0] = ATypIP4
copy(addr[1:], ip4)
} else {
addr = make([]byte, 1+net.IPv6len+2)
- addr[0] = ATypeIP6
+ addr[0] = ATypIP6
copy(addr[1:], ip)
}
} else {
@@ -161,7 +161,7 @@ func ParseAddr(s string) Addr {
return nil
}
addr = make([]byte, 1+1+len(host)+2)
- addr[0] = ATypeDomain
+ addr[0] = ATypDomain
addr[1] = byte(len(host))
copy(addr[2:], host)
}
diff --git a/main.go b/main.go
index d315207..d3a5a0d 100644
--- a/main.go
+++ b/main.go
@@ -21,8 +21,7 @@ import (
_ "github.com/nadoo/glider/proxy/tls"
_ "github.com/nadoo/glider/proxy/udptun"
_ "github.com/nadoo/glider/proxy/uottun"
- // _ "github.com/nadoo/glider/proxy/v2ray"
- // _ "github.com/nadoo/glider/proxy/vmess"
+ _ "github.com/nadoo/glider/proxy/vmess"
)
// VERSION .
diff --git a/proxy/redir/redir_linux.go b/proxy/redir/redir_linux.go
index d1da12b..1d202fc 100644
--- a/proxy/redir/redir_linux.go
+++ b/proxy/redir/redir_linux.go
@@ -143,7 +143,7 @@ func getorigdst(fd uintptr) (socks.Addr, error) {
}
addr := make([]byte, 1+net.IPv4len+2)
- addr[0] = socks.ATypeIP4
+ addr[0] = socks.ATypIP4
copy(addr[1:1+net.IPv4len], raw.Addr[:])
port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian
addr[1+net.IPv4len], addr[1+net.IPv4len+1] = port[0], port[1]
@@ -160,7 +160,7 @@ func getorigdstIPv6(fd uintptr) (socks.Addr, error) {
}
addr := make([]byte, 1+net.IPv6len+2)
- addr[0] = socks.ATypeIP6
+ addr[0] = socks.ATypIP6
copy(addr[1:1+net.IPv6len], raw.Addr[:])
port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian
addr[1+net.IPv6len], addr[1+net.IPv6len+1] = port[0], port[1]
diff --git a/proxy/socks5/socks5.go b/proxy/socks5/socks5.go
index 95b0836..1f97793 100644
--- a/proxy/socks5/socks5.go
+++ b/proxy/socks5/socks5.go
@@ -362,17 +362,17 @@ func (s *SOCKS5) connect(conn net.Conn, target string) error {
if ip := net.ParseIP(host); ip != nil {
if ip4 := ip.To4(); ip4 != nil {
- buf = append(buf, socks.ATypeIP4)
+ buf = append(buf, socks.ATypIP4)
ip = ip4
} else {
- buf = append(buf, socks.ATypeIP6)
+ buf = append(buf, socks.ATypIP6)
}
buf = append(buf, ip...)
} else {
if len(host) > 255 {
return errors.New("proxy: destination hostname too long: " + host)
}
- buf = append(buf, socks.ATypeDomain)
+ buf = append(buf, socks.ATypDomain)
buf = append(buf, byte(len(host)))
buf = append(buf, host...)
}
@@ -397,11 +397,11 @@ func (s *SOCKS5) connect(conn net.Conn, target string) error {
bytesToDiscard := 0
switch buf[3] {
- case socks.ATypeIP4:
+ case socks.ATypIP4:
bytesToDiscard = net.IPv4len
- case socks.ATypeIP6:
+ case socks.ATypIP6:
bytesToDiscard = net.IPv6len
- case socks.ATypeDomain:
+ case socks.ATypDomain:
_, err := io.ReadFull(conn, buf[:1])
if err != nil {
return errors.New("proxy: failed to read domain length from SOCKS5 proxy at " + s.addr + ": " + err.Error())
diff --git a/proxy/v2ray/v2ray.go b/proxy/v2ray/v2ray.go
deleted file mode 100644
index f0f36b1..0000000
--- a/proxy/v2ray/v2ray.go
+++ /dev/null
@@ -1,185 +0,0 @@
-package v2ray
-
-import (
- "context"
- "errors"
- "net"
- "net/url"
- "strconv"
- "strings"
-
- "github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/proxy"
-
- "v2ray.com/core"
- "v2ray.com/core/app/dispatcher"
- "v2ray.com/core/app/proxyman"
- v2net "v2ray.com/core/common/net"
- "v2ray.com/core/common/protocol"
- "v2ray.com/core/common/serial"
- "v2ray.com/core/proxy/vmess"
- "v2ray.com/core/proxy/vmess/outbound"
- "v2ray.com/core/transport/internet"
- "v2ray.com/core/transport/internet/tls"
-
- // needed
- _ "v2ray.com/core/app/proxyman/outbound"
- _ "v2ray.com/core/transport/internet/tcp"
-)
-
-// V2Ray .
-type V2Ray struct {
- dialer proxy.Dialer
- addr string
-
- uuid string
- alertID uint32
-
- outboundSecurity string
- streamProtocol string
- streamSecurity string
-
- config *core.Config
- instance *core.Instance
-}
-
-func init() {
- proxy.RegisterDialer("v2ray", NewV2RayDialer)
-}
-
-// NewV2Ray returns a v2ray proxy.
-func NewV2Ray(s string, dialer proxy.Dialer) (*V2Ray, error) {
- u, err := url.Parse(s)
- if err != nil {
- log.F("parse url err: %s", err)
- return nil, err
- }
-
- addr := u.Host
- host := u.Hostname()
- port, err := strconv.ParseUint(u.Port(), 10, 32)
- if err != nil {
- log.F("parse port err: %s", err)
- return nil, err
- }
-
- var uuid, aid string
- if u.User != nil {
- uuid = u.User.Username()
- aid, _ = u.User.Password()
- }
-
- alertID, err := strconv.ParseUint(aid, 10, 32)
- if err != nil {
- log.F("parse alertID err: %s", err)
- return nil, err
- }
-
- config := &core.Config{
- App: []*serial.TypedMessage{
- serial.ToTypedMessage(&dispatcher.Config{}),
- serial.ToTypedMessage(&proxyman.OutboundConfig{}),
- },
- Outbound: []*core.OutboundHandlerConfig{{
- ProxySettings: serial.ToTypedMessage(&outbound.Config{
- Receiver: []*protocol.ServerEndpoint{
- {
- Address: v2net.NewIPOrDomain(v2net.ParseAddress(host)),
- Port: uint32(port),
- User: []*protocol.User{
- {
- Account: serial.ToTypedMessage(&vmess.Account{
- Id: uuid,
- AlterId: uint32(alertID),
- SecuritySettings: &protocol.SecurityConfig{
- Type: protocol.SecurityType_NONE,
- },
- }),
- },
- },
- },
- },
- }),
- SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{
- StreamSettings: &internet.StreamConfig{
- Protocol: internet.TransportProtocol_TCP,
- SecurityType: serial.GetMessageType(&tls.Config{}),
- SecuritySettings: []*serial.TypedMessage{
- serial.ToTypedMessage(&tls.Config{
- AllowInsecure: true,
- }),
- },
- },
- })},
- },
- }
-
- v, err := core.New(config)
- if err != nil {
- log.Fatal("Failed to create V: ", err.Error())
- }
-
- p := &V2Ray{
- dialer: dialer,
- addr: addr,
-
- uuid: uuid,
- alertID: uint32(alertID),
-
- outboundSecurity: "auto",
- streamProtocol: "tcp",
- streamSecurity: "tls",
-
- config: config,
- instance: v,
- }
-
- return p, nil
-}
-
-// NewV2RayDialer returns a v2ray proxy dialer.
-func NewV2RayDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewV2Ray(s, dialer)
-}
-
-// Addr returns forwarder's address
-func (s *V2Ray) Addr() string { return s.addr }
-
-// NextDialer returns the next dialer
-func (s *V2Ray) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-
-// Dial connects to the address addr on the network net via the proxy.
-func (s *V2Ray) Dial(network, addr string) (net.Conn, error) {
-
- // c, err := s.dialer.Dial("tcp", s.addr)
-
- d := strings.Split(addr, ":")
- host, portStr := d[0], d[1]
- port, err := strconv.ParseUint(portStr, 10, 32)
- if err != nil {
- log.F("parse portStr err: %s", err)
- return nil, err
- }
-
- // TODO: does not support upstream dialer now
- c, err := core.Dial(context.Background(),
- s.instance,
- v2net.TCPDestination(v2net.ParseAddress(host), v2net.Port(port)))
-
- if err != nil {
- log.F("[v2ray] dial to %s error: %s", s.addr, err)
- return nil, err
- }
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- return c, err
-
-}
-
-// DialUDP connects to the given address via the proxy.
-func (s *V2Ray) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- return nil, nil, errors.New("v2ray client does not support udp now")
-}
diff --git a/proxy/vmess/addr.go b/proxy/vmess/addr.go
new file mode 100644
index 0000000..d89f963
--- /dev/null
+++ b/proxy/vmess/addr.go
@@ -0,0 +1,61 @@
+package vmess
+
+import (
+ "net"
+ "strconv"
+)
+
+// AType is vmess addr type
+type AType byte
+
+// Atyp
+const (
+ ATypeErr AType = 0
+ ATypeIP4 AType = 1
+ ATypeDomain AType = 2
+ ATypeIP6 AType = 3
+)
+
+// Addr is vmess addr
+type Addr []byte
+
+// Port is vmess addr port
+type Port uint16
+
+// ParseAddr parses the address in string s. return AType = 0 if error.
+func ParseAddr(s string) (AType, Addr, Port, error) {
+ var atype AType
+ var addr Addr
+
+ host, port, err := net.SplitHostPort(s)
+ if err != nil {
+ return 0, nil, 0, err
+ }
+
+ if ip := net.ParseIP(host); ip != nil {
+ if ip4 := ip.To4(); ip4 != nil {
+ addr = make([]byte, net.IPv4len)
+ atype = ATypeIP4
+ copy(addr[:], ip4)
+ } else {
+ addr = make([]byte, net.IPv6len)
+ atype = ATypeIP6
+ copy(addr[:], ip)
+ }
+ } else {
+ if len(host) > 255 {
+ return 0, nil, 0, err
+ }
+ addr = make([]byte, 1+len(host))
+ atype = ATypeDomain
+ addr[0] = byte(len(host))
+ copy(addr[1:], host)
+ }
+
+ portnum, err := strconv.ParseUint(port, 10, 16)
+ if err != nil {
+ return 0, nil, 0, err
+ }
+
+ return atype, addr, Port(portnum), err
+}
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
new file mode 100644
index 0000000..b22a89a
--- /dev/null
+++ b/proxy/vmess/client.go
@@ -0,0 +1,214 @@
+package vmess
+
+import (
+ "bytes"
+ "crypto/aes"
+ "crypto/cipher"
+ "crypto/hmac"
+ "crypto/md5"
+ "encoding/binary"
+ "errors"
+ "hash/fnv"
+ "io"
+ "math/rand"
+ "net"
+ "time"
+)
+
+// Request Options
+const (
+ OptChunkStream byte = 1
+ OptReuseTCPConnection byte = 2
+ OptMetadataObfuscate byte = 4
+)
+
+// SEC types
+const (
+ SecTypeUnknown byte = 0
+ SecTypeLegacy byte = 1
+ SecTypeAuto byte = 2
+ SecTypeAES128GCM byte = 3
+ SecTypeChacha20Poly1305 byte = 4
+ SecTypeNone byte = 5
+)
+
+// CMD types
+const (
+ CmdTCP byte = 1
+ CmdUDP byte = 2
+)
+
+// Client vmess client
+type Client struct {
+ user *User
+ atype AType
+ addr Addr
+ port Port
+
+ reqBodyIV [16]byte
+ reqBodyKey [16]byte
+ reqRespV byte
+ respBodyKey [16]byte
+ respBodyIV [16]byte
+
+ net.Conn
+ connected bool
+}
+
+// NewClient .
+func NewClient(uuid, target string) (*Client, error) {
+ user, err := NewUser(uuid)
+ if err != nil {
+ return nil, err
+ }
+
+ c := &Client{user: user}
+
+ c.atype, c.addr, c.port, err = ParseAddr(target)
+ if err != nil {
+ return nil, err
+ }
+
+ randBytes := make([]byte, 33)
+ rand.Read(randBytes)
+
+ copy(c.reqBodyIV[:], randBytes[:16])
+ copy(c.reqBodyKey[:], randBytes[16:32])
+ c.reqRespV = randBytes[32]
+
+ c.respBodyIV = md5.Sum(c.reqBodyIV[:])
+ c.respBodyKey = md5.Sum(c.reqBodyKey[:])
+
+ return c, nil
+}
+
+// EncodeAuthInfo returns HMAC("md5", UUID, UTC) result
+func (c *Client) EncodeAuthInfo() []byte {
+ ts := make([]byte, 8)
+ binary.BigEndian.PutUint64(ts, uint64(time.Now().UTC().Unix()))
+
+ h := hmac.New(md5.New, c.user.UUID[:])
+ h.Write(ts)
+
+ return h.Sum(nil)
+}
+
+// EncodeRequest encodes requests to network bytes
+func (c *Client) EncodeRequest() ([]byte, error) {
+ buf := new(bytes.Buffer)
+
+ // Request
+ buf.WriteByte(1) // Ver
+ buf.Write(c.reqBodyIV[:]) // IV
+ buf.Write(c.reqBodyKey[:]) // Key
+ buf.WriteByte(c.reqRespV) // V
+ buf.WriteByte(0) // Opt
+
+ // pLen and Sec
+ paddingLen := rand.Intn(16)
+ pSec := byte(paddingLen<<4) | SecTypeNone // P(4bit) and Sec(4bit)
+ buf.WriteByte(pSec)
+
+ buf.WriteByte(0) // reserved
+ buf.WriteByte(CmdTCP) // cmd
+
+ // target
+ binary.Write(buf, binary.BigEndian, uint16(c.port)) // port
+ buf.WriteByte(byte(c.atype)) // atype
+ buf.Write(c.addr) // addr
+
+ // padding
+ if paddingLen > 0 {
+ padding := make([]byte, paddingLen)
+ rand.Read(padding)
+ buf.Write(padding)
+ }
+
+ // F
+ fnv1a := fnv.New32a()
+ fnv1a.Write(buf.Bytes())
+ buf.Write(fnv1a.Sum(nil))
+
+ // AES-128-CFB crypt the request:
+ // Key:MD5(UUID + []byte('c48619fe-8f02-49e0-b9e9-edf763e17e21'))
+ // IV:MD5(X + X + X + X),X = []byte(timestamp.now) (8 bytes, Big Endian)
+ md5hash := md5.New()
+ md5hash.Write(c.user.UUID[:])
+ md5hash.Write([]byte("c48619fe-8f02-49e0-b9e9-edf763e17e21"))
+ key := md5hash.Sum(nil)
+
+ md5hash.Reset()
+ ts := make([]byte, 8)
+ binary.BigEndian.PutUint64(ts, uint64(time.Now().UTC().Unix()))
+ md5hash.Write(ts)
+ md5hash.Write(ts)
+ md5hash.Write(ts)
+ md5hash.Write(ts)
+ iv := md5hash.Sum(nil)
+
+ block, err := aes.NewCipher(key)
+ if err != nil {
+ return nil, err
+ }
+
+ stream := cipher.NewCFBEncrypter(block, iv)
+ stream.XORKeyStream(buf.Bytes(), buf.Bytes())
+
+ return buf.Bytes(), nil
+}
+
+// DecodeRespHeader .
+func (c *Client) DecodeRespHeader() error {
+ block, err := aes.NewCipher(c.respBodyKey[:])
+ if err != nil {
+ return err
+ }
+
+ stream := cipher.NewCFBDecrypter(block, c.respBodyIV[:])
+ buf := make([]byte, 4)
+ io.ReadFull(c.Conn, buf)
+ stream.XORKeyStream(buf, buf)
+
+ if buf[0] != c.reqRespV {
+ return errors.New("unexpected response header")
+ }
+
+ // TODO: Dynamic port supported
+ // if buf[2] != 0 {
+ // cmd := buf[2]
+ // dataLen := int32(buf[3])
+ // }
+
+ c.connected = true
+ return nil
+
+}
+
+// NewConn wraps a net.Conn to VMessConn
+func (c *Client) NewConn(rc net.Conn) (net.Conn, error) {
+ // AuthInfo
+ rc.Write(c.EncodeAuthInfo())
+
+ // Request
+ req, err := c.EncodeRequest()
+ if err != nil {
+ return nil, err
+ }
+ rc.Write(req)
+
+ c.Conn = rc
+
+ return c, err
+}
+
+func (c *Client) Read(b []byte) (n int, err error) {
+ if !c.connected {
+ c.DecodeRespHeader()
+ }
+
+ return c.Conn.Read(b)
+}
+
+func (c *Client) Write(b []byte) (n int, err error) {
+ return c.Conn.Write(b)
+}
diff --git a/proxy/vmess/user.go b/proxy/vmess/user.go
new file mode 100644
index 0000000..4fb4c4e
--- /dev/null
+++ b/proxy/vmess/user.go
@@ -0,0 +1,37 @@
+package vmess
+
+import (
+ "encoding/hex"
+ "errors"
+ "strings"
+)
+
+// User of vmess client
+type User struct {
+ UUID [16]byte
+}
+
+// NewUser .
+func NewUser(uuidStr string) (*User, error) {
+ uuid, err := StrToUUID(uuidStr)
+ if err != nil {
+ return nil, err
+ }
+
+ u := &User{
+ UUID: uuid,
+ }
+
+ return u, nil
+}
+
+// StrToUUID converts string to uuid.
+// s fomat: "6ba7b810-9dad-11d1-80b4-00c04fd430c8"
+func StrToUUID(s string) (uuid [16]byte, err error) {
+ b := []byte(strings.Replace(s, "-", "", -1))
+ if len(b) != 32 {
+ return uuid, errors.New("invalid UUID: " + s)
+ }
+ _, err = hex.Decode(uuid[:], b)
+ return
+}
diff --git a/proxy/vmess/vmess.go b/proxy/vmess/vmess.go
index aeea8d2..0a78ddd 100644
--- a/proxy/vmess/vmess.go
+++ b/proxy/vmess/vmess.go
@@ -15,12 +15,9 @@ type VMess struct {
dialer proxy.Dialer
addr string
- uuid string
- alertID uint32
-
- outboundSecurity string
- streamProtocol string
- streamSecurity string
+ uuid string
+ alertID uint32
+ security string
}
func init() {
@@ -37,10 +34,20 @@ func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
addr := u.Host
- var uuid, aid string
+ var uuid, security string
if u.User != nil {
uuid = u.User.Username()
- aid, _ = u.User.Password()
+ security, _ = u.User.Password()
+ }
+
+ if security == "" {
+ security = "NONE"
+ }
+
+ aid := "0"
+ params, _ := url.ParseQuery(u.RawQuery)
+ if v, ok := params["alertId"]; ok {
+ aid = v[0]
}
alertID, err := strconv.ParseUint(aid, 10, 32)
@@ -50,13 +57,11 @@ func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
}
p := &VMess{
- dialer: dialer,
- addr: addr,
- uuid: uuid,
- alertID: uint32(alertID),
- outboundSecurity: "auto",
- streamProtocol: "tcp",
- streamSecurity: "tls",
+ dialer: dialer,
+ addr: addr,
+ uuid: uuid,
+ alertID: uint32(alertID),
+ security: security,
}
return p, nil
@@ -75,7 +80,19 @@ func (s *VMess) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDi
// Dial connects to the address addr on the network net via the proxy.
func (s *VMess) Dial(network, addr string) (net.Conn, error) {
- return nil, nil
+ rc, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ return nil, err
+ }
+
+ client, err := NewClient(s.uuid, addr)
+ if err != nil {
+ return nil, err
+ }
+
+ rc, err = client.NewConn(rc)
+
+ return rc, nil
}
// DialUDP connects to the given address via the proxy.
From 14cded4665b3c74707d41939a5a54f23c0950120 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 3 Jul 2018 01:07:28 +0800
Subject: [PATCH 183/341] vmess: add CmdKey in user struct
---
proxy/vmess/client.go | 21 ++-------------------
proxy/vmess/user.go | 34 ++++++++++++++++++++++++++++++----
proxy/vmess/vmess.go | 4 +---
3 files changed, 33 insertions(+), 26 deletions(-)
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
index b22a89a..c8abcda 100644
--- a/proxy/vmess/client.go
+++ b/proxy/vmess/client.go
@@ -129,29 +129,12 @@ func (c *Client) EncodeRequest() ([]byte, error) {
fnv1a.Write(buf.Bytes())
buf.Write(fnv1a.Sum(nil))
- // AES-128-CFB crypt the request:
- // Key:MD5(UUID + []byte('c48619fe-8f02-49e0-b9e9-edf763e17e21'))
- // IV:MD5(X + X + X + X),X = []byte(timestamp.now) (8 bytes, Big Endian)
- md5hash := md5.New()
- md5hash.Write(c.user.UUID[:])
- md5hash.Write([]byte("c48619fe-8f02-49e0-b9e9-edf763e17e21"))
- key := md5hash.Sum(nil)
-
- md5hash.Reset()
- ts := make([]byte, 8)
- binary.BigEndian.PutUint64(ts, uint64(time.Now().UTC().Unix()))
- md5hash.Write(ts)
- md5hash.Write(ts)
- md5hash.Write(ts)
- md5hash.Write(ts)
- iv := md5hash.Sum(nil)
-
- block, err := aes.NewCipher(key)
+ block, err := aes.NewCipher(c.user.CmdKey[:])
if err != nil {
return nil, err
}
- stream := cipher.NewCFBEncrypter(block, iv)
+ stream := cipher.NewCFBEncrypter(block, TimestampHash(time.Now().UTC()))
stream.XORKeyStream(buf.Bytes(), buf.Bytes())
return buf.Bytes(), nil
diff --git a/proxy/vmess/user.go b/proxy/vmess/user.go
index 4fb4c4e..bd57b9a 100644
--- a/proxy/vmess/user.go
+++ b/proxy/vmess/user.go
@@ -1,14 +1,18 @@
package vmess
import (
+ "crypto/md5"
+ "encoding/binary"
"encoding/hex"
"errors"
"strings"
+ "time"
)
// User of vmess client
type User struct {
- UUID [16]byte
+ UUID [16]byte
+ CmdKey [16]byte
}
// NewUser .
@@ -18,9 +22,8 @@ func NewUser(uuidStr string) (*User, error) {
return nil, err
}
- u := &User{
- UUID: uuid,
- }
+ u := &User{UUID: uuid}
+ copy(u.CmdKey[:], GetKey(uuid))
return u, nil
}
@@ -35,3 +38,26 @@ func StrToUUID(s string) (uuid [16]byte, err error) {
_, err = hex.Decode(uuid[:], b)
return
}
+
+// GetKey returns the key of AES-128-CFB encrypter
+// Key:MD5(UUID + []byte('c48619fe-8f02-49e0-b9e9-edf763e17e21'))
+func GetKey(uuid [16]byte) []byte {
+ md5hash := md5.New()
+ md5hash.Write(uuid[:])
+ md5hash.Write([]byte("c48619fe-8f02-49e0-b9e9-edf763e17e21"))
+ return md5hash.Sum(nil)
+}
+
+// TimestampHash returns the iv of AES-128-CFB encrypter
+// IV:MD5(X + X + X + X),X = []byte(timestamp.now) (8 bytes, Big Endian)
+func TimestampHash(t time.Time) []byte {
+ md5hash := md5.New()
+
+ ts := make([]byte, 8)
+ binary.BigEndian.PutUint64(ts, uint64(t.UTC().Unix()))
+ md5hash.Write(ts)
+ md5hash.Write(ts)
+ md5hash.Write(ts)
+ md5hash.Write(ts)
+ return md5hash.Sum(nil)
+}
diff --git a/proxy/vmess/vmess.go b/proxy/vmess/vmess.go
index 0a78ddd..1dc43f6 100644
--- a/proxy/vmess/vmess.go
+++ b/proxy/vmess/vmess.go
@@ -90,9 +90,7 @@ func (s *VMess) Dial(network, addr string) (net.Conn, error) {
return nil, err
}
- rc, err = client.NewConn(rc)
-
- return rc, nil
+ return client.NewConn(rc)
}
// DialUDP connects to the given address via the proxy.
From f6fae13d888e69ed9257b61226d8caf5411f7f15 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 3 Jul 2018 14:30:56 +0800
Subject: [PATCH 184/341] vmess: support alterID
---
proxy/vmess/client.go | 81 +++++++++++++++++++++++++------------------
proxy/vmess/user.go | 39 +++++++++++++++++----
proxy/vmess/vmess.go | 26 ++++++++------
3 files changed, 95 insertions(+), 51 deletions(-)
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
index c8abcda..8089ebf 100644
--- a/proxy/vmess/client.go
+++ b/proxy/vmess/client.go
@@ -40,7 +40,14 @@ const (
// Client vmess client
type Client struct {
- user *User
+ users []*User
+ count int
+}
+
+// Conn is a connection to vmess server
+type Conn struct {
+ user *User
+
atype AType
addr Addr
port Port
@@ -56,15 +63,28 @@ type Client struct {
}
// NewClient .
-func NewClient(uuid, target string) (*Client, error) {
- user, err := NewUser(uuid)
+func NewClient(uuidStr string, alterID int) (*Client, error) {
+ uuid, err := StrToUUID(uuidStr)
if err != nil {
return nil, err
}
- c := &Client{user: user}
+ c := &Client{}
+ user := NewUser(uuid)
+ c.users = append(c.users, user)
+ c.users = append(c.users, user.GenAlterIDUsers(alterID)...)
+ c.count = len(c.users)
- c.atype, c.addr, c.port, err = ParseAddr(target)
+ return c, nil
+}
+
+// NewConn .
+func (c *Client) NewConn(rc net.Conn, target string) (*Conn, error) {
+ r := rand.Intn(c.count)
+ conn := &Conn{user: c.users[r]}
+
+ var err error
+ conn.atype, conn.addr, conn.port, err = ParseAddr(target)
if err != nil {
return nil, err
}
@@ -72,18 +92,30 @@ func NewClient(uuid, target string) (*Client, error) {
randBytes := make([]byte, 33)
rand.Read(randBytes)
- copy(c.reqBodyIV[:], randBytes[:16])
- copy(c.reqBodyKey[:], randBytes[16:32])
- c.reqRespV = randBytes[32]
+ copy(conn.reqBodyIV[:], randBytes[:16])
+ copy(conn.reqBodyKey[:], randBytes[16:32])
+ conn.reqRespV = randBytes[32]
- c.respBodyIV = md5.Sum(c.reqBodyIV[:])
- c.respBodyKey = md5.Sum(c.reqBodyKey[:])
+ conn.respBodyIV = md5.Sum(conn.reqBodyIV[:])
+ conn.respBodyKey = md5.Sum(conn.reqBodyKey[:])
- return c, nil
+ // AuthInfo
+ rc.Write(conn.EncodeAuthInfo())
+
+ // Request
+ req, err := conn.EncodeRequest()
+ if err != nil {
+ return nil, err
+ }
+ rc.Write(req)
+
+ conn.Conn = rc
+
+ return conn, nil
}
// EncodeAuthInfo returns HMAC("md5", UUID, UTC) result
-func (c *Client) EncodeAuthInfo() []byte {
+func (c *Conn) EncodeAuthInfo() []byte {
ts := make([]byte, 8)
binary.BigEndian.PutUint64(ts, uint64(time.Now().UTC().Unix()))
@@ -94,7 +126,7 @@ func (c *Client) EncodeAuthInfo() []byte {
}
// EncodeRequest encodes requests to network bytes
-func (c *Client) EncodeRequest() ([]byte, error) {
+func (c *Conn) EncodeRequest() ([]byte, error) {
buf := new(bytes.Buffer)
// Request
@@ -141,7 +173,7 @@ func (c *Client) EncodeRequest() ([]byte, error) {
}
// DecodeRespHeader .
-func (c *Client) DecodeRespHeader() error {
+func (c *Conn) DecodeRespHeader() error {
block, err := aes.NewCipher(c.respBodyKey[:])
if err != nil {
return err
@@ -167,24 +199,7 @@ func (c *Client) DecodeRespHeader() error {
}
-// NewConn wraps a net.Conn to VMessConn
-func (c *Client) NewConn(rc net.Conn) (net.Conn, error) {
- // AuthInfo
- rc.Write(c.EncodeAuthInfo())
-
- // Request
- req, err := c.EncodeRequest()
- if err != nil {
- return nil, err
- }
- rc.Write(req)
-
- c.Conn = rc
-
- return c, err
-}
-
-func (c *Client) Read(b []byte) (n int, err error) {
+func (c *Conn) Read(b []byte) (n int, err error) {
if !c.connected {
c.DecodeRespHeader()
}
@@ -192,6 +207,6 @@ func (c *Client) Read(b []byte) (n int, err error) {
return c.Conn.Read(b)
}
-func (c *Client) Write(b []byte) (n int, err error) {
+func (c *Conn) Write(b []byte) (n int, err error) {
return c.Conn.Write(b)
}
diff --git a/proxy/vmess/user.go b/proxy/vmess/user.go
index bd57b9a..e40db4d 100644
--- a/proxy/vmess/user.go
+++ b/proxy/vmess/user.go
@@ -1,12 +1,15 @@
package vmess
import (
+ "bytes"
"crypto/md5"
"encoding/binary"
"encoding/hex"
"errors"
"strings"
"time"
+
+ "github.com/nadoo/glider/common/log"
)
// User of vmess client
@@ -16,16 +19,38 @@ type User struct {
}
// NewUser .
-func NewUser(uuidStr string) (*User, error) {
- uuid, err := StrToUUID(uuidStr)
- if err != nil {
- return nil, err
- }
-
+func NewUser(uuid [16]byte) *User {
u := &User{UUID: uuid}
copy(u.CmdKey[:], GetKey(uuid))
+ return u
+}
- return u, nil
+func nextID(oldID [16]byte) (newID [16]byte) {
+ md5hash := md5.New()
+ md5hash.Write(oldID[:])
+ md5hash.Write([]byte("16167dc8-16b6-4e6d-b8bb-65dd68113a81"))
+ for {
+ md5hash.Sum(newID[:0])
+ if !bytes.Equal(oldID[:], newID[:]) {
+ log.F("oldID: %x, newID: %x", oldID, newID)
+ return
+ }
+ md5hash.Write([]byte("533eff8a-4113-4b10-b5ce-0f5d76b98cd2"))
+ }
+}
+
+// GenAlterIDUsers generates users according to primary user's id and alterID
+func (u *User) GenAlterIDUsers(alterID int) []*User {
+ users := make([]*User, alterID)
+ preID := u.UUID
+ for i := 0; i < alterID; i++ {
+ newID := nextID(preID)
+ // NOTE: alterID user is a user which have a different uuid but a same cmdkey with the primary user.
+ users[i] = &User{UUID: newID, CmdKey: u.CmdKey}
+ preID = newID
+ }
+
+ return users
}
// StrToUUID converts string to uuid.
diff --git a/proxy/vmess/vmess.go b/proxy/vmess/vmess.go
index 1dc43f6..a3ff203 100644
--- a/proxy/vmess/vmess.go
+++ b/proxy/vmess/vmess.go
@@ -16,8 +16,10 @@ type VMess struct {
addr string
uuid string
- alertID uint32
+ alterID int
security string
+
+ client *Client
}
func init() {
@@ -46,13 +48,19 @@ func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
aid := "0"
params, _ := url.ParseQuery(u.RawQuery)
- if v, ok := params["alertId"]; ok {
+ if v, ok := params["alterID"]; ok {
aid = v[0]
}
- alertID, err := strconv.ParseUint(aid, 10, 32)
+ alterID, err := strconv.ParseUint(aid, 10, 32)
if err != nil {
- log.F("parse alertID err: %s", err)
+ log.F("parse alterID err: %s", err)
+ return nil, err
+ }
+
+ client, err := NewClient(uuid, int(alterID))
+ if err != nil {
+ log.F("create vmess client err: %s", err)
return nil, err
}
@@ -60,8 +68,9 @@ func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
dialer: dialer,
addr: addr,
uuid: uuid,
- alertID: uint32(alertID),
+ alterID: int(alterID),
security: security,
+ client: client,
}
return p, nil
@@ -85,12 +94,7 @@ func (s *VMess) Dial(network, addr string) (net.Conn, error) {
return nil, err
}
- client, err := NewClient(s.uuid, addr)
- if err != nil {
- return nil, err
- }
-
- return client.NewConn(rc)
+ return s.client.NewConn(rc, addr)
}
// DialUDP connects to the given address via the proxy.
From e320dc5508d4c61bd29d8bf288ece299f4ce3c56 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 4 Jul 2018 11:05:43 +0800
Subject: [PATCH 185/341] general: use dialer's address if there's no self
address
---
proxy/http/http.go | 7 ++++++-
proxy/socks5/socks5.go | 7 ++++++-
proxy/ss/ss.go | 7 ++++++-
proxy/vmess/client.go | 6 +++---
proxy/vmess/user.go | 3 ---
proxy/vmess/vmess.go | 7 ++++++-
6 files changed, 27 insertions(+), 10 deletions(-)
diff --git a/proxy/http/http.go b/proxy/http/http.go
index 06e31ff..3bc3fa3 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -212,7 +212,12 @@ func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
}
// Addr returns forwarder's address
-func (s *HTTP) Addr() string { return s.addr }
+func (s *HTTP) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
// NextDialer returns the next dialer
func (s *HTTP) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
diff --git a/proxy/socks5/socks5.go b/proxy/socks5/socks5.go
index 1f97793..0dcbc4a 100644
--- a/proxy/socks5/socks5.go
+++ b/proxy/socks5/socks5.go
@@ -213,7 +213,12 @@ func (s *SOCKS5) ListenAndServeUDP() {
}
// Addr returns forwarder's address
-func (s *SOCKS5) Addr() string { return s.addr }
+func (s *SOCKS5) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
// NextDialer returns the next dialer
func (s *SOCKS5) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
diff --git a/proxy/ss/ss.go b/proxy/ss/ss.go
index 145baec..39cd62e 100644
--- a/proxy/ss/ss.go
+++ b/proxy/ss/ss.go
@@ -231,7 +231,12 @@ func ListCipher() string {
}
// Addr returns forwarder's address
-func (s *SS) Addr() string { return s.addr }
+func (s *SS) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
// NextDialer returns the next dialer
func (s *SS) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
index 8089ebf..e96cab1 100644
--- a/proxy/vmess/client.go
+++ b/proxy/vmess/client.go
@@ -24,9 +24,9 @@ const (
// SEC types
const (
- SecTypeUnknown byte = 0
- SecTypeLegacy byte = 1
- SecTypeAuto byte = 2
+ SecTypeUnknown byte = 0 // don't use in client
+ SecTypeLegacy byte = 1 // don't use in client (aes-128-cfb)
+ SecTypeAuto byte = 2 // don't use in client
SecTypeAES128GCM byte = 3
SecTypeChacha20Poly1305 byte = 4
SecTypeNone byte = 5
diff --git a/proxy/vmess/user.go b/proxy/vmess/user.go
index e40db4d..ca2d6a3 100644
--- a/proxy/vmess/user.go
+++ b/proxy/vmess/user.go
@@ -8,8 +8,6 @@ import (
"errors"
"strings"
"time"
-
- "github.com/nadoo/glider/common/log"
)
// User of vmess client
@@ -32,7 +30,6 @@ func nextID(oldID [16]byte) (newID [16]byte) {
for {
md5hash.Sum(newID[:0])
if !bytes.Equal(oldID[:], newID[:]) {
- log.F("oldID: %x, newID: %x", oldID, newID)
return
}
md5hash.Write([]byte("533eff8a-4113-4b10-b5ce-0f5d76b98cd2"))
diff --git a/proxy/vmess/vmess.go b/proxy/vmess/vmess.go
index a3ff203..c0d7881 100644
--- a/proxy/vmess/vmess.go
+++ b/proxy/vmess/vmess.go
@@ -82,7 +82,12 @@ func NewVMessDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
}
// Addr returns forwarder's address
-func (s *VMess) Addr() string { return s.addr }
+func (s *VMess) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
// NextDialer returns the next dialer
func (s *VMess) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
From a21dcb66a3309405bc48d094d74f68ed8f1f3c68 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 4 Jul 2018 11:17:38 +0800
Subject: [PATCH 186/341] conf: add vmess info
---
conf.go | 10 +++++++++-
proxy/ssr/ssr.go | 7 ++++++-
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/conf.go b/conf.go
index 19ce152..04418ca 100644
--- a/conf.go
+++ b/conf.go
@@ -140,6 +140,7 @@ func usage() {
fmt.Fprintf(os.Stderr, " socks5: socks5 proxy\n")
fmt.Fprintf(os.Stderr, " http: http proxy\n")
fmt.Fprintf(os.Stderr, " ssr: ssr proxy\n")
+ fmt.Fprintf(os.Stderr, " vmess: vmess proxy\n")
fmt.Fprintf(os.Stderr, " redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)\n")
fmt.Fprintf(os.Stderr, " tcptun: tcp tunnel\n")
fmt.Fprintf(os.Stderr, " udptun: udp tunnel\n")
@@ -149,7 +150,7 @@ func usage() {
fmt.Fprintf(os.Stderr, "Available schemes for different modes:\n")
fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir tcptun udptun uottun dnstun\n")
- fmt.Fprintf(os.Stderr, " forward: ss socks5 http ssr\n")
+ fmt.Fprintf(os.Stderr, " forward: ss socks5 http ssr vmess\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "SS scheme:\n")
@@ -166,6 +167,10 @@ func usage() {
fmt.Fprintf(os.Stderr, " ssr://method:pass@host:port?protocol=xxx&protocol_param=yyy&obfs=zzz&obfs_param=xyz\n")
fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, "VMess scheme:\n")
+ fmt.Fprintf(os.Stderr, " vmess://uuid[:method]@host:port?alterID=num\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
fmt.Fprintf(os.Stderr, "Available forward strategies:\n")
fmt.Fprintf(os.Stderr, " rr: Round Robin mode\n")
fmt.Fprintf(os.Stderr, " ha: High Availability mode\n")
@@ -203,6 +208,9 @@ func usage() {
fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward \"ssr://method:pass@1.1.1.1:8444?protocol=a&protocol_param=b&obfs=c&obfs_param=d\"\n")
fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote ssr server.\n")
fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward \"tls://1.1.1.1:443,vmess://user:method@?alterID=10\"\n")
+ fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote vmess server.\n")
+ fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443\n")
fmt.Fprintf(os.Stderr, " -listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
diff --git a/proxy/ssr/ssr.go b/proxy/ssr/ssr.go
index 887746c..9c68982 100644
--- a/proxy/ssr/ssr.go
+++ b/proxy/ssr/ssr.go
@@ -81,7 +81,12 @@ func NewSSRDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
}
// Addr returns forwarder's address
-func (s *SSR) Addr() string { return s.addr }
+func (s *SSR) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
// NextDialer returns the next dialer
func (s *SSR) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
From c8ca1f0b25ec02b453624defc483868d3abf394a Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 4 Jul 2018 16:55:45 +0800
Subject: [PATCH 187/341] tls: add skipVerify param in url
---
proxy/ssr/ssr.go | 20 ++++++--------------
proxy/tls/tls.go | 11 ++++++++++-
proxy/vmess/client.go | 1 -
proxy/vmess/vmess.go | 7 ++-----
4 files changed, 18 insertions(+), 21 deletions(-)
diff --git a/proxy/ssr/ssr.go b/proxy/ssr/ssr.go
index 9c68982..a92e18b 100644
--- a/proxy/ssr/ssr.go
+++ b/proxy/ssr/ssr.go
@@ -36,7 +36,7 @@ func init() {
proxy.RegisterDialer("ssr", NewSSRDialer)
}
-// NewSSR returns a shadowsocksr proxy, ssr://method:pass@host:port/rawQuery
+// NewSSR returns a shadowsocksr proxy, ssr://method:pass@host:port/query
func NewSSR(s string, dialer proxy.Dialer) (*SSR, error) {
u, err := url.Parse(s)
if err != nil {
@@ -58,19 +58,11 @@ func NewSSR(s string, dialer proxy.Dialer) (*SSR, error) {
EncryptPassword: pass,
}
- q, _ := url.ParseQuery(u.RawQuery)
- if v, ok := q["protocol"]; ok {
- p.Protocol = v[0]
- }
- if v, ok := q["protocol_param"]; ok {
- p.ProtocolParam = v[0]
- }
- if v, ok := q["obfs"]; ok {
- p.Obfs = v[0]
- }
- if v, ok := q["obfs_param"]; ok {
- p.ObfsParam = v[0]
- }
+ query := u.Query()
+ p.Protocol = query.Get("protocol")
+ p.ProtocolParam = query.Get("protocol_param")
+ p.Obfs = query.Get("obfs")
+ p.ObfsParam = query.Get("obfs_param")
return p, nil
}
diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go
index ae3c9ac..d5d453a 100644
--- a/proxy/tls/tls.go
+++ b/proxy/tls/tls.go
@@ -17,6 +17,7 @@ type TLS struct {
addr string
serverName string
+ skipVerify bool
}
func init() {
@@ -33,6 +34,9 @@ func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
addr := u.Host
+ query := u.Query()
+ skipVerify := query.Get("InsecureSkipVerify")
+
colonPos := strings.LastIndex(addr, ":")
if colonPos == -1 {
colonPos = len(addr)
@@ -43,6 +47,11 @@ func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
dialer: dialer,
addr: addr,
serverName: serverName,
+ skipVerify: false,
+ }
+
+ if skipVerify == "true" {
+ p.skipVerify = true
}
return p, nil
@@ -69,7 +78,7 @@ func (s *TLS) Dial(network, addr string) (net.Conn, error) {
conf := &stdtls.Config{
ServerName: s.serverName,
- InsecureSkipVerify: true,
+ InsecureSkipVerify: s.skipVerify,
}
c := stdtls.Client(cc, conf)
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
index e96cab1..515bf50 100644
--- a/proxy/vmess/client.go
+++ b/proxy/vmess/client.go
@@ -203,7 +203,6 @@ func (c *Conn) Read(b []byte) (n int, err error) {
if !c.connected {
c.DecodeRespHeader()
}
-
return c.Conn.Read(b)
}
diff --git a/proxy/vmess/vmess.go b/proxy/vmess/vmess.go
index c0d7881..bb22d46 100644
--- a/proxy/vmess/vmess.go
+++ b/proxy/vmess/vmess.go
@@ -46,11 +46,8 @@ func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
security = "NONE"
}
- aid := "0"
- params, _ := url.ParseQuery(u.RawQuery)
- if v, ok := params["alterID"]; ok {
- aid = v[0]
- }
+ query := u.Query()
+ aid := query.Get("alterID")
alterID, err := strconv.ParseUint(aid, 10, 32)
if err != nil {
From 922462ffe8345a8d3af20417c7eace6c06f70e42 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 5 Jul 2018 20:44:19 +0800
Subject: [PATCH 188/341] vmess: add docs for vmess
---
README.md | 16 ++++++++++++++--
conf.go | 4 ++++
.../README.md | 2 +-
proxy/vmess/client.go | 10 +++++-----
4 files changed, 24 insertions(+), 8 deletions(-)
diff --git a/README.md b/README.md
index 6f2782e..61883ea 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,8 @@ Forward (local proxy client/upstream proxy server):
- Http proxy(tcp)
- SS proxy(tcp&udp&uot)
- SSR proxy(tcp)
+- VMess proxy(tcp)
+- TLS, use together with above proxy protocols(tcp)
DNS Forwarding Server (udp2tcp):
- Listen on UDP and forward dns requests to remote dns server in TCP via forwarders
@@ -89,7 +91,7 @@ glider -config CONFIGPATH -listen :8080 -verbose
## Usage
```bash
-glider v0.5.2 usage:
+glider v0.6.0 usage:
-checkduration int
proxy check duration(seconds) (default 30)
-checkwebsite string
@@ -121,6 +123,7 @@ Available Schemes:
socks5: socks5 proxy
http: http proxy
ssr: ssr proxy
+ vmess: vmess proxy
redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)
tcptun: tcp tunnel
udptun: udp tunnel
@@ -129,7 +132,7 @@ Available Schemes:
Available schemes for different modes:
listen: mixed ss socks5 http redir tcptun udptun uottun dnstun
- forward: ss socks5 http ssr
+ forward: ss socks5 http ssr vmess
SS scheme:
ss://method:pass@host:port
@@ -141,6 +144,12 @@ Available methods for ss:
SSR scheme:
ssr://method:pass@host:port?protocol=xxx&protocol_param=yyy&obfs=zzz&obfs_param=xyz
+VMess scheme:
+ vmess://uuid[:method]@host:port?alterID=num
+
+Available methods for vmess:
+ NONE, (will add aes-128-gcm and chacha20-poly1305 later)
+
Available forward strategies:
rr: Round Robin mode
ha: High Availability mode
@@ -176,6 +185,9 @@ Examples:
glider -listen redir://:1081 -forward "ssr://method:pass@1.1.1.1:8444?protocol=a&protocol_param=b&obfs=c&obfs_param=d"
-listen on :1081 as a transparent redirect server, forward all requests via remote ssr server.
+ glider -listen redir://:1081 -forward "tls://1.1.1.1:443,vmess://user:method@?alterID=10"
+ -listen on :1081 as a transparent redirect server, forward all requests via remote vmess server.
+
glider -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443
-listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.
diff --git a/conf.go b/conf.go
index 04418ca..e31a5b7 100644
--- a/conf.go
+++ b/conf.go
@@ -171,6 +171,10 @@ func usage() {
fmt.Fprintf(os.Stderr, " vmess://uuid[:method]@host:port?alterID=num\n")
fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, "Available methods for vmess:\n")
+ fmt.Fprintf(os.Stderr, " NONE, (will add aes-128-gcm and chacha20-poly1305 later)\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
fmt.Fprintf(os.Stderr, "Available forward strategies:\n")
fmt.Fprintf(os.Stderr, " rr: Round Robin mode\n")
fmt.Fprintf(os.Stderr, " ha: High Availability mode\n")
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/README.md b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
index 4d6bd44..659bc88 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/README.md
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
@@ -70,7 +70,7 @@ cidr=cidr=172.16.101.0/24
cidr=cidr=172.16.102.0/24
```
-#### Config iptables on your linux gateway
+#### Configure iptables on your linux gateway
```bash
iptables -t nat -I PREROUTING -p tcp -m set --match-set glider dst -j REDIRECT --to-ports 1081
iptables -t nat -I OUTPUT -p tcp -m set --match-set glider dst -j REDIRECT --to-ports 1081
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
index 515bf50..4043f4e 100644
--- a/proxy/vmess/client.go
+++ b/proxy/vmess/client.go
@@ -188,11 +188,11 @@ func (c *Conn) DecodeRespHeader() error {
return errors.New("unexpected response header")
}
- // TODO: Dynamic port supported
- // if buf[2] != 0 {
- // cmd := buf[2]
- // dataLen := int32(buf[3])
- // }
+ // TODO: Dynamic port support
+ if buf[2] != 0 {
+ // dataLen := int32(buf[3])
+ return errors.New("dynamic port is not supported now")
+ }
c.connected = true
return nil
From 43a66b4d480ae6c1ba195b01a47871b588820a22 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 5 Jul 2018 20:56:05 +0800
Subject: [PATCH 189/341] doc: add vmess config in config example file
---
README.md | 2 +-
config/glider.conf.example | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 61883ea..fca4305 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ Forward (local proxy client/upstream proxy server):
- SS proxy(tcp&udp&uot)
- SSR proxy(tcp)
- VMess proxy(tcp)
-- TLS, use together with above proxy protocols(tcp)
+- TLS, use it together with above proxy protocols(tcp)
DNS Forwarding Server (udp2tcp):
- Listen on UDP and forward dns requests to remote dns server in TCP via forwarders
diff --git a/config/glider.conf.example b/config/glider.conf.example
index 2c56712..d69f043 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -77,6 +77,9 @@ listen=socks5://:1080
# http proxy as forwarder
# forward=http://1.1.1.1:8080
+# vmess proxy as forwarder
+# forward=tls://1.1.1.1:443,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
+
# FORWARDER CHAIN
# ---------------
From 049c5b14581137b7c1ec668984bd66138d085b0f Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 6 Jul 2018 11:13:25 +0800
Subject: [PATCH 190/341] vmess: changed sechme to
vmess://[security:]uuid@host:port?alterID=num
---
README.md | 2 +-
conf.go | 2 +-
proxy/vmess/client.go | 42 +++++++++++++++++++++++++++++-------------
proxy/vmess/vmess.go | 15 +++++++++------
4 files changed, 40 insertions(+), 21 deletions(-)
diff --git a/README.md b/README.md
index fca4305..8dd6d73 100644
--- a/README.md
+++ b/README.md
@@ -145,7 +145,7 @@ SSR scheme:
ssr://method:pass@host:port?protocol=xxx&protocol_param=yyy&obfs=zzz&obfs_param=xyz
VMess scheme:
- vmess://uuid[:method]@host:port?alterID=num
+ vmess://[security:]uuid@host:port?alterID=num
Available methods for vmess:
NONE, (will add aes-128-gcm and chacha20-poly1305 later)
diff --git a/conf.go b/conf.go
index e31a5b7..7772c2a 100644
--- a/conf.go
+++ b/conf.go
@@ -168,7 +168,7 @@ func usage() {
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "VMess scheme:\n")
- fmt.Fprintf(os.Stderr, " vmess://uuid[:method]@host:port?alterID=num\n")
+ fmt.Fprintf(os.Stderr, " vmess://[security:]uuid@host:port?alterID=num\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Available methods for vmess:\n")
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
index 4043f4e..251df63 100644
--- a/proxy/vmess/client.go
+++ b/proxy/vmess/client.go
@@ -12,6 +12,7 @@ import (
"io"
"math/rand"
"net"
+ "strings"
"time"
)
@@ -22,14 +23,14 @@ const (
OptMetadataObfuscate byte = 4
)
-// SEC types
+// Security types
const (
- SecTypeUnknown byte = 0 // don't use in client
- SecTypeLegacy byte = 1 // don't use in client (aes-128-cfb)
- SecTypeAuto byte = 2 // don't use in client
- SecTypeAES128GCM byte = 3
- SecTypeChacha20Poly1305 byte = 4
- SecTypeNone byte = 5
+ SecurityUnknown byte = 0 // don't use in client
+ SecurityLegacy byte = 1 // don't use in client (aes-128-cfb)
+ SecurityAuto byte = 2 // don't use in client
+ SecurityAES128GCM byte = 3
+ SecurityChacha20Poly1305 byte = 4
+ SecurityNone byte = 5
)
// CMD types
@@ -40,13 +41,15 @@ const (
// Client vmess client
type Client struct {
- users []*User
- count int
+ users []*User
+ count int
+ security byte
}
// Conn is a connection to vmess server
type Conn struct {
- user *User
+ user *User
+ security byte
atype AType
addr Addr
@@ -63,7 +66,7 @@ type Conn struct {
}
// NewClient .
-func NewClient(uuidStr string, alterID int) (*Client, error) {
+func NewClient(uuidStr, security string, alterID int) (*Client, error) {
uuid, err := StrToUUID(uuidStr)
if err != nil {
return nil, err
@@ -75,13 +78,25 @@ func NewClient(uuidStr string, alterID int) (*Client, error) {
c.users = append(c.users, user.GenAlterIDUsers(alterID)...)
c.count = len(c.users)
+ security = strings.ToLower(security)
+ switch security {
+ case "aes-128-cfb":
+ c.security = SecurityLegacy
+ case "aes-128-gcm":
+ c.security = SecurityAES128GCM
+ case "chacha20-poly1305":
+ c.security = SecurityChacha20Poly1305
+ default:
+ c.security = SecurityNone
+ }
+
return c, nil
}
// NewConn .
func (c *Client) NewConn(rc net.Conn, target string) (*Conn, error) {
r := rand.Intn(c.count)
- conn := &Conn{user: c.users[r]}
+ conn := &Conn{user: c.users[r], security: c.security}
var err error
conn.atype, conn.addr, conn.port, err = ParseAddr(target)
@@ -138,7 +153,7 @@ func (c *Conn) EncodeRequest() ([]byte, error) {
// pLen and Sec
paddingLen := rand.Intn(16)
- pSec := byte(paddingLen<<4) | SecTypeNone // P(4bit) and Sec(4bit)
+ pSec := byte(paddingLen<<4) | c.security // P(4bit) and Sec(4bit)
buf.WriteByte(pSec)
buf.WriteByte(0) // reserved
@@ -203,6 +218,7 @@ func (c *Conn) Read(b []byte) (n int, err error) {
if !c.connected {
c.DecodeRespHeader()
}
+
return c.Conn.Read(b)
}
diff --git a/proxy/vmess/vmess.go b/proxy/vmess/vmess.go
index bb22d46..6e85886 100644
--- a/proxy/vmess/vmess.go
+++ b/proxy/vmess/vmess.go
@@ -27,6 +27,7 @@ func init() {
}
// NewVMess returns a vmess proxy.
+// vmess://security:uuid@host:port?alertID=num
func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
u, err := url.Parse(s)
if err != nil {
@@ -36,14 +37,16 @@ func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
addr := u.Host
- var uuid, security string
+ var security, uuid string
if u.User != nil {
- uuid = u.User.Username()
- security, _ = u.User.Password()
+ security = u.User.Username()
}
- if security == "" {
- security = "NONE"
+ uuid, ok := u.User.Password()
+ if !ok {
+ // vmess://uuid@host:port?alertID=num, no security specified
+ uuid = security
+ security = ""
}
query := u.Query()
@@ -55,7 +58,7 @@ func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
return nil, err
}
- client, err := NewClient(uuid, int(alterID))
+ client, err := NewClient(uuid, security, int(alterID))
if err != nil {
log.F("create vmess client err: %s", err)
return nil, err
From 621e8ed018d16cc40e68b1d46ba0aa5a34847516 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 6 Jul 2018 11:30:42 +0800
Subject: [PATCH 191/341] general: optimized codes
---
proxy/http/http.go | 7 ++-----
proxy/socks5/socks5.go | 7 ++-----
proxy/ss/ss.go | 7 ++-----
proxy/ssr/ssr.go | 7 ++-----
proxy/vmess/vmess.go | 13 +++++--------
5 files changed, 13 insertions(+), 28 deletions(-)
diff --git a/proxy/http/http.go b/proxy/http/http.go
index 3bc3fa3..870cf37 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -43,11 +43,8 @@ func NewHTTP(s string, dialer proxy.Dialer) (*HTTP, error) {
}
addr := u.Host
- var user, pass string
- if u.User != nil {
- user = u.User.Username()
- pass, _ = u.User.Password()
- }
+ user := u.User.Username()
+ pass, _ := u.User.Password()
h := &HTTP{
dialer: dialer,
diff --git a/proxy/socks5/socks5.go b/proxy/socks5/socks5.go
index 0dcbc4a..7e1d87e 100644
--- a/proxy/socks5/socks5.go
+++ b/proxy/socks5/socks5.go
@@ -52,11 +52,8 @@ func NewSOCKS5(s string, dialer proxy.Dialer) (*SOCKS5, error) {
}
addr := u.Host
- var user, pass string
- if u.User != nil {
- user = u.User.Username()
- pass, _ = u.User.Password()
- }
+ user := u.User.Username()
+ pass, _ := u.User.Password()
h := &SOCKS5{
dialer: dialer,
diff --git a/proxy/ss/ss.go b/proxy/ss/ss.go
index 39cd62e..d6cd52a 100644
--- a/proxy/ss/ss.go
+++ b/proxy/ss/ss.go
@@ -38,11 +38,8 @@ func NewSS(s string, dialer proxy.Dialer) (*SS, error) {
}
addr := u.Host
- var method, pass string
- if u.User != nil {
- method = u.User.Username()
- pass, _ = u.User.Password()
- }
+ method := u.User.Username()
+ pass, _ := u.User.Password()
ciph, err := core.PickCipher(method, nil, pass)
if err != nil {
diff --git a/proxy/ssr/ssr.go b/proxy/ssr/ssr.go
index a92e18b..34e0cb7 100644
--- a/proxy/ssr/ssr.go
+++ b/proxy/ssr/ssr.go
@@ -45,11 +45,8 @@ func NewSSR(s string, dialer proxy.Dialer) (*SSR, error) {
}
addr := u.Host
- var method, pass string
- if u.User != nil {
- method = u.User.Username()
- pass, _ = u.User.Password()
- }
+ method := u.User.Username()
+ pass, _ := u.User.Password()
p := &SSR{
dialer: dialer,
diff --git a/proxy/vmess/vmess.go b/proxy/vmess/vmess.go
index 6e85886..6e46481 100644
--- a/proxy/vmess/vmess.go
+++ b/proxy/vmess/vmess.go
@@ -27,7 +27,6 @@ func init() {
}
// NewVMess returns a vmess proxy.
-// vmess://security:uuid@host:port?alertID=num
func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
u, err := url.Parse(s)
if err != nil {
@@ -36,21 +35,19 @@ func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
}
addr := u.Host
-
- var security, uuid string
- if u.User != nil {
- security = u.User.Username()
- }
-
+ security := u.User.Username()
uuid, ok := u.User.Password()
if !ok {
- // vmess://uuid@host:port?alertID=num, no security specified
+ // no security type specified, vmess://uuid@server
uuid = security
security = ""
}
query := u.Query()
aid := query.Get("alterID")
+ if aid == "" {
+ aid = "0"
+ }
alterID, err := strconv.ParseUint(aid, 10, 32)
if err != nil {
From 3c766d0b682b41d63d1e60b503c99c2c7939d988 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 7 Jul 2018 11:07:38 +0800
Subject: [PATCH 192/341] general: add vendor folder
---
proxy/vmess/addr.go | 26 +-
proxy/vmess/chunk.go | 3 +
proxy/vmess/client.go | 11 +-
vendor/github.com/Yawning/chacha20/LICENSE | 122 +
vendor/github.com/Yawning/chacha20/README.md | 14 +
.../github.com/Yawning/chacha20/chacha20.go | 273 ++
.../Yawning/chacha20/chacha20_amd64.go | 95 +
.../Yawning/chacha20/chacha20_amd64.py | 1295 ++++++++
.../Yawning/chacha20/chacha20_amd64.s | 1180 ++++++++
.../Yawning/chacha20/chacha20_ref.go | 394 +++
.../Yawning/chacha20/chacha20_ref_go19.go | 395 +++
.../dgryski/go-camellia/camellia.go | 368 +++
.../dgryski/go-camellia/t_camellia.pl | 58 +
vendor/github.com/dgryski/go-idea/idea.go | 250 ++
vendor/github.com/dgryski/go-rc2/LICENSE | 21 +
vendor/github.com/dgryski/go-rc2/rc2.go | 284 ++
vendor/github.com/nadoo/conflag/LICENSE | 674 +++++
vendor/github.com/nadoo/conflag/README.md | 111 +
vendor/github.com/nadoo/conflag/conflag.go | 151 +
.../github.com/nadoo/conflag/string_slice.go | 47 +
.../nadoo/conflag/string_slice_uniq.go | 51 +
.../shadowsocks/go-shadowsocks2/LICENSE | 202 ++
.../go-shadowsocks2/core/cipher.go | 144 +
.../shadowsocks/go-shadowsocks2/core/doc.go | 2 +
.../go-shadowsocks2/core/packet.go | 8 +
.../go-shadowsocks2/core/stream.go | 23 +
.../go-shadowsocks2/shadowaead/cipher.go | 83 +
.../go-shadowsocks2/shadowaead/doc.go | 35 +
.../go-shadowsocks2/shadowaead/packet.go | 93 +
.../go-shadowsocks2/shadowaead/stream.go | 270 ++
.../go-shadowsocks2/shadowstream/cipher.go | 91 +
.../go-shadowsocks2/shadowstream/doc.go | 2 +
.../go-shadowsocks2/shadowstream/packet.go | 76 +
.../go-shadowsocks2/shadowstream/stream.go | 171 ++
.../sun8911879/shadowsocksR/LICENSE | 21 +
.../sun8911879/shadowsocksR/README.md | 84 +
.../sun8911879/shadowsocksR/client.go | 61 +
.../sun8911879/shadowsocksR/encrypt.go | 296 ++
.../sun8911879/shadowsocksR/obfs/base.go | 35 +
.../sun8911879/shadowsocksR/obfs/http_post.go | 19 +
.../shadowsocksR/obfs/http_simple.go | 178 ++
.../sun8911879/shadowsocksR/obfs/plain.go | 42 +
.../shadowsocksR/obfs/random_head.go | 79 +
.../shadowsocksR/obfs/tls12_ticket_auth.go | 279 ++
.../shadowsocksR/protocol/auth_aes128_md5.go | 282 ++
.../shadowsocksR/protocol/auth_aes128_sha1.go | 28 +
.../shadowsocksR/protocol/auth_sha1_v4.go | 232 ++
.../sun8911879/shadowsocksR/protocol/base.go | 39 +
.../shadowsocksR/protocol/origin.go | 42 +
.../shadowsocksR/protocol/verify_sha1.go | 101 +
.../sun8911879/shadowsocksR/ssr/adler32.go | 31 +
.../sun8911879/shadowsocksR/ssr/crc32.go | 52 +
.../sun8911879/shadowsocksR/ssr/obfs.go | 55 +
.../github.com/sun8911879/shadowsocksR/tcp.go | 251 ++
.../sun8911879/shadowsocksR/tools/encrypt.go | 51 +
.../shadowsocksR/tools/leakybuf/leakybuf.go | 47 +
vendor/golang.org/x/crypto/LICENSE | 27 +
vendor/golang.org/x/crypto/PATENTS | 22 +
vendor/golang.org/x/crypto/blowfish/block.go | 159 +
vendor/golang.org/x/crypto/blowfish/cipher.go | 91 +
vendor/golang.org/x/crypto/blowfish/const.go | 199 ++
vendor/golang.org/x/crypto/cast5/cast5.go | 526 ++++
.../chacha20poly1305/chacha20poly1305.go | 91 +
.../chacha20poly1305_amd64.go | 80 +
.../chacha20poly1305/chacha20poly1305_amd64.s | 2695 +++++++++++++++++
.../chacha20poly1305_generic.go | 74 +
.../chacha20poly1305_noasm.go | 15 +
vendor/golang.org/x/crypto/hkdf/hkdf.go | 75 +
.../x/crypto/internal/chacha20/asm_s390x.s | 283 ++
.../internal/chacha20/chacha_generic.go | 227 ++
.../crypto/internal/chacha20/chacha_noasm.go | 16 +
.../crypto/internal/chacha20/chacha_s390x.go | 30 +
.../x/crypto/internal/chacha20/xor.go | 43 +
.../golang.org/x/crypto/poly1305/poly1305.go | 33 +
.../golang.org/x/crypto/poly1305/sum_amd64.go | 22 +
.../golang.org/x/crypto/poly1305/sum_amd64.s | 125 +
.../golang.org/x/crypto/poly1305/sum_arm.go | 22 +
vendor/golang.org/x/crypto/poly1305/sum_arm.s | 427 +++
.../golang.org/x/crypto/poly1305/sum_noasm.go | 14 +
.../golang.org/x/crypto/poly1305/sum_ref.go | 139 +
.../golang.org/x/crypto/poly1305/sum_s390x.go | 49 +
.../golang.org/x/crypto/poly1305/sum_s390x.s | 400 +++
.../x/crypto/poly1305/sum_vmsl_s390x.s | 931 ++++++
.../x/crypto/salsa20/salsa/hsalsa20.go | 144 +
.../x/crypto/salsa20/salsa/salsa2020_amd64.s | 889 ++++++
.../x/crypto/salsa20/salsa/salsa208.go | 199 ++
.../x/crypto/salsa20/salsa/salsa20_amd64.go | 24 +
.../x/crypto/salsa20/salsa/salsa20_ref.go | 234 ++
vendor/golang.org/x/sys/LICENSE | 27 +
vendor/golang.org/x/sys/PATENTS | 22 +
vendor/golang.org/x/sys/cpu/cpu.go | 38 +
vendor/golang.org/x/sys/cpu/cpu_arm.go | 7 +
vendor/golang.org/x/sys/cpu/cpu_arm64.go | 7 +
vendor/golang.org/x/sys/cpu/cpu_gc_x86.go | 16 +
vendor/golang.org/x/sys/cpu/cpu_gccgo.c | 43 +
vendor/golang.org/x/sys/cpu/cpu_gccgo.go | 26 +
vendor/golang.org/x/sys/cpu/cpu_mips64x.go | 9 +
vendor/golang.org/x/sys/cpu/cpu_mipsx.go | 9 +
vendor/golang.org/x/sys/cpu/cpu_ppc64x.go | 9 +
vendor/golang.org/x/sys/cpu/cpu_s390x.go | 7 +
vendor/golang.org/x/sys/cpu/cpu_x86.go | 55 +
vendor/golang.org/x/sys/cpu/cpu_x86.s | 27 +
vendor/vendor.json | 145 +
103 files changed, 18061 insertions(+), 19 deletions(-)
create mode 100644 proxy/vmess/chunk.go
create mode 100644 vendor/github.com/Yawning/chacha20/LICENSE
create mode 100644 vendor/github.com/Yawning/chacha20/README.md
create mode 100644 vendor/github.com/Yawning/chacha20/chacha20.go
create mode 100644 vendor/github.com/Yawning/chacha20/chacha20_amd64.go
create mode 100644 vendor/github.com/Yawning/chacha20/chacha20_amd64.py
create mode 100644 vendor/github.com/Yawning/chacha20/chacha20_amd64.s
create mode 100644 vendor/github.com/Yawning/chacha20/chacha20_ref.go
create mode 100644 vendor/github.com/Yawning/chacha20/chacha20_ref_go19.go
create mode 100644 vendor/github.com/dgryski/go-camellia/camellia.go
create mode 100644 vendor/github.com/dgryski/go-camellia/t_camellia.pl
create mode 100644 vendor/github.com/dgryski/go-idea/idea.go
create mode 100644 vendor/github.com/dgryski/go-rc2/LICENSE
create mode 100644 vendor/github.com/dgryski/go-rc2/rc2.go
create mode 100644 vendor/github.com/nadoo/conflag/LICENSE
create mode 100644 vendor/github.com/nadoo/conflag/README.md
create mode 100644 vendor/github.com/nadoo/conflag/conflag.go
create mode 100644 vendor/github.com/nadoo/conflag/string_slice.go
create mode 100644 vendor/github.com/nadoo/conflag/string_slice_uniq.go
create mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/LICENSE
create mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/core/cipher.go
create mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/core/doc.go
create mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/core/packet.go
create mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/core/stream.go
create mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/cipher.go
create mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/doc.go
create mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/packet.go
create mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/stream.go
create mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/cipher.go
create mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/doc.go
create mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/packet.go
create mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/stream.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/LICENSE
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/README.md
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/client.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/encrypt.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/base.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/http_post.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/http_simple.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/plain.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/random_head.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/tls12_ticket_auth.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_md5.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_sha1.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/auth_sha1_v4.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/base.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/origin.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/verify_sha1.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/ssr/adler32.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/ssr/crc32.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/ssr/obfs.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/tcp.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/tools/encrypt.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/tools/leakybuf/leakybuf.go
create mode 100644 vendor/golang.org/x/crypto/LICENSE
create mode 100644 vendor/golang.org/x/crypto/PATENTS
create mode 100644 vendor/golang.org/x/crypto/blowfish/block.go
create mode 100644 vendor/golang.org/x/crypto/blowfish/cipher.go
create mode 100644 vendor/golang.org/x/crypto/blowfish/const.go
create mode 100644 vendor/golang.org/x/crypto/cast5/cast5.go
create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
create mode 100644 vendor/golang.org/x/crypto/hkdf/hkdf.go
create mode 100644 vendor/golang.org/x/crypto/internal/chacha20/asm_s390x.s
create mode 100644 vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go
create mode 100644 vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
create mode 100644 vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go
create mode 100644 vendor/golang.org/x/crypto/internal/chacha20/xor.go
create mode 100644 vendor/golang.org/x/crypto/poly1305/poly1305.go
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_amd64.go
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_amd64.s
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_arm.go
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_arm.s
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_noasm.go
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_ref.go
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_s390x.go
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_s390x.s
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s
create mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go
create mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa2020_amd64.s
create mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go
create mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
create mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go
create mode 100644 vendor/golang.org/x/sys/LICENSE
create mode 100644 vendor/golang.org/x/sys/PATENTS
create mode 100644 vendor/golang.org/x/sys/cpu/cpu.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_arm.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_arm64.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_gccgo.c
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_gccgo.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_mips64x.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_mipsx.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_s390x.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_x86.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_x86.s
create mode 100644 vendor/vendor.json
diff --git a/proxy/vmess/addr.go b/proxy/vmess/addr.go
index d89f963..dfc494d 100644
--- a/proxy/vmess/addr.go
+++ b/proxy/vmess/addr.go
@@ -5,15 +5,15 @@ import (
"strconv"
)
-// AType is vmess addr type
-type AType byte
+// Atyp is vmess addr type
+type Atyp byte
// Atyp
const (
- ATypeErr AType = 0
- ATypeIP4 AType = 1
- ATypeDomain AType = 2
- ATypeIP6 AType = 3
+ AtypErr Atyp = 0
+ AtypIP4 Atyp = 1
+ AtypDomain Atyp = 2
+ AtypIP6 Atyp = 3
)
// Addr is vmess addr
@@ -22,9 +22,9 @@ type Addr []byte
// Port is vmess addr port
type Port uint16
-// ParseAddr parses the address in string s. return AType = 0 if error.
-func ParseAddr(s string) (AType, Addr, Port, error) {
- var atype AType
+// ParseAddr parses the address in string s
+func ParseAddr(s string) (Atyp, Addr, Port, error) {
+ var atyp Atyp
var addr Addr
host, port, err := net.SplitHostPort(s)
@@ -35,11 +35,11 @@ func ParseAddr(s string) (AType, Addr, Port, error) {
if ip := net.ParseIP(host); ip != nil {
if ip4 := ip.To4(); ip4 != nil {
addr = make([]byte, net.IPv4len)
- atype = ATypeIP4
+ atyp = AtypIP4
copy(addr[:], ip4)
} else {
addr = make([]byte, net.IPv6len)
- atype = ATypeIP6
+ atyp = AtypIP6
copy(addr[:], ip)
}
} else {
@@ -47,7 +47,7 @@ func ParseAddr(s string) (AType, Addr, Port, error) {
return 0, nil, 0, err
}
addr = make([]byte, 1+len(host))
- atype = ATypeDomain
+ atyp = AtypDomain
addr[0] = byte(len(host))
copy(addr[1:], host)
}
@@ -57,5 +57,5 @@ func ParseAddr(s string) (AType, Addr, Port, error) {
return 0, nil, 0, err
}
- return atype, addr, Port(portnum), err
+ return atyp, addr, Port(portnum), err
}
diff --git a/proxy/vmess/chunk.go b/proxy/vmess/chunk.go
new file mode 100644
index 0000000..233540c
--- /dev/null
+++ b/proxy/vmess/chunk.go
@@ -0,0 +1,3 @@
+package vmess
+
+// chunk: plain, AES-128-CFB, AES-128-GCM, ChaCha20-Poly1305
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
index 251df63..17e44e0 100644
--- a/proxy/vmess/client.go
+++ b/proxy/vmess/client.go
@@ -51,9 +51,9 @@ type Conn struct {
user *User
security byte
- atype AType
- addr Addr
- port Port
+ atyp Atyp
+ addr Addr
+ port Port
reqBodyIV [16]byte
reqBodyKey [16]byte
@@ -99,7 +99,7 @@ func (c *Client) NewConn(rc net.Conn, target string) (*Conn, error) {
conn := &Conn{user: c.users[r], security: c.security}
var err error
- conn.atype, conn.addr, conn.port, err = ParseAddr(target)
+ conn.atyp, conn.addr, conn.port, err = ParseAddr(target)
if err != nil {
return nil, err
}
@@ -161,7 +161,7 @@ func (c *Conn) EncodeRequest() ([]byte, error) {
// target
binary.Write(buf, binary.BigEndian, uint16(c.port)) // port
- buf.WriteByte(byte(c.atype)) // atype
+ buf.WriteByte(byte(c.atyp)) // atyp
buf.Write(c.addr) // addr
// padding
@@ -211,7 +211,6 @@ func (c *Conn) DecodeRespHeader() error {
c.connected = true
return nil
-
}
func (c *Conn) Read(b []byte) (n int, err error) {
diff --git a/vendor/github.com/Yawning/chacha20/LICENSE b/vendor/github.com/Yawning/chacha20/LICENSE
new file mode 100644
index 0000000..6ca207e
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/LICENSE
@@ -0,0 +1,122 @@
+Creative Commons Legal Code
+
+CC0 1.0 Universal
+
+ CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
+ LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
+ ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
+ INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
+ REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
+ PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
+ THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
+ HEREUNDER.
+
+Statement of Purpose
+
+The laws of most jurisdictions throughout the world automatically confer
+exclusive Copyright and Related Rights (defined below) upon the creator
+and subsequent owner(s) (each and all, an "owner") of an original work of
+authorship and/or a database (each, a "Work").
+
+Certain owners wish to permanently relinquish those rights to a Work for
+the purpose of contributing to a commons of creative, cultural and
+scientific works ("Commons") that the public can reliably and without fear
+of later claims of infringement build upon, modify, incorporate in other
+works, reuse and redistribute as freely as possible in any form whatsoever
+and for any purposes, including without limitation commercial purposes.
+These owners may contribute to the Commons to promote the ideal of a free
+culture and the further production of creative, cultural and scientific
+works, or to gain reputation or greater distribution for their Work in
+part through the use and efforts of others.
+
+For these and/or other purposes and motivations, and without any
+expectation of additional consideration or compensation, the person
+associating CC0 with a Work (the "Affirmer"), to the extent that he or she
+is an owner of Copyright and Related Rights in the Work, voluntarily
+elects to apply CC0 to the Work and publicly distribute the Work under its
+terms, with knowledge of his or her Copyright and Related Rights in the
+Work and the meaning and intended legal effect of CC0 on those rights.
+
+1. Copyright and Related Rights. A Work made available under CC0 may be
+protected by copyright and related or neighboring rights ("Copyright and
+Related Rights"). Copyright and Related Rights include, but are not
+limited to, the following:
+
+ i. the right to reproduce, adapt, distribute, perform, display,
+ communicate, and translate a Work;
+ ii. moral rights retained by the original author(s) and/or performer(s);
+iii. publicity and privacy rights pertaining to a person's image or
+ likeness depicted in a Work;
+ iv. rights protecting against unfair competition in regards to a Work,
+ subject to the limitations in paragraph 4(a), below;
+ v. rights protecting the extraction, dissemination, use and reuse of data
+ in a Work;
+ vi. database rights (such as those arising under Directive 96/9/EC of the
+ European Parliament and of the Council of 11 March 1996 on the legal
+ protection of databases, and under any national implementation
+ thereof, including any amended or successor version of such
+ directive); and
+vii. other similar, equivalent or corresponding rights throughout the
+ world based on applicable law or treaty, and any national
+ implementations thereof.
+
+2. Waiver. To the greatest extent permitted by, but not in contravention
+of, applicable law, Affirmer hereby overtly, fully, permanently,
+irrevocably and unconditionally waives, abandons, and surrenders all of
+Affirmer's Copyright and Related Rights and associated claims and causes
+of action, whether now known or unknown (including existing as well as
+future claims and causes of action), in the Work (i) in all territories
+worldwide, (ii) for the maximum duration provided by applicable law or
+treaty (including future time extensions), (iii) in any current or future
+medium and for any number of copies, and (iv) for any purpose whatsoever,
+including without limitation commercial, advertising or promotional
+purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
+member of the public at large and to the detriment of Affirmer's heirs and
+successors, fully intending that such Waiver shall not be subject to
+revocation, rescission, cancellation, termination, or any other legal or
+equitable action to disrupt the quiet enjoyment of the Work by the public
+as contemplated by Affirmer's express Statement of Purpose.
+
+3. Public License Fallback. Should any part of the Waiver for any reason
+be judged legally invalid or ineffective under applicable law, then the
+Waiver shall be preserved to the maximum extent permitted taking into
+account Affirmer's express Statement of Purpose. In addition, to the
+extent the Waiver is so judged Affirmer hereby grants to each affected
+person a royalty-free, non transferable, non sublicensable, non exclusive,
+irrevocable and unconditional license to exercise Affirmer's Copyright and
+Related Rights in the Work (i) in all territories worldwide, (ii) for the
+maximum duration provided by applicable law or treaty (including future
+time extensions), (iii) in any current or future medium and for any number
+of copies, and (iv) for any purpose whatsoever, including without
+limitation commercial, advertising or promotional purposes (the
+"License"). The License shall be deemed effective as of the date CC0 was
+applied by Affirmer to the Work. Should any part of the License for any
+reason be judged legally invalid or ineffective under applicable law, such
+partial invalidity or ineffectiveness shall not invalidate the remainder
+of the License, and in such case Affirmer hereby affirms that he or she
+will not (i) exercise any of his or her remaining Copyright and Related
+Rights in the Work or (ii) assert any associated claims and causes of
+action with respect to the Work, in either case contrary to Affirmer's
+express Statement of Purpose.
+
+4. Limitations and Disclaimers.
+
+ a. No trademark or patent rights held by Affirmer are waived, abandoned,
+ surrendered, licensed or otherwise affected by this document.
+ b. Affirmer offers the Work as-is and makes no representations or
+ warranties of any kind concerning the Work, express, implied,
+ statutory or otherwise, including without limitation warranties of
+ title, merchantability, fitness for a particular purpose, non
+ infringement, or the absence of latent or other defects, accuracy, or
+ the present or absence of errors, whether or not discoverable, all to
+ the greatest extent permissible under applicable law.
+ c. Affirmer disclaims responsibility for clearing rights of other persons
+ that may apply to the Work or any use thereof, including without
+ limitation any person's Copyright and Related Rights in the Work.
+ Further, Affirmer disclaims responsibility for obtaining any necessary
+ consents, permissions or other rights required for any use of the
+ Work.
+ d. Affirmer understands and acknowledges that Creative Commons is not a
+ party to this document and has no duty or obligation with respect to
+ this CC0 or use of the Work.
+
diff --git a/vendor/github.com/Yawning/chacha20/README.md b/vendor/github.com/Yawning/chacha20/README.md
new file mode 100644
index 0000000..9080a84
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/README.md
@@ -0,0 +1,14 @@
+### chacha20 - ChaCha20
+#### Yawning Angel (yawning at schwanenlied dot me)
+
+Yet another Go ChaCha20 implementation. Everything else I found was slow,
+didn't support all the variants I need to use, or relied on cgo to go fast.
+
+Features:
+
+ * 20 round, 256 bit key only. Everything else is pointless and stupid.
+ * IETF 96 bit nonce variant.
+ * XChaCha 24 byte nonce variant.
+ * SSE2 and AVX2 support on amd64 targets.
+ * Incremental encrypt/decrypt support, unlike golang.org/x/crypto/salsa20.
+
diff --git a/vendor/github.com/Yawning/chacha20/chacha20.go b/vendor/github.com/Yawning/chacha20/chacha20.go
new file mode 100644
index 0000000..07d5e4b
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/chacha20.go
@@ -0,0 +1,273 @@
+// chacha20.go - A ChaCha stream cipher implementation.
+//
+// To the extent possible under law, Yawning Angel has waived all copyright
+// and related or neighboring rights to chacha20, using the Creative
+// Commons "CC0" public domain dedication. See LICENSE or
+// for full details.
+
+package chacha20
+
+import (
+ "crypto/cipher"
+ "encoding/binary"
+ "errors"
+ "math"
+ "runtime"
+)
+
+const (
+ // KeySize is the ChaCha20 key size in bytes.
+ KeySize = 32
+
+ // NonceSize is the ChaCha20 nonce size in bytes.
+ NonceSize = 8
+
+ // INonceSize is the IETF ChaCha20 nonce size in bytes.
+ INonceSize = 12
+
+ // XNonceSize is the XChaCha20 nonce size in bytes.
+ XNonceSize = 24
+
+ // HNonceSize is the HChaCha20 nonce size in bytes.
+ HNonceSize = 16
+
+ // BlockSize is the ChaCha20 block size in bytes.
+ BlockSize = 64
+
+ stateSize = 16
+ chachaRounds = 20
+
+ // The constant "expand 32-byte k" as little endian uint32s.
+ sigma0 = uint32(0x61707865)
+ sigma1 = uint32(0x3320646e)
+ sigma2 = uint32(0x79622d32)
+ sigma3 = uint32(0x6b206574)
+)
+
+var (
+ // ErrInvalidKey is the error returned when the key is invalid.
+ ErrInvalidKey = errors.New("key length must be KeySize bytes")
+
+ // ErrInvalidNonce is the error returned when the nonce is invalid.
+ ErrInvalidNonce = errors.New("nonce length must be NonceSize/INonceSize/XNonceSize bytes")
+
+ // ErrInvalidCounter is the error returned when the counter is invalid.
+ ErrInvalidCounter = errors.New("block counter is invalid (out of range)")
+
+ useUnsafe = false
+ usingVectors = false
+ blocksFn = blocksRef
+)
+
+// A Cipher is an instance of ChaCha20/XChaCha20 using a particular key and
+// nonce.
+type Cipher struct {
+ state [stateSize]uint32
+
+ buf [BlockSize]byte
+ off int
+ ietf bool
+}
+
+// Reset zeros the key data so that it will no longer appear in the process's
+// memory.
+func (c *Cipher) Reset() {
+ for i := range c.state {
+ c.state[i] = 0
+ }
+ for i := range c.buf {
+ c.buf[i] = 0
+ }
+}
+
+// XORKeyStream sets dst to the result of XORing src with the key stream. Dst
+// and src may be the same slice but otherwise should not overlap.
+func (c *Cipher) XORKeyStream(dst, src []byte) {
+ if len(dst) < len(src) {
+ src = src[:len(dst)]
+ }
+
+ for remaining := len(src); remaining > 0; {
+ // Process multiple blocks at once.
+ if c.off == BlockSize {
+ nrBlocks := remaining / BlockSize
+ directBytes := nrBlocks * BlockSize
+ if nrBlocks > 0 {
+ blocksFn(&c.state, src, dst, nrBlocks, c.ietf)
+ remaining -= directBytes
+ if remaining == 0 {
+ return
+ }
+ dst = dst[directBytes:]
+ src = src[directBytes:]
+ }
+
+ // If there's a partial block, generate 1 block of keystream into
+ // the internal buffer.
+ blocksFn(&c.state, nil, c.buf[:], 1, c.ietf)
+ c.off = 0
+ }
+
+ // Process partial blocks from the buffered keystream.
+ toXor := BlockSize - c.off
+ if remaining < toXor {
+ toXor = remaining
+ }
+ if toXor > 0 {
+ for i, v := range src[:toXor] {
+ dst[i] = v ^ c.buf[c.off+i]
+ }
+ dst = dst[toXor:]
+ src = src[toXor:]
+
+ remaining -= toXor
+ c.off += toXor
+ }
+ }
+}
+
+// KeyStream sets dst to the raw keystream.
+func (c *Cipher) KeyStream(dst []byte) {
+ for remaining := len(dst); remaining > 0; {
+ // Process multiple blocks at once.
+ if c.off == BlockSize {
+ nrBlocks := remaining / BlockSize
+ directBytes := nrBlocks * BlockSize
+ if nrBlocks > 0 {
+ blocksFn(&c.state, nil, dst, nrBlocks, c.ietf)
+ remaining -= directBytes
+ if remaining == 0 {
+ return
+ }
+ dst = dst[directBytes:]
+ }
+
+ // If there's a partial block, generate 1 block of keystream into
+ // the internal buffer.
+ blocksFn(&c.state, nil, c.buf[:], 1, c.ietf)
+ c.off = 0
+ }
+
+ // Process partial blocks from the buffered keystream.
+ toCopy := BlockSize - c.off
+ if remaining < toCopy {
+ toCopy = remaining
+ }
+ if toCopy > 0 {
+ copy(dst[:toCopy], c.buf[c.off:c.off+toCopy])
+ dst = dst[toCopy:]
+ remaining -= toCopy
+ c.off += toCopy
+ }
+ }
+}
+
+// ReKey reinitializes the ChaCha20/XChaCha20 instance with the provided key
+// and nonce.
+func (c *Cipher) ReKey(key, nonce []byte) error {
+ if len(key) != KeySize {
+ return ErrInvalidKey
+ }
+
+ switch len(nonce) {
+ case NonceSize:
+ case INonceSize:
+ case XNonceSize:
+ var subkey [KeySize]byte
+ var subnonce [HNonceSize]byte
+ copy(subnonce[:], nonce[0:16])
+ HChaCha(key, &subnonce, &subkey)
+ key = subkey[:]
+ nonce = nonce[16:24]
+ defer func() {
+ for i := range subkey {
+ subkey[i] = 0
+ }
+ }()
+ default:
+ return ErrInvalidNonce
+ }
+
+ c.Reset()
+ c.state[0] = sigma0
+ c.state[1] = sigma1
+ c.state[2] = sigma2
+ c.state[3] = sigma3
+ c.state[4] = binary.LittleEndian.Uint32(key[0:4])
+ c.state[5] = binary.LittleEndian.Uint32(key[4:8])
+ c.state[6] = binary.LittleEndian.Uint32(key[8:12])
+ c.state[7] = binary.LittleEndian.Uint32(key[12:16])
+ c.state[8] = binary.LittleEndian.Uint32(key[16:20])
+ c.state[9] = binary.LittleEndian.Uint32(key[20:24])
+ c.state[10] = binary.LittleEndian.Uint32(key[24:28])
+ c.state[11] = binary.LittleEndian.Uint32(key[28:32])
+ c.state[12] = 0
+ if len(nonce) == INonceSize {
+ c.state[13] = binary.LittleEndian.Uint32(nonce[0:4])
+ c.state[14] = binary.LittleEndian.Uint32(nonce[4:8])
+ c.state[15] = binary.LittleEndian.Uint32(nonce[8:12])
+ c.ietf = true
+ } else {
+ c.state[13] = 0
+ c.state[14] = binary.LittleEndian.Uint32(nonce[0:4])
+ c.state[15] = binary.LittleEndian.Uint32(nonce[4:8])
+ c.ietf = false
+ }
+ c.off = BlockSize
+ return nil
+
+}
+
+// Seek sets the block counter to a given offset.
+func (c *Cipher) Seek(blockCounter uint64) error {
+ if c.ietf {
+ if blockCounter > math.MaxUint32 {
+ return ErrInvalidCounter
+ }
+ c.state[12] = uint32(blockCounter)
+ } else {
+ c.state[12] = uint32(blockCounter)
+ c.state[13] = uint32(blockCounter >> 32)
+ }
+ c.off = BlockSize
+ return nil
+}
+
+// NewCipher returns a new ChaCha20/XChaCha20 instance.
+func NewCipher(key, nonce []byte) (*Cipher, error) {
+ c := new(Cipher)
+ if err := c.ReKey(key, nonce); err != nil {
+ return nil, err
+ }
+ return c, nil
+}
+
+// HChaCha is the HChaCha20 hash function used to make XChaCha.
+func HChaCha(key []byte, nonce *[HNonceSize]byte, out *[32]byte) {
+ var x [stateSize]uint32 // Last 4 slots unused, sigma hardcoded.
+ x[0] = binary.LittleEndian.Uint32(key[0:4])
+ x[1] = binary.LittleEndian.Uint32(key[4:8])
+ x[2] = binary.LittleEndian.Uint32(key[8:12])
+ x[3] = binary.LittleEndian.Uint32(key[12:16])
+ x[4] = binary.LittleEndian.Uint32(key[16:20])
+ x[5] = binary.LittleEndian.Uint32(key[20:24])
+ x[6] = binary.LittleEndian.Uint32(key[24:28])
+ x[7] = binary.LittleEndian.Uint32(key[28:32])
+ x[8] = binary.LittleEndian.Uint32(nonce[0:4])
+ x[9] = binary.LittleEndian.Uint32(nonce[4:8])
+ x[10] = binary.LittleEndian.Uint32(nonce[8:12])
+ x[11] = binary.LittleEndian.Uint32(nonce[12:16])
+ hChaChaRef(&x, out)
+}
+
+func init() {
+ switch runtime.GOARCH {
+ case "386", "amd64":
+ // Abuse unsafe to skip calling binary.LittleEndian.PutUint32
+ // in the critical path. This is a big boost on systems that are
+ // little endian and not overly picky about alignment.
+ useUnsafe = true
+ }
+}
+
+var _ cipher.Stream = (*Cipher)(nil)
diff --git a/vendor/github.com/Yawning/chacha20/chacha20_amd64.go b/vendor/github.com/Yawning/chacha20/chacha20_amd64.go
new file mode 100644
index 0000000..05adad1
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/chacha20_amd64.go
@@ -0,0 +1,95 @@
+// chacha20_amd64.go - AMD64 optimized chacha20.
+//
+// To the extent possible under law, Yawning Angel has waived all copyright
+// and related or neighboring rights to chacha20, using the Creative
+// Commons "CC0" public domain dedication. See LICENSE or
+// for full details.
+
+// +build amd64,!gccgo,!appengine
+
+package chacha20
+
+import (
+ "math"
+)
+
+var usingAVX2 = false
+
+func blocksAmd64SSE2(x *uint32, inp, outp *byte, nrBlocks uint)
+
+func blocksAmd64AVX2(x *uint32, inp, outp *byte, nrBlocks uint)
+
+func cpuidAmd64(cpuidParams *uint32)
+
+func xgetbv0Amd64(xcrVec *uint32)
+
+func blocksAmd64(x *[stateSize]uint32, in []byte, out []byte, nrBlocks int, isIetf bool) {
+ // Probably unneeded, but stating this explicitly simplifies the assembly.
+ if nrBlocks == 0 {
+ return
+ }
+
+ if isIetf {
+ var totalBlocks uint64
+ totalBlocks = uint64(x[12]) + uint64(nrBlocks)
+ if totalBlocks > math.MaxUint32 {
+ panic("chacha20: Exceeded keystream per nonce limit")
+ }
+ }
+
+ if in == nil {
+ for i := range out {
+ out[i] = 0
+ }
+ in = out
+ }
+
+ // Pointless to call the AVX2 code for just a single block, since half of
+ // the output gets discarded...
+ if usingAVX2 && nrBlocks > 1 {
+ blocksAmd64AVX2(&x[0], &in[0], &out[0], uint(nrBlocks))
+ } else {
+ blocksAmd64SSE2(&x[0], &in[0], &out[0], uint(nrBlocks))
+ }
+}
+
+func supportsAVX2() bool {
+ // https://software.intel.com/en-us/articles/how-to-detect-new-instruction-support-in-the-4th-generation-intel-core-processor-family
+ const (
+ osXsaveBit = 1 << 27
+ avx2Bit = 1 << 5
+ )
+
+ // Check to see if CPUID actually supports the leaf that indicates AVX2.
+ // CPUID.(EAX=0H, ECX=0H) >= 7
+ regs := [4]uint32{0x00}
+ cpuidAmd64(®s[0])
+ if regs[0] < 7 {
+ return false
+ }
+
+ // Check to see if the OS knows how to save/restore XMM/YMM state.
+ // CPUID.(EAX=01H, ECX=0H):ECX.OSXSAVE[bit 27]==1
+ regs = [4]uint32{0x01}
+ cpuidAmd64(®s[0])
+ if regs[2]&osXsaveBit == 0 {
+ return false
+ }
+ xcrRegs := [2]uint32{}
+ xgetbv0Amd64(&xcrRegs[0])
+ if xcrRegs[0]&6 != 6 {
+ return false
+ }
+
+ // Check for AVX2 support.
+ // CPUID.(EAX=07H, ECX=0H):EBX.AVX2[bit 5]==1
+ regs = [4]uint32{0x07}
+ cpuidAmd64(®s[0])
+ return regs[1]&avx2Bit != 0
+}
+
+func init() {
+ blocksFn = blocksAmd64
+ usingVectors = true
+ usingAVX2 = supportsAVX2()
+}
diff --git a/vendor/github.com/Yawning/chacha20/chacha20_amd64.py b/vendor/github.com/Yawning/chacha20/chacha20_amd64.py
new file mode 100644
index 0000000..3bfebf4
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/chacha20_amd64.py
@@ -0,0 +1,1295 @@
+#!/usr/bin/env python3
+#
+# To the extent possible under law, Yawning Angel has waived all copyright
+# and related or neighboring rights to chacha20, using the Creative
+# Commons "CC0" public domain dedication. See LICENSE or
+# for full details.
+
+#
+# cgo sucks. Plan 9 assembly sucks. Real languages have SIMD intrinsics.
+# The least terrible/retarded option is to use a Python code generator, so
+# that's what I did.
+#
+# Code based on Ted Krovetz's vec128 C implementation, with corrections
+# to use a 64 bit counter instead of 32 bit, and to allow unaligned input and
+# output pointers.
+#
+# Dependencies: https://github.com/Maratyszcza/PeachPy
+#
+# python3 -m peachpy.x86_64 -mabi=goasm -S -o chacha20_amd64.s chacha20_amd64.py
+#
+
+from peachpy import *
+from peachpy.x86_64 import *
+
+x = Argument(ptr(uint32_t))
+inp = Argument(ptr(const_uint8_t))
+outp = Argument(ptr(uint8_t))
+nrBlocks = Argument(ptr(size_t))
+
+#
+# SSE2 helper functions. A temporary register is explicitly passed in because
+# the main fast loop uses every single register (and even spills) so manual
+# control is needed.
+#
+# This used to also have a DQROUNDS helper that did 2 rounds of ChaCha like
+# in the C code, but the C code has the luxury of an optimizer reordering
+# everything, while this does not.
+#
+
+def ROTW16_sse2(tmp, d):
+ MOVDQA(tmp, d)
+ PSLLD(tmp, 16)
+ PSRLD(d, 16)
+ PXOR(d, tmp)
+
+def ROTW12_sse2(tmp, b):
+ MOVDQA(tmp, b)
+ PSLLD(tmp, 12)
+ PSRLD(b, 20)
+ PXOR(b, tmp)
+
+def ROTW8_sse2(tmp, d):
+ MOVDQA(tmp, d)
+ PSLLD(tmp, 8)
+ PSRLD(d, 24)
+ PXOR(d, tmp)
+
+def ROTW7_sse2(tmp, b):
+ MOVDQA(tmp, b)
+ PSLLD(tmp, 7)
+ PSRLD(b, 25)
+ PXOR(b, tmp)
+
+def WriteXor_sse2(tmp, inp, outp, d, v0, v1, v2, v3):
+ MOVDQU(tmp, [inp+d])
+ PXOR(tmp, v0)
+ MOVDQU([outp+d], tmp)
+ MOVDQU(tmp, [inp+d+16])
+ PXOR(tmp, v1)
+ MOVDQU([outp+d+16], tmp)
+ MOVDQU(tmp, [inp+d+32])
+ PXOR(tmp, v2)
+ MOVDQU([outp+d+32], tmp)
+ MOVDQU(tmp, [inp+d+48])
+ PXOR(tmp, v3)
+ MOVDQU([outp+d+48], tmp)
+
+# SSE2 ChaCha20 (aka vec128). Does not handle partial blocks, and will
+# process 4/2/1 blocks at a time.
+with Function("blocksAmd64SSE2", (x, inp, outp, nrBlocks)):
+ reg_x = GeneralPurposeRegister64()
+ reg_inp = GeneralPurposeRegister64()
+ reg_outp = GeneralPurposeRegister64()
+ reg_blocks = GeneralPurposeRegister64()
+ reg_sp_save = GeneralPurposeRegister64()
+
+ LOAD.ARGUMENT(reg_x, x)
+ LOAD.ARGUMENT(reg_inp, inp)
+ LOAD.ARGUMENT(reg_outp, outp)
+ LOAD.ARGUMENT(reg_blocks, nrBlocks)
+
+ # Align the stack to a 32 byte boundary.
+ MOV(reg_sp_save, registers.rsp)
+ AND(registers.rsp, 0xffffffffffffffe0)
+ SUB(registers.rsp, 0x20)
+
+ # Build the counter increment vector on the stack, and allocate the scratch
+ # space
+ xmm_v0 = XMMRegister()
+ PXOR(xmm_v0, xmm_v0)
+ SUB(registers.rsp, 16+16)
+ MOVDQA([registers.rsp], xmm_v0)
+ reg_tmp = GeneralPurposeRegister32()
+ MOV(reg_tmp, 0x00000001)
+ MOV([registers.rsp], reg_tmp)
+ mem_one = [registers.rsp] # (Stack) Counter increment vector
+ mem_tmp0 = [registers.rsp+16] # (Stack) Scratch space.
+
+ mem_s0 = [reg_x] # (Memory) Cipher state [0..3]
+ mem_s1 = [reg_x+16] # (Memory) Cipher state [4..7]
+ mem_s2 = [reg_x+32] # (Memory) Cipher state [8..11]
+ mem_s3 = [reg_x+48] # (Memory) Cipher state [12..15]
+
+ # xmm_v0 allocated above...
+ xmm_v1 = XMMRegister()
+ xmm_v2 = XMMRegister()
+ xmm_v3 = XMMRegister()
+
+ xmm_v4 = XMMRegister()
+ xmm_v5 = XMMRegister()
+ xmm_v6 = XMMRegister()
+ xmm_v7 = XMMRegister()
+
+ xmm_v8 = XMMRegister()
+ xmm_v9 = XMMRegister()
+ xmm_v10 = XMMRegister()
+ xmm_v11 = XMMRegister()
+
+ xmm_v12 = XMMRegister()
+ xmm_v13 = XMMRegister()
+ xmm_v14 = XMMRegister()
+ xmm_v15 = XMMRegister()
+
+ xmm_tmp = xmm_v12
+
+ #
+ # 4 blocks at a time.
+ #
+
+ reg_rounds = GeneralPurposeRegister64()
+
+ vector_loop4 = Loop()
+ SUB(reg_blocks, 4)
+ JB(vector_loop4.end)
+ with vector_loop4:
+ MOVDQU(xmm_v0, mem_s0)
+ MOVDQU(xmm_v1, mem_s1)
+ MOVDQU(xmm_v2, mem_s2)
+ MOVDQU(xmm_v3, mem_s3)
+
+ MOVDQA(xmm_v4, xmm_v0)
+ MOVDQA(xmm_v5, xmm_v1)
+ MOVDQA(xmm_v6, xmm_v2)
+ MOVDQA(xmm_v7, xmm_v3)
+ PADDQ(xmm_v7, mem_one)
+
+ MOVDQA(xmm_v8, xmm_v0)
+ MOVDQA(xmm_v9, xmm_v1)
+ MOVDQA(xmm_v10, xmm_v2)
+ MOVDQA(xmm_v11, xmm_v7)
+ PADDQ(xmm_v11, mem_one)
+
+ MOVDQA(xmm_v12, xmm_v0)
+ MOVDQA(xmm_v13, xmm_v1)
+ MOVDQA(xmm_v14, xmm_v2)
+ MOVDQA(xmm_v15, xmm_v11)
+ PADDQ(xmm_v15, mem_one)
+
+ MOV(reg_rounds, 20)
+ rounds_loop4 = Loop()
+ with rounds_loop4:
+ # a += b; d ^= a; d = ROTW16(d);
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PADDD(xmm_v8, xmm_v9)
+ PADDD(xmm_v12, xmm_v13)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ PXOR(xmm_v11, xmm_v8)
+ PXOR(xmm_v15, xmm_v12)
+
+ MOVDQA(mem_tmp0, xmm_tmp) # Save
+
+ ROTW16_sse2(xmm_tmp, xmm_v3)
+ ROTW16_sse2(xmm_tmp, xmm_v7)
+ ROTW16_sse2(xmm_tmp, xmm_v11)
+ ROTW16_sse2(xmm_tmp, xmm_v15)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PADDD(xmm_v10, xmm_v11)
+ PADDD(xmm_v14, xmm_v15)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ PXOR(xmm_v9, xmm_v10)
+ PXOR(xmm_v13, xmm_v14)
+ ROTW12_sse2(xmm_tmp, xmm_v1)
+ ROTW12_sse2(xmm_tmp, xmm_v5)
+ ROTW12_sse2(xmm_tmp, xmm_v9)
+ ROTW12_sse2(xmm_tmp, xmm_v13)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ MOVDQA(xmm_tmp, mem_tmp0) # Restore
+
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PADDD(xmm_v8, xmm_v9)
+ PADDD(xmm_v12, xmm_v13)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ PXOR(xmm_v11, xmm_v8)
+ PXOR(xmm_v15, xmm_v12)
+
+ MOVDQA(mem_tmp0, xmm_tmp) # Save
+
+ ROTW8_sse2(xmm_tmp, xmm_v3)
+ ROTW8_sse2(xmm_tmp, xmm_v7)
+ ROTW8_sse2(xmm_tmp, xmm_v11)
+ ROTW8_sse2(xmm_tmp, xmm_v15)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PADDD(xmm_v10, xmm_v11)
+ PADDD(xmm_v14, xmm_v15)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ PXOR(xmm_v9, xmm_v10)
+ PXOR(xmm_v13, xmm_v14)
+ ROTW7_sse2(xmm_tmp, xmm_v1)
+ ROTW7_sse2(xmm_tmp, xmm_v5)
+ ROTW7_sse2(xmm_tmp, xmm_v9)
+ ROTW7_sse2(xmm_tmp, xmm_v13)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ PSHUFD(xmm_v1, xmm_v1, 0x39)
+ PSHUFD(xmm_v5, xmm_v5, 0x39)
+ PSHUFD(xmm_v9, xmm_v9, 0x39)
+ PSHUFD(xmm_v13, xmm_v13, 0x39)
+ PSHUFD(xmm_v2, xmm_v2, 0x4e)
+ PSHUFD(xmm_v6, xmm_v6, 0x4e)
+ PSHUFD(xmm_v10, xmm_v10, 0x4e)
+ PSHUFD(xmm_v14, xmm_v14, 0x4e)
+ PSHUFD(xmm_v3, xmm_v3, 0x93)
+ PSHUFD(xmm_v7, xmm_v7, 0x93)
+ PSHUFD(xmm_v11, xmm_v11, 0x93)
+ PSHUFD(xmm_v15, xmm_v15, 0x93)
+
+ MOVDQA(xmm_tmp, mem_tmp0) # Restore
+
+ # a += b; d ^= a; d = ROTW16(d);
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PADDD(xmm_v8, xmm_v9)
+ PADDD(xmm_v12, xmm_v13)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ PXOR(xmm_v11, xmm_v8)
+ PXOR(xmm_v15, xmm_v12)
+
+ MOVDQA(mem_tmp0, xmm_tmp) # Save
+
+ ROTW16_sse2(xmm_tmp, xmm_v3)
+ ROTW16_sse2(xmm_tmp, xmm_v7)
+ ROTW16_sse2(xmm_tmp, xmm_v11)
+ ROTW16_sse2(xmm_tmp, xmm_v15)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PADDD(xmm_v10, xmm_v11)
+ PADDD(xmm_v14, xmm_v15)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ PXOR(xmm_v9, xmm_v10)
+ PXOR(xmm_v13, xmm_v14)
+ ROTW12_sse2(xmm_tmp, xmm_v1)
+ ROTW12_sse2(xmm_tmp, xmm_v5)
+ ROTW12_sse2(xmm_tmp, xmm_v9)
+ ROTW12_sse2(xmm_tmp, xmm_v13)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ MOVDQA(xmm_tmp, mem_tmp0) # Restore
+
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PADDD(xmm_v8, xmm_v9)
+ PADDD(xmm_v12, xmm_v13)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ PXOR(xmm_v11, xmm_v8)
+ PXOR(xmm_v15, xmm_v12)
+
+ MOVDQA(mem_tmp0, xmm_tmp) # Save
+
+ ROTW8_sse2(xmm_tmp, xmm_v3)
+ ROTW8_sse2(xmm_tmp, xmm_v7)
+ ROTW8_sse2(xmm_tmp, xmm_v11)
+ ROTW8_sse2(xmm_tmp, xmm_v15)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PADDD(xmm_v10, xmm_v11)
+ PADDD(xmm_v14, xmm_v15)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ PXOR(xmm_v9, xmm_v10)
+ PXOR(xmm_v13, xmm_v14)
+ ROTW7_sse2(xmm_tmp, xmm_v1)
+ ROTW7_sse2(xmm_tmp, xmm_v5)
+ ROTW7_sse2(xmm_tmp, xmm_v9)
+ ROTW7_sse2(xmm_tmp, xmm_v13)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ PSHUFD(xmm_v1, xmm_v1, 0x93)
+ PSHUFD(xmm_v5, xmm_v5, 0x93)
+ PSHUFD(xmm_v9, xmm_v9, 0x93)
+ PSHUFD(xmm_v13, xmm_v13, 0x93)
+ PSHUFD(xmm_v2, xmm_v2, 0x4e)
+ PSHUFD(xmm_v6, xmm_v6, 0x4e)
+ PSHUFD(xmm_v10, xmm_v10, 0x4e)
+ PSHUFD(xmm_v14, xmm_v14, 0x4e)
+ PSHUFD(xmm_v3, xmm_v3, 0x39)
+ PSHUFD(xmm_v7, xmm_v7, 0x39)
+ PSHUFD(xmm_v11, xmm_v11, 0x39)
+ PSHUFD(xmm_v15, xmm_v15, 0x39)
+
+ MOVDQA(xmm_tmp, mem_tmp0) # Restore
+
+ SUB(reg_rounds, 2)
+ JNZ(rounds_loop4.begin)
+
+ MOVDQA(mem_tmp0, xmm_tmp)
+
+ PADDD(xmm_v0, mem_s0)
+ PADDD(xmm_v1, mem_s1)
+ PADDD(xmm_v2, mem_s2)
+ PADDD(xmm_v3, mem_s3)
+ WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 0, xmm_v0, xmm_v1, xmm_v2, xmm_v3)
+ MOVDQU(xmm_v3, mem_s3)
+ PADDQ(xmm_v3, mem_one)
+
+ PADDD(xmm_v4, mem_s0)
+ PADDD(xmm_v5, mem_s1)
+ PADDD(xmm_v6, mem_s2)
+ PADDD(xmm_v7, xmm_v3)
+ WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 64, xmm_v4, xmm_v5, xmm_v6, xmm_v7)
+ PADDQ(xmm_v3, mem_one)
+
+ PADDD(xmm_v8, mem_s0)
+ PADDD(xmm_v9, mem_s1)
+ PADDD(xmm_v10, mem_s2)
+ PADDD(xmm_v11, xmm_v3)
+ WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 128, xmm_v8, xmm_v9, xmm_v10, xmm_v11)
+ PADDQ(xmm_v3, mem_one)
+
+ MOVDQA(xmm_tmp, mem_tmp0)
+
+ PADDD(xmm_v12, mem_s0)
+ PADDD(xmm_v13, mem_s1)
+ PADDD(xmm_v14, mem_s2)
+ PADDD(xmm_v15, xmm_v3)
+ WriteXor_sse2(xmm_v0, reg_inp, reg_outp, 192, xmm_v12, xmm_v13, xmm_v14, xmm_v15)
+ PADDQ(xmm_v3, mem_one)
+
+ MOVDQU(mem_s3, xmm_v3)
+
+ ADD(reg_inp, 4 * 64)
+ ADD(reg_outp, 4 * 64)
+
+ SUB(reg_blocks, 4)
+ JAE(vector_loop4.begin)
+
+ ADD(reg_blocks, 4)
+ out = Label()
+ JZ(out)
+
+ # Past this point, we no longer need to use every single register to hold
+ # the in progress state.
+
+ xmm_s0 = xmm_v8
+ xmm_s1 = xmm_v9
+ xmm_s2 = xmm_v10
+ xmm_s3 = xmm_v11
+ xmm_one = xmm_v13
+ MOVDQU(xmm_s0, mem_s0)
+ MOVDQU(xmm_s1, mem_s1)
+ MOVDQU(xmm_s2, mem_s2)
+ MOVDQU(xmm_s3, mem_s3)
+ MOVDQA(xmm_one, mem_one)
+
+ #
+ # 2 blocks at a time.
+ #
+
+ process_1_block = Label()
+ SUB(reg_blocks, 2)
+ JB(process_1_block) # < 2 blocks remaining.
+
+ MOVDQA(xmm_v0, xmm_s0)
+ MOVDQA(xmm_v1, xmm_s1)
+ MOVDQA(xmm_v2, xmm_s2)
+ MOVDQA(xmm_v3, xmm_s3)
+
+ MOVDQA(xmm_v4, xmm_v0)
+ MOVDQA(xmm_v5, xmm_v1)
+ MOVDQA(xmm_v6, xmm_v2)
+ MOVDQA(xmm_v7, xmm_v3)
+ PADDQ(xmm_v7, xmm_one)
+
+ MOV(reg_rounds, 20)
+ rounds_loop2 = Loop()
+ with rounds_loop2:
+ # a += b; d ^= a; d = ROTW16(d);
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ ROTW16_sse2(xmm_tmp, xmm_v3)
+ ROTW16_sse2(xmm_tmp, xmm_v7)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ ROTW12_sse2(xmm_tmp, xmm_v1)
+ ROTW12_sse2(xmm_tmp, xmm_v5)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ ROTW8_sse2(xmm_tmp, xmm_v3)
+ ROTW8_sse2(xmm_tmp, xmm_v7)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ ROTW7_sse2(xmm_tmp, xmm_v1)
+ ROTW7_sse2(xmm_tmp, xmm_v5)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ PSHUFD(xmm_v1, xmm_v1, 0x39)
+ PSHUFD(xmm_v5, xmm_v5, 0x39)
+ PSHUFD(xmm_v2, xmm_v2, 0x4e)
+ PSHUFD(xmm_v6, xmm_v6, 0x4e)
+ PSHUFD(xmm_v3, xmm_v3, 0x93)
+ PSHUFD(xmm_v7, xmm_v7, 0x93)
+
+ # a += b; d ^= a; d = ROTW16(d);
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ ROTW16_sse2(xmm_tmp, xmm_v3)
+ ROTW16_sse2(xmm_tmp, xmm_v7)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ ROTW12_sse2(xmm_tmp, xmm_v1)
+ ROTW12_sse2(xmm_tmp, xmm_v5)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ ROTW8_sse2(xmm_tmp, xmm_v3)
+ ROTW8_sse2(xmm_tmp, xmm_v7)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ ROTW7_sse2(xmm_tmp, xmm_v1)
+ ROTW7_sse2(xmm_tmp, xmm_v5)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ PSHUFD(xmm_v1, xmm_v1, 0x93)
+ PSHUFD(xmm_v5, xmm_v5, 0x93)
+ PSHUFD(xmm_v2, xmm_v2, 0x4e)
+ PSHUFD(xmm_v6, xmm_v6, 0x4e)
+ PSHUFD(xmm_v3, xmm_v3, 0x39)
+ PSHUFD(xmm_v7, xmm_v7, 0x39)
+
+ SUB(reg_rounds, 2)
+ JNZ(rounds_loop2.begin)
+
+ PADDD(xmm_v0, xmm_s0)
+ PADDD(xmm_v1, xmm_s1)
+ PADDD(xmm_v2, xmm_s2)
+ PADDD(xmm_v3, xmm_s3)
+ WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 0, xmm_v0, xmm_v1, xmm_v2, xmm_v3)
+ PADDQ(xmm_s3, xmm_one)
+
+ PADDD(xmm_v4, xmm_s0)
+ PADDD(xmm_v5, xmm_s1)
+ PADDD(xmm_v6, xmm_s2)
+ PADDD(xmm_v7, xmm_s3)
+ WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 64, xmm_v4, xmm_v5, xmm_v6, xmm_v7)
+ PADDQ(xmm_s3, xmm_one)
+
+ ADD(reg_inp, 2 * 64)
+ ADD(reg_outp, 2 * 64)
+ SUB(reg_blocks, 2)
+
+ LABEL(process_1_block)
+ ADD(reg_blocks, 2)
+ out_serial = Label()
+ JZ(out_serial)
+
+ #
+ # 1 block at a time. Only executed once, because if there was > 1,
+ # the parallel code would have processed it already.
+ #
+
+ MOVDQA(xmm_v0, xmm_s0)
+ MOVDQA(xmm_v1, xmm_s1)
+ MOVDQA(xmm_v2, xmm_s2)
+ MOVDQA(xmm_v3, xmm_s3)
+
+ MOV(reg_rounds, 20)
+ rounds_loop1 = Loop()
+ with rounds_loop1:
+ # a += b; d ^= a; d = ROTW16(d);
+ PADDD(xmm_v0, xmm_v1)
+ PXOR(xmm_v3, xmm_v0)
+ ROTW16_sse2(xmm_tmp, xmm_v3)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ PADDD(xmm_v2, xmm_v3)
+ PXOR(xmm_v1, xmm_v2)
+ ROTW12_sse2(xmm_tmp, xmm_v1)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ PADDD(xmm_v0, xmm_v1)
+ PXOR(xmm_v3, xmm_v0)
+ ROTW8_sse2(xmm_tmp, xmm_v3)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ PADDD(xmm_v2, xmm_v3)
+ PXOR(xmm_v1, xmm_v2)
+ ROTW7_sse2(xmm_tmp, xmm_v1)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ PSHUFD(xmm_v1, xmm_v1, 0x39)
+ PSHUFD(xmm_v2, xmm_v2, 0x4e)
+ PSHUFD(xmm_v3, xmm_v3, 0x93)
+
+ # a += b; d ^= a; d = ROTW16(d);
+ PADDD(xmm_v0, xmm_v1)
+ PXOR(xmm_v3, xmm_v0)
+ ROTW16_sse2(xmm_tmp, xmm_v3)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ PADDD(xmm_v2, xmm_v3)
+ PXOR(xmm_v1, xmm_v2)
+ ROTW12_sse2(xmm_tmp, xmm_v1)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ PADDD(xmm_v0, xmm_v1)
+ PXOR(xmm_v3, xmm_v0)
+ ROTW8_sse2(xmm_tmp, xmm_v3)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ PADDD(xmm_v2, xmm_v3)
+ PXOR(xmm_v1, xmm_v2)
+ ROTW7_sse2(xmm_tmp, xmm_v1)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ PSHUFD(xmm_v1, xmm_v1, 0x93)
+ PSHUFD(xmm_v2, xmm_v2, 0x4e)
+ PSHUFD(xmm_v3, xmm_v3, 0x39)
+
+ SUB(reg_rounds, 2)
+ JNZ(rounds_loop1.begin)
+
+ PADDD(xmm_v0, xmm_s0)
+ PADDD(xmm_v1, xmm_s1)
+ PADDD(xmm_v2, xmm_s2)
+ PADDD(xmm_v3, xmm_s3)
+ WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 0, xmm_v0, xmm_v1, xmm_v2, xmm_v3)
+ PADDQ(xmm_s3, xmm_one)
+
+ LABEL(out_serial)
+
+ # Write back the updated counter. Stoping at 2^70 bytes is the user's
+ # problem, not mine. (Skipped if there's exactly a multiple of 4 blocks
+ # because the counter is incremented in memory while looping.)
+ MOVDQU(mem_s3, xmm_s3)
+
+ LABEL(out)
+
+ # Paranoia, cleanse the scratch space.
+ PXOR(xmm_v0, xmm_v0)
+ MOVDQA(mem_tmp0, xmm_v0)
+
+ # Remove our stack allocation.
+ MOV(registers.rsp, reg_sp_save)
+
+ RETURN()
+
+#
+# AVX2 helpers. Like the SSE2 equivalents, the scratch register is explicit,
+# and more helpers are used to increase readability for destructive operations.
+#
+# XXX/Performance: ROTW16_avx2/ROTW8_avx2 both can use VPSHUFFB.
+#
+
+def ADD_avx2(dst, src):
+ VPADDD(dst, dst, src)
+
+def XOR_avx2(dst, src):
+ VPXOR(dst, dst, src)
+
+def ROTW16_avx2(tmp, d):
+ VPSLLD(tmp, d, 16)
+ VPSRLD(d, d, 16)
+ XOR_avx2(d, tmp)
+
+def ROTW12_avx2(tmp, b):
+ VPSLLD(tmp, b, 12)
+ VPSRLD(b, b, 20)
+ XOR_avx2(b, tmp)
+
+def ROTW8_avx2(tmp, d):
+ VPSLLD(tmp, d, 8)
+ VPSRLD(d, d, 24)
+ XOR_avx2(d, tmp)
+
+def ROTW7_avx2(tmp, b):
+ VPSLLD(tmp, b, 7)
+ VPSRLD(b, b, 25)
+ XOR_avx2(b, tmp)
+
+def WriteXor_avx2(tmp, inp, outp, d, v0, v1, v2, v3):
+ # XOR_WRITE(out+ 0, in+ 0, _mm256_permute2x128_si256(v0,v1,0x20));
+ VPERM2I128(tmp, v0, v1, 0x20)
+ VPXOR(tmp, tmp, [inp+d])
+ VMOVDQU([outp+d], tmp)
+
+ # XOR_WRITE(out+32, in+32, _mm256_permute2x128_si256(v2,v3,0x20));
+ VPERM2I128(tmp, v2, v3, 0x20)
+ VPXOR(tmp, tmp, [inp+d+32])
+ VMOVDQU([outp+d+32], tmp)
+
+ # XOR_WRITE(out+64, in+64, _mm256_permute2x128_si256(v0,v1,0x31));
+ VPERM2I128(tmp, v0, v1, 0x31)
+ VPXOR(tmp, tmp, [inp+d+64])
+ VMOVDQU([outp+d+64], tmp)
+
+ # XOR_WRITE(out+96, in+96, _mm256_permute2x128_si256(v2,v3,0x31));
+ VPERM2I128(tmp, v2, v3, 0x31)
+ VPXOR(tmp, tmp, [inp+d+96])
+ VMOVDQU([outp+d+96], tmp)
+
+# AVX2 ChaCha20 (aka avx2). Does not handle partial blocks, will process
+# 8/4/2 blocks at a time.
+with Function("blocksAmd64AVX2", (x, inp, outp, nrBlocks), target=uarch.broadwell):
+ reg_x = GeneralPurposeRegister64()
+ reg_inp = GeneralPurposeRegister64()
+ reg_outp = GeneralPurposeRegister64()
+ reg_blocks = GeneralPurposeRegister64()
+ reg_sp_save = GeneralPurposeRegister64()
+
+ LOAD.ARGUMENT(reg_x, x)
+ LOAD.ARGUMENT(reg_inp, inp)
+ LOAD.ARGUMENT(reg_outp, outp)
+ LOAD.ARGUMENT(reg_blocks, nrBlocks)
+
+ # Align the stack to a 32 byte boundary.
+ MOV(reg_sp_save, registers.rsp)
+ AND(registers.rsp, 0xffffffffffffffe0)
+ SUB(registers.rsp, 0x20)
+
+ x_s0 = [reg_x] # (Memory) Cipher state [0..3]
+ x_s1 = [reg_x+16] # (Memory) Cipher state [4..7]
+ x_s2 = [reg_x+32] # (Memory) Cipher state [8..11]
+ x_s3 = [reg_x+48] # (Memory) Cipher state [12..15]
+
+ ymm_v0 = YMMRegister()
+ ymm_v1 = YMMRegister()
+ ymm_v2 = YMMRegister()
+ ymm_v3 = YMMRegister()
+
+ ymm_v4 = YMMRegister()
+ ymm_v5 = YMMRegister()
+ ymm_v6 = YMMRegister()
+ ymm_v7 = YMMRegister()
+
+ ymm_v8 = YMMRegister()
+ ymm_v9 = YMMRegister()
+ ymm_v10 = YMMRegister()
+ ymm_v11 = YMMRegister()
+
+ ymm_v12 = YMMRegister()
+ ymm_v13 = YMMRegister()
+ ymm_v14 = YMMRegister()
+ ymm_v15 = YMMRegister()
+
+ ymm_tmp0 = ymm_v12
+
+ # Allocate the neccecary stack space for the counter vector and two ymm
+ # registers that we will spill.
+ SUB(registers.rsp, 96)
+ mem_tmp0 = [registers.rsp+64] # (Stack) Scratch space.
+ mem_s3 = [registers.rsp+32] # (Stack) Working copy of s3. (8x)
+ mem_inc = [registers.rsp] # (Stack) Counter increment vector.
+
+ # Increment the counter for one side of the state vector.
+ VPXOR(ymm_tmp0, ymm_tmp0, ymm_tmp0)
+ VMOVDQU(mem_inc, ymm_tmp0)
+ reg_tmp = GeneralPurposeRegister32()
+ MOV(reg_tmp, 0x00000001)
+ MOV([registers.rsp+16], reg_tmp)
+ VBROADCASTI128(ymm_v3, x_s3)
+ VPADDQ(ymm_v3, ymm_v3, [registers.rsp])
+ VMOVDQA(mem_s3, ymm_v3)
+
+ # As we process 2xN blocks at a time, so the counter increment for both
+ # sides of the state vector is 2.
+ MOV(reg_tmp, 0x00000002)
+ MOV([registers.rsp], reg_tmp)
+ MOV([registers.rsp+16], reg_tmp)
+
+ out_write_even = Label()
+ out_write_odd = Label()
+
+ #
+ # 8 blocks at a time. Ted Krovetz's avx2 code does not do this, but it's
+ # a decent gain despite all the pain...
+ #
+
+ reg_rounds = GeneralPurposeRegister64()
+
+ vector_loop8 = Loop()
+ SUB(reg_blocks, 8)
+ JB(vector_loop8.end)
+ with vector_loop8:
+ VBROADCASTI128(ymm_v0, x_s0)
+ VBROADCASTI128(ymm_v1, x_s1)
+ VBROADCASTI128(ymm_v2, x_s2)
+ VMOVDQA(ymm_v3, mem_s3)
+
+ VMOVDQA(ymm_v4, ymm_v0)
+ VMOVDQA(ymm_v5, ymm_v1)
+ VMOVDQA(ymm_v6, ymm_v2)
+ VPADDQ(ymm_v7, ymm_v3, mem_inc)
+
+ VMOVDQA(ymm_v8, ymm_v0)
+ VMOVDQA(ymm_v9, ymm_v1)
+ VMOVDQA(ymm_v10, ymm_v2)
+ VPADDQ(ymm_v11, ymm_v7, mem_inc)
+
+ VMOVDQA(ymm_v12, ymm_v0)
+ VMOVDQA(ymm_v13, ymm_v1)
+ VMOVDQA(ymm_v14, ymm_v2)
+ VPADDQ(ymm_v15, ymm_v11, mem_inc)
+
+ MOV(reg_rounds, 20)
+ rounds_loop8 = Loop()
+ with rounds_loop8:
+ # a += b; d ^= a; d = ROTW16(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ ADD_avx2(ymm_v8, ymm_v9)
+ ADD_avx2(ymm_v12, ymm_v13)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ XOR_avx2(ymm_v11, ymm_v8)
+ XOR_avx2(ymm_v15, ymm_v12)
+
+ VMOVDQA(mem_tmp0, ymm_tmp0) # Save
+
+ ROTW16_avx2(ymm_tmp0, ymm_v3)
+ ROTW16_avx2(ymm_tmp0, ymm_v7)
+ ROTW16_avx2(ymm_tmp0, ymm_v11)
+ ROTW16_avx2(ymm_tmp0, ymm_v15)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ ADD_avx2(ymm_v10, ymm_v11)
+ ADD_avx2(ymm_v14, ymm_v15)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ XOR_avx2(ymm_v9, ymm_v10)
+ XOR_avx2(ymm_v13, ymm_v14)
+ ROTW12_avx2(ymm_tmp0, ymm_v1)
+ ROTW12_avx2(ymm_tmp0, ymm_v5)
+ ROTW12_avx2(ymm_tmp0, ymm_v9)
+ ROTW12_avx2(ymm_tmp0, ymm_v13)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ VMOVDQA(ymm_tmp0, mem_tmp0) # Restore
+
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ ADD_avx2(ymm_v8, ymm_v9)
+ ADD_avx2(ymm_v12, ymm_v13)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ XOR_avx2(ymm_v11, ymm_v8)
+ XOR_avx2(ymm_v15, ymm_v12)
+
+ VMOVDQA(mem_tmp0, ymm_tmp0) # Save
+
+ ROTW8_avx2(ymm_tmp0, ymm_v3)
+ ROTW8_avx2(ymm_tmp0, ymm_v7)
+ ROTW8_avx2(ymm_tmp0, ymm_v11)
+ ROTW8_avx2(ymm_tmp0, ymm_v15)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ ADD_avx2(ymm_v10, ymm_v11)
+ ADD_avx2(ymm_v14, ymm_v15)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ XOR_avx2(ymm_v9, ymm_v10)
+ XOR_avx2(ymm_v13, ymm_v14)
+ ROTW7_avx2(ymm_tmp0, ymm_v1)
+ ROTW7_avx2(ymm_tmp0, ymm_v5)
+ ROTW7_avx2(ymm_tmp0, ymm_v9)
+ ROTW7_avx2(ymm_tmp0, ymm_v13)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ VPSHUFD(ymm_v1, ymm_v1, 0x39)
+ VPSHUFD(ymm_v5, ymm_v5, 0x39)
+ VPSHUFD(ymm_v9, ymm_v9, 0x39)
+ VPSHUFD(ymm_v13, ymm_v13, 0x39)
+ VPSHUFD(ymm_v2, ymm_v2, 0x4e)
+ VPSHUFD(ymm_v6, ymm_v6, 0x4e)
+ VPSHUFD(ymm_v10, ymm_v10, 0x4e)
+ VPSHUFD(ymm_v14, ymm_v14, 0x4e)
+ VPSHUFD(ymm_v3, ymm_v3, 0x93)
+ VPSHUFD(ymm_v7, ymm_v7, 0x93)
+ VPSHUFD(ymm_v11, ymm_v11, 0x93)
+ VPSHUFD(ymm_v15, ymm_v15, 0x93)
+
+ # a += b; d ^= a; d = ROTW16(d);
+ VMOVDQA(ymm_tmp0, mem_tmp0) # Restore
+
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ ADD_avx2(ymm_v8, ymm_v9)
+ ADD_avx2(ymm_v12, ymm_v13)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ XOR_avx2(ymm_v11, ymm_v8)
+ XOR_avx2(ymm_v15, ymm_v12)
+
+ VMOVDQA(mem_tmp0, ymm_tmp0) # Save
+
+ ROTW16_avx2(ymm_tmp0, ymm_v3)
+ ROTW16_avx2(ymm_tmp0, ymm_v7)
+ ROTW16_avx2(ymm_tmp0, ymm_v11)
+ ROTW16_avx2(ymm_tmp0, ymm_v15)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ ADD_avx2(ymm_v10, ymm_v11)
+ ADD_avx2(ymm_v14, ymm_v15)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ XOR_avx2(ymm_v9, ymm_v10)
+ XOR_avx2(ymm_v13, ymm_v14)
+ ROTW12_avx2(ymm_tmp0, ymm_v1)
+ ROTW12_avx2(ymm_tmp0, ymm_v5)
+ ROTW12_avx2(ymm_tmp0, ymm_v9)
+ ROTW12_avx2(ymm_tmp0, ymm_v13)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ VMOVDQA(ymm_tmp0, mem_tmp0) # Restore
+
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ ADD_avx2(ymm_v8, ymm_v9)
+ ADD_avx2(ymm_v12, ymm_v13)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ XOR_avx2(ymm_v11, ymm_v8)
+ XOR_avx2(ymm_v15, ymm_v12)
+
+ VMOVDQA(mem_tmp0, ymm_tmp0) # Save
+
+ ROTW8_avx2(ymm_tmp0, ymm_v3)
+ ROTW8_avx2(ymm_tmp0, ymm_v7)
+ ROTW8_avx2(ymm_tmp0, ymm_v11)
+ ROTW8_avx2(ymm_tmp0, ymm_v15)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ ADD_avx2(ymm_v10, ymm_v11)
+ ADD_avx2(ymm_v14, ymm_v15)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ XOR_avx2(ymm_v9, ymm_v10)
+ XOR_avx2(ymm_v13, ymm_v14)
+ ROTW7_avx2(ymm_tmp0, ymm_v1)
+ ROTW7_avx2(ymm_tmp0, ymm_v5)
+ ROTW7_avx2(ymm_tmp0, ymm_v9)
+ ROTW7_avx2(ymm_tmp0, ymm_v13)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ VPSHUFD(ymm_v1, ymm_v1, 0x93)
+ VPSHUFD(ymm_v5, ymm_v5, 0x93)
+ VPSHUFD(ymm_v9, ymm_v9, 0x93)
+ VPSHUFD(ymm_v13, ymm_v13, 0x93)
+ VPSHUFD(ymm_v2, ymm_v2, 0x4e)
+ VPSHUFD(ymm_v6, ymm_v6, 0x4e)
+ VPSHUFD(ymm_v10, ymm_v10, 0x4e)
+ VPSHUFD(ymm_v14, ymm_v14, 0x4e)
+ VPSHUFD(ymm_v3, ymm_v3, 0x39)
+ VPSHUFD(ymm_v7, ymm_v7, 0x39)
+ VPSHUFD(ymm_v11, ymm_v11, 0x39)
+ VPSHUFD(ymm_v15, ymm_v15, 0x39)
+
+ VMOVDQA(ymm_tmp0, mem_tmp0) # Restore
+
+ SUB(reg_rounds, 2)
+ JNZ(rounds_loop8.begin)
+
+ # ymm_v12 is in mem_tmp0 and is current....
+
+ # XXX: I assume VBROADCASTI128 is about as fast as VMOVDQA....
+ VBROADCASTI128(ymm_tmp0, x_s0)
+ ADD_avx2(ymm_v0, ymm_tmp0)
+ ADD_avx2(ymm_v4, ymm_tmp0)
+ ADD_avx2(ymm_v8, ymm_tmp0)
+ ADD_avx2(ymm_tmp0, mem_tmp0)
+ VMOVDQA(mem_tmp0, ymm_tmp0)
+
+ VBROADCASTI128(ymm_tmp0, x_s1)
+ ADD_avx2(ymm_v1, ymm_tmp0)
+ ADD_avx2(ymm_v5, ymm_tmp0)
+ ADD_avx2(ymm_v9, ymm_tmp0)
+ ADD_avx2(ymm_v13, ymm_tmp0)
+
+ VBROADCASTI128(ymm_tmp0, x_s2)
+ ADD_avx2(ymm_v2, ymm_tmp0)
+ ADD_avx2(ymm_v6, ymm_tmp0)
+ ADD_avx2(ymm_v10, ymm_tmp0)
+ ADD_avx2(ymm_v14, ymm_tmp0)
+
+ ADD_avx2(ymm_v3, mem_s3)
+ WriteXor_avx2(ymm_tmp0, reg_inp, reg_outp, 0, ymm_v0, ymm_v1, ymm_v2, ymm_v3)
+ VMOVDQA(ymm_v3, mem_s3)
+ ADD_avx2(ymm_v3, mem_inc)
+
+ ADD_avx2(ymm_v7, ymm_v3)
+ WriteXor_avx2(ymm_tmp0, reg_inp, reg_outp, 128, ymm_v4, ymm_v5, ymm_v6, ymm_v7)
+ ADD_avx2(ymm_v3, mem_inc)
+
+ ADD_avx2(ymm_v11, ymm_v3)
+ WriteXor_avx2(ymm_tmp0, reg_inp, reg_outp, 256, ymm_v8, ymm_v9, ymm_v10, ymm_v11)
+ ADD_avx2(ymm_v3, mem_inc)
+
+ VMOVDQA(ymm_v12, mem_tmp0)
+ ADD_avx2(ymm_v15, ymm_v3)
+ WriteXor_avx2(ymm_v0, reg_inp, reg_outp, 384, ymm_v12, ymm_v13, ymm_v14, ymm_v15)
+ ADD_avx2(ymm_v3, mem_inc)
+
+ VMOVDQA(mem_s3, ymm_v3)
+
+ ADD(reg_inp, 8 * 64)
+ ADD(reg_outp, 8 * 64)
+
+ SUB(reg_blocks, 8)
+ JAE(vector_loop8.begin)
+
+ # ymm_v3 contains a current copy of mem_s3 either from when it was built,
+ # or because the loop updates it. Copy this before we mess with the block
+ # counter in case we need to write it back and return.
+ ymm_s3 = ymm_v11
+ VMOVDQA(ymm_s3, ymm_v3)
+
+ ADD(reg_blocks, 8)
+ JZ(out_write_even)
+
+ # We now actually can do everything in registers.
+ ymm_s0 = ymm_v8
+ VBROADCASTI128(ymm_s0, x_s0)
+ ymm_s1 = ymm_v9
+ VBROADCASTI128(ymm_s1, x_s1)
+ ymm_s2 = ymm_v10
+ VBROADCASTI128(ymm_s2, x_s2)
+ ymm_inc = ymm_v14
+ VMOVDQA(ymm_inc, mem_inc)
+
+ #
+ # 4 blocks at a time.
+ #
+
+ process_2_blocks = Label()
+ SUB(reg_blocks, 4)
+ JB(process_2_blocks) # < 4 blocks remaining.
+
+ VMOVDQA(ymm_v0, ymm_s0)
+ VMOVDQA(ymm_v1, ymm_s1)
+ VMOVDQA(ymm_v2, ymm_s2)
+ VMOVDQA(ymm_v3, ymm_s3)
+
+ VMOVDQA(ymm_v4, ymm_v0)
+ VMOVDQA(ymm_v5, ymm_v1)
+ VMOVDQA(ymm_v6, ymm_v2)
+ VPADDQ(ymm_v7, ymm_v3, ymm_inc)
+
+ MOV(reg_rounds, 20)
+ rounds_loop4 = Loop()
+ with rounds_loop4:
+ # a += b; d ^= a; d = ROTW16(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ ROTW16_avx2(ymm_tmp0, ymm_v3)
+ ROTW16_avx2(ymm_tmp0, ymm_v7)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ ROTW12_avx2(ymm_tmp0, ymm_v1)
+ ROTW12_avx2(ymm_tmp0, ymm_v5)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ ROTW8_avx2(ymm_tmp0, ymm_v3)
+ ROTW8_avx2(ymm_tmp0, ymm_v7)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ ROTW7_avx2(ymm_tmp0, ymm_v1)
+ ROTW7_avx2(ymm_tmp0, ymm_v5)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ VPSHUFD(ymm_v1, ymm_v1, 0x39)
+ VPSHUFD(ymm_v5, ymm_v5, 0x39)
+ VPSHUFD(ymm_v2, ymm_v2, 0x4e)
+ VPSHUFD(ymm_v6, ymm_v6, 0x4e)
+ VPSHUFD(ymm_v3, ymm_v3, 0x93)
+ VPSHUFD(ymm_v7, ymm_v7, 0x93)
+
+ # a += b; d ^= a; d = ROTW16(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ ROTW16_avx2(ymm_tmp0, ymm_v3)
+ ROTW16_avx2(ymm_tmp0, ymm_v7)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ ROTW12_avx2(ymm_tmp0, ymm_v1)
+ ROTW12_avx2(ymm_tmp0, ymm_v5)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ ROTW8_avx2(ymm_tmp0, ymm_v3)
+ ROTW8_avx2(ymm_tmp0, ymm_v7)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ ROTW7_avx2(ymm_tmp0, ymm_v1)
+ ROTW7_avx2(ymm_tmp0, ymm_v5)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ VPSHUFD(ymm_v1, ymm_v1, 0x93)
+ VPSHUFD(ymm_v5, ymm_v5, 0x93)
+ VPSHUFD(ymm_v2, ymm_v2, 0x4e)
+ VPSHUFD(ymm_v6, ymm_v6, 0x4e)
+ VPSHUFD(ymm_v3, ymm_v3, 0x39)
+ VPSHUFD(ymm_v7, ymm_v7, 0x39)
+
+ SUB(reg_rounds, 2)
+ JNZ(rounds_loop4.begin)
+
+ ADD_avx2(ymm_v0, ymm_s0)
+ ADD_avx2(ymm_v1, ymm_s1)
+ ADD_avx2(ymm_v2, ymm_s2)
+ ADD_avx2(ymm_v3, ymm_s3)
+ WriteXor_avx2(ymm_tmp0, reg_inp, reg_outp, 0, ymm_v0, ymm_v1, ymm_v2, ymm_v3)
+ ADD_avx2(ymm_s3, ymm_inc)
+
+ ADD_avx2(ymm_v4, ymm_s0)
+ ADD_avx2(ymm_v5, ymm_s1)
+ ADD_avx2(ymm_v6, ymm_s2)
+ ADD_avx2(ymm_v7, ymm_s3)
+ WriteXor_avx2(ymm_tmp0, reg_inp, reg_outp, 128, ymm_v4, ymm_v5, ymm_v6, ymm_v7)
+ ADD_avx2(ymm_s3, ymm_inc)
+
+ ADD(reg_inp, 4 * 64)
+ ADD(reg_outp, 4 * 64)
+ SUB(reg_blocks, 4)
+
+ LABEL(process_2_blocks)
+ ADD(reg_blocks, 4)
+ JZ(out_write_even) # 0 blocks left.
+
+ #
+ # 2/1 blocks at a time. The two codepaths are unified because
+ # with AVX2 we do 2 blocks at a time anyway, and this only gets called
+ # if 3/2/1 blocks are remaining, so the extra branches don't hurt that
+ # much.
+ #
+
+ vector_loop2 = Loop()
+ with vector_loop2:
+ VMOVDQA(ymm_v0, ymm_s0)
+ VMOVDQA(ymm_v1, ymm_s1)
+ VMOVDQA(ymm_v2, ymm_s2)
+ VMOVDQA(ymm_v3, ymm_s3)
+
+ MOV(reg_rounds, 20)
+ rounds_loop2 = Loop()
+ with rounds_loop2:
+ # a += b; d ^= a; d = ROTW16(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ XOR_avx2(ymm_v3, ymm_v0)
+ ROTW16_avx2(ymm_tmp0, ymm_v3)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ ADD_avx2(ymm_v2, ymm_v3)
+ XOR_avx2(ymm_v1, ymm_v2)
+ ROTW12_avx2(ymm_tmp0, ymm_v1)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ XOR_avx2(ymm_v3, ymm_v0)
+ ROTW8_avx2(ymm_tmp0, ymm_v3)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ ADD_avx2(ymm_v2, ymm_v3)
+ XOR_avx2(ymm_v1, ymm_v2)
+ ROTW7_avx2(ymm_tmp0, ymm_v1)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ VPSHUFD(ymm_v1, ymm_v1, 0x39)
+ VPSHUFD(ymm_v2, ymm_v2, 0x4e)
+ VPSHUFD(ymm_v3, ymm_v3, 0x93)
+
+ # a += b; d ^= a; d = ROTW16(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ XOR_avx2(ymm_v3, ymm_v0)
+ ROTW16_avx2(ymm_tmp0, ymm_v3)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ ADD_avx2(ymm_v2, ymm_v3)
+ XOR_avx2(ymm_v1, ymm_v2)
+ ROTW12_avx2(ymm_tmp0, ymm_v1)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ XOR_avx2(ymm_v3, ymm_v0)
+ ROTW8_avx2(ymm_tmp0, ymm_v3)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ ADD_avx2(ymm_v2, ymm_v3)
+ XOR_avx2(ymm_v1, ymm_v2)
+ ROTW7_avx2(ymm_tmp0, ymm_v1)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ VPSHUFD(ymm_v1, ymm_v1, 0x93)
+ VPSHUFD(ymm_v2, ymm_v2, 0x4e)
+ VPSHUFD(ymm_v3, ymm_v3, 0x39)
+
+ SUB(reg_rounds, 2)
+ JNZ(rounds_loop2.begin)
+
+ ADD_avx2(ymm_v0, ymm_s0)
+ ADD_avx2(ymm_v1, ymm_s1)
+ ADD_avx2(ymm_v2, ymm_s2)
+ ADD_avx2(ymm_v3, ymm_s3)
+
+ # XOR_WRITE(out+ 0, in+ 0, _mm256_permute2x128_si256(v0,v1,0x20));
+ VPERM2I128(ymm_tmp0, ymm_v0, ymm_v1, 0x20)
+ VPXOR(ymm_tmp0, ymm_tmp0, [reg_inp])
+ VMOVDQU([reg_outp], ymm_tmp0)
+
+ # XOR_WRITE(out+32, in+32, _mm256_permute2x128_si256(v2,v3,0x20));
+ VPERM2I128(ymm_tmp0, ymm_v2, ymm_v3, 0x20)
+ VPXOR(ymm_tmp0, ymm_tmp0, [reg_inp+32])
+ VMOVDQU([reg_outp+32], ymm_tmp0)
+
+ SUB(reg_blocks, 1)
+ JZ(out_write_odd)
+
+ ADD_avx2(ymm_s3, ymm_inc)
+
+ # XOR_WRITE(out+64, in+64, _mm256_permute2x128_si256(v0,v1,0x31));
+ VPERM2I128(ymm_tmp0, ymm_v0, ymm_v1, 0x31)
+ VPXOR(ymm_tmp0, ymm_tmp0, [reg_inp+64])
+ VMOVDQU([reg_outp+64], ymm_tmp0)
+
+ # XOR_WRITE(out+96, in+96, _mm256_permute2x128_si256(v2,v3,0x31));
+ VPERM2I128(ymm_tmp0, ymm_v2, ymm_v3, 0x31)
+ VPXOR(ymm_tmp0, ymm_tmp0, [reg_inp+96])
+ VMOVDQU([reg_outp+96], ymm_tmp0)
+
+ SUB(reg_blocks, 1)
+ JZ(out_write_even)
+
+ ADD(reg_inp, 2 * 64)
+ ADD(reg_outp, 2 * 64)
+ JMP(vector_loop2.begin)
+
+ LABEL(out_write_odd)
+ VPERM2I128(ymm_s3, ymm_s3, ymm_s3, 0x01) # Odd number of blocks.
+
+ LABEL(out_write_even)
+ VMOVDQU(x_s3, ymm_s3.as_xmm) # Write back ymm_s3 to x_v3
+
+ # Paranoia, cleanse the scratch space.
+ VPXOR(ymm_v0, ymm_v0, ymm_v0)
+ VMOVDQA(mem_tmp0, ymm_v0)
+ VMOVDQA(mem_s3, ymm_v0)
+
+ # Clear all YMM (and XMM) registers.
+ VZEROALL()
+
+ # Remove our stack allocation.
+ MOV(registers.rsp, reg_sp_save)
+
+ RETURN()
+
+#
+# CPUID
+#
+
+cpuidParams = Argument(ptr(uint32_t))
+
+with Function("cpuidAmd64", (cpuidParams,)):
+ reg_params = registers.r15
+ LOAD.ARGUMENT(reg_params, cpuidParams)
+
+ MOV(registers.eax, [reg_params])
+ MOV(registers.ecx, [reg_params+8])
+
+ CPUID()
+
+ MOV([reg_params], registers.eax)
+ MOV([reg_params+4], registers.ebx)
+ MOV([reg_params+8], registers.ecx)
+ MOV([reg_params+12], registers.edx)
+
+ RETURN()
+
+#
+# XGETBV (ECX = 0)
+#
+
+xcrVec = Argument(ptr(uint32_t))
+
+with Function("xgetbv0Amd64", (xcrVec,)):
+ reg_vec = GeneralPurposeRegister64()
+
+ LOAD.ARGUMENT(reg_vec, xcrVec)
+
+ XOR(registers.ecx, registers.ecx)
+
+ XGETBV()
+
+ MOV([reg_vec], registers.eax)
+ MOV([reg_vec+4], registers.edx)
+
+ RETURN()
diff --git a/vendor/github.com/Yawning/chacha20/chacha20_amd64.s b/vendor/github.com/Yawning/chacha20/chacha20_amd64.s
new file mode 100644
index 0000000..e3792af
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/chacha20_amd64.s
@@ -0,0 +1,1180 @@
+// +build !noasm
+// Generated by PeachPy 0.2.0 from chacha20_amd64.py
+
+
+// func blocksAmd64SSE2(x *uint32, inp *uint8, outp *uint8, nrBlocks *uint)
+TEXT ·blocksAmd64SSE2(SB),4,$0-32
+ MOVQ x+0(FP), AX
+ MOVQ inp+8(FP), BX
+ MOVQ outp+16(FP), CX
+ MOVQ nrBlocks+24(FP), DX
+ MOVQ SP, DI
+ ANDQ $18446744073709551584, SP
+ SUBQ $32, SP
+ PXOR X0, X0
+ SUBQ $32, SP
+ MOVO X0, 0(SP)
+ MOVL $1, SI
+ MOVL SI, 0(SP)
+ SUBQ $4, DX
+ JCS vector_loop4_end
+vector_loop4_begin:
+ MOVOU 0(AX), X0
+ MOVOU 16(AX), X1
+ MOVOU 32(AX), X2
+ MOVOU 48(AX), X3
+ MOVO X0, X4
+ MOVO X1, X5
+ MOVO X2, X6
+ MOVO X3, X7
+ PADDQ 0(SP), X7
+ MOVO X0, X8
+ MOVO X1, X9
+ MOVO X2, X10
+ MOVO X7, X11
+ PADDQ 0(SP), X11
+ MOVO X0, X12
+ MOVO X1, X13
+ MOVO X2, X14
+ MOVO X11, X15
+ PADDQ 0(SP), X15
+ MOVQ $20, SI
+rounds_loop4_begin:
+ PADDL X1, X0
+ PADDL X5, X4
+ PADDL X9, X8
+ PADDL X13, X12
+ PXOR X0, X3
+ PXOR X4, X7
+ PXOR X8, X11
+ PXOR X12, X15
+ MOVO X12, 16(SP)
+ MOVO X3, X12
+ PSLLL $16, X12
+ PSRLL $16, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $16, X12
+ PSRLL $16, X7
+ PXOR X12, X7
+ MOVO X11, X12
+ PSLLL $16, X12
+ PSRLL $16, X11
+ PXOR X12, X11
+ MOVO X15, X12
+ PSLLL $16, X12
+ PSRLL $16, X15
+ PXOR X12, X15
+ PADDL X3, X2
+ PADDL X7, X6
+ PADDL X11, X10
+ PADDL X15, X14
+ PXOR X2, X1
+ PXOR X6, X5
+ PXOR X10, X9
+ PXOR X14, X13
+ MOVO X1, X12
+ PSLLL $12, X12
+ PSRLL $20, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $12, X12
+ PSRLL $20, X5
+ PXOR X12, X5
+ MOVO X9, X12
+ PSLLL $12, X12
+ PSRLL $20, X9
+ PXOR X12, X9
+ MOVO X13, X12
+ PSLLL $12, X12
+ PSRLL $20, X13
+ PXOR X12, X13
+ MOVO 16(SP), X12
+ PADDL X1, X0
+ PADDL X5, X4
+ PADDL X9, X8
+ PADDL X13, X12
+ PXOR X0, X3
+ PXOR X4, X7
+ PXOR X8, X11
+ PXOR X12, X15
+ MOVO X12, 16(SP)
+ MOVO X3, X12
+ PSLLL $8, X12
+ PSRLL $24, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $8, X12
+ PSRLL $24, X7
+ PXOR X12, X7
+ MOVO X11, X12
+ PSLLL $8, X12
+ PSRLL $24, X11
+ PXOR X12, X11
+ MOVO X15, X12
+ PSLLL $8, X12
+ PSRLL $24, X15
+ PXOR X12, X15
+ PADDL X3, X2
+ PADDL X7, X6
+ PADDL X11, X10
+ PADDL X15, X14
+ PXOR X2, X1
+ PXOR X6, X5
+ PXOR X10, X9
+ PXOR X14, X13
+ MOVO X1, X12
+ PSLLL $7, X12
+ PSRLL $25, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $7, X12
+ PSRLL $25, X5
+ PXOR X12, X5
+ MOVO X9, X12
+ PSLLL $7, X12
+ PSRLL $25, X9
+ PXOR X12, X9
+ MOVO X13, X12
+ PSLLL $7, X12
+ PSRLL $25, X13
+ PXOR X12, X13
+ PSHUFL $57, X1, X1
+ PSHUFL $57, X5, X5
+ PSHUFL $57, X9, X9
+ PSHUFL $57, X13, X13
+ PSHUFL $78, X2, X2
+ PSHUFL $78, X6, X6
+ PSHUFL $78, X10, X10
+ PSHUFL $78, X14, X14
+ PSHUFL $147, X3, X3
+ PSHUFL $147, X7, X7
+ PSHUFL $147, X11, X11
+ PSHUFL $147, X15, X15
+ MOVO 16(SP), X12
+ PADDL X1, X0
+ PADDL X5, X4
+ PADDL X9, X8
+ PADDL X13, X12
+ PXOR X0, X3
+ PXOR X4, X7
+ PXOR X8, X11
+ PXOR X12, X15
+ MOVO X12, 16(SP)
+ MOVO X3, X12
+ PSLLL $16, X12
+ PSRLL $16, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $16, X12
+ PSRLL $16, X7
+ PXOR X12, X7
+ MOVO X11, X12
+ PSLLL $16, X12
+ PSRLL $16, X11
+ PXOR X12, X11
+ MOVO X15, X12
+ PSLLL $16, X12
+ PSRLL $16, X15
+ PXOR X12, X15
+ PADDL X3, X2
+ PADDL X7, X6
+ PADDL X11, X10
+ PADDL X15, X14
+ PXOR X2, X1
+ PXOR X6, X5
+ PXOR X10, X9
+ PXOR X14, X13
+ MOVO X1, X12
+ PSLLL $12, X12
+ PSRLL $20, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $12, X12
+ PSRLL $20, X5
+ PXOR X12, X5
+ MOVO X9, X12
+ PSLLL $12, X12
+ PSRLL $20, X9
+ PXOR X12, X9
+ MOVO X13, X12
+ PSLLL $12, X12
+ PSRLL $20, X13
+ PXOR X12, X13
+ MOVO 16(SP), X12
+ PADDL X1, X0
+ PADDL X5, X4
+ PADDL X9, X8
+ PADDL X13, X12
+ PXOR X0, X3
+ PXOR X4, X7
+ PXOR X8, X11
+ PXOR X12, X15
+ MOVO X12, 16(SP)
+ MOVO X3, X12
+ PSLLL $8, X12
+ PSRLL $24, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $8, X12
+ PSRLL $24, X7
+ PXOR X12, X7
+ MOVO X11, X12
+ PSLLL $8, X12
+ PSRLL $24, X11
+ PXOR X12, X11
+ MOVO X15, X12
+ PSLLL $8, X12
+ PSRLL $24, X15
+ PXOR X12, X15
+ PADDL X3, X2
+ PADDL X7, X6
+ PADDL X11, X10
+ PADDL X15, X14
+ PXOR X2, X1
+ PXOR X6, X5
+ PXOR X10, X9
+ PXOR X14, X13
+ MOVO X1, X12
+ PSLLL $7, X12
+ PSRLL $25, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $7, X12
+ PSRLL $25, X5
+ PXOR X12, X5
+ MOVO X9, X12
+ PSLLL $7, X12
+ PSRLL $25, X9
+ PXOR X12, X9
+ MOVO X13, X12
+ PSLLL $7, X12
+ PSRLL $25, X13
+ PXOR X12, X13
+ PSHUFL $147, X1, X1
+ PSHUFL $147, X5, X5
+ PSHUFL $147, X9, X9
+ PSHUFL $147, X13, X13
+ PSHUFL $78, X2, X2
+ PSHUFL $78, X6, X6
+ PSHUFL $78, X10, X10
+ PSHUFL $78, X14, X14
+ PSHUFL $57, X3, X3
+ PSHUFL $57, X7, X7
+ PSHUFL $57, X11, X11
+ PSHUFL $57, X15, X15
+ MOVO 16(SP), X12
+ SUBQ $2, SI
+ JNE rounds_loop4_begin
+ MOVO X12, 16(SP)
+ PADDL 0(AX), X0
+ PADDL 16(AX), X1
+ PADDL 32(AX), X2
+ PADDL 48(AX), X3
+ MOVOU 0(BX), X12
+ PXOR X0, X12
+ MOVOU X12, 0(CX)
+ MOVOU 16(BX), X12
+ PXOR X1, X12
+ MOVOU X12, 16(CX)
+ MOVOU 32(BX), X12
+ PXOR X2, X12
+ MOVOU X12, 32(CX)
+ MOVOU 48(BX), X12
+ PXOR X3, X12
+ MOVOU X12, 48(CX)
+ MOVOU 48(AX), X3
+ PADDQ 0(SP), X3
+ PADDL 0(AX), X4
+ PADDL 16(AX), X5
+ PADDL 32(AX), X6
+ PADDL X3, X7
+ MOVOU 64(BX), X12
+ PXOR X4, X12
+ MOVOU X12, 64(CX)
+ MOVOU 80(BX), X12
+ PXOR X5, X12
+ MOVOU X12, 80(CX)
+ MOVOU 96(BX), X12
+ PXOR X6, X12
+ MOVOU X12, 96(CX)
+ MOVOU 112(BX), X12
+ PXOR X7, X12
+ MOVOU X12, 112(CX)
+ PADDQ 0(SP), X3
+ PADDL 0(AX), X8
+ PADDL 16(AX), X9
+ PADDL 32(AX), X10
+ PADDL X3, X11
+ MOVOU 128(BX), X12
+ PXOR X8, X12
+ MOVOU X12, 128(CX)
+ MOVOU 144(BX), X12
+ PXOR X9, X12
+ MOVOU X12, 144(CX)
+ MOVOU 160(BX), X12
+ PXOR X10, X12
+ MOVOU X12, 160(CX)
+ MOVOU 176(BX), X12
+ PXOR X11, X12
+ MOVOU X12, 176(CX)
+ PADDQ 0(SP), X3
+ MOVO 16(SP), X12
+ PADDL 0(AX), X12
+ PADDL 16(AX), X13
+ PADDL 32(AX), X14
+ PADDL X3, X15
+ MOVOU 192(BX), X0
+ PXOR X12, X0
+ MOVOU X0, 192(CX)
+ MOVOU 208(BX), X0
+ PXOR X13, X0
+ MOVOU X0, 208(CX)
+ MOVOU 224(BX), X0
+ PXOR X14, X0
+ MOVOU X0, 224(CX)
+ MOVOU 240(BX), X0
+ PXOR X15, X0
+ MOVOU X0, 240(CX)
+ PADDQ 0(SP), X3
+ MOVOU X3, 48(AX)
+ ADDQ $256, BX
+ ADDQ $256, CX
+ SUBQ $4, DX
+ JCC vector_loop4_begin
+vector_loop4_end:
+ ADDQ $4, DX
+ JEQ out
+ MOVOU 0(AX), X8
+ MOVOU 16(AX), X9
+ MOVOU 32(AX), X10
+ MOVOU 48(AX), X11
+ MOVO 0(SP), X13
+ SUBQ $2, DX
+ JCS process_1_block
+ MOVO X8, X0
+ MOVO X9, X1
+ MOVO X10, X2
+ MOVO X11, X3
+ MOVO X0, X4
+ MOVO X1, X5
+ MOVO X2, X6
+ MOVO X3, X7
+ PADDQ X13, X7
+ MOVQ $20, SI
+rounds_loop2_begin:
+ PADDL X1, X0
+ PADDL X5, X4
+ PXOR X0, X3
+ PXOR X4, X7
+ MOVO X3, X12
+ PSLLL $16, X12
+ PSRLL $16, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $16, X12
+ PSRLL $16, X7
+ PXOR X12, X7
+ PADDL X3, X2
+ PADDL X7, X6
+ PXOR X2, X1
+ PXOR X6, X5
+ MOVO X1, X12
+ PSLLL $12, X12
+ PSRLL $20, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $12, X12
+ PSRLL $20, X5
+ PXOR X12, X5
+ PADDL X1, X0
+ PADDL X5, X4
+ PXOR X0, X3
+ PXOR X4, X7
+ MOVO X3, X12
+ PSLLL $8, X12
+ PSRLL $24, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $8, X12
+ PSRLL $24, X7
+ PXOR X12, X7
+ PADDL X3, X2
+ PADDL X7, X6
+ PXOR X2, X1
+ PXOR X6, X5
+ MOVO X1, X12
+ PSLLL $7, X12
+ PSRLL $25, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $7, X12
+ PSRLL $25, X5
+ PXOR X12, X5
+ PSHUFL $57, X1, X1
+ PSHUFL $57, X5, X5
+ PSHUFL $78, X2, X2
+ PSHUFL $78, X6, X6
+ PSHUFL $147, X3, X3
+ PSHUFL $147, X7, X7
+ PADDL X1, X0
+ PADDL X5, X4
+ PXOR X0, X3
+ PXOR X4, X7
+ MOVO X3, X12
+ PSLLL $16, X12
+ PSRLL $16, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $16, X12
+ PSRLL $16, X7
+ PXOR X12, X7
+ PADDL X3, X2
+ PADDL X7, X6
+ PXOR X2, X1
+ PXOR X6, X5
+ MOVO X1, X12
+ PSLLL $12, X12
+ PSRLL $20, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $12, X12
+ PSRLL $20, X5
+ PXOR X12, X5
+ PADDL X1, X0
+ PADDL X5, X4
+ PXOR X0, X3
+ PXOR X4, X7
+ MOVO X3, X12
+ PSLLL $8, X12
+ PSRLL $24, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $8, X12
+ PSRLL $24, X7
+ PXOR X12, X7
+ PADDL X3, X2
+ PADDL X7, X6
+ PXOR X2, X1
+ PXOR X6, X5
+ MOVO X1, X12
+ PSLLL $7, X12
+ PSRLL $25, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $7, X12
+ PSRLL $25, X5
+ PXOR X12, X5
+ PSHUFL $147, X1, X1
+ PSHUFL $147, X5, X5
+ PSHUFL $78, X2, X2
+ PSHUFL $78, X6, X6
+ PSHUFL $57, X3, X3
+ PSHUFL $57, X7, X7
+ SUBQ $2, SI
+ JNE rounds_loop2_begin
+ PADDL X8, X0
+ PADDL X9, X1
+ PADDL X10, X2
+ PADDL X11, X3
+ MOVOU 0(BX), X12
+ PXOR X0, X12
+ MOVOU X12, 0(CX)
+ MOVOU 16(BX), X12
+ PXOR X1, X12
+ MOVOU X12, 16(CX)
+ MOVOU 32(BX), X12
+ PXOR X2, X12
+ MOVOU X12, 32(CX)
+ MOVOU 48(BX), X12
+ PXOR X3, X12
+ MOVOU X12, 48(CX)
+ PADDQ X13, X11
+ PADDL X8, X4
+ PADDL X9, X5
+ PADDL X10, X6
+ PADDL X11, X7
+ MOVOU 64(BX), X12
+ PXOR X4, X12
+ MOVOU X12, 64(CX)
+ MOVOU 80(BX), X12
+ PXOR X5, X12
+ MOVOU X12, 80(CX)
+ MOVOU 96(BX), X12
+ PXOR X6, X12
+ MOVOU X12, 96(CX)
+ MOVOU 112(BX), X12
+ PXOR X7, X12
+ MOVOU X12, 112(CX)
+ PADDQ X13, X11
+ ADDQ $128, BX
+ ADDQ $128, CX
+ SUBQ $2, DX
+process_1_block:
+ ADDQ $2, DX
+ JEQ out_serial
+ MOVO X8, X0
+ MOVO X9, X1
+ MOVO X10, X2
+ MOVO X11, X3
+ MOVQ $20, SI
+rounds_loop1_begin:
+ PADDL X1, X0
+ PXOR X0, X3
+ MOVO X3, X12
+ PSLLL $16, X12
+ PSRLL $16, X3
+ PXOR X12, X3
+ PADDL X3, X2
+ PXOR X2, X1
+ MOVO X1, X12
+ PSLLL $12, X12
+ PSRLL $20, X1
+ PXOR X12, X1
+ PADDL X1, X0
+ PXOR X0, X3
+ MOVO X3, X12
+ PSLLL $8, X12
+ PSRLL $24, X3
+ PXOR X12, X3
+ PADDL X3, X2
+ PXOR X2, X1
+ MOVO X1, X12
+ PSLLL $7, X12
+ PSRLL $25, X1
+ PXOR X12, X1
+ PSHUFL $57, X1, X1
+ PSHUFL $78, X2, X2
+ PSHUFL $147, X3, X3
+ PADDL X1, X0
+ PXOR X0, X3
+ MOVO X3, X12
+ PSLLL $16, X12
+ PSRLL $16, X3
+ PXOR X12, X3
+ PADDL X3, X2
+ PXOR X2, X1
+ MOVO X1, X12
+ PSLLL $12, X12
+ PSRLL $20, X1
+ PXOR X12, X1
+ PADDL X1, X0
+ PXOR X0, X3
+ MOVO X3, X12
+ PSLLL $8, X12
+ PSRLL $24, X3
+ PXOR X12, X3
+ PADDL X3, X2
+ PXOR X2, X1
+ MOVO X1, X12
+ PSLLL $7, X12
+ PSRLL $25, X1
+ PXOR X12, X1
+ PSHUFL $147, X1, X1
+ PSHUFL $78, X2, X2
+ PSHUFL $57, X3, X3
+ SUBQ $2, SI
+ JNE rounds_loop1_begin
+ PADDL X8, X0
+ PADDL X9, X1
+ PADDL X10, X2
+ PADDL X11, X3
+ MOVOU 0(BX), X12
+ PXOR X0, X12
+ MOVOU X12, 0(CX)
+ MOVOU 16(BX), X12
+ PXOR X1, X12
+ MOVOU X12, 16(CX)
+ MOVOU 32(BX), X12
+ PXOR X2, X12
+ MOVOU X12, 32(CX)
+ MOVOU 48(BX), X12
+ PXOR X3, X12
+ MOVOU X12, 48(CX)
+ PADDQ X13, X11
+out_serial:
+ MOVOU X11, 48(AX)
+out:
+ PXOR X0, X0
+ MOVO X0, 16(SP)
+ MOVQ DI, SP
+ RET
+
+// func blocksAmd64AVX2(x *uint32, inp *uint8, outp *uint8, nrBlocks *uint)
+TEXT ·blocksAmd64AVX2(SB),4,$0-32
+ MOVQ x+0(FP), AX
+ MOVQ inp+8(FP), BX
+ MOVQ outp+16(FP), CX
+ MOVQ nrBlocks+24(FP), DX
+ MOVQ SP, DI
+ ANDQ $18446744073709551584, SP
+ SUBQ $32, SP
+ SUBQ $96, SP
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm0, ymm0, ymm0
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x04; BYTE $0x24 // VMOVDQU [rsp], ymm0
+ MOVL $1, SI
+ MOVL SI, 16(SP)
+ BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x48; BYTE $0x30 // VBROADCASTI128 ymm1, [rax + 48]
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xD4; BYTE $0x0C; BYTE $0x24 // VPADDQ ymm1, ymm1, [rsp]
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x4C; BYTE $0x24; BYTE $0x20 // VMOVDQA [rsp + 32], ymm1
+ MOVL $2, SI
+ MOVL SI, 0(SP)
+ MOVL SI, 16(SP)
+ SUBQ $8, DX
+ JCS vector_loop8_end
+vector_loop8_begin:
+ BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x10 // VBROADCASTI128 ymm2, [rax]
+ BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x58; BYTE $0x10 // VBROADCASTI128 ymm3, [rax + 16]
+ BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x60; BYTE $0x20 // VBROADCASTI128 ymm4, [rax + 32]
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x4C; BYTE $0x24; BYTE $0x20 // VMOVDQA ymm1, [rsp + 32]
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xEA // VMOVDQA ymm5, ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xF3 // VMOVDQA ymm6, ymm3
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xFC // VMOVDQA ymm7, ymm4
+ BYTE $0xC5; BYTE $0x75; BYTE $0xD4; BYTE $0x04; BYTE $0x24 // VPADDQ ymm8, ymm1, [rsp]
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xCA // VMOVDQA ymm9, ymm2
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xD3 // VMOVDQA ymm10, ymm3
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xDC // VMOVDQA ymm11, ymm4
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xD4; BYTE $0x24; BYTE $0x24 // VPADDQ ymm12, ymm8, [rsp]
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xC2 // VMOVDQA ymm0, ymm2
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xEB // VMOVDQA ymm13, ymm3
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xF4 // VMOVDQA ymm14, ymm4
+ BYTE $0xC5; BYTE $0x1D; BYTE $0xD4; BYTE $0x3C; BYTE $0x24 // VPADDQ ymm15, ymm12, [rsp]
+ MOVQ $20, SI
+rounds_loop8_begin:
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC4; BYTE $0x41; BYTE $0x35; BYTE $0xFE; BYTE $0xCA // VPADDD ymm9, ymm9, ymm10
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0xFE; BYTE $0xC5 // VPADDD ymm0, ymm0, ymm13
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xEF; BYTE $0xE1 // VPXOR ymm12, ymm12, ymm9
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x10 // VPSLLD ymm0, ymm8, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x10 // VPSRLD ymm8, ymm8, 16
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF4; BYTE $0x10 // VPSLLD ymm0, ymm12, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x1D; BYTE $0x72; BYTE $0xD4; BYTE $0x10 // VPSRLD ymm12, ymm12, 16
+ BYTE $0xC5; BYTE $0x1D; BYTE $0xEF; BYTE $0xE0 // VPXOR ymm12, ymm12, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF7; BYTE $0x10 // VPSLLD ymm0, ymm15, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x05; BYTE $0x72; BYTE $0xD7; BYTE $0x10 // VPSRLD ymm15, ymm15, 16
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC4; BYTE $0x41; BYTE $0x25; BYTE $0xFE; BYTE $0xDC // VPADDD ymm11, ymm11, ymm12
+ BYTE $0xC4; BYTE $0x41; BYTE $0x0D; BYTE $0xFE; BYTE $0xF7 // VPADDD ymm14, ymm14, ymm15
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC4; BYTE $0x41; BYTE $0x2D; BYTE $0xEF; BYTE $0xD3 // VPXOR ymm10, ymm10, ymm11
+ BYTE $0xC4; BYTE $0x41; BYTE $0x15; BYTE $0xEF; BYTE $0xEE // VPXOR ymm13, ymm13, ymm14
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x0C // VPSLLD ymm0, ymm6, 12
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x14 // VPSRLD ymm6, ymm6, 20
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF2; BYTE $0x0C // VPSLLD ymm0, ymm10, 12
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x2D; BYTE $0x72; BYTE $0xD2; BYTE $0x14 // VPSRLD ymm10, ymm10, 20
+ BYTE $0xC5; BYTE $0x2D; BYTE $0xEF; BYTE $0xD0 // VPXOR ymm10, ymm10, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF5; BYTE $0x0C // VPSLLD ymm0, ymm13, 12
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x15; BYTE $0x72; BYTE $0xD5; BYTE $0x14 // VPSRLD ymm13, ymm13, 20
+ BYTE $0xC5; BYTE $0x15; BYTE $0xEF; BYTE $0xE8 // VPXOR ymm13, ymm13, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA ymm0, [rsp + 64]
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC4; BYTE $0x41; BYTE $0x35; BYTE $0xFE; BYTE $0xCA // VPADDD ymm9, ymm9, ymm10
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0xFE; BYTE $0xC5 // VPADDD ymm0, ymm0, ymm13
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xEF; BYTE $0xE1 // VPXOR ymm12, ymm12, ymm9
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x08 // VPSLLD ymm0, ymm8, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x18 // VPSRLD ymm8, ymm8, 24
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF4; BYTE $0x08 // VPSLLD ymm0, ymm12, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x1D; BYTE $0x72; BYTE $0xD4; BYTE $0x18 // VPSRLD ymm12, ymm12, 24
+ BYTE $0xC5; BYTE $0x1D; BYTE $0xEF; BYTE $0xE0 // VPXOR ymm12, ymm12, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF7; BYTE $0x08 // VPSLLD ymm0, ymm15, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x05; BYTE $0x72; BYTE $0xD7; BYTE $0x18 // VPSRLD ymm15, ymm15, 24
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC4; BYTE $0x41; BYTE $0x25; BYTE $0xFE; BYTE $0xDC // VPADDD ymm11, ymm11, ymm12
+ BYTE $0xC4; BYTE $0x41; BYTE $0x0D; BYTE $0xFE; BYTE $0xF7 // VPADDD ymm14, ymm14, ymm15
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC4; BYTE $0x41; BYTE $0x2D; BYTE $0xEF; BYTE $0xD3 // VPXOR ymm10, ymm10, ymm11
+ BYTE $0xC4; BYTE $0x41; BYTE $0x15; BYTE $0xEF; BYTE $0xEE // VPXOR ymm13, ymm13, ymm14
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x07 // VPSLLD ymm0, ymm6, 7
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x19 // VPSRLD ymm6, ymm6, 25
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF2; BYTE $0x07 // VPSLLD ymm0, ymm10, 7
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x2D; BYTE $0x72; BYTE $0xD2; BYTE $0x19 // VPSRLD ymm10, ymm10, 25
+ BYTE $0xC5; BYTE $0x2D; BYTE $0xEF; BYTE $0xD0 // VPXOR ymm10, ymm10, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF5; BYTE $0x07 // VPSLLD ymm0, ymm13, 7
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x15; BYTE $0x72; BYTE $0xD5; BYTE $0x19 // VPSRLD ymm13, ymm13, 25
+ BYTE $0xC5; BYTE $0x15; BYTE $0xEF; BYTE $0xE8 // VPXOR ymm13, ymm13, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x39 // VPSHUFD ymm3, ymm3, 57
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xF6; BYTE $0x39 // VPSHUFD ymm6, ymm6, 57
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xD2; BYTE $0x39 // VPSHUFD ymm10, ymm10, 57
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xED; BYTE $0x39 // VPSHUFD ymm13, ymm13, 57
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xFF; BYTE $0x4E // VPSHUFD ymm7, ymm7, 78
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xDB; BYTE $0x4E // VPSHUFD ymm11, ymm11, 78
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xF6; BYTE $0x4E // VPSHUFD ymm14, ymm14, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x93 // VPSHUFD ymm1, ymm1, 147
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xC0; BYTE $0x93 // VPSHUFD ymm8, ymm8, 147
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xE4; BYTE $0x93 // VPSHUFD ymm12, ymm12, 147
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xFF; BYTE $0x93 // VPSHUFD ymm15, ymm15, 147
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA ymm0, [rsp + 64]
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC4; BYTE $0x41; BYTE $0x35; BYTE $0xFE; BYTE $0xCA // VPADDD ymm9, ymm9, ymm10
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0xFE; BYTE $0xC5 // VPADDD ymm0, ymm0, ymm13
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xEF; BYTE $0xE1 // VPXOR ymm12, ymm12, ymm9
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x10 // VPSLLD ymm0, ymm8, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x10 // VPSRLD ymm8, ymm8, 16
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF4; BYTE $0x10 // VPSLLD ymm0, ymm12, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x1D; BYTE $0x72; BYTE $0xD4; BYTE $0x10 // VPSRLD ymm12, ymm12, 16
+ BYTE $0xC5; BYTE $0x1D; BYTE $0xEF; BYTE $0xE0 // VPXOR ymm12, ymm12, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF7; BYTE $0x10 // VPSLLD ymm0, ymm15, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x05; BYTE $0x72; BYTE $0xD7; BYTE $0x10 // VPSRLD ymm15, ymm15, 16
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC4; BYTE $0x41; BYTE $0x25; BYTE $0xFE; BYTE $0xDC // VPADDD ymm11, ymm11, ymm12
+ BYTE $0xC4; BYTE $0x41; BYTE $0x0D; BYTE $0xFE; BYTE $0xF7 // VPADDD ymm14, ymm14, ymm15
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC4; BYTE $0x41; BYTE $0x2D; BYTE $0xEF; BYTE $0xD3 // VPXOR ymm10, ymm10, ymm11
+ BYTE $0xC4; BYTE $0x41; BYTE $0x15; BYTE $0xEF; BYTE $0xEE // VPXOR ymm13, ymm13, ymm14
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x0C // VPSLLD ymm0, ymm6, 12
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x14 // VPSRLD ymm6, ymm6, 20
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF2; BYTE $0x0C // VPSLLD ymm0, ymm10, 12
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x2D; BYTE $0x72; BYTE $0xD2; BYTE $0x14 // VPSRLD ymm10, ymm10, 20
+ BYTE $0xC5; BYTE $0x2D; BYTE $0xEF; BYTE $0xD0 // VPXOR ymm10, ymm10, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF5; BYTE $0x0C // VPSLLD ymm0, ymm13, 12
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x15; BYTE $0x72; BYTE $0xD5; BYTE $0x14 // VPSRLD ymm13, ymm13, 20
+ BYTE $0xC5; BYTE $0x15; BYTE $0xEF; BYTE $0xE8 // VPXOR ymm13, ymm13, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA ymm0, [rsp + 64]
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC4; BYTE $0x41; BYTE $0x35; BYTE $0xFE; BYTE $0xCA // VPADDD ymm9, ymm9, ymm10
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0xFE; BYTE $0xC5 // VPADDD ymm0, ymm0, ymm13
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xEF; BYTE $0xE1 // VPXOR ymm12, ymm12, ymm9
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x08 // VPSLLD ymm0, ymm8, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x18 // VPSRLD ymm8, ymm8, 24
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF4; BYTE $0x08 // VPSLLD ymm0, ymm12, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x1D; BYTE $0x72; BYTE $0xD4; BYTE $0x18 // VPSRLD ymm12, ymm12, 24
+ BYTE $0xC5; BYTE $0x1D; BYTE $0xEF; BYTE $0xE0 // VPXOR ymm12, ymm12, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF7; BYTE $0x08 // VPSLLD ymm0, ymm15, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x05; BYTE $0x72; BYTE $0xD7; BYTE $0x18 // VPSRLD ymm15, ymm15, 24
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC4; BYTE $0x41; BYTE $0x25; BYTE $0xFE; BYTE $0xDC // VPADDD ymm11, ymm11, ymm12
+ BYTE $0xC4; BYTE $0x41; BYTE $0x0D; BYTE $0xFE; BYTE $0xF7 // VPADDD ymm14, ymm14, ymm15
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC4; BYTE $0x41; BYTE $0x2D; BYTE $0xEF; BYTE $0xD3 // VPXOR ymm10, ymm10, ymm11
+ BYTE $0xC4; BYTE $0x41; BYTE $0x15; BYTE $0xEF; BYTE $0xEE // VPXOR ymm13, ymm13, ymm14
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x07 // VPSLLD ymm0, ymm6, 7
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x19 // VPSRLD ymm6, ymm6, 25
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF2; BYTE $0x07 // VPSLLD ymm0, ymm10, 7
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x2D; BYTE $0x72; BYTE $0xD2; BYTE $0x19 // VPSRLD ymm10, ymm10, 25
+ BYTE $0xC5; BYTE $0x2D; BYTE $0xEF; BYTE $0xD0 // VPXOR ymm10, ymm10, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF5; BYTE $0x07 // VPSLLD ymm0, ymm13, 7
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x15; BYTE $0x72; BYTE $0xD5; BYTE $0x19 // VPSRLD ymm13, ymm13, 25
+ BYTE $0xC5; BYTE $0x15; BYTE $0xEF; BYTE $0xE8 // VPXOR ymm13, ymm13, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x93 // VPSHUFD ymm3, ymm3, 147
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xF6; BYTE $0x93 // VPSHUFD ymm6, ymm6, 147
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xD2; BYTE $0x93 // VPSHUFD ymm10, ymm10, 147
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xED; BYTE $0x93 // VPSHUFD ymm13, ymm13, 147
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xFF; BYTE $0x4E // VPSHUFD ymm7, ymm7, 78
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xDB; BYTE $0x4E // VPSHUFD ymm11, ymm11, 78
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xF6; BYTE $0x4E // VPSHUFD ymm14, ymm14, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x39 // VPSHUFD ymm1, ymm1, 57
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xC0; BYTE $0x39 // VPSHUFD ymm8, ymm8, 57
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xE4; BYTE $0x39 // VPSHUFD ymm12, ymm12, 57
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xFF; BYTE $0x39 // VPSHUFD ymm15, ymm15, 57
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA ymm0, [rsp + 64]
+ SUBQ $2, SI
+ JNE rounds_loop8_begin
+ BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x00 // VBROADCASTI128 ymm0, [rax]
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD0 // VPADDD ymm2, ymm2, ymm0
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xE8 // VPADDD ymm5, ymm5, ymm0
+ BYTE $0xC5; BYTE $0x35; BYTE $0xFE; BYTE $0xC8 // VPADDD ymm9, ymm9, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xFE; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VPADDD ymm0, ymm0, [rsp + 64]
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm0
+ BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x40; BYTE $0x10 // VBROADCASTI128 ymm0, [rax + 16]
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xFE; BYTE $0xD8 // VPADDD ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xFE; BYTE $0xF0 // VPADDD ymm6, ymm6, ymm0
+ BYTE $0xC5; BYTE $0x2D; BYTE $0xFE; BYTE $0xD0 // VPADDD ymm10, ymm10, ymm0
+ BYTE $0xC5; BYTE $0x15; BYTE $0xFE; BYTE $0xE8 // VPADDD ymm13, ymm13, ymm0
+ BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x40; BYTE $0x20 // VBROADCASTI128 ymm0, [rax + 32]
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE0 // VPADDD ymm4, ymm4, ymm0
+ BYTE $0xC5; BYTE $0xC5; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm0
+ BYTE $0xC5; BYTE $0x25; BYTE $0xFE; BYTE $0xD8 // VPADDD ymm11, ymm11, ymm0
+ BYTE $0xC5; BYTE $0x0D; BYTE $0xFE; BYTE $0xF0 // VPADDD ymm14, ymm14, ymm0
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xFE; BYTE $0x4C; BYTE $0x24; BYTE $0x20 // VPADDD ymm1, ymm1, [rsp + 32]
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x20 // VPERM2I128 ymm0, ymm2, ymm3, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x03 // VPXOR ymm0, ymm0, [rbx]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x01 // VMOVDQU [rcx], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x20 // VPERM2I128 ymm0, ymm4, ymm1, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x20 // VPXOR ymm0, ymm0, [rbx + 32]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x20 // VMOVDQU [rcx + 32], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x31 // VPERM2I128 ymm0, ymm2, ymm3, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x40 // VPXOR ymm0, ymm0, [rbx + 64]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x40 // VMOVDQU [rcx + 64], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x31 // VPERM2I128 ymm0, ymm4, ymm1, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x60 // VPXOR ymm0, ymm0, [rbx + 96]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x60 // VMOVDQU [rcx + 96], ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x4C; BYTE $0x24; BYTE $0x20 // VMOVDQA ymm1, [rsp + 32]
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xFE; BYTE $0x0C; BYTE $0x24 // VPADDD ymm1, ymm1, [rsp]
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xFE; BYTE $0xC1 // VPADDD ymm8, ymm8, ymm1
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x55; BYTE $0x46; BYTE $0xC6; BYTE $0x20 // VPERM2I128 ymm0, ymm5, ymm6, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x80; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 128]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x80; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 128], ymm0
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x45; BYTE $0x46; BYTE $0xC0; BYTE $0x20 // VPERM2I128 ymm0, ymm7, ymm8, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xA0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 160]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xA0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 160], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x55; BYTE $0x46; BYTE $0xC6; BYTE $0x31 // VPERM2I128 ymm0, ymm5, ymm6, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xC0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 192]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xC0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 192], ymm0
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x45; BYTE $0x46; BYTE $0xC0; BYTE $0x31 // VPERM2I128 ymm0, ymm7, ymm8, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xE0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 224]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xE0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 224], ymm0
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xFE; BYTE $0x0C; BYTE $0x24 // VPADDD ymm1, ymm1, [rsp]
+ BYTE $0xC5; BYTE $0x1D; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm12, ymm12, ymm1
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x35; BYTE $0x46; BYTE $0xC2; BYTE $0x20 // VPERM2I128 ymm0, ymm9, ymm10, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x00; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 256]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x00; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 256], ymm0
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x25; BYTE $0x46; BYTE $0xC4; BYTE $0x20 // VPERM2I128 ymm0, ymm11, ymm12, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x20; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 288]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x20; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 288], ymm0
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x35; BYTE $0x46; BYTE $0xC2; BYTE $0x31 // VPERM2I128 ymm0, ymm9, ymm10, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x40; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 320]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x40; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 320], ymm0
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x25; BYTE $0x46; BYTE $0xC4; BYTE $0x31 // VPERM2I128 ymm0, ymm11, ymm12, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x60; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 352]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x60; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 352], ymm0
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xFE; BYTE $0x0C; BYTE $0x24 // VPADDD ymm1, ymm1, [rsp]
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA ymm0, [rsp + 64]
+ BYTE $0xC5; BYTE $0x05; BYTE $0xFE; BYTE $0xF9 // VPADDD ymm15, ymm15, ymm1
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x7D; BYTE $0x46; BYTE $0xD5; BYTE $0x20 // VPERM2I128 ymm2, ymm0, ymm13, 32
+ BYTE $0xC5; BYTE $0xED; BYTE $0xEF; BYTE $0x93; BYTE $0x80; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm2, ymm2, [rbx + 384]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x91; BYTE $0x80; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 384], ymm2
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x0D; BYTE $0x46; BYTE $0xD7; BYTE $0x20 // VPERM2I128 ymm2, ymm14, ymm15, 32
+ BYTE $0xC5; BYTE $0xED; BYTE $0xEF; BYTE $0x93; BYTE $0xA0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm2, ymm2, [rbx + 416]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x91; BYTE $0xA0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 416], ymm2
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x7D; BYTE $0x46; BYTE $0xD5; BYTE $0x31 // VPERM2I128 ymm2, ymm0, ymm13, 49
+ BYTE $0xC5; BYTE $0xED; BYTE $0xEF; BYTE $0x93; BYTE $0xC0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm2, ymm2, [rbx + 448]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x91; BYTE $0xC0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 448], ymm2
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x0D; BYTE $0x46; BYTE $0xD7; BYTE $0x31 // VPERM2I128 ymm2, ymm14, ymm15, 49
+ BYTE $0xC5; BYTE $0xED; BYTE $0xEF; BYTE $0x93; BYTE $0xE0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm2, ymm2, [rbx + 480]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x91; BYTE $0xE0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 480], ymm2
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xFE; BYTE $0x0C; BYTE $0x24 // VPADDD ymm1, ymm1, [rsp]
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x4C; BYTE $0x24; BYTE $0x20 // VMOVDQA [rsp + 32], ymm1
+ ADDQ $512, BX
+ ADDQ $512, CX
+ SUBQ $8, DX
+ JCC vector_loop8_begin
+vector_loop8_end:
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xE1 // VMOVDQA ymm12, ymm1
+ ADDQ $8, DX
+ JEQ out_write_even
+ BYTE $0xC4; BYTE $0x62; BYTE $0x7D; BYTE $0x5A; BYTE $0x08 // VBROADCASTI128 ymm9, [rax]
+ BYTE $0xC4; BYTE $0x62; BYTE $0x7D; BYTE $0x5A; BYTE $0x50; BYTE $0x10 // VBROADCASTI128 ymm10, [rax + 16]
+ BYTE $0xC4; BYTE $0x62; BYTE $0x7D; BYTE $0x5A; BYTE $0x58; BYTE $0x20 // VBROADCASTI128 ymm11, [rax + 32]
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0x34; BYTE $0x24 // VMOVDQA ymm14, [rsp]
+ SUBQ $4, DX
+ JCS process_2_blocks
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xCA // VMOVDQA ymm2, ymm9
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xD3 // VMOVDQA ymm3, ymm10
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xDC // VMOVDQA ymm4, ymm11
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xE1 // VMOVDQA ymm1, ymm12
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xEA // VMOVDQA ymm5, ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xF3 // VMOVDQA ymm6, ymm3
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xFC // VMOVDQA ymm7, ymm4
+ BYTE $0xC4; BYTE $0x41; BYTE $0x75; BYTE $0xD4; BYTE $0xC6 // VPADDQ ymm8, ymm1, ymm14
+ MOVQ $20, SI
+rounds_loop4_begin:
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x10 // VPSLLD ymm0, ymm8, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x10 // VPSRLD ymm8, ymm8, 16
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x0C // VPSLLD ymm0, ymm6, 12
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x14 // VPSRLD ymm6, ymm6, 20
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x08 // VPSLLD ymm0, ymm8, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x18 // VPSRLD ymm8, ymm8, 24
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x07 // VPSLLD ymm0, ymm6, 7
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x19 // VPSRLD ymm6, ymm6, 25
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x39 // VPSHUFD ymm3, ymm3, 57
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xF6; BYTE $0x39 // VPSHUFD ymm6, ymm6, 57
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xFF; BYTE $0x4E // VPSHUFD ymm7, ymm7, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x93 // VPSHUFD ymm1, ymm1, 147
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xC0; BYTE $0x93 // VPSHUFD ymm8, ymm8, 147
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x10 // VPSLLD ymm0, ymm8, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x10 // VPSRLD ymm8, ymm8, 16
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x0C // VPSLLD ymm0, ymm6, 12
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x14 // VPSRLD ymm6, ymm6, 20
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x08 // VPSLLD ymm0, ymm8, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x18 // VPSRLD ymm8, ymm8, 24
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x07 // VPSLLD ymm0, ymm6, 7
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x19 // VPSRLD ymm6, ymm6, 25
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x93 // VPSHUFD ymm3, ymm3, 147
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xF6; BYTE $0x93 // VPSHUFD ymm6, ymm6, 147
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xFF; BYTE $0x4E // VPSHUFD ymm7, ymm7, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x39 // VPSHUFD ymm1, ymm1, 57
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xC0; BYTE $0x39 // VPSHUFD ymm8, ymm8, 57
+ SUBQ $2, SI
+ JNE rounds_loop4_begin
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x6D; BYTE $0xFE; BYTE $0xD1 // VPADDD ymm2, ymm2, ymm9
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x65; BYTE $0xFE; BYTE $0xDA // VPADDD ymm3, ymm3, ymm10
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x5D; BYTE $0xFE; BYTE $0xE3 // VPADDD ymm4, ymm4, ymm11
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x75; BYTE $0xFE; BYTE $0xCC // VPADDD ymm1, ymm1, ymm12
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x20 // VPERM2I128 ymm0, ymm2, ymm3, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x03 // VPXOR ymm0, ymm0, [rbx]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x01 // VMOVDQU [rcx], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x20 // VPERM2I128 ymm0, ymm4, ymm1, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x20 // VPXOR ymm0, ymm0, [rbx + 32]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x20 // VMOVDQU [rcx + 32], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x31 // VPERM2I128 ymm0, ymm2, ymm3, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x40 // VPXOR ymm0, ymm0, [rbx + 64]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x40 // VMOVDQU [rcx + 64], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x31 // VPERM2I128 ymm0, ymm4, ymm1, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x60 // VPXOR ymm0, ymm0, [rbx + 96]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x60 // VMOVDQU [rcx + 96], ymm0
+ BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xFE; BYTE $0xE6 // VPADDD ymm12, ymm12, ymm14
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x55; BYTE $0xFE; BYTE $0xE9 // VPADDD ymm5, ymm5, ymm9
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x4D; BYTE $0xFE; BYTE $0xF2 // VPADDD ymm6, ymm6, ymm10
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xFB // VPADDD ymm7, ymm7, ymm11
+ BYTE $0xC4; BYTE $0x41; BYTE $0x3D; BYTE $0xFE; BYTE $0xC4 // VPADDD ymm8, ymm8, ymm12
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x55; BYTE $0x46; BYTE $0xC6; BYTE $0x20 // VPERM2I128 ymm0, ymm5, ymm6, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x80; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 128]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x80; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 128], ymm0
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x45; BYTE $0x46; BYTE $0xC0; BYTE $0x20 // VPERM2I128 ymm0, ymm7, ymm8, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xA0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 160]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xA0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 160], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x55; BYTE $0x46; BYTE $0xC6; BYTE $0x31 // VPERM2I128 ymm0, ymm5, ymm6, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xC0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 192]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xC0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 192], ymm0
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x45; BYTE $0x46; BYTE $0xC0; BYTE $0x31 // VPERM2I128 ymm0, ymm7, ymm8, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xE0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 224]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xE0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 224], ymm0
+ BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xFE; BYTE $0xE6 // VPADDD ymm12, ymm12, ymm14
+ ADDQ $256, BX
+ ADDQ $256, CX
+ SUBQ $4, DX
+process_2_blocks:
+ ADDQ $4, DX
+ JEQ out_write_even
+vector_loop2_begin:
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xCA // VMOVDQA ymm2, ymm9
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xD3 // VMOVDQA ymm3, ymm10
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xDC // VMOVDQA ymm4, ymm11
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xE1 // VMOVDQA ymm1, ymm12
+ MOVQ $20, SI
+rounds_loop2_begin:
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x39 // VPSHUFD ymm3, ymm3, 57
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x93 // VPSHUFD ymm1, ymm1, 147
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x93 // VPSHUFD ymm3, ymm3, 147
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x39 // VPSHUFD ymm1, ymm1, 57
+ SUBQ $2, SI
+ JNE rounds_loop2_begin
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x6D; BYTE $0xFE; BYTE $0xD1 // VPADDD ymm2, ymm2, ymm9
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x65; BYTE $0xFE; BYTE $0xDA // VPADDD ymm3, ymm3, ymm10
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x5D; BYTE $0xFE; BYTE $0xE3 // VPADDD ymm4, ymm4, ymm11
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x75; BYTE $0xFE; BYTE $0xCC // VPADDD ymm1, ymm1, ymm12
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x20 // VPERM2I128 ymm0, ymm2, ymm3, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x03 // VPXOR ymm0, ymm0, [rbx]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x01 // VMOVDQU [rcx], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x20 // VPERM2I128 ymm0, ymm4, ymm1, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x20 // VPXOR ymm0, ymm0, [rbx + 32]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x20 // VMOVDQU [rcx + 32], ymm0
+ SUBQ $1, DX
+ JEQ out_write_odd
+ BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xFE; BYTE $0xE6 // VPADDD ymm12, ymm12, ymm14
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x31 // VPERM2I128 ymm0, ymm2, ymm3, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x40 // VPXOR ymm0, ymm0, [rbx + 64]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x40 // VMOVDQU [rcx + 64], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x31 // VPERM2I128 ymm0, ymm4, ymm1, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x60 // VPXOR ymm0, ymm0, [rbx + 96]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x60 // VMOVDQU [rcx + 96], ymm0
+ SUBQ $1, DX
+ JEQ out_write_even
+ ADDQ $128, BX
+ ADDQ $128, CX
+ JMP vector_loop2_begin
+out_write_odd:
+ BYTE $0xC4; BYTE $0x43; BYTE $0x1D; BYTE $0x46; BYTE $0xE4; BYTE $0x01 // VPERM2I128 ymm12, ymm12, ymm12, 1
+out_write_even:
+ BYTE $0xC5; BYTE $0x7A; BYTE $0x7F; BYTE $0x60; BYTE $0x30 // VMOVDQU [rax + 48], xmm12
+ BYTE $0xC5; BYTE $0xED; BYTE $0xEF; BYTE $0xD2 // VPXOR ymm2, ymm2, ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x54; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x54; BYTE $0x24; BYTE $0x20 // VMOVDQA [rsp + 32], ymm2
+ BYTE $0xC5; BYTE $0xFC; BYTE $0x77 // VZEROALL
+ MOVQ DI, SP
+ RET
+
+// func cpuidAmd64(cpuidParams *uint32)
+TEXT ·cpuidAmd64(SB),4,$0-8
+ MOVQ cpuidParams+0(FP), R15
+ MOVL 0(R15), AX
+ MOVL 8(R15), CX
+ CPUID
+ MOVL AX, 0(R15)
+ MOVL BX, 4(R15)
+ MOVL CX, 8(R15)
+ MOVL DX, 12(R15)
+ RET
+
+// func xgetbv0Amd64(xcrVec *uint32)
+TEXT ·xgetbv0Amd64(SB),4,$0-8
+ MOVQ xcrVec+0(FP), BX
+ XORL CX, CX
+ BYTE $0x0F; BYTE $0x01; BYTE $0xD0 // XGETBV
+ MOVL AX, 0(BX)
+ MOVL DX, 4(BX)
+ RET
diff --git a/vendor/github.com/Yawning/chacha20/chacha20_ref.go b/vendor/github.com/Yawning/chacha20/chacha20_ref.go
new file mode 100644
index 0000000..fcdc8c6
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/chacha20_ref.go
@@ -0,0 +1,394 @@
+// chacha20_ref.go - Reference ChaCha20.
+//
+// To the extent possible under law, Yawning Angel has waived all copyright
+// and related or neighboring rights to chacha20, using the Creative
+// Commons "CC0" public domain dedication. See LICENSE or
+// for full details.
+
+// +build !go1.9
+
+package chacha20
+
+import (
+ "encoding/binary"
+ "math"
+ "unsafe"
+)
+
+func blocksRef(x *[stateSize]uint32, in []byte, out []byte, nrBlocks int, isIetf bool) {
+ if isIetf {
+ var totalBlocks uint64
+ totalBlocks = uint64(x[12]) + uint64(nrBlocks)
+ if totalBlocks > math.MaxUint32 {
+ panic("chacha20: Exceeded keystream per nonce limit")
+ }
+ }
+
+ // This routine ignores x[0]...x[4] in favor the const values since it's
+ // ever so slightly faster.
+
+ for n := 0; n < nrBlocks; n++ {
+ x0, x1, x2, x3 := sigma0, sigma1, sigma2, sigma3
+ x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15 := x[4], x[5], x[6], x[7], x[8], x[9], x[10], x[11], x[12], x[13], x[14], x[15]
+
+ for i := chachaRounds; i > 0; i -= 2 {
+ // quarterround(x, 0, 4, 8, 12)
+ x0 += x4
+ x12 ^= x0
+ x12 = (x12 << 16) | (x12 >> 16)
+ x8 += x12
+ x4 ^= x8
+ x4 = (x4 << 12) | (x4 >> 20)
+ x0 += x4
+ x12 ^= x0
+ x12 = (x12 << 8) | (x12 >> 24)
+ x8 += x12
+ x4 ^= x8
+ x4 = (x4 << 7) | (x4 >> 25)
+
+ // quarterround(x, 1, 5, 9, 13)
+ x1 += x5
+ x13 ^= x1
+ x13 = (x13 << 16) | (x13 >> 16)
+ x9 += x13
+ x5 ^= x9
+ x5 = (x5 << 12) | (x5 >> 20)
+ x1 += x5
+ x13 ^= x1
+ x13 = (x13 << 8) | (x13 >> 24)
+ x9 += x13
+ x5 ^= x9
+ x5 = (x5 << 7) | (x5 >> 25)
+
+ // quarterround(x, 2, 6, 10, 14)
+ x2 += x6
+ x14 ^= x2
+ x14 = (x14 << 16) | (x14 >> 16)
+ x10 += x14
+ x6 ^= x10
+ x6 = (x6 << 12) | (x6 >> 20)
+ x2 += x6
+ x14 ^= x2
+ x14 = (x14 << 8) | (x14 >> 24)
+ x10 += x14
+ x6 ^= x10
+ x6 = (x6 << 7) | (x6 >> 25)
+
+ // quarterround(x, 3, 7, 11, 15)
+ x3 += x7
+ x15 ^= x3
+ x15 = (x15 << 16) | (x15 >> 16)
+ x11 += x15
+ x7 ^= x11
+ x7 = (x7 << 12) | (x7 >> 20)
+ x3 += x7
+ x15 ^= x3
+ x15 = (x15 << 8) | (x15 >> 24)
+ x11 += x15
+ x7 ^= x11
+ x7 = (x7 << 7) | (x7 >> 25)
+
+ // quarterround(x, 0, 5, 10, 15)
+ x0 += x5
+ x15 ^= x0
+ x15 = (x15 << 16) | (x15 >> 16)
+ x10 += x15
+ x5 ^= x10
+ x5 = (x5 << 12) | (x5 >> 20)
+ x0 += x5
+ x15 ^= x0
+ x15 = (x15 << 8) | (x15 >> 24)
+ x10 += x15
+ x5 ^= x10
+ x5 = (x5 << 7) | (x5 >> 25)
+
+ // quarterround(x, 1, 6, 11, 12)
+ x1 += x6
+ x12 ^= x1
+ x12 = (x12 << 16) | (x12 >> 16)
+ x11 += x12
+ x6 ^= x11
+ x6 = (x6 << 12) | (x6 >> 20)
+ x1 += x6
+ x12 ^= x1
+ x12 = (x12 << 8) | (x12 >> 24)
+ x11 += x12
+ x6 ^= x11
+ x6 = (x6 << 7) | (x6 >> 25)
+
+ // quarterround(x, 2, 7, 8, 13)
+ x2 += x7
+ x13 ^= x2
+ x13 = (x13 << 16) | (x13 >> 16)
+ x8 += x13
+ x7 ^= x8
+ x7 = (x7 << 12) | (x7 >> 20)
+ x2 += x7
+ x13 ^= x2
+ x13 = (x13 << 8) | (x13 >> 24)
+ x8 += x13
+ x7 ^= x8
+ x7 = (x7 << 7) | (x7 >> 25)
+
+ // quarterround(x, 3, 4, 9, 14)
+ x3 += x4
+ x14 ^= x3
+ x14 = (x14 << 16) | (x14 >> 16)
+ x9 += x14
+ x4 ^= x9
+ x4 = (x4 << 12) | (x4 >> 20)
+ x3 += x4
+ x14 ^= x3
+ x14 = (x14 << 8) | (x14 >> 24)
+ x9 += x14
+ x4 ^= x9
+ x4 = (x4 << 7) | (x4 >> 25)
+ }
+
+ // On amd64 at least, this is a rather big boost.
+ if useUnsafe {
+ if in != nil {
+ inArr := (*[16]uint32)(unsafe.Pointer(&in[n*BlockSize]))
+ outArr := (*[16]uint32)(unsafe.Pointer(&out[n*BlockSize]))
+ outArr[0] = inArr[0] ^ (x0 + sigma0)
+ outArr[1] = inArr[1] ^ (x1 + sigma1)
+ outArr[2] = inArr[2] ^ (x2 + sigma2)
+ outArr[3] = inArr[3] ^ (x3 + sigma3)
+ outArr[4] = inArr[4] ^ (x4 + x[4])
+ outArr[5] = inArr[5] ^ (x5 + x[5])
+ outArr[6] = inArr[6] ^ (x6 + x[6])
+ outArr[7] = inArr[7] ^ (x7 + x[7])
+ outArr[8] = inArr[8] ^ (x8 + x[8])
+ outArr[9] = inArr[9] ^ (x9 + x[9])
+ outArr[10] = inArr[10] ^ (x10 + x[10])
+ outArr[11] = inArr[11] ^ (x11 + x[11])
+ outArr[12] = inArr[12] ^ (x12 + x[12])
+ outArr[13] = inArr[13] ^ (x13 + x[13])
+ outArr[14] = inArr[14] ^ (x14 + x[14])
+ outArr[15] = inArr[15] ^ (x15 + x[15])
+ } else {
+ outArr := (*[16]uint32)(unsafe.Pointer(&out[n*BlockSize]))
+ outArr[0] = x0 + sigma0
+ outArr[1] = x1 + sigma1
+ outArr[2] = x2 + sigma2
+ outArr[3] = x3 + sigma3
+ outArr[4] = x4 + x[4]
+ outArr[5] = x5 + x[5]
+ outArr[6] = x6 + x[6]
+ outArr[7] = x7 + x[7]
+ outArr[8] = x8 + x[8]
+ outArr[9] = x9 + x[9]
+ outArr[10] = x10 + x[10]
+ outArr[11] = x11 + x[11]
+ outArr[12] = x12 + x[12]
+ outArr[13] = x13 + x[13]
+ outArr[14] = x14 + x[14]
+ outArr[15] = x15 + x[15]
+ }
+ } else {
+ // Slow path, either the architecture cares about alignment, or is not little endian.
+ x0 += sigma0
+ x1 += sigma1
+ x2 += sigma2
+ x3 += sigma3
+ x4 += x[4]
+ x5 += x[5]
+ x6 += x[6]
+ x7 += x[7]
+ x8 += x[8]
+ x9 += x[9]
+ x10 += x[10]
+ x11 += x[11]
+ x12 += x[12]
+ x13 += x[13]
+ x14 += x[14]
+ x15 += x[15]
+ if in != nil {
+ binary.LittleEndian.PutUint32(out[0:4], binary.LittleEndian.Uint32(in[0:4])^x0)
+ binary.LittleEndian.PutUint32(out[4:8], binary.LittleEndian.Uint32(in[4:8])^x1)
+ binary.LittleEndian.PutUint32(out[8:12], binary.LittleEndian.Uint32(in[8:12])^x2)
+ binary.LittleEndian.PutUint32(out[12:16], binary.LittleEndian.Uint32(in[12:16])^x3)
+ binary.LittleEndian.PutUint32(out[16:20], binary.LittleEndian.Uint32(in[16:20])^x4)
+ binary.LittleEndian.PutUint32(out[20:24], binary.LittleEndian.Uint32(in[20:24])^x5)
+ binary.LittleEndian.PutUint32(out[24:28], binary.LittleEndian.Uint32(in[24:28])^x6)
+ binary.LittleEndian.PutUint32(out[28:32], binary.LittleEndian.Uint32(in[28:32])^x7)
+ binary.LittleEndian.PutUint32(out[32:36], binary.LittleEndian.Uint32(in[32:36])^x8)
+ binary.LittleEndian.PutUint32(out[36:40], binary.LittleEndian.Uint32(in[36:40])^x9)
+ binary.LittleEndian.PutUint32(out[40:44], binary.LittleEndian.Uint32(in[40:44])^x10)
+ binary.LittleEndian.PutUint32(out[44:48], binary.LittleEndian.Uint32(in[44:48])^x11)
+ binary.LittleEndian.PutUint32(out[48:52], binary.LittleEndian.Uint32(in[48:52])^x12)
+ binary.LittleEndian.PutUint32(out[52:56], binary.LittleEndian.Uint32(in[52:56])^x13)
+ binary.LittleEndian.PutUint32(out[56:60], binary.LittleEndian.Uint32(in[56:60])^x14)
+ binary.LittleEndian.PutUint32(out[60:64], binary.LittleEndian.Uint32(in[60:64])^x15)
+ in = in[BlockSize:]
+ } else {
+ binary.LittleEndian.PutUint32(out[0:4], x0)
+ binary.LittleEndian.PutUint32(out[4:8], x1)
+ binary.LittleEndian.PutUint32(out[8:12], x2)
+ binary.LittleEndian.PutUint32(out[12:16], x3)
+ binary.LittleEndian.PutUint32(out[16:20], x4)
+ binary.LittleEndian.PutUint32(out[20:24], x5)
+ binary.LittleEndian.PutUint32(out[24:28], x6)
+ binary.LittleEndian.PutUint32(out[28:32], x7)
+ binary.LittleEndian.PutUint32(out[32:36], x8)
+ binary.LittleEndian.PutUint32(out[36:40], x9)
+ binary.LittleEndian.PutUint32(out[40:44], x10)
+ binary.LittleEndian.PutUint32(out[44:48], x11)
+ binary.LittleEndian.PutUint32(out[48:52], x12)
+ binary.LittleEndian.PutUint32(out[52:56], x13)
+ binary.LittleEndian.PutUint32(out[56:60], x14)
+ binary.LittleEndian.PutUint32(out[60:64], x15)
+ }
+ out = out[BlockSize:]
+ }
+
+ // Stoping at 2^70 bytes per nonce is the user's responsibility.
+ ctr := uint64(x[13])<<32 | uint64(x[12])
+ ctr++
+ x[12] = uint32(ctr)
+ x[13] = uint32(ctr >> 32)
+ }
+}
+
+func hChaChaRef(x *[stateSize]uint32, out *[32]byte) {
+ x0, x1, x2, x3 := sigma0, sigma1, sigma2, sigma3
+ x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15 := x[0], x[1], x[2], x[3], x[4], x[5], x[6], x[7], x[8], x[9], x[10], x[11]
+
+ for i := chachaRounds; i > 0; i -= 2 {
+ // quarterround(x, 0, 4, 8, 12)
+ x0 += x4
+ x12 ^= x0
+ x12 = (x12 << 16) | (x12 >> 16)
+ x8 += x12
+ x4 ^= x8
+ x4 = (x4 << 12) | (x4 >> 20)
+ x0 += x4
+ x12 ^= x0
+ x12 = (x12 << 8) | (x12 >> 24)
+ x8 += x12
+ x4 ^= x8
+ x4 = (x4 << 7) | (x4 >> 25)
+
+ // quarterround(x, 1, 5, 9, 13)
+ x1 += x5
+ x13 ^= x1
+ x13 = (x13 << 16) | (x13 >> 16)
+ x9 += x13
+ x5 ^= x9
+ x5 = (x5 << 12) | (x5 >> 20)
+ x1 += x5
+ x13 ^= x1
+ x13 = (x13 << 8) | (x13 >> 24)
+ x9 += x13
+ x5 ^= x9
+ x5 = (x5 << 7) | (x5 >> 25)
+
+ // quarterround(x, 2, 6, 10, 14)
+ x2 += x6
+ x14 ^= x2
+ x14 = (x14 << 16) | (x14 >> 16)
+ x10 += x14
+ x6 ^= x10
+ x6 = (x6 << 12) | (x6 >> 20)
+ x2 += x6
+ x14 ^= x2
+ x14 = (x14 << 8) | (x14 >> 24)
+ x10 += x14
+ x6 ^= x10
+ x6 = (x6 << 7) | (x6 >> 25)
+
+ // quarterround(x, 3, 7, 11, 15)
+ x3 += x7
+ x15 ^= x3
+ x15 = (x15 << 16) | (x15 >> 16)
+ x11 += x15
+ x7 ^= x11
+ x7 = (x7 << 12) | (x7 >> 20)
+ x3 += x7
+ x15 ^= x3
+ x15 = (x15 << 8) | (x15 >> 24)
+ x11 += x15
+ x7 ^= x11
+ x7 = (x7 << 7) | (x7 >> 25)
+
+ // quarterround(x, 0, 5, 10, 15)
+ x0 += x5
+ x15 ^= x0
+ x15 = (x15 << 16) | (x15 >> 16)
+ x10 += x15
+ x5 ^= x10
+ x5 = (x5 << 12) | (x5 >> 20)
+ x0 += x5
+ x15 ^= x0
+ x15 = (x15 << 8) | (x15 >> 24)
+ x10 += x15
+ x5 ^= x10
+ x5 = (x5 << 7) | (x5 >> 25)
+
+ // quarterround(x, 1, 6, 11, 12)
+ x1 += x6
+ x12 ^= x1
+ x12 = (x12 << 16) | (x12 >> 16)
+ x11 += x12
+ x6 ^= x11
+ x6 = (x6 << 12) | (x6 >> 20)
+ x1 += x6
+ x12 ^= x1
+ x12 = (x12 << 8) | (x12 >> 24)
+ x11 += x12
+ x6 ^= x11
+ x6 = (x6 << 7) | (x6 >> 25)
+
+ // quarterround(x, 2, 7, 8, 13)
+ x2 += x7
+ x13 ^= x2
+ x13 = (x13 << 16) | (x13 >> 16)
+ x8 += x13
+ x7 ^= x8
+ x7 = (x7 << 12) | (x7 >> 20)
+ x2 += x7
+ x13 ^= x2
+ x13 = (x13 << 8) | (x13 >> 24)
+ x8 += x13
+ x7 ^= x8
+ x7 = (x7 << 7) | (x7 >> 25)
+
+ // quarterround(x, 3, 4, 9, 14)
+ x3 += x4
+ x14 ^= x3
+ x14 = (x14 << 16) | (x14 >> 16)
+ x9 += x14
+ x4 ^= x9
+ x4 = (x4 << 12) | (x4 >> 20)
+ x3 += x4
+ x14 ^= x3
+ x14 = (x14 << 8) | (x14 >> 24)
+ x9 += x14
+ x4 ^= x9
+ x4 = (x4 << 7) | (x4 >> 25)
+ }
+
+ // HChaCha returns x0...x3 | x12...x15, which corresponds to the
+ // indexes of the ChaCha constant and the indexes of the IV.
+ if useUnsafe {
+ outArr := (*[16]uint32)(unsafe.Pointer(&out[0]))
+ outArr[0] = x0
+ outArr[1] = x1
+ outArr[2] = x2
+ outArr[3] = x3
+ outArr[4] = x12
+ outArr[5] = x13
+ outArr[6] = x14
+ outArr[7] = x15
+ } else {
+ binary.LittleEndian.PutUint32(out[0:4], x0)
+ binary.LittleEndian.PutUint32(out[4:8], x1)
+ binary.LittleEndian.PutUint32(out[8:12], x2)
+ binary.LittleEndian.PutUint32(out[12:16], x3)
+ binary.LittleEndian.PutUint32(out[16:20], x12)
+ binary.LittleEndian.PutUint32(out[20:24], x13)
+ binary.LittleEndian.PutUint32(out[24:28], x14)
+ binary.LittleEndian.PutUint32(out[28:32], x15)
+ }
+ return
+}
diff --git a/vendor/github.com/Yawning/chacha20/chacha20_ref_go19.go b/vendor/github.com/Yawning/chacha20/chacha20_ref_go19.go
new file mode 100644
index 0000000..8405c22
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/chacha20_ref_go19.go
@@ -0,0 +1,395 @@
+// chacha20_ref.go - Reference ChaCha20.
+//
+// To the extent possible under law, Yawning Angel has waived all copyright
+// and related or neighboring rights to chacha20, using the Creative
+// Commons "CC0" public domain dedication. See LICENSE or
+// for full details.
+
+// +build go1.9
+
+package chacha20
+
+import (
+ "encoding/binary"
+ "math"
+ "math/bits"
+ "unsafe"
+)
+
+func blocksRef(x *[stateSize]uint32, in []byte, out []byte, nrBlocks int, isIetf bool) {
+ if isIetf {
+ var totalBlocks uint64
+ totalBlocks = uint64(x[12]) + uint64(nrBlocks)
+ if totalBlocks > math.MaxUint32 {
+ panic("chacha20: Exceeded keystream per nonce limit")
+ }
+ }
+
+ // This routine ignores x[0]...x[4] in favor the const values since it's
+ // ever so slightly faster.
+
+ for n := 0; n < nrBlocks; n++ {
+ x0, x1, x2, x3 := sigma0, sigma1, sigma2, sigma3
+ x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15 := x[4], x[5], x[6], x[7], x[8], x[9], x[10], x[11], x[12], x[13], x[14], x[15]
+
+ for i := chachaRounds; i > 0; i -= 2 {
+ // quarterround(x, 0, 4, 8, 12)
+ x0 += x4
+ x12 ^= x0
+ x12 = bits.RotateLeft32(x12, 16)
+ x8 += x12
+ x4 ^= x8
+ x4 = bits.RotateLeft32(x4, 12)
+ x0 += x4
+ x12 ^= x0
+ x12 = bits.RotateLeft32(x12, 8)
+ x8 += x12
+ x4 ^= x8
+ x4 = bits.RotateLeft32(x4, 7)
+
+ // quarterround(x, 1, 5, 9, 13)
+ x1 += x5
+ x13 ^= x1
+ x13 = bits.RotateLeft32(x13, 16)
+ x9 += x13
+ x5 ^= x9
+ x5 = bits.RotateLeft32(x5, 12)
+ x1 += x5
+ x13 ^= x1
+ x13 = bits.RotateLeft32(x13, 8)
+ x9 += x13
+ x5 ^= x9
+ x5 = bits.RotateLeft32(x5, 7)
+
+ // quarterround(x, 2, 6, 10, 14)
+ x2 += x6
+ x14 ^= x2
+ x14 = bits.RotateLeft32(x14, 16)
+ x10 += x14
+ x6 ^= x10
+ x6 = bits.RotateLeft32(x6, 12)
+ x2 += x6
+ x14 ^= x2
+ x14 = bits.RotateLeft32(x14, 8)
+ x10 += x14
+ x6 ^= x10
+ x6 = bits.RotateLeft32(x6, 7)
+
+ // quarterround(x, 3, 7, 11, 15)
+ x3 += x7
+ x15 ^= x3
+ x15 = bits.RotateLeft32(x15, 16)
+ x11 += x15
+ x7 ^= x11
+ x7 = bits.RotateLeft32(x7, 12)
+ x3 += x7
+ x15 ^= x3
+ x15 = bits.RotateLeft32(x15, 8)
+ x11 += x15
+ x7 ^= x11
+ x7 = bits.RotateLeft32(x7, 7)
+
+ // quarterround(x, 0, 5, 10, 15)
+ x0 += x5
+ x15 ^= x0
+ x15 = bits.RotateLeft32(x15, 16)
+ x10 += x15
+ x5 ^= x10
+ x5 = bits.RotateLeft32(x5, 12)
+ x0 += x5
+ x15 ^= x0
+ x15 = bits.RotateLeft32(x15, 8)
+ x10 += x15
+ x5 ^= x10
+ x5 = bits.RotateLeft32(x5, 7)
+
+ // quarterround(x, 1, 6, 11, 12)
+ x1 += x6
+ x12 ^= x1
+ x12 = bits.RotateLeft32(x12, 16)
+ x11 += x12
+ x6 ^= x11
+ x6 = bits.RotateLeft32(x6, 12)
+ x1 += x6
+ x12 ^= x1
+ x12 = bits.RotateLeft32(x12, 8)
+ x11 += x12
+ x6 ^= x11
+ x6 = bits.RotateLeft32(x6, 7)
+
+ // quarterround(x, 2, 7, 8, 13)
+ x2 += x7
+ x13 ^= x2
+ x13 = bits.RotateLeft32(x13, 16)
+ x8 += x13
+ x7 ^= x8
+ x7 = bits.RotateLeft32(x7, 12)
+ x2 += x7
+ x13 ^= x2
+ x13 = bits.RotateLeft32(x13, 8)
+ x8 += x13
+ x7 ^= x8
+ x7 = bits.RotateLeft32(x7, 7)
+
+ // quarterround(x, 3, 4, 9, 14)
+ x3 += x4
+ x14 ^= x3
+ x14 = bits.RotateLeft32(x14, 16)
+ x9 += x14
+ x4 ^= x9
+ x4 = bits.RotateLeft32(x4, 12)
+ x3 += x4
+ x14 ^= x3
+ x14 = bits.RotateLeft32(x14, 8)
+ x9 += x14
+ x4 ^= x9
+ x4 = bits.RotateLeft32(x4, 7)
+ }
+
+ // On amd64 at least, this is a rather big boost.
+ if useUnsafe {
+ if in != nil {
+ inArr := (*[16]uint32)(unsafe.Pointer(&in[n*BlockSize]))
+ outArr := (*[16]uint32)(unsafe.Pointer(&out[n*BlockSize]))
+ outArr[0] = inArr[0] ^ (x0 + sigma0)
+ outArr[1] = inArr[1] ^ (x1 + sigma1)
+ outArr[2] = inArr[2] ^ (x2 + sigma2)
+ outArr[3] = inArr[3] ^ (x3 + sigma3)
+ outArr[4] = inArr[4] ^ (x4 + x[4])
+ outArr[5] = inArr[5] ^ (x5 + x[5])
+ outArr[6] = inArr[6] ^ (x6 + x[6])
+ outArr[7] = inArr[7] ^ (x7 + x[7])
+ outArr[8] = inArr[8] ^ (x8 + x[8])
+ outArr[9] = inArr[9] ^ (x9 + x[9])
+ outArr[10] = inArr[10] ^ (x10 + x[10])
+ outArr[11] = inArr[11] ^ (x11 + x[11])
+ outArr[12] = inArr[12] ^ (x12 + x[12])
+ outArr[13] = inArr[13] ^ (x13 + x[13])
+ outArr[14] = inArr[14] ^ (x14 + x[14])
+ outArr[15] = inArr[15] ^ (x15 + x[15])
+ } else {
+ outArr := (*[16]uint32)(unsafe.Pointer(&out[n*BlockSize]))
+ outArr[0] = x0 + sigma0
+ outArr[1] = x1 + sigma1
+ outArr[2] = x2 + sigma2
+ outArr[3] = x3 + sigma3
+ outArr[4] = x4 + x[4]
+ outArr[5] = x5 + x[5]
+ outArr[6] = x6 + x[6]
+ outArr[7] = x7 + x[7]
+ outArr[8] = x8 + x[8]
+ outArr[9] = x9 + x[9]
+ outArr[10] = x10 + x[10]
+ outArr[11] = x11 + x[11]
+ outArr[12] = x12 + x[12]
+ outArr[13] = x13 + x[13]
+ outArr[14] = x14 + x[14]
+ outArr[15] = x15 + x[15]
+ }
+ } else {
+ // Slow path, either the architecture cares about alignment, or is not little endian.
+ x0 += sigma0
+ x1 += sigma1
+ x2 += sigma2
+ x3 += sigma3
+ x4 += x[4]
+ x5 += x[5]
+ x6 += x[6]
+ x7 += x[7]
+ x8 += x[8]
+ x9 += x[9]
+ x10 += x[10]
+ x11 += x[11]
+ x12 += x[12]
+ x13 += x[13]
+ x14 += x[14]
+ x15 += x[15]
+ if in != nil {
+ binary.LittleEndian.PutUint32(out[0:4], binary.LittleEndian.Uint32(in[0:4])^x0)
+ binary.LittleEndian.PutUint32(out[4:8], binary.LittleEndian.Uint32(in[4:8])^x1)
+ binary.LittleEndian.PutUint32(out[8:12], binary.LittleEndian.Uint32(in[8:12])^x2)
+ binary.LittleEndian.PutUint32(out[12:16], binary.LittleEndian.Uint32(in[12:16])^x3)
+ binary.LittleEndian.PutUint32(out[16:20], binary.LittleEndian.Uint32(in[16:20])^x4)
+ binary.LittleEndian.PutUint32(out[20:24], binary.LittleEndian.Uint32(in[20:24])^x5)
+ binary.LittleEndian.PutUint32(out[24:28], binary.LittleEndian.Uint32(in[24:28])^x6)
+ binary.LittleEndian.PutUint32(out[28:32], binary.LittleEndian.Uint32(in[28:32])^x7)
+ binary.LittleEndian.PutUint32(out[32:36], binary.LittleEndian.Uint32(in[32:36])^x8)
+ binary.LittleEndian.PutUint32(out[36:40], binary.LittleEndian.Uint32(in[36:40])^x9)
+ binary.LittleEndian.PutUint32(out[40:44], binary.LittleEndian.Uint32(in[40:44])^x10)
+ binary.LittleEndian.PutUint32(out[44:48], binary.LittleEndian.Uint32(in[44:48])^x11)
+ binary.LittleEndian.PutUint32(out[48:52], binary.LittleEndian.Uint32(in[48:52])^x12)
+ binary.LittleEndian.PutUint32(out[52:56], binary.LittleEndian.Uint32(in[52:56])^x13)
+ binary.LittleEndian.PutUint32(out[56:60], binary.LittleEndian.Uint32(in[56:60])^x14)
+ binary.LittleEndian.PutUint32(out[60:64], binary.LittleEndian.Uint32(in[60:64])^x15)
+ in = in[BlockSize:]
+ } else {
+ binary.LittleEndian.PutUint32(out[0:4], x0)
+ binary.LittleEndian.PutUint32(out[4:8], x1)
+ binary.LittleEndian.PutUint32(out[8:12], x2)
+ binary.LittleEndian.PutUint32(out[12:16], x3)
+ binary.LittleEndian.PutUint32(out[16:20], x4)
+ binary.LittleEndian.PutUint32(out[20:24], x5)
+ binary.LittleEndian.PutUint32(out[24:28], x6)
+ binary.LittleEndian.PutUint32(out[28:32], x7)
+ binary.LittleEndian.PutUint32(out[32:36], x8)
+ binary.LittleEndian.PutUint32(out[36:40], x9)
+ binary.LittleEndian.PutUint32(out[40:44], x10)
+ binary.LittleEndian.PutUint32(out[44:48], x11)
+ binary.LittleEndian.PutUint32(out[48:52], x12)
+ binary.LittleEndian.PutUint32(out[52:56], x13)
+ binary.LittleEndian.PutUint32(out[56:60], x14)
+ binary.LittleEndian.PutUint32(out[60:64], x15)
+ }
+ out = out[BlockSize:]
+ }
+
+ // Stoping at 2^70 bytes per nonce is the user's responsibility.
+ ctr := uint64(x[13])<<32 | uint64(x[12])
+ ctr++
+ x[12] = uint32(ctr)
+ x[13] = uint32(ctr >> 32)
+ }
+}
+
+func hChaChaRef(x *[stateSize]uint32, out *[32]byte) {
+ x0, x1, x2, x3 := sigma0, sigma1, sigma2, sigma3
+ x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15 := x[0], x[1], x[2], x[3], x[4], x[5], x[6], x[7], x[8], x[9], x[10], x[11]
+
+ for i := chachaRounds; i > 0; i -= 2 {
+ // quarterround(x, 0, 4, 8, 12)
+ x0 += x4
+ x12 ^= x0
+ x12 = bits.RotateLeft32(x12, 16)
+ x8 += x12
+ x4 ^= x8
+ x4 = bits.RotateLeft32(x4, 12)
+ x0 += x4
+ x12 ^= x0
+ x12 = bits.RotateLeft32(x12, 8)
+ x8 += x12
+ x4 ^= x8
+ x4 = bits.RotateLeft32(x4, 7)
+
+ // quarterround(x, 1, 5, 9, 13)
+ x1 += x5
+ x13 ^= x1
+ x13 = bits.RotateLeft32(x13, 16)
+ x9 += x13
+ x5 ^= x9
+ x5 = bits.RotateLeft32(x5, 12)
+ x1 += x5
+ x13 ^= x1
+ x13 = bits.RotateLeft32(x13, 8)
+ x9 += x13
+ x5 ^= x9
+ x5 = bits.RotateLeft32(x5, 7)
+
+ // quarterround(x, 2, 6, 10, 14)
+ x2 += x6
+ x14 ^= x2
+ x14 = bits.RotateLeft32(x14, 16)
+ x10 += x14
+ x6 ^= x10
+ x6 = bits.RotateLeft32(x6, 12)
+ x2 += x6
+ x14 ^= x2
+ x14 = bits.RotateLeft32(x14, 8)
+ x10 += x14
+ x6 ^= x10
+ x6 = bits.RotateLeft32(x6, 7)
+
+ // quarterround(x, 3, 7, 11, 15)
+ x3 += x7
+ x15 ^= x3
+ x15 = bits.RotateLeft32(x15, 16)
+ x11 += x15
+ x7 ^= x11
+ x7 = bits.RotateLeft32(x7, 12)
+ x3 += x7
+ x15 ^= x3
+ x15 = bits.RotateLeft32(x15, 8)
+ x11 += x15
+ x7 ^= x11
+ x7 = bits.RotateLeft32(x7, 7)
+
+ // quarterround(x, 0, 5, 10, 15)
+ x0 += x5
+ x15 ^= x0
+ x15 = bits.RotateLeft32(x15, 16)
+ x10 += x15
+ x5 ^= x10
+ x5 = bits.RotateLeft32(x5, 12)
+ x0 += x5
+ x15 ^= x0
+ x15 = bits.RotateLeft32(x15, 8)
+ x10 += x15
+ x5 ^= x10
+ x5 = bits.RotateLeft32(x5, 7)
+
+ // quarterround(x, 1, 6, 11, 12)
+ x1 += x6
+ x12 ^= x1
+ x12 = bits.RotateLeft32(x12, 16)
+ x11 += x12
+ x6 ^= x11
+ x6 = bits.RotateLeft32(x6, 12)
+ x1 += x6
+ x12 ^= x1
+ x12 = bits.RotateLeft32(x12, 8)
+ x11 += x12
+ x6 ^= x11
+ x6 = bits.RotateLeft32(x6, 7)
+
+ // quarterround(x, 2, 7, 8, 13)
+ x2 += x7
+ x13 ^= x2
+ x13 = bits.RotateLeft32(x13, 16)
+ x8 += x13
+ x7 ^= x8
+ x7 = bits.RotateLeft32(x7, 12)
+ x2 += x7
+ x13 ^= x2
+ x13 = bits.RotateLeft32(x13, 8)
+ x8 += x13
+ x7 ^= x8
+ x7 = bits.RotateLeft32(x7, 7)
+
+ // quarterround(x, 3, 4, 9, 14)
+ x3 += x4
+ x14 ^= x3
+ x14 = bits.RotateLeft32(x14, 16)
+ x9 += x14
+ x4 ^= x9
+ x4 = bits.RotateLeft32(x4, 12)
+ x3 += x4
+ x14 ^= x3
+ x14 = bits.RotateLeft32(x14, 8)
+ x9 += x14
+ x4 ^= x9
+ x4 = bits.RotateLeft32(x4, 7)
+ }
+
+ // HChaCha returns x0...x3 | x12...x15, which corresponds to the
+ // indexes of the ChaCha constant and the indexes of the IV.
+ if useUnsafe {
+ outArr := (*[16]uint32)(unsafe.Pointer(&out[0]))
+ outArr[0] = x0
+ outArr[1] = x1
+ outArr[2] = x2
+ outArr[3] = x3
+ outArr[4] = x12
+ outArr[5] = x13
+ outArr[6] = x14
+ outArr[7] = x15
+ } else {
+ binary.LittleEndian.PutUint32(out[0:4], x0)
+ binary.LittleEndian.PutUint32(out[4:8], x1)
+ binary.LittleEndian.PutUint32(out[8:12], x2)
+ binary.LittleEndian.PutUint32(out[12:16], x3)
+ binary.LittleEndian.PutUint32(out[16:20], x12)
+ binary.LittleEndian.PutUint32(out[20:24], x13)
+ binary.LittleEndian.PutUint32(out[24:28], x14)
+ binary.LittleEndian.PutUint32(out[28:32], x15)
+ }
+ return
+}
diff --git a/vendor/github.com/dgryski/go-camellia/camellia.go b/vendor/github.com/dgryski/go-camellia/camellia.go
new file mode 100644
index 0000000..048b2e3
--- /dev/null
+++ b/vendor/github.com/dgryski/go-camellia/camellia.go
@@ -0,0 +1,368 @@
+// Copyright (c) 2013 Damian Gryski
+// Licensed under the GPLv3 or, at your option, any later version.
+
+// Package camellia is an implementation of the CAMELLIA encryption algorithm
+/*
+
+ This is an unoptimized version based on the description in RFC 3713.
+
+ References:
+ http://en.wikipedia.org/wiki/Camellia_%28cipher%29
+ https://info.isl.ntt.co.jp/crypt/eng/camellia/
+*/
+package camellia
+
+import (
+ "crypto/cipher"
+ "encoding/binary"
+ "strconv"
+)
+
+const BlockSize = 16
+
+type KeySizeError int
+
+func (k KeySizeError) Error() string {
+ return "camellia: invalid key size " + strconv.Itoa(int(k))
+}
+
+type camelliaCipher struct {
+ kw [5]uint64
+ k [25]uint64
+ ke [7]uint64
+ klen int
+}
+
+const (
+ sigma1 = 0xA09E667F3BCC908B
+ sigma2 = 0xB67AE8584CAA73B2
+ sigma3 = 0xC6EF372FE94F82BE
+ sigma4 = 0x54FF53A5F1D36F1C
+ sigma5 = 0x10E527FADE682D1D
+ sigma6 = 0xB05688C2B3E6C1FD
+)
+
+func init() {
+ // initialize other sboxes
+ for i := range sbox1 {
+ sbox2[i] = rotl8(sbox1[i], 1)
+ sbox3[i] = rotl8(sbox1[i], 7)
+ sbox4[i] = sbox1[rotl8(uint8(i), 1)]
+ }
+}
+
+func rotl128(k [2]uint64, rot uint) (hi, lo uint64) {
+
+ if rot > 64 {
+ rot -= 64
+ k[0], k[1] = k[1], k[0]
+ }
+
+ t := k[0] >> (64 - rot)
+ hi = (k[0] << rot) | (k[1] >> (64 - rot))
+ lo = (k[1] << rot) | t
+ return hi, lo
+}
+
+func rotl32(k uint32, rot uint) uint32 {
+ return (k << rot) | (k >> (32 - rot))
+}
+
+func rotl8(k byte, rot uint) byte {
+ return (k << rot) | (k >> (8 - rot))
+}
+
+// New creates and returns a new cipher.Block.
+// The key argument should be 16, 24, or 32 bytes.
+func New(key []byte) (cipher.Block, error) {
+
+ klen := len(key)
+ switch klen {
+ default:
+ return nil, KeySizeError(klen)
+ case 16, 24, 32:
+ break
+ }
+
+ var d1, d2 uint64
+
+ var kl [2]uint64
+ var kr [2]uint64
+ var ka [2]uint64
+ var kb [2]uint64
+
+ kl[0] = binary.BigEndian.Uint64(key[0:])
+ kl[1] = binary.BigEndian.Uint64(key[8:])
+
+ switch klen {
+ case 24:
+ kr[0] = binary.BigEndian.Uint64(key[16:])
+ kr[1] = ^kr[0]
+ case 32:
+ kr[0] = binary.BigEndian.Uint64(key[16:])
+ kr[1] = binary.BigEndian.Uint64(key[24:])
+
+ }
+
+ d1 = (kl[0] ^ kr[0])
+ d2 = (kl[1] ^ kr[1])
+
+ d2 = d2 ^ f(d1, sigma1)
+ d1 = d1 ^ f(d2, sigma2)
+
+ d1 = d1 ^ (kl[0])
+ d2 = d2 ^ (kl[1])
+ d2 = d2 ^ f(d1, sigma3)
+ d1 = d1 ^ f(d2, sigma4)
+ ka[0] = d1
+ ka[1] = d2
+ d1 = (ka[0] ^ kr[0])
+ d2 = (ka[1] ^ kr[1])
+ d2 = d2 ^ f(d1, sigma5)
+ d1 = d1 ^ f(d2, sigma6)
+ kb[0] = d1
+ kb[1] = d2
+
+ // here we generate our keys
+ c := new(camelliaCipher)
+
+ c.klen = klen
+
+ if klen == 16 {
+
+ c.kw[1], c.kw[2] = rotl128(kl, 0)
+
+ c.k[1], c.k[2] = rotl128(ka, 0)
+ c.k[3], c.k[4] = rotl128(kl, 15)
+ c.k[5], c.k[6] = rotl128(ka, 15)
+
+ c.ke[1], c.ke[2] = rotl128(ka, 30)
+
+ c.k[7], c.k[8] = rotl128(kl, 45)
+ c.k[9], _ = rotl128(ka, 45)
+ _, c.k[10] = rotl128(kl, 60)
+ c.k[11], c.k[12] = rotl128(ka, 60)
+
+ c.ke[3], c.ke[4] = rotl128(kl, 77)
+
+ c.k[13], c.k[14] = rotl128(kl, 94)
+ c.k[15], c.k[16] = rotl128(ka, 94)
+ c.k[17], c.k[18] = rotl128(kl, 111)
+
+ c.kw[3], c.kw[4] = rotl128(ka, 111)
+
+ } else {
+ // 24 or 32
+
+ c.kw[1], c.kw[2] = rotl128(kl, 0)
+
+ c.k[1], c.k[2] = rotl128(kb, 0)
+ c.k[3], c.k[4] = rotl128(kr, 15)
+ c.k[5], c.k[6] = rotl128(ka, 15)
+
+ c.ke[1], c.ke[2] = rotl128(kr, 30)
+
+ c.k[7], c.k[8] = rotl128(kb, 30)
+ c.k[9], c.k[10] = rotl128(kl, 45)
+ c.k[11], c.k[12] = rotl128(ka, 45)
+
+ c.ke[3], c.ke[4] = rotl128(kl, 60)
+
+ c.k[13], c.k[14] = rotl128(kr, 60)
+ c.k[15], c.k[16] = rotl128(kb, 60)
+ c.k[17], c.k[18] = rotl128(kl, 77)
+
+ c.ke[5], c.ke[6] = rotl128(ka, 77)
+
+ c.k[19], c.k[20] = rotl128(kr, 94)
+ c.k[21], c.k[22] = rotl128(ka, 94)
+ c.k[23], c.k[24] = rotl128(kl, 111)
+
+ c.kw[3], c.kw[4] = rotl128(kb, 111)
+ }
+
+ return c, nil
+}
+
+func (c *camelliaCipher) Encrypt(dst, src []byte) {
+
+ d1 := binary.BigEndian.Uint64(src[0:])
+ d2 := binary.BigEndian.Uint64(src[8:])
+
+ d1 ^= c.kw[1]
+ d2 ^= c.kw[2]
+
+ d2 = d2 ^ f(d1, c.k[1])
+ d1 = d1 ^ f(d2, c.k[2])
+ d2 = d2 ^ f(d1, c.k[3])
+ d1 = d1 ^ f(d2, c.k[4])
+ d2 = d2 ^ f(d1, c.k[5])
+ d1 = d1 ^ f(d2, c.k[6])
+
+ d1 = fl(d1, c.ke[1])
+ d2 = flinv(d2, c.ke[2])
+
+ d2 = d2 ^ f(d1, c.k[7])
+ d1 = d1 ^ f(d2, c.k[8])
+ d2 = d2 ^ f(d1, c.k[9])
+ d1 = d1 ^ f(d2, c.k[10])
+ d2 = d2 ^ f(d1, c.k[11])
+ d1 = d1 ^ f(d2, c.k[12])
+
+ d1 = fl(d1, c.ke[3])
+ d2 = flinv(d2, c.ke[4])
+
+ d2 = d2 ^ f(d1, c.k[13])
+ d1 = d1 ^ f(d2, c.k[14])
+ d2 = d2 ^ f(d1, c.k[15])
+ d1 = d1 ^ f(d2, c.k[16])
+ d2 = d2 ^ f(d1, c.k[17])
+ d1 = d1 ^ f(d2, c.k[18])
+
+ if c.klen > 16 {
+ // 24 or 32
+
+ d1 = fl(d1, c.ke[5])
+ d2 = flinv(d2, c.ke[6])
+
+ d2 = d2 ^ f(d1, c.k[19])
+ d1 = d1 ^ f(d2, c.k[20])
+ d2 = d2 ^ f(d1, c.k[21])
+ d1 = d1 ^ f(d2, c.k[22])
+ d2 = d2 ^ f(d1, c.k[23])
+ d1 = d1 ^ f(d2, c.k[24])
+ }
+
+ d2 = d2 ^ c.kw[3]
+ d1 = d1 ^ c.kw[4]
+
+ binary.BigEndian.PutUint64(dst[0:], d2)
+ binary.BigEndian.PutUint64(dst[8:], d1)
+}
+
+func (c *camelliaCipher) Decrypt(dst, src []byte) {
+
+ d2 := binary.BigEndian.Uint64(src[0:])
+ d1 := binary.BigEndian.Uint64(src[8:])
+
+ d1 = d1 ^ c.kw[4]
+ d2 = d2 ^ c.kw[3]
+
+ if c.klen > 16 {
+ // 24 or 32
+
+ d1 = d1 ^ f(d2, c.k[24])
+ d2 = d2 ^ f(d1, c.k[23])
+ d1 = d1 ^ f(d2, c.k[22])
+ d2 = d2 ^ f(d1, c.k[21])
+ d1 = d1 ^ f(d2, c.k[20])
+ d2 = d2 ^ f(d1, c.k[19])
+
+ d2 = fl(d2, c.ke[6])
+ d1 = flinv(d1, c.ke[5])
+ }
+
+ d1 = d1 ^ f(d2, c.k[18])
+ d2 = d2 ^ f(d1, c.k[17])
+ d1 = d1 ^ f(d2, c.k[16])
+ d2 = d2 ^ f(d1, c.k[15])
+ d1 = d1 ^ f(d2, c.k[14])
+ d2 = d2 ^ f(d1, c.k[13])
+
+ d2 = fl(d2, c.ke[4])
+ d1 = flinv(d1, c.ke[3])
+
+ d1 = d1 ^ f(d2, c.k[12])
+ d2 = d2 ^ f(d1, c.k[11])
+ d1 = d1 ^ f(d2, c.k[10])
+ d2 = d2 ^ f(d1, c.k[9])
+ d1 = d1 ^ f(d2, c.k[8])
+ d2 = d2 ^ f(d1, c.k[7])
+
+ d2 = fl(d2, c.ke[2])
+ d1 = flinv(d1, c.ke[1])
+
+ d1 = d1 ^ f(d2, c.k[6])
+ d2 = d2 ^ f(d1, c.k[5])
+ d1 = d1 ^ f(d2, c.k[4])
+ d2 = d2 ^ f(d1, c.k[3])
+ d1 = d1 ^ f(d2, c.k[2])
+ d2 = d2 ^ f(d1, c.k[1])
+
+ d2 ^= c.kw[2]
+ d1 ^= c.kw[1]
+
+ binary.BigEndian.PutUint64(dst[0:], d1)
+ binary.BigEndian.PutUint64(dst[8:], d2)
+}
+
+func (c *camelliaCipher) BlockSize() int {
+ return BlockSize
+}
+
+func f(fin, ke uint64) uint64 {
+ var x uint64
+ x = fin ^ ke
+ t1 := sbox1[uint8(x>>56)]
+ t2 := sbox2[uint8(x>>48)]
+ t3 := sbox3[uint8(x>>40)]
+ t4 := sbox4[uint8(x>>32)]
+ t5 := sbox2[uint8(x>>24)]
+ t6 := sbox3[uint8(x>>16)]
+ t7 := sbox4[uint8(x>>8)]
+ t8 := sbox1[uint8(x)]
+ y1 := t1 ^ t3 ^ t4 ^ t6 ^ t7 ^ t8
+ y2 := t1 ^ t2 ^ t4 ^ t5 ^ t7 ^ t8
+ y3 := t1 ^ t2 ^ t3 ^ t5 ^ t6 ^ t8
+ y4 := t2 ^ t3 ^ t4 ^ t5 ^ t6 ^ t7
+ y5 := t1 ^ t2 ^ t6 ^ t7 ^ t8
+ y6 := t2 ^ t3 ^ t5 ^ t7 ^ t8
+ y7 := t3 ^ t4 ^ t5 ^ t6 ^ t8
+ y8 := t1 ^ t4 ^ t5 ^ t6 ^ t7
+ return uint64(y1)<<56 | uint64(y2)<<48 | uint64(y3)<<40 | uint64(y4)<<32 | uint64(y5)<<24 | uint64(y6)<<16 | uint64(y7)<<8 | uint64(y8)
+}
+
+func fl(flin, ke uint64) uint64 {
+ x1 := uint32(flin >> 32)
+ x2 := uint32(flin & 0xffffffff)
+ k1 := uint32(ke >> 32)
+ k2 := uint32(ke & 0xffffffff)
+ x2 = x2 ^ rotl32(x1&k1, 1)
+ x1 = x1 ^ (x2 | k2)
+ return uint64(x1)<<32 | uint64(x2)
+}
+
+func flinv(flin, ke uint64) uint64 {
+ y1 := uint32(flin >> 32)
+ y2 := uint32(flin & 0xffffffff)
+ k1 := uint32(ke >> 32)
+ k2 := uint32(ke & 0xffffffff)
+ y1 = y1 ^ (y2 | k2)
+ y2 = y2 ^ rotl32(y1&k1, 1)
+ return uint64(y1)<<32 | uint64(y2)
+}
+
+var sbox1 = [...]byte{
+ 0x70, 0x82, 0x2c, 0xec, 0xb3, 0x27, 0xc0, 0xe5, 0xe4, 0x85, 0x57, 0x35, 0xea, 0x0c, 0xae, 0x41,
+ 0x23, 0xef, 0x6b, 0x93, 0x45, 0x19, 0xa5, 0x21, 0xed, 0x0e, 0x4f, 0x4e, 0x1d, 0x65, 0x92, 0xbd,
+ 0x86, 0xb8, 0xaf, 0x8f, 0x7c, 0xeb, 0x1f, 0xce, 0x3e, 0x30, 0xdc, 0x5f, 0x5e, 0xc5, 0x0b, 0x1a,
+ 0xa6, 0xe1, 0x39, 0xca, 0xd5, 0x47, 0x5d, 0x3d, 0xd9, 0x01, 0x5a, 0xd6, 0x51, 0x56, 0x6c, 0x4d,
+ 0x8b, 0x0d, 0x9a, 0x66, 0xfb, 0xcc, 0xb0, 0x2d, 0x74, 0x12, 0x2b, 0x20, 0xf0, 0xb1, 0x84, 0x99,
+ 0xdf, 0x4c, 0xcb, 0xc2, 0x34, 0x7e, 0x76, 0x05, 0x6d, 0xb7, 0xa9, 0x31, 0xd1, 0x17, 0x04, 0xd7,
+ 0x14, 0x58, 0x3a, 0x61, 0xde, 0x1b, 0x11, 0x1c, 0x32, 0x0f, 0x9c, 0x16, 0x53, 0x18, 0xf2, 0x22,
+ 0xfe, 0x44, 0xcf, 0xb2, 0xc3, 0xb5, 0x7a, 0x91, 0x24, 0x08, 0xe8, 0xa8, 0x60, 0xfc, 0x69, 0x50,
+ 0xaa, 0xd0, 0xa0, 0x7d, 0xa1, 0x89, 0x62, 0x97, 0x54, 0x5b, 0x1e, 0x95, 0xe0, 0xff, 0x64, 0xd2,
+ 0x10, 0xc4, 0x00, 0x48, 0xa3, 0xf7, 0x75, 0xdb, 0x8a, 0x03, 0xe6, 0xda, 0x09, 0x3f, 0xdd, 0x94,
+ 0x87, 0x5c, 0x83, 0x02, 0xcd, 0x4a, 0x90, 0x33, 0x73, 0x67, 0xf6, 0xf3, 0x9d, 0x7f, 0xbf, 0xe2,
+ 0x52, 0x9b, 0xd8, 0x26, 0xc8, 0x37, 0xc6, 0x3b, 0x81, 0x96, 0x6f, 0x4b, 0x13, 0xbe, 0x63, 0x2e,
+ 0xe9, 0x79, 0xa7, 0x8c, 0x9f, 0x6e, 0xbc, 0x8e, 0x29, 0xf5, 0xf9, 0xb6, 0x2f, 0xfd, 0xb4, 0x59,
+ 0x78, 0x98, 0x06, 0x6a, 0xe7, 0x46, 0x71, 0xba, 0xd4, 0x25, 0xab, 0x42, 0x88, 0xa2, 0x8d, 0xfa,
+ 0x72, 0x07, 0xb9, 0x55, 0xf8, 0xee, 0xac, 0x0a, 0x36, 0x49, 0x2a, 0x68, 0x3c, 0x38, 0xf1, 0xa4,
+ 0x40, 0x28, 0xd3, 0x7b, 0xbb, 0xc9, 0x43, 0xc1, 0x15, 0xe3, 0xad, 0xf4, 0x77, 0xc7, 0x80, 0x9e,
+}
+
+var sbox2 [256]byte
+var sbox3 [256]byte
+var sbox4 [256]byte
+
+var _ cipher.Block = &camelliaCipher{}
diff --git a/vendor/github.com/dgryski/go-camellia/t_camellia.pl b/vendor/github.com/dgryski/go-camellia/t_camellia.pl
new file mode 100644
index 0000000..f95ba48
--- /dev/null
+++ b/vendor/github.com/dgryski/go-camellia/t_camellia.pl
@@ -0,0 +1,58 @@
+#!/usr/bin/perl
+
+# to run the full verification suite:
+# curl http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt |perl ./t_camellia.pl >cfull_test.go
+# perl -pi -e 's/range camelliaTests/$&Full/' camellia_test.go
+# go test
+
+print <) {
+ next if /^\s*$/ or /^Camellia/;
+ if (/^K/) {
+ $k = linetostr($_);
+ }
+
+ if (/^P/) {
+ $p = linetostr($_);
+ }
+
+ if (/^C/) {
+ $c = linetostr($_);
+ print <<"GOCODE";
+ {
+ []byte{$k},
+ []byte{$p},
+ []byte{$c},
+ },
+GOCODE
+ }
+}
+
+print <= 2, this fits into 16 bits
+ y := uint16(0x10001 % uint32(x))
+
+ if y == 1 {
+ return 1 - t1
+ }
+
+ var t0 uint16 = 1
+ var q uint16
+
+ for y != 1 {
+ q = x / y
+ x = x % y
+ t0 += q * t1
+ if x == 1 {
+ return t0
+ }
+ q = y / x
+ y = y % x
+ t1 += q * t0
+ }
+ return 1 - t1
+}
+
+// mul computes x*y mod 2^16+1
+func mul(x, y uint16) uint16 {
+
+ if y == 0 {
+ return 1 - x
+ }
+
+ if x == 0 {
+ return 1 - y
+ }
+
+ t32 := uint32(x) * uint32(y)
+ x = uint16(t32)
+ y = uint16(t32 >> 16)
+
+ if x < y {
+ return x - y + 1
+ }
+
+ return x - y
+}
+
+// expandKey computes encryption round-keys from a user-supplied key
+func expandKey(key []byte, EK []uint16) {
+ var i, j int
+
+ for j = 0; j < 8; j++ {
+ EK[j] = (uint16(key[0]) << 8) + uint16(key[1])
+ key = key[2:]
+ }
+ for i = 0; j < keyLen; j++ {
+ i++
+ EK[i+7] = EK[i&7]<<9 | EK[(i+1)&7]>>7
+ EK = EK[i&8:]
+ i &= 7
+ }
+}
+
+// invertKey computes the decryption round-keys from a set of encryption round-keys
+func invertKey(EK []uint16, DK []uint16) {
+
+ var t1, t2, t3 uint16
+ var p [keyLen]uint16
+ pidx := keyLen
+ ekidx := 0
+
+ t1 = mulInv(EK[ekidx])
+ ekidx++
+ t2 = -EK[ekidx]
+ ekidx++
+ t3 = -EK[ekidx]
+ ekidx++
+ pidx--
+ p[pidx] = mulInv(EK[ekidx])
+ ekidx++
+ pidx--
+ p[pidx] = t3
+ pidx--
+ p[pidx] = t2
+ pidx--
+ p[pidx] = t1
+
+ for i := 0; i < rounds-1; i++ {
+ t1 = EK[ekidx]
+ ekidx++
+ pidx--
+ p[pidx] = EK[ekidx]
+ ekidx++
+ pidx--
+ p[pidx] = t1
+
+ t1 = mulInv(EK[ekidx])
+ ekidx++
+ t2 = -EK[ekidx]
+ ekidx++
+ t3 = -EK[ekidx]
+ ekidx++
+ pidx--
+ p[pidx] = mulInv(EK[ekidx])
+ ekidx++
+ pidx--
+ p[pidx] = t2
+ pidx--
+ p[pidx] = t3
+ pidx--
+ p[pidx] = t1
+ }
+
+ t1 = EK[ekidx]
+ ekidx++
+ pidx--
+ p[pidx] = EK[ekidx]
+ ekidx++
+ pidx--
+ p[pidx] = t1
+
+ t1 = mulInv(EK[ekidx])
+ ekidx++
+ t2 = -EK[ekidx]
+ ekidx++
+ t3 = -EK[ekidx]
+ ekidx++
+ pidx--
+ p[pidx] = mulInv(EK[ekidx])
+ pidx--
+ p[pidx] = t3
+ pidx--
+ p[pidx] = t2
+ pidx--
+ p[pidx] = t1
+
+ copy(DK, p[:])
+}
+
+// crypt performs IDEA encryption given input/output buffers and a set of round-keys
+func crypt(inbuf, outbuf []byte, key []uint16) {
+
+ var x1, x2, x3, x4, s2, s3 uint16
+
+ x1 = binary.BigEndian.Uint16(inbuf[0:])
+ x2 = binary.BigEndian.Uint16(inbuf[2:])
+ x3 = binary.BigEndian.Uint16(inbuf[4:])
+ x4 = binary.BigEndian.Uint16(inbuf[6:])
+
+ for r := rounds; r > 0; r-- {
+
+ x1 = mul(x1, key[0])
+ key = key[1:]
+ x2 += key[0]
+ key = key[1:]
+ x3 += key[0]
+ key = key[1:]
+
+ x4 = mul(x4, key[0])
+ key = key[1:]
+
+ s3 = x3
+ x3 ^= x1
+ x3 = mul(x3, key[0])
+ key = key[1:]
+ s2 = x2
+
+ x2 ^= x4
+ x2 += x3
+ x2 = mul(x2, key[0])
+ key = key[1:]
+ x3 += x2
+
+ x1 ^= x2
+ x4 ^= x3
+
+ x2 ^= s3
+ x3 ^= s2
+
+ }
+ x1 = mul(x1, key[0])
+ key = key[1:]
+
+ x3 += key[0]
+ key = key[1:]
+ x2 += key[0]
+ key = key[1:]
+ x4 = mul(x4, key[0])
+
+ binary.BigEndian.PutUint16(outbuf[0:], x1)
+ binary.BigEndian.PutUint16(outbuf[2:], x3)
+ binary.BigEndian.PutUint16(outbuf[4:], x2)
+ binary.BigEndian.PutUint16(outbuf[6:], x4)
+}
diff --git a/vendor/github.com/dgryski/go-rc2/LICENSE b/vendor/github.com/dgryski/go-rc2/LICENSE
new file mode 100644
index 0000000..039a2e4
--- /dev/null
+++ b/vendor/github.com/dgryski/go-rc2/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Damian Gryski
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/dgryski/go-rc2/rc2.go b/vendor/github.com/dgryski/go-rc2/rc2.go
new file mode 100644
index 0000000..aa194e5
--- /dev/null
+++ b/vendor/github.com/dgryski/go-rc2/rc2.go
@@ -0,0 +1,284 @@
+// Package rc2 implements the RC2 cipher
+/*
+https://www.ietf.org/rfc/rfc2268.txt
+http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf
+
+This code is licensed under the MIT license.
+*/
+package rc2
+
+import (
+ "crypto/cipher"
+ "encoding/binary"
+ "strconv"
+)
+
+// The rc2 block size in bytes
+const BlockSize = 8
+
+type rc2Cipher struct {
+ k [64]uint16
+}
+
+// KeySizeError indicates the supplied key was invalid
+type KeySizeError int
+
+func (k KeySizeError) Error() string { return "rc2: invalid key size " + strconv.Itoa(int(k)) }
+
+// EffectiveKeySizeError indicates the supplied effective key length was invalid
+type EffectiveKeySizeError int
+
+func (k EffectiveKeySizeError) Error() string {
+ return "rc2: invalid effective key size " + strconv.Itoa(int(k))
+}
+
+// New returns a new rc2 cipher with the given key and effective key length t1
+func New(key []byte, t1 int) (cipher.Block, error) {
+ if l := len(key); l == 0 || l > 128 {
+ return nil, KeySizeError(l)
+ }
+
+ if t1 < 8 || t1 > 1024 {
+ return nil, EffectiveKeySizeError(t1)
+ }
+
+ return &rc2Cipher{
+ k: expandKey(key, t1),
+ }, nil
+}
+
+func (c *rc2Cipher) BlockSize() int { return BlockSize }
+
+var piTable = [256]byte{
+ 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, 0x4a, 0xa0, 0xd8, 0x9d,
+ 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2,
+ 0x17, 0x9a, 0x59, 0xf5, 0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32,
+ 0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22, 0x5c, 0x6b, 0x4e, 0x82,
+ 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc,
+ 0x12, 0x75, 0xca, 0x1f, 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26,
+ 0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b, 0xbc, 0x94, 0x43, 0x03,
+ 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7,
+ 0x08, 0xe8, 0xea, 0xde, 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a,
+ 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e, 0x04, 0x18, 0xa4, 0xec,
+ 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39,
+ 0x99, 0x7c, 0x3a, 0x85, 0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31,
+ 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10, 0x67, 0x6c, 0xba, 0xc9,
+ 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9,
+ 0x0d, 0x38, 0x34, 0x1b, 0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e,
+ 0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68, 0xfe, 0x7f, 0xc1, 0xad,
+}
+
+func expandKey(key []byte, t1 int) [64]uint16 {
+
+ l := make([]byte, 128)
+ copy(l, key)
+
+ var t = len(key)
+ var t8 = (t1 + 7) / 8
+ var tm = byte(255 % uint(1<<(8+uint(t1)-8*uint(t8))))
+
+ for i := len(key); i < 128; i++ {
+ l[i] = piTable[l[i-1]+l[uint8(i-t)]]
+ }
+
+ l[128-t8] = piTable[l[128-t8]&tm]
+
+ for i := 127 - t8; i >= 0; i-- {
+ l[i] = piTable[l[i+1]^l[i+t8]]
+ }
+
+ var k [64]uint16
+
+ for i := range k {
+ k[i] = uint16(l[2*i]) + uint16(l[2*i+1])*256
+ }
+
+ return k
+}
+
+func rotl16(x uint16, b uint) uint16 {
+ return (x >> (16 - b)) | (x << b)
+}
+
+func (c *rc2Cipher) Encrypt(dst, src []byte) {
+
+ r0 := binary.LittleEndian.Uint16(src[0:])
+ r1 := binary.LittleEndian.Uint16(src[2:])
+ r2 := binary.LittleEndian.Uint16(src[4:])
+ r3 := binary.LittleEndian.Uint16(src[6:])
+
+ var j int
+
+ // These three mix blocks have not been extracted to a common function for to performance reasons.
+ for j <= 16 {
+ // mix r0
+ r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
+ r0 = rotl16(r0, 1)
+ j++
+
+ // mix r1
+ r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2)
+ r1 = rotl16(r1, 2)
+ j++
+
+ // mix r2
+ r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3)
+ r2 = rotl16(r2, 3)
+ j++
+
+ // mix r3
+ r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0)
+ r3 = rotl16(r3, 5)
+ j++
+ }
+
+ r0 = r0 + c.k[r3&63]
+ r1 = r1 + c.k[r0&63]
+ r2 = r2 + c.k[r1&63]
+ r3 = r3 + c.k[r2&63]
+
+ for j <= 40 {
+ // mix r0
+ r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
+ r0 = rotl16(r0, 1)
+ j++
+
+ // mix r1
+ r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2)
+ r1 = rotl16(r1, 2)
+ j++
+
+ // mix r2
+ r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3)
+ r2 = rotl16(r2, 3)
+ j++
+
+ // mix r3
+ r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0)
+ r3 = rotl16(r3, 5)
+ j++
+ }
+
+ r0 = r0 + c.k[r3&63]
+ r1 = r1 + c.k[r0&63]
+ r2 = r2 + c.k[r1&63]
+ r3 = r3 + c.k[r2&63]
+
+ for j <= 60 {
+ // mix r0
+ r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
+ r0 = rotl16(r0, 1)
+ j++
+
+ // mix r1
+ r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2)
+ r1 = rotl16(r1, 2)
+ j++
+
+ // mix r2
+ r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3)
+ r2 = rotl16(r2, 3)
+ j++
+
+ // mix r3
+ r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0)
+ r3 = rotl16(r3, 5)
+ j++
+ }
+
+ binary.LittleEndian.PutUint16(dst[0:], r0)
+ binary.LittleEndian.PutUint16(dst[2:], r1)
+ binary.LittleEndian.PutUint16(dst[4:], r2)
+ binary.LittleEndian.PutUint16(dst[6:], r3)
+}
+
+func (c *rc2Cipher) Decrypt(dst, src []byte) {
+
+ r0 := binary.LittleEndian.Uint16(src[0:])
+ r1 := binary.LittleEndian.Uint16(src[2:])
+ r2 := binary.LittleEndian.Uint16(src[4:])
+ r3 := binary.LittleEndian.Uint16(src[6:])
+
+ j := 63
+
+ for j >= 44 {
+ // unmix r3
+ r3 = rotl16(r3, 16-5)
+ r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
+ j--
+
+ // unmix r2
+ r2 = rotl16(r2, 16-3)
+ r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3)
+ j--
+
+ // unmix r1
+ r1 = rotl16(r1, 16-2)
+ r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2)
+ j--
+
+ // unmix r0
+ r0 = rotl16(r0, 16-1)
+ r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1)
+ j--
+ }
+
+ r3 = r3 - c.k[r2&63]
+ r2 = r2 - c.k[r1&63]
+ r1 = r1 - c.k[r0&63]
+ r0 = r0 - c.k[r3&63]
+
+ for j >= 20 {
+ // unmix r3
+ r3 = rotl16(r3, 16-5)
+ r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
+ j--
+
+ // unmix r2
+ r2 = rotl16(r2, 16-3)
+ r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3)
+ j--
+
+ // unmix r1
+ r1 = rotl16(r1, 16-2)
+ r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2)
+ j--
+
+ // unmix r0
+ r0 = rotl16(r0, 16-1)
+ r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1)
+ j--
+ }
+
+ r3 = r3 - c.k[r2&63]
+ r2 = r2 - c.k[r1&63]
+ r1 = r1 - c.k[r0&63]
+ r0 = r0 - c.k[r3&63]
+
+ for j >= 0 {
+ // unmix r3
+ r3 = rotl16(r3, 16-5)
+ r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
+ j--
+
+ // unmix r2
+ r2 = rotl16(r2, 16-3)
+ r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3)
+ j--
+
+ // unmix r1
+ r1 = rotl16(r1, 16-2)
+ r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2)
+ j--
+
+ // unmix r0
+ r0 = rotl16(r0, 16-1)
+ r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1)
+ j--
+ }
+
+ binary.LittleEndian.PutUint16(dst[0:], r0)
+ binary.LittleEndian.PutUint16(dst[2:], r1)
+ binary.LittleEndian.PutUint16(dst[4:], r2)
+ binary.LittleEndian.PutUint16(dst[6:], r3)
+}
diff --git a/vendor/github.com/nadoo/conflag/LICENSE b/vendor/github.com/nadoo/conflag/LICENSE
new file mode 100644
index 0000000..9cecc1d
--- /dev/null
+++ b/vendor/github.com/nadoo/conflag/LICENSE
@@ -0,0 +1,674 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so. This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software. The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable. Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products. If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ {one line to give the program's name and a brief idea of what it does.}
+ Copyright (C) {year} {name of author}
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ {project} Copyright (C) {year} {fullname}
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+.
+
+ The GNU General Public License does not permit incorporating your program
+into proprietary programs. If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License. But first, please read
+.
diff --git a/vendor/github.com/nadoo/conflag/README.md b/vendor/github.com/nadoo/conflag/README.md
new file mode 100644
index 0000000..6a1b368
--- /dev/null
+++ b/vendor/github.com/nadoo/conflag/README.md
@@ -0,0 +1,111 @@
+# conflag
+conflag is a config file and command line parser based on Go's standard flag package.
+
+## Usage
+
+### Your code:
+```Go
+package main
+
+import (
+ "fmt"
+
+ "github.com/nadoo/conflag"
+)
+
+var conf struct {
+ Name string
+ Age int
+ Male bool
+}
+
+func main() {
+ // get a new conflag instance
+ flag := conflag.New()
+
+ // setup flags as the standard flag package
+ flag.StringVar(&conf.Name, "name", "", "your name")
+ flag.IntVar(&conf.Age, "age", 0, "your age")
+ flag.BoolVar(&conf.Male, "male", false, "your sex")
+
+ // parse before access flags
+ flag.Parse()
+
+ // now you're able to get the parsed flag values
+ fmt.Printf(" Name: %s\n", conf.Name)
+ fmt.Printf(" Age: %d\n", conf.Age)
+ fmt.Printf(" Male: %v\n", conf.Male)
+}
+```
+
+### Run without config file:
+command:
+```bash
+sample -name Jay -age 30
+```
+output:
+```bash
+ Name: Jay
+ Age: 30
+ Male: false
+```
+
+### Run with config file(-config):
+sample.conf:
+```bash
+name=Jason
+age=20
+male
+```
+command: **use "-config" flag to specify the config file path.**
+```bash
+sample -config sample.conf
+```
+output:
+```bash
+ Name: Jason
+ Age: 20
+ Male: true
+```
+
+### Run with config file and OVERRIDE a flag value using commandline:
+sample.conf:
+```bash
+name=Jason
+age=20
+male
+```
+command:
+```bash
+sample -config sample.conf -name Michael
+```
+output:
+```bash
+ Name: Michael
+ Age: 20
+ Male: true
+```
+
+## Config File
+- format: KEY=VALUE
+
+**just use the command line flag name as the key name**:
+
+```bash
+## config file
+# comment line starts with "#"
+
+# format:
+#KEY=VALUE,
+# just use the command line flag name as the key name
+
+# your name
+name=Jason
+
+# your age
+age=20
+
+# are you male?
+male
+```
+See [simple.conf](examples/simple/simple.conf)
\ No newline at end of file
diff --git a/vendor/github.com/nadoo/conflag/conflag.go b/vendor/github.com/nadoo/conflag/conflag.go
new file mode 100644
index 0000000..c011540
--- /dev/null
+++ b/vendor/github.com/nadoo/conflag/conflag.go
@@ -0,0 +1,151 @@
+package conflag
+
+import (
+ "bufio"
+ "flag"
+ "os"
+ "path/filepath"
+ "strings"
+)
+
+// Conflag .
+type Conflag struct {
+ *flag.FlagSet
+
+ app string
+ osArgs []string
+ cfgFile string
+ args []string
+
+ includes []string
+
+ // TODO: add shorthand? or just use pflag?
+ // shorthand map[byte]string
+}
+
+// New ...
+func New(args ...string) *Conflag {
+ if args == nil {
+ args = os.Args
+ }
+
+ c := &Conflag{}
+ c.app = args[0]
+ c.osArgs = args[1:]
+ c.FlagSet = flag.NewFlagSet(c.app, flag.ExitOnError)
+ c.FlagSet.StringVar(&c.cfgFile, "config", "", "config file path")
+
+ return c
+}
+
+// NewFromFile ...
+func NewFromFile(app, cfgFile string) *Conflag {
+ c := &Conflag{}
+
+ if app != "" {
+ c.app = app
+ } else {
+ c.app = os.Args[0]
+ }
+
+ c.cfgFile = cfgFile
+ c.FlagSet = flag.NewFlagSet(c.app, flag.ExitOnError)
+
+ c.StringSliceUniqVar(&c.includes, "include", nil, "include file")
+
+ return c
+}
+
+// Parse ...
+func (c *Conflag) Parse() (err error) {
+ // parse 1st time and see whether there is a conf file.
+ err = c.FlagSet.Parse(c.osArgs)
+ if err != nil {
+ return err
+ }
+
+ // if there is no args, just try to load the app.conf file.
+ if c.cfgFile == "" && len(c.osArgs) == 0 {
+ // trim app exetension
+ for i := len(c.app) - 1; i >= 0 && c.app[i] != '/' && c.app[i] != '\\'; i-- {
+ if c.app[i] == '.' {
+ c.cfgFile = c.app[:i]
+ break
+ }
+ }
+
+ if c.cfgFile == "" {
+ c.cfgFile = c.app
+ }
+
+ c.cfgFile += ".conf"
+ }
+
+ if c.cfgFile == "" {
+ return nil
+ }
+
+ fargs, err := parseFile(c.cfgFile)
+ if err != nil {
+ return err
+ }
+
+ c.args = fargs
+ c.args = append(c.args, c.osArgs...)
+
+ // parse 2nd time to get the include file values
+ err = c.FlagSet.Parse(c.args)
+ if err != nil {
+ return err
+ }
+
+ dir := filepath.Dir(c.cfgFile)
+
+ // parse 3rd time to parse flags in include file
+ for _, include := range c.includes {
+ include = filepath.Join(dir, include)
+ fargs, err := parseFile(include)
+ if err != nil {
+ return err
+ }
+
+ c.args = fargs
+ c.args = append(c.args, c.osArgs...)
+
+ err = c.FlagSet.Parse(c.args)
+ }
+
+ return err
+}
+
+func parseFile(cfgFile string) ([]string, error) {
+ var s []string
+
+ fp, err := os.Open(cfgFile)
+ if err != nil {
+ return nil, err
+ }
+ defer fp.Close()
+
+ scanner := bufio.NewScanner(fp)
+ for scanner.Scan() {
+ line := scanner.Text()
+ line = strings.TrimSpace(line)
+ if len(line) == 0 || line[:1] == "#" {
+ continue
+ }
+ s = append(s, "-"+line)
+ }
+
+ return s, nil
+}
+
+// AppDir returns the app dir
+func (c *Conflag) AppDir() string {
+ return filepath.Dir(os.Args[0])
+}
+
+// ConfDir returns the config file dir
+func (c *Conflag) ConfDir() string {
+ return filepath.Dir(c.cfgFile)
+}
diff --git a/vendor/github.com/nadoo/conflag/string_slice.go b/vendor/github.com/nadoo/conflag/string_slice.go
new file mode 100644
index 0000000..e7a02f1
--- /dev/null
+++ b/vendor/github.com/nadoo/conflag/string_slice.go
@@ -0,0 +1,47 @@
+// source: https://github.com/spf13/pflag/blob/master/string_slice.go
+
+package conflag
+
+type stringSliceValue struct {
+ value *[]string
+ changed bool
+}
+
+func newStringSliceValue(val []string, p *[]string) *stringSliceValue {
+ ssv := new(stringSliceValue)
+ ssv.value = p
+ *ssv.value = val
+ return ssv
+}
+
+func (s *stringSliceValue) Set(val string) error {
+ if !s.changed {
+ *s.value = []string{val}
+ s.changed = true
+ } else {
+ *s.value = append(*s.value, val)
+ }
+ return nil
+}
+
+func (s *stringSliceValue) Type() string {
+ return "stringSlice"
+}
+
+func (s *stringSliceValue) String() string {
+ return ""
+}
+
+// StringSliceVar defines a string flag with specified name, default value, and usage string.
+// The argument p points to a []string variable in which to store the value of the flag.
+func (c *Conflag) StringSliceVar(p *[]string, name string, value []string, usage string) {
+ c.Var(newStringSliceValue(value, p), name, usage)
+}
+
+// StringSlice defines a string flag with specified name, default value, and usage string.
+// The return value is the address of a []string variable that stores the value of the flag.
+func (c *Conflag) StringSlice(name string, value []string, usage string) *[]string {
+ p := []string{}
+ c.StringSliceVar(&p, name, value, usage)
+ return &p
+}
diff --git a/vendor/github.com/nadoo/conflag/string_slice_uniq.go b/vendor/github.com/nadoo/conflag/string_slice_uniq.go
new file mode 100644
index 0000000..70d7389
--- /dev/null
+++ b/vendor/github.com/nadoo/conflag/string_slice_uniq.go
@@ -0,0 +1,51 @@
+package conflag
+
+type stringSliceUniqValue struct {
+ *stringSliceValue
+}
+
+func newStringSliceUniqValue(val []string, p *[]string) *stringSliceUniqValue {
+ return &stringSliceUniqValue{stringSliceValue: newStringSliceValue(val, p)}
+}
+
+func (s *stringSliceUniqValue) Set(val string) error {
+ if !s.changed {
+ *s.value = []string{val}
+ s.changed = true
+ }
+
+ dup := false
+ for _, v := range *s.value {
+ if v == val {
+ dup = true
+ }
+ }
+
+ if !dup {
+ *s.value = append(*s.value, val)
+ }
+
+ return nil
+}
+
+func (s *stringSliceUniqValue) Type() string {
+ return "stringSliceUniq"
+}
+
+func (s *stringSliceUniqValue) String() string {
+ return ""
+}
+
+// StringSliceUniqVar defines a string flag with specified name, default value, and usage string.
+// The argument p points to a []string variable in which to store the value of the flag.
+func (c *Conflag) StringSliceUniqVar(p *[]string, name string, value []string, usage string) {
+ c.Var(newStringSliceUniqValue(value, p), name, usage)
+}
+
+// StringUniqSlice defines a string flag with specified name, default value, and usage string.
+// The return value is the address of a []string variable that stores the value of the flag.
+func (c *Conflag) StringUniqSlice(name string, value []string, usage string) *[]string {
+ p := []string{}
+ c.StringSliceUniqVar(&p, name, value, usage)
+ return &p
+}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/LICENSE b/vendor/github.com/shadowsocks/go-shadowsocks2/LICENSE
new file mode 100644
index 0000000..d645695
--- /dev/null
+++ b/vendor/github.com/shadowsocks/go-shadowsocks2/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/core/cipher.go b/vendor/github.com/shadowsocks/go-shadowsocks2/core/cipher.go
new file mode 100644
index 0000000..c672510
--- /dev/null
+++ b/vendor/github.com/shadowsocks/go-shadowsocks2/core/cipher.go
@@ -0,0 +1,144 @@
+package core
+
+import (
+ "crypto/md5"
+ "errors"
+ "net"
+ "sort"
+ "strings"
+
+ "github.com/shadowsocks/go-shadowsocks2/shadowaead"
+ "github.com/shadowsocks/go-shadowsocks2/shadowstream"
+)
+
+type Cipher interface {
+ StreamConnCipher
+ PacketConnCipher
+}
+
+type StreamConnCipher interface {
+ StreamConn(net.Conn) net.Conn
+}
+
+type PacketConnCipher interface {
+ PacketConn(net.PacketConn) net.PacketConn
+}
+
+// ErrCipherNotSupported occurs when a cipher is not supported (likely because of security concerns).
+var ErrCipherNotSupported = errors.New("cipher not supported")
+
+// List of AEAD ciphers: key size in bytes and constructor
+var aeadList = map[string]struct {
+ KeySize int
+ New func([]byte) (shadowaead.Cipher, error)
+}{
+ "AEAD_AES_128_GCM": {16, shadowaead.AESGCM},
+ "AEAD_AES_192_GCM": {24, shadowaead.AESGCM},
+ "AEAD_AES_256_GCM": {32, shadowaead.AESGCM},
+ "AEAD_CHACHA20_POLY1305": {32, shadowaead.Chacha20Poly1305},
+}
+
+// List of stream ciphers: key size in bytes and constructor
+var streamList = map[string]struct {
+ KeySize int
+ New func(key []byte) (shadowstream.Cipher, error)
+}{
+ "AES-128-CTR": {16, shadowstream.AESCTR},
+ "AES-192-CTR": {24, shadowstream.AESCTR},
+ "AES-256-CTR": {32, shadowstream.AESCTR},
+ "AES-128-CFB": {16, shadowstream.AESCFB},
+ "AES-192-CFB": {24, shadowstream.AESCFB},
+ "AES-256-CFB": {32, shadowstream.AESCFB},
+ "CHACHA20-IETF": {32, shadowstream.Chacha20IETF},
+ "XCHACHA20": {32, shadowstream.Xchacha20},
+}
+
+// ListCipher returns a list of available cipher names sorted alphabetically.
+func ListCipher() []string {
+ var l []string
+ for k := range aeadList {
+ l = append(l, k)
+ }
+ for k := range streamList {
+ l = append(l, k)
+ }
+ sort.Strings(l)
+ return l
+}
+
+// PickCipher returns a Cipher of the given name. Derive key from password if given key is empty.
+func PickCipher(name string, key []byte, password string) (Cipher, error) {
+ name = strings.ToUpper(name)
+
+ switch name {
+ case "DUMMY":
+ return &dummy{}, nil
+ case "CHACHA20-IETF-POLY1305":
+ name = "AEAD_CHACHA20_POLY1305"
+ case "AES-128-GCM":
+ name = "AEAD_AES_128_GCM"
+ case "AES-196-GCM":
+ name = "AEAD_AES_196_GCM"
+ case "AES-256-GCM":
+ name = "AEAD_AES_256_GCM"
+ }
+
+ if choice, ok := aeadList[name]; ok {
+ if len(key) == 0 {
+ key = kdf(password, choice.KeySize)
+ }
+ if len(key) != choice.KeySize {
+ return nil, shadowaead.KeySizeError(choice.KeySize)
+ }
+ aead, err := choice.New(key)
+ return &aeadCipher{aead}, err
+ }
+
+ if choice, ok := streamList[name]; ok {
+ if len(key) == 0 {
+ key = kdf(password, choice.KeySize)
+ }
+ if len(key) != choice.KeySize {
+ return nil, shadowstream.KeySizeError(choice.KeySize)
+ }
+ ciph, err := choice.New(key)
+ return &streamCipher{ciph}, err
+ }
+
+ return nil, ErrCipherNotSupported
+}
+
+type aeadCipher struct{ shadowaead.Cipher }
+
+func (aead *aeadCipher) StreamConn(c net.Conn) net.Conn { return shadowaead.NewConn(c, aead) }
+func (aead *aeadCipher) PacketConn(c net.PacketConn) net.PacketConn {
+ return shadowaead.NewPacketConn(c, aead)
+}
+
+type streamCipher struct{ shadowstream.Cipher }
+
+func (ciph *streamCipher) StreamConn(c net.Conn) net.Conn { return shadowstream.NewConn(c, ciph) }
+func (ciph *streamCipher) PacketConn(c net.PacketConn) net.PacketConn {
+ return shadowstream.NewPacketConn(c, ciph)
+}
+
+// dummy cipher does not encrypt
+
+type dummy struct{}
+
+func (dummy) StreamConn(c net.Conn) net.Conn { return c }
+func (dummy) PacketConn(c net.PacketConn) net.PacketConn { return c }
+
+// key-derivation function from original Shadowsocks
+func kdf(password string, keyLen int) []byte {
+ var b, prev []byte
+ h := md5.New()
+ for len(b) < keyLen {
+ h.Write(prev)
+ h.Write([]byte(password))
+ b = h.Sum(b)
+ prev = b[len(b)-h.Size():]
+ h.Reset()
+ }
+ return b[:keyLen]
+}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/core/doc.go b/vendor/github.com/shadowsocks/go-shadowsocks2/core/doc.go
new file mode 100644
index 0000000..4001c10
--- /dev/null
+++ b/vendor/github.com/shadowsocks/go-shadowsocks2/core/doc.go
@@ -0,0 +1,2 @@
+// Package core implements essential parts of Shadowsocks
+package core
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/core/packet.go b/vendor/github.com/shadowsocks/go-shadowsocks2/core/packet.go
new file mode 100644
index 0000000..641aa13
--- /dev/null
+++ b/vendor/github.com/shadowsocks/go-shadowsocks2/core/packet.go
@@ -0,0 +1,8 @@
+package core
+
+import "net"
+
+func ListenPacket(network, address string, ciph PacketConnCipher) (net.PacketConn, error) {
+ c, err := net.ListenPacket(network, address)
+ return ciph.PacketConn(c), err
+}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/core/stream.go b/vendor/github.com/shadowsocks/go-shadowsocks2/core/stream.go
new file mode 100644
index 0000000..5c773cd
--- /dev/null
+++ b/vendor/github.com/shadowsocks/go-shadowsocks2/core/stream.go
@@ -0,0 +1,23 @@
+package core
+
+import "net"
+
+type listener struct {
+ net.Listener
+ StreamConnCipher
+}
+
+func Listen(network, address string, ciph StreamConnCipher) (net.Listener, error) {
+ l, err := net.Listen(network, address)
+ return &listener{l, ciph}, err
+}
+
+func (l *listener) Accept() (net.Conn, error) {
+ c, err := l.Listener.Accept()
+ return l.StreamConn(c), err
+}
+
+func Dial(network, address string, ciph StreamConnCipher) (net.Conn, error) {
+ c, err := net.Dial(network, address)
+ return ciph.StreamConn(c), err
+}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/cipher.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/cipher.go
new file mode 100644
index 0000000..19410df
--- /dev/null
+++ b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/cipher.go
@@ -0,0 +1,83 @@
+package shadowaead
+
+import (
+ "crypto/aes"
+ "crypto/cipher"
+ "crypto/sha1"
+ "io"
+ "strconv"
+
+ "golang.org/x/crypto/chacha20poly1305"
+ "golang.org/x/crypto/hkdf"
+)
+
+type Cipher interface {
+ KeySize() int
+ SaltSize() int
+ Encrypter(salt []byte) (cipher.AEAD, error)
+ Decrypter(salt []byte) (cipher.AEAD, error)
+}
+
+type KeySizeError int
+
+func (e KeySizeError) Error() string {
+ return "key size error: need " + strconv.Itoa(int(e)) + " bytes"
+}
+
+func hkdfSHA1(secret, salt, info, outkey []byte) {
+ r := hkdf.New(sha1.New, secret, salt, info)
+ if _, err := io.ReadFull(r, outkey); err != nil {
+ panic(err) // should never happen
+ }
+}
+
+type metaCipher struct {
+ psk []byte
+ makeAEAD func(key []byte) (cipher.AEAD, error)
+}
+
+func (a *metaCipher) KeySize() int { return len(a.psk) }
+func (a *metaCipher) SaltSize() int {
+ if ks := a.KeySize(); ks > 16 {
+ return ks
+ }
+ return 16
+}
+func (a *metaCipher) Encrypter(salt []byte) (cipher.AEAD, error) {
+ subkey := make([]byte, a.KeySize())
+ hkdfSHA1(a.psk, salt, []byte("ss-subkey"), subkey)
+ return a.makeAEAD(subkey)
+}
+func (a *metaCipher) Decrypter(salt []byte) (cipher.AEAD, error) {
+ subkey := make([]byte, a.KeySize())
+ hkdfSHA1(a.psk, salt, []byte("ss-subkey"), subkey)
+ return a.makeAEAD(subkey)
+}
+
+func aesGCM(key []byte) (cipher.AEAD, error) {
+ blk, err := aes.NewCipher(key)
+ if err != nil {
+ return nil, err
+ }
+ return cipher.NewGCM(blk)
+}
+
+// AESGCM creates a new Cipher with a pre-shared key. len(psk) must be
+// one of 16, 24, or 32 to select AES-128/196/256-GCM.
+func AESGCM(psk []byte) (Cipher, error) {
+ switch l := len(psk); l {
+ case 16, 24, 32: // AES 128/196/256
+ default:
+ return nil, aes.KeySizeError(l)
+ }
+ return &metaCipher{psk: psk, makeAEAD: aesGCM}, nil
+}
+
+// Chacha20Poly1305 creates a new Cipher with a pre-shared key. len(psk)
+// must be 32.
+func Chacha20Poly1305(psk []byte) (Cipher, error) {
+ if len(psk) != chacha20poly1305.KeySize {
+ return nil, KeySizeError(chacha20poly1305.KeySize)
+ }
+ return &metaCipher{psk: psk, makeAEAD: chacha20poly1305.New}, nil
+}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/doc.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/doc.go
new file mode 100644
index 0000000..8d1e286
--- /dev/null
+++ b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/doc.go
@@ -0,0 +1,35 @@
+/*
+Package shadowaead implements a simple AEAD-protected secure protocol.
+
+In general, there are two types of connections: stream-oriented and packet-oriented.
+Stream-oriented connections (e.g. TCP) assume reliable and orderly delivery of bytes.
+Packet-oriented connections (e.g. UDP) assume unreliable and out-of-order delivery of packets,
+where each packet is either delivered intact or lost.
+
+An encrypted stream starts with a random salt to derive a session key, followed by any number of
+encrypted records. Each encrypted record has the following structure:
+
+ [encrypted payload length]
+ [payload length tag]
+ [encrypted payload]
+ [payload tag]
+
+Payload length is 2-byte unsigned big-endian integer capped at 0x3FFF (16383).
+The higher 2 bits are reserved and must be set to zero. The first AEAD encrypt/decrypt
+operation uses a counting nonce starting from 0. After each encrypt/decrypt operation,
+the nonce is incremented by one as if it were an unsigned little-endian integer.
+
+
+Each encrypted packet transmitted on a packet-oriented connection has the following structure:
+
+ [random salt]
+ [encrypted payload]
+ [payload tag]
+
+The salt is used to derive a subkey to initiate an AEAD. Packets are encrypted/decrypted independently
+using zero nonce.
+
+In both stream-oriented and packet-oriented connections, length of nonce and tag varies
+depending on which AEAD is used. Salt should be at least 16-byte long.
+*/
+package shadowaead
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/packet.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/packet.go
new file mode 100644
index 0000000..d8f20a4
--- /dev/null
+++ b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/packet.go
@@ -0,0 +1,93 @@
+package shadowaead
+
+import (
+ "crypto/rand"
+ "errors"
+ "io"
+ "net"
+ "sync"
+)
+
+// ErrShortPacket means that the packet is too short for a valid encrypted packet.
+var ErrShortPacket = errors.New("short packet")
+
+var _zerononce [128]byte // read-only. 128 bytes is more than enough.
+
+// Pack encrypts plaintext using Cipher with a randomly generated salt and
+// returns a slice of dst containing the encrypted packet and any error occurred.
+// Ensure len(dst) >= ciph.SaltSize() + len(plaintext) + aead.Overhead().
+func Pack(dst, plaintext []byte, ciph Cipher) ([]byte, error) {
+ saltSize := ciph.SaltSize()
+ salt := dst[:saltSize]
+ if _, err := io.ReadFull(rand.Reader, salt); err != nil {
+ return nil, err
+ }
+
+ aead, err := ciph.Encrypter(salt)
+ if err != nil {
+ return nil, err
+ }
+
+ if len(dst) < saltSize+len(plaintext)+aead.Overhead() {
+ return nil, io.ErrShortBuffer
+ }
+ b := aead.Seal(dst[saltSize:saltSize], _zerononce[:aead.NonceSize()], plaintext, nil)
+ return dst[:saltSize+len(b)], nil
+}
+
+// Unpack decrypts pkt using Cipher and returns a slice of dst containing the decrypted payload and any error occurred.
+// Ensure len(dst) >= len(pkt) - aead.SaltSize() - aead.Overhead().
+func Unpack(dst, pkt []byte, ciph Cipher) ([]byte, error) {
+ saltSize := ciph.SaltSize()
+ if len(pkt) < saltSize {
+ return nil, ErrShortPacket
+ }
+ salt := pkt[:saltSize]
+ aead, err := ciph.Decrypter(salt)
+ if err != nil {
+ return nil, err
+ }
+ if len(pkt) < saltSize+aead.Overhead() {
+ return nil, ErrShortPacket
+ }
+ if saltSize+len(dst)+aead.Overhead() < len(pkt) {
+ return nil, io.ErrShortBuffer
+ }
+ b, err := aead.Open(dst[:0], _zerononce[:aead.NonceSize()], pkt[saltSize:], nil)
+ return b, err
+}
+
+type packetConn struct {
+ net.PacketConn
+ Cipher
+ sync.Mutex
+ buf []byte // write lock
+}
+
+// NewPacketConn wraps a net.PacketConn with cipher
+func NewPacketConn(c net.PacketConn, ciph Cipher) net.PacketConn {
+ const maxPacketSize = 64 * 1024
+ return &packetConn{PacketConn: c, Cipher: ciph, buf: make([]byte, maxPacketSize)}
+}
+
+// WriteTo encrypts b and write to addr using the embedded PacketConn.
+func (c *packetConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+ c.Lock()
+ defer c.Unlock()
+ buf, err := Pack(c.buf, b, c)
+ if err != nil {
+ return 0, err
+ }
+ _, err = c.PacketConn.WriteTo(buf, addr)
+ return len(b), err
+}
+
+// ReadFrom reads from the embedded PacketConn and decrypts into b.
+func (c *packetConn) ReadFrom(b []byte) (int, net.Addr, error) {
+ n, addr, err := c.PacketConn.ReadFrom(b)
+ if err != nil {
+ return n, addr, err
+ }
+ b, err = Unpack(b, b[:n], c)
+ return len(b), addr, err
+}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/stream.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/stream.go
new file mode 100644
index 0000000..5f499a2
--- /dev/null
+++ b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/stream.go
@@ -0,0 +1,270 @@
+package shadowaead
+
+import (
+ "bytes"
+ "crypto/cipher"
+ "crypto/rand"
+ "io"
+ "net"
+)
+
+// payloadSizeMask is the maximum size of payload in bytes.
+const payloadSizeMask = 0x3FFF // 16*1024 - 1
+
+type writer struct {
+ io.Writer
+ cipher.AEAD
+ nonce []byte
+ buf []byte
+}
+
+// NewWriter wraps an io.Writer with AEAD encryption.
+func NewWriter(w io.Writer, aead cipher.AEAD) io.Writer { return newWriter(w, aead) }
+
+func newWriter(w io.Writer, aead cipher.AEAD) *writer {
+ return &writer{
+ Writer: w,
+ AEAD: aead,
+ buf: make([]byte, 2+aead.Overhead()+payloadSizeMask+aead.Overhead()),
+ nonce: make([]byte, aead.NonceSize()),
+ }
+}
+
+// Write encrypts b and writes to the embedded io.Writer.
+func (w *writer) Write(b []byte) (int, error) {
+ n, err := w.ReadFrom(bytes.NewBuffer(b))
+ return int(n), err
+}
+
+// ReadFrom reads from the given io.Reader until EOF or error, encrypts and
+// writes to the embedded io.Writer. Returns number of bytes read from r and
+// any error encountered.
+func (w *writer) ReadFrom(r io.Reader) (n int64, err error) {
+ for {
+ buf := w.buf
+ payloadBuf := buf[2+w.Overhead() : 2+w.Overhead()+payloadSizeMask]
+ nr, er := r.Read(payloadBuf)
+
+ if nr > 0 {
+ n += int64(nr)
+ buf = buf[:2+w.Overhead()+nr+w.Overhead()]
+ payloadBuf = payloadBuf[:nr]
+ buf[0], buf[1] = byte(nr>>8), byte(nr) // big-endian payload size
+ w.Seal(buf[:0], w.nonce, buf[:2], nil)
+ increment(w.nonce)
+
+ w.Seal(payloadBuf[:0], w.nonce, payloadBuf, nil)
+ increment(w.nonce)
+
+ _, ew := w.Writer.Write(buf)
+ if ew != nil {
+ err = ew
+ break
+ }
+ }
+
+ if er != nil {
+ if er != io.EOF { // ignore EOF as per io.ReaderFrom contract
+ err = er
+ }
+ break
+ }
+ }
+
+ return n, err
+}
+
+type reader struct {
+ io.Reader
+ cipher.AEAD
+ nonce []byte
+ buf []byte
+ leftover []byte
+}
+
+// NewReader wraps an io.Reader with AEAD decryption.
+func NewReader(r io.Reader, aead cipher.AEAD) io.Reader { return newReader(r, aead) }
+
+func newReader(r io.Reader, aead cipher.AEAD) *reader {
+ return &reader{
+ Reader: r,
+ AEAD: aead,
+ buf: make([]byte, payloadSizeMask+aead.Overhead()),
+ nonce: make([]byte, aead.NonceSize()),
+ }
+}
+
+// read and decrypt a record into the internal buffer. Return decrypted payload length and any error encountered.
+func (r *reader) read() (int, error) {
+ // decrypt payload size
+ buf := r.buf[:2+r.Overhead()]
+ _, err := io.ReadFull(r.Reader, buf)
+ if err != nil {
+ return 0, err
+ }
+
+ _, err = r.Open(buf[:0], r.nonce, buf, nil)
+ increment(r.nonce)
+ if err != nil {
+ return 0, err
+ }
+
+ size := (int(buf[0])<<8 + int(buf[1])) & payloadSizeMask
+
+ // decrypt payload
+ buf = r.buf[:size+r.Overhead()]
+ _, err = io.ReadFull(r.Reader, buf)
+ if err != nil {
+ return 0, err
+ }
+
+ _, err = r.Open(buf[:0], r.nonce, buf, nil)
+ increment(r.nonce)
+ if err != nil {
+ return 0, err
+ }
+
+ return size, nil
+}
+
+// Read reads from the embedded io.Reader, decrypts and writes to b.
+func (r *reader) Read(b []byte) (int, error) {
+ // copy decrypted bytes (if any) from previous record first
+ if len(r.leftover) > 0 {
+ n := copy(b, r.leftover)
+ r.leftover = r.leftover[n:]
+ return n, nil
+ }
+
+ n, err := r.read()
+ m := copy(b, r.buf[:n])
+ if m < n { // insufficient len(b), keep leftover for next read
+ r.leftover = r.buf[m:n]
+ }
+ return m, err
+}
+
+// WriteTo reads from the embedded io.Reader, decrypts and writes to w until
+// there's no more data to write or when an error occurs. Return number of
+// bytes written to w and any error encountered.
+func (r *reader) WriteTo(w io.Writer) (n int64, err error) {
+ // write decrypted bytes left over from previous record
+ for len(r.leftover) > 0 {
+ nw, ew := w.Write(r.leftover)
+ r.leftover = r.leftover[nw:]
+ n += int64(nw)
+ if ew != nil {
+ return n, ew
+ }
+ }
+
+ for {
+ nr, er := r.read()
+ if nr > 0 {
+ nw, ew := w.Write(r.buf[:nr])
+ n += int64(nw)
+
+ if ew != nil {
+ err = ew
+ break
+ }
+ }
+
+ if er != nil {
+ if er != io.EOF { // ignore EOF as per io.Copy contract (using src.WriteTo shortcut)
+ err = er
+ }
+ break
+ }
+ }
+
+ return n, err
+}
+
+// increment little-endian encoded unsigned integer b. Wrap around on overflow.
+func increment(b []byte) {
+ for i := range b {
+ b[i]++
+ if b[i] != 0 {
+ return
+ }
+ }
+}
+
+type streamConn struct {
+ net.Conn
+ Cipher
+ r *reader
+ w *writer
+}
+
+func (c *streamConn) initReader() error {
+ salt := make([]byte, c.SaltSize())
+ if _, err := io.ReadFull(c.Conn, salt); err != nil {
+ return err
+ }
+
+ aead, err := c.Decrypter(salt)
+ if err != nil {
+ return err
+ }
+
+ c.r = newReader(c.Conn, aead)
+ return nil
+}
+
+func (c *streamConn) Read(b []byte) (int, error) {
+ if c.r == nil {
+ if err := c.initReader(); err != nil {
+ return 0, err
+ }
+ }
+ return c.r.Read(b)
+}
+
+func (c *streamConn) WriteTo(w io.Writer) (int64, error) {
+ if c.r == nil {
+ if err := c.initReader(); err != nil {
+ return 0, err
+ }
+ }
+ return c.r.WriteTo(w)
+}
+
+func (c *streamConn) initWriter() error {
+ salt := make([]byte, c.SaltSize())
+ if _, err := io.ReadFull(rand.Reader, salt); err != nil {
+ return err
+ }
+ aead, err := c.Encrypter(salt)
+ if err != nil {
+ return err
+ }
+ _, err = c.Conn.Write(salt)
+ if err != nil {
+ return err
+ }
+ c.w = newWriter(c.Conn, aead)
+ return nil
+}
+
+func (c *streamConn) Write(b []byte) (int, error) {
+ if c.w == nil {
+ if err := c.initWriter(); err != nil {
+ return 0, err
+ }
+ }
+ return c.w.Write(b)
+}
+
+func (c *streamConn) ReadFrom(r io.Reader) (int64, error) {
+ if c.w == nil {
+ if err := c.initWriter(); err != nil {
+ return 0, err
+ }
+ }
+ return c.w.ReadFrom(r)
+}
+
+// NewConn wraps a stream-oriented net.Conn with cipher.
+func NewConn(c net.Conn, ciph Cipher) net.Conn { return &streamConn{Conn: c, Cipher: ciph} }
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/cipher.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/cipher.go
new file mode 100644
index 0000000..dea233e
--- /dev/null
+++ b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/cipher.go
@@ -0,0 +1,91 @@
+package shadowstream
+
+import (
+ "crypto/aes"
+ "crypto/cipher"
+ "strconv"
+
+ "github.com/Yawning/chacha20"
+)
+
+// Cipher generates a pair of stream ciphers for encryption and decryption.
+type Cipher interface {
+ IVSize() int
+ Encrypter(iv []byte) cipher.Stream
+ Decrypter(iv []byte) cipher.Stream
+}
+
+type KeySizeError int
+
+func (e KeySizeError) Error() string {
+ return "key size error: need " + strconv.Itoa(int(e)) + " bytes"
+}
+
+// CTR mode
+type ctrStream struct{ cipher.Block }
+
+func (b *ctrStream) IVSize() int { return b.BlockSize() }
+func (b *ctrStream) Decrypter(iv []byte) cipher.Stream { return b.Encrypter(iv) }
+func (b *ctrStream) Encrypter(iv []byte) cipher.Stream { return cipher.NewCTR(b, iv) }
+
+func AESCTR(key []byte) (Cipher, error) {
+ blk, err := aes.NewCipher(key)
+ if err != nil {
+ return nil, err
+ }
+ return &ctrStream{blk}, nil
+}
+
+// CFB mode
+type cfbStream struct{ cipher.Block }
+
+func (b *cfbStream) IVSize() int { return b.BlockSize() }
+func (b *cfbStream) Decrypter(iv []byte) cipher.Stream { return cipher.NewCFBDecrypter(b, iv) }
+func (b *cfbStream) Encrypter(iv []byte) cipher.Stream { return cipher.NewCFBEncrypter(b, iv) }
+
+func AESCFB(key []byte) (Cipher, error) {
+ blk, err := aes.NewCipher(key)
+ if err != nil {
+ return nil, err
+ }
+ return &cfbStream{blk}, nil
+}
+
+// IETF-variant of chacha20
+type chacha20ietfkey []byte
+
+func (k chacha20ietfkey) IVSize() int { return chacha20.INonceSize }
+func (k chacha20ietfkey) Decrypter(iv []byte) cipher.Stream { return k.Encrypter(iv) }
+func (k chacha20ietfkey) Encrypter(iv []byte) cipher.Stream {
+ ciph, err := chacha20.NewCipher(k, iv)
+ if err != nil {
+ panic(err) // should never happen
+ }
+ return ciph
+}
+
+func Chacha20IETF(key []byte) (Cipher, error) {
+ if len(key) != chacha20.KeySize {
+ return nil, KeySizeError(chacha20.KeySize)
+ }
+ return chacha20ietfkey(key), nil
+}
+
+type xchacha20key []byte
+
+func (k xchacha20key) IVSize() int { return chacha20.XNonceSize }
+func (k xchacha20key) Decrypter(iv []byte) cipher.Stream { return k.Encrypter(iv) }
+func (k xchacha20key) Encrypter(iv []byte) cipher.Stream {
+ ciph, err := chacha20.NewCipher(k, iv)
+ if err != nil {
+ panic(err) // should never happen
+ }
+ return ciph
+}
+
+func Xchacha20(key []byte) (Cipher, error) {
+ if len(key) != chacha20.KeySize {
+ return nil, KeySizeError(chacha20.KeySize)
+ }
+ return xchacha20key(key), nil
+}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/doc.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/doc.go
new file mode 100644
index 0000000..4c0897a
--- /dev/null
+++ b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/doc.go
@@ -0,0 +1,2 @@
+// Package shadowstream implements the original Shadowsocks protocol protected by stream cipher.
+package shadowstream
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/packet.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/packet.go
new file mode 100644
index 0000000..8bbb27b
--- /dev/null
+++ b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/packet.go
@@ -0,0 +1,76 @@
+package shadowstream
+
+import (
+ "crypto/rand"
+ "errors"
+ "io"
+ "net"
+ "sync"
+)
+
+// ErrShortPacket means the packet is too short to be a valid encrypted packet.
+var ErrShortPacket = errors.New("short packet")
+
+// Pack encrypts plaintext using stream cipher s and a random IV.
+// Returns a slice of dst containing random IV and ciphertext.
+// Ensure len(dst) >= s.IVSize() + len(plaintext).
+func Pack(dst, plaintext []byte, s Cipher) ([]byte, error) {
+ if len(dst) < s.IVSize()+len(plaintext) {
+ return nil, io.ErrShortBuffer
+ }
+ iv := dst[:s.IVSize()]
+ _, err := io.ReadFull(rand.Reader, iv)
+ if err != nil {
+ return nil, err
+ }
+
+ s.Encrypter(iv).XORKeyStream(dst[len(iv):], plaintext)
+ return dst[:len(iv)+len(plaintext)], nil
+}
+
+// Unpack decrypts pkt using stream cipher s.
+// Returns a slice of dst containing decrypted plaintext.
+func Unpack(dst, pkt []byte, s Cipher) ([]byte, error) {
+ if len(pkt) < s.IVSize() {
+ return nil, ErrShortPacket
+ }
+
+ if len(dst) < len(pkt)-s.IVSize() {
+ return nil, io.ErrShortBuffer
+ }
+ iv := pkt[:s.IVSize()]
+ s.Decrypter(iv).XORKeyStream(dst, pkt[len(iv):])
+ return dst[:len(pkt)-len(iv)], nil
+}
+
+type packetConn struct {
+ net.PacketConn
+ Cipher
+ buf []byte
+ sync.Mutex // write lock
+}
+
+// NewPacketConn wraps a net.PacketConn with stream cipher encryption/decryption.
+func NewPacketConn(c net.PacketConn, ciph Cipher) net.PacketConn {
+ return &packetConn{PacketConn: c, Cipher: ciph, buf: make([]byte, 64*1024)}
+}
+
+func (c *packetConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+ c.Lock()
+ defer c.Unlock()
+ buf, err := Pack(c.buf, b, c.Cipher)
+ if err != nil {
+ return 0, err
+ }
+ _, err = c.PacketConn.WriteTo(buf, addr)
+ return len(b), err
+}
+
+func (c *packetConn) ReadFrom(b []byte) (int, net.Addr, error) {
+ n, addr, err := c.PacketConn.ReadFrom(b)
+ if err != nil {
+ return n, addr, err
+ }
+ b, err = Unpack(b, b[:n], c.Cipher)
+ return len(b), addr, err
+}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/stream.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/stream.go
new file mode 100644
index 0000000..eb4d967
--- /dev/null
+++ b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/stream.go
@@ -0,0 +1,171 @@
+package shadowstream
+
+import (
+ "bytes"
+ "crypto/cipher"
+ "crypto/rand"
+ "io"
+ "net"
+)
+
+const bufSize = 32 * 1024
+
+type writer struct {
+ io.Writer
+ cipher.Stream
+ buf []byte
+}
+
+// NewWriter wraps an io.Writer with stream cipher encryption.
+func NewWriter(w io.Writer, s cipher.Stream) io.Writer {
+ return &writer{Writer: w, Stream: s, buf: make([]byte, bufSize)}
+}
+
+func (w *writer) ReadFrom(r io.Reader) (n int64, err error) {
+ for {
+ buf := w.buf
+ nr, er := r.Read(buf)
+ if nr > 0 {
+ n += int64(nr)
+ buf = buf[:nr]
+ w.XORKeyStream(buf, buf)
+ _, ew := w.Writer.Write(buf)
+ if ew != nil {
+ err = ew
+ return
+ }
+ }
+
+ if er != nil {
+ if er != io.EOF { // ignore EOF as per io.ReaderFrom contract
+ err = er
+ }
+ return
+ }
+ }
+}
+
+func (w *writer) Write(b []byte) (int, error) {
+ n, err := w.ReadFrom(bytes.NewBuffer(b))
+ return int(n), err
+}
+
+type reader struct {
+ io.Reader
+ cipher.Stream
+ buf []byte
+}
+
+// NewReader wraps an io.Reader with stream cipher decryption.
+func NewReader(r io.Reader, s cipher.Stream) io.Reader {
+ return &reader{Reader: r, Stream: s, buf: make([]byte, bufSize)}
+}
+
+func (r *reader) Read(b []byte) (int, error) {
+
+ n, err := r.Reader.Read(b)
+ if err != nil {
+ return 0, err
+ }
+ b = b[:n]
+ r.XORKeyStream(b, b)
+ return n, nil
+}
+
+func (r *reader) WriteTo(w io.Writer) (n int64, err error) {
+ for {
+ buf := r.buf
+ nr, er := r.Read(buf)
+ if nr > 0 {
+ nw, ew := w.Write(buf[:nr])
+ n += int64(nw)
+
+ if ew != nil {
+ err = ew
+ return
+ }
+ }
+
+ if er != nil {
+ if er != io.EOF { // ignore EOF as per io.Copy contract (using src.WriteTo shortcut)
+ err = er
+ }
+ return
+ }
+ }
+}
+
+type conn struct {
+ net.Conn
+ Cipher
+ r *reader
+ w *writer
+}
+
+// NewConn wraps a stream-oriented net.Conn with stream cipher encryption/decryption.
+func NewConn(c net.Conn, ciph Cipher) net.Conn {
+ return &conn{Conn: c, Cipher: ciph}
+}
+
+func (c *conn) initReader() error {
+ if c.r == nil {
+ buf := make([]byte, bufSize)
+ iv := buf[:c.IVSize()]
+ if _, err := io.ReadFull(c.Conn, iv); err != nil {
+ return err
+ }
+ c.r = &reader{Reader: c.Conn, Stream: c.Decrypter(iv), buf: buf}
+ }
+ return nil
+}
+
+func (c *conn) Read(b []byte) (int, error) {
+ if c.r == nil {
+ if err := c.initReader(); err != nil {
+ return 0, err
+ }
+ }
+ return c.r.Read(b)
+}
+
+func (c *conn) WriteTo(w io.Writer) (int64, error) {
+ if c.r == nil {
+ if err := c.initReader(); err != nil {
+ return 0, err
+ }
+ }
+ return c.r.WriteTo(w)
+}
+
+func (c *conn) initWriter() error {
+ if c.w == nil {
+ buf := make([]byte, bufSize)
+ iv := buf[:c.IVSize()]
+ if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+ return err
+ }
+ if _, err := c.Conn.Write(iv); err != nil {
+ return err
+ }
+ c.w = &writer{Writer: c.Conn, Stream: c.Encrypter(iv), buf: buf}
+ }
+ return nil
+}
+
+func (c *conn) Write(b []byte) (int, error) {
+ if c.w == nil {
+ if err := c.initWriter(); err != nil {
+ return 0, err
+ }
+ }
+ return c.w.Write(b)
+}
+
+func (c *conn) ReadFrom(r io.Reader) (int64, error) {
+ if c.w == nil {
+ if err := c.initWriter(); err != nil {
+ return 0, err
+ }
+ }
+ return c.w.ReadFrom(r)
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/LICENSE b/vendor/github.com/sun8911879/shadowsocksR/LICENSE
new file mode 100644
index 0000000..bed05e0
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 YanXin Sun
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/sun8911879/shadowsocksR/README.md b/vendor/github.com/sun8911879/shadowsocksR/README.md
new file mode 100644
index 0000000..93938b4
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/README.md
@@ -0,0 +1,84 @@
+# shadowsocksR
+
+[shadowsocksR](https://github.com/sun8911879/shadowsocksR) is a shadowsocksR for Go library
+
+* shadowsocksR is based on [avege](https://github.com/avege/avege) and [shadowsocksR for Python](https://github.com/shadowsocksr-backup/shadowsocksr) changes.
+* Repair avege SSR communication BUG and streamline version. Is a normal use version.
+
+#### Use
+
+```go
+bi := &BackendInfo{
+ Address: "www.domain.com:445",
+ Type: "ssr",
+ SSInfo: SSInfo{
+ EncryptMethod: "aes-128-cfb",
+ EncryptPassword: "password",
+ SSRInfo: SSRInfo{
+ Protocol: "auth_aes128_sha1",
+ ProtocolParam: "",
+ Obfs: "tls1.2_ticket_auth",
+ ObfsParam: "",
+ },
+ },
+}
+dst, err := bi.DialSSRConn(rawaddr)
+bi.Pipe(src, dst)
+bi.Pipe(dst, src)
+```
+
+See 'example/client.go' for detailed usage.
+
+#### SS Encrypting algorithm
+
+* aes-128-cfb
+* aes-192-cfb
+* aes-256-cfb
+* aes-128-ctr
+* aes-192-ctr
+* aes-256-ctr
+* aes-128-ofb
+* aes-192-ofb
+* aes-256-ofb
+* des-cfb
+* bf-cfb
+* cast5-cfb
+* rc4-md5
+* chacha20
+* chacha20-ietf
+* salsa20
+* camellia-128-cfb
+* camellia-192-cfb
+* camellia-256-cfb
+* idea-cfb
+* rc2-cfb
+* seed-cfb
+
+#### SSR Obfs
+
+* plain
+* http_simple
+* http_post
+* random_head
+* tls1.2_ticket_auth
+
+#### SSR Protocol
+
+* origin
+* verify_sha1 aka. one time auth(OTA)
+* auth_sha1_v4
+* auth_aes128_md5
+* auth_aes128_sha1
+
+## Todo (help wanted)
+
+* Optimize performance
+
+### Thanks avege project
+* [avege](https://github.com/avege/avege)
+
+### Reference
+* [avege](https://github.com/avege/avege)
+* [shadowsocks-go](https://github.com/shadowsocks/shadowsocks-go)
+* [go-shadowsocks2](https://github.com/shadowsocks/go-shadowsocks2)
+* [ShadowsocksR](https://github.com/shadowsocksr-backup/shadowsocksr)
\ No newline at end of file
diff --git a/vendor/github.com/sun8911879/shadowsocksR/client.go b/vendor/github.com/sun8911879/shadowsocksR/client.go
new file mode 100644
index 0000000..2c3d7ad
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/client.go
@@ -0,0 +1,61 @@
+package shadowsocksr
+
+import (
+ "errors"
+ "net"
+ "net/url"
+ "strconv"
+ "strings"
+ "time"
+
+ "github.com/sun8911879/shadowsocksR/obfs"
+ "github.com/sun8911879/shadowsocksR/protocol"
+ "github.com/sun8911879/shadowsocksR/ssr"
+)
+
+func NewSSRClient(u *url.URL) (*SSTCPConn, error) {
+ query := u.Query()
+ encryptMethod := query.Get("encrypt-method")
+ encryptKey := query.Get("encrypt-key")
+ cipher, err := NewStreamCipher(encryptMethod, encryptKey)
+ if err != nil {
+ return nil, err
+ }
+
+ dialer := net.Dialer{
+ Timeout: time.Millisecond * 500,
+ DualStack: true,
+ }
+ conn, err := dialer.Dial("tcp", u.Host)
+ if err != nil {
+ return nil, err
+ }
+
+ ssconn := NewSSTCPConn(conn, cipher)
+ if ssconn.Conn == nil || ssconn.RemoteAddr() == nil {
+ return nil, errors.New("nil connection")
+ }
+
+ // should initialize obfs/protocol now
+ rs := strings.Split(ssconn.RemoteAddr().String(), ":")
+ port, _ := strconv.Atoi(rs[1])
+
+ ssconn.IObfs = obfs.NewObfs(query.Get("obfs"))
+ obfsServerInfo := &ssr.ServerInfoForObfs{
+ Host: rs[0],
+ Port: uint16(port),
+ TcpMss: 1460,
+ Param: query.Get("obfs-param"),
+ }
+ ssconn.IObfs.SetServerInfo(obfsServerInfo)
+ ssconn.IProtocol = protocol.NewProtocol(query.Get("protocol"))
+ protocolServerInfo := &ssr.ServerInfoForObfs{
+ Host: rs[0],
+ Port: uint16(port),
+ TcpMss: 1460,
+ Param: query.Get("protocol-param"),
+ }
+ ssconn.IProtocol.SetServerInfo(protocolServerInfo)
+
+ return ssconn, nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/encrypt.go b/vendor/github.com/sun8911879/shadowsocksR/encrypt.go
new file mode 100644
index 0000000..3f5e6b9
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/encrypt.go
@@ -0,0 +1,296 @@
+package shadowsocksr
+
+import (
+ "crypto/aes"
+ "crypto/cipher"
+ "crypto/des"
+ "crypto/md5"
+ "crypto/rand"
+ "crypto/rc4"
+ "encoding/binary"
+ "errors"
+
+ "github.com/sun8911879/shadowsocksR/tools"
+ "github.com/sun8911879/shadowsocksR/tools/leakybuf"
+
+ "github.com/Yawning/chacha20"
+ "github.com/dgryski/go-camellia"
+ "github.com/dgryski/go-idea"
+ "github.com/dgryski/go-rc2"
+ "golang.org/x/crypto/blowfish"
+ "golang.org/x/crypto/cast5"
+ "golang.org/x/crypto/salsa20/salsa"
+)
+
+var errEmptyPassword = errors.New("empty key")
+
+type DecOrEnc int
+
+const (
+ Decrypt DecOrEnc = iota
+ Encrypt
+)
+
+func newCTRStream(block cipher.Block, err error, key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ if err != nil {
+ return nil, err
+ }
+ return cipher.NewCTR(block, iv), nil
+}
+
+func newAESCTRStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := aes.NewCipher(key)
+ return newCTRStream(block, err, key, iv, doe)
+}
+
+func newOFBStream(block cipher.Block, err error, key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ if err != nil {
+ return nil, err
+ }
+ return cipher.NewCTR(block, iv), nil
+}
+
+func newAESOFBStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := aes.NewCipher(key)
+ return newOFBStream(block, err, key, iv, doe)
+}
+
+func newCFBStream(block cipher.Block, err error, key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ if err != nil {
+ return nil, err
+ }
+ if doe == Encrypt {
+ return cipher.NewCFBEncrypter(block, iv), nil
+ } else {
+ return cipher.NewCFBDecrypter(block, iv), nil
+ }
+}
+
+func newAESCFBStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := aes.NewCipher(key)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+func newDESStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := des.NewCipher(key)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+func newBlowFishStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := blowfish.NewCipher(key)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+func newCast5Stream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := cast5.NewCipher(key)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+func newRC4MD5Stream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+ h := md5.New()
+ h.Write(key)
+ h.Write(iv)
+ rc4key := h.Sum(nil)
+
+ return rc4.NewCipher(rc4key)
+}
+
+func newChaCha20Stream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+ return chacha20.NewCipher(key, iv)
+}
+
+func newChacha20IETFStream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+ return chacha20.NewCipher(key, iv)
+}
+
+type salsaStreamCipher struct {
+ nonce [8]byte
+ key [32]byte
+ counter int
+}
+
+func (c *salsaStreamCipher) XORKeyStream(dst, src []byte) {
+ var buf []byte
+ padLen := c.counter % 64
+ dataSize := len(src) + padLen
+ if cap(dst) >= dataSize {
+ buf = dst[:dataSize]
+ } else if leakybuf.GlobalLeakyBufSize >= dataSize {
+ buf = leakybuf.GlobalLeakyBuf.Get()
+ defer leakybuf.GlobalLeakyBuf.Put(buf)
+ buf = buf[:dataSize]
+ } else {
+ buf = make([]byte, dataSize)
+ }
+
+ var subNonce [16]byte
+ copy(subNonce[:], c.nonce[:])
+ binary.LittleEndian.PutUint64(subNonce[len(c.nonce):], uint64(c.counter/64))
+
+ // It's difficult to avoid data copy here. src or dst maybe slice from
+ // Conn.Read/Write, which can't have padding.
+ copy(buf[padLen:], src[:])
+ salsa.XORKeyStream(buf, buf, &subNonce, &c.key)
+ copy(dst, buf[padLen:])
+
+ c.counter += len(src)
+}
+
+func newSalsa20Stream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+ var c salsaStreamCipher
+ copy(c.nonce[:], iv[:8])
+ copy(c.key[:], key[:32])
+ return &c, nil
+}
+
+func newCamelliaStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := camellia.New(key)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+func newIdeaStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := idea.NewCipher(key)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+func newRC2Stream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := rc2.New(key, 16)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+func newSeedStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ // TODO: SEED block cipher implementation is required
+ block, err := rc2.New(key, 16)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+type cipherInfo struct {
+ keyLen int
+ ivLen int
+ newStream func(key, iv []byte, doe DecOrEnc) (cipher.Stream, error)
+}
+
+var streamCipherMethod = map[string]*cipherInfo{
+ "aes-128-cfb": {16, 16, newAESCFBStream},
+ "aes-192-cfb": {24, 16, newAESCFBStream},
+ "aes-256-cfb": {32, 16, newAESCFBStream},
+ "aes-128-ctr": {16, 16, newAESCTRStream},
+ "aes-192-ctr": {24, 16, newAESCTRStream},
+ "aes-256-ctr": {32, 16, newAESCTRStream},
+ "aes-128-ofb": {16, 16, newAESOFBStream},
+ "aes-192-ofb": {24, 16, newAESOFBStream},
+ "aes-256-ofb": {32, 16, newAESOFBStream},
+ "des-cfb": {8, 8, newDESStream},
+ "bf-cfb": {16, 8, newBlowFishStream},
+ "cast5-cfb": {16, 8, newCast5Stream},
+ "rc4-md5": {16, 16, newRC4MD5Stream},
+ "rc4-md5-6": {16, 6, newRC4MD5Stream},
+ "chacha20": {32, 8, newChaCha20Stream},
+ "chacha20-ietf": {32, 12, newChacha20IETFStream},
+ "salsa20": {32, 8, newSalsa20Stream},
+ "camellia-128-cfb": {16, 16, newCamelliaStream},
+ "camellia-192-cfb": {24, 16, newCamelliaStream},
+ "camellia-256-cfb": {32, 16, newCamelliaStream},
+ "idea-cfb": {16, 8, newIdeaStream},
+ "rc2-cfb": {16, 8, newRC2Stream},
+ "seed-cfb": {16, 8, newSeedStream},
+}
+
+func CheckCipherMethod(method string) error {
+ if method == "" {
+ method = "rc4-md5"
+ }
+ _, ok := streamCipherMethod[method]
+ if !ok {
+ return errors.New("Unsupported encryption method: " + method)
+ }
+ return nil
+}
+
+type StreamCipher struct {
+ enc cipher.Stream
+ dec cipher.Stream
+ key []byte
+ info *cipherInfo
+ iv []byte
+}
+
+// NewStreamCipher creates a cipher that can be used in Dial() etc.
+// Use cipher.Copy() to create a new cipher with the same method and password
+// to avoid the cost of repeated cipher initialization.
+func NewStreamCipher(method, password string) (c *StreamCipher, err error) {
+ if password == "" {
+ return nil, errEmptyPassword
+ }
+ if method == "" {
+ method = "rc4-md5"
+ }
+ mi, ok := streamCipherMethod[method]
+ if !ok {
+ return nil, errors.New("Unsupported encryption method: " + method)
+ }
+
+ key := tools.EVPBytesToKey(password, mi.keyLen)
+
+ c = &StreamCipher{key: key, info: mi}
+
+ if err != nil {
+ return nil, err
+ }
+ return c, nil
+}
+
+// Initializes the block cipher with CFB mode, returns IV.
+func (c *StreamCipher) initEncrypt() (iv []byte, err error) {
+ if c.iv == nil {
+ iv = make([]byte, c.info.ivLen)
+ rand.Read(iv)
+ c.iv = iv
+ } else {
+ iv = c.iv
+ }
+ c.enc, err = c.info.newStream(c.key, iv, Encrypt)
+ return
+}
+
+func (c *StreamCipher) initDecrypt(iv []byte) (err error) {
+ c.dec, err = c.info.newStream(c.key, iv, Decrypt)
+ return
+}
+
+func (c *StreamCipher) encrypt(dst, src []byte) {
+ c.enc.XORKeyStream(dst, src)
+}
+
+func (c *StreamCipher) decrypt(dst, src []byte) {
+ c.dec.XORKeyStream(dst, src)
+}
+
+// Copy creates a new cipher at it's initial state.
+func (c *StreamCipher) Copy() *StreamCipher {
+ // This optimization maybe not necessary. But without this function, we
+ // need to maintain a table cache for newTableCipher and use lock to
+ // protect concurrent access to that cache.
+
+ // AES and DES ciphers does not return specific types, so it's difficult
+ // to create copy. But their initialization time is less than 4000ns on my
+ // 2.26 GHz Intel Core 2 Duo processor. So no need to worry.
+
+ // Currently, blow-fish and cast5 initialization cost is an order of
+ // magnitude slower than other ciphers. (I'm not sure whether this is
+ // because the current implementation is not highly optimized, or this is
+ // the nature of the algorithm.)
+
+ nc := *c
+ nc.enc = nil
+ nc.dec = nil
+ return &nc
+}
+
+func (c *StreamCipher) Key() (key []byte, keyLen int) {
+ return c.key, c.info.keyLen
+}
+
+func (c *StreamCipher) IV() ([]byte, int) {
+ return c.iv, c.info.ivLen
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/base.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/base.go
new file mode 100644
index 0000000..a57732e
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/obfs/base.go
@@ -0,0 +1,35 @@
+package obfs
+
+import (
+ "strings"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+)
+
+type creator func() IObfs
+
+var (
+ creatorMap = make(map[string]creator)
+)
+
+type IObfs interface {
+ SetServerInfo(s *ssr.ServerInfoForObfs)
+ GetServerInfo() (s *ssr.ServerInfoForObfs)
+ Encode(data []byte) ([]byte, error)
+ Decode(data []byte) ([]byte, uint64, error)
+ SetData(data interface{})
+ GetData() interface{}
+}
+
+func register(name string, c creator) {
+ creatorMap[name] = c
+}
+
+// NewObfs create an obfs object by name and return as an IObfs interface
+func NewObfs(name string) IObfs {
+ c, ok := creatorMap[strings.ToLower(name)]
+ if ok {
+ return c()
+ }
+ return nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/http_post.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/http_post.go
new file mode 100644
index 0000000..46513d7
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/obfs/http_post.go
@@ -0,0 +1,19 @@
+package obfs
+
+import (
+ "math/rand"
+)
+
+func init() {
+ register("http_post", newHttpPost)
+}
+
+// newHttpPost create a http_post object
+func newHttpPost() IObfs {
+ // newHttpSimple create a http_simple object
+ t := &httpSimplePost{
+ userAgentIndex: rand.Intn(len(requestUserAgent)),
+ getOrPost: false,
+ }
+ return t
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/http_simple.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/http_simple.go
new file mode 100644
index 0000000..521a3e9
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/obfs/http_simple.go
@@ -0,0 +1,178 @@
+package obfs
+
+import (
+ "bytes"
+ "encoding/hex"
+ "fmt"
+ "math/rand"
+ "strings"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+)
+
+var (
+ requestPath = []string{
+ "", "",
+ "login.php?redir=", "",
+ "register.php?code=", "",
+ "s?ie=utf-8&f=8&rsv_bp=1&rsv_idx=1&ch=&bar=&wd=", "&rn=",
+ "post.php?id=", "&goto=view.php",
+ }
+ requestUserAgent = []string{
+ "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0",
+ "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/44.0",
+ "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
+ "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.10 Chromium/27.0.1453.93 Chrome/27.0.1453.93 Safari/537.36",
+ "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0",
+ "Mozilla/5.0 (compatible; WOW64; MSIE 10.0; Windows NT 6.2)",
+ "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27",
+ "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C)",
+ "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
+ "Mozilla/5.0 (Linux; Android 4.4; Nexus 5 Build/BuildID) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36",
+ "Mozilla/5.0 (iPad; CPU OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3",
+ "Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3",
+ }
+)
+
+// HttpSimple http_simple obfs encapsulate
+type httpSimplePost struct {
+ ssr.ServerInfoForObfs
+ rawTransSent bool
+ rawTransReceived bool
+ userAgentIndex int
+ getOrPost bool // true for get, false for post
+}
+
+func init() {
+ register("http_simple", newHttpSimple)
+}
+
+// newHttpSimple create a http_simple object
+func newHttpSimple() IObfs {
+ t := &httpSimplePost{
+ rawTransSent: false,
+ rawTransReceived: false,
+ userAgentIndex: rand.Intn(len(requestUserAgent)),
+ getOrPost: true,
+ }
+ return t
+}
+
+func (t *httpSimplePost) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ t.ServerInfoForObfs = *s
+}
+
+func (t *httpSimplePost) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &t.ServerInfoForObfs
+}
+
+func (t *httpSimplePost) SetData(data interface{}) {
+
+}
+
+func (t *httpSimplePost) GetData() interface{} {
+ return nil
+}
+
+func (t *httpSimplePost) boundary() (ret string) {
+ set := "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+ for i := 0; i < 32; i++ {
+ ret = fmt.Sprintf("%s%c", ret, set[rand.Intn(len(set))])
+ }
+ return
+}
+
+func (t *httpSimplePost) data2URLEncode(data []byte) (ret string) {
+ for i := 0; i < len(data); i++ {
+ ret = fmt.Sprintf("%s%%%s", ret, hex.EncodeToString([]byte{data[i]}))
+ }
+ return
+}
+
+func (t *httpSimplePost) Encode(data []byte) (encodedData []byte, err error) {
+ if t.rawTransSent {
+ return data, nil
+ }
+
+ dataLength := len(data)
+ var headData []byte
+ if headSize := t.IVLen + t.HeadLen; dataLength-headSize > 64 {
+ headData = make([]byte, headSize+rand.Intn(64))
+ } else {
+ headData = make([]byte, dataLength)
+ }
+ copy(headData, data[0:len(headData)])
+ requestPathIndex := rand.Intn(len(requestPath)/2) * 2
+ host := t.Host
+ var customHead string
+
+ if len(t.Param) > 0 {
+ customHeads := strings.Split(t.Param, "#")
+ if len(customHeads) > 2 {
+ customHeads = customHeads[0:2]
+ }
+ param := t.Param
+ if len(customHeads) > 1 {
+ customHead = customHeads[1]
+ param = customHeads[0]
+ }
+ hosts := strings.Split(param, ",")
+ if len(hosts) > 0 {
+ host = strings.TrimSpace(hosts[rand.Intn(len(hosts))])
+ }
+ }
+ method := "GET /"
+ if !t.getOrPost {
+ method = "POST /"
+ }
+ httpBuf := fmt.Sprintf("%s%s%s%s HTTP/1.1\r\nHost: %s:%d\r\n",
+ method,
+ requestPath[requestPathIndex],
+ t.data2URLEncode(headData),
+ requestPath[requestPathIndex+1],
+ host,
+ t.Port)
+ if len(customHead) > 0 {
+ httpBuf = httpBuf + strings.Replace(customHead, "\\n", "\r\n", -1) + "\r\n\r\n"
+ } else {
+ var contentType string
+ if !t.getOrPost {
+ contentType = "Content-Type: multipart/form-data; boundary=" + t.boundary() + "\r\n"
+ }
+ httpBuf = httpBuf +
+ "User-Agent: " + requestUserAgent[t.userAgentIndex] + "\r\n" +
+ "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" +
+ "Accept-Language: en-US,en;q=0.8\r\n" +
+ "Accept-Encoding: gzip, deflate\r\n" +
+ contentType +
+ "DNT: 1\r\n" +
+ "Connection: keep-alive\r\n" +
+ "\r\n"
+ }
+
+ if len(headData) < dataLength {
+ encodedData = make([]byte, len(httpBuf)+(dataLength-len(headData)))
+ copy(encodedData, []byte(httpBuf))
+ copy(encodedData[len(httpBuf):], data[len(headData):])
+ } else {
+ encodedData = []byte(httpBuf)
+ }
+ t.rawTransSent = true
+
+ return
+}
+
+func (t *httpSimplePost) Decode(data []byte) ([]byte, uint64, error) {
+ if t.rawTransReceived {
+ return data, 0, nil
+ }
+
+ pos := bytes.Index(data, []byte("\r\n\r\n"))
+ if pos > 0 {
+ decodedData := make([]byte, len(data)-pos-4)
+ copy(decodedData, data[pos+4:])
+ t.rawTransReceived = true
+ return decodedData, 0, nil
+ }
+ return nil, 0, nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/plain.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/plain.go
new file mode 100644
index 0000000..4ee2682
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/obfs/plain.go
@@ -0,0 +1,42 @@
+package obfs
+
+import (
+ "github.com/sun8911879/shadowsocksR/ssr"
+)
+
+func init() {
+ register("plain", newPlainObfs)
+}
+
+type plain struct {
+ ssr.ServerInfoForObfs
+}
+
+func newPlainObfs() IObfs {
+ p := &plain{}
+ return p
+}
+
+func (p *plain) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ p.ServerInfoForObfs = *s
+}
+
+func (p *plain) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &p.ServerInfoForObfs
+}
+
+func (p *plain) Encode(data []byte) (encodedData []byte, err error) {
+ return data, nil
+}
+
+func (p *plain) Decode(data []byte) ([]byte, uint64, error) {
+ return data, 0, nil
+}
+
+func (p *plain) SetData(data interface{}) {
+
+}
+
+func (p *plain) GetData() interface{} {
+ return nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/random_head.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/random_head.go
new file mode 100644
index 0000000..6e0366f
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/obfs/random_head.go
@@ -0,0 +1,79 @@
+package obfs
+
+import (
+ "math/rand"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+)
+
+type randomHead struct {
+ ssr.ServerInfoForObfs
+ rawTransSent bool
+ rawTransReceived bool
+ hasSentHeader bool
+ dataBuffer []byte
+}
+
+func init() {
+ register("random_head", newRandomHead)
+}
+
+func newRandomHead() IObfs {
+ p := &randomHead{}
+ return p
+}
+
+func (r *randomHead) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ r.ServerInfoForObfs = *s
+}
+
+func (r *randomHead) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &r.ServerInfoForObfs
+}
+
+func (r *randomHead) SetData(data interface{}) {
+
+}
+
+func (r *randomHead) GetData() interface{} {
+ return nil
+}
+
+func (r *randomHead) Encode(data []byte) (encodedData []byte, err error) {
+ if r.rawTransSent {
+ return data, nil
+ }
+
+ dataLength := len(data)
+ if r.hasSentHeader {
+ if dataLength > 0 {
+ d := make([]byte, len(r.dataBuffer)+dataLength)
+ copy(d, r.dataBuffer)
+ copy(d[len(r.dataBuffer):], data)
+ r.dataBuffer = d
+ } else {
+ encodedData = r.dataBuffer
+ r.dataBuffer = nil
+ r.rawTransSent = true
+ }
+ } else {
+ size := rand.Intn(96) + 8
+ encodedData = make([]byte, size)
+ rand.Read(encodedData)
+ ssr.SetCRC32(encodedData, size)
+
+ d := make([]byte, dataLength)
+ copy(d, data)
+ r.dataBuffer = d
+ }
+ r.hasSentHeader = true
+ return
+}
+
+func (r *randomHead) Decode(data []byte) ([]byte, uint64, error) {
+ if r.rawTransReceived {
+ return data, 0, nil
+ }
+ r.rawTransReceived = true
+ return data, 0, nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/tls12_ticket_auth.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/tls12_ticket_auth.go
new file mode 100644
index 0000000..847c2e6
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/obfs/tls12_ticket_auth.go
@@ -0,0 +1,279 @@
+package obfs
+
+import (
+ "crypto/hmac"
+ "encoding/binary"
+ "fmt"
+ "math/rand"
+ "strings"
+ "time"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+ "github.com/sun8911879/shadowsocksR/tools"
+)
+
+func init() {
+ register("tls1.2_ticket_auth", newTLS12TicketAuth)
+}
+
+type tlsAuthData struct {
+ localClientID [32]byte
+}
+
+// tls12TicketAuth tls1.2_ticket_auth obfs encapsulate
+type tls12TicketAuth struct {
+ ssr.ServerInfoForObfs
+ data *tlsAuthData
+ sendID int
+ handshakeStatus int
+ sendBuffer []byte
+}
+
+// newTLS12TicketAuth create a tlv1.2_ticket_auth object
+func newTLS12TicketAuth() IObfs {
+ return &tls12TicketAuth{}
+}
+
+func (t *tls12TicketAuth) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ t.ServerInfoForObfs = *s
+}
+
+func (t *tls12TicketAuth) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &t.ServerInfoForObfs
+}
+
+func (t *tls12TicketAuth) SetData(data interface{}) {
+ if auth, ok := data.(*tlsAuthData); ok {
+ t.data = auth
+ }
+}
+
+func (t *tls12TicketAuth) GetData() interface{} {
+ if t.data == nil {
+ t.data = &tlsAuthData{}
+ b := make([]byte, 32)
+ rand.Read(b)
+ copy(t.data.localClientID[:], b)
+ }
+ return t.data
+}
+
+func (t *tls12TicketAuth) getHost() string {
+ host := t.Host
+ if len(t.Param) > 0 {
+ hosts := strings.Split(t.Param, ",")
+ if len(hosts) > 0 {
+ host = hosts[rand.Intn(len(hosts))]
+ host = strings.TrimSpace(host)
+ }
+ }
+ if len(host) > 0 && host[len(host)-1] >= byte('0') && host[len(host)-1] <= byte('9') && len(t.Param) == 0 {
+ host = ""
+ }
+ return host
+}
+
+func (t *tls12TicketAuth) Encode(data []byte) (encodedData []byte, err error) {
+ if t.handshakeStatus == -1 {
+ return data, nil
+ }
+ dataLength := len(data)
+
+ if t.handshakeStatus == 8 {
+ encodedData = make([]byte, dataLength+4096)
+ start := 0
+ outLength := 0
+
+ for t.sendID <= 4 && dataLength-start > 256 {
+ length := rand.Intn(512) + 64
+ if length > dataLength-start {
+ length = dataLength - start
+ }
+ copy(encodedData[outLength:], []byte{0x17, 0x3, 0x3})
+ binary.BigEndian.PutUint16(encodedData[outLength+3:], uint16(length&0xFFFF))
+ copy(encodedData[outLength+5:], data[start:start+length])
+ start += length
+ outLength += length + 5
+ t.sendID++
+ }
+ for dataLength-start > 2048 {
+ length := rand.Intn(3990) + 100
+ if length > dataLength-start {
+ length = dataLength - start
+ }
+ copy(encodedData[outLength:], []byte{0x17, 0x3, 0x3})
+ binary.BigEndian.PutUint16(encodedData[outLength+3:], uint16(length&0xFFFF))
+ copy(encodedData[outLength+5:], data[start:start+length])
+ start += length
+ outLength += length + 5
+ t.sendID++
+ }
+ if dataLength-start > 0 {
+ length := dataLength - start
+ copy(encodedData[outLength:], []byte{0x17, 0x3, 0x3})
+ binary.BigEndian.PutUint16(encodedData[outLength+3:], uint16(length&0xFFFF))
+ copy(encodedData[outLength+5:], data[start:start+length])
+ // not necessary to update variable *start* any more
+ outLength += length + 5
+ t.sendID++
+ }
+ encodedData = encodedData[:outLength]
+ return
+ }
+
+ if t.handshakeStatus == 1 {
+ //outLength := 0
+ if dataLength > 0 {
+ b := make([]byte, len(t.sendBuffer)+dataLength+5)
+ copy(b, t.sendBuffer)
+ copy(b[len(t.sendBuffer):], []byte{0x17, 0x3, 0x3})
+ binary.BigEndian.PutUint16(b[len(t.sendBuffer)+3:], uint16(dataLength&0xFFFF))
+ copy(b[len(t.sendBuffer)+5:], data)
+ t.sendBuffer = b
+ return []byte{}, nil
+ }
+
+ hmacData := make([]byte, 43)
+ rnd := make([]byte, 22)
+ rand.Read(rnd)
+
+ handshakeFinish := []byte("\x14\x03\x03\x00\x01\x01\x16\x03\x03\x00\x20")
+ copy(hmacData, handshakeFinish)
+ copy(hmacData[len(handshakeFinish):], rnd)
+
+ h := t.hmacSHA1(hmacData[:33])
+ copy(hmacData[33:], h)
+
+ encodedData = make([]byte, len(hmacData)+len(t.sendBuffer))
+ copy(encodedData, hmacData)
+ copy(encodedData[len(hmacData):], t.sendBuffer)
+ t.sendBuffer = nil
+ t.handshakeStatus = 8
+
+ return
+ }
+
+ rnd := t.packAuthData()
+
+ tlsData0 := []byte("\x00\x1c\xc0\x2b\xc0\x2f\xcc\xa9\xcc\xa8\xcc\x14\xcc\x13\xc0\x0a\xc0\x14\xc0\x09\xc0\x13\x00\x9c\x00\x35\x00\x2f\x00\x0a\x01\x00")
+ tlsData1 := []byte("\xff\x01\x00\x01\x00")
+ tlsData2 := []byte("\x00\x17\x00\x00\x00\x23\x00\xd0")
+ tlsData3 := []byte("\x00\x0d\x00\x16\x00\x14\x06\x01\x06\x03\x05\x01\x05\x03\x04\x01\x04\x03\x03\x01\x03\x03\x02\x01\x02\x03\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\x12\x00\x00\x75\x50\x00\x00\x00\x0b\x00\x02\x01\x00\x00\x0a\x00\x06\x00\x04\x00\x17\x00\x18" +
+ "\x00\x15\x00\x66\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
+
+ var sslBuf []byte
+ sslBuf = append(sslBuf, rnd...)
+ sslBuf = append(sslBuf, byte(32))
+ sslBuf = append(sslBuf, t.data.localClientID[:]...)
+ sslBuf = append(sslBuf, tlsData0...)
+
+ var extBuf []byte
+ extBuf = append(extBuf, tlsData1...)
+
+ host := t.getHost()
+
+ extBuf = append(extBuf, t.sni(host)...)
+ extBuf = append(extBuf, tlsData2...)
+ ticket := make([]byte, 208)
+ rand.Read(ticket)
+ extBuf = append(extBuf, ticket...)
+ extBuf = append(extBuf, tlsData3...)
+ extBuf = append([]byte{byte(len(extBuf) / 256), byte(len(extBuf) % 256)}, extBuf...)
+
+ sslBuf = append(sslBuf, extBuf...)
+ // client version
+ sslBuf = append([]byte{3, 3}, sslBuf...)
+ // length
+ sslBuf = append([]byte{1, 0, byte(len(sslBuf) / 256), byte(len(sslBuf) % 256)}, sslBuf...)
+ // length
+ sslBuf = append([]byte{byte(len(sslBuf) / 256), byte(len(sslBuf) % 256)}, sslBuf...)
+ // version
+ sslBuf = append([]byte{0x16, 3, 1}, sslBuf...)
+
+ encodedData = sslBuf
+
+ d := make([]byte, dataLength+5)
+ copy(d[0:], []byte{0x17, 0x3, 0x3})
+ binary.BigEndian.PutUint16(d[3:], uint16(dataLength&0xFFFF))
+ copy(d[5:], data)
+ b := make([]byte, len(t.sendBuffer)+len(d))
+ copy(b, t.sendBuffer)
+ copy(b[len(t.sendBuffer):], d)
+ t.sendBuffer = b
+
+ t.handshakeStatus = 1
+
+ return
+}
+
+func (t *tls12TicketAuth) Decode(data []byte) ([]byte, uint64, error) {
+ if t.handshakeStatus == -1 {
+ return data, 0, nil
+ }
+ dataLength := len(data)
+
+ if t.handshakeStatus == 8 {
+ if dataLength < 5 {
+ return nil, 5, fmt.Errorf("data need minimum length: 5 ,data only length: %d", dataLength)
+ }
+ if data[0] != 0x17 {
+ return nil, 0, ssr.ErrTLS12TicketAuthIncorrectMagicNumber
+ }
+ size := int(binary.BigEndian.Uint16(data[3:5]))
+ if size+5 > dataLength {
+ return nil, uint64(size + 5), fmt.Errorf("unexpected data length: %d ,data only length: %d", size+5, dataLength)
+ }
+ if dataLength == size+5 {
+ return data[5:], 0, nil
+ }
+ return data[5 : 5+size], uint64(size + 5), nil
+ }
+
+ if dataLength < 11+32+1+32 {
+ return nil, 0, ssr.ErrTLS12TicketAuthTooShortData
+ }
+
+ hash := t.hmacSHA1(data[11 : 11+22])
+
+ if !hmac.Equal(data[33:33+ssr.ObfsHMACSHA1Len], hash) {
+ return nil, 0, ssr.ErrTLS12TicketAuthHMACError
+ }
+ return nil, 1, nil
+}
+
+func (t *tls12TicketAuth) packAuthData() (outData []byte) {
+ outSize := 32
+ outData = make([]byte, outSize)
+
+ now := time.Now().Unix()
+ binary.BigEndian.PutUint32(outData[0:4], uint32(now))
+
+ rand.Read(outData[4 : 4+18])
+
+ hash := t.hmacSHA1(outData[:outSize-ssr.ObfsHMACSHA1Len])
+ copy(outData[outSize-ssr.ObfsHMACSHA1Len:], hash)
+
+ return
+}
+
+func (t *tls12TicketAuth) hmacSHA1(data []byte) []byte {
+ key := make([]byte, t.KeyLen+32)
+ copy(key, t.Key)
+ copy(key[t.KeyLen:], t.data.localClientID[:])
+
+ sha1Data := tools.HmacSHA1(key, data)
+ return sha1Data[:ssr.ObfsHMACSHA1Len]
+}
+
+func (t *tls12TicketAuth) sni(u string) []byte {
+ bURL := []byte(u)
+ length := len(bURL)
+ ret := make([]byte, length+9)
+ copy(ret[9:9+length], bURL)
+ binary.BigEndian.PutUint16(ret[7:], uint16(length&0xFFFF))
+ length += 3
+ binary.BigEndian.PutUint16(ret[4:], uint16(length&0xFFFF))
+ length += 2
+ binary.BigEndian.PutUint16(ret[2:], uint16(length&0xFFFF))
+ return ret
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_md5.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_md5.go
new file mode 100644
index 0000000..818b78d
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_md5.go
@@ -0,0 +1,282 @@
+package protocol
+
+import (
+ "bytes"
+ "crypto/aes"
+ "crypto/cipher"
+ "encoding/base64"
+ "encoding/binary"
+ "math/rand"
+ "strconv"
+ "strings"
+ "time"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+ "github.com/sun8911879/shadowsocksR/tools"
+)
+
+type hmacMethod func(key []byte, data []byte) []byte
+type hashDigestMethod func(data []byte) []byte
+
+func init() {
+ register("auth_aes128_md5", NewAuthAES128MD5)
+}
+
+func NewAuthAES128MD5() IProtocol {
+ a := &authAES128{
+ salt: "auth_aes128_md5",
+ hmac: tools.HmacMD5,
+ hashDigest: tools.MD5Sum,
+ packID: 1,
+ recvInfo: recvInfo{
+ recvID: 1,
+ buffer: bytes.NewBuffer(nil),
+ },
+ data: &authData{
+ connectionID: 0xFF000001,
+ },
+ }
+ return a
+}
+
+type recvInfo struct {
+ recvID uint32
+ buffer *bytes.Buffer
+}
+
+type authAES128 struct {
+ ssr.ServerInfoForObfs
+ recvInfo
+ data *authData
+ hasSentHeader bool
+ packID uint32
+ userKey []byte
+ salt string
+ hmac hmacMethod
+ hashDigest hashDigestMethod
+}
+
+func (a *authAES128) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ a.ServerInfoForObfs = *s
+}
+
+func (a *authAES128) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &a.ServerInfoForObfs
+}
+
+func (a *authAES128) SetData(data interface{}) {
+ if auth, ok := data.(*authData); ok {
+ a.data = auth
+ }
+}
+
+func (a *authAES128) GetData() interface{} {
+ if a.data == nil {
+ a.data = &authData{}
+ }
+ return a.data
+}
+
+func (a *authAES128) packData(data []byte) (outData []byte) {
+ dataLength := len(data)
+ randLength := 1
+ if dataLength <= 1200 {
+ if a.packID > 4 {
+ randLength += rand.Intn(32)
+ } else {
+ if dataLength > 900 {
+ randLength += rand.Intn(128)
+ } else {
+ randLength += rand.Intn(512)
+ }
+ }
+ }
+
+ outLength := randLength + dataLength + 8
+ outData = make([]byte, outLength)
+ // 0~1, out length
+ binary.LittleEndian.PutUint16(outData[0:], uint16(outLength&0xFFFF))
+ // 2~3, hmac
+ key := make([]byte, len(a.userKey)+4)
+ copy(key, a.userKey)
+ binary.LittleEndian.PutUint32(key[len(key)-4:], a.packID)
+ h := a.hmac(key, outData[0:2])
+ copy(outData[2:4], h[:2])
+ // 4~rand length+4, rand number
+ rand.Read(outData[4 : 4+randLength])
+ // 4, rand length
+ if randLength < 128 {
+ outData[4] = byte(randLength & 0xFF)
+ } else {
+ // 4, magic number 0xFF
+ outData[4] = 0xFF
+ // 5~6, rand length
+ binary.LittleEndian.PutUint16(outData[5:], uint16(randLength&0xFFFF))
+ }
+ // rand length+4~out length-4, data
+ if dataLength > 0 {
+ copy(outData[randLength+4:], data)
+ }
+ a.packID++
+ h = a.hmac(key, outData[:outLength-4])
+ copy(outData[outLength-4:], h[:4])
+ return
+}
+
+func (a *authAES128) packAuthData(data []byte) (outData []byte) {
+ dataLength := len(data)
+ var randLength int
+ if dataLength > 400 {
+ randLength = rand.Intn(512)
+ } else {
+ randLength = rand.Intn(1024)
+ }
+
+ dataOffset := randLength + 16 + 4 + 4 + 7
+ outLength := dataOffset + dataLength + 4
+ outData = make([]byte, outLength)
+ encrypt := make([]byte, 24)
+ key := make([]byte, a.IVLen+a.KeyLen)
+ copy(key, a.IV)
+ copy(key[a.IVLen:], a.Key)
+
+ rand.Read(outData[dataOffset-randLength:])
+
+ if a.data.connectionID > 0xFF000000 {
+ a.data.clientID = nil
+ }
+ if len(a.data.clientID) == 0 {
+ a.data.clientID = make([]byte, 4)
+ rand.Read(a.data.clientID)
+ b := make([]byte, 4)
+ rand.Read(b)
+ a.data.connectionID = binary.LittleEndian.Uint32(b) & 0xFFFFFF
+ }
+ a.data.connectionID++
+ copy(encrypt[4:], a.data.clientID)
+ binary.LittleEndian.PutUint32(encrypt[8:], a.data.connectionID)
+
+ now := time.Now().Unix()
+ binary.LittleEndian.PutUint32(encrypt[0:4], uint32(now))
+
+ binary.LittleEndian.PutUint16(encrypt[12:], uint16(outLength&0xFFFF))
+ binary.LittleEndian.PutUint16(encrypt[14:], uint16(randLength&0xFFFF))
+
+ params := strings.Split(a.Param, ":")
+ uid := make([]byte, 4)
+ if len(params) >= 2 {
+ if userID, err := strconv.ParseUint(params[0], 10, 32); err != nil {
+ rand.Read(uid)
+ } else {
+ binary.LittleEndian.PutUint32(uid, uint32(userID))
+ a.userKey = a.hashDigest([]byte(params[1]))
+ }
+ } else {
+ rand.Read(uid)
+ }
+
+ if a.userKey == nil {
+ a.userKey = make([]byte, a.KeyLen)
+ copy(a.userKey, a.Key)
+ }
+
+ encryptKey := make([]byte, len(a.userKey))
+ copy(encryptKey, a.userKey)
+
+ aesCipherKey := tools.EVPBytesToKey(base64.StdEncoding.EncodeToString(encryptKey)+a.salt, 16)
+ block, err := aes.NewCipher(aesCipherKey)
+ if err != nil {
+ return nil
+ }
+
+ encryptData := make([]byte, 16)
+ iv := make([]byte, aes.BlockSize)
+ cbc := cipher.NewCBCEncrypter(block, iv)
+ cbc.CryptBlocks(encryptData, encrypt[0:16])
+ copy(encrypt[4:4+16], encryptData)
+ copy(encrypt[0:4], uid)
+
+ h := a.hmac(key, encrypt[0:20])
+ copy(encrypt[20:], h[:4])
+
+ rand.Read(outData[0:1])
+ h = a.hmac(key, outData[0:1])
+ copy(outData[1:], h[0:7-1])
+
+ copy(outData[7:], encrypt)
+ copy(outData[dataOffset:], data)
+
+ h = a.hmac(a.userKey, outData[0:outLength-4])
+ copy(outData[outLength-4:], h[:4])
+
+ return
+}
+
+func (a *authAES128) PreEncrypt(plainData []byte) (outData []byte, err error) {
+ dataLength := len(plainData)
+ offset := 0
+ if !a.hasSentHeader {
+ authLength := dataLength
+ if authLength > 1200 {
+ authLength = 1200
+ }
+ packData := a.packAuthData(plainData[:authLength])
+ a.hasSentHeader = true
+ outData = append(outData, packData...)
+ dataLength -= authLength
+ offset += authLength
+ }
+ const blockSize = 4096
+ for dataLength > blockSize {
+ packData := a.packData(plainData[offset : offset+blockSize])
+ outData = append(outData, packData...)
+ dataLength -= blockSize
+ offset += blockSize
+ }
+ if dataLength > 0 {
+ packData := a.packData(plainData[offset:])
+ outData = append(outData, packData...)
+ }
+
+ return
+}
+
+func (a *authAES128) PostDecrypt(plainData []byte) ([]byte, int, error) {
+ a.buffer.Reset()
+ plainLength := len(plainData)
+ datalength := plainLength
+ readlenth := 0
+ key := make([]byte, len(a.userKey)+4)
+ copy(key, a.userKey)
+ for plainLength > 4 {
+ binary.LittleEndian.PutUint32(key[len(key)-4:], a.recvID)
+
+ h := a.hmac(key, plainData[0:2])
+ if h[0] != plainData[2] || h[1] != plainData[3] {
+ return nil, 0, ssr.ErrAuthAES128HMACError
+ }
+ length := int(binary.LittleEndian.Uint16(plainData[0:2]))
+ if length >= 8192 || length < 8 {
+ return nil, 0, ssr.ErrAuthAES128DataLengthError
+ }
+ if length > plainLength {
+ break
+ }
+ a.recvID++
+ pos := int(plainData[4])
+ if pos < 255 {
+ pos += 4
+ } else {
+ pos = int(binary.LittleEndian.Uint16(plainData[5:7])) + 4
+ }
+
+ a.buffer.Write(plainData[pos : length-4])
+ plainData = plainData[length:]
+ plainLength -= length
+ readlenth += length
+ }
+ if datalength == readlenth {
+ readlenth = -1
+ }
+ return a.buffer.Bytes(), readlenth, nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_sha1.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_sha1.go
new file mode 100644
index 0000000..c6c2b0e
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_sha1.go
@@ -0,0 +1,28 @@
+package protocol
+
+import (
+ "bytes"
+
+ "github.com/sun8911879/shadowsocksR/tools"
+)
+
+func init() {
+ register("auth_aes128_sha1", NewAuthAES128SHA1)
+}
+
+func NewAuthAES128SHA1() IProtocol {
+ a := &authAES128{
+ salt: "auth_aes128_sha1",
+ hmac: tools.HmacSHA1,
+ hashDigest: tools.SHA1Sum,
+ packID: 1,
+ recvInfo: recvInfo{
+ recvID: 1,
+ buffer: bytes.NewBuffer(nil),
+ },
+ data: &authData{
+ connectionID: 0xFF000001,
+ },
+ }
+ return a
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_sha1_v4.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_sha1_v4.go
new file mode 100644
index 0000000..ffec01b
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_sha1_v4.go
@@ -0,0 +1,232 @@
+package protocol
+
+import (
+ "encoding/binary"
+ "math/rand"
+ "time"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+ "github.com/sun8911879/shadowsocksR/tools"
+)
+
+func init() {
+ register("auth_sha1_v4", NewAuthSHA1v4)
+}
+
+type authSHA1v4 struct {
+ ssr.ServerInfoForObfs
+ data *authData
+ hasSentHeader bool
+ recvBuffer []byte
+ recvBufferLength int
+}
+
+func NewAuthSHA1v4() IProtocol {
+ a := &authSHA1v4{}
+ return a
+}
+
+func (a *authSHA1v4) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ a.ServerInfoForObfs = *s
+}
+
+func (a *authSHA1v4) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &a.ServerInfoForObfs
+}
+
+func (a *authSHA1v4) SetData(data interface{}) {
+ if auth, ok := data.(*authData); ok {
+ a.data = auth
+ }
+}
+
+func (a *authSHA1v4) GetData() interface{} {
+ if a.data == nil {
+ a.data = &authData{}
+ }
+ return a.data
+}
+
+func (a *authSHA1v4) packData(data []byte) (outData []byte) {
+ dataLength := len(data)
+ randLength := 1
+ if dataLength <= 1300 {
+ if dataLength > 400 {
+ randLength += rand.Intn(128)
+ } else {
+ randLength += rand.Intn(1024)
+ }
+ }
+
+ outLength := randLength + dataLength + 8
+ outData = make([]byte, outLength)
+ // 0~1, out length
+ binary.BigEndian.PutUint16(outData[0:2], uint16(outLength&0xFFFF))
+ // 2~3, crc of out length
+ crc32 := ssr.CalcCRC32(outData, 2, 0xFFFFFFFF)
+ binary.LittleEndian.PutUint16(outData[2:4], uint16(crc32&0xFFFF))
+ // 4~rand length+4, rand number
+ rand.Read(outData[4 : 4+randLength])
+ // 4, rand length
+ if randLength < 128 {
+ outData[4] = byte(randLength & 0xFF)
+ } else {
+ // 4, magic number 0xFF
+ outData[4] = 0xFF
+ // 5~6, rand length
+ binary.BigEndian.PutUint16(outData[5:], uint16(randLength&0xFFFF))
+ }
+ // rand length+4~out length-4, data
+ if dataLength > 0 {
+ copy(outData[randLength+4:], data)
+ }
+ // out length-4~end, adler32 of full data
+ adler := ssr.CalcAdler32(outData[:outLength-4])
+ binary.LittleEndian.PutUint32(outData[outLength-4:], adler)
+
+ return outData
+}
+
+func (a *authSHA1v4) packAuthData(data []byte) (outData []byte) {
+ dataLength := len(data)
+ randLength := 1
+ if dataLength <= 1300 {
+ if dataLength > 400 {
+ randLength += rand.Intn(128)
+ } else {
+ randLength += rand.Intn(1024)
+ }
+ }
+ dataOffset := randLength + 4 + 2
+ outLength := dataOffset + dataLength + 12 + ssr.ObfsHMACSHA1Len
+ outData = make([]byte, outLength)
+
+ a.data.connectionID++
+ if a.data.connectionID > 0xFF000000 {
+ a.data.clientID = nil
+ }
+ if len(a.data.clientID) == 0 {
+ a.data.clientID = make([]byte, 8)
+ rand.Read(a.data.clientID)
+ b := make([]byte, 4)
+ rand.Read(b)
+ a.data.connectionID = binary.LittleEndian.Uint32(b) & 0xFFFFFF
+ }
+ // 0-1, out length
+ binary.BigEndian.PutUint16(outData[0:], uint16(outLength&0xFFFF))
+
+ // 2~6, crc of out length+salt+key
+ salt := []byte("auth_sha1_v4")
+ crcData := make([]byte, len(salt)+a.KeyLen+2)
+ copy(crcData[0:2], outData[0:2])
+ copy(crcData[2:], salt)
+ copy(crcData[2+len(salt):], a.Key)
+ crc32 := ssr.CalcCRC32(crcData, len(crcData), 0xFFFFFFFF)
+ // 2~6, crc of out length+salt+key
+ binary.LittleEndian.PutUint32(outData[2:], crc32)
+ // 6~rand length+6, rand numbers
+ rand.Read(outData[dataOffset-randLength : dataOffset])
+ // 6, rand length
+ if randLength < 128 {
+ outData[6] = byte(randLength & 0xFF)
+ } else {
+ // 6, magic number 0xFF
+ outData[6] = 0xFF
+ // 7-8, rand length
+ binary.BigEndian.PutUint16(outData[7:], uint16(randLength&0xFFFF))
+ }
+ // rand length+6~rand length+10, time stamp
+ now := time.Now().Unix()
+ binary.LittleEndian.PutUint32(outData[dataOffset:dataOffset+4], uint32(now))
+ // rand length+10~rand length+14, client ID
+ copy(outData[dataOffset+4:dataOffset+4+4], a.data.clientID[0:4])
+ // rand length+14~rand length+18, connection ID
+ binary.LittleEndian.PutUint32(outData[dataOffset+8:dataOffset+8+4], a.data.connectionID)
+ // rand length+18~rand length+18+data length, data
+ copy(outData[dataOffset+12:], data)
+
+ key := make([]byte, a.IVLen+a.KeyLen)
+ copy(key, a.IV)
+ copy(key[a.IVLen:], a.Key)
+
+ h := tools.HmacSHA1(key, outData[:outLength-ssr.ObfsHMACSHA1Len])
+ // out length-10~out length/rand length+18+data length~end, hmac
+ copy(outData[outLength-ssr.ObfsHMACSHA1Len:], h[0:ssr.ObfsHMACSHA1Len])
+
+ return outData
+}
+
+func (a *authSHA1v4) PreEncrypt(plainData []byte) (outData []byte, err error) {
+ dataLength := len(plainData)
+ offset := 0
+ if !a.hasSentHeader && dataLength > 0 {
+ authLength := dataLength
+ if headSize := ssr.GetHeadSize(plainData, 30); headSize <= dataLength {
+ authLength = headSize
+ }
+ packData := a.packAuthData(plainData[:authLength])
+ a.hasSentHeader = true
+ outData = append(outData, packData...)
+ dataLength -= authLength
+ offset += authLength
+ }
+ const blockSize = 4096
+ for dataLength > blockSize {
+ packData := a.packData(plainData[offset : offset+blockSize])
+ outData = append(outData, packData...)
+ dataLength -= blockSize
+ offset += blockSize
+ }
+ if dataLength > 0 {
+ packData := a.packData(plainData[offset:])
+ outData = append(outData, packData...)
+ }
+
+ return
+}
+
+func (a *authSHA1v4) PostDecrypt(plainData []byte) ([]byte, int, error) {
+ var outData []byte
+ dataLength := len(plainData)
+ b := make([]byte, len(a.recvBuffer)+dataLength)
+ copy(b, a.recvBuffer)
+ copy(b[len(a.recvBuffer):], plainData)
+ a.recvBuffer = b
+ a.recvBufferLength = len(b)
+ for a.recvBufferLength > 4 {
+ crc32 := ssr.CalcCRC32(a.recvBuffer, 2, 0xFFFFFFFF)
+ if binary.LittleEndian.Uint16(a.recvBuffer[2:4]) != uint16(crc32&0xFFFF) {
+ return nil, 0, ssr.ErrAuthSHA1v4CRC32Error
+ }
+ length := int(binary.BigEndian.Uint16(a.recvBuffer[0:2]))
+ if length >= 8192 || length < 8 {
+ a.recvBufferLength = 0
+ a.recvBuffer = nil
+ return nil, 0, ssr.ErrAuthSHA1v4DataLengthError
+ }
+ if length > a.recvBufferLength {
+ break
+ }
+
+ if ssr.CheckAdler32(a.recvBuffer, length) {
+ pos := int(a.recvBuffer[4])
+ if pos != 0xFF {
+ pos += 4
+ } else {
+ pos = int(binary.BigEndian.Uint16(a.recvBuffer[5:5+2])) + 4
+ }
+ outLength := length - pos - 4
+ b = make([]byte, len(outData)+outLength)
+ copy(b, outData)
+ copy(b[len(outData):], a.recvBuffer[pos:pos+outLength])
+ outData = b
+ a.recvBufferLength -= length
+ a.recvBuffer = a.recvBuffer[length:]
+ } else {
+ a.recvBufferLength = 0
+ a.recvBuffer = nil
+ return nil, 0, ssr.ErrAuthSHA1v4IncorrectChecksum
+ }
+ }
+ return outData, 0, nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/base.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/base.go
new file mode 100644
index 0000000..4fff0aa
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/protocol/base.go
@@ -0,0 +1,39 @@
+package protocol
+
+import (
+ "strings"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+)
+
+type creator func() IProtocol
+
+var (
+ creatorMap = make(map[string]creator)
+)
+
+type IProtocol interface {
+ SetServerInfo(s *ssr.ServerInfoForObfs)
+ GetServerInfo() *ssr.ServerInfoForObfs
+ PreEncrypt(data []byte) ([]byte, error)
+ PostDecrypt(data []byte) ([]byte, int, error)
+ SetData(data interface{})
+ GetData() interface{}
+}
+
+type authData struct {
+ clientID []byte
+ connectionID uint32
+}
+
+func register(name string, c creator) {
+ creatorMap[name] = c
+}
+
+func NewProtocol(name string) IProtocol {
+ c, ok := creatorMap[strings.ToLower(name)]
+ if ok {
+ return c()
+ }
+ return nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/origin.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/origin.go
new file mode 100644
index 0000000..8dd1851
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/protocol/origin.go
@@ -0,0 +1,42 @@
+package protocol
+
+import (
+ "github.com/sun8911879/shadowsocksR/ssr"
+)
+
+func init() {
+ register("origin", NewOrigin)
+}
+
+type origin struct {
+ ssr.ServerInfoForObfs
+}
+
+func NewOrigin() IProtocol {
+ a := &origin{}
+ return a
+}
+
+func (o *origin) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ o.ServerInfoForObfs = *s
+}
+
+func (o *origin) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &o.ServerInfoForObfs
+}
+
+func (o *origin) PreEncrypt(data []byte) (encryptedData []byte, err error) {
+ return data, nil
+}
+
+func (o *origin) PostDecrypt(data []byte) ([]byte, int, error) {
+ return data, 0, nil
+}
+
+func (o *origin) SetData(data interface{}) {
+
+}
+
+func (o *origin) GetData() interface{} {
+ return nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/verify_sha1.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/verify_sha1.go
new file mode 100644
index 0000000..42543e5
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/protocol/verify_sha1.go
@@ -0,0 +1,101 @@
+package protocol
+
+import (
+ "bytes"
+ "encoding/binary"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+ "github.com/sun8911879/shadowsocksR/tools"
+)
+
+func init() {
+ register("verify_sha1", NewVerifySHA1)
+ register("ota", NewVerifySHA1)
+}
+
+type verifySHA1 struct {
+ ssr.ServerInfoForObfs
+ hasSentHeader bool
+ chunkId uint32
+}
+
+const (
+ oneTimeAuthMask byte = 0x10
+)
+
+func NewVerifySHA1() IProtocol {
+ a := &verifySHA1{}
+ return a
+}
+
+func (v *verifySHA1) otaConnectAuth(data []byte) []byte {
+ return append(data, tools.HmacSHA1(append(v.IV, v.Key...), data)...)
+}
+
+func (v *verifySHA1) otaReqChunkAuth(chunkId uint32, data []byte) []byte {
+ nb := make([]byte, 2)
+ binary.BigEndian.PutUint16(nb, uint16(len(data)))
+ chunkIdBytes := make([]byte, 4)
+ binary.BigEndian.PutUint32(chunkIdBytes, chunkId)
+ header := append(nb, tools.HmacSHA1(append(v.IV, chunkIdBytes...), data)...)
+ return append(header, data...)
+}
+
+func (v *verifySHA1) otaVerifyAuth(iv []byte, chunkId uint32, data []byte, expectedHmacSha1 []byte) bool {
+ chunkIdBytes := make([]byte, 4)
+ binary.BigEndian.PutUint32(chunkIdBytes, chunkId)
+ actualHmacSha1 := tools.HmacSHA1(append(iv, chunkIdBytes...), data)
+ return bytes.Equal(expectedHmacSha1, actualHmacSha1)
+}
+
+func (v *verifySHA1) getAndIncreaseChunkId() (chunkId uint32) {
+ chunkId = v.chunkId
+ v.chunkId += 1
+ return
+}
+
+func (v *verifySHA1) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ v.ServerInfoForObfs = *s
+}
+
+func (v *verifySHA1) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &v.ServerInfoForObfs
+}
+
+func (v *verifySHA1) SetData(data interface{}) {
+
+}
+
+func (v *verifySHA1) GetData() interface{} {
+ return nil
+}
+
+func (v *verifySHA1) PreEncrypt(data []byte) (encryptedData []byte, err error) {
+ dataLength := len(data)
+ offset := 0
+ if !v.hasSentHeader {
+ data[0] |= oneTimeAuthMask
+ encryptedData = v.otaConnectAuth(data[:v.HeadLen])
+ v.hasSentHeader = true
+ dataLength -= v.HeadLen
+ offset += v.HeadLen
+ }
+ const blockSize = 4096
+ for dataLength > blockSize {
+ chunkId := v.getAndIncreaseChunkId()
+ b := v.otaReqChunkAuth(chunkId, data[offset:offset+blockSize])
+ encryptedData = append(encryptedData, b...)
+ dataLength -= blockSize
+ offset += blockSize
+ }
+ if dataLength > 0 {
+ chunkId := v.getAndIncreaseChunkId()
+ b := v.otaReqChunkAuth(chunkId, data[offset:])
+ encryptedData = append(encryptedData, b...)
+ }
+ return
+}
+
+func (v *verifySHA1) PostDecrypt(data []byte) ([]byte, int, error) {
+ return data, 0, nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/ssr/adler32.go b/vendor/github.com/sun8911879/shadowsocksR/ssr/adler32.go
new file mode 100644
index 0000000..6bda937
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/ssr/adler32.go
@@ -0,0 +1,31 @@
+package ssr
+
+import "encoding/binary"
+
+func calcShortAdler32(input []byte, a, b uint32) (uint32, uint32) {
+ for _, i := range input {
+ a += uint32(i)
+ b += a
+ }
+ a %= 65521
+ b %= 65521
+ return a, b
+}
+
+func CalcAdler32(input []byte) uint32 {
+ var a uint32 = 1
+ var b uint32 = 0
+ const nMax = 5552
+ for length := len(input); length > nMax; length -= nMax {
+ a, b = calcShortAdler32(input[:nMax], a, b)
+ input = input[nMax:]
+ }
+ a, b = calcShortAdler32(input, a, b)
+ return (b << 16) + a
+}
+
+func CheckAdler32(input []byte, l int) bool {
+ adler32 := CalcAdler32(input[:l-4])
+ checksum := binary.LittleEndian.Uint32(input[l-4:])
+ return adler32 == checksum
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/ssr/crc32.go b/vendor/github.com/sun8911879/shadowsocksR/ssr/crc32.go
new file mode 100644
index 0000000..9cf6cc6
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/ssr/crc32.go
@@ -0,0 +1,52 @@
+package ssr
+
+import "encoding/binary"
+
+var (
+ crc32Table = make([]uint32, 256)
+)
+
+func init() {
+ createCRC32Table()
+}
+
+func createCRC32Table() {
+ for i := 0; i < 256; i++ {
+ crc := uint32(i)
+ for j := 8; j > 0; j-- {
+ if crc&1 == 1 {
+ crc = (crc >> 1) ^ 0xEDB88320
+ } else {
+ crc >>= 1
+ }
+ }
+ crc32Table[i] = crc
+ }
+}
+
+func CalcCRC32(input []byte, length int, value uint32) uint32 {
+ value = 0xFFFFFFFF
+ return DoCalcCRC32(input, 0, length, value)
+}
+
+func DoCalcCRC32(input []byte, index int, length int, value uint32) uint32 {
+ buffer := input
+ for i := index; i < length; i++ {
+ value = (value >> 8) ^ crc32Table[byte(value&0xFF)^buffer[i]]
+ }
+ return value ^ 0xFFFFFFFF
+}
+
+func DoSetCRC32(buffer []byte, index int, length int) {
+ crc := CalcCRC32(buffer[:length-4], length-4, 0xFFFFFFFF)
+ binary.LittleEndian.PutUint32(buffer[length-4:], crc^0xFFFFFFFF)
+}
+
+func SetCRC32(buffer []byte, length int) {
+ DoSetCRC32(buffer, 0, length)
+}
+
+func CheckCRC32(buffer []byte, length int) bool {
+ crc := CalcCRC32(buffer, length, 0xFFFFFFFF)
+ return crc == 0xFFFFFFFF
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/ssr/obfs.go b/vendor/github.com/sun8911879/shadowsocksR/ssr/obfs.go
new file mode 100644
index 0000000..cee94a2
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/ssr/obfs.go
@@ -0,0 +1,55 @@
+package ssr
+
+import "errors"
+
+const ObfsHMACSHA1Len = 10
+
+var (
+ ErrAuthSHA1v4CRC32Error = errors.New("auth_sha1_v4 post decrypt data crc32 error")
+ ErrAuthSHA1v4DataLengthError = errors.New("auth_sha1_v4 post decrypt data length error")
+ ErrAuthSHA1v4IncorrectChecksum = errors.New("auth_sha1_v4 post decrypt incorrect checksum")
+ ErrAuthAES128HMACError = errors.New("auth_aes128_* post decrypt hmac error")
+ ErrAuthAES128DataLengthError = errors.New("auth_aes128_* post decrypt length mismatch")
+ ErrAuthAES128IncorrectChecksum = errors.New("auth_aes128_* post decrypt incorrect checksum")
+ ErrTLS12TicketAuthTooShortData = errors.New("tls1.2_ticket_auth too short data")
+ ErrTLS12TicketAuthHMACError = errors.New("tls1.2_ticket_auth hmac verifying failed")
+ ErrTLS12TicketAuthIncorrectMagicNumber = errors.New("tls1.2_ticket_auth incorrect magic number")
+)
+
+type ServerInfoForObfs struct {
+ Host string
+ Port uint16
+ Param string
+ IV []byte
+ IVLen int
+ RecvIV []byte
+ RecvIVLen int
+ Key []byte
+ KeyLen int
+ HeadLen int
+ TcpMss int
+}
+
+func GetHeadSize(data []byte, defaultValue int) int {
+ if data == nil || len(data) < 2 {
+ return defaultValue
+ }
+ headType := data[0] & 0x07
+ switch headType {
+ case 1:
+ // IPv4 1+4+2
+ return 7
+ case 4:
+ // IPv6 1+16+2
+ return 19
+ case 3:
+ // domain name, variant length
+ return 4 + int(data[1])
+ }
+
+ return defaultValue
+}
+
+func (s *ServerInfoForObfs) SetHeadLen(data []byte, defaultValue int) {
+ s.HeadLen = GetHeadSize(data, defaultValue)
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/tcp.go b/vendor/github.com/sun8911879/shadowsocksR/tcp.go
new file mode 100644
index 0000000..4e86d98
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/tcp.go
@@ -0,0 +1,251 @@
+package shadowsocksr
+
+import (
+ "bytes"
+ "fmt"
+ "net"
+ "sync"
+
+ "github.com/sun8911879/shadowsocksR/obfs"
+ "github.com/sun8911879/shadowsocksR/protocol"
+ "github.com/sun8911879/shadowsocksR/tools/leakybuf"
+)
+
+// SSTCPConn the struct that override the net.Conn methods
+type SSTCPConn struct {
+ net.Conn
+ sync.RWMutex
+ *StreamCipher
+ IObfs obfs.IObfs
+ IProtocol protocol.IProtocol
+ readBuf []byte
+ readDecodeBuf *bytes.Buffer
+ readIObfsBuf *bytes.Buffer
+ readEncryptBuf *bytes.Buffer
+ readIndex uint64
+ readUserBuf *bytes.Buffer
+ writeBuf []byte
+ lastReadError error
+}
+
+func NewSSTCPConn(c net.Conn, cipher *StreamCipher) *SSTCPConn {
+ return &SSTCPConn{
+ Conn: c,
+ StreamCipher: cipher,
+ readBuf: leakybuf.GlobalLeakyBuf.Get(),
+ readDecodeBuf: bytes.NewBuffer(nil),
+ readIObfsBuf: bytes.NewBuffer(nil),
+ readUserBuf: bytes.NewBuffer(nil),
+ readEncryptBuf: bytes.NewBuffer(nil),
+ writeBuf: leakybuf.GlobalLeakyBuf.Get(),
+ }
+}
+
+func (c *SSTCPConn) Close() error {
+ leakybuf.GlobalLeakyBuf.Put(c.readBuf)
+ leakybuf.GlobalLeakyBuf.Put(c.writeBuf)
+ return c.Conn.Close()
+}
+
+func (c *SSTCPConn) GetIv() (iv []byte) {
+ iv = make([]byte, len(c.iv))
+ copy(iv, c.iv)
+ return
+}
+
+func (c *SSTCPConn) GetKey() (key []byte) {
+ key = make([]byte, len(c.key))
+ copy(key, c.key)
+ return
+}
+
+func (c *SSTCPConn) initEncryptor(b []byte) (iv []byte, err error) {
+ if c.enc == nil {
+ iv, err = c.initEncrypt()
+ if err != nil {
+ return nil, err
+ }
+
+ // should initialize obfs/protocol now, because iv is ready now
+ obfsServerInfo := c.IObfs.GetServerInfo()
+ obfsServerInfo.SetHeadLen(b, 30)
+ obfsServerInfo.IV, obfsServerInfo.IVLen = c.IV()
+ obfsServerInfo.Key, obfsServerInfo.KeyLen = c.Key()
+ c.IObfs.SetServerInfo(obfsServerInfo)
+
+ protocolServerInfo := c.IProtocol.GetServerInfo()
+ protocolServerInfo.SetHeadLen(b, 30)
+ protocolServerInfo.IV, protocolServerInfo.IVLen = c.IV()
+ protocolServerInfo.Key, protocolServerInfo.KeyLen = c.Key()
+ c.IProtocol.SetServerInfo(protocolServerInfo)
+ }
+ return
+}
+
+func (c *SSTCPConn) Read(b []byte) (n int, err error) {
+ for {
+ n, err = c.doRead(b)
+ if b == nil || n != 0 || err != nil {
+ return n, err
+ }
+ }
+}
+
+func (c *SSTCPConn) doRead(b []byte) (n int, err error) {
+ //先吐出已经解密后数据
+ if c.readUserBuf.Len() > 0 {
+ return c.readUserBuf.Read(b)
+ }
+ //未读取够长度继续读取并解码
+ decodelength := c.readDecodeBuf.Len()
+ if (decodelength == 0 || c.readEncryptBuf.Len() > 0 || (c.readIndex != 0 && c.readIndex > uint64(decodelength))) && c.lastReadError == nil {
+ c.readIndex = 0
+ n, c.lastReadError = c.Conn.Read(c.readBuf)
+ //写入decode 缓存
+ c.readDecodeBuf.Write(c.readBuf[0:n])
+ }
+ //无缓冲数据返回错误
+ if c.lastReadError != nil && (decodelength == 0 || uint64(decodelength) < c.readIndex) {
+ return 0, c.lastReadError
+ }
+ decodelength = c.readDecodeBuf.Len()
+ decodebytes := c.readDecodeBuf.Bytes()
+ c.readDecodeBuf.Reset()
+
+ for {
+
+ decodedData, length, err := c.IObfs.Decode(decodebytes)
+ if length == 0 && err != nil {
+ return 0, err
+ }
+
+ //do send back
+ if length == 1 {
+ c.Write(make([]byte, 0))
+ return 0, nil
+ }
+
+ //数据不够长度
+ if err != nil {
+ if uint64(decodelength) >= length {
+ return 0, fmt.Errorf("data length: %d,decode data length: %d unknown panic", decodelength, length)
+ }
+ c.readIndex = length
+ c.readDecodeBuf.Write(decodebytes)
+ if c.readIObfsBuf.Len() == 0 {
+ return 0, nil
+ }
+ break
+ }
+
+ if length >= 1 {
+ //读出数据 但是有多余的数据 返回已经读取数值
+ c.readIObfsBuf.Write(decodedData)
+ decodebytes = decodebytes[length:]
+ decodelength = len(decodebytes)
+ continue
+ }
+
+ //完全读取数据 -- length == 0
+ c.readIObfsBuf.Write(decodedData)
+ break
+ }
+
+ decodedData := c.readIObfsBuf.Bytes()
+ decodelength = c.readIObfsBuf.Len()
+ c.readIObfsBuf.Reset()
+
+ if c.dec == nil {
+ iv := decodedData[0:c.info.ivLen]
+ if err = c.initDecrypt(iv); err != nil {
+ return 0, err
+ }
+
+ if len(c.iv) == 0 {
+ c.iv = iv
+ }
+ decodelength -= c.info.ivLen
+ if decodelength <= 0 {
+ return 0, nil
+ }
+ decodedData = decodedData[c.info.ivLen:]
+ }
+
+ buf := make([]byte, decodelength)
+ c.decrypt(buf, decodedData)
+
+ c.readEncryptBuf.Write(buf)
+ encryptbuf := c.readEncryptBuf.Bytes()
+ c.readEncryptBuf.Reset()
+ postDecryptedData, length, err := c.IProtocol.PostDecrypt(encryptbuf)
+ if err != nil {
+ return 0, err
+ }
+ if length == 0 {
+ c.readEncryptBuf.Write(encryptbuf)
+ return 0, nil
+ }
+
+ if length > 0 {
+ c.readEncryptBuf.Write(encryptbuf[length:])
+ }
+
+ postDecryptedlength := len(postDecryptedData)
+ blength := len(b)
+ copy(b, postDecryptedData)
+ if blength > postDecryptedlength {
+ return postDecryptedlength, nil
+ }
+ c.readUserBuf.Write(postDecryptedData[len(b):])
+ return blength, nil
+}
+
+func (c *SSTCPConn) preWrite(b []byte) (outData []byte, err error) {
+ var iv []byte
+ if iv, err = c.initEncryptor(b); err != nil {
+ return
+ }
+
+ var preEncryptedData []byte
+ preEncryptedData, err = c.IProtocol.PreEncrypt(b)
+ if err != nil {
+ return
+ }
+ preEncryptedDataLen := len(preEncryptedData)
+ //c.encrypt(cipherData[len(iv):], b)
+ encryptedData := make([]byte, preEncryptedDataLen)
+ //! \attention here the expected output buffer length MUST be accurate, it is preEncryptedDataLen now!
+ c.encrypt(encryptedData[0:preEncryptedDataLen], preEncryptedData)
+
+ //common.Info("len(b)=", len(b), ", b:", b,
+ // ", pre encrypted data length:", preEncryptedDataLen,
+ // ", pre encrypted data:", preEncryptedData,
+ // ", encrypted data length:", preEncryptedDataLen)
+
+ cipherData := c.writeBuf
+ dataSize := len(encryptedData) + len(iv)
+ if dataSize > len(cipherData) {
+ cipherData = make([]byte, dataSize)
+ } else {
+ cipherData = cipherData[:dataSize]
+ }
+
+ if iv != nil {
+ // Put initialization vector in buffer before be encoded
+ copy(cipherData, iv)
+ }
+ copy(cipherData[len(iv):], encryptedData)
+
+ return c.IObfs.Encode(cipherData)
+}
+
+func (c *SSTCPConn) Write(b []byte) (n int, err error) {
+ outData, err := c.preWrite(b)
+ if err == nil {
+ n, err = c.Conn.Write(outData)
+ if err != nil {
+ return n, err
+ }
+ }
+ return len(b), nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/tools/encrypt.go b/vendor/github.com/sun8911879/shadowsocksR/tools/encrypt.go
new file mode 100644
index 0000000..5ecb3b9
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/tools/encrypt.go
@@ -0,0 +1,51 @@
+package tools
+
+import (
+ "crypto/hmac"
+ "crypto/md5"
+ "crypto/sha1"
+)
+
+func HmacMD5(key []byte, data []byte) []byte {
+ hmacMD5 := hmac.New(md5.New, key)
+ hmacMD5.Write(data)
+ return hmacMD5.Sum(nil)[:10]
+}
+
+func HmacSHA1(key []byte, data []byte) []byte {
+ hmacSHA1 := hmac.New(sha1.New, key)
+ hmacSHA1.Write(data)
+ return hmacSHA1.Sum(nil)[:10]
+}
+
+func MD5Sum(d []byte) []byte {
+ h := md5.New()
+ h.Write(d)
+ return h.Sum(nil)
+}
+
+func SHA1Sum(d []byte) []byte {
+ h := sha1.New()
+ h.Write(d)
+ return h.Sum(nil)
+}
+
+func EVPBytesToKey(password string, keyLen int) (key []byte) {
+ const md5Len = 16
+
+ cnt := (keyLen-1)/md5Len + 1
+ m := make([]byte, cnt*md5Len)
+ copy(m, MD5Sum([]byte(password)))
+
+ // Repeatedly call md5 until bytes generated is enough.
+ // Each call to md5 uses data: prev md5 sum + password.
+ d := make([]byte, md5Len+len(password))
+ start := 0
+ for i := 1; i < cnt; i++ {
+ start += md5Len
+ copy(d, m[start-md5Len:start])
+ copy(d[md5Len:], password)
+ copy(m[start:], MD5Sum(d))
+ }
+ return m[:keyLen]
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/tools/leakybuf/leakybuf.go b/vendor/github.com/sun8911879/shadowsocksR/tools/leakybuf/leakybuf.go
new file mode 100644
index 0000000..096c9cb
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/tools/leakybuf/leakybuf.go
@@ -0,0 +1,47 @@
+// Provides leaky buffer, based on the example in Effective Go.
+package leakybuf
+
+type LeakyBuf struct {
+ bufSize int // size of each buffer
+ freeList chan []byte
+}
+
+// NewLeakyBuf creates a leaky buffer which can hold at most n buffer, each
+// with bufSize bytes.
+func NewLeakyBuf(n, bufSize int) *LeakyBuf {
+ return &LeakyBuf{
+ bufSize: bufSize,
+ freeList: make(chan []byte, n),
+ }
+}
+
+// Get returns a buffer from the leaky buffer or create a new buffer.
+func (lb *LeakyBuf) Get() (b []byte) {
+ select {
+ case b = <-lb.freeList:
+ default:
+ b = make([]byte, lb.bufSize)
+ }
+ return
+}
+
+// Put add the buffer into the free buffer pool for reuse. Panic if the buffer
+// size is not the same with the leaky buffer's. This is intended to expose
+// error usage of leaky buffer.
+func (lb *LeakyBuf) Put(b []byte) {
+ if len(b) != lb.bufSize {
+ panic("invalid buffer size that's put into leaky buffer")
+ }
+ select {
+ case lb.freeList <- b:
+ default:
+ }
+ return
+}
+
+const (
+ GlobalLeakyBufSize = 32 * 1024 // data.len(2) + hmacsha1(10) + data(4096)
+ maxNBuf = 8192
+)
+
+var GlobalLeakyBuf = NewLeakyBuf(maxNBuf, GlobalLeakyBufSize)
diff --git a/vendor/golang.org/x/crypto/LICENSE b/vendor/golang.org/x/crypto/LICENSE
new file mode 100644
index 0000000..6a66aea
--- /dev/null
+++ b/vendor/golang.org/x/crypto/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+ * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/golang.org/x/crypto/PATENTS b/vendor/golang.org/x/crypto/PATENTS
new file mode 100644
index 0000000..7330990
--- /dev/null
+++ b/vendor/golang.org/x/crypto/PATENTS
@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go. This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation. If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.
diff --git a/vendor/golang.org/x/crypto/blowfish/block.go b/vendor/golang.org/x/crypto/blowfish/block.go
new file mode 100644
index 0000000..9d80f19
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blowfish/block.go
@@ -0,0 +1,159 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package blowfish
+
+// getNextWord returns the next big-endian uint32 value from the byte slice
+// at the given position in a circular manner, updating the position.
+func getNextWord(b []byte, pos *int) uint32 {
+ var w uint32
+ j := *pos
+ for i := 0; i < 4; i++ {
+ w = w<<8 | uint32(b[j])
+ j++
+ if j >= len(b) {
+ j = 0
+ }
+ }
+ *pos = j
+ return w
+}
+
+// ExpandKey performs a key expansion on the given *Cipher. Specifically, it
+// performs the Blowfish algorithm's key schedule which sets up the *Cipher's
+// pi and substitution tables for calls to Encrypt. This is used, primarily,
+// by the bcrypt package to reuse the Blowfish key schedule during its
+// set up. It's unlikely that you need to use this directly.
+func ExpandKey(key []byte, c *Cipher) {
+ j := 0
+ for i := 0; i < 18; i++ {
+ // Using inlined getNextWord for performance.
+ var d uint32
+ for k := 0; k < 4; k++ {
+ d = d<<8 | uint32(key[j])
+ j++
+ if j >= len(key) {
+ j = 0
+ }
+ }
+ c.p[i] ^= d
+ }
+
+ var l, r uint32
+ for i := 0; i < 18; i += 2 {
+ l, r = encryptBlock(l, r, c)
+ c.p[i], c.p[i+1] = l, r
+ }
+
+ for i := 0; i < 256; i += 2 {
+ l, r = encryptBlock(l, r, c)
+ c.s0[i], c.s0[i+1] = l, r
+ }
+ for i := 0; i < 256; i += 2 {
+ l, r = encryptBlock(l, r, c)
+ c.s1[i], c.s1[i+1] = l, r
+ }
+ for i := 0; i < 256; i += 2 {
+ l, r = encryptBlock(l, r, c)
+ c.s2[i], c.s2[i+1] = l, r
+ }
+ for i := 0; i < 256; i += 2 {
+ l, r = encryptBlock(l, r, c)
+ c.s3[i], c.s3[i+1] = l, r
+ }
+}
+
+// This is similar to ExpandKey, but folds the salt during the key
+// schedule. While ExpandKey is essentially expandKeyWithSalt with an all-zero
+// salt passed in, reusing ExpandKey turns out to be a place of inefficiency
+// and specializing it here is useful.
+func expandKeyWithSalt(key []byte, salt []byte, c *Cipher) {
+ j := 0
+ for i := 0; i < 18; i++ {
+ c.p[i] ^= getNextWord(key, &j)
+ }
+
+ j = 0
+ var l, r uint32
+ for i := 0; i < 18; i += 2 {
+ l ^= getNextWord(salt, &j)
+ r ^= getNextWord(salt, &j)
+ l, r = encryptBlock(l, r, c)
+ c.p[i], c.p[i+1] = l, r
+ }
+
+ for i := 0; i < 256; i += 2 {
+ l ^= getNextWord(salt, &j)
+ r ^= getNextWord(salt, &j)
+ l, r = encryptBlock(l, r, c)
+ c.s0[i], c.s0[i+1] = l, r
+ }
+
+ for i := 0; i < 256; i += 2 {
+ l ^= getNextWord(salt, &j)
+ r ^= getNextWord(salt, &j)
+ l, r = encryptBlock(l, r, c)
+ c.s1[i], c.s1[i+1] = l, r
+ }
+
+ for i := 0; i < 256; i += 2 {
+ l ^= getNextWord(salt, &j)
+ r ^= getNextWord(salt, &j)
+ l, r = encryptBlock(l, r, c)
+ c.s2[i], c.s2[i+1] = l, r
+ }
+
+ for i := 0; i < 256; i += 2 {
+ l ^= getNextWord(salt, &j)
+ r ^= getNextWord(salt, &j)
+ l, r = encryptBlock(l, r, c)
+ c.s3[i], c.s3[i+1] = l, r
+ }
+}
+
+func encryptBlock(l, r uint32, c *Cipher) (uint32, uint32) {
+ xl, xr := l, r
+ xl ^= c.p[0]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[1]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[2]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[3]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[4]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[5]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[6]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[7]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[8]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[9]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[10]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[11]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[12]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[13]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[14]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[15]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[16]
+ xr ^= c.p[17]
+ return xr, xl
+}
+
+func decryptBlock(l, r uint32, c *Cipher) (uint32, uint32) {
+ xl, xr := l, r
+ xl ^= c.p[17]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[16]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[15]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[14]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[13]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[12]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[11]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[10]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[9]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[8]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[7]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[6]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[5]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[4]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[3]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[2]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[1]
+ xr ^= c.p[0]
+ return xr, xl
+}
diff --git a/vendor/golang.org/x/crypto/blowfish/cipher.go b/vendor/golang.org/x/crypto/blowfish/cipher.go
new file mode 100644
index 0000000..2641dad
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blowfish/cipher.go
@@ -0,0 +1,91 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package blowfish implements Bruce Schneier's Blowfish encryption algorithm.
+package blowfish // import "golang.org/x/crypto/blowfish"
+
+// The code is a port of Bruce Schneier's C implementation.
+// See https://www.schneier.com/blowfish.html.
+
+import "strconv"
+
+// The Blowfish block size in bytes.
+const BlockSize = 8
+
+// A Cipher is an instance of Blowfish encryption using a particular key.
+type Cipher struct {
+ p [18]uint32
+ s0, s1, s2, s3 [256]uint32
+}
+
+type KeySizeError int
+
+func (k KeySizeError) Error() string {
+ return "crypto/blowfish: invalid key size " + strconv.Itoa(int(k))
+}
+
+// NewCipher creates and returns a Cipher.
+// The key argument should be the Blowfish key, from 1 to 56 bytes.
+func NewCipher(key []byte) (*Cipher, error) {
+ var result Cipher
+ if k := len(key); k < 1 || k > 56 {
+ return nil, KeySizeError(k)
+ }
+ initCipher(&result)
+ ExpandKey(key, &result)
+ return &result, nil
+}
+
+// NewSaltedCipher creates a returns a Cipher that folds a salt into its key
+// schedule. For most purposes, NewCipher, instead of NewSaltedCipher, is
+// sufficient and desirable. For bcrypt compatibility, the key can be over 56
+// bytes.
+func NewSaltedCipher(key, salt []byte) (*Cipher, error) {
+ if len(salt) == 0 {
+ return NewCipher(key)
+ }
+ var result Cipher
+ if k := len(key); k < 1 {
+ return nil, KeySizeError(k)
+ }
+ initCipher(&result)
+ expandKeyWithSalt(key, salt, &result)
+ return &result, nil
+}
+
+// BlockSize returns the Blowfish block size, 8 bytes.
+// It is necessary to satisfy the Block interface in the
+// package "crypto/cipher".
+func (c *Cipher) BlockSize() int { return BlockSize }
+
+// Encrypt encrypts the 8-byte buffer src using the key k
+// and stores the result in dst.
+// Note that for amounts of data larger than a block,
+// it is not safe to just call Encrypt on successive blocks;
+// instead, use an encryption mode like CBC (see crypto/cipher/cbc.go).
+func (c *Cipher) Encrypt(dst, src []byte) {
+ l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
+ r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
+ l, r = encryptBlock(l, r, c)
+ dst[0], dst[1], dst[2], dst[3] = byte(l>>24), byte(l>>16), byte(l>>8), byte(l)
+ dst[4], dst[5], dst[6], dst[7] = byte(r>>24), byte(r>>16), byte(r>>8), byte(r)
+}
+
+// Decrypt decrypts the 8-byte buffer src using the key k
+// and stores the result in dst.
+func (c *Cipher) Decrypt(dst, src []byte) {
+ l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
+ r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
+ l, r = decryptBlock(l, r, c)
+ dst[0], dst[1], dst[2], dst[3] = byte(l>>24), byte(l>>16), byte(l>>8), byte(l)
+ dst[4], dst[5], dst[6], dst[7] = byte(r>>24), byte(r>>16), byte(r>>8), byte(r)
+}
+
+func initCipher(c *Cipher) {
+ copy(c.p[0:], p[0:])
+ copy(c.s0[0:], s0[0:])
+ copy(c.s1[0:], s1[0:])
+ copy(c.s2[0:], s2[0:])
+ copy(c.s3[0:], s3[0:])
+}
diff --git a/vendor/golang.org/x/crypto/blowfish/const.go b/vendor/golang.org/x/crypto/blowfish/const.go
new file mode 100644
index 0000000..d040775
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blowfish/const.go
@@ -0,0 +1,199 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// The startup permutation array and substitution boxes.
+// They are the hexadecimal digits of PI; see:
+// https://www.schneier.com/code/constants.txt.
+
+package blowfish
+
+var s0 = [256]uint32{
+ 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,
+ 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
+ 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,
+ 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
+ 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,
+ 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
+ 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,
+ 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
+ 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,
+ 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
+ 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,
+ 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
+ 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,
+ 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
+ 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,
+ 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
+ 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,
+ 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
+ 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,
+ 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
+ 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,
+ 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
+ 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,
+ 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
+ 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,
+ 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
+ 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,
+ 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
+ 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,
+ 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
+ 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,
+ 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
+ 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,
+ 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
+ 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,
+ 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
+ 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,
+ 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
+ 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,
+ 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
+ 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,
+ 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
+ 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a,
+}
+
+var s1 = [256]uint32{
+ 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,
+ 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
+ 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,
+ 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
+ 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,
+ 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
+ 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,
+ 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
+ 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,
+ 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
+ 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,
+ 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
+ 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,
+ 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
+ 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,
+ 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
+ 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,
+ 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
+ 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,
+ 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
+ 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,
+ 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
+ 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,
+ 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
+ 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,
+ 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
+ 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,
+ 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
+ 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,
+ 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
+ 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,
+ 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
+ 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,
+ 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
+ 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,
+ 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
+ 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,
+ 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
+ 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,
+ 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
+ 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,
+ 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
+ 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7,
+}
+
+var s2 = [256]uint32{
+ 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,
+ 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
+ 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,
+ 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
+ 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,
+ 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
+ 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,
+ 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
+ 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,
+ 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
+ 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,
+ 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
+ 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,
+ 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
+ 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,
+ 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
+ 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,
+ 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
+ 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,
+ 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
+ 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,
+ 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
+ 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,
+ 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
+ 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,
+ 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
+ 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,
+ 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
+ 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,
+ 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
+ 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,
+ 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
+ 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,
+ 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
+ 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,
+ 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
+ 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,
+ 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
+ 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,
+ 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
+ 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,
+ 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
+ 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0,
+}
+
+var s3 = [256]uint32{
+ 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,
+ 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
+ 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,
+ 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
+ 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,
+ 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
+ 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,
+ 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
+ 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,
+ 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
+ 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,
+ 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
+ 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,
+ 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
+ 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,
+ 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
+ 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,
+ 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
+ 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,
+ 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
+ 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,
+ 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
+ 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,
+ 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
+ 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,
+ 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
+ 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,
+ 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
+ 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,
+ 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
+ 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,
+ 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
+ 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,
+ 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
+ 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,
+ 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
+ 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,
+ 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
+ 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,
+ 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
+ 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,
+ 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
+ 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6,
+}
+
+var p = [18]uint32{
+ 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,
+ 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
+ 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b,
+}
diff --git a/vendor/golang.org/x/crypto/cast5/cast5.go b/vendor/golang.org/x/crypto/cast5/cast5.go
new file mode 100644
index 0000000..0b4af37
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cast5/cast5.go
@@ -0,0 +1,526 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cast5 implements CAST5, as defined in RFC 2144. CAST5 is a common
+// OpenPGP cipher.
+package cast5 // import "golang.org/x/crypto/cast5"
+
+import "errors"
+
+const BlockSize = 8
+const KeySize = 16
+
+type Cipher struct {
+ masking [16]uint32
+ rotate [16]uint8
+}
+
+func NewCipher(key []byte) (c *Cipher, err error) {
+ if len(key) != KeySize {
+ return nil, errors.New("CAST5: keys must be 16 bytes")
+ }
+
+ c = new(Cipher)
+ c.keySchedule(key)
+ return
+}
+
+func (c *Cipher) BlockSize() int {
+ return BlockSize
+}
+
+func (c *Cipher) Encrypt(dst, src []byte) {
+ l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
+ r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
+
+ l, r = r, l^f1(r, c.masking[0], c.rotate[0])
+ l, r = r, l^f2(r, c.masking[1], c.rotate[1])
+ l, r = r, l^f3(r, c.masking[2], c.rotate[2])
+ l, r = r, l^f1(r, c.masking[3], c.rotate[3])
+
+ l, r = r, l^f2(r, c.masking[4], c.rotate[4])
+ l, r = r, l^f3(r, c.masking[5], c.rotate[5])
+ l, r = r, l^f1(r, c.masking[6], c.rotate[6])
+ l, r = r, l^f2(r, c.masking[7], c.rotate[7])
+
+ l, r = r, l^f3(r, c.masking[8], c.rotate[8])
+ l, r = r, l^f1(r, c.masking[9], c.rotate[9])
+ l, r = r, l^f2(r, c.masking[10], c.rotate[10])
+ l, r = r, l^f3(r, c.masking[11], c.rotate[11])
+
+ l, r = r, l^f1(r, c.masking[12], c.rotate[12])
+ l, r = r, l^f2(r, c.masking[13], c.rotate[13])
+ l, r = r, l^f3(r, c.masking[14], c.rotate[14])
+ l, r = r, l^f1(r, c.masking[15], c.rotate[15])
+
+ dst[0] = uint8(r >> 24)
+ dst[1] = uint8(r >> 16)
+ dst[2] = uint8(r >> 8)
+ dst[3] = uint8(r)
+ dst[4] = uint8(l >> 24)
+ dst[5] = uint8(l >> 16)
+ dst[6] = uint8(l >> 8)
+ dst[7] = uint8(l)
+}
+
+func (c *Cipher) Decrypt(dst, src []byte) {
+ l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
+ r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
+
+ l, r = r, l^f1(r, c.masking[15], c.rotate[15])
+ l, r = r, l^f3(r, c.masking[14], c.rotate[14])
+ l, r = r, l^f2(r, c.masking[13], c.rotate[13])
+ l, r = r, l^f1(r, c.masking[12], c.rotate[12])
+
+ l, r = r, l^f3(r, c.masking[11], c.rotate[11])
+ l, r = r, l^f2(r, c.masking[10], c.rotate[10])
+ l, r = r, l^f1(r, c.masking[9], c.rotate[9])
+ l, r = r, l^f3(r, c.masking[8], c.rotate[8])
+
+ l, r = r, l^f2(r, c.masking[7], c.rotate[7])
+ l, r = r, l^f1(r, c.masking[6], c.rotate[6])
+ l, r = r, l^f3(r, c.masking[5], c.rotate[5])
+ l, r = r, l^f2(r, c.masking[4], c.rotate[4])
+
+ l, r = r, l^f1(r, c.masking[3], c.rotate[3])
+ l, r = r, l^f3(r, c.masking[2], c.rotate[2])
+ l, r = r, l^f2(r, c.masking[1], c.rotate[1])
+ l, r = r, l^f1(r, c.masking[0], c.rotate[0])
+
+ dst[0] = uint8(r >> 24)
+ dst[1] = uint8(r >> 16)
+ dst[2] = uint8(r >> 8)
+ dst[3] = uint8(r)
+ dst[4] = uint8(l >> 24)
+ dst[5] = uint8(l >> 16)
+ dst[6] = uint8(l >> 8)
+ dst[7] = uint8(l)
+}
+
+type keyScheduleA [4][7]uint8
+type keyScheduleB [4][5]uint8
+
+// keyScheduleRound contains the magic values for a round of the key schedule.
+// The keyScheduleA deals with the lines like:
+// z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8]
+// Conceptually, both x and z are in the same array, x first. The first
+// element describes which word of this array gets written to and the
+// second, which word gets read. So, for the line above, it's "4, 0", because
+// it's writing to the first word of z, which, being after x, is word 4, and
+// reading from the first word of x: word 0.
+//
+// Next are the indexes into the S-boxes. Now the array is treated as bytes. So
+// "xD" is 0xd. The first byte of z is written as "16 + 0", just to be clear
+// that it's z that we're indexing.
+//
+// keyScheduleB deals with lines like:
+// K1 = S5[z8] ^ S6[z9] ^ S7[z7] ^ S8[z6] ^ S5[z2]
+// "K1" is ignored because key words are always written in order. So the five
+// elements are the S-box indexes. They use the same form as in keyScheduleA,
+// above.
+
+type keyScheduleRound struct{}
+type keySchedule []keyScheduleRound
+
+var schedule = []struct {
+ a keyScheduleA
+ b keyScheduleB
+}{
+ {
+ keyScheduleA{
+ {4, 0, 0xd, 0xf, 0xc, 0xe, 0x8},
+ {5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa},
+ {6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9},
+ {7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb},
+ },
+ keyScheduleB{
+ {16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2},
+ {16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6},
+ {16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9},
+ {16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc},
+ },
+ },
+ {
+ keyScheduleA{
+ {0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0},
+ {1, 4, 0, 2, 1, 3, 16 + 2},
+ {2, 5, 7, 6, 5, 4, 16 + 1},
+ {3, 7, 0xa, 9, 0xb, 8, 16 + 3},
+ },
+ keyScheduleB{
+ {3, 2, 0xc, 0xd, 8},
+ {1, 0, 0xe, 0xf, 0xd},
+ {7, 6, 8, 9, 3},
+ {5, 4, 0xa, 0xb, 7},
+ },
+ },
+ {
+ keyScheduleA{
+ {4, 0, 0xd, 0xf, 0xc, 0xe, 8},
+ {5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa},
+ {6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9},
+ {7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb},
+ },
+ keyScheduleB{
+ {16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9},
+ {16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc},
+ {16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2},
+ {16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6},
+ },
+ },
+ {
+ keyScheduleA{
+ {0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0},
+ {1, 4, 0, 2, 1, 3, 16 + 2},
+ {2, 5, 7, 6, 5, 4, 16 + 1},
+ {3, 7, 0xa, 9, 0xb, 8, 16 + 3},
+ },
+ keyScheduleB{
+ {8, 9, 7, 6, 3},
+ {0xa, 0xb, 5, 4, 7},
+ {0xc, 0xd, 3, 2, 8},
+ {0xe, 0xf, 1, 0, 0xd},
+ },
+ },
+}
+
+func (c *Cipher) keySchedule(in []byte) {
+ var t [8]uint32
+ var k [32]uint32
+
+ for i := 0; i < 4; i++ {
+ j := i * 4
+ t[i] = uint32(in[j])<<24 | uint32(in[j+1])<<16 | uint32(in[j+2])<<8 | uint32(in[j+3])
+ }
+
+ x := []byte{6, 7, 4, 5}
+ ki := 0
+
+ for half := 0; half < 2; half++ {
+ for _, round := range schedule {
+ for j := 0; j < 4; j++ {
+ var a [7]uint8
+ copy(a[:], round.a[j][:])
+ w := t[a[1]]
+ w ^= sBox[4][(t[a[2]>>2]>>(24-8*(a[2]&3)))&0xff]
+ w ^= sBox[5][(t[a[3]>>2]>>(24-8*(a[3]&3)))&0xff]
+ w ^= sBox[6][(t[a[4]>>2]>>(24-8*(a[4]&3)))&0xff]
+ w ^= sBox[7][(t[a[5]>>2]>>(24-8*(a[5]&3)))&0xff]
+ w ^= sBox[x[j]][(t[a[6]>>2]>>(24-8*(a[6]&3)))&0xff]
+ t[a[0]] = w
+ }
+
+ for j := 0; j < 4; j++ {
+ var b [5]uint8
+ copy(b[:], round.b[j][:])
+ w := sBox[4][(t[b[0]>>2]>>(24-8*(b[0]&3)))&0xff]
+ w ^= sBox[5][(t[b[1]>>2]>>(24-8*(b[1]&3)))&0xff]
+ w ^= sBox[6][(t[b[2]>>2]>>(24-8*(b[2]&3)))&0xff]
+ w ^= sBox[7][(t[b[3]>>2]>>(24-8*(b[3]&3)))&0xff]
+ w ^= sBox[4+j][(t[b[4]>>2]>>(24-8*(b[4]&3)))&0xff]
+ k[ki] = w
+ ki++
+ }
+ }
+ }
+
+ for i := 0; i < 16; i++ {
+ c.masking[i] = k[i]
+ c.rotate[i] = uint8(k[16+i] & 0x1f)
+ }
+}
+
+// These are the three 'f' functions. See RFC 2144, section 2.2.
+func f1(d, m uint32, r uint8) uint32 {
+ t := m + d
+ I := (t << r) | (t >> (32 - r))
+ return ((sBox[0][I>>24] ^ sBox[1][(I>>16)&0xff]) - sBox[2][(I>>8)&0xff]) + sBox[3][I&0xff]
+}
+
+func f2(d, m uint32, r uint8) uint32 {
+ t := m ^ d
+ I := (t << r) | (t >> (32 - r))
+ return ((sBox[0][I>>24] - sBox[1][(I>>16)&0xff]) + sBox[2][(I>>8)&0xff]) ^ sBox[3][I&0xff]
+}
+
+func f3(d, m uint32, r uint8) uint32 {
+ t := m - d
+ I := (t << r) | (t >> (32 - r))
+ return ((sBox[0][I>>24] + sBox[1][(I>>16)&0xff]) ^ sBox[2][(I>>8)&0xff]) - sBox[3][I&0xff]
+}
+
+var sBox = [8][256]uint32{
+ {
+ 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
+ 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
+ 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
+ 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,
+ 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
+ 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
+ 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,
+ 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
+ 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,
+ 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
+ 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,
+ 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,
+ 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,
+ 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
+ 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
+ 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,
+ 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,
+ 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,
+ 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
+ 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
+ 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,
+ 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,
+ 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
+ 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
+ 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
+ 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,
+ 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
+ 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,
+ 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,
+ 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,
+ 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
+ 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf,
+ },
+ {
+ 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
+ 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
+ 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
+ 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
+ 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,
+ 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,
+ 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,
+ 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
+ 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
+ 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,
+ 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
+ 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,
+ 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
+ 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
+ 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
+ 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
+ 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,
+ 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,
+ 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,
+ 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
+ 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,
+ 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,
+ 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
+ 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
+ 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,
+ 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
+ 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,
+ 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,
+ 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
+ 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
+ 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,
+ 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1,
+ },
+ {
+ 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
+ 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,
+ 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,
+ 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,
+ 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
+ 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
+ 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,
+ 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
+ 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
+ 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,
+ 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,
+ 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,
+ 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,
+ 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
+ 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
+ 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,
+ 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
+ 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,
+ 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,
+ 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,
+ 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
+ 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
+ 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
+ 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,
+ 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
+ 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
+ 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,
+ 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
+ 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,
+ 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,
+ 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,
+ 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783,
+ },
+ {
+ 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
+ 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,
+ 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
+ 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,
+ 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
+ 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
+ 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,
+ 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,
+ 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,
+ 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,
+ 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,
+ 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,
+ 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
+ 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,
+ 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
+ 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,
+ 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
+ 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,
+ 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
+ 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
+ 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
+ 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
+ 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
+ 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
+ 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
+ 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,
+ 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
+ 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
+ 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,
+ 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
+ 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,
+ 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2,
+ },
+ {
+ 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
+ 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,
+ 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,
+ 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
+ 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
+ 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
+ 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,
+ 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,
+ 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,
+ 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,
+ 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,
+ 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
+ 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,
+ 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,
+ 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
+ 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,
+ 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,
+ 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
+ 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,
+ 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,
+ 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
+ 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,
+ 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,
+ 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,
+ 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
+ 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,
+ 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,
+ 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
+ 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
+ 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
+ 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,
+ 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4,
+ },
+ {
+ 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
+ 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,
+ 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
+ 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,
+ 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
+ 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
+ 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
+ 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,
+ 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
+ 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,
+ 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
+ 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,
+ 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,
+ 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
+ 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,
+ 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,
+ 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,
+ 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
+ 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,
+ 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,
+ 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
+ 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
+ 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
+ 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,
+ 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,
+ 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,
+ 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
+ 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
+ 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,
+ 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
+ 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
+ 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f,
+ },
+ {
+ 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
+ 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,
+ 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
+ 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
+ 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
+ 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,
+ 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
+ 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,
+ 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,
+ 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
+ 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
+ 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
+ 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,
+ 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,
+ 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
+ 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
+ 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
+ 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,
+ 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,
+ 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
+ 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,
+ 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
+ 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,
+ 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
+ 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
+ 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,
+ 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,
+ 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,
+ 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,
+ 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,
+ 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
+ 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3,
+ },
+ {
+ 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
+ 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,
+ 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
+ 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,
+ 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
+ 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,
+ 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
+ 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,
+ 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,
+ 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,
+ 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
+ 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,
+ 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,
+ 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,
+ 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
+ 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,
+ 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,
+ 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,
+ 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
+ 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
+ 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
+ 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,
+ 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
+ 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,
+ 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,
+ 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,
+ 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
+ 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,
+ 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,
+ 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,
+ 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
+ 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e,
+ },
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
new file mode 100644
index 0000000..e28f49d
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
@@ -0,0 +1,91 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD as specified in RFC 7539.
+package chacha20poly1305 // import "golang.org/x/crypto/chacha20poly1305"
+
+import (
+ "crypto/cipher"
+ "encoding/binary"
+ "errors"
+)
+
+const (
+ // KeySize is the size of the key used by this AEAD, in bytes.
+ KeySize = 32
+ // NonceSize is the size of the nonce used with this AEAD, in bytes.
+ NonceSize = 12
+)
+
+type chacha20poly1305 struct {
+ key [8]uint32
+}
+
+// New returns a ChaCha20-Poly1305 AEAD that uses the given, 256-bit key.
+func New(key []byte) (cipher.AEAD, error) {
+ if len(key) != KeySize {
+ return nil, errors.New("chacha20poly1305: bad key length")
+ }
+ ret := new(chacha20poly1305)
+ ret.key[0] = binary.LittleEndian.Uint32(key[0:4])
+ ret.key[1] = binary.LittleEndian.Uint32(key[4:8])
+ ret.key[2] = binary.LittleEndian.Uint32(key[8:12])
+ ret.key[3] = binary.LittleEndian.Uint32(key[12:16])
+ ret.key[4] = binary.LittleEndian.Uint32(key[16:20])
+ ret.key[5] = binary.LittleEndian.Uint32(key[20:24])
+ ret.key[6] = binary.LittleEndian.Uint32(key[24:28])
+ ret.key[7] = binary.LittleEndian.Uint32(key[28:32])
+ return ret, nil
+}
+
+func (c *chacha20poly1305) NonceSize() int {
+ return NonceSize
+}
+
+func (c *chacha20poly1305) Overhead() int {
+ return 16
+}
+
+func (c *chacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
+ if len(nonce) != NonceSize {
+ panic("chacha20poly1305: bad nonce length passed to Seal")
+ }
+
+ if uint64(len(plaintext)) > (1<<38)-64 {
+ panic("chacha20poly1305: plaintext too large")
+ }
+
+ return c.seal(dst, nonce, plaintext, additionalData)
+}
+
+var errOpen = errors.New("chacha20poly1305: message authentication failed")
+
+func (c *chacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+ if len(nonce) != NonceSize {
+ panic("chacha20poly1305: bad nonce length passed to Open")
+ }
+ if len(ciphertext) < 16 {
+ return nil, errOpen
+ }
+ if uint64(len(ciphertext)) > (1<<38)-48 {
+ panic("chacha20poly1305: ciphertext too large")
+ }
+
+ return c.open(dst, nonce, ciphertext, additionalData)
+}
+
+// sliceForAppend takes a slice and a requested number of bytes. It returns a
+// slice with the contents of the given slice followed by that many bytes and a
+// second slice that aliases into it and contains only the extra bytes. If the
+// original slice has sufficient capacity then no allocation is performed.
+func sliceForAppend(in []byte, n int) (head, tail []byte) {
+ if total := len(in) + n; cap(in) >= total {
+ head = in[:total]
+ } else {
+ head = make([]byte, total)
+ copy(head, in)
+ }
+ tail = head[len(in):]
+ return
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
new file mode 100644
index 0000000..07d18a3
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
@@ -0,0 +1,80 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.7,amd64,!gccgo,!appengine
+
+package chacha20poly1305
+
+import (
+ "encoding/binary"
+
+ "golang.org/x/sys/cpu"
+)
+
+//go:noescape
+func chacha20Poly1305Open(dst []byte, key []uint32, src, ad []byte) bool
+
+//go:noescape
+func chacha20Poly1305Seal(dst []byte, key []uint32, src, ad []byte)
+
+var (
+ useASM = cpu.X86.HasSSSE3
+ useAVX2 = cpu.X86.HasAVX2 && cpu.X86.HasBMI2
+)
+
+// setupState writes a ChaCha20 input matrix to state. See
+// https://tools.ietf.org/html/rfc7539#section-2.3.
+func setupState(state *[16]uint32, key *[8]uint32, nonce []byte) {
+ state[0] = 0x61707865
+ state[1] = 0x3320646e
+ state[2] = 0x79622d32
+ state[3] = 0x6b206574
+
+ state[4] = key[0]
+ state[5] = key[1]
+ state[6] = key[2]
+ state[7] = key[3]
+ state[8] = key[4]
+ state[9] = key[5]
+ state[10] = key[6]
+ state[11] = key[7]
+
+ state[12] = 0
+ state[13] = binary.LittleEndian.Uint32(nonce[:4])
+ state[14] = binary.LittleEndian.Uint32(nonce[4:8])
+ state[15] = binary.LittleEndian.Uint32(nonce[8:12])
+}
+
+func (c *chacha20poly1305) seal(dst, nonce, plaintext, additionalData []byte) []byte {
+ if !useASM {
+ return c.sealGeneric(dst, nonce, plaintext, additionalData)
+ }
+
+ var state [16]uint32
+ setupState(&state, &c.key, nonce)
+
+ ret, out := sliceForAppend(dst, len(plaintext)+16)
+ chacha20Poly1305Seal(out[:], state[:], plaintext, additionalData)
+ return ret
+}
+
+func (c *chacha20poly1305) open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+ if !useASM {
+ return c.openGeneric(dst, nonce, ciphertext, additionalData)
+ }
+
+ var state [16]uint32
+ setupState(&state, &c.key, nonce)
+
+ ciphertext = ciphertext[:len(ciphertext)-16]
+ ret, out := sliceForAppend(dst, len(ciphertext))
+ if !chacha20Poly1305Open(out, state[:], ciphertext, additionalData) {
+ for i := range out {
+ out[i] = 0
+ }
+ return nil, errOpen
+ }
+
+ return ret, nil
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
new file mode 100644
index 0000000..af76bbc
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
@@ -0,0 +1,2695 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This file was originally from https://golang.org/cl/24717 by Vlad Krasnov of CloudFlare.
+
+// +build go1.7,amd64,!gccgo,!appengine
+
+#include "textflag.h"
+// General register allocation
+#define oup DI
+#define inp SI
+#define inl BX
+#define adp CX // free to reuse, after we hash the additional data
+#define keyp R8 // free to reuse, when we copy the key to stack
+#define itr2 R9 // general iterator
+#define itr1 CX // general iterator
+#define acc0 R10
+#define acc1 R11
+#define acc2 R12
+#define t0 R13
+#define t1 R14
+#define t2 R15
+#define t3 R8
+// Register and stack allocation for the SSE code
+#define rStore (0*16)(BP)
+#define sStore (1*16)(BP)
+#define state1Store (2*16)(BP)
+#define state2Store (3*16)(BP)
+#define tmpStore (4*16)(BP)
+#define ctr0Store (5*16)(BP)
+#define ctr1Store (6*16)(BP)
+#define ctr2Store (7*16)(BP)
+#define ctr3Store (8*16)(BP)
+#define A0 X0
+#define A1 X1
+#define A2 X2
+#define B0 X3
+#define B1 X4
+#define B2 X5
+#define C0 X6
+#define C1 X7
+#define C2 X8
+#define D0 X9
+#define D1 X10
+#define D2 X11
+#define T0 X12
+#define T1 X13
+#define T2 X14
+#define T3 X15
+#define A3 T0
+#define B3 T1
+#define C3 T2
+#define D3 T3
+// Register and stack allocation for the AVX2 code
+#define rsStoreAVX2 (0*32)(BP)
+#define state1StoreAVX2 (1*32)(BP)
+#define state2StoreAVX2 (2*32)(BP)
+#define ctr0StoreAVX2 (3*32)(BP)
+#define ctr1StoreAVX2 (4*32)(BP)
+#define ctr2StoreAVX2 (5*32)(BP)
+#define ctr3StoreAVX2 (6*32)(BP)
+#define tmpStoreAVX2 (7*32)(BP) // 256 bytes on stack
+#define AA0 Y0
+#define AA1 Y5
+#define AA2 Y6
+#define AA3 Y7
+#define BB0 Y14
+#define BB1 Y9
+#define BB2 Y10
+#define BB3 Y11
+#define CC0 Y12
+#define CC1 Y13
+#define CC2 Y8
+#define CC3 Y15
+#define DD0 Y4
+#define DD1 Y1
+#define DD2 Y2
+#define DD3 Y3
+#define TT0 DD3
+#define TT1 AA3
+#define TT2 BB3
+#define TT3 CC3
+// ChaCha20 constants
+DATA ·chacha20Constants<>+0x00(SB)/4, $0x61707865
+DATA ·chacha20Constants<>+0x04(SB)/4, $0x3320646e
+DATA ·chacha20Constants<>+0x08(SB)/4, $0x79622d32
+DATA ·chacha20Constants<>+0x0c(SB)/4, $0x6b206574
+DATA ·chacha20Constants<>+0x10(SB)/4, $0x61707865
+DATA ·chacha20Constants<>+0x14(SB)/4, $0x3320646e
+DATA ·chacha20Constants<>+0x18(SB)/4, $0x79622d32
+DATA ·chacha20Constants<>+0x1c(SB)/4, $0x6b206574
+// <<< 16 with PSHUFB
+DATA ·rol16<>+0x00(SB)/8, $0x0504070601000302
+DATA ·rol16<>+0x08(SB)/8, $0x0D0C0F0E09080B0A
+DATA ·rol16<>+0x10(SB)/8, $0x0504070601000302
+DATA ·rol16<>+0x18(SB)/8, $0x0D0C0F0E09080B0A
+// <<< 8 with PSHUFB
+DATA ·rol8<>+0x00(SB)/8, $0x0605040702010003
+DATA ·rol8<>+0x08(SB)/8, $0x0E0D0C0F0A09080B
+DATA ·rol8<>+0x10(SB)/8, $0x0605040702010003
+DATA ·rol8<>+0x18(SB)/8, $0x0E0D0C0F0A09080B
+
+DATA ·avx2InitMask<>+0x00(SB)/8, $0x0
+DATA ·avx2InitMask<>+0x08(SB)/8, $0x0
+DATA ·avx2InitMask<>+0x10(SB)/8, $0x1
+DATA ·avx2InitMask<>+0x18(SB)/8, $0x0
+
+DATA ·avx2IncMask<>+0x00(SB)/8, $0x2
+DATA ·avx2IncMask<>+0x08(SB)/8, $0x0
+DATA ·avx2IncMask<>+0x10(SB)/8, $0x2
+DATA ·avx2IncMask<>+0x18(SB)/8, $0x0
+// Poly1305 key clamp
+DATA ·polyClampMask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
+DATA ·polyClampMask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
+DATA ·polyClampMask<>+0x10(SB)/8, $0xFFFFFFFFFFFFFFFF
+DATA ·polyClampMask<>+0x18(SB)/8, $0xFFFFFFFFFFFFFFFF
+
+DATA ·sseIncMask<>+0x00(SB)/8, $0x1
+DATA ·sseIncMask<>+0x08(SB)/8, $0x0
+// To load/store the last < 16 bytes in a buffer
+DATA ·andMask<>+0x00(SB)/8, $0x00000000000000ff
+DATA ·andMask<>+0x08(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x10(SB)/8, $0x000000000000ffff
+DATA ·andMask<>+0x18(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x20(SB)/8, $0x0000000000ffffff
+DATA ·andMask<>+0x28(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x30(SB)/8, $0x00000000ffffffff
+DATA ·andMask<>+0x38(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x40(SB)/8, $0x000000ffffffffff
+DATA ·andMask<>+0x48(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x50(SB)/8, $0x0000ffffffffffff
+DATA ·andMask<>+0x58(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x60(SB)/8, $0x00ffffffffffffff
+DATA ·andMask<>+0x68(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x70(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0x78(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x80(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0x88(SB)/8, $0x00000000000000ff
+DATA ·andMask<>+0x90(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0x98(SB)/8, $0x000000000000ffff
+DATA ·andMask<>+0xa0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xa8(SB)/8, $0x0000000000ffffff
+DATA ·andMask<>+0xb0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xb8(SB)/8, $0x00000000ffffffff
+DATA ·andMask<>+0xc0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xc8(SB)/8, $0x000000ffffffffff
+DATA ·andMask<>+0xd0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xd8(SB)/8, $0x0000ffffffffffff
+DATA ·andMask<>+0xe0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xe8(SB)/8, $0x00ffffffffffffff
+
+GLOBL ·chacha20Constants<>(SB), (NOPTR+RODATA), $32
+GLOBL ·rol16<>(SB), (NOPTR+RODATA), $32
+GLOBL ·rol8<>(SB), (NOPTR+RODATA), $32
+GLOBL ·sseIncMask<>(SB), (NOPTR+RODATA), $16
+GLOBL ·avx2IncMask<>(SB), (NOPTR+RODATA), $32
+GLOBL ·avx2InitMask<>(SB), (NOPTR+RODATA), $32
+GLOBL ·polyClampMask<>(SB), (NOPTR+RODATA), $32
+GLOBL ·andMask<>(SB), (NOPTR+RODATA), $240
+// No PALIGNR in Go ASM yet (but VPALIGNR is present).
+#define shiftB0Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x04 // PALIGNR $4, X3, X3
+#define shiftB1Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xe4; BYTE $0x04 // PALIGNR $4, X4, X4
+#define shiftB2Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x04 // PALIGNR $4, X5, X5
+#define shiftB3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x04 // PALIGNR $4, X13, X13
+#define shiftC0Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xf6; BYTE $0x08 // PALIGNR $8, X6, X6
+#define shiftC1Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x08 // PALIGNR $8, X7, X7
+#define shiftC2Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc0; BYTE $0x08 // PALIGNR $8, X8, X8
+#define shiftC3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xf6; BYTE $0x08 // PALIGNR $8, X14, X14
+#define shiftD0Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc9; BYTE $0x0c // PALIGNR $12, X9, X9
+#define shiftD1Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xd2; BYTE $0x0c // PALIGNR $12, X10, X10
+#define shiftD2Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x0c // PALIGNR $12, X11, X11
+#define shiftD3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x0c // PALIGNR $12, X15, X15
+#define shiftB0Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x0c // PALIGNR $12, X3, X3
+#define shiftB1Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xe4; BYTE $0x0c // PALIGNR $12, X4, X4
+#define shiftB2Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x0c // PALIGNR $12, X5, X5
+#define shiftB3Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x0c // PALIGNR $12, X13, X13
+#define shiftC0Right shiftC0Left
+#define shiftC1Right shiftC1Left
+#define shiftC2Right shiftC2Left
+#define shiftC3Right shiftC3Left
+#define shiftD0Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc9; BYTE $0x04 // PALIGNR $4, X9, X9
+#define shiftD1Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xd2; BYTE $0x04 // PALIGNR $4, X10, X10
+#define shiftD2Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x04 // PALIGNR $4, X11, X11
+#define shiftD3Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x04 // PALIGNR $4, X15, X15
+// Some macros
+#define chachaQR(A, B, C, D, T) \
+ PADDD B, A; PXOR A, D; PSHUFB ·rol16<>(SB), D \
+ PADDD D, C; PXOR C, B; MOVO B, T; PSLLL $12, T; PSRLL $20, B; PXOR T, B \
+ PADDD B, A; PXOR A, D; PSHUFB ·rol8<>(SB), D \
+ PADDD D, C; PXOR C, B; MOVO B, T; PSLLL $7, T; PSRLL $25, B; PXOR T, B
+
+#define chachaQR_AVX2(A, B, C, D, T) \
+ VPADDD B, A, A; VPXOR A, D, D; VPSHUFB ·rol16<>(SB), D, D \
+ VPADDD D, C, C; VPXOR C, B, B; VPSLLD $12, B, T; VPSRLD $20, B, B; VPXOR T, B, B \
+ VPADDD B, A, A; VPXOR A, D, D; VPSHUFB ·rol8<>(SB), D, D \
+ VPADDD D, C, C; VPXOR C, B, B; VPSLLD $7, B, T; VPSRLD $25, B, B; VPXOR T, B, B
+
+#define polyAdd(S) ADDQ S, acc0; ADCQ 8+S, acc1; ADCQ $1, acc2
+#define polyMulStage1 MOVQ (0*8)(BP), AX; MOVQ AX, t2; MULQ acc0; MOVQ AX, t0; MOVQ DX, t1; MOVQ (0*8)(BP), AX; MULQ acc1; IMULQ acc2, t2; ADDQ AX, t1; ADCQ DX, t2
+#define polyMulStage2 MOVQ (1*8)(BP), AX; MOVQ AX, t3; MULQ acc0; ADDQ AX, t1; ADCQ $0, DX; MOVQ DX, acc0; MOVQ (1*8)(BP), AX; MULQ acc1; ADDQ AX, t2; ADCQ $0, DX
+#define polyMulStage3 IMULQ acc2, t3; ADDQ acc0, t2; ADCQ DX, t3
+#define polyMulReduceStage MOVQ t0, acc0; MOVQ t1, acc1; MOVQ t2, acc2; ANDQ $3, acc2; MOVQ t2, t0; ANDQ $-4, t0; MOVQ t3, t1; SHRQ $2, t2:t3; SHRQ $2, t3; ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $0, acc2; ADDQ t2, acc0; ADCQ t3, acc1; ADCQ $0, acc2
+
+#define polyMulStage1_AVX2 MOVQ (0*8)(BP), DX; MOVQ DX, t2; MULXQ acc0, t0, t1; IMULQ acc2, t2; MULXQ acc1, AX, DX; ADDQ AX, t1; ADCQ DX, t2
+#define polyMulStage2_AVX2 MOVQ (1*8)(BP), DX; MULXQ acc0, acc0, AX; ADDQ acc0, t1; MULXQ acc1, acc1, t3; ADCQ acc1, t2; ADCQ $0, t3
+#define polyMulStage3_AVX2 IMULQ acc2, DX; ADDQ AX, t2; ADCQ DX, t3
+
+#define polyMul polyMulStage1; polyMulStage2; polyMulStage3; polyMulReduceStage
+#define polyMulAVX2 polyMulStage1_AVX2; polyMulStage2_AVX2; polyMulStage3_AVX2; polyMulReduceStage
+// ----------------------------------------------------------------------------
+TEXT polyHashADInternal<>(SB), NOSPLIT, $0
+ // adp points to beginning of additional data
+ // itr2 holds ad length
+ XORQ acc0, acc0
+ XORQ acc1, acc1
+ XORQ acc2, acc2
+ CMPQ itr2, $13
+ JNE hashADLoop
+
+openFastTLSAD:
+ // Special treatment for the TLS case of 13 bytes
+ MOVQ (adp), acc0
+ MOVQ 5(adp), acc1
+ SHRQ $24, acc1
+ MOVQ $1, acc2
+ polyMul
+ RET
+
+hashADLoop:
+ // Hash in 16 byte chunks
+ CMPQ itr2, $16
+ JB hashADTail
+ polyAdd(0(adp))
+ LEAQ (1*16)(adp), adp
+ SUBQ $16, itr2
+ polyMul
+ JMP hashADLoop
+
+hashADTail:
+ CMPQ itr2, $0
+ JE hashADDone
+
+ // Hash last < 16 byte tail
+ XORQ t0, t0
+ XORQ t1, t1
+ XORQ t2, t2
+ ADDQ itr2, adp
+
+hashADTailLoop:
+ SHLQ $8, t1:t0
+ SHLQ $8, t0
+ MOVB -1(adp), t2
+ XORQ t2, t0
+ DECQ adp
+ DECQ itr2
+ JNE hashADTailLoop
+
+hashADTailFinish:
+ ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+ polyMul
+
+ // Finished AD
+hashADDone:
+ RET
+
+// ----------------------------------------------------------------------------
+// func chacha20Poly1305Open(dst, key, src, ad []byte) bool
+TEXT ·chacha20Poly1305Open(SB), 0, $288-97
+ // For aligned stack access
+ MOVQ SP, BP
+ ADDQ $32, BP
+ ANDQ $-32, BP
+ MOVQ dst+0(FP), oup
+ MOVQ key+24(FP), keyp
+ MOVQ src+48(FP), inp
+ MOVQ src_len+56(FP), inl
+ MOVQ ad+72(FP), adp
+
+ // Check for AVX2 support
+ CMPB ·useAVX2(SB), $1
+ JE chacha20Poly1305Open_AVX2
+
+ // Special optimization, for very short buffers
+ CMPQ inl, $128
+ JBE openSSE128 // About 16% faster
+
+ // For long buffers, prepare the poly key first
+ MOVOU ·chacha20Constants<>(SB), A0
+ MOVOU (1*16)(keyp), B0
+ MOVOU (2*16)(keyp), C0
+ MOVOU (3*16)(keyp), D0
+ MOVO D0, T1
+
+ // Store state on stack for future use
+ MOVO B0, state1Store
+ MOVO C0, state2Store
+ MOVO D0, ctr3Store
+ MOVQ $10, itr2
+
+openSSEPreparePolyKey:
+ chachaQR(A0, B0, C0, D0, T0)
+ shiftB0Left; shiftC0Left; shiftD0Left
+ chachaQR(A0, B0, C0, D0, T0)
+ shiftB0Right; shiftC0Right; shiftD0Right
+ DECQ itr2
+ JNE openSSEPreparePolyKey
+
+ // A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded
+ PADDL ·chacha20Constants<>(SB), A0; PADDL state1Store, B0
+
+ // Clamp and store the key
+ PAND ·polyClampMask<>(SB), A0
+ MOVO A0, rStore; MOVO B0, sStore
+
+ // Hash AAD
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+
+openSSEMainLoop:
+ CMPQ inl, $256
+ JB openSSEMainLoopDone
+
+ // Load state, increment counter blocks
+ MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+ MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+ MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+ // Store counters
+ MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+
+ // There are 10 ChaCha20 iterations of 2QR each, so for 6 iterations we hash 2 blocks, and for the remaining 4 only 1 block - for a total of 16
+ MOVQ $4, itr1
+ MOVQ inp, itr2
+
+openSSEInternalLoop:
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ polyAdd(0(itr2))
+ shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left
+ shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left
+ shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left
+ polyMulStage1
+ polyMulStage2
+ LEAQ (2*8)(itr2), itr2
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ polyMulStage3
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ polyMulReduceStage
+ shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+ shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+ shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+ DECQ itr1
+ JGE openSSEInternalLoop
+
+ polyAdd(0(itr2))
+ polyMul
+ LEAQ (2*8)(itr2), itr2
+
+ CMPQ itr1, $-6
+ JG openSSEInternalLoop
+
+ // Add in the state
+ PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+ PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+ PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+ PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+
+ // Load - xor - store
+ MOVO D3, tmpStore
+ MOVOU (0*16)(inp), D3; PXOR D3, A0; MOVOU A0, (0*16)(oup)
+ MOVOU (1*16)(inp), D3; PXOR D3, B0; MOVOU B0, (1*16)(oup)
+ MOVOU (2*16)(inp), D3; PXOR D3, C0; MOVOU C0, (2*16)(oup)
+ MOVOU (3*16)(inp), D3; PXOR D3, D0; MOVOU D0, (3*16)(oup)
+ MOVOU (4*16)(inp), D0; PXOR D0, A1; MOVOU A1, (4*16)(oup)
+ MOVOU (5*16)(inp), D0; PXOR D0, B1; MOVOU B1, (5*16)(oup)
+ MOVOU (6*16)(inp), D0; PXOR D0, C1; MOVOU C1, (6*16)(oup)
+ MOVOU (7*16)(inp), D0; PXOR D0, D1; MOVOU D1, (7*16)(oup)
+ MOVOU (8*16)(inp), D0; PXOR D0, A2; MOVOU A2, (8*16)(oup)
+ MOVOU (9*16)(inp), D0; PXOR D0, B2; MOVOU B2, (9*16)(oup)
+ MOVOU (10*16)(inp), D0; PXOR D0, C2; MOVOU C2, (10*16)(oup)
+ MOVOU (11*16)(inp), D0; PXOR D0, D2; MOVOU D2, (11*16)(oup)
+ MOVOU (12*16)(inp), D0; PXOR D0, A3; MOVOU A3, (12*16)(oup)
+ MOVOU (13*16)(inp), D0; PXOR D0, B3; MOVOU B3, (13*16)(oup)
+ MOVOU (14*16)(inp), D0; PXOR D0, C3; MOVOU C3, (14*16)(oup)
+ MOVOU (15*16)(inp), D0; PXOR tmpStore, D0; MOVOU D0, (15*16)(oup)
+ LEAQ 256(inp), inp
+ LEAQ 256(oup), oup
+ SUBQ $256, inl
+ JMP openSSEMainLoop
+
+openSSEMainLoopDone:
+ // Handle the various tail sizes efficiently
+ TESTQ inl, inl
+ JE openSSEFinalize
+ CMPQ inl, $64
+ JBE openSSETail64
+ CMPQ inl, $128
+ JBE openSSETail128
+ CMPQ inl, $192
+ JBE openSSETail192
+ JMP openSSETail256
+
+openSSEFinalize:
+ // Hash in the PT, AAD lengths
+ ADDQ ad_len+80(FP), acc0; ADCQ src_len+56(FP), acc1; ADCQ $1, acc2
+ polyMul
+
+ // Final reduce
+ MOVQ acc0, t0
+ MOVQ acc1, t1
+ MOVQ acc2, t2
+ SUBQ $-5, acc0
+ SBBQ $-1, acc1
+ SBBQ $3, acc2
+ CMOVQCS t0, acc0
+ CMOVQCS t1, acc1
+ CMOVQCS t2, acc2
+
+ // Add in the "s" part of the key
+ ADDQ 0+sStore, acc0
+ ADCQ 8+sStore, acc1
+
+ // Finally, constant time compare to the tag at the end of the message
+ XORQ AX, AX
+ MOVQ $1, DX
+ XORQ (0*8)(inp), acc0
+ XORQ (1*8)(inp), acc1
+ ORQ acc1, acc0
+ CMOVQEQ DX, AX
+
+ // Return true iff tags are equal
+ MOVB AX, ret+96(FP)
+ RET
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 129 bytes
+openSSE128:
+ // For up to 128 bytes of ciphertext and 64 bytes for the poly key, we require to process three blocks
+ MOVOU ·chacha20Constants<>(SB), A0; MOVOU (1*16)(keyp), B0; MOVOU (2*16)(keyp), C0; MOVOU (3*16)(keyp), D0
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+ MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+ MOVO B0, T1; MOVO C0, T2; MOVO D1, T3
+ MOVQ $10, itr2
+
+openSSE128InnerCipherLoop:
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Left; shiftB1Left; shiftB2Left
+ shiftC0Left; shiftC1Left; shiftC2Left
+ shiftD0Left; shiftD1Left; shiftD2Left
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Right; shiftB1Right; shiftB2Right
+ shiftC0Right; shiftC1Right; shiftC2Right
+ shiftD0Right; shiftD1Right; shiftD2Right
+ DECQ itr2
+ JNE openSSE128InnerCipherLoop
+
+ // A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded
+ PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+ PADDL T1, B0; PADDL T1, B1; PADDL T1, B2
+ PADDL T2, C1; PADDL T2, C2
+ PADDL T3, D1; PADDL ·sseIncMask<>(SB), T3; PADDL T3, D2
+
+ // Clamp and store the key
+ PAND ·polyClampMask<>(SB), A0
+ MOVOU A0, rStore; MOVOU B0, sStore
+
+ // Hash
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+
+openSSE128Open:
+ CMPQ inl, $16
+ JB openSSETail16
+ SUBQ $16, inl
+
+ // Load for hashing
+ polyAdd(0(inp))
+
+ // Load for decryption
+ MOVOU (inp), T0; PXOR T0, A1; MOVOU A1, (oup)
+ LEAQ (1*16)(inp), inp
+ LEAQ (1*16)(oup), oup
+ polyMul
+
+ // Shift the stream "left"
+ MOVO B1, A1
+ MOVO C1, B1
+ MOVO D1, C1
+ MOVO A2, D1
+ MOVO B2, A2
+ MOVO C2, B2
+ MOVO D2, C2
+ JMP openSSE128Open
+
+openSSETail16:
+ TESTQ inl, inl
+ JE openSSEFinalize
+
+ // We can safely load the CT from the end, because it is padded with the MAC
+ MOVQ inl, itr2
+ SHLQ $4, itr2
+ LEAQ ·andMask<>(SB), t0
+ MOVOU (inp), T0
+ ADDQ inl, inp
+ PAND -16(t0)(itr2*1), T0
+ MOVO T0, 0+tmpStore
+ MOVQ T0, t0
+ MOVQ 8+tmpStore, t1
+ PXOR A1, T0
+
+ // We can only store one byte at a time, since plaintext can be shorter than 16 bytes
+openSSETail16Store:
+ MOVQ T0, t3
+ MOVB t3, (oup)
+ PSRLDQ $1, T0
+ INCQ oup
+ DECQ inl
+ JNE openSSETail16Store
+ ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+ polyMul
+ JMP openSSEFinalize
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 64 bytes of ciphertext
+openSSETail64:
+ // Need to decrypt up to 64 bytes - prepare single block
+ MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store
+ XORQ itr2, itr2
+ MOVQ inl, itr1
+ CMPQ itr1, $16
+ JB openSSETail64LoopB
+
+openSSETail64LoopA:
+ // Perform ChaCha rounds, while hashing the remaining input
+ polyAdd(0(inp)(itr2*1))
+ polyMul
+ SUBQ $16, itr1
+
+openSSETail64LoopB:
+ ADDQ $16, itr2
+ chachaQR(A0, B0, C0, D0, T0)
+ shiftB0Left; shiftC0Left; shiftD0Left
+ chachaQR(A0, B0, C0, D0, T0)
+ shiftB0Right; shiftC0Right; shiftD0Right
+
+ CMPQ itr1, $16
+ JAE openSSETail64LoopA
+
+ CMPQ itr2, $160
+ JNE openSSETail64LoopB
+
+ PADDL ·chacha20Constants<>(SB), A0; PADDL state1Store, B0; PADDL state2Store, C0; PADDL ctr0Store, D0
+
+openSSETail64DecLoop:
+ CMPQ inl, $16
+ JB openSSETail64DecLoopDone
+ SUBQ $16, inl
+ MOVOU (inp), T0
+ PXOR T0, A0
+ MOVOU A0, (oup)
+ LEAQ 16(inp), inp
+ LEAQ 16(oup), oup
+ MOVO B0, A0
+ MOVO C0, B0
+ MOVO D0, C0
+ JMP openSSETail64DecLoop
+
+openSSETail64DecLoopDone:
+ MOVO A0, A1
+ JMP openSSETail16
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of ciphertext
+openSSETail128:
+ // Need to decrypt up to 128 bytes - prepare two blocks
+ MOVO ·chacha20Constants<>(SB), A1; MOVO state1Store, B1; MOVO state2Store, C1; MOVO ctr3Store, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr0Store
+ MOVO A1, A0; MOVO B1, B0; MOVO C1, C0; MOVO D1, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr1Store
+ XORQ itr2, itr2
+ MOVQ inl, itr1
+ ANDQ $-16, itr1
+
+openSSETail128LoopA:
+ // Perform ChaCha rounds, while hashing the remaining input
+ polyAdd(0(inp)(itr2*1))
+ polyMul
+
+openSSETail128LoopB:
+ ADDQ $16, itr2
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+ shiftB0Left; shiftC0Left; shiftD0Left
+ shiftB1Left; shiftC1Left; shiftD1Left
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+ shiftB0Right; shiftC0Right; shiftD0Right
+ shiftB1Right; shiftC1Right; shiftD1Right
+
+ CMPQ itr2, itr1
+ JB openSSETail128LoopA
+
+ CMPQ itr2, $160
+ JNE openSSETail128LoopB
+
+ PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1
+ PADDL state1Store, B0; PADDL state1Store, B1
+ PADDL state2Store, C0; PADDL state2Store, C1
+ PADDL ctr1Store, D0; PADDL ctr0Store, D1
+
+ MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+ PXOR T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1
+ MOVOU A1, (0*16)(oup); MOVOU B1, (1*16)(oup); MOVOU C1, (2*16)(oup); MOVOU D1, (3*16)(oup)
+
+ SUBQ $64, inl
+ LEAQ 64(inp), inp
+ LEAQ 64(oup), oup
+ JMP openSSETail64DecLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 192 bytes of ciphertext
+openSSETail192:
+ // Need to decrypt up to 192 bytes - prepare three blocks
+ MOVO ·chacha20Constants<>(SB), A2; MOVO state1Store, B2; MOVO state2Store, C2; MOVO ctr3Store, D2; PADDL ·sseIncMask<>(SB), D2; MOVO D2, ctr0Store
+ MOVO A2, A1; MOVO B2, B1; MOVO C2, C1; MOVO D2, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store
+ MOVO A1, A0; MOVO B1, B0; MOVO C1, C0; MOVO D1, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr2Store
+
+ MOVQ inl, itr1
+ MOVQ $160, itr2
+ CMPQ itr1, $160
+ CMOVQGT itr2, itr1
+ ANDQ $-16, itr1
+ XORQ itr2, itr2
+
+openSSLTail192LoopA:
+ // Perform ChaCha rounds, while hashing the remaining input
+ polyAdd(0(inp)(itr2*1))
+ polyMul
+
+openSSLTail192LoopB:
+ ADDQ $16, itr2
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Left; shiftC0Left; shiftD0Left
+ shiftB1Left; shiftC1Left; shiftD1Left
+ shiftB2Left; shiftC2Left; shiftD2Left
+
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Right; shiftC0Right; shiftD0Right
+ shiftB1Right; shiftC1Right; shiftD1Right
+ shiftB2Right; shiftC2Right; shiftD2Right
+
+ CMPQ itr2, itr1
+ JB openSSLTail192LoopA
+
+ CMPQ itr2, $160
+ JNE openSSLTail192LoopB
+
+ CMPQ inl, $176
+ JB openSSLTail192Store
+
+ polyAdd(160(inp))
+ polyMul
+
+ CMPQ inl, $192
+ JB openSSLTail192Store
+
+ polyAdd(176(inp))
+ polyMul
+
+openSSLTail192Store:
+ PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+ PADDL state1Store, B0; PADDL state1Store, B1; PADDL state1Store, B2
+ PADDL state2Store, C0; PADDL state2Store, C1; PADDL state2Store, C2
+ PADDL ctr2Store, D0; PADDL ctr1Store, D1; PADDL ctr0Store, D2
+
+ MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+ PXOR T0, A2; PXOR T1, B2; PXOR T2, C2; PXOR T3, D2
+ MOVOU A2, (0*16)(oup); MOVOU B2, (1*16)(oup); MOVOU C2, (2*16)(oup); MOVOU D2, (3*16)(oup)
+
+ MOVOU (4*16)(inp), T0; MOVOU (5*16)(inp), T1; MOVOU (6*16)(inp), T2; MOVOU (7*16)(inp), T3
+ PXOR T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1
+ MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+
+ SUBQ $128, inl
+ LEAQ 128(inp), inp
+ LEAQ 128(oup), oup
+ JMP openSSETail64DecLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 256 bytes of ciphertext
+openSSETail256:
+ // Need to decrypt up to 256 bytes - prepare four blocks
+ MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+ MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+ MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+ // Store counters
+ MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+ XORQ itr2, itr2
+
+openSSETail256Loop:
+ // This loop inteleaves 8 ChaCha quarter rounds with 1 poly multiplication
+ polyAdd(0(inp)(itr2*1))
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left
+ shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left
+ shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left
+ polyMulStage1
+ polyMulStage2
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ polyMulStage3
+ polyMulReduceStage
+ shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+ shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+ shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+ ADDQ $2*8, itr2
+ CMPQ itr2, $160
+ JB openSSETail256Loop
+ MOVQ inl, itr1
+ ANDQ $-16, itr1
+
+openSSETail256HashLoop:
+ polyAdd(0(inp)(itr2*1))
+ polyMul
+ ADDQ $2*8, itr2
+ CMPQ itr2, itr1
+ JB openSSETail256HashLoop
+
+ // Add in the state
+ PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+ PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+ PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+ PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+ MOVO D3, tmpStore
+
+ // Load - xor - store
+ MOVOU (0*16)(inp), D3; PXOR D3, A0
+ MOVOU (1*16)(inp), D3; PXOR D3, B0
+ MOVOU (2*16)(inp), D3; PXOR D3, C0
+ MOVOU (3*16)(inp), D3; PXOR D3, D0
+ MOVOU A0, (0*16)(oup)
+ MOVOU B0, (1*16)(oup)
+ MOVOU C0, (2*16)(oup)
+ MOVOU D0, (3*16)(oup)
+ MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0
+ PXOR A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1
+ MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+ MOVOU (8*16)(inp), A0; MOVOU (9*16)(inp), B0; MOVOU (10*16)(inp), C0; MOVOU (11*16)(inp), D0
+ PXOR A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2
+ MOVOU A2, (8*16)(oup); MOVOU B2, (9*16)(oup); MOVOU C2, (10*16)(oup); MOVOU D2, (11*16)(oup)
+ LEAQ 192(inp), inp
+ LEAQ 192(oup), oup
+ SUBQ $192, inl
+ MOVO A3, A0
+ MOVO B3, B0
+ MOVO C3, C0
+ MOVO tmpStore, D0
+
+ JMP openSSETail64DecLoop
+
+// ----------------------------------------------------------------------------
+// ------------------------- AVX2 Code ----------------------------------------
+chacha20Poly1305Open_AVX2:
+ VZEROUPPER
+ VMOVDQU ·chacha20Constants<>(SB), AA0
+ BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x70; BYTE $0x10 // broadcasti128 16(r8), ymm14
+ BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x20 // broadcasti128 32(r8), ymm12
+ BYTE $0xc4; BYTE $0xc2; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x30 // broadcasti128 48(r8), ymm4
+ VPADDD ·avx2InitMask<>(SB), DD0, DD0
+
+ // Special optimization, for very short buffers
+ CMPQ inl, $192
+ JBE openAVX2192
+ CMPQ inl, $320
+ JBE openAVX2320
+
+ // For the general key prepare the key first - as a byproduct we have 64 bytes of cipher stream
+ VMOVDQA BB0, state1StoreAVX2
+ VMOVDQA CC0, state2StoreAVX2
+ VMOVDQA DD0, ctr3StoreAVX2
+ MOVQ $10, itr2
+
+openAVX2PreparePolyKey:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0
+ DECQ itr2
+ JNE openAVX2PreparePolyKey
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0
+ VPADDD state1StoreAVX2, BB0, BB0
+ VPADDD state2StoreAVX2, CC0, CC0
+ VPADDD ctr3StoreAVX2, DD0, DD0
+
+ VPERM2I128 $0x02, AA0, BB0, TT0
+
+ // Clamp and store poly key
+ VPAND ·polyClampMask<>(SB), TT0, TT0
+ VMOVDQA TT0, rsStoreAVX2
+
+ // Stream for the first 64 bytes
+ VPERM2I128 $0x13, AA0, BB0, AA0
+ VPERM2I128 $0x13, CC0, DD0, BB0
+
+ // Hash AD + first 64 bytes
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+ XORQ itr1, itr1
+
+openAVX2InitialHash64:
+ polyAdd(0(inp)(itr1*1))
+ polyMulAVX2
+ ADDQ $16, itr1
+ CMPQ itr1, $64
+ JNE openAVX2InitialHash64
+
+ // Decrypt the first 64 bytes
+ VPXOR (0*32)(inp), AA0, AA0
+ VPXOR (1*32)(inp), BB0, BB0
+ VMOVDQU AA0, (0*32)(oup)
+ VMOVDQU BB0, (1*32)(oup)
+ LEAQ (2*32)(inp), inp
+ LEAQ (2*32)(oup), oup
+ SUBQ $64, inl
+
+openAVX2MainLoop:
+ CMPQ inl, $512
+ JB openAVX2MainLoopDone
+
+ // Load state, increment counter blocks, store the incremented counters
+ VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+ VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+ VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+ XORQ itr1, itr1
+
+openAVX2InternalLoop:
+ // Lets just say this spaghetti loop interleaves 2 quarter rounds with 3 poly multiplications
+ // Effectively per 512 bytes of stream we hash 480 bytes of ciphertext
+ polyAdd(0*8(inp)(itr1*1))
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ polyMulStage1_AVX2
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ polyMulStage2_AVX2
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ polyMulStage3_AVX2
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulReduceStage
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ polyAdd(2*8(inp)(itr1*1))
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ polyMulStage1_AVX2
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulStage2_AVX2
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ polyMulStage3_AVX2
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ polyMulReduceStage
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ polyAdd(4*8(inp)(itr1*1))
+ LEAQ (6*8)(itr1), itr1
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulStage1_AVX2
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ polyMulStage2_AVX2
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ polyMulStage3_AVX2
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulReduceStage
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+ CMPQ itr1, $480
+ JNE openAVX2InternalLoop
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+ VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+ VMOVDQA CC3, tmpStoreAVX2
+
+ // We only hashed 480 of the 512 bytes available - hash the remaining 32 here
+ polyAdd(480(inp))
+ polyMulAVX2
+ VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0
+ VPXOR (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0
+ VMOVDQU CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup)
+ VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+ VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+ VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+
+ // and here
+ polyAdd(496(inp))
+ polyMulAVX2
+ VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+ VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+ VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+ VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+ VPXOR (12*32)(inp), AA0, AA0; VPXOR (13*32)(inp), BB0, BB0; VPXOR (14*32)(inp), CC0, CC0; VPXOR (15*32)(inp), DD0, DD0
+ VMOVDQU AA0, (12*32)(oup); VMOVDQU BB0, (13*32)(oup); VMOVDQU CC0, (14*32)(oup); VMOVDQU DD0, (15*32)(oup)
+ LEAQ (32*16)(inp), inp
+ LEAQ (32*16)(oup), oup
+ SUBQ $(32*16), inl
+ JMP openAVX2MainLoop
+
+openAVX2MainLoopDone:
+ // Handle the various tail sizes efficiently
+ TESTQ inl, inl
+ JE openSSEFinalize
+ CMPQ inl, $128
+ JBE openAVX2Tail128
+ CMPQ inl, $256
+ JBE openAVX2Tail256
+ CMPQ inl, $384
+ JBE openAVX2Tail384
+ JMP openAVX2Tail512
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 193 bytes
+openAVX2192:
+ // For up to 192 bytes of ciphertext and 64 bytes for the poly key, we process four blocks
+ VMOVDQA AA0, AA1
+ VMOVDQA BB0, BB1
+ VMOVDQA CC0, CC1
+ VPADDD ·avx2IncMask<>(SB), DD0, DD1
+ VMOVDQA AA0, AA2
+ VMOVDQA BB0, BB2
+ VMOVDQA CC0, CC2
+ VMOVDQA DD0, DD2
+ VMOVDQA DD1, TT3
+ MOVQ $10, itr2
+
+openAVX2192InnerCipherLoop:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+ DECQ itr2
+ JNE openAVX2192InnerCipherLoop
+ VPADDD AA2, AA0, AA0; VPADDD AA2, AA1, AA1
+ VPADDD BB2, BB0, BB0; VPADDD BB2, BB1, BB1
+ VPADDD CC2, CC0, CC0; VPADDD CC2, CC1, CC1
+ VPADDD DD2, DD0, DD0; VPADDD TT3, DD1, DD1
+ VPERM2I128 $0x02, AA0, BB0, TT0
+
+ // Clamp and store poly key
+ VPAND ·polyClampMask<>(SB), TT0, TT0
+ VMOVDQA TT0, rsStoreAVX2
+
+ // Stream for up to 192 bytes
+ VPERM2I128 $0x13, AA0, BB0, AA0
+ VPERM2I128 $0x13, CC0, DD0, BB0
+ VPERM2I128 $0x02, AA1, BB1, CC0
+ VPERM2I128 $0x02, CC1, DD1, DD0
+ VPERM2I128 $0x13, AA1, BB1, AA1
+ VPERM2I128 $0x13, CC1, DD1, BB1
+
+openAVX2ShortOpen:
+ // Hash
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+
+openAVX2ShortOpenLoop:
+ CMPQ inl, $32
+ JB openAVX2ShortTail32
+ SUBQ $32, inl
+
+ // Load for hashing
+ polyAdd(0*8(inp))
+ polyMulAVX2
+ polyAdd(2*8(inp))
+ polyMulAVX2
+
+ // Load for decryption
+ VPXOR (inp), AA0, AA0
+ VMOVDQU AA0, (oup)
+ LEAQ (1*32)(inp), inp
+ LEAQ (1*32)(oup), oup
+
+ // Shift stream left
+ VMOVDQA BB0, AA0
+ VMOVDQA CC0, BB0
+ VMOVDQA DD0, CC0
+ VMOVDQA AA1, DD0
+ VMOVDQA BB1, AA1
+ VMOVDQA CC1, BB1
+ VMOVDQA DD1, CC1
+ VMOVDQA AA2, DD1
+ VMOVDQA BB2, AA2
+ JMP openAVX2ShortOpenLoop
+
+openAVX2ShortTail32:
+ CMPQ inl, $16
+ VMOVDQA A0, A1
+ JB openAVX2ShortDone
+
+ SUBQ $16, inl
+
+ // Load for hashing
+ polyAdd(0*8(inp))
+ polyMulAVX2
+
+ // Load for decryption
+ VPXOR (inp), A0, T0
+ VMOVDQU T0, (oup)
+ LEAQ (1*16)(inp), inp
+ LEAQ (1*16)(oup), oup
+ VPERM2I128 $0x11, AA0, AA0, AA0
+ VMOVDQA A0, A1
+
+openAVX2ShortDone:
+ VZEROUPPER
+ JMP openSSETail16
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 321 bytes
+openAVX2320:
+ // For up to 320 bytes of ciphertext and 64 bytes for the poly key, we process six blocks
+ VMOVDQA AA0, AA1; VMOVDQA BB0, BB1; VMOVDQA CC0, CC1; VPADDD ·avx2IncMask<>(SB), DD0, DD1
+ VMOVDQA AA0, AA2; VMOVDQA BB0, BB2; VMOVDQA CC0, CC2; VPADDD ·avx2IncMask<>(SB), DD1, DD2
+ VMOVDQA BB0, TT1; VMOVDQA CC0, TT2; VMOVDQA DD0, TT3
+ MOVQ $10, itr2
+
+openAVX2320InnerCipherLoop:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+ DECQ itr2
+ JNE openAVX2320InnerCipherLoop
+
+ VMOVDQA ·chacha20Constants<>(SB), TT0
+ VPADDD TT0, AA0, AA0; VPADDD TT0, AA1, AA1; VPADDD TT0, AA2, AA2
+ VPADDD TT1, BB0, BB0; VPADDD TT1, BB1, BB1; VPADDD TT1, BB2, BB2
+ VPADDD TT2, CC0, CC0; VPADDD TT2, CC1, CC1; VPADDD TT2, CC2, CC2
+ VMOVDQA ·avx2IncMask<>(SB), TT0
+ VPADDD TT3, DD0, DD0; VPADDD TT0, TT3, TT3
+ VPADDD TT3, DD1, DD1; VPADDD TT0, TT3, TT3
+ VPADDD TT3, DD2, DD2
+
+ // Clamp and store poly key
+ VPERM2I128 $0x02, AA0, BB0, TT0
+ VPAND ·polyClampMask<>(SB), TT0, TT0
+ VMOVDQA TT0, rsStoreAVX2
+
+ // Stream for up to 320 bytes
+ VPERM2I128 $0x13, AA0, BB0, AA0
+ VPERM2I128 $0x13, CC0, DD0, BB0
+ VPERM2I128 $0x02, AA1, BB1, CC0
+ VPERM2I128 $0x02, CC1, DD1, DD0
+ VPERM2I128 $0x13, AA1, BB1, AA1
+ VPERM2I128 $0x13, CC1, DD1, BB1
+ VPERM2I128 $0x02, AA2, BB2, CC1
+ VPERM2I128 $0x02, CC2, DD2, DD1
+ VPERM2I128 $0x13, AA2, BB2, AA2
+ VPERM2I128 $0x13, CC2, DD2, BB2
+ JMP openAVX2ShortOpen
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of ciphertext
+openAVX2Tail128:
+ // Need to decrypt up to 128 bytes - prepare two blocks
+ VMOVDQA ·chacha20Constants<>(SB), AA1
+ VMOVDQA state1StoreAVX2, BB1
+ VMOVDQA state2StoreAVX2, CC1
+ VMOVDQA ctr3StoreAVX2, DD1
+ VPADDD ·avx2IncMask<>(SB), DD1, DD1
+ VMOVDQA DD1, DD0
+
+ XORQ itr2, itr2
+ MOVQ inl, itr1
+ ANDQ $-16, itr1
+ TESTQ itr1, itr1
+ JE openAVX2Tail128LoopB
+
+openAVX2Tail128LoopA:
+ // Perform ChaCha rounds, while hashing the remaining input
+ polyAdd(0(inp)(itr2*1))
+ polyMulAVX2
+
+openAVX2Tail128LoopB:
+ ADDQ $16, itr2
+ chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $4, BB1, BB1, BB1
+ VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $12, DD1, DD1, DD1
+ chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $12, BB1, BB1, BB1
+ VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $4, DD1, DD1, DD1
+ CMPQ itr2, itr1
+ JB openAVX2Tail128LoopA
+ CMPQ itr2, $160
+ JNE openAVX2Tail128LoopB
+
+ VPADDD ·chacha20Constants<>(SB), AA1, AA1
+ VPADDD state1StoreAVX2, BB1, BB1
+ VPADDD state2StoreAVX2, CC1, CC1
+ VPADDD DD0, DD1, DD1
+ VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+
+openAVX2TailLoop:
+ CMPQ inl, $32
+ JB openAVX2Tail
+ SUBQ $32, inl
+
+ // Load for decryption
+ VPXOR (inp), AA0, AA0
+ VMOVDQU AA0, (oup)
+ LEAQ (1*32)(inp), inp
+ LEAQ (1*32)(oup), oup
+ VMOVDQA BB0, AA0
+ VMOVDQA CC0, BB0
+ VMOVDQA DD0, CC0
+ JMP openAVX2TailLoop
+
+openAVX2Tail:
+ CMPQ inl, $16
+ VMOVDQA A0, A1
+ JB openAVX2TailDone
+ SUBQ $16, inl
+
+ // Load for decryption
+ VPXOR (inp), A0, T0
+ VMOVDQU T0, (oup)
+ LEAQ (1*16)(inp), inp
+ LEAQ (1*16)(oup), oup
+ VPERM2I128 $0x11, AA0, AA0, AA0
+ VMOVDQA A0, A1
+
+openAVX2TailDone:
+ VZEROUPPER
+ JMP openSSETail16
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 256 bytes of ciphertext
+openAVX2Tail256:
+ // Need to decrypt up to 256 bytes - prepare four blocks
+ VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1
+ VMOVDQA ctr3StoreAVX2, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD1
+ VMOVDQA DD0, TT1
+ VMOVDQA DD1, TT2
+
+ // Compute the number of iterations that will hash data
+ MOVQ inl, tmpStoreAVX2
+ MOVQ inl, itr1
+ SUBQ $128, itr1
+ SHRQ $4, itr1
+ MOVQ $10, itr2
+ CMPQ itr1, $10
+ CMOVQGT itr2, itr1
+ MOVQ inp, inl
+ XORQ itr2, itr2
+
+openAVX2Tail256LoopA:
+ polyAdd(0(inl))
+ polyMulAVX2
+ LEAQ 16(inl), inl
+
+ // Perform ChaCha rounds, while hashing the remaining input
+openAVX2Tail256LoopB:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+ INCQ itr2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+ CMPQ itr2, itr1
+ JB openAVX2Tail256LoopA
+
+ CMPQ itr2, $10
+ JNE openAVX2Tail256LoopB
+
+ MOVQ inl, itr2
+ SUBQ inp, inl
+ MOVQ inl, itr1
+ MOVQ tmpStoreAVX2, inl
+
+ // Hash the remainder of data (if any)
+openAVX2Tail256Hash:
+ ADDQ $16, itr1
+ CMPQ itr1, inl
+ JGT openAVX2Tail256HashEnd
+ polyAdd (0(itr2))
+ polyMulAVX2
+ LEAQ 16(itr2), itr2
+ JMP openAVX2Tail256Hash
+
+// Store 128 bytes safely, then go to store loop
+openAVX2Tail256HashEnd:
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1
+ VPADDD TT1, DD0, DD0; VPADDD TT2, DD1, DD1
+ VPERM2I128 $0x02, AA0, BB0, AA2; VPERM2I128 $0x02, CC0, DD0, BB2; VPERM2I128 $0x13, AA0, BB0, CC2; VPERM2I128 $0x13, CC0, DD0, DD2
+ VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+
+ VPXOR (0*32)(inp), AA2, AA2; VPXOR (1*32)(inp), BB2, BB2; VPXOR (2*32)(inp), CC2, CC2; VPXOR (3*32)(inp), DD2, DD2
+ VMOVDQU AA2, (0*32)(oup); VMOVDQU BB2, (1*32)(oup); VMOVDQU CC2, (2*32)(oup); VMOVDQU DD2, (3*32)(oup)
+ LEAQ (4*32)(inp), inp
+ LEAQ (4*32)(oup), oup
+ SUBQ $4*32, inl
+
+ JMP openAVX2TailLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 384 bytes of ciphertext
+openAVX2Tail384:
+ // Need to decrypt up to 384 bytes - prepare six blocks
+ VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2
+ VMOVDQA ctr3StoreAVX2, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD1
+ VPADDD ·avx2IncMask<>(SB), DD1, DD2
+ VMOVDQA DD0, ctr0StoreAVX2
+ VMOVDQA DD1, ctr1StoreAVX2
+ VMOVDQA DD2, ctr2StoreAVX2
+
+ // Compute the number of iterations that will hash two blocks of data
+ MOVQ inl, tmpStoreAVX2
+ MOVQ inl, itr1
+ SUBQ $256, itr1
+ SHRQ $4, itr1
+ ADDQ $6, itr1
+ MOVQ $10, itr2
+ CMPQ itr1, $10
+ CMOVQGT itr2, itr1
+ MOVQ inp, inl
+ XORQ itr2, itr2
+
+ // Perform ChaCha rounds, while hashing the remaining input
+openAVX2Tail384LoopB:
+ polyAdd(0(inl))
+ polyMulAVX2
+ LEAQ 16(inl), inl
+
+openAVX2Tail384LoopA:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+ polyAdd(0(inl))
+ polyMulAVX2
+ LEAQ 16(inl), inl
+ INCQ itr2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+
+ CMPQ itr2, itr1
+ JB openAVX2Tail384LoopB
+
+ CMPQ itr2, $10
+ JNE openAVX2Tail384LoopA
+
+ MOVQ inl, itr2
+ SUBQ inp, inl
+ MOVQ inl, itr1
+ MOVQ tmpStoreAVX2, inl
+
+openAVX2Tail384Hash:
+ ADDQ $16, itr1
+ CMPQ itr1, inl
+ JGT openAVX2Tail384HashEnd
+ polyAdd(0(itr2))
+ polyMulAVX2
+ LEAQ 16(itr2), itr2
+ JMP openAVX2Tail384Hash
+
+// Store 256 bytes safely, then go to store loop
+openAVX2Tail384HashEnd:
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2
+ VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2
+ VPERM2I128 $0x02, AA0, BB0, TT0; VPERM2I128 $0x02, CC0, DD0, TT1; VPERM2I128 $0x13, AA0, BB0, TT2; VPERM2I128 $0x13, CC0, DD0, TT3
+ VPXOR (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3
+ VMOVDQU TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup)
+ VPERM2I128 $0x02, AA1, BB1, TT0; VPERM2I128 $0x02, CC1, DD1, TT1; VPERM2I128 $0x13, AA1, BB1, TT2; VPERM2I128 $0x13, CC1, DD1, TT3
+ VPXOR (4*32)(inp), TT0, TT0; VPXOR (5*32)(inp), TT1, TT1; VPXOR (6*32)(inp), TT2, TT2; VPXOR (7*32)(inp), TT3, TT3
+ VMOVDQU TT0, (4*32)(oup); VMOVDQU TT1, (5*32)(oup); VMOVDQU TT2, (6*32)(oup); VMOVDQU TT3, (7*32)(oup)
+ VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+ LEAQ (8*32)(inp), inp
+ LEAQ (8*32)(oup), oup
+ SUBQ $8*32, inl
+ JMP openAVX2TailLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 512 bytes of ciphertext
+openAVX2Tail512:
+ VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+ VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+ VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+ XORQ itr1, itr1
+ MOVQ inp, itr2
+
+openAVX2Tail512LoopB:
+ polyAdd(0(itr2))
+ polyMulAVX2
+ LEAQ (2*8)(itr2), itr2
+
+openAVX2Tail512LoopA:
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyAdd(0*8(itr2))
+ polyMulAVX2
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ polyAdd(2*8(itr2))
+ polyMulAVX2
+ LEAQ (4*8)(itr2), itr2
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+ INCQ itr1
+ CMPQ itr1, $4
+ JLT openAVX2Tail512LoopB
+
+ CMPQ itr1, $10
+ JNE openAVX2Tail512LoopA
+
+ MOVQ inl, itr1
+ SUBQ $384, itr1
+ ANDQ $-16, itr1
+
+openAVX2Tail512HashLoop:
+ TESTQ itr1, itr1
+ JE openAVX2Tail512HashEnd
+ polyAdd(0(itr2))
+ polyMulAVX2
+ LEAQ 16(itr2), itr2
+ SUBQ $16, itr1
+ JMP openAVX2Tail512HashLoop
+
+openAVX2Tail512HashEnd:
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+ VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0
+ VPXOR (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0
+ VMOVDQU CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup)
+ VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+ VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+ VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+ VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+ VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+ VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+ VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+
+ LEAQ (12*32)(inp), inp
+ LEAQ (12*32)(oup), oup
+ SUBQ $12*32, inl
+
+ JMP openAVX2TailLoop
+
+// ----------------------------------------------------------------------------
+// ----------------------------------------------------------------------------
+// func chacha20Poly1305Seal(dst, key, src, ad []byte)
+TEXT ·chacha20Poly1305Seal(SB), 0, $288-96
+ // For aligned stack access
+ MOVQ SP, BP
+ ADDQ $32, BP
+ ANDQ $-32, BP
+ MOVQ dst+0(FP), oup
+ MOVQ key+24(FP), keyp
+ MOVQ src+48(FP), inp
+ MOVQ src_len+56(FP), inl
+ MOVQ ad+72(FP), adp
+
+ CMPB ·useAVX2(SB), $1
+ JE chacha20Poly1305Seal_AVX2
+
+ // Special optimization, for very short buffers
+ CMPQ inl, $128
+ JBE sealSSE128 // About 15% faster
+
+ // In the seal case - prepare the poly key + 3 blocks of stream in the first iteration
+ MOVOU ·chacha20Constants<>(SB), A0
+ MOVOU (1*16)(keyp), B0
+ MOVOU (2*16)(keyp), C0
+ MOVOU (3*16)(keyp), D0
+
+ // Store state on stack for future use
+ MOVO B0, state1Store
+ MOVO C0, state2Store
+
+ // Load state, increment counter blocks
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+ MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+ MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+ // Store counters
+ MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+ MOVQ $10, itr2
+
+sealSSEIntroLoop:
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left
+ shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left
+ shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left
+
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+ shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+ shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+ DECQ itr2
+ JNE sealSSEIntroLoop
+
+ // Add in the state
+ PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+ PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+ PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+ PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+
+ // Clamp and store the key
+ PAND ·polyClampMask<>(SB), A0
+ MOVO A0, rStore
+ MOVO B0, sStore
+
+ // Hash AAD
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+
+ MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0
+ PXOR A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1
+ MOVOU A1, (0*16)(oup); MOVOU B1, (1*16)(oup); MOVOU C1, (2*16)(oup); MOVOU D1, (3*16)(oup)
+ MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0
+ PXOR A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2
+ MOVOU A2, (4*16)(oup); MOVOU B2, (5*16)(oup); MOVOU C2, (6*16)(oup); MOVOU D2, (7*16)(oup)
+
+ MOVQ $128, itr1
+ SUBQ $128, inl
+ LEAQ 128(inp), inp
+
+ MOVO A3, A1; MOVO B3, B1; MOVO C3, C1; MOVO D3, D1
+
+ CMPQ inl, $64
+ JBE sealSSE128SealHash
+
+ MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0
+ PXOR A0, A3; PXOR B0, B3; PXOR C0, C3; PXOR D0, D3
+ MOVOU A3, (8*16)(oup); MOVOU B3, (9*16)(oup); MOVOU C3, (10*16)(oup); MOVOU D3, (11*16)(oup)
+
+ ADDQ $64, itr1
+ SUBQ $64, inl
+ LEAQ 64(inp), inp
+
+ MOVQ $2, itr1
+ MOVQ $8, itr2
+
+ CMPQ inl, $64
+ JBE sealSSETail64
+ CMPQ inl, $128
+ JBE sealSSETail128
+ CMPQ inl, $192
+ JBE sealSSETail192
+
+sealSSEMainLoop:
+ // Load state, increment counter blocks
+ MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+ MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+ MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+ // Store counters
+ MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+
+sealSSEInnerLoop:
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ polyAdd(0(oup))
+ shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left
+ shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left
+ shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left
+ polyMulStage1
+ polyMulStage2
+ LEAQ (2*8)(oup), oup
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ polyMulStage3
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ polyMulReduceStage
+ shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+ shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+ shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+ DECQ itr2
+ JGE sealSSEInnerLoop
+ polyAdd(0(oup))
+ polyMul
+ LEAQ (2*8)(oup), oup
+ DECQ itr1
+ JG sealSSEInnerLoop
+
+ // Add in the state
+ PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+ PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+ PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+ PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+ MOVO D3, tmpStore
+
+ // Load - xor - store
+ MOVOU (0*16)(inp), D3; PXOR D3, A0
+ MOVOU (1*16)(inp), D3; PXOR D3, B0
+ MOVOU (2*16)(inp), D3; PXOR D3, C0
+ MOVOU (3*16)(inp), D3; PXOR D3, D0
+ MOVOU A0, (0*16)(oup)
+ MOVOU B0, (1*16)(oup)
+ MOVOU C0, (2*16)(oup)
+ MOVOU D0, (3*16)(oup)
+ MOVO tmpStore, D3
+
+ MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0
+ PXOR A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1
+ MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+ MOVOU (8*16)(inp), A0; MOVOU (9*16)(inp), B0; MOVOU (10*16)(inp), C0; MOVOU (11*16)(inp), D0
+ PXOR A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2
+ MOVOU A2, (8*16)(oup); MOVOU B2, (9*16)(oup); MOVOU C2, (10*16)(oup); MOVOU D2, (11*16)(oup)
+ ADDQ $192, inp
+ MOVQ $192, itr1
+ SUBQ $192, inl
+ MOVO A3, A1
+ MOVO B3, B1
+ MOVO C3, C1
+ MOVO D3, D1
+ CMPQ inl, $64
+ JBE sealSSE128SealHash
+ MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0
+ PXOR A0, A3; PXOR B0, B3; PXOR C0, C3; PXOR D0, D3
+ MOVOU A3, (12*16)(oup); MOVOU B3, (13*16)(oup); MOVOU C3, (14*16)(oup); MOVOU D3, (15*16)(oup)
+ LEAQ 64(inp), inp
+ SUBQ $64, inl
+ MOVQ $6, itr1
+ MOVQ $4, itr2
+ CMPQ inl, $192
+ JG sealSSEMainLoop
+
+ MOVQ inl, itr1
+ TESTQ inl, inl
+ JE sealSSE128SealHash
+ MOVQ $6, itr1
+ CMPQ inl, $64
+ JBE sealSSETail64
+ CMPQ inl, $128
+ JBE sealSSETail128
+ JMP sealSSETail192
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 64 bytes of plaintext
+sealSSETail64:
+ // Need to encrypt up to 64 bytes - prepare single block, hash 192 or 256 bytes
+ MOVO ·chacha20Constants<>(SB), A1
+ MOVO state1Store, B1
+ MOVO state2Store, C1
+ MOVO ctr3Store, D1
+ PADDL ·sseIncMask<>(SB), D1
+ MOVO D1, ctr0Store
+
+sealSSETail64LoopA:
+ // Perform ChaCha rounds, while hashing the previously encrypted ciphertext
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+sealSSETail64LoopB:
+ chachaQR(A1, B1, C1, D1, T1)
+ shiftB1Left; shiftC1Left; shiftD1Left
+ chachaQR(A1, B1, C1, D1, T1)
+ shiftB1Right; shiftC1Right; shiftD1Right
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+ DECQ itr1
+ JG sealSSETail64LoopA
+
+ DECQ itr2
+ JGE sealSSETail64LoopB
+ PADDL ·chacha20Constants<>(SB), A1
+ PADDL state1Store, B1
+ PADDL state2Store, C1
+ PADDL ctr0Store, D1
+
+ JMP sealSSE128Seal
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of plaintext
+sealSSETail128:
+ // Need to encrypt up to 128 bytes - prepare two blocks, hash 192 or 256 bytes
+ MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store
+
+sealSSETail128LoopA:
+ // Perform ChaCha rounds, while hashing the previously encrypted ciphertext
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+sealSSETail128LoopB:
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+ shiftB0Left; shiftC0Left; shiftD0Left
+ shiftB1Left; shiftC1Left; shiftD1Left
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+ shiftB0Right; shiftC0Right; shiftD0Right
+ shiftB1Right; shiftC1Right; shiftD1Right
+
+ DECQ itr1
+ JG sealSSETail128LoopA
+
+ DECQ itr2
+ JGE sealSSETail128LoopB
+
+ PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1
+ PADDL state1Store, B0; PADDL state1Store, B1
+ PADDL state2Store, C0; PADDL state2Store, C1
+ PADDL ctr0Store, D0; PADDL ctr1Store, D1
+
+ MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+ PXOR T0, A0; PXOR T1, B0; PXOR T2, C0; PXOR T3, D0
+ MOVOU A0, (0*16)(oup); MOVOU B0, (1*16)(oup); MOVOU C0, (2*16)(oup); MOVOU D0, (3*16)(oup)
+
+ MOVQ $64, itr1
+ LEAQ 64(inp), inp
+ SUBQ $64, inl
+
+ JMP sealSSE128SealHash
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 192 bytes of plaintext
+sealSSETail192:
+ // Need to encrypt up to 192 bytes - prepare three blocks, hash 192 or 256 bytes
+ MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store
+ MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2; MOVO D2, ctr2Store
+
+sealSSETail192LoopA:
+ // Perform ChaCha rounds, while hashing the previously encrypted ciphertext
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+sealSSETail192LoopB:
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Left; shiftC0Left; shiftD0Left
+ shiftB1Left; shiftC1Left; shiftD1Left
+ shiftB2Left; shiftC2Left; shiftD2Left
+
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Right; shiftC0Right; shiftD0Right
+ shiftB1Right; shiftC1Right; shiftD1Right
+ shiftB2Right; shiftC2Right; shiftD2Right
+
+ DECQ itr1
+ JG sealSSETail192LoopA
+
+ DECQ itr2
+ JGE sealSSETail192LoopB
+
+ PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+ PADDL state1Store, B0; PADDL state1Store, B1; PADDL state1Store, B2
+ PADDL state2Store, C0; PADDL state2Store, C1; PADDL state2Store, C2
+ PADDL ctr0Store, D0; PADDL ctr1Store, D1; PADDL ctr2Store, D2
+
+ MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+ PXOR T0, A0; PXOR T1, B0; PXOR T2, C0; PXOR T3, D0
+ MOVOU A0, (0*16)(oup); MOVOU B0, (1*16)(oup); MOVOU C0, (2*16)(oup); MOVOU D0, (3*16)(oup)
+ MOVOU (4*16)(inp), T0; MOVOU (5*16)(inp), T1; MOVOU (6*16)(inp), T2; MOVOU (7*16)(inp), T3
+ PXOR T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1
+ MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+
+ MOVO A2, A1
+ MOVO B2, B1
+ MOVO C2, C1
+ MOVO D2, D1
+ MOVQ $128, itr1
+ LEAQ 128(inp), inp
+ SUBQ $128, inl
+
+ JMP sealSSE128SealHash
+
+// ----------------------------------------------------------------------------
+// Special seal optimization for buffers smaller than 129 bytes
+sealSSE128:
+ // For up to 128 bytes of ciphertext and 64 bytes for the poly key, we require to process three blocks
+ MOVOU ·chacha20Constants<>(SB), A0; MOVOU (1*16)(keyp), B0; MOVOU (2*16)(keyp), C0; MOVOU (3*16)(keyp), D0
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+ MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+ MOVO B0, T1; MOVO C0, T2; MOVO D1, T3
+ MOVQ $10, itr2
+
+sealSSE128InnerCipherLoop:
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Left; shiftB1Left; shiftB2Left
+ shiftC0Left; shiftC1Left; shiftC2Left
+ shiftD0Left; shiftD1Left; shiftD2Left
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Right; shiftB1Right; shiftB2Right
+ shiftC0Right; shiftC1Right; shiftC2Right
+ shiftD0Right; shiftD1Right; shiftD2Right
+ DECQ itr2
+ JNE sealSSE128InnerCipherLoop
+
+ // A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded
+ PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+ PADDL T1, B0; PADDL T1, B1; PADDL T1, B2
+ PADDL T2, C1; PADDL T2, C2
+ PADDL T3, D1; PADDL ·sseIncMask<>(SB), T3; PADDL T3, D2
+ PAND ·polyClampMask<>(SB), A0
+ MOVOU A0, rStore
+ MOVOU B0, sStore
+
+ // Hash
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+ XORQ itr1, itr1
+
+sealSSE128SealHash:
+ // itr1 holds the number of bytes encrypted but not yet hashed
+ CMPQ itr1, $16
+ JB sealSSE128Seal
+ polyAdd(0(oup))
+ polyMul
+
+ SUBQ $16, itr1
+ ADDQ $16, oup
+
+ JMP sealSSE128SealHash
+
+sealSSE128Seal:
+ CMPQ inl, $16
+ JB sealSSETail
+ SUBQ $16, inl
+
+ // Load for decryption
+ MOVOU (inp), T0
+ PXOR T0, A1
+ MOVOU A1, (oup)
+ LEAQ (1*16)(inp), inp
+ LEAQ (1*16)(oup), oup
+
+ // Extract for hashing
+ MOVQ A1, t0
+ PSRLDQ $8, A1
+ MOVQ A1, t1
+ ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+ polyMul
+
+ // Shift the stream "left"
+ MOVO B1, A1
+ MOVO C1, B1
+ MOVO D1, C1
+ MOVO A2, D1
+ MOVO B2, A2
+ MOVO C2, B2
+ MOVO D2, C2
+ JMP sealSSE128Seal
+
+sealSSETail:
+ TESTQ inl, inl
+ JE sealSSEFinalize
+
+ // We can only load the PT one byte at a time to avoid read after end of buffer
+ MOVQ inl, itr2
+ SHLQ $4, itr2
+ LEAQ ·andMask<>(SB), t0
+ MOVQ inl, itr1
+ LEAQ -1(inp)(inl*1), inp
+ XORQ t2, t2
+ XORQ t3, t3
+ XORQ AX, AX
+
+sealSSETailLoadLoop:
+ SHLQ $8, t2, t3
+ SHLQ $8, t2
+ MOVB (inp), AX
+ XORQ AX, t2
+ LEAQ -1(inp), inp
+ DECQ itr1
+ JNE sealSSETailLoadLoop
+ MOVQ t2, 0+tmpStore
+ MOVQ t3, 8+tmpStore
+ PXOR 0+tmpStore, A1
+ MOVOU A1, (oup)
+ MOVOU -16(t0)(itr2*1), T0
+ PAND T0, A1
+ MOVQ A1, t0
+ PSRLDQ $8, A1
+ MOVQ A1, t1
+ ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+ polyMul
+
+ ADDQ inl, oup
+
+sealSSEFinalize:
+ // Hash in the buffer lengths
+ ADDQ ad_len+80(FP), acc0
+ ADCQ src_len+56(FP), acc1
+ ADCQ $1, acc2
+ polyMul
+
+ // Final reduce
+ MOVQ acc0, t0
+ MOVQ acc1, t1
+ MOVQ acc2, t2
+ SUBQ $-5, acc0
+ SBBQ $-1, acc1
+ SBBQ $3, acc2
+ CMOVQCS t0, acc0
+ CMOVQCS t1, acc1
+ CMOVQCS t2, acc2
+
+ // Add in the "s" part of the key
+ ADDQ 0+sStore, acc0
+ ADCQ 8+sStore, acc1
+
+ // Finally store the tag at the end of the message
+ MOVQ acc0, (0*8)(oup)
+ MOVQ acc1, (1*8)(oup)
+ RET
+
+// ----------------------------------------------------------------------------
+// ------------------------- AVX2 Code ----------------------------------------
+chacha20Poly1305Seal_AVX2:
+ VZEROUPPER
+ VMOVDQU ·chacha20Constants<>(SB), AA0
+ BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x70; BYTE $0x10 // broadcasti128 16(r8), ymm14
+ BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x20 // broadcasti128 32(r8), ymm12
+ BYTE $0xc4; BYTE $0xc2; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x30 // broadcasti128 48(r8), ymm4
+ VPADDD ·avx2InitMask<>(SB), DD0, DD0
+
+ // Special optimizations, for very short buffers
+ CMPQ inl, $192
+ JBE seal192AVX2 // 33% faster
+ CMPQ inl, $320
+ JBE seal320AVX2 // 17% faster
+
+ // For the general key prepare the key first - as a byproduct we have 64 bytes of cipher stream
+ VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+ VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3; VMOVDQA BB0, state1StoreAVX2
+ VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3; VMOVDQA CC0, state2StoreAVX2
+ VPADDD ·avx2IncMask<>(SB), DD0, DD1; VMOVDQA DD0, ctr0StoreAVX2
+ VPADDD ·avx2IncMask<>(SB), DD1, DD2; VMOVDQA DD1, ctr1StoreAVX2
+ VPADDD ·avx2IncMask<>(SB), DD2, DD3; VMOVDQA DD2, ctr2StoreAVX2
+ VMOVDQA DD3, ctr3StoreAVX2
+ MOVQ $10, itr2
+
+sealAVX2IntroLoop:
+ VMOVDQA CC3, tmpStoreAVX2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+ VMOVDQA tmpStoreAVX2, CC3
+ VMOVDQA CC1, tmpStoreAVX2
+ chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+ VMOVDQA tmpStoreAVX2, CC1
+
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0
+ VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $12, DD1, DD1, DD1
+ VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $12, DD2, DD2, DD2
+ VPALIGNR $4, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $12, DD3, DD3, DD3
+
+ VMOVDQA CC3, tmpStoreAVX2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+ VMOVDQA tmpStoreAVX2, CC3
+ VMOVDQA CC1, tmpStoreAVX2
+ chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+ VMOVDQA tmpStoreAVX2, CC1
+
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0
+ VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $4, DD1, DD1, DD1
+ VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $4, DD2, DD2, DD2
+ VPALIGNR $12, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $4, DD3, DD3, DD3
+ DECQ itr2
+ JNE sealAVX2IntroLoop
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+ VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+
+ VPERM2I128 $0x13, CC0, DD0, CC0 // Stream bytes 96 - 127
+ VPERM2I128 $0x02, AA0, BB0, DD0 // The Poly1305 key
+ VPERM2I128 $0x13, AA0, BB0, AA0 // Stream bytes 64 - 95
+
+ // Clamp and store poly key
+ VPAND ·polyClampMask<>(SB), DD0, DD0
+ VMOVDQA DD0, rsStoreAVX2
+
+ // Hash AD
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+
+ // Can store at least 320 bytes
+ VPXOR (0*32)(inp), AA0, AA0
+ VPXOR (1*32)(inp), CC0, CC0
+ VMOVDQU AA0, (0*32)(oup)
+ VMOVDQU CC0, (1*32)(oup)
+
+ VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+ VPXOR (2*32)(inp), AA0, AA0; VPXOR (3*32)(inp), BB0, BB0; VPXOR (4*32)(inp), CC0, CC0; VPXOR (5*32)(inp), DD0, DD0
+ VMOVDQU AA0, (2*32)(oup); VMOVDQU BB0, (3*32)(oup); VMOVDQU CC0, (4*32)(oup); VMOVDQU DD0, (5*32)(oup)
+ VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+ VPXOR (6*32)(inp), AA0, AA0; VPXOR (7*32)(inp), BB0, BB0; VPXOR (8*32)(inp), CC0, CC0; VPXOR (9*32)(inp), DD0, DD0
+ VMOVDQU AA0, (6*32)(oup); VMOVDQU BB0, (7*32)(oup); VMOVDQU CC0, (8*32)(oup); VMOVDQU DD0, (9*32)(oup)
+
+ MOVQ $320, itr1
+ SUBQ $320, inl
+ LEAQ 320(inp), inp
+
+ VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, CC3, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, CC3, DD3, DD0
+ CMPQ inl, $128
+ JBE sealAVX2SealHash
+
+ VPXOR (0*32)(inp), AA0, AA0; VPXOR (1*32)(inp), BB0, BB0; VPXOR (2*32)(inp), CC0, CC0; VPXOR (3*32)(inp), DD0, DD0
+ VMOVDQU AA0, (10*32)(oup); VMOVDQU BB0, (11*32)(oup); VMOVDQU CC0, (12*32)(oup); VMOVDQU DD0, (13*32)(oup)
+ SUBQ $128, inl
+ LEAQ 128(inp), inp
+
+ MOVQ $8, itr1
+ MOVQ $2, itr2
+
+ CMPQ inl, $128
+ JBE sealAVX2Tail128
+ CMPQ inl, $256
+ JBE sealAVX2Tail256
+ CMPQ inl, $384
+ JBE sealAVX2Tail384
+ CMPQ inl, $512
+ JBE sealAVX2Tail512
+
+ // We have 448 bytes to hash, but main loop hashes 512 bytes at a time - perform some rounds, before the main loop
+ VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+ VMOVDQA ctr3StoreAVX2, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+ VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+
+ VMOVDQA CC3, tmpStoreAVX2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+ VMOVDQA tmpStoreAVX2, CC3
+ VMOVDQA CC1, tmpStoreAVX2
+ chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+ VMOVDQA tmpStoreAVX2, CC1
+
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0
+ VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $12, DD1, DD1, DD1
+ VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $12, DD2, DD2, DD2
+ VPALIGNR $4, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $12, DD3, DD3, DD3
+
+ VMOVDQA CC3, tmpStoreAVX2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+ VMOVDQA tmpStoreAVX2, CC3
+ VMOVDQA CC1, tmpStoreAVX2
+ chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+ VMOVDQA tmpStoreAVX2, CC1
+
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0
+ VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $4, DD1, DD1, DD1
+ VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $4, DD2, DD2, DD2
+ VPALIGNR $12, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $4, DD3, DD3, DD3
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+
+ SUBQ $16, oup // Adjust the pointer
+ MOVQ $9, itr1
+ JMP sealAVX2InternalLoopStart
+
+sealAVX2MainLoop:
+ // Load state, increment counter blocks, store the incremented counters
+ VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+ VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+ VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+ MOVQ $10, itr1
+
+sealAVX2InternalLoop:
+ polyAdd(0*8(oup))
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ polyMulStage1_AVX2
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ polyMulStage2_AVX2
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ polyMulStage3_AVX2
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulReduceStage
+
+sealAVX2InternalLoopStart:
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ polyAdd(2*8(oup))
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ polyMulStage1_AVX2
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulStage2_AVX2
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ polyMulStage3_AVX2
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ polyMulReduceStage
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ polyAdd(4*8(oup))
+ LEAQ (6*8)(oup), oup
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulStage1_AVX2
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ polyMulStage2_AVX2
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ polyMulStage3_AVX2
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulReduceStage
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+ DECQ itr1
+ JNE sealAVX2InternalLoop
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+ VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+ VMOVDQA CC3, tmpStoreAVX2
+
+ // We only hashed 480 of the 512 bytes available - hash the remaining 32 here
+ polyAdd(0*8(oup))
+ polyMulAVX2
+ LEAQ (4*8)(oup), oup
+ VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0
+ VPXOR (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0
+ VMOVDQU CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup)
+ VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+ VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+ VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+
+ // and here
+ polyAdd(-2*8(oup))
+ polyMulAVX2
+ VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+ VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+ VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+ VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+ VPXOR (12*32)(inp), AA0, AA0; VPXOR (13*32)(inp), BB0, BB0; VPXOR (14*32)(inp), CC0, CC0; VPXOR (15*32)(inp), DD0, DD0
+ VMOVDQU AA0, (12*32)(oup); VMOVDQU BB0, (13*32)(oup); VMOVDQU CC0, (14*32)(oup); VMOVDQU DD0, (15*32)(oup)
+ LEAQ (32*16)(inp), inp
+ SUBQ $(32*16), inl
+ CMPQ inl, $512
+ JG sealAVX2MainLoop
+
+ // Tail can only hash 480 bytes
+ polyAdd(0*8(oup))
+ polyMulAVX2
+ polyAdd(2*8(oup))
+ polyMulAVX2
+ LEAQ 32(oup), oup
+
+ MOVQ $10, itr1
+ MOVQ $0, itr2
+ CMPQ inl, $128
+ JBE sealAVX2Tail128
+ CMPQ inl, $256
+ JBE sealAVX2Tail256
+ CMPQ inl, $384
+ JBE sealAVX2Tail384
+ JMP sealAVX2Tail512
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 193 bytes
+seal192AVX2:
+ // For up to 192 bytes of ciphertext and 64 bytes for the poly key, we process four blocks
+ VMOVDQA AA0, AA1
+ VMOVDQA BB0, BB1
+ VMOVDQA CC0, CC1
+ VPADDD ·avx2IncMask<>(SB), DD0, DD1
+ VMOVDQA AA0, AA2
+ VMOVDQA BB0, BB2
+ VMOVDQA CC0, CC2
+ VMOVDQA DD0, DD2
+ VMOVDQA DD1, TT3
+ MOVQ $10, itr2
+
+sealAVX2192InnerCipherLoop:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+ DECQ itr2
+ JNE sealAVX2192InnerCipherLoop
+ VPADDD AA2, AA0, AA0; VPADDD AA2, AA1, AA1
+ VPADDD BB2, BB0, BB0; VPADDD BB2, BB1, BB1
+ VPADDD CC2, CC0, CC0; VPADDD CC2, CC1, CC1
+ VPADDD DD2, DD0, DD0; VPADDD TT3, DD1, DD1
+ VPERM2I128 $0x02, AA0, BB0, TT0
+
+ // Clamp and store poly key
+ VPAND ·polyClampMask<>(SB), TT0, TT0
+ VMOVDQA TT0, rsStoreAVX2
+
+ // Stream for up to 192 bytes
+ VPERM2I128 $0x13, AA0, BB0, AA0
+ VPERM2I128 $0x13, CC0, DD0, BB0
+ VPERM2I128 $0x02, AA1, BB1, CC0
+ VPERM2I128 $0x02, CC1, DD1, DD0
+ VPERM2I128 $0x13, AA1, BB1, AA1
+ VPERM2I128 $0x13, CC1, DD1, BB1
+
+sealAVX2ShortSeal:
+ // Hash aad
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+ XORQ itr1, itr1
+
+sealAVX2SealHash:
+ // itr1 holds the number of bytes encrypted but not yet hashed
+ CMPQ itr1, $16
+ JB sealAVX2ShortSealLoop
+ polyAdd(0(oup))
+ polyMul
+ SUBQ $16, itr1
+ ADDQ $16, oup
+ JMP sealAVX2SealHash
+
+sealAVX2ShortSealLoop:
+ CMPQ inl, $32
+ JB sealAVX2ShortTail32
+ SUBQ $32, inl
+
+ // Load for encryption
+ VPXOR (inp), AA0, AA0
+ VMOVDQU AA0, (oup)
+ LEAQ (1*32)(inp), inp
+
+ // Now can hash
+ polyAdd(0*8(oup))
+ polyMulAVX2
+ polyAdd(2*8(oup))
+ polyMulAVX2
+ LEAQ (1*32)(oup), oup
+
+ // Shift stream left
+ VMOVDQA BB0, AA0
+ VMOVDQA CC0, BB0
+ VMOVDQA DD0, CC0
+ VMOVDQA AA1, DD0
+ VMOVDQA BB1, AA1
+ VMOVDQA CC1, BB1
+ VMOVDQA DD1, CC1
+ VMOVDQA AA2, DD1
+ VMOVDQA BB2, AA2
+ JMP sealAVX2ShortSealLoop
+
+sealAVX2ShortTail32:
+ CMPQ inl, $16
+ VMOVDQA A0, A1
+ JB sealAVX2ShortDone
+
+ SUBQ $16, inl
+
+ // Load for encryption
+ VPXOR (inp), A0, T0
+ VMOVDQU T0, (oup)
+ LEAQ (1*16)(inp), inp
+
+ // Hash
+ polyAdd(0*8(oup))
+ polyMulAVX2
+ LEAQ (1*16)(oup), oup
+ VPERM2I128 $0x11, AA0, AA0, AA0
+ VMOVDQA A0, A1
+
+sealAVX2ShortDone:
+ VZEROUPPER
+ JMP sealSSETail
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 321 bytes
+seal320AVX2:
+ // For up to 320 bytes of ciphertext and 64 bytes for the poly key, we process six blocks
+ VMOVDQA AA0, AA1; VMOVDQA BB0, BB1; VMOVDQA CC0, CC1; VPADDD ·avx2IncMask<>(SB), DD0, DD1
+ VMOVDQA AA0, AA2; VMOVDQA BB0, BB2; VMOVDQA CC0, CC2; VPADDD ·avx2IncMask<>(SB), DD1, DD2
+ VMOVDQA BB0, TT1; VMOVDQA CC0, TT2; VMOVDQA DD0, TT3
+ MOVQ $10, itr2
+
+sealAVX2320InnerCipherLoop:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+ DECQ itr2
+ JNE sealAVX2320InnerCipherLoop
+
+ VMOVDQA ·chacha20Constants<>(SB), TT0
+ VPADDD TT0, AA0, AA0; VPADDD TT0, AA1, AA1; VPADDD TT0, AA2, AA2
+ VPADDD TT1, BB0, BB0; VPADDD TT1, BB1, BB1; VPADDD TT1, BB2, BB2
+ VPADDD TT2, CC0, CC0; VPADDD TT2, CC1, CC1; VPADDD TT2, CC2, CC2
+ VMOVDQA ·avx2IncMask<>(SB), TT0
+ VPADDD TT3, DD0, DD0; VPADDD TT0, TT3, TT3
+ VPADDD TT3, DD1, DD1; VPADDD TT0, TT3, TT3
+ VPADDD TT3, DD2, DD2
+
+ // Clamp and store poly key
+ VPERM2I128 $0x02, AA0, BB0, TT0
+ VPAND ·polyClampMask<>(SB), TT0, TT0
+ VMOVDQA TT0, rsStoreAVX2
+
+ // Stream for up to 320 bytes
+ VPERM2I128 $0x13, AA0, BB0, AA0
+ VPERM2I128 $0x13, CC0, DD0, BB0
+ VPERM2I128 $0x02, AA1, BB1, CC0
+ VPERM2I128 $0x02, CC1, DD1, DD0
+ VPERM2I128 $0x13, AA1, BB1, AA1
+ VPERM2I128 $0x13, CC1, DD1, BB1
+ VPERM2I128 $0x02, AA2, BB2, CC1
+ VPERM2I128 $0x02, CC2, DD2, DD1
+ VPERM2I128 $0x13, AA2, BB2, AA2
+ VPERM2I128 $0x13, CC2, DD2, BB2
+ JMP sealAVX2ShortSeal
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of ciphertext
+sealAVX2Tail128:
+ // Need to decrypt up to 128 bytes - prepare two blocks
+ // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+ // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+ VMOVDQA ·chacha20Constants<>(SB), AA0
+ VMOVDQA state1StoreAVX2, BB0
+ VMOVDQA state2StoreAVX2, CC0
+ VMOVDQA ctr3StoreAVX2, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD0
+ VMOVDQA DD0, DD1
+
+sealAVX2Tail128LoopA:
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+sealAVX2Tail128LoopB:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+ polyAdd(0(oup))
+ polyMul
+ VPALIGNR $4, BB0, BB0, BB0
+ VPALIGNR $8, CC0, CC0, CC0
+ VPALIGNR $12, DD0, DD0, DD0
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+ polyAdd(16(oup))
+ polyMul
+ LEAQ 32(oup), oup
+ VPALIGNR $12, BB0, BB0, BB0
+ VPALIGNR $8, CC0, CC0, CC0
+ VPALIGNR $4, DD0, DD0, DD0
+ DECQ itr1
+ JG sealAVX2Tail128LoopA
+ DECQ itr2
+ JGE sealAVX2Tail128LoopB
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA1
+ VPADDD state1StoreAVX2, BB0, BB1
+ VPADDD state2StoreAVX2, CC0, CC1
+ VPADDD DD1, DD0, DD1
+
+ VPERM2I128 $0x02, AA1, BB1, AA0
+ VPERM2I128 $0x02, CC1, DD1, BB0
+ VPERM2I128 $0x13, AA1, BB1, CC0
+ VPERM2I128 $0x13, CC1, DD1, DD0
+ JMP sealAVX2ShortSealLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 256 bytes of ciphertext
+sealAVX2Tail256:
+ // Need to decrypt up to 256 bytes - prepare two blocks
+ // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+ // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+ VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA ·chacha20Constants<>(SB), AA1
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA state1StoreAVX2, BB1
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA state2StoreAVX2, CC1
+ VMOVDQA ctr3StoreAVX2, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD1
+ VMOVDQA DD0, TT1
+ VMOVDQA DD1, TT2
+
+sealAVX2Tail256LoopA:
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+sealAVX2Tail256LoopB:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ polyAdd(0(oup))
+ polyMul
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ polyAdd(16(oup))
+ polyMul
+ LEAQ 32(oup), oup
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+ DECQ itr1
+ JG sealAVX2Tail256LoopA
+ DECQ itr2
+ JGE sealAVX2Tail256LoopB
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1
+ VPADDD TT1, DD0, DD0; VPADDD TT2, DD1, DD1
+ VPERM2I128 $0x02, AA0, BB0, TT0
+ VPERM2I128 $0x02, CC0, DD0, TT1
+ VPERM2I128 $0x13, AA0, BB0, TT2
+ VPERM2I128 $0x13, CC0, DD0, TT3
+ VPXOR (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3
+ VMOVDQU TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup)
+ MOVQ $128, itr1
+ LEAQ 128(inp), inp
+ SUBQ $128, inl
+ VPERM2I128 $0x02, AA1, BB1, AA0
+ VPERM2I128 $0x02, CC1, DD1, BB0
+ VPERM2I128 $0x13, AA1, BB1, CC0
+ VPERM2I128 $0x13, CC1, DD1, DD0
+
+ JMP sealAVX2SealHash
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 384 bytes of ciphertext
+sealAVX2Tail384:
+ // Need to decrypt up to 384 bytes - prepare two blocks
+ // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+ // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+ VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2
+ VMOVDQA ctr3StoreAVX2, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2
+ VMOVDQA DD0, TT1; VMOVDQA DD1, TT2; VMOVDQA DD2, TT3
+
+sealAVX2Tail384LoopA:
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+sealAVX2Tail384LoopB:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ polyAdd(0(oup))
+ polyMul
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ polyAdd(16(oup))
+ polyMul
+ LEAQ 32(oup), oup
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+ DECQ itr1
+ JG sealAVX2Tail384LoopA
+ DECQ itr2
+ JGE sealAVX2Tail384LoopB
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2
+ VPADDD TT1, DD0, DD0; VPADDD TT2, DD1, DD1; VPADDD TT3, DD2, DD2
+ VPERM2I128 $0x02, AA0, BB0, TT0
+ VPERM2I128 $0x02, CC0, DD0, TT1
+ VPERM2I128 $0x13, AA0, BB0, TT2
+ VPERM2I128 $0x13, CC0, DD0, TT3
+ VPXOR (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3
+ VMOVDQU TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup)
+ VPERM2I128 $0x02, AA1, BB1, TT0
+ VPERM2I128 $0x02, CC1, DD1, TT1
+ VPERM2I128 $0x13, AA1, BB1, TT2
+ VPERM2I128 $0x13, CC1, DD1, TT3
+ VPXOR (4*32)(inp), TT0, TT0; VPXOR (5*32)(inp), TT1, TT1; VPXOR (6*32)(inp), TT2, TT2; VPXOR (7*32)(inp), TT3, TT3
+ VMOVDQU TT0, (4*32)(oup); VMOVDQU TT1, (5*32)(oup); VMOVDQU TT2, (6*32)(oup); VMOVDQU TT3, (7*32)(oup)
+ MOVQ $256, itr1
+ LEAQ 256(inp), inp
+ SUBQ $256, inl
+ VPERM2I128 $0x02, AA2, BB2, AA0
+ VPERM2I128 $0x02, CC2, DD2, BB0
+ VPERM2I128 $0x13, AA2, BB2, CC0
+ VPERM2I128 $0x13, CC2, DD2, DD0
+
+ JMP sealAVX2SealHash
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 512 bytes of ciphertext
+sealAVX2Tail512:
+ // Need to decrypt up to 512 bytes - prepare two blocks
+ // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+ // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+ VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+ VMOVDQA ctr3StoreAVX2, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+ VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+
+sealAVX2Tail512LoopA:
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+sealAVX2Tail512LoopB:
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyAdd(0*8(oup))
+ polyMulAVX2
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ polyAdd(2*8(oup))
+ polyMulAVX2
+ LEAQ (4*8)(oup), oup
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+
+ DECQ itr1
+ JG sealAVX2Tail512LoopA
+ DECQ itr2
+ JGE sealAVX2Tail512LoopB
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+ VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPERM2I128 $0x02, AA0, BB0, CC3
+ VPXOR (0*32)(inp), CC3, CC3
+ VMOVDQU CC3, (0*32)(oup)
+ VPERM2I128 $0x02, CC0, DD0, CC3
+ VPXOR (1*32)(inp), CC3, CC3
+ VMOVDQU CC3, (1*32)(oup)
+ VPERM2I128 $0x13, AA0, BB0, CC3
+ VPXOR (2*32)(inp), CC3, CC3
+ VMOVDQU CC3, (2*32)(oup)
+ VPERM2I128 $0x13, CC0, DD0, CC3
+ VPXOR (3*32)(inp), CC3, CC3
+ VMOVDQU CC3, (3*32)(oup)
+
+ VPERM2I128 $0x02, AA1, BB1, AA0
+ VPERM2I128 $0x02, CC1, DD1, BB0
+ VPERM2I128 $0x13, AA1, BB1, CC0
+ VPERM2I128 $0x13, CC1, DD1, DD0
+ VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+ VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+
+ VPERM2I128 $0x02, AA2, BB2, AA0
+ VPERM2I128 $0x02, CC2, DD2, BB0
+ VPERM2I128 $0x13, AA2, BB2, CC0
+ VPERM2I128 $0x13, CC2, DD2, DD0
+ VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+ VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+
+ MOVQ $384, itr1
+ LEAQ 384(inp), inp
+ SUBQ $384, inl
+ VPERM2I128 $0x02, AA3, BB3, AA0
+ VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0
+ VPERM2I128 $0x13, AA3, BB3, CC0
+ VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+
+ JMP sealAVX2SealHash
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
new file mode 100644
index 0000000..8d28ce2
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
@@ -0,0 +1,74 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package chacha20poly1305
+
+import (
+ "encoding/binary"
+
+ "golang.org/x/crypto/internal/chacha20"
+ "golang.org/x/crypto/poly1305"
+)
+
+func roundTo16(n int) int {
+ return 16 * ((n + 15) / 16)
+}
+
+func (c *chacha20poly1305) sealGeneric(dst, nonce, plaintext, additionalData []byte) []byte {
+ ret, out := sliceForAppend(dst, len(plaintext)+poly1305.TagSize)
+
+ var polyKey [32]byte
+ s := chacha20.New(c.key, [3]uint32{
+ binary.LittleEndian.Uint32(nonce[0:4]),
+ binary.LittleEndian.Uint32(nonce[4:8]),
+ binary.LittleEndian.Uint32(nonce[8:12]),
+ })
+ s.XORKeyStream(polyKey[:], polyKey[:])
+ s.Advance() // skip the next 32 bytes
+ s.XORKeyStream(out, plaintext)
+
+ polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(plaintext))+8+8)
+ copy(polyInput, additionalData)
+ copy(polyInput[roundTo16(len(additionalData)):], out[:len(plaintext)])
+ binary.LittleEndian.PutUint64(polyInput[len(polyInput)-16:], uint64(len(additionalData)))
+ binary.LittleEndian.PutUint64(polyInput[len(polyInput)-8:], uint64(len(plaintext)))
+
+ var tag [poly1305.TagSize]byte
+ poly1305.Sum(&tag, polyInput, &polyKey)
+ copy(out[len(plaintext):], tag[:])
+
+ return ret
+}
+
+func (c *chacha20poly1305) openGeneric(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+ var tag [poly1305.TagSize]byte
+ copy(tag[:], ciphertext[len(ciphertext)-16:])
+ ciphertext = ciphertext[:len(ciphertext)-16]
+
+ var polyKey [32]byte
+ s := chacha20.New(c.key, [3]uint32{
+ binary.LittleEndian.Uint32(nonce[0:4]),
+ binary.LittleEndian.Uint32(nonce[4:8]),
+ binary.LittleEndian.Uint32(nonce[8:12]),
+ })
+ s.XORKeyStream(polyKey[:], polyKey[:])
+ s.Advance() // skip the next 32 bytes
+
+ polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(ciphertext))+8+8)
+ copy(polyInput, additionalData)
+ copy(polyInput[roundTo16(len(additionalData)):], ciphertext)
+ binary.LittleEndian.PutUint64(polyInput[len(polyInput)-16:], uint64(len(additionalData)))
+ binary.LittleEndian.PutUint64(polyInput[len(polyInput)-8:], uint64(len(ciphertext)))
+
+ ret, out := sliceForAppend(dst, len(ciphertext))
+ if !poly1305.Verify(&tag, polyInput, &polyKey) {
+ for i := range out {
+ out[i] = 0
+ }
+ return nil, errOpen
+ }
+
+ s.XORKeyStream(out, ciphertext)
+ return ret, nil
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
new file mode 100644
index 0000000..4c2eb70
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
@@ -0,0 +1,15 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !amd64 !go1.7 gccgo appengine
+
+package chacha20poly1305
+
+func (c *chacha20poly1305) seal(dst, nonce, plaintext, additionalData []byte) []byte {
+ return c.sealGeneric(dst, nonce, plaintext, additionalData)
+}
+
+func (c *chacha20poly1305) open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+ return c.openGeneric(dst, nonce, ciphertext, additionalData)
+}
diff --git a/vendor/golang.org/x/crypto/hkdf/hkdf.go b/vendor/golang.org/x/crypto/hkdf/hkdf.go
new file mode 100644
index 0000000..5bc2463
--- /dev/null
+++ b/vendor/golang.org/x/crypto/hkdf/hkdf.go
@@ -0,0 +1,75 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation
+// Function (HKDF) as defined in RFC 5869.
+//
+// HKDF is a cryptographic key derivation function (KDF) with the goal of
+// expanding limited input keying material into one or more cryptographically
+// strong secret keys.
+//
+// RFC 5869: https://tools.ietf.org/html/rfc5869
+package hkdf // import "golang.org/x/crypto/hkdf"
+
+import (
+ "crypto/hmac"
+ "errors"
+ "hash"
+ "io"
+)
+
+type hkdf struct {
+ expander hash.Hash
+ size int
+
+ info []byte
+ counter byte
+
+ prev []byte
+ cache []byte
+}
+
+func (f *hkdf) Read(p []byte) (int, error) {
+ // Check whether enough data can be generated
+ need := len(p)
+ remains := len(f.cache) + int(255-f.counter+1)*f.size
+ if remains < need {
+ return 0, errors.New("hkdf: entropy limit reached")
+ }
+ // Read from the cache, if enough data is present
+ n := copy(p, f.cache)
+ p = p[n:]
+
+ // Fill the buffer
+ for len(p) > 0 {
+ f.expander.Reset()
+ f.expander.Write(f.prev)
+ f.expander.Write(f.info)
+ f.expander.Write([]byte{f.counter})
+ f.prev = f.expander.Sum(f.prev[:0])
+ f.counter++
+
+ // Copy the new batch into p
+ f.cache = f.prev
+ n = copy(p, f.cache)
+ p = p[n:]
+ }
+ // Save leftovers for next run
+ f.cache = f.cache[n:]
+
+ return need, nil
+}
+
+// New returns a new HKDF using the given hash, the secret keying material to expand
+// and optional salt and info fields.
+func New(hash func() hash.Hash, secret, salt, info []byte) io.Reader {
+ if salt == nil {
+ salt = make([]byte, hash().Size())
+ }
+ extractor := hmac.New(hash, salt)
+ extractor.Write(secret)
+ prk := extractor.Sum(nil)
+
+ return &hkdf{hmac.New(hash, prk), extractor.Size(), info, 1, nil, nil}
+}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/asm_s390x.s b/vendor/golang.org/x/crypto/internal/chacha20/asm_s390x.s
new file mode 100644
index 0000000..98427c5
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/chacha20/asm_s390x.s
@@ -0,0 +1,283 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,!gccgo,!appengine
+
+#include "go_asm.h"
+#include "textflag.h"
+
+// This is an implementation of the ChaCha20 encryption algorithm as
+// specified in RFC 7539. It uses vector instructions to compute
+// 4 keystream blocks in parallel (256 bytes) which are then XORed
+// with the bytes in the input slice.
+
+GLOBL ·constants<>(SB), RODATA|NOPTR, $32
+// BSWAP: swap bytes in each 4-byte element
+DATA ·constants<>+0x00(SB)/4, $0x03020100
+DATA ·constants<>+0x04(SB)/4, $0x07060504
+DATA ·constants<>+0x08(SB)/4, $0x0b0a0908
+DATA ·constants<>+0x0c(SB)/4, $0x0f0e0d0c
+// J0: [j0, j1, j2, j3]
+DATA ·constants<>+0x10(SB)/4, $0x61707865
+DATA ·constants<>+0x14(SB)/4, $0x3320646e
+DATA ·constants<>+0x18(SB)/4, $0x79622d32
+DATA ·constants<>+0x1c(SB)/4, $0x6b206574
+
+// EXRL targets:
+TEXT ·mvcSrcToBuf(SB), NOFRAME|NOSPLIT, $0
+ MVC $1, (R1), (R8)
+ RET
+
+TEXT ·mvcBufToDst(SB), NOFRAME|NOSPLIT, $0
+ MVC $1, (R8), (R9)
+ RET
+
+#define BSWAP V5
+#define J0 V6
+#define KEY0 V7
+#define KEY1 V8
+#define NONCE V9
+#define CTR V10
+#define M0 V11
+#define M1 V12
+#define M2 V13
+#define M3 V14
+#define INC V15
+#define X0 V16
+#define X1 V17
+#define X2 V18
+#define X3 V19
+#define X4 V20
+#define X5 V21
+#define X6 V22
+#define X7 V23
+#define X8 V24
+#define X9 V25
+#define X10 V26
+#define X11 V27
+#define X12 V28
+#define X13 V29
+#define X14 V30
+#define X15 V31
+
+#define NUM_ROUNDS 20
+
+#define ROUND4(a0, a1, a2, a3, b0, b1, b2, b3, c0, c1, c2, c3, d0, d1, d2, d3) \
+ VAF a1, a0, a0 \
+ VAF b1, b0, b0 \
+ VAF c1, c0, c0 \
+ VAF d1, d0, d0 \
+ VX a0, a2, a2 \
+ VX b0, b2, b2 \
+ VX c0, c2, c2 \
+ VX d0, d2, d2 \
+ VERLLF $16, a2, a2 \
+ VERLLF $16, b2, b2 \
+ VERLLF $16, c2, c2 \
+ VERLLF $16, d2, d2 \
+ VAF a2, a3, a3 \
+ VAF b2, b3, b3 \
+ VAF c2, c3, c3 \
+ VAF d2, d3, d3 \
+ VX a3, a1, a1 \
+ VX b3, b1, b1 \
+ VX c3, c1, c1 \
+ VX d3, d1, d1 \
+ VERLLF $12, a1, a1 \
+ VERLLF $12, b1, b1 \
+ VERLLF $12, c1, c1 \
+ VERLLF $12, d1, d1 \
+ VAF a1, a0, a0 \
+ VAF b1, b0, b0 \
+ VAF c1, c0, c0 \
+ VAF d1, d0, d0 \
+ VX a0, a2, a2 \
+ VX b0, b2, b2 \
+ VX c0, c2, c2 \
+ VX d0, d2, d2 \
+ VERLLF $8, a2, a2 \
+ VERLLF $8, b2, b2 \
+ VERLLF $8, c2, c2 \
+ VERLLF $8, d2, d2 \
+ VAF a2, a3, a3 \
+ VAF b2, b3, b3 \
+ VAF c2, c3, c3 \
+ VAF d2, d3, d3 \
+ VX a3, a1, a1 \
+ VX b3, b1, b1 \
+ VX c3, c1, c1 \
+ VX d3, d1, d1 \
+ VERLLF $7, a1, a1 \
+ VERLLF $7, b1, b1 \
+ VERLLF $7, c1, c1 \
+ VERLLF $7, d1, d1
+
+#define PERMUTE(mask, v0, v1, v2, v3) \
+ VPERM v0, v0, mask, v0 \
+ VPERM v1, v1, mask, v1 \
+ VPERM v2, v2, mask, v2 \
+ VPERM v3, v3, mask, v3
+
+#define ADDV(x, v0, v1, v2, v3) \
+ VAF x, v0, v0 \
+ VAF x, v1, v1 \
+ VAF x, v2, v2 \
+ VAF x, v3, v3
+
+#define XORV(off, dst, src, v0, v1, v2, v3) \
+ VLM off(src), M0, M3 \
+ PERMUTE(BSWAP, v0, v1, v2, v3) \
+ VX v0, M0, M0 \
+ VX v1, M1, M1 \
+ VX v2, M2, M2 \
+ VX v3, M3, M3 \
+ VSTM M0, M3, off(dst)
+
+#define SHUFFLE(a, b, c, d, t, u, v, w) \
+ VMRHF a, c, t \ // t = {a[0], c[0], a[1], c[1]}
+ VMRHF b, d, u \ // u = {b[0], d[0], b[1], d[1]}
+ VMRLF a, c, v \ // v = {a[2], c[2], a[3], c[3]}
+ VMRLF b, d, w \ // w = {b[2], d[2], b[3], d[3]}
+ VMRHF t, u, a \ // a = {a[0], b[0], c[0], d[0]}
+ VMRLF t, u, b \ // b = {a[1], b[1], c[1], d[1]}
+ VMRHF v, w, c \ // c = {a[2], b[2], c[2], d[2]}
+ VMRLF v, w, d // d = {a[3], b[3], c[3], d[3]}
+
+// func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32, buf *[256]byte, len *int)
+TEXT ·xorKeyStreamVX(SB), NOSPLIT, $0
+ MOVD $·constants<>(SB), R1
+ MOVD dst+0(FP), R2 // R2=&dst[0]
+ LMG src+24(FP), R3, R4 // R3=&src[0] R4=len(src)
+ MOVD key+48(FP), R5 // R5=key
+ MOVD nonce+56(FP), R6 // R6=nonce
+ MOVD counter+64(FP), R7 // R7=counter
+ MOVD buf+72(FP), R8 // R8=buf
+ MOVD len+80(FP), R9 // R9=len
+
+ // load BSWAP and J0
+ VLM (R1), BSWAP, J0
+
+ // set up tail buffer
+ ADD $-1, R4, R12
+ MOVBZ R12, R12
+ CMPUBEQ R12, $255, aligned
+ MOVD R4, R1
+ AND $~255, R1
+ MOVD $(R3)(R1*1), R1
+ EXRL $·mvcSrcToBuf(SB), R12
+ MOVD $255, R0
+ SUB R12, R0
+ MOVD R0, (R9) // update len
+
+aligned:
+ // setup
+ MOVD $95, R0
+ VLM (R5), KEY0, KEY1
+ VLL R0, (R6), NONCE
+ VZERO M0
+ VLEIB $7, $32, M0
+ VSRLB M0, NONCE, NONCE
+
+ // initialize counter values
+ VLREPF (R7), CTR
+ VZERO INC
+ VLEIF $1, $1, INC
+ VLEIF $2, $2, INC
+ VLEIF $3, $3, INC
+ VAF INC, CTR, CTR
+ VREPIF $4, INC
+
+chacha:
+ VREPF $0, J0, X0
+ VREPF $1, J0, X1
+ VREPF $2, J0, X2
+ VREPF $3, J0, X3
+ VREPF $0, KEY0, X4
+ VREPF $1, KEY0, X5
+ VREPF $2, KEY0, X6
+ VREPF $3, KEY0, X7
+ VREPF $0, KEY1, X8
+ VREPF $1, KEY1, X9
+ VREPF $2, KEY1, X10
+ VREPF $3, KEY1, X11
+ VLR CTR, X12
+ VREPF $1, NONCE, X13
+ VREPF $2, NONCE, X14
+ VREPF $3, NONCE, X15
+
+ MOVD $(NUM_ROUNDS/2), R1
+
+loop:
+ ROUND4(X0, X4, X12, X8, X1, X5, X13, X9, X2, X6, X14, X10, X3, X7, X15, X11)
+ ROUND4(X0, X5, X15, X10, X1, X6, X12, X11, X2, X7, X13, X8, X3, X4, X14, X9)
+
+ ADD $-1, R1
+ BNE loop
+
+ // decrement length
+ ADD $-256, R4
+ BLT tail
+
+continue:
+ // rearrange vectors
+ SHUFFLE(X0, X1, X2, X3, M0, M1, M2, M3)
+ ADDV(J0, X0, X1, X2, X3)
+ SHUFFLE(X4, X5, X6, X7, M0, M1, M2, M3)
+ ADDV(KEY0, X4, X5, X6, X7)
+ SHUFFLE(X8, X9, X10, X11, M0, M1, M2, M3)
+ ADDV(KEY1, X8, X9, X10, X11)
+ VAF CTR, X12, X12
+ SHUFFLE(X12, X13, X14, X15, M0, M1, M2, M3)
+ ADDV(NONCE, X12, X13, X14, X15)
+
+ // increment counters
+ VAF INC, CTR, CTR
+
+ // xor keystream with plaintext
+ XORV(0*64, R2, R3, X0, X4, X8, X12)
+ XORV(1*64, R2, R3, X1, X5, X9, X13)
+ XORV(2*64, R2, R3, X2, X6, X10, X14)
+ XORV(3*64, R2, R3, X3, X7, X11, X15)
+
+ // increment pointers
+ MOVD $256(R2), R2
+ MOVD $256(R3), R3
+
+ CMPBNE R4, $0, chacha
+ CMPUBEQ R12, $255, return
+ EXRL $·mvcBufToDst(SB), R12 // len was updated during setup
+
+return:
+ VSTEF $0, CTR, (R7)
+ RET
+
+tail:
+ MOVD R2, R9
+ MOVD R8, R2
+ MOVD R8, R3
+ MOVD $0, R4
+ JMP continue
+
+// func hasVectorFacility() bool
+TEXT ·hasVectorFacility(SB), NOSPLIT, $24-1
+ MOVD $x-24(SP), R1
+ XC $24, 0(R1), 0(R1) // clear the storage
+ MOVD $2, R0 // R0 is the number of double words stored -1
+ WORD $0xB2B01000 // STFLE 0(R1)
+ XOR R0, R0 // reset the value of R0
+ MOVBZ z-8(SP), R1
+ AND $0x40, R1
+ BEQ novector
+
+vectorinstalled:
+ // check if the vector instruction has been enabled
+ VLEIB $0, $0xF, V16
+ VLGVB $0, V16, R1
+ CMPBNE R1, $0xF, novector
+ MOVB $1, ret+0(FP) // have vx
+ RET
+
+novector:
+ MOVB $0, ret+0(FP) // no vx
+ RET
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go b/vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go
new file mode 100644
index 0000000..7ed1cd9
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go
@@ -0,0 +1,227 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package ChaCha20 implements the core ChaCha20 function as specified
+// in https://tools.ietf.org/html/rfc7539#section-2.3.
+package chacha20
+
+import (
+ "crypto/cipher"
+ "encoding/binary"
+)
+
+// assert that *Cipher implements cipher.Stream
+var _ cipher.Stream = (*Cipher)(nil)
+
+// Cipher is a stateful instance of ChaCha20 using a particular key
+// and nonce. A *Cipher implements the cipher.Stream interface.
+type Cipher struct {
+ key [8]uint32
+ counter uint32 // incremented after each block
+ nonce [3]uint32
+ buf [bufSize]byte // buffer for unused keystream bytes
+ len int // number of unused keystream bytes at end of buf
+}
+
+// New creates a new ChaCha20 stream cipher with the given key and nonce.
+// The initial counter value is set to 0.
+func New(key [8]uint32, nonce [3]uint32) *Cipher {
+ return &Cipher{key: key, nonce: nonce}
+}
+
+// XORKeyStream XORs each byte in the given slice with a byte from the
+// cipher's key stream. Dst and src must overlap entirely or not at all.
+//
+// If len(dst) < len(src), XORKeyStream will panic. It is acceptable
+// to pass a dst bigger than src, and in that case, XORKeyStream will
+// only update dst[:len(src)] and will not touch the rest of dst.
+//
+// Multiple calls to XORKeyStream behave as if the concatenation of
+// the src buffers was passed in a single run. That is, Cipher
+// maintains state and does not reset at each XORKeyStream call.
+func (s *Cipher) XORKeyStream(dst, src []byte) {
+ // xor src with buffered keystream first
+ if s.len != 0 {
+ buf := s.buf[len(s.buf)-s.len:]
+ if len(src) < len(buf) {
+ buf = buf[:len(src)]
+ }
+ td, ts := dst[:len(buf)], src[:len(buf)] // BCE hint
+ for i, b := range buf {
+ td[i] = ts[i] ^ b
+ }
+ s.len -= len(buf)
+ if s.len != 0 {
+ return
+ }
+ s.buf = [len(s.buf)]byte{} // zero the empty buffer
+ src = src[len(buf):]
+ dst = dst[len(buf):]
+ }
+
+ if len(src) == 0 {
+ return
+ }
+ if haveAsm {
+ s.xorKeyStreamAsm(dst, src)
+ return
+ }
+
+ // set up a 64-byte buffer to pad out the final block if needed
+ // (hoisted out of the main loop to avoid spills)
+ rem := len(src) % 64 // length of final block
+ fin := len(src) - rem // index of final block
+ if rem > 0 {
+ copy(s.buf[len(s.buf)-64:], src[fin:])
+ }
+
+ // qr calculates a quarter round
+ qr := func(a, b, c, d uint32) (uint32, uint32, uint32, uint32) {
+ a += b
+ d ^= a
+ d = (d << 16) | (d >> 16)
+ c += d
+ b ^= c
+ b = (b << 12) | (b >> 20)
+ a += b
+ d ^= a
+ d = (d << 8) | (d >> 24)
+ c += d
+ b ^= c
+ b = (b << 7) | (b >> 25)
+ return a, b, c, d
+ }
+
+ // ChaCha20 constants
+ const (
+ j0 = 0x61707865
+ j1 = 0x3320646e
+ j2 = 0x79622d32
+ j3 = 0x6b206574
+ )
+
+ // pre-calculate most of the first round
+ s1, s5, s9, s13 := qr(j1, s.key[1], s.key[5], s.nonce[0])
+ s2, s6, s10, s14 := qr(j2, s.key[2], s.key[6], s.nonce[1])
+ s3, s7, s11, s15 := qr(j3, s.key[3], s.key[7], s.nonce[2])
+
+ n := len(src)
+ src, dst = src[:n:n], dst[:n:n] // BCE hint
+ for i := 0; i < n; i += 64 {
+ // calculate the remainder of the first round
+ s0, s4, s8, s12 := qr(j0, s.key[0], s.key[4], s.counter)
+
+ // execute the second round
+ x0, x5, x10, x15 := qr(s0, s5, s10, s15)
+ x1, x6, x11, x12 := qr(s1, s6, s11, s12)
+ x2, x7, x8, x13 := qr(s2, s7, s8, s13)
+ x3, x4, x9, x14 := qr(s3, s4, s9, s14)
+
+ // execute the remaining 18 rounds
+ for i := 0; i < 9; i++ {
+ x0, x4, x8, x12 = qr(x0, x4, x8, x12)
+ x1, x5, x9, x13 = qr(x1, x5, x9, x13)
+ x2, x6, x10, x14 = qr(x2, x6, x10, x14)
+ x3, x7, x11, x15 = qr(x3, x7, x11, x15)
+
+ x0, x5, x10, x15 = qr(x0, x5, x10, x15)
+ x1, x6, x11, x12 = qr(x1, x6, x11, x12)
+ x2, x7, x8, x13 = qr(x2, x7, x8, x13)
+ x3, x4, x9, x14 = qr(x3, x4, x9, x14)
+ }
+
+ x0 += j0
+ x1 += j1
+ x2 += j2
+ x3 += j3
+
+ x4 += s.key[0]
+ x5 += s.key[1]
+ x6 += s.key[2]
+ x7 += s.key[3]
+ x8 += s.key[4]
+ x9 += s.key[5]
+ x10 += s.key[6]
+ x11 += s.key[7]
+
+ x12 += s.counter
+ x13 += s.nonce[0]
+ x14 += s.nonce[1]
+ x15 += s.nonce[2]
+
+ // increment the counter
+ s.counter += 1
+ if s.counter == 0 {
+ panic("chacha20: counter overflow")
+ }
+
+ // pad to 64 bytes if needed
+ in, out := src[i:], dst[i:]
+ if i == fin {
+ // src[fin:] has already been copied into s.buf before
+ // the main loop
+ in, out = s.buf[len(s.buf)-64:], s.buf[len(s.buf)-64:]
+ }
+ in, out = in[:64], out[:64] // BCE hint
+
+ // XOR the key stream with the source and write out the result
+ xor(out[0:], in[0:], x0)
+ xor(out[4:], in[4:], x1)
+ xor(out[8:], in[8:], x2)
+ xor(out[12:], in[12:], x3)
+ xor(out[16:], in[16:], x4)
+ xor(out[20:], in[20:], x5)
+ xor(out[24:], in[24:], x6)
+ xor(out[28:], in[28:], x7)
+ xor(out[32:], in[32:], x8)
+ xor(out[36:], in[36:], x9)
+ xor(out[40:], in[40:], x10)
+ xor(out[44:], in[44:], x11)
+ xor(out[48:], in[48:], x12)
+ xor(out[52:], in[52:], x13)
+ xor(out[56:], in[56:], x14)
+ xor(out[60:], in[60:], x15)
+ }
+ // copy any trailing bytes out of the buffer and into dst
+ if rem != 0 {
+ s.len = 64 - rem
+ copy(dst[fin:], s.buf[len(s.buf)-64:])
+ }
+}
+
+// Advance discards bytes in the key stream until the next 64 byte block
+// boundary is reached and updates the counter accordingly. If the key
+// stream is already at a block boundary no bytes will be discarded and
+// the counter will be unchanged.
+func (s *Cipher) Advance() {
+ s.len -= s.len % 64
+ if s.len == 0 {
+ s.buf = [len(s.buf)]byte{}
+ }
+}
+
+// XORKeyStream crypts bytes from in to out using the given key and counters.
+// In and out must overlap entirely or not at all. Counter contains the raw
+// ChaCha20 counter bytes (i.e. block counter followed by nonce).
+func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
+ s := Cipher{
+ key: [8]uint32{
+ binary.LittleEndian.Uint32(key[0:4]),
+ binary.LittleEndian.Uint32(key[4:8]),
+ binary.LittleEndian.Uint32(key[8:12]),
+ binary.LittleEndian.Uint32(key[12:16]),
+ binary.LittleEndian.Uint32(key[16:20]),
+ binary.LittleEndian.Uint32(key[20:24]),
+ binary.LittleEndian.Uint32(key[24:28]),
+ binary.LittleEndian.Uint32(key[28:32]),
+ },
+ nonce: [3]uint32{
+ binary.LittleEndian.Uint32(counter[4:8]),
+ binary.LittleEndian.Uint32(counter[8:12]),
+ binary.LittleEndian.Uint32(counter[12:16]),
+ },
+ counter: binary.LittleEndian.Uint32(counter[0:4]),
+ }
+ s.XORKeyStream(out, in)
+}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go b/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
new file mode 100644
index 0000000..91520d1
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
@@ -0,0 +1,16 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !s390x gccgo appengine
+
+package chacha20
+
+const (
+ bufSize = 64
+ haveAsm = false
+)
+
+func (*Cipher) xorKeyStreamAsm(dst, src []byte) {
+ panic("not implemented")
+}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go b/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go
new file mode 100644
index 0000000..0c1c671
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go
@@ -0,0 +1,30 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,!gccgo,!appengine
+
+package chacha20
+
+var haveAsm = hasVectorFacility()
+
+const bufSize = 256
+
+// hasVectorFacility reports whether the machine supports the vector
+// facility (vx).
+// Implementation in asm_s390x.s.
+func hasVectorFacility() bool
+
+// xorKeyStreamVX is an assembly implementation of XORKeyStream. It must only
+// be called when the vector facility is available.
+// Implementation in asm_s390x.s.
+//go:noescape
+func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32, buf *[256]byte, len *int)
+
+func (c *Cipher) xorKeyStreamAsm(dst, src []byte) {
+ xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter, &c.buf, &c.len)
+}
+
+// EXRL targets, DO NOT CALL!
+func mvcSrcToBuf()
+func mvcBufToDst()
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/xor.go b/vendor/golang.org/x/crypto/internal/chacha20/xor.go
new file mode 100644
index 0000000..9c5ba0b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/chacha20/xor.go
@@ -0,0 +1,43 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found src the LICENSE file.
+
+package chacha20
+
+import (
+ "runtime"
+)
+
+// Platforms that have fast unaligned 32-bit little endian accesses.
+const unaligned = runtime.GOARCH == "386" ||
+ runtime.GOARCH == "amd64" ||
+ runtime.GOARCH == "arm64" ||
+ runtime.GOARCH == "ppc64le" ||
+ runtime.GOARCH == "s390x"
+
+// xor reads a little endian uint32 from src, XORs it with u and
+// places the result in little endian byte order in dst.
+func xor(dst, src []byte, u uint32) {
+ _, _ = src[3], dst[3] // eliminate bounds checks
+ if unaligned {
+ // The compiler should optimize this code into
+ // 32-bit unaligned little endian loads and stores.
+ // TODO: delete once the compiler does a reliably
+ // good job with the generic code below.
+ // See issue #25111 for more details.
+ v := uint32(src[0])
+ v |= uint32(src[1]) << 8
+ v |= uint32(src[2]) << 16
+ v |= uint32(src[3]) << 24
+ v ^= u
+ dst[0] = byte(v)
+ dst[1] = byte(v >> 8)
+ dst[2] = byte(v >> 16)
+ dst[3] = byte(v >> 24)
+ } else {
+ dst[0] = src[0] ^ byte(u)
+ dst[1] = src[1] ^ byte(u>>8)
+ dst[2] = src[2] ^ byte(u>>16)
+ dst[3] = src[3] ^ byte(u>>24)
+ }
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/poly1305.go b/vendor/golang.org/x/crypto/poly1305/poly1305.go
new file mode 100644
index 0000000..f562fa5
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/poly1305.go
@@ -0,0 +1,33 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+Package poly1305 implements Poly1305 one-time message authentication code as
+specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
+
+Poly1305 is a fast, one-time authentication function. It is infeasible for an
+attacker to generate an authenticator for a message without the key. However, a
+key must only be used for a single message. Authenticating two different
+messages with the same key allows an attacker to forge authenticators for other
+messages with the same key.
+
+Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was
+used with a fixed key in order to generate one-time keys from an nonce.
+However, in this package AES isn't used and the one-time key is specified
+directly.
+*/
+package poly1305 // import "golang.org/x/crypto/poly1305"
+
+import "crypto/subtle"
+
+// TagSize is the size, in bytes, of a poly1305 authenticator.
+const TagSize = 16
+
+// Verify returns true if mac is a valid authenticator for m with the given
+// key.
+func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
+ var tmp [16]byte
+ Sum(&tmp, m, key)
+ return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
new file mode 100644
index 0000000..4dd72fe
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
@@ -0,0 +1,22 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!gccgo,!appengine
+
+package poly1305
+
+// This function is implemented in sum_amd64.s
+//go:noescape
+func poly1305(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
+
+// Sum generates an authenticator for m using a one-time key and puts the
+// 16-byte result into out. Authenticating two different messages with the same
+// key allows an attacker to forge messages at will.
+func Sum(out *[16]byte, m []byte, key *[32]byte) {
+ var mPtr *byte
+ if len(m) > 0 {
+ mPtr = &m[0]
+ }
+ poly1305(out, mPtr, uint64(len(m)), key)
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.s b/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
new file mode 100644
index 0000000..2edae63
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
@@ -0,0 +1,125 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!gccgo,!appengine
+
+#include "textflag.h"
+
+#define POLY1305_ADD(msg, h0, h1, h2) \
+ ADDQ 0(msg), h0; \
+ ADCQ 8(msg), h1; \
+ ADCQ $1, h2; \
+ LEAQ 16(msg), msg
+
+#define POLY1305_MUL(h0, h1, h2, r0, r1, t0, t1, t2, t3) \
+ MOVQ r0, AX; \
+ MULQ h0; \
+ MOVQ AX, t0; \
+ MOVQ DX, t1; \
+ MOVQ r0, AX; \
+ MULQ h1; \
+ ADDQ AX, t1; \
+ ADCQ $0, DX; \
+ MOVQ r0, t2; \
+ IMULQ h2, t2; \
+ ADDQ DX, t2; \
+ \
+ MOVQ r1, AX; \
+ MULQ h0; \
+ ADDQ AX, t1; \
+ ADCQ $0, DX; \
+ MOVQ DX, h0; \
+ MOVQ r1, t3; \
+ IMULQ h2, t3; \
+ MOVQ r1, AX; \
+ MULQ h1; \
+ ADDQ AX, t2; \
+ ADCQ DX, t3; \
+ ADDQ h0, t2; \
+ ADCQ $0, t3; \
+ \
+ MOVQ t0, h0; \
+ MOVQ t1, h1; \
+ MOVQ t2, h2; \
+ ANDQ $3, h2; \
+ MOVQ t2, t0; \
+ ANDQ $0xFFFFFFFFFFFFFFFC, t0; \
+ ADDQ t0, h0; \
+ ADCQ t3, h1; \
+ ADCQ $0, h2; \
+ SHRQ $2, t3, t2; \
+ SHRQ $2, t3; \
+ ADDQ t2, h0; \
+ ADCQ t3, h1; \
+ ADCQ $0, h2
+
+DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
+DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
+GLOBL ·poly1305Mask<>(SB), RODATA, $16
+
+// func poly1305(out *[16]byte, m *byte, mlen uint64, key *[32]key)
+TEXT ·poly1305(SB), $0-32
+ MOVQ out+0(FP), DI
+ MOVQ m+8(FP), SI
+ MOVQ mlen+16(FP), R15
+ MOVQ key+24(FP), AX
+
+ MOVQ 0(AX), R11
+ MOVQ 8(AX), R12
+ ANDQ ·poly1305Mask<>(SB), R11 // r0
+ ANDQ ·poly1305Mask<>+8(SB), R12 // r1
+ XORQ R8, R8 // h0
+ XORQ R9, R9 // h1
+ XORQ R10, R10 // h2
+
+ CMPQ R15, $16
+ JB bytes_between_0_and_15
+
+loop:
+ POLY1305_ADD(SI, R8, R9, R10)
+
+multiply:
+ POLY1305_MUL(R8, R9, R10, R11, R12, BX, CX, R13, R14)
+ SUBQ $16, R15
+ CMPQ R15, $16
+ JAE loop
+
+bytes_between_0_and_15:
+ TESTQ R15, R15
+ JZ done
+ MOVQ $1, BX
+ XORQ CX, CX
+ XORQ R13, R13
+ ADDQ R15, SI
+
+flush_buffer:
+ SHLQ $8, BX, CX
+ SHLQ $8, BX
+ MOVB -1(SI), R13
+ XORQ R13, BX
+ DECQ SI
+ DECQ R15
+ JNZ flush_buffer
+
+ ADDQ BX, R8
+ ADCQ CX, R9
+ ADCQ $0, R10
+ MOVQ $16, R15
+ JMP multiply
+
+done:
+ MOVQ R8, AX
+ MOVQ R9, BX
+ SUBQ $0xFFFFFFFFFFFFFFFB, AX
+ SBBQ $0xFFFFFFFFFFFFFFFF, BX
+ SBBQ $3, R10
+ CMOVQCS R8, AX
+ CMOVQCS R9, BX
+ MOVQ key+24(FP), R8
+ ADDQ 16(R8), AX
+ ADCQ 24(R8), BX
+
+ MOVQ AX, 0(DI)
+ MOVQ BX, 8(DI)
+ RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_arm.go b/vendor/golang.org/x/crypto/poly1305/sum_arm.go
new file mode 100644
index 0000000..5dc321c
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_arm.go
@@ -0,0 +1,22 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm,!gccgo,!appengine,!nacl
+
+package poly1305
+
+// This function is implemented in sum_arm.s
+//go:noescape
+func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]byte)
+
+// Sum generates an authenticator for m using a one-time key and puts the
+// 16-byte result into out. Authenticating two different messages with the same
+// key allows an attacker to forge messages at will.
+func Sum(out *[16]byte, m []byte, key *[32]byte) {
+ var mPtr *byte
+ if len(m) > 0 {
+ mPtr = &m[0]
+ }
+ poly1305_auth_armv6(out, mPtr, uint32(len(m)), key)
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_arm.s b/vendor/golang.org/x/crypto/poly1305/sum_arm.s
new file mode 100644
index 0000000..f70b4ac
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_arm.s
@@ -0,0 +1,427 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm,!gccgo,!appengine,!nacl
+
+#include "textflag.h"
+
+// This code was translated into a form compatible with 5a from the public
+// domain source by Andrew Moon: github.com/floodyberry/poly1305-opt/blob/master/app/extensions/poly1305.
+
+DATA ·poly1305_init_constants_armv6<>+0x00(SB)/4, $0x3ffffff
+DATA ·poly1305_init_constants_armv6<>+0x04(SB)/4, $0x3ffff03
+DATA ·poly1305_init_constants_armv6<>+0x08(SB)/4, $0x3ffc0ff
+DATA ·poly1305_init_constants_armv6<>+0x0c(SB)/4, $0x3f03fff
+DATA ·poly1305_init_constants_armv6<>+0x10(SB)/4, $0x00fffff
+GLOBL ·poly1305_init_constants_armv6<>(SB), 8, $20
+
+// Warning: the linker may use R11 to synthesize certain instructions. Please
+// take care and verify that no synthetic instructions use it.
+
+TEXT poly1305_init_ext_armv6<>(SB), NOSPLIT, $0
+ // Needs 16 bytes of stack and 64 bytes of space pointed to by R0. (It
+ // might look like it's only 60 bytes of space but the final four bytes
+ // will be written by another function.) We need to skip over four
+ // bytes of stack because that's saving the value of 'g'.
+ ADD $4, R13, R8
+ MOVM.IB [R4-R7], (R8)
+ MOVM.IA.W (R1), [R2-R5]
+ MOVW $·poly1305_init_constants_armv6<>(SB), R7
+ MOVW R2, R8
+ MOVW R2>>26, R9
+ MOVW R3>>20, g
+ MOVW R4>>14, R11
+ MOVW R5>>8, R12
+ ORR R3<<6, R9, R9
+ ORR R4<<12, g, g
+ ORR R5<<18, R11, R11
+ MOVM.IA (R7), [R2-R6]
+ AND R8, R2, R2
+ AND R9, R3, R3
+ AND g, R4, R4
+ AND R11, R5, R5
+ AND R12, R6, R6
+ MOVM.IA.W [R2-R6], (R0)
+ EOR R2, R2, R2
+ EOR R3, R3, R3
+ EOR R4, R4, R4
+ EOR R5, R5, R5
+ EOR R6, R6, R6
+ MOVM.IA.W [R2-R6], (R0)
+ MOVM.IA.W (R1), [R2-R5]
+ MOVM.IA [R2-R6], (R0)
+ ADD $20, R13, R0
+ MOVM.DA (R0), [R4-R7]
+ RET
+
+#define MOVW_UNALIGNED(Rsrc, Rdst, Rtmp, offset) \
+ MOVBU (offset+0)(Rsrc), Rtmp; \
+ MOVBU Rtmp, (offset+0)(Rdst); \
+ MOVBU (offset+1)(Rsrc), Rtmp; \
+ MOVBU Rtmp, (offset+1)(Rdst); \
+ MOVBU (offset+2)(Rsrc), Rtmp; \
+ MOVBU Rtmp, (offset+2)(Rdst); \
+ MOVBU (offset+3)(Rsrc), Rtmp; \
+ MOVBU Rtmp, (offset+3)(Rdst)
+
+TEXT poly1305_blocks_armv6<>(SB), NOSPLIT, $0
+ // Needs 24 bytes of stack for saved registers and then 88 bytes of
+ // scratch space after that. We assume that 24 bytes at (R13) have
+ // already been used: four bytes for the link register saved in the
+ // prelude of poly1305_auth_armv6, four bytes for saving the value of g
+ // in that function and 16 bytes of scratch space used around
+ // poly1305_finish_ext_armv6_skip1.
+ ADD $24, R13, R12
+ MOVM.IB [R4-R8, R14], (R12)
+ MOVW R0, 88(R13)
+ MOVW R1, 92(R13)
+ MOVW R2, 96(R13)
+ MOVW R1, R14
+ MOVW R2, R12
+ MOVW 56(R0), R8
+ WORD $0xe1180008 // TST R8, R8 not working see issue 5921
+ EOR R6, R6, R6
+ MOVW.EQ $(1<<24), R6
+ MOVW R6, 84(R13)
+ ADD $116, R13, g
+ MOVM.IA (R0), [R0-R9]
+ MOVM.IA [R0-R4], (g)
+ CMP $16, R12
+ BLO poly1305_blocks_armv6_done
+
+poly1305_blocks_armv6_mainloop:
+ WORD $0xe31e0003 // TST R14, #3 not working see issue 5921
+ BEQ poly1305_blocks_armv6_mainloop_aligned
+ ADD $100, R13, g
+ MOVW_UNALIGNED(R14, g, R0, 0)
+ MOVW_UNALIGNED(R14, g, R0, 4)
+ MOVW_UNALIGNED(R14, g, R0, 8)
+ MOVW_UNALIGNED(R14, g, R0, 12)
+ MOVM.IA (g), [R0-R3]
+ ADD $16, R14
+ B poly1305_blocks_armv6_mainloop_loaded
+
+poly1305_blocks_armv6_mainloop_aligned:
+ MOVM.IA.W (R14), [R0-R3]
+
+poly1305_blocks_armv6_mainloop_loaded:
+ MOVW R0>>26, g
+ MOVW R1>>20, R11
+ MOVW R2>>14, R12
+ MOVW R14, 92(R13)
+ MOVW R3>>8, R4
+ ORR R1<<6, g, g
+ ORR R2<<12, R11, R11
+ ORR R3<<18, R12, R12
+ BIC $0xfc000000, R0, R0
+ BIC $0xfc000000, g, g
+ MOVW 84(R13), R3
+ BIC $0xfc000000, R11, R11
+ BIC $0xfc000000, R12, R12
+ ADD R0, R5, R5
+ ADD g, R6, R6
+ ORR R3, R4, R4
+ ADD R11, R7, R7
+ ADD $116, R13, R14
+ ADD R12, R8, R8
+ ADD R4, R9, R9
+ MOVM.IA (R14), [R0-R4]
+ MULLU R4, R5, (R11, g)
+ MULLU R3, R5, (R14, R12)
+ MULALU R3, R6, (R11, g)
+ MULALU R2, R6, (R14, R12)
+ MULALU R2, R7, (R11, g)
+ MULALU R1, R7, (R14, R12)
+ ADD R4<<2, R4, R4
+ ADD R3<<2, R3, R3
+ MULALU R1, R8, (R11, g)
+ MULALU R0, R8, (R14, R12)
+ MULALU R0, R9, (R11, g)
+ MULALU R4, R9, (R14, R12)
+ MOVW g, 76(R13)
+ MOVW R11, 80(R13)
+ MOVW R12, 68(R13)
+ MOVW R14, 72(R13)
+ MULLU R2, R5, (R11, g)
+ MULLU R1, R5, (R14, R12)
+ MULALU R1, R6, (R11, g)
+ MULALU R0, R6, (R14, R12)
+ MULALU R0, R7, (R11, g)
+ MULALU R4, R7, (R14, R12)
+ ADD R2<<2, R2, R2
+ ADD R1<<2, R1, R1
+ MULALU R4, R8, (R11, g)
+ MULALU R3, R8, (R14, R12)
+ MULALU R3, R9, (R11, g)
+ MULALU R2, R9, (R14, R12)
+ MOVW g, 60(R13)
+ MOVW R11, 64(R13)
+ MOVW R12, 52(R13)
+ MOVW R14, 56(R13)
+ MULLU R0, R5, (R11, g)
+ MULALU R4, R6, (R11, g)
+ MULALU R3, R7, (R11, g)
+ MULALU R2, R8, (R11, g)
+ MULALU R1, R9, (R11, g)
+ ADD $52, R13, R0
+ MOVM.IA (R0), [R0-R7]
+ MOVW g>>26, R12
+ MOVW R4>>26, R14
+ ORR R11<<6, R12, R12
+ ORR R5<<6, R14, R14
+ BIC $0xfc000000, g, g
+ BIC $0xfc000000, R4, R4
+ ADD.S R12, R0, R0
+ ADC $0, R1, R1
+ ADD.S R14, R6, R6
+ ADC $0, R7, R7
+ MOVW R0>>26, R12
+ MOVW R6>>26, R14
+ ORR R1<<6, R12, R12
+ ORR R7<<6, R14, R14
+ BIC $0xfc000000, R0, R0
+ BIC $0xfc000000, R6, R6
+ ADD R14<<2, R14, R14
+ ADD.S R12, R2, R2
+ ADC $0, R3, R3
+ ADD R14, g, g
+ MOVW R2>>26, R12
+ MOVW g>>26, R14
+ ORR R3<<6, R12, R12
+ BIC $0xfc000000, g, R5
+ BIC $0xfc000000, R2, R7
+ ADD R12, R4, R4
+ ADD R14, R0, R0
+ MOVW R4>>26, R12
+ BIC $0xfc000000, R4, R8
+ ADD R12, R6, R9
+ MOVW 96(R13), R12
+ MOVW 92(R13), R14
+ MOVW R0, R6
+ CMP $32, R12
+ SUB $16, R12, R12
+ MOVW R12, 96(R13)
+ BHS poly1305_blocks_armv6_mainloop
+
+poly1305_blocks_armv6_done:
+ MOVW 88(R13), R12
+ MOVW R5, 20(R12)
+ MOVW R6, 24(R12)
+ MOVW R7, 28(R12)
+ MOVW R8, 32(R12)
+ MOVW R9, 36(R12)
+ ADD $48, R13, R0
+ MOVM.DA (R0), [R4-R8, R14]
+ RET
+
+#define MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp) \
+ MOVBU.P 1(Rsrc), Rtmp; \
+ MOVBU.P Rtmp, 1(Rdst); \
+ MOVBU.P 1(Rsrc), Rtmp; \
+ MOVBU.P Rtmp, 1(Rdst)
+
+#define MOVWP_UNALIGNED(Rsrc, Rdst, Rtmp) \
+ MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp); \
+ MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp)
+
+// func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]key)
+TEXT ·poly1305_auth_armv6(SB), $196-16
+ // The value 196, just above, is the sum of 64 (the size of the context
+ // structure) and 132 (the amount of stack needed).
+ //
+ // At this point, the stack pointer (R13) has been moved down. It
+ // points to the saved link register and there's 196 bytes of free
+ // space above it.
+ //
+ // The stack for this function looks like:
+ //
+ // +---------------------
+ // |
+ // | 64 bytes of context structure
+ // |
+ // +---------------------
+ // |
+ // | 112 bytes for poly1305_blocks_armv6
+ // |
+ // +---------------------
+ // | 16 bytes of final block, constructed at
+ // | poly1305_finish_ext_armv6_skip8
+ // +---------------------
+ // | four bytes of saved 'g'
+ // +---------------------
+ // | lr, saved by prelude <- R13 points here
+ // +---------------------
+ MOVW g, 4(R13)
+
+ MOVW out+0(FP), R4
+ MOVW m+4(FP), R5
+ MOVW mlen+8(FP), R6
+ MOVW key+12(FP), R7
+
+ ADD $136, R13, R0 // 136 = 4 + 4 + 16 + 112
+ MOVW R7, R1
+
+ // poly1305_init_ext_armv6 will write to the stack from R13+4, but
+ // that's ok because none of the other values have been written yet.
+ BL poly1305_init_ext_armv6<>(SB)
+ BIC.S $15, R6, R2
+ BEQ poly1305_auth_armv6_noblocks
+ ADD $136, R13, R0
+ MOVW R5, R1
+ ADD R2, R5, R5
+ SUB R2, R6, R6
+ BL poly1305_blocks_armv6<>(SB)
+
+poly1305_auth_armv6_noblocks:
+ ADD $136, R13, R0
+ MOVW R5, R1
+ MOVW R6, R2
+ MOVW R4, R3
+
+ MOVW R0, R5
+ MOVW R1, R6
+ MOVW R2, R7
+ MOVW R3, R8
+ AND.S R2, R2, R2
+ BEQ poly1305_finish_ext_armv6_noremaining
+ EOR R0, R0
+ ADD $8, R13, R9 // 8 = offset to 16 byte scratch space
+ MOVW R0, (R9)
+ MOVW R0, 4(R9)
+ MOVW R0, 8(R9)
+ MOVW R0, 12(R9)
+ WORD $0xe3110003 // TST R1, #3 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_aligned
+ WORD $0xe3120008 // TST R2, #8 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_skip8
+ MOVWP_UNALIGNED(R1, R9, g)
+ MOVWP_UNALIGNED(R1, R9, g)
+
+poly1305_finish_ext_armv6_skip8:
+ WORD $0xe3120004 // TST $4, R2 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_skip4
+ MOVWP_UNALIGNED(R1, R9, g)
+
+poly1305_finish_ext_armv6_skip4:
+ WORD $0xe3120002 // TST $2, R2 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_skip2
+ MOVHUP_UNALIGNED(R1, R9, g)
+ B poly1305_finish_ext_armv6_skip2
+
+poly1305_finish_ext_armv6_aligned:
+ WORD $0xe3120008 // TST R2, #8 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_skip8_aligned
+ MOVM.IA.W (R1), [g-R11]
+ MOVM.IA.W [g-R11], (R9)
+
+poly1305_finish_ext_armv6_skip8_aligned:
+ WORD $0xe3120004 // TST $4, R2 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_skip4_aligned
+ MOVW.P 4(R1), g
+ MOVW.P g, 4(R9)
+
+poly1305_finish_ext_armv6_skip4_aligned:
+ WORD $0xe3120002 // TST $2, R2 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_skip2
+ MOVHU.P 2(R1), g
+ MOVH.P g, 2(R9)
+
+poly1305_finish_ext_armv6_skip2:
+ WORD $0xe3120001 // TST $1, R2 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_skip1
+ MOVBU.P 1(R1), g
+ MOVBU.P g, 1(R9)
+
+poly1305_finish_ext_armv6_skip1:
+ MOVW $1, R11
+ MOVBU R11, 0(R9)
+ MOVW R11, 56(R5)
+ MOVW R5, R0
+ ADD $8, R13, R1
+ MOVW $16, R2
+ BL poly1305_blocks_armv6<>(SB)
+
+poly1305_finish_ext_armv6_noremaining:
+ MOVW 20(R5), R0
+ MOVW 24(R5), R1
+ MOVW 28(R5), R2
+ MOVW 32(R5), R3
+ MOVW 36(R5), R4
+ MOVW R4>>26, R12
+ BIC $0xfc000000, R4, R4
+ ADD R12<<2, R12, R12
+ ADD R12, R0, R0
+ MOVW R0>>26, R12
+ BIC $0xfc000000, R0, R0
+ ADD R12, R1, R1
+ MOVW R1>>26, R12
+ BIC $0xfc000000, R1, R1
+ ADD R12, R2, R2
+ MOVW R2>>26, R12
+ BIC $0xfc000000, R2, R2
+ ADD R12, R3, R3
+ MOVW R3>>26, R12
+ BIC $0xfc000000, R3, R3
+ ADD R12, R4, R4
+ ADD $5, R0, R6
+ MOVW R6>>26, R12
+ BIC $0xfc000000, R6, R6
+ ADD R12, R1, R7
+ MOVW R7>>26, R12
+ BIC $0xfc000000, R7, R7
+ ADD R12, R2, g
+ MOVW g>>26, R12
+ BIC $0xfc000000, g, g
+ ADD R12, R3, R11
+ MOVW $-(1<<26), R12
+ ADD R11>>26, R12, R12
+ BIC $0xfc000000, R11, R11
+ ADD R12, R4, R9
+ MOVW R9>>31, R12
+ SUB $1, R12
+ AND R12, R6, R6
+ AND R12, R7, R7
+ AND R12, g, g
+ AND R12, R11, R11
+ AND R12, R9, R9
+ MVN R12, R12
+ AND R12, R0, R0
+ AND R12, R1, R1
+ AND R12, R2, R2
+ AND R12, R3, R3
+ AND R12, R4, R4
+ ORR R6, R0, R0
+ ORR R7, R1, R1
+ ORR g, R2, R2
+ ORR R11, R3, R3
+ ORR R9, R4, R4
+ ORR R1<<26, R0, R0
+ MOVW R1>>6, R1
+ ORR R2<<20, R1, R1
+ MOVW R2>>12, R2
+ ORR R3<<14, R2, R2
+ MOVW R3>>18, R3
+ ORR R4<<8, R3, R3
+ MOVW 40(R5), R6
+ MOVW 44(R5), R7
+ MOVW 48(R5), g
+ MOVW 52(R5), R11
+ ADD.S R6, R0, R0
+ ADC.S R7, R1, R1
+ ADC.S g, R2, R2
+ ADC.S R11, R3, R3
+ MOVM.IA [R0-R3], (R8)
+ MOVW R5, R12
+ EOR R0, R0, R0
+ EOR R1, R1, R1
+ EOR R2, R2, R2
+ EOR R3, R3, R3
+ EOR R4, R4, R4
+ EOR R5, R5, R5
+ EOR R6, R6, R6
+ EOR R7, R7, R7
+ MOVM.IA.W [R0-R7], (R12)
+ MOVM.IA [R0-R7], (R12)
+ MOVW 4(R13), g
+ RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_noasm.go b/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
new file mode 100644
index 0000000..751eec5
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
@@ -0,0 +1,14 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,!go1.11 !arm,!amd64,!s390x gccgo appengine nacl
+
+package poly1305
+
+// Sum generates an authenticator for msg using a one-time key and puts the
+// 16-byte result into out. Authenticating two different messages with the same
+// key allows an attacker to forge messages at will.
+func Sum(out *[TagSize]byte, msg []byte, key *[32]byte) {
+ sumGeneric(out, msg, key)
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_ref.go b/vendor/golang.org/x/crypto/poly1305/sum_ref.go
new file mode 100644
index 0000000..c4d59bd
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_ref.go
@@ -0,0 +1,139 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package poly1305
+
+import "encoding/binary"
+
+// sumGeneric generates an authenticator for msg using a one-time key and
+// puts the 16-byte result into out. This is the generic implementation of
+// Sum and should be called if no assembly implementation is available.
+func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) {
+ var (
+ h0, h1, h2, h3, h4 uint32 // the hash accumulators
+ r0, r1, r2, r3, r4 uint64 // the r part of the key
+ )
+
+ r0 = uint64(binary.LittleEndian.Uint32(key[0:]) & 0x3ffffff)
+ r1 = uint64((binary.LittleEndian.Uint32(key[3:]) >> 2) & 0x3ffff03)
+ r2 = uint64((binary.LittleEndian.Uint32(key[6:]) >> 4) & 0x3ffc0ff)
+ r3 = uint64((binary.LittleEndian.Uint32(key[9:]) >> 6) & 0x3f03fff)
+ r4 = uint64((binary.LittleEndian.Uint32(key[12:]) >> 8) & 0x00fffff)
+
+ R1, R2, R3, R4 := r1*5, r2*5, r3*5, r4*5
+
+ for len(msg) >= TagSize {
+ // h += msg
+ h0 += binary.LittleEndian.Uint32(msg[0:]) & 0x3ffffff
+ h1 += (binary.LittleEndian.Uint32(msg[3:]) >> 2) & 0x3ffffff
+ h2 += (binary.LittleEndian.Uint32(msg[6:]) >> 4) & 0x3ffffff
+ h3 += (binary.LittleEndian.Uint32(msg[9:]) >> 6) & 0x3ffffff
+ h4 += (binary.LittleEndian.Uint32(msg[12:]) >> 8) | (1 << 24)
+
+ // h *= r
+ d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1)
+ d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2)
+ d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3)
+ d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4)
+ d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0)
+
+ // h %= p
+ h0 = uint32(d0) & 0x3ffffff
+ h1 = uint32(d1) & 0x3ffffff
+ h2 = uint32(d2) & 0x3ffffff
+ h3 = uint32(d3) & 0x3ffffff
+ h4 = uint32(d4) & 0x3ffffff
+
+ h0 += uint32(d4>>26) * 5
+ h1 += h0 >> 26
+ h0 = h0 & 0x3ffffff
+
+ msg = msg[TagSize:]
+ }
+
+ if len(msg) > 0 {
+ var block [TagSize]byte
+ off := copy(block[:], msg)
+ block[off] = 0x01
+
+ // h += msg
+ h0 += binary.LittleEndian.Uint32(block[0:]) & 0x3ffffff
+ h1 += (binary.LittleEndian.Uint32(block[3:]) >> 2) & 0x3ffffff
+ h2 += (binary.LittleEndian.Uint32(block[6:]) >> 4) & 0x3ffffff
+ h3 += (binary.LittleEndian.Uint32(block[9:]) >> 6) & 0x3ffffff
+ h4 += (binary.LittleEndian.Uint32(block[12:]) >> 8)
+
+ // h *= r
+ d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1)
+ d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2)
+ d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3)
+ d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4)
+ d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0)
+
+ // h %= p
+ h0 = uint32(d0) & 0x3ffffff
+ h1 = uint32(d1) & 0x3ffffff
+ h2 = uint32(d2) & 0x3ffffff
+ h3 = uint32(d3) & 0x3ffffff
+ h4 = uint32(d4) & 0x3ffffff
+
+ h0 += uint32(d4>>26) * 5
+ h1 += h0 >> 26
+ h0 = h0 & 0x3ffffff
+ }
+
+ // h %= p reduction
+ h2 += h1 >> 26
+ h1 &= 0x3ffffff
+ h3 += h2 >> 26
+ h2 &= 0x3ffffff
+ h4 += h3 >> 26
+ h3 &= 0x3ffffff
+ h0 += 5 * (h4 >> 26)
+ h4 &= 0x3ffffff
+ h1 += h0 >> 26
+ h0 &= 0x3ffffff
+
+ // h - p
+ t0 := h0 + 5
+ t1 := h1 + (t0 >> 26)
+ t2 := h2 + (t1 >> 26)
+ t3 := h3 + (t2 >> 26)
+ t4 := h4 + (t3 >> 26) - (1 << 26)
+ t0 &= 0x3ffffff
+ t1 &= 0x3ffffff
+ t2 &= 0x3ffffff
+ t3 &= 0x3ffffff
+
+ // select h if h < p else h - p
+ t_mask := (t4 >> 31) - 1
+ h_mask := ^t_mask
+ h0 = (h0 & h_mask) | (t0 & t_mask)
+ h1 = (h1 & h_mask) | (t1 & t_mask)
+ h2 = (h2 & h_mask) | (t2 & t_mask)
+ h3 = (h3 & h_mask) | (t3 & t_mask)
+ h4 = (h4 & h_mask) | (t4 & t_mask)
+
+ // h %= 2^128
+ h0 |= h1 << 26
+ h1 = ((h1 >> 6) | (h2 << 20))
+ h2 = ((h2 >> 12) | (h3 << 14))
+ h3 = ((h3 >> 18) | (h4 << 8))
+
+ // s: the s part of the key
+ // tag = (h + s) % (2^128)
+ t := uint64(h0) + uint64(binary.LittleEndian.Uint32(key[16:]))
+ h0 = uint32(t)
+ t = uint64(h1) + uint64(binary.LittleEndian.Uint32(key[20:])) + (t >> 32)
+ h1 = uint32(t)
+ t = uint64(h2) + uint64(binary.LittleEndian.Uint32(key[24:])) + (t >> 32)
+ h2 = uint32(t)
+ t = uint64(h3) + uint64(binary.LittleEndian.Uint32(key[28:])) + (t >> 32)
+ h3 = uint32(t)
+
+ binary.LittleEndian.PutUint32(out[0:], h0)
+ binary.LittleEndian.PutUint32(out[4:], h1)
+ binary.LittleEndian.PutUint32(out[8:], h2)
+ binary.LittleEndian.PutUint32(out[12:], h3)
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_s390x.go b/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
new file mode 100644
index 0000000..7a266ce
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
@@ -0,0 +1,49 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,go1.11,!gccgo,!appengine
+
+package poly1305
+
+// hasVectorFacility reports whether the machine supports
+// the vector facility (vx).
+func hasVectorFacility() bool
+
+// hasVMSLFacility reports whether the machine supports
+// Vector Multiply Sum Logical (VMSL).
+func hasVMSLFacility() bool
+
+var hasVX = hasVectorFacility()
+var hasVMSL = hasVMSLFacility()
+
+// poly1305vx is an assembly implementation of Poly1305 that uses vector
+// instructions. It must only be called if the vector facility (vx) is
+// available.
+//go:noescape
+func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
+
+// poly1305vmsl is an assembly implementation of Poly1305 that uses vector
+// instructions, including VMSL. It must only be called if the vector facility (vx) is
+// available and if VMSL is supported.
+//go:noescape
+func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
+
+// Sum generates an authenticator for m using a one-time key and puts the
+// 16-byte result into out. Authenticating two different messages with the same
+// key allows an attacker to forge messages at will.
+func Sum(out *[16]byte, m []byte, key *[32]byte) {
+ if hasVX {
+ var mPtr *byte
+ if len(m) > 0 {
+ mPtr = &m[0]
+ }
+ if hasVMSL && len(m) > 256 {
+ poly1305vmsl(out, mPtr, uint64(len(m)), key)
+ } else {
+ poly1305vx(out, mPtr, uint64(len(m)), key)
+ }
+ } else {
+ sumGeneric(out, m, key)
+ }
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_s390x.s b/vendor/golang.org/x/crypto/poly1305/sum_s390x.s
new file mode 100644
index 0000000..356c07a
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_s390x.s
@@ -0,0 +1,400 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,go1.11,!gccgo,!appengine
+
+#include "textflag.h"
+
+// Implementation of Poly1305 using the vector facility (vx).
+
+// constants
+#define MOD26 V0
+#define EX0 V1
+#define EX1 V2
+#define EX2 V3
+
+// temporaries
+#define T_0 V4
+#define T_1 V5
+#define T_2 V6
+#define T_3 V7
+#define T_4 V8
+
+// key (r)
+#define R_0 V9
+#define R_1 V10
+#define R_2 V11
+#define R_3 V12
+#define R_4 V13
+#define R5_1 V14
+#define R5_2 V15
+#define R5_3 V16
+#define R5_4 V17
+#define RSAVE_0 R5
+#define RSAVE_1 R6
+#define RSAVE_2 R7
+#define RSAVE_3 R8
+#define RSAVE_4 R9
+#define R5SAVE_1 V28
+#define R5SAVE_2 V29
+#define R5SAVE_3 V30
+#define R5SAVE_4 V31
+
+// message block
+#define F_0 V18
+#define F_1 V19
+#define F_2 V20
+#define F_3 V21
+#define F_4 V22
+
+// accumulator
+#define H_0 V23
+#define H_1 V24
+#define H_2 V25
+#define H_3 V26
+#define H_4 V27
+
+GLOBL ·keyMask<>(SB), RODATA, $16
+DATA ·keyMask<>+0(SB)/8, $0xffffff0ffcffff0f
+DATA ·keyMask<>+8(SB)/8, $0xfcffff0ffcffff0f
+
+GLOBL ·bswapMask<>(SB), RODATA, $16
+DATA ·bswapMask<>+0(SB)/8, $0x0f0e0d0c0b0a0908
+DATA ·bswapMask<>+8(SB)/8, $0x0706050403020100
+
+GLOBL ·constants<>(SB), RODATA, $64
+// MOD26
+DATA ·constants<>+0(SB)/8, $0x3ffffff
+DATA ·constants<>+8(SB)/8, $0x3ffffff
+// EX0
+DATA ·constants<>+16(SB)/8, $0x0006050403020100
+DATA ·constants<>+24(SB)/8, $0x1016151413121110
+// EX1
+DATA ·constants<>+32(SB)/8, $0x060c0b0a09080706
+DATA ·constants<>+40(SB)/8, $0x161c1b1a19181716
+// EX2
+DATA ·constants<>+48(SB)/8, $0x0d0d0d0d0d0f0e0d
+DATA ·constants<>+56(SB)/8, $0x1d1d1d1d1d1f1e1d
+
+// h = (f*g) % (2**130-5) [partial reduction]
+#define MULTIPLY(f0, f1, f2, f3, f4, g0, g1, g2, g3, g4, g51, g52, g53, g54, h0, h1, h2, h3, h4) \
+ VMLOF f0, g0, h0 \
+ VMLOF f0, g1, h1 \
+ VMLOF f0, g2, h2 \
+ VMLOF f0, g3, h3 \
+ VMLOF f0, g4, h4 \
+ VMLOF f1, g54, T_0 \
+ VMLOF f1, g0, T_1 \
+ VMLOF f1, g1, T_2 \
+ VMLOF f1, g2, T_3 \
+ VMLOF f1, g3, T_4 \
+ VMALOF f2, g53, h0, h0 \
+ VMALOF f2, g54, h1, h1 \
+ VMALOF f2, g0, h2, h2 \
+ VMALOF f2, g1, h3, h3 \
+ VMALOF f2, g2, h4, h4 \
+ VMALOF f3, g52, T_0, T_0 \
+ VMALOF f3, g53, T_1, T_1 \
+ VMALOF f3, g54, T_2, T_2 \
+ VMALOF f3, g0, T_3, T_3 \
+ VMALOF f3, g1, T_4, T_4 \
+ VMALOF f4, g51, h0, h0 \
+ VMALOF f4, g52, h1, h1 \
+ VMALOF f4, g53, h2, h2 \
+ VMALOF f4, g54, h3, h3 \
+ VMALOF f4, g0, h4, h4 \
+ VAG T_0, h0, h0 \
+ VAG T_1, h1, h1 \
+ VAG T_2, h2, h2 \
+ VAG T_3, h3, h3 \
+ VAG T_4, h4, h4
+
+// carry h0->h1 h3->h4, h1->h2 h4->h0, h0->h1 h2->h3, h3->h4
+#define REDUCE(h0, h1, h2, h3, h4) \
+ VESRLG $26, h0, T_0 \
+ VESRLG $26, h3, T_1 \
+ VN MOD26, h0, h0 \
+ VN MOD26, h3, h3 \
+ VAG T_0, h1, h1 \
+ VAG T_1, h4, h4 \
+ VESRLG $26, h1, T_2 \
+ VESRLG $26, h4, T_3 \
+ VN MOD26, h1, h1 \
+ VN MOD26, h4, h4 \
+ VESLG $2, T_3, T_4 \
+ VAG T_3, T_4, T_4 \
+ VAG T_2, h2, h2 \
+ VAG T_4, h0, h0 \
+ VESRLG $26, h2, T_0 \
+ VESRLG $26, h0, T_1 \
+ VN MOD26, h2, h2 \
+ VN MOD26, h0, h0 \
+ VAG T_0, h3, h3 \
+ VAG T_1, h1, h1 \
+ VESRLG $26, h3, T_2 \
+ VN MOD26, h3, h3 \
+ VAG T_2, h4, h4
+
+// expand in0 into d[0] and in1 into d[1]
+#define EXPAND(in0, in1, d0, d1, d2, d3, d4) \
+ VGBM $0x0707, d1 \ // d1=tmp
+ VPERM in0, in1, EX2, d4 \
+ VPERM in0, in1, EX0, d0 \
+ VPERM in0, in1, EX1, d2 \
+ VN d1, d4, d4 \
+ VESRLG $26, d0, d1 \
+ VESRLG $30, d2, d3 \
+ VESRLG $4, d2, d2 \
+ VN MOD26, d0, d0 \
+ VN MOD26, d1, d1 \
+ VN MOD26, d2, d2 \
+ VN MOD26, d3, d3
+
+// pack h4:h0 into h1:h0 (no carry)
+#define PACK(h0, h1, h2, h3, h4) \
+ VESLG $26, h1, h1 \
+ VESLG $26, h3, h3 \
+ VO h0, h1, h0 \
+ VO h2, h3, h2 \
+ VESLG $4, h2, h2 \
+ VLEIB $7, $48, h1 \
+ VSLB h1, h2, h2 \
+ VO h0, h2, h0 \
+ VLEIB $7, $104, h1 \
+ VSLB h1, h4, h3 \
+ VO h3, h0, h0 \
+ VLEIB $7, $24, h1 \
+ VSRLB h1, h4, h1
+
+// if h > 2**130-5 then h -= 2**130-5
+#define MOD(h0, h1, t0, t1, t2) \
+ VZERO t0 \
+ VLEIG $1, $5, t0 \
+ VACCQ h0, t0, t1 \
+ VAQ h0, t0, t0 \
+ VONE t2 \
+ VLEIG $1, $-4, t2 \
+ VAQ t2, t1, t1 \
+ VACCQ h1, t1, t1 \
+ VONE t2 \
+ VAQ t2, t1, t1 \
+ VN h0, t1, t2 \
+ VNC t0, t1, t1 \
+ VO t1, t2, h0
+
+// func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]key)
+TEXT ·poly1305vx(SB), $0-32
+ // This code processes up to 2 blocks (32 bytes) per iteration
+ // using the algorithm described in:
+ // NEON crypto, Daniel J. Bernstein & Peter Schwabe
+ // https://cryptojedi.org/papers/neoncrypto-20120320.pdf
+ LMG out+0(FP), R1, R4 // R1=out, R2=m, R3=mlen, R4=key
+
+ // load MOD26, EX0, EX1 and EX2
+ MOVD $·constants<>(SB), R5
+ VLM (R5), MOD26, EX2
+
+ // setup r
+ VL (R4), T_0
+ MOVD $·keyMask<>(SB), R6
+ VL (R6), T_1
+ VN T_0, T_1, T_0
+ EXPAND(T_0, T_0, R_0, R_1, R_2, R_3, R_4)
+
+ // setup r*5
+ VLEIG $0, $5, T_0
+ VLEIG $1, $5, T_0
+
+ // store r (for final block)
+ VMLOF T_0, R_1, R5SAVE_1
+ VMLOF T_0, R_2, R5SAVE_2
+ VMLOF T_0, R_3, R5SAVE_3
+ VMLOF T_0, R_4, R5SAVE_4
+ VLGVG $0, R_0, RSAVE_0
+ VLGVG $0, R_1, RSAVE_1
+ VLGVG $0, R_2, RSAVE_2
+ VLGVG $0, R_3, RSAVE_3
+ VLGVG $0, R_4, RSAVE_4
+
+ // skip r**2 calculation
+ CMPBLE R3, $16, skip
+
+ // calculate r**2
+ MULTIPLY(R_0, R_1, R_2, R_3, R_4, R_0, R_1, R_2, R_3, R_4, R5SAVE_1, R5SAVE_2, R5SAVE_3, R5SAVE_4, H_0, H_1, H_2, H_3, H_4)
+ REDUCE(H_0, H_1, H_2, H_3, H_4)
+ VLEIG $0, $5, T_0
+ VLEIG $1, $5, T_0
+ VMLOF T_0, H_1, R5_1
+ VMLOF T_0, H_2, R5_2
+ VMLOF T_0, H_3, R5_3
+ VMLOF T_0, H_4, R5_4
+ VLR H_0, R_0
+ VLR H_1, R_1
+ VLR H_2, R_2
+ VLR H_3, R_3
+ VLR H_4, R_4
+
+ // initialize h
+ VZERO H_0
+ VZERO H_1
+ VZERO H_2
+ VZERO H_3
+ VZERO H_4
+
+loop:
+ CMPBLE R3, $32, b2
+ VLM (R2), T_0, T_1
+ SUB $32, R3
+ MOVD $32(R2), R2
+ EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4)
+ VLEIB $4, $1, F_4
+ VLEIB $12, $1, F_4
+
+multiply:
+ VAG H_0, F_0, F_0
+ VAG H_1, F_1, F_1
+ VAG H_2, F_2, F_2
+ VAG H_3, F_3, F_3
+ VAG H_4, F_4, F_4
+ MULTIPLY(F_0, F_1, F_2, F_3, F_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, H_0, H_1, H_2, H_3, H_4)
+ REDUCE(H_0, H_1, H_2, H_3, H_4)
+ CMPBNE R3, $0, loop
+
+finish:
+ // sum vectors
+ VZERO T_0
+ VSUMQG H_0, T_0, H_0
+ VSUMQG H_1, T_0, H_1
+ VSUMQG H_2, T_0, H_2
+ VSUMQG H_3, T_0, H_3
+ VSUMQG H_4, T_0, H_4
+
+ // h may be >= 2*(2**130-5) so we need to reduce it again
+ REDUCE(H_0, H_1, H_2, H_3, H_4)
+
+ // carry h1->h4
+ VESRLG $26, H_1, T_1
+ VN MOD26, H_1, H_1
+ VAQ T_1, H_2, H_2
+ VESRLG $26, H_2, T_2
+ VN MOD26, H_2, H_2
+ VAQ T_2, H_3, H_3
+ VESRLG $26, H_3, T_3
+ VN MOD26, H_3, H_3
+ VAQ T_3, H_4, H_4
+
+ // h is now < 2*(2**130-5)
+ // pack h into h1 (hi) and h0 (lo)
+ PACK(H_0, H_1, H_2, H_3, H_4)
+
+ // if h > 2**130-5 then h -= 2**130-5
+ MOD(H_0, H_1, T_0, T_1, T_2)
+
+ // h += s
+ MOVD $·bswapMask<>(SB), R5
+ VL (R5), T_1
+ VL 16(R4), T_0
+ VPERM T_0, T_0, T_1, T_0 // reverse bytes (to big)
+ VAQ T_0, H_0, H_0
+ VPERM H_0, H_0, T_1, H_0 // reverse bytes (to little)
+ VST H_0, (R1)
+
+ RET
+
+b2:
+ CMPBLE R3, $16, b1
+
+ // 2 blocks remaining
+ SUB $17, R3
+ VL (R2), T_0
+ VLL R3, 16(R2), T_1
+ ADD $1, R3
+ MOVBZ $1, R0
+ CMPBEQ R3, $16, 2(PC)
+ VLVGB R3, R0, T_1
+ EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4)
+ CMPBNE R3, $16, 2(PC)
+ VLEIB $12, $1, F_4
+ VLEIB $4, $1, F_4
+
+ // setup [r²,r]
+ VLVGG $1, RSAVE_0, R_0
+ VLVGG $1, RSAVE_1, R_1
+ VLVGG $1, RSAVE_2, R_2
+ VLVGG $1, RSAVE_3, R_3
+ VLVGG $1, RSAVE_4, R_4
+ VPDI $0, R5_1, R5SAVE_1, R5_1
+ VPDI $0, R5_2, R5SAVE_2, R5_2
+ VPDI $0, R5_3, R5SAVE_3, R5_3
+ VPDI $0, R5_4, R5SAVE_4, R5_4
+
+ MOVD $0, R3
+ BR multiply
+
+skip:
+ VZERO H_0
+ VZERO H_1
+ VZERO H_2
+ VZERO H_3
+ VZERO H_4
+
+ CMPBEQ R3, $0, finish
+
+b1:
+ // 1 block remaining
+ SUB $1, R3
+ VLL R3, (R2), T_0
+ ADD $1, R3
+ MOVBZ $1, R0
+ CMPBEQ R3, $16, 2(PC)
+ VLVGB R3, R0, T_0
+ VZERO T_1
+ EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4)
+ CMPBNE R3, $16, 2(PC)
+ VLEIB $4, $1, F_4
+ VLEIG $1, $1, R_0
+ VZERO R_1
+ VZERO R_2
+ VZERO R_3
+ VZERO R_4
+ VZERO R5_1
+ VZERO R5_2
+ VZERO R5_3
+ VZERO R5_4
+
+ // setup [r, 1]
+ VLVGG $0, RSAVE_0, R_0
+ VLVGG $0, RSAVE_1, R_1
+ VLVGG $0, RSAVE_2, R_2
+ VLVGG $0, RSAVE_3, R_3
+ VLVGG $0, RSAVE_4, R_4
+ VPDI $0, R5SAVE_1, R5_1, R5_1
+ VPDI $0, R5SAVE_2, R5_2, R5_2
+ VPDI $0, R5SAVE_3, R5_3, R5_3
+ VPDI $0, R5SAVE_4, R5_4, R5_4
+
+ MOVD $0, R3
+ BR multiply
+
+TEXT ·hasVectorFacility(SB), NOSPLIT, $24-1
+ MOVD $x-24(SP), R1
+ XC $24, 0(R1), 0(R1) // clear the storage
+ MOVD $2, R0 // R0 is the number of double words stored -1
+ WORD $0xB2B01000 // STFLE 0(R1)
+ XOR R0, R0 // reset the value of R0
+ MOVBZ z-8(SP), R1
+ AND $0x40, R1
+ BEQ novector
+
+vectorinstalled:
+ // check if the vector instruction has been enabled
+ VLEIB $0, $0xF, V16
+ VLGVB $0, V16, R1
+ CMPBNE R1, $0xF, novector
+ MOVB $1, ret+0(FP) // have vx
+ RET
+
+novector:
+ MOVB $0, ret+0(FP) // no vx
+ RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s b/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s
new file mode 100644
index 0000000..e548020
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s
@@ -0,0 +1,931 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,go1.11,!gccgo,!appengine
+
+#include "textflag.h"
+
+// Implementation of Poly1305 using the vector facility (vx) and the VMSL instruction.
+
+// constants
+#define EX0 V1
+#define EX1 V2
+#define EX2 V3
+
+// temporaries
+#define T_0 V4
+#define T_1 V5
+#define T_2 V6
+#define T_3 V7
+#define T_4 V8
+#define T_5 V9
+#define T_6 V10
+#define T_7 V11
+#define T_8 V12
+#define T_9 V13
+#define T_10 V14
+
+// r**2 & r**4
+#define R_0 V15
+#define R_1 V16
+#define R_2 V17
+#define R5_1 V18
+#define R5_2 V19
+// key (r)
+#define RSAVE_0 R7
+#define RSAVE_1 R8
+#define RSAVE_2 R9
+#define R5SAVE_1 R10
+#define R5SAVE_2 R11
+
+// message block
+#define M0 V20
+#define M1 V21
+#define M2 V22
+#define M3 V23
+#define M4 V24
+#define M5 V25
+
+// accumulator
+#define H0_0 V26
+#define H1_0 V27
+#define H2_0 V28
+#define H0_1 V29
+#define H1_1 V30
+#define H2_1 V31
+
+GLOBL ·keyMask<>(SB), RODATA, $16
+DATA ·keyMask<>+0(SB)/8, $0xffffff0ffcffff0f
+DATA ·keyMask<>+8(SB)/8, $0xfcffff0ffcffff0f
+
+GLOBL ·bswapMask<>(SB), RODATA, $16
+DATA ·bswapMask<>+0(SB)/8, $0x0f0e0d0c0b0a0908
+DATA ·bswapMask<>+8(SB)/8, $0x0706050403020100
+
+GLOBL ·constants<>(SB), RODATA, $48
+// EX0
+DATA ·constants<>+0(SB)/8, $0x18191a1b1c1d1e1f
+DATA ·constants<>+8(SB)/8, $0x0000050403020100
+// EX1
+DATA ·constants<>+16(SB)/8, $0x18191a1b1c1d1e1f
+DATA ·constants<>+24(SB)/8, $0x00000a0908070605
+// EX2
+DATA ·constants<>+32(SB)/8, $0x18191a1b1c1d1e1f
+DATA ·constants<>+40(SB)/8, $0x0000000f0e0d0c0b
+
+GLOBL ·c<>(SB), RODATA, $48
+// EX0
+DATA ·c<>+0(SB)/8, $0x0000050403020100
+DATA ·c<>+8(SB)/8, $0x0000151413121110
+// EX1
+DATA ·c<>+16(SB)/8, $0x00000a0908070605
+DATA ·c<>+24(SB)/8, $0x00001a1918171615
+// EX2
+DATA ·c<>+32(SB)/8, $0x0000000f0e0d0c0b
+DATA ·c<>+40(SB)/8, $0x0000001f1e1d1c1b
+
+GLOBL ·reduce<>(SB), RODATA, $32
+// 44 bit
+DATA ·reduce<>+0(SB)/8, $0x0
+DATA ·reduce<>+8(SB)/8, $0xfffffffffff
+// 42 bit
+DATA ·reduce<>+16(SB)/8, $0x0
+DATA ·reduce<>+24(SB)/8, $0x3ffffffffff
+
+// h = (f*g) % (2**130-5) [partial reduction]
+// uses T_0...T_9 temporary registers
+// input: m02_0, m02_1, m02_2, m13_0, m13_1, m13_2, r_0, r_1, r_2, r5_1, r5_2, m4_0, m4_1, m4_2, m5_0, m5_1, m5_2
+// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8, t9
+// output: m02_0, m02_1, m02_2, m13_0, m13_1, m13_2
+#define MULTIPLY(m02_0, m02_1, m02_2, m13_0, m13_1, m13_2, r_0, r_1, r_2, r5_1, r5_2, m4_0, m4_1, m4_2, m5_0, m5_1, m5_2, t0, t1, t2, t3, t4, t5, t6, t7, t8, t9) \
+ \ // Eliminate the dependency for the last 2 VMSLs
+ VMSLG m02_0, r_2, m4_2, m4_2 \
+ VMSLG m13_0, r_2, m5_2, m5_2 \ // 8 VMSLs pipelined
+ VMSLG m02_0, r_0, m4_0, m4_0 \
+ VMSLG m02_1, r5_2, V0, T_0 \
+ VMSLG m02_0, r_1, m4_1, m4_1 \
+ VMSLG m02_1, r_0, V0, T_1 \
+ VMSLG m02_1, r_1, V0, T_2 \
+ VMSLG m02_2, r5_1, V0, T_3 \
+ VMSLG m02_2, r5_2, V0, T_4 \
+ VMSLG m13_0, r_0, m5_0, m5_0 \
+ VMSLG m13_1, r5_2, V0, T_5 \
+ VMSLG m13_0, r_1, m5_1, m5_1 \
+ VMSLG m13_1, r_0, V0, T_6 \
+ VMSLG m13_1, r_1, V0, T_7 \
+ VMSLG m13_2, r5_1, V0, T_8 \
+ VMSLG m13_2, r5_2, V0, T_9 \
+ VMSLG m02_2, r_0, m4_2, m4_2 \
+ VMSLG m13_2, r_0, m5_2, m5_2 \
+ VAQ m4_0, T_0, m02_0 \
+ VAQ m4_1, T_1, m02_1 \
+ VAQ m5_0, T_5, m13_0 \
+ VAQ m5_1, T_6, m13_1 \
+ VAQ m02_0, T_3, m02_0 \
+ VAQ m02_1, T_4, m02_1 \
+ VAQ m13_0, T_8, m13_0 \
+ VAQ m13_1, T_9, m13_1 \
+ VAQ m4_2, T_2, m02_2 \
+ VAQ m5_2, T_7, m13_2 \
+
+// SQUARE uses three limbs of r and r_2*5 to output square of r
+// uses T_1, T_5 and T_7 temporary registers
+// input: r_0, r_1, r_2, r5_2
+// temp: TEMP0, TEMP1, TEMP2
+// output: p0, p1, p2
+#define SQUARE(r_0, r_1, r_2, r5_2, p0, p1, p2, TEMP0, TEMP1, TEMP2) \
+ VMSLG r_0, r_0, p0, p0 \
+ VMSLG r_1, r5_2, V0, TEMP0 \
+ VMSLG r_2, r5_2, p1, p1 \
+ VMSLG r_0, r_1, V0, TEMP1 \
+ VMSLG r_1, r_1, p2, p2 \
+ VMSLG r_0, r_2, V0, TEMP2 \
+ VAQ TEMP0, p0, p0 \
+ VAQ TEMP1, p1, p1 \
+ VAQ TEMP2, p2, p2 \
+ VAQ TEMP0, p0, p0 \
+ VAQ TEMP1, p1, p1 \
+ VAQ TEMP2, p2, p2 \
+
+// carry h0->h1->h2->h0 || h3->h4->h5->h3
+// uses T_2, T_4, T_5, T_7, T_8, T_9
+// t6, t7, t8, t9, t10, t11
+// input: h0, h1, h2, h3, h4, h5
+// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11
+// output: h0, h1, h2, h3, h4, h5
+#define REDUCE(h0, h1, h2, h3, h4, h5, t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11) \
+ VLM (R12), t6, t7 \ // 44 and 42 bit clear mask
+ VLEIB $7, $0x28, t10 \ // 5 byte shift mask
+ VREPIB $4, t8 \ // 4 bit shift mask
+ VREPIB $2, t11 \ // 2 bit shift mask
+ VSRLB t10, h0, t0 \ // h0 byte shift
+ VSRLB t10, h1, t1 \ // h1 byte shift
+ VSRLB t10, h2, t2 \ // h2 byte shift
+ VSRLB t10, h3, t3 \ // h3 byte shift
+ VSRLB t10, h4, t4 \ // h4 byte shift
+ VSRLB t10, h5, t5 \ // h5 byte shift
+ VSRL t8, t0, t0 \ // h0 bit shift
+ VSRL t8, t1, t1 \ // h2 bit shift
+ VSRL t11, t2, t2 \ // h2 bit shift
+ VSRL t8, t3, t3 \ // h3 bit shift
+ VSRL t8, t4, t4 \ // h4 bit shift
+ VESLG $2, t2, t9 \ // h2 carry x5
+ VSRL t11, t5, t5 \ // h5 bit shift
+ VN t6, h0, h0 \ // h0 clear carry
+ VAQ t2, t9, t2 \ // h2 carry x5
+ VESLG $2, t5, t9 \ // h5 carry x5
+ VN t6, h1, h1 \ // h1 clear carry
+ VN t7, h2, h2 \ // h2 clear carry
+ VAQ t5, t9, t5 \ // h5 carry x5
+ VN t6, h3, h3 \ // h3 clear carry
+ VN t6, h4, h4 \ // h4 clear carry
+ VN t7, h5, h5 \ // h5 clear carry
+ VAQ t0, h1, h1 \ // h0->h1
+ VAQ t3, h4, h4 \ // h3->h4
+ VAQ t1, h2, h2 \ // h1->h2
+ VAQ t4, h5, h5 \ // h4->h5
+ VAQ t2, h0, h0 \ // h2->h0
+ VAQ t5, h3, h3 \ // h5->h3
+ VREPG $1, t6, t6 \ // 44 and 42 bit masks across both halves
+ VREPG $1, t7, t7 \
+ VSLDB $8, h0, h0, h0 \ // set up [h0/1/2, h3/4/5]
+ VSLDB $8, h1, h1, h1 \
+ VSLDB $8, h2, h2, h2 \
+ VO h0, h3, h3 \
+ VO h1, h4, h4 \
+ VO h2, h5, h5 \
+ VESRLG $44, h3, t0 \ // 44 bit shift right
+ VESRLG $44, h4, t1 \
+ VESRLG $42, h5, t2 \
+ VN t6, h3, h3 \ // clear carry bits
+ VN t6, h4, h4 \
+ VN t7, h5, h5 \
+ VESLG $2, t2, t9 \ // multiply carry by 5
+ VAQ t9, t2, t2 \
+ VAQ t0, h4, h4 \
+ VAQ t1, h5, h5 \
+ VAQ t2, h3, h3 \
+
+// carry h0->h1->h2->h0
+// input: h0, h1, h2
+// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8
+// output: h0, h1, h2
+#define REDUCE2(h0, h1, h2, t0, t1, t2, t3, t4, t5, t6, t7, t8) \
+ VLEIB $7, $0x28, t3 \ // 5 byte shift mask
+ VREPIB $4, t4 \ // 4 bit shift mask
+ VREPIB $2, t7 \ // 2 bit shift mask
+ VGBM $0x003F, t5 \ // mask to clear carry bits
+ VSRLB t3, h0, t0 \
+ VSRLB t3, h1, t1 \
+ VSRLB t3, h2, t2 \
+ VESRLG $4, t5, t5 \ // 44 bit clear mask
+ VSRL t4, t0, t0 \
+ VSRL t4, t1, t1 \
+ VSRL t7, t2, t2 \
+ VESRLG $2, t5, t6 \ // 42 bit clear mask
+ VESLG $2, t2, t8 \
+ VAQ t8, t2, t2 \
+ VN t5, h0, h0 \
+ VN t5, h1, h1 \
+ VN t6, h2, h2 \
+ VAQ t0, h1, h1 \
+ VAQ t1, h2, h2 \
+ VAQ t2, h0, h0 \
+ VSRLB t3, h0, t0 \
+ VSRLB t3, h1, t1 \
+ VSRLB t3, h2, t2 \
+ VSRL t4, t0, t0 \
+ VSRL t4, t1, t1 \
+ VSRL t7, t2, t2 \
+ VN t5, h0, h0 \
+ VN t5, h1, h1 \
+ VESLG $2, t2, t8 \
+ VN t6, h2, h2 \
+ VAQ t0, h1, h1 \
+ VAQ t8, t2, t2 \
+ VAQ t1, h2, h2 \
+ VAQ t2, h0, h0 \
+
+// expands two message blocks into the lower halfs of the d registers
+// moves the contents of the d registers into upper halfs
+// input: in1, in2, d0, d1, d2, d3, d4, d5
+// temp: TEMP0, TEMP1, TEMP2, TEMP3
+// output: d0, d1, d2, d3, d4, d5
+#define EXPACC(in1, in2, d0, d1, d2, d3, d4, d5, TEMP0, TEMP1, TEMP2, TEMP3) \
+ VGBM $0xff3f, TEMP0 \
+ VGBM $0xff1f, TEMP1 \
+ VESLG $4, d1, TEMP2 \
+ VESLG $4, d4, TEMP3 \
+ VESRLG $4, TEMP0, TEMP0 \
+ VPERM in1, d0, EX0, d0 \
+ VPERM in2, d3, EX0, d3 \
+ VPERM in1, d2, EX2, d2 \
+ VPERM in2, d5, EX2, d5 \
+ VPERM in1, TEMP2, EX1, d1 \
+ VPERM in2, TEMP3, EX1, d4 \
+ VN TEMP0, d0, d0 \
+ VN TEMP0, d3, d3 \
+ VESRLG $4, d1, d1 \
+ VESRLG $4, d4, d4 \
+ VN TEMP1, d2, d2 \
+ VN TEMP1, d5, d5 \
+ VN TEMP0, d1, d1 \
+ VN TEMP0, d4, d4 \
+
+// expands one message block into the lower halfs of the d registers
+// moves the contents of the d registers into upper halfs
+// input: in, d0, d1, d2
+// temp: TEMP0, TEMP1, TEMP2
+// output: d0, d1, d2
+#define EXPACC2(in, d0, d1, d2, TEMP0, TEMP1, TEMP2) \
+ VGBM $0xff3f, TEMP0 \
+ VESLG $4, d1, TEMP2 \
+ VGBM $0xff1f, TEMP1 \
+ VPERM in, d0, EX0, d0 \
+ VESRLG $4, TEMP0, TEMP0 \
+ VPERM in, d2, EX2, d2 \
+ VPERM in, TEMP2, EX1, d1 \
+ VN TEMP0, d0, d0 \
+ VN TEMP1, d2, d2 \
+ VESRLG $4, d1, d1 \
+ VN TEMP0, d1, d1 \
+
+// pack h2:h0 into h1:h0 (no carry)
+// input: h0, h1, h2
+// output: h0, h1, h2
+#define PACK(h0, h1, h2) \
+ VMRLG h1, h2, h2 \ // copy h1 to upper half h2
+ VESLG $44, h1, h1 \ // shift limb 1 44 bits, leaving 20
+ VO h0, h1, h0 \ // combine h0 with 20 bits from limb 1
+ VESRLG $20, h2, h1 \ // put top 24 bits of limb 1 into h1
+ VLEIG $1, $0, h1 \ // clear h2 stuff from lower half of h1
+ VO h0, h1, h0 \ // h0 now has 88 bits (limb 0 and 1)
+ VLEIG $0, $0, h2 \ // clear upper half of h2
+ VESRLG $40, h2, h1 \ // h1 now has upper two bits of result
+ VLEIB $7, $88, h1 \ // for byte shift (11 bytes)
+ VSLB h1, h2, h2 \ // shift h2 11 bytes to the left
+ VO h0, h2, h0 \ // combine h0 with 20 bits from limb 1
+ VLEIG $0, $0, h1 \ // clear upper half of h1
+
+// if h > 2**130-5 then h -= 2**130-5
+// input: h0, h1
+// temp: t0, t1, t2
+// output: h0
+#define MOD(h0, h1, t0, t1, t2) \
+ VZERO t0 \
+ VLEIG $1, $5, t0 \
+ VACCQ h0, t0, t1 \
+ VAQ h0, t0, t0 \
+ VONE t2 \
+ VLEIG $1, $-4, t2 \
+ VAQ t2, t1, t1 \
+ VACCQ h1, t1, t1 \
+ VONE t2 \
+ VAQ t2, t1, t1 \
+ VN h0, t1, t2 \
+ VNC t0, t1, t1 \
+ VO t1, t2, h0 \
+
+// func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]key)
+TEXT ·poly1305vmsl(SB), $0-32
+ // This code processes 6 + up to 4 blocks (32 bytes) per iteration
+ // using the algorithm described in:
+ // NEON crypto, Daniel J. Bernstein & Peter Schwabe
+ // https://cryptojedi.org/papers/neoncrypto-20120320.pdf
+ // And as moddified for VMSL as described in
+ // Accelerating Poly1305 Cryptographic Message Authentication on the z14
+ // O'Farrell et al, CASCON 2017, p48-55
+ // https://ibm.ent.box.com/s/jf9gedj0e9d2vjctfyh186shaztavnht
+
+ LMG out+0(FP), R1, R4 // R1=out, R2=m, R3=mlen, R4=key
+ VZERO V0 // c
+
+ // load EX0, EX1 and EX2
+ MOVD $·constants<>(SB), R5
+ VLM (R5), EX0, EX2 // c
+
+ // setup r
+ VL (R4), T_0
+ MOVD $·keyMask<>(SB), R6
+ VL (R6), T_1
+ VN T_0, T_1, T_0
+ VZERO T_2 // limbs for r
+ VZERO T_3
+ VZERO T_4
+ EXPACC2(T_0, T_2, T_3, T_4, T_1, T_5, T_7)
+
+ // T_2, T_3, T_4: [0, r]
+
+ // setup r*20
+ VLEIG $0, $0, T_0
+ VLEIG $1, $20, T_0 // T_0: [0, 20]
+ VZERO T_5
+ VZERO T_6
+ VMSLG T_0, T_3, T_5, T_5
+ VMSLG T_0, T_4, T_6, T_6
+
+ // store r for final block in GR
+ VLGVG $1, T_2, RSAVE_0 // c
+ VLGVG $1, T_3, RSAVE_1 // c
+ VLGVG $1, T_4, RSAVE_2 // c
+ VLGVG $1, T_5, R5SAVE_1 // c
+ VLGVG $1, T_6, R5SAVE_2 // c
+
+ // initialize h
+ VZERO H0_0
+ VZERO H1_0
+ VZERO H2_0
+ VZERO H0_1
+ VZERO H1_1
+ VZERO H2_1
+
+ // initialize pointer for reduce constants
+ MOVD $·reduce<>(SB), R12
+
+ // calculate r**2 and 20*(r**2)
+ VZERO R_0
+ VZERO R_1
+ VZERO R_2
+ SQUARE(T_2, T_3, T_4, T_6, R_0, R_1, R_2, T_1, T_5, T_7)
+ REDUCE2(R_0, R_1, R_2, M0, M1, M2, M3, M4, R5_1, R5_2, M5, T_1)
+ VZERO R5_1
+ VZERO R5_2
+ VMSLG T_0, R_1, R5_1, R5_1
+ VMSLG T_0, R_2, R5_2, R5_2
+
+ // skip r**4 calculation if 3 blocks or less
+ CMPBLE R3, $48, b4
+
+ // calculate r**4 and 20*(r**4)
+ VZERO T_8
+ VZERO T_9
+ VZERO T_10
+ SQUARE(R_0, R_1, R_2, R5_2, T_8, T_9, T_10, T_1, T_5, T_7)
+ REDUCE2(T_8, T_9, T_10, M0, M1, M2, M3, M4, T_2, T_3, M5, T_1)
+ VZERO T_2
+ VZERO T_3
+ VMSLG T_0, T_9, T_2, T_2
+ VMSLG T_0, T_10, T_3, T_3
+
+ // put r**2 to the right and r**4 to the left of R_0, R_1, R_2
+ VSLDB $8, T_8, T_8, T_8
+ VSLDB $8, T_9, T_9, T_9
+ VSLDB $8, T_10, T_10, T_10
+ VSLDB $8, T_2, T_2, T_2
+ VSLDB $8, T_3, T_3, T_3
+
+ VO T_8, R_0, R_0
+ VO T_9, R_1, R_1
+ VO T_10, R_2, R_2
+ VO T_2, R5_1, R5_1
+ VO T_3, R5_2, R5_2
+
+ CMPBLE R3, $80, load // less than or equal to 5 blocks in message
+
+ // 6(or 5+1) blocks
+ SUB $81, R3
+ VLM (R2), M0, M4
+ VLL R3, 80(R2), M5
+ ADD $1, R3
+ MOVBZ $1, R0
+ CMPBGE R3, $16, 2(PC)
+ VLVGB R3, R0, M5
+ MOVD $96(R2), R2
+ EXPACC(M0, M1, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3)
+ EXPACC(M2, M3, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3)
+ VLEIB $2, $1, H2_0
+ VLEIB $2, $1, H2_1
+ VLEIB $10, $1, H2_0
+ VLEIB $10, $1, H2_1
+
+ VZERO M0
+ VZERO M1
+ VZERO M2
+ VZERO M3
+ VZERO T_4
+ VZERO T_10
+ EXPACC(M4, M5, M0, M1, M2, M3, T_4, T_10, T_0, T_1, T_2, T_3)
+ VLR T_4, M4
+ VLEIB $10, $1, M2
+ CMPBLT R3, $16, 2(PC)
+ VLEIB $10, $1, T_10
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M2, M3, M4, T_4, T_5, T_2, T_7, T_8, T_9)
+ VMRHG V0, H0_1, H0_0
+ VMRHG V0, H1_1, H1_0
+ VMRHG V0, H2_1, H2_0
+ VMRLG V0, H0_1, H0_1
+ VMRLG V0, H1_1, H1_1
+ VMRLG V0, H2_1, H2_1
+
+ SUB $16, R3
+ CMPBLE R3, $0, square
+
+load:
+ // load EX0, EX1 and EX2
+ MOVD $·c<>(SB), R5
+ VLM (R5), EX0, EX2
+
+loop:
+ CMPBLE R3, $64, add // b4 // last 4 or less blocks left
+
+ // next 4 full blocks
+ VLM (R2), M2, M5
+ SUB $64, R3
+ MOVD $64(R2), R2
+ REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, T_0, T_1, T_3, T_4, T_5, T_2, T_7, T_8, T_9)
+
+ // expacc in-lined to create [m2, m3] limbs
+ VGBM $0x3f3f, T_0 // 44 bit clear mask
+ VGBM $0x1f1f, T_1 // 40 bit clear mask
+ VPERM M2, M3, EX0, T_3
+ VESRLG $4, T_0, T_0 // 44 bit clear mask ready
+ VPERM M2, M3, EX1, T_4
+ VPERM M2, M3, EX2, T_5
+ VN T_0, T_3, T_3
+ VESRLG $4, T_4, T_4
+ VN T_1, T_5, T_5
+ VN T_0, T_4, T_4
+ VMRHG H0_1, T_3, H0_0
+ VMRHG H1_1, T_4, H1_0
+ VMRHG H2_1, T_5, H2_0
+ VMRLG H0_1, T_3, H0_1
+ VMRLG H1_1, T_4, H1_1
+ VMRLG H2_1, T_5, H2_1
+ VLEIB $10, $1, H2_0
+ VLEIB $10, $1, H2_1
+ VPERM M4, M5, EX0, T_3
+ VPERM M4, M5, EX1, T_4
+ VPERM M4, M5, EX2, T_5
+ VN T_0, T_3, T_3
+ VESRLG $4, T_4, T_4
+ VN T_1, T_5, T_5
+ VN T_0, T_4, T_4
+ VMRHG V0, T_3, M0
+ VMRHG V0, T_4, M1
+ VMRHG V0, T_5, M2
+ VMRLG V0, T_3, M3
+ VMRLG V0, T_4, M4
+ VMRLG V0, T_5, M5
+ VLEIB $10, $1, M2
+ VLEIB $10, $1, M5
+
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ CMPBNE R3, $0, loop
+ REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9)
+ VMRHG V0, H0_1, H0_0
+ VMRHG V0, H1_1, H1_0
+ VMRHG V0, H2_1, H2_0
+ VMRLG V0, H0_1, H0_1
+ VMRLG V0, H1_1, H1_1
+ VMRLG V0, H2_1, H2_1
+
+ // load EX0, EX1, EX2
+ MOVD $·constants<>(SB), R5
+ VLM (R5), EX0, EX2
+
+ // sum vectors
+ VAQ H0_0, H0_1, H0_0
+ VAQ H1_0, H1_1, H1_0
+ VAQ H2_0, H2_1, H2_0
+
+ // h may be >= 2*(2**130-5) so we need to reduce it again
+ // M0...M4 are used as temps here
+ REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
+
+next: // carry h1->h2
+ VLEIB $7, $0x28, T_1
+ VREPIB $4, T_2
+ VGBM $0x003F, T_3
+ VESRLG $4, T_3
+
+ // byte shift
+ VSRLB T_1, H1_0, T_4
+
+ // bit shift
+ VSRL T_2, T_4, T_4
+
+ // clear h1 carry bits
+ VN T_3, H1_0, H1_0
+
+ // add carry
+ VAQ T_4, H2_0, H2_0
+
+ // h is now < 2*(2**130-5)
+ // pack h into h1 (hi) and h0 (lo)
+ PACK(H0_0, H1_0, H2_0)
+
+ // if h > 2**130-5 then h -= 2**130-5
+ MOD(H0_0, H1_0, T_0, T_1, T_2)
+
+ // h += s
+ MOVD $·bswapMask<>(SB), R5
+ VL (R5), T_1
+ VL 16(R4), T_0
+ VPERM T_0, T_0, T_1, T_0 // reverse bytes (to big)
+ VAQ T_0, H0_0, H0_0
+ VPERM H0_0, H0_0, T_1, H0_0 // reverse bytes (to little)
+ VST H0_0, (R1)
+ RET
+
+add:
+ // load EX0, EX1, EX2
+ MOVD $·constants<>(SB), R5
+ VLM (R5), EX0, EX2
+
+ REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9)
+ VMRHG V0, H0_1, H0_0
+ VMRHG V0, H1_1, H1_0
+ VMRHG V0, H2_1, H2_0
+ VMRLG V0, H0_1, H0_1
+ VMRLG V0, H1_1, H1_1
+ VMRLG V0, H2_1, H2_1
+ CMPBLE R3, $64, b4
+
+b4:
+ CMPBLE R3, $48, b3 // 3 blocks or less
+
+ // 4(3+1) blocks remaining
+ SUB $49, R3
+ VLM (R2), M0, M2
+ VLL R3, 48(R2), M3
+ ADD $1, R3
+ MOVBZ $1, R0
+ CMPBEQ R3, $16, 2(PC)
+ VLVGB R3, R0, M3
+ MOVD $64(R2), R2
+ EXPACC(M0, M1, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3)
+ VLEIB $10, $1, H2_0
+ VLEIB $10, $1, H2_1
+ VZERO M0
+ VZERO M1
+ VZERO M4
+ VZERO M5
+ VZERO T_4
+ VZERO T_10
+ EXPACC(M2, M3, M0, M1, M4, M5, T_4, T_10, T_0, T_1, T_2, T_3)
+ VLR T_4, M2
+ VLEIB $10, $1, M4
+ CMPBNE R3, $16, 2(PC)
+ VLEIB $10, $1, T_10
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M4, M5, M2, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9)
+ VMRHG V0, H0_1, H0_0
+ VMRHG V0, H1_1, H1_0
+ VMRHG V0, H2_1, H2_0
+ VMRLG V0, H0_1, H0_1
+ VMRLG V0, H1_1, H1_1
+ VMRLG V0, H2_1, H2_1
+ SUB $16, R3
+ CMPBLE R3, $0, square // this condition must always hold true!
+
+b3:
+ CMPBLE R3, $32, b2
+
+ // 3 blocks remaining
+
+ // setup [r²,r]
+ VSLDB $8, R_0, R_0, R_0
+ VSLDB $8, R_1, R_1, R_1
+ VSLDB $8, R_2, R_2, R_2
+ VSLDB $8, R5_1, R5_1, R5_1
+ VSLDB $8, R5_2, R5_2, R5_2
+
+ VLVGG $1, RSAVE_0, R_0
+ VLVGG $1, RSAVE_1, R_1
+ VLVGG $1, RSAVE_2, R_2
+ VLVGG $1, R5SAVE_1, R5_1
+ VLVGG $1, R5SAVE_2, R5_2
+
+ // setup [h0, h1]
+ VSLDB $8, H0_0, H0_0, H0_0
+ VSLDB $8, H1_0, H1_0, H1_0
+ VSLDB $8, H2_0, H2_0, H2_0
+ VO H0_1, H0_0, H0_0
+ VO H1_1, H1_0, H1_0
+ VO H2_1, H2_0, H2_0
+ VZERO H0_1
+ VZERO H1_1
+ VZERO H2_1
+
+ VZERO M0
+ VZERO M1
+ VZERO M2
+ VZERO M3
+ VZERO M4
+ VZERO M5
+
+ // H*[r**2, r]
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, H0_1, H1_1, T_10, M5)
+
+ SUB $33, R3
+ VLM (R2), M0, M1
+ VLL R3, 32(R2), M2
+ ADD $1, R3
+ MOVBZ $1, R0
+ CMPBEQ R3, $16, 2(PC)
+ VLVGB R3, R0, M2
+
+ // H += m0
+ VZERO T_1
+ VZERO T_2
+ VZERO T_3
+ EXPACC2(M0, T_1, T_2, T_3, T_4, T_5, T_6)
+ VLEIB $10, $1, T_3
+ VAG H0_0, T_1, H0_0
+ VAG H1_0, T_2, H1_0
+ VAG H2_0, T_3, H2_0
+
+ VZERO M0
+ VZERO M3
+ VZERO M4
+ VZERO M5
+ VZERO T_10
+
+ // (H+m0)*r
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M3, M4, M5, V0, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE2(H0_0, H1_0, H2_0, M0, M3, M4, M5, T_10, H0_1, H1_1, H2_1, T_9)
+
+ // H += m1
+ VZERO V0
+ VZERO T_1
+ VZERO T_2
+ VZERO T_3
+ EXPACC2(M1, T_1, T_2, T_3, T_4, T_5, T_6)
+ VLEIB $10, $1, T_3
+ VAQ H0_0, T_1, H0_0
+ VAQ H1_0, T_2, H1_0
+ VAQ H2_0, T_3, H2_0
+ REDUCE2(H0_0, H1_0, H2_0, M0, M3, M4, M5, T_9, H0_1, H1_1, H2_1, T_10)
+
+ // [H, m2] * [r**2, r]
+ EXPACC2(M2, H0_0, H1_0, H2_0, T_1, T_2, T_3)
+ CMPBNE R3, $16, 2(PC)
+ VLEIB $10, $1, H2_0
+ VZERO M0
+ VZERO M1
+ VZERO M2
+ VZERO M3
+ VZERO M4
+ VZERO M5
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, H0_1, H1_1, M5, T_10)
+ SUB $16, R3
+ CMPBLE R3, $0, next // this condition must always hold true!
+
+b2:
+ CMPBLE R3, $16, b1
+
+ // 2 blocks remaining
+
+ // setup [r²,r]
+ VSLDB $8, R_0, R_0, R_0
+ VSLDB $8, R_1, R_1, R_1
+ VSLDB $8, R_2, R_2, R_2
+ VSLDB $8, R5_1, R5_1, R5_1
+ VSLDB $8, R5_2, R5_2, R5_2
+
+ VLVGG $1, RSAVE_0, R_0
+ VLVGG $1, RSAVE_1, R_1
+ VLVGG $1, RSAVE_2, R_2
+ VLVGG $1, R5SAVE_1, R5_1
+ VLVGG $1, R5SAVE_2, R5_2
+
+ // setup [h0, h1]
+ VSLDB $8, H0_0, H0_0, H0_0
+ VSLDB $8, H1_0, H1_0, H1_0
+ VSLDB $8, H2_0, H2_0, H2_0
+ VO H0_1, H0_0, H0_0
+ VO H1_1, H1_0, H1_0
+ VO H2_1, H2_0, H2_0
+ VZERO H0_1
+ VZERO H1_1
+ VZERO H2_1
+
+ VZERO M0
+ VZERO M1
+ VZERO M2
+ VZERO M3
+ VZERO M4
+ VZERO M5
+
+ // H*[r**2, r]
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M2, M3, M4, T_4, T_5, T_2, T_7, T_8, T_9)
+ VMRHG V0, H0_1, H0_0
+ VMRHG V0, H1_1, H1_0
+ VMRHG V0, H2_1, H2_0
+ VMRLG V0, H0_1, H0_1
+ VMRLG V0, H1_1, H1_1
+ VMRLG V0, H2_1, H2_1
+
+ // move h to the left and 0s at the right
+ VSLDB $8, H0_0, H0_0, H0_0
+ VSLDB $8, H1_0, H1_0, H1_0
+ VSLDB $8, H2_0, H2_0, H2_0
+
+ // get message blocks and append 1 to start
+ SUB $17, R3
+ VL (R2), M0
+ VLL R3, 16(R2), M1
+ ADD $1, R3
+ MOVBZ $1, R0
+ CMPBEQ R3, $16, 2(PC)
+ VLVGB R3, R0, M1
+ VZERO T_6
+ VZERO T_7
+ VZERO T_8
+ EXPACC2(M0, T_6, T_7, T_8, T_1, T_2, T_3)
+ EXPACC2(M1, T_6, T_7, T_8, T_1, T_2, T_3)
+ VLEIB $2, $1, T_8
+ CMPBNE R3, $16, 2(PC)
+ VLEIB $10, $1, T_8
+
+ // add [m0, m1] to h
+ VAG H0_0, T_6, H0_0
+ VAG H1_0, T_7, H1_0
+ VAG H2_0, T_8, H2_0
+
+ VZERO M2
+ VZERO M3
+ VZERO M4
+ VZERO M5
+ VZERO T_10
+ VZERO M0
+
+ // at this point R_0 .. R5_2 look like [r**2, r]
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M2, M3, M4, M5, T_10, M0, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE2(H0_0, H1_0, H2_0, M2, M3, M4, M5, T_9, H0_1, H1_1, H2_1, T_10)
+ SUB $16, R3, R3
+ CMPBLE R3, $0, next
+
+b1:
+ CMPBLE R3, $0, next
+
+ // 1 block remaining
+
+ // setup [r²,r]
+ VSLDB $8, R_0, R_0, R_0
+ VSLDB $8, R_1, R_1, R_1
+ VSLDB $8, R_2, R_2, R_2
+ VSLDB $8, R5_1, R5_1, R5_1
+ VSLDB $8, R5_2, R5_2, R5_2
+
+ VLVGG $1, RSAVE_0, R_0
+ VLVGG $1, RSAVE_1, R_1
+ VLVGG $1, RSAVE_2, R_2
+ VLVGG $1, R5SAVE_1, R5_1
+ VLVGG $1, R5SAVE_2, R5_2
+
+ // setup [h0, h1]
+ VSLDB $8, H0_0, H0_0, H0_0
+ VSLDB $8, H1_0, H1_0, H1_0
+ VSLDB $8, H2_0, H2_0, H2_0
+ VO H0_1, H0_0, H0_0
+ VO H1_1, H1_0, H1_0
+ VO H2_1, H2_0, H2_0
+ VZERO H0_1
+ VZERO H1_1
+ VZERO H2_1
+
+ VZERO M0
+ VZERO M1
+ VZERO M2
+ VZERO M3
+ VZERO M4
+ VZERO M5
+
+ // H*[r**2, r]
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
+
+ // set up [0, m0] limbs
+ SUB $1, R3
+ VLL R3, (R2), M0
+ ADD $1, R3
+ MOVBZ $1, R0
+ CMPBEQ R3, $16, 2(PC)
+ VLVGB R3, R0, M0
+ VZERO T_1
+ VZERO T_2
+ VZERO T_3
+ EXPACC2(M0, T_1, T_2, T_3, T_4, T_5, T_6)// limbs: [0, m]
+ CMPBNE R3, $16, 2(PC)
+ VLEIB $10, $1, T_3
+
+ // h+m0
+ VAQ H0_0, T_1, H0_0
+ VAQ H1_0, T_2, H1_0
+ VAQ H2_0, T_3, H2_0
+
+ VZERO M0
+ VZERO M1
+ VZERO M2
+ VZERO M3
+ VZERO M4
+ VZERO M5
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
+
+ BR next
+
+square:
+ // setup [r²,r]
+ VSLDB $8, R_0, R_0, R_0
+ VSLDB $8, R_1, R_1, R_1
+ VSLDB $8, R_2, R_2, R_2
+ VSLDB $8, R5_1, R5_1, R5_1
+ VSLDB $8, R5_2, R5_2, R5_2
+
+ VLVGG $1, RSAVE_0, R_0
+ VLVGG $1, RSAVE_1, R_1
+ VLVGG $1, RSAVE_2, R_2
+ VLVGG $1, R5SAVE_1, R5_1
+ VLVGG $1, R5SAVE_2, R5_2
+
+ // setup [h0, h1]
+ VSLDB $8, H0_0, H0_0, H0_0
+ VSLDB $8, H1_0, H1_0, H1_0
+ VSLDB $8, H2_0, H2_0, H2_0
+ VO H0_1, H0_0, H0_0
+ VO H1_1, H1_0, H1_0
+ VO H2_1, H2_0, H2_0
+ VZERO H0_1
+ VZERO H1_1
+ VZERO H2_1
+
+ VZERO M0
+ VZERO M1
+ VZERO M2
+ VZERO M3
+ VZERO M4
+ VZERO M5
+
+ // (h0*r**2) + (h1*r)
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
+ BR next
+
+TEXT ·hasVMSLFacility(SB), NOSPLIT, $24-1
+ MOVD $x-24(SP), R1
+ XC $24, 0(R1), 0(R1) // clear the storage
+ MOVD $2, R0 // R0 is the number of double words stored -1
+ WORD $0xB2B01000 // STFLE 0(R1)
+ XOR R0, R0 // reset the value of R0
+ MOVBZ z-8(SP), R1
+ AND $0x01, R1
+ BEQ novmsl
+
+vectorinstalled:
+ // check if the vector instruction has been enabled
+ VLEIB $0, $0xF, V16
+ VLGVB $0, V16, R1
+ CMPBNE R1, $0xF, novmsl
+ MOVB $1, ret+0(FP) // have vx
+ RET
+
+novmsl:
+ MOVB $0, ret+0(FP) // no vx
+ RET
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go b/vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go
new file mode 100644
index 0000000..4c96147
--- /dev/null
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go
@@ -0,0 +1,144 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package salsa provides low-level access to functions in the Salsa family.
+package salsa // import "golang.org/x/crypto/salsa20/salsa"
+
+// Sigma is the Salsa20 constant for 256-bit keys.
+var Sigma = [16]byte{'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2', '-', 'b', 'y', 't', 'e', ' ', 'k'}
+
+// HSalsa20 applies the HSalsa20 core function to a 16-byte input in, 32-byte
+// key k, and 16-byte constant c, and puts the result into the 32-byte array
+// out.
+func HSalsa20(out *[32]byte, in *[16]byte, k *[32]byte, c *[16]byte) {
+ x0 := uint32(c[0]) | uint32(c[1])<<8 | uint32(c[2])<<16 | uint32(c[3])<<24
+ x1 := uint32(k[0]) | uint32(k[1])<<8 | uint32(k[2])<<16 | uint32(k[3])<<24
+ x2 := uint32(k[4]) | uint32(k[5])<<8 | uint32(k[6])<<16 | uint32(k[7])<<24
+ x3 := uint32(k[8]) | uint32(k[9])<<8 | uint32(k[10])<<16 | uint32(k[11])<<24
+ x4 := uint32(k[12]) | uint32(k[13])<<8 | uint32(k[14])<<16 | uint32(k[15])<<24
+ x5 := uint32(c[4]) | uint32(c[5])<<8 | uint32(c[6])<<16 | uint32(c[7])<<24
+ x6 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24
+ x7 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24
+ x8 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24
+ x9 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24
+ x10 := uint32(c[8]) | uint32(c[9])<<8 | uint32(c[10])<<16 | uint32(c[11])<<24
+ x11 := uint32(k[16]) | uint32(k[17])<<8 | uint32(k[18])<<16 | uint32(k[19])<<24
+ x12 := uint32(k[20]) | uint32(k[21])<<8 | uint32(k[22])<<16 | uint32(k[23])<<24
+ x13 := uint32(k[24]) | uint32(k[25])<<8 | uint32(k[26])<<16 | uint32(k[27])<<24
+ x14 := uint32(k[28]) | uint32(k[29])<<8 | uint32(k[30])<<16 | uint32(k[31])<<24
+ x15 := uint32(c[12]) | uint32(c[13])<<8 | uint32(c[14])<<16 | uint32(c[15])<<24
+
+ for i := 0; i < 20; i += 2 {
+ u := x0 + x12
+ x4 ^= u<<7 | u>>(32-7)
+ u = x4 + x0
+ x8 ^= u<<9 | u>>(32-9)
+ u = x8 + x4
+ x12 ^= u<<13 | u>>(32-13)
+ u = x12 + x8
+ x0 ^= u<<18 | u>>(32-18)
+
+ u = x5 + x1
+ x9 ^= u<<7 | u>>(32-7)
+ u = x9 + x5
+ x13 ^= u<<9 | u>>(32-9)
+ u = x13 + x9
+ x1 ^= u<<13 | u>>(32-13)
+ u = x1 + x13
+ x5 ^= u<<18 | u>>(32-18)
+
+ u = x10 + x6
+ x14 ^= u<<7 | u>>(32-7)
+ u = x14 + x10
+ x2 ^= u<<9 | u>>(32-9)
+ u = x2 + x14
+ x6 ^= u<<13 | u>>(32-13)
+ u = x6 + x2
+ x10 ^= u<<18 | u>>(32-18)
+
+ u = x15 + x11
+ x3 ^= u<<7 | u>>(32-7)
+ u = x3 + x15
+ x7 ^= u<<9 | u>>(32-9)
+ u = x7 + x3
+ x11 ^= u<<13 | u>>(32-13)
+ u = x11 + x7
+ x15 ^= u<<18 | u>>(32-18)
+
+ u = x0 + x3
+ x1 ^= u<<7 | u>>(32-7)
+ u = x1 + x0
+ x2 ^= u<<9 | u>>(32-9)
+ u = x2 + x1
+ x3 ^= u<<13 | u>>(32-13)
+ u = x3 + x2
+ x0 ^= u<<18 | u>>(32-18)
+
+ u = x5 + x4
+ x6 ^= u<<7 | u>>(32-7)
+ u = x6 + x5
+ x7 ^= u<<9 | u>>(32-9)
+ u = x7 + x6
+ x4 ^= u<<13 | u>>(32-13)
+ u = x4 + x7
+ x5 ^= u<<18 | u>>(32-18)
+
+ u = x10 + x9
+ x11 ^= u<<7 | u>>(32-7)
+ u = x11 + x10
+ x8 ^= u<<9 | u>>(32-9)
+ u = x8 + x11
+ x9 ^= u<<13 | u>>(32-13)
+ u = x9 + x8
+ x10 ^= u<<18 | u>>(32-18)
+
+ u = x15 + x14
+ x12 ^= u<<7 | u>>(32-7)
+ u = x12 + x15
+ x13 ^= u<<9 | u>>(32-9)
+ u = x13 + x12
+ x14 ^= u<<13 | u>>(32-13)
+ u = x14 + x13
+ x15 ^= u<<18 | u>>(32-18)
+ }
+ out[0] = byte(x0)
+ out[1] = byte(x0 >> 8)
+ out[2] = byte(x0 >> 16)
+ out[3] = byte(x0 >> 24)
+
+ out[4] = byte(x5)
+ out[5] = byte(x5 >> 8)
+ out[6] = byte(x5 >> 16)
+ out[7] = byte(x5 >> 24)
+
+ out[8] = byte(x10)
+ out[9] = byte(x10 >> 8)
+ out[10] = byte(x10 >> 16)
+ out[11] = byte(x10 >> 24)
+
+ out[12] = byte(x15)
+ out[13] = byte(x15 >> 8)
+ out[14] = byte(x15 >> 16)
+ out[15] = byte(x15 >> 24)
+
+ out[16] = byte(x6)
+ out[17] = byte(x6 >> 8)
+ out[18] = byte(x6 >> 16)
+ out[19] = byte(x6 >> 24)
+
+ out[20] = byte(x7)
+ out[21] = byte(x7 >> 8)
+ out[22] = byte(x7 >> 16)
+ out[23] = byte(x7 >> 24)
+
+ out[24] = byte(x8)
+ out[25] = byte(x8 >> 8)
+ out[26] = byte(x8 >> 16)
+ out[27] = byte(x8 >> 24)
+
+ out[28] = byte(x9)
+ out[29] = byte(x9 >> 8)
+ out[30] = byte(x9 >> 16)
+ out[31] = byte(x9 >> 24)
+}
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa2020_amd64.s b/vendor/golang.org/x/crypto/salsa20/salsa/salsa2020_amd64.s
new file mode 100644
index 0000000..22afbdc
--- /dev/null
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/salsa2020_amd64.s
@@ -0,0 +1,889 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!appengine,!gccgo
+
+// This code was translated into a form compatible with 6a from the public
+// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
+
+// func salsa2020XORKeyStream(out, in *byte, n uint64, nonce, key *byte)
+// This needs up to 64 bytes at 360(SP); hence the non-obvious frame size.
+TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
+ MOVQ out+0(FP),DI
+ MOVQ in+8(FP),SI
+ MOVQ n+16(FP),DX
+ MOVQ nonce+24(FP),CX
+ MOVQ key+32(FP),R8
+
+ MOVQ SP,R12
+ MOVQ SP,R9
+ ADDQ $31, R9
+ ANDQ $~31, R9
+ MOVQ R9, SP
+
+ MOVQ DX,R9
+ MOVQ CX,DX
+ MOVQ R8,R10
+ CMPQ R9,$0
+ JBE DONE
+ START:
+ MOVL 20(R10),CX
+ MOVL 0(R10),R8
+ MOVL 0(DX),AX
+ MOVL 16(R10),R11
+ MOVL CX,0(SP)
+ MOVL R8, 4 (SP)
+ MOVL AX, 8 (SP)
+ MOVL R11, 12 (SP)
+ MOVL 8(DX),CX
+ MOVL 24(R10),R8
+ MOVL 4(R10),AX
+ MOVL 4(DX),R11
+ MOVL CX,16(SP)
+ MOVL R8, 20 (SP)
+ MOVL AX, 24 (SP)
+ MOVL R11, 28 (SP)
+ MOVL 12(DX),CX
+ MOVL 12(R10),DX
+ MOVL 28(R10),R8
+ MOVL 8(R10),AX
+ MOVL DX,32(SP)
+ MOVL CX, 36 (SP)
+ MOVL R8, 40 (SP)
+ MOVL AX, 44 (SP)
+ MOVQ $1634760805,DX
+ MOVQ $857760878,CX
+ MOVQ $2036477234,R8
+ MOVQ $1797285236,AX
+ MOVL DX,48(SP)
+ MOVL CX, 52 (SP)
+ MOVL R8, 56 (SP)
+ MOVL AX, 60 (SP)
+ CMPQ R9,$256
+ JB BYTESBETWEEN1AND255
+ MOVOA 48(SP),X0
+ PSHUFL $0X55,X0,X1
+ PSHUFL $0XAA,X0,X2
+ PSHUFL $0XFF,X0,X3
+ PSHUFL $0X00,X0,X0
+ MOVOA X1,64(SP)
+ MOVOA X2,80(SP)
+ MOVOA X3,96(SP)
+ MOVOA X0,112(SP)
+ MOVOA 0(SP),X0
+ PSHUFL $0XAA,X0,X1
+ PSHUFL $0XFF,X0,X2
+ PSHUFL $0X00,X0,X3
+ PSHUFL $0X55,X0,X0
+ MOVOA X1,128(SP)
+ MOVOA X2,144(SP)
+ MOVOA X3,160(SP)
+ MOVOA X0,176(SP)
+ MOVOA 16(SP),X0
+ PSHUFL $0XFF,X0,X1
+ PSHUFL $0X55,X0,X2
+ PSHUFL $0XAA,X0,X0
+ MOVOA X1,192(SP)
+ MOVOA X2,208(SP)
+ MOVOA X0,224(SP)
+ MOVOA 32(SP),X0
+ PSHUFL $0X00,X0,X1
+ PSHUFL $0XAA,X0,X2
+ PSHUFL $0XFF,X0,X0
+ MOVOA X1,240(SP)
+ MOVOA X2,256(SP)
+ MOVOA X0,272(SP)
+ BYTESATLEAST256:
+ MOVL 16(SP),DX
+ MOVL 36 (SP),CX
+ MOVL DX,288(SP)
+ MOVL CX,304(SP)
+ ADDQ $1,DX
+ SHLQ $32,CX
+ ADDQ CX,DX
+ MOVQ DX,CX
+ SHRQ $32,CX
+ MOVL DX, 292 (SP)
+ MOVL CX, 308 (SP)
+ ADDQ $1,DX
+ SHLQ $32,CX
+ ADDQ CX,DX
+ MOVQ DX,CX
+ SHRQ $32,CX
+ MOVL DX, 296 (SP)
+ MOVL CX, 312 (SP)
+ ADDQ $1,DX
+ SHLQ $32,CX
+ ADDQ CX,DX
+ MOVQ DX,CX
+ SHRQ $32,CX
+ MOVL DX, 300 (SP)
+ MOVL CX, 316 (SP)
+ ADDQ $1,DX
+ SHLQ $32,CX
+ ADDQ CX,DX
+ MOVQ DX,CX
+ SHRQ $32,CX
+ MOVL DX,16(SP)
+ MOVL CX, 36 (SP)
+ MOVQ R9,352(SP)
+ MOVQ $20,DX
+ MOVOA 64(SP),X0
+ MOVOA 80(SP),X1
+ MOVOA 96(SP),X2
+ MOVOA 256(SP),X3
+ MOVOA 272(SP),X4
+ MOVOA 128(SP),X5
+ MOVOA 144(SP),X6
+ MOVOA 176(SP),X7
+ MOVOA 192(SP),X8
+ MOVOA 208(SP),X9
+ MOVOA 224(SP),X10
+ MOVOA 304(SP),X11
+ MOVOA 112(SP),X12
+ MOVOA 160(SP),X13
+ MOVOA 240(SP),X14
+ MOVOA 288(SP),X15
+ MAINLOOP1:
+ MOVOA X1,320(SP)
+ MOVOA X2,336(SP)
+ MOVOA X13,X1
+ PADDL X12,X1
+ MOVOA X1,X2
+ PSLLL $7,X1
+ PXOR X1,X14
+ PSRLL $25,X2
+ PXOR X2,X14
+ MOVOA X7,X1
+ PADDL X0,X1
+ MOVOA X1,X2
+ PSLLL $7,X1
+ PXOR X1,X11
+ PSRLL $25,X2
+ PXOR X2,X11
+ MOVOA X12,X1
+ PADDL X14,X1
+ MOVOA X1,X2
+ PSLLL $9,X1
+ PXOR X1,X15
+ PSRLL $23,X2
+ PXOR X2,X15
+ MOVOA X0,X1
+ PADDL X11,X1
+ MOVOA X1,X2
+ PSLLL $9,X1
+ PXOR X1,X9
+ PSRLL $23,X2
+ PXOR X2,X9
+ MOVOA X14,X1
+ PADDL X15,X1
+ MOVOA X1,X2
+ PSLLL $13,X1
+ PXOR X1,X13
+ PSRLL $19,X2
+ PXOR X2,X13
+ MOVOA X11,X1
+ PADDL X9,X1
+ MOVOA X1,X2
+ PSLLL $13,X1
+ PXOR X1,X7
+ PSRLL $19,X2
+ PXOR X2,X7
+ MOVOA X15,X1
+ PADDL X13,X1
+ MOVOA X1,X2
+ PSLLL $18,X1
+ PXOR X1,X12
+ PSRLL $14,X2
+ PXOR X2,X12
+ MOVOA 320(SP),X1
+ MOVOA X12,320(SP)
+ MOVOA X9,X2
+ PADDL X7,X2
+ MOVOA X2,X12
+ PSLLL $18,X2
+ PXOR X2,X0
+ PSRLL $14,X12
+ PXOR X12,X0
+ MOVOA X5,X2
+ PADDL X1,X2
+ MOVOA X2,X12
+ PSLLL $7,X2
+ PXOR X2,X3
+ PSRLL $25,X12
+ PXOR X12,X3
+ MOVOA 336(SP),X2
+ MOVOA X0,336(SP)
+ MOVOA X6,X0
+ PADDL X2,X0
+ MOVOA X0,X12
+ PSLLL $7,X0
+ PXOR X0,X4
+ PSRLL $25,X12
+ PXOR X12,X4
+ MOVOA X1,X0
+ PADDL X3,X0
+ MOVOA X0,X12
+ PSLLL $9,X0
+ PXOR X0,X10
+ PSRLL $23,X12
+ PXOR X12,X10
+ MOVOA X2,X0
+ PADDL X4,X0
+ MOVOA X0,X12
+ PSLLL $9,X0
+ PXOR X0,X8
+ PSRLL $23,X12
+ PXOR X12,X8
+ MOVOA X3,X0
+ PADDL X10,X0
+ MOVOA X0,X12
+ PSLLL $13,X0
+ PXOR X0,X5
+ PSRLL $19,X12
+ PXOR X12,X5
+ MOVOA X4,X0
+ PADDL X8,X0
+ MOVOA X0,X12
+ PSLLL $13,X0
+ PXOR X0,X6
+ PSRLL $19,X12
+ PXOR X12,X6
+ MOVOA X10,X0
+ PADDL X5,X0
+ MOVOA X0,X12
+ PSLLL $18,X0
+ PXOR X0,X1
+ PSRLL $14,X12
+ PXOR X12,X1
+ MOVOA 320(SP),X0
+ MOVOA X1,320(SP)
+ MOVOA X4,X1
+ PADDL X0,X1
+ MOVOA X1,X12
+ PSLLL $7,X1
+ PXOR X1,X7
+ PSRLL $25,X12
+ PXOR X12,X7
+ MOVOA X8,X1
+ PADDL X6,X1
+ MOVOA X1,X12
+ PSLLL $18,X1
+ PXOR X1,X2
+ PSRLL $14,X12
+ PXOR X12,X2
+ MOVOA 336(SP),X12
+ MOVOA X2,336(SP)
+ MOVOA X14,X1
+ PADDL X12,X1
+ MOVOA X1,X2
+ PSLLL $7,X1
+ PXOR X1,X5
+ PSRLL $25,X2
+ PXOR X2,X5
+ MOVOA X0,X1
+ PADDL X7,X1
+ MOVOA X1,X2
+ PSLLL $9,X1
+ PXOR X1,X10
+ PSRLL $23,X2
+ PXOR X2,X10
+ MOVOA X12,X1
+ PADDL X5,X1
+ MOVOA X1,X2
+ PSLLL $9,X1
+ PXOR X1,X8
+ PSRLL $23,X2
+ PXOR X2,X8
+ MOVOA X7,X1
+ PADDL X10,X1
+ MOVOA X1,X2
+ PSLLL $13,X1
+ PXOR X1,X4
+ PSRLL $19,X2
+ PXOR X2,X4
+ MOVOA X5,X1
+ PADDL X8,X1
+ MOVOA X1,X2
+ PSLLL $13,X1
+ PXOR X1,X14
+ PSRLL $19,X2
+ PXOR X2,X14
+ MOVOA X10,X1
+ PADDL X4,X1
+ MOVOA X1,X2
+ PSLLL $18,X1
+ PXOR X1,X0
+ PSRLL $14,X2
+ PXOR X2,X0
+ MOVOA 320(SP),X1
+ MOVOA X0,320(SP)
+ MOVOA X8,X0
+ PADDL X14,X0
+ MOVOA X0,X2
+ PSLLL $18,X0
+ PXOR X0,X12
+ PSRLL $14,X2
+ PXOR X2,X12
+ MOVOA X11,X0
+ PADDL X1,X0
+ MOVOA X0,X2
+ PSLLL $7,X0
+ PXOR X0,X6
+ PSRLL $25,X2
+ PXOR X2,X6
+ MOVOA 336(SP),X2
+ MOVOA X12,336(SP)
+ MOVOA X3,X0
+ PADDL X2,X0
+ MOVOA X0,X12
+ PSLLL $7,X0
+ PXOR X0,X13
+ PSRLL $25,X12
+ PXOR X12,X13
+ MOVOA X1,X0
+ PADDL X6,X0
+ MOVOA X0,X12
+ PSLLL $9,X0
+ PXOR X0,X15
+ PSRLL $23,X12
+ PXOR X12,X15
+ MOVOA X2,X0
+ PADDL X13,X0
+ MOVOA X0,X12
+ PSLLL $9,X0
+ PXOR X0,X9
+ PSRLL $23,X12
+ PXOR X12,X9
+ MOVOA X6,X0
+ PADDL X15,X0
+ MOVOA X0,X12
+ PSLLL $13,X0
+ PXOR X0,X11
+ PSRLL $19,X12
+ PXOR X12,X11
+ MOVOA X13,X0
+ PADDL X9,X0
+ MOVOA X0,X12
+ PSLLL $13,X0
+ PXOR X0,X3
+ PSRLL $19,X12
+ PXOR X12,X3
+ MOVOA X15,X0
+ PADDL X11,X0
+ MOVOA X0,X12
+ PSLLL $18,X0
+ PXOR X0,X1
+ PSRLL $14,X12
+ PXOR X12,X1
+ MOVOA X9,X0
+ PADDL X3,X0
+ MOVOA X0,X12
+ PSLLL $18,X0
+ PXOR X0,X2
+ PSRLL $14,X12
+ PXOR X12,X2
+ MOVOA 320(SP),X12
+ MOVOA 336(SP),X0
+ SUBQ $2,DX
+ JA MAINLOOP1
+ PADDL 112(SP),X12
+ PADDL 176(SP),X7
+ PADDL 224(SP),X10
+ PADDL 272(SP),X4
+ MOVD X12,DX
+ MOVD X7,CX
+ MOVD X10,R8
+ MOVD X4,R9
+ PSHUFL $0X39,X12,X12
+ PSHUFL $0X39,X7,X7
+ PSHUFL $0X39,X10,X10
+ PSHUFL $0X39,X4,X4
+ XORL 0(SI),DX
+ XORL 4(SI),CX
+ XORL 8(SI),R8
+ XORL 12(SI),R9
+ MOVL DX,0(DI)
+ MOVL CX,4(DI)
+ MOVL R8,8(DI)
+ MOVL R9,12(DI)
+ MOVD X12,DX
+ MOVD X7,CX
+ MOVD X10,R8
+ MOVD X4,R9
+ PSHUFL $0X39,X12,X12
+ PSHUFL $0X39,X7,X7
+ PSHUFL $0X39,X10,X10
+ PSHUFL $0X39,X4,X4
+ XORL 64(SI),DX
+ XORL 68(SI),CX
+ XORL 72(SI),R8
+ XORL 76(SI),R9
+ MOVL DX,64(DI)
+ MOVL CX,68(DI)
+ MOVL R8,72(DI)
+ MOVL R9,76(DI)
+ MOVD X12,DX
+ MOVD X7,CX
+ MOVD X10,R8
+ MOVD X4,R9
+ PSHUFL $0X39,X12,X12
+ PSHUFL $0X39,X7,X7
+ PSHUFL $0X39,X10,X10
+ PSHUFL $0X39,X4,X4
+ XORL 128(SI),DX
+ XORL 132(SI),CX
+ XORL 136(SI),R8
+ XORL 140(SI),R9
+ MOVL DX,128(DI)
+ MOVL CX,132(DI)
+ MOVL R8,136(DI)
+ MOVL R9,140(DI)
+ MOVD X12,DX
+ MOVD X7,CX
+ MOVD X10,R8
+ MOVD X4,R9
+ XORL 192(SI),DX
+ XORL 196(SI),CX
+ XORL 200(SI),R8
+ XORL 204(SI),R9
+ MOVL DX,192(DI)
+ MOVL CX,196(DI)
+ MOVL R8,200(DI)
+ MOVL R9,204(DI)
+ PADDL 240(SP),X14
+ PADDL 64(SP),X0
+ PADDL 128(SP),X5
+ PADDL 192(SP),X8
+ MOVD X14,DX
+ MOVD X0,CX
+ MOVD X5,R8
+ MOVD X8,R9
+ PSHUFL $0X39,X14,X14
+ PSHUFL $0X39,X0,X0
+ PSHUFL $0X39,X5,X5
+ PSHUFL $0X39,X8,X8
+ XORL 16(SI),DX
+ XORL 20(SI),CX
+ XORL 24(SI),R8
+ XORL 28(SI),R9
+ MOVL DX,16(DI)
+ MOVL CX,20(DI)
+ MOVL R8,24(DI)
+ MOVL R9,28(DI)
+ MOVD X14,DX
+ MOVD X0,CX
+ MOVD X5,R8
+ MOVD X8,R9
+ PSHUFL $0X39,X14,X14
+ PSHUFL $0X39,X0,X0
+ PSHUFL $0X39,X5,X5
+ PSHUFL $0X39,X8,X8
+ XORL 80(SI),DX
+ XORL 84(SI),CX
+ XORL 88(SI),R8
+ XORL 92(SI),R9
+ MOVL DX,80(DI)
+ MOVL CX,84(DI)
+ MOVL R8,88(DI)
+ MOVL R9,92(DI)
+ MOVD X14,DX
+ MOVD X0,CX
+ MOVD X5,R8
+ MOVD X8,R9
+ PSHUFL $0X39,X14,X14
+ PSHUFL $0X39,X0,X0
+ PSHUFL $0X39,X5,X5
+ PSHUFL $0X39,X8,X8
+ XORL 144(SI),DX
+ XORL 148(SI),CX
+ XORL 152(SI),R8
+ XORL 156(SI),R9
+ MOVL DX,144(DI)
+ MOVL CX,148(DI)
+ MOVL R8,152(DI)
+ MOVL R9,156(DI)
+ MOVD X14,DX
+ MOVD X0,CX
+ MOVD X5,R8
+ MOVD X8,R9
+ XORL 208(SI),DX
+ XORL 212(SI),CX
+ XORL 216(SI),R8
+ XORL 220(SI),R9
+ MOVL DX,208(DI)
+ MOVL CX,212(DI)
+ MOVL R8,216(DI)
+ MOVL R9,220(DI)
+ PADDL 288(SP),X15
+ PADDL 304(SP),X11
+ PADDL 80(SP),X1
+ PADDL 144(SP),X6
+ MOVD X15,DX
+ MOVD X11,CX
+ MOVD X1,R8
+ MOVD X6,R9
+ PSHUFL $0X39,X15,X15
+ PSHUFL $0X39,X11,X11
+ PSHUFL $0X39,X1,X1
+ PSHUFL $0X39,X6,X6
+ XORL 32(SI),DX
+ XORL 36(SI),CX
+ XORL 40(SI),R8
+ XORL 44(SI),R9
+ MOVL DX,32(DI)
+ MOVL CX,36(DI)
+ MOVL R8,40(DI)
+ MOVL R9,44(DI)
+ MOVD X15,DX
+ MOVD X11,CX
+ MOVD X1,R8
+ MOVD X6,R9
+ PSHUFL $0X39,X15,X15
+ PSHUFL $0X39,X11,X11
+ PSHUFL $0X39,X1,X1
+ PSHUFL $0X39,X6,X6
+ XORL 96(SI),DX
+ XORL 100(SI),CX
+ XORL 104(SI),R8
+ XORL 108(SI),R9
+ MOVL DX,96(DI)
+ MOVL CX,100(DI)
+ MOVL R8,104(DI)
+ MOVL R9,108(DI)
+ MOVD X15,DX
+ MOVD X11,CX
+ MOVD X1,R8
+ MOVD X6,R9
+ PSHUFL $0X39,X15,X15
+ PSHUFL $0X39,X11,X11
+ PSHUFL $0X39,X1,X1
+ PSHUFL $0X39,X6,X6
+ XORL 160(SI),DX
+ XORL 164(SI),CX
+ XORL 168(SI),R8
+ XORL 172(SI),R9
+ MOVL DX,160(DI)
+ MOVL CX,164(DI)
+ MOVL R8,168(DI)
+ MOVL R9,172(DI)
+ MOVD X15,DX
+ MOVD X11,CX
+ MOVD X1,R8
+ MOVD X6,R9
+ XORL 224(SI),DX
+ XORL 228(SI),CX
+ XORL 232(SI),R8
+ XORL 236(SI),R9
+ MOVL DX,224(DI)
+ MOVL CX,228(DI)
+ MOVL R8,232(DI)
+ MOVL R9,236(DI)
+ PADDL 160(SP),X13
+ PADDL 208(SP),X9
+ PADDL 256(SP),X3
+ PADDL 96(SP),X2
+ MOVD X13,DX
+ MOVD X9,CX
+ MOVD X3,R8
+ MOVD X2,R9
+ PSHUFL $0X39,X13,X13
+ PSHUFL $0X39,X9,X9
+ PSHUFL $0X39,X3,X3
+ PSHUFL $0X39,X2,X2
+ XORL 48(SI),DX
+ XORL 52(SI),CX
+ XORL 56(SI),R8
+ XORL 60(SI),R9
+ MOVL DX,48(DI)
+ MOVL CX,52(DI)
+ MOVL R8,56(DI)
+ MOVL R9,60(DI)
+ MOVD X13,DX
+ MOVD X9,CX
+ MOVD X3,R8
+ MOVD X2,R9
+ PSHUFL $0X39,X13,X13
+ PSHUFL $0X39,X9,X9
+ PSHUFL $0X39,X3,X3
+ PSHUFL $0X39,X2,X2
+ XORL 112(SI),DX
+ XORL 116(SI),CX
+ XORL 120(SI),R8
+ XORL 124(SI),R9
+ MOVL DX,112(DI)
+ MOVL CX,116(DI)
+ MOVL R8,120(DI)
+ MOVL R9,124(DI)
+ MOVD X13,DX
+ MOVD X9,CX
+ MOVD X3,R8
+ MOVD X2,R9
+ PSHUFL $0X39,X13,X13
+ PSHUFL $0X39,X9,X9
+ PSHUFL $0X39,X3,X3
+ PSHUFL $0X39,X2,X2
+ XORL 176(SI),DX
+ XORL 180(SI),CX
+ XORL 184(SI),R8
+ XORL 188(SI),R9
+ MOVL DX,176(DI)
+ MOVL CX,180(DI)
+ MOVL R8,184(DI)
+ MOVL R9,188(DI)
+ MOVD X13,DX
+ MOVD X9,CX
+ MOVD X3,R8
+ MOVD X2,R9
+ XORL 240(SI),DX
+ XORL 244(SI),CX
+ XORL 248(SI),R8
+ XORL 252(SI),R9
+ MOVL DX,240(DI)
+ MOVL CX,244(DI)
+ MOVL R8,248(DI)
+ MOVL R9,252(DI)
+ MOVQ 352(SP),R9
+ SUBQ $256,R9
+ ADDQ $256,SI
+ ADDQ $256,DI
+ CMPQ R9,$256
+ JAE BYTESATLEAST256
+ CMPQ R9,$0
+ JBE DONE
+ BYTESBETWEEN1AND255:
+ CMPQ R9,$64
+ JAE NOCOPY
+ MOVQ DI,DX
+ LEAQ 360(SP),DI
+ MOVQ R9,CX
+ REP; MOVSB
+ LEAQ 360(SP),DI
+ LEAQ 360(SP),SI
+ NOCOPY:
+ MOVQ R9,352(SP)
+ MOVOA 48(SP),X0
+ MOVOA 0(SP),X1
+ MOVOA 16(SP),X2
+ MOVOA 32(SP),X3
+ MOVOA X1,X4
+ MOVQ $20,CX
+ MAINLOOP2:
+ PADDL X0,X4
+ MOVOA X0,X5
+ MOVOA X4,X6
+ PSLLL $7,X4
+ PSRLL $25,X6
+ PXOR X4,X3
+ PXOR X6,X3
+ PADDL X3,X5
+ MOVOA X3,X4
+ MOVOA X5,X6
+ PSLLL $9,X5
+ PSRLL $23,X6
+ PXOR X5,X2
+ PSHUFL $0X93,X3,X3
+ PXOR X6,X2
+ PADDL X2,X4
+ MOVOA X2,X5
+ MOVOA X4,X6
+ PSLLL $13,X4
+ PSRLL $19,X6
+ PXOR X4,X1
+ PSHUFL $0X4E,X2,X2
+ PXOR X6,X1
+ PADDL X1,X5
+ MOVOA X3,X4
+ MOVOA X5,X6
+ PSLLL $18,X5
+ PSRLL $14,X6
+ PXOR X5,X0
+ PSHUFL $0X39,X1,X1
+ PXOR X6,X0
+ PADDL X0,X4
+ MOVOA X0,X5
+ MOVOA X4,X6
+ PSLLL $7,X4
+ PSRLL $25,X6
+ PXOR X4,X1
+ PXOR X6,X1
+ PADDL X1,X5
+ MOVOA X1,X4
+ MOVOA X5,X6
+ PSLLL $9,X5
+ PSRLL $23,X6
+ PXOR X5,X2
+ PSHUFL $0X93,X1,X1
+ PXOR X6,X2
+ PADDL X2,X4
+ MOVOA X2,X5
+ MOVOA X4,X6
+ PSLLL $13,X4
+ PSRLL $19,X6
+ PXOR X4,X3
+ PSHUFL $0X4E,X2,X2
+ PXOR X6,X3
+ PADDL X3,X5
+ MOVOA X1,X4
+ MOVOA X5,X6
+ PSLLL $18,X5
+ PSRLL $14,X6
+ PXOR X5,X0
+ PSHUFL $0X39,X3,X3
+ PXOR X6,X0
+ PADDL X0,X4
+ MOVOA X0,X5
+ MOVOA X4,X6
+ PSLLL $7,X4
+ PSRLL $25,X6
+ PXOR X4,X3
+ PXOR X6,X3
+ PADDL X3,X5
+ MOVOA X3,X4
+ MOVOA X5,X6
+ PSLLL $9,X5
+ PSRLL $23,X6
+ PXOR X5,X2
+ PSHUFL $0X93,X3,X3
+ PXOR X6,X2
+ PADDL X2,X4
+ MOVOA X2,X5
+ MOVOA X4,X6
+ PSLLL $13,X4
+ PSRLL $19,X6
+ PXOR X4,X1
+ PSHUFL $0X4E,X2,X2
+ PXOR X6,X1
+ PADDL X1,X5
+ MOVOA X3,X4
+ MOVOA X5,X6
+ PSLLL $18,X5
+ PSRLL $14,X6
+ PXOR X5,X0
+ PSHUFL $0X39,X1,X1
+ PXOR X6,X0
+ PADDL X0,X4
+ MOVOA X0,X5
+ MOVOA X4,X6
+ PSLLL $7,X4
+ PSRLL $25,X6
+ PXOR X4,X1
+ PXOR X6,X1
+ PADDL X1,X5
+ MOVOA X1,X4
+ MOVOA X5,X6
+ PSLLL $9,X5
+ PSRLL $23,X6
+ PXOR X5,X2
+ PSHUFL $0X93,X1,X1
+ PXOR X6,X2
+ PADDL X2,X4
+ MOVOA X2,X5
+ MOVOA X4,X6
+ PSLLL $13,X4
+ PSRLL $19,X6
+ PXOR X4,X3
+ PSHUFL $0X4E,X2,X2
+ PXOR X6,X3
+ SUBQ $4,CX
+ PADDL X3,X5
+ MOVOA X1,X4
+ MOVOA X5,X6
+ PSLLL $18,X5
+ PXOR X7,X7
+ PSRLL $14,X6
+ PXOR X5,X0
+ PSHUFL $0X39,X3,X3
+ PXOR X6,X0
+ JA MAINLOOP2
+ PADDL 48(SP),X0
+ PADDL 0(SP),X1
+ PADDL 16(SP),X2
+ PADDL 32(SP),X3
+ MOVD X0,CX
+ MOVD X1,R8
+ MOVD X2,R9
+ MOVD X3,AX
+ PSHUFL $0X39,X0,X0
+ PSHUFL $0X39,X1,X1
+ PSHUFL $0X39,X2,X2
+ PSHUFL $0X39,X3,X3
+ XORL 0(SI),CX
+ XORL 48(SI),R8
+ XORL 32(SI),R9
+ XORL 16(SI),AX
+ MOVL CX,0(DI)
+ MOVL R8,48(DI)
+ MOVL R9,32(DI)
+ MOVL AX,16(DI)
+ MOVD X0,CX
+ MOVD X1,R8
+ MOVD X2,R9
+ MOVD X3,AX
+ PSHUFL $0X39,X0,X0
+ PSHUFL $0X39,X1,X1
+ PSHUFL $0X39,X2,X2
+ PSHUFL $0X39,X3,X3
+ XORL 20(SI),CX
+ XORL 4(SI),R8
+ XORL 52(SI),R9
+ XORL 36(SI),AX
+ MOVL CX,20(DI)
+ MOVL R8,4(DI)
+ MOVL R9,52(DI)
+ MOVL AX,36(DI)
+ MOVD X0,CX
+ MOVD X1,R8
+ MOVD X2,R9
+ MOVD X3,AX
+ PSHUFL $0X39,X0,X0
+ PSHUFL $0X39,X1,X1
+ PSHUFL $0X39,X2,X2
+ PSHUFL $0X39,X3,X3
+ XORL 40(SI),CX
+ XORL 24(SI),R8
+ XORL 8(SI),R9
+ XORL 56(SI),AX
+ MOVL CX,40(DI)
+ MOVL R8,24(DI)
+ MOVL R9,8(DI)
+ MOVL AX,56(DI)
+ MOVD X0,CX
+ MOVD X1,R8
+ MOVD X2,R9
+ MOVD X3,AX
+ XORL 60(SI),CX
+ XORL 44(SI),R8
+ XORL 28(SI),R9
+ XORL 12(SI),AX
+ MOVL CX,60(DI)
+ MOVL R8,44(DI)
+ MOVL R9,28(DI)
+ MOVL AX,12(DI)
+ MOVQ 352(SP),R9
+ MOVL 16(SP),CX
+ MOVL 36 (SP),R8
+ ADDQ $1,CX
+ SHLQ $32,R8
+ ADDQ R8,CX
+ MOVQ CX,R8
+ SHRQ $32,R8
+ MOVL CX,16(SP)
+ MOVL R8, 36 (SP)
+ CMPQ R9,$64
+ JA BYTESATLEAST65
+ JAE BYTESATLEAST64
+ MOVQ DI,SI
+ MOVQ DX,DI
+ MOVQ R9,CX
+ REP; MOVSB
+ BYTESATLEAST64:
+ DONE:
+ MOVQ R12,SP
+ RET
+ BYTESATLEAST65:
+ SUBQ $64,R9
+ ADDQ $64,DI
+ ADDQ $64,SI
+ JMP BYTESBETWEEN1AND255
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go b/vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go
new file mode 100644
index 0000000..9bfc092
--- /dev/null
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go
@@ -0,0 +1,199 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package salsa
+
+// Core208 applies the Salsa20/8 core function to the 64-byte array in and puts
+// the result into the 64-byte array out. The input and output may be the same array.
+func Core208(out *[64]byte, in *[64]byte) {
+ j0 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24
+ j1 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24
+ j2 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24
+ j3 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24
+ j4 := uint32(in[16]) | uint32(in[17])<<8 | uint32(in[18])<<16 | uint32(in[19])<<24
+ j5 := uint32(in[20]) | uint32(in[21])<<8 | uint32(in[22])<<16 | uint32(in[23])<<24
+ j6 := uint32(in[24]) | uint32(in[25])<<8 | uint32(in[26])<<16 | uint32(in[27])<<24
+ j7 := uint32(in[28]) | uint32(in[29])<<8 | uint32(in[30])<<16 | uint32(in[31])<<24
+ j8 := uint32(in[32]) | uint32(in[33])<<8 | uint32(in[34])<<16 | uint32(in[35])<<24
+ j9 := uint32(in[36]) | uint32(in[37])<<8 | uint32(in[38])<<16 | uint32(in[39])<<24
+ j10 := uint32(in[40]) | uint32(in[41])<<8 | uint32(in[42])<<16 | uint32(in[43])<<24
+ j11 := uint32(in[44]) | uint32(in[45])<<8 | uint32(in[46])<<16 | uint32(in[47])<<24
+ j12 := uint32(in[48]) | uint32(in[49])<<8 | uint32(in[50])<<16 | uint32(in[51])<<24
+ j13 := uint32(in[52]) | uint32(in[53])<<8 | uint32(in[54])<<16 | uint32(in[55])<<24
+ j14 := uint32(in[56]) | uint32(in[57])<<8 | uint32(in[58])<<16 | uint32(in[59])<<24
+ j15 := uint32(in[60]) | uint32(in[61])<<8 | uint32(in[62])<<16 | uint32(in[63])<<24
+
+ x0, x1, x2, x3, x4, x5, x6, x7, x8 := j0, j1, j2, j3, j4, j5, j6, j7, j8
+ x9, x10, x11, x12, x13, x14, x15 := j9, j10, j11, j12, j13, j14, j15
+
+ for i := 0; i < 8; i += 2 {
+ u := x0 + x12
+ x4 ^= u<<7 | u>>(32-7)
+ u = x4 + x0
+ x8 ^= u<<9 | u>>(32-9)
+ u = x8 + x4
+ x12 ^= u<<13 | u>>(32-13)
+ u = x12 + x8
+ x0 ^= u<<18 | u>>(32-18)
+
+ u = x5 + x1
+ x9 ^= u<<7 | u>>(32-7)
+ u = x9 + x5
+ x13 ^= u<<9 | u>>(32-9)
+ u = x13 + x9
+ x1 ^= u<<13 | u>>(32-13)
+ u = x1 + x13
+ x5 ^= u<<18 | u>>(32-18)
+
+ u = x10 + x6
+ x14 ^= u<<7 | u>>(32-7)
+ u = x14 + x10
+ x2 ^= u<<9 | u>>(32-9)
+ u = x2 + x14
+ x6 ^= u<<13 | u>>(32-13)
+ u = x6 + x2
+ x10 ^= u<<18 | u>>(32-18)
+
+ u = x15 + x11
+ x3 ^= u<<7 | u>>(32-7)
+ u = x3 + x15
+ x7 ^= u<<9 | u>>(32-9)
+ u = x7 + x3
+ x11 ^= u<<13 | u>>(32-13)
+ u = x11 + x7
+ x15 ^= u<<18 | u>>(32-18)
+
+ u = x0 + x3
+ x1 ^= u<<7 | u>>(32-7)
+ u = x1 + x0
+ x2 ^= u<<9 | u>>(32-9)
+ u = x2 + x1
+ x3 ^= u<<13 | u>>(32-13)
+ u = x3 + x2
+ x0 ^= u<<18 | u>>(32-18)
+
+ u = x5 + x4
+ x6 ^= u<<7 | u>>(32-7)
+ u = x6 + x5
+ x7 ^= u<<9 | u>>(32-9)
+ u = x7 + x6
+ x4 ^= u<<13 | u>>(32-13)
+ u = x4 + x7
+ x5 ^= u<<18 | u>>(32-18)
+
+ u = x10 + x9
+ x11 ^= u<<7 | u>>(32-7)
+ u = x11 + x10
+ x8 ^= u<<9 | u>>(32-9)
+ u = x8 + x11
+ x9 ^= u<<13 | u>>(32-13)
+ u = x9 + x8
+ x10 ^= u<<18 | u>>(32-18)
+
+ u = x15 + x14
+ x12 ^= u<<7 | u>>(32-7)
+ u = x12 + x15
+ x13 ^= u<<9 | u>>(32-9)
+ u = x13 + x12
+ x14 ^= u<<13 | u>>(32-13)
+ u = x14 + x13
+ x15 ^= u<<18 | u>>(32-18)
+ }
+ x0 += j0
+ x1 += j1
+ x2 += j2
+ x3 += j3
+ x4 += j4
+ x5 += j5
+ x6 += j6
+ x7 += j7
+ x8 += j8
+ x9 += j9
+ x10 += j10
+ x11 += j11
+ x12 += j12
+ x13 += j13
+ x14 += j14
+ x15 += j15
+
+ out[0] = byte(x0)
+ out[1] = byte(x0 >> 8)
+ out[2] = byte(x0 >> 16)
+ out[3] = byte(x0 >> 24)
+
+ out[4] = byte(x1)
+ out[5] = byte(x1 >> 8)
+ out[6] = byte(x1 >> 16)
+ out[7] = byte(x1 >> 24)
+
+ out[8] = byte(x2)
+ out[9] = byte(x2 >> 8)
+ out[10] = byte(x2 >> 16)
+ out[11] = byte(x2 >> 24)
+
+ out[12] = byte(x3)
+ out[13] = byte(x3 >> 8)
+ out[14] = byte(x3 >> 16)
+ out[15] = byte(x3 >> 24)
+
+ out[16] = byte(x4)
+ out[17] = byte(x4 >> 8)
+ out[18] = byte(x4 >> 16)
+ out[19] = byte(x4 >> 24)
+
+ out[20] = byte(x5)
+ out[21] = byte(x5 >> 8)
+ out[22] = byte(x5 >> 16)
+ out[23] = byte(x5 >> 24)
+
+ out[24] = byte(x6)
+ out[25] = byte(x6 >> 8)
+ out[26] = byte(x6 >> 16)
+ out[27] = byte(x6 >> 24)
+
+ out[28] = byte(x7)
+ out[29] = byte(x7 >> 8)
+ out[30] = byte(x7 >> 16)
+ out[31] = byte(x7 >> 24)
+
+ out[32] = byte(x8)
+ out[33] = byte(x8 >> 8)
+ out[34] = byte(x8 >> 16)
+ out[35] = byte(x8 >> 24)
+
+ out[36] = byte(x9)
+ out[37] = byte(x9 >> 8)
+ out[38] = byte(x9 >> 16)
+ out[39] = byte(x9 >> 24)
+
+ out[40] = byte(x10)
+ out[41] = byte(x10 >> 8)
+ out[42] = byte(x10 >> 16)
+ out[43] = byte(x10 >> 24)
+
+ out[44] = byte(x11)
+ out[45] = byte(x11 >> 8)
+ out[46] = byte(x11 >> 16)
+ out[47] = byte(x11 >> 24)
+
+ out[48] = byte(x12)
+ out[49] = byte(x12 >> 8)
+ out[50] = byte(x12 >> 16)
+ out[51] = byte(x12 >> 24)
+
+ out[52] = byte(x13)
+ out[53] = byte(x13 >> 8)
+ out[54] = byte(x13 >> 16)
+ out[55] = byte(x13 >> 24)
+
+ out[56] = byte(x14)
+ out[57] = byte(x14 >> 8)
+ out[58] = byte(x14 >> 16)
+ out[59] = byte(x14 >> 24)
+
+ out[60] = byte(x15)
+ out[61] = byte(x15 >> 8)
+ out[62] = byte(x15 >> 16)
+ out[63] = byte(x15 >> 24)
+}
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
new file mode 100644
index 0000000..f9269c3
--- /dev/null
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
@@ -0,0 +1,24 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!appengine,!gccgo
+
+package salsa
+
+// This function is implemented in salsa2020_amd64.s.
+
+//go:noescape
+
+func salsa2020XORKeyStream(out, in *byte, n uint64, nonce, key *byte)
+
+// XORKeyStream crypts bytes from in to out using the given key and counters.
+// In and out must overlap entirely or not at all. Counter
+// contains the raw salsa20 counter bytes (both nonce and block counter).
+func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
+ if len(in) == 0 {
+ return
+ }
+ _ = out[len(in)-1]
+ salsa2020XORKeyStream(&out[0], &in[0], uint64(len(in)), &counter[0], &key[0])
+}
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go
new file mode 100644
index 0000000..22126d1
--- /dev/null
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go
@@ -0,0 +1,234 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !amd64 appengine gccgo
+
+package salsa
+
+const rounds = 20
+
+// core applies the Salsa20 core function to 16-byte input in, 32-byte key k,
+// and 16-byte constant c, and puts the result into 64-byte array out.
+func core(out *[64]byte, in *[16]byte, k *[32]byte, c *[16]byte) {
+ j0 := uint32(c[0]) | uint32(c[1])<<8 | uint32(c[2])<<16 | uint32(c[3])<<24
+ j1 := uint32(k[0]) | uint32(k[1])<<8 | uint32(k[2])<<16 | uint32(k[3])<<24
+ j2 := uint32(k[4]) | uint32(k[5])<<8 | uint32(k[6])<<16 | uint32(k[7])<<24
+ j3 := uint32(k[8]) | uint32(k[9])<<8 | uint32(k[10])<<16 | uint32(k[11])<<24
+ j4 := uint32(k[12]) | uint32(k[13])<<8 | uint32(k[14])<<16 | uint32(k[15])<<24
+ j5 := uint32(c[4]) | uint32(c[5])<<8 | uint32(c[6])<<16 | uint32(c[7])<<24
+ j6 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24
+ j7 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24
+ j8 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24
+ j9 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24
+ j10 := uint32(c[8]) | uint32(c[9])<<8 | uint32(c[10])<<16 | uint32(c[11])<<24
+ j11 := uint32(k[16]) | uint32(k[17])<<8 | uint32(k[18])<<16 | uint32(k[19])<<24
+ j12 := uint32(k[20]) | uint32(k[21])<<8 | uint32(k[22])<<16 | uint32(k[23])<<24
+ j13 := uint32(k[24]) | uint32(k[25])<<8 | uint32(k[26])<<16 | uint32(k[27])<<24
+ j14 := uint32(k[28]) | uint32(k[29])<<8 | uint32(k[30])<<16 | uint32(k[31])<<24
+ j15 := uint32(c[12]) | uint32(c[13])<<8 | uint32(c[14])<<16 | uint32(c[15])<<24
+
+ x0, x1, x2, x3, x4, x5, x6, x7, x8 := j0, j1, j2, j3, j4, j5, j6, j7, j8
+ x9, x10, x11, x12, x13, x14, x15 := j9, j10, j11, j12, j13, j14, j15
+
+ for i := 0; i < rounds; i += 2 {
+ u := x0 + x12
+ x4 ^= u<<7 | u>>(32-7)
+ u = x4 + x0
+ x8 ^= u<<9 | u>>(32-9)
+ u = x8 + x4
+ x12 ^= u<<13 | u>>(32-13)
+ u = x12 + x8
+ x0 ^= u<<18 | u>>(32-18)
+
+ u = x5 + x1
+ x9 ^= u<<7 | u>>(32-7)
+ u = x9 + x5
+ x13 ^= u<<9 | u>>(32-9)
+ u = x13 + x9
+ x1 ^= u<<13 | u>>(32-13)
+ u = x1 + x13
+ x5 ^= u<<18 | u>>(32-18)
+
+ u = x10 + x6
+ x14 ^= u<<7 | u>>(32-7)
+ u = x14 + x10
+ x2 ^= u<<9 | u>>(32-9)
+ u = x2 + x14
+ x6 ^= u<<13 | u>>(32-13)
+ u = x6 + x2
+ x10 ^= u<<18 | u>>(32-18)
+
+ u = x15 + x11
+ x3 ^= u<<7 | u>>(32-7)
+ u = x3 + x15
+ x7 ^= u<<9 | u>>(32-9)
+ u = x7 + x3
+ x11 ^= u<<13 | u>>(32-13)
+ u = x11 + x7
+ x15 ^= u<<18 | u>>(32-18)
+
+ u = x0 + x3
+ x1 ^= u<<7 | u>>(32-7)
+ u = x1 + x0
+ x2 ^= u<<9 | u>>(32-9)
+ u = x2 + x1
+ x3 ^= u<<13 | u>>(32-13)
+ u = x3 + x2
+ x0 ^= u<<18 | u>>(32-18)
+
+ u = x5 + x4
+ x6 ^= u<<7 | u>>(32-7)
+ u = x6 + x5
+ x7 ^= u<<9 | u>>(32-9)
+ u = x7 + x6
+ x4 ^= u<<13 | u>>(32-13)
+ u = x4 + x7
+ x5 ^= u<<18 | u>>(32-18)
+
+ u = x10 + x9
+ x11 ^= u<<7 | u>>(32-7)
+ u = x11 + x10
+ x8 ^= u<<9 | u>>(32-9)
+ u = x8 + x11
+ x9 ^= u<<13 | u>>(32-13)
+ u = x9 + x8
+ x10 ^= u<<18 | u>>(32-18)
+
+ u = x15 + x14
+ x12 ^= u<<7 | u>>(32-7)
+ u = x12 + x15
+ x13 ^= u<<9 | u>>(32-9)
+ u = x13 + x12
+ x14 ^= u<<13 | u>>(32-13)
+ u = x14 + x13
+ x15 ^= u<<18 | u>>(32-18)
+ }
+ x0 += j0
+ x1 += j1
+ x2 += j2
+ x3 += j3
+ x4 += j4
+ x5 += j5
+ x6 += j6
+ x7 += j7
+ x8 += j8
+ x9 += j9
+ x10 += j10
+ x11 += j11
+ x12 += j12
+ x13 += j13
+ x14 += j14
+ x15 += j15
+
+ out[0] = byte(x0)
+ out[1] = byte(x0 >> 8)
+ out[2] = byte(x0 >> 16)
+ out[3] = byte(x0 >> 24)
+
+ out[4] = byte(x1)
+ out[5] = byte(x1 >> 8)
+ out[6] = byte(x1 >> 16)
+ out[7] = byte(x1 >> 24)
+
+ out[8] = byte(x2)
+ out[9] = byte(x2 >> 8)
+ out[10] = byte(x2 >> 16)
+ out[11] = byte(x2 >> 24)
+
+ out[12] = byte(x3)
+ out[13] = byte(x3 >> 8)
+ out[14] = byte(x3 >> 16)
+ out[15] = byte(x3 >> 24)
+
+ out[16] = byte(x4)
+ out[17] = byte(x4 >> 8)
+ out[18] = byte(x4 >> 16)
+ out[19] = byte(x4 >> 24)
+
+ out[20] = byte(x5)
+ out[21] = byte(x5 >> 8)
+ out[22] = byte(x5 >> 16)
+ out[23] = byte(x5 >> 24)
+
+ out[24] = byte(x6)
+ out[25] = byte(x6 >> 8)
+ out[26] = byte(x6 >> 16)
+ out[27] = byte(x6 >> 24)
+
+ out[28] = byte(x7)
+ out[29] = byte(x7 >> 8)
+ out[30] = byte(x7 >> 16)
+ out[31] = byte(x7 >> 24)
+
+ out[32] = byte(x8)
+ out[33] = byte(x8 >> 8)
+ out[34] = byte(x8 >> 16)
+ out[35] = byte(x8 >> 24)
+
+ out[36] = byte(x9)
+ out[37] = byte(x9 >> 8)
+ out[38] = byte(x9 >> 16)
+ out[39] = byte(x9 >> 24)
+
+ out[40] = byte(x10)
+ out[41] = byte(x10 >> 8)
+ out[42] = byte(x10 >> 16)
+ out[43] = byte(x10 >> 24)
+
+ out[44] = byte(x11)
+ out[45] = byte(x11 >> 8)
+ out[46] = byte(x11 >> 16)
+ out[47] = byte(x11 >> 24)
+
+ out[48] = byte(x12)
+ out[49] = byte(x12 >> 8)
+ out[50] = byte(x12 >> 16)
+ out[51] = byte(x12 >> 24)
+
+ out[52] = byte(x13)
+ out[53] = byte(x13 >> 8)
+ out[54] = byte(x13 >> 16)
+ out[55] = byte(x13 >> 24)
+
+ out[56] = byte(x14)
+ out[57] = byte(x14 >> 8)
+ out[58] = byte(x14 >> 16)
+ out[59] = byte(x14 >> 24)
+
+ out[60] = byte(x15)
+ out[61] = byte(x15 >> 8)
+ out[62] = byte(x15 >> 16)
+ out[63] = byte(x15 >> 24)
+}
+
+// XORKeyStream crypts bytes from in to out using the given key and counters.
+// In and out must overlap entirely or not at all. Counter
+// contains the raw salsa20 counter bytes (both nonce and block counter).
+func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
+ var block [64]byte
+ var counterCopy [16]byte
+ copy(counterCopy[:], counter[:])
+
+ for len(in) >= 64 {
+ core(&block, &counterCopy, key, &Sigma)
+ for i, x := range block {
+ out[i] = in[i] ^ x
+ }
+ u := uint32(1)
+ for i := 8; i < 16; i++ {
+ u += uint32(counterCopy[i])
+ counterCopy[i] = byte(u)
+ u >>= 8
+ }
+ in = in[64:]
+ out = out[64:]
+ }
+
+ if len(in) > 0 {
+ core(&block, &counterCopy, key, &Sigma)
+ for i, v := range in {
+ out[i] = v ^ block[i]
+ }
+ }
+}
diff --git a/vendor/golang.org/x/sys/LICENSE b/vendor/golang.org/x/sys/LICENSE
new file mode 100644
index 0000000..6a66aea
--- /dev/null
+++ b/vendor/golang.org/x/sys/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+ * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/golang.org/x/sys/PATENTS b/vendor/golang.org/x/sys/PATENTS
new file mode 100644
index 0000000..7330990
--- /dev/null
+++ b/vendor/golang.org/x/sys/PATENTS
@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go. This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation. If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.
diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go
new file mode 100644
index 0000000..3d88f86
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu.go
@@ -0,0 +1,38 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cpu implements processor feature detection for
+// various CPU architectures.
+package cpu
+
+// CacheLinePad is used to pad structs to avoid false sharing.
+type CacheLinePad struct{ _ [cacheLineSize]byte }
+
+// X86 contains the supported CPU features of the
+// current X86/AMD64 platform. If the current platform
+// is not X86/AMD64 then all feature flags are false.
+//
+// X86 is padded to avoid false sharing. Further the HasAVX
+// and HasAVX2 are only set if the OS supports XMM and YMM
+// registers in addition to the CPUID feature bit being set.
+var X86 struct {
+ _ CacheLinePad
+ HasAES bool // AES hardware implementation (AES NI)
+ HasADX bool // Multi-precision add-carry instruction extensions
+ HasAVX bool // Advanced vector extension
+ HasAVX2 bool // Advanced vector extension 2
+ HasBMI1 bool // Bit manipulation instruction set 1
+ HasBMI2 bool // Bit manipulation instruction set 2
+ HasERMS bool // Enhanced REP for MOVSB and STOSB
+ HasFMA bool // Fused-multiply-add instructions
+ HasOSXSAVE bool // OS supports XSAVE/XRESTOR for saving/restoring XMM registers.
+ HasPCLMULQDQ bool // PCLMULQDQ instruction - most often used for AES-GCM
+ HasPOPCNT bool // Hamming weight instruction POPCNT.
+ HasSSE2 bool // Streaming SIMD extension 2 (always available on amd64)
+ HasSSE3 bool // Streaming SIMD extension 3
+ HasSSSE3 bool // Supplemental streaming SIMD extension 3
+ HasSSE41 bool // Streaming SIMD extension 4 and 4.1
+ HasSSE42 bool // Streaming SIMD extension 4 and 4.2
+ _ CacheLinePad
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm.go b/vendor/golang.org/x/sys/cpu/cpu_arm.go
new file mode 100644
index 0000000..d93036f
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm.go
@@ -0,0 +1,7 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 32
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
new file mode 100644
index 0000000..1d2ab29
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
@@ -0,0 +1,7 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 64
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
new file mode 100644
index 0000000..f7cb469
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
@@ -0,0 +1,16 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+// +build !gccgo
+
+package cpu
+
+// cpuid is implemented in cpu_x86.s for gc compiler
+// and in cpu_gccgo.c for gccgo.
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
+
+// xgetbv with ecx = 0 is implemented in cpu_x86.s for gc compiler
+// and in cpu_gccgo.c for gccgo.
+func xgetbv() (eax, edx uint32)
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo.c b/vendor/golang.org/x/sys/cpu/cpu_gccgo.c
new file mode 100644
index 0000000..e363c7d
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo.c
@@ -0,0 +1,43 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+// +build gccgo
+
+#include
+#include
+
+// Need to wrap __get_cpuid_count because it's declared as static.
+int
+gccgoGetCpuidCount(uint32_t leaf, uint32_t subleaf,
+ uint32_t *eax, uint32_t *ebx,
+ uint32_t *ecx, uint32_t *edx)
+{
+ return __get_cpuid_count(leaf, subleaf, eax, ebx, ecx, edx);
+}
+
+// xgetbv reads the contents of an XCR (Extended Control Register)
+// specified in the ECX register into registers EDX:EAX.
+// Currently, the only supported value for XCR is 0.
+//
+// TODO: Replace with a better alternative:
+//
+// #include
+//
+// #pragma GCC target("xsave")
+//
+// void gccgoXgetbv(uint32_t *eax, uint32_t *edx) {
+// unsigned long long x = _xgetbv(0);
+// *eax = x & 0xffffffff;
+// *edx = (x >> 32) & 0xffffffff;
+// }
+//
+// Note that _xgetbv is defined starting with GCC 8.
+void
+gccgoXgetbv(uint32_t *eax, uint32_t *edx)
+{
+ __asm(" xorl %%ecx, %%ecx\n"
+ " xgetbv"
+ : "=a"(*eax), "=d"(*edx));
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo.go
new file mode 100644
index 0000000..ba49b91
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo.go
@@ -0,0 +1,26 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+// +build gccgo
+
+package cpu
+
+//extern gccgoGetCpuidCount
+func gccgoGetCpuidCount(eaxArg, ecxArg uint32, eax, ebx, ecx, edx *uint32)
+
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) {
+ var a, b, c, d uint32
+ gccgoGetCpuidCount(eaxArg, ecxArg, &a, &b, &c, &d)
+ return a, b, c, d
+}
+
+//extern gccgoXgetbv
+func gccgoXgetbv(eax, edx *uint32)
+
+func xgetbv() (eax, edx uint32) {
+ var a, d uint32
+ gccgoXgetbv(&a, &d)
+ return a, d
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
new file mode 100644
index 0000000..6165f12
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
@@ -0,0 +1,9 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build mips64 mips64le
+
+package cpu
+
+const cacheLineSize = 32
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
new file mode 100644
index 0000000..1269eee
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
@@ -0,0 +1,9 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build mips mipsle
+
+package cpu
+
+const cacheLineSize = 32
diff --git a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
new file mode 100644
index 0000000..d10759a
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
@@ -0,0 +1,9 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build ppc64 ppc64le
+
+package cpu
+
+const cacheLineSize = 128
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
new file mode 100644
index 0000000..684c4f0
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
@@ -0,0 +1,7 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 256
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go
new file mode 100644
index 0000000..71e288b
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go
@@ -0,0 +1,55 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+
+package cpu
+
+const cacheLineSize = 64
+
+func init() {
+ maxID, _, _, _ := cpuid(0, 0)
+
+ if maxID < 1 {
+ return
+ }
+
+ _, _, ecx1, edx1 := cpuid(1, 0)
+ X86.HasSSE2 = isSet(26, edx1)
+
+ X86.HasSSE3 = isSet(0, ecx1)
+ X86.HasPCLMULQDQ = isSet(1, ecx1)
+ X86.HasSSSE3 = isSet(9, ecx1)
+ X86.HasFMA = isSet(12, ecx1)
+ X86.HasSSE41 = isSet(19, ecx1)
+ X86.HasSSE42 = isSet(20, ecx1)
+ X86.HasPOPCNT = isSet(23, ecx1)
+ X86.HasAES = isSet(25, ecx1)
+ X86.HasOSXSAVE = isSet(27, ecx1)
+
+ osSupportsAVX := false
+ // For XGETBV, OSXSAVE bit is required and sufficient.
+ if X86.HasOSXSAVE {
+ eax, _ := xgetbv()
+ // Check if XMM and YMM registers have OS support.
+ osSupportsAVX = isSet(1, eax) && isSet(2, eax)
+ }
+
+ X86.HasAVX = isSet(28, ecx1) && osSupportsAVX
+
+ if maxID < 7 {
+ return
+ }
+
+ _, ebx7, _, _ := cpuid(7, 0)
+ X86.HasBMI1 = isSet(3, ebx7)
+ X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX
+ X86.HasBMI2 = isSet(8, ebx7)
+ X86.HasERMS = isSet(9, ebx7)
+ X86.HasADX = isSet(19, ebx7)
+}
+
+func isSet(bitpos uint, value uint32) bool {
+ return value&(1<
Date: Sun, 8 Jul 2018 23:22:01 +0800
Subject: [PATCH 193/341] rule: change log fmt
---
rule.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rule.go b/rule.go
index f45e237..b08c3e1 100644
--- a/rule.go
+++ b/rule.go
@@ -129,7 +129,7 @@ func (rd *RuleDialer) AddDomainIP(domain, ip string) error {
// find in domainMap
if dialer, ok := rd.domainMap.Load(pDomain); ok {
rd.ipMap.Store(ip, dialer)
- log.F("rule add ip=%s, based on rule: domain=%s & domain/ip: %s/%s\n", ip, pDomain, domain, ip)
+ log.F("[rule] add ip=%s, based on rule: domain=%s & domain/ip: %s/%s\n", ip, pDomain, domain, ip)
}
}
From b465dc1444a4886b032a903fa8d30e7ce661ed29 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 9 Jul 2018 23:42:33 +0800
Subject: [PATCH 194/341] vmess: support chunk stream
---
conf.go | 21 +++++++++
main.go | 34 ++++++--------
proxy/vmess/chunk.go | 102 ++++++++++++++++++++++++++++++++++++++++++
proxy/vmess/client.go | 28 +++++++++++-
utils.go | 26 -----------
5 files changed, 163 insertions(+), 48 deletions(-)
delete mode 100644 utils.go
diff --git a/conf.go b/conf.go
index 7772c2a..6558635 100644
--- a/conf.go
+++ b/conf.go
@@ -2,9 +2,11 @@ package main
import (
"fmt"
+ "io/ioutil"
"log"
"os"
"path"
+ "strings"
"github.com/nadoo/conflag"
)
@@ -84,6 +86,25 @@ func confInit() {
}
+func listDir(dirPth string, suffix string) (files []string, err error) {
+ files = make([]string, 0, 10)
+ dir, err := ioutil.ReadDir(dirPth)
+ if err != nil {
+ return nil, err
+ }
+ PthSep := string(os.PathSeparator)
+ suffix = strings.ToUpper(suffix)
+ for _, fi := range dir {
+ if fi.IsDir() {
+ continue
+ }
+ if strings.HasSuffix(strings.ToUpper(fi.Name()), suffix) {
+ files = append(files, dirPth+PthSep+fi.Name())
+ }
+ }
+ return files, nil
+}
+
// RuleConf , every ruleForwarder points to a rule file
type RuleConf struct {
name string
diff --git a/main.go b/main.go
index d3a5a0d..b197cc0 100644
--- a/main.go
+++ b/main.go
@@ -25,7 +25,7 @@ import (
)
// VERSION .
-const VERSION = "0.6.0"
+const VERSION = "0.6.2"
func dialerFromConf() proxy.Dialer {
// global forwarders in xx.conf
@@ -48,31 +48,16 @@ func dialerFromConf() proxy.Dialer {
func main() {
confInit()
-
log.F = func(f string, v ...interface{}) {
if conf.Verbose {
stdlog.Printf(f, v...)
}
}
- sDialer := NewRuleDialer(conf.rules, dialerFromConf())
-
- for _, listen := range conf.Listen {
- local, err := proxy.ServerFromURL(listen, sDialer)
- if err != nil {
- log.Fatal(err)
- }
-
- go local.ListenAndServe()
- }
-
- ipsetM, err := NewIPSetManager(conf.IPSet, conf.rules)
- if err != nil {
- log.F("create ipset manager error: %s", err)
- }
-
+ dialer := NewRuleDialer(conf.rules, dialerFromConf())
+ ipsetM, _ := NewIPSetManager(conf.IPSet, conf.rules)
if conf.DNS != "" {
- d, err := dns.NewDNS(conf.DNS, conf.DNSServer[0], sDialer, false)
+ d, err := dns.NewDNS(conf.DNS, conf.DNSServer[0], dialer, false)
if err != nil {
log.Fatal(err)
}
@@ -87,7 +72,7 @@ func main() {
}
// add a handler to update proxy rules when a domain resolved
- d.AddAnswerHandler(sDialer.AddDomainIP)
+ d.AddAnswerHandler(dialer.AddDomainIP)
if ipsetM != nil {
d.AddAnswerHandler(ipsetM.AddDomainIP)
}
@@ -95,6 +80,15 @@ func main() {
go d.ListenAndServe()
}
+ for _, listen := range conf.Listen {
+ local, err := proxy.ServerFromURL(listen, dialer)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ go local.ListenAndServe()
+ }
+
sigCh := make(chan os.Signal, 1)
signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
<-sigCh
diff --git a/proxy/vmess/chunk.go b/proxy/vmess/chunk.go
index 233540c..b7d21d3 100644
--- a/proxy/vmess/chunk.go
+++ b/proxy/vmess/chunk.go
@@ -1,3 +1,105 @@
package vmess
+import (
+ "bytes"
+ "encoding/binary"
+ "io"
+)
+
// chunk: plain, AES-128-CFB, AES-128-GCM, ChaCha20-Poly1305
+
+const maxChunkSize = 1 << 14 // 16384
+const defaultChunkSize = 1 << 13 // 8192
+
+type chunkedReader struct {
+ io.Reader
+ buf []byte
+ leftover []byte
+}
+
+func newChunkedReader(r io.Reader) io.Reader {
+ return &chunkedReader{
+ Reader: r,
+ buf: make([]byte, 2+maxChunkSize),
+ }
+}
+
+func (r *chunkedReader) read() (int, error) {
+ lenBuf := make([]byte, 2)
+ _, err := io.ReadFull(r.Reader, lenBuf)
+ if err != nil {
+ return 0, err
+ }
+
+ len := binary.BigEndian.Uint16(lenBuf)
+
+ buf := r.buf[:len]
+ _, err = io.ReadFull(r.Reader, buf)
+ if err != nil {
+ return 0, err
+ }
+
+ return int(len), nil
+}
+
+func (r *chunkedReader) Read(b []byte) (int, error) {
+ if len(r.leftover) > 0 {
+ n := copy(b, r.leftover)
+ r.leftover = r.leftover[n:]
+ return n, nil
+ }
+
+ n, err := r.read()
+ m := copy(b, r.buf[:n])
+ if m < n {
+ r.leftover = r.buf[m:n]
+ }
+
+ return m, err
+}
+
+type chunkedWriter struct {
+ io.Writer
+ buf []byte
+}
+
+func newChunkedWriter(w io.Writer) io.Writer {
+ return &chunkedWriter{
+ Writer: w,
+ buf: make([]byte, 2+maxChunkSize),
+ }
+}
+
+func (w *chunkedWriter) Write(b []byte) (int, error) {
+ n, err := w.ReadFrom(bytes.NewBuffer(b))
+ return int(n), err
+}
+
+func (w *chunkedWriter) ReadFrom(r io.Reader) (n int64, err error) {
+ for {
+ buf := w.buf
+ payloadBuf := buf[2 : 2+defaultChunkSize]
+
+ nr, er := r.Read(payloadBuf)
+ if nr > 0 {
+ n += int64(nr)
+ payloadBuf = payloadBuf[:nr]
+ binary.BigEndian.PutUint16(buf[:], uint16(nr))
+
+ _, ew := w.Writer.Write(buf)
+ if ew != nil {
+ err = ew
+ break
+ }
+ }
+
+ if er != nil {
+ if er != io.EOF { // ignore EOF as per io.ReaderFrom contract
+ err = er
+ }
+ break
+ }
+ }
+
+ return n, err
+}
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
index 17e44e0..d050a97 100644
--- a/proxy/vmess/client.go
+++ b/proxy/vmess/client.go
@@ -18,6 +18,7 @@ import (
// Request Options
const (
+ OptBasicFormat byte = 0
OptChunkStream byte = 1
OptReuseTCPConnection byte = 2
OptMetadataObfuscate byte = 4
@@ -43,12 +44,14 @@ const (
type Client struct {
users []*User
count int
+ opt byte
security byte
}
// Conn is a connection to vmess server
type Conn struct {
user *User
+ opt byte
security byte
atyp Atyp
@@ -63,6 +66,9 @@ type Conn struct {
net.Conn
connected bool
+
+ dataReader io.Reader
+ dataWriter io.Writer
}
// NewClient .
@@ -78,6 +84,9 @@ func NewClient(uuidStr, security string, alterID int) (*Client, error) {
c.users = append(c.users, user.GenAlterIDUsers(alterID)...)
c.count = len(c.users)
+ // TODO: config?
+ c.opt = OptBasicFormat
+
security = strings.ToLower(security)
switch security {
case "aes-128-cfb":
@@ -96,7 +105,7 @@ func NewClient(uuidStr, security string, alterID int) (*Client, error) {
// NewConn .
func (c *Client) NewConn(rc net.Conn, target string) (*Conn, error) {
r := rand.Intn(c.count)
- conn := &Conn{user: c.users[r], security: c.security}
+ conn := &Conn{user: c.users[r], opt: c.opt, security: c.security}
var err error
conn.atyp, conn.addr, conn.port, err = ParseAddr(target)
@@ -149,7 +158,7 @@ func (c *Conn) EncodeRequest() ([]byte, error) {
buf.Write(c.reqBodyIV[:]) // IV
buf.Write(c.reqBodyKey[:]) // Key
buf.WriteByte(c.reqRespV) // V
- buf.WriteByte(0) // Opt
+ buf.WriteByte(c.opt) // Opt
// pLen and Sec
paddingLen := rand.Intn(16)
@@ -218,9 +227,24 @@ func (c *Conn) Read(b []byte) (n int, err error) {
c.DecodeRespHeader()
}
+ if c.opt&OptChunkStream != 0 {
+ if c.dataReader == nil {
+ c.dataReader = newChunkedReader(c.Conn)
+ }
+
+ return c.dataReader.Read(b)
+ }
+
return c.Conn.Read(b)
}
func (c *Conn) Write(b []byte) (n int, err error) {
+ if c.opt&OptChunkStream != 0 {
+ if c.dataWriter == nil {
+ c.dataWriter = newChunkedWriter(c.Conn)
+ }
+
+ return c.dataWriter.Write(b)
+ }
return c.Conn.Write(b)
}
diff --git a/utils.go b/utils.go
deleted file mode 100644
index 0274232..0000000
--- a/utils.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package main
-
-import (
- "io/ioutil"
- "os"
- "strings"
-)
-
-func listDir(dirPth string, suffix string) (files []string, err error) {
- files = make([]string, 0, 10)
- dir, err := ioutil.ReadDir(dirPth)
- if err != nil {
- return nil, err
- }
- PthSep := string(os.PathSeparator)
- suffix = strings.ToUpper(suffix)
- for _, fi := range dir {
- if fi.IsDir() {
- continue
- }
- if strings.HasSuffix(strings.ToUpper(fi.Name()), suffix) {
- files = append(files, dirPth+PthSep+fi.Name())
- }
- }
- return files, nil
-}
From fd298207c5d87efb6a37ed0faa6da35916bf1884 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 10 Jul 2018 00:53:15 +0800
Subject: [PATCH 195/341] vmess: update chunk codes
---
proxy/vmess/chunk.go | 52 ++++++++++++++++++++++---------------------
proxy/vmess/client.go | 2 +-
2 files changed, 28 insertions(+), 26 deletions(-)
diff --git a/proxy/vmess/chunk.go b/proxy/vmess/chunk.go
index b7d21d3..ba0f162 100644
--- a/proxy/vmess/chunk.go
+++ b/proxy/vmess/chunk.go
@@ -8,8 +8,10 @@ import (
// chunk: plain, AES-128-CFB, AES-128-GCM, ChaCha20-Poly1305
-const maxChunkSize = 1 << 14 // 16384
-const defaultChunkSize = 1 << 13 // 8192
+const (
+ maxChunkSize = 1 << 14 // 16384
+ defaultChunkSize = 1 << 13 // 8192
+)
type chunkedReader struct {
io.Reader
@@ -24,24 +26,6 @@ func newChunkedReader(r io.Reader) io.Reader {
}
}
-func (r *chunkedReader) read() (int, error) {
- lenBuf := make([]byte, 2)
- _, err := io.ReadFull(r.Reader, lenBuf)
- if err != nil {
- return 0, err
- }
-
- len := binary.BigEndian.Uint16(lenBuf)
-
- buf := r.buf[:len]
- _, err = io.ReadFull(r.Reader, buf)
- if err != nil {
- return 0, err
- }
-
- return int(len), nil
-}
-
func (r *chunkedReader) Read(b []byte) (int, error) {
if len(r.leftover) > 0 {
n := copy(b, r.leftover)
@@ -49,10 +33,27 @@ func (r *chunkedReader) Read(b []byte) (int, error) {
return n, nil
}
- n, err := r.read()
- m := copy(b, r.buf[:n])
- if m < n {
- r.leftover = r.buf[m:n]
+ // get length
+ _, err := io.ReadFull(r.Reader, r.buf[:2])
+ if err != nil {
+ return 0, err
+ }
+
+ // if length == 0, then this is the end
+ len := binary.BigEndian.Uint16(r.buf[:2])
+ if len == 0 {
+ return 0, nil
+ }
+
+ // get payload
+ _, err = io.ReadFull(r.Reader, r.buf[:len])
+ if err != nil {
+ return 0, err
+ }
+
+ m := copy(b, r.buf[:len])
+ if m < int(len) {
+ r.leftover = r.buf[m:len]
}
return m, err
@@ -84,7 +85,7 @@ func (w *chunkedWriter) ReadFrom(r io.Reader) (n int64, err error) {
if nr > 0 {
n += int64(nr)
payloadBuf = payloadBuf[:nr]
- binary.BigEndian.PutUint16(buf[:], uint16(nr))
+ binary.BigEndian.PutUint16(buf[:2], uint16(nr))
_, ew := w.Writer.Write(buf)
if ew != nil {
@@ -101,5 +102,6 @@ func (w *chunkedWriter) ReadFrom(r io.Reader) (n int64, err error) {
}
}
+ w.Writer.Write([]byte{0, 0})
return n, err
}
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
index d050a97..83f5d49 100644
--- a/proxy/vmess/client.go
+++ b/proxy/vmess/client.go
@@ -85,7 +85,7 @@ func NewClient(uuidStr, security string, alterID int) (*Client, error) {
c.count = len(c.users)
// TODO: config?
- c.opt = OptBasicFormat
+ c.opt = OptChunkStream
security = strings.ToLower(security)
switch security {
From dc46705f3f858305aaaf6ba27342e36825ab110b Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 10 Jul 2018 09:44:51 +0800
Subject: [PATCH 196/341] vmess: fixed a bug in chunked writer
---
proxy/vmess/chunk.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/proxy/vmess/chunk.go b/proxy/vmess/chunk.go
index ba0f162..51e93c5 100644
--- a/proxy/vmess/chunk.go
+++ b/proxy/vmess/chunk.go
@@ -84,6 +84,7 @@ func (w *chunkedWriter) ReadFrom(r io.Reader) (n int64, err error) {
nr, er := r.Read(payloadBuf)
if nr > 0 {
n += int64(nr)
+ buf = buf[:2+nr]
payloadBuf = payloadBuf[:nr]
binary.BigEndian.PutUint16(buf[:2], uint16(nr))
@@ -102,6 +103,5 @@ func (w *chunkedWriter) ReadFrom(r io.Reader) (n int64, err error) {
}
}
- w.Writer.Write([]byte{0, 0})
return n, err
}
From d84f540c4da3f12870049e91d417db1efc57de15 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 11 Jul 2018 00:26:05 +0800
Subject: [PATCH 197/341] vmess: add aead chpher
---
proxy/vmess/aead.go | 135 ++++++++++++++++++++++++++++++++++++++++++
proxy/vmess/chunk.go | 107 ++++++++++++++++-----------------
proxy/vmess/client.go | 99 ++++++++++++++++++++-----------
3 files changed, 255 insertions(+), 86 deletions(-)
create mode 100644 proxy/vmess/aead.go
diff --git a/proxy/vmess/aead.go b/proxy/vmess/aead.go
new file mode 100644
index 0000000..959d285
--- /dev/null
+++ b/proxy/vmess/aead.go
@@ -0,0 +1,135 @@
+package vmess
+
+import (
+ "bytes"
+ "crypto/cipher"
+ "encoding/binary"
+ "io"
+)
+
+type aeadWriter struct {
+ io.Writer
+ cipher.AEAD
+ nonce []byte
+ buf []byte
+ count uint16
+ iv []byte
+}
+
+// AEADWriter returns a aead writer
+func AEADWriter(w io.Writer, aead cipher.AEAD, iv []byte) io.Writer {
+ return &aeadWriter{
+ Writer: w,
+ AEAD: aead,
+ buf: make([]byte, lenSize+maxChunkSize),
+ nonce: make([]byte, aead.NonceSize()),
+ count: 0,
+ iv: iv,
+ }
+}
+
+func (w *aeadWriter) Write(b []byte) (int, error) {
+ n, err := w.ReadFrom(bytes.NewBuffer(b))
+ return int(n), err
+}
+
+func (w *aeadWriter) ReadFrom(r io.Reader) (n int64, err error) {
+ for {
+ buf := w.buf
+ payloadBuf := buf[lenSize : lenSize+defaultChunkSize]
+
+ nr, er := r.Read(payloadBuf)
+ if nr > 0 {
+ n += int64(nr)
+ buf = buf[:lenSize+nr+w.Overhead()]
+ payloadBuf = payloadBuf[:nr]
+ binary.BigEndian.PutUint16(buf[:lenSize], uint16(nr))
+
+ binary.BigEndian.PutUint16(w.nonce[:2], w.count)
+ copy(w.nonce[2:], w.iv[2:12])
+
+ w.Seal(payloadBuf[:0], w.nonce, payloadBuf, nil)
+ w.count++
+
+ _, ew := w.Writer.Write(buf)
+ if ew != nil {
+ err = ew
+ break
+ }
+ }
+
+ if er != nil {
+ if er != io.EOF { // ignore EOF as per io.ReaderFrom contract
+ err = er
+ }
+ break
+ }
+ }
+
+ return n, err
+}
+
+type aeadReader struct {
+ io.Reader
+ cipher.AEAD
+ nonce []byte
+ buf []byte
+ leftover []byte
+ count uint16
+ iv []byte
+}
+
+// AEADReader returns a aead reader
+func AEADReader(r io.Reader, aead cipher.AEAD, iv []byte) io.Reader {
+ return &aeadReader{
+ Reader: r,
+ AEAD: aead,
+ buf: make([]byte, lenSize+maxChunkSize),
+ nonce: make([]byte, aead.NonceSize()),
+ count: 0,
+ iv: iv,
+ }
+}
+
+func (r *aeadReader) Read(b []byte) (int, error) {
+ if len(r.leftover) > 0 {
+ n := copy(b, r.leftover)
+ r.leftover = r.leftover[n:]
+ return n, nil
+ }
+
+ // get length
+ _, err := io.ReadFull(r.Reader, r.buf[:lenSize])
+ if err != nil {
+ return 0, err
+ }
+
+ // if length == 0, then this is the end
+ len := binary.BigEndian.Uint16(r.buf[:lenSize])
+ if len == 0 {
+ return 0, nil
+ }
+
+ // get payload
+ buf := r.buf[:len]
+ _, err = io.ReadFull(r.Reader, buf)
+ if err != nil {
+ return 0, err
+ }
+
+ binary.BigEndian.PutUint16(r.nonce[:2], r.count)
+ copy(r.nonce[2:], r.iv[2:12])
+
+ _, err = r.Open(buf[:0], r.nonce, buf, nil)
+ r.count++
+ if err != nil {
+ return 0, err
+ }
+
+ m := copy(b, r.buf[:len])
+ if m < int(len) {
+ r.leftover = r.buf[m:len]
+ }
+
+ return m, err
+}
diff --git a/proxy/vmess/chunk.go b/proxy/vmess/chunk.go
index 51e93c5..f845799 100644
--- a/proxy/vmess/chunk.go
+++ b/proxy/vmess/chunk.go
@@ -6,68 +6,22 @@ import (
"io"
)
-// chunk: plain, AES-128-CFB, AES-128-GCM, ChaCha20-Poly1305
-
const (
+ lenSize = 2
maxChunkSize = 1 << 14 // 16384
defaultChunkSize = 1 << 13 // 8192
)
-type chunkedReader struct {
- io.Reader
- buf []byte
- leftover []byte
-}
-
-func newChunkedReader(r io.Reader) io.Reader {
- return &chunkedReader{
- Reader: r,
- buf: make([]byte, 2+maxChunkSize),
- }
-}
-
-func (r *chunkedReader) Read(b []byte) (int, error) {
- if len(r.leftover) > 0 {
- n := copy(b, r.leftover)
- r.leftover = r.leftover[n:]
- return n, nil
- }
-
- // get length
- _, err := io.ReadFull(r.Reader, r.buf[:2])
- if err != nil {
- return 0, err
- }
-
- // if length == 0, then this is the end
- len := binary.BigEndian.Uint16(r.buf[:2])
- if len == 0 {
- return 0, nil
- }
-
- // get payload
- _, err = io.ReadFull(r.Reader, r.buf[:len])
- if err != nil {
- return 0, err
- }
-
- m := copy(b, r.buf[:len])
- if m < int(len) {
- r.leftover = r.buf[m:len]
- }
-
- return m, err
-}
-
type chunkedWriter struct {
io.Writer
buf []byte
}
-func newChunkedWriter(w io.Writer) io.Writer {
+// ChunkedWriter returns a chunked writer
+func ChunkedWriter(w io.Writer) io.Writer {
return &chunkedWriter{
Writer: w,
- buf: make([]byte, 2+maxChunkSize),
+ buf: make([]byte, lenSize+maxChunkSize),
}
}
@@ -79,14 +33,14 @@ func (w *chunkedWriter) Write(b []byte) (int, error) {
func (w *chunkedWriter) ReadFrom(r io.Reader) (n int64, err error) {
for {
buf := w.buf
- payloadBuf := buf[2 : 2+defaultChunkSize]
+ payloadBuf := buf[lenSize : lenSize+defaultChunkSize]
nr, er := r.Read(payloadBuf)
if nr > 0 {
n += int64(nr)
- buf = buf[:2+nr]
+ buf = buf[:lenSize+nr]
payloadBuf = payloadBuf[:nr]
- binary.BigEndian.PutUint16(buf[:2], uint16(nr))
+ binary.BigEndian.PutUint16(buf[:lenSize], uint16(nr))
_, ew := w.Writer.Write(buf)
if ew != nil {
@@ -105,3 +59,50 @@ func (w *chunkedWriter) ReadFrom(r io.Reader) (n int64, err error) {
return n, err
}
+
+type chunkedReader struct {
+ io.Reader
+ buf []byte
+ leftover []byte
+}
+
+// ChunkedReader returns a chunked reader
+func ChunkedReader(r io.Reader) io.Reader {
+ return &chunkedReader{
+ Reader: r,
+ buf: make([]byte, lenSize+maxChunkSize),
+ }
+}
+
+func (r *chunkedReader) Read(b []byte) (int, error) {
+ if len(r.leftover) > 0 {
+ n := copy(b, r.leftover)
+ r.leftover = r.leftover[n:]
+ return n, nil
+ }
+
+ // get length
+ _, err := io.ReadFull(r.Reader, r.buf[:lenSize])
+ if err != nil {
+ return 0, err
+ }
+
+ // if length == 0, then this is the end
+ len := binary.BigEndian.Uint16(r.buf[:lenSize])
+ if len == 0 {
+ return 0, nil
+ }
+
+ // get payload
+ _, err = io.ReadFull(r.Reader, r.buf[:len])
+ if err != nil {
+ return 0, err
+ }
+
+ m := copy(b, r.buf[:len])
+ if m < int(len) {
+ r.leftover = r.buf[m:len]
+ }
+
+ return m, err
+}
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
index 83f5d49..a2dc9b9 100644
--- a/proxy/vmess/client.go
+++ b/proxy/vmess/client.go
@@ -14,21 +14,20 @@ import (
"net"
"strings"
"time"
+
+ "golang.org/x/crypto/chacha20poly1305"
)
// Request Options
const (
- OptBasicFormat byte = 0
- OptChunkStream byte = 1
- OptReuseTCPConnection byte = 2
- OptMetadataObfuscate byte = 4
+ OptBasicFormat byte = 0
+ OptChunkStream byte = 1
+ // OptReuseTCPConnection byte = 2
+ // OptMetadataObfuscate byte = 4
)
// Security types
const (
- SecurityUnknown byte = 0 // don't use in client
- SecurityLegacy byte = 1 // don't use in client (aes-128-cfb)
- SecurityAuto byte = 2 // don't use in client
SecurityAES128GCM byte = 3
SecurityChacha20Poly1305 byte = 4
SecurityNone byte = 5
@@ -61,12 +60,10 @@ type Conn struct {
reqBodyIV [16]byte
reqBodyKey [16]byte
reqRespV byte
- respBodyKey [16]byte
respBodyIV [16]byte
+ respBodyKey [16]byte
net.Conn
- connected bool
-
dataReader io.Reader
dataWriter io.Writer
}
@@ -84,19 +81,22 @@ func NewClient(uuidStr, security string, alterID int) (*Client, error) {
c.users = append(c.users, user.GenAlterIDUsers(alterID)...)
c.count = len(c.users)
- // TODO: config?
c.opt = OptChunkStream
security = strings.ToLower(security)
switch security {
- case "aes-128-cfb":
- c.security = SecurityLegacy
case "aes-128-gcm":
c.security = SecurityAES128GCM
case "chacha20-poly1305":
c.security = SecurityChacha20Poly1305
- default:
+ case "none":
c.security = SecurityNone
+ case "":
+ // NOTE: use basic format when no method specified
+ c.opt = OptBasicFormat
+ c.security = SecurityNone
+ default:
+ return nil, errors.New("unknown security type: " + security)
}
return c, nil
@@ -218,33 +218,66 @@ func (c *Conn) DecodeRespHeader() error {
return errors.New("dynamic port is not supported now")
}
- c.connected = true
return nil
}
-func (c *Conn) Read(b []byte) (n int, err error) {
- if !c.connected {
- c.DecodeRespHeader()
+func (c *Conn) Write(b []byte) (n int, err error) {
+ if c.dataWriter != nil {
+ return c.dataWriter.Write(b)
}
- if c.opt&OptChunkStream != 0 {
- if c.dataReader == nil {
- c.dataReader = newChunkedReader(c.Conn)
- }
+ c.dataWriter = c.Conn
+ if c.opt&OptChunkStream == OptChunkStream {
+ switch c.security {
+ case SecurityNone:
+ c.dataWriter = ChunkedWriter(c.Conn)
+ case SecurityAES128GCM:
+ block, _ := aes.NewCipher(c.reqBodyKey[:])
+ aead, _ := cipher.NewGCM(block)
+ c.dataWriter = AEADWriter(c.Conn, aead, c.reqBodyIV[:])
+
+ case SecurityChacha20Poly1305:
+ h := md5.New()
+ h.Write(c.reqBodyKey[:])
+ key := h.Sum(h.Sum(nil))
+ aead, _ := chacha20poly1305.New(key)
+ c.dataWriter = AEADWriter(c.Conn, aead, c.reqBodyIV[:])
+ }
+ }
+
+ return c.dataWriter.Write(b)
+}
+
+func (c *Conn) Read(b []byte) (n int, err error) {
+ if c.dataReader != nil {
return c.dataReader.Read(b)
}
- return c.Conn.Read(b)
-}
-
-func (c *Conn) Write(b []byte) (n int, err error) {
- if c.opt&OptChunkStream != 0 {
- if c.dataWriter == nil {
- c.dataWriter = newChunkedWriter(c.Conn)
- }
-
- return c.dataWriter.Write(b)
+ err = c.DecodeRespHeader()
+ if err != nil {
+ return 0, err
}
- return c.Conn.Write(b)
+
+ c.dataReader = c.Conn
+ if c.opt&OptChunkStream == OptChunkStream {
+ switch c.security {
+ case SecurityNone:
+ c.dataReader = ChunkedReader(c.Conn)
+
+ case SecurityAES128GCM:
+ block, _ := aes.NewCipher(c.respBodyKey[:])
+ aead, _ := cipher.NewGCM(block)
+ c.dataReader = AEADReader(c.Conn, aead, c.respBodyIV[:])
+
+ case SecurityChacha20Poly1305:
+ h := md5.New()
+ h.Write(c.respBodyKey[:])
+ key := h.Sum(h.Sum(nil))
+ aead, _ := chacha20poly1305.New(key)
+ c.dataReader = AEADReader(c.Conn, aead, c.respBodyIV[:])
+ }
+ }
+
+ return c.dataReader.Read(b)
}
From 5ebbf7ffe80011d3ce3f7847e5c5203c6d775a0d Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 11 Jul 2018 00:50:38 +0800
Subject: [PATCH 198/341] vmess: fixed bug in aes-128-gcm
---
proxy/vmess/aead.go | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/proxy/vmess/aead.go b/proxy/vmess/aead.go
index 959d285..68729a0 100644
--- a/proxy/vmess/aead.go
+++ b/proxy/vmess/aead.go
@@ -36,14 +36,14 @@ func (w *aeadWriter) Write(b []byte) (int, error) {
func (w *aeadWriter) ReadFrom(r io.Reader) (n int64, err error) {
for {
buf := w.buf
- payloadBuf := buf[lenSize : lenSize+defaultChunkSize]
+ payloadBuf := buf[lenSize : lenSize+defaultChunkSize-w.Overhead()]
nr, er := r.Read(payloadBuf)
if nr > 0 {
n += int64(nr)
buf = buf[:lenSize+nr+w.Overhead()]
payloadBuf = payloadBuf[:nr]
- binary.BigEndian.PutUint16(buf[:lenSize], uint16(nr))
+ binary.BigEndian.PutUint16(buf[:lenSize], uint16(nr+w.Overhead()))
binary.BigEndian.PutUint16(w.nonce[:2], w.count)
copy(w.nonce[2:], w.iv[2:12])
@@ -126,9 +126,10 @@ func (r *aeadReader) Read(b []byte) (int, error) {
return 0, err
}
- m := copy(b, r.buf[:len])
- if m < int(len) {
- r.leftover = r.buf[m:len]
+ dataLen := int(len) - r.Overhead()
+ m := copy(b, r.buf[:dataLen])
+ if m < int(dataLen) {
+ r.leftover = r.buf[m:dataLen]
}
return m, err
From ed18e8602da78f0702fffacddf65e9027bb8c0db Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 11 Jul 2018 08:23:26 +0800
Subject: [PATCH 199/341] vmess: chacha20-poly1305 supported
---
proxy/vmess/client.go | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
index a2dc9b9..ee9755c 100644
--- a/proxy/vmess/client.go
+++ b/proxy/vmess/client.go
@@ -238,9 +238,11 @@ func (c *Conn) Write(b []byte) (n int, err error) {
c.dataWriter = AEADWriter(c.Conn, aead, c.reqBodyIV[:])
case SecurityChacha20Poly1305:
- h := md5.New()
- h.Write(c.reqBodyKey[:])
- key := h.Sum(h.Sum(nil))
+ key := make([]byte, 32)
+ t := md5.Sum(c.reqBodyKey[:])
+ copy(key, t[:])
+ t = md5.Sum(key[:16])
+ copy(key[16:], t[:])
aead, _ := chacha20poly1305.New(key)
c.dataWriter = AEADWriter(c.Conn, aead, c.reqBodyIV[:])
}
@@ -271,9 +273,11 @@ func (c *Conn) Read(b []byte) (n int, err error) {
c.dataReader = AEADReader(c.Conn, aead, c.respBodyIV[:])
case SecurityChacha20Poly1305:
- h := md5.New()
- h.Write(c.respBodyKey[:])
- key := h.Sum(h.Sum(nil))
+ key := make([]byte, 32)
+ t := md5.Sum(c.respBodyKey[:])
+ copy(key, t[:])
+ t = md5.Sum(key[:16])
+ copy(key[16:], t[:])
aead, _ := chacha20poly1305.New(key)
c.dataReader = AEADReader(c.Conn, aead, c.respBodyIV[:])
}
From 3c3cb8e3fdce69c8137d56f1d4b2e2f5f9f24dfd Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 11 Jul 2018 08:34:15 +0800
Subject: [PATCH 200/341] doc: update for vmess and tls
---
README.md | 13 +++++++++++--
conf.go | 13 ++++++++++++-
proxy/tls/tls.go | 2 +-
3 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index 8dd6d73..247fbf2 100644
--- a/README.md
+++ b/README.md
@@ -91,7 +91,7 @@ glider -config CONFIGPATH -listen :8080 -verbose
## Usage
```bash
-glider v0.6.0 usage:
+glider v0.6.2 usage:
-checkduration int
proxy check duration(seconds) (default 30)
-checkwebsite string
@@ -148,7 +148,16 @@ VMess scheme:
vmess://[security:]uuid@host:port?alterID=num
Available methods for vmess:
- NONE, (will add aes-128-gcm and chacha20-poly1305 later)
+ none, aes-128-gcm, chacha20-poly1305
+
+TLS scheme:
+ tls://host:port[?skipVerify=true]
+
+TLS with a specified proxy protocol:
+ tls://host:port[?skipVerify=true],proxy://scheme
+ tls://host:port[?skipVerify=true],http://[user:pass@]
+ tls://host:port[?skipVerify=true],socks5://[user:pass@]
+ tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num
Available forward strategies:
rr: Round Robin mode
diff --git a/conf.go b/conf.go
index 6558635..20a83a2 100644
--- a/conf.go
+++ b/conf.go
@@ -193,7 +193,18 @@ func usage() {
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Available methods for vmess:\n")
- fmt.Fprintf(os.Stderr, " NONE, (will add aes-128-gcm and chacha20-poly1305 later)\n")
+ fmt.Fprintf(os.Stderr, " none, aes-128-gcm, chacha20-poly1305\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "TLS scheme:\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true]\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "TLS with a specified proxy protocol:\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],proxy://scheme\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],http://[user:pass@]\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],socks5://[user:pass@]\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Available forward strategies:\n")
diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go
index d5d453a..d4f8cab 100644
--- a/proxy/tls/tls.go
+++ b/proxy/tls/tls.go
@@ -35,7 +35,7 @@ func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
addr := u.Host
query := u.Query()
- skipVerify := query.Get("InsecureSkipVerify")
+ skipVerify := query.Get("skipVerify")
colonPos := strings.LastIndex(addr, ":")
if colonPos == -1 {
From 49482bf0547d7984dea237bb6d138ad84e748ef4 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 12 Jul 2018 10:58:48 +0800
Subject: [PATCH 201/341] vmess: add rand.Seed to avoid same sequence values of
rand.Read
---
proxy/vmess/client.go | 1 +
1 file changed, 1 insertion(+)
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
index ee9755c..dcbcda8 100644
--- a/proxy/vmess/client.go
+++ b/proxy/vmess/client.go
@@ -114,6 +114,7 @@ func (c *Client) NewConn(rc net.Conn, target string) (*Conn, error) {
}
randBytes := make([]byte, 33)
+ rand.Seed(time.Now().UnixNano())
rand.Read(randBytes)
copy(conn.reqBodyIV[:], randBytes[:16])
From 7a7b25f173b7ea5b42c5a0477e5869fac37d308d Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 12 Jul 2018 11:22:21 +0800
Subject: [PATCH 202/341] doc: update for vmess security settings
---
README.md | 4 ++--
conf.go | 4 ++--
config/glider.conf.example | 5 ++++-
3 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/README.md b/README.md
index 247fbf2..c67c146 100644
--- a/README.md
+++ b/README.md
@@ -147,7 +147,7 @@ SSR scheme:
VMess scheme:
vmess://[security:]uuid@host:port?alterID=num
-Available methods for vmess:
+Available securities for vmess:
none, aes-128-gcm, chacha20-poly1305
TLS scheme:
@@ -194,7 +194,7 @@ Examples:
glider -listen redir://:1081 -forward "ssr://method:pass@1.1.1.1:8444?protocol=a&protocol_param=b&obfs=c&obfs_param=d"
-listen on :1081 as a transparent redirect server, forward all requests via remote ssr server.
- glider -listen redir://:1081 -forward "tls://1.1.1.1:443,vmess://user:method@?alterID=10"
+ glider -listen redir://:1081 -forward "tls://1.1.1.1:443,vmess://security:uuid@?alterID=10"
-listen on :1081 as a transparent redirect server, forward all requests via remote vmess server.
glider -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443
diff --git a/conf.go b/conf.go
index 20a83a2..73848ef 100644
--- a/conf.go
+++ b/conf.go
@@ -192,7 +192,7 @@ func usage() {
fmt.Fprintf(os.Stderr, " vmess://[security:]uuid@host:port?alterID=num\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, "Available methods for vmess:\n")
+ fmt.Fprintf(os.Stderr, "Available securities for vmess:\n")
fmt.Fprintf(os.Stderr, " none, aes-128-gcm, chacha20-poly1305\n")
fmt.Fprintf(os.Stderr, "\n")
@@ -244,7 +244,7 @@ func usage() {
fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward \"ssr://method:pass@1.1.1.1:8444?protocol=a&protocol_param=b&obfs=c&obfs_param=d\"\n")
fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote ssr server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward \"tls://1.1.1.1:443,vmess://user:method@?alterID=10\"\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward \"tls://1.1.1.1:443,vmess://security:uuid@?alterID=10\"\n")
fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote vmess server.\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443\n")
diff --git a/config/glider.conf.example b/config/glider.conf.example
index d69f043..861d92e 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -78,7 +78,10 @@ listen=socks5://:1080
# forward=http://1.1.1.1:8080
# vmess proxy as forwarder
-# forward=tls://1.1.1.1:443,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
+# forward=vmess://security:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@1.1.1.1:443?alterID=2
+
+# vmess proxy with tls as forwarder
+# forward=tls://1.1.1.1:443,vmess://security:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
# FORWARDER CHAIN
From e0f746fa3ded1a4d8ba12eb4d88fe00d65a0a2b7 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 14 Jul 2018 12:18:52 +0800
Subject: [PATCH 203/341] vmess: set rand.Seed only 1 time in NewClient
---
proxy/vmess/client.go | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
index dcbcda8..9815fac 100644
--- a/proxy/vmess/client.go
+++ b/proxy/vmess/client.go
@@ -99,6 +99,9 @@ func NewClient(uuidStr, security string, alterID int) (*Client, error) {
return nil, errors.New("unknown security type: " + security)
}
+ // NOTE: give rand a new seed to avoid the same sequence of values
+ rand.Seed(time.Now().UnixNano())
+
return c, nil
}
@@ -114,7 +117,6 @@ func (c *Client) NewConn(rc net.Conn, target string) (*Conn, error) {
}
randBytes := make([]byte, 33)
- rand.Seed(time.Now().UnixNano())
rand.Read(randBytes)
copy(conn.reqBodyIV[:], randBytes[:16])
From c8c4d5c75c3611d8ae4a0005abf7f6ec53e59134 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 16 Jul 2018 15:08:43 +0800
Subject: [PATCH 204/341] doc: drop support for go1.9
---
.travis.yml | 1 -
README.md | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 1eceb67..23defe8 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,7 +1,6 @@
language: go
go:
- - "1.9.x"
- "1.10.x"
- master
diff --git a/README.md b/README.md
index c67c146..12f86a9 100644
--- a/README.md
+++ b/README.md
@@ -63,7 +63,7 @@ TODO:
Binary:
- [https://github.com/nadoo/glider/releases](https://github.com/nadoo/glider/releases)
-Go Get (requires **Go 1.9+** ):
+Go Get (requires **Go 1.10+** ):
```bash
go get -u github.com/nadoo/glider
```
From 9d42885922a0495f7d6563306b0a17464a3501d2 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 17 Jul 2018 22:14:12 +0800
Subject: [PATCH 205/341] pprof: add pprof conditional compilation
---
dns/dns.go | 6 +++++-
main.go | 2 +-
pprof.go | 12 ++++++++++++
3 files changed, 18 insertions(+), 2 deletions(-)
create mode 100644 pprof.go
diff --git a/dns/dns.go b/dns/dns.go
index 86d919f..d6b1682 100644
--- a/dns/dns.go
+++ b/dns/dns.go
@@ -104,7 +104,11 @@ type Question struct {
// RR format
// https://tools.ietf.org/html/rfc1035#section-3.2.1
-// All RRs have the same top level format shown below:
+// https://tools.ietf.org/html/rfc1035#section-4.1.3
+// The answer, authority, and additional sections all share the same
+// format: a variable number of resource records, where the number of
+// records is specified in the corresponding count field in the header.
+// Each resource record has the following format:
//
// 1 1 1 1 1 1
// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
diff --git a/main.go b/main.go
index b197cc0..83846a4 100644
--- a/main.go
+++ b/main.go
@@ -25,7 +25,7 @@ import (
)
// VERSION .
-const VERSION = "0.6.2"
+const VERSION = "0.6.3"
func dialerFromConf() proxy.Dialer {
// global forwarders in xx.conf
diff --git a/pprof.go b/pprof.go
new file mode 100644
index 0000000..75e6eac
--- /dev/null
+++ b/pprof.go
@@ -0,0 +1,12 @@
+//+build pprof
+
+package main
+
+import _ "net/http/pprof"
+import "net/http"
+
+func init() {
+ go func() {
+ http.ListenAndServe(":6060", nil)
+ }()
+}
From 9856f943ad5659070f59e8b4f4447308a56d1e93 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 21 Jul 2018 22:56:37 +0800
Subject: [PATCH 206/341] ws: add experimental websocket codes
---
dev.go | 16 +++++
pprof.go | 12 ----
proxy/ws/client.go | 115 ++++++++++++++++++++++++++++++++++
proxy/ws/frame.go | 149 +++++++++++++++++++++++++++++++++++++++++++++
proxy/ws/ws.go | 78 ++++++++++++++++++++++++
5 files changed, 358 insertions(+), 12 deletions(-)
create mode 100644 dev.go
delete mode 100644 pprof.go
create mode 100644 proxy/ws/client.go
create mode 100644 proxy/ws/frame.go
create mode 100644 proxy/ws/ws.go
diff --git a/dev.go b/dev.go
new file mode 100644
index 0000000..5f58979
--- /dev/null
+++ b/dev.go
@@ -0,0 +1,16 @@
+//+build dev
+
+package main
+
+import (
+ "net/http"
+ _ "net/http/pprof"
+
+ _ "github.com/nadoo/glider/proxy/ws"
+)
+
+func init() {
+ go func() {
+ http.ListenAndServe(":6060", nil)
+ }()
+}
diff --git a/pprof.go b/pprof.go
deleted file mode 100644
index 75e6eac..0000000
--- a/pprof.go
+++ /dev/null
@@ -1,12 +0,0 @@
-//+build pprof
-
-package main
-
-import _ "net/http/pprof"
-import "net/http"
-
-func init() {
- go func() {
- http.ListenAndServe(":6060", nil)
- }()
-}
diff --git a/proxy/ws/client.go b/proxy/ws/client.go
new file mode 100644
index 0000000..9035469
--- /dev/null
+++ b/proxy/ws/client.go
@@ -0,0 +1,115 @@
+package ws
+
+import (
+ "bufio"
+ "errors"
+ "io"
+ "net"
+ "net/textproto"
+ "strings"
+
+ "github.com/nadoo/glider/common/log"
+)
+
+// Client ws client
+type Client struct {
+ path string
+}
+
+// Conn is a connection to ws server
+type Conn struct {
+ net.Conn
+ reader io.Reader
+ writer io.Writer
+}
+
+// NewClient .
+func NewClient() (*Client, error) {
+ c := &Client{}
+ return c, nil
+}
+
+// NewConn .
+func (c *Client) NewConn(rc net.Conn, target string) (*Conn, error) {
+ conn := &Conn{Conn: rc}
+ conn.Handshake()
+ return conn, nil
+}
+
+// Handshake handshakes with the server using HTTP to request a protocol upgrade
+//
+// GET /chat HTTP/1.1
+// Host: server.example.com
+// Upgrade: websocket
+// Connection: Upgrade
+// Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
+// Origin: http://example.com
+// Sec-WebSocket-Protocol: chat, superchat
+// Sec-WebSocket-Version: 13
+//
+// HTTP/1.1 101 Switching Protocols
+// Upgrade: websocket
+// Connection: Upgrade
+// Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
+// Sec-WebSocket-Protocol: chat
+func (c *Conn) Handshake() error {
+ c.Conn.Write([]byte("GET / HTTP/1.1\r\n"))
+ c.Conn.Write([]byte("Host: echo.websocket.org\r\n"))
+ c.Conn.Write([]byte("Upgrade: websocket\r\n"))
+ c.Conn.Write([]byte("Connection: Upgrade\r\n"))
+ c.Conn.Write([]byte("Origin: http://127.0.0.1\r\n"))
+ c.Conn.Write([]byte("Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\n"))
+ c.Conn.Write([]byte("Sec-WebSocket-Protocol: binary\r\n"))
+ c.Conn.Write([]byte("Sec-WebSocket-Version: 13\r\n"))
+ c.Conn.Write([]byte("\r\n"))
+
+ tpr := textproto.NewReader(bufio.NewReader(c.Conn))
+ _, code, _, ok := parseFirstLine(tpr)
+ if !ok || code != "101" {
+ return errors.New("error in ws handshake")
+ }
+
+ respHeader, err := tpr.ReadMIMEHeader()
+ if err != nil {
+ return err
+ }
+
+ // TODO: verify this
+ respHeader.Get("Sec-WebSocket-Accept")
+ // fmt.Printf("respHeader: %+v\n", respHeader)
+
+ return nil
+}
+func (c *Conn) Write(b []byte) (n int, err error) {
+ if c.writer == nil {
+ c.writer = FrameWriter(c.Conn)
+ }
+
+ return c.writer.Write(b)
+}
+func (c *Conn) Read(b []byte) (n int, err error) {
+ if c.reader == nil {
+ c.reader = FrameReader(c.Conn)
+ }
+
+ return c.reader.Read(b)
+}
+
+// parseFirstLine parses "GET /foo HTTP/1.1" OR "HTTP/1.1 200 OK" into its three parts.
+// TODO: move to seperate http lib package for reuse(also for http proxy module)
+func parseFirstLine(tp *textproto.Reader) (r1, r2, r3 string, ok bool) {
+ line, err := tp.ReadLine()
+ // log.F("first line: %s", line)
+ if err != nil {
+ log.F("[http] read first line error:%s", err)
+ return
+ }
+
+ s1 := strings.Index(line, " ")
+ s2 := strings.Index(line[s1+1:], " ")
+ if s1 < 0 || s2 < 0 {
+ return
+ }
+ s2 += s1 + 1
+ return line[:s1], line[s1+1 : s2], line[s2+1:], true
+}
diff --git a/proxy/ws/frame.go b/proxy/ws/frame.go
new file mode 100644
index 0000000..674d89c
--- /dev/null
+++ b/proxy/ws/frame.go
@@ -0,0 +1,149 @@
+// https://tools.ietf.org/html/rfc6455
+
+package ws
+
+import (
+ "bytes"
+ "encoding/binary"
+ "io"
+ "math/rand"
+)
+
+const (
+ finalBit = 1 << 7
+ defaultFrameSize = 1 << 13 // 8192
+ maxFrameHeaderSize = 2 + 8 + 4 // Fixed header + length + mask
+ maskBit = 1 << 7
+ opCodeBinary = 2
+ opClose = 8
+ maskKeyLen = 4
+)
+
+type frame struct {
+}
+
+type frameWriter struct {
+ io.Writer
+ buf []byte
+ maskKey []byte
+}
+
+// FrameWriter returns a frame writer
+func FrameWriter(w io.Writer) io.Writer {
+ n := rand.Uint32()
+ return &frameWriter{
+ Writer: w,
+ buf: make([]byte, maxFrameHeaderSize+defaultFrameSize),
+ maskKey: []byte{byte(n), byte(n >> 8), byte(n >> 16), byte(n >> 24)},
+ }
+}
+
+func (w *frameWriter) Write(b []byte) (int, error) {
+ n, err := w.ReadFrom(bytes.NewBuffer(b))
+ return int(n), err
+}
+
+func (w *frameWriter) ReadFrom(r io.Reader) (n int64, err error) {
+ for {
+ buf := w.buf
+
+ nr, er := r.Read(buf)
+ if nr > 0 {
+ n += int64(nr)
+ buf[0] |= finalBit
+ buf[0] |= opCodeBinary
+ buf[1] |= maskBit
+
+ lengthFieldLen := 0
+ switch {
+ case nr <= 125:
+ buf[1] |= byte(nr)
+ lengthFieldLen = 2
+ case nr < 65536:
+ buf[1] |= 126
+ lengthFieldLen = 2
+ binary.BigEndian.PutUint16(buf[2:2+lengthFieldLen], uint16(nr))
+ default:
+ buf[1] |= 127
+ lengthFieldLen = 8
+ binary.BigEndian.PutUint64(buf[2:2+lengthFieldLen], uint64(nr))
+ }
+
+ copy(buf[2+lengthFieldLen:], w.maskKey)
+ payloadBuf := buf[2+lengthFieldLen+maskKeyLen:]
+ for i := range payloadBuf {
+ payloadBuf[i] = payloadBuf[i] ^ w.maskKey[i%4]
+ }
+
+ _, ew := w.Writer.Write(buf)
+ if ew != nil {
+ err = ew
+ break
+ }
+ }
+
+ if er != nil {
+ if er != io.EOF { // ignore EOF as per io.ReaderFrom contract
+ err = er
+ }
+ break
+ }
+
+ }
+
+ return n, err
+}
+
+type frameReader struct {
+ io.Reader
+ buf []byte
+ leftover []byte
+}
+
+// FrameReader returns a chunked reader
+func FrameReader(r io.Reader) io.Reader {
+ return &frameReader{
+ Reader: r,
+ buf: make([]byte, defaultFrameSize),
+ }
+}
+
+func (r *frameReader) Read(b []byte) (int, error) {
+ if len(r.leftover) > 0 {
+ n := copy(b, r.leftover)
+ r.leftover = r.leftover[n:]
+ return n, nil
+ }
+
+ // get msg header
+ _, err := io.ReadFull(r.Reader, r.buf[:2])
+ if err != nil {
+ return 0, err
+ }
+
+ // final := r.buf[0]&finalBit != 0
+ // frameType := int(r.buf[0] & 0xf)
+ // mask := r.buf[1]&maskBit != 0
+ len := int64(r.buf[1] & 0x7f)
+ switch len {
+ case 126:
+ io.ReadFull(r.Reader, r.buf[:2])
+ len = int64(binary.BigEndian.Uint16(r.buf[0:]))
+ case 127:
+ io.ReadFull(r.Reader, r.buf[:8])
+ len = int64(binary.BigEndian.Uint64(r.buf[0:]))
+ }
+
+ // get payload
+ _, err = io.ReadFull(r.Reader, r.buf[:len])
+ if err != nil {
+ return 0, err
+ }
+
+ m := copy(b, r.buf[:len])
+ if m < int(len) {
+ r.leftover = r.buf[m:len]
+ }
+
+ return m, err
+}
diff --git a/proxy/ws/ws.go b/proxy/ws/ws.go
new file mode 100644
index 0000000..2500f2a
--- /dev/null
+++ b/proxy/ws/ws.go
@@ -0,0 +1,78 @@
+package ws
+
+import (
+ "errors"
+ "net"
+ "net/url"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+// WS .
+type WS struct {
+ dialer proxy.Dialer
+ addr string
+
+ client *Client
+}
+
+func init() {
+ proxy.RegisterDialer("ws", NewWSDialer)
+}
+
+// NewWS returns a websocket proxy.
+func NewWS(s string, dialer proxy.Dialer) (*WS, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse url err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+
+ client, err := NewClient()
+ if err != nil {
+ log.F("create ws client err: %s", err)
+ return nil, err
+ }
+
+ p := &WS{
+ dialer: dialer,
+ addr: addr,
+ client: client,
+ }
+
+ return p, nil
+}
+
+// NewWSDialer returns a ws proxy dialer.
+func NewWSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewWS(s, dialer)
+}
+
+// Addr returns forwarder's address
+func (s *WS) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
+
+// NextDialer returns the next dialer
+func (s *WS) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial connects to the address addr on the network net via the proxy.
+func (s *WS) Dial(network, addr string) (net.Conn, error) {
+ rc, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ return nil, err
+ }
+
+ return s.client.NewConn(rc, addr)
+}
+
+// DialUDP connects to the given address via the proxy.
+func (s *WS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ return nil, nil, errors.New("ws client does not support udp now")
+}
From ff1fb8c29173c6ea2c07ad3ed79fd12bfae4d90c Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 22 Jul 2018 18:21:27 +0800
Subject: [PATCH 207/341] ws: fixed bug in ws codes and now it worked
---
dev.go | 1 +
main_linux.go | 1 -
proxy/http/http.go | 12 +++++------
proxy/ws/client.go | 51 +++++++++++++++++++---------------------------
proxy/ws/frame.go | 43 ++++++++++++++++++++++----------------
proxy/ws/ws.go | 9 +++++++-
6 files changed, 61 insertions(+), 56 deletions(-)
diff --git a/dev.go b/dev.go
index 5f58979..2aff07f 100644
--- a/dev.go
+++ b/dev.go
@@ -7,6 +7,7 @@ import (
_ "net/http/pprof"
_ "github.com/nadoo/glider/proxy/ws"
+ // _ "github.com/nadoo/glider/proxy/tproxy"
)
func init() {
diff --git a/main_linux.go b/main_linux.go
index 87c6457..636e616 100644
--- a/main_linux.go
+++ b/main_linux.go
@@ -2,5 +2,4 @@ package main
import (
_ "github.com/nadoo/glider/proxy/redir"
- // _ "github.com/nadoo/glider/proxy/tproxy"
)
diff --git a/proxy/http/http.go b/proxy/http/http.go
index 870cf37..c7da285 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -118,14 +118,14 @@ func (s *HTTP) Serve(c net.Conn) {
// tell the remote server not to keep alive
reqHeader.Set("Connection", "close")
- url, err := url.ParseRequestURI(requestURI)
+ u, err := url.ParseRequestURI(requestURI)
if err != nil {
log.F("[http] parse request url error: %s", err)
return
}
- var tgt = url.Host
- if !strings.Contains(url.Host, ":") {
+ var tgt = u.Host
+ if !strings.Contains(u.Host, ":") {
tgt += ":80"
}
@@ -139,9 +139,9 @@ func (s *HTTP) Serve(c net.Conn) {
// GET http://example.com/a/index.htm HTTP/1.1 -->
// GET /a/index.htm HTTP/1.1
- url.Scheme = ""
- url.Host = ""
- uri := url.String()
+ u.Scheme = ""
+ u.Host = ""
+ uri := u.String()
var reqBuf bytes.Buffer
writeFirstLine(method, uri, proto, &reqBuf)
diff --git a/proxy/ws/client.go b/proxy/ws/client.go
index 9035469..d5cd5e9 100644
--- a/proxy/ws/client.go
+++ b/proxy/ws/client.go
@@ -13,6 +13,7 @@ import (
// Client ws client
type Client struct {
+ host string
path string
}
@@ -24,41 +25,29 @@ type Conn struct {
}
// NewClient .
-func NewClient() (*Client, error) {
- c := &Client{}
+func NewClient(host, path string) (*Client, error) {
+ if path == "" {
+ path = "/"
+ }
+ c := &Client{host: host, path: path}
return c, nil
}
// NewConn .
func (c *Client) NewConn(rc net.Conn, target string) (*Conn, error) {
conn := &Conn{Conn: rc}
- conn.Handshake()
- return conn, nil
+ return conn, conn.Handshake(c.host, c.path)
}
// Handshake handshakes with the server using HTTP to request a protocol upgrade
-//
-// GET /chat HTTP/1.1
-// Host: server.example.com
-// Upgrade: websocket
-// Connection: Upgrade
-// Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
-// Origin: http://example.com
-// Sec-WebSocket-Protocol: chat, superchat
-// Sec-WebSocket-Version: 13
-//
-// HTTP/1.1 101 Switching Protocols
-// Upgrade: websocket
-// Connection: Upgrade
-// Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
-// Sec-WebSocket-Protocol: chat
-func (c *Conn) Handshake() error {
- c.Conn.Write([]byte("GET / HTTP/1.1\r\n"))
- c.Conn.Write([]byte("Host: echo.websocket.org\r\n"))
+func (c *Conn) Handshake(host, path string) error {
+ c.Conn.Write([]byte("GET " + path + " HTTP/1.1\r\n"))
+ // c.Conn.Write([]byte("Host: 127.0.0.1\r\n"))
+ c.Conn.Write([]byte("Host: " + host + "\r\n"))
c.Conn.Write([]byte("Upgrade: websocket\r\n"))
c.Conn.Write([]byte("Connection: Upgrade\r\n"))
- c.Conn.Write([]byte("Origin: http://127.0.0.1\r\n"))
- c.Conn.Write([]byte("Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\n"))
+ c.Conn.Write([]byte("Origin: http://" + host + "\r\n"))
+ c.Conn.Write([]byte("Sec-WebSocket-Key: w4v7O6xFTi36lq3RNcgctw==\r\n"))
c.Conn.Write([]byte("Sec-WebSocket-Protocol: binary\r\n"))
c.Conn.Write([]byte("Sec-WebSocket-Version: 13\r\n"))
c.Conn.Write([]byte("\r\n"))
@@ -69,17 +58,18 @@ func (c *Conn) Handshake() error {
return errors.New("error in ws handshake")
}
- respHeader, err := tpr.ReadMIMEHeader()
- if err != nil {
- return err
- }
+ // respHeader, err := tpr.ReadMIMEHeader()
+ // if err != nil {
+ // return err
+ // }
- // TODO: verify this
- respHeader.Get("Sec-WebSocket-Accept")
+ // // TODO: verify this
+ // respHeader.Get("Sec-WebSocket-Accept")
// fmt.Printf("respHeader: %+v\n", respHeader)
return nil
}
+
func (c *Conn) Write(b []byte) (n int, err error) {
if c.writer == nil {
c.writer = FrameWriter(c.Conn)
@@ -87,6 +77,7 @@ func (c *Conn) Write(b []byte) (n int, err error) {
return c.writer.Write(b)
}
+
func (c *Conn) Read(b []byte) (n int, err error) {
if c.reader == nil {
c.reader = FrameReader(c.Conn)
diff --git a/proxy/ws/frame.go b/proxy/ws/frame.go
index 674d89c..a38e490 100644
--- a/proxy/ws/frame.go
+++ b/proxy/ws/frame.go
@@ -10,18 +10,15 @@ import (
)
const (
- finalBit = 1 << 7
- defaultFrameSize = 1 << 13 // 8192
- maxFrameHeaderSize = 2 + 8 + 4 // Fixed header + length + mask
- maskBit = 1 << 7
- opCodeBinary = 2
- opClose = 8
- maskKeyLen = 4
+ finalBit byte = 1 << 7
+ defaultFrameSize = 4096
+ maxFrameHeaderSize = 2 + 8 + 4 // Fixed header + length + mask
+ maskBit byte = 1 << 7
+ opCodeBinary byte = 2
+ opClose byte = 8
+ maskKeyLen = 4
)
-type frame struct {
-}
-
type frameWriter struct {
io.Writer
buf []byte
@@ -46,19 +43,18 @@ func (w *frameWriter) Write(b []byte) (int, error) {
func (w *frameWriter) ReadFrom(r io.Reader) (n int64, err error) {
for {
buf := w.buf
+ payloadBuf := buf[maxFrameHeaderSize:]
- nr, er := r.Read(buf)
+ nr, er := r.Read(payloadBuf)
if nr > 0 {
n += int64(nr)
- buf[0] |= finalBit
- buf[0] |= opCodeBinary
- buf[1] |= maskBit
+ buf[0] = finalBit | opCodeBinary
+ buf[1] = maskBit
lengthFieldLen := 0
switch {
case nr <= 125:
buf[1] |= byte(nr)
- lengthFieldLen = 2
case nr < 65536:
buf[1] |= 126
lengthFieldLen = 2
@@ -69,13 +65,24 @@ func (w *frameWriter) ReadFrom(r io.Reader) (n int64, err error) {
binary.BigEndian.PutUint64(buf[2:2+lengthFieldLen], uint64(nr))
}
- copy(buf[2+lengthFieldLen:], w.maskKey)
- payloadBuf := buf[2+lengthFieldLen+maskKeyLen:]
+ _, ew := w.Writer.Write(buf[:2+lengthFieldLen])
+ if ew != nil {
+ err = ew
+ break
+ }
+
+ _, ew = w.Writer.Write(w.maskKey)
+ if ew != nil {
+ err = ew
+ break
+ }
+
+ payloadBuf = payloadBuf[:nr]
for i := range payloadBuf {
payloadBuf[i] = payloadBuf[i] ^ w.maskKey[i%4]
}
- _, ew := w.Writer.Write(buf)
+ _, ew = w.Writer.Write(payloadBuf)
if ew != nil {
err = ew
break
diff --git a/proxy/ws/ws.go b/proxy/ws/ws.go
index 2500f2a..14d6162 100644
--- a/proxy/ws/ws.go
+++ b/proxy/ws/ws.go
@@ -4,6 +4,7 @@ import (
"errors"
"net"
"net/url"
+ "strings"
"github.com/nadoo/glider/common/log"
"github.com/nadoo/glider/proxy"
@@ -31,7 +32,13 @@ func NewWS(s string, dialer proxy.Dialer) (*WS, error) {
addr := u.Host
- client, err := NewClient()
+ colonPos := strings.LastIndex(addr, ":")
+ if colonPos == -1 {
+ colonPos = len(addr)
+ }
+ serverName := addr[:colonPos]
+
+ client, err := NewClient(serverName, u.Path)
if err != nil {
log.F("create ws client err: %s", err)
return nil, err
From bb45b671c007842268d9e9a47d87366a4daebd27 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 22 Jul 2018 18:54:18 +0800
Subject: [PATCH 208/341] general: add dev_linux conditional build codes
---
dev.go | 1 -
dev_linux.go | 5 +++++
proxy/ws/frame.go | 22 +++++++++++++++++++++-
3 files changed, 26 insertions(+), 2 deletions(-)
create mode 100644 dev_linux.go
diff --git a/dev.go b/dev.go
index 2aff07f..5f58979 100644
--- a/dev.go
+++ b/dev.go
@@ -7,7 +7,6 @@ import (
_ "net/http/pprof"
_ "github.com/nadoo/glider/proxy/ws"
- // _ "github.com/nadoo/glider/proxy/tproxy"
)
func init() {
diff --git a/dev_linux.go b/dev_linux.go
new file mode 100644
index 0000000..1ebcfed
--- /dev/null
+++ b/dev_linux.go
@@ -0,0 +1,5 @@
+package main
+
+import (
+ _ "github.com/nadoo/glider/proxy/tproxy"
+)
diff --git a/proxy/ws/frame.go b/proxy/ws/frame.go
index a38e490..c336039 100644
--- a/proxy/ws/frame.go
+++ b/proxy/ws/frame.go
@@ -1,4 +1,24 @@
-// https://tools.ietf.org/html/rfc6455
+// https://tools.ietf.org/html/rfc6455#section-5.2
+//
+// Frame Format
+// 0 1 2 3
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+// +-+-+-+-+-------+-+-------------+-------------------------------+
+// |F|R|R|R| opcode|M| Payload len | Extended payload length |
+// |I|S|S|S| (4) |A| (7) | (16/64) |
+// |N|V|V|V| |S| | (if payload len==126/127) |
+// | |1|2|3| |K| | |
+// +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - +
+// | Extended payload length continued, if payload len == 127 |
+// + - - - - - - - - - - - - - - - +-------------------------------+
+// | |Masking-key, if MASK set to 1 |
+// +-------------------------------+-------------------------------+
+// | Masking-key (continued) | Payload Data |
+// +-------------------------------- - - - - - - - - - - - - - - - +
+// : Payload Data continued ... :
+// + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
+// | Payload Data continued ... |
+// +---------------------------------------------------------------+
package ws
From 068e4df8fc78cd8629948dca406ba8184285cf18 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 22 Jul 2018 20:02:50 +0800
Subject: [PATCH 209/341] doc: add some info for websocket
---
README.md | 20 ++++++++++++++++++--
conf.go | 20 +++++++++++++++++++-
config/glider.conf.example | 6 ++++++
dev_linux.go | 2 ++
4 files changed, 45 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 12f86a9..66feb4d 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,7 @@ Forward (local proxy client/upstream proxy server):
- SSR proxy(tcp)
- VMess proxy(tcp)
- TLS, use it together with above proxy protocols(tcp)
+- Websocket, use it together with above proxy protocols(tcp)
DNS Forwarding Server (udp2tcp):
- Listen on UDP and forward dns requests to remote dns server in TCP via forwarders
@@ -91,7 +92,7 @@ glider -config CONFIGPATH -listen :8080 -verbose
## Usage
```bash
-glider v0.6.2 usage:
+glider v0.6.3 usage:
-checkduration int
proxy check duration(seconds) (default 30)
-checkwebsite string
@@ -132,7 +133,7 @@ Available Schemes:
Available schemes for different modes:
listen: mixed ss socks5 http redir tcptun udptun uottun dnstun
- forward: ss socks5 http ssr vmess
+ forward: ss socks5 http ssr vmess tls ws
SS scheme:
ss://method:pass@host:port
@@ -159,6 +160,21 @@ TLS with a specified proxy protocol:
tls://host:port[?skipVerify=true],socks5://[user:pass@]
tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num
+Websocket scheme:
+ ws://host:port[/path]
+
+Websocket with a specified proxy protocol:
+ ws://host:port[/path],proxy://scheme
+ ws://host:port[/path],http://[user:pass@]
+ ws://host:port[/path],socks5://[user:pass@]
+ ws://host:port[/path],vmess://[security:]uuid@?alterID=num
+
+TLS and Websocket with a specified proxy protocol:
+ tls://host:port[?skipVerify=true],ws://[@/path],proxy://scheme
+ tls://host:port[?skipVerify=true],ws://[@/path],http://[user:pass@]
+ tls://host:port[?skipVerify=true],ws://[@/path],socks5://[user:pass@]
+ tls://host:port[?skipVerify=true],ws://[@/path],vmess://[security:]uuid@?alterID=num
+
Available forward strategies:
rr: Round Robin mode
ha: High Availability mode
diff --git a/conf.go b/conf.go
index 73848ef..64ac1d3 100644
--- a/conf.go
+++ b/conf.go
@@ -171,7 +171,7 @@ func usage() {
fmt.Fprintf(os.Stderr, "Available schemes for different modes:\n")
fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir tcptun udptun uottun dnstun\n")
- fmt.Fprintf(os.Stderr, " forward: ss socks5 http ssr vmess\n")
+ fmt.Fprintf(os.Stderr, " forward: ss socks5 http ssr vmess tls ws\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "SS scheme:\n")
@@ -207,6 +207,24 @@ func usage() {
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num\n")
fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, "Websocket scheme:\n")
+ fmt.Fprintf(os.Stderr, " ws://host:port[/path]\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "Websocket with a specified proxy protocol:\n")
+ fmt.Fprintf(os.Stderr, " ws://host:port[/path],proxy://scheme\n")
+ fmt.Fprintf(os.Stderr, " ws://host:port[/path],http://[user:pass@]\n")
+ fmt.Fprintf(os.Stderr, " ws://host:port[/path],socks5://[user:pass@]\n")
+ fmt.Fprintf(os.Stderr, " ws://host:port[/path],vmess://[security:]uuid@?alterID=num\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "TLS and Websocket with a specified proxy protocol:\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],ws://[@/path],proxy://scheme\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],ws://[@/path],http://[user:pass@]\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],ws://[@/path],socks5://[user:pass@]\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],ws://[@/path],vmess://[security:]uuid@?alterID=num\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
fmt.Fprintf(os.Stderr, "Available forward strategies:\n")
fmt.Fprintf(os.Stderr, " rr: Round Robin mode\n")
fmt.Fprintf(os.Stderr, " ha: High Availability mode\n")
diff --git a/config/glider.conf.example b/config/glider.conf.example
index 861d92e..b4fc2d7 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -83,6 +83,12 @@ listen=socks5://:1080
# vmess proxy with tls as forwarder
# forward=tls://1.1.1.1:443,vmess://security:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
+# vmess proxy with ws as forwarder
+# forward=ws://1.1.1.1:80,vmess://security:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
+
+# vmess proxy with ws and tls as forwarder
+# forward=tls://1.1.1.1:443,ws://,vmess://security:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
+# forward=tls://1.1.1.1:443,ws://@path,vmess://security:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
# FORWARDER CHAIN
# ---------------
diff --git a/dev_linux.go b/dev_linux.go
index 1ebcfed..52e7dd3 100644
--- a/dev_linux.go
+++ b/dev_linux.go
@@ -1,3 +1,5 @@
+//+build dev
+
package main
import (
From 18114f1c3313697e25e57d1cdede73065138dadd Mon Sep 17 00:00:00 2001
From: Soff
Date: Sun, 22 Jul 2018 22:11:40 +0800
Subject: [PATCH 210/341] Update glider.conf
Missing colon
---
config/examples/8.transparent_proxy_with_dnsmasq/glider.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf b/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf
index ea68297..161e66c 100644
--- a/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf
+++ b/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf
@@ -3,7 +3,7 @@
verbose=True
listen=redir://:1081
-listen=dnstun://5353=8.8.8.8:53
+listen=dnstun://:5353=8.8.8.8:53
forward=http://forwarder1:8080,socks5://forwarder2:1080
forward=http://1.1.1.1:8080
From b57db4f429bb5d2715d75d914e19833482da479d Mon Sep 17 00:00:00 2001
From: Soff
Date: Sun, 22 Jul 2018 22:12:17 +0800
Subject: [PATCH 211/341] Update README.md
Missing colon
---
config/examples/8.transparent_proxy_with_dnsmasq/README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/README.md b/config/examples/8.transparent_proxy_with_dnsmasq/README.md
index 6084d58..3cffa0c 100644
--- a/config/examples/8.transparent_proxy_with_dnsmasq/README.md
+++ b/config/examples/8.transparent_proxy_with_dnsmasq/README.md
@@ -6,7 +6,7 @@ glider.conf
```bash
verbose=True
listen=redir://:1081
-listen=dnstun://5353=8.8.8.8:53
+listen=dnstun://:5353=8.8.8.8:53
forward=http://forwarder1:8080,socks5://forwarder2:1080
forward=http://1.1.1.1:8080
strategy=rr
From 68d8fb8b600b315ba203cc99888b6bcfa082b3b9 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 23 Jul 2018 01:41:18 +0800
Subject: [PATCH 212/341] ws: fixed a bug in frame reader
---
proxy/ws/frame.go | 90 +++++++++++++++++++++++++++--------------------
1 file changed, 52 insertions(+), 38 deletions(-)
diff --git a/proxy/ws/frame.go b/proxy/ws/frame.go
index c336039..4df6c4d 100644
--- a/proxy/ws/frame.go
+++ b/proxy/ws/frame.go
@@ -30,13 +30,16 @@ import (
)
const (
- finalBit byte = 1 << 7
- defaultFrameSize = 4096
- maxFrameHeaderSize = 2 + 8 + 4 // Fixed header + length + mask
- maskBit byte = 1 << 7
- opCodeBinary byte = 2
- opClose byte = 8
- maskKeyLen = 4
+ defaultFrameSize = 4096
+ maxFrameHeaderSize = 2 + 8 + 4 // Fixed header + length + mask
+ maskKeyLen = 4
+)
+
+const (
+ finalBit byte = 1 << 7
+ maskBit byte = 1 << 7
+ opCodeBinary byte = 2
+ opClose byte = 8
)
type frameWriter struct {
@@ -85,18 +88,21 @@ func (w *frameWriter) ReadFrom(r io.Reader) (n int64, err error) {
binary.BigEndian.PutUint64(buf[2:2+lengthFieldLen], uint64(nr))
}
+ // header and length
_, ew := w.Writer.Write(buf[:2+lengthFieldLen])
if ew != nil {
err = ew
break
}
+ // maskkey
_, ew = w.Writer.Write(w.maskKey)
if ew != nil {
err = ew
break
}
+ // payload
payloadBuf = payloadBuf[:nr]
for i := range payloadBuf {
payloadBuf[i] = payloadBuf[i] ^ w.maskKey[i%4]
@@ -123,8 +129,8 @@ func (w *frameWriter) ReadFrom(r io.Reader) (n int64, err error) {
type frameReader struct {
io.Reader
- buf []byte
- leftover []byte
+ buf []byte
+ leftBytes int64
}
// FrameReader returns a chunked reader
@@ -136,41 +142,49 @@ func FrameReader(r io.Reader) io.Reader {
}
func (r *frameReader) Read(b []byte) (int, error) {
- if len(r.leftover) > 0 {
- n := copy(b, r.leftover)
- r.leftover = r.leftover[n:]
- return n, nil
+ if r.leftBytes == 0 {
+ // get msg header
+ _, err := io.ReadFull(r.Reader, r.buf[:2])
+ if err != nil {
+ return 0, err
+ }
+
+ // final := r.buf[0]&finalBit != 0
+ // frameType := int(r.buf[0] & 0xf)
+ // mask := r.buf[1]&maskBit != 0
+ r.leftBytes = int64(r.buf[1] & 0x7f)
+ switch r.leftBytes {
+ case 126:
+ io.ReadFull(r.Reader, r.buf[:2])
+ r.leftBytes = int64(binary.BigEndian.Uint16(r.buf[0:]))
+ case 127:
+ io.ReadFull(r.Reader, r.buf[:8])
+ r.leftBytes = int64(binary.BigEndian.Uint64(r.buf[0:]))
+ }
+ }
+
+ var n, m int
+ var err error
+ if r.leftBytes > int64(len(r.buf)) {
+ if len(b) < len(r.buf) {
+ n, err = r.Reader.Read(r.buf[:len(b)])
+ } else {
+ n, err = r.Reader.Read(r.buf)
+ }
+ } else {
+ if int64(len(b)) < r.leftBytes {
+ n, err = io.ReadFull(r.Reader, r.buf[:len(b)])
+ } else {
+ n, err = io.ReadFull(r.Reader, r.buf[:r.leftBytes])
+ }
}
- // get msg header
- _, err := io.ReadFull(r.Reader, r.buf[:2])
if err != nil {
return 0, err
}
- // final := r.buf[0]&finalBit != 0
- // frameType := int(r.buf[0] & 0xf)
- // mask := r.buf[1]&maskBit != 0
- len := int64(r.buf[1] & 0x7f)
- switch len {
- case 126:
- io.ReadFull(r.Reader, r.buf[:2])
- len = int64(binary.BigEndian.Uint16(r.buf[0:]))
- case 127:
- io.ReadFull(r.Reader, r.buf[:8])
- len = int64(binary.BigEndian.Uint64(r.buf[0:]))
- }
-
- // get payload
- _, err = io.ReadFull(r.Reader, r.buf[:len])
- if err != nil {
- return 0, err
- }
-
- m := copy(b, r.buf[:len])
- if m < int(len) {
- r.leftover = r.buf[m:len]
- }
+ m = copy(b, r.buf[:n])
+ r.leftBytes -= int64(m)
return m, err
}
From 88eee75aa718a56bbc8ec8340fc1245c144e7eee Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 24 Jul 2018 00:45:41 +0800
Subject: [PATCH 213/341] ws: add support for security key check
---
README.md | 9 ++++--
conf.go | 11 +++++---
dev.go | 6 +++-
proxy/vmess/chunk.go | 48 +++++++++++++++-----------------
proxy/ws/client.go | 66 ++++++++++++++++++++++++++++++--------------
proxy/ws/frame.go | 32 +++++++++------------
6 files changed, 98 insertions(+), 74 deletions(-)
diff --git a/README.md b/README.md
index 66feb4d..a779c05 100644
--- a/README.md
+++ b/README.md
@@ -155,7 +155,7 @@ TLS scheme:
tls://host:port[?skipVerify=true]
TLS with a specified proxy protocol:
- tls://host:port[?skipVerify=true],proxy://scheme
+ tls://host:port[?skipVerify=true],scheme://
tls://host:port[?skipVerify=true],http://[user:pass@]
tls://host:port[?skipVerify=true],socks5://[user:pass@]
tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num
@@ -170,7 +170,7 @@ Websocket with a specified proxy protocol:
ws://host:port[/path],vmess://[security:]uuid@?alterID=num
TLS and Websocket with a specified proxy protocol:
- tls://host:port[?skipVerify=true],ws://[@/path],proxy://scheme
+ tls://host:port[?skipVerify=true],ws://[@/path],scheme://
tls://host:port[?skipVerify=true],ws://[@/path],http://[user:pass@]
tls://host:port[?skipVerify=true],ws://[@/path],socks5://[user:pass@]
tls://host:port[?skipVerify=true],ws://[@/path],vmess://[security:]uuid@?alterID=num
@@ -211,7 +211,10 @@ Examples:
-listen on :1081 as a transparent redirect server, forward all requests via remote ssr server.
glider -listen redir://:1081 -forward "tls://1.1.1.1:443,vmess://security:uuid@?alterID=10"
- -listen on :1081 as a transparent redirect server, forward all requests via remote vmess server.
+ -listen on :1081 as a transparent redirect server, forward all requests via remote tls+vmess server.
+
+ glider -listen redir://:1081 -forward "ws://1.1.1.1:80,vmess://security:uuid@?alterID=10"
+ -listen on :1081 as a transparent redirect server, forward all requests via remote ws+vmess server.
glider -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443
-listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.
diff --git a/conf.go b/conf.go
index 64ac1d3..ba5b57c 100644
--- a/conf.go
+++ b/conf.go
@@ -201,7 +201,7 @@ func usage() {
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "TLS with a specified proxy protocol:\n")
- fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],proxy://scheme\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],scheme://\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],http://[user:pass@]\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],socks5://[user:pass@]\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num\n")
@@ -212,14 +212,14 @@ func usage() {
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Websocket with a specified proxy protocol:\n")
- fmt.Fprintf(os.Stderr, " ws://host:port[/path],proxy://scheme\n")
+ fmt.Fprintf(os.Stderr, " ws://host:port[/path],scheme://\n")
fmt.Fprintf(os.Stderr, " ws://host:port[/path],http://[user:pass@]\n")
fmt.Fprintf(os.Stderr, " ws://host:port[/path],socks5://[user:pass@]\n")
fmt.Fprintf(os.Stderr, " ws://host:port[/path],vmess://[security:]uuid@?alterID=num\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "TLS and Websocket with a specified proxy protocol:\n")
- fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],ws://[@/path],proxy://scheme\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],ws://[@/path],scheme://\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],ws://[@/path],http://[user:pass@]\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],ws://[@/path],socks5://[user:pass@]\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],ws://[@/path],vmess://[security:]uuid@?alterID=num\n")
@@ -263,7 +263,10 @@ func usage() {
fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote ssr server.\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward \"tls://1.1.1.1:443,vmess://security:uuid@?alterID=10\"\n")
- fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote vmess server.\n")
+ fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote tls+vmess server.\n")
+ fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -forward \"ws://1.1.1.1:80,vmess://security:uuid@?alterID=10\"\n")
+ fmt.Fprintf(os.Stderr, " -listen on :1081 as a transparent redirect server, forward all requests via remote ws+vmess server.\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443\n")
fmt.Fprintf(os.Stderr, " -listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.\n")
diff --git a/dev.go b/dev.go
index 5f58979..7a43b10 100644
--- a/dev.go
+++ b/dev.go
@@ -3,6 +3,7 @@
package main
import (
+ "fmt"
"net/http"
_ "net/http/pprof"
@@ -11,6 +12,9 @@ import (
func init() {
go func() {
- http.ListenAndServe(":6060", nil)
+ err := http.ListenAndServe(":6060", nil)
+ if err != nil {
+ fmt.Printf("Create pprof server error: %s\n", err)
+ }
}()
}
diff --git a/proxy/vmess/chunk.go b/proxy/vmess/chunk.go
index f845799..89b71bc 100644
--- a/proxy/vmess/chunk.go
+++ b/proxy/vmess/chunk.go
@@ -62,47 +62,43 @@ func (w *chunkedWriter) ReadFrom(r io.Reader) (n int64, err error) {
type chunkedReader struct {
io.Reader
- buf []byte
- leftover []byte
+ buf []byte
+ leftBytes int
}
// ChunkedReader returns a chunked reader
func ChunkedReader(r io.Reader) io.Reader {
return &chunkedReader{
Reader: r,
- buf: make([]byte, lenSize+maxChunkSize),
+ buf: make([]byte, lenSize), // NOTE: buf only used to save header bytes now
}
}
func (r *chunkedReader) Read(b []byte) (int, error) {
- if len(r.leftover) > 0 {
- n := copy(b, r.leftover)
- r.leftover = r.leftover[n:]
- return n, nil
+ if r.leftBytes == 0 {
+ // get length
+ _, err := io.ReadFull(r.Reader, r.buf[:lenSize])
+ if err != nil {
+ return 0, err
+ }
+
+ // if length == 0, then this is the end
+ r.leftBytes = int(binary.BigEndian.Uint16(r.buf[:lenSize]))
+ if r.leftBytes == 0 {
+ return 0, nil
+ }
}
- // get length
- _, err := io.ReadFull(r.Reader, r.buf[:lenSize])
+ readLen := len(b)
+ if readLen > r.leftBytes {
+ readLen = r.leftBytes
+ }
+
+ m, err := r.Reader.Read(b[:readLen])
if err != nil {
return 0, err
}
- // if length == 0, then this is the end
- len := binary.BigEndian.Uint16(r.buf[:lenSize])
- if len == 0 {
- return 0, nil
- }
-
- // get payload
- _, err = io.ReadFull(r.Reader, r.buf[:len])
- if err != nil {
- return 0, err
- }
-
- m := copy(b, r.buf[:len])
- if m < int(len) {
- r.leftover = r.buf[m:len]
- }
-
+ r.leftBytes -= m
return m, err
}
diff --git a/proxy/ws/client.go b/proxy/ws/client.go
index d5cd5e9..44ae373 100644
--- a/proxy/ws/client.go
+++ b/proxy/ws/client.go
@@ -2,15 +2,19 @@ package ws
import (
"bufio"
+ "bytes"
+ "crypto/rand"
+ "crypto/sha1"
+ "encoding/base64"
"errors"
"io"
"net"
"net/textproto"
"strings"
-
- "github.com/nadoo/glider/common/log"
)
+var keyGUID = []byte("258EAFA5-E914-47DA-95CA-C5AB0DC85B11")
+
// Client ws client
type Client struct {
host string
@@ -41,31 +45,38 @@ func (c *Client) NewConn(rc net.Conn, target string) (*Conn, error) {
// Handshake handshakes with the server using HTTP to request a protocol upgrade
func (c *Conn) Handshake(host, path string) error {
- c.Conn.Write([]byte("GET " + path + " HTTP/1.1\r\n"))
- // c.Conn.Write([]byte("Host: 127.0.0.1\r\n"))
- c.Conn.Write([]byte("Host: " + host + "\r\n"))
- c.Conn.Write([]byte("Upgrade: websocket\r\n"))
- c.Conn.Write([]byte("Connection: Upgrade\r\n"))
- c.Conn.Write([]byte("Origin: http://" + host + "\r\n"))
- c.Conn.Write([]byte("Sec-WebSocket-Key: w4v7O6xFTi36lq3RNcgctw==\r\n"))
- c.Conn.Write([]byte("Sec-WebSocket-Protocol: binary\r\n"))
- c.Conn.Write([]byte("Sec-WebSocket-Version: 13\r\n"))
- c.Conn.Write([]byte("\r\n"))
+ clientKey := generateClientKey()
+
+ var buf bytes.Buffer
+ buf.Write([]byte("GET " + path + " HTTP/1.1\r\n"))
+ buf.Write([]byte("Host: " + host + "\r\n"))
+ buf.Write([]byte("Upgrade: websocket\r\n"))
+ buf.Write([]byte("Connection: Upgrade\r\n"))
+ buf.Write([]byte("Origin: http://" + host + "\r\n"))
+ buf.Write([]byte("Sec-WebSocket-Key: " + clientKey + "\r\n"))
+ buf.Write([]byte("Sec-WebSocket-Protocol: binary\r\n"))
+ buf.Write([]byte("Sec-WebSocket-Version: 13\r\n"))
+ buf.Write([]byte("\r\n"))
+
+ if _, err := c.Conn.Write(buf.Bytes()); err != nil {
+ return err
+ }
tpr := textproto.NewReader(bufio.NewReader(c.Conn))
_, code, _, ok := parseFirstLine(tpr)
if !ok || code != "101" {
- return errors.New("error in ws handshake")
+ return errors.New("[ws] error in ws handshake parseFirstLine")
}
- // respHeader, err := tpr.ReadMIMEHeader()
- // if err != nil {
- // return err
- // }
+ respHeader, err := tpr.ReadMIMEHeader()
+ if err != nil {
+ return err
+ }
- // // TODO: verify this
- // respHeader.Get("Sec-WebSocket-Accept")
- // fmt.Printf("respHeader: %+v\n", respHeader)
+ serverKey := respHeader.Get("Sec-WebSocket-Accept")
+ if serverKey != computeServerKey(clientKey) {
+ return errors.New("[ws] error in ws handshake, got wrong Sec-Websocket-Key")
+ }
return nil
}
@@ -92,7 +103,7 @@ func parseFirstLine(tp *textproto.Reader) (r1, r2, r3 string, ok bool) {
line, err := tp.ReadLine()
// log.F("first line: %s", line)
if err != nil {
- log.F("[http] read first line error:%s", err)
+ // log.F("[ws] read first line error:%s", err)
return
}
@@ -104,3 +115,16 @@ func parseFirstLine(tp *textproto.Reader) (r1, r2, r3 string, ok bool) {
s2 += s1 + 1
return line[:s1], line[s1+1 : s2], line[s2+1:], true
}
+
+func generateClientKey() string {
+ p := make([]byte, 16)
+ rand.Read(p)
+ return base64.StdEncoding.EncodeToString(p)
+}
+
+func computeServerKey(clientKey string) string {
+ h := sha1.New()
+ h.Write([]byte(clientKey))
+ h.Write(keyGUID)
+ return base64.StdEncoding.EncodeToString(h.Sum(nil))
+}
diff --git a/proxy/ws/frame.go b/proxy/ws/frame.go
index 4df6c4d..3d5b675 100644
--- a/proxy/ws/frame.go
+++ b/proxy/ws/frame.go
@@ -137,7 +137,7 @@ type frameReader struct {
func FrameReader(r io.Reader) io.Reader {
return &frameReader{
Reader: r,
- buf: make([]byte, defaultFrameSize),
+ buf: make([]byte, maxFrameHeaderSize), // NOTE: buf only used to save header bytes now
}
}
@@ -155,36 +155,30 @@ func (r *frameReader) Read(b []byte) (int, error) {
r.leftBytes = int64(r.buf[1] & 0x7f)
switch r.leftBytes {
case 126:
- io.ReadFull(r.Reader, r.buf[:2])
+ _, err := io.ReadFull(r.Reader, r.buf[:2])
+ if err != nil {
+ return 0, err
+ }
r.leftBytes = int64(binary.BigEndian.Uint16(r.buf[0:]))
case 127:
- io.ReadFull(r.Reader, r.buf[:8])
+ _, err := io.ReadFull(r.Reader, r.buf[:8])
+ if err != nil {
+ return 0, err
+ }
r.leftBytes = int64(binary.BigEndian.Uint64(r.buf[0:]))
}
}
- var n, m int
- var err error
- if r.leftBytes > int64(len(r.buf)) {
- if len(b) < len(r.buf) {
- n, err = r.Reader.Read(r.buf[:len(b)])
- } else {
- n, err = r.Reader.Read(r.buf)
- }
- } else {
- if int64(len(b)) < r.leftBytes {
- n, err = io.ReadFull(r.Reader, r.buf[:len(b)])
- } else {
- n, err = io.ReadFull(r.Reader, r.buf[:r.leftBytes])
- }
+ readLen := int64(len(b))
+ if readLen > r.leftBytes {
+ readLen = r.leftBytes
}
+ m, err := r.Reader.Read(b[:readLen])
if err != nil {
return 0, err
}
- m = copy(b, r.buf[:n])
r.leftBytes -= int64(m)
-
return m, err
}
From 49021f167c18f69bf4a079f5709de013a8441971 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 24 Jul 2018 00:54:38 +0800
Subject: [PATCH 214/341] doc: update help msg for ws
---
README.md | 4 +++-
conf.go | 2 ++
dev.go | 2 --
main.go | 1 +
4 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index a779c05..1a375ab 100644
--- a/README.md
+++ b/README.md
@@ -125,6 +125,8 @@ Available Schemes:
http: http proxy
ssr: ssr proxy
vmess: vmess proxy
+ tls: tls transport
+ ws: websocket transport
redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)
tcptun: tcp tunnel
udptun: udp tunnel
@@ -164,7 +166,7 @@ Websocket scheme:
ws://host:port[/path]
Websocket with a specified proxy protocol:
- ws://host:port[/path],proxy://scheme
+ ws://host:port[/path],scheme://
ws://host:port[/path],http://[user:pass@]
ws://host:port[/path],socks5://[user:pass@]
ws://host:port[/path],vmess://[security:]uuid@?alterID=num
diff --git a/conf.go b/conf.go
index ba5b57c..a088936 100644
--- a/conf.go
+++ b/conf.go
@@ -162,6 +162,8 @@ func usage() {
fmt.Fprintf(os.Stderr, " http: http proxy\n")
fmt.Fprintf(os.Stderr, " ssr: ssr proxy\n")
fmt.Fprintf(os.Stderr, " vmess: vmess proxy\n")
+ fmt.Fprintf(os.Stderr, " tls: tls transport\n")
+ fmt.Fprintf(os.Stderr, " ws: websocket transport\n")
fmt.Fprintf(os.Stderr, " redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)\n")
fmt.Fprintf(os.Stderr, " tcptun: tcp tunnel\n")
fmt.Fprintf(os.Stderr, " udptun: udp tunnel\n")
diff --git a/dev.go b/dev.go
index 7a43b10..538890a 100644
--- a/dev.go
+++ b/dev.go
@@ -6,8 +6,6 @@ import (
"fmt"
"net/http"
_ "net/http/pprof"
-
- _ "github.com/nadoo/glider/proxy/ws"
)
func init() {
diff --git a/main.go b/main.go
index 83846a4..aff4303 100644
--- a/main.go
+++ b/main.go
@@ -22,6 +22,7 @@ import (
_ "github.com/nadoo/glider/proxy/udptun"
_ "github.com/nadoo/glider/proxy/uottun"
_ "github.com/nadoo/glider/proxy/vmess"
+ _ "github.com/nadoo/glider/proxy/ws"
)
// VERSION .
From 21923af1cd2f9f225ea8b0c0b002e64e0d2f9785 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 25 Jul 2018 08:23:58 +0800
Subject: [PATCH 215/341] doc: update some descriptions
---
README.md | 6 +++---
config/glider.conf.example | 23 +++++++++++++----------
proxy/vmess/chunk.go | 2 +-
proxy/ws/client.go | 2 +-
proxy/ws/frame.go | 3 ---
5 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/README.md b/README.md
index 1a375ab..00a739b 100644
--- a/README.md
+++ b/README.md
@@ -156,7 +156,7 @@ Available securities for vmess:
TLS scheme:
tls://host:port[?skipVerify=true]
-TLS with a specified proxy protocol:
+TLS with a specified proxy protocol(proxy over tls):
tls://host:port[?skipVerify=true],scheme://
tls://host:port[?skipVerify=true],http://[user:pass@]
tls://host:port[?skipVerify=true],socks5://[user:pass@]
@@ -165,13 +165,13 @@ TLS with a specified proxy protocol:
Websocket scheme:
ws://host:port[/path]
-Websocket with a specified proxy protocol:
+Websocket with a specified proxy protocol(proxy over websocket):
ws://host:port[/path],scheme://
ws://host:port[/path],http://[user:pass@]
ws://host:port[/path],socks5://[user:pass@]
ws://host:port[/path],vmess://[security:]uuid@?alterID=num
-TLS and Websocket with a specified proxy protocol:
+TLS and Websocket with a specified proxy protocol(proxy over websocket over tls):
tls://host:port[?skipVerify=true],ws://[@/path],scheme://
tls://host:port[?skipVerify=true],ws://[@/path],http://[user:pass@]
tls://host:port[?skipVerify=true],ws://[@/path],socks5://[user:pass@]
diff --git a/config/glider.conf.example b/config/glider.conf.example
index b4fc2d7..46a52d6 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -66,7 +66,7 @@ listen=socks5://:1080
# Forwarders, we can setup multiple forwarders.
# Socks5 proxy as forwarder
-#forward=socks5://192.168.1.10:1080
+# forward=socks5://192.168.1.10:1080
# SS proxy as forwarder
# forward=ss://method:pass@1.1.1.1:8443
@@ -77,18 +77,21 @@ listen=socks5://:1080
# http proxy as forwarder
# forward=http://1.1.1.1:8080
-# vmess proxy as forwarder
-# forward=vmess://security:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@1.1.1.1:443?alterID=2
+# vmess with none security
+# forward=vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@1.1.1.1:443?alterID=2
-# vmess proxy with tls as forwarder
-# forward=tls://1.1.1.1:443,vmess://security:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
+# vmess with aes-128-gcm security
+# forward=vmess://aes-128-gcm:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@1.1.1.1:443?alterID=2
-# vmess proxy with ws as forwarder
-# forward=ws://1.1.1.1:80,vmess://security:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
+# vmess over tls
+# forward=tls://1.1.1.1:443,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
-# vmess proxy with ws and tls as forwarder
-# forward=tls://1.1.1.1:443,ws://,vmess://security:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
-# forward=tls://1.1.1.1:443,ws://@path,vmess://security:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
+# vmess over websocket
+# forward=ws://1.1.1.1:80/path,vmess://chacha20-poly1305:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
+
+# vmess over ws over tls
+# forward=tls://1.1.1.1:443,ws://,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
+# forward=tls://1.1.1.1:443,ws://@/path,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
# FORWARDER CHAIN
# ---------------
diff --git a/proxy/vmess/chunk.go b/proxy/vmess/chunk.go
index 89b71bc..6acd145 100644
--- a/proxy/vmess/chunk.go
+++ b/proxy/vmess/chunk.go
@@ -81,9 +81,9 @@ func (r *chunkedReader) Read(b []byte) (int, error) {
if err != nil {
return 0, err
}
+ r.leftBytes = int(binary.BigEndian.Uint16(r.buf[:lenSize]))
// if length == 0, then this is the end
- r.leftBytes = int(binary.BigEndian.Uint16(r.buf[:lenSize]))
if r.leftBytes == 0 {
return 0, nil
}
diff --git a/proxy/ws/client.go b/proxy/ws/client.go
index 44ae373..0c7ccdd 100644
--- a/proxy/ws/client.go
+++ b/proxy/ws/client.go
@@ -98,7 +98,7 @@ func (c *Conn) Read(b []byte) (n int, err error) {
}
// parseFirstLine parses "GET /foo HTTP/1.1" OR "HTTP/1.1 200 OK" into its three parts.
-// TODO: move to seperate http lib package for reuse(also for http proxy module)
+// TODO: move to separate http lib package for reuse(also for http proxy module)
func parseFirstLine(tp *textproto.Reader) (r1, r2, r3 string, ok bool) {
line, err := tp.ReadLine()
// log.F("first line: %s", line)
diff --git a/proxy/ws/frame.go b/proxy/ws/frame.go
index 3d5b675..a70779f 100644
--- a/proxy/ws/frame.go
+++ b/proxy/ws/frame.go
@@ -33,13 +33,10 @@ const (
defaultFrameSize = 4096
maxFrameHeaderSize = 2 + 8 + 4 // Fixed header + length + mask
maskKeyLen = 4
-)
-const (
finalBit byte = 1 << 7
maskBit byte = 1 << 7
opCodeBinary byte = 2
- opClose byte = 8
)
type frameWriter struct {
From 3939c014679353519eee3768c5c4d7a2ef230ce8 Mon Sep 17 00:00:00 2001
From: Soff
Date: Thu, 26 Jul 2018 14:01:34 +0800
Subject: [PATCH 216/341] Absolute path support for rules-dir config
---
conf.go | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/conf.go b/conf.go
index a088936..df2e847 100644
--- a/conf.go
+++ b/conf.go
@@ -71,7 +71,9 @@ func confInit() {
}
if conf.RulesDir != "" {
- conf.RulesDir = path.Join(flag.ConfDir(), conf.RulesDir)
+ if !path.IsAbs(conf.RulesDir) {
+ conf.RulesDir = path.Join(flag.ConfDir(), conf.RulesDir)
+ }
ruleFolderFiles, _ := listDir(conf.RulesDir, ".rule")
for _, ruleFile := range ruleFolderFiles {
From 490b992c91b0490d9f63b65a00374223ae18a8f4 Mon Sep 17 00:00:00 2001
From: Soff
Date: Thu, 26 Jul 2018 22:46:48 +0800
Subject: [PATCH 217/341] Update office.list
---
.../9.transparent_proxy_without_dnsmasq/rules.d/office.list | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.list b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.list
index cf20b6d..7a53ca3 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.list
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.list
@@ -3,5 +3,5 @@ domain=mycompany.com
domain=mycompany1.com
ip=4.4.4.4
ip=5.5.5.5
-cidr=cidr=172.16.101.0/24
-cidr=cidr=172.16.102.0/24
\ No newline at end of file
+cidr=172.16.101.0/24
+cidr=172.16.102.0/24
From 1acbf1448d2a83ed930c266ea8db0f77ac96dab8 Mon Sep 17 00:00:00 2001
From: Soff
Date: Thu, 26 Jul 2018 22:47:27 +0800
Subject: [PATCH 218/341] Update README.md
---
config/examples/9.transparent_proxy_without_dnsmasq/README.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/README.md b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
index 659bc88..b00309f 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/README.md
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
@@ -66,8 +66,8 @@ domain=mycompany.com
domain=mycompany1.com
ip=4.4.4.4
ip=5.5.5.5
-cidr=cidr=172.16.101.0/24
-cidr=cidr=172.16.102.0/24
+cidr=172.16.101.0/24
+cidr=172.16.102.0/24
```
#### Configure iptables on your linux gateway
From d5e3ea539ac992e31ccd1fdee051e27105598ded Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 29 Jul 2018 23:44:23 +0800
Subject: [PATCH 219/341] dns: rewrite codes
---
conf.go | 6 +-
dns/client.go | 140 ++++++++++++++
dns/dns.go | 474 ------------------------------------------------
dns/message.go | 425 +++++++++++++++++++++++++++++++++++++++++++
dns/server.go | 72 ++++++++
main.go | 8 +-
proxy/direct.go | 1 -
7 files changed, 644 insertions(+), 482 deletions(-)
create mode 100644 dns/client.go
delete mode 100644 dns/dns.go
create mode 100644 dns/message.go
create mode 100644 dns/server.go
diff --git a/conf.go b/conf.go
index df2e847..da15edf 100644
--- a/conf.go
+++ b/conf.go
@@ -71,9 +71,9 @@ func confInit() {
}
if conf.RulesDir != "" {
- if !path.IsAbs(conf.RulesDir) {
- conf.RulesDir = path.Join(flag.ConfDir(), conf.RulesDir)
- }
+ if !path.IsAbs(conf.RulesDir) {
+ conf.RulesDir = path.Join(flag.ConfDir(), conf.RulesDir)
+ }
ruleFolderFiles, _ := listDir(conf.RulesDir, ".rule")
for _, ruleFile := range ruleFolderFiles {
diff --git a/dns/client.go b/dns/client.go
new file mode 100644
index 0000000..1f7d201
--- /dev/null
+++ b/dns/client.go
@@ -0,0 +1,140 @@
+package dns
+
+import (
+ "encoding/binary"
+ "io"
+ "strings"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+// HandleFunc function handles the dns TypeA or TypeAAAA answer
+type HandleFunc func(Domain, ip string) error
+
+// Client is a dns client struct
+type Client struct {
+ dialer proxy.Dialer
+ UPServers []string
+ UPServerMap map[string][]string
+ Handlers []HandleFunc
+
+ tcp bool
+}
+
+// NewClient returns a new dns client
+func NewClient(dialer proxy.Dialer, upServers ...string) (*Client, error) {
+ c := &Client{
+ dialer: dialer,
+ UPServers: upServers,
+ UPServerMap: make(map[string][]string),
+ }
+
+ return c, nil
+}
+
+// Exchange handles request msg and returns response msg
+// reqBytes = reqLen + reqMsg
+func (c *Client) Exchange(reqBytes []byte, clientAddr string) (respBytes []byte, err error) {
+ reqMsg := reqBytes[2:]
+
+ reqM := NewMessage()
+ err = UnmarshalMessage(reqMsg, reqM)
+ if err != nil {
+ return
+ }
+
+ if reqM.Question.QTYPE == QTypeA || reqM.Question.QTYPE == QTypeAAAA {
+ // TODO: if query.QNAME in cache
+ // get respMsg from cache
+ // set msg id
+ // return respMsg, nil
+ }
+
+ dnsServer := c.GetServer(reqM.Question.QNAME)
+ rc, err := c.dialer.NextDialer(reqM.Question.QNAME+":53").Dial("tcp", dnsServer)
+ if err != nil {
+ log.F("[dns] failed to connect to server %v: %v", dnsServer, err)
+ return
+ }
+ defer rc.Close()
+
+ if err = binary.Write(rc, binary.BigEndian, reqBytes); err != nil {
+ log.F("[dns] failed to write req message: %v", err)
+ return
+ }
+
+ var respLen uint16
+ if err = binary.Read(rc, binary.BigEndian, &respLen); err != nil {
+ log.F("[dns] failed to read response length: %v", err)
+ return
+ }
+
+ respBytes = make([]byte, respLen+2)
+ binary.BigEndian.PutUint16(respBytes[:2], respLen)
+
+ respMsg := respBytes[2:]
+ _, err = io.ReadFull(rc, respMsg)
+ if err != nil {
+ log.F("[dns] error in read respMsg %s\n", err)
+ return
+ }
+
+ if reqM.Question.QTYPE != QTypeA && reqM.Question.QTYPE != QTypeAAAA {
+ return
+ }
+
+ respM := NewMessage()
+ err = UnmarshalMessage(respMsg, respM)
+ if err != nil {
+ return
+ }
+
+ ip := ""
+ for _, answer := range respM.Answers {
+ if answer.TYPE == QTypeA {
+ for _, h := range c.Handlers {
+ h(reqM.Question.QNAME, answer.IP)
+ }
+
+ if answer.IP != "" {
+ ip += answer.IP + ","
+ }
+ }
+
+ log.F("rr: %+v", answer)
+ }
+
+ // add to cache
+
+ log.F("[dns] %s <-> %s, type: %d, %s: %s",
+ clientAddr, dnsServer, reqM.Question.QTYPE, reqM.Question.QNAME, ip)
+
+ return
+}
+
+// SetServer .
+func (c *Client) SetServer(domain string, servers ...string) {
+ c.UPServerMap[domain] = append(c.UPServerMap[domain], servers...)
+}
+
+// GetServer .
+func (c *Client) GetServer(domain string) string {
+ domainParts := strings.Split(domain, ".")
+ length := len(domainParts)
+ for i := length - 2; i >= 0; i-- {
+ domain := strings.Join(domainParts[i:length], ".")
+
+ if servers, ok := c.UPServerMap[domain]; ok {
+ return servers[0]
+ }
+ }
+
+ // TODO:
+ return c.UPServers[0]
+}
+
+// AddHandler .
+func (c *Client) AddHandler(h HandleFunc) {
+ c.Handlers = append(c.Handlers, h)
+}
diff --git a/dns/dns.go b/dns/dns.go
deleted file mode 100644
index d6b1682..0000000
--- a/dns/dns.go
+++ /dev/null
@@ -1,474 +0,0 @@
-// https://tools.ietf.org/html/rfc1035
-
-package dns
-
-import (
- "encoding/binary"
- "errors"
- "io"
- "net"
- "strings"
-
- "github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/proxy"
-)
-
-// HeaderLen is the length of dns msg header
-const HeaderLen = 12
-
-// UDPMaxLen is the max size of udp dns request.
-// https://tools.ietf.org/html/rfc1035#section-4.2.1
-// Messages carried by UDP are restricted to 512 bytes (not counting the IP
-// or UDP headers). Longer messages are truncated and the TC bit is set in
-// the header.
-// TODO: If the request length > 512 then the client will send TCP packets instead,
-// so we should also serve tcp requests.
-const UDPMaxLen = 512
-
-// QType .
-const (
- QTypeA = 1 //ipv4
- QTypeAAAA = 28 ///ipv6
-)
-
-// Msg format
-// https://tools.ietf.org/html/rfc1035#section-4.1
-// All communications inside of the domain protocol are carried in a single
-// format called a message. The top level format of message is divided
-// into 5 sections (some of which are empty in certain cases) shown below:
-//
-// +---------------------+
-// | Header |
-// +---------------------+
-// | Question | the question for the name server
-// +---------------------+
-// | Answer | RRs answering the question
-// +---------------------+
-// | Authority | RRs pointing toward an authority
-// +---------------------+
-// | Additional | RRs holding additional information
-// type Msg struct {
-// Header
-// Questions []Question
-// Answers []RR
-// }
-
-// Header format
-// https://tools.ietf.org/html/rfc1035#section-4.1.1
-// The header contains the following fields:
-//
-// 1 1 1 1 1 1
-// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-// | ID |
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-// |QR| Opcode |AA|TC|RD|RA| Z | RCODE |
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-// | QDCOUNT |
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-// | ANCOUNT |
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-// | NSCOUNT |
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-// | ARCOUNT |
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-//
-// type Header struct {
-// ID uint16
-// }
-
-// Question format
-// https://tools.ietf.org/html/rfc1035#section-4.1.2
-// The question section is used to carry the "question" in most queries,
-// i.e., the parameters that define what is being asked. The section
-// contains QDCOUNT (usually 1) entries, each of the following format:
-//
-// 1 1 1 1 1 1
-// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-// | |
-// / QNAME /
-// / /
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-// | QTYPE |
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-// | QCLASS |
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-type Question struct {
- QNAME string
- QTYPE uint16
- QCLASS uint16
-
- Offset int
-}
-
-// RR format
-// https://tools.ietf.org/html/rfc1035#section-3.2.1
-// https://tools.ietf.org/html/rfc1035#section-4.1.3
-// The answer, authority, and additional sections all share the same
-// format: a variable number of resource records, where the number of
-// records is specified in the corresponding count field in the header.
-// Each resource record has the following format:
-//
-// 1 1 1 1 1 1
-// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-// | |
-// / /
-// / NAME /
-// | |
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-// | TYPE |
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-// | CLASS |
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-// | TTL |
-// | |
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-// | RDLENGTH |
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
-// / RDATA /
-// / /
-// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-type RR struct {
- // NAME string
- TYPE uint16
- CLASS uint16
- TTL uint32
- RDLENGTH uint16
- RDATA []byte
-
- IP string
-}
-
-// AnswerHandler function handles the dns TypeA or TypeAAAA answer
-type AnswerHandler func(Domain, ip string) error
-
-// DNS .
-type DNS struct {
- dialer proxy.Dialer
- addr string
-
- Tunnel bool
-
- DNSServer string
-
- DNSServerMap map[string]string
- AnswerHandlers []AnswerHandler
-}
-
-// NewDNS returns a dns forwarder. client[dns.udp] -> glider[tcp] -> forwarder[dns.tcp] -> remote dns addr
-func NewDNS(addr, raddr string, dialer proxy.Dialer, tunnel bool) (*DNS, error) {
- s := &DNS{
- dialer: dialer,
- addr: addr,
-
- Tunnel: tunnel,
-
- DNSServer: raddr,
- DNSServerMap: make(map[string]string),
- }
-
- return s, nil
-}
-
-// ListenAndServe .
-func (s *DNS) ListenAndServe() {
- go s.ListenAndServeTCP()
- s.ListenAndServeUDP()
-}
-
-// ListenAndServeUDP .
-func (s *DNS) ListenAndServeUDP() {
- c, err := net.ListenPacket("udp", s.addr)
- if err != nil {
- log.F("[dns] failed to listen on %s, error: %v", s.addr, err)
- return
- }
- defer c.Close()
-
- log.F("[dns] listening UDP on %s", s.addr)
-
- for {
- b := make([]byte, UDPMaxLen)
- n, clientAddr, err := c.ReadFrom(b)
- if err != nil {
- log.F("[dns] local read error: %v", err)
- continue
- }
-
- reqLen := uint16(n)
- // TODO: check here
- if reqLen <= HeaderLen+2 {
- log.F("[dns] not enough data")
- continue
- }
-
- reqMsg := b[:n]
- go func() {
- _, respMsg, err := s.Exchange(reqLen, reqMsg, clientAddr.String())
- if err != nil {
- log.F("[dns] error in exchange: %s", err)
- return
- }
-
- _, err = c.WriteTo(respMsg, clientAddr)
- if err != nil {
- log.F("[dns] error in local write: %s", err)
- return
- }
-
- }()
- }
-}
-
-// ListenAndServeTCP .
-func (s *DNS) ListenAndServeTCP() {
- l, err := net.Listen("tcp", s.addr)
- if err != nil {
- log.F("[dns]-tcp error: %v", err)
- return
- }
-
- log.F("[dns]-tcp listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
- if err != nil {
- log.F("[dns]-tcp error: failed to accept: %v", err)
- continue
- }
- go s.ServeTCP(c)
- }
-}
-
-// ServeTCP .
-func (s *DNS) ServeTCP(c net.Conn) {
- defer c.Close()
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- var reqLen uint16
- if err := binary.Read(c, binary.BigEndian, &reqLen); err != nil {
- log.F("[dns]-tcp failed to get request length: %v", err)
- return
- }
-
- // TODO: check here
- if reqLen <= HeaderLen+2 {
- log.F("[dns]-tcp not enough data")
- return
- }
-
- reqMsg := make([]byte, reqLen)
- _, err := io.ReadFull(c, reqMsg)
- if err != nil {
- log.F("[dns]-tcp error in read reqMsg %s", err)
- return
- }
-
- respLen, respMsg, err := s.Exchange(reqLen, reqMsg, c.RemoteAddr().String())
- if err != nil {
- log.F("[dns]-tcp error in exchange: %s", err)
- return
- }
-
- if err := binary.Write(c, binary.BigEndian, respLen); err != nil {
- log.F("[dns]-tcp error in local write respLen: %s", err)
- return
- }
- if err := binary.Write(c, binary.BigEndian, respMsg); err != nil {
- log.F("[dns]-tcp error in local write respMsg: %s", err)
- return
- }
-}
-
-// Exchange handles request msg and returns response msg
-// TODO: multiple questions support, parse header to get the number of questions
-func (s *DNS) Exchange(reqLen uint16, reqMsg []byte, addr string) (respLen uint16, respMsg []byte, err error) {
- // fmt.Printf("\ndns req len %d:\n%s\n", reqLen, hex.Dump(reqMsg[:]))
- query, err := parseQuestion(reqMsg)
- if err != nil {
- log.F("[dns] error in parseQuestion reqMsg: %s", err)
- return
- }
-
- dnsServer := s.GetServer(query.QNAME)
-
- rc, err := s.dialer.NextDialer(query.QNAME+":53").Dial("tcp", dnsServer)
- if err != nil {
- log.F("[dns] failed to connect to server %v: %v", dnsServer, err)
- return
- }
- defer rc.Close()
-
- if err = binary.Write(rc, binary.BigEndian, reqLen); err != nil {
- log.F("[dns] failed to write req length: %v", err)
- return
- }
- if err = binary.Write(rc, binary.BigEndian, reqMsg); err != nil {
- log.F("[dns] failed to write req message: %v", err)
- return
- }
-
- if err = binary.Read(rc, binary.BigEndian, &respLen); err != nil {
- log.F("[dns] failed to read response length: %v", err)
- return
- }
-
- respMsg = make([]byte, respLen)
- _, err = io.ReadFull(rc, respMsg)
- if err != nil {
- log.F("[dns] error in read respMsg %s\n", err)
- return
- }
-
- // fmt.Printf("\ndns resp len %d:\n%s\n", respLen, hex.Dump(respMsg[:]))
-
- var ip string
- respReq, err := parseQuestion(respMsg)
- if err != nil {
- log.F("[dns] error in parseQuestion respMsg: %s", err)
- return
- }
-
- if (respReq.QTYPE == QTypeA || respReq.QTYPE == QTypeAAAA) &&
- len(respMsg) > respReq.Offset {
-
- var answers []*RR
- answers, err = parseAnswers(respMsg[respReq.Offset:])
- if err != nil {
- log.F("[dns] error in parseAnswers: %s", err)
- return
- }
-
- for _, answer := range answers {
- for _, h := range s.AnswerHandlers {
- h(respReq.QNAME, answer.IP)
- }
-
- if answer.IP != "" {
- ip += answer.IP + ","
- }
- }
-
- }
-
- log.F("[dns] %s <-> %s, type: %d, %s: %s", addr, dnsServer, query.QTYPE, query.QNAME, ip)
- return
-}
-
-// SetServer .
-func (s *DNS) SetServer(domain, server string) {
- s.DNSServerMap[domain] = server
-}
-
-// GetServer .
-func (s *DNS) GetServer(domain string) string {
- if !s.Tunnel {
- domainParts := strings.Split(domain, ".")
- length := len(domainParts)
- for i := length - 2; i >= 0; i-- {
- domain := strings.Join(domainParts[i:length], ".")
-
- if server, ok := s.DNSServerMap[domain]; ok {
- return server
- }
- }
- }
-
- return s.DNSServer
-}
-
-// AddAnswerHandler .
-func (s *DNS) AddAnswerHandler(h AnswerHandler) {
- s.AnswerHandlers = append(s.AnswerHandlers, h)
-}
-
-func parseQuestion(p []byte) (*Question, error) {
- q := &Question{}
- lenP := len(p)
-
- var i int
- var domain []byte
- for i = HeaderLen; i < lenP; {
- l := int(p[i])
-
- if l == 0 {
- i++
- break
- }
-
- if lenP <= i+l+1 {
- return nil, errors.New("not enough data for QNAME")
- }
-
- domain = append(domain, p[i+1:i+l+1]...)
- domain = append(domain, '.')
-
- i = i + l + 1
- }
-
- if len(domain) == 0 {
- return nil, errors.New("no QNAME")
- }
-
- q.QNAME = string(domain[:len(domain)-1])
-
- if lenP < i+4 {
- return nil, errors.New("not enough data")
- }
-
- q.QTYPE = binary.BigEndian.Uint16(p[i:])
- q.QCLASS = binary.BigEndian.Uint16(p[i+2:])
- q.Offset = i + 4
-
- return q, nil
-}
-
-func parseAnswers(p []byte) ([]*RR, error) {
- var answers []*RR
- lenP := len(p)
-
- for i := 0; i < lenP; {
-
- // https://tools.ietf.org/html/rfc1035#section-4.1.4
- // "Message compression",
- // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
- // | 1 1| OFFSET |
- // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
- if p[i]>>6 == 3 {
- i += 2
- } else {
- // TODO: none compressed query name and Additional records will be ignored
- break
- }
-
- if lenP <= i+10 {
- return nil, errors.New("not enough data")
- }
-
- answer := &RR{}
-
- answer.TYPE = binary.BigEndian.Uint16(p[i:])
- answer.CLASS = binary.BigEndian.Uint16(p[i+2:])
- answer.TTL = binary.BigEndian.Uint32(p[i+4:])
- answer.RDLENGTH = binary.BigEndian.Uint16(p[i+8:])
- answer.RDATA = p[i+10 : i+10+int(answer.RDLENGTH)]
-
- if answer.TYPE == QTypeA {
- answer.IP = net.IP(answer.RDATA[:net.IPv4len]).String()
- } else if answer.TYPE == QTypeAAAA {
- answer.IP = net.IP(answer.RDATA[:net.IPv6len]).String()
- }
-
- answers = append(answers, answer)
-
- i = i + 10 + int(answer.RDLENGTH)
- }
-
- return answers, nil
-}
diff --git a/dns/message.go b/dns/message.go
new file mode 100644
index 0000000..82566bc
--- /dev/null
+++ b/dns/message.go
@@ -0,0 +1,425 @@
+package dns
+
+import (
+ "bytes"
+ "encoding/binary"
+ "errors"
+ "fmt"
+ "math/rand"
+ "net"
+ "strings"
+)
+
+// UDPMaxLen is the max size of udp dns request.
+// https://tools.ietf.org/html/rfc1035#section-4.2.1
+// Messages carried by UDP are restricted to 512 bytes (not counting the IP
+// or UDP headers). Longer messages are truncated and the TC bit is set in
+// the header.
+const UDPMaxLen = 512
+
+// HeaderLen is the length of dns msg header
+const HeaderLen = 12
+
+// QR types
+const (
+ QRQuery = 0
+ QRResponse = 1
+)
+
+// QType .
+const (
+ QTypeA uint16 = 1 //ipv4
+ QTypeAAAA uint16 = 28 ///ipv6
+)
+
+// Message format
+// https://tools.ietf.org/html/rfc1035#section-4.1
+// All communications inside of the domain protocol are carried in a single
+// format called a message. The top level format of message is divided
+// into 5 sections (some of which are empty in certain cases) shown below:
+//
+// +---------------------+
+// | Header |
+// +---------------------+
+// | Question | the question for the name server
+// +---------------------+
+// | Answer | RRs answering the question
+// +---------------------+
+// | Authority | RRs pointing toward an authority
+// +---------------------+
+// | Additional | RRs holding additional information
+type Message struct {
+ // all dns messages should start with a 12 byte dns header
+ *Header
+ // most dns implementation only support 1 question
+ Question *Question
+ Answers []*RR
+ Authority []*RR
+ Additional []*RR
+
+ // used in UnmarshalMessage
+ unMarshaled []byte
+}
+
+// NewMessage returns a new message
+func NewMessage() *Message {
+ return &Message{
+ Header: &Header{},
+ }
+}
+
+// SetQuestion sets a question to dns message,
+func (m *Message) SetQuestion(q *Question) error {
+ m.Question = q
+ m.Header.SetQdcount(1)
+ return nil
+}
+
+// AddAnswer adds an answer to dns message
+func (m *Message) AddAnswer(rr *RR) error {
+ m.Answers = append(m.Answers, rr)
+ return nil
+}
+
+// Marshal marshals message struct to []byte
+func (m *Message) Marshal() ([]byte, error) {
+ var buf bytes.Buffer
+
+ m.Header.SetQdcount(1)
+ m.Header.SetAncount(len(m.Answers))
+
+ b, err := m.Header.Marshal()
+ if err != nil {
+ return nil, err
+ }
+ buf.Write(b)
+
+ b, err = m.Question.Marshal()
+ if err != nil {
+ return nil, err
+ }
+ buf.Write(b)
+
+ // for _, answer := range m.Answers {
+ // b, err := answer.Marshal()
+ // if err != nil {
+ // return nil, err
+ // }
+ // buf.Write(b)
+ // }
+
+ return buf.Bytes(), nil
+}
+
+// UnmarshalMessage unmarshals []bytes to Message
+func UnmarshalMessage(b []byte, msg *Message) error {
+ msg.unMarshaled = b
+
+ err := UnmarshalHeader(b[:HeaderLen], msg.Header)
+ if err != nil {
+ return err
+ }
+
+ q := &Question{}
+ qLen, err := msg.UnmarshalQuestion(b[HeaderLen:], q)
+ if err != nil {
+ return err
+ }
+
+ msg.SetQuestion(q)
+
+ // resp answers
+ rrLen := 0
+ for i := 0; i < int(msg.Header.ANCOUNT); i++ {
+ rr := &RR{}
+ rrLen, err = msg.UnmarshalRR(HeaderLen+qLen+rrLen, rr)
+ if err != nil {
+ return err
+ }
+ msg.AddAnswer(rr)
+ rrLen += rrLen
+ }
+
+ msg.Header.SetAncount(len(msg.Answers))
+
+ return nil
+}
+
+// Header format
+// https://tools.ietf.org/html/rfc1035#section-4.1.1
+// The header contains the following fields:
+//
+// 1 1 1 1 1 1
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | ID |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// |QR| Opcode |AA|TC|RD|RA| Z | RCODE |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | QDCOUNT |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | ANCOUNT |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | NSCOUNT |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | ARCOUNT |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+//
+type Header struct {
+ ID uint16
+ Bits uint16
+ QDCOUNT uint16
+ ANCOUNT uint16
+ NSCOUNT uint16
+ ARCOUNT uint16
+}
+
+// NewHeader returns a new dns header
+func NewHeader(id uint16, qr int) *Header {
+ if id == 0 {
+ id = uint16(rand.Uint32())
+ }
+
+ h := &Header{ID: id}
+ h.SetQR(qr)
+ return h
+}
+
+// SetQR .
+func (h *Header) SetQR(qr int) {
+ h.Bits |= uint16(qr) << 15
+}
+
+// SetQdcount sets query count, most dns servers only support 1 query per request
+func (h *Header) SetQdcount(qdcount int) {
+ h.QDCOUNT = uint16(qdcount)
+}
+
+// SetAncount sets answers count
+func (h *Header) SetAncount(ancount int) {
+ h.ANCOUNT = uint16(ancount)
+}
+
+func (h *Header) setFlag(QR uint16, Opcode uint16, AA uint16,
+ TC uint16, RD uint16, RA uint16, RCODE uint16) {
+ h.Bits = QR<<15 + Opcode<<11 + AA<<10 + TC<<9 + RD<<8 + RA<<7 + RCODE
+}
+
+// Marshal marshals header struct to []byte
+func (h *Header) Marshal() ([]byte, error) {
+ var buf bytes.Buffer
+ err := binary.Write(&buf, binary.BigEndian, h)
+ return buf.Bytes(), err
+}
+
+// UnmarshalHeader unmarshals []bytes to Header
+func UnmarshalHeader(b []byte, h *Header) error {
+ if h == nil {
+ return errors.New("unmarshal header must not be nil")
+ }
+
+ if len(b) != HeaderLen {
+ return errors.New("unmarshal header bytes has an unexpected size")
+ }
+
+ h.ID = binary.BigEndian.Uint16(b[:2])
+ h.Bits = binary.BigEndian.Uint16(b[2:4])
+ h.QDCOUNT = binary.BigEndian.Uint16(b[4:6])
+ h.ANCOUNT = binary.BigEndian.Uint16(b[6:8])
+ h.NSCOUNT = binary.BigEndian.Uint16(b[8:10])
+ h.ARCOUNT = binary.BigEndian.Uint16(b[10:])
+
+ return nil
+}
+
+// Question format
+// https://tools.ietf.org/html/rfc1035#section-4.1.2
+// The question section is used to carry the "question" in most queries,
+// i.e., the parameters that define what is being asked. The section
+// contains QDCOUNT (usually 1) entries, each of the following format:
+//
+// 1 1 1 1 1 1
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | |
+// / QNAME /
+// / /
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | QTYPE |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | QCLASS |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+type Question struct {
+ QNAME string
+ QTYPE uint16
+ QCLASS uint16
+}
+
+// NewQuestion returns a new dns question
+func NewQuestion(qtype uint16, domain string) *Question {
+ return &Question{
+ QNAME: domain,
+ QTYPE: qtype,
+ QCLASS: 1,
+ }
+}
+
+// Marshal marshals Question struct to []byte
+func (q *Question) Marshal() ([]byte, error) {
+ var buf bytes.Buffer
+
+ buf.Write(MarshalDomain(q.QNAME))
+ binary.Write(&buf, binary.BigEndian, q.QTYPE)
+ binary.Write(&buf, binary.BigEndian, q.QCLASS)
+
+ return buf.Bytes(), nil
+}
+
+// UnmarshalQuestion unmarshals []bytes to Question
+func (m *Message) UnmarshalQuestion(b []byte, q *Question) (n int, err error) {
+ if q == nil {
+ return 0, errors.New("unmarshal question must not be nil")
+ }
+
+ domain, idx := m.GetDomain(b)
+ q.QNAME = domain
+ q.QTYPE = binary.BigEndian.Uint16(b[idx : idx+2])
+ q.QCLASS = binary.BigEndian.Uint16(b[idx+2 : idx+4])
+
+ return idx + 3 + 1, nil
+}
+
+// RR format
+// https://tools.ietf.org/html/rfc1035#section-3.2.1
+// https://tools.ietf.org/html/rfc1035#section-4.1.3
+// The answer, authority, and additional sections all share the same
+// format: a variable number of resource records, where the number of
+// records is specified in the corresponding count field in the header.
+// Each resource record has the following format:
+//
+// 1 1 1 1 1 1
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | |
+// / /
+// / NAME /
+// | |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | TYPE |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | CLASS |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | TTL |
+// | |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+// | RDLENGTH |
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
+// / RDATA /
+// / /
+// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+type RR struct {
+ NAME string
+ TYPE uint16
+ CLASS uint16
+ TTL uint32
+ RDLENGTH uint16
+ RDATA []byte
+
+ IP string
+}
+
+// NewRR returns a new dns rr
+func NewRR() *RR {
+ rr := &RR{}
+ return rr
+}
+
+// UnmarshalRR unmarshals []bytes to RR
+func (m *Message) UnmarshalRR(start int, rr *RR) (n int, err error) {
+ if rr == nil {
+ return 0, errors.New("unmarshal question must not be nil")
+ }
+
+ // https://tools.ietf.org/html/rfc1035#section-4.1.4
+ // "Message compression",
+ // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ // | 1 1| OFFSET |
+ // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ p := m.unMarshaled[start:]
+ if p[0]>>6 == 3 {
+ offset := binary.BigEndian.Uint16(p[:2])
+ rr.NAME = m.GetDomainByPoint(int(offset) & 0x3F)
+ n += 2
+ } else {
+ // TODO: none compressed query name and Additional records will be ignored
+ return 0, nil
+ }
+ // domain, n := m.GetDomain(p)
+ // rr.NAME = domain
+
+ if len(p) <= n+10 {
+ return 0, errors.New("not enough data")
+ }
+
+ rr.TYPE = binary.BigEndian.Uint16(p[n:])
+ rr.CLASS = binary.BigEndian.Uint16(p[n+2:])
+ rr.TTL = binary.BigEndian.Uint32(p[n+4:])
+ rr.RDLENGTH = binary.BigEndian.Uint16(p[n+8:])
+ rr.RDATA = p[n+10 : n+10+int(rr.RDLENGTH)]
+
+ if rr.TYPE == QTypeA {
+ rr.IP = net.IP(rr.RDATA[:net.IPv4len]).String()
+ } else if rr.TYPE == QTypeAAAA {
+ rr.IP = net.IP(rr.RDATA[:net.IPv6len]).String()
+ }
+
+ n = n + 10 + int(rr.RDLENGTH)
+
+ return n, nil
+}
+
+// MarshalDomain marshals domain string struct to []byte
+func MarshalDomain(domain string) []byte {
+ var buf bytes.Buffer
+
+ for _, seg := range strings.Split(domain, ".") {
+ binary.Write(&buf, binary.BigEndian, byte(len(seg)))
+ binary.Write(&buf, binary.BigEndian, []byte(seg))
+ }
+ binary.Write(&buf, binary.BigEndian, byte(0x00))
+
+ return buf.Bytes()
+}
+
+// GetDomain gets domain from bytes
+func (m *Message) GetDomain(b []byte) (string, int) {
+ var idx, size int
+ var labels = []string{}
+
+ for {
+ if b[idx]&0xC0 == 0xC0 {
+ fmt.Println("aaaaaaaaaaaaaa")
+ offset := binary.BigEndian.Uint16(b[idx : idx+2])
+ lable := m.GetDomainByPoint(int(offset) & 0x3F)
+ labels = append(labels, lable)
+ idx += 2
+ break
+ } else {
+ size = int(b[idx])
+ if size == 0 {
+ idx++
+ break
+ }
+ labels = append(labels, string(b[idx+1:idx+size+1]))
+ idx += (size + 1)
+ }
+ }
+
+ return strings.Join(labels, "."), idx
+}
+
+// GetDomainByPoint gets domain from
+func (m *Message) GetDomainByPoint(offset int) string {
+ domain, _ := m.GetDomain(m.unMarshaled[offset:])
+ return domain
+}
diff --git a/dns/server.go b/dns/server.go
new file mode 100644
index 0000000..4f824bf
--- /dev/null
+++ b/dns/server.go
@@ -0,0 +1,72 @@
+package dns
+
+import (
+ "encoding/binary"
+ "net"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+// Server is a dns server struct
+type Server struct {
+ addr string
+ // Client is used to communicate with upstream dns servers
+ *Client
+}
+
+// NewServer returns a new dns server
+func NewServer(addr string, dialer proxy.Dialer, upServers ...string) (*Server, error) {
+ c, err := NewClient(dialer, upServers...)
+ s := &Server{
+ addr: addr,
+ Client: c,
+ }
+
+ return s, err
+}
+
+// ListenAndServe .
+func (s *Server) ListenAndServe() {
+ c, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ log.F("[dns] failed to listen on %s, error: %v", s.addr, err)
+ return
+ }
+ defer c.Close()
+
+ log.F("[dns] listening UDP on %s", s.addr)
+
+ for {
+ reqBytes := make([]byte, 2+UDPMaxLen)
+ n, caddr, err := c.ReadFrom(reqBytes[2:])
+ if err != nil {
+ log.F("[dns] local read error: %v", err)
+ continue
+ }
+
+ reqLen := uint16(n)
+ if reqLen <= HeaderLen+2 {
+ log.F("[dns] not enough message data")
+ continue
+ }
+
+ binary.BigEndian.PutUint16(reqBytes[:2], reqLen)
+
+ go func() {
+ respBytes, err := s.Client.Exchange(reqBytes[:2+n], caddr.String())
+ if err != nil {
+ log.F("[dns] error in exchange: %s", err)
+ return
+ }
+
+ _, err = c.WriteTo(respBytes[2:], caddr)
+ if err != nil {
+ log.F("[dns] error in local write: %s", err)
+ return
+ }
+
+ }()
+ }
+
+}
diff --git a/main.go b/main.go
index aff4303..36bb28f 100644
--- a/main.go
+++ b/main.go
@@ -11,7 +11,7 @@ import (
"github.com/nadoo/glider/dns"
"github.com/nadoo/glider/proxy"
- _ "github.com/nadoo/glider/proxy/dnstun"
+ // _ "github.com/nadoo/glider/proxy/dnstun"
_ "github.com/nadoo/glider/proxy/http"
_ "github.com/nadoo/glider/proxy/mixed"
_ "github.com/nadoo/glider/proxy/socks5"
@@ -58,7 +58,7 @@ func main() {
dialer := NewRuleDialer(conf.rules, dialerFromConf())
ipsetM, _ := NewIPSetManager(conf.IPSet, conf.rules)
if conf.DNS != "" {
- d, err := dns.NewDNS(conf.DNS, conf.DNSServer[0], dialer, false)
+ d, err := dns.NewServer(conf.DNS, dialer, conf.DNSServer...)
if err != nil {
log.Fatal(err)
}
@@ -73,9 +73,9 @@ func main() {
}
// add a handler to update proxy rules when a domain resolved
- d.AddAnswerHandler(dialer.AddDomainIP)
+ d.AddHandler(dialer.AddDomainIP)
if ipsetM != nil {
- d.AddAnswerHandler(ipsetM.AddDomainIP)
+ d.AddHandler(ipsetM.AddDomainIP)
}
go d.ListenAndServe()
diff --git a/proxy/direct.go b/proxy/direct.go
index 2652e7a..719a731 100644
--- a/proxy/direct.go
+++ b/proxy/direct.go
@@ -31,7 +31,6 @@ func (d *direct) Dial(network, addr string) (net.Conn, error) {
return c, err
}
-// DialUDP connects to the given address via the proxy
func (d *direct) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
pc, err := net.ListenPacket(network, "")
if err != nil {
From 5e32133eb9be5b35b47966a42a36c3c54759bc83 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 30 Jul 2018 00:18:10 +0800
Subject: [PATCH 220/341] dns: fixed a bug in UnmarshalRR
---
dns/client.go | 7 +++----
dns/message.go | 25 +++++++++----------------
2 files changed, 12 insertions(+), 20 deletions(-)
diff --git a/dns/client.go b/dns/client.go
index 1f7d201..47b32fd 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -90,7 +90,7 @@ func (c *Client) Exchange(reqBytes []byte, clientAddr string) (respBytes []byte,
return
}
- ip := ""
+ ips := []string{}
for _, answer := range respM.Answers {
if answer.TYPE == QTypeA {
for _, h := range c.Handlers {
@@ -98,17 +98,16 @@ func (c *Client) Exchange(reqBytes []byte, clientAddr string) (respBytes []byte,
}
if answer.IP != "" {
- ip += answer.IP + ","
+ ips = append(ips, answer.IP)
}
}
- log.F("rr: %+v", answer)
}
// add to cache
log.F("[dns] %s <-> %s, type: %d, %s: %s",
- clientAddr, dnsServer, reqM.Question.QTYPE, reqM.Question.QNAME, ip)
+ clientAddr, dnsServer, reqM.Question.QTYPE, reqM.Question.QNAME, strings.Join(ips, ","))
return
}
diff --git a/dns/message.go b/dns/message.go
index 82566bc..37299e7 100644
--- a/dns/message.go
+++ b/dns/message.go
@@ -4,7 +4,6 @@ import (
"bytes"
"encoding/binary"
"errors"
- "fmt"
"math/rand"
"net"
"strings"
@@ -129,15 +128,16 @@ func UnmarshalMessage(b []byte, msg *Message) error {
msg.SetQuestion(q)
// resp answers
- rrLen := 0
+ rridx := HeaderLen + qLen
for i := 0; i < int(msg.Header.ANCOUNT); i++ {
rr := &RR{}
- rrLen, err = msg.UnmarshalRR(HeaderLen+qLen+rrLen, rr)
+ rrLen, err := msg.UnmarshalRR(rridx, rr)
if err != nil {
return err
}
msg.AddAnswer(rr)
- rrLen += rrLen
+
+ rridx += rrLen
}
msg.Header.SetAncount(len(msg.Answers))
@@ -346,16 +346,9 @@ func (m *Message) UnmarshalRR(start int, rr *RR) (n int, err error) {
// | 1 1| OFFSET |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
p := m.unMarshaled[start:]
- if p[0]>>6 == 3 {
- offset := binary.BigEndian.Uint16(p[:2])
- rr.NAME = m.GetDomainByPoint(int(offset) & 0x3F)
- n += 2
- } else {
- // TODO: none compressed query name and Additional records will be ignored
- return 0, nil
- }
- // domain, n := m.GetDomain(p)
- // rr.NAME = domain
+
+ domain, n := m.GetDomain(p)
+ rr.NAME = domain
if len(p) <= n+10 {
return 0, errors.New("not enough data")
@@ -398,7 +391,6 @@ func (m *Message) GetDomain(b []byte) (string, int) {
for {
if b[idx]&0xC0 == 0xC0 {
- fmt.Println("aaaaaaaaaaaaaa")
offset := binary.BigEndian.Uint16(b[idx : idx+2])
lable := m.GetDomainByPoint(int(offset) & 0x3F)
labels = append(labels, lable)
@@ -415,7 +407,8 @@ func (m *Message) GetDomain(b []byte) (string, int) {
}
}
- return strings.Join(labels, "."), idx
+ domain := strings.Join(labels, ".")
+ return domain, idx
}
// GetDomainByPoint gets domain from
From f6a578f849139831a0ddad19c241c6cac92741fb Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 30 Jul 2018 01:05:08 +0800
Subject: [PATCH 221/341] dns: changed UnmarshalMessage to return *Messaeg
---
dns/client.go | 24 ++++++++++--------------
dns/message.go | 32 +++++++++++++++++++++-----------
2 files changed, 31 insertions(+), 25 deletions(-)
diff --git a/dns/client.go b/dns/client.go
index 47b32fd..a5ae487 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -36,23 +36,20 @@ func NewClient(dialer proxy.Dialer, upServers ...string) (*Client, error) {
// Exchange handles request msg and returns response msg
// reqBytes = reqLen + reqMsg
func (c *Client) Exchange(reqBytes []byte, clientAddr string) (respBytes []byte, err error) {
- reqMsg := reqBytes[2:]
-
- reqM := NewMessage()
- err = UnmarshalMessage(reqMsg, reqM)
+ req, err := UnmarshalMessage(reqBytes[2:])
if err != nil {
return
}
- if reqM.Question.QTYPE == QTypeA || reqM.Question.QTYPE == QTypeAAAA {
+ if req.Question.QTYPE == QTypeA || req.Question.QTYPE == QTypeAAAA {
// TODO: if query.QNAME in cache
// get respMsg from cache
// set msg id
// return respMsg, nil
}
- dnsServer := c.GetServer(reqM.Question.QNAME)
- rc, err := c.dialer.NextDialer(reqM.Question.QNAME+":53").Dial("tcp", dnsServer)
+ dnsServer := c.GetServer(req.Question.QNAME)
+ rc, err := c.dialer.NextDialer(req.Question.QNAME+":53").Dial("tcp", dnsServer)
if err != nil {
log.F("[dns] failed to connect to server %v: %v", dnsServer, err)
return
@@ -80,21 +77,20 @@ func (c *Client) Exchange(reqBytes []byte, clientAddr string) (respBytes []byte,
return
}
- if reqM.Question.QTYPE != QTypeA && reqM.Question.QTYPE != QTypeAAAA {
+ if req.Question.QTYPE != QTypeA && req.Question.QTYPE != QTypeAAAA {
return
}
- respM := NewMessage()
- err = UnmarshalMessage(respMsg, respM)
+ resp, err := UnmarshalMessage(respMsg)
if err != nil {
return
}
ips := []string{}
- for _, answer := range respM.Answers {
- if answer.TYPE == QTypeA {
+ for _, answer := range resp.Answers {
+ if answer.TYPE == QTypeA || answer.TYPE == QTypeAAAA {
for _, h := range c.Handlers {
- h(reqM.Question.QNAME, answer.IP)
+ h(resp.Question.QNAME, answer.IP)
}
if answer.IP != "" {
@@ -107,7 +103,7 @@ func (c *Client) Exchange(reqBytes []byte, clientAddr string) (respBytes []byte,
// add to cache
log.F("[dns] %s <-> %s, type: %d, %s: %s",
- clientAddr, dnsServer, reqM.Question.QTYPE, reqM.Question.QNAME, strings.Join(ips, ","))
+ clientAddr, dnsServer, resp.Question.QTYPE, resp.Question.QNAME, strings.Join(ips, ","))
return
}
diff --git a/dns/message.go b/dns/message.go
index 37299e7..2a97cd8 100644
--- a/dns/message.go
+++ b/dns/message.go
@@ -3,7 +3,9 @@ package dns
import (
"bytes"
"encoding/binary"
+ "encoding/hex"
"errors"
+ "fmt"
"math/rand"
"net"
"strings"
@@ -111,18 +113,21 @@ func (m *Message) Marshal() ([]byte, error) {
}
// UnmarshalMessage unmarshals []bytes to Message
-func UnmarshalMessage(b []byte, msg *Message) error {
+func UnmarshalMessage(b []byte) (*Message, error) {
+ msg := NewMessage()
msg.unMarshaled = b
+ fmt.Printf("msg.unMarshaled:\n%s\n", hex.Dump(msg.unMarshaled))
+
err := UnmarshalHeader(b[:HeaderLen], msg.Header)
if err != nil {
- return err
+ return nil, err
}
q := &Question{}
qLen, err := msg.UnmarshalQuestion(b[HeaderLen:], q)
if err != nil {
- return err
+ return nil, err
}
msg.SetQuestion(q)
@@ -133,7 +138,7 @@ func UnmarshalMessage(b []byte, msg *Message) error {
rr := &RR{}
rrLen, err := msg.UnmarshalRR(rridx, rr)
if err != nil {
- return err
+ return nil, err
}
msg.AddAnswer(rr)
@@ -142,7 +147,7 @@ func UnmarshalMessage(b []byte, msg *Message) error {
msg.Header.SetAncount(len(msg.Answers))
- return nil
+ return msg, nil
}
// Header format
@@ -340,13 +345,10 @@ func (m *Message) UnmarshalRR(start int, rr *RR) (n int, err error) {
return 0, errors.New("unmarshal question must not be nil")
}
- // https://tools.ietf.org/html/rfc1035#section-4.1.4
- // "Message compression",
- // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
- // | 1 1| OFFSET |
- // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
p := m.unMarshaled[start:]
+ fmt.Printf("rr bytes:\n%s\n", hex.Dump(p[:10]))
+
domain, n := m.GetDomain(p)
rr.NAME = domain
@@ -368,6 +370,8 @@ func (m *Message) UnmarshalRR(start int, rr *RR) (n int, err error) {
n = n + 10 + int(rr.RDLENGTH)
+ fmt.Printf("rr: %+#v\n", rr)
+
return n, nil
}
@@ -390,9 +394,14 @@ func (m *Message) GetDomain(b []byte) (string, int) {
var labels = []string{}
for {
+ // https://tools.ietf.org/html/rfc1035#section-4.1.4
+ // "Message compression",
+ // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ // | 1 1| OFFSET |
+ // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
if b[idx]&0xC0 == 0xC0 {
offset := binary.BigEndian.Uint16(b[idx : idx+2])
- lable := m.GetDomainByPoint(int(offset) & 0x3F)
+ lable := m.GetDomainByPoint(int(offset & 0x3F))
labels = append(labels, lable)
idx += 2
break
@@ -414,5 +423,6 @@ func (m *Message) GetDomain(b []byte) (string, int) {
// GetDomainByPoint gets domain from
func (m *Message) GetDomainByPoint(offset int) string {
domain, _ := m.GetDomain(m.unMarshaled[offset:])
+ fmt.Printf("GetDomainByPoint: %02x\n", offset)
return domain
}
From 40f33150071bc721c9c43228e3d41d31d174b678 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 30 Jul 2018 01:13:44 +0800
Subject: [PATCH 222/341] dnstun: remove dustun proxy, use dns and dnsserver
settings instead
---
README.md | 6 +-
conf.go | 5 +-
config/README.md | 3 -
.../README.md | 5 +-
.../glider.conf | 5 +-
config/glider.conf.example | 6 --
main.go | 3 +-
proxy/dnstun/dnstun.go | 64 -------------------
8 files changed, 12 insertions(+), 85 deletions(-)
delete mode 100644 proxy/dnstun/dnstun.go
diff --git a/README.md b/README.md
index 00a739b..5b16872 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,6 @@ Listen (local proxy server):
- TCP tunnel
- UDP tunnel
- UDP over TCP tunnel
-- DNS Tunnel(udp2tcp)
Forward (local proxy client/upstream proxy server):
- Socks5 proxy(tcp&udp)
@@ -131,10 +130,9 @@ Available Schemes:
tcptun: tcp tunnel
udptun: udp tunnel
uottun: udp over tcp tunnel
- dnstun: listen on udp port and forward all dns requests to remote dns server via forwarders(tcp)
Available schemes for different modes:
- listen: mixed ss socks5 http redir tcptun udptun uottun dnstun
+ listen: mixed ss socks5 http redir tcptun udptun uottun
forward: ss socks5 http ssr vmess tls ws
SS scheme:
@@ -230,7 +228,7 @@ Examples:
glider -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:8443
-listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.
- glider -listen redir://:1081 -listen dnstun://:53=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2
+ glider -listen redir://:1081 -dns://:53 -dnsserver://8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2
-listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.
glider -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -strategy rr
diff --git a/conf.go b/conf.go
index da15edf..936cc76 100644
--- a/conf.go
+++ b/conf.go
@@ -170,11 +170,10 @@ func usage() {
fmt.Fprintf(os.Stderr, " tcptun: tcp tunnel\n")
fmt.Fprintf(os.Stderr, " udptun: udp tunnel\n")
fmt.Fprintf(os.Stderr, " uottun: udp over tcp tunnel\n")
- fmt.Fprintf(os.Stderr, " dnstun: listen on udp port and forward all dns requests to remote dns server via forwarders(tcp)\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Available schemes for different modes:\n")
- fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir tcptun udptun uottun dnstun\n")
+ fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir tcptun udptun uottun\n")
fmt.Fprintf(os.Stderr, " forward: ss socks5 http ssr vmess tls ws\n")
fmt.Fprintf(os.Stderr, "\n")
@@ -284,7 +283,7 @@ func usage() {
fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:8443\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -listen dnstun://:53=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -dns://:53 -dnsserver://8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2\n")
fmt.Fprintf(os.Stderr, " -listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -strategy rr\n")
diff --git a/config/README.md b/config/README.md
index 89da5d8..0d67287 100644
--- a/config/README.md
+++ b/config/README.md
@@ -14,9 +14,6 @@ verbose
# listen on 8443, serve as http/socks5 proxy on the same port.
listen=:8443
-# listen on udp port 5353, forward dns requests via tcp protocol
-listen=dnstun://:5353=8.8.8.8:53
-
# upstream forward proxy
forward=socks5://192.168.1.10:1080
diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/README.md b/config/examples/8.transparent_proxy_with_dnsmasq/README.md
index 3cffa0c..9f4aeef 100644
--- a/config/examples/8.transparent_proxy_with_dnsmasq/README.md
+++ b/config/examples/8.transparent_proxy_with_dnsmasq/README.md
@@ -1,14 +1,15 @@
## 8. Transparent Proxy with dnsmasq
-#### Setup a redirect proxy and a dnstunnel with glider
+#### Setup a redirect proxy and a dns server with glider
glider.conf
```bash
verbose=True
listen=redir://:1081
-listen=dnstun://:5353=8.8.8.8:53
forward=http://forwarder1:8080,socks5://forwarder2:1080
forward=http://1.1.1.1:8080
+dns=:5353
+dnsserver=8.8.8.8:53
strategy=rr
checkwebsite=www.apple.com
checkduration=30
diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf b/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf
index 161e66c..491c4f2 100644
--- a/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf
+++ b/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf
@@ -3,11 +3,14 @@
verbose=True
listen=redir://:1081
-listen=dnstun://:5353=8.8.8.8:53
forward=http://forwarder1:8080,socks5://forwarder2:1080
forward=http://1.1.1.1:8080
+dns=:5353
+dnsserver=8.8.8.8:53
+
+
strategy=rr
checkwebsite=www.apple.com
checkduration=30
diff --git a/config/glider.conf.example b/config/glider.conf.example
index 46a52d6..eb66d62 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -55,12 +55,6 @@ listen=socks5://:1080
# listen on 1084 as a udp over tcp tunnel, all requests to :1084 will be forward to 1.1.1.1:53
# listen=uottun://:1084=1.1.1.1:53
-# a dnstun is a special dns forwarder server with a fixed remote dns
-# listen on udp port 5353, act as a local dns server,
-# forward all requests to 8.8.8.8:53 via tcp protocol
-# listen=dnstun://:5353=8.8.8.8:53
-
-
# FORWARDERS
# ----------
# Forwarders, we can setup multiple forwarders.
diff --git a/main.go b/main.go
index 36bb28f..d84b352 100644
--- a/main.go
+++ b/main.go
@@ -11,7 +11,6 @@ import (
"github.com/nadoo/glider/dns"
"github.com/nadoo/glider/proxy"
- // _ "github.com/nadoo/glider/proxy/dnstun"
_ "github.com/nadoo/glider/proxy/http"
_ "github.com/nadoo/glider/proxy/mixed"
_ "github.com/nadoo/glider/proxy/socks5"
@@ -26,7 +25,7 @@ import (
)
// VERSION .
-const VERSION = "0.6.3"
+const VERSION = "0.6.5"
func dialerFromConf() proxy.Dialer {
// global forwarders in xx.conf
diff --git a/proxy/dnstun/dnstun.go b/proxy/dnstun/dnstun.go
deleted file mode 100644
index d167c76..0000000
--- a/proxy/dnstun/dnstun.go
+++ /dev/null
@@ -1,64 +0,0 @@
-// https://tools.ietf.org/html/rfc1035
-
-package dnstun
-
-import (
- "net/url"
- "strings"
-
- "github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/dns"
- "github.com/nadoo/glider/proxy"
- "github.com/nadoo/glider/proxy/tcptun"
-)
-
-// DNSTun struct
-type DNSTun struct {
- dialer proxy.Dialer
- addr string
-
- raddr string
-
- dns *dns.DNS
- tcp *tcptun.TCPTun
-}
-
-func init() {
- proxy.RegisterServer("dnstun", NewDNSTunServer)
-}
-
-// NewDNSTun returns a dns tunnel forwarder.
-func NewDNSTun(s string, dialer proxy.Dialer) (*DNSTun, error) {
-
- u, err := url.Parse(s)
- if err != nil {
- log.F("parse err: %s", err)
- return nil, err
- }
-
- addr := u.Host
- d := strings.Split(addr, "=")
- addr, raddr := d[0], d[1]
-
- p := &DNSTun{
- dialer: dialer,
- addr: addr,
- raddr: raddr,
- }
-
- p.dns, _ = dns.NewDNS(addr, raddr, dialer, true)
-
- return p, nil
-}
-
-// NewDNSTunServer returns a dns tunnel server.
-func NewDNSTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
- return NewDNSTun(s, dialer)
-}
-
-// ListenAndServe .
-func (s *DNSTun) ListenAndServe() {
- if s.dns != nil {
- go s.dns.ListenAndServe()
- }
-}
From 41ddbb11683c0506c2f7b432c092f01d5dd30d08 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 30 Jul 2018 10:31:02 +0800
Subject: [PATCH 223/341] dns: fixed a bug in compressed domain offset
calculation
---
dns/message.go | 25 ++++++++-----------------
1 file changed, 8 insertions(+), 17 deletions(-)
diff --git a/dns/message.go b/dns/message.go
index 2a97cd8..67ec68b 100644
--- a/dns/message.go
+++ b/dns/message.go
@@ -3,9 +3,7 @@ package dns
import (
"bytes"
"encoding/binary"
- "encoding/hex"
"errors"
- "fmt"
"math/rand"
"net"
"strings"
@@ -117,8 +115,6 @@ func UnmarshalMessage(b []byte) (*Message, error) {
msg := NewMessage()
msg.unMarshaled = b
- fmt.Printf("msg.unMarshaled:\n%s\n", hex.Dump(msg.unMarshaled))
-
err := UnmarshalHeader(b[:HeaderLen], msg.Header)
if err != nil {
return nil, err
@@ -286,7 +282,7 @@ func (m *Message) UnmarshalQuestion(b []byte, q *Question) (n int, err error) {
return 0, errors.New("unmarshal question must not be nil")
}
- domain, idx := m.GetDomain(b)
+ domain, idx := m.UnmarshalDomain(b)
q.QNAME = domain
q.QTYPE = binary.BigEndian.Uint16(b[idx : idx+2])
q.QCLASS = binary.BigEndian.Uint16(b[idx+2 : idx+4])
@@ -347,9 +343,7 @@ func (m *Message) UnmarshalRR(start int, rr *RR) (n int, err error) {
p := m.unMarshaled[start:]
- fmt.Printf("rr bytes:\n%s\n", hex.Dump(p[:10]))
-
- domain, n := m.GetDomain(p)
+ domain, n := m.UnmarshalDomain(p)
rr.NAME = domain
if len(p) <= n+10 {
@@ -370,8 +364,6 @@ func (m *Message) UnmarshalRR(start int, rr *RR) (n int, err error) {
n = n + 10 + int(rr.RDLENGTH)
- fmt.Printf("rr: %+#v\n", rr)
-
return n, nil
}
@@ -388,8 +380,8 @@ func MarshalDomain(domain string) []byte {
return buf.Bytes()
}
-// GetDomain gets domain from bytes
-func (m *Message) GetDomain(b []byte) (string, int) {
+// UnmarshalDomain gets domain from bytes
+func (m *Message) UnmarshalDomain(b []byte) (string, int) {
var idx, size int
var labels = []string{}
@@ -401,7 +393,7 @@ func (m *Message) GetDomain(b []byte) (string, int) {
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
if b[idx]&0xC0 == 0xC0 {
offset := binary.BigEndian.Uint16(b[idx : idx+2])
- lable := m.GetDomainByPoint(int(offset & 0x3F))
+ lable := m.UnmarshalDomainPoint(int(offset & 0x3FFF))
labels = append(labels, lable)
idx += 2
break
@@ -420,9 +412,8 @@ func (m *Message) GetDomain(b []byte) (string, int) {
return domain, idx
}
-// GetDomainByPoint gets domain from
-func (m *Message) GetDomainByPoint(offset int) string {
- domain, _ := m.GetDomain(m.unMarshaled[offset:])
- fmt.Printf("GetDomainByPoint: %02x\n", offset)
+// UnmarshalDomainPoint gets domain from offset point
+func (m *Message) UnmarshalDomainPoint(offset int) string {
+ domain, _ := m.UnmarshalDomain(m.unMarshaled[offset:])
return domain
}
From 4781e7b4725c230a6d844a3d5b29e629dcfceb0b Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 31 Jul 2018 00:03:36 +0800
Subject: [PATCH 224/341] dns: add tcp server support
---
dns/message.go | 75 ++++++++++++++++++++++++++++++++++++++------------
dns/server.go | 64 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 121 insertions(+), 18 deletions(-)
diff --git a/dns/message.go b/dns/message.go
index 67ec68b..e9b0b6d 100644
--- a/dns/message.go
+++ b/dns/message.go
@@ -48,7 +48,6 @@ const (
// +---------------------+
// | Additional | RRs holding additional information
type Message struct {
- // all dns messages should start with a 12 byte dns header
*Header
// most dns implementation only support 1 question
Question *Question
@@ -99,13 +98,13 @@ func (m *Message) Marshal() ([]byte, error) {
}
buf.Write(b)
- // for _, answer := range m.Answers {
- // b, err := answer.Marshal()
- // if err != nil {
- // return nil, err
- // }
- // buf.Write(b)
- // }
+ for _, answer := range m.Answers {
+ b, err := answer.Marshal()
+ if err != nil {
+ return nil, err
+ }
+ buf.Write(b)
+ }
return buf.Bytes(), nil
}
@@ -191,6 +190,11 @@ func (h *Header) SetQR(qr int) {
h.Bits |= uint16(qr) << 15
}
+// SetTC .
+func (h *Header) SetTC(tc int) {
+ h.Bits |= uint16(tc) << 9
+}
+
// SetQdcount sets query count, most dns servers only support 1 query per request
func (h *Header) SetQdcount(qdcount int) {
h.QDCOUNT = uint16(qdcount)
@@ -282,7 +286,11 @@ func (m *Message) UnmarshalQuestion(b []byte, q *Question) (n int, err error) {
return 0, errors.New("unmarshal question must not be nil")
}
- domain, idx := m.UnmarshalDomain(b)
+ domain, idx, err := m.UnmarshalDomain(b)
+ if err != nil {
+ return 0, err
+ }
+
q.QNAME = domain
q.QTYPE = binary.BigEndian.Uint16(b[idx : idx+2])
q.QCLASS = binary.BigEndian.Uint16(b[idx+2 : idx+4])
@@ -335,19 +343,36 @@ func NewRR() *RR {
return rr
}
+// Marshal marshals RR struct to []byte
+func (rr *RR) Marshal() ([]byte, error) {
+ var buf bytes.Buffer
+
+ buf.Write(MarshalDomain(rr.NAME))
+ binary.Write(&buf, binary.BigEndian, rr.TYPE)
+ binary.Write(&buf, binary.BigEndian, rr.CLASS)
+ binary.Write(&buf, binary.BigEndian, rr.TTL)
+ binary.Write(&buf, binary.BigEndian, rr.RDLENGTH)
+ buf.Write(rr.RDATA)
+
+ return buf.Bytes(), nil
+}
+
// UnmarshalRR unmarshals []bytes to RR
func (m *Message) UnmarshalRR(start int, rr *RR) (n int, err error) {
if rr == nil {
- return 0, errors.New("unmarshal question must not be nil")
+ return 0, errors.New("unmarshal rr must not be nil")
}
p := m.unMarshaled[start:]
- domain, n := m.UnmarshalDomain(p)
+ domain, n, err := m.UnmarshalDomain(p)
+ if err != nil {
+ return 0, err
+ }
rr.NAME = domain
if len(p) <= n+10 {
- return 0, errors.New("not enough data")
+ return 0, errors.New("UnmarshalRR: not enough data")
}
rr.TYPE = binary.BigEndian.Uint16(p[n:])
@@ -381,7 +406,7 @@ func MarshalDomain(domain string) []byte {
}
// UnmarshalDomain gets domain from bytes
-func (m *Message) UnmarshalDomain(b []byte) (string, int) {
+func (m *Message) UnmarshalDomain(b []byte) (string, int, error) {
var idx, size int
var labels = []string{}
@@ -393,7 +418,11 @@ func (m *Message) UnmarshalDomain(b []byte) (string, int) {
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
if b[idx]&0xC0 == 0xC0 {
offset := binary.BigEndian.Uint16(b[idx : idx+2])
- lable := m.UnmarshalDomainPoint(int(offset & 0x3FFF))
+ lable, err := m.UnmarshalDomainPoint(int(offset & 0x3FFF))
+ if err != nil {
+ return "", 0, err
+ }
+
labels = append(labels, lable)
idx += 2
break
@@ -402,18 +431,28 @@ func (m *Message) UnmarshalDomain(b []byte) (string, int) {
if size == 0 {
idx++
break
+ } else if size > 63 {
+ return "", 0, errors.New("UnmarshalDomain: label length more than 63")
}
+
+ if idx+size+1 > len(b) {
+ return "", 0, errors.New("UnmarshalDomain: label length more than 63")
+ }
+
labels = append(labels, string(b[idx+1:idx+size+1]))
idx += (size + 1)
}
}
domain := strings.Join(labels, ".")
- return domain, idx
+ return domain, idx, nil
}
// UnmarshalDomainPoint gets domain from offset point
-func (m *Message) UnmarshalDomainPoint(offset int) string {
- domain, _ := m.UnmarshalDomain(m.unMarshaled[offset:])
- return domain
+func (m *Message) UnmarshalDomainPoint(offset int) (string, error) {
+ if offset > len(m.unMarshaled) {
+ return "", errors.New("UnmarshalDomainPoint: offset larger than msg length")
+ }
+ domain, _, err := m.UnmarshalDomain(m.unMarshaled[offset:])
+ return domain, err
}
diff --git a/dns/server.go b/dns/server.go
index 4f824bf..0806c0b 100644
--- a/dns/server.go
+++ b/dns/server.go
@@ -2,12 +2,17 @@ package dns
import (
"encoding/binary"
+ "io"
"net"
+ "time"
"github.com/nadoo/glider/common/log"
"github.com/nadoo/glider/proxy"
)
+// conn timeout, seconds
+const timeout = 30
+
// Server is a dns server struct
type Server struct {
addr string
@@ -28,6 +33,12 @@ func NewServer(addr string, dialer proxy.Dialer, upServers ...string) (*Server,
// ListenAndServe .
func (s *Server) ListenAndServe() {
+ go s.ListenAndServeTCP()
+ s.ListenAndServeUDP()
+}
+
+// ListenAndServeUDP .
+func (s *Server) ListenAndServeUDP() {
c, err := net.ListenPacket("udp", s.addr)
if err != nil {
log.F("[dns] failed to listen on %s, error: %v", s.addr, err)
@@ -70,3 +81,56 @@ func (s *Server) ListenAndServe() {
}
}
+
+// ListenAndServeTCP .
+func (s *Server) ListenAndServeTCP() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ log.F("[dns]-tcp error: %v", err)
+ return
+ }
+
+ log.F("[dns]-tcp listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[dns]-tcp error: failed to accept: %v", err)
+ continue
+ }
+ go s.ServeTCP(c)
+ }
+}
+
+// ServeTCP .
+func (s *Server) ServeTCP(c net.Conn) {
+ defer c.Close()
+
+ c.SetDeadline(time.Now().Add(time.Duration(timeout) * time.Second))
+
+ var reqLen uint16
+ if err := binary.Read(c, binary.BigEndian, &reqLen); err != nil {
+ log.F("[dns]-tcp failed to get request length: %v", err)
+ return
+ }
+
+ reqBytes := make([]byte, reqLen+2)
+ _, err := io.ReadFull(c, reqBytes[2:])
+ if err != nil {
+ log.F("[dns]-tcp error in read reqBytes %s", err)
+ return
+ }
+
+ binary.BigEndian.PutUint16(reqBytes[:2], reqLen)
+
+ respBytes, err := s.Exchange(reqBytes, c.RemoteAddr().String())
+ if err != nil {
+ log.F("[dns]-tcp error in exchange: %s", err)
+ return
+ }
+
+ if err := binary.Write(c, binary.BigEndian, respBytes); err != nil {
+ log.F("[dns]-tcp error in local write respBytes: %s", err)
+ return
+ }
+}
From a2a67df771813784ed272471fb89f26132a6bbda Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 31 Jul 2018 20:25:39 +0800
Subject: [PATCH 225/341] http: keep proxy-connection when connect to upstream
http proxy. #42
---
proxy/http/http.go | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/proxy/http/http.go b/proxy/http/http.go
index c7da285..99c4596 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -231,16 +231,19 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
c.SetKeepAlive(true)
}
- rc.Write([]byte("CONNECT " + addr + " HTTP/1.0\r\n"))
- rc.Write([]byte("Proxy-Connection: close\r\n"))
+ var buf bytes.Buffer
+
+ buf.Write([]byte("CONNECT " + addr + " HTTP/1.1\r\n"))
+ buf.Write([]byte("Proxy-Connection: Keep-Alive\r\n"))
if s.user != "" && s.password != "" {
auth := s.user + ":" + s.password
- rc.Write([]byte("Proxy-Authorization: Basic " + base64.StdEncoding.EncodeToString([]byte(auth)) + "\r\n"))
+ buf.Write([]byte("Proxy-Authorization: Basic " + base64.StdEncoding.EncodeToString([]byte(auth)) + "\r\n"))
}
//header ended
- rc.Write([]byte("\r\n"))
+ buf.Write([]byte("\r\n"))
+ rc.Write(buf.Bytes())
respR := bufio.NewReader(rc)
respTP := textproto.NewReader(respR)
From a226637bfba60a28d3a77e5def9d93dc3e594958 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 1 Aug 2018 00:09:55 +0800
Subject: [PATCH 226/341] dns: 1. support cache; 2. support custom records; #35
---
conf.go | 2 +
dns/cache.go | 69 ++++++++++++++++++++++++
dns/client.go | 139 ++++++++++++++++++++++++++++++++++++++-----------
dns/message.go | 47 ++++++++---------
dns/server.go | 4 +-
main.go | 7 ++-
6 files changed, 210 insertions(+), 58 deletions(-)
create mode 100644 dns/cache.go
diff --git a/conf.go b/conf.go
index 936cc76..3069dae 100644
--- a/conf.go
+++ b/conf.go
@@ -25,6 +25,7 @@ var conf struct {
DNS string
DNSServer []string
+ DNSRecord []string
IPSet string
@@ -43,6 +44,7 @@ func confInit() {
flag.StringVar(&conf.DNS, "dns", "", "dns forwarder server listen address")
flag.StringSliceUniqVar(&conf.DNSServer, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
+ flag.StringSliceUniqVar(&conf.DNSRecord, "dnsrecord", nil, "custom dns record")
flag.StringVar(&conf.IPSet, "ipset", "", "ipset name")
diff --git a/dns/cache.go b/dns/cache.go
new file mode 100644
index 0000000..50b371a
--- /dev/null
+++ b/dns/cache.go
@@ -0,0 +1,69 @@
+package dns
+
+import (
+ "sync"
+ "time"
+)
+
+// HundredYears is one hundred years duration in seconds, used for none-expired items
+const HundredYears = 100 * 365 * 24 * 3600
+
+type item struct {
+ value []byte
+ expire time.Time
+}
+
+// Cache is the struct of cache
+type Cache struct {
+ m map[string]*item
+ l sync.RWMutex
+}
+
+// NewCache returns a new cache
+func NewCache() (c *Cache) {
+ c = &Cache{m: make(map[string]*item)}
+ go func() {
+ for now := range time.Tick(time.Second) {
+ c.l.Lock()
+ for k, v := range c.m {
+ if now.After(v.expire) {
+ delete(c.m, k)
+ }
+ }
+ c.l.Unlock()
+ }
+ }()
+
+ return
+}
+
+// Len returns the length of cache
+func (c *Cache) Len() int {
+ return len(c.m)
+}
+
+// Put an item into cache, invalid after ttl seconds, never invalid if ttl=0
+func (c *Cache) Put(k string, v []byte, ttl int) {
+ if len(v) == 0 {
+ return
+ }
+
+ c.l.Lock()
+ it, ok := c.m[k]
+ if !ok {
+ it = &item{value: v}
+ c.m[k] = it
+ }
+ it.expire = time.Now().Add(time.Duration(ttl) * time.Second)
+ c.l.Unlock()
+}
+
+// Get an item from cache
+func (c *Cache) Get(k string) (v []byte) {
+ c.l.RLock()
+ if it, ok := c.m[k]; ok {
+ v = it.value
+ }
+ c.l.RUnlock()
+ return
+}
diff --git a/dns/client.go b/dns/client.go
index a5ae487..3789ec2 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -1,33 +1,39 @@
package dns
import (
+ "bytes"
"encoding/binary"
+ "errors"
"io"
+ "net"
"strings"
"github.com/nadoo/glider/common/log"
"github.com/nadoo/glider/proxy"
)
+// DefaultTTL is default ttl in seconds
+const DefaultTTL = 600
+
// HandleFunc function handles the dns TypeA or TypeAAAA answer
type HandleFunc func(Domain, ip string) error
// Client is a dns client struct
type Client struct {
dialer proxy.Dialer
- UPServers []string
- UPServerMap map[string][]string
- Handlers []HandleFunc
-
- tcp bool
+ cache *Cache
+ upServers []string
+ upServerMap map[string][]string
+ handlers []HandleFunc
}
// NewClient returns a new dns client
-func NewClient(dialer proxy.Dialer, upServers ...string) (*Client, error) {
+func NewClient(dialer proxy.Dialer, upServers []string) (*Client, error) {
c := &Client{
dialer: dialer,
- UPServers: upServers,
- UPServerMap: make(map[string][]string),
+ cache: NewCache(),
+ upServers: upServers,
+ upServerMap: make(map[string][]string),
}
return c, nil
@@ -35,82 +41,96 @@ func NewClient(dialer proxy.Dialer, upServers ...string) (*Client, error) {
// Exchange handles request msg and returns response msg
// reqBytes = reqLen + reqMsg
-func (c *Client) Exchange(reqBytes []byte, clientAddr string) (respBytes []byte, err error) {
+func (c *Client) Exchange(reqBytes []byte, clientAddr string) ([]byte, error) {
req, err := UnmarshalMessage(reqBytes[2:])
if err != nil {
- return
+ return nil, err
}
if req.Question.QTYPE == QTypeA || req.Question.QTYPE == QTypeAAAA {
- // TODO: if query.QNAME in cache
- // get respMsg from cache
- // set msg id
- // return respMsg, nil
+ v := c.cache.Get(getKey(req.Question))
+ if v != nil {
+ binary.BigEndian.PutUint16(v[2:4], req.ID)
+ log.F("[dns] %s <-> cache, type: %d, %s",
+ clientAddr, req.Question.QTYPE, req.Question.QNAME)
+
+ return v, nil
+ }
}
dnsServer := c.GetServer(req.Question.QNAME)
rc, err := c.dialer.NextDialer(req.Question.QNAME+":53").Dial("tcp", dnsServer)
if err != nil {
log.F("[dns] failed to connect to server %v: %v", dnsServer, err)
- return
+ return nil, err
}
defer rc.Close()
if err = binary.Write(rc, binary.BigEndian, reqBytes); err != nil {
log.F("[dns] failed to write req message: %v", err)
- return
+ return nil, err
}
var respLen uint16
if err = binary.Read(rc, binary.BigEndian, &respLen); err != nil {
log.F("[dns] failed to read response length: %v", err)
- return
+ return nil, err
}
- respBytes = make([]byte, respLen+2)
+ respBytes := make([]byte, respLen+2)
binary.BigEndian.PutUint16(respBytes[:2], respLen)
- respMsg := respBytes[2:]
- _, err = io.ReadFull(rc, respMsg)
+ _, err = io.ReadFull(rc, respBytes[2:])
if err != nil {
log.F("[dns] error in read respMsg %s\n", err)
- return
+ return nil, err
}
if req.Question.QTYPE != QTypeA && req.Question.QTYPE != QTypeAAAA {
- return
+ log.F("[dns] %s <-> %s, type: %d, %s",
+ clientAddr, dnsServer, req.Question.QTYPE, req.Question.QNAME)
+ return respBytes, nil
}
- resp, err := UnmarshalMessage(respMsg)
+ resp, err := UnmarshalMessage(respBytes[2:])
if err != nil {
- return
+ return respBytes, err
}
+ ttl := 0
ips := []string{}
for _, answer := range resp.Answers {
if answer.TYPE == QTypeA || answer.TYPE == QTypeAAAA {
- for _, h := range c.Handlers {
+ for _, h := range c.handlers {
h(resp.Question.QNAME, answer.IP)
}
if answer.IP != "" {
ips = append(ips, answer.IP)
}
+
+ ttl = int(answer.TTL)
}
}
+ // if ttl in packet is 0, set it to default value
+ if ttl == 0 {
+ ttl = DefaultTTL
+ }
+
// add to cache
+ c.cache.Put(getKey(resp.Question), respBytes, ttl)
log.F("[dns] %s <-> %s, type: %d, %s: %s",
clientAddr, dnsServer, resp.Question.QTYPE, resp.Question.QNAME, strings.Join(ips, ","))
- return
+ return respBytes, nil
}
// SetServer .
func (c *Client) SetServer(domain string, servers ...string) {
- c.UPServerMap[domain] = append(c.UPServerMap[domain], servers...)
+ c.upServerMap[domain] = append(c.upServerMap[domain], servers...)
}
// GetServer .
@@ -120,16 +140,75 @@ func (c *Client) GetServer(domain string) string {
for i := length - 2; i >= 0; i-- {
domain := strings.Join(domainParts[i:length], ".")
- if servers, ok := c.UPServerMap[domain]; ok {
+ if servers, ok := c.upServerMap[domain]; ok {
return servers[0]
}
}
// TODO:
- return c.UPServers[0]
+ return c.upServers[0]
}
// AddHandler .
func (c *Client) AddHandler(h HandleFunc) {
- c.Handlers = append(c.Handlers, h)
+ c.handlers = append(c.handlers, h)
+}
+
+// AddRecord adds custom record to dns cache, format:
+// www.example.com/1.2.3.4 or www.example.com/2606:2800:220:1:248:1893:25c8:1946
+func (c *Client) AddRecord(record string) error {
+ r := strings.Split(record, "/")
+ domain, ip := r[0], r[1]
+ m, err := c.GenResponse(domain, ip)
+ if err != nil {
+ return err
+ }
+
+ b, _ := m.Marshal()
+
+ var buf bytes.Buffer
+ binary.Write(&buf, binary.BigEndian, uint16(len(b)))
+ buf.Write(b)
+
+ c.cache.Put(getKey(m.Question), buf.Bytes(), HundredYears)
+
+ return nil
+}
+
+// GenResponse .
+func (c *Client) GenResponse(domain string, ip string) (*Message, error) {
+ ipb := net.ParseIP(ip)
+ if ipb == nil {
+ return nil, errors.New("GenResponse: invalid ip format")
+ }
+
+ var rdata []byte
+ var qtype, rdlen uint16
+ if rdata = ipb.To4(); rdata != nil {
+ qtype = QTypeA
+ rdlen = net.IPv4len
+ } else {
+ qtype = QTypeAAAA
+ rdlen = net.IPv6len
+ rdata = ipb
+ }
+
+ m := NewMessage(0, Response)
+ m.SetQuestion(NewQuestion(qtype, domain))
+ rr := &RR{NAME: domain, TYPE: qtype, CLASS: CLASSIN,
+ RDLENGTH: rdlen, RDATA: rdata}
+ m.AddAnswer(rr)
+
+ return m, nil
+}
+
+func getKey(q *Question) string {
+ qtype := ""
+ switch q.QTYPE {
+ case QTypeA:
+ qtype = "A"
+ case QTypeAAAA:
+ qtype = "AAAA"
+ }
+ return q.QNAME + "/" + qtype
}
diff --git a/dns/message.go b/dns/message.go
index e9b0b6d..8730863 100644
--- a/dns/message.go
+++ b/dns/message.go
@@ -19,10 +19,10 @@ const UDPMaxLen = 512
// HeaderLen is the length of dns msg header
const HeaderLen = 12
-// QR types
+// Message types
const (
- QRQuery = 0
- QRResponse = 1
+ Query = 0
+ Response = 1
)
// QType .
@@ -31,6 +31,9 @@ const (
QTypeAAAA uint16 = 28 ///ipv6
)
+// CLASSIN .
+const CLASSIN uint16 = 1
+
// Message format
// https://tools.ietf.org/html/rfc1035#section-4.1
// All communications inside of the domain protocol are carried in a single
@@ -60,10 +63,15 @@ type Message struct {
}
// NewMessage returns a new message
-func NewMessage() *Message {
- return &Message{
- Header: &Header{},
+func NewMessage(id uint16, msgType int) *Message {
+ if id == 0 {
+ id = uint16(rand.Uint32())
}
+
+ h := &Header{ID: id}
+ h.SetMsgType(msgType)
+
+ return &Message{Header: h}
}
// SetQuestion sets a question to dns message,
@@ -111,7 +119,7 @@ func (m *Message) Marshal() ([]byte, error) {
// UnmarshalMessage unmarshals []bytes to Message
func UnmarshalMessage(b []byte) (*Message, error) {
- msg := NewMessage()
+ msg := &Message{Header: &Header{}}
msg.unMarshaled = b
err := UnmarshalHeader(b[:HeaderLen], msg.Header)
@@ -174,19 +182,8 @@ type Header struct {
ARCOUNT uint16
}
-// NewHeader returns a new dns header
-func NewHeader(id uint16, qr int) *Header {
- if id == 0 {
- id = uint16(rand.Uint32())
- }
-
- h := &Header{ID: id}
- h.SetQR(qr)
- return h
-}
-
-// SetQR .
-func (h *Header) SetQR(qr int) {
+// SetMsgType .
+func (h *Header) SetMsgType(qr int) {
h.Bits |= uint16(qr) << 15
}
@@ -265,7 +262,7 @@ func NewQuestion(qtype uint16, domain string) *Question {
return &Question{
QNAME: domain,
QTYPE: qtype,
- QCLASS: 1,
+ QCLASS: CLASSIN,
}
}
@@ -418,12 +415,12 @@ func (m *Message) UnmarshalDomain(b []byte) (string, int, error) {
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
if b[idx]&0xC0 == 0xC0 {
offset := binary.BigEndian.Uint16(b[idx : idx+2])
- lable, err := m.UnmarshalDomainPoint(int(offset & 0x3FFF))
+ label, err := m.UnmarshalDomainPoint(int(offset & 0x3FFF))
if err != nil {
return "", 0, err
}
- labels = append(labels, lable)
+ labels = append(labels, label)
idx += 2
break
} else {
@@ -432,11 +429,11 @@ func (m *Message) UnmarshalDomain(b []byte) (string, int, error) {
idx++
break
} else if size > 63 {
- return "", 0, errors.New("UnmarshalDomain: label length more than 63")
+ return "", 0, errors.New("UnmarshalDomain: label size larger than 63")
}
if idx+size+1 > len(b) {
- return "", 0, errors.New("UnmarshalDomain: label length more than 63")
+ return "", 0, errors.New("UnmarshalDomain: label size larger than msg length")
}
labels = append(labels, string(b[idx+1:idx+size+1]))
diff --git a/dns/server.go b/dns/server.go
index 0806c0b..77717ed 100644
--- a/dns/server.go
+++ b/dns/server.go
@@ -21,8 +21,8 @@ type Server struct {
}
// NewServer returns a new dns server
-func NewServer(addr string, dialer proxy.Dialer, upServers ...string) (*Server, error) {
- c, err := NewClient(dialer, upServers...)
+func NewServer(addr string, dialer proxy.Dialer, upServers []string) (*Server, error) {
+ c, err := NewClient(dialer, upServers)
s := &Server{
addr: addr,
Client: c,
diff --git a/main.go b/main.go
index d84b352..ad41ad7 100644
--- a/main.go
+++ b/main.go
@@ -57,11 +57,16 @@ func main() {
dialer := NewRuleDialer(conf.rules, dialerFromConf())
ipsetM, _ := NewIPSetManager(conf.IPSet, conf.rules)
if conf.DNS != "" {
- d, err := dns.NewServer(conf.DNS, dialer, conf.DNSServer...)
+ d, err := dns.NewServer(conf.DNS, dialer, conf.DNSServer)
if err != nil {
log.Fatal(err)
}
+ // custom records
+ for _, record := range conf.DNSRecord {
+ d.AddRecord(record)
+ }
+
// rule
for _, r := range conf.rules {
for _, domain := range r.Domain {
From 04c6f7434354f73bc27d5d32d5b9b3c10f2c0f38 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 1 Aug 2018 00:36:11 +0800
Subject: [PATCH 227/341] doc: update for custom dnsrecord
---
README.md | 22 +++++++++++++++++-----
conf.go | 15 +++++++++++++--
config/glider.conf.example | 4 ++++
dns/client.go | 12 +++++-------
4 files changed, 39 insertions(+), 14 deletions(-)
diff --git a/README.md b/README.md
index 5b16872..f67b79a 100644
--- a/README.md
+++ b/README.md
@@ -91,7 +91,7 @@ glider -config CONFIGPATH -listen :8080 -verbose
## Usage
```bash
-glider v0.6.3 usage:
+glider v0.6.5 usage:
-checkduration int
proxy check duration(seconds) (default 30)
-checkwebsite string
@@ -100,6 +100,8 @@ glider v0.6.3 usage:
config file path
-dns string
dns forwarder server listen address
+ -dnsrecord value
+ custom dns record, format: domain/ip
-dnsserver value
remote dns server
-forward value
@@ -154,7 +156,7 @@ Available securities for vmess:
TLS scheme:
tls://host:port[?skipVerify=true]
-TLS with a specified proxy protocol(proxy over tls):
+TLS with a specified proxy protocol:
tls://host:port[?skipVerify=true],scheme://
tls://host:port[?skipVerify=true],http://[user:pass@]
tls://host:port[?skipVerify=true],socks5://[user:pass@]
@@ -163,18 +165,25 @@ TLS with a specified proxy protocol(proxy over tls):
Websocket scheme:
ws://host:port[/path]
-Websocket with a specified proxy protocol(proxy over websocket):
+Websocket with a specified proxy protocol:
ws://host:port[/path],scheme://
ws://host:port[/path],http://[user:pass@]
ws://host:port[/path],socks5://[user:pass@]
ws://host:port[/path],vmess://[security:]uuid@?alterID=num
-TLS and Websocket with a specified proxy protocol(proxy over websocket over tls):
+TLS and Websocket with a specified proxy protocol:
tls://host:port[?skipVerify=true],ws://[@/path],scheme://
tls://host:port[?skipVerify=true],ws://[@/path],http://[user:pass@]
tls://host:port[?skipVerify=true],ws://[@/path],socks5://[user:pass@]
tls://host:port[?skipVerify=true],ws://[@/path],vmess://[security:]uuid@?alterID=num
+DNS forwarding server:
+ dns=:53
+ dnsserver=8.8.8.8:53
+ dnsserver=1.1.1.1:53
+ dnsrecord=www.example.com/1.2.3.4
+ dnsrecord=www.example.com/2606:2800:220:1:248:1893:25c8:1946
+
Available forward strategies:
rr: Round Robin mode
ha: High Availability mode
@@ -228,11 +237,14 @@ Examples:
glider -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:8443
-listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.
- glider -listen redir://:1081 -dns://:53 -dnsserver://8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2
+ glider -listen redir://:1081 -dns=:53 -dnsserver=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2
-listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.
glider -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -strategy rr
-listen on :1080 as socks5 server, forward requests via server1 and server2 in round robin mode.
+
+ glider -verbose -dns=:53 -dnsserver=8.8.8.8:53 -dnsrecord=www.example.com/1.2.3.4
+ -listen on :53 as dns server, forward dns requests to 8.8.8.8:53, return 1.2.3.4 when resolving www.example.com.
```
## Advanced Usage
diff --git a/conf.go b/conf.go
index 3069dae..1f629b7 100644
--- a/conf.go
+++ b/conf.go
@@ -44,7 +44,7 @@ func confInit() {
flag.StringVar(&conf.DNS, "dns", "", "dns forwarder server listen address")
flag.StringSliceUniqVar(&conf.DNSServer, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
- flag.StringSliceUniqVar(&conf.DNSRecord, "dnsrecord", nil, "custom dns record")
+ flag.StringSliceUniqVar(&conf.DNSRecord, "dnsrecord", nil, "custom dns record, format: domain/ip")
flag.StringVar(&conf.IPSet, "ipset", "", "ipset name")
@@ -230,6 +230,14 @@ func usage() {
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],ws://[@/path],vmess://[security:]uuid@?alterID=num\n")
fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, "DNS forwarding server:\n")
+ fmt.Fprintf(os.Stderr, " dns=:53\n")
+ fmt.Fprintf(os.Stderr, " dnsserver=8.8.8.8:53\n")
+ fmt.Fprintf(os.Stderr, " dnsserver=1.1.1.1:53\n")
+ fmt.Fprintf(os.Stderr, " dnsrecord=www.example.com/1.2.3.4\n")
+ fmt.Fprintf(os.Stderr, " dnsrecord=www.example.com/2606:2800:220:1:248:1893:25c8:1946\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
fmt.Fprintf(os.Stderr, "Available forward strategies:\n")
fmt.Fprintf(os.Stderr, " rr: Round Robin mode\n")
fmt.Fprintf(os.Stderr, " ha: High Availability mode\n")
@@ -285,10 +293,13 @@ func usage() {
fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:8443\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -dns://:53 -dnsserver://8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen redir://:1081 -dns=:53 -dnsserver=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2\n")
fmt.Fprintf(os.Stderr, " -listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -strategy rr\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as socks5 server, forward requests via server1 and server2 in round robin mode.\n")
fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -verbose -dns=:53 -dnsserver=8.8.8.8:53 -dnsrecord=www.example.com/1.2.3.4\n")
+ fmt.Fprintf(os.Stderr, " -listen on :53 as dns server, forward dns requests to 8.8.8.8:53, return 1.2.3.4 when resolving www.example.com.\n")
+ fmt.Fprintf(os.Stderr, "\n")
}
diff --git a/config/glider.conf.example b/config/glider.conf.example
index eb66d62..bf51833 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -125,6 +125,10 @@ checkduration=30
dns=:53
# global remote dns server (you can specify different dns server in rule file)
dnsserver=8.8.8.8:53
+dnsserver=1.1.1.1:53
+# custom records
+dnsrecord=www.example.com/1.2.3.4
+dnsrecord=www.example.com/2606:2800:220:1:248:1893:25c8:1946
# IPSET MANAGEMENT
diff --git a/dns/client.go b/dns/client.go
index 3789ec2..f87da5a 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -97,7 +97,7 @@ func (c *Client) Exchange(reqBytes []byte, clientAddr string) ([]byte, error) {
return respBytes, err
}
- ttl := 0
+ ttl := DefaultTTL
ips := []string{}
for _, answer := range resp.Answers {
if answer.TYPE == QTypeA || answer.TYPE == QTypeAAAA {
@@ -109,16 +109,14 @@ func (c *Client) Exchange(reqBytes []byte, clientAddr string) ([]byte, error) {
ips = append(ips, answer.IP)
}
- ttl = int(answer.TTL)
+ if answer.TTL != 0 {
+ ttl = int(answer.TTL)
+ }
+
}
}
- // if ttl in packet is 0, set it to default value
- if ttl == 0 {
- ttl = DefaultTTL
- }
-
// add to cache
c.cache.Put(getKey(resp.Question), respBytes, ttl)
From 8d20331096430d6cd4cb1ad730ffdf93cdf3d5fd Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 1 Aug 2018 00:47:43 +0800
Subject: [PATCH 228/341] doc: update README file format
---
README.md | 37 +++++++++++++++++++++++++++++--------
1 file changed, 29 insertions(+), 8 deletions(-)
diff --git a/README.md b/README.md
index f67b79a..4f17dcf 100644
--- a/README.md
+++ b/README.md
@@ -8,14 +8,17 @@
glider is a forward proxy with multiple protocols support, and also a dns forwarding server with ipset management features(like dnsmasq).
we can set up local listeners as proxy servers, and forward requests to internet via forwarders.
-```
- |Forwarder ----------------->|
+
+```bash
+ |Forwarder ----------------->|
Listener --> | | Internet
- |Forwarder --> Forwarder->...|
+ |Forwarder --> Forwarder->...|
```
## Features
+
Listen (local proxy server):
+
- Socks5 proxy(tcp&udp)
- Http proxy(tcp)
- SS proxy(tcp&udp)
@@ -25,6 +28,7 @@ Listen (local proxy server):
- UDP over TCP tunnel
Forward (local proxy client/upstream proxy server):
+
- Socks5 proxy(tcp&udp)
- Http proxy(tcp)
- SS proxy(tcp&udp&uot)
@@ -34,17 +38,22 @@ Forward (local proxy client/upstream proxy server):
- Websocket, use it together with above proxy protocols(tcp)
DNS Forwarding Server (udp2tcp):
+
- Listen on UDP and forward dns requests to remote dns server in TCP via forwarders
- Specify different upstream dns server based on destinations(in rule file)
- Tunnel mode: forward to a fixed upstream dns server
- Add resolved IPs to proxy rules
- Add resolved IPs to ipset
+- DNS cache
+- Custom dns record
IPSet Management:
+
- Add ip/cidrs from rule files on startup
- Add resolved ips for domains from rule files by dns forwarding server
General:
+
- Http and socks5 on the same port
- Forward chain
- HA or RR strategy for multiple forwarders
@@ -52,44 +61,53 @@ General:
- Rule proxy based on destinations: [Config Examples](config/examples)
TODO:
+
+- [ ] IPv6 support
- [ ] Transparent UDP proxy (iptables tproxy)
-- [ ] DNS Cache
- [ ] Performance tuning
- [ ] TUN/TAP device support
-- [ ] IPv6 support
-- [ ] SSH tunnel support
+- [ ] SSH tunnel support (maybe)
## Install
-Binary:
+
+Binary:
+
- [https://github.com/nadoo/glider/releases](https://github.com/nadoo/glider/releases)
Go Get (requires **Go 1.10+** ):
+
```bash
go get -u github.com/nadoo/glider
```
-ArchLinux:
+ArchLinux:
+
```bash
sudo pacman -S glider
```
## Run
+
command line:
+
```bash
glider -listen :8443 -verbose
```
config file:
+
```bash
glider -config CONFIGPATH
```
command line with config file:
+
```bash
glider -config CONFIGPATH -listen :8080 -verbose
```
## Usage
+
```bash
glider v0.6.5 usage:
-checkduration int
@@ -248,6 +266,7 @@ Examples:
```
## Advanced Usage
+
- [ConfigFile](config)
- [glider.conf.example](config/glider.conf.example)
- [office.rule.example](config/rules.d/office.rule.example)
@@ -256,9 +275,11 @@ Examples:
- [transparent proxy without dnsmasq](config/examples/9.transparent_proxy_without_dnsmasq)
## Service
+
- systemd: [https://github.com/nadoo/glider/blob/master/systemd/](https://github.com/nadoo/glider/blob/master/systemd/)
## Links
+
- [go-ss2](https://github.com/shadowsocks/go-shadowsocks2): ss protocol support
- [conflag](https://github.com/nadoo/conflag): command line and config file parse support
- [ArchLinux](https://www.archlinux.org/packages/community/x86_64/glider): a great linux distribution with glider pre-built package
From 9acaff5b4aa860b3e3fe5e7ebc4f5d2da1867d97 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 2 Aug 2018 00:11:22 +0800
Subject: [PATCH 229/341] dns: query in udp when client requests in udp and no
forwarder specified
---
dns/cache.go | 22 +++++----
dns/client.go | 120 ++++++++++++++++++++++++++++++++++---------------
dns/message.go | 43 +++++++++---------
dns/server.go | 5 +--
4 files changed, 118 insertions(+), 72 deletions(-)
diff --git a/dns/cache.go b/dns/cache.go
index 50b371a..03be604 100644
--- a/dns/cache.go
+++ b/dns/cache.go
@@ -42,20 +42,18 @@ func (c *Cache) Len() int {
return len(c.m)
}
-// Put an item into cache, invalid after ttl seconds, never invalid if ttl=0
+// Put an item into cache, invalid after ttl seconds
func (c *Cache) Put(k string, v []byte, ttl int) {
- if len(v) == 0 {
- return
+ if len(v) != 0 {
+ c.l.Lock()
+ it, ok := c.m[k]
+ if !ok {
+ it = &item{value: v}
+ c.m[k] = it
+ }
+ it.expire = time.Now().Add(time.Duration(ttl) * time.Second)
+ c.l.Unlock()
}
-
- c.l.Lock()
- it, ok := c.m[k]
- if !ok {
- it = &item{value: v}
- c.m[k] = it
- }
- it.expire = time.Now().Add(time.Duration(ttl) * time.Second)
- c.l.Unlock()
}
// Get an item from cache
diff --git a/dns/client.go b/dns/client.go
index f87da5a..6780549 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -41,7 +41,7 @@ func NewClient(dialer proxy.Dialer, upServers []string) (*Client, error) {
// Exchange handles request msg and returns response msg
// reqBytes = reqLen + reqMsg
-func (c *Client) Exchange(reqBytes []byte, clientAddr string) ([]byte, error) {
+func (c *Client) Exchange(reqBytes []byte, clientAddr string, preferTCP bool) ([]byte, error) {
req, err := UnmarshalMessage(reqBytes[2:])
if err != nil {
return nil, err
@@ -58,37 +58,14 @@ func (c *Client) Exchange(reqBytes []byte, clientAddr string) ([]byte, error) {
}
}
- dnsServer := c.GetServer(req.Question.QNAME)
- rc, err := c.dialer.NextDialer(req.Question.QNAME+":53").Dial("tcp", dnsServer)
+ dnsServer, network, respBytes, err := c.exchange(req.Question.QNAME, reqBytes, preferTCP)
if err != nil {
- log.F("[dns] failed to connect to server %v: %v", dnsServer, err)
- return nil, err
- }
- defer rc.Close()
-
- if err = binary.Write(rc, binary.BigEndian, reqBytes); err != nil {
- log.F("[dns] failed to write req message: %v", err)
- return nil, err
- }
-
- var respLen uint16
- if err = binary.Read(rc, binary.BigEndian, &respLen); err != nil {
- log.F("[dns] failed to read response length: %v", err)
- return nil, err
- }
-
- respBytes := make([]byte, respLen+2)
- binary.BigEndian.PutUint16(respBytes[:2], respLen)
-
- _, err = io.ReadFull(rc, respBytes[2:])
- if err != nil {
- log.F("[dns] error in read respMsg %s\n", err)
return nil, err
}
if req.Question.QTYPE != QTypeA && req.Question.QTYPE != QTypeAAAA {
- log.F("[dns] %s <-> %s, type: %d, %s",
- clientAddr, dnsServer, req.Question.QTYPE, req.Question.QNAME)
+ log.F("[dns] %s <-> %s(%s), type: %d, %s",
+ clientAddr, dnsServer, network, req.Question.QTYPE, req.Question.QNAME)
return respBytes, nil
}
@@ -104,28 +81,101 @@ func (c *Client) Exchange(reqBytes []byte, clientAddr string) ([]byte, error) {
for _, h := range c.handlers {
h(resp.Question.QNAME, answer.IP)
}
-
if answer.IP != "" {
ips = append(ips, answer.IP)
}
-
if answer.TTL != 0 {
ttl = int(answer.TTL)
}
-
}
-
}
// add to cache
- c.cache.Put(getKey(resp.Question), respBytes, ttl)
+ if len(ips) != 0 {
+ c.cache.Put(getKey(resp.Question), respBytes, ttl)
+ }
- log.F("[dns] %s <-> %s, type: %d, %s: %s",
- clientAddr, dnsServer, resp.Question.QTYPE, resp.Question.QNAME, strings.Join(ips, ","))
+ log.F("[dns] %s <-> %s(%s), type: %d, %s: %s",
+ clientAddr, dnsServer, network, resp.Question.QTYPE, resp.Question.QNAME, strings.Join(ips, ","))
return respBytes, nil
}
+// exchange choose a upstream dns server based on qname, communicate with it on the network
+func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (server, network string, respBytes []byte, err error) {
+ // use tcp to connect upstream server default
+ network = "tcp"
+
+ dialer := c.dialer.NextDialer(qname + ":53")
+
+ // If client uses udp and no forwarders specified, use udp
+ if !preferTCP && dialer.Addr() == "DIRECT" {
+ network = "udp"
+ }
+
+ server = c.GetServer(qname)
+ rc, err := dialer.Dial(network, server)
+ if err != nil {
+ log.F("[dns] failed to connect to server %v: %v", server, err)
+ return
+ }
+
+ switch network {
+ case "tcp":
+ respBytes, err = c.exchangeTCP(rc, reqBytes)
+ case "udp":
+ respBytes, err = c.exchangeUDP(rc, reqBytes)
+ }
+
+ return
+}
+
+// exchangeTCP exchange with server over tcp
+func (c *Client) exchangeTCP(rc net.Conn, reqBytes []byte) ([]byte, error) {
+ defer rc.Close()
+
+ if _, err := rc.Write(reqBytes); err != nil {
+ log.F("[dns] failed to write req message: %v", err)
+ return nil, err
+ }
+
+ var respLen uint16
+ if err := binary.Read(rc, binary.BigEndian, &respLen); err != nil {
+ log.F("[dns] failed to read response length: %v", err)
+ return nil, err
+ }
+
+ respBytes := make([]byte, respLen+2)
+ binary.BigEndian.PutUint16(respBytes[:2], respLen)
+
+ _, err := io.ReadFull(rc, respBytes[2:])
+ if err != nil {
+ log.F("[dns] error in read respMsg %s\n", err)
+ return nil, err
+ }
+
+ return respBytes, nil
+}
+
+// exchangeUDP exchange with server over udp
+func (c *Client) exchangeUDP(rc net.Conn, reqBytes []byte) ([]byte, error) {
+ defer rc.Close()
+
+ if _, err := rc.Write(reqBytes[2:]); err != nil {
+ log.F("[dns] failed to write req message: %v", err)
+ return nil, err
+ }
+
+ reqBytes = make([]byte, 2+UDPMaxLen)
+ n, err := rc.Read(reqBytes[2:])
+ if err != nil {
+ return nil, err
+ }
+ binary.BigEndian.PutUint16(reqBytes[:2], uint16(n))
+
+ return reqBytes[:2+n], nil
+}
+
// SetServer .
func (c *Client) SetServer(domain string, servers ...string) {
c.upServerMap[domain] = append(c.upServerMap[domain], servers...)
@@ -193,7 +243,7 @@ func (c *Client) GenResponse(domain string, ip string) (*Message, error) {
m := NewMessage(0, Response)
m.SetQuestion(NewQuestion(qtype, domain))
- rr := &RR{NAME: domain, TYPE: qtype, CLASS: CLASSIN,
+ rr := &RR{NAME: domain, TYPE: qtype, CLASS: ClassINET,
RDLENGTH: rdlen, RDATA: rdata}
m.AddAnswer(rr)
diff --git a/dns/message.go b/dns/message.go
index 8730863..c583c2c 100644
--- a/dns/message.go
+++ b/dns/message.go
@@ -31,8 +31,8 @@ const (
QTypeAAAA uint16 = 28 ///ipv6
)
-// CLASSIN .
-const CLASSIN uint16 = 1
+// ClassINET .
+const ClassINET uint16 = 1
// Message format
// https://tools.ietf.org/html/rfc1035#section-4.1
@@ -51,7 +51,7 @@ const CLASSIN uint16 = 1
// +---------------------+
// | Additional | RRs holding additional information
type Message struct {
- *Header
+ Header
// most dns implementation only support 1 question
Question *Question
Answers []*RR
@@ -68,10 +68,10 @@ func NewMessage(id uint16, msgType int) *Message {
id = uint16(rand.Uint32())
}
- h := &Header{ID: id}
- h.SetMsgType(msgType)
+ m := &Message{Header: Header{ID: id}}
+ m.SetMsgType(msgType)
- return &Message{Header: h}
+ return m
}
// SetQuestion sets a question to dns message,
@@ -119,38 +119,35 @@ func (m *Message) Marshal() ([]byte, error) {
// UnmarshalMessage unmarshals []bytes to Message
func UnmarshalMessage(b []byte) (*Message, error) {
- msg := &Message{Header: &Header{}}
- msg.unMarshaled = b
-
- err := UnmarshalHeader(b[:HeaderLen], msg.Header)
+ m := &Message{unMarshaled: b}
+ err := UnmarshalHeader(b[:HeaderLen], &m.Header)
if err != nil {
return nil, err
}
q := &Question{}
- qLen, err := msg.UnmarshalQuestion(b[HeaderLen:], q)
+ qLen, err := m.UnmarshalQuestion(b[HeaderLen:], q)
if err != nil {
return nil, err
}
-
- msg.SetQuestion(q)
+ m.SetQuestion(q)
// resp answers
- rridx := HeaderLen + qLen
- for i := 0; i < int(msg.Header.ANCOUNT); i++ {
+ rrIdx := HeaderLen + qLen
+ for i := 0; i < int(m.Header.ANCOUNT); i++ {
rr := &RR{}
- rrLen, err := msg.UnmarshalRR(rridx, rr)
+ rrLen, err := m.UnmarshalRR(rrIdx, rr)
if err != nil {
return nil, err
}
- msg.AddAnswer(rr)
+ m.AddAnswer(rr)
- rridx += rrLen
+ rrIdx += rrLen
}
- msg.Header.SetAncount(len(msg.Answers))
+ m.Header.SetAncount(len(m.Answers))
- return msg, nil
+ return m, nil
}
// Header format
@@ -262,7 +259,7 @@ func NewQuestion(qtype uint16, domain string) *Question {
return &Question{
QNAME: domain,
QTYPE: qtype,
- QCLASS: CLASSIN,
+ QCLASS: ClassINET,
}
}
@@ -428,7 +425,9 @@ func (m *Message) UnmarshalDomain(b []byte) (string, int, error) {
if size == 0 {
idx++
break
- } else if size > 63 {
+ }
+
+ if size > 63 {
return "", 0, errors.New("UnmarshalDomain: label size larger than 63")
}
diff --git a/dns/server.go b/dns/server.go
index 77717ed..1b6a998 100644
--- a/dns/server.go
+++ b/dns/server.go
@@ -61,11 +61,10 @@ func (s *Server) ListenAndServeUDP() {
log.F("[dns] not enough message data")
continue
}
-
binary.BigEndian.PutUint16(reqBytes[:2], reqLen)
go func() {
- respBytes, err := s.Client.Exchange(reqBytes[:2+n], caddr.String())
+ respBytes, err := s.Client.Exchange(reqBytes[:2+n], caddr.String(), false)
if err != nil {
log.F("[dns] error in exchange: %s", err)
return
@@ -123,7 +122,7 @@ func (s *Server) ServeTCP(c net.Conn) {
binary.BigEndian.PutUint16(reqBytes[:2], reqLen)
- respBytes, err := s.Exchange(reqBytes, c.RemoteAddr().String())
+ respBytes, err := s.Exchange(reqBytes, c.RemoteAddr().String(), true)
if err != nil {
log.F("[dns]-tcp error in exchange: %s", err)
return
From 73a778f5e1343e552f8f467d082d07f999beca8a Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 2 Aug 2018 13:02:04 +0800
Subject: [PATCH 230/341] common: remove unnecessary logs
---
common/conn/conn.go | 3 ---
dns/client.go | 2 +-
proxy/http/http.go | 2 +-
3 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/common/conn/conn.go b/common/conn/conn.go
index 34ff05d..3c10721 100644
--- a/common/conn/conn.go
+++ b/common/conn/conn.go
@@ -5,8 +5,6 @@ import (
"io"
"net"
"time"
-
- "github.com/nadoo/glider/common/log"
)
// UDPBufSize is the size of udp buffer
@@ -85,7 +83,6 @@ func TimedCopy(dst net.PacketConn, target net.Addr, src net.PacketConn, timeout
func OutboundIP() string {
conn, err := net.Dial("udp", "8.8.8.8:80")
if err != nil {
- log.F("get outbound ip error: %s", err)
return ""
}
defer conn.Close()
diff --git a/dns/client.go b/dns/client.go
index 6780549..7f633f9 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -90,7 +90,7 @@ func (c *Client) Exchange(reqBytes []byte, clientAddr string, preferTCP bool) ([
}
}
- // add to cache
+ // add to cache only when there's a valid ip address
if len(ips) != 0 {
c.cache.Put(getKey(resp.Question), respBytes, ttl)
}
diff --git a/proxy/http/http.go b/proxy/http/http.go
index 99c4596..f2af98c 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -195,7 +195,7 @@ func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
return
}
- c.Write([]byte("HTTP/1.0 200 Connection established\r\n\r\n"))
+ c.Write([]byte("HTTP/1.1 200 Connection established\r\n\r\n"))
log.F("[http] %s <-> %s [c]", c.RemoteAddr(), requestURI)
From c049b75b64e5f0ee6188bc2c711a74a900c958f5 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 2 Aug 2018 13:16:05 +0800
Subject: [PATCH 231/341] systemd: add introduction for systemd file open limit
---
systemd/README.md | 53 +++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 49 insertions(+), 4 deletions(-)
diff --git a/systemd/README.md b/systemd/README.md
index 2b2df3d..cd5fd61 100644
--- a/systemd/README.md
+++ b/systemd/README.md
@@ -1,27 +1,72 @@
## Service
-binary file:
+### Install
+
+#### 1. copy binary file
+
```bash
cp glider /usr/bin/
```
-service file:
+#### 2. add service file
+
```bash
# copy service file to systemd
cp systemd/glider@.service /etc/systemd/system/
```
-config file: ***server***.conf
+#### 3. add config file: ***server***.conf
+
```bash
# copy config file to /etc/glider/
mkdir /etc/glider/
cp ./config/glider.conf.example /etc/glider/server.conf
```
-enable and start service: glider@***server***
+#### 4. enable and start service: glider@***server***
+
```bash
# enable and start service
systemctl enable glider@server
systemctl start glider@server
```
+
See [glider@.service](glider%40.service)
+
+### Open file limit
+
+#### 1. setup system limit
+
+vim /etc/security/limits.d/unlimited.conf
+
+```bash
+* soft nofile unlimited
+* hard nofile unlimited
+* soft nproc unlimited
+* hard nproc unlimited
+```
+
+#### 2. change **systemd** limit
+
+```bash
+echo DefaultLimitNOFILE=102400 >> /etc/systemd/system.conf
+echo DefaultLimitNOFILE=102400 >> /etc/systemd/user.conf
+```
+
+#### 3. reexec **systemd**
+
+```bash
+systemctl daemon-reexec
+```
+
+#### 4. restart glider service
+
+```bash
+systemctl restart glider@server
+```
+
+#### 5. check the limits of PID
+
+```bash
+cat /proc/PID/limits
+```
From 6cdfbc35525a366df6ff5090922bba4d8e69b305 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 2 Aug 2018 13:28:01 +0800
Subject: [PATCH 232/341] dns: change non-expired ttl to 50years to avoid int
overflow on 32bit os
---
dns/cache.go | 4 ++--
dns/client.go | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/dns/cache.go b/dns/cache.go
index 03be604..87aa2aa 100644
--- a/dns/cache.go
+++ b/dns/cache.go
@@ -5,8 +5,8 @@ import (
"time"
)
-// HundredYears is one hundred years duration in seconds, used for none-expired items
-const HundredYears = 100 * 365 * 24 * 3600
+// LongTTL is 50 years duration in seconds, used for none-expired items
+const LongTTL = 50 * 365 * 24 * 3600
type item struct {
value []byte
diff --git a/dns/client.go b/dns/client.go
index 7f633f9..3c61889 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -218,7 +218,7 @@ func (c *Client) AddRecord(record string) error {
binary.Write(&buf, binary.BigEndian, uint16(len(b)))
buf.Write(b)
- c.cache.Put(getKey(m.Question), buf.Bytes(), HundredYears)
+ c.cache.Put(getKey(m.Question), buf.Bytes(), LongTTL)
return nil
}
From 1f8a3cdf53f81f8a649ada5dd48c7e288de491bd Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 3 Aug 2018 19:27:47 +0800
Subject: [PATCH 233/341] general: remove unnecessary SetKeepAlive
---
config/glider.conf.example | 1 -
dns/cache.go | 1 -
main.go | 4 ++--
proxy/http/http.go | 5 -----
proxy/socks5/socks5.go | 8 --------
proxy/ss/ss.go | 4 ----
proxy/ssr/ssr.go | 4 ----
7 files changed, 2 insertions(+), 25 deletions(-)
diff --git a/config/glider.conf.example b/config/glider.conf.example
index bf51833..c5eb884 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -118,7 +118,6 @@ checkduration=30
# DNS FORWARDING SERVER
# ----------------
-# A dns forwarding server listens on UDP and forward dns requests to remote dns server in TCP via forwarders
# we can specify different upstream dns server in rule file for different destinations
# Setup a dns forwarding server
diff --git a/dns/cache.go b/dns/cache.go
index 87aa2aa..e3d7b0f 100644
--- a/dns/cache.go
+++ b/dns/cache.go
@@ -33,7 +33,6 @@ func NewCache() (c *Cache) {
c.l.Unlock()
}
}()
-
return
}
diff --git a/main.go b/main.go
index ad41ad7..3c107ce 100644
--- a/main.go
+++ b/main.go
@@ -25,7 +25,7 @@ import (
)
// VERSION .
-const VERSION = "0.6.5"
+const VERSION = "0.6.6"
func dialerFromConf() proxy.Dialer {
// global forwarders in xx.conf
@@ -71,7 +71,7 @@ func main() {
for _, r := range conf.rules {
for _, domain := range r.Domain {
if len(r.DNSServer) > 0 {
- d.SetServer(domain, r.DNSServer[0])
+ d.SetServer(domain, r.DNSServer...)
}
}
}
diff --git a/proxy/http/http.go b/proxy/http/http.go
index f2af98c..49615e3 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -227,12 +227,7 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
return nil, err
}
- if c, ok := rc.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
var buf bytes.Buffer
-
buf.Write([]byte("CONNECT " + addr + " HTTP/1.1\r\n"))
buf.Write([]byte("Proxy-Connection: Keep-Alive\r\n"))
diff --git a/proxy/socks5/socks5.go b/proxy/socks5/socks5.go
index 7e1d87e..3d0cf51 100644
--- a/proxy/socks5/socks5.go
+++ b/proxy/socks5/socks5.go
@@ -234,10 +234,6 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
return nil, err
}
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
if err := s.connect(c, addr); err != nil {
c.Close()
return nil, err
@@ -254,10 +250,6 @@ func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.A
return nil, nil, err
}
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
// send VER, NMETHODS, METHODS
c.Write([]byte{5, 1, 0})
diff --git a/proxy/ss/ss.go b/proxy/ss/ss.go
index d6cd52a..919ac95 100644
--- a/proxy/ss/ss.go
+++ b/proxy/ss/ss.go
@@ -255,10 +255,6 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
return nil, err
}
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
c = s.StreamConn(c)
if _, err = c.Write(target); err != nil {
c.Close()
diff --git a/proxy/ssr/ssr.go b/proxy/ssr/ssr.go
index 34e0cb7..216cae0 100644
--- a/proxy/ssr/ssr.go
+++ b/proxy/ssr/ssr.go
@@ -98,10 +98,6 @@ func (s *SSR) Dial(network, addr string) (net.Conn, error) {
return nil, err
}
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
ssrconn := shadowsocksr.NewSSTCPConn(c, cipher)
if ssrconn.Conn == nil || ssrconn.RemoteAddr() == nil {
return nil, errors.New("[ssr] nil connection")
From 2cba536ab48cc4829e37c0d3e0146fc09f237f6f Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 4 Aug 2018 16:39:53 +0800
Subject: [PATCH 234/341] ipset: do not insert to ipset when forwarder is
Direct
---
.../examples/9.transparent_proxy_without_dnsmasq/README.md | 2 +-
ipset_linux.go | 5 +++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/README.md b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
index b00309f..e7b337c 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/README.md
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
@@ -82,7 +82,7 @@ use the linux server's ip as your dns server
#### When client requesting to access http://example1.com (in office.rule), the whole process:
DNS Resolving:
1. client sends a udp dns request to linux server, and glider will receive the request(as it listen on default dns port :53)
-2. upstream dns server choice: glider will lookup it's rule config and find out the dns server to use for this domain(matched "example1.com" in office.rule, so 208.67.222.222:53 will be choosen)
+2. upstream dns server choice: glider will lookup it's rule config and find out the dns server to use for this domain(matched "example1.com" in office.rule, so 208.67.222.222:53 will be chosen)
3. glider uses the forwarder in office.rule to ask 208.67.222.222:53 for the resolve answers
4. glider updates it's office rule config, add the resolved ip address to it
5. glider adds the resolved ip into ipset "glider", and return the dns answer to client
diff --git a/ipset_linux.go b/ipset_linux.go
index aade239..0727688 100644
--- a/ipset_linux.go
+++ b/ipset_linux.go
@@ -106,6 +106,11 @@ func NewIPSetManager(mainSet string, rules []*RuleConf) (*IPSetManager, error) {
set = m.mainSet
}
+ // if dialer is Direct, do not insert to ipset, in order to avoid iptables redirect loop
+ if len(r.Forward) == 0 {
+ continue
+ }
+
for _, domain := range r.Domain {
m.domainSet.Store(domain, set)
}
From 09b6d5939469cfea42e8ebe756f50bf25e39d230 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 5 Aug 2018 23:41:34 +0800
Subject: [PATCH 235/341] dns: support multiple upstream servers
---
dns/client.go | 45 +++++++++++++++++++++++++++------------------
1 file changed, 27 insertions(+), 18 deletions(-)
diff --git a/dns/client.go b/dns/client.go
index 3c61889..e9042fc 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -7,6 +7,7 @@ import (
"io"
"net"
"strings"
+ "time"
"github.com/nadoo/glider/common/log"
"github.com/nadoo/glider/proxy"
@@ -105,7 +106,6 @@ func (c *Client) Exchange(reqBytes []byte, clientAddr string, preferTCP bool) ([
func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (server, network string, respBytes []byte, err error) {
// use tcp to connect upstream server default
network = "tcp"
-
dialer := c.dialer.NextDialer(qname + ":53")
// If client uses udp and no forwarders specified, use udp
@@ -113,21 +113,30 @@ func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (server
network = "udp"
}
- server = c.GetServer(qname)
- rc, err := dialer.Dial(network, server)
- if err != nil {
- log.F("[dns] failed to connect to server %v: %v", server, err)
- return
+ servers := c.GetServers(qname)
+ for _, server = range servers {
+ rc, err := dialer.Dial(network, server)
+ // TODO: check the timeout setting here, some dns client has 5 seconds timeout
+ rc.SetDeadline(time.Now().Add(time.Duration(3) * time.Second))
+ if err != nil {
+ log.F("[dns] failed to connect to server %v: %v", server, err)
+ continue
+ }
+
+ switch network {
+ case "tcp":
+ respBytes, err = c.exchangeTCP(rc, reqBytes)
+ case "udp":
+ respBytes, err = c.exchangeUDP(rc, reqBytes)
+ }
+
+ if err == nil {
+ break
+ }
+ log.F("[dns] failed to exchange with server %v: %v", server, err)
}
- switch network {
- case "tcp":
- respBytes, err = c.exchangeTCP(rc, reqBytes)
- case "udp":
- respBytes, err = c.exchangeUDP(rc, reqBytes)
- }
-
- return
+ return server, network, respBytes, err
}
// exchangeTCP exchange with server over tcp
@@ -181,20 +190,20 @@ func (c *Client) SetServer(domain string, servers ...string) {
c.upServerMap[domain] = append(c.upServerMap[domain], servers...)
}
-// GetServer .
-func (c *Client) GetServer(domain string) string {
+// GetServers .
+func (c *Client) GetServers(domain string) []string {
domainParts := strings.Split(domain, ".")
length := len(domainParts)
for i := length - 2; i >= 0; i-- {
domain := strings.Join(domainParts[i:length], ".")
if servers, ok := c.upServerMap[domain]; ok {
- return servers[0]
+ return servers
}
}
// TODO:
- return c.upServers[0]
+ return c.upServers
}
// AddHandler .
From 5467e4bbc1f60bff1f2c9fd14a77b231f7f36852 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 6 Aug 2018 00:46:07 +0800
Subject: [PATCH 236/341] dns: add some comments
---
dns/client.go | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/dns/client.go b/dns/client.go
index e9042fc..617665f 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -116,12 +116,13 @@ func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (server
servers := c.GetServers(qname)
for _, server = range servers {
rc, err := dialer.Dial(network, server)
- // TODO: check the timeout setting here, some dns client has 5 seconds timeout
+ // TODO: support timeout setting for different upstream server
rc.SetDeadline(time.Now().Add(time.Duration(3) * time.Second))
if err != nil {
log.F("[dns] failed to connect to server %v: %v", server, err)
continue
}
+ defer rc.Close()
switch network {
case "tcp":
@@ -141,8 +142,6 @@ func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (server
// exchangeTCP exchange with server over tcp
func (c *Client) exchangeTCP(rc net.Conn, reqBytes []byte) ([]byte, error) {
- defer rc.Close()
-
if _, err := rc.Write(reqBytes); err != nil {
log.F("[dns] failed to write req message: %v", err)
return nil, err
@@ -168,8 +167,6 @@ func (c *Client) exchangeTCP(rc net.Conn, reqBytes []byte) ([]byte, error) {
// exchangeUDP exchange with server over udp
func (c *Client) exchangeUDP(rc net.Conn, reqBytes []byte) ([]byte, error) {
- defer rc.Close()
-
if _, err := rc.Write(reqBytes[2:]); err != nil {
log.F("[dns] failed to write req message: %v", err)
return nil, err
@@ -185,12 +182,12 @@ func (c *Client) exchangeUDP(rc net.Conn, reqBytes []byte) ([]byte, error) {
return reqBytes[:2+n], nil
}
-// SetServer .
+// SetServer sets a upstream dns server for the given domain
func (c *Client) SetServer(domain string, servers ...string) {
c.upServerMap[domain] = append(c.upServerMap[domain], servers...)
}
-// GetServers .
+// GetServers gets upstream dns servers for the given domain
func (c *Client) GetServers(domain string) []string {
domainParts := strings.Split(domain, ".")
length := len(domainParts)
@@ -202,11 +199,10 @@ func (c *Client) GetServers(domain string) []string {
}
}
- // TODO:
return c.upServers
}
-// AddHandler .
+// AddHandler adds a custom handler to handle the resolved result (A and AAAA)
func (c *Client) AddHandler(h HandleFunc) {
c.handlers = append(c.handlers, h)
}
@@ -232,7 +228,7 @@ func (c *Client) AddRecord(record string) error {
return nil
}
-// GenResponse .
+// GenResponse generates a dns response message for the given domani an ip address
func (c *Client) GenResponse(domain string, ip string) (*Message, error) {
ipb := net.ParseIP(ip)
if ipb == nil {
From b27f153426a438ac10ab274b00674d267276bd6a Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 6 Aug 2018 08:03:07 +0800
Subject: [PATCH 237/341] dns: check bytes length in unmarshal message
---
dns/client.go | 1 +
dns/message.go | 8 ++++++++
2 files changed, 9 insertions(+)
diff --git a/dns/client.go b/dns/client.go
index 617665f..ede53b9 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -134,6 +134,7 @@ func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (server
if err == nil {
break
}
+
log.F("[dns] failed to exchange with server %v: %v", server, err)
}
diff --git a/dns/message.go b/dns/message.go
index c583c2c..d8613f3 100644
--- a/dns/message.go
+++ b/dns/message.go
@@ -119,6 +119,10 @@ func (m *Message) Marshal() ([]byte, error) {
// UnmarshalMessage unmarshals []bytes to Message
func UnmarshalMessage(b []byte) (*Message, error) {
+ if len(b) <= 2+HeaderLen {
+ return nil, errors.New("UnmarshalMessage: not enough data")
+ }
+
m := &Message{unMarshaled: b}
err := UnmarshalHeader(b[:HeaderLen], &m.Header)
if err != nil {
@@ -280,6 +284,10 @@ func (m *Message) UnmarshalQuestion(b []byte, q *Question) (n int, err error) {
return 0, errors.New("unmarshal question must not be nil")
}
+ if len(b) <= 5 {
+ return 0, errors.New("UnmarshalQuestion: not enough data")
+ }
+
domain, idx, err := m.UnmarshalDomain(b)
if err != nil {
return 0, err
From 9c73e969ca991c1c231106c279db2f21c49d7d54 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 6 Aug 2018 08:13:23 +0800
Subject: [PATCH 238/341] dns: return correct err in exchange
---
dns/client.go | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/dns/client.go b/dns/client.go
index ede53b9..bdf612c 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -113,9 +113,10 @@ func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (server
network = "udp"
}
+ var rc net.Conn
servers := c.GetServers(qname)
for _, server = range servers {
- rc, err := dialer.Dial(network, server)
+ rc, err = dialer.Dial(network, server)
// TODO: support timeout setting for different upstream server
rc.SetDeadline(time.Now().Add(time.Duration(3) * time.Second))
if err != nil {
From 7274dcf622388ee960468c9c956400d98dc6d3d4 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 6 Aug 2018 08:41:54 +0800
Subject: [PATCH 239/341] dns: set timout only when multiple upstream dns
servers set
---
dns/client.go | 5 ++++-
dns/message.go | 2 +-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/dns/client.go b/dns/client.go
index bdf612c..a8b4ecd 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -118,7 +118,10 @@ func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (server
for _, server = range servers {
rc, err = dialer.Dial(network, server)
// TODO: support timeout setting for different upstream server
- rc.SetDeadline(time.Now().Add(time.Duration(3) * time.Second))
+ if len(servers) > 1 {
+ rc.SetDeadline(time.Now().Add(time.Duration(3) * time.Second))
+ }
+
if err != nil {
log.F("[dns] failed to connect to server %v: %v", server, err)
continue
diff --git a/dns/message.go b/dns/message.go
index d8613f3..e6c4b6b 100644
--- a/dns/message.go
+++ b/dns/message.go
@@ -119,7 +119,7 @@ func (m *Message) Marshal() ([]byte, error) {
// UnmarshalMessage unmarshals []bytes to Message
func UnmarshalMessage(b []byte) (*Message, error) {
- if len(b) <= 2+HeaderLen {
+ if len(b) < HeaderLen {
return nil, errors.New("UnmarshalMessage: not enough data")
}
From 6744f1ad25c92f1cc382f295310ec003782a37e2 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 6 Aug 2018 08:48:13 +0800
Subject: [PATCH 240/341] dns: correct setdeadline
---
dns/client.go | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/dns/client.go b/dns/client.go
index a8b4ecd..7687c99 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -117,17 +117,17 @@ func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (server
servers := c.GetServers(qname)
for _, server = range servers {
rc, err = dialer.Dial(network, server)
- // TODO: support timeout setting for different upstream server
- if len(servers) > 1 {
- rc.SetDeadline(time.Now().Add(time.Duration(3) * time.Second))
- }
-
if err != nil {
log.F("[dns] failed to connect to server %v: %v", server, err)
continue
}
defer rc.Close()
+ // TODO: support timeout setting for different upstream server
+ if len(servers) > 1 {
+ rc.SetDeadline(time.Now().Add(time.Duration(3) * time.Second))
+ }
+
switch network {
case "tcp":
respBytes, err = c.exchangeTCP(rc, reqBytes)
From a26e437b5dbd4c2fe9100634669b52bbada26c4c Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 7 Aug 2018 19:43:52 +0800
Subject: [PATCH 241/341] dns: add settings dnstimeout/dnsmaxttl/dnsminttl
---
README.md | 2 +-
conf.go | 20 +++++++++++++-------
config/glider.conf.example | 6 ++++++
dns/client.go | 32 +++++++++++++++++++++-----------
dns/server.go | 4 ++--
main.go | 10 ++++++++--
rule.go | 2 +-
7 files changed, 52 insertions(+), 24 deletions(-)
diff --git a/README.md b/README.md
index 4f17dcf..94c1fc8 100644
--- a/README.md
+++ b/README.md
@@ -62,7 +62,7 @@ General:
TODO:
-- [ ] IPv6 support
+- [ ] IPv6 support in ipset manager
- [ ] Transparent UDP proxy (iptables tproxy)
- [ ] Performance tuning
- [ ] TUN/TAP device support
diff --git a/conf.go b/conf.go
index 1f629b7..b6217a3 100644
--- a/conf.go
+++ b/conf.go
@@ -17,15 +17,18 @@ var conf struct {
Verbose bool
Strategy string
CheckWebSite string
- CheckDuration int
+ CheckInterval int
Listen []string
Forward []string
RuleFile []string
RulesDir string
- DNS string
- DNSServer []string
- DNSRecord []string
+ DNS string
+ DNSServer []string
+ DNSTimeout int
+ DNSMaxTTL int
+ DNSMinTTL int
+ DNSRecord []string
IPSet string
@@ -36,7 +39,7 @@ func confInit() {
flag.BoolVar(&conf.Verbose, "verbose", false, "verbose mode")
flag.StringVar(&conf.Strategy, "strategy", "rr", "forward strategy, default: rr")
flag.StringVar(&conf.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
- flag.IntVar(&conf.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
+ flag.IntVar(&conf.CheckInterval, "checkduration", 30, "proxy check interval(seconds)")
flag.StringSliceUniqVar(&conf.Listen, "listen", nil, "listen url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS")
flag.StringSliceUniqVar(&conf.Forward, "forward", nil, "forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]")
flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
@@ -44,6 +47,9 @@ func confInit() {
flag.StringVar(&conf.DNS, "dns", "", "dns forwarder server listen address")
flag.StringSliceUniqVar(&conf.DNSServer, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
+ flag.IntVar(&conf.DNSTimeout, "dnstimeout", 3, "timeout value used in multiple dnsservers switch(seconds)")
+ flag.IntVar(&conf.DNSMaxTTL, "dnsmaxttl", 1800, "maximum TTL value for entries in the CACHE(seconds)")
+ flag.IntVar(&conf.DNSMinTTL, "dnsminttl", 0, "minimum TTL value for entries in the CACHE(seconds)")
flag.StringSliceUniqVar(&conf.DNSRecord, "dnsrecord", nil, "custom dns record, format: domain/ip")
flag.StringVar(&conf.IPSet, "ipset", "", "ipset name")
@@ -116,7 +122,7 @@ type RuleConf struct {
Forward []string
Strategy string
CheckWebSite string
- CheckDuration int
+ CheckInterval int
DNSServer []string
IPSet string
@@ -134,7 +140,7 @@ func NewRuleConfFromFile(ruleFile string) (*RuleConf, error) {
f.StringSliceUniqVar(&p.Forward, "forward", nil, "forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]")
f.StringVar(&p.Strategy, "strategy", "rr", "forward strategy, default: rr")
f.StringVar(&p.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
- f.IntVar(&p.CheckDuration, "checkduration", 30, "proxy check duration(seconds)")
+ f.IntVar(&p.CheckInterval, "checkduration", 30, "proxy check interval(seconds)")
f.StringSliceUniqVar(&p.DNSServer, "dnsserver", nil, "remote dns server")
f.StringVar(&p.IPSet, "ipset", "", "ipset name")
diff --git a/config/glider.conf.example b/config/glider.conf.example
index c5eb884..c76024b 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -125,6 +125,12 @@ dns=:53
# global remote dns server (you can specify different dns server in rule file)
dnsserver=8.8.8.8:53
dnsserver=1.1.1.1:53
+# timeout value used in multiple dnsservers switch(seconds)
+dnstimeout=3
+# maximum TTL value for entries in the CACHE(seconds)
+dnsmaxttl=1800
+# minimum TTL value for entries in the CACHE(seconds)
+dnsminttl=0
# custom records
dnsrecord=www.example.com/1.2.3.4
dnsrecord=www.example.com/2606:2800:220:1:248:1893:25c8:1946
diff --git a/dns/client.go b/dns/client.go
index 7687c99..074f1e6 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -13,26 +13,32 @@ import (
"github.com/nadoo/glider/proxy"
)
-// DefaultTTL is default ttl in seconds
-const DefaultTTL = 600
-
// HandleFunc function handles the dns TypeA or TypeAAAA answer
type HandleFunc func(Domain, ip string) error
+// Config for dns
+type Config struct {
+ Timeout int
+ MaxTTL int
+ MinTTL int
+}
+
// Client is a dns client struct
type Client struct {
dialer proxy.Dialer
cache *Cache
+ config *Config
upServers []string
upServerMap map[string][]string
handlers []HandleFunc
}
// NewClient returns a new dns client
-func NewClient(dialer proxy.Dialer, upServers []string) (*Client, error) {
+func NewClient(dialer proxy.Dialer, upServers []string, config *Config) (*Client, error) {
c := &Client{
dialer: dialer,
cache: NewCache(),
+ config: config,
upServers: upServers,
upServerMap: make(map[string][]string),
}
@@ -75,7 +81,7 @@ func (c *Client) Exchange(reqBytes []byte, clientAddr string, preferTCP bool) ([
return respBytes, err
}
- ttl := DefaultTTL
+ ttl := c.config.MinTTL
ips := []string{}
for _, answer := range resp.Answers {
if answer.TYPE == QTypeA || answer.TYPE == QTypeAAAA {
@@ -85,14 +91,18 @@ func (c *Client) Exchange(reqBytes []byte, clientAddr string, preferTCP bool) ([
if answer.IP != "" {
ips = append(ips, answer.IP)
}
- if answer.TTL != 0 {
- ttl = int(answer.TTL)
- }
+ ttl = int(answer.TTL)
}
}
+ if ttl > c.config.MaxTTL {
+ ttl = c.config.MaxTTL
+ } else if ttl < c.config.MinTTL {
+ ttl = c.config.MinTTL
+ }
+
// add to cache only when there's a valid ip address
- if len(ips) != 0 {
+ if len(ips) != 0 && ttl > 0 {
c.cache.Put(getKey(resp.Question), respBytes, ttl)
}
@@ -113,9 +123,9 @@ func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (server
network = "udp"
}
- var rc net.Conn
servers := c.GetServers(qname)
for _, server = range servers {
+ var rc net.Conn
rc, err = dialer.Dial(network, server)
if err != nil {
log.F("[dns] failed to connect to server %v: %v", server, err)
@@ -125,7 +135,7 @@ func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (server
// TODO: support timeout setting for different upstream server
if len(servers) > 1 {
- rc.SetDeadline(time.Now().Add(time.Duration(3) * time.Second))
+ rc.SetDeadline(time.Now().Add(time.Duration(c.config.Timeout) * time.Second))
}
switch network {
diff --git a/dns/server.go b/dns/server.go
index 1b6a998..bbd8bc4 100644
--- a/dns/server.go
+++ b/dns/server.go
@@ -21,8 +21,8 @@ type Server struct {
}
// NewServer returns a new dns server
-func NewServer(addr string, dialer proxy.Dialer, upServers []string) (*Server, error) {
- c, err := NewClient(dialer, upServers)
+func NewServer(addr string, dialer proxy.Dialer, upServers []string, config *Config) (*Server, error) {
+ c, err := NewClient(dialer, upServers, config)
s := &Server{
addr: addr,
Client: c,
diff --git a/main.go b/main.go
index 3c107ce..0ab0216 100644
--- a/main.go
+++ b/main.go
@@ -42,7 +42,7 @@ func dialerFromConf() proxy.Dialer {
fwdrs = append(fwdrs, fwdr)
}
- return NewStrategyDialer(conf.Strategy, fwdrs, conf.CheckWebSite, conf.CheckDuration)
+ return NewStrategyDialer(conf.Strategy, fwdrs, conf.CheckWebSite, conf.CheckInterval)
}
func main() {
@@ -57,7 +57,13 @@ func main() {
dialer := NewRuleDialer(conf.rules, dialerFromConf())
ipsetM, _ := NewIPSetManager(conf.IPSet, conf.rules)
if conf.DNS != "" {
- d, err := dns.NewServer(conf.DNS, dialer, conf.DNSServer)
+
+ dnscfg := &dns.Config{
+ Timeout: conf.DNSTimeout,
+ MaxTTL: conf.DNSMaxTTL,
+ MinTTL: conf.DNSMinTTL}
+
+ d, err := dns.NewServer(conf.DNS, dialer, conf.DNSServer, dnscfg)
if err != nil {
log.Fatal(err)
}
diff --git a/rule.go b/rule.go
index b08c3e1..753d3dc 100644
--- a/rule.go
+++ b/rule.go
@@ -36,7 +36,7 @@ func NewRuleDialer(rules []*RuleConf, gDialer proxy.Dialer) *RuleDialer {
fwdrs = append(fwdrs, fwdr)
}
- sDialer := NewStrategyDialer(r.Strategy, fwdrs, r.CheckWebSite, r.CheckDuration)
+ sDialer := NewStrategyDialer(r.Strategy, fwdrs, r.CheckWebSite, r.CheckInterval)
for _, domain := range r.Domain {
rd.domainMap.Store(strings.ToLower(domain), sDialer)
From 2fcef7b00c7b3780014106b8ec95ec4925c5eba5 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 8 Aug 2018 00:03:32 +0800
Subject: [PATCH 242/341] ws: fixed a bug when ws used as a middle layer
protocol(tls,ws,vmess)
---
README.md | 12 +++++++++---
dns/client.go | 4 +++-
proxy/ws/ws.go | 5 +++++
3 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index 94c1fc8..32978f0 100644
--- a/README.md
+++ b/README.md
@@ -50,7 +50,7 @@ DNS Forwarding Server (udp2tcp):
IPSet Management:
- Add ip/cidrs from rule files on startup
-- Add resolved ips for domains from rule files by dns forwarding server
+- Add resolved ips for domains from rule files by dns forwarding server
General:
@@ -109,19 +109,25 @@ glider -config CONFIGPATH -listen :8080 -verbose
## Usage
```bash
-glider v0.6.5 usage:
+glider v0.6.6 usage:
-checkduration int
- proxy check duration(seconds) (default 30)
+ proxy check interval(seconds) (default 30)
-checkwebsite string
proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80 (default "www.apple.com")
-config string
config file path
-dns string
dns forwarder server listen address
+ -dnsmaxttl int
+ maximum TTL value for entries in the CACHE(seconds) (default 1800)
+ -dnsminttl int
+ minimum TTL value for entries in the CACHE(seconds)
-dnsrecord value
custom dns record, format: domain/ip
-dnsserver value
remote dns server
+ -dnstimeout int
+ timeout value used in multiple dnsservers switch(seconds) (default 3)
-forward value
forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]
-ipset string
diff --git a/dns/client.go b/dns/client.go
index 074f1e6..247ef38 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -91,7 +91,9 @@ func (c *Client) Exchange(reqBytes []byte, clientAddr string, preferTCP bool) ([
if answer.IP != "" {
ips = append(ips, answer.IP)
}
- ttl = int(answer.TTL)
+ if answer.TTL != 0 {
+ ttl = int(answer.TTL)
+ }
}
}
diff --git a/proxy/ws/ws.go b/proxy/ws/ws.go
index 14d6162..3f6bf48 100644
--- a/proxy/ws/ws.go
+++ b/proxy/ws/ws.go
@@ -32,6 +32,11 @@ func NewWS(s string, dialer proxy.Dialer) (*WS, error) {
addr := u.Host
+ // TODO:
+ if addr == "" {
+ addr = dialer.Addr()
+ }
+
colonPos := strings.LastIndex(addr, ":")
if colonPos == -1 {
colonPos = len(addr)
From 0da05ecedd99f3cd7f133f3d0d252531cca1c6a1 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 10 Aug 2018 19:03:30 +0800
Subject: [PATCH 243/341] general: add a forwarder struct and changed proxies
to use it
---
conf.go | 37 +-
main.go | 37 +-
proxy/forwarder.go | 49 ++
proxy/http/dialer.go | 90 ++++
proxy/http/http.go | 225 +---------
proxy/http/server.go | 184 ++++++++
proxy/mixed/{mixed.go => server.go} | 39 +-
.../redir/{redir_linux.go => server_linux.go} | 39 +-
...redir_linux_386.go => server_linux_386.go} | 0
...r_linux_other.go => server_linux_other.go} | 0
proxy/server.go | 10 +-
proxy/socks5/dialer.go | 251 +++++++++++
proxy/socks5/server.go | 214 +++++++++
proxy/socks5/socks5.go | 417 +-----------------
proxy/ss/dialer.go | 86 ++++
proxy/ss/server.go | 194 ++++++++
proxy/ss/ss.go | 236 +---------
proxy/ssr/dialer.go | 130 ++++++
proxy/ssr/ssr.go | 113 +----
proxy/tcptun/server.go | 80 ++++
proxy/tcptun/tcptun.go | 69 +--
proxy/tls/dialer.go | 65 +++
proxy/tls/tls.go | 48 +-
.../{tproxy_linux.go => server_linux.go} | 36 +-
proxy/udptun/server.go | 92 ++++
proxy/udptun/udptun.go | 81 +---
proxy/uottun/server.go | 90 ++++
proxy/uottun/uottun.go | 79 +---
proxy/vmess/dialer.go | 60 +++
proxy/vmess/vmess.go | 44 +-
proxy/ws/dialer.go | 60 +++
proxy/ws/ws.go | 40 --
rule.go | 16 +-
strategy.go | 69 ++-
34 files changed, 1806 insertions(+), 1474 deletions(-)
create mode 100644 proxy/forwarder.go
create mode 100644 proxy/http/dialer.go
create mode 100644 proxy/http/server.go
rename proxy/mixed/{mixed.go => server.go} (77%)
rename proxy/redir/{redir_linux.go => server_linux.go} (86%)
rename proxy/redir/{redir_linux_386.go => server_linux_386.go} (100%)
rename proxy/redir/{redir_linux_other.go => server_linux_other.go} (100%)
create mode 100644 proxy/socks5/dialer.go
create mode 100644 proxy/socks5/server.go
create mode 100644 proxy/ss/dialer.go
create mode 100644 proxy/ss/server.go
create mode 100644 proxy/ssr/dialer.go
create mode 100644 proxy/tcptun/server.go
create mode 100644 proxy/tls/dialer.go
rename proxy/tproxy/{tproxy_linux.go => server_linux.go} (88%)
create mode 100644 proxy/udptun/server.go
create mode 100644 proxy/uottun/server.go
create mode 100644 proxy/vmess/dialer.go
create mode 100644 proxy/ws/dialer.go
diff --git a/conf.go b/conf.go
index b6217a3..7042228 100644
--- a/conf.go
+++ b/conf.go
@@ -14,14 +14,15 @@ import (
var flag = conflag.New()
var conf struct {
- Verbose bool
- Strategy string
- CheckWebSite string
- CheckInterval int
- Listen []string
- Forward []string
- RuleFile []string
- RulesDir string
+ Verbose bool
+
+ Listen []string
+
+ Forward []string
+ StrategyConfig
+
+ RuleFile []string
+ RulesDir string
DNS string
DNSServer []string
@@ -37,11 +38,13 @@ var conf struct {
func confInit() {
flag.BoolVar(&conf.Verbose, "verbose", false, "verbose mode")
- flag.StringVar(&conf.Strategy, "strategy", "rr", "forward strategy, default: rr")
- flag.StringVar(&conf.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
- flag.IntVar(&conf.CheckInterval, "checkduration", 30, "proxy check interval(seconds)")
flag.StringSliceUniqVar(&conf.Listen, "listen", nil, "listen url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS")
+
flag.StringSliceUniqVar(&conf.Forward, "forward", nil, "forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]")
+ flag.StringVar(&conf.StrategyConfig.Strategy, "strategy", "rr", "forward strategy, default: rr")
+ flag.StringVar(&conf.StrategyConfig.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
+ flag.IntVar(&conf.StrategyConfig.CheckInterval, "checkduration", 30, "proxy check interval(seconds)")
+
flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
flag.StringVar(&conf.RulesDir, "rules-dir", "", "rule file folder")
@@ -119,10 +122,8 @@ func listDir(dirPth string, suffix string) (files []string, err error) {
type RuleConf struct {
name string
- Forward []string
- Strategy string
- CheckWebSite string
- CheckInterval int
+ Forward []string
+ StrategyConfig
DNSServer []string
IPSet string
@@ -138,9 +139,9 @@ func NewRuleConfFromFile(ruleFile string) (*RuleConf, error) {
f := conflag.NewFromFile("rule", ruleFile)
f.StringSliceUniqVar(&p.Forward, "forward", nil, "forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]")
- f.StringVar(&p.Strategy, "strategy", "rr", "forward strategy, default: rr")
- f.StringVar(&p.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
- f.IntVar(&p.CheckInterval, "checkduration", 30, "proxy check interval(seconds)")
+ f.StringVar(&p.StrategyConfig.Strategy, "strategy", "rr", "forward strategy, default: rr")
+ f.StringVar(&p.StrategyConfig.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
+ f.IntVar(&p.StrategyConfig.CheckInterval, "checkduration", 30, "proxy check interval(seconds)")
f.StringSliceUniqVar(&p.DNSServer, "dnsserver", nil, "remote dns server")
f.StringVar(&p.IPSet, "ipset", "", "ipset name")
diff --git a/main.go b/main.go
index 0ab0216..48a3a05 100644
--- a/main.go
+++ b/main.go
@@ -4,7 +4,6 @@ import (
stdlog "log"
"os"
"os/signal"
- "strings"
"syscall"
"github.com/nadoo/glider/common/log"
@@ -25,39 +24,28 @@ import (
)
// VERSION .
-const VERSION = "0.6.6"
-
-func dialerFromConf() proxy.Dialer {
- // global forwarders in xx.conf
- var fwdrs []proxy.Dialer
- for _, chain := range conf.Forward {
- var fwdr proxy.Dialer
- var err error
- for _, url := range strings.Split(chain, ",") {
- fwdr, err = proxy.DialerFromURL(url, fwdr)
- if err != nil {
- log.Fatal(err)
- }
- }
- fwdrs = append(fwdrs, fwdr)
- }
-
- return NewStrategyDialer(conf.Strategy, fwdrs, conf.CheckWebSite, conf.CheckInterval)
-}
+const VERSION = "0.6.7"
func main() {
+ // Config
confInit()
+
+ // Log
log.F = func(f string, v ...interface{}) {
if conf.Verbose {
stdlog.Printf(f, v...)
}
}
- dialer := NewRuleDialer(conf.rules, dialerFromConf())
- ipsetM, _ := NewIPSetManager(conf.IPSet, conf.rules)
- if conf.DNS != "" {
+ // Forwarder
+ dialer := NewRuleDialer(conf.rules, StrategyDialer(conf.Forward, &conf.StrategyConfig))
+ // IPSet manager
+ ipsetM, _ := NewIPSetManager(conf.IPSet, conf.rules)
+
+ // DNS Server
+ if conf.DNS != "" {
dnscfg := &dns.Config{
Timeout: conf.DNSTimeout,
MaxTTL: conf.DNSMaxTTL,
@@ -91,8 +79,9 @@ func main() {
go d.ListenAndServe()
}
+ // Servers
for _, listen := range conf.Listen {
- local, err := proxy.ServerFromURL(listen, dialer)
+ local, err := proxy.ServerFromURL(listen, proxy.NewForwarder(dialer))
if err != nil {
log.Fatal(err)
}
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
new file mode 100644
index 0000000..f25f5e6
--- /dev/null
+++ b/proxy/forwarder.go
@@ -0,0 +1,49 @@
+package proxy
+
+import (
+ "strings"
+)
+
+// Forwarder is a forwarder
+type Forwarder struct {
+ Dialer
+ addr string
+ disabled bool
+ failures int
+ priority int
+ weight int
+}
+
+// ForwarderFromURL returns a new forwarder
+func ForwarderFromURL(s string) (*Forwarder, error) {
+ var d Dialer
+ var err error
+ for _, url := range strings.Split(s, ",") {
+ d, err = DialerFromURL(url, d)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ return &Forwarder{Dialer: d}, nil
+}
+
+// NewForwarder .
+func NewForwarder(dialer Dialer) *Forwarder {
+ return &Forwarder{Dialer: dialer, addr: dialer.Addr()}
+}
+
+// Addr .
+func (f *Forwarder) Addr() string {
+ return f.addr
+}
+
+// Enable .
+func (f *Forwarder) Enable(b bool) {
+ f.disabled = !b
+}
+
+// Enabled .
+func (f *Forwarder) Enabled() bool {
+ return !f.disabled
+}
diff --git a/proxy/http/dialer.go b/proxy/http/dialer.go
new file mode 100644
index 0000000..e522b93
--- /dev/null
+++ b/proxy/http/dialer.go
@@ -0,0 +1,90 @@
+package http
+
+import (
+ "bufio"
+ "bytes"
+ "encoding/base64"
+ "errors"
+ "net"
+ "net/textproto"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+func init() {
+ proxy.RegisterDialer("http", CreateDialer)
+}
+
+// Dialer struct
+type Dialer struct {
+ *HTTP
+ dialer proxy.Dialer
+}
+
+// NewDialer returns a proxy dialer
+func NewDialer(s string, dialer proxy.Dialer) (*Dialer, error) {
+ h, err := NewHTTP(s)
+ if err != nil {
+ return nil, err
+ }
+
+ d := &Dialer{HTTP: h, dialer: dialer}
+ return d, nil
+}
+
+// CreateDialer returns a proxy dialer
+func CreateDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewDialer(s, dialer)
+}
+
+// Addr returns dialer's address
+func (s *Dialer) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
+
+// NextDialer returns the next dialer
+func (s *Dialer) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial establishes a connection to the addr
+func (s *Dialer) Dial(network, addr string) (net.Conn, error) {
+ rc, err := s.dialer.Dial(network, s.addr)
+ if err != nil {
+ log.F("[http] dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ var buf bytes.Buffer
+ buf.Write([]byte("CONNECT " + addr + " HTTP/1.1\r\n"))
+ buf.Write([]byte("Proxy-Connection: Keep-Alive\r\n"))
+
+ if s.user != "" && s.password != "" {
+ auth := s.user + ":" + s.password
+ buf.Write([]byte("Proxy-Authorization: Basic " + base64.StdEncoding.EncodeToString([]byte(auth)) + "\r\n"))
+ }
+
+ //header ended
+ buf.Write([]byte("\r\n"))
+ rc.Write(buf.Bytes())
+
+ respR := bufio.NewReader(rc)
+ respTP := textproto.NewReader(respR)
+ _, code, _, ok := parseFirstLine(respTP)
+ if ok && code == "200" {
+ return rc, err
+ } else if code == "407" {
+ log.F("[http] authencation needed by proxy %s", s.addr)
+ } else if code == "405" {
+ log.F("[http] 'CONNECT' method not allowed by proxy %s", s.addr)
+ }
+
+ return nil, errors.New("[http] can not connect remote address: " + addr + ". error code: " + code)
+}
+
+// DialUDP returns a PacketConn to the addr
+func (s *Dialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ return nil, nil, errors.New("http client does not support udp")
+}
diff --git a/proxy/http/http.go b/proxy/http/http.go
index 49615e3..4aea435 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -4,38 +4,23 @@
package http
import (
- "bufio"
"bytes"
- "encoding/base64"
- "errors"
- "fmt"
- "io"
- "net"
"net/textproto"
"net/url"
"strings"
- "time"
- "github.com/nadoo/glider/common/conn"
"github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/proxy"
)
// HTTP struct
type HTTP struct {
- dialer proxy.Dialer
addr string
user string
password string
}
-func init() {
- proxy.RegisterDialer("http", NewHTTPDialer)
- proxy.RegisterServer("http", NewHTTPServer)
-}
-
-// NewHTTP returns a http proxy.
-func NewHTTP(s string, dialer proxy.Dialer) (*HTTP, error) {
+// NewHTTP returns a http base struct
+func NewHTTP(s string) (*HTTP, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -47,7 +32,6 @@ func NewHTTP(s string, dialer proxy.Dialer) (*HTTP, error) {
pass, _ := u.User.Password()
h := &HTTP{
- dialer: dialer,
addr: addr,
user: user,
password: pass,
@@ -56,215 +40,12 @@ func NewHTTP(s string, dialer proxy.Dialer) (*HTTP, error) {
return h, nil
}
-// NewHTTPDialer returns a http proxy dialer.
-func NewHTTPDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewHTTP(s, dialer)
-}
-
-// NewHTTPServer returns a http proxy server.
-func NewHTTPServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
- return NewHTTP(s, dialer)
-}
-
-// ListenAndServe .
-func (s *HTTP) ListenAndServe() {
- l, err := net.Listen("tcp", s.addr)
- if err != nil {
- log.F("failed to listen on %s: %v", s.addr, err)
- return
- }
- defer l.Close()
-
- log.F("listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
- if err != nil {
- log.F("[http] failed to accept: %v", err)
- continue
- }
-
- go s.Serve(c)
- }
-}
-
-// Serve .
-func (s *HTTP) Serve(c net.Conn) {
- defer c.Close()
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- reqR := bufio.NewReader(c)
- reqTP := textproto.NewReader(reqR)
- method, requestURI, proto, ok := parseFirstLine(reqTP)
- if !ok {
- return
- }
-
- if method == "CONNECT" {
- s.servHTTPS(method, requestURI, proto, c)
- return
- }
-
- reqHeader, err := reqTP.ReadMIMEHeader()
- if err != nil {
- log.F("read header error:%s", err)
- return
- }
- cleanHeaders(reqHeader)
-
- // tell the remote server not to keep alive
- reqHeader.Set("Connection", "close")
-
- u, err := url.ParseRequestURI(requestURI)
- if err != nil {
- log.F("[http] parse request url error: %s", err)
- return
- }
-
- var tgt = u.Host
- if !strings.Contains(u.Host, ":") {
- tgt += ":80"
- }
-
- rc, err := s.dialer.Dial("tcp", tgt)
- if err != nil {
- fmt.Fprintf(c, "%s 502 ERROR\r\n\r\n", proto)
- log.F("[http] failed to dial: %v", err)
- return
- }
- defer rc.Close()
-
- // GET http://example.com/a/index.htm HTTP/1.1 -->
- // GET /a/index.htm HTTP/1.1
- u.Scheme = ""
- u.Host = ""
- uri := u.String()
-
- var reqBuf bytes.Buffer
- writeFirstLine(method, uri, proto, &reqBuf)
- writeHeaders(reqHeader, &reqBuf)
-
- // send request to remote server
- rc.Write(reqBuf.Bytes())
-
- // copy the left request bytes to remote server. eg. length specificed or chunked body.
- go func() {
- if _, err := reqR.Peek(1); err == nil {
- io.Copy(rc, reqR)
- rc.SetDeadline(time.Now())
- c.SetDeadline(time.Now())
- }
- }()
-
- respR := bufio.NewReader(rc)
- respTP := textproto.NewReader(respR)
- proto, code, status, ok := parseFirstLine(respTP)
- if !ok {
- return
- }
-
- respHeader, err := respTP.ReadMIMEHeader()
- if err != nil {
- log.F("[http] read header error:%s", err)
- return
- }
-
- respHeader.Set("Proxy-Connection", "close")
- respHeader.Set("Connection", "close")
-
- var respBuf bytes.Buffer
- writeFirstLine(proto, code, status, &respBuf)
- writeHeaders(respHeader, &respBuf)
-
- log.F("[http] %s <-> %s", c.RemoteAddr(), tgt)
- c.Write(respBuf.Bytes())
-
- io.Copy(c, respR)
-
-}
-
-func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
- rc, err := s.dialer.Dial("tcp", requestURI)
- if err != nil {
- c.Write([]byte(proto))
- c.Write([]byte(" 502 ERROR\r\n\r\n"))
- log.F("[http] failed to dial: %v", err)
- return
- }
-
- c.Write([]byte("HTTP/1.1 200 Connection established\r\n\r\n"))
-
- log.F("[http] %s <-> %s [c]", c.RemoteAddr(), requestURI)
-
- _, _, err = conn.Relay(c, rc)
- if err != nil {
- if err, ok := err.(net.Error); ok && err.Timeout() {
- return // ignore i/o timeout
- }
- log.F("relay error: %v", err)
- }
-}
-
-// Addr returns forwarder's address
-func (s *HTTP) Addr() string {
- if s.addr == "" {
- return s.dialer.Addr()
- }
- return s.addr
-}
-
-// NextDialer returns the next dialer
-func (s *HTTP) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-
-// Dial connects to the address addr on the network net via the proxy.
-func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
- rc, err := s.dialer.Dial(network, s.addr)
- if err != nil {
- log.F("[http] dial to %s error: %s", s.addr, err)
- return nil, err
- }
-
- var buf bytes.Buffer
- buf.Write([]byte("CONNECT " + addr + " HTTP/1.1\r\n"))
- buf.Write([]byte("Proxy-Connection: Keep-Alive\r\n"))
-
- if s.user != "" && s.password != "" {
- auth := s.user + ":" + s.password
- buf.Write([]byte("Proxy-Authorization: Basic " + base64.StdEncoding.EncodeToString([]byte(auth)) + "\r\n"))
- }
-
- //header ended
- buf.Write([]byte("\r\n"))
- rc.Write(buf.Bytes())
-
- respR := bufio.NewReader(rc)
- respTP := textproto.NewReader(respR)
- _, code, _, ok := parseFirstLine(respTP)
- if ok && code == "200" {
- return rc, err
- } else if code == "407" {
- log.F("[http] authencation needed by proxy %s", s.addr)
- } else if code == "405" {
- log.F("[http] 'CONNECT' method not allowed by proxy %s", s.addr)
- }
-
- return nil, errors.New("[http] can not connect remote address: " + addr + ". error code: " + code)
-}
-
-// DialUDP connects to the given address via the proxy.
-func (s *HTTP) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- return nil, nil, errors.New("http client does not support udp")
-}
-
// parseFirstLine parses "GET /foo HTTP/1.1" OR "HTTP/1.1 200 OK" into its three parts.
func parseFirstLine(tp *textproto.Reader) (r1, r2, r3 string, ok bool) {
line, err := tp.ReadLine()
// log.F("first line: %s", line)
if err != nil {
- log.F("[http] read first line error:%s", err)
+ log.F("[http] read first line error: %s", err)
return
}
diff --git a/proxy/http/server.go b/proxy/http/server.go
new file mode 100644
index 0000000..e59b4fe
--- /dev/null
+++ b/proxy/http/server.go
@@ -0,0 +1,184 @@
+package http
+
+import (
+ "bufio"
+ "bytes"
+ "fmt"
+ "io"
+ "net"
+ "net/textproto"
+ "net/url"
+ "strings"
+ "time"
+
+ "github.com/nadoo/glider/common/conn"
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+func init() {
+ proxy.RegisterServer("http", CreateServer)
+}
+
+// Server struct
+type Server struct {
+ *HTTP
+ *proxy.Forwarder
+}
+
+// NewServer returns a local proxy server
+func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
+ h, err := NewHTTP(s)
+ if err != nil {
+ return nil, err
+ }
+ server := &Server{HTTP: h, Forwarder: f}
+ return server, nil
+}
+
+// CreateServer returns a local proxy server
+func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
+ return NewServer(s, f)
+}
+
+// ListenAndServe serves requests from clients
+func (s *Server) ListenAndServe() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ log.F("failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer l.Close()
+
+ log.F("listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[http] failed to accept: %v", err)
+ continue
+ }
+
+ go s.Serve(c)
+ }
+}
+
+// Serve .
+func (s *Server) Serve(c net.Conn) {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ reqR := bufio.NewReader(c)
+ reqTP := textproto.NewReader(reqR)
+ method, requestURI, proto, ok := parseFirstLine(reqTP)
+ if !ok {
+ return
+ }
+
+ if method == "CONNECT" {
+ s.servHTTPS(method, requestURI, proto, c)
+ return
+ }
+
+ reqHeader, err := reqTP.ReadMIMEHeader()
+ if err != nil {
+ log.F("read header error:%s", err)
+ return
+ }
+ cleanHeaders(reqHeader)
+
+ // tell the remote server not to keep alive
+ reqHeader.Set("Connection", "close")
+
+ u, err := url.ParseRequestURI(requestURI)
+ if err != nil {
+ log.F("[http] parse request url error: %s", err)
+ return
+ }
+
+ var tgt = u.Host
+ if !strings.Contains(u.Host, ":") {
+ tgt += ":80"
+ }
+
+ rc, err := s.Dial("tcp", tgt)
+ if err != nil {
+ fmt.Fprintf(c, "%s 502 ERROR\r\n\r\n", proto)
+ log.F("[http] failed to dial: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ // GET http://example.com/a/index.htm HTTP/1.1 -->
+ // GET /a/index.htm HTTP/1.1
+ u.Scheme = ""
+ u.Host = ""
+ uri := u.String()
+
+ var reqBuf bytes.Buffer
+ writeFirstLine(method, uri, proto, &reqBuf)
+ writeHeaders(reqHeader, &reqBuf)
+
+ // send request to remote server
+ rc.Write(reqBuf.Bytes())
+
+ // copy the left request bytes to remote server. eg. length specificed or chunked body.
+ go func() {
+ if _, err := reqR.Peek(1); err == nil {
+ io.Copy(rc, reqR)
+ rc.SetDeadline(time.Now())
+ c.SetDeadline(time.Now())
+ }
+ }()
+
+ respR := bufio.NewReader(rc)
+ respTP := textproto.NewReader(respR)
+ proto, code, status, ok := parseFirstLine(respTP)
+ if !ok {
+ return
+ }
+
+ respHeader, err := respTP.ReadMIMEHeader()
+ if err != nil {
+ log.F("[http] read header error:%s", err)
+ return
+ }
+
+ respHeader.Set("Proxy-Connection", "close")
+ respHeader.Set("Connection", "close")
+
+ var respBuf bytes.Buffer
+ writeFirstLine(proto, code, status, &respBuf)
+ writeHeaders(respHeader, &respBuf)
+
+ log.F("[http] %s <-> %s", c.RemoteAddr(), tgt)
+ c.Write(respBuf.Bytes())
+
+ io.Copy(c, respR)
+
+}
+
+func (s *Server) servHTTPS(method, requestURI, proto string, c net.Conn) {
+ rc, err := s.Dial("tcp", requestURI)
+ if err != nil {
+ c.Write([]byte(proto))
+ c.Write([]byte(" 502 ERROR\r\n\r\n"))
+ log.F("[http] failed to dial: %v", err)
+ return
+ }
+
+ c.Write([]byte("HTTP/1.1 200 Connection established\r\n\r\n"))
+
+ log.F("[http] %s <-> %s [c]", c.RemoteAddr(), requestURI)
+
+ _, _, err = conn.Relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ log.F("relay error: %v", err)
+ }
+}
diff --git a/proxy/mixed/mixed.go b/proxy/mixed/server.go
similarity index 77%
rename from proxy/mixed/mixed.go
rename to proxy/mixed/server.go
index 5780d8b..9aa58f1 100644
--- a/proxy/mixed/mixed.go
+++ b/proxy/mixed/server.go
@@ -12,6 +12,10 @@ import (
"github.com/nadoo/glider/proxy/socks5"
)
+func init() {
+ proxy.RegisterServer("mixed", NewMixedProxyServer)
+}
+
// https://www.ietf.org/rfc/rfc2616.txt, http methods must be uppercase.
var httpMethods = [...][]byte{
[]byte("GET"),
@@ -24,45 +28,40 @@ var httpMethods = [...][]byte{
[]byte("TRACE"),
}
-// MixedProxy struct
-type MixedProxy struct {
- dialer proxy.Dialer
+// Server struct
+type Server struct {
+ *proxy.Forwarder
addr string
-
- http *http.HTTP
- socks5 *socks5.SOCKS5
-}
-
-func init() {
- proxy.RegisterServer("mixed", NewMixedProxyServer)
+ http *http.Server
+ socks5 *socks5.Server
}
// NewMixedProxy returns a mixed proxy.
-func NewMixedProxy(s string, dialer proxy.Dialer) (*MixedProxy, error) {
+func NewMixedProxy(s string, f *proxy.Forwarder) (*Server, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
return nil, err
}
- p := &MixedProxy{
- dialer: dialer,
- addr: u.Host,
+ p := &Server{
+ Forwarder: f,
+ addr: u.Host,
}
- p.http, _ = http.NewHTTP(s, dialer)
- p.socks5, _ = socks5.NewSOCKS5(s, dialer)
+ p.http, _ = http.NewServer(s, f)
+ p.socks5, _ = socks5.NewServer(s, f)
return p, nil
}
// NewMixedProxyServer returns a mixed proxy server.
-func NewMixedProxyServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
- return NewMixedProxy(s, dialer)
+func NewMixedProxyServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
+ return NewMixedProxy(s, f)
}
// ListenAndServe .
-func (p *MixedProxy) ListenAndServe() {
+func (p *Server) ListenAndServe() {
go p.socks5.ListenAndServeUDP()
@@ -86,7 +85,7 @@ func (p *MixedProxy) ListenAndServe() {
}
// Serve .
-func (p *MixedProxy) Serve(c net.Conn) {
+func (p *Server) Serve(c net.Conn) {
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
diff --git a/proxy/redir/redir_linux.go b/proxy/redir/server_linux.go
similarity index 86%
rename from proxy/redir/redir_linux.go
rename to proxy/redir/server_linux.go
index 1d202fc..590a33f 100644
--- a/proxy/redir/redir_linux.go
+++ b/proxy/redir/server_linux.go
@@ -16,6 +16,10 @@ import (
"github.com/nadoo/glider/proxy"
)
+func init() {
+ proxy.RegisterServer("redir", CreateServer)
+}
+
const (
// SO_ORIGINAL_DST from linux/include/uapi/linux/netfilter_ipv4.h
SO_ORIGINAL_DST = 80
@@ -23,40 +27,31 @@ const (
IP6T_SO_ORIGINAL_DST = 80
)
-// RedirProxy struct
-type RedirProxy struct {
- dialer proxy.Dialer
- addr string
+// Server struct
+type Server struct {
+ addr string
+ *proxy.Forwarder
}
-func init() {
- proxy.RegisterServer("redir", NewRedirServer)
-}
-
-// NewRedirProxy returns a redirect proxy.
-func NewRedirProxy(s string, dialer proxy.Dialer) (*RedirProxy, error) {
+// NewServer returns a local proxy server
+func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
return nil, err
}
- addr := u.Host
- r := &RedirProxy{
- dialer: dialer,
- addr: addr,
- }
-
- return r, nil
+ server := &Server{addr: u.Host, Forwarder: f}
+ return server, nil
}
-// NewRedirServer returns a redir server.
-func NewRedirServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
- return NewRedirProxy(s, dialer)
+// CreateServer returns a local proxy server
+func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
+ return NewServer(s, f)
}
// ListenAndServe .
-func (s *RedirProxy) ListenAndServe() {
+func (s *Server) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
log.F("[redir] failed to listen on %s: %v", s.addr, err)
@@ -85,7 +80,7 @@ func (s *RedirProxy) ListenAndServe() {
return
}
- rc, err := s.dialer.Dial("tcp", tgt.String())
+ rc, err := s.Dial("tcp", tgt.String())
if err != nil {
log.F("[redir] failed to connect to target: %v", err)
return
diff --git a/proxy/redir/redir_linux_386.go b/proxy/redir/server_linux_386.go
similarity index 100%
rename from proxy/redir/redir_linux_386.go
rename to proxy/redir/server_linux_386.go
diff --git a/proxy/redir/redir_linux_other.go b/proxy/redir/server_linux_other.go
similarity index 100%
rename from proxy/redir/redir_linux_other.go
rename to proxy/redir/server_linux_other.go
diff --git a/proxy/server.go b/proxy/server.go
index 4bc4e1d..3217722 100644
--- a/proxy/server.go
+++ b/proxy/server.go
@@ -15,7 +15,7 @@ type Server interface {
}
// ServerCreator is a function to create proxy servers.
-type ServerCreator func(s string, dialer Dialer) (Server, error)
+type ServerCreator func(s string, f *Forwarder) (Server, error)
var (
serverMap = make(map[string]ServerCreator)
@@ -27,7 +27,7 @@ func RegisterServer(name string, c ServerCreator) {
}
// ServerFromURL calls the registered creator to create proxy servers.
-func ServerFromURL(s string, dialer Dialer) (Server, error) {
+func ServerFromURL(s string, f *Forwarder) (Server, error) {
if !strings.Contains(s, "://") {
s = "mixed://" + s
}
@@ -38,13 +38,13 @@ func ServerFromURL(s string, dialer Dialer) (Server, error) {
return nil, err
}
- if dialer == nil {
- dialer = Direct
+ if f == nil {
+ f = NewForwarder(Direct)
}
c, ok := serverMap[strings.ToLower(u.Scheme)]
if ok {
- return c(s, dialer)
+ return c(s, f)
}
return nil, errors.New("unknown scheme '" + u.Scheme + "'")
diff --git a/proxy/socks5/dialer.go b/proxy/socks5/dialer.go
new file mode 100644
index 0000000..383cc6a
--- /dev/null
+++ b/proxy/socks5/dialer.go
@@ -0,0 +1,251 @@
+package socks5
+
+import (
+ "errors"
+ "io"
+ "net"
+ "strconv"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/common/socks"
+ "github.com/nadoo/glider/proxy"
+)
+
+func init() {
+ proxy.RegisterDialer("socks5", CreateDialer)
+}
+
+// Dialer struct
+type Dialer struct {
+ *SOCKS5
+ dialer proxy.Dialer
+}
+
+// NewDialer returns a proxy dialer
+func NewDialer(s string, dialer proxy.Dialer) (*Dialer, error) {
+ socks, err := NewSOCKS5(s)
+ if err != nil {
+ return nil, err
+ }
+
+ d := &Dialer{SOCKS5: socks, dialer: dialer}
+ return d, nil
+}
+
+// CreateDialer returns a proxy dialer
+func CreateDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewDialer(s, dialer)
+}
+
+// Addr returns dialer's address
+func (s *Dialer) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
+
+// NextDialer returns the next dialer
+func (s *Dialer) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial establishes a connection to the addr
+func (s *Dialer) Dial(network, addr string) (net.Conn, error) {
+ switch network {
+ case "tcp", "tcp6", "tcp4":
+ default:
+ return nil, errors.New("[socks5]: no support for connection type " + network)
+ }
+
+ c, err := s.dialer.Dial(network, s.addr)
+ if err != nil {
+ log.F("dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ if err := s.connect(c, addr); err != nil {
+ c.Close()
+ return nil, err
+ }
+
+ return c, nil
+}
+
+// DialUDP returns a PacketConn to the addr
+func (s *Dialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ c, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ log.F("[socks5] dialudp dial tcp to %s error: %s", s.addr, err)
+ return nil, nil, err
+ }
+
+ // send VER, NMETHODS, METHODS
+ c.Write([]byte{5, 1, 0})
+
+ buf := make([]byte, socks.MaxAddrLen)
+ // read VER METHOD
+ if _, err := io.ReadFull(c, buf[:2]); err != nil {
+ return nil, nil, err
+ }
+
+ dstAddr := socks.ParseAddr(addr)
+ // write VER CMD RSV ATYP DST.ADDR DST.PORT
+ c.Write(append([]byte{5, socks.CmdUDPAssociate, 0}, dstAddr...))
+
+ // read VER REP RSV ATYP BND.ADDR BND.PORT
+ if _, err := io.ReadFull(c, buf[:3]); err != nil {
+ return nil, nil, err
+ }
+
+ rep := buf[1]
+ if rep != 0 {
+ log.F("[socks5] server reply: %d, not succeeded", rep)
+ return nil, nil, errors.New("server connect failed")
+ }
+
+ uAddr, err := socks.ReadAddrBuf(c, buf)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ pc, nextHop, err := s.dialer.DialUDP(network, uAddr.String())
+ if err != nil {
+ log.F("[socks5] dialudp to %s error: %s", uAddr.String(), err)
+ return nil, nil, err
+ }
+
+ pkc := NewPktConn(pc, nextHop, dstAddr, true, c)
+ return pkc, nextHop, err
+}
+
+// connect takes an existing connection to a socks5 proxy server,
+// and commands the server to extend that connection to target,
+// which must be a canonical address with a host and port.
+func (s *Dialer) connect(conn net.Conn, target string) error {
+ host, portStr, err := net.SplitHostPort(target)
+ if err != nil {
+ return err
+ }
+
+ port, err := strconv.Atoi(portStr)
+ if err != nil {
+ return errors.New("proxy: failed to parse port number: " + portStr)
+ }
+ if port < 1 || port > 0xffff {
+ return errors.New("proxy: port number out of range: " + portStr)
+ }
+
+ // the size here is just an estimate
+ buf := make([]byte, 0, 6+len(host))
+
+ buf = append(buf, Version)
+ if len(s.user) > 0 && len(s.user) < 256 && len(s.password) < 256 {
+ buf = append(buf, 2 /* num auth methods */, socks.AuthNone, socks.AuthPassword)
+ } else {
+ buf = append(buf, 1 /* num auth methods */, socks.AuthNone)
+ }
+
+ if _, err := conn.Write(buf); err != nil {
+ return errors.New("proxy: failed to write greeting to SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ if _, err := io.ReadFull(conn, buf[:2]); err != nil {
+ return errors.New("proxy: failed to read greeting from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+ if buf[0] != 5 {
+ return errors.New("proxy: SOCKS5 proxy at " + s.addr + " has unexpected version " + strconv.Itoa(int(buf[0])))
+ }
+ if buf[1] == 0xff {
+ return errors.New("proxy: SOCKS5 proxy at " + s.addr + " requires authentication")
+ }
+
+ if buf[1] == socks.AuthPassword {
+ buf = buf[:0]
+ buf = append(buf, 1 /* password protocol version */)
+ buf = append(buf, uint8(len(s.user)))
+ buf = append(buf, s.user...)
+ buf = append(buf, uint8(len(s.password)))
+ buf = append(buf, s.password...)
+
+ if _, err := conn.Write(buf); err != nil {
+ return errors.New("proxy: failed to write authentication request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ if _, err := io.ReadFull(conn, buf[:2]); err != nil {
+ return errors.New("proxy: failed to read authentication reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ if buf[1] != 0 {
+ return errors.New("proxy: SOCKS5 proxy at " + s.addr + " rejected username/password")
+ }
+ }
+
+ buf = buf[:0]
+ buf = append(buf, Version, socks.CmdConnect, 0 /* reserved */)
+
+ if ip := net.ParseIP(host); ip != nil {
+ if ip4 := ip.To4(); ip4 != nil {
+ buf = append(buf, socks.ATypIP4)
+ ip = ip4
+ } else {
+ buf = append(buf, socks.ATypIP6)
+ }
+ buf = append(buf, ip...)
+ } else {
+ if len(host) > 255 {
+ return errors.New("proxy: destination hostname too long: " + host)
+ }
+ buf = append(buf, socks.ATypDomain)
+ buf = append(buf, byte(len(host)))
+ buf = append(buf, host...)
+ }
+ buf = append(buf, byte(port>>8), byte(port))
+
+ if _, err := conn.Write(buf); err != nil {
+ return errors.New("proxy: failed to write connect request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ if _, err := io.ReadFull(conn, buf[:4]); err != nil {
+ return errors.New("proxy: failed to read connect reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ failure := "unknown error"
+ if int(buf[1]) < len(socks.Errors) {
+ failure = socks.Errors[buf[1]].Error()
+ }
+
+ if len(failure) > 0 {
+ return errors.New("proxy: SOCKS5 proxy at " + s.addr + " failed to connect: " + failure)
+ }
+
+ bytesToDiscard := 0
+ switch buf[3] {
+ case socks.ATypIP4:
+ bytesToDiscard = net.IPv4len
+ case socks.ATypIP6:
+ bytesToDiscard = net.IPv6len
+ case socks.ATypDomain:
+ _, err := io.ReadFull(conn, buf[:1])
+ if err != nil {
+ return errors.New("proxy: failed to read domain length from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+ bytesToDiscard = int(buf[0])
+ default:
+ return errors.New("proxy: got unknown address type " + strconv.Itoa(int(buf[3])) + " from SOCKS5 proxy at " + s.addr)
+ }
+
+ if cap(buf) < bytesToDiscard {
+ buf = make([]byte, bytesToDiscard)
+ } else {
+ buf = buf[:bytesToDiscard]
+ }
+ if _, err := io.ReadFull(conn, buf); err != nil {
+ return errors.New("proxy: failed to read address from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ // Also need to discard the port number
+ if _, err := io.ReadFull(conn, buf[:2]); err != nil {
+ return errors.New("proxy: failed to read port from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ return nil
+}
diff --git a/proxy/socks5/server.go b/proxy/socks5/server.go
new file mode 100644
index 0000000..a1eb984
--- /dev/null
+++ b/proxy/socks5/server.go
@@ -0,0 +1,214 @@
+package socks5
+
+import (
+ "io"
+ "net"
+ "sync"
+ "time"
+
+ "github.com/nadoo/glider/common/conn"
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/common/socks"
+ "github.com/nadoo/glider/proxy"
+)
+
+func init() {
+ proxy.RegisterServer("socks5", CreateServer)
+}
+
+// Server struct
+type Server struct {
+ *SOCKS5
+ *proxy.Forwarder
+}
+
+// NewServer returns a local proxy server
+func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
+ h, err := NewSOCKS5(s)
+ if err != nil {
+ return nil, err
+ }
+ server := &Server{SOCKS5: h, Forwarder: f}
+ return server, nil
+}
+
+// CreateServer returns a local proxy server
+func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
+ return NewServer(s, f)
+}
+
+// ListenAndServe serves socks5 requests.
+func (s *Server) ListenAndServe() {
+ go s.ListenAndServeUDP()
+ s.ListenAndServeTCP()
+}
+
+// ListenAndServeTCP .
+func (s *Server) ListenAndServeTCP() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ log.F("[socks5] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+
+ log.F("[socks5] listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[socks5] failed to accept: %v", err)
+ continue
+ }
+
+ go s.ServeTCP(c)
+ }
+}
+
+// ServeTCP .
+func (s *Server) ServeTCP(c net.Conn) {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ tgt, err := s.handshake(c)
+ if err != nil {
+ // UDP: keep the connection until disconnect then free the UDP socket
+ if err == socks.Errors[9] {
+ buf := []byte{}
+ // block here
+ for {
+ _, err := c.Read(buf)
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ continue
+ }
+ // log.F("[socks5] servetcp udp associate end")
+ return
+ }
+ }
+
+ log.F("[socks5] failed to get target address: %v", err)
+ return
+ }
+
+ rc, err := s.Dial("tcp", tgt.String())
+ if err != nil {
+ log.F("[socks5] failed to connect to target: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ log.F("[socks5] %s <-> %s", c.RemoteAddr(), tgt)
+
+ _, _, err = conn.Relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ log.F("[socks5] relay error: %v", err)
+ }
+}
+
+// ListenAndServeUDP serves udp requests.
+func (s *Server) ListenAndServeUDP() {
+ lc, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ log.F("[socks5-udp] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer lc.Close()
+
+ log.F("[socks5-udp] listening UDP on %s", s.addr)
+
+ var nm sync.Map
+ buf := make([]byte, conn.UDPBufSize)
+
+ for {
+ c := NewPktConn(lc, nil, nil, true, nil)
+
+ n, raddr, err := c.ReadFrom(buf)
+ if err != nil {
+ log.F("[socks5-udp] remote read error: %v", err)
+ continue
+ }
+
+ var pc *PktConn
+ v, ok := nm.Load(raddr.String())
+ if !ok && v == nil {
+ if c.tgtAddr == nil {
+ log.F("[socks5-udp] can not get target address, not a valid request")
+ continue
+ }
+
+ lpc, nextHop, err := s.DialUDP("udp", c.tgtAddr.String())
+ if err != nil {
+ log.F("[socks5-udp] remote dial error: %v", err)
+ continue
+ }
+
+ pc = NewPktConn(lpc, nextHop, nil, false, nil)
+ nm.Store(raddr.String(), pc)
+
+ go func() {
+ conn.TimedCopy(c, raddr, pc, 2*time.Minute)
+ pc.Close()
+ nm.Delete(raddr.String())
+ }()
+
+ } else {
+ pc = v.(*PktConn)
+ }
+
+ _, err = pc.WriteTo(buf[:n], pc.writeAddr)
+ if err != nil {
+ log.F("[socks5-udp] remote write error: %v", err)
+ continue
+ }
+
+ log.F("[socks5-udp] %s <-> %s", raddr, c.tgtAddr)
+ }
+
+}
+
+// Handshake fast-tracks SOCKS initialization to get target address to connect.
+func (s *Server) handshake(rw io.ReadWriter) (socks.Addr, error) {
+ // Read RFC 1928 for request and reply structure and sizes.
+ buf := make([]byte, socks.MaxAddrLen)
+ // read VER, NMETHODS, METHODS
+ if _, err := io.ReadFull(rw, buf[:2]); err != nil {
+ return nil, err
+ }
+ nmethods := buf[1]
+ if _, err := io.ReadFull(rw, buf[:nmethods]); err != nil {
+ return nil, err
+ }
+ // write VER METHOD
+ if _, err := rw.Write([]byte{5, 0}); err != nil {
+ return nil, err
+ }
+ // read VER CMD RSV ATYP DST.ADDR DST.PORT
+ if _, err := io.ReadFull(rw, buf[:3]); err != nil {
+ return nil, err
+ }
+ cmd := buf[1]
+ addr, err := socks.ReadAddrBuf(rw, buf)
+ if err != nil {
+ return nil, err
+ }
+ switch cmd {
+ case socks.CmdConnect:
+ _, err = rw.Write([]byte{5, 0, 0, 1, 0, 0, 0, 0, 0, 0}) // SOCKS v5, reply succeeded
+ case socks.CmdUDPAssociate:
+ listenAddr := socks.ParseAddr(rw.(net.Conn).LocalAddr().String())
+ _, err = rw.Write(append([]byte{5, 0, 0}, listenAddr...)) // SOCKS v5, reply succeeded
+ if err != nil {
+ return nil, socks.Errors[7]
+ }
+ err = socks.Errors[9]
+ default:
+ return nil, socks.Errors[7]
+ }
+
+ return addr, err // skip VER, CMD, RSV fields
+}
diff --git a/proxy/socks5/socks5.go b/proxy/socks5/socks5.go
index 3d0cf51..d9d01b2 100644
--- a/proxy/socks5/socks5.go
+++ b/proxy/socks5/socks5.go
@@ -12,18 +12,9 @@
package socks5
import (
- "errors"
- "io"
- "net"
"net/url"
- "strconv"
- "sync"
- "time"
- "github.com/nadoo/glider/common/conn"
"github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/common/socks"
- "github.com/nadoo/glider/proxy"
)
// Version is socks5 version number
@@ -31,20 +22,14 @@ const Version = 5
// SOCKS5 struct
type SOCKS5 struct {
- dialer proxy.Dialer
addr string
user string
password string
}
-func init() {
- proxy.RegisterDialer("socks5", NewSocks5Dialer)
- proxy.RegisterServer("socks5", NewSocks5Server)
-}
-
// NewSOCKS5 returns a Proxy that makes SOCKS v5 connections to the given address
// with an optional username and password. See RFC 1928.
-func NewSOCKS5(s string, dialer proxy.Dialer) (*SOCKS5, error) {
+func NewSOCKS5(s string) (*SOCKS5, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -56,7 +41,6 @@ func NewSOCKS5(s string, dialer proxy.Dialer) (*SOCKS5, error) {
pass, _ := u.User.Password()
h := &SOCKS5{
- dialer: dialer,
addr: addr,
user: user,
password: pass,
@@ -64,402 +48,3 @@ func NewSOCKS5(s string, dialer proxy.Dialer) (*SOCKS5, error) {
return h, nil
}
-
-// NewSocks5Dialer returns a socks5 proxy dialer.
-func NewSocks5Dialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewSOCKS5(s, dialer)
-}
-
-// NewSocks5Server returns a socks5 proxy server.
-func NewSocks5Server(s string, dialer proxy.Dialer) (proxy.Server, error) {
- return NewSOCKS5(s, dialer)
-}
-
-// ListenAndServe serves socks5 requests.
-func (s *SOCKS5) ListenAndServe() {
- go s.ListenAndServeUDP()
- s.ListenAndServeTCP()
-}
-
-// ListenAndServeTCP .
-func (s *SOCKS5) ListenAndServeTCP() {
- l, err := net.Listen("tcp", s.addr)
- if err != nil {
- log.F("[socks5] failed to listen on %s: %v", s.addr, err)
- return
- }
-
- log.F("[socks5] listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
- if err != nil {
- log.F("[socks5] failed to accept: %v", err)
- continue
- }
-
- go s.ServeTCP(c)
- }
-}
-
-// ServeTCP .
-func (s *SOCKS5) ServeTCP(c net.Conn) {
- defer c.Close()
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- tgt, err := s.handshake(c)
- if err != nil {
- // UDP: keep the connection until disconnect then free the UDP socket
- if err == socks.Errors[9] {
- buf := []byte{}
- // block here
- for {
- _, err := c.Read(buf)
- if err, ok := err.(net.Error); ok && err.Timeout() {
- continue
- }
- // log.F("[socks5] servetcp udp associate end")
- return
- }
- }
-
- log.F("[socks5] failed to get target address: %v", err)
- return
- }
-
- rc, err := s.dialer.Dial("tcp", tgt.String())
- if err != nil {
- log.F("[socks5] failed to connect to target: %v", err)
- return
- }
- defer rc.Close()
-
- log.F("[socks5] %s <-> %s", c.RemoteAddr(), tgt)
-
- _, _, err = conn.Relay(c, rc)
- if err != nil {
- if err, ok := err.(net.Error); ok && err.Timeout() {
- return // ignore i/o timeout
- }
- log.F("[socks5] relay error: %v", err)
- }
-}
-
-// ListenAndServeUDP serves udp requests.
-func (s *SOCKS5) ListenAndServeUDP() {
- lc, err := net.ListenPacket("udp", s.addr)
- if err != nil {
- log.F("[socks5-udp] failed to listen on %s: %v", s.addr, err)
- return
- }
- defer lc.Close()
-
- log.F("[socks5-udp] listening UDP on %s", s.addr)
-
- var nm sync.Map
- buf := make([]byte, conn.UDPBufSize)
-
- for {
- c := NewPktConn(lc, nil, nil, true, nil)
-
- n, raddr, err := c.ReadFrom(buf)
- if err != nil {
- log.F("[socks5-udp] remote read error: %v", err)
- continue
- }
-
- var pc *PktConn
- v, ok := nm.Load(raddr.String())
- if !ok && v == nil {
- if c.tgtAddr == nil {
- log.F("[socks5-udp] can not get target address, not a valid request")
- continue
- }
-
- lpc, nextHop, err := s.dialer.DialUDP("udp", c.tgtAddr.String())
- if err != nil {
- log.F("[socks5-udp] remote dial error: %v", err)
- continue
- }
-
- pc = NewPktConn(lpc, nextHop, nil, false, nil)
- nm.Store(raddr.String(), pc)
-
- go func() {
- conn.TimedCopy(c, raddr, pc, 2*time.Minute)
- pc.Close()
- nm.Delete(raddr.String())
- }()
-
- } else {
- pc = v.(*PktConn)
- }
-
- _, err = pc.WriteTo(buf[:n], pc.writeAddr)
- if err != nil {
- log.F("[socks5-udp] remote write error: %v", err)
- continue
- }
-
- log.F("[socks5-udp] %s <-> %s", raddr, c.tgtAddr)
- }
-
-}
-
-// Addr returns forwarder's address
-func (s *SOCKS5) Addr() string {
- if s.addr == "" {
- return s.dialer.Addr()
- }
- return s.addr
-}
-
-// NextDialer returns the next dialer
-func (s *SOCKS5) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-
-// Dial connects to the address addr on the network net via the SOCKS5 proxy.
-func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
- switch network {
- case "tcp", "tcp6", "tcp4":
- default:
- return nil, errors.New("[socks5]: no support for connection type " + network)
- }
-
- c, err := s.dialer.Dial(network, s.addr)
- if err != nil {
- log.F("dial to %s error: %s", s.addr, err)
- return nil, err
- }
-
- if err := s.connect(c, addr); err != nil {
- c.Close()
- return nil, err
- }
-
- return c, nil
-}
-
-// DialUDP connects to the given address via the proxy.
-func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- c, err := s.dialer.Dial("tcp", s.addr)
- if err != nil {
- log.F("[socks5] dialudp dial tcp to %s error: %s", s.addr, err)
- return nil, nil, err
- }
-
- // send VER, NMETHODS, METHODS
- c.Write([]byte{5, 1, 0})
-
- buf := make([]byte, socks.MaxAddrLen)
- // read VER METHOD
- if _, err := io.ReadFull(c, buf[:2]); err != nil {
- return nil, nil, err
- }
-
- dstAddr := socks.ParseAddr(addr)
- // write VER CMD RSV ATYP DST.ADDR DST.PORT
- c.Write(append([]byte{5, socks.CmdUDPAssociate, 0}, dstAddr...))
-
- // read VER REP RSV ATYP BND.ADDR BND.PORT
- if _, err := io.ReadFull(c, buf[:3]); err != nil {
- return nil, nil, err
- }
-
- rep := buf[1]
- if rep != 0 {
- log.F("[socks5] server reply: %d, not succeeded", rep)
- return nil, nil, errors.New("server connect failed")
- }
-
- uAddr, err := socks.ReadAddrBuf(c, buf)
- if err != nil {
- return nil, nil, err
- }
-
- pc, nextHop, err := s.dialer.DialUDP(network, uAddr.String())
- if err != nil {
- log.F("[socks5] dialudp to %s error: %s", uAddr.String(), err)
- return nil, nil, err
- }
-
- pkc := NewPktConn(pc, nextHop, dstAddr, true, c)
- return pkc, nextHop, err
-}
-
-// connect takes an existing connection to a socks5 proxy server,
-// and commands the server to extend that connection to target,
-// which must be a canonical address with a host and port.
-func (s *SOCKS5) connect(conn net.Conn, target string) error {
- host, portStr, err := net.SplitHostPort(target)
- if err != nil {
- return err
- }
-
- port, err := strconv.Atoi(portStr)
- if err != nil {
- return errors.New("proxy: failed to parse port number: " + portStr)
- }
- if port < 1 || port > 0xffff {
- return errors.New("proxy: port number out of range: " + portStr)
- }
-
- // the size here is just an estimate
- buf := make([]byte, 0, 6+len(host))
-
- buf = append(buf, Version)
- if len(s.user) > 0 && len(s.user) < 256 && len(s.password) < 256 {
- buf = append(buf, 2 /* num auth methods */, socks.AuthNone, socks.AuthPassword)
- } else {
- buf = append(buf, 1 /* num auth methods */, socks.AuthNone)
- }
-
- if _, err := conn.Write(buf); err != nil {
- return errors.New("proxy: failed to write greeting to SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
-
- if _, err := io.ReadFull(conn, buf[:2]); err != nil {
- return errors.New("proxy: failed to read greeting from SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
- if buf[0] != 5 {
- return errors.New("proxy: SOCKS5 proxy at " + s.addr + " has unexpected version " + strconv.Itoa(int(buf[0])))
- }
- if buf[1] == 0xff {
- return errors.New("proxy: SOCKS5 proxy at " + s.addr + " requires authentication")
- }
-
- if buf[1] == socks.AuthPassword {
- buf = buf[:0]
- buf = append(buf, 1 /* password protocol version */)
- buf = append(buf, uint8(len(s.user)))
- buf = append(buf, s.user...)
- buf = append(buf, uint8(len(s.password)))
- buf = append(buf, s.password...)
-
- if _, err := conn.Write(buf); err != nil {
- return errors.New("proxy: failed to write authentication request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
-
- if _, err := io.ReadFull(conn, buf[:2]); err != nil {
- return errors.New("proxy: failed to read authentication reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
-
- if buf[1] != 0 {
- return errors.New("proxy: SOCKS5 proxy at " + s.addr + " rejected username/password")
- }
- }
-
- buf = buf[:0]
- buf = append(buf, Version, socks.CmdConnect, 0 /* reserved */)
-
- if ip := net.ParseIP(host); ip != nil {
- if ip4 := ip.To4(); ip4 != nil {
- buf = append(buf, socks.ATypIP4)
- ip = ip4
- } else {
- buf = append(buf, socks.ATypIP6)
- }
- buf = append(buf, ip...)
- } else {
- if len(host) > 255 {
- return errors.New("proxy: destination hostname too long: " + host)
- }
- buf = append(buf, socks.ATypDomain)
- buf = append(buf, byte(len(host)))
- buf = append(buf, host...)
- }
- buf = append(buf, byte(port>>8), byte(port))
-
- if _, err := conn.Write(buf); err != nil {
- return errors.New("proxy: failed to write connect request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
-
- if _, err := io.ReadFull(conn, buf[:4]); err != nil {
- return errors.New("proxy: failed to read connect reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
-
- failure := "unknown error"
- if int(buf[1]) < len(socks.Errors) {
- failure = socks.Errors[buf[1]].Error()
- }
-
- if len(failure) > 0 {
- return errors.New("proxy: SOCKS5 proxy at " + s.addr + " failed to connect: " + failure)
- }
-
- bytesToDiscard := 0
- switch buf[3] {
- case socks.ATypIP4:
- bytesToDiscard = net.IPv4len
- case socks.ATypIP6:
- bytesToDiscard = net.IPv6len
- case socks.ATypDomain:
- _, err := io.ReadFull(conn, buf[:1])
- if err != nil {
- return errors.New("proxy: failed to read domain length from SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
- bytesToDiscard = int(buf[0])
- default:
- return errors.New("proxy: got unknown address type " + strconv.Itoa(int(buf[3])) + " from SOCKS5 proxy at " + s.addr)
- }
-
- if cap(buf) < bytesToDiscard {
- buf = make([]byte, bytesToDiscard)
- } else {
- buf = buf[:bytesToDiscard]
- }
- if _, err := io.ReadFull(conn, buf); err != nil {
- return errors.New("proxy: failed to read address from SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
-
- // Also need to discard the port number
- if _, err := io.ReadFull(conn, buf[:2]); err != nil {
- return errors.New("proxy: failed to read port from SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
-
- return nil
-}
-
-// Handshake fast-tracks SOCKS initialization to get target address to connect.
-func (s *SOCKS5) handshake(rw io.ReadWriter) (socks.Addr, error) {
- // Read RFC 1928 for request and reply structure and sizes.
- buf := make([]byte, socks.MaxAddrLen)
- // read VER, NMETHODS, METHODS
- if _, err := io.ReadFull(rw, buf[:2]); err != nil {
- return nil, err
- }
- nmethods := buf[1]
- if _, err := io.ReadFull(rw, buf[:nmethods]); err != nil {
- return nil, err
- }
- // write VER METHOD
- if _, err := rw.Write([]byte{5, 0}); err != nil {
- return nil, err
- }
- // read VER CMD RSV ATYP DST.ADDR DST.PORT
- if _, err := io.ReadFull(rw, buf[:3]); err != nil {
- return nil, err
- }
- cmd := buf[1]
- addr, err := socks.ReadAddrBuf(rw, buf)
- if err != nil {
- return nil, err
- }
- switch cmd {
- case socks.CmdConnect:
- _, err = rw.Write([]byte{5, 0, 0, 1, 0, 0, 0, 0, 0, 0}) // SOCKS v5, reply succeeded
- case socks.CmdUDPAssociate:
- listenAddr := socks.ParseAddr(rw.(net.Conn).LocalAddr().String())
- _, err = rw.Write(append([]byte{5, 0, 0}, listenAddr...)) // SOCKS v5, reply succeeded
- if err != nil {
- return nil, socks.Errors[7]
- }
- err = socks.Errors[9]
- default:
- return nil, socks.Errors[7]
- }
-
- return addr, err // skip VER, CMD, RSV fields
-}
diff --git a/proxy/ss/dialer.go b/proxy/ss/dialer.go
new file mode 100644
index 0000000..a9e89bd
--- /dev/null
+++ b/proxy/ss/dialer.go
@@ -0,0 +1,86 @@
+package ss
+
+import (
+ "errors"
+ "net"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/common/socks"
+ "github.com/nadoo/glider/proxy"
+)
+
+func init() {
+ proxy.RegisterDialer("ss", CreateDialer)
+}
+
+// Dialer struct
+type Dialer struct {
+ *SS
+ dialer proxy.Dialer
+}
+
+// NewDialer returns a proxy dialer
+func NewDialer(s string, dialer proxy.Dialer) (*Dialer, error) {
+ h, err := NewSS(s)
+ if err != nil {
+ return nil, err
+ }
+
+ d := &Dialer{SS: h, dialer: dialer}
+ return d, nil
+}
+
+// CreateDialer returns a proxy dialer
+func CreateDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewDialer(s, dialer)
+}
+
+// Addr returns dialer's address
+func (s *Dialer) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
+
+// NextDialer returns the next dialer
+func (s *Dialer) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial establishes a connection to the addr
+func (s *Dialer) Dial(network, addr string) (net.Conn, error) {
+ target := socks.ParseAddr(addr)
+ if target == nil {
+ return nil, errors.New("[ss] unable to parse address: " + addr)
+ }
+
+ if network == "uot" {
+ target[0] = target[0] | 0x8
+ }
+
+ c, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ log.F("[ss] dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ c = s.StreamConn(c)
+ if _, err = c.Write(target); err != nil {
+ c.Close()
+ return nil, err
+ }
+
+ return c, err
+
+}
+
+// DialUDP returns a PacketConn to the addr
+func (s *Dialer) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ pc, nextHop, err := s.dialer.DialUDP(network, s.addr)
+ if err != nil {
+ log.F("[ss] dialudp to %s error: %s", s.addr, err)
+ return nil, nil, err
+ }
+
+ pkc := NewPktConn(s.PacketConn(pc), nextHop, socks.ParseAddr(addr), true)
+ return pkc, nextHop, err
+}
diff --git a/proxy/ss/server.go b/proxy/ss/server.go
new file mode 100644
index 0000000..e593ca6
--- /dev/null
+++ b/proxy/ss/server.go
@@ -0,0 +1,194 @@
+package ss
+
+import (
+ "net"
+ "sync"
+ "time"
+
+ "github.com/nadoo/glider/common/conn"
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/common/socks"
+ "github.com/nadoo/glider/proxy"
+)
+
+func init() {
+ proxy.RegisterServer("ss", CreateServer)
+}
+
+// Server struct
+type Server struct {
+ *SS
+ *proxy.Forwarder
+}
+
+// NewServer returns a local proxy server
+func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
+ h, err := NewSS(s)
+ if err != nil {
+ return nil, err
+ }
+ server := &Server{SS: h, Forwarder: f}
+ return server, nil
+}
+
+// CreateServer returns a local proxy server
+func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
+ return NewServer(s, f)
+}
+
+// ListenAndServe serves requests from clients
+func (s *Server) ListenAndServe() {
+ go s.ListenAndServeUDP()
+ s.ListenAndServeTCP()
+}
+
+// ListenAndServeTCP serves tcp requests
+func (s *Server) ListenAndServeTCP() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ log.F("[ss] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+
+ log.F("[ss] listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[ss] failed to accept: %v", err)
+ continue
+ }
+ go s.ServeTCP(c)
+ }
+}
+
+// ServeTCP serves tcp requests
+func (s *Server) ServeTCP(c net.Conn) {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ c = s.StreamConn(c)
+
+ tgt, err := socks.ReadAddr(c)
+ if err != nil {
+ log.F("[ss] failed to get target address: %v", err)
+ return
+ }
+
+ dialer := s.NextDialer(tgt.String())
+
+ // udp over tcp?
+ uot := socks.UoT(tgt[0])
+ if uot && dialer.Addr() == "DIRECT" {
+ rc, err := net.ListenPacket("udp", "")
+ if err != nil {
+ log.F("[ss-uottun] UDP remote listen error: %v", err)
+ }
+ defer rc.Close()
+
+ req := make([]byte, conn.UDPBufSize)
+ n, err := c.Read(req)
+ if err != nil {
+ log.F("[ss-uottun] error in ioutil.ReadAll: %s\n", err)
+ return
+ }
+
+ tgtAddr, _ := net.ResolveUDPAddr("udp", tgt.String())
+ rc.WriteTo(req[:n], tgtAddr)
+
+ buf := make([]byte, conn.UDPBufSize)
+ n, _, err = rc.ReadFrom(buf)
+ if err != nil {
+ log.F("[ss-uottun] read error: %v", err)
+ }
+
+ c.Write(buf[:n])
+
+ log.F("[ss] %s <-tcp-> %s - %s <-udp-> %s ", c.RemoteAddr(), c.LocalAddr(), rc.LocalAddr(), tgt)
+
+ return
+ }
+
+ network := "tcp"
+ if uot {
+ network = "udp"
+ }
+
+ rc, err := dialer.Dial(network, tgt.String())
+ if err != nil {
+ log.F("[ss] failed to connect to target: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ log.F("[ss] %s <-> %s", c.RemoteAddr(), tgt)
+
+ _, _, err = conn.Relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ log.F("[ss] relay error: %v", err)
+ }
+
+}
+
+// ListenAndServeUDP serves udp requests
+func (s *Server) ListenAndServeUDP() {
+ lc, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ log.F("[ss-udp] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer lc.Close()
+
+ lc = s.PacketConn(lc)
+
+ log.F("[ss-udp] listening UDP on %s", s.addr)
+
+ var nm sync.Map
+ buf := make([]byte, conn.UDPBufSize)
+
+ for {
+ c := NewPktConn(lc, nil, nil, true)
+
+ n, raddr, err := c.ReadFrom(buf)
+ if err != nil {
+ log.F("[ss-udp] remote read error: %v", err)
+ continue
+ }
+
+ var pc *PktConn
+ v, ok := nm.Load(raddr.String())
+ if !ok && v == nil {
+ lpc, nextHop, err := s.DialUDP("udp", c.tgtAddr.String())
+ if err != nil {
+ log.F("[ss-udp] remote dial error: %v", err)
+ continue
+ }
+
+ pc = NewPktConn(lpc, nextHop, nil, false)
+ nm.Store(raddr.String(), pc)
+
+ go func() {
+ conn.TimedCopy(c, raddr, pc, 2*time.Minute)
+ pc.Close()
+ nm.Delete(raddr.String())
+ }()
+
+ } else {
+ pc = v.(*PktConn)
+ }
+
+ _, err = pc.WriteTo(buf[:n], pc.writeAddr)
+ if err != nil {
+ log.F("[ss-udp] remote write error: %v", err)
+ continue
+ }
+
+ log.F("[ss-udp] %s <-> %s", raddr, c.tgtAddr)
+ }
+}
diff --git a/proxy/ss/ss.go b/proxy/ss/ss.go
index 919ac95..b8b2b63 100644
--- a/proxy/ss/ss.go
+++ b/proxy/ss/ss.go
@@ -1,36 +1,22 @@
package ss
import (
- "errors"
- "net"
"net/url"
"strings"
- "sync"
- "time"
"github.com/shadowsocks/go-shadowsocks2/core"
- "github.com/nadoo/glider/common/conn"
"github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/common/socks"
- "github.com/nadoo/glider/proxy"
)
// SS .
type SS struct {
- dialer proxy.Dialer
- addr string
-
+ addr string
core.Cipher
}
-func init() {
- proxy.RegisterDialer("ss", NewSSDialer)
- proxy.RegisterServer("ss", NewSSServer)
-}
-
// NewSS returns a shadowsocks proxy.
-func NewSS(s string, dialer proxy.Dialer) (*SS, error) {
+func NewSS(s string) (*SS, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -47,7 +33,6 @@ func NewSS(s string, dialer proxy.Dialer) (*SS, error) {
}
p := &SS{
- dialer: dialer,
addr: addr,
Cipher: ciph,
}
@@ -55,224 +40,7 @@ func NewSS(s string, dialer proxy.Dialer) (*SS, error) {
return p, nil
}
-// NewSSDialer returns a ss proxy dialer.
-func NewSSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewSS(s, dialer)
-}
-
-// NewSSServer returns a ss proxy server.
-func NewSSServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
- return NewSS(s, dialer)
-}
-
-// ListenAndServe serves ss requests.
-func (s *SS) ListenAndServe() {
- go s.ListenAndServeUDP()
- s.ListenAndServeTCP()
-}
-
-// ListenAndServeTCP serves tcp ss requests.
-func (s *SS) ListenAndServeTCP() {
- l, err := net.Listen("tcp", s.addr)
- if err != nil {
- log.F("[ss] failed to listen on %s: %v", s.addr, err)
- return
- }
-
- log.F("[ss] listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
- if err != nil {
- log.F("[ss] failed to accept: %v", err)
- continue
- }
- go s.ServeTCP(c)
- }
-}
-
-// ServeTCP serves tcp ss requests.
-func (s *SS) ServeTCP(c net.Conn) {
- defer c.Close()
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- c = s.StreamConn(c)
-
- tgt, err := socks.ReadAddr(c)
- if err != nil {
- log.F("[ss] failed to get target address: %v", err)
- return
- }
-
- dialer := s.dialer.NextDialer(tgt.String())
-
- // udp over tcp?
- uot := socks.UoT(tgt[0])
- if uot && dialer.Addr() == "DIRECT" {
- rc, err := net.ListenPacket("udp", "")
- if err != nil {
- log.F("[ss-uottun] UDP remote listen error: %v", err)
- }
- defer rc.Close()
-
- req := make([]byte, conn.UDPBufSize)
- n, err := c.Read(req)
- if err != nil {
- log.F("[ss-uottun] error in ioutil.ReadAll: %s\n", err)
- return
- }
-
- tgtAddr, _ := net.ResolveUDPAddr("udp", tgt.String())
- rc.WriteTo(req[:n], tgtAddr)
-
- buf := make([]byte, conn.UDPBufSize)
- n, _, err = rc.ReadFrom(buf)
- if err != nil {
- log.F("[ss-uottun] read error: %v", err)
- }
-
- c.Write(buf[:n])
-
- log.F("[ss] %s <-tcp-> %s - %s <-udp-> %s ", c.RemoteAddr(), c.LocalAddr(), rc.LocalAddr(), tgt)
-
- return
- }
-
- network := "tcp"
- if uot {
- network = "udp"
- }
-
- rc, err := dialer.Dial(network, tgt.String())
- if err != nil {
- log.F("[ss] failed to connect to target: %v", err)
- return
- }
- defer rc.Close()
-
- log.F("[ss] %s <-> %s", c.RemoteAddr(), tgt)
-
- _, _, err = conn.Relay(c, rc)
- if err != nil {
- if err, ok := err.(net.Error); ok && err.Timeout() {
- return // ignore i/o timeout
- }
- log.F("[ss] relay error: %v", err)
- }
-
-}
-
-// ListenAndServeUDP serves udp ss requests.
-func (s *SS) ListenAndServeUDP() {
- lc, err := net.ListenPacket("udp", s.addr)
- if err != nil {
- log.F("[ss-udp] failed to listen on %s: %v", s.addr, err)
- return
- }
- defer lc.Close()
-
- lc = s.PacketConn(lc)
-
- log.F("[ss-udp] listening UDP on %s", s.addr)
-
- var nm sync.Map
- buf := make([]byte, conn.UDPBufSize)
-
- for {
- c := NewPktConn(lc, nil, nil, true)
-
- n, raddr, err := c.ReadFrom(buf)
- if err != nil {
- log.F("[ss-udp] remote read error: %v", err)
- continue
- }
-
- var pc *PktConn
- v, ok := nm.Load(raddr.String())
- if !ok && v == nil {
- lpc, nextHop, err := s.dialer.DialUDP("udp", c.tgtAddr.String())
- if err != nil {
- log.F("[ss-udp] remote dial error: %v", err)
- continue
- }
-
- pc = NewPktConn(lpc, nextHop, nil, false)
- nm.Store(raddr.String(), pc)
-
- go func() {
- conn.TimedCopy(c, raddr, pc, 2*time.Minute)
- pc.Close()
- nm.Delete(raddr.String())
- }()
-
- } else {
- pc = v.(*PktConn)
- }
-
- _, err = pc.WriteTo(buf[:n], pc.writeAddr)
- if err != nil {
- log.F("[ss-udp] remote write error: %v", err)
- continue
- }
-
- log.F("[ss-udp] %s <-> %s", raddr, c.tgtAddr)
- }
-}
-
// ListCipher .
func ListCipher() string {
return strings.Join(core.ListCipher(), " ")
}
-
-// Addr returns forwarder's address
-func (s *SS) Addr() string {
- if s.addr == "" {
- return s.dialer.Addr()
- }
- return s.addr
-}
-
-// NextDialer returns the next dialer
-func (s *SS) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-
-// Dial connects to the address addr on the network net via the proxy.
-func (s *SS) Dial(network, addr string) (net.Conn, error) {
- target := socks.ParseAddr(addr)
- if target == nil {
- return nil, errors.New("[ss] unable to parse address: " + addr)
- }
-
- if network == "uot" {
- target[0] = target[0] | 0x8
- }
-
- c, err := s.dialer.Dial("tcp", s.addr)
- if err != nil {
- log.F("[ss] dial to %s error: %s", s.addr, err)
- return nil, err
- }
-
- c = s.StreamConn(c)
- if _, err = c.Write(target); err != nil {
- c.Close()
- return nil, err
- }
-
- return c, err
-
-}
-
-// DialUDP connects to the given address via the proxy.
-func (s *SS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- pc, nextHop, err := s.dialer.DialUDP(network, s.addr)
- if err != nil {
- log.F("[ss] dialudp to %s error: %s", s.addr, err)
- return nil, nil, err
- }
-
- pkc := NewPktConn(s.PacketConn(pc), nextHop, socks.ParseAddr(addr), true)
- return pkc, nextHop, err
-}
diff --git a/proxy/ssr/dialer.go b/proxy/ssr/dialer.go
new file mode 100644
index 0000000..fbe29e0
--- /dev/null
+++ b/proxy/ssr/dialer.go
@@ -0,0 +1,130 @@
+package ssr
+
+import (
+ "errors"
+ "net"
+ "strconv"
+ "strings"
+
+ shadowsocksr "github.com/sun8911879/shadowsocksR"
+ "github.com/sun8911879/shadowsocksR/obfs"
+ "github.com/sun8911879/shadowsocksR/protocol"
+ "github.com/sun8911879/shadowsocksR/ssr"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/common/socks"
+ "github.com/nadoo/glider/proxy"
+)
+
+func init() {
+ proxy.RegisterDialer("ssr", CreateDialer)
+}
+
+// Dialer struct
+type Dialer struct {
+ *SSR
+ dialer proxy.Dialer
+}
+
+// NewDialer returns a proxy dialer
+func NewDialer(s string, dialer proxy.Dialer) (*Dialer, error) {
+ h, err := NewSSR(s)
+ if err != nil {
+ return nil, err
+ }
+
+ d := &Dialer{SSR: h, dialer: dialer}
+ return d, nil
+}
+
+// CreateDialer returns a proxy dialer
+func CreateDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewDialer(s, dialer)
+}
+
+// Addr returns dialer's address
+func (s *Dialer) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
+
+// NextDialer returns the next dialer
+func (s *Dialer) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial establishes a connection to the addr
+func (s *Dialer) Dial(network, addr string) (net.Conn, error) {
+ target := socks.ParseAddr(addr)
+ if target == nil {
+ return nil, errors.New("[ssr] unable to parse address: " + addr)
+ }
+
+ cipher, err := shadowsocksr.NewStreamCipher(s.EncryptMethod, s.EncryptPassword)
+ if err != nil {
+ return nil, err
+ }
+
+ c, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ log.F("[ssr] dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ ssrconn := shadowsocksr.NewSSTCPConn(c, cipher)
+ if ssrconn.Conn == nil || ssrconn.RemoteAddr() == nil {
+ return nil, errors.New("[ssr] nil connection")
+ }
+
+ // should initialize obfs/protocol now
+ rs := strings.Split(ssrconn.RemoteAddr().String(), ":")
+ port, _ := strconv.Atoi(rs[1])
+
+ ssrconn.IObfs = obfs.NewObfs(s.Obfs)
+ if ssrconn.IObfs == nil {
+ return nil, errors.New("[ssr] unsupported obfs type: " + s.Obfs)
+ }
+
+ obfsServerInfo := &ssr.ServerInfoForObfs{
+ Host: rs[0],
+ Port: uint16(port),
+ TcpMss: 1460,
+ Param: s.ObfsParam,
+ }
+ ssrconn.IObfs.SetServerInfo(obfsServerInfo)
+
+ ssrconn.IProtocol = protocol.NewProtocol(s.Protocol)
+ if ssrconn.IProtocol == nil {
+ return nil, errors.New("[ssr] unsupported protocol type: " + s.Protocol)
+ }
+
+ protocolServerInfo := &ssr.ServerInfoForObfs{
+ Host: rs[0],
+ Port: uint16(port),
+ TcpMss: 1460,
+ Param: s.ProtocolParam,
+ }
+ ssrconn.IProtocol.SetServerInfo(protocolServerInfo)
+
+ if s.ObfsData == nil {
+ s.ObfsData = ssrconn.IObfs.GetData()
+ }
+ ssrconn.IObfs.SetData(s.ObfsData)
+
+ if s.ProtocolData == nil {
+ s.ProtocolData = ssrconn.IProtocol.GetData()
+ }
+ ssrconn.IProtocol.SetData(s.ProtocolData)
+
+ if _, err := ssrconn.Write(target); err != nil {
+ ssrconn.Close()
+ return nil, err
+ }
+
+ return ssrconn, err
+}
+
+// DialUDP returns a PacketConn to the addr
+func (s *Dialer) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ return nil, nil, errors.New("[ssr] udp not supported now")
+}
diff --git a/proxy/ssr/ssr.go b/proxy/ssr/ssr.go
index 216cae0..c392174 100644
--- a/proxy/ssr/ssr.go
+++ b/proxy/ssr/ssr.go
@@ -1,26 +1,14 @@
package ssr
import (
- "errors"
- "net"
"net/url"
- "strconv"
- "strings"
-
- shadowsocksr "github.com/sun8911879/shadowsocksR"
- "github.com/sun8911879/shadowsocksR/obfs"
- "github.com/sun8911879/shadowsocksR/protocol"
- "github.com/sun8911879/shadowsocksR/ssr"
"github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/common/socks"
- "github.com/nadoo/glider/proxy"
)
// SSR .
type SSR struct {
- dialer proxy.Dialer
- addr string
+ addr string
EncryptMethod string
EncryptPassword string
@@ -32,12 +20,8 @@ type SSR struct {
ProtocolData interface{}
}
-func init() {
- proxy.RegisterDialer("ssr", NewSSRDialer)
-}
-
// NewSSR returns a shadowsocksr proxy, ssr://method:pass@host:port/query
-func NewSSR(s string, dialer proxy.Dialer) (*SSR, error) {
+func NewSSR(s string) (*SSR, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -49,7 +33,6 @@ func NewSSR(s string, dialer proxy.Dialer) (*SSR, error) {
pass, _ := u.User.Password()
p := &SSR{
- dialer: dialer,
addr: addr,
EncryptMethod: method,
EncryptPassword: pass,
@@ -63,95 +46,3 @@ func NewSSR(s string, dialer proxy.Dialer) (*SSR, error) {
return p, nil
}
-
-// NewSSRDialer returns a ssr proxy dialer.
-func NewSSRDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewSSR(s, dialer)
-}
-
-// Addr returns forwarder's address
-func (s *SSR) Addr() string {
- if s.addr == "" {
- return s.dialer.Addr()
- }
- return s.addr
-}
-
-// NextDialer returns the next dialer
-func (s *SSR) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-
-// Dial connects to the address addr on the network net via the proxy.
-func (s *SSR) Dial(network, addr string) (net.Conn, error) {
- target := socks.ParseAddr(addr)
- if target == nil {
- return nil, errors.New("[ssr] unable to parse address: " + addr)
- }
-
- cipher, err := shadowsocksr.NewStreamCipher(s.EncryptMethod, s.EncryptPassword)
- if err != nil {
- return nil, err
- }
-
- c, err := s.dialer.Dial("tcp", s.addr)
- if err != nil {
- log.F("[ssr] dial to %s error: %s", s.addr, err)
- return nil, err
- }
-
- ssrconn := shadowsocksr.NewSSTCPConn(c, cipher)
- if ssrconn.Conn == nil || ssrconn.RemoteAddr() == nil {
- return nil, errors.New("[ssr] nil connection")
- }
-
- // should initialize obfs/protocol now
- rs := strings.Split(ssrconn.RemoteAddr().String(), ":")
- port, _ := strconv.Atoi(rs[1])
-
- ssrconn.IObfs = obfs.NewObfs(s.Obfs)
- if ssrconn.IObfs == nil {
- return nil, errors.New("[ssr] unsupported obfs type: " + s.Obfs)
- }
-
- obfsServerInfo := &ssr.ServerInfoForObfs{
- Host: rs[0],
- Port: uint16(port),
- TcpMss: 1460,
- Param: s.ObfsParam,
- }
- ssrconn.IObfs.SetServerInfo(obfsServerInfo)
-
- ssrconn.IProtocol = protocol.NewProtocol(s.Protocol)
- if ssrconn.IProtocol == nil {
- return nil, errors.New("[ssr] unsupported protocol type: " + s.Protocol)
- }
-
- protocolServerInfo := &ssr.ServerInfoForObfs{
- Host: rs[0],
- Port: uint16(port),
- TcpMss: 1460,
- Param: s.ProtocolParam,
- }
- ssrconn.IProtocol.SetServerInfo(protocolServerInfo)
-
- if s.ObfsData == nil {
- s.ObfsData = ssrconn.IObfs.GetData()
- }
- ssrconn.IObfs.SetData(s.ObfsData)
-
- if s.ProtocolData == nil {
- s.ProtocolData = ssrconn.IProtocol.GetData()
- }
- ssrconn.IProtocol.SetData(s.ProtocolData)
-
- if _, err := ssrconn.Write(target); err != nil {
- ssrconn.Close()
- return nil, err
- }
-
- return ssrconn, err
-}
-
-// DialUDP connects to the given address via the proxy.
-func (s *SSR) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- return nil, nil, errors.New("[ssr] udp not supported now")
-}
diff --git a/proxy/tcptun/server.go b/proxy/tcptun/server.go
new file mode 100644
index 0000000..6964427
--- /dev/null
+++ b/proxy/tcptun/server.go
@@ -0,0 +1,80 @@
+package tcptun
+
+import (
+ "net"
+
+ "github.com/nadoo/glider/common/conn"
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+func init() {
+ proxy.RegisterServer("tcptun", CreateServer)
+}
+
+// Server struct
+type Server struct {
+ *TCPTun
+ *proxy.Forwarder
+}
+
+// NewServer returns a local proxy server
+func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
+ h, err := NewTCPTun(s)
+ if err != nil {
+ return nil, err
+ }
+ server := &Server{TCPTun: h, Forwarder: f}
+ return server, nil
+}
+
+// CreateServer returns a local proxy server
+func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
+ return NewServer(s, f)
+}
+
+// ListenAndServe serves requests from clients
+func (s *Server) ListenAndServe() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ log.F("failed to listen on %s: %v", s.addr, err)
+ return
+ }
+
+ log.F("listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("failed to accept: %v", err)
+ continue
+ }
+
+ go func() {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ rc, err := s.Dial("tcp", s.raddr)
+ if err != nil {
+
+ log.F("failed to connect to target: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ log.F("[tcptun] %s <-> %s", c.RemoteAddr(), s.raddr)
+
+ _, _, err = conn.Relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ log.F("relay error: %v", err)
+ }
+
+ }()
+ }
+}
diff --git a/proxy/tcptun/tcptun.go b/proxy/tcptun/tcptun.go
index 2f2a6c7..abbc409 100644
--- a/proxy/tcptun/tcptun.go
+++ b/proxy/tcptun/tcptun.go
@@ -1,29 +1,20 @@
package tcptun
import (
- "net"
"net/url"
"strings"
- "github.com/nadoo/glider/common/conn"
"github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/proxy"
)
// TCPTun struct
type TCPTun struct {
- dialer proxy.Dialer
- addr string
-
+ addr string
raddr string
}
-func init() {
- proxy.RegisterServer("tcptun", NewTCPTunServer)
-}
-
// NewTCPTun returns a tcptun proxy.
-func NewTCPTun(s string, dialer proxy.Dialer) (*TCPTun, error) {
+func NewTCPTun(s string) (*TCPTun, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -34,61 +25,9 @@ func NewTCPTun(s string, dialer proxy.Dialer) (*TCPTun, error) {
d := strings.Split(addr, "=")
p := &TCPTun{
- dialer: dialer,
- addr: d[0],
- raddr: d[1],
+ addr: d[0],
+ raddr: d[1],
}
return p, nil
}
-
-// NewTCPTunServer returns a udp tunnel server.
-func NewTCPTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
- return NewTCPTun(s, dialer)
-}
-
-// ListenAndServe .
-func (s *TCPTun) ListenAndServe() {
- l, err := net.Listen("tcp", s.addr)
- if err != nil {
- log.F("failed to listen on %s: %v", s.addr, err)
- return
- }
-
- log.F("listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
- if err != nil {
- log.F("failed to accept: %v", err)
- continue
- }
-
- go func() {
- defer c.Close()
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- rc, err := s.dialer.Dial("tcp", s.raddr)
- if err != nil {
-
- log.F("failed to connect to target: %v", err)
- return
- }
- defer rc.Close()
-
- log.F("[tcptun] %s <-> %s", c.RemoteAddr(), s.raddr)
-
- _, _, err = conn.Relay(c, rc)
- if err != nil {
- if err, ok := err.(net.Error); ok && err.Timeout() {
- return // ignore i/o timeout
- }
- log.F("relay error: %v", err)
- }
-
- }()
- }
-}
diff --git a/proxy/tls/dialer.go b/proxy/tls/dialer.go
new file mode 100644
index 0000000..fbec203
--- /dev/null
+++ b/proxy/tls/dialer.go
@@ -0,0 +1,65 @@
+package tls
+
+import (
+ stdtls "crypto/tls"
+ "errors"
+ "net"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+func init() {
+ proxy.RegisterDialer("tls", CreateDialer)
+}
+
+// Dialer struct
+type Dialer struct {
+ *TLS
+ dialer proxy.Dialer
+}
+
+// NewDialer returns a proxy dialer
+func NewDialer(s string, dialer proxy.Dialer) (*Dialer, error) {
+ h, err := NewTLS(s)
+ if err != nil {
+ return nil, err
+ }
+
+ d := &Dialer{TLS: h, dialer: dialer}
+ return d, nil
+}
+
+// CreateDialer returns a proxy dialer
+func CreateDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewDialer(s, dialer)
+}
+
+// Addr returns dialer's address
+func (s *Dialer) Addr() string { return s.addr }
+
+// NextDialer returns the next dialer
+func (s *Dialer) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial establishes a connection to the addr
+func (s *Dialer) Dial(network, addr string) (net.Conn, error) {
+ cc, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ log.F("[tls] dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ conf := &stdtls.Config{
+ ServerName: s.serverName,
+ InsecureSkipVerify: s.skipVerify,
+ }
+
+ c := stdtls.Client(cc, conf)
+ err = c.Handshake()
+ return c, err
+}
+
+// DialUDP returns a PacketConn to the addr
+func (s *Dialer) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ return nil, nil, errors.New("tls client does not support udp now")
+}
diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go
index d4f8cab..9dda7f5 100644
--- a/proxy/tls/tls.go
+++ b/proxy/tls/tls.go
@@ -1,31 +1,22 @@
package tls
import (
- stdtls "crypto/tls"
- "errors"
- "net"
"net/url"
"strings"
"github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/proxy"
)
// TLS .
type TLS struct {
- dialer proxy.Dialer
- addr string
+ addr string
serverName string
skipVerify bool
}
-func init() {
- proxy.RegisterDialer("tls", NewTLSDialer)
-}
-
// NewTLS returns a tls proxy.
-func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
+func NewTLS(s string) (*TLS, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse url err: %s", err)
@@ -44,7 +35,6 @@ func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
serverName := addr[:colonPos]
p := &TLS{
- dialer: dialer,
addr: addr,
serverName: serverName,
skipVerify: false,
@@ -56,37 +46,3 @@ func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
return p, nil
}
-
-// NewTLSDialer returns a tls proxy dialer.
-func NewTLSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewTLS(s, dialer)
-}
-
-// Addr returns forwarder's address
-func (s *TLS) Addr() string { return s.addr }
-
-// NextDialer returns the next dialer
-func (s *TLS) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-
-// Dial connects to the address addr on the network net via the proxy.
-func (s *TLS) Dial(network, addr string) (net.Conn, error) {
- cc, err := s.dialer.Dial("tcp", s.addr)
- if err != nil {
- log.F("[tls] dial to %s error: %s", s.addr, err)
- return nil, err
- }
-
- conf := &stdtls.Config{
- ServerName: s.serverName,
- InsecureSkipVerify: s.skipVerify,
- }
-
- c := stdtls.Client(cc, conf)
- err = c.Handshake()
- return c, err
-}
-
-// DialUDP connects to the given address via the proxy.
-func (s *TLS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- return nil, nil, errors.New("tls client does not support udp now")
-}
diff --git a/proxy/tproxy/tproxy_linux.go b/proxy/tproxy/server_linux.go
similarity index 88%
rename from proxy/tproxy/tproxy_linux.go
rename to proxy/tproxy/server_linux.go
index 6398eb4..14b9265 100644
--- a/proxy/tproxy/tproxy_linux.go
+++ b/proxy/tproxy/server_linux.go
@@ -17,18 +17,18 @@ import (
"github.com/nadoo/glider/proxy"
)
-// TProxy struct
-type TProxy struct {
- dialer proxy.Dialer
- addr string
-}
-
func init() {
- proxy.RegisterServer("tproxy", NewTProxyServer)
+ proxy.RegisterServer("tproxy", CreateServer)
}
-// NewTProxy returns a tproxy.
-func NewTProxy(s string, dialer proxy.Dialer) (*TProxy, error) {
+// Server struct
+type Server struct {
+ addr string
+ *proxy.Forwarder
+}
+
+// NewServer returns a local proxy server
+func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -37,32 +37,32 @@ func NewTProxy(s string, dialer proxy.Dialer) (*TProxy, error) {
addr := u.Host
- p := &TProxy{
- dialer: dialer,
- addr: addr,
+ p := &Server{
+ addr: addr,
+ Forwarder: f,
}
return p, nil
}
-// NewTProxyServer returns a udp tunnel server.
-func NewTProxyServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
- return NewTProxy(s, dialer)
+// CreateServer returns a local proxy server
+func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
+ return NewServer(s, f)
}
// ListenAndServe .
-func (s *TProxy) ListenAndServe() {
+func (s *Server) ListenAndServe() {
// go s.ListenAndServeTCP()
s.ListenAndServeUDP()
}
// ListenAndServeTCP .
-func (s *TProxy) ListenAndServeTCP() {
+func (s *Server) ListenAndServeTCP() {
log.F("[tproxy] tcp mode not supported now, please use 'redir' instead")
}
// ListenAndServeUDP .
-func (s *TProxy) ListenAndServeUDP() {
+func (s *Server) ListenAndServeUDP() {
laddr, err := net.ResolveUDPAddr("udp", s.addr)
if err != nil {
log.F("[tproxy] failed to resolve addr %s: %v", s.addr, err)
diff --git a/proxy/udptun/server.go b/proxy/udptun/server.go
new file mode 100644
index 0000000..5819c9d
--- /dev/null
+++ b/proxy/udptun/server.go
@@ -0,0 +1,92 @@
+package udptun
+
+import (
+ "net"
+ "sync"
+ "time"
+
+ "github.com/nadoo/glider/common/conn"
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+func init() {
+ proxy.RegisterServer("udptun", CreateServer)
+}
+
+// Server struct
+type Server struct {
+ *UDPTun
+ *proxy.Forwarder
+}
+
+// NewServer returns a local proxy server
+func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
+ h, err := NewUDPTun(s)
+ if err != nil {
+ return nil, err
+ }
+ server := &Server{UDPTun: h, Forwarder: f}
+ return server, nil
+}
+
+// CreateServer returns a local proxy server
+func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
+ return NewServer(s, f)
+}
+
+// ListenAndServe serves requests from clients
+func (s *Server) ListenAndServe() {
+ c, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ log.F("[udptun] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer c.Close()
+
+ log.F("[udptun] listening UDP on %s", s.addr)
+
+ var nm sync.Map
+ buf := make([]byte, conn.UDPBufSize)
+
+ for {
+ n, raddr, err := c.ReadFrom(buf)
+ if err != nil {
+ log.F("[udptun] read error: %v", err)
+ continue
+ }
+
+ var pc net.PacketConn
+ var writeAddr net.Addr
+
+ v, ok := nm.Load(raddr.String())
+ if !ok && v == nil {
+
+ pc, writeAddr, err = s.DialUDP("udp", s.raddr)
+ if err != nil {
+ log.F("[udptun] remote dial error: %v", err)
+ continue
+ }
+
+ nm.Store(raddr.String(), pc)
+
+ go func() {
+ conn.TimedCopy(c, raddr, pc, 2*time.Minute)
+ pc.Close()
+ nm.Delete(raddr.String())
+ }()
+
+ } else {
+ pc = v.(net.PacketConn)
+ }
+
+ _, err = pc.WriteTo(buf[:n], writeAddr)
+ if err != nil {
+ log.F("[udptun] remote write error: %v", err)
+ continue
+ }
+
+ log.F("[udptun] %s <-> %s", raddr, s.raddr)
+
+ }
+}
diff --git a/proxy/udptun/udptun.go b/proxy/udptun/udptun.go
index 8fb72ff..60afe10 100644
--- a/proxy/udptun/udptun.go
+++ b/proxy/udptun/udptun.go
@@ -1,31 +1,20 @@
package udptun
import (
- "net"
"net/url"
"strings"
- "sync"
- "time"
- "github.com/nadoo/glider/common/conn"
"github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/proxy"
)
// UDPTun struct
type UDPTun struct {
- dialer proxy.Dialer
- addr string
-
+ addr string
raddr string
}
-func init() {
- proxy.RegisterServer("udptun", NewUDPTunServer)
-}
-
// NewUDPTun returns a UDPTun proxy.
-func NewUDPTun(s string, dialer proxy.Dialer) (*UDPTun, error) {
+func NewUDPTun(s string) (*UDPTun, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -36,71 +25,9 @@ func NewUDPTun(s string, dialer proxy.Dialer) (*UDPTun, error) {
d := strings.Split(addr, "=")
p := &UDPTun{
- dialer: dialer,
- addr: d[0],
- raddr: d[1],
+ addr: d[0],
+ raddr: d[1],
}
return p, nil
}
-
-// NewUDPTunServer returns a udp tunnel server.
-func NewUDPTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
- return NewUDPTun(s, dialer)
-}
-
-// ListenAndServe .
-func (s *UDPTun) ListenAndServe() {
- c, err := net.ListenPacket("udp", s.addr)
- if err != nil {
- log.F("[udptun] failed to listen on %s: %v", s.addr, err)
- return
- }
- defer c.Close()
-
- log.F("[udptun] listening UDP on %s", s.addr)
-
- var nm sync.Map
- buf := make([]byte, conn.UDPBufSize)
-
- for {
- n, raddr, err := c.ReadFrom(buf)
- if err != nil {
- log.F("[udptun] read error: %v", err)
- continue
- }
-
- var pc net.PacketConn
- var writeAddr net.Addr
-
- v, ok := nm.Load(raddr.String())
- if !ok && v == nil {
-
- pc, writeAddr, err = s.dialer.DialUDP("udp", s.raddr)
- if err != nil {
- log.F("[udptun] remote dial error: %v", err)
- continue
- }
-
- nm.Store(raddr.String(), pc)
-
- go func() {
- conn.TimedCopy(c, raddr, pc, 2*time.Minute)
- pc.Close()
- nm.Delete(raddr.String())
- }()
-
- } else {
- pc = v.(net.PacketConn)
- }
-
- _, err = pc.WriteTo(buf[:n], writeAddr)
- if err != nil {
- log.F("[udptun] remote write error: %v", err)
- continue
- }
-
- log.F("[udptun] %s <-> %s", raddr, s.raddr)
-
- }
-}
diff --git a/proxy/uottun/server.go b/proxy/uottun/server.go
new file mode 100644
index 0000000..eb0bddf
--- /dev/null
+++ b/proxy/uottun/server.go
@@ -0,0 +1,90 @@
+package uottun
+
+import (
+ "io/ioutil"
+ "net"
+ "time"
+
+ "github.com/nadoo/glider/common/conn"
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+func init() {
+ proxy.RegisterServer("uottun", CreateServer)
+}
+
+// Server struct
+type Server struct {
+ *UoTTun
+ *proxy.Forwarder
+}
+
+// NewServer returns a local proxy server
+func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
+ h, err := NewUoTTun(s)
+ if err != nil {
+ return nil, err
+ }
+ server := &Server{UoTTun: h, Forwarder: f}
+ return server, nil
+}
+
+// CreateServer returns a local proxy server
+func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
+ return NewServer(s, f)
+}
+
+// ListenAndServe serves requests from clients
+func (s *Server) ListenAndServe() {
+ c, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ log.F("[uottun] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer c.Close()
+
+ log.F("[uottun] listening UDP on %s", s.addr)
+
+ buf := make([]byte, conn.UDPBufSize)
+
+ for {
+ n, clientAddr, err := c.ReadFrom(buf)
+ if err != nil {
+ log.F("[uottun] read error: %v", err)
+ continue
+ }
+
+ rc, err := s.Dial("uot", s.raddr)
+ if err != nil {
+ log.F("[uottun] failed to connect to server %v: %v", s.raddr, err)
+ continue
+ }
+
+ go func() {
+ // no remote forwarder, just a local udp forwarder
+ if urc, ok := rc.(*net.UDPConn); ok {
+ conn.TimedCopy(c, clientAddr, urc, 2*time.Minute)
+ urc.Close()
+ return
+ }
+
+ // remote forwarder, udp over tcp
+ resp, err := ioutil.ReadAll(rc)
+ if err != nil {
+ log.F("error in ioutil.ReadAll: %s\n", err)
+ return
+ }
+ rc.Close()
+ c.WriteTo(resp, clientAddr)
+ }()
+
+ _, err = rc.Write(buf[:n])
+ if err != nil {
+ log.F("[uottun] remote write error: %v", err)
+ continue
+ }
+
+ log.F("[uottun] %s <-> %s", clientAddr, s.raddr)
+ }
+}
diff --git a/proxy/uottun/uottun.go b/proxy/uottun/uottun.go
index f43418c..83142ba 100644
--- a/proxy/uottun/uottun.go
+++ b/proxy/uottun/uottun.go
@@ -1,31 +1,20 @@
package uottun
import (
- "io/ioutil"
- "net"
"net/url"
"strings"
- "time"
- "github.com/nadoo/glider/common/conn"
"github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/proxy"
)
// UoTTun udp over tcp tunnel
type UoTTun struct {
- dialer proxy.Dialer
- addr string
-
+ addr string
raddr string
}
-func init() {
- proxy.RegisterServer("uottun", NewUoTTunServer)
-}
-
// NewUoTTun returns a UoTTun proxy.
-func NewUoTTun(s string, dialer proxy.Dialer) (*UoTTun, error) {
+func NewUoTTun(s string) (*UoTTun, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -36,69 +25,9 @@ func NewUoTTun(s string, dialer proxy.Dialer) (*UoTTun, error) {
d := strings.Split(addr, "=")
p := &UoTTun{
- dialer: dialer,
- addr: d[0],
- raddr: d[1],
+ addr: d[0],
+ raddr: d[1],
}
return p, nil
}
-
-// NewUoTTunServer returns a uot tunnel server.
-func NewUoTTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
- return NewUoTTun(s, dialer)
-}
-
-// ListenAndServe .
-func (s *UoTTun) ListenAndServe() {
- c, err := net.ListenPacket("udp", s.addr)
- if err != nil {
- log.F("[uottun] failed to listen on %s: %v", s.addr, err)
- return
- }
- defer c.Close()
-
- log.F("[uottun] listening UDP on %s", s.addr)
-
- buf := make([]byte, conn.UDPBufSize)
-
- for {
- n, clientAddr, err := c.ReadFrom(buf)
- if err != nil {
- log.F("[uottun] read error: %v", err)
- continue
- }
-
- rc, err := s.dialer.Dial("uot", s.raddr)
- if err != nil {
- log.F("[uottun] failed to connect to server %v: %v", s.raddr, err)
- continue
- }
-
- go func() {
- // no remote forwarder, just a local udp forwarder
- if urc, ok := rc.(*net.UDPConn); ok {
- conn.TimedCopy(c, clientAddr, urc, 2*time.Minute)
- urc.Close()
- return
- }
-
- // remote forwarder, udp over tcp
- resp, err := ioutil.ReadAll(rc)
- if err != nil {
- log.F("error in ioutil.ReadAll: %s\n", err)
- return
- }
- rc.Close()
- c.WriteTo(resp, clientAddr)
- }()
-
- _, err = rc.Write(buf[:n])
- if err != nil {
- log.F("[uottun] remote write error: %v", err)
- continue
- }
-
- log.F("[uottun] %s <-> %s", clientAddr, s.raddr)
- }
-}
diff --git a/proxy/vmess/dialer.go b/proxy/vmess/dialer.go
new file mode 100644
index 0000000..5f875c9
--- /dev/null
+++ b/proxy/vmess/dialer.go
@@ -0,0 +1,60 @@
+package vmess
+
+import (
+ "errors"
+ "net"
+
+ "github.com/nadoo/glider/proxy"
+)
+
+func init() {
+ proxy.RegisterDialer("vmess", CreateDialer)
+}
+
+// Dialer struct
+type Dialer struct {
+ *VMess
+ dialer proxy.Dialer
+}
+
+// NewDialer returns a proxy dialer
+func NewDialer(s string, dialer proxy.Dialer) (*Dialer, error) {
+ h, err := NewVMess(s)
+ if err != nil {
+ return nil, err
+ }
+
+ d := &Dialer{VMess: h, dialer: dialer}
+ return d, nil
+}
+
+// CreateDialer returns a proxy dialer
+func CreateDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewDialer(s, dialer)
+}
+
+// Addr returns dialer's address
+func (s *Dialer) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
+
+// NextDialer returns the next dialer
+func (s *Dialer) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial establishes a connection to the addr
+func (s *Dialer) Dial(network, addr string) (net.Conn, error) {
+ rc, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ return nil, err
+ }
+
+ return s.client.NewConn(rc, addr)
+}
+
+// DialUDP returns a PacketConn to the addr
+func (s *Dialer) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ return nil, nil, errors.New("vmess client does not support udp now")
+}
diff --git a/proxy/vmess/vmess.go b/proxy/vmess/vmess.go
index 6e46481..ccc1068 100644
--- a/proxy/vmess/vmess.go
+++ b/proxy/vmess/vmess.go
@@ -1,19 +1,15 @@
package vmess
import (
- "errors"
- "net"
"net/url"
"strconv"
"github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/proxy"
)
// VMess .
type VMess struct {
- dialer proxy.Dialer
- addr string
+ addr string
uuid string
alterID int
@@ -22,12 +18,8 @@ type VMess struct {
client *Client
}
-func init() {
- proxy.RegisterDialer("vmess", NewVMessDialer)
-}
-
// NewVMess returns a vmess proxy.
-func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
+func NewVMess(s string) (*VMess, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse url err: %s", err)
@@ -62,7 +54,6 @@ func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
}
p := &VMess{
- dialer: dialer,
addr: addr,
uuid: uuid,
alterID: int(alterID),
@@ -72,34 +63,3 @@ func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
return p, nil
}
-
-// NewVMessDialer returns a vmess proxy dialer.
-func NewVMessDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewVMess(s, dialer)
-}
-
-// Addr returns forwarder's address
-func (s *VMess) Addr() string {
- if s.addr == "" {
- return s.dialer.Addr()
- }
- return s.addr
-}
-
-// NextDialer returns the next dialer
-func (s *VMess) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-
-// Dial connects to the address addr on the network net via the proxy.
-func (s *VMess) Dial(network, addr string) (net.Conn, error) {
- rc, err := s.dialer.Dial("tcp", s.addr)
- if err != nil {
- return nil, err
- }
-
- return s.client.NewConn(rc, addr)
-}
-
-// DialUDP connects to the given address via the proxy.
-func (s *VMess) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- return nil, nil, errors.New("vmess client does not support udp now")
-}
diff --git a/proxy/ws/dialer.go b/proxy/ws/dialer.go
new file mode 100644
index 0000000..ec39b8f
--- /dev/null
+++ b/proxy/ws/dialer.go
@@ -0,0 +1,60 @@
+package ws
+
+import (
+ "errors"
+ "net"
+
+ "github.com/nadoo/glider/proxy"
+)
+
+func init() {
+ proxy.RegisterDialer("ws", CreateDialer)
+}
+
+// Dialer struct
+type Dialer struct {
+ *WS
+ dialer proxy.Dialer
+}
+
+// NewDialer returns a proxy dialer
+func NewDialer(s string, dialer proxy.Dialer) (*Dialer, error) {
+ h, err := NewWS(s, dialer)
+ if err != nil {
+ return nil, err
+ }
+
+ d := &Dialer{WS: h, dialer: dialer}
+ return d, nil
+}
+
+// CreateDialer returns a proxy dialer
+func CreateDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewDialer(s, dialer)
+}
+
+// Addr returns dialer's address
+func (s *Dialer) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
+
+// NextDialer returns the next dialer
+func (s *Dialer) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial establishes a connection to the addr
+func (s *Dialer) Dial(network, addr string) (net.Conn, error) {
+ rc, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ return nil, err
+ }
+
+ return s.client.NewConn(rc, addr)
+}
+
+// DialUDP returns a PacketConn to the addr
+func (s *Dialer) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ return nil, nil, errors.New("ws client does not support udp now")
+}
diff --git a/proxy/ws/ws.go b/proxy/ws/ws.go
index 3f6bf48..f07cd5d 100644
--- a/proxy/ws/ws.go
+++ b/proxy/ws/ws.go
@@ -1,8 +1,6 @@
package ws
import (
- "errors"
- "net"
"net/url"
"strings"
@@ -12,16 +10,10 @@ import (
// WS .
type WS struct {
- dialer proxy.Dialer
addr string
-
client *Client
}
-func init() {
- proxy.RegisterDialer("ws", NewWSDialer)
-}
-
// NewWS returns a websocket proxy.
func NewWS(s string, dialer proxy.Dialer) (*WS, error) {
u, err := url.Parse(s)
@@ -50,41 +42,9 @@ func NewWS(s string, dialer proxy.Dialer) (*WS, error) {
}
p := &WS{
- dialer: dialer,
addr: addr,
client: client,
}
return p, nil
}
-
-// NewWSDialer returns a ws proxy dialer.
-func NewWSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewWS(s, dialer)
-}
-
-// Addr returns forwarder's address
-func (s *WS) Addr() string {
- if s.addr == "" {
- return s.dialer.Addr()
- }
- return s.addr
-}
-
-// NextDialer returns the next dialer
-func (s *WS) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-
-// Dial connects to the address addr on the network net via the proxy.
-func (s *WS) Dial(network, addr string) (net.Conn, error) {
- rc, err := s.dialer.Dial("tcp", s.addr)
- if err != nil {
- return nil, err
- }
-
- return s.client.NewConn(rc, addr)
-}
-
-// DialUDP connects to the given address via the proxy.
-func (s *WS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- return nil, nil, errors.New("ws client does not support udp now")
-}
diff --git a/rule.go b/rule.go
index 753d3dc..4ae1150 100644
--- a/rule.go
+++ b/rule.go
@@ -23,20 +23,7 @@ func NewRuleDialer(rules []*RuleConf, gDialer proxy.Dialer) *RuleDialer {
rd := &RuleDialer{gDialer: gDialer}
for _, r := range rules {
- var fwdrs []proxy.Dialer
- for _, chain := range r.Forward {
- var fwdr proxy.Dialer
- var err error
- for _, url := range strings.Split(chain, ",") {
- fwdr, err = proxy.DialerFromURL(url, fwdr)
- if err != nil {
- log.Fatal(err)
- }
- }
- fwdrs = append(fwdrs, fwdr)
- }
-
- sDialer := NewStrategyDialer(r.Strategy, fwdrs, r.CheckWebSite, r.CheckInterval)
+ sDialer := StrategyDialer(r.Forward, &r.StrategyConfig)
for _, domain := range r.Domain {
rd.domainMap.Store(strings.ToLower(domain), sDialer)
@@ -51,7 +38,6 @@ func NewRuleDialer(rules []*RuleConf, gDialer proxy.Dialer) *RuleDialer {
rd.cidrMap.Store(cidr, sDialer)
}
}
-
}
return rd
diff --git a/strategy.go b/strategy.go
index 3324d85..b9670a1 100644
--- a/strategy.go
+++ b/strategy.go
@@ -12,27 +12,44 @@ import (
"github.com/nadoo/glider/proxy"
)
-// NewStrategyDialer returns a new Strategy proxy.Dialer
-func NewStrategyDialer(strategy string, dialers []proxy.Dialer, website string, interval int) proxy.Dialer {
- if len(dialers) == 0 {
+// StrategyConfig .
+type StrategyConfig struct {
+ Strategy string
+ CheckWebSite string
+ CheckInterval int
+}
+
+// StrategyDialer .
+func StrategyDialer(s []string, c *StrategyConfig) proxy.Dialer {
+ // global forwarders in xx.conf
+ var fwdrs []*proxy.Forwarder
+ for _, chain := range s {
+ fwdr, err := proxy.ForwarderFromURL(chain)
+ if err != nil {
+ log.Fatal(err)
+ }
+ fwdrs = append(fwdrs, fwdr)
+ }
+
+ if len(fwdrs) == 0 {
return proxy.Direct
}
- if len(dialers) == 1 {
- return dialers[0]
+ if len(fwdrs) == 1 {
+ return fwdrs[0]
}
var dialer proxy.Dialer
- switch strategy {
+ switch c.Strategy {
case "rr":
- dialer = newRRDialer(dialers, website, interval)
+ dialer = newRRDialer(fwdrs, c.CheckWebSite, c.CheckInterval)
log.F("forward to remote servers in round robin mode.")
case "ha":
- dialer = newHADialer(dialers, website, interval)
+ dialer = newHADialer(fwdrs, c.CheckWebSite, c.CheckInterval)
log.F("forward to remote servers in high availability mode.")
default:
- log.F("not supported forward mode '%s', just use the first forward server.", conf.Strategy)
- dialer = dialers[0]
+ log.F("not supported forward mode '%s', just use the first forward server.", c.Strategy)
+ dialer = fwdrs[0]
}
return dialer
@@ -40,8 +57,8 @@ func NewStrategyDialer(strategy string, dialers []proxy.Dialer, website string,
// rrDialer is the base struct of strategy dialer
type rrDialer struct {
- dialers []proxy.Dialer
- idx int
+ fwdrs []*proxy.Forwarder
+ idx int
status sync.Map
@@ -51,13 +68,13 @@ type rrDialer struct {
}
// newRRDialer returns a new rrDialer
-func newRRDialer(dialers []proxy.Dialer, website string, interval int) *rrDialer {
- rr := &rrDialer{dialers: dialers}
+func newRRDialer(fwdrs []*proxy.Forwarder, website string, interval int) *rrDialer {
+ rr := &rrDialer{fwdrs: fwdrs}
rr.website = website
rr.interval = interval
- for k := range dialers {
+ for k := range fwdrs {
rr.status.Store(k, true)
go rr.checkDialer(k)
}
@@ -74,8 +91,8 @@ func (rr *rrDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo ne
return rr.NextDialer(addr).DialUDP(network, addr)
}
-func (rr *rrDialer) NextDialer(dstAddr string) proxy.Dialer {
- n := len(rr.dialers)
+func (rr *rrDialer) nextDialer(dstAddr string) *proxy.Forwarder {
+ n := len(rr.fwdrs)
if n == 1 {
rr.idx = 0
}
@@ -94,7 +111,11 @@ func (rr *rrDialer) NextDialer(dstAddr string) proxy.Dialer {
log.F("NO AVAILABLE PROXY FOUND! please check your network or proxy server settings.")
}
- return rr.dialers[rr.idx]
+ return rr.fwdrs[rr.idx]
+}
+
+func (rr *rrDialer) NextDialer(dstAddr string) proxy.Dialer {
+ return rr.nextDialer(dstAddr)
}
// Check dialer
@@ -106,7 +127,7 @@ func (rr *rrDialer) checkDialer(idx int) {
rr.website = rr.website + ":80"
}
- d := rr.dialers[idx]
+ d := rr.fwdrs[idx]
for {
time.Sleep(time.Duration(rr.interval) * time.Second * time.Duration(retry>>1))
@@ -150,27 +171,27 @@ type haDialer struct {
}
// newHADialer .
-func newHADialer(dialers []proxy.Dialer, webhost string, duration int) proxy.Dialer {
+func newHADialer(dialers []*proxy.Forwarder, webhost string, duration int) proxy.Dialer {
return &haDialer{rrDialer: newRRDialer(dialers, webhost, duration)}
}
func (ha *haDialer) Dial(network, addr string) (net.Conn, error) {
- d := ha.dialers[ha.idx]
+ d := ha.fwdrs[ha.idx]
result, ok := ha.status.Load(ha.idx)
if ok && !result.(bool) {
- d = ha.NextDialer(addr)
+ d = ha.nextDialer(addr)
}
return d.Dial(network, addr)
}
func (ha *haDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- d := ha.dialers[ha.idx]
+ d := ha.fwdrs[ha.idx]
result, ok := ha.status.Load(ha.idx)
if ok && !result.(bool) {
- d = ha.NextDialer(addr)
+ d = ha.nextDialer(addr)
}
return d.DialUDP(network, addr)
From e3888a6bd3287d142d05c63ea71b2b56ce030d15 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 11 Aug 2018 11:46:10 +0800
Subject: [PATCH 244/341] strategy: moved to a separate package
---
conf.go | 10 ++++++----
main.go | 12 +++---------
proxy/forwarder.go | 1 +
rule.go | 3 ++-
strategy.go => strategy/strategy.go | 10 +++++-----
5 files changed, 17 insertions(+), 19 deletions(-)
rename strategy.go => strategy/strategy.go (96%)
diff --git a/conf.go b/conf.go
index 7042228..13abcc5 100644
--- a/conf.go
+++ b/conf.go
@@ -9,6 +9,8 @@ import (
"strings"
"github.com/nadoo/conflag"
+
+ "github.com/nadoo/glider/strategy"
)
var flag = conflag.New()
@@ -18,8 +20,8 @@ var conf struct {
Listen []string
- Forward []string
- StrategyConfig
+ Forward []string
+ StrategyConfig strategy.Config
RuleFile []string
RulesDir string
@@ -122,8 +124,8 @@ func listDir(dirPth string, suffix string) (files []string, err error) {
type RuleConf struct {
name string
- Forward []string
- StrategyConfig
+ Forward []string
+ StrategyConfig strategy.Config
DNSServer []string
IPSet string
diff --git a/main.go b/main.go
index 48a3a05..528ec37 100644
--- a/main.go
+++ b/main.go
@@ -9,6 +9,7 @@ import (
"github.com/nadoo/glider/common/log"
"github.com/nadoo/glider/dns"
"github.com/nadoo/glider/proxy"
+ "github.com/nadoo/glider/strategy"
_ "github.com/nadoo/glider/proxy/http"
_ "github.com/nadoo/glider/proxy/mixed"
@@ -27,21 +28,14 @@ import (
const VERSION = "0.6.7"
func main() {
-
- // Config
confInit()
-
- // Log
log.F = func(f string, v ...interface{}) {
if conf.Verbose {
stdlog.Printf(f, v...)
}
}
- // Forwarder
- dialer := NewRuleDialer(conf.rules, StrategyDialer(conf.Forward, &conf.StrategyConfig))
-
- // IPSet manager
+ dialer := NewRuleDialer(conf.rules, strategy.NewDialer(conf.Forward, &conf.StrategyConfig))
ipsetM, _ := NewIPSetManager(conf.IPSet, conf.rules)
// DNS Server
@@ -79,7 +73,7 @@ func main() {
go d.ListenAndServe()
}
- // Servers
+ // Proxy Servers
for _, listen := range conf.Listen {
local, err := proxy.ServerFromURL(listen, proxy.NewForwarder(dialer))
if err != nil {
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
index f25f5e6..0f640b7 100644
--- a/proxy/forwarder.go
+++ b/proxy/forwarder.go
@@ -12,6 +12,7 @@ type Forwarder struct {
failures int
priority int
weight int
+ latency int
}
// ForwarderFromURL returns a new forwarder
diff --git a/rule.go b/rule.go
index 4ae1150..a6b990e 100644
--- a/rule.go
+++ b/rule.go
@@ -7,6 +7,7 @@ import (
"github.com/nadoo/glider/common/log"
"github.com/nadoo/glider/proxy"
+ "github.com/nadoo/glider/strategy"
)
// RuleDialer struct
@@ -23,7 +24,7 @@ func NewRuleDialer(rules []*RuleConf, gDialer proxy.Dialer) *RuleDialer {
rd := &RuleDialer{gDialer: gDialer}
for _, r := range rules {
- sDialer := StrategyDialer(r.Forward, &r.StrategyConfig)
+ sDialer := strategy.NewDialer(r.Forward, &r.StrategyConfig)
for _, domain := range r.Domain {
rd.domainMap.Store(strings.ToLower(domain), sDialer)
diff --git a/strategy.go b/strategy/strategy.go
similarity index 96%
rename from strategy.go
rename to strategy/strategy.go
index b9670a1..34608d7 100644
--- a/strategy.go
+++ b/strategy/strategy.go
@@ -1,4 +1,4 @@
-package main
+package strategy
import (
"bytes"
@@ -12,15 +12,15 @@ import (
"github.com/nadoo/glider/proxy"
)
-// StrategyConfig .
-type StrategyConfig struct {
+// Config of strategy
+type Config struct {
Strategy string
CheckWebSite string
CheckInterval int
}
-// StrategyDialer .
-func StrategyDialer(s []string, c *StrategyConfig) proxy.Dialer {
+// NewDialer returns a new strategy dialer
+func NewDialer(s []string, c *Config) proxy.Dialer {
// global forwarders in xx.conf
var fwdrs []*proxy.Forwarder
for _, chain := range s {
From a46ab20901e31e4ccaadf69b2e07f0133445197b Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 12 Aug 2018 12:37:25 +0800
Subject: [PATCH 245/341] forwarder: add the ability to get parameters like
'priority'
---
conf.go | 14 +-
dns/client.go | 11 +-
dns/server.go | 4 +-
main.go | 15 +-
proxy/forwarder.go | 74 +++-
proxy/http/dialer.go | 90 ----
proxy/http/http.go | 225 +++++++++-
proxy/http/server.go | 184 --------
proxy/mixed/{server.go => mixed.go} | 39 +-
.../redir/{server_linux.go => redir_linux.go} | 39 +-
...server_linux_386.go => redir_linux_386.go} | 0
...er_linux_other.go => redir_linux_other.go} | 0
proxy/server.go | 10 +-
proxy/socks5/dialer.go | 251 -----------
proxy/socks5/server.go | 214 ---------
proxy/socks5/socks5.go | 417 +++++++++++++++++-
proxy/ss/dialer.go | 86 ----
proxy/ss/server.go | 194 --------
proxy/ss/ss.go | 236 +++++++++-
proxy/ssr/dialer.go | 130 ------
proxy/ssr/ssr.go | 113 ++++-
proxy/tcptun/server.go | 80 ----
proxy/tcptun/tcptun.go | 69 ++-
proxy/tls/dialer.go | 65 ---
proxy/tls/tls.go | 48 +-
.../{server_linux.go => tproxy_linux.go} | 36 +-
proxy/udptun/server.go | 92 ----
proxy/udptun/udptun.go | 81 +++-
proxy/uottun/server.go | 90 ----
proxy/uottun/uottun.go | 79 +++-
proxy/vmess/dialer.go | 60 ---
proxy/vmess/vmess.go | 44 +-
proxy/ws/dialer.go | 60 ---
proxy/ws/ws.go | 40 ++
34 files changed, 1480 insertions(+), 1710 deletions(-)
delete mode 100644 proxy/http/dialer.go
delete mode 100644 proxy/http/server.go
rename proxy/mixed/{server.go => mixed.go} (77%)
rename proxy/redir/{server_linux.go => redir_linux.go} (86%)
rename proxy/redir/{server_linux_386.go => redir_linux_386.go} (100%)
rename proxy/redir/{server_linux_other.go => redir_linux_other.go} (100%)
delete mode 100644 proxy/socks5/dialer.go
delete mode 100644 proxy/socks5/server.go
delete mode 100644 proxy/ss/dialer.go
delete mode 100644 proxy/ss/server.go
delete mode 100644 proxy/ssr/dialer.go
delete mode 100644 proxy/tcptun/server.go
delete mode 100644 proxy/tls/dialer.go
rename proxy/tproxy/{server_linux.go => tproxy_linux.go} (88%)
delete mode 100644 proxy/udptun/server.go
delete mode 100644 proxy/uottun/server.go
delete mode 100644 proxy/vmess/dialer.go
delete mode 100644 proxy/ws/dialer.go
diff --git a/conf.go b/conf.go
index 13abcc5..7cb8ce6 100644
--- a/conf.go
+++ b/conf.go
@@ -27,11 +27,11 @@ var conf struct {
RulesDir string
DNS string
- DNSServer []string
+ DNSServers []string
DNSTimeout int
DNSMaxTTL int
DNSMinTTL int
- DNSRecord []string
+ DNSRecords []string
IPSet string
@@ -51,11 +51,11 @@ func confInit() {
flag.StringVar(&conf.RulesDir, "rules-dir", "", "rule file folder")
flag.StringVar(&conf.DNS, "dns", "", "dns forwarder server listen address")
- flag.StringSliceUniqVar(&conf.DNSServer, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
+ flag.StringSliceUniqVar(&conf.DNSServers, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
flag.IntVar(&conf.DNSTimeout, "dnstimeout", 3, "timeout value used in multiple dnsservers switch(seconds)")
flag.IntVar(&conf.DNSMaxTTL, "dnsmaxttl", 1800, "maximum TTL value for entries in the CACHE(seconds)")
flag.IntVar(&conf.DNSMinTTL, "dnsminttl", 0, "minimum TTL value for entries in the CACHE(seconds)")
- flag.StringSliceUniqVar(&conf.DNSRecord, "dnsrecord", nil, "custom dns record, format: domain/ip")
+ flag.StringSliceUniqVar(&conf.DNSRecords, "dnsrecord", nil, "custom dns record, format: domain/ip")
flag.StringVar(&conf.IPSet, "ipset", "", "ipset name")
@@ -127,8 +127,8 @@ type RuleConf struct {
Forward []string
StrategyConfig strategy.Config
- DNSServer []string
- IPSet string
+ DNSServers []string
+ IPSet string
Domain []string
IP []string
@@ -145,7 +145,7 @@ func NewRuleConfFromFile(ruleFile string) (*RuleConf, error) {
f.StringVar(&p.StrategyConfig.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
f.IntVar(&p.StrategyConfig.CheckInterval, "checkduration", 30, "proxy check interval(seconds)")
- f.StringSliceUniqVar(&p.DNSServer, "dnsserver", nil, "remote dns server")
+ f.StringSliceUniqVar(&p.DNSServers, "dnsserver", nil, "remote dns server")
f.StringVar(&p.IPSet, "ipset", "", "ipset name")
f.StringSliceUniqVar(&p.Domain, "domain", nil, "domain")
diff --git a/dns/client.go b/dns/client.go
index 247ef38..f5ef83d 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -18,9 +18,11 @@ type HandleFunc func(Domain, ip string) error
// Config for dns
type Config struct {
+ Servers []string
Timeout int
MaxTTL int
MinTTL int
+ Records []string
}
// Client is a dns client struct
@@ -34,15 +36,20 @@ type Client struct {
}
// NewClient returns a new dns client
-func NewClient(dialer proxy.Dialer, upServers []string, config *Config) (*Client, error) {
+func NewClient(dialer proxy.Dialer, config *Config) (*Client, error) {
c := &Client{
dialer: dialer,
cache: NewCache(),
config: config,
- upServers: upServers,
+ upServers: config.Servers,
upServerMap: make(map[string][]string),
}
+ // custom records
+ for _, record := range config.Records {
+ c.AddRecord(record)
+ }
+
return c, nil
}
diff --git a/dns/server.go b/dns/server.go
index bbd8bc4..13243d7 100644
--- a/dns/server.go
+++ b/dns/server.go
@@ -21,8 +21,8 @@ type Server struct {
}
// NewServer returns a new dns server
-func NewServer(addr string, dialer proxy.Dialer, upServers []string, config *Config) (*Server, error) {
- c, err := NewClient(dialer, upServers, config)
+func NewServer(addr string, dialer proxy.Dialer, config *Config) (*Server, error) {
+ c, err := NewClient(dialer, config)
s := &Server{
addr: addr,
Client: c,
diff --git a/main.go b/main.go
index 528ec37..09d6f72 100644
--- a/main.go
+++ b/main.go
@@ -41,25 +41,22 @@ func main() {
// DNS Server
if conf.DNS != "" {
dnscfg := &dns.Config{
+ Servers: conf.DNSServers,
Timeout: conf.DNSTimeout,
MaxTTL: conf.DNSMaxTTL,
- MinTTL: conf.DNSMinTTL}
+ MinTTL: conf.DNSMinTTL,
+ Records: conf.DNSRecords}
- d, err := dns.NewServer(conf.DNS, dialer, conf.DNSServer, dnscfg)
+ d, err := dns.NewServer(conf.DNS, dialer, dnscfg)
if err != nil {
log.Fatal(err)
}
- // custom records
- for _, record := range conf.DNSRecord {
- d.AddRecord(record)
- }
-
// rule
for _, r := range conf.rules {
for _, domain := range r.Domain {
- if len(r.DNSServer) > 0 {
- d.SetServer(domain, r.DNSServer...)
+ if len(r.DNSServers) > 0 {
+ d.SetServer(domain, r.DNSServers...)
}
}
}
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
index 0f640b7..d88aa5a 100644
--- a/proxy/forwarder.go
+++ b/proxy/forwarder.go
@@ -1,32 +1,40 @@
package proxy
import (
+ "net"
+ "net/url"
+ "strconv"
"strings"
+ "sync/atomic"
)
// Forwarder is a forwarder
type Forwarder struct {
Dialer
+ Priority int
addr string
- disabled bool
- failures int
- priority int
- weight int
+ disabled uint32
+ failures uint32
latency int
}
// ForwarderFromURL returns a new forwarder
-func ForwarderFromURL(s string) (*Forwarder, error) {
+func ForwarderFromURL(s string) (f *Forwarder, err error) {
+ ss := strings.Split(s, "#")
var d Dialer
- var err error
- for _, url := range strings.Split(s, ",") {
+ for _, url := range strings.Split(ss[0], ",") {
d, err = DialerFromURL(url, d)
if err != nil {
return nil, err
}
}
- return &Forwarder{Dialer: d}, nil
+ f = NewForwarder(d)
+ if len(ss) > 1 {
+ err = f.parseOption(ss[1])
+ }
+
+ return f, err
}
// NewForwarder .
@@ -34,17 +42,61 @@ func NewForwarder(dialer Dialer) *Forwarder {
return &Forwarder{Dialer: dialer, addr: dialer.Addr()}
}
+func (f *Forwarder) parseOption(option string) error {
+ query, err := url.ParseQuery(option)
+ if err != nil {
+ return err
+ }
+
+ var priority uint64
+ p := query.Get("priority")
+ if p != "" {
+ priority, err = strconv.ParseUint(p, 10, 32)
+ }
+ f.Priority = int(priority)
+
+ return err
+}
+
// Addr .
func (f *Forwarder) Addr() string {
return f.addr
}
+// Dial .
+func (f *Forwarder) Dial(network, addr string) (c net.Conn, err error) {
+ c, err = f.Dialer.Dial(network, addr)
+
+ // TODO: proxy timeout, target timeout?
+ if err != nil {
+ atomic.AddUint32(&f.failures, 1)
+ // log.F("forward dial failed, %d", f.failures)
+ }
+
+ return c, err
+}
+
+// Failures returns the failuer count of forwarder
+func (f *Forwarder) Failures() uint32 {
+ return atomic.LoadUint32(&f.failures)
+}
+
// Enable .
-func (f *Forwarder) Enable(b bool) {
- f.disabled = !b
+func (f *Forwarder) Enable() {
+ atomic.StoreUint32(&f.failures, 0)
+ atomic.StoreUint32(&f.failures, 0)
+}
+
+// Disable .
+func (f *Forwarder) Disable() {
+ atomic.StoreUint32(&f.failures, 1)
}
// Enabled .
func (f *Forwarder) Enabled() bool {
- return !f.disabled
+ return !isTrue(atomic.LoadUint32(&f.disabled))
+}
+
+func isTrue(n uint32) bool {
+ return n&1 == 1
}
diff --git a/proxy/http/dialer.go b/proxy/http/dialer.go
deleted file mode 100644
index e522b93..0000000
--- a/proxy/http/dialer.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package http
-
-import (
- "bufio"
- "bytes"
- "encoding/base64"
- "errors"
- "net"
- "net/textproto"
-
- "github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/proxy"
-)
-
-func init() {
- proxy.RegisterDialer("http", CreateDialer)
-}
-
-// Dialer struct
-type Dialer struct {
- *HTTP
- dialer proxy.Dialer
-}
-
-// NewDialer returns a proxy dialer
-func NewDialer(s string, dialer proxy.Dialer) (*Dialer, error) {
- h, err := NewHTTP(s)
- if err != nil {
- return nil, err
- }
-
- d := &Dialer{HTTP: h, dialer: dialer}
- return d, nil
-}
-
-// CreateDialer returns a proxy dialer
-func CreateDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewDialer(s, dialer)
-}
-
-// Addr returns dialer's address
-func (s *Dialer) Addr() string {
- if s.addr == "" {
- return s.dialer.Addr()
- }
- return s.addr
-}
-
-// NextDialer returns the next dialer
-func (s *Dialer) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-
-// Dial establishes a connection to the addr
-func (s *Dialer) Dial(network, addr string) (net.Conn, error) {
- rc, err := s.dialer.Dial(network, s.addr)
- if err != nil {
- log.F("[http] dial to %s error: %s", s.addr, err)
- return nil, err
- }
-
- var buf bytes.Buffer
- buf.Write([]byte("CONNECT " + addr + " HTTP/1.1\r\n"))
- buf.Write([]byte("Proxy-Connection: Keep-Alive\r\n"))
-
- if s.user != "" && s.password != "" {
- auth := s.user + ":" + s.password
- buf.Write([]byte("Proxy-Authorization: Basic " + base64.StdEncoding.EncodeToString([]byte(auth)) + "\r\n"))
- }
-
- //header ended
- buf.Write([]byte("\r\n"))
- rc.Write(buf.Bytes())
-
- respR := bufio.NewReader(rc)
- respTP := textproto.NewReader(respR)
- _, code, _, ok := parseFirstLine(respTP)
- if ok && code == "200" {
- return rc, err
- } else if code == "407" {
- log.F("[http] authencation needed by proxy %s", s.addr)
- } else if code == "405" {
- log.F("[http] 'CONNECT' method not allowed by proxy %s", s.addr)
- }
-
- return nil, errors.New("[http] can not connect remote address: " + addr + ". error code: " + code)
-}
-
-// DialUDP returns a PacketConn to the addr
-func (s *Dialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- return nil, nil, errors.New("http client does not support udp")
-}
diff --git a/proxy/http/http.go b/proxy/http/http.go
index 4aea435..49615e3 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -4,23 +4,38 @@
package http
import (
+ "bufio"
"bytes"
+ "encoding/base64"
+ "errors"
+ "fmt"
+ "io"
+ "net"
"net/textproto"
"net/url"
"strings"
+ "time"
+ "github.com/nadoo/glider/common/conn"
"github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
)
// HTTP struct
type HTTP struct {
+ dialer proxy.Dialer
addr string
user string
password string
}
-// NewHTTP returns a http base struct
-func NewHTTP(s string) (*HTTP, error) {
+func init() {
+ proxy.RegisterDialer("http", NewHTTPDialer)
+ proxy.RegisterServer("http", NewHTTPServer)
+}
+
+// NewHTTP returns a http proxy.
+func NewHTTP(s string, dialer proxy.Dialer) (*HTTP, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -32,6 +47,7 @@ func NewHTTP(s string) (*HTTP, error) {
pass, _ := u.User.Password()
h := &HTTP{
+ dialer: dialer,
addr: addr,
user: user,
password: pass,
@@ -40,12 +56,215 @@ func NewHTTP(s string) (*HTTP, error) {
return h, nil
}
+// NewHTTPDialer returns a http proxy dialer.
+func NewHTTPDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewHTTP(s, dialer)
+}
+
+// NewHTTPServer returns a http proxy server.
+func NewHTTPServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewHTTP(s, dialer)
+}
+
+// ListenAndServe .
+func (s *HTTP) ListenAndServe() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ log.F("failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer l.Close()
+
+ log.F("listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[http] failed to accept: %v", err)
+ continue
+ }
+
+ go s.Serve(c)
+ }
+}
+
+// Serve .
+func (s *HTTP) Serve(c net.Conn) {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ reqR := bufio.NewReader(c)
+ reqTP := textproto.NewReader(reqR)
+ method, requestURI, proto, ok := parseFirstLine(reqTP)
+ if !ok {
+ return
+ }
+
+ if method == "CONNECT" {
+ s.servHTTPS(method, requestURI, proto, c)
+ return
+ }
+
+ reqHeader, err := reqTP.ReadMIMEHeader()
+ if err != nil {
+ log.F("read header error:%s", err)
+ return
+ }
+ cleanHeaders(reqHeader)
+
+ // tell the remote server not to keep alive
+ reqHeader.Set("Connection", "close")
+
+ u, err := url.ParseRequestURI(requestURI)
+ if err != nil {
+ log.F("[http] parse request url error: %s", err)
+ return
+ }
+
+ var tgt = u.Host
+ if !strings.Contains(u.Host, ":") {
+ tgt += ":80"
+ }
+
+ rc, err := s.dialer.Dial("tcp", tgt)
+ if err != nil {
+ fmt.Fprintf(c, "%s 502 ERROR\r\n\r\n", proto)
+ log.F("[http] failed to dial: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ // GET http://example.com/a/index.htm HTTP/1.1 -->
+ // GET /a/index.htm HTTP/1.1
+ u.Scheme = ""
+ u.Host = ""
+ uri := u.String()
+
+ var reqBuf bytes.Buffer
+ writeFirstLine(method, uri, proto, &reqBuf)
+ writeHeaders(reqHeader, &reqBuf)
+
+ // send request to remote server
+ rc.Write(reqBuf.Bytes())
+
+ // copy the left request bytes to remote server. eg. length specificed or chunked body.
+ go func() {
+ if _, err := reqR.Peek(1); err == nil {
+ io.Copy(rc, reqR)
+ rc.SetDeadline(time.Now())
+ c.SetDeadline(time.Now())
+ }
+ }()
+
+ respR := bufio.NewReader(rc)
+ respTP := textproto.NewReader(respR)
+ proto, code, status, ok := parseFirstLine(respTP)
+ if !ok {
+ return
+ }
+
+ respHeader, err := respTP.ReadMIMEHeader()
+ if err != nil {
+ log.F("[http] read header error:%s", err)
+ return
+ }
+
+ respHeader.Set("Proxy-Connection", "close")
+ respHeader.Set("Connection", "close")
+
+ var respBuf bytes.Buffer
+ writeFirstLine(proto, code, status, &respBuf)
+ writeHeaders(respHeader, &respBuf)
+
+ log.F("[http] %s <-> %s", c.RemoteAddr(), tgt)
+ c.Write(respBuf.Bytes())
+
+ io.Copy(c, respR)
+
+}
+
+func (s *HTTP) servHTTPS(method, requestURI, proto string, c net.Conn) {
+ rc, err := s.dialer.Dial("tcp", requestURI)
+ if err != nil {
+ c.Write([]byte(proto))
+ c.Write([]byte(" 502 ERROR\r\n\r\n"))
+ log.F("[http] failed to dial: %v", err)
+ return
+ }
+
+ c.Write([]byte("HTTP/1.1 200 Connection established\r\n\r\n"))
+
+ log.F("[http] %s <-> %s [c]", c.RemoteAddr(), requestURI)
+
+ _, _, err = conn.Relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ log.F("relay error: %v", err)
+ }
+}
+
+// Addr returns forwarder's address
+func (s *HTTP) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
+
+// NextDialer returns the next dialer
+func (s *HTTP) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial connects to the address addr on the network net via the proxy.
+func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
+ rc, err := s.dialer.Dial(network, s.addr)
+ if err != nil {
+ log.F("[http] dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ var buf bytes.Buffer
+ buf.Write([]byte("CONNECT " + addr + " HTTP/1.1\r\n"))
+ buf.Write([]byte("Proxy-Connection: Keep-Alive\r\n"))
+
+ if s.user != "" && s.password != "" {
+ auth := s.user + ":" + s.password
+ buf.Write([]byte("Proxy-Authorization: Basic " + base64.StdEncoding.EncodeToString([]byte(auth)) + "\r\n"))
+ }
+
+ //header ended
+ buf.Write([]byte("\r\n"))
+ rc.Write(buf.Bytes())
+
+ respR := bufio.NewReader(rc)
+ respTP := textproto.NewReader(respR)
+ _, code, _, ok := parseFirstLine(respTP)
+ if ok && code == "200" {
+ return rc, err
+ } else if code == "407" {
+ log.F("[http] authencation needed by proxy %s", s.addr)
+ } else if code == "405" {
+ log.F("[http] 'CONNECT' method not allowed by proxy %s", s.addr)
+ }
+
+ return nil, errors.New("[http] can not connect remote address: " + addr + ". error code: " + code)
+}
+
+// DialUDP connects to the given address via the proxy.
+func (s *HTTP) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ return nil, nil, errors.New("http client does not support udp")
+}
+
// parseFirstLine parses "GET /foo HTTP/1.1" OR "HTTP/1.1 200 OK" into its three parts.
func parseFirstLine(tp *textproto.Reader) (r1, r2, r3 string, ok bool) {
line, err := tp.ReadLine()
// log.F("first line: %s", line)
if err != nil {
- log.F("[http] read first line error: %s", err)
+ log.F("[http] read first line error:%s", err)
return
}
diff --git a/proxy/http/server.go b/proxy/http/server.go
deleted file mode 100644
index e59b4fe..0000000
--- a/proxy/http/server.go
+++ /dev/null
@@ -1,184 +0,0 @@
-package http
-
-import (
- "bufio"
- "bytes"
- "fmt"
- "io"
- "net"
- "net/textproto"
- "net/url"
- "strings"
- "time"
-
- "github.com/nadoo/glider/common/conn"
- "github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/proxy"
-)
-
-func init() {
- proxy.RegisterServer("http", CreateServer)
-}
-
-// Server struct
-type Server struct {
- *HTTP
- *proxy.Forwarder
-}
-
-// NewServer returns a local proxy server
-func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
- h, err := NewHTTP(s)
- if err != nil {
- return nil, err
- }
- server := &Server{HTTP: h, Forwarder: f}
- return server, nil
-}
-
-// CreateServer returns a local proxy server
-func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
- return NewServer(s, f)
-}
-
-// ListenAndServe serves requests from clients
-func (s *Server) ListenAndServe() {
- l, err := net.Listen("tcp", s.addr)
- if err != nil {
- log.F("failed to listen on %s: %v", s.addr, err)
- return
- }
- defer l.Close()
-
- log.F("listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
- if err != nil {
- log.F("[http] failed to accept: %v", err)
- continue
- }
-
- go s.Serve(c)
- }
-}
-
-// Serve .
-func (s *Server) Serve(c net.Conn) {
- defer c.Close()
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- reqR := bufio.NewReader(c)
- reqTP := textproto.NewReader(reqR)
- method, requestURI, proto, ok := parseFirstLine(reqTP)
- if !ok {
- return
- }
-
- if method == "CONNECT" {
- s.servHTTPS(method, requestURI, proto, c)
- return
- }
-
- reqHeader, err := reqTP.ReadMIMEHeader()
- if err != nil {
- log.F("read header error:%s", err)
- return
- }
- cleanHeaders(reqHeader)
-
- // tell the remote server not to keep alive
- reqHeader.Set("Connection", "close")
-
- u, err := url.ParseRequestURI(requestURI)
- if err != nil {
- log.F("[http] parse request url error: %s", err)
- return
- }
-
- var tgt = u.Host
- if !strings.Contains(u.Host, ":") {
- tgt += ":80"
- }
-
- rc, err := s.Dial("tcp", tgt)
- if err != nil {
- fmt.Fprintf(c, "%s 502 ERROR\r\n\r\n", proto)
- log.F("[http] failed to dial: %v", err)
- return
- }
- defer rc.Close()
-
- // GET http://example.com/a/index.htm HTTP/1.1 -->
- // GET /a/index.htm HTTP/1.1
- u.Scheme = ""
- u.Host = ""
- uri := u.String()
-
- var reqBuf bytes.Buffer
- writeFirstLine(method, uri, proto, &reqBuf)
- writeHeaders(reqHeader, &reqBuf)
-
- // send request to remote server
- rc.Write(reqBuf.Bytes())
-
- // copy the left request bytes to remote server. eg. length specificed or chunked body.
- go func() {
- if _, err := reqR.Peek(1); err == nil {
- io.Copy(rc, reqR)
- rc.SetDeadline(time.Now())
- c.SetDeadline(time.Now())
- }
- }()
-
- respR := bufio.NewReader(rc)
- respTP := textproto.NewReader(respR)
- proto, code, status, ok := parseFirstLine(respTP)
- if !ok {
- return
- }
-
- respHeader, err := respTP.ReadMIMEHeader()
- if err != nil {
- log.F("[http] read header error:%s", err)
- return
- }
-
- respHeader.Set("Proxy-Connection", "close")
- respHeader.Set("Connection", "close")
-
- var respBuf bytes.Buffer
- writeFirstLine(proto, code, status, &respBuf)
- writeHeaders(respHeader, &respBuf)
-
- log.F("[http] %s <-> %s", c.RemoteAddr(), tgt)
- c.Write(respBuf.Bytes())
-
- io.Copy(c, respR)
-
-}
-
-func (s *Server) servHTTPS(method, requestURI, proto string, c net.Conn) {
- rc, err := s.Dial("tcp", requestURI)
- if err != nil {
- c.Write([]byte(proto))
- c.Write([]byte(" 502 ERROR\r\n\r\n"))
- log.F("[http] failed to dial: %v", err)
- return
- }
-
- c.Write([]byte("HTTP/1.1 200 Connection established\r\n\r\n"))
-
- log.F("[http] %s <-> %s [c]", c.RemoteAddr(), requestURI)
-
- _, _, err = conn.Relay(c, rc)
- if err != nil {
- if err, ok := err.(net.Error); ok && err.Timeout() {
- return // ignore i/o timeout
- }
- log.F("relay error: %v", err)
- }
-}
diff --git a/proxy/mixed/server.go b/proxy/mixed/mixed.go
similarity index 77%
rename from proxy/mixed/server.go
rename to proxy/mixed/mixed.go
index 9aa58f1..5780d8b 100644
--- a/proxy/mixed/server.go
+++ b/proxy/mixed/mixed.go
@@ -12,10 +12,6 @@ import (
"github.com/nadoo/glider/proxy/socks5"
)
-func init() {
- proxy.RegisterServer("mixed", NewMixedProxyServer)
-}
-
// https://www.ietf.org/rfc/rfc2616.txt, http methods must be uppercase.
var httpMethods = [...][]byte{
[]byte("GET"),
@@ -28,40 +24,45 @@ var httpMethods = [...][]byte{
[]byte("TRACE"),
}
-// Server struct
-type Server struct {
- *proxy.Forwarder
+// MixedProxy struct
+type MixedProxy struct {
+ dialer proxy.Dialer
addr string
- http *http.Server
- socks5 *socks5.Server
+
+ http *http.HTTP
+ socks5 *socks5.SOCKS5
+}
+
+func init() {
+ proxy.RegisterServer("mixed", NewMixedProxyServer)
}
// NewMixedProxy returns a mixed proxy.
-func NewMixedProxy(s string, f *proxy.Forwarder) (*Server, error) {
+func NewMixedProxy(s string, dialer proxy.Dialer) (*MixedProxy, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
return nil, err
}
- p := &Server{
- Forwarder: f,
- addr: u.Host,
+ p := &MixedProxy{
+ dialer: dialer,
+ addr: u.Host,
}
- p.http, _ = http.NewServer(s, f)
- p.socks5, _ = socks5.NewServer(s, f)
+ p.http, _ = http.NewHTTP(s, dialer)
+ p.socks5, _ = socks5.NewSOCKS5(s, dialer)
return p, nil
}
// NewMixedProxyServer returns a mixed proxy server.
-func NewMixedProxyServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
- return NewMixedProxy(s, f)
+func NewMixedProxyServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewMixedProxy(s, dialer)
}
// ListenAndServe .
-func (p *Server) ListenAndServe() {
+func (p *MixedProxy) ListenAndServe() {
go p.socks5.ListenAndServeUDP()
@@ -85,7 +86,7 @@ func (p *Server) ListenAndServe() {
}
// Serve .
-func (p *Server) Serve(c net.Conn) {
+func (p *MixedProxy) Serve(c net.Conn) {
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
diff --git a/proxy/redir/server_linux.go b/proxy/redir/redir_linux.go
similarity index 86%
rename from proxy/redir/server_linux.go
rename to proxy/redir/redir_linux.go
index 590a33f..1d202fc 100644
--- a/proxy/redir/server_linux.go
+++ b/proxy/redir/redir_linux.go
@@ -16,10 +16,6 @@ import (
"github.com/nadoo/glider/proxy"
)
-func init() {
- proxy.RegisterServer("redir", CreateServer)
-}
-
const (
// SO_ORIGINAL_DST from linux/include/uapi/linux/netfilter_ipv4.h
SO_ORIGINAL_DST = 80
@@ -27,31 +23,40 @@ const (
IP6T_SO_ORIGINAL_DST = 80
)
-// Server struct
-type Server struct {
- addr string
- *proxy.Forwarder
+// RedirProxy struct
+type RedirProxy struct {
+ dialer proxy.Dialer
+ addr string
}
-// NewServer returns a local proxy server
-func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
+func init() {
+ proxy.RegisterServer("redir", NewRedirServer)
+}
+
+// NewRedirProxy returns a redirect proxy.
+func NewRedirProxy(s string, dialer proxy.Dialer) (*RedirProxy, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
return nil, err
}
- server := &Server{addr: u.Host, Forwarder: f}
- return server, nil
+ addr := u.Host
+ r := &RedirProxy{
+ dialer: dialer,
+ addr: addr,
+ }
+
+ return r, nil
}
-// CreateServer returns a local proxy server
-func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
- return NewServer(s, f)
+// NewRedirServer returns a redir server.
+func NewRedirServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewRedirProxy(s, dialer)
}
// ListenAndServe .
-func (s *Server) ListenAndServe() {
+func (s *RedirProxy) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
log.F("[redir] failed to listen on %s: %v", s.addr, err)
@@ -80,7 +85,7 @@ func (s *Server) ListenAndServe() {
return
}
- rc, err := s.Dial("tcp", tgt.String())
+ rc, err := s.dialer.Dial("tcp", tgt.String())
if err != nil {
log.F("[redir] failed to connect to target: %v", err)
return
diff --git a/proxy/redir/server_linux_386.go b/proxy/redir/redir_linux_386.go
similarity index 100%
rename from proxy/redir/server_linux_386.go
rename to proxy/redir/redir_linux_386.go
diff --git a/proxy/redir/server_linux_other.go b/proxy/redir/redir_linux_other.go
similarity index 100%
rename from proxy/redir/server_linux_other.go
rename to proxy/redir/redir_linux_other.go
diff --git a/proxy/server.go b/proxy/server.go
index 3217722..4bc4e1d 100644
--- a/proxy/server.go
+++ b/proxy/server.go
@@ -15,7 +15,7 @@ type Server interface {
}
// ServerCreator is a function to create proxy servers.
-type ServerCreator func(s string, f *Forwarder) (Server, error)
+type ServerCreator func(s string, dialer Dialer) (Server, error)
var (
serverMap = make(map[string]ServerCreator)
@@ -27,7 +27,7 @@ func RegisterServer(name string, c ServerCreator) {
}
// ServerFromURL calls the registered creator to create proxy servers.
-func ServerFromURL(s string, f *Forwarder) (Server, error) {
+func ServerFromURL(s string, dialer Dialer) (Server, error) {
if !strings.Contains(s, "://") {
s = "mixed://" + s
}
@@ -38,13 +38,13 @@ func ServerFromURL(s string, f *Forwarder) (Server, error) {
return nil, err
}
- if f == nil {
- f = NewForwarder(Direct)
+ if dialer == nil {
+ dialer = Direct
}
c, ok := serverMap[strings.ToLower(u.Scheme)]
if ok {
- return c(s, f)
+ return c(s, dialer)
}
return nil, errors.New("unknown scheme '" + u.Scheme + "'")
diff --git a/proxy/socks5/dialer.go b/proxy/socks5/dialer.go
deleted file mode 100644
index 383cc6a..0000000
--- a/proxy/socks5/dialer.go
+++ /dev/null
@@ -1,251 +0,0 @@
-package socks5
-
-import (
- "errors"
- "io"
- "net"
- "strconv"
-
- "github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/common/socks"
- "github.com/nadoo/glider/proxy"
-)
-
-func init() {
- proxy.RegisterDialer("socks5", CreateDialer)
-}
-
-// Dialer struct
-type Dialer struct {
- *SOCKS5
- dialer proxy.Dialer
-}
-
-// NewDialer returns a proxy dialer
-func NewDialer(s string, dialer proxy.Dialer) (*Dialer, error) {
- socks, err := NewSOCKS5(s)
- if err != nil {
- return nil, err
- }
-
- d := &Dialer{SOCKS5: socks, dialer: dialer}
- return d, nil
-}
-
-// CreateDialer returns a proxy dialer
-func CreateDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewDialer(s, dialer)
-}
-
-// Addr returns dialer's address
-func (s *Dialer) Addr() string {
- if s.addr == "" {
- return s.dialer.Addr()
- }
- return s.addr
-}
-
-// NextDialer returns the next dialer
-func (s *Dialer) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-
-// Dial establishes a connection to the addr
-func (s *Dialer) Dial(network, addr string) (net.Conn, error) {
- switch network {
- case "tcp", "tcp6", "tcp4":
- default:
- return nil, errors.New("[socks5]: no support for connection type " + network)
- }
-
- c, err := s.dialer.Dial(network, s.addr)
- if err != nil {
- log.F("dial to %s error: %s", s.addr, err)
- return nil, err
- }
-
- if err := s.connect(c, addr); err != nil {
- c.Close()
- return nil, err
- }
-
- return c, nil
-}
-
-// DialUDP returns a PacketConn to the addr
-func (s *Dialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- c, err := s.dialer.Dial("tcp", s.addr)
- if err != nil {
- log.F("[socks5] dialudp dial tcp to %s error: %s", s.addr, err)
- return nil, nil, err
- }
-
- // send VER, NMETHODS, METHODS
- c.Write([]byte{5, 1, 0})
-
- buf := make([]byte, socks.MaxAddrLen)
- // read VER METHOD
- if _, err := io.ReadFull(c, buf[:2]); err != nil {
- return nil, nil, err
- }
-
- dstAddr := socks.ParseAddr(addr)
- // write VER CMD RSV ATYP DST.ADDR DST.PORT
- c.Write(append([]byte{5, socks.CmdUDPAssociate, 0}, dstAddr...))
-
- // read VER REP RSV ATYP BND.ADDR BND.PORT
- if _, err := io.ReadFull(c, buf[:3]); err != nil {
- return nil, nil, err
- }
-
- rep := buf[1]
- if rep != 0 {
- log.F("[socks5] server reply: %d, not succeeded", rep)
- return nil, nil, errors.New("server connect failed")
- }
-
- uAddr, err := socks.ReadAddrBuf(c, buf)
- if err != nil {
- return nil, nil, err
- }
-
- pc, nextHop, err := s.dialer.DialUDP(network, uAddr.String())
- if err != nil {
- log.F("[socks5] dialudp to %s error: %s", uAddr.String(), err)
- return nil, nil, err
- }
-
- pkc := NewPktConn(pc, nextHop, dstAddr, true, c)
- return pkc, nextHop, err
-}
-
-// connect takes an existing connection to a socks5 proxy server,
-// and commands the server to extend that connection to target,
-// which must be a canonical address with a host and port.
-func (s *Dialer) connect(conn net.Conn, target string) error {
- host, portStr, err := net.SplitHostPort(target)
- if err != nil {
- return err
- }
-
- port, err := strconv.Atoi(portStr)
- if err != nil {
- return errors.New("proxy: failed to parse port number: " + portStr)
- }
- if port < 1 || port > 0xffff {
- return errors.New("proxy: port number out of range: " + portStr)
- }
-
- // the size here is just an estimate
- buf := make([]byte, 0, 6+len(host))
-
- buf = append(buf, Version)
- if len(s.user) > 0 && len(s.user) < 256 && len(s.password) < 256 {
- buf = append(buf, 2 /* num auth methods */, socks.AuthNone, socks.AuthPassword)
- } else {
- buf = append(buf, 1 /* num auth methods */, socks.AuthNone)
- }
-
- if _, err := conn.Write(buf); err != nil {
- return errors.New("proxy: failed to write greeting to SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
-
- if _, err := io.ReadFull(conn, buf[:2]); err != nil {
- return errors.New("proxy: failed to read greeting from SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
- if buf[0] != 5 {
- return errors.New("proxy: SOCKS5 proxy at " + s.addr + " has unexpected version " + strconv.Itoa(int(buf[0])))
- }
- if buf[1] == 0xff {
- return errors.New("proxy: SOCKS5 proxy at " + s.addr + " requires authentication")
- }
-
- if buf[1] == socks.AuthPassword {
- buf = buf[:0]
- buf = append(buf, 1 /* password protocol version */)
- buf = append(buf, uint8(len(s.user)))
- buf = append(buf, s.user...)
- buf = append(buf, uint8(len(s.password)))
- buf = append(buf, s.password...)
-
- if _, err := conn.Write(buf); err != nil {
- return errors.New("proxy: failed to write authentication request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
-
- if _, err := io.ReadFull(conn, buf[:2]); err != nil {
- return errors.New("proxy: failed to read authentication reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
-
- if buf[1] != 0 {
- return errors.New("proxy: SOCKS5 proxy at " + s.addr + " rejected username/password")
- }
- }
-
- buf = buf[:0]
- buf = append(buf, Version, socks.CmdConnect, 0 /* reserved */)
-
- if ip := net.ParseIP(host); ip != nil {
- if ip4 := ip.To4(); ip4 != nil {
- buf = append(buf, socks.ATypIP4)
- ip = ip4
- } else {
- buf = append(buf, socks.ATypIP6)
- }
- buf = append(buf, ip...)
- } else {
- if len(host) > 255 {
- return errors.New("proxy: destination hostname too long: " + host)
- }
- buf = append(buf, socks.ATypDomain)
- buf = append(buf, byte(len(host)))
- buf = append(buf, host...)
- }
- buf = append(buf, byte(port>>8), byte(port))
-
- if _, err := conn.Write(buf); err != nil {
- return errors.New("proxy: failed to write connect request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
-
- if _, err := io.ReadFull(conn, buf[:4]); err != nil {
- return errors.New("proxy: failed to read connect reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
-
- failure := "unknown error"
- if int(buf[1]) < len(socks.Errors) {
- failure = socks.Errors[buf[1]].Error()
- }
-
- if len(failure) > 0 {
- return errors.New("proxy: SOCKS5 proxy at " + s.addr + " failed to connect: " + failure)
- }
-
- bytesToDiscard := 0
- switch buf[3] {
- case socks.ATypIP4:
- bytesToDiscard = net.IPv4len
- case socks.ATypIP6:
- bytesToDiscard = net.IPv6len
- case socks.ATypDomain:
- _, err := io.ReadFull(conn, buf[:1])
- if err != nil {
- return errors.New("proxy: failed to read domain length from SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
- bytesToDiscard = int(buf[0])
- default:
- return errors.New("proxy: got unknown address type " + strconv.Itoa(int(buf[3])) + " from SOCKS5 proxy at " + s.addr)
- }
-
- if cap(buf) < bytesToDiscard {
- buf = make([]byte, bytesToDiscard)
- } else {
- buf = buf[:bytesToDiscard]
- }
- if _, err := io.ReadFull(conn, buf); err != nil {
- return errors.New("proxy: failed to read address from SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
-
- // Also need to discard the port number
- if _, err := io.ReadFull(conn, buf[:2]); err != nil {
- return errors.New("proxy: failed to read port from SOCKS5 proxy at " + s.addr + ": " + err.Error())
- }
-
- return nil
-}
diff --git a/proxy/socks5/server.go b/proxy/socks5/server.go
deleted file mode 100644
index a1eb984..0000000
--- a/proxy/socks5/server.go
+++ /dev/null
@@ -1,214 +0,0 @@
-package socks5
-
-import (
- "io"
- "net"
- "sync"
- "time"
-
- "github.com/nadoo/glider/common/conn"
- "github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/common/socks"
- "github.com/nadoo/glider/proxy"
-)
-
-func init() {
- proxy.RegisterServer("socks5", CreateServer)
-}
-
-// Server struct
-type Server struct {
- *SOCKS5
- *proxy.Forwarder
-}
-
-// NewServer returns a local proxy server
-func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
- h, err := NewSOCKS5(s)
- if err != nil {
- return nil, err
- }
- server := &Server{SOCKS5: h, Forwarder: f}
- return server, nil
-}
-
-// CreateServer returns a local proxy server
-func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
- return NewServer(s, f)
-}
-
-// ListenAndServe serves socks5 requests.
-func (s *Server) ListenAndServe() {
- go s.ListenAndServeUDP()
- s.ListenAndServeTCP()
-}
-
-// ListenAndServeTCP .
-func (s *Server) ListenAndServeTCP() {
- l, err := net.Listen("tcp", s.addr)
- if err != nil {
- log.F("[socks5] failed to listen on %s: %v", s.addr, err)
- return
- }
-
- log.F("[socks5] listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
- if err != nil {
- log.F("[socks5] failed to accept: %v", err)
- continue
- }
-
- go s.ServeTCP(c)
- }
-}
-
-// ServeTCP .
-func (s *Server) ServeTCP(c net.Conn) {
- defer c.Close()
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- tgt, err := s.handshake(c)
- if err != nil {
- // UDP: keep the connection until disconnect then free the UDP socket
- if err == socks.Errors[9] {
- buf := []byte{}
- // block here
- for {
- _, err := c.Read(buf)
- if err, ok := err.(net.Error); ok && err.Timeout() {
- continue
- }
- // log.F("[socks5] servetcp udp associate end")
- return
- }
- }
-
- log.F("[socks5] failed to get target address: %v", err)
- return
- }
-
- rc, err := s.Dial("tcp", tgt.String())
- if err != nil {
- log.F("[socks5] failed to connect to target: %v", err)
- return
- }
- defer rc.Close()
-
- log.F("[socks5] %s <-> %s", c.RemoteAddr(), tgt)
-
- _, _, err = conn.Relay(c, rc)
- if err != nil {
- if err, ok := err.(net.Error); ok && err.Timeout() {
- return // ignore i/o timeout
- }
- log.F("[socks5] relay error: %v", err)
- }
-}
-
-// ListenAndServeUDP serves udp requests.
-func (s *Server) ListenAndServeUDP() {
- lc, err := net.ListenPacket("udp", s.addr)
- if err != nil {
- log.F("[socks5-udp] failed to listen on %s: %v", s.addr, err)
- return
- }
- defer lc.Close()
-
- log.F("[socks5-udp] listening UDP on %s", s.addr)
-
- var nm sync.Map
- buf := make([]byte, conn.UDPBufSize)
-
- for {
- c := NewPktConn(lc, nil, nil, true, nil)
-
- n, raddr, err := c.ReadFrom(buf)
- if err != nil {
- log.F("[socks5-udp] remote read error: %v", err)
- continue
- }
-
- var pc *PktConn
- v, ok := nm.Load(raddr.String())
- if !ok && v == nil {
- if c.tgtAddr == nil {
- log.F("[socks5-udp] can not get target address, not a valid request")
- continue
- }
-
- lpc, nextHop, err := s.DialUDP("udp", c.tgtAddr.String())
- if err != nil {
- log.F("[socks5-udp] remote dial error: %v", err)
- continue
- }
-
- pc = NewPktConn(lpc, nextHop, nil, false, nil)
- nm.Store(raddr.String(), pc)
-
- go func() {
- conn.TimedCopy(c, raddr, pc, 2*time.Minute)
- pc.Close()
- nm.Delete(raddr.String())
- }()
-
- } else {
- pc = v.(*PktConn)
- }
-
- _, err = pc.WriteTo(buf[:n], pc.writeAddr)
- if err != nil {
- log.F("[socks5-udp] remote write error: %v", err)
- continue
- }
-
- log.F("[socks5-udp] %s <-> %s", raddr, c.tgtAddr)
- }
-
-}
-
-// Handshake fast-tracks SOCKS initialization to get target address to connect.
-func (s *Server) handshake(rw io.ReadWriter) (socks.Addr, error) {
- // Read RFC 1928 for request and reply structure and sizes.
- buf := make([]byte, socks.MaxAddrLen)
- // read VER, NMETHODS, METHODS
- if _, err := io.ReadFull(rw, buf[:2]); err != nil {
- return nil, err
- }
- nmethods := buf[1]
- if _, err := io.ReadFull(rw, buf[:nmethods]); err != nil {
- return nil, err
- }
- // write VER METHOD
- if _, err := rw.Write([]byte{5, 0}); err != nil {
- return nil, err
- }
- // read VER CMD RSV ATYP DST.ADDR DST.PORT
- if _, err := io.ReadFull(rw, buf[:3]); err != nil {
- return nil, err
- }
- cmd := buf[1]
- addr, err := socks.ReadAddrBuf(rw, buf)
- if err != nil {
- return nil, err
- }
- switch cmd {
- case socks.CmdConnect:
- _, err = rw.Write([]byte{5, 0, 0, 1, 0, 0, 0, 0, 0, 0}) // SOCKS v5, reply succeeded
- case socks.CmdUDPAssociate:
- listenAddr := socks.ParseAddr(rw.(net.Conn).LocalAddr().String())
- _, err = rw.Write(append([]byte{5, 0, 0}, listenAddr...)) // SOCKS v5, reply succeeded
- if err != nil {
- return nil, socks.Errors[7]
- }
- err = socks.Errors[9]
- default:
- return nil, socks.Errors[7]
- }
-
- return addr, err // skip VER, CMD, RSV fields
-}
diff --git a/proxy/socks5/socks5.go b/proxy/socks5/socks5.go
index d9d01b2..3d0cf51 100644
--- a/proxy/socks5/socks5.go
+++ b/proxy/socks5/socks5.go
@@ -12,9 +12,18 @@
package socks5
import (
+ "errors"
+ "io"
+ "net"
"net/url"
+ "strconv"
+ "sync"
+ "time"
+ "github.com/nadoo/glider/common/conn"
"github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/common/socks"
+ "github.com/nadoo/glider/proxy"
)
// Version is socks5 version number
@@ -22,14 +31,20 @@ const Version = 5
// SOCKS5 struct
type SOCKS5 struct {
+ dialer proxy.Dialer
addr string
user string
password string
}
+func init() {
+ proxy.RegisterDialer("socks5", NewSocks5Dialer)
+ proxy.RegisterServer("socks5", NewSocks5Server)
+}
+
// NewSOCKS5 returns a Proxy that makes SOCKS v5 connections to the given address
// with an optional username and password. See RFC 1928.
-func NewSOCKS5(s string) (*SOCKS5, error) {
+func NewSOCKS5(s string, dialer proxy.Dialer) (*SOCKS5, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -41,6 +56,7 @@ func NewSOCKS5(s string) (*SOCKS5, error) {
pass, _ := u.User.Password()
h := &SOCKS5{
+ dialer: dialer,
addr: addr,
user: user,
password: pass,
@@ -48,3 +64,402 @@ func NewSOCKS5(s string) (*SOCKS5, error) {
return h, nil
}
+
+// NewSocks5Dialer returns a socks5 proxy dialer.
+func NewSocks5Dialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewSOCKS5(s, dialer)
+}
+
+// NewSocks5Server returns a socks5 proxy server.
+func NewSocks5Server(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewSOCKS5(s, dialer)
+}
+
+// ListenAndServe serves socks5 requests.
+func (s *SOCKS5) ListenAndServe() {
+ go s.ListenAndServeUDP()
+ s.ListenAndServeTCP()
+}
+
+// ListenAndServeTCP .
+func (s *SOCKS5) ListenAndServeTCP() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ log.F("[socks5] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+
+ log.F("[socks5] listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[socks5] failed to accept: %v", err)
+ continue
+ }
+
+ go s.ServeTCP(c)
+ }
+}
+
+// ServeTCP .
+func (s *SOCKS5) ServeTCP(c net.Conn) {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ tgt, err := s.handshake(c)
+ if err != nil {
+ // UDP: keep the connection until disconnect then free the UDP socket
+ if err == socks.Errors[9] {
+ buf := []byte{}
+ // block here
+ for {
+ _, err := c.Read(buf)
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ continue
+ }
+ // log.F("[socks5] servetcp udp associate end")
+ return
+ }
+ }
+
+ log.F("[socks5] failed to get target address: %v", err)
+ return
+ }
+
+ rc, err := s.dialer.Dial("tcp", tgt.String())
+ if err != nil {
+ log.F("[socks5] failed to connect to target: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ log.F("[socks5] %s <-> %s", c.RemoteAddr(), tgt)
+
+ _, _, err = conn.Relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ log.F("[socks5] relay error: %v", err)
+ }
+}
+
+// ListenAndServeUDP serves udp requests.
+func (s *SOCKS5) ListenAndServeUDP() {
+ lc, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ log.F("[socks5-udp] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer lc.Close()
+
+ log.F("[socks5-udp] listening UDP on %s", s.addr)
+
+ var nm sync.Map
+ buf := make([]byte, conn.UDPBufSize)
+
+ for {
+ c := NewPktConn(lc, nil, nil, true, nil)
+
+ n, raddr, err := c.ReadFrom(buf)
+ if err != nil {
+ log.F("[socks5-udp] remote read error: %v", err)
+ continue
+ }
+
+ var pc *PktConn
+ v, ok := nm.Load(raddr.String())
+ if !ok && v == nil {
+ if c.tgtAddr == nil {
+ log.F("[socks5-udp] can not get target address, not a valid request")
+ continue
+ }
+
+ lpc, nextHop, err := s.dialer.DialUDP("udp", c.tgtAddr.String())
+ if err != nil {
+ log.F("[socks5-udp] remote dial error: %v", err)
+ continue
+ }
+
+ pc = NewPktConn(lpc, nextHop, nil, false, nil)
+ nm.Store(raddr.String(), pc)
+
+ go func() {
+ conn.TimedCopy(c, raddr, pc, 2*time.Minute)
+ pc.Close()
+ nm.Delete(raddr.String())
+ }()
+
+ } else {
+ pc = v.(*PktConn)
+ }
+
+ _, err = pc.WriteTo(buf[:n], pc.writeAddr)
+ if err != nil {
+ log.F("[socks5-udp] remote write error: %v", err)
+ continue
+ }
+
+ log.F("[socks5-udp] %s <-> %s", raddr, c.tgtAddr)
+ }
+
+}
+
+// Addr returns forwarder's address
+func (s *SOCKS5) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
+
+// NextDialer returns the next dialer
+func (s *SOCKS5) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial connects to the address addr on the network net via the SOCKS5 proxy.
+func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
+ switch network {
+ case "tcp", "tcp6", "tcp4":
+ default:
+ return nil, errors.New("[socks5]: no support for connection type " + network)
+ }
+
+ c, err := s.dialer.Dial(network, s.addr)
+ if err != nil {
+ log.F("dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ if err := s.connect(c, addr); err != nil {
+ c.Close()
+ return nil, err
+ }
+
+ return c, nil
+}
+
+// DialUDP connects to the given address via the proxy.
+func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ c, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ log.F("[socks5] dialudp dial tcp to %s error: %s", s.addr, err)
+ return nil, nil, err
+ }
+
+ // send VER, NMETHODS, METHODS
+ c.Write([]byte{5, 1, 0})
+
+ buf := make([]byte, socks.MaxAddrLen)
+ // read VER METHOD
+ if _, err := io.ReadFull(c, buf[:2]); err != nil {
+ return nil, nil, err
+ }
+
+ dstAddr := socks.ParseAddr(addr)
+ // write VER CMD RSV ATYP DST.ADDR DST.PORT
+ c.Write(append([]byte{5, socks.CmdUDPAssociate, 0}, dstAddr...))
+
+ // read VER REP RSV ATYP BND.ADDR BND.PORT
+ if _, err := io.ReadFull(c, buf[:3]); err != nil {
+ return nil, nil, err
+ }
+
+ rep := buf[1]
+ if rep != 0 {
+ log.F("[socks5] server reply: %d, not succeeded", rep)
+ return nil, nil, errors.New("server connect failed")
+ }
+
+ uAddr, err := socks.ReadAddrBuf(c, buf)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ pc, nextHop, err := s.dialer.DialUDP(network, uAddr.String())
+ if err != nil {
+ log.F("[socks5] dialudp to %s error: %s", uAddr.String(), err)
+ return nil, nil, err
+ }
+
+ pkc := NewPktConn(pc, nextHop, dstAddr, true, c)
+ return pkc, nextHop, err
+}
+
+// connect takes an existing connection to a socks5 proxy server,
+// and commands the server to extend that connection to target,
+// which must be a canonical address with a host and port.
+func (s *SOCKS5) connect(conn net.Conn, target string) error {
+ host, portStr, err := net.SplitHostPort(target)
+ if err != nil {
+ return err
+ }
+
+ port, err := strconv.Atoi(portStr)
+ if err != nil {
+ return errors.New("proxy: failed to parse port number: " + portStr)
+ }
+ if port < 1 || port > 0xffff {
+ return errors.New("proxy: port number out of range: " + portStr)
+ }
+
+ // the size here is just an estimate
+ buf := make([]byte, 0, 6+len(host))
+
+ buf = append(buf, Version)
+ if len(s.user) > 0 && len(s.user) < 256 && len(s.password) < 256 {
+ buf = append(buf, 2 /* num auth methods */, socks.AuthNone, socks.AuthPassword)
+ } else {
+ buf = append(buf, 1 /* num auth methods */, socks.AuthNone)
+ }
+
+ if _, err := conn.Write(buf); err != nil {
+ return errors.New("proxy: failed to write greeting to SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ if _, err := io.ReadFull(conn, buf[:2]); err != nil {
+ return errors.New("proxy: failed to read greeting from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+ if buf[0] != 5 {
+ return errors.New("proxy: SOCKS5 proxy at " + s.addr + " has unexpected version " + strconv.Itoa(int(buf[0])))
+ }
+ if buf[1] == 0xff {
+ return errors.New("proxy: SOCKS5 proxy at " + s.addr + " requires authentication")
+ }
+
+ if buf[1] == socks.AuthPassword {
+ buf = buf[:0]
+ buf = append(buf, 1 /* password protocol version */)
+ buf = append(buf, uint8(len(s.user)))
+ buf = append(buf, s.user...)
+ buf = append(buf, uint8(len(s.password)))
+ buf = append(buf, s.password...)
+
+ if _, err := conn.Write(buf); err != nil {
+ return errors.New("proxy: failed to write authentication request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ if _, err := io.ReadFull(conn, buf[:2]); err != nil {
+ return errors.New("proxy: failed to read authentication reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ if buf[1] != 0 {
+ return errors.New("proxy: SOCKS5 proxy at " + s.addr + " rejected username/password")
+ }
+ }
+
+ buf = buf[:0]
+ buf = append(buf, Version, socks.CmdConnect, 0 /* reserved */)
+
+ if ip := net.ParseIP(host); ip != nil {
+ if ip4 := ip.To4(); ip4 != nil {
+ buf = append(buf, socks.ATypIP4)
+ ip = ip4
+ } else {
+ buf = append(buf, socks.ATypIP6)
+ }
+ buf = append(buf, ip...)
+ } else {
+ if len(host) > 255 {
+ return errors.New("proxy: destination hostname too long: " + host)
+ }
+ buf = append(buf, socks.ATypDomain)
+ buf = append(buf, byte(len(host)))
+ buf = append(buf, host...)
+ }
+ buf = append(buf, byte(port>>8), byte(port))
+
+ if _, err := conn.Write(buf); err != nil {
+ return errors.New("proxy: failed to write connect request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ if _, err := io.ReadFull(conn, buf[:4]); err != nil {
+ return errors.New("proxy: failed to read connect reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ failure := "unknown error"
+ if int(buf[1]) < len(socks.Errors) {
+ failure = socks.Errors[buf[1]].Error()
+ }
+
+ if len(failure) > 0 {
+ return errors.New("proxy: SOCKS5 proxy at " + s.addr + " failed to connect: " + failure)
+ }
+
+ bytesToDiscard := 0
+ switch buf[3] {
+ case socks.ATypIP4:
+ bytesToDiscard = net.IPv4len
+ case socks.ATypIP6:
+ bytesToDiscard = net.IPv6len
+ case socks.ATypDomain:
+ _, err := io.ReadFull(conn, buf[:1])
+ if err != nil {
+ return errors.New("proxy: failed to read domain length from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+ bytesToDiscard = int(buf[0])
+ default:
+ return errors.New("proxy: got unknown address type " + strconv.Itoa(int(buf[3])) + " from SOCKS5 proxy at " + s.addr)
+ }
+
+ if cap(buf) < bytesToDiscard {
+ buf = make([]byte, bytesToDiscard)
+ } else {
+ buf = buf[:bytesToDiscard]
+ }
+ if _, err := io.ReadFull(conn, buf); err != nil {
+ return errors.New("proxy: failed to read address from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ // Also need to discard the port number
+ if _, err := io.ReadFull(conn, buf[:2]); err != nil {
+ return errors.New("proxy: failed to read port from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+ }
+
+ return nil
+}
+
+// Handshake fast-tracks SOCKS initialization to get target address to connect.
+func (s *SOCKS5) handshake(rw io.ReadWriter) (socks.Addr, error) {
+ // Read RFC 1928 for request and reply structure and sizes.
+ buf := make([]byte, socks.MaxAddrLen)
+ // read VER, NMETHODS, METHODS
+ if _, err := io.ReadFull(rw, buf[:2]); err != nil {
+ return nil, err
+ }
+ nmethods := buf[1]
+ if _, err := io.ReadFull(rw, buf[:nmethods]); err != nil {
+ return nil, err
+ }
+ // write VER METHOD
+ if _, err := rw.Write([]byte{5, 0}); err != nil {
+ return nil, err
+ }
+ // read VER CMD RSV ATYP DST.ADDR DST.PORT
+ if _, err := io.ReadFull(rw, buf[:3]); err != nil {
+ return nil, err
+ }
+ cmd := buf[1]
+ addr, err := socks.ReadAddrBuf(rw, buf)
+ if err != nil {
+ return nil, err
+ }
+ switch cmd {
+ case socks.CmdConnect:
+ _, err = rw.Write([]byte{5, 0, 0, 1, 0, 0, 0, 0, 0, 0}) // SOCKS v5, reply succeeded
+ case socks.CmdUDPAssociate:
+ listenAddr := socks.ParseAddr(rw.(net.Conn).LocalAddr().String())
+ _, err = rw.Write(append([]byte{5, 0, 0}, listenAddr...)) // SOCKS v5, reply succeeded
+ if err != nil {
+ return nil, socks.Errors[7]
+ }
+ err = socks.Errors[9]
+ default:
+ return nil, socks.Errors[7]
+ }
+
+ return addr, err // skip VER, CMD, RSV fields
+}
diff --git a/proxy/ss/dialer.go b/proxy/ss/dialer.go
deleted file mode 100644
index a9e89bd..0000000
--- a/proxy/ss/dialer.go
+++ /dev/null
@@ -1,86 +0,0 @@
-package ss
-
-import (
- "errors"
- "net"
-
- "github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/common/socks"
- "github.com/nadoo/glider/proxy"
-)
-
-func init() {
- proxy.RegisterDialer("ss", CreateDialer)
-}
-
-// Dialer struct
-type Dialer struct {
- *SS
- dialer proxy.Dialer
-}
-
-// NewDialer returns a proxy dialer
-func NewDialer(s string, dialer proxy.Dialer) (*Dialer, error) {
- h, err := NewSS(s)
- if err != nil {
- return nil, err
- }
-
- d := &Dialer{SS: h, dialer: dialer}
- return d, nil
-}
-
-// CreateDialer returns a proxy dialer
-func CreateDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewDialer(s, dialer)
-}
-
-// Addr returns dialer's address
-func (s *Dialer) Addr() string {
- if s.addr == "" {
- return s.dialer.Addr()
- }
- return s.addr
-}
-
-// NextDialer returns the next dialer
-func (s *Dialer) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-
-// Dial establishes a connection to the addr
-func (s *Dialer) Dial(network, addr string) (net.Conn, error) {
- target := socks.ParseAddr(addr)
- if target == nil {
- return nil, errors.New("[ss] unable to parse address: " + addr)
- }
-
- if network == "uot" {
- target[0] = target[0] | 0x8
- }
-
- c, err := s.dialer.Dial("tcp", s.addr)
- if err != nil {
- log.F("[ss] dial to %s error: %s", s.addr, err)
- return nil, err
- }
-
- c = s.StreamConn(c)
- if _, err = c.Write(target); err != nil {
- c.Close()
- return nil, err
- }
-
- return c, err
-
-}
-
-// DialUDP returns a PacketConn to the addr
-func (s *Dialer) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- pc, nextHop, err := s.dialer.DialUDP(network, s.addr)
- if err != nil {
- log.F("[ss] dialudp to %s error: %s", s.addr, err)
- return nil, nil, err
- }
-
- pkc := NewPktConn(s.PacketConn(pc), nextHop, socks.ParseAddr(addr), true)
- return pkc, nextHop, err
-}
diff --git a/proxy/ss/server.go b/proxy/ss/server.go
deleted file mode 100644
index e593ca6..0000000
--- a/proxy/ss/server.go
+++ /dev/null
@@ -1,194 +0,0 @@
-package ss
-
-import (
- "net"
- "sync"
- "time"
-
- "github.com/nadoo/glider/common/conn"
- "github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/common/socks"
- "github.com/nadoo/glider/proxy"
-)
-
-func init() {
- proxy.RegisterServer("ss", CreateServer)
-}
-
-// Server struct
-type Server struct {
- *SS
- *proxy.Forwarder
-}
-
-// NewServer returns a local proxy server
-func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
- h, err := NewSS(s)
- if err != nil {
- return nil, err
- }
- server := &Server{SS: h, Forwarder: f}
- return server, nil
-}
-
-// CreateServer returns a local proxy server
-func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
- return NewServer(s, f)
-}
-
-// ListenAndServe serves requests from clients
-func (s *Server) ListenAndServe() {
- go s.ListenAndServeUDP()
- s.ListenAndServeTCP()
-}
-
-// ListenAndServeTCP serves tcp requests
-func (s *Server) ListenAndServeTCP() {
- l, err := net.Listen("tcp", s.addr)
- if err != nil {
- log.F("[ss] failed to listen on %s: %v", s.addr, err)
- return
- }
-
- log.F("[ss] listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
- if err != nil {
- log.F("[ss] failed to accept: %v", err)
- continue
- }
- go s.ServeTCP(c)
- }
-}
-
-// ServeTCP serves tcp requests
-func (s *Server) ServeTCP(c net.Conn) {
- defer c.Close()
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- c = s.StreamConn(c)
-
- tgt, err := socks.ReadAddr(c)
- if err != nil {
- log.F("[ss] failed to get target address: %v", err)
- return
- }
-
- dialer := s.NextDialer(tgt.String())
-
- // udp over tcp?
- uot := socks.UoT(tgt[0])
- if uot && dialer.Addr() == "DIRECT" {
- rc, err := net.ListenPacket("udp", "")
- if err != nil {
- log.F("[ss-uottun] UDP remote listen error: %v", err)
- }
- defer rc.Close()
-
- req := make([]byte, conn.UDPBufSize)
- n, err := c.Read(req)
- if err != nil {
- log.F("[ss-uottun] error in ioutil.ReadAll: %s\n", err)
- return
- }
-
- tgtAddr, _ := net.ResolveUDPAddr("udp", tgt.String())
- rc.WriteTo(req[:n], tgtAddr)
-
- buf := make([]byte, conn.UDPBufSize)
- n, _, err = rc.ReadFrom(buf)
- if err != nil {
- log.F("[ss-uottun] read error: %v", err)
- }
-
- c.Write(buf[:n])
-
- log.F("[ss] %s <-tcp-> %s - %s <-udp-> %s ", c.RemoteAddr(), c.LocalAddr(), rc.LocalAddr(), tgt)
-
- return
- }
-
- network := "tcp"
- if uot {
- network = "udp"
- }
-
- rc, err := dialer.Dial(network, tgt.String())
- if err != nil {
- log.F("[ss] failed to connect to target: %v", err)
- return
- }
- defer rc.Close()
-
- log.F("[ss] %s <-> %s", c.RemoteAddr(), tgt)
-
- _, _, err = conn.Relay(c, rc)
- if err != nil {
- if err, ok := err.(net.Error); ok && err.Timeout() {
- return // ignore i/o timeout
- }
- log.F("[ss] relay error: %v", err)
- }
-
-}
-
-// ListenAndServeUDP serves udp requests
-func (s *Server) ListenAndServeUDP() {
- lc, err := net.ListenPacket("udp", s.addr)
- if err != nil {
- log.F("[ss-udp] failed to listen on %s: %v", s.addr, err)
- return
- }
- defer lc.Close()
-
- lc = s.PacketConn(lc)
-
- log.F("[ss-udp] listening UDP on %s", s.addr)
-
- var nm sync.Map
- buf := make([]byte, conn.UDPBufSize)
-
- for {
- c := NewPktConn(lc, nil, nil, true)
-
- n, raddr, err := c.ReadFrom(buf)
- if err != nil {
- log.F("[ss-udp] remote read error: %v", err)
- continue
- }
-
- var pc *PktConn
- v, ok := nm.Load(raddr.String())
- if !ok && v == nil {
- lpc, nextHop, err := s.DialUDP("udp", c.tgtAddr.String())
- if err != nil {
- log.F("[ss-udp] remote dial error: %v", err)
- continue
- }
-
- pc = NewPktConn(lpc, nextHop, nil, false)
- nm.Store(raddr.String(), pc)
-
- go func() {
- conn.TimedCopy(c, raddr, pc, 2*time.Minute)
- pc.Close()
- nm.Delete(raddr.String())
- }()
-
- } else {
- pc = v.(*PktConn)
- }
-
- _, err = pc.WriteTo(buf[:n], pc.writeAddr)
- if err != nil {
- log.F("[ss-udp] remote write error: %v", err)
- continue
- }
-
- log.F("[ss-udp] %s <-> %s", raddr, c.tgtAddr)
- }
-}
diff --git a/proxy/ss/ss.go b/proxy/ss/ss.go
index b8b2b63..919ac95 100644
--- a/proxy/ss/ss.go
+++ b/proxy/ss/ss.go
@@ -1,22 +1,36 @@
package ss
import (
+ "errors"
+ "net"
"net/url"
"strings"
+ "sync"
+ "time"
"github.com/shadowsocks/go-shadowsocks2/core"
+ "github.com/nadoo/glider/common/conn"
"github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/common/socks"
+ "github.com/nadoo/glider/proxy"
)
// SS .
type SS struct {
- addr string
+ dialer proxy.Dialer
+ addr string
+
core.Cipher
}
+func init() {
+ proxy.RegisterDialer("ss", NewSSDialer)
+ proxy.RegisterServer("ss", NewSSServer)
+}
+
// NewSS returns a shadowsocks proxy.
-func NewSS(s string) (*SS, error) {
+func NewSS(s string, dialer proxy.Dialer) (*SS, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -33,6 +47,7 @@ func NewSS(s string) (*SS, error) {
}
p := &SS{
+ dialer: dialer,
addr: addr,
Cipher: ciph,
}
@@ -40,7 +55,224 @@ func NewSS(s string) (*SS, error) {
return p, nil
}
+// NewSSDialer returns a ss proxy dialer.
+func NewSSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewSS(s, dialer)
+}
+
+// NewSSServer returns a ss proxy server.
+func NewSSServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewSS(s, dialer)
+}
+
+// ListenAndServe serves ss requests.
+func (s *SS) ListenAndServe() {
+ go s.ListenAndServeUDP()
+ s.ListenAndServeTCP()
+}
+
+// ListenAndServeTCP serves tcp ss requests.
+func (s *SS) ListenAndServeTCP() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ log.F("[ss] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+
+ log.F("[ss] listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[ss] failed to accept: %v", err)
+ continue
+ }
+ go s.ServeTCP(c)
+ }
+}
+
+// ServeTCP serves tcp ss requests.
+func (s *SS) ServeTCP(c net.Conn) {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ c = s.StreamConn(c)
+
+ tgt, err := socks.ReadAddr(c)
+ if err != nil {
+ log.F("[ss] failed to get target address: %v", err)
+ return
+ }
+
+ dialer := s.dialer.NextDialer(tgt.String())
+
+ // udp over tcp?
+ uot := socks.UoT(tgt[0])
+ if uot && dialer.Addr() == "DIRECT" {
+ rc, err := net.ListenPacket("udp", "")
+ if err != nil {
+ log.F("[ss-uottun] UDP remote listen error: %v", err)
+ }
+ defer rc.Close()
+
+ req := make([]byte, conn.UDPBufSize)
+ n, err := c.Read(req)
+ if err != nil {
+ log.F("[ss-uottun] error in ioutil.ReadAll: %s\n", err)
+ return
+ }
+
+ tgtAddr, _ := net.ResolveUDPAddr("udp", tgt.String())
+ rc.WriteTo(req[:n], tgtAddr)
+
+ buf := make([]byte, conn.UDPBufSize)
+ n, _, err = rc.ReadFrom(buf)
+ if err != nil {
+ log.F("[ss-uottun] read error: %v", err)
+ }
+
+ c.Write(buf[:n])
+
+ log.F("[ss] %s <-tcp-> %s - %s <-udp-> %s ", c.RemoteAddr(), c.LocalAddr(), rc.LocalAddr(), tgt)
+
+ return
+ }
+
+ network := "tcp"
+ if uot {
+ network = "udp"
+ }
+
+ rc, err := dialer.Dial(network, tgt.String())
+ if err != nil {
+ log.F("[ss] failed to connect to target: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ log.F("[ss] %s <-> %s", c.RemoteAddr(), tgt)
+
+ _, _, err = conn.Relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ log.F("[ss] relay error: %v", err)
+ }
+
+}
+
+// ListenAndServeUDP serves udp ss requests.
+func (s *SS) ListenAndServeUDP() {
+ lc, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ log.F("[ss-udp] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer lc.Close()
+
+ lc = s.PacketConn(lc)
+
+ log.F("[ss-udp] listening UDP on %s", s.addr)
+
+ var nm sync.Map
+ buf := make([]byte, conn.UDPBufSize)
+
+ for {
+ c := NewPktConn(lc, nil, nil, true)
+
+ n, raddr, err := c.ReadFrom(buf)
+ if err != nil {
+ log.F("[ss-udp] remote read error: %v", err)
+ continue
+ }
+
+ var pc *PktConn
+ v, ok := nm.Load(raddr.String())
+ if !ok && v == nil {
+ lpc, nextHop, err := s.dialer.DialUDP("udp", c.tgtAddr.String())
+ if err != nil {
+ log.F("[ss-udp] remote dial error: %v", err)
+ continue
+ }
+
+ pc = NewPktConn(lpc, nextHop, nil, false)
+ nm.Store(raddr.String(), pc)
+
+ go func() {
+ conn.TimedCopy(c, raddr, pc, 2*time.Minute)
+ pc.Close()
+ nm.Delete(raddr.String())
+ }()
+
+ } else {
+ pc = v.(*PktConn)
+ }
+
+ _, err = pc.WriteTo(buf[:n], pc.writeAddr)
+ if err != nil {
+ log.F("[ss-udp] remote write error: %v", err)
+ continue
+ }
+
+ log.F("[ss-udp] %s <-> %s", raddr, c.tgtAddr)
+ }
+}
+
// ListCipher .
func ListCipher() string {
return strings.Join(core.ListCipher(), " ")
}
+
+// Addr returns forwarder's address
+func (s *SS) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
+
+// NextDialer returns the next dialer
+func (s *SS) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial connects to the address addr on the network net via the proxy.
+func (s *SS) Dial(network, addr string) (net.Conn, error) {
+ target := socks.ParseAddr(addr)
+ if target == nil {
+ return nil, errors.New("[ss] unable to parse address: " + addr)
+ }
+
+ if network == "uot" {
+ target[0] = target[0] | 0x8
+ }
+
+ c, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ log.F("[ss] dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ c = s.StreamConn(c)
+ if _, err = c.Write(target); err != nil {
+ c.Close()
+ return nil, err
+ }
+
+ return c, err
+
+}
+
+// DialUDP connects to the given address via the proxy.
+func (s *SS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ pc, nextHop, err := s.dialer.DialUDP(network, s.addr)
+ if err != nil {
+ log.F("[ss] dialudp to %s error: %s", s.addr, err)
+ return nil, nil, err
+ }
+
+ pkc := NewPktConn(s.PacketConn(pc), nextHop, socks.ParseAddr(addr), true)
+ return pkc, nextHop, err
+}
diff --git a/proxy/ssr/dialer.go b/proxy/ssr/dialer.go
deleted file mode 100644
index fbe29e0..0000000
--- a/proxy/ssr/dialer.go
+++ /dev/null
@@ -1,130 +0,0 @@
-package ssr
-
-import (
- "errors"
- "net"
- "strconv"
- "strings"
-
- shadowsocksr "github.com/sun8911879/shadowsocksR"
- "github.com/sun8911879/shadowsocksR/obfs"
- "github.com/sun8911879/shadowsocksR/protocol"
- "github.com/sun8911879/shadowsocksR/ssr"
-
- "github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/common/socks"
- "github.com/nadoo/glider/proxy"
-)
-
-func init() {
- proxy.RegisterDialer("ssr", CreateDialer)
-}
-
-// Dialer struct
-type Dialer struct {
- *SSR
- dialer proxy.Dialer
-}
-
-// NewDialer returns a proxy dialer
-func NewDialer(s string, dialer proxy.Dialer) (*Dialer, error) {
- h, err := NewSSR(s)
- if err != nil {
- return nil, err
- }
-
- d := &Dialer{SSR: h, dialer: dialer}
- return d, nil
-}
-
-// CreateDialer returns a proxy dialer
-func CreateDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewDialer(s, dialer)
-}
-
-// Addr returns dialer's address
-func (s *Dialer) Addr() string {
- if s.addr == "" {
- return s.dialer.Addr()
- }
- return s.addr
-}
-
-// NextDialer returns the next dialer
-func (s *Dialer) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-
-// Dial establishes a connection to the addr
-func (s *Dialer) Dial(network, addr string) (net.Conn, error) {
- target := socks.ParseAddr(addr)
- if target == nil {
- return nil, errors.New("[ssr] unable to parse address: " + addr)
- }
-
- cipher, err := shadowsocksr.NewStreamCipher(s.EncryptMethod, s.EncryptPassword)
- if err != nil {
- return nil, err
- }
-
- c, err := s.dialer.Dial("tcp", s.addr)
- if err != nil {
- log.F("[ssr] dial to %s error: %s", s.addr, err)
- return nil, err
- }
-
- ssrconn := shadowsocksr.NewSSTCPConn(c, cipher)
- if ssrconn.Conn == nil || ssrconn.RemoteAddr() == nil {
- return nil, errors.New("[ssr] nil connection")
- }
-
- // should initialize obfs/protocol now
- rs := strings.Split(ssrconn.RemoteAddr().String(), ":")
- port, _ := strconv.Atoi(rs[1])
-
- ssrconn.IObfs = obfs.NewObfs(s.Obfs)
- if ssrconn.IObfs == nil {
- return nil, errors.New("[ssr] unsupported obfs type: " + s.Obfs)
- }
-
- obfsServerInfo := &ssr.ServerInfoForObfs{
- Host: rs[0],
- Port: uint16(port),
- TcpMss: 1460,
- Param: s.ObfsParam,
- }
- ssrconn.IObfs.SetServerInfo(obfsServerInfo)
-
- ssrconn.IProtocol = protocol.NewProtocol(s.Protocol)
- if ssrconn.IProtocol == nil {
- return nil, errors.New("[ssr] unsupported protocol type: " + s.Protocol)
- }
-
- protocolServerInfo := &ssr.ServerInfoForObfs{
- Host: rs[0],
- Port: uint16(port),
- TcpMss: 1460,
- Param: s.ProtocolParam,
- }
- ssrconn.IProtocol.SetServerInfo(protocolServerInfo)
-
- if s.ObfsData == nil {
- s.ObfsData = ssrconn.IObfs.GetData()
- }
- ssrconn.IObfs.SetData(s.ObfsData)
-
- if s.ProtocolData == nil {
- s.ProtocolData = ssrconn.IProtocol.GetData()
- }
- ssrconn.IProtocol.SetData(s.ProtocolData)
-
- if _, err := ssrconn.Write(target); err != nil {
- ssrconn.Close()
- return nil, err
- }
-
- return ssrconn, err
-}
-
-// DialUDP returns a PacketConn to the addr
-func (s *Dialer) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- return nil, nil, errors.New("[ssr] udp not supported now")
-}
diff --git a/proxy/ssr/ssr.go b/proxy/ssr/ssr.go
index c392174..216cae0 100644
--- a/proxy/ssr/ssr.go
+++ b/proxy/ssr/ssr.go
@@ -1,14 +1,26 @@
package ssr
import (
+ "errors"
+ "net"
"net/url"
+ "strconv"
+ "strings"
+
+ shadowsocksr "github.com/sun8911879/shadowsocksR"
+ "github.com/sun8911879/shadowsocksR/obfs"
+ "github.com/sun8911879/shadowsocksR/protocol"
+ "github.com/sun8911879/shadowsocksR/ssr"
"github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/common/socks"
+ "github.com/nadoo/glider/proxy"
)
// SSR .
type SSR struct {
- addr string
+ dialer proxy.Dialer
+ addr string
EncryptMethod string
EncryptPassword string
@@ -20,8 +32,12 @@ type SSR struct {
ProtocolData interface{}
}
+func init() {
+ proxy.RegisterDialer("ssr", NewSSRDialer)
+}
+
// NewSSR returns a shadowsocksr proxy, ssr://method:pass@host:port/query
-func NewSSR(s string) (*SSR, error) {
+func NewSSR(s string, dialer proxy.Dialer) (*SSR, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -33,6 +49,7 @@ func NewSSR(s string) (*SSR, error) {
pass, _ := u.User.Password()
p := &SSR{
+ dialer: dialer,
addr: addr,
EncryptMethod: method,
EncryptPassword: pass,
@@ -46,3 +63,95 @@ func NewSSR(s string) (*SSR, error) {
return p, nil
}
+
+// NewSSRDialer returns a ssr proxy dialer.
+func NewSSRDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewSSR(s, dialer)
+}
+
+// Addr returns forwarder's address
+func (s *SSR) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
+
+// NextDialer returns the next dialer
+func (s *SSR) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial connects to the address addr on the network net via the proxy.
+func (s *SSR) Dial(network, addr string) (net.Conn, error) {
+ target := socks.ParseAddr(addr)
+ if target == nil {
+ return nil, errors.New("[ssr] unable to parse address: " + addr)
+ }
+
+ cipher, err := shadowsocksr.NewStreamCipher(s.EncryptMethod, s.EncryptPassword)
+ if err != nil {
+ return nil, err
+ }
+
+ c, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ log.F("[ssr] dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ ssrconn := shadowsocksr.NewSSTCPConn(c, cipher)
+ if ssrconn.Conn == nil || ssrconn.RemoteAddr() == nil {
+ return nil, errors.New("[ssr] nil connection")
+ }
+
+ // should initialize obfs/protocol now
+ rs := strings.Split(ssrconn.RemoteAddr().String(), ":")
+ port, _ := strconv.Atoi(rs[1])
+
+ ssrconn.IObfs = obfs.NewObfs(s.Obfs)
+ if ssrconn.IObfs == nil {
+ return nil, errors.New("[ssr] unsupported obfs type: " + s.Obfs)
+ }
+
+ obfsServerInfo := &ssr.ServerInfoForObfs{
+ Host: rs[0],
+ Port: uint16(port),
+ TcpMss: 1460,
+ Param: s.ObfsParam,
+ }
+ ssrconn.IObfs.SetServerInfo(obfsServerInfo)
+
+ ssrconn.IProtocol = protocol.NewProtocol(s.Protocol)
+ if ssrconn.IProtocol == nil {
+ return nil, errors.New("[ssr] unsupported protocol type: " + s.Protocol)
+ }
+
+ protocolServerInfo := &ssr.ServerInfoForObfs{
+ Host: rs[0],
+ Port: uint16(port),
+ TcpMss: 1460,
+ Param: s.ProtocolParam,
+ }
+ ssrconn.IProtocol.SetServerInfo(protocolServerInfo)
+
+ if s.ObfsData == nil {
+ s.ObfsData = ssrconn.IObfs.GetData()
+ }
+ ssrconn.IObfs.SetData(s.ObfsData)
+
+ if s.ProtocolData == nil {
+ s.ProtocolData = ssrconn.IProtocol.GetData()
+ }
+ ssrconn.IProtocol.SetData(s.ProtocolData)
+
+ if _, err := ssrconn.Write(target); err != nil {
+ ssrconn.Close()
+ return nil, err
+ }
+
+ return ssrconn, err
+}
+
+// DialUDP connects to the given address via the proxy.
+func (s *SSR) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ return nil, nil, errors.New("[ssr] udp not supported now")
+}
diff --git a/proxy/tcptun/server.go b/proxy/tcptun/server.go
deleted file mode 100644
index 6964427..0000000
--- a/proxy/tcptun/server.go
+++ /dev/null
@@ -1,80 +0,0 @@
-package tcptun
-
-import (
- "net"
-
- "github.com/nadoo/glider/common/conn"
- "github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/proxy"
-)
-
-func init() {
- proxy.RegisterServer("tcptun", CreateServer)
-}
-
-// Server struct
-type Server struct {
- *TCPTun
- *proxy.Forwarder
-}
-
-// NewServer returns a local proxy server
-func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
- h, err := NewTCPTun(s)
- if err != nil {
- return nil, err
- }
- server := &Server{TCPTun: h, Forwarder: f}
- return server, nil
-}
-
-// CreateServer returns a local proxy server
-func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
- return NewServer(s, f)
-}
-
-// ListenAndServe serves requests from clients
-func (s *Server) ListenAndServe() {
- l, err := net.Listen("tcp", s.addr)
- if err != nil {
- log.F("failed to listen on %s: %v", s.addr, err)
- return
- }
-
- log.F("listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
- if err != nil {
- log.F("failed to accept: %v", err)
- continue
- }
-
- go func() {
- defer c.Close()
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- rc, err := s.Dial("tcp", s.raddr)
- if err != nil {
-
- log.F("failed to connect to target: %v", err)
- return
- }
- defer rc.Close()
-
- log.F("[tcptun] %s <-> %s", c.RemoteAddr(), s.raddr)
-
- _, _, err = conn.Relay(c, rc)
- if err != nil {
- if err, ok := err.(net.Error); ok && err.Timeout() {
- return // ignore i/o timeout
- }
- log.F("relay error: %v", err)
- }
-
- }()
- }
-}
diff --git a/proxy/tcptun/tcptun.go b/proxy/tcptun/tcptun.go
index abbc409..2f2a6c7 100644
--- a/proxy/tcptun/tcptun.go
+++ b/proxy/tcptun/tcptun.go
@@ -1,20 +1,29 @@
package tcptun
import (
+ "net"
"net/url"
"strings"
+ "github.com/nadoo/glider/common/conn"
"github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
)
// TCPTun struct
type TCPTun struct {
- addr string
+ dialer proxy.Dialer
+ addr string
+
raddr string
}
+func init() {
+ proxy.RegisterServer("tcptun", NewTCPTunServer)
+}
+
// NewTCPTun returns a tcptun proxy.
-func NewTCPTun(s string) (*TCPTun, error) {
+func NewTCPTun(s string, dialer proxy.Dialer) (*TCPTun, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -25,9 +34,61 @@ func NewTCPTun(s string) (*TCPTun, error) {
d := strings.Split(addr, "=")
p := &TCPTun{
- addr: d[0],
- raddr: d[1],
+ dialer: dialer,
+ addr: d[0],
+ raddr: d[1],
}
return p, nil
}
+
+// NewTCPTunServer returns a udp tunnel server.
+func NewTCPTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewTCPTun(s, dialer)
+}
+
+// ListenAndServe .
+func (s *TCPTun) ListenAndServe() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ log.F("failed to listen on %s: %v", s.addr, err)
+ return
+ }
+
+ log.F("listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("failed to accept: %v", err)
+ continue
+ }
+
+ go func() {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ rc, err := s.dialer.Dial("tcp", s.raddr)
+ if err != nil {
+
+ log.F("failed to connect to target: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ log.F("[tcptun] %s <-> %s", c.RemoteAddr(), s.raddr)
+
+ _, _, err = conn.Relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ log.F("relay error: %v", err)
+ }
+
+ }()
+ }
+}
diff --git a/proxy/tls/dialer.go b/proxy/tls/dialer.go
deleted file mode 100644
index fbec203..0000000
--- a/proxy/tls/dialer.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package tls
-
-import (
- stdtls "crypto/tls"
- "errors"
- "net"
-
- "github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/proxy"
-)
-
-func init() {
- proxy.RegisterDialer("tls", CreateDialer)
-}
-
-// Dialer struct
-type Dialer struct {
- *TLS
- dialer proxy.Dialer
-}
-
-// NewDialer returns a proxy dialer
-func NewDialer(s string, dialer proxy.Dialer) (*Dialer, error) {
- h, err := NewTLS(s)
- if err != nil {
- return nil, err
- }
-
- d := &Dialer{TLS: h, dialer: dialer}
- return d, nil
-}
-
-// CreateDialer returns a proxy dialer
-func CreateDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewDialer(s, dialer)
-}
-
-// Addr returns dialer's address
-func (s *Dialer) Addr() string { return s.addr }
-
-// NextDialer returns the next dialer
-func (s *Dialer) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-
-// Dial establishes a connection to the addr
-func (s *Dialer) Dial(network, addr string) (net.Conn, error) {
- cc, err := s.dialer.Dial("tcp", s.addr)
- if err != nil {
- log.F("[tls] dial to %s error: %s", s.addr, err)
- return nil, err
- }
-
- conf := &stdtls.Config{
- ServerName: s.serverName,
- InsecureSkipVerify: s.skipVerify,
- }
-
- c := stdtls.Client(cc, conf)
- err = c.Handshake()
- return c, err
-}
-
-// DialUDP returns a PacketConn to the addr
-func (s *Dialer) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- return nil, nil, errors.New("tls client does not support udp now")
-}
diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go
index 9dda7f5..d4f8cab 100644
--- a/proxy/tls/tls.go
+++ b/proxy/tls/tls.go
@@ -1,22 +1,31 @@
package tls
import (
+ stdtls "crypto/tls"
+ "errors"
+ "net"
"net/url"
"strings"
"github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
)
// TLS .
type TLS struct {
- addr string
+ dialer proxy.Dialer
+ addr string
serverName string
skipVerify bool
}
+func init() {
+ proxy.RegisterDialer("tls", NewTLSDialer)
+}
+
// NewTLS returns a tls proxy.
-func NewTLS(s string) (*TLS, error) {
+func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse url err: %s", err)
@@ -35,6 +44,7 @@ func NewTLS(s string) (*TLS, error) {
serverName := addr[:colonPos]
p := &TLS{
+ dialer: dialer,
addr: addr,
serverName: serverName,
skipVerify: false,
@@ -46,3 +56,37 @@ func NewTLS(s string) (*TLS, error) {
return p, nil
}
+
+// NewTLSDialer returns a tls proxy dialer.
+func NewTLSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewTLS(s, dialer)
+}
+
+// Addr returns forwarder's address
+func (s *TLS) Addr() string { return s.addr }
+
+// NextDialer returns the next dialer
+func (s *TLS) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial connects to the address addr on the network net via the proxy.
+func (s *TLS) Dial(network, addr string) (net.Conn, error) {
+ cc, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ log.F("[tls] dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ conf := &stdtls.Config{
+ ServerName: s.serverName,
+ InsecureSkipVerify: s.skipVerify,
+ }
+
+ c := stdtls.Client(cc, conf)
+ err = c.Handshake()
+ return c, err
+}
+
+// DialUDP connects to the given address via the proxy.
+func (s *TLS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ return nil, nil, errors.New("tls client does not support udp now")
+}
diff --git a/proxy/tproxy/server_linux.go b/proxy/tproxy/tproxy_linux.go
similarity index 88%
rename from proxy/tproxy/server_linux.go
rename to proxy/tproxy/tproxy_linux.go
index 14b9265..6398eb4 100644
--- a/proxy/tproxy/server_linux.go
+++ b/proxy/tproxy/tproxy_linux.go
@@ -17,18 +17,18 @@ import (
"github.com/nadoo/glider/proxy"
)
+// TProxy struct
+type TProxy struct {
+ dialer proxy.Dialer
+ addr string
+}
+
func init() {
- proxy.RegisterServer("tproxy", CreateServer)
+ proxy.RegisterServer("tproxy", NewTProxyServer)
}
-// Server struct
-type Server struct {
- addr string
- *proxy.Forwarder
-}
-
-// NewServer returns a local proxy server
-func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
+// NewTProxy returns a tproxy.
+func NewTProxy(s string, dialer proxy.Dialer) (*TProxy, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -37,32 +37,32 @@ func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
addr := u.Host
- p := &Server{
- addr: addr,
- Forwarder: f,
+ p := &TProxy{
+ dialer: dialer,
+ addr: addr,
}
return p, nil
}
-// CreateServer returns a local proxy server
-func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
- return NewServer(s, f)
+// NewTProxyServer returns a udp tunnel server.
+func NewTProxyServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewTProxy(s, dialer)
}
// ListenAndServe .
-func (s *Server) ListenAndServe() {
+func (s *TProxy) ListenAndServe() {
// go s.ListenAndServeTCP()
s.ListenAndServeUDP()
}
// ListenAndServeTCP .
-func (s *Server) ListenAndServeTCP() {
+func (s *TProxy) ListenAndServeTCP() {
log.F("[tproxy] tcp mode not supported now, please use 'redir' instead")
}
// ListenAndServeUDP .
-func (s *Server) ListenAndServeUDP() {
+func (s *TProxy) ListenAndServeUDP() {
laddr, err := net.ResolveUDPAddr("udp", s.addr)
if err != nil {
log.F("[tproxy] failed to resolve addr %s: %v", s.addr, err)
diff --git a/proxy/udptun/server.go b/proxy/udptun/server.go
deleted file mode 100644
index 5819c9d..0000000
--- a/proxy/udptun/server.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package udptun
-
-import (
- "net"
- "sync"
- "time"
-
- "github.com/nadoo/glider/common/conn"
- "github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/proxy"
-)
-
-func init() {
- proxy.RegisterServer("udptun", CreateServer)
-}
-
-// Server struct
-type Server struct {
- *UDPTun
- *proxy.Forwarder
-}
-
-// NewServer returns a local proxy server
-func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
- h, err := NewUDPTun(s)
- if err != nil {
- return nil, err
- }
- server := &Server{UDPTun: h, Forwarder: f}
- return server, nil
-}
-
-// CreateServer returns a local proxy server
-func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
- return NewServer(s, f)
-}
-
-// ListenAndServe serves requests from clients
-func (s *Server) ListenAndServe() {
- c, err := net.ListenPacket("udp", s.addr)
- if err != nil {
- log.F("[udptun] failed to listen on %s: %v", s.addr, err)
- return
- }
- defer c.Close()
-
- log.F("[udptun] listening UDP on %s", s.addr)
-
- var nm sync.Map
- buf := make([]byte, conn.UDPBufSize)
-
- for {
- n, raddr, err := c.ReadFrom(buf)
- if err != nil {
- log.F("[udptun] read error: %v", err)
- continue
- }
-
- var pc net.PacketConn
- var writeAddr net.Addr
-
- v, ok := nm.Load(raddr.String())
- if !ok && v == nil {
-
- pc, writeAddr, err = s.DialUDP("udp", s.raddr)
- if err != nil {
- log.F("[udptun] remote dial error: %v", err)
- continue
- }
-
- nm.Store(raddr.String(), pc)
-
- go func() {
- conn.TimedCopy(c, raddr, pc, 2*time.Minute)
- pc.Close()
- nm.Delete(raddr.String())
- }()
-
- } else {
- pc = v.(net.PacketConn)
- }
-
- _, err = pc.WriteTo(buf[:n], writeAddr)
- if err != nil {
- log.F("[udptun] remote write error: %v", err)
- continue
- }
-
- log.F("[udptun] %s <-> %s", raddr, s.raddr)
-
- }
-}
diff --git a/proxy/udptun/udptun.go b/proxy/udptun/udptun.go
index 60afe10..8fb72ff 100644
--- a/proxy/udptun/udptun.go
+++ b/proxy/udptun/udptun.go
@@ -1,20 +1,31 @@
package udptun
import (
+ "net"
"net/url"
"strings"
+ "sync"
+ "time"
+ "github.com/nadoo/glider/common/conn"
"github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
)
// UDPTun struct
type UDPTun struct {
- addr string
+ dialer proxy.Dialer
+ addr string
+
raddr string
}
+func init() {
+ proxy.RegisterServer("udptun", NewUDPTunServer)
+}
+
// NewUDPTun returns a UDPTun proxy.
-func NewUDPTun(s string) (*UDPTun, error) {
+func NewUDPTun(s string, dialer proxy.Dialer) (*UDPTun, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -25,9 +36,71 @@ func NewUDPTun(s string) (*UDPTun, error) {
d := strings.Split(addr, "=")
p := &UDPTun{
- addr: d[0],
- raddr: d[1],
+ dialer: dialer,
+ addr: d[0],
+ raddr: d[1],
}
return p, nil
}
+
+// NewUDPTunServer returns a udp tunnel server.
+func NewUDPTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewUDPTun(s, dialer)
+}
+
+// ListenAndServe .
+func (s *UDPTun) ListenAndServe() {
+ c, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ log.F("[udptun] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer c.Close()
+
+ log.F("[udptun] listening UDP on %s", s.addr)
+
+ var nm sync.Map
+ buf := make([]byte, conn.UDPBufSize)
+
+ for {
+ n, raddr, err := c.ReadFrom(buf)
+ if err != nil {
+ log.F("[udptun] read error: %v", err)
+ continue
+ }
+
+ var pc net.PacketConn
+ var writeAddr net.Addr
+
+ v, ok := nm.Load(raddr.String())
+ if !ok && v == nil {
+
+ pc, writeAddr, err = s.dialer.DialUDP("udp", s.raddr)
+ if err != nil {
+ log.F("[udptun] remote dial error: %v", err)
+ continue
+ }
+
+ nm.Store(raddr.String(), pc)
+
+ go func() {
+ conn.TimedCopy(c, raddr, pc, 2*time.Minute)
+ pc.Close()
+ nm.Delete(raddr.String())
+ }()
+
+ } else {
+ pc = v.(net.PacketConn)
+ }
+
+ _, err = pc.WriteTo(buf[:n], writeAddr)
+ if err != nil {
+ log.F("[udptun] remote write error: %v", err)
+ continue
+ }
+
+ log.F("[udptun] %s <-> %s", raddr, s.raddr)
+
+ }
+}
diff --git a/proxy/uottun/server.go b/proxy/uottun/server.go
deleted file mode 100644
index eb0bddf..0000000
--- a/proxy/uottun/server.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package uottun
-
-import (
- "io/ioutil"
- "net"
- "time"
-
- "github.com/nadoo/glider/common/conn"
- "github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/proxy"
-)
-
-func init() {
- proxy.RegisterServer("uottun", CreateServer)
-}
-
-// Server struct
-type Server struct {
- *UoTTun
- *proxy.Forwarder
-}
-
-// NewServer returns a local proxy server
-func NewServer(s string, f *proxy.Forwarder) (*Server, error) {
- h, err := NewUoTTun(s)
- if err != nil {
- return nil, err
- }
- server := &Server{UoTTun: h, Forwarder: f}
- return server, nil
-}
-
-// CreateServer returns a local proxy server
-func CreateServer(s string, f *proxy.Forwarder) (proxy.Server, error) {
- return NewServer(s, f)
-}
-
-// ListenAndServe serves requests from clients
-func (s *Server) ListenAndServe() {
- c, err := net.ListenPacket("udp", s.addr)
- if err != nil {
- log.F("[uottun] failed to listen on %s: %v", s.addr, err)
- return
- }
- defer c.Close()
-
- log.F("[uottun] listening UDP on %s", s.addr)
-
- buf := make([]byte, conn.UDPBufSize)
-
- for {
- n, clientAddr, err := c.ReadFrom(buf)
- if err != nil {
- log.F("[uottun] read error: %v", err)
- continue
- }
-
- rc, err := s.Dial("uot", s.raddr)
- if err != nil {
- log.F("[uottun] failed to connect to server %v: %v", s.raddr, err)
- continue
- }
-
- go func() {
- // no remote forwarder, just a local udp forwarder
- if urc, ok := rc.(*net.UDPConn); ok {
- conn.TimedCopy(c, clientAddr, urc, 2*time.Minute)
- urc.Close()
- return
- }
-
- // remote forwarder, udp over tcp
- resp, err := ioutil.ReadAll(rc)
- if err != nil {
- log.F("error in ioutil.ReadAll: %s\n", err)
- return
- }
- rc.Close()
- c.WriteTo(resp, clientAddr)
- }()
-
- _, err = rc.Write(buf[:n])
- if err != nil {
- log.F("[uottun] remote write error: %v", err)
- continue
- }
-
- log.F("[uottun] %s <-> %s", clientAddr, s.raddr)
- }
-}
diff --git a/proxy/uottun/uottun.go b/proxy/uottun/uottun.go
index 83142ba..f43418c 100644
--- a/proxy/uottun/uottun.go
+++ b/proxy/uottun/uottun.go
@@ -1,20 +1,31 @@
package uottun
import (
+ "io/ioutil"
+ "net"
"net/url"
"strings"
+ "time"
+ "github.com/nadoo/glider/common/conn"
"github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
)
// UoTTun udp over tcp tunnel
type UoTTun struct {
- addr string
+ dialer proxy.Dialer
+ addr string
+
raddr string
}
+func init() {
+ proxy.RegisterServer("uottun", NewUoTTunServer)
+}
+
// NewUoTTun returns a UoTTun proxy.
-func NewUoTTun(s string) (*UoTTun, error) {
+func NewUoTTun(s string, dialer proxy.Dialer) (*UoTTun, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -25,9 +36,69 @@ func NewUoTTun(s string) (*UoTTun, error) {
d := strings.Split(addr, "=")
p := &UoTTun{
- addr: d[0],
- raddr: d[1],
+ dialer: dialer,
+ addr: d[0],
+ raddr: d[1],
}
return p, nil
}
+
+// NewUoTTunServer returns a uot tunnel server.
+func NewUoTTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewUoTTun(s, dialer)
+}
+
+// ListenAndServe .
+func (s *UoTTun) ListenAndServe() {
+ c, err := net.ListenPacket("udp", s.addr)
+ if err != nil {
+ log.F("[uottun] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer c.Close()
+
+ log.F("[uottun] listening UDP on %s", s.addr)
+
+ buf := make([]byte, conn.UDPBufSize)
+
+ for {
+ n, clientAddr, err := c.ReadFrom(buf)
+ if err != nil {
+ log.F("[uottun] read error: %v", err)
+ continue
+ }
+
+ rc, err := s.dialer.Dial("uot", s.raddr)
+ if err != nil {
+ log.F("[uottun] failed to connect to server %v: %v", s.raddr, err)
+ continue
+ }
+
+ go func() {
+ // no remote forwarder, just a local udp forwarder
+ if urc, ok := rc.(*net.UDPConn); ok {
+ conn.TimedCopy(c, clientAddr, urc, 2*time.Minute)
+ urc.Close()
+ return
+ }
+
+ // remote forwarder, udp over tcp
+ resp, err := ioutil.ReadAll(rc)
+ if err != nil {
+ log.F("error in ioutil.ReadAll: %s\n", err)
+ return
+ }
+ rc.Close()
+ c.WriteTo(resp, clientAddr)
+ }()
+
+ _, err = rc.Write(buf[:n])
+ if err != nil {
+ log.F("[uottun] remote write error: %v", err)
+ continue
+ }
+
+ log.F("[uottun] %s <-> %s", clientAddr, s.raddr)
+ }
+}
diff --git a/proxy/vmess/dialer.go b/proxy/vmess/dialer.go
deleted file mode 100644
index 5f875c9..0000000
--- a/proxy/vmess/dialer.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package vmess
-
-import (
- "errors"
- "net"
-
- "github.com/nadoo/glider/proxy"
-)
-
-func init() {
- proxy.RegisterDialer("vmess", CreateDialer)
-}
-
-// Dialer struct
-type Dialer struct {
- *VMess
- dialer proxy.Dialer
-}
-
-// NewDialer returns a proxy dialer
-func NewDialer(s string, dialer proxy.Dialer) (*Dialer, error) {
- h, err := NewVMess(s)
- if err != nil {
- return nil, err
- }
-
- d := &Dialer{VMess: h, dialer: dialer}
- return d, nil
-}
-
-// CreateDialer returns a proxy dialer
-func CreateDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewDialer(s, dialer)
-}
-
-// Addr returns dialer's address
-func (s *Dialer) Addr() string {
- if s.addr == "" {
- return s.dialer.Addr()
- }
- return s.addr
-}
-
-// NextDialer returns the next dialer
-func (s *Dialer) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-
-// Dial establishes a connection to the addr
-func (s *Dialer) Dial(network, addr string) (net.Conn, error) {
- rc, err := s.dialer.Dial("tcp", s.addr)
- if err != nil {
- return nil, err
- }
-
- return s.client.NewConn(rc, addr)
-}
-
-// DialUDP returns a PacketConn to the addr
-func (s *Dialer) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- return nil, nil, errors.New("vmess client does not support udp now")
-}
diff --git a/proxy/vmess/vmess.go b/proxy/vmess/vmess.go
index ccc1068..6e46481 100644
--- a/proxy/vmess/vmess.go
+++ b/proxy/vmess/vmess.go
@@ -1,15 +1,19 @@
package vmess
import (
+ "errors"
+ "net"
"net/url"
"strconv"
"github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
)
// VMess .
type VMess struct {
- addr string
+ dialer proxy.Dialer
+ addr string
uuid string
alterID int
@@ -18,8 +22,12 @@ type VMess struct {
client *Client
}
+func init() {
+ proxy.RegisterDialer("vmess", NewVMessDialer)
+}
+
// NewVMess returns a vmess proxy.
-func NewVMess(s string) (*VMess, error) {
+func NewVMess(s string, dialer proxy.Dialer) (*VMess, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse url err: %s", err)
@@ -54,6 +62,7 @@ func NewVMess(s string) (*VMess, error) {
}
p := &VMess{
+ dialer: dialer,
addr: addr,
uuid: uuid,
alterID: int(alterID),
@@ -63,3 +72,34 @@ func NewVMess(s string) (*VMess, error) {
return p, nil
}
+
+// NewVMessDialer returns a vmess proxy dialer.
+func NewVMessDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewVMess(s, dialer)
+}
+
+// Addr returns forwarder's address
+func (s *VMess) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
+
+// NextDialer returns the next dialer
+func (s *VMess) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial connects to the address addr on the network net via the proxy.
+func (s *VMess) Dial(network, addr string) (net.Conn, error) {
+ rc, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ return nil, err
+ }
+
+ return s.client.NewConn(rc, addr)
+}
+
+// DialUDP connects to the given address via the proxy.
+func (s *VMess) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ return nil, nil, errors.New("vmess client does not support udp now")
+}
diff --git a/proxy/ws/dialer.go b/proxy/ws/dialer.go
deleted file mode 100644
index ec39b8f..0000000
--- a/proxy/ws/dialer.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package ws
-
-import (
- "errors"
- "net"
-
- "github.com/nadoo/glider/proxy"
-)
-
-func init() {
- proxy.RegisterDialer("ws", CreateDialer)
-}
-
-// Dialer struct
-type Dialer struct {
- *WS
- dialer proxy.Dialer
-}
-
-// NewDialer returns a proxy dialer
-func NewDialer(s string, dialer proxy.Dialer) (*Dialer, error) {
- h, err := NewWS(s, dialer)
- if err != nil {
- return nil, err
- }
-
- d := &Dialer{WS: h, dialer: dialer}
- return d, nil
-}
-
-// CreateDialer returns a proxy dialer
-func CreateDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewDialer(s, dialer)
-}
-
-// Addr returns dialer's address
-func (s *Dialer) Addr() string {
- if s.addr == "" {
- return s.dialer.Addr()
- }
- return s.addr
-}
-
-// NextDialer returns the next dialer
-func (s *Dialer) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-
-// Dial establishes a connection to the addr
-func (s *Dialer) Dial(network, addr string) (net.Conn, error) {
- rc, err := s.dialer.Dial("tcp", s.addr)
- if err != nil {
- return nil, err
- }
-
- return s.client.NewConn(rc, addr)
-}
-
-// DialUDP returns a PacketConn to the addr
-func (s *Dialer) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- return nil, nil, errors.New("ws client does not support udp now")
-}
diff --git a/proxy/ws/ws.go b/proxy/ws/ws.go
index f07cd5d..3f6bf48 100644
--- a/proxy/ws/ws.go
+++ b/proxy/ws/ws.go
@@ -1,6 +1,8 @@
package ws
import (
+ "errors"
+ "net"
"net/url"
"strings"
@@ -10,10 +12,16 @@ import (
// WS .
type WS struct {
+ dialer proxy.Dialer
addr string
+
client *Client
}
+func init() {
+ proxy.RegisterDialer("ws", NewWSDialer)
+}
+
// NewWS returns a websocket proxy.
func NewWS(s string, dialer proxy.Dialer) (*WS, error) {
u, err := url.Parse(s)
@@ -42,9 +50,41 @@ func NewWS(s string, dialer proxy.Dialer) (*WS, error) {
}
p := &WS{
+ dialer: dialer,
addr: addr,
client: client,
}
return p, nil
}
+
+// NewWSDialer returns a ws proxy dialer.
+func NewWSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewWS(s, dialer)
+}
+
+// Addr returns forwarder's address
+func (s *WS) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
+
+// NextDialer returns the next dialer
+func (s *WS) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial connects to the address addr on the network net via the proxy.
+func (s *WS) Dial(network, addr string) (net.Conn, error) {
+ rc, err := s.dialer.Dial("tcp", s.addr)
+ if err != nil {
+ return nil, err
+ }
+
+ return s.client.NewConn(rc, addr)
+}
+
+// DialUDP connects to the given address via the proxy.
+func (s *WS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ return nil, nil, errors.New("ws client does not support udp now")
+}
From e1c318990b5005328e0e198bc57d2bfe54f356cd Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 12 Aug 2018 18:50:44 +0800
Subject: [PATCH 246/341] strategy: support priority now (need to check)
---
main.go | 2 +-
proxy/forwarder.go | 9 ++++---
strategy/strategy.go | 63 ++++++++++++++++++++++++++------------------
3 files changed, 44 insertions(+), 30 deletions(-)
diff --git a/main.go b/main.go
index 09d6f72..8a10f46 100644
--- a/main.go
+++ b/main.go
@@ -72,7 +72,7 @@ func main() {
// Proxy Servers
for _, listen := range conf.Listen {
- local, err := proxy.ServerFromURL(listen, proxy.NewForwarder(dialer))
+ local, err := proxy.ServerFromURL(listen, dialer)
if err != nil {
log.Fatal(err)
}
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
index d88aa5a..a64a2c8 100644
--- a/proxy/forwarder.go
+++ b/proxy/forwarder.go
@@ -6,6 +6,8 @@ import (
"strconv"
"strings"
"sync/atomic"
+
+ "github.com/nadoo/glider/common/log"
)
// Forwarder is a forwarder
@@ -70,7 +72,7 @@ func (f *Forwarder) Dial(network, addr string) (c net.Conn, err error) {
// TODO: proxy timeout, target timeout?
if err != nil {
atomic.AddUint32(&f.failures, 1)
- // log.F("forward dial failed, %d", f.failures)
+ log.F("forward dial failed, %d, addr: %s", f.failures, f.addr)
}
return c, err
@@ -83,13 +85,12 @@ func (f *Forwarder) Failures() uint32 {
// Enable .
func (f *Forwarder) Enable() {
- atomic.StoreUint32(&f.failures, 0)
- atomic.StoreUint32(&f.failures, 0)
+ atomic.StoreUint32(&f.disabled, 0)
}
// Disable .
func (f *Forwarder) Disable() {
- atomic.StoreUint32(&f.failures, 1)
+ atomic.StoreUint32(&f.disabled, 1)
}
// Enabled .
diff --git a/strategy/strategy.go b/strategy/strategy.go
index 34608d7..12321fd 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -4,8 +4,8 @@ import (
"bytes"
"io"
"net"
+ "sort"
"strings"
- "sync"
"time"
"github.com/nadoo/glider/common/log"
@@ -55,12 +55,17 @@ func NewDialer(s []string, c *Config) proxy.Dialer {
return dialer
}
-// rrDialer is the base struct of strategy dialer
-type rrDialer struct {
- fwdrs []*proxy.Forwarder
- idx int
+type forwarderSlice []*proxy.Forwarder
- status sync.Map
+func (p forwarderSlice) Len() int { return len(p) }
+func (p forwarderSlice) Less(i, j int) bool { return p[i].Priority > p[j].Priority }
+func (p forwarderSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
+
+// rrDialer is a rr dialer
+type rrDialer struct {
+ fwdrs forwarderSlice
+ idx int
+ priority int
// for checking
website string
@@ -68,14 +73,16 @@ type rrDialer struct {
}
// newRRDialer returns a new rrDialer
-func newRRDialer(fwdrs []*proxy.Forwarder, website string, interval int) *rrDialer {
- rr := &rrDialer{fwdrs: fwdrs}
-
+func newRRDialer(fs []*proxy.Forwarder, website string, interval int) *rrDialer {
+ rr := &rrDialer{fwdrs: fs}
rr.website = website
rr.interval = interval
- for k := range fwdrs {
- rr.status.Store(k, true)
+ sort.Sort(rr.fwdrs)
+ rr.priority = rr.fwdrs[0].Priority
+
+ for k := range rr.fwdrs {
+ log.F("k: %d, %s, priority: %d", k, rr.fwdrs[k].Addr(), rr.fwdrs[k].Priority)
go rr.checkDialer(k)
}
@@ -97,12 +104,24 @@ func (rr *rrDialer) nextDialer(dstAddr string) *proxy.Forwarder {
rr.idx = 0
}
+ for _, fwder := range rr.fwdrs {
+ if fwder.Enabled() {
+ rr.priority = fwder.Priority
+ break
+ }
+ }
+
+ if rr.fwdrs[rr.idx].Priority < rr.priority {
+ rr.idx = 0
+ }
+
found := false
for i := 0; i < n; i++ {
rr.idx = (rr.idx + 1) % n
- result, ok := rr.status.Load(rr.idx)
- if ok && result.(bool) {
+ if rr.fwdrs[rr.idx].Enabled() &&
+ rr.fwdrs[rr.idx].Priority >= rr.priority {
found = true
+ rr.priority = rr.fwdrs[rr.idx].Priority
break
}
}
@@ -140,7 +159,7 @@ func (rr *rrDialer) checkDialer(idx int) {
startTime := time.Now()
c, err := d.Dial("tcp", rr.website)
if err != nil {
- rr.status.Store(idx, false)
+ rr.fwdrs[idx].Disable()
log.F("[check] %s -> %s, set to DISABLED. error in dial: %s", d.Addr(), rr.website, err)
continue
}
@@ -149,15 +168,15 @@ func (rr *rrDialer) checkDialer(idx int) {
_, err = io.ReadFull(c, buf)
if err != nil {
- rr.status.Store(idx, false)
+ rr.fwdrs[idx].Disable()
log.F("[check] %s -> %s, set to DISABLED. error in read: %s", d.Addr(), rr.website, err)
} else if bytes.Equal([]byte("HTTP"), buf) {
- rr.status.Store(idx, true)
+ rr.fwdrs[idx].Enable()
retry = 2
dialTime := time.Since(startTime)
log.F("[check] %s -> %s, set to ENABLED. connect time: %s", d.Addr(), rr.website, dialTime.String())
} else {
- rr.status.Store(idx, false)
+ rr.fwdrs[idx].Disable()
log.F("[check] %s -> %s, set to DISABLED. server response: %s", d.Addr(), rr.website, buf)
}
@@ -177,22 +196,16 @@ func newHADialer(dialers []*proxy.Forwarder, webhost string, duration int) proxy
func (ha *haDialer) Dial(network, addr string) (net.Conn, error) {
d := ha.fwdrs[ha.idx]
-
- result, ok := ha.status.Load(ha.idx)
- if ok && !result.(bool) {
+ if !d.Enabled() {
d = ha.nextDialer(addr)
}
-
return d.Dial(network, addr)
}
func (ha *haDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
d := ha.fwdrs[ha.idx]
-
- result, ok := ha.status.Load(ha.idx)
- if ok && !result.(bool) {
+ if !d.Enabled() {
d = ha.nextDialer(addr)
}
-
return d.DialUDP(network, addr)
}
From b5b7f2998b8941251d938cf7ba1791da96e6249d Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 12 Aug 2018 21:40:22 +0800
Subject: [PATCH 247/341] forwarder: set status to disabled when dialing fails
MaxFailures times
---
conf.go | 3 +++
proxy/forwarder.go | 21 +++++++++++----------
strategy/strategy.go | 3 ++-
3 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/conf.go b/conf.go
index 7cb8ce6..342b1e7 100644
--- a/conf.go
+++ b/conf.go
@@ -45,7 +45,9 @@ func confInit() {
flag.StringSliceUniqVar(&conf.Forward, "forward", nil, "forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]")
flag.StringVar(&conf.StrategyConfig.Strategy, "strategy", "rr", "forward strategy, default: rr")
flag.StringVar(&conf.StrategyConfig.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
+ // TODO: change to checkinterval
flag.IntVar(&conf.StrategyConfig.CheckInterval, "checkduration", 30, "proxy check interval(seconds)")
+ flag.IntVar(&conf.StrategyConfig.MaxFailures, "maxfailures", 3, "max failures to change status to disabled")
flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
flag.StringVar(&conf.RulesDir, "rules-dir", "", "rule file folder")
@@ -143,6 +145,7 @@ func NewRuleConfFromFile(ruleFile string) (*RuleConf, error) {
f.StringSliceUniqVar(&p.Forward, "forward", nil, "forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]")
f.StringVar(&p.StrategyConfig.Strategy, "strategy", "rr", "forward strategy, default: rr")
f.StringVar(&p.StrategyConfig.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
+ // TODO: change to checkinterval
f.IntVar(&p.StrategyConfig.CheckInterval, "checkduration", 30, "proxy check interval(seconds)")
f.StringSliceUniqVar(&p.DNSServers, "dnsserver", nil, "remote dns server")
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
index a64a2c8..e974627 100644
--- a/proxy/forwarder.go
+++ b/proxy/forwarder.go
@@ -6,18 +6,17 @@ import (
"strconv"
"strings"
"sync/atomic"
-
- "github.com/nadoo/glider/common/log"
)
// Forwarder is a forwarder
type Forwarder struct {
Dialer
- Priority int
- addr string
- disabled uint32
- failures uint32
- latency int
+ Priority int
+ addr string
+ disabled uint32
+ failures uint32
+ MaxFailures uint32 //maxfailures to set to Disabled
+ latency int
}
// ForwarderFromURL returns a new forwarder
@@ -68,11 +67,12 @@ func (f *Forwarder) Addr() string {
// Dial .
func (f *Forwarder) Dial(network, addr string) (c net.Conn, err error) {
c, err = f.Dialer.Dial(network, addr)
-
- // TODO: proxy timeout, target timeout?
if err != nil {
atomic.AddUint32(&f.failures, 1)
- log.F("forward dial failed, %d, addr: %s", f.failures, f.addr)
+ }
+
+ if f.Failures() >= f.MaxFailures {
+ f.Disable()
}
return c, err
@@ -86,6 +86,7 @@ func (f *Forwarder) Failures() uint32 {
// Enable .
func (f *Forwarder) Enable() {
atomic.StoreUint32(&f.disabled, 0)
+ atomic.StoreUint32(&f.failures, 0)
}
// Disable .
diff --git a/strategy/strategy.go b/strategy/strategy.go
index 12321fd..509c267 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -17,6 +17,7 @@ type Config struct {
Strategy string
CheckWebSite string
CheckInterval int
+ MaxFailures int
}
// NewDialer returns a new strategy dialer
@@ -28,6 +29,7 @@ func NewDialer(s []string, c *Config) proxy.Dialer {
if err != nil {
log.Fatal(err)
}
+ fwdr.MaxFailures = uint32(c.MaxFailures)
fwdrs = append(fwdrs, fwdr)
}
@@ -82,7 +84,6 @@ func newRRDialer(fs []*proxy.Forwarder, website string, interval int) *rrDialer
rr.priority = rr.fwdrs[0].Priority
for k := range rr.fwdrs {
- log.F("k: %d, %s, priority: %d", k, rr.fwdrs[k].Addr(), rr.fwdrs[k].Priority)
go rr.checkDialer(k)
}
From e0c07146dc6f0dcf95dd18ee8df423cfa5bc9e3d Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 12 Aug 2018 22:00:12 +0800
Subject: [PATCH 248/341] strategy: do not check forwarders whose priority less
than current value
---
proxy/forwarder.go | 10 +++++-----
strategy/strategy.go | 19 +++++++++++++------
2 files changed, 18 insertions(+), 11 deletions(-)
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
index e974627..8a2e8bc 100644
--- a/proxy/forwarder.go
+++ b/proxy/forwarder.go
@@ -19,7 +19,7 @@ type Forwarder struct {
latency int
}
-// ForwarderFromURL returns a new forwarder
+// ForwarderFromURL parses `forward=` command line and returns a new forwarder
func ForwarderFromURL(s string) (f *Forwarder, err error) {
ss := strings.Split(s, "#")
var d Dialer
@@ -38,7 +38,7 @@ func ForwarderFromURL(s string) (f *Forwarder, err error) {
return f, err
}
-// NewForwarder .
+// NewForwarder returns a new forwarder
func NewForwarder(dialer Dialer) *Forwarder {
return &Forwarder{Dialer: dialer, addr: dialer.Addr()}
}
@@ -83,18 +83,18 @@ func (f *Forwarder) Failures() uint32 {
return atomic.LoadUint32(&f.failures)
}
-// Enable .
+// Enable the forwarder
func (f *Forwarder) Enable() {
atomic.StoreUint32(&f.disabled, 0)
atomic.StoreUint32(&f.failures, 0)
}
-// Disable .
+// Disable the forwarder
func (f *Forwarder) Disable() {
atomic.StoreUint32(&f.disabled, 1)
}
-// Enabled .
+// Enabled returns the status of forwarder
func (f *Forwarder) Enabled() bool {
return !isTrue(atomic.LoadUint32(&f.disabled))
}
diff --git a/strategy/strategy.go b/strategy/strategy.go
index 509c267..8c65c03 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -77,7 +77,12 @@ type rrDialer struct {
// newRRDialer returns a new rrDialer
func newRRDialer(fs []*proxy.Forwarder, website string, interval int) *rrDialer {
rr := &rrDialer{fwdrs: fs}
+
rr.website = website
+ if strings.IndexByte(rr.website, ':') == -1 {
+ rr.website += ":80"
+ }
+
rr.interval = interval
sort.Sort(rr.fwdrs)
@@ -143,16 +148,18 @@ func (rr *rrDialer) checkDialer(idx int) {
retry := 1
buf := make([]byte, 4)
- if strings.IndexByte(rr.website, ':') == -1 {
- rr.website = rr.website + ":80"
- }
-
d := rr.fwdrs[idx]
for {
- time.Sleep(time.Duration(rr.interval) * time.Second * time.Duration(retry>>1))
- retry <<= 1
+ time.Sleep(time.Duration(rr.interval) * time.Second * time.Duration(retry>>1))
+
+ // check forwarders whose priority not less than current priority only
+ if d.Priority < rr.priority {
+ continue
+ }
+
+ retry <<= 1
if retry > 16 {
retry = 16
}
From 3a8af82f87c702bce5d3236d173a4c7fd8383605 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 12 Aug 2018 22:07:19 +0800
Subject: [PATCH 249/341] conf: use dns.Config instead of multiple variables
---
conf.go | 19 ++++++++-----------
dns/client.go | 4 ++--
main.go | 11 ++---------
strategy/strategy.go | 1 -
4 files changed, 12 insertions(+), 23 deletions(-)
diff --git a/conf.go b/conf.go
index 342b1e7..aeca9d1 100644
--- a/conf.go
+++ b/conf.go
@@ -10,6 +10,7 @@ import (
"github.com/nadoo/conflag"
+ "github.com/nadoo/glider/dns"
"github.com/nadoo/glider/strategy"
)
@@ -26,12 +27,8 @@ var conf struct {
RuleFile []string
RulesDir string
- DNS string
- DNSServers []string
- DNSTimeout int
- DNSMaxTTL int
- DNSMinTTL int
- DNSRecords []string
+ DNS string
+ DNSConfig dns.Config
IPSet string
@@ -53,11 +50,11 @@ func confInit() {
flag.StringVar(&conf.RulesDir, "rules-dir", "", "rule file folder")
flag.StringVar(&conf.DNS, "dns", "", "dns forwarder server listen address")
- flag.StringSliceUniqVar(&conf.DNSServers, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
- flag.IntVar(&conf.DNSTimeout, "dnstimeout", 3, "timeout value used in multiple dnsservers switch(seconds)")
- flag.IntVar(&conf.DNSMaxTTL, "dnsmaxttl", 1800, "maximum TTL value for entries in the CACHE(seconds)")
- flag.IntVar(&conf.DNSMinTTL, "dnsminttl", 0, "minimum TTL value for entries in the CACHE(seconds)")
- flag.StringSliceUniqVar(&conf.DNSRecords, "dnsrecord", nil, "custom dns record, format: domain/ip")
+ flag.StringSliceUniqVar(&conf.DNSConfig.Servers, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
+ flag.IntVar(&conf.DNSConfig.Timeout, "dnstimeout", 3, "timeout value used in multiple dnsservers switch(seconds)")
+ flag.IntVar(&conf.DNSConfig.MaxTTL, "dnsmaxttl", 1800, "maximum TTL value for entries in the CACHE(seconds)")
+ flag.IntVar(&conf.DNSConfig.MinTTL, "dnsminttl", 0, "minimum TTL value for entries in the CACHE(seconds)")
+ flag.StringSliceUniqVar(&conf.DNSConfig.Records, "dnsrecord", nil, "custom dns record, format: domain/ip")
flag.StringVar(&conf.IPSet, "ipset", "", "ipset name")
diff --git a/dns/client.go b/dns/client.go
index f5ef83d..5b2694a 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -206,8 +206,8 @@ func (c *Client) exchangeUDP(rc net.Conn, reqBytes []byte) ([]byte, error) {
return reqBytes[:2+n], nil
}
-// SetServer sets a upstream dns server for the given domain
-func (c *Client) SetServer(domain string, servers ...string) {
+// SetServers sets upstream dns servers for the given domain
+func (c *Client) SetServers(domain string, servers ...string) {
c.upServerMap[domain] = append(c.upServerMap[domain], servers...)
}
diff --git a/main.go b/main.go
index 8a10f46..c625b23 100644
--- a/main.go
+++ b/main.go
@@ -40,14 +40,7 @@ func main() {
// DNS Server
if conf.DNS != "" {
- dnscfg := &dns.Config{
- Servers: conf.DNSServers,
- Timeout: conf.DNSTimeout,
- MaxTTL: conf.DNSMaxTTL,
- MinTTL: conf.DNSMinTTL,
- Records: conf.DNSRecords}
-
- d, err := dns.NewServer(conf.DNS, dialer, dnscfg)
+ d, err := dns.NewServer(conf.DNS, dialer, &conf.DNSConfig)
if err != nil {
log.Fatal(err)
}
@@ -56,7 +49,7 @@ func main() {
for _, r := range conf.rules {
for _, domain := range r.Domain {
if len(r.DNSServers) > 0 {
- d.SetServer(domain, r.DNSServers...)
+ d.SetServers(domain, r.DNSServers...)
}
}
}
diff --git a/strategy/strategy.go b/strategy/strategy.go
index 8c65c03..1f624d8 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -151,7 +151,6 @@ func (rr *rrDialer) checkDialer(idx int) {
d := rr.fwdrs[idx]
for {
-
time.Sleep(time.Duration(rr.interval) * time.Second * time.Duration(retry>>1))
// check forwarders whose priority not less than current priority only
From 978029bd2b5ed68d0b6b5c7acd08a2c1ccfa4e1d Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 12 Aug 2018 22:24:49 +0800
Subject: [PATCH 250/341] rule: move to separate package
---
conf.go | 72 +++------------------------------------
ipset_linux.go | 4 ++-
ipset_other.go | 8 +++--
main.go | 3 +-
rule/config.go | 74 +++++++++++++++++++++++++++++++++++++++++
rule.go => rule/rule.go | 22 ++++++------
6 files changed, 101 insertions(+), 82 deletions(-)
create mode 100644 rule/config.go
rename rule.go => rule/rule.go (79%)
diff --git a/conf.go b/conf.go
index aeca9d1..b5ca0df 100644
--- a/conf.go
+++ b/conf.go
@@ -2,15 +2,14 @@ package main
import (
"fmt"
- "io/ioutil"
"log"
"os"
"path"
- "strings"
"github.com/nadoo/conflag"
"github.com/nadoo/glider/dns"
+ "github.com/nadoo/glider/rule"
"github.com/nadoo/glider/strategy"
)
@@ -32,7 +31,7 @@ var conf struct {
IPSet string
- rules []*RuleConf
+ rules []*rule.Config
}
func confInit() {
@@ -74,7 +73,7 @@ func confInit() {
// rulefiles
for _, ruleFile := range conf.RuleFile {
- rule, err := NewRuleConfFromFile(ruleFile)
+ rule, err := rule.NewConfFromFile(ruleFile)
if err != nil {
log.Fatal(err)
}
@@ -86,10 +85,10 @@ func confInit() {
if !path.IsAbs(conf.RulesDir) {
conf.RulesDir = path.Join(flag.ConfDir(), conf.RulesDir)
}
- ruleFolderFiles, _ := listDir(conf.RulesDir, ".rule")
+ ruleFolderFiles, _ := rule.ListDir(conf.RulesDir, ".rule")
for _, ruleFile := range ruleFolderFiles {
- rule, err := NewRuleConfFromFile(ruleFile)
+ rule, err := rule.NewConfFromFile(ruleFile)
if err != nil {
log.Fatal(err)
}
@@ -100,67 +99,6 @@ func confInit() {
}
-func listDir(dirPth string, suffix string) (files []string, err error) {
- files = make([]string, 0, 10)
- dir, err := ioutil.ReadDir(dirPth)
- if err != nil {
- return nil, err
- }
- PthSep := string(os.PathSeparator)
- suffix = strings.ToUpper(suffix)
- for _, fi := range dir {
- if fi.IsDir() {
- continue
- }
- if strings.HasSuffix(strings.ToUpper(fi.Name()), suffix) {
- files = append(files, dirPth+PthSep+fi.Name())
- }
- }
- return files, nil
-}
-
-// RuleConf , every ruleForwarder points to a rule file
-type RuleConf struct {
- name string
-
- Forward []string
- StrategyConfig strategy.Config
-
- DNSServers []string
- IPSet string
-
- Domain []string
- IP []string
- CIDR []string
-}
-
-// NewRuleConfFromFile .
-func NewRuleConfFromFile(ruleFile string) (*RuleConf, error) {
- p := &RuleConf{name: ruleFile}
-
- f := conflag.NewFromFile("rule", ruleFile)
- f.StringSliceUniqVar(&p.Forward, "forward", nil, "forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]")
- f.StringVar(&p.StrategyConfig.Strategy, "strategy", "rr", "forward strategy, default: rr")
- f.StringVar(&p.StrategyConfig.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
- // TODO: change to checkinterval
- f.IntVar(&p.StrategyConfig.CheckInterval, "checkduration", 30, "proxy check interval(seconds)")
-
- f.StringSliceUniqVar(&p.DNSServers, "dnsserver", nil, "remote dns server")
- f.StringVar(&p.IPSet, "ipset", "", "ipset name")
-
- f.StringSliceUniqVar(&p.Domain, "domain", nil, "domain")
- f.StringSliceUniqVar(&p.IP, "ip", nil, "ip")
- f.StringSliceUniqVar(&p.CIDR, "cidr", nil, "cidr")
-
- err := f.Parse()
- if err != nil {
- fmt.Fprintf(os.Stderr, "ERROR: %s\n", err)
- return nil, err
- }
-
- return p, err
-}
-
func usage() {
app := os.Args[0]
fmt.Fprintf(os.Stderr, "\n")
diff --git a/ipset_linux.go b/ipset_linux.go
index 0727688..4d5496f 100644
--- a/ipset_linux.go
+++ b/ipset_linux.go
@@ -14,6 +14,8 @@ import (
"syscall"
"unsafe"
+ "github.com/nadoo/glider/rule"
+
"github.com/nadoo/glider/common/log"
)
@@ -77,7 +79,7 @@ type IPSetManager struct {
}
// NewIPSetManager returns a IPSetManager
-func NewIPSetManager(mainSet string, rules []*RuleConf) (*IPSetManager, error) {
+func NewIPSetManager(mainSet string, rules []*rule.Config) (*IPSetManager, error) {
fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_NETFILTER)
if err != nil {
log.F("%s", err)
diff --git a/ipset_other.go b/ipset_other.go
index 5d99bfe..6b58d6d 100644
--- a/ipset_other.go
+++ b/ipset_other.go
@@ -2,13 +2,17 @@
package main
-import "errors"
+import (
+ "errors"
+
+ "github.com/nadoo/glider/rule"
+)
// IPSetManager struct
type IPSetManager struct{}
// NewIPSetManager returns a IPSetManager
-func NewIPSetManager(mainSet string, rules []*RuleConf) (*IPSetManager, error) {
+func NewIPSetManager(mainSet string, rules []*rule.Config) (*IPSetManager, error) {
return nil, errors.New("ipset not supported on this os")
}
diff --git a/main.go b/main.go
index c625b23..7742701 100644
--- a/main.go
+++ b/main.go
@@ -9,6 +9,7 @@ import (
"github.com/nadoo/glider/common/log"
"github.com/nadoo/glider/dns"
"github.com/nadoo/glider/proxy"
+ "github.com/nadoo/glider/rule"
"github.com/nadoo/glider/strategy"
_ "github.com/nadoo/glider/proxy/http"
@@ -35,7 +36,7 @@ func main() {
}
}
- dialer := NewRuleDialer(conf.rules, strategy.NewDialer(conf.Forward, &conf.StrategyConfig))
+ dialer := rule.NewDialer(conf.rules, strategy.NewDialer(conf.Forward, &conf.StrategyConfig))
ipsetM, _ := NewIPSetManager(conf.IPSet, conf.rules)
// DNS Server
diff --git a/rule/config.go b/rule/config.go
new file mode 100644
index 0000000..884f1fe
--- /dev/null
+++ b/rule/config.go
@@ -0,0 +1,74 @@
+package rule
+
+import (
+ "fmt"
+ "io/ioutil"
+ "os"
+ "strings"
+
+ "github.com/nadoo/conflag"
+
+ "github.com/nadoo/glider/strategy"
+)
+
+// Config , every rule dialer points to a rule file
+type Config struct {
+ name string
+
+ Forward []string
+ StrategyConfig strategy.Config
+
+ DNSServers []string
+ IPSet string
+
+ Domain []string
+ IP []string
+ CIDR []string
+}
+
+// NewConfFromFile .
+func NewConfFromFile(ruleFile string) (*Config, error) {
+ p := &Config{name: ruleFile}
+
+ f := conflag.NewFromFile("rule", ruleFile)
+ f.StringSliceUniqVar(&p.Forward, "forward", nil, "forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]")
+ f.StringVar(&p.StrategyConfig.Strategy, "strategy", "rr", "forward strategy, default: rr")
+ f.StringVar(&p.StrategyConfig.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
+ // TODO: change to checkinterval
+ f.IntVar(&p.StrategyConfig.CheckInterval, "checkduration", 30, "proxy check interval(seconds)")
+
+ f.StringSliceUniqVar(&p.DNSServers, "dnsserver", nil, "remote dns server")
+ f.StringVar(&p.IPSet, "ipset", "", "ipset name")
+
+ f.StringSliceUniqVar(&p.Domain, "domain", nil, "domain")
+ f.StringSliceUniqVar(&p.IP, "ip", nil, "ip")
+ f.StringSliceUniqVar(&p.CIDR, "cidr", nil, "cidr")
+
+ err := f.Parse()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "ERROR: %s\n", err)
+ return nil, err
+ }
+
+ return p, err
+}
+
+// ListDir returns file list named with suffix in dirPth
+func ListDir(dirPth string, suffix string) (files []string, err error) {
+ files = make([]string, 0, 10)
+ dir, err := ioutil.ReadDir(dirPth)
+ if err != nil {
+ return nil, err
+ }
+ PthSep := string(os.PathSeparator)
+ suffix = strings.ToUpper(suffix)
+ for _, fi := range dir {
+ if fi.IsDir() {
+ continue
+ }
+ if strings.HasSuffix(strings.ToUpper(fi.Name()), suffix) {
+ files = append(files, dirPth+PthSep+fi.Name())
+ }
+ }
+ return files, nil
+}
diff --git a/rule.go b/rule/rule.go
similarity index 79%
rename from rule.go
rename to rule/rule.go
index a6b990e..747c666 100644
--- a/rule.go
+++ b/rule/rule.go
@@ -1,4 +1,4 @@
-package main
+package rule
import (
"net"
@@ -10,8 +10,8 @@ import (
"github.com/nadoo/glider/strategy"
)
-// RuleDialer struct
-type RuleDialer struct {
+// Dialer struct
+type Dialer struct {
gDialer proxy.Dialer
domainMap sync.Map
@@ -19,9 +19,9 @@ type RuleDialer struct {
cidrMap sync.Map
}
-// NewRuleDialer returns a new rule dialer
-func NewRuleDialer(rules []*RuleConf, gDialer proxy.Dialer) *RuleDialer {
- rd := &RuleDialer{gDialer: gDialer}
+// NewDialer returns a new rule dialer
+func NewDialer(rules []*Config, gDialer proxy.Dialer) *Dialer {
+ rd := &Dialer{gDialer: gDialer}
for _, r := range rules {
sDialer := strategy.NewDialer(r.Forward, &r.StrategyConfig)
@@ -45,10 +45,10 @@ func NewRuleDialer(rules []*RuleConf, gDialer proxy.Dialer) *RuleDialer {
}
// Addr returns RuleDialer's address, always be "RULES"
-func (rd *RuleDialer) Addr() string { return "RULE DIALER, DEFAULT: " + rd.gDialer.Addr() }
+func (rd *Dialer) Addr() string { return "RULE DIALER, DEFAULT: " + rd.gDialer.Addr() }
// NextDialer return next dialer according to rule
-func (rd *RuleDialer) NextDialer(dstAddr string) proxy.Dialer {
+func (rd *Dialer) NextDialer(dstAddr string) proxy.Dialer {
host, _, err := net.SplitHostPort(dstAddr)
if err != nil {
// TODO: check here
@@ -96,17 +96,17 @@ func (rd *RuleDialer) NextDialer(dstAddr string) proxy.Dialer {
}
// Dial dials to targer addr and return a conn
-func (rd *RuleDialer) Dial(network, addr string) (net.Conn, error) {
+func (rd *Dialer) Dial(network, addr string) (net.Conn, error) {
return rd.NextDialer(addr).Dial(network, addr)
}
// DialUDP connects to the given address via the proxy
-func (rd *RuleDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+func (rd *Dialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
return rd.NextDialer(addr).DialUDP(network, addr)
}
// AddDomainIP used to update ipMap rules according to domainMap rule
-func (rd *RuleDialer) AddDomainIP(domain, ip string) error {
+func (rd *Dialer) AddDomainIP(domain, ip string) error {
if ip != "" {
domainParts := strings.Split(domain, ".")
length := len(domainParts)
From f4eab4d1b210768549e4419c754b6dbf567328b6 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 13 Aug 2018 00:42:59 +0800
Subject: [PATCH 251/341] ipset: move to separate package
---
ipset_linux.go => ipset/ipset_linux.go | 2 +-
ipset_other.go => ipset/ipset_other.go | 2 +-
main.go | 3 ++-
proxy/forwarder.go | 11 +++++++----
4 files changed, 11 insertions(+), 7 deletions(-)
rename ipset_linux.go => ipset/ipset_linux.go (99%)
rename ipset_other.go => ipset/ipset_other.go (97%)
diff --git a/ipset_linux.go b/ipset/ipset_linux.go
similarity index 99%
rename from ipset_linux.go
rename to ipset/ipset_linux.go
index 4d5496f..5a75a9c 100644
--- a/ipset_linux.go
+++ b/ipset/ipset_linux.go
@@ -2,7 +2,7 @@
// @mdlayher https://github.com/mdlayher/netlink
// Ref: https://github.com/vishvananda/netlink/blob/master/nl/nl_linux.go
-package main
+package ipset
import (
"bytes"
diff --git a/ipset_other.go b/ipset/ipset_other.go
similarity index 97%
rename from ipset_other.go
rename to ipset/ipset_other.go
index 6b58d6d..00ec7d8 100644
--- a/ipset_other.go
+++ b/ipset/ipset_other.go
@@ -1,6 +1,6 @@
// +build !linux
-package main
+package ipset
import (
"errors"
diff --git a/main.go b/main.go
index 7742701..c42dfc2 100644
--- a/main.go
+++ b/main.go
@@ -8,6 +8,7 @@ import (
"github.com/nadoo/glider/common/log"
"github.com/nadoo/glider/dns"
+ "github.com/nadoo/glider/ipset"
"github.com/nadoo/glider/proxy"
"github.com/nadoo/glider/rule"
"github.com/nadoo/glider/strategy"
@@ -37,7 +38,7 @@ func main() {
}
dialer := rule.NewDialer(conf.rules, strategy.NewDialer(conf.Forward, &conf.StrategyConfig))
- ipsetM, _ := NewIPSetManager(conf.IPSet, conf.rules)
+ ipsetM, _ := ipset.NewIPSetManager(conf.IPSet, conf.rules)
// DNS Server
if conf.DNS != "" {
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
index 8a2e8bc..421acd9 100644
--- a/proxy/forwarder.go
+++ b/proxy/forwarder.go
@@ -6,6 +6,8 @@ import (
"strconv"
"strings"
"sync/atomic"
+
+ "github.com/nadoo/glider/common/log"
)
// Forwarder is a forwarder
@@ -69,10 +71,11 @@ func (f *Forwarder) Dial(network, addr string) (c net.Conn, err error) {
c, err = f.Dialer.Dial(network, addr)
if err != nil {
atomic.AddUint32(&f.failures, 1)
- }
-
- if f.Failures() >= f.MaxFailures {
- f.Disable()
+ log.F("[forwarder] %s, dials %s, error:%s", f.addr, addr, err)
+ if f.Failures() >= f.MaxFailures {
+ f.Disable()
+ log.F("[forwarder] %s reaches maxfailures, set to disabled", f.addr)
+ }
}
return c, err
From e82ea75cbadc6baeac081714451cdf8e775576af Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 14 Aug 2018 19:33:18 +0800
Subject: [PATCH 252/341] strategy: experimental latency based high
availability mode supported
---
conf.go | 2 +-
dns/server.go | 19 ++++--
ipset/ipset_linux.go | 12 ++--
ipset/ipset_other.go | 10 +--
main.go | 15 ++++-
proxy/forwarder.go | 15 ++++-
rule/rule.go | 15 +++++
strategy/strategy.go | 156 ++++++++++++++++++++++++++++++-------------
8 files changed, 173 insertions(+), 71 deletions(-)
diff --git a/conf.go b/conf.go
index b5ca0df..0f1ac4b 100644
--- a/conf.go
+++ b/conf.go
@@ -43,7 +43,7 @@ func confInit() {
flag.StringVar(&conf.StrategyConfig.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
// TODO: change to checkinterval
flag.IntVar(&conf.StrategyConfig.CheckInterval, "checkduration", 30, "proxy check interval(seconds)")
- flag.IntVar(&conf.StrategyConfig.MaxFailures, "maxfailures", 3, "max failures to change status to disabled")
+ flag.IntVar(&conf.StrategyConfig.MaxFailures, "maxfailures", 3, "max failures to change forwarder status to disabled")
flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
flag.StringVar(&conf.RulesDir, "rules-dir", "", "rule file folder")
diff --git a/dns/server.go b/dns/server.go
index 13243d7..0531e11 100644
--- a/dns/server.go
+++ b/dns/server.go
@@ -4,6 +4,7 @@ import (
"encoding/binary"
"io"
"net"
+ "sync"
"time"
"github.com/nadoo/glider/common/log"
@@ -31,15 +32,19 @@ func NewServer(addr string, dialer proxy.Dialer, config *Config) (*Server, error
return s, err
}
-// ListenAndServe .
-func (s *Server) ListenAndServe() {
- go s.ListenAndServeTCP()
- s.ListenAndServeUDP()
+// Start .
+func (s *Server) Start() {
+ var wg sync.WaitGroup
+ wg.Add(2)
+ go s.ListenAndServeTCP(&wg)
+ go s.ListenAndServeUDP(&wg)
+ wg.Wait()
}
// ListenAndServeUDP .
-func (s *Server) ListenAndServeUDP() {
+func (s *Server) ListenAndServeUDP(wg *sync.WaitGroup) {
c, err := net.ListenPacket("udp", s.addr)
+ wg.Done()
if err != nil {
log.F("[dns] failed to listen on %s, error: %v", s.addr, err)
return
@@ -82,12 +87,14 @@ func (s *Server) ListenAndServeUDP() {
}
// ListenAndServeTCP .
-func (s *Server) ListenAndServeTCP() {
+func (s *Server) ListenAndServeTCP(wg *sync.WaitGroup) {
l, err := net.Listen("tcp", s.addr)
+ wg.Done()
if err != nil {
log.F("[dns]-tcp error: %v", err)
return
}
+ defer l.Close()
log.F("[dns]-tcp listening TCP on %s", s.addr)
diff --git a/ipset/ipset_linux.go b/ipset/ipset_linux.go
index 5a75a9c..1b55268 100644
--- a/ipset/ipset_linux.go
+++ b/ipset/ipset_linux.go
@@ -69,8 +69,8 @@ const (
var nextSeqNr uint32
var nativeEndian binary.ByteOrder
-// IPSetManager struct
-type IPSetManager struct {
+// Manager struct
+type Manager struct {
fd int
lsa syscall.SockaddrNetlink
@@ -78,8 +78,8 @@ type IPSetManager struct {
domainSet sync.Map
}
-// NewIPSetManager returns a IPSetManager
-func NewIPSetManager(mainSet string, rules []*rule.Config) (*IPSetManager, error) {
+// NewManager returns a Manager
+func NewManager(mainSet string, rules []*rule.Config) (*Manager, error) {
fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_NETFILTER)
if err != nil {
log.F("%s", err)
@@ -96,7 +96,7 @@ func NewIPSetManager(mainSet string, rules []*rule.Config) (*IPSetManager, error
return nil, err
}
- m := &IPSetManager{fd: fd, lsa: lsa, mainSet: mainSet}
+ m := &Manager{fd: fd, lsa: lsa, mainSet: mainSet}
CreateSet(fd, lsa, mainSet)
for _, r := range rules {
@@ -133,7 +133,7 @@ func NewIPSetManager(mainSet string, rules []*rule.Config) (*IPSetManager, error
}
// AddDomainIP implements the DNSAnswerHandler function, used to update ipset according to domainSet rule
-func (m *IPSetManager) AddDomainIP(domain, ip string) error {
+func (m *Manager) AddDomainIP(domain, ip string) error {
if ip != "" {
domainParts := strings.Split(domain, ".")
length := len(domainParts)
diff --git a/ipset/ipset_other.go b/ipset/ipset_other.go
index 00ec7d8..ab9be65 100644
--- a/ipset/ipset_other.go
+++ b/ipset/ipset_other.go
@@ -8,15 +8,15 @@ import (
"github.com/nadoo/glider/rule"
)
-// IPSetManager struct
-type IPSetManager struct{}
+// Manager struct
+type Manager struct{}
-// NewIPSetManager returns a IPSetManager
-func NewIPSetManager(mainSet string, rules []*rule.Config) (*IPSetManager, error) {
+// NewManager returns a Manager
+func NewManager(mainSet string, rules []*rule.Config) (*Manager, error) {
return nil, errors.New("ipset not supported on this os")
}
// AddDomainIP implements the DNSAnswerHandler function
-func (m *IPSetManager) AddDomainIP(domain, ip string) error {
+func (m *Manager) AddDomainIP(domain, ip string) error {
return errors.New("ipset not supported on this os")
}
diff --git a/main.go b/main.go
index c42dfc2..8fd3b5b 100644
--- a/main.go
+++ b/main.go
@@ -30,17 +30,23 @@ import (
const VERSION = "0.6.7"
func main() {
+ // read configs
confInit()
+
+ // setup a log func
log.F = func(f string, v ...interface{}) {
if conf.Verbose {
stdlog.Printf(f, v...)
}
}
+ // global rule dialer
dialer := rule.NewDialer(conf.rules, strategy.NewDialer(conf.Forward, &conf.StrategyConfig))
- ipsetM, _ := ipset.NewIPSetManager(conf.IPSet, conf.rules)
- // DNS Server
+ // ipset manager
+ ipsetM, _ := ipset.NewManager(conf.IPSet, conf.rules)
+
+ // check and setup dns server
if conf.DNS != "" {
d, err := dns.NewServer(conf.DNS, dialer, &conf.DNSConfig)
if err != nil {
@@ -62,9 +68,12 @@ func main() {
d.AddHandler(ipsetM.AddDomainIP)
}
- go d.ListenAndServe()
+ d.Start()
}
+ // enable checkers
+ dialer.Check()
+
// Proxy Servers
for _, listen := range conf.Listen {
local, err := proxy.ServerFromURL(listen, dialer)
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
index 421acd9..f1e5a82 100644
--- a/proxy/forwarder.go
+++ b/proxy/forwarder.go
@@ -18,10 +18,10 @@ type Forwarder struct {
disabled uint32
failures uint32
MaxFailures uint32 //maxfailures to set to Disabled
- latency int
+ latency int64
}
-// ForwarderFromURL parses `forward=` command line and returns a new forwarder
+// ForwarderFromURL parses `forward=` command value and returns a new forwarder
func ForwarderFromURL(s string) (f *Forwarder, err error) {
ss := strings.Split(s, "#")
var d Dialer
@@ -71,7 +71,6 @@ func (f *Forwarder) Dial(network, addr string) (c net.Conn, err error) {
c, err = f.Dialer.Dial(network, addr)
if err != nil {
atomic.AddUint32(&f.failures, 1)
- log.F("[forwarder] %s, dials %s, error:%s", f.addr, addr, err)
if f.Failures() >= f.MaxFailures {
f.Disable()
log.F("[forwarder] %s reaches maxfailures, set to disabled", f.addr)
@@ -105,3 +104,13 @@ func (f *Forwarder) Enabled() bool {
func isTrue(n uint32) bool {
return n&1 == 1
}
+
+// Latency returns the latency of forwarder
+func (f *Forwarder) Latency() int64 {
+ return atomic.LoadInt64(&f.latency)
+}
+
+// SetLatency sets the latency of forwarder
+func (f *Forwarder) SetLatency(l int64) {
+ atomic.StoreInt64(&f.latency, l)
+}
diff --git a/rule/rule.go b/rule/rule.go
index 747c666..52aea36 100644
--- a/rule/rule.go
+++ b/rule/rule.go
@@ -13,6 +13,7 @@ import (
// Dialer struct
type Dialer struct {
gDialer proxy.Dialer
+ dialers []proxy.Dialer
domainMap sync.Map
ipMap sync.Map
@@ -25,6 +26,7 @@ func NewDialer(rules []*Config, gDialer proxy.Dialer) *Dialer {
for _, r := range rules {
sDialer := strategy.NewDialer(r.Forward, &r.StrategyConfig)
+ rd.dialers = append(rd.dialers, sDialer)
for _, domain := range r.Domain {
rd.domainMap.Store(strings.ToLower(domain), sDialer)
@@ -123,3 +125,16 @@ func (rd *Dialer) AddDomainIP(domain, ip string) error {
}
return nil
}
+
+// Check .
+func (rd *Dialer) Check() {
+ if checker, ok := rd.gDialer.(strategy.Checker); ok {
+ checker.Check()
+ }
+
+ for _, d := range rd.dialers {
+ if checker, ok := d.(strategy.Checker); ok {
+ checker.Check()
+ }
+ }
+}
diff --git a/strategy/strategy.go b/strategy/strategy.go
index 1f624d8..52ecabe 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -20,9 +20,13 @@ type Config struct {
MaxFailures int
}
+// Checker is an interface of forwarder checker
+type Checker interface {
+ Check()
+}
+
// NewDialer returns a new strategy dialer
func NewDialer(s []string, c *Config) proxy.Dialer {
- // global forwarders in xx.conf
var fwdrs []*proxy.Forwarder
for _, chain := range s {
fwdr, err := proxy.ForwarderFromURL(chain)
@@ -49,6 +53,9 @@ func NewDialer(s []string, c *Config) proxy.Dialer {
case "ha":
dialer = newHADialer(fwdrs, c.CheckWebSite, c.CheckInterval)
log.F("forward to remote servers in high availability mode.")
+ case "lha":
+ dialer = newLHADialer(fwdrs, c.CheckWebSite, c.CheckInterval)
+ log.F("forward to remote servers in latency based high availability mode.")
default:
log.F("not supported forward mode '%s', just use the first forward server.", c.Strategy)
dialer = fwdrs[0]
@@ -57,15 +64,20 @@ func NewDialer(s []string, c *Config) proxy.Dialer {
return dialer
}
-type forwarderSlice []*proxy.Forwarder
+// slice orderd by priority
+type priSlice []*proxy.Forwarder
-func (p forwarderSlice) Len() int { return len(p) }
-func (p forwarderSlice) Less(i, j int) bool { return p[i].Priority > p[j].Priority }
-func (p forwarderSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
+func (p priSlice) Len() int { return len(p) }
+func (p priSlice) Less(i, j int) bool { return p[i].Priority > p[j].Priority }
+func (p priSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
-// rrDialer is a rr dialer
+// rrDialer is a round robin dialer
+// 1. find the highest priority which there's at least 1 dialer is enabled
+// 2. choose a enabled dialer in that priority using round robin mode
type rrDialer struct {
- fwdrs forwarderSlice
+ fwdrs priSlice
+
+ // may have data races, but doesn't matter
idx int
priority int
@@ -77,6 +89,7 @@ type rrDialer struct {
// newRRDialer returns a new rrDialer
func newRRDialer(fs []*proxy.Forwarder, website string, interval int) *rrDialer {
rr := &rrDialer{fwdrs: fs}
+ sort.Sort(rr.fwdrs)
rr.website = website
if strings.IndexByte(rr.website, ':') == -1 {
@@ -84,14 +97,8 @@ func newRRDialer(fs []*proxy.Forwarder, website string, interval int) *rrDialer
}
rr.interval = interval
-
- sort.Sort(rr.fwdrs)
rr.priority = rr.fwdrs[0].Priority
- for k := range rr.fwdrs {
- go rr.checkDialer(k)
- }
-
return rr
}
@@ -143,55 +150,64 @@ func (rr *rrDialer) NextDialer(dstAddr string) proxy.Dialer {
return rr.nextDialer(dstAddr)
}
+// Check implements the Checker interface
+func (rr *rrDialer) Check() {
+ for _, f := range rr.fwdrs {
+ go rr.checkDialer(f)
+ }
+}
+
// Check dialer
-func (rr *rrDialer) checkDialer(idx int) {
+func (rr *rrDialer) checkDialer(f *proxy.Forwarder) {
retry := 1
buf := make([]byte, 4)
- d := rr.fwdrs[idx]
-
for {
time.Sleep(time.Duration(rr.interval) * time.Second * time.Duration(retry>>1))
- // check forwarders whose priority not less than current priority only
- if d.Priority < rr.priority {
- continue
- }
-
retry <<= 1
if retry > 16 {
retry = 16
}
- startTime := time.Now()
- c, err := d.Dial("tcp", rr.website)
- if err != nil {
- rr.fwdrs[idx].Disable()
- log.F("[check] %s -> %s, set to DISABLED. error in dial: %s", d.Addr(), rr.website, err)
+ // check forwarders whose priority not less than current priority only
+ if f.Priority < rr.priority {
+ // log.F("f.Priority:%d, rr.priority:%d", f.Priority, rr.priority)
continue
}
- c.Write([]byte("GET / HTTP/1.0\r\n\r\n"))
-
- _, err = io.ReadFull(c, buf)
+ startTime := time.Now()
+ rc, err := f.Dial("tcp", rr.website)
if err != nil {
- rr.fwdrs[idx].Disable()
- log.F("[check] %s -> %s, set to DISABLED. error in read: %s", d.Addr(), rr.website, err)
- } else if bytes.Equal([]byte("HTTP"), buf) {
- rr.fwdrs[idx].Enable()
- retry = 2
- dialTime := time.Since(startTime)
- log.F("[check] %s -> %s, set to ENABLED. connect time: %s", d.Addr(), rr.website, dialTime.String())
- } else {
- rr.fwdrs[idx].Disable()
- log.F("[check] %s -> %s, set to DISABLED. server response: %s", d.Addr(), rr.website, buf)
+ f.Disable()
+ log.F("[check] %s(%d) -> %s, DISABLED. error in dial: %s", f.Addr(), f.Priority, rr.website, err)
+ continue
}
- c.Close()
+ rc.Write([]byte("GET / HTTP/1.0\r\n\r\n"))
+
+ _, err = io.ReadFull(rc, buf)
+ if err != nil {
+ f.Disable()
+ log.F("[check] %s(%d) -> %s, DISABLED. error in read: %s", f.Addr(), f.Priority, rr.website, err)
+ } else if bytes.Equal([]byte("HTTP"), buf) {
+ f.Enable()
+ retry = 2
+ readTime := time.Since(startTime)
+ f.SetLatency(int64(readTime))
+ log.F("[check] %s(%d) -> %s, ENABLED. connect time: %s", f.Addr(), f.Priority, rr.website, readTime.String())
+ } else {
+ f.Disable()
+ log.F("[check] %s(%d) -> %s, DISABLED. server response: %s", f.Addr(), f.Priority, rr.website, buf)
+ }
+
+ rc.Close()
}
}
-// high availability proxy
+// high availability forwarder
+// 1. choose dialer whose priority is the highest
+// 2. choose the first enabled dialer in that priority
type haDialer struct {
*rrDialer
}
@@ -201,18 +217,64 @@ func newHADialer(dialers []*proxy.Forwarder, webhost string, duration int) proxy
return &haDialer{rrDialer: newRRDialer(dialers, webhost, duration)}
}
-func (ha *haDialer) Dial(network, addr string) (net.Conn, error) {
+func (ha *haDialer) nextDialer(dstAddr string) *proxy.Forwarder {
d := ha.fwdrs[ha.idx]
if !d.Enabled() {
- d = ha.nextDialer(addr)
+ d = ha.nextDialer(dstAddr)
}
+ return d
+}
+
+func (ha *haDialer) Dial(network, addr string) (net.Conn, error) {
+ d := ha.nextDialer(addr)
return d.Dial(network, addr)
}
func (ha *haDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- d := ha.fwdrs[ha.idx]
- if !d.Enabled() {
- d = ha.nextDialer(addr)
- }
+ d := ha.nextDialer(addr)
+ return d.DialUDP(network, addr)
+}
+
+// high availability forwarder
+// 1. choose dialer whose priority is the highest
+// 2. choose dialer whose letency it the lowest
+type lhaDialer struct {
+ *rrDialer
+}
+
+// newLHADialer .
+func newLHADialer(dialers []*proxy.Forwarder, webhost string, duration int) proxy.Dialer {
+ return &lhaDialer{rrDialer: newRRDialer(dialers, webhost, duration)}
+}
+
+func (lha *lhaDialer) nextDialer(dstAddr string) *proxy.Forwarder {
+ var latency int64
+ var d *proxy.Forwarder
+ for _, fwder := range lha.fwdrs {
+ if fwder.Enabled() {
+ lha.priority = fwder.Priority
+ latency = fwder.Latency()
+ d = fwder
+ break
+ }
+ }
+
+ for _, fwder := range lha.fwdrs {
+ if fwder.Enabled() && fwder.Priority >= lha.priority && fwder.Latency() < latency {
+ latency = fwder.Latency()
+ d = fwder
+ }
+ }
+
+ return d
+}
+
+func (lha *lhaDialer) Dial(network, addr string) (net.Conn, error) {
+ d := lha.nextDialer(addr)
+ return d.Dial(network, addr)
+}
+
+func (lha *lhaDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ d := lha.nextDialer(addr)
return d.DialUDP(network, addr)
}
From 4967f0bd366eb111a5453ada2d9bc4adcce73d67 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 14 Aug 2018 19:52:32 +0800
Subject: [PATCH 253/341] doc: add info for forwarder option: `priority`
---
README.md | 14 ++++++++++++--
conf.go | 9 +++++++++
config/glider.conf.example | 4 ++++
strategy/strategy.go | 4 ++--
4 files changed, 27 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index 32978f0..9c8f968 100644
--- a/README.md
+++ b/README.md
@@ -56,7 +56,7 @@ General:
- Http and socks5 on the same port
- Forward chain
-- HA or RR strategy for multiple forwarders
+- RR/HA/LHA strategy for multiple forwarders
- Periodical proxy checking
- Rule proxy based on destinations: [Config Examples](config/examples)
@@ -109,7 +109,7 @@ glider -config CONFIGPATH -listen :8080 -verbose
## Usage
```bash
-glider v0.6.6 usage:
+glider v0.6.7 usage:
-checkduration int
proxy check interval(seconds) (default 30)
-checkwebsite string
@@ -134,6 +134,8 @@ glider v0.6.6 usage:
ipset name
-listen value
listen url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS
+ -maxfailures int
+ max failures to change forwarder status to disabled (default 3)
-rulefile value
rule file path
-rules-dir string
@@ -211,6 +213,14 @@ DNS forwarding server:
Available forward strategies:
rr: Round Robin mode
ha: High Availability mode
+ lha: Latency based High Availability mode
+
+Forwarder option scheme: FORWARD_URL[#OPTIONS]
+ Available options for forwarders:
+ priority: set the priority of that forwarder, default:0
+ Examples:
+ socks5://1.1.1.1:1080#priority=100
+ vmess://[security:]uuid@host:port?alterID=num#priority=200
Config file format(see `glider.conf.example` as an example):
# COMMENT LINE
diff --git a/conf.go b/conf.go
index 0f1ac4b..baed0a1 100644
--- a/conf.go
+++ b/conf.go
@@ -188,6 +188,15 @@ func usage() {
fmt.Fprintf(os.Stderr, "Available forward strategies:\n")
fmt.Fprintf(os.Stderr, " rr: Round Robin mode\n")
fmt.Fprintf(os.Stderr, " ha: High Availability mode\n")
+ fmt.Fprintf(os.Stderr, " lha: Latency based High Availability mode\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "Forwarder option scheme: FORWARD_URL[#OPTIONS]\n")
+ fmt.Fprintf(os.Stderr, " Available options for forwarders:\n")
+ fmt.Fprintf(os.Stderr, " priority: set the priority of that forwarder, default:0\n")
+ fmt.Fprintf(os.Stderr, " Examples:\n")
+ fmt.Fprintf(os.Stderr, " socks5://1.1.1.1:1080#priority=100\n")
+ fmt.Fprintf(os.Stderr, " vmess://[security:]uuid@host:port?alterID=num#priority=200\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Config file format(see `"+app+".conf.example` as an example):\n")
diff --git a/config/glider.conf.example b/config/glider.conf.example
index c76024b..5717de7 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -58,10 +58,14 @@ listen=socks5://:1080
# FORWARDERS
# ----------
# Forwarders, we can setup multiple forwarders.
+# forward=SCHEME#OPTIONS
# Socks5 proxy as forwarder
# forward=socks5://192.168.1.10:1080
+# Socks5 proxy as forwarder with priority 100
+# forward=socks5://192.168.1.10:1080#priority=100
+
# SS proxy as forwarder
# forward=ss://method:pass@1.1.1.1:8443
diff --git a/strategy/strategy.go b/strategy/strategy.go
index 52ecabe..fa22028 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -235,9 +235,9 @@ func (ha *haDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo ne
return d.DialUDP(network, addr)
}
-// high availability forwarder
+// latency based high availability forwarder
// 1. choose dialer whose priority is the highest
-// 2. choose dialer whose letency it the lowest
+// 2. choose dialer with the lowest latency
type lhaDialer struct {
*rrDialer
}
From fbb78d50d4db5da0cffdd669101e8665aec02b7f Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 14 Aug 2018 20:01:43 +0800
Subject: [PATCH 254/341] strategy: keep default priority as 0 to check all
fwders at start time
---
strategy/strategy.go | 1 -
1 file changed, 1 deletion(-)
diff --git a/strategy/strategy.go b/strategy/strategy.go
index fa22028..e47611b 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -97,7 +97,6 @@ func newRRDialer(fs []*proxy.Forwarder, website string, interval int) *rrDialer
}
rr.interval = interval
- rr.priority = rr.fwdrs[0].Priority
return rr
}
From 205b4efac7756abb85cb66bb11a8527534027eb9 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 14 Aug 2018 22:32:55 +0800
Subject: [PATCH 255/341] dns: use Direct dialer when dialer's domain equals to
the query domain
---
dns/client.go | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/dns/client.go b/dns/client.go
index 5b2694a..690e0bb 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -127,6 +127,11 @@ func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (server
network = "tcp"
dialer := c.dialer.NextDialer(qname + ":53")
+ // if we are resolving the dialer's domain, then use Direct to avoid denpency loop
+ if strings.Contains(dialer.Addr(), qname) {
+ dialer = proxy.Direct
+ }
+
// If client uses udp and no forwarders specified, use udp
if !preferTCP && dialer.Addr() == "DIRECT" {
network = "udp"
From 39ccbc5adfe684c163692f7466470c622277cb8c Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 15 Aug 2018 00:54:17 +0800
Subject: [PATCH 256/341] forwarder: add the ability to specify local ip. #48
---
conf.go | 7 +++----
dns/client.go | 2 +-
proxy/dialer.go | 2 +-
proxy/direct.go | 35 +++++++++++++++++++++++++----------
proxy/forwarder.go | 22 ++++++++++++----------
proxy/server.go | 2 +-
strategy/strategy.go | 2 +-
7 files changed, 44 insertions(+), 28 deletions(-)
diff --git a/conf.go b/conf.go
index baed0a1..5bf9e4b 100644
--- a/conf.go
+++ b/conf.go
@@ -191,10 +191,9 @@ func usage() {
fmt.Fprintf(os.Stderr, " lha: Latency based High Availability mode\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, "Forwarder option scheme: FORWARD_URL[#OPTIONS]\n")
- fmt.Fprintf(os.Stderr, " Available options for forwarders:\n")
- fmt.Fprintf(os.Stderr, " priority: set the priority of that forwarder, default:0\n")
- fmt.Fprintf(os.Stderr, " Examples:\n")
+ fmt.Fprintf(os.Stderr, "Forwarder option scheme: FORWARD_URL#OPTIONS\n")
+ fmt.Fprintf(os.Stderr, " priority: set the priority of that forwarder, default:0\n")
+ fmt.Fprintf(os.Stderr, " e.g.:\n")
fmt.Fprintf(os.Stderr, " socks5://1.1.1.1:1080#priority=100\n")
fmt.Fprintf(os.Stderr, " vmess://[security:]uuid@host:port?alterID=num#priority=200\n")
fmt.Fprintf(os.Stderr, "\n")
diff --git a/dns/client.go b/dns/client.go
index 690e0bb..81049c6 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -129,7 +129,7 @@ func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (server
// if we are resolving the dialer's domain, then use Direct to avoid denpency loop
if strings.Contains(dialer.Addr(), qname) {
- dialer = proxy.Direct
+ dialer = proxy.Default
}
// If client uses udp and no forwarders specified, use udp
diff --git a/proxy/dialer.go b/proxy/dialer.go
index 7762b5b..5e665e1 100644
--- a/proxy/dialer.go
+++ b/proxy/dialer.go
@@ -45,7 +45,7 @@ func DialerFromURL(s string, dialer Dialer) (Dialer, error) {
}
if dialer == nil {
- dialer = Direct
+ dialer = Default
}
c, ok := dialerMap[strings.ToLower(u.Scheme)]
diff --git a/proxy/direct.go b/proxy/direct.go
index 719a731..bf553eb 100644
--- a/proxy/direct.go
+++ b/proxy/direct.go
@@ -6,20 +6,33 @@ import (
"github.com/nadoo/glider/common/log"
)
-// direct proxy
-type direct struct{}
-
// Direct proxy
-var Direct = &direct{}
+type Direct struct {
+ *net.Dialer
+}
-func (d *direct) Addr() string { return "DIRECT" }
+// Default dialer
+var Default = &Direct{Dialer: &net.Dialer{}}
-func (d *direct) Dial(network, addr string) (net.Conn, error) {
+// NewDirect returns a Direct dialer
+func NewDirect(localip string) *Direct {
+ d := &net.Dialer{LocalAddr: &net.TCPAddr{
+ IP: net.ParseIP(localip),
+ Port: 0,
+ }}
+ return &Direct{Dialer: d}
+}
+
+// Addr returns forwarder's address
+func (d *Direct) Addr() string { return "DIRECT" }
+
+// Dial connects to the address addr on the network net
+func (d *Direct) Dial(network, addr string) (net.Conn, error) {
if network == "uot" {
network = "udp"
}
- c, err := net.Dial(network, addr)
+ c, err := d.Dialer.Dial(network, addr)
if err != nil {
return nil, err
}
@@ -31,8 +44,9 @@ func (d *direct) Dial(network, addr string) (net.Conn, error) {
return c, err
}
-func (d *direct) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- pc, err := net.ListenPacket(network, "")
+// DialUDP connects to the given address
+func (d *Direct) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ pc, err := net.ListenPacket(network, d.Dialer.LocalAddr.String())
if err != nil {
log.F("ListenPacket error: %s", err)
return nil, nil, err
@@ -42,4 +56,5 @@ func (d *direct) DialUDP(network, addr string) (net.PacketConn, net.Addr, error)
return pc, uAddr, err
}
-func (d *direct) NextDialer(dstAddr string) Dialer { return d }
+// NextDialer returns the next dialer
+func (d *Direct) NextDialer(dstAddr string) Dialer { return d }
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
index f1e5a82..6249d65 100644
--- a/proxy/forwarder.go
+++ b/proxy/forwarder.go
@@ -19,12 +19,19 @@ type Forwarder struct {
failures uint32
MaxFailures uint32 //maxfailures to set to Disabled
latency int64
+ localip string // local ip address
}
// ForwarderFromURL parses `forward=` command value and returns a new forwarder
func ForwarderFromURL(s string) (f *Forwarder, err error) {
+ f = &Forwarder{}
+
ss := strings.Split(s, "#")
- var d Dialer
+ if len(ss) > 1 {
+ err = f.parseOption(ss[1])
+ }
+
+ var d Dialer = NewDirect(f.localip)
for _, url := range strings.Split(ss[0], ",") {
d, err = DialerFromURL(url, d)
if err != nil {
@@ -32,19 +39,12 @@ func ForwarderFromURL(s string) (f *Forwarder, err error) {
}
}
- f = NewForwarder(d)
- if len(ss) > 1 {
- err = f.parseOption(ss[1])
- }
+ f.Dialer = d
+ f.addr = d.Addr()
return f, err
}
-// NewForwarder returns a new forwarder
-func NewForwarder(dialer Dialer) *Forwarder {
- return &Forwarder{Dialer: dialer, addr: dialer.Addr()}
-}
-
func (f *Forwarder) parseOption(option string) error {
query, err := url.ParseQuery(option)
if err != nil {
@@ -58,6 +58,8 @@ func (f *Forwarder) parseOption(option string) error {
}
f.Priority = int(priority)
+ f.localip = query.Get("localip")
+
return err
}
diff --git a/proxy/server.go b/proxy/server.go
index 4bc4e1d..ad77eef 100644
--- a/proxy/server.go
+++ b/proxy/server.go
@@ -39,7 +39,7 @@ func ServerFromURL(s string, dialer Dialer) (Server, error) {
}
if dialer == nil {
- dialer = Direct
+ dialer = Default
}
c, ok := serverMap[strings.ToLower(u.Scheme)]
diff --git a/strategy/strategy.go b/strategy/strategy.go
index e47611b..73f6451 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -38,7 +38,7 @@ func NewDialer(s []string, c *Config) proxy.Dialer {
}
if len(fwdrs) == 0 {
- return proxy.Direct
+ return proxy.Default
}
if len(fwdrs) == 1 {
From 88ff8997b51b2280707b066ee59b3c7b6070583a Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 16 Aug 2018 00:01:59 +0800
Subject: [PATCH 257/341] strategy: avoid returning nil dialer in
lha.nextDialer
---
README.md | 6 +++---
conf.go | 3 ++-
strategy/strategy.go | 11 +++++------
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/README.md b/README.md
index 9c8f968..fb7a2ba 100644
--- a/README.md
+++ b/README.md
@@ -215,9 +215,9 @@ Available forward strategies:
ha: High Availability mode
lha: Latency based High Availability mode
-Forwarder option scheme: FORWARD_URL[#OPTIONS]
- Available options for forwarders:
- priority: set the priority of that forwarder, default:0
+Forwarder option scheme: FORWARD_URL#OPTIONS
+ priority: set the priority of that forwarder, default:0
+ -
Examples:
socks5://1.1.1.1:1080#priority=100
vmess://[security:]uuid@host:port?alterID=num#priority=200
diff --git a/conf.go b/conf.go
index 5bf9e4b..4dbc722 100644
--- a/conf.go
+++ b/conf.go
@@ -193,7 +193,8 @@ func usage() {
fmt.Fprintf(os.Stderr, "Forwarder option scheme: FORWARD_URL#OPTIONS\n")
fmt.Fprintf(os.Stderr, " priority: set the priority of that forwarder, default:0\n")
- fmt.Fprintf(os.Stderr, " e.g.:\n")
+ fmt.Fprintf(os.Stderr, " -\n")
+ fmt.Fprintf(os.Stderr, " Examples:\n")
fmt.Fprintf(os.Stderr, " socks5://1.1.1.1:1080#priority=100\n")
fmt.Fprintf(os.Stderr, " vmess://[security:]uuid@host:port?alterID=num#priority=200\n")
fmt.Fprintf(os.Stderr, "\n")
diff --git a/strategy/strategy.go b/strategy/strategy.go
index 73f6451..06bfd8d 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -248,24 +248,23 @@ func newLHADialer(dialers []*proxy.Forwarder, webhost string, duration int) prox
func (lha *lhaDialer) nextDialer(dstAddr string) *proxy.Forwarder {
var latency int64
- var d *proxy.Forwarder
- for _, fwder := range lha.fwdrs {
+ for i, fwder := range lha.fwdrs {
if fwder.Enabled() {
lha.priority = fwder.Priority
latency = fwder.Latency()
- d = fwder
+ lha.idx = i
break
}
}
- for _, fwder := range lha.fwdrs {
+ for i, fwder := range lha.fwdrs {
if fwder.Enabled() && fwder.Priority >= lha.priority && fwder.Latency() < latency {
latency = fwder.Latency()
- d = fwder
+ lha.idx = i
}
}
- return d
+ return lha.fwdrs[lha.idx]
}
func (lha *lhaDialer) Dial(network, addr string) (net.Conn, error) {
From 59e7b17200a4b964714254511b2026840c43ac48 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 17 Aug 2018 23:53:27 +0800
Subject: [PATCH 258/341] doc: add local ip info for forwarder
---
README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/README.md b/README.md
index fb7a2ba..48c2488 100644
--- a/README.md
+++ b/README.md
@@ -217,6 +217,7 @@ Available forward strategies:
Forwarder option scheme: FORWARD_URL#OPTIONS
priority: set the priority of that forwarder, default:0
+ localip: set local ip address which will be used to connect remote forwarder
-
Examples:
socks5://1.1.1.1:1080#priority=100
From c21a7d8c4dc04ab7f6078f53b4a0b66e75a534ae Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 18 Aug 2018 23:59:21 +0800
Subject: [PATCH 259/341] forawrder: change localip to interface
---
README.md | 2 +-
proxy/direct.go | 30 +++++++++++++++++++++++++-----
proxy/forwarder.go | 6 +++---
3 files changed, 29 insertions(+), 9 deletions(-)
diff --git a/README.md b/README.md
index 48c2488..53bd636 100644
--- a/README.md
+++ b/README.md
@@ -217,7 +217,7 @@ Available forward strategies:
Forwarder option scheme: FORWARD_URL#OPTIONS
priority: set the priority of that forwarder, default:0
- localip: set local ip address which will be used to connect remote forwarder
+ interface: set local interface or ip address used to connect remote forwarder
-
Examples:
socks5://1.1.1.1:1080#priority=100
diff --git a/proxy/direct.go b/proxy/direct.go
index bf553eb..ed2e295 100644
--- a/proxy/direct.go
+++ b/proxy/direct.go
@@ -9,18 +9,38 @@ import (
// Direct proxy
type Direct struct {
*net.Dialer
+ addr net.Addr
}
// Default dialer
var Default = &Direct{Dialer: &net.Dialer{}}
// NewDirect returns a Direct dialer
-func NewDirect(localip string) *Direct {
- d := &net.Dialer{LocalAddr: &net.TCPAddr{
- IP: net.ParseIP(localip),
+func NewDirect(intface string) *Direct {
+ d := &Direct{}
+ dialer := &net.Dialer{}
+
+ ip := net.ParseIP(intface)
+ if ip == nil {
+ iface, err := net.InterfaceByName(intface)
+ if err != nil {
+ return nil
+ }
+
+ addrs, err := iface.Addrs()
+ if err != nil {
+ d.addr = addrs[0]
+ }
+ }
+
+ d.addr = &net.TCPAddr{
+ IP: ip,
Port: 0,
- }}
- return &Direct{Dialer: d}
+ }
+
+ dialer.LocalAddr = d.addr
+
+ return d
}
// Addr returns forwarder's address
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
index 6249d65..5ec7b33 100644
--- a/proxy/forwarder.go
+++ b/proxy/forwarder.go
@@ -19,7 +19,7 @@ type Forwarder struct {
failures uint32
MaxFailures uint32 //maxfailures to set to Disabled
latency int64
- localip string // local ip address
+ intface string // local interface or ip address
}
// ForwarderFromURL parses `forward=` command value and returns a new forwarder
@@ -31,7 +31,7 @@ func ForwarderFromURL(s string) (f *Forwarder, err error) {
err = f.parseOption(ss[1])
}
- var d Dialer = NewDirect(f.localip)
+ var d Dialer = NewDirect(f.intface)
for _, url := range strings.Split(ss[0], ",") {
d, err = DialerFromURL(url, d)
if err != nil {
@@ -58,7 +58,7 @@ func (f *Forwarder) parseOption(option string) error {
}
f.Priority = int(priority)
- f.localip = query.Get("localip")
+ f.intface = query.Get("interface")
return err
}
From c9e9ebd287c862eb2bfe5a628692c1b88b3376e1 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 19 Aug 2018 01:49:52 +0800
Subject: [PATCH 260/341] forwarder: support curl like `interface` parameter
---
README.md | 2 ++
proxy/direct.go | 86 ++++++++++++++++++++++++++++++++--------------
proxy/forwarder.go | 7 +++-
3 files changed, 69 insertions(+), 26 deletions(-)
diff --git a/README.md b/README.md
index 53bd636..9feb379 100644
--- a/README.md
+++ b/README.md
@@ -222,6 +222,8 @@ Forwarder option scheme: FORWARD_URL#OPTIONS
Examples:
socks5://1.1.1.1:1080#priority=100
vmess://[security:]uuid@host:port?alterID=num#priority=200
+ vmess://[security:]uuid@host:port?alterID=num#priority=200&interface=192.168.1.99
+ vmess://[security:]uuid@host:port?alterID=num#priority=200&interface=eth0
Config file format(see `glider.conf.example` as an example):
# COMMENT LINE
diff --git a/proxy/direct.go b/proxy/direct.go
index ed2e295..18ba309 100644
--- a/proxy/direct.go
+++ b/proxy/direct.go
@@ -8,51 +8,62 @@ import (
// Direct proxy
type Direct struct {
- *net.Dialer
- addr net.Addr
+ iface *net.Interface
+ ip net.IP
}
// Default dialer
-var Default = &Direct{Dialer: &net.Dialer{}}
+var Default = &Direct{}
// NewDirect returns a Direct dialer
-func NewDirect(intface string) *Direct {
- d := &Direct{}
- dialer := &net.Dialer{}
+func NewDirect(intface string) (*Direct, error) {
+ if intface == "" {
+ return &Direct{}, nil
+ }
ip := net.ParseIP(intface)
- if ip == nil {
- iface, err := net.InterfaceByName(intface)
- if err != nil {
- return nil
- }
-
- addrs, err := iface.Addrs()
- if err != nil {
- d.addr = addrs[0]
- }
+ if ip != nil {
+ return &Direct{ip: ip}, nil
}
- d.addr = &net.TCPAddr{
- IP: ip,
- Port: 0,
+ iface, err := net.InterfaceByName(intface)
+ if err != nil {
+ return nil, err
}
- dialer.LocalAddr = d.addr
-
- return d
+ return &Direct{iface: iface}, nil
}
// Addr returns forwarder's address
func (d *Direct) Addr() string { return "DIRECT" }
// Dial connects to the address addr on the network net
-func (d *Direct) Dial(network, addr string) (net.Conn, error) {
+func (d *Direct) Dial(network, addr string) (c net.Conn, err error) {
+ for _, ip := range d.LocalIPs() {
+ c, err = d.dial(network, addr, ip)
+ // log.F("dial %s using ip: %s", addr, ip)
+ if err == nil {
+ break
+ }
+ }
+ return
+}
+
+func (d *Direct) dial(network, addr string, localIP net.IP) (net.Conn, error) {
if network == "uot" {
network = "udp"
}
- c, err := d.Dialer.Dial(network, addr)
+ var localAddr net.Addr
+ switch network {
+ case "tcp":
+ localAddr = &net.TCPAddr{IP: localIP}
+ case "udp":
+ localAddr = &net.UDPAddr{IP: localIP}
+ }
+
+ dialer := &net.Dialer{LocalAddr: localAddr}
+ c, err := dialer.Dial(network, addr)
if err != nil {
return nil, err
}
@@ -66,7 +77,8 @@ func (d *Direct) Dial(network, addr string) (net.Conn, error) {
// DialUDP connects to the given address
func (d *Direct) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
- pc, err := net.ListenPacket(network, d.Dialer.LocalAddr.String())
+ // TODO: support specifying local interface
+ pc, err := net.ListenPacket(network, "")
if err != nil {
log.F("ListenPacket error: %s", err)
return nil, nil, err
@@ -78,3 +90,27 @@ func (d *Direct) DialUDP(network, addr string) (net.PacketConn, net.Addr, error)
// NextDialer returns the next dialer
func (d *Direct) NextDialer(dstAddr string) Dialer { return d }
+
+// LocalIPs returns ip addresses according to the specified interface
+func (d *Direct) LocalIPs() (ips []net.IP) {
+ if d.ip != nil {
+ ips = []net.IP{d.ip}
+ return
+ }
+
+ if d.iface == nil {
+ ips = []net.IP{nil}
+ return
+ }
+
+ ipnets, err := d.iface.Addrs()
+ if err != nil {
+ return
+ }
+
+ for _, ipnet := range ipnets {
+ ips = append(ips, ipnet.(*net.IPNet).IP)
+ }
+
+ return
+}
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
index 5ec7b33..f5ad8f9 100644
--- a/proxy/forwarder.go
+++ b/proxy/forwarder.go
@@ -31,7 +31,12 @@ func ForwarderFromURL(s string) (f *Forwarder, err error) {
err = f.parseOption(ss[1])
}
- var d Dialer = NewDirect(f.intface)
+ var d Dialer
+ d, err = NewDirect(f.intface)
+ if err != nil {
+ return nil, err
+ }
+
for _, url := range strings.Split(ss[0], ",") {
d, err = DialerFromURL(url, d)
if err != nil {
From edd5964a1e878a77bb903ba9f4fbf721baad0d26 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 20 Aug 2018 00:17:16 +0800
Subject: [PATCH 261/341] direct: optimized local ip logic
---
README.md | 2 +-
conf.go | 3 +++
proxy/direct.go | 45 +++++++++++++++++++++++----------------------
3 files changed, 27 insertions(+), 23 deletions(-)
diff --git a/README.md b/README.md
index 9feb379..3883ea9 100644
--- a/README.md
+++ b/README.md
@@ -217,7 +217,7 @@ Available forward strategies:
Forwarder option scheme: FORWARD_URL#OPTIONS
priority: set the priority of that forwarder, default:0
- interface: set local interface or ip address used to connect remote forwarder
+ interface: set local interface or ip address used to connect remote server
-
Examples:
socks5://1.1.1.1:1080#priority=100
diff --git a/conf.go b/conf.go
index 4dbc722..3963298 100644
--- a/conf.go
+++ b/conf.go
@@ -193,10 +193,13 @@ func usage() {
fmt.Fprintf(os.Stderr, "Forwarder option scheme: FORWARD_URL#OPTIONS\n")
fmt.Fprintf(os.Stderr, " priority: set the priority of that forwarder, default:0\n")
+ fmt.Fprintf(os.Stderr, " interface: set local interface or ip address used to connect remote server\n")
fmt.Fprintf(os.Stderr, " -\n")
fmt.Fprintf(os.Stderr, " Examples:\n")
fmt.Fprintf(os.Stderr, " socks5://1.1.1.1:1080#priority=100\n")
fmt.Fprintf(os.Stderr, " vmess://[security:]uuid@host:port?alterID=num#priority=200\n")
+ fmt.Fprintf(os.Stderr, " vmess://[security:]uuid@host:port?alterID=num#priority=200&interface=192.168.1.99\n")
+ fmt.Fprintf(os.Stderr, " vmess://[security:]uuid@host:port?alterID=num#priority=200&interface=eth0\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Config file format(see `"+app+".conf.example` as an example):\n")
diff --git a/proxy/direct.go b/proxy/direct.go
index 18ba309..637a33c 100644
--- a/proxy/direct.go
+++ b/proxy/direct.go
@@ -8,7 +8,7 @@ import (
// Direct proxy
type Direct struct {
- iface *net.Interface
+ iface *net.Interface // interface specified by user
ip net.IP
}
@@ -39,30 +39,36 @@ func (d *Direct) Addr() string { return "DIRECT" }
// Dial connects to the address addr on the network net
func (d *Direct) Dial(network, addr string) (c net.Conn, err error) {
- for _, ip := range d.LocalIPs() {
- c, err = d.dial(network, addr, ip)
- // log.F("dial %s using ip: %s", addr, ip)
+ c, err = dial(network, addr, d.ip)
+ if err == nil {
+ return
+ }
+
+ for _, ip := range d.IFaceIPs() {
+ c, err = dial(network, addr, ip)
if err == nil {
+ d.ip = ip
break
}
}
+
return
}
-func (d *Direct) dial(network, addr string, localIP net.IP) (net.Conn, error) {
+func dial(network, addr string, localIP net.IP) (net.Conn, error) {
if network == "uot" {
network = "udp"
}
- var localAddr net.Addr
+ var la net.Addr
switch network {
case "tcp":
- localAddr = &net.TCPAddr{IP: localIP}
+ la = &net.TCPAddr{IP: localIP}
case "udp":
- localAddr = &net.UDPAddr{IP: localIP}
+ la = &net.UDPAddr{IP: localIP}
}
- dialer := &net.Dialer{LocalAddr: localAddr}
+ dialer := &net.Dialer{LocalAddr: la}
c, err := dialer.Dial(network, addr)
if err != nil {
return nil, err
@@ -78,7 +84,12 @@ func (d *Direct) dial(network, addr string, localIP net.IP) (net.Conn, error) {
// DialUDP connects to the given address
func (d *Direct) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
// TODO: support specifying local interface
- pc, err := net.ListenPacket(network, "")
+ la := ""
+ if d.ip != nil {
+ la = d.ip.String() + ":0"
+ }
+
+ pc, err := net.ListenPacket(network, la)
if err != nil {
log.F("ListenPacket error: %s", err)
return nil, nil, err
@@ -91,18 +102,8 @@ func (d *Direct) DialUDP(network, addr string) (net.PacketConn, net.Addr, error)
// NextDialer returns the next dialer
func (d *Direct) NextDialer(dstAddr string) Dialer { return d }
-// LocalIPs returns ip addresses according to the specified interface
-func (d *Direct) LocalIPs() (ips []net.IP) {
- if d.ip != nil {
- ips = []net.IP{d.ip}
- return
- }
-
- if d.iface == nil {
- ips = []net.IP{nil}
- return
- }
-
+// IFaceIPs returns ip addresses according to the specified interface
+func (d *Direct) IFaceIPs() (ips []net.IP) {
ipnets, err := d.iface.Addrs()
if err != nil {
return
From 8daa7784b03dd2b5dec83e98a511dbd38f92eaa1 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 20 Aug 2018 22:23:00 +0800
Subject: [PATCH 262/341] general: add global setting `interface`
---
conf.go | 1 +
proxy/dialer.go | 9 +++++----
proxy/direct.go | 11 +++++++----
proxy/forwarder.go | 20 +++++++++++++-------
proxy/server.go | 9 +++++----
rule/config.go | 1 +
rule/rule.go | 10 +++++-----
strategy/strategy.go | 10 ++++++++--
8 files changed, 45 insertions(+), 26 deletions(-)
diff --git a/conf.go b/conf.go
index 3963298..a92c87a 100644
--- a/conf.go
+++ b/conf.go
@@ -44,6 +44,7 @@ func confInit() {
// TODO: change to checkinterval
flag.IntVar(&conf.StrategyConfig.CheckInterval, "checkduration", 30, "proxy check interval(seconds)")
flag.IntVar(&conf.StrategyConfig.MaxFailures, "maxfailures", 3, "max failures to change forwarder status to disabled")
+ flag.StringVar(&conf.StrategyConfig.IntFace, "interface", "", "source ip or source interface")
flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
flag.StringVar(&conf.RulesDir, "rules-dir", "", "rule file folder")
diff --git a/proxy/dialer.go b/proxy/dialer.go
index 5e665e1..9c10c9e 100644
--- a/proxy/dialer.go
+++ b/proxy/dialer.go
@@ -37,17 +37,18 @@ func RegisterDialer(name string, c DialerCreator) {
}
// DialerFromURL calls the registered creator to create dialers.
+// dialer is the default upstream dialer so cannot be nil, we can use Default when calling this function.
func DialerFromURL(s string, dialer Dialer) (Dialer, error) {
+ if dialer == nil {
+ return nil, errors.New("DialerFromURL: dialer cannot be nil")
+ }
+
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
return nil, err
}
- if dialer == nil {
- dialer = Default
- }
-
c, ok := dialerMap[strings.ToLower(u.Scheme)]
if ok {
return c(s, dialer)
diff --git a/proxy/direct.go b/proxy/direct.go
index 637a33c..512dbad 100644
--- a/proxy/direct.go
+++ b/proxy/direct.go
@@ -1,6 +1,7 @@
package proxy
import (
+ "errors"
"net"
"github.com/nadoo/glider/common/log"
@@ -28,7 +29,7 @@ func NewDirect(intface string) (*Direct, error) {
iface, err := net.InterfaceByName(intface)
if err != nil {
- return nil, err
+ return nil, errors.New(err.Error() + ": " + intface)
}
return &Direct{iface: iface}, nil
@@ -39,9 +40,11 @@ func (d *Direct) Addr() string { return "DIRECT" }
// Dial connects to the address addr on the network net
func (d *Direct) Dial(network, addr string) (c net.Conn, err error) {
- c, err = dial(network, addr, d.ip)
- if err == nil {
- return
+ if d.iface == nil || d.ip != nil {
+ c, err = dial(network, addr, d.ip)
+ if err == nil {
+ return
+ }
}
for _, ip := range d.IFaceIPs() {
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
index f5ad8f9..4998378 100644
--- a/proxy/forwarder.go
+++ b/proxy/forwarder.go
@@ -14,16 +14,17 @@ import (
type Forwarder struct {
Dialer
Priority int
- addr string
- disabled uint32
- failures uint32
MaxFailures uint32 //maxfailures to set to Disabled
- latency int64
- intface string // local interface or ip address
+
+ addr string
+ disabled uint32
+ failures uint32
+ latency int64
+ intface string // local interface or ip address
}
// ForwarderFromURL parses `forward=` command value and returns a new forwarder
-func ForwarderFromURL(s string) (f *Forwarder, err error) {
+func ForwarderFromURL(s, intface string) (f *Forwarder, err error) {
f = &Forwarder{}
ss := strings.Split(s, "#")
@@ -31,8 +32,13 @@ func ForwarderFromURL(s string) (f *Forwarder, err error) {
err = f.parseOption(ss[1])
}
+ iface := intface
+ if f.intface != "" && f.intface != intface {
+ iface = f.intface
+ }
+
var d Dialer
- d, err = NewDirect(f.intface)
+ d, err = NewDirect(iface)
if err != nil {
return nil, err
}
diff --git a/proxy/server.go b/proxy/server.go
index ad77eef..aef83c9 100644
--- a/proxy/server.go
+++ b/proxy/server.go
@@ -27,7 +27,12 @@ func RegisterServer(name string, c ServerCreator) {
}
// ServerFromURL calls the registered creator to create proxy servers.
+// dialer is the default upstream dialer so cannot be nil, we can use Default when calling this function.
func ServerFromURL(s string, dialer Dialer) (Server, error) {
+ if dialer == nil {
+ return nil, errors.New("ServerFromURL: dialer cannot be nil")
+ }
+
if !strings.Contains(s, "://") {
s = "mixed://" + s
}
@@ -38,10 +43,6 @@ func ServerFromURL(s string, dialer Dialer) (Server, error) {
return nil, err
}
- if dialer == nil {
- dialer = Default
- }
-
c, ok := serverMap[strings.ToLower(u.Scheme)]
if ok {
return c(s, dialer)
diff --git a/rule/config.go b/rule/config.go
index 884f1fe..9763e09 100644
--- a/rule/config.go
+++ b/rule/config.go
@@ -36,6 +36,7 @@ func NewConfFromFile(ruleFile string) (*Config, error) {
f.StringVar(&p.StrategyConfig.CheckWebSite, "checkwebsite", "www.apple.com", "proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80")
// TODO: change to checkinterval
f.IntVar(&p.StrategyConfig.CheckInterval, "checkduration", 30, "proxy check interval(seconds)")
+ f.StringVar(&p.StrategyConfig.IntFace, "interface", "", "source ip or source interface")
f.StringSliceUniqVar(&p.DNSServers, "dnsserver", nil, "remote dns server")
f.StringVar(&p.IPSet, "ipset", "", "ipset name")
diff --git a/rule/rule.go b/rule/rule.go
index 52aea36..55a29a3 100644
--- a/rule/rule.go
+++ b/rule/rule.go
@@ -25,20 +25,20 @@ func NewDialer(rules []*Config, gDialer proxy.Dialer) *Dialer {
rd := &Dialer{gDialer: gDialer}
for _, r := range rules {
- sDialer := strategy.NewDialer(r.Forward, &r.StrategyConfig)
- rd.dialers = append(rd.dialers, sDialer)
+ sd := strategy.NewDialer(r.Forward, &r.StrategyConfig)
+ rd.dialers = append(rd.dialers, sd)
for _, domain := range r.Domain {
- rd.domainMap.Store(strings.ToLower(domain), sDialer)
+ rd.domainMap.Store(strings.ToLower(domain), sd)
}
for _, ip := range r.IP {
- rd.ipMap.Store(ip, sDialer)
+ rd.ipMap.Store(ip, sd)
}
for _, s := range r.CIDR {
if _, cidr, err := net.ParseCIDR(s); err == nil {
- rd.cidrMap.Store(cidr, sDialer)
+ rd.cidrMap.Store(cidr, sd)
}
}
}
diff --git a/strategy/strategy.go b/strategy/strategy.go
index 06bfd8d..8954435 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -18,6 +18,7 @@ type Config struct {
CheckWebSite string
CheckInterval int
MaxFailures int
+ IntFace string
}
// Checker is an interface of forwarder checker
@@ -29,7 +30,7 @@ type Checker interface {
func NewDialer(s []string, c *Config) proxy.Dialer {
var fwdrs []*proxy.Forwarder
for _, chain := range s {
- fwdr, err := proxy.ForwarderFromURL(chain)
+ fwdr, err := proxy.ForwarderFromURL(chain, c.IntFace)
if err != nil {
log.Fatal(err)
}
@@ -38,7 +39,11 @@ func NewDialer(s []string, c *Config) proxy.Dialer {
}
if len(fwdrs) == 0 {
- return proxy.Default
+ d, err := proxy.NewDirect(c.IntFace)
+ if err != nil {
+ log.Fatal(err)
+ }
+ return d
}
if len(fwdrs) == 1 {
@@ -139,6 +144,7 @@ func (rr *rrDialer) nextDialer(dstAddr string) *proxy.Forwarder {
}
if !found {
+ rr.priority = 0
log.F("NO AVAILABLE PROXY FOUND! please check your network or proxy server settings.")
}
From 1d5ef167ecdaf6c59bcf08bc7aa8ec04f79e82ad Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 21 Aug 2018 07:57:21 +0800
Subject: [PATCH 263/341] doc: add info for setting `interface`
---
README.md | 1 +
config/glider.conf.example | 10 +++++++++-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 3883ea9..9489507 100644
--- a/README.md
+++ b/README.md
@@ -59,6 +59,7 @@ General:
- RR/HA/LHA strategy for multiple forwarders
- Periodical proxy checking
- Rule proxy based on destinations: [Config Examples](config/examples)
+- Send requests from specific ip/interface
TODO:
diff --git a/config/glider.conf.example b/config/glider.conf.example
index 5717de7..3b2fcec 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -104,6 +104,7 @@ listen=socks5://:1080
# Round Robin mode: rr
# High Availability mode: ha
+# Latency based High Availability mode: lha
strategy=rr
@@ -148,10 +149,17 @@ dnsrecord=www.example.com/2606:2800:220:1:248:1893:25c8:1946
# Usually used in transparent proxy mode on linux
ipset=glider
+# INTERFACE SPECIFIC
+# ------------------
+# Specify the outbound ip/interface.
+#
+# interface=""
+# interface="192.168.1.100"
+# interface="eth0"
# RULE FILES
# ----------
-# Specify additional forward rules
+# Specify additional forward rules.
# specify rules folder, so all *.rule files under this folder will be parsed as rule file
rules-dir=rules.d
From 0d1c4c5a47f32165d3b2a1b4e6e317131b3de9d4 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 22 Aug 2018 00:11:31 +0800
Subject: [PATCH 264/341] direct: remove link-local ip from IFaceIPs func
---
README.md | 2 ++
proxy/direct.go | 4 +++-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 9489507..dfa264d 100644
--- a/README.md
+++ b/README.md
@@ -131,6 +131,8 @@ glider v0.6.7 usage:
timeout value used in multiple dnsservers switch(seconds) (default 3)
-forward value
forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]
+ -interface string
+ source ip or source interface
-ipset string
ipset name
-listen value
diff --git a/proxy/direct.go b/proxy/direct.go
index 512dbad..8072cbf 100644
--- a/proxy/direct.go
+++ b/proxy/direct.go
@@ -113,7 +113,9 @@ func (d *Direct) IFaceIPs() (ips []net.IP) {
}
for _, ipnet := range ipnets {
- ips = append(ips, ipnet.(*net.IPNet).IP)
+ if ip := ipnet.(*net.IPNet).IP; !ip.IsLinkLocalUnicast() {
+ ips = append(ips, ip)
+ }
}
return
From b9017ff70aa39edee09d57324f2e771b2300b48c Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 23 Aug 2018 00:01:31 +0800
Subject: [PATCH 265/341] strategy: avoid data race
---
proxy/forwarder.go | 46 +++++++--
strategy/ha.go | 31 ++++++
strategy/lha.go | 46 +++++++++
strategy/rr.go | 161 ++++++++++++++++++++++++++++++
strategy/strategy.go | 233 ++-----------------------------------------
5 files changed, 279 insertions(+), 238 deletions(-)
create mode 100644 strategy/ha.go
create mode 100644 strategy/lha.go
create mode 100644 strategy/rr.go
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
index 4998378..9ae27e0 100644
--- a/proxy/forwarder.go
+++ b/proxy/forwarder.go
@@ -13,14 +13,13 @@ import (
// Forwarder is a forwarder
type Forwarder struct {
Dialer
- Priority int
- MaxFailures uint32 //maxfailures to set to Disabled
-
- addr string
- disabled uint32
- failures uint32
- latency int64
- intface string // local interface or ip address
+ addr string
+ priority uint32
+ maxFailures uint32 // maxfailures to set to Disabled
+ disabled uint32
+ failures uint32
+ latency int64
+ intface string // local interface or ip address
}
// ForwarderFromURL parses `forward=` command value and returns a new forwarder
@@ -67,7 +66,7 @@ func (f *Forwarder) parseOption(option string) error {
if p != "" {
priority, err = strconv.ParseUint(p, 10, 32)
}
- f.Priority = int(priority)
+ f.SetPriority(uint32(priority))
f.intface = query.Get("interface")
@@ -83,8 +82,8 @@ func (f *Forwarder) Addr() string {
func (f *Forwarder) Dial(network, addr string) (c net.Conn, err error) {
c, err = f.Dialer.Dial(network, addr)
if err != nil {
- atomic.AddUint32(&f.failures, 1)
- if f.Failures() >= f.MaxFailures {
+ f.IncFailures()
+ if f.Failures() >= f.MaxFailures() {
f.Disable()
log.F("[forwarder] %s reaches maxfailures, set to disabled", f.addr)
}
@@ -98,6 +97,11 @@ func (f *Forwarder) Failures() uint32 {
return atomic.LoadUint32(&f.failures)
}
+// IncFailures increase the failuer count by 1
+func (f *Forwarder) IncFailures() {
+ atomic.AddUint32(&f.failures, 1)
+}
+
// Enable the forwarder
func (f *Forwarder) Enable() {
atomic.StoreUint32(&f.disabled, 0)
@@ -118,6 +122,26 @@ func isTrue(n uint32) bool {
return n&1 == 1
}
+// Priority returns the priority of forwarder
+func (f *Forwarder) Priority() uint32 {
+ return atomic.LoadUint32(&f.priority)
+}
+
+// SetPriority sets the priority of forwarder
+func (f *Forwarder) SetPriority(l uint32) {
+ atomic.StoreUint32(&f.priority, l)
+}
+
+// MaxFailures returns the maxFailures of forwarder
+func (f *Forwarder) MaxFailures() uint32 {
+ return atomic.LoadUint32(&f.maxFailures)
+}
+
+// SetMaxFailures sets the maxFailures of forwarder
+func (f *Forwarder) SetMaxFailures(l uint32) {
+ atomic.StoreUint32(&f.maxFailures, l)
+}
+
// Latency returns the latency of forwarder
func (f *Forwarder) Latency() int64 {
return atomic.LoadInt64(&f.latency)
diff --git a/strategy/ha.go b/strategy/ha.go
new file mode 100644
index 0000000..ef55fc9
--- /dev/null
+++ b/strategy/ha.go
@@ -0,0 +1,31 @@
+package strategy
+
+import (
+ "net"
+
+ "github.com/nadoo/glider/proxy"
+)
+
+// high availability forwarder
+type haDialer struct{ *rrDialer }
+
+// newHADialer .
+func newHADialer(dialers []*proxy.Forwarder, webhost string, duration int) proxy.Dialer {
+ return &haDialer{rrDialer: newRRDialer(dialers, webhost, duration)}
+}
+
+func (ha *haDialer) nextDialer(dstAddr string) *proxy.Forwarder {
+ d := ha.fwdrs[ha.index]
+ if !d.Enabled() {
+ d = ha.nextDialer(dstAddr)
+ }
+ return d
+}
+
+func (ha *haDialer) Dial(network, addr string) (net.Conn, error) {
+ return ha.nextDialer(addr).Dial(network, addr)
+}
+
+func (ha *haDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ return ha.nextDialer(addr).DialUDP(network, addr)
+}
diff --git a/strategy/lha.go b/strategy/lha.go
new file mode 100644
index 0000000..a45e62d
--- /dev/null
+++ b/strategy/lha.go
@@ -0,0 +1,46 @@
+package strategy
+
+import (
+ "net"
+
+ "github.com/nadoo/glider/proxy"
+)
+
+// latency based high availability forwarder
+type lhaDialer struct{ *rrDialer }
+
+// newLHADialer .
+func newLHADialer(dialers []*proxy.Forwarder, webhost string, duration int) proxy.Dialer {
+ return &lhaDialer{rrDialer: newRRDialer(dialers, webhost, duration)}
+}
+
+func (lha *lhaDialer) nextDialer(dstAddr string) *proxy.Forwarder {
+ idx := lha.Index()
+ var lowest int64
+ for i, fwder := range lha.fwdrs {
+ if fwder.Enabled() {
+ lha.SetPriority(fwder.Priority())
+ lowest = fwder.Latency()
+ idx = int32(i)
+ break
+ }
+ }
+
+ for i, fwder := range lha.fwdrs {
+ if fwder.Enabled() && fwder.Priority() >= lha.Priority() && fwder.Latency() < lowest {
+ lowest = fwder.Latency()
+ idx = int32(i)
+ }
+ }
+
+ lha.SetIndex(idx)
+ return lha.fwdrs[idx]
+}
+
+func (lha *lhaDialer) Dial(network, addr string) (net.Conn, error) {
+ return lha.nextDialer(addr).Dial(network, addr)
+}
+
+func (lha *lhaDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ return lha.nextDialer(addr).DialUDP(network, addr)
+}
diff --git a/strategy/rr.go b/strategy/rr.go
new file mode 100644
index 0000000..a2745bd
--- /dev/null
+++ b/strategy/rr.go
@@ -0,0 +1,161 @@
+package strategy
+
+import (
+ "bytes"
+ "io"
+ "net"
+ "sort"
+ "strings"
+ "sync/atomic"
+ "time"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+// forwarder slice orderd by priority
+type priSlice []*proxy.Forwarder
+
+func (p priSlice) Len() int { return len(p) }
+func (p priSlice) Less(i, j int) bool { return p[i].Priority() > p[j].Priority() }
+func (p priSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
+
+// rrDialer is a round robin dialer
+type rrDialer struct {
+ fwdrs priSlice
+ index int32
+ priority uint32
+ website string
+ interval int
+}
+
+// newRRDialer returns a new rrDialer
+func newRRDialer(fwdrs []*proxy.Forwarder, website string, interval int) *rrDialer {
+ rr := &rrDialer{fwdrs: fwdrs}
+ sort.Sort(rr.fwdrs)
+
+ rr.website = website
+ if strings.IndexByte(rr.website, ':') == -1 {
+ rr.website += ":80"
+ }
+
+ rr.interval = interval
+ return rr
+}
+
+func (rr *rrDialer) Addr() string { return "STRATEGY" }
+
+func (rr *rrDialer) Dial(network, addr string) (net.Conn, error) {
+ return rr.nextDialer(addr).Dial(network, addr)
+}
+
+func (rr *rrDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ return rr.nextDialer(addr).DialUDP(network, addr)
+}
+
+func (rr *rrDialer) NextDialer(dstAddr string) proxy.Dialer { return rr.nextDialer(dstAddr) }
+
+func (rr *rrDialer) nextDialer(dstAddr string) *proxy.Forwarder {
+ n := int32(len(rr.fwdrs))
+ if n == 1 {
+ return rr.fwdrs[0]
+ }
+
+ for _, fwder := range rr.fwdrs {
+ if fwder.Enabled() {
+ rr.SetPriority(fwder.Priority())
+ break
+ }
+ }
+
+ idx := rr.Index()
+ if rr.fwdrs[idx].Priority() < rr.Priority() {
+ idx = 0
+ }
+
+ found := false
+ var i int32
+ for i = 0; i < n; i++ {
+ idx = (idx + 1) % n
+ if rr.fwdrs[idx].Enabled() &&
+ rr.fwdrs[idx].Priority() >= rr.Priority() {
+ found = true
+ rr.SetPriority(rr.fwdrs[idx].Priority())
+ break
+ }
+ }
+
+ if !found {
+ rr.SetPriority(0)
+ log.F("NO AVAILABLE PROXY FOUND! please check your network or proxy server settings.")
+ }
+
+ rr.SetIndex(idx)
+
+ return rr.fwdrs[idx]
+}
+
+// Check implements the Checker interface
+func (rr *rrDialer) Check() {
+ for i := 0; i < len(rr.fwdrs); i++ {
+ go rr.check(i)
+ }
+}
+
+func (rr *rrDialer) check(i int) {
+ f := rr.fwdrs[i]
+ retry := 1
+ buf := make([]byte, 4)
+
+ for {
+ time.Sleep(time.Duration(rr.interval) * time.Second * time.Duration(retry>>1))
+
+ retry <<= 1
+ if retry > 16 {
+ retry = 16
+ }
+
+ if f.Priority() < rr.Priority() {
+ continue
+ }
+
+ startTime := time.Now()
+ rc, err := f.Dial("tcp", rr.website)
+ if err != nil {
+ f.Disable()
+ log.F("[check] %s(%d) -> %s, DISABLED. error in dial: %s", f.Addr(), f.Priority(), rr.website, err)
+ continue
+ }
+
+ rc.Write([]byte("GET / HTTP/1.0\r\n\r\n"))
+
+ _, err = io.ReadFull(rc, buf)
+ if err != nil {
+ f.Disable()
+ log.F("[check] %s(%d) -> %s, DISABLED. error in read: %s", f.Addr(), f.Priority(), rr.website, err)
+ } else if bytes.Equal([]byte("HTTP"), buf) {
+ f.Enable()
+ retry = 2
+ readTime := time.Since(startTime)
+ f.SetLatency(int64(readTime))
+ log.F("[check] %s(%d) -> %s, ENABLED. connect time: %s", f.Addr(), f.Priority(), rr.website, readTime.String())
+ } else {
+ f.Disable()
+ log.F("[check] %s(%d) -> %s, DISABLED. server response: %s", f.Addr(), f.Priority(), rr.website, buf)
+ }
+
+ rc.Close()
+ }
+}
+
+// Index returns the active forwarder's Index of rrDialer
+func (rr *rrDialer) Index() int32 { return atomic.LoadInt32(&rr.index) }
+
+// SetIndex sets the active forwarder's Index of rrDialer
+func (rr *rrDialer) SetIndex(p int32) { atomic.StoreInt32(&rr.index, p) }
+
+// Priority returns the active priority of rrDialer
+func (rr *rrDialer) Priority() uint32 { return atomic.LoadUint32(&rr.priority) }
+
+// SetPriority sets the active priority of rrDialer
+func (rr *rrDialer) SetPriority(p uint32) { atomic.StoreUint32(&rr.priority, p) }
diff --git a/strategy/strategy.go b/strategy/strategy.go
index 8954435..21781a2 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -1,17 +1,15 @@
package strategy
import (
- "bytes"
- "io"
- "net"
- "sort"
- "strings"
- "time"
-
"github.com/nadoo/glider/common/log"
"github.com/nadoo/glider/proxy"
)
+// Checker is an interface of forwarder checker
+type Checker interface {
+ Check()
+}
+
// Config of strategy
type Config struct {
Strategy string
@@ -21,11 +19,6 @@ type Config struct {
IntFace string
}
-// Checker is an interface of forwarder checker
-type Checker interface {
- Check()
-}
-
// NewDialer returns a new strategy dialer
func NewDialer(s []string, c *Config) proxy.Dialer {
var fwdrs []*proxy.Forwarder
@@ -34,7 +27,7 @@ func NewDialer(s []string, c *Config) proxy.Dialer {
if err != nil {
log.Fatal(err)
}
- fwdr.MaxFailures = uint32(c.MaxFailures)
+ fwdr.SetMaxFailures(uint32(c.MaxFailures))
fwdrs = append(fwdrs, fwdr)
}
@@ -68,217 +61,3 @@ func NewDialer(s []string, c *Config) proxy.Dialer {
return dialer
}
-
-// slice orderd by priority
-type priSlice []*proxy.Forwarder
-
-func (p priSlice) Len() int { return len(p) }
-func (p priSlice) Less(i, j int) bool { return p[i].Priority > p[j].Priority }
-func (p priSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
-
-// rrDialer is a round robin dialer
-// 1. find the highest priority which there's at least 1 dialer is enabled
-// 2. choose a enabled dialer in that priority using round robin mode
-type rrDialer struct {
- fwdrs priSlice
-
- // may have data races, but doesn't matter
- idx int
- priority int
-
- // for checking
- website string
- interval int
-}
-
-// newRRDialer returns a new rrDialer
-func newRRDialer(fs []*proxy.Forwarder, website string, interval int) *rrDialer {
- rr := &rrDialer{fwdrs: fs}
- sort.Sort(rr.fwdrs)
-
- rr.website = website
- if strings.IndexByte(rr.website, ':') == -1 {
- rr.website += ":80"
- }
-
- rr.interval = interval
-
- return rr
-}
-
-func (rr *rrDialer) Addr() string { return "STRATEGY" }
-func (rr *rrDialer) Dial(network, addr string) (net.Conn, error) {
- return rr.NextDialer(addr).Dial(network, addr)
-}
-
-func (rr *rrDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- return rr.NextDialer(addr).DialUDP(network, addr)
-}
-
-func (rr *rrDialer) nextDialer(dstAddr string) *proxy.Forwarder {
- n := len(rr.fwdrs)
- if n == 1 {
- rr.idx = 0
- }
-
- for _, fwder := range rr.fwdrs {
- if fwder.Enabled() {
- rr.priority = fwder.Priority
- break
- }
- }
-
- if rr.fwdrs[rr.idx].Priority < rr.priority {
- rr.idx = 0
- }
-
- found := false
- for i := 0; i < n; i++ {
- rr.idx = (rr.idx + 1) % n
- if rr.fwdrs[rr.idx].Enabled() &&
- rr.fwdrs[rr.idx].Priority >= rr.priority {
- found = true
- rr.priority = rr.fwdrs[rr.idx].Priority
- break
- }
- }
-
- if !found {
- rr.priority = 0
- log.F("NO AVAILABLE PROXY FOUND! please check your network or proxy server settings.")
- }
-
- return rr.fwdrs[rr.idx]
-}
-
-func (rr *rrDialer) NextDialer(dstAddr string) proxy.Dialer {
- return rr.nextDialer(dstAddr)
-}
-
-// Check implements the Checker interface
-func (rr *rrDialer) Check() {
- for _, f := range rr.fwdrs {
- go rr.checkDialer(f)
- }
-}
-
-// Check dialer
-func (rr *rrDialer) checkDialer(f *proxy.Forwarder) {
- retry := 1
- buf := make([]byte, 4)
-
- for {
- time.Sleep(time.Duration(rr.interval) * time.Second * time.Duration(retry>>1))
-
- retry <<= 1
- if retry > 16 {
- retry = 16
- }
-
- // check forwarders whose priority not less than current priority only
- if f.Priority < rr.priority {
- // log.F("f.Priority:%d, rr.priority:%d", f.Priority, rr.priority)
- continue
- }
-
- startTime := time.Now()
- rc, err := f.Dial("tcp", rr.website)
- if err != nil {
- f.Disable()
- log.F("[check] %s(%d) -> %s, DISABLED. error in dial: %s", f.Addr(), f.Priority, rr.website, err)
- continue
- }
-
- rc.Write([]byte("GET / HTTP/1.0\r\n\r\n"))
-
- _, err = io.ReadFull(rc, buf)
- if err != nil {
- f.Disable()
- log.F("[check] %s(%d) -> %s, DISABLED. error in read: %s", f.Addr(), f.Priority, rr.website, err)
- } else if bytes.Equal([]byte("HTTP"), buf) {
- f.Enable()
- retry = 2
- readTime := time.Since(startTime)
- f.SetLatency(int64(readTime))
- log.F("[check] %s(%d) -> %s, ENABLED. connect time: %s", f.Addr(), f.Priority, rr.website, readTime.String())
- } else {
- f.Disable()
- log.F("[check] %s(%d) -> %s, DISABLED. server response: %s", f.Addr(), f.Priority, rr.website, buf)
- }
-
- rc.Close()
- }
-}
-
-// high availability forwarder
-// 1. choose dialer whose priority is the highest
-// 2. choose the first enabled dialer in that priority
-type haDialer struct {
- *rrDialer
-}
-
-// newHADialer .
-func newHADialer(dialers []*proxy.Forwarder, webhost string, duration int) proxy.Dialer {
- return &haDialer{rrDialer: newRRDialer(dialers, webhost, duration)}
-}
-
-func (ha *haDialer) nextDialer(dstAddr string) *proxy.Forwarder {
- d := ha.fwdrs[ha.idx]
- if !d.Enabled() {
- d = ha.nextDialer(dstAddr)
- }
- return d
-}
-
-func (ha *haDialer) Dial(network, addr string) (net.Conn, error) {
- d := ha.nextDialer(addr)
- return d.Dial(network, addr)
-}
-
-func (ha *haDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- d := ha.nextDialer(addr)
- return d.DialUDP(network, addr)
-}
-
-// latency based high availability forwarder
-// 1. choose dialer whose priority is the highest
-// 2. choose dialer with the lowest latency
-type lhaDialer struct {
- *rrDialer
-}
-
-// newLHADialer .
-func newLHADialer(dialers []*proxy.Forwarder, webhost string, duration int) proxy.Dialer {
- return &lhaDialer{rrDialer: newRRDialer(dialers, webhost, duration)}
-}
-
-func (lha *lhaDialer) nextDialer(dstAddr string) *proxy.Forwarder {
- var latency int64
- for i, fwder := range lha.fwdrs {
- if fwder.Enabled() {
- lha.priority = fwder.Priority
- latency = fwder.Latency()
- lha.idx = i
- break
- }
- }
-
- for i, fwder := range lha.fwdrs {
- if fwder.Enabled() && fwder.Priority >= lha.priority && fwder.Latency() < latency {
- latency = fwder.Latency()
- lha.idx = i
- }
- }
-
- return lha.fwdrs[lha.idx]
-}
-
-func (lha *lhaDialer) Dial(network, addr string) (net.Conn, error) {
- d := lha.nextDialer(addr)
- return d.Dial(network, addr)
-}
-
-func (lha *lhaDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- d := lha.nextDialer(addr)
- return d.DialUDP(network, addr)
-}
From 4f69372656491de60fdbe5a85f5fdaf1e571c8a6 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 24 Aug 2018 00:57:55 +0800
Subject: [PATCH 266/341] ha: change dialer when there's a forwarder enabled
with higher priority
---
strategy/ha.go | 6 +++---
strategy/lha.go | 2 +-
strategy/rr.go | 24 ++++++++++++------------
3 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/strategy/ha.go b/strategy/ha.go
index ef55fc9..f66f32b 100644
--- a/strategy/ha.go
+++ b/strategy/ha.go
@@ -6,7 +6,7 @@ import (
"github.com/nadoo/glider/proxy"
)
-// high availability forwarder
+// high availability dialer
type haDialer struct{ *rrDialer }
// newHADialer .
@@ -15,8 +15,8 @@ func newHADialer(dialers []*proxy.Forwarder, webhost string, duration int) proxy
}
func (ha *haDialer) nextDialer(dstAddr string) *proxy.Forwarder {
- d := ha.fwdrs[ha.index]
- if !d.Enabled() {
+ d := ha.fwdrs[ha.Index()]
+ if !d.Enabled() || d.Priority() < ha.Priority() {
d = ha.nextDialer(dstAddr)
}
return d
diff --git a/strategy/lha.go b/strategy/lha.go
index a45e62d..c761865 100644
--- a/strategy/lha.go
+++ b/strategy/lha.go
@@ -6,7 +6,7 @@ import (
"github.com/nadoo/glider/proxy"
)
-// latency based high availability forwarder
+// latency based high availability dialer
type lhaDialer struct{ *rrDialer }
// newLHADialer .
diff --git a/strategy/rr.go b/strategy/rr.go
index a2745bd..34713d2 100644
--- a/strategy/rr.go
+++ b/strategy/rr.go
@@ -95,6 +95,18 @@ func (rr *rrDialer) nextDialer(dstAddr string) *proxy.Forwarder {
return rr.fwdrs[idx]
}
+// Index returns the active forwarder's Index of rrDialer
+func (rr *rrDialer) Index() int32 { return atomic.LoadInt32(&rr.index) }
+
+// SetIndex sets the active forwarder's Index of rrDialer
+func (rr *rrDialer) SetIndex(p int32) { atomic.StoreInt32(&rr.index, p) }
+
+// Priority returns the active priority of rrDialer
+func (rr *rrDialer) Priority() uint32 { return atomic.LoadUint32(&rr.priority) }
+
+// SetPriority sets the active priority of rrDialer
+func (rr *rrDialer) SetPriority(p uint32) { atomic.StoreUint32(&rr.priority, p) }
+
// Check implements the Checker interface
func (rr *rrDialer) Check() {
for i := 0; i < len(rr.fwdrs); i++ {
@@ -147,15 +159,3 @@ func (rr *rrDialer) check(i int) {
rc.Close()
}
}
-
-// Index returns the active forwarder's Index of rrDialer
-func (rr *rrDialer) Index() int32 { return atomic.LoadInt32(&rr.index) }
-
-// SetIndex sets the active forwarder's Index of rrDialer
-func (rr *rrDialer) SetIndex(p int32) { atomic.StoreInt32(&rr.index, p) }
-
-// Priority returns the active priority of rrDialer
-func (rr *rrDialer) Priority() uint32 { return atomic.LoadUint32(&rr.priority) }
-
-// SetPriority sets the active priority of rrDialer
-func (rr *rrDialer) SetPriority(p uint32) { atomic.StoreUint32(&rr.priority, p) }
From 104e51ae3c296e5d1efaa8a982effe064141f3c0 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 24 Aug 2018 01:15:56 +0800
Subject: [PATCH 267/341] strategy: removed unnecessary funcs
---
strategy/ha.go | 12 +-----------
strategy/lha.go | 12 +-----------
strategy/rr.go | 4 ++--
3 files changed, 4 insertions(+), 24 deletions(-)
diff --git a/strategy/ha.go b/strategy/ha.go
index f66f32b..5bd2c4d 100644
--- a/strategy/ha.go
+++ b/strategy/ha.go
@@ -1,8 +1,6 @@
package strategy
import (
- "net"
-
"github.com/nadoo/glider/proxy"
)
@@ -14,18 +12,10 @@ func newHADialer(dialers []*proxy.Forwarder, webhost string, duration int) proxy
return &haDialer{rrDialer: newRRDialer(dialers, webhost, duration)}
}
-func (ha *haDialer) nextDialer(dstAddr string) *proxy.Forwarder {
+func (ha *haDialer) NextDialer(dstAddr string) proxy.Dialer {
d := ha.fwdrs[ha.Index()]
if !d.Enabled() || d.Priority() < ha.Priority() {
d = ha.nextDialer(dstAddr)
}
return d
}
-
-func (ha *haDialer) Dial(network, addr string) (net.Conn, error) {
- return ha.nextDialer(addr).Dial(network, addr)
-}
-
-func (ha *haDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- return ha.nextDialer(addr).DialUDP(network, addr)
-}
diff --git a/strategy/lha.go b/strategy/lha.go
index c761865..8c0169f 100644
--- a/strategy/lha.go
+++ b/strategy/lha.go
@@ -1,8 +1,6 @@
package strategy
import (
- "net"
-
"github.com/nadoo/glider/proxy"
)
@@ -14,7 +12,7 @@ func newLHADialer(dialers []*proxy.Forwarder, webhost string, duration int) prox
return &lhaDialer{rrDialer: newRRDialer(dialers, webhost, duration)}
}
-func (lha *lhaDialer) nextDialer(dstAddr string) *proxy.Forwarder {
+func (lha *lhaDialer) NextDialer(dstAddr string) proxy.Dialer {
idx := lha.Index()
var lowest int64
for i, fwder := range lha.fwdrs {
@@ -36,11 +34,3 @@ func (lha *lhaDialer) nextDialer(dstAddr string) *proxy.Forwarder {
lha.SetIndex(idx)
return lha.fwdrs[idx]
}
-
-func (lha *lhaDialer) Dial(network, addr string) (net.Conn, error) {
- return lha.nextDialer(addr).Dial(network, addr)
-}
-
-func (lha *lhaDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- return lha.nextDialer(addr).DialUDP(network, addr)
-}
diff --git a/strategy/rr.go b/strategy/rr.go
index 34713d2..ef5e514 100644
--- a/strategy/rr.go
+++ b/strategy/rr.go
@@ -46,11 +46,11 @@ func newRRDialer(fwdrs []*proxy.Forwarder, website string, interval int) *rrDial
func (rr *rrDialer) Addr() string { return "STRATEGY" }
func (rr *rrDialer) Dial(network, addr string) (net.Conn, error) {
- return rr.nextDialer(addr).Dial(network, addr)
+ return rr.NextDialer(addr).Dial(network, addr)
}
func (rr *rrDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- return rr.nextDialer(addr).DialUDP(network, addr)
+ return rr.NextDialer(addr).DialUDP(network, addr)
}
func (rr *rrDialer) NextDialer(dstAddr string) proxy.Dialer { return rr.nextDialer(dstAddr) }
From eb0b17bea13c13bc9dae1ed4512eb8bbfa73ca37 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 24 Aug 2018 18:45:57 +0800
Subject: [PATCH 268/341] strategy: add experimental dh: `destination hashing`
mode
---
strategy/dh.go | 31 +++++++++++++++++++++++++++++++
strategy/ha.go | 10 ++++++++++
strategy/lha.go | 10 ++++++++++
strategy/strategy.go | 3 +++
4 files changed, 54 insertions(+)
create mode 100644 strategy/dh.go
diff --git a/strategy/dh.go b/strategy/dh.go
new file mode 100644
index 0000000..47e2b93
--- /dev/null
+++ b/strategy/dh.go
@@ -0,0 +1,31 @@
+package strategy
+
+import (
+ "hash/fnv"
+ "net"
+
+ "github.com/nadoo/glider/proxy"
+)
+
+// destination hashing dialer
+type dhDialer struct{ *rrDialer }
+
+// newDHDialer .
+func newDHDialer(dialers []*proxy.Forwarder, webhost string, duration int) proxy.Dialer {
+ return &dhDialer{rrDialer: newRRDialer(dialers, webhost, duration)}
+}
+
+func (dh *dhDialer) NextDialer(dstAddr string) proxy.Dialer {
+ fnv1a := fnv.New32a()
+ fnv1a.Write([]byte(dstAddr))
+ idx := fnv1a.Sum32() % uint32(len(dh.fwdrs))
+ return dh.fwdrs[idx]
+}
+
+func (dh *dhDialer) Dial(network, addr string) (net.Conn, error) {
+ return dh.NextDialer(addr).Dial(network, addr)
+}
+
+func (dh *dhDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ return dh.NextDialer(addr).DialUDP(network, addr)
+}
diff --git a/strategy/ha.go b/strategy/ha.go
index 5bd2c4d..ff8d2a2 100644
--- a/strategy/ha.go
+++ b/strategy/ha.go
@@ -1,6 +1,8 @@
package strategy
import (
+ "net"
+
"github.com/nadoo/glider/proxy"
)
@@ -19,3 +21,11 @@ func (ha *haDialer) NextDialer(dstAddr string) proxy.Dialer {
}
return d
}
+
+func (ha *haDialer) Dial(network, addr string) (net.Conn, error) {
+ return ha.NextDialer(addr).Dial(network, addr)
+}
+
+func (ha *haDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ return ha.NextDialer(addr).DialUDP(network, addr)
+}
diff --git a/strategy/lha.go b/strategy/lha.go
index 8c0169f..0e897d7 100644
--- a/strategy/lha.go
+++ b/strategy/lha.go
@@ -1,6 +1,8 @@
package strategy
import (
+ "net"
+
"github.com/nadoo/glider/proxy"
)
@@ -34,3 +36,11 @@ func (lha *lhaDialer) NextDialer(dstAddr string) proxy.Dialer {
lha.SetIndex(idx)
return lha.fwdrs[idx]
}
+
+func (lha *lhaDialer) Dial(network, addr string) (net.Conn, error) {
+ return lha.NextDialer(addr).Dial(network, addr)
+}
+
+func (lha *lhaDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ return lha.NextDialer(addr).DialUDP(network, addr)
+}
diff --git a/strategy/strategy.go b/strategy/strategy.go
index 21781a2..dcfe5bb 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -54,6 +54,9 @@ func NewDialer(s []string, c *Config) proxy.Dialer {
case "lha":
dialer = newLHADialer(fwdrs, c.CheckWebSite, c.CheckInterval)
log.F("forward to remote servers in latency based high availability mode.")
+ case "dh":
+ dialer = newDHDialer(fwdrs, c.CheckWebSite, c.CheckInterval)
+ log.F("forward to remote servers in destination hashing mode.")
default:
log.F("not supported forward mode '%s', just use the first forward server.", c.Strategy)
dialer = fwdrs[0]
From bec2c1fd63f192b1b2e2feab3ed1741832d6bcfb Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 25 Aug 2018 23:56:18 +0800
Subject: [PATCH 269/341] strategy: add the ability to handle forwarder status
change events
---
proxy/forwarder.go | 21 ++++-
strategy/dh.go | 31 -------
strategy/ha.go | 31 -------
strategy/lha.go | 46 ----------
strategy/rr.go | 161 ---------------------------------
strategy/scheduler.go | 49 ++++++++++
strategy/strategy.go | 204 ++++++++++++++++++++++++++++++++++++++----
7 files changed, 254 insertions(+), 289 deletions(-)
delete mode 100644 strategy/dh.go
delete mode 100644 strategy/ha.go
delete mode 100644 strategy/lha.go
delete mode 100644 strategy/rr.go
create mode 100644 strategy/scheduler.go
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
index 9ae27e0..2e7f6b1 100644
--- a/proxy/forwarder.go
+++ b/proxy/forwarder.go
@@ -10,6 +10,9 @@ import (
"github.com/nadoo/glider/common/log"
)
+// StatusChangedHandler function will be called when the forwarder's status changed
+type StatusChangedHandler func(*Forwarder)
+
// Forwarder is a forwarder
type Forwarder struct {
Dialer
@@ -20,6 +23,7 @@ type Forwarder struct {
failures uint32
latency int64
intface string // local interface or ip address
+ handlers []StatusChangedHandler
}
// ForwarderFromURL parses `forward=` command value and returns a new forwarder
@@ -102,15 +106,28 @@ func (f *Forwarder) IncFailures() {
atomic.AddUint32(&f.failures, 1)
}
+// AddHandler adds a custom handler to handle the status change event
+func (f *Forwarder) AddHandler(h StatusChangedHandler) {
+ f.handlers = append(f.handlers, h)
+}
+
// Enable the forwarder
func (f *Forwarder) Enable() {
- atomic.StoreUint32(&f.disabled, 0)
+ if atomic.CompareAndSwapUint32(&f.disabled, 1, 0) {
+ for _, h := range f.handlers {
+ h(f)
+ }
+ }
atomic.StoreUint32(&f.failures, 0)
}
// Disable the forwarder
func (f *Forwarder) Disable() {
- atomic.StoreUint32(&f.disabled, 1)
+ if atomic.CompareAndSwapUint32(&f.disabled, 0, 1) {
+ for _, h := range f.handlers {
+ h(f)
+ }
+ }
}
// Enabled returns the status of forwarder
diff --git a/strategy/dh.go b/strategy/dh.go
deleted file mode 100644
index 47e2b93..0000000
--- a/strategy/dh.go
+++ /dev/null
@@ -1,31 +0,0 @@
-package strategy
-
-import (
- "hash/fnv"
- "net"
-
- "github.com/nadoo/glider/proxy"
-)
-
-// destination hashing dialer
-type dhDialer struct{ *rrDialer }
-
-// newDHDialer .
-func newDHDialer(dialers []*proxy.Forwarder, webhost string, duration int) proxy.Dialer {
- return &dhDialer{rrDialer: newRRDialer(dialers, webhost, duration)}
-}
-
-func (dh *dhDialer) NextDialer(dstAddr string) proxy.Dialer {
- fnv1a := fnv.New32a()
- fnv1a.Write([]byte(dstAddr))
- idx := fnv1a.Sum32() % uint32(len(dh.fwdrs))
- return dh.fwdrs[idx]
-}
-
-func (dh *dhDialer) Dial(network, addr string) (net.Conn, error) {
- return dh.NextDialer(addr).Dial(network, addr)
-}
-
-func (dh *dhDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- return dh.NextDialer(addr).DialUDP(network, addr)
-}
diff --git a/strategy/ha.go b/strategy/ha.go
deleted file mode 100644
index ff8d2a2..0000000
--- a/strategy/ha.go
+++ /dev/null
@@ -1,31 +0,0 @@
-package strategy
-
-import (
- "net"
-
- "github.com/nadoo/glider/proxy"
-)
-
-// high availability dialer
-type haDialer struct{ *rrDialer }
-
-// newHADialer .
-func newHADialer(dialers []*proxy.Forwarder, webhost string, duration int) proxy.Dialer {
- return &haDialer{rrDialer: newRRDialer(dialers, webhost, duration)}
-}
-
-func (ha *haDialer) NextDialer(dstAddr string) proxy.Dialer {
- d := ha.fwdrs[ha.Index()]
- if !d.Enabled() || d.Priority() < ha.Priority() {
- d = ha.nextDialer(dstAddr)
- }
- return d
-}
-
-func (ha *haDialer) Dial(network, addr string) (net.Conn, error) {
- return ha.NextDialer(addr).Dial(network, addr)
-}
-
-func (ha *haDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- return ha.NextDialer(addr).DialUDP(network, addr)
-}
diff --git a/strategy/lha.go b/strategy/lha.go
deleted file mode 100644
index 0e897d7..0000000
--- a/strategy/lha.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package strategy
-
-import (
- "net"
-
- "github.com/nadoo/glider/proxy"
-)
-
-// latency based high availability dialer
-type lhaDialer struct{ *rrDialer }
-
-// newLHADialer .
-func newLHADialer(dialers []*proxy.Forwarder, webhost string, duration int) proxy.Dialer {
- return &lhaDialer{rrDialer: newRRDialer(dialers, webhost, duration)}
-}
-
-func (lha *lhaDialer) NextDialer(dstAddr string) proxy.Dialer {
- idx := lha.Index()
- var lowest int64
- for i, fwder := range lha.fwdrs {
- if fwder.Enabled() {
- lha.SetPriority(fwder.Priority())
- lowest = fwder.Latency()
- idx = int32(i)
- break
- }
- }
-
- for i, fwder := range lha.fwdrs {
- if fwder.Enabled() && fwder.Priority() >= lha.Priority() && fwder.Latency() < lowest {
- lowest = fwder.Latency()
- idx = int32(i)
- }
- }
-
- lha.SetIndex(idx)
- return lha.fwdrs[idx]
-}
-
-func (lha *lhaDialer) Dial(network, addr string) (net.Conn, error) {
- return lha.NextDialer(addr).Dial(network, addr)
-}
-
-func (lha *lhaDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- return lha.NextDialer(addr).DialUDP(network, addr)
-}
diff --git a/strategy/rr.go b/strategy/rr.go
deleted file mode 100644
index ef5e514..0000000
--- a/strategy/rr.go
+++ /dev/null
@@ -1,161 +0,0 @@
-package strategy
-
-import (
- "bytes"
- "io"
- "net"
- "sort"
- "strings"
- "sync/atomic"
- "time"
-
- "github.com/nadoo/glider/common/log"
- "github.com/nadoo/glider/proxy"
-)
-
-// forwarder slice orderd by priority
-type priSlice []*proxy.Forwarder
-
-func (p priSlice) Len() int { return len(p) }
-func (p priSlice) Less(i, j int) bool { return p[i].Priority() > p[j].Priority() }
-func (p priSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
-
-// rrDialer is a round robin dialer
-type rrDialer struct {
- fwdrs priSlice
- index int32
- priority uint32
- website string
- interval int
-}
-
-// newRRDialer returns a new rrDialer
-func newRRDialer(fwdrs []*proxy.Forwarder, website string, interval int) *rrDialer {
- rr := &rrDialer{fwdrs: fwdrs}
- sort.Sort(rr.fwdrs)
-
- rr.website = website
- if strings.IndexByte(rr.website, ':') == -1 {
- rr.website += ":80"
- }
-
- rr.interval = interval
- return rr
-}
-
-func (rr *rrDialer) Addr() string { return "STRATEGY" }
-
-func (rr *rrDialer) Dial(network, addr string) (net.Conn, error) {
- return rr.NextDialer(addr).Dial(network, addr)
-}
-
-func (rr *rrDialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
- return rr.NextDialer(addr).DialUDP(network, addr)
-}
-
-func (rr *rrDialer) NextDialer(dstAddr string) proxy.Dialer { return rr.nextDialer(dstAddr) }
-
-func (rr *rrDialer) nextDialer(dstAddr string) *proxy.Forwarder {
- n := int32(len(rr.fwdrs))
- if n == 1 {
- return rr.fwdrs[0]
- }
-
- for _, fwder := range rr.fwdrs {
- if fwder.Enabled() {
- rr.SetPriority(fwder.Priority())
- break
- }
- }
-
- idx := rr.Index()
- if rr.fwdrs[idx].Priority() < rr.Priority() {
- idx = 0
- }
-
- found := false
- var i int32
- for i = 0; i < n; i++ {
- idx = (idx + 1) % n
- if rr.fwdrs[idx].Enabled() &&
- rr.fwdrs[idx].Priority() >= rr.Priority() {
- found = true
- rr.SetPriority(rr.fwdrs[idx].Priority())
- break
- }
- }
-
- if !found {
- rr.SetPriority(0)
- log.F("NO AVAILABLE PROXY FOUND! please check your network or proxy server settings.")
- }
-
- rr.SetIndex(idx)
-
- return rr.fwdrs[idx]
-}
-
-// Index returns the active forwarder's Index of rrDialer
-func (rr *rrDialer) Index() int32 { return atomic.LoadInt32(&rr.index) }
-
-// SetIndex sets the active forwarder's Index of rrDialer
-func (rr *rrDialer) SetIndex(p int32) { atomic.StoreInt32(&rr.index, p) }
-
-// Priority returns the active priority of rrDialer
-func (rr *rrDialer) Priority() uint32 { return atomic.LoadUint32(&rr.priority) }
-
-// SetPriority sets the active priority of rrDialer
-func (rr *rrDialer) SetPriority(p uint32) { atomic.StoreUint32(&rr.priority, p) }
-
-// Check implements the Checker interface
-func (rr *rrDialer) Check() {
- for i := 0; i < len(rr.fwdrs); i++ {
- go rr.check(i)
- }
-}
-
-func (rr *rrDialer) check(i int) {
- f := rr.fwdrs[i]
- retry := 1
- buf := make([]byte, 4)
-
- for {
- time.Sleep(time.Duration(rr.interval) * time.Second * time.Duration(retry>>1))
-
- retry <<= 1
- if retry > 16 {
- retry = 16
- }
-
- if f.Priority() < rr.Priority() {
- continue
- }
-
- startTime := time.Now()
- rc, err := f.Dial("tcp", rr.website)
- if err != nil {
- f.Disable()
- log.F("[check] %s(%d) -> %s, DISABLED. error in dial: %s", f.Addr(), f.Priority(), rr.website, err)
- continue
- }
-
- rc.Write([]byte("GET / HTTP/1.0\r\n\r\n"))
-
- _, err = io.ReadFull(rc, buf)
- if err != nil {
- f.Disable()
- log.F("[check] %s(%d) -> %s, DISABLED. error in read: %s", f.Addr(), f.Priority(), rr.website, err)
- } else if bytes.Equal([]byte("HTTP"), buf) {
- f.Enable()
- retry = 2
- readTime := time.Since(startTime)
- f.SetLatency(int64(readTime))
- log.F("[check] %s(%d) -> %s, ENABLED. connect time: %s", f.Addr(), f.Priority(), rr.website, readTime.String())
- } else {
- f.Disable()
- log.F("[check] %s(%d) -> %s, DISABLED. server response: %s", f.Addr(), f.Priority(), rr.website, buf)
- }
-
- rc.Close()
- }
-}
diff --git a/strategy/scheduler.go b/strategy/scheduler.go
new file mode 100644
index 0000000..13e669f
--- /dev/null
+++ b/strategy/scheduler.go
@@ -0,0 +1,49 @@
+package strategy
+
+import (
+ "hash/fnv"
+
+ "github.com/nadoo/glider/proxy"
+)
+
+func (d *Dialer) scheduleRR(dstAddr string) *proxy.Forwarder {
+ d.mu.Lock()
+ defer d.mu.Unlock()
+
+ idx := d.IncIndex() % int32(len(d.valid))
+ d.SetIndex(idx)
+ return d.valid[idx]
+}
+
+func (d *Dialer) scheduleHA(dstAddr string) *proxy.Forwarder {
+ d.mu.Lock()
+ defer d.mu.Unlock()
+
+ return d.valid[0]
+}
+
+func (d *Dialer) scheduleLHA(dstAddr string) *proxy.Forwarder {
+ d.mu.Lock()
+ defer d.mu.Unlock()
+
+ fwdr := d.valid[0]
+ lowest := fwdr.Latency()
+ for _, f := range d.valid {
+ if f.Latency() < lowest {
+ lowest = f.Latency()
+ fwdr = f
+ }
+ }
+
+ return fwdr
+}
+
+func (d *Dialer) scheduleDH(dstAddr string) *proxy.Forwarder {
+ d.mu.Lock()
+ defer d.mu.Unlock()
+
+ fnv1a := fnv.New32a()
+ fnv1a.Write([]byte(dstAddr))
+ idx := fnv1a.Sum32() % uint32(len(d.valid))
+ return d.valid[idx]
+}
diff --git a/strategy/strategy.go b/strategy/strategy.go
index dcfe5bb..7bd5d87 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -1,6 +1,15 @@
package strategy
import (
+ "bytes"
+ "io"
+ "net"
+ "sort"
+ "strings"
+ "sync"
+ "sync/atomic"
+ "time"
+
"github.com/nadoo/glider/common/log"
"github.com/nadoo/glider/proxy"
)
@@ -19,6 +28,25 @@ type Config struct {
IntFace string
}
+// forwarder slice orderd by priority
+type priSlice []*proxy.Forwarder
+
+func (p priSlice) Len() int { return len(p) }
+func (p priSlice) Less(i, j int) bool { return p[i].Priority() > p[j].Priority() }
+func (p priSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
+
+// Dialer .
+type Dialer struct {
+ config *Config
+ fwdrs priSlice
+ valid []*proxy.Forwarder
+ mu sync.Mutex
+ index int32
+ priority uint32
+
+ nextForwarder func(addr string) *proxy.Forwarder
+}
+
// NewDialer returns a new strategy dialer
func NewDialer(s []string, c *Config) proxy.Dialer {
var fwdrs []*proxy.Forwarder
@@ -43,24 +71,164 @@ func NewDialer(s []string, c *Config) proxy.Dialer {
return fwdrs[0]
}
- var dialer proxy.Dialer
- switch c.Strategy {
- case "rr":
- dialer = newRRDialer(fwdrs, c.CheckWebSite, c.CheckInterval)
- log.F("forward to remote servers in round robin mode.")
- case "ha":
- dialer = newHADialer(fwdrs, c.CheckWebSite, c.CheckInterval)
- log.F("forward to remote servers in high availability mode.")
- case "lha":
- dialer = newLHADialer(fwdrs, c.CheckWebSite, c.CheckInterval)
- log.F("forward to remote servers in latency based high availability mode.")
- case "dh":
- dialer = newDHDialer(fwdrs, c.CheckWebSite, c.CheckInterval)
- log.F("forward to remote servers in destination hashing mode.")
- default:
- log.F("not supported forward mode '%s', just use the first forward server.", c.Strategy)
- dialer = fwdrs[0]
+ return newDialer(fwdrs, c)
+}
+
+// newDialer returns a new rrDialer
+func newDialer(fwdrs []*proxy.Forwarder, c *Config) *Dialer {
+ d := &Dialer{fwdrs: fwdrs, config: c}
+ sort.Sort(d.fwdrs)
+
+ d.mu.Lock()
+ d.valid = d.fwdrs
+ d.mu.Unlock()
+
+ if strings.IndexByte(d.config.CheckWebSite, ':') == -1 {
+ d.config.CheckWebSite += ":80"
}
- return dialer
+ switch c.Strategy {
+ case "rr":
+ d.nextForwarder = d.scheduleRR
+ log.F("forward to remote servers in round robin mode.")
+ case "ha":
+ d.nextForwarder = d.scheduleHA
+ log.F("forward to remote servers in high availability mode.")
+ case "lha":
+ d.nextForwarder = d.scheduleLHA
+ log.F("forward to remote servers in latency based high availability mode.")
+ case "dh":
+ d.nextForwarder = d.scheduleDH
+ log.F("forward to remote servers in destination hashing mode.")
+ default:
+ d.nextForwarder = d.scheduleRR
+ log.F("not supported forward mode '%s', use round robin mode.", c.Strategy)
+ }
+
+ for _, f := range fwdrs {
+ f.AddHandler(d.OnStatusChanged)
+ }
+
+ return d
+}
+
+// Addr returns forwarder's address
+func (d *Dialer) Addr() string { return "STRATEGY" }
+
+// Dial connects to the address addr on the network net
+func (d *Dialer) Dial(network, addr string) (net.Conn, error) {
+ return d.NextDialer(addr).Dial(network, addr)
+}
+
+// DialUDP connects to the given address
+func (d *Dialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
+ return d.NextDialer(addr).DialUDP(network, addr)
+}
+
+// NextDialer returns the next dialer
+func (d *Dialer) NextDialer(dstAddr string) proxy.Dialer {
+ return d.nextForwarder(dstAddr)
+}
+
+// Index returns the active forwarder's Index of rrDialer
+func (d *Dialer) Index() int32 { return atomic.LoadInt32(&d.index) }
+
+// SetIndex sets the active forwarder's Index of rrDialer
+func (d *Dialer) SetIndex(p int32) { atomic.StoreInt32(&d.index, p) }
+
+// IncIndex increase the index by 1
+func (d *Dialer) IncIndex() int32 { return atomic.AddInt32(&d.index, 1) }
+
+// Priority returns the active priority of rrDialer
+func (d *Dialer) Priority() uint32 { return atomic.LoadUint32(&d.priority) }
+
+// SetPriority sets the active priority of rrDialer
+func (d *Dialer) SetPriority(p uint32) { atomic.StoreUint32(&d.priority, p) }
+
+// OnStatusChanged will be called when fwdr's status changed
+func (d *Dialer) OnStatusChanged(fwdr *proxy.Forwarder) {
+ d.mu.Lock()
+ defer d.mu.Unlock()
+
+ if fwdr.Enabled() {
+ if fwdr.Priority() == d.Priority() {
+ d.valid = append(d.valid, fwdr)
+ } else if fwdr.Priority() > d.Priority() {
+ d.SetPriority(fwdr.Priority())
+
+ d.valid = nil
+ for _, f := range d.fwdrs {
+ if f.Enabled() && f.Priority() >= d.Priority() {
+ d.valid = append(d.valid, f)
+ }
+ }
+ }
+ }
+
+ if !fwdr.Enabled() {
+ for i, f := range d.valid {
+ if f == fwdr {
+ d.valid[i], d.valid = d.valid[len(d.valid)-1], d.valid[:len(d.valid)-1]
+ break
+ }
+ }
+ }
+
+ if len(d.valid) == 0 {
+ d.valid = append(d.valid, d.fwdrs[0])
+ }
+
+}
+
+// Check implements the Checker interface
+func (d *Dialer) Check() {
+ for i := 0; i < len(d.fwdrs); i++ {
+ go d.check(i)
+ }
+}
+
+func (d *Dialer) check(i int) {
+ f := d.fwdrs[i]
+ retry := 1
+ buf := make([]byte, 4)
+
+ for {
+ time.Sleep(time.Duration(d.config.CheckInterval) * time.Second * time.Duration(retry>>1))
+
+ retry <<= 1
+ if retry > 16 {
+ retry = 16
+ }
+
+ if f.Priority() < d.Priority() {
+ continue
+ }
+
+ startTime := time.Now()
+ rc, err := f.Dial("tcp", d.config.CheckWebSite)
+ if err != nil {
+ f.Disable()
+ log.F("[check] %s(%d) -> %s, DISABLED. error in dial: %s", f.Addr(), f.Priority(), d.config.CheckWebSite, err)
+ continue
+ }
+
+ rc.Write([]byte("GET / HTTP/1.0\r\n\r\n"))
+
+ _, err = io.ReadFull(rc, buf)
+ if err != nil {
+ f.Disable()
+ log.F("[check] %s(%d) -> %s, DISABLED. error in read: %s", f.Addr(), f.Priority(), d.config.CheckWebSite, err)
+ } else if bytes.Equal([]byte("HTTP"), buf) {
+ f.Enable()
+ retry = 2
+ readTime := time.Since(startTime)
+ f.SetLatency(int64(readTime))
+ log.F("[check] %s(%d) -> %s, ENABLED. connect time: %s", f.Addr(), f.Priority(), d.config.CheckWebSite, readTime.String())
+ } else {
+ f.Disable()
+ log.F("[check] %s(%d) -> %s, DISABLED. server response: %s", f.Addr(), f.Priority(), d.config.CheckWebSite, buf)
+ }
+
+ rc.Close()
+ }
}
From 035e15df5c8faea31fc121003a346d5e4c8a1a49 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 26 Aug 2018 01:25:22 +0800
Subject: [PATCH 270/341] strategy: optimized code
---
proxy/forwarder.go | 8 ++--
strategy/scheduler.go | 49 ----------------------
strategy/strategy.go | 98 +++++++++++++++++++++++++++++--------------
3 files changed, 70 insertions(+), 85 deletions(-)
delete mode 100644 strategy/scheduler.go
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
index 2e7f6b1..641e947 100644
--- a/proxy/forwarder.go
+++ b/proxy/forwarder.go
@@ -10,8 +10,8 @@ import (
"github.com/nadoo/glider/common/log"
)
-// StatusChangedHandler function will be called when the forwarder's status changed
-type StatusChangedHandler func(*Forwarder)
+// StatusHandler function will be called when the forwarder's status changed
+type StatusHandler func(*Forwarder)
// Forwarder is a forwarder
type Forwarder struct {
@@ -23,7 +23,7 @@ type Forwarder struct {
failures uint32
latency int64
intface string // local interface or ip address
- handlers []StatusChangedHandler
+ handlers []StatusHandler
}
// ForwarderFromURL parses `forward=` command value and returns a new forwarder
@@ -107,7 +107,7 @@ func (f *Forwarder) IncFailures() {
}
// AddHandler adds a custom handler to handle the status change event
-func (f *Forwarder) AddHandler(h StatusChangedHandler) {
+func (f *Forwarder) AddHandler(h StatusHandler) {
f.handlers = append(f.handlers, h)
}
diff --git a/strategy/scheduler.go b/strategy/scheduler.go
deleted file mode 100644
index 13e669f..0000000
--- a/strategy/scheduler.go
+++ /dev/null
@@ -1,49 +0,0 @@
-package strategy
-
-import (
- "hash/fnv"
-
- "github.com/nadoo/glider/proxy"
-)
-
-func (d *Dialer) scheduleRR(dstAddr string) *proxy.Forwarder {
- d.mu.Lock()
- defer d.mu.Unlock()
-
- idx := d.IncIndex() % int32(len(d.valid))
- d.SetIndex(idx)
- return d.valid[idx]
-}
-
-func (d *Dialer) scheduleHA(dstAddr string) *proxy.Forwarder {
- d.mu.Lock()
- defer d.mu.Unlock()
-
- return d.valid[0]
-}
-
-func (d *Dialer) scheduleLHA(dstAddr string) *proxy.Forwarder {
- d.mu.Lock()
- defer d.mu.Unlock()
-
- fwdr := d.valid[0]
- lowest := fwdr.Latency()
- for _, f := range d.valid {
- if f.Latency() < lowest {
- lowest = f.Latency()
- fwdr = f
- }
- }
-
- return fwdr
-}
-
-func (d *Dialer) scheduleDH(dstAddr string) *proxy.Forwarder {
- d.mu.Lock()
- defer d.mu.Unlock()
-
- fnv1a := fnv.New32a()
- fnv1a.Write([]byte(dstAddr))
- idx := fnv1a.Sum32() % uint32(len(d.valid))
- return d.valid[idx]
-}
diff --git a/strategy/strategy.go b/strategy/strategy.go
index 7bd5d87..3d7e6d9 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -2,6 +2,7 @@ package strategy
import (
"bytes"
+ "hash/fnv"
"io"
"net"
"sort"
@@ -37,12 +38,12 @@ func (p priSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
// Dialer .
type Dialer struct {
- config *Config
- fwdrs priSlice
- valid []*proxy.Forwarder
- mu sync.Mutex
- index int32
- priority uint32
+ config *Config
+ fwdrs priSlice
+ available []*proxy.Forwarder
+ mu sync.RWMutex
+ index uint32
+ priority uint32
nextForwarder func(addr string) *proxy.Forwarder
}
@@ -79,9 +80,7 @@ func newDialer(fwdrs []*proxy.Forwarder, c *Config) *Dialer {
d := &Dialer{fwdrs: fwdrs, config: c}
sort.Sort(d.fwdrs)
- d.mu.Lock()
- d.valid = d.fwdrs
- d.mu.Unlock()
+ d.initAvailable()
if strings.IndexByte(d.config.CheckWebSite, ':') == -1 {
d.config.CheckWebSite += ":80"
@@ -127,24 +126,38 @@ func (d *Dialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.A
// NextDialer returns the next dialer
func (d *Dialer) NextDialer(dstAddr string) proxy.Dialer {
+ d.mu.RLock()
+ defer d.mu.RUnlock()
return d.nextForwarder(dstAddr)
}
-// Index returns the active forwarder's Index of rrDialer
-func (d *Dialer) Index() int32 { return atomic.LoadInt32(&d.index) }
-
-// SetIndex sets the active forwarder's Index of rrDialer
-func (d *Dialer) SetIndex(p int32) { atomic.StoreInt32(&d.index, p) }
-
-// IncIndex increase the index by 1
-func (d *Dialer) IncIndex() int32 { return atomic.AddInt32(&d.index, 1) }
-
// Priority returns the active priority of rrDialer
func (d *Dialer) Priority() uint32 { return atomic.LoadUint32(&d.priority) }
// SetPriority sets the active priority of rrDialer
func (d *Dialer) SetPriority(p uint32) { atomic.StoreUint32(&d.priority, p) }
+// initAvailable traverse d.fwdrs and init the available forwarder slice
+func (d *Dialer) initAvailable() {
+ for _, f := range d.fwdrs {
+ if f.Enabled() {
+ d.SetPriority(f.Priority())
+ break
+ }
+ }
+
+ d.available = nil
+ for _, f := range d.fwdrs {
+ if f.Enabled() && f.Priority() >= d.Priority() {
+ d.available = append(d.available, f)
+ }
+ }
+
+ if len(d.available) == 0 {
+ d.available = append(d.available, d.fwdrs[0])
+ }
+}
+
// OnStatusChanged will be called when fwdr's status changed
func (d *Dialer) OnStatusChanged(fwdr *proxy.Forwarder) {
d.mu.Lock()
@@ -152,32 +165,24 @@ func (d *Dialer) OnStatusChanged(fwdr *proxy.Forwarder) {
if fwdr.Enabled() {
if fwdr.Priority() == d.Priority() {
- d.valid = append(d.valid, fwdr)
+ d.available = append(d.available, fwdr)
} else if fwdr.Priority() > d.Priority() {
- d.SetPriority(fwdr.Priority())
-
- d.valid = nil
- for _, f := range d.fwdrs {
- if f.Enabled() && f.Priority() >= d.Priority() {
- d.valid = append(d.valid, f)
- }
- }
+ d.initAvailable()
}
}
if !fwdr.Enabled() {
- for i, f := range d.valid {
+ for i, f := range d.available {
if f == fwdr {
- d.valid[i], d.valid = d.valid[len(d.valid)-1], d.valid[:len(d.valid)-1]
+ d.available[i], d.available = d.available[len(d.available)-1], d.available[:len(d.available)-1]
break
}
}
}
- if len(d.valid) == 0 {
- d.valid = append(d.valid, d.fwdrs[0])
+ if len(d.available) == 0 {
+ d.initAvailable()
}
-
}
// Check implements the Checker interface
@@ -232,3 +237,32 @@ func (d *Dialer) check(i int) {
rc.Close()
}
}
+
+func (d *Dialer) scheduleRR(dstAddr string) *proxy.Forwarder {
+ idx := atomic.AddUint32(&d.index, 1) % uint32(len(d.available))
+ return d.available[idx]
+}
+
+func (d *Dialer) scheduleHA(dstAddr string) *proxy.Forwarder {
+ return d.available[0]
+}
+
+func (d *Dialer) scheduleLHA(dstAddr string) *proxy.Forwarder {
+ fwdr := d.available[0]
+ lowest := fwdr.Latency()
+ for _, f := range d.available {
+ if f.Latency() < lowest {
+ lowest = f.Latency()
+ fwdr = f
+ }
+ }
+
+ return fwdr
+}
+
+func (d *Dialer) scheduleDH(dstAddr string) *proxy.Forwarder {
+ fnv1a := fnv.New32a()
+ fnv1a.Write([]byte(dstAddr))
+ idx := fnv1a.Sum32() % uint32(len(d.available))
+ return d.available[idx]
+}
From 2f239d60f1e9974a7d9fdf66893119e34e82faa9 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 26 Aug 2018 01:43:28 +0800
Subject: [PATCH 271/341] doc: add info for dh mode
---
.travis.yml | 1 +
README.md | 1 +
conf.go | 1 +
config/glider.conf.example | 1 +
strategy/strategy.go | 15 ++++++++-------
5 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 23defe8..937b6ee 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,5 +2,6 @@ language: go
go:
- "1.10.x"
+ - "1.11.x"
- master
diff --git a/README.md b/README.md
index dfa264d..ceee7e5 100644
--- a/README.md
+++ b/README.md
@@ -217,6 +217,7 @@ Available forward strategies:
rr: Round Robin mode
ha: High Availability mode
lha: Latency based High Availability mode
+ dh: destination hashing mode
Forwarder option scheme: FORWARD_URL#OPTIONS
priority: set the priority of that forwarder, default:0
diff --git a/conf.go b/conf.go
index a92c87a..b2c32f1 100644
--- a/conf.go
+++ b/conf.go
@@ -190,6 +190,7 @@ func usage() {
fmt.Fprintf(os.Stderr, " rr: Round Robin mode\n")
fmt.Fprintf(os.Stderr, " ha: High Availability mode\n")
fmt.Fprintf(os.Stderr, " lha: Latency based High Availability mode\n")
+ fmt.Fprintf(os.Stderr, " dh: destination hashing mode\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Forwarder option scheme: FORWARD_URL#OPTIONS\n")
diff --git a/config/glider.conf.example b/config/glider.conf.example
index 3b2fcec..ae20836 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -105,6 +105,7 @@ listen=socks5://:1080
# Round Robin mode: rr
# High Availability mode: ha
# Latency based High Availability mode: lha
+# Destination Hashing mode: dh
strategy=rr
diff --git a/strategy/strategy.go b/strategy/strategy.go
index 3d7e6d9..177e378 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -105,7 +105,7 @@ func newDialer(fwdrs []*proxy.Forwarder, c *Config) *Dialer {
}
for _, f := range fwdrs {
- f.AddHandler(d.OnStatusChanged)
+ f.AddHandler(d.onStatusChanged)
}
return d
@@ -128,6 +128,7 @@ func (d *Dialer) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.A
func (d *Dialer) NextDialer(dstAddr string) proxy.Dialer {
d.mu.RLock()
defer d.mu.RUnlock()
+
return d.nextForwarder(dstAddr)
}
@@ -158,12 +159,13 @@ func (d *Dialer) initAvailable() {
}
}
-// OnStatusChanged will be called when fwdr's status changed
-func (d *Dialer) OnStatusChanged(fwdr *proxy.Forwarder) {
+// onStatusChanged will be called when fwdr's status changed
+func (d *Dialer) onStatusChanged(fwdr *proxy.Forwarder) {
d.mu.Lock()
defer d.mu.Unlock()
if fwdr.Enabled() {
+ log.F("[strategy] %s changed from Disabled to Enabled ", fwdr.Addr())
if fwdr.Priority() == d.Priority() {
d.available = append(d.available, fwdr)
} else if fwdr.Priority() > d.Priority() {
@@ -172,6 +174,7 @@ func (d *Dialer) OnStatusChanged(fwdr *proxy.Forwarder) {
}
if !fwdr.Enabled() {
+ log.F("[strategy] %s changed from Enabled to Disabled", fwdr.Addr())
for i, f := range d.available {
if f == fwdr {
d.available[i], d.available = d.available[len(d.available)-1], d.available[:len(d.available)-1]
@@ -239,8 +242,7 @@ func (d *Dialer) check(i int) {
}
func (d *Dialer) scheduleRR(dstAddr string) *proxy.Forwarder {
- idx := atomic.AddUint32(&d.index, 1) % uint32(len(d.available))
- return d.available[idx]
+ return d.available[atomic.AddUint32(&d.index, 1)%uint32(len(d.available))]
}
func (d *Dialer) scheduleHA(dstAddr string) *proxy.Forwarder {
@@ -263,6 +265,5 @@ func (d *Dialer) scheduleLHA(dstAddr string) *proxy.Forwarder {
func (d *Dialer) scheduleDH(dstAddr string) *proxy.Forwarder {
fnv1a := fnv.New32a()
fnv1a.Write([]byte(dstAddr))
- idx := fnv1a.Sum32() % uint32(len(d.available))
- return d.available[idx]
+ return d.available[fnv1a.Sum32()%uint32(len(d.available))]
}
From 529786acf6a0a5cf0a93f15d586e2d451df5df5a Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 26 Aug 2018 22:36:14 +0800
Subject: [PATCH 272/341] dns: add `dnsalwaystcp` config. #49
---
conf.go | 1 +
dns/client.go | 13 +++++++------
proxy/forwarder.go | 2 +-
strategy/strategy.go | 8 +++-----
4 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/conf.go b/conf.go
index b2c32f1..5929f9d 100644
--- a/conf.go
+++ b/conf.go
@@ -50,6 +50,7 @@ func confInit() {
flag.StringVar(&conf.RulesDir, "rules-dir", "", "rule file folder")
flag.StringVar(&conf.DNS, "dns", "", "dns forwarder server listen address")
+ flag.BoolVar(&conf.DNSConfig.AlwaysTCP, "dnsalwaystcp", false, "always use tcp to query upstream dns servers no matter there's a forwarder or not")
flag.StringSliceUniqVar(&conf.DNSConfig.Servers, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
flag.IntVar(&conf.DNSConfig.Timeout, "dnstimeout", 3, "timeout value used in multiple dnsservers switch(seconds)")
flag.IntVar(&conf.DNSConfig.MaxTTL, "dnsmaxttl", 1800, "maximum TTL value for entries in the CACHE(seconds)")
diff --git a/dns/client.go b/dns/client.go
index 81049c6..10f7fe3 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -18,11 +18,12 @@ type HandleFunc func(Domain, ip string) error
// Config for dns
type Config struct {
- Servers []string
- Timeout int
- MaxTTL int
- MinTTL int
- Records []string
+ Servers []string
+ Timeout int
+ MaxTTL int
+ MinTTL int
+ Records []string
+ AlwaysTCP bool
}
// Client is a dns client struct
@@ -133,7 +134,7 @@ func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (server
}
// If client uses udp and no forwarders specified, use udp
- if !preferTCP && dialer.Addr() == "DIRECT" {
+ if !preferTCP && !c.config.AlwaysTCP && dialer.Addr() == "DIRECT" {
network = "udp"
}
diff --git a/proxy/forwarder.go b/proxy/forwarder.go
index 641e947..ecc8dd1 100644
--- a/proxy/forwarder.go
+++ b/proxy/forwarder.go
@@ -89,7 +89,7 @@ func (f *Forwarder) Dial(network, addr string) (c net.Conn, err error) {
f.IncFailures()
if f.Failures() >= f.MaxFailures() {
f.Disable()
- log.F("[forwarder] %s reaches maxfailures, set to disabled", f.addr)
+ log.F("[forwarder] %s reaches maxfailures, set to DISABLED", f.addr)
}
}
diff --git a/strategy/strategy.go b/strategy/strategy.go
index 177e378..b97b16a 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -165,16 +165,14 @@ func (d *Dialer) onStatusChanged(fwdr *proxy.Forwarder) {
defer d.mu.Unlock()
if fwdr.Enabled() {
- log.F("[strategy] %s changed from Disabled to Enabled ", fwdr.Addr())
+ log.F("[strategy] %s changed status from Disabled to Enabled ", fwdr.Addr())
if fwdr.Priority() == d.Priority() {
d.available = append(d.available, fwdr)
} else if fwdr.Priority() > d.Priority() {
d.initAvailable()
}
- }
-
- if !fwdr.Enabled() {
- log.F("[strategy] %s changed from Enabled to Disabled", fwdr.Addr())
+ } else {
+ log.F("[strategy] %s changed status from Enabled to Disabled", fwdr.Addr())
for i, f := range d.available {
if f == fwdr {
d.available[i], d.available = d.available[len(d.available)-1], d.available[:len(d.available)-1]
From 20616dfd10fcf27fe2e2251ed39a956dbef4f58c Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 27 Aug 2018 00:01:09 +0800
Subject: [PATCH 273/341] doc: add info for `dnsalwaystcp`
---
README.md | 2 ++
conf.go | 2 +-
config/glider.conf.example | 10 ++++++++++
3 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index ceee7e5..c4e2c81 100644
--- a/README.md
+++ b/README.md
@@ -119,6 +119,8 @@ glider v0.6.7 usage:
config file path
-dns string
dns forwarder server listen address
+ -dnsalwaystcp
+ always use tcp to query upstream dns servers no matter there is a forwarder or not
-dnsmaxttl int
maximum TTL value for entries in the CACHE(seconds) (default 1800)
-dnsminttl int
diff --git a/conf.go b/conf.go
index 5929f9d..c3f855d 100644
--- a/conf.go
+++ b/conf.go
@@ -50,8 +50,8 @@ func confInit() {
flag.StringVar(&conf.RulesDir, "rules-dir", "", "rule file folder")
flag.StringVar(&conf.DNS, "dns", "", "dns forwarder server listen address")
- flag.BoolVar(&conf.DNSConfig.AlwaysTCP, "dnsalwaystcp", false, "always use tcp to query upstream dns servers no matter there's a forwarder or not")
flag.StringSliceUniqVar(&conf.DNSConfig.Servers, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
+ flag.BoolVar(&conf.DNSConfig.AlwaysTCP, "dnsalwaystcp", false, "always use tcp to query upstream dns servers no matter there is a forwarder or not")
flag.IntVar(&conf.DNSConfig.Timeout, "dnstimeout", 3, "timeout value used in multiple dnsservers switch(seconds)")
flag.IntVar(&conf.DNSConfig.MaxTTL, "dnsmaxttl", 1800, "maximum TTL value for entries in the CACHE(seconds)")
flag.IntVar(&conf.DNSConfig.MinTTL, "dnsminttl", 0, "minimum TTL value for entries in the CACHE(seconds)")
diff --git a/config/glider.conf.example b/config/glider.conf.example
index ae20836..701d33e 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -128,15 +128,25 @@ checkduration=30
# Setup a dns forwarding server
dns=:53
+
# global remote dns server (you can specify different dns server in rule file)
dnsserver=8.8.8.8:53
dnsserver=1.1.1.1:53
+
+# By default, when glider received udp dns request and there's no forwarder specified,
+# it will use udp to query upstream dns servers, otherwise, use tcp;
+# you can set dnsalwaystcp=true to always use tcp no matter there is a forwarder or not.
+# dnsalwaystcp=false
+
# timeout value used in multiple dnsservers switch(seconds)
dnstimeout=3
+
# maximum TTL value for entries in the CACHE(seconds)
dnsmaxttl=1800
+
# minimum TTL value for entries in the CACHE(seconds)
dnsminttl=0
+
# custom records
dnsrecord=www.example.com/1.2.3.4
dnsrecord=www.example.com/2606:2800:220:1:248:1893:25c8:1946
From ac94540ab864d45e442e11edd92f01b5f8649a66 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 27 Aug 2018 19:38:42 +0800
Subject: [PATCH 274/341] general: update some doc or comment for new features.
---
README.md | 2 +-
conf.go | 2 +-
config/glider.conf.example | 10 ++++++++++
ipset/ipset_linux.go | 3 +--
strategy/strategy.go | 6 +++++-
5 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/README.md b/README.md
index c4e2c81..88e8020 100644
--- a/README.md
+++ b/README.md
@@ -219,7 +219,7 @@ Available forward strategies:
rr: Round Robin mode
ha: High Availability mode
lha: Latency based High Availability mode
- dh: destination hashing mode
+ dh: Destination Hashing mode
Forwarder option scheme: FORWARD_URL#OPTIONS
priority: set the priority of that forwarder, default:0
diff --git a/conf.go b/conf.go
index c3f855d..a5021da 100644
--- a/conf.go
+++ b/conf.go
@@ -191,7 +191,7 @@ func usage() {
fmt.Fprintf(os.Stderr, " rr: Round Robin mode\n")
fmt.Fprintf(os.Stderr, " ha: High Availability mode\n")
fmt.Fprintf(os.Stderr, " lha: Latency based High Availability mode\n")
- fmt.Fprintf(os.Stderr, " dh: destination hashing mode\n")
+ fmt.Fprintf(os.Stderr, " dh: Destination Hashing mode\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Forwarder option scheme: FORWARD_URL#OPTIONS\n")
diff --git a/config/glider.conf.example b/config/glider.conf.example
index 701d33e..1449f11 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -60,12 +60,22 @@ listen=socks5://:1080
# Forwarders, we can setup multiple forwarders.
# forward=SCHEME#OPTIONS
+# FORWARDER OPTIONS
+# priority: set the priority of that forwarder, default:0
+# interface: set local interface or ip address used to connect remote server
+
# Socks5 proxy as forwarder
# forward=socks5://192.168.1.10:1080
# Socks5 proxy as forwarder with priority 100
# forward=socks5://192.168.1.10:1080#priority=100
+# Socks5 proxy as forwarder with priority 100 and use `eth0` as source interface
+# forward=socks5://192.168.1.10:1080#priority=100&interface=eth0
+
+# Socks5 proxy as forwarder with priority 100 and use `192.168.1.100` as source ip
+# forward=socks5://192.168.1.10:1080#priority=100&interface=192.168.1.100
+
# SS proxy as forwarder
# forward=ss://method:pass@1.1.1.1:8443
diff --git a/ipset/ipset_linux.go b/ipset/ipset_linux.go
index 1b55268..b19d6c0 100644
--- a/ipset/ipset_linux.go
+++ b/ipset/ipset_linux.go
@@ -14,9 +14,8 @@ import (
"syscall"
"unsafe"
- "github.com/nadoo/glider/rule"
-
"github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/rule"
)
// NFNL_SUBSYS_IPSET netfilter netlink message types
diff --git a/strategy/strategy.go b/strategy/strategy.go
index b97b16a..3fa9439 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -155,6 +155,7 @@ func (d *Dialer) initAvailable() {
}
if len(d.available) == 0 {
+ log.F("[strategy] no available forwarders, just use: %s, please check your settings or network", d.fwdrs[0])
d.available = append(d.available, d.fwdrs[0])
}
}
@@ -239,14 +240,17 @@ func (d *Dialer) check(i int) {
}
}
+// Round Robin
func (d *Dialer) scheduleRR(dstAddr string) *proxy.Forwarder {
return d.available[atomic.AddUint32(&d.index, 1)%uint32(len(d.available))]
}
+// High Availability
func (d *Dialer) scheduleHA(dstAddr string) *proxy.Forwarder {
return d.available[0]
}
+// Latency based High Availability
func (d *Dialer) scheduleLHA(dstAddr string) *proxy.Forwarder {
fwdr := d.available[0]
lowest := fwdr.Latency()
@@ -256,10 +260,10 @@ func (d *Dialer) scheduleLHA(dstAddr string) *proxy.Forwarder {
fwdr = f
}
}
-
return fwdr
}
+// Destination Hashing
func (d *Dialer) scheduleDH(dstAddr string) *proxy.Forwarder {
fnv1a := fnv.New32a()
fnv1a.Write([]byte(dstAddr))
From 1c2ad64000267ec403f22e1bf94c12ec501bf166 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 29 Aug 2018 23:54:00 +0800
Subject: [PATCH 275/341] strategy: when no forwarders, available set priority
to 0
---
strategy/strategy.go | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/strategy/strategy.go b/strategy/strategy.go
index 3fa9439..672ddf3 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -155,6 +155,8 @@ func (d *Dialer) initAvailable() {
}
if len(d.available) == 0 {
+ // no available forwarders, set priority to 0 to check all forwarders in check func
+ d.SetPriority(0)
log.F("[strategy] no available forwarders, just use: %s, please check your settings or network", d.fwdrs[0])
d.available = append(d.available, d.fwdrs[0])
}
@@ -202,15 +204,16 @@ func (d *Dialer) check(i int) {
for {
time.Sleep(time.Duration(d.config.CheckInterval) * time.Second * time.Duration(retry>>1))
+ // check all forwarders at least one time
+ if retry > 1 && f.Priority() < d.Priority() {
+ continue
+ }
+
retry <<= 1
if retry > 16 {
retry = 16
}
- if f.Priority() < d.Priority() {
- continue
- }
-
startTime := time.Now()
rc, err := f.Dial("tcp", d.config.CheckWebSite)
if err != nil {
From 0170fd7c986cd420880804743555190bd0141afb Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 30 Aug 2018 07:35:37 +0800
Subject: [PATCH 276/341] direct: avoid panic when an interface link is down
---
main.go | 2 +-
proxy/direct.go | 9 ++++++---
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/main.go b/main.go
index 8fd3b5b..0c26f61 100644
--- a/main.go
+++ b/main.go
@@ -27,7 +27,7 @@ import (
)
// VERSION .
-const VERSION = "0.6.7"
+const VERSION = "0.6.8"
func main() {
// read configs
diff --git a/proxy/direct.go b/proxy/direct.go
index 8072cbf..38e11e4 100644
--- a/proxy/direct.go
+++ b/proxy/direct.go
@@ -55,6 +55,11 @@ func (d *Direct) Dial(network, addr string) (c net.Conn, err error) {
}
}
+ // no ip available (so no dials made), maybe the interface link is down
+ if c == nil && err == nil {
+ err = errors.New("dial failed, maybe the interface link is down, please check it")
+ }
+
return
}
@@ -113,9 +118,7 @@ func (d *Direct) IFaceIPs() (ips []net.IP) {
}
for _, ipnet := range ipnets {
- if ip := ipnet.(*net.IPNet).IP; !ip.IsLinkLocalUnicast() {
- ips = append(ips, ip)
- }
+ ips = append(ips, ipnet.(*net.IPNet).IP) //!ip.IsLinkLocalUnicast()
}
return
From 140ed9d8eb16237f7948994aec8f66f3fe80229b Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Thu, 30 Aug 2018 07:36:46 +0800
Subject: [PATCH 277/341] conf: support relative path of rulefile in systemd
service. #52
---
conf.go | 3 +++
1 file changed, 3 insertions(+)
diff --git a/conf.go b/conf.go
index a5021da..ae45663 100644
--- a/conf.go
+++ b/conf.go
@@ -75,6 +75,9 @@ func confInit() {
// rulefiles
for _, ruleFile := range conf.RuleFile {
+ if !path.IsAbs(ruleFile) {
+ ruleFile = path.Join(flag.ConfDir(), ruleFile)
+ }
rule, err := rule.NewConfFromFile(ruleFile)
if err != nil {
log.Fatal(err)
From 981d226bd1e37010ebcb26116714cdfdac112c1f Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 31 Aug 2018 00:16:26 +0800
Subject: [PATCH 278/341] strategy: display forwarder's addr instead of struct
value.
---
strategy/strategy.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/strategy/strategy.go b/strategy/strategy.go
index 672ddf3..29f3b88 100644
--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@@ -157,7 +157,7 @@ func (d *Dialer) initAvailable() {
if len(d.available) == 0 {
// no available forwarders, set priority to 0 to check all forwarders in check func
d.SetPriority(0)
- log.F("[strategy] no available forwarders, just use: %s, please check your settings or network", d.fwdrs[0])
+ log.F("[strategy] no available forwarders, just use: %s, please check your settings or network", d.fwdrs[0].Addr())
d.available = append(d.available, d.fwdrs[0])
}
}
From 1b4489cd6782bf31deff00803b87c80994b6ebfb Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 1 Sep 2018 23:44:47 +0800
Subject: [PATCH 279/341] dns: return error when there's not enough length for
rdata. #55
---
dns/message.go | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/dns/message.go b/dns/message.go
index e6c4b6b..7b039e5 100644
--- a/dns/message.go
+++ b/dns/message.go
@@ -381,6 +381,11 @@ func (m *Message) UnmarshalRR(start int, rr *RR) (n int, err error) {
rr.CLASS = binary.BigEndian.Uint16(p[n+2:])
rr.TTL = binary.BigEndian.Uint32(p[n+4:])
rr.RDLENGTH = binary.BigEndian.Uint16(p[n+8:])
+
+ if len(p) <= n+10+int(rr.RDLENGTH) {
+ return 0, errors.New("UnmarshalRR: not enough data for RDATA")
+ }
+
rr.RDATA = p[n+10 : n+10+int(rr.RDLENGTH)]
if rr.TYPE == QTypeA {
From 7367e41cd132ff719630320f7c1ef88f65ab2664 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 2 Sep 2018 00:16:16 +0800
Subject: [PATCH 280/341] dns: correct a length mistake
---
dns/message.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dns/message.go b/dns/message.go
index 7b039e5..1a57ebb 100644
--- a/dns/message.go
+++ b/dns/message.go
@@ -382,7 +382,7 @@ func (m *Message) UnmarshalRR(start int, rr *RR) (n int, err error) {
rr.TTL = binary.BigEndian.Uint32(p[n+4:])
rr.RDLENGTH = binary.BigEndian.Uint16(p[n+8:])
- if len(p) <= n+10+int(rr.RDLENGTH) {
+ if len(p) < n+10+int(rr.RDLENGTH) {
return 0, errors.New("UnmarshalRR: not enough data for RDATA")
}
From 3c8a451d944e6a97b1333c918e1455032779df61 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 2 Sep 2018 19:18:51 +0800
Subject: [PATCH 281/341] ss: added `chacha20` and `xchacha20-ietf-poly1305`
support. #21 #30
---
README.md | 6 +-
conf.go | 4 +-
proxy/ss/ss.go | 2 +-
proxy/vmess/aead.go | 8 +-
vendor/github.com/Yawning/chacha20/LICENSE | 122 -
vendor/github.com/Yawning/chacha20/README.md | 14 -
.../github.com/Yawning/chacha20/chacha20.go | 273 --
.../Yawning/chacha20/chacha20_amd64.go | 95 -
.../Yawning/chacha20/chacha20_amd64.py | 1295 --------
.../Yawning/chacha20/chacha20_amd64.s | 1180 --------
.../Yawning/chacha20/chacha20_ref.go | 394 ---
.../Yawning/chacha20/chacha20_ref_go19.go | 395 ---
.../dgryski/go-camellia/camellia.go | 368 ---
.../dgryski/go-camellia/t_camellia.pl | 58 -
vendor/github.com/dgryski/go-idea/idea.go | 250 --
vendor/github.com/dgryski/go-rc2/LICENSE | 21 -
vendor/github.com/dgryski/go-rc2/rc2.go | 284 --
vendor/github.com/nadoo/conflag/LICENSE | 674 -----
vendor/github.com/nadoo/conflag/README.md | 111 -
vendor/github.com/nadoo/conflag/conflag.go | 151 -
.../github.com/nadoo/conflag/string_slice.go | 47 -
.../nadoo/conflag/string_slice_uniq.go | 51 -
.../shadowsocks/go-shadowsocks2/LICENSE | 202 --
.../go-shadowsocks2/core/cipher.go | 144 -
.../shadowsocks/go-shadowsocks2/core/doc.go | 2 -
.../go-shadowsocks2/core/packet.go | 8 -
.../go-shadowsocks2/core/stream.go | 23 -
.../go-shadowsocks2/shadowaead/cipher.go | 83 -
.../go-shadowsocks2/shadowaead/doc.go | 35 -
.../go-shadowsocks2/shadowaead/packet.go | 93 -
.../go-shadowsocks2/shadowaead/stream.go | 270 --
.../go-shadowsocks2/shadowstream/cipher.go | 91 -
.../go-shadowsocks2/shadowstream/doc.go | 2 -
.../go-shadowsocks2/shadowstream/packet.go | 76 -
.../go-shadowsocks2/shadowstream/stream.go | 171 --
.../sun8911879/shadowsocksR/LICENSE | 21 -
.../sun8911879/shadowsocksR/README.md | 84 -
.../sun8911879/shadowsocksR/client.go | 61 -
.../sun8911879/shadowsocksR/encrypt.go | 296 --
.../sun8911879/shadowsocksR/obfs/base.go | 35 -
.../sun8911879/shadowsocksR/obfs/http_post.go | 19 -
.../shadowsocksR/obfs/http_simple.go | 178 --
.../sun8911879/shadowsocksR/obfs/plain.go | 42 -
.../shadowsocksR/obfs/random_head.go | 79 -
.../shadowsocksR/obfs/tls12_ticket_auth.go | 279 --
.../shadowsocksR/protocol/auth_aes128_md5.go | 282 --
.../shadowsocksR/protocol/auth_aes128_sha1.go | 28 -
.../shadowsocksR/protocol/auth_sha1_v4.go | 232 --
.../sun8911879/shadowsocksR/protocol/base.go | 39 -
.../shadowsocksR/protocol/origin.go | 42 -
.../shadowsocksR/protocol/verify_sha1.go | 101 -
.../sun8911879/shadowsocksR/ssr/adler32.go | 31 -
.../sun8911879/shadowsocksR/ssr/crc32.go | 52 -
.../sun8911879/shadowsocksR/ssr/obfs.go | 55 -
.../github.com/sun8911879/shadowsocksR/tcp.go | 251 --
.../sun8911879/shadowsocksR/tools/encrypt.go | 51 -
.../shadowsocksR/tools/leakybuf/leakybuf.go | 47 -
vendor/golang.org/x/crypto/LICENSE | 27 -
vendor/golang.org/x/crypto/PATENTS | 22 -
vendor/golang.org/x/crypto/blowfish/block.go | 159 -
vendor/golang.org/x/crypto/blowfish/cipher.go | 91 -
vendor/golang.org/x/crypto/blowfish/const.go | 199 --
vendor/golang.org/x/crypto/cast5/cast5.go | 526 ----
.../chacha20poly1305/chacha20poly1305.go | 91 -
.../chacha20poly1305_amd64.go | 80 -
.../chacha20poly1305/chacha20poly1305_amd64.s | 2695 -----------------
.../chacha20poly1305_generic.go | 74 -
.../chacha20poly1305_noasm.go | 15 -
vendor/golang.org/x/crypto/hkdf/hkdf.go | 75 -
.../x/crypto/internal/chacha20/asm_s390x.s | 283 --
.../internal/chacha20/chacha_generic.go | 227 --
.../crypto/internal/chacha20/chacha_noasm.go | 16 -
.../crypto/internal/chacha20/chacha_s390x.go | 30 -
.../x/crypto/internal/chacha20/xor.go | 43 -
.../golang.org/x/crypto/poly1305/poly1305.go | 33 -
.../golang.org/x/crypto/poly1305/sum_amd64.go | 22 -
.../golang.org/x/crypto/poly1305/sum_amd64.s | 125 -
.../golang.org/x/crypto/poly1305/sum_arm.go | 22 -
vendor/golang.org/x/crypto/poly1305/sum_arm.s | 427 ---
.../golang.org/x/crypto/poly1305/sum_noasm.go | 14 -
.../golang.org/x/crypto/poly1305/sum_ref.go | 139 -
.../golang.org/x/crypto/poly1305/sum_s390x.go | 49 -
.../golang.org/x/crypto/poly1305/sum_s390x.s | 400 ---
.../x/crypto/poly1305/sum_vmsl_s390x.s | 931 ------
.../x/crypto/salsa20/salsa/hsalsa20.go | 144 -
.../x/crypto/salsa20/salsa/salsa2020_amd64.s | 889 ------
.../x/crypto/salsa20/salsa/salsa208.go | 199 --
.../x/crypto/salsa20/salsa/salsa20_amd64.go | 24 -
.../x/crypto/salsa20/salsa/salsa20_ref.go | 234 --
vendor/golang.org/x/sys/LICENSE | 27 -
vendor/golang.org/x/sys/PATENTS | 22 -
vendor/golang.org/x/sys/cpu/cpu.go | 38 -
vendor/golang.org/x/sys/cpu/cpu_arm.go | 7 -
vendor/golang.org/x/sys/cpu/cpu_arm64.go | 7 -
vendor/golang.org/x/sys/cpu/cpu_gc_x86.go | 16 -
vendor/golang.org/x/sys/cpu/cpu_gccgo.c | 43 -
vendor/golang.org/x/sys/cpu/cpu_gccgo.go | 26 -
vendor/golang.org/x/sys/cpu/cpu_mips64x.go | 9 -
vendor/golang.org/x/sys/cpu/cpu_mipsx.go | 9 -
vendor/golang.org/x/sys/cpu/cpu_ppc64x.go | 9 -
vendor/golang.org/x/sys/cpu/cpu_s390x.go | 7 -
vendor/golang.org/x/sys/cpu/cpu_x86.go | 55 -
vendor/golang.org/x/sys/cpu/cpu_x86.s | 27 -
vendor/vendor.json | 145 -
104 files changed, 10 insertions(+), 18050 deletions(-)
delete mode 100644 vendor/github.com/Yawning/chacha20/LICENSE
delete mode 100644 vendor/github.com/Yawning/chacha20/README.md
delete mode 100644 vendor/github.com/Yawning/chacha20/chacha20.go
delete mode 100644 vendor/github.com/Yawning/chacha20/chacha20_amd64.go
delete mode 100644 vendor/github.com/Yawning/chacha20/chacha20_amd64.py
delete mode 100644 vendor/github.com/Yawning/chacha20/chacha20_amd64.s
delete mode 100644 vendor/github.com/Yawning/chacha20/chacha20_ref.go
delete mode 100644 vendor/github.com/Yawning/chacha20/chacha20_ref_go19.go
delete mode 100644 vendor/github.com/dgryski/go-camellia/camellia.go
delete mode 100644 vendor/github.com/dgryski/go-camellia/t_camellia.pl
delete mode 100644 vendor/github.com/dgryski/go-idea/idea.go
delete mode 100644 vendor/github.com/dgryski/go-rc2/LICENSE
delete mode 100644 vendor/github.com/dgryski/go-rc2/rc2.go
delete mode 100644 vendor/github.com/nadoo/conflag/LICENSE
delete mode 100644 vendor/github.com/nadoo/conflag/README.md
delete mode 100644 vendor/github.com/nadoo/conflag/conflag.go
delete mode 100644 vendor/github.com/nadoo/conflag/string_slice.go
delete mode 100644 vendor/github.com/nadoo/conflag/string_slice_uniq.go
delete mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/LICENSE
delete mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/core/cipher.go
delete mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/core/doc.go
delete mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/core/packet.go
delete mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/core/stream.go
delete mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/cipher.go
delete mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/doc.go
delete mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/packet.go
delete mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/stream.go
delete mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/cipher.go
delete mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/doc.go
delete mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/packet.go
delete mode 100644 vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/stream.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/LICENSE
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/README.md
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/client.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/encrypt.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/base.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/http_post.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/http_simple.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/plain.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/random_head.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/tls12_ticket_auth.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_md5.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_sha1.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/auth_sha1_v4.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/base.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/origin.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/verify_sha1.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/ssr/adler32.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/ssr/crc32.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/ssr/obfs.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/tcp.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/tools/encrypt.go
delete mode 100644 vendor/github.com/sun8911879/shadowsocksR/tools/leakybuf/leakybuf.go
delete mode 100644 vendor/golang.org/x/crypto/LICENSE
delete mode 100644 vendor/golang.org/x/crypto/PATENTS
delete mode 100644 vendor/golang.org/x/crypto/blowfish/block.go
delete mode 100644 vendor/golang.org/x/crypto/blowfish/cipher.go
delete mode 100644 vendor/golang.org/x/crypto/blowfish/const.go
delete mode 100644 vendor/golang.org/x/crypto/cast5/cast5.go
delete mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
delete mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
delete mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
delete mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
delete mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
delete mode 100644 vendor/golang.org/x/crypto/hkdf/hkdf.go
delete mode 100644 vendor/golang.org/x/crypto/internal/chacha20/asm_s390x.s
delete mode 100644 vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go
delete mode 100644 vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
delete mode 100644 vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go
delete mode 100644 vendor/golang.org/x/crypto/internal/chacha20/xor.go
delete mode 100644 vendor/golang.org/x/crypto/poly1305/poly1305.go
delete mode 100644 vendor/golang.org/x/crypto/poly1305/sum_amd64.go
delete mode 100644 vendor/golang.org/x/crypto/poly1305/sum_amd64.s
delete mode 100644 vendor/golang.org/x/crypto/poly1305/sum_arm.go
delete mode 100644 vendor/golang.org/x/crypto/poly1305/sum_arm.s
delete mode 100644 vendor/golang.org/x/crypto/poly1305/sum_noasm.go
delete mode 100644 vendor/golang.org/x/crypto/poly1305/sum_ref.go
delete mode 100644 vendor/golang.org/x/crypto/poly1305/sum_s390x.go
delete mode 100644 vendor/golang.org/x/crypto/poly1305/sum_s390x.s
delete mode 100644 vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s
delete mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go
delete mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa2020_amd64.s
delete mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go
delete mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
delete mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go
delete mode 100644 vendor/golang.org/x/sys/LICENSE
delete mode 100644 vendor/golang.org/x/sys/PATENTS
delete mode 100644 vendor/golang.org/x/sys/cpu/cpu.go
delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_arm.go
delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_arm64.go
delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_gccgo.c
delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_gccgo.go
delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_mips64x.go
delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_mipsx.go
delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_s390x.go
delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_x86.go
delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_x86.s
delete mode 100644 vendor/vendor.json
diff --git a/README.md b/README.md
index 88e8020..76d006a 100644
--- a/README.md
+++ b/README.md
@@ -110,7 +110,7 @@ glider -config CONFIGPATH -listen :8080 -verbose
## Usage
```bash
-glider v0.6.7 usage:
+glider v0.6.8 usage:
-checkduration int
proxy check interval(seconds) (default 30)
-checkwebsite string
@@ -172,8 +172,8 @@ SS scheme:
ss://method:pass@host:port
Available methods for ss:
- AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20
- NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305
+ AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AEAD_XCHACHA20_POLY1305 AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20 CHACHA20
+ NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305, xchacha20-ietf-poly1305 = AEAD_XCHACHA20_POLY1305
SSR scheme:
ssr://method:pass@host:port?protocol=xxx&protocol_param=yyy&obfs=zzz&obfs_param=xyz
diff --git a/conf.go b/conf.go
index ae45663..c0b43c8 100644
--- a/conf.go
+++ b/conf.go
@@ -136,9 +136,9 @@ func usage() {
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Available methods for ss:\n")
- fmt.Fprintf(os.Stderr, " AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20")
+ fmt.Fprintf(os.Stderr, " AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AEAD_XCHACHA20_POLY1305 AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20 CHACHA20")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305\n")
+ fmt.Fprintf(os.Stderr, " NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305, xchacha20-ietf-poly1305 = AEAD_XCHACHA20_POLY1305\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "SSR scheme:\n")
diff --git a/proxy/ss/ss.go b/proxy/ss/ss.go
index 919ac95..7273e9d 100644
--- a/proxy/ss/ss.go
+++ b/proxy/ss/ss.go
@@ -8,7 +8,7 @@ import (
"sync"
"time"
- "github.com/shadowsocks/go-shadowsocks2/core"
+ "github.com/nadoo/go-shadowsocks2/core"
"github.com/nadoo/glider/common/conn"
"github.com/nadoo/glider/common/log"
diff --git a/proxy/vmess/aead.go b/proxy/vmess/aead.go
index 68729a0..d0e334c 100644
--- a/proxy/vmess/aead.go
+++ b/proxy/vmess/aead.go
@@ -105,13 +105,13 @@ func (r *aeadReader) Read(b []byte) (int, error) {
}
// if length == 0, then this is the end
- len := binary.BigEndian.Uint16(r.buf[:lenSize])
- if len == 0 {
+ l := binary.BigEndian.Uint16(r.buf[:lenSize])
+ if l == 0 {
return 0, nil
}
// get payload
- buf := r.buf[:len]
+ buf := r.buf[:l]
_, err = io.ReadFull(r.Reader, buf)
if err != nil {
return 0, err
@@ -126,7 +126,7 @@ func (r *aeadReader) Read(b []byte) (int, error) {
return 0, err
}
- dataLen := int(len) - r.Overhead()
+ dataLen := int(l) - r.Overhead()
m := copy(b, r.buf[:dataLen])
if m < int(dataLen) {
r.leftover = r.buf[m:dataLen]
diff --git a/vendor/github.com/Yawning/chacha20/LICENSE b/vendor/github.com/Yawning/chacha20/LICENSE
deleted file mode 100644
index 6ca207e..0000000
--- a/vendor/github.com/Yawning/chacha20/LICENSE
+++ /dev/null
@@ -1,122 +0,0 @@
-Creative Commons Legal Code
-
-CC0 1.0 Universal
-
- CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
- LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
- ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
- INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
- REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
- PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
- THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
- HEREUNDER.
-
-Statement of Purpose
-
-The laws of most jurisdictions throughout the world automatically confer
-exclusive Copyright and Related Rights (defined below) upon the creator
-and subsequent owner(s) (each and all, an "owner") of an original work of
-authorship and/or a database (each, a "Work").
-
-Certain owners wish to permanently relinquish those rights to a Work for
-the purpose of contributing to a commons of creative, cultural and
-scientific works ("Commons") that the public can reliably and without fear
-of later claims of infringement build upon, modify, incorporate in other
-works, reuse and redistribute as freely as possible in any form whatsoever
-and for any purposes, including without limitation commercial purposes.
-These owners may contribute to the Commons to promote the ideal of a free
-culture and the further production of creative, cultural and scientific
-works, or to gain reputation or greater distribution for their Work in
-part through the use and efforts of others.
-
-For these and/or other purposes and motivations, and without any
-expectation of additional consideration or compensation, the person
-associating CC0 with a Work (the "Affirmer"), to the extent that he or she
-is an owner of Copyright and Related Rights in the Work, voluntarily
-elects to apply CC0 to the Work and publicly distribute the Work under its
-terms, with knowledge of his or her Copyright and Related Rights in the
-Work and the meaning and intended legal effect of CC0 on those rights.
-
-1. Copyright and Related Rights. A Work made available under CC0 may be
-protected by copyright and related or neighboring rights ("Copyright and
-Related Rights"). Copyright and Related Rights include, but are not
-limited to, the following:
-
- i. the right to reproduce, adapt, distribute, perform, display,
- communicate, and translate a Work;
- ii. moral rights retained by the original author(s) and/or performer(s);
-iii. publicity and privacy rights pertaining to a person's image or
- likeness depicted in a Work;
- iv. rights protecting against unfair competition in regards to a Work,
- subject to the limitations in paragraph 4(a), below;
- v. rights protecting the extraction, dissemination, use and reuse of data
- in a Work;
- vi. database rights (such as those arising under Directive 96/9/EC of the
- European Parliament and of the Council of 11 March 1996 on the legal
- protection of databases, and under any national implementation
- thereof, including any amended or successor version of such
- directive); and
-vii. other similar, equivalent or corresponding rights throughout the
- world based on applicable law or treaty, and any national
- implementations thereof.
-
-2. Waiver. To the greatest extent permitted by, but not in contravention
-of, applicable law, Affirmer hereby overtly, fully, permanently,
-irrevocably and unconditionally waives, abandons, and surrenders all of
-Affirmer's Copyright and Related Rights and associated claims and causes
-of action, whether now known or unknown (including existing as well as
-future claims and causes of action), in the Work (i) in all territories
-worldwide, (ii) for the maximum duration provided by applicable law or
-treaty (including future time extensions), (iii) in any current or future
-medium and for any number of copies, and (iv) for any purpose whatsoever,
-including without limitation commercial, advertising or promotional
-purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
-member of the public at large and to the detriment of Affirmer's heirs and
-successors, fully intending that such Waiver shall not be subject to
-revocation, rescission, cancellation, termination, or any other legal or
-equitable action to disrupt the quiet enjoyment of the Work by the public
-as contemplated by Affirmer's express Statement of Purpose.
-
-3. Public License Fallback. Should any part of the Waiver for any reason
-be judged legally invalid or ineffective under applicable law, then the
-Waiver shall be preserved to the maximum extent permitted taking into
-account Affirmer's express Statement of Purpose. In addition, to the
-extent the Waiver is so judged Affirmer hereby grants to each affected
-person a royalty-free, non transferable, non sublicensable, non exclusive,
-irrevocable and unconditional license to exercise Affirmer's Copyright and
-Related Rights in the Work (i) in all territories worldwide, (ii) for the
-maximum duration provided by applicable law or treaty (including future
-time extensions), (iii) in any current or future medium and for any number
-of copies, and (iv) for any purpose whatsoever, including without
-limitation commercial, advertising or promotional purposes (the
-"License"). The License shall be deemed effective as of the date CC0 was
-applied by Affirmer to the Work. Should any part of the License for any
-reason be judged legally invalid or ineffective under applicable law, such
-partial invalidity or ineffectiveness shall not invalidate the remainder
-of the License, and in such case Affirmer hereby affirms that he or she
-will not (i) exercise any of his or her remaining Copyright and Related
-Rights in the Work or (ii) assert any associated claims and causes of
-action with respect to the Work, in either case contrary to Affirmer's
-express Statement of Purpose.
-
-4. Limitations and Disclaimers.
-
- a. No trademark or patent rights held by Affirmer are waived, abandoned,
- surrendered, licensed or otherwise affected by this document.
- b. Affirmer offers the Work as-is and makes no representations or
- warranties of any kind concerning the Work, express, implied,
- statutory or otherwise, including without limitation warranties of
- title, merchantability, fitness for a particular purpose, non
- infringement, or the absence of latent or other defects, accuracy, or
- the present or absence of errors, whether or not discoverable, all to
- the greatest extent permissible under applicable law.
- c. Affirmer disclaims responsibility for clearing rights of other persons
- that may apply to the Work or any use thereof, including without
- limitation any person's Copyright and Related Rights in the Work.
- Further, Affirmer disclaims responsibility for obtaining any necessary
- consents, permissions or other rights required for any use of the
- Work.
- d. Affirmer understands and acknowledges that Creative Commons is not a
- party to this document and has no duty or obligation with respect to
- this CC0 or use of the Work.
-
diff --git a/vendor/github.com/Yawning/chacha20/README.md b/vendor/github.com/Yawning/chacha20/README.md
deleted file mode 100644
index 9080a84..0000000
--- a/vendor/github.com/Yawning/chacha20/README.md
+++ /dev/null
@@ -1,14 +0,0 @@
-### chacha20 - ChaCha20
-#### Yawning Angel (yawning at schwanenlied dot me)
-
-Yet another Go ChaCha20 implementation. Everything else I found was slow,
-didn't support all the variants I need to use, or relied on cgo to go fast.
-
-Features:
-
- * 20 round, 256 bit key only. Everything else is pointless and stupid.
- * IETF 96 bit nonce variant.
- * XChaCha 24 byte nonce variant.
- * SSE2 and AVX2 support on amd64 targets.
- * Incremental encrypt/decrypt support, unlike golang.org/x/crypto/salsa20.
-
diff --git a/vendor/github.com/Yawning/chacha20/chacha20.go b/vendor/github.com/Yawning/chacha20/chacha20.go
deleted file mode 100644
index 07d5e4b..0000000
--- a/vendor/github.com/Yawning/chacha20/chacha20.go
+++ /dev/null
@@ -1,273 +0,0 @@
-// chacha20.go - A ChaCha stream cipher implementation.
-//
-// To the extent possible under law, Yawning Angel has waived all copyright
-// and related or neighboring rights to chacha20, using the Creative
-// Commons "CC0" public domain dedication. See LICENSE or
-// for full details.
-
-package chacha20
-
-import (
- "crypto/cipher"
- "encoding/binary"
- "errors"
- "math"
- "runtime"
-)
-
-const (
- // KeySize is the ChaCha20 key size in bytes.
- KeySize = 32
-
- // NonceSize is the ChaCha20 nonce size in bytes.
- NonceSize = 8
-
- // INonceSize is the IETF ChaCha20 nonce size in bytes.
- INonceSize = 12
-
- // XNonceSize is the XChaCha20 nonce size in bytes.
- XNonceSize = 24
-
- // HNonceSize is the HChaCha20 nonce size in bytes.
- HNonceSize = 16
-
- // BlockSize is the ChaCha20 block size in bytes.
- BlockSize = 64
-
- stateSize = 16
- chachaRounds = 20
-
- // The constant "expand 32-byte k" as little endian uint32s.
- sigma0 = uint32(0x61707865)
- sigma1 = uint32(0x3320646e)
- sigma2 = uint32(0x79622d32)
- sigma3 = uint32(0x6b206574)
-)
-
-var (
- // ErrInvalidKey is the error returned when the key is invalid.
- ErrInvalidKey = errors.New("key length must be KeySize bytes")
-
- // ErrInvalidNonce is the error returned when the nonce is invalid.
- ErrInvalidNonce = errors.New("nonce length must be NonceSize/INonceSize/XNonceSize bytes")
-
- // ErrInvalidCounter is the error returned when the counter is invalid.
- ErrInvalidCounter = errors.New("block counter is invalid (out of range)")
-
- useUnsafe = false
- usingVectors = false
- blocksFn = blocksRef
-)
-
-// A Cipher is an instance of ChaCha20/XChaCha20 using a particular key and
-// nonce.
-type Cipher struct {
- state [stateSize]uint32
-
- buf [BlockSize]byte
- off int
- ietf bool
-}
-
-// Reset zeros the key data so that it will no longer appear in the process's
-// memory.
-func (c *Cipher) Reset() {
- for i := range c.state {
- c.state[i] = 0
- }
- for i := range c.buf {
- c.buf[i] = 0
- }
-}
-
-// XORKeyStream sets dst to the result of XORing src with the key stream. Dst
-// and src may be the same slice but otherwise should not overlap.
-func (c *Cipher) XORKeyStream(dst, src []byte) {
- if len(dst) < len(src) {
- src = src[:len(dst)]
- }
-
- for remaining := len(src); remaining > 0; {
- // Process multiple blocks at once.
- if c.off == BlockSize {
- nrBlocks := remaining / BlockSize
- directBytes := nrBlocks * BlockSize
- if nrBlocks > 0 {
- blocksFn(&c.state, src, dst, nrBlocks, c.ietf)
- remaining -= directBytes
- if remaining == 0 {
- return
- }
- dst = dst[directBytes:]
- src = src[directBytes:]
- }
-
- // If there's a partial block, generate 1 block of keystream into
- // the internal buffer.
- blocksFn(&c.state, nil, c.buf[:], 1, c.ietf)
- c.off = 0
- }
-
- // Process partial blocks from the buffered keystream.
- toXor := BlockSize - c.off
- if remaining < toXor {
- toXor = remaining
- }
- if toXor > 0 {
- for i, v := range src[:toXor] {
- dst[i] = v ^ c.buf[c.off+i]
- }
- dst = dst[toXor:]
- src = src[toXor:]
-
- remaining -= toXor
- c.off += toXor
- }
- }
-}
-
-// KeyStream sets dst to the raw keystream.
-func (c *Cipher) KeyStream(dst []byte) {
- for remaining := len(dst); remaining > 0; {
- // Process multiple blocks at once.
- if c.off == BlockSize {
- nrBlocks := remaining / BlockSize
- directBytes := nrBlocks * BlockSize
- if nrBlocks > 0 {
- blocksFn(&c.state, nil, dst, nrBlocks, c.ietf)
- remaining -= directBytes
- if remaining == 0 {
- return
- }
- dst = dst[directBytes:]
- }
-
- // If there's a partial block, generate 1 block of keystream into
- // the internal buffer.
- blocksFn(&c.state, nil, c.buf[:], 1, c.ietf)
- c.off = 0
- }
-
- // Process partial blocks from the buffered keystream.
- toCopy := BlockSize - c.off
- if remaining < toCopy {
- toCopy = remaining
- }
- if toCopy > 0 {
- copy(dst[:toCopy], c.buf[c.off:c.off+toCopy])
- dst = dst[toCopy:]
- remaining -= toCopy
- c.off += toCopy
- }
- }
-}
-
-// ReKey reinitializes the ChaCha20/XChaCha20 instance with the provided key
-// and nonce.
-func (c *Cipher) ReKey(key, nonce []byte) error {
- if len(key) != KeySize {
- return ErrInvalidKey
- }
-
- switch len(nonce) {
- case NonceSize:
- case INonceSize:
- case XNonceSize:
- var subkey [KeySize]byte
- var subnonce [HNonceSize]byte
- copy(subnonce[:], nonce[0:16])
- HChaCha(key, &subnonce, &subkey)
- key = subkey[:]
- nonce = nonce[16:24]
- defer func() {
- for i := range subkey {
- subkey[i] = 0
- }
- }()
- default:
- return ErrInvalidNonce
- }
-
- c.Reset()
- c.state[0] = sigma0
- c.state[1] = sigma1
- c.state[2] = sigma2
- c.state[3] = sigma3
- c.state[4] = binary.LittleEndian.Uint32(key[0:4])
- c.state[5] = binary.LittleEndian.Uint32(key[4:8])
- c.state[6] = binary.LittleEndian.Uint32(key[8:12])
- c.state[7] = binary.LittleEndian.Uint32(key[12:16])
- c.state[8] = binary.LittleEndian.Uint32(key[16:20])
- c.state[9] = binary.LittleEndian.Uint32(key[20:24])
- c.state[10] = binary.LittleEndian.Uint32(key[24:28])
- c.state[11] = binary.LittleEndian.Uint32(key[28:32])
- c.state[12] = 0
- if len(nonce) == INonceSize {
- c.state[13] = binary.LittleEndian.Uint32(nonce[0:4])
- c.state[14] = binary.LittleEndian.Uint32(nonce[4:8])
- c.state[15] = binary.LittleEndian.Uint32(nonce[8:12])
- c.ietf = true
- } else {
- c.state[13] = 0
- c.state[14] = binary.LittleEndian.Uint32(nonce[0:4])
- c.state[15] = binary.LittleEndian.Uint32(nonce[4:8])
- c.ietf = false
- }
- c.off = BlockSize
- return nil
-
-}
-
-// Seek sets the block counter to a given offset.
-func (c *Cipher) Seek(blockCounter uint64) error {
- if c.ietf {
- if blockCounter > math.MaxUint32 {
- return ErrInvalidCounter
- }
- c.state[12] = uint32(blockCounter)
- } else {
- c.state[12] = uint32(blockCounter)
- c.state[13] = uint32(blockCounter >> 32)
- }
- c.off = BlockSize
- return nil
-}
-
-// NewCipher returns a new ChaCha20/XChaCha20 instance.
-func NewCipher(key, nonce []byte) (*Cipher, error) {
- c := new(Cipher)
- if err := c.ReKey(key, nonce); err != nil {
- return nil, err
- }
- return c, nil
-}
-
-// HChaCha is the HChaCha20 hash function used to make XChaCha.
-func HChaCha(key []byte, nonce *[HNonceSize]byte, out *[32]byte) {
- var x [stateSize]uint32 // Last 4 slots unused, sigma hardcoded.
- x[0] = binary.LittleEndian.Uint32(key[0:4])
- x[1] = binary.LittleEndian.Uint32(key[4:8])
- x[2] = binary.LittleEndian.Uint32(key[8:12])
- x[3] = binary.LittleEndian.Uint32(key[12:16])
- x[4] = binary.LittleEndian.Uint32(key[16:20])
- x[5] = binary.LittleEndian.Uint32(key[20:24])
- x[6] = binary.LittleEndian.Uint32(key[24:28])
- x[7] = binary.LittleEndian.Uint32(key[28:32])
- x[8] = binary.LittleEndian.Uint32(nonce[0:4])
- x[9] = binary.LittleEndian.Uint32(nonce[4:8])
- x[10] = binary.LittleEndian.Uint32(nonce[8:12])
- x[11] = binary.LittleEndian.Uint32(nonce[12:16])
- hChaChaRef(&x, out)
-}
-
-func init() {
- switch runtime.GOARCH {
- case "386", "amd64":
- // Abuse unsafe to skip calling binary.LittleEndian.PutUint32
- // in the critical path. This is a big boost on systems that are
- // little endian and not overly picky about alignment.
- useUnsafe = true
- }
-}
-
-var _ cipher.Stream = (*Cipher)(nil)
diff --git a/vendor/github.com/Yawning/chacha20/chacha20_amd64.go b/vendor/github.com/Yawning/chacha20/chacha20_amd64.go
deleted file mode 100644
index 05adad1..0000000
--- a/vendor/github.com/Yawning/chacha20/chacha20_amd64.go
+++ /dev/null
@@ -1,95 +0,0 @@
-// chacha20_amd64.go - AMD64 optimized chacha20.
-//
-// To the extent possible under law, Yawning Angel has waived all copyright
-// and related or neighboring rights to chacha20, using the Creative
-// Commons "CC0" public domain dedication. See LICENSE or
-// for full details.
-
-// +build amd64,!gccgo,!appengine
-
-package chacha20
-
-import (
- "math"
-)
-
-var usingAVX2 = false
-
-func blocksAmd64SSE2(x *uint32, inp, outp *byte, nrBlocks uint)
-
-func blocksAmd64AVX2(x *uint32, inp, outp *byte, nrBlocks uint)
-
-func cpuidAmd64(cpuidParams *uint32)
-
-func xgetbv0Amd64(xcrVec *uint32)
-
-func blocksAmd64(x *[stateSize]uint32, in []byte, out []byte, nrBlocks int, isIetf bool) {
- // Probably unneeded, but stating this explicitly simplifies the assembly.
- if nrBlocks == 0 {
- return
- }
-
- if isIetf {
- var totalBlocks uint64
- totalBlocks = uint64(x[12]) + uint64(nrBlocks)
- if totalBlocks > math.MaxUint32 {
- panic("chacha20: Exceeded keystream per nonce limit")
- }
- }
-
- if in == nil {
- for i := range out {
- out[i] = 0
- }
- in = out
- }
-
- // Pointless to call the AVX2 code for just a single block, since half of
- // the output gets discarded...
- if usingAVX2 && nrBlocks > 1 {
- blocksAmd64AVX2(&x[0], &in[0], &out[0], uint(nrBlocks))
- } else {
- blocksAmd64SSE2(&x[0], &in[0], &out[0], uint(nrBlocks))
- }
-}
-
-func supportsAVX2() bool {
- // https://software.intel.com/en-us/articles/how-to-detect-new-instruction-support-in-the-4th-generation-intel-core-processor-family
- const (
- osXsaveBit = 1 << 27
- avx2Bit = 1 << 5
- )
-
- // Check to see if CPUID actually supports the leaf that indicates AVX2.
- // CPUID.(EAX=0H, ECX=0H) >= 7
- regs := [4]uint32{0x00}
- cpuidAmd64(®s[0])
- if regs[0] < 7 {
- return false
- }
-
- // Check to see if the OS knows how to save/restore XMM/YMM state.
- // CPUID.(EAX=01H, ECX=0H):ECX.OSXSAVE[bit 27]==1
- regs = [4]uint32{0x01}
- cpuidAmd64(®s[0])
- if regs[2]&osXsaveBit == 0 {
- return false
- }
- xcrRegs := [2]uint32{}
- xgetbv0Amd64(&xcrRegs[0])
- if xcrRegs[0]&6 != 6 {
- return false
- }
-
- // Check for AVX2 support.
- // CPUID.(EAX=07H, ECX=0H):EBX.AVX2[bit 5]==1
- regs = [4]uint32{0x07}
- cpuidAmd64(®s[0])
- return regs[1]&avx2Bit != 0
-}
-
-func init() {
- blocksFn = blocksAmd64
- usingVectors = true
- usingAVX2 = supportsAVX2()
-}
diff --git a/vendor/github.com/Yawning/chacha20/chacha20_amd64.py b/vendor/github.com/Yawning/chacha20/chacha20_amd64.py
deleted file mode 100644
index 3bfebf4..0000000
--- a/vendor/github.com/Yawning/chacha20/chacha20_amd64.py
+++ /dev/null
@@ -1,1295 +0,0 @@
-#!/usr/bin/env python3
-#
-# To the extent possible under law, Yawning Angel has waived all copyright
-# and related or neighboring rights to chacha20, using the Creative
-# Commons "CC0" public domain dedication. See LICENSE or
-# for full details.
-
-#
-# cgo sucks. Plan 9 assembly sucks. Real languages have SIMD intrinsics.
-# The least terrible/retarded option is to use a Python code generator, so
-# that's what I did.
-#
-# Code based on Ted Krovetz's vec128 C implementation, with corrections
-# to use a 64 bit counter instead of 32 bit, and to allow unaligned input and
-# output pointers.
-#
-# Dependencies: https://github.com/Maratyszcza/PeachPy
-#
-# python3 -m peachpy.x86_64 -mabi=goasm -S -o chacha20_amd64.s chacha20_amd64.py
-#
-
-from peachpy import *
-from peachpy.x86_64 import *
-
-x = Argument(ptr(uint32_t))
-inp = Argument(ptr(const_uint8_t))
-outp = Argument(ptr(uint8_t))
-nrBlocks = Argument(ptr(size_t))
-
-#
-# SSE2 helper functions. A temporary register is explicitly passed in because
-# the main fast loop uses every single register (and even spills) so manual
-# control is needed.
-#
-# This used to also have a DQROUNDS helper that did 2 rounds of ChaCha like
-# in the C code, but the C code has the luxury of an optimizer reordering
-# everything, while this does not.
-#
-
-def ROTW16_sse2(tmp, d):
- MOVDQA(tmp, d)
- PSLLD(tmp, 16)
- PSRLD(d, 16)
- PXOR(d, tmp)
-
-def ROTW12_sse2(tmp, b):
- MOVDQA(tmp, b)
- PSLLD(tmp, 12)
- PSRLD(b, 20)
- PXOR(b, tmp)
-
-def ROTW8_sse2(tmp, d):
- MOVDQA(tmp, d)
- PSLLD(tmp, 8)
- PSRLD(d, 24)
- PXOR(d, tmp)
-
-def ROTW7_sse2(tmp, b):
- MOVDQA(tmp, b)
- PSLLD(tmp, 7)
- PSRLD(b, 25)
- PXOR(b, tmp)
-
-def WriteXor_sse2(tmp, inp, outp, d, v0, v1, v2, v3):
- MOVDQU(tmp, [inp+d])
- PXOR(tmp, v0)
- MOVDQU([outp+d], tmp)
- MOVDQU(tmp, [inp+d+16])
- PXOR(tmp, v1)
- MOVDQU([outp+d+16], tmp)
- MOVDQU(tmp, [inp+d+32])
- PXOR(tmp, v2)
- MOVDQU([outp+d+32], tmp)
- MOVDQU(tmp, [inp+d+48])
- PXOR(tmp, v3)
- MOVDQU([outp+d+48], tmp)
-
-# SSE2 ChaCha20 (aka vec128). Does not handle partial blocks, and will
-# process 4/2/1 blocks at a time.
-with Function("blocksAmd64SSE2", (x, inp, outp, nrBlocks)):
- reg_x = GeneralPurposeRegister64()
- reg_inp = GeneralPurposeRegister64()
- reg_outp = GeneralPurposeRegister64()
- reg_blocks = GeneralPurposeRegister64()
- reg_sp_save = GeneralPurposeRegister64()
-
- LOAD.ARGUMENT(reg_x, x)
- LOAD.ARGUMENT(reg_inp, inp)
- LOAD.ARGUMENT(reg_outp, outp)
- LOAD.ARGUMENT(reg_blocks, nrBlocks)
-
- # Align the stack to a 32 byte boundary.
- MOV(reg_sp_save, registers.rsp)
- AND(registers.rsp, 0xffffffffffffffe0)
- SUB(registers.rsp, 0x20)
-
- # Build the counter increment vector on the stack, and allocate the scratch
- # space
- xmm_v0 = XMMRegister()
- PXOR(xmm_v0, xmm_v0)
- SUB(registers.rsp, 16+16)
- MOVDQA([registers.rsp], xmm_v0)
- reg_tmp = GeneralPurposeRegister32()
- MOV(reg_tmp, 0x00000001)
- MOV([registers.rsp], reg_tmp)
- mem_one = [registers.rsp] # (Stack) Counter increment vector
- mem_tmp0 = [registers.rsp+16] # (Stack) Scratch space.
-
- mem_s0 = [reg_x] # (Memory) Cipher state [0..3]
- mem_s1 = [reg_x+16] # (Memory) Cipher state [4..7]
- mem_s2 = [reg_x+32] # (Memory) Cipher state [8..11]
- mem_s3 = [reg_x+48] # (Memory) Cipher state [12..15]
-
- # xmm_v0 allocated above...
- xmm_v1 = XMMRegister()
- xmm_v2 = XMMRegister()
- xmm_v3 = XMMRegister()
-
- xmm_v4 = XMMRegister()
- xmm_v5 = XMMRegister()
- xmm_v6 = XMMRegister()
- xmm_v7 = XMMRegister()
-
- xmm_v8 = XMMRegister()
- xmm_v9 = XMMRegister()
- xmm_v10 = XMMRegister()
- xmm_v11 = XMMRegister()
-
- xmm_v12 = XMMRegister()
- xmm_v13 = XMMRegister()
- xmm_v14 = XMMRegister()
- xmm_v15 = XMMRegister()
-
- xmm_tmp = xmm_v12
-
- #
- # 4 blocks at a time.
- #
-
- reg_rounds = GeneralPurposeRegister64()
-
- vector_loop4 = Loop()
- SUB(reg_blocks, 4)
- JB(vector_loop4.end)
- with vector_loop4:
- MOVDQU(xmm_v0, mem_s0)
- MOVDQU(xmm_v1, mem_s1)
- MOVDQU(xmm_v2, mem_s2)
- MOVDQU(xmm_v3, mem_s3)
-
- MOVDQA(xmm_v4, xmm_v0)
- MOVDQA(xmm_v5, xmm_v1)
- MOVDQA(xmm_v6, xmm_v2)
- MOVDQA(xmm_v7, xmm_v3)
- PADDQ(xmm_v7, mem_one)
-
- MOVDQA(xmm_v8, xmm_v0)
- MOVDQA(xmm_v9, xmm_v1)
- MOVDQA(xmm_v10, xmm_v2)
- MOVDQA(xmm_v11, xmm_v7)
- PADDQ(xmm_v11, mem_one)
-
- MOVDQA(xmm_v12, xmm_v0)
- MOVDQA(xmm_v13, xmm_v1)
- MOVDQA(xmm_v14, xmm_v2)
- MOVDQA(xmm_v15, xmm_v11)
- PADDQ(xmm_v15, mem_one)
-
- MOV(reg_rounds, 20)
- rounds_loop4 = Loop()
- with rounds_loop4:
- # a += b; d ^= a; d = ROTW16(d);
- PADDD(xmm_v0, xmm_v1)
- PADDD(xmm_v4, xmm_v5)
- PADDD(xmm_v8, xmm_v9)
- PADDD(xmm_v12, xmm_v13)
- PXOR(xmm_v3, xmm_v0)
- PXOR(xmm_v7, xmm_v4)
- PXOR(xmm_v11, xmm_v8)
- PXOR(xmm_v15, xmm_v12)
-
- MOVDQA(mem_tmp0, xmm_tmp) # Save
-
- ROTW16_sse2(xmm_tmp, xmm_v3)
- ROTW16_sse2(xmm_tmp, xmm_v7)
- ROTW16_sse2(xmm_tmp, xmm_v11)
- ROTW16_sse2(xmm_tmp, xmm_v15)
-
- # c += d; b ^= c; b = ROTW12(b);
- PADDD(xmm_v2, xmm_v3)
- PADDD(xmm_v6, xmm_v7)
- PADDD(xmm_v10, xmm_v11)
- PADDD(xmm_v14, xmm_v15)
- PXOR(xmm_v1, xmm_v2)
- PXOR(xmm_v5, xmm_v6)
- PXOR(xmm_v9, xmm_v10)
- PXOR(xmm_v13, xmm_v14)
- ROTW12_sse2(xmm_tmp, xmm_v1)
- ROTW12_sse2(xmm_tmp, xmm_v5)
- ROTW12_sse2(xmm_tmp, xmm_v9)
- ROTW12_sse2(xmm_tmp, xmm_v13)
-
- # a += b; d ^= a; d = ROTW8(d);
- MOVDQA(xmm_tmp, mem_tmp0) # Restore
-
- PADDD(xmm_v0, xmm_v1)
- PADDD(xmm_v4, xmm_v5)
- PADDD(xmm_v8, xmm_v9)
- PADDD(xmm_v12, xmm_v13)
- PXOR(xmm_v3, xmm_v0)
- PXOR(xmm_v7, xmm_v4)
- PXOR(xmm_v11, xmm_v8)
- PXOR(xmm_v15, xmm_v12)
-
- MOVDQA(mem_tmp0, xmm_tmp) # Save
-
- ROTW8_sse2(xmm_tmp, xmm_v3)
- ROTW8_sse2(xmm_tmp, xmm_v7)
- ROTW8_sse2(xmm_tmp, xmm_v11)
- ROTW8_sse2(xmm_tmp, xmm_v15)
-
- # c += d; b ^= c; b = ROTW7(b)
- PADDD(xmm_v2, xmm_v3)
- PADDD(xmm_v6, xmm_v7)
- PADDD(xmm_v10, xmm_v11)
- PADDD(xmm_v14, xmm_v15)
- PXOR(xmm_v1, xmm_v2)
- PXOR(xmm_v5, xmm_v6)
- PXOR(xmm_v9, xmm_v10)
- PXOR(xmm_v13, xmm_v14)
- ROTW7_sse2(xmm_tmp, xmm_v1)
- ROTW7_sse2(xmm_tmp, xmm_v5)
- ROTW7_sse2(xmm_tmp, xmm_v9)
- ROTW7_sse2(xmm_tmp, xmm_v13)
-
- # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
- PSHUFD(xmm_v1, xmm_v1, 0x39)
- PSHUFD(xmm_v5, xmm_v5, 0x39)
- PSHUFD(xmm_v9, xmm_v9, 0x39)
- PSHUFD(xmm_v13, xmm_v13, 0x39)
- PSHUFD(xmm_v2, xmm_v2, 0x4e)
- PSHUFD(xmm_v6, xmm_v6, 0x4e)
- PSHUFD(xmm_v10, xmm_v10, 0x4e)
- PSHUFD(xmm_v14, xmm_v14, 0x4e)
- PSHUFD(xmm_v3, xmm_v3, 0x93)
- PSHUFD(xmm_v7, xmm_v7, 0x93)
- PSHUFD(xmm_v11, xmm_v11, 0x93)
- PSHUFD(xmm_v15, xmm_v15, 0x93)
-
- MOVDQA(xmm_tmp, mem_tmp0) # Restore
-
- # a += b; d ^= a; d = ROTW16(d);
- PADDD(xmm_v0, xmm_v1)
- PADDD(xmm_v4, xmm_v5)
- PADDD(xmm_v8, xmm_v9)
- PADDD(xmm_v12, xmm_v13)
- PXOR(xmm_v3, xmm_v0)
- PXOR(xmm_v7, xmm_v4)
- PXOR(xmm_v11, xmm_v8)
- PXOR(xmm_v15, xmm_v12)
-
- MOVDQA(mem_tmp0, xmm_tmp) # Save
-
- ROTW16_sse2(xmm_tmp, xmm_v3)
- ROTW16_sse2(xmm_tmp, xmm_v7)
- ROTW16_sse2(xmm_tmp, xmm_v11)
- ROTW16_sse2(xmm_tmp, xmm_v15)
-
- # c += d; b ^= c; b = ROTW12(b);
- PADDD(xmm_v2, xmm_v3)
- PADDD(xmm_v6, xmm_v7)
- PADDD(xmm_v10, xmm_v11)
- PADDD(xmm_v14, xmm_v15)
- PXOR(xmm_v1, xmm_v2)
- PXOR(xmm_v5, xmm_v6)
- PXOR(xmm_v9, xmm_v10)
- PXOR(xmm_v13, xmm_v14)
- ROTW12_sse2(xmm_tmp, xmm_v1)
- ROTW12_sse2(xmm_tmp, xmm_v5)
- ROTW12_sse2(xmm_tmp, xmm_v9)
- ROTW12_sse2(xmm_tmp, xmm_v13)
-
- # a += b; d ^= a; d = ROTW8(d);
- MOVDQA(xmm_tmp, mem_tmp0) # Restore
-
- PADDD(xmm_v0, xmm_v1)
- PADDD(xmm_v4, xmm_v5)
- PADDD(xmm_v8, xmm_v9)
- PADDD(xmm_v12, xmm_v13)
- PXOR(xmm_v3, xmm_v0)
- PXOR(xmm_v7, xmm_v4)
- PXOR(xmm_v11, xmm_v8)
- PXOR(xmm_v15, xmm_v12)
-
- MOVDQA(mem_tmp0, xmm_tmp) # Save
-
- ROTW8_sse2(xmm_tmp, xmm_v3)
- ROTW8_sse2(xmm_tmp, xmm_v7)
- ROTW8_sse2(xmm_tmp, xmm_v11)
- ROTW8_sse2(xmm_tmp, xmm_v15)
-
- # c += d; b ^= c; b = ROTW7(b)
- PADDD(xmm_v2, xmm_v3)
- PADDD(xmm_v6, xmm_v7)
- PADDD(xmm_v10, xmm_v11)
- PADDD(xmm_v14, xmm_v15)
- PXOR(xmm_v1, xmm_v2)
- PXOR(xmm_v5, xmm_v6)
- PXOR(xmm_v9, xmm_v10)
- PXOR(xmm_v13, xmm_v14)
- ROTW7_sse2(xmm_tmp, xmm_v1)
- ROTW7_sse2(xmm_tmp, xmm_v5)
- ROTW7_sse2(xmm_tmp, xmm_v9)
- ROTW7_sse2(xmm_tmp, xmm_v13)
-
- # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
- PSHUFD(xmm_v1, xmm_v1, 0x93)
- PSHUFD(xmm_v5, xmm_v5, 0x93)
- PSHUFD(xmm_v9, xmm_v9, 0x93)
- PSHUFD(xmm_v13, xmm_v13, 0x93)
- PSHUFD(xmm_v2, xmm_v2, 0x4e)
- PSHUFD(xmm_v6, xmm_v6, 0x4e)
- PSHUFD(xmm_v10, xmm_v10, 0x4e)
- PSHUFD(xmm_v14, xmm_v14, 0x4e)
- PSHUFD(xmm_v3, xmm_v3, 0x39)
- PSHUFD(xmm_v7, xmm_v7, 0x39)
- PSHUFD(xmm_v11, xmm_v11, 0x39)
- PSHUFD(xmm_v15, xmm_v15, 0x39)
-
- MOVDQA(xmm_tmp, mem_tmp0) # Restore
-
- SUB(reg_rounds, 2)
- JNZ(rounds_loop4.begin)
-
- MOVDQA(mem_tmp0, xmm_tmp)
-
- PADDD(xmm_v0, mem_s0)
- PADDD(xmm_v1, mem_s1)
- PADDD(xmm_v2, mem_s2)
- PADDD(xmm_v3, mem_s3)
- WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 0, xmm_v0, xmm_v1, xmm_v2, xmm_v3)
- MOVDQU(xmm_v3, mem_s3)
- PADDQ(xmm_v3, mem_one)
-
- PADDD(xmm_v4, mem_s0)
- PADDD(xmm_v5, mem_s1)
- PADDD(xmm_v6, mem_s2)
- PADDD(xmm_v7, xmm_v3)
- WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 64, xmm_v4, xmm_v5, xmm_v6, xmm_v7)
- PADDQ(xmm_v3, mem_one)
-
- PADDD(xmm_v8, mem_s0)
- PADDD(xmm_v9, mem_s1)
- PADDD(xmm_v10, mem_s2)
- PADDD(xmm_v11, xmm_v3)
- WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 128, xmm_v8, xmm_v9, xmm_v10, xmm_v11)
- PADDQ(xmm_v3, mem_one)
-
- MOVDQA(xmm_tmp, mem_tmp0)
-
- PADDD(xmm_v12, mem_s0)
- PADDD(xmm_v13, mem_s1)
- PADDD(xmm_v14, mem_s2)
- PADDD(xmm_v15, xmm_v3)
- WriteXor_sse2(xmm_v0, reg_inp, reg_outp, 192, xmm_v12, xmm_v13, xmm_v14, xmm_v15)
- PADDQ(xmm_v3, mem_one)
-
- MOVDQU(mem_s3, xmm_v3)
-
- ADD(reg_inp, 4 * 64)
- ADD(reg_outp, 4 * 64)
-
- SUB(reg_blocks, 4)
- JAE(vector_loop4.begin)
-
- ADD(reg_blocks, 4)
- out = Label()
- JZ(out)
-
- # Past this point, we no longer need to use every single register to hold
- # the in progress state.
-
- xmm_s0 = xmm_v8
- xmm_s1 = xmm_v9
- xmm_s2 = xmm_v10
- xmm_s3 = xmm_v11
- xmm_one = xmm_v13
- MOVDQU(xmm_s0, mem_s0)
- MOVDQU(xmm_s1, mem_s1)
- MOVDQU(xmm_s2, mem_s2)
- MOVDQU(xmm_s3, mem_s3)
- MOVDQA(xmm_one, mem_one)
-
- #
- # 2 blocks at a time.
- #
-
- process_1_block = Label()
- SUB(reg_blocks, 2)
- JB(process_1_block) # < 2 blocks remaining.
-
- MOVDQA(xmm_v0, xmm_s0)
- MOVDQA(xmm_v1, xmm_s1)
- MOVDQA(xmm_v2, xmm_s2)
- MOVDQA(xmm_v3, xmm_s3)
-
- MOVDQA(xmm_v4, xmm_v0)
- MOVDQA(xmm_v5, xmm_v1)
- MOVDQA(xmm_v6, xmm_v2)
- MOVDQA(xmm_v7, xmm_v3)
- PADDQ(xmm_v7, xmm_one)
-
- MOV(reg_rounds, 20)
- rounds_loop2 = Loop()
- with rounds_loop2:
- # a += b; d ^= a; d = ROTW16(d);
- PADDD(xmm_v0, xmm_v1)
- PADDD(xmm_v4, xmm_v5)
- PXOR(xmm_v3, xmm_v0)
- PXOR(xmm_v7, xmm_v4)
- ROTW16_sse2(xmm_tmp, xmm_v3)
- ROTW16_sse2(xmm_tmp, xmm_v7)
-
- # c += d; b ^= c; b = ROTW12(b);
- PADDD(xmm_v2, xmm_v3)
- PADDD(xmm_v6, xmm_v7)
- PXOR(xmm_v1, xmm_v2)
- PXOR(xmm_v5, xmm_v6)
- ROTW12_sse2(xmm_tmp, xmm_v1)
- ROTW12_sse2(xmm_tmp, xmm_v5)
-
- # a += b; d ^= a; d = ROTW8(d);
- PADDD(xmm_v0, xmm_v1)
- PADDD(xmm_v4, xmm_v5)
- PXOR(xmm_v3, xmm_v0)
- PXOR(xmm_v7, xmm_v4)
- ROTW8_sse2(xmm_tmp, xmm_v3)
- ROTW8_sse2(xmm_tmp, xmm_v7)
-
- # c += d; b ^= c; b = ROTW7(b)
- PADDD(xmm_v2, xmm_v3)
- PADDD(xmm_v6, xmm_v7)
- PXOR(xmm_v1, xmm_v2)
- PXOR(xmm_v5, xmm_v6)
- ROTW7_sse2(xmm_tmp, xmm_v1)
- ROTW7_sse2(xmm_tmp, xmm_v5)
-
- # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
- PSHUFD(xmm_v1, xmm_v1, 0x39)
- PSHUFD(xmm_v5, xmm_v5, 0x39)
- PSHUFD(xmm_v2, xmm_v2, 0x4e)
- PSHUFD(xmm_v6, xmm_v6, 0x4e)
- PSHUFD(xmm_v3, xmm_v3, 0x93)
- PSHUFD(xmm_v7, xmm_v7, 0x93)
-
- # a += b; d ^= a; d = ROTW16(d);
- PADDD(xmm_v0, xmm_v1)
- PADDD(xmm_v4, xmm_v5)
- PXOR(xmm_v3, xmm_v0)
- PXOR(xmm_v7, xmm_v4)
- ROTW16_sse2(xmm_tmp, xmm_v3)
- ROTW16_sse2(xmm_tmp, xmm_v7)
-
- # c += d; b ^= c; b = ROTW12(b);
- PADDD(xmm_v2, xmm_v3)
- PADDD(xmm_v6, xmm_v7)
- PXOR(xmm_v1, xmm_v2)
- PXOR(xmm_v5, xmm_v6)
- ROTW12_sse2(xmm_tmp, xmm_v1)
- ROTW12_sse2(xmm_tmp, xmm_v5)
-
- # a += b; d ^= a; d = ROTW8(d);
- PADDD(xmm_v0, xmm_v1)
- PADDD(xmm_v4, xmm_v5)
- PXOR(xmm_v3, xmm_v0)
- PXOR(xmm_v7, xmm_v4)
- ROTW8_sse2(xmm_tmp, xmm_v3)
- ROTW8_sse2(xmm_tmp, xmm_v7)
-
- # c += d; b ^= c; b = ROTW7(b)
- PADDD(xmm_v2, xmm_v3)
- PADDD(xmm_v6, xmm_v7)
- PXOR(xmm_v1, xmm_v2)
- PXOR(xmm_v5, xmm_v6)
- ROTW7_sse2(xmm_tmp, xmm_v1)
- ROTW7_sse2(xmm_tmp, xmm_v5)
-
- # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
- PSHUFD(xmm_v1, xmm_v1, 0x93)
- PSHUFD(xmm_v5, xmm_v5, 0x93)
- PSHUFD(xmm_v2, xmm_v2, 0x4e)
- PSHUFD(xmm_v6, xmm_v6, 0x4e)
- PSHUFD(xmm_v3, xmm_v3, 0x39)
- PSHUFD(xmm_v7, xmm_v7, 0x39)
-
- SUB(reg_rounds, 2)
- JNZ(rounds_loop2.begin)
-
- PADDD(xmm_v0, xmm_s0)
- PADDD(xmm_v1, xmm_s1)
- PADDD(xmm_v2, xmm_s2)
- PADDD(xmm_v3, xmm_s3)
- WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 0, xmm_v0, xmm_v1, xmm_v2, xmm_v3)
- PADDQ(xmm_s3, xmm_one)
-
- PADDD(xmm_v4, xmm_s0)
- PADDD(xmm_v5, xmm_s1)
- PADDD(xmm_v6, xmm_s2)
- PADDD(xmm_v7, xmm_s3)
- WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 64, xmm_v4, xmm_v5, xmm_v6, xmm_v7)
- PADDQ(xmm_s3, xmm_one)
-
- ADD(reg_inp, 2 * 64)
- ADD(reg_outp, 2 * 64)
- SUB(reg_blocks, 2)
-
- LABEL(process_1_block)
- ADD(reg_blocks, 2)
- out_serial = Label()
- JZ(out_serial)
-
- #
- # 1 block at a time. Only executed once, because if there was > 1,
- # the parallel code would have processed it already.
- #
-
- MOVDQA(xmm_v0, xmm_s0)
- MOVDQA(xmm_v1, xmm_s1)
- MOVDQA(xmm_v2, xmm_s2)
- MOVDQA(xmm_v3, xmm_s3)
-
- MOV(reg_rounds, 20)
- rounds_loop1 = Loop()
- with rounds_loop1:
- # a += b; d ^= a; d = ROTW16(d);
- PADDD(xmm_v0, xmm_v1)
- PXOR(xmm_v3, xmm_v0)
- ROTW16_sse2(xmm_tmp, xmm_v3)
-
- # c += d; b ^= c; b = ROTW12(b);
- PADDD(xmm_v2, xmm_v3)
- PXOR(xmm_v1, xmm_v2)
- ROTW12_sse2(xmm_tmp, xmm_v1)
-
- # a += b; d ^= a; d = ROTW8(d);
- PADDD(xmm_v0, xmm_v1)
- PXOR(xmm_v3, xmm_v0)
- ROTW8_sse2(xmm_tmp, xmm_v3)
-
- # c += d; b ^= c; b = ROTW7(b)
- PADDD(xmm_v2, xmm_v3)
- PXOR(xmm_v1, xmm_v2)
- ROTW7_sse2(xmm_tmp, xmm_v1)
-
- # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
- PSHUFD(xmm_v1, xmm_v1, 0x39)
- PSHUFD(xmm_v2, xmm_v2, 0x4e)
- PSHUFD(xmm_v3, xmm_v3, 0x93)
-
- # a += b; d ^= a; d = ROTW16(d);
- PADDD(xmm_v0, xmm_v1)
- PXOR(xmm_v3, xmm_v0)
- ROTW16_sse2(xmm_tmp, xmm_v3)
-
- # c += d; b ^= c; b = ROTW12(b);
- PADDD(xmm_v2, xmm_v3)
- PXOR(xmm_v1, xmm_v2)
- ROTW12_sse2(xmm_tmp, xmm_v1)
-
- # a += b; d ^= a; d = ROTW8(d);
- PADDD(xmm_v0, xmm_v1)
- PXOR(xmm_v3, xmm_v0)
- ROTW8_sse2(xmm_tmp, xmm_v3)
-
- # c += d; b ^= c; b = ROTW7(b)
- PADDD(xmm_v2, xmm_v3)
- PXOR(xmm_v1, xmm_v2)
- ROTW7_sse2(xmm_tmp, xmm_v1)
-
- # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
- PSHUFD(xmm_v1, xmm_v1, 0x93)
- PSHUFD(xmm_v2, xmm_v2, 0x4e)
- PSHUFD(xmm_v3, xmm_v3, 0x39)
-
- SUB(reg_rounds, 2)
- JNZ(rounds_loop1.begin)
-
- PADDD(xmm_v0, xmm_s0)
- PADDD(xmm_v1, xmm_s1)
- PADDD(xmm_v2, xmm_s2)
- PADDD(xmm_v3, xmm_s3)
- WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 0, xmm_v0, xmm_v1, xmm_v2, xmm_v3)
- PADDQ(xmm_s3, xmm_one)
-
- LABEL(out_serial)
-
- # Write back the updated counter. Stoping at 2^70 bytes is the user's
- # problem, not mine. (Skipped if there's exactly a multiple of 4 blocks
- # because the counter is incremented in memory while looping.)
- MOVDQU(mem_s3, xmm_s3)
-
- LABEL(out)
-
- # Paranoia, cleanse the scratch space.
- PXOR(xmm_v0, xmm_v0)
- MOVDQA(mem_tmp0, xmm_v0)
-
- # Remove our stack allocation.
- MOV(registers.rsp, reg_sp_save)
-
- RETURN()
-
-#
-# AVX2 helpers. Like the SSE2 equivalents, the scratch register is explicit,
-# and more helpers are used to increase readability for destructive operations.
-#
-# XXX/Performance: ROTW16_avx2/ROTW8_avx2 both can use VPSHUFFB.
-#
-
-def ADD_avx2(dst, src):
- VPADDD(dst, dst, src)
-
-def XOR_avx2(dst, src):
- VPXOR(dst, dst, src)
-
-def ROTW16_avx2(tmp, d):
- VPSLLD(tmp, d, 16)
- VPSRLD(d, d, 16)
- XOR_avx2(d, tmp)
-
-def ROTW12_avx2(tmp, b):
- VPSLLD(tmp, b, 12)
- VPSRLD(b, b, 20)
- XOR_avx2(b, tmp)
-
-def ROTW8_avx2(tmp, d):
- VPSLLD(tmp, d, 8)
- VPSRLD(d, d, 24)
- XOR_avx2(d, tmp)
-
-def ROTW7_avx2(tmp, b):
- VPSLLD(tmp, b, 7)
- VPSRLD(b, b, 25)
- XOR_avx2(b, tmp)
-
-def WriteXor_avx2(tmp, inp, outp, d, v0, v1, v2, v3):
- # XOR_WRITE(out+ 0, in+ 0, _mm256_permute2x128_si256(v0,v1,0x20));
- VPERM2I128(tmp, v0, v1, 0x20)
- VPXOR(tmp, tmp, [inp+d])
- VMOVDQU([outp+d], tmp)
-
- # XOR_WRITE(out+32, in+32, _mm256_permute2x128_si256(v2,v3,0x20));
- VPERM2I128(tmp, v2, v3, 0x20)
- VPXOR(tmp, tmp, [inp+d+32])
- VMOVDQU([outp+d+32], tmp)
-
- # XOR_WRITE(out+64, in+64, _mm256_permute2x128_si256(v0,v1,0x31));
- VPERM2I128(tmp, v0, v1, 0x31)
- VPXOR(tmp, tmp, [inp+d+64])
- VMOVDQU([outp+d+64], tmp)
-
- # XOR_WRITE(out+96, in+96, _mm256_permute2x128_si256(v2,v3,0x31));
- VPERM2I128(tmp, v2, v3, 0x31)
- VPXOR(tmp, tmp, [inp+d+96])
- VMOVDQU([outp+d+96], tmp)
-
-# AVX2 ChaCha20 (aka avx2). Does not handle partial blocks, will process
-# 8/4/2 blocks at a time.
-with Function("blocksAmd64AVX2", (x, inp, outp, nrBlocks), target=uarch.broadwell):
- reg_x = GeneralPurposeRegister64()
- reg_inp = GeneralPurposeRegister64()
- reg_outp = GeneralPurposeRegister64()
- reg_blocks = GeneralPurposeRegister64()
- reg_sp_save = GeneralPurposeRegister64()
-
- LOAD.ARGUMENT(reg_x, x)
- LOAD.ARGUMENT(reg_inp, inp)
- LOAD.ARGUMENT(reg_outp, outp)
- LOAD.ARGUMENT(reg_blocks, nrBlocks)
-
- # Align the stack to a 32 byte boundary.
- MOV(reg_sp_save, registers.rsp)
- AND(registers.rsp, 0xffffffffffffffe0)
- SUB(registers.rsp, 0x20)
-
- x_s0 = [reg_x] # (Memory) Cipher state [0..3]
- x_s1 = [reg_x+16] # (Memory) Cipher state [4..7]
- x_s2 = [reg_x+32] # (Memory) Cipher state [8..11]
- x_s3 = [reg_x+48] # (Memory) Cipher state [12..15]
-
- ymm_v0 = YMMRegister()
- ymm_v1 = YMMRegister()
- ymm_v2 = YMMRegister()
- ymm_v3 = YMMRegister()
-
- ymm_v4 = YMMRegister()
- ymm_v5 = YMMRegister()
- ymm_v6 = YMMRegister()
- ymm_v7 = YMMRegister()
-
- ymm_v8 = YMMRegister()
- ymm_v9 = YMMRegister()
- ymm_v10 = YMMRegister()
- ymm_v11 = YMMRegister()
-
- ymm_v12 = YMMRegister()
- ymm_v13 = YMMRegister()
- ymm_v14 = YMMRegister()
- ymm_v15 = YMMRegister()
-
- ymm_tmp0 = ymm_v12
-
- # Allocate the neccecary stack space for the counter vector and two ymm
- # registers that we will spill.
- SUB(registers.rsp, 96)
- mem_tmp0 = [registers.rsp+64] # (Stack) Scratch space.
- mem_s3 = [registers.rsp+32] # (Stack) Working copy of s3. (8x)
- mem_inc = [registers.rsp] # (Stack) Counter increment vector.
-
- # Increment the counter for one side of the state vector.
- VPXOR(ymm_tmp0, ymm_tmp0, ymm_tmp0)
- VMOVDQU(mem_inc, ymm_tmp0)
- reg_tmp = GeneralPurposeRegister32()
- MOV(reg_tmp, 0x00000001)
- MOV([registers.rsp+16], reg_tmp)
- VBROADCASTI128(ymm_v3, x_s3)
- VPADDQ(ymm_v3, ymm_v3, [registers.rsp])
- VMOVDQA(mem_s3, ymm_v3)
-
- # As we process 2xN blocks at a time, so the counter increment for both
- # sides of the state vector is 2.
- MOV(reg_tmp, 0x00000002)
- MOV([registers.rsp], reg_tmp)
- MOV([registers.rsp+16], reg_tmp)
-
- out_write_even = Label()
- out_write_odd = Label()
-
- #
- # 8 blocks at a time. Ted Krovetz's avx2 code does not do this, but it's
- # a decent gain despite all the pain...
- #
-
- reg_rounds = GeneralPurposeRegister64()
-
- vector_loop8 = Loop()
- SUB(reg_blocks, 8)
- JB(vector_loop8.end)
- with vector_loop8:
- VBROADCASTI128(ymm_v0, x_s0)
- VBROADCASTI128(ymm_v1, x_s1)
- VBROADCASTI128(ymm_v2, x_s2)
- VMOVDQA(ymm_v3, mem_s3)
-
- VMOVDQA(ymm_v4, ymm_v0)
- VMOVDQA(ymm_v5, ymm_v1)
- VMOVDQA(ymm_v6, ymm_v2)
- VPADDQ(ymm_v7, ymm_v3, mem_inc)
-
- VMOVDQA(ymm_v8, ymm_v0)
- VMOVDQA(ymm_v9, ymm_v1)
- VMOVDQA(ymm_v10, ymm_v2)
- VPADDQ(ymm_v11, ymm_v7, mem_inc)
-
- VMOVDQA(ymm_v12, ymm_v0)
- VMOVDQA(ymm_v13, ymm_v1)
- VMOVDQA(ymm_v14, ymm_v2)
- VPADDQ(ymm_v15, ymm_v11, mem_inc)
-
- MOV(reg_rounds, 20)
- rounds_loop8 = Loop()
- with rounds_loop8:
- # a += b; d ^= a; d = ROTW16(d);
- ADD_avx2(ymm_v0, ymm_v1)
- ADD_avx2(ymm_v4, ymm_v5)
- ADD_avx2(ymm_v8, ymm_v9)
- ADD_avx2(ymm_v12, ymm_v13)
- XOR_avx2(ymm_v3, ymm_v0)
- XOR_avx2(ymm_v7, ymm_v4)
- XOR_avx2(ymm_v11, ymm_v8)
- XOR_avx2(ymm_v15, ymm_v12)
-
- VMOVDQA(mem_tmp0, ymm_tmp0) # Save
-
- ROTW16_avx2(ymm_tmp0, ymm_v3)
- ROTW16_avx2(ymm_tmp0, ymm_v7)
- ROTW16_avx2(ymm_tmp0, ymm_v11)
- ROTW16_avx2(ymm_tmp0, ymm_v15)
-
- # c += d; b ^= c; b = ROTW12(b);
- ADD_avx2(ymm_v2, ymm_v3)
- ADD_avx2(ymm_v6, ymm_v7)
- ADD_avx2(ymm_v10, ymm_v11)
- ADD_avx2(ymm_v14, ymm_v15)
- XOR_avx2(ymm_v1, ymm_v2)
- XOR_avx2(ymm_v5, ymm_v6)
- XOR_avx2(ymm_v9, ymm_v10)
- XOR_avx2(ymm_v13, ymm_v14)
- ROTW12_avx2(ymm_tmp0, ymm_v1)
- ROTW12_avx2(ymm_tmp0, ymm_v5)
- ROTW12_avx2(ymm_tmp0, ymm_v9)
- ROTW12_avx2(ymm_tmp0, ymm_v13)
-
- # a += b; d ^= a; d = ROTW8(d);
- VMOVDQA(ymm_tmp0, mem_tmp0) # Restore
-
- ADD_avx2(ymm_v0, ymm_v1)
- ADD_avx2(ymm_v4, ymm_v5)
- ADD_avx2(ymm_v8, ymm_v9)
- ADD_avx2(ymm_v12, ymm_v13)
- XOR_avx2(ymm_v3, ymm_v0)
- XOR_avx2(ymm_v7, ymm_v4)
- XOR_avx2(ymm_v11, ymm_v8)
- XOR_avx2(ymm_v15, ymm_v12)
-
- VMOVDQA(mem_tmp0, ymm_tmp0) # Save
-
- ROTW8_avx2(ymm_tmp0, ymm_v3)
- ROTW8_avx2(ymm_tmp0, ymm_v7)
- ROTW8_avx2(ymm_tmp0, ymm_v11)
- ROTW8_avx2(ymm_tmp0, ymm_v15)
-
- # c += d; b ^= c; b = ROTW7(b)
- ADD_avx2(ymm_v2, ymm_v3)
- ADD_avx2(ymm_v6, ymm_v7)
- ADD_avx2(ymm_v10, ymm_v11)
- ADD_avx2(ymm_v14, ymm_v15)
- XOR_avx2(ymm_v1, ymm_v2)
- XOR_avx2(ymm_v5, ymm_v6)
- XOR_avx2(ymm_v9, ymm_v10)
- XOR_avx2(ymm_v13, ymm_v14)
- ROTW7_avx2(ymm_tmp0, ymm_v1)
- ROTW7_avx2(ymm_tmp0, ymm_v5)
- ROTW7_avx2(ymm_tmp0, ymm_v9)
- ROTW7_avx2(ymm_tmp0, ymm_v13)
-
- # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
- VPSHUFD(ymm_v1, ymm_v1, 0x39)
- VPSHUFD(ymm_v5, ymm_v5, 0x39)
- VPSHUFD(ymm_v9, ymm_v9, 0x39)
- VPSHUFD(ymm_v13, ymm_v13, 0x39)
- VPSHUFD(ymm_v2, ymm_v2, 0x4e)
- VPSHUFD(ymm_v6, ymm_v6, 0x4e)
- VPSHUFD(ymm_v10, ymm_v10, 0x4e)
- VPSHUFD(ymm_v14, ymm_v14, 0x4e)
- VPSHUFD(ymm_v3, ymm_v3, 0x93)
- VPSHUFD(ymm_v7, ymm_v7, 0x93)
- VPSHUFD(ymm_v11, ymm_v11, 0x93)
- VPSHUFD(ymm_v15, ymm_v15, 0x93)
-
- # a += b; d ^= a; d = ROTW16(d);
- VMOVDQA(ymm_tmp0, mem_tmp0) # Restore
-
- ADD_avx2(ymm_v0, ymm_v1)
- ADD_avx2(ymm_v4, ymm_v5)
- ADD_avx2(ymm_v8, ymm_v9)
- ADD_avx2(ymm_v12, ymm_v13)
- XOR_avx2(ymm_v3, ymm_v0)
- XOR_avx2(ymm_v7, ymm_v4)
- XOR_avx2(ymm_v11, ymm_v8)
- XOR_avx2(ymm_v15, ymm_v12)
-
- VMOVDQA(mem_tmp0, ymm_tmp0) # Save
-
- ROTW16_avx2(ymm_tmp0, ymm_v3)
- ROTW16_avx2(ymm_tmp0, ymm_v7)
- ROTW16_avx2(ymm_tmp0, ymm_v11)
- ROTW16_avx2(ymm_tmp0, ymm_v15)
-
- # c += d; b ^= c; b = ROTW12(b);
- ADD_avx2(ymm_v2, ymm_v3)
- ADD_avx2(ymm_v6, ymm_v7)
- ADD_avx2(ymm_v10, ymm_v11)
- ADD_avx2(ymm_v14, ymm_v15)
- XOR_avx2(ymm_v1, ymm_v2)
- XOR_avx2(ymm_v5, ymm_v6)
- XOR_avx2(ymm_v9, ymm_v10)
- XOR_avx2(ymm_v13, ymm_v14)
- ROTW12_avx2(ymm_tmp0, ymm_v1)
- ROTW12_avx2(ymm_tmp0, ymm_v5)
- ROTW12_avx2(ymm_tmp0, ymm_v9)
- ROTW12_avx2(ymm_tmp0, ymm_v13)
-
- # a += b; d ^= a; d = ROTW8(d);
- VMOVDQA(ymm_tmp0, mem_tmp0) # Restore
-
- ADD_avx2(ymm_v0, ymm_v1)
- ADD_avx2(ymm_v4, ymm_v5)
- ADD_avx2(ymm_v8, ymm_v9)
- ADD_avx2(ymm_v12, ymm_v13)
- XOR_avx2(ymm_v3, ymm_v0)
- XOR_avx2(ymm_v7, ymm_v4)
- XOR_avx2(ymm_v11, ymm_v8)
- XOR_avx2(ymm_v15, ymm_v12)
-
- VMOVDQA(mem_tmp0, ymm_tmp0) # Save
-
- ROTW8_avx2(ymm_tmp0, ymm_v3)
- ROTW8_avx2(ymm_tmp0, ymm_v7)
- ROTW8_avx2(ymm_tmp0, ymm_v11)
- ROTW8_avx2(ymm_tmp0, ymm_v15)
-
- # c += d; b ^= c; b = ROTW7(b)
- ADD_avx2(ymm_v2, ymm_v3)
- ADD_avx2(ymm_v6, ymm_v7)
- ADD_avx2(ymm_v10, ymm_v11)
- ADD_avx2(ymm_v14, ymm_v15)
- XOR_avx2(ymm_v1, ymm_v2)
- XOR_avx2(ymm_v5, ymm_v6)
- XOR_avx2(ymm_v9, ymm_v10)
- XOR_avx2(ymm_v13, ymm_v14)
- ROTW7_avx2(ymm_tmp0, ymm_v1)
- ROTW7_avx2(ymm_tmp0, ymm_v5)
- ROTW7_avx2(ymm_tmp0, ymm_v9)
- ROTW7_avx2(ymm_tmp0, ymm_v13)
-
- # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
- VPSHUFD(ymm_v1, ymm_v1, 0x93)
- VPSHUFD(ymm_v5, ymm_v5, 0x93)
- VPSHUFD(ymm_v9, ymm_v9, 0x93)
- VPSHUFD(ymm_v13, ymm_v13, 0x93)
- VPSHUFD(ymm_v2, ymm_v2, 0x4e)
- VPSHUFD(ymm_v6, ymm_v6, 0x4e)
- VPSHUFD(ymm_v10, ymm_v10, 0x4e)
- VPSHUFD(ymm_v14, ymm_v14, 0x4e)
- VPSHUFD(ymm_v3, ymm_v3, 0x39)
- VPSHUFD(ymm_v7, ymm_v7, 0x39)
- VPSHUFD(ymm_v11, ymm_v11, 0x39)
- VPSHUFD(ymm_v15, ymm_v15, 0x39)
-
- VMOVDQA(ymm_tmp0, mem_tmp0) # Restore
-
- SUB(reg_rounds, 2)
- JNZ(rounds_loop8.begin)
-
- # ymm_v12 is in mem_tmp0 and is current....
-
- # XXX: I assume VBROADCASTI128 is about as fast as VMOVDQA....
- VBROADCASTI128(ymm_tmp0, x_s0)
- ADD_avx2(ymm_v0, ymm_tmp0)
- ADD_avx2(ymm_v4, ymm_tmp0)
- ADD_avx2(ymm_v8, ymm_tmp0)
- ADD_avx2(ymm_tmp0, mem_tmp0)
- VMOVDQA(mem_tmp0, ymm_tmp0)
-
- VBROADCASTI128(ymm_tmp0, x_s1)
- ADD_avx2(ymm_v1, ymm_tmp0)
- ADD_avx2(ymm_v5, ymm_tmp0)
- ADD_avx2(ymm_v9, ymm_tmp0)
- ADD_avx2(ymm_v13, ymm_tmp0)
-
- VBROADCASTI128(ymm_tmp0, x_s2)
- ADD_avx2(ymm_v2, ymm_tmp0)
- ADD_avx2(ymm_v6, ymm_tmp0)
- ADD_avx2(ymm_v10, ymm_tmp0)
- ADD_avx2(ymm_v14, ymm_tmp0)
-
- ADD_avx2(ymm_v3, mem_s3)
- WriteXor_avx2(ymm_tmp0, reg_inp, reg_outp, 0, ymm_v0, ymm_v1, ymm_v2, ymm_v3)
- VMOVDQA(ymm_v3, mem_s3)
- ADD_avx2(ymm_v3, mem_inc)
-
- ADD_avx2(ymm_v7, ymm_v3)
- WriteXor_avx2(ymm_tmp0, reg_inp, reg_outp, 128, ymm_v4, ymm_v5, ymm_v6, ymm_v7)
- ADD_avx2(ymm_v3, mem_inc)
-
- ADD_avx2(ymm_v11, ymm_v3)
- WriteXor_avx2(ymm_tmp0, reg_inp, reg_outp, 256, ymm_v8, ymm_v9, ymm_v10, ymm_v11)
- ADD_avx2(ymm_v3, mem_inc)
-
- VMOVDQA(ymm_v12, mem_tmp0)
- ADD_avx2(ymm_v15, ymm_v3)
- WriteXor_avx2(ymm_v0, reg_inp, reg_outp, 384, ymm_v12, ymm_v13, ymm_v14, ymm_v15)
- ADD_avx2(ymm_v3, mem_inc)
-
- VMOVDQA(mem_s3, ymm_v3)
-
- ADD(reg_inp, 8 * 64)
- ADD(reg_outp, 8 * 64)
-
- SUB(reg_blocks, 8)
- JAE(vector_loop8.begin)
-
- # ymm_v3 contains a current copy of mem_s3 either from when it was built,
- # or because the loop updates it. Copy this before we mess with the block
- # counter in case we need to write it back and return.
- ymm_s3 = ymm_v11
- VMOVDQA(ymm_s3, ymm_v3)
-
- ADD(reg_blocks, 8)
- JZ(out_write_even)
-
- # We now actually can do everything in registers.
- ymm_s0 = ymm_v8
- VBROADCASTI128(ymm_s0, x_s0)
- ymm_s1 = ymm_v9
- VBROADCASTI128(ymm_s1, x_s1)
- ymm_s2 = ymm_v10
- VBROADCASTI128(ymm_s2, x_s2)
- ymm_inc = ymm_v14
- VMOVDQA(ymm_inc, mem_inc)
-
- #
- # 4 blocks at a time.
- #
-
- process_2_blocks = Label()
- SUB(reg_blocks, 4)
- JB(process_2_blocks) # < 4 blocks remaining.
-
- VMOVDQA(ymm_v0, ymm_s0)
- VMOVDQA(ymm_v1, ymm_s1)
- VMOVDQA(ymm_v2, ymm_s2)
- VMOVDQA(ymm_v3, ymm_s3)
-
- VMOVDQA(ymm_v4, ymm_v0)
- VMOVDQA(ymm_v5, ymm_v1)
- VMOVDQA(ymm_v6, ymm_v2)
- VPADDQ(ymm_v7, ymm_v3, ymm_inc)
-
- MOV(reg_rounds, 20)
- rounds_loop4 = Loop()
- with rounds_loop4:
- # a += b; d ^= a; d = ROTW16(d);
- ADD_avx2(ymm_v0, ymm_v1)
- ADD_avx2(ymm_v4, ymm_v5)
- XOR_avx2(ymm_v3, ymm_v0)
- XOR_avx2(ymm_v7, ymm_v4)
- ROTW16_avx2(ymm_tmp0, ymm_v3)
- ROTW16_avx2(ymm_tmp0, ymm_v7)
-
- # c += d; b ^= c; b = ROTW12(b);
- ADD_avx2(ymm_v2, ymm_v3)
- ADD_avx2(ymm_v6, ymm_v7)
- XOR_avx2(ymm_v1, ymm_v2)
- XOR_avx2(ymm_v5, ymm_v6)
- ROTW12_avx2(ymm_tmp0, ymm_v1)
- ROTW12_avx2(ymm_tmp0, ymm_v5)
-
- # a += b; d ^= a; d = ROTW8(d);
- ADD_avx2(ymm_v0, ymm_v1)
- ADD_avx2(ymm_v4, ymm_v5)
- XOR_avx2(ymm_v3, ymm_v0)
- XOR_avx2(ymm_v7, ymm_v4)
- ROTW8_avx2(ymm_tmp0, ymm_v3)
- ROTW8_avx2(ymm_tmp0, ymm_v7)
-
- # c += d; b ^= c; b = ROTW7(b)
- ADD_avx2(ymm_v2, ymm_v3)
- ADD_avx2(ymm_v6, ymm_v7)
- XOR_avx2(ymm_v1, ymm_v2)
- XOR_avx2(ymm_v5, ymm_v6)
- ROTW7_avx2(ymm_tmp0, ymm_v1)
- ROTW7_avx2(ymm_tmp0, ymm_v5)
-
- # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
- VPSHUFD(ymm_v1, ymm_v1, 0x39)
- VPSHUFD(ymm_v5, ymm_v5, 0x39)
- VPSHUFD(ymm_v2, ymm_v2, 0x4e)
- VPSHUFD(ymm_v6, ymm_v6, 0x4e)
- VPSHUFD(ymm_v3, ymm_v3, 0x93)
- VPSHUFD(ymm_v7, ymm_v7, 0x93)
-
- # a += b; d ^= a; d = ROTW16(d);
- ADD_avx2(ymm_v0, ymm_v1)
- ADD_avx2(ymm_v4, ymm_v5)
- XOR_avx2(ymm_v3, ymm_v0)
- XOR_avx2(ymm_v7, ymm_v4)
- ROTW16_avx2(ymm_tmp0, ymm_v3)
- ROTW16_avx2(ymm_tmp0, ymm_v7)
-
- # c += d; b ^= c; b = ROTW12(b);
- ADD_avx2(ymm_v2, ymm_v3)
- ADD_avx2(ymm_v6, ymm_v7)
- XOR_avx2(ymm_v1, ymm_v2)
- XOR_avx2(ymm_v5, ymm_v6)
- ROTW12_avx2(ymm_tmp0, ymm_v1)
- ROTW12_avx2(ymm_tmp0, ymm_v5)
-
- # a += b; d ^= a; d = ROTW8(d);
- ADD_avx2(ymm_v0, ymm_v1)
- ADD_avx2(ymm_v4, ymm_v5)
- XOR_avx2(ymm_v3, ymm_v0)
- XOR_avx2(ymm_v7, ymm_v4)
- ROTW8_avx2(ymm_tmp0, ymm_v3)
- ROTW8_avx2(ymm_tmp0, ymm_v7)
-
- # c += d; b ^= c; b = ROTW7(b)
- ADD_avx2(ymm_v2, ymm_v3)
- ADD_avx2(ymm_v6, ymm_v7)
- XOR_avx2(ymm_v1, ymm_v2)
- XOR_avx2(ymm_v5, ymm_v6)
- ROTW7_avx2(ymm_tmp0, ymm_v1)
- ROTW7_avx2(ymm_tmp0, ymm_v5)
-
- # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
- VPSHUFD(ymm_v1, ymm_v1, 0x93)
- VPSHUFD(ymm_v5, ymm_v5, 0x93)
- VPSHUFD(ymm_v2, ymm_v2, 0x4e)
- VPSHUFD(ymm_v6, ymm_v6, 0x4e)
- VPSHUFD(ymm_v3, ymm_v3, 0x39)
- VPSHUFD(ymm_v7, ymm_v7, 0x39)
-
- SUB(reg_rounds, 2)
- JNZ(rounds_loop4.begin)
-
- ADD_avx2(ymm_v0, ymm_s0)
- ADD_avx2(ymm_v1, ymm_s1)
- ADD_avx2(ymm_v2, ymm_s2)
- ADD_avx2(ymm_v3, ymm_s3)
- WriteXor_avx2(ymm_tmp0, reg_inp, reg_outp, 0, ymm_v0, ymm_v1, ymm_v2, ymm_v3)
- ADD_avx2(ymm_s3, ymm_inc)
-
- ADD_avx2(ymm_v4, ymm_s0)
- ADD_avx2(ymm_v5, ymm_s1)
- ADD_avx2(ymm_v6, ymm_s2)
- ADD_avx2(ymm_v7, ymm_s3)
- WriteXor_avx2(ymm_tmp0, reg_inp, reg_outp, 128, ymm_v4, ymm_v5, ymm_v6, ymm_v7)
- ADD_avx2(ymm_s3, ymm_inc)
-
- ADD(reg_inp, 4 * 64)
- ADD(reg_outp, 4 * 64)
- SUB(reg_blocks, 4)
-
- LABEL(process_2_blocks)
- ADD(reg_blocks, 4)
- JZ(out_write_even) # 0 blocks left.
-
- #
- # 2/1 blocks at a time. The two codepaths are unified because
- # with AVX2 we do 2 blocks at a time anyway, and this only gets called
- # if 3/2/1 blocks are remaining, so the extra branches don't hurt that
- # much.
- #
-
- vector_loop2 = Loop()
- with vector_loop2:
- VMOVDQA(ymm_v0, ymm_s0)
- VMOVDQA(ymm_v1, ymm_s1)
- VMOVDQA(ymm_v2, ymm_s2)
- VMOVDQA(ymm_v3, ymm_s3)
-
- MOV(reg_rounds, 20)
- rounds_loop2 = Loop()
- with rounds_loop2:
- # a += b; d ^= a; d = ROTW16(d);
- ADD_avx2(ymm_v0, ymm_v1)
- XOR_avx2(ymm_v3, ymm_v0)
- ROTW16_avx2(ymm_tmp0, ymm_v3)
-
- # c += d; b ^= c; b = ROTW12(b);
- ADD_avx2(ymm_v2, ymm_v3)
- XOR_avx2(ymm_v1, ymm_v2)
- ROTW12_avx2(ymm_tmp0, ymm_v1)
-
- # a += b; d ^= a; d = ROTW8(d);
- ADD_avx2(ymm_v0, ymm_v1)
- XOR_avx2(ymm_v3, ymm_v0)
- ROTW8_avx2(ymm_tmp0, ymm_v3)
-
- # c += d; b ^= c; b = ROTW7(b)
- ADD_avx2(ymm_v2, ymm_v3)
- XOR_avx2(ymm_v1, ymm_v2)
- ROTW7_avx2(ymm_tmp0, ymm_v1)
-
- # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
- VPSHUFD(ymm_v1, ymm_v1, 0x39)
- VPSHUFD(ymm_v2, ymm_v2, 0x4e)
- VPSHUFD(ymm_v3, ymm_v3, 0x93)
-
- # a += b; d ^= a; d = ROTW16(d);
- ADD_avx2(ymm_v0, ymm_v1)
- XOR_avx2(ymm_v3, ymm_v0)
- ROTW16_avx2(ymm_tmp0, ymm_v3)
-
- # c += d; b ^= c; b = ROTW12(b);
- ADD_avx2(ymm_v2, ymm_v3)
- XOR_avx2(ymm_v1, ymm_v2)
- ROTW12_avx2(ymm_tmp0, ymm_v1)
-
- # a += b; d ^= a; d = ROTW8(d);
- ADD_avx2(ymm_v0, ymm_v1)
- XOR_avx2(ymm_v3, ymm_v0)
- ROTW8_avx2(ymm_tmp0, ymm_v3)
-
- # c += d; b ^= c; b = ROTW7(b)
- ADD_avx2(ymm_v2, ymm_v3)
- XOR_avx2(ymm_v1, ymm_v2)
- ROTW7_avx2(ymm_tmp0, ymm_v1)
-
- # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
- VPSHUFD(ymm_v1, ymm_v1, 0x93)
- VPSHUFD(ymm_v2, ymm_v2, 0x4e)
- VPSHUFD(ymm_v3, ymm_v3, 0x39)
-
- SUB(reg_rounds, 2)
- JNZ(rounds_loop2.begin)
-
- ADD_avx2(ymm_v0, ymm_s0)
- ADD_avx2(ymm_v1, ymm_s1)
- ADD_avx2(ymm_v2, ymm_s2)
- ADD_avx2(ymm_v3, ymm_s3)
-
- # XOR_WRITE(out+ 0, in+ 0, _mm256_permute2x128_si256(v0,v1,0x20));
- VPERM2I128(ymm_tmp0, ymm_v0, ymm_v1, 0x20)
- VPXOR(ymm_tmp0, ymm_tmp0, [reg_inp])
- VMOVDQU([reg_outp], ymm_tmp0)
-
- # XOR_WRITE(out+32, in+32, _mm256_permute2x128_si256(v2,v3,0x20));
- VPERM2I128(ymm_tmp0, ymm_v2, ymm_v3, 0x20)
- VPXOR(ymm_tmp0, ymm_tmp0, [reg_inp+32])
- VMOVDQU([reg_outp+32], ymm_tmp0)
-
- SUB(reg_blocks, 1)
- JZ(out_write_odd)
-
- ADD_avx2(ymm_s3, ymm_inc)
-
- # XOR_WRITE(out+64, in+64, _mm256_permute2x128_si256(v0,v1,0x31));
- VPERM2I128(ymm_tmp0, ymm_v0, ymm_v1, 0x31)
- VPXOR(ymm_tmp0, ymm_tmp0, [reg_inp+64])
- VMOVDQU([reg_outp+64], ymm_tmp0)
-
- # XOR_WRITE(out+96, in+96, _mm256_permute2x128_si256(v2,v3,0x31));
- VPERM2I128(ymm_tmp0, ymm_v2, ymm_v3, 0x31)
- VPXOR(ymm_tmp0, ymm_tmp0, [reg_inp+96])
- VMOVDQU([reg_outp+96], ymm_tmp0)
-
- SUB(reg_blocks, 1)
- JZ(out_write_even)
-
- ADD(reg_inp, 2 * 64)
- ADD(reg_outp, 2 * 64)
- JMP(vector_loop2.begin)
-
- LABEL(out_write_odd)
- VPERM2I128(ymm_s3, ymm_s3, ymm_s3, 0x01) # Odd number of blocks.
-
- LABEL(out_write_even)
- VMOVDQU(x_s3, ymm_s3.as_xmm) # Write back ymm_s3 to x_v3
-
- # Paranoia, cleanse the scratch space.
- VPXOR(ymm_v0, ymm_v0, ymm_v0)
- VMOVDQA(mem_tmp0, ymm_v0)
- VMOVDQA(mem_s3, ymm_v0)
-
- # Clear all YMM (and XMM) registers.
- VZEROALL()
-
- # Remove our stack allocation.
- MOV(registers.rsp, reg_sp_save)
-
- RETURN()
-
-#
-# CPUID
-#
-
-cpuidParams = Argument(ptr(uint32_t))
-
-with Function("cpuidAmd64", (cpuidParams,)):
- reg_params = registers.r15
- LOAD.ARGUMENT(reg_params, cpuidParams)
-
- MOV(registers.eax, [reg_params])
- MOV(registers.ecx, [reg_params+8])
-
- CPUID()
-
- MOV([reg_params], registers.eax)
- MOV([reg_params+4], registers.ebx)
- MOV([reg_params+8], registers.ecx)
- MOV([reg_params+12], registers.edx)
-
- RETURN()
-
-#
-# XGETBV (ECX = 0)
-#
-
-xcrVec = Argument(ptr(uint32_t))
-
-with Function("xgetbv0Amd64", (xcrVec,)):
- reg_vec = GeneralPurposeRegister64()
-
- LOAD.ARGUMENT(reg_vec, xcrVec)
-
- XOR(registers.ecx, registers.ecx)
-
- XGETBV()
-
- MOV([reg_vec], registers.eax)
- MOV([reg_vec+4], registers.edx)
-
- RETURN()
diff --git a/vendor/github.com/Yawning/chacha20/chacha20_amd64.s b/vendor/github.com/Yawning/chacha20/chacha20_amd64.s
deleted file mode 100644
index e3792af..0000000
--- a/vendor/github.com/Yawning/chacha20/chacha20_amd64.s
+++ /dev/null
@@ -1,1180 +0,0 @@
-// +build !noasm
-// Generated by PeachPy 0.2.0 from chacha20_amd64.py
-
-
-// func blocksAmd64SSE2(x *uint32, inp *uint8, outp *uint8, nrBlocks *uint)
-TEXT ·blocksAmd64SSE2(SB),4,$0-32
- MOVQ x+0(FP), AX
- MOVQ inp+8(FP), BX
- MOVQ outp+16(FP), CX
- MOVQ nrBlocks+24(FP), DX
- MOVQ SP, DI
- ANDQ $18446744073709551584, SP
- SUBQ $32, SP
- PXOR X0, X0
- SUBQ $32, SP
- MOVO X0, 0(SP)
- MOVL $1, SI
- MOVL SI, 0(SP)
- SUBQ $4, DX
- JCS vector_loop4_end
-vector_loop4_begin:
- MOVOU 0(AX), X0
- MOVOU 16(AX), X1
- MOVOU 32(AX), X2
- MOVOU 48(AX), X3
- MOVO X0, X4
- MOVO X1, X5
- MOVO X2, X6
- MOVO X3, X7
- PADDQ 0(SP), X7
- MOVO X0, X8
- MOVO X1, X9
- MOVO X2, X10
- MOVO X7, X11
- PADDQ 0(SP), X11
- MOVO X0, X12
- MOVO X1, X13
- MOVO X2, X14
- MOVO X11, X15
- PADDQ 0(SP), X15
- MOVQ $20, SI
-rounds_loop4_begin:
- PADDL X1, X0
- PADDL X5, X4
- PADDL X9, X8
- PADDL X13, X12
- PXOR X0, X3
- PXOR X4, X7
- PXOR X8, X11
- PXOR X12, X15
- MOVO X12, 16(SP)
- MOVO X3, X12
- PSLLL $16, X12
- PSRLL $16, X3
- PXOR X12, X3
- MOVO X7, X12
- PSLLL $16, X12
- PSRLL $16, X7
- PXOR X12, X7
- MOVO X11, X12
- PSLLL $16, X12
- PSRLL $16, X11
- PXOR X12, X11
- MOVO X15, X12
- PSLLL $16, X12
- PSRLL $16, X15
- PXOR X12, X15
- PADDL X3, X2
- PADDL X7, X6
- PADDL X11, X10
- PADDL X15, X14
- PXOR X2, X1
- PXOR X6, X5
- PXOR X10, X9
- PXOR X14, X13
- MOVO X1, X12
- PSLLL $12, X12
- PSRLL $20, X1
- PXOR X12, X1
- MOVO X5, X12
- PSLLL $12, X12
- PSRLL $20, X5
- PXOR X12, X5
- MOVO X9, X12
- PSLLL $12, X12
- PSRLL $20, X9
- PXOR X12, X9
- MOVO X13, X12
- PSLLL $12, X12
- PSRLL $20, X13
- PXOR X12, X13
- MOVO 16(SP), X12
- PADDL X1, X0
- PADDL X5, X4
- PADDL X9, X8
- PADDL X13, X12
- PXOR X0, X3
- PXOR X4, X7
- PXOR X8, X11
- PXOR X12, X15
- MOVO X12, 16(SP)
- MOVO X3, X12
- PSLLL $8, X12
- PSRLL $24, X3
- PXOR X12, X3
- MOVO X7, X12
- PSLLL $8, X12
- PSRLL $24, X7
- PXOR X12, X7
- MOVO X11, X12
- PSLLL $8, X12
- PSRLL $24, X11
- PXOR X12, X11
- MOVO X15, X12
- PSLLL $8, X12
- PSRLL $24, X15
- PXOR X12, X15
- PADDL X3, X2
- PADDL X7, X6
- PADDL X11, X10
- PADDL X15, X14
- PXOR X2, X1
- PXOR X6, X5
- PXOR X10, X9
- PXOR X14, X13
- MOVO X1, X12
- PSLLL $7, X12
- PSRLL $25, X1
- PXOR X12, X1
- MOVO X5, X12
- PSLLL $7, X12
- PSRLL $25, X5
- PXOR X12, X5
- MOVO X9, X12
- PSLLL $7, X12
- PSRLL $25, X9
- PXOR X12, X9
- MOVO X13, X12
- PSLLL $7, X12
- PSRLL $25, X13
- PXOR X12, X13
- PSHUFL $57, X1, X1
- PSHUFL $57, X5, X5
- PSHUFL $57, X9, X9
- PSHUFL $57, X13, X13
- PSHUFL $78, X2, X2
- PSHUFL $78, X6, X6
- PSHUFL $78, X10, X10
- PSHUFL $78, X14, X14
- PSHUFL $147, X3, X3
- PSHUFL $147, X7, X7
- PSHUFL $147, X11, X11
- PSHUFL $147, X15, X15
- MOVO 16(SP), X12
- PADDL X1, X0
- PADDL X5, X4
- PADDL X9, X8
- PADDL X13, X12
- PXOR X0, X3
- PXOR X4, X7
- PXOR X8, X11
- PXOR X12, X15
- MOVO X12, 16(SP)
- MOVO X3, X12
- PSLLL $16, X12
- PSRLL $16, X3
- PXOR X12, X3
- MOVO X7, X12
- PSLLL $16, X12
- PSRLL $16, X7
- PXOR X12, X7
- MOVO X11, X12
- PSLLL $16, X12
- PSRLL $16, X11
- PXOR X12, X11
- MOVO X15, X12
- PSLLL $16, X12
- PSRLL $16, X15
- PXOR X12, X15
- PADDL X3, X2
- PADDL X7, X6
- PADDL X11, X10
- PADDL X15, X14
- PXOR X2, X1
- PXOR X6, X5
- PXOR X10, X9
- PXOR X14, X13
- MOVO X1, X12
- PSLLL $12, X12
- PSRLL $20, X1
- PXOR X12, X1
- MOVO X5, X12
- PSLLL $12, X12
- PSRLL $20, X5
- PXOR X12, X5
- MOVO X9, X12
- PSLLL $12, X12
- PSRLL $20, X9
- PXOR X12, X9
- MOVO X13, X12
- PSLLL $12, X12
- PSRLL $20, X13
- PXOR X12, X13
- MOVO 16(SP), X12
- PADDL X1, X0
- PADDL X5, X4
- PADDL X9, X8
- PADDL X13, X12
- PXOR X0, X3
- PXOR X4, X7
- PXOR X8, X11
- PXOR X12, X15
- MOVO X12, 16(SP)
- MOVO X3, X12
- PSLLL $8, X12
- PSRLL $24, X3
- PXOR X12, X3
- MOVO X7, X12
- PSLLL $8, X12
- PSRLL $24, X7
- PXOR X12, X7
- MOVO X11, X12
- PSLLL $8, X12
- PSRLL $24, X11
- PXOR X12, X11
- MOVO X15, X12
- PSLLL $8, X12
- PSRLL $24, X15
- PXOR X12, X15
- PADDL X3, X2
- PADDL X7, X6
- PADDL X11, X10
- PADDL X15, X14
- PXOR X2, X1
- PXOR X6, X5
- PXOR X10, X9
- PXOR X14, X13
- MOVO X1, X12
- PSLLL $7, X12
- PSRLL $25, X1
- PXOR X12, X1
- MOVO X5, X12
- PSLLL $7, X12
- PSRLL $25, X5
- PXOR X12, X5
- MOVO X9, X12
- PSLLL $7, X12
- PSRLL $25, X9
- PXOR X12, X9
- MOVO X13, X12
- PSLLL $7, X12
- PSRLL $25, X13
- PXOR X12, X13
- PSHUFL $147, X1, X1
- PSHUFL $147, X5, X5
- PSHUFL $147, X9, X9
- PSHUFL $147, X13, X13
- PSHUFL $78, X2, X2
- PSHUFL $78, X6, X6
- PSHUFL $78, X10, X10
- PSHUFL $78, X14, X14
- PSHUFL $57, X3, X3
- PSHUFL $57, X7, X7
- PSHUFL $57, X11, X11
- PSHUFL $57, X15, X15
- MOVO 16(SP), X12
- SUBQ $2, SI
- JNE rounds_loop4_begin
- MOVO X12, 16(SP)
- PADDL 0(AX), X0
- PADDL 16(AX), X1
- PADDL 32(AX), X2
- PADDL 48(AX), X3
- MOVOU 0(BX), X12
- PXOR X0, X12
- MOVOU X12, 0(CX)
- MOVOU 16(BX), X12
- PXOR X1, X12
- MOVOU X12, 16(CX)
- MOVOU 32(BX), X12
- PXOR X2, X12
- MOVOU X12, 32(CX)
- MOVOU 48(BX), X12
- PXOR X3, X12
- MOVOU X12, 48(CX)
- MOVOU 48(AX), X3
- PADDQ 0(SP), X3
- PADDL 0(AX), X4
- PADDL 16(AX), X5
- PADDL 32(AX), X6
- PADDL X3, X7
- MOVOU 64(BX), X12
- PXOR X4, X12
- MOVOU X12, 64(CX)
- MOVOU 80(BX), X12
- PXOR X5, X12
- MOVOU X12, 80(CX)
- MOVOU 96(BX), X12
- PXOR X6, X12
- MOVOU X12, 96(CX)
- MOVOU 112(BX), X12
- PXOR X7, X12
- MOVOU X12, 112(CX)
- PADDQ 0(SP), X3
- PADDL 0(AX), X8
- PADDL 16(AX), X9
- PADDL 32(AX), X10
- PADDL X3, X11
- MOVOU 128(BX), X12
- PXOR X8, X12
- MOVOU X12, 128(CX)
- MOVOU 144(BX), X12
- PXOR X9, X12
- MOVOU X12, 144(CX)
- MOVOU 160(BX), X12
- PXOR X10, X12
- MOVOU X12, 160(CX)
- MOVOU 176(BX), X12
- PXOR X11, X12
- MOVOU X12, 176(CX)
- PADDQ 0(SP), X3
- MOVO 16(SP), X12
- PADDL 0(AX), X12
- PADDL 16(AX), X13
- PADDL 32(AX), X14
- PADDL X3, X15
- MOVOU 192(BX), X0
- PXOR X12, X0
- MOVOU X0, 192(CX)
- MOVOU 208(BX), X0
- PXOR X13, X0
- MOVOU X0, 208(CX)
- MOVOU 224(BX), X0
- PXOR X14, X0
- MOVOU X0, 224(CX)
- MOVOU 240(BX), X0
- PXOR X15, X0
- MOVOU X0, 240(CX)
- PADDQ 0(SP), X3
- MOVOU X3, 48(AX)
- ADDQ $256, BX
- ADDQ $256, CX
- SUBQ $4, DX
- JCC vector_loop4_begin
-vector_loop4_end:
- ADDQ $4, DX
- JEQ out
- MOVOU 0(AX), X8
- MOVOU 16(AX), X9
- MOVOU 32(AX), X10
- MOVOU 48(AX), X11
- MOVO 0(SP), X13
- SUBQ $2, DX
- JCS process_1_block
- MOVO X8, X0
- MOVO X9, X1
- MOVO X10, X2
- MOVO X11, X3
- MOVO X0, X4
- MOVO X1, X5
- MOVO X2, X6
- MOVO X3, X7
- PADDQ X13, X7
- MOVQ $20, SI
-rounds_loop2_begin:
- PADDL X1, X0
- PADDL X5, X4
- PXOR X0, X3
- PXOR X4, X7
- MOVO X3, X12
- PSLLL $16, X12
- PSRLL $16, X3
- PXOR X12, X3
- MOVO X7, X12
- PSLLL $16, X12
- PSRLL $16, X7
- PXOR X12, X7
- PADDL X3, X2
- PADDL X7, X6
- PXOR X2, X1
- PXOR X6, X5
- MOVO X1, X12
- PSLLL $12, X12
- PSRLL $20, X1
- PXOR X12, X1
- MOVO X5, X12
- PSLLL $12, X12
- PSRLL $20, X5
- PXOR X12, X5
- PADDL X1, X0
- PADDL X5, X4
- PXOR X0, X3
- PXOR X4, X7
- MOVO X3, X12
- PSLLL $8, X12
- PSRLL $24, X3
- PXOR X12, X3
- MOVO X7, X12
- PSLLL $8, X12
- PSRLL $24, X7
- PXOR X12, X7
- PADDL X3, X2
- PADDL X7, X6
- PXOR X2, X1
- PXOR X6, X5
- MOVO X1, X12
- PSLLL $7, X12
- PSRLL $25, X1
- PXOR X12, X1
- MOVO X5, X12
- PSLLL $7, X12
- PSRLL $25, X5
- PXOR X12, X5
- PSHUFL $57, X1, X1
- PSHUFL $57, X5, X5
- PSHUFL $78, X2, X2
- PSHUFL $78, X6, X6
- PSHUFL $147, X3, X3
- PSHUFL $147, X7, X7
- PADDL X1, X0
- PADDL X5, X4
- PXOR X0, X3
- PXOR X4, X7
- MOVO X3, X12
- PSLLL $16, X12
- PSRLL $16, X3
- PXOR X12, X3
- MOVO X7, X12
- PSLLL $16, X12
- PSRLL $16, X7
- PXOR X12, X7
- PADDL X3, X2
- PADDL X7, X6
- PXOR X2, X1
- PXOR X6, X5
- MOVO X1, X12
- PSLLL $12, X12
- PSRLL $20, X1
- PXOR X12, X1
- MOVO X5, X12
- PSLLL $12, X12
- PSRLL $20, X5
- PXOR X12, X5
- PADDL X1, X0
- PADDL X5, X4
- PXOR X0, X3
- PXOR X4, X7
- MOVO X3, X12
- PSLLL $8, X12
- PSRLL $24, X3
- PXOR X12, X3
- MOVO X7, X12
- PSLLL $8, X12
- PSRLL $24, X7
- PXOR X12, X7
- PADDL X3, X2
- PADDL X7, X6
- PXOR X2, X1
- PXOR X6, X5
- MOVO X1, X12
- PSLLL $7, X12
- PSRLL $25, X1
- PXOR X12, X1
- MOVO X5, X12
- PSLLL $7, X12
- PSRLL $25, X5
- PXOR X12, X5
- PSHUFL $147, X1, X1
- PSHUFL $147, X5, X5
- PSHUFL $78, X2, X2
- PSHUFL $78, X6, X6
- PSHUFL $57, X3, X3
- PSHUFL $57, X7, X7
- SUBQ $2, SI
- JNE rounds_loop2_begin
- PADDL X8, X0
- PADDL X9, X1
- PADDL X10, X2
- PADDL X11, X3
- MOVOU 0(BX), X12
- PXOR X0, X12
- MOVOU X12, 0(CX)
- MOVOU 16(BX), X12
- PXOR X1, X12
- MOVOU X12, 16(CX)
- MOVOU 32(BX), X12
- PXOR X2, X12
- MOVOU X12, 32(CX)
- MOVOU 48(BX), X12
- PXOR X3, X12
- MOVOU X12, 48(CX)
- PADDQ X13, X11
- PADDL X8, X4
- PADDL X9, X5
- PADDL X10, X6
- PADDL X11, X7
- MOVOU 64(BX), X12
- PXOR X4, X12
- MOVOU X12, 64(CX)
- MOVOU 80(BX), X12
- PXOR X5, X12
- MOVOU X12, 80(CX)
- MOVOU 96(BX), X12
- PXOR X6, X12
- MOVOU X12, 96(CX)
- MOVOU 112(BX), X12
- PXOR X7, X12
- MOVOU X12, 112(CX)
- PADDQ X13, X11
- ADDQ $128, BX
- ADDQ $128, CX
- SUBQ $2, DX
-process_1_block:
- ADDQ $2, DX
- JEQ out_serial
- MOVO X8, X0
- MOVO X9, X1
- MOVO X10, X2
- MOVO X11, X3
- MOVQ $20, SI
-rounds_loop1_begin:
- PADDL X1, X0
- PXOR X0, X3
- MOVO X3, X12
- PSLLL $16, X12
- PSRLL $16, X3
- PXOR X12, X3
- PADDL X3, X2
- PXOR X2, X1
- MOVO X1, X12
- PSLLL $12, X12
- PSRLL $20, X1
- PXOR X12, X1
- PADDL X1, X0
- PXOR X0, X3
- MOVO X3, X12
- PSLLL $8, X12
- PSRLL $24, X3
- PXOR X12, X3
- PADDL X3, X2
- PXOR X2, X1
- MOVO X1, X12
- PSLLL $7, X12
- PSRLL $25, X1
- PXOR X12, X1
- PSHUFL $57, X1, X1
- PSHUFL $78, X2, X2
- PSHUFL $147, X3, X3
- PADDL X1, X0
- PXOR X0, X3
- MOVO X3, X12
- PSLLL $16, X12
- PSRLL $16, X3
- PXOR X12, X3
- PADDL X3, X2
- PXOR X2, X1
- MOVO X1, X12
- PSLLL $12, X12
- PSRLL $20, X1
- PXOR X12, X1
- PADDL X1, X0
- PXOR X0, X3
- MOVO X3, X12
- PSLLL $8, X12
- PSRLL $24, X3
- PXOR X12, X3
- PADDL X3, X2
- PXOR X2, X1
- MOVO X1, X12
- PSLLL $7, X12
- PSRLL $25, X1
- PXOR X12, X1
- PSHUFL $147, X1, X1
- PSHUFL $78, X2, X2
- PSHUFL $57, X3, X3
- SUBQ $2, SI
- JNE rounds_loop1_begin
- PADDL X8, X0
- PADDL X9, X1
- PADDL X10, X2
- PADDL X11, X3
- MOVOU 0(BX), X12
- PXOR X0, X12
- MOVOU X12, 0(CX)
- MOVOU 16(BX), X12
- PXOR X1, X12
- MOVOU X12, 16(CX)
- MOVOU 32(BX), X12
- PXOR X2, X12
- MOVOU X12, 32(CX)
- MOVOU 48(BX), X12
- PXOR X3, X12
- MOVOU X12, 48(CX)
- PADDQ X13, X11
-out_serial:
- MOVOU X11, 48(AX)
-out:
- PXOR X0, X0
- MOVO X0, 16(SP)
- MOVQ DI, SP
- RET
-
-// func blocksAmd64AVX2(x *uint32, inp *uint8, outp *uint8, nrBlocks *uint)
-TEXT ·blocksAmd64AVX2(SB),4,$0-32
- MOVQ x+0(FP), AX
- MOVQ inp+8(FP), BX
- MOVQ outp+16(FP), CX
- MOVQ nrBlocks+24(FP), DX
- MOVQ SP, DI
- ANDQ $18446744073709551584, SP
- SUBQ $32, SP
- SUBQ $96, SP
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm0, ymm0, ymm0
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x04; BYTE $0x24 // VMOVDQU [rsp], ymm0
- MOVL $1, SI
- MOVL SI, 16(SP)
- BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x48; BYTE $0x30 // VBROADCASTI128 ymm1, [rax + 48]
- BYTE $0xC5; BYTE $0xF5; BYTE $0xD4; BYTE $0x0C; BYTE $0x24 // VPADDQ ymm1, ymm1, [rsp]
- BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x4C; BYTE $0x24; BYTE $0x20 // VMOVDQA [rsp + 32], ymm1
- MOVL $2, SI
- MOVL SI, 0(SP)
- MOVL SI, 16(SP)
- SUBQ $8, DX
- JCS vector_loop8_end
-vector_loop8_begin:
- BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x10 // VBROADCASTI128 ymm2, [rax]
- BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x58; BYTE $0x10 // VBROADCASTI128 ymm3, [rax + 16]
- BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x60; BYTE $0x20 // VBROADCASTI128 ymm4, [rax + 32]
- BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x4C; BYTE $0x24; BYTE $0x20 // VMOVDQA ymm1, [rsp + 32]
- BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xEA // VMOVDQA ymm5, ymm2
- BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xF3 // VMOVDQA ymm6, ymm3
- BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xFC // VMOVDQA ymm7, ymm4
- BYTE $0xC5; BYTE $0x75; BYTE $0xD4; BYTE $0x04; BYTE $0x24 // VPADDQ ymm8, ymm1, [rsp]
- BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xCA // VMOVDQA ymm9, ymm2
- BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xD3 // VMOVDQA ymm10, ymm3
- BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xDC // VMOVDQA ymm11, ymm4
- BYTE $0xC5; BYTE $0x3D; BYTE $0xD4; BYTE $0x24; BYTE $0x24 // VPADDQ ymm12, ymm8, [rsp]
- BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xC2 // VMOVDQA ymm0, ymm2
- BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xEB // VMOVDQA ymm13, ymm3
- BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xF4 // VMOVDQA ymm14, ymm4
- BYTE $0xC5; BYTE $0x1D; BYTE $0xD4; BYTE $0x3C; BYTE $0x24 // VPADDQ ymm15, ymm12, [rsp]
- MOVQ $20, SI
-rounds_loop8_begin:
- BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
- BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
- BYTE $0xC4; BYTE $0x41; BYTE $0x35; BYTE $0xFE; BYTE $0xCA // VPADDD ymm9, ymm9, ymm10
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0xFE; BYTE $0xC5 // VPADDD ymm0, ymm0, ymm13
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
- BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xEF; BYTE $0xE1 // VPXOR ymm12, ymm12, ymm9
- BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
- BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x10 // VPSLLD ymm0, ymm8, 16
- BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x10 // VPSRLD ymm8, ymm8, 16
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF4; BYTE $0x10 // VPSLLD ymm0, ymm12, 16
- BYTE $0xC4; BYTE $0xC1; BYTE $0x1D; BYTE $0x72; BYTE $0xD4; BYTE $0x10 // VPSRLD ymm12, ymm12, 16
- BYTE $0xC5; BYTE $0x1D; BYTE $0xEF; BYTE $0xE0 // VPXOR ymm12, ymm12, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF7; BYTE $0x10 // VPSLLD ymm0, ymm15, 16
- BYTE $0xC4; BYTE $0xC1; BYTE $0x05; BYTE $0x72; BYTE $0xD7; BYTE $0x10 // VPSRLD ymm15, ymm15, 16
- BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
- BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
- BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
- BYTE $0xC4; BYTE $0x41; BYTE $0x25; BYTE $0xFE; BYTE $0xDC // VPADDD ymm11, ymm11, ymm12
- BYTE $0xC4; BYTE $0x41; BYTE $0x0D; BYTE $0xFE; BYTE $0xF7 // VPADDD ymm14, ymm14, ymm15
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
- BYTE $0xC4; BYTE $0x41; BYTE $0x2D; BYTE $0xEF; BYTE $0xD3 // VPXOR ymm10, ymm10, ymm11
- BYTE $0xC4; BYTE $0x41; BYTE $0x15; BYTE $0xEF; BYTE $0xEE // VPXOR ymm13, ymm13, ymm14
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
- BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x0C // VPSLLD ymm0, ymm6, 12
- BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x14 // VPSRLD ymm6, ymm6, 20
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF2; BYTE $0x0C // VPSLLD ymm0, ymm10, 12
- BYTE $0xC4; BYTE $0xC1; BYTE $0x2D; BYTE $0x72; BYTE $0xD2; BYTE $0x14 // VPSRLD ymm10, ymm10, 20
- BYTE $0xC5; BYTE $0x2D; BYTE $0xEF; BYTE $0xD0 // VPXOR ymm10, ymm10, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF5; BYTE $0x0C // VPSLLD ymm0, ymm13, 12
- BYTE $0xC4; BYTE $0xC1; BYTE $0x15; BYTE $0x72; BYTE $0xD5; BYTE $0x14 // VPSRLD ymm13, ymm13, 20
- BYTE $0xC5; BYTE $0x15; BYTE $0xEF; BYTE $0xE8 // VPXOR ymm13, ymm13, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA ymm0, [rsp + 64]
- BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
- BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
- BYTE $0xC4; BYTE $0x41; BYTE $0x35; BYTE $0xFE; BYTE $0xCA // VPADDD ymm9, ymm9, ymm10
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0xFE; BYTE $0xC5 // VPADDD ymm0, ymm0, ymm13
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
- BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xEF; BYTE $0xE1 // VPXOR ymm12, ymm12, ymm9
- BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
- BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x08 // VPSLLD ymm0, ymm8, 8
- BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x18 // VPSRLD ymm8, ymm8, 24
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF4; BYTE $0x08 // VPSLLD ymm0, ymm12, 8
- BYTE $0xC4; BYTE $0xC1; BYTE $0x1D; BYTE $0x72; BYTE $0xD4; BYTE $0x18 // VPSRLD ymm12, ymm12, 24
- BYTE $0xC5; BYTE $0x1D; BYTE $0xEF; BYTE $0xE0 // VPXOR ymm12, ymm12, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF7; BYTE $0x08 // VPSLLD ymm0, ymm15, 8
- BYTE $0xC4; BYTE $0xC1; BYTE $0x05; BYTE $0x72; BYTE $0xD7; BYTE $0x18 // VPSRLD ymm15, ymm15, 24
- BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
- BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
- BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
- BYTE $0xC4; BYTE $0x41; BYTE $0x25; BYTE $0xFE; BYTE $0xDC // VPADDD ymm11, ymm11, ymm12
- BYTE $0xC4; BYTE $0x41; BYTE $0x0D; BYTE $0xFE; BYTE $0xF7 // VPADDD ymm14, ymm14, ymm15
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
- BYTE $0xC4; BYTE $0x41; BYTE $0x2D; BYTE $0xEF; BYTE $0xD3 // VPXOR ymm10, ymm10, ymm11
- BYTE $0xC4; BYTE $0x41; BYTE $0x15; BYTE $0xEF; BYTE $0xEE // VPXOR ymm13, ymm13, ymm14
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
- BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x07 // VPSLLD ymm0, ymm6, 7
- BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x19 // VPSRLD ymm6, ymm6, 25
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF2; BYTE $0x07 // VPSLLD ymm0, ymm10, 7
- BYTE $0xC4; BYTE $0xC1; BYTE $0x2D; BYTE $0x72; BYTE $0xD2; BYTE $0x19 // VPSRLD ymm10, ymm10, 25
- BYTE $0xC5; BYTE $0x2D; BYTE $0xEF; BYTE $0xD0 // VPXOR ymm10, ymm10, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF5; BYTE $0x07 // VPSLLD ymm0, ymm13, 7
- BYTE $0xC4; BYTE $0xC1; BYTE $0x15; BYTE $0x72; BYTE $0xD5; BYTE $0x19 // VPSRLD ymm13, ymm13, 25
- BYTE $0xC5; BYTE $0x15; BYTE $0xEF; BYTE $0xE8 // VPXOR ymm13, ymm13, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x39 // VPSHUFD ymm3, ymm3, 57
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xF6; BYTE $0x39 // VPSHUFD ymm6, ymm6, 57
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xD2; BYTE $0x39 // VPSHUFD ymm10, ymm10, 57
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xED; BYTE $0x39 // VPSHUFD ymm13, ymm13, 57
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xFF; BYTE $0x4E // VPSHUFD ymm7, ymm7, 78
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xDB; BYTE $0x4E // VPSHUFD ymm11, ymm11, 78
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xF6; BYTE $0x4E // VPSHUFD ymm14, ymm14, 78
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x93 // VPSHUFD ymm1, ymm1, 147
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xC0; BYTE $0x93 // VPSHUFD ymm8, ymm8, 147
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xE4; BYTE $0x93 // VPSHUFD ymm12, ymm12, 147
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xFF; BYTE $0x93 // VPSHUFD ymm15, ymm15, 147
- BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA ymm0, [rsp + 64]
- BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
- BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
- BYTE $0xC4; BYTE $0x41; BYTE $0x35; BYTE $0xFE; BYTE $0xCA // VPADDD ymm9, ymm9, ymm10
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0xFE; BYTE $0xC5 // VPADDD ymm0, ymm0, ymm13
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
- BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xEF; BYTE $0xE1 // VPXOR ymm12, ymm12, ymm9
- BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
- BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x10 // VPSLLD ymm0, ymm8, 16
- BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x10 // VPSRLD ymm8, ymm8, 16
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF4; BYTE $0x10 // VPSLLD ymm0, ymm12, 16
- BYTE $0xC4; BYTE $0xC1; BYTE $0x1D; BYTE $0x72; BYTE $0xD4; BYTE $0x10 // VPSRLD ymm12, ymm12, 16
- BYTE $0xC5; BYTE $0x1D; BYTE $0xEF; BYTE $0xE0 // VPXOR ymm12, ymm12, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF7; BYTE $0x10 // VPSLLD ymm0, ymm15, 16
- BYTE $0xC4; BYTE $0xC1; BYTE $0x05; BYTE $0x72; BYTE $0xD7; BYTE $0x10 // VPSRLD ymm15, ymm15, 16
- BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
- BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
- BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
- BYTE $0xC4; BYTE $0x41; BYTE $0x25; BYTE $0xFE; BYTE $0xDC // VPADDD ymm11, ymm11, ymm12
- BYTE $0xC4; BYTE $0x41; BYTE $0x0D; BYTE $0xFE; BYTE $0xF7 // VPADDD ymm14, ymm14, ymm15
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
- BYTE $0xC4; BYTE $0x41; BYTE $0x2D; BYTE $0xEF; BYTE $0xD3 // VPXOR ymm10, ymm10, ymm11
- BYTE $0xC4; BYTE $0x41; BYTE $0x15; BYTE $0xEF; BYTE $0xEE // VPXOR ymm13, ymm13, ymm14
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
- BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x0C // VPSLLD ymm0, ymm6, 12
- BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x14 // VPSRLD ymm6, ymm6, 20
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF2; BYTE $0x0C // VPSLLD ymm0, ymm10, 12
- BYTE $0xC4; BYTE $0xC1; BYTE $0x2D; BYTE $0x72; BYTE $0xD2; BYTE $0x14 // VPSRLD ymm10, ymm10, 20
- BYTE $0xC5; BYTE $0x2D; BYTE $0xEF; BYTE $0xD0 // VPXOR ymm10, ymm10, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF5; BYTE $0x0C // VPSLLD ymm0, ymm13, 12
- BYTE $0xC4; BYTE $0xC1; BYTE $0x15; BYTE $0x72; BYTE $0xD5; BYTE $0x14 // VPSRLD ymm13, ymm13, 20
- BYTE $0xC5; BYTE $0x15; BYTE $0xEF; BYTE $0xE8 // VPXOR ymm13, ymm13, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA ymm0, [rsp + 64]
- BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
- BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
- BYTE $0xC4; BYTE $0x41; BYTE $0x35; BYTE $0xFE; BYTE $0xCA // VPADDD ymm9, ymm9, ymm10
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0xFE; BYTE $0xC5 // VPADDD ymm0, ymm0, ymm13
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
- BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xEF; BYTE $0xE1 // VPXOR ymm12, ymm12, ymm9
- BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
- BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x08 // VPSLLD ymm0, ymm8, 8
- BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x18 // VPSRLD ymm8, ymm8, 24
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF4; BYTE $0x08 // VPSLLD ymm0, ymm12, 8
- BYTE $0xC4; BYTE $0xC1; BYTE $0x1D; BYTE $0x72; BYTE $0xD4; BYTE $0x18 // VPSRLD ymm12, ymm12, 24
- BYTE $0xC5; BYTE $0x1D; BYTE $0xEF; BYTE $0xE0 // VPXOR ymm12, ymm12, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF7; BYTE $0x08 // VPSLLD ymm0, ymm15, 8
- BYTE $0xC4; BYTE $0xC1; BYTE $0x05; BYTE $0x72; BYTE $0xD7; BYTE $0x18 // VPSRLD ymm15, ymm15, 24
- BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
- BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
- BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
- BYTE $0xC4; BYTE $0x41; BYTE $0x25; BYTE $0xFE; BYTE $0xDC // VPADDD ymm11, ymm11, ymm12
- BYTE $0xC4; BYTE $0x41; BYTE $0x0D; BYTE $0xFE; BYTE $0xF7 // VPADDD ymm14, ymm14, ymm15
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
- BYTE $0xC4; BYTE $0x41; BYTE $0x2D; BYTE $0xEF; BYTE $0xD3 // VPXOR ymm10, ymm10, ymm11
- BYTE $0xC4; BYTE $0x41; BYTE $0x15; BYTE $0xEF; BYTE $0xEE // VPXOR ymm13, ymm13, ymm14
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
- BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x07 // VPSLLD ymm0, ymm6, 7
- BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x19 // VPSRLD ymm6, ymm6, 25
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF2; BYTE $0x07 // VPSLLD ymm0, ymm10, 7
- BYTE $0xC4; BYTE $0xC1; BYTE $0x2D; BYTE $0x72; BYTE $0xD2; BYTE $0x19 // VPSRLD ymm10, ymm10, 25
- BYTE $0xC5; BYTE $0x2D; BYTE $0xEF; BYTE $0xD0 // VPXOR ymm10, ymm10, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF5; BYTE $0x07 // VPSLLD ymm0, ymm13, 7
- BYTE $0xC4; BYTE $0xC1; BYTE $0x15; BYTE $0x72; BYTE $0xD5; BYTE $0x19 // VPSRLD ymm13, ymm13, 25
- BYTE $0xC5; BYTE $0x15; BYTE $0xEF; BYTE $0xE8 // VPXOR ymm13, ymm13, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x93 // VPSHUFD ymm3, ymm3, 147
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xF6; BYTE $0x93 // VPSHUFD ymm6, ymm6, 147
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xD2; BYTE $0x93 // VPSHUFD ymm10, ymm10, 147
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xED; BYTE $0x93 // VPSHUFD ymm13, ymm13, 147
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xFF; BYTE $0x4E // VPSHUFD ymm7, ymm7, 78
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xDB; BYTE $0x4E // VPSHUFD ymm11, ymm11, 78
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xF6; BYTE $0x4E // VPSHUFD ymm14, ymm14, 78
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x39 // VPSHUFD ymm1, ymm1, 57
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xC0; BYTE $0x39 // VPSHUFD ymm8, ymm8, 57
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xE4; BYTE $0x39 // VPSHUFD ymm12, ymm12, 57
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xFF; BYTE $0x39 // VPSHUFD ymm15, ymm15, 57
- BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA ymm0, [rsp + 64]
- SUBQ $2, SI
- JNE rounds_loop8_begin
- BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x00 // VBROADCASTI128 ymm0, [rax]
- BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD0 // VPADDD ymm2, ymm2, ymm0
- BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xE8 // VPADDD ymm5, ymm5, ymm0
- BYTE $0xC5; BYTE $0x35; BYTE $0xFE; BYTE $0xC8 // VPADDD ymm9, ymm9, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0xFE; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VPADDD ymm0, ymm0, [rsp + 64]
- BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm0
- BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x40; BYTE $0x10 // VBROADCASTI128 ymm0, [rax + 16]
- BYTE $0xC5; BYTE $0xE5; BYTE $0xFE; BYTE $0xD8 // VPADDD ymm3, ymm3, ymm0
- BYTE $0xC5; BYTE $0xCD; BYTE $0xFE; BYTE $0xF0 // VPADDD ymm6, ymm6, ymm0
- BYTE $0xC5; BYTE $0x2D; BYTE $0xFE; BYTE $0xD0 // VPADDD ymm10, ymm10, ymm0
- BYTE $0xC5; BYTE $0x15; BYTE $0xFE; BYTE $0xE8 // VPADDD ymm13, ymm13, ymm0
- BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x40; BYTE $0x20 // VBROADCASTI128 ymm0, [rax + 32]
- BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE0 // VPADDD ymm4, ymm4, ymm0
- BYTE $0xC5; BYTE $0xC5; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm0
- BYTE $0xC5; BYTE $0x25; BYTE $0xFE; BYTE $0xD8 // VPADDD ymm11, ymm11, ymm0
- BYTE $0xC5; BYTE $0x0D; BYTE $0xFE; BYTE $0xF0 // VPADDD ymm14, ymm14, ymm0
- BYTE $0xC5; BYTE $0xF5; BYTE $0xFE; BYTE $0x4C; BYTE $0x24; BYTE $0x20 // VPADDD ymm1, ymm1, [rsp + 32]
- BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x20 // VPERM2I128 ymm0, ymm2, ymm3, 32
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x03 // VPXOR ymm0, ymm0, [rbx]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x01 // VMOVDQU [rcx], ymm0
- BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x20 // VPERM2I128 ymm0, ymm4, ymm1, 32
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x20 // VPXOR ymm0, ymm0, [rbx + 32]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x20 // VMOVDQU [rcx + 32], ymm0
- BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x31 // VPERM2I128 ymm0, ymm2, ymm3, 49
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x40 // VPXOR ymm0, ymm0, [rbx + 64]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x40 // VMOVDQU [rcx + 64], ymm0
- BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x31 // VPERM2I128 ymm0, ymm4, ymm1, 49
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x60 // VPXOR ymm0, ymm0, [rbx + 96]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x60 // VMOVDQU [rcx + 96], ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x4C; BYTE $0x24; BYTE $0x20 // VMOVDQA ymm1, [rsp + 32]
- BYTE $0xC5; BYTE $0xF5; BYTE $0xFE; BYTE $0x0C; BYTE $0x24 // VPADDD ymm1, ymm1, [rsp]
- BYTE $0xC5; BYTE $0x3D; BYTE $0xFE; BYTE $0xC1 // VPADDD ymm8, ymm8, ymm1
- BYTE $0xC4; BYTE $0xE3; BYTE $0x55; BYTE $0x46; BYTE $0xC6; BYTE $0x20 // VPERM2I128 ymm0, ymm5, ymm6, 32
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x80; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 128]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x80; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 128], ymm0
- BYTE $0xC4; BYTE $0xC3; BYTE $0x45; BYTE $0x46; BYTE $0xC0; BYTE $0x20 // VPERM2I128 ymm0, ymm7, ymm8, 32
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xA0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 160]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xA0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 160], ymm0
- BYTE $0xC4; BYTE $0xE3; BYTE $0x55; BYTE $0x46; BYTE $0xC6; BYTE $0x31 // VPERM2I128 ymm0, ymm5, ymm6, 49
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xC0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 192]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xC0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 192], ymm0
- BYTE $0xC4; BYTE $0xC3; BYTE $0x45; BYTE $0x46; BYTE $0xC0; BYTE $0x31 // VPERM2I128 ymm0, ymm7, ymm8, 49
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xE0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 224]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xE0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 224], ymm0
- BYTE $0xC5; BYTE $0xF5; BYTE $0xFE; BYTE $0x0C; BYTE $0x24 // VPADDD ymm1, ymm1, [rsp]
- BYTE $0xC5; BYTE $0x1D; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm12, ymm12, ymm1
- BYTE $0xC4; BYTE $0xC3; BYTE $0x35; BYTE $0x46; BYTE $0xC2; BYTE $0x20 // VPERM2I128 ymm0, ymm9, ymm10, 32
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x00; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 256]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x00; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 256], ymm0
- BYTE $0xC4; BYTE $0xC3; BYTE $0x25; BYTE $0x46; BYTE $0xC4; BYTE $0x20 // VPERM2I128 ymm0, ymm11, ymm12, 32
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x20; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 288]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x20; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 288], ymm0
- BYTE $0xC4; BYTE $0xC3; BYTE $0x35; BYTE $0x46; BYTE $0xC2; BYTE $0x31 // VPERM2I128 ymm0, ymm9, ymm10, 49
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x40; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 320]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x40; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 320], ymm0
- BYTE $0xC4; BYTE $0xC3; BYTE $0x25; BYTE $0x46; BYTE $0xC4; BYTE $0x31 // VPERM2I128 ymm0, ymm11, ymm12, 49
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x60; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 352]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x60; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 352], ymm0
- BYTE $0xC5; BYTE $0xF5; BYTE $0xFE; BYTE $0x0C; BYTE $0x24 // VPADDD ymm1, ymm1, [rsp]
- BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA ymm0, [rsp + 64]
- BYTE $0xC5; BYTE $0x05; BYTE $0xFE; BYTE $0xF9 // VPADDD ymm15, ymm15, ymm1
- BYTE $0xC4; BYTE $0xC3; BYTE $0x7D; BYTE $0x46; BYTE $0xD5; BYTE $0x20 // VPERM2I128 ymm2, ymm0, ymm13, 32
- BYTE $0xC5; BYTE $0xED; BYTE $0xEF; BYTE $0x93; BYTE $0x80; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm2, ymm2, [rbx + 384]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x91; BYTE $0x80; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 384], ymm2
- BYTE $0xC4; BYTE $0xC3; BYTE $0x0D; BYTE $0x46; BYTE $0xD7; BYTE $0x20 // VPERM2I128 ymm2, ymm14, ymm15, 32
- BYTE $0xC5; BYTE $0xED; BYTE $0xEF; BYTE $0x93; BYTE $0xA0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm2, ymm2, [rbx + 416]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x91; BYTE $0xA0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 416], ymm2
- BYTE $0xC4; BYTE $0xC3; BYTE $0x7D; BYTE $0x46; BYTE $0xD5; BYTE $0x31 // VPERM2I128 ymm2, ymm0, ymm13, 49
- BYTE $0xC5; BYTE $0xED; BYTE $0xEF; BYTE $0x93; BYTE $0xC0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm2, ymm2, [rbx + 448]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x91; BYTE $0xC0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 448], ymm2
- BYTE $0xC4; BYTE $0xC3; BYTE $0x0D; BYTE $0x46; BYTE $0xD7; BYTE $0x31 // VPERM2I128 ymm2, ymm14, ymm15, 49
- BYTE $0xC5; BYTE $0xED; BYTE $0xEF; BYTE $0x93; BYTE $0xE0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm2, ymm2, [rbx + 480]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x91; BYTE $0xE0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 480], ymm2
- BYTE $0xC5; BYTE $0xF5; BYTE $0xFE; BYTE $0x0C; BYTE $0x24 // VPADDD ymm1, ymm1, [rsp]
- BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x4C; BYTE $0x24; BYTE $0x20 // VMOVDQA [rsp + 32], ymm1
- ADDQ $512, BX
- ADDQ $512, CX
- SUBQ $8, DX
- JCC vector_loop8_begin
-vector_loop8_end:
- BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xE1 // VMOVDQA ymm12, ymm1
- ADDQ $8, DX
- JEQ out_write_even
- BYTE $0xC4; BYTE $0x62; BYTE $0x7D; BYTE $0x5A; BYTE $0x08 // VBROADCASTI128 ymm9, [rax]
- BYTE $0xC4; BYTE $0x62; BYTE $0x7D; BYTE $0x5A; BYTE $0x50; BYTE $0x10 // VBROADCASTI128 ymm10, [rax + 16]
- BYTE $0xC4; BYTE $0x62; BYTE $0x7D; BYTE $0x5A; BYTE $0x58; BYTE $0x20 // VBROADCASTI128 ymm11, [rax + 32]
- BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0x34; BYTE $0x24 // VMOVDQA ymm14, [rsp]
- SUBQ $4, DX
- JCS process_2_blocks
- BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xCA // VMOVDQA ymm2, ymm9
- BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xD3 // VMOVDQA ymm3, ymm10
- BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xDC // VMOVDQA ymm4, ymm11
- BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xE1 // VMOVDQA ymm1, ymm12
- BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xEA // VMOVDQA ymm5, ymm2
- BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xF3 // VMOVDQA ymm6, ymm3
- BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xFC // VMOVDQA ymm7, ymm4
- BYTE $0xC4; BYTE $0x41; BYTE $0x75; BYTE $0xD4; BYTE $0xC6 // VPADDQ ymm8, ymm1, ymm14
- MOVQ $20, SI
-rounds_loop4_begin:
- BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
- BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
- BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x10 // VPSLLD ymm0, ymm8, 16
- BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x10 // VPSRLD ymm8, ymm8, 16
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
- BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
- BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
- BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x0C // VPSLLD ymm0, ymm6, 12
- BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x14 // VPSRLD ymm6, ymm6, 20
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
- BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
- BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
- BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x08 // VPSLLD ymm0, ymm8, 8
- BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x18 // VPSRLD ymm8, ymm8, 24
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
- BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
- BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
- BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x07 // VPSLLD ymm0, ymm6, 7
- BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x19 // VPSRLD ymm6, ymm6, 25
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x39 // VPSHUFD ymm3, ymm3, 57
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xF6; BYTE $0x39 // VPSHUFD ymm6, ymm6, 57
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xFF; BYTE $0x4E // VPSHUFD ymm7, ymm7, 78
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x93 // VPSHUFD ymm1, ymm1, 147
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xC0; BYTE $0x93 // VPSHUFD ymm8, ymm8, 147
- BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
- BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
- BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x10 // VPSLLD ymm0, ymm8, 16
- BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x10 // VPSRLD ymm8, ymm8, 16
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
- BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
- BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
- BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x0C // VPSLLD ymm0, ymm6, 12
- BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x14 // VPSRLD ymm6, ymm6, 20
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
- BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
- BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
- BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
- BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x08 // VPSLLD ymm0, ymm8, 8
- BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x18 // VPSRLD ymm8, ymm8, 24
- BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
- BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
- BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
- BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x07 // VPSLLD ymm0, ymm6, 7
- BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x19 // VPSRLD ymm6, ymm6, 25
- BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x93 // VPSHUFD ymm3, ymm3, 147
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xF6; BYTE $0x93 // VPSHUFD ymm6, ymm6, 147
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xFF; BYTE $0x4E // VPSHUFD ymm7, ymm7, 78
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x39 // VPSHUFD ymm1, ymm1, 57
- BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xC0; BYTE $0x39 // VPSHUFD ymm8, ymm8, 57
- SUBQ $2, SI
- JNE rounds_loop4_begin
- BYTE $0xC4; BYTE $0xC1; BYTE $0x6D; BYTE $0xFE; BYTE $0xD1 // VPADDD ymm2, ymm2, ymm9
- BYTE $0xC4; BYTE $0xC1; BYTE $0x65; BYTE $0xFE; BYTE $0xDA // VPADDD ymm3, ymm3, ymm10
- BYTE $0xC4; BYTE $0xC1; BYTE $0x5D; BYTE $0xFE; BYTE $0xE3 // VPADDD ymm4, ymm4, ymm11
- BYTE $0xC4; BYTE $0xC1; BYTE $0x75; BYTE $0xFE; BYTE $0xCC // VPADDD ymm1, ymm1, ymm12
- BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x20 // VPERM2I128 ymm0, ymm2, ymm3, 32
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x03 // VPXOR ymm0, ymm0, [rbx]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x01 // VMOVDQU [rcx], ymm0
- BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x20 // VPERM2I128 ymm0, ymm4, ymm1, 32
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x20 // VPXOR ymm0, ymm0, [rbx + 32]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x20 // VMOVDQU [rcx + 32], ymm0
- BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x31 // VPERM2I128 ymm0, ymm2, ymm3, 49
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x40 // VPXOR ymm0, ymm0, [rbx + 64]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x40 // VMOVDQU [rcx + 64], ymm0
- BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x31 // VPERM2I128 ymm0, ymm4, ymm1, 49
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x60 // VPXOR ymm0, ymm0, [rbx + 96]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x60 // VMOVDQU [rcx + 96], ymm0
- BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xFE; BYTE $0xE6 // VPADDD ymm12, ymm12, ymm14
- BYTE $0xC4; BYTE $0xC1; BYTE $0x55; BYTE $0xFE; BYTE $0xE9 // VPADDD ymm5, ymm5, ymm9
- BYTE $0xC4; BYTE $0xC1; BYTE $0x4D; BYTE $0xFE; BYTE $0xF2 // VPADDD ymm6, ymm6, ymm10
- BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xFB // VPADDD ymm7, ymm7, ymm11
- BYTE $0xC4; BYTE $0x41; BYTE $0x3D; BYTE $0xFE; BYTE $0xC4 // VPADDD ymm8, ymm8, ymm12
- BYTE $0xC4; BYTE $0xE3; BYTE $0x55; BYTE $0x46; BYTE $0xC6; BYTE $0x20 // VPERM2I128 ymm0, ymm5, ymm6, 32
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x80; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 128]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x80; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 128], ymm0
- BYTE $0xC4; BYTE $0xC3; BYTE $0x45; BYTE $0x46; BYTE $0xC0; BYTE $0x20 // VPERM2I128 ymm0, ymm7, ymm8, 32
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xA0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 160]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xA0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 160], ymm0
- BYTE $0xC4; BYTE $0xE3; BYTE $0x55; BYTE $0x46; BYTE $0xC6; BYTE $0x31 // VPERM2I128 ymm0, ymm5, ymm6, 49
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xC0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 192]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xC0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 192], ymm0
- BYTE $0xC4; BYTE $0xC3; BYTE $0x45; BYTE $0x46; BYTE $0xC0; BYTE $0x31 // VPERM2I128 ymm0, ymm7, ymm8, 49
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xE0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 224]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xE0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 224], ymm0
- BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xFE; BYTE $0xE6 // VPADDD ymm12, ymm12, ymm14
- ADDQ $256, BX
- ADDQ $256, CX
- SUBQ $4, DX
-process_2_blocks:
- ADDQ $4, DX
- JEQ out_write_even
-vector_loop2_begin:
- BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xCA // VMOVDQA ymm2, ymm9
- BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xD3 // VMOVDQA ymm3, ymm10
- BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xDC // VMOVDQA ymm4, ymm11
- BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xE1 // VMOVDQA ymm1, ymm12
- MOVQ $20, SI
-rounds_loop2_begin:
- BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
- BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
- BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
- BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
- BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
- BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
- BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
- BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x39 // VPSHUFD ymm3, ymm3, 57
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x93 // VPSHUFD ymm1, ymm1, 147
- BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
- BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
- BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
- BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
- BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
- BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
- BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
- BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
- BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
- BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
- BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x93 // VPSHUFD ymm3, ymm3, 147
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
- BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x39 // VPSHUFD ymm1, ymm1, 57
- SUBQ $2, SI
- JNE rounds_loop2_begin
- BYTE $0xC4; BYTE $0xC1; BYTE $0x6D; BYTE $0xFE; BYTE $0xD1 // VPADDD ymm2, ymm2, ymm9
- BYTE $0xC4; BYTE $0xC1; BYTE $0x65; BYTE $0xFE; BYTE $0xDA // VPADDD ymm3, ymm3, ymm10
- BYTE $0xC4; BYTE $0xC1; BYTE $0x5D; BYTE $0xFE; BYTE $0xE3 // VPADDD ymm4, ymm4, ymm11
- BYTE $0xC4; BYTE $0xC1; BYTE $0x75; BYTE $0xFE; BYTE $0xCC // VPADDD ymm1, ymm1, ymm12
- BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x20 // VPERM2I128 ymm0, ymm2, ymm3, 32
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x03 // VPXOR ymm0, ymm0, [rbx]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x01 // VMOVDQU [rcx], ymm0
- BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x20 // VPERM2I128 ymm0, ymm4, ymm1, 32
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x20 // VPXOR ymm0, ymm0, [rbx + 32]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x20 // VMOVDQU [rcx + 32], ymm0
- SUBQ $1, DX
- JEQ out_write_odd
- BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xFE; BYTE $0xE6 // VPADDD ymm12, ymm12, ymm14
- BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x31 // VPERM2I128 ymm0, ymm2, ymm3, 49
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x40 // VPXOR ymm0, ymm0, [rbx + 64]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x40 // VMOVDQU [rcx + 64], ymm0
- BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x31 // VPERM2I128 ymm0, ymm4, ymm1, 49
- BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x60 // VPXOR ymm0, ymm0, [rbx + 96]
- BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x60 // VMOVDQU [rcx + 96], ymm0
- SUBQ $1, DX
- JEQ out_write_even
- ADDQ $128, BX
- ADDQ $128, CX
- JMP vector_loop2_begin
-out_write_odd:
- BYTE $0xC4; BYTE $0x43; BYTE $0x1D; BYTE $0x46; BYTE $0xE4; BYTE $0x01 // VPERM2I128 ymm12, ymm12, ymm12, 1
-out_write_even:
- BYTE $0xC5; BYTE $0x7A; BYTE $0x7F; BYTE $0x60; BYTE $0x30 // VMOVDQU [rax + 48], xmm12
- BYTE $0xC5; BYTE $0xED; BYTE $0xEF; BYTE $0xD2 // VPXOR ymm2, ymm2, ymm2
- BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x54; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm2
- BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x54; BYTE $0x24; BYTE $0x20 // VMOVDQA [rsp + 32], ymm2
- BYTE $0xC5; BYTE $0xFC; BYTE $0x77 // VZEROALL
- MOVQ DI, SP
- RET
-
-// func cpuidAmd64(cpuidParams *uint32)
-TEXT ·cpuidAmd64(SB),4,$0-8
- MOVQ cpuidParams+0(FP), R15
- MOVL 0(R15), AX
- MOVL 8(R15), CX
- CPUID
- MOVL AX, 0(R15)
- MOVL BX, 4(R15)
- MOVL CX, 8(R15)
- MOVL DX, 12(R15)
- RET
-
-// func xgetbv0Amd64(xcrVec *uint32)
-TEXT ·xgetbv0Amd64(SB),4,$0-8
- MOVQ xcrVec+0(FP), BX
- XORL CX, CX
- BYTE $0x0F; BYTE $0x01; BYTE $0xD0 // XGETBV
- MOVL AX, 0(BX)
- MOVL DX, 4(BX)
- RET
diff --git a/vendor/github.com/Yawning/chacha20/chacha20_ref.go b/vendor/github.com/Yawning/chacha20/chacha20_ref.go
deleted file mode 100644
index fcdc8c6..0000000
--- a/vendor/github.com/Yawning/chacha20/chacha20_ref.go
+++ /dev/null
@@ -1,394 +0,0 @@
-// chacha20_ref.go - Reference ChaCha20.
-//
-// To the extent possible under law, Yawning Angel has waived all copyright
-// and related or neighboring rights to chacha20, using the Creative
-// Commons "CC0" public domain dedication. See LICENSE or
-// for full details.
-
-// +build !go1.9
-
-package chacha20
-
-import (
- "encoding/binary"
- "math"
- "unsafe"
-)
-
-func blocksRef(x *[stateSize]uint32, in []byte, out []byte, nrBlocks int, isIetf bool) {
- if isIetf {
- var totalBlocks uint64
- totalBlocks = uint64(x[12]) + uint64(nrBlocks)
- if totalBlocks > math.MaxUint32 {
- panic("chacha20: Exceeded keystream per nonce limit")
- }
- }
-
- // This routine ignores x[0]...x[4] in favor the const values since it's
- // ever so slightly faster.
-
- for n := 0; n < nrBlocks; n++ {
- x0, x1, x2, x3 := sigma0, sigma1, sigma2, sigma3
- x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15 := x[4], x[5], x[6], x[7], x[8], x[9], x[10], x[11], x[12], x[13], x[14], x[15]
-
- for i := chachaRounds; i > 0; i -= 2 {
- // quarterround(x, 0, 4, 8, 12)
- x0 += x4
- x12 ^= x0
- x12 = (x12 << 16) | (x12 >> 16)
- x8 += x12
- x4 ^= x8
- x4 = (x4 << 12) | (x4 >> 20)
- x0 += x4
- x12 ^= x0
- x12 = (x12 << 8) | (x12 >> 24)
- x8 += x12
- x4 ^= x8
- x4 = (x4 << 7) | (x4 >> 25)
-
- // quarterround(x, 1, 5, 9, 13)
- x1 += x5
- x13 ^= x1
- x13 = (x13 << 16) | (x13 >> 16)
- x9 += x13
- x5 ^= x9
- x5 = (x5 << 12) | (x5 >> 20)
- x1 += x5
- x13 ^= x1
- x13 = (x13 << 8) | (x13 >> 24)
- x9 += x13
- x5 ^= x9
- x5 = (x5 << 7) | (x5 >> 25)
-
- // quarterround(x, 2, 6, 10, 14)
- x2 += x6
- x14 ^= x2
- x14 = (x14 << 16) | (x14 >> 16)
- x10 += x14
- x6 ^= x10
- x6 = (x6 << 12) | (x6 >> 20)
- x2 += x6
- x14 ^= x2
- x14 = (x14 << 8) | (x14 >> 24)
- x10 += x14
- x6 ^= x10
- x6 = (x6 << 7) | (x6 >> 25)
-
- // quarterround(x, 3, 7, 11, 15)
- x3 += x7
- x15 ^= x3
- x15 = (x15 << 16) | (x15 >> 16)
- x11 += x15
- x7 ^= x11
- x7 = (x7 << 12) | (x7 >> 20)
- x3 += x7
- x15 ^= x3
- x15 = (x15 << 8) | (x15 >> 24)
- x11 += x15
- x7 ^= x11
- x7 = (x7 << 7) | (x7 >> 25)
-
- // quarterround(x, 0, 5, 10, 15)
- x0 += x5
- x15 ^= x0
- x15 = (x15 << 16) | (x15 >> 16)
- x10 += x15
- x5 ^= x10
- x5 = (x5 << 12) | (x5 >> 20)
- x0 += x5
- x15 ^= x0
- x15 = (x15 << 8) | (x15 >> 24)
- x10 += x15
- x5 ^= x10
- x5 = (x5 << 7) | (x5 >> 25)
-
- // quarterround(x, 1, 6, 11, 12)
- x1 += x6
- x12 ^= x1
- x12 = (x12 << 16) | (x12 >> 16)
- x11 += x12
- x6 ^= x11
- x6 = (x6 << 12) | (x6 >> 20)
- x1 += x6
- x12 ^= x1
- x12 = (x12 << 8) | (x12 >> 24)
- x11 += x12
- x6 ^= x11
- x6 = (x6 << 7) | (x6 >> 25)
-
- // quarterround(x, 2, 7, 8, 13)
- x2 += x7
- x13 ^= x2
- x13 = (x13 << 16) | (x13 >> 16)
- x8 += x13
- x7 ^= x8
- x7 = (x7 << 12) | (x7 >> 20)
- x2 += x7
- x13 ^= x2
- x13 = (x13 << 8) | (x13 >> 24)
- x8 += x13
- x7 ^= x8
- x7 = (x7 << 7) | (x7 >> 25)
-
- // quarterround(x, 3, 4, 9, 14)
- x3 += x4
- x14 ^= x3
- x14 = (x14 << 16) | (x14 >> 16)
- x9 += x14
- x4 ^= x9
- x4 = (x4 << 12) | (x4 >> 20)
- x3 += x4
- x14 ^= x3
- x14 = (x14 << 8) | (x14 >> 24)
- x9 += x14
- x4 ^= x9
- x4 = (x4 << 7) | (x4 >> 25)
- }
-
- // On amd64 at least, this is a rather big boost.
- if useUnsafe {
- if in != nil {
- inArr := (*[16]uint32)(unsafe.Pointer(&in[n*BlockSize]))
- outArr := (*[16]uint32)(unsafe.Pointer(&out[n*BlockSize]))
- outArr[0] = inArr[0] ^ (x0 + sigma0)
- outArr[1] = inArr[1] ^ (x1 + sigma1)
- outArr[2] = inArr[2] ^ (x2 + sigma2)
- outArr[3] = inArr[3] ^ (x3 + sigma3)
- outArr[4] = inArr[4] ^ (x4 + x[4])
- outArr[5] = inArr[5] ^ (x5 + x[5])
- outArr[6] = inArr[6] ^ (x6 + x[6])
- outArr[7] = inArr[7] ^ (x7 + x[7])
- outArr[8] = inArr[8] ^ (x8 + x[8])
- outArr[9] = inArr[9] ^ (x9 + x[9])
- outArr[10] = inArr[10] ^ (x10 + x[10])
- outArr[11] = inArr[11] ^ (x11 + x[11])
- outArr[12] = inArr[12] ^ (x12 + x[12])
- outArr[13] = inArr[13] ^ (x13 + x[13])
- outArr[14] = inArr[14] ^ (x14 + x[14])
- outArr[15] = inArr[15] ^ (x15 + x[15])
- } else {
- outArr := (*[16]uint32)(unsafe.Pointer(&out[n*BlockSize]))
- outArr[0] = x0 + sigma0
- outArr[1] = x1 + sigma1
- outArr[2] = x2 + sigma2
- outArr[3] = x3 + sigma3
- outArr[4] = x4 + x[4]
- outArr[5] = x5 + x[5]
- outArr[6] = x6 + x[6]
- outArr[7] = x7 + x[7]
- outArr[8] = x8 + x[8]
- outArr[9] = x9 + x[9]
- outArr[10] = x10 + x[10]
- outArr[11] = x11 + x[11]
- outArr[12] = x12 + x[12]
- outArr[13] = x13 + x[13]
- outArr[14] = x14 + x[14]
- outArr[15] = x15 + x[15]
- }
- } else {
- // Slow path, either the architecture cares about alignment, or is not little endian.
- x0 += sigma0
- x1 += sigma1
- x2 += sigma2
- x3 += sigma3
- x4 += x[4]
- x5 += x[5]
- x6 += x[6]
- x7 += x[7]
- x8 += x[8]
- x9 += x[9]
- x10 += x[10]
- x11 += x[11]
- x12 += x[12]
- x13 += x[13]
- x14 += x[14]
- x15 += x[15]
- if in != nil {
- binary.LittleEndian.PutUint32(out[0:4], binary.LittleEndian.Uint32(in[0:4])^x0)
- binary.LittleEndian.PutUint32(out[4:8], binary.LittleEndian.Uint32(in[4:8])^x1)
- binary.LittleEndian.PutUint32(out[8:12], binary.LittleEndian.Uint32(in[8:12])^x2)
- binary.LittleEndian.PutUint32(out[12:16], binary.LittleEndian.Uint32(in[12:16])^x3)
- binary.LittleEndian.PutUint32(out[16:20], binary.LittleEndian.Uint32(in[16:20])^x4)
- binary.LittleEndian.PutUint32(out[20:24], binary.LittleEndian.Uint32(in[20:24])^x5)
- binary.LittleEndian.PutUint32(out[24:28], binary.LittleEndian.Uint32(in[24:28])^x6)
- binary.LittleEndian.PutUint32(out[28:32], binary.LittleEndian.Uint32(in[28:32])^x7)
- binary.LittleEndian.PutUint32(out[32:36], binary.LittleEndian.Uint32(in[32:36])^x8)
- binary.LittleEndian.PutUint32(out[36:40], binary.LittleEndian.Uint32(in[36:40])^x9)
- binary.LittleEndian.PutUint32(out[40:44], binary.LittleEndian.Uint32(in[40:44])^x10)
- binary.LittleEndian.PutUint32(out[44:48], binary.LittleEndian.Uint32(in[44:48])^x11)
- binary.LittleEndian.PutUint32(out[48:52], binary.LittleEndian.Uint32(in[48:52])^x12)
- binary.LittleEndian.PutUint32(out[52:56], binary.LittleEndian.Uint32(in[52:56])^x13)
- binary.LittleEndian.PutUint32(out[56:60], binary.LittleEndian.Uint32(in[56:60])^x14)
- binary.LittleEndian.PutUint32(out[60:64], binary.LittleEndian.Uint32(in[60:64])^x15)
- in = in[BlockSize:]
- } else {
- binary.LittleEndian.PutUint32(out[0:4], x0)
- binary.LittleEndian.PutUint32(out[4:8], x1)
- binary.LittleEndian.PutUint32(out[8:12], x2)
- binary.LittleEndian.PutUint32(out[12:16], x3)
- binary.LittleEndian.PutUint32(out[16:20], x4)
- binary.LittleEndian.PutUint32(out[20:24], x5)
- binary.LittleEndian.PutUint32(out[24:28], x6)
- binary.LittleEndian.PutUint32(out[28:32], x7)
- binary.LittleEndian.PutUint32(out[32:36], x8)
- binary.LittleEndian.PutUint32(out[36:40], x9)
- binary.LittleEndian.PutUint32(out[40:44], x10)
- binary.LittleEndian.PutUint32(out[44:48], x11)
- binary.LittleEndian.PutUint32(out[48:52], x12)
- binary.LittleEndian.PutUint32(out[52:56], x13)
- binary.LittleEndian.PutUint32(out[56:60], x14)
- binary.LittleEndian.PutUint32(out[60:64], x15)
- }
- out = out[BlockSize:]
- }
-
- // Stoping at 2^70 bytes per nonce is the user's responsibility.
- ctr := uint64(x[13])<<32 | uint64(x[12])
- ctr++
- x[12] = uint32(ctr)
- x[13] = uint32(ctr >> 32)
- }
-}
-
-func hChaChaRef(x *[stateSize]uint32, out *[32]byte) {
- x0, x1, x2, x3 := sigma0, sigma1, sigma2, sigma3
- x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15 := x[0], x[1], x[2], x[3], x[4], x[5], x[6], x[7], x[8], x[9], x[10], x[11]
-
- for i := chachaRounds; i > 0; i -= 2 {
- // quarterround(x, 0, 4, 8, 12)
- x0 += x4
- x12 ^= x0
- x12 = (x12 << 16) | (x12 >> 16)
- x8 += x12
- x4 ^= x8
- x4 = (x4 << 12) | (x4 >> 20)
- x0 += x4
- x12 ^= x0
- x12 = (x12 << 8) | (x12 >> 24)
- x8 += x12
- x4 ^= x8
- x4 = (x4 << 7) | (x4 >> 25)
-
- // quarterround(x, 1, 5, 9, 13)
- x1 += x5
- x13 ^= x1
- x13 = (x13 << 16) | (x13 >> 16)
- x9 += x13
- x5 ^= x9
- x5 = (x5 << 12) | (x5 >> 20)
- x1 += x5
- x13 ^= x1
- x13 = (x13 << 8) | (x13 >> 24)
- x9 += x13
- x5 ^= x9
- x5 = (x5 << 7) | (x5 >> 25)
-
- // quarterround(x, 2, 6, 10, 14)
- x2 += x6
- x14 ^= x2
- x14 = (x14 << 16) | (x14 >> 16)
- x10 += x14
- x6 ^= x10
- x6 = (x6 << 12) | (x6 >> 20)
- x2 += x6
- x14 ^= x2
- x14 = (x14 << 8) | (x14 >> 24)
- x10 += x14
- x6 ^= x10
- x6 = (x6 << 7) | (x6 >> 25)
-
- // quarterround(x, 3, 7, 11, 15)
- x3 += x7
- x15 ^= x3
- x15 = (x15 << 16) | (x15 >> 16)
- x11 += x15
- x7 ^= x11
- x7 = (x7 << 12) | (x7 >> 20)
- x3 += x7
- x15 ^= x3
- x15 = (x15 << 8) | (x15 >> 24)
- x11 += x15
- x7 ^= x11
- x7 = (x7 << 7) | (x7 >> 25)
-
- // quarterround(x, 0, 5, 10, 15)
- x0 += x5
- x15 ^= x0
- x15 = (x15 << 16) | (x15 >> 16)
- x10 += x15
- x5 ^= x10
- x5 = (x5 << 12) | (x5 >> 20)
- x0 += x5
- x15 ^= x0
- x15 = (x15 << 8) | (x15 >> 24)
- x10 += x15
- x5 ^= x10
- x5 = (x5 << 7) | (x5 >> 25)
-
- // quarterround(x, 1, 6, 11, 12)
- x1 += x6
- x12 ^= x1
- x12 = (x12 << 16) | (x12 >> 16)
- x11 += x12
- x6 ^= x11
- x6 = (x6 << 12) | (x6 >> 20)
- x1 += x6
- x12 ^= x1
- x12 = (x12 << 8) | (x12 >> 24)
- x11 += x12
- x6 ^= x11
- x6 = (x6 << 7) | (x6 >> 25)
-
- // quarterround(x, 2, 7, 8, 13)
- x2 += x7
- x13 ^= x2
- x13 = (x13 << 16) | (x13 >> 16)
- x8 += x13
- x7 ^= x8
- x7 = (x7 << 12) | (x7 >> 20)
- x2 += x7
- x13 ^= x2
- x13 = (x13 << 8) | (x13 >> 24)
- x8 += x13
- x7 ^= x8
- x7 = (x7 << 7) | (x7 >> 25)
-
- // quarterround(x, 3, 4, 9, 14)
- x3 += x4
- x14 ^= x3
- x14 = (x14 << 16) | (x14 >> 16)
- x9 += x14
- x4 ^= x9
- x4 = (x4 << 12) | (x4 >> 20)
- x3 += x4
- x14 ^= x3
- x14 = (x14 << 8) | (x14 >> 24)
- x9 += x14
- x4 ^= x9
- x4 = (x4 << 7) | (x4 >> 25)
- }
-
- // HChaCha returns x0...x3 | x12...x15, which corresponds to the
- // indexes of the ChaCha constant and the indexes of the IV.
- if useUnsafe {
- outArr := (*[16]uint32)(unsafe.Pointer(&out[0]))
- outArr[0] = x0
- outArr[1] = x1
- outArr[2] = x2
- outArr[3] = x3
- outArr[4] = x12
- outArr[5] = x13
- outArr[6] = x14
- outArr[7] = x15
- } else {
- binary.LittleEndian.PutUint32(out[0:4], x0)
- binary.LittleEndian.PutUint32(out[4:8], x1)
- binary.LittleEndian.PutUint32(out[8:12], x2)
- binary.LittleEndian.PutUint32(out[12:16], x3)
- binary.LittleEndian.PutUint32(out[16:20], x12)
- binary.LittleEndian.PutUint32(out[20:24], x13)
- binary.LittleEndian.PutUint32(out[24:28], x14)
- binary.LittleEndian.PutUint32(out[28:32], x15)
- }
- return
-}
diff --git a/vendor/github.com/Yawning/chacha20/chacha20_ref_go19.go b/vendor/github.com/Yawning/chacha20/chacha20_ref_go19.go
deleted file mode 100644
index 8405c22..0000000
--- a/vendor/github.com/Yawning/chacha20/chacha20_ref_go19.go
+++ /dev/null
@@ -1,395 +0,0 @@
-// chacha20_ref.go - Reference ChaCha20.
-//
-// To the extent possible under law, Yawning Angel has waived all copyright
-// and related or neighboring rights to chacha20, using the Creative
-// Commons "CC0" public domain dedication. See LICENSE or
-// for full details.
-
-// +build go1.9
-
-package chacha20
-
-import (
- "encoding/binary"
- "math"
- "math/bits"
- "unsafe"
-)
-
-func blocksRef(x *[stateSize]uint32, in []byte, out []byte, nrBlocks int, isIetf bool) {
- if isIetf {
- var totalBlocks uint64
- totalBlocks = uint64(x[12]) + uint64(nrBlocks)
- if totalBlocks > math.MaxUint32 {
- panic("chacha20: Exceeded keystream per nonce limit")
- }
- }
-
- // This routine ignores x[0]...x[4] in favor the const values since it's
- // ever so slightly faster.
-
- for n := 0; n < nrBlocks; n++ {
- x0, x1, x2, x3 := sigma0, sigma1, sigma2, sigma3
- x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15 := x[4], x[5], x[6], x[7], x[8], x[9], x[10], x[11], x[12], x[13], x[14], x[15]
-
- for i := chachaRounds; i > 0; i -= 2 {
- // quarterround(x, 0, 4, 8, 12)
- x0 += x4
- x12 ^= x0
- x12 = bits.RotateLeft32(x12, 16)
- x8 += x12
- x4 ^= x8
- x4 = bits.RotateLeft32(x4, 12)
- x0 += x4
- x12 ^= x0
- x12 = bits.RotateLeft32(x12, 8)
- x8 += x12
- x4 ^= x8
- x4 = bits.RotateLeft32(x4, 7)
-
- // quarterround(x, 1, 5, 9, 13)
- x1 += x5
- x13 ^= x1
- x13 = bits.RotateLeft32(x13, 16)
- x9 += x13
- x5 ^= x9
- x5 = bits.RotateLeft32(x5, 12)
- x1 += x5
- x13 ^= x1
- x13 = bits.RotateLeft32(x13, 8)
- x9 += x13
- x5 ^= x9
- x5 = bits.RotateLeft32(x5, 7)
-
- // quarterround(x, 2, 6, 10, 14)
- x2 += x6
- x14 ^= x2
- x14 = bits.RotateLeft32(x14, 16)
- x10 += x14
- x6 ^= x10
- x6 = bits.RotateLeft32(x6, 12)
- x2 += x6
- x14 ^= x2
- x14 = bits.RotateLeft32(x14, 8)
- x10 += x14
- x6 ^= x10
- x6 = bits.RotateLeft32(x6, 7)
-
- // quarterround(x, 3, 7, 11, 15)
- x3 += x7
- x15 ^= x3
- x15 = bits.RotateLeft32(x15, 16)
- x11 += x15
- x7 ^= x11
- x7 = bits.RotateLeft32(x7, 12)
- x3 += x7
- x15 ^= x3
- x15 = bits.RotateLeft32(x15, 8)
- x11 += x15
- x7 ^= x11
- x7 = bits.RotateLeft32(x7, 7)
-
- // quarterround(x, 0, 5, 10, 15)
- x0 += x5
- x15 ^= x0
- x15 = bits.RotateLeft32(x15, 16)
- x10 += x15
- x5 ^= x10
- x5 = bits.RotateLeft32(x5, 12)
- x0 += x5
- x15 ^= x0
- x15 = bits.RotateLeft32(x15, 8)
- x10 += x15
- x5 ^= x10
- x5 = bits.RotateLeft32(x5, 7)
-
- // quarterround(x, 1, 6, 11, 12)
- x1 += x6
- x12 ^= x1
- x12 = bits.RotateLeft32(x12, 16)
- x11 += x12
- x6 ^= x11
- x6 = bits.RotateLeft32(x6, 12)
- x1 += x6
- x12 ^= x1
- x12 = bits.RotateLeft32(x12, 8)
- x11 += x12
- x6 ^= x11
- x6 = bits.RotateLeft32(x6, 7)
-
- // quarterround(x, 2, 7, 8, 13)
- x2 += x7
- x13 ^= x2
- x13 = bits.RotateLeft32(x13, 16)
- x8 += x13
- x7 ^= x8
- x7 = bits.RotateLeft32(x7, 12)
- x2 += x7
- x13 ^= x2
- x13 = bits.RotateLeft32(x13, 8)
- x8 += x13
- x7 ^= x8
- x7 = bits.RotateLeft32(x7, 7)
-
- // quarterround(x, 3, 4, 9, 14)
- x3 += x4
- x14 ^= x3
- x14 = bits.RotateLeft32(x14, 16)
- x9 += x14
- x4 ^= x9
- x4 = bits.RotateLeft32(x4, 12)
- x3 += x4
- x14 ^= x3
- x14 = bits.RotateLeft32(x14, 8)
- x9 += x14
- x4 ^= x9
- x4 = bits.RotateLeft32(x4, 7)
- }
-
- // On amd64 at least, this is a rather big boost.
- if useUnsafe {
- if in != nil {
- inArr := (*[16]uint32)(unsafe.Pointer(&in[n*BlockSize]))
- outArr := (*[16]uint32)(unsafe.Pointer(&out[n*BlockSize]))
- outArr[0] = inArr[0] ^ (x0 + sigma0)
- outArr[1] = inArr[1] ^ (x1 + sigma1)
- outArr[2] = inArr[2] ^ (x2 + sigma2)
- outArr[3] = inArr[3] ^ (x3 + sigma3)
- outArr[4] = inArr[4] ^ (x4 + x[4])
- outArr[5] = inArr[5] ^ (x5 + x[5])
- outArr[6] = inArr[6] ^ (x6 + x[6])
- outArr[7] = inArr[7] ^ (x7 + x[7])
- outArr[8] = inArr[8] ^ (x8 + x[8])
- outArr[9] = inArr[9] ^ (x9 + x[9])
- outArr[10] = inArr[10] ^ (x10 + x[10])
- outArr[11] = inArr[11] ^ (x11 + x[11])
- outArr[12] = inArr[12] ^ (x12 + x[12])
- outArr[13] = inArr[13] ^ (x13 + x[13])
- outArr[14] = inArr[14] ^ (x14 + x[14])
- outArr[15] = inArr[15] ^ (x15 + x[15])
- } else {
- outArr := (*[16]uint32)(unsafe.Pointer(&out[n*BlockSize]))
- outArr[0] = x0 + sigma0
- outArr[1] = x1 + sigma1
- outArr[2] = x2 + sigma2
- outArr[3] = x3 + sigma3
- outArr[4] = x4 + x[4]
- outArr[5] = x5 + x[5]
- outArr[6] = x6 + x[6]
- outArr[7] = x7 + x[7]
- outArr[8] = x8 + x[8]
- outArr[9] = x9 + x[9]
- outArr[10] = x10 + x[10]
- outArr[11] = x11 + x[11]
- outArr[12] = x12 + x[12]
- outArr[13] = x13 + x[13]
- outArr[14] = x14 + x[14]
- outArr[15] = x15 + x[15]
- }
- } else {
- // Slow path, either the architecture cares about alignment, or is not little endian.
- x0 += sigma0
- x1 += sigma1
- x2 += sigma2
- x3 += sigma3
- x4 += x[4]
- x5 += x[5]
- x6 += x[6]
- x7 += x[7]
- x8 += x[8]
- x9 += x[9]
- x10 += x[10]
- x11 += x[11]
- x12 += x[12]
- x13 += x[13]
- x14 += x[14]
- x15 += x[15]
- if in != nil {
- binary.LittleEndian.PutUint32(out[0:4], binary.LittleEndian.Uint32(in[0:4])^x0)
- binary.LittleEndian.PutUint32(out[4:8], binary.LittleEndian.Uint32(in[4:8])^x1)
- binary.LittleEndian.PutUint32(out[8:12], binary.LittleEndian.Uint32(in[8:12])^x2)
- binary.LittleEndian.PutUint32(out[12:16], binary.LittleEndian.Uint32(in[12:16])^x3)
- binary.LittleEndian.PutUint32(out[16:20], binary.LittleEndian.Uint32(in[16:20])^x4)
- binary.LittleEndian.PutUint32(out[20:24], binary.LittleEndian.Uint32(in[20:24])^x5)
- binary.LittleEndian.PutUint32(out[24:28], binary.LittleEndian.Uint32(in[24:28])^x6)
- binary.LittleEndian.PutUint32(out[28:32], binary.LittleEndian.Uint32(in[28:32])^x7)
- binary.LittleEndian.PutUint32(out[32:36], binary.LittleEndian.Uint32(in[32:36])^x8)
- binary.LittleEndian.PutUint32(out[36:40], binary.LittleEndian.Uint32(in[36:40])^x9)
- binary.LittleEndian.PutUint32(out[40:44], binary.LittleEndian.Uint32(in[40:44])^x10)
- binary.LittleEndian.PutUint32(out[44:48], binary.LittleEndian.Uint32(in[44:48])^x11)
- binary.LittleEndian.PutUint32(out[48:52], binary.LittleEndian.Uint32(in[48:52])^x12)
- binary.LittleEndian.PutUint32(out[52:56], binary.LittleEndian.Uint32(in[52:56])^x13)
- binary.LittleEndian.PutUint32(out[56:60], binary.LittleEndian.Uint32(in[56:60])^x14)
- binary.LittleEndian.PutUint32(out[60:64], binary.LittleEndian.Uint32(in[60:64])^x15)
- in = in[BlockSize:]
- } else {
- binary.LittleEndian.PutUint32(out[0:4], x0)
- binary.LittleEndian.PutUint32(out[4:8], x1)
- binary.LittleEndian.PutUint32(out[8:12], x2)
- binary.LittleEndian.PutUint32(out[12:16], x3)
- binary.LittleEndian.PutUint32(out[16:20], x4)
- binary.LittleEndian.PutUint32(out[20:24], x5)
- binary.LittleEndian.PutUint32(out[24:28], x6)
- binary.LittleEndian.PutUint32(out[28:32], x7)
- binary.LittleEndian.PutUint32(out[32:36], x8)
- binary.LittleEndian.PutUint32(out[36:40], x9)
- binary.LittleEndian.PutUint32(out[40:44], x10)
- binary.LittleEndian.PutUint32(out[44:48], x11)
- binary.LittleEndian.PutUint32(out[48:52], x12)
- binary.LittleEndian.PutUint32(out[52:56], x13)
- binary.LittleEndian.PutUint32(out[56:60], x14)
- binary.LittleEndian.PutUint32(out[60:64], x15)
- }
- out = out[BlockSize:]
- }
-
- // Stoping at 2^70 bytes per nonce is the user's responsibility.
- ctr := uint64(x[13])<<32 | uint64(x[12])
- ctr++
- x[12] = uint32(ctr)
- x[13] = uint32(ctr >> 32)
- }
-}
-
-func hChaChaRef(x *[stateSize]uint32, out *[32]byte) {
- x0, x1, x2, x3 := sigma0, sigma1, sigma2, sigma3
- x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15 := x[0], x[1], x[2], x[3], x[4], x[5], x[6], x[7], x[8], x[9], x[10], x[11]
-
- for i := chachaRounds; i > 0; i -= 2 {
- // quarterround(x, 0, 4, 8, 12)
- x0 += x4
- x12 ^= x0
- x12 = bits.RotateLeft32(x12, 16)
- x8 += x12
- x4 ^= x8
- x4 = bits.RotateLeft32(x4, 12)
- x0 += x4
- x12 ^= x0
- x12 = bits.RotateLeft32(x12, 8)
- x8 += x12
- x4 ^= x8
- x4 = bits.RotateLeft32(x4, 7)
-
- // quarterround(x, 1, 5, 9, 13)
- x1 += x5
- x13 ^= x1
- x13 = bits.RotateLeft32(x13, 16)
- x9 += x13
- x5 ^= x9
- x5 = bits.RotateLeft32(x5, 12)
- x1 += x5
- x13 ^= x1
- x13 = bits.RotateLeft32(x13, 8)
- x9 += x13
- x5 ^= x9
- x5 = bits.RotateLeft32(x5, 7)
-
- // quarterround(x, 2, 6, 10, 14)
- x2 += x6
- x14 ^= x2
- x14 = bits.RotateLeft32(x14, 16)
- x10 += x14
- x6 ^= x10
- x6 = bits.RotateLeft32(x6, 12)
- x2 += x6
- x14 ^= x2
- x14 = bits.RotateLeft32(x14, 8)
- x10 += x14
- x6 ^= x10
- x6 = bits.RotateLeft32(x6, 7)
-
- // quarterround(x, 3, 7, 11, 15)
- x3 += x7
- x15 ^= x3
- x15 = bits.RotateLeft32(x15, 16)
- x11 += x15
- x7 ^= x11
- x7 = bits.RotateLeft32(x7, 12)
- x3 += x7
- x15 ^= x3
- x15 = bits.RotateLeft32(x15, 8)
- x11 += x15
- x7 ^= x11
- x7 = bits.RotateLeft32(x7, 7)
-
- // quarterround(x, 0, 5, 10, 15)
- x0 += x5
- x15 ^= x0
- x15 = bits.RotateLeft32(x15, 16)
- x10 += x15
- x5 ^= x10
- x5 = bits.RotateLeft32(x5, 12)
- x0 += x5
- x15 ^= x0
- x15 = bits.RotateLeft32(x15, 8)
- x10 += x15
- x5 ^= x10
- x5 = bits.RotateLeft32(x5, 7)
-
- // quarterround(x, 1, 6, 11, 12)
- x1 += x6
- x12 ^= x1
- x12 = bits.RotateLeft32(x12, 16)
- x11 += x12
- x6 ^= x11
- x6 = bits.RotateLeft32(x6, 12)
- x1 += x6
- x12 ^= x1
- x12 = bits.RotateLeft32(x12, 8)
- x11 += x12
- x6 ^= x11
- x6 = bits.RotateLeft32(x6, 7)
-
- // quarterround(x, 2, 7, 8, 13)
- x2 += x7
- x13 ^= x2
- x13 = bits.RotateLeft32(x13, 16)
- x8 += x13
- x7 ^= x8
- x7 = bits.RotateLeft32(x7, 12)
- x2 += x7
- x13 ^= x2
- x13 = bits.RotateLeft32(x13, 8)
- x8 += x13
- x7 ^= x8
- x7 = bits.RotateLeft32(x7, 7)
-
- // quarterround(x, 3, 4, 9, 14)
- x3 += x4
- x14 ^= x3
- x14 = bits.RotateLeft32(x14, 16)
- x9 += x14
- x4 ^= x9
- x4 = bits.RotateLeft32(x4, 12)
- x3 += x4
- x14 ^= x3
- x14 = bits.RotateLeft32(x14, 8)
- x9 += x14
- x4 ^= x9
- x4 = bits.RotateLeft32(x4, 7)
- }
-
- // HChaCha returns x0...x3 | x12...x15, which corresponds to the
- // indexes of the ChaCha constant and the indexes of the IV.
- if useUnsafe {
- outArr := (*[16]uint32)(unsafe.Pointer(&out[0]))
- outArr[0] = x0
- outArr[1] = x1
- outArr[2] = x2
- outArr[3] = x3
- outArr[4] = x12
- outArr[5] = x13
- outArr[6] = x14
- outArr[7] = x15
- } else {
- binary.LittleEndian.PutUint32(out[0:4], x0)
- binary.LittleEndian.PutUint32(out[4:8], x1)
- binary.LittleEndian.PutUint32(out[8:12], x2)
- binary.LittleEndian.PutUint32(out[12:16], x3)
- binary.LittleEndian.PutUint32(out[16:20], x12)
- binary.LittleEndian.PutUint32(out[20:24], x13)
- binary.LittleEndian.PutUint32(out[24:28], x14)
- binary.LittleEndian.PutUint32(out[28:32], x15)
- }
- return
-}
diff --git a/vendor/github.com/dgryski/go-camellia/camellia.go b/vendor/github.com/dgryski/go-camellia/camellia.go
deleted file mode 100644
index 048b2e3..0000000
--- a/vendor/github.com/dgryski/go-camellia/camellia.go
+++ /dev/null
@@ -1,368 +0,0 @@
-// Copyright (c) 2013 Damian Gryski
-// Licensed under the GPLv3 or, at your option, any later version.
-
-// Package camellia is an implementation of the CAMELLIA encryption algorithm
-/*
-
- This is an unoptimized version based on the description in RFC 3713.
-
- References:
- http://en.wikipedia.org/wiki/Camellia_%28cipher%29
- https://info.isl.ntt.co.jp/crypt/eng/camellia/
-*/
-package camellia
-
-import (
- "crypto/cipher"
- "encoding/binary"
- "strconv"
-)
-
-const BlockSize = 16
-
-type KeySizeError int
-
-func (k KeySizeError) Error() string {
- return "camellia: invalid key size " + strconv.Itoa(int(k))
-}
-
-type camelliaCipher struct {
- kw [5]uint64
- k [25]uint64
- ke [7]uint64
- klen int
-}
-
-const (
- sigma1 = 0xA09E667F3BCC908B
- sigma2 = 0xB67AE8584CAA73B2
- sigma3 = 0xC6EF372FE94F82BE
- sigma4 = 0x54FF53A5F1D36F1C
- sigma5 = 0x10E527FADE682D1D
- sigma6 = 0xB05688C2B3E6C1FD
-)
-
-func init() {
- // initialize other sboxes
- for i := range sbox1 {
- sbox2[i] = rotl8(sbox1[i], 1)
- sbox3[i] = rotl8(sbox1[i], 7)
- sbox4[i] = sbox1[rotl8(uint8(i), 1)]
- }
-}
-
-func rotl128(k [2]uint64, rot uint) (hi, lo uint64) {
-
- if rot > 64 {
- rot -= 64
- k[0], k[1] = k[1], k[0]
- }
-
- t := k[0] >> (64 - rot)
- hi = (k[0] << rot) | (k[1] >> (64 - rot))
- lo = (k[1] << rot) | t
- return hi, lo
-}
-
-func rotl32(k uint32, rot uint) uint32 {
- return (k << rot) | (k >> (32 - rot))
-}
-
-func rotl8(k byte, rot uint) byte {
- return (k << rot) | (k >> (8 - rot))
-}
-
-// New creates and returns a new cipher.Block.
-// The key argument should be 16, 24, or 32 bytes.
-func New(key []byte) (cipher.Block, error) {
-
- klen := len(key)
- switch klen {
- default:
- return nil, KeySizeError(klen)
- case 16, 24, 32:
- break
- }
-
- var d1, d2 uint64
-
- var kl [2]uint64
- var kr [2]uint64
- var ka [2]uint64
- var kb [2]uint64
-
- kl[0] = binary.BigEndian.Uint64(key[0:])
- kl[1] = binary.BigEndian.Uint64(key[8:])
-
- switch klen {
- case 24:
- kr[0] = binary.BigEndian.Uint64(key[16:])
- kr[1] = ^kr[0]
- case 32:
- kr[0] = binary.BigEndian.Uint64(key[16:])
- kr[1] = binary.BigEndian.Uint64(key[24:])
-
- }
-
- d1 = (kl[0] ^ kr[0])
- d2 = (kl[1] ^ kr[1])
-
- d2 = d2 ^ f(d1, sigma1)
- d1 = d1 ^ f(d2, sigma2)
-
- d1 = d1 ^ (kl[0])
- d2 = d2 ^ (kl[1])
- d2 = d2 ^ f(d1, sigma3)
- d1 = d1 ^ f(d2, sigma4)
- ka[0] = d1
- ka[1] = d2
- d1 = (ka[0] ^ kr[0])
- d2 = (ka[1] ^ kr[1])
- d2 = d2 ^ f(d1, sigma5)
- d1 = d1 ^ f(d2, sigma6)
- kb[0] = d1
- kb[1] = d2
-
- // here we generate our keys
- c := new(camelliaCipher)
-
- c.klen = klen
-
- if klen == 16 {
-
- c.kw[1], c.kw[2] = rotl128(kl, 0)
-
- c.k[1], c.k[2] = rotl128(ka, 0)
- c.k[3], c.k[4] = rotl128(kl, 15)
- c.k[5], c.k[6] = rotl128(ka, 15)
-
- c.ke[1], c.ke[2] = rotl128(ka, 30)
-
- c.k[7], c.k[8] = rotl128(kl, 45)
- c.k[9], _ = rotl128(ka, 45)
- _, c.k[10] = rotl128(kl, 60)
- c.k[11], c.k[12] = rotl128(ka, 60)
-
- c.ke[3], c.ke[4] = rotl128(kl, 77)
-
- c.k[13], c.k[14] = rotl128(kl, 94)
- c.k[15], c.k[16] = rotl128(ka, 94)
- c.k[17], c.k[18] = rotl128(kl, 111)
-
- c.kw[3], c.kw[4] = rotl128(ka, 111)
-
- } else {
- // 24 or 32
-
- c.kw[1], c.kw[2] = rotl128(kl, 0)
-
- c.k[1], c.k[2] = rotl128(kb, 0)
- c.k[3], c.k[4] = rotl128(kr, 15)
- c.k[5], c.k[6] = rotl128(ka, 15)
-
- c.ke[1], c.ke[2] = rotl128(kr, 30)
-
- c.k[7], c.k[8] = rotl128(kb, 30)
- c.k[9], c.k[10] = rotl128(kl, 45)
- c.k[11], c.k[12] = rotl128(ka, 45)
-
- c.ke[3], c.ke[4] = rotl128(kl, 60)
-
- c.k[13], c.k[14] = rotl128(kr, 60)
- c.k[15], c.k[16] = rotl128(kb, 60)
- c.k[17], c.k[18] = rotl128(kl, 77)
-
- c.ke[5], c.ke[6] = rotl128(ka, 77)
-
- c.k[19], c.k[20] = rotl128(kr, 94)
- c.k[21], c.k[22] = rotl128(ka, 94)
- c.k[23], c.k[24] = rotl128(kl, 111)
-
- c.kw[3], c.kw[4] = rotl128(kb, 111)
- }
-
- return c, nil
-}
-
-func (c *camelliaCipher) Encrypt(dst, src []byte) {
-
- d1 := binary.BigEndian.Uint64(src[0:])
- d2 := binary.BigEndian.Uint64(src[8:])
-
- d1 ^= c.kw[1]
- d2 ^= c.kw[2]
-
- d2 = d2 ^ f(d1, c.k[1])
- d1 = d1 ^ f(d2, c.k[2])
- d2 = d2 ^ f(d1, c.k[3])
- d1 = d1 ^ f(d2, c.k[4])
- d2 = d2 ^ f(d1, c.k[5])
- d1 = d1 ^ f(d2, c.k[6])
-
- d1 = fl(d1, c.ke[1])
- d2 = flinv(d2, c.ke[2])
-
- d2 = d2 ^ f(d1, c.k[7])
- d1 = d1 ^ f(d2, c.k[8])
- d2 = d2 ^ f(d1, c.k[9])
- d1 = d1 ^ f(d2, c.k[10])
- d2 = d2 ^ f(d1, c.k[11])
- d1 = d1 ^ f(d2, c.k[12])
-
- d1 = fl(d1, c.ke[3])
- d2 = flinv(d2, c.ke[4])
-
- d2 = d2 ^ f(d1, c.k[13])
- d1 = d1 ^ f(d2, c.k[14])
- d2 = d2 ^ f(d1, c.k[15])
- d1 = d1 ^ f(d2, c.k[16])
- d2 = d2 ^ f(d1, c.k[17])
- d1 = d1 ^ f(d2, c.k[18])
-
- if c.klen > 16 {
- // 24 or 32
-
- d1 = fl(d1, c.ke[5])
- d2 = flinv(d2, c.ke[6])
-
- d2 = d2 ^ f(d1, c.k[19])
- d1 = d1 ^ f(d2, c.k[20])
- d2 = d2 ^ f(d1, c.k[21])
- d1 = d1 ^ f(d2, c.k[22])
- d2 = d2 ^ f(d1, c.k[23])
- d1 = d1 ^ f(d2, c.k[24])
- }
-
- d2 = d2 ^ c.kw[3]
- d1 = d1 ^ c.kw[4]
-
- binary.BigEndian.PutUint64(dst[0:], d2)
- binary.BigEndian.PutUint64(dst[8:], d1)
-}
-
-func (c *camelliaCipher) Decrypt(dst, src []byte) {
-
- d2 := binary.BigEndian.Uint64(src[0:])
- d1 := binary.BigEndian.Uint64(src[8:])
-
- d1 = d1 ^ c.kw[4]
- d2 = d2 ^ c.kw[3]
-
- if c.klen > 16 {
- // 24 or 32
-
- d1 = d1 ^ f(d2, c.k[24])
- d2 = d2 ^ f(d1, c.k[23])
- d1 = d1 ^ f(d2, c.k[22])
- d2 = d2 ^ f(d1, c.k[21])
- d1 = d1 ^ f(d2, c.k[20])
- d2 = d2 ^ f(d1, c.k[19])
-
- d2 = fl(d2, c.ke[6])
- d1 = flinv(d1, c.ke[5])
- }
-
- d1 = d1 ^ f(d2, c.k[18])
- d2 = d2 ^ f(d1, c.k[17])
- d1 = d1 ^ f(d2, c.k[16])
- d2 = d2 ^ f(d1, c.k[15])
- d1 = d1 ^ f(d2, c.k[14])
- d2 = d2 ^ f(d1, c.k[13])
-
- d2 = fl(d2, c.ke[4])
- d1 = flinv(d1, c.ke[3])
-
- d1 = d1 ^ f(d2, c.k[12])
- d2 = d2 ^ f(d1, c.k[11])
- d1 = d1 ^ f(d2, c.k[10])
- d2 = d2 ^ f(d1, c.k[9])
- d1 = d1 ^ f(d2, c.k[8])
- d2 = d2 ^ f(d1, c.k[7])
-
- d2 = fl(d2, c.ke[2])
- d1 = flinv(d1, c.ke[1])
-
- d1 = d1 ^ f(d2, c.k[6])
- d2 = d2 ^ f(d1, c.k[5])
- d1 = d1 ^ f(d2, c.k[4])
- d2 = d2 ^ f(d1, c.k[3])
- d1 = d1 ^ f(d2, c.k[2])
- d2 = d2 ^ f(d1, c.k[1])
-
- d2 ^= c.kw[2]
- d1 ^= c.kw[1]
-
- binary.BigEndian.PutUint64(dst[0:], d1)
- binary.BigEndian.PutUint64(dst[8:], d2)
-}
-
-func (c *camelliaCipher) BlockSize() int {
- return BlockSize
-}
-
-func f(fin, ke uint64) uint64 {
- var x uint64
- x = fin ^ ke
- t1 := sbox1[uint8(x>>56)]
- t2 := sbox2[uint8(x>>48)]
- t3 := sbox3[uint8(x>>40)]
- t4 := sbox4[uint8(x>>32)]
- t5 := sbox2[uint8(x>>24)]
- t6 := sbox3[uint8(x>>16)]
- t7 := sbox4[uint8(x>>8)]
- t8 := sbox1[uint8(x)]
- y1 := t1 ^ t3 ^ t4 ^ t6 ^ t7 ^ t8
- y2 := t1 ^ t2 ^ t4 ^ t5 ^ t7 ^ t8
- y3 := t1 ^ t2 ^ t3 ^ t5 ^ t6 ^ t8
- y4 := t2 ^ t3 ^ t4 ^ t5 ^ t6 ^ t7
- y5 := t1 ^ t2 ^ t6 ^ t7 ^ t8
- y6 := t2 ^ t3 ^ t5 ^ t7 ^ t8
- y7 := t3 ^ t4 ^ t5 ^ t6 ^ t8
- y8 := t1 ^ t4 ^ t5 ^ t6 ^ t7
- return uint64(y1)<<56 | uint64(y2)<<48 | uint64(y3)<<40 | uint64(y4)<<32 | uint64(y5)<<24 | uint64(y6)<<16 | uint64(y7)<<8 | uint64(y8)
-}
-
-func fl(flin, ke uint64) uint64 {
- x1 := uint32(flin >> 32)
- x2 := uint32(flin & 0xffffffff)
- k1 := uint32(ke >> 32)
- k2 := uint32(ke & 0xffffffff)
- x2 = x2 ^ rotl32(x1&k1, 1)
- x1 = x1 ^ (x2 | k2)
- return uint64(x1)<<32 | uint64(x2)
-}
-
-func flinv(flin, ke uint64) uint64 {
- y1 := uint32(flin >> 32)
- y2 := uint32(flin & 0xffffffff)
- k1 := uint32(ke >> 32)
- k2 := uint32(ke & 0xffffffff)
- y1 = y1 ^ (y2 | k2)
- y2 = y2 ^ rotl32(y1&k1, 1)
- return uint64(y1)<<32 | uint64(y2)
-}
-
-var sbox1 = [...]byte{
- 0x70, 0x82, 0x2c, 0xec, 0xb3, 0x27, 0xc0, 0xe5, 0xe4, 0x85, 0x57, 0x35, 0xea, 0x0c, 0xae, 0x41,
- 0x23, 0xef, 0x6b, 0x93, 0x45, 0x19, 0xa5, 0x21, 0xed, 0x0e, 0x4f, 0x4e, 0x1d, 0x65, 0x92, 0xbd,
- 0x86, 0xb8, 0xaf, 0x8f, 0x7c, 0xeb, 0x1f, 0xce, 0x3e, 0x30, 0xdc, 0x5f, 0x5e, 0xc5, 0x0b, 0x1a,
- 0xa6, 0xe1, 0x39, 0xca, 0xd5, 0x47, 0x5d, 0x3d, 0xd9, 0x01, 0x5a, 0xd6, 0x51, 0x56, 0x6c, 0x4d,
- 0x8b, 0x0d, 0x9a, 0x66, 0xfb, 0xcc, 0xb0, 0x2d, 0x74, 0x12, 0x2b, 0x20, 0xf0, 0xb1, 0x84, 0x99,
- 0xdf, 0x4c, 0xcb, 0xc2, 0x34, 0x7e, 0x76, 0x05, 0x6d, 0xb7, 0xa9, 0x31, 0xd1, 0x17, 0x04, 0xd7,
- 0x14, 0x58, 0x3a, 0x61, 0xde, 0x1b, 0x11, 0x1c, 0x32, 0x0f, 0x9c, 0x16, 0x53, 0x18, 0xf2, 0x22,
- 0xfe, 0x44, 0xcf, 0xb2, 0xc3, 0xb5, 0x7a, 0x91, 0x24, 0x08, 0xe8, 0xa8, 0x60, 0xfc, 0x69, 0x50,
- 0xaa, 0xd0, 0xa0, 0x7d, 0xa1, 0x89, 0x62, 0x97, 0x54, 0x5b, 0x1e, 0x95, 0xe0, 0xff, 0x64, 0xd2,
- 0x10, 0xc4, 0x00, 0x48, 0xa3, 0xf7, 0x75, 0xdb, 0x8a, 0x03, 0xe6, 0xda, 0x09, 0x3f, 0xdd, 0x94,
- 0x87, 0x5c, 0x83, 0x02, 0xcd, 0x4a, 0x90, 0x33, 0x73, 0x67, 0xf6, 0xf3, 0x9d, 0x7f, 0xbf, 0xe2,
- 0x52, 0x9b, 0xd8, 0x26, 0xc8, 0x37, 0xc6, 0x3b, 0x81, 0x96, 0x6f, 0x4b, 0x13, 0xbe, 0x63, 0x2e,
- 0xe9, 0x79, 0xa7, 0x8c, 0x9f, 0x6e, 0xbc, 0x8e, 0x29, 0xf5, 0xf9, 0xb6, 0x2f, 0xfd, 0xb4, 0x59,
- 0x78, 0x98, 0x06, 0x6a, 0xe7, 0x46, 0x71, 0xba, 0xd4, 0x25, 0xab, 0x42, 0x88, 0xa2, 0x8d, 0xfa,
- 0x72, 0x07, 0xb9, 0x55, 0xf8, 0xee, 0xac, 0x0a, 0x36, 0x49, 0x2a, 0x68, 0x3c, 0x38, 0xf1, 0xa4,
- 0x40, 0x28, 0xd3, 0x7b, 0xbb, 0xc9, 0x43, 0xc1, 0x15, 0xe3, 0xad, 0xf4, 0x77, 0xc7, 0x80, 0x9e,
-}
-
-var sbox2 [256]byte
-var sbox3 [256]byte
-var sbox4 [256]byte
-
-var _ cipher.Block = &camelliaCipher{}
diff --git a/vendor/github.com/dgryski/go-camellia/t_camellia.pl b/vendor/github.com/dgryski/go-camellia/t_camellia.pl
deleted file mode 100644
index f95ba48..0000000
--- a/vendor/github.com/dgryski/go-camellia/t_camellia.pl
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/usr/bin/perl
-
-# to run the full verification suite:
-# curl http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt |perl ./t_camellia.pl >cfull_test.go
-# perl -pi -e 's/range camelliaTests/$&Full/' camellia_test.go
-# go test
-
-print <) {
- next if /^\s*$/ or /^Camellia/;
- if (/^K/) {
- $k = linetostr($_);
- }
-
- if (/^P/) {
- $p = linetostr($_);
- }
-
- if (/^C/) {
- $c = linetostr($_);
- print <<"GOCODE";
- {
- []byte{$k},
- []byte{$p},
- []byte{$c},
- },
-GOCODE
- }
-}
-
-print <= 2, this fits into 16 bits
- y := uint16(0x10001 % uint32(x))
-
- if y == 1 {
- return 1 - t1
- }
-
- var t0 uint16 = 1
- var q uint16
-
- for y != 1 {
- q = x / y
- x = x % y
- t0 += q * t1
- if x == 1 {
- return t0
- }
- q = y / x
- y = y % x
- t1 += q * t0
- }
- return 1 - t1
-}
-
-// mul computes x*y mod 2^16+1
-func mul(x, y uint16) uint16 {
-
- if y == 0 {
- return 1 - x
- }
-
- if x == 0 {
- return 1 - y
- }
-
- t32 := uint32(x) * uint32(y)
- x = uint16(t32)
- y = uint16(t32 >> 16)
-
- if x < y {
- return x - y + 1
- }
-
- return x - y
-}
-
-// expandKey computes encryption round-keys from a user-supplied key
-func expandKey(key []byte, EK []uint16) {
- var i, j int
-
- for j = 0; j < 8; j++ {
- EK[j] = (uint16(key[0]) << 8) + uint16(key[1])
- key = key[2:]
- }
- for i = 0; j < keyLen; j++ {
- i++
- EK[i+7] = EK[i&7]<<9 | EK[(i+1)&7]>>7
- EK = EK[i&8:]
- i &= 7
- }
-}
-
-// invertKey computes the decryption round-keys from a set of encryption round-keys
-func invertKey(EK []uint16, DK []uint16) {
-
- var t1, t2, t3 uint16
- var p [keyLen]uint16
- pidx := keyLen
- ekidx := 0
-
- t1 = mulInv(EK[ekidx])
- ekidx++
- t2 = -EK[ekidx]
- ekidx++
- t3 = -EK[ekidx]
- ekidx++
- pidx--
- p[pidx] = mulInv(EK[ekidx])
- ekidx++
- pidx--
- p[pidx] = t3
- pidx--
- p[pidx] = t2
- pidx--
- p[pidx] = t1
-
- for i := 0; i < rounds-1; i++ {
- t1 = EK[ekidx]
- ekidx++
- pidx--
- p[pidx] = EK[ekidx]
- ekidx++
- pidx--
- p[pidx] = t1
-
- t1 = mulInv(EK[ekidx])
- ekidx++
- t2 = -EK[ekidx]
- ekidx++
- t3 = -EK[ekidx]
- ekidx++
- pidx--
- p[pidx] = mulInv(EK[ekidx])
- ekidx++
- pidx--
- p[pidx] = t2
- pidx--
- p[pidx] = t3
- pidx--
- p[pidx] = t1
- }
-
- t1 = EK[ekidx]
- ekidx++
- pidx--
- p[pidx] = EK[ekidx]
- ekidx++
- pidx--
- p[pidx] = t1
-
- t1 = mulInv(EK[ekidx])
- ekidx++
- t2 = -EK[ekidx]
- ekidx++
- t3 = -EK[ekidx]
- ekidx++
- pidx--
- p[pidx] = mulInv(EK[ekidx])
- pidx--
- p[pidx] = t3
- pidx--
- p[pidx] = t2
- pidx--
- p[pidx] = t1
-
- copy(DK, p[:])
-}
-
-// crypt performs IDEA encryption given input/output buffers and a set of round-keys
-func crypt(inbuf, outbuf []byte, key []uint16) {
-
- var x1, x2, x3, x4, s2, s3 uint16
-
- x1 = binary.BigEndian.Uint16(inbuf[0:])
- x2 = binary.BigEndian.Uint16(inbuf[2:])
- x3 = binary.BigEndian.Uint16(inbuf[4:])
- x4 = binary.BigEndian.Uint16(inbuf[6:])
-
- for r := rounds; r > 0; r-- {
-
- x1 = mul(x1, key[0])
- key = key[1:]
- x2 += key[0]
- key = key[1:]
- x3 += key[0]
- key = key[1:]
-
- x4 = mul(x4, key[0])
- key = key[1:]
-
- s3 = x3
- x3 ^= x1
- x3 = mul(x3, key[0])
- key = key[1:]
- s2 = x2
-
- x2 ^= x4
- x2 += x3
- x2 = mul(x2, key[0])
- key = key[1:]
- x3 += x2
-
- x1 ^= x2
- x4 ^= x3
-
- x2 ^= s3
- x3 ^= s2
-
- }
- x1 = mul(x1, key[0])
- key = key[1:]
-
- x3 += key[0]
- key = key[1:]
- x2 += key[0]
- key = key[1:]
- x4 = mul(x4, key[0])
-
- binary.BigEndian.PutUint16(outbuf[0:], x1)
- binary.BigEndian.PutUint16(outbuf[2:], x3)
- binary.BigEndian.PutUint16(outbuf[4:], x2)
- binary.BigEndian.PutUint16(outbuf[6:], x4)
-}
diff --git a/vendor/github.com/dgryski/go-rc2/LICENSE b/vendor/github.com/dgryski/go-rc2/LICENSE
deleted file mode 100644
index 039a2e4..0000000
--- a/vendor/github.com/dgryski/go-rc2/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2015 Damian Gryski
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/vendor/github.com/dgryski/go-rc2/rc2.go b/vendor/github.com/dgryski/go-rc2/rc2.go
deleted file mode 100644
index aa194e5..0000000
--- a/vendor/github.com/dgryski/go-rc2/rc2.go
+++ /dev/null
@@ -1,284 +0,0 @@
-// Package rc2 implements the RC2 cipher
-/*
-https://www.ietf.org/rfc/rfc2268.txt
-http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf
-
-This code is licensed under the MIT license.
-*/
-package rc2
-
-import (
- "crypto/cipher"
- "encoding/binary"
- "strconv"
-)
-
-// The rc2 block size in bytes
-const BlockSize = 8
-
-type rc2Cipher struct {
- k [64]uint16
-}
-
-// KeySizeError indicates the supplied key was invalid
-type KeySizeError int
-
-func (k KeySizeError) Error() string { return "rc2: invalid key size " + strconv.Itoa(int(k)) }
-
-// EffectiveKeySizeError indicates the supplied effective key length was invalid
-type EffectiveKeySizeError int
-
-func (k EffectiveKeySizeError) Error() string {
- return "rc2: invalid effective key size " + strconv.Itoa(int(k))
-}
-
-// New returns a new rc2 cipher with the given key and effective key length t1
-func New(key []byte, t1 int) (cipher.Block, error) {
- if l := len(key); l == 0 || l > 128 {
- return nil, KeySizeError(l)
- }
-
- if t1 < 8 || t1 > 1024 {
- return nil, EffectiveKeySizeError(t1)
- }
-
- return &rc2Cipher{
- k: expandKey(key, t1),
- }, nil
-}
-
-func (c *rc2Cipher) BlockSize() int { return BlockSize }
-
-var piTable = [256]byte{
- 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, 0x4a, 0xa0, 0xd8, 0x9d,
- 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2,
- 0x17, 0x9a, 0x59, 0xf5, 0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32,
- 0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22, 0x5c, 0x6b, 0x4e, 0x82,
- 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc,
- 0x12, 0x75, 0xca, 0x1f, 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26,
- 0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b, 0xbc, 0x94, 0x43, 0x03,
- 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7,
- 0x08, 0xe8, 0xea, 0xde, 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a,
- 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e, 0x04, 0x18, 0xa4, 0xec,
- 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39,
- 0x99, 0x7c, 0x3a, 0x85, 0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31,
- 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10, 0x67, 0x6c, 0xba, 0xc9,
- 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9,
- 0x0d, 0x38, 0x34, 0x1b, 0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e,
- 0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68, 0xfe, 0x7f, 0xc1, 0xad,
-}
-
-func expandKey(key []byte, t1 int) [64]uint16 {
-
- l := make([]byte, 128)
- copy(l, key)
-
- var t = len(key)
- var t8 = (t1 + 7) / 8
- var tm = byte(255 % uint(1<<(8+uint(t1)-8*uint(t8))))
-
- for i := len(key); i < 128; i++ {
- l[i] = piTable[l[i-1]+l[uint8(i-t)]]
- }
-
- l[128-t8] = piTable[l[128-t8]&tm]
-
- for i := 127 - t8; i >= 0; i-- {
- l[i] = piTable[l[i+1]^l[i+t8]]
- }
-
- var k [64]uint16
-
- for i := range k {
- k[i] = uint16(l[2*i]) + uint16(l[2*i+1])*256
- }
-
- return k
-}
-
-func rotl16(x uint16, b uint) uint16 {
- return (x >> (16 - b)) | (x << b)
-}
-
-func (c *rc2Cipher) Encrypt(dst, src []byte) {
-
- r0 := binary.LittleEndian.Uint16(src[0:])
- r1 := binary.LittleEndian.Uint16(src[2:])
- r2 := binary.LittleEndian.Uint16(src[4:])
- r3 := binary.LittleEndian.Uint16(src[6:])
-
- var j int
-
- // These three mix blocks have not been extracted to a common function for to performance reasons.
- for j <= 16 {
- // mix r0
- r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
- r0 = rotl16(r0, 1)
- j++
-
- // mix r1
- r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2)
- r1 = rotl16(r1, 2)
- j++
-
- // mix r2
- r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3)
- r2 = rotl16(r2, 3)
- j++
-
- // mix r3
- r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0)
- r3 = rotl16(r3, 5)
- j++
- }
-
- r0 = r0 + c.k[r3&63]
- r1 = r1 + c.k[r0&63]
- r2 = r2 + c.k[r1&63]
- r3 = r3 + c.k[r2&63]
-
- for j <= 40 {
- // mix r0
- r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
- r0 = rotl16(r0, 1)
- j++
-
- // mix r1
- r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2)
- r1 = rotl16(r1, 2)
- j++
-
- // mix r2
- r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3)
- r2 = rotl16(r2, 3)
- j++
-
- // mix r3
- r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0)
- r3 = rotl16(r3, 5)
- j++
- }
-
- r0 = r0 + c.k[r3&63]
- r1 = r1 + c.k[r0&63]
- r2 = r2 + c.k[r1&63]
- r3 = r3 + c.k[r2&63]
-
- for j <= 60 {
- // mix r0
- r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
- r0 = rotl16(r0, 1)
- j++
-
- // mix r1
- r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2)
- r1 = rotl16(r1, 2)
- j++
-
- // mix r2
- r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3)
- r2 = rotl16(r2, 3)
- j++
-
- // mix r3
- r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0)
- r3 = rotl16(r3, 5)
- j++
- }
-
- binary.LittleEndian.PutUint16(dst[0:], r0)
- binary.LittleEndian.PutUint16(dst[2:], r1)
- binary.LittleEndian.PutUint16(dst[4:], r2)
- binary.LittleEndian.PutUint16(dst[6:], r3)
-}
-
-func (c *rc2Cipher) Decrypt(dst, src []byte) {
-
- r0 := binary.LittleEndian.Uint16(src[0:])
- r1 := binary.LittleEndian.Uint16(src[2:])
- r2 := binary.LittleEndian.Uint16(src[4:])
- r3 := binary.LittleEndian.Uint16(src[6:])
-
- j := 63
-
- for j >= 44 {
- // unmix r3
- r3 = rotl16(r3, 16-5)
- r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
- j--
-
- // unmix r2
- r2 = rotl16(r2, 16-3)
- r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3)
- j--
-
- // unmix r1
- r1 = rotl16(r1, 16-2)
- r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2)
- j--
-
- // unmix r0
- r0 = rotl16(r0, 16-1)
- r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1)
- j--
- }
-
- r3 = r3 - c.k[r2&63]
- r2 = r2 - c.k[r1&63]
- r1 = r1 - c.k[r0&63]
- r0 = r0 - c.k[r3&63]
-
- for j >= 20 {
- // unmix r3
- r3 = rotl16(r3, 16-5)
- r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
- j--
-
- // unmix r2
- r2 = rotl16(r2, 16-3)
- r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3)
- j--
-
- // unmix r1
- r1 = rotl16(r1, 16-2)
- r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2)
- j--
-
- // unmix r0
- r0 = rotl16(r0, 16-1)
- r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1)
- j--
- }
-
- r3 = r3 - c.k[r2&63]
- r2 = r2 - c.k[r1&63]
- r1 = r1 - c.k[r0&63]
- r0 = r0 - c.k[r3&63]
-
- for j >= 0 {
- // unmix r3
- r3 = rotl16(r3, 16-5)
- r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
- j--
-
- // unmix r2
- r2 = rotl16(r2, 16-3)
- r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3)
- j--
-
- // unmix r1
- r1 = rotl16(r1, 16-2)
- r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2)
- j--
-
- // unmix r0
- r0 = rotl16(r0, 16-1)
- r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1)
- j--
- }
-
- binary.LittleEndian.PutUint16(dst[0:], r0)
- binary.LittleEndian.PutUint16(dst[2:], r1)
- binary.LittleEndian.PutUint16(dst[4:], r2)
- binary.LittleEndian.PutUint16(dst[6:], r3)
-}
diff --git a/vendor/github.com/nadoo/conflag/LICENSE b/vendor/github.com/nadoo/conflag/LICENSE
deleted file mode 100644
index 9cecc1d..0000000
--- a/vendor/github.com/nadoo/conflag/LICENSE
+++ /dev/null
@@ -1,674 +0,0 @@
- GNU GENERAL PUBLIC LICENSE
- Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc.
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
- Preamble
-
- The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
- The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works. By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users. We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors. You can apply it to
-your programs, too.
-
- When we speak of free software, we are referring to freedom, not
-price. Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
- To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights. Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
- For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received. You must make sure that they, too, receive
-or can get the source code. And you must show them these terms so they
-know their rights.
-
- Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
- For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software. For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
- Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so. This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software. The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable. Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products. If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
- Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary. To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
- The precise terms and conditions for copying, distribution and
-modification follow.
-
- TERMS AND CONDITIONS
-
- 0. Definitions.
-
- "This License" refers to version 3 of the GNU General Public License.
-
- "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
- "The Program" refers to any copyrightable work licensed under this
-License. Each licensee is addressed as "you". "Licensees" and
-"recipients" may be individuals or organizations.
-
- To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy. The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
- A "covered work" means either the unmodified Program or a work based
-on the Program.
-
- To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy. Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
- To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies. Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
- An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License. If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
- 1. Source Code.
-
- The "source code" for a work means the preferred form of the work
-for making modifications to it. "Object code" means any non-source
-form of a work.
-
- A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
- The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form. A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
- The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities. However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work. For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
- The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
- The Corresponding Source for a work in source code form is that
-same work.
-
- 2. Basic Permissions.
-
- All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met. This License explicitly affirms your unlimited
-permission to run the unmodified Program. The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work. This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
- You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force. You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright. Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
- Conveying under any other circumstances is permitted solely under
-the conditions stated below. Sublicensing is not allowed; section 10
-makes it unnecessary.
-
- 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
- No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
- When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
- 4. Conveying Verbatim Copies.
-
- You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
- You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
- 5. Conveying Modified Source Versions.
-
- You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
- a) The work must carry prominent notices stating that you modified
- it, and giving a relevant date.
-
- b) The work must carry prominent notices stating that it is
- released under this License and any conditions added under section
- 7. This requirement modifies the requirement in section 4 to
- "keep intact all notices".
-
- c) You must license the entire work, as a whole, under this
- License to anyone who comes into possession of a copy. This
- License will therefore apply, along with any applicable section 7
- additional terms, to the whole of the work, and all its parts,
- regardless of how they are packaged. This License gives no
- permission to license the work in any other way, but it does not
- invalidate such permission if you have separately received it.
-
- d) If the work has interactive user interfaces, each must display
- Appropriate Legal Notices; however, if the Program has interactive
- interfaces that do not display Appropriate Legal Notices, your
- work need not make them do so.
-
- A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit. Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
- 6. Conveying Non-Source Forms.
-
- You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
- a) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by the
- Corresponding Source fixed on a durable physical medium
- customarily used for software interchange.
-
- b) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by a
- written offer, valid for at least three years and valid for as
- long as you offer spare parts or customer support for that product
- model, to give anyone who possesses the object code either (1) a
- copy of the Corresponding Source for all the software in the
- product that is covered by this License, on a durable physical
- medium customarily used for software interchange, for a price no
- more than your reasonable cost of physically performing this
- conveying of source, or (2) access to copy the
- Corresponding Source from a network server at no charge.
-
- c) Convey individual copies of the object code with a copy of the
- written offer to provide the Corresponding Source. This
- alternative is allowed only occasionally and noncommercially, and
- only if you received the object code with such an offer, in accord
- with subsection 6b.
-
- d) Convey the object code by offering access from a designated
- place (gratis or for a charge), and offer equivalent access to the
- Corresponding Source in the same way through the same place at no
- further charge. You need not require recipients to copy the
- Corresponding Source along with the object code. If the place to
- copy the object code is a network server, the Corresponding Source
- may be on a different server (operated by you or a third party)
- that supports equivalent copying facilities, provided you maintain
- clear directions next to the object code saying where to find the
- Corresponding Source. Regardless of what server hosts the
- Corresponding Source, you remain obligated to ensure that it is
- available for as long as needed to satisfy these requirements.
-
- e) Convey the object code using peer-to-peer transmission, provided
- you inform other peers where the object code and Corresponding
- Source of the work are being offered to the general public at no
- charge under subsection 6d.
-
- A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
- A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling. In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage. For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product. A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
- "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source. The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
- If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information. But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
- The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed. Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
- Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
- 7. Additional Terms.
-
- "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law. If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
- When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it. (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.) You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
- Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
- a) Disclaiming warranty or limiting liability differently from the
- terms of sections 15 and 16 of this License; or
-
- b) Requiring preservation of specified reasonable legal notices or
- author attributions in that material or in the Appropriate Legal
- Notices displayed by works containing it; or
-
- c) Prohibiting misrepresentation of the origin of that material, or
- requiring that modified versions of such material be marked in
- reasonable ways as different from the original version; or
-
- d) Limiting the use for publicity purposes of names of licensors or
- authors of the material; or
-
- e) Declining to grant rights under trademark law for use of some
- trade names, trademarks, or service marks; or
-
- f) Requiring indemnification of licensors and authors of that
- material by anyone who conveys the material (or modified versions of
- it) with contractual assumptions of liability to the recipient, for
- any liability that these contractual assumptions directly impose on
- those licensors and authors.
-
- All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10. If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term. If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
- If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
- Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
- 8. Termination.
-
- You may not propagate or modify a covered work except as expressly
-provided under this License. Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
- However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
- Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
- Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License. If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
- 9. Acceptance Not Required for Having Copies.
-
- You are not required to accept this License in order to receive or
-run a copy of the Program. Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance. However,
-nothing other than this License grants you permission to propagate or
-modify any covered work. These actions infringe copyright if you do
-not accept this License. Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
- 10. Automatic Licensing of Downstream Recipients.
-
- Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License. You are not responsible
-for enforcing compliance by third parties with this License.
-
- An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations. If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
- You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License. For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
- 11. Patents.
-
- A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based. The
-work thus licensed is called the contributor's "contributor version".
-
- A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version. For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
- Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
- In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement). To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
- If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients. "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
- If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
- A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License. You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
- Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
- 12. No Surrender of Others' Freedom.
-
- If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all. For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
- 13. Use with the GNU Affero General Public License.
-
- Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work. The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
- 14. Revised Versions of this License.
-
- The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time. Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
- Each version is given a distinguishing version number. If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation. If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
- If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
- Later license versions may give you additional or different
-permissions. However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
- 15. Disclaimer of Warranty.
-
- THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
- 16. Limitation of Liability.
-
- IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
- 17. Interpretation of Sections 15 and 16.
-
- If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
- END OF TERMS AND CONDITIONS
-
- How to Apply These Terms to Your New Programs
-
- If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
- To do so, attach the following notices to the program. It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
- {one line to give the program's name and a brief idea of what it does.}
- Copyright (C) {year} {name of author}
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see .
-
-Also add information on how to contact you by electronic and paper mail.
-
- If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
- {project} Copyright (C) {year} {fullname}
- This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
- This is free software, and you are welcome to redistribute it
- under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License. Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
- You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-.
-
- The GNU General Public License does not permit incorporating your program
-into proprietary programs. If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library. If this is what you want to do, use the GNU Lesser General
-Public License instead of this License. But first, please read
-.
diff --git a/vendor/github.com/nadoo/conflag/README.md b/vendor/github.com/nadoo/conflag/README.md
deleted file mode 100644
index 6a1b368..0000000
--- a/vendor/github.com/nadoo/conflag/README.md
+++ /dev/null
@@ -1,111 +0,0 @@
-# conflag
-conflag is a config file and command line parser based on Go's standard flag package.
-
-## Usage
-
-### Your code:
-```Go
-package main
-
-import (
- "fmt"
-
- "github.com/nadoo/conflag"
-)
-
-var conf struct {
- Name string
- Age int
- Male bool
-}
-
-func main() {
- // get a new conflag instance
- flag := conflag.New()
-
- // setup flags as the standard flag package
- flag.StringVar(&conf.Name, "name", "", "your name")
- flag.IntVar(&conf.Age, "age", 0, "your age")
- flag.BoolVar(&conf.Male, "male", false, "your sex")
-
- // parse before access flags
- flag.Parse()
-
- // now you're able to get the parsed flag values
- fmt.Printf(" Name: %s\n", conf.Name)
- fmt.Printf(" Age: %d\n", conf.Age)
- fmt.Printf(" Male: %v\n", conf.Male)
-}
-```
-
-### Run without config file:
-command:
-```bash
-sample -name Jay -age 30
-```
-output:
-```bash
- Name: Jay
- Age: 30
- Male: false
-```
-
-### Run with config file(-config):
-sample.conf:
-```bash
-name=Jason
-age=20
-male
-```
-command: **use "-config" flag to specify the config file path.**
-```bash
-sample -config sample.conf
-```
-output:
-```bash
- Name: Jason
- Age: 20
- Male: true
-```
-
-### Run with config file and OVERRIDE a flag value using commandline:
-sample.conf:
-```bash
-name=Jason
-age=20
-male
-```
-command:
-```bash
-sample -config sample.conf -name Michael
-```
-output:
-```bash
- Name: Michael
- Age: 20
- Male: true
-```
-
-## Config File
-- format: KEY=VALUE
-
-**just use the command line flag name as the key name**:
-
-```bash
-## config file
-# comment line starts with "#"
-
-# format:
-#KEY=VALUE,
-# just use the command line flag name as the key name
-
-# your name
-name=Jason
-
-# your age
-age=20
-
-# are you male?
-male
-```
-See [simple.conf](examples/simple/simple.conf)
\ No newline at end of file
diff --git a/vendor/github.com/nadoo/conflag/conflag.go b/vendor/github.com/nadoo/conflag/conflag.go
deleted file mode 100644
index c011540..0000000
--- a/vendor/github.com/nadoo/conflag/conflag.go
+++ /dev/null
@@ -1,151 +0,0 @@
-package conflag
-
-import (
- "bufio"
- "flag"
- "os"
- "path/filepath"
- "strings"
-)
-
-// Conflag .
-type Conflag struct {
- *flag.FlagSet
-
- app string
- osArgs []string
- cfgFile string
- args []string
-
- includes []string
-
- // TODO: add shorthand? or just use pflag?
- // shorthand map[byte]string
-}
-
-// New ...
-func New(args ...string) *Conflag {
- if args == nil {
- args = os.Args
- }
-
- c := &Conflag{}
- c.app = args[0]
- c.osArgs = args[1:]
- c.FlagSet = flag.NewFlagSet(c.app, flag.ExitOnError)
- c.FlagSet.StringVar(&c.cfgFile, "config", "", "config file path")
-
- return c
-}
-
-// NewFromFile ...
-func NewFromFile(app, cfgFile string) *Conflag {
- c := &Conflag{}
-
- if app != "" {
- c.app = app
- } else {
- c.app = os.Args[0]
- }
-
- c.cfgFile = cfgFile
- c.FlagSet = flag.NewFlagSet(c.app, flag.ExitOnError)
-
- c.StringSliceUniqVar(&c.includes, "include", nil, "include file")
-
- return c
-}
-
-// Parse ...
-func (c *Conflag) Parse() (err error) {
- // parse 1st time and see whether there is a conf file.
- err = c.FlagSet.Parse(c.osArgs)
- if err != nil {
- return err
- }
-
- // if there is no args, just try to load the app.conf file.
- if c.cfgFile == "" && len(c.osArgs) == 0 {
- // trim app exetension
- for i := len(c.app) - 1; i >= 0 && c.app[i] != '/' && c.app[i] != '\\'; i-- {
- if c.app[i] == '.' {
- c.cfgFile = c.app[:i]
- break
- }
- }
-
- if c.cfgFile == "" {
- c.cfgFile = c.app
- }
-
- c.cfgFile += ".conf"
- }
-
- if c.cfgFile == "" {
- return nil
- }
-
- fargs, err := parseFile(c.cfgFile)
- if err != nil {
- return err
- }
-
- c.args = fargs
- c.args = append(c.args, c.osArgs...)
-
- // parse 2nd time to get the include file values
- err = c.FlagSet.Parse(c.args)
- if err != nil {
- return err
- }
-
- dir := filepath.Dir(c.cfgFile)
-
- // parse 3rd time to parse flags in include file
- for _, include := range c.includes {
- include = filepath.Join(dir, include)
- fargs, err := parseFile(include)
- if err != nil {
- return err
- }
-
- c.args = fargs
- c.args = append(c.args, c.osArgs...)
-
- err = c.FlagSet.Parse(c.args)
- }
-
- return err
-}
-
-func parseFile(cfgFile string) ([]string, error) {
- var s []string
-
- fp, err := os.Open(cfgFile)
- if err != nil {
- return nil, err
- }
- defer fp.Close()
-
- scanner := bufio.NewScanner(fp)
- for scanner.Scan() {
- line := scanner.Text()
- line = strings.TrimSpace(line)
- if len(line) == 0 || line[:1] == "#" {
- continue
- }
- s = append(s, "-"+line)
- }
-
- return s, nil
-}
-
-// AppDir returns the app dir
-func (c *Conflag) AppDir() string {
- return filepath.Dir(os.Args[0])
-}
-
-// ConfDir returns the config file dir
-func (c *Conflag) ConfDir() string {
- return filepath.Dir(c.cfgFile)
-}
diff --git a/vendor/github.com/nadoo/conflag/string_slice.go b/vendor/github.com/nadoo/conflag/string_slice.go
deleted file mode 100644
index e7a02f1..0000000
--- a/vendor/github.com/nadoo/conflag/string_slice.go
+++ /dev/null
@@ -1,47 +0,0 @@
-// source: https://github.com/spf13/pflag/blob/master/string_slice.go
-
-package conflag
-
-type stringSliceValue struct {
- value *[]string
- changed bool
-}
-
-func newStringSliceValue(val []string, p *[]string) *stringSliceValue {
- ssv := new(stringSliceValue)
- ssv.value = p
- *ssv.value = val
- return ssv
-}
-
-func (s *stringSliceValue) Set(val string) error {
- if !s.changed {
- *s.value = []string{val}
- s.changed = true
- } else {
- *s.value = append(*s.value, val)
- }
- return nil
-}
-
-func (s *stringSliceValue) Type() string {
- return "stringSlice"
-}
-
-func (s *stringSliceValue) String() string {
- return ""
-}
-
-// StringSliceVar defines a string flag with specified name, default value, and usage string.
-// The argument p points to a []string variable in which to store the value of the flag.
-func (c *Conflag) StringSliceVar(p *[]string, name string, value []string, usage string) {
- c.Var(newStringSliceValue(value, p), name, usage)
-}
-
-// StringSlice defines a string flag with specified name, default value, and usage string.
-// The return value is the address of a []string variable that stores the value of the flag.
-func (c *Conflag) StringSlice(name string, value []string, usage string) *[]string {
- p := []string{}
- c.StringSliceVar(&p, name, value, usage)
- return &p
-}
diff --git a/vendor/github.com/nadoo/conflag/string_slice_uniq.go b/vendor/github.com/nadoo/conflag/string_slice_uniq.go
deleted file mode 100644
index 70d7389..0000000
--- a/vendor/github.com/nadoo/conflag/string_slice_uniq.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package conflag
-
-type stringSliceUniqValue struct {
- *stringSliceValue
-}
-
-func newStringSliceUniqValue(val []string, p *[]string) *stringSliceUniqValue {
- return &stringSliceUniqValue{stringSliceValue: newStringSliceValue(val, p)}
-}
-
-func (s *stringSliceUniqValue) Set(val string) error {
- if !s.changed {
- *s.value = []string{val}
- s.changed = true
- }
-
- dup := false
- for _, v := range *s.value {
- if v == val {
- dup = true
- }
- }
-
- if !dup {
- *s.value = append(*s.value, val)
- }
-
- return nil
-}
-
-func (s *stringSliceUniqValue) Type() string {
- return "stringSliceUniq"
-}
-
-func (s *stringSliceUniqValue) String() string {
- return ""
-}
-
-// StringSliceUniqVar defines a string flag with specified name, default value, and usage string.
-// The argument p points to a []string variable in which to store the value of the flag.
-func (c *Conflag) StringSliceUniqVar(p *[]string, name string, value []string, usage string) {
- c.Var(newStringSliceUniqValue(value, p), name, usage)
-}
-
-// StringUniqSlice defines a string flag with specified name, default value, and usage string.
-// The return value is the address of a []string variable that stores the value of the flag.
-func (c *Conflag) StringUniqSlice(name string, value []string, usage string) *[]string {
- p := []string{}
- c.StringSliceUniqVar(&p, name, value, usage)
- return &p
-}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/LICENSE b/vendor/github.com/shadowsocks/go-shadowsocks2/LICENSE
deleted file mode 100644
index d645695..0000000
--- a/vendor/github.com/shadowsocks/go-shadowsocks2/LICENSE
+++ /dev/null
@@ -1,202 +0,0 @@
-
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
- APPENDIX: How to apply the Apache License to your work.
-
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "[]"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
-
- Copyright [yyyy] [name of copyright owner]
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/core/cipher.go b/vendor/github.com/shadowsocks/go-shadowsocks2/core/cipher.go
deleted file mode 100644
index c672510..0000000
--- a/vendor/github.com/shadowsocks/go-shadowsocks2/core/cipher.go
+++ /dev/null
@@ -1,144 +0,0 @@
-package core
-
-import (
- "crypto/md5"
- "errors"
- "net"
- "sort"
- "strings"
-
- "github.com/shadowsocks/go-shadowsocks2/shadowaead"
- "github.com/shadowsocks/go-shadowsocks2/shadowstream"
-)
-
-type Cipher interface {
- StreamConnCipher
- PacketConnCipher
-}
-
-type StreamConnCipher interface {
- StreamConn(net.Conn) net.Conn
-}
-
-type PacketConnCipher interface {
- PacketConn(net.PacketConn) net.PacketConn
-}
-
-// ErrCipherNotSupported occurs when a cipher is not supported (likely because of security concerns).
-var ErrCipherNotSupported = errors.New("cipher not supported")
-
-// List of AEAD ciphers: key size in bytes and constructor
-var aeadList = map[string]struct {
- KeySize int
- New func([]byte) (shadowaead.Cipher, error)
-}{
- "AEAD_AES_128_GCM": {16, shadowaead.AESGCM},
- "AEAD_AES_192_GCM": {24, shadowaead.AESGCM},
- "AEAD_AES_256_GCM": {32, shadowaead.AESGCM},
- "AEAD_CHACHA20_POLY1305": {32, shadowaead.Chacha20Poly1305},
-}
-
-// List of stream ciphers: key size in bytes and constructor
-var streamList = map[string]struct {
- KeySize int
- New func(key []byte) (shadowstream.Cipher, error)
-}{
- "AES-128-CTR": {16, shadowstream.AESCTR},
- "AES-192-CTR": {24, shadowstream.AESCTR},
- "AES-256-CTR": {32, shadowstream.AESCTR},
- "AES-128-CFB": {16, shadowstream.AESCFB},
- "AES-192-CFB": {24, shadowstream.AESCFB},
- "AES-256-CFB": {32, shadowstream.AESCFB},
- "CHACHA20-IETF": {32, shadowstream.Chacha20IETF},
- "XCHACHA20": {32, shadowstream.Xchacha20},
-}
-
-// ListCipher returns a list of available cipher names sorted alphabetically.
-func ListCipher() []string {
- var l []string
- for k := range aeadList {
- l = append(l, k)
- }
- for k := range streamList {
- l = append(l, k)
- }
- sort.Strings(l)
- return l
-}
-
-// PickCipher returns a Cipher of the given name. Derive key from password if given key is empty.
-func PickCipher(name string, key []byte, password string) (Cipher, error) {
- name = strings.ToUpper(name)
-
- switch name {
- case "DUMMY":
- return &dummy{}, nil
- case "CHACHA20-IETF-POLY1305":
- name = "AEAD_CHACHA20_POLY1305"
- case "AES-128-GCM":
- name = "AEAD_AES_128_GCM"
- case "AES-196-GCM":
- name = "AEAD_AES_196_GCM"
- case "AES-256-GCM":
- name = "AEAD_AES_256_GCM"
- }
-
- if choice, ok := aeadList[name]; ok {
- if len(key) == 0 {
- key = kdf(password, choice.KeySize)
- }
- if len(key) != choice.KeySize {
- return nil, shadowaead.KeySizeError(choice.KeySize)
- }
- aead, err := choice.New(key)
- return &aeadCipher{aead}, err
- }
-
- if choice, ok := streamList[name]; ok {
- if len(key) == 0 {
- key = kdf(password, choice.KeySize)
- }
- if len(key) != choice.KeySize {
- return nil, shadowstream.KeySizeError(choice.KeySize)
- }
- ciph, err := choice.New(key)
- return &streamCipher{ciph}, err
- }
-
- return nil, ErrCipherNotSupported
-}
-
-type aeadCipher struct{ shadowaead.Cipher }
-
-func (aead *aeadCipher) StreamConn(c net.Conn) net.Conn { return shadowaead.NewConn(c, aead) }
-func (aead *aeadCipher) PacketConn(c net.PacketConn) net.PacketConn {
- return shadowaead.NewPacketConn(c, aead)
-}
-
-type streamCipher struct{ shadowstream.Cipher }
-
-func (ciph *streamCipher) StreamConn(c net.Conn) net.Conn { return shadowstream.NewConn(c, ciph) }
-func (ciph *streamCipher) PacketConn(c net.PacketConn) net.PacketConn {
- return shadowstream.NewPacketConn(c, ciph)
-}
-
-// dummy cipher does not encrypt
-
-type dummy struct{}
-
-func (dummy) StreamConn(c net.Conn) net.Conn { return c }
-func (dummy) PacketConn(c net.PacketConn) net.PacketConn { return c }
-
-// key-derivation function from original Shadowsocks
-func kdf(password string, keyLen int) []byte {
- var b, prev []byte
- h := md5.New()
- for len(b) < keyLen {
- h.Write(prev)
- h.Write([]byte(password))
- b = h.Sum(b)
- prev = b[len(b)-h.Size():]
- h.Reset()
- }
- return b[:keyLen]
-}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/core/doc.go b/vendor/github.com/shadowsocks/go-shadowsocks2/core/doc.go
deleted file mode 100644
index 4001c10..0000000
--- a/vendor/github.com/shadowsocks/go-shadowsocks2/core/doc.go
+++ /dev/null
@@ -1,2 +0,0 @@
-// Package core implements essential parts of Shadowsocks
-package core
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/core/packet.go b/vendor/github.com/shadowsocks/go-shadowsocks2/core/packet.go
deleted file mode 100644
index 641aa13..0000000
--- a/vendor/github.com/shadowsocks/go-shadowsocks2/core/packet.go
+++ /dev/null
@@ -1,8 +0,0 @@
-package core
-
-import "net"
-
-func ListenPacket(network, address string, ciph PacketConnCipher) (net.PacketConn, error) {
- c, err := net.ListenPacket(network, address)
- return ciph.PacketConn(c), err
-}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/core/stream.go b/vendor/github.com/shadowsocks/go-shadowsocks2/core/stream.go
deleted file mode 100644
index 5c773cd..0000000
--- a/vendor/github.com/shadowsocks/go-shadowsocks2/core/stream.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package core
-
-import "net"
-
-type listener struct {
- net.Listener
- StreamConnCipher
-}
-
-func Listen(network, address string, ciph StreamConnCipher) (net.Listener, error) {
- l, err := net.Listen(network, address)
- return &listener{l, ciph}, err
-}
-
-func (l *listener) Accept() (net.Conn, error) {
- c, err := l.Listener.Accept()
- return l.StreamConn(c), err
-}
-
-func Dial(network, address string, ciph StreamConnCipher) (net.Conn, error) {
- c, err := net.Dial(network, address)
- return ciph.StreamConn(c), err
-}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/cipher.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/cipher.go
deleted file mode 100644
index 19410df..0000000
--- a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/cipher.go
+++ /dev/null
@@ -1,83 +0,0 @@
-package shadowaead
-
-import (
- "crypto/aes"
- "crypto/cipher"
- "crypto/sha1"
- "io"
- "strconv"
-
- "golang.org/x/crypto/chacha20poly1305"
- "golang.org/x/crypto/hkdf"
-)
-
-type Cipher interface {
- KeySize() int
- SaltSize() int
- Encrypter(salt []byte) (cipher.AEAD, error)
- Decrypter(salt []byte) (cipher.AEAD, error)
-}
-
-type KeySizeError int
-
-func (e KeySizeError) Error() string {
- return "key size error: need " + strconv.Itoa(int(e)) + " bytes"
-}
-
-func hkdfSHA1(secret, salt, info, outkey []byte) {
- r := hkdf.New(sha1.New, secret, salt, info)
- if _, err := io.ReadFull(r, outkey); err != nil {
- panic(err) // should never happen
- }
-}
-
-type metaCipher struct {
- psk []byte
- makeAEAD func(key []byte) (cipher.AEAD, error)
-}
-
-func (a *metaCipher) KeySize() int { return len(a.psk) }
-func (a *metaCipher) SaltSize() int {
- if ks := a.KeySize(); ks > 16 {
- return ks
- }
- return 16
-}
-func (a *metaCipher) Encrypter(salt []byte) (cipher.AEAD, error) {
- subkey := make([]byte, a.KeySize())
- hkdfSHA1(a.psk, salt, []byte("ss-subkey"), subkey)
- return a.makeAEAD(subkey)
-}
-func (a *metaCipher) Decrypter(salt []byte) (cipher.AEAD, error) {
- subkey := make([]byte, a.KeySize())
- hkdfSHA1(a.psk, salt, []byte("ss-subkey"), subkey)
- return a.makeAEAD(subkey)
-}
-
-func aesGCM(key []byte) (cipher.AEAD, error) {
- blk, err := aes.NewCipher(key)
- if err != nil {
- return nil, err
- }
- return cipher.NewGCM(blk)
-}
-
-// AESGCM creates a new Cipher with a pre-shared key. len(psk) must be
-// one of 16, 24, or 32 to select AES-128/196/256-GCM.
-func AESGCM(psk []byte) (Cipher, error) {
- switch l := len(psk); l {
- case 16, 24, 32: // AES 128/196/256
- default:
- return nil, aes.KeySizeError(l)
- }
- return &metaCipher{psk: psk, makeAEAD: aesGCM}, nil
-}
-
-// Chacha20Poly1305 creates a new Cipher with a pre-shared key. len(psk)
-// must be 32.
-func Chacha20Poly1305(psk []byte) (Cipher, error) {
- if len(psk) != chacha20poly1305.KeySize {
- return nil, KeySizeError(chacha20poly1305.KeySize)
- }
- return &metaCipher{psk: psk, makeAEAD: chacha20poly1305.New}, nil
-}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/doc.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/doc.go
deleted file mode 100644
index 8d1e286..0000000
--- a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/doc.go
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
-Package shadowaead implements a simple AEAD-protected secure protocol.
-
-In general, there are two types of connections: stream-oriented and packet-oriented.
-Stream-oriented connections (e.g. TCP) assume reliable and orderly delivery of bytes.
-Packet-oriented connections (e.g. UDP) assume unreliable and out-of-order delivery of packets,
-where each packet is either delivered intact or lost.
-
-An encrypted stream starts with a random salt to derive a session key, followed by any number of
-encrypted records. Each encrypted record has the following structure:
-
- [encrypted payload length]
- [payload length tag]
- [encrypted payload]
- [payload tag]
-
-Payload length is 2-byte unsigned big-endian integer capped at 0x3FFF (16383).
-The higher 2 bits are reserved and must be set to zero. The first AEAD encrypt/decrypt
-operation uses a counting nonce starting from 0. After each encrypt/decrypt operation,
-the nonce is incremented by one as if it were an unsigned little-endian integer.
-
-
-Each encrypted packet transmitted on a packet-oriented connection has the following structure:
-
- [random salt]
- [encrypted payload]
- [payload tag]
-
-The salt is used to derive a subkey to initiate an AEAD. Packets are encrypted/decrypted independently
-using zero nonce.
-
-In both stream-oriented and packet-oriented connections, length of nonce and tag varies
-depending on which AEAD is used. Salt should be at least 16-byte long.
-*/
-package shadowaead
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/packet.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/packet.go
deleted file mode 100644
index d8f20a4..0000000
--- a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/packet.go
+++ /dev/null
@@ -1,93 +0,0 @@
-package shadowaead
-
-import (
- "crypto/rand"
- "errors"
- "io"
- "net"
- "sync"
-)
-
-// ErrShortPacket means that the packet is too short for a valid encrypted packet.
-var ErrShortPacket = errors.New("short packet")
-
-var _zerononce [128]byte // read-only. 128 bytes is more than enough.
-
-// Pack encrypts plaintext using Cipher with a randomly generated salt and
-// returns a slice of dst containing the encrypted packet and any error occurred.
-// Ensure len(dst) >= ciph.SaltSize() + len(plaintext) + aead.Overhead().
-func Pack(dst, plaintext []byte, ciph Cipher) ([]byte, error) {
- saltSize := ciph.SaltSize()
- salt := dst[:saltSize]
- if _, err := io.ReadFull(rand.Reader, salt); err != nil {
- return nil, err
- }
-
- aead, err := ciph.Encrypter(salt)
- if err != nil {
- return nil, err
- }
-
- if len(dst) < saltSize+len(plaintext)+aead.Overhead() {
- return nil, io.ErrShortBuffer
- }
- b := aead.Seal(dst[saltSize:saltSize], _zerononce[:aead.NonceSize()], plaintext, nil)
- return dst[:saltSize+len(b)], nil
-}
-
-// Unpack decrypts pkt using Cipher and returns a slice of dst containing the decrypted payload and any error occurred.
-// Ensure len(dst) >= len(pkt) - aead.SaltSize() - aead.Overhead().
-func Unpack(dst, pkt []byte, ciph Cipher) ([]byte, error) {
- saltSize := ciph.SaltSize()
- if len(pkt) < saltSize {
- return nil, ErrShortPacket
- }
- salt := pkt[:saltSize]
- aead, err := ciph.Decrypter(salt)
- if err != nil {
- return nil, err
- }
- if len(pkt) < saltSize+aead.Overhead() {
- return nil, ErrShortPacket
- }
- if saltSize+len(dst)+aead.Overhead() < len(pkt) {
- return nil, io.ErrShortBuffer
- }
- b, err := aead.Open(dst[:0], _zerononce[:aead.NonceSize()], pkt[saltSize:], nil)
- return b, err
-}
-
-type packetConn struct {
- net.PacketConn
- Cipher
- sync.Mutex
- buf []byte // write lock
-}
-
-// NewPacketConn wraps a net.PacketConn with cipher
-func NewPacketConn(c net.PacketConn, ciph Cipher) net.PacketConn {
- const maxPacketSize = 64 * 1024
- return &packetConn{PacketConn: c, Cipher: ciph, buf: make([]byte, maxPacketSize)}
-}
-
-// WriteTo encrypts b and write to addr using the embedded PacketConn.
-func (c *packetConn) WriteTo(b []byte, addr net.Addr) (int, error) {
- c.Lock()
- defer c.Unlock()
- buf, err := Pack(c.buf, b, c)
- if err != nil {
- return 0, err
- }
- _, err = c.PacketConn.WriteTo(buf, addr)
- return len(b), err
-}
-
-// ReadFrom reads from the embedded PacketConn and decrypts into b.
-func (c *packetConn) ReadFrom(b []byte) (int, net.Addr, error) {
- n, addr, err := c.PacketConn.ReadFrom(b)
- if err != nil {
- return n, addr, err
- }
- b, err = Unpack(b, b[:n], c)
- return len(b), addr, err
-}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/stream.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/stream.go
deleted file mode 100644
index 5f499a2..0000000
--- a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowaead/stream.go
+++ /dev/null
@@ -1,270 +0,0 @@
-package shadowaead
-
-import (
- "bytes"
- "crypto/cipher"
- "crypto/rand"
- "io"
- "net"
-)
-
-// payloadSizeMask is the maximum size of payload in bytes.
-const payloadSizeMask = 0x3FFF // 16*1024 - 1
-
-type writer struct {
- io.Writer
- cipher.AEAD
- nonce []byte
- buf []byte
-}
-
-// NewWriter wraps an io.Writer with AEAD encryption.
-func NewWriter(w io.Writer, aead cipher.AEAD) io.Writer { return newWriter(w, aead) }
-
-func newWriter(w io.Writer, aead cipher.AEAD) *writer {
- return &writer{
- Writer: w,
- AEAD: aead,
- buf: make([]byte, 2+aead.Overhead()+payloadSizeMask+aead.Overhead()),
- nonce: make([]byte, aead.NonceSize()),
- }
-}
-
-// Write encrypts b and writes to the embedded io.Writer.
-func (w *writer) Write(b []byte) (int, error) {
- n, err := w.ReadFrom(bytes.NewBuffer(b))
- return int(n), err
-}
-
-// ReadFrom reads from the given io.Reader until EOF or error, encrypts and
-// writes to the embedded io.Writer. Returns number of bytes read from r and
-// any error encountered.
-func (w *writer) ReadFrom(r io.Reader) (n int64, err error) {
- for {
- buf := w.buf
- payloadBuf := buf[2+w.Overhead() : 2+w.Overhead()+payloadSizeMask]
- nr, er := r.Read(payloadBuf)
-
- if nr > 0 {
- n += int64(nr)
- buf = buf[:2+w.Overhead()+nr+w.Overhead()]
- payloadBuf = payloadBuf[:nr]
- buf[0], buf[1] = byte(nr>>8), byte(nr) // big-endian payload size
- w.Seal(buf[:0], w.nonce, buf[:2], nil)
- increment(w.nonce)
-
- w.Seal(payloadBuf[:0], w.nonce, payloadBuf, nil)
- increment(w.nonce)
-
- _, ew := w.Writer.Write(buf)
- if ew != nil {
- err = ew
- break
- }
- }
-
- if er != nil {
- if er != io.EOF { // ignore EOF as per io.ReaderFrom contract
- err = er
- }
- break
- }
- }
-
- return n, err
-}
-
-type reader struct {
- io.Reader
- cipher.AEAD
- nonce []byte
- buf []byte
- leftover []byte
-}
-
-// NewReader wraps an io.Reader with AEAD decryption.
-func NewReader(r io.Reader, aead cipher.AEAD) io.Reader { return newReader(r, aead) }
-
-func newReader(r io.Reader, aead cipher.AEAD) *reader {
- return &reader{
- Reader: r,
- AEAD: aead,
- buf: make([]byte, payloadSizeMask+aead.Overhead()),
- nonce: make([]byte, aead.NonceSize()),
- }
-}
-
-// read and decrypt a record into the internal buffer. Return decrypted payload length and any error encountered.
-func (r *reader) read() (int, error) {
- // decrypt payload size
- buf := r.buf[:2+r.Overhead()]
- _, err := io.ReadFull(r.Reader, buf)
- if err != nil {
- return 0, err
- }
-
- _, err = r.Open(buf[:0], r.nonce, buf, nil)
- increment(r.nonce)
- if err != nil {
- return 0, err
- }
-
- size := (int(buf[0])<<8 + int(buf[1])) & payloadSizeMask
-
- // decrypt payload
- buf = r.buf[:size+r.Overhead()]
- _, err = io.ReadFull(r.Reader, buf)
- if err != nil {
- return 0, err
- }
-
- _, err = r.Open(buf[:0], r.nonce, buf, nil)
- increment(r.nonce)
- if err != nil {
- return 0, err
- }
-
- return size, nil
-}
-
-// Read reads from the embedded io.Reader, decrypts and writes to b.
-func (r *reader) Read(b []byte) (int, error) {
- // copy decrypted bytes (if any) from previous record first
- if len(r.leftover) > 0 {
- n := copy(b, r.leftover)
- r.leftover = r.leftover[n:]
- return n, nil
- }
-
- n, err := r.read()
- m := copy(b, r.buf[:n])
- if m < n { // insufficient len(b), keep leftover for next read
- r.leftover = r.buf[m:n]
- }
- return m, err
-}
-
-// WriteTo reads from the embedded io.Reader, decrypts and writes to w until
-// there's no more data to write or when an error occurs. Return number of
-// bytes written to w and any error encountered.
-func (r *reader) WriteTo(w io.Writer) (n int64, err error) {
- // write decrypted bytes left over from previous record
- for len(r.leftover) > 0 {
- nw, ew := w.Write(r.leftover)
- r.leftover = r.leftover[nw:]
- n += int64(nw)
- if ew != nil {
- return n, ew
- }
- }
-
- for {
- nr, er := r.read()
- if nr > 0 {
- nw, ew := w.Write(r.buf[:nr])
- n += int64(nw)
-
- if ew != nil {
- err = ew
- break
- }
- }
-
- if er != nil {
- if er != io.EOF { // ignore EOF as per io.Copy contract (using src.WriteTo shortcut)
- err = er
- }
- break
- }
- }
-
- return n, err
-}
-
-// increment little-endian encoded unsigned integer b. Wrap around on overflow.
-func increment(b []byte) {
- for i := range b {
- b[i]++
- if b[i] != 0 {
- return
- }
- }
-}
-
-type streamConn struct {
- net.Conn
- Cipher
- r *reader
- w *writer
-}
-
-func (c *streamConn) initReader() error {
- salt := make([]byte, c.SaltSize())
- if _, err := io.ReadFull(c.Conn, salt); err != nil {
- return err
- }
-
- aead, err := c.Decrypter(salt)
- if err != nil {
- return err
- }
-
- c.r = newReader(c.Conn, aead)
- return nil
-}
-
-func (c *streamConn) Read(b []byte) (int, error) {
- if c.r == nil {
- if err := c.initReader(); err != nil {
- return 0, err
- }
- }
- return c.r.Read(b)
-}
-
-func (c *streamConn) WriteTo(w io.Writer) (int64, error) {
- if c.r == nil {
- if err := c.initReader(); err != nil {
- return 0, err
- }
- }
- return c.r.WriteTo(w)
-}
-
-func (c *streamConn) initWriter() error {
- salt := make([]byte, c.SaltSize())
- if _, err := io.ReadFull(rand.Reader, salt); err != nil {
- return err
- }
- aead, err := c.Encrypter(salt)
- if err != nil {
- return err
- }
- _, err = c.Conn.Write(salt)
- if err != nil {
- return err
- }
- c.w = newWriter(c.Conn, aead)
- return nil
-}
-
-func (c *streamConn) Write(b []byte) (int, error) {
- if c.w == nil {
- if err := c.initWriter(); err != nil {
- return 0, err
- }
- }
- return c.w.Write(b)
-}
-
-func (c *streamConn) ReadFrom(r io.Reader) (int64, error) {
- if c.w == nil {
- if err := c.initWriter(); err != nil {
- return 0, err
- }
- }
- return c.w.ReadFrom(r)
-}
-
-// NewConn wraps a stream-oriented net.Conn with cipher.
-func NewConn(c net.Conn, ciph Cipher) net.Conn { return &streamConn{Conn: c, Cipher: ciph} }
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/cipher.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/cipher.go
deleted file mode 100644
index dea233e..0000000
--- a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/cipher.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package shadowstream
-
-import (
- "crypto/aes"
- "crypto/cipher"
- "strconv"
-
- "github.com/Yawning/chacha20"
-)
-
-// Cipher generates a pair of stream ciphers for encryption and decryption.
-type Cipher interface {
- IVSize() int
- Encrypter(iv []byte) cipher.Stream
- Decrypter(iv []byte) cipher.Stream
-}
-
-type KeySizeError int
-
-func (e KeySizeError) Error() string {
- return "key size error: need " + strconv.Itoa(int(e)) + " bytes"
-}
-
-// CTR mode
-type ctrStream struct{ cipher.Block }
-
-func (b *ctrStream) IVSize() int { return b.BlockSize() }
-func (b *ctrStream) Decrypter(iv []byte) cipher.Stream { return b.Encrypter(iv) }
-func (b *ctrStream) Encrypter(iv []byte) cipher.Stream { return cipher.NewCTR(b, iv) }
-
-func AESCTR(key []byte) (Cipher, error) {
- blk, err := aes.NewCipher(key)
- if err != nil {
- return nil, err
- }
- return &ctrStream{blk}, nil
-}
-
-// CFB mode
-type cfbStream struct{ cipher.Block }
-
-func (b *cfbStream) IVSize() int { return b.BlockSize() }
-func (b *cfbStream) Decrypter(iv []byte) cipher.Stream { return cipher.NewCFBDecrypter(b, iv) }
-func (b *cfbStream) Encrypter(iv []byte) cipher.Stream { return cipher.NewCFBEncrypter(b, iv) }
-
-func AESCFB(key []byte) (Cipher, error) {
- blk, err := aes.NewCipher(key)
- if err != nil {
- return nil, err
- }
- return &cfbStream{blk}, nil
-}
-
-// IETF-variant of chacha20
-type chacha20ietfkey []byte
-
-func (k chacha20ietfkey) IVSize() int { return chacha20.INonceSize }
-func (k chacha20ietfkey) Decrypter(iv []byte) cipher.Stream { return k.Encrypter(iv) }
-func (k chacha20ietfkey) Encrypter(iv []byte) cipher.Stream {
- ciph, err := chacha20.NewCipher(k, iv)
- if err != nil {
- panic(err) // should never happen
- }
- return ciph
-}
-
-func Chacha20IETF(key []byte) (Cipher, error) {
- if len(key) != chacha20.KeySize {
- return nil, KeySizeError(chacha20.KeySize)
- }
- return chacha20ietfkey(key), nil
-}
-
-type xchacha20key []byte
-
-func (k xchacha20key) IVSize() int { return chacha20.XNonceSize }
-func (k xchacha20key) Decrypter(iv []byte) cipher.Stream { return k.Encrypter(iv) }
-func (k xchacha20key) Encrypter(iv []byte) cipher.Stream {
- ciph, err := chacha20.NewCipher(k, iv)
- if err != nil {
- panic(err) // should never happen
- }
- return ciph
-}
-
-func Xchacha20(key []byte) (Cipher, error) {
- if len(key) != chacha20.KeySize {
- return nil, KeySizeError(chacha20.KeySize)
- }
- return xchacha20key(key), nil
-}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/doc.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/doc.go
deleted file mode 100644
index 4c0897a..0000000
--- a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/doc.go
+++ /dev/null
@@ -1,2 +0,0 @@
-// Package shadowstream implements the original Shadowsocks protocol protected by stream cipher.
-package shadowstream
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/packet.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/packet.go
deleted file mode 100644
index 8bbb27b..0000000
--- a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/packet.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package shadowstream
-
-import (
- "crypto/rand"
- "errors"
- "io"
- "net"
- "sync"
-)
-
-// ErrShortPacket means the packet is too short to be a valid encrypted packet.
-var ErrShortPacket = errors.New("short packet")
-
-// Pack encrypts plaintext using stream cipher s and a random IV.
-// Returns a slice of dst containing random IV and ciphertext.
-// Ensure len(dst) >= s.IVSize() + len(plaintext).
-func Pack(dst, plaintext []byte, s Cipher) ([]byte, error) {
- if len(dst) < s.IVSize()+len(plaintext) {
- return nil, io.ErrShortBuffer
- }
- iv := dst[:s.IVSize()]
- _, err := io.ReadFull(rand.Reader, iv)
- if err != nil {
- return nil, err
- }
-
- s.Encrypter(iv).XORKeyStream(dst[len(iv):], plaintext)
- return dst[:len(iv)+len(plaintext)], nil
-}
-
-// Unpack decrypts pkt using stream cipher s.
-// Returns a slice of dst containing decrypted plaintext.
-func Unpack(dst, pkt []byte, s Cipher) ([]byte, error) {
- if len(pkt) < s.IVSize() {
- return nil, ErrShortPacket
- }
-
- if len(dst) < len(pkt)-s.IVSize() {
- return nil, io.ErrShortBuffer
- }
- iv := pkt[:s.IVSize()]
- s.Decrypter(iv).XORKeyStream(dst, pkt[len(iv):])
- return dst[:len(pkt)-len(iv)], nil
-}
-
-type packetConn struct {
- net.PacketConn
- Cipher
- buf []byte
- sync.Mutex // write lock
-}
-
-// NewPacketConn wraps a net.PacketConn with stream cipher encryption/decryption.
-func NewPacketConn(c net.PacketConn, ciph Cipher) net.PacketConn {
- return &packetConn{PacketConn: c, Cipher: ciph, buf: make([]byte, 64*1024)}
-}
-
-func (c *packetConn) WriteTo(b []byte, addr net.Addr) (int, error) {
- c.Lock()
- defer c.Unlock()
- buf, err := Pack(c.buf, b, c.Cipher)
- if err != nil {
- return 0, err
- }
- _, err = c.PacketConn.WriteTo(buf, addr)
- return len(b), err
-}
-
-func (c *packetConn) ReadFrom(b []byte) (int, net.Addr, error) {
- n, addr, err := c.PacketConn.ReadFrom(b)
- if err != nil {
- return n, addr, err
- }
- b, err = Unpack(b, b[:n], c.Cipher)
- return len(b), addr, err
-}
diff --git a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/stream.go b/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/stream.go
deleted file mode 100644
index eb4d967..0000000
--- a/vendor/github.com/shadowsocks/go-shadowsocks2/shadowstream/stream.go
+++ /dev/null
@@ -1,171 +0,0 @@
-package shadowstream
-
-import (
- "bytes"
- "crypto/cipher"
- "crypto/rand"
- "io"
- "net"
-)
-
-const bufSize = 32 * 1024
-
-type writer struct {
- io.Writer
- cipher.Stream
- buf []byte
-}
-
-// NewWriter wraps an io.Writer with stream cipher encryption.
-func NewWriter(w io.Writer, s cipher.Stream) io.Writer {
- return &writer{Writer: w, Stream: s, buf: make([]byte, bufSize)}
-}
-
-func (w *writer) ReadFrom(r io.Reader) (n int64, err error) {
- for {
- buf := w.buf
- nr, er := r.Read(buf)
- if nr > 0 {
- n += int64(nr)
- buf = buf[:nr]
- w.XORKeyStream(buf, buf)
- _, ew := w.Writer.Write(buf)
- if ew != nil {
- err = ew
- return
- }
- }
-
- if er != nil {
- if er != io.EOF { // ignore EOF as per io.ReaderFrom contract
- err = er
- }
- return
- }
- }
-}
-
-func (w *writer) Write(b []byte) (int, error) {
- n, err := w.ReadFrom(bytes.NewBuffer(b))
- return int(n), err
-}
-
-type reader struct {
- io.Reader
- cipher.Stream
- buf []byte
-}
-
-// NewReader wraps an io.Reader with stream cipher decryption.
-func NewReader(r io.Reader, s cipher.Stream) io.Reader {
- return &reader{Reader: r, Stream: s, buf: make([]byte, bufSize)}
-}
-
-func (r *reader) Read(b []byte) (int, error) {
-
- n, err := r.Reader.Read(b)
- if err != nil {
- return 0, err
- }
- b = b[:n]
- r.XORKeyStream(b, b)
- return n, nil
-}
-
-func (r *reader) WriteTo(w io.Writer) (n int64, err error) {
- for {
- buf := r.buf
- nr, er := r.Read(buf)
- if nr > 0 {
- nw, ew := w.Write(buf[:nr])
- n += int64(nw)
-
- if ew != nil {
- err = ew
- return
- }
- }
-
- if er != nil {
- if er != io.EOF { // ignore EOF as per io.Copy contract (using src.WriteTo shortcut)
- err = er
- }
- return
- }
- }
-}
-
-type conn struct {
- net.Conn
- Cipher
- r *reader
- w *writer
-}
-
-// NewConn wraps a stream-oriented net.Conn with stream cipher encryption/decryption.
-func NewConn(c net.Conn, ciph Cipher) net.Conn {
- return &conn{Conn: c, Cipher: ciph}
-}
-
-func (c *conn) initReader() error {
- if c.r == nil {
- buf := make([]byte, bufSize)
- iv := buf[:c.IVSize()]
- if _, err := io.ReadFull(c.Conn, iv); err != nil {
- return err
- }
- c.r = &reader{Reader: c.Conn, Stream: c.Decrypter(iv), buf: buf}
- }
- return nil
-}
-
-func (c *conn) Read(b []byte) (int, error) {
- if c.r == nil {
- if err := c.initReader(); err != nil {
- return 0, err
- }
- }
- return c.r.Read(b)
-}
-
-func (c *conn) WriteTo(w io.Writer) (int64, error) {
- if c.r == nil {
- if err := c.initReader(); err != nil {
- return 0, err
- }
- }
- return c.r.WriteTo(w)
-}
-
-func (c *conn) initWriter() error {
- if c.w == nil {
- buf := make([]byte, bufSize)
- iv := buf[:c.IVSize()]
- if _, err := io.ReadFull(rand.Reader, iv); err != nil {
- return err
- }
- if _, err := c.Conn.Write(iv); err != nil {
- return err
- }
- c.w = &writer{Writer: c.Conn, Stream: c.Encrypter(iv), buf: buf}
- }
- return nil
-}
-
-func (c *conn) Write(b []byte) (int, error) {
- if c.w == nil {
- if err := c.initWriter(); err != nil {
- return 0, err
- }
- }
- return c.w.Write(b)
-}
-
-func (c *conn) ReadFrom(r io.Reader) (int64, error) {
- if c.w == nil {
- if err := c.initWriter(); err != nil {
- return 0, err
- }
- }
- return c.w.ReadFrom(r)
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/LICENSE b/vendor/github.com/sun8911879/shadowsocksR/LICENSE
deleted file mode 100644
index bed05e0..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2018 YanXin Sun
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/vendor/github.com/sun8911879/shadowsocksR/README.md b/vendor/github.com/sun8911879/shadowsocksR/README.md
deleted file mode 100644
index 93938b4..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/README.md
+++ /dev/null
@@ -1,84 +0,0 @@
-# shadowsocksR
-
-[shadowsocksR](https://github.com/sun8911879/shadowsocksR) is a shadowsocksR for Go library
-
-* shadowsocksR is based on [avege](https://github.com/avege/avege) and [shadowsocksR for Python](https://github.com/shadowsocksr-backup/shadowsocksr) changes.
-* Repair avege SSR communication BUG and streamline version. Is a normal use version.
-
-#### Use
-
-```go
-bi := &BackendInfo{
- Address: "www.domain.com:445",
- Type: "ssr",
- SSInfo: SSInfo{
- EncryptMethod: "aes-128-cfb",
- EncryptPassword: "password",
- SSRInfo: SSRInfo{
- Protocol: "auth_aes128_sha1",
- ProtocolParam: "",
- Obfs: "tls1.2_ticket_auth",
- ObfsParam: "",
- },
- },
-}
-dst, err := bi.DialSSRConn(rawaddr)
-bi.Pipe(src, dst)
-bi.Pipe(dst, src)
-```
-
-See 'example/client.go' for detailed usage.
-
-#### SS Encrypting algorithm
-
-* aes-128-cfb
-* aes-192-cfb
-* aes-256-cfb
-* aes-128-ctr
-* aes-192-ctr
-* aes-256-ctr
-* aes-128-ofb
-* aes-192-ofb
-* aes-256-ofb
-* des-cfb
-* bf-cfb
-* cast5-cfb
-* rc4-md5
-* chacha20
-* chacha20-ietf
-* salsa20
-* camellia-128-cfb
-* camellia-192-cfb
-* camellia-256-cfb
-* idea-cfb
-* rc2-cfb
-* seed-cfb
-
-#### SSR Obfs
-
-* plain
-* http_simple
-* http_post
-* random_head
-* tls1.2_ticket_auth
-
-#### SSR Protocol
-
-* origin
-* verify_sha1 aka. one time auth(OTA)
-* auth_sha1_v4
-* auth_aes128_md5
-* auth_aes128_sha1
-
-## Todo (help wanted)
-
-* Optimize performance
-
-### Thanks avege project
-* [avege](https://github.com/avege/avege)
-
-### Reference
-* [avege](https://github.com/avege/avege)
-* [shadowsocks-go](https://github.com/shadowsocks/shadowsocks-go)
-* [go-shadowsocks2](https://github.com/shadowsocks/go-shadowsocks2)
-* [ShadowsocksR](https://github.com/shadowsocksr-backup/shadowsocksr)
\ No newline at end of file
diff --git a/vendor/github.com/sun8911879/shadowsocksR/client.go b/vendor/github.com/sun8911879/shadowsocksR/client.go
deleted file mode 100644
index 2c3d7ad..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/client.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package shadowsocksr
-
-import (
- "errors"
- "net"
- "net/url"
- "strconv"
- "strings"
- "time"
-
- "github.com/sun8911879/shadowsocksR/obfs"
- "github.com/sun8911879/shadowsocksR/protocol"
- "github.com/sun8911879/shadowsocksR/ssr"
-)
-
-func NewSSRClient(u *url.URL) (*SSTCPConn, error) {
- query := u.Query()
- encryptMethod := query.Get("encrypt-method")
- encryptKey := query.Get("encrypt-key")
- cipher, err := NewStreamCipher(encryptMethod, encryptKey)
- if err != nil {
- return nil, err
- }
-
- dialer := net.Dialer{
- Timeout: time.Millisecond * 500,
- DualStack: true,
- }
- conn, err := dialer.Dial("tcp", u.Host)
- if err != nil {
- return nil, err
- }
-
- ssconn := NewSSTCPConn(conn, cipher)
- if ssconn.Conn == nil || ssconn.RemoteAddr() == nil {
- return nil, errors.New("nil connection")
- }
-
- // should initialize obfs/protocol now
- rs := strings.Split(ssconn.RemoteAddr().String(), ":")
- port, _ := strconv.Atoi(rs[1])
-
- ssconn.IObfs = obfs.NewObfs(query.Get("obfs"))
- obfsServerInfo := &ssr.ServerInfoForObfs{
- Host: rs[0],
- Port: uint16(port),
- TcpMss: 1460,
- Param: query.Get("obfs-param"),
- }
- ssconn.IObfs.SetServerInfo(obfsServerInfo)
- ssconn.IProtocol = protocol.NewProtocol(query.Get("protocol"))
- protocolServerInfo := &ssr.ServerInfoForObfs{
- Host: rs[0],
- Port: uint16(port),
- TcpMss: 1460,
- Param: query.Get("protocol-param"),
- }
- ssconn.IProtocol.SetServerInfo(protocolServerInfo)
-
- return ssconn, nil
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/encrypt.go b/vendor/github.com/sun8911879/shadowsocksR/encrypt.go
deleted file mode 100644
index 3f5e6b9..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/encrypt.go
+++ /dev/null
@@ -1,296 +0,0 @@
-package shadowsocksr
-
-import (
- "crypto/aes"
- "crypto/cipher"
- "crypto/des"
- "crypto/md5"
- "crypto/rand"
- "crypto/rc4"
- "encoding/binary"
- "errors"
-
- "github.com/sun8911879/shadowsocksR/tools"
- "github.com/sun8911879/shadowsocksR/tools/leakybuf"
-
- "github.com/Yawning/chacha20"
- "github.com/dgryski/go-camellia"
- "github.com/dgryski/go-idea"
- "github.com/dgryski/go-rc2"
- "golang.org/x/crypto/blowfish"
- "golang.org/x/crypto/cast5"
- "golang.org/x/crypto/salsa20/salsa"
-)
-
-var errEmptyPassword = errors.New("empty key")
-
-type DecOrEnc int
-
-const (
- Decrypt DecOrEnc = iota
- Encrypt
-)
-
-func newCTRStream(block cipher.Block, err error, key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
- if err != nil {
- return nil, err
- }
- return cipher.NewCTR(block, iv), nil
-}
-
-func newAESCTRStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
- block, err := aes.NewCipher(key)
- return newCTRStream(block, err, key, iv, doe)
-}
-
-func newOFBStream(block cipher.Block, err error, key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
- if err != nil {
- return nil, err
- }
- return cipher.NewCTR(block, iv), nil
-}
-
-func newAESOFBStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
- block, err := aes.NewCipher(key)
- return newOFBStream(block, err, key, iv, doe)
-}
-
-func newCFBStream(block cipher.Block, err error, key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
- if err != nil {
- return nil, err
- }
- if doe == Encrypt {
- return cipher.NewCFBEncrypter(block, iv), nil
- } else {
- return cipher.NewCFBDecrypter(block, iv), nil
- }
-}
-
-func newAESCFBStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
- block, err := aes.NewCipher(key)
- return newCFBStream(block, err, key, iv, doe)
-}
-
-func newDESStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
- block, err := des.NewCipher(key)
- return newCFBStream(block, err, key, iv, doe)
-}
-
-func newBlowFishStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
- block, err := blowfish.NewCipher(key)
- return newCFBStream(block, err, key, iv, doe)
-}
-
-func newCast5Stream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
- block, err := cast5.NewCipher(key)
- return newCFBStream(block, err, key, iv, doe)
-}
-
-func newRC4MD5Stream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
- h := md5.New()
- h.Write(key)
- h.Write(iv)
- rc4key := h.Sum(nil)
-
- return rc4.NewCipher(rc4key)
-}
-
-func newChaCha20Stream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
- return chacha20.NewCipher(key, iv)
-}
-
-func newChacha20IETFStream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
- return chacha20.NewCipher(key, iv)
-}
-
-type salsaStreamCipher struct {
- nonce [8]byte
- key [32]byte
- counter int
-}
-
-func (c *salsaStreamCipher) XORKeyStream(dst, src []byte) {
- var buf []byte
- padLen := c.counter % 64
- dataSize := len(src) + padLen
- if cap(dst) >= dataSize {
- buf = dst[:dataSize]
- } else if leakybuf.GlobalLeakyBufSize >= dataSize {
- buf = leakybuf.GlobalLeakyBuf.Get()
- defer leakybuf.GlobalLeakyBuf.Put(buf)
- buf = buf[:dataSize]
- } else {
- buf = make([]byte, dataSize)
- }
-
- var subNonce [16]byte
- copy(subNonce[:], c.nonce[:])
- binary.LittleEndian.PutUint64(subNonce[len(c.nonce):], uint64(c.counter/64))
-
- // It's difficult to avoid data copy here. src or dst maybe slice from
- // Conn.Read/Write, which can't have padding.
- copy(buf[padLen:], src[:])
- salsa.XORKeyStream(buf, buf, &subNonce, &c.key)
- copy(dst, buf[padLen:])
-
- c.counter += len(src)
-}
-
-func newSalsa20Stream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
- var c salsaStreamCipher
- copy(c.nonce[:], iv[:8])
- copy(c.key[:], key[:32])
- return &c, nil
-}
-
-func newCamelliaStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
- block, err := camellia.New(key)
- return newCFBStream(block, err, key, iv, doe)
-}
-
-func newIdeaStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
- block, err := idea.NewCipher(key)
- return newCFBStream(block, err, key, iv, doe)
-}
-
-func newRC2Stream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
- block, err := rc2.New(key, 16)
- return newCFBStream(block, err, key, iv, doe)
-}
-
-func newSeedStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
- // TODO: SEED block cipher implementation is required
- block, err := rc2.New(key, 16)
- return newCFBStream(block, err, key, iv, doe)
-}
-
-type cipherInfo struct {
- keyLen int
- ivLen int
- newStream func(key, iv []byte, doe DecOrEnc) (cipher.Stream, error)
-}
-
-var streamCipherMethod = map[string]*cipherInfo{
- "aes-128-cfb": {16, 16, newAESCFBStream},
- "aes-192-cfb": {24, 16, newAESCFBStream},
- "aes-256-cfb": {32, 16, newAESCFBStream},
- "aes-128-ctr": {16, 16, newAESCTRStream},
- "aes-192-ctr": {24, 16, newAESCTRStream},
- "aes-256-ctr": {32, 16, newAESCTRStream},
- "aes-128-ofb": {16, 16, newAESOFBStream},
- "aes-192-ofb": {24, 16, newAESOFBStream},
- "aes-256-ofb": {32, 16, newAESOFBStream},
- "des-cfb": {8, 8, newDESStream},
- "bf-cfb": {16, 8, newBlowFishStream},
- "cast5-cfb": {16, 8, newCast5Stream},
- "rc4-md5": {16, 16, newRC4MD5Stream},
- "rc4-md5-6": {16, 6, newRC4MD5Stream},
- "chacha20": {32, 8, newChaCha20Stream},
- "chacha20-ietf": {32, 12, newChacha20IETFStream},
- "salsa20": {32, 8, newSalsa20Stream},
- "camellia-128-cfb": {16, 16, newCamelliaStream},
- "camellia-192-cfb": {24, 16, newCamelliaStream},
- "camellia-256-cfb": {32, 16, newCamelliaStream},
- "idea-cfb": {16, 8, newIdeaStream},
- "rc2-cfb": {16, 8, newRC2Stream},
- "seed-cfb": {16, 8, newSeedStream},
-}
-
-func CheckCipherMethod(method string) error {
- if method == "" {
- method = "rc4-md5"
- }
- _, ok := streamCipherMethod[method]
- if !ok {
- return errors.New("Unsupported encryption method: " + method)
- }
- return nil
-}
-
-type StreamCipher struct {
- enc cipher.Stream
- dec cipher.Stream
- key []byte
- info *cipherInfo
- iv []byte
-}
-
-// NewStreamCipher creates a cipher that can be used in Dial() etc.
-// Use cipher.Copy() to create a new cipher with the same method and password
-// to avoid the cost of repeated cipher initialization.
-func NewStreamCipher(method, password string) (c *StreamCipher, err error) {
- if password == "" {
- return nil, errEmptyPassword
- }
- if method == "" {
- method = "rc4-md5"
- }
- mi, ok := streamCipherMethod[method]
- if !ok {
- return nil, errors.New("Unsupported encryption method: " + method)
- }
-
- key := tools.EVPBytesToKey(password, mi.keyLen)
-
- c = &StreamCipher{key: key, info: mi}
-
- if err != nil {
- return nil, err
- }
- return c, nil
-}
-
-// Initializes the block cipher with CFB mode, returns IV.
-func (c *StreamCipher) initEncrypt() (iv []byte, err error) {
- if c.iv == nil {
- iv = make([]byte, c.info.ivLen)
- rand.Read(iv)
- c.iv = iv
- } else {
- iv = c.iv
- }
- c.enc, err = c.info.newStream(c.key, iv, Encrypt)
- return
-}
-
-func (c *StreamCipher) initDecrypt(iv []byte) (err error) {
- c.dec, err = c.info.newStream(c.key, iv, Decrypt)
- return
-}
-
-func (c *StreamCipher) encrypt(dst, src []byte) {
- c.enc.XORKeyStream(dst, src)
-}
-
-func (c *StreamCipher) decrypt(dst, src []byte) {
- c.dec.XORKeyStream(dst, src)
-}
-
-// Copy creates a new cipher at it's initial state.
-func (c *StreamCipher) Copy() *StreamCipher {
- // This optimization maybe not necessary. But without this function, we
- // need to maintain a table cache for newTableCipher and use lock to
- // protect concurrent access to that cache.
-
- // AES and DES ciphers does not return specific types, so it's difficult
- // to create copy. But their initialization time is less than 4000ns on my
- // 2.26 GHz Intel Core 2 Duo processor. So no need to worry.
-
- // Currently, blow-fish and cast5 initialization cost is an order of
- // magnitude slower than other ciphers. (I'm not sure whether this is
- // because the current implementation is not highly optimized, or this is
- // the nature of the algorithm.)
-
- nc := *c
- nc.enc = nil
- nc.dec = nil
- return &nc
-}
-
-func (c *StreamCipher) Key() (key []byte, keyLen int) {
- return c.key, c.info.keyLen
-}
-
-func (c *StreamCipher) IV() ([]byte, int) {
- return c.iv, c.info.ivLen
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/base.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/base.go
deleted file mode 100644
index a57732e..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/obfs/base.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package obfs
-
-import (
- "strings"
-
- "github.com/sun8911879/shadowsocksR/ssr"
-)
-
-type creator func() IObfs
-
-var (
- creatorMap = make(map[string]creator)
-)
-
-type IObfs interface {
- SetServerInfo(s *ssr.ServerInfoForObfs)
- GetServerInfo() (s *ssr.ServerInfoForObfs)
- Encode(data []byte) ([]byte, error)
- Decode(data []byte) ([]byte, uint64, error)
- SetData(data interface{})
- GetData() interface{}
-}
-
-func register(name string, c creator) {
- creatorMap[name] = c
-}
-
-// NewObfs create an obfs object by name and return as an IObfs interface
-func NewObfs(name string) IObfs {
- c, ok := creatorMap[strings.ToLower(name)]
- if ok {
- return c()
- }
- return nil
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/http_post.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/http_post.go
deleted file mode 100644
index 46513d7..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/obfs/http_post.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package obfs
-
-import (
- "math/rand"
-)
-
-func init() {
- register("http_post", newHttpPost)
-}
-
-// newHttpPost create a http_post object
-func newHttpPost() IObfs {
- // newHttpSimple create a http_simple object
- t := &httpSimplePost{
- userAgentIndex: rand.Intn(len(requestUserAgent)),
- getOrPost: false,
- }
- return t
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/http_simple.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/http_simple.go
deleted file mode 100644
index 521a3e9..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/obfs/http_simple.go
+++ /dev/null
@@ -1,178 +0,0 @@
-package obfs
-
-import (
- "bytes"
- "encoding/hex"
- "fmt"
- "math/rand"
- "strings"
-
- "github.com/sun8911879/shadowsocksR/ssr"
-)
-
-var (
- requestPath = []string{
- "", "",
- "login.php?redir=", "",
- "register.php?code=", "",
- "s?ie=utf-8&f=8&rsv_bp=1&rsv_idx=1&ch=&bar=&wd=", "&rn=",
- "post.php?id=", "&goto=view.php",
- }
- requestUserAgent = []string{
- "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0",
- "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/44.0",
- "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
- "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.10 Chromium/27.0.1453.93 Chrome/27.0.1453.93 Safari/537.36",
- "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0",
- "Mozilla/5.0 (compatible; WOW64; MSIE 10.0; Windows NT 6.2)",
- "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27",
- "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C)",
- "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "Mozilla/5.0 (Linux; Android 4.4; Nexus 5 Build/BuildID) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36",
- "Mozilla/5.0 (iPad; CPU OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3",
- "Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3",
- }
-)
-
-// HttpSimple http_simple obfs encapsulate
-type httpSimplePost struct {
- ssr.ServerInfoForObfs
- rawTransSent bool
- rawTransReceived bool
- userAgentIndex int
- getOrPost bool // true for get, false for post
-}
-
-func init() {
- register("http_simple", newHttpSimple)
-}
-
-// newHttpSimple create a http_simple object
-func newHttpSimple() IObfs {
- t := &httpSimplePost{
- rawTransSent: false,
- rawTransReceived: false,
- userAgentIndex: rand.Intn(len(requestUserAgent)),
- getOrPost: true,
- }
- return t
-}
-
-func (t *httpSimplePost) SetServerInfo(s *ssr.ServerInfoForObfs) {
- t.ServerInfoForObfs = *s
-}
-
-func (t *httpSimplePost) GetServerInfo() (s *ssr.ServerInfoForObfs) {
- return &t.ServerInfoForObfs
-}
-
-func (t *httpSimplePost) SetData(data interface{}) {
-
-}
-
-func (t *httpSimplePost) GetData() interface{} {
- return nil
-}
-
-func (t *httpSimplePost) boundary() (ret string) {
- set := "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
- for i := 0; i < 32; i++ {
- ret = fmt.Sprintf("%s%c", ret, set[rand.Intn(len(set))])
- }
- return
-}
-
-func (t *httpSimplePost) data2URLEncode(data []byte) (ret string) {
- for i := 0; i < len(data); i++ {
- ret = fmt.Sprintf("%s%%%s", ret, hex.EncodeToString([]byte{data[i]}))
- }
- return
-}
-
-func (t *httpSimplePost) Encode(data []byte) (encodedData []byte, err error) {
- if t.rawTransSent {
- return data, nil
- }
-
- dataLength := len(data)
- var headData []byte
- if headSize := t.IVLen + t.HeadLen; dataLength-headSize > 64 {
- headData = make([]byte, headSize+rand.Intn(64))
- } else {
- headData = make([]byte, dataLength)
- }
- copy(headData, data[0:len(headData)])
- requestPathIndex := rand.Intn(len(requestPath)/2) * 2
- host := t.Host
- var customHead string
-
- if len(t.Param) > 0 {
- customHeads := strings.Split(t.Param, "#")
- if len(customHeads) > 2 {
- customHeads = customHeads[0:2]
- }
- param := t.Param
- if len(customHeads) > 1 {
- customHead = customHeads[1]
- param = customHeads[0]
- }
- hosts := strings.Split(param, ",")
- if len(hosts) > 0 {
- host = strings.TrimSpace(hosts[rand.Intn(len(hosts))])
- }
- }
- method := "GET /"
- if !t.getOrPost {
- method = "POST /"
- }
- httpBuf := fmt.Sprintf("%s%s%s%s HTTP/1.1\r\nHost: %s:%d\r\n",
- method,
- requestPath[requestPathIndex],
- t.data2URLEncode(headData),
- requestPath[requestPathIndex+1],
- host,
- t.Port)
- if len(customHead) > 0 {
- httpBuf = httpBuf + strings.Replace(customHead, "\\n", "\r\n", -1) + "\r\n\r\n"
- } else {
- var contentType string
- if !t.getOrPost {
- contentType = "Content-Type: multipart/form-data; boundary=" + t.boundary() + "\r\n"
- }
- httpBuf = httpBuf +
- "User-Agent: " + requestUserAgent[t.userAgentIndex] + "\r\n" +
- "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" +
- "Accept-Language: en-US,en;q=0.8\r\n" +
- "Accept-Encoding: gzip, deflate\r\n" +
- contentType +
- "DNT: 1\r\n" +
- "Connection: keep-alive\r\n" +
- "\r\n"
- }
-
- if len(headData) < dataLength {
- encodedData = make([]byte, len(httpBuf)+(dataLength-len(headData)))
- copy(encodedData, []byte(httpBuf))
- copy(encodedData[len(httpBuf):], data[len(headData):])
- } else {
- encodedData = []byte(httpBuf)
- }
- t.rawTransSent = true
-
- return
-}
-
-func (t *httpSimplePost) Decode(data []byte) ([]byte, uint64, error) {
- if t.rawTransReceived {
- return data, 0, nil
- }
-
- pos := bytes.Index(data, []byte("\r\n\r\n"))
- if pos > 0 {
- decodedData := make([]byte, len(data)-pos-4)
- copy(decodedData, data[pos+4:])
- t.rawTransReceived = true
- return decodedData, 0, nil
- }
- return nil, 0, nil
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/plain.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/plain.go
deleted file mode 100644
index 4ee2682..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/obfs/plain.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package obfs
-
-import (
- "github.com/sun8911879/shadowsocksR/ssr"
-)
-
-func init() {
- register("plain", newPlainObfs)
-}
-
-type plain struct {
- ssr.ServerInfoForObfs
-}
-
-func newPlainObfs() IObfs {
- p := &plain{}
- return p
-}
-
-func (p *plain) SetServerInfo(s *ssr.ServerInfoForObfs) {
- p.ServerInfoForObfs = *s
-}
-
-func (p *plain) GetServerInfo() (s *ssr.ServerInfoForObfs) {
- return &p.ServerInfoForObfs
-}
-
-func (p *plain) Encode(data []byte) (encodedData []byte, err error) {
- return data, nil
-}
-
-func (p *plain) Decode(data []byte) ([]byte, uint64, error) {
- return data, 0, nil
-}
-
-func (p *plain) SetData(data interface{}) {
-
-}
-
-func (p *plain) GetData() interface{} {
- return nil
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/random_head.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/random_head.go
deleted file mode 100644
index 6e0366f..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/obfs/random_head.go
+++ /dev/null
@@ -1,79 +0,0 @@
-package obfs
-
-import (
- "math/rand"
-
- "github.com/sun8911879/shadowsocksR/ssr"
-)
-
-type randomHead struct {
- ssr.ServerInfoForObfs
- rawTransSent bool
- rawTransReceived bool
- hasSentHeader bool
- dataBuffer []byte
-}
-
-func init() {
- register("random_head", newRandomHead)
-}
-
-func newRandomHead() IObfs {
- p := &randomHead{}
- return p
-}
-
-func (r *randomHead) SetServerInfo(s *ssr.ServerInfoForObfs) {
- r.ServerInfoForObfs = *s
-}
-
-func (r *randomHead) GetServerInfo() (s *ssr.ServerInfoForObfs) {
- return &r.ServerInfoForObfs
-}
-
-func (r *randomHead) SetData(data interface{}) {
-
-}
-
-func (r *randomHead) GetData() interface{} {
- return nil
-}
-
-func (r *randomHead) Encode(data []byte) (encodedData []byte, err error) {
- if r.rawTransSent {
- return data, nil
- }
-
- dataLength := len(data)
- if r.hasSentHeader {
- if dataLength > 0 {
- d := make([]byte, len(r.dataBuffer)+dataLength)
- copy(d, r.dataBuffer)
- copy(d[len(r.dataBuffer):], data)
- r.dataBuffer = d
- } else {
- encodedData = r.dataBuffer
- r.dataBuffer = nil
- r.rawTransSent = true
- }
- } else {
- size := rand.Intn(96) + 8
- encodedData = make([]byte, size)
- rand.Read(encodedData)
- ssr.SetCRC32(encodedData, size)
-
- d := make([]byte, dataLength)
- copy(d, data)
- r.dataBuffer = d
- }
- r.hasSentHeader = true
- return
-}
-
-func (r *randomHead) Decode(data []byte) ([]byte, uint64, error) {
- if r.rawTransReceived {
- return data, 0, nil
- }
- r.rawTransReceived = true
- return data, 0, nil
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/tls12_ticket_auth.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/tls12_ticket_auth.go
deleted file mode 100644
index 847c2e6..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/obfs/tls12_ticket_auth.go
+++ /dev/null
@@ -1,279 +0,0 @@
-package obfs
-
-import (
- "crypto/hmac"
- "encoding/binary"
- "fmt"
- "math/rand"
- "strings"
- "time"
-
- "github.com/sun8911879/shadowsocksR/ssr"
- "github.com/sun8911879/shadowsocksR/tools"
-)
-
-func init() {
- register("tls1.2_ticket_auth", newTLS12TicketAuth)
-}
-
-type tlsAuthData struct {
- localClientID [32]byte
-}
-
-// tls12TicketAuth tls1.2_ticket_auth obfs encapsulate
-type tls12TicketAuth struct {
- ssr.ServerInfoForObfs
- data *tlsAuthData
- sendID int
- handshakeStatus int
- sendBuffer []byte
-}
-
-// newTLS12TicketAuth create a tlv1.2_ticket_auth object
-func newTLS12TicketAuth() IObfs {
- return &tls12TicketAuth{}
-}
-
-func (t *tls12TicketAuth) SetServerInfo(s *ssr.ServerInfoForObfs) {
- t.ServerInfoForObfs = *s
-}
-
-func (t *tls12TicketAuth) GetServerInfo() (s *ssr.ServerInfoForObfs) {
- return &t.ServerInfoForObfs
-}
-
-func (t *tls12TicketAuth) SetData(data interface{}) {
- if auth, ok := data.(*tlsAuthData); ok {
- t.data = auth
- }
-}
-
-func (t *tls12TicketAuth) GetData() interface{} {
- if t.data == nil {
- t.data = &tlsAuthData{}
- b := make([]byte, 32)
- rand.Read(b)
- copy(t.data.localClientID[:], b)
- }
- return t.data
-}
-
-func (t *tls12TicketAuth) getHost() string {
- host := t.Host
- if len(t.Param) > 0 {
- hosts := strings.Split(t.Param, ",")
- if len(hosts) > 0 {
- host = hosts[rand.Intn(len(hosts))]
- host = strings.TrimSpace(host)
- }
- }
- if len(host) > 0 && host[len(host)-1] >= byte('0') && host[len(host)-1] <= byte('9') && len(t.Param) == 0 {
- host = ""
- }
- return host
-}
-
-func (t *tls12TicketAuth) Encode(data []byte) (encodedData []byte, err error) {
- if t.handshakeStatus == -1 {
- return data, nil
- }
- dataLength := len(data)
-
- if t.handshakeStatus == 8 {
- encodedData = make([]byte, dataLength+4096)
- start := 0
- outLength := 0
-
- for t.sendID <= 4 && dataLength-start > 256 {
- length := rand.Intn(512) + 64
- if length > dataLength-start {
- length = dataLength - start
- }
- copy(encodedData[outLength:], []byte{0x17, 0x3, 0x3})
- binary.BigEndian.PutUint16(encodedData[outLength+3:], uint16(length&0xFFFF))
- copy(encodedData[outLength+5:], data[start:start+length])
- start += length
- outLength += length + 5
- t.sendID++
- }
- for dataLength-start > 2048 {
- length := rand.Intn(3990) + 100
- if length > dataLength-start {
- length = dataLength - start
- }
- copy(encodedData[outLength:], []byte{0x17, 0x3, 0x3})
- binary.BigEndian.PutUint16(encodedData[outLength+3:], uint16(length&0xFFFF))
- copy(encodedData[outLength+5:], data[start:start+length])
- start += length
- outLength += length + 5
- t.sendID++
- }
- if dataLength-start > 0 {
- length := dataLength - start
- copy(encodedData[outLength:], []byte{0x17, 0x3, 0x3})
- binary.BigEndian.PutUint16(encodedData[outLength+3:], uint16(length&0xFFFF))
- copy(encodedData[outLength+5:], data[start:start+length])
- // not necessary to update variable *start* any more
- outLength += length + 5
- t.sendID++
- }
- encodedData = encodedData[:outLength]
- return
- }
-
- if t.handshakeStatus == 1 {
- //outLength := 0
- if dataLength > 0 {
- b := make([]byte, len(t.sendBuffer)+dataLength+5)
- copy(b, t.sendBuffer)
- copy(b[len(t.sendBuffer):], []byte{0x17, 0x3, 0x3})
- binary.BigEndian.PutUint16(b[len(t.sendBuffer)+3:], uint16(dataLength&0xFFFF))
- copy(b[len(t.sendBuffer)+5:], data)
- t.sendBuffer = b
- return []byte{}, nil
- }
-
- hmacData := make([]byte, 43)
- rnd := make([]byte, 22)
- rand.Read(rnd)
-
- handshakeFinish := []byte("\x14\x03\x03\x00\x01\x01\x16\x03\x03\x00\x20")
- copy(hmacData, handshakeFinish)
- copy(hmacData[len(handshakeFinish):], rnd)
-
- h := t.hmacSHA1(hmacData[:33])
- copy(hmacData[33:], h)
-
- encodedData = make([]byte, len(hmacData)+len(t.sendBuffer))
- copy(encodedData, hmacData)
- copy(encodedData[len(hmacData):], t.sendBuffer)
- t.sendBuffer = nil
- t.handshakeStatus = 8
-
- return
- }
-
- rnd := t.packAuthData()
-
- tlsData0 := []byte("\x00\x1c\xc0\x2b\xc0\x2f\xcc\xa9\xcc\xa8\xcc\x14\xcc\x13\xc0\x0a\xc0\x14\xc0\x09\xc0\x13\x00\x9c\x00\x35\x00\x2f\x00\x0a\x01\x00")
- tlsData1 := []byte("\xff\x01\x00\x01\x00")
- tlsData2 := []byte("\x00\x17\x00\x00\x00\x23\x00\xd0")
- tlsData3 := []byte("\x00\x0d\x00\x16\x00\x14\x06\x01\x06\x03\x05\x01\x05\x03\x04\x01\x04\x03\x03\x01\x03\x03\x02\x01\x02\x03\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\x12\x00\x00\x75\x50\x00\x00\x00\x0b\x00\x02\x01\x00\x00\x0a\x00\x06\x00\x04\x00\x17\x00\x18" +
- "\x00\x15\x00\x66\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
-
- var sslBuf []byte
- sslBuf = append(sslBuf, rnd...)
- sslBuf = append(sslBuf, byte(32))
- sslBuf = append(sslBuf, t.data.localClientID[:]...)
- sslBuf = append(sslBuf, tlsData0...)
-
- var extBuf []byte
- extBuf = append(extBuf, tlsData1...)
-
- host := t.getHost()
-
- extBuf = append(extBuf, t.sni(host)...)
- extBuf = append(extBuf, tlsData2...)
- ticket := make([]byte, 208)
- rand.Read(ticket)
- extBuf = append(extBuf, ticket...)
- extBuf = append(extBuf, tlsData3...)
- extBuf = append([]byte{byte(len(extBuf) / 256), byte(len(extBuf) % 256)}, extBuf...)
-
- sslBuf = append(sslBuf, extBuf...)
- // client version
- sslBuf = append([]byte{3, 3}, sslBuf...)
- // length
- sslBuf = append([]byte{1, 0, byte(len(sslBuf) / 256), byte(len(sslBuf) % 256)}, sslBuf...)
- // length
- sslBuf = append([]byte{byte(len(sslBuf) / 256), byte(len(sslBuf) % 256)}, sslBuf...)
- // version
- sslBuf = append([]byte{0x16, 3, 1}, sslBuf...)
-
- encodedData = sslBuf
-
- d := make([]byte, dataLength+5)
- copy(d[0:], []byte{0x17, 0x3, 0x3})
- binary.BigEndian.PutUint16(d[3:], uint16(dataLength&0xFFFF))
- copy(d[5:], data)
- b := make([]byte, len(t.sendBuffer)+len(d))
- copy(b, t.sendBuffer)
- copy(b[len(t.sendBuffer):], d)
- t.sendBuffer = b
-
- t.handshakeStatus = 1
-
- return
-}
-
-func (t *tls12TicketAuth) Decode(data []byte) ([]byte, uint64, error) {
- if t.handshakeStatus == -1 {
- return data, 0, nil
- }
- dataLength := len(data)
-
- if t.handshakeStatus == 8 {
- if dataLength < 5 {
- return nil, 5, fmt.Errorf("data need minimum length: 5 ,data only length: %d", dataLength)
- }
- if data[0] != 0x17 {
- return nil, 0, ssr.ErrTLS12TicketAuthIncorrectMagicNumber
- }
- size := int(binary.BigEndian.Uint16(data[3:5]))
- if size+5 > dataLength {
- return nil, uint64(size + 5), fmt.Errorf("unexpected data length: %d ,data only length: %d", size+5, dataLength)
- }
- if dataLength == size+5 {
- return data[5:], 0, nil
- }
- return data[5 : 5+size], uint64(size + 5), nil
- }
-
- if dataLength < 11+32+1+32 {
- return nil, 0, ssr.ErrTLS12TicketAuthTooShortData
- }
-
- hash := t.hmacSHA1(data[11 : 11+22])
-
- if !hmac.Equal(data[33:33+ssr.ObfsHMACSHA1Len], hash) {
- return nil, 0, ssr.ErrTLS12TicketAuthHMACError
- }
- return nil, 1, nil
-}
-
-func (t *tls12TicketAuth) packAuthData() (outData []byte) {
- outSize := 32
- outData = make([]byte, outSize)
-
- now := time.Now().Unix()
- binary.BigEndian.PutUint32(outData[0:4], uint32(now))
-
- rand.Read(outData[4 : 4+18])
-
- hash := t.hmacSHA1(outData[:outSize-ssr.ObfsHMACSHA1Len])
- copy(outData[outSize-ssr.ObfsHMACSHA1Len:], hash)
-
- return
-}
-
-func (t *tls12TicketAuth) hmacSHA1(data []byte) []byte {
- key := make([]byte, t.KeyLen+32)
- copy(key, t.Key)
- copy(key[t.KeyLen:], t.data.localClientID[:])
-
- sha1Data := tools.HmacSHA1(key, data)
- return sha1Data[:ssr.ObfsHMACSHA1Len]
-}
-
-func (t *tls12TicketAuth) sni(u string) []byte {
- bURL := []byte(u)
- length := len(bURL)
- ret := make([]byte, length+9)
- copy(ret[9:9+length], bURL)
- binary.BigEndian.PutUint16(ret[7:], uint16(length&0xFFFF))
- length += 3
- binary.BigEndian.PutUint16(ret[4:], uint16(length&0xFFFF))
- length += 2
- binary.BigEndian.PutUint16(ret[2:], uint16(length&0xFFFF))
- return ret
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_md5.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_md5.go
deleted file mode 100644
index 818b78d..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_md5.go
+++ /dev/null
@@ -1,282 +0,0 @@
-package protocol
-
-import (
- "bytes"
- "crypto/aes"
- "crypto/cipher"
- "encoding/base64"
- "encoding/binary"
- "math/rand"
- "strconv"
- "strings"
- "time"
-
- "github.com/sun8911879/shadowsocksR/ssr"
- "github.com/sun8911879/shadowsocksR/tools"
-)
-
-type hmacMethod func(key []byte, data []byte) []byte
-type hashDigestMethod func(data []byte) []byte
-
-func init() {
- register("auth_aes128_md5", NewAuthAES128MD5)
-}
-
-func NewAuthAES128MD5() IProtocol {
- a := &authAES128{
- salt: "auth_aes128_md5",
- hmac: tools.HmacMD5,
- hashDigest: tools.MD5Sum,
- packID: 1,
- recvInfo: recvInfo{
- recvID: 1,
- buffer: bytes.NewBuffer(nil),
- },
- data: &authData{
- connectionID: 0xFF000001,
- },
- }
- return a
-}
-
-type recvInfo struct {
- recvID uint32
- buffer *bytes.Buffer
-}
-
-type authAES128 struct {
- ssr.ServerInfoForObfs
- recvInfo
- data *authData
- hasSentHeader bool
- packID uint32
- userKey []byte
- salt string
- hmac hmacMethod
- hashDigest hashDigestMethod
-}
-
-func (a *authAES128) SetServerInfo(s *ssr.ServerInfoForObfs) {
- a.ServerInfoForObfs = *s
-}
-
-func (a *authAES128) GetServerInfo() (s *ssr.ServerInfoForObfs) {
- return &a.ServerInfoForObfs
-}
-
-func (a *authAES128) SetData(data interface{}) {
- if auth, ok := data.(*authData); ok {
- a.data = auth
- }
-}
-
-func (a *authAES128) GetData() interface{} {
- if a.data == nil {
- a.data = &authData{}
- }
- return a.data
-}
-
-func (a *authAES128) packData(data []byte) (outData []byte) {
- dataLength := len(data)
- randLength := 1
- if dataLength <= 1200 {
- if a.packID > 4 {
- randLength += rand.Intn(32)
- } else {
- if dataLength > 900 {
- randLength += rand.Intn(128)
- } else {
- randLength += rand.Intn(512)
- }
- }
- }
-
- outLength := randLength + dataLength + 8
- outData = make([]byte, outLength)
- // 0~1, out length
- binary.LittleEndian.PutUint16(outData[0:], uint16(outLength&0xFFFF))
- // 2~3, hmac
- key := make([]byte, len(a.userKey)+4)
- copy(key, a.userKey)
- binary.LittleEndian.PutUint32(key[len(key)-4:], a.packID)
- h := a.hmac(key, outData[0:2])
- copy(outData[2:4], h[:2])
- // 4~rand length+4, rand number
- rand.Read(outData[4 : 4+randLength])
- // 4, rand length
- if randLength < 128 {
- outData[4] = byte(randLength & 0xFF)
- } else {
- // 4, magic number 0xFF
- outData[4] = 0xFF
- // 5~6, rand length
- binary.LittleEndian.PutUint16(outData[5:], uint16(randLength&0xFFFF))
- }
- // rand length+4~out length-4, data
- if dataLength > 0 {
- copy(outData[randLength+4:], data)
- }
- a.packID++
- h = a.hmac(key, outData[:outLength-4])
- copy(outData[outLength-4:], h[:4])
- return
-}
-
-func (a *authAES128) packAuthData(data []byte) (outData []byte) {
- dataLength := len(data)
- var randLength int
- if dataLength > 400 {
- randLength = rand.Intn(512)
- } else {
- randLength = rand.Intn(1024)
- }
-
- dataOffset := randLength + 16 + 4 + 4 + 7
- outLength := dataOffset + dataLength + 4
- outData = make([]byte, outLength)
- encrypt := make([]byte, 24)
- key := make([]byte, a.IVLen+a.KeyLen)
- copy(key, a.IV)
- copy(key[a.IVLen:], a.Key)
-
- rand.Read(outData[dataOffset-randLength:])
-
- if a.data.connectionID > 0xFF000000 {
- a.data.clientID = nil
- }
- if len(a.data.clientID) == 0 {
- a.data.clientID = make([]byte, 4)
- rand.Read(a.data.clientID)
- b := make([]byte, 4)
- rand.Read(b)
- a.data.connectionID = binary.LittleEndian.Uint32(b) & 0xFFFFFF
- }
- a.data.connectionID++
- copy(encrypt[4:], a.data.clientID)
- binary.LittleEndian.PutUint32(encrypt[8:], a.data.connectionID)
-
- now := time.Now().Unix()
- binary.LittleEndian.PutUint32(encrypt[0:4], uint32(now))
-
- binary.LittleEndian.PutUint16(encrypt[12:], uint16(outLength&0xFFFF))
- binary.LittleEndian.PutUint16(encrypt[14:], uint16(randLength&0xFFFF))
-
- params := strings.Split(a.Param, ":")
- uid := make([]byte, 4)
- if len(params) >= 2 {
- if userID, err := strconv.ParseUint(params[0], 10, 32); err != nil {
- rand.Read(uid)
- } else {
- binary.LittleEndian.PutUint32(uid, uint32(userID))
- a.userKey = a.hashDigest([]byte(params[1]))
- }
- } else {
- rand.Read(uid)
- }
-
- if a.userKey == nil {
- a.userKey = make([]byte, a.KeyLen)
- copy(a.userKey, a.Key)
- }
-
- encryptKey := make([]byte, len(a.userKey))
- copy(encryptKey, a.userKey)
-
- aesCipherKey := tools.EVPBytesToKey(base64.StdEncoding.EncodeToString(encryptKey)+a.salt, 16)
- block, err := aes.NewCipher(aesCipherKey)
- if err != nil {
- return nil
- }
-
- encryptData := make([]byte, 16)
- iv := make([]byte, aes.BlockSize)
- cbc := cipher.NewCBCEncrypter(block, iv)
- cbc.CryptBlocks(encryptData, encrypt[0:16])
- copy(encrypt[4:4+16], encryptData)
- copy(encrypt[0:4], uid)
-
- h := a.hmac(key, encrypt[0:20])
- copy(encrypt[20:], h[:4])
-
- rand.Read(outData[0:1])
- h = a.hmac(key, outData[0:1])
- copy(outData[1:], h[0:7-1])
-
- copy(outData[7:], encrypt)
- copy(outData[dataOffset:], data)
-
- h = a.hmac(a.userKey, outData[0:outLength-4])
- copy(outData[outLength-4:], h[:4])
-
- return
-}
-
-func (a *authAES128) PreEncrypt(plainData []byte) (outData []byte, err error) {
- dataLength := len(plainData)
- offset := 0
- if !a.hasSentHeader {
- authLength := dataLength
- if authLength > 1200 {
- authLength = 1200
- }
- packData := a.packAuthData(plainData[:authLength])
- a.hasSentHeader = true
- outData = append(outData, packData...)
- dataLength -= authLength
- offset += authLength
- }
- const blockSize = 4096
- for dataLength > blockSize {
- packData := a.packData(plainData[offset : offset+blockSize])
- outData = append(outData, packData...)
- dataLength -= blockSize
- offset += blockSize
- }
- if dataLength > 0 {
- packData := a.packData(plainData[offset:])
- outData = append(outData, packData...)
- }
-
- return
-}
-
-func (a *authAES128) PostDecrypt(plainData []byte) ([]byte, int, error) {
- a.buffer.Reset()
- plainLength := len(plainData)
- datalength := plainLength
- readlenth := 0
- key := make([]byte, len(a.userKey)+4)
- copy(key, a.userKey)
- for plainLength > 4 {
- binary.LittleEndian.PutUint32(key[len(key)-4:], a.recvID)
-
- h := a.hmac(key, plainData[0:2])
- if h[0] != plainData[2] || h[1] != plainData[3] {
- return nil, 0, ssr.ErrAuthAES128HMACError
- }
- length := int(binary.LittleEndian.Uint16(plainData[0:2]))
- if length >= 8192 || length < 8 {
- return nil, 0, ssr.ErrAuthAES128DataLengthError
- }
- if length > plainLength {
- break
- }
- a.recvID++
- pos := int(plainData[4])
- if pos < 255 {
- pos += 4
- } else {
- pos = int(binary.LittleEndian.Uint16(plainData[5:7])) + 4
- }
-
- a.buffer.Write(plainData[pos : length-4])
- plainData = plainData[length:]
- plainLength -= length
- readlenth += length
- }
- if datalength == readlenth {
- readlenth = -1
- }
- return a.buffer.Bytes(), readlenth, nil
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_sha1.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_sha1.go
deleted file mode 100644
index c6c2b0e..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_sha1.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package protocol
-
-import (
- "bytes"
-
- "github.com/sun8911879/shadowsocksR/tools"
-)
-
-func init() {
- register("auth_aes128_sha1", NewAuthAES128SHA1)
-}
-
-func NewAuthAES128SHA1() IProtocol {
- a := &authAES128{
- salt: "auth_aes128_sha1",
- hmac: tools.HmacSHA1,
- hashDigest: tools.SHA1Sum,
- packID: 1,
- recvInfo: recvInfo{
- recvID: 1,
- buffer: bytes.NewBuffer(nil),
- },
- data: &authData{
- connectionID: 0xFF000001,
- },
- }
- return a
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_sha1_v4.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_sha1_v4.go
deleted file mode 100644
index ffec01b..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_sha1_v4.go
+++ /dev/null
@@ -1,232 +0,0 @@
-package protocol
-
-import (
- "encoding/binary"
- "math/rand"
- "time"
-
- "github.com/sun8911879/shadowsocksR/ssr"
- "github.com/sun8911879/shadowsocksR/tools"
-)
-
-func init() {
- register("auth_sha1_v4", NewAuthSHA1v4)
-}
-
-type authSHA1v4 struct {
- ssr.ServerInfoForObfs
- data *authData
- hasSentHeader bool
- recvBuffer []byte
- recvBufferLength int
-}
-
-func NewAuthSHA1v4() IProtocol {
- a := &authSHA1v4{}
- return a
-}
-
-func (a *authSHA1v4) SetServerInfo(s *ssr.ServerInfoForObfs) {
- a.ServerInfoForObfs = *s
-}
-
-func (a *authSHA1v4) GetServerInfo() (s *ssr.ServerInfoForObfs) {
- return &a.ServerInfoForObfs
-}
-
-func (a *authSHA1v4) SetData(data interface{}) {
- if auth, ok := data.(*authData); ok {
- a.data = auth
- }
-}
-
-func (a *authSHA1v4) GetData() interface{} {
- if a.data == nil {
- a.data = &authData{}
- }
- return a.data
-}
-
-func (a *authSHA1v4) packData(data []byte) (outData []byte) {
- dataLength := len(data)
- randLength := 1
- if dataLength <= 1300 {
- if dataLength > 400 {
- randLength += rand.Intn(128)
- } else {
- randLength += rand.Intn(1024)
- }
- }
-
- outLength := randLength + dataLength + 8
- outData = make([]byte, outLength)
- // 0~1, out length
- binary.BigEndian.PutUint16(outData[0:2], uint16(outLength&0xFFFF))
- // 2~3, crc of out length
- crc32 := ssr.CalcCRC32(outData, 2, 0xFFFFFFFF)
- binary.LittleEndian.PutUint16(outData[2:4], uint16(crc32&0xFFFF))
- // 4~rand length+4, rand number
- rand.Read(outData[4 : 4+randLength])
- // 4, rand length
- if randLength < 128 {
- outData[4] = byte(randLength & 0xFF)
- } else {
- // 4, magic number 0xFF
- outData[4] = 0xFF
- // 5~6, rand length
- binary.BigEndian.PutUint16(outData[5:], uint16(randLength&0xFFFF))
- }
- // rand length+4~out length-4, data
- if dataLength > 0 {
- copy(outData[randLength+4:], data)
- }
- // out length-4~end, adler32 of full data
- adler := ssr.CalcAdler32(outData[:outLength-4])
- binary.LittleEndian.PutUint32(outData[outLength-4:], adler)
-
- return outData
-}
-
-func (a *authSHA1v4) packAuthData(data []byte) (outData []byte) {
- dataLength := len(data)
- randLength := 1
- if dataLength <= 1300 {
- if dataLength > 400 {
- randLength += rand.Intn(128)
- } else {
- randLength += rand.Intn(1024)
- }
- }
- dataOffset := randLength + 4 + 2
- outLength := dataOffset + dataLength + 12 + ssr.ObfsHMACSHA1Len
- outData = make([]byte, outLength)
-
- a.data.connectionID++
- if a.data.connectionID > 0xFF000000 {
- a.data.clientID = nil
- }
- if len(a.data.clientID) == 0 {
- a.data.clientID = make([]byte, 8)
- rand.Read(a.data.clientID)
- b := make([]byte, 4)
- rand.Read(b)
- a.data.connectionID = binary.LittleEndian.Uint32(b) & 0xFFFFFF
- }
- // 0-1, out length
- binary.BigEndian.PutUint16(outData[0:], uint16(outLength&0xFFFF))
-
- // 2~6, crc of out length+salt+key
- salt := []byte("auth_sha1_v4")
- crcData := make([]byte, len(salt)+a.KeyLen+2)
- copy(crcData[0:2], outData[0:2])
- copy(crcData[2:], salt)
- copy(crcData[2+len(salt):], a.Key)
- crc32 := ssr.CalcCRC32(crcData, len(crcData), 0xFFFFFFFF)
- // 2~6, crc of out length+salt+key
- binary.LittleEndian.PutUint32(outData[2:], crc32)
- // 6~rand length+6, rand numbers
- rand.Read(outData[dataOffset-randLength : dataOffset])
- // 6, rand length
- if randLength < 128 {
- outData[6] = byte(randLength & 0xFF)
- } else {
- // 6, magic number 0xFF
- outData[6] = 0xFF
- // 7-8, rand length
- binary.BigEndian.PutUint16(outData[7:], uint16(randLength&0xFFFF))
- }
- // rand length+6~rand length+10, time stamp
- now := time.Now().Unix()
- binary.LittleEndian.PutUint32(outData[dataOffset:dataOffset+4], uint32(now))
- // rand length+10~rand length+14, client ID
- copy(outData[dataOffset+4:dataOffset+4+4], a.data.clientID[0:4])
- // rand length+14~rand length+18, connection ID
- binary.LittleEndian.PutUint32(outData[dataOffset+8:dataOffset+8+4], a.data.connectionID)
- // rand length+18~rand length+18+data length, data
- copy(outData[dataOffset+12:], data)
-
- key := make([]byte, a.IVLen+a.KeyLen)
- copy(key, a.IV)
- copy(key[a.IVLen:], a.Key)
-
- h := tools.HmacSHA1(key, outData[:outLength-ssr.ObfsHMACSHA1Len])
- // out length-10~out length/rand length+18+data length~end, hmac
- copy(outData[outLength-ssr.ObfsHMACSHA1Len:], h[0:ssr.ObfsHMACSHA1Len])
-
- return outData
-}
-
-func (a *authSHA1v4) PreEncrypt(plainData []byte) (outData []byte, err error) {
- dataLength := len(plainData)
- offset := 0
- if !a.hasSentHeader && dataLength > 0 {
- authLength := dataLength
- if headSize := ssr.GetHeadSize(plainData, 30); headSize <= dataLength {
- authLength = headSize
- }
- packData := a.packAuthData(plainData[:authLength])
- a.hasSentHeader = true
- outData = append(outData, packData...)
- dataLength -= authLength
- offset += authLength
- }
- const blockSize = 4096
- for dataLength > blockSize {
- packData := a.packData(plainData[offset : offset+blockSize])
- outData = append(outData, packData...)
- dataLength -= blockSize
- offset += blockSize
- }
- if dataLength > 0 {
- packData := a.packData(plainData[offset:])
- outData = append(outData, packData...)
- }
-
- return
-}
-
-func (a *authSHA1v4) PostDecrypt(plainData []byte) ([]byte, int, error) {
- var outData []byte
- dataLength := len(plainData)
- b := make([]byte, len(a.recvBuffer)+dataLength)
- copy(b, a.recvBuffer)
- copy(b[len(a.recvBuffer):], plainData)
- a.recvBuffer = b
- a.recvBufferLength = len(b)
- for a.recvBufferLength > 4 {
- crc32 := ssr.CalcCRC32(a.recvBuffer, 2, 0xFFFFFFFF)
- if binary.LittleEndian.Uint16(a.recvBuffer[2:4]) != uint16(crc32&0xFFFF) {
- return nil, 0, ssr.ErrAuthSHA1v4CRC32Error
- }
- length := int(binary.BigEndian.Uint16(a.recvBuffer[0:2]))
- if length >= 8192 || length < 8 {
- a.recvBufferLength = 0
- a.recvBuffer = nil
- return nil, 0, ssr.ErrAuthSHA1v4DataLengthError
- }
- if length > a.recvBufferLength {
- break
- }
-
- if ssr.CheckAdler32(a.recvBuffer, length) {
- pos := int(a.recvBuffer[4])
- if pos != 0xFF {
- pos += 4
- } else {
- pos = int(binary.BigEndian.Uint16(a.recvBuffer[5:5+2])) + 4
- }
- outLength := length - pos - 4
- b = make([]byte, len(outData)+outLength)
- copy(b, outData)
- copy(b[len(outData):], a.recvBuffer[pos:pos+outLength])
- outData = b
- a.recvBufferLength -= length
- a.recvBuffer = a.recvBuffer[length:]
- } else {
- a.recvBufferLength = 0
- a.recvBuffer = nil
- return nil, 0, ssr.ErrAuthSHA1v4IncorrectChecksum
- }
- }
- return outData, 0, nil
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/base.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/base.go
deleted file mode 100644
index 4fff0aa..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/protocol/base.go
+++ /dev/null
@@ -1,39 +0,0 @@
-package protocol
-
-import (
- "strings"
-
- "github.com/sun8911879/shadowsocksR/ssr"
-)
-
-type creator func() IProtocol
-
-var (
- creatorMap = make(map[string]creator)
-)
-
-type IProtocol interface {
- SetServerInfo(s *ssr.ServerInfoForObfs)
- GetServerInfo() *ssr.ServerInfoForObfs
- PreEncrypt(data []byte) ([]byte, error)
- PostDecrypt(data []byte) ([]byte, int, error)
- SetData(data interface{})
- GetData() interface{}
-}
-
-type authData struct {
- clientID []byte
- connectionID uint32
-}
-
-func register(name string, c creator) {
- creatorMap[name] = c
-}
-
-func NewProtocol(name string) IProtocol {
- c, ok := creatorMap[strings.ToLower(name)]
- if ok {
- return c()
- }
- return nil
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/origin.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/origin.go
deleted file mode 100644
index 8dd1851..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/protocol/origin.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package protocol
-
-import (
- "github.com/sun8911879/shadowsocksR/ssr"
-)
-
-func init() {
- register("origin", NewOrigin)
-}
-
-type origin struct {
- ssr.ServerInfoForObfs
-}
-
-func NewOrigin() IProtocol {
- a := &origin{}
- return a
-}
-
-func (o *origin) SetServerInfo(s *ssr.ServerInfoForObfs) {
- o.ServerInfoForObfs = *s
-}
-
-func (o *origin) GetServerInfo() (s *ssr.ServerInfoForObfs) {
- return &o.ServerInfoForObfs
-}
-
-func (o *origin) PreEncrypt(data []byte) (encryptedData []byte, err error) {
- return data, nil
-}
-
-func (o *origin) PostDecrypt(data []byte) ([]byte, int, error) {
- return data, 0, nil
-}
-
-func (o *origin) SetData(data interface{}) {
-
-}
-
-func (o *origin) GetData() interface{} {
- return nil
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/verify_sha1.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/verify_sha1.go
deleted file mode 100644
index 42543e5..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/protocol/verify_sha1.go
+++ /dev/null
@@ -1,101 +0,0 @@
-package protocol
-
-import (
- "bytes"
- "encoding/binary"
-
- "github.com/sun8911879/shadowsocksR/ssr"
- "github.com/sun8911879/shadowsocksR/tools"
-)
-
-func init() {
- register("verify_sha1", NewVerifySHA1)
- register("ota", NewVerifySHA1)
-}
-
-type verifySHA1 struct {
- ssr.ServerInfoForObfs
- hasSentHeader bool
- chunkId uint32
-}
-
-const (
- oneTimeAuthMask byte = 0x10
-)
-
-func NewVerifySHA1() IProtocol {
- a := &verifySHA1{}
- return a
-}
-
-func (v *verifySHA1) otaConnectAuth(data []byte) []byte {
- return append(data, tools.HmacSHA1(append(v.IV, v.Key...), data)...)
-}
-
-func (v *verifySHA1) otaReqChunkAuth(chunkId uint32, data []byte) []byte {
- nb := make([]byte, 2)
- binary.BigEndian.PutUint16(nb, uint16(len(data)))
- chunkIdBytes := make([]byte, 4)
- binary.BigEndian.PutUint32(chunkIdBytes, chunkId)
- header := append(nb, tools.HmacSHA1(append(v.IV, chunkIdBytes...), data)...)
- return append(header, data...)
-}
-
-func (v *verifySHA1) otaVerifyAuth(iv []byte, chunkId uint32, data []byte, expectedHmacSha1 []byte) bool {
- chunkIdBytes := make([]byte, 4)
- binary.BigEndian.PutUint32(chunkIdBytes, chunkId)
- actualHmacSha1 := tools.HmacSHA1(append(iv, chunkIdBytes...), data)
- return bytes.Equal(expectedHmacSha1, actualHmacSha1)
-}
-
-func (v *verifySHA1) getAndIncreaseChunkId() (chunkId uint32) {
- chunkId = v.chunkId
- v.chunkId += 1
- return
-}
-
-func (v *verifySHA1) SetServerInfo(s *ssr.ServerInfoForObfs) {
- v.ServerInfoForObfs = *s
-}
-
-func (v *verifySHA1) GetServerInfo() (s *ssr.ServerInfoForObfs) {
- return &v.ServerInfoForObfs
-}
-
-func (v *verifySHA1) SetData(data interface{}) {
-
-}
-
-func (v *verifySHA1) GetData() interface{} {
- return nil
-}
-
-func (v *verifySHA1) PreEncrypt(data []byte) (encryptedData []byte, err error) {
- dataLength := len(data)
- offset := 0
- if !v.hasSentHeader {
- data[0] |= oneTimeAuthMask
- encryptedData = v.otaConnectAuth(data[:v.HeadLen])
- v.hasSentHeader = true
- dataLength -= v.HeadLen
- offset += v.HeadLen
- }
- const blockSize = 4096
- for dataLength > blockSize {
- chunkId := v.getAndIncreaseChunkId()
- b := v.otaReqChunkAuth(chunkId, data[offset:offset+blockSize])
- encryptedData = append(encryptedData, b...)
- dataLength -= blockSize
- offset += blockSize
- }
- if dataLength > 0 {
- chunkId := v.getAndIncreaseChunkId()
- b := v.otaReqChunkAuth(chunkId, data[offset:])
- encryptedData = append(encryptedData, b...)
- }
- return
-}
-
-func (v *verifySHA1) PostDecrypt(data []byte) ([]byte, int, error) {
- return data, 0, nil
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/ssr/adler32.go b/vendor/github.com/sun8911879/shadowsocksR/ssr/adler32.go
deleted file mode 100644
index 6bda937..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/ssr/adler32.go
+++ /dev/null
@@ -1,31 +0,0 @@
-package ssr
-
-import "encoding/binary"
-
-func calcShortAdler32(input []byte, a, b uint32) (uint32, uint32) {
- for _, i := range input {
- a += uint32(i)
- b += a
- }
- a %= 65521
- b %= 65521
- return a, b
-}
-
-func CalcAdler32(input []byte) uint32 {
- var a uint32 = 1
- var b uint32 = 0
- const nMax = 5552
- for length := len(input); length > nMax; length -= nMax {
- a, b = calcShortAdler32(input[:nMax], a, b)
- input = input[nMax:]
- }
- a, b = calcShortAdler32(input, a, b)
- return (b << 16) + a
-}
-
-func CheckAdler32(input []byte, l int) bool {
- adler32 := CalcAdler32(input[:l-4])
- checksum := binary.LittleEndian.Uint32(input[l-4:])
- return adler32 == checksum
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/ssr/crc32.go b/vendor/github.com/sun8911879/shadowsocksR/ssr/crc32.go
deleted file mode 100644
index 9cf6cc6..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/ssr/crc32.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package ssr
-
-import "encoding/binary"
-
-var (
- crc32Table = make([]uint32, 256)
-)
-
-func init() {
- createCRC32Table()
-}
-
-func createCRC32Table() {
- for i := 0; i < 256; i++ {
- crc := uint32(i)
- for j := 8; j > 0; j-- {
- if crc&1 == 1 {
- crc = (crc >> 1) ^ 0xEDB88320
- } else {
- crc >>= 1
- }
- }
- crc32Table[i] = crc
- }
-}
-
-func CalcCRC32(input []byte, length int, value uint32) uint32 {
- value = 0xFFFFFFFF
- return DoCalcCRC32(input, 0, length, value)
-}
-
-func DoCalcCRC32(input []byte, index int, length int, value uint32) uint32 {
- buffer := input
- for i := index; i < length; i++ {
- value = (value >> 8) ^ crc32Table[byte(value&0xFF)^buffer[i]]
- }
- return value ^ 0xFFFFFFFF
-}
-
-func DoSetCRC32(buffer []byte, index int, length int) {
- crc := CalcCRC32(buffer[:length-4], length-4, 0xFFFFFFFF)
- binary.LittleEndian.PutUint32(buffer[length-4:], crc^0xFFFFFFFF)
-}
-
-func SetCRC32(buffer []byte, length int) {
- DoSetCRC32(buffer, 0, length)
-}
-
-func CheckCRC32(buffer []byte, length int) bool {
- crc := CalcCRC32(buffer, length, 0xFFFFFFFF)
- return crc == 0xFFFFFFFF
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/ssr/obfs.go b/vendor/github.com/sun8911879/shadowsocksR/ssr/obfs.go
deleted file mode 100644
index cee94a2..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/ssr/obfs.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package ssr
-
-import "errors"
-
-const ObfsHMACSHA1Len = 10
-
-var (
- ErrAuthSHA1v4CRC32Error = errors.New("auth_sha1_v4 post decrypt data crc32 error")
- ErrAuthSHA1v4DataLengthError = errors.New("auth_sha1_v4 post decrypt data length error")
- ErrAuthSHA1v4IncorrectChecksum = errors.New("auth_sha1_v4 post decrypt incorrect checksum")
- ErrAuthAES128HMACError = errors.New("auth_aes128_* post decrypt hmac error")
- ErrAuthAES128DataLengthError = errors.New("auth_aes128_* post decrypt length mismatch")
- ErrAuthAES128IncorrectChecksum = errors.New("auth_aes128_* post decrypt incorrect checksum")
- ErrTLS12TicketAuthTooShortData = errors.New("tls1.2_ticket_auth too short data")
- ErrTLS12TicketAuthHMACError = errors.New("tls1.2_ticket_auth hmac verifying failed")
- ErrTLS12TicketAuthIncorrectMagicNumber = errors.New("tls1.2_ticket_auth incorrect magic number")
-)
-
-type ServerInfoForObfs struct {
- Host string
- Port uint16
- Param string
- IV []byte
- IVLen int
- RecvIV []byte
- RecvIVLen int
- Key []byte
- KeyLen int
- HeadLen int
- TcpMss int
-}
-
-func GetHeadSize(data []byte, defaultValue int) int {
- if data == nil || len(data) < 2 {
- return defaultValue
- }
- headType := data[0] & 0x07
- switch headType {
- case 1:
- // IPv4 1+4+2
- return 7
- case 4:
- // IPv6 1+16+2
- return 19
- case 3:
- // domain name, variant length
- return 4 + int(data[1])
- }
-
- return defaultValue
-}
-
-func (s *ServerInfoForObfs) SetHeadLen(data []byte, defaultValue int) {
- s.HeadLen = GetHeadSize(data, defaultValue)
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/tcp.go b/vendor/github.com/sun8911879/shadowsocksR/tcp.go
deleted file mode 100644
index 4e86d98..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/tcp.go
+++ /dev/null
@@ -1,251 +0,0 @@
-package shadowsocksr
-
-import (
- "bytes"
- "fmt"
- "net"
- "sync"
-
- "github.com/sun8911879/shadowsocksR/obfs"
- "github.com/sun8911879/shadowsocksR/protocol"
- "github.com/sun8911879/shadowsocksR/tools/leakybuf"
-)
-
-// SSTCPConn the struct that override the net.Conn methods
-type SSTCPConn struct {
- net.Conn
- sync.RWMutex
- *StreamCipher
- IObfs obfs.IObfs
- IProtocol protocol.IProtocol
- readBuf []byte
- readDecodeBuf *bytes.Buffer
- readIObfsBuf *bytes.Buffer
- readEncryptBuf *bytes.Buffer
- readIndex uint64
- readUserBuf *bytes.Buffer
- writeBuf []byte
- lastReadError error
-}
-
-func NewSSTCPConn(c net.Conn, cipher *StreamCipher) *SSTCPConn {
- return &SSTCPConn{
- Conn: c,
- StreamCipher: cipher,
- readBuf: leakybuf.GlobalLeakyBuf.Get(),
- readDecodeBuf: bytes.NewBuffer(nil),
- readIObfsBuf: bytes.NewBuffer(nil),
- readUserBuf: bytes.NewBuffer(nil),
- readEncryptBuf: bytes.NewBuffer(nil),
- writeBuf: leakybuf.GlobalLeakyBuf.Get(),
- }
-}
-
-func (c *SSTCPConn) Close() error {
- leakybuf.GlobalLeakyBuf.Put(c.readBuf)
- leakybuf.GlobalLeakyBuf.Put(c.writeBuf)
- return c.Conn.Close()
-}
-
-func (c *SSTCPConn) GetIv() (iv []byte) {
- iv = make([]byte, len(c.iv))
- copy(iv, c.iv)
- return
-}
-
-func (c *SSTCPConn) GetKey() (key []byte) {
- key = make([]byte, len(c.key))
- copy(key, c.key)
- return
-}
-
-func (c *SSTCPConn) initEncryptor(b []byte) (iv []byte, err error) {
- if c.enc == nil {
- iv, err = c.initEncrypt()
- if err != nil {
- return nil, err
- }
-
- // should initialize obfs/protocol now, because iv is ready now
- obfsServerInfo := c.IObfs.GetServerInfo()
- obfsServerInfo.SetHeadLen(b, 30)
- obfsServerInfo.IV, obfsServerInfo.IVLen = c.IV()
- obfsServerInfo.Key, obfsServerInfo.KeyLen = c.Key()
- c.IObfs.SetServerInfo(obfsServerInfo)
-
- protocolServerInfo := c.IProtocol.GetServerInfo()
- protocolServerInfo.SetHeadLen(b, 30)
- protocolServerInfo.IV, protocolServerInfo.IVLen = c.IV()
- protocolServerInfo.Key, protocolServerInfo.KeyLen = c.Key()
- c.IProtocol.SetServerInfo(protocolServerInfo)
- }
- return
-}
-
-func (c *SSTCPConn) Read(b []byte) (n int, err error) {
- for {
- n, err = c.doRead(b)
- if b == nil || n != 0 || err != nil {
- return n, err
- }
- }
-}
-
-func (c *SSTCPConn) doRead(b []byte) (n int, err error) {
- //先吐出已经解密后数据
- if c.readUserBuf.Len() > 0 {
- return c.readUserBuf.Read(b)
- }
- //未读取够长度继续读取并解码
- decodelength := c.readDecodeBuf.Len()
- if (decodelength == 0 || c.readEncryptBuf.Len() > 0 || (c.readIndex != 0 && c.readIndex > uint64(decodelength))) && c.lastReadError == nil {
- c.readIndex = 0
- n, c.lastReadError = c.Conn.Read(c.readBuf)
- //写入decode 缓存
- c.readDecodeBuf.Write(c.readBuf[0:n])
- }
- //无缓冲数据返回错误
- if c.lastReadError != nil && (decodelength == 0 || uint64(decodelength) < c.readIndex) {
- return 0, c.lastReadError
- }
- decodelength = c.readDecodeBuf.Len()
- decodebytes := c.readDecodeBuf.Bytes()
- c.readDecodeBuf.Reset()
-
- for {
-
- decodedData, length, err := c.IObfs.Decode(decodebytes)
- if length == 0 && err != nil {
- return 0, err
- }
-
- //do send back
- if length == 1 {
- c.Write(make([]byte, 0))
- return 0, nil
- }
-
- //数据不够长度
- if err != nil {
- if uint64(decodelength) >= length {
- return 0, fmt.Errorf("data length: %d,decode data length: %d unknown panic", decodelength, length)
- }
- c.readIndex = length
- c.readDecodeBuf.Write(decodebytes)
- if c.readIObfsBuf.Len() == 0 {
- return 0, nil
- }
- break
- }
-
- if length >= 1 {
- //读出数据 但是有多余的数据 返回已经读取数值
- c.readIObfsBuf.Write(decodedData)
- decodebytes = decodebytes[length:]
- decodelength = len(decodebytes)
- continue
- }
-
- //完全读取数据 -- length == 0
- c.readIObfsBuf.Write(decodedData)
- break
- }
-
- decodedData := c.readIObfsBuf.Bytes()
- decodelength = c.readIObfsBuf.Len()
- c.readIObfsBuf.Reset()
-
- if c.dec == nil {
- iv := decodedData[0:c.info.ivLen]
- if err = c.initDecrypt(iv); err != nil {
- return 0, err
- }
-
- if len(c.iv) == 0 {
- c.iv = iv
- }
- decodelength -= c.info.ivLen
- if decodelength <= 0 {
- return 0, nil
- }
- decodedData = decodedData[c.info.ivLen:]
- }
-
- buf := make([]byte, decodelength)
- c.decrypt(buf, decodedData)
-
- c.readEncryptBuf.Write(buf)
- encryptbuf := c.readEncryptBuf.Bytes()
- c.readEncryptBuf.Reset()
- postDecryptedData, length, err := c.IProtocol.PostDecrypt(encryptbuf)
- if err != nil {
- return 0, err
- }
- if length == 0 {
- c.readEncryptBuf.Write(encryptbuf)
- return 0, nil
- }
-
- if length > 0 {
- c.readEncryptBuf.Write(encryptbuf[length:])
- }
-
- postDecryptedlength := len(postDecryptedData)
- blength := len(b)
- copy(b, postDecryptedData)
- if blength > postDecryptedlength {
- return postDecryptedlength, nil
- }
- c.readUserBuf.Write(postDecryptedData[len(b):])
- return blength, nil
-}
-
-func (c *SSTCPConn) preWrite(b []byte) (outData []byte, err error) {
- var iv []byte
- if iv, err = c.initEncryptor(b); err != nil {
- return
- }
-
- var preEncryptedData []byte
- preEncryptedData, err = c.IProtocol.PreEncrypt(b)
- if err != nil {
- return
- }
- preEncryptedDataLen := len(preEncryptedData)
- //c.encrypt(cipherData[len(iv):], b)
- encryptedData := make([]byte, preEncryptedDataLen)
- //! \attention here the expected output buffer length MUST be accurate, it is preEncryptedDataLen now!
- c.encrypt(encryptedData[0:preEncryptedDataLen], preEncryptedData)
-
- //common.Info("len(b)=", len(b), ", b:", b,
- // ", pre encrypted data length:", preEncryptedDataLen,
- // ", pre encrypted data:", preEncryptedData,
- // ", encrypted data length:", preEncryptedDataLen)
-
- cipherData := c.writeBuf
- dataSize := len(encryptedData) + len(iv)
- if dataSize > len(cipherData) {
- cipherData = make([]byte, dataSize)
- } else {
- cipherData = cipherData[:dataSize]
- }
-
- if iv != nil {
- // Put initialization vector in buffer before be encoded
- copy(cipherData, iv)
- }
- copy(cipherData[len(iv):], encryptedData)
-
- return c.IObfs.Encode(cipherData)
-}
-
-func (c *SSTCPConn) Write(b []byte) (n int, err error) {
- outData, err := c.preWrite(b)
- if err == nil {
- n, err = c.Conn.Write(outData)
- if err != nil {
- return n, err
- }
- }
- return len(b), nil
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/tools/encrypt.go b/vendor/github.com/sun8911879/shadowsocksR/tools/encrypt.go
deleted file mode 100644
index 5ecb3b9..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/tools/encrypt.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package tools
-
-import (
- "crypto/hmac"
- "crypto/md5"
- "crypto/sha1"
-)
-
-func HmacMD5(key []byte, data []byte) []byte {
- hmacMD5 := hmac.New(md5.New, key)
- hmacMD5.Write(data)
- return hmacMD5.Sum(nil)[:10]
-}
-
-func HmacSHA1(key []byte, data []byte) []byte {
- hmacSHA1 := hmac.New(sha1.New, key)
- hmacSHA1.Write(data)
- return hmacSHA1.Sum(nil)[:10]
-}
-
-func MD5Sum(d []byte) []byte {
- h := md5.New()
- h.Write(d)
- return h.Sum(nil)
-}
-
-func SHA1Sum(d []byte) []byte {
- h := sha1.New()
- h.Write(d)
- return h.Sum(nil)
-}
-
-func EVPBytesToKey(password string, keyLen int) (key []byte) {
- const md5Len = 16
-
- cnt := (keyLen-1)/md5Len + 1
- m := make([]byte, cnt*md5Len)
- copy(m, MD5Sum([]byte(password)))
-
- // Repeatedly call md5 until bytes generated is enough.
- // Each call to md5 uses data: prev md5 sum + password.
- d := make([]byte, md5Len+len(password))
- start := 0
- for i := 1; i < cnt; i++ {
- start += md5Len
- copy(d, m[start-md5Len:start])
- copy(d[md5Len:], password)
- copy(m[start:], MD5Sum(d))
- }
- return m[:keyLen]
-}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/tools/leakybuf/leakybuf.go b/vendor/github.com/sun8911879/shadowsocksR/tools/leakybuf/leakybuf.go
deleted file mode 100644
index 096c9cb..0000000
--- a/vendor/github.com/sun8911879/shadowsocksR/tools/leakybuf/leakybuf.go
+++ /dev/null
@@ -1,47 +0,0 @@
-// Provides leaky buffer, based on the example in Effective Go.
-package leakybuf
-
-type LeakyBuf struct {
- bufSize int // size of each buffer
- freeList chan []byte
-}
-
-// NewLeakyBuf creates a leaky buffer which can hold at most n buffer, each
-// with bufSize bytes.
-func NewLeakyBuf(n, bufSize int) *LeakyBuf {
- return &LeakyBuf{
- bufSize: bufSize,
- freeList: make(chan []byte, n),
- }
-}
-
-// Get returns a buffer from the leaky buffer or create a new buffer.
-func (lb *LeakyBuf) Get() (b []byte) {
- select {
- case b = <-lb.freeList:
- default:
- b = make([]byte, lb.bufSize)
- }
- return
-}
-
-// Put add the buffer into the free buffer pool for reuse. Panic if the buffer
-// size is not the same with the leaky buffer's. This is intended to expose
-// error usage of leaky buffer.
-func (lb *LeakyBuf) Put(b []byte) {
- if len(b) != lb.bufSize {
- panic("invalid buffer size that's put into leaky buffer")
- }
- select {
- case lb.freeList <- b:
- default:
- }
- return
-}
-
-const (
- GlobalLeakyBufSize = 32 * 1024 // data.len(2) + hmacsha1(10) + data(4096)
- maxNBuf = 8192
-)
-
-var GlobalLeakyBuf = NewLeakyBuf(maxNBuf, GlobalLeakyBufSize)
diff --git a/vendor/golang.org/x/crypto/LICENSE b/vendor/golang.org/x/crypto/LICENSE
deleted file mode 100644
index 6a66aea..0000000
--- a/vendor/golang.org/x/crypto/LICENSE
+++ /dev/null
@@ -1,27 +0,0 @@
-Copyright (c) 2009 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
- * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
- * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/golang.org/x/crypto/PATENTS b/vendor/golang.org/x/crypto/PATENTS
deleted file mode 100644
index 7330990..0000000
--- a/vendor/golang.org/x/crypto/PATENTS
+++ /dev/null
@@ -1,22 +0,0 @@
-Additional IP Rights Grant (Patents)
-
-"This implementation" means the copyrightable works distributed by
-Google as part of the Go project.
-
-Google hereby grants to You a perpetual, worldwide, non-exclusive,
-no-charge, royalty-free, irrevocable (except as stated in this section)
-patent license to make, have made, use, offer to sell, sell, import,
-transfer and otherwise run, modify and propagate the contents of this
-implementation of Go, where such license applies only to those patent
-claims, both currently owned or controlled by Google and acquired in
-the future, licensable by Google that are necessarily infringed by this
-implementation of Go. This grant does not include claims that would be
-infringed only as a consequence of further modification of this
-implementation. If you or your agent or exclusive licensee institute or
-order or agree to the institution of patent litigation against any
-entity (including a cross-claim or counterclaim in a lawsuit) alleging
-that this implementation of Go or any code incorporated within this
-implementation of Go constitutes direct or contributory patent
-infringement, or inducement of patent infringement, then any patent
-rights granted to you under this License for this implementation of Go
-shall terminate as of the date such litigation is filed.
diff --git a/vendor/golang.org/x/crypto/blowfish/block.go b/vendor/golang.org/x/crypto/blowfish/block.go
deleted file mode 100644
index 9d80f19..0000000
--- a/vendor/golang.org/x/crypto/blowfish/block.go
+++ /dev/null
@@ -1,159 +0,0 @@
-// Copyright 2010 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package blowfish
-
-// getNextWord returns the next big-endian uint32 value from the byte slice
-// at the given position in a circular manner, updating the position.
-func getNextWord(b []byte, pos *int) uint32 {
- var w uint32
- j := *pos
- for i := 0; i < 4; i++ {
- w = w<<8 | uint32(b[j])
- j++
- if j >= len(b) {
- j = 0
- }
- }
- *pos = j
- return w
-}
-
-// ExpandKey performs a key expansion on the given *Cipher. Specifically, it
-// performs the Blowfish algorithm's key schedule which sets up the *Cipher's
-// pi and substitution tables for calls to Encrypt. This is used, primarily,
-// by the bcrypt package to reuse the Blowfish key schedule during its
-// set up. It's unlikely that you need to use this directly.
-func ExpandKey(key []byte, c *Cipher) {
- j := 0
- for i := 0; i < 18; i++ {
- // Using inlined getNextWord for performance.
- var d uint32
- for k := 0; k < 4; k++ {
- d = d<<8 | uint32(key[j])
- j++
- if j >= len(key) {
- j = 0
- }
- }
- c.p[i] ^= d
- }
-
- var l, r uint32
- for i := 0; i < 18; i += 2 {
- l, r = encryptBlock(l, r, c)
- c.p[i], c.p[i+1] = l, r
- }
-
- for i := 0; i < 256; i += 2 {
- l, r = encryptBlock(l, r, c)
- c.s0[i], c.s0[i+1] = l, r
- }
- for i := 0; i < 256; i += 2 {
- l, r = encryptBlock(l, r, c)
- c.s1[i], c.s1[i+1] = l, r
- }
- for i := 0; i < 256; i += 2 {
- l, r = encryptBlock(l, r, c)
- c.s2[i], c.s2[i+1] = l, r
- }
- for i := 0; i < 256; i += 2 {
- l, r = encryptBlock(l, r, c)
- c.s3[i], c.s3[i+1] = l, r
- }
-}
-
-// This is similar to ExpandKey, but folds the salt during the key
-// schedule. While ExpandKey is essentially expandKeyWithSalt with an all-zero
-// salt passed in, reusing ExpandKey turns out to be a place of inefficiency
-// and specializing it here is useful.
-func expandKeyWithSalt(key []byte, salt []byte, c *Cipher) {
- j := 0
- for i := 0; i < 18; i++ {
- c.p[i] ^= getNextWord(key, &j)
- }
-
- j = 0
- var l, r uint32
- for i := 0; i < 18; i += 2 {
- l ^= getNextWord(salt, &j)
- r ^= getNextWord(salt, &j)
- l, r = encryptBlock(l, r, c)
- c.p[i], c.p[i+1] = l, r
- }
-
- for i := 0; i < 256; i += 2 {
- l ^= getNextWord(salt, &j)
- r ^= getNextWord(salt, &j)
- l, r = encryptBlock(l, r, c)
- c.s0[i], c.s0[i+1] = l, r
- }
-
- for i := 0; i < 256; i += 2 {
- l ^= getNextWord(salt, &j)
- r ^= getNextWord(salt, &j)
- l, r = encryptBlock(l, r, c)
- c.s1[i], c.s1[i+1] = l, r
- }
-
- for i := 0; i < 256; i += 2 {
- l ^= getNextWord(salt, &j)
- r ^= getNextWord(salt, &j)
- l, r = encryptBlock(l, r, c)
- c.s2[i], c.s2[i+1] = l, r
- }
-
- for i := 0; i < 256; i += 2 {
- l ^= getNextWord(salt, &j)
- r ^= getNextWord(salt, &j)
- l, r = encryptBlock(l, r, c)
- c.s3[i], c.s3[i+1] = l, r
- }
-}
-
-func encryptBlock(l, r uint32, c *Cipher) (uint32, uint32) {
- xl, xr := l, r
- xl ^= c.p[0]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[1]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[2]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[3]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[4]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[5]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[6]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[7]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[8]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[9]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[10]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[11]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[12]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[13]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[14]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[15]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[16]
- xr ^= c.p[17]
- return xr, xl
-}
-
-func decryptBlock(l, r uint32, c *Cipher) (uint32, uint32) {
- xl, xr := l, r
- xl ^= c.p[17]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[16]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[15]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[14]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[13]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[12]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[11]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[10]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[9]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[8]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[7]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[6]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[5]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[4]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[3]
- xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[2]
- xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[1]
- xr ^= c.p[0]
- return xr, xl
-}
diff --git a/vendor/golang.org/x/crypto/blowfish/cipher.go b/vendor/golang.org/x/crypto/blowfish/cipher.go
deleted file mode 100644
index 2641dad..0000000
--- a/vendor/golang.org/x/crypto/blowfish/cipher.go
+++ /dev/null
@@ -1,91 +0,0 @@
-// Copyright 2010 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package blowfish implements Bruce Schneier's Blowfish encryption algorithm.
-package blowfish // import "golang.org/x/crypto/blowfish"
-
-// The code is a port of Bruce Schneier's C implementation.
-// See https://www.schneier.com/blowfish.html.
-
-import "strconv"
-
-// The Blowfish block size in bytes.
-const BlockSize = 8
-
-// A Cipher is an instance of Blowfish encryption using a particular key.
-type Cipher struct {
- p [18]uint32
- s0, s1, s2, s3 [256]uint32
-}
-
-type KeySizeError int
-
-func (k KeySizeError) Error() string {
- return "crypto/blowfish: invalid key size " + strconv.Itoa(int(k))
-}
-
-// NewCipher creates and returns a Cipher.
-// The key argument should be the Blowfish key, from 1 to 56 bytes.
-func NewCipher(key []byte) (*Cipher, error) {
- var result Cipher
- if k := len(key); k < 1 || k > 56 {
- return nil, KeySizeError(k)
- }
- initCipher(&result)
- ExpandKey(key, &result)
- return &result, nil
-}
-
-// NewSaltedCipher creates a returns a Cipher that folds a salt into its key
-// schedule. For most purposes, NewCipher, instead of NewSaltedCipher, is
-// sufficient and desirable. For bcrypt compatibility, the key can be over 56
-// bytes.
-func NewSaltedCipher(key, salt []byte) (*Cipher, error) {
- if len(salt) == 0 {
- return NewCipher(key)
- }
- var result Cipher
- if k := len(key); k < 1 {
- return nil, KeySizeError(k)
- }
- initCipher(&result)
- expandKeyWithSalt(key, salt, &result)
- return &result, nil
-}
-
-// BlockSize returns the Blowfish block size, 8 bytes.
-// It is necessary to satisfy the Block interface in the
-// package "crypto/cipher".
-func (c *Cipher) BlockSize() int { return BlockSize }
-
-// Encrypt encrypts the 8-byte buffer src using the key k
-// and stores the result in dst.
-// Note that for amounts of data larger than a block,
-// it is not safe to just call Encrypt on successive blocks;
-// instead, use an encryption mode like CBC (see crypto/cipher/cbc.go).
-func (c *Cipher) Encrypt(dst, src []byte) {
- l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
- r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
- l, r = encryptBlock(l, r, c)
- dst[0], dst[1], dst[2], dst[3] = byte(l>>24), byte(l>>16), byte(l>>8), byte(l)
- dst[4], dst[5], dst[6], dst[7] = byte(r>>24), byte(r>>16), byte(r>>8), byte(r)
-}
-
-// Decrypt decrypts the 8-byte buffer src using the key k
-// and stores the result in dst.
-func (c *Cipher) Decrypt(dst, src []byte) {
- l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
- r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
- l, r = decryptBlock(l, r, c)
- dst[0], dst[1], dst[2], dst[3] = byte(l>>24), byte(l>>16), byte(l>>8), byte(l)
- dst[4], dst[5], dst[6], dst[7] = byte(r>>24), byte(r>>16), byte(r>>8), byte(r)
-}
-
-func initCipher(c *Cipher) {
- copy(c.p[0:], p[0:])
- copy(c.s0[0:], s0[0:])
- copy(c.s1[0:], s1[0:])
- copy(c.s2[0:], s2[0:])
- copy(c.s3[0:], s3[0:])
-}
diff --git a/vendor/golang.org/x/crypto/blowfish/const.go b/vendor/golang.org/x/crypto/blowfish/const.go
deleted file mode 100644
index d040775..0000000
--- a/vendor/golang.org/x/crypto/blowfish/const.go
+++ /dev/null
@@ -1,199 +0,0 @@
-// Copyright 2010 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// The startup permutation array and substitution boxes.
-// They are the hexadecimal digits of PI; see:
-// https://www.schneier.com/code/constants.txt.
-
-package blowfish
-
-var s0 = [256]uint32{
- 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,
- 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
- 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,
- 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
- 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,
- 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
- 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,
- 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
- 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,
- 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
- 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,
- 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
- 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,
- 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
- 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,
- 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
- 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,
- 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
- 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,
- 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
- 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,
- 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
- 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,
- 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
- 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,
- 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
- 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,
- 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
- 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,
- 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
- 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,
- 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
- 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,
- 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
- 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,
- 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
- 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,
- 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
- 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,
- 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
- 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,
- 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
- 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a,
-}
-
-var s1 = [256]uint32{
- 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,
- 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
- 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,
- 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
- 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,
- 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
- 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,
- 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
- 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,
- 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
- 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,
- 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
- 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,
- 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
- 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,
- 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
- 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,
- 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
- 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,
- 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
- 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,
- 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
- 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,
- 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
- 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,
- 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
- 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,
- 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
- 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,
- 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
- 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,
- 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
- 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,
- 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
- 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,
- 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
- 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,
- 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
- 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,
- 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
- 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,
- 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
- 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7,
-}
-
-var s2 = [256]uint32{
- 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,
- 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
- 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,
- 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
- 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,
- 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
- 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,
- 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
- 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,
- 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
- 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,
- 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
- 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,
- 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
- 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,
- 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
- 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,
- 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
- 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,
- 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
- 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,
- 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
- 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,
- 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
- 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,
- 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
- 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,
- 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
- 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,
- 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
- 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,
- 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
- 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,
- 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
- 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,
- 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
- 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,
- 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
- 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,
- 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
- 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,
- 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
- 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0,
-}
-
-var s3 = [256]uint32{
- 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,
- 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
- 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,
- 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
- 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,
- 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
- 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,
- 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
- 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,
- 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
- 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,
- 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
- 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,
- 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
- 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,
- 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
- 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,
- 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
- 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,
- 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
- 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,
- 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
- 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,
- 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
- 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,
- 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
- 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,
- 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
- 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,
- 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
- 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,
- 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
- 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,
- 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
- 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,
- 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
- 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,
- 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
- 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,
- 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
- 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,
- 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
- 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6,
-}
-
-var p = [18]uint32{
- 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,
- 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
- 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b,
-}
diff --git a/vendor/golang.org/x/crypto/cast5/cast5.go b/vendor/golang.org/x/crypto/cast5/cast5.go
deleted file mode 100644
index 0b4af37..0000000
--- a/vendor/golang.org/x/crypto/cast5/cast5.go
+++ /dev/null
@@ -1,526 +0,0 @@
-// Copyright 2010 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package cast5 implements CAST5, as defined in RFC 2144. CAST5 is a common
-// OpenPGP cipher.
-package cast5 // import "golang.org/x/crypto/cast5"
-
-import "errors"
-
-const BlockSize = 8
-const KeySize = 16
-
-type Cipher struct {
- masking [16]uint32
- rotate [16]uint8
-}
-
-func NewCipher(key []byte) (c *Cipher, err error) {
- if len(key) != KeySize {
- return nil, errors.New("CAST5: keys must be 16 bytes")
- }
-
- c = new(Cipher)
- c.keySchedule(key)
- return
-}
-
-func (c *Cipher) BlockSize() int {
- return BlockSize
-}
-
-func (c *Cipher) Encrypt(dst, src []byte) {
- l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
- r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
-
- l, r = r, l^f1(r, c.masking[0], c.rotate[0])
- l, r = r, l^f2(r, c.masking[1], c.rotate[1])
- l, r = r, l^f3(r, c.masking[2], c.rotate[2])
- l, r = r, l^f1(r, c.masking[3], c.rotate[3])
-
- l, r = r, l^f2(r, c.masking[4], c.rotate[4])
- l, r = r, l^f3(r, c.masking[5], c.rotate[5])
- l, r = r, l^f1(r, c.masking[6], c.rotate[6])
- l, r = r, l^f2(r, c.masking[7], c.rotate[7])
-
- l, r = r, l^f3(r, c.masking[8], c.rotate[8])
- l, r = r, l^f1(r, c.masking[9], c.rotate[9])
- l, r = r, l^f2(r, c.masking[10], c.rotate[10])
- l, r = r, l^f3(r, c.masking[11], c.rotate[11])
-
- l, r = r, l^f1(r, c.masking[12], c.rotate[12])
- l, r = r, l^f2(r, c.masking[13], c.rotate[13])
- l, r = r, l^f3(r, c.masking[14], c.rotate[14])
- l, r = r, l^f1(r, c.masking[15], c.rotate[15])
-
- dst[0] = uint8(r >> 24)
- dst[1] = uint8(r >> 16)
- dst[2] = uint8(r >> 8)
- dst[3] = uint8(r)
- dst[4] = uint8(l >> 24)
- dst[5] = uint8(l >> 16)
- dst[6] = uint8(l >> 8)
- dst[7] = uint8(l)
-}
-
-func (c *Cipher) Decrypt(dst, src []byte) {
- l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
- r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
-
- l, r = r, l^f1(r, c.masking[15], c.rotate[15])
- l, r = r, l^f3(r, c.masking[14], c.rotate[14])
- l, r = r, l^f2(r, c.masking[13], c.rotate[13])
- l, r = r, l^f1(r, c.masking[12], c.rotate[12])
-
- l, r = r, l^f3(r, c.masking[11], c.rotate[11])
- l, r = r, l^f2(r, c.masking[10], c.rotate[10])
- l, r = r, l^f1(r, c.masking[9], c.rotate[9])
- l, r = r, l^f3(r, c.masking[8], c.rotate[8])
-
- l, r = r, l^f2(r, c.masking[7], c.rotate[7])
- l, r = r, l^f1(r, c.masking[6], c.rotate[6])
- l, r = r, l^f3(r, c.masking[5], c.rotate[5])
- l, r = r, l^f2(r, c.masking[4], c.rotate[4])
-
- l, r = r, l^f1(r, c.masking[3], c.rotate[3])
- l, r = r, l^f3(r, c.masking[2], c.rotate[2])
- l, r = r, l^f2(r, c.masking[1], c.rotate[1])
- l, r = r, l^f1(r, c.masking[0], c.rotate[0])
-
- dst[0] = uint8(r >> 24)
- dst[1] = uint8(r >> 16)
- dst[2] = uint8(r >> 8)
- dst[3] = uint8(r)
- dst[4] = uint8(l >> 24)
- dst[5] = uint8(l >> 16)
- dst[6] = uint8(l >> 8)
- dst[7] = uint8(l)
-}
-
-type keyScheduleA [4][7]uint8
-type keyScheduleB [4][5]uint8
-
-// keyScheduleRound contains the magic values for a round of the key schedule.
-// The keyScheduleA deals with the lines like:
-// z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8]
-// Conceptually, both x and z are in the same array, x first. The first
-// element describes which word of this array gets written to and the
-// second, which word gets read. So, for the line above, it's "4, 0", because
-// it's writing to the first word of z, which, being after x, is word 4, and
-// reading from the first word of x: word 0.
-//
-// Next are the indexes into the S-boxes. Now the array is treated as bytes. So
-// "xD" is 0xd. The first byte of z is written as "16 + 0", just to be clear
-// that it's z that we're indexing.
-//
-// keyScheduleB deals with lines like:
-// K1 = S5[z8] ^ S6[z9] ^ S7[z7] ^ S8[z6] ^ S5[z2]
-// "K1" is ignored because key words are always written in order. So the five
-// elements are the S-box indexes. They use the same form as in keyScheduleA,
-// above.
-
-type keyScheduleRound struct{}
-type keySchedule []keyScheduleRound
-
-var schedule = []struct {
- a keyScheduleA
- b keyScheduleB
-}{
- {
- keyScheduleA{
- {4, 0, 0xd, 0xf, 0xc, 0xe, 0x8},
- {5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa},
- {6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9},
- {7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb},
- },
- keyScheduleB{
- {16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2},
- {16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6},
- {16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9},
- {16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc},
- },
- },
- {
- keyScheduleA{
- {0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0},
- {1, 4, 0, 2, 1, 3, 16 + 2},
- {2, 5, 7, 6, 5, 4, 16 + 1},
- {3, 7, 0xa, 9, 0xb, 8, 16 + 3},
- },
- keyScheduleB{
- {3, 2, 0xc, 0xd, 8},
- {1, 0, 0xe, 0xf, 0xd},
- {7, 6, 8, 9, 3},
- {5, 4, 0xa, 0xb, 7},
- },
- },
- {
- keyScheduleA{
- {4, 0, 0xd, 0xf, 0xc, 0xe, 8},
- {5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa},
- {6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9},
- {7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb},
- },
- keyScheduleB{
- {16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9},
- {16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc},
- {16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2},
- {16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6},
- },
- },
- {
- keyScheduleA{
- {0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0},
- {1, 4, 0, 2, 1, 3, 16 + 2},
- {2, 5, 7, 6, 5, 4, 16 + 1},
- {3, 7, 0xa, 9, 0xb, 8, 16 + 3},
- },
- keyScheduleB{
- {8, 9, 7, 6, 3},
- {0xa, 0xb, 5, 4, 7},
- {0xc, 0xd, 3, 2, 8},
- {0xe, 0xf, 1, 0, 0xd},
- },
- },
-}
-
-func (c *Cipher) keySchedule(in []byte) {
- var t [8]uint32
- var k [32]uint32
-
- for i := 0; i < 4; i++ {
- j := i * 4
- t[i] = uint32(in[j])<<24 | uint32(in[j+1])<<16 | uint32(in[j+2])<<8 | uint32(in[j+3])
- }
-
- x := []byte{6, 7, 4, 5}
- ki := 0
-
- for half := 0; half < 2; half++ {
- for _, round := range schedule {
- for j := 0; j < 4; j++ {
- var a [7]uint8
- copy(a[:], round.a[j][:])
- w := t[a[1]]
- w ^= sBox[4][(t[a[2]>>2]>>(24-8*(a[2]&3)))&0xff]
- w ^= sBox[5][(t[a[3]>>2]>>(24-8*(a[3]&3)))&0xff]
- w ^= sBox[6][(t[a[4]>>2]>>(24-8*(a[4]&3)))&0xff]
- w ^= sBox[7][(t[a[5]>>2]>>(24-8*(a[5]&3)))&0xff]
- w ^= sBox[x[j]][(t[a[6]>>2]>>(24-8*(a[6]&3)))&0xff]
- t[a[0]] = w
- }
-
- for j := 0; j < 4; j++ {
- var b [5]uint8
- copy(b[:], round.b[j][:])
- w := sBox[4][(t[b[0]>>2]>>(24-8*(b[0]&3)))&0xff]
- w ^= sBox[5][(t[b[1]>>2]>>(24-8*(b[1]&3)))&0xff]
- w ^= sBox[6][(t[b[2]>>2]>>(24-8*(b[2]&3)))&0xff]
- w ^= sBox[7][(t[b[3]>>2]>>(24-8*(b[3]&3)))&0xff]
- w ^= sBox[4+j][(t[b[4]>>2]>>(24-8*(b[4]&3)))&0xff]
- k[ki] = w
- ki++
- }
- }
- }
-
- for i := 0; i < 16; i++ {
- c.masking[i] = k[i]
- c.rotate[i] = uint8(k[16+i] & 0x1f)
- }
-}
-
-// These are the three 'f' functions. See RFC 2144, section 2.2.
-func f1(d, m uint32, r uint8) uint32 {
- t := m + d
- I := (t << r) | (t >> (32 - r))
- return ((sBox[0][I>>24] ^ sBox[1][(I>>16)&0xff]) - sBox[2][(I>>8)&0xff]) + sBox[3][I&0xff]
-}
-
-func f2(d, m uint32, r uint8) uint32 {
- t := m ^ d
- I := (t << r) | (t >> (32 - r))
- return ((sBox[0][I>>24] - sBox[1][(I>>16)&0xff]) + sBox[2][(I>>8)&0xff]) ^ sBox[3][I&0xff]
-}
-
-func f3(d, m uint32, r uint8) uint32 {
- t := m - d
- I := (t << r) | (t >> (32 - r))
- return ((sBox[0][I>>24] + sBox[1][(I>>16)&0xff]) ^ sBox[2][(I>>8)&0xff]) - sBox[3][I&0xff]
-}
-
-var sBox = [8][256]uint32{
- {
- 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
- 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
- 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
- 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,
- 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
- 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
- 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,
- 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
- 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,
- 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
- 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,
- 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,
- 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,
- 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
- 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
- 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,
- 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,
- 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,
- 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
- 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
- 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,
- 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,
- 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
- 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
- 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
- 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,
- 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
- 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,
- 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,
- 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,
- 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
- 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf,
- },
- {
- 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
- 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
- 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
- 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
- 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,
- 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,
- 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,
- 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
- 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
- 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,
- 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
- 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,
- 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
- 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
- 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
- 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
- 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,
- 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,
- 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,
- 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
- 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,
- 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,
- 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
- 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
- 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,
- 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
- 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,
- 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,
- 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
- 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
- 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,
- 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1,
- },
- {
- 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
- 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,
- 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,
- 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,
- 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
- 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
- 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,
- 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
- 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
- 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,
- 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,
- 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,
- 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,
- 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
- 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
- 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,
- 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
- 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,
- 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,
- 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,
- 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
- 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
- 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
- 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,
- 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
- 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
- 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,
- 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
- 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,
- 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,
- 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,
- 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783,
- },
- {
- 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
- 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,
- 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
- 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,
- 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
- 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
- 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,
- 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,
- 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,
- 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,
- 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,
- 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,
- 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
- 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,
- 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
- 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,
- 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
- 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,
- 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
- 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
- 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
- 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
- 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
- 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
- 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
- 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,
- 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
- 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
- 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,
- 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
- 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,
- 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2,
- },
- {
- 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
- 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,
- 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,
- 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
- 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
- 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
- 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,
- 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,
- 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,
- 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,
- 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,
- 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
- 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,
- 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,
- 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
- 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,
- 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,
- 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
- 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,
- 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,
- 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
- 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,
- 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,
- 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,
- 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
- 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,
- 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,
- 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
- 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
- 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
- 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,
- 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4,
- },
- {
- 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
- 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,
- 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
- 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,
- 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
- 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
- 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
- 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,
- 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
- 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,
- 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
- 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,
- 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,
- 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
- 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,
- 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,
- 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,
- 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
- 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,
- 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,
- 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
- 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
- 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
- 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,
- 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,
- 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,
- 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
- 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
- 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,
- 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
- 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
- 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f,
- },
- {
- 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
- 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,
- 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
- 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
- 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
- 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,
- 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
- 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,
- 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,
- 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
- 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
- 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
- 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,
- 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,
- 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
- 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
- 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
- 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,
- 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,
- 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
- 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,
- 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
- 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,
- 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
- 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
- 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,
- 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,
- 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,
- 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,
- 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,
- 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
- 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3,
- },
- {
- 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
- 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,
- 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
- 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,
- 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
- 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,
- 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
- 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,
- 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,
- 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,
- 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
- 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,
- 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,
- 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,
- 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
- 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,
- 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,
- 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,
- 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
- 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
- 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
- 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,
- 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
- 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,
- 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,
- 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,
- 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
- 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,
- 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,
- 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,
- 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
- 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e,
- },
-}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
deleted file mode 100644
index e28f49d..0000000
--- a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
+++ /dev/null
@@ -1,91 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD as specified in RFC 7539.
-package chacha20poly1305 // import "golang.org/x/crypto/chacha20poly1305"
-
-import (
- "crypto/cipher"
- "encoding/binary"
- "errors"
-)
-
-const (
- // KeySize is the size of the key used by this AEAD, in bytes.
- KeySize = 32
- // NonceSize is the size of the nonce used with this AEAD, in bytes.
- NonceSize = 12
-)
-
-type chacha20poly1305 struct {
- key [8]uint32
-}
-
-// New returns a ChaCha20-Poly1305 AEAD that uses the given, 256-bit key.
-func New(key []byte) (cipher.AEAD, error) {
- if len(key) != KeySize {
- return nil, errors.New("chacha20poly1305: bad key length")
- }
- ret := new(chacha20poly1305)
- ret.key[0] = binary.LittleEndian.Uint32(key[0:4])
- ret.key[1] = binary.LittleEndian.Uint32(key[4:8])
- ret.key[2] = binary.LittleEndian.Uint32(key[8:12])
- ret.key[3] = binary.LittleEndian.Uint32(key[12:16])
- ret.key[4] = binary.LittleEndian.Uint32(key[16:20])
- ret.key[5] = binary.LittleEndian.Uint32(key[20:24])
- ret.key[6] = binary.LittleEndian.Uint32(key[24:28])
- ret.key[7] = binary.LittleEndian.Uint32(key[28:32])
- return ret, nil
-}
-
-func (c *chacha20poly1305) NonceSize() int {
- return NonceSize
-}
-
-func (c *chacha20poly1305) Overhead() int {
- return 16
-}
-
-func (c *chacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
- if len(nonce) != NonceSize {
- panic("chacha20poly1305: bad nonce length passed to Seal")
- }
-
- if uint64(len(plaintext)) > (1<<38)-64 {
- panic("chacha20poly1305: plaintext too large")
- }
-
- return c.seal(dst, nonce, plaintext, additionalData)
-}
-
-var errOpen = errors.New("chacha20poly1305: message authentication failed")
-
-func (c *chacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
- if len(nonce) != NonceSize {
- panic("chacha20poly1305: bad nonce length passed to Open")
- }
- if len(ciphertext) < 16 {
- return nil, errOpen
- }
- if uint64(len(ciphertext)) > (1<<38)-48 {
- panic("chacha20poly1305: ciphertext too large")
- }
-
- return c.open(dst, nonce, ciphertext, additionalData)
-}
-
-// sliceForAppend takes a slice and a requested number of bytes. It returns a
-// slice with the contents of the given slice followed by that many bytes and a
-// second slice that aliases into it and contains only the extra bytes. If the
-// original slice has sufficient capacity then no allocation is performed.
-func sliceForAppend(in []byte, n int) (head, tail []byte) {
- if total := len(in) + n; cap(in) >= total {
- head = in[:total]
- } else {
- head = make([]byte, total)
- copy(head, in)
- }
- tail = head[len(in):]
- return
-}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
deleted file mode 100644
index 07d18a3..0000000
--- a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
+++ /dev/null
@@ -1,80 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.7,amd64,!gccgo,!appengine
-
-package chacha20poly1305
-
-import (
- "encoding/binary"
-
- "golang.org/x/sys/cpu"
-)
-
-//go:noescape
-func chacha20Poly1305Open(dst []byte, key []uint32, src, ad []byte) bool
-
-//go:noescape
-func chacha20Poly1305Seal(dst []byte, key []uint32, src, ad []byte)
-
-var (
- useASM = cpu.X86.HasSSSE3
- useAVX2 = cpu.X86.HasAVX2 && cpu.X86.HasBMI2
-)
-
-// setupState writes a ChaCha20 input matrix to state. See
-// https://tools.ietf.org/html/rfc7539#section-2.3.
-func setupState(state *[16]uint32, key *[8]uint32, nonce []byte) {
- state[0] = 0x61707865
- state[1] = 0x3320646e
- state[2] = 0x79622d32
- state[3] = 0x6b206574
-
- state[4] = key[0]
- state[5] = key[1]
- state[6] = key[2]
- state[7] = key[3]
- state[8] = key[4]
- state[9] = key[5]
- state[10] = key[6]
- state[11] = key[7]
-
- state[12] = 0
- state[13] = binary.LittleEndian.Uint32(nonce[:4])
- state[14] = binary.LittleEndian.Uint32(nonce[4:8])
- state[15] = binary.LittleEndian.Uint32(nonce[8:12])
-}
-
-func (c *chacha20poly1305) seal(dst, nonce, plaintext, additionalData []byte) []byte {
- if !useASM {
- return c.sealGeneric(dst, nonce, plaintext, additionalData)
- }
-
- var state [16]uint32
- setupState(&state, &c.key, nonce)
-
- ret, out := sliceForAppend(dst, len(plaintext)+16)
- chacha20Poly1305Seal(out[:], state[:], plaintext, additionalData)
- return ret
-}
-
-func (c *chacha20poly1305) open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
- if !useASM {
- return c.openGeneric(dst, nonce, ciphertext, additionalData)
- }
-
- var state [16]uint32
- setupState(&state, &c.key, nonce)
-
- ciphertext = ciphertext[:len(ciphertext)-16]
- ret, out := sliceForAppend(dst, len(ciphertext))
- if !chacha20Poly1305Open(out, state[:], ciphertext, additionalData) {
- for i := range out {
- out[i] = 0
- }
- return nil, errOpen
- }
-
- return ret, nil
-}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
deleted file mode 100644
index af76bbc..0000000
--- a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
+++ /dev/null
@@ -1,2695 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This file was originally from https://golang.org/cl/24717 by Vlad Krasnov of CloudFlare.
-
-// +build go1.7,amd64,!gccgo,!appengine
-
-#include "textflag.h"
-// General register allocation
-#define oup DI
-#define inp SI
-#define inl BX
-#define adp CX // free to reuse, after we hash the additional data
-#define keyp R8 // free to reuse, when we copy the key to stack
-#define itr2 R9 // general iterator
-#define itr1 CX // general iterator
-#define acc0 R10
-#define acc1 R11
-#define acc2 R12
-#define t0 R13
-#define t1 R14
-#define t2 R15
-#define t3 R8
-// Register and stack allocation for the SSE code
-#define rStore (0*16)(BP)
-#define sStore (1*16)(BP)
-#define state1Store (2*16)(BP)
-#define state2Store (3*16)(BP)
-#define tmpStore (4*16)(BP)
-#define ctr0Store (5*16)(BP)
-#define ctr1Store (6*16)(BP)
-#define ctr2Store (7*16)(BP)
-#define ctr3Store (8*16)(BP)
-#define A0 X0
-#define A1 X1
-#define A2 X2
-#define B0 X3
-#define B1 X4
-#define B2 X5
-#define C0 X6
-#define C1 X7
-#define C2 X8
-#define D0 X9
-#define D1 X10
-#define D2 X11
-#define T0 X12
-#define T1 X13
-#define T2 X14
-#define T3 X15
-#define A3 T0
-#define B3 T1
-#define C3 T2
-#define D3 T3
-// Register and stack allocation for the AVX2 code
-#define rsStoreAVX2 (0*32)(BP)
-#define state1StoreAVX2 (1*32)(BP)
-#define state2StoreAVX2 (2*32)(BP)
-#define ctr0StoreAVX2 (3*32)(BP)
-#define ctr1StoreAVX2 (4*32)(BP)
-#define ctr2StoreAVX2 (5*32)(BP)
-#define ctr3StoreAVX2 (6*32)(BP)
-#define tmpStoreAVX2 (7*32)(BP) // 256 bytes on stack
-#define AA0 Y0
-#define AA1 Y5
-#define AA2 Y6
-#define AA3 Y7
-#define BB0 Y14
-#define BB1 Y9
-#define BB2 Y10
-#define BB3 Y11
-#define CC0 Y12
-#define CC1 Y13
-#define CC2 Y8
-#define CC3 Y15
-#define DD0 Y4
-#define DD1 Y1
-#define DD2 Y2
-#define DD3 Y3
-#define TT0 DD3
-#define TT1 AA3
-#define TT2 BB3
-#define TT3 CC3
-// ChaCha20 constants
-DATA ·chacha20Constants<>+0x00(SB)/4, $0x61707865
-DATA ·chacha20Constants<>+0x04(SB)/4, $0x3320646e
-DATA ·chacha20Constants<>+0x08(SB)/4, $0x79622d32
-DATA ·chacha20Constants<>+0x0c(SB)/4, $0x6b206574
-DATA ·chacha20Constants<>+0x10(SB)/4, $0x61707865
-DATA ·chacha20Constants<>+0x14(SB)/4, $0x3320646e
-DATA ·chacha20Constants<>+0x18(SB)/4, $0x79622d32
-DATA ·chacha20Constants<>+0x1c(SB)/4, $0x6b206574
-// <<< 16 with PSHUFB
-DATA ·rol16<>+0x00(SB)/8, $0x0504070601000302
-DATA ·rol16<>+0x08(SB)/8, $0x0D0C0F0E09080B0A
-DATA ·rol16<>+0x10(SB)/8, $0x0504070601000302
-DATA ·rol16<>+0x18(SB)/8, $0x0D0C0F0E09080B0A
-// <<< 8 with PSHUFB
-DATA ·rol8<>+0x00(SB)/8, $0x0605040702010003
-DATA ·rol8<>+0x08(SB)/8, $0x0E0D0C0F0A09080B
-DATA ·rol8<>+0x10(SB)/8, $0x0605040702010003
-DATA ·rol8<>+0x18(SB)/8, $0x0E0D0C0F0A09080B
-
-DATA ·avx2InitMask<>+0x00(SB)/8, $0x0
-DATA ·avx2InitMask<>+0x08(SB)/8, $0x0
-DATA ·avx2InitMask<>+0x10(SB)/8, $0x1
-DATA ·avx2InitMask<>+0x18(SB)/8, $0x0
-
-DATA ·avx2IncMask<>+0x00(SB)/8, $0x2
-DATA ·avx2IncMask<>+0x08(SB)/8, $0x0
-DATA ·avx2IncMask<>+0x10(SB)/8, $0x2
-DATA ·avx2IncMask<>+0x18(SB)/8, $0x0
-// Poly1305 key clamp
-DATA ·polyClampMask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
-DATA ·polyClampMask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
-DATA ·polyClampMask<>+0x10(SB)/8, $0xFFFFFFFFFFFFFFFF
-DATA ·polyClampMask<>+0x18(SB)/8, $0xFFFFFFFFFFFFFFFF
-
-DATA ·sseIncMask<>+0x00(SB)/8, $0x1
-DATA ·sseIncMask<>+0x08(SB)/8, $0x0
-// To load/store the last < 16 bytes in a buffer
-DATA ·andMask<>+0x00(SB)/8, $0x00000000000000ff
-DATA ·andMask<>+0x08(SB)/8, $0x0000000000000000
-DATA ·andMask<>+0x10(SB)/8, $0x000000000000ffff
-DATA ·andMask<>+0x18(SB)/8, $0x0000000000000000
-DATA ·andMask<>+0x20(SB)/8, $0x0000000000ffffff
-DATA ·andMask<>+0x28(SB)/8, $0x0000000000000000
-DATA ·andMask<>+0x30(SB)/8, $0x00000000ffffffff
-DATA ·andMask<>+0x38(SB)/8, $0x0000000000000000
-DATA ·andMask<>+0x40(SB)/8, $0x000000ffffffffff
-DATA ·andMask<>+0x48(SB)/8, $0x0000000000000000
-DATA ·andMask<>+0x50(SB)/8, $0x0000ffffffffffff
-DATA ·andMask<>+0x58(SB)/8, $0x0000000000000000
-DATA ·andMask<>+0x60(SB)/8, $0x00ffffffffffffff
-DATA ·andMask<>+0x68(SB)/8, $0x0000000000000000
-DATA ·andMask<>+0x70(SB)/8, $0xffffffffffffffff
-DATA ·andMask<>+0x78(SB)/8, $0x0000000000000000
-DATA ·andMask<>+0x80(SB)/8, $0xffffffffffffffff
-DATA ·andMask<>+0x88(SB)/8, $0x00000000000000ff
-DATA ·andMask<>+0x90(SB)/8, $0xffffffffffffffff
-DATA ·andMask<>+0x98(SB)/8, $0x000000000000ffff
-DATA ·andMask<>+0xa0(SB)/8, $0xffffffffffffffff
-DATA ·andMask<>+0xa8(SB)/8, $0x0000000000ffffff
-DATA ·andMask<>+0xb0(SB)/8, $0xffffffffffffffff
-DATA ·andMask<>+0xb8(SB)/8, $0x00000000ffffffff
-DATA ·andMask<>+0xc0(SB)/8, $0xffffffffffffffff
-DATA ·andMask<>+0xc8(SB)/8, $0x000000ffffffffff
-DATA ·andMask<>+0xd0(SB)/8, $0xffffffffffffffff
-DATA ·andMask<>+0xd8(SB)/8, $0x0000ffffffffffff
-DATA ·andMask<>+0xe0(SB)/8, $0xffffffffffffffff
-DATA ·andMask<>+0xe8(SB)/8, $0x00ffffffffffffff
-
-GLOBL ·chacha20Constants<>(SB), (NOPTR+RODATA), $32
-GLOBL ·rol16<>(SB), (NOPTR+RODATA), $32
-GLOBL ·rol8<>(SB), (NOPTR+RODATA), $32
-GLOBL ·sseIncMask<>(SB), (NOPTR+RODATA), $16
-GLOBL ·avx2IncMask<>(SB), (NOPTR+RODATA), $32
-GLOBL ·avx2InitMask<>(SB), (NOPTR+RODATA), $32
-GLOBL ·polyClampMask<>(SB), (NOPTR+RODATA), $32
-GLOBL ·andMask<>(SB), (NOPTR+RODATA), $240
-// No PALIGNR in Go ASM yet (but VPALIGNR is present).
-#define shiftB0Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x04 // PALIGNR $4, X3, X3
-#define shiftB1Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xe4; BYTE $0x04 // PALIGNR $4, X4, X4
-#define shiftB2Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x04 // PALIGNR $4, X5, X5
-#define shiftB3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x04 // PALIGNR $4, X13, X13
-#define shiftC0Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xf6; BYTE $0x08 // PALIGNR $8, X6, X6
-#define shiftC1Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x08 // PALIGNR $8, X7, X7
-#define shiftC2Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc0; BYTE $0x08 // PALIGNR $8, X8, X8
-#define shiftC3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xf6; BYTE $0x08 // PALIGNR $8, X14, X14
-#define shiftD0Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc9; BYTE $0x0c // PALIGNR $12, X9, X9
-#define shiftD1Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xd2; BYTE $0x0c // PALIGNR $12, X10, X10
-#define shiftD2Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x0c // PALIGNR $12, X11, X11
-#define shiftD3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x0c // PALIGNR $12, X15, X15
-#define shiftB0Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x0c // PALIGNR $12, X3, X3
-#define shiftB1Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xe4; BYTE $0x0c // PALIGNR $12, X4, X4
-#define shiftB2Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x0c // PALIGNR $12, X5, X5
-#define shiftB3Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x0c // PALIGNR $12, X13, X13
-#define shiftC0Right shiftC0Left
-#define shiftC1Right shiftC1Left
-#define shiftC2Right shiftC2Left
-#define shiftC3Right shiftC3Left
-#define shiftD0Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc9; BYTE $0x04 // PALIGNR $4, X9, X9
-#define shiftD1Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xd2; BYTE $0x04 // PALIGNR $4, X10, X10
-#define shiftD2Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x04 // PALIGNR $4, X11, X11
-#define shiftD3Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x04 // PALIGNR $4, X15, X15
-// Some macros
-#define chachaQR(A, B, C, D, T) \
- PADDD B, A; PXOR A, D; PSHUFB ·rol16<>(SB), D \
- PADDD D, C; PXOR C, B; MOVO B, T; PSLLL $12, T; PSRLL $20, B; PXOR T, B \
- PADDD B, A; PXOR A, D; PSHUFB ·rol8<>(SB), D \
- PADDD D, C; PXOR C, B; MOVO B, T; PSLLL $7, T; PSRLL $25, B; PXOR T, B
-
-#define chachaQR_AVX2(A, B, C, D, T) \
- VPADDD B, A, A; VPXOR A, D, D; VPSHUFB ·rol16<>(SB), D, D \
- VPADDD D, C, C; VPXOR C, B, B; VPSLLD $12, B, T; VPSRLD $20, B, B; VPXOR T, B, B \
- VPADDD B, A, A; VPXOR A, D, D; VPSHUFB ·rol8<>(SB), D, D \
- VPADDD D, C, C; VPXOR C, B, B; VPSLLD $7, B, T; VPSRLD $25, B, B; VPXOR T, B, B
-
-#define polyAdd(S) ADDQ S, acc0; ADCQ 8+S, acc1; ADCQ $1, acc2
-#define polyMulStage1 MOVQ (0*8)(BP), AX; MOVQ AX, t2; MULQ acc0; MOVQ AX, t0; MOVQ DX, t1; MOVQ (0*8)(BP), AX; MULQ acc1; IMULQ acc2, t2; ADDQ AX, t1; ADCQ DX, t2
-#define polyMulStage2 MOVQ (1*8)(BP), AX; MOVQ AX, t3; MULQ acc0; ADDQ AX, t1; ADCQ $0, DX; MOVQ DX, acc0; MOVQ (1*8)(BP), AX; MULQ acc1; ADDQ AX, t2; ADCQ $0, DX
-#define polyMulStage3 IMULQ acc2, t3; ADDQ acc0, t2; ADCQ DX, t3
-#define polyMulReduceStage MOVQ t0, acc0; MOVQ t1, acc1; MOVQ t2, acc2; ANDQ $3, acc2; MOVQ t2, t0; ANDQ $-4, t0; MOVQ t3, t1; SHRQ $2, t2:t3; SHRQ $2, t3; ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $0, acc2; ADDQ t2, acc0; ADCQ t3, acc1; ADCQ $0, acc2
-
-#define polyMulStage1_AVX2 MOVQ (0*8)(BP), DX; MOVQ DX, t2; MULXQ acc0, t0, t1; IMULQ acc2, t2; MULXQ acc1, AX, DX; ADDQ AX, t1; ADCQ DX, t2
-#define polyMulStage2_AVX2 MOVQ (1*8)(BP), DX; MULXQ acc0, acc0, AX; ADDQ acc0, t1; MULXQ acc1, acc1, t3; ADCQ acc1, t2; ADCQ $0, t3
-#define polyMulStage3_AVX2 IMULQ acc2, DX; ADDQ AX, t2; ADCQ DX, t3
-
-#define polyMul polyMulStage1; polyMulStage2; polyMulStage3; polyMulReduceStage
-#define polyMulAVX2 polyMulStage1_AVX2; polyMulStage2_AVX2; polyMulStage3_AVX2; polyMulReduceStage
-// ----------------------------------------------------------------------------
-TEXT polyHashADInternal<>(SB), NOSPLIT, $0
- // adp points to beginning of additional data
- // itr2 holds ad length
- XORQ acc0, acc0
- XORQ acc1, acc1
- XORQ acc2, acc2
- CMPQ itr2, $13
- JNE hashADLoop
-
-openFastTLSAD:
- // Special treatment for the TLS case of 13 bytes
- MOVQ (adp), acc0
- MOVQ 5(adp), acc1
- SHRQ $24, acc1
- MOVQ $1, acc2
- polyMul
- RET
-
-hashADLoop:
- // Hash in 16 byte chunks
- CMPQ itr2, $16
- JB hashADTail
- polyAdd(0(adp))
- LEAQ (1*16)(adp), adp
- SUBQ $16, itr2
- polyMul
- JMP hashADLoop
-
-hashADTail:
- CMPQ itr2, $0
- JE hashADDone
-
- // Hash last < 16 byte tail
- XORQ t0, t0
- XORQ t1, t1
- XORQ t2, t2
- ADDQ itr2, adp
-
-hashADTailLoop:
- SHLQ $8, t1:t0
- SHLQ $8, t0
- MOVB -1(adp), t2
- XORQ t2, t0
- DECQ adp
- DECQ itr2
- JNE hashADTailLoop
-
-hashADTailFinish:
- ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
- polyMul
-
- // Finished AD
-hashADDone:
- RET
-
-// ----------------------------------------------------------------------------
-// func chacha20Poly1305Open(dst, key, src, ad []byte) bool
-TEXT ·chacha20Poly1305Open(SB), 0, $288-97
- // For aligned stack access
- MOVQ SP, BP
- ADDQ $32, BP
- ANDQ $-32, BP
- MOVQ dst+0(FP), oup
- MOVQ key+24(FP), keyp
- MOVQ src+48(FP), inp
- MOVQ src_len+56(FP), inl
- MOVQ ad+72(FP), adp
-
- // Check for AVX2 support
- CMPB ·useAVX2(SB), $1
- JE chacha20Poly1305Open_AVX2
-
- // Special optimization, for very short buffers
- CMPQ inl, $128
- JBE openSSE128 // About 16% faster
-
- // For long buffers, prepare the poly key first
- MOVOU ·chacha20Constants<>(SB), A0
- MOVOU (1*16)(keyp), B0
- MOVOU (2*16)(keyp), C0
- MOVOU (3*16)(keyp), D0
- MOVO D0, T1
-
- // Store state on stack for future use
- MOVO B0, state1Store
- MOVO C0, state2Store
- MOVO D0, ctr3Store
- MOVQ $10, itr2
-
-openSSEPreparePolyKey:
- chachaQR(A0, B0, C0, D0, T0)
- shiftB0Left; shiftC0Left; shiftD0Left
- chachaQR(A0, B0, C0, D0, T0)
- shiftB0Right; shiftC0Right; shiftD0Right
- DECQ itr2
- JNE openSSEPreparePolyKey
-
- // A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded
- PADDL ·chacha20Constants<>(SB), A0; PADDL state1Store, B0
-
- // Clamp and store the key
- PAND ·polyClampMask<>(SB), A0
- MOVO A0, rStore; MOVO B0, sStore
-
- // Hash AAD
- MOVQ ad_len+80(FP), itr2
- CALL polyHashADInternal<>(SB)
-
-openSSEMainLoop:
- CMPQ inl, $256
- JB openSSEMainLoopDone
-
- // Load state, increment counter blocks
- MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0
- MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
- MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
- MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
-
- // Store counters
- MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
-
- // There are 10 ChaCha20 iterations of 2QR each, so for 6 iterations we hash 2 blocks, and for the remaining 4 only 1 block - for a total of 16
- MOVQ $4, itr1
- MOVQ inp, itr2
-
-openSSEInternalLoop:
- MOVO C3, tmpStore
- chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
- MOVO tmpStore, C3
- MOVO C1, tmpStore
- chachaQR(A3, B3, C3, D3, C1)
- MOVO tmpStore, C1
- polyAdd(0(itr2))
- shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left
- shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left
- shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left
- polyMulStage1
- polyMulStage2
- LEAQ (2*8)(itr2), itr2
- MOVO C3, tmpStore
- chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
- MOVO tmpStore, C3
- MOVO C1, tmpStore
- polyMulStage3
- chachaQR(A3, B3, C3, D3, C1)
- MOVO tmpStore, C1
- polyMulReduceStage
- shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
- shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
- shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
- DECQ itr1
- JGE openSSEInternalLoop
-
- polyAdd(0(itr2))
- polyMul
- LEAQ (2*8)(itr2), itr2
-
- CMPQ itr1, $-6
- JG openSSEInternalLoop
-
- // Add in the state
- PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
- PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
- PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
- PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
-
- // Load - xor - store
- MOVO D3, tmpStore
- MOVOU (0*16)(inp), D3; PXOR D3, A0; MOVOU A0, (0*16)(oup)
- MOVOU (1*16)(inp), D3; PXOR D3, B0; MOVOU B0, (1*16)(oup)
- MOVOU (2*16)(inp), D3; PXOR D3, C0; MOVOU C0, (2*16)(oup)
- MOVOU (3*16)(inp), D3; PXOR D3, D0; MOVOU D0, (3*16)(oup)
- MOVOU (4*16)(inp), D0; PXOR D0, A1; MOVOU A1, (4*16)(oup)
- MOVOU (5*16)(inp), D0; PXOR D0, B1; MOVOU B1, (5*16)(oup)
- MOVOU (6*16)(inp), D0; PXOR D0, C1; MOVOU C1, (6*16)(oup)
- MOVOU (7*16)(inp), D0; PXOR D0, D1; MOVOU D1, (7*16)(oup)
- MOVOU (8*16)(inp), D0; PXOR D0, A2; MOVOU A2, (8*16)(oup)
- MOVOU (9*16)(inp), D0; PXOR D0, B2; MOVOU B2, (9*16)(oup)
- MOVOU (10*16)(inp), D0; PXOR D0, C2; MOVOU C2, (10*16)(oup)
- MOVOU (11*16)(inp), D0; PXOR D0, D2; MOVOU D2, (11*16)(oup)
- MOVOU (12*16)(inp), D0; PXOR D0, A3; MOVOU A3, (12*16)(oup)
- MOVOU (13*16)(inp), D0; PXOR D0, B3; MOVOU B3, (13*16)(oup)
- MOVOU (14*16)(inp), D0; PXOR D0, C3; MOVOU C3, (14*16)(oup)
- MOVOU (15*16)(inp), D0; PXOR tmpStore, D0; MOVOU D0, (15*16)(oup)
- LEAQ 256(inp), inp
- LEAQ 256(oup), oup
- SUBQ $256, inl
- JMP openSSEMainLoop
-
-openSSEMainLoopDone:
- // Handle the various tail sizes efficiently
- TESTQ inl, inl
- JE openSSEFinalize
- CMPQ inl, $64
- JBE openSSETail64
- CMPQ inl, $128
- JBE openSSETail128
- CMPQ inl, $192
- JBE openSSETail192
- JMP openSSETail256
-
-openSSEFinalize:
- // Hash in the PT, AAD lengths
- ADDQ ad_len+80(FP), acc0; ADCQ src_len+56(FP), acc1; ADCQ $1, acc2
- polyMul
-
- // Final reduce
- MOVQ acc0, t0
- MOVQ acc1, t1
- MOVQ acc2, t2
- SUBQ $-5, acc0
- SBBQ $-1, acc1
- SBBQ $3, acc2
- CMOVQCS t0, acc0
- CMOVQCS t1, acc1
- CMOVQCS t2, acc2
-
- // Add in the "s" part of the key
- ADDQ 0+sStore, acc0
- ADCQ 8+sStore, acc1
-
- // Finally, constant time compare to the tag at the end of the message
- XORQ AX, AX
- MOVQ $1, DX
- XORQ (0*8)(inp), acc0
- XORQ (1*8)(inp), acc1
- ORQ acc1, acc0
- CMOVQEQ DX, AX
-
- // Return true iff tags are equal
- MOVB AX, ret+96(FP)
- RET
-
-// ----------------------------------------------------------------------------
-// Special optimization for buffers smaller than 129 bytes
-openSSE128:
- // For up to 128 bytes of ciphertext and 64 bytes for the poly key, we require to process three blocks
- MOVOU ·chacha20Constants<>(SB), A0; MOVOU (1*16)(keyp), B0; MOVOU (2*16)(keyp), C0; MOVOU (3*16)(keyp), D0
- MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
- MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
- MOVO B0, T1; MOVO C0, T2; MOVO D1, T3
- MOVQ $10, itr2
-
-openSSE128InnerCipherLoop:
- chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
- shiftB0Left; shiftB1Left; shiftB2Left
- shiftC0Left; shiftC1Left; shiftC2Left
- shiftD0Left; shiftD1Left; shiftD2Left
- chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
- shiftB0Right; shiftB1Right; shiftB2Right
- shiftC0Right; shiftC1Right; shiftC2Right
- shiftD0Right; shiftD1Right; shiftD2Right
- DECQ itr2
- JNE openSSE128InnerCipherLoop
-
- // A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded
- PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
- PADDL T1, B0; PADDL T1, B1; PADDL T1, B2
- PADDL T2, C1; PADDL T2, C2
- PADDL T3, D1; PADDL ·sseIncMask<>(SB), T3; PADDL T3, D2
-
- // Clamp and store the key
- PAND ·polyClampMask<>(SB), A0
- MOVOU A0, rStore; MOVOU B0, sStore
-
- // Hash
- MOVQ ad_len+80(FP), itr2
- CALL polyHashADInternal<>(SB)
-
-openSSE128Open:
- CMPQ inl, $16
- JB openSSETail16
- SUBQ $16, inl
-
- // Load for hashing
- polyAdd(0(inp))
-
- // Load for decryption
- MOVOU (inp), T0; PXOR T0, A1; MOVOU A1, (oup)
- LEAQ (1*16)(inp), inp
- LEAQ (1*16)(oup), oup
- polyMul
-
- // Shift the stream "left"
- MOVO B1, A1
- MOVO C1, B1
- MOVO D1, C1
- MOVO A2, D1
- MOVO B2, A2
- MOVO C2, B2
- MOVO D2, C2
- JMP openSSE128Open
-
-openSSETail16:
- TESTQ inl, inl
- JE openSSEFinalize
-
- // We can safely load the CT from the end, because it is padded with the MAC
- MOVQ inl, itr2
- SHLQ $4, itr2
- LEAQ ·andMask<>(SB), t0
- MOVOU (inp), T0
- ADDQ inl, inp
- PAND -16(t0)(itr2*1), T0
- MOVO T0, 0+tmpStore
- MOVQ T0, t0
- MOVQ 8+tmpStore, t1
- PXOR A1, T0
-
- // We can only store one byte at a time, since plaintext can be shorter than 16 bytes
-openSSETail16Store:
- MOVQ T0, t3
- MOVB t3, (oup)
- PSRLDQ $1, T0
- INCQ oup
- DECQ inl
- JNE openSSETail16Store
- ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
- polyMul
- JMP openSSEFinalize
-
-// ----------------------------------------------------------------------------
-// Special optimization for the last 64 bytes of ciphertext
-openSSETail64:
- // Need to decrypt up to 64 bytes - prepare single block
- MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store
- XORQ itr2, itr2
- MOVQ inl, itr1
- CMPQ itr1, $16
- JB openSSETail64LoopB
-
-openSSETail64LoopA:
- // Perform ChaCha rounds, while hashing the remaining input
- polyAdd(0(inp)(itr2*1))
- polyMul
- SUBQ $16, itr1
-
-openSSETail64LoopB:
- ADDQ $16, itr2
- chachaQR(A0, B0, C0, D0, T0)
- shiftB0Left; shiftC0Left; shiftD0Left
- chachaQR(A0, B0, C0, D0, T0)
- shiftB0Right; shiftC0Right; shiftD0Right
-
- CMPQ itr1, $16
- JAE openSSETail64LoopA
-
- CMPQ itr2, $160
- JNE openSSETail64LoopB
-
- PADDL ·chacha20Constants<>(SB), A0; PADDL state1Store, B0; PADDL state2Store, C0; PADDL ctr0Store, D0
-
-openSSETail64DecLoop:
- CMPQ inl, $16
- JB openSSETail64DecLoopDone
- SUBQ $16, inl
- MOVOU (inp), T0
- PXOR T0, A0
- MOVOU A0, (oup)
- LEAQ 16(inp), inp
- LEAQ 16(oup), oup
- MOVO B0, A0
- MOVO C0, B0
- MOVO D0, C0
- JMP openSSETail64DecLoop
-
-openSSETail64DecLoopDone:
- MOVO A0, A1
- JMP openSSETail16
-
-// ----------------------------------------------------------------------------
-// Special optimization for the last 128 bytes of ciphertext
-openSSETail128:
- // Need to decrypt up to 128 bytes - prepare two blocks
- MOVO ·chacha20Constants<>(SB), A1; MOVO state1Store, B1; MOVO state2Store, C1; MOVO ctr3Store, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr0Store
- MOVO A1, A0; MOVO B1, B0; MOVO C1, C0; MOVO D1, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr1Store
- XORQ itr2, itr2
- MOVQ inl, itr1
- ANDQ $-16, itr1
-
-openSSETail128LoopA:
- // Perform ChaCha rounds, while hashing the remaining input
- polyAdd(0(inp)(itr2*1))
- polyMul
-
-openSSETail128LoopB:
- ADDQ $16, itr2
- chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
- shiftB0Left; shiftC0Left; shiftD0Left
- shiftB1Left; shiftC1Left; shiftD1Left
- chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
- shiftB0Right; shiftC0Right; shiftD0Right
- shiftB1Right; shiftC1Right; shiftD1Right
-
- CMPQ itr2, itr1
- JB openSSETail128LoopA
-
- CMPQ itr2, $160
- JNE openSSETail128LoopB
-
- PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1
- PADDL state1Store, B0; PADDL state1Store, B1
- PADDL state2Store, C0; PADDL state2Store, C1
- PADDL ctr1Store, D0; PADDL ctr0Store, D1
-
- MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
- PXOR T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1
- MOVOU A1, (0*16)(oup); MOVOU B1, (1*16)(oup); MOVOU C1, (2*16)(oup); MOVOU D1, (3*16)(oup)
-
- SUBQ $64, inl
- LEAQ 64(inp), inp
- LEAQ 64(oup), oup
- JMP openSSETail64DecLoop
-
-// ----------------------------------------------------------------------------
-// Special optimization for the last 192 bytes of ciphertext
-openSSETail192:
- // Need to decrypt up to 192 bytes - prepare three blocks
- MOVO ·chacha20Constants<>(SB), A2; MOVO state1Store, B2; MOVO state2Store, C2; MOVO ctr3Store, D2; PADDL ·sseIncMask<>(SB), D2; MOVO D2, ctr0Store
- MOVO A2, A1; MOVO B2, B1; MOVO C2, C1; MOVO D2, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store
- MOVO A1, A0; MOVO B1, B0; MOVO C1, C0; MOVO D1, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr2Store
-
- MOVQ inl, itr1
- MOVQ $160, itr2
- CMPQ itr1, $160
- CMOVQGT itr2, itr1
- ANDQ $-16, itr1
- XORQ itr2, itr2
-
-openSSLTail192LoopA:
- // Perform ChaCha rounds, while hashing the remaining input
- polyAdd(0(inp)(itr2*1))
- polyMul
-
-openSSLTail192LoopB:
- ADDQ $16, itr2
- chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
- shiftB0Left; shiftC0Left; shiftD0Left
- shiftB1Left; shiftC1Left; shiftD1Left
- shiftB2Left; shiftC2Left; shiftD2Left
-
- chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
- shiftB0Right; shiftC0Right; shiftD0Right
- shiftB1Right; shiftC1Right; shiftD1Right
- shiftB2Right; shiftC2Right; shiftD2Right
-
- CMPQ itr2, itr1
- JB openSSLTail192LoopA
-
- CMPQ itr2, $160
- JNE openSSLTail192LoopB
-
- CMPQ inl, $176
- JB openSSLTail192Store
-
- polyAdd(160(inp))
- polyMul
-
- CMPQ inl, $192
- JB openSSLTail192Store
-
- polyAdd(176(inp))
- polyMul
-
-openSSLTail192Store:
- PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
- PADDL state1Store, B0; PADDL state1Store, B1; PADDL state1Store, B2
- PADDL state2Store, C0; PADDL state2Store, C1; PADDL state2Store, C2
- PADDL ctr2Store, D0; PADDL ctr1Store, D1; PADDL ctr0Store, D2
-
- MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
- PXOR T0, A2; PXOR T1, B2; PXOR T2, C2; PXOR T3, D2
- MOVOU A2, (0*16)(oup); MOVOU B2, (1*16)(oup); MOVOU C2, (2*16)(oup); MOVOU D2, (3*16)(oup)
-
- MOVOU (4*16)(inp), T0; MOVOU (5*16)(inp), T1; MOVOU (6*16)(inp), T2; MOVOU (7*16)(inp), T3
- PXOR T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1
- MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
-
- SUBQ $128, inl
- LEAQ 128(inp), inp
- LEAQ 128(oup), oup
- JMP openSSETail64DecLoop
-
-// ----------------------------------------------------------------------------
-// Special optimization for the last 256 bytes of ciphertext
-openSSETail256:
- // Need to decrypt up to 256 bytes - prepare four blocks
- MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0
- MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
- MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
- MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
-
- // Store counters
- MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
- XORQ itr2, itr2
-
-openSSETail256Loop:
- // This loop inteleaves 8 ChaCha quarter rounds with 1 poly multiplication
- polyAdd(0(inp)(itr2*1))
- MOVO C3, tmpStore
- chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
- MOVO tmpStore, C3
- MOVO C1, tmpStore
- chachaQR(A3, B3, C3, D3, C1)
- MOVO tmpStore, C1
- shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left
- shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left
- shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left
- polyMulStage1
- polyMulStage2
- MOVO C3, tmpStore
- chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
- MOVO tmpStore, C3
- MOVO C1, tmpStore
- chachaQR(A3, B3, C3, D3, C1)
- MOVO tmpStore, C1
- polyMulStage3
- polyMulReduceStage
- shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
- shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
- shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
- ADDQ $2*8, itr2
- CMPQ itr2, $160
- JB openSSETail256Loop
- MOVQ inl, itr1
- ANDQ $-16, itr1
-
-openSSETail256HashLoop:
- polyAdd(0(inp)(itr2*1))
- polyMul
- ADDQ $2*8, itr2
- CMPQ itr2, itr1
- JB openSSETail256HashLoop
-
- // Add in the state
- PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
- PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
- PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
- PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
- MOVO D3, tmpStore
-
- // Load - xor - store
- MOVOU (0*16)(inp), D3; PXOR D3, A0
- MOVOU (1*16)(inp), D3; PXOR D3, B0
- MOVOU (2*16)(inp), D3; PXOR D3, C0
- MOVOU (3*16)(inp), D3; PXOR D3, D0
- MOVOU A0, (0*16)(oup)
- MOVOU B0, (1*16)(oup)
- MOVOU C0, (2*16)(oup)
- MOVOU D0, (3*16)(oup)
- MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0
- PXOR A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1
- MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
- MOVOU (8*16)(inp), A0; MOVOU (9*16)(inp), B0; MOVOU (10*16)(inp), C0; MOVOU (11*16)(inp), D0
- PXOR A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2
- MOVOU A2, (8*16)(oup); MOVOU B2, (9*16)(oup); MOVOU C2, (10*16)(oup); MOVOU D2, (11*16)(oup)
- LEAQ 192(inp), inp
- LEAQ 192(oup), oup
- SUBQ $192, inl
- MOVO A3, A0
- MOVO B3, B0
- MOVO C3, C0
- MOVO tmpStore, D0
-
- JMP openSSETail64DecLoop
-
-// ----------------------------------------------------------------------------
-// ------------------------- AVX2 Code ----------------------------------------
-chacha20Poly1305Open_AVX2:
- VZEROUPPER
- VMOVDQU ·chacha20Constants<>(SB), AA0
- BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x70; BYTE $0x10 // broadcasti128 16(r8), ymm14
- BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x20 // broadcasti128 32(r8), ymm12
- BYTE $0xc4; BYTE $0xc2; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x30 // broadcasti128 48(r8), ymm4
- VPADDD ·avx2InitMask<>(SB), DD0, DD0
-
- // Special optimization, for very short buffers
- CMPQ inl, $192
- JBE openAVX2192
- CMPQ inl, $320
- JBE openAVX2320
-
- // For the general key prepare the key first - as a byproduct we have 64 bytes of cipher stream
- VMOVDQA BB0, state1StoreAVX2
- VMOVDQA CC0, state2StoreAVX2
- VMOVDQA DD0, ctr3StoreAVX2
- MOVQ $10, itr2
-
-openAVX2PreparePolyKey:
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
- VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
- VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0
- DECQ itr2
- JNE openAVX2PreparePolyKey
-
- VPADDD ·chacha20Constants<>(SB), AA0, AA0
- VPADDD state1StoreAVX2, BB0, BB0
- VPADDD state2StoreAVX2, CC0, CC0
- VPADDD ctr3StoreAVX2, DD0, DD0
-
- VPERM2I128 $0x02, AA0, BB0, TT0
-
- // Clamp and store poly key
- VPAND ·polyClampMask<>(SB), TT0, TT0
- VMOVDQA TT0, rsStoreAVX2
-
- // Stream for the first 64 bytes
- VPERM2I128 $0x13, AA0, BB0, AA0
- VPERM2I128 $0x13, CC0, DD0, BB0
-
- // Hash AD + first 64 bytes
- MOVQ ad_len+80(FP), itr2
- CALL polyHashADInternal<>(SB)
- XORQ itr1, itr1
-
-openAVX2InitialHash64:
- polyAdd(0(inp)(itr1*1))
- polyMulAVX2
- ADDQ $16, itr1
- CMPQ itr1, $64
- JNE openAVX2InitialHash64
-
- // Decrypt the first 64 bytes
- VPXOR (0*32)(inp), AA0, AA0
- VPXOR (1*32)(inp), BB0, BB0
- VMOVDQU AA0, (0*32)(oup)
- VMOVDQU BB0, (1*32)(oup)
- LEAQ (2*32)(inp), inp
- LEAQ (2*32)(oup), oup
- SUBQ $64, inl
-
-openAVX2MainLoop:
- CMPQ inl, $512
- JB openAVX2MainLoopDone
-
- // Load state, increment counter blocks, store the incremented counters
- VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
- VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
- VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
- VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
- VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
- XORQ itr1, itr1
-
-openAVX2InternalLoop:
- // Lets just say this spaghetti loop interleaves 2 quarter rounds with 3 poly multiplications
- // Effectively per 512 bytes of stream we hash 480 bytes of ciphertext
- polyAdd(0*8(inp)(itr1*1))
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- polyMulStage1_AVX2
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
- polyMulStage2_AVX2
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- polyMulStage3_AVX2
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- polyMulReduceStage
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
- polyAdd(2*8(inp)(itr1*1))
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- polyMulStage1_AVX2
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- polyMulStage2_AVX2
- VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
- VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- polyMulStage3_AVX2
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
- polyMulReduceStage
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- polyAdd(4*8(inp)(itr1*1))
- LEAQ (6*8)(itr1), itr1
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- polyMulStage1_AVX2
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- polyMulStage2_AVX2
- VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- polyMulStage3_AVX2
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- polyMulReduceStage
- VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
- VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
- CMPQ itr1, $480
- JNE openAVX2InternalLoop
-
- VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
- VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
- VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
- VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
- VMOVDQA CC3, tmpStoreAVX2
-
- // We only hashed 480 of the 512 bytes available - hash the remaining 32 here
- polyAdd(480(inp))
- polyMulAVX2
- VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0
- VPXOR (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0
- VMOVDQU CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup)
- VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
- VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
- VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
-
- // and here
- polyAdd(496(inp))
- polyMulAVX2
- VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
- VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
- VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
- VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
- VPXOR (12*32)(inp), AA0, AA0; VPXOR (13*32)(inp), BB0, BB0; VPXOR (14*32)(inp), CC0, CC0; VPXOR (15*32)(inp), DD0, DD0
- VMOVDQU AA0, (12*32)(oup); VMOVDQU BB0, (13*32)(oup); VMOVDQU CC0, (14*32)(oup); VMOVDQU DD0, (15*32)(oup)
- LEAQ (32*16)(inp), inp
- LEAQ (32*16)(oup), oup
- SUBQ $(32*16), inl
- JMP openAVX2MainLoop
-
-openAVX2MainLoopDone:
- // Handle the various tail sizes efficiently
- TESTQ inl, inl
- JE openSSEFinalize
- CMPQ inl, $128
- JBE openAVX2Tail128
- CMPQ inl, $256
- JBE openAVX2Tail256
- CMPQ inl, $384
- JBE openAVX2Tail384
- JMP openAVX2Tail512
-
-// ----------------------------------------------------------------------------
-// Special optimization for buffers smaller than 193 bytes
-openAVX2192:
- // For up to 192 bytes of ciphertext and 64 bytes for the poly key, we process four blocks
- VMOVDQA AA0, AA1
- VMOVDQA BB0, BB1
- VMOVDQA CC0, CC1
- VPADDD ·avx2IncMask<>(SB), DD0, DD1
- VMOVDQA AA0, AA2
- VMOVDQA BB0, BB2
- VMOVDQA CC0, CC2
- VMOVDQA DD0, DD2
- VMOVDQA DD1, TT3
- MOVQ $10, itr2
-
-openAVX2192InnerCipherLoop:
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
- VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
- VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
- VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
- VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
- DECQ itr2
- JNE openAVX2192InnerCipherLoop
- VPADDD AA2, AA0, AA0; VPADDD AA2, AA1, AA1
- VPADDD BB2, BB0, BB0; VPADDD BB2, BB1, BB1
- VPADDD CC2, CC0, CC0; VPADDD CC2, CC1, CC1
- VPADDD DD2, DD0, DD0; VPADDD TT3, DD1, DD1
- VPERM2I128 $0x02, AA0, BB0, TT0
-
- // Clamp and store poly key
- VPAND ·polyClampMask<>(SB), TT0, TT0
- VMOVDQA TT0, rsStoreAVX2
-
- // Stream for up to 192 bytes
- VPERM2I128 $0x13, AA0, BB0, AA0
- VPERM2I128 $0x13, CC0, DD0, BB0
- VPERM2I128 $0x02, AA1, BB1, CC0
- VPERM2I128 $0x02, CC1, DD1, DD0
- VPERM2I128 $0x13, AA1, BB1, AA1
- VPERM2I128 $0x13, CC1, DD1, BB1
-
-openAVX2ShortOpen:
- // Hash
- MOVQ ad_len+80(FP), itr2
- CALL polyHashADInternal<>(SB)
-
-openAVX2ShortOpenLoop:
- CMPQ inl, $32
- JB openAVX2ShortTail32
- SUBQ $32, inl
-
- // Load for hashing
- polyAdd(0*8(inp))
- polyMulAVX2
- polyAdd(2*8(inp))
- polyMulAVX2
-
- // Load for decryption
- VPXOR (inp), AA0, AA0
- VMOVDQU AA0, (oup)
- LEAQ (1*32)(inp), inp
- LEAQ (1*32)(oup), oup
-
- // Shift stream left
- VMOVDQA BB0, AA0
- VMOVDQA CC0, BB0
- VMOVDQA DD0, CC0
- VMOVDQA AA1, DD0
- VMOVDQA BB1, AA1
- VMOVDQA CC1, BB1
- VMOVDQA DD1, CC1
- VMOVDQA AA2, DD1
- VMOVDQA BB2, AA2
- JMP openAVX2ShortOpenLoop
-
-openAVX2ShortTail32:
- CMPQ inl, $16
- VMOVDQA A0, A1
- JB openAVX2ShortDone
-
- SUBQ $16, inl
-
- // Load for hashing
- polyAdd(0*8(inp))
- polyMulAVX2
-
- // Load for decryption
- VPXOR (inp), A0, T0
- VMOVDQU T0, (oup)
- LEAQ (1*16)(inp), inp
- LEAQ (1*16)(oup), oup
- VPERM2I128 $0x11, AA0, AA0, AA0
- VMOVDQA A0, A1
-
-openAVX2ShortDone:
- VZEROUPPER
- JMP openSSETail16
-
-// ----------------------------------------------------------------------------
-// Special optimization for buffers smaller than 321 bytes
-openAVX2320:
- // For up to 320 bytes of ciphertext and 64 bytes for the poly key, we process six blocks
- VMOVDQA AA0, AA1; VMOVDQA BB0, BB1; VMOVDQA CC0, CC1; VPADDD ·avx2IncMask<>(SB), DD0, DD1
- VMOVDQA AA0, AA2; VMOVDQA BB0, BB2; VMOVDQA CC0, CC2; VPADDD ·avx2IncMask<>(SB), DD1, DD2
- VMOVDQA BB0, TT1; VMOVDQA CC0, TT2; VMOVDQA DD0, TT3
- MOVQ $10, itr2
-
-openAVX2320InnerCipherLoop:
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
- VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
- VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
- VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
- VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
- DECQ itr2
- JNE openAVX2320InnerCipherLoop
-
- VMOVDQA ·chacha20Constants<>(SB), TT0
- VPADDD TT0, AA0, AA0; VPADDD TT0, AA1, AA1; VPADDD TT0, AA2, AA2
- VPADDD TT1, BB0, BB0; VPADDD TT1, BB1, BB1; VPADDD TT1, BB2, BB2
- VPADDD TT2, CC0, CC0; VPADDD TT2, CC1, CC1; VPADDD TT2, CC2, CC2
- VMOVDQA ·avx2IncMask<>(SB), TT0
- VPADDD TT3, DD0, DD0; VPADDD TT0, TT3, TT3
- VPADDD TT3, DD1, DD1; VPADDD TT0, TT3, TT3
- VPADDD TT3, DD2, DD2
-
- // Clamp and store poly key
- VPERM2I128 $0x02, AA0, BB0, TT0
- VPAND ·polyClampMask<>(SB), TT0, TT0
- VMOVDQA TT0, rsStoreAVX2
-
- // Stream for up to 320 bytes
- VPERM2I128 $0x13, AA0, BB0, AA0
- VPERM2I128 $0x13, CC0, DD0, BB0
- VPERM2I128 $0x02, AA1, BB1, CC0
- VPERM2I128 $0x02, CC1, DD1, DD0
- VPERM2I128 $0x13, AA1, BB1, AA1
- VPERM2I128 $0x13, CC1, DD1, BB1
- VPERM2I128 $0x02, AA2, BB2, CC1
- VPERM2I128 $0x02, CC2, DD2, DD1
- VPERM2I128 $0x13, AA2, BB2, AA2
- VPERM2I128 $0x13, CC2, DD2, BB2
- JMP openAVX2ShortOpen
-
-// ----------------------------------------------------------------------------
-// Special optimization for the last 128 bytes of ciphertext
-openAVX2Tail128:
- // Need to decrypt up to 128 bytes - prepare two blocks
- VMOVDQA ·chacha20Constants<>(SB), AA1
- VMOVDQA state1StoreAVX2, BB1
- VMOVDQA state2StoreAVX2, CC1
- VMOVDQA ctr3StoreAVX2, DD1
- VPADDD ·avx2IncMask<>(SB), DD1, DD1
- VMOVDQA DD1, DD0
-
- XORQ itr2, itr2
- MOVQ inl, itr1
- ANDQ $-16, itr1
- TESTQ itr1, itr1
- JE openAVX2Tail128LoopB
-
-openAVX2Tail128LoopA:
- // Perform ChaCha rounds, while hashing the remaining input
- polyAdd(0(inp)(itr2*1))
- polyMulAVX2
-
-openAVX2Tail128LoopB:
- ADDQ $16, itr2
- chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
- VPALIGNR $4, BB1, BB1, BB1
- VPALIGNR $8, CC1, CC1, CC1
- VPALIGNR $12, DD1, DD1, DD1
- chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
- VPALIGNR $12, BB1, BB1, BB1
- VPALIGNR $8, CC1, CC1, CC1
- VPALIGNR $4, DD1, DD1, DD1
- CMPQ itr2, itr1
- JB openAVX2Tail128LoopA
- CMPQ itr2, $160
- JNE openAVX2Tail128LoopB
-
- VPADDD ·chacha20Constants<>(SB), AA1, AA1
- VPADDD state1StoreAVX2, BB1, BB1
- VPADDD state2StoreAVX2, CC1, CC1
- VPADDD DD0, DD1, DD1
- VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
-
-openAVX2TailLoop:
- CMPQ inl, $32
- JB openAVX2Tail
- SUBQ $32, inl
-
- // Load for decryption
- VPXOR (inp), AA0, AA0
- VMOVDQU AA0, (oup)
- LEAQ (1*32)(inp), inp
- LEAQ (1*32)(oup), oup
- VMOVDQA BB0, AA0
- VMOVDQA CC0, BB0
- VMOVDQA DD0, CC0
- JMP openAVX2TailLoop
-
-openAVX2Tail:
- CMPQ inl, $16
- VMOVDQA A0, A1
- JB openAVX2TailDone
- SUBQ $16, inl
-
- // Load for decryption
- VPXOR (inp), A0, T0
- VMOVDQU T0, (oup)
- LEAQ (1*16)(inp), inp
- LEAQ (1*16)(oup), oup
- VPERM2I128 $0x11, AA0, AA0, AA0
- VMOVDQA A0, A1
-
-openAVX2TailDone:
- VZEROUPPER
- JMP openSSETail16
-
-// ----------------------------------------------------------------------------
-// Special optimization for the last 256 bytes of ciphertext
-openAVX2Tail256:
- // Need to decrypt up to 256 bytes - prepare four blocks
- VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1
- VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1
- VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1
- VMOVDQA ctr3StoreAVX2, DD0
- VPADDD ·avx2IncMask<>(SB), DD0, DD0
- VPADDD ·avx2IncMask<>(SB), DD0, DD1
- VMOVDQA DD0, TT1
- VMOVDQA DD1, TT2
-
- // Compute the number of iterations that will hash data
- MOVQ inl, tmpStoreAVX2
- MOVQ inl, itr1
- SUBQ $128, itr1
- SHRQ $4, itr1
- MOVQ $10, itr2
- CMPQ itr1, $10
- CMOVQGT itr2, itr1
- MOVQ inp, inl
- XORQ itr2, itr2
-
-openAVX2Tail256LoopA:
- polyAdd(0(inl))
- polyMulAVX2
- LEAQ 16(inl), inl
-
- // Perform ChaCha rounds, while hashing the remaining input
-openAVX2Tail256LoopB:
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
- VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
- VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
- INCQ itr2
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
- VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
- VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
- CMPQ itr2, itr1
- JB openAVX2Tail256LoopA
-
- CMPQ itr2, $10
- JNE openAVX2Tail256LoopB
-
- MOVQ inl, itr2
- SUBQ inp, inl
- MOVQ inl, itr1
- MOVQ tmpStoreAVX2, inl
-
- // Hash the remainder of data (if any)
-openAVX2Tail256Hash:
- ADDQ $16, itr1
- CMPQ itr1, inl
- JGT openAVX2Tail256HashEnd
- polyAdd (0(itr2))
- polyMulAVX2
- LEAQ 16(itr2), itr2
- JMP openAVX2Tail256Hash
-
-// Store 128 bytes safely, then go to store loop
-openAVX2Tail256HashEnd:
- VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1
- VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1
- VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1
- VPADDD TT1, DD0, DD0; VPADDD TT2, DD1, DD1
- VPERM2I128 $0x02, AA0, BB0, AA2; VPERM2I128 $0x02, CC0, DD0, BB2; VPERM2I128 $0x13, AA0, BB0, CC2; VPERM2I128 $0x13, CC0, DD0, DD2
- VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
-
- VPXOR (0*32)(inp), AA2, AA2; VPXOR (1*32)(inp), BB2, BB2; VPXOR (2*32)(inp), CC2, CC2; VPXOR (3*32)(inp), DD2, DD2
- VMOVDQU AA2, (0*32)(oup); VMOVDQU BB2, (1*32)(oup); VMOVDQU CC2, (2*32)(oup); VMOVDQU DD2, (3*32)(oup)
- LEAQ (4*32)(inp), inp
- LEAQ (4*32)(oup), oup
- SUBQ $4*32, inl
-
- JMP openAVX2TailLoop
-
-// ----------------------------------------------------------------------------
-// Special optimization for the last 384 bytes of ciphertext
-openAVX2Tail384:
- // Need to decrypt up to 384 bytes - prepare six blocks
- VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2
- VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2
- VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2
- VMOVDQA ctr3StoreAVX2, DD0
- VPADDD ·avx2IncMask<>(SB), DD0, DD0
- VPADDD ·avx2IncMask<>(SB), DD0, DD1
- VPADDD ·avx2IncMask<>(SB), DD1, DD2
- VMOVDQA DD0, ctr0StoreAVX2
- VMOVDQA DD1, ctr1StoreAVX2
- VMOVDQA DD2, ctr2StoreAVX2
-
- // Compute the number of iterations that will hash two blocks of data
- MOVQ inl, tmpStoreAVX2
- MOVQ inl, itr1
- SUBQ $256, itr1
- SHRQ $4, itr1
- ADDQ $6, itr1
- MOVQ $10, itr2
- CMPQ itr1, $10
- CMOVQGT itr2, itr1
- MOVQ inp, inl
- XORQ itr2, itr2
-
- // Perform ChaCha rounds, while hashing the remaining input
-openAVX2Tail384LoopB:
- polyAdd(0(inl))
- polyMulAVX2
- LEAQ 16(inl), inl
-
-openAVX2Tail384LoopA:
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
- VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
- VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
- polyAdd(0(inl))
- polyMulAVX2
- LEAQ 16(inl), inl
- INCQ itr2
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
- VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
- VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
-
- CMPQ itr2, itr1
- JB openAVX2Tail384LoopB
-
- CMPQ itr2, $10
- JNE openAVX2Tail384LoopA
-
- MOVQ inl, itr2
- SUBQ inp, inl
- MOVQ inl, itr1
- MOVQ tmpStoreAVX2, inl
-
-openAVX2Tail384Hash:
- ADDQ $16, itr1
- CMPQ itr1, inl
- JGT openAVX2Tail384HashEnd
- polyAdd(0(itr2))
- polyMulAVX2
- LEAQ 16(itr2), itr2
- JMP openAVX2Tail384Hash
-
-// Store 256 bytes safely, then go to store loop
-openAVX2Tail384HashEnd:
- VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2
- VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2
- VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2
- VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2
- VPERM2I128 $0x02, AA0, BB0, TT0; VPERM2I128 $0x02, CC0, DD0, TT1; VPERM2I128 $0x13, AA0, BB0, TT2; VPERM2I128 $0x13, CC0, DD0, TT3
- VPXOR (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3
- VMOVDQU TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup)
- VPERM2I128 $0x02, AA1, BB1, TT0; VPERM2I128 $0x02, CC1, DD1, TT1; VPERM2I128 $0x13, AA1, BB1, TT2; VPERM2I128 $0x13, CC1, DD1, TT3
- VPXOR (4*32)(inp), TT0, TT0; VPXOR (5*32)(inp), TT1, TT1; VPXOR (6*32)(inp), TT2, TT2; VPXOR (7*32)(inp), TT3, TT3
- VMOVDQU TT0, (4*32)(oup); VMOVDQU TT1, (5*32)(oup); VMOVDQU TT2, (6*32)(oup); VMOVDQU TT3, (7*32)(oup)
- VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
- LEAQ (8*32)(inp), inp
- LEAQ (8*32)(oup), oup
- SUBQ $8*32, inl
- JMP openAVX2TailLoop
-
-// ----------------------------------------------------------------------------
-// Special optimization for the last 512 bytes of ciphertext
-openAVX2Tail512:
- VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
- VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
- VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
- VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
- VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
- XORQ itr1, itr1
- MOVQ inp, itr2
-
-openAVX2Tail512LoopB:
- polyAdd(0(itr2))
- polyMulAVX2
- LEAQ (2*8)(itr2), itr2
-
-openAVX2Tail512LoopA:
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- polyAdd(0*8(itr2))
- polyMulAVX2
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
- VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- polyAdd(2*8(itr2))
- polyMulAVX2
- LEAQ (4*8)(itr2), itr2
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
- VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
- INCQ itr1
- CMPQ itr1, $4
- JLT openAVX2Tail512LoopB
-
- CMPQ itr1, $10
- JNE openAVX2Tail512LoopA
-
- MOVQ inl, itr1
- SUBQ $384, itr1
- ANDQ $-16, itr1
-
-openAVX2Tail512HashLoop:
- TESTQ itr1, itr1
- JE openAVX2Tail512HashEnd
- polyAdd(0(itr2))
- polyMulAVX2
- LEAQ 16(itr2), itr2
- SUBQ $16, itr1
- JMP openAVX2Tail512HashLoop
-
-openAVX2Tail512HashEnd:
- VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
- VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
- VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
- VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
- VMOVDQA CC3, tmpStoreAVX2
- VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0
- VPXOR (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0
- VMOVDQU CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup)
- VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
- VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
- VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
- VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
- VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
- VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
- VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
-
- LEAQ (12*32)(inp), inp
- LEAQ (12*32)(oup), oup
- SUBQ $12*32, inl
-
- JMP openAVX2TailLoop
-
-// ----------------------------------------------------------------------------
-// ----------------------------------------------------------------------------
-// func chacha20Poly1305Seal(dst, key, src, ad []byte)
-TEXT ·chacha20Poly1305Seal(SB), 0, $288-96
- // For aligned stack access
- MOVQ SP, BP
- ADDQ $32, BP
- ANDQ $-32, BP
- MOVQ dst+0(FP), oup
- MOVQ key+24(FP), keyp
- MOVQ src+48(FP), inp
- MOVQ src_len+56(FP), inl
- MOVQ ad+72(FP), adp
-
- CMPB ·useAVX2(SB), $1
- JE chacha20Poly1305Seal_AVX2
-
- // Special optimization, for very short buffers
- CMPQ inl, $128
- JBE sealSSE128 // About 15% faster
-
- // In the seal case - prepare the poly key + 3 blocks of stream in the first iteration
- MOVOU ·chacha20Constants<>(SB), A0
- MOVOU (1*16)(keyp), B0
- MOVOU (2*16)(keyp), C0
- MOVOU (3*16)(keyp), D0
-
- // Store state on stack for future use
- MOVO B0, state1Store
- MOVO C0, state2Store
-
- // Load state, increment counter blocks
- MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
- MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
- MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
-
- // Store counters
- MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
- MOVQ $10, itr2
-
-sealSSEIntroLoop:
- MOVO C3, tmpStore
- chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
- MOVO tmpStore, C3
- MOVO C1, tmpStore
- chachaQR(A3, B3, C3, D3, C1)
- MOVO tmpStore, C1
- shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left
- shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left
- shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left
-
- MOVO C3, tmpStore
- chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
- MOVO tmpStore, C3
- MOVO C1, tmpStore
- chachaQR(A3, B3, C3, D3, C1)
- MOVO tmpStore, C1
- shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
- shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
- shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
- DECQ itr2
- JNE sealSSEIntroLoop
-
- // Add in the state
- PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
- PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
- PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
- PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
-
- // Clamp and store the key
- PAND ·polyClampMask<>(SB), A0
- MOVO A0, rStore
- MOVO B0, sStore
-
- // Hash AAD
- MOVQ ad_len+80(FP), itr2
- CALL polyHashADInternal<>(SB)
-
- MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0
- PXOR A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1
- MOVOU A1, (0*16)(oup); MOVOU B1, (1*16)(oup); MOVOU C1, (2*16)(oup); MOVOU D1, (3*16)(oup)
- MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0
- PXOR A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2
- MOVOU A2, (4*16)(oup); MOVOU B2, (5*16)(oup); MOVOU C2, (6*16)(oup); MOVOU D2, (7*16)(oup)
-
- MOVQ $128, itr1
- SUBQ $128, inl
- LEAQ 128(inp), inp
-
- MOVO A3, A1; MOVO B3, B1; MOVO C3, C1; MOVO D3, D1
-
- CMPQ inl, $64
- JBE sealSSE128SealHash
-
- MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0
- PXOR A0, A3; PXOR B0, B3; PXOR C0, C3; PXOR D0, D3
- MOVOU A3, (8*16)(oup); MOVOU B3, (9*16)(oup); MOVOU C3, (10*16)(oup); MOVOU D3, (11*16)(oup)
-
- ADDQ $64, itr1
- SUBQ $64, inl
- LEAQ 64(inp), inp
-
- MOVQ $2, itr1
- MOVQ $8, itr2
-
- CMPQ inl, $64
- JBE sealSSETail64
- CMPQ inl, $128
- JBE sealSSETail128
- CMPQ inl, $192
- JBE sealSSETail192
-
-sealSSEMainLoop:
- // Load state, increment counter blocks
- MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0
- MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
- MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
- MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
-
- // Store counters
- MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
-
-sealSSEInnerLoop:
- MOVO C3, tmpStore
- chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
- MOVO tmpStore, C3
- MOVO C1, tmpStore
- chachaQR(A3, B3, C3, D3, C1)
- MOVO tmpStore, C1
- polyAdd(0(oup))
- shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left
- shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left
- shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left
- polyMulStage1
- polyMulStage2
- LEAQ (2*8)(oup), oup
- MOVO C3, tmpStore
- chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
- MOVO tmpStore, C3
- MOVO C1, tmpStore
- polyMulStage3
- chachaQR(A3, B3, C3, D3, C1)
- MOVO tmpStore, C1
- polyMulReduceStage
- shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
- shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
- shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
- DECQ itr2
- JGE sealSSEInnerLoop
- polyAdd(0(oup))
- polyMul
- LEAQ (2*8)(oup), oup
- DECQ itr1
- JG sealSSEInnerLoop
-
- // Add in the state
- PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
- PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
- PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
- PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
- MOVO D3, tmpStore
-
- // Load - xor - store
- MOVOU (0*16)(inp), D3; PXOR D3, A0
- MOVOU (1*16)(inp), D3; PXOR D3, B0
- MOVOU (2*16)(inp), D3; PXOR D3, C0
- MOVOU (3*16)(inp), D3; PXOR D3, D0
- MOVOU A0, (0*16)(oup)
- MOVOU B0, (1*16)(oup)
- MOVOU C0, (2*16)(oup)
- MOVOU D0, (3*16)(oup)
- MOVO tmpStore, D3
-
- MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0
- PXOR A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1
- MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
- MOVOU (8*16)(inp), A0; MOVOU (9*16)(inp), B0; MOVOU (10*16)(inp), C0; MOVOU (11*16)(inp), D0
- PXOR A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2
- MOVOU A2, (8*16)(oup); MOVOU B2, (9*16)(oup); MOVOU C2, (10*16)(oup); MOVOU D2, (11*16)(oup)
- ADDQ $192, inp
- MOVQ $192, itr1
- SUBQ $192, inl
- MOVO A3, A1
- MOVO B3, B1
- MOVO C3, C1
- MOVO D3, D1
- CMPQ inl, $64
- JBE sealSSE128SealHash
- MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0
- PXOR A0, A3; PXOR B0, B3; PXOR C0, C3; PXOR D0, D3
- MOVOU A3, (12*16)(oup); MOVOU B3, (13*16)(oup); MOVOU C3, (14*16)(oup); MOVOU D3, (15*16)(oup)
- LEAQ 64(inp), inp
- SUBQ $64, inl
- MOVQ $6, itr1
- MOVQ $4, itr2
- CMPQ inl, $192
- JG sealSSEMainLoop
-
- MOVQ inl, itr1
- TESTQ inl, inl
- JE sealSSE128SealHash
- MOVQ $6, itr1
- CMPQ inl, $64
- JBE sealSSETail64
- CMPQ inl, $128
- JBE sealSSETail128
- JMP sealSSETail192
-
-// ----------------------------------------------------------------------------
-// Special optimization for the last 64 bytes of plaintext
-sealSSETail64:
- // Need to encrypt up to 64 bytes - prepare single block, hash 192 or 256 bytes
- MOVO ·chacha20Constants<>(SB), A1
- MOVO state1Store, B1
- MOVO state2Store, C1
- MOVO ctr3Store, D1
- PADDL ·sseIncMask<>(SB), D1
- MOVO D1, ctr0Store
-
-sealSSETail64LoopA:
- // Perform ChaCha rounds, while hashing the previously encrypted ciphertext
- polyAdd(0(oup))
- polyMul
- LEAQ 16(oup), oup
-
-sealSSETail64LoopB:
- chachaQR(A1, B1, C1, D1, T1)
- shiftB1Left; shiftC1Left; shiftD1Left
- chachaQR(A1, B1, C1, D1, T1)
- shiftB1Right; shiftC1Right; shiftD1Right
- polyAdd(0(oup))
- polyMul
- LEAQ 16(oup), oup
-
- DECQ itr1
- JG sealSSETail64LoopA
-
- DECQ itr2
- JGE sealSSETail64LoopB
- PADDL ·chacha20Constants<>(SB), A1
- PADDL state1Store, B1
- PADDL state2Store, C1
- PADDL ctr0Store, D1
-
- JMP sealSSE128Seal
-
-// ----------------------------------------------------------------------------
-// Special optimization for the last 128 bytes of plaintext
-sealSSETail128:
- // Need to encrypt up to 128 bytes - prepare two blocks, hash 192 or 256 bytes
- MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store
- MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store
-
-sealSSETail128LoopA:
- // Perform ChaCha rounds, while hashing the previously encrypted ciphertext
- polyAdd(0(oup))
- polyMul
- LEAQ 16(oup), oup
-
-sealSSETail128LoopB:
- chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
- shiftB0Left; shiftC0Left; shiftD0Left
- shiftB1Left; shiftC1Left; shiftD1Left
- polyAdd(0(oup))
- polyMul
- LEAQ 16(oup), oup
- chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
- shiftB0Right; shiftC0Right; shiftD0Right
- shiftB1Right; shiftC1Right; shiftD1Right
-
- DECQ itr1
- JG sealSSETail128LoopA
-
- DECQ itr2
- JGE sealSSETail128LoopB
-
- PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1
- PADDL state1Store, B0; PADDL state1Store, B1
- PADDL state2Store, C0; PADDL state2Store, C1
- PADDL ctr0Store, D0; PADDL ctr1Store, D1
-
- MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
- PXOR T0, A0; PXOR T1, B0; PXOR T2, C0; PXOR T3, D0
- MOVOU A0, (0*16)(oup); MOVOU B0, (1*16)(oup); MOVOU C0, (2*16)(oup); MOVOU D0, (3*16)(oup)
-
- MOVQ $64, itr1
- LEAQ 64(inp), inp
- SUBQ $64, inl
-
- JMP sealSSE128SealHash
-
-// ----------------------------------------------------------------------------
-// Special optimization for the last 192 bytes of plaintext
-sealSSETail192:
- // Need to encrypt up to 192 bytes - prepare three blocks, hash 192 or 256 bytes
- MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store
- MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store
- MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2; MOVO D2, ctr2Store
-
-sealSSETail192LoopA:
- // Perform ChaCha rounds, while hashing the previously encrypted ciphertext
- polyAdd(0(oup))
- polyMul
- LEAQ 16(oup), oup
-
-sealSSETail192LoopB:
- chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
- shiftB0Left; shiftC0Left; shiftD0Left
- shiftB1Left; shiftC1Left; shiftD1Left
- shiftB2Left; shiftC2Left; shiftD2Left
-
- polyAdd(0(oup))
- polyMul
- LEAQ 16(oup), oup
-
- chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
- shiftB0Right; shiftC0Right; shiftD0Right
- shiftB1Right; shiftC1Right; shiftD1Right
- shiftB2Right; shiftC2Right; shiftD2Right
-
- DECQ itr1
- JG sealSSETail192LoopA
-
- DECQ itr2
- JGE sealSSETail192LoopB
-
- PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
- PADDL state1Store, B0; PADDL state1Store, B1; PADDL state1Store, B2
- PADDL state2Store, C0; PADDL state2Store, C1; PADDL state2Store, C2
- PADDL ctr0Store, D0; PADDL ctr1Store, D1; PADDL ctr2Store, D2
-
- MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
- PXOR T0, A0; PXOR T1, B0; PXOR T2, C0; PXOR T3, D0
- MOVOU A0, (0*16)(oup); MOVOU B0, (1*16)(oup); MOVOU C0, (2*16)(oup); MOVOU D0, (3*16)(oup)
- MOVOU (4*16)(inp), T0; MOVOU (5*16)(inp), T1; MOVOU (6*16)(inp), T2; MOVOU (7*16)(inp), T3
- PXOR T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1
- MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
-
- MOVO A2, A1
- MOVO B2, B1
- MOVO C2, C1
- MOVO D2, D1
- MOVQ $128, itr1
- LEAQ 128(inp), inp
- SUBQ $128, inl
-
- JMP sealSSE128SealHash
-
-// ----------------------------------------------------------------------------
-// Special seal optimization for buffers smaller than 129 bytes
-sealSSE128:
- // For up to 128 bytes of ciphertext and 64 bytes for the poly key, we require to process three blocks
- MOVOU ·chacha20Constants<>(SB), A0; MOVOU (1*16)(keyp), B0; MOVOU (2*16)(keyp), C0; MOVOU (3*16)(keyp), D0
- MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
- MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
- MOVO B0, T1; MOVO C0, T2; MOVO D1, T3
- MOVQ $10, itr2
-
-sealSSE128InnerCipherLoop:
- chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
- shiftB0Left; shiftB1Left; shiftB2Left
- shiftC0Left; shiftC1Left; shiftC2Left
- shiftD0Left; shiftD1Left; shiftD2Left
- chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
- shiftB0Right; shiftB1Right; shiftB2Right
- shiftC0Right; shiftC1Right; shiftC2Right
- shiftD0Right; shiftD1Right; shiftD2Right
- DECQ itr2
- JNE sealSSE128InnerCipherLoop
-
- // A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded
- PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
- PADDL T1, B0; PADDL T1, B1; PADDL T1, B2
- PADDL T2, C1; PADDL T2, C2
- PADDL T3, D1; PADDL ·sseIncMask<>(SB), T3; PADDL T3, D2
- PAND ·polyClampMask<>(SB), A0
- MOVOU A0, rStore
- MOVOU B0, sStore
-
- // Hash
- MOVQ ad_len+80(FP), itr2
- CALL polyHashADInternal<>(SB)
- XORQ itr1, itr1
-
-sealSSE128SealHash:
- // itr1 holds the number of bytes encrypted but not yet hashed
- CMPQ itr1, $16
- JB sealSSE128Seal
- polyAdd(0(oup))
- polyMul
-
- SUBQ $16, itr1
- ADDQ $16, oup
-
- JMP sealSSE128SealHash
-
-sealSSE128Seal:
- CMPQ inl, $16
- JB sealSSETail
- SUBQ $16, inl
-
- // Load for decryption
- MOVOU (inp), T0
- PXOR T0, A1
- MOVOU A1, (oup)
- LEAQ (1*16)(inp), inp
- LEAQ (1*16)(oup), oup
-
- // Extract for hashing
- MOVQ A1, t0
- PSRLDQ $8, A1
- MOVQ A1, t1
- ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
- polyMul
-
- // Shift the stream "left"
- MOVO B1, A1
- MOVO C1, B1
- MOVO D1, C1
- MOVO A2, D1
- MOVO B2, A2
- MOVO C2, B2
- MOVO D2, C2
- JMP sealSSE128Seal
-
-sealSSETail:
- TESTQ inl, inl
- JE sealSSEFinalize
-
- // We can only load the PT one byte at a time to avoid read after end of buffer
- MOVQ inl, itr2
- SHLQ $4, itr2
- LEAQ ·andMask<>(SB), t0
- MOVQ inl, itr1
- LEAQ -1(inp)(inl*1), inp
- XORQ t2, t2
- XORQ t3, t3
- XORQ AX, AX
-
-sealSSETailLoadLoop:
- SHLQ $8, t2, t3
- SHLQ $8, t2
- MOVB (inp), AX
- XORQ AX, t2
- LEAQ -1(inp), inp
- DECQ itr1
- JNE sealSSETailLoadLoop
- MOVQ t2, 0+tmpStore
- MOVQ t3, 8+tmpStore
- PXOR 0+tmpStore, A1
- MOVOU A1, (oup)
- MOVOU -16(t0)(itr2*1), T0
- PAND T0, A1
- MOVQ A1, t0
- PSRLDQ $8, A1
- MOVQ A1, t1
- ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
- polyMul
-
- ADDQ inl, oup
-
-sealSSEFinalize:
- // Hash in the buffer lengths
- ADDQ ad_len+80(FP), acc0
- ADCQ src_len+56(FP), acc1
- ADCQ $1, acc2
- polyMul
-
- // Final reduce
- MOVQ acc0, t0
- MOVQ acc1, t1
- MOVQ acc2, t2
- SUBQ $-5, acc0
- SBBQ $-1, acc1
- SBBQ $3, acc2
- CMOVQCS t0, acc0
- CMOVQCS t1, acc1
- CMOVQCS t2, acc2
-
- // Add in the "s" part of the key
- ADDQ 0+sStore, acc0
- ADCQ 8+sStore, acc1
-
- // Finally store the tag at the end of the message
- MOVQ acc0, (0*8)(oup)
- MOVQ acc1, (1*8)(oup)
- RET
-
-// ----------------------------------------------------------------------------
-// ------------------------- AVX2 Code ----------------------------------------
-chacha20Poly1305Seal_AVX2:
- VZEROUPPER
- VMOVDQU ·chacha20Constants<>(SB), AA0
- BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x70; BYTE $0x10 // broadcasti128 16(r8), ymm14
- BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x20 // broadcasti128 32(r8), ymm12
- BYTE $0xc4; BYTE $0xc2; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x30 // broadcasti128 48(r8), ymm4
- VPADDD ·avx2InitMask<>(SB), DD0, DD0
-
- // Special optimizations, for very short buffers
- CMPQ inl, $192
- JBE seal192AVX2 // 33% faster
- CMPQ inl, $320
- JBE seal320AVX2 // 17% faster
-
- // For the general key prepare the key first - as a byproduct we have 64 bytes of cipher stream
- VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
- VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3; VMOVDQA BB0, state1StoreAVX2
- VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3; VMOVDQA CC0, state2StoreAVX2
- VPADDD ·avx2IncMask<>(SB), DD0, DD1; VMOVDQA DD0, ctr0StoreAVX2
- VPADDD ·avx2IncMask<>(SB), DD1, DD2; VMOVDQA DD1, ctr1StoreAVX2
- VPADDD ·avx2IncMask<>(SB), DD2, DD3; VMOVDQA DD2, ctr2StoreAVX2
- VMOVDQA DD3, ctr3StoreAVX2
- MOVQ $10, itr2
-
-sealAVX2IntroLoop:
- VMOVDQA CC3, tmpStoreAVX2
- chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
- VMOVDQA tmpStoreAVX2, CC3
- VMOVDQA CC1, tmpStoreAVX2
- chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
- VMOVDQA tmpStoreAVX2, CC1
-
- VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0
- VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $12, DD1, DD1, DD1
- VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $12, DD2, DD2, DD2
- VPALIGNR $4, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $12, DD3, DD3, DD3
-
- VMOVDQA CC3, tmpStoreAVX2
- chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
- VMOVDQA tmpStoreAVX2, CC3
- VMOVDQA CC1, tmpStoreAVX2
- chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
- VMOVDQA tmpStoreAVX2, CC1
-
- VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0
- VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $4, DD1, DD1, DD1
- VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $4, DD2, DD2, DD2
- VPALIGNR $12, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $4, DD3, DD3, DD3
- DECQ itr2
- JNE sealAVX2IntroLoop
-
- VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
- VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
- VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
- VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
-
- VPERM2I128 $0x13, CC0, DD0, CC0 // Stream bytes 96 - 127
- VPERM2I128 $0x02, AA0, BB0, DD0 // The Poly1305 key
- VPERM2I128 $0x13, AA0, BB0, AA0 // Stream bytes 64 - 95
-
- // Clamp and store poly key
- VPAND ·polyClampMask<>(SB), DD0, DD0
- VMOVDQA DD0, rsStoreAVX2
-
- // Hash AD
- MOVQ ad_len+80(FP), itr2
- CALL polyHashADInternal<>(SB)
-
- // Can store at least 320 bytes
- VPXOR (0*32)(inp), AA0, AA0
- VPXOR (1*32)(inp), CC0, CC0
- VMOVDQU AA0, (0*32)(oup)
- VMOVDQU CC0, (1*32)(oup)
-
- VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
- VPXOR (2*32)(inp), AA0, AA0; VPXOR (3*32)(inp), BB0, BB0; VPXOR (4*32)(inp), CC0, CC0; VPXOR (5*32)(inp), DD0, DD0
- VMOVDQU AA0, (2*32)(oup); VMOVDQU BB0, (3*32)(oup); VMOVDQU CC0, (4*32)(oup); VMOVDQU DD0, (5*32)(oup)
- VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
- VPXOR (6*32)(inp), AA0, AA0; VPXOR (7*32)(inp), BB0, BB0; VPXOR (8*32)(inp), CC0, CC0; VPXOR (9*32)(inp), DD0, DD0
- VMOVDQU AA0, (6*32)(oup); VMOVDQU BB0, (7*32)(oup); VMOVDQU CC0, (8*32)(oup); VMOVDQU DD0, (9*32)(oup)
-
- MOVQ $320, itr1
- SUBQ $320, inl
- LEAQ 320(inp), inp
-
- VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, CC3, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, CC3, DD3, DD0
- CMPQ inl, $128
- JBE sealAVX2SealHash
-
- VPXOR (0*32)(inp), AA0, AA0; VPXOR (1*32)(inp), BB0, BB0; VPXOR (2*32)(inp), CC0, CC0; VPXOR (3*32)(inp), DD0, DD0
- VMOVDQU AA0, (10*32)(oup); VMOVDQU BB0, (11*32)(oup); VMOVDQU CC0, (12*32)(oup); VMOVDQU DD0, (13*32)(oup)
- SUBQ $128, inl
- LEAQ 128(inp), inp
-
- MOVQ $8, itr1
- MOVQ $2, itr2
-
- CMPQ inl, $128
- JBE sealAVX2Tail128
- CMPQ inl, $256
- JBE sealAVX2Tail256
- CMPQ inl, $384
- JBE sealAVX2Tail384
- CMPQ inl, $512
- JBE sealAVX2Tail512
-
- // We have 448 bytes to hash, but main loop hashes 512 bytes at a time - perform some rounds, before the main loop
- VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
- VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
- VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
- VMOVDQA ctr3StoreAVX2, DD0
- VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
- VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
-
- VMOVDQA CC3, tmpStoreAVX2
- chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
- VMOVDQA tmpStoreAVX2, CC3
- VMOVDQA CC1, tmpStoreAVX2
- chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
- VMOVDQA tmpStoreAVX2, CC1
-
- VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0
- VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $12, DD1, DD1, DD1
- VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $12, DD2, DD2, DD2
- VPALIGNR $4, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $12, DD3, DD3, DD3
-
- VMOVDQA CC3, tmpStoreAVX2
- chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
- VMOVDQA tmpStoreAVX2, CC3
- VMOVDQA CC1, tmpStoreAVX2
- chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
- VMOVDQA tmpStoreAVX2, CC1
-
- VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0
- VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $4, DD1, DD1, DD1
- VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $4, DD2, DD2, DD2
- VPALIGNR $12, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $4, DD3, DD3, DD3
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
-
- SUBQ $16, oup // Adjust the pointer
- MOVQ $9, itr1
- JMP sealAVX2InternalLoopStart
-
-sealAVX2MainLoop:
- // Load state, increment counter blocks, store the incremented counters
- VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
- VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
- VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
- VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
- VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
- MOVQ $10, itr1
-
-sealAVX2InternalLoop:
- polyAdd(0*8(oup))
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- polyMulStage1_AVX2
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
- polyMulStage2_AVX2
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- polyMulStage3_AVX2
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- polyMulReduceStage
-
-sealAVX2InternalLoopStart:
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
- polyAdd(2*8(oup))
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- polyMulStage1_AVX2
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- polyMulStage2_AVX2
- VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
- VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- polyMulStage3_AVX2
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
- polyMulReduceStage
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- polyAdd(4*8(oup))
- LEAQ (6*8)(oup), oup
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- polyMulStage1_AVX2
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- polyMulStage2_AVX2
- VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- polyMulStage3_AVX2
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- polyMulReduceStage
- VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
- VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
- DECQ itr1
- JNE sealAVX2InternalLoop
-
- VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
- VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
- VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
- VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
- VMOVDQA CC3, tmpStoreAVX2
-
- // We only hashed 480 of the 512 bytes available - hash the remaining 32 here
- polyAdd(0*8(oup))
- polyMulAVX2
- LEAQ (4*8)(oup), oup
- VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0
- VPXOR (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0
- VMOVDQU CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup)
- VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
- VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
- VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
-
- // and here
- polyAdd(-2*8(oup))
- polyMulAVX2
- VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
- VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
- VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
- VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
- VPXOR (12*32)(inp), AA0, AA0; VPXOR (13*32)(inp), BB0, BB0; VPXOR (14*32)(inp), CC0, CC0; VPXOR (15*32)(inp), DD0, DD0
- VMOVDQU AA0, (12*32)(oup); VMOVDQU BB0, (13*32)(oup); VMOVDQU CC0, (14*32)(oup); VMOVDQU DD0, (15*32)(oup)
- LEAQ (32*16)(inp), inp
- SUBQ $(32*16), inl
- CMPQ inl, $512
- JG sealAVX2MainLoop
-
- // Tail can only hash 480 bytes
- polyAdd(0*8(oup))
- polyMulAVX2
- polyAdd(2*8(oup))
- polyMulAVX2
- LEAQ 32(oup), oup
-
- MOVQ $10, itr1
- MOVQ $0, itr2
- CMPQ inl, $128
- JBE sealAVX2Tail128
- CMPQ inl, $256
- JBE sealAVX2Tail256
- CMPQ inl, $384
- JBE sealAVX2Tail384
- JMP sealAVX2Tail512
-
-// ----------------------------------------------------------------------------
-// Special optimization for buffers smaller than 193 bytes
-seal192AVX2:
- // For up to 192 bytes of ciphertext and 64 bytes for the poly key, we process four blocks
- VMOVDQA AA0, AA1
- VMOVDQA BB0, BB1
- VMOVDQA CC0, CC1
- VPADDD ·avx2IncMask<>(SB), DD0, DD1
- VMOVDQA AA0, AA2
- VMOVDQA BB0, BB2
- VMOVDQA CC0, CC2
- VMOVDQA DD0, DD2
- VMOVDQA DD1, TT3
- MOVQ $10, itr2
-
-sealAVX2192InnerCipherLoop:
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
- VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
- VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
- VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
- VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
- DECQ itr2
- JNE sealAVX2192InnerCipherLoop
- VPADDD AA2, AA0, AA0; VPADDD AA2, AA1, AA1
- VPADDD BB2, BB0, BB0; VPADDD BB2, BB1, BB1
- VPADDD CC2, CC0, CC0; VPADDD CC2, CC1, CC1
- VPADDD DD2, DD0, DD0; VPADDD TT3, DD1, DD1
- VPERM2I128 $0x02, AA0, BB0, TT0
-
- // Clamp and store poly key
- VPAND ·polyClampMask<>(SB), TT0, TT0
- VMOVDQA TT0, rsStoreAVX2
-
- // Stream for up to 192 bytes
- VPERM2I128 $0x13, AA0, BB0, AA0
- VPERM2I128 $0x13, CC0, DD0, BB0
- VPERM2I128 $0x02, AA1, BB1, CC0
- VPERM2I128 $0x02, CC1, DD1, DD0
- VPERM2I128 $0x13, AA1, BB1, AA1
- VPERM2I128 $0x13, CC1, DD1, BB1
-
-sealAVX2ShortSeal:
- // Hash aad
- MOVQ ad_len+80(FP), itr2
- CALL polyHashADInternal<>(SB)
- XORQ itr1, itr1
-
-sealAVX2SealHash:
- // itr1 holds the number of bytes encrypted but not yet hashed
- CMPQ itr1, $16
- JB sealAVX2ShortSealLoop
- polyAdd(0(oup))
- polyMul
- SUBQ $16, itr1
- ADDQ $16, oup
- JMP sealAVX2SealHash
-
-sealAVX2ShortSealLoop:
- CMPQ inl, $32
- JB sealAVX2ShortTail32
- SUBQ $32, inl
-
- // Load for encryption
- VPXOR (inp), AA0, AA0
- VMOVDQU AA0, (oup)
- LEAQ (1*32)(inp), inp
-
- // Now can hash
- polyAdd(0*8(oup))
- polyMulAVX2
- polyAdd(2*8(oup))
- polyMulAVX2
- LEAQ (1*32)(oup), oup
-
- // Shift stream left
- VMOVDQA BB0, AA0
- VMOVDQA CC0, BB0
- VMOVDQA DD0, CC0
- VMOVDQA AA1, DD0
- VMOVDQA BB1, AA1
- VMOVDQA CC1, BB1
- VMOVDQA DD1, CC1
- VMOVDQA AA2, DD1
- VMOVDQA BB2, AA2
- JMP sealAVX2ShortSealLoop
-
-sealAVX2ShortTail32:
- CMPQ inl, $16
- VMOVDQA A0, A1
- JB sealAVX2ShortDone
-
- SUBQ $16, inl
-
- // Load for encryption
- VPXOR (inp), A0, T0
- VMOVDQU T0, (oup)
- LEAQ (1*16)(inp), inp
-
- // Hash
- polyAdd(0*8(oup))
- polyMulAVX2
- LEAQ (1*16)(oup), oup
- VPERM2I128 $0x11, AA0, AA0, AA0
- VMOVDQA A0, A1
-
-sealAVX2ShortDone:
- VZEROUPPER
- JMP sealSSETail
-
-// ----------------------------------------------------------------------------
-// Special optimization for buffers smaller than 321 bytes
-seal320AVX2:
- // For up to 320 bytes of ciphertext and 64 bytes for the poly key, we process six blocks
- VMOVDQA AA0, AA1; VMOVDQA BB0, BB1; VMOVDQA CC0, CC1; VPADDD ·avx2IncMask<>(SB), DD0, DD1
- VMOVDQA AA0, AA2; VMOVDQA BB0, BB2; VMOVDQA CC0, CC2; VPADDD ·avx2IncMask<>(SB), DD1, DD2
- VMOVDQA BB0, TT1; VMOVDQA CC0, TT2; VMOVDQA DD0, TT3
- MOVQ $10, itr2
-
-sealAVX2320InnerCipherLoop:
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
- VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
- VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
- VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
- VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
- DECQ itr2
- JNE sealAVX2320InnerCipherLoop
-
- VMOVDQA ·chacha20Constants<>(SB), TT0
- VPADDD TT0, AA0, AA0; VPADDD TT0, AA1, AA1; VPADDD TT0, AA2, AA2
- VPADDD TT1, BB0, BB0; VPADDD TT1, BB1, BB1; VPADDD TT1, BB2, BB2
- VPADDD TT2, CC0, CC0; VPADDD TT2, CC1, CC1; VPADDD TT2, CC2, CC2
- VMOVDQA ·avx2IncMask<>(SB), TT0
- VPADDD TT3, DD0, DD0; VPADDD TT0, TT3, TT3
- VPADDD TT3, DD1, DD1; VPADDD TT0, TT3, TT3
- VPADDD TT3, DD2, DD2
-
- // Clamp and store poly key
- VPERM2I128 $0x02, AA0, BB0, TT0
- VPAND ·polyClampMask<>(SB), TT0, TT0
- VMOVDQA TT0, rsStoreAVX2
-
- // Stream for up to 320 bytes
- VPERM2I128 $0x13, AA0, BB0, AA0
- VPERM2I128 $0x13, CC0, DD0, BB0
- VPERM2I128 $0x02, AA1, BB1, CC0
- VPERM2I128 $0x02, CC1, DD1, DD0
- VPERM2I128 $0x13, AA1, BB1, AA1
- VPERM2I128 $0x13, CC1, DD1, BB1
- VPERM2I128 $0x02, AA2, BB2, CC1
- VPERM2I128 $0x02, CC2, DD2, DD1
- VPERM2I128 $0x13, AA2, BB2, AA2
- VPERM2I128 $0x13, CC2, DD2, BB2
- JMP sealAVX2ShortSeal
-
-// ----------------------------------------------------------------------------
-// Special optimization for the last 128 bytes of ciphertext
-sealAVX2Tail128:
- // Need to decrypt up to 128 bytes - prepare two blocks
- // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
- // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
- VMOVDQA ·chacha20Constants<>(SB), AA0
- VMOVDQA state1StoreAVX2, BB0
- VMOVDQA state2StoreAVX2, CC0
- VMOVDQA ctr3StoreAVX2, DD0
- VPADDD ·avx2IncMask<>(SB), DD0, DD0
- VMOVDQA DD0, DD1
-
-sealAVX2Tail128LoopA:
- polyAdd(0(oup))
- polyMul
- LEAQ 16(oup), oup
-
-sealAVX2Tail128LoopB:
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
- polyAdd(0(oup))
- polyMul
- VPALIGNR $4, BB0, BB0, BB0
- VPALIGNR $8, CC0, CC0, CC0
- VPALIGNR $12, DD0, DD0, DD0
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
- polyAdd(16(oup))
- polyMul
- LEAQ 32(oup), oup
- VPALIGNR $12, BB0, BB0, BB0
- VPALIGNR $8, CC0, CC0, CC0
- VPALIGNR $4, DD0, DD0, DD0
- DECQ itr1
- JG sealAVX2Tail128LoopA
- DECQ itr2
- JGE sealAVX2Tail128LoopB
-
- VPADDD ·chacha20Constants<>(SB), AA0, AA1
- VPADDD state1StoreAVX2, BB0, BB1
- VPADDD state2StoreAVX2, CC0, CC1
- VPADDD DD1, DD0, DD1
-
- VPERM2I128 $0x02, AA1, BB1, AA0
- VPERM2I128 $0x02, CC1, DD1, BB0
- VPERM2I128 $0x13, AA1, BB1, CC0
- VPERM2I128 $0x13, CC1, DD1, DD0
- JMP sealAVX2ShortSealLoop
-
-// ----------------------------------------------------------------------------
-// Special optimization for the last 256 bytes of ciphertext
-sealAVX2Tail256:
- // Need to decrypt up to 256 bytes - prepare two blocks
- // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
- // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
- VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA ·chacha20Constants<>(SB), AA1
- VMOVDQA state1StoreAVX2, BB0; VMOVDQA state1StoreAVX2, BB1
- VMOVDQA state2StoreAVX2, CC0; VMOVDQA state2StoreAVX2, CC1
- VMOVDQA ctr3StoreAVX2, DD0
- VPADDD ·avx2IncMask<>(SB), DD0, DD0
- VPADDD ·avx2IncMask<>(SB), DD0, DD1
- VMOVDQA DD0, TT1
- VMOVDQA DD1, TT2
-
-sealAVX2Tail256LoopA:
- polyAdd(0(oup))
- polyMul
- LEAQ 16(oup), oup
-
-sealAVX2Tail256LoopB:
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
- polyAdd(0(oup))
- polyMul
- VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
- VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
- polyAdd(16(oup))
- polyMul
- LEAQ 32(oup), oup
- VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
- VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
- DECQ itr1
- JG sealAVX2Tail256LoopA
- DECQ itr2
- JGE sealAVX2Tail256LoopB
-
- VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1
- VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1
- VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1
- VPADDD TT1, DD0, DD0; VPADDD TT2, DD1, DD1
- VPERM2I128 $0x02, AA0, BB0, TT0
- VPERM2I128 $0x02, CC0, DD0, TT1
- VPERM2I128 $0x13, AA0, BB0, TT2
- VPERM2I128 $0x13, CC0, DD0, TT3
- VPXOR (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3
- VMOVDQU TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup)
- MOVQ $128, itr1
- LEAQ 128(inp), inp
- SUBQ $128, inl
- VPERM2I128 $0x02, AA1, BB1, AA0
- VPERM2I128 $0x02, CC1, DD1, BB0
- VPERM2I128 $0x13, AA1, BB1, CC0
- VPERM2I128 $0x13, CC1, DD1, DD0
-
- JMP sealAVX2SealHash
-
-// ----------------------------------------------------------------------------
-// Special optimization for the last 384 bytes of ciphertext
-sealAVX2Tail384:
- // Need to decrypt up to 384 bytes - prepare two blocks
- // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
- // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
- VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2
- VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2
- VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2
- VMOVDQA ctr3StoreAVX2, DD0
- VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2
- VMOVDQA DD0, TT1; VMOVDQA DD1, TT2; VMOVDQA DD2, TT3
-
-sealAVX2Tail384LoopA:
- polyAdd(0(oup))
- polyMul
- LEAQ 16(oup), oup
-
-sealAVX2Tail384LoopB:
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
- polyAdd(0(oup))
- polyMul
- VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
- VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
- chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
- polyAdd(16(oup))
- polyMul
- LEAQ 32(oup), oup
- VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
- VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
- DECQ itr1
- JG sealAVX2Tail384LoopA
- DECQ itr2
- JGE sealAVX2Tail384LoopB
-
- VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2
- VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2
- VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2
- VPADDD TT1, DD0, DD0; VPADDD TT2, DD1, DD1; VPADDD TT3, DD2, DD2
- VPERM2I128 $0x02, AA0, BB0, TT0
- VPERM2I128 $0x02, CC0, DD0, TT1
- VPERM2I128 $0x13, AA0, BB0, TT2
- VPERM2I128 $0x13, CC0, DD0, TT3
- VPXOR (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3
- VMOVDQU TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup)
- VPERM2I128 $0x02, AA1, BB1, TT0
- VPERM2I128 $0x02, CC1, DD1, TT1
- VPERM2I128 $0x13, AA1, BB1, TT2
- VPERM2I128 $0x13, CC1, DD1, TT3
- VPXOR (4*32)(inp), TT0, TT0; VPXOR (5*32)(inp), TT1, TT1; VPXOR (6*32)(inp), TT2, TT2; VPXOR (7*32)(inp), TT3, TT3
- VMOVDQU TT0, (4*32)(oup); VMOVDQU TT1, (5*32)(oup); VMOVDQU TT2, (6*32)(oup); VMOVDQU TT3, (7*32)(oup)
- MOVQ $256, itr1
- LEAQ 256(inp), inp
- SUBQ $256, inl
- VPERM2I128 $0x02, AA2, BB2, AA0
- VPERM2I128 $0x02, CC2, DD2, BB0
- VPERM2I128 $0x13, AA2, BB2, CC0
- VPERM2I128 $0x13, CC2, DD2, DD0
-
- JMP sealAVX2SealHash
-
-// ----------------------------------------------------------------------------
-// Special optimization for the last 512 bytes of ciphertext
-sealAVX2Tail512:
- // Need to decrypt up to 512 bytes - prepare two blocks
- // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
- // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
- VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
- VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
- VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
- VMOVDQA ctr3StoreAVX2, DD0
- VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
- VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
-
-sealAVX2Tail512LoopA:
- polyAdd(0(oup))
- polyMul
- LEAQ 16(oup), oup
-
-sealAVX2Tail512LoopB:
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- polyAdd(0*8(oup))
- polyMulAVX2
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
- VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- polyAdd(2*8(oup))
- polyMulAVX2
- LEAQ (4*8)(oup), oup
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
- VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
- VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
- VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
- VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
- VMOVDQA CC3, tmpStoreAVX2
- VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
- VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
- VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
- VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
- VMOVDQA tmpStoreAVX2, CC3
- VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
- VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
- VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
-
- DECQ itr1
- JG sealAVX2Tail512LoopA
- DECQ itr2
- JGE sealAVX2Tail512LoopB
-
- VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
- VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
- VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
- VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
- VMOVDQA CC3, tmpStoreAVX2
- VPERM2I128 $0x02, AA0, BB0, CC3
- VPXOR (0*32)(inp), CC3, CC3
- VMOVDQU CC3, (0*32)(oup)
- VPERM2I128 $0x02, CC0, DD0, CC3
- VPXOR (1*32)(inp), CC3, CC3
- VMOVDQU CC3, (1*32)(oup)
- VPERM2I128 $0x13, AA0, BB0, CC3
- VPXOR (2*32)(inp), CC3, CC3
- VMOVDQU CC3, (2*32)(oup)
- VPERM2I128 $0x13, CC0, DD0, CC3
- VPXOR (3*32)(inp), CC3, CC3
- VMOVDQU CC3, (3*32)(oup)
-
- VPERM2I128 $0x02, AA1, BB1, AA0
- VPERM2I128 $0x02, CC1, DD1, BB0
- VPERM2I128 $0x13, AA1, BB1, CC0
- VPERM2I128 $0x13, CC1, DD1, DD0
- VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
- VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
-
- VPERM2I128 $0x02, AA2, BB2, AA0
- VPERM2I128 $0x02, CC2, DD2, BB0
- VPERM2I128 $0x13, AA2, BB2, CC0
- VPERM2I128 $0x13, CC2, DD2, DD0
- VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
- VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
-
- MOVQ $384, itr1
- LEAQ 384(inp), inp
- SUBQ $384, inl
- VPERM2I128 $0x02, AA3, BB3, AA0
- VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0
- VPERM2I128 $0x13, AA3, BB3, CC0
- VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
-
- JMP sealAVX2SealHash
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
deleted file mode 100644
index 8d28ce2..0000000
--- a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
+++ /dev/null
@@ -1,74 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package chacha20poly1305
-
-import (
- "encoding/binary"
-
- "golang.org/x/crypto/internal/chacha20"
- "golang.org/x/crypto/poly1305"
-)
-
-func roundTo16(n int) int {
- return 16 * ((n + 15) / 16)
-}
-
-func (c *chacha20poly1305) sealGeneric(dst, nonce, plaintext, additionalData []byte) []byte {
- ret, out := sliceForAppend(dst, len(plaintext)+poly1305.TagSize)
-
- var polyKey [32]byte
- s := chacha20.New(c.key, [3]uint32{
- binary.LittleEndian.Uint32(nonce[0:4]),
- binary.LittleEndian.Uint32(nonce[4:8]),
- binary.LittleEndian.Uint32(nonce[8:12]),
- })
- s.XORKeyStream(polyKey[:], polyKey[:])
- s.Advance() // skip the next 32 bytes
- s.XORKeyStream(out, plaintext)
-
- polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(plaintext))+8+8)
- copy(polyInput, additionalData)
- copy(polyInput[roundTo16(len(additionalData)):], out[:len(plaintext)])
- binary.LittleEndian.PutUint64(polyInput[len(polyInput)-16:], uint64(len(additionalData)))
- binary.LittleEndian.PutUint64(polyInput[len(polyInput)-8:], uint64(len(plaintext)))
-
- var tag [poly1305.TagSize]byte
- poly1305.Sum(&tag, polyInput, &polyKey)
- copy(out[len(plaintext):], tag[:])
-
- return ret
-}
-
-func (c *chacha20poly1305) openGeneric(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
- var tag [poly1305.TagSize]byte
- copy(tag[:], ciphertext[len(ciphertext)-16:])
- ciphertext = ciphertext[:len(ciphertext)-16]
-
- var polyKey [32]byte
- s := chacha20.New(c.key, [3]uint32{
- binary.LittleEndian.Uint32(nonce[0:4]),
- binary.LittleEndian.Uint32(nonce[4:8]),
- binary.LittleEndian.Uint32(nonce[8:12]),
- })
- s.XORKeyStream(polyKey[:], polyKey[:])
- s.Advance() // skip the next 32 bytes
-
- polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(ciphertext))+8+8)
- copy(polyInput, additionalData)
- copy(polyInput[roundTo16(len(additionalData)):], ciphertext)
- binary.LittleEndian.PutUint64(polyInput[len(polyInput)-16:], uint64(len(additionalData)))
- binary.LittleEndian.PutUint64(polyInput[len(polyInput)-8:], uint64(len(ciphertext)))
-
- ret, out := sliceForAppend(dst, len(ciphertext))
- if !poly1305.Verify(&tag, polyInput, &polyKey) {
- for i := range out {
- out[i] = 0
- }
- return nil, errOpen
- }
-
- s.XORKeyStream(out, ciphertext)
- return ret, nil
-}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
deleted file mode 100644
index 4c2eb70..0000000
--- a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !amd64 !go1.7 gccgo appengine
-
-package chacha20poly1305
-
-func (c *chacha20poly1305) seal(dst, nonce, plaintext, additionalData []byte) []byte {
- return c.sealGeneric(dst, nonce, plaintext, additionalData)
-}
-
-func (c *chacha20poly1305) open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
- return c.openGeneric(dst, nonce, ciphertext, additionalData)
-}
diff --git a/vendor/golang.org/x/crypto/hkdf/hkdf.go b/vendor/golang.org/x/crypto/hkdf/hkdf.go
deleted file mode 100644
index 5bc2463..0000000
--- a/vendor/golang.org/x/crypto/hkdf/hkdf.go
+++ /dev/null
@@ -1,75 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation
-// Function (HKDF) as defined in RFC 5869.
-//
-// HKDF is a cryptographic key derivation function (KDF) with the goal of
-// expanding limited input keying material into one or more cryptographically
-// strong secret keys.
-//
-// RFC 5869: https://tools.ietf.org/html/rfc5869
-package hkdf // import "golang.org/x/crypto/hkdf"
-
-import (
- "crypto/hmac"
- "errors"
- "hash"
- "io"
-)
-
-type hkdf struct {
- expander hash.Hash
- size int
-
- info []byte
- counter byte
-
- prev []byte
- cache []byte
-}
-
-func (f *hkdf) Read(p []byte) (int, error) {
- // Check whether enough data can be generated
- need := len(p)
- remains := len(f.cache) + int(255-f.counter+1)*f.size
- if remains < need {
- return 0, errors.New("hkdf: entropy limit reached")
- }
- // Read from the cache, if enough data is present
- n := copy(p, f.cache)
- p = p[n:]
-
- // Fill the buffer
- for len(p) > 0 {
- f.expander.Reset()
- f.expander.Write(f.prev)
- f.expander.Write(f.info)
- f.expander.Write([]byte{f.counter})
- f.prev = f.expander.Sum(f.prev[:0])
- f.counter++
-
- // Copy the new batch into p
- f.cache = f.prev
- n = copy(p, f.cache)
- p = p[n:]
- }
- // Save leftovers for next run
- f.cache = f.cache[n:]
-
- return need, nil
-}
-
-// New returns a new HKDF using the given hash, the secret keying material to expand
-// and optional salt and info fields.
-func New(hash func() hash.Hash, secret, salt, info []byte) io.Reader {
- if salt == nil {
- salt = make([]byte, hash().Size())
- }
- extractor := hmac.New(hash, salt)
- extractor.Write(secret)
- prk := extractor.Sum(nil)
-
- return &hkdf{hmac.New(hash, prk), extractor.Size(), info, 1, nil, nil}
-}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/asm_s390x.s b/vendor/golang.org/x/crypto/internal/chacha20/asm_s390x.s
deleted file mode 100644
index 98427c5..0000000
--- a/vendor/golang.org/x/crypto/internal/chacha20/asm_s390x.s
+++ /dev/null
@@ -1,283 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build s390x,!gccgo,!appengine
-
-#include "go_asm.h"
-#include "textflag.h"
-
-// This is an implementation of the ChaCha20 encryption algorithm as
-// specified in RFC 7539. It uses vector instructions to compute
-// 4 keystream blocks in parallel (256 bytes) which are then XORed
-// with the bytes in the input slice.
-
-GLOBL ·constants<>(SB), RODATA|NOPTR, $32
-// BSWAP: swap bytes in each 4-byte element
-DATA ·constants<>+0x00(SB)/4, $0x03020100
-DATA ·constants<>+0x04(SB)/4, $0x07060504
-DATA ·constants<>+0x08(SB)/4, $0x0b0a0908
-DATA ·constants<>+0x0c(SB)/4, $0x0f0e0d0c
-// J0: [j0, j1, j2, j3]
-DATA ·constants<>+0x10(SB)/4, $0x61707865
-DATA ·constants<>+0x14(SB)/4, $0x3320646e
-DATA ·constants<>+0x18(SB)/4, $0x79622d32
-DATA ·constants<>+0x1c(SB)/4, $0x6b206574
-
-// EXRL targets:
-TEXT ·mvcSrcToBuf(SB), NOFRAME|NOSPLIT, $0
- MVC $1, (R1), (R8)
- RET
-
-TEXT ·mvcBufToDst(SB), NOFRAME|NOSPLIT, $0
- MVC $1, (R8), (R9)
- RET
-
-#define BSWAP V5
-#define J0 V6
-#define KEY0 V7
-#define KEY1 V8
-#define NONCE V9
-#define CTR V10
-#define M0 V11
-#define M1 V12
-#define M2 V13
-#define M3 V14
-#define INC V15
-#define X0 V16
-#define X1 V17
-#define X2 V18
-#define X3 V19
-#define X4 V20
-#define X5 V21
-#define X6 V22
-#define X7 V23
-#define X8 V24
-#define X9 V25
-#define X10 V26
-#define X11 V27
-#define X12 V28
-#define X13 V29
-#define X14 V30
-#define X15 V31
-
-#define NUM_ROUNDS 20
-
-#define ROUND4(a0, a1, a2, a3, b0, b1, b2, b3, c0, c1, c2, c3, d0, d1, d2, d3) \
- VAF a1, a0, a0 \
- VAF b1, b0, b0 \
- VAF c1, c0, c0 \
- VAF d1, d0, d0 \
- VX a0, a2, a2 \
- VX b0, b2, b2 \
- VX c0, c2, c2 \
- VX d0, d2, d2 \
- VERLLF $16, a2, a2 \
- VERLLF $16, b2, b2 \
- VERLLF $16, c2, c2 \
- VERLLF $16, d2, d2 \
- VAF a2, a3, a3 \
- VAF b2, b3, b3 \
- VAF c2, c3, c3 \
- VAF d2, d3, d3 \
- VX a3, a1, a1 \
- VX b3, b1, b1 \
- VX c3, c1, c1 \
- VX d3, d1, d1 \
- VERLLF $12, a1, a1 \
- VERLLF $12, b1, b1 \
- VERLLF $12, c1, c1 \
- VERLLF $12, d1, d1 \
- VAF a1, a0, a0 \
- VAF b1, b0, b0 \
- VAF c1, c0, c0 \
- VAF d1, d0, d0 \
- VX a0, a2, a2 \
- VX b0, b2, b2 \
- VX c0, c2, c2 \
- VX d0, d2, d2 \
- VERLLF $8, a2, a2 \
- VERLLF $8, b2, b2 \
- VERLLF $8, c2, c2 \
- VERLLF $8, d2, d2 \
- VAF a2, a3, a3 \
- VAF b2, b3, b3 \
- VAF c2, c3, c3 \
- VAF d2, d3, d3 \
- VX a3, a1, a1 \
- VX b3, b1, b1 \
- VX c3, c1, c1 \
- VX d3, d1, d1 \
- VERLLF $7, a1, a1 \
- VERLLF $7, b1, b1 \
- VERLLF $7, c1, c1 \
- VERLLF $7, d1, d1
-
-#define PERMUTE(mask, v0, v1, v2, v3) \
- VPERM v0, v0, mask, v0 \
- VPERM v1, v1, mask, v1 \
- VPERM v2, v2, mask, v2 \
- VPERM v3, v3, mask, v3
-
-#define ADDV(x, v0, v1, v2, v3) \
- VAF x, v0, v0 \
- VAF x, v1, v1 \
- VAF x, v2, v2 \
- VAF x, v3, v3
-
-#define XORV(off, dst, src, v0, v1, v2, v3) \
- VLM off(src), M0, M3 \
- PERMUTE(BSWAP, v0, v1, v2, v3) \
- VX v0, M0, M0 \
- VX v1, M1, M1 \
- VX v2, M2, M2 \
- VX v3, M3, M3 \
- VSTM M0, M3, off(dst)
-
-#define SHUFFLE(a, b, c, d, t, u, v, w) \
- VMRHF a, c, t \ // t = {a[0], c[0], a[1], c[1]}
- VMRHF b, d, u \ // u = {b[0], d[0], b[1], d[1]}
- VMRLF a, c, v \ // v = {a[2], c[2], a[3], c[3]}
- VMRLF b, d, w \ // w = {b[2], d[2], b[3], d[3]}
- VMRHF t, u, a \ // a = {a[0], b[0], c[0], d[0]}
- VMRLF t, u, b \ // b = {a[1], b[1], c[1], d[1]}
- VMRHF v, w, c \ // c = {a[2], b[2], c[2], d[2]}
- VMRLF v, w, d // d = {a[3], b[3], c[3], d[3]}
-
-// func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32, buf *[256]byte, len *int)
-TEXT ·xorKeyStreamVX(SB), NOSPLIT, $0
- MOVD $·constants<>(SB), R1
- MOVD dst+0(FP), R2 // R2=&dst[0]
- LMG src+24(FP), R3, R4 // R3=&src[0] R4=len(src)
- MOVD key+48(FP), R5 // R5=key
- MOVD nonce+56(FP), R6 // R6=nonce
- MOVD counter+64(FP), R7 // R7=counter
- MOVD buf+72(FP), R8 // R8=buf
- MOVD len+80(FP), R9 // R9=len
-
- // load BSWAP and J0
- VLM (R1), BSWAP, J0
-
- // set up tail buffer
- ADD $-1, R4, R12
- MOVBZ R12, R12
- CMPUBEQ R12, $255, aligned
- MOVD R4, R1
- AND $~255, R1
- MOVD $(R3)(R1*1), R1
- EXRL $·mvcSrcToBuf(SB), R12
- MOVD $255, R0
- SUB R12, R0
- MOVD R0, (R9) // update len
-
-aligned:
- // setup
- MOVD $95, R0
- VLM (R5), KEY0, KEY1
- VLL R0, (R6), NONCE
- VZERO M0
- VLEIB $7, $32, M0
- VSRLB M0, NONCE, NONCE
-
- // initialize counter values
- VLREPF (R7), CTR
- VZERO INC
- VLEIF $1, $1, INC
- VLEIF $2, $2, INC
- VLEIF $3, $3, INC
- VAF INC, CTR, CTR
- VREPIF $4, INC
-
-chacha:
- VREPF $0, J0, X0
- VREPF $1, J0, X1
- VREPF $2, J0, X2
- VREPF $3, J0, X3
- VREPF $0, KEY0, X4
- VREPF $1, KEY0, X5
- VREPF $2, KEY0, X6
- VREPF $3, KEY0, X7
- VREPF $0, KEY1, X8
- VREPF $1, KEY1, X9
- VREPF $2, KEY1, X10
- VREPF $3, KEY1, X11
- VLR CTR, X12
- VREPF $1, NONCE, X13
- VREPF $2, NONCE, X14
- VREPF $3, NONCE, X15
-
- MOVD $(NUM_ROUNDS/2), R1
-
-loop:
- ROUND4(X0, X4, X12, X8, X1, X5, X13, X9, X2, X6, X14, X10, X3, X7, X15, X11)
- ROUND4(X0, X5, X15, X10, X1, X6, X12, X11, X2, X7, X13, X8, X3, X4, X14, X9)
-
- ADD $-1, R1
- BNE loop
-
- // decrement length
- ADD $-256, R4
- BLT tail
-
-continue:
- // rearrange vectors
- SHUFFLE(X0, X1, X2, X3, M0, M1, M2, M3)
- ADDV(J0, X0, X1, X2, X3)
- SHUFFLE(X4, X5, X6, X7, M0, M1, M2, M3)
- ADDV(KEY0, X4, X5, X6, X7)
- SHUFFLE(X8, X9, X10, X11, M0, M1, M2, M3)
- ADDV(KEY1, X8, X9, X10, X11)
- VAF CTR, X12, X12
- SHUFFLE(X12, X13, X14, X15, M0, M1, M2, M3)
- ADDV(NONCE, X12, X13, X14, X15)
-
- // increment counters
- VAF INC, CTR, CTR
-
- // xor keystream with plaintext
- XORV(0*64, R2, R3, X0, X4, X8, X12)
- XORV(1*64, R2, R3, X1, X5, X9, X13)
- XORV(2*64, R2, R3, X2, X6, X10, X14)
- XORV(3*64, R2, R3, X3, X7, X11, X15)
-
- // increment pointers
- MOVD $256(R2), R2
- MOVD $256(R3), R3
-
- CMPBNE R4, $0, chacha
- CMPUBEQ R12, $255, return
- EXRL $·mvcBufToDst(SB), R12 // len was updated during setup
-
-return:
- VSTEF $0, CTR, (R7)
- RET
-
-tail:
- MOVD R2, R9
- MOVD R8, R2
- MOVD R8, R3
- MOVD $0, R4
- JMP continue
-
-// func hasVectorFacility() bool
-TEXT ·hasVectorFacility(SB), NOSPLIT, $24-1
- MOVD $x-24(SP), R1
- XC $24, 0(R1), 0(R1) // clear the storage
- MOVD $2, R0 // R0 is the number of double words stored -1
- WORD $0xB2B01000 // STFLE 0(R1)
- XOR R0, R0 // reset the value of R0
- MOVBZ z-8(SP), R1
- AND $0x40, R1
- BEQ novector
-
-vectorinstalled:
- // check if the vector instruction has been enabled
- VLEIB $0, $0xF, V16
- VLGVB $0, V16, R1
- CMPBNE R1, $0xF, novector
- MOVB $1, ret+0(FP) // have vx
- RET
-
-novector:
- MOVB $0, ret+0(FP) // no vx
- RET
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go b/vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go
deleted file mode 100644
index 7ed1cd9..0000000
--- a/vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go
+++ /dev/null
@@ -1,227 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package ChaCha20 implements the core ChaCha20 function as specified
-// in https://tools.ietf.org/html/rfc7539#section-2.3.
-package chacha20
-
-import (
- "crypto/cipher"
- "encoding/binary"
-)
-
-// assert that *Cipher implements cipher.Stream
-var _ cipher.Stream = (*Cipher)(nil)
-
-// Cipher is a stateful instance of ChaCha20 using a particular key
-// and nonce. A *Cipher implements the cipher.Stream interface.
-type Cipher struct {
- key [8]uint32
- counter uint32 // incremented after each block
- nonce [3]uint32
- buf [bufSize]byte // buffer for unused keystream bytes
- len int // number of unused keystream bytes at end of buf
-}
-
-// New creates a new ChaCha20 stream cipher with the given key and nonce.
-// The initial counter value is set to 0.
-func New(key [8]uint32, nonce [3]uint32) *Cipher {
- return &Cipher{key: key, nonce: nonce}
-}
-
-// XORKeyStream XORs each byte in the given slice with a byte from the
-// cipher's key stream. Dst and src must overlap entirely or not at all.
-//
-// If len(dst) < len(src), XORKeyStream will panic. It is acceptable
-// to pass a dst bigger than src, and in that case, XORKeyStream will
-// only update dst[:len(src)] and will not touch the rest of dst.
-//
-// Multiple calls to XORKeyStream behave as if the concatenation of
-// the src buffers was passed in a single run. That is, Cipher
-// maintains state and does not reset at each XORKeyStream call.
-func (s *Cipher) XORKeyStream(dst, src []byte) {
- // xor src with buffered keystream first
- if s.len != 0 {
- buf := s.buf[len(s.buf)-s.len:]
- if len(src) < len(buf) {
- buf = buf[:len(src)]
- }
- td, ts := dst[:len(buf)], src[:len(buf)] // BCE hint
- for i, b := range buf {
- td[i] = ts[i] ^ b
- }
- s.len -= len(buf)
- if s.len != 0 {
- return
- }
- s.buf = [len(s.buf)]byte{} // zero the empty buffer
- src = src[len(buf):]
- dst = dst[len(buf):]
- }
-
- if len(src) == 0 {
- return
- }
- if haveAsm {
- s.xorKeyStreamAsm(dst, src)
- return
- }
-
- // set up a 64-byte buffer to pad out the final block if needed
- // (hoisted out of the main loop to avoid spills)
- rem := len(src) % 64 // length of final block
- fin := len(src) - rem // index of final block
- if rem > 0 {
- copy(s.buf[len(s.buf)-64:], src[fin:])
- }
-
- // qr calculates a quarter round
- qr := func(a, b, c, d uint32) (uint32, uint32, uint32, uint32) {
- a += b
- d ^= a
- d = (d << 16) | (d >> 16)
- c += d
- b ^= c
- b = (b << 12) | (b >> 20)
- a += b
- d ^= a
- d = (d << 8) | (d >> 24)
- c += d
- b ^= c
- b = (b << 7) | (b >> 25)
- return a, b, c, d
- }
-
- // ChaCha20 constants
- const (
- j0 = 0x61707865
- j1 = 0x3320646e
- j2 = 0x79622d32
- j3 = 0x6b206574
- )
-
- // pre-calculate most of the first round
- s1, s5, s9, s13 := qr(j1, s.key[1], s.key[5], s.nonce[0])
- s2, s6, s10, s14 := qr(j2, s.key[2], s.key[6], s.nonce[1])
- s3, s7, s11, s15 := qr(j3, s.key[3], s.key[7], s.nonce[2])
-
- n := len(src)
- src, dst = src[:n:n], dst[:n:n] // BCE hint
- for i := 0; i < n; i += 64 {
- // calculate the remainder of the first round
- s0, s4, s8, s12 := qr(j0, s.key[0], s.key[4], s.counter)
-
- // execute the second round
- x0, x5, x10, x15 := qr(s0, s5, s10, s15)
- x1, x6, x11, x12 := qr(s1, s6, s11, s12)
- x2, x7, x8, x13 := qr(s2, s7, s8, s13)
- x3, x4, x9, x14 := qr(s3, s4, s9, s14)
-
- // execute the remaining 18 rounds
- for i := 0; i < 9; i++ {
- x0, x4, x8, x12 = qr(x0, x4, x8, x12)
- x1, x5, x9, x13 = qr(x1, x5, x9, x13)
- x2, x6, x10, x14 = qr(x2, x6, x10, x14)
- x3, x7, x11, x15 = qr(x3, x7, x11, x15)
-
- x0, x5, x10, x15 = qr(x0, x5, x10, x15)
- x1, x6, x11, x12 = qr(x1, x6, x11, x12)
- x2, x7, x8, x13 = qr(x2, x7, x8, x13)
- x3, x4, x9, x14 = qr(x3, x4, x9, x14)
- }
-
- x0 += j0
- x1 += j1
- x2 += j2
- x3 += j3
-
- x4 += s.key[0]
- x5 += s.key[1]
- x6 += s.key[2]
- x7 += s.key[3]
- x8 += s.key[4]
- x9 += s.key[5]
- x10 += s.key[6]
- x11 += s.key[7]
-
- x12 += s.counter
- x13 += s.nonce[0]
- x14 += s.nonce[1]
- x15 += s.nonce[2]
-
- // increment the counter
- s.counter += 1
- if s.counter == 0 {
- panic("chacha20: counter overflow")
- }
-
- // pad to 64 bytes if needed
- in, out := src[i:], dst[i:]
- if i == fin {
- // src[fin:] has already been copied into s.buf before
- // the main loop
- in, out = s.buf[len(s.buf)-64:], s.buf[len(s.buf)-64:]
- }
- in, out = in[:64], out[:64] // BCE hint
-
- // XOR the key stream with the source and write out the result
- xor(out[0:], in[0:], x0)
- xor(out[4:], in[4:], x1)
- xor(out[8:], in[8:], x2)
- xor(out[12:], in[12:], x3)
- xor(out[16:], in[16:], x4)
- xor(out[20:], in[20:], x5)
- xor(out[24:], in[24:], x6)
- xor(out[28:], in[28:], x7)
- xor(out[32:], in[32:], x8)
- xor(out[36:], in[36:], x9)
- xor(out[40:], in[40:], x10)
- xor(out[44:], in[44:], x11)
- xor(out[48:], in[48:], x12)
- xor(out[52:], in[52:], x13)
- xor(out[56:], in[56:], x14)
- xor(out[60:], in[60:], x15)
- }
- // copy any trailing bytes out of the buffer and into dst
- if rem != 0 {
- s.len = 64 - rem
- copy(dst[fin:], s.buf[len(s.buf)-64:])
- }
-}
-
-// Advance discards bytes in the key stream until the next 64 byte block
-// boundary is reached and updates the counter accordingly. If the key
-// stream is already at a block boundary no bytes will be discarded and
-// the counter will be unchanged.
-func (s *Cipher) Advance() {
- s.len -= s.len % 64
- if s.len == 0 {
- s.buf = [len(s.buf)]byte{}
- }
-}
-
-// XORKeyStream crypts bytes from in to out using the given key and counters.
-// In and out must overlap entirely or not at all. Counter contains the raw
-// ChaCha20 counter bytes (i.e. block counter followed by nonce).
-func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
- s := Cipher{
- key: [8]uint32{
- binary.LittleEndian.Uint32(key[0:4]),
- binary.LittleEndian.Uint32(key[4:8]),
- binary.LittleEndian.Uint32(key[8:12]),
- binary.LittleEndian.Uint32(key[12:16]),
- binary.LittleEndian.Uint32(key[16:20]),
- binary.LittleEndian.Uint32(key[20:24]),
- binary.LittleEndian.Uint32(key[24:28]),
- binary.LittleEndian.Uint32(key[28:32]),
- },
- nonce: [3]uint32{
- binary.LittleEndian.Uint32(counter[4:8]),
- binary.LittleEndian.Uint32(counter[8:12]),
- binary.LittleEndian.Uint32(counter[12:16]),
- },
- counter: binary.LittleEndian.Uint32(counter[0:4]),
- }
- s.XORKeyStream(out, in)
-}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go b/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
deleted file mode 100644
index 91520d1..0000000
--- a/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !s390x gccgo appengine
-
-package chacha20
-
-const (
- bufSize = 64
- haveAsm = false
-)
-
-func (*Cipher) xorKeyStreamAsm(dst, src []byte) {
- panic("not implemented")
-}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go b/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go
deleted file mode 100644
index 0c1c671..0000000
--- a/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build s390x,!gccgo,!appengine
-
-package chacha20
-
-var haveAsm = hasVectorFacility()
-
-const bufSize = 256
-
-// hasVectorFacility reports whether the machine supports the vector
-// facility (vx).
-// Implementation in asm_s390x.s.
-func hasVectorFacility() bool
-
-// xorKeyStreamVX is an assembly implementation of XORKeyStream. It must only
-// be called when the vector facility is available.
-// Implementation in asm_s390x.s.
-//go:noescape
-func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32, buf *[256]byte, len *int)
-
-func (c *Cipher) xorKeyStreamAsm(dst, src []byte) {
- xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter, &c.buf, &c.len)
-}
-
-// EXRL targets, DO NOT CALL!
-func mvcSrcToBuf()
-func mvcBufToDst()
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/xor.go b/vendor/golang.org/x/crypto/internal/chacha20/xor.go
deleted file mode 100644
index 9c5ba0b..0000000
--- a/vendor/golang.org/x/crypto/internal/chacha20/xor.go
+++ /dev/null
@@ -1,43 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found src the LICENSE file.
-
-package chacha20
-
-import (
- "runtime"
-)
-
-// Platforms that have fast unaligned 32-bit little endian accesses.
-const unaligned = runtime.GOARCH == "386" ||
- runtime.GOARCH == "amd64" ||
- runtime.GOARCH == "arm64" ||
- runtime.GOARCH == "ppc64le" ||
- runtime.GOARCH == "s390x"
-
-// xor reads a little endian uint32 from src, XORs it with u and
-// places the result in little endian byte order in dst.
-func xor(dst, src []byte, u uint32) {
- _, _ = src[3], dst[3] // eliminate bounds checks
- if unaligned {
- // The compiler should optimize this code into
- // 32-bit unaligned little endian loads and stores.
- // TODO: delete once the compiler does a reliably
- // good job with the generic code below.
- // See issue #25111 for more details.
- v := uint32(src[0])
- v |= uint32(src[1]) << 8
- v |= uint32(src[2]) << 16
- v |= uint32(src[3]) << 24
- v ^= u
- dst[0] = byte(v)
- dst[1] = byte(v >> 8)
- dst[2] = byte(v >> 16)
- dst[3] = byte(v >> 24)
- } else {
- dst[0] = src[0] ^ byte(u)
- dst[1] = src[1] ^ byte(u>>8)
- dst[2] = src[2] ^ byte(u>>16)
- dst[3] = src[3] ^ byte(u>>24)
- }
-}
diff --git a/vendor/golang.org/x/crypto/poly1305/poly1305.go b/vendor/golang.org/x/crypto/poly1305/poly1305.go
deleted file mode 100644
index f562fa5..0000000
--- a/vendor/golang.org/x/crypto/poly1305/poly1305.go
+++ /dev/null
@@ -1,33 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-/*
-Package poly1305 implements Poly1305 one-time message authentication code as
-specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
-
-Poly1305 is a fast, one-time authentication function. It is infeasible for an
-attacker to generate an authenticator for a message without the key. However, a
-key must only be used for a single message. Authenticating two different
-messages with the same key allows an attacker to forge authenticators for other
-messages with the same key.
-
-Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was
-used with a fixed key in order to generate one-time keys from an nonce.
-However, in this package AES isn't used and the one-time key is specified
-directly.
-*/
-package poly1305 // import "golang.org/x/crypto/poly1305"
-
-import "crypto/subtle"
-
-// TagSize is the size, in bytes, of a poly1305 authenticator.
-const TagSize = 16
-
-// Verify returns true if mac is a valid authenticator for m with the given
-// key.
-func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
- var tmp [16]byte
- Sum(&tmp, m, key)
- return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1
-}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
deleted file mode 100644
index 4dd72fe..0000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build amd64,!gccgo,!appengine
-
-package poly1305
-
-// This function is implemented in sum_amd64.s
-//go:noescape
-func poly1305(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
-
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
- var mPtr *byte
- if len(m) > 0 {
- mPtr = &m[0]
- }
- poly1305(out, mPtr, uint64(len(m)), key)
-}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.s b/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
deleted file mode 100644
index 2edae63..0000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
+++ /dev/null
@@ -1,125 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build amd64,!gccgo,!appengine
-
-#include "textflag.h"
-
-#define POLY1305_ADD(msg, h0, h1, h2) \
- ADDQ 0(msg), h0; \
- ADCQ 8(msg), h1; \
- ADCQ $1, h2; \
- LEAQ 16(msg), msg
-
-#define POLY1305_MUL(h0, h1, h2, r0, r1, t0, t1, t2, t3) \
- MOVQ r0, AX; \
- MULQ h0; \
- MOVQ AX, t0; \
- MOVQ DX, t1; \
- MOVQ r0, AX; \
- MULQ h1; \
- ADDQ AX, t1; \
- ADCQ $0, DX; \
- MOVQ r0, t2; \
- IMULQ h2, t2; \
- ADDQ DX, t2; \
- \
- MOVQ r1, AX; \
- MULQ h0; \
- ADDQ AX, t1; \
- ADCQ $0, DX; \
- MOVQ DX, h0; \
- MOVQ r1, t3; \
- IMULQ h2, t3; \
- MOVQ r1, AX; \
- MULQ h1; \
- ADDQ AX, t2; \
- ADCQ DX, t3; \
- ADDQ h0, t2; \
- ADCQ $0, t3; \
- \
- MOVQ t0, h0; \
- MOVQ t1, h1; \
- MOVQ t2, h2; \
- ANDQ $3, h2; \
- MOVQ t2, t0; \
- ANDQ $0xFFFFFFFFFFFFFFFC, t0; \
- ADDQ t0, h0; \
- ADCQ t3, h1; \
- ADCQ $0, h2; \
- SHRQ $2, t3, t2; \
- SHRQ $2, t3; \
- ADDQ t2, h0; \
- ADCQ t3, h1; \
- ADCQ $0, h2
-
-DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
-DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
-GLOBL ·poly1305Mask<>(SB), RODATA, $16
-
-// func poly1305(out *[16]byte, m *byte, mlen uint64, key *[32]key)
-TEXT ·poly1305(SB), $0-32
- MOVQ out+0(FP), DI
- MOVQ m+8(FP), SI
- MOVQ mlen+16(FP), R15
- MOVQ key+24(FP), AX
-
- MOVQ 0(AX), R11
- MOVQ 8(AX), R12
- ANDQ ·poly1305Mask<>(SB), R11 // r0
- ANDQ ·poly1305Mask<>+8(SB), R12 // r1
- XORQ R8, R8 // h0
- XORQ R9, R9 // h1
- XORQ R10, R10 // h2
-
- CMPQ R15, $16
- JB bytes_between_0_and_15
-
-loop:
- POLY1305_ADD(SI, R8, R9, R10)
-
-multiply:
- POLY1305_MUL(R8, R9, R10, R11, R12, BX, CX, R13, R14)
- SUBQ $16, R15
- CMPQ R15, $16
- JAE loop
-
-bytes_between_0_and_15:
- TESTQ R15, R15
- JZ done
- MOVQ $1, BX
- XORQ CX, CX
- XORQ R13, R13
- ADDQ R15, SI
-
-flush_buffer:
- SHLQ $8, BX, CX
- SHLQ $8, BX
- MOVB -1(SI), R13
- XORQ R13, BX
- DECQ SI
- DECQ R15
- JNZ flush_buffer
-
- ADDQ BX, R8
- ADCQ CX, R9
- ADCQ $0, R10
- MOVQ $16, R15
- JMP multiply
-
-done:
- MOVQ R8, AX
- MOVQ R9, BX
- SUBQ $0xFFFFFFFFFFFFFFFB, AX
- SBBQ $0xFFFFFFFFFFFFFFFF, BX
- SBBQ $3, R10
- CMOVQCS R8, AX
- CMOVQCS R9, BX
- MOVQ key+24(FP), R8
- ADDQ 16(R8), AX
- ADCQ 24(R8), BX
-
- MOVQ AX, 0(DI)
- MOVQ BX, 8(DI)
- RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_arm.go b/vendor/golang.org/x/crypto/poly1305/sum_arm.go
deleted file mode 100644
index 5dc321c..0000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_arm.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build arm,!gccgo,!appengine,!nacl
-
-package poly1305
-
-// This function is implemented in sum_arm.s
-//go:noescape
-func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]byte)
-
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
- var mPtr *byte
- if len(m) > 0 {
- mPtr = &m[0]
- }
- poly1305_auth_armv6(out, mPtr, uint32(len(m)), key)
-}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_arm.s b/vendor/golang.org/x/crypto/poly1305/sum_arm.s
deleted file mode 100644
index f70b4ac..0000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_arm.s
+++ /dev/null
@@ -1,427 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build arm,!gccgo,!appengine,!nacl
-
-#include "textflag.h"
-
-// This code was translated into a form compatible with 5a from the public
-// domain source by Andrew Moon: github.com/floodyberry/poly1305-opt/blob/master/app/extensions/poly1305.
-
-DATA ·poly1305_init_constants_armv6<>+0x00(SB)/4, $0x3ffffff
-DATA ·poly1305_init_constants_armv6<>+0x04(SB)/4, $0x3ffff03
-DATA ·poly1305_init_constants_armv6<>+0x08(SB)/4, $0x3ffc0ff
-DATA ·poly1305_init_constants_armv6<>+0x0c(SB)/4, $0x3f03fff
-DATA ·poly1305_init_constants_armv6<>+0x10(SB)/4, $0x00fffff
-GLOBL ·poly1305_init_constants_armv6<>(SB), 8, $20
-
-// Warning: the linker may use R11 to synthesize certain instructions. Please
-// take care and verify that no synthetic instructions use it.
-
-TEXT poly1305_init_ext_armv6<>(SB), NOSPLIT, $0
- // Needs 16 bytes of stack and 64 bytes of space pointed to by R0. (It
- // might look like it's only 60 bytes of space but the final four bytes
- // will be written by another function.) We need to skip over four
- // bytes of stack because that's saving the value of 'g'.
- ADD $4, R13, R8
- MOVM.IB [R4-R7], (R8)
- MOVM.IA.W (R1), [R2-R5]
- MOVW $·poly1305_init_constants_armv6<>(SB), R7
- MOVW R2, R8
- MOVW R2>>26, R9
- MOVW R3>>20, g
- MOVW R4>>14, R11
- MOVW R5>>8, R12
- ORR R3<<6, R9, R9
- ORR R4<<12, g, g
- ORR R5<<18, R11, R11
- MOVM.IA (R7), [R2-R6]
- AND R8, R2, R2
- AND R9, R3, R3
- AND g, R4, R4
- AND R11, R5, R5
- AND R12, R6, R6
- MOVM.IA.W [R2-R6], (R0)
- EOR R2, R2, R2
- EOR R3, R3, R3
- EOR R4, R4, R4
- EOR R5, R5, R5
- EOR R6, R6, R6
- MOVM.IA.W [R2-R6], (R0)
- MOVM.IA.W (R1), [R2-R5]
- MOVM.IA [R2-R6], (R0)
- ADD $20, R13, R0
- MOVM.DA (R0), [R4-R7]
- RET
-
-#define MOVW_UNALIGNED(Rsrc, Rdst, Rtmp, offset) \
- MOVBU (offset+0)(Rsrc), Rtmp; \
- MOVBU Rtmp, (offset+0)(Rdst); \
- MOVBU (offset+1)(Rsrc), Rtmp; \
- MOVBU Rtmp, (offset+1)(Rdst); \
- MOVBU (offset+2)(Rsrc), Rtmp; \
- MOVBU Rtmp, (offset+2)(Rdst); \
- MOVBU (offset+3)(Rsrc), Rtmp; \
- MOVBU Rtmp, (offset+3)(Rdst)
-
-TEXT poly1305_blocks_armv6<>(SB), NOSPLIT, $0
- // Needs 24 bytes of stack for saved registers and then 88 bytes of
- // scratch space after that. We assume that 24 bytes at (R13) have
- // already been used: four bytes for the link register saved in the
- // prelude of poly1305_auth_armv6, four bytes for saving the value of g
- // in that function and 16 bytes of scratch space used around
- // poly1305_finish_ext_armv6_skip1.
- ADD $24, R13, R12
- MOVM.IB [R4-R8, R14], (R12)
- MOVW R0, 88(R13)
- MOVW R1, 92(R13)
- MOVW R2, 96(R13)
- MOVW R1, R14
- MOVW R2, R12
- MOVW 56(R0), R8
- WORD $0xe1180008 // TST R8, R8 not working see issue 5921
- EOR R6, R6, R6
- MOVW.EQ $(1<<24), R6
- MOVW R6, 84(R13)
- ADD $116, R13, g
- MOVM.IA (R0), [R0-R9]
- MOVM.IA [R0-R4], (g)
- CMP $16, R12
- BLO poly1305_blocks_armv6_done
-
-poly1305_blocks_armv6_mainloop:
- WORD $0xe31e0003 // TST R14, #3 not working see issue 5921
- BEQ poly1305_blocks_armv6_mainloop_aligned
- ADD $100, R13, g
- MOVW_UNALIGNED(R14, g, R0, 0)
- MOVW_UNALIGNED(R14, g, R0, 4)
- MOVW_UNALIGNED(R14, g, R0, 8)
- MOVW_UNALIGNED(R14, g, R0, 12)
- MOVM.IA (g), [R0-R3]
- ADD $16, R14
- B poly1305_blocks_armv6_mainloop_loaded
-
-poly1305_blocks_armv6_mainloop_aligned:
- MOVM.IA.W (R14), [R0-R3]
-
-poly1305_blocks_armv6_mainloop_loaded:
- MOVW R0>>26, g
- MOVW R1>>20, R11
- MOVW R2>>14, R12
- MOVW R14, 92(R13)
- MOVW R3>>8, R4
- ORR R1<<6, g, g
- ORR R2<<12, R11, R11
- ORR R3<<18, R12, R12
- BIC $0xfc000000, R0, R0
- BIC $0xfc000000, g, g
- MOVW 84(R13), R3
- BIC $0xfc000000, R11, R11
- BIC $0xfc000000, R12, R12
- ADD R0, R5, R5
- ADD g, R6, R6
- ORR R3, R4, R4
- ADD R11, R7, R7
- ADD $116, R13, R14
- ADD R12, R8, R8
- ADD R4, R9, R9
- MOVM.IA (R14), [R0-R4]
- MULLU R4, R5, (R11, g)
- MULLU R3, R5, (R14, R12)
- MULALU R3, R6, (R11, g)
- MULALU R2, R6, (R14, R12)
- MULALU R2, R7, (R11, g)
- MULALU R1, R7, (R14, R12)
- ADD R4<<2, R4, R4
- ADD R3<<2, R3, R3
- MULALU R1, R8, (R11, g)
- MULALU R0, R8, (R14, R12)
- MULALU R0, R9, (R11, g)
- MULALU R4, R9, (R14, R12)
- MOVW g, 76(R13)
- MOVW R11, 80(R13)
- MOVW R12, 68(R13)
- MOVW R14, 72(R13)
- MULLU R2, R5, (R11, g)
- MULLU R1, R5, (R14, R12)
- MULALU R1, R6, (R11, g)
- MULALU R0, R6, (R14, R12)
- MULALU R0, R7, (R11, g)
- MULALU R4, R7, (R14, R12)
- ADD R2<<2, R2, R2
- ADD R1<<2, R1, R1
- MULALU R4, R8, (R11, g)
- MULALU R3, R8, (R14, R12)
- MULALU R3, R9, (R11, g)
- MULALU R2, R9, (R14, R12)
- MOVW g, 60(R13)
- MOVW R11, 64(R13)
- MOVW R12, 52(R13)
- MOVW R14, 56(R13)
- MULLU R0, R5, (R11, g)
- MULALU R4, R6, (R11, g)
- MULALU R3, R7, (R11, g)
- MULALU R2, R8, (R11, g)
- MULALU R1, R9, (R11, g)
- ADD $52, R13, R0
- MOVM.IA (R0), [R0-R7]
- MOVW g>>26, R12
- MOVW R4>>26, R14
- ORR R11<<6, R12, R12
- ORR R5<<6, R14, R14
- BIC $0xfc000000, g, g
- BIC $0xfc000000, R4, R4
- ADD.S R12, R0, R0
- ADC $0, R1, R1
- ADD.S R14, R6, R6
- ADC $0, R7, R7
- MOVW R0>>26, R12
- MOVW R6>>26, R14
- ORR R1<<6, R12, R12
- ORR R7<<6, R14, R14
- BIC $0xfc000000, R0, R0
- BIC $0xfc000000, R6, R6
- ADD R14<<2, R14, R14
- ADD.S R12, R2, R2
- ADC $0, R3, R3
- ADD R14, g, g
- MOVW R2>>26, R12
- MOVW g>>26, R14
- ORR R3<<6, R12, R12
- BIC $0xfc000000, g, R5
- BIC $0xfc000000, R2, R7
- ADD R12, R4, R4
- ADD R14, R0, R0
- MOVW R4>>26, R12
- BIC $0xfc000000, R4, R8
- ADD R12, R6, R9
- MOVW 96(R13), R12
- MOVW 92(R13), R14
- MOVW R0, R6
- CMP $32, R12
- SUB $16, R12, R12
- MOVW R12, 96(R13)
- BHS poly1305_blocks_armv6_mainloop
-
-poly1305_blocks_armv6_done:
- MOVW 88(R13), R12
- MOVW R5, 20(R12)
- MOVW R6, 24(R12)
- MOVW R7, 28(R12)
- MOVW R8, 32(R12)
- MOVW R9, 36(R12)
- ADD $48, R13, R0
- MOVM.DA (R0), [R4-R8, R14]
- RET
-
-#define MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp) \
- MOVBU.P 1(Rsrc), Rtmp; \
- MOVBU.P Rtmp, 1(Rdst); \
- MOVBU.P 1(Rsrc), Rtmp; \
- MOVBU.P Rtmp, 1(Rdst)
-
-#define MOVWP_UNALIGNED(Rsrc, Rdst, Rtmp) \
- MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp); \
- MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp)
-
-// func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]key)
-TEXT ·poly1305_auth_armv6(SB), $196-16
- // The value 196, just above, is the sum of 64 (the size of the context
- // structure) and 132 (the amount of stack needed).
- //
- // At this point, the stack pointer (R13) has been moved down. It
- // points to the saved link register and there's 196 bytes of free
- // space above it.
- //
- // The stack for this function looks like:
- //
- // +---------------------
- // |
- // | 64 bytes of context structure
- // |
- // +---------------------
- // |
- // | 112 bytes for poly1305_blocks_armv6
- // |
- // +---------------------
- // | 16 bytes of final block, constructed at
- // | poly1305_finish_ext_armv6_skip8
- // +---------------------
- // | four bytes of saved 'g'
- // +---------------------
- // | lr, saved by prelude <- R13 points here
- // +---------------------
- MOVW g, 4(R13)
-
- MOVW out+0(FP), R4
- MOVW m+4(FP), R5
- MOVW mlen+8(FP), R6
- MOVW key+12(FP), R7
-
- ADD $136, R13, R0 // 136 = 4 + 4 + 16 + 112
- MOVW R7, R1
-
- // poly1305_init_ext_armv6 will write to the stack from R13+4, but
- // that's ok because none of the other values have been written yet.
- BL poly1305_init_ext_armv6<>(SB)
- BIC.S $15, R6, R2
- BEQ poly1305_auth_armv6_noblocks
- ADD $136, R13, R0
- MOVW R5, R1
- ADD R2, R5, R5
- SUB R2, R6, R6
- BL poly1305_blocks_armv6<>(SB)
-
-poly1305_auth_armv6_noblocks:
- ADD $136, R13, R0
- MOVW R5, R1
- MOVW R6, R2
- MOVW R4, R3
-
- MOVW R0, R5
- MOVW R1, R6
- MOVW R2, R7
- MOVW R3, R8
- AND.S R2, R2, R2
- BEQ poly1305_finish_ext_armv6_noremaining
- EOR R0, R0
- ADD $8, R13, R9 // 8 = offset to 16 byte scratch space
- MOVW R0, (R9)
- MOVW R0, 4(R9)
- MOVW R0, 8(R9)
- MOVW R0, 12(R9)
- WORD $0xe3110003 // TST R1, #3 not working see issue 5921
- BEQ poly1305_finish_ext_armv6_aligned
- WORD $0xe3120008 // TST R2, #8 not working see issue 5921
- BEQ poly1305_finish_ext_armv6_skip8
- MOVWP_UNALIGNED(R1, R9, g)
- MOVWP_UNALIGNED(R1, R9, g)
-
-poly1305_finish_ext_armv6_skip8:
- WORD $0xe3120004 // TST $4, R2 not working see issue 5921
- BEQ poly1305_finish_ext_armv6_skip4
- MOVWP_UNALIGNED(R1, R9, g)
-
-poly1305_finish_ext_armv6_skip4:
- WORD $0xe3120002 // TST $2, R2 not working see issue 5921
- BEQ poly1305_finish_ext_armv6_skip2
- MOVHUP_UNALIGNED(R1, R9, g)
- B poly1305_finish_ext_armv6_skip2
-
-poly1305_finish_ext_armv6_aligned:
- WORD $0xe3120008 // TST R2, #8 not working see issue 5921
- BEQ poly1305_finish_ext_armv6_skip8_aligned
- MOVM.IA.W (R1), [g-R11]
- MOVM.IA.W [g-R11], (R9)
-
-poly1305_finish_ext_armv6_skip8_aligned:
- WORD $0xe3120004 // TST $4, R2 not working see issue 5921
- BEQ poly1305_finish_ext_armv6_skip4_aligned
- MOVW.P 4(R1), g
- MOVW.P g, 4(R9)
-
-poly1305_finish_ext_armv6_skip4_aligned:
- WORD $0xe3120002 // TST $2, R2 not working see issue 5921
- BEQ poly1305_finish_ext_armv6_skip2
- MOVHU.P 2(R1), g
- MOVH.P g, 2(R9)
-
-poly1305_finish_ext_armv6_skip2:
- WORD $0xe3120001 // TST $1, R2 not working see issue 5921
- BEQ poly1305_finish_ext_armv6_skip1
- MOVBU.P 1(R1), g
- MOVBU.P g, 1(R9)
-
-poly1305_finish_ext_armv6_skip1:
- MOVW $1, R11
- MOVBU R11, 0(R9)
- MOVW R11, 56(R5)
- MOVW R5, R0
- ADD $8, R13, R1
- MOVW $16, R2
- BL poly1305_blocks_armv6<>(SB)
-
-poly1305_finish_ext_armv6_noremaining:
- MOVW 20(R5), R0
- MOVW 24(R5), R1
- MOVW 28(R5), R2
- MOVW 32(R5), R3
- MOVW 36(R5), R4
- MOVW R4>>26, R12
- BIC $0xfc000000, R4, R4
- ADD R12<<2, R12, R12
- ADD R12, R0, R0
- MOVW R0>>26, R12
- BIC $0xfc000000, R0, R0
- ADD R12, R1, R1
- MOVW R1>>26, R12
- BIC $0xfc000000, R1, R1
- ADD R12, R2, R2
- MOVW R2>>26, R12
- BIC $0xfc000000, R2, R2
- ADD R12, R3, R3
- MOVW R3>>26, R12
- BIC $0xfc000000, R3, R3
- ADD R12, R4, R4
- ADD $5, R0, R6
- MOVW R6>>26, R12
- BIC $0xfc000000, R6, R6
- ADD R12, R1, R7
- MOVW R7>>26, R12
- BIC $0xfc000000, R7, R7
- ADD R12, R2, g
- MOVW g>>26, R12
- BIC $0xfc000000, g, g
- ADD R12, R3, R11
- MOVW $-(1<<26), R12
- ADD R11>>26, R12, R12
- BIC $0xfc000000, R11, R11
- ADD R12, R4, R9
- MOVW R9>>31, R12
- SUB $1, R12
- AND R12, R6, R6
- AND R12, R7, R7
- AND R12, g, g
- AND R12, R11, R11
- AND R12, R9, R9
- MVN R12, R12
- AND R12, R0, R0
- AND R12, R1, R1
- AND R12, R2, R2
- AND R12, R3, R3
- AND R12, R4, R4
- ORR R6, R0, R0
- ORR R7, R1, R1
- ORR g, R2, R2
- ORR R11, R3, R3
- ORR R9, R4, R4
- ORR R1<<26, R0, R0
- MOVW R1>>6, R1
- ORR R2<<20, R1, R1
- MOVW R2>>12, R2
- ORR R3<<14, R2, R2
- MOVW R3>>18, R3
- ORR R4<<8, R3, R3
- MOVW 40(R5), R6
- MOVW 44(R5), R7
- MOVW 48(R5), g
- MOVW 52(R5), R11
- ADD.S R6, R0, R0
- ADC.S R7, R1, R1
- ADC.S g, R2, R2
- ADC.S R11, R3, R3
- MOVM.IA [R0-R3], (R8)
- MOVW R5, R12
- EOR R0, R0, R0
- EOR R1, R1, R1
- EOR R2, R2, R2
- EOR R3, R3, R3
- EOR R4, R4, R4
- EOR R5, R5, R5
- EOR R6, R6, R6
- EOR R7, R7, R7
- MOVM.IA.W [R0-R7], (R12)
- MOVM.IA [R0-R7], (R12)
- MOVW 4(R13), g
- RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_noasm.go b/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
deleted file mode 100644
index 751eec5..0000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build s390x,!go1.11 !arm,!amd64,!s390x gccgo appengine nacl
-
-package poly1305
-
-// Sum generates an authenticator for msg using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[TagSize]byte, msg []byte, key *[32]byte) {
- sumGeneric(out, msg, key)
-}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_ref.go b/vendor/golang.org/x/crypto/poly1305/sum_ref.go
deleted file mode 100644
index c4d59bd..0000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_ref.go
+++ /dev/null
@@ -1,139 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package poly1305
-
-import "encoding/binary"
-
-// sumGeneric generates an authenticator for msg using a one-time key and
-// puts the 16-byte result into out. This is the generic implementation of
-// Sum and should be called if no assembly implementation is available.
-func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) {
- var (
- h0, h1, h2, h3, h4 uint32 // the hash accumulators
- r0, r1, r2, r3, r4 uint64 // the r part of the key
- )
-
- r0 = uint64(binary.LittleEndian.Uint32(key[0:]) & 0x3ffffff)
- r1 = uint64((binary.LittleEndian.Uint32(key[3:]) >> 2) & 0x3ffff03)
- r2 = uint64((binary.LittleEndian.Uint32(key[6:]) >> 4) & 0x3ffc0ff)
- r3 = uint64((binary.LittleEndian.Uint32(key[9:]) >> 6) & 0x3f03fff)
- r4 = uint64((binary.LittleEndian.Uint32(key[12:]) >> 8) & 0x00fffff)
-
- R1, R2, R3, R4 := r1*5, r2*5, r3*5, r4*5
-
- for len(msg) >= TagSize {
- // h += msg
- h0 += binary.LittleEndian.Uint32(msg[0:]) & 0x3ffffff
- h1 += (binary.LittleEndian.Uint32(msg[3:]) >> 2) & 0x3ffffff
- h2 += (binary.LittleEndian.Uint32(msg[6:]) >> 4) & 0x3ffffff
- h3 += (binary.LittleEndian.Uint32(msg[9:]) >> 6) & 0x3ffffff
- h4 += (binary.LittleEndian.Uint32(msg[12:]) >> 8) | (1 << 24)
-
- // h *= r
- d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1)
- d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2)
- d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3)
- d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4)
- d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0)
-
- // h %= p
- h0 = uint32(d0) & 0x3ffffff
- h1 = uint32(d1) & 0x3ffffff
- h2 = uint32(d2) & 0x3ffffff
- h3 = uint32(d3) & 0x3ffffff
- h4 = uint32(d4) & 0x3ffffff
-
- h0 += uint32(d4>>26) * 5
- h1 += h0 >> 26
- h0 = h0 & 0x3ffffff
-
- msg = msg[TagSize:]
- }
-
- if len(msg) > 0 {
- var block [TagSize]byte
- off := copy(block[:], msg)
- block[off] = 0x01
-
- // h += msg
- h0 += binary.LittleEndian.Uint32(block[0:]) & 0x3ffffff
- h1 += (binary.LittleEndian.Uint32(block[3:]) >> 2) & 0x3ffffff
- h2 += (binary.LittleEndian.Uint32(block[6:]) >> 4) & 0x3ffffff
- h3 += (binary.LittleEndian.Uint32(block[9:]) >> 6) & 0x3ffffff
- h4 += (binary.LittleEndian.Uint32(block[12:]) >> 8)
-
- // h *= r
- d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1)
- d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2)
- d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3)
- d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4)
- d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0)
-
- // h %= p
- h0 = uint32(d0) & 0x3ffffff
- h1 = uint32(d1) & 0x3ffffff
- h2 = uint32(d2) & 0x3ffffff
- h3 = uint32(d3) & 0x3ffffff
- h4 = uint32(d4) & 0x3ffffff
-
- h0 += uint32(d4>>26) * 5
- h1 += h0 >> 26
- h0 = h0 & 0x3ffffff
- }
-
- // h %= p reduction
- h2 += h1 >> 26
- h1 &= 0x3ffffff
- h3 += h2 >> 26
- h2 &= 0x3ffffff
- h4 += h3 >> 26
- h3 &= 0x3ffffff
- h0 += 5 * (h4 >> 26)
- h4 &= 0x3ffffff
- h1 += h0 >> 26
- h0 &= 0x3ffffff
-
- // h - p
- t0 := h0 + 5
- t1 := h1 + (t0 >> 26)
- t2 := h2 + (t1 >> 26)
- t3 := h3 + (t2 >> 26)
- t4 := h4 + (t3 >> 26) - (1 << 26)
- t0 &= 0x3ffffff
- t1 &= 0x3ffffff
- t2 &= 0x3ffffff
- t3 &= 0x3ffffff
-
- // select h if h < p else h - p
- t_mask := (t4 >> 31) - 1
- h_mask := ^t_mask
- h0 = (h0 & h_mask) | (t0 & t_mask)
- h1 = (h1 & h_mask) | (t1 & t_mask)
- h2 = (h2 & h_mask) | (t2 & t_mask)
- h3 = (h3 & h_mask) | (t3 & t_mask)
- h4 = (h4 & h_mask) | (t4 & t_mask)
-
- // h %= 2^128
- h0 |= h1 << 26
- h1 = ((h1 >> 6) | (h2 << 20))
- h2 = ((h2 >> 12) | (h3 << 14))
- h3 = ((h3 >> 18) | (h4 << 8))
-
- // s: the s part of the key
- // tag = (h + s) % (2^128)
- t := uint64(h0) + uint64(binary.LittleEndian.Uint32(key[16:]))
- h0 = uint32(t)
- t = uint64(h1) + uint64(binary.LittleEndian.Uint32(key[20:])) + (t >> 32)
- h1 = uint32(t)
- t = uint64(h2) + uint64(binary.LittleEndian.Uint32(key[24:])) + (t >> 32)
- h2 = uint32(t)
- t = uint64(h3) + uint64(binary.LittleEndian.Uint32(key[28:])) + (t >> 32)
- h3 = uint32(t)
-
- binary.LittleEndian.PutUint32(out[0:], h0)
- binary.LittleEndian.PutUint32(out[4:], h1)
- binary.LittleEndian.PutUint32(out[8:], h2)
- binary.LittleEndian.PutUint32(out[12:], h3)
-}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_s390x.go b/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
deleted file mode 100644
index 7a266ce..0000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
+++ /dev/null
@@ -1,49 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build s390x,go1.11,!gccgo,!appengine
-
-package poly1305
-
-// hasVectorFacility reports whether the machine supports
-// the vector facility (vx).
-func hasVectorFacility() bool
-
-// hasVMSLFacility reports whether the machine supports
-// Vector Multiply Sum Logical (VMSL).
-func hasVMSLFacility() bool
-
-var hasVX = hasVectorFacility()
-var hasVMSL = hasVMSLFacility()
-
-// poly1305vx is an assembly implementation of Poly1305 that uses vector
-// instructions. It must only be called if the vector facility (vx) is
-// available.
-//go:noescape
-func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
-
-// poly1305vmsl is an assembly implementation of Poly1305 that uses vector
-// instructions, including VMSL. It must only be called if the vector facility (vx) is
-// available and if VMSL is supported.
-//go:noescape
-func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
-
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
- if hasVX {
- var mPtr *byte
- if len(m) > 0 {
- mPtr = &m[0]
- }
- if hasVMSL && len(m) > 256 {
- poly1305vmsl(out, mPtr, uint64(len(m)), key)
- } else {
- poly1305vx(out, mPtr, uint64(len(m)), key)
- }
- } else {
- sumGeneric(out, m, key)
- }
-}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_s390x.s b/vendor/golang.org/x/crypto/poly1305/sum_s390x.s
deleted file mode 100644
index 356c07a..0000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_s390x.s
+++ /dev/null
@@ -1,400 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build s390x,go1.11,!gccgo,!appengine
-
-#include "textflag.h"
-
-// Implementation of Poly1305 using the vector facility (vx).
-
-// constants
-#define MOD26 V0
-#define EX0 V1
-#define EX1 V2
-#define EX2 V3
-
-// temporaries
-#define T_0 V4
-#define T_1 V5
-#define T_2 V6
-#define T_3 V7
-#define T_4 V8
-
-// key (r)
-#define R_0 V9
-#define R_1 V10
-#define R_2 V11
-#define R_3 V12
-#define R_4 V13
-#define R5_1 V14
-#define R5_2 V15
-#define R5_3 V16
-#define R5_4 V17
-#define RSAVE_0 R5
-#define RSAVE_1 R6
-#define RSAVE_2 R7
-#define RSAVE_3 R8
-#define RSAVE_4 R9
-#define R5SAVE_1 V28
-#define R5SAVE_2 V29
-#define R5SAVE_3 V30
-#define R5SAVE_4 V31
-
-// message block
-#define F_0 V18
-#define F_1 V19
-#define F_2 V20
-#define F_3 V21
-#define F_4 V22
-
-// accumulator
-#define H_0 V23
-#define H_1 V24
-#define H_2 V25
-#define H_3 V26
-#define H_4 V27
-
-GLOBL ·keyMask<>(SB), RODATA, $16
-DATA ·keyMask<>+0(SB)/8, $0xffffff0ffcffff0f
-DATA ·keyMask<>+8(SB)/8, $0xfcffff0ffcffff0f
-
-GLOBL ·bswapMask<>(SB), RODATA, $16
-DATA ·bswapMask<>+0(SB)/8, $0x0f0e0d0c0b0a0908
-DATA ·bswapMask<>+8(SB)/8, $0x0706050403020100
-
-GLOBL ·constants<>(SB), RODATA, $64
-// MOD26
-DATA ·constants<>+0(SB)/8, $0x3ffffff
-DATA ·constants<>+8(SB)/8, $0x3ffffff
-// EX0
-DATA ·constants<>+16(SB)/8, $0x0006050403020100
-DATA ·constants<>+24(SB)/8, $0x1016151413121110
-// EX1
-DATA ·constants<>+32(SB)/8, $0x060c0b0a09080706
-DATA ·constants<>+40(SB)/8, $0x161c1b1a19181716
-// EX2
-DATA ·constants<>+48(SB)/8, $0x0d0d0d0d0d0f0e0d
-DATA ·constants<>+56(SB)/8, $0x1d1d1d1d1d1f1e1d
-
-// h = (f*g) % (2**130-5) [partial reduction]
-#define MULTIPLY(f0, f1, f2, f3, f4, g0, g1, g2, g3, g4, g51, g52, g53, g54, h0, h1, h2, h3, h4) \
- VMLOF f0, g0, h0 \
- VMLOF f0, g1, h1 \
- VMLOF f0, g2, h2 \
- VMLOF f0, g3, h3 \
- VMLOF f0, g4, h4 \
- VMLOF f1, g54, T_0 \
- VMLOF f1, g0, T_1 \
- VMLOF f1, g1, T_2 \
- VMLOF f1, g2, T_3 \
- VMLOF f1, g3, T_4 \
- VMALOF f2, g53, h0, h0 \
- VMALOF f2, g54, h1, h1 \
- VMALOF f2, g0, h2, h2 \
- VMALOF f2, g1, h3, h3 \
- VMALOF f2, g2, h4, h4 \
- VMALOF f3, g52, T_0, T_0 \
- VMALOF f3, g53, T_1, T_1 \
- VMALOF f3, g54, T_2, T_2 \
- VMALOF f3, g0, T_3, T_3 \
- VMALOF f3, g1, T_4, T_4 \
- VMALOF f4, g51, h0, h0 \
- VMALOF f4, g52, h1, h1 \
- VMALOF f4, g53, h2, h2 \
- VMALOF f4, g54, h3, h3 \
- VMALOF f4, g0, h4, h4 \
- VAG T_0, h0, h0 \
- VAG T_1, h1, h1 \
- VAG T_2, h2, h2 \
- VAG T_3, h3, h3 \
- VAG T_4, h4, h4
-
-// carry h0->h1 h3->h4, h1->h2 h4->h0, h0->h1 h2->h3, h3->h4
-#define REDUCE(h0, h1, h2, h3, h4) \
- VESRLG $26, h0, T_0 \
- VESRLG $26, h3, T_1 \
- VN MOD26, h0, h0 \
- VN MOD26, h3, h3 \
- VAG T_0, h1, h1 \
- VAG T_1, h4, h4 \
- VESRLG $26, h1, T_2 \
- VESRLG $26, h4, T_3 \
- VN MOD26, h1, h1 \
- VN MOD26, h4, h4 \
- VESLG $2, T_3, T_4 \
- VAG T_3, T_4, T_4 \
- VAG T_2, h2, h2 \
- VAG T_4, h0, h0 \
- VESRLG $26, h2, T_0 \
- VESRLG $26, h0, T_1 \
- VN MOD26, h2, h2 \
- VN MOD26, h0, h0 \
- VAG T_0, h3, h3 \
- VAG T_1, h1, h1 \
- VESRLG $26, h3, T_2 \
- VN MOD26, h3, h3 \
- VAG T_2, h4, h4
-
-// expand in0 into d[0] and in1 into d[1]
-#define EXPAND(in0, in1, d0, d1, d2, d3, d4) \
- VGBM $0x0707, d1 \ // d1=tmp
- VPERM in0, in1, EX2, d4 \
- VPERM in0, in1, EX0, d0 \
- VPERM in0, in1, EX1, d2 \
- VN d1, d4, d4 \
- VESRLG $26, d0, d1 \
- VESRLG $30, d2, d3 \
- VESRLG $4, d2, d2 \
- VN MOD26, d0, d0 \
- VN MOD26, d1, d1 \
- VN MOD26, d2, d2 \
- VN MOD26, d3, d3
-
-// pack h4:h0 into h1:h0 (no carry)
-#define PACK(h0, h1, h2, h3, h4) \
- VESLG $26, h1, h1 \
- VESLG $26, h3, h3 \
- VO h0, h1, h0 \
- VO h2, h3, h2 \
- VESLG $4, h2, h2 \
- VLEIB $7, $48, h1 \
- VSLB h1, h2, h2 \
- VO h0, h2, h0 \
- VLEIB $7, $104, h1 \
- VSLB h1, h4, h3 \
- VO h3, h0, h0 \
- VLEIB $7, $24, h1 \
- VSRLB h1, h4, h1
-
-// if h > 2**130-5 then h -= 2**130-5
-#define MOD(h0, h1, t0, t1, t2) \
- VZERO t0 \
- VLEIG $1, $5, t0 \
- VACCQ h0, t0, t1 \
- VAQ h0, t0, t0 \
- VONE t2 \
- VLEIG $1, $-4, t2 \
- VAQ t2, t1, t1 \
- VACCQ h1, t1, t1 \
- VONE t2 \
- VAQ t2, t1, t1 \
- VN h0, t1, t2 \
- VNC t0, t1, t1 \
- VO t1, t2, h0
-
-// func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]key)
-TEXT ·poly1305vx(SB), $0-32
- // This code processes up to 2 blocks (32 bytes) per iteration
- // using the algorithm described in:
- // NEON crypto, Daniel J. Bernstein & Peter Schwabe
- // https://cryptojedi.org/papers/neoncrypto-20120320.pdf
- LMG out+0(FP), R1, R4 // R1=out, R2=m, R3=mlen, R4=key
-
- // load MOD26, EX0, EX1 and EX2
- MOVD $·constants<>(SB), R5
- VLM (R5), MOD26, EX2
-
- // setup r
- VL (R4), T_0
- MOVD $·keyMask<>(SB), R6
- VL (R6), T_1
- VN T_0, T_1, T_0
- EXPAND(T_0, T_0, R_0, R_1, R_2, R_3, R_4)
-
- // setup r*5
- VLEIG $0, $5, T_0
- VLEIG $1, $5, T_0
-
- // store r (for final block)
- VMLOF T_0, R_1, R5SAVE_1
- VMLOF T_0, R_2, R5SAVE_2
- VMLOF T_0, R_3, R5SAVE_3
- VMLOF T_0, R_4, R5SAVE_4
- VLGVG $0, R_0, RSAVE_0
- VLGVG $0, R_1, RSAVE_1
- VLGVG $0, R_2, RSAVE_2
- VLGVG $0, R_3, RSAVE_3
- VLGVG $0, R_4, RSAVE_4
-
- // skip r**2 calculation
- CMPBLE R3, $16, skip
-
- // calculate r**2
- MULTIPLY(R_0, R_1, R_2, R_3, R_4, R_0, R_1, R_2, R_3, R_4, R5SAVE_1, R5SAVE_2, R5SAVE_3, R5SAVE_4, H_0, H_1, H_2, H_3, H_4)
- REDUCE(H_0, H_1, H_2, H_3, H_4)
- VLEIG $0, $5, T_0
- VLEIG $1, $5, T_0
- VMLOF T_0, H_1, R5_1
- VMLOF T_0, H_2, R5_2
- VMLOF T_0, H_3, R5_3
- VMLOF T_0, H_4, R5_4
- VLR H_0, R_0
- VLR H_1, R_1
- VLR H_2, R_2
- VLR H_3, R_3
- VLR H_4, R_4
-
- // initialize h
- VZERO H_0
- VZERO H_1
- VZERO H_2
- VZERO H_3
- VZERO H_4
-
-loop:
- CMPBLE R3, $32, b2
- VLM (R2), T_0, T_1
- SUB $32, R3
- MOVD $32(R2), R2
- EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4)
- VLEIB $4, $1, F_4
- VLEIB $12, $1, F_4
-
-multiply:
- VAG H_0, F_0, F_0
- VAG H_1, F_1, F_1
- VAG H_2, F_2, F_2
- VAG H_3, F_3, F_3
- VAG H_4, F_4, F_4
- MULTIPLY(F_0, F_1, F_2, F_3, F_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, H_0, H_1, H_2, H_3, H_4)
- REDUCE(H_0, H_1, H_2, H_3, H_4)
- CMPBNE R3, $0, loop
-
-finish:
- // sum vectors
- VZERO T_0
- VSUMQG H_0, T_0, H_0
- VSUMQG H_1, T_0, H_1
- VSUMQG H_2, T_0, H_2
- VSUMQG H_3, T_0, H_3
- VSUMQG H_4, T_0, H_4
-
- // h may be >= 2*(2**130-5) so we need to reduce it again
- REDUCE(H_0, H_1, H_2, H_3, H_4)
-
- // carry h1->h4
- VESRLG $26, H_1, T_1
- VN MOD26, H_1, H_1
- VAQ T_1, H_2, H_2
- VESRLG $26, H_2, T_2
- VN MOD26, H_2, H_2
- VAQ T_2, H_3, H_3
- VESRLG $26, H_3, T_3
- VN MOD26, H_3, H_3
- VAQ T_3, H_4, H_4
-
- // h is now < 2*(2**130-5)
- // pack h into h1 (hi) and h0 (lo)
- PACK(H_0, H_1, H_2, H_3, H_4)
-
- // if h > 2**130-5 then h -= 2**130-5
- MOD(H_0, H_1, T_0, T_1, T_2)
-
- // h += s
- MOVD $·bswapMask<>(SB), R5
- VL (R5), T_1
- VL 16(R4), T_0
- VPERM T_0, T_0, T_1, T_0 // reverse bytes (to big)
- VAQ T_0, H_0, H_0
- VPERM H_0, H_0, T_1, H_0 // reverse bytes (to little)
- VST H_0, (R1)
-
- RET
-
-b2:
- CMPBLE R3, $16, b1
-
- // 2 blocks remaining
- SUB $17, R3
- VL (R2), T_0
- VLL R3, 16(R2), T_1
- ADD $1, R3
- MOVBZ $1, R0
- CMPBEQ R3, $16, 2(PC)
- VLVGB R3, R0, T_1
- EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4)
- CMPBNE R3, $16, 2(PC)
- VLEIB $12, $1, F_4
- VLEIB $4, $1, F_4
-
- // setup [r²,r]
- VLVGG $1, RSAVE_0, R_0
- VLVGG $1, RSAVE_1, R_1
- VLVGG $1, RSAVE_2, R_2
- VLVGG $1, RSAVE_3, R_3
- VLVGG $1, RSAVE_4, R_4
- VPDI $0, R5_1, R5SAVE_1, R5_1
- VPDI $0, R5_2, R5SAVE_2, R5_2
- VPDI $0, R5_3, R5SAVE_3, R5_3
- VPDI $0, R5_4, R5SAVE_4, R5_4
-
- MOVD $0, R3
- BR multiply
-
-skip:
- VZERO H_0
- VZERO H_1
- VZERO H_2
- VZERO H_3
- VZERO H_4
-
- CMPBEQ R3, $0, finish
-
-b1:
- // 1 block remaining
- SUB $1, R3
- VLL R3, (R2), T_0
- ADD $1, R3
- MOVBZ $1, R0
- CMPBEQ R3, $16, 2(PC)
- VLVGB R3, R0, T_0
- VZERO T_1
- EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4)
- CMPBNE R3, $16, 2(PC)
- VLEIB $4, $1, F_4
- VLEIG $1, $1, R_0
- VZERO R_1
- VZERO R_2
- VZERO R_3
- VZERO R_4
- VZERO R5_1
- VZERO R5_2
- VZERO R5_3
- VZERO R5_4
-
- // setup [r, 1]
- VLVGG $0, RSAVE_0, R_0
- VLVGG $0, RSAVE_1, R_1
- VLVGG $0, RSAVE_2, R_2
- VLVGG $0, RSAVE_3, R_3
- VLVGG $0, RSAVE_4, R_4
- VPDI $0, R5SAVE_1, R5_1, R5_1
- VPDI $0, R5SAVE_2, R5_2, R5_2
- VPDI $0, R5SAVE_3, R5_3, R5_3
- VPDI $0, R5SAVE_4, R5_4, R5_4
-
- MOVD $0, R3
- BR multiply
-
-TEXT ·hasVectorFacility(SB), NOSPLIT, $24-1
- MOVD $x-24(SP), R1
- XC $24, 0(R1), 0(R1) // clear the storage
- MOVD $2, R0 // R0 is the number of double words stored -1
- WORD $0xB2B01000 // STFLE 0(R1)
- XOR R0, R0 // reset the value of R0
- MOVBZ z-8(SP), R1
- AND $0x40, R1
- BEQ novector
-
-vectorinstalled:
- // check if the vector instruction has been enabled
- VLEIB $0, $0xF, V16
- VLGVB $0, V16, R1
- CMPBNE R1, $0xF, novector
- MOVB $1, ret+0(FP) // have vx
- RET
-
-novector:
- MOVB $0, ret+0(FP) // no vx
- RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s b/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s
deleted file mode 100644
index e548020..0000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s
+++ /dev/null
@@ -1,931 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build s390x,go1.11,!gccgo,!appengine
-
-#include "textflag.h"
-
-// Implementation of Poly1305 using the vector facility (vx) and the VMSL instruction.
-
-// constants
-#define EX0 V1
-#define EX1 V2
-#define EX2 V3
-
-// temporaries
-#define T_0 V4
-#define T_1 V5
-#define T_2 V6
-#define T_3 V7
-#define T_4 V8
-#define T_5 V9
-#define T_6 V10
-#define T_7 V11
-#define T_8 V12
-#define T_9 V13
-#define T_10 V14
-
-// r**2 & r**4
-#define R_0 V15
-#define R_1 V16
-#define R_2 V17
-#define R5_1 V18
-#define R5_2 V19
-// key (r)
-#define RSAVE_0 R7
-#define RSAVE_1 R8
-#define RSAVE_2 R9
-#define R5SAVE_1 R10
-#define R5SAVE_2 R11
-
-// message block
-#define M0 V20
-#define M1 V21
-#define M2 V22
-#define M3 V23
-#define M4 V24
-#define M5 V25
-
-// accumulator
-#define H0_0 V26
-#define H1_0 V27
-#define H2_0 V28
-#define H0_1 V29
-#define H1_1 V30
-#define H2_1 V31
-
-GLOBL ·keyMask<>(SB), RODATA, $16
-DATA ·keyMask<>+0(SB)/8, $0xffffff0ffcffff0f
-DATA ·keyMask<>+8(SB)/8, $0xfcffff0ffcffff0f
-
-GLOBL ·bswapMask<>(SB), RODATA, $16
-DATA ·bswapMask<>+0(SB)/8, $0x0f0e0d0c0b0a0908
-DATA ·bswapMask<>+8(SB)/8, $0x0706050403020100
-
-GLOBL ·constants<>(SB), RODATA, $48
-// EX0
-DATA ·constants<>+0(SB)/8, $0x18191a1b1c1d1e1f
-DATA ·constants<>+8(SB)/8, $0x0000050403020100
-// EX1
-DATA ·constants<>+16(SB)/8, $0x18191a1b1c1d1e1f
-DATA ·constants<>+24(SB)/8, $0x00000a0908070605
-// EX2
-DATA ·constants<>+32(SB)/8, $0x18191a1b1c1d1e1f
-DATA ·constants<>+40(SB)/8, $0x0000000f0e0d0c0b
-
-GLOBL ·c<>(SB), RODATA, $48
-// EX0
-DATA ·c<>+0(SB)/8, $0x0000050403020100
-DATA ·c<>+8(SB)/8, $0x0000151413121110
-// EX1
-DATA ·c<>+16(SB)/8, $0x00000a0908070605
-DATA ·c<>+24(SB)/8, $0x00001a1918171615
-// EX2
-DATA ·c<>+32(SB)/8, $0x0000000f0e0d0c0b
-DATA ·c<>+40(SB)/8, $0x0000001f1e1d1c1b
-
-GLOBL ·reduce<>(SB), RODATA, $32
-// 44 bit
-DATA ·reduce<>+0(SB)/8, $0x0
-DATA ·reduce<>+8(SB)/8, $0xfffffffffff
-// 42 bit
-DATA ·reduce<>+16(SB)/8, $0x0
-DATA ·reduce<>+24(SB)/8, $0x3ffffffffff
-
-// h = (f*g) % (2**130-5) [partial reduction]
-// uses T_0...T_9 temporary registers
-// input: m02_0, m02_1, m02_2, m13_0, m13_1, m13_2, r_0, r_1, r_2, r5_1, r5_2, m4_0, m4_1, m4_2, m5_0, m5_1, m5_2
-// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8, t9
-// output: m02_0, m02_1, m02_2, m13_0, m13_1, m13_2
-#define MULTIPLY(m02_0, m02_1, m02_2, m13_0, m13_1, m13_2, r_0, r_1, r_2, r5_1, r5_2, m4_0, m4_1, m4_2, m5_0, m5_1, m5_2, t0, t1, t2, t3, t4, t5, t6, t7, t8, t9) \
- \ // Eliminate the dependency for the last 2 VMSLs
- VMSLG m02_0, r_2, m4_2, m4_2 \
- VMSLG m13_0, r_2, m5_2, m5_2 \ // 8 VMSLs pipelined
- VMSLG m02_0, r_0, m4_0, m4_0 \
- VMSLG m02_1, r5_2, V0, T_0 \
- VMSLG m02_0, r_1, m4_1, m4_1 \
- VMSLG m02_1, r_0, V0, T_1 \
- VMSLG m02_1, r_1, V0, T_2 \
- VMSLG m02_2, r5_1, V0, T_3 \
- VMSLG m02_2, r5_2, V0, T_4 \
- VMSLG m13_0, r_0, m5_0, m5_0 \
- VMSLG m13_1, r5_2, V0, T_5 \
- VMSLG m13_0, r_1, m5_1, m5_1 \
- VMSLG m13_1, r_0, V0, T_6 \
- VMSLG m13_1, r_1, V0, T_7 \
- VMSLG m13_2, r5_1, V0, T_8 \
- VMSLG m13_2, r5_2, V0, T_9 \
- VMSLG m02_2, r_0, m4_2, m4_2 \
- VMSLG m13_2, r_0, m5_2, m5_2 \
- VAQ m4_0, T_0, m02_0 \
- VAQ m4_1, T_1, m02_1 \
- VAQ m5_0, T_5, m13_0 \
- VAQ m5_1, T_6, m13_1 \
- VAQ m02_0, T_3, m02_0 \
- VAQ m02_1, T_4, m02_1 \
- VAQ m13_0, T_8, m13_0 \
- VAQ m13_1, T_9, m13_1 \
- VAQ m4_2, T_2, m02_2 \
- VAQ m5_2, T_7, m13_2 \
-
-// SQUARE uses three limbs of r and r_2*5 to output square of r
-// uses T_1, T_5 and T_7 temporary registers
-// input: r_0, r_1, r_2, r5_2
-// temp: TEMP0, TEMP1, TEMP2
-// output: p0, p1, p2
-#define SQUARE(r_0, r_1, r_2, r5_2, p0, p1, p2, TEMP0, TEMP1, TEMP2) \
- VMSLG r_0, r_0, p0, p0 \
- VMSLG r_1, r5_2, V0, TEMP0 \
- VMSLG r_2, r5_2, p1, p1 \
- VMSLG r_0, r_1, V0, TEMP1 \
- VMSLG r_1, r_1, p2, p2 \
- VMSLG r_0, r_2, V0, TEMP2 \
- VAQ TEMP0, p0, p0 \
- VAQ TEMP1, p1, p1 \
- VAQ TEMP2, p2, p2 \
- VAQ TEMP0, p0, p0 \
- VAQ TEMP1, p1, p1 \
- VAQ TEMP2, p2, p2 \
-
-// carry h0->h1->h2->h0 || h3->h4->h5->h3
-// uses T_2, T_4, T_5, T_7, T_8, T_9
-// t6, t7, t8, t9, t10, t11
-// input: h0, h1, h2, h3, h4, h5
-// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11
-// output: h0, h1, h2, h3, h4, h5
-#define REDUCE(h0, h1, h2, h3, h4, h5, t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11) \
- VLM (R12), t6, t7 \ // 44 and 42 bit clear mask
- VLEIB $7, $0x28, t10 \ // 5 byte shift mask
- VREPIB $4, t8 \ // 4 bit shift mask
- VREPIB $2, t11 \ // 2 bit shift mask
- VSRLB t10, h0, t0 \ // h0 byte shift
- VSRLB t10, h1, t1 \ // h1 byte shift
- VSRLB t10, h2, t2 \ // h2 byte shift
- VSRLB t10, h3, t3 \ // h3 byte shift
- VSRLB t10, h4, t4 \ // h4 byte shift
- VSRLB t10, h5, t5 \ // h5 byte shift
- VSRL t8, t0, t0 \ // h0 bit shift
- VSRL t8, t1, t1 \ // h2 bit shift
- VSRL t11, t2, t2 \ // h2 bit shift
- VSRL t8, t3, t3 \ // h3 bit shift
- VSRL t8, t4, t4 \ // h4 bit shift
- VESLG $2, t2, t9 \ // h2 carry x5
- VSRL t11, t5, t5 \ // h5 bit shift
- VN t6, h0, h0 \ // h0 clear carry
- VAQ t2, t9, t2 \ // h2 carry x5
- VESLG $2, t5, t9 \ // h5 carry x5
- VN t6, h1, h1 \ // h1 clear carry
- VN t7, h2, h2 \ // h2 clear carry
- VAQ t5, t9, t5 \ // h5 carry x5
- VN t6, h3, h3 \ // h3 clear carry
- VN t6, h4, h4 \ // h4 clear carry
- VN t7, h5, h5 \ // h5 clear carry
- VAQ t0, h1, h1 \ // h0->h1
- VAQ t3, h4, h4 \ // h3->h4
- VAQ t1, h2, h2 \ // h1->h2
- VAQ t4, h5, h5 \ // h4->h5
- VAQ t2, h0, h0 \ // h2->h0
- VAQ t5, h3, h3 \ // h5->h3
- VREPG $1, t6, t6 \ // 44 and 42 bit masks across both halves
- VREPG $1, t7, t7 \
- VSLDB $8, h0, h0, h0 \ // set up [h0/1/2, h3/4/5]
- VSLDB $8, h1, h1, h1 \
- VSLDB $8, h2, h2, h2 \
- VO h0, h3, h3 \
- VO h1, h4, h4 \
- VO h2, h5, h5 \
- VESRLG $44, h3, t0 \ // 44 bit shift right
- VESRLG $44, h4, t1 \
- VESRLG $42, h5, t2 \
- VN t6, h3, h3 \ // clear carry bits
- VN t6, h4, h4 \
- VN t7, h5, h5 \
- VESLG $2, t2, t9 \ // multiply carry by 5
- VAQ t9, t2, t2 \
- VAQ t0, h4, h4 \
- VAQ t1, h5, h5 \
- VAQ t2, h3, h3 \
-
-// carry h0->h1->h2->h0
-// input: h0, h1, h2
-// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8
-// output: h0, h1, h2
-#define REDUCE2(h0, h1, h2, t0, t1, t2, t3, t4, t5, t6, t7, t8) \
- VLEIB $7, $0x28, t3 \ // 5 byte shift mask
- VREPIB $4, t4 \ // 4 bit shift mask
- VREPIB $2, t7 \ // 2 bit shift mask
- VGBM $0x003F, t5 \ // mask to clear carry bits
- VSRLB t3, h0, t0 \
- VSRLB t3, h1, t1 \
- VSRLB t3, h2, t2 \
- VESRLG $4, t5, t5 \ // 44 bit clear mask
- VSRL t4, t0, t0 \
- VSRL t4, t1, t1 \
- VSRL t7, t2, t2 \
- VESRLG $2, t5, t6 \ // 42 bit clear mask
- VESLG $2, t2, t8 \
- VAQ t8, t2, t2 \
- VN t5, h0, h0 \
- VN t5, h1, h1 \
- VN t6, h2, h2 \
- VAQ t0, h1, h1 \
- VAQ t1, h2, h2 \
- VAQ t2, h0, h0 \
- VSRLB t3, h0, t0 \
- VSRLB t3, h1, t1 \
- VSRLB t3, h2, t2 \
- VSRL t4, t0, t0 \
- VSRL t4, t1, t1 \
- VSRL t7, t2, t2 \
- VN t5, h0, h0 \
- VN t5, h1, h1 \
- VESLG $2, t2, t8 \
- VN t6, h2, h2 \
- VAQ t0, h1, h1 \
- VAQ t8, t2, t2 \
- VAQ t1, h2, h2 \
- VAQ t2, h0, h0 \
-
-// expands two message blocks into the lower halfs of the d registers
-// moves the contents of the d registers into upper halfs
-// input: in1, in2, d0, d1, d2, d3, d4, d5
-// temp: TEMP0, TEMP1, TEMP2, TEMP3
-// output: d0, d1, d2, d3, d4, d5
-#define EXPACC(in1, in2, d0, d1, d2, d3, d4, d5, TEMP0, TEMP1, TEMP2, TEMP3) \
- VGBM $0xff3f, TEMP0 \
- VGBM $0xff1f, TEMP1 \
- VESLG $4, d1, TEMP2 \
- VESLG $4, d4, TEMP3 \
- VESRLG $4, TEMP0, TEMP0 \
- VPERM in1, d0, EX0, d0 \
- VPERM in2, d3, EX0, d3 \
- VPERM in1, d2, EX2, d2 \
- VPERM in2, d5, EX2, d5 \
- VPERM in1, TEMP2, EX1, d1 \
- VPERM in2, TEMP3, EX1, d4 \
- VN TEMP0, d0, d0 \
- VN TEMP0, d3, d3 \
- VESRLG $4, d1, d1 \
- VESRLG $4, d4, d4 \
- VN TEMP1, d2, d2 \
- VN TEMP1, d5, d5 \
- VN TEMP0, d1, d1 \
- VN TEMP0, d4, d4 \
-
-// expands one message block into the lower halfs of the d registers
-// moves the contents of the d registers into upper halfs
-// input: in, d0, d1, d2
-// temp: TEMP0, TEMP1, TEMP2
-// output: d0, d1, d2
-#define EXPACC2(in, d0, d1, d2, TEMP0, TEMP1, TEMP2) \
- VGBM $0xff3f, TEMP0 \
- VESLG $4, d1, TEMP2 \
- VGBM $0xff1f, TEMP1 \
- VPERM in, d0, EX0, d0 \
- VESRLG $4, TEMP0, TEMP0 \
- VPERM in, d2, EX2, d2 \
- VPERM in, TEMP2, EX1, d1 \
- VN TEMP0, d0, d0 \
- VN TEMP1, d2, d2 \
- VESRLG $4, d1, d1 \
- VN TEMP0, d1, d1 \
-
-// pack h2:h0 into h1:h0 (no carry)
-// input: h0, h1, h2
-// output: h0, h1, h2
-#define PACK(h0, h1, h2) \
- VMRLG h1, h2, h2 \ // copy h1 to upper half h2
- VESLG $44, h1, h1 \ // shift limb 1 44 bits, leaving 20
- VO h0, h1, h0 \ // combine h0 with 20 bits from limb 1
- VESRLG $20, h2, h1 \ // put top 24 bits of limb 1 into h1
- VLEIG $1, $0, h1 \ // clear h2 stuff from lower half of h1
- VO h0, h1, h0 \ // h0 now has 88 bits (limb 0 and 1)
- VLEIG $0, $0, h2 \ // clear upper half of h2
- VESRLG $40, h2, h1 \ // h1 now has upper two bits of result
- VLEIB $7, $88, h1 \ // for byte shift (11 bytes)
- VSLB h1, h2, h2 \ // shift h2 11 bytes to the left
- VO h0, h2, h0 \ // combine h0 with 20 bits from limb 1
- VLEIG $0, $0, h1 \ // clear upper half of h1
-
-// if h > 2**130-5 then h -= 2**130-5
-// input: h0, h1
-// temp: t0, t1, t2
-// output: h0
-#define MOD(h0, h1, t0, t1, t2) \
- VZERO t0 \
- VLEIG $1, $5, t0 \
- VACCQ h0, t0, t1 \
- VAQ h0, t0, t0 \
- VONE t2 \
- VLEIG $1, $-4, t2 \
- VAQ t2, t1, t1 \
- VACCQ h1, t1, t1 \
- VONE t2 \
- VAQ t2, t1, t1 \
- VN h0, t1, t2 \
- VNC t0, t1, t1 \
- VO t1, t2, h0 \
-
-// func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]key)
-TEXT ·poly1305vmsl(SB), $0-32
- // This code processes 6 + up to 4 blocks (32 bytes) per iteration
- // using the algorithm described in:
- // NEON crypto, Daniel J. Bernstein & Peter Schwabe
- // https://cryptojedi.org/papers/neoncrypto-20120320.pdf
- // And as moddified for VMSL as described in
- // Accelerating Poly1305 Cryptographic Message Authentication on the z14
- // O'Farrell et al, CASCON 2017, p48-55
- // https://ibm.ent.box.com/s/jf9gedj0e9d2vjctfyh186shaztavnht
-
- LMG out+0(FP), R1, R4 // R1=out, R2=m, R3=mlen, R4=key
- VZERO V0 // c
-
- // load EX0, EX1 and EX2
- MOVD $·constants<>(SB), R5
- VLM (R5), EX0, EX2 // c
-
- // setup r
- VL (R4), T_0
- MOVD $·keyMask<>(SB), R6
- VL (R6), T_1
- VN T_0, T_1, T_0
- VZERO T_2 // limbs for r
- VZERO T_3
- VZERO T_4
- EXPACC2(T_0, T_2, T_3, T_4, T_1, T_5, T_7)
-
- // T_2, T_3, T_4: [0, r]
-
- // setup r*20
- VLEIG $0, $0, T_0
- VLEIG $1, $20, T_0 // T_0: [0, 20]
- VZERO T_5
- VZERO T_6
- VMSLG T_0, T_3, T_5, T_5
- VMSLG T_0, T_4, T_6, T_6
-
- // store r for final block in GR
- VLGVG $1, T_2, RSAVE_0 // c
- VLGVG $1, T_3, RSAVE_1 // c
- VLGVG $1, T_4, RSAVE_2 // c
- VLGVG $1, T_5, R5SAVE_1 // c
- VLGVG $1, T_6, R5SAVE_2 // c
-
- // initialize h
- VZERO H0_0
- VZERO H1_0
- VZERO H2_0
- VZERO H0_1
- VZERO H1_1
- VZERO H2_1
-
- // initialize pointer for reduce constants
- MOVD $·reduce<>(SB), R12
-
- // calculate r**2 and 20*(r**2)
- VZERO R_0
- VZERO R_1
- VZERO R_2
- SQUARE(T_2, T_3, T_4, T_6, R_0, R_1, R_2, T_1, T_5, T_7)
- REDUCE2(R_0, R_1, R_2, M0, M1, M2, M3, M4, R5_1, R5_2, M5, T_1)
- VZERO R5_1
- VZERO R5_2
- VMSLG T_0, R_1, R5_1, R5_1
- VMSLG T_0, R_2, R5_2, R5_2
-
- // skip r**4 calculation if 3 blocks or less
- CMPBLE R3, $48, b4
-
- // calculate r**4 and 20*(r**4)
- VZERO T_8
- VZERO T_9
- VZERO T_10
- SQUARE(R_0, R_1, R_2, R5_2, T_8, T_9, T_10, T_1, T_5, T_7)
- REDUCE2(T_8, T_9, T_10, M0, M1, M2, M3, M4, T_2, T_3, M5, T_1)
- VZERO T_2
- VZERO T_3
- VMSLG T_0, T_9, T_2, T_2
- VMSLG T_0, T_10, T_3, T_3
-
- // put r**2 to the right and r**4 to the left of R_0, R_1, R_2
- VSLDB $8, T_8, T_8, T_8
- VSLDB $8, T_9, T_9, T_9
- VSLDB $8, T_10, T_10, T_10
- VSLDB $8, T_2, T_2, T_2
- VSLDB $8, T_3, T_3, T_3
-
- VO T_8, R_0, R_0
- VO T_9, R_1, R_1
- VO T_10, R_2, R_2
- VO T_2, R5_1, R5_1
- VO T_3, R5_2, R5_2
-
- CMPBLE R3, $80, load // less than or equal to 5 blocks in message
-
- // 6(or 5+1) blocks
- SUB $81, R3
- VLM (R2), M0, M4
- VLL R3, 80(R2), M5
- ADD $1, R3
- MOVBZ $1, R0
- CMPBGE R3, $16, 2(PC)
- VLVGB R3, R0, M5
- MOVD $96(R2), R2
- EXPACC(M0, M1, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3)
- EXPACC(M2, M3, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3)
- VLEIB $2, $1, H2_0
- VLEIB $2, $1, H2_1
- VLEIB $10, $1, H2_0
- VLEIB $10, $1, H2_1
-
- VZERO M0
- VZERO M1
- VZERO M2
- VZERO M3
- VZERO T_4
- VZERO T_10
- EXPACC(M4, M5, M0, M1, M2, M3, T_4, T_10, T_0, T_1, T_2, T_3)
- VLR T_4, M4
- VLEIB $10, $1, M2
- CMPBLT R3, $16, 2(PC)
- VLEIB $10, $1, T_10
- MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
- REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M2, M3, M4, T_4, T_5, T_2, T_7, T_8, T_9)
- VMRHG V0, H0_1, H0_0
- VMRHG V0, H1_1, H1_0
- VMRHG V0, H2_1, H2_0
- VMRLG V0, H0_1, H0_1
- VMRLG V0, H1_1, H1_1
- VMRLG V0, H2_1, H2_1
-
- SUB $16, R3
- CMPBLE R3, $0, square
-
-load:
- // load EX0, EX1 and EX2
- MOVD $·c<>(SB), R5
- VLM (R5), EX0, EX2
-
-loop:
- CMPBLE R3, $64, add // b4 // last 4 or less blocks left
-
- // next 4 full blocks
- VLM (R2), M2, M5
- SUB $64, R3
- MOVD $64(R2), R2
- REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, T_0, T_1, T_3, T_4, T_5, T_2, T_7, T_8, T_9)
-
- // expacc in-lined to create [m2, m3] limbs
- VGBM $0x3f3f, T_0 // 44 bit clear mask
- VGBM $0x1f1f, T_1 // 40 bit clear mask
- VPERM M2, M3, EX0, T_3
- VESRLG $4, T_0, T_0 // 44 bit clear mask ready
- VPERM M2, M3, EX1, T_4
- VPERM M2, M3, EX2, T_5
- VN T_0, T_3, T_3
- VESRLG $4, T_4, T_4
- VN T_1, T_5, T_5
- VN T_0, T_4, T_4
- VMRHG H0_1, T_3, H0_0
- VMRHG H1_1, T_4, H1_0
- VMRHG H2_1, T_5, H2_0
- VMRLG H0_1, T_3, H0_1
- VMRLG H1_1, T_4, H1_1
- VMRLG H2_1, T_5, H2_1
- VLEIB $10, $1, H2_0
- VLEIB $10, $1, H2_1
- VPERM M4, M5, EX0, T_3
- VPERM M4, M5, EX1, T_4
- VPERM M4, M5, EX2, T_5
- VN T_0, T_3, T_3
- VESRLG $4, T_4, T_4
- VN T_1, T_5, T_5
- VN T_0, T_4, T_4
- VMRHG V0, T_3, M0
- VMRHG V0, T_4, M1
- VMRHG V0, T_5, M2
- VMRLG V0, T_3, M3
- VMRLG V0, T_4, M4
- VMRLG V0, T_5, M5
- VLEIB $10, $1, M2
- VLEIB $10, $1, M5
-
- MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
- CMPBNE R3, $0, loop
- REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9)
- VMRHG V0, H0_1, H0_0
- VMRHG V0, H1_1, H1_0
- VMRHG V0, H2_1, H2_0
- VMRLG V0, H0_1, H0_1
- VMRLG V0, H1_1, H1_1
- VMRLG V0, H2_1, H2_1
-
- // load EX0, EX1, EX2
- MOVD $·constants<>(SB), R5
- VLM (R5), EX0, EX2
-
- // sum vectors
- VAQ H0_0, H0_1, H0_0
- VAQ H1_0, H1_1, H1_0
- VAQ H2_0, H2_1, H2_0
-
- // h may be >= 2*(2**130-5) so we need to reduce it again
- // M0...M4 are used as temps here
- REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
-
-next: // carry h1->h2
- VLEIB $7, $0x28, T_1
- VREPIB $4, T_2
- VGBM $0x003F, T_3
- VESRLG $4, T_3
-
- // byte shift
- VSRLB T_1, H1_0, T_4
-
- // bit shift
- VSRL T_2, T_4, T_4
-
- // clear h1 carry bits
- VN T_3, H1_0, H1_0
-
- // add carry
- VAQ T_4, H2_0, H2_0
-
- // h is now < 2*(2**130-5)
- // pack h into h1 (hi) and h0 (lo)
- PACK(H0_0, H1_0, H2_0)
-
- // if h > 2**130-5 then h -= 2**130-5
- MOD(H0_0, H1_0, T_0, T_1, T_2)
-
- // h += s
- MOVD $·bswapMask<>(SB), R5
- VL (R5), T_1
- VL 16(R4), T_0
- VPERM T_0, T_0, T_1, T_0 // reverse bytes (to big)
- VAQ T_0, H0_0, H0_0
- VPERM H0_0, H0_0, T_1, H0_0 // reverse bytes (to little)
- VST H0_0, (R1)
- RET
-
-add:
- // load EX0, EX1, EX2
- MOVD $·constants<>(SB), R5
- VLM (R5), EX0, EX2
-
- REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9)
- VMRHG V0, H0_1, H0_0
- VMRHG V0, H1_1, H1_0
- VMRHG V0, H2_1, H2_0
- VMRLG V0, H0_1, H0_1
- VMRLG V0, H1_1, H1_1
- VMRLG V0, H2_1, H2_1
- CMPBLE R3, $64, b4
-
-b4:
- CMPBLE R3, $48, b3 // 3 blocks or less
-
- // 4(3+1) blocks remaining
- SUB $49, R3
- VLM (R2), M0, M2
- VLL R3, 48(R2), M3
- ADD $1, R3
- MOVBZ $1, R0
- CMPBEQ R3, $16, 2(PC)
- VLVGB R3, R0, M3
- MOVD $64(R2), R2
- EXPACC(M0, M1, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3)
- VLEIB $10, $1, H2_0
- VLEIB $10, $1, H2_1
- VZERO M0
- VZERO M1
- VZERO M4
- VZERO M5
- VZERO T_4
- VZERO T_10
- EXPACC(M2, M3, M0, M1, M4, M5, T_4, T_10, T_0, T_1, T_2, T_3)
- VLR T_4, M2
- VLEIB $10, $1, M4
- CMPBNE R3, $16, 2(PC)
- VLEIB $10, $1, T_10
- MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M4, M5, M2, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
- REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9)
- VMRHG V0, H0_1, H0_0
- VMRHG V0, H1_1, H1_0
- VMRHG V0, H2_1, H2_0
- VMRLG V0, H0_1, H0_1
- VMRLG V0, H1_1, H1_1
- VMRLG V0, H2_1, H2_1
- SUB $16, R3
- CMPBLE R3, $0, square // this condition must always hold true!
-
-b3:
- CMPBLE R3, $32, b2
-
- // 3 blocks remaining
-
- // setup [r²,r]
- VSLDB $8, R_0, R_0, R_0
- VSLDB $8, R_1, R_1, R_1
- VSLDB $8, R_2, R_2, R_2
- VSLDB $8, R5_1, R5_1, R5_1
- VSLDB $8, R5_2, R5_2, R5_2
-
- VLVGG $1, RSAVE_0, R_0
- VLVGG $1, RSAVE_1, R_1
- VLVGG $1, RSAVE_2, R_2
- VLVGG $1, R5SAVE_1, R5_1
- VLVGG $1, R5SAVE_2, R5_2
-
- // setup [h0, h1]
- VSLDB $8, H0_0, H0_0, H0_0
- VSLDB $8, H1_0, H1_0, H1_0
- VSLDB $8, H2_0, H2_0, H2_0
- VO H0_1, H0_0, H0_0
- VO H1_1, H1_0, H1_0
- VO H2_1, H2_0, H2_0
- VZERO H0_1
- VZERO H1_1
- VZERO H2_1
-
- VZERO M0
- VZERO M1
- VZERO M2
- VZERO M3
- VZERO M4
- VZERO M5
-
- // H*[r**2, r]
- MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
- REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, H0_1, H1_1, T_10, M5)
-
- SUB $33, R3
- VLM (R2), M0, M1
- VLL R3, 32(R2), M2
- ADD $1, R3
- MOVBZ $1, R0
- CMPBEQ R3, $16, 2(PC)
- VLVGB R3, R0, M2
-
- // H += m0
- VZERO T_1
- VZERO T_2
- VZERO T_3
- EXPACC2(M0, T_1, T_2, T_3, T_4, T_5, T_6)
- VLEIB $10, $1, T_3
- VAG H0_0, T_1, H0_0
- VAG H1_0, T_2, H1_0
- VAG H2_0, T_3, H2_0
-
- VZERO M0
- VZERO M3
- VZERO M4
- VZERO M5
- VZERO T_10
-
- // (H+m0)*r
- MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M3, M4, M5, V0, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
- REDUCE2(H0_0, H1_0, H2_0, M0, M3, M4, M5, T_10, H0_1, H1_1, H2_1, T_9)
-
- // H += m1
- VZERO V0
- VZERO T_1
- VZERO T_2
- VZERO T_3
- EXPACC2(M1, T_1, T_2, T_3, T_4, T_5, T_6)
- VLEIB $10, $1, T_3
- VAQ H0_0, T_1, H0_0
- VAQ H1_0, T_2, H1_0
- VAQ H2_0, T_3, H2_0
- REDUCE2(H0_0, H1_0, H2_0, M0, M3, M4, M5, T_9, H0_1, H1_1, H2_1, T_10)
-
- // [H, m2] * [r**2, r]
- EXPACC2(M2, H0_0, H1_0, H2_0, T_1, T_2, T_3)
- CMPBNE R3, $16, 2(PC)
- VLEIB $10, $1, H2_0
- VZERO M0
- VZERO M1
- VZERO M2
- VZERO M3
- VZERO M4
- VZERO M5
- MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
- REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, H0_1, H1_1, M5, T_10)
- SUB $16, R3
- CMPBLE R3, $0, next // this condition must always hold true!
-
-b2:
- CMPBLE R3, $16, b1
-
- // 2 blocks remaining
-
- // setup [r²,r]
- VSLDB $8, R_0, R_0, R_0
- VSLDB $8, R_1, R_1, R_1
- VSLDB $8, R_2, R_2, R_2
- VSLDB $8, R5_1, R5_1, R5_1
- VSLDB $8, R5_2, R5_2, R5_2
-
- VLVGG $1, RSAVE_0, R_0
- VLVGG $1, RSAVE_1, R_1
- VLVGG $1, RSAVE_2, R_2
- VLVGG $1, R5SAVE_1, R5_1
- VLVGG $1, R5SAVE_2, R5_2
-
- // setup [h0, h1]
- VSLDB $8, H0_0, H0_0, H0_0
- VSLDB $8, H1_0, H1_0, H1_0
- VSLDB $8, H2_0, H2_0, H2_0
- VO H0_1, H0_0, H0_0
- VO H1_1, H1_0, H1_0
- VO H2_1, H2_0, H2_0
- VZERO H0_1
- VZERO H1_1
- VZERO H2_1
-
- VZERO M0
- VZERO M1
- VZERO M2
- VZERO M3
- VZERO M4
- VZERO M5
-
- // H*[r**2, r]
- MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
- REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M2, M3, M4, T_4, T_5, T_2, T_7, T_8, T_9)
- VMRHG V0, H0_1, H0_0
- VMRHG V0, H1_1, H1_0
- VMRHG V0, H2_1, H2_0
- VMRLG V0, H0_1, H0_1
- VMRLG V0, H1_1, H1_1
- VMRLG V0, H2_1, H2_1
-
- // move h to the left and 0s at the right
- VSLDB $8, H0_0, H0_0, H0_0
- VSLDB $8, H1_0, H1_0, H1_0
- VSLDB $8, H2_0, H2_0, H2_0
-
- // get message blocks and append 1 to start
- SUB $17, R3
- VL (R2), M0
- VLL R3, 16(R2), M1
- ADD $1, R3
- MOVBZ $1, R0
- CMPBEQ R3, $16, 2(PC)
- VLVGB R3, R0, M1
- VZERO T_6
- VZERO T_7
- VZERO T_8
- EXPACC2(M0, T_6, T_7, T_8, T_1, T_2, T_3)
- EXPACC2(M1, T_6, T_7, T_8, T_1, T_2, T_3)
- VLEIB $2, $1, T_8
- CMPBNE R3, $16, 2(PC)
- VLEIB $10, $1, T_8
-
- // add [m0, m1] to h
- VAG H0_0, T_6, H0_0
- VAG H1_0, T_7, H1_0
- VAG H2_0, T_8, H2_0
-
- VZERO M2
- VZERO M3
- VZERO M4
- VZERO M5
- VZERO T_10
- VZERO M0
-
- // at this point R_0 .. R5_2 look like [r**2, r]
- MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M2, M3, M4, M5, T_10, M0, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
- REDUCE2(H0_0, H1_0, H2_0, M2, M3, M4, M5, T_9, H0_1, H1_1, H2_1, T_10)
- SUB $16, R3, R3
- CMPBLE R3, $0, next
-
-b1:
- CMPBLE R3, $0, next
-
- // 1 block remaining
-
- // setup [r²,r]
- VSLDB $8, R_0, R_0, R_0
- VSLDB $8, R_1, R_1, R_1
- VSLDB $8, R_2, R_2, R_2
- VSLDB $8, R5_1, R5_1, R5_1
- VSLDB $8, R5_2, R5_2, R5_2
-
- VLVGG $1, RSAVE_0, R_0
- VLVGG $1, RSAVE_1, R_1
- VLVGG $1, RSAVE_2, R_2
- VLVGG $1, R5SAVE_1, R5_1
- VLVGG $1, R5SAVE_2, R5_2
-
- // setup [h0, h1]
- VSLDB $8, H0_0, H0_0, H0_0
- VSLDB $8, H1_0, H1_0, H1_0
- VSLDB $8, H2_0, H2_0, H2_0
- VO H0_1, H0_0, H0_0
- VO H1_1, H1_0, H1_0
- VO H2_1, H2_0, H2_0
- VZERO H0_1
- VZERO H1_1
- VZERO H2_1
-
- VZERO M0
- VZERO M1
- VZERO M2
- VZERO M3
- VZERO M4
- VZERO M5
-
- // H*[r**2, r]
- MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
- REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
-
- // set up [0, m0] limbs
- SUB $1, R3
- VLL R3, (R2), M0
- ADD $1, R3
- MOVBZ $1, R0
- CMPBEQ R3, $16, 2(PC)
- VLVGB R3, R0, M0
- VZERO T_1
- VZERO T_2
- VZERO T_3
- EXPACC2(M0, T_1, T_2, T_3, T_4, T_5, T_6)// limbs: [0, m]
- CMPBNE R3, $16, 2(PC)
- VLEIB $10, $1, T_3
-
- // h+m0
- VAQ H0_0, T_1, H0_0
- VAQ H1_0, T_2, H1_0
- VAQ H2_0, T_3, H2_0
-
- VZERO M0
- VZERO M1
- VZERO M2
- VZERO M3
- VZERO M4
- VZERO M5
- MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
- REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
-
- BR next
-
-square:
- // setup [r²,r]
- VSLDB $8, R_0, R_0, R_0
- VSLDB $8, R_1, R_1, R_1
- VSLDB $8, R_2, R_2, R_2
- VSLDB $8, R5_1, R5_1, R5_1
- VSLDB $8, R5_2, R5_2, R5_2
-
- VLVGG $1, RSAVE_0, R_0
- VLVGG $1, RSAVE_1, R_1
- VLVGG $1, RSAVE_2, R_2
- VLVGG $1, R5SAVE_1, R5_1
- VLVGG $1, R5SAVE_2, R5_2
-
- // setup [h0, h1]
- VSLDB $8, H0_0, H0_0, H0_0
- VSLDB $8, H1_0, H1_0, H1_0
- VSLDB $8, H2_0, H2_0, H2_0
- VO H0_1, H0_0, H0_0
- VO H1_1, H1_0, H1_0
- VO H2_1, H2_0, H2_0
- VZERO H0_1
- VZERO H1_1
- VZERO H2_1
-
- VZERO M0
- VZERO M1
- VZERO M2
- VZERO M3
- VZERO M4
- VZERO M5
-
- // (h0*r**2) + (h1*r)
- MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
- REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
- BR next
-
-TEXT ·hasVMSLFacility(SB), NOSPLIT, $24-1
- MOVD $x-24(SP), R1
- XC $24, 0(R1), 0(R1) // clear the storage
- MOVD $2, R0 // R0 is the number of double words stored -1
- WORD $0xB2B01000 // STFLE 0(R1)
- XOR R0, R0 // reset the value of R0
- MOVBZ z-8(SP), R1
- AND $0x01, R1
- BEQ novmsl
-
-vectorinstalled:
- // check if the vector instruction has been enabled
- VLEIB $0, $0xF, V16
- VLGVB $0, V16, R1
- CMPBNE R1, $0xF, novmsl
- MOVB $1, ret+0(FP) // have vx
- RET
-
-novmsl:
- MOVB $0, ret+0(FP) // no vx
- RET
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go b/vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go
deleted file mode 100644
index 4c96147..0000000
--- a/vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go
+++ /dev/null
@@ -1,144 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package salsa provides low-level access to functions in the Salsa family.
-package salsa // import "golang.org/x/crypto/salsa20/salsa"
-
-// Sigma is the Salsa20 constant for 256-bit keys.
-var Sigma = [16]byte{'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2', '-', 'b', 'y', 't', 'e', ' ', 'k'}
-
-// HSalsa20 applies the HSalsa20 core function to a 16-byte input in, 32-byte
-// key k, and 16-byte constant c, and puts the result into the 32-byte array
-// out.
-func HSalsa20(out *[32]byte, in *[16]byte, k *[32]byte, c *[16]byte) {
- x0 := uint32(c[0]) | uint32(c[1])<<8 | uint32(c[2])<<16 | uint32(c[3])<<24
- x1 := uint32(k[0]) | uint32(k[1])<<8 | uint32(k[2])<<16 | uint32(k[3])<<24
- x2 := uint32(k[4]) | uint32(k[5])<<8 | uint32(k[6])<<16 | uint32(k[7])<<24
- x3 := uint32(k[8]) | uint32(k[9])<<8 | uint32(k[10])<<16 | uint32(k[11])<<24
- x4 := uint32(k[12]) | uint32(k[13])<<8 | uint32(k[14])<<16 | uint32(k[15])<<24
- x5 := uint32(c[4]) | uint32(c[5])<<8 | uint32(c[6])<<16 | uint32(c[7])<<24
- x6 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24
- x7 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24
- x8 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24
- x9 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24
- x10 := uint32(c[8]) | uint32(c[9])<<8 | uint32(c[10])<<16 | uint32(c[11])<<24
- x11 := uint32(k[16]) | uint32(k[17])<<8 | uint32(k[18])<<16 | uint32(k[19])<<24
- x12 := uint32(k[20]) | uint32(k[21])<<8 | uint32(k[22])<<16 | uint32(k[23])<<24
- x13 := uint32(k[24]) | uint32(k[25])<<8 | uint32(k[26])<<16 | uint32(k[27])<<24
- x14 := uint32(k[28]) | uint32(k[29])<<8 | uint32(k[30])<<16 | uint32(k[31])<<24
- x15 := uint32(c[12]) | uint32(c[13])<<8 | uint32(c[14])<<16 | uint32(c[15])<<24
-
- for i := 0; i < 20; i += 2 {
- u := x0 + x12
- x4 ^= u<<7 | u>>(32-7)
- u = x4 + x0
- x8 ^= u<<9 | u>>(32-9)
- u = x8 + x4
- x12 ^= u<<13 | u>>(32-13)
- u = x12 + x8
- x0 ^= u<<18 | u>>(32-18)
-
- u = x5 + x1
- x9 ^= u<<7 | u>>(32-7)
- u = x9 + x5
- x13 ^= u<<9 | u>>(32-9)
- u = x13 + x9
- x1 ^= u<<13 | u>>(32-13)
- u = x1 + x13
- x5 ^= u<<18 | u>>(32-18)
-
- u = x10 + x6
- x14 ^= u<<7 | u>>(32-7)
- u = x14 + x10
- x2 ^= u<<9 | u>>(32-9)
- u = x2 + x14
- x6 ^= u<<13 | u>>(32-13)
- u = x6 + x2
- x10 ^= u<<18 | u>>(32-18)
-
- u = x15 + x11
- x3 ^= u<<7 | u>>(32-7)
- u = x3 + x15
- x7 ^= u<<9 | u>>(32-9)
- u = x7 + x3
- x11 ^= u<<13 | u>>(32-13)
- u = x11 + x7
- x15 ^= u<<18 | u>>(32-18)
-
- u = x0 + x3
- x1 ^= u<<7 | u>>(32-7)
- u = x1 + x0
- x2 ^= u<<9 | u>>(32-9)
- u = x2 + x1
- x3 ^= u<<13 | u>>(32-13)
- u = x3 + x2
- x0 ^= u<<18 | u>>(32-18)
-
- u = x5 + x4
- x6 ^= u<<7 | u>>(32-7)
- u = x6 + x5
- x7 ^= u<<9 | u>>(32-9)
- u = x7 + x6
- x4 ^= u<<13 | u>>(32-13)
- u = x4 + x7
- x5 ^= u<<18 | u>>(32-18)
-
- u = x10 + x9
- x11 ^= u<<7 | u>>(32-7)
- u = x11 + x10
- x8 ^= u<<9 | u>>(32-9)
- u = x8 + x11
- x9 ^= u<<13 | u>>(32-13)
- u = x9 + x8
- x10 ^= u<<18 | u>>(32-18)
-
- u = x15 + x14
- x12 ^= u<<7 | u>>(32-7)
- u = x12 + x15
- x13 ^= u<<9 | u>>(32-9)
- u = x13 + x12
- x14 ^= u<<13 | u>>(32-13)
- u = x14 + x13
- x15 ^= u<<18 | u>>(32-18)
- }
- out[0] = byte(x0)
- out[1] = byte(x0 >> 8)
- out[2] = byte(x0 >> 16)
- out[3] = byte(x0 >> 24)
-
- out[4] = byte(x5)
- out[5] = byte(x5 >> 8)
- out[6] = byte(x5 >> 16)
- out[7] = byte(x5 >> 24)
-
- out[8] = byte(x10)
- out[9] = byte(x10 >> 8)
- out[10] = byte(x10 >> 16)
- out[11] = byte(x10 >> 24)
-
- out[12] = byte(x15)
- out[13] = byte(x15 >> 8)
- out[14] = byte(x15 >> 16)
- out[15] = byte(x15 >> 24)
-
- out[16] = byte(x6)
- out[17] = byte(x6 >> 8)
- out[18] = byte(x6 >> 16)
- out[19] = byte(x6 >> 24)
-
- out[20] = byte(x7)
- out[21] = byte(x7 >> 8)
- out[22] = byte(x7 >> 16)
- out[23] = byte(x7 >> 24)
-
- out[24] = byte(x8)
- out[25] = byte(x8 >> 8)
- out[26] = byte(x8 >> 16)
- out[27] = byte(x8 >> 24)
-
- out[28] = byte(x9)
- out[29] = byte(x9 >> 8)
- out[30] = byte(x9 >> 16)
- out[31] = byte(x9 >> 24)
-}
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa2020_amd64.s b/vendor/golang.org/x/crypto/salsa20/salsa/salsa2020_amd64.s
deleted file mode 100644
index 22afbdc..0000000
--- a/vendor/golang.org/x/crypto/salsa20/salsa/salsa2020_amd64.s
+++ /dev/null
@@ -1,889 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build amd64,!appengine,!gccgo
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// func salsa2020XORKeyStream(out, in *byte, n uint64, nonce, key *byte)
-// This needs up to 64 bytes at 360(SP); hence the non-obvious frame size.
-TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
- MOVQ out+0(FP),DI
- MOVQ in+8(FP),SI
- MOVQ n+16(FP),DX
- MOVQ nonce+24(FP),CX
- MOVQ key+32(FP),R8
-
- MOVQ SP,R12
- MOVQ SP,R9
- ADDQ $31, R9
- ANDQ $~31, R9
- MOVQ R9, SP
-
- MOVQ DX,R9
- MOVQ CX,DX
- MOVQ R8,R10
- CMPQ R9,$0
- JBE DONE
- START:
- MOVL 20(R10),CX
- MOVL 0(R10),R8
- MOVL 0(DX),AX
- MOVL 16(R10),R11
- MOVL CX,0(SP)
- MOVL R8, 4 (SP)
- MOVL AX, 8 (SP)
- MOVL R11, 12 (SP)
- MOVL 8(DX),CX
- MOVL 24(R10),R8
- MOVL 4(R10),AX
- MOVL 4(DX),R11
- MOVL CX,16(SP)
- MOVL R8, 20 (SP)
- MOVL AX, 24 (SP)
- MOVL R11, 28 (SP)
- MOVL 12(DX),CX
- MOVL 12(R10),DX
- MOVL 28(R10),R8
- MOVL 8(R10),AX
- MOVL DX,32(SP)
- MOVL CX, 36 (SP)
- MOVL R8, 40 (SP)
- MOVL AX, 44 (SP)
- MOVQ $1634760805,DX
- MOVQ $857760878,CX
- MOVQ $2036477234,R8
- MOVQ $1797285236,AX
- MOVL DX,48(SP)
- MOVL CX, 52 (SP)
- MOVL R8, 56 (SP)
- MOVL AX, 60 (SP)
- CMPQ R9,$256
- JB BYTESBETWEEN1AND255
- MOVOA 48(SP),X0
- PSHUFL $0X55,X0,X1
- PSHUFL $0XAA,X0,X2
- PSHUFL $0XFF,X0,X3
- PSHUFL $0X00,X0,X0
- MOVOA X1,64(SP)
- MOVOA X2,80(SP)
- MOVOA X3,96(SP)
- MOVOA X0,112(SP)
- MOVOA 0(SP),X0
- PSHUFL $0XAA,X0,X1
- PSHUFL $0XFF,X0,X2
- PSHUFL $0X00,X0,X3
- PSHUFL $0X55,X0,X0
- MOVOA X1,128(SP)
- MOVOA X2,144(SP)
- MOVOA X3,160(SP)
- MOVOA X0,176(SP)
- MOVOA 16(SP),X0
- PSHUFL $0XFF,X0,X1
- PSHUFL $0X55,X0,X2
- PSHUFL $0XAA,X0,X0
- MOVOA X1,192(SP)
- MOVOA X2,208(SP)
- MOVOA X0,224(SP)
- MOVOA 32(SP),X0
- PSHUFL $0X00,X0,X1
- PSHUFL $0XAA,X0,X2
- PSHUFL $0XFF,X0,X0
- MOVOA X1,240(SP)
- MOVOA X2,256(SP)
- MOVOA X0,272(SP)
- BYTESATLEAST256:
- MOVL 16(SP),DX
- MOVL 36 (SP),CX
- MOVL DX,288(SP)
- MOVL CX,304(SP)
- ADDQ $1,DX
- SHLQ $32,CX
- ADDQ CX,DX
- MOVQ DX,CX
- SHRQ $32,CX
- MOVL DX, 292 (SP)
- MOVL CX, 308 (SP)
- ADDQ $1,DX
- SHLQ $32,CX
- ADDQ CX,DX
- MOVQ DX,CX
- SHRQ $32,CX
- MOVL DX, 296 (SP)
- MOVL CX, 312 (SP)
- ADDQ $1,DX
- SHLQ $32,CX
- ADDQ CX,DX
- MOVQ DX,CX
- SHRQ $32,CX
- MOVL DX, 300 (SP)
- MOVL CX, 316 (SP)
- ADDQ $1,DX
- SHLQ $32,CX
- ADDQ CX,DX
- MOVQ DX,CX
- SHRQ $32,CX
- MOVL DX,16(SP)
- MOVL CX, 36 (SP)
- MOVQ R9,352(SP)
- MOVQ $20,DX
- MOVOA 64(SP),X0
- MOVOA 80(SP),X1
- MOVOA 96(SP),X2
- MOVOA 256(SP),X3
- MOVOA 272(SP),X4
- MOVOA 128(SP),X5
- MOVOA 144(SP),X6
- MOVOA 176(SP),X7
- MOVOA 192(SP),X8
- MOVOA 208(SP),X9
- MOVOA 224(SP),X10
- MOVOA 304(SP),X11
- MOVOA 112(SP),X12
- MOVOA 160(SP),X13
- MOVOA 240(SP),X14
- MOVOA 288(SP),X15
- MAINLOOP1:
- MOVOA X1,320(SP)
- MOVOA X2,336(SP)
- MOVOA X13,X1
- PADDL X12,X1
- MOVOA X1,X2
- PSLLL $7,X1
- PXOR X1,X14
- PSRLL $25,X2
- PXOR X2,X14
- MOVOA X7,X1
- PADDL X0,X1
- MOVOA X1,X2
- PSLLL $7,X1
- PXOR X1,X11
- PSRLL $25,X2
- PXOR X2,X11
- MOVOA X12,X1
- PADDL X14,X1
- MOVOA X1,X2
- PSLLL $9,X1
- PXOR X1,X15
- PSRLL $23,X2
- PXOR X2,X15
- MOVOA X0,X1
- PADDL X11,X1
- MOVOA X1,X2
- PSLLL $9,X1
- PXOR X1,X9
- PSRLL $23,X2
- PXOR X2,X9
- MOVOA X14,X1
- PADDL X15,X1
- MOVOA X1,X2
- PSLLL $13,X1
- PXOR X1,X13
- PSRLL $19,X2
- PXOR X2,X13
- MOVOA X11,X1
- PADDL X9,X1
- MOVOA X1,X2
- PSLLL $13,X1
- PXOR X1,X7
- PSRLL $19,X2
- PXOR X2,X7
- MOVOA X15,X1
- PADDL X13,X1
- MOVOA X1,X2
- PSLLL $18,X1
- PXOR X1,X12
- PSRLL $14,X2
- PXOR X2,X12
- MOVOA 320(SP),X1
- MOVOA X12,320(SP)
- MOVOA X9,X2
- PADDL X7,X2
- MOVOA X2,X12
- PSLLL $18,X2
- PXOR X2,X0
- PSRLL $14,X12
- PXOR X12,X0
- MOVOA X5,X2
- PADDL X1,X2
- MOVOA X2,X12
- PSLLL $7,X2
- PXOR X2,X3
- PSRLL $25,X12
- PXOR X12,X3
- MOVOA 336(SP),X2
- MOVOA X0,336(SP)
- MOVOA X6,X0
- PADDL X2,X0
- MOVOA X0,X12
- PSLLL $7,X0
- PXOR X0,X4
- PSRLL $25,X12
- PXOR X12,X4
- MOVOA X1,X0
- PADDL X3,X0
- MOVOA X0,X12
- PSLLL $9,X0
- PXOR X0,X10
- PSRLL $23,X12
- PXOR X12,X10
- MOVOA X2,X0
- PADDL X4,X0
- MOVOA X0,X12
- PSLLL $9,X0
- PXOR X0,X8
- PSRLL $23,X12
- PXOR X12,X8
- MOVOA X3,X0
- PADDL X10,X0
- MOVOA X0,X12
- PSLLL $13,X0
- PXOR X0,X5
- PSRLL $19,X12
- PXOR X12,X5
- MOVOA X4,X0
- PADDL X8,X0
- MOVOA X0,X12
- PSLLL $13,X0
- PXOR X0,X6
- PSRLL $19,X12
- PXOR X12,X6
- MOVOA X10,X0
- PADDL X5,X0
- MOVOA X0,X12
- PSLLL $18,X0
- PXOR X0,X1
- PSRLL $14,X12
- PXOR X12,X1
- MOVOA 320(SP),X0
- MOVOA X1,320(SP)
- MOVOA X4,X1
- PADDL X0,X1
- MOVOA X1,X12
- PSLLL $7,X1
- PXOR X1,X7
- PSRLL $25,X12
- PXOR X12,X7
- MOVOA X8,X1
- PADDL X6,X1
- MOVOA X1,X12
- PSLLL $18,X1
- PXOR X1,X2
- PSRLL $14,X12
- PXOR X12,X2
- MOVOA 336(SP),X12
- MOVOA X2,336(SP)
- MOVOA X14,X1
- PADDL X12,X1
- MOVOA X1,X2
- PSLLL $7,X1
- PXOR X1,X5
- PSRLL $25,X2
- PXOR X2,X5
- MOVOA X0,X1
- PADDL X7,X1
- MOVOA X1,X2
- PSLLL $9,X1
- PXOR X1,X10
- PSRLL $23,X2
- PXOR X2,X10
- MOVOA X12,X1
- PADDL X5,X1
- MOVOA X1,X2
- PSLLL $9,X1
- PXOR X1,X8
- PSRLL $23,X2
- PXOR X2,X8
- MOVOA X7,X1
- PADDL X10,X1
- MOVOA X1,X2
- PSLLL $13,X1
- PXOR X1,X4
- PSRLL $19,X2
- PXOR X2,X4
- MOVOA X5,X1
- PADDL X8,X1
- MOVOA X1,X2
- PSLLL $13,X1
- PXOR X1,X14
- PSRLL $19,X2
- PXOR X2,X14
- MOVOA X10,X1
- PADDL X4,X1
- MOVOA X1,X2
- PSLLL $18,X1
- PXOR X1,X0
- PSRLL $14,X2
- PXOR X2,X0
- MOVOA 320(SP),X1
- MOVOA X0,320(SP)
- MOVOA X8,X0
- PADDL X14,X0
- MOVOA X0,X2
- PSLLL $18,X0
- PXOR X0,X12
- PSRLL $14,X2
- PXOR X2,X12
- MOVOA X11,X0
- PADDL X1,X0
- MOVOA X0,X2
- PSLLL $7,X0
- PXOR X0,X6
- PSRLL $25,X2
- PXOR X2,X6
- MOVOA 336(SP),X2
- MOVOA X12,336(SP)
- MOVOA X3,X0
- PADDL X2,X0
- MOVOA X0,X12
- PSLLL $7,X0
- PXOR X0,X13
- PSRLL $25,X12
- PXOR X12,X13
- MOVOA X1,X0
- PADDL X6,X0
- MOVOA X0,X12
- PSLLL $9,X0
- PXOR X0,X15
- PSRLL $23,X12
- PXOR X12,X15
- MOVOA X2,X0
- PADDL X13,X0
- MOVOA X0,X12
- PSLLL $9,X0
- PXOR X0,X9
- PSRLL $23,X12
- PXOR X12,X9
- MOVOA X6,X0
- PADDL X15,X0
- MOVOA X0,X12
- PSLLL $13,X0
- PXOR X0,X11
- PSRLL $19,X12
- PXOR X12,X11
- MOVOA X13,X0
- PADDL X9,X0
- MOVOA X0,X12
- PSLLL $13,X0
- PXOR X0,X3
- PSRLL $19,X12
- PXOR X12,X3
- MOVOA X15,X0
- PADDL X11,X0
- MOVOA X0,X12
- PSLLL $18,X0
- PXOR X0,X1
- PSRLL $14,X12
- PXOR X12,X1
- MOVOA X9,X0
- PADDL X3,X0
- MOVOA X0,X12
- PSLLL $18,X0
- PXOR X0,X2
- PSRLL $14,X12
- PXOR X12,X2
- MOVOA 320(SP),X12
- MOVOA 336(SP),X0
- SUBQ $2,DX
- JA MAINLOOP1
- PADDL 112(SP),X12
- PADDL 176(SP),X7
- PADDL 224(SP),X10
- PADDL 272(SP),X4
- MOVD X12,DX
- MOVD X7,CX
- MOVD X10,R8
- MOVD X4,R9
- PSHUFL $0X39,X12,X12
- PSHUFL $0X39,X7,X7
- PSHUFL $0X39,X10,X10
- PSHUFL $0X39,X4,X4
- XORL 0(SI),DX
- XORL 4(SI),CX
- XORL 8(SI),R8
- XORL 12(SI),R9
- MOVL DX,0(DI)
- MOVL CX,4(DI)
- MOVL R8,8(DI)
- MOVL R9,12(DI)
- MOVD X12,DX
- MOVD X7,CX
- MOVD X10,R8
- MOVD X4,R9
- PSHUFL $0X39,X12,X12
- PSHUFL $0X39,X7,X7
- PSHUFL $0X39,X10,X10
- PSHUFL $0X39,X4,X4
- XORL 64(SI),DX
- XORL 68(SI),CX
- XORL 72(SI),R8
- XORL 76(SI),R9
- MOVL DX,64(DI)
- MOVL CX,68(DI)
- MOVL R8,72(DI)
- MOVL R9,76(DI)
- MOVD X12,DX
- MOVD X7,CX
- MOVD X10,R8
- MOVD X4,R9
- PSHUFL $0X39,X12,X12
- PSHUFL $0X39,X7,X7
- PSHUFL $0X39,X10,X10
- PSHUFL $0X39,X4,X4
- XORL 128(SI),DX
- XORL 132(SI),CX
- XORL 136(SI),R8
- XORL 140(SI),R9
- MOVL DX,128(DI)
- MOVL CX,132(DI)
- MOVL R8,136(DI)
- MOVL R9,140(DI)
- MOVD X12,DX
- MOVD X7,CX
- MOVD X10,R8
- MOVD X4,R9
- XORL 192(SI),DX
- XORL 196(SI),CX
- XORL 200(SI),R8
- XORL 204(SI),R9
- MOVL DX,192(DI)
- MOVL CX,196(DI)
- MOVL R8,200(DI)
- MOVL R9,204(DI)
- PADDL 240(SP),X14
- PADDL 64(SP),X0
- PADDL 128(SP),X5
- PADDL 192(SP),X8
- MOVD X14,DX
- MOVD X0,CX
- MOVD X5,R8
- MOVD X8,R9
- PSHUFL $0X39,X14,X14
- PSHUFL $0X39,X0,X0
- PSHUFL $0X39,X5,X5
- PSHUFL $0X39,X8,X8
- XORL 16(SI),DX
- XORL 20(SI),CX
- XORL 24(SI),R8
- XORL 28(SI),R9
- MOVL DX,16(DI)
- MOVL CX,20(DI)
- MOVL R8,24(DI)
- MOVL R9,28(DI)
- MOVD X14,DX
- MOVD X0,CX
- MOVD X5,R8
- MOVD X8,R9
- PSHUFL $0X39,X14,X14
- PSHUFL $0X39,X0,X0
- PSHUFL $0X39,X5,X5
- PSHUFL $0X39,X8,X8
- XORL 80(SI),DX
- XORL 84(SI),CX
- XORL 88(SI),R8
- XORL 92(SI),R9
- MOVL DX,80(DI)
- MOVL CX,84(DI)
- MOVL R8,88(DI)
- MOVL R9,92(DI)
- MOVD X14,DX
- MOVD X0,CX
- MOVD X5,R8
- MOVD X8,R9
- PSHUFL $0X39,X14,X14
- PSHUFL $0X39,X0,X0
- PSHUFL $0X39,X5,X5
- PSHUFL $0X39,X8,X8
- XORL 144(SI),DX
- XORL 148(SI),CX
- XORL 152(SI),R8
- XORL 156(SI),R9
- MOVL DX,144(DI)
- MOVL CX,148(DI)
- MOVL R8,152(DI)
- MOVL R9,156(DI)
- MOVD X14,DX
- MOVD X0,CX
- MOVD X5,R8
- MOVD X8,R9
- XORL 208(SI),DX
- XORL 212(SI),CX
- XORL 216(SI),R8
- XORL 220(SI),R9
- MOVL DX,208(DI)
- MOVL CX,212(DI)
- MOVL R8,216(DI)
- MOVL R9,220(DI)
- PADDL 288(SP),X15
- PADDL 304(SP),X11
- PADDL 80(SP),X1
- PADDL 144(SP),X6
- MOVD X15,DX
- MOVD X11,CX
- MOVD X1,R8
- MOVD X6,R9
- PSHUFL $0X39,X15,X15
- PSHUFL $0X39,X11,X11
- PSHUFL $0X39,X1,X1
- PSHUFL $0X39,X6,X6
- XORL 32(SI),DX
- XORL 36(SI),CX
- XORL 40(SI),R8
- XORL 44(SI),R9
- MOVL DX,32(DI)
- MOVL CX,36(DI)
- MOVL R8,40(DI)
- MOVL R9,44(DI)
- MOVD X15,DX
- MOVD X11,CX
- MOVD X1,R8
- MOVD X6,R9
- PSHUFL $0X39,X15,X15
- PSHUFL $0X39,X11,X11
- PSHUFL $0X39,X1,X1
- PSHUFL $0X39,X6,X6
- XORL 96(SI),DX
- XORL 100(SI),CX
- XORL 104(SI),R8
- XORL 108(SI),R9
- MOVL DX,96(DI)
- MOVL CX,100(DI)
- MOVL R8,104(DI)
- MOVL R9,108(DI)
- MOVD X15,DX
- MOVD X11,CX
- MOVD X1,R8
- MOVD X6,R9
- PSHUFL $0X39,X15,X15
- PSHUFL $0X39,X11,X11
- PSHUFL $0X39,X1,X1
- PSHUFL $0X39,X6,X6
- XORL 160(SI),DX
- XORL 164(SI),CX
- XORL 168(SI),R8
- XORL 172(SI),R9
- MOVL DX,160(DI)
- MOVL CX,164(DI)
- MOVL R8,168(DI)
- MOVL R9,172(DI)
- MOVD X15,DX
- MOVD X11,CX
- MOVD X1,R8
- MOVD X6,R9
- XORL 224(SI),DX
- XORL 228(SI),CX
- XORL 232(SI),R8
- XORL 236(SI),R9
- MOVL DX,224(DI)
- MOVL CX,228(DI)
- MOVL R8,232(DI)
- MOVL R9,236(DI)
- PADDL 160(SP),X13
- PADDL 208(SP),X9
- PADDL 256(SP),X3
- PADDL 96(SP),X2
- MOVD X13,DX
- MOVD X9,CX
- MOVD X3,R8
- MOVD X2,R9
- PSHUFL $0X39,X13,X13
- PSHUFL $0X39,X9,X9
- PSHUFL $0X39,X3,X3
- PSHUFL $0X39,X2,X2
- XORL 48(SI),DX
- XORL 52(SI),CX
- XORL 56(SI),R8
- XORL 60(SI),R9
- MOVL DX,48(DI)
- MOVL CX,52(DI)
- MOVL R8,56(DI)
- MOVL R9,60(DI)
- MOVD X13,DX
- MOVD X9,CX
- MOVD X3,R8
- MOVD X2,R9
- PSHUFL $0X39,X13,X13
- PSHUFL $0X39,X9,X9
- PSHUFL $0X39,X3,X3
- PSHUFL $0X39,X2,X2
- XORL 112(SI),DX
- XORL 116(SI),CX
- XORL 120(SI),R8
- XORL 124(SI),R9
- MOVL DX,112(DI)
- MOVL CX,116(DI)
- MOVL R8,120(DI)
- MOVL R9,124(DI)
- MOVD X13,DX
- MOVD X9,CX
- MOVD X3,R8
- MOVD X2,R9
- PSHUFL $0X39,X13,X13
- PSHUFL $0X39,X9,X9
- PSHUFL $0X39,X3,X3
- PSHUFL $0X39,X2,X2
- XORL 176(SI),DX
- XORL 180(SI),CX
- XORL 184(SI),R8
- XORL 188(SI),R9
- MOVL DX,176(DI)
- MOVL CX,180(DI)
- MOVL R8,184(DI)
- MOVL R9,188(DI)
- MOVD X13,DX
- MOVD X9,CX
- MOVD X3,R8
- MOVD X2,R9
- XORL 240(SI),DX
- XORL 244(SI),CX
- XORL 248(SI),R8
- XORL 252(SI),R9
- MOVL DX,240(DI)
- MOVL CX,244(DI)
- MOVL R8,248(DI)
- MOVL R9,252(DI)
- MOVQ 352(SP),R9
- SUBQ $256,R9
- ADDQ $256,SI
- ADDQ $256,DI
- CMPQ R9,$256
- JAE BYTESATLEAST256
- CMPQ R9,$0
- JBE DONE
- BYTESBETWEEN1AND255:
- CMPQ R9,$64
- JAE NOCOPY
- MOVQ DI,DX
- LEAQ 360(SP),DI
- MOVQ R9,CX
- REP; MOVSB
- LEAQ 360(SP),DI
- LEAQ 360(SP),SI
- NOCOPY:
- MOVQ R9,352(SP)
- MOVOA 48(SP),X0
- MOVOA 0(SP),X1
- MOVOA 16(SP),X2
- MOVOA 32(SP),X3
- MOVOA X1,X4
- MOVQ $20,CX
- MAINLOOP2:
- PADDL X0,X4
- MOVOA X0,X5
- MOVOA X4,X6
- PSLLL $7,X4
- PSRLL $25,X6
- PXOR X4,X3
- PXOR X6,X3
- PADDL X3,X5
- MOVOA X3,X4
- MOVOA X5,X6
- PSLLL $9,X5
- PSRLL $23,X6
- PXOR X5,X2
- PSHUFL $0X93,X3,X3
- PXOR X6,X2
- PADDL X2,X4
- MOVOA X2,X5
- MOVOA X4,X6
- PSLLL $13,X4
- PSRLL $19,X6
- PXOR X4,X1
- PSHUFL $0X4E,X2,X2
- PXOR X6,X1
- PADDL X1,X5
- MOVOA X3,X4
- MOVOA X5,X6
- PSLLL $18,X5
- PSRLL $14,X6
- PXOR X5,X0
- PSHUFL $0X39,X1,X1
- PXOR X6,X0
- PADDL X0,X4
- MOVOA X0,X5
- MOVOA X4,X6
- PSLLL $7,X4
- PSRLL $25,X6
- PXOR X4,X1
- PXOR X6,X1
- PADDL X1,X5
- MOVOA X1,X4
- MOVOA X5,X6
- PSLLL $9,X5
- PSRLL $23,X6
- PXOR X5,X2
- PSHUFL $0X93,X1,X1
- PXOR X6,X2
- PADDL X2,X4
- MOVOA X2,X5
- MOVOA X4,X6
- PSLLL $13,X4
- PSRLL $19,X6
- PXOR X4,X3
- PSHUFL $0X4E,X2,X2
- PXOR X6,X3
- PADDL X3,X5
- MOVOA X1,X4
- MOVOA X5,X6
- PSLLL $18,X5
- PSRLL $14,X6
- PXOR X5,X0
- PSHUFL $0X39,X3,X3
- PXOR X6,X0
- PADDL X0,X4
- MOVOA X0,X5
- MOVOA X4,X6
- PSLLL $7,X4
- PSRLL $25,X6
- PXOR X4,X3
- PXOR X6,X3
- PADDL X3,X5
- MOVOA X3,X4
- MOVOA X5,X6
- PSLLL $9,X5
- PSRLL $23,X6
- PXOR X5,X2
- PSHUFL $0X93,X3,X3
- PXOR X6,X2
- PADDL X2,X4
- MOVOA X2,X5
- MOVOA X4,X6
- PSLLL $13,X4
- PSRLL $19,X6
- PXOR X4,X1
- PSHUFL $0X4E,X2,X2
- PXOR X6,X1
- PADDL X1,X5
- MOVOA X3,X4
- MOVOA X5,X6
- PSLLL $18,X5
- PSRLL $14,X6
- PXOR X5,X0
- PSHUFL $0X39,X1,X1
- PXOR X6,X0
- PADDL X0,X4
- MOVOA X0,X5
- MOVOA X4,X6
- PSLLL $7,X4
- PSRLL $25,X6
- PXOR X4,X1
- PXOR X6,X1
- PADDL X1,X5
- MOVOA X1,X4
- MOVOA X5,X6
- PSLLL $9,X5
- PSRLL $23,X6
- PXOR X5,X2
- PSHUFL $0X93,X1,X1
- PXOR X6,X2
- PADDL X2,X4
- MOVOA X2,X5
- MOVOA X4,X6
- PSLLL $13,X4
- PSRLL $19,X6
- PXOR X4,X3
- PSHUFL $0X4E,X2,X2
- PXOR X6,X3
- SUBQ $4,CX
- PADDL X3,X5
- MOVOA X1,X4
- MOVOA X5,X6
- PSLLL $18,X5
- PXOR X7,X7
- PSRLL $14,X6
- PXOR X5,X0
- PSHUFL $0X39,X3,X3
- PXOR X6,X0
- JA MAINLOOP2
- PADDL 48(SP),X0
- PADDL 0(SP),X1
- PADDL 16(SP),X2
- PADDL 32(SP),X3
- MOVD X0,CX
- MOVD X1,R8
- MOVD X2,R9
- MOVD X3,AX
- PSHUFL $0X39,X0,X0
- PSHUFL $0X39,X1,X1
- PSHUFL $0X39,X2,X2
- PSHUFL $0X39,X3,X3
- XORL 0(SI),CX
- XORL 48(SI),R8
- XORL 32(SI),R9
- XORL 16(SI),AX
- MOVL CX,0(DI)
- MOVL R8,48(DI)
- MOVL R9,32(DI)
- MOVL AX,16(DI)
- MOVD X0,CX
- MOVD X1,R8
- MOVD X2,R9
- MOVD X3,AX
- PSHUFL $0X39,X0,X0
- PSHUFL $0X39,X1,X1
- PSHUFL $0X39,X2,X2
- PSHUFL $0X39,X3,X3
- XORL 20(SI),CX
- XORL 4(SI),R8
- XORL 52(SI),R9
- XORL 36(SI),AX
- MOVL CX,20(DI)
- MOVL R8,4(DI)
- MOVL R9,52(DI)
- MOVL AX,36(DI)
- MOVD X0,CX
- MOVD X1,R8
- MOVD X2,R9
- MOVD X3,AX
- PSHUFL $0X39,X0,X0
- PSHUFL $0X39,X1,X1
- PSHUFL $0X39,X2,X2
- PSHUFL $0X39,X3,X3
- XORL 40(SI),CX
- XORL 24(SI),R8
- XORL 8(SI),R9
- XORL 56(SI),AX
- MOVL CX,40(DI)
- MOVL R8,24(DI)
- MOVL R9,8(DI)
- MOVL AX,56(DI)
- MOVD X0,CX
- MOVD X1,R8
- MOVD X2,R9
- MOVD X3,AX
- XORL 60(SI),CX
- XORL 44(SI),R8
- XORL 28(SI),R9
- XORL 12(SI),AX
- MOVL CX,60(DI)
- MOVL R8,44(DI)
- MOVL R9,28(DI)
- MOVL AX,12(DI)
- MOVQ 352(SP),R9
- MOVL 16(SP),CX
- MOVL 36 (SP),R8
- ADDQ $1,CX
- SHLQ $32,R8
- ADDQ R8,CX
- MOVQ CX,R8
- SHRQ $32,R8
- MOVL CX,16(SP)
- MOVL R8, 36 (SP)
- CMPQ R9,$64
- JA BYTESATLEAST65
- JAE BYTESATLEAST64
- MOVQ DI,SI
- MOVQ DX,DI
- MOVQ R9,CX
- REP; MOVSB
- BYTESATLEAST64:
- DONE:
- MOVQ R12,SP
- RET
- BYTESATLEAST65:
- SUBQ $64,R9
- ADDQ $64,DI
- ADDQ $64,SI
- JMP BYTESBETWEEN1AND255
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go b/vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go
deleted file mode 100644
index 9bfc092..0000000
--- a/vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go
+++ /dev/null
@@ -1,199 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package salsa
-
-// Core208 applies the Salsa20/8 core function to the 64-byte array in and puts
-// the result into the 64-byte array out. The input and output may be the same array.
-func Core208(out *[64]byte, in *[64]byte) {
- j0 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24
- j1 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24
- j2 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24
- j3 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24
- j4 := uint32(in[16]) | uint32(in[17])<<8 | uint32(in[18])<<16 | uint32(in[19])<<24
- j5 := uint32(in[20]) | uint32(in[21])<<8 | uint32(in[22])<<16 | uint32(in[23])<<24
- j6 := uint32(in[24]) | uint32(in[25])<<8 | uint32(in[26])<<16 | uint32(in[27])<<24
- j7 := uint32(in[28]) | uint32(in[29])<<8 | uint32(in[30])<<16 | uint32(in[31])<<24
- j8 := uint32(in[32]) | uint32(in[33])<<8 | uint32(in[34])<<16 | uint32(in[35])<<24
- j9 := uint32(in[36]) | uint32(in[37])<<8 | uint32(in[38])<<16 | uint32(in[39])<<24
- j10 := uint32(in[40]) | uint32(in[41])<<8 | uint32(in[42])<<16 | uint32(in[43])<<24
- j11 := uint32(in[44]) | uint32(in[45])<<8 | uint32(in[46])<<16 | uint32(in[47])<<24
- j12 := uint32(in[48]) | uint32(in[49])<<8 | uint32(in[50])<<16 | uint32(in[51])<<24
- j13 := uint32(in[52]) | uint32(in[53])<<8 | uint32(in[54])<<16 | uint32(in[55])<<24
- j14 := uint32(in[56]) | uint32(in[57])<<8 | uint32(in[58])<<16 | uint32(in[59])<<24
- j15 := uint32(in[60]) | uint32(in[61])<<8 | uint32(in[62])<<16 | uint32(in[63])<<24
-
- x0, x1, x2, x3, x4, x5, x6, x7, x8 := j0, j1, j2, j3, j4, j5, j6, j7, j8
- x9, x10, x11, x12, x13, x14, x15 := j9, j10, j11, j12, j13, j14, j15
-
- for i := 0; i < 8; i += 2 {
- u := x0 + x12
- x4 ^= u<<7 | u>>(32-7)
- u = x4 + x0
- x8 ^= u<<9 | u>>(32-9)
- u = x8 + x4
- x12 ^= u<<13 | u>>(32-13)
- u = x12 + x8
- x0 ^= u<<18 | u>>(32-18)
-
- u = x5 + x1
- x9 ^= u<<7 | u>>(32-7)
- u = x9 + x5
- x13 ^= u<<9 | u>>(32-9)
- u = x13 + x9
- x1 ^= u<<13 | u>>(32-13)
- u = x1 + x13
- x5 ^= u<<18 | u>>(32-18)
-
- u = x10 + x6
- x14 ^= u<<7 | u>>(32-7)
- u = x14 + x10
- x2 ^= u<<9 | u>>(32-9)
- u = x2 + x14
- x6 ^= u<<13 | u>>(32-13)
- u = x6 + x2
- x10 ^= u<<18 | u>>(32-18)
-
- u = x15 + x11
- x3 ^= u<<7 | u>>(32-7)
- u = x3 + x15
- x7 ^= u<<9 | u>>(32-9)
- u = x7 + x3
- x11 ^= u<<13 | u>>(32-13)
- u = x11 + x7
- x15 ^= u<<18 | u>>(32-18)
-
- u = x0 + x3
- x1 ^= u<<7 | u>>(32-7)
- u = x1 + x0
- x2 ^= u<<9 | u>>(32-9)
- u = x2 + x1
- x3 ^= u<<13 | u>>(32-13)
- u = x3 + x2
- x0 ^= u<<18 | u>>(32-18)
-
- u = x5 + x4
- x6 ^= u<<7 | u>>(32-7)
- u = x6 + x5
- x7 ^= u<<9 | u>>(32-9)
- u = x7 + x6
- x4 ^= u<<13 | u>>(32-13)
- u = x4 + x7
- x5 ^= u<<18 | u>>(32-18)
-
- u = x10 + x9
- x11 ^= u<<7 | u>>(32-7)
- u = x11 + x10
- x8 ^= u<<9 | u>>(32-9)
- u = x8 + x11
- x9 ^= u<<13 | u>>(32-13)
- u = x9 + x8
- x10 ^= u<<18 | u>>(32-18)
-
- u = x15 + x14
- x12 ^= u<<7 | u>>(32-7)
- u = x12 + x15
- x13 ^= u<<9 | u>>(32-9)
- u = x13 + x12
- x14 ^= u<<13 | u>>(32-13)
- u = x14 + x13
- x15 ^= u<<18 | u>>(32-18)
- }
- x0 += j0
- x1 += j1
- x2 += j2
- x3 += j3
- x4 += j4
- x5 += j5
- x6 += j6
- x7 += j7
- x8 += j8
- x9 += j9
- x10 += j10
- x11 += j11
- x12 += j12
- x13 += j13
- x14 += j14
- x15 += j15
-
- out[0] = byte(x0)
- out[1] = byte(x0 >> 8)
- out[2] = byte(x0 >> 16)
- out[3] = byte(x0 >> 24)
-
- out[4] = byte(x1)
- out[5] = byte(x1 >> 8)
- out[6] = byte(x1 >> 16)
- out[7] = byte(x1 >> 24)
-
- out[8] = byte(x2)
- out[9] = byte(x2 >> 8)
- out[10] = byte(x2 >> 16)
- out[11] = byte(x2 >> 24)
-
- out[12] = byte(x3)
- out[13] = byte(x3 >> 8)
- out[14] = byte(x3 >> 16)
- out[15] = byte(x3 >> 24)
-
- out[16] = byte(x4)
- out[17] = byte(x4 >> 8)
- out[18] = byte(x4 >> 16)
- out[19] = byte(x4 >> 24)
-
- out[20] = byte(x5)
- out[21] = byte(x5 >> 8)
- out[22] = byte(x5 >> 16)
- out[23] = byte(x5 >> 24)
-
- out[24] = byte(x6)
- out[25] = byte(x6 >> 8)
- out[26] = byte(x6 >> 16)
- out[27] = byte(x6 >> 24)
-
- out[28] = byte(x7)
- out[29] = byte(x7 >> 8)
- out[30] = byte(x7 >> 16)
- out[31] = byte(x7 >> 24)
-
- out[32] = byte(x8)
- out[33] = byte(x8 >> 8)
- out[34] = byte(x8 >> 16)
- out[35] = byte(x8 >> 24)
-
- out[36] = byte(x9)
- out[37] = byte(x9 >> 8)
- out[38] = byte(x9 >> 16)
- out[39] = byte(x9 >> 24)
-
- out[40] = byte(x10)
- out[41] = byte(x10 >> 8)
- out[42] = byte(x10 >> 16)
- out[43] = byte(x10 >> 24)
-
- out[44] = byte(x11)
- out[45] = byte(x11 >> 8)
- out[46] = byte(x11 >> 16)
- out[47] = byte(x11 >> 24)
-
- out[48] = byte(x12)
- out[49] = byte(x12 >> 8)
- out[50] = byte(x12 >> 16)
- out[51] = byte(x12 >> 24)
-
- out[52] = byte(x13)
- out[53] = byte(x13 >> 8)
- out[54] = byte(x13 >> 16)
- out[55] = byte(x13 >> 24)
-
- out[56] = byte(x14)
- out[57] = byte(x14 >> 8)
- out[58] = byte(x14 >> 16)
- out[59] = byte(x14 >> 24)
-
- out[60] = byte(x15)
- out[61] = byte(x15 >> 8)
- out[62] = byte(x15 >> 16)
- out[63] = byte(x15 >> 24)
-}
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
deleted file mode 100644
index f9269c3..0000000
--- a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
+++ /dev/null
@@ -1,24 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build amd64,!appengine,!gccgo
-
-package salsa
-
-// This function is implemented in salsa2020_amd64.s.
-
-//go:noescape
-
-func salsa2020XORKeyStream(out, in *byte, n uint64, nonce, key *byte)
-
-// XORKeyStream crypts bytes from in to out using the given key and counters.
-// In and out must overlap entirely or not at all. Counter
-// contains the raw salsa20 counter bytes (both nonce and block counter).
-func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
- if len(in) == 0 {
- return
- }
- _ = out[len(in)-1]
- salsa2020XORKeyStream(&out[0], &in[0], uint64(len(in)), &counter[0], &key[0])
-}
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go
deleted file mode 100644
index 22126d1..0000000
--- a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go
+++ /dev/null
@@ -1,234 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !amd64 appengine gccgo
-
-package salsa
-
-const rounds = 20
-
-// core applies the Salsa20 core function to 16-byte input in, 32-byte key k,
-// and 16-byte constant c, and puts the result into 64-byte array out.
-func core(out *[64]byte, in *[16]byte, k *[32]byte, c *[16]byte) {
- j0 := uint32(c[0]) | uint32(c[1])<<8 | uint32(c[2])<<16 | uint32(c[3])<<24
- j1 := uint32(k[0]) | uint32(k[1])<<8 | uint32(k[2])<<16 | uint32(k[3])<<24
- j2 := uint32(k[4]) | uint32(k[5])<<8 | uint32(k[6])<<16 | uint32(k[7])<<24
- j3 := uint32(k[8]) | uint32(k[9])<<8 | uint32(k[10])<<16 | uint32(k[11])<<24
- j4 := uint32(k[12]) | uint32(k[13])<<8 | uint32(k[14])<<16 | uint32(k[15])<<24
- j5 := uint32(c[4]) | uint32(c[5])<<8 | uint32(c[6])<<16 | uint32(c[7])<<24
- j6 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24
- j7 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24
- j8 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24
- j9 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24
- j10 := uint32(c[8]) | uint32(c[9])<<8 | uint32(c[10])<<16 | uint32(c[11])<<24
- j11 := uint32(k[16]) | uint32(k[17])<<8 | uint32(k[18])<<16 | uint32(k[19])<<24
- j12 := uint32(k[20]) | uint32(k[21])<<8 | uint32(k[22])<<16 | uint32(k[23])<<24
- j13 := uint32(k[24]) | uint32(k[25])<<8 | uint32(k[26])<<16 | uint32(k[27])<<24
- j14 := uint32(k[28]) | uint32(k[29])<<8 | uint32(k[30])<<16 | uint32(k[31])<<24
- j15 := uint32(c[12]) | uint32(c[13])<<8 | uint32(c[14])<<16 | uint32(c[15])<<24
-
- x0, x1, x2, x3, x4, x5, x6, x7, x8 := j0, j1, j2, j3, j4, j5, j6, j7, j8
- x9, x10, x11, x12, x13, x14, x15 := j9, j10, j11, j12, j13, j14, j15
-
- for i := 0; i < rounds; i += 2 {
- u := x0 + x12
- x4 ^= u<<7 | u>>(32-7)
- u = x4 + x0
- x8 ^= u<<9 | u>>(32-9)
- u = x8 + x4
- x12 ^= u<<13 | u>>(32-13)
- u = x12 + x8
- x0 ^= u<<18 | u>>(32-18)
-
- u = x5 + x1
- x9 ^= u<<7 | u>>(32-7)
- u = x9 + x5
- x13 ^= u<<9 | u>>(32-9)
- u = x13 + x9
- x1 ^= u<<13 | u>>(32-13)
- u = x1 + x13
- x5 ^= u<<18 | u>>(32-18)
-
- u = x10 + x6
- x14 ^= u<<7 | u>>(32-7)
- u = x14 + x10
- x2 ^= u<<9 | u>>(32-9)
- u = x2 + x14
- x6 ^= u<<13 | u>>(32-13)
- u = x6 + x2
- x10 ^= u<<18 | u>>(32-18)
-
- u = x15 + x11
- x3 ^= u<<7 | u>>(32-7)
- u = x3 + x15
- x7 ^= u<<9 | u>>(32-9)
- u = x7 + x3
- x11 ^= u<<13 | u>>(32-13)
- u = x11 + x7
- x15 ^= u<<18 | u>>(32-18)
-
- u = x0 + x3
- x1 ^= u<<7 | u>>(32-7)
- u = x1 + x0
- x2 ^= u<<9 | u>>(32-9)
- u = x2 + x1
- x3 ^= u<<13 | u>>(32-13)
- u = x3 + x2
- x0 ^= u<<18 | u>>(32-18)
-
- u = x5 + x4
- x6 ^= u<<7 | u>>(32-7)
- u = x6 + x5
- x7 ^= u<<9 | u>>(32-9)
- u = x7 + x6
- x4 ^= u<<13 | u>>(32-13)
- u = x4 + x7
- x5 ^= u<<18 | u>>(32-18)
-
- u = x10 + x9
- x11 ^= u<<7 | u>>(32-7)
- u = x11 + x10
- x8 ^= u<<9 | u>>(32-9)
- u = x8 + x11
- x9 ^= u<<13 | u>>(32-13)
- u = x9 + x8
- x10 ^= u<<18 | u>>(32-18)
-
- u = x15 + x14
- x12 ^= u<<7 | u>>(32-7)
- u = x12 + x15
- x13 ^= u<<9 | u>>(32-9)
- u = x13 + x12
- x14 ^= u<<13 | u>>(32-13)
- u = x14 + x13
- x15 ^= u<<18 | u>>(32-18)
- }
- x0 += j0
- x1 += j1
- x2 += j2
- x3 += j3
- x4 += j4
- x5 += j5
- x6 += j6
- x7 += j7
- x8 += j8
- x9 += j9
- x10 += j10
- x11 += j11
- x12 += j12
- x13 += j13
- x14 += j14
- x15 += j15
-
- out[0] = byte(x0)
- out[1] = byte(x0 >> 8)
- out[2] = byte(x0 >> 16)
- out[3] = byte(x0 >> 24)
-
- out[4] = byte(x1)
- out[5] = byte(x1 >> 8)
- out[6] = byte(x1 >> 16)
- out[7] = byte(x1 >> 24)
-
- out[8] = byte(x2)
- out[9] = byte(x2 >> 8)
- out[10] = byte(x2 >> 16)
- out[11] = byte(x2 >> 24)
-
- out[12] = byte(x3)
- out[13] = byte(x3 >> 8)
- out[14] = byte(x3 >> 16)
- out[15] = byte(x3 >> 24)
-
- out[16] = byte(x4)
- out[17] = byte(x4 >> 8)
- out[18] = byte(x4 >> 16)
- out[19] = byte(x4 >> 24)
-
- out[20] = byte(x5)
- out[21] = byte(x5 >> 8)
- out[22] = byte(x5 >> 16)
- out[23] = byte(x5 >> 24)
-
- out[24] = byte(x6)
- out[25] = byte(x6 >> 8)
- out[26] = byte(x6 >> 16)
- out[27] = byte(x6 >> 24)
-
- out[28] = byte(x7)
- out[29] = byte(x7 >> 8)
- out[30] = byte(x7 >> 16)
- out[31] = byte(x7 >> 24)
-
- out[32] = byte(x8)
- out[33] = byte(x8 >> 8)
- out[34] = byte(x8 >> 16)
- out[35] = byte(x8 >> 24)
-
- out[36] = byte(x9)
- out[37] = byte(x9 >> 8)
- out[38] = byte(x9 >> 16)
- out[39] = byte(x9 >> 24)
-
- out[40] = byte(x10)
- out[41] = byte(x10 >> 8)
- out[42] = byte(x10 >> 16)
- out[43] = byte(x10 >> 24)
-
- out[44] = byte(x11)
- out[45] = byte(x11 >> 8)
- out[46] = byte(x11 >> 16)
- out[47] = byte(x11 >> 24)
-
- out[48] = byte(x12)
- out[49] = byte(x12 >> 8)
- out[50] = byte(x12 >> 16)
- out[51] = byte(x12 >> 24)
-
- out[52] = byte(x13)
- out[53] = byte(x13 >> 8)
- out[54] = byte(x13 >> 16)
- out[55] = byte(x13 >> 24)
-
- out[56] = byte(x14)
- out[57] = byte(x14 >> 8)
- out[58] = byte(x14 >> 16)
- out[59] = byte(x14 >> 24)
-
- out[60] = byte(x15)
- out[61] = byte(x15 >> 8)
- out[62] = byte(x15 >> 16)
- out[63] = byte(x15 >> 24)
-}
-
-// XORKeyStream crypts bytes from in to out using the given key and counters.
-// In and out must overlap entirely or not at all. Counter
-// contains the raw salsa20 counter bytes (both nonce and block counter).
-func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
- var block [64]byte
- var counterCopy [16]byte
- copy(counterCopy[:], counter[:])
-
- for len(in) >= 64 {
- core(&block, &counterCopy, key, &Sigma)
- for i, x := range block {
- out[i] = in[i] ^ x
- }
- u := uint32(1)
- for i := 8; i < 16; i++ {
- u += uint32(counterCopy[i])
- counterCopy[i] = byte(u)
- u >>= 8
- }
- in = in[64:]
- out = out[64:]
- }
-
- if len(in) > 0 {
- core(&block, &counterCopy, key, &Sigma)
- for i, v := range in {
- out[i] = v ^ block[i]
- }
- }
-}
diff --git a/vendor/golang.org/x/sys/LICENSE b/vendor/golang.org/x/sys/LICENSE
deleted file mode 100644
index 6a66aea..0000000
--- a/vendor/golang.org/x/sys/LICENSE
+++ /dev/null
@@ -1,27 +0,0 @@
-Copyright (c) 2009 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
- * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
- * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/golang.org/x/sys/PATENTS b/vendor/golang.org/x/sys/PATENTS
deleted file mode 100644
index 7330990..0000000
--- a/vendor/golang.org/x/sys/PATENTS
+++ /dev/null
@@ -1,22 +0,0 @@
-Additional IP Rights Grant (Patents)
-
-"This implementation" means the copyrightable works distributed by
-Google as part of the Go project.
-
-Google hereby grants to You a perpetual, worldwide, non-exclusive,
-no-charge, royalty-free, irrevocable (except as stated in this section)
-patent license to make, have made, use, offer to sell, sell, import,
-transfer and otherwise run, modify and propagate the contents of this
-implementation of Go, where such license applies only to those patent
-claims, both currently owned or controlled by Google and acquired in
-the future, licensable by Google that are necessarily infringed by this
-implementation of Go. This grant does not include claims that would be
-infringed only as a consequence of further modification of this
-implementation. If you or your agent or exclusive licensee institute or
-order or agree to the institution of patent litigation against any
-entity (including a cross-claim or counterclaim in a lawsuit) alleging
-that this implementation of Go or any code incorporated within this
-implementation of Go constitutes direct or contributory patent
-infringement, or inducement of patent infringement, then any patent
-rights granted to you under this License for this implementation of Go
-shall terminate as of the date such litigation is filed.
diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go
deleted file mode 100644
index 3d88f86..0000000
--- a/vendor/golang.org/x/sys/cpu/cpu.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package cpu implements processor feature detection for
-// various CPU architectures.
-package cpu
-
-// CacheLinePad is used to pad structs to avoid false sharing.
-type CacheLinePad struct{ _ [cacheLineSize]byte }
-
-// X86 contains the supported CPU features of the
-// current X86/AMD64 platform. If the current platform
-// is not X86/AMD64 then all feature flags are false.
-//
-// X86 is padded to avoid false sharing. Further the HasAVX
-// and HasAVX2 are only set if the OS supports XMM and YMM
-// registers in addition to the CPUID feature bit being set.
-var X86 struct {
- _ CacheLinePad
- HasAES bool // AES hardware implementation (AES NI)
- HasADX bool // Multi-precision add-carry instruction extensions
- HasAVX bool // Advanced vector extension
- HasAVX2 bool // Advanced vector extension 2
- HasBMI1 bool // Bit manipulation instruction set 1
- HasBMI2 bool // Bit manipulation instruction set 2
- HasERMS bool // Enhanced REP for MOVSB and STOSB
- HasFMA bool // Fused-multiply-add instructions
- HasOSXSAVE bool // OS supports XSAVE/XRESTOR for saving/restoring XMM registers.
- HasPCLMULQDQ bool // PCLMULQDQ instruction - most often used for AES-GCM
- HasPOPCNT bool // Hamming weight instruction POPCNT.
- HasSSE2 bool // Streaming SIMD extension 2 (always available on amd64)
- HasSSE3 bool // Streaming SIMD extension 3
- HasSSSE3 bool // Supplemental streaming SIMD extension 3
- HasSSE41 bool // Streaming SIMD extension 4 and 4.1
- HasSSE42 bool // Streaming SIMD extension 4 and 4.2
- _ CacheLinePad
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm.go b/vendor/golang.org/x/sys/cpu/cpu_arm.go
deleted file mode 100644
index d93036f..0000000
--- a/vendor/golang.org/x/sys/cpu/cpu_arm.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-const cacheLineSize = 32
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
deleted file mode 100644
index 1d2ab29..0000000
--- a/vendor/golang.org/x/sys/cpu/cpu_arm64.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-const cacheLineSize = 64
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
deleted file mode 100644
index f7cb469..0000000
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build 386 amd64 amd64p32
-// +build !gccgo
-
-package cpu
-
-// cpuid is implemented in cpu_x86.s for gc compiler
-// and in cpu_gccgo.c for gccgo.
-func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
-
-// xgetbv with ecx = 0 is implemented in cpu_x86.s for gc compiler
-// and in cpu_gccgo.c for gccgo.
-func xgetbv() (eax, edx uint32)
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo.c b/vendor/golang.org/x/sys/cpu/cpu_gccgo.c
deleted file mode 100644
index e363c7d..0000000
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo.c
+++ /dev/null
@@ -1,43 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build 386 amd64 amd64p32
-// +build gccgo
-
-#include
-#include
-
-// Need to wrap __get_cpuid_count because it's declared as static.
-int
-gccgoGetCpuidCount(uint32_t leaf, uint32_t subleaf,
- uint32_t *eax, uint32_t *ebx,
- uint32_t *ecx, uint32_t *edx)
-{
- return __get_cpuid_count(leaf, subleaf, eax, ebx, ecx, edx);
-}
-
-// xgetbv reads the contents of an XCR (Extended Control Register)
-// specified in the ECX register into registers EDX:EAX.
-// Currently, the only supported value for XCR is 0.
-//
-// TODO: Replace with a better alternative:
-//
-// #include
-//
-// #pragma GCC target("xsave")
-//
-// void gccgoXgetbv(uint32_t *eax, uint32_t *edx) {
-// unsigned long long x = _xgetbv(0);
-// *eax = x & 0xffffffff;
-// *edx = (x >> 32) & 0xffffffff;
-// }
-//
-// Note that _xgetbv is defined starting with GCC 8.
-void
-gccgoXgetbv(uint32_t *eax, uint32_t *edx)
-{
- __asm(" xorl %%ecx, %%ecx\n"
- " xgetbv"
- : "=a"(*eax), "=d"(*edx));
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo.go
deleted file mode 100644
index ba49b91..0000000
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo.go
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build 386 amd64 amd64p32
-// +build gccgo
-
-package cpu
-
-//extern gccgoGetCpuidCount
-func gccgoGetCpuidCount(eaxArg, ecxArg uint32, eax, ebx, ecx, edx *uint32)
-
-func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) {
- var a, b, c, d uint32
- gccgoGetCpuidCount(eaxArg, ecxArg, &a, &b, &c, &d)
- return a, b, c, d
-}
-
-//extern gccgoXgetbv
-func gccgoXgetbv(eax, edx *uint32)
-
-func xgetbv() (eax, edx uint32) {
- var a, d uint32
- gccgoXgetbv(&a, &d)
- return a, d
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
deleted file mode 100644
index 6165f12..0000000
--- a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build mips64 mips64le
-
-package cpu
-
-const cacheLineSize = 32
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
deleted file mode 100644
index 1269eee..0000000
--- a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build mips mipsle
-
-package cpu
-
-const cacheLineSize = 32
diff --git a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
deleted file mode 100644
index d10759a..0000000
--- a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build ppc64 ppc64le
-
-package cpu
-
-const cacheLineSize = 128
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
deleted file mode 100644
index 684c4f0..0000000
--- a/vendor/golang.org/x/sys/cpu/cpu_s390x.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-const cacheLineSize = 256
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go
deleted file mode 100644
index 71e288b..0000000
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.go
+++ /dev/null
@@ -1,55 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build 386 amd64 amd64p32
-
-package cpu
-
-const cacheLineSize = 64
-
-func init() {
- maxID, _, _, _ := cpuid(0, 0)
-
- if maxID < 1 {
- return
- }
-
- _, _, ecx1, edx1 := cpuid(1, 0)
- X86.HasSSE2 = isSet(26, edx1)
-
- X86.HasSSE3 = isSet(0, ecx1)
- X86.HasPCLMULQDQ = isSet(1, ecx1)
- X86.HasSSSE3 = isSet(9, ecx1)
- X86.HasFMA = isSet(12, ecx1)
- X86.HasSSE41 = isSet(19, ecx1)
- X86.HasSSE42 = isSet(20, ecx1)
- X86.HasPOPCNT = isSet(23, ecx1)
- X86.HasAES = isSet(25, ecx1)
- X86.HasOSXSAVE = isSet(27, ecx1)
-
- osSupportsAVX := false
- // For XGETBV, OSXSAVE bit is required and sufficient.
- if X86.HasOSXSAVE {
- eax, _ := xgetbv()
- // Check if XMM and YMM registers have OS support.
- osSupportsAVX = isSet(1, eax) && isSet(2, eax)
- }
-
- X86.HasAVX = isSet(28, ecx1) && osSupportsAVX
-
- if maxID < 7 {
- return
- }
-
- _, ebx7, _, _ := cpuid(7, 0)
- X86.HasBMI1 = isSet(3, ebx7)
- X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX
- X86.HasBMI2 = isSet(8, ebx7)
- X86.HasERMS = isSet(9, ebx7)
- X86.HasADX = isSet(19, ebx7)
-}
-
-func isSet(bitpos uint, value uint32) bool {
- return value&(1<
Date: Sun, 2 Sep 2018 22:16:24 +0800
Subject: [PATCH 282/341] general: add vendor folder
---
README.md | 8 +-
conf.go | 9 +-
vendor/github.com/Yawning/chacha20/LICENSE | 122 +
vendor/github.com/Yawning/chacha20/README.md | 14 +
.../github.com/Yawning/chacha20/chacha20.go | 273 ++
.../Yawning/chacha20/chacha20_amd64.go | 95 +
.../Yawning/chacha20/chacha20_amd64.py | 1295 ++++++++
.../Yawning/chacha20/chacha20_amd64.s | 1180 ++++++++
.../Yawning/chacha20/chacha20_ref.go | 394 +++
.../Yawning/chacha20/chacha20_ref_go19.go | 395 +++
vendor/github.com/aead/chacha20/LICENSE | 21 +
vendor/github.com/aead/chacha20/README.md | 82 +
.../github.com/aead/chacha20/chacha/chacha.go | 197 ++
.../aead/chacha20/chacha/chachaAVX2_amd64.s | 406 +++
.../aead/chacha20/chacha/chacha_386.go | 60 +
.../aead/chacha20/chacha/chacha_386.s | 163 +
.../aead/chacha20/chacha/chacha_amd64.go | 76 +
.../aead/chacha20/chacha/chacha_amd64.s | 1072 +++++++
.../aead/chacha20/chacha/chacha_generic.go | 319 ++
.../aead/chacha20/chacha/chacha_ref.go | 33 +
.../github.com/aead/chacha20/chacha/const.s | 53 +
.../github.com/aead/chacha20/chacha/macro.s | 163 +
vendor/github.com/aead/chacha20/chacha20.go | 41 +
.../dgryski/go-camellia/camellia.go | 368 +++
.../dgryski/go-camellia/t_camellia.pl | 58 +
vendor/github.com/dgryski/go-idea/idea.go | 250 ++
vendor/github.com/dgryski/go-rc2/LICENSE | 21 +
vendor/github.com/dgryski/go-rc2/rc2.go | 284 ++
vendor/github.com/nadoo/conflag/LICENSE | 674 +++++
vendor/github.com/nadoo/conflag/README.md | 111 +
vendor/github.com/nadoo/conflag/conflag.go | 151 +
.../github.com/nadoo/conflag/string_slice.go | 47 +
.../nadoo/conflag/string_slice_uniq.go | 51 +
.../github.com/nadoo/go-shadowsocks2/LICENSE | 202 ++
.../nadoo/go-shadowsocks2/core/cipher.go | 155 +
.../nadoo/go-shadowsocks2/core/doc.go | 2 +
.../nadoo/go-shadowsocks2/core/packet.go | 8 +
.../nadoo/go-shadowsocks2/core/stream.go | 23 +
.../go-shadowsocks2/shadowaead/cipher.go | 92 +
.../nadoo/go-shadowsocks2/shadowaead/doc.go | 35 +
.../go-shadowsocks2/shadowaead/packet.go | 97 +
.../go-shadowsocks2/shadowaead/stream.go | 270 ++
.../go-shadowsocks2/shadowstream/cipher.go | 134 +
.../nadoo/go-shadowsocks2/shadowstream/doc.go | 2 +
.../go-shadowsocks2/shadowstream/packet.go | 80 +
.../go-shadowsocks2/shadowstream/stream.go | 171 ++
.../sun8911879/shadowsocksR/LICENSE | 21 +
.../sun8911879/shadowsocksR/README.md | 84 +
.../sun8911879/shadowsocksR/client.go | 61 +
.../sun8911879/shadowsocksR/encrypt.go | 296 ++
.../sun8911879/shadowsocksR/obfs/base.go | 35 +
.../sun8911879/shadowsocksR/obfs/http_post.go | 19 +
.../shadowsocksR/obfs/http_simple.go | 178 ++
.../sun8911879/shadowsocksR/obfs/plain.go | 42 +
.../shadowsocksR/obfs/random_head.go | 79 +
.../shadowsocksR/obfs/tls12_ticket_auth.go | 279 ++
.../shadowsocksR/protocol/auth_aes128_md5.go | 282 ++
.../shadowsocksR/protocol/auth_aes128_sha1.go | 28 +
.../shadowsocksR/protocol/auth_sha1_v4.go | 232 ++
.../sun8911879/shadowsocksR/protocol/base.go | 39 +
.../shadowsocksR/protocol/origin.go | 42 +
.../shadowsocksR/protocol/verify_sha1.go | 101 +
.../sun8911879/shadowsocksR/ssr/adler32.go | 31 +
.../sun8911879/shadowsocksR/ssr/crc32.go | 52 +
.../sun8911879/shadowsocksR/ssr/obfs.go | 55 +
.../github.com/sun8911879/shadowsocksR/tcp.go | 251 ++
.../sun8911879/shadowsocksR/tools/encrypt.go | 51 +
.../shadowsocksR/tools/leakybuf/leakybuf.go | 47 +
vendor/golang.org/x/crypto/LICENSE | 27 +
vendor/golang.org/x/crypto/PATENTS | 22 +
vendor/golang.org/x/crypto/blowfish/block.go | 159 +
vendor/golang.org/x/crypto/blowfish/cipher.go | 91 +
vendor/golang.org/x/crypto/blowfish/const.go | 199 ++
vendor/golang.org/x/crypto/cast5/cast5.go | 526 ++++
.../chacha20poly1305/chacha20poly1305.go | 101 +
.../chacha20poly1305_amd64.go | 86 +
.../chacha20poly1305/chacha20poly1305_amd64.s | 2695 +++++++++++++++++
.../chacha20poly1305_generic.go | 81 +
.../chacha20poly1305_noasm.go | 15 +
.../chacha20poly1305/xchacha20poly1305.go | 104 +
vendor/golang.org/x/crypto/hkdf/hkdf.go | 75 +
.../internal/chacha20/chacha_generic.go | 264 ++
.../crypto/internal/chacha20/chacha_noasm.go | 16 +
.../crypto/internal/chacha20/chacha_s390x.go | 30 +
.../x/crypto/internal/chacha20/chacha_s390x.s | 283 ++
.../x/crypto/internal/chacha20/xor.go | 43 +
.../x/crypto/internal/subtle/aliasing.go | 32 +
.../internal/subtle/aliasing_appengine.go | 35 +
.../golang.org/x/crypto/poly1305/poly1305.go | 33 +
.../golang.org/x/crypto/poly1305/sum_amd64.go | 22 +
.../golang.org/x/crypto/poly1305/sum_amd64.s | 125 +
.../golang.org/x/crypto/poly1305/sum_arm.go | 22 +
vendor/golang.org/x/crypto/poly1305/sum_arm.s | 427 +++
.../golang.org/x/crypto/poly1305/sum_noasm.go | 14 +
.../golang.org/x/crypto/poly1305/sum_ref.go | 139 +
.../golang.org/x/crypto/poly1305/sum_s390x.go | 49 +
.../golang.org/x/crypto/poly1305/sum_s390x.s | 400 +++
.../x/crypto/poly1305/sum_vmsl_s390x.s | 931 ++++++
.../x/crypto/salsa20/salsa/hsalsa20.go | 144 +
.../x/crypto/salsa20/salsa/salsa2020_amd64.s | 889 ++++++
.../x/crypto/salsa20/salsa/salsa208.go | 199 ++
.../x/crypto/salsa20/salsa/salsa20_amd64.go | 24 +
.../x/crypto/salsa20/salsa/salsa20_ref.go | 234 ++
vendor/golang.org/x/sys/LICENSE | 27 +
vendor/golang.org/x/sys/PATENTS | 22 +
vendor/golang.org/x/sys/cpu/cpu.go | 38 +
vendor/golang.org/x/sys/cpu/cpu_arm.go | 7 +
vendor/golang.org/x/sys/cpu/cpu_arm64.go | 7 +
vendor/golang.org/x/sys/cpu/cpu_gc_x86.go | 16 +
vendor/golang.org/x/sys/cpu/cpu_gccgo.c | 43 +
vendor/golang.org/x/sys/cpu/cpu_gccgo.go | 26 +
vendor/golang.org/x/sys/cpu/cpu_mips64x.go | 9 +
vendor/golang.org/x/sys/cpu/cpu_mipsx.go | 9 +
vendor/golang.org/x/sys/cpu/cpu_ppc64x.go | 9 +
vendor/golang.org/x/sys/cpu/cpu_s390x.go | 7 +
vendor/golang.org/x/sys/cpu/cpu_x86.go | 55 +
vendor/golang.org/x/sys/cpu/cpu_x86.s | 27 +
vendor/vendor.json | 157 +
118 files changed, 21052 insertions(+), 5 deletions(-)
create mode 100644 vendor/github.com/Yawning/chacha20/LICENSE
create mode 100644 vendor/github.com/Yawning/chacha20/README.md
create mode 100644 vendor/github.com/Yawning/chacha20/chacha20.go
create mode 100644 vendor/github.com/Yawning/chacha20/chacha20_amd64.go
create mode 100644 vendor/github.com/Yawning/chacha20/chacha20_amd64.py
create mode 100644 vendor/github.com/Yawning/chacha20/chacha20_amd64.s
create mode 100644 vendor/github.com/Yawning/chacha20/chacha20_ref.go
create mode 100644 vendor/github.com/Yawning/chacha20/chacha20_ref_go19.go
create mode 100644 vendor/github.com/aead/chacha20/LICENSE
create mode 100644 vendor/github.com/aead/chacha20/README.md
create mode 100644 vendor/github.com/aead/chacha20/chacha/chacha.go
create mode 100644 vendor/github.com/aead/chacha20/chacha/chachaAVX2_amd64.s
create mode 100644 vendor/github.com/aead/chacha20/chacha/chacha_386.go
create mode 100644 vendor/github.com/aead/chacha20/chacha/chacha_386.s
create mode 100644 vendor/github.com/aead/chacha20/chacha/chacha_amd64.go
create mode 100644 vendor/github.com/aead/chacha20/chacha/chacha_amd64.s
create mode 100644 vendor/github.com/aead/chacha20/chacha/chacha_generic.go
create mode 100644 vendor/github.com/aead/chacha20/chacha/chacha_ref.go
create mode 100644 vendor/github.com/aead/chacha20/chacha/const.s
create mode 100644 vendor/github.com/aead/chacha20/chacha/macro.s
create mode 100644 vendor/github.com/aead/chacha20/chacha20.go
create mode 100644 vendor/github.com/dgryski/go-camellia/camellia.go
create mode 100644 vendor/github.com/dgryski/go-camellia/t_camellia.pl
create mode 100644 vendor/github.com/dgryski/go-idea/idea.go
create mode 100644 vendor/github.com/dgryski/go-rc2/LICENSE
create mode 100644 vendor/github.com/dgryski/go-rc2/rc2.go
create mode 100644 vendor/github.com/nadoo/conflag/LICENSE
create mode 100644 vendor/github.com/nadoo/conflag/README.md
create mode 100644 vendor/github.com/nadoo/conflag/conflag.go
create mode 100644 vendor/github.com/nadoo/conflag/string_slice.go
create mode 100644 vendor/github.com/nadoo/conflag/string_slice_uniq.go
create mode 100644 vendor/github.com/nadoo/go-shadowsocks2/LICENSE
create mode 100644 vendor/github.com/nadoo/go-shadowsocks2/core/cipher.go
create mode 100644 vendor/github.com/nadoo/go-shadowsocks2/core/doc.go
create mode 100644 vendor/github.com/nadoo/go-shadowsocks2/core/packet.go
create mode 100644 vendor/github.com/nadoo/go-shadowsocks2/core/stream.go
create mode 100644 vendor/github.com/nadoo/go-shadowsocks2/shadowaead/cipher.go
create mode 100644 vendor/github.com/nadoo/go-shadowsocks2/shadowaead/doc.go
create mode 100644 vendor/github.com/nadoo/go-shadowsocks2/shadowaead/packet.go
create mode 100644 vendor/github.com/nadoo/go-shadowsocks2/shadowaead/stream.go
create mode 100644 vendor/github.com/nadoo/go-shadowsocks2/shadowstream/cipher.go
create mode 100644 vendor/github.com/nadoo/go-shadowsocks2/shadowstream/doc.go
create mode 100644 vendor/github.com/nadoo/go-shadowsocks2/shadowstream/packet.go
create mode 100644 vendor/github.com/nadoo/go-shadowsocks2/shadowstream/stream.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/LICENSE
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/README.md
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/client.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/encrypt.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/base.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/http_post.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/http_simple.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/plain.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/random_head.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/obfs/tls12_ticket_auth.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_md5.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_sha1.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/auth_sha1_v4.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/base.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/origin.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/protocol/verify_sha1.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/ssr/adler32.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/ssr/crc32.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/ssr/obfs.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/tcp.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/tools/encrypt.go
create mode 100644 vendor/github.com/sun8911879/shadowsocksR/tools/leakybuf/leakybuf.go
create mode 100644 vendor/golang.org/x/crypto/LICENSE
create mode 100644 vendor/golang.org/x/crypto/PATENTS
create mode 100644 vendor/golang.org/x/crypto/blowfish/block.go
create mode 100644 vendor/golang.org/x/crypto/blowfish/cipher.go
create mode 100644 vendor/golang.org/x/crypto/blowfish/const.go
create mode 100644 vendor/golang.org/x/crypto/cast5/cast5.go
create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go
create mode 100644 vendor/golang.org/x/crypto/hkdf/hkdf.go
create mode 100644 vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go
create mode 100644 vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
create mode 100644 vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go
create mode 100644 vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.s
create mode 100644 vendor/golang.org/x/crypto/internal/chacha20/xor.go
create mode 100644 vendor/golang.org/x/crypto/internal/subtle/aliasing.go
create mode 100644 vendor/golang.org/x/crypto/internal/subtle/aliasing_appengine.go
create mode 100644 vendor/golang.org/x/crypto/poly1305/poly1305.go
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_amd64.go
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_amd64.s
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_arm.go
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_arm.s
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_noasm.go
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_ref.go
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_s390x.go
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_s390x.s
create mode 100644 vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s
create mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go
create mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa2020_amd64.s
create mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go
create mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
create mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go
create mode 100644 vendor/golang.org/x/sys/LICENSE
create mode 100644 vendor/golang.org/x/sys/PATENTS
create mode 100644 vendor/golang.org/x/sys/cpu/cpu.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_arm.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_arm64.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_gccgo.c
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_gccgo.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_mips64x.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_mipsx.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_s390x.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_x86.go
create mode 100644 vendor/golang.org/x/sys/cpu/cpu_x86.s
create mode 100644 vendor/vendor.json
diff --git a/README.md b/README.md
index 76d006a..e8a0ca6 100644
--- a/README.md
+++ b/README.md
@@ -172,8 +172,12 @@ SS scheme:
ss://method:pass@host:port
Available methods for ss:
- AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AEAD_XCHACHA20_POLY1305 AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20 CHACHA20
- NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305, xchacha20-ietf-poly1305 = AEAD_XCHACHA20_POLY1305
+ AEAD Ciphers:
+ AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AEAD_XCHACHA20_POLY1305
+ Stream Ciphers:
+ AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20 CHACHA20 RC4-MD5
+ Alias:
+ chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305, xchacha20-ietf-poly1305 = AEAD_XCHACHA20_POLY1305
SSR scheme:
ssr://method:pass@host:port?protocol=xxx&protocol_param=yyy&obfs=zzz&obfs_param=xyz
diff --git a/conf.go b/conf.go
index c0b43c8..89ec134 100644
--- a/conf.go
+++ b/conf.go
@@ -136,9 +136,12 @@ func usage() {
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Available methods for ss:\n")
- fmt.Fprintf(os.Stderr, " AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AEAD_XCHACHA20_POLY1305 AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20 CHACHA20")
- fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " NOTE: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305, xchacha20-ietf-poly1305 = AEAD_XCHACHA20_POLY1305\n")
+ fmt.Fprintf(os.Stderr, " AEAD Ciphers:\n")
+ fmt.Fprintf(os.Stderr, " AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AEAD_XCHACHA20_POLY1305\n")
+ fmt.Fprintf(os.Stderr, " Stream Ciphers:\n")
+ fmt.Fprintf(os.Stderr, " AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20 CHACHA20 RC4-MD5\n")
+ fmt.Fprintf(os.Stderr, " Alias:\n")
+ fmt.Fprintf(os.Stderr, " chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305, xchacha20-ietf-poly1305 = AEAD_XCHACHA20_POLY1305\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "SSR scheme:\n")
diff --git a/vendor/github.com/Yawning/chacha20/LICENSE b/vendor/github.com/Yawning/chacha20/LICENSE
new file mode 100644
index 0000000..6ca207e
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/LICENSE
@@ -0,0 +1,122 @@
+Creative Commons Legal Code
+
+CC0 1.0 Universal
+
+ CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
+ LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
+ ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
+ INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
+ REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
+ PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
+ THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
+ HEREUNDER.
+
+Statement of Purpose
+
+The laws of most jurisdictions throughout the world automatically confer
+exclusive Copyright and Related Rights (defined below) upon the creator
+and subsequent owner(s) (each and all, an "owner") of an original work of
+authorship and/or a database (each, a "Work").
+
+Certain owners wish to permanently relinquish those rights to a Work for
+the purpose of contributing to a commons of creative, cultural and
+scientific works ("Commons") that the public can reliably and without fear
+of later claims of infringement build upon, modify, incorporate in other
+works, reuse and redistribute as freely as possible in any form whatsoever
+and for any purposes, including without limitation commercial purposes.
+These owners may contribute to the Commons to promote the ideal of a free
+culture and the further production of creative, cultural and scientific
+works, or to gain reputation or greater distribution for their Work in
+part through the use and efforts of others.
+
+For these and/or other purposes and motivations, and without any
+expectation of additional consideration or compensation, the person
+associating CC0 with a Work (the "Affirmer"), to the extent that he or she
+is an owner of Copyright and Related Rights in the Work, voluntarily
+elects to apply CC0 to the Work and publicly distribute the Work under its
+terms, with knowledge of his or her Copyright and Related Rights in the
+Work and the meaning and intended legal effect of CC0 on those rights.
+
+1. Copyright and Related Rights. A Work made available under CC0 may be
+protected by copyright and related or neighboring rights ("Copyright and
+Related Rights"). Copyright and Related Rights include, but are not
+limited to, the following:
+
+ i. the right to reproduce, adapt, distribute, perform, display,
+ communicate, and translate a Work;
+ ii. moral rights retained by the original author(s) and/or performer(s);
+iii. publicity and privacy rights pertaining to a person's image or
+ likeness depicted in a Work;
+ iv. rights protecting against unfair competition in regards to a Work,
+ subject to the limitations in paragraph 4(a), below;
+ v. rights protecting the extraction, dissemination, use and reuse of data
+ in a Work;
+ vi. database rights (such as those arising under Directive 96/9/EC of the
+ European Parliament and of the Council of 11 March 1996 on the legal
+ protection of databases, and under any national implementation
+ thereof, including any amended or successor version of such
+ directive); and
+vii. other similar, equivalent or corresponding rights throughout the
+ world based on applicable law or treaty, and any national
+ implementations thereof.
+
+2. Waiver. To the greatest extent permitted by, but not in contravention
+of, applicable law, Affirmer hereby overtly, fully, permanently,
+irrevocably and unconditionally waives, abandons, and surrenders all of
+Affirmer's Copyright and Related Rights and associated claims and causes
+of action, whether now known or unknown (including existing as well as
+future claims and causes of action), in the Work (i) in all territories
+worldwide, (ii) for the maximum duration provided by applicable law or
+treaty (including future time extensions), (iii) in any current or future
+medium and for any number of copies, and (iv) for any purpose whatsoever,
+including without limitation commercial, advertising or promotional
+purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
+member of the public at large and to the detriment of Affirmer's heirs and
+successors, fully intending that such Waiver shall not be subject to
+revocation, rescission, cancellation, termination, or any other legal or
+equitable action to disrupt the quiet enjoyment of the Work by the public
+as contemplated by Affirmer's express Statement of Purpose.
+
+3. Public License Fallback. Should any part of the Waiver for any reason
+be judged legally invalid or ineffective under applicable law, then the
+Waiver shall be preserved to the maximum extent permitted taking into
+account Affirmer's express Statement of Purpose. In addition, to the
+extent the Waiver is so judged Affirmer hereby grants to each affected
+person a royalty-free, non transferable, non sublicensable, non exclusive,
+irrevocable and unconditional license to exercise Affirmer's Copyright and
+Related Rights in the Work (i) in all territories worldwide, (ii) for the
+maximum duration provided by applicable law or treaty (including future
+time extensions), (iii) in any current or future medium and for any number
+of copies, and (iv) for any purpose whatsoever, including without
+limitation commercial, advertising or promotional purposes (the
+"License"). The License shall be deemed effective as of the date CC0 was
+applied by Affirmer to the Work. Should any part of the License for any
+reason be judged legally invalid or ineffective under applicable law, such
+partial invalidity or ineffectiveness shall not invalidate the remainder
+of the License, and in such case Affirmer hereby affirms that he or she
+will not (i) exercise any of his or her remaining Copyright and Related
+Rights in the Work or (ii) assert any associated claims and causes of
+action with respect to the Work, in either case contrary to Affirmer's
+express Statement of Purpose.
+
+4. Limitations and Disclaimers.
+
+ a. No trademark or patent rights held by Affirmer are waived, abandoned,
+ surrendered, licensed or otherwise affected by this document.
+ b. Affirmer offers the Work as-is and makes no representations or
+ warranties of any kind concerning the Work, express, implied,
+ statutory or otherwise, including without limitation warranties of
+ title, merchantability, fitness for a particular purpose, non
+ infringement, or the absence of latent or other defects, accuracy, or
+ the present or absence of errors, whether or not discoverable, all to
+ the greatest extent permissible under applicable law.
+ c. Affirmer disclaims responsibility for clearing rights of other persons
+ that may apply to the Work or any use thereof, including without
+ limitation any person's Copyright and Related Rights in the Work.
+ Further, Affirmer disclaims responsibility for obtaining any necessary
+ consents, permissions or other rights required for any use of the
+ Work.
+ d. Affirmer understands and acknowledges that Creative Commons is not a
+ party to this document and has no duty or obligation with respect to
+ this CC0 or use of the Work.
+
diff --git a/vendor/github.com/Yawning/chacha20/README.md b/vendor/github.com/Yawning/chacha20/README.md
new file mode 100644
index 0000000..9080a84
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/README.md
@@ -0,0 +1,14 @@
+### chacha20 - ChaCha20
+#### Yawning Angel (yawning at schwanenlied dot me)
+
+Yet another Go ChaCha20 implementation. Everything else I found was slow,
+didn't support all the variants I need to use, or relied on cgo to go fast.
+
+Features:
+
+ * 20 round, 256 bit key only. Everything else is pointless and stupid.
+ * IETF 96 bit nonce variant.
+ * XChaCha 24 byte nonce variant.
+ * SSE2 and AVX2 support on amd64 targets.
+ * Incremental encrypt/decrypt support, unlike golang.org/x/crypto/salsa20.
+
diff --git a/vendor/github.com/Yawning/chacha20/chacha20.go b/vendor/github.com/Yawning/chacha20/chacha20.go
new file mode 100644
index 0000000..07d5e4b
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/chacha20.go
@@ -0,0 +1,273 @@
+// chacha20.go - A ChaCha stream cipher implementation.
+//
+// To the extent possible under law, Yawning Angel has waived all copyright
+// and related or neighboring rights to chacha20, using the Creative
+// Commons "CC0" public domain dedication. See LICENSE or
+// for full details.
+
+package chacha20
+
+import (
+ "crypto/cipher"
+ "encoding/binary"
+ "errors"
+ "math"
+ "runtime"
+)
+
+const (
+ // KeySize is the ChaCha20 key size in bytes.
+ KeySize = 32
+
+ // NonceSize is the ChaCha20 nonce size in bytes.
+ NonceSize = 8
+
+ // INonceSize is the IETF ChaCha20 nonce size in bytes.
+ INonceSize = 12
+
+ // XNonceSize is the XChaCha20 nonce size in bytes.
+ XNonceSize = 24
+
+ // HNonceSize is the HChaCha20 nonce size in bytes.
+ HNonceSize = 16
+
+ // BlockSize is the ChaCha20 block size in bytes.
+ BlockSize = 64
+
+ stateSize = 16
+ chachaRounds = 20
+
+ // The constant "expand 32-byte k" as little endian uint32s.
+ sigma0 = uint32(0x61707865)
+ sigma1 = uint32(0x3320646e)
+ sigma2 = uint32(0x79622d32)
+ sigma3 = uint32(0x6b206574)
+)
+
+var (
+ // ErrInvalidKey is the error returned when the key is invalid.
+ ErrInvalidKey = errors.New("key length must be KeySize bytes")
+
+ // ErrInvalidNonce is the error returned when the nonce is invalid.
+ ErrInvalidNonce = errors.New("nonce length must be NonceSize/INonceSize/XNonceSize bytes")
+
+ // ErrInvalidCounter is the error returned when the counter is invalid.
+ ErrInvalidCounter = errors.New("block counter is invalid (out of range)")
+
+ useUnsafe = false
+ usingVectors = false
+ blocksFn = blocksRef
+)
+
+// A Cipher is an instance of ChaCha20/XChaCha20 using a particular key and
+// nonce.
+type Cipher struct {
+ state [stateSize]uint32
+
+ buf [BlockSize]byte
+ off int
+ ietf bool
+}
+
+// Reset zeros the key data so that it will no longer appear in the process's
+// memory.
+func (c *Cipher) Reset() {
+ for i := range c.state {
+ c.state[i] = 0
+ }
+ for i := range c.buf {
+ c.buf[i] = 0
+ }
+}
+
+// XORKeyStream sets dst to the result of XORing src with the key stream. Dst
+// and src may be the same slice but otherwise should not overlap.
+func (c *Cipher) XORKeyStream(dst, src []byte) {
+ if len(dst) < len(src) {
+ src = src[:len(dst)]
+ }
+
+ for remaining := len(src); remaining > 0; {
+ // Process multiple blocks at once.
+ if c.off == BlockSize {
+ nrBlocks := remaining / BlockSize
+ directBytes := nrBlocks * BlockSize
+ if nrBlocks > 0 {
+ blocksFn(&c.state, src, dst, nrBlocks, c.ietf)
+ remaining -= directBytes
+ if remaining == 0 {
+ return
+ }
+ dst = dst[directBytes:]
+ src = src[directBytes:]
+ }
+
+ // If there's a partial block, generate 1 block of keystream into
+ // the internal buffer.
+ blocksFn(&c.state, nil, c.buf[:], 1, c.ietf)
+ c.off = 0
+ }
+
+ // Process partial blocks from the buffered keystream.
+ toXor := BlockSize - c.off
+ if remaining < toXor {
+ toXor = remaining
+ }
+ if toXor > 0 {
+ for i, v := range src[:toXor] {
+ dst[i] = v ^ c.buf[c.off+i]
+ }
+ dst = dst[toXor:]
+ src = src[toXor:]
+
+ remaining -= toXor
+ c.off += toXor
+ }
+ }
+}
+
+// KeyStream sets dst to the raw keystream.
+func (c *Cipher) KeyStream(dst []byte) {
+ for remaining := len(dst); remaining > 0; {
+ // Process multiple blocks at once.
+ if c.off == BlockSize {
+ nrBlocks := remaining / BlockSize
+ directBytes := nrBlocks * BlockSize
+ if nrBlocks > 0 {
+ blocksFn(&c.state, nil, dst, nrBlocks, c.ietf)
+ remaining -= directBytes
+ if remaining == 0 {
+ return
+ }
+ dst = dst[directBytes:]
+ }
+
+ // If there's a partial block, generate 1 block of keystream into
+ // the internal buffer.
+ blocksFn(&c.state, nil, c.buf[:], 1, c.ietf)
+ c.off = 0
+ }
+
+ // Process partial blocks from the buffered keystream.
+ toCopy := BlockSize - c.off
+ if remaining < toCopy {
+ toCopy = remaining
+ }
+ if toCopy > 0 {
+ copy(dst[:toCopy], c.buf[c.off:c.off+toCopy])
+ dst = dst[toCopy:]
+ remaining -= toCopy
+ c.off += toCopy
+ }
+ }
+}
+
+// ReKey reinitializes the ChaCha20/XChaCha20 instance with the provided key
+// and nonce.
+func (c *Cipher) ReKey(key, nonce []byte) error {
+ if len(key) != KeySize {
+ return ErrInvalidKey
+ }
+
+ switch len(nonce) {
+ case NonceSize:
+ case INonceSize:
+ case XNonceSize:
+ var subkey [KeySize]byte
+ var subnonce [HNonceSize]byte
+ copy(subnonce[:], nonce[0:16])
+ HChaCha(key, &subnonce, &subkey)
+ key = subkey[:]
+ nonce = nonce[16:24]
+ defer func() {
+ for i := range subkey {
+ subkey[i] = 0
+ }
+ }()
+ default:
+ return ErrInvalidNonce
+ }
+
+ c.Reset()
+ c.state[0] = sigma0
+ c.state[1] = sigma1
+ c.state[2] = sigma2
+ c.state[3] = sigma3
+ c.state[4] = binary.LittleEndian.Uint32(key[0:4])
+ c.state[5] = binary.LittleEndian.Uint32(key[4:8])
+ c.state[6] = binary.LittleEndian.Uint32(key[8:12])
+ c.state[7] = binary.LittleEndian.Uint32(key[12:16])
+ c.state[8] = binary.LittleEndian.Uint32(key[16:20])
+ c.state[9] = binary.LittleEndian.Uint32(key[20:24])
+ c.state[10] = binary.LittleEndian.Uint32(key[24:28])
+ c.state[11] = binary.LittleEndian.Uint32(key[28:32])
+ c.state[12] = 0
+ if len(nonce) == INonceSize {
+ c.state[13] = binary.LittleEndian.Uint32(nonce[0:4])
+ c.state[14] = binary.LittleEndian.Uint32(nonce[4:8])
+ c.state[15] = binary.LittleEndian.Uint32(nonce[8:12])
+ c.ietf = true
+ } else {
+ c.state[13] = 0
+ c.state[14] = binary.LittleEndian.Uint32(nonce[0:4])
+ c.state[15] = binary.LittleEndian.Uint32(nonce[4:8])
+ c.ietf = false
+ }
+ c.off = BlockSize
+ return nil
+
+}
+
+// Seek sets the block counter to a given offset.
+func (c *Cipher) Seek(blockCounter uint64) error {
+ if c.ietf {
+ if blockCounter > math.MaxUint32 {
+ return ErrInvalidCounter
+ }
+ c.state[12] = uint32(blockCounter)
+ } else {
+ c.state[12] = uint32(blockCounter)
+ c.state[13] = uint32(blockCounter >> 32)
+ }
+ c.off = BlockSize
+ return nil
+}
+
+// NewCipher returns a new ChaCha20/XChaCha20 instance.
+func NewCipher(key, nonce []byte) (*Cipher, error) {
+ c := new(Cipher)
+ if err := c.ReKey(key, nonce); err != nil {
+ return nil, err
+ }
+ return c, nil
+}
+
+// HChaCha is the HChaCha20 hash function used to make XChaCha.
+func HChaCha(key []byte, nonce *[HNonceSize]byte, out *[32]byte) {
+ var x [stateSize]uint32 // Last 4 slots unused, sigma hardcoded.
+ x[0] = binary.LittleEndian.Uint32(key[0:4])
+ x[1] = binary.LittleEndian.Uint32(key[4:8])
+ x[2] = binary.LittleEndian.Uint32(key[8:12])
+ x[3] = binary.LittleEndian.Uint32(key[12:16])
+ x[4] = binary.LittleEndian.Uint32(key[16:20])
+ x[5] = binary.LittleEndian.Uint32(key[20:24])
+ x[6] = binary.LittleEndian.Uint32(key[24:28])
+ x[7] = binary.LittleEndian.Uint32(key[28:32])
+ x[8] = binary.LittleEndian.Uint32(nonce[0:4])
+ x[9] = binary.LittleEndian.Uint32(nonce[4:8])
+ x[10] = binary.LittleEndian.Uint32(nonce[8:12])
+ x[11] = binary.LittleEndian.Uint32(nonce[12:16])
+ hChaChaRef(&x, out)
+}
+
+func init() {
+ switch runtime.GOARCH {
+ case "386", "amd64":
+ // Abuse unsafe to skip calling binary.LittleEndian.PutUint32
+ // in the critical path. This is a big boost on systems that are
+ // little endian and not overly picky about alignment.
+ useUnsafe = true
+ }
+}
+
+var _ cipher.Stream = (*Cipher)(nil)
diff --git a/vendor/github.com/Yawning/chacha20/chacha20_amd64.go b/vendor/github.com/Yawning/chacha20/chacha20_amd64.go
new file mode 100644
index 0000000..05adad1
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/chacha20_amd64.go
@@ -0,0 +1,95 @@
+// chacha20_amd64.go - AMD64 optimized chacha20.
+//
+// To the extent possible under law, Yawning Angel has waived all copyright
+// and related or neighboring rights to chacha20, using the Creative
+// Commons "CC0" public domain dedication. See LICENSE or
+// for full details.
+
+// +build amd64,!gccgo,!appengine
+
+package chacha20
+
+import (
+ "math"
+)
+
+var usingAVX2 = false
+
+func blocksAmd64SSE2(x *uint32, inp, outp *byte, nrBlocks uint)
+
+func blocksAmd64AVX2(x *uint32, inp, outp *byte, nrBlocks uint)
+
+func cpuidAmd64(cpuidParams *uint32)
+
+func xgetbv0Amd64(xcrVec *uint32)
+
+func blocksAmd64(x *[stateSize]uint32, in []byte, out []byte, nrBlocks int, isIetf bool) {
+ // Probably unneeded, but stating this explicitly simplifies the assembly.
+ if nrBlocks == 0 {
+ return
+ }
+
+ if isIetf {
+ var totalBlocks uint64
+ totalBlocks = uint64(x[12]) + uint64(nrBlocks)
+ if totalBlocks > math.MaxUint32 {
+ panic("chacha20: Exceeded keystream per nonce limit")
+ }
+ }
+
+ if in == nil {
+ for i := range out {
+ out[i] = 0
+ }
+ in = out
+ }
+
+ // Pointless to call the AVX2 code for just a single block, since half of
+ // the output gets discarded...
+ if usingAVX2 && nrBlocks > 1 {
+ blocksAmd64AVX2(&x[0], &in[0], &out[0], uint(nrBlocks))
+ } else {
+ blocksAmd64SSE2(&x[0], &in[0], &out[0], uint(nrBlocks))
+ }
+}
+
+func supportsAVX2() bool {
+ // https://software.intel.com/en-us/articles/how-to-detect-new-instruction-support-in-the-4th-generation-intel-core-processor-family
+ const (
+ osXsaveBit = 1 << 27
+ avx2Bit = 1 << 5
+ )
+
+ // Check to see if CPUID actually supports the leaf that indicates AVX2.
+ // CPUID.(EAX=0H, ECX=0H) >= 7
+ regs := [4]uint32{0x00}
+ cpuidAmd64(®s[0])
+ if regs[0] < 7 {
+ return false
+ }
+
+ // Check to see if the OS knows how to save/restore XMM/YMM state.
+ // CPUID.(EAX=01H, ECX=0H):ECX.OSXSAVE[bit 27]==1
+ regs = [4]uint32{0x01}
+ cpuidAmd64(®s[0])
+ if regs[2]&osXsaveBit == 0 {
+ return false
+ }
+ xcrRegs := [2]uint32{}
+ xgetbv0Amd64(&xcrRegs[0])
+ if xcrRegs[0]&6 != 6 {
+ return false
+ }
+
+ // Check for AVX2 support.
+ // CPUID.(EAX=07H, ECX=0H):EBX.AVX2[bit 5]==1
+ regs = [4]uint32{0x07}
+ cpuidAmd64(®s[0])
+ return regs[1]&avx2Bit != 0
+}
+
+func init() {
+ blocksFn = blocksAmd64
+ usingVectors = true
+ usingAVX2 = supportsAVX2()
+}
diff --git a/vendor/github.com/Yawning/chacha20/chacha20_amd64.py b/vendor/github.com/Yawning/chacha20/chacha20_amd64.py
new file mode 100644
index 0000000..3bfebf4
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/chacha20_amd64.py
@@ -0,0 +1,1295 @@
+#!/usr/bin/env python3
+#
+# To the extent possible under law, Yawning Angel has waived all copyright
+# and related or neighboring rights to chacha20, using the Creative
+# Commons "CC0" public domain dedication. See LICENSE or
+# for full details.
+
+#
+# cgo sucks. Plan 9 assembly sucks. Real languages have SIMD intrinsics.
+# The least terrible/retarded option is to use a Python code generator, so
+# that's what I did.
+#
+# Code based on Ted Krovetz's vec128 C implementation, with corrections
+# to use a 64 bit counter instead of 32 bit, and to allow unaligned input and
+# output pointers.
+#
+# Dependencies: https://github.com/Maratyszcza/PeachPy
+#
+# python3 -m peachpy.x86_64 -mabi=goasm -S -o chacha20_amd64.s chacha20_amd64.py
+#
+
+from peachpy import *
+from peachpy.x86_64 import *
+
+x = Argument(ptr(uint32_t))
+inp = Argument(ptr(const_uint8_t))
+outp = Argument(ptr(uint8_t))
+nrBlocks = Argument(ptr(size_t))
+
+#
+# SSE2 helper functions. A temporary register is explicitly passed in because
+# the main fast loop uses every single register (and even spills) so manual
+# control is needed.
+#
+# This used to also have a DQROUNDS helper that did 2 rounds of ChaCha like
+# in the C code, but the C code has the luxury of an optimizer reordering
+# everything, while this does not.
+#
+
+def ROTW16_sse2(tmp, d):
+ MOVDQA(tmp, d)
+ PSLLD(tmp, 16)
+ PSRLD(d, 16)
+ PXOR(d, tmp)
+
+def ROTW12_sse2(tmp, b):
+ MOVDQA(tmp, b)
+ PSLLD(tmp, 12)
+ PSRLD(b, 20)
+ PXOR(b, tmp)
+
+def ROTW8_sse2(tmp, d):
+ MOVDQA(tmp, d)
+ PSLLD(tmp, 8)
+ PSRLD(d, 24)
+ PXOR(d, tmp)
+
+def ROTW7_sse2(tmp, b):
+ MOVDQA(tmp, b)
+ PSLLD(tmp, 7)
+ PSRLD(b, 25)
+ PXOR(b, tmp)
+
+def WriteXor_sse2(tmp, inp, outp, d, v0, v1, v2, v3):
+ MOVDQU(tmp, [inp+d])
+ PXOR(tmp, v0)
+ MOVDQU([outp+d], tmp)
+ MOVDQU(tmp, [inp+d+16])
+ PXOR(tmp, v1)
+ MOVDQU([outp+d+16], tmp)
+ MOVDQU(tmp, [inp+d+32])
+ PXOR(tmp, v2)
+ MOVDQU([outp+d+32], tmp)
+ MOVDQU(tmp, [inp+d+48])
+ PXOR(tmp, v3)
+ MOVDQU([outp+d+48], tmp)
+
+# SSE2 ChaCha20 (aka vec128). Does not handle partial blocks, and will
+# process 4/2/1 blocks at a time.
+with Function("blocksAmd64SSE2", (x, inp, outp, nrBlocks)):
+ reg_x = GeneralPurposeRegister64()
+ reg_inp = GeneralPurposeRegister64()
+ reg_outp = GeneralPurposeRegister64()
+ reg_blocks = GeneralPurposeRegister64()
+ reg_sp_save = GeneralPurposeRegister64()
+
+ LOAD.ARGUMENT(reg_x, x)
+ LOAD.ARGUMENT(reg_inp, inp)
+ LOAD.ARGUMENT(reg_outp, outp)
+ LOAD.ARGUMENT(reg_blocks, nrBlocks)
+
+ # Align the stack to a 32 byte boundary.
+ MOV(reg_sp_save, registers.rsp)
+ AND(registers.rsp, 0xffffffffffffffe0)
+ SUB(registers.rsp, 0x20)
+
+ # Build the counter increment vector on the stack, and allocate the scratch
+ # space
+ xmm_v0 = XMMRegister()
+ PXOR(xmm_v0, xmm_v0)
+ SUB(registers.rsp, 16+16)
+ MOVDQA([registers.rsp], xmm_v0)
+ reg_tmp = GeneralPurposeRegister32()
+ MOV(reg_tmp, 0x00000001)
+ MOV([registers.rsp], reg_tmp)
+ mem_one = [registers.rsp] # (Stack) Counter increment vector
+ mem_tmp0 = [registers.rsp+16] # (Stack) Scratch space.
+
+ mem_s0 = [reg_x] # (Memory) Cipher state [0..3]
+ mem_s1 = [reg_x+16] # (Memory) Cipher state [4..7]
+ mem_s2 = [reg_x+32] # (Memory) Cipher state [8..11]
+ mem_s3 = [reg_x+48] # (Memory) Cipher state [12..15]
+
+ # xmm_v0 allocated above...
+ xmm_v1 = XMMRegister()
+ xmm_v2 = XMMRegister()
+ xmm_v3 = XMMRegister()
+
+ xmm_v4 = XMMRegister()
+ xmm_v5 = XMMRegister()
+ xmm_v6 = XMMRegister()
+ xmm_v7 = XMMRegister()
+
+ xmm_v8 = XMMRegister()
+ xmm_v9 = XMMRegister()
+ xmm_v10 = XMMRegister()
+ xmm_v11 = XMMRegister()
+
+ xmm_v12 = XMMRegister()
+ xmm_v13 = XMMRegister()
+ xmm_v14 = XMMRegister()
+ xmm_v15 = XMMRegister()
+
+ xmm_tmp = xmm_v12
+
+ #
+ # 4 blocks at a time.
+ #
+
+ reg_rounds = GeneralPurposeRegister64()
+
+ vector_loop4 = Loop()
+ SUB(reg_blocks, 4)
+ JB(vector_loop4.end)
+ with vector_loop4:
+ MOVDQU(xmm_v0, mem_s0)
+ MOVDQU(xmm_v1, mem_s1)
+ MOVDQU(xmm_v2, mem_s2)
+ MOVDQU(xmm_v3, mem_s3)
+
+ MOVDQA(xmm_v4, xmm_v0)
+ MOVDQA(xmm_v5, xmm_v1)
+ MOVDQA(xmm_v6, xmm_v2)
+ MOVDQA(xmm_v7, xmm_v3)
+ PADDQ(xmm_v7, mem_one)
+
+ MOVDQA(xmm_v8, xmm_v0)
+ MOVDQA(xmm_v9, xmm_v1)
+ MOVDQA(xmm_v10, xmm_v2)
+ MOVDQA(xmm_v11, xmm_v7)
+ PADDQ(xmm_v11, mem_one)
+
+ MOVDQA(xmm_v12, xmm_v0)
+ MOVDQA(xmm_v13, xmm_v1)
+ MOVDQA(xmm_v14, xmm_v2)
+ MOVDQA(xmm_v15, xmm_v11)
+ PADDQ(xmm_v15, mem_one)
+
+ MOV(reg_rounds, 20)
+ rounds_loop4 = Loop()
+ with rounds_loop4:
+ # a += b; d ^= a; d = ROTW16(d);
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PADDD(xmm_v8, xmm_v9)
+ PADDD(xmm_v12, xmm_v13)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ PXOR(xmm_v11, xmm_v8)
+ PXOR(xmm_v15, xmm_v12)
+
+ MOVDQA(mem_tmp0, xmm_tmp) # Save
+
+ ROTW16_sse2(xmm_tmp, xmm_v3)
+ ROTW16_sse2(xmm_tmp, xmm_v7)
+ ROTW16_sse2(xmm_tmp, xmm_v11)
+ ROTW16_sse2(xmm_tmp, xmm_v15)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PADDD(xmm_v10, xmm_v11)
+ PADDD(xmm_v14, xmm_v15)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ PXOR(xmm_v9, xmm_v10)
+ PXOR(xmm_v13, xmm_v14)
+ ROTW12_sse2(xmm_tmp, xmm_v1)
+ ROTW12_sse2(xmm_tmp, xmm_v5)
+ ROTW12_sse2(xmm_tmp, xmm_v9)
+ ROTW12_sse2(xmm_tmp, xmm_v13)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ MOVDQA(xmm_tmp, mem_tmp0) # Restore
+
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PADDD(xmm_v8, xmm_v9)
+ PADDD(xmm_v12, xmm_v13)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ PXOR(xmm_v11, xmm_v8)
+ PXOR(xmm_v15, xmm_v12)
+
+ MOVDQA(mem_tmp0, xmm_tmp) # Save
+
+ ROTW8_sse2(xmm_tmp, xmm_v3)
+ ROTW8_sse2(xmm_tmp, xmm_v7)
+ ROTW8_sse2(xmm_tmp, xmm_v11)
+ ROTW8_sse2(xmm_tmp, xmm_v15)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PADDD(xmm_v10, xmm_v11)
+ PADDD(xmm_v14, xmm_v15)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ PXOR(xmm_v9, xmm_v10)
+ PXOR(xmm_v13, xmm_v14)
+ ROTW7_sse2(xmm_tmp, xmm_v1)
+ ROTW7_sse2(xmm_tmp, xmm_v5)
+ ROTW7_sse2(xmm_tmp, xmm_v9)
+ ROTW7_sse2(xmm_tmp, xmm_v13)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ PSHUFD(xmm_v1, xmm_v1, 0x39)
+ PSHUFD(xmm_v5, xmm_v5, 0x39)
+ PSHUFD(xmm_v9, xmm_v9, 0x39)
+ PSHUFD(xmm_v13, xmm_v13, 0x39)
+ PSHUFD(xmm_v2, xmm_v2, 0x4e)
+ PSHUFD(xmm_v6, xmm_v6, 0x4e)
+ PSHUFD(xmm_v10, xmm_v10, 0x4e)
+ PSHUFD(xmm_v14, xmm_v14, 0x4e)
+ PSHUFD(xmm_v3, xmm_v3, 0x93)
+ PSHUFD(xmm_v7, xmm_v7, 0x93)
+ PSHUFD(xmm_v11, xmm_v11, 0x93)
+ PSHUFD(xmm_v15, xmm_v15, 0x93)
+
+ MOVDQA(xmm_tmp, mem_tmp0) # Restore
+
+ # a += b; d ^= a; d = ROTW16(d);
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PADDD(xmm_v8, xmm_v9)
+ PADDD(xmm_v12, xmm_v13)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ PXOR(xmm_v11, xmm_v8)
+ PXOR(xmm_v15, xmm_v12)
+
+ MOVDQA(mem_tmp0, xmm_tmp) # Save
+
+ ROTW16_sse2(xmm_tmp, xmm_v3)
+ ROTW16_sse2(xmm_tmp, xmm_v7)
+ ROTW16_sse2(xmm_tmp, xmm_v11)
+ ROTW16_sse2(xmm_tmp, xmm_v15)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PADDD(xmm_v10, xmm_v11)
+ PADDD(xmm_v14, xmm_v15)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ PXOR(xmm_v9, xmm_v10)
+ PXOR(xmm_v13, xmm_v14)
+ ROTW12_sse2(xmm_tmp, xmm_v1)
+ ROTW12_sse2(xmm_tmp, xmm_v5)
+ ROTW12_sse2(xmm_tmp, xmm_v9)
+ ROTW12_sse2(xmm_tmp, xmm_v13)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ MOVDQA(xmm_tmp, mem_tmp0) # Restore
+
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PADDD(xmm_v8, xmm_v9)
+ PADDD(xmm_v12, xmm_v13)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ PXOR(xmm_v11, xmm_v8)
+ PXOR(xmm_v15, xmm_v12)
+
+ MOVDQA(mem_tmp0, xmm_tmp) # Save
+
+ ROTW8_sse2(xmm_tmp, xmm_v3)
+ ROTW8_sse2(xmm_tmp, xmm_v7)
+ ROTW8_sse2(xmm_tmp, xmm_v11)
+ ROTW8_sse2(xmm_tmp, xmm_v15)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PADDD(xmm_v10, xmm_v11)
+ PADDD(xmm_v14, xmm_v15)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ PXOR(xmm_v9, xmm_v10)
+ PXOR(xmm_v13, xmm_v14)
+ ROTW7_sse2(xmm_tmp, xmm_v1)
+ ROTW7_sse2(xmm_tmp, xmm_v5)
+ ROTW7_sse2(xmm_tmp, xmm_v9)
+ ROTW7_sse2(xmm_tmp, xmm_v13)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ PSHUFD(xmm_v1, xmm_v1, 0x93)
+ PSHUFD(xmm_v5, xmm_v5, 0x93)
+ PSHUFD(xmm_v9, xmm_v9, 0x93)
+ PSHUFD(xmm_v13, xmm_v13, 0x93)
+ PSHUFD(xmm_v2, xmm_v2, 0x4e)
+ PSHUFD(xmm_v6, xmm_v6, 0x4e)
+ PSHUFD(xmm_v10, xmm_v10, 0x4e)
+ PSHUFD(xmm_v14, xmm_v14, 0x4e)
+ PSHUFD(xmm_v3, xmm_v3, 0x39)
+ PSHUFD(xmm_v7, xmm_v7, 0x39)
+ PSHUFD(xmm_v11, xmm_v11, 0x39)
+ PSHUFD(xmm_v15, xmm_v15, 0x39)
+
+ MOVDQA(xmm_tmp, mem_tmp0) # Restore
+
+ SUB(reg_rounds, 2)
+ JNZ(rounds_loop4.begin)
+
+ MOVDQA(mem_tmp0, xmm_tmp)
+
+ PADDD(xmm_v0, mem_s0)
+ PADDD(xmm_v1, mem_s1)
+ PADDD(xmm_v2, mem_s2)
+ PADDD(xmm_v3, mem_s3)
+ WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 0, xmm_v0, xmm_v1, xmm_v2, xmm_v3)
+ MOVDQU(xmm_v3, mem_s3)
+ PADDQ(xmm_v3, mem_one)
+
+ PADDD(xmm_v4, mem_s0)
+ PADDD(xmm_v5, mem_s1)
+ PADDD(xmm_v6, mem_s2)
+ PADDD(xmm_v7, xmm_v3)
+ WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 64, xmm_v4, xmm_v5, xmm_v6, xmm_v7)
+ PADDQ(xmm_v3, mem_one)
+
+ PADDD(xmm_v8, mem_s0)
+ PADDD(xmm_v9, mem_s1)
+ PADDD(xmm_v10, mem_s2)
+ PADDD(xmm_v11, xmm_v3)
+ WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 128, xmm_v8, xmm_v9, xmm_v10, xmm_v11)
+ PADDQ(xmm_v3, mem_one)
+
+ MOVDQA(xmm_tmp, mem_tmp0)
+
+ PADDD(xmm_v12, mem_s0)
+ PADDD(xmm_v13, mem_s1)
+ PADDD(xmm_v14, mem_s2)
+ PADDD(xmm_v15, xmm_v3)
+ WriteXor_sse2(xmm_v0, reg_inp, reg_outp, 192, xmm_v12, xmm_v13, xmm_v14, xmm_v15)
+ PADDQ(xmm_v3, mem_one)
+
+ MOVDQU(mem_s3, xmm_v3)
+
+ ADD(reg_inp, 4 * 64)
+ ADD(reg_outp, 4 * 64)
+
+ SUB(reg_blocks, 4)
+ JAE(vector_loop4.begin)
+
+ ADD(reg_blocks, 4)
+ out = Label()
+ JZ(out)
+
+ # Past this point, we no longer need to use every single register to hold
+ # the in progress state.
+
+ xmm_s0 = xmm_v8
+ xmm_s1 = xmm_v9
+ xmm_s2 = xmm_v10
+ xmm_s3 = xmm_v11
+ xmm_one = xmm_v13
+ MOVDQU(xmm_s0, mem_s0)
+ MOVDQU(xmm_s1, mem_s1)
+ MOVDQU(xmm_s2, mem_s2)
+ MOVDQU(xmm_s3, mem_s3)
+ MOVDQA(xmm_one, mem_one)
+
+ #
+ # 2 blocks at a time.
+ #
+
+ process_1_block = Label()
+ SUB(reg_blocks, 2)
+ JB(process_1_block) # < 2 blocks remaining.
+
+ MOVDQA(xmm_v0, xmm_s0)
+ MOVDQA(xmm_v1, xmm_s1)
+ MOVDQA(xmm_v2, xmm_s2)
+ MOVDQA(xmm_v3, xmm_s3)
+
+ MOVDQA(xmm_v4, xmm_v0)
+ MOVDQA(xmm_v5, xmm_v1)
+ MOVDQA(xmm_v6, xmm_v2)
+ MOVDQA(xmm_v7, xmm_v3)
+ PADDQ(xmm_v7, xmm_one)
+
+ MOV(reg_rounds, 20)
+ rounds_loop2 = Loop()
+ with rounds_loop2:
+ # a += b; d ^= a; d = ROTW16(d);
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ ROTW16_sse2(xmm_tmp, xmm_v3)
+ ROTW16_sse2(xmm_tmp, xmm_v7)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ ROTW12_sse2(xmm_tmp, xmm_v1)
+ ROTW12_sse2(xmm_tmp, xmm_v5)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ ROTW8_sse2(xmm_tmp, xmm_v3)
+ ROTW8_sse2(xmm_tmp, xmm_v7)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ ROTW7_sse2(xmm_tmp, xmm_v1)
+ ROTW7_sse2(xmm_tmp, xmm_v5)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ PSHUFD(xmm_v1, xmm_v1, 0x39)
+ PSHUFD(xmm_v5, xmm_v5, 0x39)
+ PSHUFD(xmm_v2, xmm_v2, 0x4e)
+ PSHUFD(xmm_v6, xmm_v6, 0x4e)
+ PSHUFD(xmm_v3, xmm_v3, 0x93)
+ PSHUFD(xmm_v7, xmm_v7, 0x93)
+
+ # a += b; d ^= a; d = ROTW16(d);
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ ROTW16_sse2(xmm_tmp, xmm_v3)
+ ROTW16_sse2(xmm_tmp, xmm_v7)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ ROTW12_sse2(xmm_tmp, xmm_v1)
+ ROTW12_sse2(xmm_tmp, xmm_v5)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ PADDD(xmm_v0, xmm_v1)
+ PADDD(xmm_v4, xmm_v5)
+ PXOR(xmm_v3, xmm_v0)
+ PXOR(xmm_v7, xmm_v4)
+ ROTW8_sse2(xmm_tmp, xmm_v3)
+ ROTW8_sse2(xmm_tmp, xmm_v7)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ PADDD(xmm_v2, xmm_v3)
+ PADDD(xmm_v6, xmm_v7)
+ PXOR(xmm_v1, xmm_v2)
+ PXOR(xmm_v5, xmm_v6)
+ ROTW7_sse2(xmm_tmp, xmm_v1)
+ ROTW7_sse2(xmm_tmp, xmm_v5)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ PSHUFD(xmm_v1, xmm_v1, 0x93)
+ PSHUFD(xmm_v5, xmm_v5, 0x93)
+ PSHUFD(xmm_v2, xmm_v2, 0x4e)
+ PSHUFD(xmm_v6, xmm_v6, 0x4e)
+ PSHUFD(xmm_v3, xmm_v3, 0x39)
+ PSHUFD(xmm_v7, xmm_v7, 0x39)
+
+ SUB(reg_rounds, 2)
+ JNZ(rounds_loop2.begin)
+
+ PADDD(xmm_v0, xmm_s0)
+ PADDD(xmm_v1, xmm_s1)
+ PADDD(xmm_v2, xmm_s2)
+ PADDD(xmm_v3, xmm_s3)
+ WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 0, xmm_v0, xmm_v1, xmm_v2, xmm_v3)
+ PADDQ(xmm_s3, xmm_one)
+
+ PADDD(xmm_v4, xmm_s0)
+ PADDD(xmm_v5, xmm_s1)
+ PADDD(xmm_v6, xmm_s2)
+ PADDD(xmm_v7, xmm_s3)
+ WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 64, xmm_v4, xmm_v5, xmm_v6, xmm_v7)
+ PADDQ(xmm_s3, xmm_one)
+
+ ADD(reg_inp, 2 * 64)
+ ADD(reg_outp, 2 * 64)
+ SUB(reg_blocks, 2)
+
+ LABEL(process_1_block)
+ ADD(reg_blocks, 2)
+ out_serial = Label()
+ JZ(out_serial)
+
+ #
+ # 1 block at a time. Only executed once, because if there was > 1,
+ # the parallel code would have processed it already.
+ #
+
+ MOVDQA(xmm_v0, xmm_s0)
+ MOVDQA(xmm_v1, xmm_s1)
+ MOVDQA(xmm_v2, xmm_s2)
+ MOVDQA(xmm_v3, xmm_s3)
+
+ MOV(reg_rounds, 20)
+ rounds_loop1 = Loop()
+ with rounds_loop1:
+ # a += b; d ^= a; d = ROTW16(d);
+ PADDD(xmm_v0, xmm_v1)
+ PXOR(xmm_v3, xmm_v0)
+ ROTW16_sse2(xmm_tmp, xmm_v3)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ PADDD(xmm_v2, xmm_v3)
+ PXOR(xmm_v1, xmm_v2)
+ ROTW12_sse2(xmm_tmp, xmm_v1)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ PADDD(xmm_v0, xmm_v1)
+ PXOR(xmm_v3, xmm_v0)
+ ROTW8_sse2(xmm_tmp, xmm_v3)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ PADDD(xmm_v2, xmm_v3)
+ PXOR(xmm_v1, xmm_v2)
+ ROTW7_sse2(xmm_tmp, xmm_v1)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ PSHUFD(xmm_v1, xmm_v1, 0x39)
+ PSHUFD(xmm_v2, xmm_v2, 0x4e)
+ PSHUFD(xmm_v3, xmm_v3, 0x93)
+
+ # a += b; d ^= a; d = ROTW16(d);
+ PADDD(xmm_v0, xmm_v1)
+ PXOR(xmm_v3, xmm_v0)
+ ROTW16_sse2(xmm_tmp, xmm_v3)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ PADDD(xmm_v2, xmm_v3)
+ PXOR(xmm_v1, xmm_v2)
+ ROTW12_sse2(xmm_tmp, xmm_v1)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ PADDD(xmm_v0, xmm_v1)
+ PXOR(xmm_v3, xmm_v0)
+ ROTW8_sse2(xmm_tmp, xmm_v3)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ PADDD(xmm_v2, xmm_v3)
+ PXOR(xmm_v1, xmm_v2)
+ ROTW7_sse2(xmm_tmp, xmm_v1)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ PSHUFD(xmm_v1, xmm_v1, 0x93)
+ PSHUFD(xmm_v2, xmm_v2, 0x4e)
+ PSHUFD(xmm_v3, xmm_v3, 0x39)
+
+ SUB(reg_rounds, 2)
+ JNZ(rounds_loop1.begin)
+
+ PADDD(xmm_v0, xmm_s0)
+ PADDD(xmm_v1, xmm_s1)
+ PADDD(xmm_v2, xmm_s2)
+ PADDD(xmm_v3, xmm_s3)
+ WriteXor_sse2(xmm_tmp, reg_inp, reg_outp, 0, xmm_v0, xmm_v1, xmm_v2, xmm_v3)
+ PADDQ(xmm_s3, xmm_one)
+
+ LABEL(out_serial)
+
+ # Write back the updated counter. Stoping at 2^70 bytes is the user's
+ # problem, not mine. (Skipped if there's exactly a multiple of 4 blocks
+ # because the counter is incremented in memory while looping.)
+ MOVDQU(mem_s3, xmm_s3)
+
+ LABEL(out)
+
+ # Paranoia, cleanse the scratch space.
+ PXOR(xmm_v0, xmm_v0)
+ MOVDQA(mem_tmp0, xmm_v0)
+
+ # Remove our stack allocation.
+ MOV(registers.rsp, reg_sp_save)
+
+ RETURN()
+
+#
+# AVX2 helpers. Like the SSE2 equivalents, the scratch register is explicit,
+# and more helpers are used to increase readability for destructive operations.
+#
+# XXX/Performance: ROTW16_avx2/ROTW8_avx2 both can use VPSHUFFB.
+#
+
+def ADD_avx2(dst, src):
+ VPADDD(dst, dst, src)
+
+def XOR_avx2(dst, src):
+ VPXOR(dst, dst, src)
+
+def ROTW16_avx2(tmp, d):
+ VPSLLD(tmp, d, 16)
+ VPSRLD(d, d, 16)
+ XOR_avx2(d, tmp)
+
+def ROTW12_avx2(tmp, b):
+ VPSLLD(tmp, b, 12)
+ VPSRLD(b, b, 20)
+ XOR_avx2(b, tmp)
+
+def ROTW8_avx2(tmp, d):
+ VPSLLD(tmp, d, 8)
+ VPSRLD(d, d, 24)
+ XOR_avx2(d, tmp)
+
+def ROTW7_avx2(tmp, b):
+ VPSLLD(tmp, b, 7)
+ VPSRLD(b, b, 25)
+ XOR_avx2(b, tmp)
+
+def WriteXor_avx2(tmp, inp, outp, d, v0, v1, v2, v3):
+ # XOR_WRITE(out+ 0, in+ 0, _mm256_permute2x128_si256(v0,v1,0x20));
+ VPERM2I128(tmp, v0, v1, 0x20)
+ VPXOR(tmp, tmp, [inp+d])
+ VMOVDQU([outp+d], tmp)
+
+ # XOR_WRITE(out+32, in+32, _mm256_permute2x128_si256(v2,v3,0x20));
+ VPERM2I128(tmp, v2, v3, 0x20)
+ VPXOR(tmp, tmp, [inp+d+32])
+ VMOVDQU([outp+d+32], tmp)
+
+ # XOR_WRITE(out+64, in+64, _mm256_permute2x128_si256(v0,v1,0x31));
+ VPERM2I128(tmp, v0, v1, 0x31)
+ VPXOR(tmp, tmp, [inp+d+64])
+ VMOVDQU([outp+d+64], tmp)
+
+ # XOR_WRITE(out+96, in+96, _mm256_permute2x128_si256(v2,v3,0x31));
+ VPERM2I128(tmp, v2, v3, 0x31)
+ VPXOR(tmp, tmp, [inp+d+96])
+ VMOVDQU([outp+d+96], tmp)
+
+# AVX2 ChaCha20 (aka avx2). Does not handle partial blocks, will process
+# 8/4/2 blocks at a time.
+with Function("blocksAmd64AVX2", (x, inp, outp, nrBlocks), target=uarch.broadwell):
+ reg_x = GeneralPurposeRegister64()
+ reg_inp = GeneralPurposeRegister64()
+ reg_outp = GeneralPurposeRegister64()
+ reg_blocks = GeneralPurposeRegister64()
+ reg_sp_save = GeneralPurposeRegister64()
+
+ LOAD.ARGUMENT(reg_x, x)
+ LOAD.ARGUMENT(reg_inp, inp)
+ LOAD.ARGUMENT(reg_outp, outp)
+ LOAD.ARGUMENT(reg_blocks, nrBlocks)
+
+ # Align the stack to a 32 byte boundary.
+ MOV(reg_sp_save, registers.rsp)
+ AND(registers.rsp, 0xffffffffffffffe0)
+ SUB(registers.rsp, 0x20)
+
+ x_s0 = [reg_x] # (Memory) Cipher state [0..3]
+ x_s1 = [reg_x+16] # (Memory) Cipher state [4..7]
+ x_s2 = [reg_x+32] # (Memory) Cipher state [8..11]
+ x_s3 = [reg_x+48] # (Memory) Cipher state [12..15]
+
+ ymm_v0 = YMMRegister()
+ ymm_v1 = YMMRegister()
+ ymm_v2 = YMMRegister()
+ ymm_v3 = YMMRegister()
+
+ ymm_v4 = YMMRegister()
+ ymm_v5 = YMMRegister()
+ ymm_v6 = YMMRegister()
+ ymm_v7 = YMMRegister()
+
+ ymm_v8 = YMMRegister()
+ ymm_v9 = YMMRegister()
+ ymm_v10 = YMMRegister()
+ ymm_v11 = YMMRegister()
+
+ ymm_v12 = YMMRegister()
+ ymm_v13 = YMMRegister()
+ ymm_v14 = YMMRegister()
+ ymm_v15 = YMMRegister()
+
+ ymm_tmp0 = ymm_v12
+
+ # Allocate the neccecary stack space for the counter vector and two ymm
+ # registers that we will spill.
+ SUB(registers.rsp, 96)
+ mem_tmp0 = [registers.rsp+64] # (Stack) Scratch space.
+ mem_s3 = [registers.rsp+32] # (Stack) Working copy of s3. (8x)
+ mem_inc = [registers.rsp] # (Stack) Counter increment vector.
+
+ # Increment the counter for one side of the state vector.
+ VPXOR(ymm_tmp0, ymm_tmp0, ymm_tmp0)
+ VMOVDQU(mem_inc, ymm_tmp0)
+ reg_tmp = GeneralPurposeRegister32()
+ MOV(reg_tmp, 0x00000001)
+ MOV([registers.rsp+16], reg_tmp)
+ VBROADCASTI128(ymm_v3, x_s3)
+ VPADDQ(ymm_v3, ymm_v3, [registers.rsp])
+ VMOVDQA(mem_s3, ymm_v3)
+
+ # As we process 2xN blocks at a time, so the counter increment for both
+ # sides of the state vector is 2.
+ MOV(reg_tmp, 0x00000002)
+ MOV([registers.rsp], reg_tmp)
+ MOV([registers.rsp+16], reg_tmp)
+
+ out_write_even = Label()
+ out_write_odd = Label()
+
+ #
+ # 8 blocks at a time. Ted Krovetz's avx2 code does not do this, but it's
+ # a decent gain despite all the pain...
+ #
+
+ reg_rounds = GeneralPurposeRegister64()
+
+ vector_loop8 = Loop()
+ SUB(reg_blocks, 8)
+ JB(vector_loop8.end)
+ with vector_loop8:
+ VBROADCASTI128(ymm_v0, x_s0)
+ VBROADCASTI128(ymm_v1, x_s1)
+ VBROADCASTI128(ymm_v2, x_s2)
+ VMOVDQA(ymm_v3, mem_s3)
+
+ VMOVDQA(ymm_v4, ymm_v0)
+ VMOVDQA(ymm_v5, ymm_v1)
+ VMOVDQA(ymm_v6, ymm_v2)
+ VPADDQ(ymm_v7, ymm_v3, mem_inc)
+
+ VMOVDQA(ymm_v8, ymm_v0)
+ VMOVDQA(ymm_v9, ymm_v1)
+ VMOVDQA(ymm_v10, ymm_v2)
+ VPADDQ(ymm_v11, ymm_v7, mem_inc)
+
+ VMOVDQA(ymm_v12, ymm_v0)
+ VMOVDQA(ymm_v13, ymm_v1)
+ VMOVDQA(ymm_v14, ymm_v2)
+ VPADDQ(ymm_v15, ymm_v11, mem_inc)
+
+ MOV(reg_rounds, 20)
+ rounds_loop8 = Loop()
+ with rounds_loop8:
+ # a += b; d ^= a; d = ROTW16(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ ADD_avx2(ymm_v8, ymm_v9)
+ ADD_avx2(ymm_v12, ymm_v13)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ XOR_avx2(ymm_v11, ymm_v8)
+ XOR_avx2(ymm_v15, ymm_v12)
+
+ VMOVDQA(mem_tmp0, ymm_tmp0) # Save
+
+ ROTW16_avx2(ymm_tmp0, ymm_v3)
+ ROTW16_avx2(ymm_tmp0, ymm_v7)
+ ROTW16_avx2(ymm_tmp0, ymm_v11)
+ ROTW16_avx2(ymm_tmp0, ymm_v15)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ ADD_avx2(ymm_v10, ymm_v11)
+ ADD_avx2(ymm_v14, ymm_v15)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ XOR_avx2(ymm_v9, ymm_v10)
+ XOR_avx2(ymm_v13, ymm_v14)
+ ROTW12_avx2(ymm_tmp0, ymm_v1)
+ ROTW12_avx2(ymm_tmp0, ymm_v5)
+ ROTW12_avx2(ymm_tmp0, ymm_v9)
+ ROTW12_avx2(ymm_tmp0, ymm_v13)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ VMOVDQA(ymm_tmp0, mem_tmp0) # Restore
+
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ ADD_avx2(ymm_v8, ymm_v9)
+ ADD_avx2(ymm_v12, ymm_v13)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ XOR_avx2(ymm_v11, ymm_v8)
+ XOR_avx2(ymm_v15, ymm_v12)
+
+ VMOVDQA(mem_tmp0, ymm_tmp0) # Save
+
+ ROTW8_avx2(ymm_tmp0, ymm_v3)
+ ROTW8_avx2(ymm_tmp0, ymm_v7)
+ ROTW8_avx2(ymm_tmp0, ymm_v11)
+ ROTW8_avx2(ymm_tmp0, ymm_v15)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ ADD_avx2(ymm_v10, ymm_v11)
+ ADD_avx2(ymm_v14, ymm_v15)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ XOR_avx2(ymm_v9, ymm_v10)
+ XOR_avx2(ymm_v13, ymm_v14)
+ ROTW7_avx2(ymm_tmp0, ymm_v1)
+ ROTW7_avx2(ymm_tmp0, ymm_v5)
+ ROTW7_avx2(ymm_tmp0, ymm_v9)
+ ROTW7_avx2(ymm_tmp0, ymm_v13)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ VPSHUFD(ymm_v1, ymm_v1, 0x39)
+ VPSHUFD(ymm_v5, ymm_v5, 0x39)
+ VPSHUFD(ymm_v9, ymm_v9, 0x39)
+ VPSHUFD(ymm_v13, ymm_v13, 0x39)
+ VPSHUFD(ymm_v2, ymm_v2, 0x4e)
+ VPSHUFD(ymm_v6, ymm_v6, 0x4e)
+ VPSHUFD(ymm_v10, ymm_v10, 0x4e)
+ VPSHUFD(ymm_v14, ymm_v14, 0x4e)
+ VPSHUFD(ymm_v3, ymm_v3, 0x93)
+ VPSHUFD(ymm_v7, ymm_v7, 0x93)
+ VPSHUFD(ymm_v11, ymm_v11, 0x93)
+ VPSHUFD(ymm_v15, ymm_v15, 0x93)
+
+ # a += b; d ^= a; d = ROTW16(d);
+ VMOVDQA(ymm_tmp0, mem_tmp0) # Restore
+
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ ADD_avx2(ymm_v8, ymm_v9)
+ ADD_avx2(ymm_v12, ymm_v13)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ XOR_avx2(ymm_v11, ymm_v8)
+ XOR_avx2(ymm_v15, ymm_v12)
+
+ VMOVDQA(mem_tmp0, ymm_tmp0) # Save
+
+ ROTW16_avx2(ymm_tmp0, ymm_v3)
+ ROTW16_avx2(ymm_tmp0, ymm_v7)
+ ROTW16_avx2(ymm_tmp0, ymm_v11)
+ ROTW16_avx2(ymm_tmp0, ymm_v15)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ ADD_avx2(ymm_v10, ymm_v11)
+ ADD_avx2(ymm_v14, ymm_v15)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ XOR_avx2(ymm_v9, ymm_v10)
+ XOR_avx2(ymm_v13, ymm_v14)
+ ROTW12_avx2(ymm_tmp0, ymm_v1)
+ ROTW12_avx2(ymm_tmp0, ymm_v5)
+ ROTW12_avx2(ymm_tmp0, ymm_v9)
+ ROTW12_avx2(ymm_tmp0, ymm_v13)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ VMOVDQA(ymm_tmp0, mem_tmp0) # Restore
+
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ ADD_avx2(ymm_v8, ymm_v9)
+ ADD_avx2(ymm_v12, ymm_v13)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ XOR_avx2(ymm_v11, ymm_v8)
+ XOR_avx2(ymm_v15, ymm_v12)
+
+ VMOVDQA(mem_tmp0, ymm_tmp0) # Save
+
+ ROTW8_avx2(ymm_tmp0, ymm_v3)
+ ROTW8_avx2(ymm_tmp0, ymm_v7)
+ ROTW8_avx2(ymm_tmp0, ymm_v11)
+ ROTW8_avx2(ymm_tmp0, ymm_v15)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ ADD_avx2(ymm_v10, ymm_v11)
+ ADD_avx2(ymm_v14, ymm_v15)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ XOR_avx2(ymm_v9, ymm_v10)
+ XOR_avx2(ymm_v13, ymm_v14)
+ ROTW7_avx2(ymm_tmp0, ymm_v1)
+ ROTW7_avx2(ymm_tmp0, ymm_v5)
+ ROTW7_avx2(ymm_tmp0, ymm_v9)
+ ROTW7_avx2(ymm_tmp0, ymm_v13)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ VPSHUFD(ymm_v1, ymm_v1, 0x93)
+ VPSHUFD(ymm_v5, ymm_v5, 0x93)
+ VPSHUFD(ymm_v9, ymm_v9, 0x93)
+ VPSHUFD(ymm_v13, ymm_v13, 0x93)
+ VPSHUFD(ymm_v2, ymm_v2, 0x4e)
+ VPSHUFD(ymm_v6, ymm_v6, 0x4e)
+ VPSHUFD(ymm_v10, ymm_v10, 0x4e)
+ VPSHUFD(ymm_v14, ymm_v14, 0x4e)
+ VPSHUFD(ymm_v3, ymm_v3, 0x39)
+ VPSHUFD(ymm_v7, ymm_v7, 0x39)
+ VPSHUFD(ymm_v11, ymm_v11, 0x39)
+ VPSHUFD(ymm_v15, ymm_v15, 0x39)
+
+ VMOVDQA(ymm_tmp0, mem_tmp0) # Restore
+
+ SUB(reg_rounds, 2)
+ JNZ(rounds_loop8.begin)
+
+ # ymm_v12 is in mem_tmp0 and is current....
+
+ # XXX: I assume VBROADCASTI128 is about as fast as VMOVDQA....
+ VBROADCASTI128(ymm_tmp0, x_s0)
+ ADD_avx2(ymm_v0, ymm_tmp0)
+ ADD_avx2(ymm_v4, ymm_tmp0)
+ ADD_avx2(ymm_v8, ymm_tmp0)
+ ADD_avx2(ymm_tmp0, mem_tmp0)
+ VMOVDQA(mem_tmp0, ymm_tmp0)
+
+ VBROADCASTI128(ymm_tmp0, x_s1)
+ ADD_avx2(ymm_v1, ymm_tmp0)
+ ADD_avx2(ymm_v5, ymm_tmp0)
+ ADD_avx2(ymm_v9, ymm_tmp0)
+ ADD_avx2(ymm_v13, ymm_tmp0)
+
+ VBROADCASTI128(ymm_tmp0, x_s2)
+ ADD_avx2(ymm_v2, ymm_tmp0)
+ ADD_avx2(ymm_v6, ymm_tmp0)
+ ADD_avx2(ymm_v10, ymm_tmp0)
+ ADD_avx2(ymm_v14, ymm_tmp0)
+
+ ADD_avx2(ymm_v3, mem_s3)
+ WriteXor_avx2(ymm_tmp0, reg_inp, reg_outp, 0, ymm_v0, ymm_v1, ymm_v2, ymm_v3)
+ VMOVDQA(ymm_v3, mem_s3)
+ ADD_avx2(ymm_v3, mem_inc)
+
+ ADD_avx2(ymm_v7, ymm_v3)
+ WriteXor_avx2(ymm_tmp0, reg_inp, reg_outp, 128, ymm_v4, ymm_v5, ymm_v6, ymm_v7)
+ ADD_avx2(ymm_v3, mem_inc)
+
+ ADD_avx2(ymm_v11, ymm_v3)
+ WriteXor_avx2(ymm_tmp0, reg_inp, reg_outp, 256, ymm_v8, ymm_v9, ymm_v10, ymm_v11)
+ ADD_avx2(ymm_v3, mem_inc)
+
+ VMOVDQA(ymm_v12, mem_tmp0)
+ ADD_avx2(ymm_v15, ymm_v3)
+ WriteXor_avx2(ymm_v0, reg_inp, reg_outp, 384, ymm_v12, ymm_v13, ymm_v14, ymm_v15)
+ ADD_avx2(ymm_v3, mem_inc)
+
+ VMOVDQA(mem_s3, ymm_v3)
+
+ ADD(reg_inp, 8 * 64)
+ ADD(reg_outp, 8 * 64)
+
+ SUB(reg_blocks, 8)
+ JAE(vector_loop8.begin)
+
+ # ymm_v3 contains a current copy of mem_s3 either from when it was built,
+ # or because the loop updates it. Copy this before we mess with the block
+ # counter in case we need to write it back and return.
+ ymm_s3 = ymm_v11
+ VMOVDQA(ymm_s3, ymm_v3)
+
+ ADD(reg_blocks, 8)
+ JZ(out_write_even)
+
+ # We now actually can do everything in registers.
+ ymm_s0 = ymm_v8
+ VBROADCASTI128(ymm_s0, x_s0)
+ ymm_s1 = ymm_v9
+ VBROADCASTI128(ymm_s1, x_s1)
+ ymm_s2 = ymm_v10
+ VBROADCASTI128(ymm_s2, x_s2)
+ ymm_inc = ymm_v14
+ VMOVDQA(ymm_inc, mem_inc)
+
+ #
+ # 4 blocks at a time.
+ #
+
+ process_2_blocks = Label()
+ SUB(reg_blocks, 4)
+ JB(process_2_blocks) # < 4 blocks remaining.
+
+ VMOVDQA(ymm_v0, ymm_s0)
+ VMOVDQA(ymm_v1, ymm_s1)
+ VMOVDQA(ymm_v2, ymm_s2)
+ VMOVDQA(ymm_v3, ymm_s3)
+
+ VMOVDQA(ymm_v4, ymm_v0)
+ VMOVDQA(ymm_v5, ymm_v1)
+ VMOVDQA(ymm_v6, ymm_v2)
+ VPADDQ(ymm_v7, ymm_v3, ymm_inc)
+
+ MOV(reg_rounds, 20)
+ rounds_loop4 = Loop()
+ with rounds_loop4:
+ # a += b; d ^= a; d = ROTW16(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ ROTW16_avx2(ymm_tmp0, ymm_v3)
+ ROTW16_avx2(ymm_tmp0, ymm_v7)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ ROTW12_avx2(ymm_tmp0, ymm_v1)
+ ROTW12_avx2(ymm_tmp0, ymm_v5)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ ROTW8_avx2(ymm_tmp0, ymm_v3)
+ ROTW8_avx2(ymm_tmp0, ymm_v7)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ ROTW7_avx2(ymm_tmp0, ymm_v1)
+ ROTW7_avx2(ymm_tmp0, ymm_v5)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ VPSHUFD(ymm_v1, ymm_v1, 0x39)
+ VPSHUFD(ymm_v5, ymm_v5, 0x39)
+ VPSHUFD(ymm_v2, ymm_v2, 0x4e)
+ VPSHUFD(ymm_v6, ymm_v6, 0x4e)
+ VPSHUFD(ymm_v3, ymm_v3, 0x93)
+ VPSHUFD(ymm_v7, ymm_v7, 0x93)
+
+ # a += b; d ^= a; d = ROTW16(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ ROTW16_avx2(ymm_tmp0, ymm_v3)
+ ROTW16_avx2(ymm_tmp0, ymm_v7)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ ROTW12_avx2(ymm_tmp0, ymm_v1)
+ ROTW12_avx2(ymm_tmp0, ymm_v5)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ ADD_avx2(ymm_v4, ymm_v5)
+ XOR_avx2(ymm_v3, ymm_v0)
+ XOR_avx2(ymm_v7, ymm_v4)
+ ROTW8_avx2(ymm_tmp0, ymm_v3)
+ ROTW8_avx2(ymm_tmp0, ymm_v7)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ ADD_avx2(ymm_v2, ymm_v3)
+ ADD_avx2(ymm_v6, ymm_v7)
+ XOR_avx2(ymm_v1, ymm_v2)
+ XOR_avx2(ymm_v5, ymm_v6)
+ ROTW7_avx2(ymm_tmp0, ymm_v1)
+ ROTW7_avx2(ymm_tmp0, ymm_v5)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ VPSHUFD(ymm_v1, ymm_v1, 0x93)
+ VPSHUFD(ymm_v5, ymm_v5, 0x93)
+ VPSHUFD(ymm_v2, ymm_v2, 0x4e)
+ VPSHUFD(ymm_v6, ymm_v6, 0x4e)
+ VPSHUFD(ymm_v3, ymm_v3, 0x39)
+ VPSHUFD(ymm_v7, ymm_v7, 0x39)
+
+ SUB(reg_rounds, 2)
+ JNZ(rounds_loop4.begin)
+
+ ADD_avx2(ymm_v0, ymm_s0)
+ ADD_avx2(ymm_v1, ymm_s1)
+ ADD_avx2(ymm_v2, ymm_s2)
+ ADD_avx2(ymm_v3, ymm_s3)
+ WriteXor_avx2(ymm_tmp0, reg_inp, reg_outp, 0, ymm_v0, ymm_v1, ymm_v2, ymm_v3)
+ ADD_avx2(ymm_s3, ymm_inc)
+
+ ADD_avx2(ymm_v4, ymm_s0)
+ ADD_avx2(ymm_v5, ymm_s1)
+ ADD_avx2(ymm_v6, ymm_s2)
+ ADD_avx2(ymm_v7, ymm_s3)
+ WriteXor_avx2(ymm_tmp0, reg_inp, reg_outp, 128, ymm_v4, ymm_v5, ymm_v6, ymm_v7)
+ ADD_avx2(ymm_s3, ymm_inc)
+
+ ADD(reg_inp, 4 * 64)
+ ADD(reg_outp, 4 * 64)
+ SUB(reg_blocks, 4)
+
+ LABEL(process_2_blocks)
+ ADD(reg_blocks, 4)
+ JZ(out_write_even) # 0 blocks left.
+
+ #
+ # 2/1 blocks at a time. The two codepaths are unified because
+ # with AVX2 we do 2 blocks at a time anyway, and this only gets called
+ # if 3/2/1 blocks are remaining, so the extra branches don't hurt that
+ # much.
+ #
+
+ vector_loop2 = Loop()
+ with vector_loop2:
+ VMOVDQA(ymm_v0, ymm_s0)
+ VMOVDQA(ymm_v1, ymm_s1)
+ VMOVDQA(ymm_v2, ymm_s2)
+ VMOVDQA(ymm_v3, ymm_s3)
+
+ MOV(reg_rounds, 20)
+ rounds_loop2 = Loop()
+ with rounds_loop2:
+ # a += b; d ^= a; d = ROTW16(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ XOR_avx2(ymm_v3, ymm_v0)
+ ROTW16_avx2(ymm_tmp0, ymm_v3)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ ADD_avx2(ymm_v2, ymm_v3)
+ XOR_avx2(ymm_v1, ymm_v2)
+ ROTW12_avx2(ymm_tmp0, ymm_v1)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ XOR_avx2(ymm_v3, ymm_v0)
+ ROTW8_avx2(ymm_tmp0, ymm_v3)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ ADD_avx2(ymm_v2, ymm_v3)
+ XOR_avx2(ymm_v1, ymm_v2)
+ ROTW7_avx2(ymm_tmp0, ymm_v1)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ VPSHUFD(ymm_v1, ymm_v1, 0x39)
+ VPSHUFD(ymm_v2, ymm_v2, 0x4e)
+ VPSHUFD(ymm_v3, ymm_v3, 0x93)
+
+ # a += b; d ^= a; d = ROTW16(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ XOR_avx2(ymm_v3, ymm_v0)
+ ROTW16_avx2(ymm_tmp0, ymm_v3)
+
+ # c += d; b ^= c; b = ROTW12(b);
+ ADD_avx2(ymm_v2, ymm_v3)
+ XOR_avx2(ymm_v1, ymm_v2)
+ ROTW12_avx2(ymm_tmp0, ymm_v1)
+
+ # a += b; d ^= a; d = ROTW8(d);
+ ADD_avx2(ymm_v0, ymm_v1)
+ XOR_avx2(ymm_v3, ymm_v0)
+ ROTW8_avx2(ymm_tmp0, ymm_v3)
+
+ # c += d; b ^= c; b = ROTW7(b)
+ ADD_avx2(ymm_v2, ymm_v3)
+ XOR_avx2(ymm_v1, ymm_v2)
+ ROTW7_avx2(ymm_tmp0, ymm_v1)
+
+ # b = ROTV1(b); c = ROTV2(c); d = ROTV3(d);
+ VPSHUFD(ymm_v1, ymm_v1, 0x93)
+ VPSHUFD(ymm_v2, ymm_v2, 0x4e)
+ VPSHUFD(ymm_v3, ymm_v3, 0x39)
+
+ SUB(reg_rounds, 2)
+ JNZ(rounds_loop2.begin)
+
+ ADD_avx2(ymm_v0, ymm_s0)
+ ADD_avx2(ymm_v1, ymm_s1)
+ ADD_avx2(ymm_v2, ymm_s2)
+ ADD_avx2(ymm_v3, ymm_s3)
+
+ # XOR_WRITE(out+ 0, in+ 0, _mm256_permute2x128_si256(v0,v1,0x20));
+ VPERM2I128(ymm_tmp0, ymm_v0, ymm_v1, 0x20)
+ VPXOR(ymm_tmp0, ymm_tmp0, [reg_inp])
+ VMOVDQU([reg_outp], ymm_tmp0)
+
+ # XOR_WRITE(out+32, in+32, _mm256_permute2x128_si256(v2,v3,0x20));
+ VPERM2I128(ymm_tmp0, ymm_v2, ymm_v3, 0x20)
+ VPXOR(ymm_tmp0, ymm_tmp0, [reg_inp+32])
+ VMOVDQU([reg_outp+32], ymm_tmp0)
+
+ SUB(reg_blocks, 1)
+ JZ(out_write_odd)
+
+ ADD_avx2(ymm_s3, ymm_inc)
+
+ # XOR_WRITE(out+64, in+64, _mm256_permute2x128_si256(v0,v1,0x31));
+ VPERM2I128(ymm_tmp0, ymm_v0, ymm_v1, 0x31)
+ VPXOR(ymm_tmp0, ymm_tmp0, [reg_inp+64])
+ VMOVDQU([reg_outp+64], ymm_tmp0)
+
+ # XOR_WRITE(out+96, in+96, _mm256_permute2x128_si256(v2,v3,0x31));
+ VPERM2I128(ymm_tmp0, ymm_v2, ymm_v3, 0x31)
+ VPXOR(ymm_tmp0, ymm_tmp0, [reg_inp+96])
+ VMOVDQU([reg_outp+96], ymm_tmp0)
+
+ SUB(reg_blocks, 1)
+ JZ(out_write_even)
+
+ ADD(reg_inp, 2 * 64)
+ ADD(reg_outp, 2 * 64)
+ JMP(vector_loop2.begin)
+
+ LABEL(out_write_odd)
+ VPERM2I128(ymm_s3, ymm_s3, ymm_s3, 0x01) # Odd number of blocks.
+
+ LABEL(out_write_even)
+ VMOVDQU(x_s3, ymm_s3.as_xmm) # Write back ymm_s3 to x_v3
+
+ # Paranoia, cleanse the scratch space.
+ VPXOR(ymm_v0, ymm_v0, ymm_v0)
+ VMOVDQA(mem_tmp0, ymm_v0)
+ VMOVDQA(mem_s3, ymm_v0)
+
+ # Clear all YMM (and XMM) registers.
+ VZEROALL()
+
+ # Remove our stack allocation.
+ MOV(registers.rsp, reg_sp_save)
+
+ RETURN()
+
+#
+# CPUID
+#
+
+cpuidParams = Argument(ptr(uint32_t))
+
+with Function("cpuidAmd64", (cpuidParams,)):
+ reg_params = registers.r15
+ LOAD.ARGUMENT(reg_params, cpuidParams)
+
+ MOV(registers.eax, [reg_params])
+ MOV(registers.ecx, [reg_params+8])
+
+ CPUID()
+
+ MOV([reg_params], registers.eax)
+ MOV([reg_params+4], registers.ebx)
+ MOV([reg_params+8], registers.ecx)
+ MOV([reg_params+12], registers.edx)
+
+ RETURN()
+
+#
+# XGETBV (ECX = 0)
+#
+
+xcrVec = Argument(ptr(uint32_t))
+
+with Function("xgetbv0Amd64", (xcrVec,)):
+ reg_vec = GeneralPurposeRegister64()
+
+ LOAD.ARGUMENT(reg_vec, xcrVec)
+
+ XOR(registers.ecx, registers.ecx)
+
+ XGETBV()
+
+ MOV([reg_vec], registers.eax)
+ MOV([reg_vec+4], registers.edx)
+
+ RETURN()
diff --git a/vendor/github.com/Yawning/chacha20/chacha20_amd64.s b/vendor/github.com/Yawning/chacha20/chacha20_amd64.s
new file mode 100644
index 0000000..e3792af
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/chacha20_amd64.s
@@ -0,0 +1,1180 @@
+// +build !noasm
+// Generated by PeachPy 0.2.0 from chacha20_amd64.py
+
+
+// func blocksAmd64SSE2(x *uint32, inp *uint8, outp *uint8, nrBlocks *uint)
+TEXT ·blocksAmd64SSE2(SB),4,$0-32
+ MOVQ x+0(FP), AX
+ MOVQ inp+8(FP), BX
+ MOVQ outp+16(FP), CX
+ MOVQ nrBlocks+24(FP), DX
+ MOVQ SP, DI
+ ANDQ $18446744073709551584, SP
+ SUBQ $32, SP
+ PXOR X0, X0
+ SUBQ $32, SP
+ MOVO X0, 0(SP)
+ MOVL $1, SI
+ MOVL SI, 0(SP)
+ SUBQ $4, DX
+ JCS vector_loop4_end
+vector_loop4_begin:
+ MOVOU 0(AX), X0
+ MOVOU 16(AX), X1
+ MOVOU 32(AX), X2
+ MOVOU 48(AX), X3
+ MOVO X0, X4
+ MOVO X1, X5
+ MOVO X2, X6
+ MOVO X3, X7
+ PADDQ 0(SP), X7
+ MOVO X0, X8
+ MOVO X1, X9
+ MOVO X2, X10
+ MOVO X7, X11
+ PADDQ 0(SP), X11
+ MOVO X0, X12
+ MOVO X1, X13
+ MOVO X2, X14
+ MOVO X11, X15
+ PADDQ 0(SP), X15
+ MOVQ $20, SI
+rounds_loop4_begin:
+ PADDL X1, X0
+ PADDL X5, X4
+ PADDL X9, X8
+ PADDL X13, X12
+ PXOR X0, X3
+ PXOR X4, X7
+ PXOR X8, X11
+ PXOR X12, X15
+ MOVO X12, 16(SP)
+ MOVO X3, X12
+ PSLLL $16, X12
+ PSRLL $16, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $16, X12
+ PSRLL $16, X7
+ PXOR X12, X7
+ MOVO X11, X12
+ PSLLL $16, X12
+ PSRLL $16, X11
+ PXOR X12, X11
+ MOVO X15, X12
+ PSLLL $16, X12
+ PSRLL $16, X15
+ PXOR X12, X15
+ PADDL X3, X2
+ PADDL X7, X6
+ PADDL X11, X10
+ PADDL X15, X14
+ PXOR X2, X1
+ PXOR X6, X5
+ PXOR X10, X9
+ PXOR X14, X13
+ MOVO X1, X12
+ PSLLL $12, X12
+ PSRLL $20, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $12, X12
+ PSRLL $20, X5
+ PXOR X12, X5
+ MOVO X9, X12
+ PSLLL $12, X12
+ PSRLL $20, X9
+ PXOR X12, X9
+ MOVO X13, X12
+ PSLLL $12, X12
+ PSRLL $20, X13
+ PXOR X12, X13
+ MOVO 16(SP), X12
+ PADDL X1, X0
+ PADDL X5, X4
+ PADDL X9, X8
+ PADDL X13, X12
+ PXOR X0, X3
+ PXOR X4, X7
+ PXOR X8, X11
+ PXOR X12, X15
+ MOVO X12, 16(SP)
+ MOVO X3, X12
+ PSLLL $8, X12
+ PSRLL $24, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $8, X12
+ PSRLL $24, X7
+ PXOR X12, X7
+ MOVO X11, X12
+ PSLLL $8, X12
+ PSRLL $24, X11
+ PXOR X12, X11
+ MOVO X15, X12
+ PSLLL $8, X12
+ PSRLL $24, X15
+ PXOR X12, X15
+ PADDL X3, X2
+ PADDL X7, X6
+ PADDL X11, X10
+ PADDL X15, X14
+ PXOR X2, X1
+ PXOR X6, X5
+ PXOR X10, X9
+ PXOR X14, X13
+ MOVO X1, X12
+ PSLLL $7, X12
+ PSRLL $25, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $7, X12
+ PSRLL $25, X5
+ PXOR X12, X5
+ MOVO X9, X12
+ PSLLL $7, X12
+ PSRLL $25, X9
+ PXOR X12, X9
+ MOVO X13, X12
+ PSLLL $7, X12
+ PSRLL $25, X13
+ PXOR X12, X13
+ PSHUFL $57, X1, X1
+ PSHUFL $57, X5, X5
+ PSHUFL $57, X9, X9
+ PSHUFL $57, X13, X13
+ PSHUFL $78, X2, X2
+ PSHUFL $78, X6, X6
+ PSHUFL $78, X10, X10
+ PSHUFL $78, X14, X14
+ PSHUFL $147, X3, X3
+ PSHUFL $147, X7, X7
+ PSHUFL $147, X11, X11
+ PSHUFL $147, X15, X15
+ MOVO 16(SP), X12
+ PADDL X1, X0
+ PADDL X5, X4
+ PADDL X9, X8
+ PADDL X13, X12
+ PXOR X0, X3
+ PXOR X4, X7
+ PXOR X8, X11
+ PXOR X12, X15
+ MOVO X12, 16(SP)
+ MOVO X3, X12
+ PSLLL $16, X12
+ PSRLL $16, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $16, X12
+ PSRLL $16, X7
+ PXOR X12, X7
+ MOVO X11, X12
+ PSLLL $16, X12
+ PSRLL $16, X11
+ PXOR X12, X11
+ MOVO X15, X12
+ PSLLL $16, X12
+ PSRLL $16, X15
+ PXOR X12, X15
+ PADDL X3, X2
+ PADDL X7, X6
+ PADDL X11, X10
+ PADDL X15, X14
+ PXOR X2, X1
+ PXOR X6, X5
+ PXOR X10, X9
+ PXOR X14, X13
+ MOVO X1, X12
+ PSLLL $12, X12
+ PSRLL $20, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $12, X12
+ PSRLL $20, X5
+ PXOR X12, X5
+ MOVO X9, X12
+ PSLLL $12, X12
+ PSRLL $20, X9
+ PXOR X12, X9
+ MOVO X13, X12
+ PSLLL $12, X12
+ PSRLL $20, X13
+ PXOR X12, X13
+ MOVO 16(SP), X12
+ PADDL X1, X0
+ PADDL X5, X4
+ PADDL X9, X8
+ PADDL X13, X12
+ PXOR X0, X3
+ PXOR X4, X7
+ PXOR X8, X11
+ PXOR X12, X15
+ MOVO X12, 16(SP)
+ MOVO X3, X12
+ PSLLL $8, X12
+ PSRLL $24, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $8, X12
+ PSRLL $24, X7
+ PXOR X12, X7
+ MOVO X11, X12
+ PSLLL $8, X12
+ PSRLL $24, X11
+ PXOR X12, X11
+ MOVO X15, X12
+ PSLLL $8, X12
+ PSRLL $24, X15
+ PXOR X12, X15
+ PADDL X3, X2
+ PADDL X7, X6
+ PADDL X11, X10
+ PADDL X15, X14
+ PXOR X2, X1
+ PXOR X6, X5
+ PXOR X10, X9
+ PXOR X14, X13
+ MOVO X1, X12
+ PSLLL $7, X12
+ PSRLL $25, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $7, X12
+ PSRLL $25, X5
+ PXOR X12, X5
+ MOVO X9, X12
+ PSLLL $7, X12
+ PSRLL $25, X9
+ PXOR X12, X9
+ MOVO X13, X12
+ PSLLL $7, X12
+ PSRLL $25, X13
+ PXOR X12, X13
+ PSHUFL $147, X1, X1
+ PSHUFL $147, X5, X5
+ PSHUFL $147, X9, X9
+ PSHUFL $147, X13, X13
+ PSHUFL $78, X2, X2
+ PSHUFL $78, X6, X6
+ PSHUFL $78, X10, X10
+ PSHUFL $78, X14, X14
+ PSHUFL $57, X3, X3
+ PSHUFL $57, X7, X7
+ PSHUFL $57, X11, X11
+ PSHUFL $57, X15, X15
+ MOVO 16(SP), X12
+ SUBQ $2, SI
+ JNE rounds_loop4_begin
+ MOVO X12, 16(SP)
+ PADDL 0(AX), X0
+ PADDL 16(AX), X1
+ PADDL 32(AX), X2
+ PADDL 48(AX), X3
+ MOVOU 0(BX), X12
+ PXOR X0, X12
+ MOVOU X12, 0(CX)
+ MOVOU 16(BX), X12
+ PXOR X1, X12
+ MOVOU X12, 16(CX)
+ MOVOU 32(BX), X12
+ PXOR X2, X12
+ MOVOU X12, 32(CX)
+ MOVOU 48(BX), X12
+ PXOR X3, X12
+ MOVOU X12, 48(CX)
+ MOVOU 48(AX), X3
+ PADDQ 0(SP), X3
+ PADDL 0(AX), X4
+ PADDL 16(AX), X5
+ PADDL 32(AX), X6
+ PADDL X3, X7
+ MOVOU 64(BX), X12
+ PXOR X4, X12
+ MOVOU X12, 64(CX)
+ MOVOU 80(BX), X12
+ PXOR X5, X12
+ MOVOU X12, 80(CX)
+ MOVOU 96(BX), X12
+ PXOR X6, X12
+ MOVOU X12, 96(CX)
+ MOVOU 112(BX), X12
+ PXOR X7, X12
+ MOVOU X12, 112(CX)
+ PADDQ 0(SP), X3
+ PADDL 0(AX), X8
+ PADDL 16(AX), X9
+ PADDL 32(AX), X10
+ PADDL X3, X11
+ MOVOU 128(BX), X12
+ PXOR X8, X12
+ MOVOU X12, 128(CX)
+ MOVOU 144(BX), X12
+ PXOR X9, X12
+ MOVOU X12, 144(CX)
+ MOVOU 160(BX), X12
+ PXOR X10, X12
+ MOVOU X12, 160(CX)
+ MOVOU 176(BX), X12
+ PXOR X11, X12
+ MOVOU X12, 176(CX)
+ PADDQ 0(SP), X3
+ MOVO 16(SP), X12
+ PADDL 0(AX), X12
+ PADDL 16(AX), X13
+ PADDL 32(AX), X14
+ PADDL X3, X15
+ MOVOU 192(BX), X0
+ PXOR X12, X0
+ MOVOU X0, 192(CX)
+ MOVOU 208(BX), X0
+ PXOR X13, X0
+ MOVOU X0, 208(CX)
+ MOVOU 224(BX), X0
+ PXOR X14, X0
+ MOVOU X0, 224(CX)
+ MOVOU 240(BX), X0
+ PXOR X15, X0
+ MOVOU X0, 240(CX)
+ PADDQ 0(SP), X3
+ MOVOU X3, 48(AX)
+ ADDQ $256, BX
+ ADDQ $256, CX
+ SUBQ $4, DX
+ JCC vector_loop4_begin
+vector_loop4_end:
+ ADDQ $4, DX
+ JEQ out
+ MOVOU 0(AX), X8
+ MOVOU 16(AX), X9
+ MOVOU 32(AX), X10
+ MOVOU 48(AX), X11
+ MOVO 0(SP), X13
+ SUBQ $2, DX
+ JCS process_1_block
+ MOVO X8, X0
+ MOVO X9, X1
+ MOVO X10, X2
+ MOVO X11, X3
+ MOVO X0, X4
+ MOVO X1, X5
+ MOVO X2, X6
+ MOVO X3, X7
+ PADDQ X13, X7
+ MOVQ $20, SI
+rounds_loop2_begin:
+ PADDL X1, X0
+ PADDL X5, X4
+ PXOR X0, X3
+ PXOR X4, X7
+ MOVO X3, X12
+ PSLLL $16, X12
+ PSRLL $16, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $16, X12
+ PSRLL $16, X7
+ PXOR X12, X7
+ PADDL X3, X2
+ PADDL X7, X6
+ PXOR X2, X1
+ PXOR X6, X5
+ MOVO X1, X12
+ PSLLL $12, X12
+ PSRLL $20, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $12, X12
+ PSRLL $20, X5
+ PXOR X12, X5
+ PADDL X1, X0
+ PADDL X5, X4
+ PXOR X0, X3
+ PXOR X4, X7
+ MOVO X3, X12
+ PSLLL $8, X12
+ PSRLL $24, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $8, X12
+ PSRLL $24, X7
+ PXOR X12, X7
+ PADDL X3, X2
+ PADDL X7, X6
+ PXOR X2, X1
+ PXOR X6, X5
+ MOVO X1, X12
+ PSLLL $7, X12
+ PSRLL $25, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $7, X12
+ PSRLL $25, X5
+ PXOR X12, X5
+ PSHUFL $57, X1, X1
+ PSHUFL $57, X5, X5
+ PSHUFL $78, X2, X2
+ PSHUFL $78, X6, X6
+ PSHUFL $147, X3, X3
+ PSHUFL $147, X7, X7
+ PADDL X1, X0
+ PADDL X5, X4
+ PXOR X0, X3
+ PXOR X4, X7
+ MOVO X3, X12
+ PSLLL $16, X12
+ PSRLL $16, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $16, X12
+ PSRLL $16, X7
+ PXOR X12, X7
+ PADDL X3, X2
+ PADDL X7, X6
+ PXOR X2, X1
+ PXOR X6, X5
+ MOVO X1, X12
+ PSLLL $12, X12
+ PSRLL $20, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $12, X12
+ PSRLL $20, X5
+ PXOR X12, X5
+ PADDL X1, X0
+ PADDL X5, X4
+ PXOR X0, X3
+ PXOR X4, X7
+ MOVO X3, X12
+ PSLLL $8, X12
+ PSRLL $24, X3
+ PXOR X12, X3
+ MOVO X7, X12
+ PSLLL $8, X12
+ PSRLL $24, X7
+ PXOR X12, X7
+ PADDL X3, X2
+ PADDL X7, X6
+ PXOR X2, X1
+ PXOR X6, X5
+ MOVO X1, X12
+ PSLLL $7, X12
+ PSRLL $25, X1
+ PXOR X12, X1
+ MOVO X5, X12
+ PSLLL $7, X12
+ PSRLL $25, X5
+ PXOR X12, X5
+ PSHUFL $147, X1, X1
+ PSHUFL $147, X5, X5
+ PSHUFL $78, X2, X2
+ PSHUFL $78, X6, X6
+ PSHUFL $57, X3, X3
+ PSHUFL $57, X7, X7
+ SUBQ $2, SI
+ JNE rounds_loop2_begin
+ PADDL X8, X0
+ PADDL X9, X1
+ PADDL X10, X2
+ PADDL X11, X3
+ MOVOU 0(BX), X12
+ PXOR X0, X12
+ MOVOU X12, 0(CX)
+ MOVOU 16(BX), X12
+ PXOR X1, X12
+ MOVOU X12, 16(CX)
+ MOVOU 32(BX), X12
+ PXOR X2, X12
+ MOVOU X12, 32(CX)
+ MOVOU 48(BX), X12
+ PXOR X3, X12
+ MOVOU X12, 48(CX)
+ PADDQ X13, X11
+ PADDL X8, X4
+ PADDL X9, X5
+ PADDL X10, X6
+ PADDL X11, X7
+ MOVOU 64(BX), X12
+ PXOR X4, X12
+ MOVOU X12, 64(CX)
+ MOVOU 80(BX), X12
+ PXOR X5, X12
+ MOVOU X12, 80(CX)
+ MOVOU 96(BX), X12
+ PXOR X6, X12
+ MOVOU X12, 96(CX)
+ MOVOU 112(BX), X12
+ PXOR X7, X12
+ MOVOU X12, 112(CX)
+ PADDQ X13, X11
+ ADDQ $128, BX
+ ADDQ $128, CX
+ SUBQ $2, DX
+process_1_block:
+ ADDQ $2, DX
+ JEQ out_serial
+ MOVO X8, X0
+ MOVO X9, X1
+ MOVO X10, X2
+ MOVO X11, X3
+ MOVQ $20, SI
+rounds_loop1_begin:
+ PADDL X1, X0
+ PXOR X0, X3
+ MOVO X3, X12
+ PSLLL $16, X12
+ PSRLL $16, X3
+ PXOR X12, X3
+ PADDL X3, X2
+ PXOR X2, X1
+ MOVO X1, X12
+ PSLLL $12, X12
+ PSRLL $20, X1
+ PXOR X12, X1
+ PADDL X1, X0
+ PXOR X0, X3
+ MOVO X3, X12
+ PSLLL $8, X12
+ PSRLL $24, X3
+ PXOR X12, X3
+ PADDL X3, X2
+ PXOR X2, X1
+ MOVO X1, X12
+ PSLLL $7, X12
+ PSRLL $25, X1
+ PXOR X12, X1
+ PSHUFL $57, X1, X1
+ PSHUFL $78, X2, X2
+ PSHUFL $147, X3, X3
+ PADDL X1, X0
+ PXOR X0, X3
+ MOVO X3, X12
+ PSLLL $16, X12
+ PSRLL $16, X3
+ PXOR X12, X3
+ PADDL X3, X2
+ PXOR X2, X1
+ MOVO X1, X12
+ PSLLL $12, X12
+ PSRLL $20, X1
+ PXOR X12, X1
+ PADDL X1, X0
+ PXOR X0, X3
+ MOVO X3, X12
+ PSLLL $8, X12
+ PSRLL $24, X3
+ PXOR X12, X3
+ PADDL X3, X2
+ PXOR X2, X1
+ MOVO X1, X12
+ PSLLL $7, X12
+ PSRLL $25, X1
+ PXOR X12, X1
+ PSHUFL $147, X1, X1
+ PSHUFL $78, X2, X2
+ PSHUFL $57, X3, X3
+ SUBQ $2, SI
+ JNE rounds_loop1_begin
+ PADDL X8, X0
+ PADDL X9, X1
+ PADDL X10, X2
+ PADDL X11, X3
+ MOVOU 0(BX), X12
+ PXOR X0, X12
+ MOVOU X12, 0(CX)
+ MOVOU 16(BX), X12
+ PXOR X1, X12
+ MOVOU X12, 16(CX)
+ MOVOU 32(BX), X12
+ PXOR X2, X12
+ MOVOU X12, 32(CX)
+ MOVOU 48(BX), X12
+ PXOR X3, X12
+ MOVOU X12, 48(CX)
+ PADDQ X13, X11
+out_serial:
+ MOVOU X11, 48(AX)
+out:
+ PXOR X0, X0
+ MOVO X0, 16(SP)
+ MOVQ DI, SP
+ RET
+
+// func blocksAmd64AVX2(x *uint32, inp *uint8, outp *uint8, nrBlocks *uint)
+TEXT ·blocksAmd64AVX2(SB),4,$0-32
+ MOVQ x+0(FP), AX
+ MOVQ inp+8(FP), BX
+ MOVQ outp+16(FP), CX
+ MOVQ nrBlocks+24(FP), DX
+ MOVQ SP, DI
+ ANDQ $18446744073709551584, SP
+ SUBQ $32, SP
+ SUBQ $96, SP
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm0, ymm0, ymm0
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x04; BYTE $0x24 // VMOVDQU [rsp], ymm0
+ MOVL $1, SI
+ MOVL SI, 16(SP)
+ BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x48; BYTE $0x30 // VBROADCASTI128 ymm1, [rax + 48]
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xD4; BYTE $0x0C; BYTE $0x24 // VPADDQ ymm1, ymm1, [rsp]
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x4C; BYTE $0x24; BYTE $0x20 // VMOVDQA [rsp + 32], ymm1
+ MOVL $2, SI
+ MOVL SI, 0(SP)
+ MOVL SI, 16(SP)
+ SUBQ $8, DX
+ JCS vector_loop8_end
+vector_loop8_begin:
+ BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x10 // VBROADCASTI128 ymm2, [rax]
+ BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x58; BYTE $0x10 // VBROADCASTI128 ymm3, [rax + 16]
+ BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x60; BYTE $0x20 // VBROADCASTI128 ymm4, [rax + 32]
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x4C; BYTE $0x24; BYTE $0x20 // VMOVDQA ymm1, [rsp + 32]
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xEA // VMOVDQA ymm5, ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xF3 // VMOVDQA ymm6, ymm3
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xFC // VMOVDQA ymm7, ymm4
+ BYTE $0xC5; BYTE $0x75; BYTE $0xD4; BYTE $0x04; BYTE $0x24 // VPADDQ ymm8, ymm1, [rsp]
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xCA // VMOVDQA ymm9, ymm2
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xD3 // VMOVDQA ymm10, ymm3
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xDC // VMOVDQA ymm11, ymm4
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xD4; BYTE $0x24; BYTE $0x24 // VPADDQ ymm12, ymm8, [rsp]
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xC2 // VMOVDQA ymm0, ymm2
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xEB // VMOVDQA ymm13, ymm3
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xF4 // VMOVDQA ymm14, ymm4
+ BYTE $0xC5; BYTE $0x1D; BYTE $0xD4; BYTE $0x3C; BYTE $0x24 // VPADDQ ymm15, ymm12, [rsp]
+ MOVQ $20, SI
+rounds_loop8_begin:
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC4; BYTE $0x41; BYTE $0x35; BYTE $0xFE; BYTE $0xCA // VPADDD ymm9, ymm9, ymm10
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0xFE; BYTE $0xC5 // VPADDD ymm0, ymm0, ymm13
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xEF; BYTE $0xE1 // VPXOR ymm12, ymm12, ymm9
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x10 // VPSLLD ymm0, ymm8, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x10 // VPSRLD ymm8, ymm8, 16
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF4; BYTE $0x10 // VPSLLD ymm0, ymm12, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x1D; BYTE $0x72; BYTE $0xD4; BYTE $0x10 // VPSRLD ymm12, ymm12, 16
+ BYTE $0xC5; BYTE $0x1D; BYTE $0xEF; BYTE $0xE0 // VPXOR ymm12, ymm12, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF7; BYTE $0x10 // VPSLLD ymm0, ymm15, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x05; BYTE $0x72; BYTE $0xD7; BYTE $0x10 // VPSRLD ymm15, ymm15, 16
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC4; BYTE $0x41; BYTE $0x25; BYTE $0xFE; BYTE $0xDC // VPADDD ymm11, ymm11, ymm12
+ BYTE $0xC4; BYTE $0x41; BYTE $0x0D; BYTE $0xFE; BYTE $0xF7 // VPADDD ymm14, ymm14, ymm15
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC4; BYTE $0x41; BYTE $0x2D; BYTE $0xEF; BYTE $0xD3 // VPXOR ymm10, ymm10, ymm11
+ BYTE $0xC4; BYTE $0x41; BYTE $0x15; BYTE $0xEF; BYTE $0xEE // VPXOR ymm13, ymm13, ymm14
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x0C // VPSLLD ymm0, ymm6, 12
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x14 // VPSRLD ymm6, ymm6, 20
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF2; BYTE $0x0C // VPSLLD ymm0, ymm10, 12
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x2D; BYTE $0x72; BYTE $0xD2; BYTE $0x14 // VPSRLD ymm10, ymm10, 20
+ BYTE $0xC5; BYTE $0x2D; BYTE $0xEF; BYTE $0xD0 // VPXOR ymm10, ymm10, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF5; BYTE $0x0C // VPSLLD ymm0, ymm13, 12
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x15; BYTE $0x72; BYTE $0xD5; BYTE $0x14 // VPSRLD ymm13, ymm13, 20
+ BYTE $0xC5; BYTE $0x15; BYTE $0xEF; BYTE $0xE8 // VPXOR ymm13, ymm13, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA ymm0, [rsp + 64]
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC4; BYTE $0x41; BYTE $0x35; BYTE $0xFE; BYTE $0xCA // VPADDD ymm9, ymm9, ymm10
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0xFE; BYTE $0xC5 // VPADDD ymm0, ymm0, ymm13
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xEF; BYTE $0xE1 // VPXOR ymm12, ymm12, ymm9
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x08 // VPSLLD ymm0, ymm8, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x18 // VPSRLD ymm8, ymm8, 24
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF4; BYTE $0x08 // VPSLLD ymm0, ymm12, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x1D; BYTE $0x72; BYTE $0xD4; BYTE $0x18 // VPSRLD ymm12, ymm12, 24
+ BYTE $0xC5; BYTE $0x1D; BYTE $0xEF; BYTE $0xE0 // VPXOR ymm12, ymm12, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF7; BYTE $0x08 // VPSLLD ymm0, ymm15, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x05; BYTE $0x72; BYTE $0xD7; BYTE $0x18 // VPSRLD ymm15, ymm15, 24
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC4; BYTE $0x41; BYTE $0x25; BYTE $0xFE; BYTE $0xDC // VPADDD ymm11, ymm11, ymm12
+ BYTE $0xC4; BYTE $0x41; BYTE $0x0D; BYTE $0xFE; BYTE $0xF7 // VPADDD ymm14, ymm14, ymm15
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC4; BYTE $0x41; BYTE $0x2D; BYTE $0xEF; BYTE $0xD3 // VPXOR ymm10, ymm10, ymm11
+ BYTE $0xC4; BYTE $0x41; BYTE $0x15; BYTE $0xEF; BYTE $0xEE // VPXOR ymm13, ymm13, ymm14
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x07 // VPSLLD ymm0, ymm6, 7
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x19 // VPSRLD ymm6, ymm6, 25
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF2; BYTE $0x07 // VPSLLD ymm0, ymm10, 7
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x2D; BYTE $0x72; BYTE $0xD2; BYTE $0x19 // VPSRLD ymm10, ymm10, 25
+ BYTE $0xC5; BYTE $0x2D; BYTE $0xEF; BYTE $0xD0 // VPXOR ymm10, ymm10, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF5; BYTE $0x07 // VPSLLD ymm0, ymm13, 7
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x15; BYTE $0x72; BYTE $0xD5; BYTE $0x19 // VPSRLD ymm13, ymm13, 25
+ BYTE $0xC5; BYTE $0x15; BYTE $0xEF; BYTE $0xE8 // VPXOR ymm13, ymm13, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x39 // VPSHUFD ymm3, ymm3, 57
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xF6; BYTE $0x39 // VPSHUFD ymm6, ymm6, 57
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xD2; BYTE $0x39 // VPSHUFD ymm10, ymm10, 57
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xED; BYTE $0x39 // VPSHUFD ymm13, ymm13, 57
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xFF; BYTE $0x4E // VPSHUFD ymm7, ymm7, 78
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xDB; BYTE $0x4E // VPSHUFD ymm11, ymm11, 78
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xF6; BYTE $0x4E // VPSHUFD ymm14, ymm14, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x93 // VPSHUFD ymm1, ymm1, 147
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xC0; BYTE $0x93 // VPSHUFD ymm8, ymm8, 147
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xE4; BYTE $0x93 // VPSHUFD ymm12, ymm12, 147
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xFF; BYTE $0x93 // VPSHUFD ymm15, ymm15, 147
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA ymm0, [rsp + 64]
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC4; BYTE $0x41; BYTE $0x35; BYTE $0xFE; BYTE $0xCA // VPADDD ymm9, ymm9, ymm10
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0xFE; BYTE $0xC5 // VPADDD ymm0, ymm0, ymm13
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xEF; BYTE $0xE1 // VPXOR ymm12, ymm12, ymm9
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x10 // VPSLLD ymm0, ymm8, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x10 // VPSRLD ymm8, ymm8, 16
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF4; BYTE $0x10 // VPSLLD ymm0, ymm12, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x1D; BYTE $0x72; BYTE $0xD4; BYTE $0x10 // VPSRLD ymm12, ymm12, 16
+ BYTE $0xC5; BYTE $0x1D; BYTE $0xEF; BYTE $0xE0 // VPXOR ymm12, ymm12, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF7; BYTE $0x10 // VPSLLD ymm0, ymm15, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x05; BYTE $0x72; BYTE $0xD7; BYTE $0x10 // VPSRLD ymm15, ymm15, 16
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC4; BYTE $0x41; BYTE $0x25; BYTE $0xFE; BYTE $0xDC // VPADDD ymm11, ymm11, ymm12
+ BYTE $0xC4; BYTE $0x41; BYTE $0x0D; BYTE $0xFE; BYTE $0xF7 // VPADDD ymm14, ymm14, ymm15
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC4; BYTE $0x41; BYTE $0x2D; BYTE $0xEF; BYTE $0xD3 // VPXOR ymm10, ymm10, ymm11
+ BYTE $0xC4; BYTE $0x41; BYTE $0x15; BYTE $0xEF; BYTE $0xEE // VPXOR ymm13, ymm13, ymm14
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x0C // VPSLLD ymm0, ymm6, 12
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x14 // VPSRLD ymm6, ymm6, 20
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF2; BYTE $0x0C // VPSLLD ymm0, ymm10, 12
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x2D; BYTE $0x72; BYTE $0xD2; BYTE $0x14 // VPSRLD ymm10, ymm10, 20
+ BYTE $0xC5; BYTE $0x2D; BYTE $0xEF; BYTE $0xD0 // VPXOR ymm10, ymm10, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF5; BYTE $0x0C // VPSLLD ymm0, ymm13, 12
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x15; BYTE $0x72; BYTE $0xD5; BYTE $0x14 // VPSRLD ymm13, ymm13, 20
+ BYTE $0xC5; BYTE $0x15; BYTE $0xEF; BYTE $0xE8 // VPXOR ymm13, ymm13, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA ymm0, [rsp + 64]
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC4; BYTE $0x41; BYTE $0x35; BYTE $0xFE; BYTE $0xCA // VPADDD ymm9, ymm9, ymm10
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0xFE; BYTE $0xC5 // VPADDD ymm0, ymm0, ymm13
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xEF; BYTE $0xE1 // VPXOR ymm12, ymm12, ymm9
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x08 // VPSLLD ymm0, ymm8, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x18 // VPSRLD ymm8, ymm8, 24
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF4; BYTE $0x08 // VPSLLD ymm0, ymm12, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x1D; BYTE $0x72; BYTE $0xD4; BYTE $0x18 // VPSRLD ymm12, ymm12, 24
+ BYTE $0xC5; BYTE $0x1D; BYTE $0xEF; BYTE $0xE0 // VPXOR ymm12, ymm12, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF7; BYTE $0x08 // VPSLLD ymm0, ymm15, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x05; BYTE $0x72; BYTE $0xD7; BYTE $0x18 // VPSRLD ymm15, ymm15, 24
+ BYTE $0xC5; BYTE $0x05; BYTE $0xEF; BYTE $0xF8 // VPXOR ymm15, ymm15, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC4; BYTE $0x41; BYTE $0x25; BYTE $0xFE; BYTE $0xDC // VPADDD ymm11, ymm11, ymm12
+ BYTE $0xC4; BYTE $0x41; BYTE $0x0D; BYTE $0xFE; BYTE $0xF7 // VPADDD ymm14, ymm14, ymm15
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC4; BYTE $0x41; BYTE $0x2D; BYTE $0xEF; BYTE $0xD3 // VPXOR ymm10, ymm10, ymm11
+ BYTE $0xC4; BYTE $0x41; BYTE $0x15; BYTE $0xEF; BYTE $0xEE // VPXOR ymm13, ymm13, ymm14
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x07 // VPSLLD ymm0, ymm6, 7
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x19 // VPSRLD ymm6, ymm6, 25
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF2; BYTE $0x07 // VPSLLD ymm0, ymm10, 7
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x2D; BYTE $0x72; BYTE $0xD2; BYTE $0x19 // VPSRLD ymm10, ymm10, 25
+ BYTE $0xC5; BYTE $0x2D; BYTE $0xEF; BYTE $0xD0 // VPXOR ymm10, ymm10, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF5; BYTE $0x07 // VPSLLD ymm0, ymm13, 7
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x15; BYTE $0x72; BYTE $0xD5; BYTE $0x19 // VPSRLD ymm13, ymm13, 25
+ BYTE $0xC5; BYTE $0x15; BYTE $0xEF; BYTE $0xE8 // VPXOR ymm13, ymm13, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x93 // VPSHUFD ymm3, ymm3, 147
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xF6; BYTE $0x93 // VPSHUFD ymm6, ymm6, 147
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xD2; BYTE $0x93 // VPSHUFD ymm10, ymm10, 147
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xED; BYTE $0x93 // VPSHUFD ymm13, ymm13, 147
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xFF; BYTE $0x4E // VPSHUFD ymm7, ymm7, 78
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xDB; BYTE $0x4E // VPSHUFD ymm11, ymm11, 78
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xF6; BYTE $0x4E // VPSHUFD ymm14, ymm14, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x39 // VPSHUFD ymm1, ymm1, 57
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xC0; BYTE $0x39 // VPSHUFD ymm8, ymm8, 57
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xE4; BYTE $0x39 // VPSHUFD ymm12, ymm12, 57
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xFF; BYTE $0x39 // VPSHUFD ymm15, ymm15, 57
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA ymm0, [rsp + 64]
+ SUBQ $2, SI
+ JNE rounds_loop8_begin
+ BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x00 // VBROADCASTI128 ymm0, [rax]
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD0 // VPADDD ymm2, ymm2, ymm0
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xE8 // VPADDD ymm5, ymm5, ymm0
+ BYTE $0xC5; BYTE $0x35; BYTE $0xFE; BYTE $0xC8 // VPADDD ymm9, ymm9, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xFE; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VPADDD ymm0, ymm0, [rsp + 64]
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm0
+ BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x40; BYTE $0x10 // VBROADCASTI128 ymm0, [rax + 16]
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xFE; BYTE $0xD8 // VPADDD ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xFE; BYTE $0xF0 // VPADDD ymm6, ymm6, ymm0
+ BYTE $0xC5; BYTE $0x2D; BYTE $0xFE; BYTE $0xD0 // VPADDD ymm10, ymm10, ymm0
+ BYTE $0xC5; BYTE $0x15; BYTE $0xFE; BYTE $0xE8 // VPADDD ymm13, ymm13, ymm0
+ BYTE $0xC4; BYTE $0xE2; BYTE $0x7D; BYTE $0x5A; BYTE $0x40; BYTE $0x20 // VBROADCASTI128 ymm0, [rax + 32]
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE0 // VPADDD ymm4, ymm4, ymm0
+ BYTE $0xC5; BYTE $0xC5; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm0
+ BYTE $0xC5; BYTE $0x25; BYTE $0xFE; BYTE $0xD8 // VPADDD ymm11, ymm11, ymm0
+ BYTE $0xC5; BYTE $0x0D; BYTE $0xFE; BYTE $0xF0 // VPADDD ymm14, ymm14, ymm0
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xFE; BYTE $0x4C; BYTE $0x24; BYTE $0x20 // VPADDD ymm1, ymm1, [rsp + 32]
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x20 // VPERM2I128 ymm0, ymm2, ymm3, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x03 // VPXOR ymm0, ymm0, [rbx]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x01 // VMOVDQU [rcx], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x20 // VPERM2I128 ymm0, ymm4, ymm1, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x20 // VPXOR ymm0, ymm0, [rbx + 32]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x20 // VMOVDQU [rcx + 32], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x31 // VPERM2I128 ymm0, ymm2, ymm3, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x40 // VPXOR ymm0, ymm0, [rbx + 64]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x40 // VMOVDQU [rcx + 64], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x31 // VPERM2I128 ymm0, ymm4, ymm1, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x60 // VPXOR ymm0, ymm0, [rbx + 96]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x60 // VMOVDQU [rcx + 96], ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x4C; BYTE $0x24; BYTE $0x20 // VMOVDQA ymm1, [rsp + 32]
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xFE; BYTE $0x0C; BYTE $0x24 // VPADDD ymm1, ymm1, [rsp]
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xFE; BYTE $0xC1 // VPADDD ymm8, ymm8, ymm1
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x55; BYTE $0x46; BYTE $0xC6; BYTE $0x20 // VPERM2I128 ymm0, ymm5, ymm6, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x80; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 128]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x80; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 128], ymm0
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x45; BYTE $0x46; BYTE $0xC0; BYTE $0x20 // VPERM2I128 ymm0, ymm7, ymm8, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xA0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 160]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xA0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 160], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x55; BYTE $0x46; BYTE $0xC6; BYTE $0x31 // VPERM2I128 ymm0, ymm5, ymm6, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xC0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 192]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xC0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 192], ymm0
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x45; BYTE $0x46; BYTE $0xC0; BYTE $0x31 // VPERM2I128 ymm0, ymm7, ymm8, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xE0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 224]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xE0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 224], ymm0
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xFE; BYTE $0x0C; BYTE $0x24 // VPADDD ymm1, ymm1, [rsp]
+ BYTE $0xC5; BYTE $0x1D; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm12, ymm12, ymm1
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x35; BYTE $0x46; BYTE $0xC2; BYTE $0x20 // VPERM2I128 ymm0, ymm9, ymm10, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x00; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 256]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x00; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 256], ymm0
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x25; BYTE $0x46; BYTE $0xC4; BYTE $0x20 // VPERM2I128 ymm0, ymm11, ymm12, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x20; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 288]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x20; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 288], ymm0
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x35; BYTE $0x46; BYTE $0xC2; BYTE $0x31 // VPERM2I128 ymm0, ymm9, ymm10, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x40; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 320]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x40; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 320], ymm0
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x25; BYTE $0x46; BYTE $0xC4; BYTE $0x31 // VPERM2I128 ymm0, ymm11, ymm12, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x60; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 352]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x60; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 352], ymm0
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xFE; BYTE $0x0C; BYTE $0x24 // VPADDD ymm1, ymm1, [rsp]
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0x44; BYTE $0x24; BYTE $0x40 // VMOVDQA ymm0, [rsp + 64]
+ BYTE $0xC5; BYTE $0x05; BYTE $0xFE; BYTE $0xF9 // VPADDD ymm15, ymm15, ymm1
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x7D; BYTE $0x46; BYTE $0xD5; BYTE $0x20 // VPERM2I128 ymm2, ymm0, ymm13, 32
+ BYTE $0xC5; BYTE $0xED; BYTE $0xEF; BYTE $0x93; BYTE $0x80; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm2, ymm2, [rbx + 384]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x91; BYTE $0x80; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 384], ymm2
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x0D; BYTE $0x46; BYTE $0xD7; BYTE $0x20 // VPERM2I128 ymm2, ymm14, ymm15, 32
+ BYTE $0xC5; BYTE $0xED; BYTE $0xEF; BYTE $0x93; BYTE $0xA0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm2, ymm2, [rbx + 416]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x91; BYTE $0xA0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 416], ymm2
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x7D; BYTE $0x46; BYTE $0xD5; BYTE $0x31 // VPERM2I128 ymm2, ymm0, ymm13, 49
+ BYTE $0xC5; BYTE $0xED; BYTE $0xEF; BYTE $0x93; BYTE $0xC0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm2, ymm2, [rbx + 448]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x91; BYTE $0xC0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 448], ymm2
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x0D; BYTE $0x46; BYTE $0xD7; BYTE $0x31 // VPERM2I128 ymm2, ymm14, ymm15, 49
+ BYTE $0xC5; BYTE $0xED; BYTE $0xEF; BYTE $0x93; BYTE $0xE0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VPXOR ymm2, ymm2, [rbx + 480]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x91; BYTE $0xE0; BYTE $0x01; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 480], ymm2
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xFE; BYTE $0x0C; BYTE $0x24 // VPADDD ymm1, ymm1, [rsp]
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x4C; BYTE $0x24; BYTE $0x20 // VMOVDQA [rsp + 32], ymm1
+ ADDQ $512, BX
+ ADDQ $512, CX
+ SUBQ $8, DX
+ JCC vector_loop8_begin
+vector_loop8_end:
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0xE1 // VMOVDQA ymm12, ymm1
+ ADDQ $8, DX
+ JEQ out_write_even
+ BYTE $0xC4; BYTE $0x62; BYTE $0x7D; BYTE $0x5A; BYTE $0x08 // VBROADCASTI128 ymm9, [rax]
+ BYTE $0xC4; BYTE $0x62; BYTE $0x7D; BYTE $0x5A; BYTE $0x50; BYTE $0x10 // VBROADCASTI128 ymm10, [rax + 16]
+ BYTE $0xC4; BYTE $0x62; BYTE $0x7D; BYTE $0x5A; BYTE $0x58; BYTE $0x20 // VBROADCASTI128 ymm11, [rax + 32]
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x6F; BYTE $0x34; BYTE $0x24 // VMOVDQA ymm14, [rsp]
+ SUBQ $4, DX
+ JCS process_2_blocks
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xCA // VMOVDQA ymm2, ymm9
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xD3 // VMOVDQA ymm3, ymm10
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xDC // VMOVDQA ymm4, ymm11
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xE1 // VMOVDQA ymm1, ymm12
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xEA // VMOVDQA ymm5, ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xF3 // VMOVDQA ymm6, ymm3
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x6F; BYTE $0xFC // VMOVDQA ymm7, ymm4
+ BYTE $0xC4; BYTE $0x41; BYTE $0x75; BYTE $0xD4; BYTE $0xC6 // VPADDQ ymm8, ymm1, ymm14
+ MOVQ $20, SI
+rounds_loop4_begin:
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x10 // VPSLLD ymm0, ymm8, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x10 // VPSRLD ymm8, ymm8, 16
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x0C // VPSLLD ymm0, ymm6, 12
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x14 // VPSRLD ymm6, ymm6, 20
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x08 // VPSLLD ymm0, ymm8, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x18 // VPSRLD ymm8, ymm8, 24
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x07 // VPSLLD ymm0, ymm6, 7
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x19 // VPSRLD ymm6, ymm6, 25
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x39 // VPSHUFD ymm3, ymm3, 57
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xF6; BYTE $0x39 // VPSHUFD ymm6, ymm6, 57
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xFF; BYTE $0x4E // VPSHUFD ymm7, ymm7, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x93 // VPSHUFD ymm1, ymm1, 147
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xC0; BYTE $0x93 // VPSHUFD ymm8, ymm8, 147
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x10 // VPSLLD ymm0, ymm8, 16
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x10 // VPSRLD ymm8, ymm8, 16
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x0C // VPSLLD ymm0, ymm6, 12
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x14 // VPSRLD ymm6, ymm6, 20
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xD5; BYTE $0xFE; BYTE $0xEE // VPADDD ymm5, ymm5, ymm6
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC5 // VPXOR ymm8, ymm8, ymm5
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x7D; BYTE $0x72; BYTE $0xF0; BYTE $0x08 // VPSLLD ymm0, ymm8, 8
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x3D; BYTE $0x72; BYTE $0xD0; BYTE $0x18 // VPSRLD ymm8, ymm8, 24
+ BYTE $0xC5; BYTE $0x3D; BYTE $0xEF; BYTE $0xC0 // VPXOR ymm8, ymm8, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xF8 // VPADDD ymm7, ymm7, ymm8
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF7 // VPXOR ymm6, ymm6, ymm7
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF6; BYTE $0x07 // VPSLLD ymm0, ymm6, 7
+ BYTE $0xC5; BYTE $0xCD; BYTE $0x72; BYTE $0xD6; BYTE $0x19 // VPSRLD ymm6, ymm6, 25
+ BYTE $0xC5; BYTE $0xCD; BYTE $0xEF; BYTE $0xF0 // VPXOR ymm6, ymm6, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x93 // VPSHUFD ymm3, ymm3, 147
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xF6; BYTE $0x93 // VPSHUFD ymm6, ymm6, 147
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xFF; BYTE $0x4E // VPSHUFD ymm7, ymm7, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x39 // VPSHUFD ymm1, ymm1, 57
+ BYTE $0xC4; BYTE $0x41; BYTE $0x7D; BYTE $0x70; BYTE $0xC0; BYTE $0x39 // VPSHUFD ymm8, ymm8, 57
+ SUBQ $2, SI
+ JNE rounds_loop4_begin
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x6D; BYTE $0xFE; BYTE $0xD1 // VPADDD ymm2, ymm2, ymm9
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x65; BYTE $0xFE; BYTE $0xDA // VPADDD ymm3, ymm3, ymm10
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x5D; BYTE $0xFE; BYTE $0xE3 // VPADDD ymm4, ymm4, ymm11
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x75; BYTE $0xFE; BYTE $0xCC // VPADDD ymm1, ymm1, ymm12
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x20 // VPERM2I128 ymm0, ymm2, ymm3, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x03 // VPXOR ymm0, ymm0, [rbx]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x01 // VMOVDQU [rcx], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x20 // VPERM2I128 ymm0, ymm4, ymm1, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x20 // VPXOR ymm0, ymm0, [rbx + 32]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x20 // VMOVDQU [rcx + 32], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x31 // VPERM2I128 ymm0, ymm2, ymm3, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x40 // VPXOR ymm0, ymm0, [rbx + 64]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x40 // VMOVDQU [rcx + 64], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x31 // VPERM2I128 ymm0, ymm4, ymm1, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x60 // VPXOR ymm0, ymm0, [rbx + 96]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x60 // VMOVDQU [rcx + 96], ymm0
+ BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xFE; BYTE $0xE6 // VPADDD ymm12, ymm12, ymm14
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x55; BYTE $0xFE; BYTE $0xE9 // VPADDD ymm5, ymm5, ymm9
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x4D; BYTE $0xFE; BYTE $0xF2 // VPADDD ymm6, ymm6, ymm10
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x45; BYTE $0xFE; BYTE $0xFB // VPADDD ymm7, ymm7, ymm11
+ BYTE $0xC4; BYTE $0x41; BYTE $0x3D; BYTE $0xFE; BYTE $0xC4 // VPADDD ymm8, ymm8, ymm12
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x55; BYTE $0x46; BYTE $0xC6; BYTE $0x20 // VPERM2I128 ymm0, ymm5, ymm6, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0x80; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 128]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0x80; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 128], ymm0
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x45; BYTE $0x46; BYTE $0xC0; BYTE $0x20 // VPERM2I128 ymm0, ymm7, ymm8, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xA0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 160]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xA0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 160], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x55; BYTE $0x46; BYTE $0xC6; BYTE $0x31 // VPERM2I128 ymm0, ymm5, ymm6, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xC0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 192]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xC0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 192], ymm0
+ BYTE $0xC4; BYTE $0xC3; BYTE $0x45; BYTE $0x46; BYTE $0xC0; BYTE $0x31 // VPERM2I128 ymm0, ymm7, ymm8, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x83; BYTE $0xE0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VPXOR ymm0, ymm0, [rbx + 224]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x81; BYTE $0xE0; BYTE $0x00; BYTE $0x00; BYTE $0x00 // VMOVDQU [rcx + 224], ymm0
+ BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xFE; BYTE $0xE6 // VPADDD ymm12, ymm12, ymm14
+ ADDQ $256, BX
+ ADDQ $256, CX
+ SUBQ $4, DX
+process_2_blocks:
+ ADDQ $4, DX
+ JEQ out_write_even
+vector_loop2_begin:
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xCA // VMOVDQA ymm2, ymm9
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xD3 // VMOVDQA ymm3, ymm10
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xDC // VMOVDQA ymm4, ymm11
+ BYTE $0xC5; BYTE $0x7D; BYTE $0x7F; BYTE $0xE1 // VMOVDQA ymm1, ymm12
+ MOVQ $20, SI
+rounds_loop2_begin:
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x39 // VPSHUFD ymm3, ymm3, 57
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x93 // VPSHUFD ymm1, ymm1, 147
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x10 // VPSLLD ymm0, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x10 // VPSRLD ymm1, ymm1, 16
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x0C // VPSLLD ymm0, ymm3, 12
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x14 // VPSRLD ymm3, ymm3, 20
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xED; BYTE $0xFE; BYTE $0xD3 // VPADDD ymm2, ymm2, ymm3
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xCA // VPXOR ymm1, ymm1, ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF1; BYTE $0x08 // VPSLLD ymm0, ymm1, 8
+ BYTE $0xC5; BYTE $0xF5; BYTE $0x72; BYTE $0xD1; BYTE $0x18 // VPSRLD ymm1, ymm1, 24
+ BYTE $0xC5; BYTE $0xF5; BYTE $0xEF; BYTE $0xC8 // VPXOR ymm1, ymm1, ymm0
+ BYTE $0xC5; BYTE $0xDD; BYTE $0xFE; BYTE $0xE1 // VPADDD ymm4, ymm4, ymm1
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xDC // VPXOR ymm3, ymm3, ymm4
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x72; BYTE $0xF3; BYTE $0x07 // VPSLLD ymm0, ymm3, 7
+ BYTE $0xC5; BYTE $0xE5; BYTE $0x72; BYTE $0xD3; BYTE $0x19 // VPSRLD ymm3, ymm3, 25
+ BYTE $0xC5; BYTE $0xE5; BYTE $0xEF; BYTE $0xD8 // VPXOR ymm3, ymm3, ymm0
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xDB; BYTE $0x93 // VPSHUFD ymm3, ymm3, 147
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xE4; BYTE $0x4E // VPSHUFD ymm4, ymm4, 78
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x70; BYTE $0xC9; BYTE $0x39 // VPSHUFD ymm1, ymm1, 57
+ SUBQ $2, SI
+ JNE rounds_loop2_begin
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x6D; BYTE $0xFE; BYTE $0xD1 // VPADDD ymm2, ymm2, ymm9
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x65; BYTE $0xFE; BYTE $0xDA // VPADDD ymm3, ymm3, ymm10
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x5D; BYTE $0xFE; BYTE $0xE3 // VPADDD ymm4, ymm4, ymm11
+ BYTE $0xC4; BYTE $0xC1; BYTE $0x75; BYTE $0xFE; BYTE $0xCC // VPADDD ymm1, ymm1, ymm12
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x20 // VPERM2I128 ymm0, ymm2, ymm3, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x03 // VPXOR ymm0, ymm0, [rbx]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x01 // VMOVDQU [rcx], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x20 // VPERM2I128 ymm0, ymm4, ymm1, 32
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x20 // VPXOR ymm0, ymm0, [rbx + 32]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x20 // VMOVDQU [rcx + 32], ymm0
+ SUBQ $1, DX
+ JEQ out_write_odd
+ BYTE $0xC4; BYTE $0x41; BYTE $0x1D; BYTE $0xFE; BYTE $0xE6 // VPADDD ymm12, ymm12, ymm14
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x6D; BYTE $0x46; BYTE $0xC3; BYTE $0x31 // VPERM2I128 ymm0, ymm2, ymm3, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x40 // VPXOR ymm0, ymm0, [rbx + 64]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x40 // VMOVDQU [rcx + 64], ymm0
+ BYTE $0xC4; BYTE $0xE3; BYTE $0x5D; BYTE $0x46; BYTE $0xC1; BYTE $0x31 // VPERM2I128 ymm0, ymm4, ymm1, 49
+ BYTE $0xC5; BYTE $0xFD; BYTE $0xEF; BYTE $0x43; BYTE $0x60 // VPXOR ymm0, ymm0, [rbx + 96]
+ BYTE $0xC5; BYTE $0xFE; BYTE $0x7F; BYTE $0x41; BYTE $0x60 // VMOVDQU [rcx + 96], ymm0
+ SUBQ $1, DX
+ JEQ out_write_even
+ ADDQ $128, BX
+ ADDQ $128, CX
+ JMP vector_loop2_begin
+out_write_odd:
+ BYTE $0xC4; BYTE $0x43; BYTE $0x1D; BYTE $0x46; BYTE $0xE4; BYTE $0x01 // VPERM2I128 ymm12, ymm12, ymm12, 1
+out_write_even:
+ BYTE $0xC5; BYTE $0x7A; BYTE $0x7F; BYTE $0x60; BYTE $0x30 // VMOVDQU [rax + 48], xmm12
+ BYTE $0xC5; BYTE $0xED; BYTE $0xEF; BYTE $0xD2 // VPXOR ymm2, ymm2, ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x54; BYTE $0x24; BYTE $0x40 // VMOVDQA [rsp + 64], ymm2
+ BYTE $0xC5; BYTE $0xFD; BYTE $0x7F; BYTE $0x54; BYTE $0x24; BYTE $0x20 // VMOVDQA [rsp + 32], ymm2
+ BYTE $0xC5; BYTE $0xFC; BYTE $0x77 // VZEROALL
+ MOVQ DI, SP
+ RET
+
+// func cpuidAmd64(cpuidParams *uint32)
+TEXT ·cpuidAmd64(SB),4,$0-8
+ MOVQ cpuidParams+0(FP), R15
+ MOVL 0(R15), AX
+ MOVL 8(R15), CX
+ CPUID
+ MOVL AX, 0(R15)
+ MOVL BX, 4(R15)
+ MOVL CX, 8(R15)
+ MOVL DX, 12(R15)
+ RET
+
+// func xgetbv0Amd64(xcrVec *uint32)
+TEXT ·xgetbv0Amd64(SB),4,$0-8
+ MOVQ xcrVec+0(FP), BX
+ XORL CX, CX
+ BYTE $0x0F; BYTE $0x01; BYTE $0xD0 // XGETBV
+ MOVL AX, 0(BX)
+ MOVL DX, 4(BX)
+ RET
diff --git a/vendor/github.com/Yawning/chacha20/chacha20_ref.go b/vendor/github.com/Yawning/chacha20/chacha20_ref.go
new file mode 100644
index 0000000..fcdc8c6
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/chacha20_ref.go
@@ -0,0 +1,394 @@
+// chacha20_ref.go - Reference ChaCha20.
+//
+// To the extent possible under law, Yawning Angel has waived all copyright
+// and related or neighboring rights to chacha20, using the Creative
+// Commons "CC0" public domain dedication. See LICENSE or
+// for full details.
+
+// +build !go1.9
+
+package chacha20
+
+import (
+ "encoding/binary"
+ "math"
+ "unsafe"
+)
+
+func blocksRef(x *[stateSize]uint32, in []byte, out []byte, nrBlocks int, isIetf bool) {
+ if isIetf {
+ var totalBlocks uint64
+ totalBlocks = uint64(x[12]) + uint64(nrBlocks)
+ if totalBlocks > math.MaxUint32 {
+ panic("chacha20: Exceeded keystream per nonce limit")
+ }
+ }
+
+ // This routine ignores x[0]...x[4] in favor the const values since it's
+ // ever so slightly faster.
+
+ for n := 0; n < nrBlocks; n++ {
+ x0, x1, x2, x3 := sigma0, sigma1, sigma2, sigma3
+ x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15 := x[4], x[5], x[6], x[7], x[8], x[9], x[10], x[11], x[12], x[13], x[14], x[15]
+
+ for i := chachaRounds; i > 0; i -= 2 {
+ // quarterround(x, 0, 4, 8, 12)
+ x0 += x4
+ x12 ^= x0
+ x12 = (x12 << 16) | (x12 >> 16)
+ x8 += x12
+ x4 ^= x8
+ x4 = (x4 << 12) | (x4 >> 20)
+ x0 += x4
+ x12 ^= x0
+ x12 = (x12 << 8) | (x12 >> 24)
+ x8 += x12
+ x4 ^= x8
+ x4 = (x4 << 7) | (x4 >> 25)
+
+ // quarterround(x, 1, 5, 9, 13)
+ x1 += x5
+ x13 ^= x1
+ x13 = (x13 << 16) | (x13 >> 16)
+ x9 += x13
+ x5 ^= x9
+ x5 = (x5 << 12) | (x5 >> 20)
+ x1 += x5
+ x13 ^= x1
+ x13 = (x13 << 8) | (x13 >> 24)
+ x9 += x13
+ x5 ^= x9
+ x5 = (x5 << 7) | (x5 >> 25)
+
+ // quarterround(x, 2, 6, 10, 14)
+ x2 += x6
+ x14 ^= x2
+ x14 = (x14 << 16) | (x14 >> 16)
+ x10 += x14
+ x6 ^= x10
+ x6 = (x6 << 12) | (x6 >> 20)
+ x2 += x6
+ x14 ^= x2
+ x14 = (x14 << 8) | (x14 >> 24)
+ x10 += x14
+ x6 ^= x10
+ x6 = (x6 << 7) | (x6 >> 25)
+
+ // quarterround(x, 3, 7, 11, 15)
+ x3 += x7
+ x15 ^= x3
+ x15 = (x15 << 16) | (x15 >> 16)
+ x11 += x15
+ x7 ^= x11
+ x7 = (x7 << 12) | (x7 >> 20)
+ x3 += x7
+ x15 ^= x3
+ x15 = (x15 << 8) | (x15 >> 24)
+ x11 += x15
+ x7 ^= x11
+ x7 = (x7 << 7) | (x7 >> 25)
+
+ // quarterround(x, 0, 5, 10, 15)
+ x0 += x5
+ x15 ^= x0
+ x15 = (x15 << 16) | (x15 >> 16)
+ x10 += x15
+ x5 ^= x10
+ x5 = (x5 << 12) | (x5 >> 20)
+ x0 += x5
+ x15 ^= x0
+ x15 = (x15 << 8) | (x15 >> 24)
+ x10 += x15
+ x5 ^= x10
+ x5 = (x5 << 7) | (x5 >> 25)
+
+ // quarterround(x, 1, 6, 11, 12)
+ x1 += x6
+ x12 ^= x1
+ x12 = (x12 << 16) | (x12 >> 16)
+ x11 += x12
+ x6 ^= x11
+ x6 = (x6 << 12) | (x6 >> 20)
+ x1 += x6
+ x12 ^= x1
+ x12 = (x12 << 8) | (x12 >> 24)
+ x11 += x12
+ x6 ^= x11
+ x6 = (x6 << 7) | (x6 >> 25)
+
+ // quarterround(x, 2, 7, 8, 13)
+ x2 += x7
+ x13 ^= x2
+ x13 = (x13 << 16) | (x13 >> 16)
+ x8 += x13
+ x7 ^= x8
+ x7 = (x7 << 12) | (x7 >> 20)
+ x2 += x7
+ x13 ^= x2
+ x13 = (x13 << 8) | (x13 >> 24)
+ x8 += x13
+ x7 ^= x8
+ x7 = (x7 << 7) | (x7 >> 25)
+
+ // quarterround(x, 3, 4, 9, 14)
+ x3 += x4
+ x14 ^= x3
+ x14 = (x14 << 16) | (x14 >> 16)
+ x9 += x14
+ x4 ^= x9
+ x4 = (x4 << 12) | (x4 >> 20)
+ x3 += x4
+ x14 ^= x3
+ x14 = (x14 << 8) | (x14 >> 24)
+ x9 += x14
+ x4 ^= x9
+ x4 = (x4 << 7) | (x4 >> 25)
+ }
+
+ // On amd64 at least, this is a rather big boost.
+ if useUnsafe {
+ if in != nil {
+ inArr := (*[16]uint32)(unsafe.Pointer(&in[n*BlockSize]))
+ outArr := (*[16]uint32)(unsafe.Pointer(&out[n*BlockSize]))
+ outArr[0] = inArr[0] ^ (x0 + sigma0)
+ outArr[1] = inArr[1] ^ (x1 + sigma1)
+ outArr[2] = inArr[2] ^ (x2 + sigma2)
+ outArr[3] = inArr[3] ^ (x3 + sigma3)
+ outArr[4] = inArr[4] ^ (x4 + x[4])
+ outArr[5] = inArr[5] ^ (x5 + x[5])
+ outArr[6] = inArr[6] ^ (x6 + x[6])
+ outArr[7] = inArr[7] ^ (x7 + x[7])
+ outArr[8] = inArr[8] ^ (x8 + x[8])
+ outArr[9] = inArr[9] ^ (x9 + x[9])
+ outArr[10] = inArr[10] ^ (x10 + x[10])
+ outArr[11] = inArr[11] ^ (x11 + x[11])
+ outArr[12] = inArr[12] ^ (x12 + x[12])
+ outArr[13] = inArr[13] ^ (x13 + x[13])
+ outArr[14] = inArr[14] ^ (x14 + x[14])
+ outArr[15] = inArr[15] ^ (x15 + x[15])
+ } else {
+ outArr := (*[16]uint32)(unsafe.Pointer(&out[n*BlockSize]))
+ outArr[0] = x0 + sigma0
+ outArr[1] = x1 + sigma1
+ outArr[2] = x2 + sigma2
+ outArr[3] = x3 + sigma3
+ outArr[4] = x4 + x[4]
+ outArr[5] = x5 + x[5]
+ outArr[6] = x6 + x[6]
+ outArr[7] = x7 + x[7]
+ outArr[8] = x8 + x[8]
+ outArr[9] = x9 + x[9]
+ outArr[10] = x10 + x[10]
+ outArr[11] = x11 + x[11]
+ outArr[12] = x12 + x[12]
+ outArr[13] = x13 + x[13]
+ outArr[14] = x14 + x[14]
+ outArr[15] = x15 + x[15]
+ }
+ } else {
+ // Slow path, either the architecture cares about alignment, or is not little endian.
+ x0 += sigma0
+ x1 += sigma1
+ x2 += sigma2
+ x3 += sigma3
+ x4 += x[4]
+ x5 += x[5]
+ x6 += x[6]
+ x7 += x[7]
+ x8 += x[8]
+ x9 += x[9]
+ x10 += x[10]
+ x11 += x[11]
+ x12 += x[12]
+ x13 += x[13]
+ x14 += x[14]
+ x15 += x[15]
+ if in != nil {
+ binary.LittleEndian.PutUint32(out[0:4], binary.LittleEndian.Uint32(in[0:4])^x0)
+ binary.LittleEndian.PutUint32(out[4:8], binary.LittleEndian.Uint32(in[4:8])^x1)
+ binary.LittleEndian.PutUint32(out[8:12], binary.LittleEndian.Uint32(in[8:12])^x2)
+ binary.LittleEndian.PutUint32(out[12:16], binary.LittleEndian.Uint32(in[12:16])^x3)
+ binary.LittleEndian.PutUint32(out[16:20], binary.LittleEndian.Uint32(in[16:20])^x4)
+ binary.LittleEndian.PutUint32(out[20:24], binary.LittleEndian.Uint32(in[20:24])^x5)
+ binary.LittleEndian.PutUint32(out[24:28], binary.LittleEndian.Uint32(in[24:28])^x6)
+ binary.LittleEndian.PutUint32(out[28:32], binary.LittleEndian.Uint32(in[28:32])^x7)
+ binary.LittleEndian.PutUint32(out[32:36], binary.LittleEndian.Uint32(in[32:36])^x8)
+ binary.LittleEndian.PutUint32(out[36:40], binary.LittleEndian.Uint32(in[36:40])^x9)
+ binary.LittleEndian.PutUint32(out[40:44], binary.LittleEndian.Uint32(in[40:44])^x10)
+ binary.LittleEndian.PutUint32(out[44:48], binary.LittleEndian.Uint32(in[44:48])^x11)
+ binary.LittleEndian.PutUint32(out[48:52], binary.LittleEndian.Uint32(in[48:52])^x12)
+ binary.LittleEndian.PutUint32(out[52:56], binary.LittleEndian.Uint32(in[52:56])^x13)
+ binary.LittleEndian.PutUint32(out[56:60], binary.LittleEndian.Uint32(in[56:60])^x14)
+ binary.LittleEndian.PutUint32(out[60:64], binary.LittleEndian.Uint32(in[60:64])^x15)
+ in = in[BlockSize:]
+ } else {
+ binary.LittleEndian.PutUint32(out[0:4], x0)
+ binary.LittleEndian.PutUint32(out[4:8], x1)
+ binary.LittleEndian.PutUint32(out[8:12], x2)
+ binary.LittleEndian.PutUint32(out[12:16], x3)
+ binary.LittleEndian.PutUint32(out[16:20], x4)
+ binary.LittleEndian.PutUint32(out[20:24], x5)
+ binary.LittleEndian.PutUint32(out[24:28], x6)
+ binary.LittleEndian.PutUint32(out[28:32], x7)
+ binary.LittleEndian.PutUint32(out[32:36], x8)
+ binary.LittleEndian.PutUint32(out[36:40], x9)
+ binary.LittleEndian.PutUint32(out[40:44], x10)
+ binary.LittleEndian.PutUint32(out[44:48], x11)
+ binary.LittleEndian.PutUint32(out[48:52], x12)
+ binary.LittleEndian.PutUint32(out[52:56], x13)
+ binary.LittleEndian.PutUint32(out[56:60], x14)
+ binary.LittleEndian.PutUint32(out[60:64], x15)
+ }
+ out = out[BlockSize:]
+ }
+
+ // Stoping at 2^70 bytes per nonce is the user's responsibility.
+ ctr := uint64(x[13])<<32 | uint64(x[12])
+ ctr++
+ x[12] = uint32(ctr)
+ x[13] = uint32(ctr >> 32)
+ }
+}
+
+func hChaChaRef(x *[stateSize]uint32, out *[32]byte) {
+ x0, x1, x2, x3 := sigma0, sigma1, sigma2, sigma3
+ x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15 := x[0], x[1], x[2], x[3], x[4], x[5], x[6], x[7], x[8], x[9], x[10], x[11]
+
+ for i := chachaRounds; i > 0; i -= 2 {
+ // quarterround(x, 0, 4, 8, 12)
+ x0 += x4
+ x12 ^= x0
+ x12 = (x12 << 16) | (x12 >> 16)
+ x8 += x12
+ x4 ^= x8
+ x4 = (x4 << 12) | (x4 >> 20)
+ x0 += x4
+ x12 ^= x0
+ x12 = (x12 << 8) | (x12 >> 24)
+ x8 += x12
+ x4 ^= x8
+ x4 = (x4 << 7) | (x4 >> 25)
+
+ // quarterround(x, 1, 5, 9, 13)
+ x1 += x5
+ x13 ^= x1
+ x13 = (x13 << 16) | (x13 >> 16)
+ x9 += x13
+ x5 ^= x9
+ x5 = (x5 << 12) | (x5 >> 20)
+ x1 += x5
+ x13 ^= x1
+ x13 = (x13 << 8) | (x13 >> 24)
+ x9 += x13
+ x5 ^= x9
+ x5 = (x5 << 7) | (x5 >> 25)
+
+ // quarterround(x, 2, 6, 10, 14)
+ x2 += x6
+ x14 ^= x2
+ x14 = (x14 << 16) | (x14 >> 16)
+ x10 += x14
+ x6 ^= x10
+ x6 = (x6 << 12) | (x6 >> 20)
+ x2 += x6
+ x14 ^= x2
+ x14 = (x14 << 8) | (x14 >> 24)
+ x10 += x14
+ x6 ^= x10
+ x6 = (x6 << 7) | (x6 >> 25)
+
+ // quarterround(x, 3, 7, 11, 15)
+ x3 += x7
+ x15 ^= x3
+ x15 = (x15 << 16) | (x15 >> 16)
+ x11 += x15
+ x7 ^= x11
+ x7 = (x7 << 12) | (x7 >> 20)
+ x3 += x7
+ x15 ^= x3
+ x15 = (x15 << 8) | (x15 >> 24)
+ x11 += x15
+ x7 ^= x11
+ x7 = (x7 << 7) | (x7 >> 25)
+
+ // quarterround(x, 0, 5, 10, 15)
+ x0 += x5
+ x15 ^= x0
+ x15 = (x15 << 16) | (x15 >> 16)
+ x10 += x15
+ x5 ^= x10
+ x5 = (x5 << 12) | (x5 >> 20)
+ x0 += x5
+ x15 ^= x0
+ x15 = (x15 << 8) | (x15 >> 24)
+ x10 += x15
+ x5 ^= x10
+ x5 = (x5 << 7) | (x5 >> 25)
+
+ // quarterround(x, 1, 6, 11, 12)
+ x1 += x6
+ x12 ^= x1
+ x12 = (x12 << 16) | (x12 >> 16)
+ x11 += x12
+ x6 ^= x11
+ x6 = (x6 << 12) | (x6 >> 20)
+ x1 += x6
+ x12 ^= x1
+ x12 = (x12 << 8) | (x12 >> 24)
+ x11 += x12
+ x6 ^= x11
+ x6 = (x6 << 7) | (x6 >> 25)
+
+ // quarterround(x, 2, 7, 8, 13)
+ x2 += x7
+ x13 ^= x2
+ x13 = (x13 << 16) | (x13 >> 16)
+ x8 += x13
+ x7 ^= x8
+ x7 = (x7 << 12) | (x7 >> 20)
+ x2 += x7
+ x13 ^= x2
+ x13 = (x13 << 8) | (x13 >> 24)
+ x8 += x13
+ x7 ^= x8
+ x7 = (x7 << 7) | (x7 >> 25)
+
+ // quarterround(x, 3, 4, 9, 14)
+ x3 += x4
+ x14 ^= x3
+ x14 = (x14 << 16) | (x14 >> 16)
+ x9 += x14
+ x4 ^= x9
+ x4 = (x4 << 12) | (x4 >> 20)
+ x3 += x4
+ x14 ^= x3
+ x14 = (x14 << 8) | (x14 >> 24)
+ x9 += x14
+ x4 ^= x9
+ x4 = (x4 << 7) | (x4 >> 25)
+ }
+
+ // HChaCha returns x0...x3 | x12...x15, which corresponds to the
+ // indexes of the ChaCha constant and the indexes of the IV.
+ if useUnsafe {
+ outArr := (*[16]uint32)(unsafe.Pointer(&out[0]))
+ outArr[0] = x0
+ outArr[1] = x1
+ outArr[2] = x2
+ outArr[3] = x3
+ outArr[4] = x12
+ outArr[5] = x13
+ outArr[6] = x14
+ outArr[7] = x15
+ } else {
+ binary.LittleEndian.PutUint32(out[0:4], x0)
+ binary.LittleEndian.PutUint32(out[4:8], x1)
+ binary.LittleEndian.PutUint32(out[8:12], x2)
+ binary.LittleEndian.PutUint32(out[12:16], x3)
+ binary.LittleEndian.PutUint32(out[16:20], x12)
+ binary.LittleEndian.PutUint32(out[20:24], x13)
+ binary.LittleEndian.PutUint32(out[24:28], x14)
+ binary.LittleEndian.PutUint32(out[28:32], x15)
+ }
+ return
+}
diff --git a/vendor/github.com/Yawning/chacha20/chacha20_ref_go19.go b/vendor/github.com/Yawning/chacha20/chacha20_ref_go19.go
new file mode 100644
index 0000000..8405c22
--- /dev/null
+++ b/vendor/github.com/Yawning/chacha20/chacha20_ref_go19.go
@@ -0,0 +1,395 @@
+// chacha20_ref.go - Reference ChaCha20.
+//
+// To the extent possible under law, Yawning Angel has waived all copyright
+// and related or neighboring rights to chacha20, using the Creative
+// Commons "CC0" public domain dedication. See LICENSE or
+// for full details.
+
+// +build go1.9
+
+package chacha20
+
+import (
+ "encoding/binary"
+ "math"
+ "math/bits"
+ "unsafe"
+)
+
+func blocksRef(x *[stateSize]uint32, in []byte, out []byte, nrBlocks int, isIetf bool) {
+ if isIetf {
+ var totalBlocks uint64
+ totalBlocks = uint64(x[12]) + uint64(nrBlocks)
+ if totalBlocks > math.MaxUint32 {
+ panic("chacha20: Exceeded keystream per nonce limit")
+ }
+ }
+
+ // This routine ignores x[0]...x[4] in favor the const values since it's
+ // ever so slightly faster.
+
+ for n := 0; n < nrBlocks; n++ {
+ x0, x1, x2, x3 := sigma0, sigma1, sigma2, sigma3
+ x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15 := x[4], x[5], x[6], x[7], x[8], x[9], x[10], x[11], x[12], x[13], x[14], x[15]
+
+ for i := chachaRounds; i > 0; i -= 2 {
+ // quarterround(x, 0, 4, 8, 12)
+ x0 += x4
+ x12 ^= x0
+ x12 = bits.RotateLeft32(x12, 16)
+ x8 += x12
+ x4 ^= x8
+ x4 = bits.RotateLeft32(x4, 12)
+ x0 += x4
+ x12 ^= x0
+ x12 = bits.RotateLeft32(x12, 8)
+ x8 += x12
+ x4 ^= x8
+ x4 = bits.RotateLeft32(x4, 7)
+
+ // quarterround(x, 1, 5, 9, 13)
+ x1 += x5
+ x13 ^= x1
+ x13 = bits.RotateLeft32(x13, 16)
+ x9 += x13
+ x5 ^= x9
+ x5 = bits.RotateLeft32(x5, 12)
+ x1 += x5
+ x13 ^= x1
+ x13 = bits.RotateLeft32(x13, 8)
+ x9 += x13
+ x5 ^= x9
+ x5 = bits.RotateLeft32(x5, 7)
+
+ // quarterround(x, 2, 6, 10, 14)
+ x2 += x6
+ x14 ^= x2
+ x14 = bits.RotateLeft32(x14, 16)
+ x10 += x14
+ x6 ^= x10
+ x6 = bits.RotateLeft32(x6, 12)
+ x2 += x6
+ x14 ^= x2
+ x14 = bits.RotateLeft32(x14, 8)
+ x10 += x14
+ x6 ^= x10
+ x6 = bits.RotateLeft32(x6, 7)
+
+ // quarterround(x, 3, 7, 11, 15)
+ x3 += x7
+ x15 ^= x3
+ x15 = bits.RotateLeft32(x15, 16)
+ x11 += x15
+ x7 ^= x11
+ x7 = bits.RotateLeft32(x7, 12)
+ x3 += x7
+ x15 ^= x3
+ x15 = bits.RotateLeft32(x15, 8)
+ x11 += x15
+ x7 ^= x11
+ x7 = bits.RotateLeft32(x7, 7)
+
+ // quarterround(x, 0, 5, 10, 15)
+ x0 += x5
+ x15 ^= x0
+ x15 = bits.RotateLeft32(x15, 16)
+ x10 += x15
+ x5 ^= x10
+ x5 = bits.RotateLeft32(x5, 12)
+ x0 += x5
+ x15 ^= x0
+ x15 = bits.RotateLeft32(x15, 8)
+ x10 += x15
+ x5 ^= x10
+ x5 = bits.RotateLeft32(x5, 7)
+
+ // quarterround(x, 1, 6, 11, 12)
+ x1 += x6
+ x12 ^= x1
+ x12 = bits.RotateLeft32(x12, 16)
+ x11 += x12
+ x6 ^= x11
+ x6 = bits.RotateLeft32(x6, 12)
+ x1 += x6
+ x12 ^= x1
+ x12 = bits.RotateLeft32(x12, 8)
+ x11 += x12
+ x6 ^= x11
+ x6 = bits.RotateLeft32(x6, 7)
+
+ // quarterround(x, 2, 7, 8, 13)
+ x2 += x7
+ x13 ^= x2
+ x13 = bits.RotateLeft32(x13, 16)
+ x8 += x13
+ x7 ^= x8
+ x7 = bits.RotateLeft32(x7, 12)
+ x2 += x7
+ x13 ^= x2
+ x13 = bits.RotateLeft32(x13, 8)
+ x8 += x13
+ x7 ^= x8
+ x7 = bits.RotateLeft32(x7, 7)
+
+ // quarterround(x, 3, 4, 9, 14)
+ x3 += x4
+ x14 ^= x3
+ x14 = bits.RotateLeft32(x14, 16)
+ x9 += x14
+ x4 ^= x9
+ x4 = bits.RotateLeft32(x4, 12)
+ x3 += x4
+ x14 ^= x3
+ x14 = bits.RotateLeft32(x14, 8)
+ x9 += x14
+ x4 ^= x9
+ x4 = bits.RotateLeft32(x4, 7)
+ }
+
+ // On amd64 at least, this is a rather big boost.
+ if useUnsafe {
+ if in != nil {
+ inArr := (*[16]uint32)(unsafe.Pointer(&in[n*BlockSize]))
+ outArr := (*[16]uint32)(unsafe.Pointer(&out[n*BlockSize]))
+ outArr[0] = inArr[0] ^ (x0 + sigma0)
+ outArr[1] = inArr[1] ^ (x1 + sigma1)
+ outArr[2] = inArr[2] ^ (x2 + sigma2)
+ outArr[3] = inArr[3] ^ (x3 + sigma3)
+ outArr[4] = inArr[4] ^ (x4 + x[4])
+ outArr[5] = inArr[5] ^ (x5 + x[5])
+ outArr[6] = inArr[6] ^ (x6 + x[6])
+ outArr[7] = inArr[7] ^ (x7 + x[7])
+ outArr[8] = inArr[8] ^ (x8 + x[8])
+ outArr[9] = inArr[9] ^ (x9 + x[9])
+ outArr[10] = inArr[10] ^ (x10 + x[10])
+ outArr[11] = inArr[11] ^ (x11 + x[11])
+ outArr[12] = inArr[12] ^ (x12 + x[12])
+ outArr[13] = inArr[13] ^ (x13 + x[13])
+ outArr[14] = inArr[14] ^ (x14 + x[14])
+ outArr[15] = inArr[15] ^ (x15 + x[15])
+ } else {
+ outArr := (*[16]uint32)(unsafe.Pointer(&out[n*BlockSize]))
+ outArr[0] = x0 + sigma0
+ outArr[1] = x1 + sigma1
+ outArr[2] = x2 + sigma2
+ outArr[3] = x3 + sigma3
+ outArr[4] = x4 + x[4]
+ outArr[5] = x5 + x[5]
+ outArr[6] = x6 + x[6]
+ outArr[7] = x7 + x[7]
+ outArr[8] = x8 + x[8]
+ outArr[9] = x9 + x[9]
+ outArr[10] = x10 + x[10]
+ outArr[11] = x11 + x[11]
+ outArr[12] = x12 + x[12]
+ outArr[13] = x13 + x[13]
+ outArr[14] = x14 + x[14]
+ outArr[15] = x15 + x[15]
+ }
+ } else {
+ // Slow path, either the architecture cares about alignment, or is not little endian.
+ x0 += sigma0
+ x1 += sigma1
+ x2 += sigma2
+ x3 += sigma3
+ x4 += x[4]
+ x5 += x[5]
+ x6 += x[6]
+ x7 += x[7]
+ x8 += x[8]
+ x9 += x[9]
+ x10 += x[10]
+ x11 += x[11]
+ x12 += x[12]
+ x13 += x[13]
+ x14 += x[14]
+ x15 += x[15]
+ if in != nil {
+ binary.LittleEndian.PutUint32(out[0:4], binary.LittleEndian.Uint32(in[0:4])^x0)
+ binary.LittleEndian.PutUint32(out[4:8], binary.LittleEndian.Uint32(in[4:8])^x1)
+ binary.LittleEndian.PutUint32(out[8:12], binary.LittleEndian.Uint32(in[8:12])^x2)
+ binary.LittleEndian.PutUint32(out[12:16], binary.LittleEndian.Uint32(in[12:16])^x3)
+ binary.LittleEndian.PutUint32(out[16:20], binary.LittleEndian.Uint32(in[16:20])^x4)
+ binary.LittleEndian.PutUint32(out[20:24], binary.LittleEndian.Uint32(in[20:24])^x5)
+ binary.LittleEndian.PutUint32(out[24:28], binary.LittleEndian.Uint32(in[24:28])^x6)
+ binary.LittleEndian.PutUint32(out[28:32], binary.LittleEndian.Uint32(in[28:32])^x7)
+ binary.LittleEndian.PutUint32(out[32:36], binary.LittleEndian.Uint32(in[32:36])^x8)
+ binary.LittleEndian.PutUint32(out[36:40], binary.LittleEndian.Uint32(in[36:40])^x9)
+ binary.LittleEndian.PutUint32(out[40:44], binary.LittleEndian.Uint32(in[40:44])^x10)
+ binary.LittleEndian.PutUint32(out[44:48], binary.LittleEndian.Uint32(in[44:48])^x11)
+ binary.LittleEndian.PutUint32(out[48:52], binary.LittleEndian.Uint32(in[48:52])^x12)
+ binary.LittleEndian.PutUint32(out[52:56], binary.LittleEndian.Uint32(in[52:56])^x13)
+ binary.LittleEndian.PutUint32(out[56:60], binary.LittleEndian.Uint32(in[56:60])^x14)
+ binary.LittleEndian.PutUint32(out[60:64], binary.LittleEndian.Uint32(in[60:64])^x15)
+ in = in[BlockSize:]
+ } else {
+ binary.LittleEndian.PutUint32(out[0:4], x0)
+ binary.LittleEndian.PutUint32(out[4:8], x1)
+ binary.LittleEndian.PutUint32(out[8:12], x2)
+ binary.LittleEndian.PutUint32(out[12:16], x3)
+ binary.LittleEndian.PutUint32(out[16:20], x4)
+ binary.LittleEndian.PutUint32(out[20:24], x5)
+ binary.LittleEndian.PutUint32(out[24:28], x6)
+ binary.LittleEndian.PutUint32(out[28:32], x7)
+ binary.LittleEndian.PutUint32(out[32:36], x8)
+ binary.LittleEndian.PutUint32(out[36:40], x9)
+ binary.LittleEndian.PutUint32(out[40:44], x10)
+ binary.LittleEndian.PutUint32(out[44:48], x11)
+ binary.LittleEndian.PutUint32(out[48:52], x12)
+ binary.LittleEndian.PutUint32(out[52:56], x13)
+ binary.LittleEndian.PutUint32(out[56:60], x14)
+ binary.LittleEndian.PutUint32(out[60:64], x15)
+ }
+ out = out[BlockSize:]
+ }
+
+ // Stoping at 2^70 bytes per nonce is the user's responsibility.
+ ctr := uint64(x[13])<<32 | uint64(x[12])
+ ctr++
+ x[12] = uint32(ctr)
+ x[13] = uint32(ctr >> 32)
+ }
+}
+
+func hChaChaRef(x *[stateSize]uint32, out *[32]byte) {
+ x0, x1, x2, x3 := sigma0, sigma1, sigma2, sigma3
+ x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15 := x[0], x[1], x[2], x[3], x[4], x[5], x[6], x[7], x[8], x[9], x[10], x[11]
+
+ for i := chachaRounds; i > 0; i -= 2 {
+ // quarterround(x, 0, 4, 8, 12)
+ x0 += x4
+ x12 ^= x0
+ x12 = bits.RotateLeft32(x12, 16)
+ x8 += x12
+ x4 ^= x8
+ x4 = bits.RotateLeft32(x4, 12)
+ x0 += x4
+ x12 ^= x0
+ x12 = bits.RotateLeft32(x12, 8)
+ x8 += x12
+ x4 ^= x8
+ x4 = bits.RotateLeft32(x4, 7)
+
+ // quarterround(x, 1, 5, 9, 13)
+ x1 += x5
+ x13 ^= x1
+ x13 = bits.RotateLeft32(x13, 16)
+ x9 += x13
+ x5 ^= x9
+ x5 = bits.RotateLeft32(x5, 12)
+ x1 += x5
+ x13 ^= x1
+ x13 = bits.RotateLeft32(x13, 8)
+ x9 += x13
+ x5 ^= x9
+ x5 = bits.RotateLeft32(x5, 7)
+
+ // quarterround(x, 2, 6, 10, 14)
+ x2 += x6
+ x14 ^= x2
+ x14 = bits.RotateLeft32(x14, 16)
+ x10 += x14
+ x6 ^= x10
+ x6 = bits.RotateLeft32(x6, 12)
+ x2 += x6
+ x14 ^= x2
+ x14 = bits.RotateLeft32(x14, 8)
+ x10 += x14
+ x6 ^= x10
+ x6 = bits.RotateLeft32(x6, 7)
+
+ // quarterround(x, 3, 7, 11, 15)
+ x3 += x7
+ x15 ^= x3
+ x15 = bits.RotateLeft32(x15, 16)
+ x11 += x15
+ x7 ^= x11
+ x7 = bits.RotateLeft32(x7, 12)
+ x3 += x7
+ x15 ^= x3
+ x15 = bits.RotateLeft32(x15, 8)
+ x11 += x15
+ x7 ^= x11
+ x7 = bits.RotateLeft32(x7, 7)
+
+ // quarterround(x, 0, 5, 10, 15)
+ x0 += x5
+ x15 ^= x0
+ x15 = bits.RotateLeft32(x15, 16)
+ x10 += x15
+ x5 ^= x10
+ x5 = bits.RotateLeft32(x5, 12)
+ x0 += x5
+ x15 ^= x0
+ x15 = bits.RotateLeft32(x15, 8)
+ x10 += x15
+ x5 ^= x10
+ x5 = bits.RotateLeft32(x5, 7)
+
+ // quarterround(x, 1, 6, 11, 12)
+ x1 += x6
+ x12 ^= x1
+ x12 = bits.RotateLeft32(x12, 16)
+ x11 += x12
+ x6 ^= x11
+ x6 = bits.RotateLeft32(x6, 12)
+ x1 += x6
+ x12 ^= x1
+ x12 = bits.RotateLeft32(x12, 8)
+ x11 += x12
+ x6 ^= x11
+ x6 = bits.RotateLeft32(x6, 7)
+
+ // quarterround(x, 2, 7, 8, 13)
+ x2 += x7
+ x13 ^= x2
+ x13 = bits.RotateLeft32(x13, 16)
+ x8 += x13
+ x7 ^= x8
+ x7 = bits.RotateLeft32(x7, 12)
+ x2 += x7
+ x13 ^= x2
+ x13 = bits.RotateLeft32(x13, 8)
+ x8 += x13
+ x7 ^= x8
+ x7 = bits.RotateLeft32(x7, 7)
+
+ // quarterround(x, 3, 4, 9, 14)
+ x3 += x4
+ x14 ^= x3
+ x14 = bits.RotateLeft32(x14, 16)
+ x9 += x14
+ x4 ^= x9
+ x4 = bits.RotateLeft32(x4, 12)
+ x3 += x4
+ x14 ^= x3
+ x14 = bits.RotateLeft32(x14, 8)
+ x9 += x14
+ x4 ^= x9
+ x4 = bits.RotateLeft32(x4, 7)
+ }
+
+ // HChaCha returns x0...x3 | x12...x15, which corresponds to the
+ // indexes of the ChaCha constant and the indexes of the IV.
+ if useUnsafe {
+ outArr := (*[16]uint32)(unsafe.Pointer(&out[0]))
+ outArr[0] = x0
+ outArr[1] = x1
+ outArr[2] = x2
+ outArr[3] = x3
+ outArr[4] = x12
+ outArr[5] = x13
+ outArr[6] = x14
+ outArr[7] = x15
+ } else {
+ binary.LittleEndian.PutUint32(out[0:4], x0)
+ binary.LittleEndian.PutUint32(out[4:8], x1)
+ binary.LittleEndian.PutUint32(out[8:12], x2)
+ binary.LittleEndian.PutUint32(out[12:16], x3)
+ binary.LittleEndian.PutUint32(out[16:20], x12)
+ binary.LittleEndian.PutUint32(out[20:24], x13)
+ binary.LittleEndian.PutUint32(out[24:28], x14)
+ binary.LittleEndian.PutUint32(out[28:32], x15)
+ }
+ return
+}
diff --git a/vendor/github.com/aead/chacha20/LICENSE b/vendor/github.com/aead/chacha20/LICENSE
new file mode 100644
index 0000000..b6a9210
--- /dev/null
+++ b/vendor/github.com/aead/chacha20/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Andreas Auernhammer
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/aead/chacha20/README.md b/vendor/github.com/aead/chacha20/README.md
new file mode 100644
index 0000000..b369424
--- /dev/null
+++ b/vendor/github.com/aead/chacha20/README.md
@@ -0,0 +1,82 @@
+[](https://godoc.org/github.com/aead/chacha20)
+[](https://travis-ci.org/aead/chacha20)
+[](https://goreportcard.com/report/aead/chacha20)
+
+## The ChaCha20 stream cipher
+
+ChaCha is a stream cipher family created by Daniel J. Bernstein.
+The most common ChaCha variant is ChaCha20 (20 rounds). ChaCha20 is
+standardized in [RFC 7539](https://tools.ietf.org/html/rfc7539 "RFC 7539").
+
+This package provides implementations of three ChaCha versions:
+- ChaCha20 with a 64 bit nonce (can en/decrypt up to 2^64 * 64 bytes for one key-nonce combination)
+- ChaCha20 with a 96 bit nonce (can en/decrypt up to 2^32 * 64 bytes ~ 256 GB for one key-nonce combination)
+- XChaCha20 with a 192 bit nonce (can en/decrypt up to 2^64 * 64 bytes for one key-nonce combination)
+
+Furthermore the chacha sub package implements ChaCha20/12 and ChaCha20/8.
+These versions use 12 or 8 rounds instead of 20.
+But it's recommended to use ChaCha20 (with 20 rounds) - it will be fast enough for almost all purposes.
+
+### Installation
+Install in your GOPATH: `go get -u github.com/aead/chacha20`
+
+### Requirements
+All go versions >= 1.8.7 are supported.
+The code may also work on Go 1.7 but this is not tested.
+
+### Performance
+
+#### AMD64
+Hardware: Intel i7-6500U 2.50GHz x 2
+System: Linux Ubuntu 16.04 - kernel: 4.4.0-62-generic
+Go version: 1.8.0
+```
+AVX2
+name speed cpb
+ChaCha20_64-4 573MB/s ± 0% 4.16
+ChaCha20_1K-4 2.19GB/s ± 0% 1.06
+XChaCha20_64-4 261MB/s ± 0% 9.13
+XChaCha20_1K-4 1.69GB/s ± 4% 1.37
+XORKeyStream64-4 474MB/s ± 2% 5.02
+XORKeyStream1K-4 2.09GB/s ± 1% 1.11
+XChaCha20_XORKeyStream64-4 262MB/s ± 0% 9.09
+XChaCha20_XORKeyStream1K-4 1.71GB/s ± 1% 1.36
+
+SSSE3
+name speed cpb
+ChaCha20_64-4 583MB/s ± 0% 4.08
+ChaCha20_1K-4 1.15GB/s ± 1% 2.02
+XChaCha20_64-4 267MB/s ± 0% 8.92
+XChaCha20_1K-4 984MB/s ± 5% 2.42
+XORKeyStream64-4 492MB/s ± 1% 4.84
+XORKeyStream1K-4 1.10GB/s ± 5% 2.11
+XChaCha20_XORKeyStream64-4 266MB/s ± 0% 8.96
+XChaCha20_XORKeyStream1K-4 1.00GB/s ± 2% 2.32
+```
+#### 386
+Hardware: Intel i7-6500U 2.50GHz x 2
+System: Linux Ubuntu 16.04 - kernel: 4.4.0-62-generic
+Go version: 1.8.0
+```
+SSSE3
+name speed cpb
+ChaCha20_64-4 570MB/s ± 0% 4.18
+ChaCha20_1K-4 650MB/s ± 0% 3.66
+XChaCha20_64-4 223MB/s ± 0% 10.69
+XChaCha20_1K-4 584MB/s ± 1% 4.08
+XORKeyStream64-4 392MB/s ± 1% 6.08
+XORKeyStream1K-4 629MB/s ± 1% 3.79
+XChaCha20_XORKeyStream64-4 222MB/s ± 0% 10.73
+XChaCha20_XORKeyStream1K-4 585MB/s ± 0% 4.07
+
+SSE2
+name speed cpb
+ChaCha20_64-4 509MB/s ± 0% 4.68
+ChaCha20_1K-4 553MB/s ± 2% 4.31
+XChaCha20_64-4 201MB/s ± 0% 11.86
+XChaCha20_1K-4 498MB/s ± 4% 4.78
+XORKeyStream64-4 359MB/s ± 1% 6.64
+XORKeyStream1K-4 545MB/s ± 0% 4.37
+XChaCha20_XORKeyStream64-4 201MB/s ± 1% 11.86
+XChaCha20_XORKeyStream1K-4 507MB/s ± 0% 4.70
+```
diff --git a/vendor/github.com/aead/chacha20/chacha/chacha.go b/vendor/github.com/aead/chacha20/chacha/chacha.go
new file mode 100644
index 0000000..c2b39da
--- /dev/null
+++ b/vendor/github.com/aead/chacha20/chacha/chacha.go
@@ -0,0 +1,197 @@
+// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// Package chacha implements some low-level functions of the
+// ChaCha cipher family.
+package chacha // import "github.com/aead/chacha20/chacha"
+
+import (
+ "encoding/binary"
+ "errors"
+ "math"
+)
+
+const (
+ // NonceSize is the size of the ChaCha20 nonce in bytes.
+ NonceSize = 8
+
+ // INonceSize is the size of the IETF-ChaCha20 nonce in bytes.
+ INonceSize = 12
+
+ // XNonceSize is the size of the XChaCha20 nonce in bytes.
+ XNonceSize = 24
+
+ // KeySize is the size of the key in bytes.
+ KeySize = 32
+)
+
+var (
+ useSSE2 bool
+ useSSSE3 bool
+ useAVX bool
+ useAVX2 bool
+)
+
+var (
+ errKeySize = errors.New("chacha20/chacha: bad key length")
+ errInvalidNonce = errors.New("chacha20/chacha: bad nonce length")
+)
+
+func setup(state *[64]byte, nonce, key []byte) (err error) {
+ if len(key) != KeySize {
+ err = errKeySize
+ return
+ }
+ var Nonce [16]byte
+ switch len(nonce) {
+ case NonceSize:
+ copy(Nonce[8:], nonce)
+ initialize(state, key, &Nonce)
+ case INonceSize:
+ copy(Nonce[4:], nonce)
+ initialize(state, key, &Nonce)
+ case XNonceSize:
+ var tmpKey [32]byte
+ var hNonce [16]byte
+
+ copy(hNonce[:], nonce[:16])
+ copy(tmpKey[:], key)
+ HChaCha20(&tmpKey, &hNonce, &tmpKey)
+ copy(Nonce[8:], nonce[16:])
+ initialize(state, tmpKey[:], &Nonce)
+
+ // BUG(aead): A "good" compiler will remove this (optimizations)
+ // But using the provided key instead of tmpKey,
+ // will change the key (-> probably confuses users)
+ for i := range tmpKey {
+ tmpKey[i] = 0
+ }
+ default:
+ err = errInvalidNonce
+ }
+ return
+}
+
+// XORKeyStream crypts bytes from src to dst using the given nonce and key.
+// The length of the nonce determinds the version of ChaCha20:
+// - NonceSize: ChaCha20/r with a 64 bit nonce and a 2^64 * 64 byte period.
+// - INonceSize: ChaCha20/r as defined in RFC 7539 and a 2^32 * 64 byte period.
+// - XNonceSize: XChaCha20/r with a 192 bit nonce and a 2^64 * 64 byte period.
+// The rounds argument specifies the number of rounds performed for keystream
+// generation - valid values are 8, 12 or 20. The src and dst may be the same slice
+// but otherwise should not overlap. If len(dst) < len(src) this function panics.
+// If the nonce is neither 64, 96 nor 192 bits long, this function panics.
+func XORKeyStream(dst, src, nonce, key []byte, rounds int) {
+ if rounds != 20 && rounds != 12 && rounds != 8 {
+ panic("chacha20/chacha: bad number of rounds")
+ }
+ if len(dst) < len(src) {
+ panic("chacha20/chacha: dst buffer is to small")
+ }
+ if len(nonce) == INonceSize && uint64(len(src)) > (1<<38) {
+ panic("chacha20/chacha: src is too large")
+ }
+
+ var block, state [64]byte
+ if err := setup(&state, nonce, key); err != nil {
+ panic(err)
+ }
+ xorKeyStream(dst, src, &block, &state, rounds)
+}
+
+// Cipher implements ChaCha20/r (XChaCha20/r) for a given number of rounds r.
+type Cipher struct {
+ state, block [64]byte
+ off int
+ rounds int // 20 for ChaCha20
+ noncesize int
+}
+
+// NewCipher returns a new *chacha.Cipher implementing the ChaCha20/r or XChaCha20/r
+// (r = 8, 12 or 20) stream cipher. The nonce must be unique for one key for all time.
+// The length of the nonce determinds the version of ChaCha20:
+// - NonceSize: ChaCha20/r with a 64 bit nonce and a 2^64 * 64 byte period.
+// - INonceSize: ChaCha20/r as defined in RFC 7539 and a 2^32 * 64 byte period.
+// - XNonceSize: XChaCha20/r with a 192 bit nonce and a 2^64 * 64 byte period.
+// If the nonce is neither 64, 96 nor 192 bits long, a non-nil error is returned.
+func NewCipher(nonce, key []byte, rounds int) (*Cipher, error) {
+ if rounds != 20 && rounds != 12 && rounds != 8 {
+ panic("chacha20/chacha: bad number of rounds")
+ }
+
+ c := new(Cipher)
+ if err := setup(&(c.state), nonce, key); err != nil {
+ return nil, err
+ }
+ c.rounds = rounds
+
+ if len(nonce) == INonceSize {
+ c.noncesize = INonceSize
+ } else {
+ c.noncesize = NonceSize
+ }
+
+ return c, nil
+}
+
+// XORKeyStream crypts bytes from src to dst. Src and dst may be the same slice
+// but otherwise should not overlap. If len(dst) < len(src) the function panics.
+func (c *Cipher) XORKeyStream(dst, src []byte) {
+ if len(dst) < len(src) {
+ panic("chacha20/chacha: dst buffer is to small")
+ }
+
+ if c.off > 0 {
+ n := len(c.block[c.off:])
+ if len(src) <= n {
+ for i, v := range src {
+ dst[i] = v ^ c.block[c.off]
+ c.off++
+ }
+ if c.off == 64 {
+ c.off = 0
+ }
+ return
+ }
+
+ for i, v := range c.block[c.off:] {
+ dst[i] = src[i] ^ v
+ }
+ src = src[n:]
+ dst = dst[n:]
+ c.off = 0
+ }
+
+ // check for counter overflow
+ blocksToXOR := len(src) / 64
+ if len(src)%64 != 0 {
+ blocksToXOR++
+ }
+ var overflow bool
+ if c.noncesize == INonceSize {
+ overflow = binary.LittleEndian.Uint32(c.state[48:]) > math.MaxUint32-uint32(blocksToXOR)
+ } else {
+ overflow = binary.LittleEndian.Uint64(c.state[48:]) > math.MaxUint64-uint64(blocksToXOR)
+ }
+ if overflow {
+ panic("chacha20/chacha: counter overflow")
+ }
+
+ c.off += xorKeyStream(dst, src, &(c.block), &(c.state), c.rounds)
+}
+
+// SetCounter skips ctr * 64 byte blocks. SetCounter(0) resets the cipher.
+// This function always skips the unused keystream of the current 64 byte block.
+func (c *Cipher) SetCounter(ctr uint64) {
+ if c.noncesize == INonceSize {
+ binary.LittleEndian.PutUint32(c.state[48:], uint32(ctr))
+ } else {
+ binary.LittleEndian.PutUint64(c.state[48:], ctr)
+ }
+ c.off = 0
+}
+
+// HChaCha20 generates 32 pseudo-random bytes from a 128 bit nonce and a 256 bit secret key.
+// It can be used as a key-derivation-function (KDF).
+func HChaCha20(out *[32]byte, nonce *[16]byte, key *[32]byte) { hChaCha20(out, nonce, key) }
diff --git a/vendor/github.com/aead/chacha20/chacha/chachaAVX2_amd64.s b/vendor/github.com/aead/chacha20/chacha/chachaAVX2_amd64.s
new file mode 100644
index 0000000..c2b5f52
--- /dev/null
+++ b/vendor/github.com/aead/chacha20/chacha/chachaAVX2_amd64.s
@@ -0,0 +1,406 @@
+// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// +build amd64,!gccgo,!appengine,!nacl
+
+#include "const.s"
+#include "macro.s"
+
+#define TWO 0(SP)
+#define C16 32(SP)
+#define C8 64(SP)
+#define STATE_0 96(SP)
+#define STATE_1 128(SP)
+#define STATE_2 160(SP)
+#define STATE_3 192(SP)
+#define TMP_0 224(SP)
+#define TMP_1 256(SP)
+
+// func xorKeyStreamAVX(dst, src []byte, block, state *[64]byte, rounds int) int
+TEXT ·xorKeyStreamAVX2(SB), 4, $320-80
+ MOVQ dst_base+0(FP), DI
+ MOVQ src_base+24(FP), SI
+ MOVQ block+48(FP), BX
+ MOVQ state+56(FP), AX
+ MOVQ rounds+64(FP), DX
+ MOVQ src_len+32(FP), CX
+
+ MOVQ SP, R8
+ ADDQ $32, SP
+ ANDQ $-32, SP
+
+ VMOVDQU 0(AX), Y2
+ VMOVDQU 32(AX), Y3
+ VPERM2I128 $0x22, Y2, Y0, Y0
+ VPERM2I128 $0x33, Y2, Y1, Y1
+ VPERM2I128 $0x22, Y3, Y2, Y2
+ VPERM2I128 $0x33, Y3, Y3, Y3
+
+ TESTQ CX, CX
+ JZ done
+
+ VMOVDQU ·one_AVX2<>(SB), Y4
+ VPADDD Y4, Y3, Y3
+
+ VMOVDQA Y0, STATE_0
+ VMOVDQA Y1, STATE_1
+ VMOVDQA Y2, STATE_2
+ VMOVDQA Y3, STATE_3
+
+ VMOVDQU ·rol16_AVX2<>(SB), Y4
+ VMOVDQU ·rol8_AVX2<>(SB), Y5
+ VMOVDQU ·two_AVX2<>(SB), Y6
+ VMOVDQA Y4, Y14
+ VMOVDQA Y5, Y15
+ VMOVDQA Y4, C16
+ VMOVDQA Y5, C8
+ VMOVDQA Y6, TWO
+
+ CMPQ CX, $64
+ JBE between_0_and_64
+ CMPQ CX, $192
+ JBE between_64_and_192
+ CMPQ CX, $320
+ JBE between_192_and_320
+ CMPQ CX, $448
+ JBE between_320_and_448
+
+at_least_512:
+ VMOVDQA Y0, Y4
+ VMOVDQA Y1, Y5
+ VMOVDQA Y2, Y6
+ VPADDQ TWO, Y3, Y7
+ VMOVDQA Y0, Y8
+ VMOVDQA Y1, Y9
+ VMOVDQA Y2, Y10
+ VPADDQ TWO, Y7, Y11
+ VMOVDQA Y0, Y12
+ VMOVDQA Y1, Y13
+ VMOVDQA Y2, Y14
+ VPADDQ TWO, Y11, Y15
+
+ MOVQ DX, R9
+
+chacha_loop_512:
+ VMOVDQA Y8, TMP_0
+ CHACHA_QROUND_AVX(Y0, Y1, Y2, Y3, Y8, C16, C8)
+ CHACHA_QROUND_AVX(Y4, Y5, Y6, Y7, Y8, C16, C8)
+ VMOVDQA TMP_0, Y8
+ VMOVDQA Y0, TMP_0
+ CHACHA_QROUND_AVX(Y8, Y9, Y10, Y11, Y0, C16, C8)
+ CHACHA_QROUND_AVX(Y12, Y13, Y14, Y15, Y0, C16, C8)
+ CHACHA_SHUFFLE_AVX(Y1, Y2, Y3)
+ CHACHA_SHUFFLE_AVX(Y5, Y6, Y7)
+ CHACHA_SHUFFLE_AVX(Y9, Y10, Y11)
+ CHACHA_SHUFFLE_AVX(Y13, Y14, Y15)
+
+ CHACHA_QROUND_AVX(Y12, Y13, Y14, Y15, Y0, C16, C8)
+ CHACHA_QROUND_AVX(Y8, Y9, Y10, Y11, Y0, C16, C8)
+ VMOVDQA TMP_0, Y0
+ VMOVDQA Y8, TMP_0
+ CHACHA_QROUND_AVX(Y4, Y5, Y6, Y7, Y8, C16, C8)
+ CHACHA_QROUND_AVX(Y0, Y1, Y2, Y3, Y8, C16, C8)
+ VMOVDQA TMP_0, Y8
+ CHACHA_SHUFFLE_AVX(Y3, Y2, Y1)
+ CHACHA_SHUFFLE_AVX(Y7, Y6, Y5)
+ CHACHA_SHUFFLE_AVX(Y11, Y10, Y9)
+ CHACHA_SHUFFLE_AVX(Y15, Y14, Y13)
+ SUBQ $2, R9
+ JA chacha_loop_512
+
+ VMOVDQA Y12, TMP_0
+ VMOVDQA Y13, TMP_1
+ VPADDD STATE_0, Y0, Y0
+ VPADDD STATE_1, Y1, Y1
+ VPADDD STATE_2, Y2, Y2
+ VPADDD STATE_3, Y3, Y3
+ XOR_AVX2(DI, SI, 0, Y0, Y1, Y2, Y3, Y12, Y13)
+ VMOVDQA STATE_0, Y0
+ VMOVDQA STATE_1, Y1
+ VMOVDQA STATE_2, Y2
+ VMOVDQA STATE_3, Y3
+ VPADDQ TWO, Y3, Y3
+
+ VPADDD Y0, Y4, Y4
+ VPADDD Y1, Y5, Y5
+ VPADDD Y2, Y6, Y6
+ VPADDD Y3, Y7, Y7
+ XOR_AVX2(DI, SI, 128, Y4, Y5, Y6, Y7, Y12, Y13)
+ VPADDQ TWO, Y3, Y3
+
+ VPADDD Y0, Y8, Y8
+ VPADDD Y1, Y9, Y9
+ VPADDD Y2, Y10, Y10
+ VPADDD Y3, Y11, Y11
+ XOR_AVX2(DI, SI, 256, Y8, Y9, Y10, Y11, Y12, Y13)
+ VPADDQ TWO, Y3, Y3
+
+ VPADDD TMP_0, Y0, Y12
+ VPADDD TMP_1, Y1, Y13
+ VPADDD Y2, Y14, Y14
+ VPADDD Y3, Y15, Y15
+ VPADDQ TWO, Y3, Y3
+
+ CMPQ CX, $512
+ JB less_than_512
+
+ XOR_AVX2(DI, SI, 384, Y12, Y13, Y14, Y15, Y4, Y5)
+ VMOVDQA Y3, STATE_3
+ ADDQ $512, SI
+ ADDQ $512, DI
+ SUBQ $512, CX
+ CMPQ CX, $448
+ JA at_least_512
+
+ TESTQ CX, CX
+ JZ done
+
+ VMOVDQA C16, Y14
+ VMOVDQA C8, Y15
+
+ CMPQ CX, $64
+ JBE between_0_and_64
+ CMPQ CX, $192
+ JBE between_64_and_192
+ CMPQ CX, $320
+ JBE between_192_and_320
+ JMP between_320_and_448
+
+less_than_512:
+ XOR_UPPER_AVX2(DI, SI, 384, Y12, Y13, Y14, Y15, Y4, Y5)
+ EXTRACT_LOWER(BX, Y12, Y13, Y14, Y15, Y4)
+ ADDQ $448, SI
+ ADDQ $448, DI
+ SUBQ $448, CX
+ JMP finalize
+
+between_320_and_448:
+ VMOVDQA Y0, Y4
+ VMOVDQA Y1, Y5
+ VMOVDQA Y2, Y6
+ VPADDQ TWO, Y3, Y7
+ VMOVDQA Y0, Y8
+ VMOVDQA Y1, Y9
+ VMOVDQA Y2, Y10
+ VPADDQ TWO, Y7, Y11
+
+ MOVQ DX, R9
+
+chacha_loop_384:
+ CHACHA_QROUND_AVX(Y0, Y1, Y2, Y3, Y13, Y14, Y15)
+ CHACHA_QROUND_AVX(Y4, Y5, Y6, Y7, Y13, Y14, Y15)
+ CHACHA_QROUND_AVX(Y8, Y9, Y10, Y11, Y13, Y14, Y15)
+ CHACHA_SHUFFLE_AVX(Y1, Y2, Y3)
+ CHACHA_SHUFFLE_AVX(Y5, Y6, Y7)
+ CHACHA_SHUFFLE_AVX(Y9, Y10, Y11)
+ CHACHA_QROUND_AVX(Y0, Y1, Y2, Y3, Y13, Y14, Y15)
+ CHACHA_QROUND_AVX(Y4, Y5, Y6, Y7, Y13, Y14, Y15)
+ CHACHA_QROUND_AVX(Y8, Y9, Y10, Y11, Y13, Y14, Y15)
+ CHACHA_SHUFFLE_AVX(Y3, Y2, Y1)
+ CHACHA_SHUFFLE_AVX(Y7, Y6, Y5)
+ CHACHA_SHUFFLE_AVX(Y11, Y10, Y9)
+ SUBQ $2, R9
+ JA chacha_loop_384
+
+ VPADDD STATE_0, Y0, Y0
+ VPADDD STATE_1, Y1, Y1
+ VPADDD STATE_2, Y2, Y2
+ VPADDD STATE_3, Y3, Y3
+ XOR_AVX2(DI, SI, 0, Y0, Y1, Y2, Y3, Y12, Y13)
+ VMOVDQA STATE_0, Y0
+ VMOVDQA STATE_1, Y1
+ VMOVDQA STATE_2, Y2
+ VMOVDQA STATE_3, Y3
+ VPADDQ TWO, Y3, Y3
+
+ VPADDD Y0, Y4, Y4
+ VPADDD Y1, Y5, Y5
+ VPADDD Y2, Y6, Y6
+ VPADDD Y3, Y7, Y7
+ XOR_AVX2(DI, SI, 128, Y4, Y5, Y6, Y7, Y12, Y13)
+ VPADDQ TWO, Y3, Y3
+
+ VPADDD Y0, Y8, Y8
+ VPADDD Y1, Y9, Y9
+ VPADDD Y2, Y10, Y10
+ VPADDD Y3, Y11, Y11
+ VPADDQ TWO, Y3, Y3
+
+ CMPQ CX, $384
+ JB less_than_384
+
+ XOR_AVX2(DI, SI, 256, Y8, Y9, Y10, Y11, Y12, Y13)
+ SUBQ $384, CX
+ TESTQ CX, CX
+ JE done
+
+ ADDQ $384, SI
+ ADDQ $384, DI
+ JMP between_0_and_64
+
+less_than_384:
+ XOR_UPPER_AVX2(DI, SI, 256, Y8, Y9, Y10, Y11, Y12, Y13)
+ EXTRACT_LOWER(BX, Y8, Y9, Y10, Y11, Y12)
+ ADDQ $320, SI
+ ADDQ $320, DI
+ SUBQ $320, CX
+ JMP finalize
+
+between_192_and_320:
+ VMOVDQA Y0, Y4
+ VMOVDQA Y1, Y5
+ VMOVDQA Y2, Y6
+ VMOVDQA Y3, Y7
+ VMOVDQA Y0, Y8
+ VMOVDQA Y1, Y9
+ VMOVDQA Y2, Y10
+ VPADDQ TWO, Y3, Y11
+
+ MOVQ DX, R9
+
+chacha_loop_256:
+ CHACHA_QROUND_AVX(Y4, Y5, Y6, Y7, Y13, Y14, Y15)
+ CHACHA_QROUND_AVX(Y8, Y9, Y10, Y11, Y13, Y14, Y15)
+ CHACHA_SHUFFLE_AVX(Y5, Y6, Y7)
+ CHACHA_SHUFFLE_AVX(Y9, Y10, Y11)
+ CHACHA_QROUND_AVX(Y4, Y5, Y6, Y7, Y13, Y14, Y15)
+ CHACHA_QROUND_AVX(Y8, Y9, Y10, Y11, Y13, Y14, Y15)
+ CHACHA_SHUFFLE_AVX(Y7, Y6, Y5)
+ CHACHA_SHUFFLE_AVX(Y11, Y10, Y9)
+ SUBQ $2, R9
+ JA chacha_loop_256
+
+ VPADDD Y0, Y4, Y4
+ VPADDD Y1, Y5, Y5
+ VPADDD Y2, Y6, Y6
+ VPADDD Y3, Y7, Y7
+ VPADDQ TWO, Y3, Y3
+ XOR_AVX2(DI, SI, 0, Y4, Y5, Y6, Y7, Y12, Y13)
+ VPADDD Y0, Y8, Y8
+ VPADDD Y1, Y9, Y9
+ VPADDD Y2, Y10, Y10
+ VPADDD Y3, Y11, Y11
+ VPADDQ TWO, Y3, Y3
+
+ CMPQ CX, $256
+ JB less_than_256
+
+ XOR_AVX2(DI, SI, 128, Y8, Y9, Y10, Y11, Y12, Y13)
+ SUBQ $256, CX
+ TESTQ CX, CX
+ JE done
+
+ ADDQ $256, SI
+ ADDQ $256, DI
+ JMP between_0_and_64
+
+less_than_256:
+ XOR_UPPER_AVX2(DI, SI, 128, Y8, Y9, Y10, Y11, Y12, Y13)
+ EXTRACT_LOWER(BX, Y8, Y9, Y10, Y11, Y12)
+ ADDQ $192, SI
+ ADDQ $192, DI
+ SUBQ $192, CX
+ JMP finalize
+
+between_64_and_192:
+ VMOVDQA Y0, Y4
+ VMOVDQA Y1, Y5
+ VMOVDQA Y2, Y6
+ VMOVDQA Y3, Y7
+
+ MOVQ DX, R9
+
+chacha_loop_128:
+ CHACHA_QROUND_AVX(Y4, Y5, Y6, Y7, Y13, Y14, Y15)
+ CHACHA_SHUFFLE_AVX(Y5, Y6, Y7)
+ CHACHA_QROUND_AVX(Y4, Y5, Y6, Y7, Y13, Y14, Y15)
+ CHACHA_SHUFFLE_AVX(Y7, Y6, Y5)
+ SUBQ $2, R9
+ JA chacha_loop_128
+
+ VPADDD Y0, Y4, Y4
+ VPADDD Y1, Y5, Y5
+ VPADDD Y2, Y6, Y6
+ VPADDD Y3, Y7, Y7
+ VPADDQ TWO, Y3, Y3
+
+ CMPQ CX, $128
+ JB less_than_128
+
+ XOR_AVX2(DI, SI, 0, Y4, Y5, Y6, Y7, Y12, Y13)
+ SUBQ $128, CX
+ TESTQ CX, CX
+ JE done
+
+ ADDQ $128, SI
+ ADDQ $128, DI
+ JMP between_0_and_64
+
+less_than_128:
+ XOR_UPPER_AVX2(DI, SI, 0, Y4, Y5, Y6, Y7, Y12, Y13)
+ EXTRACT_LOWER(BX, Y4, Y5, Y6, Y7, Y13)
+ ADDQ $64, SI
+ ADDQ $64, DI
+ SUBQ $64, CX
+ JMP finalize
+
+between_0_and_64:
+ VMOVDQA X0, X4
+ VMOVDQA X1, X5
+ VMOVDQA X2, X6
+ VMOVDQA X3, X7
+
+ MOVQ DX, R9
+
+chacha_loop_64:
+ CHACHA_QROUND_AVX(X4, X5, X6, X7, X13, X14, X15)
+ CHACHA_SHUFFLE_AVX(X5, X6, X7)
+ CHACHA_QROUND_AVX(X4, X5, X6, X7, X13, X14, X15)
+ CHACHA_SHUFFLE_AVX(X7, X6, X5)
+ SUBQ $2, R9
+ JA chacha_loop_64
+
+ VPADDD X0, X4, X4
+ VPADDD X1, X5, X5
+ VPADDD X2, X6, X6
+ VPADDD X3, X7, X7
+ VMOVDQU ·one<>(SB), X0
+ VPADDQ X0, X3, X3
+
+ CMPQ CX, $64
+ JB less_than_64
+
+ XOR_AVX(DI, SI, 0, X4, X5, X6, X7, X13)
+ SUBQ $64, CX
+ JMP done
+
+less_than_64:
+ VMOVDQU X4, 0(BX)
+ VMOVDQU X5, 16(BX)
+ VMOVDQU X6, 32(BX)
+ VMOVDQU X7, 48(BX)
+
+finalize:
+ XORQ R11, R11
+ XORQ R12, R12
+ MOVQ CX, BP
+
+xor_loop:
+ MOVB 0(SI), R11
+ MOVB 0(BX), R12
+ XORQ R11, R12
+ MOVB R12, 0(DI)
+ INCQ SI
+ INCQ BX
+ INCQ DI
+ DECQ BP
+ JA xor_loop
+
+done:
+ VMOVDQU X3, 48(AX)
+ VZEROUPPER
+ MOVQ R8, SP
+ MOVQ CX, ret+72(FP)
+ RET
+
diff --git a/vendor/github.com/aead/chacha20/chacha/chacha_386.go b/vendor/github.com/aead/chacha20/chacha/chacha_386.go
new file mode 100644
index 0000000..97e533d
--- /dev/null
+++ b/vendor/github.com/aead/chacha20/chacha/chacha_386.go
@@ -0,0 +1,60 @@
+// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// +build 386,!gccgo,!appengine,!nacl
+
+package chacha
+
+import (
+ "encoding/binary"
+
+ "golang.org/x/sys/cpu"
+)
+
+func init() {
+ useSSE2 = cpu.X86.HasSSE2
+ useSSSE3 = cpu.X86.HasSSSE3
+ useAVX = false
+ useAVX2 = false
+}
+
+func initialize(state *[64]byte, key []byte, nonce *[16]byte) {
+ binary.LittleEndian.PutUint32(state[0:], sigma[0])
+ binary.LittleEndian.PutUint32(state[4:], sigma[1])
+ binary.LittleEndian.PutUint32(state[8:], sigma[2])
+ binary.LittleEndian.PutUint32(state[12:], sigma[3])
+ copy(state[16:], key[:])
+ copy(state[48:], nonce[:])
+}
+
+// This function is implemented in chacha_386.s
+//go:noescape
+func hChaCha20SSE2(out *[32]byte, nonce *[16]byte, key *[32]byte)
+
+// This function is implemented in chacha_386.s
+//go:noescape
+func hChaCha20SSSE3(out *[32]byte, nonce *[16]byte, key *[32]byte)
+
+// This function is implemented in chacha_386.s
+//go:noescape
+func xorKeyStreamSSE2(dst, src []byte, block, state *[64]byte, rounds int) int
+
+func hChaCha20(out *[32]byte, nonce *[16]byte, key *[32]byte) {
+ switch {
+ case useSSSE3:
+ hChaCha20SSSE3(out, nonce, key)
+ case useSSE2:
+ hChaCha20SSE2(out, nonce, key)
+ default:
+ hChaCha20Generic(out, nonce, key)
+ }
+}
+
+func xorKeyStream(dst, src []byte, block, state *[64]byte, rounds int) int {
+ if useSSE2 {
+ return xorKeyStreamSSE2(dst, src, block, state, rounds)
+ } else {
+ return xorKeyStreamGeneric(dst, src, block, state, rounds)
+ }
+}
diff --git a/vendor/github.com/aead/chacha20/chacha/chacha_386.s b/vendor/github.com/aead/chacha20/chacha/chacha_386.s
new file mode 100644
index 0000000..262fc86
--- /dev/null
+++ b/vendor/github.com/aead/chacha20/chacha/chacha_386.s
@@ -0,0 +1,163 @@
+// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// +build 386,!gccgo,!appengine,!nacl
+
+#include "const.s"
+#include "macro.s"
+
+// FINALIZE xors len bytes from src and block using
+// the temp. registers t0 and t1 and writes the result
+// to dst.
+#define FINALIZE(dst, src, block, len, t0, t1) \
+ XORL t0, t0; \
+ XORL t1, t1; \
+ FINALIZE_LOOP:; \
+ MOVB 0(src), t0; \
+ MOVB 0(block), t1; \
+ XORL t0, t1; \
+ MOVB t1, 0(dst); \
+ INCL src; \
+ INCL block; \
+ INCL dst; \
+ DECL len; \
+ JG FINALIZE_LOOP \
+
+#define Dst DI
+#define Nonce AX
+#define Key BX
+#define Rounds DX
+
+// func hChaCha20SSE2(out *[32]byte, nonce *[16]byte, key *[32]byte)
+TEXT ·hChaCha20SSE2(SB), 4, $0-12
+ MOVL out+0(FP), Dst
+ MOVL nonce+4(FP), Nonce
+ MOVL key+8(FP), Key
+
+ MOVOU ·sigma<>(SB), X0
+ MOVOU 0*16(Key), X1
+ MOVOU 1*16(Key), X2
+ MOVOU 0*16(Nonce), X3
+ MOVL $20, Rounds
+
+chacha_loop:
+ CHACHA_QROUND_SSE2(X0, X1, X2, X3, X4)
+ CHACHA_SHUFFLE_SSE(X1, X2, X3)
+ CHACHA_QROUND_SSE2(X0, X1, X2, X3, X4)
+ CHACHA_SHUFFLE_SSE(X3, X2, X1)
+ SUBL $2, Rounds
+ JNZ chacha_loop
+
+ MOVOU X0, 0*16(Dst)
+ MOVOU X3, 1*16(Dst)
+ RET
+
+// func hChaCha20SSSE3(out *[32]byte, nonce *[16]byte, key *[32]byte)
+TEXT ·hChaCha20SSSE3(SB), 4, $0-12
+ MOVL out+0(FP), Dst
+ MOVL nonce+4(FP), Nonce
+ MOVL key+8(FP), Key
+
+ MOVOU ·sigma<>(SB), X0
+ MOVOU 0*16(Key), X1
+ MOVOU 1*16(Key), X2
+ MOVOU 0*16(Nonce), X3
+ MOVL $20, Rounds
+
+ MOVOU ·rol16<>(SB), X5
+ MOVOU ·rol8<>(SB), X6
+
+chacha_loop:
+ CHACHA_QROUND_SSSE3(X0, X1, X2, X3, X4, X5, X6)
+ CHACHA_SHUFFLE_SSE(X1, X2, X3)
+ CHACHA_QROUND_SSSE3(X0, X1, X2, X3, X4, X5, X6)
+ CHACHA_SHUFFLE_SSE(X3, X2, X1)
+ SUBL $2, Rounds
+ JNZ chacha_loop
+
+ MOVOU X0, 0*16(Dst)
+ MOVOU X3, 1*16(Dst)
+ RET
+
+#undef Dst
+#undef Nonce
+#undef Key
+#undef Rounds
+
+#define State AX
+#define Dst DI
+#define Src SI
+#define Len DX
+#define Tmp0 BX
+#define Tmp1 BP
+
+// func xorKeyStreamSSE2(dst, src []byte, block, state *[64]byte, rounds int) int
+TEXT ·xorKeyStreamSSE2(SB), 4, $0-40
+ MOVL dst_base+0(FP), Dst
+ MOVL src_base+12(FP), Src
+ MOVL state+28(FP), State
+ MOVL src_len+16(FP), Len
+ MOVL $0, ret+36(FP) // Number of bytes written to the keystream buffer - 0 iff len mod 64 == 0
+
+ MOVOU 0*16(State), X0
+ MOVOU 1*16(State), X1
+ MOVOU 2*16(State), X2
+ MOVOU 3*16(State), X3
+ TESTL Len, Len
+ JZ DONE
+
+GENERATE_KEYSTREAM:
+ MOVO X0, X4
+ MOVO X1, X5
+ MOVO X2, X6
+ MOVO X3, X7
+ MOVL rounds+32(FP), Tmp0
+
+CHACHA_LOOP:
+ CHACHA_QROUND_SSE2(X4, X5, X6, X7, X0)
+ CHACHA_SHUFFLE_SSE(X5, X6, X7)
+ CHACHA_QROUND_SSE2(X4, X5, X6, X7, X0)
+ CHACHA_SHUFFLE_SSE(X7, X6, X5)
+ SUBL $2, Tmp0
+ JA CHACHA_LOOP
+
+ MOVOU 0*16(State), X0 // Restore X0 from state
+ PADDL X0, X4
+ PADDL X1, X5
+ PADDL X2, X6
+ PADDL X3, X7
+ MOVOU ·one<>(SB), X0
+ PADDQ X0, X3
+
+ CMPL Len, $64
+ JL BUFFER_KEYSTREAM
+
+ XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X0)
+ MOVOU 0*16(State), X0 // Restore X0 from state
+ ADDL $64, Src
+ ADDL $64, Dst
+ SUBL $64, Len
+ JZ DONE
+ JMP GENERATE_KEYSTREAM // There is at least one more plaintext byte
+
+BUFFER_KEYSTREAM:
+ MOVL block+24(FP), State
+ MOVOU X4, 0(State)
+ MOVOU X5, 16(State)
+ MOVOU X6, 32(State)
+ MOVOU X7, 48(State)
+ MOVL Len, ret+36(FP) // Number of bytes written to the keystream buffer - 0 < Len < 64
+ FINALIZE(Dst, Src, State, Len, Tmp0, Tmp1)
+
+DONE:
+ MOVL state+28(FP), State
+ MOVOU X3, 3*16(State)
+ RET
+
+#undef State
+#undef Dst
+#undef Src
+#undef Len
+#undef Tmp0
+#undef Tmp1
diff --git a/vendor/github.com/aead/chacha20/chacha/chacha_amd64.go b/vendor/github.com/aead/chacha20/chacha/chacha_amd64.go
new file mode 100644
index 0000000..635f7de
--- /dev/null
+++ b/vendor/github.com/aead/chacha20/chacha/chacha_amd64.go
@@ -0,0 +1,76 @@
+// Copyright (c) 2017 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// +build go1.7,amd64,!gccgo,!appengine,!nacl
+
+package chacha
+
+import "golang.org/x/sys/cpu"
+
+func init() {
+ useSSE2 = cpu.X86.HasSSE2
+ useSSSE3 = cpu.X86.HasSSSE3
+ useAVX = cpu.X86.HasAVX
+ useAVX2 = cpu.X86.HasAVX2
+}
+
+// This function is implemented in chacha_amd64.s
+//go:noescape
+func initialize(state *[64]byte, key []byte, nonce *[16]byte)
+
+// This function is implemented in chacha_amd64.s
+//go:noescape
+func hChaCha20SSE2(out *[32]byte, nonce *[16]byte, key *[32]byte)
+
+// This function is implemented in chacha_amd64.s
+//go:noescape
+func hChaCha20SSSE3(out *[32]byte, nonce *[16]byte, key *[32]byte)
+
+// This function is implemented in chachaAVX2_amd64.s
+//go:noescape
+func hChaCha20AVX(out *[32]byte, nonce *[16]byte, key *[32]byte)
+
+// This function is implemented in chacha_amd64.s
+//go:noescape
+func xorKeyStreamSSE2(dst, src []byte, block, state *[64]byte, rounds int) int
+
+// This function is implemented in chacha_amd64.s
+//go:noescape
+func xorKeyStreamSSSE3(dst, src []byte, block, state *[64]byte, rounds int) int
+
+// This function is implemented in chacha_amd64.s
+//go:noescape
+func xorKeyStreamAVX(dst, src []byte, block, state *[64]byte, rounds int) int
+
+// This function is implemented in chachaAVX2_amd64.s
+//go:noescape
+func xorKeyStreamAVX2(dst, src []byte, block, state *[64]byte, rounds int) int
+
+func hChaCha20(out *[32]byte, nonce *[16]byte, key *[32]byte) {
+ switch {
+ case useAVX:
+ hChaCha20AVX(out, nonce, key)
+ case useSSSE3:
+ hChaCha20SSSE3(out, nonce, key)
+ case useSSE2:
+ hChaCha20SSE2(out, nonce, key)
+ default:
+ hChaCha20Generic(out, nonce, key)
+ }
+}
+
+func xorKeyStream(dst, src []byte, block, state *[64]byte, rounds int) int {
+ switch {
+ case useAVX2:
+ return xorKeyStreamAVX2(dst, src, block, state, rounds)
+ case useAVX:
+ return xorKeyStreamAVX(dst, src, block, state, rounds)
+ case useSSSE3:
+ return xorKeyStreamSSSE3(dst, src, block, state, rounds)
+ case useSSE2:
+ return xorKeyStreamSSE2(dst, src, block, state, rounds)
+ default:
+ return xorKeyStreamGeneric(dst, src, block, state, rounds)
+ }
+}
diff --git a/vendor/github.com/aead/chacha20/chacha/chacha_amd64.s b/vendor/github.com/aead/chacha20/chacha/chacha_amd64.s
new file mode 100644
index 0000000..26a2383
--- /dev/null
+++ b/vendor/github.com/aead/chacha20/chacha/chacha_amd64.s
@@ -0,0 +1,1072 @@
+// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// +build amd64,!gccgo,!appengine,!nacl
+
+#include "const.s"
+#include "macro.s"
+
+// FINALIZE xors len bytes from src and block using
+// the temp. registers t0 and t1 and writes the result
+// to dst.
+#define FINALIZE(dst, src, block, len, t0, t1) \
+ XORQ t0, t0; \
+ XORQ t1, t1; \
+ FINALIZE_LOOP:; \
+ MOVB 0(src), t0; \
+ MOVB 0(block), t1; \
+ XORQ t0, t1; \
+ MOVB t1, 0(dst); \
+ INCQ src; \
+ INCQ block; \
+ INCQ dst; \
+ DECQ len; \
+ JG FINALIZE_LOOP \
+
+#define Dst DI
+#define Nonce AX
+#define Key BX
+#define Rounds DX
+
+// func initialize(state *[64]byte, key []byte, nonce *[16]byte)
+TEXT ·initialize(SB), 4, $0-40
+ MOVQ state+0(FP), Dst
+ MOVQ key+8(FP), Key
+ MOVQ nonce+32(FP), Nonce
+
+ MOVOU ·sigma<>(SB), X0
+ MOVOU 0*16(Key), X1
+ MOVOU 1*16(Key), X2
+ MOVOU 0*16(Nonce), X3
+
+ MOVOU X0, 0*16(Dst)
+ MOVOU X1, 1*16(Dst)
+ MOVOU X2, 2*16(Dst)
+ MOVOU X3, 3*16(Dst)
+ RET
+
+// func hChaCha20AVX(out *[32]byte, nonce *[16]byte, key *[32]byte)
+TEXT ·hChaCha20AVX(SB), 4, $0-24
+ MOVQ out+0(FP), Dst
+ MOVQ nonce+8(FP), Nonce
+ MOVQ key+16(FP), Key
+
+ VMOVDQU ·sigma<>(SB), X0
+ VMOVDQU 0*16(Key), X1
+ VMOVDQU 1*16(Key), X2
+ VMOVDQU 0*16(Nonce), X3
+ VMOVDQU ·rol16_AVX2<>(SB), X5
+ VMOVDQU ·rol8_AVX2<>(SB), X6
+ MOVQ $20, Rounds
+
+CHACHA_LOOP:
+ CHACHA_QROUND_AVX(X0, X1, X2, X3, X4, X5, X6)
+ CHACHA_SHUFFLE_AVX(X1, X2, X3)
+ CHACHA_QROUND_AVX(X0, X1, X2, X3, X4, X5, X6)
+ CHACHA_SHUFFLE_AVX(X3, X2, X1)
+ SUBQ $2, Rounds
+ JNZ CHACHA_LOOP
+
+ VMOVDQU X0, 0*16(Dst)
+ VMOVDQU X3, 1*16(Dst)
+ VZEROUPPER
+ RET
+
+// func hChaCha20SSE2(out *[32]byte, nonce *[16]byte, key *[32]byte)
+TEXT ·hChaCha20SSE2(SB), 4, $0-24
+ MOVQ out+0(FP), Dst
+ MOVQ nonce+8(FP), Nonce
+ MOVQ key+16(FP), Key
+
+ MOVOU ·sigma<>(SB), X0
+ MOVOU 0*16(Key), X1
+ MOVOU 1*16(Key), X2
+ MOVOU 0*16(Nonce), X3
+ MOVQ $20, Rounds
+
+CHACHA_LOOP:
+ CHACHA_QROUND_SSE2(X0, X1, X2, X3, X4)
+ CHACHA_SHUFFLE_SSE(X1, X2, X3)
+ CHACHA_QROUND_SSE2(X0, X1, X2, X3, X4)
+ CHACHA_SHUFFLE_SSE(X3, X2, X1)
+ SUBQ $2, Rounds
+ JNZ CHACHA_LOOP
+
+ MOVOU X0, 0*16(Dst)
+ MOVOU X3, 1*16(Dst)
+ RET
+
+// func hChaCha20SSSE3(out *[32]byte, nonce *[16]byte, key *[32]byte)
+TEXT ·hChaCha20SSSE3(SB), 4, $0-24
+ MOVQ out+0(FP), Dst
+ MOVQ nonce+8(FP), Nonce
+ MOVQ key+16(FP), Key
+
+ MOVOU ·sigma<>(SB), X0
+ MOVOU 0*16(Key), X1
+ MOVOU 1*16(Key), X2
+ MOVOU 0*16(Nonce), X3
+ MOVOU ·rol16<>(SB), X5
+ MOVOU ·rol8<>(SB), X6
+ MOVQ $20, Rounds
+
+chacha_loop:
+ CHACHA_QROUND_SSSE3(X0, X1, X2, X3, X4, X5, X6)
+ CHACHA_SHUFFLE_SSE(X1, X2, X3)
+ CHACHA_QROUND_SSSE3(X0, X1, X2, X3, X4, X5, X6)
+ CHACHA_SHUFFLE_SSE(X3, X2, X1)
+ SUBQ $2, Rounds
+ JNZ chacha_loop
+
+ MOVOU X0, 0*16(Dst)
+ MOVOU X3, 1*16(Dst)
+ RET
+
+#undef Dst
+#undef Nonce
+#undef Key
+#undef Rounds
+
+#define Dst DI
+#define Src SI
+#define Len R12
+#define Rounds DX
+#define Buffer BX
+#define State AX
+#define Stack SP
+#define SavedSP R8
+#define Tmp0 R9
+#define Tmp1 R10
+#define Tmp2 R11
+
+// func xorKeyStreamSSE2(dst, src []byte, block, state *[64]byte, rounds int) int
+TEXT ·xorKeyStreamSSE2(SB), 4, $112-80
+ MOVQ dst_base+0(FP), Dst
+ MOVQ src_base+24(FP), Src
+ MOVQ block+48(FP), Buffer
+ MOVQ state+56(FP), State
+ MOVQ rounds+64(FP), Rounds
+ MOVQ src_len+32(FP), Len
+
+ MOVOU 0*16(State), X0
+ MOVOU 1*16(State), X1
+ MOVOU 2*16(State), X2
+ MOVOU 3*16(State), X3
+
+ MOVQ Stack, SavedSP
+ ADDQ $16, Stack
+ ANDQ $-16, Stack
+
+ TESTQ Len, Len
+ JZ DONE
+
+ MOVOU ·one<>(SB), X4
+ MOVO X0, 0*16(Stack)
+ MOVO X1, 1*16(Stack)
+ MOVO X2, 2*16(Stack)
+ MOVO X3, 3*16(Stack)
+ MOVO X4, 4*16(Stack)
+
+ CMPQ Len, $64
+ JLE GENERATE_KEYSTREAM_64
+ CMPQ Len, $128
+ JLE GENERATE_KEYSTREAM_128
+ CMPQ Len, $192
+ JLE GENERATE_KEYSTREAM_192
+
+GENERATE_KEYSTREAM_256:
+ MOVO X0, X12
+ MOVO X1, X13
+ MOVO X2, X14
+ MOVO X3, X15
+ PADDQ 4*16(Stack), X15
+ MOVO X0, X8
+ MOVO X1, X9
+ MOVO X2, X10
+ MOVO X15, X11
+ PADDQ 4*16(Stack), X11
+ MOVO X0, X4
+ MOVO X1, X5
+ MOVO X2, X6
+ MOVO X11, X7
+ PADDQ 4*16(Stack), X7
+ MOVQ Rounds, Tmp0
+
+ MOVO X3, 3*16(Stack) // Save X3
+
+CHACHA_LOOP_256:
+ MOVO X4, 5*16(Stack)
+ CHACHA_QROUND_SSE2(X0, X1, X2, X3, X4)
+ CHACHA_QROUND_SSE2(X12, X13, X14, X15, X4)
+ MOVO 5*16(Stack), X4
+ MOVO X0, 5*16(Stack)
+ CHACHA_QROUND_SSE2(X8, X9, X10, X11, X0)
+ CHACHA_QROUND_SSE2(X4, X5, X6, X7, X0)
+ MOVO 5*16(Stack), X0
+ CHACHA_SHUFFLE_SSE(X1, X2, X3)
+ CHACHA_SHUFFLE_SSE(X13, X14, X15)
+ CHACHA_SHUFFLE_SSE(X9, X10, X11)
+ CHACHA_SHUFFLE_SSE(X5, X6, X7)
+ MOVO X4, 5*16(Stack)
+ CHACHA_QROUND_SSE2(X0, X1, X2, X3, X4)
+ CHACHA_QROUND_SSE2(X12, X13, X14, X15, X4)
+ MOVO 5*16(Stack), X4
+ MOVO X0, 5*16(Stack)
+ CHACHA_QROUND_SSE2(X8, X9, X10, X11, X0)
+ CHACHA_QROUND_SSE2(X4, X5, X6, X7, X0)
+ MOVO 5*16(Stack), X0
+ CHACHA_SHUFFLE_SSE(X3, X2, X1)
+ CHACHA_SHUFFLE_SSE(X15, X14, X13)
+ CHACHA_SHUFFLE_SSE(X11, X10, X9)
+ CHACHA_SHUFFLE_SSE(X7, X6, X5)
+ SUBQ $2, Tmp0
+ JNZ CHACHA_LOOP_256
+
+ PADDL 0*16(Stack), X0
+ PADDL 1*16(Stack), X1
+ PADDL 2*16(Stack), X2
+ PADDL 3*16(Stack), X3
+ MOVO X4, 5*16(Stack) // Save X4
+ XOR_SSE(Dst, Src, 0, X0, X1, X2, X3, X4)
+ MOVO 5*16(Stack), X4 // Restore X4
+
+ MOVO 0*16(Stack), X0
+ MOVO 1*16(Stack), X1
+ MOVO 2*16(Stack), X2
+ MOVO 3*16(Stack), X3
+ PADDQ 4*16(Stack), X3
+
+ PADDL X0, X12
+ PADDL X1, X13
+ PADDL X2, X14
+ PADDL X3, X15
+ PADDQ 4*16(Stack), X3
+ PADDL X0, X8
+ PADDL X1, X9
+ PADDL X2, X10
+ PADDL X3, X11
+ PADDQ 4*16(Stack), X3
+ PADDL X0, X4
+ PADDL X1, X5
+ PADDL X2, X6
+ PADDL X3, X7
+ PADDQ 4*16(Stack), X3
+
+ XOR_SSE(Dst, Src, 64, X12, X13, X14, X15, X0)
+ XOR_SSE(Dst, Src, 128, X8, X9, X10, X11, X0)
+ MOVO 0*16(Stack), X0 // Restore X0
+ ADDQ $192, Dst
+ ADDQ $192, Src
+ SUBQ $192, Len
+
+ CMPQ Len, $64
+ JL BUFFER_KEYSTREAM
+
+ XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
+ ADDQ $64, Dst
+ ADDQ $64, Src
+ SUBQ $64, Len
+ JZ DONE
+ CMPQ Len, $64 // If Len <= 64 -> gen. only 64 byte keystream.
+ JLE GENERATE_KEYSTREAM_64
+ CMPQ Len, $128 // If 64 < Len <= 128 -> gen. only 128 byte keystream.
+ JLE GENERATE_KEYSTREAM_128
+ CMPQ Len, $192 // If Len > 192 -> repeat, otherwise Len > 128 && Len <= 192 -> gen. 192 byte keystream
+ JG GENERATE_KEYSTREAM_256
+
+GENERATE_KEYSTREAM_192:
+ MOVO X0, X12
+ MOVO X1, X13
+ MOVO X2, X14
+ MOVO X3, X15
+ MOVO X0, X8
+ MOVO X1, X9
+ MOVO X2, X10
+ MOVO X3, X11
+ PADDQ 4*16(Stack), X11
+ MOVO X0, X4
+ MOVO X1, X5
+ MOVO X2, X6
+ MOVO X11, X7
+ PADDQ 4*16(Stack), X7
+ MOVQ Rounds, Tmp0
+
+CHACHA_LOOP_192:
+ CHACHA_QROUND_SSE2(X12, X13, X14, X15, X0)
+ CHACHA_QROUND_SSE2(X8, X9, X10, X11, X0)
+ CHACHA_QROUND_SSE2(X4, X5, X6, X7, X0)
+ CHACHA_SHUFFLE_SSE(X13, X14, X15)
+ CHACHA_SHUFFLE_SSE(X9, X10, X11)
+ CHACHA_SHUFFLE_SSE(X5, X6, X7)
+ CHACHA_QROUND_SSE2(X12, X13, X14, X15, X0)
+ CHACHA_QROUND_SSE2(X8, X9, X10, X11, X0)
+ CHACHA_QROUND_SSE2(X4, X5, X6, X7, X0)
+ CHACHA_SHUFFLE_SSE(X15, X14, X13)
+ CHACHA_SHUFFLE_SSE(X11, X10, X9)
+ CHACHA_SHUFFLE_SSE(X7, X6, X5)
+ SUBQ $2, Tmp0
+ JNZ CHACHA_LOOP_192
+
+ MOVO 0*16(Stack), X0 // Restore X0
+ PADDL X0, X12
+ PADDL X1, X13
+ PADDL X2, X14
+ PADDL X3, X15
+ PADDQ 4*16(Stack), X3
+ PADDL X0, X8
+ PADDL X1, X9
+ PADDL X2, X10
+ PADDL X3, X11
+ PADDQ 4*16(Stack), X3
+ PADDL X0, X4
+ PADDL X1, X5
+ PADDL X2, X6
+ PADDL X3, X7
+ PADDQ 4*16(Stack), X3
+
+ XOR_SSE(Dst, Src, 0, X12, X13, X14, X15, X0)
+ XOR_SSE(Dst, Src, 64, X8, X9, X10, X11, X0)
+ MOVO 0*16(Stack), X0 // Restore X0
+ ADDQ $128, Dst
+ ADDQ $128, Src
+ SUBQ $128, Len
+
+ CMPQ Len, $64
+ JL BUFFER_KEYSTREAM
+
+ XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
+ ADDQ $64, Dst
+ ADDQ $64, Src
+ SUBQ $64, Len
+ JZ DONE
+ CMPQ Len, $64 // If Len <= 64 -> gen. only 64 byte keystream.
+ JLE GENERATE_KEYSTREAM_64
+
+GENERATE_KEYSTREAM_128:
+ MOVO X0, X8
+ MOVO X1, X9
+ MOVO X2, X10
+ MOVO X3, X11
+ MOVO X0, X4
+ MOVO X1, X5
+ MOVO X2, X6
+ MOVO X3, X7
+ PADDQ 4*16(Stack), X7
+ MOVQ Rounds, Tmp0
+
+CHACHA_LOOP_128:
+ CHACHA_QROUND_SSE2(X8, X9, X10, X11, X12)
+ CHACHA_QROUND_SSE2(X4, X5, X6, X7, X12)
+ CHACHA_SHUFFLE_SSE(X9, X10, X11)
+ CHACHA_SHUFFLE_SSE(X5, X6, X7)
+ CHACHA_QROUND_SSE2(X8, X9, X10, X11, X12)
+ CHACHA_QROUND_SSE2(X4, X5, X6, X7, X12)
+ CHACHA_SHUFFLE_SSE(X11, X10, X9)
+ CHACHA_SHUFFLE_SSE(X7, X6, X5)
+ SUBQ $2, Tmp0
+ JNZ CHACHA_LOOP_128
+
+ PADDL X0, X8
+ PADDL X1, X9
+ PADDL X2, X10
+ PADDL X3, X11
+ PADDQ 4*16(Stack), X3
+ PADDL X0, X4
+ PADDL X1, X5
+ PADDL X2, X6
+ PADDL X3, X7
+ PADDQ 4*16(Stack), X3
+
+ XOR_SSE(Dst, Src, 0, X8, X9, X10, X11, X12)
+ ADDQ $64, Dst
+ ADDQ $64, Src
+ SUBQ $64, Len
+
+ CMPQ Len, $64
+ JL BUFFER_KEYSTREAM
+
+ XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
+ ADDQ $64, Dst
+ ADDQ $64, Src
+ SUBQ $64, Len
+ JZ DONE // If Len == 0 -> DONE, otherwise Len <= 64 -> gen 64 byte keystream
+
+GENERATE_KEYSTREAM_64:
+ MOVO X0, X4
+ MOVO X1, X5
+ MOVO X2, X6
+ MOVO X3, X7
+ MOVQ Rounds, Tmp0
+
+CHACHA_LOOP_64:
+ CHACHA_QROUND_SSE2(X4, X5, X6, X7, X8)
+ CHACHA_SHUFFLE_SSE(X5, X6, X7)
+ CHACHA_QROUND_SSE2(X4, X5, X6, X7, X8)
+ CHACHA_SHUFFLE_SSE(X7, X6, X5)
+ SUBQ $2, Tmp0
+ JNZ CHACHA_LOOP_64
+
+ PADDL X0, X4
+ PADDL X1, X5
+ PADDL X2, X6
+ PADDL X3, X7
+ PADDQ 4*16(Stack), X3
+
+ CMPQ Len, $64
+ JL BUFFER_KEYSTREAM
+
+ XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
+ ADDQ $64, Src
+ ADDQ $64, Dst
+ SUBQ $64, Len
+ JMP DONE // jump directly to DONE - there is no keystream to buffer, Len == 0 always true.
+
+BUFFER_KEYSTREAM:
+ MOVOU X4, 0*16(Buffer)
+ MOVOU X5, 1*16(Buffer)
+ MOVOU X6, 2*16(Buffer)
+ MOVOU X7, 3*16(Buffer)
+ MOVQ Len, Tmp0
+ FINALIZE(Dst, Src, Buffer, Tmp0, Tmp1, Tmp2)
+
+DONE:
+ MOVQ SavedSP, Stack // Restore stack pointer
+ MOVOU X3, 3*16(State)
+ MOVQ Len, ret+72(FP)
+ RET
+
+// func xorKeyStreamSSSE3(dst, src []byte, block, state *[64]byte, rounds int) int
+TEXT ·xorKeyStreamSSSE3(SB), 4, $144-80
+ MOVQ dst_base+0(FP), Dst
+ MOVQ src_base+24(FP), Src
+ MOVQ block+48(FP), Buffer
+ MOVQ state+56(FP), State
+ MOVQ rounds+64(FP), Rounds
+ MOVQ src_len+32(FP), Len
+
+ MOVOU 0*16(State), X0
+ MOVOU 1*16(State), X1
+ MOVOU 2*16(State), X2
+ MOVOU 3*16(State), X3
+
+ MOVQ Stack, SavedSP
+ ADDQ $16, Stack
+ ANDQ $-16, Stack
+
+ TESTQ Len, Len
+ JZ DONE
+
+ MOVOU ·one<>(SB), X4
+ MOVOU ·rol16<>(SB), X5
+ MOVOU ·rol8<>(SB), X6
+ MOVO X0, 0*16(Stack)
+ MOVO X1, 1*16(Stack)
+ MOVO X2, 2*16(Stack)
+ MOVO X3, 3*16(Stack)
+ MOVO X4, 4*16(Stack)
+ MOVO X5, 6*16(Stack)
+ MOVO X6, 7*16(Stack)
+
+ CMPQ Len, $64
+ JLE GENERATE_KEYSTREAM_64
+ CMPQ Len, $128
+ JLE GENERATE_KEYSTREAM_128
+ CMPQ Len, $192
+ JLE GENERATE_KEYSTREAM_192
+
+GENERATE_KEYSTREAM_256:
+ MOVO X0, X12
+ MOVO X1, X13
+ MOVO X2, X14
+ MOVO X3, X15
+ PADDQ 4*16(Stack), X15
+ MOVO X0, X8
+ MOVO X1, X9
+ MOVO X2, X10
+ MOVO X15, X11
+ PADDQ 4*16(Stack), X11
+ MOVO X0, X4
+ MOVO X1, X5
+ MOVO X2, X6
+ MOVO X11, X7
+ PADDQ 4*16(Stack), X7
+ MOVQ Rounds, Tmp0
+
+ MOVO X3, 3*16(Stack) // Save X3
+
+CHACHA_LOOP_256:
+ MOVO X4, 5*16(Stack)
+ CHACHA_QROUND_SSSE3(X0, X1, X2, X3, X4, 6*16(Stack), 7*16(Stack))
+ CHACHA_QROUND_SSSE3(X12, X13, X14, X15, X4, 6*16(Stack), 7*16(Stack))
+ MOVO 5*16(Stack), X4
+ MOVO X0, 5*16(Stack)
+ CHACHA_QROUND_SSSE3(X8, X9, X10, X11, X0, 6*16(Stack), 7*16(Stack))
+ CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X0, 6*16(Stack), 7*16(Stack))
+ MOVO 5*16(Stack), X0
+ CHACHA_SHUFFLE_SSE(X1, X2, X3)
+ CHACHA_SHUFFLE_SSE(X13, X14, X15)
+ CHACHA_SHUFFLE_SSE(X9, X10, X11)
+ CHACHA_SHUFFLE_SSE(X5, X6, X7)
+ MOVO X4, 5*16(Stack)
+ CHACHA_QROUND_SSSE3(X0, X1, X2, X3, X4, 6*16(Stack), 7*16(Stack))
+ CHACHA_QROUND_SSSE3(X12, X13, X14, X15, X4, 6*16(Stack), 7*16(Stack))
+ MOVO 5*16(Stack), X4
+ MOVO X0, 5*16(Stack)
+ CHACHA_QROUND_SSSE3(X8, X9, X10, X11, X0, 6*16(Stack), 7*16(Stack))
+ CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X0, 6*16(Stack), 7*16(Stack))
+ MOVO 5*16(Stack), X0
+ CHACHA_SHUFFLE_SSE(X3, X2, X1)
+ CHACHA_SHUFFLE_SSE(X15, X14, X13)
+ CHACHA_SHUFFLE_SSE(X11, X10, X9)
+ CHACHA_SHUFFLE_SSE(X7, X6, X5)
+ SUBQ $2, Tmp0
+ JNZ CHACHA_LOOP_256
+
+ PADDL 0*16(Stack), X0
+ PADDL 1*16(Stack), X1
+ PADDL 2*16(Stack), X2
+ PADDL 3*16(Stack), X3
+ MOVO X4, 5*16(Stack) // Save X4
+ XOR_SSE(Dst, Src, 0, X0, X1, X2, X3, X4)
+ MOVO 5*16(Stack), X4 // Restore X4
+
+ MOVO 0*16(Stack), X0
+ MOVO 1*16(Stack), X1
+ MOVO 2*16(Stack), X2
+ MOVO 3*16(Stack), X3
+ PADDQ 4*16(Stack), X3
+
+ PADDL X0, X12
+ PADDL X1, X13
+ PADDL X2, X14
+ PADDL X3, X15
+ PADDQ 4*16(Stack), X3
+ PADDL X0, X8
+ PADDL X1, X9
+ PADDL X2, X10
+ PADDL X3, X11
+ PADDQ 4*16(Stack), X3
+ PADDL X0, X4
+ PADDL X1, X5
+ PADDL X2, X6
+ PADDL X3, X7
+ PADDQ 4*16(Stack), X3
+
+ XOR_SSE(Dst, Src, 64, X12, X13, X14, X15, X0)
+ XOR_SSE(Dst, Src, 128, X8, X9, X10, X11, X0)
+ MOVO 0*16(Stack), X0 // Restore X0
+ ADDQ $192, Dst
+ ADDQ $192, Src
+ SUBQ $192, Len
+
+ CMPQ Len, $64
+ JL BUFFER_KEYSTREAM
+
+ XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
+ ADDQ $64, Dst
+ ADDQ $64, Src
+ SUBQ $64, Len
+ JZ DONE
+ CMPQ Len, $64 // If Len <= 64 -> gen. only 64 byte keystream.
+ JLE GENERATE_KEYSTREAM_64
+ CMPQ Len, $128 // If 64 < Len <= 128 -> gen. only 128 byte keystream.
+ JLE GENERATE_KEYSTREAM_128
+ CMPQ Len, $192 // If Len > 192 -> repeat, otherwise Len > 128 && Len <= 192 -> gen. 192 byte keystream
+ JG GENERATE_KEYSTREAM_256
+
+GENERATE_KEYSTREAM_192:
+ MOVO X0, X12
+ MOVO X1, X13
+ MOVO X2, X14
+ MOVO X3, X15
+ MOVO X0, X8
+ MOVO X1, X9
+ MOVO X2, X10
+ MOVO X3, X11
+ PADDQ 4*16(Stack), X11
+ MOVO X0, X4
+ MOVO X1, X5
+ MOVO X2, X6
+ MOVO X11, X7
+ PADDQ 4*16(Stack), X7
+ MOVQ Rounds, Tmp0
+
+ MOVO 6*16(Stack), X1 // Load 16 bit rotate-left constant
+ MOVO 7*16(Stack), X2 // Load 8 bit rotate-left constant
+
+CHACHA_LOOP_192:
+ CHACHA_QROUND_SSSE3(X12, X13, X14, X15, X0, X1, X2)
+ CHACHA_QROUND_SSSE3(X8, X9, X10, X11, X0, X1, X2)
+ CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X0, X1, X2)
+ CHACHA_SHUFFLE_SSE(X13, X14, X15)
+ CHACHA_SHUFFLE_SSE(X9, X10, X11)
+ CHACHA_SHUFFLE_SSE(X5, X6, X7)
+ CHACHA_QROUND_SSSE3(X12, X13, X14, X15, X0, X1, X2)
+ CHACHA_QROUND_SSSE3(X8, X9, X10, X11, X0, X1, X2)
+ CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X0, X1, X2)
+ CHACHA_SHUFFLE_SSE(X15, X14, X13)
+ CHACHA_SHUFFLE_SSE(X11, X10, X9)
+ CHACHA_SHUFFLE_SSE(X7, X6, X5)
+ SUBQ $2, Tmp0
+ JNZ CHACHA_LOOP_192
+
+ MOVO 0*16(Stack), X0 // Restore X0
+ MOVO 1*16(Stack), X1 // Restore X1
+ MOVO 2*16(Stack), X2 // Restore X2
+ PADDL X0, X12
+ PADDL X1, X13
+ PADDL X2, X14
+ PADDL X3, X15
+ PADDQ 4*16(Stack), X3
+ PADDL X0, X8
+ PADDL X1, X9
+ PADDL X2, X10
+ PADDL X3, X11
+ PADDQ 4*16(Stack), X3
+ PADDL X0, X4
+ PADDL X1, X5
+ PADDL X2, X6
+ PADDL X3, X7
+ PADDQ 4*16(Stack), X3
+
+ XOR_SSE(Dst, Src, 0, X12, X13, X14, X15, X0)
+ XOR_SSE(Dst, Src, 64, X8, X9, X10, X11, X0)
+ MOVO 0*16(Stack), X0 // Restore X0
+ ADDQ $128, Dst
+ ADDQ $128, Src
+ SUBQ $128, Len
+
+ CMPQ Len, $64
+ JL BUFFER_KEYSTREAM
+
+ XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
+ ADDQ $64, Dst
+ ADDQ $64, Src
+ SUBQ $64, Len
+ JZ DONE
+ CMPQ Len, $64 // If Len <= 64 -> gen. only 64 byte keystream.
+ JLE GENERATE_KEYSTREAM_64
+
+GENERATE_KEYSTREAM_128:
+ MOVO X0, X8
+ MOVO X1, X9
+ MOVO X2, X10
+ MOVO X3, X11
+ MOVO X0, X4
+ MOVO X1, X5
+ MOVO X2, X6
+ MOVO X3, X7
+ PADDQ 4*16(Stack), X7
+ MOVQ Rounds, Tmp0
+
+ MOVO 6*16(Stack), X13 // Load 16 bit rotate-left constant
+ MOVO 7*16(Stack), X14 // Load 8 bit rotate-left constant
+
+CHACHA_LOOP_128:
+ CHACHA_QROUND_SSSE3(X8, X9, X10, X11, X12, X13, X14)
+ CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X12, X13, X14)
+ CHACHA_SHUFFLE_SSE(X9, X10, X11)
+ CHACHA_SHUFFLE_SSE(X5, X6, X7)
+ CHACHA_QROUND_SSSE3(X8, X9, X10, X11, X12, X13, X14)
+ CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X12, X13, X14)
+ CHACHA_SHUFFLE_SSE(X11, X10, X9)
+ CHACHA_SHUFFLE_SSE(X7, X6, X5)
+ SUBQ $2, Tmp0
+ JNZ CHACHA_LOOP_128
+
+ PADDL X0, X8
+ PADDL X1, X9
+ PADDL X2, X10
+ PADDL X3, X11
+ PADDQ 4*16(Stack), X3
+ PADDL X0, X4
+ PADDL X1, X5
+ PADDL X2, X6
+ PADDL X3, X7
+ PADDQ 4*16(Stack), X3
+
+ XOR_SSE(Dst, Src, 0, X8, X9, X10, X11, X12)
+ ADDQ $64, Dst
+ ADDQ $64, Src
+ SUBQ $64, Len
+
+ CMPQ Len, $64
+ JL BUFFER_KEYSTREAM
+
+ XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
+ ADDQ $64, Dst
+ ADDQ $64, Src
+ SUBQ $64, Len
+ JZ DONE // If Len == 0 -> DONE, otherwise Len <= 64 -> gen 64 byte keystream
+
+GENERATE_KEYSTREAM_64:
+ MOVO X0, X4
+ MOVO X1, X5
+ MOVO X2, X6
+ MOVO X3, X7
+ MOVQ Rounds, Tmp0
+
+ MOVO 6*16(Stack), X9 // Load 16 bit rotate-left constant
+ MOVO 7*16(Stack), X10 // Load 8 bit rotate-left constant
+
+CHACHA_LOOP_64:
+ CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X8, X9, X10)
+ CHACHA_SHUFFLE_SSE(X5, X6, X7)
+ CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X8, X9, X10)
+ CHACHA_SHUFFLE_SSE(X7, X6, X5)
+ SUBQ $2, Tmp0
+ JNZ CHACHA_LOOP_64
+
+ PADDL X0, X4
+ PADDL X1, X5
+ PADDL X2, X6
+ PADDL X3, X7
+ PADDQ 4*16(Stack), X3
+
+ CMPQ Len, $64
+ JL BUFFER_KEYSTREAM
+
+ XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
+ ADDQ $64, Src
+ ADDQ $64, Dst
+ SUBQ $64, Len
+ JMP DONE // jump directly to DONE - there is no keystream to buffer, Len == 0 always true.
+
+BUFFER_KEYSTREAM:
+ MOVOU X4, 0*16(Buffer)
+ MOVOU X5, 1*16(Buffer)
+ MOVOU X6, 2*16(Buffer)
+ MOVOU X7, 3*16(Buffer)
+ MOVQ Len, Tmp0
+ FINALIZE(Dst, Src, Buffer, Tmp0, Tmp1, Tmp2)
+
+DONE:
+ MOVQ SavedSP, Stack // Restore stack pointer
+ MOVOU X3, 3*16(State)
+ MOVQ Len, ret+72(FP)
+ RET
+
+// func xorKeyStreamAVX(dst, src []byte, block, state *[64]byte, rounds int) int
+TEXT ·xorKeyStreamAVX(SB), 4, $144-80
+ MOVQ dst_base+0(FP), Dst
+ MOVQ src_base+24(FP), Src
+ MOVQ block+48(FP), Buffer
+ MOVQ state+56(FP), State
+ MOVQ rounds+64(FP), Rounds
+ MOVQ src_len+32(FP), Len
+
+ VMOVDQU 0*16(State), X0
+ VMOVDQU 1*16(State), X1
+ VMOVDQU 2*16(State), X2
+ VMOVDQU 3*16(State), X3
+
+ MOVQ Stack, SavedSP
+ ADDQ $16, Stack
+ ANDQ $-16, Stack
+
+ TESTQ Len, Len
+ JZ DONE
+
+ VMOVDQU ·one<>(SB), X4
+ VMOVDQU ·rol16<>(SB), X5
+ VMOVDQU ·rol8<>(SB), X6
+ VMOVDQA X0, 0*16(Stack)
+ VMOVDQA X1, 1*16(Stack)
+ VMOVDQA X2, 2*16(Stack)
+ VMOVDQA X3, 3*16(Stack)
+ VMOVDQA X4, 4*16(Stack)
+ VMOVDQA X5, 6*16(Stack)
+ VMOVDQA X6, 7*16(Stack)
+
+ CMPQ Len, $64
+ JLE GENERATE_KEYSTREAM_64
+ CMPQ Len, $128
+ JLE GENERATE_KEYSTREAM_128
+ CMPQ Len, $192
+ JLE GENERATE_KEYSTREAM_192
+
+GENERATE_KEYSTREAM_256:
+ VMOVDQA X0, X12
+ VMOVDQA X1, X13
+ VMOVDQA X2, X14
+ VMOVDQA X3, X15
+ VPADDQ 4*16(Stack), X15, X15
+ VMOVDQA X0, X8
+ VMOVDQA X1, X9
+ VMOVDQA X2, X10
+ VMOVDQA X15, X11
+ VPADDQ 4*16(Stack), X11, X11
+ VMOVDQA X0, X4
+ VMOVDQA X1, X5
+ VMOVDQA X2, X6
+ VMOVDQA X11, X7
+ VPADDQ 4*16(Stack), X7, X7
+ MOVQ Rounds, Tmp0
+
+ VMOVDQA X3, 3*16(Stack) // Save X3
+
+CHACHA_LOOP_256:
+ VMOVDQA X4, 5*16(Stack)
+ CHACHA_QROUND_AVX(X0, X1, X2, X3, X4, 6*16(Stack), 7*16(Stack))
+ CHACHA_QROUND_AVX(X12, X13, X14, X15, X4, 6*16(Stack), 7*16(Stack))
+ VMOVDQA 5*16(Stack), X4
+ VMOVDQA X0, 5*16(Stack)
+ CHACHA_QROUND_AVX(X8, X9, X10, X11, X0, 6*16(Stack), 7*16(Stack))
+ CHACHA_QROUND_AVX(X4, X5, X6, X7, X0, 6*16(Stack), 7*16(Stack))
+ VMOVDQA 5*16(Stack), X0
+ CHACHA_SHUFFLE_AVX(X1, X2, X3)
+ CHACHA_SHUFFLE_AVX(X13, X14, X15)
+ CHACHA_SHUFFLE_AVX(X9, X10, X11)
+ CHACHA_SHUFFLE_AVX(X5, X6, X7)
+ VMOVDQA X4, 5*16(Stack)
+ CHACHA_QROUND_AVX(X0, X1, X2, X3, X4, 6*16(Stack), 7*16(Stack))
+ CHACHA_QROUND_AVX(X12, X13, X14, X15, X4, 6*16(Stack), 7*16(Stack))
+ VMOVDQA 5*16(Stack), X4
+ VMOVDQA X0, 5*16(Stack)
+ CHACHA_QROUND_AVX(X8, X9, X10, X11, X0, 6*16(Stack), 7*16(Stack))
+ CHACHA_QROUND_AVX(X4, X5, X6, X7, X0, 6*16(Stack), 7*16(Stack))
+ VMOVDQA 5*16(Stack), X0
+ CHACHA_SHUFFLE_AVX(X3, X2, X1)
+ CHACHA_SHUFFLE_AVX(X15, X14, X13)
+ CHACHA_SHUFFLE_AVX(X11, X10, X9)
+ CHACHA_SHUFFLE_AVX(X7, X6, X5)
+ SUBQ $2, Tmp0
+ JNZ CHACHA_LOOP_256
+
+ VPADDD 0*16(Stack), X0, X0
+ VPADDD 1*16(Stack), X1, X1
+ VPADDD 2*16(Stack), X2, X2
+ VPADDD 3*16(Stack), X3, X3
+ VMOVDQA X4, 5*16(Stack) // Save X4
+ XOR_AVX(Dst, Src, 0, X0, X1, X2, X3, X4)
+ VMOVDQA 5*16(Stack), X4 // Restore X4
+
+ VMOVDQA 0*16(Stack), X0
+ VMOVDQA 1*16(Stack), X1
+ VMOVDQA 2*16(Stack), X2
+ VMOVDQA 3*16(Stack), X3
+ VPADDQ 4*16(Stack), X3, X3
+
+ VPADDD X0, X12, X12
+ VPADDD X1, X13, X13
+ VPADDD X2, X14, X14
+ VPADDD X3, X15, X15
+ VPADDQ 4*16(Stack), X3, X3
+ VPADDD X0, X8, X8
+ VPADDD X1, X9, X9
+ VPADDD X2, X10, X10
+ VPADDD X3, X11, X11
+ VPADDQ 4*16(Stack), X3, X3
+ VPADDD X0, X4, X4
+ VPADDD X1, X5, X5
+ VPADDD X2, X6, X6
+ VPADDD X3, X7, X7
+ VPADDQ 4*16(Stack), X3, X3
+
+ XOR_AVX(Dst, Src, 64, X12, X13, X14, X15, X0)
+ XOR_AVX(Dst, Src, 128, X8, X9, X10, X11, X0)
+ VMOVDQA 0*16(Stack), X0 // Restore X0
+ ADDQ $192, Dst
+ ADDQ $192, Src
+ SUBQ $192, Len
+
+ CMPQ Len, $64
+ JL BUFFER_KEYSTREAM
+
+ XOR_AVX(Dst, Src, 0, X4, X5, X6, X7, X8)
+ ADDQ $64, Dst
+ ADDQ $64, Src
+ SUBQ $64, Len
+ JZ DONE
+ CMPQ Len, $64 // If Len <= 64 -> gen. only 64 byte keystream.
+ JLE GENERATE_KEYSTREAM_64
+ CMPQ Len, $128 // If 64 < Len <= 128 -> gen. only 128 byte keystream.
+ JLE GENERATE_KEYSTREAM_128
+ CMPQ Len, $192 // If Len > 192 -> repeat, otherwise Len > 128 && Len <= 192 -> gen. 192 byte keystream
+ JG GENERATE_KEYSTREAM_256
+
+GENERATE_KEYSTREAM_192:
+ VMOVDQA X0, X12
+ VMOVDQA X1, X13
+ VMOVDQA X2, X14
+ VMOVDQA X3, X15
+ VMOVDQA X0, X8
+ VMOVDQA X1, X9
+ VMOVDQA X2, X10
+ VMOVDQA X3, X11
+ VPADDQ 4*16(Stack), X11, X11
+ VMOVDQA X0, X4
+ VMOVDQA X1, X5
+ VMOVDQA X2, X6
+ VMOVDQA X11, X7
+ VPADDQ 4*16(Stack), X7, X7
+ MOVQ Rounds, Tmp0
+
+ VMOVDQA 6*16(Stack), X1 // Load 16 bit rotate-left constant
+ VMOVDQA 7*16(Stack), X2 // Load 8 bit rotate-left constant
+
+CHACHA_LOOP_192:
+ CHACHA_QROUND_AVX(X12, X13, X14, X15, X0, X1, X2)
+ CHACHA_QROUND_AVX(X8, X9, X10, X11, X0, X1, X2)
+ CHACHA_QROUND_AVX(X4, X5, X6, X7, X0, X1, X2)
+ CHACHA_SHUFFLE_AVX(X13, X14, X15)
+ CHACHA_SHUFFLE_AVX(X9, X10, X11)
+ CHACHA_SHUFFLE_AVX(X5, X6, X7)
+ CHACHA_QROUND_AVX(X12, X13, X14, X15, X0, X1, X2)
+ CHACHA_QROUND_AVX(X8, X9, X10, X11, X0, X1, X2)
+ CHACHA_QROUND_AVX(X4, X5, X6, X7, X0, X1, X2)
+ CHACHA_SHUFFLE_AVX(X15, X14, X13)
+ CHACHA_SHUFFLE_AVX(X11, X10, X9)
+ CHACHA_SHUFFLE_AVX(X7, X6, X5)
+ SUBQ $2, Tmp0
+ JNZ CHACHA_LOOP_192
+
+ VMOVDQA 0*16(Stack), X0 // Restore X0
+ VMOVDQA 1*16(Stack), X1 // Restore X1
+ VMOVDQA 2*16(Stack), X2 // Restore X2
+ VPADDD X0, X12, X12
+ VPADDD X1, X13, X13
+ VPADDD X2, X14, X14
+ VPADDD X3, X15, X15
+ VPADDQ 4*16(Stack), X3, X3
+ VPADDD X0, X8, X8
+ VPADDD X1, X9, X9
+ VPADDD X2, X10, X10
+ VPADDD X3, X11, X11
+ VPADDQ 4*16(Stack), X3, X3
+ VPADDD X0, X4, X4
+ VPADDD X1, X5, X5
+ VPADDD X2, X6, X6
+ VPADDD X3, X7, X7
+ VPADDQ 4*16(Stack), X3, X3
+
+ XOR_AVX(Dst, Src, 0, X12, X13, X14, X15, X0)
+ XOR_AVX(Dst, Src, 64, X8, X9, X10, X11, X0)
+ VMOVDQA 0*16(Stack), X0 // Restore X0
+ ADDQ $128, Dst
+ ADDQ $128, Src
+ SUBQ $128, Len
+
+ CMPQ Len, $64
+ JL BUFFER_KEYSTREAM
+
+ XOR_AVX(Dst, Src, 0, X4, X5, X6, X7, X8)
+ ADDQ $64, Dst
+ ADDQ $64, Src
+ SUBQ $64, Len
+ JZ DONE
+ CMPQ Len, $64 // If Len <= 64 -> gen. only 64 byte keystream.
+ JLE GENERATE_KEYSTREAM_64
+
+GENERATE_KEYSTREAM_128:
+ VMOVDQA X0, X8
+ VMOVDQA X1, X9
+ VMOVDQA X2, X10
+ VMOVDQA X3, X11
+ VMOVDQA X0, X4
+ VMOVDQA X1, X5
+ VMOVDQA X2, X6
+ VMOVDQA X3, X7
+ VPADDQ 4*16(Stack), X7, X7
+ MOVQ Rounds, Tmp0
+
+ VMOVDQA 6*16(Stack), X13 // Load 16 bit rotate-left constant
+ VMOVDQA 7*16(Stack), X14 // Load 8 bit rotate-left constant
+
+CHACHA_LOOP_128:
+ CHACHA_QROUND_AVX(X8, X9, X10, X11, X12, X13, X14)
+ CHACHA_QROUND_AVX(X4, X5, X6, X7, X12, X13, X14)
+ CHACHA_SHUFFLE_AVX(X9, X10, X11)
+ CHACHA_SHUFFLE_AVX(X5, X6, X7)
+ CHACHA_QROUND_AVX(X8, X9, X10, X11, X12, X13, X14)
+ CHACHA_QROUND_AVX(X4, X5, X6, X7, X12, X13, X14)
+ CHACHA_SHUFFLE_AVX(X11, X10, X9)
+ CHACHA_SHUFFLE_AVX(X7, X6, X5)
+ SUBQ $2, Tmp0
+ JNZ CHACHA_LOOP_128
+
+ VPADDD X0, X8, X8
+ VPADDD X1, X9, X9
+ VPADDD X2, X10, X10
+ VPADDD X3, X11, X11
+ VPADDQ 4*16(Stack), X3, X3
+ VPADDD X0, X4, X4
+ VPADDD X1, X5, X5
+ VPADDD X2, X6, X6
+ VPADDD X3, X7, X7
+ VPADDQ 4*16(Stack), X3, X3
+
+ XOR_AVX(Dst, Src, 0, X8, X9, X10, X11, X12)
+ ADDQ $64, Dst
+ ADDQ $64, Src
+ SUBQ $64, Len
+
+ CMPQ Len, $64
+ JL BUFFER_KEYSTREAM
+
+ XOR_AVX(Dst, Src, 0, X4, X5, X6, X7, X8)
+ ADDQ $64, Dst
+ ADDQ $64, Src
+ SUBQ $64, Len
+ JZ DONE // If Len == 0 -> DONE, otherwise Len <= 64 -> gen 64 byte keystream
+
+GENERATE_KEYSTREAM_64:
+ VMOVDQA X0, X4
+ VMOVDQA X1, X5
+ VMOVDQA X2, X6
+ VMOVDQA X3, X7
+ MOVQ Rounds, Tmp0
+
+ VMOVDQA 6*16(Stack), X9 // Load 16 bit rotate-left constant
+ VMOVDQA 7*16(Stack), X10 // Load 8 bit rotate-left constant
+
+CHACHA_LOOP_64:
+ CHACHA_QROUND_AVX(X4, X5, X6, X7, X8, X9, X10)
+ CHACHA_SHUFFLE_AVX(X5, X6, X7)
+ CHACHA_QROUND_AVX(X4, X5, X6, X7, X8, X9, X10)
+ CHACHA_SHUFFLE_AVX(X7, X6, X5)
+ SUBQ $2, Tmp0
+ JNZ CHACHA_LOOP_64
+
+ VPADDD X0, X4, X4
+ VPADDD X1, X5, X5
+ VPADDD X2, X6, X6
+ VPADDD X3, X7, X7
+ VPADDQ 4*16(Stack), X3, X3
+
+ CMPQ Len, $64
+ JL BUFFER_KEYSTREAM
+
+ XOR_AVX(Dst, Src, 0, X4, X5, X6, X7, X8)
+ ADDQ $64, Src
+ ADDQ $64, Dst
+ SUBQ $64, Len
+ JMP DONE // jump directly to DONE - there is no keystream to buffer, Len == 0 always true.
+
+BUFFER_KEYSTREAM:
+ VMOVDQU X4, 0*16(Buffer)
+ VMOVDQU X5, 1*16(Buffer)
+ VMOVDQU X6, 2*16(Buffer)
+ VMOVDQU X7, 3*16(Buffer)
+ MOVQ Len, Tmp0
+ FINALIZE(Dst, Src, Buffer, Tmp0, Tmp1, Tmp2)
+
+DONE:
+ MOVQ SavedSP, Stack // Restore stack pointer
+ VMOVDQU X3, 3*16(State)
+ VZEROUPPER
+ MOVQ Len, ret+72(FP)
+ RET
+
+#undef Dst
+#undef Src
+#undef Len
+#undef Rounds
+#undef Buffer
+#undef State
+#undef Stack
+#undef SavedSP
+#undef Tmp0
+#undef Tmp1
+#undef Tmp2
diff --git a/vendor/github.com/aead/chacha20/chacha/chacha_generic.go b/vendor/github.com/aead/chacha20/chacha/chacha_generic.go
new file mode 100644
index 0000000..8832d5b
--- /dev/null
+++ b/vendor/github.com/aead/chacha20/chacha/chacha_generic.go
@@ -0,0 +1,319 @@
+// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+package chacha
+
+import "encoding/binary"
+
+var sigma = [4]uint32{0x61707865, 0x3320646e, 0x79622d32, 0x6b206574}
+
+func xorKeyStreamGeneric(dst, src []byte, block, state *[64]byte, rounds int) int {
+ for len(src) >= 64 {
+ chachaGeneric(block, state, rounds)
+
+ for i, v := range block {
+ dst[i] = src[i] ^ v
+ }
+ src = src[64:]
+ dst = dst[64:]
+ }
+
+ n := len(src)
+ if n > 0 {
+ chachaGeneric(block, state, rounds)
+ for i, v := range src {
+ dst[i] = v ^ block[i]
+ }
+ }
+ return n
+}
+
+func chachaGeneric(dst *[64]byte, state *[64]byte, rounds int) {
+ v00 := binary.LittleEndian.Uint32(state[0:])
+ v01 := binary.LittleEndian.Uint32(state[4:])
+ v02 := binary.LittleEndian.Uint32(state[8:])
+ v03 := binary.LittleEndian.Uint32(state[12:])
+ v04 := binary.LittleEndian.Uint32(state[16:])
+ v05 := binary.LittleEndian.Uint32(state[20:])
+ v06 := binary.LittleEndian.Uint32(state[24:])
+ v07 := binary.LittleEndian.Uint32(state[28:])
+ v08 := binary.LittleEndian.Uint32(state[32:])
+ v09 := binary.LittleEndian.Uint32(state[36:])
+ v10 := binary.LittleEndian.Uint32(state[40:])
+ v11 := binary.LittleEndian.Uint32(state[44:])
+ v12 := binary.LittleEndian.Uint32(state[48:])
+ v13 := binary.LittleEndian.Uint32(state[52:])
+ v14 := binary.LittleEndian.Uint32(state[56:])
+ v15 := binary.LittleEndian.Uint32(state[60:])
+
+ s00, s01, s02, s03, s04, s05, s06, s07 := v00, v01, v02, v03, v04, v05, v06, v07
+ s08, s09, s10, s11, s12, s13, s14, s15 := v08, v09, v10, v11, v12, v13, v14, v15
+
+ for i := 0; i < rounds; i += 2 {
+ v00 += v04
+ v12 ^= v00
+ v12 = (v12 << 16) | (v12 >> 16)
+ v08 += v12
+ v04 ^= v08
+ v04 = (v04 << 12) | (v04 >> 20)
+ v00 += v04
+ v12 ^= v00
+ v12 = (v12 << 8) | (v12 >> 24)
+ v08 += v12
+ v04 ^= v08
+ v04 = (v04 << 7) | (v04 >> 25)
+ v01 += v05
+ v13 ^= v01
+ v13 = (v13 << 16) | (v13 >> 16)
+ v09 += v13
+ v05 ^= v09
+ v05 = (v05 << 12) | (v05 >> 20)
+ v01 += v05
+ v13 ^= v01
+ v13 = (v13 << 8) | (v13 >> 24)
+ v09 += v13
+ v05 ^= v09
+ v05 = (v05 << 7) | (v05 >> 25)
+ v02 += v06
+ v14 ^= v02
+ v14 = (v14 << 16) | (v14 >> 16)
+ v10 += v14
+ v06 ^= v10
+ v06 = (v06 << 12) | (v06 >> 20)
+ v02 += v06
+ v14 ^= v02
+ v14 = (v14 << 8) | (v14 >> 24)
+ v10 += v14
+ v06 ^= v10
+ v06 = (v06 << 7) | (v06 >> 25)
+ v03 += v07
+ v15 ^= v03
+ v15 = (v15 << 16) | (v15 >> 16)
+ v11 += v15
+ v07 ^= v11
+ v07 = (v07 << 12) | (v07 >> 20)
+ v03 += v07
+ v15 ^= v03
+ v15 = (v15 << 8) | (v15 >> 24)
+ v11 += v15
+ v07 ^= v11
+ v07 = (v07 << 7) | (v07 >> 25)
+ v00 += v05
+ v15 ^= v00
+ v15 = (v15 << 16) | (v15 >> 16)
+ v10 += v15
+ v05 ^= v10
+ v05 = (v05 << 12) | (v05 >> 20)
+ v00 += v05
+ v15 ^= v00
+ v15 = (v15 << 8) | (v15 >> 24)
+ v10 += v15
+ v05 ^= v10
+ v05 = (v05 << 7) | (v05 >> 25)
+ v01 += v06
+ v12 ^= v01
+ v12 = (v12 << 16) | (v12 >> 16)
+ v11 += v12
+ v06 ^= v11
+ v06 = (v06 << 12) | (v06 >> 20)
+ v01 += v06
+ v12 ^= v01
+ v12 = (v12 << 8) | (v12 >> 24)
+ v11 += v12
+ v06 ^= v11
+ v06 = (v06 << 7) | (v06 >> 25)
+ v02 += v07
+ v13 ^= v02
+ v13 = (v13 << 16) | (v13 >> 16)
+ v08 += v13
+ v07 ^= v08
+ v07 = (v07 << 12) | (v07 >> 20)
+ v02 += v07
+ v13 ^= v02
+ v13 = (v13 << 8) | (v13 >> 24)
+ v08 += v13
+ v07 ^= v08
+ v07 = (v07 << 7) | (v07 >> 25)
+ v03 += v04
+ v14 ^= v03
+ v14 = (v14 << 16) | (v14 >> 16)
+ v09 += v14
+ v04 ^= v09
+ v04 = (v04 << 12) | (v04 >> 20)
+ v03 += v04
+ v14 ^= v03
+ v14 = (v14 << 8) | (v14 >> 24)
+ v09 += v14
+ v04 ^= v09
+ v04 = (v04 << 7) | (v04 >> 25)
+ }
+
+ v00 += s00
+ v01 += s01
+ v02 += s02
+ v03 += s03
+ v04 += s04
+ v05 += s05
+ v06 += s06
+ v07 += s07
+ v08 += s08
+ v09 += s09
+ v10 += s10
+ v11 += s11
+ v12 += s12
+ v13 += s13
+ v14 += s14
+ v15 += s15
+
+ s12++
+ binary.LittleEndian.PutUint32(state[48:], s12)
+ if s12 == 0 { // indicates overflow
+ s13++
+ binary.LittleEndian.PutUint32(state[52:], s13)
+ }
+
+ binary.LittleEndian.PutUint32(dst[0:], v00)
+ binary.LittleEndian.PutUint32(dst[4:], v01)
+ binary.LittleEndian.PutUint32(dst[8:], v02)
+ binary.LittleEndian.PutUint32(dst[12:], v03)
+ binary.LittleEndian.PutUint32(dst[16:], v04)
+ binary.LittleEndian.PutUint32(dst[20:], v05)
+ binary.LittleEndian.PutUint32(dst[24:], v06)
+ binary.LittleEndian.PutUint32(dst[28:], v07)
+ binary.LittleEndian.PutUint32(dst[32:], v08)
+ binary.LittleEndian.PutUint32(dst[36:], v09)
+ binary.LittleEndian.PutUint32(dst[40:], v10)
+ binary.LittleEndian.PutUint32(dst[44:], v11)
+ binary.LittleEndian.PutUint32(dst[48:], v12)
+ binary.LittleEndian.PutUint32(dst[52:], v13)
+ binary.LittleEndian.PutUint32(dst[56:], v14)
+ binary.LittleEndian.PutUint32(dst[60:], v15)
+}
+
+func hChaCha20Generic(out *[32]byte, nonce *[16]byte, key *[32]byte) {
+ v00 := sigma[0]
+ v01 := sigma[1]
+ v02 := sigma[2]
+ v03 := sigma[3]
+ v04 := binary.LittleEndian.Uint32(key[0:])
+ v05 := binary.LittleEndian.Uint32(key[4:])
+ v06 := binary.LittleEndian.Uint32(key[8:])
+ v07 := binary.LittleEndian.Uint32(key[12:])
+ v08 := binary.LittleEndian.Uint32(key[16:])
+ v09 := binary.LittleEndian.Uint32(key[20:])
+ v10 := binary.LittleEndian.Uint32(key[24:])
+ v11 := binary.LittleEndian.Uint32(key[28:])
+ v12 := binary.LittleEndian.Uint32(nonce[0:])
+ v13 := binary.LittleEndian.Uint32(nonce[4:])
+ v14 := binary.LittleEndian.Uint32(nonce[8:])
+ v15 := binary.LittleEndian.Uint32(nonce[12:])
+
+ for i := 0; i < 20; i += 2 {
+ v00 += v04
+ v12 ^= v00
+ v12 = (v12 << 16) | (v12 >> 16)
+ v08 += v12
+ v04 ^= v08
+ v04 = (v04 << 12) | (v04 >> 20)
+ v00 += v04
+ v12 ^= v00
+ v12 = (v12 << 8) | (v12 >> 24)
+ v08 += v12
+ v04 ^= v08
+ v04 = (v04 << 7) | (v04 >> 25)
+ v01 += v05
+ v13 ^= v01
+ v13 = (v13 << 16) | (v13 >> 16)
+ v09 += v13
+ v05 ^= v09
+ v05 = (v05 << 12) | (v05 >> 20)
+ v01 += v05
+ v13 ^= v01
+ v13 = (v13 << 8) | (v13 >> 24)
+ v09 += v13
+ v05 ^= v09
+ v05 = (v05 << 7) | (v05 >> 25)
+ v02 += v06
+ v14 ^= v02
+ v14 = (v14 << 16) | (v14 >> 16)
+ v10 += v14
+ v06 ^= v10
+ v06 = (v06 << 12) | (v06 >> 20)
+ v02 += v06
+ v14 ^= v02
+ v14 = (v14 << 8) | (v14 >> 24)
+ v10 += v14
+ v06 ^= v10
+ v06 = (v06 << 7) | (v06 >> 25)
+ v03 += v07
+ v15 ^= v03
+ v15 = (v15 << 16) | (v15 >> 16)
+ v11 += v15
+ v07 ^= v11
+ v07 = (v07 << 12) | (v07 >> 20)
+ v03 += v07
+ v15 ^= v03
+ v15 = (v15 << 8) | (v15 >> 24)
+ v11 += v15
+ v07 ^= v11
+ v07 = (v07 << 7) | (v07 >> 25)
+ v00 += v05
+ v15 ^= v00
+ v15 = (v15 << 16) | (v15 >> 16)
+ v10 += v15
+ v05 ^= v10
+ v05 = (v05 << 12) | (v05 >> 20)
+ v00 += v05
+ v15 ^= v00
+ v15 = (v15 << 8) | (v15 >> 24)
+ v10 += v15
+ v05 ^= v10
+ v05 = (v05 << 7) | (v05 >> 25)
+ v01 += v06
+ v12 ^= v01
+ v12 = (v12 << 16) | (v12 >> 16)
+ v11 += v12
+ v06 ^= v11
+ v06 = (v06 << 12) | (v06 >> 20)
+ v01 += v06
+ v12 ^= v01
+ v12 = (v12 << 8) | (v12 >> 24)
+ v11 += v12
+ v06 ^= v11
+ v06 = (v06 << 7) | (v06 >> 25)
+ v02 += v07
+ v13 ^= v02
+ v13 = (v13 << 16) | (v13 >> 16)
+ v08 += v13
+ v07 ^= v08
+ v07 = (v07 << 12) | (v07 >> 20)
+ v02 += v07
+ v13 ^= v02
+ v13 = (v13 << 8) | (v13 >> 24)
+ v08 += v13
+ v07 ^= v08
+ v07 = (v07 << 7) | (v07 >> 25)
+ v03 += v04
+ v14 ^= v03
+ v14 = (v14 << 16) | (v14 >> 16)
+ v09 += v14
+ v04 ^= v09
+ v04 = (v04 << 12) | (v04 >> 20)
+ v03 += v04
+ v14 ^= v03
+ v14 = (v14 << 8) | (v14 >> 24)
+ v09 += v14
+ v04 ^= v09
+ v04 = (v04 << 7) | (v04 >> 25)
+ }
+
+ binary.LittleEndian.PutUint32(out[0:], v00)
+ binary.LittleEndian.PutUint32(out[4:], v01)
+ binary.LittleEndian.PutUint32(out[8:], v02)
+ binary.LittleEndian.PutUint32(out[12:], v03)
+ binary.LittleEndian.PutUint32(out[16:], v12)
+ binary.LittleEndian.PutUint32(out[20:], v13)
+ binary.LittleEndian.PutUint32(out[24:], v14)
+ binary.LittleEndian.PutUint32(out[28:], v15)
+}
diff --git a/vendor/github.com/aead/chacha20/chacha/chacha_ref.go b/vendor/github.com/aead/chacha20/chacha/chacha_ref.go
new file mode 100644
index 0000000..526877c
--- /dev/null
+++ b/vendor/github.com/aead/chacha20/chacha/chacha_ref.go
@@ -0,0 +1,33 @@
+// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// +build !amd64,!386 gccgo appengine nacl
+
+package chacha
+
+import "encoding/binary"
+
+func init() {
+ useSSE2 = false
+ useSSSE3 = false
+ useAVX = false
+ useAVX2 = false
+}
+
+func initialize(state *[64]byte, key []byte, nonce *[16]byte) {
+ binary.LittleEndian.PutUint32(state[0:], sigma[0])
+ binary.LittleEndian.PutUint32(state[4:], sigma[1])
+ binary.LittleEndian.PutUint32(state[8:], sigma[2])
+ binary.LittleEndian.PutUint32(state[12:], sigma[3])
+ copy(state[16:], key[:])
+ copy(state[48:], nonce[:])
+}
+
+func xorKeyStream(dst, src []byte, block, state *[64]byte, rounds int) int {
+ return xorKeyStreamGeneric(dst, src, block, state, rounds)
+}
+
+func hChaCha20(out *[32]byte, nonce *[16]byte, key *[32]byte) {
+ hChaCha20Generic(out, nonce, key)
+}
diff --git a/vendor/github.com/aead/chacha20/chacha/const.s b/vendor/github.com/aead/chacha20/chacha/const.s
new file mode 100644
index 0000000..c7a94a4
--- /dev/null
+++ b/vendor/github.com/aead/chacha20/chacha/const.s
@@ -0,0 +1,53 @@
+// Copyright (c) 2018 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// +build 386,!gccgo,!appengine,!nacl amd64,!gccgo,!appengine,!nacl
+
+#include "textflag.h"
+
+DATA ·sigma<>+0x00(SB)/4, $0x61707865
+DATA ·sigma<>+0x04(SB)/4, $0x3320646e
+DATA ·sigma<>+0x08(SB)/4, $0x79622d32
+DATA ·sigma<>+0x0C(SB)/4, $0x6b206574
+GLOBL ·sigma<>(SB), (NOPTR+RODATA), $16 // The 4 ChaCha initialization constants
+
+// SSE2/SSE3/AVX constants
+
+DATA ·one<>+0x00(SB)/8, $1
+DATA ·one<>+0x08(SB)/8, $0
+GLOBL ·one<>(SB), (NOPTR+RODATA), $16 // The constant 1 as 128 bit value
+
+DATA ·rol16<>+0x00(SB)/8, $0x0504070601000302
+DATA ·rol16<>+0x08(SB)/8, $0x0D0C0F0E09080B0A
+GLOBL ·rol16<>(SB), (NOPTR+RODATA), $16 // The PSHUFB 16 bit left rotate constant
+
+DATA ·rol8<>+0x00(SB)/8, $0x0605040702010003
+DATA ·rol8<>+0x08(SB)/8, $0x0E0D0C0F0A09080B
+GLOBL ·rol8<>(SB), (NOPTR+RODATA), $16 // The PSHUFB 8 bit left rotate constant
+
+// AVX2 constants
+
+DATA ·one_AVX2<>+0x00(SB)/8, $0
+DATA ·one_AVX2<>+0x08(SB)/8, $0
+DATA ·one_AVX2<>+0x10(SB)/8, $1
+DATA ·one_AVX2<>+0x18(SB)/8, $0
+GLOBL ·one_AVX2<>(SB), (NOPTR+RODATA), $32 // The constant 1 as 256 bit value
+
+DATA ·two_AVX2<>+0x00(SB)/8, $2
+DATA ·two_AVX2<>+0x08(SB)/8, $0
+DATA ·two_AVX2<>+0x10(SB)/8, $2
+DATA ·two_AVX2<>+0x18(SB)/8, $0
+GLOBL ·two_AVX2<>(SB), (NOPTR+RODATA), $32
+
+DATA ·rol16_AVX2<>+0x00(SB)/8, $0x0504070601000302
+DATA ·rol16_AVX2<>+0x08(SB)/8, $0x0D0C0F0E09080B0A
+DATA ·rol16_AVX2<>+0x10(SB)/8, $0x0504070601000302
+DATA ·rol16_AVX2<>+0x18(SB)/8, $0x0D0C0F0E09080B0A
+GLOBL ·rol16_AVX2<>(SB), (NOPTR+RODATA), $32 // The VPSHUFB 16 bit left rotate constant
+
+DATA ·rol8_AVX2<>+0x00(SB)/8, $0x0605040702010003
+DATA ·rol8_AVX2<>+0x08(SB)/8, $0x0E0D0C0F0A09080B
+DATA ·rol8_AVX2<>+0x10(SB)/8, $0x0605040702010003
+DATA ·rol8_AVX2<>+0x18(SB)/8, $0x0E0D0C0F0A09080B
+GLOBL ·rol8_AVX2<>(SB), (NOPTR+RODATA), $32 // The VPSHUFB 8 bit left rotate constant
diff --git a/vendor/github.com/aead/chacha20/chacha/macro.s b/vendor/github.com/aead/chacha20/chacha/macro.s
new file mode 100644
index 0000000..780108f
--- /dev/null
+++ b/vendor/github.com/aead/chacha20/chacha/macro.s
@@ -0,0 +1,163 @@
+// Copyright (c) 2018 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// +build 386,!gccgo,!appengine,!nacl amd64,!gccgo,!appengine,!nacl
+
+// ROTL_SSE rotates all 4 32 bit values of the XMM register v
+// left by n bits using SSE2 instructions (0 <= n <= 32).
+// The XMM register t is used as a temp. register.
+#define ROTL_SSE(n, t, v) \
+ MOVO v, t; \
+ PSLLL $n, t; \
+ PSRLL $(32-n), v; \
+ PXOR t, v
+
+// ROTL_AVX rotates all 4/8 32 bit values of the AVX/AVX2 register v
+// left by n bits using AVX/AVX2 instructions (0 <= n <= 32).
+// The AVX/AVX2 register t is used as a temp. register.
+#define ROTL_AVX(n, t, v) \
+ VPSLLD $n, v, t; \
+ VPSRLD $(32-n), v, v; \
+ VPXOR v, t, v
+
+// CHACHA_QROUND_SSE2 performs a ChaCha quarter-round using the
+// 4 XMM registers v0, v1, v2 and v3. It uses only ROTL_SSE2 for
+// rotations. The XMM register t is used as a temp. register.
+#define CHACHA_QROUND_SSE2(v0, v1, v2, v3, t) \
+ PADDL v1, v0; \
+ PXOR v0, v3; \
+ ROTL_SSE(16, t, v3); \
+ PADDL v3, v2; \
+ PXOR v2, v1; \
+ ROTL_SSE(12, t, v1); \
+ PADDL v1, v0; \
+ PXOR v0, v3; \
+ ROTL_SSE(8, t, v3); \
+ PADDL v3, v2; \
+ PXOR v2, v1; \
+ ROTL_SSE(7, t, v1)
+
+// CHACHA_QROUND_SSSE3 performs a ChaCha quarter-round using the
+// 4 XMM registers v0, v1, v2 and v3. It uses PSHUFB for 8/16 bit
+// rotations. The XMM register t is used as a temp. register.
+//
+// r16 holds the PSHUFB constant for a 16 bit left rotate.
+// r8 holds the PSHUFB constant for a 8 bit left rotate.
+#define CHACHA_QROUND_SSSE3(v0, v1, v2, v3, t, r16, r8) \
+ PADDL v1, v0; \
+ PXOR v0, v3; \
+ PSHUFB r16, v3; \
+ PADDL v3, v2; \
+ PXOR v2, v1; \
+ ROTL_SSE(12, t, v1); \
+ PADDL v1, v0; \
+ PXOR v0, v3; \
+ PSHUFB r8, v3; \
+ PADDL v3, v2; \
+ PXOR v2, v1; \
+ ROTL_SSE(7, t, v1)
+
+// CHACHA_QROUND_AVX performs a ChaCha quarter-round using the
+// 4 AVX/AVX2 registers v0, v1, v2 and v3. It uses VPSHUFB for 8/16 bit
+// rotations. The AVX/AVX2 register t is used as a temp. register.
+//
+// r16 holds the VPSHUFB constant for a 16 bit left rotate.
+// r8 holds the VPSHUFB constant for a 8 bit left rotate.
+#define CHACHA_QROUND_AVX(v0, v1, v2, v3, t, r16, r8) \
+ VPADDD v0, v1, v0; \
+ VPXOR v3, v0, v3; \
+ VPSHUFB r16, v3, v3; \
+ VPADDD v2, v3, v2; \
+ VPXOR v1, v2, v1; \
+ ROTL_AVX(12, t, v1); \
+ VPADDD v0, v1, v0; \
+ VPXOR v3, v0, v3; \
+ VPSHUFB r8, v3, v3; \
+ VPADDD v2, v3, v2; \
+ VPXOR v1, v2, v1; \
+ ROTL_AVX(7, t, v1)
+
+// CHACHA_SHUFFLE_SSE performs a ChaCha shuffle using the
+// 3 XMM registers v1, v2 and v3. The inverse shuffle is
+// performed by switching v1 and v3: CHACHA_SHUFFLE_SSE(v3, v2, v1).
+#define CHACHA_SHUFFLE_SSE(v1, v2, v3) \
+ PSHUFL $0x39, v1, v1; \
+ PSHUFL $0x4E, v2, v2; \
+ PSHUFL $0x93, v3, v3
+
+// CHACHA_SHUFFLE_AVX performs a ChaCha shuffle using the
+// 3 AVX/AVX2 registers v1, v2 and v3. The inverse shuffle is
+// performed by switching v1 and v3: CHACHA_SHUFFLE_AVX(v3, v2, v1).
+#define CHACHA_SHUFFLE_AVX(v1, v2, v3) \
+ VPSHUFD $0x39, v1, v1; \
+ VPSHUFD $0x4E, v2, v2; \
+ VPSHUFD $0x93, v3, v3
+
+// XOR_SSE extracts 4x16 byte vectors from src at
+// off, xors all vectors with the corresponding XMM
+// register (v0 - v3) and writes the result to dst
+// at off.
+// The XMM register t is used as a temp. register.
+#define XOR_SSE(dst, src, off, v0, v1, v2, v3, t) \
+ MOVOU 0+off(src), t; \
+ PXOR v0, t; \
+ MOVOU t, 0+off(dst); \
+ MOVOU 16+off(src), t; \
+ PXOR v1, t; \
+ MOVOU t, 16+off(dst); \
+ MOVOU 32+off(src), t; \
+ PXOR v2, t; \
+ MOVOU t, 32+off(dst); \
+ MOVOU 48+off(src), t; \
+ PXOR v3, t; \
+ MOVOU t, 48+off(dst)
+
+// XOR_AVX extracts 4x16 byte vectors from src at
+// off, xors all vectors with the corresponding AVX
+// register (v0 - v3) and writes the result to dst
+// at off.
+// The XMM register t is used as a temp. register.
+#define XOR_AVX(dst, src, off, v0, v1, v2, v3, t) \
+ VPXOR 0+off(src), v0, t; \
+ VMOVDQU t, 0+off(dst); \
+ VPXOR 16+off(src), v1, t; \
+ VMOVDQU t, 16+off(dst); \
+ VPXOR 32+off(src), v2, t; \
+ VMOVDQU t, 32+off(dst); \
+ VPXOR 48+off(src), v3, t; \
+ VMOVDQU t, 48+off(dst)
+
+#define XOR_AVX2(dst, src, off, v0, v1, v2, v3, t0, t1) \
+ VMOVDQU (0+off)(src), t0; \
+ VPERM2I128 $32, v1, v0, t1; \
+ VPXOR t0, t1, t0; \
+ VMOVDQU t0, (0+off)(dst); \
+ VMOVDQU (32+off)(src), t0; \
+ VPERM2I128 $32, v3, v2, t1; \
+ VPXOR t0, t1, t0; \
+ VMOVDQU t0, (32+off)(dst); \
+ VMOVDQU (64+off)(src), t0; \
+ VPERM2I128 $49, v1, v0, t1; \
+ VPXOR t0, t1, t0; \
+ VMOVDQU t0, (64+off)(dst); \
+ VMOVDQU (96+off)(src), t0; \
+ VPERM2I128 $49, v3, v2, t1; \
+ VPXOR t0, t1, t0; \
+ VMOVDQU t0, (96+off)(dst)
+
+#define XOR_UPPER_AVX2(dst, src, off, v0, v1, v2, v3, t0, t1) \
+ VMOVDQU (0+off)(src), t0; \
+ VPERM2I128 $32, v1, v0, t1; \
+ VPXOR t0, t1, t0; \
+ VMOVDQU t0, (0+off)(dst); \
+ VMOVDQU (32+off)(src), t0; \
+ VPERM2I128 $32, v3, v2, t1; \
+ VPXOR t0, t1, t0; \
+ VMOVDQU t0, (32+off)(dst); \
+
+#define EXTRACT_LOWER(dst, v0, v1, v2, v3, t0) \
+ VPERM2I128 $49, v1, v0, t0; \
+ VMOVDQU t0, 0(dst); \
+ VPERM2I128 $49, v3, v2, t0; \
+ VMOVDQU t0, 32(dst)
diff --git a/vendor/github.com/aead/chacha20/chacha20.go b/vendor/github.com/aead/chacha20/chacha20.go
new file mode 100644
index 0000000..df6ddd2
--- /dev/null
+++ b/vendor/github.com/aead/chacha20/chacha20.go
@@ -0,0 +1,41 @@
+// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// Package chacha20 implements the ChaCha20 / XChaCha20 stream chipher.
+// Notice that one specific key-nonce combination must be unique for all time.
+//
+// There are three versions of ChaCha20:
+// - ChaCha20 with a 64 bit nonce (en/decrypt up to 2^64 * 64 bytes for one key-nonce combination)
+// - ChaCha20 with a 96 bit nonce (en/decrypt up to 2^32 * 64 bytes (~256 GB) for one key-nonce combination)
+// - XChaCha20 with a 192 bit nonce (en/decrypt up to 2^64 * 64 bytes for one key-nonce combination)
+package chacha20 // import "github.com/aead/chacha20"
+
+import (
+ "crypto/cipher"
+
+ "github.com/aead/chacha20/chacha"
+)
+
+// XORKeyStream crypts bytes from src to dst using the given nonce and key.
+// The length of the nonce determinds the version of ChaCha20:
+// - 8 bytes: ChaCha20 with a 64 bit nonce and a 2^64 * 64 byte period.
+// - 12 bytes: ChaCha20 as defined in RFC 7539 and a 2^32 * 64 byte period.
+// - 24 bytes: XChaCha20 with a 192 bit nonce and a 2^64 * 64 byte period.
+// Src and dst may be the same slice but otherwise should not overlap.
+// If len(dst) < len(src) this function panics.
+// If the nonce is neither 64, 96 nor 192 bits long, this function panics.
+func XORKeyStream(dst, src, nonce, key []byte) {
+ chacha.XORKeyStream(dst, src, nonce, key, 20)
+}
+
+// NewCipher returns a new cipher.Stream implementing a ChaCha20 version.
+// The nonce must be unique for one key for all time.
+// The length of the nonce determinds the version of ChaCha20:
+// - 8 bytes: ChaCha20 with a 64 bit nonce and a 2^64 * 64 byte period.
+// - 12 bytes: ChaCha20 as defined in RFC 7539 and a 2^32 * 64 byte period.
+// - 24 bytes: XChaCha20 with a 192 bit nonce and a 2^64 * 64 byte period.
+// If the nonce is neither 64, 96 nor 192 bits long, a non-nil error is returned.
+func NewCipher(nonce, key []byte) (cipher.Stream, error) {
+ return chacha.NewCipher(nonce, key, 20)
+}
diff --git a/vendor/github.com/dgryski/go-camellia/camellia.go b/vendor/github.com/dgryski/go-camellia/camellia.go
new file mode 100644
index 0000000..048b2e3
--- /dev/null
+++ b/vendor/github.com/dgryski/go-camellia/camellia.go
@@ -0,0 +1,368 @@
+// Copyright (c) 2013 Damian Gryski
+// Licensed under the GPLv3 or, at your option, any later version.
+
+// Package camellia is an implementation of the CAMELLIA encryption algorithm
+/*
+
+ This is an unoptimized version based on the description in RFC 3713.
+
+ References:
+ http://en.wikipedia.org/wiki/Camellia_%28cipher%29
+ https://info.isl.ntt.co.jp/crypt/eng/camellia/
+*/
+package camellia
+
+import (
+ "crypto/cipher"
+ "encoding/binary"
+ "strconv"
+)
+
+const BlockSize = 16
+
+type KeySizeError int
+
+func (k KeySizeError) Error() string {
+ return "camellia: invalid key size " + strconv.Itoa(int(k))
+}
+
+type camelliaCipher struct {
+ kw [5]uint64
+ k [25]uint64
+ ke [7]uint64
+ klen int
+}
+
+const (
+ sigma1 = 0xA09E667F3BCC908B
+ sigma2 = 0xB67AE8584CAA73B2
+ sigma3 = 0xC6EF372FE94F82BE
+ sigma4 = 0x54FF53A5F1D36F1C
+ sigma5 = 0x10E527FADE682D1D
+ sigma6 = 0xB05688C2B3E6C1FD
+)
+
+func init() {
+ // initialize other sboxes
+ for i := range sbox1 {
+ sbox2[i] = rotl8(sbox1[i], 1)
+ sbox3[i] = rotl8(sbox1[i], 7)
+ sbox4[i] = sbox1[rotl8(uint8(i), 1)]
+ }
+}
+
+func rotl128(k [2]uint64, rot uint) (hi, lo uint64) {
+
+ if rot > 64 {
+ rot -= 64
+ k[0], k[1] = k[1], k[0]
+ }
+
+ t := k[0] >> (64 - rot)
+ hi = (k[0] << rot) | (k[1] >> (64 - rot))
+ lo = (k[1] << rot) | t
+ return hi, lo
+}
+
+func rotl32(k uint32, rot uint) uint32 {
+ return (k << rot) | (k >> (32 - rot))
+}
+
+func rotl8(k byte, rot uint) byte {
+ return (k << rot) | (k >> (8 - rot))
+}
+
+// New creates and returns a new cipher.Block.
+// The key argument should be 16, 24, or 32 bytes.
+func New(key []byte) (cipher.Block, error) {
+
+ klen := len(key)
+ switch klen {
+ default:
+ return nil, KeySizeError(klen)
+ case 16, 24, 32:
+ break
+ }
+
+ var d1, d2 uint64
+
+ var kl [2]uint64
+ var kr [2]uint64
+ var ka [2]uint64
+ var kb [2]uint64
+
+ kl[0] = binary.BigEndian.Uint64(key[0:])
+ kl[1] = binary.BigEndian.Uint64(key[8:])
+
+ switch klen {
+ case 24:
+ kr[0] = binary.BigEndian.Uint64(key[16:])
+ kr[1] = ^kr[0]
+ case 32:
+ kr[0] = binary.BigEndian.Uint64(key[16:])
+ kr[1] = binary.BigEndian.Uint64(key[24:])
+
+ }
+
+ d1 = (kl[0] ^ kr[0])
+ d2 = (kl[1] ^ kr[1])
+
+ d2 = d2 ^ f(d1, sigma1)
+ d1 = d1 ^ f(d2, sigma2)
+
+ d1 = d1 ^ (kl[0])
+ d2 = d2 ^ (kl[1])
+ d2 = d2 ^ f(d1, sigma3)
+ d1 = d1 ^ f(d2, sigma4)
+ ka[0] = d1
+ ka[1] = d2
+ d1 = (ka[0] ^ kr[0])
+ d2 = (ka[1] ^ kr[1])
+ d2 = d2 ^ f(d1, sigma5)
+ d1 = d1 ^ f(d2, sigma6)
+ kb[0] = d1
+ kb[1] = d2
+
+ // here we generate our keys
+ c := new(camelliaCipher)
+
+ c.klen = klen
+
+ if klen == 16 {
+
+ c.kw[1], c.kw[2] = rotl128(kl, 0)
+
+ c.k[1], c.k[2] = rotl128(ka, 0)
+ c.k[3], c.k[4] = rotl128(kl, 15)
+ c.k[5], c.k[6] = rotl128(ka, 15)
+
+ c.ke[1], c.ke[2] = rotl128(ka, 30)
+
+ c.k[7], c.k[8] = rotl128(kl, 45)
+ c.k[9], _ = rotl128(ka, 45)
+ _, c.k[10] = rotl128(kl, 60)
+ c.k[11], c.k[12] = rotl128(ka, 60)
+
+ c.ke[3], c.ke[4] = rotl128(kl, 77)
+
+ c.k[13], c.k[14] = rotl128(kl, 94)
+ c.k[15], c.k[16] = rotl128(ka, 94)
+ c.k[17], c.k[18] = rotl128(kl, 111)
+
+ c.kw[3], c.kw[4] = rotl128(ka, 111)
+
+ } else {
+ // 24 or 32
+
+ c.kw[1], c.kw[2] = rotl128(kl, 0)
+
+ c.k[1], c.k[2] = rotl128(kb, 0)
+ c.k[3], c.k[4] = rotl128(kr, 15)
+ c.k[5], c.k[6] = rotl128(ka, 15)
+
+ c.ke[1], c.ke[2] = rotl128(kr, 30)
+
+ c.k[7], c.k[8] = rotl128(kb, 30)
+ c.k[9], c.k[10] = rotl128(kl, 45)
+ c.k[11], c.k[12] = rotl128(ka, 45)
+
+ c.ke[3], c.ke[4] = rotl128(kl, 60)
+
+ c.k[13], c.k[14] = rotl128(kr, 60)
+ c.k[15], c.k[16] = rotl128(kb, 60)
+ c.k[17], c.k[18] = rotl128(kl, 77)
+
+ c.ke[5], c.ke[6] = rotl128(ka, 77)
+
+ c.k[19], c.k[20] = rotl128(kr, 94)
+ c.k[21], c.k[22] = rotl128(ka, 94)
+ c.k[23], c.k[24] = rotl128(kl, 111)
+
+ c.kw[3], c.kw[4] = rotl128(kb, 111)
+ }
+
+ return c, nil
+}
+
+func (c *camelliaCipher) Encrypt(dst, src []byte) {
+
+ d1 := binary.BigEndian.Uint64(src[0:])
+ d2 := binary.BigEndian.Uint64(src[8:])
+
+ d1 ^= c.kw[1]
+ d2 ^= c.kw[2]
+
+ d2 = d2 ^ f(d1, c.k[1])
+ d1 = d1 ^ f(d2, c.k[2])
+ d2 = d2 ^ f(d1, c.k[3])
+ d1 = d1 ^ f(d2, c.k[4])
+ d2 = d2 ^ f(d1, c.k[5])
+ d1 = d1 ^ f(d2, c.k[6])
+
+ d1 = fl(d1, c.ke[1])
+ d2 = flinv(d2, c.ke[2])
+
+ d2 = d2 ^ f(d1, c.k[7])
+ d1 = d1 ^ f(d2, c.k[8])
+ d2 = d2 ^ f(d1, c.k[9])
+ d1 = d1 ^ f(d2, c.k[10])
+ d2 = d2 ^ f(d1, c.k[11])
+ d1 = d1 ^ f(d2, c.k[12])
+
+ d1 = fl(d1, c.ke[3])
+ d2 = flinv(d2, c.ke[4])
+
+ d2 = d2 ^ f(d1, c.k[13])
+ d1 = d1 ^ f(d2, c.k[14])
+ d2 = d2 ^ f(d1, c.k[15])
+ d1 = d1 ^ f(d2, c.k[16])
+ d2 = d2 ^ f(d1, c.k[17])
+ d1 = d1 ^ f(d2, c.k[18])
+
+ if c.klen > 16 {
+ // 24 or 32
+
+ d1 = fl(d1, c.ke[5])
+ d2 = flinv(d2, c.ke[6])
+
+ d2 = d2 ^ f(d1, c.k[19])
+ d1 = d1 ^ f(d2, c.k[20])
+ d2 = d2 ^ f(d1, c.k[21])
+ d1 = d1 ^ f(d2, c.k[22])
+ d2 = d2 ^ f(d1, c.k[23])
+ d1 = d1 ^ f(d2, c.k[24])
+ }
+
+ d2 = d2 ^ c.kw[3]
+ d1 = d1 ^ c.kw[4]
+
+ binary.BigEndian.PutUint64(dst[0:], d2)
+ binary.BigEndian.PutUint64(dst[8:], d1)
+}
+
+func (c *camelliaCipher) Decrypt(dst, src []byte) {
+
+ d2 := binary.BigEndian.Uint64(src[0:])
+ d1 := binary.BigEndian.Uint64(src[8:])
+
+ d1 = d1 ^ c.kw[4]
+ d2 = d2 ^ c.kw[3]
+
+ if c.klen > 16 {
+ // 24 or 32
+
+ d1 = d1 ^ f(d2, c.k[24])
+ d2 = d2 ^ f(d1, c.k[23])
+ d1 = d1 ^ f(d2, c.k[22])
+ d2 = d2 ^ f(d1, c.k[21])
+ d1 = d1 ^ f(d2, c.k[20])
+ d2 = d2 ^ f(d1, c.k[19])
+
+ d2 = fl(d2, c.ke[6])
+ d1 = flinv(d1, c.ke[5])
+ }
+
+ d1 = d1 ^ f(d2, c.k[18])
+ d2 = d2 ^ f(d1, c.k[17])
+ d1 = d1 ^ f(d2, c.k[16])
+ d2 = d2 ^ f(d1, c.k[15])
+ d1 = d1 ^ f(d2, c.k[14])
+ d2 = d2 ^ f(d1, c.k[13])
+
+ d2 = fl(d2, c.ke[4])
+ d1 = flinv(d1, c.ke[3])
+
+ d1 = d1 ^ f(d2, c.k[12])
+ d2 = d2 ^ f(d1, c.k[11])
+ d1 = d1 ^ f(d2, c.k[10])
+ d2 = d2 ^ f(d1, c.k[9])
+ d1 = d1 ^ f(d2, c.k[8])
+ d2 = d2 ^ f(d1, c.k[7])
+
+ d2 = fl(d2, c.ke[2])
+ d1 = flinv(d1, c.ke[1])
+
+ d1 = d1 ^ f(d2, c.k[6])
+ d2 = d2 ^ f(d1, c.k[5])
+ d1 = d1 ^ f(d2, c.k[4])
+ d2 = d2 ^ f(d1, c.k[3])
+ d1 = d1 ^ f(d2, c.k[2])
+ d2 = d2 ^ f(d1, c.k[1])
+
+ d2 ^= c.kw[2]
+ d1 ^= c.kw[1]
+
+ binary.BigEndian.PutUint64(dst[0:], d1)
+ binary.BigEndian.PutUint64(dst[8:], d2)
+}
+
+func (c *camelliaCipher) BlockSize() int {
+ return BlockSize
+}
+
+func f(fin, ke uint64) uint64 {
+ var x uint64
+ x = fin ^ ke
+ t1 := sbox1[uint8(x>>56)]
+ t2 := sbox2[uint8(x>>48)]
+ t3 := sbox3[uint8(x>>40)]
+ t4 := sbox4[uint8(x>>32)]
+ t5 := sbox2[uint8(x>>24)]
+ t6 := sbox3[uint8(x>>16)]
+ t7 := sbox4[uint8(x>>8)]
+ t8 := sbox1[uint8(x)]
+ y1 := t1 ^ t3 ^ t4 ^ t6 ^ t7 ^ t8
+ y2 := t1 ^ t2 ^ t4 ^ t5 ^ t7 ^ t8
+ y3 := t1 ^ t2 ^ t3 ^ t5 ^ t6 ^ t8
+ y4 := t2 ^ t3 ^ t4 ^ t5 ^ t6 ^ t7
+ y5 := t1 ^ t2 ^ t6 ^ t7 ^ t8
+ y6 := t2 ^ t3 ^ t5 ^ t7 ^ t8
+ y7 := t3 ^ t4 ^ t5 ^ t6 ^ t8
+ y8 := t1 ^ t4 ^ t5 ^ t6 ^ t7
+ return uint64(y1)<<56 | uint64(y2)<<48 | uint64(y3)<<40 | uint64(y4)<<32 | uint64(y5)<<24 | uint64(y6)<<16 | uint64(y7)<<8 | uint64(y8)
+}
+
+func fl(flin, ke uint64) uint64 {
+ x1 := uint32(flin >> 32)
+ x2 := uint32(flin & 0xffffffff)
+ k1 := uint32(ke >> 32)
+ k2 := uint32(ke & 0xffffffff)
+ x2 = x2 ^ rotl32(x1&k1, 1)
+ x1 = x1 ^ (x2 | k2)
+ return uint64(x1)<<32 | uint64(x2)
+}
+
+func flinv(flin, ke uint64) uint64 {
+ y1 := uint32(flin >> 32)
+ y2 := uint32(flin & 0xffffffff)
+ k1 := uint32(ke >> 32)
+ k2 := uint32(ke & 0xffffffff)
+ y1 = y1 ^ (y2 | k2)
+ y2 = y2 ^ rotl32(y1&k1, 1)
+ return uint64(y1)<<32 | uint64(y2)
+}
+
+var sbox1 = [...]byte{
+ 0x70, 0x82, 0x2c, 0xec, 0xb3, 0x27, 0xc0, 0xe5, 0xe4, 0x85, 0x57, 0x35, 0xea, 0x0c, 0xae, 0x41,
+ 0x23, 0xef, 0x6b, 0x93, 0x45, 0x19, 0xa5, 0x21, 0xed, 0x0e, 0x4f, 0x4e, 0x1d, 0x65, 0x92, 0xbd,
+ 0x86, 0xb8, 0xaf, 0x8f, 0x7c, 0xeb, 0x1f, 0xce, 0x3e, 0x30, 0xdc, 0x5f, 0x5e, 0xc5, 0x0b, 0x1a,
+ 0xa6, 0xe1, 0x39, 0xca, 0xd5, 0x47, 0x5d, 0x3d, 0xd9, 0x01, 0x5a, 0xd6, 0x51, 0x56, 0x6c, 0x4d,
+ 0x8b, 0x0d, 0x9a, 0x66, 0xfb, 0xcc, 0xb0, 0x2d, 0x74, 0x12, 0x2b, 0x20, 0xf0, 0xb1, 0x84, 0x99,
+ 0xdf, 0x4c, 0xcb, 0xc2, 0x34, 0x7e, 0x76, 0x05, 0x6d, 0xb7, 0xa9, 0x31, 0xd1, 0x17, 0x04, 0xd7,
+ 0x14, 0x58, 0x3a, 0x61, 0xde, 0x1b, 0x11, 0x1c, 0x32, 0x0f, 0x9c, 0x16, 0x53, 0x18, 0xf2, 0x22,
+ 0xfe, 0x44, 0xcf, 0xb2, 0xc3, 0xb5, 0x7a, 0x91, 0x24, 0x08, 0xe8, 0xa8, 0x60, 0xfc, 0x69, 0x50,
+ 0xaa, 0xd0, 0xa0, 0x7d, 0xa1, 0x89, 0x62, 0x97, 0x54, 0x5b, 0x1e, 0x95, 0xe0, 0xff, 0x64, 0xd2,
+ 0x10, 0xc4, 0x00, 0x48, 0xa3, 0xf7, 0x75, 0xdb, 0x8a, 0x03, 0xe6, 0xda, 0x09, 0x3f, 0xdd, 0x94,
+ 0x87, 0x5c, 0x83, 0x02, 0xcd, 0x4a, 0x90, 0x33, 0x73, 0x67, 0xf6, 0xf3, 0x9d, 0x7f, 0xbf, 0xe2,
+ 0x52, 0x9b, 0xd8, 0x26, 0xc8, 0x37, 0xc6, 0x3b, 0x81, 0x96, 0x6f, 0x4b, 0x13, 0xbe, 0x63, 0x2e,
+ 0xe9, 0x79, 0xa7, 0x8c, 0x9f, 0x6e, 0xbc, 0x8e, 0x29, 0xf5, 0xf9, 0xb6, 0x2f, 0xfd, 0xb4, 0x59,
+ 0x78, 0x98, 0x06, 0x6a, 0xe7, 0x46, 0x71, 0xba, 0xd4, 0x25, 0xab, 0x42, 0x88, 0xa2, 0x8d, 0xfa,
+ 0x72, 0x07, 0xb9, 0x55, 0xf8, 0xee, 0xac, 0x0a, 0x36, 0x49, 0x2a, 0x68, 0x3c, 0x38, 0xf1, 0xa4,
+ 0x40, 0x28, 0xd3, 0x7b, 0xbb, 0xc9, 0x43, 0xc1, 0x15, 0xe3, 0xad, 0xf4, 0x77, 0xc7, 0x80, 0x9e,
+}
+
+var sbox2 [256]byte
+var sbox3 [256]byte
+var sbox4 [256]byte
+
+var _ cipher.Block = &camelliaCipher{}
diff --git a/vendor/github.com/dgryski/go-camellia/t_camellia.pl b/vendor/github.com/dgryski/go-camellia/t_camellia.pl
new file mode 100644
index 0000000..f95ba48
--- /dev/null
+++ b/vendor/github.com/dgryski/go-camellia/t_camellia.pl
@@ -0,0 +1,58 @@
+#!/usr/bin/perl
+
+# to run the full verification suite:
+# curl http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt |perl ./t_camellia.pl >cfull_test.go
+# perl -pi -e 's/range camelliaTests/$&Full/' camellia_test.go
+# go test
+
+print <) {
+ next if /^\s*$/ or /^Camellia/;
+ if (/^K/) {
+ $k = linetostr($_);
+ }
+
+ if (/^P/) {
+ $p = linetostr($_);
+ }
+
+ if (/^C/) {
+ $c = linetostr($_);
+ print <<"GOCODE";
+ {
+ []byte{$k},
+ []byte{$p},
+ []byte{$c},
+ },
+GOCODE
+ }
+}
+
+print <= 2, this fits into 16 bits
+ y := uint16(0x10001 % uint32(x))
+
+ if y == 1 {
+ return 1 - t1
+ }
+
+ var t0 uint16 = 1
+ var q uint16
+
+ for y != 1 {
+ q = x / y
+ x = x % y
+ t0 += q * t1
+ if x == 1 {
+ return t0
+ }
+ q = y / x
+ y = y % x
+ t1 += q * t0
+ }
+ return 1 - t1
+}
+
+// mul computes x*y mod 2^16+1
+func mul(x, y uint16) uint16 {
+
+ if y == 0 {
+ return 1 - x
+ }
+
+ if x == 0 {
+ return 1 - y
+ }
+
+ t32 := uint32(x) * uint32(y)
+ x = uint16(t32)
+ y = uint16(t32 >> 16)
+
+ if x < y {
+ return x - y + 1
+ }
+
+ return x - y
+}
+
+// expandKey computes encryption round-keys from a user-supplied key
+func expandKey(key []byte, EK []uint16) {
+ var i, j int
+
+ for j = 0; j < 8; j++ {
+ EK[j] = (uint16(key[0]) << 8) + uint16(key[1])
+ key = key[2:]
+ }
+ for i = 0; j < keyLen; j++ {
+ i++
+ EK[i+7] = EK[i&7]<<9 | EK[(i+1)&7]>>7
+ EK = EK[i&8:]
+ i &= 7
+ }
+}
+
+// invertKey computes the decryption round-keys from a set of encryption round-keys
+func invertKey(EK []uint16, DK []uint16) {
+
+ var t1, t2, t3 uint16
+ var p [keyLen]uint16
+ pidx := keyLen
+ ekidx := 0
+
+ t1 = mulInv(EK[ekidx])
+ ekidx++
+ t2 = -EK[ekidx]
+ ekidx++
+ t3 = -EK[ekidx]
+ ekidx++
+ pidx--
+ p[pidx] = mulInv(EK[ekidx])
+ ekidx++
+ pidx--
+ p[pidx] = t3
+ pidx--
+ p[pidx] = t2
+ pidx--
+ p[pidx] = t1
+
+ for i := 0; i < rounds-1; i++ {
+ t1 = EK[ekidx]
+ ekidx++
+ pidx--
+ p[pidx] = EK[ekidx]
+ ekidx++
+ pidx--
+ p[pidx] = t1
+
+ t1 = mulInv(EK[ekidx])
+ ekidx++
+ t2 = -EK[ekidx]
+ ekidx++
+ t3 = -EK[ekidx]
+ ekidx++
+ pidx--
+ p[pidx] = mulInv(EK[ekidx])
+ ekidx++
+ pidx--
+ p[pidx] = t2
+ pidx--
+ p[pidx] = t3
+ pidx--
+ p[pidx] = t1
+ }
+
+ t1 = EK[ekidx]
+ ekidx++
+ pidx--
+ p[pidx] = EK[ekidx]
+ ekidx++
+ pidx--
+ p[pidx] = t1
+
+ t1 = mulInv(EK[ekidx])
+ ekidx++
+ t2 = -EK[ekidx]
+ ekidx++
+ t3 = -EK[ekidx]
+ ekidx++
+ pidx--
+ p[pidx] = mulInv(EK[ekidx])
+ pidx--
+ p[pidx] = t3
+ pidx--
+ p[pidx] = t2
+ pidx--
+ p[pidx] = t1
+
+ copy(DK, p[:])
+}
+
+// crypt performs IDEA encryption given input/output buffers and a set of round-keys
+func crypt(inbuf, outbuf []byte, key []uint16) {
+
+ var x1, x2, x3, x4, s2, s3 uint16
+
+ x1 = binary.BigEndian.Uint16(inbuf[0:])
+ x2 = binary.BigEndian.Uint16(inbuf[2:])
+ x3 = binary.BigEndian.Uint16(inbuf[4:])
+ x4 = binary.BigEndian.Uint16(inbuf[6:])
+
+ for r := rounds; r > 0; r-- {
+
+ x1 = mul(x1, key[0])
+ key = key[1:]
+ x2 += key[0]
+ key = key[1:]
+ x3 += key[0]
+ key = key[1:]
+
+ x4 = mul(x4, key[0])
+ key = key[1:]
+
+ s3 = x3
+ x3 ^= x1
+ x3 = mul(x3, key[0])
+ key = key[1:]
+ s2 = x2
+
+ x2 ^= x4
+ x2 += x3
+ x2 = mul(x2, key[0])
+ key = key[1:]
+ x3 += x2
+
+ x1 ^= x2
+ x4 ^= x3
+
+ x2 ^= s3
+ x3 ^= s2
+
+ }
+ x1 = mul(x1, key[0])
+ key = key[1:]
+
+ x3 += key[0]
+ key = key[1:]
+ x2 += key[0]
+ key = key[1:]
+ x4 = mul(x4, key[0])
+
+ binary.BigEndian.PutUint16(outbuf[0:], x1)
+ binary.BigEndian.PutUint16(outbuf[2:], x3)
+ binary.BigEndian.PutUint16(outbuf[4:], x2)
+ binary.BigEndian.PutUint16(outbuf[6:], x4)
+}
diff --git a/vendor/github.com/dgryski/go-rc2/LICENSE b/vendor/github.com/dgryski/go-rc2/LICENSE
new file mode 100644
index 0000000..039a2e4
--- /dev/null
+++ b/vendor/github.com/dgryski/go-rc2/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Damian Gryski
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/dgryski/go-rc2/rc2.go b/vendor/github.com/dgryski/go-rc2/rc2.go
new file mode 100644
index 0000000..aa194e5
--- /dev/null
+++ b/vendor/github.com/dgryski/go-rc2/rc2.go
@@ -0,0 +1,284 @@
+// Package rc2 implements the RC2 cipher
+/*
+https://www.ietf.org/rfc/rfc2268.txt
+http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf
+
+This code is licensed under the MIT license.
+*/
+package rc2
+
+import (
+ "crypto/cipher"
+ "encoding/binary"
+ "strconv"
+)
+
+// The rc2 block size in bytes
+const BlockSize = 8
+
+type rc2Cipher struct {
+ k [64]uint16
+}
+
+// KeySizeError indicates the supplied key was invalid
+type KeySizeError int
+
+func (k KeySizeError) Error() string { return "rc2: invalid key size " + strconv.Itoa(int(k)) }
+
+// EffectiveKeySizeError indicates the supplied effective key length was invalid
+type EffectiveKeySizeError int
+
+func (k EffectiveKeySizeError) Error() string {
+ return "rc2: invalid effective key size " + strconv.Itoa(int(k))
+}
+
+// New returns a new rc2 cipher with the given key and effective key length t1
+func New(key []byte, t1 int) (cipher.Block, error) {
+ if l := len(key); l == 0 || l > 128 {
+ return nil, KeySizeError(l)
+ }
+
+ if t1 < 8 || t1 > 1024 {
+ return nil, EffectiveKeySizeError(t1)
+ }
+
+ return &rc2Cipher{
+ k: expandKey(key, t1),
+ }, nil
+}
+
+func (c *rc2Cipher) BlockSize() int { return BlockSize }
+
+var piTable = [256]byte{
+ 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, 0x4a, 0xa0, 0xd8, 0x9d,
+ 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2,
+ 0x17, 0x9a, 0x59, 0xf5, 0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32,
+ 0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22, 0x5c, 0x6b, 0x4e, 0x82,
+ 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc,
+ 0x12, 0x75, 0xca, 0x1f, 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26,
+ 0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b, 0xbc, 0x94, 0x43, 0x03,
+ 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7,
+ 0x08, 0xe8, 0xea, 0xde, 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a,
+ 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e, 0x04, 0x18, 0xa4, 0xec,
+ 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39,
+ 0x99, 0x7c, 0x3a, 0x85, 0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31,
+ 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10, 0x67, 0x6c, 0xba, 0xc9,
+ 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9,
+ 0x0d, 0x38, 0x34, 0x1b, 0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e,
+ 0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68, 0xfe, 0x7f, 0xc1, 0xad,
+}
+
+func expandKey(key []byte, t1 int) [64]uint16 {
+
+ l := make([]byte, 128)
+ copy(l, key)
+
+ var t = len(key)
+ var t8 = (t1 + 7) / 8
+ var tm = byte(255 % uint(1<<(8+uint(t1)-8*uint(t8))))
+
+ for i := len(key); i < 128; i++ {
+ l[i] = piTable[l[i-1]+l[uint8(i-t)]]
+ }
+
+ l[128-t8] = piTable[l[128-t8]&tm]
+
+ for i := 127 - t8; i >= 0; i-- {
+ l[i] = piTable[l[i+1]^l[i+t8]]
+ }
+
+ var k [64]uint16
+
+ for i := range k {
+ k[i] = uint16(l[2*i]) + uint16(l[2*i+1])*256
+ }
+
+ return k
+}
+
+func rotl16(x uint16, b uint) uint16 {
+ return (x >> (16 - b)) | (x << b)
+}
+
+func (c *rc2Cipher) Encrypt(dst, src []byte) {
+
+ r0 := binary.LittleEndian.Uint16(src[0:])
+ r1 := binary.LittleEndian.Uint16(src[2:])
+ r2 := binary.LittleEndian.Uint16(src[4:])
+ r3 := binary.LittleEndian.Uint16(src[6:])
+
+ var j int
+
+ // These three mix blocks have not been extracted to a common function for to performance reasons.
+ for j <= 16 {
+ // mix r0
+ r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
+ r0 = rotl16(r0, 1)
+ j++
+
+ // mix r1
+ r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2)
+ r1 = rotl16(r1, 2)
+ j++
+
+ // mix r2
+ r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3)
+ r2 = rotl16(r2, 3)
+ j++
+
+ // mix r3
+ r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0)
+ r3 = rotl16(r3, 5)
+ j++
+ }
+
+ r0 = r0 + c.k[r3&63]
+ r1 = r1 + c.k[r0&63]
+ r2 = r2 + c.k[r1&63]
+ r3 = r3 + c.k[r2&63]
+
+ for j <= 40 {
+ // mix r0
+ r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
+ r0 = rotl16(r0, 1)
+ j++
+
+ // mix r1
+ r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2)
+ r1 = rotl16(r1, 2)
+ j++
+
+ // mix r2
+ r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3)
+ r2 = rotl16(r2, 3)
+ j++
+
+ // mix r3
+ r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0)
+ r3 = rotl16(r3, 5)
+ j++
+ }
+
+ r0 = r0 + c.k[r3&63]
+ r1 = r1 + c.k[r0&63]
+ r2 = r2 + c.k[r1&63]
+ r3 = r3 + c.k[r2&63]
+
+ for j <= 60 {
+ // mix r0
+ r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
+ r0 = rotl16(r0, 1)
+ j++
+
+ // mix r1
+ r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2)
+ r1 = rotl16(r1, 2)
+ j++
+
+ // mix r2
+ r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3)
+ r2 = rotl16(r2, 3)
+ j++
+
+ // mix r3
+ r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0)
+ r3 = rotl16(r3, 5)
+ j++
+ }
+
+ binary.LittleEndian.PutUint16(dst[0:], r0)
+ binary.LittleEndian.PutUint16(dst[2:], r1)
+ binary.LittleEndian.PutUint16(dst[4:], r2)
+ binary.LittleEndian.PutUint16(dst[6:], r3)
+}
+
+func (c *rc2Cipher) Decrypt(dst, src []byte) {
+
+ r0 := binary.LittleEndian.Uint16(src[0:])
+ r1 := binary.LittleEndian.Uint16(src[2:])
+ r2 := binary.LittleEndian.Uint16(src[4:])
+ r3 := binary.LittleEndian.Uint16(src[6:])
+
+ j := 63
+
+ for j >= 44 {
+ // unmix r3
+ r3 = rotl16(r3, 16-5)
+ r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
+ j--
+
+ // unmix r2
+ r2 = rotl16(r2, 16-3)
+ r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3)
+ j--
+
+ // unmix r1
+ r1 = rotl16(r1, 16-2)
+ r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2)
+ j--
+
+ // unmix r0
+ r0 = rotl16(r0, 16-1)
+ r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1)
+ j--
+ }
+
+ r3 = r3 - c.k[r2&63]
+ r2 = r2 - c.k[r1&63]
+ r1 = r1 - c.k[r0&63]
+ r0 = r0 - c.k[r3&63]
+
+ for j >= 20 {
+ // unmix r3
+ r3 = rotl16(r3, 16-5)
+ r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
+ j--
+
+ // unmix r2
+ r2 = rotl16(r2, 16-3)
+ r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3)
+ j--
+
+ // unmix r1
+ r1 = rotl16(r1, 16-2)
+ r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2)
+ j--
+
+ // unmix r0
+ r0 = rotl16(r0, 16-1)
+ r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1)
+ j--
+ }
+
+ r3 = r3 - c.k[r2&63]
+ r2 = r2 - c.k[r1&63]
+ r1 = r1 - c.k[r0&63]
+ r0 = r0 - c.k[r3&63]
+
+ for j >= 0 {
+ // unmix r3
+ r3 = rotl16(r3, 16-5)
+ r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
+ j--
+
+ // unmix r2
+ r2 = rotl16(r2, 16-3)
+ r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3)
+ j--
+
+ // unmix r1
+ r1 = rotl16(r1, 16-2)
+ r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2)
+ j--
+
+ // unmix r0
+ r0 = rotl16(r0, 16-1)
+ r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1)
+ j--
+ }
+
+ binary.LittleEndian.PutUint16(dst[0:], r0)
+ binary.LittleEndian.PutUint16(dst[2:], r1)
+ binary.LittleEndian.PutUint16(dst[4:], r2)
+ binary.LittleEndian.PutUint16(dst[6:], r3)
+}
diff --git a/vendor/github.com/nadoo/conflag/LICENSE b/vendor/github.com/nadoo/conflag/LICENSE
new file mode 100644
index 0000000..9cecc1d
--- /dev/null
+++ b/vendor/github.com/nadoo/conflag/LICENSE
@@ -0,0 +1,674 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so. This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software. The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable. Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products. If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ {one line to give the program's name and a brief idea of what it does.}
+ Copyright (C) {year} {name of author}
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ {project} Copyright (C) {year} {fullname}
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+.
+
+ The GNU General Public License does not permit incorporating your program
+into proprietary programs. If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License. But first, please read
+.
diff --git a/vendor/github.com/nadoo/conflag/README.md b/vendor/github.com/nadoo/conflag/README.md
new file mode 100644
index 0000000..6a1b368
--- /dev/null
+++ b/vendor/github.com/nadoo/conflag/README.md
@@ -0,0 +1,111 @@
+# conflag
+conflag is a config file and command line parser based on Go's standard flag package.
+
+## Usage
+
+### Your code:
+```Go
+package main
+
+import (
+ "fmt"
+
+ "github.com/nadoo/conflag"
+)
+
+var conf struct {
+ Name string
+ Age int
+ Male bool
+}
+
+func main() {
+ // get a new conflag instance
+ flag := conflag.New()
+
+ // setup flags as the standard flag package
+ flag.StringVar(&conf.Name, "name", "", "your name")
+ flag.IntVar(&conf.Age, "age", 0, "your age")
+ flag.BoolVar(&conf.Male, "male", false, "your sex")
+
+ // parse before access flags
+ flag.Parse()
+
+ // now you're able to get the parsed flag values
+ fmt.Printf(" Name: %s\n", conf.Name)
+ fmt.Printf(" Age: %d\n", conf.Age)
+ fmt.Printf(" Male: %v\n", conf.Male)
+}
+```
+
+### Run without config file:
+command:
+```bash
+sample -name Jay -age 30
+```
+output:
+```bash
+ Name: Jay
+ Age: 30
+ Male: false
+```
+
+### Run with config file(-config):
+sample.conf:
+```bash
+name=Jason
+age=20
+male
+```
+command: **use "-config" flag to specify the config file path.**
+```bash
+sample -config sample.conf
+```
+output:
+```bash
+ Name: Jason
+ Age: 20
+ Male: true
+```
+
+### Run with config file and OVERRIDE a flag value using commandline:
+sample.conf:
+```bash
+name=Jason
+age=20
+male
+```
+command:
+```bash
+sample -config sample.conf -name Michael
+```
+output:
+```bash
+ Name: Michael
+ Age: 20
+ Male: true
+```
+
+## Config File
+- format: KEY=VALUE
+
+**just use the command line flag name as the key name**:
+
+```bash
+## config file
+# comment line starts with "#"
+
+# format:
+#KEY=VALUE,
+# just use the command line flag name as the key name
+
+# your name
+name=Jason
+
+# your age
+age=20
+
+# are you male?
+male
+```
+See [simple.conf](examples/simple/simple.conf)
\ No newline at end of file
diff --git a/vendor/github.com/nadoo/conflag/conflag.go b/vendor/github.com/nadoo/conflag/conflag.go
new file mode 100644
index 0000000..c011540
--- /dev/null
+++ b/vendor/github.com/nadoo/conflag/conflag.go
@@ -0,0 +1,151 @@
+package conflag
+
+import (
+ "bufio"
+ "flag"
+ "os"
+ "path/filepath"
+ "strings"
+)
+
+// Conflag .
+type Conflag struct {
+ *flag.FlagSet
+
+ app string
+ osArgs []string
+ cfgFile string
+ args []string
+
+ includes []string
+
+ // TODO: add shorthand? or just use pflag?
+ // shorthand map[byte]string
+}
+
+// New ...
+func New(args ...string) *Conflag {
+ if args == nil {
+ args = os.Args
+ }
+
+ c := &Conflag{}
+ c.app = args[0]
+ c.osArgs = args[1:]
+ c.FlagSet = flag.NewFlagSet(c.app, flag.ExitOnError)
+ c.FlagSet.StringVar(&c.cfgFile, "config", "", "config file path")
+
+ return c
+}
+
+// NewFromFile ...
+func NewFromFile(app, cfgFile string) *Conflag {
+ c := &Conflag{}
+
+ if app != "" {
+ c.app = app
+ } else {
+ c.app = os.Args[0]
+ }
+
+ c.cfgFile = cfgFile
+ c.FlagSet = flag.NewFlagSet(c.app, flag.ExitOnError)
+
+ c.StringSliceUniqVar(&c.includes, "include", nil, "include file")
+
+ return c
+}
+
+// Parse ...
+func (c *Conflag) Parse() (err error) {
+ // parse 1st time and see whether there is a conf file.
+ err = c.FlagSet.Parse(c.osArgs)
+ if err != nil {
+ return err
+ }
+
+ // if there is no args, just try to load the app.conf file.
+ if c.cfgFile == "" && len(c.osArgs) == 0 {
+ // trim app exetension
+ for i := len(c.app) - 1; i >= 0 && c.app[i] != '/' && c.app[i] != '\\'; i-- {
+ if c.app[i] == '.' {
+ c.cfgFile = c.app[:i]
+ break
+ }
+ }
+
+ if c.cfgFile == "" {
+ c.cfgFile = c.app
+ }
+
+ c.cfgFile += ".conf"
+ }
+
+ if c.cfgFile == "" {
+ return nil
+ }
+
+ fargs, err := parseFile(c.cfgFile)
+ if err != nil {
+ return err
+ }
+
+ c.args = fargs
+ c.args = append(c.args, c.osArgs...)
+
+ // parse 2nd time to get the include file values
+ err = c.FlagSet.Parse(c.args)
+ if err != nil {
+ return err
+ }
+
+ dir := filepath.Dir(c.cfgFile)
+
+ // parse 3rd time to parse flags in include file
+ for _, include := range c.includes {
+ include = filepath.Join(dir, include)
+ fargs, err := parseFile(include)
+ if err != nil {
+ return err
+ }
+
+ c.args = fargs
+ c.args = append(c.args, c.osArgs...)
+
+ err = c.FlagSet.Parse(c.args)
+ }
+
+ return err
+}
+
+func parseFile(cfgFile string) ([]string, error) {
+ var s []string
+
+ fp, err := os.Open(cfgFile)
+ if err != nil {
+ return nil, err
+ }
+ defer fp.Close()
+
+ scanner := bufio.NewScanner(fp)
+ for scanner.Scan() {
+ line := scanner.Text()
+ line = strings.TrimSpace(line)
+ if len(line) == 0 || line[:1] == "#" {
+ continue
+ }
+ s = append(s, "-"+line)
+ }
+
+ return s, nil
+}
+
+// AppDir returns the app dir
+func (c *Conflag) AppDir() string {
+ return filepath.Dir(os.Args[0])
+}
+
+// ConfDir returns the config file dir
+func (c *Conflag) ConfDir() string {
+ return filepath.Dir(c.cfgFile)
+}
diff --git a/vendor/github.com/nadoo/conflag/string_slice.go b/vendor/github.com/nadoo/conflag/string_slice.go
new file mode 100644
index 0000000..e7a02f1
--- /dev/null
+++ b/vendor/github.com/nadoo/conflag/string_slice.go
@@ -0,0 +1,47 @@
+// source: https://github.com/spf13/pflag/blob/master/string_slice.go
+
+package conflag
+
+type stringSliceValue struct {
+ value *[]string
+ changed bool
+}
+
+func newStringSliceValue(val []string, p *[]string) *stringSliceValue {
+ ssv := new(stringSliceValue)
+ ssv.value = p
+ *ssv.value = val
+ return ssv
+}
+
+func (s *stringSliceValue) Set(val string) error {
+ if !s.changed {
+ *s.value = []string{val}
+ s.changed = true
+ } else {
+ *s.value = append(*s.value, val)
+ }
+ return nil
+}
+
+func (s *stringSliceValue) Type() string {
+ return "stringSlice"
+}
+
+func (s *stringSliceValue) String() string {
+ return ""
+}
+
+// StringSliceVar defines a string flag with specified name, default value, and usage string.
+// The argument p points to a []string variable in which to store the value of the flag.
+func (c *Conflag) StringSliceVar(p *[]string, name string, value []string, usage string) {
+ c.Var(newStringSliceValue(value, p), name, usage)
+}
+
+// StringSlice defines a string flag with specified name, default value, and usage string.
+// The return value is the address of a []string variable that stores the value of the flag.
+func (c *Conflag) StringSlice(name string, value []string, usage string) *[]string {
+ p := []string{}
+ c.StringSliceVar(&p, name, value, usage)
+ return &p
+}
diff --git a/vendor/github.com/nadoo/conflag/string_slice_uniq.go b/vendor/github.com/nadoo/conflag/string_slice_uniq.go
new file mode 100644
index 0000000..70d7389
--- /dev/null
+++ b/vendor/github.com/nadoo/conflag/string_slice_uniq.go
@@ -0,0 +1,51 @@
+package conflag
+
+type stringSliceUniqValue struct {
+ *stringSliceValue
+}
+
+func newStringSliceUniqValue(val []string, p *[]string) *stringSliceUniqValue {
+ return &stringSliceUniqValue{stringSliceValue: newStringSliceValue(val, p)}
+}
+
+func (s *stringSliceUniqValue) Set(val string) error {
+ if !s.changed {
+ *s.value = []string{val}
+ s.changed = true
+ }
+
+ dup := false
+ for _, v := range *s.value {
+ if v == val {
+ dup = true
+ }
+ }
+
+ if !dup {
+ *s.value = append(*s.value, val)
+ }
+
+ return nil
+}
+
+func (s *stringSliceUniqValue) Type() string {
+ return "stringSliceUniq"
+}
+
+func (s *stringSliceUniqValue) String() string {
+ return ""
+}
+
+// StringSliceUniqVar defines a string flag with specified name, default value, and usage string.
+// The argument p points to a []string variable in which to store the value of the flag.
+func (c *Conflag) StringSliceUniqVar(p *[]string, name string, value []string, usage string) {
+ c.Var(newStringSliceUniqValue(value, p), name, usage)
+}
+
+// StringUniqSlice defines a string flag with specified name, default value, and usage string.
+// The return value is the address of a []string variable that stores the value of the flag.
+func (c *Conflag) StringUniqSlice(name string, value []string, usage string) *[]string {
+ p := []string{}
+ c.StringSliceUniqVar(&p, name, value, usage)
+ return &p
+}
diff --git a/vendor/github.com/nadoo/go-shadowsocks2/LICENSE b/vendor/github.com/nadoo/go-shadowsocks2/LICENSE
new file mode 100644
index 0000000..d645695
--- /dev/null
+++ b/vendor/github.com/nadoo/go-shadowsocks2/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/nadoo/go-shadowsocks2/core/cipher.go b/vendor/github.com/nadoo/go-shadowsocks2/core/cipher.go
new file mode 100644
index 0000000..960c1e5
--- /dev/null
+++ b/vendor/github.com/nadoo/go-shadowsocks2/core/cipher.go
@@ -0,0 +1,155 @@
+package core
+
+import (
+ "crypto/md5"
+ "errors"
+ "net"
+ "sort"
+ "strings"
+
+ "github.com/nadoo/go-shadowsocks2/shadowaead"
+ "github.com/nadoo/go-shadowsocks2/shadowstream"
+)
+
+type Cipher interface {
+ StreamConnCipher
+ PacketConnCipher
+}
+
+type StreamConnCipher interface {
+ StreamConn(net.Conn) net.Conn
+}
+
+type PacketConnCipher interface {
+ PacketConn(net.PacketConn) net.PacketConn
+}
+
+// ErrCipherNotSupported occurs when a cipher is not supported (likely because of security concerns).
+var ErrCipherNotSupported = errors.New("cipher not supported")
+
+// List of AEAD ciphers: key size in bytes and constructor
+var aeadList = map[string]struct {
+ KeySize int
+ New func([]byte) (shadowaead.Cipher, error)
+}{
+ "AEAD_AES_128_GCM": {16, shadowaead.AESGCM},
+ "AEAD_AES_192_GCM": {24, shadowaead.AESGCM},
+ "AEAD_AES_256_GCM": {32, shadowaead.AESGCM},
+ "AEAD_CHACHA20_POLY1305": {32, shadowaead.Chacha20Poly1305},
+
+ // http://shadowsocks.org/en/spec/AEAD-Ciphers.html
+ // not listed in spec
+ "AEAD_XCHACHA20_POLY1305": {32, shadowaead.XChacha20Poly1305},
+}
+
+// List of stream ciphers: key size in bytes and constructor
+var streamList = map[string]struct {
+ KeySize int
+ New func(key []byte) (shadowstream.Cipher, error)
+}{
+ "AES-128-CTR": {16, shadowstream.AESCTR},
+ "AES-192-CTR": {24, shadowstream.AESCTR},
+ "AES-256-CTR": {32, shadowstream.AESCTR},
+ "AES-128-CFB": {16, shadowstream.AESCFB},
+ "AES-192-CFB": {24, shadowstream.AESCFB},
+ "AES-256-CFB": {32, shadowstream.AESCFB},
+ "CHACHA20-IETF": {32, shadowstream.Chacha20IETF},
+ "XCHACHA20": {32, shadowstream.Xchacha20},
+
+ // http://shadowsocks.org/en/spec/Stream-Ciphers.html
+ // marked as "DO NOT USE"
+ "CHACHA20": {32, shadowstream.ChaCha20},
+ "RC4-MD5": {16, shadowstream.RC4MD5},
+}
+
+// ListCipher returns a list of available cipher names sorted alphabetically.
+func ListCipher() []string {
+ var l []string
+ for k := range aeadList {
+ l = append(l, k)
+ }
+ for k := range streamList {
+ l = append(l, k)
+ }
+ sort.Strings(l)
+ return l
+}
+
+// PickCipher returns a Cipher of the given name. Derive key from password if given key is empty.
+func PickCipher(name string, key []byte, password string) (Cipher, error) {
+ name = strings.ToUpper(name)
+
+ switch name {
+ case "DUMMY":
+ return &dummy{}, nil
+ case "CHACHA20-IETF-POLY1305":
+ name = "AEAD_CHACHA20_POLY1305"
+ case "XCHACHA20-IETF-POLY1305":
+ name = "AEAD_XCHACHA20_POLY1305"
+ case "AES-128-GCM":
+ name = "AEAD_AES_128_GCM"
+ case "AES-196-GCM":
+ name = "AEAD_AES_196_GCM"
+ case "AES-256-GCM":
+ name = "AEAD_AES_256_GCM"
+ }
+
+ if choice, ok := aeadList[name]; ok {
+ if len(key) == 0 {
+ key = kdf(password, choice.KeySize)
+ }
+ if len(key) != choice.KeySize {
+ return nil, shadowaead.KeySizeError(choice.KeySize)
+ }
+ aead, err := choice.New(key)
+ return &aeadCipher{aead}, err
+ }
+
+ if choice, ok := streamList[name]; ok {
+ if len(key) == 0 {
+ key = kdf(password, choice.KeySize)
+ }
+ if len(key) != choice.KeySize {
+ return nil, shadowstream.KeySizeError(choice.KeySize)
+ }
+ ciph, err := choice.New(key)
+ return &streamCipher{ciph}, err
+ }
+
+ return nil, ErrCipherNotSupported
+}
+
+type aeadCipher struct{ shadowaead.Cipher }
+
+func (aead *aeadCipher) StreamConn(c net.Conn) net.Conn { return shadowaead.NewConn(c, aead) }
+func (aead *aeadCipher) PacketConn(c net.PacketConn) net.PacketConn {
+ return shadowaead.NewPacketConn(c, aead)
+}
+
+type streamCipher struct{ shadowstream.Cipher }
+
+func (ciph *streamCipher) StreamConn(c net.Conn) net.Conn { return shadowstream.NewConn(c, ciph) }
+func (ciph *streamCipher) PacketConn(c net.PacketConn) net.PacketConn {
+ return shadowstream.NewPacketConn(c, ciph)
+}
+
+// dummy cipher does not encrypt
+
+type dummy struct{}
+
+func (dummy) StreamConn(c net.Conn) net.Conn { return c }
+func (dummy) PacketConn(c net.PacketConn) net.PacketConn { return c }
+
+// key-derivation function from original Shadowsocks
+func kdf(password string, keyLen int) []byte {
+ var b, prev []byte
+ h := md5.New()
+ for len(b) < keyLen {
+ h.Write(prev)
+ h.Write([]byte(password))
+ b = h.Sum(b)
+ prev = b[len(b)-h.Size():]
+ h.Reset()
+ }
+ return b[:keyLen]
+}
diff --git a/vendor/github.com/nadoo/go-shadowsocks2/core/doc.go b/vendor/github.com/nadoo/go-shadowsocks2/core/doc.go
new file mode 100644
index 0000000..4001c10
--- /dev/null
+++ b/vendor/github.com/nadoo/go-shadowsocks2/core/doc.go
@@ -0,0 +1,2 @@
+// Package core implements essential parts of Shadowsocks
+package core
diff --git a/vendor/github.com/nadoo/go-shadowsocks2/core/packet.go b/vendor/github.com/nadoo/go-shadowsocks2/core/packet.go
new file mode 100644
index 0000000..641aa13
--- /dev/null
+++ b/vendor/github.com/nadoo/go-shadowsocks2/core/packet.go
@@ -0,0 +1,8 @@
+package core
+
+import "net"
+
+func ListenPacket(network, address string, ciph PacketConnCipher) (net.PacketConn, error) {
+ c, err := net.ListenPacket(network, address)
+ return ciph.PacketConn(c), err
+}
diff --git a/vendor/github.com/nadoo/go-shadowsocks2/core/stream.go b/vendor/github.com/nadoo/go-shadowsocks2/core/stream.go
new file mode 100644
index 0000000..5c773cd
--- /dev/null
+++ b/vendor/github.com/nadoo/go-shadowsocks2/core/stream.go
@@ -0,0 +1,23 @@
+package core
+
+import "net"
+
+type listener struct {
+ net.Listener
+ StreamConnCipher
+}
+
+func Listen(network, address string, ciph StreamConnCipher) (net.Listener, error) {
+ l, err := net.Listen(network, address)
+ return &listener{l, ciph}, err
+}
+
+func (l *listener) Accept() (net.Conn, error) {
+ c, err := l.Listener.Accept()
+ return l.StreamConn(c), err
+}
+
+func Dial(network, address string, ciph StreamConnCipher) (net.Conn, error) {
+ c, err := net.Dial(network, address)
+ return ciph.StreamConn(c), err
+}
diff --git a/vendor/github.com/nadoo/go-shadowsocks2/shadowaead/cipher.go b/vendor/github.com/nadoo/go-shadowsocks2/shadowaead/cipher.go
new file mode 100644
index 0000000..7c55127
--- /dev/null
+++ b/vendor/github.com/nadoo/go-shadowsocks2/shadowaead/cipher.go
@@ -0,0 +1,92 @@
+package shadowaead
+
+import (
+ "crypto/aes"
+ "crypto/cipher"
+ "crypto/sha1"
+ "io"
+ "strconv"
+
+ "golang.org/x/crypto/chacha20poly1305"
+ "golang.org/x/crypto/hkdf"
+)
+
+type Cipher interface {
+ KeySize() int
+ SaltSize() int
+ Encrypter(salt []byte) (cipher.AEAD, error)
+ Decrypter(salt []byte) (cipher.AEAD, error)
+}
+
+type KeySizeError int
+
+func (e KeySizeError) Error() string {
+ return "key size error: need " + strconv.Itoa(int(e)) + " bytes"
+}
+
+func hkdfSHA1(secret, salt, info, outkey []byte) {
+ r := hkdf.New(sha1.New, secret, salt, info)
+ if _, err := io.ReadFull(r, outkey); err != nil {
+ panic(err) // should never happen
+ }
+}
+
+type metaCipher struct {
+ psk []byte
+ makeAEAD func(key []byte) (cipher.AEAD, error)
+}
+
+func (a *metaCipher) KeySize() int { return len(a.psk) }
+func (a *metaCipher) SaltSize() int {
+ if ks := a.KeySize(); ks > 16 {
+ return ks
+ }
+ return 16
+}
+func (a *metaCipher) Encrypter(salt []byte) (cipher.AEAD, error) {
+ subkey := make([]byte, a.KeySize())
+ hkdfSHA1(a.psk, salt, []byte("ss-subkey"), subkey)
+ return a.makeAEAD(subkey)
+}
+func (a *metaCipher) Decrypter(salt []byte) (cipher.AEAD, error) {
+ subkey := make([]byte, a.KeySize())
+ hkdfSHA1(a.psk, salt, []byte("ss-subkey"), subkey)
+ return a.makeAEAD(subkey)
+}
+
+func aesGCM(key []byte) (cipher.AEAD, error) {
+ blk, err := aes.NewCipher(key)
+ if err != nil {
+ return nil, err
+ }
+ return cipher.NewGCM(blk)
+}
+
+// AESGCM creates a new Cipher with a pre-shared key. len(psk) must be
+// one of 16, 24, or 32 to select AES-128/196/256-GCM.
+func AESGCM(psk []byte) (Cipher, error) {
+ switch l := len(psk); l {
+ case 16, 24, 32: // AES 128/196/256
+ default:
+ return nil, aes.KeySizeError(l)
+ }
+ return &metaCipher{psk: psk, makeAEAD: aesGCM}, nil
+}
+
+// Chacha20Poly1305 creates a new Cipher with a pre-shared key. len(psk)
+// must be 32.
+func Chacha20Poly1305(psk []byte) (Cipher, error) {
+ if len(psk) != chacha20poly1305.KeySize {
+ return nil, KeySizeError(chacha20poly1305.KeySize)
+ }
+ return &metaCipher{psk: psk, makeAEAD: chacha20poly1305.New}, nil
+}
+
+// XChacha20Poly1305 creates a new Cipher with a pre-shared key. len(psk)
+// must be 32.
+func XChacha20Poly1305(psk []byte) (Cipher, error) {
+ if len(psk) != chacha20poly1305.KeySize {
+ return nil, KeySizeError(chacha20poly1305.KeySize)
+ }
+ return &metaCipher{psk: psk, makeAEAD: chacha20poly1305.NewX}, nil
+}
diff --git a/vendor/github.com/nadoo/go-shadowsocks2/shadowaead/doc.go b/vendor/github.com/nadoo/go-shadowsocks2/shadowaead/doc.go
new file mode 100644
index 0000000..8d1e286
--- /dev/null
+++ b/vendor/github.com/nadoo/go-shadowsocks2/shadowaead/doc.go
@@ -0,0 +1,35 @@
+/*
+Package shadowaead implements a simple AEAD-protected secure protocol.
+
+In general, there are two types of connections: stream-oriented and packet-oriented.
+Stream-oriented connections (e.g. TCP) assume reliable and orderly delivery of bytes.
+Packet-oriented connections (e.g. UDP) assume unreliable and out-of-order delivery of packets,
+where each packet is either delivered intact or lost.
+
+An encrypted stream starts with a random salt to derive a session key, followed by any number of
+encrypted records. Each encrypted record has the following structure:
+
+ [encrypted payload length]
+ [payload length tag]
+ [encrypted payload]
+ [payload tag]
+
+Payload length is 2-byte unsigned big-endian integer capped at 0x3FFF (16383).
+The higher 2 bits are reserved and must be set to zero. The first AEAD encrypt/decrypt
+operation uses a counting nonce starting from 0. After each encrypt/decrypt operation,
+the nonce is incremented by one as if it were an unsigned little-endian integer.
+
+
+Each encrypted packet transmitted on a packet-oriented connection has the following structure:
+
+ [random salt]
+ [encrypted payload]
+ [payload tag]
+
+The salt is used to derive a subkey to initiate an AEAD. Packets are encrypted/decrypted independently
+using zero nonce.
+
+In both stream-oriented and packet-oriented connections, length of nonce and tag varies
+depending on which AEAD is used. Salt should be at least 16-byte long.
+*/
+package shadowaead
diff --git a/vendor/github.com/nadoo/go-shadowsocks2/shadowaead/packet.go b/vendor/github.com/nadoo/go-shadowsocks2/shadowaead/packet.go
new file mode 100644
index 0000000..ae5f84d
--- /dev/null
+++ b/vendor/github.com/nadoo/go-shadowsocks2/shadowaead/packet.go
@@ -0,0 +1,97 @@
+package shadowaead
+
+import (
+ "crypto/rand"
+ "errors"
+ "io"
+ "net"
+ "sync"
+)
+
+// ErrShortPacket means that the packet is too short for a valid encrypted packet.
+var ErrShortPacket = errors.New("short packet")
+
+var _zerononce [128]byte // read-only. 128 bytes is more than enough.
+
+// Pack encrypts plaintext using Cipher with a randomly generated salt and
+// returns a slice of dst containing the encrypted packet and any error occurred.
+// Ensure len(dst) >= ciph.SaltSize() + len(plaintext) + aead.Overhead().
+func Pack(dst, plaintext []byte, ciph Cipher) ([]byte, error) {
+ saltSize := ciph.SaltSize()
+ salt := dst[:saltSize]
+ if _, err := io.ReadFull(rand.Reader, salt); err != nil {
+ return nil, err
+ }
+
+ aead, err := ciph.Encrypter(salt)
+ if err != nil {
+ return nil, err
+ }
+
+ if len(dst) < saltSize+len(plaintext)+aead.Overhead() {
+ return nil, io.ErrShortBuffer
+ }
+ b := aead.Seal(dst[saltSize:saltSize], _zerononce[:aead.NonceSize()], plaintext, nil)
+ return dst[:saltSize+len(b)], nil
+}
+
+// Unpack decrypts pkt using Cipher and returns a slice of dst containing the decrypted payload and any error occurred.
+// Ensure len(dst) >= len(pkt) - aead.SaltSize() - aead.Overhead().
+func Unpack(dst, pkt []byte, ciph Cipher) ([]byte, error) {
+ saltSize := ciph.SaltSize()
+ if len(pkt) < saltSize {
+ return nil, ErrShortPacket
+ }
+ salt := pkt[:saltSize]
+ aead, err := ciph.Decrypter(salt)
+ if err != nil {
+ return nil, err
+ }
+ if len(pkt) < saltSize+aead.Overhead() {
+ return nil, ErrShortPacket
+ }
+ if saltSize+len(dst)+aead.Overhead() < len(pkt) {
+ return nil, io.ErrShortBuffer
+ }
+ b, err := aead.Open(dst[:0], _zerononce[:aead.NonceSize()], pkt[saltSize:], nil)
+ return b, err
+}
+
+type packetConn struct {
+ net.PacketConn
+ Cipher
+ sync.Mutex
+ buf []byte // write lock
+}
+
+// NewPacketConn wraps a net.PacketConn with cipher
+func NewPacketConn(c net.PacketConn, ciph Cipher) net.PacketConn {
+ const maxPacketSize = 64 * 1024
+ return &packetConn{PacketConn: c, Cipher: ciph, buf: make([]byte, maxPacketSize)}
+}
+
+// WriteTo encrypts b and write to addr using the embedded PacketConn.
+func (c *packetConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+ c.Lock()
+ defer c.Unlock()
+ buf, err := Pack(c.buf, b, c)
+ if err != nil {
+ return 0, err
+ }
+ _, err = c.PacketConn.WriteTo(buf, addr)
+ return len(b), err
+}
+
+// ReadFrom reads from the embedded PacketConn and decrypts into b.
+func (c *packetConn) ReadFrom(b []byte) (int, net.Addr, error) {
+ n, addr, err := c.PacketConn.ReadFrom(b)
+ if err != nil {
+ return n, addr, err
+ }
+ bb, err := Unpack(b[c.Cipher.SaltSize():], b[:n], c)
+ if err != nil {
+ return n, addr, err
+ }
+ copy(b, bb)
+ return len(bb), addr, err
+}
diff --git a/vendor/github.com/nadoo/go-shadowsocks2/shadowaead/stream.go b/vendor/github.com/nadoo/go-shadowsocks2/shadowaead/stream.go
new file mode 100644
index 0000000..5f499a2
--- /dev/null
+++ b/vendor/github.com/nadoo/go-shadowsocks2/shadowaead/stream.go
@@ -0,0 +1,270 @@
+package shadowaead
+
+import (
+ "bytes"
+ "crypto/cipher"
+ "crypto/rand"
+ "io"
+ "net"
+)
+
+// payloadSizeMask is the maximum size of payload in bytes.
+const payloadSizeMask = 0x3FFF // 16*1024 - 1
+
+type writer struct {
+ io.Writer
+ cipher.AEAD
+ nonce []byte
+ buf []byte
+}
+
+// NewWriter wraps an io.Writer with AEAD encryption.
+func NewWriter(w io.Writer, aead cipher.AEAD) io.Writer { return newWriter(w, aead) }
+
+func newWriter(w io.Writer, aead cipher.AEAD) *writer {
+ return &writer{
+ Writer: w,
+ AEAD: aead,
+ buf: make([]byte, 2+aead.Overhead()+payloadSizeMask+aead.Overhead()),
+ nonce: make([]byte, aead.NonceSize()),
+ }
+}
+
+// Write encrypts b and writes to the embedded io.Writer.
+func (w *writer) Write(b []byte) (int, error) {
+ n, err := w.ReadFrom(bytes.NewBuffer(b))
+ return int(n), err
+}
+
+// ReadFrom reads from the given io.Reader until EOF or error, encrypts and
+// writes to the embedded io.Writer. Returns number of bytes read from r and
+// any error encountered.
+func (w *writer) ReadFrom(r io.Reader) (n int64, err error) {
+ for {
+ buf := w.buf
+ payloadBuf := buf[2+w.Overhead() : 2+w.Overhead()+payloadSizeMask]
+ nr, er := r.Read(payloadBuf)
+
+ if nr > 0 {
+ n += int64(nr)
+ buf = buf[:2+w.Overhead()+nr+w.Overhead()]
+ payloadBuf = payloadBuf[:nr]
+ buf[0], buf[1] = byte(nr>>8), byte(nr) // big-endian payload size
+ w.Seal(buf[:0], w.nonce, buf[:2], nil)
+ increment(w.nonce)
+
+ w.Seal(payloadBuf[:0], w.nonce, payloadBuf, nil)
+ increment(w.nonce)
+
+ _, ew := w.Writer.Write(buf)
+ if ew != nil {
+ err = ew
+ break
+ }
+ }
+
+ if er != nil {
+ if er != io.EOF { // ignore EOF as per io.ReaderFrom contract
+ err = er
+ }
+ break
+ }
+ }
+
+ return n, err
+}
+
+type reader struct {
+ io.Reader
+ cipher.AEAD
+ nonce []byte
+ buf []byte
+ leftover []byte
+}
+
+// NewReader wraps an io.Reader with AEAD decryption.
+func NewReader(r io.Reader, aead cipher.AEAD) io.Reader { return newReader(r, aead) }
+
+func newReader(r io.Reader, aead cipher.AEAD) *reader {
+ return &reader{
+ Reader: r,
+ AEAD: aead,
+ buf: make([]byte, payloadSizeMask+aead.Overhead()),
+ nonce: make([]byte, aead.NonceSize()),
+ }
+}
+
+// read and decrypt a record into the internal buffer. Return decrypted payload length and any error encountered.
+func (r *reader) read() (int, error) {
+ // decrypt payload size
+ buf := r.buf[:2+r.Overhead()]
+ _, err := io.ReadFull(r.Reader, buf)
+ if err != nil {
+ return 0, err
+ }
+
+ _, err = r.Open(buf[:0], r.nonce, buf, nil)
+ increment(r.nonce)
+ if err != nil {
+ return 0, err
+ }
+
+ size := (int(buf[0])<<8 + int(buf[1])) & payloadSizeMask
+
+ // decrypt payload
+ buf = r.buf[:size+r.Overhead()]
+ _, err = io.ReadFull(r.Reader, buf)
+ if err != nil {
+ return 0, err
+ }
+
+ _, err = r.Open(buf[:0], r.nonce, buf, nil)
+ increment(r.nonce)
+ if err != nil {
+ return 0, err
+ }
+
+ return size, nil
+}
+
+// Read reads from the embedded io.Reader, decrypts and writes to b.
+func (r *reader) Read(b []byte) (int, error) {
+ // copy decrypted bytes (if any) from previous record first
+ if len(r.leftover) > 0 {
+ n := copy(b, r.leftover)
+ r.leftover = r.leftover[n:]
+ return n, nil
+ }
+
+ n, err := r.read()
+ m := copy(b, r.buf[:n])
+ if m < n { // insufficient len(b), keep leftover for next read
+ r.leftover = r.buf[m:n]
+ }
+ return m, err
+}
+
+// WriteTo reads from the embedded io.Reader, decrypts and writes to w until
+// there's no more data to write or when an error occurs. Return number of
+// bytes written to w and any error encountered.
+func (r *reader) WriteTo(w io.Writer) (n int64, err error) {
+ // write decrypted bytes left over from previous record
+ for len(r.leftover) > 0 {
+ nw, ew := w.Write(r.leftover)
+ r.leftover = r.leftover[nw:]
+ n += int64(nw)
+ if ew != nil {
+ return n, ew
+ }
+ }
+
+ for {
+ nr, er := r.read()
+ if nr > 0 {
+ nw, ew := w.Write(r.buf[:nr])
+ n += int64(nw)
+
+ if ew != nil {
+ err = ew
+ break
+ }
+ }
+
+ if er != nil {
+ if er != io.EOF { // ignore EOF as per io.Copy contract (using src.WriteTo shortcut)
+ err = er
+ }
+ break
+ }
+ }
+
+ return n, err
+}
+
+// increment little-endian encoded unsigned integer b. Wrap around on overflow.
+func increment(b []byte) {
+ for i := range b {
+ b[i]++
+ if b[i] != 0 {
+ return
+ }
+ }
+}
+
+type streamConn struct {
+ net.Conn
+ Cipher
+ r *reader
+ w *writer
+}
+
+func (c *streamConn) initReader() error {
+ salt := make([]byte, c.SaltSize())
+ if _, err := io.ReadFull(c.Conn, salt); err != nil {
+ return err
+ }
+
+ aead, err := c.Decrypter(salt)
+ if err != nil {
+ return err
+ }
+
+ c.r = newReader(c.Conn, aead)
+ return nil
+}
+
+func (c *streamConn) Read(b []byte) (int, error) {
+ if c.r == nil {
+ if err := c.initReader(); err != nil {
+ return 0, err
+ }
+ }
+ return c.r.Read(b)
+}
+
+func (c *streamConn) WriteTo(w io.Writer) (int64, error) {
+ if c.r == nil {
+ if err := c.initReader(); err != nil {
+ return 0, err
+ }
+ }
+ return c.r.WriteTo(w)
+}
+
+func (c *streamConn) initWriter() error {
+ salt := make([]byte, c.SaltSize())
+ if _, err := io.ReadFull(rand.Reader, salt); err != nil {
+ return err
+ }
+ aead, err := c.Encrypter(salt)
+ if err != nil {
+ return err
+ }
+ _, err = c.Conn.Write(salt)
+ if err != nil {
+ return err
+ }
+ c.w = newWriter(c.Conn, aead)
+ return nil
+}
+
+func (c *streamConn) Write(b []byte) (int, error) {
+ if c.w == nil {
+ if err := c.initWriter(); err != nil {
+ return 0, err
+ }
+ }
+ return c.w.Write(b)
+}
+
+func (c *streamConn) ReadFrom(r io.Reader) (int64, error) {
+ if c.w == nil {
+ if err := c.initWriter(); err != nil {
+ return 0, err
+ }
+ }
+ return c.w.ReadFrom(r)
+}
+
+// NewConn wraps a stream-oriented net.Conn with cipher.
+func NewConn(c net.Conn, ciph Cipher) net.Conn { return &streamConn{Conn: c, Cipher: ciph} }
diff --git a/vendor/github.com/nadoo/go-shadowsocks2/shadowstream/cipher.go b/vendor/github.com/nadoo/go-shadowsocks2/shadowstream/cipher.go
new file mode 100644
index 0000000..232ce27
--- /dev/null
+++ b/vendor/github.com/nadoo/go-shadowsocks2/shadowstream/cipher.go
@@ -0,0 +1,134 @@
+package shadowstream
+
+import (
+ "crypto/aes"
+ "crypto/cipher"
+ "crypto/md5"
+ "crypto/rc4"
+ "strconv"
+
+ "github.com/aead/chacha20"
+ "github.com/aead/chacha20/chacha"
+)
+
+// Cipher generates a pair of stream ciphers for encryption and decryption.
+type Cipher interface {
+ IVSize() int
+ Encrypter(iv []byte) cipher.Stream
+ Decrypter(iv []byte) cipher.Stream
+}
+
+type KeySizeError int
+
+func (e KeySizeError) Error() string {
+ return "key size error: need " + strconv.Itoa(int(e)) + " bytes"
+}
+
+// CTR mode
+type ctrStream struct{ cipher.Block }
+
+func (b *ctrStream) IVSize() int { return b.BlockSize() }
+func (b *ctrStream) Decrypter(iv []byte) cipher.Stream { return b.Encrypter(iv) }
+func (b *ctrStream) Encrypter(iv []byte) cipher.Stream { return cipher.NewCTR(b, iv) }
+
+func AESCTR(key []byte) (Cipher, error) {
+ blk, err := aes.NewCipher(key)
+ if err != nil {
+ return nil, err
+ }
+ return &ctrStream{blk}, nil
+}
+
+// CFB mode
+type cfbStream struct{ cipher.Block }
+
+func (b *cfbStream) IVSize() int { return b.BlockSize() }
+func (b *cfbStream) Decrypter(iv []byte) cipher.Stream { return cipher.NewCFBDecrypter(b, iv) }
+func (b *cfbStream) Encrypter(iv []byte) cipher.Stream { return cipher.NewCFBEncrypter(b, iv) }
+
+func AESCFB(key []byte) (Cipher, error) {
+ blk, err := aes.NewCipher(key)
+ if err != nil {
+ return nil, err
+ }
+ return &cfbStream{blk}, nil
+}
+
+// IETF-variant of chacha20
+type chacha20ietfkey []byte
+
+func (k chacha20ietfkey) IVSize() int { return chacha.INonceSize }
+func (k chacha20ietfkey) Decrypter(iv []byte) cipher.Stream { return k.Encrypter(iv) }
+func (k chacha20ietfkey) Encrypter(iv []byte) cipher.Stream {
+ ciph, err := chacha20.NewCipher(iv, k)
+ if err != nil {
+ panic(err) // should never happen
+ }
+ return ciph
+}
+
+func Chacha20IETF(key []byte) (Cipher, error) {
+ if len(key) != chacha.KeySize {
+ return nil, KeySizeError(chacha.KeySize)
+ }
+ return chacha20ietfkey(key), nil
+}
+
+type xchacha20key []byte
+
+func (k xchacha20key) IVSize() int { return chacha.XNonceSize }
+func (k xchacha20key) Decrypter(iv []byte) cipher.Stream { return k.Encrypter(iv) }
+func (k xchacha20key) Encrypter(iv []byte) cipher.Stream {
+ ciph, err := chacha20.NewCipher(iv, k)
+ if err != nil {
+ panic(err) // should never happen
+ }
+ return ciph
+}
+
+func Xchacha20(key []byte) (Cipher, error) {
+ if len(key) != chacha.KeySize {
+ return nil, KeySizeError(chacha.KeySize)
+ }
+ return xchacha20key(key), nil
+}
+
+// reference: https://github.com/shadowsocks/shadowsocks-go/blob/master/shadowsocks/encrypt.go
+type chacha20key []byte
+
+func (k chacha20key) IVSize() int { return chacha.NonceSize }
+func (k chacha20key) Decrypter(iv []byte) cipher.Stream { return k.Encrypter(iv) }
+func (k chacha20key) Encrypter(iv []byte) cipher.Stream {
+ ciph, err := chacha20.NewCipher(iv, k)
+ if err != nil {
+ panic(err) // should never happen
+ }
+ return ciph
+}
+
+func ChaCha20(key []byte) (Cipher, error) {
+ if len(key) != chacha.KeySize {
+ return nil, KeySizeError(chacha.KeySize)
+ }
+ return chacha20key(key), nil
+}
+
+type rc4Md5Key []byte
+
+func (k rc4Md5Key) IVSize() int { return 16 }
+func (k rc4Md5Key) Decrypter(iv []byte) cipher.Stream { return k.Encrypter(iv) }
+func (k rc4Md5Key) Encrypter(iv []byte) cipher.Stream {
+ h := md5.New()
+ h.Write([]byte(k))
+ h.Write(iv)
+ rc4key := h.Sum(nil)
+ ciph, err := rc4.NewCipher(rc4key)
+ if err != nil {
+ panic(err) // should never happen
+ }
+ return ciph
+}
+
+func RC4MD5(key []byte) (Cipher, error) {
+ return rc4Md5Key(key), nil
+}
diff --git a/vendor/github.com/nadoo/go-shadowsocks2/shadowstream/doc.go b/vendor/github.com/nadoo/go-shadowsocks2/shadowstream/doc.go
new file mode 100644
index 0000000..4c0897a
--- /dev/null
+++ b/vendor/github.com/nadoo/go-shadowsocks2/shadowstream/doc.go
@@ -0,0 +1,2 @@
+// Package shadowstream implements the original Shadowsocks protocol protected by stream cipher.
+package shadowstream
diff --git a/vendor/github.com/nadoo/go-shadowsocks2/shadowstream/packet.go b/vendor/github.com/nadoo/go-shadowsocks2/shadowstream/packet.go
new file mode 100644
index 0000000..0defa11
--- /dev/null
+++ b/vendor/github.com/nadoo/go-shadowsocks2/shadowstream/packet.go
@@ -0,0 +1,80 @@
+package shadowstream
+
+import (
+ "crypto/rand"
+ "errors"
+ "io"
+ "net"
+ "sync"
+)
+
+// ErrShortPacket means the packet is too short to be a valid encrypted packet.
+var ErrShortPacket = errors.New("short packet")
+
+// Pack encrypts plaintext using stream cipher s and a random IV.
+// Returns a slice of dst containing random IV and ciphertext.
+// Ensure len(dst) >= s.IVSize() + len(plaintext).
+func Pack(dst, plaintext []byte, s Cipher) ([]byte, error) {
+ if len(dst) < s.IVSize()+len(plaintext) {
+ return nil, io.ErrShortBuffer
+ }
+ iv := dst[:s.IVSize()]
+ _, err := io.ReadFull(rand.Reader, iv)
+ if err != nil {
+ return nil, err
+ }
+
+ s.Encrypter(iv).XORKeyStream(dst[len(iv):], plaintext)
+ return dst[:len(iv)+len(plaintext)], nil
+}
+
+// Unpack decrypts pkt using stream cipher s.
+// Returns a slice of dst containing decrypted plaintext.
+func Unpack(dst, pkt []byte, s Cipher) ([]byte, error) {
+ if len(pkt) < s.IVSize() {
+ return nil, ErrShortPacket
+ }
+
+ if len(dst) < len(pkt)-s.IVSize() {
+ return nil, io.ErrShortBuffer
+ }
+ iv := pkt[:s.IVSize()]
+ s.Decrypter(iv).XORKeyStream(dst, pkt[len(iv):])
+ return dst[:len(pkt)-len(iv)], nil
+}
+
+type packetConn struct {
+ net.PacketConn
+ Cipher
+ buf []byte
+ sync.Mutex // write lock
+}
+
+// NewPacketConn wraps a net.PacketConn with stream cipher encryption/decryption.
+func NewPacketConn(c net.PacketConn, ciph Cipher) net.PacketConn {
+ return &packetConn{PacketConn: c, Cipher: ciph, buf: make([]byte, 64*1024)}
+}
+
+func (c *packetConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+ c.Lock()
+ defer c.Unlock()
+ buf, err := Pack(c.buf, b, c.Cipher)
+ if err != nil {
+ return 0, err
+ }
+ _, err = c.PacketConn.WriteTo(buf, addr)
+ return len(b), err
+}
+
+func (c *packetConn) ReadFrom(b []byte) (int, net.Addr, error) {
+ n, addr, err := c.PacketConn.ReadFrom(b)
+ if err != nil {
+ return n, addr, err
+ }
+ bb, err := Unpack(b[c.IVSize():], b[:n], c.Cipher)
+ if err != nil {
+ return n, addr, err
+ }
+ copy(b, bb)
+ return len(bb), addr, err
+}
diff --git a/vendor/github.com/nadoo/go-shadowsocks2/shadowstream/stream.go b/vendor/github.com/nadoo/go-shadowsocks2/shadowstream/stream.go
new file mode 100644
index 0000000..eb4d967
--- /dev/null
+++ b/vendor/github.com/nadoo/go-shadowsocks2/shadowstream/stream.go
@@ -0,0 +1,171 @@
+package shadowstream
+
+import (
+ "bytes"
+ "crypto/cipher"
+ "crypto/rand"
+ "io"
+ "net"
+)
+
+const bufSize = 32 * 1024
+
+type writer struct {
+ io.Writer
+ cipher.Stream
+ buf []byte
+}
+
+// NewWriter wraps an io.Writer with stream cipher encryption.
+func NewWriter(w io.Writer, s cipher.Stream) io.Writer {
+ return &writer{Writer: w, Stream: s, buf: make([]byte, bufSize)}
+}
+
+func (w *writer) ReadFrom(r io.Reader) (n int64, err error) {
+ for {
+ buf := w.buf
+ nr, er := r.Read(buf)
+ if nr > 0 {
+ n += int64(nr)
+ buf = buf[:nr]
+ w.XORKeyStream(buf, buf)
+ _, ew := w.Writer.Write(buf)
+ if ew != nil {
+ err = ew
+ return
+ }
+ }
+
+ if er != nil {
+ if er != io.EOF { // ignore EOF as per io.ReaderFrom contract
+ err = er
+ }
+ return
+ }
+ }
+}
+
+func (w *writer) Write(b []byte) (int, error) {
+ n, err := w.ReadFrom(bytes.NewBuffer(b))
+ return int(n), err
+}
+
+type reader struct {
+ io.Reader
+ cipher.Stream
+ buf []byte
+}
+
+// NewReader wraps an io.Reader with stream cipher decryption.
+func NewReader(r io.Reader, s cipher.Stream) io.Reader {
+ return &reader{Reader: r, Stream: s, buf: make([]byte, bufSize)}
+}
+
+func (r *reader) Read(b []byte) (int, error) {
+
+ n, err := r.Reader.Read(b)
+ if err != nil {
+ return 0, err
+ }
+ b = b[:n]
+ r.XORKeyStream(b, b)
+ return n, nil
+}
+
+func (r *reader) WriteTo(w io.Writer) (n int64, err error) {
+ for {
+ buf := r.buf
+ nr, er := r.Read(buf)
+ if nr > 0 {
+ nw, ew := w.Write(buf[:nr])
+ n += int64(nw)
+
+ if ew != nil {
+ err = ew
+ return
+ }
+ }
+
+ if er != nil {
+ if er != io.EOF { // ignore EOF as per io.Copy contract (using src.WriteTo shortcut)
+ err = er
+ }
+ return
+ }
+ }
+}
+
+type conn struct {
+ net.Conn
+ Cipher
+ r *reader
+ w *writer
+}
+
+// NewConn wraps a stream-oriented net.Conn with stream cipher encryption/decryption.
+func NewConn(c net.Conn, ciph Cipher) net.Conn {
+ return &conn{Conn: c, Cipher: ciph}
+}
+
+func (c *conn) initReader() error {
+ if c.r == nil {
+ buf := make([]byte, bufSize)
+ iv := buf[:c.IVSize()]
+ if _, err := io.ReadFull(c.Conn, iv); err != nil {
+ return err
+ }
+ c.r = &reader{Reader: c.Conn, Stream: c.Decrypter(iv), buf: buf}
+ }
+ return nil
+}
+
+func (c *conn) Read(b []byte) (int, error) {
+ if c.r == nil {
+ if err := c.initReader(); err != nil {
+ return 0, err
+ }
+ }
+ return c.r.Read(b)
+}
+
+func (c *conn) WriteTo(w io.Writer) (int64, error) {
+ if c.r == nil {
+ if err := c.initReader(); err != nil {
+ return 0, err
+ }
+ }
+ return c.r.WriteTo(w)
+}
+
+func (c *conn) initWriter() error {
+ if c.w == nil {
+ buf := make([]byte, bufSize)
+ iv := buf[:c.IVSize()]
+ if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+ return err
+ }
+ if _, err := c.Conn.Write(iv); err != nil {
+ return err
+ }
+ c.w = &writer{Writer: c.Conn, Stream: c.Encrypter(iv), buf: buf}
+ }
+ return nil
+}
+
+func (c *conn) Write(b []byte) (int, error) {
+ if c.w == nil {
+ if err := c.initWriter(); err != nil {
+ return 0, err
+ }
+ }
+ return c.w.Write(b)
+}
+
+func (c *conn) ReadFrom(r io.Reader) (int64, error) {
+ if c.w == nil {
+ if err := c.initWriter(); err != nil {
+ return 0, err
+ }
+ }
+ return c.w.ReadFrom(r)
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/LICENSE b/vendor/github.com/sun8911879/shadowsocksR/LICENSE
new file mode 100644
index 0000000..bed05e0
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 YanXin Sun
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/sun8911879/shadowsocksR/README.md b/vendor/github.com/sun8911879/shadowsocksR/README.md
new file mode 100644
index 0000000..93938b4
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/README.md
@@ -0,0 +1,84 @@
+# shadowsocksR
+
+[shadowsocksR](https://github.com/sun8911879/shadowsocksR) is a shadowsocksR for Go library
+
+* shadowsocksR is based on [avege](https://github.com/avege/avege) and [shadowsocksR for Python](https://github.com/shadowsocksr-backup/shadowsocksr) changes.
+* Repair avege SSR communication BUG and streamline version. Is a normal use version.
+
+#### Use
+
+```go
+bi := &BackendInfo{
+ Address: "www.domain.com:445",
+ Type: "ssr",
+ SSInfo: SSInfo{
+ EncryptMethod: "aes-128-cfb",
+ EncryptPassword: "password",
+ SSRInfo: SSRInfo{
+ Protocol: "auth_aes128_sha1",
+ ProtocolParam: "",
+ Obfs: "tls1.2_ticket_auth",
+ ObfsParam: "",
+ },
+ },
+}
+dst, err := bi.DialSSRConn(rawaddr)
+bi.Pipe(src, dst)
+bi.Pipe(dst, src)
+```
+
+See 'example/client.go' for detailed usage.
+
+#### SS Encrypting algorithm
+
+* aes-128-cfb
+* aes-192-cfb
+* aes-256-cfb
+* aes-128-ctr
+* aes-192-ctr
+* aes-256-ctr
+* aes-128-ofb
+* aes-192-ofb
+* aes-256-ofb
+* des-cfb
+* bf-cfb
+* cast5-cfb
+* rc4-md5
+* chacha20
+* chacha20-ietf
+* salsa20
+* camellia-128-cfb
+* camellia-192-cfb
+* camellia-256-cfb
+* idea-cfb
+* rc2-cfb
+* seed-cfb
+
+#### SSR Obfs
+
+* plain
+* http_simple
+* http_post
+* random_head
+* tls1.2_ticket_auth
+
+#### SSR Protocol
+
+* origin
+* verify_sha1 aka. one time auth(OTA)
+* auth_sha1_v4
+* auth_aes128_md5
+* auth_aes128_sha1
+
+## Todo (help wanted)
+
+* Optimize performance
+
+### Thanks avege project
+* [avege](https://github.com/avege/avege)
+
+### Reference
+* [avege](https://github.com/avege/avege)
+* [shadowsocks-go](https://github.com/shadowsocks/shadowsocks-go)
+* [go-shadowsocks2](https://github.com/shadowsocks/go-shadowsocks2)
+* [ShadowsocksR](https://github.com/shadowsocksr-backup/shadowsocksr)
\ No newline at end of file
diff --git a/vendor/github.com/sun8911879/shadowsocksR/client.go b/vendor/github.com/sun8911879/shadowsocksR/client.go
new file mode 100644
index 0000000..2c3d7ad
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/client.go
@@ -0,0 +1,61 @@
+package shadowsocksr
+
+import (
+ "errors"
+ "net"
+ "net/url"
+ "strconv"
+ "strings"
+ "time"
+
+ "github.com/sun8911879/shadowsocksR/obfs"
+ "github.com/sun8911879/shadowsocksR/protocol"
+ "github.com/sun8911879/shadowsocksR/ssr"
+)
+
+func NewSSRClient(u *url.URL) (*SSTCPConn, error) {
+ query := u.Query()
+ encryptMethod := query.Get("encrypt-method")
+ encryptKey := query.Get("encrypt-key")
+ cipher, err := NewStreamCipher(encryptMethod, encryptKey)
+ if err != nil {
+ return nil, err
+ }
+
+ dialer := net.Dialer{
+ Timeout: time.Millisecond * 500,
+ DualStack: true,
+ }
+ conn, err := dialer.Dial("tcp", u.Host)
+ if err != nil {
+ return nil, err
+ }
+
+ ssconn := NewSSTCPConn(conn, cipher)
+ if ssconn.Conn == nil || ssconn.RemoteAddr() == nil {
+ return nil, errors.New("nil connection")
+ }
+
+ // should initialize obfs/protocol now
+ rs := strings.Split(ssconn.RemoteAddr().String(), ":")
+ port, _ := strconv.Atoi(rs[1])
+
+ ssconn.IObfs = obfs.NewObfs(query.Get("obfs"))
+ obfsServerInfo := &ssr.ServerInfoForObfs{
+ Host: rs[0],
+ Port: uint16(port),
+ TcpMss: 1460,
+ Param: query.Get("obfs-param"),
+ }
+ ssconn.IObfs.SetServerInfo(obfsServerInfo)
+ ssconn.IProtocol = protocol.NewProtocol(query.Get("protocol"))
+ protocolServerInfo := &ssr.ServerInfoForObfs{
+ Host: rs[0],
+ Port: uint16(port),
+ TcpMss: 1460,
+ Param: query.Get("protocol-param"),
+ }
+ ssconn.IProtocol.SetServerInfo(protocolServerInfo)
+
+ return ssconn, nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/encrypt.go b/vendor/github.com/sun8911879/shadowsocksR/encrypt.go
new file mode 100644
index 0000000..3f5e6b9
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/encrypt.go
@@ -0,0 +1,296 @@
+package shadowsocksr
+
+import (
+ "crypto/aes"
+ "crypto/cipher"
+ "crypto/des"
+ "crypto/md5"
+ "crypto/rand"
+ "crypto/rc4"
+ "encoding/binary"
+ "errors"
+
+ "github.com/sun8911879/shadowsocksR/tools"
+ "github.com/sun8911879/shadowsocksR/tools/leakybuf"
+
+ "github.com/Yawning/chacha20"
+ "github.com/dgryski/go-camellia"
+ "github.com/dgryski/go-idea"
+ "github.com/dgryski/go-rc2"
+ "golang.org/x/crypto/blowfish"
+ "golang.org/x/crypto/cast5"
+ "golang.org/x/crypto/salsa20/salsa"
+)
+
+var errEmptyPassword = errors.New("empty key")
+
+type DecOrEnc int
+
+const (
+ Decrypt DecOrEnc = iota
+ Encrypt
+)
+
+func newCTRStream(block cipher.Block, err error, key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ if err != nil {
+ return nil, err
+ }
+ return cipher.NewCTR(block, iv), nil
+}
+
+func newAESCTRStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := aes.NewCipher(key)
+ return newCTRStream(block, err, key, iv, doe)
+}
+
+func newOFBStream(block cipher.Block, err error, key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ if err != nil {
+ return nil, err
+ }
+ return cipher.NewCTR(block, iv), nil
+}
+
+func newAESOFBStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := aes.NewCipher(key)
+ return newOFBStream(block, err, key, iv, doe)
+}
+
+func newCFBStream(block cipher.Block, err error, key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ if err != nil {
+ return nil, err
+ }
+ if doe == Encrypt {
+ return cipher.NewCFBEncrypter(block, iv), nil
+ } else {
+ return cipher.NewCFBDecrypter(block, iv), nil
+ }
+}
+
+func newAESCFBStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := aes.NewCipher(key)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+func newDESStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := des.NewCipher(key)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+func newBlowFishStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := blowfish.NewCipher(key)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+func newCast5Stream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := cast5.NewCipher(key)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+func newRC4MD5Stream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+ h := md5.New()
+ h.Write(key)
+ h.Write(iv)
+ rc4key := h.Sum(nil)
+
+ return rc4.NewCipher(rc4key)
+}
+
+func newChaCha20Stream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+ return chacha20.NewCipher(key, iv)
+}
+
+func newChacha20IETFStream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+ return chacha20.NewCipher(key, iv)
+}
+
+type salsaStreamCipher struct {
+ nonce [8]byte
+ key [32]byte
+ counter int
+}
+
+func (c *salsaStreamCipher) XORKeyStream(dst, src []byte) {
+ var buf []byte
+ padLen := c.counter % 64
+ dataSize := len(src) + padLen
+ if cap(dst) >= dataSize {
+ buf = dst[:dataSize]
+ } else if leakybuf.GlobalLeakyBufSize >= dataSize {
+ buf = leakybuf.GlobalLeakyBuf.Get()
+ defer leakybuf.GlobalLeakyBuf.Put(buf)
+ buf = buf[:dataSize]
+ } else {
+ buf = make([]byte, dataSize)
+ }
+
+ var subNonce [16]byte
+ copy(subNonce[:], c.nonce[:])
+ binary.LittleEndian.PutUint64(subNonce[len(c.nonce):], uint64(c.counter/64))
+
+ // It's difficult to avoid data copy here. src or dst maybe slice from
+ // Conn.Read/Write, which can't have padding.
+ copy(buf[padLen:], src[:])
+ salsa.XORKeyStream(buf, buf, &subNonce, &c.key)
+ copy(dst, buf[padLen:])
+
+ c.counter += len(src)
+}
+
+func newSalsa20Stream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+ var c salsaStreamCipher
+ copy(c.nonce[:], iv[:8])
+ copy(c.key[:], key[:32])
+ return &c, nil
+}
+
+func newCamelliaStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := camellia.New(key)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+func newIdeaStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := idea.NewCipher(key)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+func newRC2Stream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := rc2.New(key, 16)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+func newSeedStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ // TODO: SEED block cipher implementation is required
+ block, err := rc2.New(key, 16)
+ return newCFBStream(block, err, key, iv, doe)
+}
+
+type cipherInfo struct {
+ keyLen int
+ ivLen int
+ newStream func(key, iv []byte, doe DecOrEnc) (cipher.Stream, error)
+}
+
+var streamCipherMethod = map[string]*cipherInfo{
+ "aes-128-cfb": {16, 16, newAESCFBStream},
+ "aes-192-cfb": {24, 16, newAESCFBStream},
+ "aes-256-cfb": {32, 16, newAESCFBStream},
+ "aes-128-ctr": {16, 16, newAESCTRStream},
+ "aes-192-ctr": {24, 16, newAESCTRStream},
+ "aes-256-ctr": {32, 16, newAESCTRStream},
+ "aes-128-ofb": {16, 16, newAESOFBStream},
+ "aes-192-ofb": {24, 16, newAESOFBStream},
+ "aes-256-ofb": {32, 16, newAESOFBStream},
+ "des-cfb": {8, 8, newDESStream},
+ "bf-cfb": {16, 8, newBlowFishStream},
+ "cast5-cfb": {16, 8, newCast5Stream},
+ "rc4-md5": {16, 16, newRC4MD5Stream},
+ "rc4-md5-6": {16, 6, newRC4MD5Stream},
+ "chacha20": {32, 8, newChaCha20Stream},
+ "chacha20-ietf": {32, 12, newChacha20IETFStream},
+ "salsa20": {32, 8, newSalsa20Stream},
+ "camellia-128-cfb": {16, 16, newCamelliaStream},
+ "camellia-192-cfb": {24, 16, newCamelliaStream},
+ "camellia-256-cfb": {32, 16, newCamelliaStream},
+ "idea-cfb": {16, 8, newIdeaStream},
+ "rc2-cfb": {16, 8, newRC2Stream},
+ "seed-cfb": {16, 8, newSeedStream},
+}
+
+func CheckCipherMethod(method string) error {
+ if method == "" {
+ method = "rc4-md5"
+ }
+ _, ok := streamCipherMethod[method]
+ if !ok {
+ return errors.New("Unsupported encryption method: " + method)
+ }
+ return nil
+}
+
+type StreamCipher struct {
+ enc cipher.Stream
+ dec cipher.Stream
+ key []byte
+ info *cipherInfo
+ iv []byte
+}
+
+// NewStreamCipher creates a cipher that can be used in Dial() etc.
+// Use cipher.Copy() to create a new cipher with the same method and password
+// to avoid the cost of repeated cipher initialization.
+func NewStreamCipher(method, password string) (c *StreamCipher, err error) {
+ if password == "" {
+ return nil, errEmptyPassword
+ }
+ if method == "" {
+ method = "rc4-md5"
+ }
+ mi, ok := streamCipherMethod[method]
+ if !ok {
+ return nil, errors.New("Unsupported encryption method: " + method)
+ }
+
+ key := tools.EVPBytesToKey(password, mi.keyLen)
+
+ c = &StreamCipher{key: key, info: mi}
+
+ if err != nil {
+ return nil, err
+ }
+ return c, nil
+}
+
+// Initializes the block cipher with CFB mode, returns IV.
+func (c *StreamCipher) initEncrypt() (iv []byte, err error) {
+ if c.iv == nil {
+ iv = make([]byte, c.info.ivLen)
+ rand.Read(iv)
+ c.iv = iv
+ } else {
+ iv = c.iv
+ }
+ c.enc, err = c.info.newStream(c.key, iv, Encrypt)
+ return
+}
+
+func (c *StreamCipher) initDecrypt(iv []byte) (err error) {
+ c.dec, err = c.info.newStream(c.key, iv, Decrypt)
+ return
+}
+
+func (c *StreamCipher) encrypt(dst, src []byte) {
+ c.enc.XORKeyStream(dst, src)
+}
+
+func (c *StreamCipher) decrypt(dst, src []byte) {
+ c.dec.XORKeyStream(dst, src)
+}
+
+// Copy creates a new cipher at it's initial state.
+func (c *StreamCipher) Copy() *StreamCipher {
+ // This optimization maybe not necessary. But without this function, we
+ // need to maintain a table cache for newTableCipher and use lock to
+ // protect concurrent access to that cache.
+
+ // AES and DES ciphers does not return specific types, so it's difficult
+ // to create copy. But their initialization time is less than 4000ns on my
+ // 2.26 GHz Intel Core 2 Duo processor. So no need to worry.
+
+ // Currently, blow-fish and cast5 initialization cost is an order of
+ // magnitude slower than other ciphers. (I'm not sure whether this is
+ // because the current implementation is not highly optimized, or this is
+ // the nature of the algorithm.)
+
+ nc := *c
+ nc.enc = nil
+ nc.dec = nil
+ return &nc
+}
+
+func (c *StreamCipher) Key() (key []byte, keyLen int) {
+ return c.key, c.info.keyLen
+}
+
+func (c *StreamCipher) IV() ([]byte, int) {
+ return c.iv, c.info.ivLen
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/base.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/base.go
new file mode 100644
index 0000000..a57732e
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/obfs/base.go
@@ -0,0 +1,35 @@
+package obfs
+
+import (
+ "strings"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+)
+
+type creator func() IObfs
+
+var (
+ creatorMap = make(map[string]creator)
+)
+
+type IObfs interface {
+ SetServerInfo(s *ssr.ServerInfoForObfs)
+ GetServerInfo() (s *ssr.ServerInfoForObfs)
+ Encode(data []byte) ([]byte, error)
+ Decode(data []byte) ([]byte, uint64, error)
+ SetData(data interface{})
+ GetData() interface{}
+}
+
+func register(name string, c creator) {
+ creatorMap[name] = c
+}
+
+// NewObfs create an obfs object by name and return as an IObfs interface
+func NewObfs(name string) IObfs {
+ c, ok := creatorMap[strings.ToLower(name)]
+ if ok {
+ return c()
+ }
+ return nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/http_post.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/http_post.go
new file mode 100644
index 0000000..46513d7
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/obfs/http_post.go
@@ -0,0 +1,19 @@
+package obfs
+
+import (
+ "math/rand"
+)
+
+func init() {
+ register("http_post", newHttpPost)
+}
+
+// newHttpPost create a http_post object
+func newHttpPost() IObfs {
+ // newHttpSimple create a http_simple object
+ t := &httpSimplePost{
+ userAgentIndex: rand.Intn(len(requestUserAgent)),
+ getOrPost: false,
+ }
+ return t
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/http_simple.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/http_simple.go
new file mode 100644
index 0000000..521a3e9
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/obfs/http_simple.go
@@ -0,0 +1,178 @@
+package obfs
+
+import (
+ "bytes"
+ "encoding/hex"
+ "fmt"
+ "math/rand"
+ "strings"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+)
+
+var (
+ requestPath = []string{
+ "", "",
+ "login.php?redir=", "",
+ "register.php?code=", "",
+ "s?ie=utf-8&f=8&rsv_bp=1&rsv_idx=1&ch=&bar=&wd=", "&rn=",
+ "post.php?id=", "&goto=view.php",
+ }
+ requestUserAgent = []string{
+ "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0",
+ "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/44.0",
+ "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
+ "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.10 Chromium/27.0.1453.93 Chrome/27.0.1453.93 Safari/537.36",
+ "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0",
+ "Mozilla/5.0 (compatible; WOW64; MSIE 10.0; Windows NT 6.2)",
+ "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27",
+ "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C)",
+ "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
+ "Mozilla/5.0 (Linux; Android 4.4; Nexus 5 Build/BuildID) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36",
+ "Mozilla/5.0 (iPad; CPU OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3",
+ "Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3",
+ }
+)
+
+// HttpSimple http_simple obfs encapsulate
+type httpSimplePost struct {
+ ssr.ServerInfoForObfs
+ rawTransSent bool
+ rawTransReceived bool
+ userAgentIndex int
+ getOrPost bool // true for get, false for post
+}
+
+func init() {
+ register("http_simple", newHttpSimple)
+}
+
+// newHttpSimple create a http_simple object
+func newHttpSimple() IObfs {
+ t := &httpSimplePost{
+ rawTransSent: false,
+ rawTransReceived: false,
+ userAgentIndex: rand.Intn(len(requestUserAgent)),
+ getOrPost: true,
+ }
+ return t
+}
+
+func (t *httpSimplePost) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ t.ServerInfoForObfs = *s
+}
+
+func (t *httpSimplePost) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &t.ServerInfoForObfs
+}
+
+func (t *httpSimplePost) SetData(data interface{}) {
+
+}
+
+func (t *httpSimplePost) GetData() interface{} {
+ return nil
+}
+
+func (t *httpSimplePost) boundary() (ret string) {
+ set := "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+ for i := 0; i < 32; i++ {
+ ret = fmt.Sprintf("%s%c", ret, set[rand.Intn(len(set))])
+ }
+ return
+}
+
+func (t *httpSimplePost) data2URLEncode(data []byte) (ret string) {
+ for i := 0; i < len(data); i++ {
+ ret = fmt.Sprintf("%s%%%s", ret, hex.EncodeToString([]byte{data[i]}))
+ }
+ return
+}
+
+func (t *httpSimplePost) Encode(data []byte) (encodedData []byte, err error) {
+ if t.rawTransSent {
+ return data, nil
+ }
+
+ dataLength := len(data)
+ var headData []byte
+ if headSize := t.IVLen + t.HeadLen; dataLength-headSize > 64 {
+ headData = make([]byte, headSize+rand.Intn(64))
+ } else {
+ headData = make([]byte, dataLength)
+ }
+ copy(headData, data[0:len(headData)])
+ requestPathIndex := rand.Intn(len(requestPath)/2) * 2
+ host := t.Host
+ var customHead string
+
+ if len(t.Param) > 0 {
+ customHeads := strings.Split(t.Param, "#")
+ if len(customHeads) > 2 {
+ customHeads = customHeads[0:2]
+ }
+ param := t.Param
+ if len(customHeads) > 1 {
+ customHead = customHeads[1]
+ param = customHeads[0]
+ }
+ hosts := strings.Split(param, ",")
+ if len(hosts) > 0 {
+ host = strings.TrimSpace(hosts[rand.Intn(len(hosts))])
+ }
+ }
+ method := "GET /"
+ if !t.getOrPost {
+ method = "POST /"
+ }
+ httpBuf := fmt.Sprintf("%s%s%s%s HTTP/1.1\r\nHost: %s:%d\r\n",
+ method,
+ requestPath[requestPathIndex],
+ t.data2URLEncode(headData),
+ requestPath[requestPathIndex+1],
+ host,
+ t.Port)
+ if len(customHead) > 0 {
+ httpBuf = httpBuf + strings.Replace(customHead, "\\n", "\r\n", -1) + "\r\n\r\n"
+ } else {
+ var contentType string
+ if !t.getOrPost {
+ contentType = "Content-Type: multipart/form-data; boundary=" + t.boundary() + "\r\n"
+ }
+ httpBuf = httpBuf +
+ "User-Agent: " + requestUserAgent[t.userAgentIndex] + "\r\n" +
+ "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" +
+ "Accept-Language: en-US,en;q=0.8\r\n" +
+ "Accept-Encoding: gzip, deflate\r\n" +
+ contentType +
+ "DNT: 1\r\n" +
+ "Connection: keep-alive\r\n" +
+ "\r\n"
+ }
+
+ if len(headData) < dataLength {
+ encodedData = make([]byte, len(httpBuf)+(dataLength-len(headData)))
+ copy(encodedData, []byte(httpBuf))
+ copy(encodedData[len(httpBuf):], data[len(headData):])
+ } else {
+ encodedData = []byte(httpBuf)
+ }
+ t.rawTransSent = true
+
+ return
+}
+
+func (t *httpSimplePost) Decode(data []byte) ([]byte, uint64, error) {
+ if t.rawTransReceived {
+ return data, 0, nil
+ }
+
+ pos := bytes.Index(data, []byte("\r\n\r\n"))
+ if pos > 0 {
+ decodedData := make([]byte, len(data)-pos-4)
+ copy(decodedData, data[pos+4:])
+ t.rawTransReceived = true
+ return decodedData, 0, nil
+ }
+ return nil, 0, nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/plain.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/plain.go
new file mode 100644
index 0000000..4ee2682
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/obfs/plain.go
@@ -0,0 +1,42 @@
+package obfs
+
+import (
+ "github.com/sun8911879/shadowsocksR/ssr"
+)
+
+func init() {
+ register("plain", newPlainObfs)
+}
+
+type plain struct {
+ ssr.ServerInfoForObfs
+}
+
+func newPlainObfs() IObfs {
+ p := &plain{}
+ return p
+}
+
+func (p *plain) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ p.ServerInfoForObfs = *s
+}
+
+func (p *plain) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &p.ServerInfoForObfs
+}
+
+func (p *plain) Encode(data []byte) (encodedData []byte, err error) {
+ return data, nil
+}
+
+func (p *plain) Decode(data []byte) ([]byte, uint64, error) {
+ return data, 0, nil
+}
+
+func (p *plain) SetData(data interface{}) {
+
+}
+
+func (p *plain) GetData() interface{} {
+ return nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/random_head.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/random_head.go
new file mode 100644
index 0000000..6e0366f
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/obfs/random_head.go
@@ -0,0 +1,79 @@
+package obfs
+
+import (
+ "math/rand"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+)
+
+type randomHead struct {
+ ssr.ServerInfoForObfs
+ rawTransSent bool
+ rawTransReceived bool
+ hasSentHeader bool
+ dataBuffer []byte
+}
+
+func init() {
+ register("random_head", newRandomHead)
+}
+
+func newRandomHead() IObfs {
+ p := &randomHead{}
+ return p
+}
+
+func (r *randomHead) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ r.ServerInfoForObfs = *s
+}
+
+func (r *randomHead) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &r.ServerInfoForObfs
+}
+
+func (r *randomHead) SetData(data interface{}) {
+
+}
+
+func (r *randomHead) GetData() interface{} {
+ return nil
+}
+
+func (r *randomHead) Encode(data []byte) (encodedData []byte, err error) {
+ if r.rawTransSent {
+ return data, nil
+ }
+
+ dataLength := len(data)
+ if r.hasSentHeader {
+ if dataLength > 0 {
+ d := make([]byte, len(r.dataBuffer)+dataLength)
+ copy(d, r.dataBuffer)
+ copy(d[len(r.dataBuffer):], data)
+ r.dataBuffer = d
+ } else {
+ encodedData = r.dataBuffer
+ r.dataBuffer = nil
+ r.rawTransSent = true
+ }
+ } else {
+ size := rand.Intn(96) + 8
+ encodedData = make([]byte, size)
+ rand.Read(encodedData)
+ ssr.SetCRC32(encodedData, size)
+
+ d := make([]byte, dataLength)
+ copy(d, data)
+ r.dataBuffer = d
+ }
+ r.hasSentHeader = true
+ return
+}
+
+func (r *randomHead) Decode(data []byte) ([]byte, uint64, error) {
+ if r.rawTransReceived {
+ return data, 0, nil
+ }
+ r.rawTransReceived = true
+ return data, 0, nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/obfs/tls12_ticket_auth.go b/vendor/github.com/sun8911879/shadowsocksR/obfs/tls12_ticket_auth.go
new file mode 100644
index 0000000..847c2e6
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/obfs/tls12_ticket_auth.go
@@ -0,0 +1,279 @@
+package obfs
+
+import (
+ "crypto/hmac"
+ "encoding/binary"
+ "fmt"
+ "math/rand"
+ "strings"
+ "time"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+ "github.com/sun8911879/shadowsocksR/tools"
+)
+
+func init() {
+ register("tls1.2_ticket_auth", newTLS12TicketAuth)
+}
+
+type tlsAuthData struct {
+ localClientID [32]byte
+}
+
+// tls12TicketAuth tls1.2_ticket_auth obfs encapsulate
+type tls12TicketAuth struct {
+ ssr.ServerInfoForObfs
+ data *tlsAuthData
+ sendID int
+ handshakeStatus int
+ sendBuffer []byte
+}
+
+// newTLS12TicketAuth create a tlv1.2_ticket_auth object
+func newTLS12TicketAuth() IObfs {
+ return &tls12TicketAuth{}
+}
+
+func (t *tls12TicketAuth) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ t.ServerInfoForObfs = *s
+}
+
+func (t *tls12TicketAuth) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &t.ServerInfoForObfs
+}
+
+func (t *tls12TicketAuth) SetData(data interface{}) {
+ if auth, ok := data.(*tlsAuthData); ok {
+ t.data = auth
+ }
+}
+
+func (t *tls12TicketAuth) GetData() interface{} {
+ if t.data == nil {
+ t.data = &tlsAuthData{}
+ b := make([]byte, 32)
+ rand.Read(b)
+ copy(t.data.localClientID[:], b)
+ }
+ return t.data
+}
+
+func (t *tls12TicketAuth) getHost() string {
+ host := t.Host
+ if len(t.Param) > 0 {
+ hosts := strings.Split(t.Param, ",")
+ if len(hosts) > 0 {
+ host = hosts[rand.Intn(len(hosts))]
+ host = strings.TrimSpace(host)
+ }
+ }
+ if len(host) > 0 && host[len(host)-1] >= byte('0') && host[len(host)-1] <= byte('9') && len(t.Param) == 0 {
+ host = ""
+ }
+ return host
+}
+
+func (t *tls12TicketAuth) Encode(data []byte) (encodedData []byte, err error) {
+ if t.handshakeStatus == -1 {
+ return data, nil
+ }
+ dataLength := len(data)
+
+ if t.handshakeStatus == 8 {
+ encodedData = make([]byte, dataLength+4096)
+ start := 0
+ outLength := 0
+
+ for t.sendID <= 4 && dataLength-start > 256 {
+ length := rand.Intn(512) + 64
+ if length > dataLength-start {
+ length = dataLength - start
+ }
+ copy(encodedData[outLength:], []byte{0x17, 0x3, 0x3})
+ binary.BigEndian.PutUint16(encodedData[outLength+3:], uint16(length&0xFFFF))
+ copy(encodedData[outLength+5:], data[start:start+length])
+ start += length
+ outLength += length + 5
+ t.sendID++
+ }
+ for dataLength-start > 2048 {
+ length := rand.Intn(3990) + 100
+ if length > dataLength-start {
+ length = dataLength - start
+ }
+ copy(encodedData[outLength:], []byte{0x17, 0x3, 0x3})
+ binary.BigEndian.PutUint16(encodedData[outLength+3:], uint16(length&0xFFFF))
+ copy(encodedData[outLength+5:], data[start:start+length])
+ start += length
+ outLength += length + 5
+ t.sendID++
+ }
+ if dataLength-start > 0 {
+ length := dataLength - start
+ copy(encodedData[outLength:], []byte{0x17, 0x3, 0x3})
+ binary.BigEndian.PutUint16(encodedData[outLength+3:], uint16(length&0xFFFF))
+ copy(encodedData[outLength+5:], data[start:start+length])
+ // not necessary to update variable *start* any more
+ outLength += length + 5
+ t.sendID++
+ }
+ encodedData = encodedData[:outLength]
+ return
+ }
+
+ if t.handshakeStatus == 1 {
+ //outLength := 0
+ if dataLength > 0 {
+ b := make([]byte, len(t.sendBuffer)+dataLength+5)
+ copy(b, t.sendBuffer)
+ copy(b[len(t.sendBuffer):], []byte{0x17, 0x3, 0x3})
+ binary.BigEndian.PutUint16(b[len(t.sendBuffer)+3:], uint16(dataLength&0xFFFF))
+ copy(b[len(t.sendBuffer)+5:], data)
+ t.sendBuffer = b
+ return []byte{}, nil
+ }
+
+ hmacData := make([]byte, 43)
+ rnd := make([]byte, 22)
+ rand.Read(rnd)
+
+ handshakeFinish := []byte("\x14\x03\x03\x00\x01\x01\x16\x03\x03\x00\x20")
+ copy(hmacData, handshakeFinish)
+ copy(hmacData[len(handshakeFinish):], rnd)
+
+ h := t.hmacSHA1(hmacData[:33])
+ copy(hmacData[33:], h)
+
+ encodedData = make([]byte, len(hmacData)+len(t.sendBuffer))
+ copy(encodedData, hmacData)
+ copy(encodedData[len(hmacData):], t.sendBuffer)
+ t.sendBuffer = nil
+ t.handshakeStatus = 8
+
+ return
+ }
+
+ rnd := t.packAuthData()
+
+ tlsData0 := []byte("\x00\x1c\xc0\x2b\xc0\x2f\xcc\xa9\xcc\xa8\xcc\x14\xcc\x13\xc0\x0a\xc0\x14\xc0\x09\xc0\x13\x00\x9c\x00\x35\x00\x2f\x00\x0a\x01\x00")
+ tlsData1 := []byte("\xff\x01\x00\x01\x00")
+ tlsData2 := []byte("\x00\x17\x00\x00\x00\x23\x00\xd0")
+ tlsData3 := []byte("\x00\x0d\x00\x16\x00\x14\x06\x01\x06\x03\x05\x01\x05\x03\x04\x01\x04\x03\x03\x01\x03\x03\x02\x01\x02\x03\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\x12\x00\x00\x75\x50\x00\x00\x00\x0b\x00\x02\x01\x00\x00\x0a\x00\x06\x00\x04\x00\x17\x00\x18" +
+ "\x00\x15\x00\x66\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
+
+ var sslBuf []byte
+ sslBuf = append(sslBuf, rnd...)
+ sslBuf = append(sslBuf, byte(32))
+ sslBuf = append(sslBuf, t.data.localClientID[:]...)
+ sslBuf = append(sslBuf, tlsData0...)
+
+ var extBuf []byte
+ extBuf = append(extBuf, tlsData1...)
+
+ host := t.getHost()
+
+ extBuf = append(extBuf, t.sni(host)...)
+ extBuf = append(extBuf, tlsData2...)
+ ticket := make([]byte, 208)
+ rand.Read(ticket)
+ extBuf = append(extBuf, ticket...)
+ extBuf = append(extBuf, tlsData3...)
+ extBuf = append([]byte{byte(len(extBuf) / 256), byte(len(extBuf) % 256)}, extBuf...)
+
+ sslBuf = append(sslBuf, extBuf...)
+ // client version
+ sslBuf = append([]byte{3, 3}, sslBuf...)
+ // length
+ sslBuf = append([]byte{1, 0, byte(len(sslBuf) / 256), byte(len(sslBuf) % 256)}, sslBuf...)
+ // length
+ sslBuf = append([]byte{byte(len(sslBuf) / 256), byte(len(sslBuf) % 256)}, sslBuf...)
+ // version
+ sslBuf = append([]byte{0x16, 3, 1}, sslBuf...)
+
+ encodedData = sslBuf
+
+ d := make([]byte, dataLength+5)
+ copy(d[0:], []byte{0x17, 0x3, 0x3})
+ binary.BigEndian.PutUint16(d[3:], uint16(dataLength&0xFFFF))
+ copy(d[5:], data)
+ b := make([]byte, len(t.sendBuffer)+len(d))
+ copy(b, t.sendBuffer)
+ copy(b[len(t.sendBuffer):], d)
+ t.sendBuffer = b
+
+ t.handshakeStatus = 1
+
+ return
+}
+
+func (t *tls12TicketAuth) Decode(data []byte) ([]byte, uint64, error) {
+ if t.handshakeStatus == -1 {
+ return data, 0, nil
+ }
+ dataLength := len(data)
+
+ if t.handshakeStatus == 8 {
+ if dataLength < 5 {
+ return nil, 5, fmt.Errorf("data need minimum length: 5 ,data only length: %d", dataLength)
+ }
+ if data[0] != 0x17 {
+ return nil, 0, ssr.ErrTLS12TicketAuthIncorrectMagicNumber
+ }
+ size := int(binary.BigEndian.Uint16(data[3:5]))
+ if size+5 > dataLength {
+ return nil, uint64(size + 5), fmt.Errorf("unexpected data length: %d ,data only length: %d", size+5, dataLength)
+ }
+ if dataLength == size+5 {
+ return data[5:], 0, nil
+ }
+ return data[5 : 5+size], uint64(size + 5), nil
+ }
+
+ if dataLength < 11+32+1+32 {
+ return nil, 0, ssr.ErrTLS12TicketAuthTooShortData
+ }
+
+ hash := t.hmacSHA1(data[11 : 11+22])
+
+ if !hmac.Equal(data[33:33+ssr.ObfsHMACSHA1Len], hash) {
+ return nil, 0, ssr.ErrTLS12TicketAuthHMACError
+ }
+ return nil, 1, nil
+}
+
+func (t *tls12TicketAuth) packAuthData() (outData []byte) {
+ outSize := 32
+ outData = make([]byte, outSize)
+
+ now := time.Now().Unix()
+ binary.BigEndian.PutUint32(outData[0:4], uint32(now))
+
+ rand.Read(outData[4 : 4+18])
+
+ hash := t.hmacSHA1(outData[:outSize-ssr.ObfsHMACSHA1Len])
+ copy(outData[outSize-ssr.ObfsHMACSHA1Len:], hash)
+
+ return
+}
+
+func (t *tls12TicketAuth) hmacSHA1(data []byte) []byte {
+ key := make([]byte, t.KeyLen+32)
+ copy(key, t.Key)
+ copy(key[t.KeyLen:], t.data.localClientID[:])
+
+ sha1Data := tools.HmacSHA1(key, data)
+ return sha1Data[:ssr.ObfsHMACSHA1Len]
+}
+
+func (t *tls12TicketAuth) sni(u string) []byte {
+ bURL := []byte(u)
+ length := len(bURL)
+ ret := make([]byte, length+9)
+ copy(ret[9:9+length], bURL)
+ binary.BigEndian.PutUint16(ret[7:], uint16(length&0xFFFF))
+ length += 3
+ binary.BigEndian.PutUint16(ret[4:], uint16(length&0xFFFF))
+ length += 2
+ binary.BigEndian.PutUint16(ret[2:], uint16(length&0xFFFF))
+ return ret
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_md5.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_md5.go
new file mode 100644
index 0000000..818b78d
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_md5.go
@@ -0,0 +1,282 @@
+package protocol
+
+import (
+ "bytes"
+ "crypto/aes"
+ "crypto/cipher"
+ "encoding/base64"
+ "encoding/binary"
+ "math/rand"
+ "strconv"
+ "strings"
+ "time"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+ "github.com/sun8911879/shadowsocksR/tools"
+)
+
+type hmacMethod func(key []byte, data []byte) []byte
+type hashDigestMethod func(data []byte) []byte
+
+func init() {
+ register("auth_aes128_md5", NewAuthAES128MD5)
+}
+
+func NewAuthAES128MD5() IProtocol {
+ a := &authAES128{
+ salt: "auth_aes128_md5",
+ hmac: tools.HmacMD5,
+ hashDigest: tools.MD5Sum,
+ packID: 1,
+ recvInfo: recvInfo{
+ recvID: 1,
+ buffer: bytes.NewBuffer(nil),
+ },
+ data: &authData{
+ connectionID: 0xFF000001,
+ },
+ }
+ return a
+}
+
+type recvInfo struct {
+ recvID uint32
+ buffer *bytes.Buffer
+}
+
+type authAES128 struct {
+ ssr.ServerInfoForObfs
+ recvInfo
+ data *authData
+ hasSentHeader bool
+ packID uint32
+ userKey []byte
+ salt string
+ hmac hmacMethod
+ hashDigest hashDigestMethod
+}
+
+func (a *authAES128) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ a.ServerInfoForObfs = *s
+}
+
+func (a *authAES128) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &a.ServerInfoForObfs
+}
+
+func (a *authAES128) SetData(data interface{}) {
+ if auth, ok := data.(*authData); ok {
+ a.data = auth
+ }
+}
+
+func (a *authAES128) GetData() interface{} {
+ if a.data == nil {
+ a.data = &authData{}
+ }
+ return a.data
+}
+
+func (a *authAES128) packData(data []byte) (outData []byte) {
+ dataLength := len(data)
+ randLength := 1
+ if dataLength <= 1200 {
+ if a.packID > 4 {
+ randLength += rand.Intn(32)
+ } else {
+ if dataLength > 900 {
+ randLength += rand.Intn(128)
+ } else {
+ randLength += rand.Intn(512)
+ }
+ }
+ }
+
+ outLength := randLength + dataLength + 8
+ outData = make([]byte, outLength)
+ // 0~1, out length
+ binary.LittleEndian.PutUint16(outData[0:], uint16(outLength&0xFFFF))
+ // 2~3, hmac
+ key := make([]byte, len(a.userKey)+4)
+ copy(key, a.userKey)
+ binary.LittleEndian.PutUint32(key[len(key)-4:], a.packID)
+ h := a.hmac(key, outData[0:2])
+ copy(outData[2:4], h[:2])
+ // 4~rand length+4, rand number
+ rand.Read(outData[4 : 4+randLength])
+ // 4, rand length
+ if randLength < 128 {
+ outData[4] = byte(randLength & 0xFF)
+ } else {
+ // 4, magic number 0xFF
+ outData[4] = 0xFF
+ // 5~6, rand length
+ binary.LittleEndian.PutUint16(outData[5:], uint16(randLength&0xFFFF))
+ }
+ // rand length+4~out length-4, data
+ if dataLength > 0 {
+ copy(outData[randLength+4:], data)
+ }
+ a.packID++
+ h = a.hmac(key, outData[:outLength-4])
+ copy(outData[outLength-4:], h[:4])
+ return
+}
+
+func (a *authAES128) packAuthData(data []byte) (outData []byte) {
+ dataLength := len(data)
+ var randLength int
+ if dataLength > 400 {
+ randLength = rand.Intn(512)
+ } else {
+ randLength = rand.Intn(1024)
+ }
+
+ dataOffset := randLength + 16 + 4 + 4 + 7
+ outLength := dataOffset + dataLength + 4
+ outData = make([]byte, outLength)
+ encrypt := make([]byte, 24)
+ key := make([]byte, a.IVLen+a.KeyLen)
+ copy(key, a.IV)
+ copy(key[a.IVLen:], a.Key)
+
+ rand.Read(outData[dataOffset-randLength:])
+
+ if a.data.connectionID > 0xFF000000 {
+ a.data.clientID = nil
+ }
+ if len(a.data.clientID) == 0 {
+ a.data.clientID = make([]byte, 4)
+ rand.Read(a.data.clientID)
+ b := make([]byte, 4)
+ rand.Read(b)
+ a.data.connectionID = binary.LittleEndian.Uint32(b) & 0xFFFFFF
+ }
+ a.data.connectionID++
+ copy(encrypt[4:], a.data.clientID)
+ binary.LittleEndian.PutUint32(encrypt[8:], a.data.connectionID)
+
+ now := time.Now().Unix()
+ binary.LittleEndian.PutUint32(encrypt[0:4], uint32(now))
+
+ binary.LittleEndian.PutUint16(encrypt[12:], uint16(outLength&0xFFFF))
+ binary.LittleEndian.PutUint16(encrypt[14:], uint16(randLength&0xFFFF))
+
+ params := strings.Split(a.Param, ":")
+ uid := make([]byte, 4)
+ if len(params) >= 2 {
+ if userID, err := strconv.ParseUint(params[0], 10, 32); err != nil {
+ rand.Read(uid)
+ } else {
+ binary.LittleEndian.PutUint32(uid, uint32(userID))
+ a.userKey = a.hashDigest([]byte(params[1]))
+ }
+ } else {
+ rand.Read(uid)
+ }
+
+ if a.userKey == nil {
+ a.userKey = make([]byte, a.KeyLen)
+ copy(a.userKey, a.Key)
+ }
+
+ encryptKey := make([]byte, len(a.userKey))
+ copy(encryptKey, a.userKey)
+
+ aesCipherKey := tools.EVPBytesToKey(base64.StdEncoding.EncodeToString(encryptKey)+a.salt, 16)
+ block, err := aes.NewCipher(aesCipherKey)
+ if err != nil {
+ return nil
+ }
+
+ encryptData := make([]byte, 16)
+ iv := make([]byte, aes.BlockSize)
+ cbc := cipher.NewCBCEncrypter(block, iv)
+ cbc.CryptBlocks(encryptData, encrypt[0:16])
+ copy(encrypt[4:4+16], encryptData)
+ copy(encrypt[0:4], uid)
+
+ h := a.hmac(key, encrypt[0:20])
+ copy(encrypt[20:], h[:4])
+
+ rand.Read(outData[0:1])
+ h = a.hmac(key, outData[0:1])
+ copy(outData[1:], h[0:7-1])
+
+ copy(outData[7:], encrypt)
+ copy(outData[dataOffset:], data)
+
+ h = a.hmac(a.userKey, outData[0:outLength-4])
+ copy(outData[outLength-4:], h[:4])
+
+ return
+}
+
+func (a *authAES128) PreEncrypt(plainData []byte) (outData []byte, err error) {
+ dataLength := len(plainData)
+ offset := 0
+ if !a.hasSentHeader {
+ authLength := dataLength
+ if authLength > 1200 {
+ authLength = 1200
+ }
+ packData := a.packAuthData(plainData[:authLength])
+ a.hasSentHeader = true
+ outData = append(outData, packData...)
+ dataLength -= authLength
+ offset += authLength
+ }
+ const blockSize = 4096
+ for dataLength > blockSize {
+ packData := a.packData(plainData[offset : offset+blockSize])
+ outData = append(outData, packData...)
+ dataLength -= blockSize
+ offset += blockSize
+ }
+ if dataLength > 0 {
+ packData := a.packData(plainData[offset:])
+ outData = append(outData, packData...)
+ }
+
+ return
+}
+
+func (a *authAES128) PostDecrypt(plainData []byte) ([]byte, int, error) {
+ a.buffer.Reset()
+ plainLength := len(plainData)
+ datalength := plainLength
+ readlenth := 0
+ key := make([]byte, len(a.userKey)+4)
+ copy(key, a.userKey)
+ for plainLength > 4 {
+ binary.LittleEndian.PutUint32(key[len(key)-4:], a.recvID)
+
+ h := a.hmac(key, plainData[0:2])
+ if h[0] != plainData[2] || h[1] != plainData[3] {
+ return nil, 0, ssr.ErrAuthAES128HMACError
+ }
+ length := int(binary.LittleEndian.Uint16(plainData[0:2]))
+ if length >= 8192 || length < 8 {
+ return nil, 0, ssr.ErrAuthAES128DataLengthError
+ }
+ if length > plainLength {
+ break
+ }
+ a.recvID++
+ pos := int(plainData[4])
+ if pos < 255 {
+ pos += 4
+ } else {
+ pos = int(binary.LittleEndian.Uint16(plainData[5:7])) + 4
+ }
+
+ a.buffer.Write(plainData[pos : length-4])
+ plainData = plainData[length:]
+ plainLength -= length
+ readlenth += length
+ }
+ if datalength == readlenth {
+ readlenth = -1
+ }
+ return a.buffer.Bytes(), readlenth, nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_sha1.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_sha1.go
new file mode 100644
index 0000000..c6c2b0e
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_aes128_sha1.go
@@ -0,0 +1,28 @@
+package protocol
+
+import (
+ "bytes"
+
+ "github.com/sun8911879/shadowsocksR/tools"
+)
+
+func init() {
+ register("auth_aes128_sha1", NewAuthAES128SHA1)
+}
+
+func NewAuthAES128SHA1() IProtocol {
+ a := &authAES128{
+ salt: "auth_aes128_sha1",
+ hmac: tools.HmacSHA1,
+ hashDigest: tools.SHA1Sum,
+ packID: 1,
+ recvInfo: recvInfo{
+ recvID: 1,
+ buffer: bytes.NewBuffer(nil),
+ },
+ data: &authData{
+ connectionID: 0xFF000001,
+ },
+ }
+ return a
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_sha1_v4.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_sha1_v4.go
new file mode 100644
index 0000000..ffec01b
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/protocol/auth_sha1_v4.go
@@ -0,0 +1,232 @@
+package protocol
+
+import (
+ "encoding/binary"
+ "math/rand"
+ "time"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+ "github.com/sun8911879/shadowsocksR/tools"
+)
+
+func init() {
+ register("auth_sha1_v4", NewAuthSHA1v4)
+}
+
+type authSHA1v4 struct {
+ ssr.ServerInfoForObfs
+ data *authData
+ hasSentHeader bool
+ recvBuffer []byte
+ recvBufferLength int
+}
+
+func NewAuthSHA1v4() IProtocol {
+ a := &authSHA1v4{}
+ return a
+}
+
+func (a *authSHA1v4) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ a.ServerInfoForObfs = *s
+}
+
+func (a *authSHA1v4) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &a.ServerInfoForObfs
+}
+
+func (a *authSHA1v4) SetData(data interface{}) {
+ if auth, ok := data.(*authData); ok {
+ a.data = auth
+ }
+}
+
+func (a *authSHA1v4) GetData() interface{} {
+ if a.data == nil {
+ a.data = &authData{}
+ }
+ return a.data
+}
+
+func (a *authSHA1v4) packData(data []byte) (outData []byte) {
+ dataLength := len(data)
+ randLength := 1
+ if dataLength <= 1300 {
+ if dataLength > 400 {
+ randLength += rand.Intn(128)
+ } else {
+ randLength += rand.Intn(1024)
+ }
+ }
+
+ outLength := randLength + dataLength + 8
+ outData = make([]byte, outLength)
+ // 0~1, out length
+ binary.BigEndian.PutUint16(outData[0:2], uint16(outLength&0xFFFF))
+ // 2~3, crc of out length
+ crc32 := ssr.CalcCRC32(outData, 2, 0xFFFFFFFF)
+ binary.LittleEndian.PutUint16(outData[2:4], uint16(crc32&0xFFFF))
+ // 4~rand length+4, rand number
+ rand.Read(outData[4 : 4+randLength])
+ // 4, rand length
+ if randLength < 128 {
+ outData[4] = byte(randLength & 0xFF)
+ } else {
+ // 4, magic number 0xFF
+ outData[4] = 0xFF
+ // 5~6, rand length
+ binary.BigEndian.PutUint16(outData[5:], uint16(randLength&0xFFFF))
+ }
+ // rand length+4~out length-4, data
+ if dataLength > 0 {
+ copy(outData[randLength+4:], data)
+ }
+ // out length-4~end, adler32 of full data
+ adler := ssr.CalcAdler32(outData[:outLength-4])
+ binary.LittleEndian.PutUint32(outData[outLength-4:], adler)
+
+ return outData
+}
+
+func (a *authSHA1v4) packAuthData(data []byte) (outData []byte) {
+ dataLength := len(data)
+ randLength := 1
+ if dataLength <= 1300 {
+ if dataLength > 400 {
+ randLength += rand.Intn(128)
+ } else {
+ randLength += rand.Intn(1024)
+ }
+ }
+ dataOffset := randLength + 4 + 2
+ outLength := dataOffset + dataLength + 12 + ssr.ObfsHMACSHA1Len
+ outData = make([]byte, outLength)
+
+ a.data.connectionID++
+ if a.data.connectionID > 0xFF000000 {
+ a.data.clientID = nil
+ }
+ if len(a.data.clientID) == 0 {
+ a.data.clientID = make([]byte, 8)
+ rand.Read(a.data.clientID)
+ b := make([]byte, 4)
+ rand.Read(b)
+ a.data.connectionID = binary.LittleEndian.Uint32(b) & 0xFFFFFF
+ }
+ // 0-1, out length
+ binary.BigEndian.PutUint16(outData[0:], uint16(outLength&0xFFFF))
+
+ // 2~6, crc of out length+salt+key
+ salt := []byte("auth_sha1_v4")
+ crcData := make([]byte, len(salt)+a.KeyLen+2)
+ copy(crcData[0:2], outData[0:2])
+ copy(crcData[2:], salt)
+ copy(crcData[2+len(salt):], a.Key)
+ crc32 := ssr.CalcCRC32(crcData, len(crcData), 0xFFFFFFFF)
+ // 2~6, crc of out length+salt+key
+ binary.LittleEndian.PutUint32(outData[2:], crc32)
+ // 6~rand length+6, rand numbers
+ rand.Read(outData[dataOffset-randLength : dataOffset])
+ // 6, rand length
+ if randLength < 128 {
+ outData[6] = byte(randLength & 0xFF)
+ } else {
+ // 6, magic number 0xFF
+ outData[6] = 0xFF
+ // 7-8, rand length
+ binary.BigEndian.PutUint16(outData[7:], uint16(randLength&0xFFFF))
+ }
+ // rand length+6~rand length+10, time stamp
+ now := time.Now().Unix()
+ binary.LittleEndian.PutUint32(outData[dataOffset:dataOffset+4], uint32(now))
+ // rand length+10~rand length+14, client ID
+ copy(outData[dataOffset+4:dataOffset+4+4], a.data.clientID[0:4])
+ // rand length+14~rand length+18, connection ID
+ binary.LittleEndian.PutUint32(outData[dataOffset+8:dataOffset+8+4], a.data.connectionID)
+ // rand length+18~rand length+18+data length, data
+ copy(outData[dataOffset+12:], data)
+
+ key := make([]byte, a.IVLen+a.KeyLen)
+ copy(key, a.IV)
+ copy(key[a.IVLen:], a.Key)
+
+ h := tools.HmacSHA1(key, outData[:outLength-ssr.ObfsHMACSHA1Len])
+ // out length-10~out length/rand length+18+data length~end, hmac
+ copy(outData[outLength-ssr.ObfsHMACSHA1Len:], h[0:ssr.ObfsHMACSHA1Len])
+
+ return outData
+}
+
+func (a *authSHA1v4) PreEncrypt(plainData []byte) (outData []byte, err error) {
+ dataLength := len(plainData)
+ offset := 0
+ if !a.hasSentHeader && dataLength > 0 {
+ authLength := dataLength
+ if headSize := ssr.GetHeadSize(plainData, 30); headSize <= dataLength {
+ authLength = headSize
+ }
+ packData := a.packAuthData(plainData[:authLength])
+ a.hasSentHeader = true
+ outData = append(outData, packData...)
+ dataLength -= authLength
+ offset += authLength
+ }
+ const blockSize = 4096
+ for dataLength > blockSize {
+ packData := a.packData(plainData[offset : offset+blockSize])
+ outData = append(outData, packData...)
+ dataLength -= blockSize
+ offset += blockSize
+ }
+ if dataLength > 0 {
+ packData := a.packData(plainData[offset:])
+ outData = append(outData, packData...)
+ }
+
+ return
+}
+
+func (a *authSHA1v4) PostDecrypt(plainData []byte) ([]byte, int, error) {
+ var outData []byte
+ dataLength := len(plainData)
+ b := make([]byte, len(a.recvBuffer)+dataLength)
+ copy(b, a.recvBuffer)
+ copy(b[len(a.recvBuffer):], plainData)
+ a.recvBuffer = b
+ a.recvBufferLength = len(b)
+ for a.recvBufferLength > 4 {
+ crc32 := ssr.CalcCRC32(a.recvBuffer, 2, 0xFFFFFFFF)
+ if binary.LittleEndian.Uint16(a.recvBuffer[2:4]) != uint16(crc32&0xFFFF) {
+ return nil, 0, ssr.ErrAuthSHA1v4CRC32Error
+ }
+ length := int(binary.BigEndian.Uint16(a.recvBuffer[0:2]))
+ if length >= 8192 || length < 8 {
+ a.recvBufferLength = 0
+ a.recvBuffer = nil
+ return nil, 0, ssr.ErrAuthSHA1v4DataLengthError
+ }
+ if length > a.recvBufferLength {
+ break
+ }
+
+ if ssr.CheckAdler32(a.recvBuffer, length) {
+ pos := int(a.recvBuffer[4])
+ if pos != 0xFF {
+ pos += 4
+ } else {
+ pos = int(binary.BigEndian.Uint16(a.recvBuffer[5:5+2])) + 4
+ }
+ outLength := length - pos - 4
+ b = make([]byte, len(outData)+outLength)
+ copy(b, outData)
+ copy(b[len(outData):], a.recvBuffer[pos:pos+outLength])
+ outData = b
+ a.recvBufferLength -= length
+ a.recvBuffer = a.recvBuffer[length:]
+ } else {
+ a.recvBufferLength = 0
+ a.recvBuffer = nil
+ return nil, 0, ssr.ErrAuthSHA1v4IncorrectChecksum
+ }
+ }
+ return outData, 0, nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/base.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/base.go
new file mode 100644
index 0000000..4fff0aa
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/protocol/base.go
@@ -0,0 +1,39 @@
+package protocol
+
+import (
+ "strings"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+)
+
+type creator func() IProtocol
+
+var (
+ creatorMap = make(map[string]creator)
+)
+
+type IProtocol interface {
+ SetServerInfo(s *ssr.ServerInfoForObfs)
+ GetServerInfo() *ssr.ServerInfoForObfs
+ PreEncrypt(data []byte) ([]byte, error)
+ PostDecrypt(data []byte) ([]byte, int, error)
+ SetData(data interface{})
+ GetData() interface{}
+}
+
+type authData struct {
+ clientID []byte
+ connectionID uint32
+}
+
+func register(name string, c creator) {
+ creatorMap[name] = c
+}
+
+func NewProtocol(name string) IProtocol {
+ c, ok := creatorMap[strings.ToLower(name)]
+ if ok {
+ return c()
+ }
+ return nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/origin.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/origin.go
new file mode 100644
index 0000000..8dd1851
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/protocol/origin.go
@@ -0,0 +1,42 @@
+package protocol
+
+import (
+ "github.com/sun8911879/shadowsocksR/ssr"
+)
+
+func init() {
+ register("origin", NewOrigin)
+}
+
+type origin struct {
+ ssr.ServerInfoForObfs
+}
+
+func NewOrigin() IProtocol {
+ a := &origin{}
+ return a
+}
+
+func (o *origin) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ o.ServerInfoForObfs = *s
+}
+
+func (o *origin) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &o.ServerInfoForObfs
+}
+
+func (o *origin) PreEncrypt(data []byte) (encryptedData []byte, err error) {
+ return data, nil
+}
+
+func (o *origin) PostDecrypt(data []byte) ([]byte, int, error) {
+ return data, 0, nil
+}
+
+func (o *origin) SetData(data interface{}) {
+
+}
+
+func (o *origin) GetData() interface{} {
+ return nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/protocol/verify_sha1.go b/vendor/github.com/sun8911879/shadowsocksR/protocol/verify_sha1.go
new file mode 100644
index 0000000..42543e5
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/protocol/verify_sha1.go
@@ -0,0 +1,101 @@
+package protocol
+
+import (
+ "bytes"
+ "encoding/binary"
+
+ "github.com/sun8911879/shadowsocksR/ssr"
+ "github.com/sun8911879/shadowsocksR/tools"
+)
+
+func init() {
+ register("verify_sha1", NewVerifySHA1)
+ register("ota", NewVerifySHA1)
+}
+
+type verifySHA1 struct {
+ ssr.ServerInfoForObfs
+ hasSentHeader bool
+ chunkId uint32
+}
+
+const (
+ oneTimeAuthMask byte = 0x10
+)
+
+func NewVerifySHA1() IProtocol {
+ a := &verifySHA1{}
+ return a
+}
+
+func (v *verifySHA1) otaConnectAuth(data []byte) []byte {
+ return append(data, tools.HmacSHA1(append(v.IV, v.Key...), data)...)
+}
+
+func (v *verifySHA1) otaReqChunkAuth(chunkId uint32, data []byte) []byte {
+ nb := make([]byte, 2)
+ binary.BigEndian.PutUint16(nb, uint16(len(data)))
+ chunkIdBytes := make([]byte, 4)
+ binary.BigEndian.PutUint32(chunkIdBytes, chunkId)
+ header := append(nb, tools.HmacSHA1(append(v.IV, chunkIdBytes...), data)...)
+ return append(header, data...)
+}
+
+func (v *verifySHA1) otaVerifyAuth(iv []byte, chunkId uint32, data []byte, expectedHmacSha1 []byte) bool {
+ chunkIdBytes := make([]byte, 4)
+ binary.BigEndian.PutUint32(chunkIdBytes, chunkId)
+ actualHmacSha1 := tools.HmacSHA1(append(iv, chunkIdBytes...), data)
+ return bytes.Equal(expectedHmacSha1, actualHmacSha1)
+}
+
+func (v *verifySHA1) getAndIncreaseChunkId() (chunkId uint32) {
+ chunkId = v.chunkId
+ v.chunkId += 1
+ return
+}
+
+func (v *verifySHA1) SetServerInfo(s *ssr.ServerInfoForObfs) {
+ v.ServerInfoForObfs = *s
+}
+
+func (v *verifySHA1) GetServerInfo() (s *ssr.ServerInfoForObfs) {
+ return &v.ServerInfoForObfs
+}
+
+func (v *verifySHA1) SetData(data interface{}) {
+
+}
+
+func (v *verifySHA1) GetData() interface{} {
+ return nil
+}
+
+func (v *verifySHA1) PreEncrypt(data []byte) (encryptedData []byte, err error) {
+ dataLength := len(data)
+ offset := 0
+ if !v.hasSentHeader {
+ data[0] |= oneTimeAuthMask
+ encryptedData = v.otaConnectAuth(data[:v.HeadLen])
+ v.hasSentHeader = true
+ dataLength -= v.HeadLen
+ offset += v.HeadLen
+ }
+ const blockSize = 4096
+ for dataLength > blockSize {
+ chunkId := v.getAndIncreaseChunkId()
+ b := v.otaReqChunkAuth(chunkId, data[offset:offset+blockSize])
+ encryptedData = append(encryptedData, b...)
+ dataLength -= blockSize
+ offset += blockSize
+ }
+ if dataLength > 0 {
+ chunkId := v.getAndIncreaseChunkId()
+ b := v.otaReqChunkAuth(chunkId, data[offset:])
+ encryptedData = append(encryptedData, b...)
+ }
+ return
+}
+
+func (v *verifySHA1) PostDecrypt(data []byte) ([]byte, int, error) {
+ return data, 0, nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/ssr/adler32.go b/vendor/github.com/sun8911879/shadowsocksR/ssr/adler32.go
new file mode 100644
index 0000000..6bda937
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/ssr/adler32.go
@@ -0,0 +1,31 @@
+package ssr
+
+import "encoding/binary"
+
+func calcShortAdler32(input []byte, a, b uint32) (uint32, uint32) {
+ for _, i := range input {
+ a += uint32(i)
+ b += a
+ }
+ a %= 65521
+ b %= 65521
+ return a, b
+}
+
+func CalcAdler32(input []byte) uint32 {
+ var a uint32 = 1
+ var b uint32 = 0
+ const nMax = 5552
+ for length := len(input); length > nMax; length -= nMax {
+ a, b = calcShortAdler32(input[:nMax], a, b)
+ input = input[nMax:]
+ }
+ a, b = calcShortAdler32(input, a, b)
+ return (b << 16) + a
+}
+
+func CheckAdler32(input []byte, l int) bool {
+ adler32 := CalcAdler32(input[:l-4])
+ checksum := binary.LittleEndian.Uint32(input[l-4:])
+ return adler32 == checksum
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/ssr/crc32.go b/vendor/github.com/sun8911879/shadowsocksR/ssr/crc32.go
new file mode 100644
index 0000000..9cf6cc6
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/ssr/crc32.go
@@ -0,0 +1,52 @@
+package ssr
+
+import "encoding/binary"
+
+var (
+ crc32Table = make([]uint32, 256)
+)
+
+func init() {
+ createCRC32Table()
+}
+
+func createCRC32Table() {
+ for i := 0; i < 256; i++ {
+ crc := uint32(i)
+ for j := 8; j > 0; j-- {
+ if crc&1 == 1 {
+ crc = (crc >> 1) ^ 0xEDB88320
+ } else {
+ crc >>= 1
+ }
+ }
+ crc32Table[i] = crc
+ }
+}
+
+func CalcCRC32(input []byte, length int, value uint32) uint32 {
+ value = 0xFFFFFFFF
+ return DoCalcCRC32(input, 0, length, value)
+}
+
+func DoCalcCRC32(input []byte, index int, length int, value uint32) uint32 {
+ buffer := input
+ for i := index; i < length; i++ {
+ value = (value >> 8) ^ crc32Table[byte(value&0xFF)^buffer[i]]
+ }
+ return value ^ 0xFFFFFFFF
+}
+
+func DoSetCRC32(buffer []byte, index int, length int) {
+ crc := CalcCRC32(buffer[:length-4], length-4, 0xFFFFFFFF)
+ binary.LittleEndian.PutUint32(buffer[length-4:], crc^0xFFFFFFFF)
+}
+
+func SetCRC32(buffer []byte, length int) {
+ DoSetCRC32(buffer, 0, length)
+}
+
+func CheckCRC32(buffer []byte, length int) bool {
+ crc := CalcCRC32(buffer, length, 0xFFFFFFFF)
+ return crc == 0xFFFFFFFF
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/ssr/obfs.go b/vendor/github.com/sun8911879/shadowsocksR/ssr/obfs.go
new file mode 100644
index 0000000..cee94a2
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/ssr/obfs.go
@@ -0,0 +1,55 @@
+package ssr
+
+import "errors"
+
+const ObfsHMACSHA1Len = 10
+
+var (
+ ErrAuthSHA1v4CRC32Error = errors.New("auth_sha1_v4 post decrypt data crc32 error")
+ ErrAuthSHA1v4DataLengthError = errors.New("auth_sha1_v4 post decrypt data length error")
+ ErrAuthSHA1v4IncorrectChecksum = errors.New("auth_sha1_v4 post decrypt incorrect checksum")
+ ErrAuthAES128HMACError = errors.New("auth_aes128_* post decrypt hmac error")
+ ErrAuthAES128DataLengthError = errors.New("auth_aes128_* post decrypt length mismatch")
+ ErrAuthAES128IncorrectChecksum = errors.New("auth_aes128_* post decrypt incorrect checksum")
+ ErrTLS12TicketAuthTooShortData = errors.New("tls1.2_ticket_auth too short data")
+ ErrTLS12TicketAuthHMACError = errors.New("tls1.2_ticket_auth hmac verifying failed")
+ ErrTLS12TicketAuthIncorrectMagicNumber = errors.New("tls1.2_ticket_auth incorrect magic number")
+)
+
+type ServerInfoForObfs struct {
+ Host string
+ Port uint16
+ Param string
+ IV []byte
+ IVLen int
+ RecvIV []byte
+ RecvIVLen int
+ Key []byte
+ KeyLen int
+ HeadLen int
+ TcpMss int
+}
+
+func GetHeadSize(data []byte, defaultValue int) int {
+ if data == nil || len(data) < 2 {
+ return defaultValue
+ }
+ headType := data[0] & 0x07
+ switch headType {
+ case 1:
+ // IPv4 1+4+2
+ return 7
+ case 4:
+ // IPv6 1+16+2
+ return 19
+ case 3:
+ // domain name, variant length
+ return 4 + int(data[1])
+ }
+
+ return defaultValue
+}
+
+func (s *ServerInfoForObfs) SetHeadLen(data []byte, defaultValue int) {
+ s.HeadLen = GetHeadSize(data, defaultValue)
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/tcp.go b/vendor/github.com/sun8911879/shadowsocksR/tcp.go
new file mode 100644
index 0000000..4e86d98
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/tcp.go
@@ -0,0 +1,251 @@
+package shadowsocksr
+
+import (
+ "bytes"
+ "fmt"
+ "net"
+ "sync"
+
+ "github.com/sun8911879/shadowsocksR/obfs"
+ "github.com/sun8911879/shadowsocksR/protocol"
+ "github.com/sun8911879/shadowsocksR/tools/leakybuf"
+)
+
+// SSTCPConn the struct that override the net.Conn methods
+type SSTCPConn struct {
+ net.Conn
+ sync.RWMutex
+ *StreamCipher
+ IObfs obfs.IObfs
+ IProtocol protocol.IProtocol
+ readBuf []byte
+ readDecodeBuf *bytes.Buffer
+ readIObfsBuf *bytes.Buffer
+ readEncryptBuf *bytes.Buffer
+ readIndex uint64
+ readUserBuf *bytes.Buffer
+ writeBuf []byte
+ lastReadError error
+}
+
+func NewSSTCPConn(c net.Conn, cipher *StreamCipher) *SSTCPConn {
+ return &SSTCPConn{
+ Conn: c,
+ StreamCipher: cipher,
+ readBuf: leakybuf.GlobalLeakyBuf.Get(),
+ readDecodeBuf: bytes.NewBuffer(nil),
+ readIObfsBuf: bytes.NewBuffer(nil),
+ readUserBuf: bytes.NewBuffer(nil),
+ readEncryptBuf: bytes.NewBuffer(nil),
+ writeBuf: leakybuf.GlobalLeakyBuf.Get(),
+ }
+}
+
+func (c *SSTCPConn) Close() error {
+ leakybuf.GlobalLeakyBuf.Put(c.readBuf)
+ leakybuf.GlobalLeakyBuf.Put(c.writeBuf)
+ return c.Conn.Close()
+}
+
+func (c *SSTCPConn) GetIv() (iv []byte) {
+ iv = make([]byte, len(c.iv))
+ copy(iv, c.iv)
+ return
+}
+
+func (c *SSTCPConn) GetKey() (key []byte) {
+ key = make([]byte, len(c.key))
+ copy(key, c.key)
+ return
+}
+
+func (c *SSTCPConn) initEncryptor(b []byte) (iv []byte, err error) {
+ if c.enc == nil {
+ iv, err = c.initEncrypt()
+ if err != nil {
+ return nil, err
+ }
+
+ // should initialize obfs/protocol now, because iv is ready now
+ obfsServerInfo := c.IObfs.GetServerInfo()
+ obfsServerInfo.SetHeadLen(b, 30)
+ obfsServerInfo.IV, obfsServerInfo.IVLen = c.IV()
+ obfsServerInfo.Key, obfsServerInfo.KeyLen = c.Key()
+ c.IObfs.SetServerInfo(obfsServerInfo)
+
+ protocolServerInfo := c.IProtocol.GetServerInfo()
+ protocolServerInfo.SetHeadLen(b, 30)
+ protocolServerInfo.IV, protocolServerInfo.IVLen = c.IV()
+ protocolServerInfo.Key, protocolServerInfo.KeyLen = c.Key()
+ c.IProtocol.SetServerInfo(protocolServerInfo)
+ }
+ return
+}
+
+func (c *SSTCPConn) Read(b []byte) (n int, err error) {
+ for {
+ n, err = c.doRead(b)
+ if b == nil || n != 0 || err != nil {
+ return n, err
+ }
+ }
+}
+
+func (c *SSTCPConn) doRead(b []byte) (n int, err error) {
+ //先吐出已经解密后数据
+ if c.readUserBuf.Len() > 0 {
+ return c.readUserBuf.Read(b)
+ }
+ //未读取够长度继续读取并解码
+ decodelength := c.readDecodeBuf.Len()
+ if (decodelength == 0 || c.readEncryptBuf.Len() > 0 || (c.readIndex != 0 && c.readIndex > uint64(decodelength))) && c.lastReadError == nil {
+ c.readIndex = 0
+ n, c.lastReadError = c.Conn.Read(c.readBuf)
+ //写入decode 缓存
+ c.readDecodeBuf.Write(c.readBuf[0:n])
+ }
+ //无缓冲数据返回错误
+ if c.lastReadError != nil && (decodelength == 0 || uint64(decodelength) < c.readIndex) {
+ return 0, c.lastReadError
+ }
+ decodelength = c.readDecodeBuf.Len()
+ decodebytes := c.readDecodeBuf.Bytes()
+ c.readDecodeBuf.Reset()
+
+ for {
+
+ decodedData, length, err := c.IObfs.Decode(decodebytes)
+ if length == 0 && err != nil {
+ return 0, err
+ }
+
+ //do send back
+ if length == 1 {
+ c.Write(make([]byte, 0))
+ return 0, nil
+ }
+
+ //数据不够长度
+ if err != nil {
+ if uint64(decodelength) >= length {
+ return 0, fmt.Errorf("data length: %d,decode data length: %d unknown panic", decodelength, length)
+ }
+ c.readIndex = length
+ c.readDecodeBuf.Write(decodebytes)
+ if c.readIObfsBuf.Len() == 0 {
+ return 0, nil
+ }
+ break
+ }
+
+ if length >= 1 {
+ //读出数据 但是有多余的数据 返回已经读取数值
+ c.readIObfsBuf.Write(decodedData)
+ decodebytes = decodebytes[length:]
+ decodelength = len(decodebytes)
+ continue
+ }
+
+ //完全读取数据 -- length == 0
+ c.readIObfsBuf.Write(decodedData)
+ break
+ }
+
+ decodedData := c.readIObfsBuf.Bytes()
+ decodelength = c.readIObfsBuf.Len()
+ c.readIObfsBuf.Reset()
+
+ if c.dec == nil {
+ iv := decodedData[0:c.info.ivLen]
+ if err = c.initDecrypt(iv); err != nil {
+ return 0, err
+ }
+
+ if len(c.iv) == 0 {
+ c.iv = iv
+ }
+ decodelength -= c.info.ivLen
+ if decodelength <= 0 {
+ return 0, nil
+ }
+ decodedData = decodedData[c.info.ivLen:]
+ }
+
+ buf := make([]byte, decodelength)
+ c.decrypt(buf, decodedData)
+
+ c.readEncryptBuf.Write(buf)
+ encryptbuf := c.readEncryptBuf.Bytes()
+ c.readEncryptBuf.Reset()
+ postDecryptedData, length, err := c.IProtocol.PostDecrypt(encryptbuf)
+ if err != nil {
+ return 0, err
+ }
+ if length == 0 {
+ c.readEncryptBuf.Write(encryptbuf)
+ return 0, nil
+ }
+
+ if length > 0 {
+ c.readEncryptBuf.Write(encryptbuf[length:])
+ }
+
+ postDecryptedlength := len(postDecryptedData)
+ blength := len(b)
+ copy(b, postDecryptedData)
+ if blength > postDecryptedlength {
+ return postDecryptedlength, nil
+ }
+ c.readUserBuf.Write(postDecryptedData[len(b):])
+ return blength, nil
+}
+
+func (c *SSTCPConn) preWrite(b []byte) (outData []byte, err error) {
+ var iv []byte
+ if iv, err = c.initEncryptor(b); err != nil {
+ return
+ }
+
+ var preEncryptedData []byte
+ preEncryptedData, err = c.IProtocol.PreEncrypt(b)
+ if err != nil {
+ return
+ }
+ preEncryptedDataLen := len(preEncryptedData)
+ //c.encrypt(cipherData[len(iv):], b)
+ encryptedData := make([]byte, preEncryptedDataLen)
+ //! \attention here the expected output buffer length MUST be accurate, it is preEncryptedDataLen now!
+ c.encrypt(encryptedData[0:preEncryptedDataLen], preEncryptedData)
+
+ //common.Info("len(b)=", len(b), ", b:", b,
+ // ", pre encrypted data length:", preEncryptedDataLen,
+ // ", pre encrypted data:", preEncryptedData,
+ // ", encrypted data length:", preEncryptedDataLen)
+
+ cipherData := c.writeBuf
+ dataSize := len(encryptedData) + len(iv)
+ if dataSize > len(cipherData) {
+ cipherData = make([]byte, dataSize)
+ } else {
+ cipherData = cipherData[:dataSize]
+ }
+
+ if iv != nil {
+ // Put initialization vector in buffer before be encoded
+ copy(cipherData, iv)
+ }
+ copy(cipherData[len(iv):], encryptedData)
+
+ return c.IObfs.Encode(cipherData)
+}
+
+func (c *SSTCPConn) Write(b []byte) (n int, err error) {
+ outData, err := c.preWrite(b)
+ if err == nil {
+ n, err = c.Conn.Write(outData)
+ if err != nil {
+ return n, err
+ }
+ }
+ return len(b), nil
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/tools/encrypt.go b/vendor/github.com/sun8911879/shadowsocksR/tools/encrypt.go
new file mode 100644
index 0000000..5ecb3b9
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/tools/encrypt.go
@@ -0,0 +1,51 @@
+package tools
+
+import (
+ "crypto/hmac"
+ "crypto/md5"
+ "crypto/sha1"
+)
+
+func HmacMD5(key []byte, data []byte) []byte {
+ hmacMD5 := hmac.New(md5.New, key)
+ hmacMD5.Write(data)
+ return hmacMD5.Sum(nil)[:10]
+}
+
+func HmacSHA1(key []byte, data []byte) []byte {
+ hmacSHA1 := hmac.New(sha1.New, key)
+ hmacSHA1.Write(data)
+ return hmacSHA1.Sum(nil)[:10]
+}
+
+func MD5Sum(d []byte) []byte {
+ h := md5.New()
+ h.Write(d)
+ return h.Sum(nil)
+}
+
+func SHA1Sum(d []byte) []byte {
+ h := sha1.New()
+ h.Write(d)
+ return h.Sum(nil)
+}
+
+func EVPBytesToKey(password string, keyLen int) (key []byte) {
+ const md5Len = 16
+
+ cnt := (keyLen-1)/md5Len + 1
+ m := make([]byte, cnt*md5Len)
+ copy(m, MD5Sum([]byte(password)))
+
+ // Repeatedly call md5 until bytes generated is enough.
+ // Each call to md5 uses data: prev md5 sum + password.
+ d := make([]byte, md5Len+len(password))
+ start := 0
+ for i := 1; i < cnt; i++ {
+ start += md5Len
+ copy(d, m[start-md5Len:start])
+ copy(d[md5Len:], password)
+ copy(m[start:], MD5Sum(d))
+ }
+ return m[:keyLen]
+}
diff --git a/vendor/github.com/sun8911879/shadowsocksR/tools/leakybuf/leakybuf.go b/vendor/github.com/sun8911879/shadowsocksR/tools/leakybuf/leakybuf.go
new file mode 100644
index 0000000..096c9cb
--- /dev/null
+++ b/vendor/github.com/sun8911879/shadowsocksR/tools/leakybuf/leakybuf.go
@@ -0,0 +1,47 @@
+// Provides leaky buffer, based on the example in Effective Go.
+package leakybuf
+
+type LeakyBuf struct {
+ bufSize int // size of each buffer
+ freeList chan []byte
+}
+
+// NewLeakyBuf creates a leaky buffer which can hold at most n buffer, each
+// with bufSize bytes.
+func NewLeakyBuf(n, bufSize int) *LeakyBuf {
+ return &LeakyBuf{
+ bufSize: bufSize,
+ freeList: make(chan []byte, n),
+ }
+}
+
+// Get returns a buffer from the leaky buffer or create a new buffer.
+func (lb *LeakyBuf) Get() (b []byte) {
+ select {
+ case b = <-lb.freeList:
+ default:
+ b = make([]byte, lb.bufSize)
+ }
+ return
+}
+
+// Put add the buffer into the free buffer pool for reuse. Panic if the buffer
+// size is not the same with the leaky buffer's. This is intended to expose
+// error usage of leaky buffer.
+func (lb *LeakyBuf) Put(b []byte) {
+ if len(b) != lb.bufSize {
+ panic("invalid buffer size that's put into leaky buffer")
+ }
+ select {
+ case lb.freeList <- b:
+ default:
+ }
+ return
+}
+
+const (
+ GlobalLeakyBufSize = 32 * 1024 // data.len(2) + hmacsha1(10) + data(4096)
+ maxNBuf = 8192
+)
+
+var GlobalLeakyBuf = NewLeakyBuf(maxNBuf, GlobalLeakyBufSize)
diff --git a/vendor/golang.org/x/crypto/LICENSE b/vendor/golang.org/x/crypto/LICENSE
new file mode 100644
index 0000000..6a66aea
--- /dev/null
+++ b/vendor/golang.org/x/crypto/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+ * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/golang.org/x/crypto/PATENTS b/vendor/golang.org/x/crypto/PATENTS
new file mode 100644
index 0000000..7330990
--- /dev/null
+++ b/vendor/golang.org/x/crypto/PATENTS
@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go. This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation. If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.
diff --git a/vendor/golang.org/x/crypto/blowfish/block.go b/vendor/golang.org/x/crypto/blowfish/block.go
new file mode 100644
index 0000000..9d80f19
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blowfish/block.go
@@ -0,0 +1,159 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package blowfish
+
+// getNextWord returns the next big-endian uint32 value from the byte slice
+// at the given position in a circular manner, updating the position.
+func getNextWord(b []byte, pos *int) uint32 {
+ var w uint32
+ j := *pos
+ for i := 0; i < 4; i++ {
+ w = w<<8 | uint32(b[j])
+ j++
+ if j >= len(b) {
+ j = 0
+ }
+ }
+ *pos = j
+ return w
+}
+
+// ExpandKey performs a key expansion on the given *Cipher. Specifically, it
+// performs the Blowfish algorithm's key schedule which sets up the *Cipher's
+// pi and substitution tables for calls to Encrypt. This is used, primarily,
+// by the bcrypt package to reuse the Blowfish key schedule during its
+// set up. It's unlikely that you need to use this directly.
+func ExpandKey(key []byte, c *Cipher) {
+ j := 0
+ for i := 0; i < 18; i++ {
+ // Using inlined getNextWord for performance.
+ var d uint32
+ for k := 0; k < 4; k++ {
+ d = d<<8 | uint32(key[j])
+ j++
+ if j >= len(key) {
+ j = 0
+ }
+ }
+ c.p[i] ^= d
+ }
+
+ var l, r uint32
+ for i := 0; i < 18; i += 2 {
+ l, r = encryptBlock(l, r, c)
+ c.p[i], c.p[i+1] = l, r
+ }
+
+ for i := 0; i < 256; i += 2 {
+ l, r = encryptBlock(l, r, c)
+ c.s0[i], c.s0[i+1] = l, r
+ }
+ for i := 0; i < 256; i += 2 {
+ l, r = encryptBlock(l, r, c)
+ c.s1[i], c.s1[i+1] = l, r
+ }
+ for i := 0; i < 256; i += 2 {
+ l, r = encryptBlock(l, r, c)
+ c.s2[i], c.s2[i+1] = l, r
+ }
+ for i := 0; i < 256; i += 2 {
+ l, r = encryptBlock(l, r, c)
+ c.s3[i], c.s3[i+1] = l, r
+ }
+}
+
+// This is similar to ExpandKey, but folds the salt during the key
+// schedule. While ExpandKey is essentially expandKeyWithSalt with an all-zero
+// salt passed in, reusing ExpandKey turns out to be a place of inefficiency
+// and specializing it here is useful.
+func expandKeyWithSalt(key []byte, salt []byte, c *Cipher) {
+ j := 0
+ for i := 0; i < 18; i++ {
+ c.p[i] ^= getNextWord(key, &j)
+ }
+
+ j = 0
+ var l, r uint32
+ for i := 0; i < 18; i += 2 {
+ l ^= getNextWord(salt, &j)
+ r ^= getNextWord(salt, &j)
+ l, r = encryptBlock(l, r, c)
+ c.p[i], c.p[i+1] = l, r
+ }
+
+ for i := 0; i < 256; i += 2 {
+ l ^= getNextWord(salt, &j)
+ r ^= getNextWord(salt, &j)
+ l, r = encryptBlock(l, r, c)
+ c.s0[i], c.s0[i+1] = l, r
+ }
+
+ for i := 0; i < 256; i += 2 {
+ l ^= getNextWord(salt, &j)
+ r ^= getNextWord(salt, &j)
+ l, r = encryptBlock(l, r, c)
+ c.s1[i], c.s1[i+1] = l, r
+ }
+
+ for i := 0; i < 256; i += 2 {
+ l ^= getNextWord(salt, &j)
+ r ^= getNextWord(salt, &j)
+ l, r = encryptBlock(l, r, c)
+ c.s2[i], c.s2[i+1] = l, r
+ }
+
+ for i := 0; i < 256; i += 2 {
+ l ^= getNextWord(salt, &j)
+ r ^= getNextWord(salt, &j)
+ l, r = encryptBlock(l, r, c)
+ c.s3[i], c.s3[i+1] = l, r
+ }
+}
+
+func encryptBlock(l, r uint32, c *Cipher) (uint32, uint32) {
+ xl, xr := l, r
+ xl ^= c.p[0]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[1]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[2]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[3]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[4]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[5]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[6]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[7]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[8]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[9]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[10]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[11]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[12]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[13]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[14]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[15]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[16]
+ xr ^= c.p[17]
+ return xr, xl
+}
+
+func decryptBlock(l, r uint32, c *Cipher) (uint32, uint32) {
+ xl, xr := l, r
+ xl ^= c.p[17]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[16]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[15]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[14]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[13]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[12]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[11]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[10]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[9]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[8]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[7]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[6]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[5]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[4]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[3]
+ xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[2]
+ xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[1]
+ xr ^= c.p[0]
+ return xr, xl
+}
diff --git a/vendor/golang.org/x/crypto/blowfish/cipher.go b/vendor/golang.org/x/crypto/blowfish/cipher.go
new file mode 100644
index 0000000..2641dad
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blowfish/cipher.go
@@ -0,0 +1,91 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package blowfish implements Bruce Schneier's Blowfish encryption algorithm.
+package blowfish // import "golang.org/x/crypto/blowfish"
+
+// The code is a port of Bruce Schneier's C implementation.
+// See https://www.schneier.com/blowfish.html.
+
+import "strconv"
+
+// The Blowfish block size in bytes.
+const BlockSize = 8
+
+// A Cipher is an instance of Blowfish encryption using a particular key.
+type Cipher struct {
+ p [18]uint32
+ s0, s1, s2, s3 [256]uint32
+}
+
+type KeySizeError int
+
+func (k KeySizeError) Error() string {
+ return "crypto/blowfish: invalid key size " + strconv.Itoa(int(k))
+}
+
+// NewCipher creates and returns a Cipher.
+// The key argument should be the Blowfish key, from 1 to 56 bytes.
+func NewCipher(key []byte) (*Cipher, error) {
+ var result Cipher
+ if k := len(key); k < 1 || k > 56 {
+ return nil, KeySizeError(k)
+ }
+ initCipher(&result)
+ ExpandKey(key, &result)
+ return &result, nil
+}
+
+// NewSaltedCipher creates a returns a Cipher that folds a salt into its key
+// schedule. For most purposes, NewCipher, instead of NewSaltedCipher, is
+// sufficient and desirable. For bcrypt compatibility, the key can be over 56
+// bytes.
+func NewSaltedCipher(key, salt []byte) (*Cipher, error) {
+ if len(salt) == 0 {
+ return NewCipher(key)
+ }
+ var result Cipher
+ if k := len(key); k < 1 {
+ return nil, KeySizeError(k)
+ }
+ initCipher(&result)
+ expandKeyWithSalt(key, salt, &result)
+ return &result, nil
+}
+
+// BlockSize returns the Blowfish block size, 8 bytes.
+// It is necessary to satisfy the Block interface in the
+// package "crypto/cipher".
+func (c *Cipher) BlockSize() int { return BlockSize }
+
+// Encrypt encrypts the 8-byte buffer src using the key k
+// and stores the result in dst.
+// Note that for amounts of data larger than a block,
+// it is not safe to just call Encrypt on successive blocks;
+// instead, use an encryption mode like CBC (see crypto/cipher/cbc.go).
+func (c *Cipher) Encrypt(dst, src []byte) {
+ l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
+ r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
+ l, r = encryptBlock(l, r, c)
+ dst[0], dst[1], dst[2], dst[3] = byte(l>>24), byte(l>>16), byte(l>>8), byte(l)
+ dst[4], dst[5], dst[6], dst[7] = byte(r>>24), byte(r>>16), byte(r>>8), byte(r)
+}
+
+// Decrypt decrypts the 8-byte buffer src using the key k
+// and stores the result in dst.
+func (c *Cipher) Decrypt(dst, src []byte) {
+ l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
+ r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
+ l, r = decryptBlock(l, r, c)
+ dst[0], dst[1], dst[2], dst[3] = byte(l>>24), byte(l>>16), byte(l>>8), byte(l)
+ dst[4], dst[5], dst[6], dst[7] = byte(r>>24), byte(r>>16), byte(r>>8), byte(r)
+}
+
+func initCipher(c *Cipher) {
+ copy(c.p[0:], p[0:])
+ copy(c.s0[0:], s0[0:])
+ copy(c.s1[0:], s1[0:])
+ copy(c.s2[0:], s2[0:])
+ copy(c.s3[0:], s3[0:])
+}
diff --git a/vendor/golang.org/x/crypto/blowfish/const.go b/vendor/golang.org/x/crypto/blowfish/const.go
new file mode 100644
index 0000000..d040775
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blowfish/const.go
@@ -0,0 +1,199 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// The startup permutation array and substitution boxes.
+// They are the hexadecimal digits of PI; see:
+// https://www.schneier.com/code/constants.txt.
+
+package blowfish
+
+var s0 = [256]uint32{
+ 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,
+ 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
+ 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,
+ 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
+ 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,
+ 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
+ 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,
+ 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
+ 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,
+ 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
+ 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,
+ 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
+ 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,
+ 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
+ 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,
+ 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
+ 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,
+ 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
+ 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,
+ 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
+ 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,
+ 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
+ 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,
+ 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
+ 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,
+ 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
+ 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,
+ 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
+ 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,
+ 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
+ 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,
+ 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
+ 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,
+ 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
+ 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,
+ 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
+ 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,
+ 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
+ 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,
+ 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
+ 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,
+ 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
+ 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a,
+}
+
+var s1 = [256]uint32{
+ 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,
+ 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
+ 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,
+ 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
+ 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,
+ 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
+ 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,
+ 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
+ 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,
+ 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
+ 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,
+ 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
+ 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,
+ 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
+ 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,
+ 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
+ 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,
+ 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
+ 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,
+ 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
+ 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,
+ 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
+ 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,
+ 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
+ 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,
+ 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
+ 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,
+ 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
+ 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,
+ 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
+ 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,
+ 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
+ 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,
+ 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
+ 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,
+ 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
+ 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,
+ 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
+ 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,
+ 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
+ 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,
+ 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
+ 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7,
+}
+
+var s2 = [256]uint32{
+ 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,
+ 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
+ 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,
+ 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
+ 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,
+ 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
+ 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,
+ 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
+ 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,
+ 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
+ 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,
+ 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
+ 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,
+ 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
+ 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,
+ 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
+ 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,
+ 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
+ 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,
+ 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
+ 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,
+ 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
+ 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,
+ 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
+ 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,
+ 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
+ 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,
+ 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
+ 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,
+ 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
+ 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,
+ 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
+ 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,
+ 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
+ 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,
+ 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
+ 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,
+ 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
+ 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,
+ 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
+ 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,
+ 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
+ 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0,
+}
+
+var s3 = [256]uint32{
+ 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,
+ 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
+ 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,
+ 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
+ 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,
+ 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
+ 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,
+ 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
+ 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,
+ 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
+ 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,
+ 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
+ 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,
+ 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
+ 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,
+ 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
+ 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,
+ 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
+ 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,
+ 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
+ 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,
+ 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
+ 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,
+ 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
+ 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,
+ 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
+ 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,
+ 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
+ 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,
+ 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
+ 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,
+ 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
+ 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,
+ 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
+ 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,
+ 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
+ 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,
+ 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
+ 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,
+ 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
+ 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,
+ 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
+ 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6,
+}
+
+var p = [18]uint32{
+ 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,
+ 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
+ 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b,
+}
diff --git a/vendor/golang.org/x/crypto/cast5/cast5.go b/vendor/golang.org/x/crypto/cast5/cast5.go
new file mode 100644
index 0000000..0b4af37
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cast5/cast5.go
@@ -0,0 +1,526 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cast5 implements CAST5, as defined in RFC 2144. CAST5 is a common
+// OpenPGP cipher.
+package cast5 // import "golang.org/x/crypto/cast5"
+
+import "errors"
+
+const BlockSize = 8
+const KeySize = 16
+
+type Cipher struct {
+ masking [16]uint32
+ rotate [16]uint8
+}
+
+func NewCipher(key []byte) (c *Cipher, err error) {
+ if len(key) != KeySize {
+ return nil, errors.New("CAST5: keys must be 16 bytes")
+ }
+
+ c = new(Cipher)
+ c.keySchedule(key)
+ return
+}
+
+func (c *Cipher) BlockSize() int {
+ return BlockSize
+}
+
+func (c *Cipher) Encrypt(dst, src []byte) {
+ l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
+ r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
+
+ l, r = r, l^f1(r, c.masking[0], c.rotate[0])
+ l, r = r, l^f2(r, c.masking[1], c.rotate[1])
+ l, r = r, l^f3(r, c.masking[2], c.rotate[2])
+ l, r = r, l^f1(r, c.masking[3], c.rotate[3])
+
+ l, r = r, l^f2(r, c.masking[4], c.rotate[4])
+ l, r = r, l^f3(r, c.masking[5], c.rotate[5])
+ l, r = r, l^f1(r, c.masking[6], c.rotate[6])
+ l, r = r, l^f2(r, c.masking[7], c.rotate[7])
+
+ l, r = r, l^f3(r, c.masking[8], c.rotate[8])
+ l, r = r, l^f1(r, c.masking[9], c.rotate[9])
+ l, r = r, l^f2(r, c.masking[10], c.rotate[10])
+ l, r = r, l^f3(r, c.masking[11], c.rotate[11])
+
+ l, r = r, l^f1(r, c.masking[12], c.rotate[12])
+ l, r = r, l^f2(r, c.masking[13], c.rotate[13])
+ l, r = r, l^f3(r, c.masking[14], c.rotate[14])
+ l, r = r, l^f1(r, c.masking[15], c.rotate[15])
+
+ dst[0] = uint8(r >> 24)
+ dst[1] = uint8(r >> 16)
+ dst[2] = uint8(r >> 8)
+ dst[3] = uint8(r)
+ dst[4] = uint8(l >> 24)
+ dst[5] = uint8(l >> 16)
+ dst[6] = uint8(l >> 8)
+ dst[7] = uint8(l)
+}
+
+func (c *Cipher) Decrypt(dst, src []byte) {
+ l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
+ r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
+
+ l, r = r, l^f1(r, c.masking[15], c.rotate[15])
+ l, r = r, l^f3(r, c.masking[14], c.rotate[14])
+ l, r = r, l^f2(r, c.masking[13], c.rotate[13])
+ l, r = r, l^f1(r, c.masking[12], c.rotate[12])
+
+ l, r = r, l^f3(r, c.masking[11], c.rotate[11])
+ l, r = r, l^f2(r, c.masking[10], c.rotate[10])
+ l, r = r, l^f1(r, c.masking[9], c.rotate[9])
+ l, r = r, l^f3(r, c.masking[8], c.rotate[8])
+
+ l, r = r, l^f2(r, c.masking[7], c.rotate[7])
+ l, r = r, l^f1(r, c.masking[6], c.rotate[6])
+ l, r = r, l^f3(r, c.masking[5], c.rotate[5])
+ l, r = r, l^f2(r, c.masking[4], c.rotate[4])
+
+ l, r = r, l^f1(r, c.masking[3], c.rotate[3])
+ l, r = r, l^f3(r, c.masking[2], c.rotate[2])
+ l, r = r, l^f2(r, c.masking[1], c.rotate[1])
+ l, r = r, l^f1(r, c.masking[0], c.rotate[0])
+
+ dst[0] = uint8(r >> 24)
+ dst[1] = uint8(r >> 16)
+ dst[2] = uint8(r >> 8)
+ dst[3] = uint8(r)
+ dst[4] = uint8(l >> 24)
+ dst[5] = uint8(l >> 16)
+ dst[6] = uint8(l >> 8)
+ dst[7] = uint8(l)
+}
+
+type keyScheduleA [4][7]uint8
+type keyScheduleB [4][5]uint8
+
+// keyScheduleRound contains the magic values for a round of the key schedule.
+// The keyScheduleA deals with the lines like:
+// z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8]
+// Conceptually, both x and z are in the same array, x first. The first
+// element describes which word of this array gets written to and the
+// second, which word gets read. So, for the line above, it's "4, 0", because
+// it's writing to the first word of z, which, being after x, is word 4, and
+// reading from the first word of x: word 0.
+//
+// Next are the indexes into the S-boxes. Now the array is treated as bytes. So
+// "xD" is 0xd. The first byte of z is written as "16 + 0", just to be clear
+// that it's z that we're indexing.
+//
+// keyScheduleB deals with lines like:
+// K1 = S5[z8] ^ S6[z9] ^ S7[z7] ^ S8[z6] ^ S5[z2]
+// "K1" is ignored because key words are always written in order. So the five
+// elements are the S-box indexes. They use the same form as in keyScheduleA,
+// above.
+
+type keyScheduleRound struct{}
+type keySchedule []keyScheduleRound
+
+var schedule = []struct {
+ a keyScheduleA
+ b keyScheduleB
+}{
+ {
+ keyScheduleA{
+ {4, 0, 0xd, 0xf, 0xc, 0xe, 0x8},
+ {5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa},
+ {6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9},
+ {7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb},
+ },
+ keyScheduleB{
+ {16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2},
+ {16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6},
+ {16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9},
+ {16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc},
+ },
+ },
+ {
+ keyScheduleA{
+ {0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0},
+ {1, 4, 0, 2, 1, 3, 16 + 2},
+ {2, 5, 7, 6, 5, 4, 16 + 1},
+ {3, 7, 0xa, 9, 0xb, 8, 16 + 3},
+ },
+ keyScheduleB{
+ {3, 2, 0xc, 0xd, 8},
+ {1, 0, 0xe, 0xf, 0xd},
+ {7, 6, 8, 9, 3},
+ {5, 4, 0xa, 0xb, 7},
+ },
+ },
+ {
+ keyScheduleA{
+ {4, 0, 0xd, 0xf, 0xc, 0xe, 8},
+ {5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa},
+ {6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9},
+ {7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb},
+ },
+ keyScheduleB{
+ {16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9},
+ {16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc},
+ {16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2},
+ {16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6},
+ },
+ },
+ {
+ keyScheduleA{
+ {0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0},
+ {1, 4, 0, 2, 1, 3, 16 + 2},
+ {2, 5, 7, 6, 5, 4, 16 + 1},
+ {3, 7, 0xa, 9, 0xb, 8, 16 + 3},
+ },
+ keyScheduleB{
+ {8, 9, 7, 6, 3},
+ {0xa, 0xb, 5, 4, 7},
+ {0xc, 0xd, 3, 2, 8},
+ {0xe, 0xf, 1, 0, 0xd},
+ },
+ },
+}
+
+func (c *Cipher) keySchedule(in []byte) {
+ var t [8]uint32
+ var k [32]uint32
+
+ for i := 0; i < 4; i++ {
+ j := i * 4
+ t[i] = uint32(in[j])<<24 | uint32(in[j+1])<<16 | uint32(in[j+2])<<8 | uint32(in[j+3])
+ }
+
+ x := []byte{6, 7, 4, 5}
+ ki := 0
+
+ for half := 0; half < 2; half++ {
+ for _, round := range schedule {
+ for j := 0; j < 4; j++ {
+ var a [7]uint8
+ copy(a[:], round.a[j][:])
+ w := t[a[1]]
+ w ^= sBox[4][(t[a[2]>>2]>>(24-8*(a[2]&3)))&0xff]
+ w ^= sBox[5][(t[a[3]>>2]>>(24-8*(a[3]&3)))&0xff]
+ w ^= sBox[6][(t[a[4]>>2]>>(24-8*(a[4]&3)))&0xff]
+ w ^= sBox[7][(t[a[5]>>2]>>(24-8*(a[5]&3)))&0xff]
+ w ^= sBox[x[j]][(t[a[6]>>2]>>(24-8*(a[6]&3)))&0xff]
+ t[a[0]] = w
+ }
+
+ for j := 0; j < 4; j++ {
+ var b [5]uint8
+ copy(b[:], round.b[j][:])
+ w := sBox[4][(t[b[0]>>2]>>(24-8*(b[0]&3)))&0xff]
+ w ^= sBox[5][(t[b[1]>>2]>>(24-8*(b[1]&3)))&0xff]
+ w ^= sBox[6][(t[b[2]>>2]>>(24-8*(b[2]&3)))&0xff]
+ w ^= sBox[7][(t[b[3]>>2]>>(24-8*(b[3]&3)))&0xff]
+ w ^= sBox[4+j][(t[b[4]>>2]>>(24-8*(b[4]&3)))&0xff]
+ k[ki] = w
+ ki++
+ }
+ }
+ }
+
+ for i := 0; i < 16; i++ {
+ c.masking[i] = k[i]
+ c.rotate[i] = uint8(k[16+i] & 0x1f)
+ }
+}
+
+// These are the three 'f' functions. See RFC 2144, section 2.2.
+func f1(d, m uint32, r uint8) uint32 {
+ t := m + d
+ I := (t << r) | (t >> (32 - r))
+ return ((sBox[0][I>>24] ^ sBox[1][(I>>16)&0xff]) - sBox[2][(I>>8)&0xff]) + sBox[3][I&0xff]
+}
+
+func f2(d, m uint32, r uint8) uint32 {
+ t := m ^ d
+ I := (t << r) | (t >> (32 - r))
+ return ((sBox[0][I>>24] - sBox[1][(I>>16)&0xff]) + sBox[2][(I>>8)&0xff]) ^ sBox[3][I&0xff]
+}
+
+func f3(d, m uint32, r uint8) uint32 {
+ t := m - d
+ I := (t << r) | (t >> (32 - r))
+ return ((sBox[0][I>>24] + sBox[1][(I>>16)&0xff]) ^ sBox[2][(I>>8)&0xff]) - sBox[3][I&0xff]
+}
+
+var sBox = [8][256]uint32{
+ {
+ 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
+ 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
+ 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
+ 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,
+ 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
+ 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
+ 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,
+ 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
+ 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,
+ 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
+ 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,
+ 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,
+ 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,
+ 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
+ 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
+ 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,
+ 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,
+ 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,
+ 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
+ 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
+ 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,
+ 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,
+ 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
+ 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
+ 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
+ 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,
+ 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
+ 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,
+ 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,
+ 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,
+ 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
+ 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf,
+ },
+ {
+ 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
+ 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
+ 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
+ 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
+ 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,
+ 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,
+ 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,
+ 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
+ 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
+ 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,
+ 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
+ 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,
+ 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
+ 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
+ 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
+ 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
+ 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,
+ 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,
+ 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,
+ 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
+ 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,
+ 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,
+ 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
+ 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
+ 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,
+ 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
+ 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,
+ 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,
+ 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
+ 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
+ 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,
+ 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1,
+ },
+ {
+ 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
+ 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,
+ 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,
+ 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,
+ 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
+ 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
+ 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,
+ 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
+ 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
+ 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,
+ 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,
+ 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,
+ 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,
+ 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
+ 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
+ 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,
+ 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
+ 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,
+ 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,
+ 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,
+ 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
+ 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
+ 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
+ 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,
+ 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
+ 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
+ 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,
+ 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
+ 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,
+ 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,
+ 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,
+ 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783,
+ },
+ {
+ 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
+ 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,
+ 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
+ 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,
+ 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
+ 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
+ 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,
+ 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,
+ 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,
+ 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,
+ 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,
+ 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,
+ 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
+ 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,
+ 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
+ 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,
+ 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
+ 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,
+ 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
+ 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
+ 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
+ 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
+ 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
+ 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
+ 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
+ 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,
+ 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
+ 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
+ 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,
+ 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
+ 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,
+ 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2,
+ },
+ {
+ 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
+ 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,
+ 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,
+ 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
+ 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
+ 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
+ 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,
+ 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,
+ 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,
+ 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,
+ 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,
+ 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
+ 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,
+ 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,
+ 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
+ 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,
+ 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,
+ 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
+ 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,
+ 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,
+ 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
+ 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,
+ 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,
+ 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,
+ 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
+ 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,
+ 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,
+ 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
+ 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
+ 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
+ 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,
+ 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4,
+ },
+ {
+ 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
+ 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,
+ 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
+ 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,
+ 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
+ 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
+ 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
+ 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,
+ 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
+ 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,
+ 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
+ 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,
+ 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,
+ 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
+ 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,
+ 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,
+ 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,
+ 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
+ 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,
+ 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,
+ 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
+ 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
+ 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
+ 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,
+ 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,
+ 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,
+ 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
+ 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
+ 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,
+ 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
+ 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
+ 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f,
+ },
+ {
+ 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
+ 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,
+ 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
+ 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
+ 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
+ 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,
+ 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
+ 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,
+ 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,
+ 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
+ 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
+ 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
+ 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,
+ 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,
+ 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
+ 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
+ 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
+ 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,
+ 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,
+ 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
+ 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,
+ 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
+ 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,
+ 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
+ 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
+ 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,
+ 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,
+ 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,
+ 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,
+ 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,
+ 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
+ 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3,
+ },
+ {
+ 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
+ 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,
+ 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
+ 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,
+ 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
+ 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,
+ 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
+ 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,
+ 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,
+ 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,
+ 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
+ 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,
+ 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,
+ 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,
+ 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
+ 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,
+ 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,
+ 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,
+ 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
+ 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
+ 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
+ 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,
+ 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
+ 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,
+ 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,
+ 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,
+ 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
+ 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,
+ 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,
+ 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,
+ 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
+ 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e,
+ },
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
new file mode 100644
index 0000000..bbb86ef
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
@@ -0,0 +1,101 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD as specified in RFC 7539,
+// and its extended nonce variant XChaCha20-Poly1305.
+package chacha20poly1305 // import "golang.org/x/crypto/chacha20poly1305"
+
+import (
+ "crypto/cipher"
+ "encoding/binary"
+ "errors"
+)
+
+const (
+ // KeySize is the size of the key used by this AEAD, in bytes.
+ KeySize = 32
+
+ // NonceSize is the size of the nonce used with the standard variant of this
+ // AEAD, in bytes.
+ //
+ // Note that this is too short to be safely generated at random if the same
+ // key is reused more than 2³² times.
+ NonceSize = 12
+
+ // NonceSizeX is the size of the nonce used with the XChaCha20-Poly1305
+ // variant of this AEAD, in bytes.
+ NonceSizeX = 24
+)
+
+type chacha20poly1305 struct {
+ key [8]uint32
+}
+
+// New returns a ChaCha20-Poly1305 AEAD that uses the given 256-bit key.
+func New(key []byte) (cipher.AEAD, error) {
+ if len(key) != KeySize {
+ return nil, errors.New("chacha20poly1305: bad key length")
+ }
+ ret := new(chacha20poly1305)
+ ret.key[0] = binary.LittleEndian.Uint32(key[0:4])
+ ret.key[1] = binary.LittleEndian.Uint32(key[4:8])
+ ret.key[2] = binary.LittleEndian.Uint32(key[8:12])
+ ret.key[3] = binary.LittleEndian.Uint32(key[12:16])
+ ret.key[4] = binary.LittleEndian.Uint32(key[16:20])
+ ret.key[5] = binary.LittleEndian.Uint32(key[20:24])
+ ret.key[6] = binary.LittleEndian.Uint32(key[24:28])
+ ret.key[7] = binary.LittleEndian.Uint32(key[28:32])
+ return ret, nil
+}
+
+func (c *chacha20poly1305) NonceSize() int {
+ return NonceSize
+}
+
+func (c *chacha20poly1305) Overhead() int {
+ return 16
+}
+
+func (c *chacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
+ if len(nonce) != NonceSize {
+ panic("chacha20poly1305: bad nonce length passed to Seal")
+ }
+
+ if uint64(len(plaintext)) > (1<<38)-64 {
+ panic("chacha20poly1305: plaintext too large")
+ }
+
+ return c.seal(dst, nonce, plaintext, additionalData)
+}
+
+var errOpen = errors.New("chacha20poly1305: message authentication failed")
+
+func (c *chacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+ if len(nonce) != NonceSize {
+ panic("chacha20poly1305: bad nonce length passed to Open")
+ }
+ if len(ciphertext) < 16 {
+ return nil, errOpen
+ }
+ if uint64(len(ciphertext)) > (1<<38)-48 {
+ panic("chacha20poly1305: ciphertext too large")
+ }
+
+ return c.open(dst, nonce, ciphertext, additionalData)
+}
+
+// sliceForAppend takes a slice and a requested number of bytes. It returns a
+// slice with the contents of the given slice followed by that many bytes and a
+// second slice that aliases into it and contains only the extra bytes. If the
+// original slice has sufficient capacity then no allocation is performed.
+func sliceForAppend(in []byte, n int) (head, tail []byte) {
+ if total := len(in) + n; cap(in) >= total {
+ head = in[:total]
+ } else {
+ head = make([]byte, total)
+ copy(head, in)
+ }
+ tail = head[len(in):]
+ return
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
new file mode 100644
index 0000000..2aa4fd8
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
@@ -0,0 +1,86 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.7,amd64,!gccgo,!appengine
+
+package chacha20poly1305
+
+import (
+ "encoding/binary"
+
+ "golang.org/x/crypto/internal/subtle"
+ "golang.org/x/sys/cpu"
+)
+
+//go:noescape
+func chacha20Poly1305Open(dst []byte, key []uint32, src, ad []byte) bool
+
+//go:noescape
+func chacha20Poly1305Seal(dst []byte, key []uint32, src, ad []byte)
+
+var (
+ useAVX2 = cpu.X86.HasAVX2 && cpu.X86.HasBMI2
+)
+
+// setupState writes a ChaCha20 input matrix to state. See
+// https://tools.ietf.org/html/rfc7539#section-2.3.
+func setupState(state *[16]uint32, key *[8]uint32, nonce []byte) {
+ state[0] = 0x61707865
+ state[1] = 0x3320646e
+ state[2] = 0x79622d32
+ state[3] = 0x6b206574
+
+ state[4] = key[0]
+ state[5] = key[1]
+ state[6] = key[2]
+ state[7] = key[3]
+ state[8] = key[4]
+ state[9] = key[5]
+ state[10] = key[6]
+ state[11] = key[7]
+
+ state[12] = 0
+ state[13] = binary.LittleEndian.Uint32(nonce[:4])
+ state[14] = binary.LittleEndian.Uint32(nonce[4:8])
+ state[15] = binary.LittleEndian.Uint32(nonce[8:12])
+}
+
+func (c *chacha20poly1305) seal(dst, nonce, plaintext, additionalData []byte) []byte {
+ if !cpu.X86.HasSSSE3 {
+ return c.sealGeneric(dst, nonce, plaintext, additionalData)
+ }
+
+ var state [16]uint32
+ setupState(&state, &c.key, nonce)
+
+ ret, out := sliceForAppend(dst, len(plaintext)+16)
+ if subtle.InexactOverlap(out, plaintext) {
+ panic("chacha20poly1305: invalid buffer overlap")
+ }
+ chacha20Poly1305Seal(out[:], state[:], plaintext, additionalData)
+ return ret
+}
+
+func (c *chacha20poly1305) open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+ if !cpu.X86.HasSSSE3 {
+ return c.openGeneric(dst, nonce, ciphertext, additionalData)
+ }
+
+ var state [16]uint32
+ setupState(&state, &c.key, nonce)
+
+ ciphertext = ciphertext[:len(ciphertext)-16]
+ ret, out := sliceForAppend(dst, len(ciphertext))
+ if subtle.InexactOverlap(out, ciphertext) {
+ panic("chacha20poly1305: invalid buffer overlap")
+ }
+ if !chacha20Poly1305Open(out, state[:], ciphertext, additionalData) {
+ for i := range out {
+ out[i] = 0
+ }
+ return nil, errOpen
+ }
+
+ return ret, nil
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
new file mode 100644
index 0000000..af76bbc
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
@@ -0,0 +1,2695 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This file was originally from https://golang.org/cl/24717 by Vlad Krasnov of CloudFlare.
+
+// +build go1.7,amd64,!gccgo,!appengine
+
+#include "textflag.h"
+// General register allocation
+#define oup DI
+#define inp SI
+#define inl BX
+#define adp CX // free to reuse, after we hash the additional data
+#define keyp R8 // free to reuse, when we copy the key to stack
+#define itr2 R9 // general iterator
+#define itr1 CX // general iterator
+#define acc0 R10
+#define acc1 R11
+#define acc2 R12
+#define t0 R13
+#define t1 R14
+#define t2 R15
+#define t3 R8
+// Register and stack allocation for the SSE code
+#define rStore (0*16)(BP)
+#define sStore (1*16)(BP)
+#define state1Store (2*16)(BP)
+#define state2Store (3*16)(BP)
+#define tmpStore (4*16)(BP)
+#define ctr0Store (5*16)(BP)
+#define ctr1Store (6*16)(BP)
+#define ctr2Store (7*16)(BP)
+#define ctr3Store (8*16)(BP)
+#define A0 X0
+#define A1 X1
+#define A2 X2
+#define B0 X3
+#define B1 X4
+#define B2 X5
+#define C0 X6
+#define C1 X7
+#define C2 X8
+#define D0 X9
+#define D1 X10
+#define D2 X11
+#define T0 X12
+#define T1 X13
+#define T2 X14
+#define T3 X15
+#define A3 T0
+#define B3 T1
+#define C3 T2
+#define D3 T3
+// Register and stack allocation for the AVX2 code
+#define rsStoreAVX2 (0*32)(BP)
+#define state1StoreAVX2 (1*32)(BP)
+#define state2StoreAVX2 (2*32)(BP)
+#define ctr0StoreAVX2 (3*32)(BP)
+#define ctr1StoreAVX2 (4*32)(BP)
+#define ctr2StoreAVX2 (5*32)(BP)
+#define ctr3StoreAVX2 (6*32)(BP)
+#define tmpStoreAVX2 (7*32)(BP) // 256 bytes on stack
+#define AA0 Y0
+#define AA1 Y5
+#define AA2 Y6
+#define AA3 Y7
+#define BB0 Y14
+#define BB1 Y9
+#define BB2 Y10
+#define BB3 Y11
+#define CC0 Y12
+#define CC1 Y13
+#define CC2 Y8
+#define CC3 Y15
+#define DD0 Y4
+#define DD1 Y1
+#define DD2 Y2
+#define DD3 Y3
+#define TT0 DD3
+#define TT1 AA3
+#define TT2 BB3
+#define TT3 CC3
+// ChaCha20 constants
+DATA ·chacha20Constants<>+0x00(SB)/4, $0x61707865
+DATA ·chacha20Constants<>+0x04(SB)/4, $0x3320646e
+DATA ·chacha20Constants<>+0x08(SB)/4, $0x79622d32
+DATA ·chacha20Constants<>+0x0c(SB)/4, $0x6b206574
+DATA ·chacha20Constants<>+0x10(SB)/4, $0x61707865
+DATA ·chacha20Constants<>+0x14(SB)/4, $0x3320646e
+DATA ·chacha20Constants<>+0x18(SB)/4, $0x79622d32
+DATA ·chacha20Constants<>+0x1c(SB)/4, $0x6b206574
+// <<< 16 with PSHUFB
+DATA ·rol16<>+0x00(SB)/8, $0x0504070601000302
+DATA ·rol16<>+0x08(SB)/8, $0x0D0C0F0E09080B0A
+DATA ·rol16<>+0x10(SB)/8, $0x0504070601000302
+DATA ·rol16<>+0x18(SB)/8, $0x0D0C0F0E09080B0A
+// <<< 8 with PSHUFB
+DATA ·rol8<>+0x00(SB)/8, $0x0605040702010003
+DATA ·rol8<>+0x08(SB)/8, $0x0E0D0C0F0A09080B
+DATA ·rol8<>+0x10(SB)/8, $0x0605040702010003
+DATA ·rol8<>+0x18(SB)/8, $0x0E0D0C0F0A09080B
+
+DATA ·avx2InitMask<>+0x00(SB)/8, $0x0
+DATA ·avx2InitMask<>+0x08(SB)/8, $0x0
+DATA ·avx2InitMask<>+0x10(SB)/8, $0x1
+DATA ·avx2InitMask<>+0x18(SB)/8, $0x0
+
+DATA ·avx2IncMask<>+0x00(SB)/8, $0x2
+DATA ·avx2IncMask<>+0x08(SB)/8, $0x0
+DATA ·avx2IncMask<>+0x10(SB)/8, $0x2
+DATA ·avx2IncMask<>+0x18(SB)/8, $0x0
+// Poly1305 key clamp
+DATA ·polyClampMask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
+DATA ·polyClampMask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
+DATA ·polyClampMask<>+0x10(SB)/8, $0xFFFFFFFFFFFFFFFF
+DATA ·polyClampMask<>+0x18(SB)/8, $0xFFFFFFFFFFFFFFFF
+
+DATA ·sseIncMask<>+0x00(SB)/8, $0x1
+DATA ·sseIncMask<>+0x08(SB)/8, $0x0
+// To load/store the last < 16 bytes in a buffer
+DATA ·andMask<>+0x00(SB)/8, $0x00000000000000ff
+DATA ·andMask<>+0x08(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x10(SB)/8, $0x000000000000ffff
+DATA ·andMask<>+0x18(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x20(SB)/8, $0x0000000000ffffff
+DATA ·andMask<>+0x28(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x30(SB)/8, $0x00000000ffffffff
+DATA ·andMask<>+0x38(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x40(SB)/8, $0x000000ffffffffff
+DATA ·andMask<>+0x48(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x50(SB)/8, $0x0000ffffffffffff
+DATA ·andMask<>+0x58(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x60(SB)/8, $0x00ffffffffffffff
+DATA ·andMask<>+0x68(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x70(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0x78(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x80(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0x88(SB)/8, $0x00000000000000ff
+DATA ·andMask<>+0x90(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0x98(SB)/8, $0x000000000000ffff
+DATA ·andMask<>+0xa0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xa8(SB)/8, $0x0000000000ffffff
+DATA ·andMask<>+0xb0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xb8(SB)/8, $0x00000000ffffffff
+DATA ·andMask<>+0xc0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xc8(SB)/8, $0x000000ffffffffff
+DATA ·andMask<>+0xd0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xd8(SB)/8, $0x0000ffffffffffff
+DATA ·andMask<>+0xe0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xe8(SB)/8, $0x00ffffffffffffff
+
+GLOBL ·chacha20Constants<>(SB), (NOPTR+RODATA), $32
+GLOBL ·rol16<>(SB), (NOPTR+RODATA), $32
+GLOBL ·rol8<>(SB), (NOPTR+RODATA), $32
+GLOBL ·sseIncMask<>(SB), (NOPTR+RODATA), $16
+GLOBL ·avx2IncMask<>(SB), (NOPTR+RODATA), $32
+GLOBL ·avx2InitMask<>(SB), (NOPTR+RODATA), $32
+GLOBL ·polyClampMask<>(SB), (NOPTR+RODATA), $32
+GLOBL ·andMask<>(SB), (NOPTR+RODATA), $240
+// No PALIGNR in Go ASM yet (but VPALIGNR is present).
+#define shiftB0Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x04 // PALIGNR $4, X3, X3
+#define shiftB1Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xe4; BYTE $0x04 // PALIGNR $4, X4, X4
+#define shiftB2Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x04 // PALIGNR $4, X5, X5
+#define shiftB3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x04 // PALIGNR $4, X13, X13
+#define shiftC0Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xf6; BYTE $0x08 // PALIGNR $8, X6, X6
+#define shiftC1Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x08 // PALIGNR $8, X7, X7
+#define shiftC2Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc0; BYTE $0x08 // PALIGNR $8, X8, X8
+#define shiftC3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xf6; BYTE $0x08 // PALIGNR $8, X14, X14
+#define shiftD0Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc9; BYTE $0x0c // PALIGNR $12, X9, X9
+#define shiftD1Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xd2; BYTE $0x0c // PALIGNR $12, X10, X10
+#define shiftD2Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x0c // PALIGNR $12, X11, X11
+#define shiftD3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x0c // PALIGNR $12, X15, X15
+#define shiftB0Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x0c // PALIGNR $12, X3, X3
+#define shiftB1Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xe4; BYTE $0x0c // PALIGNR $12, X4, X4
+#define shiftB2Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x0c // PALIGNR $12, X5, X5
+#define shiftB3Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x0c // PALIGNR $12, X13, X13
+#define shiftC0Right shiftC0Left
+#define shiftC1Right shiftC1Left
+#define shiftC2Right shiftC2Left
+#define shiftC3Right shiftC3Left
+#define shiftD0Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc9; BYTE $0x04 // PALIGNR $4, X9, X9
+#define shiftD1Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xd2; BYTE $0x04 // PALIGNR $4, X10, X10
+#define shiftD2Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x04 // PALIGNR $4, X11, X11
+#define shiftD3Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x04 // PALIGNR $4, X15, X15
+// Some macros
+#define chachaQR(A, B, C, D, T) \
+ PADDD B, A; PXOR A, D; PSHUFB ·rol16<>(SB), D \
+ PADDD D, C; PXOR C, B; MOVO B, T; PSLLL $12, T; PSRLL $20, B; PXOR T, B \
+ PADDD B, A; PXOR A, D; PSHUFB ·rol8<>(SB), D \
+ PADDD D, C; PXOR C, B; MOVO B, T; PSLLL $7, T; PSRLL $25, B; PXOR T, B
+
+#define chachaQR_AVX2(A, B, C, D, T) \
+ VPADDD B, A, A; VPXOR A, D, D; VPSHUFB ·rol16<>(SB), D, D \
+ VPADDD D, C, C; VPXOR C, B, B; VPSLLD $12, B, T; VPSRLD $20, B, B; VPXOR T, B, B \
+ VPADDD B, A, A; VPXOR A, D, D; VPSHUFB ·rol8<>(SB), D, D \
+ VPADDD D, C, C; VPXOR C, B, B; VPSLLD $7, B, T; VPSRLD $25, B, B; VPXOR T, B, B
+
+#define polyAdd(S) ADDQ S, acc0; ADCQ 8+S, acc1; ADCQ $1, acc2
+#define polyMulStage1 MOVQ (0*8)(BP), AX; MOVQ AX, t2; MULQ acc0; MOVQ AX, t0; MOVQ DX, t1; MOVQ (0*8)(BP), AX; MULQ acc1; IMULQ acc2, t2; ADDQ AX, t1; ADCQ DX, t2
+#define polyMulStage2 MOVQ (1*8)(BP), AX; MOVQ AX, t3; MULQ acc0; ADDQ AX, t1; ADCQ $0, DX; MOVQ DX, acc0; MOVQ (1*8)(BP), AX; MULQ acc1; ADDQ AX, t2; ADCQ $0, DX
+#define polyMulStage3 IMULQ acc2, t3; ADDQ acc0, t2; ADCQ DX, t3
+#define polyMulReduceStage MOVQ t0, acc0; MOVQ t1, acc1; MOVQ t2, acc2; ANDQ $3, acc2; MOVQ t2, t0; ANDQ $-4, t0; MOVQ t3, t1; SHRQ $2, t2:t3; SHRQ $2, t3; ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $0, acc2; ADDQ t2, acc0; ADCQ t3, acc1; ADCQ $0, acc2
+
+#define polyMulStage1_AVX2 MOVQ (0*8)(BP), DX; MOVQ DX, t2; MULXQ acc0, t0, t1; IMULQ acc2, t2; MULXQ acc1, AX, DX; ADDQ AX, t1; ADCQ DX, t2
+#define polyMulStage2_AVX2 MOVQ (1*8)(BP), DX; MULXQ acc0, acc0, AX; ADDQ acc0, t1; MULXQ acc1, acc1, t3; ADCQ acc1, t2; ADCQ $0, t3
+#define polyMulStage3_AVX2 IMULQ acc2, DX; ADDQ AX, t2; ADCQ DX, t3
+
+#define polyMul polyMulStage1; polyMulStage2; polyMulStage3; polyMulReduceStage
+#define polyMulAVX2 polyMulStage1_AVX2; polyMulStage2_AVX2; polyMulStage3_AVX2; polyMulReduceStage
+// ----------------------------------------------------------------------------
+TEXT polyHashADInternal<>(SB), NOSPLIT, $0
+ // adp points to beginning of additional data
+ // itr2 holds ad length
+ XORQ acc0, acc0
+ XORQ acc1, acc1
+ XORQ acc2, acc2
+ CMPQ itr2, $13
+ JNE hashADLoop
+
+openFastTLSAD:
+ // Special treatment for the TLS case of 13 bytes
+ MOVQ (adp), acc0
+ MOVQ 5(adp), acc1
+ SHRQ $24, acc1
+ MOVQ $1, acc2
+ polyMul
+ RET
+
+hashADLoop:
+ // Hash in 16 byte chunks
+ CMPQ itr2, $16
+ JB hashADTail
+ polyAdd(0(adp))
+ LEAQ (1*16)(adp), adp
+ SUBQ $16, itr2
+ polyMul
+ JMP hashADLoop
+
+hashADTail:
+ CMPQ itr2, $0
+ JE hashADDone
+
+ // Hash last < 16 byte tail
+ XORQ t0, t0
+ XORQ t1, t1
+ XORQ t2, t2
+ ADDQ itr2, adp
+
+hashADTailLoop:
+ SHLQ $8, t1:t0
+ SHLQ $8, t0
+ MOVB -1(adp), t2
+ XORQ t2, t0
+ DECQ adp
+ DECQ itr2
+ JNE hashADTailLoop
+
+hashADTailFinish:
+ ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+ polyMul
+
+ // Finished AD
+hashADDone:
+ RET
+
+// ----------------------------------------------------------------------------
+// func chacha20Poly1305Open(dst, key, src, ad []byte) bool
+TEXT ·chacha20Poly1305Open(SB), 0, $288-97
+ // For aligned stack access
+ MOVQ SP, BP
+ ADDQ $32, BP
+ ANDQ $-32, BP
+ MOVQ dst+0(FP), oup
+ MOVQ key+24(FP), keyp
+ MOVQ src+48(FP), inp
+ MOVQ src_len+56(FP), inl
+ MOVQ ad+72(FP), adp
+
+ // Check for AVX2 support
+ CMPB ·useAVX2(SB), $1
+ JE chacha20Poly1305Open_AVX2
+
+ // Special optimization, for very short buffers
+ CMPQ inl, $128
+ JBE openSSE128 // About 16% faster
+
+ // For long buffers, prepare the poly key first
+ MOVOU ·chacha20Constants<>(SB), A0
+ MOVOU (1*16)(keyp), B0
+ MOVOU (2*16)(keyp), C0
+ MOVOU (3*16)(keyp), D0
+ MOVO D0, T1
+
+ // Store state on stack for future use
+ MOVO B0, state1Store
+ MOVO C0, state2Store
+ MOVO D0, ctr3Store
+ MOVQ $10, itr2
+
+openSSEPreparePolyKey:
+ chachaQR(A0, B0, C0, D0, T0)
+ shiftB0Left; shiftC0Left; shiftD0Left
+ chachaQR(A0, B0, C0, D0, T0)
+ shiftB0Right; shiftC0Right; shiftD0Right
+ DECQ itr2
+ JNE openSSEPreparePolyKey
+
+ // A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded
+ PADDL ·chacha20Constants<>(SB), A0; PADDL state1Store, B0
+
+ // Clamp and store the key
+ PAND ·polyClampMask<>(SB), A0
+ MOVO A0, rStore; MOVO B0, sStore
+
+ // Hash AAD
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+
+openSSEMainLoop:
+ CMPQ inl, $256
+ JB openSSEMainLoopDone
+
+ // Load state, increment counter blocks
+ MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+ MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+ MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+ // Store counters
+ MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+
+ // There are 10 ChaCha20 iterations of 2QR each, so for 6 iterations we hash 2 blocks, and for the remaining 4 only 1 block - for a total of 16
+ MOVQ $4, itr1
+ MOVQ inp, itr2
+
+openSSEInternalLoop:
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ polyAdd(0(itr2))
+ shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left
+ shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left
+ shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left
+ polyMulStage1
+ polyMulStage2
+ LEAQ (2*8)(itr2), itr2
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ polyMulStage3
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ polyMulReduceStage
+ shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+ shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+ shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+ DECQ itr1
+ JGE openSSEInternalLoop
+
+ polyAdd(0(itr2))
+ polyMul
+ LEAQ (2*8)(itr2), itr2
+
+ CMPQ itr1, $-6
+ JG openSSEInternalLoop
+
+ // Add in the state
+ PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+ PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+ PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+ PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+
+ // Load - xor - store
+ MOVO D3, tmpStore
+ MOVOU (0*16)(inp), D3; PXOR D3, A0; MOVOU A0, (0*16)(oup)
+ MOVOU (1*16)(inp), D3; PXOR D3, B0; MOVOU B0, (1*16)(oup)
+ MOVOU (2*16)(inp), D3; PXOR D3, C0; MOVOU C0, (2*16)(oup)
+ MOVOU (3*16)(inp), D3; PXOR D3, D0; MOVOU D0, (3*16)(oup)
+ MOVOU (4*16)(inp), D0; PXOR D0, A1; MOVOU A1, (4*16)(oup)
+ MOVOU (5*16)(inp), D0; PXOR D0, B1; MOVOU B1, (5*16)(oup)
+ MOVOU (6*16)(inp), D0; PXOR D0, C1; MOVOU C1, (6*16)(oup)
+ MOVOU (7*16)(inp), D0; PXOR D0, D1; MOVOU D1, (7*16)(oup)
+ MOVOU (8*16)(inp), D0; PXOR D0, A2; MOVOU A2, (8*16)(oup)
+ MOVOU (9*16)(inp), D0; PXOR D0, B2; MOVOU B2, (9*16)(oup)
+ MOVOU (10*16)(inp), D0; PXOR D0, C2; MOVOU C2, (10*16)(oup)
+ MOVOU (11*16)(inp), D0; PXOR D0, D2; MOVOU D2, (11*16)(oup)
+ MOVOU (12*16)(inp), D0; PXOR D0, A3; MOVOU A3, (12*16)(oup)
+ MOVOU (13*16)(inp), D0; PXOR D0, B3; MOVOU B3, (13*16)(oup)
+ MOVOU (14*16)(inp), D0; PXOR D0, C3; MOVOU C3, (14*16)(oup)
+ MOVOU (15*16)(inp), D0; PXOR tmpStore, D0; MOVOU D0, (15*16)(oup)
+ LEAQ 256(inp), inp
+ LEAQ 256(oup), oup
+ SUBQ $256, inl
+ JMP openSSEMainLoop
+
+openSSEMainLoopDone:
+ // Handle the various tail sizes efficiently
+ TESTQ inl, inl
+ JE openSSEFinalize
+ CMPQ inl, $64
+ JBE openSSETail64
+ CMPQ inl, $128
+ JBE openSSETail128
+ CMPQ inl, $192
+ JBE openSSETail192
+ JMP openSSETail256
+
+openSSEFinalize:
+ // Hash in the PT, AAD lengths
+ ADDQ ad_len+80(FP), acc0; ADCQ src_len+56(FP), acc1; ADCQ $1, acc2
+ polyMul
+
+ // Final reduce
+ MOVQ acc0, t0
+ MOVQ acc1, t1
+ MOVQ acc2, t2
+ SUBQ $-5, acc0
+ SBBQ $-1, acc1
+ SBBQ $3, acc2
+ CMOVQCS t0, acc0
+ CMOVQCS t1, acc1
+ CMOVQCS t2, acc2
+
+ // Add in the "s" part of the key
+ ADDQ 0+sStore, acc0
+ ADCQ 8+sStore, acc1
+
+ // Finally, constant time compare to the tag at the end of the message
+ XORQ AX, AX
+ MOVQ $1, DX
+ XORQ (0*8)(inp), acc0
+ XORQ (1*8)(inp), acc1
+ ORQ acc1, acc0
+ CMOVQEQ DX, AX
+
+ // Return true iff tags are equal
+ MOVB AX, ret+96(FP)
+ RET
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 129 bytes
+openSSE128:
+ // For up to 128 bytes of ciphertext and 64 bytes for the poly key, we require to process three blocks
+ MOVOU ·chacha20Constants<>(SB), A0; MOVOU (1*16)(keyp), B0; MOVOU (2*16)(keyp), C0; MOVOU (3*16)(keyp), D0
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+ MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+ MOVO B0, T1; MOVO C0, T2; MOVO D1, T3
+ MOVQ $10, itr2
+
+openSSE128InnerCipherLoop:
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Left; shiftB1Left; shiftB2Left
+ shiftC0Left; shiftC1Left; shiftC2Left
+ shiftD0Left; shiftD1Left; shiftD2Left
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Right; shiftB1Right; shiftB2Right
+ shiftC0Right; shiftC1Right; shiftC2Right
+ shiftD0Right; shiftD1Right; shiftD2Right
+ DECQ itr2
+ JNE openSSE128InnerCipherLoop
+
+ // A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded
+ PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+ PADDL T1, B0; PADDL T1, B1; PADDL T1, B2
+ PADDL T2, C1; PADDL T2, C2
+ PADDL T3, D1; PADDL ·sseIncMask<>(SB), T3; PADDL T3, D2
+
+ // Clamp and store the key
+ PAND ·polyClampMask<>(SB), A0
+ MOVOU A0, rStore; MOVOU B0, sStore
+
+ // Hash
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+
+openSSE128Open:
+ CMPQ inl, $16
+ JB openSSETail16
+ SUBQ $16, inl
+
+ // Load for hashing
+ polyAdd(0(inp))
+
+ // Load for decryption
+ MOVOU (inp), T0; PXOR T0, A1; MOVOU A1, (oup)
+ LEAQ (1*16)(inp), inp
+ LEAQ (1*16)(oup), oup
+ polyMul
+
+ // Shift the stream "left"
+ MOVO B1, A1
+ MOVO C1, B1
+ MOVO D1, C1
+ MOVO A2, D1
+ MOVO B2, A2
+ MOVO C2, B2
+ MOVO D2, C2
+ JMP openSSE128Open
+
+openSSETail16:
+ TESTQ inl, inl
+ JE openSSEFinalize
+
+ // We can safely load the CT from the end, because it is padded with the MAC
+ MOVQ inl, itr2
+ SHLQ $4, itr2
+ LEAQ ·andMask<>(SB), t0
+ MOVOU (inp), T0
+ ADDQ inl, inp
+ PAND -16(t0)(itr2*1), T0
+ MOVO T0, 0+tmpStore
+ MOVQ T0, t0
+ MOVQ 8+tmpStore, t1
+ PXOR A1, T0
+
+ // We can only store one byte at a time, since plaintext can be shorter than 16 bytes
+openSSETail16Store:
+ MOVQ T0, t3
+ MOVB t3, (oup)
+ PSRLDQ $1, T0
+ INCQ oup
+ DECQ inl
+ JNE openSSETail16Store
+ ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+ polyMul
+ JMP openSSEFinalize
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 64 bytes of ciphertext
+openSSETail64:
+ // Need to decrypt up to 64 bytes - prepare single block
+ MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store
+ XORQ itr2, itr2
+ MOVQ inl, itr1
+ CMPQ itr1, $16
+ JB openSSETail64LoopB
+
+openSSETail64LoopA:
+ // Perform ChaCha rounds, while hashing the remaining input
+ polyAdd(0(inp)(itr2*1))
+ polyMul
+ SUBQ $16, itr1
+
+openSSETail64LoopB:
+ ADDQ $16, itr2
+ chachaQR(A0, B0, C0, D0, T0)
+ shiftB0Left; shiftC0Left; shiftD0Left
+ chachaQR(A0, B0, C0, D0, T0)
+ shiftB0Right; shiftC0Right; shiftD0Right
+
+ CMPQ itr1, $16
+ JAE openSSETail64LoopA
+
+ CMPQ itr2, $160
+ JNE openSSETail64LoopB
+
+ PADDL ·chacha20Constants<>(SB), A0; PADDL state1Store, B0; PADDL state2Store, C0; PADDL ctr0Store, D0
+
+openSSETail64DecLoop:
+ CMPQ inl, $16
+ JB openSSETail64DecLoopDone
+ SUBQ $16, inl
+ MOVOU (inp), T0
+ PXOR T0, A0
+ MOVOU A0, (oup)
+ LEAQ 16(inp), inp
+ LEAQ 16(oup), oup
+ MOVO B0, A0
+ MOVO C0, B0
+ MOVO D0, C0
+ JMP openSSETail64DecLoop
+
+openSSETail64DecLoopDone:
+ MOVO A0, A1
+ JMP openSSETail16
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of ciphertext
+openSSETail128:
+ // Need to decrypt up to 128 bytes - prepare two blocks
+ MOVO ·chacha20Constants<>(SB), A1; MOVO state1Store, B1; MOVO state2Store, C1; MOVO ctr3Store, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr0Store
+ MOVO A1, A0; MOVO B1, B0; MOVO C1, C0; MOVO D1, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr1Store
+ XORQ itr2, itr2
+ MOVQ inl, itr1
+ ANDQ $-16, itr1
+
+openSSETail128LoopA:
+ // Perform ChaCha rounds, while hashing the remaining input
+ polyAdd(0(inp)(itr2*1))
+ polyMul
+
+openSSETail128LoopB:
+ ADDQ $16, itr2
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+ shiftB0Left; shiftC0Left; shiftD0Left
+ shiftB1Left; shiftC1Left; shiftD1Left
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+ shiftB0Right; shiftC0Right; shiftD0Right
+ shiftB1Right; shiftC1Right; shiftD1Right
+
+ CMPQ itr2, itr1
+ JB openSSETail128LoopA
+
+ CMPQ itr2, $160
+ JNE openSSETail128LoopB
+
+ PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1
+ PADDL state1Store, B0; PADDL state1Store, B1
+ PADDL state2Store, C0; PADDL state2Store, C1
+ PADDL ctr1Store, D0; PADDL ctr0Store, D1
+
+ MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+ PXOR T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1
+ MOVOU A1, (0*16)(oup); MOVOU B1, (1*16)(oup); MOVOU C1, (2*16)(oup); MOVOU D1, (3*16)(oup)
+
+ SUBQ $64, inl
+ LEAQ 64(inp), inp
+ LEAQ 64(oup), oup
+ JMP openSSETail64DecLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 192 bytes of ciphertext
+openSSETail192:
+ // Need to decrypt up to 192 bytes - prepare three blocks
+ MOVO ·chacha20Constants<>(SB), A2; MOVO state1Store, B2; MOVO state2Store, C2; MOVO ctr3Store, D2; PADDL ·sseIncMask<>(SB), D2; MOVO D2, ctr0Store
+ MOVO A2, A1; MOVO B2, B1; MOVO C2, C1; MOVO D2, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store
+ MOVO A1, A0; MOVO B1, B0; MOVO C1, C0; MOVO D1, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr2Store
+
+ MOVQ inl, itr1
+ MOVQ $160, itr2
+ CMPQ itr1, $160
+ CMOVQGT itr2, itr1
+ ANDQ $-16, itr1
+ XORQ itr2, itr2
+
+openSSLTail192LoopA:
+ // Perform ChaCha rounds, while hashing the remaining input
+ polyAdd(0(inp)(itr2*1))
+ polyMul
+
+openSSLTail192LoopB:
+ ADDQ $16, itr2
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Left; shiftC0Left; shiftD0Left
+ shiftB1Left; shiftC1Left; shiftD1Left
+ shiftB2Left; shiftC2Left; shiftD2Left
+
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Right; shiftC0Right; shiftD0Right
+ shiftB1Right; shiftC1Right; shiftD1Right
+ shiftB2Right; shiftC2Right; shiftD2Right
+
+ CMPQ itr2, itr1
+ JB openSSLTail192LoopA
+
+ CMPQ itr2, $160
+ JNE openSSLTail192LoopB
+
+ CMPQ inl, $176
+ JB openSSLTail192Store
+
+ polyAdd(160(inp))
+ polyMul
+
+ CMPQ inl, $192
+ JB openSSLTail192Store
+
+ polyAdd(176(inp))
+ polyMul
+
+openSSLTail192Store:
+ PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+ PADDL state1Store, B0; PADDL state1Store, B1; PADDL state1Store, B2
+ PADDL state2Store, C0; PADDL state2Store, C1; PADDL state2Store, C2
+ PADDL ctr2Store, D0; PADDL ctr1Store, D1; PADDL ctr0Store, D2
+
+ MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+ PXOR T0, A2; PXOR T1, B2; PXOR T2, C2; PXOR T3, D2
+ MOVOU A2, (0*16)(oup); MOVOU B2, (1*16)(oup); MOVOU C2, (2*16)(oup); MOVOU D2, (3*16)(oup)
+
+ MOVOU (4*16)(inp), T0; MOVOU (5*16)(inp), T1; MOVOU (6*16)(inp), T2; MOVOU (7*16)(inp), T3
+ PXOR T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1
+ MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+
+ SUBQ $128, inl
+ LEAQ 128(inp), inp
+ LEAQ 128(oup), oup
+ JMP openSSETail64DecLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 256 bytes of ciphertext
+openSSETail256:
+ // Need to decrypt up to 256 bytes - prepare four blocks
+ MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+ MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+ MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+ // Store counters
+ MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+ XORQ itr2, itr2
+
+openSSETail256Loop:
+ // This loop inteleaves 8 ChaCha quarter rounds with 1 poly multiplication
+ polyAdd(0(inp)(itr2*1))
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left
+ shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left
+ shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left
+ polyMulStage1
+ polyMulStage2
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ polyMulStage3
+ polyMulReduceStage
+ shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+ shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+ shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+ ADDQ $2*8, itr2
+ CMPQ itr2, $160
+ JB openSSETail256Loop
+ MOVQ inl, itr1
+ ANDQ $-16, itr1
+
+openSSETail256HashLoop:
+ polyAdd(0(inp)(itr2*1))
+ polyMul
+ ADDQ $2*8, itr2
+ CMPQ itr2, itr1
+ JB openSSETail256HashLoop
+
+ // Add in the state
+ PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+ PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+ PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+ PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+ MOVO D3, tmpStore
+
+ // Load - xor - store
+ MOVOU (0*16)(inp), D3; PXOR D3, A0
+ MOVOU (1*16)(inp), D3; PXOR D3, B0
+ MOVOU (2*16)(inp), D3; PXOR D3, C0
+ MOVOU (3*16)(inp), D3; PXOR D3, D0
+ MOVOU A0, (0*16)(oup)
+ MOVOU B0, (1*16)(oup)
+ MOVOU C0, (2*16)(oup)
+ MOVOU D0, (3*16)(oup)
+ MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0
+ PXOR A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1
+ MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+ MOVOU (8*16)(inp), A0; MOVOU (9*16)(inp), B0; MOVOU (10*16)(inp), C0; MOVOU (11*16)(inp), D0
+ PXOR A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2
+ MOVOU A2, (8*16)(oup); MOVOU B2, (9*16)(oup); MOVOU C2, (10*16)(oup); MOVOU D2, (11*16)(oup)
+ LEAQ 192(inp), inp
+ LEAQ 192(oup), oup
+ SUBQ $192, inl
+ MOVO A3, A0
+ MOVO B3, B0
+ MOVO C3, C0
+ MOVO tmpStore, D0
+
+ JMP openSSETail64DecLoop
+
+// ----------------------------------------------------------------------------
+// ------------------------- AVX2 Code ----------------------------------------
+chacha20Poly1305Open_AVX2:
+ VZEROUPPER
+ VMOVDQU ·chacha20Constants<>(SB), AA0
+ BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x70; BYTE $0x10 // broadcasti128 16(r8), ymm14
+ BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x20 // broadcasti128 32(r8), ymm12
+ BYTE $0xc4; BYTE $0xc2; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x30 // broadcasti128 48(r8), ymm4
+ VPADDD ·avx2InitMask<>(SB), DD0, DD0
+
+ // Special optimization, for very short buffers
+ CMPQ inl, $192
+ JBE openAVX2192
+ CMPQ inl, $320
+ JBE openAVX2320
+
+ // For the general key prepare the key first - as a byproduct we have 64 bytes of cipher stream
+ VMOVDQA BB0, state1StoreAVX2
+ VMOVDQA CC0, state2StoreAVX2
+ VMOVDQA DD0, ctr3StoreAVX2
+ MOVQ $10, itr2
+
+openAVX2PreparePolyKey:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0
+ DECQ itr2
+ JNE openAVX2PreparePolyKey
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0
+ VPADDD state1StoreAVX2, BB0, BB0
+ VPADDD state2StoreAVX2, CC0, CC0
+ VPADDD ctr3StoreAVX2, DD0, DD0
+
+ VPERM2I128 $0x02, AA0, BB0, TT0
+
+ // Clamp and store poly key
+ VPAND ·polyClampMask<>(SB), TT0, TT0
+ VMOVDQA TT0, rsStoreAVX2
+
+ // Stream for the first 64 bytes
+ VPERM2I128 $0x13, AA0, BB0, AA0
+ VPERM2I128 $0x13, CC0, DD0, BB0
+
+ // Hash AD + first 64 bytes
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+ XORQ itr1, itr1
+
+openAVX2InitialHash64:
+ polyAdd(0(inp)(itr1*1))
+ polyMulAVX2
+ ADDQ $16, itr1
+ CMPQ itr1, $64
+ JNE openAVX2InitialHash64
+
+ // Decrypt the first 64 bytes
+ VPXOR (0*32)(inp), AA0, AA0
+ VPXOR (1*32)(inp), BB0, BB0
+ VMOVDQU AA0, (0*32)(oup)
+ VMOVDQU BB0, (1*32)(oup)
+ LEAQ (2*32)(inp), inp
+ LEAQ (2*32)(oup), oup
+ SUBQ $64, inl
+
+openAVX2MainLoop:
+ CMPQ inl, $512
+ JB openAVX2MainLoopDone
+
+ // Load state, increment counter blocks, store the incremented counters
+ VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+ VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+ VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+ XORQ itr1, itr1
+
+openAVX2InternalLoop:
+ // Lets just say this spaghetti loop interleaves 2 quarter rounds with 3 poly multiplications
+ // Effectively per 512 bytes of stream we hash 480 bytes of ciphertext
+ polyAdd(0*8(inp)(itr1*1))
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ polyMulStage1_AVX2
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ polyMulStage2_AVX2
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ polyMulStage3_AVX2
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulReduceStage
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ polyAdd(2*8(inp)(itr1*1))
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ polyMulStage1_AVX2
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulStage2_AVX2
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ polyMulStage3_AVX2
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ polyMulReduceStage
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ polyAdd(4*8(inp)(itr1*1))
+ LEAQ (6*8)(itr1), itr1
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulStage1_AVX2
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ polyMulStage2_AVX2
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ polyMulStage3_AVX2
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulReduceStage
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+ CMPQ itr1, $480
+ JNE openAVX2InternalLoop
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+ VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+ VMOVDQA CC3, tmpStoreAVX2
+
+ // We only hashed 480 of the 512 bytes available - hash the remaining 32 here
+ polyAdd(480(inp))
+ polyMulAVX2
+ VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0
+ VPXOR (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0
+ VMOVDQU CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup)
+ VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+ VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+ VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+
+ // and here
+ polyAdd(496(inp))
+ polyMulAVX2
+ VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+ VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+ VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+ VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+ VPXOR (12*32)(inp), AA0, AA0; VPXOR (13*32)(inp), BB0, BB0; VPXOR (14*32)(inp), CC0, CC0; VPXOR (15*32)(inp), DD0, DD0
+ VMOVDQU AA0, (12*32)(oup); VMOVDQU BB0, (13*32)(oup); VMOVDQU CC0, (14*32)(oup); VMOVDQU DD0, (15*32)(oup)
+ LEAQ (32*16)(inp), inp
+ LEAQ (32*16)(oup), oup
+ SUBQ $(32*16), inl
+ JMP openAVX2MainLoop
+
+openAVX2MainLoopDone:
+ // Handle the various tail sizes efficiently
+ TESTQ inl, inl
+ JE openSSEFinalize
+ CMPQ inl, $128
+ JBE openAVX2Tail128
+ CMPQ inl, $256
+ JBE openAVX2Tail256
+ CMPQ inl, $384
+ JBE openAVX2Tail384
+ JMP openAVX2Tail512
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 193 bytes
+openAVX2192:
+ // For up to 192 bytes of ciphertext and 64 bytes for the poly key, we process four blocks
+ VMOVDQA AA0, AA1
+ VMOVDQA BB0, BB1
+ VMOVDQA CC0, CC1
+ VPADDD ·avx2IncMask<>(SB), DD0, DD1
+ VMOVDQA AA0, AA2
+ VMOVDQA BB0, BB2
+ VMOVDQA CC0, CC2
+ VMOVDQA DD0, DD2
+ VMOVDQA DD1, TT3
+ MOVQ $10, itr2
+
+openAVX2192InnerCipherLoop:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+ DECQ itr2
+ JNE openAVX2192InnerCipherLoop
+ VPADDD AA2, AA0, AA0; VPADDD AA2, AA1, AA1
+ VPADDD BB2, BB0, BB0; VPADDD BB2, BB1, BB1
+ VPADDD CC2, CC0, CC0; VPADDD CC2, CC1, CC1
+ VPADDD DD2, DD0, DD0; VPADDD TT3, DD1, DD1
+ VPERM2I128 $0x02, AA0, BB0, TT0
+
+ // Clamp and store poly key
+ VPAND ·polyClampMask<>(SB), TT0, TT0
+ VMOVDQA TT0, rsStoreAVX2
+
+ // Stream for up to 192 bytes
+ VPERM2I128 $0x13, AA0, BB0, AA0
+ VPERM2I128 $0x13, CC0, DD0, BB0
+ VPERM2I128 $0x02, AA1, BB1, CC0
+ VPERM2I128 $0x02, CC1, DD1, DD0
+ VPERM2I128 $0x13, AA1, BB1, AA1
+ VPERM2I128 $0x13, CC1, DD1, BB1
+
+openAVX2ShortOpen:
+ // Hash
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+
+openAVX2ShortOpenLoop:
+ CMPQ inl, $32
+ JB openAVX2ShortTail32
+ SUBQ $32, inl
+
+ // Load for hashing
+ polyAdd(0*8(inp))
+ polyMulAVX2
+ polyAdd(2*8(inp))
+ polyMulAVX2
+
+ // Load for decryption
+ VPXOR (inp), AA0, AA0
+ VMOVDQU AA0, (oup)
+ LEAQ (1*32)(inp), inp
+ LEAQ (1*32)(oup), oup
+
+ // Shift stream left
+ VMOVDQA BB0, AA0
+ VMOVDQA CC0, BB0
+ VMOVDQA DD0, CC0
+ VMOVDQA AA1, DD0
+ VMOVDQA BB1, AA1
+ VMOVDQA CC1, BB1
+ VMOVDQA DD1, CC1
+ VMOVDQA AA2, DD1
+ VMOVDQA BB2, AA2
+ JMP openAVX2ShortOpenLoop
+
+openAVX2ShortTail32:
+ CMPQ inl, $16
+ VMOVDQA A0, A1
+ JB openAVX2ShortDone
+
+ SUBQ $16, inl
+
+ // Load for hashing
+ polyAdd(0*8(inp))
+ polyMulAVX2
+
+ // Load for decryption
+ VPXOR (inp), A0, T0
+ VMOVDQU T0, (oup)
+ LEAQ (1*16)(inp), inp
+ LEAQ (1*16)(oup), oup
+ VPERM2I128 $0x11, AA0, AA0, AA0
+ VMOVDQA A0, A1
+
+openAVX2ShortDone:
+ VZEROUPPER
+ JMP openSSETail16
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 321 bytes
+openAVX2320:
+ // For up to 320 bytes of ciphertext and 64 bytes for the poly key, we process six blocks
+ VMOVDQA AA0, AA1; VMOVDQA BB0, BB1; VMOVDQA CC0, CC1; VPADDD ·avx2IncMask<>(SB), DD0, DD1
+ VMOVDQA AA0, AA2; VMOVDQA BB0, BB2; VMOVDQA CC0, CC2; VPADDD ·avx2IncMask<>(SB), DD1, DD2
+ VMOVDQA BB0, TT1; VMOVDQA CC0, TT2; VMOVDQA DD0, TT3
+ MOVQ $10, itr2
+
+openAVX2320InnerCipherLoop:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+ DECQ itr2
+ JNE openAVX2320InnerCipherLoop
+
+ VMOVDQA ·chacha20Constants<>(SB), TT0
+ VPADDD TT0, AA0, AA0; VPADDD TT0, AA1, AA1; VPADDD TT0, AA2, AA2
+ VPADDD TT1, BB0, BB0; VPADDD TT1, BB1, BB1; VPADDD TT1, BB2, BB2
+ VPADDD TT2, CC0, CC0; VPADDD TT2, CC1, CC1; VPADDD TT2, CC2, CC2
+ VMOVDQA ·avx2IncMask<>(SB), TT0
+ VPADDD TT3, DD0, DD0; VPADDD TT0, TT3, TT3
+ VPADDD TT3, DD1, DD1; VPADDD TT0, TT3, TT3
+ VPADDD TT3, DD2, DD2
+
+ // Clamp and store poly key
+ VPERM2I128 $0x02, AA0, BB0, TT0
+ VPAND ·polyClampMask<>(SB), TT0, TT0
+ VMOVDQA TT0, rsStoreAVX2
+
+ // Stream for up to 320 bytes
+ VPERM2I128 $0x13, AA0, BB0, AA0
+ VPERM2I128 $0x13, CC0, DD0, BB0
+ VPERM2I128 $0x02, AA1, BB1, CC0
+ VPERM2I128 $0x02, CC1, DD1, DD0
+ VPERM2I128 $0x13, AA1, BB1, AA1
+ VPERM2I128 $0x13, CC1, DD1, BB1
+ VPERM2I128 $0x02, AA2, BB2, CC1
+ VPERM2I128 $0x02, CC2, DD2, DD1
+ VPERM2I128 $0x13, AA2, BB2, AA2
+ VPERM2I128 $0x13, CC2, DD2, BB2
+ JMP openAVX2ShortOpen
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of ciphertext
+openAVX2Tail128:
+ // Need to decrypt up to 128 bytes - prepare two blocks
+ VMOVDQA ·chacha20Constants<>(SB), AA1
+ VMOVDQA state1StoreAVX2, BB1
+ VMOVDQA state2StoreAVX2, CC1
+ VMOVDQA ctr3StoreAVX2, DD1
+ VPADDD ·avx2IncMask<>(SB), DD1, DD1
+ VMOVDQA DD1, DD0
+
+ XORQ itr2, itr2
+ MOVQ inl, itr1
+ ANDQ $-16, itr1
+ TESTQ itr1, itr1
+ JE openAVX2Tail128LoopB
+
+openAVX2Tail128LoopA:
+ // Perform ChaCha rounds, while hashing the remaining input
+ polyAdd(0(inp)(itr2*1))
+ polyMulAVX2
+
+openAVX2Tail128LoopB:
+ ADDQ $16, itr2
+ chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $4, BB1, BB1, BB1
+ VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $12, DD1, DD1, DD1
+ chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $12, BB1, BB1, BB1
+ VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $4, DD1, DD1, DD1
+ CMPQ itr2, itr1
+ JB openAVX2Tail128LoopA
+ CMPQ itr2, $160
+ JNE openAVX2Tail128LoopB
+
+ VPADDD ·chacha20Constants<>(SB), AA1, AA1
+ VPADDD state1StoreAVX2, BB1, BB1
+ VPADDD state2StoreAVX2, CC1, CC1
+ VPADDD DD0, DD1, DD1
+ VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+
+openAVX2TailLoop:
+ CMPQ inl, $32
+ JB openAVX2Tail
+ SUBQ $32, inl
+
+ // Load for decryption
+ VPXOR (inp), AA0, AA0
+ VMOVDQU AA0, (oup)
+ LEAQ (1*32)(inp), inp
+ LEAQ (1*32)(oup), oup
+ VMOVDQA BB0, AA0
+ VMOVDQA CC0, BB0
+ VMOVDQA DD0, CC0
+ JMP openAVX2TailLoop
+
+openAVX2Tail:
+ CMPQ inl, $16
+ VMOVDQA A0, A1
+ JB openAVX2TailDone
+ SUBQ $16, inl
+
+ // Load for decryption
+ VPXOR (inp), A0, T0
+ VMOVDQU T0, (oup)
+ LEAQ (1*16)(inp), inp
+ LEAQ (1*16)(oup), oup
+ VPERM2I128 $0x11, AA0, AA0, AA0
+ VMOVDQA A0, A1
+
+openAVX2TailDone:
+ VZEROUPPER
+ JMP openSSETail16
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 256 bytes of ciphertext
+openAVX2Tail256:
+ // Need to decrypt up to 256 bytes - prepare four blocks
+ VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1
+ VMOVDQA ctr3StoreAVX2, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD1
+ VMOVDQA DD0, TT1
+ VMOVDQA DD1, TT2
+
+ // Compute the number of iterations that will hash data
+ MOVQ inl, tmpStoreAVX2
+ MOVQ inl, itr1
+ SUBQ $128, itr1
+ SHRQ $4, itr1
+ MOVQ $10, itr2
+ CMPQ itr1, $10
+ CMOVQGT itr2, itr1
+ MOVQ inp, inl
+ XORQ itr2, itr2
+
+openAVX2Tail256LoopA:
+ polyAdd(0(inl))
+ polyMulAVX2
+ LEAQ 16(inl), inl
+
+ // Perform ChaCha rounds, while hashing the remaining input
+openAVX2Tail256LoopB:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+ INCQ itr2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+ CMPQ itr2, itr1
+ JB openAVX2Tail256LoopA
+
+ CMPQ itr2, $10
+ JNE openAVX2Tail256LoopB
+
+ MOVQ inl, itr2
+ SUBQ inp, inl
+ MOVQ inl, itr1
+ MOVQ tmpStoreAVX2, inl
+
+ // Hash the remainder of data (if any)
+openAVX2Tail256Hash:
+ ADDQ $16, itr1
+ CMPQ itr1, inl
+ JGT openAVX2Tail256HashEnd
+ polyAdd (0(itr2))
+ polyMulAVX2
+ LEAQ 16(itr2), itr2
+ JMP openAVX2Tail256Hash
+
+// Store 128 bytes safely, then go to store loop
+openAVX2Tail256HashEnd:
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1
+ VPADDD TT1, DD0, DD0; VPADDD TT2, DD1, DD1
+ VPERM2I128 $0x02, AA0, BB0, AA2; VPERM2I128 $0x02, CC0, DD0, BB2; VPERM2I128 $0x13, AA0, BB0, CC2; VPERM2I128 $0x13, CC0, DD0, DD2
+ VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+
+ VPXOR (0*32)(inp), AA2, AA2; VPXOR (1*32)(inp), BB2, BB2; VPXOR (2*32)(inp), CC2, CC2; VPXOR (3*32)(inp), DD2, DD2
+ VMOVDQU AA2, (0*32)(oup); VMOVDQU BB2, (1*32)(oup); VMOVDQU CC2, (2*32)(oup); VMOVDQU DD2, (3*32)(oup)
+ LEAQ (4*32)(inp), inp
+ LEAQ (4*32)(oup), oup
+ SUBQ $4*32, inl
+
+ JMP openAVX2TailLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 384 bytes of ciphertext
+openAVX2Tail384:
+ // Need to decrypt up to 384 bytes - prepare six blocks
+ VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2
+ VMOVDQA ctr3StoreAVX2, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD1
+ VPADDD ·avx2IncMask<>(SB), DD1, DD2
+ VMOVDQA DD0, ctr0StoreAVX2
+ VMOVDQA DD1, ctr1StoreAVX2
+ VMOVDQA DD2, ctr2StoreAVX2
+
+ // Compute the number of iterations that will hash two blocks of data
+ MOVQ inl, tmpStoreAVX2
+ MOVQ inl, itr1
+ SUBQ $256, itr1
+ SHRQ $4, itr1
+ ADDQ $6, itr1
+ MOVQ $10, itr2
+ CMPQ itr1, $10
+ CMOVQGT itr2, itr1
+ MOVQ inp, inl
+ XORQ itr2, itr2
+
+ // Perform ChaCha rounds, while hashing the remaining input
+openAVX2Tail384LoopB:
+ polyAdd(0(inl))
+ polyMulAVX2
+ LEAQ 16(inl), inl
+
+openAVX2Tail384LoopA:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+ polyAdd(0(inl))
+ polyMulAVX2
+ LEAQ 16(inl), inl
+ INCQ itr2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+
+ CMPQ itr2, itr1
+ JB openAVX2Tail384LoopB
+
+ CMPQ itr2, $10
+ JNE openAVX2Tail384LoopA
+
+ MOVQ inl, itr2
+ SUBQ inp, inl
+ MOVQ inl, itr1
+ MOVQ tmpStoreAVX2, inl
+
+openAVX2Tail384Hash:
+ ADDQ $16, itr1
+ CMPQ itr1, inl
+ JGT openAVX2Tail384HashEnd
+ polyAdd(0(itr2))
+ polyMulAVX2
+ LEAQ 16(itr2), itr2
+ JMP openAVX2Tail384Hash
+
+// Store 256 bytes safely, then go to store loop
+openAVX2Tail384HashEnd:
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2
+ VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2
+ VPERM2I128 $0x02, AA0, BB0, TT0; VPERM2I128 $0x02, CC0, DD0, TT1; VPERM2I128 $0x13, AA0, BB0, TT2; VPERM2I128 $0x13, CC0, DD0, TT3
+ VPXOR (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3
+ VMOVDQU TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup)
+ VPERM2I128 $0x02, AA1, BB1, TT0; VPERM2I128 $0x02, CC1, DD1, TT1; VPERM2I128 $0x13, AA1, BB1, TT2; VPERM2I128 $0x13, CC1, DD1, TT3
+ VPXOR (4*32)(inp), TT0, TT0; VPXOR (5*32)(inp), TT1, TT1; VPXOR (6*32)(inp), TT2, TT2; VPXOR (7*32)(inp), TT3, TT3
+ VMOVDQU TT0, (4*32)(oup); VMOVDQU TT1, (5*32)(oup); VMOVDQU TT2, (6*32)(oup); VMOVDQU TT3, (7*32)(oup)
+ VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+ LEAQ (8*32)(inp), inp
+ LEAQ (8*32)(oup), oup
+ SUBQ $8*32, inl
+ JMP openAVX2TailLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 512 bytes of ciphertext
+openAVX2Tail512:
+ VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+ VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+ VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+ XORQ itr1, itr1
+ MOVQ inp, itr2
+
+openAVX2Tail512LoopB:
+ polyAdd(0(itr2))
+ polyMulAVX2
+ LEAQ (2*8)(itr2), itr2
+
+openAVX2Tail512LoopA:
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyAdd(0*8(itr2))
+ polyMulAVX2
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ polyAdd(2*8(itr2))
+ polyMulAVX2
+ LEAQ (4*8)(itr2), itr2
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+ INCQ itr1
+ CMPQ itr1, $4
+ JLT openAVX2Tail512LoopB
+
+ CMPQ itr1, $10
+ JNE openAVX2Tail512LoopA
+
+ MOVQ inl, itr1
+ SUBQ $384, itr1
+ ANDQ $-16, itr1
+
+openAVX2Tail512HashLoop:
+ TESTQ itr1, itr1
+ JE openAVX2Tail512HashEnd
+ polyAdd(0(itr2))
+ polyMulAVX2
+ LEAQ 16(itr2), itr2
+ SUBQ $16, itr1
+ JMP openAVX2Tail512HashLoop
+
+openAVX2Tail512HashEnd:
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+ VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0
+ VPXOR (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0
+ VMOVDQU CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup)
+ VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+ VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+ VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+ VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+ VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+ VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+ VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+
+ LEAQ (12*32)(inp), inp
+ LEAQ (12*32)(oup), oup
+ SUBQ $12*32, inl
+
+ JMP openAVX2TailLoop
+
+// ----------------------------------------------------------------------------
+// ----------------------------------------------------------------------------
+// func chacha20Poly1305Seal(dst, key, src, ad []byte)
+TEXT ·chacha20Poly1305Seal(SB), 0, $288-96
+ // For aligned stack access
+ MOVQ SP, BP
+ ADDQ $32, BP
+ ANDQ $-32, BP
+ MOVQ dst+0(FP), oup
+ MOVQ key+24(FP), keyp
+ MOVQ src+48(FP), inp
+ MOVQ src_len+56(FP), inl
+ MOVQ ad+72(FP), adp
+
+ CMPB ·useAVX2(SB), $1
+ JE chacha20Poly1305Seal_AVX2
+
+ // Special optimization, for very short buffers
+ CMPQ inl, $128
+ JBE sealSSE128 // About 15% faster
+
+ // In the seal case - prepare the poly key + 3 blocks of stream in the first iteration
+ MOVOU ·chacha20Constants<>(SB), A0
+ MOVOU (1*16)(keyp), B0
+ MOVOU (2*16)(keyp), C0
+ MOVOU (3*16)(keyp), D0
+
+ // Store state on stack for future use
+ MOVO B0, state1Store
+ MOVO C0, state2Store
+
+ // Load state, increment counter blocks
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+ MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+ MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+ // Store counters
+ MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+ MOVQ $10, itr2
+
+sealSSEIntroLoop:
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left
+ shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left
+ shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left
+
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+ shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+ shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+ DECQ itr2
+ JNE sealSSEIntroLoop
+
+ // Add in the state
+ PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+ PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+ PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+ PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+
+ // Clamp and store the key
+ PAND ·polyClampMask<>(SB), A0
+ MOVO A0, rStore
+ MOVO B0, sStore
+
+ // Hash AAD
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+
+ MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0
+ PXOR A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1
+ MOVOU A1, (0*16)(oup); MOVOU B1, (1*16)(oup); MOVOU C1, (2*16)(oup); MOVOU D1, (3*16)(oup)
+ MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0
+ PXOR A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2
+ MOVOU A2, (4*16)(oup); MOVOU B2, (5*16)(oup); MOVOU C2, (6*16)(oup); MOVOU D2, (7*16)(oup)
+
+ MOVQ $128, itr1
+ SUBQ $128, inl
+ LEAQ 128(inp), inp
+
+ MOVO A3, A1; MOVO B3, B1; MOVO C3, C1; MOVO D3, D1
+
+ CMPQ inl, $64
+ JBE sealSSE128SealHash
+
+ MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0
+ PXOR A0, A3; PXOR B0, B3; PXOR C0, C3; PXOR D0, D3
+ MOVOU A3, (8*16)(oup); MOVOU B3, (9*16)(oup); MOVOU C3, (10*16)(oup); MOVOU D3, (11*16)(oup)
+
+ ADDQ $64, itr1
+ SUBQ $64, inl
+ LEAQ 64(inp), inp
+
+ MOVQ $2, itr1
+ MOVQ $8, itr2
+
+ CMPQ inl, $64
+ JBE sealSSETail64
+ CMPQ inl, $128
+ JBE sealSSETail128
+ CMPQ inl, $192
+ JBE sealSSETail192
+
+sealSSEMainLoop:
+ // Load state, increment counter blocks
+ MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+ MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+ MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+ // Store counters
+ MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+
+sealSSEInnerLoop:
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ polyAdd(0(oup))
+ shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left
+ shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left
+ shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left
+ polyMulStage1
+ polyMulStage2
+ LEAQ (2*8)(oup), oup
+ MOVO C3, tmpStore
+ chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+ MOVO tmpStore, C3
+ MOVO C1, tmpStore
+ polyMulStage3
+ chachaQR(A3, B3, C3, D3, C1)
+ MOVO tmpStore, C1
+ polyMulReduceStage
+ shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+ shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+ shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+ DECQ itr2
+ JGE sealSSEInnerLoop
+ polyAdd(0(oup))
+ polyMul
+ LEAQ (2*8)(oup), oup
+ DECQ itr1
+ JG sealSSEInnerLoop
+
+ // Add in the state
+ PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+ PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+ PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+ PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+ MOVO D3, tmpStore
+
+ // Load - xor - store
+ MOVOU (0*16)(inp), D3; PXOR D3, A0
+ MOVOU (1*16)(inp), D3; PXOR D3, B0
+ MOVOU (2*16)(inp), D3; PXOR D3, C0
+ MOVOU (3*16)(inp), D3; PXOR D3, D0
+ MOVOU A0, (0*16)(oup)
+ MOVOU B0, (1*16)(oup)
+ MOVOU C0, (2*16)(oup)
+ MOVOU D0, (3*16)(oup)
+ MOVO tmpStore, D3
+
+ MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0
+ PXOR A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1
+ MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+ MOVOU (8*16)(inp), A0; MOVOU (9*16)(inp), B0; MOVOU (10*16)(inp), C0; MOVOU (11*16)(inp), D0
+ PXOR A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2
+ MOVOU A2, (8*16)(oup); MOVOU B2, (9*16)(oup); MOVOU C2, (10*16)(oup); MOVOU D2, (11*16)(oup)
+ ADDQ $192, inp
+ MOVQ $192, itr1
+ SUBQ $192, inl
+ MOVO A3, A1
+ MOVO B3, B1
+ MOVO C3, C1
+ MOVO D3, D1
+ CMPQ inl, $64
+ JBE sealSSE128SealHash
+ MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0
+ PXOR A0, A3; PXOR B0, B3; PXOR C0, C3; PXOR D0, D3
+ MOVOU A3, (12*16)(oup); MOVOU B3, (13*16)(oup); MOVOU C3, (14*16)(oup); MOVOU D3, (15*16)(oup)
+ LEAQ 64(inp), inp
+ SUBQ $64, inl
+ MOVQ $6, itr1
+ MOVQ $4, itr2
+ CMPQ inl, $192
+ JG sealSSEMainLoop
+
+ MOVQ inl, itr1
+ TESTQ inl, inl
+ JE sealSSE128SealHash
+ MOVQ $6, itr1
+ CMPQ inl, $64
+ JBE sealSSETail64
+ CMPQ inl, $128
+ JBE sealSSETail128
+ JMP sealSSETail192
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 64 bytes of plaintext
+sealSSETail64:
+ // Need to encrypt up to 64 bytes - prepare single block, hash 192 or 256 bytes
+ MOVO ·chacha20Constants<>(SB), A1
+ MOVO state1Store, B1
+ MOVO state2Store, C1
+ MOVO ctr3Store, D1
+ PADDL ·sseIncMask<>(SB), D1
+ MOVO D1, ctr0Store
+
+sealSSETail64LoopA:
+ // Perform ChaCha rounds, while hashing the previously encrypted ciphertext
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+sealSSETail64LoopB:
+ chachaQR(A1, B1, C1, D1, T1)
+ shiftB1Left; shiftC1Left; shiftD1Left
+ chachaQR(A1, B1, C1, D1, T1)
+ shiftB1Right; shiftC1Right; shiftD1Right
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+ DECQ itr1
+ JG sealSSETail64LoopA
+
+ DECQ itr2
+ JGE sealSSETail64LoopB
+ PADDL ·chacha20Constants<>(SB), A1
+ PADDL state1Store, B1
+ PADDL state2Store, C1
+ PADDL ctr0Store, D1
+
+ JMP sealSSE128Seal
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of plaintext
+sealSSETail128:
+ // Need to encrypt up to 128 bytes - prepare two blocks, hash 192 or 256 bytes
+ MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store
+
+sealSSETail128LoopA:
+ // Perform ChaCha rounds, while hashing the previously encrypted ciphertext
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+sealSSETail128LoopB:
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+ shiftB0Left; shiftC0Left; shiftD0Left
+ shiftB1Left; shiftC1Left; shiftD1Left
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+ shiftB0Right; shiftC0Right; shiftD0Right
+ shiftB1Right; shiftC1Right; shiftD1Right
+
+ DECQ itr1
+ JG sealSSETail128LoopA
+
+ DECQ itr2
+ JGE sealSSETail128LoopB
+
+ PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1
+ PADDL state1Store, B0; PADDL state1Store, B1
+ PADDL state2Store, C0; PADDL state2Store, C1
+ PADDL ctr0Store, D0; PADDL ctr1Store, D1
+
+ MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+ PXOR T0, A0; PXOR T1, B0; PXOR T2, C0; PXOR T3, D0
+ MOVOU A0, (0*16)(oup); MOVOU B0, (1*16)(oup); MOVOU C0, (2*16)(oup); MOVOU D0, (3*16)(oup)
+
+ MOVQ $64, itr1
+ LEAQ 64(inp), inp
+ SUBQ $64, inl
+
+ JMP sealSSE128SealHash
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 192 bytes of plaintext
+sealSSETail192:
+ // Need to encrypt up to 192 bytes - prepare three blocks, hash 192 or 256 bytes
+ MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store
+ MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2; MOVO D2, ctr2Store
+
+sealSSETail192LoopA:
+ // Perform ChaCha rounds, while hashing the previously encrypted ciphertext
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+sealSSETail192LoopB:
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Left; shiftC0Left; shiftD0Left
+ shiftB1Left; shiftC1Left; shiftD1Left
+ shiftB2Left; shiftC2Left; shiftD2Left
+
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Right; shiftC0Right; shiftD0Right
+ shiftB1Right; shiftC1Right; shiftD1Right
+ shiftB2Right; shiftC2Right; shiftD2Right
+
+ DECQ itr1
+ JG sealSSETail192LoopA
+
+ DECQ itr2
+ JGE sealSSETail192LoopB
+
+ PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+ PADDL state1Store, B0; PADDL state1Store, B1; PADDL state1Store, B2
+ PADDL state2Store, C0; PADDL state2Store, C1; PADDL state2Store, C2
+ PADDL ctr0Store, D0; PADDL ctr1Store, D1; PADDL ctr2Store, D2
+
+ MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+ PXOR T0, A0; PXOR T1, B0; PXOR T2, C0; PXOR T3, D0
+ MOVOU A0, (0*16)(oup); MOVOU B0, (1*16)(oup); MOVOU C0, (2*16)(oup); MOVOU D0, (3*16)(oup)
+ MOVOU (4*16)(inp), T0; MOVOU (5*16)(inp), T1; MOVOU (6*16)(inp), T2; MOVOU (7*16)(inp), T3
+ PXOR T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1
+ MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+
+ MOVO A2, A1
+ MOVO B2, B1
+ MOVO C2, C1
+ MOVO D2, D1
+ MOVQ $128, itr1
+ LEAQ 128(inp), inp
+ SUBQ $128, inl
+
+ JMP sealSSE128SealHash
+
+// ----------------------------------------------------------------------------
+// Special seal optimization for buffers smaller than 129 bytes
+sealSSE128:
+ // For up to 128 bytes of ciphertext and 64 bytes for the poly key, we require to process three blocks
+ MOVOU ·chacha20Constants<>(SB), A0; MOVOU (1*16)(keyp), B0; MOVOU (2*16)(keyp), C0; MOVOU (3*16)(keyp), D0
+ MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+ MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+ MOVO B0, T1; MOVO C0, T2; MOVO D1, T3
+ MOVQ $10, itr2
+
+sealSSE128InnerCipherLoop:
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Left; shiftB1Left; shiftB2Left
+ shiftC0Left; shiftC1Left; shiftC2Left
+ shiftD0Left; shiftD1Left; shiftD2Left
+ chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+ shiftB0Right; shiftB1Right; shiftB2Right
+ shiftC0Right; shiftC1Right; shiftC2Right
+ shiftD0Right; shiftD1Right; shiftD2Right
+ DECQ itr2
+ JNE sealSSE128InnerCipherLoop
+
+ // A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded
+ PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+ PADDL T1, B0; PADDL T1, B1; PADDL T1, B2
+ PADDL T2, C1; PADDL T2, C2
+ PADDL T3, D1; PADDL ·sseIncMask<>(SB), T3; PADDL T3, D2
+ PAND ·polyClampMask<>(SB), A0
+ MOVOU A0, rStore
+ MOVOU B0, sStore
+
+ // Hash
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+ XORQ itr1, itr1
+
+sealSSE128SealHash:
+ // itr1 holds the number of bytes encrypted but not yet hashed
+ CMPQ itr1, $16
+ JB sealSSE128Seal
+ polyAdd(0(oup))
+ polyMul
+
+ SUBQ $16, itr1
+ ADDQ $16, oup
+
+ JMP sealSSE128SealHash
+
+sealSSE128Seal:
+ CMPQ inl, $16
+ JB sealSSETail
+ SUBQ $16, inl
+
+ // Load for decryption
+ MOVOU (inp), T0
+ PXOR T0, A1
+ MOVOU A1, (oup)
+ LEAQ (1*16)(inp), inp
+ LEAQ (1*16)(oup), oup
+
+ // Extract for hashing
+ MOVQ A1, t0
+ PSRLDQ $8, A1
+ MOVQ A1, t1
+ ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+ polyMul
+
+ // Shift the stream "left"
+ MOVO B1, A1
+ MOVO C1, B1
+ MOVO D1, C1
+ MOVO A2, D1
+ MOVO B2, A2
+ MOVO C2, B2
+ MOVO D2, C2
+ JMP sealSSE128Seal
+
+sealSSETail:
+ TESTQ inl, inl
+ JE sealSSEFinalize
+
+ // We can only load the PT one byte at a time to avoid read after end of buffer
+ MOVQ inl, itr2
+ SHLQ $4, itr2
+ LEAQ ·andMask<>(SB), t0
+ MOVQ inl, itr1
+ LEAQ -1(inp)(inl*1), inp
+ XORQ t2, t2
+ XORQ t3, t3
+ XORQ AX, AX
+
+sealSSETailLoadLoop:
+ SHLQ $8, t2, t3
+ SHLQ $8, t2
+ MOVB (inp), AX
+ XORQ AX, t2
+ LEAQ -1(inp), inp
+ DECQ itr1
+ JNE sealSSETailLoadLoop
+ MOVQ t2, 0+tmpStore
+ MOVQ t3, 8+tmpStore
+ PXOR 0+tmpStore, A1
+ MOVOU A1, (oup)
+ MOVOU -16(t0)(itr2*1), T0
+ PAND T0, A1
+ MOVQ A1, t0
+ PSRLDQ $8, A1
+ MOVQ A1, t1
+ ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+ polyMul
+
+ ADDQ inl, oup
+
+sealSSEFinalize:
+ // Hash in the buffer lengths
+ ADDQ ad_len+80(FP), acc0
+ ADCQ src_len+56(FP), acc1
+ ADCQ $1, acc2
+ polyMul
+
+ // Final reduce
+ MOVQ acc0, t0
+ MOVQ acc1, t1
+ MOVQ acc2, t2
+ SUBQ $-5, acc0
+ SBBQ $-1, acc1
+ SBBQ $3, acc2
+ CMOVQCS t0, acc0
+ CMOVQCS t1, acc1
+ CMOVQCS t2, acc2
+
+ // Add in the "s" part of the key
+ ADDQ 0+sStore, acc0
+ ADCQ 8+sStore, acc1
+
+ // Finally store the tag at the end of the message
+ MOVQ acc0, (0*8)(oup)
+ MOVQ acc1, (1*8)(oup)
+ RET
+
+// ----------------------------------------------------------------------------
+// ------------------------- AVX2 Code ----------------------------------------
+chacha20Poly1305Seal_AVX2:
+ VZEROUPPER
+ VMOVDQU ·chacha20Constants<>(SB), AA0
+ BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x70; BYTE $0x10 // broadcasti128 16(r8), ymm14
+ BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x20 // broadcasti128 32(r8), ymm12
+ BYTE $0xc4; BYTE $0xc2; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x30 // broadcasti128 48(r8), ymm4
+ VPADDD ·avx2InitMask<>(SB), DD0, DD0
+
+ // Special optimizations, for very short buffers
+ CMPQ inl, $192
+ JBE seal192AVX2 // 33% faster
+ CMPQ inl, $320
+ JBE seal320AVX2 // 17% faster
+
+ // For the general key prepare the key first - as a byproduct we have 64 bytes of cipher stream
+ VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+ VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3; VMOVDQA BB0, state1StoreAVX2
+ VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3; VMOVDQA CC0, state2StoreAVX2
+ VPADDD ·avx2IncMask<>(SB), DD0, DD1; VMOVDQA DD0, ctr0StoreAVX2
+ VPADDD ·avx2IncMask<>(SB), DD1, DD2; VMOVDQA DD1, ctr1StoreAVX2
+ VPADDD ·avx2IncMask<>(SB), DD2, DD3; VMOVDQA DD2, ctr2StoreAVX2
+ VMOVDQA DD3, ctr3StoreAVX2
+ MOVQ $10, itr2
+
+sealAVX2IntroLoop:
+ VMOVDQA CC3, tmpStoreAVX2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+ VMOVDQA tmpStoreAVX2, CC3
+ VMOVDQA CC1, tmpStoreAVX2
+ chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+ VMOVDQA tmpStoreAVX2, CC1
+
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0
+ VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $12, DD1, DD1, DD1
+ VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $12, DD2, DD2, DD2
+ VPALIGNR $4, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $12, DD3, DD3, DD3
+
+ VMOVDQA CC3, tmpStoreAVX2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+ VMOVDQA tmpStoreAVX2, CC3
+ VMOVDQA CC1, tmpStoreAVX2
+ chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+ VMOVDQA tmpStoreAVX2, CC1
+
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0
+ VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $4, DD1, DD1, DD1
+ VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $4, DD2, DD2, DD2
+ VPALIGNR $12, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $4, DD3, DD3, DD3
+ DECQ itr2
+ JNE sealAVX2IntroLoop
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+ VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+
+ VPERM2I128 $0x13, CC0, DD0, CC0 // Stream bytes 96 - 127
+ VPERM2I128 $0x02, AA0, BB0, DD0 // The Poly1305 key
+ VPERM2I128 $0x13, AA0, BB0, AA0 // Stream bytes 64 - 95
+
+ // Clamp and store poly key
+ VPAND ·polyClampMask<>(SB), DD0, DD0
+ VMOVDQA DD0, rsStoreAVX2
+
+ // Hash AD
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+
+ // Can store at least 320 bytes
+ VPXOR (0*32)(inp), AA0, AA0
+ VPXOR (1*32)(inp), CC0, CC0
+ VMOVDQU AA0, (0*32)(oup)
+ VMOVDQU CC0, (1*32)(oup)
+
+ VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+ VPXOR (2*32)(inp), AA0, AA0; VPXOR (3*32)(inp), BB0, BB0; VPXOR (4*32)(inp), CC0, CC0; VPXOR (5*32)(inp), DD0, DD0
+ VMOVDQU AA0, (2*32)(oup); VMOVDQU BB0, (3*32)(oup); VMOVDQU CC0, (4*32)(oup); VMOVDQU DD0, (5*32)(oup)
+ VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+ VPXOR (6*32)(inp), AA0, AA0; VPXOR (7*32)(inp), BB0, BB0; VPXOR (8*32)(inp), CC0, CC0; VPXOR (9*32)(inp), DD0, DD0
+ VMOVDQU AA0, (6*32)(oup); VMOVDQU BB0, (7*32)(oup); VMOVDQU CC0, (8*32)(oup); VMOVDQU DD0, (9*32)(oup)
+
+ MOVQ $320, itr1
+ SUBQ $320, inl
+ LEAQ 320(inp), inp
+
+ VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, CC3, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, CC3, DD3, DD0
+ CMPQ inl, $128
+ JBE sealAVX2SealHash
+
+ VPXOR (0*32)(inp), AA0, AA0; VPXOR (1*32)(inp), BB0, BB0; VPXOR (2*32)(inp), CC0, CC0; VPXOR (3*32)(inp), DD0, DD0
+ VMOVDQU AA0, (10*32)(oup); VMOVDQU BB0, (11*32)(oup); VMOVDQU CC0, (12*32)(oup); VMOVDQU DD0, (13*32)(oup)
+ SUBQ $128, inl
+ LEAQ 128(inp), inp
+
+ MOVQ $8, itr1
+ MOVQ $2, itr2
+
+ CMPQ inl, $128
+ JBE sealAVX2Tail128
+ CMPQ inl, $256
+ JBE sealAVX2Tail256
+ CMPQ inl, $384
+ JBE sealAVX2Tail384
+ CMPQ inl, $512
+ JBE sealAVX2Tail512
+
+ // We have 448 bytes to hash, but main loop hashes 512 bytes at a time - perform some rounds, before the main loop
+ VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+ VMOVDQA ctr3StoreAVX2, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+ VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+
+ VMOVDQA CC3, tmpStoreAVX2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+ VMOVDQA tmpStoreAVX2, CC3
+ VMOVDQA CC1, tmpStoreAVX2
+ chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+ VMOVDQA tmpStoreAVX2, CC1
+
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0
+ VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $12, DD1, DD1, DD1
+ VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $12, DD2, DD2, DD2
+ VPALIGNR $4, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $12, DD3, DD3, DD3
+
+ VMOVDQA CC3, tmpStoreAVX2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+ VMOVDQA tmpStoreAVX2, CC3
+ VMOVDQA CC1, tmpStoreAVX2
+ chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+ VMOVDQA tmpStoreAVX2, CC1
+
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0
+ VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $4, DD1, DD1, DD1
+ VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $4, DD2, DD2, DD2
+ VPALIGNR $12, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $4, DD3, DD3, DD3
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+
+ SUBQ $16, oup // Adjust the pointer
+ MOVQ $9, itr1
+ JMP sealAVX2InternalLoopStart
+
+sealAVX2MainLoop:
+ // Load state, increment counter blocks, store the incremented counters
+ VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+ VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+ VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+ MOVQ $10, itr1
+
+sealAVX2InternalLoop:
+ polyAdd(0*8(oup))
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ polyMulStage1_AVX2
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ polyMulStage2_AVX2
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ polyMulStage3_AVX2
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulReduceStage
+
+sealAVX2InternalLoopStart:
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ polyAdd(2*8(oup))
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ polyMulStage1_AVX2
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulStage2_AVX2
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ polyMulStage3_AVX2
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ polyMulReduceStage
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ polyAdd(4*8(oup))
+ LEAQ (6*8)(oup), oup
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulStage1_AVX2
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ polyMulStage2_AVX2
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ polyMulStage3_AVX2
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyMulReduceStage
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+ DECQ itr1
+ JNE sealAVX2InternalLoop
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+ VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+ VMOVDQA CC3, tmpStoreAVX2
+
+ // We only hashed 480 of the 512 bytes available - hash the remaining 32 here
+ polyAdd(0*8(oup))
+ polyMulAVX2
+ LEAQ (4*8)(oup), oup
+ VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0
+ VPXOR (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0
+ VMOVDQU CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup)
+ VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+ VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+ VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+
+ // and here
+ polyAdd(-2*8(oup))
+ polyMulAVX2
+ VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+ VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+ VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+ VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+ VPXOR (12*32)(inp), AA0, AA0; VPXOR (13*32)(inp), BB0, BB0; VPXOR (14*32)(inp), CC0, CC0; VPXOR (15*32)(inp), DD0, DD0
+ VMOVDQU AA0, (12*32)(oup); VMOVDQU BB0, (13*32)(oup); VMOVDQU CC0, (14*32)(oup); VMOVDQU DD0, (15*32)(oup)
+ LEAQ (32*16)(inp), inp
+ SUBQ $(32*16), inl
+ CMPQ inl, $512
+ JG sealAVX2MainLoop
+
+ // Tail can only hash 480 bytes
+ polyAdd(0*8(oup))
+ polyMulAVX2
+ polyAdd(2*8(oup))
+ polyMulAVX2
+ LEAQ 32(oup), oup
+
+ MOVQ $10, itr1
+ MOVQ $0, itr2
+ CMPQ inl, $128
+ JBE sealAVX2Tail128
+ CMPQ inl, $256
+ JBE sealAVX2Tail256
+ CMPQ inl, $384
+ JBE sealAVX2Tail384
+ JMP sealAVX2Tail512
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 193 bytes
+seal192AVX2:
+ // For up to 192 bytes of ciphertext and 64 bytes for the poly key, we process four blocks
+ VMOVDQA AA0, AA1
+ VMOVDQA BB0, BB1
+ VMOVDQA CC0, CC1
+ VPADDD ·avx2IncMask<>(SB), DD0, DD1
+ VMOVDQA AA0, AA2
+ VMOVDQA BB0, BB2
+ VMOVDQA CC0, CC2
+ VMOVDQA DD0, DD2
+ VMOVDQA DD1, TT3
+ MOVQ $10, itr2
+
+sealAVX2192InnerCipherLoop:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+ DECQ itr2
+ JNE sealAVX2192InnerCipherLoop
+ VPADDD AA2, AA0, AA0; VPADDD AA2, AA1, AA1
+ VPADDD BB2, BB0, BB0; VPADDD BB2, BB1, BB1
+ VPADDD CC2, CC0, CC0; VPADDD CC2, CC1, CC1
+ VPADDD DD2, DD0, DD0; VPADDD TT3, DD1, DD1
+ VPERM2I128 $0x02, AA0, BB0, TT0
+
+ // Clamp and store poly key
+ VPAND ·polyClampMask<>(SB), TT0, TT0
+ VMOVDQA TT0, rsStoreAVX2
+
+ // Stream for up to 192 bytes
+ VPERM2I128 $0x13, AA0, BB0, AA0
+ VPERM2I128 $0x13, CC0, DD0, BB0
+ VPERM2I128 $0x02, AA1, BB1, CC0
+ VPERM2I128 $0x02, CC1, DD1, DD0
+ VPERM2I128 $0x13, AA1, BB1, AA1
+ VPERM2I128 $0x13, CC1, DD1, BB1
+
+sealAVX2ShortSeal:
+ // Hash aad
+ MOVQ ad_len+80(FP), itr2
+ CALL polyHashADInternal<>(SB)
+ XORQ itr1, itr1
+
+sealAVX2SealHash:
+ // itr1 holds the number of bytes encrypted but not yet hashed
+ CMPQ itr1, $16
+ JB sealAVX2ShortSealLoop
+ polyAdd(0(oup))
+ polyMul
+ SUBQ $16, itr1
+ ADDQ $16, oup
+ JMP sealAVX2SealHash
+
+sealAVX2ShortSealLoop:
+ CMPQ inl, $32
+ JB sealAVX2ShortTail32
+ SUBQ $32, inl
+
+ // Load for encryption
+ VPXOR (inp), AA0, AA0
+ VMOVDQU AA0, (oup)
+ LEAQ (1*32)(inp), inp
+
+ // Now can hash
+ polyAdd(0*8(oup))
+ polyMulAVX2
+ polyAdd(2*8(oup))
+ polyMulAVX2
+ LEAQ (1*32)(oup), oup
+
+ // Shift stream left
+ VMOVDQA BB0, AA0
+ VMOVDQA CC0, BB0
+ VMOVDQA DD0, CC0
+ VMOVDQA AA1, DD0
+ VMOVDQA BB1, AA1
+ VMOVDQA CC1, BB1
+ VMOVDQA DD1, CC1
+ VMOVDQA AA2, DD1
+ VMOVDQA BB2, AA2
+ JMP sealAVX2ShortSealLoop
+
+sealAVX2ShortTail32:
+ CMPQ inl, $16
+ VMOVDQA A0, A1
+ JB sealAVX2ShortDone
+
+ SUBQ $16, inl
+
+ // Load for encryption
+ VPXOR (inp), A0, T0
+ VMOVDQU T0, (oup)
+ LEAQ (1*16)(inp), inp
+
+ // Hash
+ polyAdd(0*8(oup))
+ polyMulAVX2
+ LEAQ (1*16)(oup), oup
+ VPERM2I128 $0x11, AA0, AA0, AA0
+ VMOVDQA A0, A1
+
+sealAVX2ShortDone:
+ VZEROUPPER
+ JMP sealSSETail
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 321 bytes
+seal320AVX2:
+ // For up to 320 bytes of ciphertext and 64 bytes for the poly key, we process six blocks
+ VMOVDQA AA0, AA1; VMOVDQA BB0, BB1; VMOVDQA CC0, CC1; VPADDD ·avx2IncMask<>(SB), DD0, DD1
+ VMOVDQA AA0, AA2; VMOVDQA BB0, BB2; VMOVDQA CC0, CC2; VPADDD ·avx2IncMask<>(SB), DD1, DD2
+ VMOVDQA BB0, TT1; VMOVDQA CC0, TT2; VMOVDQA DD0, TT3
+ MOVQ $10, itr2
+
+sealAVX2320InnerCipherLoop:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+ DECQ itr2
+ JNE sealAVX2320InnerCipherLoop
+
+ VMOVDQA ·chacha20Constants<>(SB), TT0
+ VPADDD TT0, AA0, AA0; VPADDD TT0, AA1, AA1; VPADDD TT0, AA2, AA2
+ VPADDD TT1, BB0, BB0; VPADDD TT1, BB1, BB1; VPADDD TT1, BB2, BB2
+ VPADDD TT2, CC0, CC0; VPADDD TT2, CC1, CC1; VPADDD TT2, CC2, CC2
+ VMOVDQA ·avx2IncMask<>(SB), TT0
+ VPADDD TT3, DD0, DD0; VPADDD TT0, TT3, TT3
+ VPADDD TT3, DD1, DD1; VPADDD TT0, TT3, TT3
+ VPADDD TT3, DD2, DD2
+
+ // Clamp and store poly key
+ VPERM2I128 $0x02, AA0, BB0, TT0
+ VPAND ·polyClampMask<>(SB), TT0, TT0
+ VMOVDQA TT0, rsStoreAVX2
+
+ // Stream for up to 320 bytes
+ VPERM2I128 $0x13, AA0, BB0, AA0
+ VPERM2I128 $0x13, CC0, DD0, BB0
+ VPERM2I128 $0x02, AA1, BB1, CC0
+ VPERM2I128 $0x02, CC1, DD1, DD0
+ VPERM2I128 $0x13, AA1, BB1, AA1
+ VPERM2I128 $0x13, CC1, DD1, BB1
+ VPERM2I128 $0x02, AA2, BB2, CC1
+ VPERM2I128 $0x02, CC2, DD2, DD1
+ VPERM2I128 $0x13, AA2, BB2, AA2
+ VPERM2I128 $0x13, CC2, DD2, BB2
+ JMP sealAVX2ShortSeal
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of ciphertext
+sealAVX2Tail128:
+ // Need to decrypt up to 128 bytes - prepare two blocks
+ // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+ // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+ VMOVDQA ·chacha20Constants<>(SB), AA0
+ VMOVDQA state1StoreAVX2, BB0
+ VMOVDQA state2StoreAVX2, CC0
+ VMOVDQA ctr3StoreAVX2, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD0
+ VMOVDQA DD0, DD1
+
+sealAVX2Tail128LoopA:
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+sealAVX2Tail128LoopB:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+ polyAdd(0(oup))
+ polyMul
+ VPALIGNR $4, BB0, BB0, BB0
+ VPALIGNR $8, CC0, CC0, CC0
+ VPALIGNR $12, DD0, DD0, DD0
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+ polyAdd(16(oup))
+ polyMul
+ LEAQ 32(oup), oup
+ VPALIGNR $12, BB0, BB0, BB0
+ VPALIGNR $8, CC0, CC0, CC0
+ VPALIGNR $4, DD0, DD0, DD0
+ DECQ itr1
+ JG sealAVX2Tail128LoopA
+ DECQ itr2
+ JGE sealAVX2Tail128LoopB
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA1
+ VPADDD state1StoreAVX2, BB0, BB1
+ VPADDD state2StoreAVX2, CC0, CC1
+ VPADDD DD1, DD0, DD1
+
+ VPERM2I128 $0x02, AA1, BB1, AA0
+ VPERM2I128 $0x02, CC1, DD1, BB0
+ VPERM2I128 $0x13, AA1, BB1, CC0
+ VPERM2I128 $0x13, CC1, DD1, DD0
+ JMP sealAVX2ShortSealLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 256 bytes of ciphertext
+sealAVX2Tail256:
+ // Need to decrypt up to 256 bytes - prepare two blocks
+ // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+ // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+ VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA ·chacha20Constants<>(SB), AA1
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA state1StoreAVX2, BB1
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA state2StoreAVX2, CC1
+ VMOVDQA ctr3StoreAVX2, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD1
+ VMOVDQA DD0, TT1
+ VMOVDQA DD1, TT2
+
+sealAVX2Tail256LoopA:
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+sealAVX2Tail256LoopB:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ polyAdd(0(oup))
+ polyMul
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+ polyAdd(16(oup))
+ polyMul
+ LEAQ 32(oup), oup
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+ DECQ itr1
+ JG sealAVX2Tail256LoopA
+ DECQ itr2
+ JGE sealAVX2Tail256LoopB
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1
+ VPADDD TT1, DD0, DD0; VPADDD TT2, DD1, DD1
+ VPERM2I128 $0x02, AA0, BB0, TT0
+ VPERM2I128 $0x02, CC0, DD0, TT1
+ VPERM2I128 $0x13, AA0, BB0, TT2
+ VPERM2I128 $0x13, CC0, DD0, TT3
+ VPXOR (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3
+ VMOVDQU TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup)
+ MOVQ $128, itr1
+ LEAQ 128(inp), inp
+ SUBQ $128, inl
+ VPERM2I128 $0x02, AA1, BB1, AA0
+ VPERM2I128 $0x02, CC1, DD1, BB0
+ VPERM2I128 $0x13, AA1, BB1, CC0
+ VPERM2I128 $0x13, CC1, DD1, DD0
+
+ JMP sealAVX2SealHash
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 384 bytes of ciphertext
+sealAVX2Tail384:
+ // Need to decrypt up to 384 bytes - prepare two blocks
+ // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+ // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+ VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2
+ VMOVDQA ctr3StoreAVX2, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2
+ VMOVDQA DD0, TT1; VMOVDQA DD1, TT2; VMOVDQA DD2, TT3
+
+sealAVX2Tail384LoopA:
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+sealAVX2Tail384LoopB:
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ polyAdd(0(oup))
+ polyMul
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+ chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+ polyAdd(16(oup))
+ polyMul
+ LEAQ 32(oup), oup
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+ DECQ itr1
+ JG sealAVX2Tail384LoopA
+ DECQ itr2
+ JGE sealAVX2Tail384LoopB
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2
+ VPADDD TT1, DD0, DD0; VPADDD TT2, DD1, DD1; VPADDD TT3, DD2, DD2
+ VPERM2I128 $0x02, AA0, BB0, TT0
+ VPERM2I128 $0x02, CC0, DD0, TT1
+ VPERM2I128 $0x13, AA0, BB0, TT2
+ VPERM2I128 $0x13, CC0, DD0, TT3
+ VPXOR (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3
+ VMOVDQU TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup)
+ VPERM2I128 $0x02, AA1, BB1, TT0
+ VPERM2I128 $0x02, CC1, DD1, TT1
+ VPERM2I128 $0x13, AA1, BB1, TT2
+ VPERM2I128 $0x13, CC1, DD1, TT3
+ VPXOR (4*32)(inp), TT0, TT0; VPXOR (5*32)(inp), TT1, TT1; VPXOR (6*32)(inp), TT2, TT2; VPXOR (7*32)(inp), TT3, TT3
+ VMOVDQU TT0, (4*32)(oup); VMOVDQU TT1, (5*32)(oup); VMOVDQU TT2, (6*32)(oup); VMOVDQU TT3, (7*32)(oup)
+ MOVQ $256, itr1
+ LEAQ 256(inp), inp
+ SUBQ $256, inl
+ VPERM2I128 $0x02, AA2, BB2, AA0
+ VPERM2I128 $0x02, CC2, DD2, BB0
+ VPERM2I128 $0x13, AA2, BB2, CC0
+ VPERM2I128 $0x13, CC2, DD2, DD0
+
+ JMP sealAVX2SealHash
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 512 bytes of ciphertext
+sealAVX2Tail512:
+ // Need to decrypt up to 512 bytes - prepare two blocks
+ // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+ // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+ VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+ VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+ VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+ VMOVDQA ctr3StoreAVX2, DD0
+ VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+ VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+
+sealAVX2Tail512LoopA:
+ polyAdd(0(oup))
+ polyMul
+ LEAQ 16(oup), oup
+
+sealAVX2Tail512LoopB:
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ polyAdd(0*8(oup))
+ polyMulAVX2
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ polyAdd(2*8(oup))
+ polyMulAVX2
+ LEAQ (4*8)(oup), oup
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+ VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+ VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+ VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+ VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+ VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+ VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+ VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+ VMOVDQA tmpStoreAVX2, CC3
+ VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+ VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+ VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+
+ DECQ itr1
+ JG sealAVX2Tail512LoopA
+ DECQ itr2
+ JGE sealAVX2Tail512LoopB
+
+ VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+ VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+ VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+ VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+ VMOVDQA CC3, tmpStoreAVX2
+ VPERM2I128 $0x02, AA0, BB0, CC3
+ VPXOR (0*32)(inp), CC3, CC3
+ VMOVDQU CC3, (0*32)(oup)
+ VPERM2I128 $0x02, CC0, DD0, CC3
+ VPXOR (1*32)(inp), CC3, CC3
+ VMOVDQU CC3, (1*32)(oup)
+ VPERM2I128 $0x13, AA0, BB0, CC3
+ VPXOR (2*32)(inp), CC3, CC3
+ VMOVDQU CC3, (2*32)(oup)
+ VPERM2I128 $0x13, CC0, DD0, CC3
+ VPXOR (3*32)(inp), CC3, CC3
+ VMOVDQU CC3, (3*32)(oup)
+
+ VPERM2I128 $0x02, AA1, BB1, AA0
+ VPERM2I128 $0x02, CC1, DD1, BB0
+ VPERM2I128 $0x13, AA1, BB1, CC0
+ VPERM2I128 $0x13, CC1, DD1, DD0
+ VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+ VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+
+ VPERM2I128 $0x02, AA2, BB2, AA0
+ VPERM2I128 $0x02, CC2, DD2, BB0
+ VPERM2I128 $0x13, AA2, BB2, CC0
+ VPERM2I128 $0x13, CC2, DD2, DD0
+ VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+ VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+
+ MOVQ $384, itr1
+ LEAQ 384(inp), inp
+ SUBQ $384, inl
+ VPERM2I128 $0x02, AA3, BB3, AA0
+ VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0
+ VPERM2I128 $0x13, AA3, BB3, CC0
+ VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+
+ JMP sealAVX2SealHash
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
new file mode 100644
index 0000000..c279712
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
@@ -0,0 +1,81 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package chacha20poly1305
+
+import (
+ "encoding/binary"
+
+ "golang.org/x/crypto/internal/chacha20"
+ "golang.org/x/crypto/internal/subtle"
+ "golang.org/x/crypto/poly1305"
+)
+
+func roundTo16(n int) int {
+ return 16 * ((n + 15) / 16)
+}
+
+func (c *chacha20poly1305) sealGeneric(dst, nonce, plaintext, additionalData []byte) []byte {
+ ret, out := sliceForAppend(dst, len(plaintext)+poly1305.TagSize)
+ if subtle.InexactOverlap(out, plaintext) {
+ panic("chacha20poly1305: invalid buffer overlap")
+ }
+
+ var polyKey [32]byte
+ s := chacha20.New(c.key, [3]uint32{
+ binary.LittleEndian.Uint32(nonce[0:4]),
+ binary.LittleEndian.Uint32(nonce[4:8]),
+ binary.LittleEndian.Uint32(nonce[8:12]),
+ })
+ s.XORKeyStream(polyKey[:], polyKey[:])
+ s.Advance() // skip the next 32 bytes
+ s.XORKeyStream(out, plaintext)
+
+ polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(plaintext))+8+8)
+ copy(polyInput, additionalData)
+ copy(polyInput[roundTo16(len(additionalData)):], out[:len(plaintext)])
+ binary.LittleEndian.PutUint64(polyInput[len(polyInput)-16:], uint64(len(additionalData)))
+ binary.LittleEndian.PutUint64(polyInput[len(polyInput)-8:], uint64(len(plaintext)))
+
+ var tag [poly1305.TagSize]byte
+ poly1305.Sum(&tag, polyInput, &polyKey)
+ copy(out[len(plaintext):], tag[:])
+
+ return ret
+}
+
+func (c *chacha20poly1305) openGeneric(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+ var tag [poly1305.TagSize]byte
+ copy(tag[:], ciphertext[len(ciphertext)-16:])
+ ciphertext = ciphertext[:len(ciphertext)-16]
+
+ var polyKey [32]byte
+ s := chacha20.New(c.key, [3]uint32{
+ binary.LittleEndian.Uint32(nonce[0:4]),
+ binary.LittleEndian.Uint32(nonce[4:8]),
+ binary.LittleEndian.Uint32(nonce[8:12]),
+ })
+ s.XORKeyStream(polyKey[:], polyKey[:])
+ s.Advance() // skip the next 32 bytes
+
+ polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(ciphertext))+8+8)
+ copy(polyInput, additionalData)
+ copy(polyInput[roundTo16(len(additionalData)):], ciphertext)
+ binary.LittleEndian.PutUint64(polyInput[len(polyInput)-16:], uint64(len(additionalData)))
+ binary.LittleEndian.PutUint64(polyInput[len(polyInput)-8:], uint64(len(ciphertext)))
+
+ ret, out := sliceForAppend(dst, len(ciphertext))
+ if subtle.InexactOverlap(out, ciphertext) {
+ panic("chacha20poly1305: invalid buffer overlap")
+ }
+ if !poly1305.Verify(&tag, polyInput, &polyKey) {
+ for i := range out {
+ out[i] = 0
+ }
+ return nil, errOpen
+ }
+
+ s.XORKeyStream(out, ciphertext)
+ return ret, nil
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
new file mode 100644
index 0000000..4c2eb70
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
@@ -0,0 +1,15 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !amd64 !go1.7 gccgo appengine
+
+package chacha20poly1305
+
+func (c *chacha20poly1305) seal(dst, nonce, plaintext, additionalData []byte) []byte {
+ return c.sealGeneric(dst, nonce, plaintext, additionalData)
+}
+
+func (c *chacha20poly1305) open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+ return c.openGeneric(dst, nonce, ciphertext, additionalData)
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go b/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go
new file mode 100644
index 0000000..a02fa57
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go
@@ -0,0 +1,104 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package chacha20poly1305
+
+import (
+ "crypto/cipher"
+ "encoding/binary"
+ "errors"
+
+ "golang.org/x/crypto/internal/chacha20"
+)
+
+type xchacha20poly1305 struct {
+ key [8]uint32
+}
+
+// NewX returns a XChaCha20-Poly1305 AEAD that uses the given 256-bit key.
+//
+// XChaCha20-Poly1305 is a ChaCha20-Poly1305 variant that takes a longer nonce,
+// suitable to be generated randomly without risk of collisions. It should be
+// preferred when nonce uniqueness cannot be trivially ensured, or whenever
+// nonces are randomly generated.
+func NewX(key []byte) (cipher.AEAD, error) {
+ if len(key) != KeySize {
+ return nil, errors.New("chacha20poly1305: bad key length")
+ }
+ ret := new(xchacha20poly1305)
+ ret.key[0] = binary.LittleEndian.Uint32(key[0:4])
+ ret.key[1] = binary.LittleEndian.Uint32(key[4:8])
+ ret.key[2] = binary.LittleEndian.Uint32(key[8:12])
+ ret.key[3] = binary.LittleEndian.Uint32(key[12:16])
+ ret.key[4] = binary.LittleEndian.Uint32(key[16:20])
+ ret.key[5] = binary.LittleEndian.Uint32(key[20:24])
+ ret.key[6] = binary.LittleEndian.Uint32(key[24:28])
+ ret.key[7] = binary.LittleEndian.Uint32(key[28:32])
+ return ret, nil
+}
+
+func (*xchacha20poly1305) NonceSize() int {
+ return NonceSizeX
+}
+
+func (*xchacha20poly1305) Overhead() int {
+ return 16
+}
+
+func (x *xchacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
+ if len(nonce) != NonceSizeX {
+ panic("chacha20poly1305: bad nonce length passed to Seal")
+ }
+
+ // XChaCha20-Poly1305 technically supports a 64-bit counter, so there is no
+ // size limit. However, since we reuse the ChaCha20-Poly1305 implementation,
+ // the second half of the counter is not available. This is unlikely to be
+ // an issue because the cipher.AEAD API requires the entire message to be in
+ // memory, and the counter overflows at 256 GB.
+ if uint64(len(plaintext)) > (1<<38)-64 {
+ panic("chacha20poly1305: plaintext too large")
+ }
+
+ hNonce := [4]uint32{
+ binary.LittleEndian.Uint32(nonce[0:4]),
+ binary.LittleEndian.Uint32(nonce[4:8]),
+ binary.LittleEndian.Uint32(nonce[8:12]),
+ binary.LittleEndian.Uint32(nonce[12:16]),
+ }
+ c := &chacha20poly1305{
+ key: chacha20.HChaCha20(&x.key, &hNonce),
+ }
+ // The first 4 bytes of the final nonce are unused counter space.
+ cNonce := make([]byte, NonceSize)
+ copy(cNonce[4:12], nonce[16:24])
+
+ return c.seal(dst, cNonce[:], plaintext, additionalData)
+}
+
+func (x *xchacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+ if len(nonce) != NonceSizeX {
+ panic("chacha20poly1305: bad nonce length passed to Open")
+ }
+ if len(ciphertext) < 16 {
+ return nil, errOpen
+ }
+ if uint64(len(ciphertext)) > (1<<38)-48 {
+ panic("chacha20poly1305: ciphertext too large")
+ }
+
+ hNonce := [4]uint32{
+ binary.LittleEndian.Uint32(nonce[0:4]),
+ binary.LittleEndian.Uint32(nonce[4:8]),
+ binary.LittleEndian.Uint32(nonce[8:12]),
+ binary.LittleEndian.Uint32(nonce[12:16]),
+ }
+ c := &chacha20poly1305{
+ key: chacha20.HChaCha20(&x.key, &hNonce),
+ }
+ // The first 4 bytes of the final nonce are unused counter space.
+ cNonce := make([]byte, NonceSize)
+ copy(cNonce[4:12], nonce[16:24])
+
+ return c.open(dst, cNonce[:], ciphertext, additionalData)
+}
diff --git a/vendor/golang.org/x/crypto/hkdf/hkdf.go b/vendor/golang.org/x/crypto/hkdf/hkdf.go
new file mode 100644
index 0000000..5bc2463
--- /dev/null
+++ b/vendor/golang.org/x/crypto/hkdf/hkdf.go
@@ -0,0 +1,75 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation
+// Function (HKDF) as defined in RFC 5869.
+//
+// HKDF is a cryptographic key derivation function (KDF) with the goal of
+// expanding limited input keying material into one or more cryptographically
+// strong secret keys.
+//
+// RFC 5869: https://tools.ietf.org/html/rfc5869
+package hkdf // import "golang.org/x/crypto/hkdf"
+
+import (
+ "crypto/hmac"
+ "errors"
+ "hash"
+ "io"
+)
+
+type hkdf struct {
+ expander hash.Hash
+ size int
+
+ info []byte
+ counter byte
+
+ prev []byte
+ cache []byte
+}
+
+func (f *hkdf) Read(p []byte) (int, error) {
+ // Check whether enough data can be generated
+ need := len(p)
+ remains := len(f.cache) + int(255-f.counter+1)*f.size
+ if remains < need {
+ return 0, errors.New("hkdf: entropy limit reached")
+ }
+ // Read from the cache, if enough data is present
+ n := copy(p, f.cache)
+ p = p[n:]
+
+ // Fill the buffer
+ for len(p) > 0 {
+ f.expander.Reset()
+ f.expander.Write(f.prev)
+ f.expander.Write(f.info)
+ f.expander.Write([]byte{f.counter})
+ f.prev = f.expander.Sum(f.prev[:0])
+ f.counter++
+
+ // Copy the new batch into p
+ f.cache = f.prev
+ n = copy(p, f.cache)
+ p = p[n:]
+ }
+ // Save leftovers for next run
+ f.cache = f.cache[n:]
+
+ return need, nil
+}
+
+// New returns a new HKDF using the given hash, the secret keying material to expand
+// and optional salt and info fields.
+func New(hash func() hash.Hash, secret, salt, info []byte) io.Reader {
+ if salt == nil {
+ salt = make([]byte, hash().Size())
+ }
+ extractor := hmac.New(hash, salt)
+ extractor.Write(secret)
+ prk := extractor.Sum(nil)
+
+ return &hkdf{hmac.New(hash, prk), extractor.Size(), info, 1, nil, nil}
+}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go b/vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go
new file mode 100644
index 0000000..6570847
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go
@@ -0,0 +1,264 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package ChaCha20 implements the core ChaCha20 function as specified
+// in https://tools.ietf.org/html/rfc7539#section-2.3.
+package chacha20
+
+import (
+ "crypto/cipher"
+ "encoding/binary"
+
+ "golang.org/x/crypto/internal/subtle"
+)
+
+// assert that *Cipher implements cipher.Stream
+var _ cipher.Stream = (*Cipher)(nil)
+
+// Cipher is a stateful instance of ChaCha20 using a particular key
+// and nonce. A *Cipher implements the cipher.Stream interface.
+type Cipher struct {
+ key [8]uint32
+ counter uint32 // incremented after each block
+ nonce [3]uint32
+ buf [bufSize]byte // buffer for unused keystream bytes
+ len int // number of unused keystream bytes at end of buf
+}
+
+// New creates a new ChaCha20 stream cipher with the given key and nonce.
+// The initial counter value is set to 0.
+func New(key [8]uint32, nonce [3]uint32) *Cipher {
+ return &Cipher{key: key, nonce: nonce}
+}
+
+// ChaCha20 constants spelling "expand 32-byte k"
+const (
+ j0 uint32 = 0x61707865
+ j1 uint32 = 0x3320646e
+ j2 uint32 = 0x79622d32
+ j3 uint32 = 0x6b206574
+)
+
+func quarterRound(a, b, c, d uint32) (uint32, uint32, uint32, uint32) {
+ a += b
+ d ^= a
+ d = (d << 16) | (d >> 16)
+ c += d
+ b ^= c
+ b = (b << 12) | (b >> 20)
+ a += b
+ d ^= a
+ d = (d << 8) | (d >> 24)
+ c += d
+ b ^= c
+ b = (b << 7) | (b >> 25)
+ return a, b, c, d
+}
+
+// XORKeyStream XORs each byte in the given slice with a byte from the
+// cipher's key stream. Dst and src must overlap entirely or not at all.
+//
+// If len(dst) < len(src), XORKeyStream will panic. It is acceptable
+// to pass a dst bigger than src, and in that case, XORKeyStream will
+// only update dst[:len(src)] and will not touch the rest of dst.
+//
+// Multiple calls to XORKeyStream behave as if the concatenation of
+// the src buffers was passed in a single run. That is, Cipher
+// maintains state and does not reset at each XORKeyStream call.
+func (s *Cipher) XORKeyStream(dst, src []byte) {
+ if len(dst) < len(src) {
+ panic("chacha20: output smaller than input")
+ }
+ if subtle.InexactOverlap(dst[:len(src)], src) {
+ panic("chacha20: invalid buffer overlap")
+ }
+
+ // xor src with buffered keystream first
+ if s.len != 0 {
+ buf := s.buf[len(s.buf)-s.len:]
+ if len(src) < len(buf) {
+ buf = buf[:len(src)]
+ }
+ td, ts := dst[:len(buf)], src[:len(buf)] // BCE hint
+ for i, b := range buf {
+ td[i] = ts[i] ^ b
+ }
+ s.len -= len(buf)
+ if s.len != 0 {
+ return
+ }
+ s.buf = [len(s.buf)]byte{} // zero the empty buffer
+ src = src[len(buf):]
+ dst = dst[len(buf):]
+ }
+
+ if len(src) == 0 {
+ return
+ }
+ if haveAsm {
+ if uint64(len(src))+uint64(s.counter)*64 > (1<<38)-64 {
+ panic("chacha20: counter overflow")
+ }
+ s.xorKeyStreamAsm(dst, src)
+ return
+ }
+
+ // set up a 64-byte buffer to pad out the final block if needed
+ // (hoisted out of the main loop to avoid spills)
+ rem := len(src) % 64 // length of final block
+ fin := len(src) - rem // index of final block
+ if rem > 0 {
+ copy(s.buf[len(s.buf)-64:], src[fin:])
+ }
+
+ // pre-calculate most of the first round
+ s1, s5, s9, s13 := quarterRound(j1, s.key[1], s.key[5], s.nonce[0])
+ s2, s6, s10, s14 := quarterRound(j2, s.key[2], s.key[6], s.nonce[1])
+ s3, s7, s11, s15 := quarterRound(j3, s.key[3], s.key[7], s.nonce[2])
+
+ n := len(src)
+ src, dst = src[:n:n], dst[:n:n] // BCE hint
+ for i := 0; i < n; i += 64 {
+ // calculate the remainder of the first round
+ s0, s4, s8, s12 := quarterRound(j0, s.key[0], s.key[4], s.counter)
+
+ // execute the second round
+ x0, x5, x10, x15 := quarterRound(s0, s5, s10, s15)
+ x1, x6, x11, x12 := quarterRound(s1, s6, s11, s12)
+ x2, x7, x8, x13 := quarterRound(s2, s7, s8, s13)
+ x3, x4, x9, x14 := quarterRound(s3, s4, s9, s14)
+
+ // execute the remaining 18 rounds
+ for i := 0; i < 9; i++ {
+ x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
+ x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
+ x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
+ x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
+
+ x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
+ x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
+ x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
+ x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
+ }
+
+ x0 += j0
+ x1 += j1
+ x2 += j2
+ x3 += j3
+
+ x4 += s.key[0]
+ x5 += s.key[1]
+ x6 += s.key[2]
+ x7 += s.key[3]
+ x8 += s.key[4]
+ x9 += s.key[5]
+ x10 += s.key[6]
+ x11 += s.key[7]
+
+ x12 += s.counter
+ x13 += s.nonce[0]
+ x14 += s.nonce[1]
+ x15 += s.nonce[2]
+
+ // increment the counter
+ s.counter += 1
+ if s.counter == 0 {
+ panic("chacha20: counter overflow")
+ }
+
+ // pad to 64 bytes if needed
+ in, out := src[i:], dst[i:]
+ if i == fin {
+ // src[fin:] has already been copied into s.buf before
+ // the main loop
+ in, out = s.buf[len(s.buf)-64:], s.buf[len(s.buf)-64:]
+ }
+ in, out = in[:64], out[:64] // BCE hint
+
+ // XOR the key stream with the source and write out the result
+ xor(out[0:], in[0:], x0)
+ xor(out[4:], in[4:], x1)
+ xor(out[8:], in[8:], x2)
+ xor(out[12:], in[12:], x3)
+ xor(out[16:], in[16:], x4)
+ xor(out[20:], in[20:], x5)
+ xor(out[24:], in[24:], x6)
+ xor(out[28:], in[28:], x7)
+ xor(out[32:], in[32:], x8)
+ xor(out[36:], in[36:], x9)
+ xor(out[40:], in[40:], x10)
+ xor(out[44:], in[44:], x11)
+ xor(out[48:], in[48:], x12)
+ xor(out[52:], in[52:], x13)
+ xor(out[56:], in[56:], x14)
+ xor(out[60:], in[60:], x15)
+ }
+ // copy any trailing bytes out of the buffer and into dst
+ if rem != 0 {
+ s.len = 64 - rem
+ copy(dst[fin:], s.buf[len(s.buf)-64:])
+ }
+}
+
+// Advance discards bytes in the key stream until the next 64 byte block
+// boundary is reached and updates the counter accordingly. If the key
+// stream is already at a block boundary no bytes will be discarded and
+// the counter will be unchanged.
+func (s *Cipher) Advance() {
+ s.len -= s.len % 64
+ if s.len == 0 {
+ s.buf = [len(s.buf)]byte{}
+ }
+}
+
+// XORKeyStream crypts bytes from in to out using the given key and counters.
+// In and out must overlap entirely or not at all. Counter contains the raw
+// ChaCha20 counter bytes (i.e. block counter followed by nonce).
+func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
+ s := Cipher{
+ key: [8]uint32{
+ binary.LittleEndian.Uint32(key[0:4]),
+ binary.LittleEndian.Uint32(key[4:8]),
+ binary.LittleEndian.Uint32(key[8:12]),
+ binary.LittleEndian.Uint32(key[12:16]),
+ binary.LittleEndian.Uint32(key[16:20]),
+ binary.LittleEndian.Uint32(key[20:24]),
+ binary.LittleEndian.Uint32(key[24:28]),
+ binary.LittleEndian.Uint32(key[28:32]),
+ },
+ nonce: [3]uint32{
+ binary.LittleEndian.Uint32(counter[4:8]),
+ binary.LittleEndian.Uint32(counter[8:12]),
+ binary.LittleEndian.Uint32(counter[12:16]),
+ },
+ counter: binary.LittleEndian.Uint32(counter[0:4]),
+ }
+ s.XORKeyStream(out, in)
+}
+
+// HChaCha20 uses the ChaCha20 core to generate a derived key from a key and a
+// nonce. It should only be used as part of the XChaCha20 construction.
+func HChaCha20(key *[8]uint32, nonce *[4]uint32) [8]uint32 {
+ x0, x1, x2, x3 := j0, j1, j2, j3
+ x4, x5, x6, x7 := key[0], key[1], key[2], key[3]
+ x8, x9, x10, x11 := key[4], key[5], key[6], key[7]
+ x12, x13, x14, x15 := nonce[0], nonce[1], nonce[2], nonce[3]
+
+ for i := 0; i < 10; i++ {
+ x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
+ x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
+ x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
+ x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
+
+ x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
+ x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
+ x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
+ x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
+ }
+
+ var out [8]uint32
+ out[0], out[1], out[2], out[3] = x0, x1, x2, x3
+ out[4], out[5], out[6], out[7] = x12, x13, x14, x15
+ return out
+}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go b/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
new file mode 100644
index 0000000..91520d1
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
@@ -0,0 +1,16 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !s390x gccgo appengine
+
+package chacha20
+
+const (
+ bufSize = 64
+ haveAsm = false
+)
+
+func (*Cipher) xorKeyStreamAsm(dst, src []byte) {
+ panic("not implemented")
+}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go b/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go
new file mode 100644
index 0000000..0c1c671
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go
@@ -0,0 +1,30 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,!gccgo,!appengine
+
+package chacha20
+
+var haveAsm = hasVectorFacility()
+
+const bufSize = 256
+
+// hasVectorFacility reports whether the machine supports the vector
+// facility (vx).
+// Implementation in asm_s390x.s.
+func hasVectorFacility() bool
+
+// xorKeyStreamVX is an assembly implementation of XORKeyStream. It must only
+// be called when the vector facility is available.
+// Implementation in asm_s390x.s.
+//go:noescape
+func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32, buf *[256]byte, len *int)
+
+func (c *Cipher) xorKeyStreamAsm(dst, src []byte) {
+ xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter, &c.buf, &c.len)
+}
+
+// EXRL targets, DO NOT CALL!
+func mvcSrcToBuf()
+func mvcBufToDst()
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.s b/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.s
new file mode 100644
index 0000000..98427c5
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.s
@@ -0,0 +1,283 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,!gccgo,!appengine
+
+#include "go_asm.h"
+#include "textflag.h"
+
+// This is an implementation of the ChaCha20 encryption algorithm as
+// specified in RFC 7539. It uses vector instructions to compute
+// 4 keystream blocks in parallel (256 bytes) which are then XORed
+// with the bytes in the input slice.
+
+GLOBL ·constants<>(SB), RODATA|NOPTR, $32
+// BSWAP: swap bytes in each 4-byte element
+DATA ·constants<>+0x00(SB)/4, $0x03020100
+DATA ·constants<>+0x04(SB)/4, $0x07060504
+DATA ·constants<>+0x08(SB)/4, $0x0b0a0908
+DATA ·constants<>+0x0c(SB)/4, $0x0f0e0d0c
+// J0: [j0, j1, j2, j3]
+DATA ·constants<>+0x10(SB)/4, $0x61707865
+DATA ·constants<>+0x14(SB)/4, $0x3320646e
+DATA ·constants<>+0x18(SB)/4, $0x79622d32
+DATA ·constants<>+0x1c(SB)/4, $0x6b206574
+
+// EXRL targets:
+TEXT ·mvcSrcToBuf(SB), NOFRAME|NOSPLIT, $0
+ MVC $1, (R1), (R8)
+ RET
+
+TEXT ·mvcBufToDst(SB), NOFRAME|NOSPLIT, $0
+ MVC $1, (R8), (R9)
+ RET
+
+#define BSWAP V5
+#define J0 V6
+#define KEY0 V7
+#define KEY1 V8
+#define NONCE V9
+#define CTR V10
+#define M0 V11
+#define M1 V12
+#define M2 V13
+#define M3 V14
+#define INC V15
+#define X0 V16
+#define X1 V17
+#define X2 V18
+#define X3 V19
+#define X4 V20
+#define X5 V21
+#define X6 V22
+#define X7 V23
+#define X8 V24
+#define X9 V25
+#define X10 V26
+#define X11 V27
+#define X12 V28
+#define X13 V29
+#define X14 V30
+#define X15 V31
+
+#define NUM_ROUNDS 20
+
+#define ROUND4(a0, a1, a2, a3, b0, b1, b2, b3, c0, c1, c2, c3, d0, d1, d2, d3) \
+ VAF a1, a0, a0 \
+ VAF b1, b0, b0 \
+ VAF c1, c0, c0 \
+ VAF d1, d0, d0 \
+ VX a0, a2, a2 \
+ VX b0, b2, b2 \
+ VX c0, c2, c2 \
+ VX d0, d2, d2 \
+ VERLLF $16, a2, a2 \
+ VERLLF $16, b2, b2 \
+ VERLLF $16, c2, c2 \
+ VERLLF $16, d2, d2 \
+ VAF a2, a3, a3 \
+ VAF b2, b3, b3 \
+ VAF c2, c3, c3 \
+ VAF d2, d3, d3 \
+ VX a3, a1, a1 \
+ VX b3, b1, b1 \
+ VX c3, c1, c1 \
+ VX d3, d1, d1 \
+ VERLLF $12, a1, a1 \
+ VERLLF $12, b1, b1 \
+ VERLLF $12, c1, c1 \
+ VERLLF $12, d1, d1 \
+ VAF a1, a0, a0 \
+ VAF b1, b0, b0 \
+ VAF c1, c0, c0 \
+ VAF d1, d0, d0 \
+ VX a0, a2, a2 \
+ VX b0, b2, b2 \
+ VX c0, c2, c2 \
+ VX d0, d2, d2 \
+ VERLLF $8, a2, a2 \
+ VERLLF $8, b2, b2 \
+ VERLLF $8, c2, c2 \
+ VERLLF $8, d2, d2 \
+ VAF a2, a3, a3 \
+ VAF b2, b3, b3 \
+ VAF c2, c3, c3 \
+ VAF d2, d3, d3 \
+ VX a3, a1, a1 \
+ VX b3, b1, b1 \
+ VX c3, c1, c1 \
+ VX d3, d1, d1 \
+ VERLLF $7, a1, a1 \
+ VERLLF $7, b1, b1 \
+ VERLLF $7, c1, c1 \
+ VERLLF $7, d1, d1
+
+#define PERMUTE(mask, v0, v1, v2, v3) \
+ VPERM v0, v0, mask, v0 \
+ VPERM v1, v1, mask, v1 \
+ VPERM v2, v2, mask, v2 \
+ VPERM v3, v3, mask, v3
+
+#define ADDV(x, v0, v1, v2, v3) \
+ VAF x, v0, v0 \
+ VAF x, v1, v1 \
+ VAF x, v2, v2 \
+ VAF x, v3, v3
+
+#define XORV(off, dst, src, v0, v1, v2, v3) \
+ VLM off(src), M0, M3 \
+ PERMUTE(BSWAP, v0, v1, v2, v3) \
+ VX v0, M0, M0 \
+ VX v1, M1, M1 \
+ VX v2, M2, M2 \
+ VX v3, M3, M3 \
+ VSTM M0, M3, off(dst)
+
+#define SHUFFLE(a, b, c, d, t, u, v, w) \
+ VMRHF a, c, t \ // t = {a[0], c[0], a[1], c[1]}
+ VMRHF b, d, u \ // u = {b[0], d[0], b[1], d[1]}
+ VMRLF a, c, v \ // v = {a[2], c[2], a[3], c[3]}
+ VMRLF b, d, w \ // w = {b[2], d[2], b[3], d[3]}
+ VMRHF t, u, a \ // a = {a[0], b[0], c[0], d[0]}
+ VMRLF t, u, b \ // b = {a[1], b[1], c[1], d[1]}
+ VMRHF v, w, c \ // c = {a[2], b[2], c[2], d[2]}
+ VMRLF v, w, d // d = {a[3], b[3], c[3], d[3]}
+
+// func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32, buf *[256]byte, len *int)
+TEXT ·xorKeyStreamVX(SB), NOSPLIT, $0
+ MOVD $·constants<>(SB), R1
+ MOVD dst+0(FP), R2 // R2=&dst[0]
+ LMG src+24(FP), R3, R4 // R3=&src[0] R4=len(src)
+ MOVD key+48(FP), R5 // R5=key
+ MOVD nonce+56(FP), R6 // R6=nonce
+ MOVD counter+64(FP), R7 // R7=counter
+ MOVD buf+72(FP), R8 // R8=buf
+ MOVD len+80(FP), R9 // R9=len
+
+ // load BSWAP and J0
+ VLM (R1), BSWAP, J0
+
+ // set up tail buffer
+ ADD $-1, R4, R12
+ MOVBZ R12, R12
+ CMPUBEQ R12, $255, aligned
+ MOVD R4, R1
+ AND $~255, R1
+ MOVD $(R3)(R1*1), R1
+ EXRL $·mvcSrcToBuf(SB), R12
+ MOVD $255, R0
+ SUB R12, R0
+ MOVD R0, (R9) // update len
+
+aligned:
+ // setup
+ MOVD $95, R0
+ VLM (R5), KEY0, KEY1
+ VLL R0, (R6), NONCE
+ VZERO M0
+ VLEIB $7, $32, M0
+ VSRLB M0, NONCE, NONCE
+
+ // initialize counter values
+ VLREPF (R7), CTR
+ VZERO INC
+ VLEIF $1, $1, INC
+ VLEIF $2, $2, INC
+ VLEIF $3, $3, INC
+ VAF INC, CTR, CTR
+ VREPIF $4, INC
+
+chacha:
+ VREPF $0, J0, X0
+ VREPF $1, J0, X1
+ VREPF $2, J0, X2
+ VREPF $3, J0, X3
+ VREPF $0, KEY0, X4
+ VREPF $1, KEY0, X5
+ VREPF $2, KEY0, X6
+ VREPF $3, KEY0, X7
+ VREPF $0, KEY1, X8
+ VREPF $1, KEY1, X9
+ VREPF $2, KEY1, X10
+ VREPF $3, KEY1, X11
+ VLR CTR, X12
+ VREPF $1, NONCE, X13
+ VREPF $2, NONCE, X14
+ VREPF $3, NONCE, X15
+
+ MOVD $(NUM_ROUNDS/2), R1
+
+loop:
+ ROUND4(X0, X4, X12, X8, X1, X5, X13, X9, X2, X6, X14, X10, X3, X7, X15, X11)
+ ROUND4(X0, X5, X15, X10, X1, X6, X12, X11, X2, X7, X13, X8, X3, X4, X14, X9)
+
+ ADD $-1, R1
+ BNE loop
+
+ // decrement length
+ ADD $-256, R4
+ BLT tail
+
+continue:
+ // rearrange vectors
+ SHUFFLE(X0, X1, X2, X3, M0, M1, M2, M3)
+ ADDV(J0, X0, X1, X2, X3)
+ SHUFFLE(X4, X5, X6, X7, M0, M1, M2, M3)
+ ADDV(KEY0, X4, X5, X6, X7)
+ SHUFFLE(X8, X9, X10, X11, M0, M1, M2, M3)
+ ADDV(KEY1, X8, X9, X10, X11)
+ VAF CTR, X12, X12
+ SHUFFLE(X12, X13, X14, X15, M0, M1, M2, M3)
+ ADDV(NONCE, X12, X13, X14, X15)
+
+ // increment counters
+ VAF INC, CTR, CTR
+
+ // xor keystream with plaintext
+ XORV(0*64, R2, R3, X0, X4, X8, X12)
+ XORV(1*64, R2, R3, X1, X5, X9, X13)
+ XORV(2*64, R2, R3, X2, X6, X10, X14)
+ XORV(3*64, R2, R3, X3, X7, X11, X15)
+
+ // increment pointers
+ MOVD $256(R2), R2
+ MOVD $256(R3), R3
+
+ CMPBNE R4, $0, chacha
+ CMPUBEQ R12, $255, return
+ EXRL $·mvcBufToDst(SB), R12 // len was updated during setup
+
+return:
+ VSTEF $0, CTR, (R7)
+ RET
+
+tail:
+ MOVD R2, R9
+ MOVD R8, R2
+ MOVD R8, R3
+ MOVD $0, R4
+ JMP continue
+
+// func hasVectorFacility() bool
+TEXT ·hasVectorFacility(SB), NOSPLIT, $24-1
+ MOVD $x-24(SP), R1
+ XC $24, 0(R1), 0(R1) // clear the storage
+ MOVD $2, R0 // R0 is the number of double words stored -1
+ WORD $0xB2B01000 // STFLE 0(R1)
+ XOR R0, R0 // reset the value of R0
+ MOVBZ z-8(SP), R1
+ AND $0x40, R1
+ BEQ novector
+
+vectorinstalled:
+ // check if the vector instruction has been enabled
+ VLEIB $0, $0xF, V16
+ VLGVB $0, V16, R1
+ CMPBNE R1, $0xF, novector
+ MOVB $1, ret+0(FP) // have vx
+ RET
+
+novector:
+ MOVB $0, ret+0(FP) // no vx
+ RET
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/xor.go b/vendor/golang.org/x/crypto/internal/chacha20/xor.go
new file mode 100644
index 0000000..9c5ba0b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/chacha20/xor.go
@@ -0,0 +1,43 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found src the LICENSE file.
+
+package chacha20
+
+import (
+ "runtime"
+)
+
+// Platforms that have fast unaligned 32-bit little endian accesses.
+const unaligned = runtime.GOARCH == "386" ||
+ runtime.GOARCH == "amd64" ||
+ runtime.GOARCH == "arm64" ||
+ runtime.GOARCH == "ppc64le" ||
+ runtime.GOARCH == "s390x"
+
+// xor reads a little endian uint32 from src, XORs it with u and
+// places the result in little endian byte order in dst.
+func xor(dst, src []byte, u uint32) {
+ _, _ = src[3], dst[3] // eliminate bounds checks
+ if unaligned {
+ // The compiler should optimize this code into
+ // 32-bit unaligned little endian loads and stores.
+ // TODO: delete once the compiler does a reliably
+ // good job with the generic code below.
+ // See issue #25111 for more details.
+ v := uint32(src[0])
+ v |= uint32(src[1]) << 8
+ v |= uint32(src[2]) << 16
+ v |= uint32(src[3]) << 24
+ v ^= u
+ dst[0] = byte(v)
+ dst[1] = byte(v >> 8)
+ dst[2] = byte(v >> 16)
+ dst[3] = byte(v >> 24)
+ } else {
+ dst[0] = src[0] ^ byte(u)
+ dst[1] = src[1] ^ byte(u>>8)
+ dst[2] = src[2] ^ byte(u>>16)
+ dst[3] = src[3] ^ byte(u>>24)
+ }
+}
diff --git a/vendor/golang.org/x/crypto/internal/subtle/aliasing.go b/vendor/golang.org/x/crypto/internal/subtle/aliasing.go
new file mode 100644
index 0000000..f38797b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/subtle/aliasing.go
@@ -0,0 +1,32 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !appengine
+
+// Package subtle implements functions that are often useful in cryptographic
+// code but require careful thought to use correctly.
+package subtle // import "golang.org/x/crypto/internal/subtle"
+
+import "unsafe"
+
+// AnyOverlap reports whether x and y share memory at any (not necessarily
+// corresponding) index. The memory beyond the slice length is ignored.
+func AnyOverlap(x, y []byte) bool {
+ return len(x) > 0 && len(y) > 0 &&
+ uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) &&
+ uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1]))
+}
+
+// InexactOverlap reports whether x and y share memory at any non-corresponding
+// index. The memory beyond the slice length is ignored. Note that x and y can
+// have different lengths and still not have any inexact overlap.
+//
+// InexactOverlap can be used to implement the requirements of the crypto/cipher
+// AEAD, Block, BlockMode and Stream interfaces.
+func InexactOverlap(x, y []byte) bool {
+ if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] {
+ return false
+ }
+ return AnyOverlap(x, y)
+}
diff --git a/vendor/golang.org/x/crypto/internal/subtle/aliasing_appengine.go b/vendor/golang.org/x/crypto/internal/subtle/aliasing_appengine.go
new file mode 100644
index 0000000..0cc4a8a
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/subtle/aliasing_appengine.go
@@ -0,0 +1,35 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build appengine
+
+// Package subtle implements functions that are often useful in cryptographic
+// code but require careful thought to use correctly.
+package subtle // import "golang.org/x/crypto/internal/subtle"
+
+// This is the Google App Engine standard variant based on reflect
+// because the unsafe package and cgo are disallowed.
+
+import "reflect"
+
+// AnyOverlap reports whether x and y share memory at any (not necessarily
+// corresponding) index. The memory beyond the slice length is ignored.
+func AnyOverlap(x, y []byte) bool {
+ return len(x) > 0 && len(y) > 0 &&
+ reflect.ValueOf(&x[0]).Pointer() <= reflect.ValueOf(&y[len(y)-1]).Pointer() &&
+ reflect.ValueOf(&y[0]).Pointer() <= reflect.ValueOf(&x[len(x)-1]).Pointer()
+}
+
+// InexactOverlap reports whether x and y share memory at any non-corresponding
+// index. The memory beyond the slice length is ignored. Note that x and y can
+// have different lengths and still not have any inexact overlap.
+//
+// InexactOverlap can be used to implement the requirements of the crypto/cipher
+// AEAD, Block, BlockMode and Stream interfaces.
+func InexactOverlap(x, y []byte) bool {
+ if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] {
+ return false
+ }
+ return AnyOverlap(x, y)
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/poly1305.go b/vendor/golang.org/x/crypto/poly1305/poly1305.go
new file mode 100644
index 0000000..f562fa5
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/poly1305.go
@@ -0,0 +1,33 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+Package poly1305 implements Poly1305 one-time message authentication code as
+specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
+
+Poly1305 is a fast, one-time authentication function. It is infeasible for an
+attacker to generate an authenticator for a message without the key. However, a
+key must only be used for a single message. Authenticating two different
+messages with the same key allows an attacker to forge authenticators for other
+messages with the same key.
+
+Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was
+used with a fixed key in order to generate one-time keys from an nonce.
+However, in this package AES isn't used and the one-time key is specified
+directly.
+*/
+package poly1305 // import "golang.org/x/crypto/poly1305"
+
+import "crypto/subtle"
+
+// TagSize is the size, in bytes, of a poly1305 authenticator.
+const TagSize = 16
+
+// Verify returns true if mac is a valid authenticator for m with the given
+// key.
+func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
+ var tmp [16]byte
+ Sum(&tmp, m, key)
+ return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
new file mode 100644
index 0000000..4dd72fe
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
@@ -0,0 +1,22 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!gccgo,!appengine
+
+package poly1305
+
+// This function is implemented in sum_amd64.s
+//go:noescape
+func poly1305(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
+
+// Sum generates an authenticator for m using a one-time key and puts the
+// 16-byte result into out. Authenticating two different messages with the same
+// key allows an attacker to forge messages at will.
+func Sum(out *[16]byte, m []byte, key *[32]byte) {
+ var mPtr *byte
+ if len(m) > 0 {
+ mPtr = &m[0]
+ }
+ poly1305(out, mPtr, uint64(len(m)), key)
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.s b/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
new file mode 100644
index 0000000..2edae63
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
@@ -0,0 +1,125 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!gccgo,!appengine
+
+#include "textflag.h"
+
+#define POLY1305_ADD(msg, h0, h1, h2) \
+ ADDQ 0(msg), h0; \
+ ADCQ 8(msg), h1; \
+ ADCQ $1, h2; \
+ LEAQ 16(msg), msg
+
+#define POLY1305_MUL(h0, h1, h2, r0, r1, t0, t1, t2, t3) \
+ MOVQ r0, AX; \
+ MULQ h0; \
+ MOVQ AX, t0; \
+ MOVQ DX, t1; \
+ MOVQ r0, AX; \
+ MULQ h1; \
+ ADDQ AX, t1; \
+ ADCQ $0, DX; \
+ MOVQ r0, t2; \
+ IMULQ h2, t2; \
+ ADDQ DX, t2; \
+ \
+ MOVQ r1, AX; \
+ MULQ h0; \
+ ADDQ AX, t1; \
+ ADCQ $0, DX; \
+ MOVQ DX, h0; \
+ MOVQ r1, t3; \
+ IMULQ h2, t3; \
+ MOVQ r1, AX; \
+ MULQ h1; \
+ ADDQ AX, t2; \
+ ADCQ DX, t3; \
+ ADDQ h0, t2; \
+ ADCQ $0, t3; \
+ \
+ MOVQ t0, h0; \
+ MOVQ t1, h1; \
+ MOVQ t2, h2; \
+ ANDQ $3, h2; \
+ MOVQ t2, t0; \
+ ANDQ $0xFFFFFFFFFFFFFFFC, t0; \
+ ADDQ t0, h0; \
+ ADCQ t3, h1; \
+ ADCQ $0, h2; \
+ SHRQ $2, t3, t2; \
+ SHRQ $2, t3; \
+ ADDQ t2, h0; \
+ ADCQ t3, h1; \
+ ADCQ $0, h2
+
+DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
+DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
+GLOBL ·poly1305Mask<>(SB), RODATA, $16
+
+// func poly1305(out *[16]byte, m *byte, mlen uint64, key *[32]key)
+TEXT ·poly1305(SB), $0-32
+ MOVQ out+0(FP), DI
+ MOVQ m+8(FP), SI
+ MOVQ mlen+16(FP), R15
+ MOVQ key+24(FP), AX
+
+ MOVQ 0(AX), R11
+ MOVQ 8(AX), R12
+ ANDQ ·poly1305Mask<>(SB), R11 // r0
+ ANDQ ·poly1305Mask<>+8(SB), R12 // r1
+ XORQ R8, R8 // h0
+ XORQ R9, R9 // h1
+ XORQ R10, R10 // h2
+
+ CMPQ R15, $16
+ JB bytes_between_0_and_15
+
+loop:
+ POLY1305_ADD(SI, R8, R9, R10)
+
+multiply:
+ POLY1305_MUL(R8, R9, R10, R11, R12, BX, CX, R13, R14)
+ SUBQ $16, R15
+ CMPQ R15, $16
+ JAE loop
+
+bytes_between_0_and_15:
+ TESTQ R15, R15
+ JZ done
+ MOVQ $1, BX
+ XORQ CX, CX
+ XORQ R13, R13
+ ADDQ R15, SI
+
+flush_buffer:
+ SHLQ $8, BX, CX
+ SHLQ $8, BX
+ MOVB -1(SI), R13
+ XORQ R13, BX
+ DECQ SI
+ DECQ R15
+ JNZ flush_buffer
+
+ ADDQ BX, R8
+ ADCQ CX, R9
+ ADCQ $0, R10
+ MOVQ $16, R15
+ JMP multiply
+
+done:
+ MOVQ R8, AX
+ MOVQ R9, BX
+ SUBQ $0xFFFFFFFFFFFFFFFB, AX
+ SBBQ $0xFFFFFFFFFFFFFFFF, BX
+ SBBQ $3, R10
+ CMOVQCS R8, AX
+ CMOVQCS R9, BX
+ MOVQ key+24(FP), R8
+ ADDQ 16(R8), AX
+ ADCQ 24(R8), BX
+
+ MOVQ AX, 0(DI)
+ MOVQ BX, 8(DI)
+ RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_arm.go b/vendor/golang.org/x/crypto/poly1305/sum_arm.go
new file mode 100644
index 0000000..5dc321c
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_arm.go
@@ -0,0 +1,22 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm,!gccgo,!appengine,!nacl
+
+package poly1305
+
+// This function is implemented in sum_arm.s
+//go:noescape
+func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]byte)
+
+// Sum generates an authenticator for m using a one-time key and puts the
+// 16-byte result into out. Authenticating two different messages with the same
+// key allows an attacker to forge messages at will.
+func Sum(out *[16]byte, m []byte, key *[32]byte) {
+ var mPtr *byte
+ if len(m) > 0 {
+ mPtr = &m[0]
+ }
+ poly1305_auth_armv6(out, mPtr, uint32(len(m)), key)
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_arm.s b/vendor/golang.org/x/crypto/poly1305/sum_arm.s
new file mode 100644
index 0000000..f70b4ac
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_arm.s
@@ -0,0 +1,427 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm,!gccgo,!appengine,!nacl
+
+#include "textflag.h"
+
+// This code was translated into a form compatible with 5a from the public
+// domain source by Andrew Moon: github.com/floodyberry/poly1305-opt/blob/master/app/extensions/poly1305.
+
+DATA ·poly1305_init_constants_armv6<>+0x00(SB)/4, $0x3ffffff
+DATA ·poly1305_init_constants_armv6<>+0x04(SB)/4, $0x3ffff03
+DATA ·poly1305_init_constants_armv6<>+0x08(SB)/4, $0x3ffc0ff
+DATA ·poly1305_init_constants_armv6<>+0x0c(SB)/4, $0x3f03fff
+DATA ·poly1305_init_constants_armv6<>+0x10(SB)/4, $0x00fffff
+GLOBL ·poly1305_init_constants_armv6<>(SB), 8, $20
+
+// Warning: the linker may use R11 to synthesize certain instructions. Please
+// take care and verify that no synthetic instructions use it.
+
+TEXT poly1305_init_ext_armv6<>(SB), NOSPLIT, $0
+ // Needs 16 bytes of stack and 64 bytes of space pointed to by R0. (It
+ // might look like it's only 60 bytes of space but the final four bytes
+ // will be written by another function.) We need to skip over four
+ // bytes of stack because that's saving the value of 'g'.
+ ADD $4, R13, R8
+ MOVM.IB [R4-R7], (R8)
+ MOVM.IA.W (R1), [R2-R5]
+ MOVW $·poly1305_init_constants_armv6<>(SB), R7
+ MOVW R2, R8
+ MOVW R2>>26, R9
+ MOVW R3>>20, g
+ MOVW R4>>14, R11
+ MOVW R5>>8, R12
+ ORR R3<<6, R9, R9
+ ORR R4<<12, g, g
+ ORR R5<<18, R11, R11
+ MOVM.IA (R7), [R2-R6]
+ AND R8, R2, R2
+ AND R9, R3, R3
+ AND g, R4, R4
+ AND R11, R5, R5
+ AND R12, R6, R6
+ MOVM.IA.W [R2-R6], (R0)
+ EOR R2, R2, R2
+ EOR R3, R3, R3
+ EOR R4, R4, R4
+ EOR R5, R5, R5
+ EOR R6, R6, R6
+ MOVM.IA.W [R2-R6], (R0)
+ MOVM.IA.W (R1), [R2-R5]
+ MOVM.IA [R2-R6], (R0)
+ ADD $20, R13, R0
+ MOVM.DA (R0), [R4-R7]
+ RET
+
+#define MOVW_UNALIGNED(Rsrc, Rdst, Rtmp, offset) \
+ MOVBU (offset+0)(Rsrc), Rtmp; \
+ MOVBU Rtmp, (offset+0)(Rdst); \
+ MOVBU (offset+1)(Rsrc), Rtmp; \
+ MOVBU Rtmp, (offset+1)(Rdst); \
+ MOVBU (offset+2)(Rsrc), Rtmp; \
+ MOVBU Rtmp, (offset+2)(Rdst); \
+ MOVBU (offset+3)(Rsrc), Rtmp; \
+ MOVBU Rtmp, (offset+3)(Rdst)
+
+TEXT poly1305_blocks_armv6<>(SB), NOSPLIT, $0
+ // Needs 24 bytes of stack for saved registers and then 88 bytes of
+ // scratch space after that. We assume that 24 bytes at (R13) have
+ // already been used: four bytes for the link register saved in the
+ // prelude of poly1305_auth_armv6, four bytes for saving the value of g
+ // in that function and 16 bytes of scratch space used around
+ // poly1305_finish_ext_armv6_skip1.
+ ADD $24, R13, R12
+ MOVM.IB [R4-R8, R14], (R12)
+ MOVW R0, 88(R13)
+ MOVW R1, 92(R13)
+ MOVW R2, 96(R13)
+ MOVW R1, R14
+ MOVW R2, R12
+ MOVW 56(R0), R8
+ WORD $0xe1180008 // TST R8, R8 not working see issue 5921
+ EOR R6, R6, R6
+ MOVW.EQ $(1<<24), R6
+ MOVW R6, 84(R13)
+ ADD $116, R13, g
+ MOVM.IA (R0), [R0-R9]
+ MOVM.IA [R0-R4], (g)
+ CMP $16, R12
+ BLO poly1305_blocks_armv6_done
+
+poly1305_blocks_armv6_mainloop:
+ WORD $0xe31e0003 // TST R14, #3 not working see issue 5921
+ BEQ poly1305_blocks_armv6_mainloop_aligned
+ ADD $100, R13, g
+ MOVW_UNALIGNED(R14, g, R0, 0)
+ MOVW_UNALIGNED(R14, g, R0, 4)
+ MOVW_UNALIGNED(R14, g, R0, 8)
+ MOVW_UNALIGNED(R14, g, R0, 12)
+ MOVM.IA (g), [R0-R3]
+ ADD $16, R14
+ B poly1305_blocks_armv6_mainloop_loaded
+
+poly1305_blocks_armv6_mainloop_aligned:
+ MOVM.IA.W (R14), [R0-R3]
+
+poly1305_blocks_armv6_mainloop_loaded:
+ MOVW R0>>26, g
+ MOVW R1>>20, R11
+ MOVW R2>>14, R12
+ MOVW R14, 92(R13)
+ MOVW R3>>8, R4
+ ORR R1<<6, g, g
+ ORR R2<<12, R11, R11
+ ORR R3<<18, R12, R12
+ BIC $0xfc000000, R0, R0
+ BIC $0xfc000000, g, g
+ MOVW 84(R13), R3
+ BIC $0xfc000000, R11, R11
+ BIC $0xfc000000, R12, R12
+ ADD R0, R5, R5
+ ADD g, R6, R6
+ ORR R3, R4, R4
+ ADD R11, R7, R7
+ ADD $116, R13, R14
+ ADD R12, R8, R8
+ ADD R4, R9, R9
+ MOVM.IA (R14), [R0-R4]
+ MULLU R4, R5, (R11, g)
+ MULLU R3, R5, (R14, R12)
+ MULALU R3, R6, (R11, g)
+ MULALU R2, R6, (R14, R12)
+ MULALU R2, R7, (R11, g)
+ MULALU R1, R7, (R14, R12)
+ ADD R4<<2, R4, R4
+ ADD R3<<2, R3, R3
+ MULALU R1, R8, (R11, g)
+ MULALU R0, R8, (R14, R12)
+ MULALU R0, R9, (R11, g)
+ MULALU R4, R9, (R14, R12)
+ MOVW g, 76(R13)
+ MOVW R11, 80(R13)
+ MOVW R12, 68(R13)
+ MOVW R14, 72(R13)
+ MULLU R2, R5, (R11, g)
+ MULLU R1, R5, (R14, R12)
+ MULALU R1, R6, (R11, g)
+ MULALU R0, R6, (R14, R12)
+ MULALU R0, R7, (R11, g)
+ MULALU R4, R7, (R14, R12)
+ ADD R2<<2, R2, R2
+ ADD R1<<2, R1, R1
+ MULALU R4, R8, (R11, g)
+ MULALU R3, R8, (R14, R12)
+ MULALU R3, R9, (R11, g)
+ MULALU R2, R9, (R14, R12)
+ MOVW g, 60(R13)
+ MOVW R11, 64(R13)
+ MOVW R12, 52(R13)
+ MOVW R14, 56(R13)
+ MULLU R0, R5, (R11, g)
+ MULALU R4, R6, (R11, g)
+ MULALU R3, R7, (R11, g)
+ MULALU R2, R8, (R11, g)
+ MULALU R1, R9, (R11, g)
+ ADD $52, R13, R0
+ MOVM.IA (R0), [R0-R7]
+ MOVW g>>26, R12
+ MOVW R4>>26, R14
+ ORR R11<<6, R12, R12
+ ORR R5<<6, R14, R14
+ BIC $0xfc000000, g, g
+ BIC $0xfc000000, R4, R4
+ ADD.S R12, R0, R0
+ ADC $0, R1, R1
+ ADD.S R14, R6, R6
+ ADC $0, R7, R7
+ MOVW R0>>26, R12
+ MOVW R6>>26, R14
+ ORR R1<<6, R12, R12
+ ORR R7<<6, R14, R14
+ BIC $0xfc000000, R0, R0
+ BIC $0xfc000000, R6, R6
+ ADD R14<<2, R14, R14
+ ADD.S R12, R2, R2
+ ADC $0, R3, R3
+ ADD R14, g, g
+ MOVW R2>>26, R12
+ MOVW g>>26, R14
+ ORR R3<<6, R12, R12
+ BIC $0xfc000000, g, R5
+ BIC $0xfc000000, R2, R7
+ ADD R12, R4, R4
+ ADD R14, R0, R0
+ MOVW R4>>26, R12
+ BIC $0xfc000000, R4, R8
+ ADD R12, R6, R9
+ MOVW 96(R13), R12
+ MOVW 92(R13), R14
+ MOVW R0, R6
+ CMP $32, R12
+ SUB $16, R12, R12
+ MOVW R12, 96(R13)
+ BHS poly1305_blocks_armv6_mainloop
+
+poly1305_blocks_armv6_done:
+ MOVW 88(R13), R12
+ MOVW R5, 20(R12)
+ MOVW R6, 24(R12)
+ MOVW R7, 28(R12)
+ MOVW R8, 32(R12)
+ MOVW R9, 36(R12)
+ ADD $48, R13, R0
+ MOVM.DA (R0), [R4-R8, R14]
+ RET
+
+#define MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp) \
+ MOVBU.P 1(Rsrc), Rtmp; \
+ MOVBU.P Rtmp, 1(Rdst); \
+ MOVBU.P 1(Rsrc), Rtmp; \
+ MOVBU.P Rtmp, 1(Rdst)
+
+#define MOVWP_UNALIGNED(Rsrc, Rdst, Rtmp) \
+ MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp); \
+ MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp)
+
+// func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]key)
+TEXT ·poly1305_auth_armv6(SB), $196-16
+ // The value 196, just above, is the sum of 64 (the size of the context
+ // structure) and 132 (the amount of stack needed).
+ //
+ // At this point, the stack pointer (R13) has been moved down. It
+ // points to the saved link register and there's 196 bytes of free
+ // space above it.
+ //
+ // The stack for this function looks like:
+ //
+ // +---------------------
+ // |
+ // | 64 bytes of context structure
+ // |
+ // +---------------------
+ // |
+ // | 112 bytes for poly1305_blocks_armv6
+ // |
+ // +---------------------
+ // | 16 bytes of final block, constructed at
+ // | poly1305_finish_ext_armv6_skip8
+ // +---------------------
+ // | four bytes of saved 'g'
+ // +---------------------
+ // | lr, saved by prelude <- R13 points here
+ // +---------------------
+ MOVW g, 4(R13)
+
+ MOVW out+0(FP), R4
+ MOVW m+4(FP), R5
+ MOVW mlen+8(FP), R6
+ MOVW key+12(FP), R7
+
+ ADD $136, R13, R0 // 136 = 4 + 4 + 16 + 112
+ MOVW R7, R1
+
+ // poly1305_init_ext_armv6 will write to the stack from R13+4, but
+ // that's ok because none of the other values have been written yet.
+ BL poly1305_init_ext_armv6<>(SB)
+ BIC.S $15, R6, R2
+ BEQ poly1305_auth_armv6_noblocks
+ ADD $136, R13, R0
+ MOVW R5, R1
+ ADD R2, R5, R5
+ SUB R2, R6, R6
+ BL poly1305_blocks_armv6<>(SB)
+
+poly1305_auth_armv6_noblocks:
+ ADD $136, R13, R0
+ MOVW R5, R1
+ MOVW R6, R2
+ MOVW R4, R3
+
+ MOVW R0, R5
+ MOVW R1, R6
+ MOVW R2, R7
+ MOVW R3, R8
+ AND.S R2, R2, R2
+ BEQ poly1305_finish_ext_armv6_noremaining
+ EOR R0, R0
+ ADD $8, R13, R9 // 8 = offset to 16 byte scratch space
+ MOVW R0, (R9)
+ MOVW R0, 4(R9)
+ MOVW R0, 8(R9)
+ MOVW R0, 12(R9)
+ WORD $0xe3110003 // TST R1, #3 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_aligned
+ WORD $0xe3120008 // TST R2, #8 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_skip8
+ MOVWP_UNALIGNED(R1, R9, g)
+ MOVWP_UNALIGNED(R1, R9, g)
+
+poly1305_finish_ext_armv6_skip8:
+ WORD $0xe3120004 // TST $4, R2 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_skip4
+ MOVWP_UNALIGNED(R1, R9, g)
+
+poly1305_finish_ext_armv6_skip4:
+ WORD $0xe3120002 // TST $2, R2 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_skip2
+ MOVHUP_UNALIGNED(R1, R9, g)
+ B poly1305_finish_ext_armv6_skip2
+
+poly1305_finish_ext_armv6_aligned:
+ WORD $0xe3120008 // TST R2, #8 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_skip8_aligned
+ MOVM.IA.W (R1), [g-R11]
+ MOVM.IA.W [g-R11], (R9)
+
+poly1305_finish_ext_armv6_skip8_aligned:
+ WORD $0xe3120004 // TST $4, R2 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_skip4_aligned
+ MOVW.P 4(R1), g
+ MOVW.P g, 4(R9)
+
+poly1305_finish_ext_armv6_skip4_aligned:
+ WORD $0xe3120002 // TST $2, R2 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_skip2
+ MOVHU.P 2(R1), g
+ MOVH.P g, 2(R9)
+
+poly1305_finish_ext_armv6_skip2:
+ WORD $0xe3120001 // TST $1, R2 not working see issue 5921
+ BEQ poly1305_finish_ext_armv6_skip1
+ MOVBU.P 1(R1), g
+ MOVBU.P g, 1(R9)
+
+poly1305_finish_ext_armv6_skip1:
+ MOVW $1, R11
+ MOVBU R11, 0(R9)
+ MOVW R11, 56(R5)
+ MOVW R5, R0
+ ADD $8, R13, R1
+ MOVW $16, R2
+ BL poly1305_blocks_armv6<>(SB)
+
+poly1305_finish_ext_armv6_noremaining:
+ MOVW 20(R5), R0
+ MOVW 24(R5), R1
+ MOVW 28(R5), R2
+ MOVW 32(R5), R3
+ MOVW 36(R5), R4
+ MOVW R4>>26, R12
+ BIC $0xfc000000, R4, R4
+ ADD R12<<2, R12, R12
+ ADD R12, R0, R0
+ MOVW R0>>26, R12
+ BIC $0xfc000000, R0, R0
+ ADD R12, R1, R1
+ MOVW R1>>26, R12
+ BIC $0xfc000000, R1, R1
+ ADD R12, R2, R2
+ MOVW R2>>26, R12
+ BIC $0xfc000000, R2, R2
+ ADD R12, R3, R3
+ MOVW R3>>26, R12
+ BIC $0xfc000000, R3, R3
+ ADD R12, R4, R4
+ ADD $5, R0, R6
+ MOVW R6>>26, R12
+ BIC $0xfc000000, R6, R6
+ ADD R12, R1, R7
+ MOVW R7>>26, R12
+ BIC $0xfc000000, R7, R7
+ ADD R12, R2, g
+ MOVW g>>26, R12
+ BIC $0xfc000000, g, g
+ ADD R12, R3, R11
+ MOVW $-(1<<26), R12
+ ADD R11>>26, R12, R12
+ BIC $0xfc000000, R11, R11
+ ADD R12, R4, R9
+ MOVW R9>>31, R12
+ SUB $1, R12
+ AND R12, R6, R6
+ AND R12, R7, R7
+ AND R12, g, g
+ AND R12, R11, R11
+ AND R12, R9, R9
+ MVN R12, R12
+ AND R12, R0, R0
+ AND R12, R1, R1
+ AND R12, R2, R2
+ AND R12, R3, R3
+ AND R12, R4, R4
+ ORR R6, R0, R0
+ ORR R7, R1, R1
+ ORR g, R2, R2
+ ORR R11, R3, R3
+ ORR R9, R4, R4
+ ORR R1<<26, R0, R0
+ MOVW R1>>6, R1
+ ORR R2<<20, R1, R1
+ MOVW R2>>12, R2
+ ORR R3<<14, R2, R2
+ MOVW R3>>18, R3
+ ORR R4<<8, R3, R3
+ MOVW 40(R5), R6
+ MOVW 44(R5), R7
+ MOVW 48(R5), g
+ MOVW 52(R5), R11
+ ADD.S R6, R0, R0
+ ADC.S R7, R1, R1
+ ADC.S g, R2, R2
+ ADC.S R11, R3, R3
+ MOVM.IA [R0-R3], (R8)
+ MOVW R5, R12
+ EOR R0, R0, R0
+ EOR R1, R1, R1
+ EOR R2, R2, R2
+ EOR R3, R3, R3
+ EOR R4, R4, R4
+ EOR R5, R5, R5
+ EOR R6, R6, R6
+ EOR R7, R7, R7
+ MOVM.IA.W [R0-R7], (R12)
+ MOVM.IA [R0-R7], (R12)
+ MOVW 4(R13), g
+ RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_noasm.go b/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
new file mode 100644
index 0000000..751eec5
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
@@ -0,0 +1,14 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,!go1.11 !arm,!amd64,!s390x gccgo appengine nacl
+
+package poly1305
+
+// Sum generates an authenticator for msg using a one-time key and puts the
+// 16-byte result into out. Authenticating two different messages with the same
+// key allows an attacker to forge messages at will.
+func Sum(out *[TagSize]byte, msg []byte, key *[32]byte) {
+ sumGeneric(out, msg, key)
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_ref.go b/vendor/golang.org/x/crypto/poly1305/sum_ref.go
new file mode 100644
index 0000000..c4d59bd
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_ref.go
@@ -0,0 +1,139 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package poly1305
+
+import "encoding/binary"
+
+// sumGeneric generates an authenticator for msg using a one-time key and
+// puts the 16-byte result into out. This is the generic implementation of
+// Sum and should be called if no assembly implementation is available.
+func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) {
+ var (
+ h0, h1, h2, h3, h4 uint32 // the hash accumulators
+ r0, r1, r2, r3, r4 uint64 // the r part of the key
+ )
+
+ r0 = uint64(binary.LittleEndian.Uint32(key[0:]) & 0x3ffffff)
+ r1 = uint64((binary.LittleEndian.Uint32(key[3:]) >> 2) & 0x3ffff03)
+ r2 = uint64((binary.LittleEndian.Uint32(key[6:]) >> 4) & 0x3ffc0ff)
+ r3 = uint64((binary.LittleEndian.Uint32(key[9:]) >> 6) & 0x3f03fff)
+ r4 = uint64((binary.LittleEndian.Uint32(key[12:]) >> 8) & 0x00fffff)
+
+ R1, R2, R3, R4 := r1*5, r2*5, r3*5, r4*5
+
+ for len(msg) >= TagSize {
+ // h += msg
+ h0 += binary.LittleEndian.Uint32(msg[0:]) & 0x3ffffff
+ h1 += (binary.LittleEndian.Uint32(msg[3:]) >> 2) & 0x3ffffff
+ h2 += (binary.LittleEndian.Uint32(msg[6:]) >> 4) & 0x3ffffff
+ h3 += (binary.LittleEndian.Uint32(msg[9:]) >> 6) & 0x3ffffff
+ h4 += (binary.LittleEndian.Uint32(msg[12:]) >> 8) | (1 << 24)
+
+ // h *= r
+ d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1)
+ d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2)
+ d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3)
+ d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4)
+ d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0)
+
+ // h %= p
+ h0 = uint32(d0) & 0x3ffffff
+ h1 = uint32(d1) & 0x3ffffff
+ h2 = uint32(d2) & 0x3ffffff
+ h3 = uint32(d3) & 0x3ffffff
+ h4 = uint32(d4) & 0x3ffffff
+
+ h0 += uint32(d4>>26) * 5
+ h1 += h0 >> 26
+ h0 = h0 & 0x3ffffff
+
+ msg = msg[TagSize:]
+ }
+
+ if len(msg) > 0 {
+ var block [TagSize]byte
+ off := copy(block[:], msg)
+ block[off] = 0x01
+
+ // h += msg
+ h0 += binary.LittleEndian.Uint32(block[0:]) & 0x3ffffff
+ h1 += (binary.LittleEndian.Uint32(block[3:]) >> 2) & 0x3ffffff
+ h2 += (binary.LittleEndian.Uint32(block[6:]) >> 4) & 0x3ffffff
+ h3 += (binary.LittleEndian.Uint32(block[9:]) >> 6) & 0x3ffffff
+ h4 += (binary.LittleEndian.Uint32(block[12:]) >> 8)
+
+ // h *= r
+ d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1)
+ d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2)
+ d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3)
+ d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4)
+ d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0)
+
+ // h %= p
+ h0 = uint32(d0) & 0x3ffffff
+ h1 = uint32(d1) & 0x3ffffff
+ h2 = uint32(d2) & 0x3ffffff
+ h3 = uint32(d3) & 0x3ffffff
+ h4 = uint32(d4) & 0x3ffffff
+
+ h0 += uint32(d4>>26) * 5
+ h1 += h0 >> 26
+ h0 = h0 & 0x3ffffff
+ }
+
+ // h %= p reduction
+ h2 += h1 >> 26
+ h1 &= 0x3ffffff
+ h3 += h2 >> 26
+ h2 &= 0x3ffffff
+ h4 += h3 >> 26
+ h3 &= 0x3ffffff
+ h0 += 5 * (h4 >> 26)
+ h4 &= 0x3ffffff
+ h1 += h0 >> 26
+ h0 &= 0x3ffffff
+
+ // h - p
+ t0 := h0 + 5
+ t1 := h1 + (t0 >> 26)
+ t2 := h2 + (t1 >> 26)
+ t3 := h3 + (t2 >> 26)
+ t4 := h4 + (t3 >> 26) - (1 << 26)
+ t0 &= 0x3ffffff
+ t1 &= 0x3ffffff
+ t2 &= 0x3ffffff
+ t3 &= 0x3ffffff
+
+ // select h if h < p else h - p
+ t_mask := (t4 >> 31) - 1
+ h_mask := ^t_mask
+ h0 = (h0 & h_mask) | (t0 & t_mask)
+ h1 = (h1 & h_mask) | (t1 & t_mask)
+ h2 = (h2 & h_mask) | (t2 & t_mask)
+ h3 = (h3 & h_mask) | (t3 & t_mask)
+ h4 = (h4 & h_mask) | (t4 & t_mask)
+
+ // h %= 2^128
+ h0 |= h1 << 26
+ h1 = ((h1 >> 6) | (h2 << 20))
+ h2 = ((h2 >> 12) | (h3 << 14))
+ h3 = ((h3 >> 18) | (h4 << 8))
+
+ // s: the s part of the key
+ // tag = (h + s) % (2^128)
+ t := uint64(h0) + uint64(binary.LittleEndian.Uint32(key[16:]))
+ h0 = uint32(t)
+ t = uint64(h1) + uint64(binary.LittleEndian.Uint32(key[20:])) + (t >> 32)
+ h1 = uint32(t)
+ t = uint64(h2) + uint64(binary.LittleEndian.Uint32(key[24:])) + (t >> 32)
+ h2 = uint32(t)
+ t = uint64(h3) + uint64(binary.LittleEndian.Uint32(key[28:])) + (t >> 32)
+ h3 = uint32(t)
+
+ binary.LittleEndian.PutUint32(out[0:], h0)
+ binary.LittleEndian.PutUint32(out[4:], h1)
+ binary.LittleEndian.PutUint32(out[8:], h2)
+ binary.LittleEndian.PutUint32(out[12:], h3)
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_s390x.go b/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
new file mode 100644
index 0000000..7a266ce
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
@@ -0,0 +1,49 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,go1.11,!gccgo,!appengine
+
+package poly1305
+
+// hasVectorFacility reports whether the machine supports
+// the vector facility (vx).
+func hasVectorFacility() bool
+
+// hasVMSLFacility reports whether the machine supports
+// Vector Multiply Sum Logical (VMSL).
+func hasVMSLFacility() bool
+
+var hasVX = hasVectorFacility()
+var hasVMSL = hasVMSLFacility()
+
+// poly1305vx is an assembly implementation of Poly1305 that uses vector
+// instructions. It must only be called if the vector facility (vx) is
+// available.
+//go:noescape
+func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
+
+// poly1305vmsl is an assembly implementation of Poly1305 that uses vector
+// instructions, including VMSL. It must only be called if the vector facility (vx) is
+// available and if VMSL is supported.
+//go:noescape
+func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
+
+// Sum generates an authenticator for m using a one-time key and puts the
+// 16-byte result into out. Authenticating two different messages with the same
+// key allows an attacker to forge messages at will.
+func Sum(out *[16]byte, m []byte, key *[32]byte) {
+ if hasVX {
+ var mPtr *byte
+ if len(m) > 0 {
+ mPtr = &m[0]
+ }
+ if hasVMSL && len(m) > 256 {
+ poly1305vmsl(out, mPtr, uint64(len(m)), key)
+ } else {
+ poly1305vx(out, mPtr, uint64(len(m)), key)
+ }
+ } else {
+ sumGeneric(out, m, key)
+ }
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_s390x.s b/vendor/golang.org/x/crypto/poly1305/sum_s390x.s
new file mode 100644
index 0000000..356c07a
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_s390x.s
@@ -0,0 +1,400 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,go1.11,!gccgo,!appengine
+
+#include "textflag.h"
+
+// Implementation of Poly1305 using the vector facility (vx).
+
+// constants
+#define MOD26 V0
+#define EX0 V1
+#define EX1 V2
+#define EX2 V3
+
+// temporaries
+#define T_0 V4
+#define T_1 V5
+#define T_2 V6
+#define T_3 V7
+#define T_4 V8
+
+// key (r)
+#define R_0 V9
+#define R_1 V10
+#define R_2 V11
+#define R_3 V12
+#define R_4 V13
+#define R5_1 V14
+#define R5_2 V15
+#define R5_3 V16
+#define R5_4 V17
+#define RSAVE_0 R5
+#define RSAVE_1 R6
+#define RSAVE_2 R7
+#define RSAVE_3 R8
+#define RSAVE_4 R9
+#define R5SAVE_1 V28
+#define R5SAVE_2 V29
+#define R5SAVE_3 V30
+#define R5SAVE_4 V31
+
+// message block
+#define F_0 V18
+#define F_1 V19
+#define F_2 V20
+#define F_3 V21
+#define F_4 V22
+
+// accumulator
+#define H_0 V23
+#define H_1 V24
+#define H_2 V25
+#define H_3 V26
+#define H_4 V27
+
+GLOBL ·keyMask<>(SB), RODATA, $16
+DATA ·keyMask<>+0(SB)/8, $0xffffff0ffcffff0f
+DATA ·keyMask<>+8(SB)/8, $0xfcffff0ffcffff0f
+
+GLOBL ·bswapMask<>(SB), RODATA, $16
+DATA ·bswapMask<>+0(SB)/8, $0x0f0e0d0c0b0a0908
+DATA ·bswapMask<>+8(SB)/8, $0x0706050403020100
+
+GLOBL ·constants<>(SB), RODATA, $64
+// MOD26
+DATA ·constants<>+0(SB)/8, $0x3ffffff
+DATA ·constants<>+8(SB)/8, $0x3ffffff
+// EX0
+DATA ·constants<>+16(SB)/8, $0x0006050403020100
+DATA ·constants<>+24(SB)/8, $0x1016151413121110
+// EX1
+DATA ·constants<>+32(SB)/8, $0x060c0b0a09080706
+DATA ·constants<>+40(SB)/8, $0x161c1b1a19181716
+// EX2
+DATA ·constants<>+48(SB)/8, $0x0d0d0d0d0d0f0e0d
+DATA ·constants<>+56(SB)/8, $0x1d1d1d1d1d1f1e1d
+
+// h = (f*g) % (2**130-5) [partial reduction]
+#define MULTIPLY(f0, f1, f2, f3, f4, g0, g1, g2, g3, g4, g51, g52, g53, g54, h0, h1, h2, h3, h4) \
+ VMLOF f0, g0, h0 \
+ VMLOF f0, g1, h1 \
+ VMLOF f0, g2, h2 \
+ VMLOF f0, g3, h3 \
+ VMLOF f0, g4, h4 \
+ VMLOF f1, g54, T_0 \
+ VMLOF f1, g0, T_1 \
+ VMLOF f1, g1, T_2 \
+ VMLOF f1, g2, T_3 \
+ VMLOF f1, g3, T_4 \
+ VMALOF f2, g53, h0, h0 \
+ VMALOF f2, g54, h1, h1 \
+ VMALOF f2, g0, h2, h2 \
+ VMALOF f2, g1, h3, h3 \
+ VMALOF f2, g2, h4, h4 \
+ VMALOF f3, g52, T_0, T_0 \
+ VMALOF f3, g53, T_1, T_1 \
+ VMALOF f3, g54, T_2, T_2 \
+ VMALOF f3, g0, T_3, T_3 \
+ VMALOF f3, g1, T_4, T_4 \
+ VMALOF f4, g51, h0, h0 \
+ VMALOF f4, g52, h1, h1 \
+ VMALOF f4, g53, h2, h2 \
+ VMALOF f4, g54, h3, h3 \
+ VMALOF f4, g0, h4, h4 \
+ VAG T_0, h0, h0 \
+ VAG T_1, h1, h1 \
+ VAG T_2, h2, h2 \
+ VAG T_3, h3, h3 \
+ VAG T_4, h4, h4
+
+// carry h0->h1 h3->h4, h1->h2 h4->h0, h0->h1 h2->h3, h3->h4
+#define REDUCE(h0, h1, h2, h3, h4) \
+ VESRLG $26, h0, T_0 \
+ VESRLG $26, h3, T_1 \
+ VN MOD26, h0, h0 \
+ VN MOD26, h3, h3 \
+ VAG T_0, h1, h1 \
+ VAG T_1, h4, h4 \
+ VESRLG $26, h1, T_2 \
+ VESRLG $26, h4, T_3 \
+ VN MOD26, h1, h1 \
+ VN MOD26, h4, h4 \
+ VESLG $2, T_3, T_4 \
+ VAG T_3, T_4, T_4 \
+ VAG T_2, h2, h2 \
+ VAG T_4, h0, h0 \
+ VESRLG $26, h2, T_0 \
+ VESRLG $26, h0, T_1 \
+ VN MOD26, h2, h2 \
+ VN MOD26, h0, h0 \
+ VAG T_0, h3, h3 \
+ VAG T_1, h1, h1 \
+ VESRLG $26, h3, T_2 \
+ VN MOD26, h3, h3 \
+ VAG T_2, h4, h4
+
+// expand in0 into d[0] and in1 into d[1]
+#define EXPAND(in0, in1, d0, d1, d2, d3, d4) \
+ VGBM $0x0707, d1 \ // d1=tmp
+ VPERM in0, in1, EX2, d4 \
+ VPERM in0, in1, EX0, d0 \
+ VPERM in0, in1, EX1, d2 \
+ VN d1, d4, d4 \
+ VESRLG $26, d0, d1 \
+ VESRLG $30, d2, d3 \
+ VESRLG $4, d2, d2 \
+ VN MOD26, d0, d0 \
+ VN MOD26, d1, d1 \
+ VN MOD26, d2, d2 \
+ VN MOD26, d3, d3
+
+// pack h4:h0 into h1:h0 (no carry)
+#define PACK(h0, h1, h2, h3, h4) \
+ VESLG $26, h1, h1 \
+ VESLG $26, h3, h3 \
+ VO h0, h1, h0 \
+ VO h2, h3, h2 \
+ VESLG $4, h2, h2 \
+ VLEIB $7, $48, h1 \
+ VSLB h1, h2, h2 \
+ VO h0, h2, h0 \
+ VLEIB $7, $104, h1 \
+ VSLB h1, h4, h3 \
+ VO h3, h0, h0 \
+ VLEIB $7, $24, h1 \
+ VSRLB h1, h4, h1
+
+// if h > 2**130-5 then h -= 2**130-5
+#define MOD(h0, h1, t0, t1, t2) \
+ VZERO t0 \
+ VLEIG $1, $5, t0 \
+ VACCQ h0, t0, t1 \
+ VAQ h0, t0, t0 \
+ VONE t2 \
+ VLEIG $1, $-4, t2 \
+ VAQ t2, t1, t1 \
+ VACCQ h1, t1, t1 \
+ VONE t2 \
+ VAQ t2, t1, t1 \
+ VN h0, t1, t2 \
+ VNC t0, t1, t1 \
+ VO t1, t2, h0
+
+// func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]key)
+TEXT ·poly1305vx(SB), $0-32
+ // This code processes up to 2 blocks (32 bytes) per iteration
+ // using the algorithm described in:
+ // NEON crypto, Daniel J. Bernstein & Peter Schwabe
+ // https://cryptojedi.org/papers/neoncrypto-20120320.pdf
+ LMG out+0(FP), R1, R4 // R1=out, R2=m, R3=mlen, R4=key
+
+ // load MOD26, EX0, EX1 and EX2
+ MOVD $·constants<>(SB), R5
+ VLM (R5), MOD26, EX2
+
+ // setup r
+ VL (R4), T_0
+ MOVD $·keyMask<>(SB), R6
+ VL (R6), T_1
+ VN T_0, T_1, T_0
+ EXPAND(T_0, T_0, R_0, R_1, R_2, R_3, R_4)
+
+ // setup r*5
+ VLEIG $0, $5, T_0
+ VLEIG $1, $5, T_0
+
+ // store r (for final block)
+ VMLOF T_0, R_1, R5SAVE_1
+ VMLOF T_0, R_2, R5SAVE_2
+ VMLOF T_0, R_3, R5SAVE_3
+ VMLOF T_0, R_4, R5SAVE_4
+ VLGVG $0, R_0, RSAVE_0
+ VLGVG $0, R_1, RSAVE_1
+ VLGVG $0, R_2, RSAVE_2
+ VLGVG $0, R_3, RSAVE_3
+ VLGVG $0, R_4, RSAVE_4
+
+ // skip r**2 calculation
+ CMPBLE R3, $16, skip
+
+ // calculate r**2
+ MULTIPLY(R_0, R_1, R_2, R_3, R_4, R_0, R_1, R_2, R_3, R_4, R5SAVE_1, R5SAVE_2, R5SAVE_3, R5SAVE_4, H_0, H_1, H_2, H_3, H_4)
+ REDUCE(H_0, H_1, H_2, H_3, H_4)
+ VLEIG $0, $5, T_0
+ VLEIG $1, $5, T_0
+ VMLOF T_0, H_1, R5_1
+ VMLOF T_0, H_2, R5_2
+ VMLOF T_0, H_3, R5_3
+ VMLOF T_0, H_4, R5_4
+ VLR H_0, R_0
+ VLR H_1, R_1
+ VLR H_2, R_2
+ VLR H_3, R_3
+ VLR H_4, R_4
+
+ // initialize h
+ VZERO H_0
+ VZERO H_1
+ VZERO H_2
+ VZERO H_3
+ VZERO H_4
+
+loop:
+ CMPBLE R3, $32, b2
+ VLM (R2), T_0, T_1
+ SUB $32, R3
+ MOVD $32(R2), R2
+ EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4)
+ VLEIB $4, $1, F_4
+ VLEIB $12, $1, F_4
+
+multiply:
+ VAG H_0, F_0, F_0
+ VAG H_1, F_1, F_1
+ VAG H_2, F_2, F_2
+ VAG H_3, F_3, F_3
+ VAG H_4, F_4, F_4
+ MULTIPLY(F_0, F_1, F_2, F_3, F_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, H_0, H_1, H_2, H_3, H_4)
+ REDUCE(H_0, H_1, H_2, H_3, H_4)
+ CMPBNE R3, $0, loop
+
+finish:
+ // sum vectors
+ VZERO T_0
+ VSUMQG H_0, T_0, H_0
+ VSUMQG H_1, T_0, H_1
+ VSUMQG H_2, T_0, H_2
+ VSUMQG H_3, T_0, H_3
+ VSUMQG H_4, T_0, H_4
+
+ // h may be >= 2*(2**130-5) so we need to reduce it again
+ REDUCE(H_0, H_1, H_2, H_3, H_4)
+
+ // carry h1->h4
+ VESRLG $26, H_1, T_1
+ VN MOD26, H_1, H_1
+ VAQ T_1, H_2, H_2
+ VESRLG $26, H_2, T_2
+ VN MOD26, H_2, H_2
+ VAQ T_2, H_3, H_3
+ VESRLG $26, H_3, T_3
+ VN MOD26, H_3, H_3
+ VAQ T_3, H_4, H_4
+
+ // h is now < 2*(2**130-5)
+ // pack h into h1 (hi) and h0 (lo)
+ PACK(H_0, H_1, H_2, H_3, H_4)
+
+ // if h > 2**130-5 then h -= 2**130-5
+ MOD(H_0, H_1, T_0, T_1, T_2)
+
+ // h += s
+ MOVD $·bswapMask<>(SB), R5
+ VL (R5), T_1
+ VL 16(R4), T_0
+ VPERM T_0, T_0, T_1, T_0 // reverse bytes (to big)
+ VAQ T_0, H_0, H_0
+ VPERM H_0, H_0, T_1, H_0 // reverse bytes (to little)
+ VST H_0, (R1)
+
+ RET
+
+b2:
+ CMPBLE R3, $16, b1
+
+ // 2 blocks remaining
+ SUB $17, R3
+ VL (R2), T_0
+ VLL R3, 16(R2), T_1
+ ADD $1, R3
+ MOVBZ $1, R0
+ CMPBEQ R3, $16, 2(PC)
+ VLVGB R3, R0, T_1
+ EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4)
+ CMPBNE R3, $16, 2(PC)
+ VLEIB $12, $1, F_4
+ VLEIB $4, $1, F_4
+
+ // setup [r²,r]
+ VLVGG $1, RSAVE_0, R_0
+ VLVGG $1, RSAVE_1, R_1
+ VLVGG $1, RSAVE_2, R_2
+ VLVGG $1, RSAVE_3, R_3
+ VLVGG $1, RSAVE_4, R_4
+ VPDI $0, R5_1, R5SAVE_1, R5_1
+ VPDI $0, R5_2, R5SAVE_2, R5_2
+ VPDI $0, R5_3, R5SAVE_3, R5_3
+ VPDI $0, R5_4, R5SAVE_4, R5_4
+
+ MOVD $0, R3
+ BR multiply
+
+skip:
+ VZERO H_0
+ VZERO H_1
+ VZERO H_2
+ VZERO H_3
+ VZERO H_4
+
+ CMPBEQ R3, $0, finish
+
+b1:
+ // 1 block remaining
+ SUB $1, R3
+ VLL R3, (R2), T_0
+ ADD $1, R3
+ MOVBZ $1, R0
+ CMPBEQ R3, $16, 2(PC)
+ VLVGB R3, R0, T_0
+ VZERO T_1
+ EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4)
+ CMPBNE R3, $16, 2(PC)
+ VLEIB $4, $1, F_4
+ VLEIG $1, $1, R_0
+ VZERO R_1
+ VZERO R_2
+ VZERO R_3
+ VZERO R_4
+ VZERO R5_1
+ VZERO R5_2
+ VZERO R5_3
+ VZERO R5_4
+
+ // setup [r, 1]
+ VLVGG $0, RSAVE_0, R_0
+ VLVGG $0, RSAVE_1, R_1
+ VLVGG $0, RSAVE_2, R_2
+ VLVGG $0, RSAVE_3, R_3
+ VLVGG $0, RSAVE_4, R_4
+ VPDI $0, R5SAVE_1, R5_1, R5_1
+ VPDI $0, R5SAVE_2, R5_2, R5_2
+ VPDI $0, R5SAVE_3, R5_3, R5_3
+ VPDI $0, R5SAVE_4, R5_4, R5_4
+
+ MOVD $0, R3
+ BR multiply
+
+TEXT ·hasVectorFacility(SB), NOSPLIT, $24-1
+ MOVD $x-24(SP), R1
+ XC $24, 0(R1), 0(R1) // clear the storage
+ MOVD $2, R0 // R0 is the number of double words stored -1
+ WORD $0xB2B01000 // STFLE 0(R1)
+ XOR R0, R0 // reset the value of R0
+ MOVBZ z-8(SP), R1
+ AND $0x40, R1
+ BEQ novector
+
+vectorinstalled:
+ // check if the vector instruction has been enabled
+ VLEIB $0, $0xF, V16
+ VLGVB $0, V16, R1
+ CMPBNE R1, $0xF, novector
+ MOVB $1, ret+0(FP) // have vx
+ RET
+
+novector:
+ MOVB $0, ret+0(FP) // no vx
+ RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s b/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s
new file mode 100644
index 0000000..e548020
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s
@@ -0,0 +1,931 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,go1.11,!gccgo,!appengine
+
+#include "textflag.h"
+
+// Implementation of Poly1305 using the vector facility (vx) and the VMSL instruction.
+
+// constants
+#define EX0 V1
+#define EX1 V2
+#define EX2 V3
+
+// temporaries
+#define T_0 V4
+#define T_1 V5
+#define T_2 V6
+#define T_3 V7
+#define T_4 V8
+#define T_5 V9
+#define T_6 V10
+#define T_7 V11
+#define T_8 V12
+#define T_9 V13
+#define T_10 V14
+
+// r**2 & r**4
+#define R_0 V15
+#define R_1 V16
+#define R_2 V17
+#define R5_1 V18
+#define R5_2 V19
+// key (r)
+#define RSAVE_0 R7
+#define RSAVE_1 R8
+#define RSAVE_2 R9
+#define R5SAVE_1 R10
+#define R5SAVE_2 R11
+
+// message block
+#define M0 V20
+#define M1 V21
+#define M2 V22
+#define M3 V23
+#define M4 V24
+#define M5 V25
+
+// accumulator
+#define H0_0 V26
+#define H1_0 V27
+#define H2_0 V28
+#define H0_1 V29
+#define H1_1 V30
+#define H2_1 V31
+
+GLOBL ·keyMask<>(SB), RODATA, $16
+DATA ·keyMask<>+0(SB)/8, $0xffffff0ffcffff0f
+DATA ·keyMask<>+8(SB)/8, $0xfcffff0ffcffff0f
+
+GLOBL ·bswapMask<>(SB), RODATA, $16
+DATA ·bswapMask<>+0(SB)/8, $0x0f0e0d0c0b0a0908
+DATA ·bswapMask<>+8(SB)/8, $0x0706050403020100
+
+GLOBL ·constants<>(SB), RODATA, $48
+// EX0
+DATA ·constants<>+0(SB)/8, $0x18191a1b1c1d1e1f
+DATA ·constants<>+8(SB)/8, $0x0000050403020100
+// EX1
+DATA ·constants<>+16(SB)/8, $0x18191a1b1c1d1e1f
+DATA ·constants<>+24(SB)/8, $0x00000a0908070605
+// EX2
+DATA ·constants<>+32(SB)/8, $0x18191a1b1c1d1e1f
+DATA ·constants<>+40(SB)/8, $0x0000000f0e0d0c0b
+
+GLOBL ·c<>(SB), RODATA, $48
+// EX0
+DATA ·c<>+0(SB)/8, $0x0000050403020100
+DATA ·c<>+8(SB)/8, $0x0000151413121110
+// EX1
+DATA ·c<>+16(SB)/8, $0x00000a0908070605
+DATA ·c<>+24(SB)/8, $0x00001a1918171615
+// EX2
+DATA ·c<>+32(SB)/8, $0x0000000f0e0d0c0b
+DATA ·c<>+40(SB)/8, $0x0000001f1e1d1c1b
+
+GLOBL ·reduce<>(SB), RODATA, $32
+// 44 bit
+DATA ·reduce<>+0(SB)/8, $0x0
+DATA ·reduce<>+8(SB)/8, $0xfffffffffff
+// 42 bit
+DATA ·reduce<>+16(SB)/8, $0x0
+DATA ·reduce<>+24(SB)/8, $0x3ffffffffff
+
+// h = (f*g) % (2**130-5) [partial reduction]
+// uses T_0...T_9 temporary registers
+// input: m02_0, m02_1, m02_2, m13_0, m13_1, m13_2, r_0, r_1, r_2, r5_1, r5_2, m4_0, m4_1, m4_2, m5_0, m5_1, m5_2
+// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8, t9
+// output: m02_0, m02_1, m02_2, m13_0, m13_1, m13_2
+#define MULTIPLY(m02_0, m02_1, m02_2, m13_0, m13_1, m13_2, r_0, r_1, r_2, r5_1, r5_2, m4_0, m4_1, m4_2, m5_0, m5_1, m5_2, t0, t1, t2, t3, t4, t5, t6, t7, t8, t9) \
+ \ // Eliminate the dependency for the last 2 VMSLs
+ VMSLG m02_0, r_2, m4_2, m4_2 \
+ VMSLG m13_0, r_2, m5_2, m5_2 \ // 8 VMSLs pipelined
+ VMSLG m02_0, r_0, m4_0, m4_0 \
+ VMSLG m02_1, r5_2, V0, T_0 \
+ VMSLG m02_0, r_1, m4_1, m4_1 \
+ VMSLG m02_1, r_0, V0, T_1 \
+ VMSLG m02_1, r_1, V0, T_2 \
+ VMSLG m02_2, r5_1, V0, T_3 \
+ VMSLG m02_2, r5_2, V0, T_4 \
+ VMSLG m13_0, r_0, m5_0, m5_0 \
+ VMSLG m13_1, r5_2, V0, T_5 \
+ VMSLG m13_0, r_1, m5_1, m5_1 \
+ VMSLG m13_1, r_0, V0, T_6 \
+ VMSLG m13_1, r_1, V0, T_7 \
+ VMSLG m13_2, r5_1, V0, T_8 \
+ VMSLG m13_2, r5_2, V0, T_9 \
+ VMSLG m02_2, r_0, m4_2, m4_2 \
+ VMSLG m13_2, r_0, m5_2, m5_2 \
+ VAQ m4_0, T_0, m02_0 \
+ VAQ m4_1, T_1, m02_1 \
+ VAQ m5_0, T_5, m13_0 \
+ VAQ m5_1, T_6, m13_1 \
+ VAQ m02_0, T_3, m02_0 \
+ VAQ m02_1, T_4, m02_1 \
+ VAQ m13_0, T_8, m13_0 \
+ VAQ m13_1, T_9, m13_1 \
+ VAQ m4_2, T_2, m02_2 \
+ VAQ m5_2, T_7, m13_2 \
+
+// SQUARE uses three limbs of r and r_2*5 to output square of r
+// uses T_1, T_5 and T_7 temporary registers
+// input: r_0, r_1, r_2, r5_2
+// temp: TEMP0, TEMP1, TEMP2
+// output: p0, p1, p2
+#define SQUARE(r_0, r_1, r_2, r5_2, p0, p1, p2, TEMP0, TEMP1, TEMP2) \
+ VMSLG r_0, r_0, p0, p0 \
+ VMSLG r_1, r5_2, V0, TEMP0 \
+ VMSLG r_2, r5_2, p1, p1 \
+ VMSLG r_0, r_1, V0, TEMP1 \
+ VMSLG r_1, r_1, p2, p2 \
+ VMSLG r_0, r_2, V0, TEMP2 \
+ VAQ TEMP0, p0, p0 \
+ VAQ TEMP1, p1, p1 \
+ VAQ TEMP2, p2, p2 \
+ VAQ TEMP0, p0, p0 \
+ VAQ TEMP1, p1, p1 \
+ VAQ TEMP2, p2, p2 \
+
+// carry h0->h1->h2->h0 || h3->h4->h5->h3
+// uses T_2, T_4, T_5, T_7, T_8, T_9
+// t6, t7, t8, t9, t10, t11
+// input: h0, h1, h2, h3, h4, h5
+// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11
+// output: h0, h1, h2, h3, h4, h5
+#define REDUCE(h0, h1, h2, h3, h4, h5, t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11) \
+ VLM (R12), t6, t7 \ // 44 and 42 bit clear mask
+ VLEIB $7, $0x28, t10 \ // 5 byte shift mask
+ VREPIB $4, t8 \ // 4 bit shift mask
+ VREPIB $2, t11 \ // 2 bit shift mask
+ VSRLB t10, h0, t0 \ // h0 byte shift
+ VSRLB t10, h1, t1 \ // h1 byte shift
+ VSRLB t10, h2, t2 \ // h2 byte shift
+ VSRLB t10, h3, t3 \ // h3 byte shift
+ VSRLB t10, h4, t4 \ // h4 byte shift
+ VSRLB t10, h5, t5 \ // h5 byte shift
+ VSRL t8, t0, t0 \ // h0 bit shift
+ VSRL t8, t1, t1 \ // h2 bit shift
+ VSRL t11, t2, t2 \ // h2 bit shift
+ VSRL t8, t3, t3 \ // h3 bit shift
+ VSRL t8, t4, t4 \ // h4 bit shift
+ VESLG $2, t2, t9 \ // h2 carry x5
+ VSRL t11, t5, t5 \ // h5 bit shift
+ VN t6, h0, h0 \ // h0 clear carry
+ VAQ t2, t9, t2 \ // h2 carry x5
+ VESLG $2, t5, t9 \ // h5 carry x5
+ VN t6, h1, h1 \ // h1 clear carry
+ VN t7, h2, h2 \ // h2 clear carry
+ VAQ t5, t9, t5 \ // h5 carry x5
+ VN t6, h3, h3 \ // h3 clear carry
+ VN t6, h4, h4 \ // h4 clear carry
+ VN t7, h5, h5 \ // h5 clear carry
+ VAQ t0, h1, h1 \ // h0->h1
+ VAQ t3, h4, h4 \ // h3->h4
+ VAQ t1, h2, h2 \ // h1->h2
+ VAQ t4, h5, h5 \ // h4->h5
+ VAQ t2, h0, h0 \ // h2->h0
+ VAQ t5, h3, h3 \ // h5->h3
+ VREPG $1, t6, t6 \ // 44 and 42 bit masks across both halves
+ VREPG $1, t7, t7 \
+ VSLDB $8, h0, h0, h0 \ // set up [h0/1/2, h3/4/5]
+ VSLDB $8, h1, h1, h1 \
+ VSLDB $8, h2, h2, h2 \
+ VO h0, h3, h3 \
+ VO h1, h4, h4 \
+ VO h2, h5, h5 \
+ VESRLG $44, h3, t0 \ // 44 bit shift right
+ VESRLG $44, h4, t1 \
+ VESRLG $42, h5, t2 \
+ VN t6, h3, h3 \ // clear carry bits
+ VN t6, h4, h4 \
+ VN t7, h5, h5 \
+ VESLG $2, t2, t9 \ // multiply carry by 5
+ VAQ t9, t2, t2 \
+ VAQ t0, h4, h4 \
+ VAQ t1, h5, h5 \
+ VAQ t2, h3, h3 \
+
+// carry h0->h1->h2->h0
+// input: h0, h1, h2
+// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8
+// output: h0, h1, h2
+#define REDUCE2(h0, h1, h2, t0, t1, t2, t3, t4, t5, t6, t7, t8) \
+ VLEIB $7, $0x28, t3 \ // 5 byte shift mask
+ VREPIB $4, t4 \ // 4 bit shift mask
+ VREPIB $2, t7 \ // 2 bit shift mask
+ VGBM $0x003F, t5 \ // mask to clear carry bits
+ VSRLB t3, h0, t0 \
+ VSRLB t3, h1, t1 \
+ VSRLB t3, h2, t2 \
+ VESRLG $4, t5, t5 \ // 44 bit clear mask
+ VSRL t4, t0, t0 \
+ VSRL t4, t1, t1 \
+ VSRL t7, t2, t2 \
+ VESRLG $2, t5, t6 \ // 42 bit clear mask
+ VESLG $2, t2, t8 \
+ VAQ t8, t2, t2 \
+ VN t5, h0, h0 \
+ VN t5, h1, h1 \
+ VN t6, h2, h2 \
+ VAQ t0, h1, h1 \
+ VAQ t1, h2, h2 \
+ VAQ t2, h0, h0 \
+ VSRLB t3, h0, t0 \
+ VSRLB t3, h1, t1 \
+ VSRLB t3, h2, t2 \
+ VSRL t4, t0, t0 \
+ VSRL t4, t1, t1 \
+ VSRL t7, t2, t2 \
+ VN t5, h0, h0 \
+ VN t5, h1, h1 \
+ VESLG $2, t2, t8 \
+ VN t6, h2, h2 \
+ VAQ t0, h1, h1 \
+ VAQ t8, t2, t2 \
+ VAQ t1, h2, h2 \
+ VAQ t2, h0, h0 \
+
+// expands two message blocks into the lower halfs of the d registers
+// moves the contents of the d registers into upper halfs
+// input: in1, in2, d0, d1, d2, d3, d4, d5
+// temp: TEMP0, TEMP1, TEMP2, TEMP3
+// output: d0, d1, d2, d3, d4, d5
+#define EXPACC(in1, in2, d0, d1, d2, d3, d4, d5, TEMP0, TEMP1, TEMP2, TEMP3) \
+ VGBM $0xff3f, TEMP0 \
+ VGBM $0xff1f, TEMP1 \
+ VESLG $4, d1, TEMP2 \
+ VESLG $4, d4, TEMP3 \
+ VESRLG $4, TEMP0, TEMP0 \
+ VPERM in1, d0, EX0, d0 \
+ VPERM in2, d3, EX0, d3 \
+ VPERM in1, d2, EX2, d2 \
+ VPERM in2, d5, EX2, d5 \
+ VPERM in1, TEMP2, EX1, d1 \
+ VPERM in2, TEMP3, EX1, d4 \
+ VN TEMP0, d0, d0 \
+ VN TEMP0, d3, d3 \
+ VESRLG $4, d1, d1 \
+ VESRLG $4, d4, d4 \
+ VN TEMP1, d2, d2 \
+ VN TEMP1, d5, d5 \
+ VN TEMP0, d1, d1 \
+ VN TEMP0, d4, d4 \
+
+// expands one message block into the lower halfs of the d registers
+// moves the contents of the d registers into upper halfs
+// input: in, d0, d1, d2
+// temp: TEMP0, TEMP1, TEMP2
+// output: d0, d1, d2
+#define EXPACC2(in, d0, d1, d2, TEMP0, TEMP1, TEMP2) \
+ VGBM $0xff3f, TEMP0 \
+ VESLG $4, d1, TEMP2 \
+ VGBM $0xff1f, TEMP1 \
+ VPERM in, d0, EX0, d0 \
+ VESRLG $4, TEMP0, TEMP0 \
+ VPERM in, d2, EX2, d2 \
+ VPERM in, TEMP2, EX1, d1 \
+ VN TEMP0, d0, d0 \
+ VN TEMP1, d2, d2 \
+ VESRLG $4, d1, d1 \
+ VN TEMP0, d1, d1 \
+
+// pack h2:h0 into h1:h0 (no carry)
+// input: h0, h1, h2
+// output: h0, h1, h2
+#define PACK(h0, h1, h2) \
+ VMRLG h1, h2, h2 \ // copy h1 to upper half h2
+ VESLG $44, h1, h1 \ // shift limb 1 44 bits, leaving 20
+ VO h0, h1, h0 \ // combine h0 with 20 bits from limb 1
+ VESRLG $20, h2, h1 \ // put top 24 bits of limb 1 into h1
+ VLEIG $1, $0, h1 \ // clear h2 stuff from lower half of h1
+ VO h0, h1, h0 \ // h0 now has 88 bits (limb 0 and 1)
+ VLEIG $0, $0, h2 \ // clear upper half of h2
+ VESRLG $40, h2, h1 \ // h1 now has upper two bits of result
+ VLEIB $7, $88, h1 \ // for byte shift (11 bytes)
+ VSLB h1, h2, h2 \ // shift h2 11 bytes to the left
+ VO h0, h2, h0 \ // combine h0 with 20 bits from limb 1
+ VLEIG $0, $0, h1 \ // clear upper half of h1
+
+// if h > 2**130-5 then h -= 2**130-5
+// input: h0, h1
+// temp: t0, t1, t2
+// output: h0
+#define MOD(h0, h1, t0, t1, t2) \
+ VZERO t0 \
+ VLEIG $1, $5, t0 \
+ VACCQ h0, t0, t1 \
+ VAQ h0, t0, t0 \
+ VONE t2 \
+ VLEIG $1, $-4, t2 \
+ VAQ t2, t1, t1 \
+ VACCQ h1, t1, t1 \
+ VONE t2 \
+ VAQ t2, t1, t1 \
+ VN h0, t1, t2 \
+ VNC t0, t1, t1 \
+ VO t1, t2, h0 \
+
+// func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]key)
+TEXT ·poly1305vmsl(SB), $0-32
+ // This code processes 6 + up to 4 blocks (32 bytes) per iteration
+ // using the algorithm described in:
+ // NEON crypto, Daniel J. Bernstein & Peter Schwabe
+ // https://cryptojedi.org/papers/neoncrypto-20120320.pdf
+ // And as moddified for VMSL as described in
+ // Accelerating Poly1305 Cryptographic Message Authentication on the z14
+ // O'Farrell et al, CASCON 2017, p48-55
+ // https://ibm.ent.box.com/s/jf9gedj0e9d2vjctfyh186shaztavnht
+
+ LMG out+0(FP), R1, R4 // R1=out, R2=m, R3=mlen, R4=key
+ VZERO V0 // c
+
+ // load EX0, EX1 and EX2
+ MOVD $·constants<>(SB), R5
+ VLM (R5), EX0, EX2 // c
+
+ // setup r
+ VL (R4), T_0
+ MOVD $·keyMask<>(SB), R6
+ VL (R6), T_1
+ VN T_0, T_1, T_0
+ VZERO T_2 // limbs for r
+ VZERO T_3
+ VZERO T_4
+ EXPACC2(T_0, T_2, T_3, T_4, T_1, T_5, T_7)
+
+ // T_2, T_3, T_4: [0, r]
+
+ // setup r*20
+ VLEIG $0, $0, T_0
+ VLEIG $1, $20, T_0 // T_0: [0, 20]
+ VZERO T_5
+ VZERO T_6
+ VMSLG T_0, T_3, T_5, T_5
+ VMSLG T_0, T_4, T_6, T_6
+
+ // store r for final block in GR
+ VLGVG $1, T_2, RSAVE_0 // c
+ VLGVG $1, T_3, RSAVE_1 // c
+ VLGVG $1, T_4, RSAVE_2 // c
+ VLGVG $1, T_5, R5SAVE_1 // c
+ VLGVG $1, T_6, R5SAVE_2 // c
+
+ // initialize h
+ VZERO H0_0
+ VZERO H1_0
+ VZERO H2_0
+ VZERO H0_1
+ VZERO H1_1
+ VZERO H2_1
+
+ // initialize pointer for reduce constants
+ MOVD $·reduce<>(SB), R12
+
+ // calculate r**2 and 20*(r**2)
+ VZERO R_0
+ VZERO R_1
+ VZERO R_2
+ SQUARE(T_2, T_3, T_4, T_6, R_0, R_1, R_2, T_1, T_5, T_7)
+ REDUCE2(R_0, R_1, R_2, M0, M1, M2, M3, M4, R5_1, R5_2, M5, T_1)
+ VZERO R5_1
+ VZERO R5_2
+ VMSLG T_0, R_1, R5_1, R5_1
+ VMSLG T_0, R_2, R5_2, R5_2
+
+ // skip r**4 calculation if 3 blocks or less
+ CMPBLE R3, $48, b4
+
+ // calculate r**4 and 20*(r**4)
+ VZERO T_8
+ VZERO T_9
+ VZERO T_10
+ SQUARE(R_0, R_1, R_2, R5_2, T_8, T_9, T_10, T_1, T_5, T_7)
+ REDUCE2(T_8, T_9, T_10, M0, M1, M2, M3, M4, T_2, T_3, M5, T_1)
+ VZERO T_2
+ VZERO T_3
+ VMSLG T_0, T_9, T_2, T_2
+ VMSLG T_0, T_10, T_3, T_3
+
+ // put r**2 to the right and r**4 to the left of R_0, R_1, R_2
+ VSLDB $8, T_8, T_8, T_8
+ VSLDB $8, T_9, T_9, T_9
+ VSLDB $8, T_10, T_10, T_10
+ VSLDB $8, T_2, T_2, T_2
+ VSLDB $8, T_3, T_3, T_3
+
+ VO T_8, R_0, R_0
+ VO T_9, R_1, R_1
+ VO T_10, R_2, R_2
+ VO T_2, R5_1, R5_1
+ VO T_3, R5_2, R5_2
+
+ CMPBLE R3, $80, load // less than or equal to 5 blocks in message
+
+ // 6(or 5+1) blocks
+ SUB $81, R3
+ VLM (R2), M0, M4
+ VLL R3, 80(R2), M5
+ ADD $1, R3
+ MOVBZ $1, R0
+ CMPBGE R3, $16, 2(PC)
+ VLVGB R3, R0, M5
+ MOVD $96(R2), R2
+ EXPACC(M0, M1, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3)
+ EXPACC(M2, M3, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3)
+ VLEIB $2, $1, H2_0
+ VLEIB $2, $1, H2_1
+ VLEIB $10, $1, H2_0
+ VLEIB $10, $1, H2_1
+
+ VZERO M0
+ VZERO M1
+ VZERO M2
+ VZERO M3
+ VZERO T_4
+ VZERO T_10
+ EXPACC(M4, M5, M0, M1, M2, M3, T_4, T_10, T_0, T_1, T_2, T_3)
+ VLR T_4, M4
+ VLEIB $10, $1, M2
+ CMPBLT R3, $16, 2(PC)
+ VLEIB $10, $1, T_10
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M2, M3, M4, T_4, T_5, T_2, T_7, T_8, T_9)
+ VMRHG V0, H0_1, H0_0
+ VMRHG V0, H1_1, H1_0
+ VMRHG V0, H2_1, H2_0
+ VMRLG V0, H0_1, H0_1
+ VMRLG V0, H1_1, H1_1
+ VMRLG V0, H2_1, H2_1
+
+ SUB $16, R3
+ CMPBLE R3, $0, square
+
+load:
+ // load EX0, EX1 and EX2
+ MOVD $·c<>(SB), R5
+ VLM (R5), EX0, EX2
+
+loop:
+ CMPBLE R3, $64, add // b4 // last 4 or less blocks left
+
+ // next 4 full blocks
+ VLM (R2), M2, M5
+ SUB $64, R3
+ MOVD $64(R2), R2
+ REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, T_0, T_1, T_3, T_4, T_5, T_2, T_7, T_8, T_9)
+
+ // expacc in-lined to create [m2, m3] limbs
+ VGBM $0x3f3f, T_0 // 44 bit clear mask
+ VGBM $0x1f1f, T_1 // 40 bit clear mask
+ VPERM M2, M3, EX0, T_3
+ VESRLG $4, T_0, T_0 // 44 bit clear mask ready
+ VPERM M2, M3, EX1, T_4
+ VPERM M2, M3, EX2, T_5
+ VN T_0, T_3, T_3
+ VESRLG $4, T_4, T_4
+ VN T_1, T_5, T_5
+ VN T_0, T_4, T_4
+ VMRHG H0_1, T_3, H0_0
+ VMRHG H1_1, T_4, H1_0
+ VMRHG H2_1, T_5, H2_0
+ VMRLG H0_1, T_3, H0_1
+ VMRLG H1_1, T_4, H1_1
+ VMRLG H2_1, T_5, H2_1
+ VLEIB $10, $1, H2_0
+ VLEIB $10, $1, H2_1
+ VPERM M4, M5, EX0, T_3
+ VPERM M4, M5, EX1, T_4
+ VPERM M4, M5, EX2, T_5
+ VN T_0, T_3, T_3
+ VESRLG $4, T_4, T_4
+ VN T_1, T_5, T_5
+ VN T_0, T_4, T_4
+ VMRHG V0, T_3, M0
+ VMRHG V0, T_4, M1
+ VMRHG V0, T_5, M2
+ VMRLG V0, T_3, M3
+ VMRLG V0, T_4, M4
+ VMRLG V0, T_5, M5
+ VLEIB $10, $1, M2
+ VLEIB $10, $1, M5
+
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ CMPBNE R3, $0, loop
+ REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9)
+ VMRHG V0, H0_1, H0_0
+ VMRHG V0, H1_1, H1_0
+ VMRHG V0, H2_1, H2_0
+ VMRLG V0, H0_1, H0_1
+ VMRLG V0, H1_1, H1_1
+ VMRLG V0, H2_1, H2_1
+
+ // load EX0, EX1, EX2
+ MOVD $·constants<>(SB), R5
+ VLM (R5), EX0, EX2
+
+ // sum vectors
+ VAQ H0_0, H0_1, H0_0
+ VAQ H1_0, H1_1, H1_0
+ VAQ H2_0, H2_1, H2_0
+
+ // h may be >= 2*(2**130-5) so we need to reduce it again
+ // M0...M4 are used as temps here
+ REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
+
+next: // carry h1->h2
+ VLEIB $7, $0x28, T_1
+ VREPIB $4, T_2
+ VGBM $0x003F, T_3
+ VESRLG $4, T_3
+
+ // byte shift
+ VSRLB T_1, H1_0, T_4
+
+ // bit shift
+ VSRL T_2, T_4, T_4
+
+ // clear h1 carry bits
+ VN T_3, H1_0, H1_0
+
+ // add carry
+ VAQ T_4, H2_0, H2_0
+
+ // h is now < 2*(2**130-5)
+ // pack h into h1 (hi) and h0 (lo)
+ PACK(H0_0, H1_0, H2_0)
+
+ // if h > 2**130-5 then h -= 2**130-5
+ MOD(H0_0, H1_0, T_0, T_1, T_2)
+
+ // h += s
+ MOVD $·bswapMask<>(SB), R5
+ VL (R5), T_1
+ VL 16(R4), T_0
+ VPERM T_0, T_0, T_1, T_0 // reverse bytes (to big)
+ VAQ T_0, H0_0, H0_0
+ VPERM H0_0, H0_0, T_1, H0_0 // reverse bytes (to little)
+ VST H0_0, (R1)
+ RET
+
+add:
+ // load EX0, EX1, EX2
+ MOVD $·constants<>(SB), R5
+ VLM (R5), EX0, EX2
+
+ REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9)
+ VMRHG V0, H0_1, H0_0
+ VMRHG V0, H1_1, H1_0
+ VMRHG V0, H2_1, H2_0
+ VMRLG V0, H0_1, H0_1
+ VMRLG V0, H1_1, H1_1
+ VMRLG V0, H2_1, H2_1
+ CMPBLE R3, $64, b4
+
+b4:
+ CMPBLE R3, $48, b3 // 3 blocks or less
+
+ // 4(3+1) blocks remaining
+ SUB $49, R3
+ VLM (R2), M0, M2
+ VLL R3, 48(R2), M3
+ ADD $1, R3
+ MOVBZ $1, R0
+ CMPBEQ R3, $16, 2(PC)
+ VLVGB R3, R0, M3
+ MOVD $64(R2), R2
+ EXPACC(M0, M1, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3)
+ VLEIB $10, $1, H2_0
+ VLEIB $10, $1, H2_1
+ VZERO M0
+ VZERO M1
+ VZERO M4
+ VZERO M5
+ VZERO T_4
+ VZERO T_10
+ EXPACC(M2, M3, M0, M1, M4, M5, T_4, T_10, T_0, T_1, T_2, T_3)
+ VLR T_4, M2
+ VLEIB $10, $1, M4
+ CMPBNE R3, $16, 2(PC)
+ VLEIB $10, $1, T_10
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M4, M5, M2, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9)
+ VMRHG V0, H0_1, H0_0
+ VMRHG V0, H1_1, H1_0
+ VMRHG V0, H2_1, H2_0
+ VMRLG V0, H0_1, H0_1
+ VMRLG V0, H1_1, H1_1
+ VMRLG V0, H2_1, H2_1
+ SUB $16, R3
+ CMPBLE R3, $0, square // this condition must always hold true!
+
+b3:
+ CMPBLE R3, $32, b2
+
+ // 3 blocks remaining
+
+ // setup [r²,r]
+ VSLDB $8, R_0, R_0, R_0
+ VSLDB $8, R_1, R_1, R_1
+ VSLDB $8, R_2, R_2, R_2
+ VSLDB $8, R5_1, R5_1, R5_1
+ VSLDB $8, R5_2, R5_2, R5_2
+
+ VLVGG $1, RSAVE_0, R_0
+ VLVGG $1, RSAVE_1, R_1
+ VLVGG $1, RSAVE_2, R_2
+ VLVGG $1, R5SAVE_1, R5_1
+ VLVGG $1, R5SAVE_2, R5_2
+
+ // setup [h0, h1]
+ VSLDB $8, H0_0, H0_0, H0_0
+ VSLDB $8, H1_0, H1_0, H1_0
+ VSLDB $8, H2_0, H2_0, H2_0
+ VO H0_1, H0_0, H0_0
+ VO H1_1, H1_0, H1_0
+ VO H2_1, H2_0, H2_0
+ VZERO H0_1
+ VZERO H1_1
+ VZERO H2_1
+
+ VZERO M0
+ VZERO M1
+ VZERO M2
+ VZERO M3
+ VZERO M4
+ VZERO M5
+
+ // H*[r**2, r]
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, H0_1, H1_1, T_10, M5)
+
+ SUB $33, R3
+ VLM (R2), M0, M1
+ VLL R3, 32(R2), M2
+ ADD $1, R3
+ MOVBZ $1, R0
+ CMPBEQ R3, $16, 2(PC)
+ VLVGB R3, R0, M2
+
+ // H += m0
+ VZERO T_1
+ VZERO T_2
+ VZERO T_3
+ EXPACC2(M0, T_1, T_2, T_3, T_4, T_5, T_6)
+ VLEIB $10, $1, T_3
+ VAG H0_0, T_1, H0_0
+ VAG H1_0, T_2, H1_0
+ VAG H2_0, T_3, H2_0
+
+ VZERO M0
+ VZERO M3
+ VZERO M4
+ VZERO M5
+ VZERO T_10
+
+ // (H+m0)*r
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M3, M4, M5, V0, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE2(H0_0, H1_0, H2_0, M0, M3, M4, M5, T_10, H0_1, H1_1, H2_1, T_9)
+
+ // H += m1
+ VZERO V0
+ VZERO T_1
+ VZERO T_2
+ VZERO T_3
+ EXPACC2(M1, T_1, T_2, T_3, T_4, T_5, T_6)
+ VLEIB $10, $1, T_3
+ VAQ H0_0, T_1, H0_0
+ VAQ H1_0, T_2, H1_0
+ VAQ H2_0, T_3, H2_0
+ REDUCE2(H0_0, H1_0, H2_0, M0, M3, M4, M5, T_9, H0_1, H1_1, H2_1, T_10)
+
+ // [H, m2] * [r**2, r]
+ EXPACC2(M2, H0_0, H1_0, H2_0, T_1, T_2, T_3)
+ CMPBNE R3, $16, 2(PC)
+ VLEIB $10, $1, H2_0
+ VZERO M0
+ VZERO M1
+ VZERO M2
+ VZERO M3
+ VZERO M4
+ VZERO M5
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, H0_1, H1_1, M5, T_10)
+ SUB $16, R3
+ CMPBLE R3, $0, next // this condition must always hold true!
+
+b2:
+ CMPBLE R3, $16, b1
+
+ // 2 blocks remaining
+
+ // setup [r²,r]
+ VSLDB $8, R_0, R_0, R_0
+ VSLDB $8, R_1, R_1, R_1
+ VSLDB $8, R_2, R_2, R_2
+ VSLDB $8, R5_1, R5_1, R5_1
+ VSLDB $8, R5_2, R5_2, R5_2
+
+ VLVGG $1, RSAVE_0, R_0
+ VLVGG $1, RSAVE_1, R_1
+ VLVGG $1, RSAVE_2, R_2
+ VLVGG $1, R5SAVE_1, R5_1
+ VLVGG $1, R5SAVE_2, R5_2
+
+ // setup [h0, h1]
+ VSLDB $8, H0_0, H0_0, H0_0
+ VSLDB $8, H1_0, H1_0, H1_0
+ VSLDB $8, H2_0, H2_0, H2_0
+ VO H0_1, H0_0, H0_0
+ VO H1_1, H1_0, H1_0
+ VO H2_1, H2_0, H2_0
+ VZERO H0_1
+ VZERO H1_1
+ VZERO H2_1
+
+ VZERO M0
+ VZERO M1
+ VZERO M2
+ VZERO M3
+ VZERO M4
+ VZERO M5
+
+ // H*[r**2, r]
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M2, M3, M4, T_4, T_5, T_2, T_7, T_8, T_9)
+ VMRHG V0, H0_1, H0_0
+ VMRHG V0, H1_1, H1_0
+ VMRHG V0, H2_1, H2_0
+ VMRLG V0, H0_1, H0_1
+ VMRLG V0, H1_1, H1_1
+ VMRLG V0, H2_1, H2_1
+
+ // move h to the left and 0s at the right
+ VSLDB $8, H0_0, H0_0, H0_0
+ VSLDB $8, H1_0, H1_0, H1_0
+ VSLDB $8, H2_0, H2_0, H2_0
+
+ // get message blocks and append 1 to start
+ SUB $17, R3
+ VL (R2), M0
+ VLL R3, 16(R2), M1
+ ADD $1, R3
+ MOVBZ $1, R0
+ CMPBEQ R3, $16, 2(PC)
+ VLVGB R3, R0, M1
+ VZERO T_6
+ VZERO T_7
+ VZERO T_8
+ EXPACC2(M0, T_6, T_7, T_8, T_1, T_2, T_3)
+ EXPACC2(M1, T_6, T_7, T_8, T_1, T_2, T_3)
+ VLEIB $2, $1, T_8
+ CMPBNE R3, $16, 2(PC)
+ VLEIB $10, $1, T_8
+
+ // add [m0, m1] to h
+ VAG H0_0, T_6, H0_0
+ VAG H1_0, T_7, H1_0
+ VAG H2_0, T_8, H2_0
+
+ VZERO M2
+ VZERO M3
+ VZERO M4
+ VZERO M5
+ VZERO T_10
+ VZERO M0
+
+ // at this point R_0 .. R5_2 look like [r**2, r]
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M2, M3, M4, M5, T_10, M0, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE2(H0_0, H1_0, H2_0, M2, M3, M4, M5, T_9, H0_1, H1_1, H2_1, T_10)
+ SUB $16, R3, R3
+ CMPBLE R3, $0, next
+
+b1:
+ CMPBLE R3, $0, next
+
+ // 1 block remaining
+
+ // setup [r²,r]
+ VSLDB $8, R_0, R_0, R_0
+ VSLDB $8, R_1, R_1, R_1
+ VSLDB $8, R_2, R_2, R_2
+ VSLDB $8, R5_1, R5_1, R5_1
+ VSLDB $8, R5_2, R5_2, R5_2
+
+ VLVGG $1, RSAVE_0, R_0
+ VLVGG $1, RSAVE_1, R_1
+ VLVGG $1, RSAVE_2, R_2
+ VLVGG $1, R5SAVE_1, R5_1
+ VLVGG $1, R5SAVE_2, R5_2
+
+ // setup [h0, h1]
+ VSLDB $8, H0_0, H0_0, H0_0
+ VSLDB $8, H1_0, H1_0, H1_0
+ VSLDB $8, H2_0, H2_0, H2_0
+ VO H0_1, H0_0, H0_0
+ VO H1_1, H1_0, H1_0
+ VO H2_1, H2_0, H2_0
+ VZERO H0_1
+ VZERO H1_1
+ VZERO H2_1
+
+ VZERO M0
+ VZERO M1
+ VZERO M2
+ VZERO M3
+ VZERO M4
+ VZERO M5
+
+ // H*[r**2, r]
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
+
+ // set up [0, m0] limbs
+ SUB $1, R3
+ VLL R3, (R2), M0
+ ADD $1, R3
+ MOVBZ $1, R0
+ CMPBEQ R3, $16, 2(PC)
+ VLVGB R3, R0, M0
+ VZERO T_1
+ VZERO T_2
+ VZERO T_3
+ EXPACC2(M0, T_1, T_2, T_3, T_4, T_5, T_6)// limbs: [0, m]
+ CMPBNE R3, $16, 2(PC)
+ VLEIB $10, $1, T_3
+
+ // h+m0
+ VAQ H0_0, T_1, H0_0
+ VAQ H1_0, T_2, H1_0
+ VAQ H2_0, T_3, H2_0
+
+ VZERO M0
+ VZERO M1
+ VZERO M2
+ VZERO M3
+ VZERO M4
+ VZERO M5
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
+
+ BR next
+
+square:
+ // setup [r²,r]
+ VSLDB $8, R_0, R_0, R_0
+ VSLDB $8, R_1, R_1, R_1
+ VSLDB $8, R_2, R_2, R_2
+ VSLDB $8, R5_1, R5_1, R5_1
+ VSLDB $8, R5_2, R5_2, R5_2
+
+ VLVGG $1, RSAVE_0, R_0
+ VLVGG $1, RSAVE_1, R_1
+ VLVGG $1, RSAVE_2, R_2
+ VLVGG $1, R5SAVE_1, R5_1
+ VLVGG $1, R5SAVE_2, R5_2
+
+ // setup [h0, h1]
+ VSLDB $8, H0_0, H0_0, H0_0
+ VSLDB $8, H1_0, H1_0, H1_0
+ VSLDB $8, H2_0, H2_0, H2_0
+ VO H0_1, H0_0, H0_0
+ VO H1_1, H1_0, H1_0
+ VO H2_1, H2_0, H2_0
+ VZERO H0_1
+ VZERO H1_1
+ VZERO H2_1
+
+ VZERO M0
+ VZERO M1
+ VZERO M2
+ VZERO M3
+ VZERO M4
+ VZERO M5
+
+ // (h0*r**2) + (h1*r)
+ MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
+ REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
+ BR next
+
+TEXT ·hasVMSLFacility(SB), NOSPLIT, $24-1
+ MOVD $x-24(SP), R1
+ XC $24, 0(R1), 0(R1) // clear the storage
+ MOVD $2, R0 // R0 is the number of double words stored -1
+ WORD $0xB2B01000 // STFLE 0(R1)
+ XOR R0, R0 // reset the value of R0
+ MOVBZ z-8(SP), R1
+ AND $0x01, R1
+ BEQ novmsl
+
+vectorinstalled:
+ // check if the vector instruction has been enabled
+ VLEIB $0, $0xF, V16
+ VLGVB $0, V16, R1
+ CMPBNE R1, $0xF, novmsl
+ MOVB $1, ret+0(FP) // have vx
+ RET
+
+novmsl:
+ MOVB $0, ret+0(FP) // no vx
+ RET
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go b/vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go
new file mode 100644
index 0000000..4c96147
--- /dev/null
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go
@@ -0,0 +1,144 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package salsa provides low-level access to functions in the Salsa family.
+package salsa // import "golang.org/x/crypto/salsa20/salsa"
+
+// Sigma is the Salsa20 constant for 256-bit keys.
+var Sigma = [16]byte{'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2', '-', 'b', 'y', 't', 'e', ' ', 'k'}
+
+// HSalsa20 applies the HSalsa20 core function to a 16-byte input in, 32-byte
+// key k, and 16-byte constant c, and puts the result into the 32-byte array
+// out.
+func HSalsa20(out *[32]byte, in *[16]byte, k *[32]byte, c *[16]byte) {
+ x0 := uint32(c[0]) | uint32(c[1])<<8 | uint32(c[2])<<16 | uint32(c[3])<<24
+ x1 := uint32(k[0]) | uint32(k[1])<<8 | uint32(k[2])<<16 | uint32(k[3])<<24
+ x2 := uint32(k[4]) | uint32(k[5])<<8 | uint32(k[6])<<16 | uint32(k[7])<<24
+ x3 := uint32(k[8]) | uint32(k[9])<<8 | uint32(k[10])<<16 | uint32(k[11])<<24
+ x4 := uint32(k[12]) | uint32(k[13])<<8 | uint32(k[14])<<16 | uint32(k[15])<<24
+ x5 := uint32(c[4]) | uint32(c[5])<<8 | uint32(c[6])<<16 | uint32(c[7])<<24
+ x6 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24
+ x7 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24
+ x8 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24
+ x9 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24
+ x10 := uint32(c[8]) | uint32(c[9])<<8 | uint32(c[10])<<16 | uint32(c[11])<<24
+ x11 := uint32(k[16]) | uint32(k[17])<<8 | uint32(k[18])<<16 | uint32(k[19])<<24
+ x12 := uint32(k[20]) | uint32(k[21])<<8 | uint32(k[22])<<16 | uint32(k[23])<<24
+ x13 := uint32(k[24]) | uint32(k[25])<<8 | uint32(k[26])<<16 | uint32(k[27])<<24
+ x14 := uint32(k[28]) | uint32(k[29])<<8 | uint32(k[30])<<16 | uint32(k[31])<<24
+ x15 := uint32(c[12]) | uint32(c[13])<<8 | uint32(c[14])<<16 | uint32(c[15])<<24
+
+ for i := 0; i < 20; i += 2 {
+ u := x0 + x12
+ x4 ^= u<<7 | u>>(32-7)
+ u = x4 + x0
+ x8 ^= u<<9 | u>>(32-9)
+ u = x8 + x4
+ x12 ^= u<<13 | u>>(32-13)
+ u = x12 + x8
+ x0 ^= u<<18 | u>>(32-18)
+
+ u = x5 + x1
+ x9 ^= u<<7 | u>>(32-7)
+ u = x9 + x5
+ x13 ^= u<<9 | u>>(32-9)
+ u = x13 + x9
+ x1 ^= u<<13 | u>>(32-13)
+ u = x1 + x13
+ x5 ^= u<<18 | u>>(32-18)
+
+ u = x10 + x6
+ x14 ^= u<<7 | u>>(32-7)
+ u = x14 + x10
+ x2 ^= u<<9 | u>>(32-9)
+ u = x2 + x14
+ x6 ^= u<<13 | u>>(32-13)
+ u = x6 + x2
+ x10 ^= u<<18 | u>>(32-18)
+
+ u = x15 + x11
+ x3 ^= u<<7 | u>>(32-7)
+ u = x3 + x15
+ x7 ^= u<<9 | u>>(32-9)
+ u = x7 + x3
+ x11 ^= u<<13 | u>>(32-13)
+ u = x11 + x7
+ x15 ^= u<<18 | u>>(32-18)
+
+ u = x0 + x3
+ x1 ^= u<<7 | u>>(32-7)
+ u = x1 + x0
+ x2 ^= u<<9 | u>>(32-9)
+ u = x2 + x1
+ x3 ^= u<<13 | u>>(32-13)
+ u = x3 + x2
+ x0 ^= u<<18 | u>>(32-18)
+
+ u = x5 + x4
+ x6 ^= u<<7 | u>>(32-7)
+ u = x6 + x5
+ x7 ^= u<<9 | u>>(32-9)
+ u = x7 + x6
+ x4 ^= u<<13 | u>>(32-13)
+ u = x4 + x7
+ x5 ^= u<<18 | u>>(32-18)
+
+ u = x10 + x9
+ x11 ^= u<<7 | u>>(32-7)
+ u = x11 + x10
+ x8 ^= u<<9 | u>>(32-9)
+ u = x8 + x11
+ x9 ^= u<<13 | u>>(32-13)
+ u = x9 + x8
+ x10 ^= u<<18 | u>>(32-18)
+
+ u = x15 + x14
+ x12 ^= u<<7 | u>>(32-7)
+ u = x12 + x15
+ x13 ^= u<<9 | u>>(32-9)
+ u = x13 + x12
+ x14 ^= u<<13 | u>>(32-13)
+ u = x14 + x13
+ x15 ^= u<<18 | u>>(32-18)
+ }
+ out[0] = byte(x0)
+ out[1] = byte(x0 >> 8)
+ out[2] = byte(x0 >> 16)
+ out[3] = byte(x0 >> 24)
+
+ out[4] = byte(x5)
+ out[5] = byte(x5 >> 8)
+ out[6] = byte(x5 >> 16)
+ out[7] = byte(x5 >> 24)
+
+ out[8] = byte(x10)
+ out[9] = byte(x10 >> 8)
+ out[10] = byte(x10 >> 16)
+ out[11] = byte(x10 >> 24)
+
+ out[12] = byte(x15)
+ out[13] = byte(x15 >> 8)
+ out[14] = byte(x15 >> 16)
+ out[15] = byte(x15 >> 24)
+
+ out[16] = byte(x6)
+ out[17] = byte(x6 >> 8)
+ out[18] = byte(x6 >> 16)
+ out[19] = byte(x6 >> 24)
+
+ out[20] = byte(x7)
+ out[21] = byte(x7 >> 8)
+ out[22] = byte(x7 >> 16)
+ out[23] = byte(x7 >> 24)
+
+ out[24] = byte(x8)
+ out[25] = byte(x8 >> 8)
+ out[26] = byte(x8 >> 16)
+ out[27] = byte(x8 >> 24)
+
+ out[28] = byte(x9)
+ out[29] = byte(x9 >> 8)
+ out[30] = byte(x9 >> 16)
+ out[31] = byte(x9 >> 24)
+}
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa2020_amd64.s b/vendor/golang.org/x/crypto/salsa20/salsa/salsa2020_amd64.s
new file mode 100644
index 0000000..22afbdc
--- /dev/null
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/salsa2020_amd64.s
@@ -0,0 +1,889 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!appengine,!gccgo
+
+// This code was translated into a form compatible with 6a from the public
+// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
+
+// func salsa2020XORKeyStream(out, in *byte, n uint64, nonce, key *byte)
+// This needs up to 64 bytes at 360(SP); hence the non-obvious frame size.
+TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
+ MOVQ out+0(FP),DI
+ MOVQ in+8(FP),SI
+ MOVQ n+16(FP),DX
+ MOVQ nonce+24(FP),CX
+ MOVQ key+32(FP),R8
+
+ MOVQ SP,R12
+ MOVQ SP,R9
+ ADDQ $31, R9
+ ANDQ $~31, R9
+ MOVQ R9, SP
+
+ MOVQ DX,R9
+ MOVQ CX,DX
+ MOVQ R8,R10
+ CMPQ R9,$0
+ JBE DONE
+ START:
+ MOVL 20(R10),CX
+ MOVL 0(R10),R8
+ MOVL 0(DX),AX
+ MOVL 16(R10),R11
+ MOVL CX,0(SP)
+ MOVL R8, 4 (SP)
+ MOVL AX, 8 (SP)
+ MOVL R11, 12 (SP)
+ MOVL 8(DX),CX
+ MOVL 24(R10),R8
+ MOVL 4(R10),AX
+ MOVL 4(DX),R11
+ MOVL CX,16(SP)
+ MOVL R8, 20 (SP)
+ MOVL AX, 24 (SP)
+ MOVL R11, 28 (SP)
+ MOVL 12(DX),CX
+ MOVL 12(R10),DX
+ MOVL 28(R10),R8
+ MOVL 8(R10),AX
+ MOVL DX,32(SP)
+ MOVL CX, 36 (SP)
+ MOVL R8, 40 (SP)
+ MOVL AX, 44 (SP)
+ MOVQ $1634760805,DX
+ MOVQ $857760878,CX
+ MOVQ $2036477234,R8
+ MOVQ $1797285236,AX
+ MOVL DX,48(SP)
+ MOVL CX, 52 (SP)
+ MOVL R8, 56 (SP)
+ MOVL AX, 60 (SP)
+ CMPQ R9,$256
+ JB BYTESBETWEEN1AND255
+ MOVOA 48(SP),X0
+ PSHUFL $0X55,X0,X1
+ PSHUFL $0XAA,X0,X2
+ PSHUFL $0XFF,X0,X3
+ PSHUFL $0X00,X0,X0
+ MOVOA X1,64(SP)
+ MOVOA X2,80(SP)
+ MOVOA X3,96(SP)
+ MOVOA X0,112(SP)
+ MOVOA 0(SP),X0
+ PSHUFL $0XAA,X0,X1
+ PSHUFL $0XFF,X0,X2
+ PSHUFL $0X00,X0,X3
+ PSHUFL $0X55,X0,X0
+ MOVOA X1,128(SP)
+ MOVOA X2,144(SP)
+ MOVOA X3,160(SP)
+ MOVOA X0,176(SP)
+ MOVOA 16(SP),X0
+ PSHUFL $0XFF,X0,X1
+ PSHUFL $0X55,X0,X2
+ PSHUFL $0XAA,X0,X0
+ MOVOA X1,192(SP)
+ MOVOA X2,208(SP)
+ MOVOA X0,224(SP)
+ MOVOA 32(SP),X0
+ PSHUFL $0X00,X0,X1
+ PSHUFL $0XAA,X0,X2
+ PSHUFL $0XFF,X0,X0
+ MOVOA X1,240(SP)
+ MOVOA X2,256(SP)
+ MOVOA X0,272(SP)
+ BYTESATLEAST256:
+ MOVL 16(SP),DX
+ MOVL 36 (SP),CX
+ MOVL DX,288(SP)
+ MOVL CX,304(SP)
+ ADDQ $1,DX
+ SHLQ $32,CX
+ ADDQ CX,DX
+ MOVQ DX,CX
+ SHRQ $32,CX
+ MOVL DX, 292 (SP)
+ MOVL CX, 308 (SP)
+ ADDQ $1,DX
+ SHLQ $32,CX
+ ADDQ CX,DX
+ MOVQ DX,CX
+ SHRQ $32,CX
+ MOVL DX, 296 (SP)
+ MOVL CX, 312 (SP)
+ ADDQ $1,DX
+ SHLQ $32,CX
+ ADDQ CX,DX
+ MOVQ DX,CX
+ SHRQ $32,CX
+ MOVL DX, 300 (SP)
+ MOVL CX, 316 (SP)
+ ADDQ $1,DX
+ SHLQ $32,CX
+ ADDQ CX,DX
+ MOVQ DX,CX
+ SHRQ $32,CX
+ MOVL DX,16(SP)
+ MOVL CX, 36 (SP)
+ MOVQ R9,352(SP)
+ MOVQ $20,DX
+ MOVOA 64(SP),X0
+ MOVOA 80(SP),X1
+ MOVOA 96(SP),X2
+ MOVOA 256(SP),X3
+ MOVOA 272(SP),X4
+ MOVOA 128(SP),X5
+ MOVOA 144(SP),X6
+ MOVOA 176(SP),X7
+ MOVOA 192(SP),X8
+ MOVOA 208(SP),X9
+ MOVOA 224(SP),X10
+ MOVOA 304(SP),X11
+ MOVOA 112(SP),X12
+ MOVOA 160(SP),X13
+ MOVOA 240(SP),X14
+ MOVOA 288(SP),X15
+ MAINLOOP1:
+ MOVOA X1,320(SP)
+ MOVOA X2,336(SP)
+ MOVOA X13,X1
+ PADDL X12,X1
+ MOVOA X1,X2
+ PSLLL $7,X1
+ PXOR X1,X14
+ PSRLL $25,X2
+ PXOR X2,X14
+ MOVOA X7,X1
+ PADDL X0,X1
+ MOVOA X1,X2
+ PSLLL $7,X1
+ PXOR X1,X11
+ PSRLL $25,X2
+ PXOR X2,X11
+ MOVOA X12,X1
+ PADDL X14,X1
+ MOVOA X1,X2
+ PSLLL $9,X1
+ PXOR X1,X15
+ PSRLL $23,X2
+ PXOR X2,X15
+ MOVOA X0,X1
+ PADDL X11,X1
+ MOVOA X1,X2
+ PSLLL $9,X1
+ PXOR X1,X9
+ PSRLL $23,X2
+ PXOR X2,X9
+ MOVOA X14,X1
+ PADDL X15,X1
+ MOVOA X1,X2
+ PSLLL $13,X1
+ PXOR X1,X13
+ PSRLL $19,X2
+ PXOR X2,X13
+ MOVOA X11,X1
+ PADDL X9,X1
+ MOVOA X1,X2
+ PSLLL $13,X1
+ PXOR X1,X7
+ PSRLL $19,X2
+ PXOR X2,X7
+ MOVOA X15,X1
+ PADDL X13,X1
+ MOVOA X1,X2
+ PSLLL $18,X1
+ PXOR X1,X12
+ PSRLL $14,X2
+ PXOR X2,X12
+ MOVOA 320(SP),X1
+ MOVOA X12,320(SP)
+ MOVOA X9,X2
+ PADDL X7,X2
+ MOVOA X2,X12
+ PSLLL $18,X2
+ PXOR X2,X0
+ PSRLL $14,X12
+ PXOR X12,X0
+ MOVOA X5,X2
+ PADDL X1,X2
+ MOVOA X2,X12
+ PSLLL $7,X2
+ PXOR X2,X3
+ PSRLL $25,X12
+ PXOR X12,X3
+ MOVOA 336(SP),X2
+ MOVOA X0,336(SP)
+ MOVOA X6,X0
+ PADDL X2,X0
+ MOVOA X0,X12
+ PSLLL $7,X0
+ PXOR X0,X4
+ PSRLL $25,X12
+ PXOR X12,X4
+ MOVOA X1,X0
+ PADDL X3,X0
+ MOVOA X0,X12
+ PSLLL $9,X0
+ PXOR X0,X10
+ PSRLL $23,X12
+ PXOR X12,X10
+ MOVOA X2,X0
+ PADDL X4,X0
+ MOVOA X0,X12
+ PSLLL $9,X0
+ PXOR X0,X8
+ PSRLL $23,X12
+ PXOR X12,X8
+ MOVOA X3,X0
+ PADDL X10,X0
+ MOVOA X0,X12
+ PSLLL $13,X0
+ PXOR X0,X5
+ PSRLL $19,X12
+ PXOR X12,X5
+ MOVOA X4,X0
+ PADDL X8,X0
+ MOVOA X0,X12
+ PSLLL $13,X0
+ PXOR X0,X6
+ PSRLL $19,X12
+ PXOR X12,X6
+ MOVOA X10,X0
+ PADDL X5,X0
+ MOVOA X0,X12
+ PSLLL $18,X0
+ PXOR X0,X1
+ PSRLL $14,X12
+ PXOR X12,X1
+ MOVOA 320(SP),X0
+ MOVOA X1,320(SP)
+ MOVOA X4,X1
+ PADDL X0,X1
+ MOVOA X1,X12
+ PSLLL $7,X1
+ PXOR X1,X7
+ PSRLL $25,X12
+ PXOR X12,X7
+ MOVOA X8,X1
+ PADDL X6,X1
+ MOVOA X1,X12
+ PSLLL $18,X1
+ PXOR X1,X2
+ PSRLL $14,X12
+ PXOR X12,X2
+ MOVOA 336(SP),X12
+ MOVOA X2,336(SP)
+ MOVOA X14,X1
+ PADDL X12,X1
+ MOVOA X1,X2
+ PSLLL $7,X1
+ PXOR X1,X5
+ PSRLL $25,X2
+ PXOR X2,X5
+ MOVOA X0,X1
+ PADDL X7,X1
+ MOVOA X1,X2
+ PSLLL $9,X1
+ PXOR X1,X10
+ PSRLL $23,X2
+ PXOR X2,X10
+ MOVOA X12,X1
+ PADDL X5,X1
+ MOVOA X1,X2
+ PSLLL $9,X1
+ PXOR X1,X8
+ PSRLL $23,X2
+ PXOR X2,X8
+ MOVOA X7,X1
+ PADDL X10,X1
+ MOVOA X1,X2
+ PSLLL $13,X1
+ PXOR X1,X4
+ PSRLL $19,X2
+ PXOR X2,X4
+ MOVOA X5,X1
+ PADDL X8,X1
+ MOVOA X1,X2
+ PSLLL $13,X1
+ PXOR X1,X14
+ PSRLL $19,X2
+ PXOR X2,X14
+ MOVOA X10,X1
+ PADDL X4,X1
+ MOVOA X1,X2
+ PSLLL $18,X1
+ PXOR X1,X0
+ PSRLL $14,X2
+ PXOR X2,X0
+ MOVOA 320(SP),X1
+ MOVOA X0,320(SP)
+ MOVOA X8,X0
+ PADDL X14,X0
+ MOVOA X0,X2
+ PSLLL $18,X0
+ PXOR X0,X12
+ PSRLL $14,X2
+ PXOR X2,X12
+ MOVOA X11,X0
+ PADDL X1,X0
+ MOVOA X0,X2
+ PSLLL $7,X0
+ PXOR X0,X6
+ PSRLL $25,X2
+ PXOR X2,X6
+ MOVOA 336(SP),X2
+ MOVOA X12,336(SP)
+ MOVOA X3,X0
+ PADDL X2,X0
+ MOVOA X0,X12
+ PSLLL $7,X0
+ PXOR X0,X13
+ PSRLL $25,X12
+ PXOR X12,X13
+ MOVOA X1,X0
+ PADDL X6,X0
+ MOVOA X0,X12
+ PSLLL $9,X0
+ PXOR X0,X15
+ PSRLL $23,X12
+ PXOR X12,X15
+ MOVOA X2,X0
+ PADDL X13,X0
+ MOVOA X0,X12
+ PSLLL $9,X0
+ PXOR X0,X9
+ PSRLL $23,X12
+ PXOR X12,X9
+ MOVOA X6,X0
+ PADDL X15,X0
+ MOVOA X0,X12
+ PSLLL $13,X0
+ PXOR X0,X11
+ PSRLL $19,X12
+ PXOR X12,X11
+ MOVOA X13,X0
+ PADDL X9,X0
+ MOVOA X0,X12
+ PSLLL $13,X0
+ PXOR X0,X3
+ PSRLL $19,X12
+ PXOR X12,X3
+ MOVOA X15,X0
+ PADDL X11,X0
+ MOVOA X0,X12
+ PSLLL $18,X0
+ PXOR X0,X1
+ PSRLL $14,X12
+ PXOR X12,X1
+ MOVOA X9,X0
+ PADDL X3,X0
+ MOVOA X0,X12
+ PSLLL $18,X0
+ PXOR X0,X2
+ PSRLL $14,X12
+ PXOR X12,X2
+ MOVOA 320(SP),X12
+ MOVOA 336(SP),X0
+ SUBQ $2,DX
+ JA MAINLOOP1
+ PADDL 112(SP),X12
+ PADDL 176(SP),X7
+ PADDL 224(SP),X10
+ PADDL 272(SP),X4
+ MOVD X12,DX
+ MOVD X7,CX
+ MOVD X10,R8
+ MOVD X4,R9
+ PSHUFL $0X39,X12,X12
+ PSHUFL $0X39,X7,X7
+ PSHUFL $0X39,X10,X10
+ PSHUFL $0X39,X4,X4
+ XORL 0(SI),DX
+ XORL 4(SI),CX
+ XORL 8(SI),R8
+ XORL 12(SI),R9
+ MOVL DX,0(DI)
+ MOVL CX,4(DI)
+ MOVL R8,8(DI)
+ MOVL R9,12(DI)
+ MOVD X12,DX
+ MOVD X7,CX
+ MOVD X10,R8
+ MOVD X4,R9
+ PSHUFL $0X39,X12,X12
+ PSHUFL $0X39,X7,X7
+ PSHUFL $0X39,X10,X10
+ PSHUFL $0X39,X4,X4
+ XORL 64(SI),DX
+ XORL 68(SI),CX
+ XORL 72(SI),R8
+ XORL 76(SI),R9
+ MOVL DX,64(DI)
+ MOVL CX,68(DI)
+ MOVL R8,72(DI)
+ MOVL R9,76(DI)
+ MOVD X12,DX
+ MOVD X7,CX
+ MOVD X10,R8
+ MOVD X4,R9
+ PSHUFL $0X39,X12,X12
+ PSHUFL $0X39,X7,X7
+ PSHUFL $0X39,X10,X10
+ PSHUFL $0X39,X4,X4
+ XORL 128(SI),DX
+ XORL 132(SI),CX
+ XORL 136(SI),R8
+ XORL 140(SI),R9
+ MOVL DX,128(DI)
+ MOVL CX,132(DI)
+ MOVL R8,136(DI)
+ MOVL R9,140(DI)
+ MOVD X12,DX
+ MOVD X7,CX
+ MOVD X10,R8
+ MOVD X4,R9
+ XORL 192(SI),DX
+ XORL 196(SI),CX
+ XORL 200(SI),R8
+ XORL 204(SI),R9
+ MOVL DX,192(DI)
+ MOVL CX,196(DI)
+ MOVL R8,200(DI)
+ MOVL R9,204(DI)
+ PADDL 240(SP),X14
+ PADDL 64(SP),X0
+ PADDL 128(SP),X5
+ PADDL 192(SP),X8
+ MOVD X14,DX
+ MOVD X0,CX
+ MOVD X5,R8
+ MOVD X8,R9
+ PSHUFL $0X39,X14,X14
+ PSHUFL $0X39,X0,X0
+ PSHUFL $0X39,X5,X5
+ PSHUFL $0X39,X8,X8
+ XORL 16(SI),DX
+ XORL 20(SI),CX
+ XORL 24(SI),R8
+ XORL 28(SI),R9
+ MOVL DX,16(DI)
+ MOVL CX,20(DI)
+ MOVL R8,24(DI)
+ MOVL R9,28(DI)
+ MOVD X14,DX
+ MOVD X0,CX
+ MOVD X5,R8
+ MOVD X8,R9
+ PSHUFL $0X39,X14,X14
+ PSHUFL $0X39,X0,X0
+ PSHUFL $0X39,X5,X5
+ PSHUFL $0X39,X8,X8
+ XORL 80(SI),DX
+ XORL 84(SI),CX
+ XORL 88(SI),R8
+ XORL 92(SI),R9
+ MOVL DX,80(DI)
+ MOVL CX,84(DI)
+ MOVL R8,88(DI)
+ MOVL R9,92(DI)
+ MOVD X14,DX
+ MOVD X0,CX
+ MOVD X5,R8
+ MOVD X8,R9
+ PSHUFL $0X39,X14,X14
+ PSHUFL $0X39,X0,X0
+ PSHUFL $0X39,X5,X5
+ PSHUFL $0X39,X8,X8
+ XORL 144(SI),DX
+ XORL 148(SI),CX
+ XORL 152(SI),R8
+ XORL 156(SI),R9
+ MOVL DX,144(DI)
+ MOVL CX,148(DI)
+ MOVL R8,152(DI)
+ MOVL R9,156(DI)
+ MOVD X14,DX
+ MOVD X0,CX
+ MOVD X5,R8
+ MOVD X8,R9
+ XORL 208(SI),DX
+ XORL 212(SI),CX
+ XORL 216(SI),R8
+ XORL 220(SI),R9
+ MOVL DX,208(DI)
+ MOVL CX,212(DI)
+ MOVL R8,216(DI)
+ MOVL R9,220(DI)
+ PADDL 288(SP),X15
+ PADDL 304(SP),X11
+ PADDL 80(SP),X1
+ PADDL 144(SP),X6
+ MOVD X15,DX
+ MOVD X11,CX
+ MOVD X1,R8
+ MOVD X6,R9
+ PSHUFL $0X39,X15,X15
+ PSHUFL $0X39,X11,X11
+ PSHUFL $0X39,X1,X1
+ PSHUFL $0X39,X6,X6
+ XORL 32(SI),DX
+ XORL 36(SI),CX
+ XORL 40(SI),R8
+ XORL 44(SI),R9
+ MOVL DX,32(DI)
+ MOVL CX,36(DI)
+ MOVL R8,40(DI)
+ MOVL R9,44(DI)
+ MOVD X15,DX
+ MOVD X11,CX
+ MOVD X1,R8
+ MOVD X6,R9
+ PSHUFL $0X39,X15,X15
+ PSHUFL $0X39,X11,X11
+ PSHUFL $0X39,X1,X1
+ PSHUFL $0X39,X6,X6
+ XORL 96(SI),DX
+ XORL 100(SI),CX
+ XORL 104(SI),R8
+ XORL 108(SI),R9
+ MOVL DX,96(DI)
+ MOVL CX,100(DI)
+ MOVL R8,104(DI)
+ MOVL R9,108(DI)
+ MOVD X15,DX
+ MOVD X11,CX
+ MOVD X1,R8
+ MOVD X6,R9
+ PSHUFL $0X39,X15,X15
+ PSHUFL $0X39,X11,X11
+ PSHUFL $0X39,X1,X1
+ PSHUFL $0X39,X6,X6
+ XORL 160(SI),DX
+ XORL 164(SI),CX
+ XORL 168(SI),R8
+ XORL 172(SI),R9
+ MOVL DX,160(DI)
+ MOVL CX,164(DI)
+ MOVL R8,168(DI)
+ MOVL R9,172(DI)
+ MOVD X15,DX
+ MOVD X11,CX
+ MOVD X1,R8
+ MOVD X6,R9
+ XORL 224(SI),DX
+ XORL 228(SI),CX
+ XORL 232(SI),R8
+ XORL 236(SI),R9
+ MOVL DX,224(DI)
+ MOVL CX,228(DI)
+ MOVL R8,232(DI)
+ MOVL R9,236(DI)
+ PADDL 160(SP),X13
+ PADDL 208(SP),X9
+ PADDL 256(SP),X3
+ PADDL 96(SP),X2
+ MOVD X13,DX
+ MOVD X9,CX
+ MOVD X3,R8
+ MOVD X2,R9
+ PSHUFL $0X39,X13,X13
+ PSHUFL $0X39,X9,X9
+ PSHUFL $0X39,X3,X3
+ PSHUFL $0X39,X2,X2
+ XORL 48(SI),DX
+ XORL 52(SI),CX
+ XORL 56(SI),R8
+ XORL 60(SI),R9
+ MOVL DX,48(DI)
+ MOVL CX,52(DI)
+ MOVL R8,56(DI)
+ MOVL R9,60(DI)
+ MOVD X13,DX
+ MOVD X9,CX
+ MOVD X3,R8
+ MOVD X2,R9
+ PSHUFL $0X39,X13,X13
+ PSHUFL $0X39,X9,X9
+ PSHUFL $0X39,X3,X3
+ PSHUFL $0X39,X2,X2
+ XORL 112(SI),DX
+ XORL 116(SI),CX
+ XORL 120(SI),R8
+ XORL 124(SI),R9
+ MOVL DX,112(DI)
+ MOVL CX,116(DI)
+ MOVL R8,120(DI)
+ MOVL R9,124(DI)
+ MOVD X13,DX
+ MOVD X9,CX
+ MOVD X3,R8
+ MOVD X2,R9
+ PSHUFL $0X39,X13,X13
+ PSHUFL $0X39,X9,X9
+ PSHUFL $0X39,X3,X3
+ PSHUFL $0X39,X2,X2
+ XORL 176(SI),DX
+ XORL 180(SI),CX
+ XORL 184(SI),R8
+ XORL 188(SI),R9
+ MOVL DX,176(DI)
+ MOVL CX,180(DI)
+ MOVL R8,184(DI)
+ MOVL R9,188(DI)
+ MOVD X13,DX
+ MOVD X9,CX
+ MOVD X3,R8
+ MOVD X2,R9
+ XORL 240(SI),DX
+ XORL 244(SI),CX
+ XORL 248(SI),R8
+ XORL 252(SI),R9
+ MOVL DX,240(DI)
+ MOVL CX,244(DI)
+ MOVL R8,248(DI)
+ MOVL R9,252(DI)
+ MOVQ 352(SP),R9
+ SUBQ $256,R9
+ ADDQ $256,SI
+ ADDQ $256,DI
+ CMPQ R9,$256
+ JAE BYTESATLEAST256
+ CMPQ R9,$0
+ JBE DONE
+ BYTESBETWEEN1AND255:
+ CMPQ R9,$64
+ JAE NOCOPY
+ MOVQ DI,DX
+ LEAQ 360(SP),DI
+ MOVQ R9,CX
+ REP; MOVSB
+ LEAQ 360(SP),DI
+ LEAQ 360(SP),SI
+ NOCOPY:
+ MOVQ R9,352(SP)
+ MOVOA 48(SP),X0
+ MOVOA 0(SP),X1
+ MOVOA 16(SP),X2
+ MOVOA 32(SP),X3
+ MOVOA X1,X4
+ MOVQ $20,CX
+ MAINLOOP2:
+ PADDL X0,X4
+ MOVOA X0,X5
+ MOVOA X4,X6
+ PSLLL $7,X4
+ PSRLL $25,X6
+ PXOR X4,X3
+ PXOR X6,X3
+ PADDL X3,X5
+ MOVOA X3,X4
+ MOVOA X5,X6
+ PSLLL $9,X5
+ PSRLL $23,X6
+ PXOR X5,X2
+ PSHUFL $0X93,X3,X3
+ PXOR X6,X2
+ PADDL X2,X4
+ MOVOA X2,X5
+ MOVOA X4,X6
+ PSLLL $13,X4
+ PSRLL $19,X6
+ PXOR X4,X1
+ PSHUFL $0X4E,X2,X2
+ PXOR X6,X1
+ PADDL X1,X5
+ MOVOA X3,X4
+ MOVOA X5,X6
+ PSLLL $18,X5
+ PSRLL $14,X6
+ PXOR X5,X0
+ PSHUFL $0X39,X1,X1
+ PXOR X6,X0
+ PADDL X0,X4
+ MOVOA X0,X5
+ MOVOA X4,X6
+ PSLLL $7,X4
+ PSRLL $25,X6
+ PXOR X4,X1
+ PXOR X6,X1
+ PADDL X1,X5
+ MOVOA X1,X4
+ MOVOA X5,X6
+ PSLLL $9,X5
+ PSRLL $23,X6
+ PXOR X5,X2
+ PSHUFL $0X93,X1,X1
+ PXOR X6,X2
+ PADDL X2,X4
+ MOVOA X2,X5
+ MOVOA X4,X6
+ PSLLL $13,X4
+ PSRLL $19,X6
+ PXOR X4,X3
+ PSHUFL $0X4E,X2,X2
+ PXOR X6,X3
+ PADDL X3,X5
+ MOVOA X1,X4
+ MOVOA X5,X6
+ PSLLL $18,X5
+ PSRLL $14,X6
+ PXOR X5,X0
+ PSHUFL $0X39,X3,X3
+ PXOR X6,X0
+ PADDL X0,X4
+ MOVOA X0,X5
+ MOVOA X4,X6
+ PSLLL $7,X4
+ PSRLL $25,X6
+ PXOR X4,X3
+ PXOR X6,X3
+ PADDL X3,X5
+ MOVOA X3,X4
+ MOVOA X5,X6
+ PSLLL $9,X5
+ PSRLL $23,X6
+ PXOR X5,X2
+ PSHUFL $0X93,X3,X3
+ PXOR X6,X2
+ PADDL X2,X4
+ MOVOA X2,X5
+ MOVOA X4,X6
+ PSLLL $13,X4
+ PSRLL $19,X6
+ PXOR X4,X1
+ PSHUFL $0X4E,X2,X2
+ PXOR X6,X1
+ PADDL X1,X5
+ MOVOA X3,X4
+ MOVOA X5,X6
+ PSLLL $18,X5
+ PSRLL $14,X6
+ PXOR X5,X0
+ PSHUFL $0X39,X1,X1
+ PXOR X6,X0
+ PADDL X0,X4
+ MOVOA X0,X5
+ MOVOA X4,X6
+ PSLLL $7,X4
+ PSRLL $25,X6
+ PXOR X4,X1
+ PXOR X6,X1
+ PADDL X1,X5
+ MOVOA X1,X4
+ MOVOA X5,X6
+ PSLLL $9,X5
+ PSRLL $23,X6
+ PXOR X5,X2
+ PSHUFL $0X93,X1,X1
+ PXOR X6,X2
+ PADDL X2,X4
+ MOVOA X2,X5
+ MOVOA X4,X6
+ PSLLL $13,X4
+ PSRLL $19,X6
+ PXOR X4,X3
+ PSHUFL $0X4E,X2,X2
+ PXOR X6,X3
+ SUBQ $4,CX
+ PADDL X3,X5
+ MOVOA X1,X4
+ MOVOA X5,X6
+ PSLLL $18,X5
+ PXOR X7,X7
+ PSRLL $14,X6
+ PXOR X5,X0
+ PSHUFL $0X39,X3,X3
+ PXOR X6,X0
+ JA MAINLOOP2
+ PADDL 48(SP),X0
+ PADDL 0(SP),X1
+ PADDL 16(SP),X2
+ PADDL 32(SP),X3
+ MOVD X0,CX
+ MOVD X1,R8
+ MOVD X2,R9
+ MOVD X3,AX
+ PSHUFL $0X39,X0,X0
+ PSHUFL $0X39,X1,X1
+ PSHUFL $0X39,X2,X2
+ PSHUFL $0X39,X3,X3
+ XORL 0(SI),CX
+ XORL 48(SI),R8
+ XORL 32(SI),R9
+ XORL 16(SI),AX
+ MOVL CX,0(DI)
+ MOVL R8,48(DI)
+ MOVL R9,32(DI)
+ MOVL AX,16(DI)
+ MOVD X0,CX
+ MOVD X1,R8
+ MOVD X2,R9
+ MOVD X3,AX
+ PSHUFL $0X39,X0,X0
+ PSHUFL $0X39,X1,X1
+ PSHUFL $0X39,X2,X2
+ PSHUFL $0X39,X3,X3
+ XORL 20(SI),CX
+ XORL 4(SI),R8
+ XORL 52(SI),R9
+ XORL 36(SI),AX
+ MOVL CX,20(DI)
+ MOVL R8,4(DI)
+ MOVL R9,52(DI)
+ MOVL AX,36(DI)
+ MOVD X0,CX
+ MOVD X1,R8
+ MOVD X2,R9
+ MOVD X3,AX
+ PSHUFL $0X39,X0,X0
+ PSHUFL $0X39,X1,X1
+ PSHUFL $0X39,X2,X2
+ PSHUFL $0X39,X3,X3
+ XORL 40(SI),CX
+ XORL 24(SI),R8
+ XORL 8(SI),R9
+ XORL 56(SI),AX
+ MOVL CX,40(DI)
+ MOVL R8,24(DI)
+ MOVL R9,8(DI)
+ MOVL AX,56(DI)
+ MOVD X0,CX
+ MOVD X1,R8
+ MOVD X2,R9
+ MOVD X3,AX
+ XORL 60(SI),CX
+ XORL 44(SI),R8
+ XORL 28(SI),R9
+ XORL 12(SI),AX
+ MOVL CX,60(DI)
+ MOVL R8,44(DI)
+ MOVL R9,28(DI)
+ MOVL AX,12(DI)
+ MOVQ 352(SP),R9
+ MOVL 16(SP),CX
+ MOVL 36 (SP),R8
+ ADDQ $1,CX
+ SHLQ $32,R8
+ ADDQ R8,CX
+ MOVQ CX,R8
+ SHRQ $32,R8
+ MOVL CX,16(SP)
+ MOVL R8, 36 (SP)
+ CMPQ R9,$64
+ JA BYTESATLEAST65
+ JAE BYTESATLEAST64
+ MOVQ DI,SI
+ MOVQ DX,DI
+ MOVQ R9,CX
+ REP; MOVSB
+ BYTESATLEAST64:
+ DONE:
+ MOVQ R12,SP
+ RET
+ BYTESATLEAST65:
+ SUBQ $64,R9
+ ADDQ $64,DI
+ ADDQ $64,SI
+ JMP BYTESBETWEEN1AND255
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go b/vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go
new file mode 100644
index 0000000..9bfc092
--- /dev/null
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go
@@ -0,0 +1,199 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package salsa
+
+// Core208 applies the Salsa20/8 core function to the 64-byte array in and puts
+// the result into the 64-byte array out. The input and output may be the same array.
+func Core208(out *[64]byte, in *[64]byte) {
+ j0 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24
+ j1 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24
+ j2 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24
+ j3 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24
+ j4 := uint32(in[16]) | uint32(in[17])<<8 | uint32(in[18])<<16 | uint32(in[19])<<24
+ j5 := uint32(in[20]) | uint32(in[21])<<8 | uint32(in[22])<<16 | uint32(in[23])<<24
+ j6 := uint32(in[24]) | uint32(in[25])<<8 | uint32(in[26])<<16 | uint32(in[27])<<24
+ j7 := uint32(in[28]) | uint32(in[29])<<8 | uint32(in[30])<<16 | uint32(in[31])<<24
+ j8 := uint32(in[32]) | uint32(in[33])<<8 | uint32(in[34])<<16 | uint32(in[35])<<24
+ j9 := uint32(in[36]) | uint32(in[37])<<8 | uint32(in[38])<<16 | uint32(in[39])<<24
+ j10 := uint32(in[40]) | uint32(in[41])<<8 | uint32(in[42])<<16 | uint32(in[43])<<24
+ j11 := uint32(in[44]) | uint32(in[45])<<8 | uint32(in[46])<<16 | uint32(in[47])<<24
+ j12 := uint32(in[48]) | uint32(in[49])<<8 | uint32(in[50])<<16 | uint32(in[51])<<24
+ j13 := uint32(in[52]) | uint32(in[53])<<8 | uint32(in[54])<<16 | uint32(in[55])<<24
+ j14 := uint32(in[56]) | uint32(in[57])<<8 | uint32(in[58])<<16 | uint32(in[59])<<24
+ j15 := uint32(in[60]) | uint32(in[61])<<8 | uint32(in[62])<<16 | uint32(in[63])<<24
+
+ x0, x1, x2, x3, x4, x5, x6, x7, x8 := j0, j1, j2, j3, j4, j5, j6, j7, j8
+ x9, x10, x11, x12, x13, x14, x15 := j9, j10, j11, j12, j13, j14, j15
+
+ for i := 0; i < 8; i += 2 {
+ u := x0 + x12
+ x4 ^= u<<7 | u>>(32-7)
+ u = x4 + x0
+ x8 ^= u<<9 | u>>(32-9)
+ u = x8 + x4
+ x12 ^= u<<13 | u>>(32-13)
+ u = x12 + x8
+ x0 ^= u<<18 | u>>(32-18)
+
+ u = x5 + x1
+ x9 ^= u<<7 | u>>(32-7)
+ u = x9 + x5
+ x13 ^= u<<9 | u>>(32-9)
+ u = x13 + x9
+ x1 ^= u<<13 | u>>(32-13)
+ u = x1 + x13
+ x5 ^= u<<18 | u>>(32-18)
+
+ u = x10 + x6
+ x14 ^= u<<7 | u>>(32-7)
+ u = x14 + x10
+ x2 ^= u<<9 | u>>(32-9)
+ u = x2 + x14
+ x6 ^= u<<13 | u>>(32-13)
+ u = x6 + x2
+ x10 ^= u<<18 | u>>(32-18)
+
+ u = x15 + x11
+ x3 ^= u<<7 | u>>(32-7)
+ u = x3 + x15
+ x7 ^= u<<9 | u>>(32-9)
+ u = x7 + x3
+ x11 ^= u<<13 | u>>(32-13)
+ u = x11 + x7
+ x15 ^= u<<18 | u>>(32-18)
+
+ u = x0 + x3
+ x1 ^= u<<7 | u>>(32-7)
+ u = x1 + x0
+ x2 ^= u<<9 | u>>(32-9)
+ u = x2 + x1
+ x3 ^= u<<13 | u>>(32-13)
+ u = x3 + x2
+ x0 ^= u<<18 | u>>(32-18)
+
+ u = x5 + x4
+ x6 ^= u<<7 | u>>(32-7)
+ u = x6 + x5
+ x7 ^= u<<9 | u>>(32-9)
+ u = x7 + x6
+ x4 ^= u<<13 | u>>(32-13)
+ u = x4 + x7
+ x5 ^= u<<18 | u>>(32-18)
+
+ u = x10 + x9
+ x11 ^= u<<7 | u>>(32-7)
+ u = x11 + x10
+ x8 ^= u<<9 | u>>(32-9)
+ u = x8 + x11
+ x9 ^= u<<13 | u>>(32-13)
+ u = x9 + x8
+ x10 ^= u<<18 | u>>(32-18)
+
+ u = x15 + x14
+ x12 ^= u<<7 | u>>(32-7)
+ u = x12 + x15
+ x13 ^= u<<9 | u>>(32-9)
+ u = x13 + x12
+ x14 ^= u<<13 | u>>(32-13)
+ u = x14 + x13
+ x15 ^= u<<18 | u>>(32-18)
+ }
+ x0 += j0
+ x1 += j1
+ x2 += j2
+ x3 += j3
+ x4 += j4
+ x5 += j5
+ x6 += j6
+ x7 += j7
+ x8 += j8
+ x9 += j9
+ x10 += j10
+ x11 += j11
+ x12 += j12
+ x13 += j13
+ x14 += j14
+ x15 += j15
+
+ out[0] = byte(x0)
+ out[1] = byte(x0 >> 8)
+ out[2] = byte(x0 >> 16)
+ out[3] = byte(x0 >> 24)
+
+ out[4] = byte(x1)
+ out[5] = byte(x1 >> 8)
+ out[6] = byte(x1 >> 16)
+ out[7] = byte(x1 >> 24)
+
+ out[8] = byte(x2)
+ out[9] = byte(x2 >> 8)
+ out[10] = byte(x2 >> 16)
+ out[11] = byte(x2 >> 24)
+
+ out[12] = byte(x3)
+ out[13] = byte(x3 >> 8)
+ out[14] = byte(x3 >> 16)
+ out[15] = byte(x3 >> 24)
+
+ out[16] = byte(x4)
+ out[17] = byte(x4 >> 8)
+ out[18] = byte(x4 >> 16)
+ out[19] = byte(x4 >> 24)
+
+ out[20] = byte(x5)
+ out[21] = byte(x5 >> 8)
+ out[22] = byte(x5 >> 16)
+ out[23] = byte(x5 >> 24)
+
+ out[24] = byte(x6)
+ out[25] = byte(x6 >> 8)
+ out[26] = byte(x6 >> 16)
+ out[27] = byte(x6 >> 24)
+
+ out[28] = byte(x7)
+ out[29] = byte(x7 >> 8)
+ out[30] = byte(x7 >> 16)
+ out[31] = byte(x7 >> 24)
+
+ out[32] = byte(x8)
+ out[33] = byte(x8 >> 8)
+ out[34] = byte(x8 >> 16)
+ out[35] = byte(x8 >> 24)
+
+ out[36] = byte(x9)
+ out[37] = byte(x9 >> 8)
+ out[38] = byte(x9 >> 16)
+ out[39] = byte(x9 >> 24)
+
+ out[40] = byte(x10)
+ out[41] = byte(x10 >> 8)
+ out[42] = byte(x10 >> 16)
+ out[43] = byte(x10 >> 24)
+
+ out[44] = byte(x11)
+ out[45] = byte(x11 >> 8)
+ out[46] = byte(x11 >> 16)
+ out[47] = byte(x11 >> 24)
+
+ out[48] = byte(x12)
+ out[49] = byte(x12 >> 8)
+ out[50] = byte(x12 >> 16)
+ out[51] = byte(x12 >> 24)
+
+ out[52] = byte(x13)
+ out[53] = byte(x13 >> 8)
+ out[54] = byte(x13 >> 16)
+ out[55] = byte(x13 >> 24)
+
+ out[56] = byte(x14)
+ out[57] = byte(x14 >> 8)
+ out[58] = byte(x14 >> 16)
+ out[59] = byte(x14 >> 24)
+
+ out[60] = byte(x15)
+ out[61] = byte(x15 >> 8)
+ out[62] = byte(x15 >> 16)
+ out[63] = byte(x15 >> 24)
+}
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
new file mode 100644
index 0000000..f9269c3
--- /dev/null
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
@@ -0,0 +1,24 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!appengine,!gccgo
+
+package salsa
+
+// This function is implemented in salsa2020_amd64.s.
+
+//go:noescape
+
+func salsa2020XORKeyStream(out, in *byte, n uint64, nonce, key *byte)
+
+// XORKeyStream crypts bytes from in to out using the given key and counters.
+// In and out must overlap entirely or not at all. Counter
+// contains the raw salsa20 counter bytes (both nonce and block counter).
+func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
+ if len(in) == 0 {
+ return
+ }
+ _ = out[len(in)-1]
+ salsa2020XORKeyStream(&out[0], &in[0], uint64(len(in)), &counter[0], &key[0])
+}
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go
new file mode 100644
index 0000000..22126d1
--- /dev/null
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go
@@ -0,0 +1,234 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !amd64 appengine gccgo
+
+package salsa
+
+const rounds = 20
+
+// core applies the Salsa20 core function to 16-byte input in, 32-byte key k,
+// and 16-byte constant c, and puts the result into 64-byte array out.
+func core(out *[64]byte, in *[16]byte, k *[32]byte, c *[16]byte) {
+ j0 := uint32(c[0]) | uint32(c[1])<<8 | uint32(c[2])<<16 | uint32(c[3])<<24
+ j1 := uint32(k[0]) | uint32(k[1])<<8 | uint32(k[2])<<16 | uint32(k[3])<<24
+ j2 := uint32(k[4]) | uint32(k[5])<<8 | uint32(k[6])<<16 | uint32(k[7])<<24
+ j3 := uint32(k[8]) | uint32(k[9])<<8 | uint32(k[10])<<16 | uint32(k[11])<<24
+ j4 := uint32(k[12]) | uint32(k[13])<<8 | uint32(k[14])<<16 | uint32(k[15])<<24
+ j5 := uint32(c[4]) | uint32(c[5])<<8 | uint32(c[6])<<16 | uint32(c[7])<<24
+ j6 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24
+ j7 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24
+ j8 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24
+ j9 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24
+ j10 := uint32(c[8]) | uint32(c[9])<<8 | uint32(c[10])<<16 | uint32(c[11])<<24
+ j11 := uint32(k[16]) | uint32(k[17])<<8 | uint32(k[18])<<16 | uint32(k[19])<<24
+ j12 := uint32(k[20]) | uint32(k[21])<<8 | uint32(k[22])<<16 | uint32(k[23])<<24
+ j13 := uint32(k[24]) | uint32(k[25])<<8 | uint32(k[26])<<16 | uint32(k[27])<<24
+ j14 := uint32(k[28]) | uint32(k[29])<<8 | uint32(k[30])<<16 | uint32(k[31])<<24
+ j15 := uint32(c[12]) | uint32(c[13])<<8 | uint32(c[14])<<16 | uint32(c[15])<<24
+
+ x0, x1, x2, x3, x4, x5, x6, x7, x8 := j0, j1, j2, j3, j4, j5, j6, j7, j8
+ x9, x10, x11, x12, x13, x14, x15 := j9, j10, j11, j12, j13, j14, j15
+
+ for i := 0; i < rounds; i += 2 {
+ u := x0 + x12
+ x4 ^= u<<7 | u>>(32-7)
+ u = x4 + x0
+ x8 ^= u<<9 | u>>(32-9)
+ u = x8 + x4
+ x12 ^= u<<13 | u>>(32-13)
+ u = x12 + x8
+ x0 ^= u<<18 | u>>(32-18)
+
+ u = x5 + x1
+ x9 ^= u<<7 | u>>(32-7)
+ u = x9 + x5
+ x13 ^= u<<9 | u>>(32-9)
+ u = x13 + x9
+ x1 ^= u<<13 | u>>(32-13)
+ u = x1 + x13
+ x5 ^= u<<18 | u>>(32-18)
+
+ u = x10 + x6
+ x14 ^= u<<7 | u>>(32-7)
+ u = x14 + x10
+ x2 ^= u<<9 | u>>(32-9)
+ u = x2 + x14
+ x6 ^= u<<13 | u>>(32-13)
+ u = x6 + x2
+ x10 ^= u<<18 | u>>(32-18)
+
+ u = x15 + x11
+ x3 ^= u<<7 | u>>(32-7)
+ u = x3 + x15
+ x7 ^= u<<9 | u>>(32-9)
+ u = x7 + x3
+ x11 ^= u<<13 | u>>(32-13)
+ u = x11 + x7
+ x15 ^= u<<18 | u>>(32-18)
+
+ u = x0 + x3
+ x1 ^= u<<7 | u>>(32-7)
+ u = x1 + x0
+ x2 ^= u<<9 | u>>(32-9)
+ u = x2 + x1
+ x3 ^= u<<13 | u>>(32-13)
+ u = x3 + x2
+ x0 ^= u<<18 | u>>(32-18)
+
+ u = x5 + x4
+ x6 ^= u<<7 | u>>(32-7)
+ u = x6 + x5
+ x7 ^= u<<9 | u>>(32-9)
+ u = x7 + x6
+ x4 ^= u<<13 | u>>(32-13)
+ u = x4 + x7
+ x5 ^= u<<18 | u>>(32-18)
+
+ u = x10 + x9
+ x11 ^= u<<7 | u>>(32-7)
+ u = x11 + x10
+ x8 ^= u<<9 | u>>(32-9)
+ u = x8 + x11
+ x9 ^= u<<13 | u>>(32-13)
+ u = x9 + x8
+ x10 ^= u<<18 | u>>(32-18)
+
+ u = x15 + x14
+ x12 ^= u<<7 | u>>(32-7)
+ u = x12 + x15
+ x13 ^= u<<9 | u>>(32-9)
+ u = x13 + x12
+ x14 ^= u<<13 | u>>(32-13)
+ u = x14 + x13
+ x15 ^= u<<18 | u>>(32-18)
+ }
+ x0 += j0
+ x1 += j1
+ x2 += j2
+ x3 += j3
+ x4 += j4
+ x5 += j5
+ x6 += j6
+ x7 += j7
+ x8 += j8
+ x9 += j9
+ x10 += j10
+ x11 += j11
+ x12 += j12
+ x13 += j13
+ x14 += j14
+ x15 += j15
+
+ out[0] = byte(x0)
+ out[1] = byte(x0 >> 8)
+ out[2] = byte(x0 >> 16)
+ out[3] = byte(x0 >> 24)
+
+ out[4] = byte(x1)
+ out[5] = byte(x1 >> 8)
+ out[6] = byte(x1 >> 16)
+ out[7] = byte(x1 >> 24)
+
+ out[8] = byte(x2)
+ out[9] = byte(x2 >> 8)
+ out[10] = byte(x2 >> 16)
+ out[11] = byte(x2 >> 24)
+
+ out[12] = byte(x3)
+ out[13] = byte(x3 >> 8)
+ out[14] = byte(x3 >> 16)
+ out[15] = byte(x3 >> 24)
+
+ out[16] = byte(x4)
+ out[17] = byte(x4 >> 8)
+ out[18] = byte(x4 >> 16)
+ out[19] = byte(x4 >> 24)
+
+ out[20] = byte(x5)
+ out[21] = byte(x5 >> 8)
+ out[22] = byte(x5 >> 16)
+ out[23] = byte(x5 >> 24)
+
+ out[24] = byte(x6)
+ out[25] = byte(x6 >> 8)
+ out[26] = byte(x6 >> 16)
+ out[27] = byte(x6 >> 24)
+
+ out[28] = byte(x7)
+ out[29] = byte(x7 >> 8)
+ out[30] = byte(x7 >> 16)
+ out[31] = byte(x7 >> 24)
+
+ out[32] = byte(x8)
+ out[33] = byte(x8 >> 8)
+ out[34] = byte(x8 >> 16)
+ out[35] = byte(x8 >> 24)
+
+ out[36] = byte(x9)
+ out[37] = byte(x9 >> 8)
+ out[38] = byte(x9 >> 16)
+ out[39] = byte(x9 >> 24)
+
+ out[40] = byte(x10)
+ out[41] = byte(x10 >> 8)
+ out[42] = byte(x10 >> 16)
+ out[43] = byte(x10 >> 24)
+
+ out[44] = byte(x11)
+ out[45] = byte(x11 >> 8)
+ out[46] = byte(x11 >> 16)
+ out[47] = byte(x11 >> 24)
+
+ out[48] = byte(x12)
+ out[49] = byte(x12 >> 8)
+ out[50] = byte(x12 >> 16)
+ out[51] = byte(x12 >> 24)
+
+ out[52] = byte(x13)
+ out[53] = byte(x13 >> 8)
+ out[54] = byte(x13 >> 16)
+ out[55] = byte(x13 >> 24)
+
+ out[56] = byte(x14)
+ out[57] = byte(x14 >> 8)
+ out[58] = byte(x14 >> 16)
+ out[59] = byte(x14 >> 24)
+
+ out[60] = byte(x15)
+ out[61] = byte(x15 >> 8)
+ out[62] = byte(x15 >> 16)
+ out[63] = byte(x15 >> 24)
+}
+
+// XORKeyStream crypts bytes from in to out using the given key and counters.
+// In and out must overlap entirely or not at all. Counter
+// contains the raw salsa20 counter bytes (both nonce and block counter).
+func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
+ var block [64]byte
+ var counterCopy [16]byte
+ copy(counterCopy[:], counter[:])
+
+ for len(in) >= 64 {
+ core(&block, &counterCopy, key, &Sigma)
+ for i, x := range block {
+ out[i] = in[i] ^ x
+ }
+ u := uint32(1)
+ for i := 8; i < 16; i++ {
+ u += uint32(counterCopy[i])
+ counterCopy[i] = byte(u)
+ u >>= 8
+ }
+ in = in[64:]
+ out = out[64:]
+ }
+
+ if len(in) > 0 {
+ core(&block, &counterCopy, key, &Sigma)
+ for i, v := range in {
+ out[i] = v ^ block[i]
+ }
+ }
+}
diff --git a/vendor/golang.org/x/sys/LICENSE b/vendor/golang.org/x/sys/LICENSE
new file mode 100644
index 0000000..6a66aea
--- /dev/null
+++ b/vendor/golang.org/x/sys/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+ * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/golang.org/x/sys/PATENTS b/vendor/golang.org/x/sys/PATENTS
new file mode 100644
index 0000000..7330990
--- /dev/null
+++ b/vendor/golang.org/x/sys/PATENTS
@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go. This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation. If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.
diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go
new file mode 100644
index 0000000..3d88f86
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu.go
@@ -0,0 +1,38 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cpu implements processor feature detection for
+// various CPU architectures.
+package cpu
+
+// CacheLinePad is used to pad structs to avoid false sharing.
+type CacheLinePad struct{ _ [cacheLineSize]byte }
+
+// X86 contains the supported CPU features of the
+// current X86/AMD64 platform. If the current platform
+// is not X86/AMD64 then all feature flags are false.
+//
+// X86 is padded to avoid false sharing. Further the HasAVX
+// and HasAVX2 are only set if the OS supports XMM and YMM
+// registers in addition to the CPUID feature bit being set.
+var X86 struct {
+ _ CacheLinePad
+ HasAES bool // AES hardware implementation (AES NI)
+ HasADX bool // Multi-precision add-carry instruction extensions
+ HasAVX bool // Advanced vector extension
+ HasAVX2 bool // Advanced vector extension 2
+ HasBMI1 bool // Bit manipulation instruction set 1
+ HasBMI2 bool // Bit manipulation instruction set 2
+ HasERMS bool // Enhanced REP for MOVSB and STOSB
+ HasFMA bool // Fused-multiply-add instructions
+ HasOSXSAVE bool // OS supports XSAVE/XRESTOR for saving/restoring XMM registers.
+ HasPCLMULQDQ bool // PCLMULQDQ instruction - most often used for AES-GCM
+ HasPOPCNT bool // Hamming weight instruction POPCNT.
+ HasSSE2 bool // Streaming SIMD extension 2 (always available on amd64)
+ HasSSE3 bool // Streaming SIMD extension 3
+ HasSSSE3 bool // Supplemental streaming SIMD extension 3
+ HasSSE41 bool // Streaming SIMD extension 4 and 4.1
+ HasSSE42 bool // Streaming SIMD extension 4 and 4.2
+ _ CacheLinePad
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm.go b/vendor/golang.org/x/sys/cpu/cpu_arm.go
new file mode 100644
index 0000000..d93036f
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm.go
@@ -0,0 +1,7 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 32
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
new file mode 100644
index 0000000..1d2ab29
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
@@ -0,0 +1,7 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 64
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
new file mode 100644
index 0000000..f7cb469
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
@@ -0,0 +1,16 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+// +build !gccgo
+
+package cpu
+
+// cpuid is implemented in cpu_x86.s for gc compiler
+// and in cpu_gccgo.c for gccgo.
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
+
+// xgetbv with ecx = 0 is implemented in cpu_x86.s for gc compiler
+// and in cpu_gccgo.c for gccgo.
+func xgetbv() (eax, edx uint32)
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo.c b/vendor/golang.org/x/sys/cpu/cpu_gccgo.c
new file mode 100644
index 0000000..e363c7d
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo.c
@@ -0,0 +1,43 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+// +build gccgo
+
+#include
+#include
+
+// Need to wrap __get_cpuid_count because it's declared as static.
+int
+gccgoGetCpuidCount(uint32_t leaf, uint32_t subleaf,
+ uint32_t *eax, uint32_t *ebx,
+ uint32_t *ecx, uint32_t *edx)
+{
+ return __get_cpuid_count(leaf, subleaf, eax, ebx, ecx, edx);
+}
+
+// xgetbv reads the contents of an XCR (Extended Control Register)
+// specified in the ECX register into registers EDX:EAX.
+// Currently, the only supported value for XCR is 0.
+//
+// TODO: Replace with a better alternative:
+//
+// #include
+//
+// #pragma GCC target("xsave")
+//
+// void gccgoXgetbv(uint32_t *eax, uint32_t *edx) {
+// unsigned long long x = _xgetbv(0);
+// *eax = x & 0xffffffff;
+// *edx = (x >> 32) & 0xffffffff;
+// }
+//
+// Note that _xgetbv is defined starting with GCC 8.
+void
+gccgoXgetbv(uint32_t *eax, uint32_t *edx)
+{
+ __asm(" xorl %%ecx, %%ecx\n"
+ " xgetbv"
+ : "=a"(*eax), "=d"(*edx));
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo.go
new file mode 100644
index 0000000..ba49b91
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo.go
@@ -0,0 +1,26 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+// +build gccgo
+
+package cpu
+
+//extern gccgoGetCpuidCount
+func gccgoGetCpuidCount(eaxArg, ecxArg uint32, eax, ebx, ecx, edx *uint32)
+
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) {
+ var a, b, c, d uint32
+ gccgoGetCpuidCount(eaxArg, ecxArg, &a, &b, &c, &d)
+ return a, b, c, d
+}
+
+//extern gccgoXgetbv
+func gccgoXgetbv(eax, edx *uint32)
+
+func xgetbv() (eax, edx uint32) {
+ var a, d uint32
+ gccgoXgetbv(&a, &d)
+ return a, d
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
new file mode 100644
index 0000000..6165f12
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
@@ -0,0 +1,9 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build mips64 mips64le
+
+package cpu
+
+const cacheLineSize = 32
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
new file mode 100644
index 0000000..1269eee
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
@@ -0,0 +1,9 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build mips mipsle
+
+package cpu
+
+const cacheLineSize = 32
diff --git a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
new file mode 100644
index 0000000..d10759a
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
@@ -0,0 +1,9 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build ppc64 ppc64le
+
+package cpu
+
+const cacheLineSize = 128
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
new file mode 100644
index 0000000..684c4f0
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
@@ -0,0 +1,7 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 256
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go
new file mode 100644
index 0000000..71e288b
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go
@@ -0,0 +1,55 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+
+package cpu
+
+const cacheLineSize = 64
+
+func init() {
+ maxID, _, _, _ := cpuid(0, 0)
+
+ if maxID < 1 {
+ return
+ }
+
+ _, _, ecx1, edx1 := cpuid(1, 0)
+ X86.HasSSE2 = isSet(26, edx1)
+
+ X86.HasSSE3 = isSet(0, ecx1)
+ X86.HasPCLMULQDQ = isSet(1, ecx1)
+ X86.HasSSSE3 = isSet(9, ecx1)
+ X86.HasFMA = isSet(12, ecx1)
+ X86.HasSSE41 = isSet(19, ecx1)
+ X86.HasSSE42 = isSet(20, ecx1)
+ X86.HasPOPCNT = isSet(23, ecx1)
+ X86.HasAES = isSet(25, ecx1)
+ X86.HasOSXSAVE = isSet(27, ecx1)
+
+ osSupportsAVX := false
+ // For XGETBV, OSXSAVE bit is required and sufficient.
+ if X86.HasOSXSAVE {
+ eax, _ := xgetbv()
+ // Check if XMM and YMM registers have OS support.
+ osSupportsAVX = isSet(1, eax) && isSet(2, eax)
+ }
+
+ X86.HasAVX = isSet(28, ecx1) && osSupportsAVX
+
+ if maxID < 7 {
+ return
+ }
+
+ _, ebx7, _, _ := cpuid(7, 0)
+ X86.HasBMI1 = isSet(3, ebx7)
+ X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX
+ X86.HasBMI2 = isSet(8, ebx7)
+ X86.HasERMS = isSet(9, ebx7)
+ X86.HasADX = isSet(19, ebx7)
+}
+
+func isSet(bitpos uint, value uint32) bool {
+ return value&(1<
Date: Sun, 2 Sep 2018 22:30:41 +0800
Subject: [PATCH 283/341] ss, socks5: print udp log only when a nat map is
created
---
proxy/socks5/socks5.go | 4 +++-
proxy/ss/ss.go | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/proxy/socks5/socks5.go b/proxy/socks5/socks5.go
index 3d0cf51..f34a8e4 100644
--- a/proxy/socks5/socks5.go
+++ b/proxy/socks5/socks5.go
@@ -194,6 +194,8 @@ func (s *SOCKS5) ListenAndServeUDP() {
nm.Delete(raddr.String())
}()
+ log.F("[socks5-udp] %s <-> %s", raddr, c.tgtAddr)
+
} else {
pc = v.(*PktConn)
}
@@ -204,7 +206,7 @@ func (s *SOCKS5) ListenAndServeUDP() {
continue
}
- log.F("[socks5-udp] %s <-> %s", raddr, c.tgtAddr)
+ // log.F("[socks5-udp] %s <-> %s", raddr, c.tgtAddr)
}
}
diff --git a/proxy/ss/ss.go b/proxy/ss/ss.go
index 7273e9d..fc54b0f 100644
--- a/proxy/ss/ss.go
+++ b/proxy/ss/ss.go
@@ -208,6 +208,8 @@ func (s *SS) ListenAndServeUDP() {
nm.Delete(raddr.String())
}()
+ log.F("[ss-udp] %s <-> %s", raddr, c.tgtAddr)
+
} else {
pc = v.(*PktConn)
}
@@ -218,7 +220,7 @@ func (s *SS) ListenAndServeUDP() {
continue
}
- log.F("[ss-udp] %s <-> %s", raddr, c.tgtAddr)
+ // log.F("[ss-udp] %s <-> %s", raddr, c.tgtAddr)
}
}
From 70a88f478996ac4ca214cb9d642724890f3b7cd1 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 4 Sep 2018 20:26:40 +0800
Subject: [PATCH 284/341] redir: added `redir6` proxy
---
README.md | 6 +++---
conf.go | 3 ++-
main.go | 2 +-
proxy/redir/redir_linux.go | 15 +++++++++++----
4 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/README.md b/README.md
index e8a0ca6..7fed04f 100644
--- a/README.md
+++ b/README.md
@@ -47,7 +47,7 @@ DNS Forwarding Server (udp2tcp):
- DNS cache
- Custom dns record
-IPSet Management:
+IPSet Management (Linux kernel version >= 2.6.32):
- Add ip/cidrs from rule files on startup
- Add resolved ips for domains from rule files by dns forwarding server
@@ -55,8 +55,8 @@ IPSet Management:
General:
- Http and socks5 on the same port
-- Forward chain
-- RR/HA/LHA strategy for multiple forwarders
+- Forwarder chain
+- RR/HA/LHA/DH strategy for multiple forwarders
- Periodical proxy checking
- Rule proxy based on destinations: [Config Examples](config/examples)
- Send requests from specific ip/interface
diff --git a/conf.go b/conf.go
index 89ec134..edf498a 100644
--- a/conf.go
+++ b/conf.go
@@ -121,13 +121,14 @@ func usage() {
fmt.Fprintf(os.Stderr, " tls: tls transport\n")
fmt.Fprintf(os.Stderr, " ws: websocket transport\n")
fmt.Fprintf(os.Stderr, " redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)\n")
+ fmt.Fprintf(os.Stderr, " redir6: redirect proxy(ipv6)\n")
fmt.Fprintf(os.Stderr, " tcptun: tcp tunnel\n")
fmt.Fprintf(os.Stderr, " udptun: udp tunnel\n")
fmt.Fprintf(os.Stderr, " uottun: udp over tcp tunnel\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Available schemes for different modes:\n")
- fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir tcptun udptun uottun\n")
+ fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir redir6 tcptun udptun uottun\n")
fmt.Fprintf(os.Stderr, " forward: ss socks5 http ssr vmess tls ws\n")
fmt.Fprintf(os.Stderr, "\n")
diff --git a/main.go b/main.go
index 0c26f61..8634a86 100644
--- a/main.go
+++ b/main.go
@@ -27,7 +27,7 @@ import (
)
// VERSION .
-const VERSION = "0.6.8"
+const VERSION = "0.6.9"
func main() {
// read configs
diff --git a/proxy/redir/redir_linux.go b/proxy/redir/redir_linux.go
index 1d202fc..3a808f8 100644
--- a/proxy/redir/redir_linux.go
+++ b/proxy/redir/redir_linux.go
@@ -27,14 +27,16 @@ const (
type RedirProxy struct {
dialer proxy.Dialer
addr string
+ ipv6 bool
}
func init() {
proxy.RegisterServer("redir", NewRedirServer)
+ proxy.RegisterServer("redir6", NewRedirServer6)
}
// NewRedirProxy returns a redirect proxy.
-func NewRedirProxy(s string, dialer proxy.Dialer) (*RedirProxy, error) {
+func NewRedirProxy(s string, dialer proxy.Dialer, ipv6 bool) (*RedirProxy, error) {
u, err := url.Parse(s)
if err != nil {
log.F("parse err: %s", err)
@@ -45,6 +47,7 @@ func NewRedirProxy(s string, dialer proxy.Dialer) (*RedirProxy, error) {
r := &RedirProxy{
dialer: dialer,
addr: addr,
+ ipv6: ipv6,
}
return r, nil
@@ -52,7 +55,12 @@ func NewRedirProxy(s string, dialer proxy.Dialer) (*RedirProxy, error) {
// NewRedirServer returns a redir server.
func NewRedirServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
- return NewRedirProxy(s, dialer)
+ return NewRedirProxy(s, dialer, false)
+}
+
+// NewRedirServer returns a redir server.
+func NewRedirServer6(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewRedirProxy(s, dialer, true)
}
// ListenAndServe .
@@ -79,7 +87,7 @@ func (s *RedirProxy) ListenAndServe() {
c.SetKeepAlive(true)
}
- tgt, err := getOrigDst(c, false)
+ tgt, err := getOrigDst(c, s.ipv6)
if err != nil {
log.F("[redir] failed to get target address: %v", err)
return
@@ -151,7 +159,6 @@ func getorigdst(fd uintptr) (socks.Addr, error) {
}
// Call ipv6_getorigdst() from linux/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
-// NOTE: I haven't tried yet but it should work since Linux 3.8.
func getorigdstIPv6(fd uintptr) (socks.Addr, error) {
raw := syscall.RawSockaddrInet6{}
siz := unsafe.Sizeof(raw)
From 15b98359b1516a9d46d21481469555f05c3cac15 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 17 Sep 2018 19:16:17 +0800
Subject: [PATCH 285/341] http: fixed a compatibility issue with some http
proxy server. #62
---
conf.go | 4 ++--
proxy/http/http.go | 2 ++
proxy/redir/redir_linux.go | 4 ++--
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/conf.go b/conf.go
index edf498a..4e0b74c 100644
--- a/conf.go
+++ b/conf.go
@@ -78,6 +78,7 @@ func confInit() {
if !path.IsAbs(ruleFile) {
ruleFile = path.Join(flag.ConfDir(), ruleFile)
}
+
rule, err := rule.NewConfFromFile(ruleFile)
if err != nil {
log.Fatal(err)
@@ -90,14 +91,13 @@ func confInit() {
if !path.IsAbs(conf.RulesDir) {
conf.RulesDir = path.Join(flag.ConfDir(), conf.RulesDir)
}
- ruleFolderFiles, _ := rule.ListDir(conf.RulesDir, ".rule")
+ ruleFolderFiles, _ := rule.ListDir(conf.RulesDir, ".rule")
for _, ruleFile := range ruleFolderFiles {
rule, err := rule.NewConfFromFile(ruleFile)
if err != nil {
log.Fatal(err)
}
-
conf.rules = append(conf.rules, rule)
}
}
diff --git a/proxy/http/http.go b/proxy/http/http.go
index 49615e3..a2e9d39 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -242,8 +242,10 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
respR := bufio.NewReader(rc)
respTP := textproto.NewReader(respR)
+
_, code, _, ok := parseFirstLine(respTP)
if ok && code == "200" {
+ respTP.ReadMIMEHeader()
return rc, err
} else if code == "407" {
log.F("[http] authencation needed by proxy %s", s.addr)
diff --git a/proxy/redir/redir_linux.go b/proxy/redir/redir_linux.go
index 3a808f8..15c4ee5 100644
--- a/proxy/redir/redir_linux.go
+++ b/proxy/redir/redir_linux.go
@@ -58,8 +58,8 @@ func NewRedirServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
return NewRedirProxy(s, dialer, false)
}
-// NewRedirServer returns a redir server.
-func NewRedirServer6(s string, dialer proxy.Dialer) (proxy.Server, error) {
+// NewRedir6Server returns a redir server for ipv6.
+func NewRedir6Server(s string, dialer proxy.Dialer) (proxy.Server, error) {
return NewRedirProxy(s, dialer, true)
}
From 515a5dffa5a510e5c2fc0615eafd53c1159823cc Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Mon, 17 Sep 2018 19:22:36 +0800
Subject: [PATCH 286/341] redir: fixed a typo
---
proxy/redir/redir_linux.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/proxy/redir/redir_linux.go b/proxy/redir/redir_linux.go
index 15c4ee5..8963486 100644
--- a/proxy/redir/redir_linux.go
+++ b/proxy/redir/redir_linux.go
@@ -32,7 +32,7 @@ type RedirProxy struct {
func init() {
proxy.RegisterServer("redir", NewRedirServer)
- proxy.RegisterServer("redir6", NewRedirServer6)
+ proxy.RegisterServer("redir6", NewRedir6Server)
}
// NewRedirProxy returns a redirect proxy.
From 5383ac4fc0ebb8d74bbf012c0f544961e2b9404a Mon Sep 17 00:00:00 2001
From: changx
Date: Sun, 14 Oct 2018 13:56:04 +0800
Subject: [PATCH 287/341] tls listener
---
proxy/http/http.go | 63 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 63 insertions(+)
diff --git a/proxy/http/http.go b/proxy/http/http.go
index a2e9d39..1a66795 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -6,6 +6,7 @@ package http
import (
"bufio"
"bytes"
+ "crypto/tls"
"encoding/base64"
"errors"
"fmt"
@@ -29,9 +30,15 @@ type HTTP struct {
password string
}
+type HTTPS struct {
+ HTTP
+ tlsConfig *tls.Config
+}
+
func init() {
proxy.RegisterDialer("http", NewHTTPDialer)
proxy.RegisterServer("http", NewHTTPServer)
+ proxy.RegisterServer("https", NewHTTPSServer)
}
// NewHTTP returns a http proxy.
@@ -56,6 +63,35 @@ func NewHTTP(s string, dialer proxy.Dialer) (*HTTP, error) {
return h, nil
}
+func NewHTTPS(s string, dialer proxy.Dialer) (*HTTPS, error) {
+ u, _ := url.Parse(s)
+ // TODO: cert=&key=
+ certFile := u.Query().Get("cert")
+ keyFile := u.Query().Get("key")
+
+ cert, err := tls.LoadX509KeyPair(certFile, keyFile)
+ if err != nil {
+ log.F("unabled load cert: %s, key %s", certFile, keyFile)
+ return nil, err
+ }
+
+ tlsConfig := tls.Config{
+ Certificates: []tls.Certificate{cert},
+ }
+
+ http, err := NewHTTP(s, dialer)
+ if err != nil {
+ return nil, err
+ }
+
+ https := &HTTPS{
+ HTTP: *http,
+ tlsConfig: &tlsConfig,
+ }
+
+ return https, nil
+}
+
// NewHTTPDialer returns a http proxy dialer.
func NewHTTPDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
return NewHTTP(s, dialer)
@@ -66,6 +102,32 @@ func NewHTTPServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
return NewHTTP(s, dialer)
}
+// NewHTTPSServer returns a https proxy server
+func NewHTTPSServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ return NewHTTPS(s, dialer)
+}
+
+// ListenAndServe serves tls http proxy
+func (s *HTTPS) ListenAndServe() {
+ l, err := tls.Listen("tcp", s.addr, s.tlsConfig)
+ if err != nil {
+ log.F("failed to listen on tls %s: %v", s.addr, err)
+ return
+ }
+
+ defer l.Close()
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[https] failed to accept: %v", err)
+ continue
+ }
+
+ go s.HTTP.Serve(c)
+ }
+}
+
// ListenAndServe .
func (s *HTTP) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
@@ -88,6 +150,7 @@ func (s *HTTP) ListenAndServe() {
}
}
+
// Serve .
func (s *HTTP) Serve(c net.Conn) {
defer c.Close()
From 14b072832daabcbade76b93852bad92d065f72f3 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sat, 20 Oct 2018 21:24:11 +0800
Subject: [PATCH 288/341] dns: SetDeadline for all remote connection
---
.gitignore | 2 ++
README.md | 1 -
dns/client.go | 4 +---
proxy/vmess/client.go | 4 +++-
4 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/.gitignore b/.gitignore
index bea015c..1b2fa0e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,6 +15,8 @@
.glide/
# custom
+.idea
+.vscode
*.zip
/*.conf
/*.rule
diff --git a/README.md b/README.md
index 7fed04f..1e8d2a1 100644
--- a/README.md
+++ b/README.md
@@ -309,6 +309,5 @@ Examples:
## Links
-- [go-ss2](https://github.com/shadowsocks/go-shadowsocks2): ss protocol support
- [conflag](https://github.com/nadoo/conflag): command line and config file parse support
- [ArchLinux](https://www.archlinux.org/packages/community/x86_64/glider): a great linux distribution with glider pre-built package
diff --git a/dns/client.go b/dns/client.go
index 10f7fe3..7a97b4c 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -149,9 +149,7 @@ func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (server
defer rc.Close()
// TODO: support timeout setting for different upstream server
- if len(servers) > 1 {
- rc.SetDeadline(time.Now().Add(time.Duration(c.config.Timeout) * time.Second))
- }
+ rc.SetDeadline(time.Now().Add(time.Duration(c.config.Timeout) * time.Second))
switch network {
case "tcp":
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
index 9815fac..72dbd3c 100644
--- a/proxy/vmess/client.go
+++ b/proxy/vmess/client.go
@@ -208,7 +208,9 @@ func (c *Conn) DecodeRespHeader() error {
stream := cipher.NewCFBDecrypter(block, c.respBodyIV[:])
buf := make([]byte, 4)
- io.ReadFull(c.Conn, buf)
+ if _, err := io.ReadFull(c.Conn, buf); err != nil {
+ return err
+ }
stream.XORKeyStream(buf, buf)
if buf[0] != c.reqRespV {
From e27601f648693d1067a70e55f69c5297dc67a4ff Mon Sep 17 00:00:00 2001
From: changx
Date: Mon, 29 Oct 2018 16:18:51 +0800
Subject: [PATCH 289/341] listener with tls transport layer
---
main.go | 2 +-
proxy/http/http.go | 125 +++++++++++------------------------
proxy/mixed/mixed.go | 48 +++++++++-----
proxy/redir/redir_linux.go | 2 +-
proxy/server.go | 3 +-
proxy/socks5/socks5.go | 34 +++++-----
proxy/ss/ss.go | 34 +++++-----
proxy/tcptun/tcptun.go | 2 +-
proxy/tls/tls.go | 107 ++++++++++++++++++++++++++++++
proxy/tproxy/tproxy_linux.go | 2 +-
proxy/udptun/udptun.go | 2 +-
proxy/uottun/uottun.go | 2 +-
12 files changed, 223 insertions(+), 140 deletions(-)
diff --git a/main.go b/main.go
index 8634a86..34865c1 100644
--- a/main.go
+++ b/main.go
@@ -81,7 +81,7 @@ func main() {
log.Fatal(err)
}
- go local.ListenAndServe()
+ go local.ListenAndServe(nil)
}
sigCh := make(chan os.Signal, 1)
diff --git a/proxy/http/http.go b/proxy/http/http.go
index 1a66795..c35bf78 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -6,7 +6,6 @@ package http
import (
"bufio"
"bytes"
- "crypto/tls"
"encoding/base64"
"errors"
"fmt"
@@ -24,21 +23,16 @@ import (
// HTTP struct
type HTTP struct {
- dialer proxy.Dialer
- addr string
- user string
- password string
-}
-
-type HTTPS struct {
- HTTP
- tlsConfig *tls.Config
+ dialer proxy.Dialer
+ addr string
+ user string
+ password string
+ pretendAsWebServer bool
}
func init() {
proxy.RegisterDialer("http", NewHTTPDialer)
proxy.RegisterServer("http", NewHTTPServer)
- proxy.RegisterServer("https", NewHTTPSServer)
}
// NewHTTP returns a http proxy.
@@ -54,44 +48,21 @@ func NewHTTP(s string, dialer proxy.Dialer) (*HTTP, error) {
pass, _ := u.User.Password()
h := &HTTP{
- dialer: dialer,
- addr: addr,
- user: user,
- password: pass,
+ dialer: dialer,
+ addr: addr,
+ user: user,
+ password: pass,
+ pretendAsWebServer: false,
+ }
+
+ pretend := u.Query().Get("pretend")
+ if pretend != "" {
+ h.pretendAsWebServer = true
}
return h, nil
}
-func NewHTTPS(s string, dialer proxy.Dialer) (*HTTPS, error) {
- u, _ := url.Parse(s)
- // TODO: cert=&key=
- certFile := u.Query().Get("cert")
- keyFile := u.Query().Get("key")
-
- cert, err := tls.LoadX509KeyPair(certFile, keyFile)
- if err != nil {
- log.F("unabled load cert: %s, key %s", certFile, keyFile)
- return nil, err
- }
-
- tlsConfig := tls.Config{
- Certificates: []tls.Certificate{cert},
- }
-
- http, err := NewHTTP(s, dialer)
- if err != nil {
- return nil, err
- }
-
- https := &HTTPS{
- HTTP: *http,
- tlsConfig: &tlsConfig,
- }
-
- return https, nil
-}
-
// NewHTTPDialer returns a http proxy dialer.
func NewHTTPDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
return NewHTTP(s, dialer)
@@ -102,55 +73,32 @@ func NewHTTPServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
return NewHTTP(s, dialer)
}
-// NewHTTPSServer returns a https proxy server
-func NewHTTPSServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
- return NewHTTPS(s, dialer)
-}
-
-// ListenAndServe serves tls http proxy
-func (s *HTTPS) ListenAndServe() {
- l, err := tls.Listen("tcp", s.addr, s.tlsConfig)
- if err != nil {
- log.F("failed to listen on tls %s: %v", s.addr, err)
- return
- }
-
- defer l.Close()
-
- for {
- c, err := l.Accept()
- if err != nil {
- log.F("[https] failed to accept: %v", err)
- continue
- }
-
- go s.HTTP.Serve(c)
- }
-}
-
// ListenAndServe .
-func (s *HTTP) ListenAndServe() {
- l, err := net.Listen("tcp", s.addr)
- if err != nil {
- log.F("failed to listen on %s: %v", s.addr, err)
- return
- }
- defer l.Close()
-
- log.F("listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
+func (s *HTTP) ListenAndServe(c net.Conn) {
+ if c == nil {
+ l, err := net.Listen("tcp", s.addr)
if err != nil {
- log.F("[http] failed to accept: %v", err)
- continue
+ log.F("failed to listen on %s: %v", s.addr, err)
+ return
}
+ defer l.Close()
+ log.F("listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[http] failed to accept: %v", err)
+ continue
+ }
+
+ go s.Serve(c)
+ }
+ } else {
go s.Serve(c)
}
}
-
// Serve .
func (s *HTTP) Serve(c net.Conn) {
defer c.Close()
@@ -166,8 +114,15 @@ func (s *HTTP) Serve(c net.Conn) {
return
}
+ if s.pretendAsWebServer {
+ fmt.Fprintf(c, "%s 404 Not Found\r\nServer: nginx\r\n\r\n", proto)
+ log.F("[http pretender] being accessed as web server from %s", c.RemoteAddr().String())
+ return
+ }
+
if method == "CONNECT" {
s.servHTTPS(method, requestURI, proto, c)
+ //c.Write([]byte("HTTP/1.1 405\nAllow: GET, POST, HEAD, OPTION, PATCH\nServer: vsps/1.2\nContent-Type: \n\n"))
return
}
diff --git a/proxy/mixed/mixed.go b/proxy/mixed/mixed.go
index 5780d8b..07bfad8 100644
--- a/proxy/mixed/mixed.go
+++ b/proxy/mixed/mixed.go
@@ -31,6 +31,8 @@ type MixedProxy struct {
http *http.HTTP
socks5 *socks5.SOCKS5
+
+ pretendAsWebServer bool
}
func init() {
@@ -45,9 +47,16 @@ func NewMixedProxy(s string, dialer proxy.Dialer) (*MixedProxy, error) {
return nil, err
}
+ pretend := u.Query().Get("pretend")
+
p := &MixedProxy{
- dialer: dialer,
- addr: u.Host,
+ dialer: dialer,
+ addr: u.Host,
+ pretendAsWebServer: false,
+ }
+
+ if pretend == "true" {
+ p.pretendAsWebServer = true
}
p.http, _ = http.NewHTTP(s, dialer)
@@ -62,25 +71,28 @@ func NewMixedProxyServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
}
// ListenAndServe .
-func (p *MixedProxy) ListenAndServe() {
+func (p *MixedProxy) ListenAndServe(c net.Conn) {
- go p.socks5.ListenAndServeUDP()
+ if c == nil {
+ go p.socks5.ListenAndServeUDP()
+ l, err := net.Listen("tcp", p.addr)
- l, err := net.Listen("tcp", p.addr)
- if err != nil {
- log.F("[mixed] failed to listen on %s: %v", p.addr, err)
- return
- }
-
- log.F("[mixed] listening TCP on %s", p.addr)
-
- for {
- c, err := l.Accept()
+ //l, err := net.Listen("tcp", p.addr)
if err != nil {
- log.F("[mixed] failed to accept: %v", err)
- continue
+ log.F("[mixed] failed to listen on %s: %v", p.addr, err)
+ return
}
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[mixed] failed to accept: %v", err)
+ continue
+ }
+
+ go p.Serve(c)
+ }
+ } else {
go p.Serve(c)
}
}
@@ -98,7 +110,7 @@ func (p *MixedProxy) Serve(c net.Conn) {
if p.socks5 != nil {
head, err := cc.Peek(1)
if err != nil {
- log.F("[mixed] peek error: %s", err)
+ log.F("[mixed] socks5 peek error: %s", err)
return
}
@@ -112,7 +124,7 @@ func (p *MixedProxy) Serve(c net.Conn) {
if p.http != nil {
head, err := cc.Peek(8)
if err != nil {
- log.F("[mixed] peek error: %s", err)
+ log.F("[mixed] http peek error: %s", err)
return
}
diff --git a/proxy/redir/redir_linux.go b/proxy/redir/redir_linux.go
index 8963486..b99ddc2 100644
--- a/proxy/redir/redir_linux.go
+++ b/proxy/redir/redir_linux.go
@@ -64,7 +64,7 @@ func NewRedir6Server(s string, dialer proxy.Dialer) (proxy.Server, error) {
}
// ListenAndServe .
-func (s *RedirProxy) ListenAndServe() {
+func (s *RedirProxy) ListenAndServe(_ net.Conn) {
l, err := net.Listen("tcp", s.addr)
if err != nil {
log.F("[redir] failed to listen on %s: %v", s.addr, err)
diff --git a/proxy/server.go b/proxy/server.go
index aef83c9..e9ff2bc 100644
--- a/proxy/server.go
+++ b/proxy/server.go
@@ -2,6 +2,7 @@ package proxy
import (
"errors"
+ "net"
"net/url"
"strings"
@@ -11,7 +12,7 @@ import (
// Server interface
type Server interface {
// ListenAndServe as proxy server, use only in server mode.
- ListenAndServe()
+ ListenAndServe(net.Conn)
}
// ServerCreator is a function to create proxy servers.
diff --git a/proxy/socks5/socks5.go b/proxy/socks5/socks5.go
index f34a8e4..8eb2912 100644
--- a/proxy/socks5/socks5.go
+++ b/proxy/socks5/socks5.go
@@ -76,28 +76,32 @@ func NewSocks5Server(s string, dialer proxy.Dialer) (proxy.Server, error) {
}
// ListenAndServe serves socks5 requests.
-func (s *SOCKS5) ListenAndServe() {
+func (s *SOCKS5) ListenAndServe(c net.Conn) {
go s.ListenAndServeUDP()
- s.ListenAndServeTCP()
+ s.ListenAndServeTCP(c)
}
// ListenAndServeTCP .
-func (s *SOCKS5) ListenAndServeTCP() {
- l, err := net.Listen("tcp", s.addr)
- if err != nil {
- log.F("[socks5] failed to listen on %s: %v", s.addr, err)
- return
- }
-
- log.F("[socks5] listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
+func (s *SOCKS5) ListenAndServeTCP(c net.Conn) {
+ if c == nil {
+ l, err := net.Listen("tcp", s.addr)
if err != nil {
- log.F("[socks5] failed to accept: %v", err)
- continue
+ log.F("[socks5] failed to listen on %s: %v", s.addr, err)
+ return
}
+ log.F("[socks5] listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[socks5] failed to accept: %v", err)
+ continue
+ }
+
+ go s.ServeTCP(c)
+ }
+ } else {
go s.ServeTCP(c)
}
}
diff --git a/proxy/ss/ss.go b/proxy/ss/ss.go
index fc54b0f..75491d2 100644
--- a/proxy/ss/ss.go
+++ b/proxy/ss/ss.go
@@ -66,27 +66,31 @@ func NewSSServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
}
// ListenAndServe serves ss requests.
-func (s *SS) ListenAndServe() {
+func (s *SS) ListenAndServe(c net.Conn) {
go s.ListenAndServeUDP()
- s.ListenAndServeTCP()
+ s.ListenAndServeTCP(c)
}
// ListenAndServeTCP serves tcp ss requests.
-func (s *SS) ListenAndServeTCP() {
- l, err := net.Listen("tcp", s.addr)
- if err != nil {
- log.F("[ss] failed to listen on %s: %v", s.addr, err)
- return
- }
-
- log.F("[ss] listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
+func (s *SS) ListenAndServeTCP(c net.Conn) {
+ if c == nil {
+ l, err := net.Listen("tcp", s.addr)
if err != nil {
- log.F("[ss] failed to accept: %v", err)
- continue
+ log.F("[ss] failed to listen on %s: %v", s.addr, err)
+ return
}
+
+ log.F("[ss] listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[ss] failed to accept: %v", err)
+ continue
+ }
+ go s.ServeTCP(c)
+ }
+ } else {
go s.ServeTCP(c)
}
}
diff --git a/proxy/tcptun/tcptun.go b/proxy/tcptun/tcptun.go
index 2f2a6c7..5dd9adf 100644
--- a/proxy/tcptun/tcptun.go
+++ b/proxy/tcptun/tcptun.go
@@ -48,7 +48,7 @@ func NewTCPTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
}
// ListenAndServe .
-func (s *TCPTun) ListenAndServe() {
+func (s *TCPTun) ListenAndServe(_ net.Conn) {
l, err := net.Listen("tcp", s.addr)
if err != nil {
log.F("failed to listen on %s: %v", s.addr, err)
diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go
index d4f8cab..4b19d8c 100644
--- a/proxy/tls/tls.go
+++ b/proxy/tls/tls.go
@@ -3,6 +3,7 @@ package tls
import (
stdtls "crypto/tls"
"errors"
+ "fmt"
"net"
"net/url"
"strings"
@@ -18,10 +19,17 @@ type TLS struct {
serverName string
skipVerify bool
+
+ certFile string
+ keyFile string
+
+ server proxy.Server
+ serverProto string
}
func init() {
proxy.RegisterDialer("tls", NewTLSDialer)
+ proxy.RegisterServer("tls", NewTLSTransport)
}
// NewTLS returns a tls proxy.
@@ -48,6 +56,8 @@ func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
addr: addr,
serverName: serverName,
skipVerify: false,
+ certFile: "",
+ keyFile: "",
}
if skipVerify == "true" {
@@ -57,6 +67,100 @@ func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
return p, nil
}
+// NewTLSServerTransport returns a tls transport layer before the real server
+func NewTLSTransport(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ transport := strings.Split(s, ",")
+
+ // prepare transport listener
+ if len(transport) != 2 {
+ err := fmt.Errorf("malformd listener: %s", s)
+ log.F(err.Error())
+ return nil, err
+ }
+
+ u, err := url.Parse(transport[0])
+ if err != nil {
+ log.F("parse url err: %s", err)
+ return nil, err
+ }
+
+ // TODO: cert=&key=
+ query := u.Query()
+
+ certFile := query.Get("cert")
+ keyFile := query.Get("key")
+
+ addr := u.Host
+ colonPos := strings.LastIndex(addr, ":")
+ if colonPos == -1 {
+ colonPos = len(addr)
+ }
+ serverName := addr[:colonPos]
+
+ p := &TLS{
+ dialer: dialer,
+ addr: addr,
+ serverName: serverName,
+ skipVerify: false,
+ certFile: certFile,
+ keyFile: keyFile,
+ serverProto: transport[1],
+ }
+
+ // prepare layer 7 server
+ p.server, err = proxy.ServerFromURL(transport[1], dialer)
+
+ return p, nil
+}
+
+func (s *TLS) ListenAndServe(c net.Conn) {
+ // c for TCP_FAST_OPEN
+
+ var tlsConfig *stdtls.Config
+
+ var ticketKey [32]byte
+ copy(ticketKey[:], "f8710951c1f6d0d95a95eed5e99b51f1")
+
+ if s.certFile != "" && s.keyFile != "" {
+ cert, err := stdtls.LoadX509KeyPair(s.certFile, s.keyFile)
+ if err != nil {
+ log.F("unabled load cert: %s, key %s", s.certFile, s.keyFile)
+ return
+ }
+
+ tlsConfig = &stdtls.Config{
+ Certificates: []stdtls.Certificate{cert},
+ MinVersion: stdtls.VersionTLS12,
+ MaxVersion: stdtls.VersionTLS13,
+ SessionTicketKey: ticketKey,
+ Accept0RTTData: true,
+ }
+ } else {
+ tlsConfig = nil
+ }
+
+ l, err := stdtls.Listen("tcp", s.addr, tlsConfig)
+ if err != nil {
+ log.F("failed to listen on tls %s: %v", s.addr, err)
+ return
+ }
+
+ defer l.Close()
+
+ log.F("listening TCP on %s with TLS", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[https] failed to accept: %v", err)
+ continue
+ }
+
+ // it's callee's response to decide process request in sync/async mode.
+ s.server.ListenAndServe(c)
+ }
+}
+
// NewTLSDialer returns a tls proxy dialer.
func NewTLSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
return NewTLS(s, dialer)
@@ -79,6 +183,9 @@ func (s *TLS) Dial(network, addr string) (net.Conn, error) {
conf := &stdtls.Config{
ServerName: s.serverName,
InsecureSkipVerify: s.skipVerify,
+ ClientSessionCache: stdtls.NewLRUClientSessionCache(64),
+ MinVersion: stdtls.VersionTLS12,
+ MaxVersion: stdtls.VersionTLS13,
}
c := stdtls.Client(cc, conf)
diff --git a/proxy/tproxy/tproxy_linux.go b/proxy/tproxy/tproxy_linux.go
index 6398eb4..3d96600 100644
--- a/proxy/tproxy/tproxy_linux.go
+++ b/proxy/tproxy/tproxy_linux.go
@@ -51,7 +51,7 @@ func NewTProxyServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
}
// ListenAndServe .
-func (s *TProxy) ListenAndServe() {
+func (s *TProxy) ListenAndServe(_ net.Conn) {
// go s.ListenAndServeTCP()
s.ListenAndServeUDP()
}
diff --git a/proxy/udptun/udptun.go b/proxy/udptun/udptun.go
index 8fb72ff..8ce8e9f 100644
--- a/proxy/udptun/udptun.go
+++ b/proxy/udptun/udptun.go
@@ -50,7 +50,7 @@ func NewUDPTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
}
// ListenAndServe .
-func (s *UDPTun) ListenAndServe() {
+func (s *UDPTun) ListenAndServe(_ net.Conn) {
c, err := net.ListenPacket("udp", s.addr)
if err != nil {
log.F("[udptun] failed to listen on %s: %v", s.addr, err)
diff --git a/proxy/uottun/uottun.go b/proxy/uottun/uottun.go
index f43418c..0da69a1 100644
--- a/proxy/uottun/uottun.go
+++ b/proxy/uottun/uottun.go
@@ -50,7 +50,7 @@ func NewUoTTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
}
// ListenAndServe .
-func (s *UoTTun) ListenAndServe() {
+func (s *UoTTun) ListenAndServe(_ net.Conn) {
c, err := net.ListenPacket("udp", s.addr)
if err != nil {
log.F("[uottun] failed to listen on %s: %v", s.addr, err)
From 88e33cab7e50c7aa64961918d15746b21971d1a1 Mon Sep 17 00:00:00 2001
From: changx
Date: Mon, 29 Oct 2018 16:26:37 +0800
Subject: [PATCH 290/341] downgrade to tls12
---
proxy/tls/tls.go | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go
index 4b19d8c..3cc9e46 100644
--- a/proxy/tls/tls.go
+++ b/proxy/tls/tls.go
@@ -130,10 +130,9 @@ func (s *TLS) ListenAndServe(c net.Conn) {
tlsConfig = &stdtls.Config{
Certificates: []stdtls.Certificate{cert},
- MinVersion: stdtls.VersionTLS12,
- MaxVersion: stdtls.VersionTLS13,
+ MinVersion: stdtls.VersionTLS10,
+ MaxVersion: stdtls.VersionTLS12,
SessionTicketKey: ticketKey,
- Accept0RTTData: true,
}
} else {
tlsConfig = nil
@@ -184,8 +183,8 @@ func (s *TLS) Dial(network, addr string) (net.Conn, error) {
ServerName: s.serverName,
InsecureSkipVerify: s.skipVerify,
ClientSessionCache: stdtls.NewLRUClientSessionCache(64),
- MinVersion: stdtls.VersionTLS12,
- MaxVersion: stdtls.VersionTLS13,
+ MinVersion: stdtls.VersionTLS10,
+ MaxVersion: stdtls.VersionTLS12,
}
c := stdtls.Client(cc, conf)
From 2813e80a98a9af76e67340a7f36187e11317798e Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 21 Nov 2018 20:28:46 +0800
Subject: [PATCH 291/341] http: fix #76
---
.../rules.d/office.rule | 3 ++-
proxy/http/http.go | 23 ++++++++-----------
proxy/mixed/mixed.go | 3 +--
proxy/vmess/client.go | 5 +++-
4 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.rule b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.rule
index f6db0fb..634e88e 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.rule
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.rule
@@ -16,7 +16,8 @@ checkduration=30
dnsserver=208.67.222.222:53
# specify destinations
-#include=office.list
+include=office.list
+
domain=example1.com
domain=example2.com
# matches ip
diff --git a/proxy/http/http.go b/proxy/http/http.go
index c35bf78..871a76a 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -162,8 +162,8 @@ func (s *HTTP) Serve(c net.Conn) {
uri := u.String()
var reqBuf bytes.Buffer
- writeFirstLine(method, uri, proto, &reqBuf)
- writeHeaders(reqHeader, &reqBuf)
+ writeFirstLine(&reqBuf, method, uri, proto)
+ writeHeaders(&reqBuf, reqHeader)
// send request to remote server
rc.Write(reqBuf.Bytes())
@@ -194,8 +194,8 @@ func (s *HTTP) Serve(c net.Conn) {
respHeader.Set("Connection", "close")
var respBuf bytes.Buffer
- writeFirstLine(proto, code, status, &respBuf)
- writeHeaders(respHeader, &respBuf)
+ writeFirstLine(&respBuf, proto, code, status)
+ writeHeaders(&respBuf, respHeader)
log.F("[http] %s <-> %s", c.RemoteAddr(), tgt)
c.Write(respBuf.Bytes())
@@ -309,7 +309,7 @@ func cleanHeaders(header textproto.MIMEHeader) {
header.Del("Upgrade")
}
-func writeFirstLine(s1, s2, s3 string, buf *bytes.Buffer) {
+func writeFirstLine(buf *bytes.Buffer, s1, s2, s3 string) {
buf.Write([]byte(s1))
buf.Write([]byte(" "))
buf.Write([]byte(s2))
@@ -318,17 +318,14 @@ func writeFirstLine(s1, s2, s3 string, buf *bytes.Buffer) {
buf.Write([]byte("\r\n"))
}
-func writeHeaders(header textproto.MIMEHeader, buf *bytes.Buffer) {
+func writeHeaders(buf *bytes.Buffer, header textproto.MIMEHeader) {
for key, values := range header {
- buf.Write([]byte(key))
- buf.Write([]byte(": "))
- for k, v := range values {
+ for _, v := range values {
+ buf.Write([]byte(key))
+ buf.Write([]byte(": "))
buf.Write([]byte(v))
- if k > 0 {
- buf.Write([]byte(" "))
- }
+ buf.Write([]byte("\r\n"))
}
- buf.Write([]byte("\r\n"))
}
//header ended
diff --git a/proxy/mixed/mixed.go b/proxy/mixed/mixed.go
index 07bfad8..a809340 100644
--- a/proxy/mixed/mixed.go
+++ b/proxy/mixed/mixed.go
@@ -75,9 +75,8 @@ func (p *MixedProxy) ListenAndServe(c net.Conn) {
if c == nil {
go p.socks5.ListenAndServeUDP()
- l, err := net.Listen("tcp", p.addr)
- //l, err := net.Listen("tcp", p.addr)
+ l, err := net.Listen("tcp", p.addr)
if err != nil {
log.F("[mixed] failed to listen on %s: %v", p.addr, err)
return
diff --git a/proxy/vmess/client.go b/proxy/vmess/client.go
index 72dbd3c..5bad7d7 100644
--- a/proxy/vmess/client.go
+++ b/proxy/vmess/client.go
@@ -207,10 +207,13 @@ func (c *Conn) DecodeRespHeader() error {
}
stream := cipher.NewCFBDecrypter(block, c.respBodyIV[:])
+
buf := make([]byte, 4)
- if _, err := io.ReadFull(c.Conn, buf); err != nil {
+ _, err = io.ReadFull(c.Conn, buf)
+ if err != nil {
return err
}
+
stream.XORKeyStream(buf, buf)
if buf[0] != c.reqRespV {
From d37c2e2a355b4a7d746e1f3b0737ede6fe1cc13e Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 25 Nov 2018 13:18:15 +0800
Subject: [PATCH 292/341] server: changed interface definition and
implementation
---
.../README.md | 2 +-
.../README.md | 2 +-
main.go | 2 +-
proxy/http/http.go | 51 ++++----
proxy/mixed/mixed.go | 50 +++-----
proxy/redir/redir_linux.go | 7 +-
proxy/server.go | 13 +-
proxy/socks5/socks5.go | 58 ++++-----
proxy/ss/ss.go | 59 +++++----
proxy/tcptun/tcptun.go | 60 ++++-----
proxy/tls/tls.go | 115 +++++++-----------
proxy/tproxy/tproxy_linux.go | 5 +-
proxy/udptun/udptun.go | 11 +-
proxy/uottun/uottun.go | 12 +-
14 files changed, 207 insertions(+), 240 deletions(-)
diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/README.md b/config/examples/8.transparent_proxy_with_dnsmasq/README.md
index 9f4aeef..56e8118 100644
--- a/config/examples/8.transparent_proxy_with_dnsmasq/README.md
+++ b/config/examples/8.transparent_proxy_with_dnsmasq/README.md
@@ -33,7 +33,7 @@ ipset=/example4.com/myset
#### Config iptables on your linux gateway
```bash
iptables -t nat -I PREROUTING -p tcp -m set --match-set myset dst -j REDIRECT --to-ports 1081
-iptables -t nat -I OUTPUT -p tcp -m set --match-set myset dst -j REDIRECT --to-ports 1081
+#iptables -t nat -I OUTPUT -p tcp -m set --match-set myset dst -j REDIRECT --to-ports 1081
```
#### When client requests network, the whole process:
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/README.md b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
index e7b337c..6304119 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/README.md
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
@@ -73,7 +73,7 @@ cidr=172.16.102.0/24
#### Configure iptables on your linux gateway
```bash
iptables -t nat -I PREROUTING -p tcp -m set --match-set glider dst -j REDIRECT --to-ports 1081
-iptables -t nat -I OUTPUT -p tcp -m set --match-set glider dst -j REDIRECT --to-ports 1081
+#iptables -t nat -I OUTPUT -p tcp -m set --match-set glider dst -j REDIRECT --to-ports 1081
```
#### Client DNS settings
diff --git a/main.go b/main.go
index 34865c1..8634a86 100644
--- a/main.go
+++ b/main.go
@@ -81,7 +81,7 @@ func main() {
log.Fatal(err)
}
- go local.ListenAndServe(nil)
+ go local.ListenAndServe()
}
sigCh := make(chan os.Signal, 1)
diff --git a/proxy/http/http.go b/proxy/http/http.go
index 871a76a..76095ce 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -35,7 +35,7 @@ func init() {
proxy.RegisterServer("http", NewHTTPServer)
}
-// NewHTTP returns a http proxy.
+// NewHTTP returns a http proxy
func NewHTTP(s string, dialer proxy.Dialer) (*HTTP, error) {
u, err := url.Parse(s)
if err != nil {
@@ -63,38 +63,34 @@ func NewHTTP(s string, dialer proxy.Dialer) (*HTTP, error) {
return h, nil
}
-// NewHTTPDialer returns a http proxy dialer.
+// NewHTTPDialer returns a http proxy dialer
func NewHTTPDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
return NewHTTP(s, dialer)
}
-// NewHTTPServer returns a http proxy server.
+// NewHTTPServer returns a http proxy server
func NewHTTPServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
return NewHTTP(s, dialer)
}
// ListenAndServe .
-func (s *HTTP) ListenAndServe(c net.Conn) {
- if c == nil {
- l, err := net.Listen("tcp", s.addr)
+func (s *HTTP) ListenAndServe() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ log.F("[http] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer l.Close()
+
+ log.F("[http] listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
if err != nil {
- log.F("failed to listen on %s: %v", s.addr, err)
- return
+ log.F("[http] failed to accept: %v", err)
+ continue
}
- defer l.Close()
- log.F("listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
- if err != nil {
- log.F("[http] failed to accept: %v", err)
- continue
- }
-
- go s.Serve(c)
- }
- } else {
go s.Serve(c)
}
}
@@ -115,20 +111,19 @@ func (s *HTTP) Serve(c net.Conn) {
}
if s.pretendAsWebServer {
- fmt.Fprintf(c, "%s 404 Not Found\r\nServer: nginx\r\n\r\n", proto)
+ fmt.Fprintf(c, "%s 404 Not Found\r\nServer: nginx\r\n\r\n404 Not Found\r\n", proto)
log.F("[http pretender] being accessed as web server from %s", c.RemoteAddr().String())
return
}
if method == "CONNECT" {
s.servHTTPS(method, requestURI, proto, c)
- //c.Write([]byte("HTTP/1.1 405\nAllow: GET, POST, HEAD, OPTION, PATCH\nServer: vsps/1.2\nContent-Type: \n\n"))
return
}
reqHeader, err := reqTP.ReadMIMEHeader()
if err != nil {
- log.F("read header error:%s", err)
+ log.F("[http] read header error:%s", err)
return
}
cleanHeaders(reqHeader)
@@ -237,7 +232,7 @@ func (s *HTTP) Addr() string {
// NextDialer returns the next dialer
func (s *HTTP) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-// Dial connects to the address addr on the network net via the proxy.
+// Dial connects to the address addr on the network net via the proxy
func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
rc, err := s.dialer.Dial(network, s.addr)
if err != nil {
@@ -274,12 +269,12 @@ func (s *HTTP) Dial(network, addr string) (net.Conn, error) {
return nil, errors.New("[http] can not connect remote address: " + addr + ". error code: " + code)
}
-// DialUDP connects to the given address via the proxy.
+// DialUDP connects to the given address via the proxy
func (s *HTTP) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
return nil, nil, errors.New("http client does not support udp")
}
-// parseFirstLine parses "GET /foo HTTP/1.1" OR "HTTP/1.1 200 OK" into its three parts.
+// parseFirstLine parses "GET /foo HTTP/1.1" OR "HTTP/1.1 200 OK" into its three parts
func parseFirstLine(tp *textproto.Reader) (r1, r2, r3 string, ok bool) {
line, err := tp.ReadLine()
// log.F("first line: %s", line)
@@ -327,7 +322,5 @@ func writeHeaders(buf *bytes.Buffer, header textproto.MIMEHeader) {
buf.Write([]byte("\r\n"))
}
}
-
- //header ended
buf.Write([]byte("\r\n"))
}
diff --git a/proxy/mixed/mixed.go b/proxy/mixed/mixed.go
index a809340..dfc9ba8 100644
--- a/proxy/mixed/mixed.go
+++ b/proxy/mixed/mixed.go
@@ -12,7 +12,7 @@ import (
"github.com/nadoo/glider/proxy/socks5"
)
-// https://www.ietf.org/rfc/rfc2616.txt, http methods must be uppercase.
+// https://www.ietf.org/rfc/rfc2616.txt, http methods must be uppercase
var httpMethods = [...][]byte{
[]byte("GET"),
[]byte("POST"),
@@ -31,15 +31,13 @@ type MixedProxy struct {
http *http.HTTP
socks5 *socks5.SOCKS5
-
- pretendAsWebServer bool
}
func init() {
proxy.RegisterServer("mixed", NewMixedProxyServer)
}
-// NewMixedProxy returns a mixed proxy.
+// NewMixedProxy returns a mixed proxy
func NewMixedProxy(s string, dialer proxy.Dialer) (*MixedProxy, error) {
u, err := url.Parse(s)
if err != nil {
@@ -47,16 +45,9 @@ func NewMixedProxy(s string, dialer proxy.Dialer) (*MixedProxy, error) {
return nil, err
}
- pretend := u.Query().Get("pretend")
-
p := &MixedProxy{
- dialer: dialer,
- addr: u.Host,
- pretendAsWebServer: false,
- }
-
- if pretend == "true" {
- p.pretendAsWebServer = true
+ dialer: dialer,
+ addr: u.Host,
}
p.http, _ = http.NewHTTP(s, dialer)
@@ -65,33 +56,30 @@ func NewMixedProxy(s string, dialer proxy.Dialer) (*MixedProxy, error) {
return p, nil
}
-// NewMixedProxyServer returns a mixed proxy server.
+// NewMixedProxyServer returns a mixed proxy server
func NewMixedProxyServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
return NewMixedProxy(s, dialer)
}
// ListenAndServe .
-func (p *MixedProxy) ListenAndServe(c net.Conn) {
+func (p *MixedProxy) ListenAndServe() {
+ go p.socks5.ListenAndServeUDP()
- if c == nil {
- go p.socks5.ListenAndServeUDP()
+ l, err := net.Listen("tcp", p.addr)
+ if err != nil {
+ log.F("[mixed] failed to listen on %s: %v", p.addr, err)
+ return
+ }
- l, err := net.Listen("tcp", p.addr)
+ log.F("[mixed] listening TCP on %s", p.addr)
+
+ for {
+ c, err := l.Accept()
if err != nil {
- log.F("[mixed] failed to listen on %s: %v", p.addr, err)
- return
+ log.F("[mixed] failed to accept: %v", err)
+ continue
}
- for {
- c, err := l.Accept()
- if err != nil {
- log.F("[mixed] failed to accept: %v", err)
- continue
- }
-
- go p.Serve(c)
- }
- } else {
go p.Serve(c)
}
}
@@ -115,7 +103,7 @@ func (p *MixedProxy) Serve(c net.Conn) {
// check socks5, client send socksversion: 5 as the first byte
if head[0] == socks5.Version {
- p.socks5.ServeTCP(cc)
+ p.socks5.Serve(cc)
return
}
}
diff --git a/proxy/redir/redir_linux.go b/proxy/redir/redir_linux.go
index b99ddc2..d84707b 100644
--- a/proxy/redir/redir_linux.go
+++ b/proxy/redir/redir_linux.go
@@ -64,7 +64,7 @@ func NewRedir6Server(s string, dialer proxy.Dialer) (proxy.Server, error) {
}
// ListenAndServe .
-func (s *RedirProxy) ListenAndServe(_ net.Conn) {
+func (s *RedirProxy) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
log.F("[redir] failed to listen on %s: %v", s.addr, err)
@@ -114,6 +114,11 @@ func (s *RedirProxy) ListenAndServe(_ net.Conn) {
}
}
+// Serve .
+func (s *RedirProxy) Serve(c net.Conn) {
+
+}
+
// Get the original destination of a TCP connection.
func getOrigDst(conn net.Conn, ipv6 bool) (socks.Addr, error) {
c, ok := conn.(*net.TCPConn)
diff --git a/proxy/server.go b/proxy/server.go
index e9ff2bc..3e1c91a 100644
--- a/proxy/server.go
+++ b/proxy/server.go
@@ -11,11 +11,14 @@ import (
// Server interface
type Server interface {
- // ListenAndServe as proxy server, use only in server mode.
- ListenAndServe(net.Conn)
+ // ListenAndServe sets up a listener and serve on it
+ ListenAndServe()
+
+ // Serve serves a connection
+ Serve(c net.Conn)
}
-// ServerCreator is a function to create proxy servers.
+// ServerCreator is a function to create proxy servers
type ServerCreator func(s string, dialer Dialer) (Server, error)
var (
@@ -27,8 +30,8 @@ func RegisterServer(name string, c ServerCreator) {
serverMap[name] = c
}
-// ServerFromURL calls the registered creator to create proxy servers.
-// dialer is the default upstream dialer so cannot be nil, we can use Default when calling this function.
+// ServerFromURL calls the registered creator to create proxy servers
+// dialer is the default upstream dialer so cannot be nil, we can use Default when calling this function
func ServerFromURL(s string, dialer Dialer) (Server, error) {
if dialer == nil {
return nil, errors.New("ServerFromURL: dialer cannot be nil")
diff --git a/proxy/socks5/socks5.go b/proxy/socks5/socks5.go
index 8eb2912..f3e8573 100644
--- a/proxy/socks5/socks5.go
+++ b/proxy/socks5/socks5.go
@@ -43,7 +43,7 @@ func init() {
}
// NewSOCKS5 returns a Proxy that makes SOCKS v5 connections to the given address
-// with an optional username and password. See RFC 1928.
+// with an optional username and password. See RFC 1928
func NewSOCKS5(s string, dialer proxy.Dialer) (*SOCKS5, error) {
u, err := url.Parse(s)
if err != nil {
@@ -65,49 +65,45 @@ func NewSOCKS5(s string, dialer proxy.Dialer) (*SOCKS5, error) {
return h, nil
}
-// NewSocks5Dialer returns a socks5 proxy dialer.
+// NewSocks5Dialer returns a socks5 proxy dialer
func NewSocks5Dialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
return NewSOCKS5(s, dialer)
}
-// NewSocks5Server returns a socks5 proxy server.
+// NewSocks5Server returns a socks5 proxy server
func NewSocks5Server(s string, dialer proxy.Dialer) (proxy.Server, error) {
return NewSOCKS5(s, dialer)
}
-// ListenAndServe serves socks5 requests.
-func (s *SOCKS5) ListenAndServe(c net.Conn) {
+// ListenAndServe serves socks5 requests
+func (s *SOCKS5) ListenAndServe() {
go s.ListenAndServeUDP()
- s.ListenAndServeTCP(c)
+ s.ListenAndServeTCP()
}
// ListenAndServeTCP .
-func (s *SOCKS5) ListenAndServeTCP(c net.Conn) {
- if c == nil {
- l, err := net.Listen("tcp", s.addr)
+func (s *SOCKS5) ListenAndServeTCP() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ log.F("[socks5] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+
+ log.F("[socks5] listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
if err != nil {
- log.F("[socks5] failed to listen on %s: %v", s.addr, err)
- return
+ log.F("[socks5] failed to accept: %v", err)
+ continue
}
- log.F("[socks5] listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
- if err != nil {
- log.F("[socks5] failed to accept: %v", err)
- continue
- }
-
- go s.ServeTCP(c)
- }
- } else {
- go s.ServeTCP(c)
+ go s.Serve(c)
}
}
-// ServeTCP .
-func (s *SOCKS5) ServeTCP(c net.Conn) {
+// Serve .
+func (s *SOCKS5) Serve(c net.Conn) {
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
@@ -152,7 +148,7 @@ func (s *SOCKS5) ServeTCP(c net.Conn) {
}
}
-// ListenAndServeUDP serves udp requests.
+// ListenAndServeUDP serves udp requests
func (s *SOCKS5) ListenAndServeUDP() {
lc, err := net.ListenPacket("udp", s.addr)
if err != nil {
@@ -248,7 +244,7 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
return c, nil
}
-// DialUDP connects to the given address via the proxy.
+// DialUDP connects to the given address via the proxy
func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.Addr, err error) {
c, err := s.dialer.Dial("tcp", s.addr)
if err != nil {
@@ -297,7 +293,7 @@ func (s *SOCKS5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.A
// connect takes an existing connection to a socks5 proxy server,
// and commands the server to extend that connection to target,
-// which must be a canonical address with a host and port.
+// which must be a canonical address with a host and port
func (s *SOCKS5) connect(conn net.Conn, target string) error {
host, portStr, err := net.SplitHostPort(target)
if err != nil {
@@ -428,9 +424,9 @@ func (s *SOCKS5) connect(conn net.Conn, target string) error {
return nil
}
-// Handshake fast-tracks SOCKS initialization to get target address to connect.
+// Handshake fast-tracks SOCKS initialization to get target address to connect
func (s *SOCKS5) handshake(rw io.ReadWriter) (socks.Addr, error) {
- // Read RFC 1928 for request and reply structure and sizes.
+ // Read RFC 1928 for request and reply structure and sizes
buf := make([]byte, socks.MaxAddrLen)
// read VER, NMETHODS, METHODS
if _, err := io.ReadFull(rw, buf[:2]); err != nil {
diff --git a/proxy/ss/ss.go b/proxy/ss/ss.go
index 75491d2..5cacb8b 100644
--- a/proxy/ss/ss.go
+++ b/proxy/ss/ss.go
@@ -29,7 +29,7 @@ func init() {
proxy.RegisterServer("ss", NewSSServer)
}
-// NewSS returns a shadowsocks proxy.
+// NewSS returns a shadowsocks proxy
func NewSS(s string, dialer proxy.Dialer) (*SS, error) {
u, err := url.Parse(s)
if err != nil {
@@ -55,48 +55,45 @@ func NewSS(s string, dialer proxy.Dialer) (*SS, error) {
return p, nil
}
-// NewSSDialer returns a ss proxy dialer.
+// NewSSDialer returns a ss proxy dialer
func NewSSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
return NewSS(s, dialer)
}
-// NewSSServer returns a ss proxy server.
+// NewSSServer returns a ss proxy server
func NewSSServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
return NewSS(s, dialer)
}
-// ListenAndServe serves ss requests.
-func (s *SS) ListenAndServe(c net.Conn) {
+// ListenAndServe serves ss requests
+func (s *SS) ListenAndServe() {
go s.ListenAndServeUDP()
- s.ListenAndServeTCP(c)
+ s.ListenAndServeTCP()
}
-// ListenAndServeTCP serves tcp ss requests.
-func (s *SS) ListenAndServeTCP(c net.Conn) {
- if c == nil {
- l, err := net.Listen("tcp", s.addr)
- if err != nil {
- log.F("[ss] failed to listen on %s: %v", s.addr, err)
- return
- }
-
- log.F("[ss] listening TCP on %s", s.addr)
-
- for {
- c, err := l.Accept()
- if err != nil {
- log.F("[ss] failed to accept: %v", err)
- continue
- }
- go s.ServeTCP(c)
- }
- } else {
- go s.ServeTCP(c)
+// ListenAndServeTCP serves tcp ss requests
+func (s *SS) ListenAndServeTCP() {
+ l, err := net.Listen("tcp", s.addr)
+ if err != nil {
+ log.F("[ss] failed to listen on %s: %v", s.addr, err)
+ return
}
+
+ log.F("[ss] listening TCP on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[ss] failed to accept: %v", err)
+ continue
+ }
+ go s.Serve(c)
+ }
+
}
-// ServeTCP serves tcp ss requests.
-func (s *SS) ServeTCP(c net.Conn) {
+// Serve serves tcp ss requests
+func (s *SS) Serve(c net.Conn) {
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
@@ -169,7 +166,7 @@ func (s *SS) ServeTCP(c net.Conn) {
}
-// ListenAndServeUDP serves udp ss requests.
+// ListenAndServeUDP serves udp ss requests
func (s *SS) ListenAndServeUDP() {
lc, err := net.ListenPacket("udp", s.addr)
if err != nil {
@@ -271,7 +268,7 @@ func (s *SS) Dial(network, addr string) (net.Conn, error) {
}
-// DialUDP connects to the given address via the proxy.
+// DialUDP connects to the given address via the proxy
func (s *SS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
pc, nextHop, err := s.dialer.DialUDP(network, s.addr)
if err != nil {
diff --git a/proxy/tcptun/tcptun.go b/proxy/tcptun/tcptun.go
index 5dd9adf..e04b191 100644
--- a/proxy/tcptun/tcptun.go
+++ b/proxy/tcptun/tcptun.go
@@ -22,7 +22,7 @@ func init() {
proxy.RegisterServer("tcptun", NewTCPTunServer)
}
-// NewTCPTun returns a tcptun proxy.
+// NewTCPTun returns a tcptun proxy
func NewTCPTun(s string, dialer proxy.Dialer) (*TCPTun, error) {
u, err := url.Parse(s)
if err != nil {
@@ -42,13 +42,13 @@ func NewTCPTun(s string, dialer proxy.Dialer) (*TCPTun, error) {
return p, nil
}
-// NewTCPTunServer returns a udp tunnel server.
+// NewTCPTunServer returns a udp tunnel server
func NewTCPTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
return NewTCPTun(s, dialer)
}
// ListenAndServe .
-func (s *TCPTun) ListenAndServe(_ net.Conn) {
+func (s *TCPTun) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
log.F("failed to listen on %s: %v", s.addr, err)
@@ -64,31 +64,33 @@ func (s *TCPTun) ListenAndServe(_ net.Conn) {
continue
}
- go func() {
- defer c.Close()
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- rc, err := s.dialer.Dial("tcp", s.raddr)
- if err != nil {
-
- log.F("failed to connect to target: %v", err)
- return
- }
- defer rc.Close()
-
- log.F("[tcptun] %s <-> %s", c.RemoteAddr(), s.raddr)
-
- _, _, err = conn.Relay(c, rc)
- if err != nil {
- if err, ok := err.(net.Error); ok && err.Timeout() {
- return // ignore i/o timeout
- }
- log.F("relay error: %v", err)
- }
-
- }()
+ go s.Serve(c)
+ }
+}
+
+// Serve .
+func (s *TCPTun) Serve(c net.Conn) {
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ rc, err := s.dialer.Dial("tcp", s.raddr)
+ if err != nil {
+
+ log.F("failed to connect to target: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ log.F("[tcptun] %s <-> %s", c.RemoteAddr(), s.raddr)
+
+ _, _, err = conn.Relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ log.F("relay error: %v", err)
}
}
diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go
index 3cc9e46..f166239 100644
--- a/proxy/tls/tls.go
+++ b/proxy/tls/tls.go
@@ -12,7 +12,7 @@ import (
"github.com/nadoo/glider/proxy"
)
-// TLS .
+// TLS struct
type TLS struct {
dialer proxy.Dialer
addr string
@@ -23,16 +23,15 @@ type TLS struct {
certFile string
keyFile string
- server proxy.Server
- serverProto string
+ server proxy.Server
}
func init() {
proxy.RegisterDialer("tls", NewTLSDialer)
- proxy.RegisterServer("tls", NewTLSTransport)
+ proxy.RegisterServer("tls", NewTLSServer)
}
-// NewTLS returns a tls proxy.
+// NewTLS returns a tls proxy
func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
u, err := url.Parse(s)
if err != nil {
@@ -41,23 +40,24 @@ func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
}
addr := u.Host
-
- query := u.Query()
- skipVerify := query.Get("skipVerify")
-
colonPos := strings.LastIndex(addr, ":")
if colonPos == -1 {
colonPos = len(addr)
}
serverName := addr[:colonPos]
+ query := u.Query()
+ skipVerify := query.Get("skipVerify")
+ certFile := query.Get("cert")
+ keyFile := query.Get("key")
+
p := &TLS{
dialer: dialer,
addr: addr,
serverName: serverName,
skipVerify: false,
- certFile: "",
- keyFile: "",
+ certFile: certFile,
+ keyFile: keyFile,
}
if skipVerify == "true" {
@@ -67,102 +67,71 @@ func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
return p, nil
}
-// NewTLSServerTransport returns a tls transport layer before the real server
-func NewTLSTransport(s string, dialer proxy.Dialer) (proxy.Server, error) {
+// NewTLSDialer returns a tls proxy dialer.
+func NewTLSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewTLS(s, dialer)
+}
+
+// NewTLSServer returns a tls transport layer before the real server
+func NewTLSServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
transport := strings.Split(s, ",")
// prepare transport listener
- if len(transport) != 2 {
- err := fmt.Errorf("malformd listener: %s", s)
+ // TODO: check here
+ if len(transport) < 2 {
+ err := fmt.Errorf("[tls] malformd listener: %s", s)
log.F(err.Error())
return nil, err
}
- u, err := url.Parse(transport[0])
+ p, err := NewTLS(transport[0], dialer)
if err != nil {
- log.F("parse url err: %s", err)
return nil, err
}
- // TODO: cert=&key=
- query := u.Query()
-
- certFile := query.Get("cert")
- keyFile := query.Get("key")
-
- addr := u.Host
- colonPos := strings.LastIndex(addr, ":")
- if colonPos == -1 {
- colonPos = len(addr)
- }
- serverName := addr[:colonPos]
-
- p := &TLS{
- dialer: dialer,
- addr: addr,
- serverName: serverName,
- skipVerify: false,
- certFile: certFile,
- keyFile: keyFile,
- serverProto: transport[1],
- }
-
- // prepare layer 7 server
p.server, err = proxy.ServerFromURL(transport[1], dialer)
- return p, nil
+ return p, err
}
-func (s *TLS) ListenAndServe(c net.Conn) {
- // c for TCP_FAST_OPEN
+// ListenAndServe .
+func (s *TLS) ListenAndServe() {
+ cert, err := stdtls.LoadX509KeyPair(s.certFile, s.keyFile)
+ if err != nil {
+ log.F("[tls] unabled load cert: %s, key %s", s.certFile, s.keyFile)
+ return
+ }
- var tlsConfig *stdtls.Config
-
- var ticketKey [32]byte
- copy(ticketKey[:], "f8710951c1f6d0d95a95eed5e99b51f1")
-
- if s.certFile != "" && s.keyFile != "" {
- cert, err := stdtls.LoadX509KeyPair(s.certFile, s.keyFile)
- if err != nil {
- log.F("unabled load cert: %s, key %s", s.certFile, s.keyFile)
- return
- }
-
- tlsConfig = &stdtls.Config{
- Certificates: []stdtls.Certificate{cert},
- MinVersion: stdtls.VersionTLS10,
- MaxVersion: stdtls.VersionTLS12,
- SessionTicketKey: ticketKey,
- }
- } else {
- tlsConfig = nil
+ tlsConfig := &stdtls.Config{
+ Certificates: []stdtls.Certificate{cert},
+ MinVersion: stdtls.VersionTLS10,
+ MaxVersion: stdtls.VersionTLS12,
}
l, err := stdtls.Listen("tcp", s.addr, tlsConfig)
if err != nil {
- log.F("failed to listen on tls %s: %v", s.addr, err)
+ log.F("[tls] failed to listen on tls %s: %v", s.addr, err)
return
}
-
defer l.Close()
- log.F("listening TCP on %s with TLS", s.addr)
+ log.F("[tls] listening TCP on %s with TLS", s.addr)
for {
c, err := l.Accept()
if err != nil {
- log.F("[https] failed to accept: %v", err)
+ log.F("[tls] failed to accept: %v", err)
continue
}
- // it's callee's response to decide process request in sync/async mode.
- s.server.ListenAndServe(c)
+ go s.Serve(c)
}
}
-// NewTLSDialer returns a tls proxy dialer.
-func NewTLSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewTLS(s, dialer)
+// Serve .
+func (s *TLS) Serve(c net.Conn) {
+ // TODO: check here
+ s.server.Serve(c)
}
// Addr returns forwarder's address
diff --git a/proxy/tproxy/tproxy_linux.go b/proxy/tproxy/tproxy_linux.go
index 3d96600..64c723c 100644
--- a/proxy/tproxy/tproxy_linux.go
+++ b/proxy/tproxy/tproxy_linux.go
@@ -51,7 +51,7 @@ func NewTProxyServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
}
// ListenAndServe .
-func (s *TProxy) ListenAndServe(_ net.Conn) {
+func (s *TProxy) ListenAndServe() {
// go s.ListenAndServeTCP()
s.ListenAndServeUDP()
}
@@ -114,6 +114,9 @@ func (s *TProxy) ListenAndServeUDP() {
}
+// Serve .
+func (s *TProxy) Serve(c net.Conn) {}
+
// ReadFromUDP reads a UDP packet from c, copying the payload into b.
// It returns the number of bytes copied into b and the return address
// that was on the packet.
diff --git a/proxy/udptun/udptun.go b/proxy/udptun/udptun.go
index 8ce8e9f..3018c15 100644
--- a/proxy/udptun/udptun.go
+++ b/proxy/udptun/udptun.go
@@ -24,7 +24,7 @@ func init() {
proxy.RegisterServer("udptun", NewUDPTunServer)
}
-// NewUDPTun returns a UDPTun proxy.
+// NewUDPTun returns a UDPTun proxy
func NewUDPTun(s string, dialer proxy.Dialer) (*UDPTun, error) {
u, err := url.Parse(s)
if err != nil {
@@ -44,13 +44,13 @@ func NewUDPTun(s string, dialer proxy.Dialer) (*UDPTun, error) {
return p, nil
}
-// NewUDPTunServer returns a udp tunnel server.
+// NewUDPTunServer returns a udp tunnel server
func NewUDPTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
return NewUDPTun(s, dialer)
}
// ListenAndServe .
-func (s *UDPTun) ListenAndServe(_ net.Conn) {
+func (s *UDPTun) ListenAndServe() {
c, err := net.ListenPacket("udp", s.addr)
if err != nil {
log.F("[udptun] failed to listen on %s: %v", s.addr, err)
@@ -104,3 +104,8 @@ func (s *UDPTun) ListenAndServe(_ net.Conn) {
}
}
+
+// Serve .
+func (s *UDPTun) Serve(c net.Conn) {
+
+}
diff --git a/proxy/uottun/uottun.go b/proxy/uottun/uottun.go
index 0da69a1..d66a075 100644
--- a/proxy/uottun/uottun.go
+++ b/proxy/uottun/uottun.go
@@ -24,7 +24,7 @@ func init() {
proxy.RegisterServer("uottun", NewUoTTunServer)
}
-// NewUoTTun returns a UoTTun proxy.
+// NewUoTTun returns a UoTTun proxy
func NewUoTTun(s string, dialer proxy.Dialer) (*UoTTun, error) {
u, err := url.Parse(s)
if err != nil {
@@ -44,13 +44,13 @@ func NewUoTTun(s string, dialer proxy.Dialer) (*UoTTun, error) {
return p, nil
}
-// NewUoTTunServer returns a uot tunnel server.
+// NewUoTTunServer returns a uot tunnel server
func NewUoTTunServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
return NewUoTTun(s, dialer)
}
// ListenAndServe .
-func (s *UoTTun) ListenAndServe(_ net.Conn) {
+func (s *UoTTun) ListenAndServe() {
c, err := net.ListenPacket("udp", s.addr)
if err != nil {
log.F("[uottun] failed to listen on %s: %v", s.addr, err)
@@ -102,3 +102,9 @@ func (s *UoTTun) ListenAndServe(_ net.Conn) {
log.F("[uottun] %s <-> %s", clientAddr, s.raddr)
}
}
+
+// Serve .
+func (s *UoTTun) Serve(c net.Conn) {
+ // TODO
+
+}
From 25c9721b0017ecb7996d0337d278f95b677cd9d1 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 25 Nov 2018 15:41:47 +0800
Subject: [PATCH 293/341] tls: optimized code
---
proxy/redir/redir_linux.go | 2 +-
proxy/tls/tls.go | 60 +++++++++++++++++++++---------------
proxy/tproxy/tproxy_linux.go | 4 ++-
proxy/udptun/udptun.go | 2 +-
proxy/uottun/uottun.go | 2 +-
5 files changed, 41 insertions(+), 29 deletions(-)
diff --git a/proxy/redir/redir_linux.go b/proxy/redir/redir_linux.go
index d84707b..4e1ffca 100644
--- a/proxy/redir/redir_linux.go
+++ b/proxy/redir/redir_linux.go
@@ -116,7 +116,7 @@ func (s *RedirProxy) ListenAndServe() {
// Serve .
func (s *RedirProxy) Serve(c net.Conn) {
-
+ log.F("[redir] func Serve: can not be called directly")
}
// Get the original destination of a TCP connection.
diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go
index f166239..19e499a 100644
--- a/proxy/tls/tls.go
+++ b/proxy/tls/tls.go
@@ -17,11 +17,14 @@ type TLS struct {
dialer proxy.Dialer
addr string
+ tlsConfig *stdtls.Config
+
serverName string
skipVerify bool
certFile string
keyFile string
+ cert stdtls.Certificate
server proxy.Server
}
@@ -69,7 +72,20 @@ func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
// NewTLSDialer returns a tls proxy dialer.
func NewTLSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
- return NewTLS(s, dialer)
+ p, err := NewTLS(s, dialer)
+ if err != nil {
+ return nil, err
+ }
+
+ p.tlsConfig = &stdtls.Config{
+ ServerName: p.serverName,
+ InsecureSkipVerify: p.skipVerify,
+ ClientSessionCache: stdtls.NewLRUClientSessionCache(64),
+ MinVersion: stdtls.VersionTLS10,
+ MaxVersion: stdtls.VersionTLS12,
+ }
+
+ return p, err
}
// NewTLSServer returns a tls transport layer before the real server
@@ -89,6 +105,18 @@ func NewTLSServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
return nil, err
}
+ cert, err := stdtls.LoadX509KeyPair(p.certFile, p.keyFile)
+ if err != nil {
+ log.F("[tls] unabled load cert: %s, key %s", p.certFile, p.keyFile)
+ return nil, err
+ }
+
+ p.tlsConfig = &stdtls.Config{
+ Certificates: []stdtls.Certificate{cert},
+ MinVersion: stdtls.VersionTLS10,
+ MaxVersion: stdtls.VersionTLS12,
+ }
+
p.server, err = proxy.ServerFromURL(transport[1], dialer)
return p, err
@@ -96,19 +124,7 @@ func NewTLSServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
// ListenAndServe .
func (s *TLS) ListenAndServe() {
- cert, err := stdtls.LoadX509KeyPair(s.certFile, s.keyFile)
- if err != nil {
- log.F("[tls] unabled load cert: %s, key %s", s.certFile, s.keyFile)
- return
- }
-
- tlsConfig := &stdtls.Config{
- Certificates: []stdtls.Certificate{cert},
- MinVersion: stdtls.VersionTLS10,
- MaxVersion: stdtls.VersionTLS12,
- }
-
- l, err := stdtls.Listen("tcp", s.addr, tlsConfig)
+ l, err := net.Listen("tcp", s.addr)
if err != nil {
log.F("[tls] failed to listen on tls %s: %v", s.addr, err)
return
@@ -130,8 +146,10 @@ func (s *TLS) ListenAndServe() {
// Serve .
func (s *TLS) Serve(c net.Conn) {
- // TODO: check here
- s.server.Serve(c)
+ if s.server != nil {
+ cc := stdtls.Server(c, s.tlsConfig)
+ s.server.Serve(cc)
+ }
}
// Addr returns forwarder's address
@@ -148,15 +166,7 @@ func (s *TLS) Dial(network, addr string) (net.Conn, error) {
return nil, err
}
- conf := &stdtls.Config{
- ServerName: s.serverName,
- InsecureSkipVerify: s.skipVerify,
- ClientSessionCache: stdtls.NewLRUClientSessionCache(64),
- MinVersion: stdtls.VersionTLS10,
- MaxVersion: stdtls.VersionTLS12,
- }
-
- c := stdtls.Client(cc, conf)
+ c := stdtls.Client(cc, s.tlsConfig)
err = c.Handshake()
return c, err
}
diff --git a/proxy/tproxy/tproxy_linux.go b/proxy/tproxy/tproxy_linux.go
index 64c723c..b338803 100644
--- a/proxy/tproxy/tproxy_linux.go
+++ b/proxy/tproxy/tproxy_linux.go
@@ -115,7 +115,9 @@ func (s *TProxy) ListenAndServeUDP() {
}
// Serve .
-func (s *TProxy) Serve(c net.Conn) {}
+func (s *TProxy) Serve(c net.Conn) {
+ log.F("[tproxy] func Serve: can not be called directly")
+}
// ReadFromUDP reads a UDP packet from c, copying the payload into b.
// It returns the number of bytes copied into b and the return address
diff --git a/proxy/udptun/udptun.go b/proxy/udptun/udptun.go
index 3018c15..4d43045 100644
--- a/proxy/udptun/udptun.go
+++ b/proxy/udptun/udptun.go
@@ -107,5 +107,5 @@ func (s *UDPTun) ListenAndServe() {
// Serve .
func (s *UDPTun) Serve(c net.Conn) {
-
+ log.F("[udptun] func Serve: can not be called directly")
}
diff --git a/proxy/uottun/uottun.go b/proxy/uottun/uottun.go
index d66a075..445c9b7 100644
--- a/proxy/uottun/uottun.go
+++ b/proxy/uottun/uottun.go
@@ -106,5 +106,5 @@ func (s *UoTTun) ListenAndServe() {
// Serve .
func (s *UoTTun) Serve(c net.Conn) {
// TODO
-
+ log.F("[uottun] func Serve: can not be called directly")
}
From dadaf35cb2015fa9649e110250ee4854e8ab44f2 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 25 Nov 2018 17:56:59 +0800
Subject: [PATCH 294/341] unix: add unix domain socket support. #59
---
main_linux.go | 1 +
proxy/tls/tls.go | 7 ++-
proxy/unix/unix.go | 131 +++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 137 insertions(+), 2 deletions(-)
create mode 100644 proxy/unix/unix.go
diff --git a/main_linux.go b/main_linux.go
index 636e616..ce57ebd 100644
--- a/main_linux.go
+++ b/main_linux.go
@@ -2,4 +2,5 @@ package main
import (
_ "github.com/nadoo/glider/proxy/redir"
+ _ "github.com/nadoo/glider/proxy/unix"
)
diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go
index 19e499a..3e456f8 100644
--- a/proxy/tls/tls.go
+++ b/proxy/tls/tls.go
@@ -118,15 +118,18 @@ func NewTLSServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
}
p.server, err = proxy.ServerFromURL(transport[1], dialer)
+ if err != nil {
+ return nil, err
+ }
- return p, err
+ return p, nil
}
// ListenAndServe .
func (s *TLS) ListenAndServe() {
l, err := net.Listen("tcp", s.addr)
if err != nil {
- log.F("[tls] failed to listen on tls %s: %v", s.addr, err)
+ log.F("[tls] failed to listen on %s: %v", s.addr, err)
return
}
defer l.Close()
diff --git a/proxy/unix/unix.go b/proxy/unix/unix.go
new file mode 100644
index 0000000..90a913f
--- /dev/null
+++ b/proxy/unix/unix.go
@@ -0,0 +1,131 @@
+package unix
+
+import (
+ "errors"
+ "fmt"
+ "net"
+ "net/url"
+ "os"
+ "strings"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+// Unix domain socket struct
+type Unix struct {
+ dialer proxy.Dialer
+ addr string
+
+ server proxy.Server
+}
+
+func init() {
+ proxy.RegisterServer("unix", NewUnixServer)
+ proxy.RegisterDialer("unix", NewUnixDialer)
+}
+
+// NewUnix returns unix fomain socket proxy
+func NewUnix(s string, dialer proxy.Dialer) (*Unix, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("parse url err: %s", err)
+ return nil, err
+ }
+
+ p := &Unix{
+ dialer: dialer,
+ addr: u.Path,
+ }
+
+ return p, nil
+}
+
+// NewUnixDialer returns a unix domain socket dialer
+func NewUnixDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewUnix(s, dialer)
+}
+
+// NewUnixServer returns a unix domain socket server
+func NewUnixServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ transport := strings.Split(s, ",")
+
+ // prepare transport listener
+ // TODO: check here
+ if len(transport) < 2 {
+ err := fmt.Errorf("[unix] malformd listener: %s", s)
+ log.F(err.Error())
+ return nil, err
+ }
+
+ p, err := NewUnix(transport[0], dialer)
+ if err != nil {
+ return nil, err
+ }
+
+ p.server, err = proxy.ServerFromURL(transport[1], dialer)
+ if err != nil {
+ return nil, err
+ }
+
+ return p, nil
+}
+
+// ListenAndServe serves requests
+func (s *Unix) ListenAndServe() {
+ os.Remove(s.addr)
+ l, err := net.Listen("unix", s.addr)
+ if err != nil {
+ log.F("[unix] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer l.Close()
+
+ log.F("[uinx] listening on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[uinx] failed to accept: %v", err)
+ continue
+ }
+
+ go s.Serve(c)
+ }
+}
+
+// Serve serves requests
+func (s *Unix) Serve(c net.Conn) {
+ defer c.Close()
+
+ if s.server != nil {
+ s.server.Serve(c)
+ }
+}
+
+// Addr returns forwarder's address
+func (s *Unix) Addr() string {
+ if s.addr == "" {
+ return s.dialer.Addr()
+ }
+ return s.addr
+}
+
+// NextDialer returns the next dialer
+func (s *Unix) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial connects to the address addr on the network net via the proxy.
+func (s *Unix) Dial(network, addr string) (net.Conn, error) {
+ // NOTE: must be the first dialer in a chain
+ rc, err := net.Dial("unix", s.addr)
+ if err != nil {
+ return nil, err
+ }
+
+ return rc, err
+}
+
+// DialUDP connects to the given address via the proxy
+func (s *Unix) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ return nil, nil, errors.New("unix domain socket client does not support udp now")
+}
From 86478d2c256d825c3374f7cdc5e54431da1579e0 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Sun, 25 Nov 2018 22:21:23 +0800
Subject: [PATCH 295/341] doc: update document for tls and unix proxy
---
README.md | 14 +++++++++++---
conf.go | 12 ++++++++++--
config/glider.conf.example | 6 ++++++
proxy/tls/tls.go | 5 +----
proxy/unix/unix.go | 5 +----
5 files changed, 29 insertions(+), 13 deletions(-)
diff --git a/README.md b/README.md
index 1e8d2a1..bd47525 100644
--- a/README.md
+++ b/README.md
@@ -110,7 +110,7 @@ glider -config CONFIGPATH -listen :8080 -verbose
## Usage
```bash
-glider v0.6.8 usage:
+glider v0.6.9 usage:
-checkduration int
proxy check interval(seconds) (default 30)
-checkwebsite string
@@ -160,13 +160,15 @@ Available Schemes:
tls: tls transport
ws: websocket transport
redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)
+ redir6: redirect proxy(ipv6)
tcptun: tcp tunnel
udptun: udp tunnel
uottun: udp over tcp tunnel
+ unix: unix domain socket
Available schemes for different modes:
- listen: mixed ss socks5 http redir tcptun udptun uottun
- forward: ss socks5 http ssr vmess tls ws
+ listen: mixed ss socks5 http redir redir6 tcptun udptun uottun tls unix
+ forward: ss socks5 http ssr vmess tls ws unix
SS scheme:
ss://method:pass@host:port
@@ -212,6 +214,9 @@ TLS and Websocket with a specified proxy protocol:
tls://host:port[?skipVerify=true],ws://[@/path],socks5://[user:pass@]
tls://host:port[?skipVerify=true],ws://[@/path],vmess://[security:]uuid@?alterID=num
+Unix domain socket scheme:
+ unix://path
+
DNS forwarding server:
dns=:53
dnsserver=8.8.8.8:53
@@ -257,6 +262,9 @@ Examples:
glider -listen socks5://:1080 -verbose
-listen on :1080 as a socks5 proxy server, in verbose mode.
+ glider -listen =tls://:443?cert=crtFilePath&key=keyFilePath,http:// -verbose
+ -listen on :443 as a https proxy server.
+
glider -listen http://:8080 -forward socks5://127.0.0.1:1080
-listen on :8080 as a http proxy server, forward all requests via socks5 server.
diff --git a/conf.go b/conf.go
index 4e0b74c..c323ef7 100644
--- a/conf.go
+++ b/conf.go
@@ -125,11 +125,12 @@ func usage() {
fmt.Fprintf(os.Stderr, " tcptun: tcp tunnel\n")
fmt.Fprintf(os.Stderr, " udptun: udp tunnel\n")
fmt.Fprintf(os.Stderr, " uottun: udp over tcp tunnel\n")
+ fmt.Fprintf(os.Stderr, " unix: unix domain socket\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Available schemes for different modes:\n")
- fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir redir6 tcptun udptun uottun\n")
- fmt.Fprintf(os.Stderr, " forward: ss socks5 http ssr vmess tls ws\n")
+ fmt.Fprintf(os.Stderr, " listen: mixed ss socks5 http redir redir6 tcptun udptun uottun tls unix\n")
+ fmt.Fprintf(os.Stderr, " forward: ss socks5 http ssr vmess tls ws unix\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "SS scheme:\n")
@@ -186,6 +187,10 @@ func usage() {
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],ws://[@/path],vmess://[security:]uuid@?alterID=num\n")
fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, "Unix domain socket scheme:\n")
+ fmt.Fprintf(os.Stderr, " unix://path\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
fmt.Fprintf(os.Stderr, "DNS forwarding server:\n")
fmt.Fprintf(os.Stderr, " dns=:53\n")
fmt.Fprintf(os.Stderr, " dnsserver=8.8.8.8:53\n")
@@ -235,6 +240,9 @@ func usage() {
fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -verbose\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as a socks5 proxy server, in verbose mode.\n")
fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen =tls://:443?cert=crtFilePath&key=keyFilePath,http:// -verbose\n")
+ fmt.Fprintf(os.Stderr, " -listen on :443 as a https proxy server.\n")
+ fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen http://:8080 -forward socks5://127.0.0.1:1080\n")
fmt.Fprintf(os.Stderr, " -listen on :8080 as a http proxy server, forward all requests via socks5 server.\n")
fmt.Fprintf(os.Stderr, "\n")
diff --git a/config/glider.conf.example b/config/glider.conf.example
index 1449f11..23a2050 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -55,6 +55,12 @@ listen=socks5://:1080
# listen on 1084 as a udp over tcp tunnel, all requests to :1084 will be forward to 1.1.1.1:53
# listen=uottun://:1084=1.1.1.1:53
+# listen on 443 with tls security layer and serve as http proxy server (HTTPS proxy)
+# listen=tls://:443?cert=crtFilePath&key=keyFilePath,http://
+
+# listen on unix domain socket and serve as socks5 server
+# listen=unix:///tmp/glider.socket,socks5://
+
# FORWARDERS
# ----------
# Forwarders, we can setup multiple forwarders.
diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go
index 3e456f8..7e1a4b8 100644
--- a/proxy/tls/tls.go
+++ b/proxy/tls/tls.go
@@ -3,7 +3,6 @@ package tls
import (
stdtls "crypto/tls"
"errors"
- "fmt"
"net"
"net/url"
"strings"
@@ -95,9 +94,7 @@ func NewTLSServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
// prepare transport listener
// TODO: check here
if len(transport) < 2 {
- err := fmt.Errorf("[tls] malformd listener: %s", s)
- log.F(err.Error())
- return nil, err
+ return nil, errors.New("[tls] malformd listener:" + s)
}
p, err := NewTLS(transport[0], dialer)
diff --git a/proxy/unix/unix.go b/proxy/unix/unix.go
index 90a913f..0395da1 100644
--- a/proxy/unix/unix.go
+++ b/proxy/unix/unix.go
@@ -2,7 +2,6 @@ package unix
import (
"errors"
- "fmt"
"net"
"net/url"
"os"
@@ -53,9 +52,7 @@ func NewUnixServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
// prepare transport listener
// TODO: check here
if len(transport) < 2 {
- err := fmt.Errorf("[unix] malformd listener: %s", s)
- log.F(err.Error())
- return nil, err
+ return nil, errors.New("[unix] malformd listener:" + s)
}
p, err := NewUnix(transport[0], dialer)
From 5a43cf873e2974945a1d35353402e33fa232bb14 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Tue, 27 Nov 2018 23:25:20 +0800
Subject: [PATCH 296/341] ipset: only allow to set ipset in rule files #69
---
README.md | 7 +--
conf.go | 6 +--
.../glider.conf | 3 --
.../rules.d/home.rule | 2 +
.../rules.d/office.rule | 3 ++
config/glider.conf.example | 12 ++---
config/rules.d/office.rule.example | 10 ++--
dns/server.go | 14 ++---
ipset/ipset_linux.go | 53 +++++++------------
ipset/ipset_other.go | 2 +-
main.go | 2 +-
proxy/socks5/socks5.go | 2 +-
proxy/tls/tls.go | 11 ++--
proxy/unix/unix.go | 3 +-
14 files changed, 59 insertions(+), 71 deletions(-)
diff --git a/README.md b/README.md
index bd47525..0742ac3 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,8 @@ Listen (local proxy server):
- TCP tunnel
- UDP tunnel
- UDP over TCP tunnel
+- TLS, use it together with above proxy protocols(tcp)
+- Unix domain socket, use it together with above proxy protocols(tcp)
Forward (local proxy client/upstream proxy server):
@@ -36,6 +38,7 @@ Forward (local proxy client/upstream proxy server):
- VMess proxy(tcp)
- TLS, use it together with above proxy protocols(tcp)
- Websocket, use it together with above proxy protocols(tcp)
+- Unix domain socket, use it together with above proxy protocols(tcp)
DNS Forwarding Server (udp2tcp):
@@ -135,8 +138,6 @@ glider v0.6.9 usage:
forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]
-interface string
source ip or source interface
- -ipset string
- ipset name
-listen value
listen url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS
-maxfailures int
@@ -262,7 +263,7 @@ Examples:
glider -listen socks5://:1080 -verbose
-listen on :1080 as a socks5 proxy server, in verbose mode.
- glider -listen =tls://:443?cert=crtFilePath&key=keyFilePath,http:// -verbose
+ glider -listen tls://:443?cert=crtFilePath&key=keyFilePath,http:// -verbose
-listen on :443 as a https proxy server.
glider -listen http://:8080 -forward socks5://127.0.0.1:1080
diff --git a/conf.go b/conf.go
index c323ef7..68630e5 100644
--- a/conf.go
+++ b/conf.go
@@ -29,8 +29,6 @@ var conf struct {
DNS string
DNSConfig dns.Config
- IPSet string
-
rules []*rule.Config
}
@@ -57,8 +55,6 @@ func confInit() {
flag.IntVar(&conf.DNSConfig.MinTTL, "dnsminttl", 0, "minimum TTL value for entries in the CACHE(seconds)")
flag.StringSliceUniqVar(&conf.DNSConfig.Records, "dnsrecord", nil, "custom dns record, format: domain/ip")
- flag.StringVar(&conf.IPSet, "ipset", "", "ipset name")
-
flag.Usage = usage
err := flag.Parse()
if err != nil {
@@ -240,7 +236,7 @@ func usage() {
fmt.Fprintf(os.Stderr, " "+app+" -listen socks5://:1080 -verbose\n")
fmt.Fprintf(os.Stderr, " -listen on :1080 as a socks5 proxy server, in verbose mode.\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, " "+app+" -listen =tls://:443?cert=crtFilePath&key=keyFilePath,http:// -verbose\n")
+ fmt.Fprintf(os.Stderr, " "+app+" -listen tls://:443?cert=crtFilePath&key=keyFilePath,http:// -verbose\n")
fmt.Fprintf(os.Stderr, " -listen on :443 as a https proxy server.\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, " "+app+" -listen http://:8080 -forward socks5://127.0.0.1:1080\n")
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/glider.conf b/config/examples/9.transparent_proxy_without_dnsmasq/glider.conf
index b78826c..47e14ea 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/glider.conf
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/glider.conf
@@ -9,8 +9,5 @@ listen=redir://:1081
dns=:53
dnsserver=8.8.8.8:53
-# as a ipset manager
-ipset=glider
-
# parse all *.rule files in rules.d folder
rules-dir=rules.d
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/home.rule b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/home.rule
index 956afbb..0660982 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/home.rule
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/home.rule
@@ -13,6 +13,8 @@ strategy=rr
checkwebsite=www.apple.com
checkduration=30
+# as a ipset manager
+ipset=glider
# matches 192.168.0.0/16
cidr=192.168.0.0/16
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.rule b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.rule
index 634e88e..1f91f9f 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.rule
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.rule
@@ -15,6 +15,9 @@ checkduration=30
# specify a different dns server(if need)
dnsserver=208.67.222.222:53
+# as a ipset manager
+ipset=glider
+
# specify destinations
include=office.list
diff --git a/config/glider.conf.example b/config/glider.conf.example
index 23a2050..55752b9 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -107,6 +107,9 @@ listen=socks5://:1080
# forward=tls://1.1.1.1:443,ws://,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
# forward=tls://1.1.1.1:443,ws://@/path,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
+# socks5 over unix domain socket
+# forward=unix:///tmp/glider.socket,socks5://
+
# FORWARDER CHAIN
# ---------------
# We can setup a forward chain using 1 forward option,
@@ -167,15 +170,6 @@ dnsminttl=0
dnsrecord=www.example.com/1.2.3.4
dnsrecord=www.example.com/2606:2800:220:1:248:1893:25c8:1946
-
-# IPSET MANAGEMENT
-# ----------------
-# Create and mange ipset on linux based on destinations in rule files
-# - add ip/cidrs in rule files on startup
-# - add resolved ips for domains in rule files by dns forwarding server
-# Usually used in transparent proxy mode on linux
-ipset=glider
-
# INTERFACE SPECIFIC
# ------------------
# Specify the outbound ip/interface.
diff --git a/config/rules.d/office.rule.example b/config/rules.d/office.rule.example
index fabf3bb..4147d83 100644
--- a/config/rules.d/office.rule.example
+++ b/config/rules.d/office.rule.example
@@ -20,9 +20,13 @@ checkduration=30
# DNS SERVER for domains in this rule file
dnsserver=208.67.222.222:53
-# IPSET
-# specify a ipset for destinations in this rule file
-#ipset=office
+# IPSET MANAGEMENT
+# ----------------
+# Create and mange ipset on linux based on destinations in rule files
+# - add ip/cidrs in rule files on startup
+# - add resolved ips for domains in rule files by dns forwarding server
+# Usually used in transparent proxy mode on linux
+ipset=glider
# DESTINATIONS
# ------------
diff --git a/dns/server.go b/dns/server.go
index 0531e11..cceff27 100644
--- a/dns/server.go
+++ b/dns/server.go
@@ -91,17 +91,17 @@ func (s *Server) ListenAndServeTCP(wg *sync.WaitGroup) {
l, err := net.Listen("tcp", s.addr)
wg.Done()
if err != nil {
- log.F("[dns]-tcp error: %v", err)
+ log.F("[dns-tcp] error: %v", err)
return
}
defer l.Close()
- log.F("[dns]-tcp listening TCP on %s", s.addr)
+ log.F("[dns-tcp] listening TCP on %s", s.addr)
for {
c, err := l.Accept()
if err != nil {
- log.F("[dns]-tcp error: failed to accept: %v", err)
+ log.F("[dns-tcp] error: failed to accept: %v", err)
continue
}
go s.ServeTCP(c)
@@ -116,14 +116,14 @@ func (s *Server) ServeTCP(c net.Conn) {
var reqLen uint16
if err := binary.Read(c, binary.BigEndian, &reqLen); err != nil {
- log.F("[dns]-tcp failed to get request length: %v", err)
+ log.F("[dns-tcp] failed to get request length: %v", err)
return
}
reqBytes := make([]byte, reqLen+2)
_, err := io.ReadFull(c, reqBytes[2:])
if err != nil {
- log.F("[dns]-tcp error in read reqBytes %s", err)
+ log.F("[dns-tcp] error in read reqBytes %s", err)
return
}
@@ -131,12 +131,12 @@ func (s *Server) ServeTCP(c net.Conn) {
respBytes, err := s.Exchange(reqBytes, c.RemoteAddr().String(), true)
if err != nil {
- log.F("[dns]-tcp error in exchange: %s", err)
+ log.F("[dns-tcp] error in exchange: %s", err)
return
}
if err := binary.Write(c, binary.BigEndian, respBytes); err != nil {
- log.F("[dns]-tcp error in local write respBytes: %s", err)
+ log.F("[dns-tcp] error in local write respBytes: %s", err)
return
}
}
diff --git a/ipset/ipset_linux.go b/ipset/ipset_linux.go
index b19d6c0..e3a1573 100644
--- a/ipset/ipset_linux.go
+++ b/ipset/ipset_linux.go
@@ -73,12 +73,11 @@ type Manager struct {
fd int
lsa syscall.SockaddrNetlink
- mainSet string
domainSet sync.Map
}
// NewManager returns a Manager
-func NewManager(mainSet string, rules []*rule.Config) (*Manager, error) {
+func NewManager(rules []*rule.Config) (*Manager, error) {
fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_NETFILTER)
if err != nil {
log.F("%s", err)
@@ -95,37 +94,28 @@ func NewManager(mainSet string, rules []*rule.Config) (*Manager, error) {
return nil, err
}
- m := &Manager{fd: fd, lsa: lsa, mainSet: mainSet}
- CreateSet(fd, lsa, mainSet)
+ m := &Manager{fd: fd, lsa: lsa}
+ // create ipset
for _, r := range rules {
- set := r.IPSet
-
- if set != "" && set != m.mainSet {
- CreateSet(fd, lsa, set)
- } else {
- set = m.mainSet
+ if r.IPSet != "" {
+ CreateSet(fd, lsa, r.IPSet)
}
+ }
- // if dialer is Direct, do not insert to ipset, in order to avoid iptables redirect loop
- if len(r.Forward) == 0 {
- continue
+ // init ipset
+ for _, r := range rules {
+ if r.IPSet != "" {
+ for _, domain := range r.Domain {
+ m.domainSet.Store(domain, r.IPSet)
+ }
+ for _, ip := range r.IP {
+ AddToSet(fd, lsa, r.IPSet, ip)
+ }
+ for _, cidr := range r.CIDR {
+ AddToSet(fd, lsa, r.IPSet, cidr)
+ }
}
-
- for _, domain := range r.Domain {
- m.domainSet.Store(domain, set)
- }
-
- for _, ip := range r.IP {
- AddToSet(fd, lsa, mainSet, ip)
- AddToSet(fd, lsa, r.IPSet, ip)
- }
-
- for _, cidr := range r.CIDR {
- AddToSet(fd, lsa, mainSet, cidr)
- AddToSet(fd, lsa, r.IPSet, cidr)
- }
-
}
return m, nil
@@ -141,14 +131,11 @@ func (m *Manager) AddDomainIP(domain, ip string) error {
// find in domainMap
if ipset, ok := m.domainSet.Load(domain); ok {
- AddToSet(m.fd, m.lsa, m.mainSet, ip)
- if ipset.(string) != m.mainSet {
- AddToSet(m.fd, m.lsa, ipset.(string), ip)
- }
+ AddToSet(m.fd, m.lsa, ipset.(string), ip)
}
}
-
}
+
return nil
}
diff --git a/ipset/ipset_other.go b/ipset/ipset_other.go
index ab9be65..91445ad 100644
--- a/ipset/ipset_other.go
+++ b/ipset/ipset_other.go
@@ -12,7 +12,7 @@ import (
type Manager struct{}
// NewManager returns a Manager
-func NewManager(mainSet string, rules []*rule.Config) (*Manager, error) {
+func NewManager(rules []*rule.Config) (*Manager, error) {
return nil, errors.New("ipset not supported on this os")
}
diff --git a/main.go b/main.go
index 8634a86..b288d79 100644
--- a/main.go
+++ b/main.go
@@ -44,7 +44,7 @@ func main() {
dialer := rule.NewDialer(conf.rules, strategy.NewDialer(conf.Forward, &conf.StrategyConfig))
// ipset manager
- ipsetM, _ := ipset.NewManager(conf.IPSet, conf.rules)
+ ipsetM, _ := ipset.NewManager(conf.rules)
// check and setup dns server
if conf.DNS != "" {
diff --git a/proxy/socks5/socks5.go b/proxy/socks5/socks5.go
index f3e8573..224196b 100644
--- a/proxy/socks5/socks5.go
+++ b/proxy/socks5/socks5.go
@@ -232,7 +232,7 @@ func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
c, err := s.dialer.Dial(network, s.addr)
if err != nil {
- log.F("dial to %s error: %s", s.addr, err)
+ log.F("[socks5]: dial to %s error: %s", s.addr, err)
return nil, err
}
diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go
index 7e1a4b8..6a8fcdc 100644
--- a/proxy/tls/tls.go
+++ b/proxy/tls/tls.go
@@ -33,7 +33,7 @@ func init() {
proxy.RegisterServer("tls", NewTLSServer)
}
-// NewTLS returns a tls proxy
+// NewTLS returns a tls proxy struct
func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
u, err := url.Parse(s)
if err != nil {
@@ -69,7 +69,7 @@ func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
return p, nil
}
-// NewTLSDialer returns a tls proxy dialer.
+// NewTLSDialer returns a tls proxy dialer
func NewTLSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
p, err := NewTLS(s, dialer)
if err != nil {
@@ -104,7 +104,7 @@ func NewTLSServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
cert, err := stdtls.LoadX509KeyPair(p.certFile, p.keyFile)
if err != nil {
- log.F("[tls] unabled load cert: %s, key %s", p.certFile, p.keyFile)
+ log.F("[tls] unable to load cert: %s, key %s", p.certFile, p.keyFile)
return nil, err
}
@@ -144,8 +144,11 @@ func (s *TLS) ListenAndServe() {
}
}
-// Serve .
+// Serve serves requests
func (s *TLS) Serve(c net.Conn) {
+ // we know the internal server will close the connection after serve
+ // defer c.Close()
+
if s.server != nil {
cc := stdtls.Server(c, s.tlsConfig)
s.server.Serve(cc)
diff --git a/proxy/unix/unix.go b/proxy/unix/unix.go
index 0395da1..0a43e62 100644
--- a/proxy/unix/unix.go
+++ b/proxy/unix/unix.go
@@ -93,7 +93,8 @@ func (s *Unix) ListenAndServe() {
// Serve serves requests
func (s *Unix) Serve(c net.Conn) {
- defer c.Close()
+ // we know the internal server will close the connection after serve
+ // defer c.Close()
if s.server != nil {
s.server.Serve(c)
From 44c30df001094d8901b2880a3bb976aceccc7bf4 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Wed, 28 Nov 2018 23:28:32 +0800
Subject: [PATCH 297/341] doc: update description for tls
---
README.md | 17 ++++--
conf.go | 19 ++++--
config/README.md | 14 +++--
.../README.md | 6 +-
config/glider.conf.example | 10 ++-
proxy/redir/redir_linux.go | 61 +++++++++----------
rule/rule.go | 1 -
7 files changed, 76 insertions(+), 52 deletions(-)
diff --git a/README.md b/README.md
index 0742ac3..83c0e1c 100644
--- a/README.md
+++ b/README.md
@@ -121,7 +121,7 @@ glider v0.6.9 usage:
-config string
config file path
-dns string
- dns forwarder server listen address
+ local dns server listen address
-dnsalwaystcp
always use tcp to query upstream dns servers no matter there is a forwarder or not
-dnsmaxttl int
@@ -131,7 +131,7 @@ glider v0.6.9 usage:
-dnsrecord value
custom dns record, format: domain/ip
-dnsserver value
- remote dns server
+ remote dns server address
-dnstimeout int
timeout value used in multiple dnsservers switch(seconds) (default 3)
-forward value
@@ -191,15 +191,24 @@ VMess scheme:
Available securities for vmess:
none, aes-128-gcm, chacha20-poly1305
-TLS scheme:
+TLS client scheme:
tls://host:port[?skipVerify=true]
-TLS with a specified proxy protocol:
+Proxy over tls client:
tls://host:port[?skipVerify=true],scheme://
tls://host:port[?skipVerify=true],http://[user:pass@]
tls://host:port[?skipVerify=true],socks5://[user:pass@]
tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num
+TLS server scheme:
+ tls://host:port?cert=PATH&key=PATH
+
+Proxy over tls server:
+ tls://host:port?cert=PATH&key=PATH,scheme://
+ tls://host:port?cert=PATH&key=PATH,http://
+ tls://host:port?cert=PATH&key=PATH,socks5://
+ tls://host:port?cert=PATH&key=PATH,ss://method:pass@
+
Websocket scheme:
ws://host:port[/path]
diff --git a/conf.go b/conf.go
index 68630e5..aa59f96 100644
--- a/conf.go
+++ b/conf.go
@@ -47,8 +47,8 @@ func confInit() {
flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
flag.StringVar(&conf.RulesDir, "rules-dir", "", "rule file folder")
- flag.StringVar(&conf.DNS, "dns", "", "dns forwarder server listen address")
- flag.StringSliceUniqVar(&conf.DNSConfig.Servers, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
+ flag.StringVar(&conf.DNS, "dns", "", "local dns server listen address")
+ flag.StringSliceUniqVar(&conf.DNSConfig.Servers, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server address")
flag.BoolVar(&conf.DNSConfig.AlwaysTCP, "dnsalwaystcp", false, "always use tcp to query upstream dns servers no matter there is a forwarder or not")
flag.IntVar(&conf.DNSConfig.Timeout, "dnstimeout", 3, "timeout value used in multiple dnsservers switch(seconds)")
flag.IntVar(&conf.DNSConfig.MaxTTL, "dnsmaxttl", 1800, "maximum TTL value for entries in the CACHE(seconds)")
@@ -154,17 +154,28 @@ func usage() {
fmt.Fprintf(os.Stderr, " none, aes-128-gcm, chacha20-poly1305\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, "TLS scheme:\n")
+ fmt.Fprintf(os.Stderr, "TLS client scheme:\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true]\n")
fmt.Fprintf(os.Stderr, "\n")
- fmt.Fprintf(os.Stderr, "TLS with a specified proxy protocol:\n")
+ fmt.Fprintf(os.Stderr, "Proxy over tls client:\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],scheme://\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],http://[user:pass@]\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],socks5://[user:pass@]\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num\n")
fmt.Fprintf(os.Stderr, "\n")
+ fmt.Fprintf(os.Stderr, "TLS server scheme:\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port?cert=PATH&key=PATH\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
+ fmt.Fprintf(os.Stderr, "Proxy over tls server:\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port?cert=PATH&key=PATH,scheme://\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port?cert=PATH&key=PATH,http://\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port?cert=PATH&key=PATH,socks5://\n")
+ fmt.Fprintf(os.Stderr, " tls://host:port?cert=PATH&key=PATH,ss://method:pass@\n")
+ fmt.Fprintf(os.Stderr, "\n")
+
fmt.Fprintf(os.Stderr, "Websocket scheme:\n")
fmt.Fprintf(os.Stderr, " ws://host:port[/path]\n")
fmt.Fprintf(os.Stderr, "\n")
diff --git a/config/README.md b/config/README.md
index 0d67287..9796877 100644
--- a/config/README.md
+++ b/config/README.md
@@ -40,12 +40,6 @@ dns=:53
# global remote dns server (you can specify different dns server in rule file)
dnsserver=8.8.8.8:53
-# Create and manage ipset on linux based on destinations in rule files
-# - add ip/cidrs in rule files on startup
-# - add resolved ips for domains in rule files by dns forwarder server
-# Usually used in transparent proxy mode on linux
-ipset=glider
-
# RULE FILES
rules-dir=rules.d
#rulefile=office.rule
@@ -69,6 +63,14 @@ checkduration=30
# DNS SERVER for domains in this rule file
dnsserver=208.67.222.222:53
+# IPSET MANAGEMENT
+# ----------------
+# Create and mange ipset on linux based on destinations in rule files
+# - add ip/cidrs in rule files on startup
+# - add resolved ips for domains in rule files by dns forwarding server
+# Usually used in transparent proxy mode on linux
+ipset=glider
+
# YOU CAN SPECIFY DESTINATIONS TO USE THE ABOVE FORWARDERS
# matches abc.com and *.abc.com
domain=abc.com
diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/README.md b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
index 6304119..e730a64 100644
--- a/config/examples/9.transparent_proxy_without_dnsmasq/README.md
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
@@ -27,9 +27,6 @@ listen=redir://:1081
dns=:53
dnsserver=8.8.8.8:53
-# as a ipset manager
-ipset=glider
-
# specify rule files
rules-dir=rules.d
```
@@ -46,6 +43,9 @@ checkduration=30
# specify a different dns server(if need)
dnsserver=208.67.222.222:53
+# as a ipset manager
+ipset=glider
+
# specify destinations
include=office.list
diff --git a/config/glider.conf.example b/config/glider.conf.example
index 55752b9..da7fe9b 100644
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@@ -55,10 +55,13 @@ listen=socks5://:1080
# listen on 1084 as a udp over tcp tunnel, all requests to :1084 will be forward to 1.1.1.1:53
# listen=uottun://:1084=1.1.1.1:53
-# listen on 443 with tls security layer and serve as http proxy server (HTTPS proxy)
+# http over tls (HTTPS proxy)
# listen=tls://:443?cert=crtFilePath&key=keyFilePath,http://
-# listen on unix domain socket and serve as socks5 server
+# ss over tls
+# listen=tls://:443?cert=crtFilePath&key=keyFilePath,ss://AEAD_CHACHA20_POLY1305:pass@
+
+# socks5 over unix domain socket
# listen=unix:///tmp/glider.socket,socks5://
# FORWARDERS
@@ -107,6 +110,9 @@ listen=socks5://:1080
# forward=tls://1.1.1.1:443,ws://,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
# forward=tls://1.1.1.1:443,ws://@/path,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
+# ss over tls
+# forward=tls://1.1.1.1:443,ss://AEAD_CHACHA20_POLY1305:pass@
+
# socks5 over unix domain socket
# forward=unix:///tmp/glider.socket,socks5://
diff --git a/proxy/redir/redir_linux.go b/proxy/redir/redir_linux.go
index 4e1ffca..f216b3f 100644
--- a/proxy/redir/redir_linux.go
+++ b/proxy/redir/redir_linux.go
@@ -80,43 +80,40 @@ func (s *RedirProxy) ListenAndServe() {
continue
}
- go func() {
- defer c.Close()
-
- if c, ok := c.(*net.TCPConn); ok {
- c.SetKeepAlive(true)
- }
-
- tgt, err := getOrigDst(c, s.ipv6)
- if err != nil {
- log.F("[redir] failed to get target address: %v", err)
- return
- }
-
- rc, err := s.dialer.Dial("tcp", tgt.String())
- if err != nil {
- log.F("[redir] failed to connect to target: %v", err)
- return
- }
- defer rc.Close()
-
- log.F("[redir] %s <-> %s", c.RemoteAddr(), tgt)
-
- _, _, err = conn.Relay(c, rc)
- if err != nil {
- if err, ok := err.(net.Error); ok && err.Timeout() {
- return // ignore i/o timeout
- }
- log.F("[redir] relay error: %v", err)
- }
-
- }()
+ go s.Serve(c)
}
}
// Serve .
func (s *RedirProxy) Serve(c net.Conn) {
- log.F("[redir] func Serve: can not be called directly")
+ defer c.Close()
+
+ if c, ok := c.(*net.TCPConn); ok {
+ c.SetKeepAlive(true)
+ }
+
+ tgt, err := getOrigDst(c, s.ipv6)
+ if err != nil {
+ log.F("[redir] failed to get target address: %v", err)
+ return
+ }
+
+ rc, err := s.dialer.Dial("tcp", tgt.String())
+ if err != nil {
+ log.F("[redir] failed to connect to target: %v", err)
+ return
+ }
+ defer rc.Close()
+
+ log.F("[redir] %s <-> %s", c.RemoteAddr(), tgt)
+
+ _, _, err = conn.Relay(c, rc)
+ if err != nil {
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ return // ignore i/o timeout
+ }
+ log.F("[redir] relay error: %v", err)
+ }
}
// Get the original destination of a TCP connection.
diff --git a/rule/rule.go b/rule/rule.go
index 55a29a3..521c59e 100644
--- a/rule/rule.go
+++ b/rule/rule.go
@@ -121,7 +121,6 @@ func (rd *Dialer) AddDomainIP(domain, ip string) error {
log.F("[rule] add ip=%s, based on rule: domain=%s & domain/ip: %s/%s\n", ip, pDomain, domain, ip)
}
}
-
}
return nil
}
From b44fd344f454f2ee2e1b1ea074e768fa1b6c4192 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 30 Nov 2018 19:01:25 +0800
Subject: [PATCH 298/341] kcp: added kcp support #63
---
main.go | 3 +-
proxy/http/http.go | 2 +-
proxy/kcp/kcp.go | 206 ++++
proxy/tls/tls.go | 4 +-
.../klauspost/cpuid/CONTRIBUTING.txt | 35 +
vendor/github.com/klauspost/cpuid/LICENSE | 22 +
vendor/github.com/klauspost/cpuid/README.md | 145 +++
vendor/github.com/klauspost/cpuid/cpuid.go | 1040 +++++++++++++++++
vendor/github.com/klauspost/cpuid/cpuid_386.s | 42 +
.../github.com/klauspost/cpuid/cpuid_amd64.s | 42 +
.../klauspost/cpuid/detect_intel.go | 17 +
.../github.com/klauspost/cpuid/detect_ref.go | 23 +
vendor/github.com/klauspost/cpuid/generate.go | 4 +
.../github.com/klauspost/cpuid/private-gen.go | 476 ++++++++
.../github.com/klauspost/reedsolomon/LICENSE | 23 +
.../klauspost/reedsolomon/README.md | 279 +++++
.../klauspost/reedsolomon/appveyor.yml | 20 +
.../klauspost/reedsolomon/galois.go | 902 ++++++++++++++
.../klauspost/reedsolomon/galois_amd64.go | 92 ++
.../klauspost/reedsolomon/galois_amd64.s | 236 ++++
.../klauspost/reedsolomon/galois_arm64.go | 49 +
.../klauspost/reedsolomon/galois_arm64.s | 141 +++
.../klauspost/reedsolomon/galois_noasm.go | 27 +
.../klauspost/reedsolomon/gentables.go | 132 +++
.../klauspost/reedsolomon/inversion_tree.go | 160 +++
.../klauspost/reedsolomon/matrix.go | 279 +++++
.../klauspost/reedsolomon/options.go | 111 ++
.../klauspost/reedsolomon/reedsolomon.go | 884 ++++++++++++++
.../klauspost/reedsolomon/streaming.go | 584 +++++++++
.../nadoo/go-shadowsocks2/core/cipher.go | 4 +-
vendor/github.com/pkg/errors/LICENSE | 23 +
vendor/github.com/pkg/errors/README.md | 52 +
vendor/github.com/pkg/errors/appveyor.yml | 32 +
vendor/github.com/pkg/errors/errors.go | 282 +++++
vendor/github.com/pkg/errors/stack.go | 147 +++
vendor/github.com/templexxx/cpufeat/LICENSE | 27 +
vendor/github.com/templexxx/cpufeat/README.md | 1 +
vendor/github.com/templexxx/cpufeat/cpu.go | 33 +
.../github.com/templexxx/cpufeat/cpu_arm.go | 7 +
.../github.com/templexxx/cpufeat/cpu_arm64.go | 7 +
.../github.com/templexxx/cpufeat/cpu_mips.go | 7 +
.../templexxx/cpufeat/cpu_mips64.go | 7 +
.../templexxx/cpufeat/cpu_mips64le.go | 7 +
.../templexxx/cpufeat/cpu_mipsle.go | 7 +
.../github.com/templexxx/cpufeat/cpu_ppc64.go | 7 +
.../templexxx/cpufeat/cpu_ppc64le.go | 7 +
.../github.com/templexxx/cpufeat/cpu_s390x.go | 7 +
.../github.com/templexxx/cpufeat/cpu_x86.go | 70 ++
vendor/github.com/templexxx/cpufeat/cpu_x86.s | 32 +
vendor/github.com/templexxx/xor/LICENSE | 21 +
vendor/github.com/templexxx/xor/README.md | 50 +
vendor/github.com/templexxx/xor/avx2_amd64.s | 438 +++++++
vendor/github.com/templexxx/xor/nosimd.go | 116 ++
vendor/github.com/templexxx/xor/sse2_amd64.s | 574 +++++++++
vendor/github.com/templexxx/xor/xor.go | 49 +
vendor/github.com/templexxx/xor/xor_amd64.go | 120 ++
vendor/github.com/templexxx/xor/xor_other.go | 19 +
vendor/github.com/tjfoc/gmsm/LICENSE | 201 ++++
vendor/github.com/tjfoc/gmsm/sm4/sm4.go | 342 ++++++
vendor/github.com/xtaci/kcp-go/LICENSE | 22 +
vendor/github.com/xtaci/kcp-go/README.md | 185 +++
vendor/github.com/xtaci/kcp-go/crypt.go | 785 +++++++++++++
vendor/github.com/xtaci/kcp-go/donate.png | Bin 0 -> 4420 bytes
vendor/github.com/xtaci/kcp-go/entropy.go | 51 +
vendor/github.com/xtaci/kcp-go/fec.go | 311 +++++
vendor/github.com/xtaci/kcp-go/frame.png | Bin 0 -> 36006 bytes
vendor/github.com/xtaci/kcp-go/kcp-go.png | Bin 0 -> 9153 bytes
vendor/github.com/xtaci/kcp-go/kcp.go | 1008 ++++++++++++++++
vendor/github.com/xtaci/kcp-go/sess.go | 972 +++++++++++++++
vendor/github.com/xtaci/kcp-go/snmp.go | 164 +++
vendor/github.com/xtaci/kcp-go/updater.go | 104 ++
vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go | 77 ++
vendor/golang.org/x/crypto/salsa20/salsa20.go | 58 +
vendor/golang.org/x/crypto/tea/cipher.go | 108 ++
vendor/golang.org/x/crypto/twofish/twofish.go | 342 ++++++
vendor/golang.org/x/crypto/xtea/block.go | 66 ++
vendor/golang.org/x/crypto/xtea/cipher.go | 82 ++
vendor/golang.org/x/net/LICENSE | 27 +
vendor/golang.org/x/net/PATENTS | 22 +
vendor/golang.org/x/net/bpf/asm.go | 41 +
vendor/golang.org/x/net/bpf/constants.go | 222 ++++
vendor/golang.org/x/net/bpf/doc.go | 82 ++
vendor/golang.org/x/net/bpf/instructions.go | 726 ++++++++++++
vendor/golang.org/x/net/bpf/setter.go | 10 +
vendor/golang.org/x/net/bpf/vm.go | 150 +++
.../golang.org/x/net/bpf/vm_instructions.go | 181 +++
.../golang.org/x/net/internal/iana/const.go | 223 ++++
vendor/golang.org/x/net/internal/iana/gen.go | 383 ++++++
.../x/net/internal/socket/cmsghdr.go | 11 +
.../x/net/internal/socket/cmsghdr_bsd.go | 13 +
.../internal/socket/cmsghdr_linux_32bit.go | 14 +
.../internal/socket/cmsghdr_linux_64bit.go | 14 +
.../internal/socket/cmsghdr_solaris_64bit.go | 14 +
.../x/net/internal/socket/cmsghdr_stub.go | 17 +
.../x/net/internal/socket/defs_darwin.go | 44 +
.../x/net/internal/socket/defs_dragonfly.go | 44 +
.../x/net/internal/socket/defs_freebsd.go | 44 +
.../x/net/internal/socket/defs_linux.go | 49 +
.../x/net/internal/socket/defs_netbsd.go | 47 +
.../x/net/internal/socket/defs_openbsd.go | 44 +
.../x/net/internal/socket/defs_solaris.go | 44 +
.../golang.org/x/net/internal/socket/empty.s | 7 +
.../x/net/internal/socket/error_unix.go | 31 +
.../x/net/internal/socket/error_windows.go | 26 +
.../x/net/internal/socket/iovec_32bit.go | 19 +
.../x/net/internal/socket/iovec_64bit.go | 19 +
.../internal/socket/iovec_solaris_64bit.go | 19 +
.../x/net/internal/socket/iovec_stub.go | 11 +
.../x/net/internal/socket/mmsghdr_stub.go | 21 +
.../x/net/internal/socket/mmsghdr_unix.go | 42 +
.../x/net/internal/socket/msghdr_bsd.go | 39 +
.../x/net/internal/socket/msghdr_bsdvar.go | 16 +
.../x/net/internal/socket/msghdr_linux.go | 36 +
.../net/internal/socket/msghdr_linux_32bit.go | 24 +
.../net/internal/socket/msghdr_linux_64bit.go | 24 +
.../x/net/internal/socket/msghdr_openbsd.go | 14 +
.../internal/socket/msghdr_solaris_64bit.go | 36 +
.../x/net/internal/socket/msghdr_stub.go | 14 +
.../x/net/internal/socket/rawconn.go | 66 ++
.../x/net/internal/socket/rawconn_mmsg.go | 74 ++
.../x/net/internal/socket/rawconn_msg.go | 77 ++
.../x/net/internal/socket/rawconn_nommsg.go | 18 +
.../x/net/internal/socket/rawconn_nomsg.go | 18 +
.../x/net/internal/socket/rawconn_stub.go | 25 +
.../x/net/internal/socket/reflect.go | 62 +
.../x/net/internal/socket/socket.go | 285 +++++
.../golang.org/x/net/internal/socket/sys.go | 33 +
.../x/net/internal/socket/sys_bsd.go | 17 +
.../x/net/internal/socket/sys_bsdvar.go | 14 +
.../x/net/internal/socket/sys_darwin.go | 7 +
.../x/net/internal/socket/sys_dragonfly.go | 7 +
.../net/internal/socket/sys_go1_11_darwin.go | 33 +
.../net/internal/socket/sys_go1_12_darwin.go | 42 +
.../x/net/internal/socket/sys_linux.go | 27 +
.../x/net/internal/socket/sys_linux_386.go | 55 +
.../x/net/internal/socket/sys_linux_386.s | 11 +
.../x/net/internal/socket/sys_linux_amd64.go | 10 +
.../x/net/internal/socket/sys_linux_arm.go | 10 +
.../x/net/internal/socket/sys_linux_arm64.go | 10 +
.../x/net/internal/socket/sys_linux_mips.go | 10 +
.../x/net/internal/socket/sys_linux_mips64.go | 10 +
.../net/internal/socket/sys_linux_mips64le.go | 10 +
.../x/net/internal/socket/sys_linux_mipsle.go | 10 +
.../x/net/internal/socket/sys_linux_ppc64.go | 10 +
.../net/internal/socket/sys_linux_ppc64le.go | 10 +
.../x/net/internal/socket/sys_linux_s390x.go | 55 +
.../x/net/internal/socket/sys_linux_s390x.s | 11 +
.../x/net/internal/socket/sys_netbsd.go | 25 +
.../x/net/internal/socket/sys_posix.go | 184 +++
.../x/net/internal/socket/sys_solaris.go | 71 ++
.../x/net/internal/socket/sys_solaris_amd64.s | 11 +
.../x/net/internal/socket/sys_stub.go | 64 +
.../x/net/internal/socket/sys_unix.go | 33 +
.../x/net/internal/socket/sys_windows.go | 70 ++
.../x/net/internal/socket/zsys_darwin_386.go | 59 +
.../net/internal/socket/zsys_darwin_amd64.go | 61 +
.../x/net/internal/socket/zsys_darwin_arm.go | 59 +
.../net/internal/socket/zsys_darwin_arm64.go | 61 +
.../internal/socket/zsys_dragonfly_amd64.go | 61 +
.../x/net/internal/socket/zsys_freebsd_386.go | 59 +
.../net/internal/socket/zsys_freebsd_amd64.go | 61 +
.../x/net/internal/socket/zsys_freebsd_arm.go | 59 +
.../x/net/internal/socket/zsys_linux_386.go | 63 +
.../x/net/internal/socket/zsys_linux_amd64.go | 66 ++
.../x/net/internal/socket/zsys_linux_arm.go | 63 +
.../x/net/internal/socket/zsys_linux_arm64.go | 66 ++
.../x/net/internal/socket/zsys_linux_mips.go | 63 +
.../net/internal/socket/zsys_linux_mips64.go | 66 ++
.../internal/socket/zsys_linux_mips64le.go | 66 ++
.../net/internal/socket/zsys_linux_mipsle.go | 63 +
.../x/net/internal/socket/zsys_linux_ppc64.go | 66 ++
.../net/internal/socket/zsys_linux_ppc64le.go | 66 ++
.../x/net/internal/socket/zsys_linux_s390x.go | 66 ++
.../x/net/internal/socket/zsys_netbsd_386.go | 65 ++
.../net/internal/socket/zsys_netbsd_amd64.go | 68 ++
.../x/net/internal/socket/zsys_netbsd_arm.go | 65 ++
.../x/net/internal/socket/zsys_openbsd_386.go | 59 +
.../net/internal/socket/zsys_openbsd_amd64.go | 61 +
.../x/net/internal/socket/zsys_openbsd_arm.go | 59 +
.../net/internal/socket/zsys_solaris_amd64.go | 60 +
vendor/golang.org/x/net/ipv4/batch.go | 190 +++
vendor/golang.org/x/net/ipv4/control.go | 144 +++
vendor/golang.org/x/net/ipv4/control_bsd.go | 40 +
.../golang.org/x/net/ipv4/control_pktinfo.go | 39 +
vendor/golang.org/x/net/ipv4/control_stub.go | 13 +
vendor/golang.org/x/net/ipv4/control_unix.go | 73 ++
.../golang.org/x/net/ipv4/control_windows.go | 16 +
vendor/golang.org/x/net/ipv4/defs_darwin.go | 77 ++
.../golang.org/x/net/ipv4/defs_dragonfly.go | 38 +
vendor/golang.org/x/net/ipv4/defs_freebsd.go | 75 ++
vendor/golang.org/x/net/ipv4/defs_linux.go | 122 ++
vendor/golang.org/x/net/ipv4/defs_netbsd.go | 37 +
vendor/golang.org/x/net/ipv4/defs_openbsd.go | 37 +
vendor/golang.org/x/net/ipv4/defs_solaris.go | 84 ++
vendor/golang.org/x/net/ipv4/dgramopt.go | 264 +++++
vendor/golang.org/x/net/ipv4/doc.go | 245 ++++
vendor/golang.org/x/net/ipv4/endpoint.go | 186 +++
vendor/golang.org/x/net/ipv4/gen.go | 199 ++++
vendor/golang.org/x/net/ipv4/genericopt.go | 55 +
vendor/golang.org/x/net/ipv4/header.go | 170 +++
vendor/golang.org/x/net/ipv4/helper.go | 64 +
vendor/golang.org/x/net/ipv4/iana.go | 38 +
vendor/golang.org/x/net/ipv4/icmp.go | 57 +
vendor/golang.org/x/net/ipv4/icmp_linux.go | 25 +
vendor/golang.org/x/net/ipv4/icmp_stub.go | 25 +
vendor/golang.org/x/net/ipv4/packet.go | 68 ++
vendor/golang.org/x/net/ipv4/packet_go1_8.go | 56 +
vendor/golang.org/x/net/ipv4/packet_go1_9.go | 67 ++
vendor/golang.org/x/net/ipv4/payload.go | 23 +
vendor/golang.org/x/net/ipv4/payload_cmsg.go | 33 +
.../x/net/ipv4/payload_cmsg_go1_8.go | 59 +
.../x/net/ipv4/payload_cmsg_go1_9.go | 67 ++
.../golang.org/x/net/ipv4/payload_nocmsg.go | 39 +
vendor/golang.org/x/net/ipv4/sockopt.go | 44 +
vendor/golang.org/x/net/ipv4/sockopt_posix.go | 71 ++
vendor/golang.org/x/net/ipv4/sockopt_stub.go | 42 +
vendor/golang.org/x/net/ipv4/sys_asmreq.go | 119 ++
.../golang.org/x/net/ipv4/sys_asmreq_stub.go | 25 +
vendor/golang.org/x/net/ipv4/sys_asmreqn.go | 42 +
.../golang.org/x/net/ipv4/sys_asmreqn_stub.go | 21 +
vendor/golang.org/x/net/ipv4/sys_bpf.go | 23 +
vendor/golang.org/x/net/ipv4/sys_bpf_stub.go | 16 +
vendor/golang.org/x/net/ipv4/sys_bsd.go | 37 +
vendor/golang.org/x/net/ipv4/sys_darwin.go | 93 ++
vendor/golang.org/x/net/ipv4/sys_dragonfly.go | 35 +
vendor/golang.org/x/net/ipv4/sys_freebsd.go | 76 ++
vendor/golang.org/x/net/ipv4/sys_linux.go | 59 +
vendor/golang.org/x/net/ipv4/sys_solaris.go | 57 +
vendor/golang.org/x/net/ipv4/sys_ssmreq.go | 54 +
.../golang.org/x/net/ipv4/sys_ssmreq_stub.go | 21 +
vendor/golang.org/x/net/ipv4/sys_stub.go | 13 +
vendor/golang.org/x/net/ipv4/sys_windows.go | 67 ++
vendor/golang.org/x/net/ipv4/zsys_darwin.go | 99 ++
.../golang.org/x/net/ipv4/zsys_dragonfly.go | 31 +
.../golang.org/x/net/ipv4/zsys_freebsd_386.go | 93 ++
.../x/net/ipv4/zsys_freebsd_amd64.go | 95 ++
.../golang.org/x/net/ipv4/zsys_freebsd_arm.go | 95 ++
.../golang.org/x/net/ipv4/zsys_linux_386.go | 148 +++
.../golang.org/x/net/ipv4/zsys_linux_amd64.go | 150 +++
.../golang.org/x/net/ipv4/zsys_linux_arm.go | 148 +++
.../golang.org/x/net/ipv4/zsys_linux_arm64.go | 150 +++
.../golang.org/x/net/ipv4/zsys_linux_mips.go | 148 +++
.../x/net/ipv4/zsys_linux_mips64.go | 150 +++
.../x/net/ipv4/zsys_linux_mips64le.go | 150 +++
.../x/net/ipv4/zsys_linux_mipsle.go | 148 +++
.../golang.org/x/net/ipv4/zsys_linux_ppc.go | 148 +++
.../golang.org/x/net/ipv4/zsys_linux_ppc64.go | 150 +++
.../x/net/ipv4/zsys_linux_ppc64le.go | 150 +++
.../golang.org/x/net/ipv4/zsys_linux_s390x.go | 150 +++
vendor/golang.org/x/net/ipv4/zsys_netbsd.go | 30 +
vendor/golang.org/x/net/ipv4/zsys_openbsd.go | 30 +
vendor/golang.org/x/net/ipv4/zsys_solaris.go | 100 ++
vendor/vendor.json | 102 +-
253 files changed, 25087 insertions(+), 9 deletions(-)
create mode 100644 proxy/kcp/kcp.go
create mode 100644 vendor/github.com/klauspost/cpuid/CONTRIBUTING.txt
create mode 100644 vendor/github.com/klauspost/cpuid/LICENSE
create mode 100644 vendor/github.com/klauspost/cpuid/README.md
create mode 100644 vendor/github.com/klauspost/cpuid/cpuid.go
create mode 100644 vendor/github.com/klauspost/cpuid/cpuid_386.s
create mode 100644 vendor/github.com/klauspost/cpuid/cpuid_amd64.s
create mode 100644 vendor/github.com/klauspost/cpuid/detect_intel.go
create mode 100644 vendor/github.com/klauspost/cpuid/detect_ref.go
create mode 100644 vendor/github.com/klauspost/cpuid/generate.go
create mode 100644 vendor/github.com/klauspost/cpuid/private-gen.go
create mode 100644 vendor/github.com/klauspost/reedsolomon/LICENSE
create mode 100644 vendor/github.com/klauspost/reedsolomon/README.md
create mode 100644 vendor/github.com/klauspost/reedsolomon/appveyor.yml
create mode 100644 vendor/github.com/klauspost/reedsolomon/galois.go
create mode 100644 vendor/github.com/klauspost/reedsolomon/galois_amd64.go
create mode 100644 vendor/github.com/klauspost/reedsolomon/galois_amd64.s
create mode 100644 vendor/github.com/klauspost/reedsolomon/galois_arm64.go
create mode 100644 vendor/github.com/klauspost/reedsolomon/galois_arm64.s
create mode 100644 vendor/github.com/klauspost/reedsolomon/galois_noasm.go
create mode 100644 vendor/github.com/klauspost/reedsolomon/gentables.go
create mode 100644 vendor/github.com/klauspost/reedsolomon/inversion_tree.go
create mode 100644 vendor/github.com/klauspost/reedsolomon/matrix.go
create mode 100644 vendor/github.com/klauspost/reedsolomon/options.go
create mode 100644 vendor/github.com/klauspost/reedsolomon/reedsolomon.go
create mode 100644 vendor/github.com/klauspost/reedsolomon/streaming.go
create mode 100644 vendor/github.com/pkg/errors/LICENSE
create mode 100644 vendor/github.com/pkg/errors/README.md
create mode 100644 vendor/github.com/pkg/errors/appveyor.yml
create mode 100644 vendor/github.com/pkg/errors/errors.go
create mode 100644 vendor/github.com/pkg/errors/stack.go
create mode 100644 vendor/github.com/templexxx/cpufeat/LICENSE
create mode 100644 vendor/github.com/templexxx/cpufeat/README.md
create mode 100644 vendor/github.com/templexxx/cpufeat/cpu.go
create mode 100644 vendor/github.com/templexxx/cpufeat/cpu_arm.go
create mode 100644 vendor/github.com/templexxx/cpufeat/cpu_arm64.go
create mode 100644 vendor/github.com/templexxx/cpufeat/cpu_mips.go
create mode 100644 vendor/github.com/templexxx/cpufeat/cpu_mips64.go
create mode 100644 vendor/github.com/templexxx/cpufeat/cpu_mips64le.go
create mode 100644 vendor/github.com/templexxx/cpufeat/cpu_mipsle.go
create mode 100644 vendor/github.com/templexxx/cpufeat/cpu_ppc64.go
create mode 100644 vendor/github.com/templexxx/cpufeat/cpu_ppc64le.go
create mode 100644 vendor/github.com/templexxx/cpufeat/cpu_s390x.go
create mode 100644 vendor/github.com/templexxx/cpufeat/cpu_x86.go
create mode 100644 vendor/github.com/templexxx/cpufeat/cpu_x86.s
create mode 100644 vendor/github.com/templexxx/xor/LICENSE
create mode 100644 vendor/github.com/templexxx/xor/README.md
create mode 100644 vendor/github.com/templexxx/xor/avx2_amd64.s
create mode 100644 vendor/github.com/templexxx/xor/nosimd.go
create mode 100644 vendor/github.com/templexxx/xor/sse2_amd64.s
create mode 100644 vendor/github.com/templexxx/xor/xor.go
create mode 100644 vendor/github.com/templexxx/xor/xor_amd64.go
create mode 100644 vendor/github.com/templexxx/xor/xor_other.go
create mode 100644 vendor/github.com/tjfoc/gmsm/LICENSE
create mode 100644 vendor/github.com/tjfoc/gmsm/sm4/sm4.go
create mode 100644 vendor/github.com/xtaci/kcp-go/LICENSE
create mode 100644 vendor/github.com/xtaci/kcp-go/README.md
create mode 100644 vendor/github.com/xtaci/kcp-go/crypt.go
create mode 100644 vendor/github.com/xtaci/kcp-go/donate.png
create mode 100644 vendor/github.com/xtaci/kcp-go/entropy.go
create mode 100644 vendor/github.com/xtaci/kcp-go/fec.go
create mode 100644 vendor/github.com/xtaci/kcp-go/frame.png
create mode 100644 vendor/github.com/xtaci/kcp-go/kcp-go.png
create mode 100644 vendor/github.com/xtaci/kcp-go/kcp.go
create mode 100644 vendor/github.com/xtaci/kcp-go/sess.go
create mode 100644 vendor/github.com/xtaci/kcp-go/snmp.go
create mode 100644 vendor/github.com/xtaci/kcp-go/updater.go
create mode 100644 vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
create mode 100644 vendor/golang.org/x/crypto/salsa20/salsa20.go
create mode 100644 vendor/golang.org/x/crypto/tea/cipher.go
create mode 100644 vendor/golang.org/x/crypto/twofish/twofish.go
create mode 100644 vendor/golang.org/x/crypto/xtea/block.go
create mode 100644 vendor/golang.org/x/crypto/xtea/cipher.go
create mode 100644 vendor/golang.org/x/net/LICENSE
create mode 100644 vendor/golang.org/x/net/PATENTS
create mode 100644 vendor/golang.org/x/net/bpf/asm.go
create mode 100644 vendor/golang.org/x/net/bpf/constants.go
create mode 100644 vendor/golang.org/x/net/bpf/doc.go
create mode 100644 vendor/golang.org/x/net/bpf/instructions.go
create mode 100644 vendor/golang.org/x/net/bpf/setter.go
create mode 100644 vendor/golang.org/x/net/bpf/vm.go
create mode 100644 vendor/golang.org/x/net/bpf/vm_instructions.go
create mode 100644 vendor/golang.org/x/net/internal/iana/const.go
create mode 100644 vendor/golang.org/x/net/internal/iana/gen.go
create mode 100644 vendor/golang.org/x/net/internal/socket/cmsghdr.go
create mode 100644 vendor/golang.org/x/net/internal/socket/cmsghdr_bsd.go
create mode 100644 vendor/golang.org/x/net/internal/socket/cmsghdr_linux_32bit.go
create mode 100644 vendor/golang.org/x/net/internal/socket/cmsghdr_linux_64bit.go
create mode 100644 vendor/golang.org/x/net/internal/socket/cmsghdr_solaris_64bit.go
create mode 100644 vendor/golang.org/x/net/internal/socket/cmsghdr_stub.go
create mode 100644 vendor/golang.org/x/net/internal/socket/defs_darwin.go
create mode 100644 vendor/golang.org/x/net/internal/socket/defs_dragonfly.go
create mode 100644 vendor/golang.org/x/net/internal/socket/defs_freebsd.go
create mode 100644 vendor/golang.org/x/net/internal/socket/defs_linux.go
create mode 100644 vendor/golang.org/x/net/internal/socket/defs_netbsd.go
create mode 100644 vendor/golang.org/x/net/internal/socket/defs_openbsd.go
create mode 100644 vendor/golang.org/x/net/internal/socket/defs_solaris.go
create mode 100644 vendor/golang.org/x/net/internal/socket/empty.s
create mode 100644 vendor/golang.org/x/net/internal/socket/error_unix.go
create mode 100644 vendor/golang.org/x/net/internal/socket/error_windows.go
create mode 100644 vendor/golang.org/x/net/internal/socket/iovec_32bit.go
create mode 100644 vendor/golang.org/x/net/internal/socket/iovec_64bit.go
create mode 100644 vendor/golang.org/x/net/internal/socket/iovec_solaris_64bit.go
create mode 100644 vendor/golang.org/x/net/internal/socket/iovec_stub.go
create mode 100644 vendor/golang.org/x/net/internal/socket/mmsghdr_stub.go
create mode 100644 vendor/golang.org/x/net/internal/socket/mmsghdr_unix.go
create mode 100644 vendor/golang.org/x/net/internal/socket/msghdr_bsd.go
create mode 100644 vendor/golang.org/x/net/internal/socket/msghdr_bsdvar.go
create mode 100644 vendor/golang.org/x/net/internal/socket/msghdr_linux.go
create mode 100644 vendor/golang.org/x/net/internal/socket/msghdr_linux_32bit.go
create mode 100644 vendor/golang.org/x/net/internal/socket/msghdr_linux_64bit.go
create mode 100644 vendor/golang.org/x/net/internal/socket/msghdr_openbsd.go
create mode 100644 vendor/golang.org/x/net/internal/socket/msghdr_solaris_64bit.go
create mode 100644 vendor/golang.org/x/net/internal/socket/msghdr_stub.go
create mode 100644 vendor/golang.org/x/net/internal/socket/rawconn.go
create mode 100644 vendor/golang.org/x/net/internal/socket/rawconn_mmsg.go
create mode 100644 vendor/golang.org/x/net/internal/socket/rawconn_msg.go
create mode 100644 vendor/golang.org/x/net/internal/socket/rawconn_nommsg.go
create mode 100644 vendor/golang.org/x/net/internal/socket/rawconn_nomsg.go
create mode 100644 vendor/golang.org/x/net/internal/socket/rawconn_stub.go
create mode 100644 vendor/golang.org/x/net/internal/socket/reflect.go
create mode 100644 vendor/golang.org/x/net/internal/socket/socket.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_bsd.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_bsdvar.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_darwin.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_dragonfly.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_go1_11_darwin.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_go1_12_darwin.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_linux.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_linux_386.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_linux_386.s
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_linux_amd64.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_linux_arm.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_linux_arm64.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_linux_mips.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_linux_mips64.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_linux_mips64le.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_linux_mipsle.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_linux_ppc64.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_linux_ppc64le.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_linux_s390x.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_linux_s390x.s
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_netbsd.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_posix.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_solaris.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_solaris_amd64.s
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_stub.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_unix.go
create mode 100644 vendor/golang.org/x/net/internal/socket/sys_windows.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_darwin_386.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_darwin_amd64.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_darwin_arm.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_darwin_arm64.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_dragonfly_amd64.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_freebsd_386.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_freebsd_amd64.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_linux_386.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_linux_amd64.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_linux_arm.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_linux_arm64.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_linux_mips.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_linux_mips64.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_linux_mips64le.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_linux_mipsle.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64le.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_linux_s390x.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_netbsd_386.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_netbsd_amd64.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_openbsd_386.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_openbsd_amd64.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm.go
create mode 100644 vendor/golang.org/x/net/internal/socket/zsys_solaris_amd64.go
create mode 100644 vendor/golang.org/x/net/ipv4/batch.go
create mode 100644 vendor/golang.org/x/net/ipv4/control.go
create mode 100644 vendor/golang.org/x/net/ipv4/control_bsd.go
create mode 100644 vendor/golang.org/x/net/ipv4/control_pktinfo.go
create mode 100644 vendor/golang.org/x/net/ipv4/control_stub.go
create mode 100644 vendor/golang.org/x/net/ipv4/control_unix.go
create mode 100644 vendor/golang.org/x/net/ipv4/control_windows.go
create mode 100644 vendor/golang.org/x/net/ipv4/defs_darwin.go
create mode 100644 vendor/golang.org/x/net/ipv4/defs_dragonfly.go
create mode 100644 vendor/golang.org/x/net/ipv4/defs_freebsd.go
create mode 100644 vendor/golang.org/x/net/ipv4/defs_linux.go
create mode 100644 vendor/golang.org/x/net/ipv4/defs_netbsd.go
create mode 100644 vendor/golang.org/x/net/ipv4/defs_openbsd.go
create mode 100644 vendor/golang.org/x/net/ipv4/defs_solaris.go
create mode 100644 vendor/golang.org/x/net/ipv4/dgramopt.go
create mode 100644 vendor/golang.org/x/net/ipv4/doc.go
create mode 100644 vendor/golang.org/x/net/ipv4/endpoint.go
create mode 100644 vendor/golang.org/x/net/ipv4/gen.go
create mode 100644 vendor/golang.org/x/net/ipv4/genericopt.go
create mode 100644 vendor/golang.org/x/net/ipv4/header.go
create mode 100644 vendor/golang.org/x/net/ipv4/helper.go
create mode 100644 vendor/golang.org/x/net/ipv4/iana.go
create mode 100644 vendor/golang.org/x/net/ipv4/icmp.go
create mode 100644 vendor/golang.org/x/net/ipv4/icmp_linux.go
create mode 100644 vendor/golang.org/x/net/ipv4/icmp_stub.go
create mode 100644 vendor/golang.org/x/net/ipv4/packet.go
create mode 100644 vendor/golang.org/x/net/ipv4/packet_go1_8.go
create mode 100644 vendor/golang.org/x/net/ipv4/packet_go1_9.go
create mode 100644 vendor/golang.org/x/net/ipv4/payload.go
create mode 100644 vendor/golang.org/x/net/ipv4/payload_cmsg.go
create mode 100644 vendor/golang.org/x/net/ipv4/payload_cmsg_go1_8.go
create mode 100644 vendor/golang.org/x/net/ipv4/payload_cmsg_go1_9.go
create mode 100644 vendor/golang.org/x/net/ipv4/payload_nocmsg.go
create mode 100644 vendor/golang.org/x/net/ipv4/sockopt.go
create mode 100644 vendor/golang.org/x/net/ipv4/sockopt_posix.go
create mode 100644 vendor/golang.org/x/net/ipv4/sockopt_stub.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_asmreq.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_asmreq_stub.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_asmreqn.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_asmreqn_stub.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_bpf.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_bpf_stub.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_bsd.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_darwin.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_dragonfly.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_freebsd.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_linux.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_solaris.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_ssmreq.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_ssmreq_stub.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_stub.go
create mode 100644 vendor/golang.org/x/net/ipv4/sys_windows.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_darwin.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_dragonfly.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_freebsd_386.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_freebsd_amd64.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_freebsd_arm.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_linux_386.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_linux_amd64.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_linux_arm.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_linux_arm64.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_linux_mips.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_linux_mips64.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_linux_mips64le.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_linux_mipsle.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_linux_ppc.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_linux_ppc64.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_linux_ppc64le.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_linux_s390x.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_netbsd.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_openbsd.go
create mode 100644 vendor/golang.org/x/net/ipv4/zsys_solaris.go
diff --git a/main.go b/main.go
index b288d79..42ff570 100644
--- a/main.go
+++ b/main.go
@@ -14,6 +14,7 @@ import (
"github.com/nadoo/glider/strategy"
_ "github.com/nadoo/glider/proxy/http"
+ _ "github.com/nadoo/glider/proxy/kcp"
_ "github.com/nadoo/glider/proxy/mixed"
_ "github.com/nadoo/glider/proxy/socks5"
_ "github.com/nadoo/glider/proxy/ss"
@@ -27,7 +28,7 @@ import (
)
// VERSION .
-const VERSION = "0.6.9"
+const VERSION = "0.6.10"
func main() {
// read configs
diff --git a/proxy/http/http.go b/proxy/http/http.go
index 76095ce..b66a1dd 100644
--- a/proxy/http/http.go
+++ b/proxy/http/http.go
@@ -56,7 +56,7 @@ func NewHTTP(s string, dialer proxy.Dialer) (*HTTP, error) {
}
pretend := u.Query().Get("pretend")
- if pretend != "" {
+ if pretend == "true" {
h.pretendAsWebServer = true
}
diff --git a/proxy/kcp/kcp.go b/proxy/kcp/kcp.go
new file mode 100644
index 0000000..d766856
--- /dev/null
+++ b/proxy/kcp/kcp.go
@@ -0,0 +1,206 @@
+package kcp
+
+import (
+ "crypto/sha1"
+ "errors"
+ "net"
+ "net/url"
+ "strconv"
+ "strings"
+
+ kcp "github.com/xtaci/kcp-go"
+ "golang.org/x/crypto/pbkdf2"
+
+ "github.com/nadoo/glider/common/log"
+ "github.com/nadoo/glider/proxy"
+)
+
+// KCP struct
+type KCP struct {
+ dialer proxy.Dialer
+ addr string
+
+ key string
+ crypt string
+ block kcp.BlockCrypt
+
+ dataShards int
+ parityShards int
+
+ server proxy.Server
+}
+
+func init() {
+ proxy.RegisterDialer("kcp", NewKCPDialer)
+ proxy.RegisterServer("kcp", NewKCPServer)
+}
+
+// NewKCP returns a kcp proxy struct
+func NewKCP(s string, dialer proxy.Dialer) (*KCP, error) {
+ u, err := url.Parse(s)
+ if err != nil {
+ log.F("[kcp] parse url err: %s", err)
+ return nil, err
+ }
+
+ addr := u.Host
+ crypt := u.User.Username()
+ key, _ := u.User.Password()
+
+ query := u.Query()
+
+ // dataShards
+ dShards := query.Get("dataShards")
+ if dShards == "" {
+ dShards = "10"
+ }
+
+ dataShards, err := strconv.ParseUint(dShards, 10, 32)
+ if err != nil {
+ log.F("[kcp] parse dataShards err: %s", err)
+ return nil, err
+ }
+
+ // parityShards
+ pShards := query.Get("parityShards")
+ if pShards == "" {
+ pShards = "3"
+ }
+
+ parityShards, err := strconv.ParseUint(pShards, 10, 32)
+ if err != nil {
+ log.F("[kcp] parse dataShards err: %s", err)
+ return nil, err
+ }
+
+ p := &KCP{
+ dialer: dialer,
+ addr: addr,
+ key: key,
+ crypt: crypt,
+ dataShards: int(dataShards),
+ parityShards: int(parityShards),
+ }
+
+ if p.crypt != "" {
+ pass := pbkdf2.Key([]byte(p.key), []byte("kcp-go"), 4096, 32, sha1.New)
+ var block kcp.BlockCrypt
+ switch p.crypt {
+ case "sm4":
+ block, _ = kcp.NewSM4BlockCrypt(pass[:16])
+ case "tea":
+ block, _ = kcp.NewTEABlockCrypt(pass[:16])
+ case "xor":
+ block, _ = kcp.NewSimpleXORBlockCrypt(pass)
+ case "none":
+ block, _ = kcp.NewNoneBlockCrypt(pass)
+ case "aes":
+ block, _ = kcp.NewAESBlockCrypt(pass)
+ case "aes-128":
+ block, _ = kcp.NewAESBlockCrypt(pass[:16])
+ case "aes-192":
+ block, _ = kcp.NewAESBlockCrypt(pass[:24])
+ case "blowfish":
+ block, _ = kcp.NewBlowfishBlockCrypt(pass)
+ case "twofish":
+ block, _ = kcp.NewTwofishBlockCrypt(pass)
+ case "cast5":
+ block, _ = kcp.NewCast5BlockCrypt(pass[:16])
+ case "3des":
+ block, _ = kcp.NewTripleDESBlockCrypt(pass[:24])
+ case "xtea":
+ block, _ = kcp.NewXTEABlockCrypt(pass[:16])
+ case "salsa20":
+ block, _ = kcp.NewSalsa20BlockCrypt(pass)
+ default:
+ return nil, errors.New("[kcp] unknown crypt type '" + p.crypt + "'")
+ }
+
+ p.block = block
+ }
+
+ return p, nil
+}
+
+// NewKCPDialer returns a kcp proxy dialer
+func NewKCPDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
+ return NewKCP(s, dialer)
+}
+
+// NewKCPServer returns a kcp proxy server
+func NewKCPServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
+ transport := strings.Split(s, ",")
+
+ // prepare transport listener
+ // TODO: check here
+ if len(transport) < 2 {
+ return nil, errors.New("[kcp] malformd listener:" + s)
+ }
+
+ p, err := NewKCP(transport[0], dialer)
+ if err != nil {
+ return nil, err
+ }
+
+ p.server, err = proxy.ServerFromURL(transport[1], dialer)
+ if err != nil {
+ return nil, err
+ }
+
+ return p, nil
+}
+
+// ListenAndServe .
+func (s *KCP) ListenAndServe() {
+ l, err := kcp.ListenWithOptions(s.addr, s.block, s.dataShards, s.parityShards)
+ if err != nil {
+ log.F("[kcp] failed to listen on %s: %v", s.addr, err)
+ return
+ }
+ defer l.Close()
+
+ log.F("[kcp] listening on %s", s.addr)
+
+ for {
+ c, err := l.Accept()
+ if err != nil {
+ log.F("[kcp] failed to accept: %v", err)
+ continue
+ }
+
+ go s.Serve(c)
+ }
+}
+
+// Serve serves requests
+func (s *KCP) Serve(c net.Conn) {
+ // we know the internal server will close the connection after serve
+ // defer c.Close()
+
+ if s.server != nil {
+ s.server.Serve(c)
+ }
+}
+
+// Addr returns forwarder's address
+func (s *KCP) Addr() string { return s.addr }
+
+// NextDialer returns the next dialer
+func (s *KCP) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
+
+// Dial connects to the address addr on the network net via the proxy
+func (s *KCP) Dial(network, addr string) (net.Conn, error) {
+ // NOTE: kcp uses udp, we should dial remote server directly here
+ c, err := kcp.DialWithOptions(s.addr, s.block, s.dataShards, s.parityShards)
+ if err != nil {
+ log.F("[tls] dial to %s error: %s", s.addr, err)
+ return nil, err
+ }
+
+ return c, err
+}
+
+// DialUDP connects to the given address via the proxy
+func (s *KCP) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
+ return nil, nil, errors.New("kcp client does not support udp now")
+}
diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go
index 6a8fcdc..3e1bffd 100644
--- a/proxy/tls/tls.go
+++ b/proxy/tls/tls.go
@@ -161,7 +161,7 @@ func (s *TLS) Addr() string { return s.addr }
// NextDialer returns the next dialer
func (s *TLS) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) }
-// Dial connects to the address addr on the network net via the proxy.
+// Dial connects to the address addr on the network net via the proxy
func (s *TLS) Dial(network, addr string) (net.Conn, error) {
cc, err := s.dialer.Dial("tcp", s.addr)
if err != nil {
@@ -174,7 +174,7 @@ func (s *TLS) Dial(network, addr string) (net.Conn, error) {
return c, err
}
-// DialUDP connects to the given address via the proxy.
+// DialUDP connects to the given address via the proxy
func (s *TLS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
return nil, nil, errors.New("tls client does not support udp now")
}
diff --git a/vendor/github.com/klauspost/cpuid/CONTRIBUTING.txt b/vendor/github.com/klauspost/cpuid/CONTRIBUTING.txt
new file mode 100644
index 0000000..452d28e
--- /dev/null
+++ b/vendor/github.com/klauspost/cpuid/CONTRIBUTING.txt
@@ -0,0 +1,35 @@
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2015- Klaus Post & Contributors.
+Email: klauspost@gmail.com
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+ have the right to submit it under the open source license
+ indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+ of my knowledge, is covered under an appropriate open source
+ license and I have the right under that license to submit that
+ work with modifications, whether created in whole or in part
+ by me, under the same open source license (unless I am
+ permitted to submit under a different license), as indicated
+ in the file; or
+
+(c) The contribution was provided directly to me by some other
+ person who certified (a), (b) or (c) and I have not modified
+ it.
+
+(d) I understand and agree that this project and the contribution
+ are public and that a record of the contribution (including all
+ personal information I submit with it, including my sign-off) is
+ maintained indefinitely and may be redistributed consistent with
+ this project or the open source license(s) involved.
diff --git a/vendor/github.com/klauspost/cpuid/LICENSE b/vendor/github.com/klauspost/cpuid/LICENSE
new file mode 100644
index 0000000..5cec7ee
--- /dev/null
+++ b/vendor/github.com/klauspost/cpuid/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Klaus Post
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/vendor/github.com/klauspost/cpuid/README.md b/vendor/github.com/klauspost/cpuid/README.md
new file mode 100644
index 0000000..b2b6bee
--- /dev/null
+++ b/vendor/github.com/klauspost/cpuid/README.md
@@ -0,0 +1,145 @@
+# cpuid
+Package cpuid provides information about the CPU running the current program.
+
+CPU features are detected on startup, and kept for fast access through the life of the application.
+Currently x86 / x64 (AMD64) is supported, and no external C (cgo) code is used, which should make the library very easy to use.
+
+You can access the CPU information by accessing the shared CPU variable of the cpuid library.
+
+Package home: https://github.com/klauspost/cpuid
+
+[![GoDoc][1]][2] [![Build Status][3]][4]
+
+[1]: https://godoc.org/github.com/klauspost/cpuid?status.svg
+[2]: https://godoc.org/github.com/klauspost/cpuid
+[3]: https://travis-ci.org/klauspost/cpuid.svg
+[4]: https://travis-ci.org/klauspost/cpuid
+
+# features
+## CPU Instructions
+* **CMOV** (i686 CMOV)
+* **NX** (NX (No-Execute) bit)
+* **AMD3DNOW** (AMD 3DNOW)
+* **AMD3DNOWEXT** (AMD 3DNowExt)
+* **MMX** (standard MMX)
+* **MMXEXT** (SSE integer functions or AMD MMX ext)
+* **SSE** (SSE functions)
+* **SSE2** (P4 SSE functions)
+* **SSE3** (Prescott SSE3 functions)
+* **SSSE3** (Conroe SSSE3 functions)
+* **SSE4** (Penryn SSE4.1 functions)
+* **SSE4A** (AMD Barcelona microarchitecture SSE4a instructions)
+* **SSE42** (Nehalem SSE4.2 functions)
+* **AVX** (AVX functions)
+* **AVX2** (AVX2 functions)
+* **FMA3** (Intel FMA 3)
+* **FMA4** (Bulldozer FMA4 functions)
+* **XOP** (Bulldozer XOP functions)
+* **F16C** (Half-precision floating-point conversion)
+* **BMI1** (Bit Manipulation Instruction Set 1)
+* **BMI2** (Bit Manipulation Instruction Set 2)
+* **TBM** (AMD Trailing Bit Manipulation)
+* **LZCNT** (LZCNT instruction)
+* **POPCNT** (POPCNT instruction)
+* **AESNI** (Advanced Encryption Standard New Instructions)
+* **CLMUL** (Carry-less Multiplication)
+* **HTT** (Hyperthreading (enabled))
+* **HLE** (Hardware Lock Elision)
+* **RTM** (Restricted Transactional Memory)
+* **RDRAND** (RDRAND instruction is available)
+* **RDSEED** (RDSEED instruction is available)
+* **ADX** (Intel ADX (Multi-Precision Add-Carry Instruction Extensions))
+* **SHA** (Intel SHA Extensions)
+* **AVX512F** (AVX-512 Foundation)
+* **AVX512DQ** (AVX-512 Doubleword and Quadword Instructions)
+* **AVX512IFMA** (AVX-512 Integer Fused Multiply-Add Instructions)
+* **AVX512PF** (AVX-512 Prefetch Instructions)
+* **AVX512ER** (AVX-512 Exponential and Reciprocal Instructions)
+* **AVX512CD** (AVX-512 Conflict Detection Instructions)
+* **AVX512BW** (AVX-512 Byte and Word Instructions)
+* **AVX512VL** (AVX-512 Vector Length Extensions)
+* **AVX512VBMI** (AVX-512 Vector Bit Manipulation Instructions)
+* **MPX** (Intel MPX (Memory Protection Extensions))
+* **ERMS** (Enhanced REP MOVSB/STOSB)
+* **RDTSCP** (RDTSCP Instruction)
+* **CX16** (CMPXCHG16B Instruction)
+* **SGX** (Software Guard Extensions, with activation details)
+
+## Performance
+* **RDTSCP()** Returns current cycle count. Can be used for benchmarking.
+* **SSE2SLOW** (SSE2 is supported, but usually not faster)
+* **SSE3SLOW** (SSE3 is supported, but usually not faster)
+* **ATOM** (Atom processor, some SSSE3 instructions are slower)
+* **Cache line** (Probable size of a cache line).
+* **L1, L2, L3 Cache size** on newer Intel/AMD CPUs.
+
+## Cpu Vendor/VM
+* **Intel**
+* **AMD**
+* **VIA**
+* **Transmeta**
+* **NSC**
+* **KVM** (Kernel-based Virtual Machine)
+* **MSVM** (Microsoft Hyper-V or Windows Virtual PC)
+* **VMware**
+* **XenHVM**
+
+# installing
+
+```go get github.com/klauspost/cpuid```
+
+# example
+
+```Go
+package main
+
+import (
+ "fmt"
+ "github.com/klauspost/cpuid"
+)
+
+func main() {
+ // Print basic CPU information:
+ fmt.Println("Name:", cpuid.CPU.BrandName)
+ fmt.Println("PhysicalCores:", cpuid.CPU.PhysicalCores)
+ fmt.Println("ThreadsPerCore:", cpuid.CPU.ThreadsPerCore)
+ fmt.Println("LogicalCores:", cpuid.CPU.LogicalCores)
+ fmt.Println("Family", cpuid.CPU.Family, "Model:", cpuid.CPU.Model)
+ fmt.Println("Features:", cpuid.CPU.Features)
+ fmt.Println("Cacheline bytes:", cpuid.CPU.CacheLine)
+ fmt.Println("L1 Data Cache:", cpuid.CPU.Cache.L1D, "bytes")
+ fmt.Println("L1 Instruction Cache:", cpuid.CPU.Cache.L1D, "bytes")
+ fmt.Println("L2 Cache:", cpuid.CPU.Cache.L2, "bytes")
+ fmt.Println("L3 Cache:", cpuid.CPU.Cache.L3, "bytes")
+
+ // Test if we have a specific feature:
+ if cpuid.CPU.SSE() {
+ fmt.Println("We have Streaming SIMD Extensions")
+ }
+}
+```
+
+Sample output:
+```
+>go run main.go
+Name: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz
+PhysicalCores: 2
+ThreadsPerCore: 2
+LogicalCores: 4
+Family 6 Model: 42
+Features: CMOV,MMX,MMXEXT,SSE,SSE2,SSE3,SSSE3,SSE4.1,SSE4.2,AVX,AESNI,CLMUL
+Cacheline bytes: 64
+We have Streaming SIMD Extensions
+```
+
+# private package
+
+In the "private" folder you can find an autogenerated version of the library you can include in your own packages.
+
+For this purpose all exports are removed, and functions and constants are lowercased.
+
+This is not a recommended way of using the library, but provided for convenience, if it is difficult for you to use external packages.
+
+# license
+
+This code is published under an MIT license. See LICENSE file for more information.
diff --git a/vendor/github.com/klauspost/cpuid/cpuid.go b/vendor/github.com/klauspost/cpuid/cpuid.go
new file mode 100644
index 0000000..60c681b
--- /dev/null
+++ b/vendor/github.com/klauspost/cpuid/cpuid.go
@@ -0,0 +1,1040 @@
+// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file.
+
+// Package cpuid provides information about the CPU running the current program.
+//
+// CPU features are detected on startup, and kept for fast access through the life of the application.
+// Currently x86 / x64 (AMD64) is supported.
+//
+// You can access the CPU information by accessing the shared CPU variable of the cpuid library.
+//
+// Package home: https://github.com/klauspost/cpuid
+package cpuid
+
+import "strings"
+
+// Vendor is a representation of a CPU vendor.
+type Vendor int
+
+const (
+ Other Vendor = iota
+ Intel
+ AMD
+ VIA
+ Transmeta
+ NSC
+ KVM // Kernel-based Virtual Machine
+ MSVM // Microsoft Hyper-V or Windows Virtual PC
+ VMware
+ XenHVM
+)
+
+const (
+ CMOV = 1 << iota // i686 CMOV
+ NX // NX (No-Execute) bit
+ AMD3DNOW // AMD 3DNOW
+ AMD3DNOWEXT // AMD 3DNowExt
+ MMX // standard MMX
+ MMXEXT // SSE integer functions or AMD MMX ext
+ SSE // SSE functions
+ SSE2 // P4 SSE functions
+ SSE3 // Prescott SSE3 functions
+ SSSE3 // Conroe SSSE3 functions
+ SSE4 // Penryn SSE4.1 functions
+ SSE4A // AMD Barcelona microarchitecture SSE4a instructions
+ SSE42 // Nehalem SSE4.2 functions
+ AVX // AVX functions
+ AVX2 // AVX2 functions
+ FMA3 // Intel FMA 3
+ FMA4 // Bulldozer FMA4 functions
+ XOP // Bulldozer XOP functions
+ F16C // Half-precision floating-point conversion
+ BMI1 // Bit Manipulation Instruction Set 1
+ BMI2 // Bit Manipulation Instruction Set 2
+ TBM // AMD Trailing Bit Manipulation
+ LZCNT // LZCNT instruction
+ POPCNT // POPCNT instruction
+ AESNI // Advanced Encryption Standard New Instructions
+ CLMUL // Carry-less Multiplication
+ HTT // Hyperthreading (enabled)
+ HLE // Hardware Lock Elision
+ RTM // Restricted Transactional Memory
+ RDRAND // RDRAND instruction is available
+ RDSEED // RDSEED instruction is available
+ ADX // Intel ADX (Multi-Precision Add-Carry Instruction Extensions)
+ SHA // Intel SHA Extensions
+ AVX512F // AVX-512 Foundation
+ AVX512DQ // AVX-512 Doubleword and Quadword Instructions
+ AVX512IFMA // AVX-512 Integer Fused Multiply-Add Instructions
+ AVX512PF // AVX-512 Prefetch Instructions
+ AVX512ER // AVX-512 Exponential and Reciprocal Instructions
+ AVX512CD // AVX-512 Conflict Detection Instructions
+ AVX512BW // AVX-512 Byte and Word Instructions
+ AVX512VL // AVX-512 Vector Length Extensions
+ AVX512VBMI // AVX-512 Vector Bit Manipulation Instructions
+ MPX // Intel MPX (Memory Protection Extensions)
+ ERMS // Enhanced REP MOVSB/STOSB
+ RDTSCP // RDTSCP Instruction
+ CX16 // CMPXCHG16B Instruction
+ SGX // Software Guard Extensions
+ IBPB // Indirect Branch Restricted Speculation (IBRS) and Indirect Branch Predictor Barrier (IBPB)
+ STIBP // Single Thread Indirect Branch Predictors
+
+ // Performance indicators
+ SSE2SLOW // SSE2 is supported, but usually not faster
+ SSE3SLOW // SSE3 is supported, but usually not faster
+ ATOM // Atom processor, some SSSE3 instructions are slower
+)
+
+var flagNames = map[Flags]string{
+ CMOV: "CMOV", // i686 CMOV
+ NX: "NX", // NX (No-Execute) bit
+ AMD3DNOW: "AMD3DNOW", // AMD 3DNOW
+ AMD3DNOWEXT: "AMD3DNOWEXT", // AMD 3DNowExt
+ MMX: "MMX", // Standard MMX
+ MMXEXT: "MMXEXT", // SSE integer functions or AMD MMX ext
+ SSE: "SSE", // SSE functions
+ SSE2: "SSE2", // P4 SSE2 functions
+ SSE3: "SSE3", // Prescott SSE3 functions
+ SSSE3: "SSSE3", // Conroe SSSE3 functions
+ SSE4: "SSE4.1", // Penryn SSE4.1 functions
+ SSE4A: "SSE4A", // AMD Barcelona microarchitecture SSE4a instructions
+ SSE42: "SSE4.2", // Nehalem SSE4.2 functions
+ AVX: "AVX", // AVX functions
+ AVX2: "AVX2", // AVX functions
+ FMA3: "FMA3", // Intel FMA 3
+ FMA4: "FMA4", // Bulldozer FMA4 functions
+ XOP: "XOP", // Bulldozer XOP functions
+ F16C: "F16C", // Half-precision floating-point conversion
+ BMI1: "BMI1", // Bit Manipulation Instruction Set 1
+ BMI2: "BMI2", // Bit Manipulation Instruction Set 2
+ TBM: "TBM", // AMD Trailing Bit Manipulation
+ LZCNT: "LZCNT", // LZCNT instruction
+ POPCNT: "POPCNT", // POPCNT instruction
+ AESNI: "AESNI", // Advanced Encryption Standard New Instructions
+ CLMUL: "CLMUL", // Carry-less Multiplication
+ HTT: "HTT", // Hyperthreading (enabled)
+ HLE: "HLE", // Hardware Lock Elision
+ RTM: "RTM", // Restricted Transactional Memory
+ RDRAND: "RDRAND", // RDRAND instruction is available
+ RDSEED: "RDSEED", // RDSEED instruction is available
+ ADX: "ADX", // Intel ADX (Multi-Precision Add-Carry Instruction Extensions)
+ SHA: "SHA", // Intel SHA Extensions
+ AVX512F: "AVX512F", // AVX-512 Foundation
+ AVX512DQ: "AVX512DQ", // AVX-512 Doubleword and Quadword Instructions
+ AVX512IFMA: "AVX512IFMA", // AVX-512 Integer Fused Multiply-Add Instructions
+ AVX512PF: "AVX512PF", // AVX-512 Prefetch Instructions
+ AVX512ER: "AVX512ER", // AVX-512 Exponential and Reciprocal Instructions
+ AVX512CD: "AVX512CD", // AVX-512 Conflict Detection Instructions
+ AVX512BW: "AVX512BW", // AVX-512 Byte and Word Instructions
+ AVX512VL: "AVX512VL", // AVX-512 Vector Length Extensions
+ AVX512VBMI: "AVX512VBMI", // AVX-512 Vector Bit Manipulation Instructions
+ MPX: "MPX", // Intel MPX (Memory Protection Extensions)
+ ERMS: "ERMS", // Enhanced REP MOVSB/STOSB
+ RDTSCP: "RDTSCP", // RDTSCP Instruction
+ CX16: "CX16", // CMPXCHG16B Instruction
+ SGX: "SGX", // Software Guard Extensions
+ IBPB: "IBPB", // Indirect Branch Restricted Speculation and Indirect Branch Predictor Barrier
+ STIBP: "STIBP", // Single Thread Indirect Branch Predictors
+
+ // Performance indicators
+ SSE2SLOW: "SSE2SLOW", // SSE2 supported, but usually not faster
+ SSE3SLOW: "SSE3SLOW", // SSE3 supported, but usually not faster
+ ATOM: "ATOM", // Atom processor, some SSSE3 instructions are slower
+
+}
+
+// CPUInfo contains information about the detected system CPU.
+type CPUInfo struct {
+ BrandName string // Brand name reported by the CPU
+ VendorID Vendor // Comparable CPU vendor ID
+ Features Flags // Features of the CPU
+ PhysicalCores int // Number of physical processor cores in your CPU. Will be 0 if undetectable.
+ ThreadsPerCore int // Number of threads per physical core. Will be 1 if undetectable.
+ LogicalCores int // Number of physical cores times threads that can run on each core through the use of hyperthreading. Will be 0 if undetectable.
+ Family int // CPU family number
+ Model int // CPU model number
+ CacheLine int // Cache line size in bytes. Will be 0 if undetectable.
+ Cache struct {
+ L1I int // L1 Instruction Cache (per core or shared). Will be -1 if undetected
+ L1D int // L1 Data Cache (per core or shared). Will be -1 if undetected
+ L2 int // L2 Cache (per core or shared). Will be -1 if undetected
+ L3 int // L3 Instruction Cache (per core or shared). Will be -1 if undetected
+ }
+ SGX SGXSupport
+ maxFunc uint32
+ maxExFunc uint32
+}
+
+var cpuid func(op uint32) (eax, ebx, ecx, edx uint32)
+var cpuidex func(op, op2 uint32) (eax, ebx, ecx, edx uint32)
+var xgetbv func(index uint32) (eax, edx uint32)
+var rdtscpAsm func() (eax, ebx, ecx, edx uint32)
+
+// CPU contains information about the CPU as detected on startup,
+// or when Detect last was called.
+//
+// Use this as the primary entry point to you data,
+// this way queries are
+var CPU CPUInfo
+
+func init() {
+ initCPU()
+ Detect()
+}
+
+// Detect will re-detect current CPU info.
+// This will replace the content of the exported CPU variable.
+//
+// Unless you expect the CPU to change while you are running your program
+// you should not need to call this function.
+// If you call this, you must ensure that no other goroutine is accessing the
+// exported CPU variable.
+func Detect() {
+ CPU.maxFunc = maxFunctionID()
+ CPU.maxExFunc = maxExtendedFunction()
+ CPU.BrandName = brandName()
+ CPU.CacheLine = cacheLine()
+ CPU.Family, CPU.Model = familyModel()
+ CPU.Features = support()
+ CPU.SGX = hasSGX(CPU.Features&SGX != 0)
+ CPU.ThreadsPerCore = threadsPerCore()
+ CPU.LogicalCores = logicalCores()
+ CPU.PhysicalCores = physicalCores()
+ CPU.VendorID = vendorID()
+ CPU.cacheSize()
+}
+
+// Generated here: http://play.golang.org/p/BxFH2Gdc0G
+
+// Cmov indicates support of CMOV instructions
+func (c CPUInfo) Cmov() bool {
+ return c.Features&CMOV != 0
+}
+
+// Amd3dnow indicates support of AMD 3DNOW! instructions
+func (c CPUInfo) Amd3dnow() bool {
+ return c.Features&AMD3DNOW != 0
+}
+
+// Amd3dnowExt indicates support of AMD 3DNOW! Extended instructions
+func (c CPUInfo) Amd3dnowExt() bool {
+ return c.Features&AMD3DNOWEXT != 0
+}
+
+// MMX indicates support of MMX instructions
+func (c CPUInfo) MMX() bool {
+ return c.Features&MMX != 0
+}
+
+// MMXExt indicates support of MMXEXT instructions
+// (SSE integer functions or AMD MMX ext)
+func (c CPUInfo) MMXExt() bool {
+ return c.Features&MMXEXT != 0
+}
+
+// SSE indicates support of SSE instructions
+func (c CPUInfo) SSE() bool {
+ return c.Features&SSE != 0
+}
+
+// SSE2 indicates support of SSE 2 instructions
+func (c CPUInfo) SSE2() bool {
+ return c.Features&SSE2 != 0
+}
+
+// SSE3 indicates support of SSE 3 instructions
+func (c CPUInfo) SSE3() bool {
+ return c.Features&SSE3 != 0
+}
+
+// SSSE3 indicates support of SSSE 3 instructions
+func (c CPUInfo) SSSE3() bool {
+ return c.Features&SSSE3 != 0
+}
+
+// SSE4 indicates support of SSE 4 (also called SSE 4.1) instructions
+func (c CPUInfo) SSE4() bool {
+ return c.Features&SSE4 != 0
+}
+
+// SSE42 indicates support of SSE4.2 instructions
+func (c CPUInfo) SSE42() bool {
+ return c.Features&SSE42 != 0
+}
+
+// AVX indicates support of AVX instructions
+// and operating system support of AVX instructions
+func (c CPUInfo) AVX() bool {
+ return c.Features&AVX != 0
+}
+
+// AVX2 indicates support of AVX2 instructions
+func (c CPUInfo) AVX2() bool {
+ return c.Features&AVX2 != 0
+}
+
+// FMA3 indicates support of FMA3 instructions
+func (c CPUInfo) FMA3() bool {
+ return c.Features&FMA3 != 0
+}
+
+// FMA4 indicates support of FMA4 instructions
+func (c CPUInfo) FMA4() bool {
+ return c.Features&FMA4 != 0
+}
+
+// XOP indicates support of XOP instructions
+func (c CPUInfo) XOP() bool {
+ return c.Features&XOP != 0
+}
+
+// F16C indicates support of F16C instructions
+func (c CPUInfo) F16C() bool {
+ return c.Features&F16C != 0
+}
+
+// BMI1 indicates support of BMI1 instructions
+func (c CPUInfo) BMI1() bool {
+ return c.Features&BMI1 != 0
+}
+
+// BMI2 indicates support of BMI2 instructions
+func (c CPUInfo) BMI2() bool {
+ return c.Features&BMI2 != 0
+}
+
+// TBM indicates support of TBM instructions
+// (AMD Trailing Bit Manipulation)
+func (c CPUInfo) TBM() bool {
+ return c.Features&TBM != 0
+}
+
+// Lzcnt indicates support of LZCNT instruction
+func (c CPUInfo) Lzcnt() bool {
+ return c.Features&LZCNT != 0
+}
+
+// Popcnt indicates support of POPCNT instruction
+func (c CPUInfo) Popcnt() bool {
+ return c.Features&POPCNT != 0
+}
+
+// HTT indicates the processor has Hyperthreading enabled
+func (c CPUInfo) HTT() bool {
+ return c.Features&HTT != 0
+}
+
+// SSE2Slow indicates that SSE2 may be slow on this processor
+func (c CPUInfo) SSE2Slow() bool {
+ return c.Features&SSE2SLOW != 0
+}
+
+// SSE3Slow indicates that SSE3 may be slow on this processor
+func (c CPUInfo) SSE3Slow() bool {
+ return c.Features&SSE3SLOW != 0
+}
+
+// AesNi indicates support of AES-NI instructions
+// (Advanced Encryption Standard New Instructions)
+func (c CPUInfo) AesNi() bool {
+ return c.Features&AESNI != 0
+}
+
+// Clmul indicates support of CLMUL instructions
+// (Carry-less Multiplication)
+func (c CPUInfo) Clmul() bool {
+ return c.Features&CLMUL != 0
+}
+
+// NX indicates support of NX (No-Execute) bit
+func (c CPUInfo) NX() bool {
+ return c.Features&NX != 0
+}
+
+// SSE4A indicates support of AMD Barcelona microarchitecture SSE4a instructions
+func (c CPUInfo) SSE4A() bool {
+ return c.Features&SSE4A != 0
+}
+
+// HLE indicates support of Hardware Lock Elision
+func (c CPUInfo) HLE() bool {
+ return c.Features&HLE != 0
+}
+
+// RTM indicates support of Restricted Transactional Memory
+func (c CPUInfo) RTM() bool {
+ return c.Features&RTM != 0
+}
+
+// Rdrand indicates support of RDRAND instruction is available
+func (c CPUInfo) Rdrand() bool {
+ return c.Features&RDRAND != 0
+}
+
+// Rdseed indicates support of RDSEED instruction is available
+func (c CPUInfo) Rdseed() bool {
+ return c.Features&RDSEED != 0
+}
+
+// ADX indicates support of Intel ADX (Multi-Precision Add-Carry Instruction Extensions)
+func (c CPUInfo) ADX() bool {
+ return c.Features&ADX != 0
+}
+
+// SHA indicates support of Intel SHA Extensions
+func (c CPUInfo) SHA() bool {
+ return c.Features&SHA != 0
+}
+
+// AVX512F indicates support of AVX-512 Foundation
+func (c CPUInfo) AVX512F() bool {
+ return c.Features&AVX512F != 0
+}
+
+// AVX512DQ indicates support of AVX-512 Doubleword and Quadword Instructions
+func (c CPUInfo) AVX512DQ() bool {
+ return c.Features&AVX512DQ != 0
+}
+
+// AVX512IFMA indicates support of AVX-512 Integer Fused Multiply-Add Instructions
+func (c CPUInfo) AVX512IFMA() bool {
+ return c.Features&AVX512IFMA != 0
+}
+
+// AVX512PF indicates support of AVX-512 Prefetch Instructions
+func (c CPUInfo) AVX512PF() bool {
+ return c.Features&AVX512PF != 0
+}
+
+// AVX512ER indicates support of AVX-512 Exponential and Reciprocal Instructions
+func (c CPUInfo) AVX512ER() bool {
+ return c.Features&AVX512ER != 0
+}
+
+// AVX512CD indicates support of AVX-512 Conflict Detection Instructions
+func (c CPUInfo) AVX512CD() bool {
+ return c.Features&AVX512CD != 0
+}
+
+// AVX512BW indicates support of AVX-512 Byte and Word Instructions
+func (c CPUInfo) AVX512BW() bool {
+ return c.Features&AVX512BW != 0
+}
+
+// AVX512VL indicates support of AVX-512 Vector Length Extensions
+func (c CPUInfo) AVX512VL() bool {
+ return c.Features&AVX512VL != 0
+}
+
+// AVX512VBMI indicates support of AVX-512 Vector Bit Manipulation Instructions
+func (c CPUInfo) AVX512VBMI() bool {
+ return c.Features&AVX512VBMI != 0
+}
+
+// MPX indicates support of Intel MPX (Memory Protection Extensions)
+func (c CPUInfo) MPX() bool {
+ return c.Features&MPX != 0
+}
+
+// ERMS indicates support of Enhanced REP MOVSB/STOSB
+func (c CPUInfo) ERMS() bool {
+ return c.Features&ERMS != 0
+}
+
+// RDTSCP Instruction is available.
+func (c CPUInfo) RDTSCP() bool {
+ return c.Features&RDTSCP != 0
+}
+
+// CX16 indicates if CMPXCHG16B instruction is available.
+func (c CPUInfo) CX16() bool {
+ return c.Features&CX16 != 0
+}
+
+// TSX is split into HLE (Hardware Lock Elision) and RTM (Restricted Transactional Memory) detection.
+// So TSX simply checks that.
+func (c CPUInfo) TSX() bool {
+ return c.Features&(HLE|RTM) == HLE|RTM
+}
+
+// Atom indicates an Atom processor
+func (c CPUInfo) Atom() bool {
+ return c.Features&ATOM != 0
+}
+
+// Intel returns true if vendor is recognized as Intel
+func (c CPUInfo) Intel() bool {
+ return c.VendorID == Intel
+}
+
+// AMD returns true if vendor is recognized as AMD
+func (c CPUInfo) AMD() bool {
+ return c.VendorID == AMD
+}
+
+// Transmeta returns true if vendor is recognized as Transmeta
+func (c CPUInfo) Transmeta() bool {
+ return c.VendorID == Transmeta
+}
+
+// NSC returns true if vendor is recognized as National Semiconductor
+func (c CPUInfo) NSC() bool {
+ return c.VendorID == NSC
+}
+
+// VIA returns true if vendor is recognized as VIA
+func (c CPUInfo) VIA() bool {
+ return c.VendorID == VIA
+}
+
+// RTCounter returns the 64-bit time-stamp counter
+// Uses the RDTSCP instruction. The value 0 is returned
+// if the CPU does not support the instruction.
+func (c CPUInfo) RTCounter() uint64 {
+ if !c.RDTSCP() {
+ return 0
+ }
+ a, _, _, d := rdtscpAsm()
+ return uint64(a) | (uint64(d) << 32)
+}
+
+// Ia32TscAux returns the IA32_TSC_AUX part of the RDTSCP.
+// This variable is OS dependent, but on Linux contains information
+// about the current cpu/core the code is running on.
+// If the RDTSCP instruction isn't supported on the CPU, the value 0 is returned.
+func (c CPUInfo) Ia32TscAux() uint32 {
+ if !c.RDTSCP() {
+ return 0
+ }
+ _, _, ecx, _ := rdtscpAsm()
+ return ecx
+}
+
+// LogicalCPU will return the Logical CPU the code is currently executing on.
+// This is likely to change when the OS re-schedules the running thread
+// to another CPU.
+// If the current core cannot be detected, -1 will be returned.
+func (c CPUInfo) LogicalCPU() int {
+ if c.maxFunc < 1 {
+ return -1
+ }
+ _, ebx, _, _ := cpuid(1)
+ return int(ebx >> 24)
+}
+
+// VM Will return true if the cpu id indicates we are in
+// a virtual machine. This is only a hint, and will very likely
+// have many false negatives.
+func (c CPUInfo) VM() bool {
+ switch c.VendorID {
+ case MSVM, KVM, VMware, XenHVM:
+ return true
+ }
+ return false
+}
+
+// Flags contains detected cpu features and caracteristics
+type Flags uint64
+
+// String returns a string representation of the detected
+// CPU features.
+func (f Flags) String() string {
+ return strings.Join(f.Strings(), ",")
+}
+
+// Strings returns and array of the detected features.
+func (f Flags) Strings() []string {
+ s := support()
+ r := make([]string, 0, 20)
+ for i := uint(0); i < 64; i++ {
+ key := Flags(1 << i)
+ val := flagNames[key]
+ if s&key != 0 {
+ r = append(r, val)
+ }
+ }
+ return r
+}
+
+func maxExtendedFunction() uint32 {
+ eax, _, _, _ := cpuid(0x80000000)
+ return eax
+}
+
+func maxFunctionID() uint32 {
+ a, _, _, _ := cpuid(0)
+ return a
+}
+
+func brandName() string {
+ if maxExtendedFunction() >= 0x80000004 {
+ v := make([]uint32, 0, 48)
+ for i := uint32(0); i < 3; i++ {
+ a, b, c, d := cpuid(0x80000002 + i)
+ v = append(v, a, b, c, d)
+ }
+ return strings.Trim(string(valAsString(v...)), " ")
+ }
+ return "unknown"
+}
+
+func threadsPerCore() int {
+ mfi := maxFunctionID()
+ if mfi < 0x4 || vendorID() != Intel {
+ return 1
+ }
+
+ if mfi < 0xb {
+ _, b, _, d := cpuid(1)
+ if (d & (1 << 28)) != 0 {
+ // v will contain logical core count
+ v := (b >> 16) & 255
+ if v > 1 {
+ a4, _, _, _ := cpuid(4)
+ // physical cores
+ v2 := (a4 >> 26) + 1
+ if v2 > 0 {
+ return int(v) / int(v2)
+ }
+ }
+ }
+ return 1
+ }
+ _, b, _, _ := cpuidex(0xb, 0)
+ if b&0xffff == 0 {
+ return 1
+ }
+ return int(b & 0xffff)
+}
+
+func logicalCores() int {
+ mfi := maxFunctionID()
+ switch vendorID() {
+ case Intel:
+ // Use this on old Intel processors
+ if mfi < 0xb {
+ if mfi < 1 {
+ return 0
+ }
+ // CPUID.1:EBX[23:16] represents the maximum number of addressable IDs (initial APIC ID)
+ // that can be assigned to logical processors in a physical package.
+ // The value may not be the same as the number of logical processors that are present in the hardware of a physical package.
+ _, ebx, _, _ := cpuid(1)
+ logical := (ebx >> 16) & 0xff
+ return int(logical)
+ }
+ _, b, _, _ := cpuidex(0xb, 1)
+ return int(b & 0xffff)
+ case AMD:
+ _, b, _, _ := cpuid(1)
+ return int((b >> 16) & 0xff)
+ default:
+ return 0
+ }
+}
+
+func familyModel() (int, int) {
+ if maxFunctionID() < 0x1 {
+ return 0, 0
+ }
+ eax, _, _, _ := cpuid(1)
+ family := ((eax >> 8) & 0xf) + ((eax >> 20) & 0xff)
+ model := ((eax >> 4) & 0xf) + ((eax >> 12) & 0xf0)
+ return int(family), int(model)
+}
+
+func physicalCores() int {
+ switch vendorID() {
+ case Intel:
+ return logicalCores() / threadsPerCore()
+ case AMD:
+ if maxExtendedFunction() >= 0x80000008 {
+ _, _, c, _ := cpuid(0x80000008)
+ return int(c&0xff) + 1
+ }
+ }
+ return 0
+}
+
+// Except from http://en.wikipedia.org/wiki/CPUID#EAX.3D0:_Get_vendor_ID
+var vendorMapping = map[string]Vendor{
+ "AMDisbetter!": AMD,
+ "AuthenticAMD": AMD,
+ "CentaurHauls": VIA,
+ "GenuineIntel": Intel,
+ "TransmetaCPU": Transmeta,
+ "GenuineTMx86": Transmeta,
+ "Geode by NSC": NSC,
+ "VIA VIA VIA ": VIA,
+ "KVMKVMKVMKVM": KVM,
+ "Microsoft Hv": MSVM,
+ "VMwareVMware": VMware,
+ "XenVMMXenVMM": XenHVM,
+}
+
+func vendorID() Vendor {
+ _, b, c, d := cpuid(0)
+ v := valAsString(b, d, c)
+ vend, ok := vendorMapping[string(v)]
+ if !ok {
+ return Other
+ }
+ return vend
+}
+
+func cacheLine() int {
+ if maxFunctionID() < 0x1 {
+ return 0
+ }
+
+ _, ebx, _, _ := cpuid(1)
+ cache := (ebx & 0xff00) >> 5 // cflush size
+ if cache == 0 && maxExtendedFunction() >= 0x80000006 {
+ _, _, ecx, _ := cpuid(0x80000006)
+ cache = ecx & 0xff // cacheline size
+ }
+ // TODO: Read from Cache and TLB Information
+ return int(cache)
+}
+
+func (c *CPUInfo) cacheSize() {
+ c.Cache.L1D = -1
+ c.Cache.L1I = -1
+ c.Cache.L2 = -1
+ c.Cache.L3 = -1
+ vendor := vendorID()
+ switch vendor {
+ case Intel:
+ if maxFunctionID() < 4 {
+ return
+ }
+ for i := uint32(0); ; i++ {
+ eax, ebx, ecx, _ := cpuidex(4, i)
+ cacheType := eax & 15
+ if cacheType == 0 {
+ break
+ }
+ cacheLevel := (eax >> 5) & 7
+ coherency := int(ebx&0xfff) + 1
+ partitions := int((ebx>>12)&0x3ff) + 1
+ associativity := int((ebx>>22)&0x3ff) + 1
+ sets := int(ecx) + 1
+ size := associativity * partitions * coherency * sets
+ switch cacheLevel {
+ case 1:
+ if cacheType == 1 {
+ // 1 = Data Cache
+ c.Cache.L1D = size
+ } else if cacheType == 2 {
+ // 2 = Instruction Cache
+ c.Cache.L1I = size
+ } else {
+ if c.Cache.L1D < 0 {
+ c.Cache.L1I = size
+ }
+ if c.Cache.L1I < 0 {
+ c.Cache.L1I = size
+ }
+ }
+ case 2:
+ c.Cache.L2 = size
+ case 3:
+ c.Cache.L3 = size
+ }
+ }
+ case AMD:
+ // Untested.
+ if maxExtendedFunction() < 0x80000005 {
+ return
+ }
+ _, _, ecx, edx := cpuid(0x80000005)
+ c.Cache.L1D = int(((ecx >> 24) & 0xFF) * 1024)
+ c.Cache.L1I = int(((edx >> 24) & 0xFF) * 1024)
+
+ if maxExtendedFunction() < 0x80000006 {
+ return
+ }
+ _, _, ecx, _ = cpuid(0x80000006)
+ c.Cache.L2 = int(((ecx >> 16) & 0xFFFF) * 1024)
+ }
+
+ return
+}
+
+type SGXSupport struct {
+ Available bool
+ SGX1Supported bool
+ SGX2Supported bool
+ MaxEnclaveSizeNot64 int64
+ MaxEnclaveSize64 int64
+}
+
+func hasSGX(available bool) (rval SGXSupport) {
+ rval.Available = available
+
+ if !available {
+ return
+ }
+
+ a, _, _, d := cpuidex(0x12, 0)
+ rval.SGX1Supported = a&0x01 != 0
+ rval.SGX2Supported = a&0x02 != 0
+ rval.MaxEnclaveSizeNot64 = 1 << (d & 0xFF) // pow 2
+ rval.MaxEnclaveSize64 = 1 << ((d >> 8) & 0xFF) // pow 2
+
+ return
+}
+
+func support() Flags {
+ mfi := maxFunctionID()
+ vend := vendorID()
+ if mfi < 0x1 {
+ return 0
+ }
+ rval := uint64(0)
+ _, _, c, d := cpuid(1)
+ if (d & (1 << 15)) != 0 {
+ rval |= CMOV
+ }
+ if (d & (1 << 23)) != 0 {
+ rval |= MMX
+ }
+ if (d & (1 << 25)) != 0 {
+ rval |= MMXEXT
+ }
+ if (d & (1 << 25)) != 0 {
+ rval |= SSE
+ }
+ if (d & (1 << 26)) != 0 {
+ rval |= SSE2
+ }
+ if (c & 1) != 0 {
+ rval |= SSE3
+ }
+ if (c & 0x00000200) != 0 {
+ rval |= SSSE3
+ }
+ if (c & 0x00080000) != 0 {
+ rval |= SSE4
+ }
+ if (c & 0x00100000) != 0 {
+ rval |= SSE42
+ }
+ if (c & (1 << 25)) != 0 {
+ rval |= AESNI
+ }
+ if (c & (1 << 1)) != 0 {
+ rval |= CLMUL
+ }
+ if c&(1<<23) != 0 {
+ rval |= POPCNT
+ }
+ if c&(1<<30) != 0 {
+ rval |= RDRAND
+ }
+ if c&(1<<29) != 0 {
+ rval |= F16C
+ }
+ if c&(1<<13) != 0 {
+ rval |= CX16
+ }
+ if vend == Intel && (d&(1<<28)) != 0 && mfi >= 4 {
+ if threadsPerCore() > 1 {
+ rval |= HTT
+ }
+ }
+
+ // Check XGETBV, OXSAVE and AVX bits
+ if c&(1<<26) != 0 && c&(1<<27) != 0 && c&(1<<28) != 0 {
+ // Check for OS support
+ eax, _ := xgetbv(0)
+ if (eax & 0x6) == 0x6 {
+ rval |= AVX
+ if (c & 0x00001000) != 0 {
+ rval |= FMA3
+ }
+ }
+ }
+
+ // Check AVX2, AVX2 requires OS support, but BMI1/2 don't.
+ if mfi >= 7 {
+ _, ebx, ecx, edx := cpuidex(7, 0)
+ if (rval&AVX) != 0 && (ebx&0x00000020) != 0 {
+ rval |= AVX2
+ }
+ if (ebx & 0x00000008) != 0 {
+ rval |= BMI1
+ if (ebx & 0x00000100) != 0 {
+ rval |= BMI2
+ }
+ }
+ if ebx&(1<<2) != 0 {
+ rval |= SGX
+ }
+ if ebx&(1<<4) != 0 {
+ rval |= HLE
+ }
+ if ebx&(1<<9) != 0 {
+ rval |= ERMS
+ }
+ if ebx&(1<<11) != 0 {
+ rval |= RTM
+ }
+ if ebx&(1<<14) != 0 {
+ rval |= MPX
+ }
+ if ebx&(1<<18) != 0 {
+ rval |= RDSEED
+ }
+ if ebx&(1<<19) != 0 {
+ rval |= ADX
+ }
+ if ebx&(1<<29) != 0 {
+ rval |= SHA
+ }
+ if edx&(1<<26) != 0 {
+ rval |= IBPB
+ }
+ if edx&(1<<27) != 0 {
+ rval |= STIBP
+ }
+
+ // Only detect AVX-512 features if XGETBV is supported
+ if c&((1<<26)|(1<<27)) == (1<<26)|(1<<27) {
+ // Check for OS support
+ eax, _ := xgetbv(0)
+
+ // Verify that XCR0[7:5] = ‘111b’ (OPMASK state, upper 256-bit of ZMM0-ZMM15 and
+ // ZMM16-ZMM31 state are enabled by OS)
+ /// and that XCR0[2:1] = ‘11b’ (XMM state and YMM state are enabled by OS).
+ if (eax>>5)&7 == 7 && (eax>>1)&3 == 3 {
+ if ebx&(1<<16) != 0 {
+ rval |= AVX512F
+ }
+ if ebx&(1<<17) != 0 {
+ rval |= AVX512DQ
+ }
+ if ebx&(1<<21) != 0 {
+ rval |= AVX512IFMA
+ }
+ if ebx&(1<<26) != 0 {
+ rval |= AVX512PF
+ }
+ if ebx&(1<<27) != 0 {
+ rval |= AVX512ER
+ }
+ if ebx&(1<<28) != 0 {
+ rval |= AVX512CD
+ }
+ if ebx&(1<<30) != 0 {
+ rval |= AVX512BW
+ }
+ if ebx&(1<<31) != 0 {
+ rval |= AVX512VL
+ }
+ // ecx
+ if ecx&(1<<1) != 0 {
+ rval |= AVX512VBMI
+ }
+ }
+ }
+ }
+
+ if maxExtendedFunction() >= 0x80000001 {
+ _, _, c, d := cpuid(0x80000001)
+ if (c & (1 << 5)) != 0 {
+ rval |= LZCNT
+ rval |= POPCNT
+ }
+ if (d & (1 << 31)) != 0 {
+ rval |= AMD3DNOW
+ }
+ if (d & (1 << 30)) != 0 {
+ rval |= AMD3DNOWEXT
+ }
+ if (d & (1 << 23)) != 0 {
+ rval |= MMX
+ }
+ if (d & (1 << 22)) != 0 {
+ rval |= MMXEXT
+ }
+ if (c & (1 << 6)) != 0 {
+ rval |= SSE4A
+ }
+ if d&(1<<20) != 0 {
+ rval |= NX
+ }
+ if d&(1<<27) != 0 {
+ rval |= RDTSCP
+ }
+
+ /* Allow for selectively disabling SSE2 functions on AMD processors
+ with SSE2 support but not SSE4a. This includes Athlon64, some
+ Opteron, and some Sempron processors. MMX, SSE, or 3DNow! are faster
+ than SSE2 often enough to utilize this special-case flag.
+ AV_CPU_FLAG_SSE2 and AV_CPU_FLAG_SSE2SLOW are both set in this case
+ so that SSE2 is used unless explicitly disabled by checking
+ AV_CPU_FLAG_SSE2SLOW. */
+ if vendorID() != Intel &&
+ rval&SSE2 != 0 && (c&0x00000040) == 0 {
+ rval |= SSE2SLOW
+ }
+
+ /* XOP and FMA4 use the AVX instruction coding scheme, so they can't be
+ * used unless the OS has AVX support. */
+ if (rval & AVX) != 0 {
+ if (c & 0x00000800) != 0 {
+ rval |= XOP
+ }
+ if (c & 0x00010000) != 0 {
+ rval |= FMA4
+ }
+ }
+
+ if vendorID() == Intel {
+ family, model := familyModel()
+ if family == 6 && (model == 9 || model == 13 || model == 14) {
+ /* 6/9 (pentium-m "banias"), 6/13 (pentium-m "dothan"), and
+ * 6/14 (core1 "yonah") theoretically support sse2, but it's
+ * usually slower than mmx. */
+ if (rval & SSE2) != 0 {
+ rval |= SSE2SLOW
+ }
+ if (rval & SSE3) != 0 {
+ rval |= SSE3SLOW
+ }
+ }
+ /* The Atom processor has SSSE3 support, which is useful in many cases,
+ * but sometimes the SSSE3 version is slower than the SSE2 equivalent
+ * on the Atom, but is generally faster on other processors supporting
+ * SSSE3. This flag allows for selectively disabling certain SSSE3
+ * functions on the Atom. */
+ if family == 6 && model == 28 {
+ rval |= ATOM
+ }
+ }
+ }
+ return Flags(rval)
+}
+
+func valAsString(values ...uint32) []byte {
+ r := make([]byte, 4*len(values))
+ for i, v := range values {
+ dst := r[i*4:]
+ dst[0] = byte(v & 0xff)
+ dst[1] = byte((v >> 8) & 0xff)
+ dst[2] = byte((v >> 16) & 0xff)
+ dst[3] = byte((v >> 24) & 0xff)
+ switch {
+ case dst[0] == 0:
+ return r[:i*4]
+ case dst[1] == 0:
+ return r[:i*4+1]
+ case dst[2] == 0:
+ return r[:i*4+2]
+ case dst[3] == 0:
+ return r[:i*4+3]
+ }
+ }
+ return r
+}
diff --git a/vendor/github.com/klauspost/cpuid/cpuid_386.s b/vendor/github.com/klauspost/cpuid/cpuid_386.s
new file mode 100644
index 0000000..4d73171
--- /dev/null
+++ b/vendor/github.com/klauspost/cpuid/cpuid_386.s
@@ -0,0 +1,42 @@
+// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file.
+
+// +build 386,!gccgo
+
+// func asmCpuid(op uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·asmCpuid(SB), 7, $0
+ XORL CX, CX
+ MOVL op+0(FP), AX
+ CPUID
+ MOVL AX, eax+4(FP)
+ MOVL BX, ebx+8(FP)
+ MOVL CX, ecx+12(FP)
+ MOVL DX, edx+16(FP)
+ RET
+
+// func asmCpuidex(op, op2 uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·asmCpuidex(SB), 7, $0
+ MOVL op+0(FP), AX
+ MOVL op2+4(FP), CX
+ CPUID
+ MOVL AX, eax+8(FP)
+ MOVL BX, ebx+12(FP)
+ MOVL CX, ecx+16(FP)
+ MOVL DX, edx+20(FP)
+ RET
+
+// func xgetbv(index uint32) (eax, edx uint32)
+TEXT ·asmXgetbv(SB), 7, $0
+ MOVL index+0(FP), CX
+ BYTE $0x0f; BYTE $0x01; BYTE $0xd0 // XGETBV
+ MOVL AX, eax+4(FP)
+ MOVL DX, edx+8(FP)
+ RET
+
+// func asmRdtscpAsm() (eax, ebx, ecx, edx uint32)
+TEXT ·asmRdtscpAsm(SB), 7, $0
+ BYTE $0x0F; BYTE $0x01; BYTE $0xF9 // RDTSCP
+ MOVL AX, eax+0(FP)
+ MOVL BX, ebx+4(FP)
+ MOVL CX, ecx+8(FP)
+ MOVL DX, edx+12(FP)
+ RET
diff --git a/vendor/github.com/klauspost/cpuid/cpuid_amd64.s b/vendor/github.com/klauspost/cpuid/cpuid_amd64.s
new file mode 100644
index 0000000..3c1d60e
--- /dev/null
+++ b/vendor/github.com/klauspost/cpuid/cpuid_amd64.s
@@ -0,0 +1,42 @@
+// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file.
+
+//+build amd64,!gccgo
+
+// func asmCpuid(op uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·asmCpuid(SB), 7, $0
+ XORQ CX, CX
+ MOVL op+0(FP), AX
+ CPUID
+ MOVL AX, eax+8(FP)
+ MOVL BX, ebx+12(FP)
+ MOVL CX, ecx+16(FP)
+ MOVL DX, edx+20(FP)
+ RET
+
+// func asmCpuidex(op, op2 uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·asmCpuidex(SB), 7, $0
+ MOVL op+0(FP), AX
+ MOVL op2+4(FP), CX
+ CPUID
+ MOVL AX, eax+8(FP)
+ MOVL BX, ebx+12(FP)
+ MOVL CX, ecx+16(FP)
+ MOVL DX, edx+20(FP)
+ RET
+
+// func asmXgetbv(index uint32) (eax, edx uint32)
+TEXT ·asmXgetbv(SB), 7, $0
+ MOVL index+0(FP), CX
+ BYTE $0x0f; BYTE $0x01; BYTE $0xd0 // XGETBV
+ MOVL AX, eax+8(FP)
+ MOVL DX, edx+12(FP)
+ RET
+
+// func asmRdtscpAsm() (eax, ebx, ecx, edx uint32)
+TEXT ·asmRdtscpAsm(SB), 7, $0
+ BYTE $0x0F; BYTE $0x01; BYTE $0xF9 // RDTSCP
+ MOVL AX, eax+0(FP)
+ MOVL BX, ebx+4(FP)
+ MOVL CX, ecx+8(FP)
+ MOVL DX, edx+12(FP)
+ RET
diff --git a/vendor/github.com/klauspost/cpuid/detect_intel.go b/vendor/github.com/klauspost/cpuid/detect_intel.go
new file mode 100644
index 0000000..a5f04dd
--- /dev/null
+++ b/vendor/github.com/klauspost/cpuid/detect_intel.go
@@ -0,0 +1,17 @@
+// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file.
+
+// +build 386,!gccgo amd64,!gccgo
+
+package cpuid
+
+func asmCpuid(op uint32) (eax, ebx, ecx, edx uint32)
+func asmCpuidex(op, op2 uint32) (eax, ebx, ecx, edx uint32)
+func asmXgetbv(index uint32) (eax, edx uint32)
+func asmRdtscpAsm() (eax, ebx, ecx, edx uint32)
+
+func initCPU() {
+ cpuid = asmCpuid
+ cpuidex = asmCpuidex
+ xgetbv = asmXgetbv
+ rdtscpAsm = asmRdtscpAsm
+}
diff --git a/vendor/github.com/klauspost/cpuid/detect_ref.go b/vendor/github.com/klauspost/cpuid/detect_ref.go
new file mode 100644
index 0000000..909c5d9
--- /dev/null
+++ b/vendor/github.com/klauspost/cpuid/detect_ref.go
@@ -0,0 +1,23 @@
+// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file.
+
+// +build !amd64,!386 gccgo
+
+package cpuid
+
+func initCPU() {
+ cpuid = func(op uint32) (eax, ebx, ecx, edx uint32) {
+ return 0, 0, 0, 0
+ }
+
+ cpuidex = func(op, op2 uint32) (eax, ebx, ecx, edx uint32) {
+ return 0, 0, 0, 0
+ }
+
+ xgetbv = func(index uint32) (eax, edx uint32) {
+ return 0, 0
+ }
+
+ rdtscpAsm = func() (eax, ebx, ecx, edx uint32) {
+ return 0, 0, 0, 0
+ }
+}
diff --git a/vendor/github.com/klauspost/cpuid/generate.go b/vendor/github.com/klauspost/cpuid/generate.go
new file mode 100644
index 0000000..90e7a98
--- /dev/null
+++ b/vendor/github.com/klauspost/cpuid/generate.go
@@ -0,0 +1,4 @@
+package cpuid
+
+//go:generate go run private-gen.go
+//go:generate gofmt -w ./private
diff --git a/vendor/github.com/klauspost/cpuid/private-gen.go b/vendor/github.com/klauspost/cpuid/private-gen.go
new file mode 100644
index 0000000..437333d
--- /dev/null
+++ b/vendor/github.com/klauspost/cpuid/private-gen.go
@@ -0,0 +1,476 @@
+// +build ignore
+
+package main
+
+import (
+ "bytes"
+ "fmt"
+ "go/ast"
+ "go/parser"
+ "go/printer"
+ "go/token"
+ "io"
+ "io/ioutil"
+ "log"
+ "os"
+ "reflect"
+ "strings"
+ "unicode"
+ "unicode/utf8"
+)
+
+var inFiles = []string{"cpuid.go", "cpuid_test.go"}
+var copyFiles = []string{"cpuid_amd64.s", "cpuid_386.s", "detect_ref.go", "detect_intel.go"}
+var fileSet = token.NewFileSet()
+var reWrites = []rewrite{
+ initRewrite("CPUInfo -> cpuInfo"),
+ initRewrite("Vendor -> vendor"),
+ initRewrite("Flags -> flags"),
+ initRewrite("Detect -> detect"),
+ initRewrite("CPU -> cpu"),
+}
+var excludeNames = map[string]bool{"string": true, "join": true, "trim": true,
+ // cpuid_test.go
+ "t": true, "println": true, "logf": true, "log": true, "fatalf": true, "fatal": true,
+}
+
+var excludePrefixes = []string{"test", "benchmark"}
+
+func main() {
+ Package := "private"
+ parserMode := parser.ParseComments
+ exported := make(map[string]rewrite)
+ for _, file := range inFiles {
+ in, err := os.Open(file)
+ if err != nil {
+ log.Fatalf("opening input", err)
+ }
+
+ src, err := ioutil.ReadAll(in)
+ if err != nil {
+ log.Fatalf("reading input", err)
+ }
+
+ astfile, err := parser.ParseFile(fileSet, file, src, parserMode)
+ if err != nil {
+ log.Fatalf("parsing input", err)
+ }
+
+ for _, rw := range reWrites {
+ astfile = rw(astfile)
+ }
+
+ // Inspect the AST and print all identifiers and literals.
+ var startDecl token.Pos
+ var endDecl token.Pos
+ ast.Inspect(astfile, func(n ast.Node) bool {
+ var s string
+ switch x := n.(type) {
+ case *ast.Ident:
+ if x.IsExported() {
+ t := strings.ToLower(x.Name)
+ for _, pre := range excludePrefixes {
+ if strings.HasPrefix(t, pre) {
+ return true
+ }
+ }
+ if excludeNames[t] != true {
+ //if x.Pos() > startDecl && x.Pos() < endDecl {
+ exported[x.Name] = initRewrite(x.Name + " -> " + t)
+ }
+ }
+
+ case *ast.GenDecl:
+ if x.Tok == token.CONST && x.Lparen > 0 {
+ startDecl = x.Lparen
+ endDecl = x.Rparen
+ // fmt.Printf("Decl:%s -> %s\n", fileSet.Position(startDecl), fileSet.Position(endDecl))
+ }
+ }
+ if s != "" {
+ fmt.Printf("%s:\t%s\n", fileSet.Position(n.Pos()), s)
+ }
+ return true
+ })
+
+ for _, rw := range exported {
+ astfile = rw(astfile)
+ }
+
+ var buf bytes.Buffer
+
+ printer.Fprint(&buf, fileSet, astfile)
+
+ // Remove package documentation and insert information
+ s := buf.String()
+ ind := strings.Index(buf.String(), "\npackage cpuid")
+ s = s[ind:]
+ s = "// Generated, DO NOT EDIT,\n" +
+ "// but copy it to your own project and rename the package.\n" +
+ "// See more at http://github.com/klauspost/cpuid\n" +
+ s
+
+ outputName := Package + string(os.PathSeparator) + file
+
+ err = ioutil.WriteFile(outputName, []byte(s), 0644)
+ if err != nil {
+ log.Fatalf("writing output: %s", err)
+ }
+ log.Println("Generated", outputName)
+ }
+
+ for _, file := range copyFiles {
+ dst := ""
+ if strings.HasPrefix(file, "cpuid") {
+ dst = Package + string(os.PathSeparator) + file
+ } else {
+ dst = Package + string(os.PathSeparator) + "cpuid_" + file
+ }
+ err := copyFile(file, dst)
+ if err != nil {
+ log.Fatalf("copying file: %s", err)
+ }
+ log.Println("Copied", dst)
+ }
+}
+
+// CopyFile copies a file from src to dst. If src and dst files exist, and are
+// the same, then return success. Copy the file contents from src to dst.
+func copyFile(src, dst string) (err error) {
+ sfi, err := os.Stat(src)
+ if err != nil {
+ return
+ }
+ if !sfi.Mode().IsRegular() {
+ // cannot copy non-regular files (e.g., directories,
+ // symlinks, devices, etc.)
+ return fmt.Errorf("CopyFile: non-regular source file %s (%q)", sfi.Name(), sfi.Mode().String())
+ }
+ dfi, err := os.Stat(dst)
+ if err != nil {
+ if !os.IsNotExist(err) {
+ return
+ }
+ } else {
+ if !(dfi.Mode().IsRegular()) {
+ return fmt.Errorf("CopyFile: non-regular destination file %s (%q)", dfi.Name(), dfi.Mode().String())
+ }
+ if os.SameFile(sfi, dfi) {
+ return
+ }
+ }
+ err = copyFileContents(src, dst)
+ return
+}
+
+// copyFileContents copies the contents of the file named src to the file named
+// by dst. The file will be created if it does not already exist. If the
+// destination file exists, all it's contents will be replaced by the contents
+// of the source file.
+func copyFileContents(src, dst string) (err error) {
+ in, err := os.Open(src)
+ if err != nil {
+ return
+ }
+ defer in.Close()
+ out, err := os.Create(dst)
+ if err != nil {
+ return
+ }
+ defer func() {
+ cerr := out.Close()
+ if err == nil {
+ err = cerr
+ }
+ }()
+ if _, err = io.Copy(out, in); err != nil {
+ return
+ }
+ err = out.Sync()
+ return
+}
+
+type rewrite func(*ast.File) *ast.File
+
+// Mostly copied from gofmt
+func initRewrite(rewriteRule string) rewrite {
+ f := strings.Split(rewriteRule, "->")
+ if len(f) != 2 {
+ fmt.Fprintf(os.Stderr, "rewrite rule must be of the form 'pattern -> replacement'\n")
+ os.Exit(2)
+ }
+ pattern := parseExpr(f[0], "pattern")
+ replace := parseExpr(f[1], "replacement")
+ return func(p *ast.File) *ast.File { return rewriteFile(pattern, replace, p) }
+}
+
+// parseExpr parses s as an expression.
+// It might make sense to expand this to allow statement patterns,
+// but there are problems with preserving formatting and also
+// with what a wildcard for a statement looks like.
+func parseExpr(s, what string) ast.Expr {
+ x, err := parser.ParseExpr(s)
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "parsing %s %s at %s\n", what, s, err)
+ os.Exit(2)
+ }
+ return x
+}
+
+// Keep this function for debugging.
+/*
+func dump(msg string, val reflect.Value) {
+ fmt.Printf("%s:\n", msg)
+ ast.Print(fileSet, val.Interface())
+ fmt.Println()
+}
+*/
+
+// rewriteFile applies the rewrite rule 'pattern -> replace' to an entire file.
+func rewriteFile(pattern, replace ast.Expr, p *ast.File) *ast.File {
+ cmap := ast.NewCommentMap(fileSet, p, p.Comments)
+ m := make(map[string]reflect.Value)
+ pat := reflect.ValueOf(pattern)
+ repl := reflect.ValueOf(replace)
+
+ var rewriteVal func(val reflect.Value) reflect.Value
+ rewriteVal = func(val reflect.Value) reflect.Value {
+ // don't bother if val is invalid to start with
+ if !val.IsValid() {
+ return reflect.Value{}
+ }
+ for k := range m {
+ delete(m, k)
+ }
+ val = apply(rewriteVal, val)
+ if match(m, pat, val) {
+ val = subst(m, repl, reflect.ValueOf(val.Interface().(ast.Node).Pos()))
+ }
+ return val
+ }
+
+ r := apply(rewriteVal, reflect.ValueOf(p)).Interface().(*ast.File)
+ r.Comments = cmap.Filter(r).Comments() // recreate comments list
+ return r
+}
+
+// set is a wrapper for x.Set(y); it protects the caller from panics if x cannot be changed to y.
+func set(x, y reflect.Value) {
+ // don't bother if x cannot be set or y is invalid
+ if !x.CanSet() || !y.IsValid() {
+ return
+ }
+ defer func() {
+ if x := recover(); x != nil {
+ if s, ok := x.(string); ok &&
+ (strings.Contains(s, "type mismatch") || strings.Contains(s, "not assignable")) {
+ // x cannot be set to y - ignore this rewrite
+ return
+ }
+ panic(x)
+ }
+ }()
+ x.Set(y)
+}
+
+// Values/types for special cases.
+var (
+ objectPtrNil = reflect.ValueOf((*ast.Object)(nil))
+ scopePtrNil = reflect.ValueOf((*ast.Scope)(nil))
+
+ identType = reflect.TypeOf((*ast.Ident)(nil))
+ objectPtrType = reflect.TypeOf((*ast.Object)(nil))
+ positionType = reflect.TypeOf(token.NoPos)
+ callExprType = reflect.TypeOf((*ast.CallExpr)(nil))
+ scopePtrType = reflect.TypeOf((*ast.Scope)(nil))
+)
+
+// apply replaces each AST field x in val with f(x), returning val.
+// To avoid extra conversions, f operates on the reflect.Value form.
+func apply(f func(reflect.Value) reflect.Value, val reflect.Value) reflect.Value {
+ if !val.IsValid() {
+ return reflect.Value{}
+ }
+
+ // *ast.Objects introduce cycles and are likely incorrect after
+ // rewrite; don't follow them but replace with nil instead
+ if val.Type() == objectPtrType {
+ return objectPtrNil
+ }
+
+ // similarly for scopes: they are likely incorrect after a rewrite;
+ // replace them with nil
+ if val.Type() == scopePtrType {
+ return scopePtrNil
+ }
+
+ switch v := reflect.Indirect(val); v.Kind() {
+ case reflect.Slice:
+ for i := 0; i < v.Len(); i++ {
+ e := v.Index(i)
+ set(e, f(e))
+ }
+ case reflect.Struct:
+ for i := 0; i < v.NumField(); i++ {
+ e := v.Field(i)
+ set(e, f(e))
+ }
+ case reflect.Interface:
+ e := v.Elem()
+ set(v, f(e))
+ }
+ return val
+}
+
+func isWildcard(s string) bool {
+ rune, size := utf8.DecodeRuneInString(s)
+ return size == len(s) && unicode.IsLower(rune)
+}
+
+// match returns true if pattern matches val,
+// recording wildcard submatches in m.
+// If m == nil, match checks whether pattern == val.
+func match(m map[string]reflect.Value, pattern, val reflect.Value) bool {
+ // Wildcard matches any expression. If it appears multiple
+ // times in the pattern, it must match the same expression
+ // each time.
+ if m != nil && pattern.IsValid() && pattern.Type() == identType {
+ name := pattern.Interface().(*ast.Ident).Name
+ if isWildcard(name) && val.IsValid() {
+ // wildcards only match valid (non-nil) expressions.
+ if _, ok := val.Interface().(ast.Expr); ok && !val.IsNil() {
+ if old, ok := m[name]; ok {
+ return match(nil, old, val)
+ }
+ m[name] = val
+ return true
+ }
+ }
+ }
+
+ // Otherwise, pattern and val must match recursively.
+ if !pattern.IsValid() || !val.IsValid() {
+ return !pattern.IsValid() && !val.IsValid()
+ }
+ if pattern.Type() != val.Type() {
+ return false
+ }
+
+ // Special cases.
+ switch pattern.Type() {
+ case identType:
+ // For identifiers, only the names need to match
+ // (and none of the other *ast.Object information).
+ // This is a common case, handle it all here instead
+ // of recursing down any further via reflection.
+ p := pattern.Interface().(*ast.Ident)
+ v := val.Interface().(*ast.Ident)
+ return p == nil && v == nil || p != nil && v != nil && p.Name == v.Name
+ case objectPtrType, positionType:
+ // object pointers and token positions always match
+ return true
+ case callExprType:
+ // For calls, the Ellipsis fields (token.Position) must
+ // match since that is how f(x) and f(x...) are different.
+ // Check them here but fall through for the remaining fields.
+ p := pattern.Interface().(*ast.CallExpr)
+ v := val.Interface().(*ast.CallExpr)
+ if p.Ellipsis.IsValid() != v.Ellipsis.IsValid() {
+ return false
+ }
+ }
+
+ p := reflect.Indirect(pattern)
+ v := reflect.Indirect(val)
+ if !p.IsValid() || !v.IsValid() {
+ return !p.IsValid() && !v.IsValid()
+ }
+
+ switch p.Kind() {
+ case reflect.Slice:
+ if p.Len() != v.Len() {
+ return false
+ }
+ for i := 0; i < p.Len(); i++ {
+ if !match(m, p.Index(i), v.Index(i)) {
+ return false
+ }
+ }
+ return true
+
+ case reflect.Struct:
+ for i := 0; i < p.NumField(); i++ {
+ if !match(m, p.Field(i), v.Field(i)) {
+ return false
+ }
+ }
+ return true
+
+ case reflect.Interface:
+ return match(m, p.Elem(), v.Elem())
+ }
+
+ // Handle token integers, etc.
+ return p.Interface() == v.Interface()
+}
+
+// subst returns a copy of pattern with values from m substituted in place
+// of wildcards and pos used as the position of tokens from the pattern.
+// if m == nil, subst returns a copy of pattern and doesn't change the line
+// number information.
+func subst(m map[string]reflect.Value, pattern reflect.Value, pos reflect.Value) reflect.Value {
+ if !pattern.IsValid() {
+ return reflect.Value{}
+ }
+
+ // Wildcard gets replaced with map value.
+ if m != nil && pattern.Type() == identType {
+ name := pattern.Interface().(*ast.Ident).Name
+ if isWildcard(name) {
+ if old, ok := m[name]; ok {
+ return subst(nil, old, reflect.Value{})
+ }
+ }
+ }
+
+ if pos.IsValid() && pattern.Type() == positionType {
+ // use new position only if old position was valid in the first place
+ if old := pattern.Interface().(token.Pos); !old.IsValid() {
+ return pattern
+ }
+ return pos
+ }
+
+ // Otherwise copy.
+ switch p := pattern; p.Kind() {
+ case reflect.Slice:
+ v := reflect.MakeSlice(p.Type(), p.Len(), p.Len())
+ for i := 0; i < p.Len(); i++ {
+ v.Index(i).Set(subst(m, p.Index(i), pos))
+ }
+ return v
+
+ case reflect.Struct:
+ v := reflect.New(p.Type()).Elem()
+ for i := 0; i < p.NumField(); i++ {
+ v.Field(i).Set(subst(m, p.Field(i), pos))
+ }
+ return v
+
+ case reflect.Ptr:
+ v := reflect.New(p.Type()).Elem()
+ if elem := p.Elem(); elem.IsValid() {
+ v.Set(subst(m, elem, pos).Addr())
+ }
+ return v
+
+ case reflect.Interface:
+ v := reflect.New(p.Type()).Elem()
+ if elem := p.Elem(); elem.IsValid() {
+ v.Set(subst(m, elem, pos))
+ }
+ return v
+ }
+
+ return pattern
+}
diff --git a/vendor/github.com/klauspost/reedsolomon/LICENSE b/vendor/github.com/klauspost/reedsolomon/LICENSE
new file mode 100644
index 0000000..a947e16
--- /dev/null
+++ b/vendor/github.com/klauspost/reedsolomon/LICENSE
@@ -0,0 +1,23 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Klaus Post
+Copyright (c) 2015 Backblaze
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/vendor/github.com/klauspost/reedsolomon/README.md b/vendor/github.com/klauspost/reedsolomon/README.md
new file mode 100644
index 0000000..aceff05
--- /dev/null
+++ b/vendor/github.com/klauspost/reedsolomon/README.md
@@ -0,0 +1,279 @@
+# Reed-Solomon
+[![GoDoc][1]][2] [![Build Status][3]][4]
+
+[1]: https://godoc.org/github.com/klauspost/reedsolomon?status.svg
+[2]: https://godoc.org/github.com/klauspost/reedsolomon
+[3]: https://travis-ci.org/klauspost/reedsolomon.svg?branch=master
+[4]: https://travis-ci.org/klauspost/reedsolomon
+
+Reed-Solomon Erasure Coding in Go, with speeds exceeding 1GB/s/cpu core implemented in pure Go.
+
+This is a Go port of the [JavaReedSolomon](https://github.com/Backblaze/JavaReedSolomon) library released by [Backblaze](http://backblaze.com), with some additional optimizations.
+
+For an introduction on erasure coding, see the post on the [Backblaze blog](https://www.backblaze.com/blog/reed-solomon/).
+
+Package home: https://github.com/klauspost/reedsolomon
+
+Godoc: https://godoc.org/github.com/klauspost/reedsolomon
+
+# Installation
+To get the package use the standard:
+```bash
+go get -u github.com/klauspost/reedsolomon
+```
+
+# Changes
+
+## November 18, 2017
+
+Added [WithAutoGoroutines](https://godoc.org/github.com/klauspost/reedsolomon#WithAutoGoroutines) which will attempt to calculate the optimal number of goroutines to use based on your expected shard size and detected CPU.
+
+## October 1, 2017
+
+* [Cauchy Matrix](https://godoc.org/github.com/klauspost/reedsolomon#WithCauchyMatrix) is now an option. Thanks to [templexxx](https://github.com/templexxx) for the basis of this.
+* Default maximum number of [goroutines](https://godoc.org/github.com/klauspost/reedsolomon#WithMaxGoroutines) has been increased for better multi-core scaling.
+* After several requests the Reconstruct and ReconstructData now slices of zero length but sufficient capacity to be used instead of allocating new memory.
+
+## August 26, 2017
+
+* The [`Encoder()`](https://godoc.org/github.com/klauspost/reedsolomon#Encoder) now contains an `Update` function contributed by [chenzhongtao](https://github.com/chenzhongtao).
+* [Frank Wessels](https://github.com/fwessels) kindly contributed ARM 64 bit assembly, which gives a huge performance boost on this platform.
+
+## July 20, 2017
+
+`ReconstructData` added to [`Encoder`](https://godoc.org/github.com/klauspost/reedsolomon#Encoder) interface. This can cause compatibility issues if you implement your own Encoder. A simple workaround can be added:
+```Go
+func (e *YourEnc) ReconstructData(shards [][]byte) error {
+ return ReconstructData(shards)
+}
+```
+
+You can of course also do your own implementation. The [`StreamEncoder`](https://godoc.org/github.com/klauspost/reedsolomon#StreamEncoder) handles this without modifying the interface. This is a good lesson on why returning interfaces is not a good design.
+
+# Usage
+
+This section assumes you know the basics of Reed-Solomon encoding. A good start is this [Backblaze blog post](https://www.backblaze.com/blog/reed-solomon/).
+
+This package performs the calculation of the parity sets. The usage is therefore relatively simple.
+
+First of all, you need to choose your distribution of data and parity shards. A 'good' distribution is very subjective, and will depend a lot on your usage scenario. A good starting point is above 5 and below 257 data shards (the maximum supported number), and the number of parity shards to be 2 or above, and below the number of data shards.
+
+To create an encoder with 10 data shards (where your data goes) and 3 parity shards (calculated):
+```Go
+ enc, err := reedsolomon.New(10, 3)
+```
+This encoder will work for all parity sets with this distribution of data and parity shards. The error will only be set if you specify 0 or negative values in any of the parameters, or if you specify more than 256 data shards.
+
+The you send and receive data is a simple slice of byte slices; `[][]byte`. In the example above, the top slice must have a length of 13.
+```Go
+ data := make([][]byte, 13)
+```
+You should then fill the 10 first slices with *equally sized* data, and create parity shards that will be populated with parity data. In this case we create the data in memory, but you could for instance also use [mmap](https://github.com/edsrzf/mmap-go) to map files.
+
+```Go
+ // Create all shards, size them at 50000 each
+ for i := range input {
+ data[i] := make([]byte, 50000)
+ }
+
+
+ // Fill some data into the data shards
+ for i, in := range data[:10] {
+ for j:= range in {
+ in[j] = byte((i+j)&0xff)
+ }
+ }
+```
+
+To populate the parity shards, you simply call `Encode()` with your data.
+```Go
+ err = enc.Encode(data)
+```
+The only cases where you should get an error is, if the data shards aren't of equal size. The last 3 shards now contain parity data. You can verify this by calling `Verify()`:
+
+```Go
+ ok, err = enc.Verify(data)
+```
+
+The final (and important) part is to be able to reconstruct missing shards. For this to work, you need to know which parts of your data is missing. The encoder *does not know which parts are invalid*, so if data corruption is a likely scenario, you need to implement a hash check for each shard. If a byte has changed in your set, and you don't know which it is, there is no way to reconstruct the data set.
+
+To indicate missing data, you set the shard to nil before calling `Reconstruct()`:
+
+```Go
+ // Delete two data shards
+ data[3] = nil
+ data[7] = nil
+
+ // Reconstruct the missing shards
+ err := enc.Reconstruct(data)
+```
+The missing data and parity shards will be recreated. If more than 3 shards are missing, the reconstruction will fail.
+
+If you are only interested in the data shards (for reading purposes) you can call `ReconstructData()`:
+
+```Go
+ // Delete two data shards
+ data[3] = nil
+ data[7] = nil
+
+ // Reconstruct just the missing data shards
+ err := enc.ReconstructData(data)
+```
+
+So to sum up reconstruction:
+* The number of data/parity shards must match the numbers used for encoding.
+* The order of shards must be the same as used when encoding.
+* You may only supply data you know is valid.
+* Invalid shards should be set to nil.
+
+For complete examples of an encoder and decoder see the [examples folder](https://github.com/klauspost/reedsolomon/tree/master/examples).
+
+# Splitting/Joining Data
+
+You might have a large slice of data. To help you split this, there are some helper functions that can split and join a single byte slice.
+
+```Go
+ bigfile, _ := ioutil.Readfile("myfile.data")
+
+ // Split the file
+ split, err := enc.Split(bigfile)
+```
+This will split the file into the number of data shards set when creating the encoder and create empty parity shards.
+
+An important thing to note is that you have to *keep track of the exact input size*. If the size of the input isn't divisible by the number of data shards, extra zeros will be inserted in the last shard.
+
+To join a data set, use the `Join()` function, which will join the shards and write it to the `io.Writer` you supply:
+```Go
+ // Join a data set and write it to io.Discard.
+ err = enc.Join(io.Discard, data, len(bigfile))
+```
+
+# Streaming/Merging
+
+It might seem like a limitation that all data should be in memory, but an important property is that *as long as the number of data/parity shards are the same, you can merge/split data sets*, and they will remain valid as a separate set.
+
+```Go
+ // Split the data set of 50000 elements into two of 25000
+ splitA := make([][]byte, 13)
+ splitB := make([][]byte, 13)
+
+ // Merge into a 100000 element set
+ merged := make([][]byte, 13)
+
+ for i := range data {
+ splitA[i] = data[i][:25000]
+ splitB[i] = data[i][25000:]
+
+ // Concatenate it to itself
+ merged[i] = append(make([]byte, 0, len(data[i])*2), data[i]...)
+ merged[i] = append(merged[i], data[i]...)
+ }
+
+ // Each part should still verify as ok.
+ ok, err := enc.Verify(splitA)
+ if ok && err == nil {
+ log.Println("splitA ok")
+ }
+
+ ok, err = enc.Verify(splitB)
+ if ok && err == nil {
+ log.Println("splitB ok")
+ }
+
+ ok, err = enc.Verify(merge)
+ if ok && err == nil {
+ log.Println("merge ok")
+ }
+```
+
+This means that if you have a data set that may not fit into memory, you can split processing into smaller blocks. For the best throughput, don't use too small blocks.
+
+This also means that you can divide big input up into smaller blocks, and do reconstruction on parts of your data. This doesn't give the same flexibility of a higher number of data shards, but it will be much more performant.
+
+# Streaming API
+
+There has been added support for a streaming API, to help perform fully streaming operations, which enables you to do the same operations, but on streams. To use the stream API, use [`NewStream`](https://godoc.org/github.com/klauspost/reedsolomon#NewStream) function to create the encoding/decoding interfaces. You can use [`NewStreamC`](https://godoc.org/github.com/klauspost/reedsolomon#NewStreamC) to ready an interface that reads/writes concurrently from the streams.
+
+Input is delivered as `[]io.Reader`, output as `[]io.Writer`, and functionality corresponds to the in-memory API. Each stream must supply the same amount of data, similar to how each slice must be similar size with the in-memory API.
+If an error occurs in relation to a stream, a [`StreamReadError`](https://godoc.org/github.com/klauspost/reedsolomon#StreamReadError) or [`StreamWriteError`](https://godoc.org/github.com/klauspost/reedsolomon#StreamWriteError) will help you determine which stream was the offender.
+
+There is no buffering or timeouts/retry specified. If you want to add that, you need to add it to the Reader/Writer.
+
+For complete examples of a streaming encoder and decoder see the [examples folder](https://github.com/klauspost/reedsolomon/tree/master/examples).
+
+# Advanced Options
+
+You can modify internal options which affects how jobs are split between and processed by goroutines.
+
+To create options, use the WithXXX functions. You can supply options to `New`, `NewStream` and `NewStreamC`. If no Options are supplied, default options are used.
+
+Example of how to supply options:
+
+ ```Go
+ enc, err := reedsolomon.New(10, 3, WithMaxGoroutines(25))
+ ```
+
+
+# Performance
+Performance depends mainly on the number of parity shards. In rough terms, doubling the number of parity shards will double the encoding time.
+
+Here are the throughput numbers with some different selections of data and parity shards. For reference each shard is 1MB random data, and 2 CPU cores are used for encoding.
+
+| Data | Parity | Parity | MB/s | SSSE3 MB/s | SSSE3 Speed | Rel. Speed |
+|------|--------|--------|--------|-------------|-------------|------------|
+| 5 | 2 | 40% | 576,11 | 2599,2 | 451% | 100,00% |
+| 10 | 2 | 20% | 587,73 | 3100,28 | 528% | 102,02% |
+| 10 | 4 | 40% | 298,38 | 2470,97 | 828% | 51,79% |
+| 50 | 20 | 40% | 59,81 | 713,28 | 1193% | 10,38% |
+
+If `runtime.GOMAXPROCS()` is set to a value higher than 1, the encoder will use multiple goroutines to perform the calculations in `Verify`, `Encode` and `Reconstruct`.
+
+Example of performance scaling on Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz - 4 physical cores, 8 logical cores. The example uses 10 blocks with 16MB data each and 4 parity blocks.
+
+| Threads | MB/s | Speed |
+|---------|---------|-------|
+| 1 | 1355,11 | 100% |
+| 2 | 2339,78 | 172% |
+| 4 | 3179,33 | 235% |
+| 8 | 4346,18 | 321% |
+
+Benchmarking `Reconstruct()` followed by a `Verify()` (=`all`) versus just calling `ReconstructData()` (=`data`) gives the following result:
+```
+benchmark all MB/s data MB/s speedup
+BenchmarkReconstruct10x2x10000-8 2011.67 10530.10 5.23x
+BenchmarkReconstruct50x5x50000-8 4585.41 14301.60 3.12x
+BenchmarkReconstruct10x2x1M-8 8081.15 28216.41 3.49x
+BenchmarkReconstruct5x2x1M-8 5780.07 28015.37 4.85x
+BenchmarkReconstruct10x4x1M-8 4352.56 14367.61 3.30x
+BenchmarkReconstruct50x20x1M-8 1364.35 4189.79 3.07x
+BenchmarkReconstruct10x4x16M-8 1484.35 5779.53 3.89x
+```
+
+# Performance on ARM64 NEON
+
+By exploiting NEON instructions the performance for ARM has been accelerated. Below are the performance numbers for a single core on an ARM Cortex-A53 CPU @ 1.2GHz (Debian 8.0 Jessie running Go: 1.7.4):
+
+| Data | Parity | Parity | ARM64 Go MB/s | ARM64 NEON MB/s | NEON Speed |
+|------|--------|--------|--------------:|----------------:|-----------:|
+| 5 | 2 | 40% | 189 | 1304 | 588% |
+| 10 | 2 | 20% | 188 | 1738 | 925% |
+| 10 | 4 | 40% | 96 | 839 | 877% |
+
+# asm2plan9s
+
+[asm2plan9s](https://github.com/fwessels/asm2plan9s) is used for assembling the AVX2 instructions into their BYTE/WORD/LONG equivalents.
+
+# Links
+* [Backblaze Open Sources Reed-Solomon Erasure Coding Source Code](https://www.backblaze.com/blog/reed-solomon/).
+* [JavaReedSolomon](https://github.com/Backblaze/JavaReedSolomon). Compatible java library by Backblaze.
+* [ocaml-reed-solomon-erasure](https://gitlab.com/darrenldl/ocaml-reed-solomon-erasure). Compatible OCaml implementation.
+* [reedsolomon-c](https://github.com/jannson/reedsolomon-c). C version, compatible with output from this package.
+* [Reed-Solomon Erasure Coding in Haskell](https://github.com/NicolasT/reedsolomon). Haskell port of the package with similar performance.
+* [reed-solomon-erasure](https://github.com/darrenldl/reed-solomon-erasure). Compatible Rust implementation.
+* [go-erasure](https://github.com/somethingnew2-0/go-erasure). A similar library using cgo, slower in my tests.
+* [rsraid](https://github.com/goayame/rsraid). A similar library written in Go. Slower, but supports more shards.
+* [Screaming Fast Galois Field Arithmetic](http://www.snia.org/sites/default/files2/SDC2013/presentations/NewThinking/EthanMiller_Screaming_Fast_Galois_Field%20Arithmetic_SIMD%20Instructions.pdf). Basis for SSE3 optimizations.
+
+# License
+
+This code, as the original [JavaReedSolomon](https://github.com/Backblaze/JavaReedSolomon) is published under an MIT license. See LICENSE file for more information.
diff --git a/vendor/github.com/klauspost/reedsolomon/appveyor.yml b/vendor/github.com/klauspost/reedsolomon/appveyor.yml
new file mode 100644
index 0000000..9bb067f
--- /dev/null
+++ b/vendor/github.com/klauspost/reedsolomon/appveyor.yml
@@ -0,0 +1,20 @@
+os: Visual Studio 2015
+
+platform: x64
+
+clone_folder: c:\gopath\src\github.com\klauspost\reedsolomon
+
+# environment variables
+environment:
+ GOPATH: c:\gopath
+
+install:
+ - echo %PATH%
+ - echo %GOPATH%
+ - go version
+ - go env
+ - go get -d ./...
+
+build_script:
+ - go test -v -cpu=2 ./...
+ - go test -cpu=1,2,4 -short -race ./...
diff --git a/vendor/github.com/klauspost/reedsolomon/galois.go b/vendor/github.com/klauspost/reedsolomon/galois.go
new file mode 100644
index 0000000..2daf186
--- /dev/null
+++ b/vendor/github.com/klauspost/reedsolomon/galois.go
@@ -0,0 +1,902 @@
+/**
+ * 8-bit Galois Field
+ * Copyright 2015, Klaus Post
+ * Copyright 2015, Backblaze, Inc. All rights reserved.
+ */
+
+package reedsolomon
+
+const (
+ // The number of elements in the field.
+ fieldSize = 256
+
+ // The polynomial used to generate the logarithm table.
+ //
+ // There are a number of polynomials that work to generate
+ // a Galois field of 256 elements. The choice is arbitrary,
+ // and we just use the first one.
+ //
+ // The possibilities are: 29, 43, 45, 77, 95, 99, 101, 105,
+ //* 113, 135, 141, 169, 195, 207, 231, and 245.
+ generatingPolynomial = 29
+)
+
+var logTable = [fieldSize]byte{
+ 0, 0, 1, 25, 2, 50, 26, 198,
+ 3, 223, 51, 238, 27, 104, 199, 75,
+ 4, 100, 224, 14, 52, 141, 239, 129,
+ 28, 193, 105, 248, 200, 8, 76, 113,
+ 5, 138, 101, 47, 225, 36, 15, 33,
+ 53, 147, 142, 218, 240, 18, 130, 69,
+ 29, 181, 194, 125, 106, 39, 249, 185,
+ 201, 154, 9, 120, 77, 228, 114, 166,
+ 6, 191, 139, 98, 102, 221, 48, 253,
+ 226, 152, 37, 179, 16, 145, 34, 136,
+ 54, 208, 148, 206, 143, 150, 219, 189,
+ 241, 210, 19, 92, 131, 56, 70, 64,
+ 30, 66, 182, 163, 195, 72, 126, 110,
+ 107, 58, 40, 84, 250, 133, 186, 61,
+ 202, 94, 155, 159, 10, 21, 121, 43,
+ 78, 212, 229, 172, 115, 243, 167, 87,
+ 7, 112, 192, 247, 140, 128, 99, 13,
+ 103, 74, 222, 237, 49, 197, 254, 24,
+ 227, 165, 153, 119, 38, 184, 180, 124,
+ 17, 68, 146, 217, 35, 32, 137, 46,
+ 55, 63, 209, 91, 149, 188, 207, 205,
+ 144, 135, 151, 178, 220, 252, 190, 97,
+ 242, 86, 211, 171, 20, 42, 93, 158,
+ 132, 60, 57, 83, 71, 109, 65, 162,
+ 31, 45, 67, 216, 183, 123, 164, 118,
+ 196, 23, 73, 236, 127, 12, 111, 246,
+ 108, 161, 59, 82, 41, 157, 85, 170,
+ 251, 96, 134, 177, 187, 204, 62, 90,
+ 203, 89, 95, 176, 156, 169, 160, 81,
+ 11, 245, 22, 235, 122, 117, 44, 215,
+ 79, 174, 213, 233, 230, 231, 173, 232,
+ 116, 214, 244, 234, 168, 80, 88, 175,
+}
+
+/**
+ * Inverse of the logarithm table. Maps integer logarithms
+ * to members of the field. There is no entry for 255
+ * because the highest log is 254.
+ *
+ * This table was generated by `go run gentables.go`
+ */
+var expTable = []byte{0x1, 0x2, 0x4, 0x8, 0x10, 0x20, 0x40, 0x80, 0x1d, 0x3a, 0x74, 0xe8, 0xcd, 0x87, 0x13, 0x26, 0x4c, 0x98, 0x2d, 0x5a, 0xb4, 0x75, 0xea, 0xc9, 0x8f, 0x3, 0x6, 0xc, 0x18, 0x30, 0x60, 0xc0, 0x9d, 0x27, 0x4e, 0x9c, 0x25, 0x4a, 0x94, 0x35, 0x6a, 0xd4, 0xb5, 0x77, 0xee, 0xc1, 0x9f, 0x23, 0x46, 0x8c, 0x5, 0xa, 0x14, 0x28, 0x50, 0xa0, 0x5d, 0xba, 0x69, 0xd2, 0xb9, 0x6f, 0xde, 0xa1, 0x5f, 0xbe, 0x61, 0xc2, 0x99, 0x2f, 0x5e, 0xbc, 0x65, 0xca, 0x89, 0xf, 0x1e, 0x3c, 0x78, 0xf0, 0xfd, 0xe7, 0xd3, 0xbb, 0x6b, 0xd6, 0xb1, 0x7f, 0xfe, 0xe1, 0xdf, 0xa3, 0x5b, 0xb6, 0x71, 0xe2, 0xd9, 0xaf, 0x43, 0x86, 0x11, 0x22, 0x44, 0x88, 0xd, 0x1a, 0x34, 0x68, 0xd0, 0xbd, 0x67, 0xce, 0x81, 0x1f, 0x3e, 0x7c, 0xf8, 0xed, 0xc7, 0x93, 0x3b, 0x76, 0xec, 0xc5, 0x97, 0x33, 0x66, 0xcc, 0x85, 0x17, 0x2e, 0x5c, 0xb8, 0x6d, 0xda, 0xa9, 0x4f, 0x9e, 0x21, 0x42, 0x84, 0x15, 0x2a, 0x54, 0xa8, 0x4d, 0x9a, 0x29, 0x52, 0xa4, 0x55, 0xaa, 0x49, 0x92, 0x39, 0x72, 0xe4, 0xd5, 0xb7, 0x73, 0xe6, 0xd1, 0xbf, 0x63, 0xc6, 0x91, 0x3f, 0x7e, 0xfc, 0xe5, 0xd7, 0xb3, 0x7b, 0xf6, 0xf1, 0xff, 0xe3, 0xdb, 0xab, 0x4b, 0x96, 0x31, 0x62, 0xc4, 0x95, 0x37, 0x6e, 0xdc, 0xa5, 0x57, 0xae, 0x41, 0x82, 0x19, 0x32, 0x64, 0xc8, 0x8d, 0x7, 0xe, 0x1c, 0x38, 0x70, 0xe0, 0xdd, 0xa7, 0x53, 0xa6, 0x51, 0xa2, 0x59, 0xb2, 0x79, 0xf2, 0xf9, 0xef, 0xc3, 0x9b, 0x2b, 0x56, 0xac, 0x45, 0x8a, 0x9, 0x12, 0x24, 0x48, 0x90, 0x3d, 0x7a, 0xf4, 0xf5, 0xf7, 0xf3, 0xfb, 0xeb, 0xcb, 0x8b, 0xb, 0x16, 0x2c, 0x58, 0xb0, 0x7d, 0xfa, 0xe9, 0xcf, 0x83, 0x1b, 0x36, 0x6c, 0xd8, 0xad, 0x47, 0x8e, 0x1, 0x2, 0x4, 0x8, 0x10, 0x20, 0x40, 0x80, 0x1d, 0x3a, 0x74, 0xe8, 0xcd, 0x87, 0x13, 0x26, 0x4c, 0x98, 0x2d, 0x5a, 0xb4, 0x75, 0xea, 0xc9, 0x8f, 0x3, 0x6, 0xc, 0x18, 0x30, 0x60, 0xc0, 0x9d, 0x27, 0x4e, 0x9c, 0x25, 0x4a, 0x94, 0x35, 0x6a, 0xd4, 0xb5, 0x77, 0xee, 0xc1, 0x9f, 0x23, 0x46, 0x8c, 0x5, 0xa, 0x14, 0x28, 0x50, 0xa0, 0x5d, 0xba, 0x69, 0xd2, 0xb9, 0x6f, 0xde, 0xa1, 0x5f, 0xbe, 0x61, 0xc2, 0x99, 0x2f, 0x5e, 0xbc, 0x65, 0xca, 0x89, 0xf, 0x1e, 0x3c, 0x78, 0xf0, 0xfd, 0xe7, 0xd3, 0xbb, 0x6b, 0xd6, 0xb1, 0x7f, 0xfe, 0xe1, 0xdf, 0xa3, 0x5b, 0xb6, 0x71, 0xe2, 0xd9, 0xaf, 0x43, 0x86, 0x11, 0x22, 0x44, 0x88, 0xd, 0x1a, 0x34, 0x68, 0xd0, 0xbd, 0x67, 0xce, 0x81, 0x1f, 0x3e, 0x7c, 0xf8, 0xed, 0xc7, 0x93, 0x3b, 0x76, 0xec, 0xc5, 0x97, 0x33, 0x66, 0xcc, 0x85, 0x17, 0x2e, 0x5c, 0xb8, 0x6d, 0xda, 0xa9, 0x4f, 0x9e, 0x21, 0x42, 0x84, 0x15, 0x2a, 0x54, 0xa8, 0x4d, 0x9a, 0x29, 0x52, 0xa4, 0x55, 0xaa, 0x49, 0x92, 0x39, 0x72, 0xe4, 0xd5, 0xb7, 0x73, 0xe6, 0xd1, 0xbf, 0x63, 0xc6, 0x91, 0x3f, 0x7e, 0xfc, 0xe5, 0xd7, 0xb3, 0x7b, 0xf6, 0xf1, 0xff, 0xe3, 0xdb, 0xab, 0x4b, 0x96, 0x31, 0x62, 0xc4, 0x95, 0x37, 0x6e, 0xdc, 0xa5, 0x57, 0xae, 0x41, 0x82, 0x19, 0x32, 0x64, 0xc8, 0x8d, 0x7, 0xe, 0x1c, 0x38, 0x70, 0xe0, 0xdd, 0xa7, 0x53, 0xa6, 0x51, 0xa2, 0x59, 0xb2, 0x79, 0xf2, 0xf9, 0xef, 0xc3, 0x9b, 0x2b, 0x56, 0xac, 0x45, 0x8a, 0x9, 0x12, 0x24, 0x48, 0x90, 0x3d, 0x7a, 0xf4, 0xf5, 0xf7, 0xf3, 0xfb, 0xeb, 0xcb, 0x8b, 0xb, 0x16, 0x2c, 0x58, 0xb0, 0x7d, 0xfa, 0xe9, 0xcf, 0x83, 0x1b, 0x36, 0x6c, 0xd8, 0xad, 0x47, 0x8e}
+
+func galAdd(a, b byte) byte {
+ return a ^ b
+}
+
+func galSub(a, b byte) byte {
+ return a ^ b
+}
+
+// Table from https://github.com/templexxx/reedsolomon
+var invTable = [256]byte{0x0, 0x1, 0x8e, 0xf4, 0x47, 0xa7, 0x7a, 0xba, 0xad, 0x9d, 0xdd, 0x98, 0x3d, 0xaa, 0x5d, 0x96, 0xd8, 0x72, 0xc0, 0x58, 0xe0, 0x3e, 0x4c, 0x66, 0x90, 0xde, 0x55, 0x80, 0xa0, 0x83, 0x4b, 0x2a, 0x6c, 0xed, 0x39, 0x51, 0x60, 0x56, 0x2c, 0x8a, 0x70, 0xd0, 0x1f, 0x4a, 0x26, 0x8b, 0x33, 0x6e, 0x48, 0x89, 0x6f, 0x2e, 0xa4, 0xc3, 0x40, 0x5e, 0x50, 0x22, 0xcf, 0xa9, 0xab, 0xc, 0x15, 0xe1, 0x36, 0x5f, 0xf8, 0xd5, 0x92, 0x4e, 0xa6, 0x4, 0x30, 0x88, 0x2b, 0x1e, 0x16, 0x67, 0x45, 0x93, 0x38, 0x23, 0x68, 0x8c, 0x81, 0x1a, 0x25, 0x61, 0x13, 0xc1, 0xcb, 0x63, 0x97, 0xe, 0x37, 0x41, 0x24, 0x57, 0xca, 0x5b, 0xb9, 0xc4, 0x17, 0x4d, 0x52, 0x8d, 0xef, 0xb3, 0x20, 0xec, 0x2f, 0x32, 0x28, 0xd1, 0x11, 0xd9, 0xe9, 0xfb, 0xda, 0x79, 0xdb, 0x77, 0x6, 0xbb, 0x84, 0xcd, 0xfe, 0xfc, 0x1b, 0x54, 0xa1, 0x1d, 0x7c, 0xcc, 0xe4, 0xb0, 0x49, 0x31, 0x27, 0x2d, 0x53, 0x69, 0x2, 0xf5, 0x18, 0xdf, 0x44, 0x4f, 0x9b, 0xbc, 0xf, 0x5c, 0xb, 0xdc, 0xbd, 0x94, 0xac, 0x9, 0xc7, 0xa2, 0x1c, 0x82, 0x9f, 0xc6, 0x34, 0xc2, 0x46, 0x5, 0xce, 0x3b, 0xd, 0x3c, 0x9c, 0x8, 0xbe, 0xb7, 0x87, 0xe5, 0xee, 0x6b, 0xeb, 0xf2, 0xbf, 0xaf, 0xc5, 0x64, 0x7, 0x7b, 0x95, 0x9a, 0xae, 0xb6, 0x12, 0x59, 0xa5, 0x35, 0x65, 0xb8, 0xa3, 0x9e, 0xd2, 0xf7, 0x62, 0x5a, 0x85, 0x7d, 0xa8, 0x3a, 0x29, 0x71, 0xc8, 0xf6, 0xf9, 0x43, 0xd7, 0xd6, 0x10, 0x73, 0x76, 0x78, 0x99, 0xa, 0x19, 0x91, 0x14, 0x3f, 0xe6, 0xf0, 0x86, 0xb1, 0xe2, 0xf1, 0xfa, 0x74, 0xf3, 0xb4, 0x6d, 0x21, 0xb2, 0x6a, 0xe3, 0xe7, 0xb5, 0xea, 0x3, 0x8f, 0xd3, 0xc9, 0x42, 0xd4, 0xe8, 0x75, 0x7f, 0xff, 0x7e, 0xfd}
+
+var mulTable = [256][256]uint8{[256]uint8{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
+ {0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff},
+ {0x0, 0x2, 0x4, 0x6, 0x8, 0xa, 0xc, 0xe, 0x10, 0x12, 0x14, 0x16, 0x18, 0x1a, 0x1c, 0x1e, 0x20, 0x22, 0x24, 0x26, 0x28, 0x2a, 0x2c, 0x2e, 0x30, 0x32, 0x34, 0x36, 0x38, 0x3a, 0x3c, 0x3e, 0x40, 0x42, 0x44, 0x46, 0x48, 0x4a, 0x4c, 0x4e, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5a, 0x5c, 0x5e, 0x60, 0x62, 0x64, 0x66, 0x68, 0x6a, 0x6c, 0x6e, 0x70, 0x72, 0x74, 0x76, 0x78, 0x7a, 0x7c, 0x7e, 0x80, 0x82, 0x84, 0x86, 0x88, 0x8a, 0x8c, 0x8e, 0x90, 0x92, 0x94, 0x96, 0x98, 0x9a, 0x9c, 0x9e, 0xa0, 0xa2, 0xa4, 0xa6, 0xa8, 0xaa, 0xac, 0xae, 0xb0, 0xb2, 0xb4, 0xb6, 0xb8, 0xba, 0xbc, 0xbe, 0xc0, 0xc2, 0xc4, 0xc6, 0xc8, 0xca, 0xcc, 0xce, 0xd0, 0xd2, 0xd4, 0xd6, 0xd8, 0xda, 0xdc, 0xde, 0xe0, 0xe2, 0xe4, 0xe6, 0xe8, 0xea, 0xec, 0xee, 0xf0, 0xf2, 0xf4, 0xf6, 0xf8, 0xfa, 0xfc, 0xfe, 0x1d, 0x1f, 0x19, 0x1b, 0x15, 0x17, 0x11, 0x13, 0xd, 0xf, 0x9, 0xb, 0x5, 0x7, 0x1, 0x3, 0x3d, 0x3f, 0x39, 0x3b, 0x35, 0x37, 0x31, 0x33, 0x2d, 0x2f, 0x29, 0x2b, 0x25, 0x27, 0x21, 0x23, 0x5d, 0x5f, 0x59, 0x5b, 0x55, 0x57, 0x51, 0x53, 0x4d, 0x4f, 0x49, 0x4b, 0x45, 0x47, 0x41, 0x43, 0x7d, 0x7f, 0x79, 0x7b, 0x75, 0x77, 0x71, 0x73, 0x6d, 0x6f, 0x69, 0x6b, 0x65, 0x67, 0x61, 0x63, 0x9d, 0x9f, 0x99, 0x9b, 0x95, 0x97, 0x91, 0x93, 0x8d, 0x8f, 0x89, 0x8b, 0x85, 0x87, 0x81, 0x83, 0xbd, 0xbf, 0xb9, 0xbb, 0xb5, 0xb7, 0xb1, 0xb3, 0xad, 0xaf, 0xa9, 0xab, 0xa5, 0xa7, 0xa1, 0xa3, 0xdd, 0xdf, 0xd9, 0xdb, 0xd5, 0xd7, 0xd1, 0xd3, 0xcd, 0xcf, 0xc9, 0xcb, 0xc5, 0xc7, 0xc1, 0xc3, 0xfd, 0xff, 0xf9, 0xfb, 0xf5, 0xf7, 0xf1, 0xf3, 0xed, 0xef, 0xe9, 0xeb, 0xe5, 0xe7, 0xe1, 0xe3},
+ {0x0, 0x3, 0x6, 0x5, 0xc, 0xf, 0xa, 0x9, 0x18, 0x1b, 0x1e, 0x1d, 0x14, 0x17, 0x12, 0x11, 0x30, 0x33, 0x36, 0x35, 0x3c, 0x3f, 0x3a, 0x39, 0x28, 0x2b, 0x2e, 0x2d, 0x24, 0x27, 0x22, 0x21, 0x60, 0x63, 0x66, 0x65, 0x6c, 0x6f, 0x6a, 0x69, 0x78, 0x7b, 0x7e, 0x7d, 0x74, 0x77, 0x72, 0x71, 0x50, 0x53, 0x56, 0x55, 0x5c, 0x5f, 0x5a, 0x59, 0x48, 0x4b, 0x4e, 0x4d, 0x44, 0x47, 0x42, 0x41, 0xc0, 0xc3, 0xc6, 0xc5, 0xcc, 0xcf, 0xca, 0xc9, 0xd8, 0xdb, 0xde, 0xdd, 0xd4, 0xd7, 0xd2, 0xd1, 0xf0, 0xf3, 0xf6, 0xf5, 0xfc, 0xff, 0xfa, 0xf9, 0xe8, 0xeb, 0xee, 0xed, 0xe4, 0xe7, 0xe2, 0xe1, 0xa0, 0xa3, 0xa6, 0xa5, 0xac, 0xaf, 0xaa, 0xa9, 0xb8, 0xbb, 0xbe, 0xbd, 0xb4, 0xb7, 0xb2, 0xb1, 0x90, 0x93, 0x96, 0x95, 0x9c, 0x9f, 0x9a, 0x99, 0x88, 0x8b, 0x8e, 0x8d, 0x84, 0x87, 0x82, 0x81, 0x9d, 0x9e, 0x9b, 0x98, 0x91, 0x92, 0x97, 0x94, 0x85, 0x86, 0x83, 0x80, 0x89, 0x8a, 0x8f, 0x8c, 0xad, 0xae, 0xab, 0xa8, 0xa1, 0xa2, 0xa7, 0xa4, 0xb5, 0xb6, 0xb3, 0xb0, 0xb9, 0xba, 0xbf, 0xbc, 0xfd, 0xfe, 0xfb, 0xf8, 0xf1, 0xf2, 0xf7, 0xf4, 0xe5, 0xe6, 0xe3, 0xe0, 0xe9, 0xea, 0xef, 0xec, 0xcd, 0xce, 0xcb, 0xc8, 0xc1, 0xc2, 0xc7, 0xc4, 0xd5, 0xd6, 0xd3, 0xd0, 0xd9, 0xda, 0xdf, 0xdc, 0x5d, 0x5e, 0x5b, 0x58, 0x51, 0x52, 0x57, 0x54, 0x45, 0x46, 0x43, 0x40, 0x49, 0x4a, 0x4f, 0x4c, 0x6d, 0x6e, 0x6b, 0x68, 0x61, 0x62, 0x67, 0x64, 0x75, 0x76, 0x73, 0x70, 0x79, 0x7a, 0x7f, 0x7c, 0x3d, 0x3e, 0x3b, 0x38, 0x31, 0x32, 0x37, 0x34, 0x25, 0x26, 0x23, 0x20, 0x29, 0x2a, 0x2f, 0x2c, 0xd, 0xe, 0xb, 0x8, 0x1, 0x2, 0x7, 0x4, 0x15, 0x16, 0x13, 0x10, 0x19, 0x1a, 0x1f, 0x1c},
+ {0x0, 0x4, 0x8, 0xc, 0x10, 0x14, 0x18, 0x1c, 0x20, 0x24, 0x28, 0x2c, 0x30, 0x34, 0x38, 0x3c, 0x40, 0x44, 0x48, 0x4c, 0x50, 0x54, 0x58, 0x5c, 0x60, 0x64, 0x68, 0x6c, 0x70, 0x74, 0x78, 0x7c, 0x80, 0x84, 0x88, 0x8c, 0x90, 0x94, 0x98, 0x9c, 0xa0, 0xa4, 0xa8, 0xac, 0xb0, 0xb4, 0xb8, 0xbc, 0xc0, 0xc4, 0xc8, 0xcc, 0xd0, 0xd4, 0xd8, 0xdc, 0xe0, 0xe4, 0xe8, 0xec, 0xf0, 0xf4, 0xf8, 0xfc, 0x1d, 0x19, 0x15, 0x11, 0xd, 0x9, 0x5, 0x1, 0x3d, 0x39, 0x35, 0x31, 0x2d, 0x29, 0x25, 0x21, 0x5d, 0x59, 0x55, 0x51, 0x4d, 0x49, 0x45, 0x41, 0x7d, 0x79, 0x75, 0x71, 0x6d, 0x69, 0x65, 0x61, 0x9d, 0x99, 0x95, 0x91, 0x8d, 0x89, 0x85, 0x81, 0xbd, 0xb9, 0xb5, 0xb1, 0xad, 0xa9, 0xa5, 0xa1, 0xdd, 0xd9, 0xd5, 0xd1, 0xcd, 0xc9, 0xc5, 0xc1, 0xfd, 0xf9, 0xf5, 0xf1, 0xed, 0xe9, 0xe5, 0xe1, 0x3a, 0x3e, 0x32, 0x36, 0x2a, 0x2e, 0x22, 0x26, 0x1a, 0x1e, 0x12, 0x16, 0xa, 0xe, 0x2, 0x6, 0x7a, 0x7e, 0x72, 0x76, 0x6a, 0x6e, 0x62, 0x66, 0x5a, 0x5e, 0x52, 0x56, 0x4a, 0x4e, 0x42, 0x46, 0xba, 0xbe, 0xb2, 0xb6, 0xaa, 0xae, 0xa2, 0xa6, 0x9a, 0x9e, 0x92, 0x96, 0x8a, 0x8e, 0x82, 0x86, 0xfa, 0xfe, 0xf2, 0xf6, 0xea, 0xee, 0xe2, 0xe6, 0xda, 0xde, 0xd2, 0xd6, 0xca, 0xce, 0xc2, 0xc6, 0x27, 0x23, 0x2f, 0x2b, 0x37, 0x33, 0x3f, 0x3b, 0x7, 0x3, 0xf, 0xb, 0x17, 0x13, 0x1f, 0x1b, 0x67, 0x63, 0x6f, 0x6b, 0x77, 0x73, 0x7f, 0x7b, 0x47, 0x43, 0x4f, 0x4b, 0x57, 0x53, 0x5f, 0x5b, 0xa7, 0xa3, 0xaf, 0xab, 0xb7, 0xb3, 0xbf, 0xbb, 0x87, 0x83, 0x8f, 0x8b, 0x97, 0x93, 0x9f, 0x9b, 0xe7, 0xe3, 0xef, 0xeb, 0xf7, 0xf3, 0xff, 0xfb, 0xc7, 0xc3, 0xcf, 0xcb, 0xd7, 0xd3, 0xdf, 0xdb},
+ {0x0, 0x5, 0xa, 0xf, 0x14, 0x11, 0x1e, 0x1b, 0x28, 0x2d, 0x22, 0x27, 0x3c, 0x39, 0x36, 0x33, 0x50, 0x55, 0x5a, 0x5f, 0x44, 0x41, 0x4e, 0x4b, 0x78, 0x7d, 0x72, 0x77, 0x6c, 0x69, 0x66, 0x63, 0xa0, 0xa5, 0xaa, 0xaf, 0xb4, 0xb1, 0xbe, 0xbb, 0x88, 0x8d, 0x82, 0x87, 0x9c, 0x99, 0x96, 0x93, 0xf0, 0xf5, 0xfa, 0xff, 0xe4, 0xe1, 0xee, 0xeb, 0xd8, 0xdd, 0xd2, 0xd7, 0xcc, 0xc9, 0xc6, 0xc3, 0x5d, 0x58, 0x57, 0x52, 0x49, 0x4c, 0x43, 0x46, 0x75, 0x70, 0x7f, 0x7a, 0x61, 0x64, 0x6b, 0x6e, 0xd, 0x8, 0x7, 0x2, 0x19, 0x1c, 0x13, 0x16, 0x25, 0x20, 0x2f, 0x2a, 0x31, 0x34, 0x3b, 0x3e, 0xfd, 0xf8, 0xf7, 0xf2, 0xe9, 0xec, 0xe3, 0xe6, 0xd5, 0xd0, 0xdf, 0xda, 0xc1, 0xc4, 0xcb, 0xce, 0xad, 0xa8, 0xa7, 0xa2, 0xb9, 0xbc, 0xb3, 0xb6, 0x85, 0x80, 0x8f, 0x8a, 0x91, 0x94, 0x9b, 0x9e, 0xba, 0xbf, 0xb0, 0xb5, 0xae, 0xab, 0xa4, 0xa1, 0x92, 0x97, 0x98, 0x9d, 0x86, 0x83, 0x8c, 0x89, 0xea, 0xef, 0xe0, 0xe5, 0xfe, 0xfb, 0xf4, 0xf1, 0xc2, 0xc7, 0xc8, 0xcd, 0xd6, 0xd3, 0xdc, 0xd9, 0x1a, 0x1f, 0x10, 0x15, 0xe, 0xb, 0x4, 0x1, 0x32, 0x37, 0x38, 0x3d, 0x26, 0x23, 0x2c, 0x29, 0x4a, 0x4f, 0x40, 0x45, 0x5e, 0x5b, 0x54, 0x51, 0x62, 0x67, 0x68, 0x6d, 0x76, 0x73, 0x7c, 0x79, 0xe7, 0xe2, 0xed, 0xe8, 0xf3, 0xf6, 0xf9, 0xfc, 0xcf, 0xca, 0xc5, 0xc0, 0xdb, 0xde, 0xd1, 0xd4, 0xb7, 0xb2, 0xbd, 0xb8, 0xa3, 0xa6, 0xa9, 0xac, 0x9f, 0x9a, 0x95, 0x90, 0x8b, 0x8e, 0x81, 0x84, 0x47, 0x42, 0x4d, 0x48, 0x53, 0x56, 0x59, 0x5c, 0x6f, 0x6a, 0x65, 0x60, 0x7b, 0x7e, 0x71, 0x74, 0x17, 0x12, 0x1d, 0x18, 0x3, 0x6, 0x9, 0xc, 0x3f, 0x3a, 0x35, 0x30, 0x2b, 0x2e, 0x21, 0x24},
+ {0x0, 0x6, 0xc, 0xa, 0x18, 0x1e, 0x14, 0x12, 0x30, 0x36, 0x3c, 0x3a, 0x28, 0x2e, 0x24, 0x22, 0x60, 0x66, 0x6c, 0x6a, 0x78, 0x7e, 0x74, 0x72, 0x50, 0x56, 0x5c, 0x5a, 0x48, 0x4e, 0x44, 0x42, 0xc0, 0xc6, 0xcc, 0xca, 0xd8, 0xde, 0xd4, 0xd2, 0xf0, 0xf6, 0xfc, 0xfa, 0xe8, 0xee, 0xe4, 0xe2, 0xa0, 0xa6, 0xac, 0xaa, 0xb8, 0xbe, 0xb4, 0xb2, 0x90, 0x96, 0x9c, 0x9a, 0x88, 0x8e, 0x84, 0x82, 0x9d, 0x9b, 0x91, 0x97, 0x85, 0x83, 0x89, 0x8f, 0xad, 0xab, 0xa1, 0xa7, 0xb5, 0xb3, 0xb9, 0xbf, 0xfd, 0xfb, 0xf1, 0xf7, 0xe5, 0xe3, 0xe9, 0xef, 0xcd, 0xcb, 0xc1, 0xc7, 0xd5, 0xd3, 0xd9, 0xdf, 0x5d, 0x5b, 0x51, 0x57, 0x45, 0x43, 0x49, 0x4f, 0x6d, 0x6b, 0x61, 0x67, 0x75, 0x73, 0x79, 0x7f, 0x3d, 0x3b, 0x31, 0x37, 0x25, 0x23, 0x29, 0x2f, 0xd, 0xb, 0x1, 0x7, 0x15, 0x13, 0x19, 0x1f, 0x27, 0x21, 0x2b, 0x2d, 0x3f, 0x39, 0x33, 0x35, 0x17, 0x11, 0x1b, 0x1d, 0xf, 0x9, 0x3, 0x5, 0x47, 0x41, 0x4b, 0x4d, 0x5f, 0x59, 0x53, 0x55, 0x77, 0x71, 0x7b, 0x7d, 0x6f, 0x69, 0x63, 0x65, 0xe7, 0xe1, 0xeb, 0xed, 0xff, 0xf9, 0xf3, 0xf5, 0xd7, 0xd1, 0xdb, 0xdd, 0xcf, 0xc9, 0xc3, 0xc5, 0x87, 0x81, 0x8b, 0x8d, 0x9f, 0x99, 0x93, 0x95, 0xb7, 0xb1, 0xbb, 0xbd, 0xaf, 0xa9, 0xa3, 0xa5, 0xba, 0xbc, 0xb6, 0xb0, 0xa2, 0xa4, 0xae, 0xa8, 0x8a, 0x8c, 0x86, 0x80, 0x92, 0x94, 0x9e, 0x98, 0xda, 0xdc, 0xd6, 0xd0, 0xc2, 0xc4, 0xce, 0xc8, 0xea, 0xec, 0xe6, 0xe0, 0xf2, 0xf4, 0xfe, 0xf8, 0x7a, 0x7c, 0x76, 0x70, 0x62, 0x64, 0x6e, 0x68, 0x4a, 0x4c, 0x46, 0x40, 0x52, 0x54, 0x5e, 0x58, 0x1a, 0x1c, 0x16, 0x10, 0x2, 0x4, 0xe, 0x8, 0x2a, 0x2c, 0x26, 0x20, 0x32, 0x34, 0x3e, 0x38},
+ {0x0, 0x7, 0xe, 0x9, 0x1c, 0x1b, 0x12, 0x15, 0x38, 0x3f, 0x36, 0x31, 0x24, 0x23, 0x2a, 0x2d, 0x70, 0x77, 0x7e, 0x79, 0x6c, 0x6b, 0x62, 0x65, 0x48, 0x4f, 0x46, 0x41, 0x54, 0x53, 0x5a, 0x5d, 0xe0, 0xe7, 0xee, 0xe9, 0xfc, 0xfb, 0xf2, 0xf5, 0xd8, 0xdf, 0xd6, 0xd1, 0xc4, 0xc3, 0xca, 0xcd, 0x90, 0x97, 0x9e, 0x99, 0x8c, 0x8b, 0x82, 0x85, 0xa8, 0xaf, 0xa6, 0xa1, 0xb4, 0xb3, 0xba, 0xbd, 0xdd, 0xda, 0xd3, 0xd4, 0xc1, 0xc6, 0xcf, 0xc8, 0xe5, 0xe2, 0xeb, 0xec, 0xf9, 0xfe, 0xf7, 0xf0, 0xad, 0xaa, 0xa3, 0xa4, 0xb1, 0xb6, 0xbf, 0xb8, 0x95, 0x92, 0x9b, 0x9c, 0x89, 0x8e, 0x87, 0x80, 0x3d, 0x3a, 0x33, 0x34, 0x21, 0x26, 0x2f, 0x28, 0x5, 0x2, 0xb, 0xc, 0x19, 0x1e, 0x17, 0x10, 0x4d, 0x4a, 0x43, 0x44, 0x51, 0x56, 0x5f, 0x58, 0x75, 0x72, 0x7b, 0x7c, 0x69, 0x6e, 0x67, 0x60, 0xa7, 0xa0, 0xa9, 0xae, 0xbb, 0xbc, 0xb5, 0xb2, 0x9f, 0x98, 0x91, 0x96, 0x83, 0x84, 0x8d, 0x8a, 0xd7, 0xd0, 0xd9, 0xde, 0xcb, 0xcc, 0xc5, 0xc2, 0xef, 0xe8, 0xe1, 0xe6, 0xf3, 0xf4, 0xfd, 0xfa, 0x47, 0x40, 0x49, 0x4e, 0x5b, 0x5c, 0x55, 0x52, 0x7f, 0x78, 0x71, 0x76, 0x63, 0x64, 0x6d, 0x6a, 0x37, 0x30, 0x39, 0x3e, 0x2b, 0x2c, 0x25, 0x22, 0xf, 0x8, 0x1, 0x6, 0x13, 0x14, 0x1d, 0x1a, 0x7a, 0x7d, 0x74, 0x73, 0x66, 0x61, 0x68, 0x6f, 0x42, 0x45, 0x4c, 0x4b, 0x5e, 0x59, 0x50, 0x57, 0xa, 0xd, 0x4, 0x3, 0x16, 0x11, 0x18, 0x1f, 0x32, 0x35, 0x3c, 0x3b, 0x2e, 0x29, 0x20, 0x27, 0x9a, 0x9d, 0x94, 0x93, 0x86, 0x81, 0x88, 0x8f, 0xa2, 0xa5, 0xac, 0xab, 0xbe, 0xb9, 0xb0, 0xb7, 0xea, 0xed, 0xe4, 0xe3, 0xf6, 0xf1, 0xf8, 0xff, 0xd2, 0xd5, 0xdc, 0xdb, 0xce, 0xc9, 0xc0, 0xc7},
+ {0x0, 0x8, 0x10, 0x18, 0x20, 0x28, 0x30, 0x38, 0x40, 0x48, 0x50, 0x58, 0x60, 0x68, 0x70, 0x78, 0x80, 0x88, 0x90, 0x98, 0xa0, 0xa8, 0xb0, 0xb8, 0xc0, 0xc8, 0xd0, 0xd8, 0xe0, 0xe8, 0xf0, 0xf8, 0x1d, 0x15, 0xd, 0x5, 0x3d, 0x35, 0x2d, 0x25, 0x5d, 0x55, 0x4d, 0x45, 0x7d, 0x75, 0x6d, 0x65, 0x9d, 0x95, 0x8d, 0x85, 0xbd, 0xb5, 0xad, 0xa5, 0xdd, 0xd5, 0xcd, 0xc5, 0xfd, 0xf5, 0xed, 0xe5, 0x3a, 0x32, 0x2a, 0x22, 0x1a, 0x12, 0xa, 0x2, 0x7a, 0x72, 0x6a, 0x62, 0x5a, 0x52, 0x4a, 0x42, 0xba, 0xb2, 0xaa, 0xa2, 0x9a, 0x92, 0x8a, 0x82, 0xfa, 0xf2, 0xea, 0xe2, 0xda, 0xd2, 0xca, 0xc2, 0x27, 0x2f, 0x37, 0x3f, 0x7, 0xf, 0x17, 0x1f, 0x67, 0x6f, 0x77, 0x7f, 0x47, 0x4f, 0x57, 0x5f, 0xa7, 0xaf, 0xb7, 0xbf, 0x87, 0x8f, 0x97, 0x9f, 0xe7, 0xef, 0xf7, 0xff, 0xc7, 0xcf, 0xd7, 0xdf, 0x74, 0x7c, 0x64, 0x6c, 0x54, 0x5c, 0x44, 0x4c, 0x34, 0x3c, 0x24, 0x2c, 0x14, 0x1c, 0x4, 0xc, 0xf4, 0xfc, 0xe4, 0xec, 0xd4, 0xdc, 0xc4, 0xcc, 0xb4, 0xbc, 0xa4, 0xac, 0x94, 0x9c, 0x84, 0x8c, 0x69, 0x61, 0x79, 0x71, 0x49, 0x41, 0x59, 0x51, 0x29, 0x21, 0x39, 0x31, 0x9, 0x1, 0x19, 0x11, 0xe9, 0xe1, 0xf9, 0xf1, 0xc9, 0xc1, 0xd9, 0xd1, 0xa9, 0xa1, 0xb9, 0xb1, 0x89, 0x81, 0x99, 0x91, 0x4e, 0x46, 0x5e, 0x56, 0x6e, 0x66, 0x7e, 0x76, 0xe, 0x6, 0x1e, 0x16, 0x2e, 0x26, 0x3e, 0x36, 0xce, 0xc6, 0xde, 0xd6, 0xee, 0xe6, 0xfe, 0xf6, 0x8e, 0x86, 0x9e, 0x96, 0xae, 0xa6, 0xbe, 0xb6, 0x53, 0x5b, 0x43, 0x4b, 0x73, 0x7b, 0x63, 0x6b, 0x13, 0x1b, 0x3, 0xb, 0x33, 0x3b, 0x23, 0x2b, 0xd3, 0xdb, 0xc3, 0xcb, 0xf3, 0xfb, 0xe3, 0xeb, 0x93, 0x9b, 0x83, 0x8b, 0xb3, 0xbb, 0xa3, 0xab},
+ {0x0, 0x9, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53, 0x6c, 0x65, 0x7e, 0x77, 0x90, 0x99, 0x82, 0x8b, 0xb4, 0xbd, 0xa6, 0xaf, 0xd8, 0xd1, 0xca, 0xc3, 0xfc, 0xf5, 0xee, 0xe7, 0x3d, 0x34, 0x2f, 0x26, 0x19, 0x10, 0xb, 0x2, 0x75, 0x7c, 0x67, 0x6e, 0x51, 0x58, 0x43, 0x4a, 0xad, 0xa4, 0xbf, 0xb6, 0x89, 0x80, 0x9b, 0x92, 0xe5, 0xec, 0xf7, 0xfe, 0xc1, 0xc8, 0xd3, 0xda, 0x7a, 0x73, 0x68, 0x61, 0x5e, 0x57, 0x4c, 0x45, 0x32, 0x3b, 0x20, 0x29, 0x16, 0x1f, 0x4, 0xd, 0xea, 0xe3, 0xf8, 0xf1, 0xce, 0xc7, 0xdc, 0xd5, 0xa2, 0xab, 0xb0, 0xb9, 0x86, 0x8f, 0x94, 0x9d, 0x47, 0x4e, 0x55, 0x5c, 0x63, 0x6a, 0x71, 0x78, 0xf, 0x6, 0x1d, 0x14, 0x2b, 0x22, 0x39, 0x30, 0xd7, 0xde, 0xc5, 0xcc, 0xf3, 0xfa, 0xe1, 0xe8, 0x9f, 0x96, 0x8d, 0x84, 0xbb, 0xb2, 0xa9, 0xa0, 0xf4, 0xfd, 0xe6, 0xef, 0xd0, 0xd9, 0xc2, 0xcb, 0xbc, 0xb5, 0xae, 0xa7, 0x98, 0x91, 0x8a, 0x83, 0x64, 0x6d, 0x76, 0x7f, 0x40, 0x49, 0x52, 0x5b, 0x2c, 0x25, 0x3e, 0x37, 0x8, 0x1, 0x1a, 0x13, 0xc9, 0xc0, 0xdb, 0xd2, 0xed, 0xe4, 0xff, 0xf6, 0x81, 0x88, 0x93, 0x9a, 0xa5, 0xac, 0xb7, 0xbe, 0x59, 0x50, 0x4b, 0x42, 0x7d, 0x74, 0x6f, 0x66, 0x11, 0x18, 0x3, 0xa, 0x35, 0x3c, 0x27, 0x2e, 0x8e, 0x87, 0x9c, 0x95, 0xaa, 0xa3, 0xb8, 0xb1, 0xc6, 0xcf, 0xd4, 0xdd, 0xe2, 0xeb, 0xf0, 0xf9, 0x1e, 0x17, 0xc, 0x5, 0x3a, 0x33, 0x28, 0x21, 0x56, 0x5f, 0x44, 0x4d, 0x72, 0x7b, 0x60, 0x69, 0xb3, 0xba, 0xa1, 0xa8, 0x97, 0x9e, 0x85, 0x8c, 0xfb, 0xf2, 0xe9, 0xe0, 0xdf, 0xd6, 0xcd, 0xc4, 0x23, 0x2a, 0x31, 0x38, 0x7, 0xe, 0x15, 0x1c, 0x6b, 0x62, 0x79, 0x70, 0x4f, 0x46, 0x5d, 0x54},
+ {0x0, 0xa, 0x14, 0x1e, 0x28, 0x22, 0x3c, 0x36, 0x50, 0x5a, 0x44, 0x4e, 0x78, 0x72, 0x6c, 0x66, 0xa0, 0xaa, 0xb4, 0xbe, 0x88, 0x82, 0x9c, 0x96, 0xf0, 0xfa, 0xe4, 0xee, 0xd8, 0xd2, 0xcc, 0xc6, 0x5d, 0x57, 0x49, 0x43, 0x75, 0x7f, 0x61, 0x6b, 0xd, 0x7, 0x19, 0x13, 0x25, 0x2f, 0x31, 0x3b, 0xfd, 0xf7, 0xe9, 0xe3, 0xd5, 0xdf, 0xc1, 0xcb, 0xad, 0xa7, 0xb9, 0xb3, 0x85, 0x8f, 0x91, 0x9b, 0xba, 0xb0, 0xae, 0xa4, 0x92, 0x98, 0x86, 0x8c, 0xea, 0xe0, 0xfe, 0xf4, 0xc2, 0xc8, 0xd6, 0xdc, 0x1a, 0x10, 0xe, 0x4, 0x32, 0x38, 0x26, 0x2c, 0x4a, 0x40, 0x5e, 0x54, 0x62, 0x68, 0x76, 0x7c, 0xe7, 0xed, 0xf3, 0xf9, 0xcf, 0xc5, 0xdb, 0xd1, 0xb7, 0xbd, 0xa3, 0xa9, 0x9f, 0x95, 0x8b, 0x81, 0x47, 0x4d, 0x53, 0x59, 0x6f, 0x65, 0x7b, 0x71, 0x17, 0x1d, 0x3, 0x9, 0x3f, 0x35, 0x2b, 0x21, 0x69, 0x63, 0x7d, 0x77, 0x41, 0x4b, 0x55, 0x5f, 0x39, 0x33, 0x2d, 0x27, 0x11, 0x1b, 0x5, 0xf, 0xc9, 0xc3, 0xdd, 0xd7, 0xe1, 0xeb, 0xf5, 0xff, 0x99, 0x93, 0x8d, 0x87, 0xb1, 0xbb, 0xa5, 0xaf, 0x34, 0x3e, 0x20, 0x2a, 0x1c, 0x16, 0x8, 0x2, 0x64, 0x6e, 0x70, 0x7a, 0x4c, 0x46, 0x58, 0x52, 0x94, 0x9e, 0x80, 0x8a, 0xbc, 0xb6, 0xa8, 0xa2, 0xc4, 0xce, 0xd0, 0xda, 0xec, 0xe6, 0xf8, 0xf2, 0xd3, 0xd9, 0xc7, 0xcd, 0xfb, 0xf1, 0xef, 0xe5, 0x83, 0x89, 0x97, 0x9d, 0xab, 0xa1, 0xbf, 0xb5, 0x73, 0x79, 0x67, 0x6d, 0x5b, 0x51, 0x4f, 0x45, 0x23, 0x29, 0x37, 0x3d, 0xb, 0x1, 0x1f, 0x15, 0x8e, 0x84, 0x9a, 0x90, 0xa6, 0xac, 0xb2, 0xb8, 0xde, 0xd4, 0xca, 0xc0, 0xf6, 0xfc, 0xe2, 0xe8, 0x2e, 0x24, 0x3a, 0x30, 0x6, 0xc, 0x12, 0x18, 0x7e, 0x74, 0x6a, 0x60, 0x56, 0x5c, 0x42, 0x48},
+ {0x0, 0xb, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45, 0x74, 0x7f, 0x62, 0x69, 0xb0, 0xbb, 0xa6, 0xad, 0x9c, 0x97, 0x8a, 0x81, 0xe8, 0xe3, 0xfe, 0xf5, 0xc4, 0xcf, 0xd2, 0xd9, 0x7d, 0x76, 0x6b, 0x60, 0x51, 0x5a, 0x47, 0x4c, 0x25, 0x2e, 0x33, 0x38, 0x9, 0x2, 0x1f, 0x14, 0xcd, 0xc6, 0xdb, 0xd0, 0xe1, 0xea, 0xf7, 0xfc, 0x95, 0x9e, 0x83, 0x88, 0xb9, 0xb2, 0xaf, 0xa4, 0xfa, 0xf1, 0xec, 0xe7, 0xd6, 0xdd, 0xc0, 0xcb, 0xa2, 0xa9, 0xb4, 0xbf, 0x8e, 0x85, 0x98, 0x93, 0x4a, 0x41, 0x5c, 0x57, 0x66, 0x6d, 0x70, 0x7b, 0x12, 0x19, 0x4, 0xf, 0x3e, 0x35, 0x28, 0x23, 0x87, 0x8c, 0x91, 0x9a, 0xab, 0xa0, 0xbd, 0xb6, 0xdf, 0xd4, 0xc9, 0xc2, 0xf3, 0xf8, 0xe5, 0xee, 0x37, 0x3c, 0x21, 0x2a, 0x1b, 0x10, 0xd, 0x6, 0x6f, 0x64, 0x79, 0x72, 0x43, 0x48, 0x55, 0x5e, 0xe9, 0xe2, 0xff, 0xf4, 0xc5, 0xce, 0xd3, 0xd8, 0xb1, 0xba, 0xa7, 0xac, 0x9d, 0x96, 0x8b, 0x80, 0x59, 0x52, 0x4f, 0x44, 0x75, 0x7e, 0x63, 0x68, 0x1, 0xa, 0x17, 0x1c, 0x2d, 0x26, 0x3b, 0x30, 0x94, 0x9f, 0x82, 0x89, 0xb8, 0xb3, 0xae, 0xa5, 0xcc, 0xc7, 0xda, 0xd1, 0xe0, 0xeb, 0xf6, 0xfd, 0x24, 0x2f, 0x32, 0x39, 0x8, 0x3, 0x1e, 0x15, 0x7c, 0x77, 0x6a, 0x61, 0x50, 0x5b, 0x46, 0x4d, 0x13, 0x18, 0x5, 0xe, 0x3f, 0x34, 0x29, 0x22, 0x4b, 0x40, 0x5d, 0x56, 0x67, 0x6c, 0x71, 0x7a, 0xa3, 0xa8, 0xb5, 0xbe, 0x8f, 0x84, 0x99, 0x92, 0xfb, 0xf0, 0xed, 0xe6, 0xd7, 0xdc, 0xc1, 0xca, 0x6e, 0x65, 0x78, 0x73, 0x42, 0x49, 0x54, 0x5f, 0x36, 0x3d, 0x20, 0x2b, 0x1a, 0x11, 0xc, 0x7, 0xde, 0xd5, 0xc8, 0xc3, 0xf2, 0xf9, 0xe4, 0xef, 0x86, 0x8d, 0x90, 0x9b, 0xaa, 0xa1, 0xbc, 0xb7},
+ {0x0, 0xc, 0x18, 0x14, 0x30, 0x3c, 0x28, 0x24, 0x60, 0x6c, 0x78, 0x74, 0x50, 0x5c, 0x48, 0x44, 0xc0, 0xcc, 0xd8, 0xd4, 0xf0, 0xfc, 0xe8, 0xe4, 0xa0, 0xac, 0xb8, 0xb4, 0x90, 0x9c, 0x88, 0x84, 0x9d, 0x91, 0x85, 0x89, 0xad, 0xa1, 0xb5, 0xb9, 0xfd, 0xf1, 0xe5, 0xe9, 0xcd, 0xc1, 0xd5, 0xd9, 0x5d, 0x51, 0x45, 0x49, 0x6d, 0x61, 0x75, 0x79, 0x3d, 0x31, 0x25, 0x29, 0xd, 0x1, 0x15, 0x19, 0x27, 0x2b, 0x3f, 0x33, 0x17, 0x1b, 0xf, 0x3, 0x47, 0x4b, 0x5f, 0x53, 0x77, 0x7b, 0x6f, 0x63, 0xe7, 0xeb, 0xff, 0xf3, 0xd7, 0xdb, 0xcf, 0xc3, 0x87, 0x8b, 0x9f, 0x93, 0xb7, 0xbb, 0xaf, 0xa3, 0xba, 0xb6, 0xa2, 0xae, 0x8a, 0x86, 0x92, 0x9e, 0xda, 0xd6, 0xc2, 0xce, 0xea, 0xe6, 0xf2, 0xfe, 0x7a, 0x76, 0x62, 0x6e, 0x4a, 0x46, 0x52, 0x5e, 0x1a, 0x16, 0x2, 0xe, 0x2a, 0x26, 0x32, 0x3e, 0x4e, 0x42, 0x56, 0x5a, 0x7e, 0x72, 0x66, 0x6a, 0x2e, 0x22, 0x36, 0x3a, 0x1e, 0x12, 0x6, 0xa, 0x8e, 0x82, 0x96, 0x9a, 0xbe, 0xb2, 0xa6, 0xaa, 0xee, 0xe2, 0xf6, 0xfa, 0xde, 0xd2, 0xc6, 0xca, 0xd3, 0xdf, 0xcb, 0xc7, 0xe3, 0xef, 0xfb, 0xf7, 0xb3, 0xbf, 0xab, 0xa7, 0x83, 0x8f, 0x9b, 0x97, 0x13, 0x1f, 0xb, 0x7, 0x23, 0x2f, 0x3b, 0x37, 0x73, 0x7f, 0x6b, 0x67, 0x43, 0x4f, 0x5b, 0x57, 0x69, 0x65, 0x71, 0x7d, 0x59, 0x55, 0x41, 0x4d, 0x9, 0x5, 0x11, 0x1d, 0x39, 0x35, 0x21, 0x2d, 0xa9, 0xa5, 0xb1, 0xbd, 0x99, 0x95, 0x81, 0x8d, 0xc9, 0xc5, 0xd1, 0xdd, 0xf9, 0xf5, 0xe1, 0xed, 0xf4, 0xf8, 0xec, 0xe0, 0xc4, 0xc8, 0xdc, 0xd0, 0x94, 0x98, 0x8c, 0x80, 0xa4, 0xa8, 0xbc, 0xb0, 0x34, 0x38, 0x2c, 0x20, 0x4, 0x8, 0x1c, 0x10, 0x54, 0x58, 0x4c, 0x40, 0x64, 0x68, 0x7c, 0x70},
+ {0x0, 0xd, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f, 0x5c, 0x51, 0x46, 0x4b, 0xd0, 0xdd, 0xca, 0xc7, 0xe4, 0xe9, 0xfe, 0xf3, 0xb8, 0xb5, 0xa2, 0xaf, 0x8c, 0x81, 0x96, 0x9b, 0xbd, 0xb0, 0xa7, 0xaa, 0x89, 0x84, 0x93, 0x9e, 0xd5, 0xd8, 0xcf, 0xc2, 0xe1, 0xec, 0xfb, 0xf6, 0x6d, 0x60, 0x77, 0x7a, 0x59, 0x54, 0x43, 0x4e, 0x5, 0x8, 0x1f, 0x12, 0x31, 0x3c, 0x2b, 0x26, 0x67, 0x6a, 0x7d, 0x70, 0x53, 0x5e, 0x49, 0x44, 0xf, 0x2, 0x15, 0x18, 0x3b, 0x36, 0x21, 0x2c, 0xb7, 0xba, 0xad, 0xa0, 0x83, 0x8e, 0x99, 0x94, 0xdf, 0xd2, 0xc5, 0xc8, 0xeb, 0xe6, 0xf1, 0xfc, 0xda, 0xd7, 0xc0, 0xcd, 0xee, 0xe3, 0xf4, 0xf9, 0xb2, 0xbf, 0xa8, 0xa5, 0x86, 0x8b, 0x9c, 0x91, 0xa, 0x7, 0x10, 0x1d, 0x3e, 0x33, 0x24, 0x29, 0x62, 0x6f, 0x78, 0x75, 0x56, 0x5b, 0x4c, 0x41, 0xce, 0xc3, 0xd4, 0xd9, 0xfa, 0xf7, 0xe0, 0xed, 0xa6, 0xab, 0xbc, 0xb1, 0x92, 0x9f, 0x88, 0x85, 0x1e, 0x13, 0x4, 0x9, 0x2a, 0x27, 0x30, 0x3d, 0x76, 0x7b, 0x6c, 0x61, 0x42, 0x4f, 0x58, 0x55, 0x73, 0x7e, 0x69, 0x64, 0x47, 0x4a, 0x5d, 0x50, 0x1b, 0x16, 0x1, 0xc, 0x2f, 0x22, 0x35, 0x38, 0xa3, 0xae, 0xb9, 0xb4, 0x97, 0x9a, 0x8d, 0x80, 0xcb, 0xc6, 0xd1, 0xdc, 0xff, 0xf2, 0xe5, 0xe8, 0xa9, 0xa4, 0xb3, 0xbe, 0x9d, 0x90, 0x87, 0x8a, 0xc1, 0xcc, 0xdb, 0xd6, 0xf5, 0xf8, 0xef, 0xe2, 0x79, 0x74, 0x63, 0x6e, 0x4d, 0x40, 0x57, 0x5a, 0x11, 0x1c, 0xb, 0x6, 0x25, 0x28, 0x3f, 0x32, 0x14, 0x19, 0xe, 0x3, 0x20, 0x2d, 0x3a, 0x37, 0x7c, 0x71, 0x66, 0x6b, 0x48, 0x45, 0x52, 0x5f, 0xc4, 0xc9, 0xde, 0xd3, 0xf0, 0xfd, 0xea, 0xe7, 0xac, 0xa1, 0xb6, 0xbb, 0x98, 0x95, 0x82, 0x8f},
+ {0x0, 0xe, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62, 0x48, 0x46, 0x54, 0x5a, 0xe0, 0xee, 0xfc, 0xf2, 0xd8, 0xd6, 0xc4, 0xca, 0x90, 0x9e, 0x8c, 0x82, 0xa8, 0xa6, 0xb4, 0xba, 0xdd, 0xd3, 0xc1, 0xcf, 0xe5, 0xeb, 0xf9, 0xf7, 0xad, 0xa3, 0xb1, 0xbf, 0x95, 0x9b, 0x89, 0x87, 0x3d, 0x33, 0x21, 0x2f, 0x5, 0xb, 0x19, 0x17, 0x4d, 0x43, 0x51, 0x5f, 0x75, 0x7b, 0x69, 0x67, 0xa7, 0xa9, 0xbb, 0xb5, 0x9f, 0x91, 0x83, 0x8d, 0xd7, 0xd9, 0xcb, 0xc5, 0xef, 0xe1, 0xf3, 0xfd, 0x47, 0x49, 0x5b, 0x55, 0x7f, 0x71, 0x63, 0x6d, 0x37, 0x39, 0x2b, 0x25, 0xf, 0x1, 0x13, 0x1d, 0x7a, 0x74, 0x66, 0x68, 0x42, 0x4c, 0x5e, 0x50, 0xa, 0x4, 0x16, 0x18, 0x32, 0x3c, 0x2e, 0x20, 0x9a, 0x94, 0x86, 0x88, 0xa2, 0xac, 0xbe, 0xb0, 0xea, 0xe4, 0xf6, 0xf8, 0xd2, 0xdc, 0xce, 0xc0, 0x53, 0x5d, 0x4f, 0x41, 0x6b, 0x65, 0x77, 0x79, 0x23, 0x2d, 0x3f, 0x31, 0x1b, 0x15, 0x7, 0x9, 0xb3, 0xbd, 0xaf, 0xa1, 0x8b, 0x85, 0x97, 0x99, 0xc3, 0xcd, 0xdf, 0xd1, 0xfb, 0xf5, 0xe7, 0xe9, 0x8e, 0x80, 0x92, 0x9c, 0xb6, 0xb8, 0xaa, 0xa4, 0xfe, 0xf0, 0xe2, 0xec, 0xc6, 0xc8, 0xda, 0xd4, 0x6e, 0x60, 0x72, 0x7c, 0x56, 0x58, 0x4a, 0x44, 0x1e, 0x10, 0x2, 0xc, 0x26, 0x28, 0x3a, 0x34, 0xf4, 0xfa, 0xe8, 0xe6, 0xcc, 0xc2, 0xd0, 0xde, 0x84, 0x8a, 0x98, 0x96, 0xbc, 0xb2, 0xa0, 0xae, 0x14, 0x1a, 0x8, 0x6, 0x2c, 0x22, 0x30, 0x3e, 0x64, 0x6a, 0x78, 0x76, 0x5c, 0x52, 0x40, 0x4e, 0x29, 0x27, 0x35, 0x3b, 0x11, 0x1f, 0xd, 0x3, 0x59, 0x57, 0x45, 0x4b, 0x61, 0x6f, 0x7d, 0x73, 0xc9, 0xc7, 0xd5, 0xdb, 0xf1, 0xff, 0xed, 0xe3, 0xb9, 0xb7, 0xa5, 0xab, 0x81, 0x8f, 0x9d, 0x93},
+ {0x0, 0xf, 0x1e, 0x11, 0x3c, 0x33, 0x22, 0x2d, 0x78, 0x77, 0x66, 0x69, 0x44, 0x4b, 0x5a, 0x55, 0xf0, 0xff, 0xee, 0xe1, 0xcc, 0xc3, 0xd2, 0xdd, 0x88, 0x87, 0x96, 0x99, 0xb4, 0xbb, 0xaa, 0xa5, 0xfd, 0xf2, 0xe3, 0xec, 0xc1, 0xce, 0xdf, 0xd0, 0x85, 0x8a, 0x9b, 0x94, 0xb9, 0xb6, 0xa7, 0xa8, 0xd, 0x2, 0x13, 0x1c, 0x31, 0x3e, 0x2f, 0x20, 0x75, 0x7a, 0x6b, 0x64, 0x49, 0x46, 0x57, 0x58, 0xe7, 0xe8, 0xf9, 0xf6, 0xdb, 0xd4, 0xc5, 0xca, 0x9f, 0x90, 0x81, 0x8e, 0xa3, 0xac, 0xbd, 0xb2, 0x17, 0x18, 0x9, 0x6, 0x2b, 0x24, 0x35, 0x3a, 0x6f, 0x60, 0x71, 0x7e, 0x53, 0x5c, 0x4d, 0x42, 0x1a, 0x15, 0x4, 0xb, 0x26, 0x29, 0x38, 0x37, 0x62, 0x6d, 0x7c, 0x73, 0x5e, 0x51, 0x40, 0x4f, 0xea, 0xe5, 0xf4, 0xfb, 0xd6, 0xd9, 0xc8, 0xc7, 0x92, 0x9d, 0x8c, 0x83, 0xae, 0xa1, 0xb0, 0xbf, 0xd3, 0xdc, 0xcd, 0xc2, 0xef, 0xe0, 0xf1, 0xfe, 0xab, 0xa4, 0xb5, 0xba, 0x97, 0x98, 0x89, 0x86, 0x23, 0x2c, 0x3d, 0x32, 0x1f, 0x10, 0x1, 0xe, 0x5b, 0x54, 0x45, 0x4a, 0x67, 0x68, 0x79, 0x76, 0x2e, 0x21, 0x30, 0x3f, 0x12, 0x1d, 0xc, 0x3, 0x56, 0x59, 0x48, 0x47, 0x6a, 0x65, 0x74, 0x7b, 0xde, 0xd1, 0xc0, 0xcf, 0xe2, 0xed, 0xfc, 0xf3, 0xa6, 0xa9, 0xb8, 0xb7, 0x9a, 0x95, 0x84, 0x8b, 0x34, 0x3b, 0x2a, 0x25, 0x8, 0x7, 0x16, 0x19, 0x4c, 0x43, 0x52, 0x5d, 0x70, 0x7f, 0x6e, 0x61, 0xc4, 0xcb, 0xda, 0xd5, 0xf8, 0xf7, 0xe6, 0xe9, 0xbc, 0xb3, 0xa2, 0xad, 0x80, 0x8f, 0x9e, 0x91, 0xc9, 0xc6, 0xd7, 0xd8, 0xf5, 0xfa, 0xeb, 0xe4, 0xb1, 0xbe, 0xaf, 0xa0, 0x8d, 0x82, 0x93, 0x9c, 0x39, 0x36, 0x27, 0x28, 0x5, 0xa, 0x1b, 0x14, 0x41, 0x4e, 0x5f, 0x50, 0x7d, 0x72, 0x63, 0x6c},
+ {0x0, 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80, 0x90, 0xa0, 0xb0, 0xc0, 0xd0, 0xe0, 0xf0, 0x1d, 0xd, 0x3d, 0x2d, 0x5d, 0x4d, 0x7d, 0x6d, 0x9d, 0x8d, 0xbd, 0xad, 0xdd, 0xcd, 0xfd, 0xed, 0x3a, 0x2a, 0x1a, 0xa, 0x7a, 0x6a, 0x5a, 0x4a, 0xba, 0xaa, 0x9a, 0x8a, 0xfa, 0xea, 0xda, 0xca, 0x27, 0x37, 0x7, 0x17, 0x67, 0x77, 0x47, 0x57, 0xa7, 0xb7, 0x87, 0x97, 0xe7, 0xf7, 0xc7, 0xd7, 0x74, 0x64, 0x54, 0x44, 0x34, 0x24, 0x14, 0x4, 0xf4, 0xe4, 0xd4, 0xc4, 0xb4, 0xa4, 0x94, 0x84, 0x69, 0x79, 0x49, 0x59, 0x29, 0x39, 0x9, 0x19, 0xe9, 0xf9, 0xc9, 0xd9, 0xa9, 0xb9, 0x89, 0x99, 0x4e, 0x5e, 0x6e, 0x7e, 0xe, 0x1e, 0x2e, 0x3e, 0xce, 0xde, 0xee, 0xfe, 0x8e, 0x9e, 0xae, 0xbe, 0x53, 0x43, 0x73, 0x63, 0x13, 0x3, 0x33, 0x23, 0xd3, 0xc3, 0xf3, 0xe3, 0x93, 0x83, 0xb3, 0xa3, 0xe8, 0xf8, 0xc8, 0xd8, 0xa8, 0xb8, 0x88, 0x98, 0x68, 0x78, 0x48, 0x58, 0x28, 0x38, 0x8, 0x18, 0xf5, 0xe5, 0xd5, 0xc5, 0xb5, 0xa5, 0x95, 0x85, 0x75, 0x65, 0x55, 0x45, 0x35, 0x25, 0x15, 0x5, 0xd2, 0xc2, 0xf2, 0xe2, 0x92, 0x82, 0xb2, 0xa2, 0x52, 0x42, 0x72, 0x62, 0x12, 0x2, 0x32, 0x22, 0xcf, 0xdf, 0xef, 0xff, 0x8f, 0x9f, 0xaf, 0xbf, 0x4f, 0x5f, 0x6f, 0x7f, 0xf, 0x1f, 0x2f, 0x3f, 0x9c, 0x8c, 0xbc, 0xac, 0xdc, 0xcc, 0xfc, 0xec, 0x1c, 0xc, 0x3c, 0x2c, 0x5c, 0x4c, 0x7c, 0x6c, 0x81, 0x91, 0xa1, 0xb1, 0xc1, 0xd1, 0xe1, 0xf1, 0x1, 0x11, 0x21, 0x31, 0x41, 0x51, 0x61, 0x71, 0xa6, 0xb6, 0x86, 0x96, 0xe6, 0xf6, 0xc6, 0xd6, 0x26, 0x36, 0x6, 0x16, 0x66, 0x76, 0x46, 0x56, 0xbb, 0xab, 0x9b, 0x8b, 0xfb, 0xeb, 0xdb, 0xcb, 0x3b, 0x2b, 0x1b, 0xb, 0x7b, 0x6b, 0x5b, 0x4b},
+ {0x0, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0xd, 0x1c, 0x2f, 0x3e, 0x49, 0x58, 0x6b, 0x7a, 0x85, 0x94, 0xa7, 0xb6, 0xc1, 0xd0, 0xe3, 0xf2, 0x1a, 0xb, 0x38, 0x29, 0x5e, 0x4f, 0x7c, 0x6d, 0x92, 0x83, 0xb0, 0xa1, 0xd6, 0xc7, 0xf4, 0xe5, 0x17, 0x6, 0x35, 0x24, 0x53, 0x42, 0x71, 0x60, 0x9f, 0x8e, 0xbd, 0xac, 0xdb, 0xca, 0xf9, 0xe8, 0x34, 0x25, 0x16, 0x7, 0x70, 0x61, 0x52, 0x43, 0xbc, 0xad, 0x9e, 0x8f, 0xf8, 0xe9, 0xda, 0xcb, 0x39, 0x28, 0x1b, 0xa, 0x7d, 0x6c, 0x5f, 0x4e, 0xb1, 0xa0, 0x93, 0x82, 0xf5, 0xe4, 0xd7, 0xc6, 0x2e, 0x3f, 0xc, 0x1d, 0x6a, 0x7b, 0x48, 0x59, 0xa6, 0xb7, 0x84, 0x95, 0xe2, 0xf3, 0xc0, 0xd1, 0x23, 0x32, 0x1, 0x10, 0x67, 0x76, 0x45, 0x54, 0xab, 0xba, 0x89, 0x98, 0xef, 0xfe, 0xcd, 0xdc, 0x68, 0x79, 0x4a, 0x5b, 0x2c, 0x3d, 0xe, 0x1f, 0xe0, 0xf1, 0xc2, 0xd3, 0xa4, 0xb5, 0x86, 0x97, 0x65, 0x74, 0x47, 0x56, 0x21, 0x30, 0x3, 0x12, 0xed, 0xfc, 0xcf, 0xde, 0xa9, 0xb8, 0x8b, 0x9a, 0x72, 0x63, 0x50, 0x41, 0x36, 0x27, 0x14, 0x5, 0xfa, 0xeb, 0xd8, 0xc9, 0xbe, 0xaf, 0x9c, 0x8d, 0x7f, 0x6e, 0x5d, 0x4c, 0x3b, 0x2a, 0x19, 0x8, 0xf7, 0xe6, 0xd5, 0xc4, 0xb3, 0xa2, 0x91, 0x80, 0x5c, 0x4d, 0x7e, 0x6f, 0x18, 0x9, 0x3a, 0x2b, 0xd4, 0xc5, 0xf6, 0xe7, 0x90, 0x81, 0xb2, 0xa3, 0x51, 0x40, 0x73, 0x62, 0x15, 0x4, 0x37, 0x26, 0xd9, 0xc8, 0xfb, 0xea, 0x9d, 0x8c, 0xbf, 0xae, 0x46, 0x57, 0x64, 0x75, 0x2, 0x13, 0x20, 0x31, 0xce, 0xdf, 0xec, 0xfd, 0x8a, 0x9b, 0xa8, 0xb9, 0x4b, 0x5a, 0x69, 0x78, 0xf, 0x1e, 0x2d, 0x3c, 0xc3, 0xd2, 0xe1, 0xf0, 0x87, 0x96, 0xa5, 0xb4},
+ {0x0, 0x12, 0x24, 0x36, 0x48, 0x5a, 0x6c, 0x7e, 0x90, 0x82, 0xb4, 0xa6, 0xd8, 0xca, 0xfc, 0xee, 0x3d, 0x2f, 0x19, 0xb, 0x75, 0x67, 0x51, 0x43, 0xad, 0xbf, 0x89, 0x9b, 0xe5, 0xf7, 0xc1, 0xd3, 0x7a, 0x68, 0x5e, 0x4c, 0x32, 0x20, 0x16, 0x4, 0xea, 0xf8, 0xce, 0xdc, 0xa2, 0xb0, 0x86, 0x94, 0x47, 0x55, 0x63, 0x71, 0xf, 0x1d, 0x2b, 0x39, 0xd7, 0xc5, 0xf3, 0xe1, 0x9f, 0x8d, 0xbb, 0xa9, 0xf4, 0xe6, 0xd0, 0xc2, 0xbc, 0xae, 0x98, 0x8a, 0x64, 0x76, 0x40, 0x52, 0x2c, 0x3e, 0x8, 0x1a, 0xc9, 0xdb, 0xed, 0xff, 0x81, 0x93, 0xa5, 0xb7, 0x59, 0x4b, 0x7d, 0x6f, 0x11, 0x3, 0x35, 0x27, 0x8e, 0x9c, 0xaa, 0xb8, 0xc6, 0xd4, 0xe2, 0xf0, 0x1e, 0xc, 0x3a, 0x28, 0x56, 0x44, 0x72, 0x60, 0xb3, 0xa1, 0x97, 0x85, 0xfb, 0xe9, 0xdf, 0xcd, 0x23, 0x31, 0x7, 0x15, 0x6b, 0x79, 0x4f, 0x5d, 0xf5, 0xe7, 0xd1, 0xc3, 0xbd, 0xaf, 0x99, 0x8b, 0x65, 0x77, 0x41, 0x53, 0x2d, 0x3f, 0x9, 0x1b, 0xc8, 0xda, 0xec, 0xfe, 0x80, 0x92, 0xa4, 0xb6, 0x58, 0x4a, 0x7c, 0x6e, 0x10, 0x2, 0x34, 0x26, 0x8f, 0x9d, 0xab, 0xb9, 0xc7, 0xd5, 0xe3, 0xf1, 0x1f, 0xd, 0x3b, 0x29, 0x57, 0x45, 0x73, 0x61, 0xb2, 0xa0, 0x96, 0x84, 0xfa, 0xe8, 0xde, 0xcc, 0x22, 0x30, 0x6, 0x14, 0x6a, 0x78, 0x4e, 0x5c, 0x1, 0x13, 0x25, 0x37, 0x49, 0x5b, 0x6d, 0x7f, 0x91, 0x83, 0xb5, 0xa7, 0xd9, 0xcb, 0xfd, 0xef, 0x3c, 0x2e, 0x18, 0xa, 0x74, 0x66, 0x50, 0x42, 0xac, 0xbe, 0x88, 0x9a, 0xe4, 0xf6, 0xc0, 0xd2, 0x7b, 0x69, 0x5f, 0x4d, 0x33, 0x21, 0x17, 0x5, 0xeb, 0xf9, 0xcf, 0xdd, 0xa3, 0xb1, 0x87, 0x95, 0x46, 0x54, 0x62, 0x70, 0xe, 0x1c, 0x2a, 0x38, 0xd6, 0xc4, 0xf2, 0xe0, 0x9e, 0x8c, 0xba, 0xa8},
+ {0x0, 0x13, 0x26, 0x35, 0x4c, 0x5f, 0x6a, 0x79, 0x98, 0x8b, 0xbe, 0xad, 0xd4, 0xc7, 0xf2, 0xe1, 0x2d, 0x3e, 0xb, 0x18, 0x61, 0x72, 0x47, 0x54, 0xb5, 0xa6, 0x93, 0x80, 0xf9, 0xea, 0xdf, 0xcc, 0x5a, 0x49, 0x7c, 0x6f, 0x16, 0x5, 0x30, 0x23, 0xc2, 0xd1, 0xe4, 0xf7, 0x8e, 0x9d, 0xa8, 0xbb, 0x77, 0x64, 0x51, 0x42, 0x3b, 0x28, 0x1d, 0xe, 0xef, 0xfc, 0xc9, 0xda, 0xa3, 0xb0, 0x85, 0x96, 0xb4, 0xa7, 0x92, 0x81, 0xf8, 0xeb, 0xde, 0xcd, 0x2c, 0x3f, 0xa, 0x19, 0x60, 0x73, 0x46, 0x55, 0x99, 0x8a, 0xbf, 0xac, 0xd5, 0xc6, 0xf3, 0xe0, 0x1, 0x12, 0x27, 0x34, 0x4d, 0x5e, 0x6b, 0x78, 0xee, 0xfd, 0xc8, 0xdb, 0xa2, 0xb1, 0x84, 0x97, 0x76, 0x65, 0x50, 0x43, 0x3a, 0x29, 0x1c, 0xf, 0xc3, 0xd0, 0xe5, 0xf6, 0x8f, 0x9c, 0xa9, 0xba, 0x5b, 0x48, 0x7d, 0x6e, 0x17, 0x4, 0x31, 0x22, 0x75, 0x66, 0x53, 0x40, 0x39, 0x2a, 0x1f, 0xc, 0xed, 0xfe, 0xcb, 0xd8, 0xa1, 0xb2, 0x87, 0x94, 0x58, 0x4b, 0x7e, 0x6d, 0x14, 0x7, 0x32, 0x21, 0xc0, 0xd3, 0xe6, 0xf5, 0x8c, 0x9f, 0xaa, 0xb9, 0x2f, 0x3c, 0x9, 0x1a, 0x63, 0x70, 0x45, 0x56, 0xb7, 0xa4, 0x91, 0x82, 0xfb, 0xe8, 0xdd, 0xce, 0x2, 0x11, 0x24, 0x37, 0x4e, 0x5d, 0x68, 0x7b, 0x9a, 0x89, 0xbc, 0xaf, 0xd6, 0xc5, 0xf0, 0xe3, 0xc1, 0xd2, 0xe7, 0xf4, 0x8d, 0x9e, 0xab, 0xb8, 0x59, 0x4a, 0x7f, 0x6c, 0x15, 0x6, 0x33, 0x20, 0xec, 0xff, 0xca, 0xd9, 0xa0, 0xb3, 0x86, 0x95, 0x74, 0x67, 0x52, 0x41, 0x38, 0x2b, 0x1e, 0xd, 0x9b, 0x88, 0xbd, 0xae, 0xd7, 0xc4, 0xf1, 0xe2, 0x3, 0x10, 0x25, 0x36, 0x4f, 0x5c, 0x69, 0x7a, 0xb6, 0xa5, 0x90, 0x83, 0xfa, 0xe9, 0xdc, 0xcf, 0x2e, 0x3d, 0x8, 0x1b, 0x62, 0x71, 0x44, 0x57},
+ {0x0, 0x14, 0x28, 0x3c, 0x50, 0x44, 0x78, 0x6c, 0xa0, 0xb4, 0x88, 0x9c, 0xf0, 0xe4, 0xd8, 0xcc, 0x5d, 0x49, 0x75, 0x61, 0xd, 0x19, 0x25, 0x31, 0xfd, 0xe9, 0xd5, 0xc1, 0xad, 0xb9, 0x85, 0x91, 0xba, 0xae, 0x92, 0x86, 0xea, 0xfe, 0xc2, 0xd6, 0x1a, 0xe, 0x32, 0x26, 0x4a, 0x5e, 0x62, 0x76, 0xe7, 0xf3, 0xcf, 0xdb, 0xb7, 0xa3, 0x9f, 0x8b, 0x47, 0x53, 0x6f, 0x7b, 0x17, 0x3, 0x3f, 0x2b, 0x69, 0x7d, 0x41, 0x55, 0x39, 0x2d, 0x11, 0x5, 0xc9, 0xdd, 0xe1, 0xf5, 0x99, 0x8d, 0xb1, 0xa5, 0x34, 0x20, 0x1c, 0x8, 0x64, 0x70, 0x4c, 0x58, 0x94, 0x80, 0xbc, 0xa8, 0xc4, 0xd0, 0xec, 0xf8, 0xd3, 0xc7, 0xfb, 0xef, 0x83, 0x97, 0xab, 0xbf, 0x73, 0x67, 0x5b, 0x4f, 0x23, 0x37, 0xb, 0x1f, 0x8e, 0x9a, 0xa6, 0xb2, 0xde, 0xca, 0xf6, 0xe2, 0x2e, 0x3a, 0x6, 0x12, 0x7e, 0x6a, 0x56, 0x42, 0xd2, 0xc6, 0xfa, 0xee, 0x82, 0x96, 0xaa, 0xbe, 0x72, 0x66, 0x5a, 0x4e, 0x22, 0x36, 0xa, 0x1e, 0x8f, 0x9b, 0xa7, 0xb3, 0xdf, 0xcb, 0xf7, 0xe3, 0x2f, 0x3b, 0x7, 0x13, 0x7f, 0x6b, 0x57, 0x43, 0x68, 0x7c, 0x40, 0x54, 0x38, 0x2c, 0x10, 0x4, 0xc8, 0xdc, 0xe0, 0xf4, 0x98, 0x8c, 0xb0, 0xa4, 0x35, 0x21, 0x1d, 0x9, 0x65, 0x71, 0x4d, 0x59, 0x95, 0x81, 0xbd, 0xa9, 0xc5, 0xd1, 0xed, 0xf9, 0xbb, 0xaf, 0x93, 0x87, 0xeb, 0xff, 0xc3, 0xd7, 0x1b, 0xf, 0x33, 0x27, 0x4b, 0x5f, 0x63, 0x77, 0xe6, 0xf2, 0xce, 0xda, 0xb6, 0xa2, 0x9e, 0x8a, 0x46, 0x52, 0x6e, 0x7a, 0x16, 0x2, 0x3e, 0x2a, 0x1, 0x15, 0x29, 0x3d, 0x51, 0x45, 0x79, 0x6d, 0xa1, 0xb5, 0x89, 0x9d, 0xf1, 0xe5, 0xd9, 0xcd, 0x5c, 0x48, 0x74, 0x60, 0xc, 0x18, 0x24, 0x30, 0xfc, 0xe8, 0xd4, 0xc0, 0xac, 0xb8, 0x84, 0x90},
+ {0x0, 0x15, 0x2a, 0x3f, 0x54, 0x41, 0x7e, 0x6b, 0xa8, 0xbd, 0x82, 0x97, 0xfc, 0xe9, 0xd6, 0xc3, 0x4d, 0x58, 0x67, 0x72, 0x19, 0xc, 0x33, 0x26, 0xe5, 0xf0, 0xcf, 0xda, 0xb1, 0xa4, 0x9b, 0x8e, 0x9a, 0x8f, 0xb0, 0xa5, 0xce, 0xdb, 0xe4, 0xf1, 0x32, 0x27, 0x18, 0xd, 0x66, 0x73, 0x4c, 0x59, 0xd7, 0xc2, 0xfd, 0xe8, 0x83, 0x96, 0xa9, 0xbc, 0x7f, 0x6a, 0x55, 0x40, 0x2b, 0x3e, 0x1, 0x14, 0x29, 0x3c, 0x3, 0x16, 0x7d, 0x68, 0x57, 0x42, 0x81, 0x94, 0xab, 0xbe, 0xd5, 0xc0, 0xff, 0xea, 0x64, 0x71, 0x4e, 0x5b, 0x30, 0x25, 0x1a, 0xf, 0xcc, 0xd9, 0xe6, 0xf3, 0x98, 0x8d, 0xb2, 0xa7, 0xb3, 0xa6, 0x99, 0x8c, 0xe7, 0xf2, 0xcd, 0xd8, 0x1b, 0xe, 0x31, 0x24, 0x4f, 0x5a, 0x65, 0x70, 0xfe, 0xeb, 0xd4, 0xc1, 0xaa, 0xbf, 0x80, 0x95, 0x56, 0x43, 0x7c, 0x69, 0x2, 0x17, 0x28, 0x3d, 0x52, 0x47, 0x78, 0x6d, 0x6, 0x13, 0x2c, 0x39, 0xfa, 0xef, 0xd0, 0xc5, 0xae, 0xbb, 0x84, 0x91, 0x1f, 0xa, 0x35, 0x20, 0x4b, 0x5e, 0x61, 0x74, 0xb7, 0xa2, 0x9d, 0x88, 0xe3, 0xf6, 0xc9, 0xdc, 0xc8, 0xdd, 0xe2, 0xf7, 0x9c, 0x89, 0xb6, 0xa3, 0x60, 0x75, 0x4a, 0x5f, 0x34, 0x21, 0x1e, 0xb, 0x85, 0x90, 0xaf, 0xba, 0xd1, 0xc4, 0xfb, 0xee, 0x2d, 0x38, 0x7, 0x12, 0x79, 0x6c, 0x53, 0x46, 0x7b, 0x6e, 0x51, 0x44, 0x2f, 0x3a, 0x5, 0x10, 0xd3, 0xc6, 0xf9, 0xec, 0x87, 0x92, 0xad, 0xb8, 0x36, 0x23, 0x1c, 0x9, 0x62, 0x77, 0x48, 0x5d, 0x9e, 0x8b, 0xb4, 0xa1, 0xca, 0xdf, 0xe0, 0xf5, 0xe1, 0xf4, 0xcb, 0xde, 0xb5, 0xa0, 0x9f, 0x8a, 0x49, 0x5c, 0x63, 0x76, 0x1d, 0x8, 0x37, 0x22, 0xac, 0xb9, 0x86, 0x93, 0xf8, 0xed, 0xd2, 0xc7, 0x4, 0x11, 0x2e, 0x3b, 0x50, 0x45, 0x7a, 0x6f},
+ {0x0, 0x16, 0x2c, 0x3a, 0x58, 0x4e, 0x74, 0x62, 0xb0, 0xa6, 0x9c, 0x8a, 0xe8, 0xfe, 0xc4, 0xd2, 0x7d, 0x6b, 0x51, 0x47, 0x25, 0x33, 0x9, 0x1f, 0xcd, 0xdb, 0xe1, 0xf7, 0x95, 0x83, 0xb9, 0xaf, 0xfa, 0xec, 0xd6, 0xc0, 0xa2, 0xb4, 0x8e, 0x98, 0x4a, 0x5c, 0x66, 0x70, 0x12, 0x4, 0x3e, 0x28, 0x87, 0x91, 0xab, 0xbd, 0xdf, 0xc9, 0xf3, 0xe5, 0x37, 0x21, 0x1b, 0xd, 0x6f, 0x79, 0x43, 0x55, 0xe9, 0xff, 0xc5, 0xd3, 0xb1, 0xa7, 0x9d, 0x8b, 0x59, 0x4f, 0x75, 0x63, 0x1, 0x17, 0x2d, 0x3b, 0x94, 0x82, 0xb8, 0xae, 0xcc, 0xda, 0xe0, 0xf6, 0x24, 0x32, 0x8, 0x1e, 0x7c, 0x6a, 0x50, 0x46, 0x13, 0x5, 0x3f, 0x29, 0x4b, 0x5d, 0x67, 0x71, 0xa3, 0xb5, 0x8f, 0x99, 0xfb, 0xed, 0xd7, 0xc1, 0x6e, 0x78, 0x42, 0x54, 0x36, 0x20, 0x1a, 0xc, 0xde, 0xc8, 0xf2, 0xe4, 0x86, 0x90, 0xaa, 0xbc, 0xcf, 0xd9, 0xe3, 0xf5, 0x97, 0x81, 0xbb, 0xad, 0x7f, 0x69, 0x53, 0x45, 0x27, 0x31, 0xb, 0x1d, 0xb2, 0xa4, 0x9e, 0x88, 0xea, 0xfc, 0xc6, 0xd0, 0x2, 0x14, 0x2e, 0x38, 0x5a, 0x4c, 0x76, 0x60, 0x35, 0x23, 0x19, 0xf, 0x6d, 0x7b, 0x41, 0x57, 0x85, 0x93, 0xa9, 0xbf, 0xdd, 0xcb, 0xf1, 0xe7, 0x48, 0x5e, 0x64, 0x72, 0x10, 0x6, 0x3c, 0x2a, 0xf8, 0xee, 0xd4, 0xc2, 0xa0, 0xb6, 0x8c, 0x9a, 0x26, 0x30, 0xa, 0x1c, 0x7e, 0x68, 0x52, 0x44, 0x96, 0x80, 0xba, 0xac, 0xce, 0xd8, 0xe2, 0xf4, 0x5b, 0x4d, 0x77, 0x61, 0x3, 0x15, 0x2f, 0x39, 0xeb, 0xfd, 0xc7, 0xd1, 0xb3, 0xa5, 0x9f, 0x89, 0xdc, 0xca, 0xf0, 0xe6, 0x84, 0x92, 0xa8, 0xbe, 0x6c, 0x7a, 0x40, 0x56, 0x34, 0x22, 0x18, 0xe, 0xa1, 0xb7, 0x8d, 0x9b, 0xf9, 0xef, 0xd5, 0xc3, 0x11, 0x7, 0x3d, 0x2b, 0x49, 0x5f, 0x65, 0x73},
+ {0x0, 0x17, 0x2e, 0x39, 0x5c, 0x4b, 0x72, 0x65, 0xb8, 0xaf, 0x96, 0x81, 0xe4, 0xf3, 0xca, 0xdd, 0x6d, 0x7a, 0x43, 0x54, 0x31, 0x26, 0x1f, 0x8, 0xd5, 0xc2, 0xfb, 0xec, 0x89, 0x9e, 0xa7, 0xb0, 0xda, 0xcd, 0xf4, 0xe3, 0x86, 0x91, 0xa8, 0xbf, 0x62, 0x75, 0x4c, 0x5b, 0x3e, 0x29, 0x10, 0x7, 0xb7, 0xa0, 0x99, 0x8e, 0xeb, 0xfc, 0xc5, 0xd2, 0xf, 0x18, 0x21, 0x36, 0x53, 0x44, 0x7d, 0x6a, 0xa9, 0xbe, 0x87, 0x90, 0xf5, 0xe2, 0xdb, 0xcc, 0x11, 0x6, 0x3f, 0x28, 0x4d, 0x5a, 0x63, 0x74, 0xc4, 0xd3, 0xea, 0xfd, 0x98, 0x8f, 0xb6, 0xa1, 0x7c, 0x6b, 0x52, 0x45, 0x20, 0x37, 0xe, 0x19, 0x73, 0x64, 0x5d, 0x4a, 0x2f, 0x38, 0x1, 0x16, 0xcb, 0xdc, 0xe5, 0xf2, 0x97, 0x80, 0xb9, 0xae, 0x1e, 0x9, 0x30, 0x27, 0x42, 0x55, 0x6c, 0x7b, 0xa6, 0xb1, 0x88, 0x9f, 0xfa, 0xed, 0xd4, 0xc3, 0x4f, 0x58, 0x61, 0x76, 0x13, 0x4, 0x3d, 0x2a, 0xf7, 0xe0, 0xd9, 0xce, 0xab, 0xbc, 0x85, 0x92, 0x22, 0x35, 0xc, 0x1b, 0x7e, 0x69, 0x50, 0x47, 0x9a, 0x8d, 0xb4, 0xa3, 0xc6, 0xd1, 0xe8, 0xff, 0x95, 0x82, 0xbb, 0xac, 0xc9, 0xde, 0xe7, 0xf0, 0x2d, 0x3a, 0x3, 0x14, 0x71, 0x66, 0x5f, 0x48, 0xf8, 0xef, 0xd6, 0xc1, 0xa4, 0xb3, 0x8a, 0x9d, 0x40, 0x57, 0x6e, 0x79, 0x1c, 0xb, 0x32, 0x25, 0xe6, 0xf1, 0xc8, 0xdf, 0xba, 0xad, 0x94, 0x83, 0x5e, 0x49, 0x70, 0x67, 0x2, 0x15, 0x2c, 0x3b, 0x8b, 0x9c, 0xa5, 0xb2, 0xd7, 0xc0, 0xf9, 0xee, 0x33, 0x24, 0x1d, 0xa, 0x6f, 0x78, 0x41, 0x56, 0x3c, 0x2b, 0x12, 0x5, 0x60, 0x77, 0x4e, 0x59, 0x84, 0x93, 0xaa, 0xbd, 0xd8, 0xcf, 0xf6, 0xe1, 0x51, 0x46, 0x7f, 0x68, 0xd, 0x1a, 0x23, 0x34, 0xe9, 0xfe, 0xc7, 0xd0, 0xb5, 0xa2, 0x9b, 0x8c},
+ {0x0, 0x18, 0x30, 0x28, 0x60, 0x78, 0x50, 0x48, 0xc0, 0xd8, 0xf0, 0xe8, 0xa0, 0xb8, 0x90, 0x88, 0x9d, 0x85, 0xad, 0xb5, 0xfd, 0xe5, 0xcd, 0xd5, 0x5d, 0x45, 0x6d, 0x75, 0x3d, 0x25, 0xd, 0x15, 0x27, 0x3f, 0x17, 0xf, 0x47, 0x5f, 0x77, 0x6f, 0xe7, 0xff, 0xd7, 0xcf, 0x87, 0x9f, 0xb7, 0xaf, 0xba, 0xa2, 0x8a, 0x92, 0xda, 0xc2, 0xea, 0xf2, 0x7a, 0x62, 0x4a, 0x52, 0x1a, 0x2, 0x2a, 0x32, 0x4e, 0x56, 0x7e, 0x66, 0x2e, 0x36, 0x1e, 0x6, 0x8e, 0x96, 0xbe, 0xa6, 0xee, 0xf6, 0xde, 0xc6, 0xd3, 0xcb, 0xe3, 0xfb, 0xb3, 0xab, 0x83, 0x9b, 0x13, 0xb, 0x23, 0x3b, 0x73, 0x6b, 0x43, 0x5b, 0x69, 0x71, 0x59, 0x41, 0x9, 0x11, 0x39, 0x21, 0xa9, 0xb1, 0x99, 0x81, 0xc9, 0xd1, 0xf9, 0xe1, 0xf4, 0xec, 0xc4, 0xdc, 0x94, 0x8c, 0xa4, 0xbc, 0x34, 0x2c, 0x4, 0x1c, 0x54, 0x4c, 0x64, 0x7c, 0x9c, 0x84, 0xac, 0xb4, 0xfc, 0xe4, 0xcc, 0xd4, 0x5c, 0x44, 0x6c, 0x74, 0x3c, 0x24, 0xc, 0x14, 0x1, 0x19, 0x31, 0x29, 0x61, 0x79, 0x51, 0x49, 0xc1, 0xd9, 0xf1, 0xe9, 0xa1, 0xb9, 0x91, 0x89, 0xbb, 0xa3, 0x8b, 0x93, 0xdb, 0xc3, 0xeb, 0xf3, 0x7b, 0x63, 0x4b, 0x53, 0x1b, 0x3, 0x2b, 0x33, 0x26, 0x3e, 0x16, 0xe, 0x46, 0x5e, 0x76, 0x6e, 0xe6, 0xfe, 0xd6, 0xce, 0x86, 0x9e, 0xb6, 0xae, 0xd2, 0xca, 0xe2, 0xfa, 0xb2, 0xaa, 0x82, 0x9a, 0x12, 0xa, 0x22, 0x3a, 0x72, 0x6a, 0x42, 0x5a, 0x4f, 0x57, 0x7f, 0x67, 0x2f, 0x37, 0x1f, 0x7, 0x8f, 0x97, 0xbf, 0xa7, 0xef, 0xf7, 0xdf, 0xc7, 0xf5, 0xed, 0xc5, 0xdd, 0x95, 0x8d, 0xa5, 0xbd, 0x35, 0x2d, 0x5, 0x1d, 0x55, 0x4d, 0x65, 0x7d, 0x68, 0x70, 0x58, 0x40, 0x8, 0x10, 0x38, 0x20, 0xa8, 0xb0, 0x98, 0x80, 0xc8, 0xd0, 0xf8, 0xe0},
+ {0x0, 0x19, 0x32, 0x2b, 0x64, 0x7d, 0x56, 0x4f, 0xc8, 0xd1, 0xfa, 0xe3, 0xac, 0xb5, 0x9e, 0x87, 0x8d, 0x94, 0xbf, 0xa6, 0xe9, 0xf0, 0xdb, 0xc2, 0x45, 0x5c, 0x77, 0x6e, 0x21, 0x38, 0x13, 0xa, 0x7, 0x1e, 0x35, 0x2c, 0x63, 0x7a, 0x51, 0x48, 0xcf, 0xd6, 0xfd, 0xe4, 0xab, 0xb2, 0x99, 0x80, 0x8a, 0x93, 0xb8, 0xa1, 0xee, 0xf7, 0xdc, 0xc5, 0x42, 0x5b, 0x70, 0x69, 0x26, 0x3f, 0x14, 0xd, 0xe, 0x17, 0x3c, 0x25, 0x6a, 0x73, 0x58, 0x41, 0xc6, 0xdf, 0xf4, 0xed, 0xa2, 0xbb, 0x90, 0x89, 0x83, 0x9a, 0xb1, 0xa8, 0xe7, 0xfe, 0xd5, 0xcc, 0x4b, 0x52, 0x79, 0x60, 0x2f, 0x36, 0x1d, 0x4, 0x9, 0x10, 0x3b, 0x22, 0x6d, 0x74, 0x5f, 0x46, 0xc1, 0xd8, 0xf3, 0xea, 0xa5, 0xbc, 0x97, 0x8e, 0x84, 0x9d, 0xb6, 0xaf, 0xe0, 0xf9, 0xd2, 0xcb, 0x4c, 0x55, 0x7e, 0x67, 0x28, 0x31, 0x1a, 0x3, 0x1c, 0x5, 0x2e, 0x37, 0x78, 0x61, 0x4a, 0x53, 0xd4, 0xcd, 0xe6, 0xff, 0xb0, 0xa9, 0x82, 0x9b, 0x91, 0x88, 0xa3, 0xba, 0xf5, 0xec, 0xc7, 0xde, 0x59, 0x40, 0x6b, 0x72, 0x3d, 0x24, 0xf, 0x16, 0x1b, 0x2, 0x29, 0x30, 0x7f, 0x66, 0x4d, 0x54, 0xd3, 0xca, 0xe1, 0xf8, 0xb7, 0xae, 0x85, 0x9c, 0x96, 0x8f, 0xa4, 0xbd, 0xf2, 0xeb, 0xc0, 0xd9, 0x5e, 0x47, 0x6c, 0x75, 0x3a, 0x23, 0x8, 0x11, 0x12, 0xb, 0x20, 0x39, 0x76, 0x6f, 0x44, 0x5d, 0xda, 0xc3, 0xe8, 0xf1, 0xbe, 0xa7, 0x8c, 0x95, 0x9f, 0x86, 0xad, 0xb4, 0xfb, 0xe2, 0xc9, 0xd0, 0x57, 0x4e, 0x65, 0x7c, 0x33, 0x2a, 0x1, 0x18, 0x15, 0xc, 0x27, 0x3e, 0x71, 0x68, 0x43, 0x5a, 0xdd, 0xc4, 0xef, 0xf6, 0xb9, 0xa0, 0x8b, 0x92, 0x98, 0x81, 0xaa, 0xb3, 0xfc, 0xe5, 0xce, 0xd7, 0x50, 0x49, 0x62, 0x7b, 0x34, 0x2d, 0x6, 0x1f},
+ {0x0, 0x1a, 0x34, 0x2e, 0x68, 0x72, 0x5c, 0x46, 0xd0, 0xca, 0xe4, 0xfe, 0xb8, 0xa2, 0x8c, 0x96, 0xbd, 0xa7, 0x89, 0x93, 0xd5, 0xcf, 0xe1, 0xfb, 0x6d, 0x77, 0x59, 0x43, 0x5, 0x1f, 0x31, 0x2b, 0x67, 0x7d, 0x53, 0x49, 0xf, 0x15, 0x3b, 0x21, 0xb7, 0xad, 0x83, 0x99, 0xdf, 0xc5, 0xeb, 0xf1, 0xda, 0xc0, 0xee, 0xf4, 0xb2, 0xa8, 0x86, 0x9c, 0xa, 0x10, 0x3e, 0x24, 0x62, 0x78, 0x56, 0x4c, 0xce, 0xd4, 0xfa, 0xe0, 0xa6, 0xbc, 0x92, 0x88, 0x1e, 0x4, 0x2a, 0x30, 0x76, 0x6c, 0x42, 0x58, 0x73, 0x69, 0x47, 0x5d, 0x1b, 0x1, 0x2f, 0x35, 0xa3, 0xb9, 0x97, 0x8d, 0xcb, 0xd1, 0xff, 0xe5, 0xa9, 0xb3, 0x9d, 0x87, 0xc1, 0xdb, 0xf5, 0xef, 0x79, 0x63, 0x4d, 0x57, 0x11, 0xb, 0x25, 0x3f, 0x14, 0xe, 0x20, 0x3a, 0x7c, 0x66, 0x48, 0x52, 0xc4, 0xde, 0xf0, 0xea, 0xac, 0xb6, 0x98, 0x82, 0x81, 0x9b, 0xb5, 0xaf, 0xe9, 0xf3, 0xdd, 0xc7, 0x51, 0x4b, 0x65, 0x7f, 0x39, 0x23, 0xd, 0x17, 0x3c, 0x26, 0x8, 0x12, 0x54, 0x4e, 0x60, 0x7a, 0xec, 0xf6, 0xd8, 0xc2, 0x84, 0x9e, 0xb0, 0xaa, 0xe6, 0xfc, 0xd2, 0xc8, 0x8e, 0x94, 0xba, 0xa0, 0x36, 0x2c, 0x2, 0x18, 0x5e, 0x44, 0x6a, 0x70, 0x5b, 0x41, 0x6f, 0x75, 0x33, 0x29, 0x7, 0x1d, 0x8b, 0x91, 0xbf, 0xa5, 0xe3, 0xf9, 0xd7, 0xcd, 0x4f, 0x55, 0x7b, 0x61, 0x27, 0x3d, 0x13, 0x9, 0x9f, 0x85, 0xab, 0xb1, 0xf7, 0xed, 0xc3, 0xd9, 0xf2, 0xe8, 0xc6, 0xdc, 0x9a, 0x80, 0xae, 0xb4, 0x22, 0x38, 0x16, 0xc, 0x4a, 0x50, 0x7e, 0x64, 0x28, 0x32, 0x1c, 0x6, 0x40, 0x5a, 0x74, 0x6e, 0xf8, 0xe2, 0xcc, 0xd6, 0x90, 0x8a, 0xa4, 0xbe, 0x95, 0x8f, 0xa1, 0xbb, 0xfd, 0xe7, 0xc9, 0xd3, 0x45, 0x5f, 0x71, 0x6b, 0x2d, 0x37, 0x19, 0x3},
+ {0x0, 0x1b, 0x36, 0x2d, 0x6c, 0x77, 0x5a, 0x41, 0xd8, 0xc3, 0xee, 0xf5, 0xb4, 0xaf, 0x82, 0x99, 0xad, 0xb6, 0x9b, 0x80, 0xc1, 0xda, 0xf7, 0xec, 0x75, 0x6e, 0x43, 0x58, 0x19, 0x2, 0x2f, 0x34, 0x47, 0x5c, 0x71, 0x6a, 0x2b, 0x30, 0x1d, 0x6, 0x9f, 0x84, 0xa9, 0xb2, 0xf3, 0xe8, 0xc5, 0xde, 0xea, 0xf1, 0xdc, 0xc7, 0x86, 0x9d, 0xb0, 0xab, 0x32, 0x29, 0x4, 0x1f, 0x5e, 0x45, 0x68, 0x73, 0x8e, 0x95, 0xb8, 0xa3, 0xe2, 0xf9, 0xd4, 0xcf, 0x56, 0x4d, 0x60, 0x7b, 0x3a, 0x21, 0xc, 0x17, 0x23, 0x38, 0x15, 0xe, 0x4f, 0x54, 0x79, 0x62, 0xfb, 0xe0, 0xcd, 0xd6, 0x97, 0x8c, 0xa1, 0xba, 0xc9, 0xd2, 0xff, 0xe4, 0xa5, 0xbe, 0x93, 0x88, 0x11, 0xa, 0x27, 0x3c, 0x7d, 0x66, 0x4b, 0x50, 0x64, 0x7f, 0x52, 0x49, 0x8, 0x13, 0x3e, 0x25, 0xbc, 0xa7, 0x8a, 0x91, 0xd0, 0xcb, 0xe6, 0xfd, 0x1, 0x1a, 0x37, 0x2c, 0x6d, 0x76, 0x5b, 0x40, 0xd9, 0xc2, 0xef, 0xf4, 0xb5, 0xae, 0x83, 0x98, 0xac, 0xb7, 0x9a, 0x81, 0xc0, 0xdb, 0xf6, 0xed, 0x74, 0x6f, 0x42, 0x59, 0x18, 0x3, 0x2e, 0x35, 0x46, 0x5d, 0x70, 0x6b, 0x2a, 0x31, 0x1c, 0x7, 0x9e, 0x85, 0xa8, 0xb3, 0xf2, 0xe9, 0xc4, 0xdf, 0xeb, 0xf0, 0xdd, 0xc6, 0x87, 0x9c, 0xb1, 0xaa, 0x33, 0x28, 0x5, 0x1e, 0x5f, 0x44, 0x69, 0x72, 0x8f, 0x94, 0xb9, 0xa2, 0xe3, 0xf8, 0xd5, 0xce, 0x57, 0x4c, 0x61, 0x7a, 0x3b, 0x20, 0xd, 0x16, 0x22, 0x39, 0x14, 0xf, 0x4e, 0x55, 0x78, 0x63, 0xfa, 0xe1, 0xcc, 0xd7, 0x96, 0x8d, 0xa0, 0xbb, 0xc8, 0xd3, 0xfe, 0xe5, 0xa4, 0xbf, 0x92, 0x89, 0x10, 0xb, 0x26, 0x3d, 0x7c, 0x67, 0x4a, 0x51, 0x65, 0x7e, 0x53, 0x48, 0x9, 0x12, 0x3f, 0x24, 0xbd, 0xa6, 0x8b, 0x90, 0xd1, 0xca, 0xe7, 0xfc},
+ {0x0, 0x1c, 0x38, 0x24, 0x70, 0x6c, 0x48, 0x54, 0xe0, 0xfc, 0xd8, 0xc4, 0x90, 0x8c, 0xa8, 0xb4, 0xdd, 0xc1, 0xe5, 0xf9, 0xad, 0xb1, 0x95, 0x89, 0x3d, 0x21, 0x5, 0x19, 0x4d, 0x51, 0x75, 0x69, 0xa7, 0xbb, 0x9f, 0x83, 0xd7, 0xcb, 0xef, 0xf3, 0x47, 0x5b, 0x7f, 0x63, 0x37, 0x2b, 0xf, 0x13, 0x7a, 0x66, 0x42, 0x5e, 0xa, 0x16, 0x32, 0x2e, 0x9a, 0x86, 0xa2, 0xbe, 0xea, 0xf6, 0xd2, 0xce, 0x53, 0x4f, 0x6b, 0x77, 0x23, 0x3f, 0x1b, 0x7, 0xb3, 0xaf, 0x8b, 0x97, 0xc3, 0xdf, 0xfb, 0xe7, 0x8e, 0x92, 0xb6, 0xaa, 0xfe, 0xe2, 0xc6, 0xda, 0x6e, 0x72, 0x56, 0x4a, 0x1e, 0x2, 0x26, 0x3a, 0xf4, 0xe8, 0xcc, 0xd0, 0x84, 0x98, 0xbc, 0xa0, 0x14, 0x8, 0x2c, 0x30, 0x64, 0x78, 0x5c, 0x40, 0x29, 0x35, 0x11, 0xd, 0x59, 0x45, 0x61, 0x7d, 0xc9, 0xd5, 0xf1, 0xed, 0xb9, 0xa5, 0x81, 0x9d, 0xa6, 0xba, 0x9e, 0x82, 0xd6, 0xca, 0xee, 0xf2, 0x46, 0x5a, 0x7e, 0x62, 0x36, 0x2a, 0xe, 0x12, 0x7b, 0x67, 0x43, 0x5f, 0xb, 0x17, 0x33, 0x2f, 0x9b, 0x87, 0xa3, 0xbf, 0xeb, 0xf7, 0xd3, 0xcf, 0x1, 0x1d, 0x39, 0x25, 0x71, 0x6d, 0x49, 0x55, 0xe1, 0xfd, 0xd9, 0xc5, 0x91, 0x8d, 0xa9, 0xb5, 0xdc, 0xc0, 0xe4, 0xf8, 0xac, 0xb0, 0x94, 0x88, 0x3c, 0x20, 0x4, 0x18, 0x4c, 0x50, 0x74, 0x68, 0xf5, 0xe9, 0xcd, 0xd1, 0x85, 0x99, 0xbd, 0xa1, 0x15, 0x9, 0x2d, 0x31, 0x65, 0x79, 0x5d, 0x41, 0x28, 0x34, 0x10, 0xc, 0x58, 0x44, 0x60, 0x7c, 0xc8, 0xd4, 0xf0, 0xec, 0xb8, 0xa4, 0x80, 0x9c, 0x52, 0x4e, 0x6a, 0x76, 0x22, 0x3e, 0x1a, 0x6, 0xb2, 0xae, 0x8a, 0x96, 0xc2, 0xde, 0xfa, 0xe6, 0x8f, 0x93, 0xb7, 0xab, 0xff, 0xe3, 0xc7, 0xdb, 0x6f, 0x73, 0x57, 0x4b, 0x1f, 0x3, 0x27, 0x3b},
+ {0x0, 0x1d, 0x3a, 0x27, 0x74, 0x69, 0x4e, 0x53, 0xe8, 0xf5, 0xd2, 0xcf, 0x9c, 0x81, 0xa6, 0xbb, 0xcd, 0xd0, 0xf7, 0xea, 0xb9, 0xa4, 0x83, 0x9e, 0x25, 0x38, 0x1f, 0x2, 0x51, 0x4c, 0x6b, 0x76, 0x87, 0x9a, 0xbd, 0xa0, 0xf3, 0xee, 0xc9, 0xd4, 0x6f, 0x72, 0x55, 0x48, 0x1b, 0x6, 0x21, 0x3c, 0x4a, 0x57, 0x70, 0x6d, 0x3e, 0x23, 0x4, 0x19, 0xa2, 0xbf, 0x98, 0x85, 0xd6, 0xcb, 0xec, 0xf1, 0x13, 0xe, 0x29, 0x34, 0x67, 0x7a, 0x5d, 0x40, 0xfb, 0xe6, 0xc1, 0xdc, 0x8f, 0x92, 0xb5, 0xa8, 0xde, 0xc3, 0xe4, 0xf9, 0xaa, 0xb7, 0x90, 0x8d, 0x36, 0x2b, 0xc, 0x11, 0x42, 0x5f, 0x78, 0x65, 0x94, 0x89, 0xae, 0xb3, 0xe0, 0xfd, 0xda, 0xc7, 0x7c, 0x61, 0x46, 0x5b, 0x8, 0x15, 0x32, 0x2f, 0x59, 0x44, 0x63, 0x7e, 0x2d, 0x30, 0x17, 0xa, 0xb1, 0xac, 0x8b, 0x96, 0xc5, 0xd8, 0xff, 0xe2, 0x26, 0x3b, 0x1c, 0x1, 0x52, 0x4f, 0x68, 0x75, 0xce, 0xd3, 0xf4, 0xe9, 0xba, 0xa7, 0x80, 0x9d, 0xeb, 0xf6, 0xd1, 0xcc, 0x9f, 0x82, 0xa5, 0xb8, 0x3, 0x1e, 0x39, 0x24, 0x77, 0x6a, 0x4d, 0x50, 0xa1, 0xbc, 0x9b, 0x86, 0xd5, 0xc8, 0xef, 0xf2, 0x49, 0x54, 0x73, 0x6e, 0x3d, 0x20, 0x7, 0x1a, 0x6c, 0x71, 0x56, 0x4b, 0x18, 0x5, 0x22, 0x3f, 0x84, 0x99, 0xbe, 0xa3, 0xf0, 0xed, 0xca, 0xd7, 0x35, 0x28, 0xf, 0x12, 0x41, 0x5c, 0x7b, 0x66, 0xdd, 0xc0, 0xe7, 0xfa, 0xa9, 0xb4, 0x93, 0x8e, 0xf8, 0xe5, 0xc2, 0xdf, 0x8c, 0x91, 0xb6, 0xab, 0x10, 0xd, 0x2a, 0x37, 0x64, 0x79, 0x5e, 0x43, 0xb2, 0xaf, 0x88, 0x95, 0xc6, 0xdb, 0xfc, 0xe1, 0x5a, 0x47, 0x60, 0x7d, 0x2e, 0x33, 0x14, 0x9, 0x7f, 0x62, 0x45, 0x58, 0xb, 0x16, 0x31, 0x2c, 0x97, 0x8a, 0xad, 0xb0, 0xe3, 0xfe, 0xd9, 0xc4},
+ {0x0, 0x1e, 0x3c, 0x22, 0x78, 0x66, 0x44, 0x5a, 0xf0, 0xee, 0xcc, 0xd2, 0x88, 0x96, 0xb4, 0xaa, 0xfd, 0xe3, 0xc1, 0xdf, 0x85, 0x9b, 0xb9, 0xa7, 0xd, 0x13, 0x31, 0x2f, 0x75, 0x6b, 0x49, 0x57, 0xe7, 0xf9, 0xdb, 0xc5, 0x9f, 0x81, 0xa3, 0xbd, 0x17, 0x9, 0x2b, 0x35, 0x6f, 0x71, 0x53, 0x4d, 0x1a, 0x4, 0x26, 0x38, 0x62, 0x7c, 0x5e, 0x40, 0xea, 0xf4, 0xd6, 0xc8, 0x92, 0x8c, 0xae, 0xb0, 0xd3, 0xcd, 0xef, 0xf1, 0xab, 0xb5, 0x97, 0x89, 0x23, 0x3d, 0x1f, 0x1, 0x5b, 0x45, 0x67, 0x79, 0x2e, 0x30, 0x12, 0xc, 0x56, 0x48, 0x6a, 0x74, 0xde, 0xc0, 0xe2, 0xfc, 0xa6, 0xb8, 0x9a, 0x84, 0x34, 0x2a, 0x8, 0x16, 0x4c, 0x52, 0x70, 0x6e, 0xc4, 0xda, 0xf8, 0xe6, 0xbc, 0xa2, 0x80, 0x9e, 0xc9, 0xd7, 0xf5, 0xeb, 0xb1, 0xaf, 0x8d, 0x93, 0x39, 0x27, 0x5, 0x1b, 0x41, 0x5f, 0x7d, 0x63, 0xbb, 0xa5, 0x87, 0x99, 0xc3, 0xdd, 0xff, 0xe1, 0x4b, 0x55, 0x77, 0x69, 0x33, 0x2d, 0xf, 0x11, 0x46, 0x58, 0x7a, 0x64, 0x3e, 0x20, 0x2, 0x1c, 0xb6, 0xa8, 0x8a, 0x94, 0xce, 0xd0, 0xf2, 0xec, 0x5c, 0x42, 0x60, 0x7e, 0x24, 0x3a, 0x18, 0x6, 0xac, 0xb2, 0x90, 0x8e, 0xd4, 0xca, 0xe8, 0xf6, 0xa1, 0xbf, 0x9d, 0x83, 0xd9, 0xc7, 0xe5, 0xfb, 0x51, 0x4f, 0x6d, 0x73, 0x29, 0x37, 0x15, 0xb, 0x68, 0x76, 0x54, 0x4a, 0x10, 0xe, 0x2c, 0x32, 0x98, 0x86, 0xa4, 0xba, 0xe0, 0xfe, 0xdc, 0xc2, 0x95, 0x8b, 0xa9, 0xb7, 0xed, 0xf3, 0xd1, 0xcf, 0x65, 0x7b, 0x59, 0x47, 0x1d, 0x3, 0x21, 0x3f, 0x8f, 0x91, 0xb3, 0xad, 0xf7, 0xe9, 0xcb, 0xd5, 0x7f, 0x61, 0x43, 0x5d, 0x7, 0x19, 0x3b, 0x25, 0x72, 0x6c, 0x4e, 0x50, 0xa, 0x14, 0x36, 0x28, 0x82, 0x9c, 0xbe, 0xa0, 0xfa, 0xe4, 0xc6, 0xd8},
+ {0x0, 0x1f, 0x3e, 0x21, 0x7c, 0x63, 0x42, 0x5d, 0xf8, 0xe7, 0xc6, 0xd9, 0x84, 0x9b, 0xba, 0xa5, 0xed, 0xf2, 0xd3, 0xcc, 0x91, 0x8e, 0xaf, 0xb0, 0x15, 0xa, 0x2b, 0x34, 0x69, 0x76, 0x57, 0x48, 0xc7, 0xd8, 0xf9, 0xe6, 0xbb, 0xa4, 0x85, 0x9a, 0x3f, 0x20, 0x1, 0x1e, 0x43, 0x5c, 0x7d, 0x62, 0x2a, 0x35, 0x14, 0xb, 0x56, 0x49, 0x68, 0x77, 0xd2, 0xcd, 0xec, 0xf3, 0xae, 0xb1, 0x90, 0x8f, 0x93, 0x8c, 0xad, 0xb2, 0xef, 0xf0, 0xd1, 0xce, 0x6b, 0x74, 0x55, 0x4a, 0x17, 0x8, 0x29, 0x36, 0x7e, 0x61, 0x40, 0x5f, 0x2, 0x1d, 0x3c, 0x23, 0x86, 0x99, 0xb8, 0xa7, 0xfa, 0xe5, 0xc4, 0xdb, 0x54, 0x4b, 0x6a, 0x75, 0x28, 0x37, 0x16, 0x9, 0xac, 0xb3, 0x92, 0x8d, 0xd0, 0xcf, 0xee, 0xf1, 0xb9, 0xa6, 0x87, 0x98, 0xc5, 0xda, 0xfb, 0xe4, 0x41, 0x5e, 0x7f, 0x60, 0x3d, 0x22, 0x3, 0x1c, 0x3b, 0x24, 0x5, 0x1a, 0x47, 0x58, 0x79, 0x66, 0xc3, 0xdc, 0xfd, 0xe2, 0xbf, 0xa0, 0x81, 0x9e, 0xd6, 0xc9, 0xe8, 0xf7, 0xaa, 0xb5, 0x94, 0x8b, 0x2e, 0x31, 0x10, 0xf, 0x52, 0x4d, 0x6c, 0x73, 0xfc, 0xe3, 0xc2, 0xdd, 0x80, 0x9f, 0xbe, 0xa1, 0x4, 0x1b, 0x3a, 0x25, 0x78, 0x67, 0x46, 0x59, 0x11, 0xe, 0x2f, 0x30, 0x6d, 0x72, 0x53, 0x4c, 0xe9, 0xf6, 0xd7, 0xc8, 0x95, 0x8a, 0xab, 0xb4, 0xa8, 0xb7, 0x96, 0x89, 0xd4, 0xcb, 0xea, 0xf5, 0x50, 0x4f, 0x6e, 0x71, 0x2c, 0x33, 0x12, 0xd, 0x45, 0x5a, 0x7b, 0x64, 0x39, 0x26, 0x7, 0x18, 0xbd, 0xa2, 0x83, 0x9c, 0xc1, 0xde, 0xff, 0xe0, 0x6f, 0x70, 0x51, 0x4e, 0x13, 0xc, 0x2d, 0x32, 0x97, 0x88, 0xa9, 0xb6, 0xeb, 0xf4, 0xd5, 0xca, 0x82, 0x9d, 0xbc, 0xa3, 0xfe, 0xe1, 0xc0, 0xdf, 0x7a, 0x65, 0x44, 0x5b, 0x6, 0x19, 0x38, 0x27},
+ {0x0, 0x20, 0x40, 0x60, 0x80, 0xa0, 0xc0, 0xe0, 0x1d, 0x3d, 0x5d, 0x7d, 0x9d, 0xbd, 0xdd, 0xfd, 0x3a, 0x1a, 0x7a, 0x5a, 0xba, 0x9a, 0xfa, 0xda, 0x27, 0x7, 0x67, 0x47, 0xa7, 0x87, 0xe7, 0xc7, 0x74, 0x54, 0x34, 0x14, 0xf4, 0xd4, 0xb4, 0x94, 0x69, 0x49, 0x29, 0x9, 0xe9, 0xc9, 0xa9, 0x89, 0x4e, 0x6e, 0xe, 0x2e, 0xce, 0xee, 0x8e, 0xae, 0x53, 0x73, 0x13, 0x33, 0xd3, 0xf3, 0x93, 0xb3, 0xe8, 0xc8, 0xa8, 0x88, 0x68, 0x48, 0x28, 0x8, 0xf5, 0xd5, 0xb5, 0x95, 0x75, 0x55, 0x35, 0x15, 0xd2, 0xf2, 0x92, 0xb2, 0x52, 0x72, 0x12, 0x32, 0xcf, 0xef, 0x8f, 0xaf, 0x4f, 0x6f, 0xf, 0x2f, 0x9c, 0xbc, 0xdc, 0xfc, 0x1c, 0x3c, 0x5c, 0x7c, 0x81, 0xa1, 0xc1, 0xe1, 0x1, 0x21, 0x41, 0x61, 0xa6, 0x86, 0xe6, 0xc6, 0x26, 0x6, 0x66, 0x46, 0xbb, 0x9b, 0xfb, 0xdb, 0x3b, 0x1b, 0x7b, 0x5b, 0xcd, 0xed, 0x8d, 0xad, 0x4d, 0x6d, 0xd, 0x2d, 0xd0, 0xf0, 0x90, 0xb0, 0x50, 0x70, 0x10, 0x30, 0xf7, 0xd7, 0xb7, 0x97, 0x77, 0x57, 0x37, 0x17, 0xea, 0xca, 0xaa, 0x8a, 0x6a, 0x4a, 0x2a, 0xa, 0xb9, 0x99, 0xf9, 0xd9, 0x39, 0x19, 0x79, 0x59, 0xa4, 0x84, 0xe4, 0xc4, 0x24, 0x4, 0x64, 0x44, 0x83, 0xa3, 0xc3, 0xe3, 0x3, 0x23, 0x43, 0x63, 0x9e, 0xbe, 0xde, 0xfe, 0x1e, 0x3e, 0x5e, 0x7e, 0x25, 0x5, 0x65, 0x45, 0xa5, 0x85, 0xe5, 0xc5, 0x38, 0x18, 0x78, 0x58, 0xb8, 0x98, 0xf8, 0xd8, 0x1f, 0x3f, 0x5f, 0x7f, 0x9f, 0xbf, 0xdf, 0xff, 0x2, 0x22, 0x42, 0x62, 0x82, 0xa2, 0xc2, 0xe2, 0x51, 0x71, 0x11, 0x31, 0xd1, 0xf1, 0x91, 0xb1, 0x4c, 0x6c, 0xc, 0x2c, 0xcc, 0xec, 0x8c, 0xac, 0x6b, 0x4b, 0x2b, 0xb, 0xeb, 0xcb, 0xab, 0x8b, 0x76, 0x56, 0x36, 0x16, 0xf6, 0xd6, 0xb6, 0x96},
+ {0x0, 0x21, 0x42, 0x63, 0x84, 0xa5, 0xc6, 0xe7, 0x15, 0x34, 0x57, 0x76, 0x91, 0xb0, 0xd3, 0xf2, 0x2a, 0xb, 0x68, 0x49, 0xae, 0x8f, 0xec, 0xcd, 0x3f, 0x1e, 0x7d, 0x5c, 0xbb, 0x9a, 0xf9, 0xd8, 0x54, 0x75, 0x16, 0x37, 0xd0, 0xf1, 0x92, 0xb3, 0x41, 0x60, 0x3, 0x22, 0xc5, 0xe4, 0x87, 0xa6, 0x7e, 0x5f, 0x3c, 0x1d, 0xfa, 0xdb, 0xb8, 0x99, 0x6b, 0x4a, 0x29, 0x8, 0xef, 0xce, 0xad, 0x8c, 0xa8, 0x89, 0xea, 0xcb, 0x2c, 0xd, 0x6e, 0x4f, 0xbd, 0x9c, 0xff, 0xde, 0x39, 0x18, 0x7b, 0x5a, 0x82, 0xa3, 0xc0, 0xe1, 0x6, 0x27, 0x44, 0x65, 0x97, 0xb6, 0xd5, 0xf4, 0x13, 0x32, 0x51, 0x70, 0xfc, 0xdd, 0xbe, 0x9f, 0x78, 0x59, 0x3a, 0x1b, 0xe9, 0xc8, 0xab, 0x8a, 0x6d, 0x4c, 0x2f, 0xe, 0xd6, 0xf7, 0x94, 0xb5, 0x52, 0x73, 0x10, 0x31, 0xc3, 0xe2, 0x81, 0xa0, 0x47, 0x66, 0x5, 0x24, 0x4d, 0x6c, 0xf, 0x2e, 0xc9, 0xe8, 0x8b, 0xaa, 0x58, 0x79, 0x1a, 0x3b, 0xdc, 0xfd, 0x9e, 0xbf, 0x67, 0x46, 0x25, 0x4, 0xe3, 0xc2, 0xa1, 0x80, 0x72, 0x53, 0x30, 0x11, 0xf6, 0xd7, 0xb4, 0x95, 0x19, 0x38, 0x5b, 0x7a, 0x9d, 0xbc, 0xdf, 0xfe, 0xc, 0x2d, 0x4e, 0x6f, 0x88, 0xa9, 0xca, 0xeb, 0x33, 0x12, 0x71, 0x50, 0xb7, 0x96, 0xf5, 0xd4, 0x26, 0x7, 0x64, 0x45, 0xa2, 0x83, 0xe0, 0xc1, 0xe5, 0xc4, 0xa7, 0x86, 0x61, 0x40, 0x23, 0x2, 0xf0, 0xd1, 0xb2, 0x93, 0x74, 0x55, 0x36, 0x17, 0xcf, 0xee, 0x8d, 0xac, 0x4b, 0x6a, 0x9, 0x28, 0xda, 0xfb, 0x98, 0xb9, 0x5e, 0x7f, 0x1c, 0x3d, 0xb1, 0x90, 0xf3, 0xd2, 0x35, 0x14, 0x77, 0x56, 0xa4, 0x85, 0xe6, 0xc7, 0x20, 0x1, 0x62, 0x43, 0x9b, 0xba, 0xd9, 0xf8, 0x1f, 0x3e, 0x5d, 0x7c, 0x8e, 0xaf, 0xcc, 0xed, 0xa, 0x2b, 0x48, 0x69},
+ {0x0, 0x22, 0x44, 0x66, 0x88, 0xaa, 0xcc, 0xee, 0xd, 0x2f, 0x49, 0x6b, 0x85, 0xa7, 0xc1, 0xe3, 0x1a, 0x38, 0x5e, 0x7c, 0x92, 0xb0, 0xd6, 0xf4, 0x17, 0x35, 0x53, 0x71, 0x9f, 0xbd, 0xdb, 0xf9, 0x34, 0x16, 0x70, 0x52, 0xbc, 0x9e, 0xf8, 0xda, 0x39, 0x1b, 0x7d, 0x5f, 0xb1, 0x93, 0xf5, 0xd7, 0x2e, 0xc, 0x6a, 0x48, 0xa6, 0x84, 0xe2, 0xc0, 0x23, 0x1, 0x67, 0x45, 0xab, 0x89, 0xef, 0xcd, 0x68, 0x4a, 0x2c, 0xe, 0xe0, 0xc2, 0xa4, 0x86, 0x65, 0x47, 0x21, 0x3, 0xed, 0xcf, 0xa9, 0x8b, 0x72, 0x50, 0x36, 0x14, 0xfa, 0xd8, 0xbe, 0x9c, 0x7f, 0x5d, 0x3b, 0x19, 0xf7, 0xd5, 0xb3, 0x91, 0x5c, 0x7e, 0x18, 0x3a, 0xd4, 0xf6, 0x90, 0xb2, 0x51, 0x73, 0x15, 0x37, 0xd9, 0xfb, 0x9d, 0xbf, 0x46, 0x64, 0x2, 0x20, 0xce, 0xec, 0x8a, 0xa8, 0x4b, 0x69, 0xf, 0x2d, 0xc3, 0xe1, 0x87, 0xa5, 0xd0, 0xf2, 0x94, 0xb6, 0x58, 0x7a, 0x1c, 0x3e, 0xdd, 0xff, 0x99, 0xbb, 0x55, 0x77, 0x11, 0x33, 0xca, 0xe8, 0x8e, 0xac, 0x42, 0x60, 0x6, 0x24, 0xc7, 0xe5, 0x83, 0xa1, 0x4f, 0x6d, 0xb, 0x29, 0xe4, 0xc6, 0xa0, 0x82, 0x6c, 0x4e, 0x28, 0xa, 0xe9, 0xcb, 0xad, 0x8f, 0x61, 0x43, 0x25, 0x7, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0xf3, 0xd1, 0xb7, 0x95, 0x7b, 0x59, 0x3f, 0x1d, 0xb8, 0x9a, 0xfc, 0xde, 0x30, 0x12, 0x74, 0x56, 0xb5, 0x97, 0xf1, 0xd3, 0x3d, 0x1f, 0x79, 0x5b, 0xa2, 0x80, 0xe6, 0xc4, 0x2a, 0x8, 0x6e, 0x4c, 0xaf, 0x8d, 0xeb, 0xc9, 0x27, 0x5, 0x63, 0x41, 0x8c, 0xae, 0xc8, 0xea, 0x4, 0x26, 0x40, 0x62, 0x81, 0xa3, 0xc5, 0xe7, 0x9, 0x2b, 0x4d, 0x6f, 0x96, 0xb4, 0xd2, 0xf0, 0x1e, 0x3c, 0x5a, 0x78, 0x9b, 0xb9, 0xdf, 0xfd, 0x13, 0x31, 0x57, 0x75},
+ {0x0, 0x23, 0x46, 0x65, 0x8c, 0xaf, 0xca, 0xe9, 0x5, 0x26, 0x43, 0x60, 0x89, 0xaa, 0xcf, 0xec, 0xa, 0x29, 0x4c, 0x6f, 0x86, 0xa5, 0xc0, 0xe3, 0xf, 0x2c, 0x49, 0x6a, 0x83, 0xa0, 0xc5, 0xe6, 0x14, 0x37, 0x52, 0x71, 0x98, 0xbb, 0xde, 0xfd, 0x11, 0x32, 0x57, 0x74, 0x9d, 0xbe, 0xdb, 0xf8, 0x1e, 0x3d, 0x58, 0x7b, 0x92, 0xb1, 0xd4, 0xf7, 0x1b, 0x38, 0x5d, 0x7e, 0x97, 0xb4, 0xd1, 0xf2, 0x28, 0xb, 0x6e, 0x4d, 0xa4, 0x87, 0xe2, 0xc1, 0x2d, 0xe, 0x6b, 0x48, 0xa1, 0x82, 0xe7, 0xc4, 0x22, 0x1, 0x64, 0x47, 0xae, 0x8d, 0xe8, 0xcb, 0x27, 0x4, 0x61, 0x42, 0xab, 0x88, 0xed, 0xce, 0x3c, 0x1f, 0x7a, 0x59, 0xb0, 0x93, 0xf6, 0xd5, 0x39, 0x1a, 0x7f, 0x5c, 0xb5, 0x96, 0xf3, 0xd0, 0x36, 0x15, 0x70, 0x53, 0xba, 0x99, 0xfc, 0xdf, 0x33, 0x10, 0x75, 0x56, 0xbf, 0x9c, 0xf9, 0xda, 0x50, 0x73, 0x16, 0x35, 0xdc, 0xff, 0x9a, 0xb9, 0x55, 0x76, 0x13, 0x30, 0xd9, 0xfa, 0x9f, 0xbc, 0x5a, 0x79, 0x1c, 0x3f, 0xd6, 0xf5, 0x90, 0xb3, 0x5f, 0x7c, 0x19, 0x3a, 0xd3, 0xf0, 0x95, 0xb6, 0x44, 0x67, 0x2, 0x21, 0xc8, 0xeb, 0x8e, 0xad, 0x41, 0x62, 0x7, 0x24, 0xcd, 0xee, 0x8b, 0xa8, 0x4e, 0x6d, 0x8, 0x2b, 0xc2, 0xe1, 0x84, 0xa7, 0x4b, 0x68, 0xd, 0x2e, 0xc7, 0xe4, 0x81, 0xa2, 0x78, 0x5b, 0x3e, 0x1d, 0xf4, 0xd7, 0xb2, 0x91, 0x7d, 0x5e, 0x3b, 0x18, 0xf1, 0xd2, 0xb7, 0x94, 0x72, 0x51, 0x34, 0x17, 0xfe, 0xdd, 0xb8, 0x9b, 0x77, 0x54, 0x31, 0x12, 0xfb, 0xd8, 0xbd, 0x9e, 0x6c, 0x4f, 0x2a, 0x9, 0xe0, 0xc3, 0xa6, 0x85, 0x69, 0x4a, 0x2f, 0xc, 0xe5, 0xc6, 0xa3, 0x80, 0x66, 0x45, 0x20, 0x3, 0xea, 0xc9, 0xac, 0x8f, 0x63, 0x40, 0x25, 0x6, 0xef, 0xcc, 0xa9, 0x8a},
+ {0x0, 0x24, 0x48, 0x6c, 0x90, 0xb4, 0xd8, 0xfc, 0x3d, 0x19, 0x75, 0x51, 0xad, 0x89, 0xe5, 0xc1, 0x7a, 0x5e, 0x32, 0x16, 0xea, 0xce, 0xa2, 0x86, 0x47, 0x63, 0xf, 0x2b, 0xd7, 0xf3, 0x9f, 0xbb, 0xf4, 0xd0, 0xbc, 0x98, 0x64, 0x40, 0x2c, 0x8, 0xc9, 0xed, 0x81, 0xa5, 0x59, 0x7d, 0x11, 0x35, 0x8e, 0xaa, 0xc6, 0xe2, 0x1e, 0x3a, 0x56, 0x72, 0xb3, 0x97, 0xfb, 0xdf, 0x23, 0x7, 0x6b, 0x4f, 0xf5, 0xd1, 0xbd, 0x99, 0x65, 0x41, 0x2d, 0x9, 0xc8, 0xec, 0x80, 0xa4, 0x58, 0x7c, 0x10, 0x34, 0x8f, 0xab, 0xc7, 0xe3, 0x1f, 0x3b, 0x57, 0x73, 0xb2, 0x96, 0xfa, 0xde, 0x22, 0x6, 0x6a, 0x4e, 0x1, 0x25, 0x49, 0x6d, 0x91, 0xb5, 0xd9, 0xfd, 0x3c, 0x18, 0x74, 0x50, 0xac, 0x88, 0xe4, 0xc0, 0x7b, 0x5f, 0x33, 0x17, 0xeb, 0xcf, 0xa3, 0x87, 0x46, 0x62, 0xe, 0x2a, 0xd6, 0xf2, 0x9e, 0xba, 0xf7, 0xd3, 0xbf, 0x9b, 0x67, 0x43, 0x2f, 0xb, 0xca, 0xee, 0x82, 0xa6, 0x5a, 0x7e, 0x12, 0x36, 0x8d, 0xa9, 0xc5, 0xe1, 0x1d, 0x39, 0x55, 0x71, 0xb0, 0x94, 0xf8, 0xdc, 0x20, 0x4, 0x68, 0x4c, 0x3, 0x27, 0x4b, 0x6f, 0x93, 0xb7, 0xdb, 0xff, 0x3e, 0x1a, 0x76, 0x52, 0xae, 0x8a, 0xe6, 0xc2, 0x79, 0x5d, 0x31, 0x15, 0xe9, 0xcd, 0xa1, 0x85, 0x44, 0x60, 0xc, 0x28, 0xd4, 0xf0, 0x9c, 0xb8, 0x2, 0x26, 0x4a, 0x6e, 0x92, 0xb6, 0xda, 0xfe, 0x3f, 0x1b, 0x77, 0x53, 0xaf, 0x8b, 0xe7, 0xc3, 0x78, 0x5c, 0x30, 0x14, 0xe8, 0xcc, 0xa0, 0x84, 0x45, 0x61, 0xd, 0x29, 0xd5, 0xf1, 0x9d, 0xb9, 0xf6, 0xd2, 0xbe, 0x9a, 0x66, 0x42, 0x2e, 0xa, 0xcb, 0xef, 0x83, 0xa7, 0x5b, 0x7f, 0x13, 0x37, 0x8c, 0xa8, 0xc4, 0xe0, 0x1c, 0x38, 0x54, 0x70, 0xb1, 0x95, 0xf9, 0xdd, 0x21, 0x5, 0x69, 0x4d},
+ {0x0, 0x25, 0x4a, 0x6f, 0x94, 0xb1, 0xde, 0xfb, 0x35, 0x10, 0x7f, 0x5a, 0xa1, 0x84, 0xeb, 0xce, 0x6a, 0x4f, 0x20, 0x5, 0xfe, 0xdb, 0xb4, 0x91, 0x5f, 0x7a, 0x15, 0x30, 0xcb, 0xee, 0x81, 0xa4, 0xd4, 0xf1, 0x9e, 0xbb, 0x40, 0x65, 0xa, 0x2f, 0xe1, 0xc4, 0xab, 0x8e, 0x75, 0x50, 0x3f, 0x1a, 0xbe, 0x9b, 0xf4, 0xd1, 0x2a, 0xf, 0x60, 0x45, 0x8b, 0xae, 0xc1, 0xe4, 0x1f, 0x3a, 0x55, 0x70, 0xb5, 0x90, 0xff, 0xda, 0x21, 0x4, 0x6b, 0x4e, 0x80, 0xa5, 0xca, 0xef, 0x14, 0x31, 0x5e, 0x7b, 0xdf, 0xfa, 0x95, 0xb0, 0x4b, 0x6e, 0x1, 0x24, 0xea, 0xcf, 0xa0, 0x85, 0x7e, 0x5b, 0x34, 0x11, 0x61, 0x44, 0x2b, 0xe, 0xf5, 0xd0, 0xbf, 0x9a, 0x54, 0x71, 0x1e, 0x3b, 0xc0, 0xe5, 0x8a, 0xaf, 0xb, 0x2e, 0x41, 0x64, 0x9f, 0xba, 0xd5, 0xf0, 0x3e, 0x1b, 0x74, 0x51, 0xaa, 0x8f, 0xe0, 0xc5, 0x77, 0x52, 0x3d, 0x18, 0xe3, 0xc6, 0xa9, 0x8c, 0x42, 0x67, 0x8, 0x2d, 0xd6, 0xf3, 0x9c, 0xb9, 0x1d, 0x38, 0x57, 0x72, 0x89, 0xac, 0xc3, 0xe6, 0x28, 0xd, 0x62, 0x47, 0xbc, 0x99, 0xf6, 0xd3, 0xa3, 0x86, 0xe9, 0xcc, 0x37, 0x12, 0x7d, 0x58, 0x96, 0xb3, 0xdc, 0xf9, 0x2, 0x27, 0x48, 0x6d, 0xc9, 0xec, 0x83, 0xa6, 0x5d, 0x78, 0x17, 0x32, 0xfc, 0xd9, 0xb6, 0x93, 0x68, 0x4d, 0x22, 0x7, 0xc2, 0xe7, 0x88, 0xad, 0x56, 0x73, 0x1c, 0x39, 0xf7, 0xd2, 0xbd, 0x98, 0x63, 0x46, 0x29, 0xc, 0xa8, 0x8d, 0xe2, 0xc7, 0x3c, 0x19, 0x76, 0x53, 0x9d, 0xb8, 0xd7, 0xf2, 0x9, 0x2c, 0x43, 0x66, 0x16, 0x33, 0x5c, 0x79, 0x82, 0xa7, 0xc8, 0xed, 0x23, 0x6, 0x69, 0x4c, 0xb7, 0x92, 0xfd, 0xd8, 0x7c, 0x59, 0x36, 0x13, 0xe8, 0xcd, 0xa2, 0x87, 0x49, 0x6c, 0x3, 0x26, 0xdd, 0xf8, 0x97, 0xb2},
+ {0x0, 0x26, 0x4c, 0x6a, 0x98, 0xbe, 0xd4, 0xf2, 0x2d, 0xb, 0x61, 0x47, 0xb5, 0x93, 0xf9, 0xdf, 0x5a, 0x7c, 0x16, 0x30, 0xc2, 0xe4, 0x8e, 0xa8, 0x77, 0x51, 0x3b, 0x1d, 0xef, 0xc9, 0xa3, 0x85, 0xb4, 0x92, 0xf8, 0xde, 0x2c, 0xa, 0x60, 0x46, 0x99, 0xbf, 0xd5, 0xf3, 0x1, 0x27, 0x4d, 0x6b, 0xee, 0xc8, 0xa2, 0x84, 0x76, 0x50, 0x3a, 0x1c, 0xc3, 0xe5, 0x8f, 0xa9, 0x5b, 0x7d, 0x17, 0x31, 0x75, 0x53, 0x39, 0x1f, 0xed, 0xcb, 0xa1, 0x87, 0x58, 0x7e, 0x14, 0x32, 0xc0, 0xe6, 0x8c, 0xaa, 0x2f, 0x9, 0x63, 0x45, 0xb7, 0x91, 0xfb, 0xdd, 0x2, 0x24, 0x4e, 0x68, 0x9a, 0xbc, 0xd6, 0xf0, 0xc1, 0xe7, 0x8d, 0xab, 0x59, 0x7f, 0x15, 0x33, 0xec, 0xca, 0xa0, 0x86, 0x74, 0x52, 0x38, 0x1e, 0x9b, 0xbd, 0xd7, 0xf1, 0x3, 0x25, 0x4f, 0x69, 0xb6, 0x90, 0xfa, 0xdc, 0x2e, 0x8, 0x62, 0x44, 0xea, 0xcc, 0xa6, 0x80, 0x72, 0x54, 0x3e, 0x18, 0xc7, 0xe1, 0x8b, 0xad, 0x5f, 0x79, 0x13, 0x35, 0xb0, 0x96, 0xfc, 0xda, 0x28, 0xe, 0x64, 0x42, 0x9d, 0xbb, 0xd1, 0xf7, 0x5, 0x23, 0x49, 0x6f, 0x5e, 0x78, 0x12, 0x34, 0xc6, 0xe0, 0x8a, 0xac, 0x73, 0x55, 0x3f, 0x19, 0xeb, 0xcd, 0xa7, 0x81, 0x4, 0x22, 0x48, 0x6e, 0x9c, 0xba, 0xd0, 0xf6, 0x29, 0xf, 0x65, 0x43, 0xb1, 0x97, 0xfd, 0xdb, 0x9f, 0xb9, 0xd3, 0xf5, 0x7, 0x21, 0x4b, 0x6d, 0xb2, 0x94, 0xfe, 0xd8, 0x2a, 0xc, 0x66, 0x40, 0xc5, 0xe3, 0x89, 0xaf, 0x5d, 0x7b, 0x11, 0x37, 0xe8, 0xce, 0xa4, 0x82, 0x70, 0x56, 0x3c, 0x1a, 0x2b, 0xd, 0x67, 0x41, 0xb3, 0x95, 0xff, 0xd9, 0x6, 0x20, 0x4a, 0x6c, 0x9e, 0xb8, 0xd2, 0xf4, 0x71, 0x57, 0x3d, 0x1b, 0xe9, 0xcf, 0xa5, 0x83, 0x5c, 0x7a, 0x10, 0x36, 0xc4, 0xe2, 0x88, 0xae},
+ {0x0, 0x27, 0x4e, 0x69, 0x9c, 0xbb, 0xd2, 0xf5, 0x25, 0x2, 0x6b, 0x4c, 0xb9, 0x9e, 0xf7, 0xd0, 0x4a, 0x6d, 0x4, 0x23, 0xd6, 0xf1, 0x98, 0xbf, 0x6f, 0x48, 0x21, 0x6, 0xf3, 0xd4, 0xbd, 0x9a, 0x94, 0xb3, 0xda, 0xfd, 0x8, 0x2f, 0x46, 0x61, 0xb1, 0x96, 0xff, 0xd8, 0x2d, 0xa, 0x63, 0x44, 0xde, 0xf9, 0x90, 0xb7, 0x42, 0x65, 0xc, 0x2b, 0xfb, 0xdc, 0xb5, 0x92, 0x67, 0x40, 0x29, 0xe, 0x35, 0x12, 0x7b, 0x5c, 0xa9, 0x8e, 0xe7, 0xc0, 0x10, 0x37, 0x5e, 0x79, 0x8c, 0xab, 0xc2, 0xe5, 0x7f, 0x58, 0x31, 0x16, 0xe3, 0xc4, 0xad, 0x8a, 0x5a, 0x7d, 0x14, 0x33, 0xc6, 0xe1, 0x88, 0xaf, 0xa1, 0x86, 0xef, 0xc8, 0x3d, 0x1a, 0x73, 0x54, 0x84, 0xa3, 0xca, 0xed, 0x18, 0x3f, 0x56, 0x71, 0xeb, 0xcc, 0xa5, 0x82, 0x77, 0x50, 0x39, 0x1e, 0xce, 0xe9, 0x80, 0xa7, 0x52, 0x75, 0x1c, 0x3b, 0x6a, 0x4d, 0x24, 0x3, 0xf6, 0xd1, 0xb8, 0x9f, 0x4f, 0x68, 0x1, 0x26, 0xd3, 0xf4, 0x9d, 0xba, 0x20, 0x7, 0x6e, 0x49, 0xbc, 0x9b, 0xf2, 0xd5, 0x5, 0x22, 0x4b, 0x6c, 0x99, 0xbe, 0xd7, 0xf0, 0xfe, 0xd9, 0xb0, 0x97, 0x62, 0x45, 0x2c, 0xb, 0xdb, 0xfc, 0x95, 0xb2, 0x47, 0x60, 0x9, 0x2e, 0xb4, 0x93, 0xfa, 0xdd, 0x28, 0xf, 0x66, 0x41, 0x91, 0xb6, 0xdf, 0xf8, 0xd, 0x2a, 0x43, 0x64, 0x5f, 0x78, 0x11, 0x36, 0xc3, 0xe4, 0x8d, 0xaa, 0x7a, 0x5d, 0x34, 0x13, 0xe6, 0xc1, 0xa8, 0x8f, 0x15, 0x32, 0x5b, 0x7c, 0x89, 0xae, 0xc7, 0xe0, 0x30, 0x17, 0x7e, 0x59, 0xac, 0x8b, 0xe2, 0xc5, 0xcb, 0xec, 0x85, 0xa2, 0x57, 0x70, 0x19, 0x3e, 0xee, 0xc9, 0xa0, 0x87, 0x72, 0x55, 0x3c, 0x1b, 0x81, 0xa6, 0xcf, 0xe8, 0x1d, 0x3a, 0x53, 0x74, 0xa4, 0x83, 0xea, 0xcd, 0x38, 0x1f, 0x76, 0x51},
+ {0x0, 0x28, 0x50, 0x78, 0xa0, 0x88, 0xf0, 0xd8, 0x5d, 0x75, 0xd, 0x25, 0xfd, 0xd5, 0xad, 0x85, 0xba, 0x92, 0xea, 0xc2, 0x1a, 0x32, 0x4a, 0x62, 0xe7, 0xcf, 0xb7, 0x9f, 0x47, 0x6f, 0x17, 0x3f, 0x69, 0x41, 0x39, 0x11, 0xc9, 0xe1, 0x99, 0xb1, 0x34, 0x1c, 0x64, 0x4c, 0x94, 0xbc, 0xc4, 0xec, 0xd3, 0xfb, 0x83, 0xab, 0x73, 0x5b, 0x23, 0xb, 0x8e, 0xa6, 0xde, 0xf6, 0x2e, 0x6, 0x7e, 0x56, 0xd2, 0xfa, 0x82, 0xaa, 0x72, 0x5a, 0x22, 0xa, 0x8f, 0xa7, 0xdf, 0xf7, 0x2f, 0x7, 0x7f, 0x57, 0x68, 0x40, 0x38, 0x10, 0xc8, 0xe0, 0x98, 0xb0, 0x35, 0x1d, 0x65, 0x4d, 0x95, 0xbd, 0xc5, 0xed, 0xbb, 0x93, 0xeb, 0xc3, 0x1b, 0x33, 0x4b, 0x63, 0xe6, 0xce, 0xb6, 0x9e, 0x46, 0x6e, 0x16, 0x3e, 0x1, 0x29, 0x51, 0x79, 0xa1, 0x89, 0xf1, 0xd9, 0x5c, 0x74, 0xc, 0x24, 0xfc, 0xd4, 0xac, 0x84, 0xb9, 0x91, 0xe9, 0xc1, 0x19, 0x31, 0x49, 0x61, 0xe4, 0xcc, 0xb4, 0x9c, 0x44, 0x6c, 0x14, 0x3c, 0x3, 0x2b, 0x53, 0x7b, 0xa3, 0x8b, 0xf3, 0xdb, 0x5e, 0x76, 0xe, 0x26, 0xfe, 0xd6, 0xae, 0x86, 0xd0, 0xf8, 0x80, 0xa8, 0x70, 0x58, 0x20, 0x8, 0x8d, 0xa5, 0xdd, 0xf5, 0x2d, 0x5, 0x7d, 0x55, 0x6a, 0x42, 0x3a, 0x12, 0xca, 0xe2, 0x9a, 0xb2, 0x37, 0x1f, 0x67, 0x4f, 0x97, 0xbf, 0xc7, 0xef, 0x6b, 0x43, 0x3b, 0x13, 0xcb, 0xe3, 0x9b, 0xb3, 0x36, 0x1e, 0x66, 0x4e, 0x96, 0xbe, 0xc6, 0xee, 0xd1, 0xf9, 0x81, 0xa9, 0x71, 0x59, 0x21, 0x9, 0x8c, 0xa4, 0xdc, 0xf4, 0x2c, 0x4, 0x7c, 0x54, 0x2, 0x2a, 0x52, 0x7a, 0xa2, 0x8a, 0xf2, 0xda, 0x5f, 0x77, 0xf, 0x27, 0xff, 0xd7, 0xaf, 0x87, 0xb8, 0x90, 0xe8, 0xc0, 0x18, 0x30, 0x48, 0x60, 0xe5, 0xcd, 0xb5, 0x9d, 0x45, 0x6d, 0x15, 0x3d},
+ {0x0, 0x29, 0x52, 0x7b, 0xa4, 0x8d, 0xf6, 0xdf, 0x55, 0x7c, 0x7, 0x2e, 0xf1, 0xd8, 0xa3, 0x8a, 0xaa, 0x83, 0xf8, 0xd1, 0xe, 0x27, 0x5c, 0x75, 0xff, 0xd6, 0xad, 0x84, 0x5b, 0x72, 0x9, 0x20, 0x49, 0x60, 0x1b, 0x32, 0xed, 0xc4, 0xbf, 0x96, 0x1c, 0x35, 0x4e, 0x67, 0xb8, 0x91, 0xea, 0xc3, 0xe3, 0xca, 0xb1, 0x98, 0x47, 0x6e, 0x15, 0x3c, 0xb6, 0x9f, 0xe4, 0xcd, 0x12, 0x3b, 0x40, 0x69, 0x92, 0xbb, 0xc0, 0xe9, 0x36, 0x1f, 0x64, 0x4d, 0xc7, 0xee, 0x95, 0xbc, 0x63, 0x4a, 0x31, 0x18, 0x38, 0x11, 0x6a, 0x43, 0x9c, 0xb5, 0xce, 0xe7, 0x6d, 0x44, 0x3f, 0x16, 0xc9, 0xe0, 0x9b, 0xb2, 0xdb, 0xf2, 0x89, 0xa0, 0x7f, 0x56, 0x2d, 0x4, 0x8e, 0xa7, 0xdc, 0xf5, 0x2a, 0x3, 0x78, 0x51, 0x71, 0x58, 0x23, 0xa, 0xd5, 0xfc, 0x87, 0xae, 0x24, 0xd, 0x76, 0x5f, 0x80, 0xa9, 0xd2, 0xfb, 0x39, 0x10, 0x6b, 0x42, 0x9d, 0xb4, 0xcf, 0xe6, 0x6c, 0x45, 0x3e, 0x17, 0xc8, 0xe1, 0x9a, 0xb3, 0x93, 0xba, 0xc1, 0xe8, 0x37, 0x1e, 0x65, 0x4c, 0xc6, 0xef, 0x94, 0xbd, 0x62, 0x4b, 0x30, 0x19, 0x70, 0x59, 0x22, 0xb, 0xd4, 0xfd, 0x86, 0xaf, 0x25, 0xc, 0x77, 0x5e, 0x81, 0xa8, 0xd3, 0xfa, 0xda, 0xf3, 0x88, 0xa1, 0x7e, 0x57, 0x2c, 0x5, 0x8f, 0xa6, 0xdd, 0xf4, 0x2b, 0x2, 0x79, 0x50, 0xab, 0x82, 0xf9, 0xd0, 0xf, 0x26, 0x5d, 0x74, 0xfe, 0xd7, 0xac, 0x85, 0x5a, 0x73, 0x8, 0x21, 0x1, 0x28, 0x53, 0x7a, 0xa5, 0x8c, 0xf7, 0xde, 0x54, 0x7d, 0x6, 0x2f, 0xf0, 0xd9, 0xa2, 0x8b, 0xe2, 0xcb, 0xb0, 0x99, 0x46, 0x6f, 0x14, 0x3d, 0xb7, 0x9e, 0xe5, 0xcc, 0x13, 0x3a, 0x41, 0x68, 0x48, 0x61, 0x1a, 0x33, 0xec, 0xc5, 0xbe, 0x97, 0x1d, 0x34, 0x4f, 0x66, 0xb9, 0x90, 0xeb, 0xc2},
+ {0x0, 0x2a, 0x54, 0x7e, 0xa8, 0x82, 0xfc, 0xd6, 0x4d, 0x67, 0x19, 0x33, 0xe5, 0xcf, 0xb1, 0x9b, 0x9a, 0xb0, 0xce, 0xe4, 0x32, 0x18, 0x66, 0x4c, 0xd7, 0xfd, 0x83, 0xa9, 0x7f, 0x55, 0x2b, 0x1, 0x29, 0x3, 0x7d, 0x57, 0x81, 0xab, 0xd5, 0xff, 0x64, 0x4e, 0x30, 0x1a, 0xcc, 0xe6, 0x98, 0xb2, 0xb3, 0x99, 0xe7, 0xcd, 0x1b, 0x31, 0x4f, 0x65, 0xfe, 0xd4, 0xaa, 0x80, 0x56, 0x7c, 0x2, 0x28, 0x52, 0x78, 0x6, 0x2c, 0xfa, 0xd0, 0xae, 0x84, 0x1f, 0x35, 0x4b, 0x61, 0xb7, 0x9d, 0xe3, 0xc9, 0xc8, 0xe2, 0x9c, 0xb6, 0x60, 0x4a, 0x34, 0x1e, 0x85, 0xaf, 0xd1, 0xfb, 0x2d, 0x7, 0x79, 0x53, 0x7b, 0x51, 0x2f, 0x5, 0xd3, 0xf9, 0x87, 0xad, 0x36, 0x1c, 0x62, 0x48, 0x9e, 0xb4, 0xca, 0xe0, 0xe1, 0xcb, 0xb5, 0x9f, 0x49, 0x63, 0x1d, 0x37, 0xac, 0x86, 0xf8, 0xd2, 0x4, 0x2e, 0x50, 0x7a, 0xa4, 0x8e, 0xf0, 0xda, 0xc, 0x26, 0x58, 0x72, 0xe9, 0xc3, 0xbd, 0x97, 0x41, 0x6b, 0x15, 0x3f, 0x3e, 0x14, 0x6a, 0x40, 0x96, 0xbc, 0xc2, 0xe8, 0x73, 0x59, 0x27, 0xd, 0xdb, 0xf1, 0x8f, 0xa5, 0x8d, 0xa7, 0xd9, 0xf3, 0x25, 0xf, 0x71, 0x5b, 0xc0, 0xea, 0x94, 0xbe, 0x68, 0x42, 0x3c, 0x16, 0x17, 0x3d, 0x43, 0x69, 0xbf, 0x95, 0xeb, 0xc1, 0x5a, 0x70, 0xe, 0x24, 0xf2, 0xd8, 0xa6, 0x8c, 0xf6, 0xdc, 0xa2, 0x88, 0x5e, 0x74, 0xa, 0x20, 0xbb, 0x91, 0xef, 0xc5, 0x13, 0x39, 0x47, 0x6d, 0x6c, 0x46, 0x38, 0x12, 0xc4, 0xee, 0x90, 0xba, 0x21, 0xb, 0x75, 0x5f, 0x89, 0xa3, 0xdd, 0xf7, 0xdf, 0xf5, 0x8b, 0xa1, 0x77, 0x5d, 0x23, 0x9, 0x92, 0xb8, 0xc6, 0xec, 0x3a, 0x10, 0x6e, 0x44, 0x45, 0x6f, 0x11, 0x3b, 0xed, 0xc7, 0xb9, 0x93, 0x8, 0x22, 0x5c, 0x76, 0xa0, 0x8a, 0xf4, 0xde},
+ {0x0, 0x2b, 0x56, 0x7d, 0xac, 0x87, 0xfa, 0xd1, 0x45, 0x6e, 0x13, 0x38, 0xe9, 0xc2, 0xbf, 0x94, 0x8a, 0xa1, 0xdc, 0xf7, 0x26, 0xd, 0x70, 0x5b, 0xcf, 0xe4, 0x99, 0xb2, 0x63, 0x48, 0x35, 0x1e, 0x9, 0x22, 0x5f, 0x74, 0xa5, 0x8e, 0xf3, 0xd8, 0x4c, 0x67, 0x1a, 0x31, 0xe0, 0xcb, 0xb6, 0x9d, 0x83, 0xa8, 0xd5, 0xfe, 0x2f, 0x4, 0x79, 0x52, 0xc6, 0xed, 0x90, 0xbb, 0x6a, 0x41, 0x3c, 0x17, 0x12, 0x39, 0x44, 0x6f, 0xbe, 0x95, 0xe8, 0xc3, 0x57, 0x7c, 0x1, 0x2a, 0xfb, 0xd0, 0xad, 0x86, 0x98, 0xb3, 0xce, 0xe5, 0x34, 0x1f, 0x62, 0x49, 0xdd, 0xf6, 0x8b, 0xa0, 0x71, 0x5a, 0x27, 0xc, 0x1b, 0x30, 0x4d, 0x66, 0xb7, 0x9c, 0xe1, 0xca, 0x5e, 0x75, 0x8, 0x23, 0xf2, 0xd9, 0xa4, 0x8f, 0x91, 0xba, 0xc7, 0xec, 0x3d, 0x16, 0x6b, 0x40, 0xd4, 0xff, 0x82, 0xa9, 0x78, 0x53, 0x2e, 0x5, 0x24, 0xf, 0x72, 0x59, 0x88, 0xa3, 0xde, 0xf5, 0x61, 0x4a, 0x37, 0x1c, 0xcd, 0xe6, 0x9b, 0xb0, 0xae, 0x85, 0xf8, 0xd3, 0x2, 0x29, 0x54, 0x7f, 0xeb, 0xc0, 0xbd, 0x96, 0x47, 0x6c, 0x11, 0x3a, 0x2d, 0x6, 0x7b, 0x50, 0x81, 0xaa, 0xd7, 0xfc, 0x68, 0x43, 0x3e, 0x15, 0xc4, 0xef, 0x92, 0xb9, 0xa7, 0x8c, 0xf1, 0xda, 0xb, 0x20, 0x5d, 0x76, 0xe2, 0xc9, 0xb4, 0x9f, 0x4e, 0x65, 0x18, 0x33, 0x36, 0x1d, 0x60, 0x4b, 0x9a, 0xb1, 0xcc, 0xe7, 0x73, 0x58, 0x25, 0xe, 0xdf, 0xf4, 0x89, 0xa2, 0xbc, 0x97, 0xea, 0xc1, 0x10, 0x3b, 0x46, 0x6d, 0xf9, 0xd2, 0xaf, 0x84, 0x55, 0x7e, 0x3, 0x28, 0x3f, 0x14, 0x69, 0x42, 0x93, 0xb8, 0xc5, 0xee, 0x7a, 0x51, 0x2c, 0x7, 0xd6, 0xfd, 0x80, 0xab, 0xb5, 0x9e, 0xe3, 0xc8, 0x19, 0x32, 0x4f, 0x64, 0xf0, 0xdb, 0xa6, 0x8d, 0x5c, 0x77, 0xa, 0x21},
+ {0x0, 0x2c, 0x58, 0x74, 0xb0, 0x9c, 0xe8, 0xc4, 0x7d, 0x51, 0x25, 0x9, 0xcd, 0xe1, 0x95, 0xb9, 0xfa, 0xd6, 0xa2, 0x8e, 0x4a, 0x66, 0x12, 0x3e, 0x87, 0xab, 0xdf, 0xf3, 0x37, 0x1b, 0x6f, 0x43, 0xe9, 0xc5, 0xb1, 0x9d, 0x59, 0x75, 0x1, 0x2d, 0x94, 0xb8, 0xcc, 0xe0, 0x24, 0x8, 0x7c, 0x50, 0x13, 0x3f, 0x4b, 0x67, 0xa3, 0x8f, 0xfb, 0xd7, 0x6e, 0x42, 0x36, 0x1a, 0xde, 0xf2, 0x86, 0xaa, 0xcf, 0xe3, 0x97, 0xbb, 0x7f, 0x53, 0x27, 0xb, 0xb2, 0x9e, 0xea, 0xc6, 0x2, 0x2e, 0x5a, 0x76, 0x35, 0x19, 0x6d, 0x41, 0x85, 0xa9, 0xdd, 0xf1, 0x48, 0x64, 0x10, 0x3c, 0xf8, 0xd4, 0xa0, 0x8c, 0x26, 0xa, 0x7e, 0x52, 0x96, 0xba, 0xce, 0xe2, 0x5b, 0x77, 0x3, 0x2f, 0xeb, 0xc7, 0xb3, 0x9f, 0xdc, 0xf0, 0x84, 0xa8, 0x6c, 0x40, 0x34, 0x18, 0xa1, 0x8d, 0xf9, 0xd5, 0x11, 0x3d, 0x49, 0x65, 0x83, 0xaf, 0xdb, 0xf7, 0x33, 0x1f, 0x6b, 0x47, 0xfe, 0xd2, 0xa6, 0x8a, 0x4e, 0x62, 0x16, 0x3a, 0x79, 0x55, 0x21, 0xd, 0xc9, 0xe5, 0x91, 0xbd, 0x4, 0x28, 0x5c, 0x70, 0xb4, 0x98, 0xec, 0xc0, 0x6a, 0x46, 0x32, 0x1e, 0xda, 0xf6, 0x82, 0xae, 0x17, 0x3b, 0x4f, 0x63, 0xa7, 0x8b, 0xff, 0xd3, 0x90, 0xbc, 0xc8, 0xe4, 0x20, 0xc, 0x78, 0x54, 0xed, 0xc1, 0xb5, 0x99, 0x5d, 0x71, 0x5, 0x29, 0x4c, 0x60, 0x14, 0x38, 0xfc, 0xd0, 0xa4, 0x88, 0x31, 0x1d, 0x69, 0x45, 0x81, 0xad, 0xd9, 0xf5, 0xb6, 0x9a, 0xee, 0xc2, 0x6, 0x2a, 0x5e, 0x72, 0xcb, 0xe7, 0x93, 0xbf, 0x7b, 0x57, 0x23, 0xf, 0xa5, 0x89, 0xfd, 0xd1, 0x15, 0x39, 0x4d, 0x61, 0xd8, 0xf4, 0x80, 0xac, 0x68, 0x44, 0x30, 0x1c, 0x5f, 0x73, 0x7, 0x2b, 0xef, 0xc3, 0xb7, 0x9b, 0x22, 0xe, 0x7a, 0x56, 0x92, 0xbe, 0xca, 0xe6},
+ {0x0, 0x2d, 0x5a, 0x77, 0xb4, 0x99, 0xee, 0xc3, 0x75, 0x58, 0x2f, 0x2, 0xc1, 0xec, 0x9b, 0xb6, 0xea, 0xc7, 0xb0, 0x9d, 0x5e, 0x73, 0x4, 0x29, 0x9f, 0xb2, 0xc5, 0xe8, 0x2b, 0x6, 0x71, 0x5c, 0xc9, 0xe4, 0x93, 0xbe, 0x7d, 0x50, 0x27, 0xa, 0xbc, 0x91, 0xe6, 0xcb, 0x8, 0x25, 0x52, 0x7f, 0x23, 0xe, 0x79, 0x54, 0x97, 0xba, 0xcd, 0xe0, 0x56, 0x7b, 0xc, 0x21, 0xe2, 0xcf, 0xb8, 0x95, 0x8f, 0xa2, 0xd5, 0xf8, 0x3b, 0x16, 0x61, 0x4c, 0xfa, 0xd7, 0xa0, 0x8d, 0x4e, 0x63, 0x14, 0x39, 0x65, 0x48, 0x3f, 0x12, 0xd1, 0xfc, 0x8b, 0xa6, 0x10, 0x3d, 0x4a, 0x67, 0xa4, 0x89, 0xfe, 0xd3, 0x46, 0x6b, 0x1c, 0x31, 0xf2, 0xdf, 0xa8, 0x85, 0x33, 0x1e, 0x69, 0x44, 0x87, 0xaa, 0xdd, 0xf0, 0xac, 0x81, 0xf6, 0xdb, 0x18, 0x35, 0x42, 0x6f, 0xd9, 0xf4, 0x83, 0xae, 0x6d, 0x40, 0x37, 0x1a, 0x3, 0x2e, 0x59, 0x74, 0xb7, 0x9a, 0xed, 0xc0, 0x76, 0x5b, 0x2c, 0x1, 0xc2, 0xef, 0x98, 0xb5, 0xe9, 0xc4, 0xb3, 0x9e, 0x5d, 0x70, 0x7, 0x2a, 0x9c, 0xb1, 0xc6, 0xeb, 0x28, 0x5, 0x72, 0x5f, 0xca, 0xe7, 0x90, 0xbd, 0x7e, 0x53, 0x24, 0x9, 0xbf, 0x92, 0xe5, 0xc8, 0xb, 0x26, 0x51, 0x7c, 0x20, 0xd, 0x7a, 0x57, 0x94, 0xb9, 0xce, 0xe3, 0x55, 0x78, 0xf, 0x22, 0xe1, 0xcc, 0xbb, 0x96, 0x8c, 0xa1, 0xd6, 0xfb, 0x38, 0x15, 0x62, 0x4f, 0xf9, 0xd4, 0xa3, 0x8e, 0x4d, 0x60, 0x17, 0x3a, 0x66, 0x4b, 0x3c, 0x11, 0xd2, 0xff, 0x88, 0xa5, 0x13, 0x3e, 0x49, 0x64, 0xa7, 0x8a, 0xfd, 0xd0, 0x45, 0x68, 0x1f, 0x32, 0xf1, 0xdc, 0xab, 0x86, 0x30, 0x1d, 0x6a, 0x47, 0x84, 0xa9, 0xde, 0xf3, 0xaf, 0x82, 0xf5, 0xd8, 0x1b, 0x36, 0x41, 0x6c, 0xda, 0xf7, 0x80, 0xad, 0x6e, 0x43, 0x34, 0x19},
+ {0x0, 0x2e, 0x5c, 0x72, 0xb8, 0x96, 0xe4, 0xca, 0x6d, 0x43, 0x31, 0x1f, 0xd5, 0xfb, 0x89, 0xa7, 0xda, 0xf4, 0x86, 0xa8, 0x62, 0x4c, 0x3e, 0x10, 0xb7, 0x99, 0xeb, 0xc5, 0xf, 0x21, 0x53, 0x7d, 0xa9, 0x87, 0xf5, 0xdb, 0x11, 0x3f, 0x4d, 0x63, 0xc4, 0xea, 0x98, 0xb6, 0x7c, 0x52, 0x20, 0xe, 0x73, 0x5d, 0x2f, 0x1, 0xcb, 0xe5, 0x97, 0xb9, 0x1e, 0x30, 0x42, 0x6c, 0xa6, 0x88, 0xfa, 0xd4, 0x4f, 0x61, 0x13, 0x3d, 0xf7, 0xd9, 0xab, 0x85, 0x22, 0xc, 0x7e, 0x50, 0x9a, 0xb4, 0xc6, 0xe8, 0x95, 0xbb, 0xc9, 0xe7, 0x2d, 0x3, 0x71, 0x5f, 0xf8, 0xd6, 0xa4, 0x8a, 0x40, 0x6e, 0x1c, 0x32, 0xe6, 0xc8, 0xba, 0x94, 0x5e, 0x70, 0x2, 0x2c, 0x8b, 0xa5, 0xd7, 0xf9, 0x33, 0x1d, 0x6f, 0x41, 0x3c, 0x12, 0x60, 0x4e, 0x84, 0xaa, 0xd8, 0xf6, 0x51, 0x7f, 0xd, 0x23, 0xe9, 0xc7, 0xb5, 0x9b, 0x9e, 0xb0, 0xc2, 0xec, 0x26, 0x8, 0x7a, 0x54, 0xf3, 0xdd, 0xaf, 0x81, 0x4b, 0x65, 0x17, 0x39, 0x44, 0x6a, 0x18, 0x36, 0xfc, 0xd2, 0xa0, 0x8e, 0x29, 0x7, 0x75, 0x5b, 0x91, 0xbf, 0xcd, 0xe3, 0x37, 0x19, 0x6b, 0x45, 0x8f, 0xa1, 0xd3, 0xfd, 0x5a, 0x74, 0x6, 0x28, 0xe2, 0xcc, 0xbe, 0x90, 0xed, 0xc3, 0xb1, 0x9f, 0x55, 0x7b, 0x9, 0x27, 0x80, 0xae, 0xdc, 0xf2, 0x38, 0x16, 0x64, 0x4a, 0xd1, 0xff, 0x8d, 0xa3, 0x69, 0x47, 0x35, 0x1b, 0xbc, 0x92, 0xe0, 0xce, 0x4, 0x2a, 0x58, 0x76, 0xb, 0x25, 0x57, 0x79, 0xb3, 0x9d, 0xef, 0xc1, 0x66, 0x48, 0x3a, 0x14, 0xde, 0xf0, 0x82, 0xac, 0x78, 0x56, 0x24, 0xa, 0xc0, 0xee, 0x9c, 0xb2, 0x15, 0x3b, 0x49, 0x67, 0xad, 0x83, 0xf1, 0xdf, 0xa2, 0x8c, 0xfe, 0xd0, 0x1a, 0x34, 0x46, 0x68, 0xcf, 0xe1, 0x93, 0xbd, 0x77, 0x59, 0x2b, 0x5},
+ {0x0, 0x2f, 0x5e, 0x71, 0xbc, 0x93, 0xe2, 0xcd, 0x65, 0x4a, 0x3b, 0x14, 0xd9, 0xf6, 0x87, 0xa8, 0xca, 0xe5, 0x94, 0xbb, 0x76, 0x59, 0x28, 0x7, 0xaf, 0x80, 0xf1, 0xde, 0x13, 0x3c, 0x4d, 0x62, 0x89, 0xa6, 0xd7, 0xf8, 0x35, 0x1a, 0x6b, 0x44, 0xec, 0xc3, 0xb2, 0x9d, 0x50, 0x7f, 0xe, 0x21, 0x43, 0x6c, 0x1d, 0x32, 0xff, 0xd0, 0xa1, 0x8e, 0x26, 0x9, 0x78, 0x57, 0x9a, 0xb5, 0xc4, 0xeb, 0xf, 0x20, 0x51, 0x7e, 0xb3, 0x9c, 0xed, 0xc2, 0x6a, 0x45, 0x34, 0x1b, 0xd6, 0xf9, 0x88, 0xa7, 0xc5, 0xea, 0x9b, 0xb4, 0x79, 0x56, 0x27, 0x8, 0xa0, 0x8f, 0xfe, 0xd1, 0x1c, 0x33, 0x42, 0x6d, 0x86, 0xa9, 0xd8, 0xf7, 0x3a, 0x15, 0x64, 0x4b, 0xe3, 0xcc, 0xbd, 0x92, 0x5f, 0x70, 0x1, 0x2e, 0x4c, 0x63, 0x12, 0x3d, 0xf0, 0xdf, 0xae, 0x81, 0x29, 0x6, 0x77, 0x58, 0x95, 0xba, 0xcb, 0xe4, 0x1e, 0x31, 0x40, 0x6f, 0xa2, 0x8d, 0xfc, 0xd3, 0x7b, 0x54, 0x25, 0xa, 0xc7, 0xe8, 0x99, 0xb6, 0xd4, 0xfb, 0x8a, 0xa5, 0x68, 0x47, 0x36, 0x19, 0xb1, 0x9e, 0xef, 0xc0, 0xd, 0x22, 0x53, 0x7c, 0x97, 0xb8, 0xc9, 0xe6, 0x2b, 0x4, 0x75, 0x5a, 0xf2, 0xdd, 0xac, 0x83, 0x4e, 0x61, 0x10, 0x3f, 0x5d, 0x72, 0x3, 0x2c, 0xe1, 0xce, 0xbf, 0x90, 0x38, 0x17, 0x66, 0x49, 0x84, 0xab, 0xda, 0xf5, 0x11, 0x3e, 0x4f, 0x60, 0xad, 0x82, 0xf3, 0xdc, 0x74, 0x5b, 0x2a, 0x5, 0xc8, 0xe7, 0x96, 0xb9, 0xdb, 0xf4, 0x85, 0xaa, 0x67, 0x48, 0x39, 0x16, 0xbe, 0x91, 0xe0, 0xcf, 0x2, 0x2d, 0x5c, 0x73, 0x98, 0xb7, 0xc6, 0xe9, 0x24, 0xb, 0x7a, 0x55, 0xfd, 0xd2, 0xa3, 0x8c, 0x41, 0x6e, 0x1f, 0x30, 0x52, 0x7d, 0xc, 0x23, 0xee, 0xc1, 0xb0, 0x9f, 0x37, 0x18, 0x69, 0x46, 0x8b, 0xa4, 0xd5, 0xfa},
+ {0x0, 0x30, 0x60, 0x50, 0xc0, 0xf0, 0xa0, 0x90, 0x9d, 0xad, 0xfd, 0xcd, 0x5d, 0x6d, 0x3d, 0xd, 0x27, 0x17, 0x47, 0x77, 0xe7, 0xd7, 0x87, 0xb7, 0xba, 0x8a, 0xda, 0xea, 0x7a, 0x4a, 0x1a, 0x2a, 0x4e, 0x7e, 0x2e, 0x1e, 0x8e, 0xbe, 0xee, 0xde, 0xd3, 0xe3, 0xb3, 0x83, 0x13, 0x23, 0x73, 0x43, 0x69, 0x59, 0x9, 0x39, 0xa9, 0x99, 0xc9, 0xf9, 0xf4, 0xc4, 0x94, 0xa4, 0x34, 0x4, 0x54, 0x64, 0x9c, 0xac, 0xfc, 0xcc, 0x5c, 0x6c, 0x3c, 0xc, 0x1, 0x31, 0x61, 0x51, 0xc1, 0xf1, 0xa1, 0x91, 0xbb, 0x8b, 0xdb, 0xeb, 0x7b, 0x4b, 0x1b, 0x2b, 0x26, 0x16, 0x46, 0x76, 0xe6, 0xd6, 0x86, 0xb6, 0xd2, 0xe2, 0xb2, 0x82, 0x12, 0x22, 0x72, 0x42, 0x4f, 0x7f, 0x2f, 0x1f, 0x8f, 0xbf, 0xef, 0xdf, 0xf5, 0xc5, 0x95, 0xa5, 0x35, 0x5, 0x55, 0x65, 0x68, 0x58, 0x8, 0x38, 0xa8, 0x98, 0xc8, 0xf8, 0x25, 0x15, 0x45, 0x75, 0xe5, 0xd5, 0x85, 0xb5, 0xb8, 0x88, 0xd8, 0xe8, 0x78, 0x48, 0x18, 0x28, 0x2, 0x32, 0x62, 0x52, 0xc2, 0xf2, 0xa2, 0x92, 0x9f, 0xaf, 0xff, 0xcf, 0x5f, 0x6f, 0x3f, 0xf, 0x6b, 0x5b, 0xb, 0x3b, 0xab, 0x9b, 0xcb, 0xfb, 0xf6, 0xc6, 0x96, 0xa6, 0x36, 0x6, 0x56, 0x66, 0x4c, 0x7c, 0x2c, 0x1c, 0x8c, 0xbc, 0xec, 0xdc, 0xd1, 0xe1, 0xb1, 0x81, 0x11, 0x21, 0x71, 0x41, 0xb9, 0x89, 0xd9, 0xe9, 0x79, 0x49, 0x19, 0x29, 0x24, 0x14, 0x44, 0x74, 0xe4, 0xd4, 0x84, 0xb4, 0x9e, 0xae, 0xfe, 0xce, 0x5e, 0x6e, 0x3e, 0xe, 0x3, 0x33, 0x63, 0x53, 0xc3, 0xf3, 0xa3, 0x93, 0xf7, 0xc7, 0x97, 0xa7, 0x37, 0x7, 0x57, 0x67, 0x6a, 0x5a, 0xa, 0x3a, 0xaa, 0x9a, 0xca, 0xfa, 0xd0, 0xe0, 0xb0, 0x80, 0x10, 0x20, 0x70, 0x40, 0x4d, 0x7d, 0x2d, 0x1d, 0x8d, 0xbd, 0xed, 0xdd},
+ {0x0, 0x31, 0x62, 0x53, 0xc4, 0xf5, 0xa6, 0x97, 0x95, 0xa4, 0xf7, 0xc6, 0x51, 0x60, 0x33, 0x2, 0x37, 0x6, 0x55, 0x64, 0xf3, 0xc2, 0x91, 0xa0, 0xa2, 0x93, 0xc0, 0xf1, 0x66, 0x57, 0x4, 0x35, 0x6e, 0x5f, 0xc, 0x3d, 0xaa, 0x9b, 0xc8, 0xf9, 0xfb, 0xca, 0x99, 0xa8, 0x3f, 0xe, 0x5d, 0x6c, 0x59, 0x68, 0x3b, 0xa, 0x9d, 0xac, 0xff, 0xce, 0xcc, 0xfd, 0xae, 0x9f, 0x8, 0x39, 0x6a, 0x5b, 0xdc, 0xed, 0xbe, 0x8f, 0x18, 0x29, 0x7a, 0x4b, 0x49, 0x78, 0x2b, 0x1a, 0x8d, 0xbc, 0xef, 0xde, 0xeb, 0xda, 0x89, 0xb8, 0x2f, 0x1e, 0x4d, 0x7c, 0x7e, 0x4f, 0x1c, 0x2d, 0xba, 0x8b, 0xd8, 0xe9, 0xb2, 0x83, 0xd0, 0xe1, 0x76, 0x47, 0x14, 0x25, 0x27, 0x16, 0x45, 0x74, 0xe3, 0xd2, 0x81, 0xb0, 0x85, 0xb4, 0xe7, 0xd6, 0x41, 0x70, 0x23, 0x12, 0x10, 0x21, 0x72, 0x43, 0xd4, 0xe5, 0xb6, 0x87, 0xa5, 0x94, 0xc7, 0xf6, 0x61, 0x50, 0x3, 0x32, 0x30, 0x1, 0x52, 0x63, 0xf4, 0xc5, 0x96, 0xa7, 0x92, 0xa3, 0xf0, 0xc1, 0x56, 0x67, 0x34, 0x5, 0x7, 0x36, 0x65, 0x54, 0xc3, 0xf2, 0xa1, 0x90, 0xcb, 0xfa, 0xa9, 0x98, 0xf, 0x3e, 0x6d, 0x5c, 0x5e, 0x6f, 0x3c, 0xd, 0x9a, 0xab, 0xf8, 0xc9, 0xfc, 0xcd, 0x9e, 0xaf, 0x38, 0x9, 0x5a, 0x6b, 0x69, 0x58, 0xb, 0x3a, 0xad, 0x9c, 0xcf, 0xfe, 0x79, 0x48, 0x1b, 0x2a, 0xbd, 0x8c, 0xdf, 0xee, 0xec, 0xdd, 0x8e, 0xbf, 0x28, 0x19, 0x4a, 0x7b, 0x4e, 0x7f, 0x2c, 0x1d, 0x8a, 0xbb, 0xe8, 0xd9, 0xdb, 0xea, 0xb9, 0x88, 0x1f, 0x2e, 0x7d, 0x4c, 0x17, 0x26, 0x75, 0x44, 0xd3, 0xe2, 0xb1, 0x80, 0x82, 0xb3, 0xe0, 0xd1, 0x46, 0x77, 0x24, 0x15, 0x20, 0x11, 0x42, 0x73, 0xe4, 0xd5, 0x86, 0xb7, 0xb5, 0x84, 0xd7, 0xe6, 0x71, 0x40, 0x13, 0x22},
+ {0x0, 0x32, 0x64, 0x56, 0xc8, 0xfa, 0xac, 0x9e, 0x8d, 0xbf, 0xe9, 0xdb, 0x45, 0x77, 0x21, 0x13, 0x7, 0x35, 0x63, 0x51, 0xcf, 0xfd, 0xab, 0x99, 0x8a, 0xb8, 0xee, 0xdc, 0x42, 0x70, 0x26, 0x14, 0xe, 0x3c, 0x6a, 0x58, 0xc6, 0xf4, 0xa2, 0x90, 0x83, 0xb1, 0xe7, 0xd5, 0x4b, 0x79, 0x2f, 0x1d, 0x9, 0x3b, 0x6d, 0x5f, 0xc1, 0xf3, 0xa5, 0x97, 0x84, 0xb6, 0xe0, 0xd2, 0x4c, 0x7e, 0x28, 0x1a, 0x1c, 0x2e, 0x78, 0x4a, 0xd4, 0xe6, 0xb0, 0x82, 0x91, 0xa3, 0xf5, 0xc7, 0x59, 0x6b, 0x3d, 0xf, 0x1b, 0x29, 0x7f, 0x4d, 0xd3, 0xe1, 0xb7, 0x85, 0x96, 0xa4, 0xf2, 0xc0, 0x5e, 0x6c, 0x3a, 0x8, 0x12, 0x20, 0x76, 0x44, 0xda, 0xe8, 0xbe, 0x8c, 0x9f, 0xad, 0xfb, 0xc9, 0x57, 0x65, 0x33, 0x1, 0x15, 0x27, 0x71, 0x43, 0xdd, 0xef, 0xb9, 0x8b, 0x98, 0xaa, 0xfc, 0xce, 0x50, 0x62, 0x34, 0x6, 0x38, 0xa, 0x5c, 0x6e, 0xf0, 0xc2, 0x94, 0xa6, 0xb5, 0x87, 0xd1, 0xe3, 0x7d, 0x4f, 0x19, 0x2b, 0x3f, 0xd, 0x5b, 0x69, 0xf7, 0xc5, 0x93, 0xa1, 0xb2, 0x80, 0xd6, 0xe4, 0x7a, 0x48, 0x1e, 0x2c, 0x36, 0x4, 0x52, 0x60, 0xfe, 0xcc, 0x9a, 0xa8, 0xbb, 0x89, 0xdf, 0xed, 0x73, 0x41, 0x17, 0x25, 0x31, 0x3, 0x55, 0x67, 0xf9, 0xcb, 0x9d, 0xaf, 0xbc, 0x8e, 0xd8, 0xea, 0x74, 0x46, 0x10, 0x22, 0x24, 0x16, 0x40, 0x72, 0xec, 0xde, 0x88, 0xba, 0xa9, 0x9b, 0xcd, 0xff, 0x61, 0x53, 0x5, 0x37, 0x23, 0x11, 0x47, 0x75, 0xeb, 0xd9, 0x8f, 0xbd, 0xae, 0x9c, 0xca, 0xf8, 0x66, 0x54, 0x2, 0x30, 0x2a, 0x18, 0x4e, 0x7c, 0xe2, 0xd0, 0x86, 0xb4, 0xa7, 0x95, 0xc3, 0xf1, 0x6f, 0x5d, 0xb, 0x39, 0x2d, 0x1f, 0x49, 0x7b, 0xe5, 0xd7, 0x81, 0xb3, 0xa0, 0x92, 0xc4, 0xf6, 0x68, 0x5a, 0xc, 0x3e},
+ {0x0, 0x33, 0x66, 0x55, 0xcc, 0xff, 0xaa, 0x99, 0x85, 0xb6, 0xe3, 0xd0, 0x49, 0x7a, 0x2f, 0x1c, 0x17, 0x24, 0x71, 0x42, 0xdb, 0xe8, 0xbd, 0x8e, 0x92, 0xa1, 0xf4, 0xc7, 0x5e, 0x6d, 0x38, 0xb, 0x2e, 0x1d, 0x48, 0x7b, 0xe2, 0xd1, 0x84, 0xb7, 0xab, 0x98, 0xcd, 0xfe, 0x67, 0x54, 0x1, 0x32, 0x39, 0xa, 0x5f, 0x6c, 0xf5, 0xc6, 0x93, 0xa0, 0xbc, 0x8f, 0xda, 0xe9, 0x70, 0x43, 0x16, 0x25, 0x5c, 0x6f, 0x3a, 0x9, 0x90, 0xa3, 0xf6, 0xc5, 0xd9, 0xea, 0xbf, 0x8c, 0x15, 0x26, 0x73, 0x40, 0x4b, 0x78, 0x2d, 0x1e, 0x87, 0xb4, 0xe1, 0xd2, 0xce, 0xfd, 0xa8, 0x9b, 0x2, 0x31, 0x64, 0x57, 0x72, 0x41, 0x14, 0x27, 0xbe, 0x8d, 0xd8, 0xeb, 0xf7, 0xc4, 0x91, 0xa2, 0x3b, 0x8, 0x5d, 0x6e, 0x65, 0x56, 0x3, 0x30, 0xa9, 0x9a, 0xcf, 0xfc, 0xe0, 0xd3, 0x86, 0xb5, 0x2c, 0x1f, 0x4a, 0x79, 0xb8, 0x8b, 0xde, 0xed, 0x74, 0x47, 0x12, 0x21, 0x3d, 0xe, 0x5b, 0x68, 0xf1, 0xc2, 0x97, 0xa4, 0xaf, 0x9c, 0xc9, 0xfa, 0x63, 0x50, 0x5, 0x36, 0x2a, 0x19, 0x4c, 0x7f, 0xe6, 0xd5, 0x80, 0xb3, 0x96, 0xa5, 0xf0, 0xc3, 0x5a, 0x69, 0x3c, 0xf, 0x13, 0x20, 0x75, 0x46, 0xdf, 0xec, 0xb9, 0x8a, 0x81, 0xb2, 0xe7, 0xd4, 0x4d, 0x7e, 0x2b, 0x18, 0x4, 0x37, 0x62, 0x51, 0xc8, 0xfb, 0xae, 0x9d, 0xe4, 0xd7, 0x82, 0xb1, 0x28, 0x1b, 0x4e, 0x7d, 0x61, 0x52, 0x7, 0x34, 0xad, 0x9e, 0xcb, 0xf8, 0xf3, 0xc0, 0x95, 0xa6, 0x3f, 0xc, 0x59, 0x6a, 0x76, 0x45, 0x10, 0x23, 0xba, 0x89, 0xdc, 0xef, 0xca, 0xf9, 0xac, 0x9f, 0x6, 0x35, 0x60, 0x53, 0x4f, 0x7c, 0x29, 0x1a, 0x83, 0xb0, 0xe5, 0xd6, 0xdd, 0xee, 0xbb, 0x88, 0x11, 0x22, 0x77, 0x44, 0x58, 0x6b, 0x3e, 0xd, 0x94, 0xa7, 0xf2, 0xc1},
+ {0x0, 0x34, 0x68, 0x5c, 0xd0, 0xe4, 0xb8, 0x8c, 0xbd, 0x89, 0xd5, 0xe1, 0x6d, 0x59, 0x5, 0x31, 0x67, 0x53, 0xf, 0x3b, 0xb7, 0x83, 0xdf, 0xeb, 0xda, 0xee, 0xb2, 0x86, 0xa, 0x3e, 0x62, 0x56, 0xce, 0xfa, 0xa6, 0x92, 0x1e, 0x2a, 0x76, 0x42, 0x73, 0x47, 0x1b, 0x2f, 0xa3, 0x97, 0xcb, 0xff, 0xa9, 0x9d, 0xc1, 0xf5, 0x79, 0x4d, 0x11, 0x25, 0x14, 0x20, 0x7c, 0x48, 0xc4, 0xf0, 0xac, 0x98, 0x81, 0xb5, 0xe9, 0xdd, 0x51, 0x65, 0x39, 0xd, 0x3c, 0x8, 0x54, 0x60, 0xec, 0xd8, 0x84, 0xb0, 0xe6, 0xd2, 0x8e, 0xba, 0x36, 0x2, 0x5e, 0x6a, 0x5b, 0x6f, 0x33, 0x7, 0x8b, 0xbf, 0xe3, 0xd7, 0x4f, 0x7b, 0x27, 0x13, 0x9f, 0xab, 0xf7, 0xc3, 0xf2, 0xc6, 0x9a, 0xae, 0x22, 0x16, 0x4a, 0x7e, 0x28, 0x1c, 0x40, 0x74, 0xf8, 0xcc, 0x90, 0xa4, 0x95, 0xa1, 0xfd, 0xc9, 0x45, 0x71, 0x2d, 0x19, 0x1f, 0x2b, 0x77, 0x43, 0xcf, 0xfb, 0xa7, 0x93, 0xa2, 0x96, 0xca, 0xfe, 0x72, 0x46, 0x1a, 0x2e, 0x78, 0x4c, 0x10, 0x24, 0xa8, 0x9c, 0xc0, 0xf4, 0xc5, 0xf1, 0xad, 0x99, 0x15, 0x21, 0x7d, 0x49, 0xd1, 0xe5, 0xb9, 0x8d, 0x1, 0x35, 0x69, 0x5d, 0x6c, 0x58, 0x4, 0x30, 0xbc, 0x88, 0xd4, 0xe0, 0xb6, 0x82, 0xde, 0xea, 0x66, 0x52, 0xe, 0x3a, 0xb, 0x3f, 0x63, 0x57, 0xdb, 0xef, 0xb3, 0x87, 0x9e, 0xaa, 0xf6, 0xc2, 0x4e, 0x7a, 0x26, 0x12, 0x23, 0x17, 0x4b, 0x7f, 0xf3, 0xc7, 0x9b, 0xaf, 0xf9, 0xcd, 0x91, 0xa5, 0x29, 0x1d, 0x41, 0x75, 0x44, 0x70, 0x2c, 0x18, 0x94, 0xa0, 0xfc, 0xc8, 0x50, 0x64, 0x38, 0xc, 0x80, 0xb4, 0xe8, 0xdc, 0xed, 0xd9, 0x85, 0xb1, 0x3d, 0x9, 0x55, 0x61, 0x37, 0x3, 0x5f, 0x6b, 0xe7, 0xd3, 0x8f, 0xbb, 0x8a, 0xbe, 0xe2, 0xd6, 0x5a, 0x6e, 0x32, 0x6},
+ {0x0, 0x35, 0x6a, 0x5f, 0xd4, 0xe1, 0xbe, 0x8b, 0xb5, 0x80, 0xdf, 0xea, 0x61, 0x54, 0xb, 0x3e, 0x77, 0x42, 0x1d, 0x28, 0xa3, 0x96, 0xc9, 0xfc, 0xc2, 0xf7, 0xa8, 0x9d, 0x16, 0x23, 0x7c, 0x49, 0xee, 0xdb, 0x84, 0xb1, 0x3a, 0xf, 0x50, 0x65, 0x5b, 0x6e, 0x31, 0x4, 0x8f, 0xba, 0xe5, 0xd0, 0x99, 0xac, 0xf3, 0xc6, 0x4d, 0x78, 0x27, 0x12, 0x2c, 0x19, 0x46, 0x73, 0xf8, 0xcd, 0x92, 0xa7, 0xc1, 0xf4, 0xab, 0x9e, 0x15, 0x20, 0x7f, 0x4a, 0x74, 0x41, 0x1e, 0x2b, 0xa0, 0x95, 0xca, 0xff, 0xb6, 0x83, 0xdc, 0xe9, 0x62, 0x57, 0x8, 0x3d, 0x3, 0x36, 0x69, 0x5c, 0xd7, 0xe2, 0xbd, 0x88, 0x2f, 0x1a, 0x45, 0x70, 0xfb, 0xce, 0x91, 0xa4, 0x9a, 0xaf, 0xf0, 0xc5, 0x4e, 0x7b, 0x24, 0x11, 0x58, 0x6d, 0x32, 0x7, 0x8c, 0xb9, 0xe6, 0xd3, 0xed, 0xd8, 0x87, 0xb2, 0x39, 0xc, 0x53, 0x66, 0x9f, 0xaa, 0xf5, 0xc0, 0x4b, 0x7e, 0x21, 0x14, 0x2a, 0x1f, 0x40, 0x75, 0xfe, 0xcb, 0x94, 0xa1, 0xe8, 0xdd, 0x82, 0xb7, 0x3c, 0x9, 0x56, 0x63, 0x5d, 0x68, 0x37, 0x2, 0x89, 0xbc, 0xe3, 0xd6, 0x71, 0x44, 0x1b, 0x2e, 0xa5, 0x90, 0xcf, 0xfa, 0xc4, 0xf1, 0xae, 0x9b, 0x10, 0x25, 0x7a, 0x4f, 0x6, 0x33, 0x6c, 0x59, 0xd2, 0xe7, 0xb8, 0x8d, 0xb3, 0x86, 0xd9, 0xec, 0x67, 0x52, 0xd, 0x38, 0x5e, 0x6b, 0x34, 0x1, 0x8a, 0xbf, 0xe0, 0xd5, 0xeb, 0xde, 0x81, 0xb4, 0x3f, 0xa, 0x55, 0x60, 0x29, 0x1c, 0x43, 0x76, 0xfd, 0xc8, 0x97, 0xa2, 0x9c, 0xa9, 0xf6, 0xc3, 0x48, 0x7d, 0x22, 0x17, 0xb0, 0x85, 0xda, 0xef, 0x64, 0x51, 0xe, 0x3b, 0x5, 0x30, 0x6f, 0x5a, 0xd1, 0xe4, 0xbb, 0x8e, 0xc7, 0xf2, 0xad, 0x98, 0x13, 0x26, 0x79, 0x4c, 0x72, 0x47, 0x18, 0x2d, 0xa6, 0x93, 0xcc, 0xf9},
+ {0x0, 0x36, 0x6c, 0x5a, 0xd8, 0xee, 0xb4, 0x82, 0xad, 0x9b, 0xc1, 0xf7, 0x75, 0x43, 0x19, 0x2f, 0x47, 0x71, 0x2b, 0x1d, 0x9f, 0xa9, 0xf3, 0xc5, 0xea, 0xdc, 0x86, 0xb0, 0x32, 0x4, 0x5e, 0x68, 0x8e, 0xb8, 0xe2, 0xd4, 0x56, 0x60, 0x3a, 0xc, 0x23, 0x15, 0x4f, 0x79, 0xfb, 0xcd, 0x97, 0xa1, 0xc9, 0xff, 0xa5, 0x93, 0x11, 0x27, 0x7d, 0x4b, 0x64, 0x52, 0x8, 0x3e, 0xbc, 0x8a, 0xd0, 0xe6, 0x1, 0x37, 0x6d, 0x5b, 0xd9, 0xef, 0xb5, 0x83, 0xac, 0x9a, 0xc0, 0xf6, 0x74, 0x42, 0x18, 0x2e, 0x46, 0x70, 0x2a, 0x1c, 0x9e, 0xa8, 0xf2, 0xc4, 0xeb, 0xdd, 0x87, 0xb1, 0x33, 0x5, 0x5f, 0x69, 0x8f, 0xb9, 0xe3, 0xd5, 0x57, 0x61, 0x3b, 0xd, 0x22, 0x14, 0x4e, 0x78, 0xfa, 0xcc, 0x96, 0xa0, 0xc8, 0xfe, 0xa4, 0x92, 0x10, 0x26, 0x7c, 0x4a, 0x65, 0x53, 0x9, 0x3f, 0xbd, 0x8b, 0xd1, 0xe7, 0x2, 0x34, 0x6e, 0x58, 0xda, 0xec, 0xb6, 0x80, 0xaf, 0x99, 0xc3, 0xf5, 0x77, 0x41, 0x1b, 0x2d, 0x45, 0x73, 0x29, 0x1f, 0x9d, 0xab, 0xf1, 0xc7, 0xe8, 0xde, 0x84, 0xb2, 0x30, 0x6, 0x5c, 0x6a, 0x8c, 0xba, 0xe0, 0xd6, 0x54, 0x62, 0x38, 0xe, 0x21, 0x17, 0x4d, 0x7b, 0xf9, 0xcf, 0x95, 0xa3, 0xcb, 0xfd, 0xa7, 0x91, 0x13, 0x25, 0x7f, 0x49, 0x66, 0x50, 0xa, 0x3c, 0xbe, 0x88, 0xd2, 0xe4, 0x3, 0x35, 0x6f, 0x59, 0xdb, 0xed, 0xb7, 0x81, 0xae, 0x98, 0xc2, 0xf4, 0x76, 0x40, 0x1a, 0x2c, 0x44, 0x72, 0x28, 0x1e, 0x9c, 0xaa, 0xf0, 0xc6, 0xe9, 0xdf, 0x85, 0xb3, 0x31, 0x7, 0x5d, 0x6b, 0x8d, 0xbb, 0xe1, 0xd7, 0x55, 0x63, 0x39, 0xf, 0x20, 0x16, 0x4c, 0x7a, 0xf8, 0xce, 0x94, 0xa2, 0xca, 0xfc, 0xa6, 0x90, 0x12, 0x24, 0x7e, 0x48, 0x67, 0x51, 0xb, 0x3d, 0xbf, 0x89, 0xd3, 0xe5},
+ {0x0, 0x37, 0x6e, 0x59, 0xdc, 0xeb, 0xb2, 0x85, 0xa5, 0x92, 0xcb, 0xfc, 0x79, 0x4e, 0x17, 0x20, 0x57, 0x60, 0x39, 0xe, 0x8b, 0xbc, 0xe5, 0xd2, 0xf2, 0xc5, 0x9c, 0xab, 0x2e, 0x19, 0x40, 0x77, 0xae, 0x99, 0xc0, 0xf7, 0x72, 0x45, 0x1c, 0x2b, 0xb, 0x3c, 0x65, 0x52, 0xd7, 0xe0, 0xb9, 0x8e, 0xf9, 0xce, 0x97, 0xa0, 0x25, 0x12, 0x4b, 0x7c, 0x5c, 0x6b, 0x32, 0x5, 0x80, 0xb7, 0xee, 0xd9, 0x41, 0x76, 0x2f, 0x18, 0x9d, 0xaa, 0xf3, 0xc4, 0xe4, 0xd3, 0x8a, 0xbd, 0x38, 0xf, 0x56, 0x61, 0x16, 0x21, 0x78, 0x4f, 0xca, 0xfd, 0xa4, 0x93, 0xb3, 0x84, 0xdd, 0xea, 0x6f, 0x58, 0x1, 0x36, 0xef, 0xd8, 0x81, 0xb6, 0x33, 0x4, 0x5d, 0x6a, 0x4a, 0x7d, 0x24, 0x13, 0x96, 0xa1, 0xf8, 0xcf, 0xb8, 0x8f, 0xd6, 0xe1, 0x64, 0x53, 0xa, 0x3d, 0x1d, 0x2a, 0x73, 0x44, 0xc1, 0xf6, 0xaf, 0x98, 0x82, 0xb5, 0xec, 0xdb, 0x5e, 0x69, 0x30, 0x7, 0x27, 0x10, 0x49, 0x7e, 0xfb, 0xcc, 0x95, 0xa2, 0xd5, 0xe2, 0xbb, 0x8c, 0x9, 0x3e, 0x67, 0x50, 0x70, 0x47, 0x1e, 0x29, 0xac, 0x9b, 0xc2, 0xf5, 0x2c, 0x1b, 0x42, 0x75, 0xf0, 0xc7, 0x9e, 0xa9, 0x89, 0xbe, 0xe7, 0xd0, 0x55, 0x62, 0x3b, 0xc, 0x7b, 0x4c, 0x15, 0x22, 0xa7, 0x90, 0xc9, 0xfe, 0xde, 0xe9, 0xb0, 0x87, 0x2, 0x35, 0x6c, 0x5b, 0xc3, 0xf4, 0xad, 0x9a, 0x1f, 0x28, 0x71, 0x46, 0x66, 0x51, 0x8, 0x3f, 0xba, 0x8d, 0xd4, 0xe3, 0x94, 0xa3, 0xfa, 0xcd, 0x48, 0x7f, 0x26, 0x11, 0x31, 0x6, 0x5f, 0x68, 0xed, 0xda, 0x83, 0xb4, 0x6d, 0x5a, 0x3, 0x34, 0xb1, 0x86, 0xdf, 0xe8, 0xc8, 0xff, 0xa6, 0x91, 0x14, 0x23, 0x7a, 0x4d, 0x3a, 0xd, 0x54, 0x63, 0xe6, 0xd1, 0x88, 0xbf, 0x9f, 0xa8, 0xf1, 0xc6, 0x43, 0x74, 0x2d, 0x1a},
+ {0x0, 0x38, 0x70, 0x48, 0xe0, 0xd8, 0x90, 0xa8, 0xdd, 0xe5, 0xad, 0x95, 0x3d, 0x5, 0x4d, 0x75, 0xa7, 0x9f, 0xd7, 0xef, 0x47, 0x7f, 0x37, 0xf, 0x7a, 0x42, 0xa, 0x32, 0x9a, 0xa2, 0xea, 0xd2, 0x53, 0x6b, 0x23, 0x1b, 0xb3, 0x8b, 0xc3, 0xfb, 0x8e, 0xb6, 0xfe, 0xc6, 0x6e, 0x56, 0x1e, 0x26, 0xf4, 0xcc, 0x84, 0xbc, 0x14, 0x2c, 0x64, 0x5c, 0x29, 0x11, 0x59, 0x61, 0xc9, 0xf1, 0xb9, 0x81, 0xa6, 0x9e, 0xd6, 0xee, 0x46, 0x7e, 0x36, 0xe, 0x7b, 0x43, 0xb, 0x33, 0x9b, 0xa3, 0xeb, 0xd3, 0x1, 0x39, 0x71, 0x49, 0xe1, 0xd9, 0x91, 0xa9, 0xdc, 0xe4, 0xac, 0x94, 0x3c, 0x4, 0x4c, 0x74, 0xf5, 0xcd, 0x85, 0xbd, 0x15, 0x2d, 0x65, 0x5d, 0x28, 0x10, 0x58, 0x60, 0xc8, 0xf0, 0xb8, 0x80, 0x52, 0x6a, 0x22, 0x1a, 0xb2, 0x8a, 0xc2, 0xfa, 0x8f, 0xb7, 0xff, 0xc7, 0x6f, 0x57, 0x1f, 0x27, 0x51, 0x69, 0x21, 0x19, 0xb1, 0x89, 0xc1, 0xf9, 0x8c, 0xb4, 0xfc, 0xc4, 0x6c, 0x54, 0x1c, 0x24, 0xf6, 0xce, 0x86, 0xbe, 0x16, 0x2e, 0x66, 0x5e, 0x2b, 0x13, 0x5b, 0x63, 0xcb, 0xf3, 0xbb, 0x83, 0x2, 0x3a, 0x72, 0x4a, 0xe2, 0xda, 0x92, 0xaa, 0xdf, 0xe7, 0xaf, 0x97, 0x3f, 0x7, 0x4f, 0x77, 0xa5, 0x9d, 0xd5, 0xed, 0x45, 0x7d, 0x35, 0xd, 0x78, 0x40, 0x8, 0x30, 0x98, 0xa0, 0xe8, 0xd0, 0xf7, 0xcf, 0x87, 0xbf, 0x17, 0x2f, 0x67, 0x5f, 0x2a, 0x12, 0x5a, 0x62, 0xca, 0xf2, 0xba, 0x82, 0x50, 0x68, 0x20, 0x18, 0xb0, 0x88, 0xc0, 0xf8, 0x8d, 0xb5, 0xfd, 0xc5, 0x6d, 0x55, 0x1d, 0x25, 0xa4, 0x9c, 0xd4, 0xec, 0x44, 0x7c, 0x34, 0xc, 0x79, 0x41, 0x9, 0x31, 0x99, 0xa1, 0xe9, 0xd1, 0x3, 0x3b, 0x73, 0x4b, 0xe3, 0xdb, 0x93, 0xab, 0xde, 0xe6, 0xae, 0x96, 0x3e, 0x6, 0x4e, 0x76},
+ {0x0, 0x39, 0x72, 0x4b, 0xe4, 0xdd, 0x96, 0xaf, 0xd5, 0xec, 0xa7, 0x9e, 0x31, 0x8, 0x43, 0x7a, 0xb7, 0x8e, 0xc5, 0xfc, 0x53, 0x6a, 0x21, 0x18, 0x62, 0x5b, 0x10, 0x29, 0x86, 0xbf, 0xf4, 0xcd, 0x73, 0x4a, 0x1, 0x38, 0x97, 0xae, 0xe5, 0xdc, 0xa6, 0x9f, 0xd4, 0xed, 0x42, 0x7b, 0x30, 0x9, 0xc4, 0xfd, 0xb6, 0x8f, 0x20, 0x19, 0x52, 0x6b, 0x11, 0x28, 0x63, 0x5a, 0xf5, 0xcc, 0x87, 0xbe, 0xe6, 0xdf, 0x94, 0xad, 0x2, 0x3b, 0x70, 0x49, 0x33, 0xa, 0x41, 0x78, 0xd7, 0xee, 0xa5, 0x9c, 0x51, 0x68, 0x23, 0x1a, 0xb5, 0x8c, 0xc7, 0xfe, 0x84, 0xbd, 0xf6, 0xcf, 0x60, 0x59, 0x12, 0x2b, 0x95, 0xac, 0xe7, 0xde, 0x71, 0x48, 0x3, 0x3a, 0x40, 0x79, 0x32, 0xb, 0xa4, 0x9d, 0xd6, 0xef, 0x22, 0x1b, 0x50, 0x69, 0xc6, 0xff, 0xb4, 0x8d, 0xf7, 0xce, 0x85, 0xbc, 0x13, 0x2a, 0x61, 0x58, 0xd1, 0xe8, 0xa3, 0x9a, 0x35, 0xc, 0x47, 0x7e, 0x4, 0x3d, 0x76, 0x4f, 0xe0, 0xd9, 0x92, 0xab, 0x66, 0x5f, 0x14, 0x2d, 0x82, 0xbb, 0xf0, 0xc9, 0xb3, 0x8a, 0xc1, 0xf8, 0x57, 0x6e, 0x25, 0x1c, 0xa2, 0x9b, 0xd0, 0xe9, 0x46, 0x7f, 0x34, 0xd, 0x77, 0x4e, 0x5, 0x3c, 0x93, 0xaa, 0xe1, 0xd8, 0x15, 0x2c, 0x67, 0x5e, 0xf1, 0xc8, 0x83, 0xba, 0xc0, 0xf9, 0xb2, 0x8b, 0x24, 0x1d, 0x56, 0x6f, 0x37, 0xe, 0x45, 0x7c, 0xd3, 0xea, 0xa1, 0x98, 0xe2, 0xdb, 0x90, 0xa9, 0x6, 0x3f, 0x74, 0x4d, 0x80, 0xb9, 0xf2, 0xcb, 0x64, 0x5d, 0x16, 0x2f, 0x55, 0x6c, 0x27, 0x1e, 0xb1, 0x88, 0xc3, 0xfa, 0x44, 0x7d, 0x36, 0xf, 0xa0, 0x99, 0xd2, 0xeb, 0x91, 0xa8, 0xe3, 0xda, 0x75, 0x4c, 0x7, 0x3e, 0xf3, 0xca, 0x81, 0xb8, 0x17, 0x2e, 0x65, 0x5c, 0x26, 0x1f, 0x54, 0x6d, 0xc2, 0xfb, 0xb0, 0x89},
+ {0x0, 0x3a, 0x74, 0x4e, 0xe8, 0xd2, 0x9c, 0xa6, 0xcd, 0xf7, 0xb9, 0x83, 0x25, 0x1f, 0x51, 0x6b, 0x87, 0xbd, 0xf3, 0xc9, 0x6f, 0x55, 0x1b, 0x21, 0x4a, 0x70, 0x3e, 0x4, 0xa2, 0x98, 0xd6, 0xec, 0x13, 0x29, 0x67, 0x5d, 0xfb, 0xc1, 0x8f, 0xb5, 0xde, 0xe4, 0xaa, 0x90, 0x36, 0xc, 0x42, 0x78, 0x94, 0xae, 0xe0, 0xda, 0x7c, 0x46, 0x8, 0x32, 0x59, 0x63, 0x2d, 0x17, 0xb1, 0x8b, 0xc5, 0xff, 0x26, 0x1c, 0x52, 0x68, 0xce, 0xf4, 0xba, 0x80, 0xeb, 0xd1, 0x9f, 0xa5, 0x3, 0x39, 0x77, 0x4d, 0xa1, 0x9b, 0xd5, 0xef, 0x49, 0x73, 0x3d, 0x7, 0x6c, 0x56, 0x18, 0x22, 0x84, 0xbe, 0xf0, 0xca, 0x35, 0xf, 0x41, 0x7b, 0xdd, 0xe7, 0xa9, 0x93, 0xf8, 0xc2, 0x8c, 0xb6, 0x10, 0x2a, 0x64, 0x5e, 0xb2, 0x88, 0xc6, 0xfc, 0x5a, 0x60, 0x2e, 0x14, 0x7f, 0x45, 0xb, 0x31, 0x97, 0xad, 0xe3, 0xd9, 0x4c, 0x76, 0x38, 0x2, 0xa4, 0x9e, 0xd0, 0xea, 0x81, 0xbb, 0xf5, 0xcf, 0x69, 0x53, 0x1d, 0x27, 0xcb, 0xf1, 0xbf, 0x85, 0x23, 0x19, 0x57, 0x6d, 0x6, 0x3c, 0x72, 0x48, 0xee, 0xd4, 0x9a, 0xa0, 0x5f, 0x65, 0x2b, 0x11, 0xb7, 0x8d, 0xc3, 0xf9, 0x92, 0xa8, 0xe6, 0xdc, 0x7a, 0x40, 0xe, 0x34, 0xd8, 0xe2, 0xac, 0x96, 0x30, 0xa, 0x44, 0x7e, 0x15, 0x2f, 0x61, 0x5b, 0xfd, 0xc7, 0x89, 0xb3, 0x6a, 0x50, 0x1e, 0x24, 0x82, 0xb8, 0xf6, 0xcc, 0xa7, 0x9d, 0xd3, 0xe9, 0x4f, 0x75, 0x3b, 0x1, 0xed, 0xd7, 0x99, 0xa3, 0x5, 0x3f, 0x71, 0x4b, 0x20, 0x1a, 0x54, 0x6e, 0xc8, 0xf2, 0xbc, 0x86, 0x79, 0x43, 0xd, 0x37, 0x91, 0xab, 0xe5, 0xdf, 0xb4, 0x8e, 0xc0, 0xfa, 0x5c, 0x66, 0x28, 0x12, 0xfe, 0xc4, 0x8a, 0xb0, 0x16, 0x2c, 0x62, 0x58, 0x33, 0x9, 0x47, 0x7d, 0xdb, 0xe1, 0xaf, 0x95},
+ {0x0, 0x3b, 0x76, 0x4d, 0xec, 0xd7, 0x9a, 0xa1, 0xc5, 0xfe, 0xb3, 0x88, 0x29, 0x12, 0x5f, 0x64, 0x97, 0xac, 0xe1, 0xda, 0x7b, 0x40, 0xd, 0x36, 0x52, 0x69, 0x24, 0x1f, 0xbe, 0x85, 0xc8, 0xf3, 0x33, 0x8, 0x45, 0x7e, 0xdf, 0xe4, 0xa9, 0x92, 0xf6, 0xcd, 0x80, 0xbb, 0x1a, 0x21, 0x6c, 0x57, 0xa4, 0x9f, 0xd2, 0xe9, 0x48, 0x73, 0x3e, 0x5, 0x61, 0x5a, 0x17, 0x2c, 0x8d, 0xb6, 0xfb, 0xc0, 0x66, 0x5d, 0x10, 0x2b, 0x8a, 0xb1, 0xfc, 0xc7, 0xa3, 0x98, 0xd5, 0xee, 0x4f, 0x74, 0x39, 0x2, 0xf1, 0xca, 0x87, 0xbc, 0x1d, 0x26, 0x6b, 0x50, 0x34, 0xf, 0x42, 0x79, 0xd8, 0xe3, 0xae, 0x95, 0x55, 0x6e, 0x23, 0x18, 0xb9, 0x82, 0xcf, 0xf4, 0x90, 0xab, 0xe6, 0xdd, 0x7c, 0x47, 0xa, 0x31, 0xc2, 0xf9, 0xb4, 0x8f, 0x2e, 0x15, 0x58, 0x63, 0x7, 0x3c, 0x71, 0x4a, 0xeb, 0xd0, 0x9d, 0xa6, 0xcc, 0xf7, 0xba, 0x81, 0x20, 0x1b, 0x56, 0x6d, 0x9, 0x32, 0x7f, 0x44, 0xe5, 0xde, 0x93, 0xa8, 0x5b, 0x60, 0x2d, 0x16, 0xb7, 0x8c, 0xc1, 0xfa, 0x9e, 0xa5, 0xe8, 0xd3, 0x72, 0x49, 0x4, 0x3f, 0xff, 0xc4, 0x89, 0xb2, 0x13, 0x28, 0x65, 0x5e, 0x3a, 0x1, 0x4c, 0x77, 0xd6, 0xed, 0xa0, 0x9b, 0x68, 0x53, 0x1e, 0x25, 0x84, 0xbf, 0xf2, 0xc9, 0xad, 0x96, 0xdb, 0xe0, 0x41, 0x7a, 0x37, 0xc, 0xaa, 0x91, 0xdc, 0xe7, 0x46, 0x7d, 0x30, 0xb, 0x6f, 0x54, 0x19, 0x22, 0x83, 0xb8, 0xf5, 0xce, 0x3d, 0x6, 0x4b, 0x70, 0xd1, 0xea, 0xa7, 0x9c, 0xf8, 0xc3, 0x8e, 0xb5, 0x14, 0x2f, 0x62, 0x59, 0x99, 0xa2, 0xef, 0xd4, 0x75, 0x4e, 0x3, 0x38, 0x5c, 0x67, 0x2a, 0x11, 0xb0, 0x8b, 0xc6, 0xfd, 0xe, 0x35, 0x78, 0x43, 0xe2, 0xd9, 0x94, 0xaf, 0xcb, 0xf0, 0xbd, 0x86, 0x27, 0x1c, 0x51, 0x6a},
+ {0x0, 0x3c, 0x78, 0x44, 0xf0, 0xcc, 0x88, 0xb4, 0xfd, 0xc1, 0x85, 0xb9, 0xd, 0x31, 0x75, 0x49, 0xe7, 0xdb, 0x9f, 0xa3, 0x17, 0x2b, 0x6f, 0x53, 0x1a, 0x26, 0x62, 0x5e, 0xea, 0xd6, 0x92, 0xae, 0xd3, 0xef, 0xab, 0x97, 0x23, 0x1f, 0x5b, 0x67, 0x2e, 0x12, 0x56, 0x6a, 0xde, 0xe2, 0xa6, 0x9a, 0x34, 0x8, 0x4c, 0x70, 0xc4, 0xf8, 0xbc, 0x80, 0xc9, 0xf5, 0xb1, 0x8d, 0x39, 0x5, 0x41, 0x7d, 0xbb, 0x87, 0xc3, 0xff, 0x4b, 0x77, 0x33, 0xf, 0x46, 0x7a, 0x3e, 0x2, 0xb6, 0x8a, 0xce, 0xf2, 0x5c, 0x60, 0x24, 0x18, 0xac, 0x90, 0xd4, 0xe8, 0xa1, 0x9d, 0xd9, 0xe5, 0x51, 0x6d, 0x29, 0x15, 0x68, 0x54, 0x10, 0x2c, 0x98, 0xa4, 0xe0, 0xdc, 0x95, 0xa9, 0xed, 0xd1, 0x65, 0x59, 0x1d, 0x21, 0x8f, 0xb3, 0xf7, 0xcb, 0x7f, 0x43, 0x7, 0x3b, 0x72, 0x4e, 0xa, 0x36, 0x82, 0xbe, 0xfa, 0xc6, 0x6b, 0x57, 0x13, 0x2f, 0x9b, 0xa7, 0xe3, 0xdf, 0x96, 0xaa, 0xee, 0xd2, 0x66, 0x5a, 0x1e, 0x22, 0x8c, 0xb0, 0xf4, 0xc8, 0x7c, 0x40, 0x4, 0x38, 0x71, 0x4d, 0x9, 0x35, 0x81, 0xbd, 0xf9, 0xc5, 0xb8, 0x84, 0xc0, 0xfc, 0x48, 0x74, 0x30, 0xc, 0x45, 0x79, 0x3d, 0x1, 0xb5, 0x89, 0xcd, 0xf1, 0x5f, 0x63, 0x27, 0x1b, 0xaf, 0x93, 0xd7, 0xeb, 0xa2, 0x9e, 0xda, 0xe6, 0x52, 0x6e, 0x2a, 0x16, 0xd0, 0xec, 0xa8, 0x94, 0x20, 0x1c, 0x58, 0x64, 0x2d, 0x11, 0x55, 0x69, 0xdd, 0xe1, 0xa5, 0x99, 0x37, 0xb, 0x4f, 0x73, 0xc7, 0xfb, 0xbf, 0x83, 0xca, 0xf6, 0xb2, 0x8e, 0x3a, 0x6, 0x42, 0x7e, 0x3, 0x3f, 0x7b, 0x47, 0xf3, 0xcf, 0x8b, 0xb7, 0xfe, 0xc2, 0x86, 0xba, 0xe, 0x32, 0x76, 0x4a, 0xe4, 0xd8, 0x9c, 0xa0, 0x14, 0x28, 0x6c, 0x50, 0x19, 0x25, 0x61, 0x5d, 0xe9, 0xd5, 0x91, 0xad},
+ {0x0, 0x3d, 0x7a, 0x47, 0xf4, 0xc9, 0x8e, 0xb3, 0xf5, 0xc8, 0x8f, 0xb2, 0x1, 0x3c, 0x7b, 0x46, 0xf7, 0xca, 0x8d, 0xb0, 0x3, 0x3e, 0x79, 0x44, 0x2, 0x3f, 0x78, 0x45, 0xf6, 0xcb, 0x8c, 0xb1, 0xf3, 0xce, 0x89, 0xb4, 0x7, 0x3a, 0x7d, 0x40, 0x6, 0x3b, 0x7c, 0x41, 0xf2, 0xcf, 0x88, 0xb5, 0x4, 0x39, 0x7e, 0x43, 0xf0, 0xcd, 0x8a, 0xb7, 0xf1, 0xcc, 0x8b, 0xb6, 0x5, 0x38, 0x7f, 0x42, 0xfb, 0xc6, 0x81, 0xbc, 0xf, 0x32, 0x75, 0x48, 0xe, 0x33, 0x74, 0x49, 0xfa, 0xc7, 0x80, 0xbd, 0xc, 0x31, 0x76, 0x4b, 0xf8, 0xc5, 0x82, 0xbf, 0xf9, 0xc4, 0x83, 0xbe, 0xd, 0x30, 0x77, 0x4a, 0x8, 0x35, 0x72, 0x4f, 0xfc, 0xc1, 0x86, 0xbb, 0xfd, 0xc0, 0x87, 0xba, 0x9, 0x34, 0x73, 0x4e, 0xff, 0xc2, 0x85, 0xb8, 0xb, 0x36, 0x71, 0x4c, 0xa, 0x37, 0x70, 0x4d, 0xfe, 0xc3, 0x84, 0xb9, 0xeb, 0xd6, 0x91, 0xac, 0x1f, 0x22, 0x65, 0x58, 0x1e, 0x23, 0x64, 0x59, 0xea, 0xd7, 0x90, 0xad, 0x1c, 0x21, 0x66, 0x5b, 0xe8, 0xd5, 0x92, 0xaf, 0xe9, 0xd4, 0x93, 0xae, 0x1d, 0x20, 0x67, 0x5a, 0x18, 0x25, 0x62, 0x5f, 0xec, 0xd1, 0x96, 0xab, 0xed, 0xd0, 0x97, 0xaa, 0x19, 0x24, 0x63, 0x5e, 0xef, 0xd2, 0x95, 0xa8, 0x1b, 0x26, 0x61, 0x5c, 0x1a, 0x27, 0x60, 0x5d, 0xee, 0xd3, 0x94, 0xa9, 0x10, 0x2d, 0x6a, 0x57, 0xe4, 0xd9, 0x9e, 0xa3, 0xe5, 0xd8, 0x9f, 0xa2, 0x11, 0x2c, 0x6b, 0x56, 0xe7, 0xda, 0x9d, 0xa0, 0x13, 0x2e, 0x69, 0x54, 0x12, 0x2f, 0x68, 0x55, 0xe6, 0xdb, 0x9c, 0xa1, 0xe3, 0xde, 0x99, 0xa4, 0x17, 0x2a, 0x6d, 0x50, 0x16, 0x2b, 0x6c, 0x51, 0xe2, 0xdf, 0x98, 0xa5, 0x14, 0x29, 0x6e, 0x53, 0xe0, 0xdd, 0x9a, 0xa7, 0xe1, 0xdc, 0x9b, 0xa6, 0x15, 0x28, 0x6f, 0x52},
+ {0x0, 0x3e, 0x7c, 0x42, 0xf8, 0xc6, 0x84, 0xba, 0xed, 0xd3, 0x91, 0xaf, 0x15, 0x2b, 0x69, 0x57, 0xc7, 0xf9, 0xbb, 0x85, 0x3f, 0x1, 0x43, 0x7d, 0x2a, 0x14, 0x56, 0x68, 0xd2, 0xec, 0xae, 0x90, 0x93, 0xad, 0xef, 0xd1, 0x6b, 0x55, 0x17, 0x29, 0x7e, 0x40, 0x2, 0x3c, 0x86, 0xb8, 0xfa, 0xc4, 0x54, 0x6a, 0x28, 0x16, 0xac, 0x92, 0xd0, 0xee, 0xb9, 0x87, 0xc5, 0xfb, 0x41, 0x7f, 0x3d, 0x3, 0x3b, 0x5, 0x47, 0x79, 0xc3, 0xfd, 0xbf, 0x81, 0xd6, 0xe8, 0xaa, 0x94, 0x2e, 0x10, 0x52, 0x6c, 0xfc, 0xc2, 0x80, 0xbe, 0x4, 0x3a, 0x78, 0x46, 0x11, 0x2f, 0x6d, 0x53, 0xe9, 0xd7, 0x95, 0xab, 0xa8, 0x96, 0xd4, 0xea, 0x50, 0x6e, 0x2c, 0x12, 0x45, 0x7b, 0x39, 0x7, 0xbd, 0x83, 0xc1, 0xff, 0x6f, 0x51, 0x13, 0x2d, 0x97, 0xa9, 0xeb, 0xd5, 0x82, 0xbc, 0xfe, 0xc0, 0x7a, 0x44, 0x6, 0x38, 0x76, 0x48, 0xa, 0x34, 0x8e, 0xb0, 0xf2, 0xcc, 0x9b, 0xa5, 0xe7, 0xd9, 0x63, 0x5d, 0x1f, 0x21, 0xb1, 0x8f, 0xcd, 0xf3, 0x49, 0x77, 0x35, 0xb, 0x5c, 0x62, 0x20, 0x1e, 0xa4, 0x9a, 0xd8, 0xe6, 0xe5, 0xdb, 0x99, 0xa7, 0x1d, 0x23, 0x61, 0x5f, 0x8, 0x36, 0x74, 0x4a, 0xf0, 0xce, 0x8c, 0xb2, 0x22, 0x1c, 0x5e, 0x60, 0xda, 0xe4, 0xa6, 0x98, 0xcf, 0xf1, 0xb3, 0x8d, 0x37, 0x9, 0x4b, 0x75, 0x4d, 0x73, 0x31, 0xf, 0xb5, 0x8b, 0xc9, 0xf7, 0xa0, 0x9e, 0xdc, 0xe2, 0x58, 0x66, 0x24, 0x1a, 0x8a, 0xb4, 0xf6, 0xc8, 0x72, 0x4c, 0xe, 0x30, 0x67, 0x59, 0x1b, 0x25, 0x9f, 0xa1, 0xe3, 0xdd, 0xde, 0xe0, 0xa2, 0x9c, 0x26, 0x18, 0x5a, 0x64, 0x33, 0xd, 0x4f, 0x71, 0xcb, 0xf5, 0xb7, 0x89, 0x19, 0x27, 0x65, 0x5b, 0xe1, 0xdf, 0x9d, 0xa3, 0xf4, 0xca, 0x88, 0xb6, 0xc, 0x32, 0x70, 0x4e},
+ {0x0, 0x3f, 0x7e, 0x41, 0xfc, 0xc3, 0x82, 0xbd, 0xe5, 0xda, 0x9b, 0xa4, 0x19, 0x26, 0x67, 0x58, 0xd7, 0xe8, 0xa9, 0x96, 0x2b, 0x14, 0x55, 0x6a, 0x32, 0xd, 0x4c, 0x73, 0xce, 0xf1, 0xb0, 0x8f, 0xb3, 0x8c, 0xcd, 0xf2, 0x4f, 0x70, 0x31, 0xe, 0x56, 0x69, 0x28, 0x17, 0xaa, 0x95, 0xd4, 0xeb, 0x64, 0x5b, 0x1a, 0x25, 0x98, 0xa7, 0xe6, 0xd9, 0x81, 0xbe, 0xff, 0xc0, 0x7d, 0x42, 0x3, 0x3c, 0x7b, 0x44, 0x5, 0x3a, 0x87, 0xb8, 0xf9, 0xc6, 0x9e, 0xa1, 0xe0, 0xdf, 0x62, 0x5d, 0x1c, 0x23, 0xac, 0x93, 0xd2, 0xed, 0x50, 0x6f, 0x2e, 0x11, 0x49, 0x76, 0x37, 0x8, 0xb5, 0x8a, 0xcb, 0xf4, 0xc8, 0xf7, 0xb6, 0x89, 0x34, 0xb, 0x4a, 0x75, 0x2d, 0x12, 0x53, 0x6c, 0xd1, 0xee, 0xaf, 0x90, 0x1f, 0x20, 0x61, 0x5e, 0xe3, 0xdc, 0x9d, 0xa2, 0xfa, 0xc5, 0x84, 0xbb, 0x6, 0x39, 0x78, 0x47, 0xf6, 0xc9, 0x88, 0xb7, 0xa, 0x35, 0x74, 0x4b, 0x13, 0x2c, 0x6d, 0x52, 0xef, 0xd0, 0x91, 0xae, 0x21, 0x1e, 0x5f, 0x60, 0xdd, 0xe2, 0xa3, 0x9c, 0xc4, 0xfb, 0xba, 0x85, 0x38, 0x7, 0x46, 0x79, 0x45, 0x7a, 0x3b, 0x4, 0xb9, 0x86, 0xc7, 0xf8, 0xa0, 0x9f, 0xde, 0xe1, 0x5c, 0x63, 0x22, 0x1d, 0x92, 0xad, 0xec, 0xd3, 0x6e, 0x51, 0x10, 0x2f, 0x77, 0x48, 0x9, 0x36, 0x8b, 0xb4, 0xf5, 0xca, 0x8d, 0xb2, 0xf3, 0xcc, 0x71, 0x4e, 0xf, 0x30, 0x68, 0x57, 0x16, 0x29, 0x94, 0xab, 0xea, 0xd5, 0x5a, 0x65, 0x24, 0x1b, 0xa6, 0x99, 0xd8, 0xe7, 0xbf, 0x80, 0xc1, 0xfe, 0x43, 0x7c, 0x3d, 0x2, 0x3e, 0x1, 0x40, 0x7f, 0xc2, 0xfd, 0xbc, 0x83, 0xdb, 0xe4, 0xa5, 0x9a, 0x27, 0x18, 0x59, 0x66, 0xe9, 0xd6, 0x97, 0xa8, 0x15, 0x2a, 0x6b, 0x54, 0xc, 0x33, 0x72, 0x4d, 0xf0, 0xcf, 0x8e, 0xb1},
+ {0x0, 0x40, 0x80, 0xc0, 0x1d, 0x5d, 0x9d, 0xdd, 0x3a, 0x7a, 0xba, 0xfa, 0x27, 0x67, 0xa7, 0xe7, 0x74, 0x34, 0xf4, 0xb4, 0x69, 0x29, 0xe9, 0xa9, 0x4e, 0xe, 0xce, 0x8e, 0x53, 0x13, 0xd3, 0x93, 0xe8, 0xa8, 0x68, 0x28, 0xf5, 0xb5, 0x75, 0x35, 0xd2, 0x92, 0x52, 0x12, 0xcf, 0x8f, 0x4f, 0xf, 0x9c, 0xdc, 0x1c, 0x5c, 0x81, 0xc1, 0x1, 0x41, 0xa6, 0xe6, 0x26, 0x66, 0xbb, 0xfb, 0x3b, 0x7b, 0xcd, 0x8d, 0x4d, 0xd, 0xd0, 0x90, 0x50, 0x10, 0xf7, 0xb7, 0x77, 0x37, 0xea, 0xaa, 0x6a, 0x2a, 0xb9, 0xf9, 0x39, 0x79, 0xa4, 0xe4, 0x24, 0x64, 0x83, 0xc3, 0x3, 0x43, 0x9e, 0xde, 0x1e, 0x5e, 0x25, 0x65, 0xa5, 0xe5, 0x38, 0x78, 0xb8, 0xf8, 0x1f, 0x5f, 0x9f, 0xdf, 0x2, 0x42, 0x82, 0xc2, 0x51, 0x11, 0xd1, 0x91, 0x4c, 0xc, 0xcc, 0x8c, 0x6b, 0x2b, 0xeb, 0xab, 0x76, 0x36, 0xf6, 0xb6, 0x87, 0xc7, 0x7, 0x47, 0x9a, 0xda, 0x1a, 0x5a, 0xbd, 0xfd, 0x3d, 0x7d, 0xa0, 0xe0, 0x20, 0x60, 0xf3, 0xb3, 0x73, 0x33, 0xee, 0xae, 0x6e, 0x2e, 0xc9, 0x89, 0x49, 0x9, 0xd4, 0x94, 0x54, 0x14, 0x6f, 0x2f, 0xef, 0xaf, 0x72, 0x32, 0xf2, 0xb2, 0x55, 0x15, 0xd5, 0x95, 0x48, 0x8, 0xc8, 0x88, 0x1b, 0x5b, 0x9b, 0xdb, 0x6, 0x46, 0x86, 0xc6, 0x21, 0x61, 0xa1, 0xe1, 0x3c, 0x7c, 0xbc, 0xfc, 0x4a, 0xa, 0xca, 0x8a, 0x57, 0x17, 0xd7, 0x97, 0x70, 0x30, 0xf0, 0xb0, 0x6d, 0x2d, 0xed, 0xad, 0x3e, 0x7e, 0xbe, 0xfe, 0x23, 0x63, 0xa3, 0xe3, 0x4, 0x44, 0x84, 0xc4, 0x19, 0x59, 0x99, 0xd9, 0xa2, 0xe2, 0x22, 0x62, 0xbf, 0xff, 0x3f, 0x7f, 0x98, 0xd8, 0x18, 0x58, 0x85, 0xc5, 0x5, 0x45, 0xd6, 0x96, 0x56, 0x16, 0xcb, 0x8b, 0x4b, 0xb, 0xec, 0xac, 0x6c, 0x2c, 0xf1, 0xb1, 0x71, 0x31},
+ {0x0, 0x41, 0x82, 0xc3, 0x19, 0x58, 0x9b, 0xda, 0x32, 0x73, 0xb0, 0xf1, 0x2b, 0x6a, 0xa9, 0xe8, 0x64, 0x25, 0xe6, 0xa7, 0x7d, 0x3c, 0xff, 0xbe, 0x56, 0x17, 0xd4, 0x95, 0x4f, 0xe, 0xcd, 0x8c, 0xc8, 0x89, 0x4a, 0xb, 0xd1, 0x90, 0x53, 0x12, 0xfa, 0xbb, 0x78, 0x39, 0xe3, 0xa2, 0x61, 0x20, 0xac, 0xed, 0x2e, 0x6f, 0xb5, 0xf4, 0x37, 0x76, 0x9e, 0xdf, 0x1c, 0x5d, 0x87, 0xc6, 0x5, 0x44, 0x8d, 0xcc, 0xf, 0x4e, 0x94, 0xd5, 0x16, 0x57, 0xbf, 0xfe, 0x3d, 0x7c, 0xa6, 0xe7, 0x24, 0x65, 0xe9, 0xa8, 0x6b, 0x2a, 0xf0, 0xb1, 0x72, 0x33, 0xdb, 0x9a, 0x59, 0x18, 0xc2, 0x83, 0x40, 0x1, 0x45, 0x4, 0xc7, 0x86, 0x5c, 0x1d, 0xde, 0x9f, 0x77, 0x36, 0xf5, 0xb4, 0x6e, 0x2f, 0xec, 0xad, 0x21, 0x60, 0xa3, 0xe2, 0x38, 0x79, 0xba, 0xfb, 0x13, 0x52, 0x91, 0xd0, 0xa, 0x4b, 0x88, 0xc9, 0x7, 0x46, 0x85, 0xc4, 0x1e, 0x5f, 0x9c, 0xdd, 0x35, 0x74, 0xb7, 0xf6, 0x2c, 0x6d, 0xae, 0xef, 0x63, 0x22, 0xe1, 0xa0, 0x7a, 0x3b, 0xf8, 0xb9, 0x51, 0x10, 0xd3, 0x92, 0x48, 0x9, 0xca, 0x8b, 0xcf, 0x8e, 0x4d, 0xc, 0xd6, 0x97, 0x54, 0x15, 0xfd, 0xbc, 0x7f, 0x3e, 0xe4, 0xa5, 0x66, 0x27, 0xab, 0xea, 0x29, 0x68, 0xb2, 0xf3, 0x30, 0x71, 0x99, 0xd8, 0x1b, 0x5a, 0x80, 0xc1, 0x2, 0x43, 0x8a, 0xcb, 0x8, 0x49, 0x93, 0xd2, 0x11, 0x50, 0xb8, 0xf9, 0x3a, 0x7b, 0xa1, 0xe0, 0x23, 0x62, 0xee, 0xaf, 0x6c, 0x2d, 0xf7, 0xb6, 0x75, 0x34, 0xdc, 0x9d, 0x5e, 0x1f, 0xc5, 0x84, 0x47, 0x6, 0x42, 0x3, 0xc0, 0x81, 0x5b, 0x1a, 0xd9, 0x98, 0x70, 0x31, 0xf2, 0xb3, 0x69, 0x28, 0xeb, 0xaa, 0x26, 0x67, 0xa4, 0xe5, 0x3f, 0x7e, 0xbd, 0xfc, 0x14, 0x55, 0x96, 0xd7, 0xd, 0x4c, 0x8f, 0xce},
+ {0x0, 0x42, 0x84, 0xc6, 0x15, 0x57, 0x91, 0xd3, 0x2a, 0x68, 0xae, 0xec, 0x3f, 0x7d, 0xbb, 0xf9, 0x54, 0x16, 0xd0, 0x92, 0x41, 0x3, 0xc5, 0x87, 0x7e, 0x3c, 0xfa, 0xb8, 0x6b, 0x29, 0xef, 0xad, 0xa8, 0xea, 0x2c, 0x6e, 0xbd, 0xff, 0x39, 0x7b, 0x82, 0xc0, 0x6, 0x44, 0x97, 0xd5, 0x13, 0x51, 0xfc, 0xbe, 0x78, 0x3a, 0xe9, 0xab, 0x6d, 0x2f, 0xd6, 0x94, 0x52, 0x10, 0xc3, 0x81, 0x47, 0x5, 0x4d, 0xf, 0xc9, 0x8b, 0x58, 0x1a, 0xdc, 0x9e, 0x67, 0x25, 0xe3, 0xa1, 0x72, 0x30, 0xf6, 0xb4, 0x19, 0x5b, 0x9d, 0xdf, 0xc, 0x4e, 0x88, 0xca, 0x33, 0x71, 0xb7, 0xf5, 0x26, 0x64, 0xa2, 0xe0, 0xe5, 0xa7, 0x61, 0x23, 0xf0, 0xb2, 0x74, 0x36, 0xcf, 0x8d, 0x4b, 0x9, 0xda, 0x98, 0x5e, 0x1c, 0xb1, 0xf3, 0x35, 0x77, 0xa4, 0xe6, 0x20, 0x62, 0x9b, 0xd9, 0x1f, 0x5d, 0x8e, 0xcc, 0xa, 0x48, 0x9a, 0xd8, 0x1e, 0x5c, 0x8f, 0xcd, 0xb, 0x49, 0xb0, 0xf2, 0x34, 0x76, 0xa5, 0xe7, 0x21, 0x63, 0xce, 0x8c, 0x4a, 0x8, 0xdb, 0x99, 0x5f, 0x1d, 0xe4, 0xa6, 0x60, 0x22, 0xf1, 0xb3, 0x75, 0x37, 0x32, 0x70, 0xb6, 0xf4, 0x27, 0x65, 0xa3, 0xe1, 0x18, 0x5a, 0x9c, 0xde, 0xd, 0x4f, 0x89, 0xcb, 0x66, 0x24, 0xe2, 0xa0, 0x73, 0x31, 0xf7, 0xb5, 0x4c, 0xe, 0xc8, 0x8a, 0x59, 0x1b, 0xdd, 0x9f, 0xd7, 0x95, 0x53, 0x11, 0xc2, 0x80, 0x46, 0x4, 0xfd, 0xbf, 0x79, 0x3b, 0xe8, 0xaa, 0x6c, 0x2e, 0x83, 0xc1, 0x7, 0x45, 0x96, 0xd4, 0x12, 0x50, 0xa9, 0xeb, 0x2d, 0x6f, 0xbc, 0xfe, 0x38, 0x7a, 0x7f, 0x3d, 0xfb, 0xb9, 0x6a, 0x28, 0xee, 0xac, 0x55, 0x17, 0xd1, 0x93, 0x40, 0x2, 0xc4, 0x86, 0x2b, 0x69, 0xaf, 0xed, 0x3e, 0x7c, 0xba, 0xf8, 0x1, 0x43, 0x85, 0xc7, 0x14, 0x56, 0x90, 0xd2},
+ {0x0, 0x43, 0x86, 0xc5, 0x11, 0x52, 0x97, 0xd4, 0x22, 0x61, 0xa4, 0xe7, 0x33, 0x70, 0xb5, 0xf6, 0x44, 0x7, 0xc2, 0x81, 0x55, 0x16, 0xd3, 0x90, 0x66, 0x25, 0xe0, 0xa3, 0x77, 0x34, 0xf1, 0xb2, 0x88, 0xcb, 0xe, 0x4d, 0x99, 0xda, 0x1f, 0x5c, 0xaa, 0xe9, 0x2c, 0x6f, 0xbb, 0xf8, 0x3d, 0x7e, 0xcc, 0x8f, 0x4a, 0x9, 0xdd, 0x9e, 0x5b, 0x18, 0xee, 0xad, 0x68, 0x2b, 0xff, 0xbc, 0x79, 0x3a, 0xd, 0x4e, 0x8b, 0xc8, 0x1c, 0x5f, 0x9a, 0xd9, 0x2f, 0x6c, 0xa9, 0xea, 0x3e, 0x7d, 0xb8, 0xfb, 0x49, 0xa, 0xcf, 0x8c, 0x58, 0x1b, 0xde, 0x9d, 0x6b, 0x28, 0xed, 0xae, 0x7a, 0x39, 0xfc, 0xbf, 0x85, 0xc6, 0x3, 0x40, 0x94, 0xd7, 0x12, 0x51, 0xa7, 0xe4, 0x21, 0x62, 0xb6, 0xf5, 0x30, 0x73, 0xc1, 0x82, 0x47, 0x4, 0xd0, 0x93, 0x56, 0x15, 0xe3, 0xa0, 0x65, 0x26, 0xf2, 0xb1, 0x74, 0x37, 0x1a, 0x59, 0x9c, 0xdf, 0xb, 0x48, 0x8d, 0xce, 0x38, 0x7b, 0xbe, 0xfd, 0x29, 0x6a, 0xaf, 0xec, 0x5e, 0x1d, 0xd8, 0x9b, 0x4f, 0xc, 0xc9, 0x8a, 0x7c, 0x3f, 0xfa, 0xb9, 0x6d, 0x2e, 0xeb, 0xa8, 0x92, 0xd1, 0x14, 0x57, 0x83, 0xc0, 0x5, 0x46, 0xb0, 0xf3, 0x36, 0x75, 0xa1, 0xe2, 0x27, 0x64, 0xd6, 0x95, 0x50, 0x13, 0xc7, 0x84, 0x41, 0x2, 0xf4, 0xb7, 0x72, 0x31, 0xe5, 0xa6, 0x63, 0x20, 0x17, 0x54, 0x91, 0xd2, 0x6, 0x45, 0x80, 0xc3, 0x35, 0x76, 0xb3, 0xf0, 0x24, 0x67, 0xa2, 0xe1, 0x53, 0x10, 0xd5, 0x96, 0x42, 0x1, 0xc4, 0x87, 0x71, 0x32, 0xf7, 0xb4, 0x60, 0x23, 0xe6, 0xa5, 0x9f, 0xdc, 0x19, 0x5a, 0x8e, 0xcd, 0x8, 0x4b, 0xbd, 0xfe, 0x3b, 0x78, 0xac, 0xef, 0x2a, 0x69, 0xdb, 0x98, 0x5d, 0x1e, 0xca, 0x89, 0x4c, 0xf, 0xf9, 0xba, 0x7f, 0x3c, 0xe8, 0xab, 0x6e, 0x2d},
+ {0x0, 0x44, 0x88, 0xcc, 0xd, 0x49, 0x85, 0xc1, 0x1a, 0x5e, 0x92, 0xd6, 0x17, 0x53, 0x9f, 0xdb, 0x34, 0x70, 0xbc, 0xf8, 0x39, 0x7d, 0xb1, 0xf5, 0x2e, 0x6a, 0xa6, 0xe2, 0x23, 0x67, 0xab, 0xef, 0x68, 0x2c, 0xe0, 0xa4, 0x65, 0x21, 0xed, 0xa9, 0x72, 0x36, 0xfa, 0xbe, 0x7f, 0x3b, 0xf7, 0xb3, 0x5c, 0x18, 0xd4, 0x90, 0x51, 0x15, 0xd9, 0x9d, 0x46, 0x2, 0xce, 0x8a, 0x4b, 0xf, 0xc3, 0x87, 0xd0, 0x94, 0x58, 0x1c, 0xdd, 0x99, 0x55, 0x11, 0xca, 0x8e, 0x42, 0x6, 0xc7, 0x83, 0x4f, 0xb, 0xe4, 0xa0, 0x6c, 0x28, 0xe9, 0xad, 0x61, 0x25, 0xfe, 0xba, 0x76, 0x32, 0xf3, 0xb7, 0x7b, 0x3f, 0xb8, 0xfc, 0x30, 0x74, 0xb5, 0xf1, 0x3d, 0x79, 0xa2, 0xe6, 0x2a, 0x6e, 0xaf, 0xeb, 0x27, 0x63, 0x8c, 0xc8, 0x4, 0x40, 0x81, 0xc5, 0x9, 0x4d, 0x96, 0xd2, 0x1e, 0x5a, 0x9b, 0xdf, 0x13, 0x57, 0xbd, 0xf9, 0x35, 0x71, 0xb0, 0xf4, 0x38, 0x7c, 0xa7, 0xe3, 0x2f, 0x6b, 0xaa, 0xee, 0x22, 0x66, 0x89, 0xcd, 0x1, 0x45, 0x84, 0xc0, 0xc, 0x48, 0x93, 0xd7, 0x1b, 0x5f, 0x9e, 0xda, 0x16, 0x52, 0xd5, 0x91, 0x5d, 0x19, 0xd8, 0x9c, 0x50, 0x14, 0xcf, 0x8b, 0x47, 0x3, 0xc2, 0x86, 0x4a, 0xe, 0xe1, 0xa5, 0x69, 0x2d, 0xec, 0xa8, 0x64, 0x20, 0xfb, 0xbf, 0x73, 0x37, 0xf6, 0xb2, 0x7e, 0x3a, 0x6d, 0x29, 0xe5, 0xa1, 0x60, 0x24, 0xe8, 0xac, 0x77, 0x33, 0xff, 0xbb, 0x7a, 0x3e, 0xf2, 0xb6, 0x59, 0x1d, 0xd1, 0x95, 0x54, 0x10, 0xdc, 0x98, 0x43, 0x7, 0xcb, 0x8f, 0x4e, 0xa, 0xc6, 0x82, 0x5, 0x41, 0x8d, 0xc9, 0x8, 0x4c, 0x80, 0xc4, 0x1f, 0x5b, 0x97, 0xd3, 0x12, 0x56, 0x9a, 0xde, 0x31, 0x75, 0xb9, 0xfd, 0x3c, 0x78, 0xb4, 0xf0, 0x2b, 0x6f, 0xa3, 0xe7, 0x26, 0x62, 0xae, 0xea},
+ {0x0, 0x45, 0x8a, 0xcf, 0x9, 0x4c, 0x83, 0xc6, 0x12, 0x57, 0x98, 0xdd, 0x1b, 0x5e, 0x91, 0xd4, 0x24, 0x61, 0xae, 0xeb, 0x2d, 0x68, 0xa7, 0xe2, 0x36, 0x73, 0xbc, 0xf9, 0x3f, 0x7a, 0xb5, 0xf0, 0x48, 0xd, 0xc2, 0x87, 0x41, 0x4, 0xcb, 0x8e, 0x5a, 0x1f, 0xd0, 0x95, 0x53, 0x16, 0xd9, 0x9c, 0x6c, 0x29, 0xe6, 0xa3, 0x65, 0x20, 0xef, 0xaa, 0x7e, 0x3b, 0xf4, 0xb1, 0x77, 0x32, 0xfd, 0xb8, 0x90, 0xd5, 0x1a, 0x5f, 0x99, 0xdc, 0x13, 0x56, 0x82, 0xc7, 0x8, 0x4d, 0x8b, 0xce, 0x1, 0x44, 0xb4, 0xf1, 0x3e, 0x7b, 0xbd, 0xf8, 0x37, 0x72, 0xa6, 0xe3, 0x2c, 0x69, 0xaf, 0xea, 0x25, 0x60, 0xd8, 0x9d, 0x52, 0x17, 0xd1, 0x94, 0x5b, 0x1e, 0xca, 0x8f, 0x40, 0x5, 0xc3, 0x86, 0x49, 0xc, 0xfc, 0xb9, 0x76, 0x33, 0xf5, 0xb0, 0x7f, 0x3a, 0xee, 0xab, 0x64, 0x21, 0xe7, 0xa2, 0x6d, 0x28, 0x3d, 0x78, 0xb7, 0xf2, 0x34, 0x71, 0xbe, 0xfb, 0x2f, 0x6a, 0xa5, 0xe0, 0x26, 0x63, 0xac, 0xe9, 0x19, 0x5c, 0x93, 0xd6, 0x10, 0x55, 0x9a, 0xdf, 0xb, 0x4e, 0x81, 0xc4, 0x2, 0x47, 0x88, 0xcd, 0x75, 0x30, 0xff, 0xba, 0x7c, 0x39, 0xf6, 0xb3, 0x67, 0x22, 0xed, 0xa8, 0x6e, 0x2b, 0xe4, 0xa1, 0x51, 0x14, 0xdb, 0x9e, 0x58, 0x1d, 0xd2, 0x97, 0x43, 0x6, 0xc9, 0x8c, 0x4a, 0xf, 0xc0, 0x85, 0xad, 0xe8, 0x27, 0x62, 0xa4, 0xe1, 0x2e, 0x6b, 0xbf, 0xfa, 0x35, 0x70, 0xb6, 0xf3, 0x3c, 0x79, 0x89, 0xcc, 0x3, 0x46, 0x80, 0xc5, 0xa, 0x4f, 0x9b, 0xde, 0x11, 0x54, 0x92, 0xd7, 0x18, 0x5d, 0xe5, 0xa0, 0x6f, 0x2a, 0xec, 0xa9, 0x66, 0x23, 0xf7, 0xb2, 0x7d, 0x38, 0xfe, 0xbb, 0x74, 0x31, 0xc1, 0x84, 0x4b, 0xe, 0xc8, 0x8d, 0x42, 0x7, 0xd3, 0x96, 0x59, 0x1c, 0xda, 0x9f, 0x50, 0x15},
+ {0x0, 0x46, 0x8c, 0xca, 0x5, 0x43, 0x89, 0xcf, 0xa, 0x4c, 0x86, 0xc0, 0xf, 0x49, 0x83, 0xc5, 0x14, 0x52, 0x98, 0xde, 0x11, 0x57, 0x9d, 0xdb, 0x1e, 0x58, 0x92, 0xd4, 0x1b, 0x5d, 0x97, 0xd1, 0x28, 0x6e, 0xa4, 0xe2, 0x2d, 0x6b, 0xa1, 0xe7, 0x22, 0x64, 0xae, 0xe8, 0x27, 0x61, 0xab, 0xed, 0x3c, 0x7a, 0xb0, 0xf6, 0x39, 0x7f, 0xb5, 0xf3, 0x36, 0x70, 0xba, 0xfc, 0x33, 0x75, 0xbf, 0xf9, 0x50, 0x16, 0xdc, 0x9a, 0x55, 0x13, 0xd9, 0x9f, 0x5a, 0x1c, 0xd6, 0x90, 0x5f, 0x19, 0xd3, 0x95, 0x44, 0x2, 0xc8, 0x8e, 0x41, 0x7, 0xcd, 0x8b, 0x4e, 0x8, 0xc2, 0x84, 0x4b, 0xd, 0xc7, 0x81, 0x78, 0x3e, 0xf4, 0xb2, 0x7d, 0x3b, 0xf1, 0xb7, 0x72, 0x34, 0xfe, 0xb8, 0x77, 0x31, 0xfb, 0xbd, 0x6c, 0x2a, 0xe0, 0xa6, 0x69, 0x2f, 0xe5, 0xa3, 0x66, 0x20, 0xea, 0xac, 0x63, 0x25, 0xef, 0xa9, 0xa0, 0xe6, 0x2c, 0x6a, 0xa5, 0xe3, 0x29, 0x6f, 0xaa, 0xec, 0x26, 0x60, 0xaf, 0xe9, 0x23, 0x65, 0xb4, 0xf2, 0x38, 0x7e, 0xb1, 0xf7, 0x3d, 0x7b, 0xbe, 0xf8, 0x32, 0x74, 0xbb, 0xfd, 0x37, 0x71, 0x88, 0xce, 0x4, 0x42, 0x8d, 0xcb, 0x1, 0x47, 0x82, 0xc4, 0xe, 0x48, 0x87, 0xc1, 0xb, 0x4d, 0x9c, 0xda, 0x10, 0x56, 0x99, 0xdf, 0x15, 0x53, 0x96, 0xd0, 0x1a, 0x5c, 0x93, 0xd5, 0x1f, 0x59, 0xf0, 0xb6, 0x7c, 0x3a, 0xf5, 0xb3, 0x79, 0x3f, 0xfa, 0xbc, 0x76, 0x30, 0xff, 0xb9, 0x73, 0x35, 0xe4, 0xa2, 0x68, 0x2e, 0xe1, 0xa7, 0x6d, 0x2b, 0xee, 0xa8, 0x62, 0x24, 0xeb, 0xad, 0x67, 0x21, 0xd8, 0x9e, 0x54, 0x12, 0xdd, 0x9b, 0x51, 0x17, 0xd2, 0x94, 0x5e, 0x18, 0xd7, 0x91, 0x5b, 0x1d, 0xcc, 0x8a, 0x40, 0x6, 0xc9, 0x8f, 0x45, 0x3, 0xc6, 0x80, 0x4a, 0xc, 0xc3, 0x85, 0x4f, 0x9},
+ {0x0, 0x47, 0x8e, 0xc9, 0x1, 0x46, 0x8f, 0xc8, 0x2, 0x45, 0x8c, 0xcb, 0x3, 0x44, 0x8d, 0xca, 0x4, 0x43, 0x8a, 0xcd, 0x5, 0x42, 0x8b, 0xcc, 0x6, 0x41, 0x88, 0xcf, 0x7, 0x40, 0x89, 0xce, 0x8, 0x4f, 0x86, 0xc1, 0x9, 0x4e, 0x87, 0xc0, 0xa, 0x4d, 0x84, 0xc3, 0xb, 0x4c, 0x85, 0xc2, 0xc, 0x4b, 0x82, 0xc5, 0xd, 0x4a, 0x83, 0xc4, 0xe, 0x49, 0x80, 0xc7, 0xf, 0x48, 0x81, 0xc6, 0x10, 0x57, 0x9e, 0xd9, 0x11, 0x56, 0x9f, 0xd8, 0x12, 0x55, 0x9c, 0xdb, 0x13, 0x54, 0x9d, 0xda, 0x14, 0x53, 0x9a, 0xdd, 0x15, 0x52, 0x9b, 0xdc, 0x16, 0x51, 0x98, 0xdf, 0x17, 0x50, 0x99, 0xde, 0x18, 0x5f, 0x96, 0xd1, 0x19, 0x5e, 0x97, 0xd0, 0x1a, 0x5d, 0x94, 0xd3, 0x1b, 0x5c, 0x95, 0xd2, 0x1c, 0x5b, 0x92, 0xd5, 0x1d, 0x5a, 0x93, 0xd4, 0x1e, 0x59, 0x90, 0xd7, 0x1f, 0x58, 0x91, 0xd6, 0x20, 0x67, 0xae, 0xe9, 0x21, 0x66, 0xaf, 0xe8, 0x22, 0x65, 0xac, 0xeb, 0x23, 0x64, 0xad, 0xea, 0x24, 0x63, 0xaa, 0xed, 0x25, 0x62, 0xab, 0xec, 0x26, 0x61, 0xa8, 0xef, 0x27, 0x60, 0xa9, 0xee, 0x28, 0x6f, 0xa6, 0xe1, 0x29, 0x6e, 0xa7, 0xe0, 0x2a, 0x6d, 0xa4, 0xe3, 0x2b, 0x6c, 0xa5, 0xe2, 0x2c, 0x6b, 0xa2, 0xe5, 0x2d, 0x6a, 0xa3, 0xe4, 0x2e, 0x69, 0xa0, 0xe7, 0x2f, 0x68, 0xa1, 0xe6, 0x30, 0x77, 0xbe, 0xf9, 0x31, 0x76, 0xbf, 0xf8, 0x32, 0x75, 0xbc, 0xfb, 0x33, 0x74, 0xbd, 0xfa, 0x34, 0x73, 0xba, 0xfd, 0x35, 0x72, 0xbb, 0xfc, 0x36, 0x71, 0xb8, 0xff, 0x37, 0x70, 0xb9, 0xfe, 0x38, 0x7f, 0xb6, 0xf1, 0x39, 0x7e, 0xb7, 0xf0, 0x3a, 0x7d, 0xb4, 0xf3, 0x3b, 0x7c, 0xb5, 0xf2, 0x3c, 0x7b, 0xb2, 0xf5, 0x3d, 0x7a, 0xb3, 0xf4, 0x3e, 0x79, 0xb0, 0xf7, 0x3f, 0x78, 0xb1, 0xf6},
+ {0x0, 0x48, 0x90, 0xd8, 0x3d, 0x75, 0xad, 0xe5, 0x7a, 0x32, 0xea, 0xa2, 0x47, 0xf, 0xd7, 0x9f, 0xf4, 0xbc, 0x64, 0x2c, 0xc9, 0x81, 0x59, 0x11, 0x8e, 0xc6, 0x1e, 0x56, 0xb3, 0xfb, 0x23, 0x6b, 0xf5, 0xbd, 0x65, 0x2d, 0xc8, 0x80, 0x58, 0x10, 0x8f, 0xc7, 0x1f, 0x57, 0xb2, 0xfa, 0x22, 0x6a, 0x1, 0x49, 0x91, 0xd9, 0x3c, 0x74, 0xac, 0xe4, 0x7b, 0x33, 0xeb, 0xa3, 0x46, 0xe, 0xd6, 0x9e, 0xf7, 0xbf, 0x67, 0x2f, 0xca, 0x82, 0x5a, 0x12, 0x8d, 0xc5, 0x1d, 0x55, 0xb0, 0xf8, 0x20, 0x68, 0x3, 0x4b, 0x93, 0xdb, 0x3e, 0x76, 0xae, 0xe6, 0x79, 0x31, 0xe9, 0xa1, 0x44, 0xc, 0xd4, 0x9c, 0x2, 0x4a, 0x92, 0xda, 0x3f, 0x77, 0xaf, 0xe7, 0x78, 0x30, 0xe8, 0xa0, 0x45, 0xd, 0xd5, 0x9d, 0xf6, 0xbe, 0x66, 0x2e, 0xcb, 0x83, 0x5b, 0x13, 0x8c, 0xc4, 0x1c, 0x54, 0xb1, 0xf9, 0x21, 0x69, 0xf3, 0xbb, 0x63, 0x2b, 0xce, 0x86, 0x5e, 0x16, 0x89, 0xc1, 0x19, 0x51, 0xb4, 0xfc, 0x24, 0x6c, 0x7, 0x4f, 0x97, 0xdf, 0x3a, 0x72, 0xaa, 0xe2, 0x7d, 0x35, 0xed, 0xa5, 0x40, 0x8, 0xd0, 0x98, 0x6, 0x4e, 0x96, 0xde, 0x3b, 0x73, 0xab, 0xe3, 0x7c, 0x34, 0xec, 0xa4, 0x41, 0x9, 0xd1, 0x99, 0xf2, 0xba, 0x62, 0x2a, 0xcf, 0x87, 0x5f, 0x17, 0x88, 0xc0, 0x18, 0x50, 0xb5, 0xfd, 0x25, 0x6d, 0x4, 0x4c, 0x94, 0xdc, 0x39, 0x71, 0xa9, 0xe1, 0x7e, 0x36, 0xee, 0xa6, 0x43, 0xb, 0xd3, 0x9b, 0xf0, 0xb8, 0x60, 0x28, 0xcd, 0x85, 0x5d, 0x15, 0x8a, 0xc2, 0x1a, 0x52, 0xb7, 0xff, 0x27, 0x6f, 0xf1, 0xb9, 0x61, 0x29, 0xcc, 0x84, 0x5c, 0x14, 0x8b, 0xc3, 0x1b, 0x53, 0xb6, 0xfe, 0x26, 0x6e, 0x5, 0x4d, 0x95, 0xdd, 0x38, 0x70, 0xa8, 0xe0, 0x7f, 0x37, 0xef, 0xa7, 0x42, 0xa, 0xd2, 0x9a},
+ {0x0, 0x49, 0x92, 0xdb, 0x39, 0x70, 0xab, 0xe2, 0x72, 0x3b, 0xe0, 0xa9, 0x4b, 0x2, 0xd9, 0x90, 0xe4, 0xad, 0x76, 0x3f, 0xdd, 0x94, 0x4f, 0x6, 0x96, 0xdf, 0x4, 0x4d, 0xaf, 0xe6, 0x3d, 0x74, 0xd5, 0x9c, 0x47, 0xe, 0xec, 0xa5, 0x7e, 0x37, 0xa7, 0xee, 0x35, 0x7c, 0x9e, 0xd7, 0xc, 0x45, 0x31, 0x78, 0xa3, 0xea, 0x8, 0x41, 0x9a, 0xd3, 0x43, 0xa, 0xd1, 0x98, 0x7a, 0x33, 0xe8, 0xa1, 0xb7, 0xfe, 0x25, 0x6c, 0x8e, 0xc7, 0x1c, 0x55, 0xc5, 0x8c, 0x57, 0x1e, 0xfc, 0xb5, 0x6e, 0x27, 0x53, 0x1a, 0xc1, 0x88, 0x6a, 0x23, 0xf8, 0xb1, 0x21, 0x68, 0xb3, 0xfa, 0x18, 0x51, 0x8a, 0xc3, 0x62, 0x2b, 0xf0, 0xb9, 0x5b, 0x12, 0xc9, 0x80, 0x10, 0x59, 0x82, 0xcb, 0x29, 0x60, 0xbb, 0xf2, 0x86, 0xcf, 0x14, 0x5d, 0xbf, 0xf6, 0x2d, 0x64, 0xf4, 0xbd, 0x66, 0x2f, 0xcd, 0x84, 0x5f, 0x16, 0x73, 0x3a, 0xe1, 0xa8, 0x4a, 0x3, 0xd8, 0x91, 0x1, 0x48, 0x93, 0xda, 0x38, 0x71, 0xaa, 0xe3, 0x97, 0xde, 0x5, 0x4c, 0xae, 0xe7, 0x3c, 0x75, 0xe5, 0xac, 0x77, 0x3e, 0xdc, 0x95, 0x4e, 0x7, 0xa6, 0xef, 0x34, 0x7d, 0x9f, 0xd6, 0xd, 0x44, 0xd4, 0x9d, 0x46, 0xf, 0xed, 0xa4, 0x7f, 0x36, 0x42, 0xb, 0xd0, 0x99, 0x7b, 0x32, 0xe9, 0xa0, 0x30, 0x79, 0xa2, 0xeb, 0x9, 0x40, 0x9b, 0xd2, 0xc4, 0x8d, 0x56, 0x1f, 0xfd, 0xb4, 0x6f, 0x26, 0xb6, 0xff, 0x24, 0x6d, 0x8f, 0xc6, 0x1d, 0x54, 0x20, 0x69, 0xb2, 0xfb, 0x19, 0x50, 0x8b, 0xc2, 0x52, 0x1b, 0xc0, 0x89, 0x6b, 0x22, 0xf9, 0xb0, 0x11, 0x58, 0x83, 0xca, 0x28, 0x61, 0xba, 0xf3, 0x63, 0x2a, 0xf1, 0xb8, 0x5a, 0x13, 0xc8, 0x81, 0xf5, 0xbc, 0x67, 0x2e, 0xcc, 0x85, 0x5e, 0x17, 0x87, 0xce, 0x15, 0x5c, 0xbe, 0xf7, 0x2c, 0x65},
+ {0x0, 0x4a, 0x94, 0xde, 0x35, 0x7f, 0xa1, 0xeb, 0x6a, 0x20, 0xfe, 0xb4, 0x5f, 0x15, 0xcb, 0x81, 0xd4, 0x9e, 0x40, 0xa, 0xe1, 0xab, 0x75, 0x3f, 0xbe, 0xf4, 0x2a, 0x60, 0x8b, 0xc1, 0x1f, 0x55, 0xb5, 0xff, 0x21, 0x6b, 0x80, 0xca, 0x14, 0x5e, 0xdf, 0x95, 0x4b, 0x1, 0xea, 0xa0, 0x7e, 0x34, 0x61, 0x2b, 0xf5, 0xbf, 0x54, 0x1e, 0xc0, 0x8a, 0xb, 0x41, 0x9f, 0xd5, 0x3e, 0x74, 0xaa, 0xe0, 0x77, 0x3d, 0xe3, 0xa9, 0x42, 0x8, 0xd6, 0x9c, 0x1d, 0x57, 0x89, 0xc3, 0x28, 0x62, 0xbc, 0xf6, 0xa3, 0xe9, 0x37, 0x7d, 0x96, 0xdc, 0x2, 0x48, 0xc9, 0x83, 0x5d, 0x17, 0xfc, 0xb6, 0x68, 0x22, 0xc2, 0x88, 0x56, 0x1c, 0xf7, 0xbd, 0x63, 0x29, 0xa8, 0xe2, 0x3c, 0x76, 0x9d, 0xd7, 0x9, 0x43, 0x16, 0x5c, 0x82, 0xc8, 0x23, 0x69, 0xb7, 0xfd, 0x7c, 0x36, 0xe8, 0xa2, 0x49, 0x3, 0xdd, 0x97, 0xee, 0xa4, 0x7a, 0x30, 0xdb, 0x91, 0x4f, 0x5, 0x84, 0xce, 0x10, 0x5a, 0xb1, 0xfb, 0x25, 0x6f, 0x3a, 0x70, 0xae, 0xe4, 0xf, 0x45, 0x9b, 0xd1, 0x50, 0x1a, 0xc4, 0x8e, 0x65, 0x2f, 0xf1, 0xbb, 0x5b, 0x11, 0xcf, 0x85, 0x6e, 0x24, 0xfa, 0xb0, 0x31, 0x7b, 0xa5, 0xef, 0x4, 0x4e, 0x90, 0xda, 0x8f, 0xc5, 0x1b, 0x51, 0xba, 0xf0, 0x2e, 0x64, 0xe5, 0xaf, 0x71, 0x3b, 0xd0, 0x9a, 0x44, 0xe, 0x99, 0xd3, 0xd, 0x47, 0xac, 0xe6, 0x38, 0x72, 0xf3, 0xb9, 0x67, 0x2d, 0xc6, 0x8c, 0x52, 0x18, 0x4d, 0x7, 0xd9, 0x93, 0x78, 0x32, 0xec, 0xa6, 0x27, 0x6d, 0xb3, 0xf9, 0x12, 0x58, 0x86, 0xcc, 0x2c, 0x66, 0xb8, 0xf2, 0x19, 0x53, 0x8d, 0xc7, 0x46, 0xc, 0xd2, 0x98, 0x73, 0x39, 0xe7, 0xad, 0xf8, 0xb2, 0x6c, 0x26, 0xcd, 0x87, 0x59, 0x13, 0x92, 0xd8, 0x6, 0x4c, 0xa7, 0xed, 0x33, 0x79},
+ {0x0, 0x4b, 0x96, 0xdd, 0x31, 0x7a, 0xa7, 0xec, 0x62, 0x29, 0xf4, 0xbf, 0x53, 0x18, 0xc5, 0x8e, 0xc4, 0x8f, 0x52, 0x19, 0xf5, 0xbe, 0x63, 0x28, 0xa6, 0xed, 0x30, 0x7b, 0x97, 0xdc, 0x1, 0x4a, 0x95, 0xde, 0x3, 0x48, 0xa4, 0xef, 0x32, 0x79, 0xf7, 0xbc, 0x61, 0x2a, 0xc6, 0x8d, 0x50, 0x1b, 0x51, 0x1a, 0xc7, 0x8c, 0x60, 0x2b, 0xf6, 0xbd, 0x33, 0x78, 0xa5, 0xee, 0x2, 0x49, 0x94, 0xdf, 0x37, 0x7c, 0xa1, 0xea, 0x6, 0x4d, 0x90, 0xdb, 0x55, 0x1e, 0xc3, 0x88, 0x64, 0x2f, 0xf2, 0xb9, 0xf3, 0xb8, 0x65, 0x2e, 0xc2, 0x89, 0x54, 0x1f, 0x91, 0xda, 0x7, 0x4c, 0xa0, 0xeb, 0x36, 0x7d, 0xa2, 0xe9, 0x34, 0x7f, 0x93, 0xd8, 0x5, 0x4e, 0xc0, 0x8b, 0x56, 0x1d, 0xf1, 0xba, 0x67, 0x2c, 0x66, 0x2d, 0xf0, 0xbb, 0x57, 0x1c, 0xc1, 0x8a, 0x4, 0x4f, 0x92, 0xd9, 0x35, 0x7e, 0xa3, 0xe8, 0x6e, 0x25, 0xf8, 0xb3, 0x5f, 0x14, 0xc9, 0x82, 0xc, 0x47, 0x9a, 0xd1, 0x3d, 0x76, 0xab, 0xe0, 0xaa, 0xe1, 0x3c, 0x77, 0x9b, 0xd0, 0xd, 0x46, 0xc8, 0x83, 0x5e, 0x15, 0xf9, 0xb2, 0x6f, 0x24, 0xfb, 0xb0, 0x6d, 0x26, 0xca, 0x81, 0x5c, 0x17, 0x99, 0xd2, 0xf, 0x44, 0xa8, 0xe3, 0x3e, 0x75, 0x3f, 0x74, 0xa9, 0xe2, 0xe, 0x45, 0x98, 0xd3, 0x5d, 0x16, 0xcb, 0x80, 0x6c, 0x27, 0xfa, 0xb1, 0x59, 0x12, 0xcf, 0x84, 0x68, 0x23, 0xfe, 0xb5, 0x3b, 0x70, 0xad, 0xe6, 0xa, 0x41, 0x9c, 0xd7, 0x9d, 0xd6, 0xb, 0x40, 0xac, 0xe7, 0x3a, 0x71, 0xff, 0xb4, 0x69, 0x22, 0xce, 0x85, 0x58, 0x13, 0xcc, 0x87, 0x5a, 0x11, 0xfd, 0xb6, 0x6b, 0x20, 0xae, 0xe5, 0x38, 0x73, 0x9f, 0xd4, 0x9, 0x42, 0x8, 0x43, 0x9e, 0xd5, 0x39, 0x72, 0xaf, 0xe4, 0x6a, 0x21, 0xfc, 0xb7, 0x5b, 0x10, 0xcd, 0x86},
+ {0x0, 0x4c, 0x98, 0xd4, 0x2d, 0x61, 0xb5, 0xf9, 0x5a, 0x16, 0xc2, 0x8e, 0x77, 0x3b, 0xef, 0xa3, 0xb4, 0xf8, 0x2c, 0x60, 0x99, 0xd5, 0x1, 0x4d, 0xee, 0xa2, 0x76, 0x3a, 0xc3, 0x8f, 0x5b, 0x17, 0x75, 0x39, 0xed, 0xa1, 0x58, 0x14, 0xc0, 0x8c, 0x2f, 0x63, 0xb7, 0xfb, 0x2, 0x4e, 0x9a, 0xd6, 0xc1, 0x8d, 0x59, 0x15, 0xec, 0xa0, 0x74, 0x38, 0x9b, 0xd7, 0x3, 0x4f, 0xb6, 0xfa, 0x2e, 0x62, 0xea, 0xa6, 0x72, 0x3e, 0xc7, 0x8b, 0x5f, 0x13, 0xb0, 0xfc, 0x28, 0x64, 0x9d, 0xd1, 0x5, 0x49, 0x5e, 0x12, 0xc6, 0x8a, 0x73, 0x3f, 0xeb, 0xa7, 0x4, 0x48, 0x9c, 0xd0, 0x29, 0x65, 0xb1, 0xfd, 0x9f, 0xd3, 0x7, 0x4b, 0xb2, 0xfe, 0x2a, 0x66, 0xc5, 0x89, 0x5d, 0x11, 0xe8, 0xa4, 0x70, 0x3c, 0x2b, 0x67, 0xb3, 0xff, 0x6, 0x4a, 0x9e, 0xd2, 0x71, 0x3d, 0xe9, 0xa5, 0x5c, 0x10, 0xc4, 0x88, 0xc9, 0x85, 0x51, 0x1d, 0xe4, 0xa8, 0x7c, 0x30, 0x93, 0xdf, 0xb, 0x47, 0xbe, 0xf2, 0x26, 0x6a, 0x7d, 0x31, 0xe5, 0xa9, 0x50, 0x1c, 0xc8, 0x84, 0x27, 0x6b, 0xbf, 0xf3, 0xa, 0x46, 0x92, 0xde, 0xbc, 0xf0, 0x24, 0x68, 0x91, 0xdd, 0x9, 0x45, 0xe6, 0xaa, 0x7e, 0x32, 0xcb, 0x87, 0x53, 0x1f, 0x8, 0x44, 0x90, 0xdc, 0x25, 0x69, 0xbd, 0xf1, 0x52, 0x1e, 0xca, 0x86, 0x7f, 0x33, 0xe7, 0xab, 0x23, 0x6f, 0xbb, 0xf7, 0xe, 0x42, 0x96, 0xda, 0x79, 0x35, 0xe1, 0xad, 0x54, 0x18, 0xcc, 0x80, 0x97, 0xdb, 0xf, 0x43, 0xba, 0xf6, 0x22, 0x6e, 0xcd, 0x81, 0x55, 0x19, 0xe0, 0xac, 0x78, 0x34, 0x56, 0x1a, 0xce, 0x82, 0x7b, 0x37, 0xe3, 0xaf, 0xc, 0x40, 0x94, 0xd8, 0x21, 0x6d, 0xb9, 0xf5, 0xe2, 0xae, 0x7a, 0x36, 0xcf, 0x83, 0x57, 0x1b, 0xb8, 0xf4, 0x20, 0x6c, 0x95, 0xd9, 0xd, 0x41},
+ {0x0, 0x4d, 0x9a, 0xd7, 0x29, 0x64, 0xb3, 0xfe, 0x52, 0x1f, 0xc8, 0x85, 0x7b, 0x36, 0xe1, 0xac, 0xa4, 0xe9, 0x3e, 0x73, 0x8d, 0xc0, 0x17, 0x5a, 0xf6, 0xbb, 0x6c, 0x21, 0xdf, 0x92, 0x45, 0x8, 0x55, 0x18, 0xcf, 0x82, 0x7c, 0x31, 0xe6, 0xab, 0x7, 0x4a, 0x9d, 0xd0, 0x2e, 0x63, 0xb4, 0xf9, 0xf1, 0xbc, 0x6b, 0x26, 0xd8, 0x95, 0x42, 0xf, 0xa3, 0xee, 0x39, 0x74, 0x8a, 0xc7, 0x10, 0x5d, 0xaa, 0xe7, 0x30, 0x7d, 0x83, 0xce, 0x19, 0x54, 0xf8, 0xb5, 0x62, 0x2f, 0xd1, 0x9c, 0x4b, 0x6, 0xe, 0x43, 0x94, 0xd9, 0x27, 0x6a, 0xbd, 0xf0, 0x5c, 0x11, 0xc6, 0x8b, 0x75, 0x38, 0xef, 0xa2, 0xff, 0xb2, 0x65, 0x28, 0xd6, 0x9b, 0x4c, 0x1, 0xad, 0xe0, 0x37, 0x7a, 0x84, 0xc9, 0x1e, 0x53, 0x5b, 0x16, 0xc1, 0x8c, 0x72, 0x3f, 0xe8, 0xa5, 0x9, 0x44, 0x93, 0xde, 0x20, 0x6d, 0xba, 0xf7, 0x49, 0x4, 0xd3, 0x9e, 0x60, 0x2d, 0xfa, 0xb7, 0x1b, 0x56, 0x81, 0xcc, 0x32, 0x7f, 0xa8, 0xe5, 0xed, 0xa0, 0x77, 0x3a, 0xc4, 0x89, 0x5e, 0x13, 0xbf, 0xf2, 0x25, 0x68, 0x96, 0xdb, 0xc, 0x41, 0x1c, 0x51, 0x86, 0xcb, 0x35, 0x78, 0xaf, 0xe2, 0x4e, 0x3, 0xd4, 0x99, 0x67, 0x2a, 0xfd, 0xb0, 0xb8, 0xf5, 0x22, 0x6f, 0x91, 0xdc, 0xb, 0x46, 0xea, 0xa7, 0x70, 0x3d, 0xc3, 0x8e, 0x59, 0x14, 0xe3, 0xae, 0x79, 0x34, 0xca, 0x87, 0x50, 0x1d, 0xb1, 0xfc, 0x2b, 0x66, 0x98, 0xd5, 0x2, 0x4f, 0x47, 0xa, 0xdd, 0x90, 0x6e, 0x23, 0xf4, 0xb9, 0x15, 0x58, 0x8f, 0xc2, 0x3c, 0x71, 0xa6, 0xeb, 0xb6, 0xfb, 0x2c, 0x61, 0x9f, 0xd2, 0x5, 0x48, 0xe4, 0xa9, 0x7e, 0x33, 0xcd, 0x80, 0x57, 0x1a, 0x12, 0x5f, 0x88, 0xc5, 0x3b, 0x76, 0xa1, 0xec, 0x40, 0xd, 0xda, 0x97, 0x69, 0x24, 0xf3, 0xbe},
+ {0x0, 0x4e, 0x9c, 0xd2, 0x25, 0x6b, 0xb9, 0xf7, 0x4a, 0x4, 0xd6, 0x98, 0x6f, 0x21, 0xf3, 0xbd, 0x94, 0xda, 0x8, 0x46, 0xb1, 0xff, 0x2d, 0x63, 0xde, 0x90, 0x42, 0xc, 0xfb, 0xb5, 0x67, 0x29, 0x35, 0x7b, 0xa9, 0xe7, 0x10, 0x5e, 0x8c, 0xc2, 0x7f, 0x31, 0xe3, 0xad, 0x5a, 0x14, 0xc6, 0x88, 0xa1, 0xef, 0x3d, 0x73, 0x84, 0xca, 0x18, 0x56, 0xeb, 0xa5, 0x77, 0x39, 0xce, 0x80, 0x52, 0x1c, 0x6a, 0x24, 0xf6, 0xb8, 0x4f, 0x1, 0xd3, 0x9d, 0x20, 0x6e, 0xbc, 0xf2, 0x5, 0x4b, 0x99, 0xd7, 0xfe, 0xb0, 0x62, 0x2c, 0xdb, 0x95, 0x47, 0x9, 0xb4, 0xfa, 0x28, 0x66, 0x91, 0xdf, 0xd, 0x43, 0x5f, 0x11, 0xc3, 0x8d, 0x7a, 0x34, 0xe6, 0xa8, 0x15, 0x5b, 0x89, 0xc7, 0x30, 0x7e, 0xac, 0xe2, 0xcb, 0x85, 0x57, 0x19, 0xee, 0xa0, 0x72, 0x3c, 0x81, 0xcf, 0x1d, 0x53, 0xa4, 0xea, 0x38, 0x76, 0xd4, 0x9a, 0x48, 0x6, 0xf1, 0xbf, 0x6d, 0x23, 0x9e, 0xd0, 0x2, 0x4c, 0xbb, 0xf5, 0x27, 0x69, 0x40, 0xe, 0xdc, 0x92, 0x65, 0x2b, 0xf9, 0xb7, 0xa, 0x44, 0x96, 0xd8, 0x2f, 0x61, 0xb3, 0xfd, 0xe1, 0xaf, 0x7d, 0x33, 0xc4, 0x8a, 0x58, 0x16, 0xab, 0xe5, 0x37, 0x79, 0x8e, 0xc0, 0x12, 0x5c, 0x75, 0x3b, 0xe9, 0xa7, 0x50, 0x1e, 0xcc, 0x82, 0x3f, 0x71, 0xa3, 0xed, 0x1a, 0x54, 0x86, 0xc8, 0xbe, 0xf0, 0x22, 0x6c, 0x9b, 0xd5, 0x7, 0x49, 0xf4, 0xba, 0x68, 0x26, 0xd1, 0x9f, 0x4d, 0x3, 0x2a, 0x64, 0xb6, 0xf8, 0xf, 0x41, 0x93, 0xdd, 0x60, 0x2e, 0xfc, 0xb2, 0x45, 0xb, 0xd9, 0x97, 0x8b, 0xc5, 0x17, 0x59, 0xae, 0xe0, 0x32, 0x7c, 0xc1, 0x8f, 0x5d, 0x13, 0xe4, 0xaa, 0x78, 0x36, 0x1f, 0x51, 0x83, 0xcd, 0x3a, 0x74, 0xa6, 0xe8, 0x55, 0x1b, 0xc9, 0x87, 0x70, 0x3e, 0xec, 0xa2},
+ {0x0, 0x4f, 0x9e, 0xd1, 0x21, 0x6e, 0xbf, 0xf0, 0x42, 0xd, 0xdc, 0x93, 0x63, 0x2c, 0xfd, 0xb2, 0x84, 0xcb, 0x1a, 0x55, 0xa5, 0xea, 0x3b, 0x74, 0xc6, 0x89, 0x58, 0x17, 0xe7, 0xa8, 0x79, 0x36, 0x15, 0x5a, 0x8b, 0xc4, 0x34, 0x7b, 0xaa, 0xe5, 0x57, 0x18, 0xc9, 0x86, 0x76, 0x39, 0xe8, 0xa7, 0x91, 0xde, 0xf, 0x40, 0xb0, 0xff, 0x2e, 0x61, 0xd3, 0x9c, 0x4d, 0x2, 0xf2, 0xbd, 0x6c, 0x23, 0x2a, 0x65, 0xb4, 0xfb, 0xb, 0x44, 0x95, 0xda, 0x68, 0x27, 0xf6, 0xb9, 0x49, 0x6, 0xd7, 0x98, 0xae, 0xe1, 0x30, 0x7f, 0x8f, 0xc0, 0x11, 0x5e, 0xec, 0xa3, 0x72, 0x3d, 0xcd, 0x82, 0x53, 0x1c, 0x3f, 0x70, 0xa1, 0xee, 0x1e, 0x51, 0x80, 0xcf, 0x7d, 0x32, 0xe3, 0xac, 0x5c, 0x13, 0xc2, 0x8d, 0xbb, 0xf4, 0x25, 0x6a, 0x9a, 0xd5, 0x4, 0x4b, 0xf9, 0xb6, 0x67, 0x28, 0xd8, 0x97, 0x46, 0x9, 0x54, 0x1b, 0xca, 0x85, 0x75, 0x3a, 0xeb, 0xa4, 0x16, 0x59, 0x88, 0xc7, 0x37, 0x78, 0xa9, 0xe6, 0xd0, 0x9f, 0x4e, 0x1, 0xf1, 0xbe, 0x6f, 0x20, 0x92, 0xdd, 0xc, 0x43, 0xb3, 0xfc, 0x2d, 0x62, 0x41, 0xe, 0xdf, 0x90, 0x60, 0x2f, 0xfe, 0xb1, 0x3, 0x4c, 0x9d, 0xd2, 0x22, 0x6d, 0xbc, 0xf3, 0xc5, 0x8a, 0x5b, 0x14, 0xe4, 0xab, 0x7a, 0x35, 0x87, 0xc8, 0x19, 0x56, 0xa6, 0xe9, 0x38, 0x77, 0x7e, 0x31, 0xe0, 0xaf, 0x5f, 0x10, 0xc1, 0x8e, 0x3c, 0x73, 0xa2, 0xed, 0x1d, 0x52, 0x83, 0xcc, 0xfa, 0xb5, 0x64, 0x2b, 0xdb, 0x94, 0x45, 0xa, 0xb8, 0xf7, 0x26, 0x69, 0x99, 0xd6, 0x7, 0x48, 0x6b, 0x24, 0xf5, 0xba, 0x4a, 0x5, 0xd4, 0x9b, 0x29, 0x66, 0xb7, 0xf8, 0x8, 0x47, 0x96, 0xd9, 0xef, 0xa0, 0x71, 0x3e, 0xce, 0x81, 0x50, 0x1f, 0xad, 0xe2, 0x33, 0x7c, 0x8c, 0xc3, 0x12, 0x5d},
+ {0x0, 0x50, 0xa0, 0xf0, 0x5d, 0xd, 0xfd, 0xad, 0xba, 0xea, 0x1a, 0x4a, 0xe7, 0xb7, 0x47, 0x17, 0x69, 0x39, 0xc9, 0x99, 0x34, 0x64, 0x94, 0xc4, 0xd3, 0x83, 0x73, 0x23, 0x8e, 0xde, 0x2e, 0x7e, 0xd2, 0x82, 0x72, 0x22, 0x8f, 0xdf, 0x2f, 0x7f, 0x68, 0x38, 0xc8, 0x98, 0x35, 0x65, 0x95, 0xc5, 0xbb, 0xeb, 0x1b, 0x4b, 0xe6, 0xb6, 0x46, 0x16, 0x1, 0x51, 0xa1, 0xf1, 0x5c, 0xc, 0xfc, 0xac, 0xb9, 0xe9, 0x19, 0x49, 0xe4, 0xb4, 0x44, 0x14, 0x3, 0x53, 0xa3, 0xf3, 0x5e, 0xe, 0xfe, 0xae, 0xd0, 0x80, 0x70, 0x20, 0x8d, 0xdd, 0x2d, 0x7d, 0x6a, 0x3a, 0xca, 0x9a, 0x37, 0x67, 0x97, 0xc7, 0x6b, 0x3b, 0xcb, 0x9b, 0x36, 0x66, 0x96, 0xc6, 0xd1, 0x81, 0x71, 0x21, 0x8c, 0xdc, 0x2c, 0x7c, 0x2, 0x52, 0xa2, 0xf2, 0x5f, 0xf, 0xff, 0xaf, 0xb8, 0xe8, 0x18, 0x48, 0xe5, 0xb5, 0x45, 0x15, 0x6f, 0x3f, 0xcf, 0x9f, 0x32, 0x62, 0x92, 0xc2, 0xd5, 0x85, 0x75, 0x25, 0x88, 0xd8, 0x28, 0x78, 0x6, 0x56, 0xa6, 0xf6, 0x5b, 0xb, 0xfb, 0xab, 0xbc, 0xec, 0x1c, 0x4c, 0xe1, 0xb1, 0x41, 0x11, 0xbd, 0xed, 0x1d, 0x4d, 0xe0, 0xb0, 0x40, 0x10, 0x7, 0x57, 0xa7, 0xf7, 0x5a, 0xa, 0xfa, 0xaa, 0xd4, 0x84, 0x74, 0x24, 0x89, 0xd9, 0x29, 0x79, 0x6e, 0x3e, 0xce, 0x9e, 0x33, 0x63, 0x93, 0xc3, 0xd6, 0x86, 0x76, 0x26, 0x8b, 0xdb, 0x2b, 0x7b, 0x6c, 0x3c, 0xcc, 0x9c, 0x31, 0x61, 0x91, 0xc1, 0xbf, 0xef, 0x1f, 0x4f, 0xe2, 0xb2, 0x42, 0x12, 0x5, 0x55, 0xa5, 0xf5, 0x58, 0x8, 0xf8, 0xa8, 0x4, 0x54, 0xa4, 0xf4, 0x59, 0x9, 0xf9, 0xa9, 0xbe, 0xee, 0x1e, 0x4e, 0xe3, 0xb3, 0x43, 0x13, 0x6d, 0x3d, 0xcd, 0x9d, 0x30, 0x60, 0x90, 0xc0, 0xd7, 0x87, 0x77, 0x27, 0x8a, 0xda, 0x2a, 0x7a},
+ {0x0, 0x51, 0xa2, 0xf3, 0x59, 0x8, 0xfb, 0xaa, 0xb2, 0xe3, 0x10, 0x41, 0xeb, 0xba, 0x49, 0x18, 0x79, 0x28, 0xdb, 0x8a, 0x20, 0x71, 0x82, 0xd3, 0xcb, 0x9a, 0x69, 0x38, 0x92, 0xc3, 0x30, 0x61, 0xf2, 0xa3, 0x50, 0x1, 0xab, 0xfa, 0x9, 0x58, 0x40, 0x11, 0xe2, 0xb3, 0x19, 0x48, 0xbb, 0xea, 0x8b, 0xda, 0x29, 0x78, 0xd2, 0x83, 0x70, 0x21, 0x39, 0x68, 0x9b, 0xca, 0x60, 0x31, 0xc2, 0x93, 0xf9, 0xa8, 0x5b, 0xa, 0xa0, 0xf1, 0x2, 0x53, 0x4b, 0x1a, 0xe9, 0xb8, 0x12, 0x43, 0xb0, 0xe1, 0x80, 0xd1, 0x22, 0x73, 0xd9, 0x88, 0x7b, 0x2a, 0x32, 0x63, 0x90, 0xc1, 0x6b, 0x3a, 0xc9, 0x98, 0xb, 0x5a, 0xa9, 0xf8, 0x52, 0x3, 0xf0, 0xa1, 0xb9, 0xe8, 0x1b, 0x4a, 0xe0, 0xb1, 0x42, 0x13, 0x72, 0x23, 0xd0, 0x81, 0x2b, 0x7a, 0x89, 0xd8, 0xc0, 0x91, 0x62, 0x33, 0x99, 0xc8, 0x3b, 0x6a, 0xef, 0xbe, 0x4d, 0x1c, 0xb6, 0xe7, 0x14, 0x45, 0x5d, 0xc, 0xff, 0xae, 0x4, 0x55, 0xa6, 0xf7, 0x96, 0xc7, 0x34, 0x65, 0xcf, 0x9e, 0x6d, 0x3c, 0x24, 0x75, 0x86, 0xd7, 0x7d, 0x2c, 0xdf, 0x8e, 0x1d, 0x4c, 0xbf, 0xee, 0x44, 0x15, 0xe6, 0xb7, 0xaf, 0xfe, 0xd, 0x5c, 0xf6, 0xa7, 0x54, 0x5, 0x64, 0x35, 0xc6, 0x97, 0x3d, 0x6c, 0x9f, 0xce, 0xd6, 0x87, 0x74, 0x25, 0x8f, 0xde, 0x2d, 0x7c, 0x16, 0x47, 0xb4, 0xe5, 0x4f, 0x1e, 0xed, 0xbc, 0xa4, 0xf5, 0x6, 0x57, 0xfd, 0xac, 0x5f, 0xe, 0x6f, 0x3e, 0xcd, 0x9c, 0x36, 0x67, 0x94, 0xc5, 0xdd, 0x8c, 0x7f, 0x2e, 0x84, 0xd5, 0x26, 0x77, 0xe4, 0xb5, 0x46, 0x17, 0xbd, 0xec, 0x1f, 0x4e, 0x56, 0x7, 0xf4, 0xa5, 0xf, 0x5e, 0xad, 0xfc, 0x9d, 0xcc, 0x3f, 0x6e, 0xc4, 0x95, 0x66, 0x37, 0x2f, 0x7e, 0x8d, 0xdc, 0x76, 0x27, 0xd4, 0x85},
+ {0x0, 0x52, 0xa4, 0xf6, 0x55, 0x7, 0xf1, 0xa3, 0xaa, 0xf8, 0xe, 0x5c, 0xff, 0xad, 0x5b, 0x9, 0x49, 0x1b, 0xed, 0xbf, 0x1c, 0x4e, 0xb8, 0xea, 0xe3, 0xb1, 0x47, 0x15, 0xb6, 0xe4, 0x12, 0x40, 0x92, 0xc0, 0x36, 0x64, 0xc7, 0x95, 0x63, 0x31, 0x38, 0x6a, 0x9c, 0xce, 0x6d, 0x3f, 0xc9, 0x9b, 0xdb, 0x89, 0x7f, 0x2d, 0x8e, 0xdc, 0x2a, 0x78, 0x71, 0x23, 0xd5, 0x87, 0x24, 0x76, 0x80, 0xd2, 0x39, 0x6b, 0x9d, 0xcf, 0x6c, 0x3e, 0xc8, 0x9a, 0x93, 0xc1, 0x37, 0x65, 0xc6, 0x94, 0x62, 0x30, 0x70, 0x22, 0xd4, 0x86, 0x25, 0x77, 0x81, 0xd3, 0xda, 0x88, 0x7e, 0x2c, 0x8f, 0xdd, 0x2b, 0x79, 0xab, 0xf9, 0xf, 0x5d, 0xfe, 0xac, 0x5a, 0x8, 0x1, 0x53, 0xa5, 0xf7, 0x54, 0x6, 0xf0, 0xa2, 0xe2, 0xb0, 0x46, 0x14, 0xb7, 0xe5, 0x13, 0x41, 0x48, 0x1a, 0xec, 0xbe, 0x1d, 0x4f, 0xb9, 0xeb, 0x72, 0x20, 0xd6, 0x84, 0x27, 0x75, 0x83, 0xd1, 0xd8, 0x8a, 0x7c, 0x2e, 0x8d, 0xdf, 0x29, 0x7b, 0x3b, 0x69, 0x9f, 0xcd, 0x6e, 0x3c, 0xca, 0x98, 0x91, 0xc3, 0x35, 0x67, 0xc4, 0x96, 0x60, 0x32, 0xe0, 0xb2, 0x44, 0x16, 0xb5, 0xe7, 0x11, 0x43, 0x4a, 0x18, 0xee, 0xbc, 0x1f, 0x4d, 0xbb, 0xe9, 0xa9, 0xfb, 0xd, 0x5f, 0xfc, 0xae, 0x58, 0xa, 0x3, 0x51, 0xa7, 0xf5, 0x56, 0x4, 0xf2, 0xa0, 0x4b, 0x19, 0xef, 0xbd, 0x1e, 0x4c, 0xba, 0xe8, 0xe1, 0xb3, 0x45, 0x17, 0xb4, 0xe6, 0x10, 0x42, 0x2, 0x50, 0xa6, 0xf4, 0x57, 0x5, 0xf3, 0xa1, 0xa8, 0xfa, 0xc, 0x5e, 0xfd, 0xaf, 0x59, 0xb, 0xd9, 0x8b, 0x7d, 0x2f, 0x8c, 0xde, 0x28, 0x7a, 0x73, 0x21, 0xd7, 0x85, 0x26, 0x74, 0x82, 0xd0, 0x90, 0xc2, 0x34, 0x66, 0xc5, 0x97, 0x61, 0x33, 0x3a, 0x68, 0x9e, 0xcc, 0x6f, 0x3d, 0xcb, 0x99},
+ {0x0, 0x53, 0xa6, 0xf5, 0x51, 0x2, 0xf7, 0xa4, 0xa2, 0xf1, 0x4, 0x57, 0xf3, 0xa0, 0x55, 0x6, 0x59, 0xa, 0xff, 0xac, 0x8, 0x5b, 0xae, 0xfd, 0xfb, 0xa8, 0x5d, 0xe, 0xaa, 0xf9, 0xc, 0x5f, 0xb2, 0xe1, 0x14, 0x47, 0xe3, 0xb0, 0x45, 0x16, 0x10, 0x43, 0xb6, 0xe5, 0x41, 0x12, 0xe7, 0xb4, 0xeb, 0xb8, 0x4d, 0x1e, 0xba, 0xe9, 0x1c, 0x4f, 0x49, 0x1a, 0xef, 0xbc, 0x18, 0x4b, 0xbe, 0xed, 0x79, 0x2a, 0xdf, 0x8c, 0x28, 0x7b, 0x8e, 0xdd, 0xdb, 0x88, 0x7d, 0x2e, 0x8a, 0xd9, 0x2c, 0x7f, 0x20, 0x73, 0x86, 0xd5, 0x71, 0x22, 0xd7, 0x84, 0x82, 0xd1, 0x24, 0x77, 0xd3, 0x80, 0x75, 0x26, 0xcb, 0x98, 0x6d, 0x3e, 0x9a, 0xc9, 0x3c, 0x6f, 0x69, 0x3a, 0xcf, 0x9c, 0x38, 0x6b, 0x9e, 0xcd, 0x92, 0xc1, 0x34, 0x67, 0xc3, 0x90, 0x65, 0x36, 0x30, 0x63, 0x96, 0xc5, 0x61, 0x32, 0xc7, 0x94, 0xf2, 0xa1, 0x54, 0x7, 0xa3, 0xf0, 0x5, 0x56, 0x50, 0x3, 0xf6, 0xa5, 0x1, 0x52, 0xa7, 0xf4, 0xab, 0xf8, 0xd, 0x5e, 0xfa, 0xa9, 0x5c, 0xf, 0x9, 0x5a, 0xaf, 0xfc, 0x58, 0xb, 0xfe, 0xad, 0x40, 0x13, 0xe6, 0xb5, 0x11, 0x42, 0xb7, 0xe4, 0xe2, 0xb1, 0x44, 0x17, 0xb3, 0xe0, 0x15, 0x46, 0x19, 0x4a, 0xbf, 0xec, 0x48, 0x1b, 0xee, 0xbd, 0xbb, 0xe8, 0x1d, 0x4e, 0xea, 0xb9, 0x4c, 0x1f, 0x8b, 0xd8, 0x2d, 0x7e, 0xda, 0x89, 0x7c, 0x2f, 0x29, 0x7a, 0x8f, 0xdc, 0x78, 0x2b, 0xde, 0x8d, 0xd2, 0x81, 0x74, 0x27, 0x83, 0xd0, 0x25, 0x76, 0x70, 0x23, 0xd6, 0x85, 0x21, 0x72, 0x87, 0xd4, 0x39, 0x6a, 0x9f, 0xcc, 0x68, 0x3b, 0xce, 0x9d, 0x9b, 0xc8, 0x3d, 0x6e, 0xca, 0x99, 0x6c, 0x3f, 0x60, 0x33, 0xc6, 0x95, 0x31, 0x62, 0x97, 0xc4, 0xc2, 0x91, 0x64, 0x37, 0x93, 0xc0, 0x35, 0x66},
+ {0x0, 0x54, 0xa8, 0xfc, 0x4d, 0x19, 0xe5, 0xb1, 0x9a, 0xce, 0x32, 0x66, 0xd7, 0x83, 0x7f, 0x2b, 0x29, 0x7d, 0x81, 0xd5, 0x64, 0x30, 0xcc, 0x98, 0xb3, 0xe7, 0x1b, 0x4f, 0xfe, 0xaa, 0x56, 0x2, 0x52, 0x6, 0xfa, 0xae, 0x1f, 0x4b, 0xb7, 0xe3, 0xc8, 0x9c, 0x60, 0x34, 0x85, 0xd1, 0x2d, 0x79, 0x7b, 0x2f, 0xd3, 0x87, 0x36, 0x62, 0x9e, 0xca, 0xe1, 0xb5, 0x49, 0x1d, 0xac, 0xf8, 0x4, 0x50, 0xa4, 0xf0, 0xc, 0x58, 0xe9, 0xbd, 0x41, 0x15, 0x3e, 0x6a, 0x96, 0xc2, 0x73, 0x27, 0xdb, 0x8f, 0x8d, 0xd9, 0x25, 0x71, 0xc0, 0x94, 0x68, 0x3c, 0x17, 0x43, 0xbf, 0xeb, 0x5a, 0xe, 0xf2, 0xa6, 0xf6, 0xa2, 0x5e, 0xa, 0xbb, 0xef, 0x13, 0x47, 0x6c, 0x38, 0xc4, 0x90, 0x21, 0x75, 0x89, 0xdd, 0xdf, 0x8b, 0x77, 0x23, 0x92, 0xc6, 0x3a, 0x6e, 0x45, 0x11, 0xed, 0xb9, 0x8, 0x5c, 0xa0, 0xf4, 0x55, 0x1, 0xfd, 0xa9, 0x18, 0x4c, 0xb0, 0xe4, 0xcf, 0x9b, 0x67, 0x33, 0x82, 0xd6, 0x2a, 0x7e, 0x7c, 0x28, 0xd4, 0x80, 0x31, 0x65, 0x99, 0xcd, 0xe6, 0xb2, 0x4e, 0x1a, 0xab, 0xff, 0x3, 0x57, 0x7, 0x53, 0xaf, 0xfb, 0x4a, 0x1e, 0xe2, 0xb6, 0x9d, 0xc9, 0x35, 0x61, 0xd0, 0x84, 0x78, 0x2c, 0x2e, 0x7a, 0x86, 0xd2, 0x63, 0x37, 0xcb, 0x9f, 0xb4, 0xe0, 0x1c, 0x48, 0xf9, 0xad, 0x51, 0x5, 0xf1, 0xa5, 0x59, 0xd, 0xbc, 0xe8, 0x14, 0x40, 0x6b, 0x3f, 0xc3, 0x97, 0x26, 0x72, 0x8e, 0xda, 0xd8, 0x8c, 0x70, 0x24, 0x95, 0xc1, 0x3d, 0x69, 0x42, 0x16, 0xea, 0xbe, 0xf, 0x5b, 0xa7, 0xf3, 0xa3, 0xf7, 0xb, 0x5f, 0xee, 0xba, 0x46, 0x12, 0x39, 0x6d, 0x91, 0xc5, 0x74, 0x20, 0xdc, 0x88, 0x8a, 0xde, 0x22, 0x76, 0xc7, 0x93, 0x6f, 0x3b, 0x10, 0x44, 0xb8, 0xec, 0x5d, 0x9, 0xf5, 0xa1},
+ {0x0, 0x55, 0xaa, 0xff, 0x49, 0x1c, 0xe3, 0xb6, 0x92, 0xc7, 0x38, 0x6d, 0xdb, 0x8e, 0x71, 0x24, 0x39, 0x6c, 0x93, 0xc6, 0x70, 0x25, 0xda, 0x8f, 0xab, 0xfe, 0x1, 0x54, 0xe2, 0xb7, 0x48, 0x1d, 0x72, 0x27, 0xd8, 0x8d, 0x3b, 0x6e, 0x91, 0xc4, 0xe0, 0xb5, 0x4a, 0x1f, 0xa9, 0xfc, 0x3, 0x56, 0x4b, 0x1e, 0xe1, 0xb4, 0x2, 0x57, 0xa8, 0xfd, 0xd9, 0x8c, 0x73, 0x26, 0x90, 0xc5, 0x3a, 0x6f, 0xe4, 0xb1, 0x4e, 0x1b, 0xad, 0xf8, 0x7, 0x52, 0x76, 0x23, 0xdc, 0x89, 0x3f, 0x6a, 0x95, 0xc0, 0xdd, 0x88, 0x77, 0x22, 0x94, 0xc1, 0x3e, 0x6b, 0x4f, 0x1a, 0xe5, 0xb0, 0x6, 0x53, 0xac, 0xf9, 0x96, 0xc3, 0x3c, 0x69, 0xdf, 0x8a, 0x75, 0x20, 0x4, 0x51, 0xae, 0xfb, 0x4d, 0x18, 0xe7, 0xb2, 0xaf, 0xfa, 0x5, 0x50, 0xe6, 0xb3, 0x4c, 0x19, 0x3d, 0x68, 0x97, 0xc2, 0x74, 0x21, 0xde, 0x8b, 0xd5, 0x80, 0x7f, 0x2a, 0x9c, 0xc9, 0x36, 0x63, 0x47, 0x12, 0xed, 0xb8, 0xe, 0x5b, 0xa4, 0xf1, 0xec, 0xb9, 0x46, 0x13, 0xa5, 0xf0, 0xf, 0x5a, 0x7e, 0x2b, 0xd4, 0x81, 0x37, 0x62, 0x9d, 0xc8, 0xa7, 0xf2, 0xd, 0x58, 0xee, 0xbb, 0x44, 0x11, 0x35, 0x60, 0x9f, 0xca, 0x7c, 0x29, 0xd6, 0x83, 0x9e, 0xcb, 0x34, 0x61, 0xd7, 0x82, 0x7d, 0x28, 0xc, 0x59, 0xa6, 0xf3, 0x45, 0x10, 0xef, 0xba, 0x31, 0x64, 0x9b, 0xce, 0x78, 0x2d, 0xd2, 0x87, 0xa3, 0xf6, 0x9, 0x5c, 0xea, 0xbf, 0x40, 0x15, 0x8, 0x5d, 0xa2, 0xf7, 0x41, 0x14, 0xeb, 0xbe, 0x9a, 0xcf, 0x30, 0x65, 0xd3, 0x86, 0x79, 0x2c, 0x43, 0x16, 0xe9, 0xbc, 0xa, 0x5f, 0xa0, 0xf5, 0xd1, 0x84, 0x7b, 0x2e, 0x98, 0xcd, 0x32, 0x67, 0x7a, 0x2f, 0xd0, 0x85, 0x33, 0x66, 0x99, 0xcc, 0xe8, 0xbd, 0x42, 0x17, 0xa1, 0xf4, 0xb, 0x5e},
+ {0x0, 0x56, 0xac, 0xfa, 0x45, 0x13, 0xe9, 0xbf, 0x8a, 0xdc, 0x26, 0x70, 0xcf, 0x99, 0x63, 0x35, 0x9, 0x5f, 0xa5, 0xf3, 0x4c, 0x1a, 0xe0, 0xb6, 0x83, 0xd5, 0x2f, 0x79, 0xc6, 0x90, 0x6a, 0x3c, 0x12, 0x44, 0xbe, 0xe8, 0x57, 0x1, 0xfb, 0xad, 0x98, 0xce, 0x34, 0x62, 0xdd, 0x8b, 0x71, 0x27, 0x1b, 0x4d, 0xb7, 0xe1, 0x5e, 0x8, 0xf2, 0xa4, 0x91, 0xc7, 0x3d, 0x6b, 0xd4, 0x82, 0x78, 0x2e, 0x24, 0x72, 0x88, 0xde, 0x61, 0x37, 0xcd, 0x9b, 0xae, 0xf8, 0x2, 0x54, 0xeb, 0xbd, 0x47, 0x11, 0x2d, 0x7b, 0x81, 0xd7, 0x68, 0x3e, 0xc4, 0x92, 0xa7, 0xf1, 0xb, 0x5d, 0xe2, 0xb4, 0x4e, 0x18, 0x36, 0x60, 0x9a, 0xcc, 0x73, 0x25, 0xdf, 0x89, 0xbc, 0xea, 0x10, 0x46, 0xf9, 0xaf, 0x55, 0x3, 0x3f, 0x69, 0x93, 0xc5, 0x7a, 0x2c, 0xd6, 0x80, 0xb5, 0xe3, 0x19, 0x4f, 0xf0, 0xa6, 0x5c, 0xa, 0x48, 0x1e, 0xe4, 0xb2, 0xd, 0x5b, 0xa1, 0xf7, 0xc2, 0x94, 0x6e, 0x38, 0x87, 0xd1, 0x2b, 0x7d, 0x41, 0x17, 0xed, 0xbb, 0x4, 0x52, 0xa8, 0xfe, 0xcb, 0x9d, 0x67, 0x31, 0x8e, 0xd8, 0x22, 0x74, 0x5a, 0xc, 0xf6, 0xa0, 0x1f, 0x49, 0xb3, 0xe5, 0xd0, 0x86, 0x7c, 0x2a, 0x95, 0xc3, 0x39, 0x6f, 0x53, 0x5, 0xff, 0xa9, 0x16, 0x40, 0xba, 0xec, 0xd9, 0x8f, 0x75, 0x23, 0x9c, 0xca, 0x30, 0x66, 0x6c, 0x3a, 0xc0, 0x96, 0x29, 0x7f, 0x85, 0xd3, 0xe6, 0xb0, 0x4a, 0x1c, 0xa3, 0xf5, 0xf, 0x59, 0x65, 0x33, 0xc9, 0x9f, 0x20, 0x76, 0x8c, 0xda, 0xef, 0xb9, 0x43, 0x15, 0xaa, 0xfc, 0x6, 0x50, 0x7e, 0x28, 0xd2, 0x84, 0x3b, 0x6d, 0x97, 0xc1, 0xf4, 0xa2, 0x58, 0xe, 0xb1, 0xe7, 0x1d, 0x4b, 0x77, 0x21, 0xdb, 0x8d, 0x32, 0x64, 0x9e, 0xc8, 0xfd, 0xab, 0x51, 0x7, 0xb8, 0xee, 0x14, 0x42},
+ {0x0, 0x57, 0xae, 0xf9, 0x41, 0x16, 0xef, 0xb8, 0x82, 0xd5, 0x2c, 0x7b, 0xc3, 0x94, 0x6d, 0x3a, 0x19, 0x4e, 0xb7, 0xe0, 0x58, 0xf, 0xf6, 0xa1, 0x9b, 0xcc, 0x35, 0x62, 0xda, 0x8d, 0x74, 0x23, 0x32, 0x65, 0x9c, 0xcb, 0x73, 0x24, 0xdd, 0x8a, 0xb0, 0xe7, 0x1e, 0x49, 0xf1, 0xa6, 0x5f, 0x8, 0x2b, 0x7c, 0x85, 0xd2, 0x6a, 0x3d, 0xc4, 0x93, 0xa9, 0xfe, 0x7, 0x50, 0xe8, 0xbf, 0x46, 0x11, 0x64, 0x33, 0xca, 0x9d, 0x25, 0x72, 0x8b, 0xdc, 0xe6, 0xb1, 0x48, 0x1f, 0xa7, 0xf0, 0x9, 0x5e, 0x7d, 0x2a, 0xd3, 0x84, 0x3c, 0x6b, 0x92, 0xc5, 0xff, 0xa8, 0x51, 0x6, 0xbe, 0xe9, 0x10, 0x47, 0x56, 0x1, 0xf8, 0xaf, 0x17, 0x40, 0xb9, 0xee, 0xd4, 0x83, 0x7a, 0x2d, 0x95, 0xc2, 0x3b, 0x6c, 0x4f, 0x18, 0xe1, 0xb6, 0xe, 0x59, 0xa0, 0xf7, 0xcd, 0x9a, 0x63, 0x34, 0x8c, 0xdb, 0x22, 0x75, 0xc8, 0x9f, 0x66, 0x31, 0x89, 0xde, 0x27, 0x70, 0x4a, 0x1d, 0xe4, 0xb3, 0xb, 0x5c, 0xa5, 0xf2, 0xd1, 0x86, 0x7f, 0x28, 0x90, 0xc7, 0x3e, 0x69, 0x53, 0x4, 0xfd, 0xaa, 0x12, 0x45, 0xbc, 0xeb, 0xfa, 0xad, 0x54, 0x3, 0xbb, 0xec, 0x15, 0x42, 0x78, 0x2f, 0xd6, 0x81, 0x39, 0x6e, 0x97, 0xc0, 0xe3, 0xb4, 0x4d, 0x1a, 0xa2, 0xf5, 0xc, 0x5b, 0x61, 0x36, 0xcf, 0x98, 0x20, 0x77, 0x8e, 0xd9, 0xac, 0xfb, 0x2, 0x55, 0xed, 0xba, 0x43, 0x14, 0x2e, 0x79, 0x80, 0xd7, 0x6f, 0x38, 0xc1, 0x96, 0xb5, 0xe2, 0x1b, 0x4c, 0xf4, 0xa3, 0x5a, 0xd, 0x37, 0x60, 0x99, 0xce, 0x76, 0x21, 0xd8, 0x8f, 0x9e, 0xc9, 0x30, 0x67, 0xdf, 0x88, 0x71, 0x26, 0x1c, 0x4b, 0xb2, 0xe5, 0x5d, 0xa, 0xf3, 0xa4, 0x87, 0xd0, 0x29, 0x7e, 0xc6, 0x91, 0x68, 0x3f, 0x5, 0x52, 0xab, 0xfc, 0x44, 0x13, 0xea, 0xbd},
+ {0x0, 0x58, 0xb0, 0xe8, 0x7d, 0x25, 0xcd, 0x95, 0xfa, 0xa2, 0x4a, 0x12, 0x87, 0xdf, 0x37, 0x6f, 0xe9, 0xb1, 0x59, 0x1, 0x94, 0xcc, 0x24, 0x7c, 0x13, 0x4b, 0xa3, 0xfb, 0x6e, 0x36, 0xde, 0x86, 0xcf, 0x97, 0x7f, 0x27, 0xb2, 0xea, 0x2, 0x5a, 0x35, 0x6d, 0x85, 0xdd, 0x48, 0x10, 0xf8, 0xa0, 0x26, 0x7e, 0x96, 0xce, 0x5b, 0x3, 0xeb, 0xb3, 0xdc, 0x84, 0x6c, 0x34, 0xa1, 0xf9, 0x11, 0x49, 0x83, 0xdb, 0x33, 0x6b, 0xfe, 0xa6, 0x4e, 0x16, 0x79, 0x21, 0xc9, 0x91, 0x4, 0x5c, 0xb4, 0xec, 0x6a, 0x32, 0xda, 0x82, 0x17, 0x4f, 0xa7, 0xff, 0x90, 0xc8, 0x20, 0x78, 0xed, 0xb5, 0x5d, 0x5, 0x4c, 0x14, 0xfc, 0xa4, 0x31, 0x69, 0x81, 0xd9, 0xb6, 0xee, 0x6, 0x5e, 0xcb, 0x93, 0x7b, 0x23, 0xa5, 0xfd, 0x15, 0x4d, 0xd8, 0x80, 0x68, 0x30, 0x5f, 0x7, 0xef, 0xb7, 0x22, 0x7a, 0x92, 0xca, 0x1b, 0x43, 0xab, 0xf3, 0x66, 0x3e, 0xd6, 0x8e, 0xe1, 0xb9, 0x51, 0x9, 0x9c, 0xc4, 0x2c, 0x74, 0xf2, 0xaa, 0x42, 0x1a, 0x8f, 0xd7, 0x3f, 0x67, 0x8, 0x50, 0xb8, 0xe0, 0x75, 0x2d, 0xc5, 0x9d, 0xd4, 0x8c, 0x64, 0x3c, 0xa9, 0xf1, 0x19, 0x41, 0x2e, 0x76, 0x9e, 0xc6, 0x53, 0xb, 0xe3, 0xbb, 0x3d, 0x65, 0x8d, 0xd5, 0x40, 0x18, 0xf0, 0xa8, 0xc7, 0x9f, 0x77, 0x2f, 0xba, 0xe2, 0xa, 0x52, 0x98, 0xc0, 0x28, 0x70, 0xe5, 0xbd, 0x55, 0xd, 0x62, 0x3a, 0xd2, 0x8a, 0x1f, 0x47, 0xaf, 0xf7, 0x71, 0x29, 0xc1, 0x99, 0xc, 0x54, 0xbc, 0xe4, 0x8b, 0xd3, 0x3b, 0x63, 0xf6, 0xae, 0x46, 0x1e, 0x57, 0xf, 0xe7, 0xbf, 0x2a, 0x72, 0x9a, 0xc2, 0xad, 0xf5, 0x1d, 0x45, 0xd0, 0x88, 0x60, 0x38, 0xbe, 0xe6, 0xe, 0x56, 0xc3, 0x9b, 0x73, 0x2b, 0x44, 0x1c, 0xf4, 0xac, 0x39, 0x61, 0x89, 0xd1},
+ {0x0, 0x59, 0xb2, 0xeb, 0x79, 0x20, 0xcb, 0x92, 0xf2, 0xab, 0x40, 0x19, 0x8b, 0xd2, 0x39, 0x60, 0xf9, 0xa0, 0x4b, 0x12, 0x80, 0xd9, 0x32, 0x6b, 0xb, 0x52, 0xb9, 0xe0, 0x72, 0x2b, 0xc0, 0x99, 0xef, 0xb6, 0x5d, 0x4, 0x96, 0xcf, 0x24, 0x7d, 0x1d, 0x44, 0xaf, 0xf6, 0x64, 0x3d, 0xd6, 0x8f, 0x16, 0x4f, 0xa4, 0xfd, 0x6f, 0x36, 0xdd, 0x84, 0xe4, 0xbd, 0x56, 0xf, 0x9d, 0xc4, 0x2f, 0x76, 0xc3, 0x9a, 0x71, 0x28, 0xba, 0xe3, 0x8, 0x51, 0x31, 0x68, 0x83, 0xda, 0x48, 0x11, 0xfa, 0xa3, 0x3a, 0x63, 0x88, 0xd1, 0x43, 0x1a, 0xf1, 0xa8, 0xc8, 0x91, 0x7a, 0x23, 0xb1, 0xe8, 0x3, 0x5a, 0x2c, 0x75, 0x9e, 0xc7, 0x55, 0xc, 0xe7, 0xbe, 0xde, 0x87, 0x6c, 0x35, 0xa7, 0xfe, 0x15, 0x4c, 0xd5, 0x8c, 0x67, 0x3e, 0xac, 0xf5, 0x1e, 0x47, 0x27, 0x7e, 0x95, 0xcc, 0x5e, 0x7, 0xec, 0xb5, 0x9b, 0xc2, 0x29, 0x70, 0xe2, 0xbb, 0x50, 0x9, 0x69, 0x30, 0xdb, 0x82, 0x10, 0x49, 0xa2, 0xfb, 0x62, 0x3b, 0xd0, 0x89, 0x1b, 0x42, 0xa9, 0xf0, 0x90, 0xc9, 0x22, 0x7b, 0xe9, 0xb0, 0x5b, 0x2, 0x74, 0x2d, 0xc6, 0x9f, 0xd, 0x54, 0xbf, 0xe6, 0x86, 0xdf, 0x34, 0x6d, 0xff, 0xa6, 0x4d, 0x14, 0x8d, 0xd4, 0x3f, 0x66, 0xf4, 0xad, 0x46, 0x1f, 0x7f, 0x26, 0xcd, 0x94, 0x6, 0x5f, 0xb4, 0xed, 0x58, 0x1, 0xea, 0xb3, 0x21, 0x78, 0x93, 0xca, 0xaa, 0xf3, 0x18, 0x41, 0xd3, 0x8a, 0x61, 0x38, 0xa1, 0xf8, 0x13, 0x4a, 0xd8, 0x81, 0x6a, 0x33, 0x53, 0xa, 0xe1, 0xb8, 0x2a, 0x73, 0x98, 0xc1, 0xb7, 0xee, 0x5, 0x5c, 0xce, 0x97, 0x7c, 0x25, 0x45, 0x1c, 0xf7, 0xae, 0x3c, 0x65, 0x8e, 0xd7, 0x4e, 0x17, 0xfc, 0xa5, 0x37, 0x6e, 0x85, 0xdc, 0xbc, 0xe5, 0xe, 0x57, 0xc5, 0x9c, 0x77, 0x2e},
+ {0x0, 0x5a, 0xb4, 0xee, 0x75, 0x2f, 0xc1, 0x9b, 0xea, 0xb0, 0x5e, 0x4, 0x9f, 0xc5, 0x2b, 0x71, 0xc9, 0x93, 0x7d, 0x27, 0xbc, 0xe6, 0x8, 0x52, 0x23, 0x79, 0x97, 0xcd, 0x56, 0xc, 0xe2, 0xb8, 0x8f, 0xd5, 0x3b, 0x61, 0xfa, 0xa0, 0x4e, 0x14, 0x65, 0x3f, 0xd1, 0x8b, 0x10, 0x4a, 0xa4, 0xfe, 0x46, 0x1c, 0xf2, 0xa8, 0x33, 0x69, 0x87, 0xdd, 0xac, 0xf6, 0x18, 0x42, 0xd9, 0x83, 0x6d, 0x37, 0x3, 0x59, 0xb7, 0xed, 0x76, 0x2c, 0xc2, 0x98, 0xe9, 0xb3, 0x5d, 0x7, 0x9c, 0xc6, 0x28, 0x72, 0xca, 0x90, 0x7e, 0x24, 0xbf, 0xe5, 0xb, 0x51, 0x20, 0x7a, 0x94, 0xce, 0x55, 0xf, 0xe1, 0xbb, 0x8c, 0xd6, 0x38, 0x62, 0xf9, 0xa3, 0x4d, 0x17, 0x66, 0x3c, 0xd2, 0x88, 0x13, 0x49, 0xa7, 0xfd, 0x45, 0x1f, 0xf1, 0xab, 0x30, 0x6a, 0x84, 0xde, 0xaf, 0xf5, 0x1b, 0x41, 0xda, 0x80, 0x6e, 0x34, 0x6, 0x5c, 0xb2, 0xe8, 0x73, 0x29, 0xc7, 0x9d, 0xec, 0xb6, 0x58, 0x2, 0x99, 0xc3, 0x2d, 0x77, 0xcf, 0x95, 0x7b, 0x21, 0xba, 0xe0, 0xe, 0x54, 0x25, 0x7f, 0x91, 0xcb, 0x50, 0xa, 0xe4, 0xbe, 0x89, 0xd3, 0x3d, 0x67, 0xfc, 0xa6, 0x48, 0x12, 0x63, 0x39, 0xd7, 0x8d, 0x16, 0x4c, 0xa2, 0xf8, 0x40, 0x1a, 0xf4, 0xae, 0x35, 0x6f, 0x81, 0xdb, 0xaa, 0xf0, 0x1e, 0x44, 0xdf, 0x85, 0x6b, 0x31, 0x5, 0x5f, 0xb1, 0xeb, 0x70, 0x2a, 0xc4, 0x9e, 0xef, 0xb5, 0x5b, 0x1, 0x9a, 0xc0, 0x2e, 0x74, 0xcc, 0x96, 0x78, 0x22, 0xb9, 0xe3, 0xd, 0x57, 0x26, 0x7c, 0x92, 0xc8, 0x53, 0x9, 0xe7, 0xbd, 0x8a, 0xd0, 0x3e, 0x64, 0xff, 0xa5, 0x4b, 0x11, 0x60, 0x3a, 0xd4, 0x8e, 0x15, 0x4f, 0xa1, 0xfb, 0x43, 0x19, 0xf7, 0xad, 0x36, 0x6c, 0x82, 0xd8, 0xa9, 0xf3, 0x1d, 0x47, 0xdc, 0x86, 0x68, 0x32},
+ {0x0, 0x5b, 0xb6, 0xed, 0x71, 0x2a, 0xc7, 0x9c, 0xe2, 0xb9, 0x54, 0xf, 0x93, 0xc8, 0x25, 0x7e, 0xd9, 0x82, 0x6f, 0x34, 0xa8, 0xf3, 0x1e, 0x45, 0x3b, 0x60, 0x8d, 0xd6, 0x4a, 0x11, 0xfc, 0xa7, 0xaf, 0xf4, 0x19, 0x42, 0xde, 0x85, 0x68, 0x33, 0x4d, 0x16, 0xfb, 0xa0, 0x3c, 0x67, 0x8a, 0xd1, 0x76, 0x2d, 0xc0, 0x9b, 0x7, 0x5c, 0xb1, 0xea, 0x94, 0xcf, 0x22, 0x79, 0xe5, 0xbe, 0x53, 0x8, 0x43, 0x18, 0xf5, 0xae, 0x32, 0x69, 0x84, 0xdf, 0xa1, 0xfa, 0x17, 0x4c, 0xd0, 0x8b, 0x66, 0x3d, 0x9a, 0xc1, 0x2c, 0x77, 0xeb, 0xb0, 0x5d, 0x6, 0x78, 0x23, 0xce, 0x95, 0x9, 0x52, 0xbf, 0xe4, 0xec, 0xb7, 0x5a, 0x1, 0x9d, 0xc6, 0x2b, 0x70, 0xe, 0x55, 0xb8, 0xe3, 0x7f, 0x24, 0xc9, 0x92, 0x35, 0x6e, 0x83, 0xd8, 0x44, 0x1f, 0xf2, 0xa9, 0xd7, 0x8c, 0x61, 0x3a, 0xa6, 0xfd, 0x10, 0x4b, 0x86, 0xdd, 0x30, 0x6b, 0xf7, 0xac, 0x41, 0x1a, 0x64, 0x3f, 0xd2, 0x89, 0x15, 0x4e, 0xa3, 0xf8, 0x5f, 0x4, 0xe9, 0xb2, 0x2e, 0x75, 0x98, 0xc3, 0xbd, 0xe6, 0xb, 0x50, 0xcc, 0x97, 0x7a, 0x21, 0x29, 0x72, 0x9f, 0xc4, 0x58, 0x3, 0xee, 0xb5, 0xcb, 0x90, 0x7d, 0x26, 0xba, 0xe1, 0xc, 0x57, 0xf0, 0xab, 0x46, 0x1d, 0x81, 0xda, 0x37, 0x6c, 0x12, 0x49, 0xa4, 0xff, 0x63, 0x38, 0xd5, 0x8e, 0xc5, 0x9e, 0x73, 0x28, 0xb4, 0xef, 0x2, 0x59, 0x27, 0x7c, 0x91, 0xca, 0x56, 0xd, 0xe0, 0xbb, 0x1c, 0x47, 0xaa, 0xf1, 0x6d, 0x36, 0xdb, 0x80, 0xfe, 0xa5, 0x48, 0x13, 0x8f, 0xd4, 0x39, 0x62, 0x6a, 0x31, 0xdc, 0x87, 0x1b, 0x40, 0xad, 0xf6, 0x88, 0xd3, 0x3e, 0x65, 0xf9, 0xa2, 0x4f, 0x14, 0xb3, 0xe8, 0x5, 0x5e, 0xc2, 0x99, 0x74, 0x2f, 0x51, 0xa, 0xe7, 0xbc, 0x20, 0x7b, 0x96, 0xcd},
+ {0x0, 0x5c, 0xb8, 0xe4, 0x6d, 0x31, 0xd5, 0x89, 0xda, 0x86, 0x62, 0x3e, 0xb7, 0xeb, 0xf, 0x53, 0xa9, 0xf5, 0x11, 0x4d, 0xc4, 0x98, 0x7c, 0x20, 0x73, 0x2f, 0xcb, 0x97, 0x1e, 0x42, 0xa6, 0xfa, 0x4f, 0x13, 0xf7, 0xab, 0x22, 0x7e, 0x9a, 0xc6, 0x95, 0xc9, 0x2d, 0x71, 0xf8, 0xa4, 0x40, 0x1c, 0xe6, 0xba, 0x5e, 0x2, 0x8b, 0xd7, 0x33, 0x6f, 0x3c, 0x60, 0x84, 0xd8, 0x51, 0xd, 0xe9, 0xb5, 0x9e, 0xc2, 0x26, 0x7a, 0xf3, 0xaf, 0x4b, 0x17, 0x44, 0x18, 0xfc, 0xa0, 0x29, 0x75, 0x91, 0xcd, 0x37, 0x6b, 0x8f, 0xd3, 0x5a, 0x6, 0xe2, 0xbe, 0xed, 0xb1, 0x55, 0x9, 0x80, 0xdc, 0x38, 0x64, 0xd1, 0x8d, 0x69, 0x35, 0xbc, 0xe0, 0x4, 0x58, 0xb, 0x57, 0xb3, 0xef, 0x66, 0x3a, 0xde, 0x82, 0x78, 0x24, 0xc0, 0x9c, 0x15, 0x49, 0xad, 0xf1, 0xa2, 0xfe, 0x1a, 0x46, 0xcf, 0x93, 0x77, 0x2b, 0x21, 0x7d, 0x99, 0xc5, 0x4c, 0x10, 0xf4, 0xa8, 0xfb, 0xa7, 0x43, 0x1f, 0x96, 0xca, 0x2e, 0x72, 0x88, 0xd4, 0x30, 0x6c, 0xe5, 0xb9, 0x5d, 0x1, 0x52, 0xe, 0xea, 0xb6, 0x3f, 0x63, 0x87, 0xdb, 0x6e, 0x32, 0xd6, 0x8a, 0x3, 0x5f, 0xbb, 0xe7, 0xb4, 0xe8, 0xc, 0x50, 0xd9, 0x85, 0x61, 0x3d, 0xc7, 0x9b, 0x7f, 0x23, 0xaa, 0xf6, 0x12, 0x4e, 0x1d, 0x41, 0xa5, 0xf9, 0x70, 0x2c, 0xc8, 0x94, 0xbf, 0xe3, 0x7, 0x5b, 0xd2, 0x8e, 0x6a, 0x36, 0x65, 0x39, 0xdd, 0x81, 0x8, 0x54, 0xb0, 0xec, 0x16, 0x4a, 0xae, 0xf2, 0x7b, 0x27, 0xc3, 0x9f, 0xcc, 0x90, 0x74, 0x28, 0xa1, 0xfd, 0x19, 0x45, 0xf0, 0xac, 0x48, 0x14, 0x9d, 0xc1, 0x25, 0x79, 0x2a, 0x76, 0x92, 0xce, 0x47, 0x1b, 0xff, 0xa3, 0x59, 0x5, 0xe1, 0xbd, 0x34, 0x68, 0x8c, 0xd0, 0x83, 0xdf, 0x3b, 0x67, 0xee, 0xb2, 0x56, 0xa},
+ {0x0, 0x5d, 0xba, 0xe7, 0x69, 0x34, 0xd3, 0x8e, 0xd2, 0x8f, 0x68, 0x35, 0xbb, 0xe6, 0x1, 0x5c, 0xb9, 0xe4, 0x3, 0x5e, 0xd0, 0x8d, 0x6a, 0x37, 0x6b, 0x36, 0xd1, 0x8c, 0x2, 0x5f, 0xb8, 0xe5, 0x6f, 0x32, 0xd5, 0x88, 0x6, 0x5b, 0xbc, 0xe1, 0xbd, 0xe0, 0x7, 0x5a, 0xd4, 0x89, 0x6e, 0x33, 0xd6, 0x8b, 0x6c, 0x31, 0xbf, 0xe2, 0x5, 0x58, 0x4, 0x59, 0xbe, 0xe3, 0x6d, 0x30, 0xd7, 0x8a, 0xde, 0x83, 0x64, 0x39, 0xb7, 0xea, 0xd, 0x50, 0xc, 0x51, 0xb6, 0xeb, 0x65, 0x38, 0xdf, 0x82, 0x67, 0x3a, 0xdd, 0x80, 0xe, 0x53, 0xb4, 0xe9, 0xb5, 0xe8, 0xf, 0x52, 0xdc, 0x81, 0x66, 0x3b, 0xb1, 0xec, 0xb, 0x56, 0xd8, 0x85, 0x62, 0x3f, 0x63, 0x3e, 0xd9, 0x84, 0xa, 0x57, 0xb0, 0xed, 0x8, 0x55, 0xb2, 0xef, 0x61, 0x3c, 0xdb, 0x86, 0xda, 0x87, 0x60, 0x3d, 0xb3, 0xee, 0x9, 0x54, 0xa1, 0xfc, 0x1b, 0x46, 0xc8, 0x95, 0x72, 0x2f, 0x73, 0x2e, 0xc9, 0x94, 0x1a, 0x47, 0xa0, 0xfd, 0x18, 0x45, 0xa2, 0xff, 0x71, 0x2c, 0xcb, 0x96, 0xca, 0x97, 0x70, 0x2d, 0xa3, 0xfe, 0x19, 0x44, 0xce, 0x93, 0x74, 0x29, 0xa7, 0xfa, 0x1d, 0x40, 0x1c, 0x41, 0xa6, 0xfb, 0x75, 0x28, 0xcf, 0x92, 0x77, 0x2a, 0xcd, 0x90, 0x1e, 0x43, 0xa4, 0xf9, 0xa5, 0xf8, 0x1f, 0x42, 0xcc, 0x91, 0x76, 0x2b, 0x7f, 0x22, 0xc5, 0x98, 0x16, 0x4b, 0xac, 0xf1, 0xad, 0xf0, 0x17, 0x4a, 0xc4, 0x99, 0x7e, 0x23, 0xc6, 0x9b, 0x7c, 0x21, 0xaf, 0xf2, 0x15, 0x48, 0x14, 0x49, 0xae, 0xf3, 0x7d, 0x20, 0xc7, 0x9a, 0x10, 0x4d, 0xaa, 0xf7, 0x79, 0x24, 0xc3, 0x9e, 0xc2, 0x9f, 0x78, 0x25, 0xab, 0xf6, 0x11, 0x4c, 0xa9, 0xf4, 0x13, 0x4e, 0xc0, 0x9d, 0x7a, 0x27, 0x7b, 0x26, 0xc1, 0x9c, 0x12, 0x4f, 0xa8, 0xf5},
+ {0x0, 0x5e, 0xbc, 0xe2, 0x65, 0x3b, 0xd9, 0x87, 0xca, 0x94, 0x76, 0x28, 0xaf, 0xf1, 0x13, 0x4d, 0x89, 0xd7, 0x35, 0x6b, 0xec, 0xb2, 0x50, 0xe, 0x43, 0x1d, 0xff, 0xa1, 0x26, 0x78, 0x9a, 0xc4, 0xf, 0x51, 0xb3, 0xed, 0x6a, 0x34, 0xd6, 0x88, 0xc5, 0x9b, 0x79, 0x27, 0xa0, 0xfe, 0x1c, 0x42, 0x86, 0xd8, 0x3a, 0x64, 0xe3, 0xbd, 0x5f, 0x1, 0x4c, 0x12, 0xf0, 0xae, 0x29, 0x77, 0x95, 0xcb, 0x1e, 0x40, 0xa2, 0xfc, 0x7b, 0x25, 0xc7, 0x99, 0xd4, 0x8a, 0x68, 0x36, 0xb1, 0xef, 0xd, 0x53, 0x97, 0xc9, 0x2b, 0x75, 0xf2, 0xac, 0x4e, 0x10, 0x5d, 0x3, 0xe1, 0xbf, 0x38, 0x66, 0x84, 0xda, 0x11, 0x4f, 0xad, 0xf3, 0x74, 0x2a, 0xc8, 0x96, 0xdb, 0x85, 0x67, 0x39, 0xbe, 0xe0, 0x2, 0x5c, 0x98, 0xc6, 0x24, 0x7a, 0xfd, 0xa3, 0x41, 0x1f, 0x52, 0xc, 0xee, 0xb0, 0x37, 0x69, 0x8b, 0xd5, 0x3c, 0x62, 0x80, 0xde, 0x59, 0x7, 0xe5, 0xbb, 0xf6, 0xa8, 0x4a, 0x14, 0x93, 0xcd, 0x2f, 0x71, 0xb5, 0xeb, 0x9, 0x57, 0xd0, 0x8e, 0x6c, 0x32, 0x7f, 0x21, 0xc3, 0x9d, 0x1a, 0x44, 0xa6, 0xf8, 0x33, 0x6d, 0x8f, 0xd1, 0x56, 0x8, 0xea, 0xb4, 0xf9, 0xa7, 0x45, 0x1b, 0x9c, 0xc2, 0x20, 0x7e, 0xba, 0xe4, 0x6, 0x58, 0xdf, 0x81, 0x63, 0x3d, 0x70, 0x2e, 0xcc, 0x92, 0x15, 0x4b, 0xa9, 0xf7, 0x22, 0x7c, 0x9e, 0xc0, 0x47, 0x19, 0xfb, 0xa5, 0xe8, 0xb6, 0x54, 0xa, 0x8d, 0xd3, 0x31, 0x6f, 0xab, 0xf5, 0x17, 0x49, 0xce, 0x90, 0x72, 0x2c, 0x61, 0x3f, 0xdd, 0x83, 0x4, 0x5a, 0xb8, 0xe6, 0x2d, 0x73, 0x91, 0xcf, 0x48, 0x16, 0xf4, 0xaa, 0xe7, 0xb9, 0x5b, 0x5, 0x82, 0xdc, 0x3e, 0x60, 0xa4, 0xfa, 0x18, 0x46, 0xc1, 0x9f, 0x7d, 0x23, 0x6e, 0x30, 0xd2, 0x8c, 0xb, 0x55, 0xb7, 0xe9},
+ {0x0, 0x5f, 0xbe, 0xe1, 0x61, 0x3e, 0xdf, 0x80, 0xc2, 0x9d, 0x7c, 0x23, 0xa3, 0xfc, 0x1d, 0x42, 0x99, 0xc6, 0x27, 0x78, 0xf8, 0xa7, 0x46, 0x19, 0x5b, 0x4, 0xe5, 0xba, 0x3a, 0x65, 0x84, 0xdb, 0x2f, 0x70, 0x91, 0xce, 0x4e, 0x11, 0xf0, 0xaf, 0xed, 0xb2, 0x53, 0xc, 0x8c, 0xd3, 0x32, 0x6d, 0xb6, 0xe9, 0x8, 0x57, 0xd7, 0x88, 0x69, 0x36, 0x74, 0x2b, 0xca, 0x95, 0x15, 0x4a, 0xab, 0xf4, 0x5e, 0x1, 0xe0, 0xbf, 0x3f, 0x60, 0x81, 0xde, 0x9c, 0xc3, 0x22, 0x7d, 0xfd, 0xa2, 0x43, 0x1c, 0xc7, 0x98, 0x79, 0x26, 0xa6, 0xf9, 0x18, 0x47, 0x5, 0x5a, 0xbb, 0xe4, 0x64, 0x3b, 0xda, 0x85, 0x71, 0x2e, 0xcf, 0x90, 0x10, 0x4f, 0xae, 0xf1, 0xb3, 0xec, 0xd, 0x52, 0xd2, 0x8d, 0x6c, 0x33, 0xe8, 0xb7, 0x56, 0x9, 0x89, 0xd6, 0x37, 0x68, 0x2a, 0x75, 0x94, 0xcb, 0x4b, 0x14, 0xf5, 0xaa, 0xbc, 0xe3, 0x2, 0x5d, 0xdd, 0x82, 0x63, 0x3c, 0x7e, 0x21, 0xc0, 0x9f, 0x1f, 0x40, 0xa1, 0xfe, 0x25, 0x7a, 0x9b, 0xc4, 0x44, 0x1b, 0xfa, 0xa5, 0xe7, 0xb8, 0x59, 0x6, 0x86, 0xd9, 0x38, 0x67, 0x93, 0xcc, 0x2d, 0x72, 0xf2, 0xad, 0x4c, 0x13, 0x51, 0xe, 0xef, 0xb0, 0x30, 0x6f, 0x8e, 0xd1, 0xa, 0x55, 0xb4, 0xeb, 0x6b, 0x34, 0xd5, 0x8a, 0xc8, 0x97, 0x76, 0x29, 0xa9, 0xf6, 0x17, 0x48, 0xe2, 0xbd, 0x5c, 0x3, 0x83, 0xdc, 0x3d, 0x62, 0x20, 0x7f, 0x9e, 0xc1, 0x41, 0x1e, 0xff, 0xa0, 0x7b, 0x24, 0xc5, 0x9a, 0x1a, 0x45, 0xa4, 0xfb, 0xb9, 0xe6, 0x7, 0x58, 0xd8, 0x87, 0x66, 0x39, 0xcd, 0x92, 0x73, 0x2c, 0xac, 0xf3, 0x12, 0x4d, 0xf, 0x50, 0xb1, 0xee, 0x6e, 0x31, 0xd0, 0x8f, 0x54, 0xb, 0xea, 0xb5, 0x35, 0x6a, 0x8b, 0xd4, 0x96, 0xc9, 0x28, 0x77, 0xf7, 0xa8, 0x49, 0x16},
+ {0x0, 0x60, 0xc0, 0xa0, 0x9d, 0xfd, 0x5d, 0x3d, 0x27, 0x47, 0xe7, 0x87, 0xba, 0xda, 0x7a, 0x1a, 0x4e, 0x2e, 0x8e, 0xee, 0xd3, 0xb3, 0x13, 0x73, 0x69, 0x9, 0xa9, 0xc9, 0xf4, 0x94, 0x34, 0x54, 0x9c, 0xfc, 0x5c, 0x3c, 0x1, 0x61, 0xc1, 0xa1, 0xbb, 0xdb, 0x7b, 0x1b, 0x26, 0x46, 0xe6, 0x86, 0xd2, 0xb2, 0x12, 0x72, 0x4f, 0x2f, 0x8f, 0xef, 0xf5, 0x95, 0x35, 0x55, 0x68, 0x8, 0xa8, 0xc8, 0x25, 0x45, 0xe5, 0x85, 0xb8, 0xd8, 0x78, 0x18, 0x2, 0x62, 0xc2, 0xa2, 0x9f, 0xff, 0x5f, 0x3f, 0x6b, 0xb, 0xab, 0xcb, 0xf6, 0x96, 0x36, 0x56, 0x4c, 0x2c, 0x8c, 0xec, 0xd1, 0xb1, 0x11, 0x71, 0xb9, 0xd9, 0x79, 0x19, 0x24, 0x44, 0xe4, 0x84, 0x9e, 0xfe, 0x5e, 0x3e, 0x3, 0x63, 0xc3, 0xa3, 0xf7, 0x97, 0x37, 0x57, 0x6a, 0xa, 0xaa, 0xca, 0xd0, 0xb0, 0x10, 0x70, 0x4d, 0x2d, 0x8d, 0xed, 0x4a, 0x2a, 0x8a, 0xea, 0xd7, 0xb7, 0x17, 0x77, 0x6d, 0xd, 0xad, 0xcd, 0xf0, 0x90, 0x30, 0x50, 0x4, 0x64, 0xc4, 0xa4, 0x99, 0xf9, 0x59, 0x39, 0x23, 0x43, 0xe3, 0x83, 0xbe, 0xde, 0x7e, 0x1e, 0xd6, 0xb6, 0x16, 0x76, 0x4b, 0x2b, 0x8b, 0xeb, 0xf1, 0x91, 0x31, 0x51, 0x6c, 0xc, 0xac, 0xcc, 0x98, 0xf8, 0x58, 0x38, 0x5, 0x65, 0xc5, 0xa5, 0xbf, 0xdf, 0x7f, 0x1f, 0x22, 0x42, 0xe2, 0x82, 0x6f, 0xf, 0xaf, 0xcf, 0xf2, 0x92, 0x32, 0x52, 0x48, 0x28, 0x88, 0xe8, 0xd5, 0xb5, 0x15, 0x75, 0x21, 0x41, 0xe1, 0x81, 0xbc, 0xdc, 0x7c, 0x1c, 0x6, 0x66, 0xc6, 0xa6, 0x9b, 0xfb, 0x5b, 0x3b, 0xf3, 0x93, 0x33, 0x53, 0x6e, 0xe, 0xae, 0xce, 0xd4, 0xb4, 0x14, 0x74, 0x49, 0x29, 0x89, 0xe9, 0xbd, 0xdd, 0x7d, 0x1d, 0x20, 0x40, 0xe0, 0x80, 0x9a, 0xfa, 0x5a, 0x3a, 0x7, 0x67, 0xc7, 0xa7},
+ {0x0, 0x61, 0xc2, 0xa3, 0x99, 0xf8, 0x5b, 0x3a, 0x2f, 0x4e, 0xed, 0x8c, 0xb6, 0xd7, 0x74, 0x15, 0x5e, 0x3f, 0x9c, 0xfd, 0xc7, 0xa6, 0x5, 0x64, 0x71, 0x10, 0xb3, 0xd2, 0xe8, 0x89, 0x2a, 0x4b, 0xbc, 0xdd, 0x7e, 0x1f, 0x25, 0x44, 0xe7, 0x86, 0x93, 0xf2, 0x51, 0x30, 0xa, 0x6b, 0xc8, 0xa9, 0xe2, 0x83, 0x20, 0x41, 0x7b, 0x1a, 0xb9, 0xd8, 0xcd, 0xac, 0xf, 0x6e, 0x54, 0x35, 0x96, 0xf7, 0x65, 0x4, 0xa7, 0xc6, 0xfc, 0x9d, 0x3e, 0x5f, 0x4a, 0x2b, 0x88, 0xe9, 0xd3, 0xb2, 0x11, 0x70, 0x3b, 0x5a, 0xf9, 0x98, 0xa2, 0xc3, 0x60, 0x1, 0x14, 0x75, 0xd6, 0xb7, 0x8d, 0xec, 0x4f, 0x2e, 0xd9, 0xb8, 0x1b, 0x7a, 0x40, 0x21, 0x82, 0xe3, 0xf6, 0x97, 0x34, 0x55, 0x6f, 0xe, 0xad, 0xcc, 0x87, 0xe6, 0x45, 0x24, 0x1e, 0x7f, 0xdc, 0xbd, 0xa8, 0xc9, 0x6a, 0xb, 0x31, 0x50, 0xf3, 0x92, 0xca, 0xab, 0x8, 0x69, 0x53, 0x32, 0x91, 0xf0, 0xe5, 0x84, 0x27, 0x46, 0x7c, 0x1d, 0xbe, 0xdf, 0x94, 0xf5, 0x56, 0x37, 0xd, 0x6c, 0xcf, 0xae, 0xbb, 0xda, 0x79, 0x18, 0x22, 0x43, 0xe0, 0x81, 0x76, 0x17, 0xb4, 0xd5, 0xef, 0x8e, 0x2d, 0x4c, 0x59, 0x38, 0x9b, 0xfa, 0xc0, 0xa1, 0x2, 0x63, 0x28, 0x49, 0xea, 0x8b, 0xb1, 0xd0, 0x73, 0x12, 0x7, 0x66, 0xc5, 0xa4, 0x9e, 0xff, 0x5c, 0x3d, 0xaf, 0xce, 0x6d, 0xc, 0x36, 0x57, 0xf4, 0x95, 0x80, 0xe1, 0x42, 0x23, 0x19, 0x78, 0xdb, 0xba, 0xf1, 0x90, 0x33, 0x52, 0x68, 0x9, 0xaa, 0xcb, 0xde, 0xbf, 0x1c, 0x7d, 0x47, 0x26, 0x85, 0xe4, 0x13, 0x72, 0xd1, 0xb0, 0x8a, 0xeb, 0x48, 0x29, 0x3c, 0x5d, 0xfe, 0x9f, 0xa5, 0xc4, 0x67, 0x6, 0x4d, 0x2c, 0x8f, 0xee, 0xd4, 0xb5, 0x16, 0x77, 0x62, 0x3, 0xa0, 0xc1, 0xfb, 0x9a, 0x39, 0x58},
+ {0x0, 0x62, 0xc4, 0xa6, 0x95, 0xf7, 0x51, 0x33, 0x37, 0x55, 0xf3, 0x91, 0xa2, 0xc0, 0x66, 0x4, 0x6e, 0xc, 0xaa, 0xc8, 0xfb, 0x99, 0x3f, 0x5d, 0x59, 0x3b, 0x9d, 0xff, 0xcc, 0xae, 0x8, 0x6a, 0xdc, 0xbe, 0x18, 0x7a, 0x49, 0x2b, 0x8d, 0xef, 0xeb, 0x89, 0x2f, 0x4d, 0x7e, 0x1c, 0xba, 0xd8, 0xb2, 0xd0, 0x76, 0x14, 0x27, 0x45, 0xe3, 0x81, 0x85, 0xe7, 0x41, 0x23, 0x10, 0x72, 0xd4, 0xb6, 0xa5, 0xc7, 0x61, 0x3, 0x30, 0x52, 0xf4, 0x96, 0x92, 0xf0, 0x56, 0x34, 0x7, 0x65, 0xc3, 0xa1, 0xcb, 0xa9, 0xf, 0x6d, 0x5e, 0x3c, 0x9a, 0xf8, 0xfc, 0x9e, 0x38, 0x5a, 0x69, 0xb, 0xad, 0xcf, 0x79, 0x1b, 0xbd, 0xdf, 0xec, 0x8e, 0x28, 0x4a, 0x4e, 0x2c, 0x8a, 0xe8, 0xdb, 0xb9, 0x1f, 0x7d, 0x17, 0x75, 0xd3, 0xb1, 0x82, 0xe0, 0x46, 0x24, 0x20, 0x42, 0xe4, 0x86, 0xb5, 0xd7, 0x71, 0x13, 0x57, 0x35, 0x93, 0xf1, 0xc2, 0xa0, 0x6, 0x64, 0x60, 0x2, 0xa4, 0xc6, 0xf5, 0x97, 0x31, 0x53, 0x39, 0x5b, 0xfd, 0x9f, 0xac, 0xce, 0x68, 0xa, 0xe, 0x6c, 0xca, 0xa8, 0x9b, 0xf9, 0x5f, 0x3d, 0x8b, 0xe9, 0x4f, 0x2d, 0x1e, 0x7c, 0xda, 0xb8, 0xbc, 0xde, 0x78, 0x1a, 0x29, 0x4b, 0xed, 0x8f, 0xe5, 0x87, 0x21, 0x43, 0x70, 0x12, 0xb4, 0xd6, 0xd2, 0xb0, 0x16, 0x74, 0x47, 0x25, 0x83, 0xe1, 0xf2, 0x90, 0x36, 0x54, 0x67, 0x5, 0xa3, 0xc1, 0xc5, 0xa7, 0x1, 0x63, 0x50, 0x32, 0x94, 0xf6, 0x9c, 0xfe, 0x58, 0x3a, 0x9, 0x6b, 0xcd, 0xaf, 0xab, 0xc9, 0x6f, 0xd, 0x3e, 0x5c, 0xfa, 0x98, 0x2e, 0x4c, 0xea, 0x88, 0xbb, 0xd9, 0x7f, 0x1d, 0x19, 0x7b, 0xdd, 0xbf, 0x8c, 0xee, 0x48, 0x2a, 0x40, 0x22, 0x84, 0xe6, 0xd5, 0xb7, 0x11, 0x73, 0x77, 0x15, 0xb3, 0xd1, 0xe2, 0x80, 0x26, 0x44},
+ {0x0, 0x63, 0xc6, 0xa5, 0x91, 0xf2, 0x57, 0x34, 0x3f, 0x5c, 0xf9, 0x9a, 0xae, 0xcd, 0x68, 0xb, 0x7e, 0x1d, 0xb8, 0xdb, 0xef, 0x8c, 0x29, 0x4a, 0x41, 0x22, 0x87, 0xe4, 0xd0, 0xb3, 0x16, 0x75, 0xfc, 0x9f, 0x3a, 0x59, 0x6d, 0xe, 0xab, 0xc8, 0xc3, 0xa0, 0x5, 0x66, 0x52, 0x31, 0x94, 0xf7, 0x82, 0xe1, 0x44, 0x27, 0x13, 0x70, 0xd5, 0xb6, 0xbd, 0xde, 0x7b, 0x18, 0x2c, 0x4f, 0xea, 0x89, 0xe5, 0x86, 0x23, 0x40, 0x74, 0x17, 0xb2, 0xd1, 0xda, 0xb9, 0x1c, 0x7f, 0x4b, 0x28, 0x8d, 0xee, 0x9b, 0xf8, 0x5d, 0x3e, 0xa, 0x69, 0xcc, 0xaf, 0xa4, 0xc7, 0x62, 0x1, 0x35, 0x56, 0xf3, 0x90, 0x19, 0x7a, 0xdf, 0xbc, 0x88, 0xeb, 0x4e, 0x2d, 0x26, 0x45, 0xe0, 0x83, 0xb7, 0xd4, 0x71, 0x12, 0x67, 0x4, 0xa1, 0xc2, 0xf6, 0x95, 0x30, 0x53, 0x58, 0x3b, 0x9e, 0xfd, 0xc9, 0xaa, 0xf, 0x6c, 0xd7, 0xb4, 0x11, 0x72, 0x46, 0x25, 0x80, 0xe3, 0xe8, 0x8b, 0x2e, 0x4d, 0x79, 0x1a, 0xbf, 0xdc, 0xa9, 0xca, 0x6f, 0xc, 0x38, 0x5b, 0xfe, 0x9d, 0x96, 0xf5, 0x50, 0x33, 0x7, 0x64, 0xc1, 0xa2, 0x2b, 0x48, 0xed, 0x8e, 0xba, 0xd9, 0x7c, 0x1f, 0x14, 0x77, 0xd2, 0xb1, 0x85, 0xe6, 0x43, 0x20, 0x55, 0x36, 0x93, 0xf0, 0xc4, 0xa7, 0x2, 0x61, 0x6a, 0x9, 0xac, 0xcf, 0xfb, 0x98, 0x3d, 0x5e, 0x32, 0x51, 0xf4, 0x97, 0xa3, 0xc0, 0x65, 0x6, 0xd, 0x6e, 0xcb, 0xa8, 0x9c, 0xff, 0x5a, 0x39, 0x4c, 0x2f, 0x8a, 0xe9, 0xdd, 0xbe, 0x1b, 0x78, 0x73, 0x10, 0xb5, 0xd6, 0xe2, 0x81, 0x24, 0x47, 0xce, 0xad, 0x8, 0x6b, 0x5f, 0x3c, 0x99, 0xfa, 0xf1, 0x92, 0x37, 0x54, 0x60, 0x3, 0xa6, 0xc5, 0xb0, 0xd3, 0x76, 0x15, 0x21, 0x42, 0xe7, 0x84, 0x8f, 0xec, 0x49, 0x2a, 0x1e, 0x7d, 0xd8, 0xbb},
+ {0x0, 0x64, 0xc8, 0xac, 0x8d, 0xe9, 0x45, 0x21, 0x7, 0x63, 0xcf, 0xab, 0x8a, 0xee, 0x42, 0x26, 0xe, 0x6a, 0xc6, 0xa2, 0x83, 0xe7, 0x4b, 0x2f, 0x9, 0x6d, 0xc1, 0xa5, 0x84, 0xe0, 0x4c, 0x28, 0x1c, 0x78, 0xd4, 0xb0, 0x91, 0xf5, 0x59, 0x3d, 0x1b, 0x7f, 0xd3, 0xb7, 0x96, 0xf2, 0x5e, 0x3a, 0x12, 0x76, 0xda, 0xbe, 0x9f, 0xfb, 0x57, 0x33, 0x15, 0x71, 0xdd, 0xb9, 0x98, 0xfc, 0x50, 0x34, 0x38, 0x5c, 0xf0, 0x94, 0xb5, 0xd1, 0x7d, 0x19, 0x3f, 0x5b, 0xf7, 0x93, 0xb2, 0xd6, 0x7a, 0x1e, 0x36, 0x52, 0xfe, 0x9a, 0xbb, 0xdf, 0x73, 0x17, 0x31, 0x55, 0xf9, 0x9d, 0xbc, 0xd8, 0x74, 0x10, 0x24, 0x40, 0xec, 0x88, 0xa9, 0xcd, 0x61, 0x5, 0x23, 0x47, 0xeb, 0x8f, 0xae, 0xca, 0x66, 0x2, 0x2a, 0x4e, 0xe2, 0x86, 0xa7, 0xc3, 0x6f, 0xb, 0x2d, 0x49, 0xe5, 0x81, 0xa0, 0xc4, 0x68, 0xc, 0x70, 0x14, 0xb8, 0xdc, 0xfd, 0x99, 0x35, 0x51, 0x77, 0x13, 0xbf, 0xdb, 0xfa, 0x9e, 0x32, 0x56, 0x7e, 0x1a, 0xb6, 0xd2, 0xf3, 0x97, 0x3b, 0x5f, 0x79, 0x1d, 0xb1, 0xd5, 0xf4, 0x90, 0x3c, 0x58, 0x6c, 0x8, 0xa4, 0xc0, 0xe1, 0x85, 0x29, 0x4d, 0x6b, 0xf, 0xa3, 0xc7, 0xe6, 0x82, 0x2e, 0x4a, 0x62, 0x6, 0xaa, 0xce, 0xef, 0x8b, 0x27, 0x43, 0x65, 0x1, 0xad, 0xc9, 0xe8, 0x8c, 0x20, 0x44, 0x48, 0x2c, 0x80, 0xe4, 0xc5, 0xa1, 0xd, 0x69, 0x4f, 0x2b, 0x87, 0xe3, 0xc2, 0xa6, 0xa, 0x6e, 0x46, 0x22, 0x8e, 0xea, 0xcb, 0xaf, 0x3, 0x67, 0x41, 0x25, 0x89, 0xed, 0xcc, 0xa8, 0x4, 0x60, 0x54, 0x30, 0x9c, 0xf8, 0xd9, 0xbd, 0x11, 0x75, 0x53, 0x37, 0x9b, 0xff, 0xde, 0xba, 0x16, 0x72, 0x5a, 0x3e, 0x92, 0xf6, 0xd7, 0xb3, 0x1f, 0x7b, 0x5d, 0x39, 0x95, 0xf1, 0xd0, 0xb4, 0x18, 0x7c},
+ {0x0, 0x65, 0xca, 0xaf, 0x89, 0xec, 0x43, 0x26, 0xf, 0x6a, 0xc5, 0xa0, 0x86, 0xe3, 0x4c, 0x29, 0x1e, 0x7b, 0xd4, 0xb1, 0x97, 0xf2, 0x5d, 0x38, 0x11, 0x74, 0xdb, 0xbe, 0x98, 0xfd, 0x52, 0x37, 0x3c, 0x59, 0xf6, 0x93, 0xb5, 0xd0, 0x7f, 0x1a, 0x33, 0x56, 0xf9, 0x9c, 0xba, 0xdf, 0x70, 0x15, 0x22, 0x47, 0xe8, 0x8d, 0xab, 0xce, 0x61, 0x4, 0x2d, 0x48, 0xe7, 0x82, 0xa4, 0xc1, 0x6e, 0xb, 0x78, 0x1d, 0xb2, 0xd7, 0xf1, 0x94, 0x3b, 0x5e, 0x77, 0x12, 0xbd, 0xd8, 0xfe, 0x9b, 0x34, 0x51, 0x66, 0x3, 0xac, 0xc9, 0xef, 0x8a, 0x25, 0x40, 0x69, 0xc, 0xa3, 0xc6, 0xe0, 0x85, 0x2a, 0x4f, 0x44, 0x21, 0x8e, 0xeb, 0xcd, 0xa8, 0x7, 0x62, 0x4b, 0x2e, 0x81, 0xe4, 0xc2, 0xa7, 0x8, 0x6d, 0x5a, 0x3f, 0x90, 0xf5, 0xd3, 0xb6, 0x19, 0x7c, 0x55, 0x30, 0x9f, 0xfa, 0xdc, 0xb9, 0x16, 0x73, 0xf0, 0x95, 0x3a, 0x5f, 0x79, 0x1c, 0xb3, 0xd6, 0xff, 0x9a, 0x35, 0x50, 0x76, 0x13, 0xbc, 0xd9, 0xee, 0x8b, 0x24, 0x41, 0x67, 0x2, 0xad, 0xc8, 0xe1, 0x84, 0x2b, 0x4e, 0x68, 0xd, 0xa2, 0xc7, 0xcc, 0xa9, 0x6, 0x63, 0x45, 0x20, 0x8f, 0xea, 0xc3, 0xa6, 0x9, 0x6c, 0x4a, 0x2f, 0x80, 0xe5, 0xd2, 0xb7, 0x18, 0x7d, 0x5b, 0x3e, 0x91, 0xf4, 0xdd, 0xb8, 0x17, 0x72, 0x54, 0x31, 0x9e, 0xfb, 0x88, 0xed, 0x42, 0x27, 0x1, 0x64, 0xcb, 0xae, 0x87, 0xe2, 0x4d, 0x28, 0xe, 0x6b, 0xc4, 0xa1, 0x96, 0xf3, 0x5c, 0x39, 0x1f, 0x7a, 0xd5, 0xb0, 0x99, 0xfc, 0x53, 0x36, 0x10, 0x75, 0xda, 0xbf, 0xb4, 0xd1, 0x7e, 0x1b, 0x3d, 0x58, 0xf7, 0x92, 0xbb, 0xde, 0x71, 0x14, 0x32, 0x57, 0xf8, 0x9d, 0xaa, 0xcf, 0x60, 0x5, 0x23, 0x46, 0xe9, 0x8c, 0xa5, 0xc0, 0x6f, 0xa, 0x2c, 0x49, 0xe6, 0x83},
+ {0x0, 0x66, 0xcc, 0xaa, 0x85, 0xe3, 0x49, 0x2f, 0x17, 0x71, 0xdb, 0xbd, 0x92, 0xf4, 0x5e, 0x38, 0x2e, 0x48, 0xe2, 0x84, 0xab, 0xcd, 0x67, 0x1, 0x39, 0x5f, 0xf5, 0x93, 0xbc, 0xda, 0x70, 0x16, 0x5c, 0x3a, 0x90, 0xf6, 0xd9, 0xbf, 0x15, 0x73, 0x4b, 0x2d, 0x87, 0xe1, 0xce, 0xa8, 0x2, 0x64, 0x72, 0x14, 0xbe, 0xd8, 0xf7, 0x91, 0x3b, 0x5d, 0x65, 0x3, 0xa9, 0xcf, 0xe0, 0x86, 0x2c, 0x4a, 0xb8, 0xde, 0x74, 0x12, 0x3d, 0x5b, 0xf1, 0x97, 0xaf, 0xc9, 0x63, 0x5, 0x2a, 0x4c, 0xe6, 0x80, 0x96, 0xf0, 0x5a, 0x3c, 0x13, 0x75, 0xdf, 0xb9, 0x81, 0xe7, 0x4d, 0x2b, 0x4, 0x62, 0xc8, 0xae, 0xe4, 0x82, 0x28, 0x4e, 0x61, 0x7, 0xad, 0xcb, 0xf3, 0x95, 0x3f, 0x59, 0x76, 0x10, 0xba, 0xdc, 0xca, 0xac, 0x6, 0x60, 0x4f, 0x29, 0x83, 0xe5, 0xdd, 0xbb, 0x11, 0x77, 0x58, 0x3e, 0x94, 0xf2, 0x6d, 0xb, 0xa1, 0xc7, 0xe8, 0x8e, 0x24, 0x42, 0x7a, 0x1c, 0xb6, 0xd0, 0xff, 0x99, 0x33, 0x55, 0x43, 0x25, 0x8f, 0xe9, 0xc6, 0xa0, 0xa, 0x6c, 0x54, 0x32, 0x98, 0xfe, 0xd1, 0xb7, 0x1d, 0x7b, 0x31, 0x57, 0xfd, 0x9b, 0xb4, 0xd2, 0x78, 0x1e, 0x26, 0x40, 0xea, 0x8c, 0xa3, 0xc5, 0x6f, 0x9, 0x1f, 0x79, 0xd3, 0xb5, 0x9a, 0xfc, 0x56, 0x30, 0x8, 0x6e, 0xc4, 0xa2, 0x8d, 0xeb, 0x41, 0x27, 0xd5, 0xb3, 0x19, 0x7f, 0x50, 0x36, 0x9c, 0xfa, 0xc2, 0xa4, 0xe, 0x68, 0x47, 0x21, 0x8b, 0xed, 0xfb, 0x9d, 0x37, 0x51, 0x7e, 0x18, 0xb2, 0xd4, 0xec, 0x8a, 0x20, 0x46, 0x69, 0xf, 0xa5, 0xc3, 0x89, 0xef, 0x45, 0x23, 0xc, 0x6a, 0xc0, 0xa6, 0x9e, 0xf8, 0x52, 0x34, 0x1b, 0x7d, 0xd7, 0xb1, 0xa7, 0xc1, 0x6b, 0xd, 0x22, 0x44, 0xee, 0x88, 0xb0, 0xd6, 0x7c, 0x1a, 0x35, 0x53, 0xf9, 0x9f},
+ {0x0, 0x67, 0xce, 0xa9, 0x81, 0xe6, 0x4f, 0x28, 0x1f, 0x78, 0xd1, 0xb6, 0x9e, 0xf9, 0x50, 0x37, 0x3e, 0x59, 0xf0, 0x97, 0xbf, 0xd8, 0x71, 0x16, 0x21, 0x46, 0xef, 0x88, 0xa0, 0xc7, 0x6e, 0x9, 0x7c, 0x1b, 0xb2, 0xd5, 0xfd, 0x9a, 0x33, 0x54, 0x63, 0x4, 0xad, 0xca, 0xe2, 0x85, 0x2c, 0x4b, 0x42, 0x25, 0x8c, 0xeb, 0xc3, 0xa4, 0xd, 0x6a, 0x5d, 0x3a, 0x93, 0xf4, 0xdc, 0xbb, 0x12, 0x75, 0xf8, 0x9f, 0x36, 0x51, 0x79, 0x1e, 0xb7, 0xd0, 0xe7, 0x80, 0x29, 0x4e, 0x66, 0x1, 0xa8, 0xcf, 0xc6, 0xa1, 0x8, 0x6f, 0x47, 0x20, 0x89, 0xee, 0xd9, 0xbe, 0x17, 0x70, 0x58, 0x3f, 0x96, 0xf1, 0x84, 0xe3, 0x4a, 0x2d, 0x5, 0x62, 0xcb, 0xac, 0x9b, 0xfc, 0x55, 0x32, 0x1a, 0x7d, 0xd4, 0xb3, 0xba, 0xdd, 0x74, 0x13, 0x3b, 0x5c, 0xf5, 0x92, 0xa5, 0xc2, 0x6b, 0xc, 0x24, 0x43, 0xea, 0x8d, 0xed, 0x8a, 0x23, 0x44, 0x6c, 0xb, 0xa2, 0xc5, 0xf2, 0x95, 0x3c, 0x5b, 0x73, 0x14, 0xbd, 0xda, 0xd3, 0xb4, 0x1d, 0x7a, 0x52, 0x35, 0x9c, 0xfb, 0xcc, 0xab, 0x2, 0x65, 0x4d, 0x2a, 0x83, 0xe4, 0x91, 0xf6, 0x5f, 0x38, 0x10, 0x77, 0xde, 0xb9, 0x8e, 0xe9, 0x40, 0x27, 0xf, 0x68, 0xc1, 0xa6, 0xaf, 0xc8, 0x61, 0x6, 0x2e, 0x49, 0xe0, 0x87, 0xb0, 0xd7, 0x7e, 0x19, 0x31, 0x56, 0xff, 0x98, 0x15, 0x72, 0xdb, 0xbc, 0x94, 0xf3, 0x5a, 0x3d, 0xa, 0x6d, 0xc4, 0xa3, 0x8b, 0xec, 0x45, 0x22, 0x2b, 0x4c, 0xe5, 0x82, 0xaa, 0xcd, 0x64, 0x3, 0x34, 0x53, 0xfa, 0x9d, 0xb5, 0xd2, 0x7b, 0x1c, 0x69, 0xe, 0xa7, 0xc0, 0xe8, 0x8f, 0x26, 0x41, 0x76, 0x11, 0xb8, 0xdf, 0xf7, 0x90, 0x39, 0x5e, 0x57, 0x30, 0x99, 0xfe, 0xd6, 0xb1, 0x18, 0x7f, 0x48, 0x2f, 0x86, 0xe1, 0xc9, 0xae, 0x7, 0x60},
+ {0x0, 0x68, 0xd0, 0xb8, 0xbd, 0xd5, 0x6d, 0x5, 0x67, 0xf, 0xb7, 0xdf, 0xda, 0xb2, 0xa, 0x62, 0xce, 0xa6, 0x1e, 0x76, 0x73, 0x1b, 0xa3, 0xcb, 0xa9, 0xc1, 0x79, 0x11, 0x14, 0x7c, 0xc4, 0xac, 0x81, 0xe9, 0x51, 0x39, 0x3c, 0x54, 0xec, 0x84, 0xe6, 0x8e, 0x36, 0x5e, 0x5b, 0x33, 0x8b, 0xe3, 0x4f, 0x27, 0x9f, 0xf7, 0xf2, 0x9a, 0x22, 0x4a, 0x28, 0x40, 0xf8, 0x90, 0x95, 0xfd, 0x45, 0x2d, 0x1f, 0x77, 0xcf, 0xa7, 0xa2, 0xca, 0x72, 0x1a, 0x78, 0x10, 0xa8, 0xc0, 0xc5, 0xad, 0x15, 0x7d, 0xd1, 0xb9, 0x1, 0x69, 0x6c, 0x4, 0xbc, 0xd4, 0xb6, 0xde, 0x66, 0xe, 0xb, 0x63, 0xdb, 0xb3, 0x9e, 0xf6, 0x4e, 0x26, 0x23, 0x4b, 0xf3, 0x9b, 0xf9, 0x91, 0x29, 0x41, 0x44, 0x2c, 0x94, 0xfc, 0x50, 0x38, 0x80, 0xe8, 0xed, 0x85, 0x3d, 0x55, 0x37, 0x5f, 0xe7, 0x8f, 0x8a, 0xe2, 0x5a, 0x32, 0x3e, 0x56, 0xee, 0x86, 0x83, 0xeb, 0x53, 0x3b, 0x59, 0x31, 0x89, 0xe1, 0xe4, 0x8c, 0x34, 0x5c, 0xf0, 0x98, 0x20, 0x48, 0x4d, 0x25, 0x9d, 0xf5, 0x97, 0xff, 0x47, 0x2f, 0x2a, 0x42, 0xfa, 0x92, 0xbf, 0xd7, 0x6f, 0x7, 0x2, 0x6a, 0xd2, 0xba, 0xd8, 0xb0, 0x8, 0x60, 0x65, 0xd, 0xb5, 0xdd, 0x71, 0x19, 0xa1, 0xc9, 0xcc, 0xa4, 0x1c, 0x74, 0x16, 0x7e, 0xc6, 0xae, 0xab, 0xc3, 0x7b, 0x13, 0x21, 0x49, 0xf1, 0x99, 0x9c, 0xf4, 0x4c, 0x24, 0x46, 0x2e, 0x96, 0xfe, 0xfb, 0x93, 0x2b, 0x43, 0xef, 0x87, 0x3f, 0x57, 0x52, 0x3a, 0x82, 0xea, 0x88, 0xe0, 0x58, 0x30, 0x35, 0x5d, 0xe5, 0x8d, 0xa0, 0xc8, 0x70, 0x18, 0x1d, 0x75, 0xcd, 0xa5, 0xc7, 0xaf, 0x17, 0x7f, 0x7a, 0x12, 0xaa, 0xc2, 0x6e, 0x6, 0xbe, 0xd6, 0xd3, 0xbb, 0x3, 0x6b, 0x9, 0x61, 0xd9, 0xb1, 0xb4, 0xdc, 0x64, 0xc},
+ {0x0, 0x69, 0xd2, 0xbb, 0xb9, 0xd0, 0x6b, 0x2, 0x6f, 0x6, 0xbd, 0xd4, 0xd6, 0xbf, 0x4, 0x6d, 0xde, 0xb7, 0xc, 0x65, 0x67, 0xe, 0xb5, 0xdc, 0xb1, 0xd8, 0x63, 0xa, 0x8, 0x61, 0xda, 0xb3, 0xa1, 0xc8, 0x73, 0x1a, 0x18, 0x71, 0xca, 0xa3, 0xce, 0xa7, 0x1c, 0x75, 0x77, 0x1e, 0xa5, 0xcc, 0x7f, 0x16, 0xad, 0xc4, 0xc6, 0xaf, 0x14, 0x7d, 0x10, 0x79, 0xc2, 0xab, 0xa9, 0xc0, 0x7b, 0x12, 0x5f, 0x36, 0x8d, 0xe4, 0xe6, 0x8f, 0x34, 0x5d, 0x30, 0x59, 0xe2, 0x8b, 0x89, 0xe0, 0x5b, 0x32, 0x81, 0xe8, 0x53, 0x3a, 0x38, 0x51, 0xea, 0x83, 0xee, 0x87, 0x3c, 0x55, 0x57, 0x3e, 0x85, 0xec, 0xfe, 0x97, 0x2c, 0x45, 0x47, 0x2e, 0x95, 0xfc, 0x91, 0xf8, 0x43, 0x2a, 0x28, 0x41, 0xfa, 0x93, 0x20, 0x49, 0xf2, 0x9b, 0x99, 0xf0, 0x4b, 0x22, 0x4f, 0x26, 0x9d, 0xf4, 0xf6, 0x9f, 0x24, 0x4d, 0xbe, 0xd7, 0x6c, 0x5, 0x7, 0x6e, 0xd5, 0xbc, 0xd1, 0xb8, 0x3, 0x6a, 0x68, 0x1, 0xba, 0xd3, 0x60, 0x9, 0xb2, 0xdb, 0xd9, 0xb0, 0xb, 0x62, 0xf, 0x66, 0xdd, 0xb4, 0xb6, 0xdf, 0x64, 0xd, 0x1f, 0x76, 0xcd, 0xa4, 0xa6, 0xcf, 0x74, 0x1d, 0x70, 0x19, 0xa2, 0xcb, 0xc9, 0xa0, 0x1b, 0x72, 0xc1, 0xa8, 0x13, 0x7a, 0x78, 0x11, 0xaa, 0xc3, 0xae, 0xc7, 0x7c, 0x15, 0x17, 0x7e, 0xc5, 0xac, 0xe1, 0x88, 0x33, 0x5a, 0x58, 0x31, 0x8a, 0xe3, 0x8e, 0xe7, 0x5c, 0x35, 0x37, 0x5e, 0xe5, 0x8c, 0x3f, 0x56, 0xed, 0x84, 0x86, 0xef, 0x54, 0x3d, 0x50, 0x39, 0x82, 0xeb, 0xe9, 0x80, 0x3b, 0x52, 0x40, 0x29, 0x92, 0xfb, 0xf9, 0x90, 0x2b, 0x42, 0x2f, 0x46, 0xfd, 0x94, 0x96, 0xff, 0x44, 0x2d, 0x9e, 0xf7, 0x4c, 0x25, 0x27, 0x4e, 0xf5, 0x9c, 0xf1, 0x98, 0x23, 0x4a, 0x48, 0x21, 0x9a, 0xf3},
+ {0x0, 0x6a, 0xd4, 0xbe, 0xb5, 0xdf, 0x61, 0xb, 0x77, 0x1d, 0xa3, 0xc9, 0xc2, 0xa8, 0x16, 0x7c, 0xee, 0x84, 0x3a, 0x50, 0x5b, 0x31, 0x8f, 0xe5, 0x99, 0xf3, 0x4d, 0x27, 0x2c, 0x46, 0xf8, 0x92, 0xc1, 0xab, 0x15, 0x7f, 0x74, 0x1e, 0xa0, 0xca, 0xb6, 0xdc, 0x62, 0x8, 0x3, 0x69, 0xd7, 0xbd, 0x2f, 0x45, 0xfb, 0x91, 0x9a, 0xf0, 0x4e, 0x24, 0x58, 0x32, 0x8c, 0xe6, 0xed, 0x87, 0x39, 0x53, 0x9f, 0xf5, 0x4b, 0x21, 0x2a, 0x40, 0xfe, 0x94, 0xe8, 0x82, 0x3c, 0x56, 0x5d, 0x37, 0x89, 0xe3, 0x71, 0x1b, 0xa5, 0xcf, 0xc4, 0xae, 0x10, 0x7a, 0x6, 0x6c, 0xd2, 0xb8, 0xb3, 0xd9, 0x67, 0xd, 0x5e, 0x34, 0x8a, 0xe0, 0xeb, 0x81, 0x3f, 0x55, 0x29, 0x43, 0xfd, 0x97, 0x9c, 0xf6, 0x48, 0x22, 0xb0, 0xda, 0x64, 0xe, 0x5, 0x6f, 0xd1, 0xbb, 0xc7, 0xad, 0x13, 0x79, 0x72, 0x18, 0xa6, 0xcc, 0x23, 0x49, 0xf7, 0x9d, 0x96, 0xfc, 0x42, 0x28, 0x54, 0x3e, 0x80, 0xea, 0xe1, 0x8b, 0x35, 0x5f, 0xcd, 0xa7, 0x19, 0x73, 0x78, 0x12, 0xac, 0xc6, 0xba, 0xd0, 0x6e, 0x4, 0xf, 0x65, 0xdb, 0xb1, 0xe2, 0x88, 0x36, 0x5c, 0x57, 0x3d, 0x83, 0xe9, 0x95, 0xff, 0x41, 0x2b, 0x20, 0x4a, 0xf4, 0x9e, 0xc, 0x66, 0xd8, 0xb2, 0xb9, 0xd3, 0x6d, 0x7, 0x7b, 0x11, 0xaf, 0xc5, 0xce, 0xa4, 0x1a, 0x70, 0xbc, 0xd6, 0x68, 0x2, 0x9, 0x63, 0xdd, 0xb7, 0xcb, 0xa1, 0x1f, 0x75, 0x7e, 0x14, 0xaa, 0xc0, 0x52, 0x38, 0x86, 0xec, 0xe7, 0x8d, 0x33, 0x59, 0x25, 0x4f, 0xf1, 0x9b, 0x90, 0xfa, 0x44, 0x2e, 0x7d, 0x17, 0xa9, 0xc3, 0xc8, 0xa2, 0x1c, 0x76, 0xa, 0x60, 0xde, 0xb4, 0xbf, 0xd5, 0x6b, 0x1, 0x93, 0xf9, 0x47, 0x2d, 0x26, 0x4c, 0xf2, 0x98, 0xe4, 0x8e, 0x30, 0x5a, 0x51, 0x3b, 0x85, 0xef},
+ {0x0, 0x6b, 0xd6, 0xbd, 0xb1, 0xda, 0x67, 0xc, 0x7f, 0x14, 0xa9, 0xc2, 0xce, 0xa5, 0x18, 0x73, 0xfe, 0x95, 0x28, 0x43, 0x4f, 0x24, 0x99, 0xf2, 0x81, 0xea, 0x57, 0x3c, 0x30, 0x5b, 0xe6, 0x8d, 0xe1, 0x8a, 0x37, 0x5c, 0x50, 0x3b, 0x86, 0xed, 0x9e, 0xf5, 0x48, 0x23, 0x2f, 0x44, 0xf9, 0x92, 0x1f, 0x74, 0xc9, 0xa2, 0xae, 0xc5, 0x78, 0x13, 0x60, 0xb, 0xb6, 0xdd, 0xd1, 0xba, 0x7, 0x6c, 0xdf, 0xb4, 0x9, 0x62, 0x6e, 0x5, 0xb8, 0xd3, 0xa0, 0xcb, 0x76, 0x1d, 0x11, 0x7a, 0xc7, 0xac, 0x21, 0x4a, 0xf7, 0x9c, 0x90, 0xfb, 0x46, 0x2d, 0x5e, 0x35, 0x88, 0xe3, 0xef, 0x84, 0x39, 0x52, 0x3e, 0x55, 0xe8, 0x83, 0x8f, 0xe4, 0x59, 0x32, 0x41, 0x2a, 0x97, 0xfc, 0xf0, 0x9b, 0x26, 0x4d, 0xc0, 0xab, 0x16, 0x7d, 0x71, 0x1a, 0xa7, 0xcc, 0xbf, 0xd4, 0x69, 0x2, 0xe, 0x65, 0xd8, 0xb3, 0xa3, 0xc8, 0x75, 0x1e, 0x12, 0x79, 0xc4, 0xaf, 0xdc, 0xb7, 0xa, 0x61, 0x6d, 0x6, 0xbb, 0xd0, 0x5d, 0x36, 0x8b, 0xe0, 0xec, 0x87, 0x3a, 0x51, 0x22, 0x49, 0xf4, 0x9f, 0x93, 0xf8, 0x45, 0x2e, 0x42, 0x29, 0x94, 0xff, 0xf3, 0x98, 0x25, 0x4e, 0x3d, 0x56, 0xeb, 0x80, 0x8c, 0xe7, 0x5a, 0x31, 0xbc, 0xd7, 0x6a, 0x1, 0xd, 0x66, 0xdb, 0xb0, 0xc3, 0xa8, 0x15, 0x7e, 0x72, 0x19, 0xa4, 0xcf, 0x7c, 0x17, 0xaa, 0xc1, 0xcd, 0xa6, 0x1b, 0x70, 0x3, 0x68, 0xd5, 0xbe, 0xb2, 0xd9, 0x64, 0xf, 0x82, 0xe9, 0x54, 0x3f, 0x33, 0x58, 0xe5, 0x8e, 0xfd, 0x96, 0x2b, 0x40, 0x4c, 0x27, 0x9a, 0xf1, 0x9d, 0xf6, 0x4b, 0x20, 0x2c, 0x47, 0xfa, 0x91, 0xe2, 0x89, 0x34, 0x5f, 0x53, 0x38, 0x85, 0xee, 0x63, 0x8, 0xb5, 0xde, 0xd2, 0xb9, 0x4, 0x6f, 0x1c, 0x77, 0xca, 0xa1, 0xad, 0xc6, 0x7b, 0x10},
+ {0x0, 0x6c, 0xd8, 0xb4, 0xad, 0xc1, 0x75, 0x19, 0x47, 0x2b, 0x9f, 0xf3, 0xea, 0x86, 0x32, 0x5e, 0x8e, 0xe2, 0x56, 0x3a, 0x23, 0x4f, 0xfb, 0x97, 0xc9, 0xa5, 0x11, 0x7d, 0x64, 0x8, 0xbc, 0xd0, 0x1, 0x6d, 0xd9, 0xb5, 0xac, 0xc0, 0x74, 0x18, 0x46, 0x2a, 0x9e, 0xf2, 0xeb, 0x87, 0x33, 0x5f, 0x8f, 0xe3, 0x57, 0x3b, 0x22, 0x4e, 0xfa, 0x96, 0xc8, 0xa4, 0x10, 0x7c, 0x65, 0x9, 0xbd, 0xd1, 0x2, 0x6e, 0xda, 0xb6, 0xaf, 0xc3, 0x77, 0x1b, 0x45, 0x29, 0x9d, 0xf1, 0xe8, 0x84, 0x30, 0x5c, 0x8c, 0xe0, 0x54, 0x38, 0x21, 0x4d, 0xf9, 0x95, 0xcb, 0xa7, 0x13, 0x7f, 0x66, 0xa, 0xbe, 0xd2, 0x3, 0x6f, 0xdb, 0xb7, 0xae, 0xc2, 0x76, 0x1a, 0x44, 0x28, 0x9c, 0xf0, 0xe9, 0x85, 0x31, 0x5d, 0x8d, 0xe1, 0x55, 0x39, 0x20, 0x4c, 0xf8, 0x94, 0xca, 0xa6, 0x12, 0x7e, 0x67, 0xb, 0xbf, 0xd3, 0x4, 0x68, 0xdc, 0xb0, 0xa9, 0xc5, 0x71, 0x1d, 0x43, 0x2f, 0x9b, 0xf7, 0xee, 0x82, 0x36, 0x5a, 0x8a, 0xe6, 0x52, 0x3e, 0x27, 0x4b, 0xff, 0x93, 0xcd, 0xa1, 0x15, 0x79, 0x60, 0xc, 0xb8, 0xd4, 0x5, 0x69, 0xdd, 0xb1, 0xa8, 0xc4, 0x70, 0x1c, 0x42, 0x2e, 0x9a, 0xf6, 0xef, 0x83, 0x37, 0x5b, 0x8b, 0xe7, 0x53, 0x3f, 0x26, 0x4a, 0xfe, 0x92, 0xcc, 0xa0, 0x14, 0x78, 0x61, 0xd, 0xb9, 0xd5, 0x6, 0x6a, 0xde, 0xb2, 0xab, 0xc7, 0x73, 0x1f, 0x41, 0x2d, 0x99, 0xf5, 0xec, 0x80, 0x34, 0x58, 0x88, 0xe4, 0x50, 0x3c, 0x25, 0x49, 0xfd, 0x91, 0xcf, 0xa3, 0x17, 0x7b, 0x62, 0xe, 0xba, 0xd6, 0x7, 0x6b, 0xdf, 0xb3, 0xaa, 0xc6, 0x72, 0x1e, 0x40, 0x2c, 0x98, 0xf4, 0xed, 0x81, 0x35, 0x59, 0x89, 0xe5, 0x51, 0x3d, 0x24, 0x48, 0xfc, 0x90, 0xce, 0xa2, 0x16, 0x7a, 0x63, 0xf, 0xbb, 0xd7},
+ {0x0, 0x6d, 0xda, 0xb7, 0xa9, 0xc4, 0x73, 0x1e, 0x4f, 0x22, 0x95, 0xf8, 0xe6, 0x8b, 0x3c, 0x51, 0x9e, 0xf3, 0x44, 0x29, 0x37, 0x5a, 0xed, 0x80, 0xd1, 0xbc, 0xb, 0x66, 0x78, 0x15, 0xa2, 0xcf, 0x21, 0x4c, 0xfb, 0x96, 0x88, 0xe5, 0x52, 0x3f, 0x6e, 0x3, 0xb4, 0xd9, 0xc7, 0xaa, 0x1d, 0x70, 0xbf, 0xd2, 0x65, 0x8, 0x16, 0x7b, 0xcc, 0xa1, 0xf0, 0x9d, 0x2a, 0x47, 0x59, 0x34, 0x83, 0xee, 0x42, 0x2f, 0x98, 0xf5, 0xeb, 0x86, 0x31, 0x5c, 0xd, 0x60, 0xd7, 0xba, 0xa4, 0xc9, 0x7e, 0x13, 0xdc, 0xb1, 0x6, 0x6b, 0x75, 0x18, 0xaf, 0xc2, 0x93, 0xfe, 0x49, 0x24, 0x3a, 0x57, 0xe0, 0x8d, 0x63, 0xe, 0xb9, 0xd4, 0xca, 0xa7, 0x10, 0x7d, 0x2c, 0x41, 0xf6, 0x9b, 0x85, 0xe8, 0x5f, 0x32, 0xfd, 0x90, 0x27, 0x4a, 0x54, 0x39, 0x8e, 0xe3, 0xb2, 0xdf, 0x68, 0x5, 0x1b, 0x76, 0xc1, 0xac, 0x84, 0xe9, 0x5e, 0x33, 0x2d, 0x40, 0xf7, 0x9a, 0xcb, 0xa6, 0x11, 0x7c, 0x62, 0xf, 0xb8, 0xd5, 0x1a, 0x77, 0xc0, 0xad, 0xb3, 0xde, 0x69, 0x4, 0x55, 0x38, 0x8f, 0xe2, 0xfc, 0x91, 0x26, 0x4b, 0xa5, 0xc8, 0x7f, 0x12, 0xc, 0x61, 0xd6, 0xbb, 0xea, 0x87, 0x30, 0x5d, 0x43, 0x2e, 0x99, 0xf4, 0x3b, 0x56, 0xe1, 0x8c, 0x92, 0xff, 0x48, 0x25, 0x74, 0x19, 0xae, 0xc3, 0xdd, 0xb0, 0x7, 0x6a, 0xc6, 0xab, 0x1c, 0x71, 0x6f, 0x2, 0xb5, 0xd8, 0x89, 0xe4, 0x53, 0x3e, 0x20, 0x4d, 0xfa, 0x97, 0x58, 0x35, 0x82, 0xef, 0xf1, 0x9c, 0x2b, 0x46, 0x17, 0x7a, 0xcd, 0xa0, 0xbe, 0xd3, 0x64, 0x9, 0xe7, 0x8a, 0x3d, 0x50, 0x4e, 0x23, 0x94, 0xf9, 0xa8, 0xc5, 0x72, 0x1f, 0x1, 0x6c, 0xdb, 0xb6, 0x79, 0x14, 0xa3, 0xce, 0xd0, 0xbd, 0xa, 0x67, 0x36, 0x5b, 0xec, 0x81, 0x9f, 0xf2, 0x45, 0x28},
+ {0x0, 0x6e, 0xdc, 0xb2, 0xa5, 0xcb, 0x79, 0x17, 0x57, 0x39, 0x8b, 0xe5, 0xf2, 0x9c, 0x2e, 0x40, 0xae, 0xc0, 0x72, 0x1c, 0xb, 0x65, 0xd7, 0xb9, 0xf9, 0x97, 0x25, 0x4b, 0x5c, 0x32, 0x80, 0xee, 0x41, 0x2f, 0x9d, 0xf3, 0xe4, 0x8a, 0x38, 0x56, 0x16, 0x78, 0xca, 0xa4, 0xb3, 0xdd, 0x6f, 0x1, 0xef, 0x81, 0x33, 0x5d, 0x4a, 0x24, 0x96, 0xf8, 0xb8, 0xd6, 0x64, 0xa, 0x1d, 0x73, 0xc1, 0xaf, 0x82, 0xec, 0x5e, 0x30, 0x27, 0x49, 0xfb, 0x95, 0xd5, 0xbb, 0x9, 0x67, 0x70, 0x1e, 0xac, 0xc2, 0x2c, 0x42, 0xf0, 0x9e, 0x89, 0xe7, 0x55, 0x3b, 0x7b, 0x15, 0xa7, 0xc9, 0xde, 0xb0, 0x2, 0x6c, 0xc3, 0xad, 0x1f, 0x71, 0x66, 0x8, 0xba, 0xd4, 0x94, 0xfa, 0x48, 0x26, 0x31, 0x5f, 0xed, 0x83, 0x6d, 0x3, 0xb1, 0xdf, 0xc8, 0xa6, 0x14, 0x7a, 0x3a, 0x54, 0xe6, 0x88, 0x9f, 0xf1, 0x43, 0x2d, 0x19, 0x77, 0xc5, 0xab, 0xbc, 0xd2, 0x60, 0xe, 0x4e, 0x20, 0x92, 0xfc, 0xeb, 0x85, 0x37, 0x59, 0xb7, 0xd9, 0x6b, 0x5, 0x12, 0x7c, 0xce, 0xa0, 0xe0, 0x8e, 0x3c, 0x52, 0x45, 0x2b, 0x99, 0xf7, 0x58, 0x36, 0x84, 0xea, 0xfd, 0x93, 0x21, 0x4f, 0xf, 0x61, 0xd3, 0xbd, 0xaa, 0xc4, 0x76, 0x18, 0xf6, 0x98, 0x2a, 0x44, 0x53, 0x3d, 0x8f, 0xe1, 0xa1, 0xcf, 0x7d, 0x13, 0x4, 0x6a, 0xd8, 0xb6, 0x9b, 0xf5, 0x47, 0x29, 0x3e, 0x50, 0xe2, 0x8c, 0xcc, 0xa2, 0x10, 0x7e, 0x69, 0x7, 0xb5, 0xdb, 0x35, 0x5b, 0xe9, 0x87, 0x90, 0xfe, 0x4c, 0x22, 0x62, 0xc, 0xbe, 0xd0, 0xc7, 0xa9, 0x1b, 0x75, 0xda, 0xb4, 0x6, 0x68, 0x7f, 0x11, 0xa3, 0xcd, 0x8d, 0xe3, 0x51, 0x3f, 0x28, 0x46, 0xf4, 0x9a, 0x74, 0x1a, 0xa8, 0xc6, 0xd1, 0xbf, 0xd, 0x63, 0x23, 0x4d, 0xff, 0x91, 0x86, 0xe8, 0x5a, 0x34},
+ {0x0, 0x6f, 0xde, 0xb1, 0xa1, 0xce, 0x7f, 0x10, 0x5f, 0x30, 0x81, 0xee, 0xfe, 0x91, 0x20, 0x4f, 0xbe, 0xd1, 0x60, 0xf, 0x1f, 0x70, 0xc1, 0xae, 0xe1, 0x8e, 0x3f, 0x50, 0x40, 0x2f, 0x9e, 0xf1, 0x61, 0xe, 0xbf, 0xd0, 0xc0, 0xaf, 0x1e, 0x71, 0x3e, 0x51, 0xe0, 0x8f, 0x9f, 0xf0, 0x41, 0x2e, 0xdf, 0xb0, 0x1, 0x6e, 0x7e, 0x11, 0xa0, 0xcf, 0x80, 0xef, 0x5e, 0x31, 0x21, 0x4e, 0xff, 0x90, 0xc2, 0xad, 0x1c, 0x73, 0x63, 0xc, 0xbd, 0xd2, 0x9d, 0xf2, 0x43, 0x2c, 0x3c, 0x53, 0xe2, 0x8d, 0x7c, 0x13, 0xa2, 0xcd, 0xdd, 0xb2, 0x3, 0x6c, 0x23, 0x4c, 0xfd, 0x92, 0x82, 0xed, 0x5c, 0x33, 0xa3, 0xcc, 0x7d, 0x12, 0x2, 0x6d, 0xdc, 0xb3, 0xfc, 0x93, 0x22, 0x4d, 0x5d, 0x32, 0x83, 0xec, 0x1d, 0x72, 0xc3, 0xac, 0xbc, 0xd3, 0x62, 0xd, 0x42, 0x2d, 0x9c, 0xf3, 0xe3, 0x8c, 0x3d, 0x52, 0x99, 0xf6, 0x47, 0x28, 0x38, 0x57, 0xe6, 0x89, 0xc6, 0xa9, 0x18, 0x77, 0x67, 0x8, 0xb9, 0xd6, 0x27, 0x48, 0xf9, 0x96, 0x86, 0xe9, 0x58, 0x37, 0x78, 0x17, 0xa6, 0xc9, 0xd9, 0xb6, 0x7, 0x68, 0xf8, 0x97, 0x26, 0x49, 0x59, 0x36, 0x87, 0xe8, 0xa7, 0xc8, 0x79, 0x16, 0x6, 0x69, 0xd8, 0xb7, 0x46, 0x29, 0x98, 0xf7, 0xe7, 0x88, 0x39, 0x56, 0x19, 0x76, 0xc7, 0xa8, 0xb8, 0xd7, 0x66, 0x9, 0x5b, 0x34, 0x85, 0xea, 0xfa, 0x95, 0x24, 0x4b, 0x4, 0x6b, 0xda, 0xb5, 0xa5, 0xca, 0x7b, 0x14, 0xe5, 0x8a, 0x3b, 0x54, 0x44, 0x2b, 0x9a, 0xf5, 0xba, 0xd5, 0x64, 0xb, 0x1b, 0x74, 0xc5, 0xaa, 0x3a, 0x55, 0xe4, 0x8b, 0x9b, 0xf4, 0x45, 0x2a, 0x65, 0xa, 0xbb, 0xd4, 0xc4, 0xab, 0x1a, 0x75, 0x84, 0xeb, 0x5a, 0x35, 0x25, 0x4a, 0xfb, 0x94, 0xdb, 0xb4, 0x5, 0x6a, 0x7a, 0x15, 0xa4, 0xcb},
+ {0x0, 0x70, 0xe0, 0x90, 0xdd, 0xad, 0x3d, 0x4d, 0xa7, 0xd7, 0x47, 0x37, 0x7a, 0xa, 0x9a, 0xea, 0x53, 0x23, 0xb3, 0xc3, 0x8e, 0xfe, 0x6e, 0x1e, 0xf4, 0x84, 0x14, 0x64, 0x29, 0x59, 0xc9, 0xb9, 0xa6, 0xd6, 0x46, 0x36, 0x7b, 0xb, 0x9b, 0xeb, 0x1, 0x71, 0xe1, 0x91, 0xdc, 0xac, 0x3c, 0x4c, 0xf5, 0x85, 0x15, 0x65, 0x28, 0x58, 0xc8, 0xb8, 0x52, 0x22, 0xb2, 0xc2, 0x8f, 0xff, 0x6f, 0x1f, 0x51, 0x21, 0xb1, 0xc1, 0x8c, 0xfc, 0x6c, 0x1c, 0xf6, 0x86, 0x16, 0x66, 0x2b, 0x5b, 0xcb, 0xbb, 0x2, 0x72, 0xe2, 0x92, 0xdf, 0xaf, 0x3f, 0x4f, 0xa5, 0xd5, 0x45, 0x35, 0x78, 0x8, 0x98, 0xe8, 0xf7, 0x87, 0x17, 0x67, 0x2a, 0x5a, 0xca, 0xba, 0x50, 0x20, 0xb0, 0xc0, 0x8d, 0xfd, 0x6d, 0x1d, 0xa4, 0xd4, 0x44, 0x34, 0x79, 0x9, 0x99, 0xe9, 0x3, 0x73, 0xe3, 0x93, 0xde, 0xae, 0x3e, 0x4e, 0xa2, 0xd2, 0x42, 0x32, 0x7f, 0xf, 0x9f, 0xef, 0x5, 0x75, 0xe5, 0x95, 0xd8, 0xa8, 0x38, 0x48, 0xf1, 0x81, 0x11, 0x61, 0x2c, 0x5c, 0xcc, 0xbc, 0x56, 0x26, 0xb6, 0xc6, 0x8b, 0xfb, 0x6b, 0x1b, 0x4, 0x74, 0xe4, 0x94, 0xd9, 0xa9, 0x39, 0x49, 0xa3, 0xd3, 0x43, 0x33, 0x7e, 0xe, 0x9e, 0xee, 0x57, 0x27, 0xb7, 0xc7, 0x8a, 0xfa, 0x6a, 0x1a, 0xf0, 0x80, 0x10, 0x60, 0x2d, 0x5d, 0xcd, 0xbd, 0xf3, 0x83, 0x13, 0x63, 0x2e, 0x5e, 0xce, 0xbe, 0x54, 0x24, 0xb4, 0xc4, 0x89, 0xf9, 0x69, 0x19, 0xa0, 0xd0, 0x40, 0x30, 0x7d, 0xd, 0x9d, 0xed, 0x7, 0x77, 0xe7, 0x97, 0xda, 0xaa, 0x3a, 0x4a, 0x55, 0x25, 0xb5, 0xc5, 0x88, 0xf8, 0x68, 0x18, 0xf2, 0x82, 0x12, 0x62, 0x2f, 0x5f, 0xcf, 0xbf, 0x6, 0x76, 0xe6, 0x96, 0xdb, 0xab, 0x3b, 0x4b, 0xa1, 0xd1, 0x41, 0x31, 0x7c, 0xc, 0x9c, 0xec},
+ {0x0, 0x71, 0xe2, 0x93, 0xd9, 0xa8, 0x3b, 0x4a, 0xaf, 0xde, 0x4d, 0x3c, 0x76, 0x7, 0x94, 0xe5, 0x43, 0x32, 0xa1, 0xd0, 0x9a, 0xeb, 0x78, 0x9, 0xec, 0x9d, 0xe, 0x7f, 0x35, 0x44, 0xd7, 0xa6, 0x86, 0xf7, 0x64, 0x15, 0x5f, 0x2e, 0xbd, 0xcc, 0x29, 0x58, 0xcb, 0xba, 0xf0, 0x81, 0x12, 0x63, 0xc5, 0xb4, 0x27, 0x56, 0x1c, 0x6d, 0xfe, 0x8f, 0x6a, 0x1b, 0x88, 0xf9, 0xb3, 0xc2, 0x51, 0x20, 0x11, 0x60, 0xf3, 0x82, 0xc8, 0xb9, 0x2a, 0x5b, 0xbe, 0xcf, 0x5c, 0x2d, 0x67, 0x16, 0x85, 0xf4, 0x52, 0x23, 0xb0, 0xc1, 0x8b, 0xfa, 0x69, 0x18, 0xfd, 0x8c, 0x1f, 0x6e, 0x24, 0x55, 0xc6, 0xb7, 0x97, 0xe6, 0x75, 0x4, 0x4e, 0x3f, 0xac, 0xdd, 0x38, 0x49, 0xda, 0xab, 0xe1, 0x90, 0x3, 0x72, 0xd4, 0xa5, 0x36, 0x47, 0xd, 0x7c, 0xef, 0x9e, 0x7b, 0xa, 0x99, 0xe8, 0xa2, 0xd3, 0x40, 0x31, 0x22, 0x53, 0xc0, 0xb1, 0xfb, 0x8a, 0x19, 0x68, 0x8d, 0xfc, 0x6f, 0x1e, 0x54, 0x25, 0xb6, 0xc7, 0x61, 0x10, 0x83, 0xf2, 0xb8, 0xc9, 0x5a, 0x2b, 0xce, 0xbf, 0x2c, 0x5d, 0x17, 0x66, 0xf5, 0x84, 0xa4, 0xd5, 0x46, 0x37, 0x7d, 0xc, 0x9f, 0xee, 0xb, 0x7a, 0xe9, 0x98, 0xd2, 0xa3, 0x30, 0x41, 0xe7, 0x96, 0x5, 0x74, 0x3e, 0x4f, 0xdc, 0xad, 0x48, 0x39, 0xaa, 0xdb, 0x91, 0xe0, 0x73, 0x2, 0x33, 0x42, 0xd1, 0xa0, 0xea, 0x9b, 0x8, 0x79, 0x9c, 0xed, 0x7e, 0xf, 0x45, 0x34, 0xa7, 0xd6, 0x70, 0x1, 0x92, 0xe3, 0xa9, 0xd8, 0x4b, 0x3a, 0xdf, 0xae, 0x3d, 0x4c, 0x6, 0x77, 0xe4, 0x95, 0xb5, 0xc4, 0x57, 0x26, 0x6c, 0x1d, 0x8e, 0xff, 0x1a, 0x6b, 0xf8, 0x89, 0xc3, 0xb2, 0x21, 0x50, 0xf6, 0x87, 0x14, 0x65, 0x2f, 0x5e, 0xcd, 0xbc, 0x59, 0x28, 0xbb, 0xca, 0x80, 0xf1, 0x62, 0x13},
+ {0x0, 0x72, 0xe4, 0x96, 0xd5, 0xa7, 0x31, 0x43, 0xb7, 0xc5, 0x53, 0x21, 0x62, 0x10, 0x86, 0xf4, 0x73, 0x1, 0x97, 0xe5, 0xa6, 0xd4, 0x42, 0x30, 0xc4, 0xb6, 0x20, 0x52, 0x11, 0x63, 0xf5, 0x87, 0xe6, 0x94, 0x2, 0x70, 0x33, 0x41, 0xd7, 0xa5, 0x51, 0x23, 0xb5, 0xc7, 0x84, 0xf6, 0x60, 0x12, 0x95, 0xe7, 0x71, 0x3, 0x40, 0x32, 0xa4, 0xd6, 0x22, 0x50, 0xc6, 0xb4, 0xf7, 0x85, 0x13, 0x61, 0xd1, 0xa3, 0x35, 0x47, 0x4, 0x76, 0xe0, 0x92, 0x66, 0x14, 0x82, 0xf0, 0xb3, 0xc1, 0x57, 0x25, 0xa2, 0xd0, 0x46, 0x34, 0x77, 0x5, 0x93, 0xe1, 0x15, 0x67, 0xf1, 0x83, 0xc0, 0xb2, 0x24, 0x56, 0x37, 0x45, 0xd3, 0xa1, 0xe2, 0x90, 0x6, 0x74, 0x80, 0xf2, 0x64, 0x16, 0x55, 0x27, 0xb1, 0xc3, 0x44, 0x36, 0xa0, 0xd2, 0x91, 0xe3, 0x75, 0x7, 0xf3, 0x81, 0x17, 0x65, 0x26, 0x54, 0xc2, 0xb0, 0xbf, 0xcd, 0x5b, 0x29, 0x6a, 0x18, 0x8e, 0xfc, 0x8, 0x7a, 0xec, 0x9e, 0xdd, 0xaf, 0x39, 0x4b, 0xcc, 0xbe, 0x28, 0x5a, 0x19, 0x6b, 0xfd, 0x8f, 0x7b, 0x9, 0x9f, 0xed, 0xae, 0xdc, 0x4a, 0x38, 0x59, 0x2b, 0xbd, 0xcf, 0x8c, 0xfe, 0x68, 0x1a, 0xee, 0x9c, 0xa, 0x78, 0x3b, 0x49, 0xdf, 0xad, 0x2a, 0x58, 0xce, 0xbc, 0xff, 0x8d, 0x1b, 0x69, 0x9d, 0xef, 0x79, 0xb, 0x48, 0x3a, 0xac, 0xde, 0x6e, 0x1c, 0x8a, 0xf8, 0xbb, 0xc9, 0x5f, 0x2d, 0xd9, 0xab, 0x3d, 0x4f, 0xc, 0x7e, 0xe8, 0x9a, 0x1d, 0x6f, 0xf9, 0x8b, 0xc8, 0xba, 0x2c, 0x5e, 0xaa, 0xd8, 0x4e, 0x3c, 0x7f, 0xd, 0x9b, 0xe9, 0x88, 0xfa, 0x6c, 0x1e, 0x5d, 0x2f, 0xb9, 0xcb, 0x3f, 0x4d, 0xdb, 0xa9, 0xea, 0x98, 0xe, 0x7c, 0xfb, 0x89, 0x1f, 0x6d, 0x2e, 0x5c, 0xca, 0xb8, 0x4c, 0x3e, 0xa8, 0xda, 0x99, 0xeb, 0x7d, 0xf},
+ {0x0, 0x73, 0xe6, 0x95, 0xd1, 0xa2, 0x37, 0x44, 0xbf, 0xcc, 0x59, 0x2a, 0x6e, 0x1d, 0x88, 0xfb, 0x63, 0x10, 0x85, 0xf6, 0xb2, 0xc1, 0x54, 0x27, 0xdc, 0xaf, 0x3a, 0x49, 0xd, 0x7e, 0xeb, 0x98, 0xc6, 0xb5, 0x20, 0x53, 0x17, 0x64, 0xf1, 0x82, 0x79, 0xa, 0x9f, 0xec, 0xa8, 0xdb, 0x4e, 0x3d, 0xa5, 0xd6, 0x43, 0x30, 0x74, 0x7, 0x92, 0xe1, 0x1a, 0x69, 0xfc, 0x8f, 0xcb, 0xb8, 0x2d, 0x5e, 0x91, 0xe2, 0x77, 0x4, 0x40, 0x33, 0xa6, 0xd5, 0x2e, 0x5d, 0xc8, 0xbb, 0xff, 0x8c, 0x19, 0x6a, 0xf2, 0x81, 0x14, 0x67, 0x23, 0x50, 0xc5, 0xb6, 0x4d, 0x3e, 0xab, 0xd8, 0x9c, 0xef, 0x7a, 0x9, 0x57, 0x24, 0xb1, 0xc2, 0x86, 0xf5, 0x60, 0x13, 0xe8, 0x9b, 0xe, 0x7d, 0x39, 0x4a, 0xdf, 0xac, 0x34, 0x47, 0xd2, 0xa1, 0xe5, 0x96, 0x3, 0x70, 0x8b, 0xf8, 0x6d, 0x1e, 0x5a, 0x29, 0xbc, 0xcf, 0x3f, 0x4c, 0xd9, 0xaa, 0xee, 0x9d, 0x8, 0x7b, 0x80, 0xf3, 0x66, 0x15, 0x51, 0x22, 0xb7, 0xc4, 0x5c, 0x2f, 0xba, 0xc9, 0x8d, 0xfe, 0x6b, 0x18, 0xe3, 0x90, 0x5, 0x76, 0x32, 0x41, 0xd4, 0xa7, 0xf9, 0x8a, 0x1f, 0x6c, 0x28, 0x5b, 0xce, 0xbd, 0x46, 0x35, 0xa0, 0xd3, 0x97, 0xe4, 0x71, 0x2, 0x9a, 0xe9, 0x7c, 0xf, 0x4b, 0x38, 0xad, 0xde, 0x25, 0x56, 0xc3, 0xb0, 0xf4, 0x87, 0x12, 0x61, 0xae, 0xdd, 0x48, 0x3b, 0x7f, 0xc, 0x99, 0xea, 0x11, 0x62, 0xf7, 0x84, 0xc0, 0xb3, 0x26, 0x55, 0xcd, 0xbe, 0x2b, 0x58, 0x1c, 0x6f, 0xfa, 0x89, 0x72, 0x1, 0x94, 0xe7, 0xa3, 0xd0, 0x45, 0x36, 0x68, 0x1b, 0x8e, 0xfd, 0xb9, 0xca, 0x5f, 0x2c, 0xd7, 0xa4, 0x31, 0x42, 0x6, 0x75, 0xe0, 0x93, 0xb, 0x78, 0xed, 0x9e, 0xda, 0xa9, 0x3c, 0x4f, 0xb4, 0xc7, 0x52, 0x21, 0x65, 0x16, 0x83, 0xf0},
+ {0x0, 0x74, 0xe8, 0x9c, 0xcd, 0xb9, 0x25, 0x51, 0x87, 0xf3, 0x6f, 0x1b, 0x4a, 0x3e, 0xa2, 0xd6, 0x13, 0x67, 0xfb, 0x8f, 0xde, 0xaa, 0x36, 0x42, 0x94, 0xe0, 0x7c, 0x8, 0x59, 0x2d, 0xb1, 0xc5, 0x26, 0x52, 0xce, 0xba, 0xeb, 0x9f, 0x3, 0x77, 0xa1, 0xd5, 0x49, 0x3d, 0x6c, 0x18, 0x84, 0xf0, 0x35, 0x41, 0xdd, 0xa9, 0xf8, 0x8c, 0x10, 0x64, 0xb2, 0xc6, 0x5a, 0x2e, 0x7f, 0xb, 0x97, 0xe3, 0x4c, 0x38, 0xa4, 0xd0, 0x81, 0xf5, 0x69, 0x1d, 0xcb, 0xbf, 0x23, 0x57, 0x6, 0x72, 0xee, 0x9a, 0x5f, 0x2b, 0xb7, 0xc3, 0x92, 0xe6, 0x7a, 0xe, 0xd8, 0xac, 0x30, 0x44, 0x15, 0x61, 0xfd, 0x89, 0x6a, 0x1e, 0x82, 0xf6, 0xa7, 0xd3, 0x4f, 0x3b, 0xed, 0x99, 0x5, 0x71, 0x20, 0x54, 0xc8, 0xbc, 0x79, 0xd, 0x91, 0xe5, 0xb4, 0xc0, 0x5c, 0x28, 0xfe, 0x8a, 0x16, 0x62, 0x33, 0x47, 0xdb, 0xaf, 0x98, 0xec, 0x70, 0x4, 0x55, 0x21, 0xbd, 0xc9, 0x1f, 0x6b, 0xf7, 0x83, 0xd2, 0xa6, 0x3a, 0x4e, 0x8b, 0xff, 0x63, 0x17, 0x46, 0x32, 0xae, 0xda, 0xc, 0x78, 0xe4, 0x90, 0xc1, 0xb5, 0x29, 0x5d, 0xbe, 0xca, 0x56, 0x22, 0x73, 0x7, 0x9b, 0xef, 0x39, 0x4d, 0xd1, 0xa5, 0xf4, 0x80, 0x1c, 0x68, 0xad, 0xd9, 0x45, 0x31, 0x60, 0x14, 0x88, 0xfc, 0x2a, 0x5e, 0xc2, 0xb6, 0xe7, 0x93, 0xf, 0x7b, 0xd4, 0xa0, 0x3c, 0x48, 0x19, 0x6d, 0xf1, 0x85, 0x53, 0x27, 0xbb, 0xcf, 0x9e, 0xea, 0x76, 0x2, 0xc7, 0xb3, 0x2f, 0x5b, 0xa, 0x7e, 0xe2, 0x96, 0x40, 0x34, 0xa8, 0xdc, 0x8d, 0xf9, 0x65, 0x11, 0xf2, 0x86, 0x1a, 0x6e, 0x3f, 0x4b, 0xd7, 0xa3, 0x75, 0x1, 0x9d, 0xe9, 0xb8, 0xcc, 0x50, 0x24, 0xe1, 0x95, 0x9, 0x7d, 0x2c, 0x58, 0xc4, 0xb0, 0x66, 0x12, 0x8e, 0xfa, 0xab, 0xdf, 0x43, 0x37},
+ {0x0, 0x75, 0xea, 0x9f, 0xc9, 0xbc, 0x23, 0x56, 0x8f, 0xfa, 0x65, 0x10, 0x46, 0x33, 0xac, 0xd9, 0x3, 0x76, 0xe9, 0x9c, 0xca, 0xbf, 0x20, 0x55, 0x8c, 0xf9, 0x66, 0x13, 0x45, 0x30, 0xaf, 0xda, 0x6, 0x73, 0xec, 0x99, 0xcf, 0xba, 0x25, 0x50, 0x89, 0xfc, 0x63, 0x16, 0x40, 0x35, 0xaa, 0xdf, 0x5, 0x70, 0xef, 0x9a, 0xcc, 0xb9, 0x26, 0x53, 0x8a, 0xff, 0x60, 0x15, 0x43, 0x36, 0xa9, 0xdc, 0xc, 0x79, 0xe6, 0x93, 0xc5, 0xb0, 0x2f, 0x5a, 0x83, 0xf6, 0x69, 0x1c, 0x4a, 0x3f, 0xa0, 0xd5, 0xf, 0x7a, 0xe5, 0x90, 0xc6, 0xb3, 0x2c, 0x59, 0x80, 0xf5, 0x6a, 0x1f, 0x49, 0x3c, 0xa3, 0xd6, 0xa, 0x7f, 0xe0, 0x95, 0xc3, 0xb6, 0x29, 0x5c, 0x85, 0xf0, 0x6f, 0x1a, 0x4c, 0x39, 0xa6, 0xd3, 0x9, 0x7c, 0xe3, 0x96, 0xc0, 0xb5, 0x2a, 0x5f, 0x86, 0xf3, 0x6c, 0x19, 0x4f, 0x3a, 0xa5, 0xd0, 0x18, 0x6d, 0xf2, 0x87, 0xd1, 0xa4, 0x3b, 0x4e, 0x97, 0xe2, 0x7d, 0x8, 0x5e, 0x2b, 0xb4, 0xc1, 0x1b, 0x6e, 0xf1, 0x84, 0xd2, 0xa7, 0x38, 0x4d, 0x94, 0xe1, 0x7e, 0xb, 0x5d, 0x28, 0xb7, 0xc2, 0x1e, 0x6b, 0xf4, 0x81, 0xd7, 0xa2, 0x3d, 0x48, 0x91, 0xe4, 0x7b, 0xe, 0x58, 0x2d, 0xb2, 0xc7, 0x1d, 0x68, 0xf7, 0x82, 0xd4, 0xa1, 0x3e, 0x4b, 0x92, 0xe7, 0x78, 0xd, 0x5b, 0x2e, 0xb1, 0xc4, 0x14, 0x61, 0xfe, 0x8b, 0xdd, 0xa8, 0x37, 0x42, 0x9b, 0xee, 0x71, 0x4, 0x52, 0x27, 0xb8, 0xcd, 0x17, 0x62, 0xfd, 0x88, 0xde, 0xab, 0x34, 0x41, 0x98, 0xed, 0x72, 0x7, 0x51, 0x24, 0xbb, 0xce, 0x12, 0x67, 0xf8, 0x8d, 0xdb, 0xae, 0x31, 0x44, 0x9d, 0xe8, 0x77, 0x2, 0x54, 0x21, 0xbe, 0xcb, 0x11, 0x64, 0xfb, 0x8e, 0xd8, 0xad, 0x32, 0x47, 0x9e, 0xeb, 0x74, 0x1, 0x57, 0x22, 0xbd, 0xc8},
+ {0x0, 0x76, 0xec, 0x9a, 0xc5, 0xb3, 0x29, 0x5f, 0x97, 0xe1, 0x7b, 0xd, 0x52, 0x24, 0xbe, 0xc8, 0x33, 0x45, 0xdf, 0xa9, 0xf6, 0x80, 0x1a, 0x6c, 0xa4, 0xd2, 0x48, 0x3e, 0x61, 0x17, 0x8d, 0xfb, 0x66, 0x10, 0x8a, 0xfc, 0xa3, 0xd5, 0x4f, 0x39, 0xf1, 0x87, 0x1d, 0x6b, 0x34, 0x42, 0xd8, 0xae, 0x55, 0x23, 0xb9, 0xcf, 0x90, 0xe6, 0x7c, 0xa, 0xc2, 0xb4, 0x2e, 0x58, 0x7, 0x71, 0xeb, 0x9d, 0xcc, 0xba, 0x20, 0x56, 0x9, 0x7f, 0xe5, 0x93, 0x5b, 0x2d, 0xb7, 0xc1, 0x9e, 0xe8, 0x72, 0x4, 0xff, 0x89, 0x13, 0x65, 0x3a, 0x4c, 0xd6, 0xa0, 0x68, 0x1e, 0x84, 0xf2, 0xad, 0xdb, 0x41, 0x37, 0xaa, 0xdc, 0x46, 0x30, 0x6f, 0x19, 0x83, 0xf5, 0x3d, 0x4b, 0xd1, 0xa7, 0xf8, 0x8e, 0x14, 0x62, 0x99, 0xef, 0x75, 0x3, 0x5c, 0x2a, 0xb0, 0xc6, 0xe, 0x78, 0xe2, 0x94, 0xcb, 0xbd, 0x27, 0x51, 0x85, 0xf3, 0x69, 0x1f, 0x40, 0x36, 0xac, 0xda, 0x12, 0x64, 0xfe, 0x88, 0xd7, 0xa1, 0x3b, 0x4d, 0xb6, 0xc0, 0x5a, 0x2c, 0x73, 0x5, 0x9f, 0xe9, 0x21, 0x57, 0xcd, 0xbb, 0xe4, 0x92, 0x8, 0x7e, 0xe3, 0x95, 0xf, 0x79, 0x26, 0x50, 0xca, 0xbc, 0x74, 0x2, 0x98, 0xee, 0xb1, 0xc7, 0x5d, 0x2b, 0xd0, 0xa6, 0x3c, 0x4a, 0x15, 0x63, 0xf9, 0x8f, 0x47, 0x31, 0xab, 0xdd, 0x82, 0xf4, 0x6e, 0x18, 0x49, 0x3f, 0xa5, 0xd3, 0x8c, 0xfa, 0x60, 0x16, 0xde, 0xa8, 0x32, 0x44, 0x1b, 0x6d, 0xf7, 0x81, 0x7a, 0xc, 0x96, 0xe0, 0xbf, 0xc9, 0x53, 0x25, 0xed, 0x9b, 0x1, 0x77, 0x28, 0x5e, 0xc4, 0xb2, 0x2f, 0x59, 0xc3, 0xb5, 0xea, 0x9c, 0x6, 0x70, 0xb8, 0xce, 0x54, 0x22, 0x7d, 0xb, 0x91, 0xe7, 0x1c, 0x6a, 0xf0, 0x86, 0xd9, 0xaf, 0x35, 0x43, 0x8b, 0xfd, 0x67, 0x11, 0x4e, 0x38, 0xa2, 0xd4},
+ {0x0, 0x77, 0xee, 0x99, 0xc1, 0xb6, 0x2f, 0x58, 0x9f, 0xe8, 0x71, 0x6, 0x5e, 0x29, 0xb0, 0xc7, 0x23, 0x54, 0xcd, 0xba, 0xe2, 0x95, 0xc, 0x7b, 0xbc, 0xcb, 0x52, 0x25, 0x7d, 0xa, 0x93, 0xe4, 0x46, 0x31, 0xa8, 0xdf, 0x87, 0xf0, 0x69, 0x1e, 0xd9, 0xae, 0x37, 0x40, 0x18, 0x6f, 0xf6, 0x81, 0x65, 0x12, 0x8b, 0xfc, 0xa4, 0xd3, 0x4a, 0x3d, 0xfa, 0x8d, 0x14, 0x63, 0x3b, 0x4c, 0xd5, 0xa2, 0x8c, 0xfb, 0x62, 0x15, 0x4d, 0x3a, 0xa3, 0xd4, 0x13, 0x64, 0xfd, 0x8a, 0xd2, 0xa5, 0x3c, 0x4b, 0xaf, 0xd8, 0x41, 0x36, 0x6e, 0x19, 0x80, 0xf7, 0x30, 0x47, 0xde, 0xa9, 0xf1, 0x86, 0x1f, 0x68, 0xca, 0xbd, 0x24, 0x53, 0xb, 0x7c, 0xe5, 0x92, 0x55, 0x22, 0xbb, 0xcc, 0x94, 0xe3, 0x7a, 0xd, 0xe9, 0x9e, 0x7, 0x70, 0x28, 0x5f, 0xc6, 0xb1, 0x76, 0x1, 0x98, 0xef, 0xb7, 0xc0, 0x59, 0x2e, 0x5, 0x72, 0xeb, 0x9c, 0xc4, 0xb3, 0x2a, 0x5d, 0x9a, 0xed, 0x74, 0x3, 0x5b, 0x2c, 0xb5, 0xc2, 0x26, 0x51, 0xc8, 0xbf, 0xe7, 0x90, 0x9, 0x7e, 0xb9, 0xce, 0x57, 0x20, 0x78, 0xf, 0x96, 0xe1, 0x43, 0x34, 0xad, 0xda, 0x82, 0xf5, 0x6c, 0x1b, 0xdc, 0xab, 0x32, 0x45, 0x1d, 0x6a, 0xf3, 0x84, 0x60, 0x17, 0x8e, 0xf9, 0xa1, 0xd6, 0x4f, 0x38, 0xff, 0x88, 0x11, 0x66, 0x3e, 0x49, 0xd0, 0xa7, 0x89, 0xfe, 0x67, 0x10, 0x48, 0x3f, 0xa6, 0xd1, 0x16, 0x61, 0xf8, 0x8f, 0xd7, 0xa0, 0x39, 0x4e, 0xaa, 0xdd, 0x44, 0x33, 0x6b, 0x1c, 0x85, 0xf2, 0x35, 0x42, 0xdb, 0xac, 0xf4, 0x83, 0x1a, 0x6d, 0xcf, 0xb8, 0x21, 0x56, 0xe, 0x79, 0xe0, 0x97, 0x50, 0x27, 0xbe, 0xc9, 0x91, 0xe6, 0x7f, 0x8, 0xec, 0x9b, 0x2, 0x75, 0x2d, 0x5a, 0xc3, 0xb4, 0x73, 0x4, 0x9d, 0xea, 0xb2, 0xc5, 0x5c, 0x2b},
+ {0x0, 0x78, 0xf0, 0x88, 0xfd, 0x85, 0xd, 0x75, 0xe7, 0x9f, 0x17, 0x6f, 0x1a, 0x62, 0xea, 0x92, 0xd3, 0xab, 0x23, 0x5b, 0x2e, 0x56, 0xde, 0xa6, 0x34, 0x4c, 0xc4, 0xbc, 0xc9, 0xb1, 0x39, 0x41, 0xbb, 0xc3, 0x4b, 0x33, 0x46, 0x3e, 0xb6, 0xce, 0x5c, 0x24, 0xac, 0xd4, 0xa1, 0xd9, 0x51, 0x29, 0x68, 0x10, 0x98, 0xe0, 0x95, 0xed, 0x65, 0x1d, 0x8f, 0xf7, 0x7f, 0x7, 0x72, 0xa, 0x82, 0xfa, 0x6b, 0x13, 0x9b, 0xe3, 0x96, 0xee, 0x66, 0x1e, 0x8c, 0xf4, 0x7c, 0x4, 0x71, 0x9, 0x81, 0xf9, 0xb8, 0xc0, 0x48, 0x30, 0x45, 0x3d, 0xb5, 0xcd, 0x5f, 0x27, 0xaf, 0xd7, 0xa2, 0xda, 0x52, 0x2a, 0xd0, 0xa8, 0x20, 0x58, 0x2d, 0x55, 0xdd, 0xa5, 0x37, 0x4f, 0xc7, 0xbf, 0xca, 0xb2, 0x3a, 0x42, 0x3, 0x7b, 0xf3, 0x8b, 0xfe, 0x86, 0xe, 0x76, 0xe4, 0x9c, 0x14, 0x6c, 0x19, 0x61, 0xe9, 0x91, 0xd6, 0xae, 0x26, 0x5e, 0x2b, 0x53, 0xdb, 0xa3, 0x31, 0x49, 0xc1, 0xb9, 0xcc, 0xb4, 0x3c, 0x44, 0x5, 0x7d, 0xf5, 0x8d, 0xf8, 0x80, 0x8, 0x70, 0xe2, 0x9a, 0x12, 0x6a, 0x1f, 0x67, 0xef, 0x97, 0x6d, 0x15, 0x9d, 0xe5, 0x90, 0xe8, 0x60, 0x18, 0x8a, 0xf2, 0x7a, 0x2, 0x77, 0xf, 0x87, 0xff, 0xbe, 0xc6, 0x4e, 0x36, 0x43, 0x3b, 0xb3, 0xcb, 0x59, 0x21, 0xa9, 0xd1, 0xa4, 0xdc, 0x54, 0x2c, 0xbd, 0xc5, 0x4d, 0x35, 0x40, 0x38, 0xb0, 0xc8, 0x5a, 0x22, 0xaa, 0xd2, 0xa7, 0xdf, 0x57, 0x2f, 0x6e, 0x16, 0x9e, 0xe6, 0x93, 0xeb, 0x63, 0x1b, 0x89, 0xf1, 0x79, 0x1, 0x74, 0xc, 0x84, 0xfc, 0x6, 0x7e, 0xf6, 0x8e, 0xfb, 0x83, 0xb, 0x73, 0xe1, 0x99, 0x11, 0x69, 0x1c, 0x64, 0xec, 0x94, 0xd5, 0xad, 0x25, 0x5d, 0x28, 0x50, 0xd8, 0xa0, 0x32, 0x4a, 0xc2, 0xba, 0xcf, 0xb7, 0x3f, 0x47},
+ {0x0, 0x79, 0xf2, 0x8b, 0xf9, 0x80, 0xb, 0x72, 0xef, 0x96, 0x1d, 0x64, 0x16, 0x6f, 0xe4, 0x9d, 0xc3, 0xba, 0x31, 0x48, 0x3a, 0x43, 0xc8, 0xb1, 0x2c, 0x55, 0xde, 0xa7, 0xd5, 0xac, 0x27, 0x5e, 0x9b, 0xe2, 0x69, 0x10, 0x62, 0x1b, 0x90, 0xe9, 0x74, 0xd, 0x86, 0xff, 0x8d, 0xf4, 0x7f, 0x6, 0x58, 0x21, 0xaa, 0xd3, 0xa1, 0xd8, 0x53, 0x2a, 0xb7, 0xce, 0x45, 0x3c, 0x4e, 0x37, 0xbc, 0xc5, 0x2b, 0x52, 0xd9, 0xa0, 0xd2, 0xab, 0x20, 0x59, 0xc4, 0xbd, 0x36, 0x4f, 0x3d, 0x44, 0xcf, 0xb6, 0xe8, 0x91, 0x1a, 0x63, 0x11, 0x68, 0xe3, 0x9a, 0x7, 0x7e, 0xf5, 0x8c, 0xfe, 0x87, 0xc, 0x75, 0xb0, 0xc9, 0x42, 0x3b, 0x49, 0x30, 0xbb, 0xc2, 0x5f, 0x26, 0xad, 0xd4, 0xa6, 0xdf, 0x54, 0x2d, 0x73, 0xa, 0x81, 0xf8, 0x8a, 0xf3, 0x78, 0x1, 0x9c, 0xe5, 0x6e, 0x17, 0x65, 0x1c, 0x97, 0xee, 0x56, 0x2f, 0xa4, 0xdd, 0xaf, 0xd6, 0x5d, 0x24, 0xb9, 0xc0, 0x4b, 0x32, 0x40, 0x39, 0xb2, 0xcb, 0x95, 0xec, 0x67, 0x1e, 0x6c, 0x15, 0x9e, 0xe7, 0x7a, 0x3, 0x88, 0xf1, 0x83, 0xfa, 0x71, 0x8, 0xcd, 0xb4, 0x3f, 0x46, 0x34, 0x4d, 0xc6, 0xbf, 0x22, 0x5b, 0xd0, 0xa9, 0xdb, 0xa2, 0x29, 0x50, 0xe, 0x77, 0xfc, 0x85, 0xf7, 0x8e, 0x5, 0x7c, 0xe1, 0x98, 0x13, 0x6a, 0x18, 0x61, 0xea, 0x93, 0x7d, 0x4, 0x8f, 0xf6, 0x84, 0xfd, 0x76, 0xf, 0x92, 0xeb, 0x60, 0x19, 0x6b, 0x12, 0x99, 0xe0, 0xbe, 0xc7, 0x4c, 0x35, 0x47, 0x3e, 0xb5, 0xcc, 0x51, 0x28, 0xa3, 0xda, 0xa8, 0xd1, 0x5a, 0x23, 0xe6, 0x9f, 0x14, 0x6d, 0x1f, 0x66, 0xed, 0x94, 0x9, 0x70, 0xfb, 0x82, 0xf0, 0x89, 0x2, 0x7b, 0x25, 0x5c, 0xd7, 0xae, 0xdc, 0xa5, 0x2e, 0x57, 0xca, 0xb3, 0x38, 0x41, 0x33, 0x4a, 0xc1, 0xb8},
+ {0x0, 0x7a, 0xf4, 0x8e, 0xf5, 0x8f, 0x1, 0x7b, 0xf7, 0x8d, 0x3, 0x79, 0x2, 0x78, 0xf6, 0x8c, 0xf3, 0x89, 0x7, 0x7d, 0x6, 0x7c, 0xf2, 0x88, 0x4, 0x7e, 0xf0, 0x8a, 0xf1, 0x8b, 0x5, 0x7f, 0xfb, 0x81, 0xf, 0x75, 0xe, 0x74, 0xfa, 0x80, 0xc, 0x76, 0xf8, 0x82, 0xf9, 0x83, 0xd, 0x77, 0x8, 0x72, 0xfc, 0x86, 0xfd, 0x87, 0x9, 0x73, 0xff, 0x85, 0xb, 0x71, 0xa, 0x70, 0xfe, 0x84, 0xeb, 0x91, 0x1f, 0x65, 0x1e, 0x64, 0xea, 0x90, 0x1c, 0x66, 0xe8, 0x92, 0xe9, 0x93, 0x1d, 0x67, 0x18, 0x62, 0xec, 0x96, 0xed, 0x97, 0x19, 0x63, 0xef, 0x95, 0x1b, 0x61, 0x1a, 0x60, 0xee, 0x94, 0x10, 0x6a, 0xe4, 0x9e, 0xe5, 0x9f, 0x11, 0x6b, 0xe7, 0x9d, 0x13, 0x69, 0x12, 0x68, 0xe6, 0x9c, 0xe3, 0x99, 0x17, 0x6d, 0x16, 0x6c, 0xe2, 0x98, 0x14, 0x6e, 0xe0, 0x9a, 0xe1, 0x9b, 0x15, 0x6f, 0xcb, 0xb1, 0x3f, 0x45, 0x3e, 0x44, 0xca, 0xb0, 0x3c, 0x46, 0xc8, 0xb2, 0xc9, 0xb3, 0x3d, 0x47, 0x38, 0x42, 0xcc, 0xb6, 0xcd, 0xb7, 0x39, 0x43, 0xcf, 0xb5, 0x3b, 0x41, 0x3a, 0x40, 0xce, 0xb4, 0x30, 0x4a, 0xc4, 0xbe, 0xc5, 0xbf, 0x31, 0x4b, 0xc7, 0xbd, 0x33, 0x49, 0x32, 0x48, 0xc6, 0xbc, 0xc3, 0xb9, 0x37, 0x4d, 0x36, 0x4c, 0xc2, 0xb8, 0x34, 0x4e, 0xc0, 0xba, 0xc1, 0xbb, 0x35, 0x4f, 0x20, 0x5a, 0xd4, 0xae, 0xd5, 0xaf, 0x21, 0x5b, 0xd7, 0xad, 0x23, 0x59, 0x22, 0x58, 0xd6, 0xac, 0xd3, 0xa9, 0x27, 0x5d, 0x26, 0x5c, 0xd2, 0xa8, 0x24, 0x5e, 0xd0, 0xaa, 0xd1, 0xab, 0x25, 0x5f, 0xdb, 0xa1, 0x2f, 0x55, 0x2e, 0x54, 0xda, 0xa0, 0x2c, 0x56, 0xd8, 0xa2, 0xd9, 0xa3, 0x2d, 0x57, 0x28, 0x52, 0xdc, 0xa6, 0xdd, 0xa7, 0x29, 0x53, 0xdf, 0xa5, 0x2b, 0x51, 0x2a, 0x50, 0xde, 0xa4},
+ {0x0, 0x7b, 0xf6, 0x8d, 0xf1, 0x8a, 0x7, 0x7c, 0xff, 0x84, 0x9, 0x72, 0xe, 0x75, 0xf8, 0x83, 0xe3, 0x98, 0x15, 0x6e, 0x12, 0x69, 0xe4, 0x9f, 0x1c, 0x67, 0xea, 0x91, 0xed, 0x96, 0x1b, 0x60, 0xdb, 0xa0, 0x2d, 0x56, 0x2a, 0x51, 0xdc, 0xa7, 0x24, 0x5f, 0xd2, 0xa9, 0xd5, 0xae, 0x23, 0x58, 0x38, 0x43, 0xce, 0xb5, 0xc9, 0xb2, 0x3f, 0x44, 0xc7, 0xbc, 0x31, 0x4a, 0x36, 0x4d, 0xc0, 0xbb, 0xab, 0xd0, 0x5d, 0x26, 0x5a, 0x21, 0xac, 0xd7, 0x54, 0x2f, 0xa2, 0xd9, 0xa5, 0xde, 0x53, 0x28, 0x48, 0x33, 0xbe, 0xc5, 0xb9, 0xc2, 0x4f, 0x34, 0xb7, 0xcc, 0x41, 0x3a, 0x46, 0x3d, 0xb0, 0xcb, 0x70, 0xb, 0x86, 0xfd, 0x81, 0xfa, 0x77, 0xc, 0x8f, 0xf4, 0x79, 0x2, 0x7e, 0x5, 0x88, 0xf3, 0x93, 0xe8, 0x65, 0x1e, 0x62, 0x19, 0x94, 0xef, 0x6c, 0x17, 0x9a, 0xe1, 0x9d, 0xe6, 0x6b, 0x10, 0x4b, 0x30, 0xbd, 0xc6, 0xba, 0xc1, 0x4c, 0x37, 0xb4, 0xcf, 0x42, 0x39, 0x45, 0x3e, 0xb3, 0xc8, 0xa8, 0xd3, 0x5e, 0x25, 0x59, 0x22, 0xaf, 0xd4, 0x57, 0x2c, 0xa1, 0xda, 0xa6, 0xdd, 0x50, 0x2b, 0x90, 0xeb, 0x66, 0x1d, 0x61, 0x1a, 0x97, 0xec, 0x6f, 0x14, 0x99, 0xe2, 0x9e, 0xe5, 0x68, 0x13, 0x73, 0x8, 0x85, 0xfe, 0x82, 0xf9, 0x74, 0xf, 0x8c, 0xf7, 0x7a, 0x1, 0x7d, 0x6, 0x8b, 0xf0, 0xe0, 0x9b, 0x16, 0x6d, 0x11, 0x6a, 0xe7, 0x9c, 0x1f, 0x64, 0xe9, 0x92, 0xee, 0x95, 0x18, 0x63, 0x3, 0x78, 0xf5, 0x8e, 0xf2, 0x89, 0x4, 0x7f, 0xfc, 0x87, 0xa, 0x71, 0xd, 0x76, 0xfb, 0x80, 0x3b, 0x40, 0xcd, 0xb6, 0xca, 0xb1, 0x3c, 0x47, 0xc4, 0xbf, 0x32, 0x49, 0x35, 0x4e, 0xc3, 0xb8, 0xd8, 0xa3, 0x2e, 0x55, 0x29, 0x52, 0xdf, 0xa4, 0x27, 0x5c, 0xd1, 0xaa, 0xd6, 0xad, 0x20, 0x5b},
+ {0x0, 0x7c, 0xf8, 0x84, 0xed, 0x91, 0x15, 0x69, 0xc7, 0xbb, 0x3f, 0x43, 0x2a, 0x56, 0xd2, 0xae, 0x93, 0xef, 0x6b, 0x17, 0x7e, 0x2, 0x86, 0xfa, 0x54, 0x28, 0xac, 0xd0, 0xb9, 0xc5, 0x41, 0x3d, 0x3b, 0x47, 0xc3, 0xbf, 0xd6, 0xaa, 0x2e, 0x52, 0xfc, 0x80, 0x4, 0x78, 0x11, 0x6d, 0xe9, 0x95, 0xa8, 0xd4, 0x50, 0x2c, 0x45, 0x39, 0xbd, 0xc1, 0x6f, 0x13, 0x97, 0xeb, 0x82, 0xfe, 0x7a, 0x6, 0x76, 0xa, 0x8e, 0xf2, 0x9b, 0xe7, 0x63, 0x1f, 0xb1, 0xcd, 0x49, 0x35, 0x5c, 0x20, 0xa4, 0xd8, 0xe5, 0x99, 0x1d, 0x61, 0x8, 0x74, 0xf0, 0x8c, 0x22, 0x5e, 0xda, 0xa6, 0xcf, 0xb3, 0x37, 0x4b, 0x4d, 0x31, 0xb5, 0xc9, 0xa0, 0xdc, 0x58, 0x24, 0x8a, 0xf6, 0x72, 0xe, 0x67, 0x1b, 0x9f, 0xe3, 0xde, 0xa2, 0x26, 0x5a, 0x33, 0x4f, 0xcb, 0xb7, 0x19, 0x65, 0xe1, 0x9d, 0xf4, 0x88, 0xc, 0x70, 0xec, 0x90, 0x14, 0x68, 0x1, 0x7d, 0xf9, 0x85, 0x2b, 0x57, 0xd3, 0xaf, 0xc6, 0xba, 0x3e, 0x42, 0x7f, 0x3, 0x87, 0xfb, 0x92, 0xee, 0x6a, 0x16, 0xb8, 0xc4, 0x40, 0x3c, 0x55, 0x29, 0xad, 0xd1, 0xd7, 0xab, 0x2f, 0x53, 0x3a, 0x46, 0xc2, 0xbe, 0x10, 0x6c, 0xe8, 0x94, 0xfd, 0x81, 0x5, 0x79, 0x44, 0x38, 0xbc, 0xc0, 0xa9, 0xd5, 0x51, 0x2d, 0x83, 0xff, 0x7b, 0x7, 0x6e, 0x12, 0x96, 0xea, 0x9a, 0xe6, 0x62, 0x1e, 0x77, 0xb, 0x8f, 0xf3, 0x5d, 0x21, 0xa5, 0xd9, 0xb0, 0xcc, 0x48, 0x34, 0x9, 0x75, 0xf1, 0x8d, 0xe4, 0x98, 0x1c, 0x60, 0xce, 0xb2, 0x36, 0x4a, 0x23, 0x5f, 0xdb, 0xa7, 0xa1, 0xdd, 0x59, 0x25, 0x4c, 0x30, 0xb4, 0xc8, 0x66, 0x1a, 0x9e, 0xe2, 0x8b, 0xf7, 0x73, 0xf, 0x32, 0x4e, 0xca, 0xb6, 0xdf, 0xa3, 0x27, 0x5b, 0xf5, 0x89, 0xd, 0x71, 0x18, 0x64, 0xe0, 0x9c},
+ {0x0, 0x7d, 0xfa, 0x87, 0xe9, 0x94, 0x13, 0x6e, 0xcf, 0xb2, 0x35, 0x48, 0x26, 0x5b, 0xdc, 0xa1, 0x83, 0xfe, 0x79, 0x4, 0x6a, 0x17, 0x90, 0xed, 0x4c, 0x31, 0xb6, 0xcb, 0xa5, 0xd8, 0x5f, 0x22, 0x1b, 0x66, 0xe1, 0x9c, 0xf2, 0x8f, 0x8, 0x75, 0xd4, 0xa9, 0x2e, 0x53, 0x3d, 0x40, 0xc7, 0xba, 0x98, 0xe5, 0x62, 0x1f, 0x71, 0xc, 0x8b, 0xf6, 0x57, 0x2a, 0xad, 0xd0, 0xbe, 0xc3, 0x44, 0x39, 0x36, 0x4b, 0xcc, 0xb1, 0xdf, 0xa2, 0x25, 0x58, 0xf9, 0x84, 0x3, 0x7e, 0x10, 0x6d, 0xea, 0x97, 0xb5, 0xc8, 0x4f, 0x32, 0x5c, 0x21, 0xa6, 0xdb, 0x7a, 0x7, 0x80, 0xfd, 0x93, 0xee, 0x69, 0x14, 0x2d, 0x50, 0xd7, 0xaa, 0xc4, 0xb9, 0x3e, 0x43, 0xe2, 0x9f, 0x18, 0x65, 0xb, 0x76, 0xf1, 0x8c, 0xae, 0xd3, 0x54, 0x29, 0x47, 0x3a, 0xbd, 0xc0, 0x61, 0x1c, 0x9b, 0xe6, 0x88, 0xf5, 0x72, 0xf, 0x6c, 0x11, 0x96, 0xeb, 0x85, 0xf8, 0x7f, 0x2, 0xa3, 0xde, 0x59, 0x24, 0x4a, 0x37, 0xb0, 0xcd, 0xef, 0x92, 0x15, 0x68, 0x6, 0x7b, 0xfc, 0x81, 0x20, 0x5d, 0xda, 0xa7, 0xc9, 0xb4, 0x33, 0x4e, 0x77, 0xa, 0x8d, 0xf0, 0x9e, 0xe3, 0x64, 0x19, 0xb8, 0xc5, 0x42, 0x3f, 0x51, 0x2c, 0xab, 0xd6, 0xf4, 0x89, 0xe, 0x73, 0x1d, 0x60, 0xe7, 0x9a, 0x3b, 0x46, 0xc1, 0xbc, 0xd2, 0xaf, 0x28, 0x55, 0x5a, 0x27, 0xa0, 0xdd, 0xb3, 0xce, 0x49, 0x34, 0x95, 0xe8, 0x6f, 0x12, 0x7c, 0x1, 0x86, 0xfb, 0xd9, 0xa4, 0x23, 0x5e, 0x30, 0x4d, 0xca, 0xb7, 0x16, 0x6b, 0xec, 0x91, 0xff, 0x82, 0x5, 0x78, 0x41, 0x3c, 0xbb, 0xc6, 0xa8, 0xd5, 0x52, 0x2f, 0x8e, 0xf3, 0x74, 0x9, 0x67, 0x1a, 0x9d, 0xe0, 0xc2, 0xbf, 0x38, 0x45, 0x2b, 0x56, 0xd1, 0xac, 0xd, 0x70, 0xf7, 0x8a, 0xe4, 0x99, 0x1e, 0x63},
+ {0x0, 0x7e, 0xfc, 0x82, 0xe5, 0x9b, 0x19, 0x67, 0xd7, 0xa9, 0x2b, 0x55, 0x32, 0x4c, 0xce, 0xb0, 0xb3, 0xcd, 0x4f, 0x31, 0x56, 0x28, 0xaa, 0xd4, 0x64, 0x1a, 0x98, 0xe6, 0x81, 0xff, 0x7d, 0x3, 0x7b, 0x5, 0x87, 0xf9, 0x9e, 0xe0, 0x62, 0x1c, 0xac, 0xd2, 0x50, 0x2e, 0x49, 0x37, 0xb5, 0xcb, 0xc8, 0xb6, 0x34, 0x4a, 0x2d, 0x53, 0xd1, 0xaf, 0x1f, 0x61, 0xe3, 0x9d, 0xfa, 0x84, 0x6, 0x78, 0xf6, 0x88, 0xa, 0x74, 0x13, 0x6d, 0xef, 0x91, 0x21, 0x5f, 0xdd, 0xa3, 0xc4, 0xba, 0x38, 0x46, 0x45, 0x3b, 0xb9, 0xc7, 0xa0, 0xde, 0x5c, 0x22, 0x92, 0xec, 0x6e, 0x10, 0x77, 0x9, 0x8b, 0xf5, 0x8d, 0xf3, 0x71, 0xf, 0x68, 0x16, 0x94, 0xea, 0x5a, 0x24, 0xa6, 0xd8, 0xbf, 0xc1, 0x43, 0x3d, 0x3e, 0x40, 0xc2, 0xbc, 0xdb, 0xa5, 0x27, 0x59, 0xe9, 0x97, 0x15, 0x6b, 0xc, 0x72, 0xf0, 0x8e, 0xf1, 0x8f, 0xd, 0x73, 0x14, 0x6a, 0xe8, 0x96, 0x26, 0x58, 0xda, 0xa4, 0xc3, 0xbd, 0x3f, 0x41, 0x42, 0x3c, 0xbe, 0xc0, 0xa7, 0xd9, 0x5b, 0x25, 0x95, 0xeb, 0x69, 0x17, 0x70, 0xe, 0x8c, 0xf2, 0x8a, 0xf4, 0x76, 0x8, 0x6f, 0x11, 0x93, 0xed, 0x5d, 0x23, 0xa1, 0xdf, 0xb8, 0xc6, 0x44, 0x3a, 0x39, 0x47, 0xc5, 0xbb, 0xdc, 0xa2, 0x20, 0x5e, 0xee, 0x90, 0x12, 0x6c, 0xb, 0x75, 0xf7, 0x89, 0x7, 0x79, 0xfb, 0x85, 0xe2, 0x9c, 0x1e, 0x60, 0xd0, 0xae, 0x2c, 0x52, 0x35, 0x4b, 0xc9, 0xb7, 0xb4, 0xca, 0x48, 0x36, 0x51, 0x2f, 0xad, 0xd3, 0x63, 0x1d, 0x9f, 0xe1, 0x86, 0xf8, 0x7a, 0x4, 0x7c, 0x2, 0x80, 0xfe, 0x99, 0xe7, 0x65, 0x1b, 0xab, 0xd5, 0x57, 0x29, 0x4e, 0x30, 0xb2, 0xcc, 0xcf, 0xb1, 0x33, 0x4d, 0x2a, 0x54, 0xd6, 0xa8, 0x18, 0x66, 0xe4, 0x9a, 0xfd, 0x83, 0x1, 0x7f},
+ {0x0, 0x7f, 0xfe, 0x81, 0xe1, 0x9e, 0x1f, 0x60, 0xdf, 0xa0, 0x21, 0x5e, 0x3e, 0x41, 0xc0, 0xbf, 0xa3, 0xdc, 0x5d, 0x22, 0x42, 0x3d, 0xbc, 0xc3, 0x7c, 0x3, 0x82, 0xfd, 0x9d, 0xe2, 0x63, 0x1c, 0x5b, 0x24, 0xa5, 0xda, 0xba, 0xc5, 0x44, 0x3b, 0x84, 0xfb, 0x7a, 0x5, 0x65, 0x1a, 0x9b, 0xe4, 0xf8, 0x87, 0x6, 0x79, 0x19, 0x66, 0xe7, 0x98, 0x27, 0x58, 0xd9, 0xa6, 0xc6, 0xb9, 0x38, 0x47, 0xb6, 0xc9, 0x48, 0x37, 0x57, 0x28, 0xa9, 0xd6, 0x69, 0x16, 0x97, 0xe8, 0x88, 0xf7, 0x76, 0x9, 0x15, 0x6a, 0xeb, 0x94, 0xf4, 0x8b, 0xa, 0x75, 0xca, 0xb5, 0x34, 0x4b, 0x2b, 0x54, 0xd5, 0xaa, 0xed, 0x92, 0x13, 0x6c, 0xc, 0x73, 0xf2, 0x8d, 0x32, 0x4d, 0xcc, 0xb3, 0xd3, 0xac, 0x2d, 0x52, 0x4e, 0x31, 0xb0, 0xcf, 0xaf, 0xd0, 0x51, 0x2e, 0x91, 0xee, 0x6f, 0x10, 0x70, 0xf, 0x8e, 0xf1, 0x71, 0xe, 0x8f, 0xf0, 0x90, 0xef, 0x6e, 0x11, 0xae, 0xd1, 0x50, 0x2f, 0x4f, 0x30, 0xb1, 0xce, 0xd2, 0xad, 0x2c, 0x53, 0x33, 0x4c, 0xcd, 0xb2, 0xd, 0x72, 0xf3, 0x8c, 0xec, 0x93, 0x12, 0x6d, 0x2a, 0x55, 0xd4, 0xab, 0xcb, 0xb4, 0x35, 0x4a, 0xf5, 0x8a, 0xb, 0x74, 0x14, 0x6b, 0xea, 0x95, 0x89, 0xf6, 0x77, 0x8, 0x68, 0x17, 0x96, 0xe9, 0x56, 0x29, 0xa8, 0xd7, 0xb7, 0xc8, 0x49, 0x36, 0xc7, 0xb8, 0x39, 0x46, 0x26, 0x59, 0xd8, 0xa7, 0x18, 0x67, 0xe6, 0x99, 0xf9, 0x86, 0x7, 0x78, 0x64, 0x1b, 0x9a, 0xe5, 0x85, 0xfa, 0x7b, 0x4, 0xbb, 0xc4, 0x45, 0x3a, 0x5a, 0x25, 0xa4, 0xdb, 0x9c, 0xe3, 0x62, 0x1d, 0x7d, 0x2, 0x83, 0xfc, 0x43, 0x3c, 0xbd, 0xc2, 0xa2, 0xdd, 0x5c, 0x23, 0x3f, 0x40, 0xc1, 0xbe, 0xde, 0xa1, 0x20, 0x5f, 0xe0, 0x9f, 0x1e, 0x61, 0x1, 0x7e, 0xff, 0x80},
+ {0x0, 0x80, 0x1d, 0x9d, 0x3a, 0xba, 0x27, 0xa7, 0x74, 0xf4, 0x69, 0xe9, 0x4e, 0xce, 0x53, 0xd3, 0xe8, 0x68, 0xf5, 0x75, 0xd2, 0x52, 0xcf, 0x4f, 0x9c, 0x1c, 0x81, 0x1, 0xa6, 0x26, 0xbb, 0x3b, 0xcd, 0x4d, 0xd0, 0x50, 0xf7, 0x77, 0xea, 0x6a, 0xb9, 0x39, 0xa4, 0x24, 0x83, 0x3, 0x9e, 0x1e, 0x25, 0xa5, 0x38, 0xb8, 0x1f, 0x9f, 0x2, 0x82, 0x51, 0xd1, 0x4c, 0xcc, 0x6b, 0xeb, 0x76, 0xf6, 0x87, 0x7, 0x9a, 0x1a, 0xbd, 0x3d, 0xa0, 0x20, 0xf3, 0x73, 0xee, 0x6e, 0xc9, 0x49, 0xd4, 0x54, 0x6f, 0xef, 0x72, 0xf2, 0x55, 0xd5, 0x48, 0xc8, 0x1b, 0x9b, 0x6, 0x86, 0x21, 0xa1, 0x3c, 0xbc, 0x4a, 0xca, 0x57, 0xd7, 0x70, 0xf0, 0x6d, 0xed, 0x3e, 0xbe, 0x23, 0xa3, 0x4, 0x84, 0x19, 0x99, 0xa2, 0x22, 0xbf, 0x3f, 0x98, 0x18, 0x85, 0x5, 0xd6, 0x56, 0xcb, 0x4b, 0xec, 0x6c, 0xf1, 0x71, 0x13, 0x93, 0xe, 0x8e, 0x29, 0xa9, 0x34, 0xb4, 0x67, 0xe7, 0x7a, 0xfa, 0x5d, 0xdd, 0x40, 0xc0, 0xfb, 0x7b, 0xe6, 0x66, 0xc1, 0x41, 0xdc, 0x5c, 0x8f, 0xf, 0x92, 0x12, 0xb5, 0x35, 0xa8, 0x28, 0xde, 0x5e, 0xc3, 0x43, 0xe4, 0x64, 0xf9, 0x79, 0xaa, 0x2a, 0xb7, 0x37, 0x90, 0x10, 0x8d, 0xd, 0x36, 0xb6, 0x2b, 0xab, 0xc, 0x8c, 0x11, 0x91, 0x42, 0xc2, 0x5f, 0xdf, 0x78, 0xf8, 0x65, 0xe5, 0x94, 0x14, 0x89, 0x9, 0xae, 0x2e, 0xb3, 0x33, 0xe0, 0x60, 0xfd, 0x7d, 0xda, 0x5a, 0xc7, 0x47, 0x7c, 0xfc, 0x61, 0xe1, 0x46, 0xc6, 0x5b, 0xdb, 0x8, 0x88, 0x15, 0x95, 0x32, 0xb2, 0x2f, 0xaf, 0x59, 0xd9, 0x44, 0xc4, 0x63, 0xe3, 0x7e, 0xfe, 0x2d, 0xad, 0x30, 0xb0, 0x17, 0x97, 0xa, 0x8a, 0xb1, 0x31, 0xac, 0x2c, 0x8b, 0xb, 0x96, 0x16, 0xc5, 0x45, 0xd8, 0x58, 0xff, 0x7f, 0xe2, 0x62},
+ {0x0, 0x81, 0x1f, 0x9e, 0x3e, 0xbf, 0x21, 0xa0, 0x7c, 0xfd, 0x63, 0xe2, 0x42, 0xc3, 0x5d, 0xdc, 0xf8, 0x79, 0xe7, 0x66, 0xc6, 0x47, 0xd9, 0x58, 0x84, 0x5, 0x9b, 0x1a, 0xba, 0x3b, 0xa5, 0x24, 0xed, 0x6c, 0xf2, 0x73, 0xd3, 0x52, 0xcc, 0x4d, 0x91, 0x10, 0x8e, 0xf, 0xaf, 0x2e, 0xb0, 0x31, 0x15, 0x94, 0xa, 0x8b, 0x2b, 0xaa, 0x34, 0xb5, 0x69, 0xe8, 0x76, 0xf7, 0x57, 0xd6, 0x48, 0xc9, 0xc7, 0x46, 0xd8, 0x59, 0xf9, 0x78, 0xe6, 0x67, 0xbb, 0x3a, 0xa4, 0x25, 0x85, 0x4, 0x9a, 0x1b, 0x3f, 0xbe, 0x20, 0xa1, 0x1, 0x80, 0x1e, 0x9f, 0x43, 0xc2, 0x5c, 0xdd, 0x7d, 0xfc, 0x62, 0xe3, 0x2a, 0xab, 0x35, 0xb4, 0x14, 0x95, 0xb, 0x8a, 0x56, 0xd7, 0x49, 0xc8, 0x68, 0xe9, 0x77, 0xf6, 0xd2, 0x53, 0xcd, 0x4c, 0xec, 0x6d, 0xf3, 0x72, 0xae, 0x2f, 0xb1, 0x30, 0x90, 0x11, 0x8f, 0xe, 0x93, 0x12, 0x8c, 0xd, 0xad, 0x2c, 0xb2, 0x33, 0xef, 0x6e, 0xf0, 0x71, 0xd1, 0x50, 0xce, 0x4f, 0x6b, 0xea, 0x74, 0xf5, 0x55, 0xd4, 0x4a, 0xcb, 0x17, 0x96, 0x8, 0x89, 0x29, 0xa8, 0x36, 0xb7, 0x7e, 0xff, 0x61, 0xe0, 0x40, 0xc1, 0x5f, 0xde, 0x2, 0x83, 0x1d, 0x9c, 0x3c, 0xbd, 0x23, 0xa2, 0x86, 0x7, 0x99, 0x18, 0xb8, 0x39, 0xa7, 0x26, 0xfa, 0x7b, 0xe5, 0x64, 0xc4, 0x45, 0xdb, 0x5a, 0x54, 0xd5, 0x4b, 0xca, 0x6a, 0xeb, 0x75, 0xf4, 0x28, 0xa9, 0x37, 0xb6, 0x16, 0x97, 0x9, 0x88, 0xac, 0x2d, 0xb3, 0x32, 0x92, 0x13, 0x8d, 0xc, 0xd0, 0x51, 0xcf, 0x4e, 0xee, 0x6f, 0xf1, 0x70, 0xb9, 0x38, 0xa6, 0x27, 0x87, 0x6, 0x98, 0x19, 0xc5, 0x44, 0xda, 0x5b, 0xfb, 0x7a, 0xe4, 0x65, 0x41, 0xc0, 0x5e, 0xdf, 0x7f, 0xfe, 0x60, 0xe1, 0x3d, 0xbc, 0x22, 0xa3, 0x3, 0x82, 0x1c, 0x9d},
+ {0x0, 0x82, 0x19, 0x9b, 0x32, 0xb0, 0x2b, 0xa9, 0x64, 0xe6, 0x7d, 0xff, 0x56, 0xd4, 0x4f, 0xcd, 0xc8, 0x4a, 0xd1, 0x53, 0xfa, 0x78, 0xe3, 0x61, 0xac, 0x2e, 0xb5, 0x37, 0x9e, 0x1c, 0x87, 0x5, 0x8d, 0xf, 0x94, 0x16, 0xbf, 0x3d, 0xa6, 0x24, 0xe9, 0x6b, 0xf0, 0x72, 0xdb, 0x59, 0xc2, 0x40, 0x45, 0xc7, 0x5c, 0xde, 0x77, 0xf5, 0x6e, 0xec, 0x21, 0xa3, 0x38, 0xba, 0x13, 0x91, 0xa, 0x88, 0x7, 0x85, 0x1e, 0x9c, 0x35, 0xb7, 0x2c, 0xae, 0x63, 0xe1, 0x7a, 0xf8, 0x51, 0xd3, 0x48, 0xca, 0xcf, 0x4d, 0xd6, 0x54, 0xfd, 0x7f, 0xe4, 0x66, 0xab, 0x29, 0xb2, 0x30, 0x99, 0x1b, 0x80, 0x2, 0x8a, 0x8, 0x93, 0x11, 0xb8, 0x3a, 0xa1, 0x23, 0xee, 0x6c, 0xf7, 0x75, 0xdc, 0x5e, 0xc5, 0x47, 0x42, 0xc0, 0x5b, 0xd9, 0x70, 0xf2, 0x69, 0xeb, 0x26, 0xa4, 0x3f, 0xbd, 0x14, 0x96, 0xd, 0x8f, 0xe, 0x8c, 0x17, 0x95, 0x3c, 0xbe, 0x25, 0xa7, 0x6a, 0xe8, 0x73, 0xf1, 0x58, 0xda, 0x41, 0xc3, 0xc6, 0x44, 0xdf, 0x5d, 0xf4, 0x76, 0xed, 0x6f, 0xa2, 0x20, 0xbb, 0x39, 0x90, 0x12, 0x89, 0xb, 0x83, 0x1, 0x9a, 0x18, 0xb1, 0x33, 0xa8, 0x2a, 0xe7, 0x65, 0xfe, 0x7c, 0xd5, 0x57, 0xcc, 0x4e, 0x4b, 0xc9, 0x52, 0xd0, 0x79, 0xfb, 0x60, 0xe2, 0x2f, 0xad, 0x36, 0xb4, 0x1d, 0x9f, 0x4, 0x86, 0x9, 0x8b, 0x10, 0x92, 0x3b, 0xb9, 0x22, 0xa0, 0x6d, 0xef, 0x74, 0xf6, 0x5f, 0xdd, 0x46, 0xc4, 0xc1, 0x43, 0xd8, 0x5a, 0xf3, 0x71, 0xea, 0x68, 0xa5, 0x27, 0xbc, 0x3e, 0x97, 0x15, 0x8e, 0xc, 0x84, 0x6, 0x9d, 0x1f, 0xb6, 0x34, 0xaf, 0x2d, 0xe0, 0x62, 0xf9, 0x7b, 0xd2, 0x50, 0xcb, 0x49, 0x4c, 0xce, 0x55, 0xd7, 0x7e, 0xfc, 0x67, 0xe5, 0x28, 0xaa, 0x31, 0xb3, 0x1a, 0x98, 0x3, 0x81},
+ {0x0, 0x83, 0x1b, 0x98, 0x36, 0xb5, 0x2d, 0xae, 0x6c, 0xef, 0x77, 0xf4, 0x5a, 0xd9, 0x41, 0xc2, 0xd8, 0x5b, 0xc3, 0x40, 0xee, 0x6d, 0xf5, 0x76, 0xb4, 0x37, 0xaf, 0x2c, 0x82, 0x1, 0x99, 0x1a, 0xad, 0x2e, 0xb6, 0x35, 0x9b, 0x18, 0x80, 0x3, 0xc1, 0x42, 0xda, 0x59, 0xf7, 0x74, 0xec, 0x6f, 0x75, 0xf6, 0x6e, 0xed, 0x43, 0xc0, 0x58, 0xdb, 0x19, 0x9a, 0x2, 0x81, 0x2f, 0xac, 0x34, 0xb7, 0x47, 0xc4, 0x5c, 0xdf, 0x71, 0xf2, 0x6a, 0xe9, 0x2b, 0xa8, 0x30, 0xb3, 0x1d, 0x9e, 0x6, 0x85, 0x9f, 0x1c, 0x84, 0x7, 0xa9, 0x2a, 0xb2, 0x31, 0xf3, 0x70, 0xe8, 0x6b, 0xc5, 0x46, 0xde, 0x5d, 0xea, 0x69, 0xf1, 0x72, 0xdc, 0x5f, 0xc7, 0x44, 0x86, 0x5, 0x9d, 0x1e, 0xb0, 0x33, 0xab, 0x28, 0x32, 0xb1, 0x29, 0xaa, 0x4, 0x87, 0x1f, 0x9c, 0x5e, 0xdd, 0x45, 0xc6, 0x68, 0xeb, 0x73, 0xf0, 0x8e, 0xd, 0x95, 0x16, 0xb8, 0x3b, 0xa3, 0x20, 0xe2, 0x61, 0xf9, 0x7a, 0xd4, 0x57, 0xcf, 0x4c, 0x56, 0xd5, 0x4d, 0xce, 0x60, 0xe3, 0x7b, 0xf8, 0x3a, 0xb9, 0x21, 0xa2, 0xc, 0x8f, 0x17, 0x94, 0x23, 0xa0, 0x38, 0xbb, 0x15, 0x96, 0xe, 0x8d, 0x4f, 0xcc, 0x54, 0xd7, 0x79, 0xfa, 0x62, 0xe1, 0xfb, 0x78, 0xe0, 0x63, 0xcd, 0x4e, 0xd6, 0x55, 0x97, 0x14, 0x8c, 0xf, 0xa1, 0x22, 0xba, 0x39, 0xc9, 0x4a, 0xd2, 0x51, 0xff, 0x7c, 0xe4, 0x67, 0xa5, 0x26, 0xbe, 0x3d, 0x93, 0x10, 0x88, 0xb, 0x11, 0x92, 0xa, 0x89, 0x27, 0xa4, 0x3c, 0xbf, 0x7d, 0xfe, 0x66, 0xe5, 0x4b, 0xc8, 0x50, 0xd3, 0x64, 0xe7, 0x7f, 0xfc, 0x52, 0xd1, 0x49, 0xca, 0x8, 0x8b, 0x13, 0x90, 0x3e, 0xbd, 0x25, 0xa6, 0xbc, 0x3f, 0xa7, 0x24, 0x8a, 0x9, 0x91, 0x12, 0xd0, 0x53, 0xcb, 0x48, 0xe6, 0x65, 0xfd, 0x7e},
+ {0x0, 0x84, 0x15, 0x91, 0x2a, 0xae, 0x3f, 0xbb, 0x54, 0xd0, 0x41, 0xc5, 0x7e, 0xfa, 0x6b, 0xef, 0xa8, 0x2c, 0xbd, 0x39, 0x82, 0x6, 0x97, 0x13, 0xfc, 0x78, 0xe9, 0x6d, 0xd6, 0x52, 0xc3, 0x47, 0x4d, 0xc9, 0x58, 0xdc, 0x67, 0xe3, 0x72, 0xf6, 0x19, 0x9d, 0xc, 0x88, 0x33, 0xb7, 0x26, 0xa2, 0xe5, 0x61, 0xf0, 0x74, 0xcf, 0x4b, 0xda, 0x5e, 0xb1, 0x35, 0xa4, 0x20, 0x9b, 0x1f, 0x8e, 0xa, 0x9a, 0x1e, 0x8f, 0xb, 0xb0, 0x34, 0xa5, 0x21, 0xce, 0x4a, 0xdb, 0x5f, 0xe4, 0x60, 0xf1, 0x75, 0x32, 0xb6, 0x27, 0xa3, 0x18, 0x9c, 0xd, 0x89, 0x66, 0xe2, 0x73, 0xf7, 0x4c, 0xc8, 0x59, 0xdd, 0xd7, 0x53, 0xc2, 0x46, 0xfd, 0x79, 0xe8, 0x6c, 0x83, 0x7, 0x96, 0x12, 0xa9, 0x2d, 0xbc, 0x38, 0x7f, 0xfb, 0x6a, 0xee, 0x55, 0xd1, 0x40, 0xc4, 0x2b, 0xaf, 0x3e, 0xba, 0x1, 0x85, 0x14, 0x90, 0x29, 0xad, 0x3c, 0xb8, 0x3, 0x87, 0x16, 0x92, 0x7d, 0xf9, 0x68, 0xec, 0x57, 0xd3, 0x42, 0xc6, 0x81, 0x5, 0x94, 0x10, 0xab, 0x2f, 0xbe, 0x3a, 0xd5, 0x51, 0xc0, 0x44, 0xff, 0x7b, 0xea, 0x6e, 0x64, 0xe0, 0x71, 0xf5, 0x4e, 0xca, 0x5b, 0xdf, 0x30, 0xb4, 0x25, 0xa1, 0x1a, 0x9e, 0xf, 0x8b, 0xcc, 0x48, 0xd9, 0x5d, 0xe6, 0x62, 0xf3, 0x77, 0x98, 0x1c, 0x8d, 0x9, 0xb2, 0x36, 0xa7, 0x23, 0xb3, 0x37, 0xa6, 0x22, 0x99, 0x1d, 0x8c, 0x8, 0xe7, 0x63, 0xf2, 0x76, 0xcd, 0x49, 0xd8, 0x5c, 0x1b, 0x9f, 0xe, 0x8a, 0x31, 0xb5, 0x24, 0xa0, 0x4f, 0xcb, 0x5a, 0xde, 0x65, 0xe1, 0x70, 0xf4, 0xfe, 0x7a, 0xeb, 0x6f, 0xd4, 0x50, 0xc1, 0x45, 0xaa, 0x2e, 0xbf, 0x3b, 0x80, 0x4, 0x95, 0x11, 0x56, 0xd2, 0x43, 0xc7, 0x7c, 0xf8, 0x69, 0xed, 0x2, 0x86, 0x17, 0x93, 0x28, 0xac, 0x3d, 0xb9},
+ {0x0, 0x85, 0x17, 0x92, 0x2e, 0xab, 0x39, 0xbc, 0x5c, 0xd9, 0x4b, 0xce, 0x72, 0xf7, 0x65, 0xe0, 0xb8, 0x3d, 0xaf, 0x2a, 0x96, 0x13, 0x81, 0x4, 0xe4, 0x61, 0xf3, 0x76, 0xca, 0x4f, 0xdd, 0x58, 0x6d, 0xe8, 0x7a, 0xff, 0x43, 0xc6, 0x54, 0xd1, 0x31, 0xb4, 0x26, 0xa3, 0x1f, 0x9a, 0x8, 0x8d, 0xd5, 0x50, 0xc2, 0x47, 0xfb, 0x7e, 0xec, 0x69, 0x89, 0xc, 0x9e, 0x1b, 0xa7, 0x22, 0xb0, 0x35, 0xda, 0x5f, 0xcd, 0x48, 0xf4, 0x71, 0xe3, 0x66, 0x86, 0x3, 0x91, 0x14, 0xa8, 0x2d, 0xbf, 0x3a, 0x62, 0xe7, 0x75, 0xf0, 0x4c, 0xc9, 0x5b, 0xde, 0x3e, 0xbb, 0x29, 0xac, 0x10, 0x95, 0x7, 0x82, 0xb7, 0x32, 0xa0, 0x25, 0x99, 0x1c, 0x8e, 0xb, 0xeb, 0x6e, 0xfc, 0x79, 0xc5, 0x40, 0xd2, 0x57, 0xf, 0x8a, 0x18, 0x9d, 0x21, 0xa4, 0x36, 0xb3, 0x53, 0xd6, 0x44, 0xc1, 0x7d, 0xf8, 0x6a, 0xef, 0xa9, 0x2c, 0xbe, 0x3b, 0x87, 0x2, 0x90, 0x15, 0xf5, 0x70, 0xe2, 0x67, 0xdb, 0x5e, 0xcc, 0x49, 0x11, 0x94, 0x6, 0x83, 0x3f, 0xba, 0x28, 0xad, 0x4d, 0xc8, 0x5a, 0xdf, 0x63, 0xe6, 0x74, 0xf1, 0xc4, 0x41, 0xd3, 0x56, 0xea, 0x6f, 0xfd, 0x78, 0x98, 0x1d, 0x8f, 0xa, 0xb6, 0x33, 0xa1, 0x24, 0x7c, 0xf9, 0x6b, 0xee, 0x52, 0xd7, 0x45, 0xc0, 0x20, 0xa5, 0x37, 0xb2, 0xe, 0x8b, 0x19, 0x9c, 0x73, 0xf6, 0x64, 0xe1, 0x5d, 0xd8, 0x4a, 0xcf, 0x2f, 0xaa, 0x38, 0xbd, 0x1, 0x84, 0x16, 0x93, 0xcb, 0x4e, 0xdc, 0x59, 0xe5, 0x60, 0xf2, 0x77, 0x97, 0x12, 0x80, 0x5, 0xb9, 0x3c, 0xae, 0x2b, 0x1e, 0x9b, 0x9, 0x8c, 0x30, 0xb5, 0x27, 0xa2, 0x42, 0xc7, 0x55, 0xd0, 0x6c, 0xe9, 0x7b, 0xfe, 0xa6, 0x23, 0xb1, 0x34, 0x88, 0xd, 0x9f, 0x1a, 0xfa, 0x7f, 0xed, 0x68, 0xd4, 0x51, 0xc3, 0x46},
+ {0x0, 0x86, 0x11, 0x97, 0x22, 0xa4, 0x33, 0xb5, 0x44, 0xc2, 0x55, 0xd3, 0x66, 0xe0, 0x77, 0xf1, 0x88, 0xe, 0x99, 0x1f, 0xaa, 0x2c, 0xbb, 0x3d, 0xcc, 0x4a, 0xdd, 0x5b, 0xee, 0x68, 0xff, 0x79, 0xd, 0x8b, 0x1c, 0x9a, 0x2f, 0xa9, 0x3e, 0xb8, 0x49, 0xcf, 0x58, 0xde, 0x6b, 0xed, 0x7a, 0xfc, 0x85, 0x3, 0x94, 0x12, 0xa7, 0x21, 0xb6, 0x30, 0xc1, 0x47, 0xd0, 0x56, 0xe3, 0x65, 0xf2, 0x74, 0x1a, 0x9c, 0xb, 0x8d, 0x38, 0xbe, 0x29, 0xaf, 0x5e, 0xd8, 0x4f, 0xc9, 0x7c, 0xfa, 0x6d, 0xeb, 0x92, 0x14, 0x83, 0x5, 0xb0, 0x36, 0xa1, 0x27, 0xd6, 0x50, 0xc7, 0x41, 0xf4, 0x72, 0xe5, 0x63, 0x17, 0x91, 0x6, 0x80, 0x35, 0xb3, 0x24, 0xa2, 0x53, 0xd5, 0x42, 0xc4, 0x71, 0xf7, 0x60, 0xe6, 0x9f, 0x19, 0x8e, 0x8, 0xbd, 0x3b, 0xac, 0x2a, 0xdb, 0x5d, 0xca, 0x4c, 0xf9, 0x7f, 0xe8, 0x6e, 0x34, 0xb2, 0x25, 0xa3, 0x16, 0x90, 0x7, 0x81, 0x70, 0xf6, 0x61, 0xe7, 0x52, 0xd4, 0x43, 0xc5, 0xbc, 0x3a, 0xad, 0x2b, 0x9e, 0x18, 0x8f, 0x9, 0xf8, 0x7e, 0xe9, 0x6f, 0xda, 0x5c, 0xcb, 0x4d, 0x39, 0xbf, 0x28, 0xae, 0x1b, 0x9d, 0xa, 0x8c, 0x7d, 0xfb, 0x6c, 0xea, 0x5f, 0xd9, 0x4e, 0xc8, 0xb1, 0x37, 0xa0, 0x26, 0x93, 0x15, 0x82, 0x4, 0xf5, 0x73, 0xe4, 0x62, 0xd7, 0x51, 0xc6, 0x40, 0x2e, 0xa8, 0x3f, 0xb9, 0xc, 0x8a, 0x1d, 0x9b, 0x6a, 0xec, 0x7b, 0xfd, 0x48, 0xce, 0x59, 0xdf, 0xa6, 0x20, 0xb7, 0x31, 0x84, 0x2, 0x95, 0x13, 0xe2, 0x64, 0xf3, 0x75, 0xc0, 0x46, 0xd1, 0x57, 0x23, 0xa5, 0x32, 0xb4, 0x1, 0x87, 0x10, 0x96, 0x67, 0xe1, 0x76, 0xf0, 0x45, 0xc3, 0x54, 0xd2, 0xab, 0x2d, 0xba, 0x3c, 0x89, 0xf, 0x98, 0x1e, 0xef, 0x69, 0xfe, 0x78, 0xcd, 0x4b, 0xdc, 0x5a},
+ {0x0, 0x87, 0x13, 0x94, 0x26, 0xa1, 0x35, 0xb2, 0x4c, 0xcb, 0x5f, 0xd8, 0x6a, 0xed, 0x79, 0xfe, 0x98, 0x1f, 0x8b, 0xc, 0xbe, 0x39, 0xad, 0x2a, 0xd4, 0x53, 0xc7, 0x40, 0xf2, 0x75, 0xe1, 0x66, 0x2d, 0xaa, 0x3e, 0xb9, 0xb, 0x8c, 0x18, 0x9f, 0x61, 0xe6, 0x72, 0xf5, 0x47, 0xc0, 0x54, 0xd3, 0xb5, 0x32, 0xa6, 0x21, 0x93, 0x14, 0x80, 0x7, 0xf9, 0x7e, 0xea, 0x6d, 0xdf, 0x58, 0xcc, 0x4b, 0x5a, 0xdd, 0x49, 0xce, 0x7c, 0xfb, 0x6f, 0xe8, 0x16, 0x91, 0x5, 0x82, 0x30, 0xb7, 0x23, 0xa4, 0xc2, 0x45, 0xd1, 0x56, 0xe4, 0x63, 0xf7, 0x70, 0x8e, 0x9, 0x9d, 0x1a, 0xa8, 0x2f, 0xbb, 0x3c, 0x77, 0xf0, 0x64, 0xe3, 0x51, 0xd6, 0x42, 0xc5, 0x3b, 0xbc, 0x28, 0xaf, 0x1d, 0x9a, 0xe, 0x89, 0xef, 0x68, 0xfc, 0x7b, 0xc9, 0x4e, 0xda, 0x5d, 0xa3, 0x24, 0xb0, 0x37, 0x85, 0x2, 0x96, 0x11, 0xb4, 0x33, 0xa7, 0x20, 0x92, 0x15, 0x81, 0x6, 0xf8, 0x7f, 0xeb, 0x6c, 0xde, 0x59, 0xcd, 0x4a, 0x2c, 0xab, 0x3f, 0xb8, 0xa, 0x8d, 0x19, 0x9e, 0x60, 0xe7, 0x73, 0xf4, 0x46, 0xc1, 0x55, 0xd2, 0x99, 0x1e, 0x8a, 0xd, 0xbf, 0x38, 0xac, 0x2b, 0xd5, 0x52, 0xc6, 0x41, 0xf3, 0x74, 0xe0, 0x67, 0x1, 0x86, 0x12, 0x95, 0x27, 0xa0, 0x34, 0xb3, 0x4d, 0xca, 0x5e, 0xd9, 0x6b, 0xec, 0x78, 0xff, 0xee, 0x69, 0xfd, 0x7a, 0xc8, 0x4f, 0xdb, 0x5c, 0xa2, 0x25, 0xb1, 0x36, 0x84, 0x3, 0x97, 0x10, 0x76, 0xf1, 0x65, 0xe2, 0x50, 0xd7, 0x43, 0xc4, 0x3a, 0xbd, 0x29, 0xae, 0x1c, 0x9b, 0xf, 0x88, 0xc3, 0x44, 0xd0, 0x57, 0xe5, 0x62, 0xf6, 0x71, 0x8f, 0x8, 0x9c, 0x1b, 0xa9, 0x2e, 0xba, 0x3d, 0x5b, 0xdc, 0x48, 0xcf, 0x7d, 0xfa, 0x6e, 0xe9, 0x17, 0x90, 0x4, 0x83, 0x31, 0xb6, 0x22, 0xa5},
+ {0x0, 0x88, 0xd, 0x85, 0x1a, 0x92, 0x17, 0x9f, 0x34, 0xbc, 0x39, 0xb1, 0x2e, 0xa6, 0x23, 0xab, 0x68, 0xe0, 0x65, 0xed, 0x72, 0xfa, 0x7f, 0xf7, 0x5c, 0xd4, 0x51, 0xd9, 0x46, 0xce, 0x4b, 0xc3, 0xd0, 0x58, 0xdd, 0x55, 0xca, 0x42, 0xc7, 0x4f, 0xe4, 0x6c, 0xe9, 0x61, 0xfe, 0x76, 0xf3, 0x7b, 0xb8, 0x30, 0xb5, 0x3d, 0xa2, 0x2a, 0xaf, 0x27, 0x8c, 0x4, 0x81, 0x9, 0x96, 0x1e, 0x9b, 0x13, 0xbd, 0x35, 0xb0, 0x38, 0xa7, 0x2f, 0xaa, 0x22, 0x89, 0x1, 0x84, 0xc, 0x93, 0x1b, 0x9e, 0x16, 0xd5, 0x5d, 0xd8, 0x50, 0xcf, 0x47, 0xc2, 0x4a, 0xe1, 0x69, 0xec, 0x64, 0xfb, 0x73, 0xf6, 0x7e, 0x6d, 0xe5, 0x60, 0xe8, 0x77, 0xff, 0x7a, 0xf2, 0x59, 0xd1, 0x54, 0xdc, 0x43, 0xcb, 0x4e, 0xc6, 0x5, 0x8d, 0x8, 0x80, 0x1f, 0x97, 0x12, 0x9a, 0x31, 0xb9, 0x3c, 0xb4, 0x2b, 0xa3, 0x26, 0xae, 0x67, 0xef, 0x6a, 0xe2, 0x7d, 0xf5, 0x70, 0xf8, 0x53, 0xdb, 0x5e, 0xd6, 0x49, 0xc1, 0x44, 0xcc, 0xf, 0x87, 0x2, 0x8a, 0x15, 0x9d, 0x18, 0x90, 0x3b, 0xb3, 0x36, 0xbe, 0x21, 0xa9, 0x2c, 0xa4, 0xb7, 0x3f, 0xba, 0x32, 0xad, 0x25, 0xa0, 0x28, 0x83, 0xb, 0x8e, 0x6, 0x99, 0x11, 0x94, 0x1c, 0xdf, 0x57, 0xd2, 0x5a, 0xc5, 0x4d, 0xc8, 0x40, 0xeb, 0x63, 0xe6, 0x6e, 0xf1, 0x79, 0xfc, 0x74, 0xda, 0x52, 0xd7, 0x5f, 0xc0, 0x48, 0xcd, 0x45, 0xee, 0x66, 0xe3, 0x6b, 0xf4, 0x7c, 0xf9, 0x71, 0xb2, 0x3a, 0xbf, 0x37, 0xa8, 0x20, 0xa5, 0x2d, 0x86, 0xe, 0x8b, 0x3, 0x9c, 0x14, 0x91, 0x19, 0xa, 0x82, 0x7, 0x8f, 0x10, 0x98, 0x1d, 0x95, 0x3e, 0xb6, 0x33, 0xbb, 0x24, 0xac, 0x29, 0xa1, 0x62, 0xea, 0x6f, 0xe7, 0x78, 0xf0, 0x75, 0xfd, 0x56, 0xde, 0x5b, 0xd3, 0x4c, 0xc4, 0x41, 0xc9},
+ {0x0, 0x89, 0xf, 0x86, 0x1e, 0x97, 0x11, 0x98, 0x3c, 0xb5, 0x33, 0xba, 0x22, 0xab, 0x2d, 0xa4, 0x78, 0xf1, 0x77, 0xfe, 0x66, 0xef, 0x69, 0xe0, 0x44, 0xcd, 0x4b, 0xc2, 0x5a, 0xd3, 0x55, 0xdc, 0xf0, 0x79, 0xff, 0x76, 0xee, 0x67, 0xe1, 0x68, 0xcc, 0x45, 0xc3, 0x4a, 0xd2, 0x5b, 0xdd, 0x54, 0x88, 0x1, 0x87, 0xe, 0x96, 0x1f, 0x99, 0x10, 0xb4, 0x3d, 0xbb, 0x32, 0xaa, 0x23, 0xa5, 0x2c, 0xfd, 0x74, 0xf2, 0x7b, 0xe3, 0x6a, 0xec, 0x65, 0xc1, 0x48, 0xce, 0x47, 0xdf, 0x56, 0xd0, 0x59, 0x85, 0xc, 0x8a, 0x3, 0x9b, 0x12, 0x94, 0x1d, 0xb9, 0x30, 0xb6, 0x3f, 0xa7, 0x2e, 0xa8, 0x21, 0xd, 0x84, 0x2, 0x8b, 0x13, 0x9a, 0x1c, 0x95, 0x31, 0xb8, 0x3e, 0xb7, 0x2f, 0xa6, 0x20, 0xa9, 0x75, 0xfc, 0x7a, 0xf3, 0x6b, 0xe2, 0x64, 0xed, 0x49, 0xc0, 0x46, 0xcf, 0x57, 0xde, 0x58, 0xd1, 0xe7, 0x6e, 0xe8, 0x61, 0xf9, 0x70, 0xf6, 0x7f, 0xdb, 0x52, 0xd4, 0x5d, 0xc5, 0x4c, 0xca, 0x43, 0x9f, 0x16, 0x90, 0x19, 0x81, 0x8, 0x8e, 0x7, 0xa3, 0x2a, 0xac, 0x25, 0xbd, 0x34, 0xb2, 0x3b, 0x17, 0x9e, 0x18, 0x91, 0x9, 0x80, 0x6, 0x8f, 0x2b, 0xa2, 0x24, 0xad, 0x35, 0xbc, 0x3a, 0xb3, 0x6f, 0xe6, 0x60, 0xe9, 0x71, 0xf8, 0x7e, 0xf7, 0x53, 0xda, 0x5c, 0xd5, 0x4d, 0xc4, 0x42, 0xcb, 0x1a, 0x93, 0x15, 0x9c, 0x4, 0x8d, 0xb, 0x82, 0x26, 0xaf, 0x29, 0xa0, 0x38, 0xb1, 0x37, 0xbe, 0x62, 0xeb, 0x6d, 0xe4, 0x7c, 0xf5, 0x73, 0xfa, 0x5e, 0xd7, 0x51, 0xd8, 0x40, 0xc9, 0x4f, 0xc6, 0xea, 0x63, 0xe5, 0x6c, 0xf4, 0x7d, 0xfb, 0x72, 0xd6, 0x5f, 0xd9, 0x50, 0xc8, 0x41, 0xc7, 0x4e, 0x92, 0x1b, 0x9d, 0x14, 0x8c, 0x5, 0x83, 0xa, 0xae, 0x27, 0xa1, 0x28, 0xb0, 0x39, 0xbf, 0x36},
+ {0x0, 0x8a, 0x9, 0x83, 0x12, 0x98, 0x1b, 0x91, 0x24, 0xae, 0x2d, 0xa7, 0x36, 0xbc, 0x3f, 0xb5, 0x48, 0xc2, 0x41, 0xcb, 0x5a, 0xd0, 0x53, 0xd9, 0x6c, 0xe6, 0x65, 0xef, 0x7e, 0xf4, 0x77, 0xfd, 0x90, 0x1a, 0x99, 0x13, 0x82, 0x8, 0x8b, 0x1, 0xb4, 0x3e, 0xbd, 0x37, 0xa6, 0x2c, 0xaf, 0x25, 0xd8, 0x52, 0xd1, 0x5b, 0xca, 0x40, 0xc3, 0x49, 0xfc, 0x76, 0xf5, 0x7f, 0xee, 0x64, 0xe7, 0x6d, 0x3d, 0xb7, 0x34, 0xbe, 0x2f, 0xa5, 0x26, 0xac, 0x19, 0x93, 0x10, 0x9a, 0xb, 0x81, 0x2, 0x88, 0x75, 0xff, 0x7c, 0xf6, 0x67, 0xed, 0x6e, 0xe4, 0x51, 0xdb, 0x58, 0xd2, 0x43, 0xc9, 0x4a, 0xc0, 0xad, 0x27, 0xa4, 0x2e, 0xbf, 0x35, 0xb6, 0x3c, 0x89, 0x3, 0x80, 0xa, 0x9b, 0x11, 0x92, 0x18, 0xe5, 0x6f, 0xec, 0x66, 0xf7, 0x7d, 0xfe, 0x74, 0xc1, 0x4b, 0xc8, 0x42, 0xd3, 0x59, 0xda, 0x50, 0x7a, 0xf0, 0x73, 0xf9, 0x68, 0xe2, 0x61, 0xeb, 0x5e, 0xd4, 0x57, 0xdd, 0x4c, 0xc6, 0x45, 0xcf, 0x32, 0xb8, 0x3b, 0xb1, 0x20, 0xaa, 0x29, 0xa3, 0x16, 0x9c, 0x1f, 0x95, 0x4, 0x8e, 0xd, 0x87, 0xea, 0x60, 0xe3, 0x69, 0xf8, 0x72, 0xf1, 0x7b, 0xce, 0x44, 0xc7, 0x4d, 0xdc, 0x56, 0xd5, 0x5f, 0xa2, 0x28, 0xab, 0x21, 0xb0, 0x3a, 0xb9, 0x33, 0x86, 0xc, 0x8f, 0x5, 0x94, 0x1e, 0x9d, 0x17, 0x47, 0xcd, 0x4e, 0xc4, 0x55, 0xdf, 0x5c, 0xd6, 0x63, 0xe9, 0x6a, 0xe0, 0x71, 0xfb, 0x78, 0xf2, 0xf, 0x85, 0x6, 0x8c, 0x1d, 0x97, 0x14, 0x9e, 0x2b, 0xa1, 0x22, 0xa8, 0x39, 0xb3, 0x30, 0xba, 0xd7, 0x5d, 0xde, 0x54, 0xc5, 0x4f, 0xcc, 0x46, 0xf3, 0x79, 0xfa, 0x70, 0xe1, 0x6b, 0xe8, 0x62, 0x9f, 0x15, 0x96, 0x1c, 0x8d, 0x7, 0x84, 0xe, 0xbb, 0x31, 0xb2, 0x38, 0xa9, 0x23, 0xa0, 0x2a},
+ {0x0, 0x8b, 0xb, 0x80, 0x16, 0x9d, 0x1d, 0x96, 0x2c, 0xa7, 0x27, 0xac, 0x3a, 0xb1, 0x31, 0xba, 0x58, 0xd3, 0x53, 0xd8, 0x4e, 0xc5, 0x45, 0xce, 0x74, 0xff, 0x7f, 0xf4, 0x62, 0xe9, 0x69, 0xe2, 0xb0, 0x3b, 0xbb, 0x30, 0xa6, 0x2d, 0xad, 0x26, 0x9c, 0x17, 0x97, 0x1c, 0x8a, 0x1, 0x81, 0xa, 0xe8, 0x63, 0xe3, 0x68, 0xfe, 0x75, 0xf5, 0x7e, 0xc4, 0x4f, 0xcf, 0x44, 0xd2, 0x59, 0xd9, 0x52, 0x7d, 0xf6, 0x76, 0xfd, 0x6b, 0xe0, 0x60, 0xeb, 0x51, 0xda, 0x5a, 0xd1, 0x47, 0xcc, 0x4c, 0xc7, 0x25, 0xae, 0x2e, 0xa5, 0x33, 0xb8, 0x38, 0xb3, 0x9, 0x82, 0x2, 0x89, 0x1f, 0x94, 0x14, 0x9f, 0xcd, 0x46, 0xc6, 0x4d, 0xdb, 0x50, 0xd0, 0x5b, 0xe1, 0x6a, 0xea, 0x61, 0xf7, 0x7c, 0xfc, 0x77, 0x95, 0x1e, 0x9e, 0x15, 0x83, 0x8, 0x88, 0x3, 0xb9, 0x32, 0xb2, 0x39, 0xaf, 0x24, 0xa4, 0x2f, 0xfa, 0x71, 0xf1, 0x7a, 0xec, 0x67, 0xe7, 0x6c, 0xd6, 0x5d, 0xdd, 0x56, 0xc0, 0x4b, 0xcb, 0x40, 0xa2, 0x29, 0xa9, 0x22, 0xb4, 0x3f, 0xbf, 0x34, 0x8e, 0x5, 0x85, 0xe, 0x98, 0x13, 0x93, 0x18, 0x4a, 0xc1, 0x41, 0xca, 0x5c, 0xd7, 0x57, 0xdc, 0x66, 0xed, 0x6d, 0xe6, 0x70, 0xfb, 0x7b, 0xf0, 0x12, 0x99, 0x19, 0x92, 0x4, 0x8f, 0xf, 0x84, 0x3e, 0xb5, 0x35, 0xbe, 0x28, 0xa3, 0x23, 0xa8, 0x87, 0xc, 0x8c, 0x7, 0x91, 0x1a, 0x9a, 0x11, 0xab, 0x20, 0xa0, 0x2b, 0xbd, 0x36, 0xb6, 0x3d, 0xdf, 0x54, 0xd4, 0x5f, 0xc9, 0x42, 0xc2, 0x49, 0xf3, 0x78, 0xf8, 0x73, 0xe5, 0x6e, 0xee, 0x65, 0x37, 0xbc, 0x3c, 0xb7, 0x21, 0xaa, 0x2a, 0xa1, 0x1b, 0x90, 0x10, 0x9b, 0xd, 0x86, 0x6, 0x8d, 0x6f, 0xe4, 0x64, 0xef, 0x79, 0xf2, 0x72, 0xf9, 0x43, 0xc8, 0x48, 0xc3, 0x55, 0xde, 0x5e, 0xd5},
+ {0x0, 0x8c, 0x5, 0x89, 0xa, 0x86, 0xf, 0x83, 0x14, 0x98, 0x11, 0x9d, 0x1e, 0x92, 0x1b, 0x97, 0x28, 0xa4, 0x2d, 0xa1, 0x22, 0xae, 0x27, 0xab, 0x3c, 0xb0, 0x39, 0xb5, 0x36, 0xba, 0x33, 0xbf, 0x50, 0xdc, 0x55, 0xd9, 0x5a, 0xd6, 0x5f, 0xd3, 0x44, 0xc8, 0x41, 0xcd, 0x4e, 0xc2, 0x4b, 0xc7, 0x78, 0xf4, 0x7d, 0xf1, 0x72, 0xfe, 0x77, 0xfb, 0x6c, 0xe0, 0x69, 0xe5, 0x66, 0xea, 0x63, 0xef, 0xa0, 0x2c, 0xa5, 0x29, 0xaa, 0x26, 0xaf, 0x23, 0xb4, 0x38, 0xb1, 0x3d, 0xbe, 0x32, 0xbb, 0x37, 0x88, 0x4, 0x8d, 0x1, 0x82, 0xe, 0x87, 0xb, 0x9c, 0x10, 0x99, 0x15, 0x96, 0x1a, 0x93, 0x1f, 0xf0, 0x7c, 0xf5, 0x79, 0xfa, 0x76, 0xff, 0x73, 0xe4, 0x68, 0xe1, 0x6d, 0xee, 0x62, 0xeb, 0x67, 0xd8, 0x54, 0xdd, 0x51, 0xd2, 0x5e, 0xd7, 0x5b, 0xcc, 0x40, 0xc9, 0x45, 0xc6, 0x4a, 0xc3, 0x4f, 0x5d, 0xd1, 0x58, 0xd4, 0x57, 0xdb, 0x52, 0xde, 0x49, 0xc5, 0x4c, 0xc0, 0x43, 0xcf, 0x46, 0xca, 0x75, 0xf9, 0x70, 0xfc, 0x7f, 0xf3, 0x7a, 0xf6, 0x61, 0xed, 0x64, 0xe8, 0x6b, 0xe7, 0x6e, 0xe2, 0xd, 0x81, 0x8, 0x84, 0x7, 0x8b, 0x2, 0x8e, 0x19, 0x95, 0x1c, 0x90, 0x13, 0x9f, 0x16, 0x9a, 0x25, 0xa9, 0x20, 0xac, 0x2f, 0xa3, 0x2a, 0xa6, 0x31, 0xbd, 0x34, 0xb8, 0x3b, 0xb7, 0x3e, 0xb2, 0xfd, 0x71, 0xf8, 0x74, 0xf7, 0x7b, 0xf2, 0x7e, 0xe9, 0x65, 0xec, 0x60, 0xe3, 0x6f, 0xe6, 0x6a, 0xd5, 0x59, 0xd0, 0x5c, 0xdf, 0x53, 0xda, 0x56, 0xc1, 0x4d, 0xc4, 0x48, 0xcb, 0x47, 0xce, 0x42, 0xad, 0x21, 0xa8, 0x24, 0xa7, 0x2b, 0xa2, 0x2e, 0xb9, 0x35, 0xbc, 0x30, 0xb3, 0x3f, 0xb6, 0x3a, 0x85, 0x9, 0x80, 0xc, 0x8f, 0x3, 0x8a, 0x6, 0x91, 0x1d, 0x94, 0x18, 0x9b, 0x17, 0x9e, 0x12},
+ {0x0, 0x8d, 0x7, 0x8a, 0xe, 0x83, 0x9, 0x84, 0x1c, 0x91, 0x1b, 0x96, 0x12, 0x9f, 0x15, 0x98, 0x38, 0xb5, 0x3f, 0xb2, 0x36, 0xbb, 0x31, 0xbc, 0x24, 0xa9, 0x23, 0xae, 0x2a, 0xa7, 0x2d, 0xa0, 0x70, 0xfd, 0x77, 0xfa, 0x7e, 0xf3, 0x79, 0xf4, 0x6c, 0xe1, 0x6b, 0xe6, 0x62, 0xef, 0x65, 0xe8, 0x48, 0xc5, 0x4f, 0xc2, 0x46, 0xcb, 0x41, 0xcc, 0x54, 0xd9, 0x53, 0xde, 0x5a, 0xd7, 0x5d, 0xd0, 0xe0, 0x6d, 0xe7, 0x6a, 0xee, 0x63, 0xe9, 0x64, 0xfc, 0x71, 0xfb, 0x76, 0xf2, 0x7f, 0xf5, 0x78, 0xd8, 0x55, 0xdf, 0x52, 0xd6, 0x5b, 0xd1, 0x5c, 0xc4, 0x49, 0xc3, 0x4e, 0xca, 0x47, 0xcd, 0x40, 0x90, 0x1d, 0x97, 0x1a, 0x9e, 0x13, 0x99, 0x14, 0x8c, 0x1, 0x8b, 0x6, 0x82, 0xf, 0x85, 0x8, 0xa8, 0x25, 0xaf, 0x22, 0xa6, 0x2b, 0xa1, 0x2c, 0xb4, 0x39, 0xb3, 0x3e, 0xba, 0x37, 0xbd, 0x30, 0xdd, 0x50, 0xda, 0x57, 0xd3, 0x5e, 0xd4, 0x59, 0xc1, 0x4c, 0xc6, 0x4b, 0xcf, 0x42, 0xc8, 0x45, 0xe5, 0x68, 0xe2, 0x6f, 0xeb, 0x66, 0xec, 0x61, 0xf9, 0x74, 0xfe, 0x73, 0xf7, 0x7a, 0xf0, 0x7d, 0xad, 0x20, 0xaa, 0x27, 0xa3, 0x2e, 0xa4, 0x29, 0xb1, 0x3c, 0xb6, 0x3b, 0xbf, 0x32, 0xb8, 0x35, 0x95, 0x18, 0x92, 0x1f, 0x9b, 0x16, 0x9c, 0x11, 0x89, 0x4, 0x8e, 0x3, 0x87, 0xa, 0x80, 0xd, 0x3d, 0xb0, 0x3a, 0xb7, 0x33, 0xbe, 0x34, 0xb9, 0x21, 0xac, 0x26, 0xab, 0x2f, 0xa2, 0x28, 0xa5, 0x5, 0x88, 0x2, 0x8f, 0xb, 0x86, 0xc, 0x81, 0x19, 0x94, 0x1e, 0x93, 0x17, 0x9a, 0x10, 0x9d, 0x4d, 0xc0, 0x4a, 0xc7, 0x43, 0xce, 0x44, 0xc9, 0x51, 0xdc, 0x56, 0xdb, 0x5f, 0xd2, 0x58, 0xd5, 0x75, 0xf8, 0x72, 0xff, 0x7b, 0xf6, 0x7c, 0xf1, 0x69, 0xe4, 0x6e, 0xe3, 0x67, 0xea, 0x60, 0xed},
+ {0x0, 0x8e, 0x1, 0x8f, 0x2, 0x8c, 0x3, 0x8d, 0x4, 0x8a, 0x5, 0x8b, 0x6, 0x88, 0x7, 0x89, 0x8, 0x86, 0x9, 0x87, 0xa, 0x84, 0xb, 0x85, 0xc, 0x82, 0xd, 0x83, 0xe, 0x80, 0xf, 0x81, 0x10, 0x9e, 0x11, 0x9f, 0x12, 0x9c, 0x13, 0x9d, 0x14, 0x9a, 0x15, 0x9b, 0x16, 0x98, 0x17, 0x99, 0x18, 0x96, 0x19, 0x97, 0x1a, 0x94, 0x1b, 0x95, 0x1c, 0x92, 0x1d, 0x93, 0x1e, 0x90, 0x1f, 0x91, 0x20, 0xae, 0x21, 0xaf, 0x22, 0xac, 0x23, 0xad, 0x24, 0xaa, 0x25, 0xab, 0x26, 0xa8, 0x27, 0xa9, 0x28, 0xa6, 0x29, 0xa7, 0x2a, 0xa4, 0x2b, 0xa5, 0x2c, 0xa2, 0x2d, 0xa3, 0x2e, 0xa0, 0x2f, 0xa1, 0x30, 0xbe, 0x31, 0xbf, 0x32, 0xbc, 0x33, 0xbd, 0x34, 0xba, 0x35, 0xbb, 0x36, 0xb8, 0x37, 0xb9, 0x38, 0xb6, 0x39, 0xb7, 0x3a, 0xb4, 0x3b, 0xb5, 0x3c, 0xb2, 0x3d, 0xb3, 0x3e, 0xb0, 0x3f, 0xb1, 0x40, 0xce, 0x41, 0xcf, 0x42, 0xcc, 0x43, 0xcd, 0x44, 0xca, 0x45, 0xcb, 0x46, 0xc8, 0x47, 0xc9, 0x48, 0xc6, 0x49, 0xc7, 0x4a, 0xc4, 0x4b, 0xc5, 0x4c, 0xc2, 0x4d, 0xc3, 0x4e, 0xc0, 0x4f, 0xc1, 0x50, 0xde, 0x51, 0xdf, 0x52, 0xdc, 0x53, 0xdd, 0x54, 0xda, 0x55, 0xdb, 0x56, 0xd8, 0x57, 0xd9, 0x58, 0xd6, 0x59, 0xd7, 0x5a, 0xd4, 0x5b, 0xd5, 0x5c, 0xd2, 0x5d, 0xd3, 0x5e, 0xd0, 0x5f, 0xd1, 0x60, 0xee, 0x61, 0xef, 0x62, 0xec, 0x63, 0xed, 0x64, 0xea, 0x65, 0xeb, 0x66, 0xe8, 0x67, 0xe9, 0x68, 0xe6, 0x69, 0xe7, 0x6a, 0xe4, 0x6b, 0xe5, 0x6c, 0xe2, 0x6d, 0xe3, 0x6e, 0xe0, 0x6f, 0xe1, 0x70, 0xfe, 0x71, 0xff, 0x72, 0xfc, 0x73, 0xfd, 0x74, 0xfa, 0x75, 0xfb, 0x76, 0xf8, 0x77, 0xf9, 0x78, 0xf6, 0x79, 0xf7, 0x7a, 0xf4, 0x7b, 0xf5, 0x7c, 0xf2, 0x7d, 0xf3, 0x7e, 0xf0, 0x7f, 0xf1},
+ {0x0, 0x8f, 0x3, 0x8c, 0x6, 0x89, 0x5, 0x8a, 0xc, 0x83, 0xf, 0x80, 0xa, 0x85, 0x9, 0x86, 0x18, 0x97, 0x1b, 0x94, 0x1e, 0x91, 0x1d, 0x92, 0x14, 0x9b, 0x17, 0x98, 0x12, 0x9d, 0x11, 0x9e, 0x30, 0xbf, 0x33, 0xbc, 0x36, 0xb9, 0x35, 0xba, 0x3c, 0xb3, 0x3f, 0xb0, 0x3a, 0xb5, 0x39, 0xb6, 0x28, 0xa7, 0x2b, 0xa4, 0x2e, 0xa1, 0x2d, 0xa2, 0x24, 0xab, 0x27, 0xa8, 0x22, 0xad, 0x21, 0xae, 0x60, 0xef, 0x63, 0xec, 0x66, 0xe9, 0x65, 0xea, 0x6c, 0xe3, 0x6f, 0xe0, 0x6a, 0xe5, 0x69, 0xe6, 0x78, 0xf7, 0x7b, 0xf4, 0x7e, 0xf1, 0x7d, 0xf2, 0x74, 0xfb, 0x77, 0xf8, 0x72, 0xfd, 0x71, 0xfe, 0x50, 0xdf, 0x53, 0xdc, 0x56, 0xd9, 0x55, 0xda, 0x5c, 0xd3, 0x5f, 0xd0, 0x5a, 0xd5, 0x59, 0xd6, 0x48, 0xc7, 0x4b, 0xc4, 0x4e, 0xc1, 0x4d, 0xc2, 0x44, 0xcb, 0x47, 0xc8, 0x42, 0xcd, 0x41, 0xce, 0xc0, 0x4f, 0xc3, 0x4c, 0xc6, 0x49, 0xc5, 0x4a, 0xcc, 0x43, 0xcf, 0x40, 0xca, 0x45, 0xc9, 0x46, 0xd8, 0x57, 0xdb, 0x54, 0xde, 0x51, 0xdd, 0x52, 0xd4, 0x5b, 0xd7, 0x58, 0xd2, 0x5d, 0xd1, 0x5e, 0xf0, 0x7f, 0xf3, 0x7c, 0xf6, 0x79, 0xf5, 0x7a, 0xfc, 0x73, 0xff, 0x70, 0xfa, 0x75, 0xf9, 0x76, 0xe8, 0x67, 0xeb, 0x64, 0xee, 0x61, 0xed, 0x62, 0xe4, 0x6b, 0xe7, 0x68, 0xe2, 0x6d, 0xe1, 0x6e, 0xa0, 0x2f, 0xa3, 0x2c, 0xa6, 0x29, 0xa5, 0x2a, 0xac, 0x23, 0xaf, 0x20, 0xaa, 0x25, 0xa9, 0x26, 0xb8, 0x37, 0xbb, 0x34, 0xbe, 0x31, 0xbd, 0x32, 0xb4, 0x3b, 0xb7, 0x38, 0xb2, 0x3d, 0xb1, 0x3e, 0x90, 0x1f, 0x93, 0x1c, 0x96, 0x19, 0x95, 0x1a, 0x9c, 0x13, 0x9f, 0x10, 0x9a, 0x15, 0x99, 0x16, 0x88, 0x7, 0x8b, 0x4, 0x8e, 0x1, 0x8d, 0x2, 0x84, 0xb, 0x87, 0x8, 0x82, 0xd, 0x81, 0xe},
+ {0x0, 0x90, 0x3d, 0xad, 0x7a, 0xea, 0x47, 0xd7, 0xf4, 0x64, 0xc9, 0x59, 0x8e, 0x1e, 0xb3, 0x23, 0xf5, 0x65, 0xc8, 0x58, 0x8f, 0x1f, 0xb2, 0x22, 0x1, 0x91, 0x3c, 0xac, 0x7b, 0xeb, 0x46, 0xd6, 0xf7, 0x67, 0xca, 0x5a, 0x8d, 0x1d, 0xb0, 0x20, 0x3, 0x93, 0x3e, 0xae, 0x79, 0xe9, 0x44, 0xd4, 0x2, 0x92, 0x3f, 0xaf, 0x78, 0xe8, 0x45, 0xd5, 0xf6, 0x66, 0xcb, 0x5b, 0x8c, 0x1c, 0xb1, 0x21, 0xf3, 0x63, 0xce, 0x5e, 0x89, 0x19, 0xb4, 0x24, 0x7, 0x97, 0x3a, 0xaa, 0x7d, 0xed, 0x40, 0xd0, 0x6, 0x96, 0x3b, 0xab, 0x7c, 0xec, 0x41, 0xd1, 0xf2, 0x62, 0xcf, 0x5f, 0x88, 0x18, 0xb5, 0x25, 0x4, 0x94, 0x39, 0xa9, 0x7e, 0xee, 0x43, 0xd3, 0xf0, 0x60, 0xcd, 0x5d, 0x8a, 0x1a, 0xb7, 0x27, 0xf1, 0x61, 0xcc, 0x5c, 0x8b, 0x1b, 0xb6, 0x26, 0x5, 0x95, 0x38, 0xa8, 0x7f, 0xef, 0x42, 0xd2, 0xfb, 0x6b, 0xc6, 0x56, 0x81, 0x11, 0xbc, 0x2c, 0xf, 0x9f, 0x32, 0xa2, 0x75, 0xe5, 0x48, 0xd8, 0xe, 0x9e, 0x33, 0xa3, 0x74, 0xe4, 0x49, 0xd9, 0xfa, 0x6a, 0xc7, 0x57, 0x80, 0x10, 0xbd, 0x2d, 0xc, 0x9c, 0x31, 0xa1, 0x76, 0xe6, 0x4b, 0xdb, 0xf8, 0x68, 0xc5, 0x55, 0x82, 0x12, 0xbf, 0x2f, 0xf9, 0x69, 0xc4, 0x54, 0x83, 0x13, 0xbe, 0x2e, 0xd, 0x9d, 0x30, 0xa0, 0x77, 0xe7, 0x4a, 0xda, 0x8, 0x98, 0x35, 0xa5, 0x72, 0xe2, 0x4f, 0xdf, 0xfc, 0x6c, 0xc1, 0x51, 0x86, 0x16, 0xbb, 0x2b, 0xfd, 0x6d, 0xc0, 0x50, 0x87, 0x17, 0xba, 0x2a, 0x9, 0x99, 0x34, 0xa4, 0x73, 0xe3, 0x4e, 0xde, 0xff, 0x6f, 0xc2, 0x52, 0x85, 0x15, 0xb8, 0x28, 0xb, 0x9b, 0x36, 0xa6, 0x71, 0xe1, 0x4c, 0xdc, 0xa, 0x9a, 0x37, 0xa7, 0x70, 0xe0, 0x4d, 0xdd, 0xfe, 0x6e, 0xc3, 0x53, 0x84, 0x14, 0xb9, 0x29},
+ {0x0, 0x91, 0x3f, 0xae, 0x7e, 0xef, 0x41, 0xd0, 0xfc, 0x6d, 0xc3, 0x52, 0x82, 0x13, 0xbd, 0x2c, 0xe5, 0x74, 0xda, 0x4b, 0x9b, 0xa, 0xa4, 0x35, 0x19, 0x88, 0x26, 0xb7, 0x67, 0xf6, 0x58, 0xc9, 0xd7, 0x46, 0xe8, 0x79, 0xa9, 0x38, 0x96, 0x7, 0x2b, 0xba, 0x14, 0x85, 0x55, 0xc4, 0x6a, 0xfb, 0x32, 0xa3, 0xd, 0x9c, 0x4c, 0xdd, 0x73, 0xe2, 0xce, 0x5f, 0xf1, 0x60, 0xb0, 0x21, 0x8f, 0x1e, 0xb3, 0x22, 0x8c, 0x1d, 0xcd, 0x5c, 0xf2, 0x63, 0x4f, 0xde, 0x70, 0xe1, 0x31, 0xa0, 0xe, 0x9f, 0x56, 0xc7, 0x69, 0xf8, 0x28, 0xb9, 0x17, 0x86, 0xaa, 0x3b, 0x95, 0x4, 0xd4, 0x45, 0xeb, 0x7a, 0x64, 0xf5, 0x5b, 0xca, 0x1a, 0x8b, 0x25, 0xb4, 0x98, 0x9, 0xa7, 0x36, 0xe6, 0x77, 0xd9, 0x48, 0x81, 0x10, 0xbe, 0x2f, 0xff, 0x6e, 0xc0, 0x51, 0x7d, 0xec, 0x42, 0xd3, 0x3, 0x92, 0x3c, 0xad, 0x7b, 0xea, 0x44, 0xd5, 0x5, 0x94, 0x3a, 0xab, 0x87, 0x16, 0xb8, 0x29, 0xf9, 0x68, 0xc6, 0x57, 0x9e, 0xf, 0xa1, 0x30, 0xe0, 0x71, 0xdf, 0x4e, 0x62, 0xf3, 0x5d, 0xcc, 0x1c, 0x8d, 0x23, 0xb2, 0xac, 0x3d, 0x93, 0x2, 0xd2, 0x43, 0xed, 0x7c, 0x50, 0xc1, 0x6f, 0xfe, 0x2e, 0xbf, 0x11, 0x80, 0x49, 0xd8, 0x76, 0xe7, 0x37, 0xa6, 0x8, 0x99, 0xb5, 0x24, 0x8a, 0x1b, 0xcb, 0x5a, 0xf4, 0x65, 0xc8, 0x59, 0xf7, 0x66, 0xb6, 0x27, 0x89, 0x18, 0x34, 0xa5, 0xb, 0x9a, 0x4a, 0xdb, 0x75, 0xe4, 0x2d, 0xbc, 0x12, 0x83, 0x53, 0xc2, 0x6c, 0xfd, 0xd1, 0x40, 0xee, 0x7f, 0xaf, 0x3e, 0x90, 0x1, 0x1f, 0x8e, 0x20, 0xb1, 0x61, 0xf0, 0x5e, 0xcf, 0xe3, 0x72, 0xdc, 0x4d, 0x9d, 0xc, 0xa2, 0x33, 0xfa, 0x6b, 0xc5, 0x54, 0x84, 0x15, 0xbb, 0x2a, 0x6, 0x97, 0x39, 0xa8, 0x78, 0xe9, 0x47, 0xd6},
+ {0x0, 0x92, 0x39, 0xab, 0x72, 0xe0, 0x4b, 0xd9, 0xe4, 0x76, 0xdd, 0x4f, 0x96, 0x4, 0xaf, 0x3d, 0xd5, 0x47, 0xec, 0x7e, 0xa7, 0x35, 0x9e, 0xc, 0x31, 0xa3, 0x8, 0x9a, 0x43, 0xd1, 0x7a, 0xe8, 0xb7, 0x25, 0x8e, 0x1c, 0xc5, 0x57, 0xfc, 0x6e, 0x53, 0xc1, 0x6a, 0xf8, 0x21, 0xb3, 0x18, 0x8a, 0x62, 0xf0, 0x5b, 0xc9, 0x10, 0x82, 0x29, 0xbb, 0x86, 0x14, 0xbf, 0x2d, 0xf4, 0x66, 0xcd, 0x5f, 0x73, 0xe1, 0x4a, 0xd8, 0x1, 0x93, 0x38, 0xaa, 0x97, 0x5, 0xae, 0x3c, 0xe5, 0x77, 0xdc, 0x4e, 0xa6, 0x34, 0x9f, 0xd, 0xd4, 0x46, 0xed, 0x7f, 0x42, 0xd0, 0x7b, 0xe9, 0x30, 0xa2, 0x9, 0x9b, 0xc4, 0x56, 0xfd, 0x6f, 0xb6, 0x24, 0x8f, 0x1d, 0x20, 0xb2, 0x19, 0x8b, 0x52, 0xc0, 0x6b, 0xf9, 0x11, 0x83, 0x28, 0xba, 0x63, 0xf1, 0x5a, 0xc8, 0xf5, 0x67, 0xcc, 0x5e, 0x87, 0x15, 0xbe, 0x2c, 0xe6, 0x74, 0xdf, 0x4d, 0x94, 0x6, 0xad, 0x3f, 0x2, 0x90, 0x3b, 0xa9, 0x70, 0xe2, 0x49, 0xdb, 0x33, 0xa1, 0xa, 0x98, 0x41, 0xd3, 0x78, 0xea, 0xd7, 0x45, 0xee, 0x7c, 0xa5, 0x37, 0x9c, 0xe, 0x51, 0xc3, 0x68, 0xfa, 0x23, 0xb1, 0x1a, 0x88, 0xb5, 0x27, 0x8c, 0x1e, 0xc7, 0x55, 0xfe, 0x6c, 0x84, 0x16, 0xbd, 0x2f, 0xf6, 0x64, 0xcf, 0x5d, 0x60, 0xf2, 0x59, 0xcb, 0x12, 0x80, 0x2b, 0xb9, 0x95, 0x7, 0xac, 0x3e, 0xe7, 0x75, 0xde, 0x4c, 0x71, 0xe3, 0x48, 0xda, 0x3, 0x91, 0x3a, 0xa8, 0x40, 0xd2, 0x79, 0xeb, 0x32, 0xa0, 0xb, 0x99, 0xa4, 0x36, 0x9d, 0xf, 0xd6, 0x44, 0xef, 0x7d, 0x22, 0xb0, 0x1b, 0x89, 0x50, 0xc2, 0x69, 0xfb, 0xc6, 0x54, 0xff, 0x6d, 0xb4, 0x26, 0x8d, 0x1f, 0xf7, 0x65, 0xce, 0x5c, 0x85, 0x17, 0xbc, 0x2e, 0x13, 0x81, 0x2a, 0xb8, 0x61, 0xf3, 0x58, 0xca},
+ {0x0, 0x93, 0x3b, 0xa8, 0x76, 0xe5, 0x4d, 0xde, 0xec, 0x7f, 0xd7, 0x44, 0x9a, 0x9, 0xa1, 0x32, 0xc5, 0x56, 0xfe, 0x6d, 0xb3, 0x20, 0x88, 0x1b, 0x29, 0xba, 0x12, 0x81, 0x5f, 0xcc, 0x64, 0xf7, 0x97, 0x4, 0xac, 0x3f, 0xe1, 0x72, 0xda, 0x49, 0x7b, 0xe8, 0x40, 0xd3, 0xd, 0x9e, 0x36, 0xa5, 0x52, 0xc1, 0x69, 0xfa, 0x24, 0xb7, 0x1f, 0x8c, 0xbe, 0x2d, 0x85, 0x16, 0xc8, 0x5b, 0xf3, 0x60, 0x33, 0xa0, 0x8, 0x9b, 0x45, 0xd6, 0x7e, 0xed, 0xdf, 0x4c, 0xe4, 0x77, 0xa9, 0x3a, 0x92, 0x1, 0xf6, 0x65, 0xcd, 0x5e, 0x80, 0x13, 0xbb, 0x28, 0x1a, 0x89, 0x21, 0xb2, 0x6c, 0xff, 0x57, 0xc4, 0xa4, 0x37, 0x9f, 0xc, 0xd2, 0x41, 0xe9, 0x7a, 0x48, 0xdb, 0x73, 0xe0, 0x3e, 0xad, 0x5, 0x96, 0x61, 0xf2, 0x5a, 0xc9, 0x17, 0x84, 0x2c, 0xbf, 0x8d, 0x1e, 0xb6, 0x25, 0xfb, 0x68, 0xc0, 0x53, 0x66, 0xf5, 0x5d, 0xce, 0x10, 0x83, 0x2b, 0xb8, 0x8a, 0x19, 0xb1, 0x22, 0xfc, 0x6f, 0xc7, 0x54, 0xa3, 0x30, 0x98, 0xb, 0xd5, 0x46, 0xee, 0x7d, 0x4f, 0xdc, 0x74, 0xe7, 0x39, 0xaa, 0x2, 0x91, 0xf1, 0x62, 0xca, 0x59, 0x87, 0x14, 0xbc, 0x2f, 0x1d, 0x8e, 0x26, 0xb5, 0x6b, 0xf8, 0x50, 0xc3, 0x34, 0xa7, 0xf, 0x9c, 0x42, 0xd1, 0x79, 0xea, 0xd8, 0x4b, 0xe3, 0x70, 0xae, 0x3d, 0x95, 0x6, 0x55, 0xc6, 0x6e, 0xfd, 0x23, 0xb0, 0x18, 0x8b, 0xb9, 0x2a, 0x82, 0x11, 0xcf, 0x5c, 0xf4, 0x67, 0x90, 0x3, 0xab, 0x38, 0xe6, 0x75, 0xdd, 0x4e, 0x7c, 0xef, 0x47, 0xd4, 0xa, 0x99, 0x31, 0xa2, 0xc2, 0x51, 0xf9, 0x6a, 0xb4, 0x27, 0x8f, 0x1c, 0x2e, 0xbd, 0x15, 0x86, 0x58, 0xcb, 0x63, 0xf0, 0x7, 0x94, 0x3c, 0xaf, 0x71, 0xe2, 0x4a, 0xd9, 0xeb, 0x78, 0xd0, 0x43, 0x9d, 0xe, 0xa6, 0x35},
+ {0x0, 0x94, 0x35, 0xa1, 0x6a, 0xfe, 0x5f, 0xcb, 0xd4, 0x40, 0xe1, 0x75, 0xbe, 0x2a, 0x8b, 0x1f, 0xb5, 0x21, 0x80, 0x14, 0xdf, 0x4b, 0xea, 0x7e, 0x61, 0xf5, 0x54, 0xc0, 0xb, 0x9f, 0x3e, 0xaa, 0x77, 0xe3, 0x42, 0xd6, 0x1d, 0x89, 0x28, 0xbc, 0xa3, 0x37, 0x96, 0x2, 0xc9, 0x5d, 0xfc, 0x68, 0xc2, 0x56, 0xf7, 0x63, 0xa8, 0x3c, 0x9d, 0x9, 0x16, 0x82, 0x23, 0xb7, 0x7c, 0xe8, 0x49, 0xdd, 0xee, 0x7a, 0xdb, 0x4f, 0x84, 0x10, 0xb1, 0x25, 0x3a, 0xae, 0xf, 0x9b, 0x50, 0xc4, 0x65, 0xf1, 0x5b, 0xcf, 0x6e, 0xfa, 0x31, 0xa5, 0x4, 0x90, 0x8f, 0x1b, 0xba, 0x2e, 0xe5, 0x71, 0xd0, 0x44, 0x99, 0xd, 0xac, 0x38, 0xf3, 0x67, 0xc6, 0x52, 0x4d, 0xd9, 0x78, 0xec, 0x27, 0xb3, 0x12, 0x86, 0x2c, 0xb8, 0x19, 0x8d, 0x46, 0xd2, 0x73, 0xe7, 0xf8, 0x6c, 0xcd, 0x59, 0x92, 0x6, 0xa7, 0x33, 0xc1, 0x55, 0xf4, 0x60, 0xab, 0x3f, 0x9e, 0xa, 0x15, 0x81, 0x20, 0xb4, 0x7f, 0xeb, 0x4a, 0xde, 0x74, 0xe0, 0x41, 0xd5, 0x1e, 0x8a, 0x2b, 0xbf, 0xa0, 0x34, 0x95, 0x1, 0xca, 0x5e, 0xff, 0x6b, 0xb6, 0x22, 0x83, 0x17, 0xdc, 0x48, 0xe9, 0x7d, 0x62, 0xf6, 0x57, 0xc3, 0x8, 0x9c, 0x3d, 0xa9, 0x3, 0x97, 0x36, 0xa2, 0x69, 0xfd, 0x5c, 0xc8, 0xd7, 0x43, 0xe2, 0x76, 0xbd, 0x29, 0x88, 0x1c, 0x2f, 0xbb, 0x1a, 0x8e, 0x45, 0xd1, 0x70, 0xe4, 0xfb, 0x6f, 0xce, 0x5a, 0x91, 0x5, 0xa4, 0x30, 0x9a, 0xe, 0xaf, 0x3b, 0xf0, 0x64, 0xc5, 0x51, 0x4e, 0xda, 0x7b, 0xef, 0x24, 0xb0, 0x11, 0x85, 0x58, 0xcc, 0x6d, 0xf9, 0x32, 0xa6, 0x7, 0x93, 0x8c, 0x18, 0xb9, 0x2d, 0xe6, 0x72, 0xd3, 0x47, 0xed, 0x79, 0xd8, 0x4c, 0x87, 0x13, 0xb2, 0x26, 0x39, 0xad, 0xc, 0x98, 0x53, 0xc7, 0x66, 0xf2},
+ {0x0, 0x95, 0x37, 0xa2, 0x6e, 0xfb, 0x59, 0xcc, 0xdc, 0x49, 0xeb, 0x7e, 0xb2, 0x27, 0x85, 0x10, 0xa5, 0x30, 0x92, 0x7, 0xcb, 0x5e, 0xfc, 0x69, 0x79, 0xec, 0x4e, 0xdb, 0x17, 0x82, 0x20, 0xb5, 0x57, 0xc2, 0x60, 0xf5, 0x39, 0xac, 0xe, 0x9b, 0x8b, 0x1e, 0xbc, 0x29, 0xe5, 0x70, 0xd2, 0x47, 0xf2, 0x67, 0xc5, 0x50, 0x9c, 0x9, 0xab, 0x3e, 0x2e, 0xbb, 0x19, 0x8c, 0x40, 0xd5, 0x77, 0xe2, 0xae, 0x3b, 0x99, 0xc, 0xc0, 0x55, 0xf7, 0x62, 0x72, 0xe7, 0x45, 0xd0, 0x1c, 0x89, 0x2b, 0xbe, 0xb, 0x9e, 0x3c, 0xa9, 0x65, 0xf0, 0x52, 0xc7, 0xd7, 0x42, 0xe0, 0x75, 0xb9, 0x2c, 0x8e, 0x1b, 0xf9, 0x6c, 0xce, 0x5b, 0x97, 0x2, 0xa0, 0x35, 0x25, 0xb0, 0x12, 0x87, 0x4b, 0xde, 0x7c, 0xe9, 0x5c, 0xc9, 0x6b, 0xfe, 0x32, 0xa7, 0x5, 0x90, 0x80, 0x15, 0xb7, 0x22, 0xee, 0x7b, 0xd9, 0x4c, 0x41, 0xd4, 0x76, 0xe3, 0x2f, 0xba, 0x18, 0x8d, 0x9d, 0x8, 0xaa, 0x3f, 0xf3, 0x66, 0xc4, 0x51, 0xe4, 0x71, 0xd3, 0x46, 0x8a, 0x1f, 0xbd, 0x28, 0x38, 0xad, 0xf, 0x9a, 0x56, 0xc3, 0x61, 0xf4, 0x16, 0x83, 0x21, 0xb4, 0x78, 0xed, 0x4f, 0xda, 0xca, 0x5f, 0xfd, 0x68, 0xa4, 0x31, 0x93, 0x6, 0xb3, 0x26, 0x84, 0x11, 0xdd, 0x48, 0xea, 0x7f, 0x6f, 0xfa, 0x58, 0xcd, 0x1, 0x94, 0x36, 0xa3, 0xef, 0x7a, 0xd8, 0x4d, 0x81, 0x14, 0xb6, 0x23, 0x33, 0xa6, 0x4, 0x91, 0x5d, 0xc8, 0x6a, 0xff, 0x4a, 0xdf, 0x7d, 0xe8, 0x24, 0xb1, 0x13, 0x86, 0x96, 0x3, 0xa1, 0x34, 0xf8, 0x6d, 0xcf, 0x5a, 0xb8, 0x2d, 0x8f, 0x1a, 0xd6, 0x43, 0xe1, 0x74, 0x64, 0xf1, 0x53, 0xc6, 0xa, 0x9f, 0x3d, 0xa8, 0x1d, 0x88, 0x2a, 0xbf, 0x73, 0xe6, 0x44, 0xd1, 0xc1, 0x54, 0xf6, 0x63, 0xaf, 0x3a, 0x98, 0xd},
+ {0x0, 0x96, 0x31, 0xa7, 0x62, 0xf4, 0x53, 0xc5, 0xc4, 0x52, 0xf5, 0x63, 0xa6, 0x30, 0x97, 0x1, 0x95, 0x3, 0xa4, 0x32, 0xf7, 0x61, 0xc6, 0x50, 0x51, 0xc7, 0x60, 0xf6, 0x33, 0xa5, 0x2, 0x94, 0x37, 0xa1, 0x6, 0x90, 0x55, 0xc3, 0x64, 0xf2, 0xf3, 0x65, 0xc2, 0x54, 0x91, 0x7, 0xa0, 0x36, 0xa2, 0x34, 0x93, 0x5, 0xc0, 0x56, 0xf1, 0x67, 0x66, 0xf0, 0x57, 0xc1, 0x4, 0x92, 0x35, 0xa3, 0x6e, 0xf8, 0x5f, 0xc9, 0xc, 0x9a, 0x3d, 0xab, 0xaa, 0x3c, 0x9b, 0xd, 0xc8, 0x5e, 0xf9, 0x6f, 0xfb, 0x6d, 0xca, 0x5c, 0x99, 0xf, 0xa8, 0x3e, 0x3f, 0xa9, 0xe, 0x98, 0x5d, 0xcb, 0x6c, 0xfa, 0x59, 0xcf, 0x68, 0xfe, 0x3b, 0xad, 0xa, 0x9c, 0x9d, 0xb, 0xac, 0x3a, 0xff, 0x69, 0xce, 0x58, 0xcc, 0x5a, 0xfd, 0x6b, 0xae, 0x38, 0x9f, 0x9, 0x8, 0x9e, 0x39, 0xaf, 0x6a, 0xfc, 0x5b, 0xcd, 0xdc, 0x4a, 0xed, 0x7b, 0xbe, 0x28, 0x8f, 0x19, 0x18, 0x8e, 0x29, 0xbf, 0x7a, 0xec, 0x4b, 0xdd, 0x49, 0xdf, 0x78, 0xee, 0x2b, 0xbd, 0x1a, 0x8c, 0x8d, 0x1b, 0xbc, 0x2a, 0xef, 0x79, 0xde, 0x48, 0xeb, 0x7d, 0xda, 0x4c, 0x89, 0x1f, 0xb8, 0x2e, 0x2f, 0xb9, 0x1e, 0x88, 0x4d, 0xdb, 0x7c, 0xea, 0x7e, 0xe8, 0x4f, 0xd9, 0x1c, 0x8a, 0x2d, 0xbb, 0xba, 0x2c, 0x8b, 0x1d, 0xd8, 0x4e, 0xe9, 0x7f, 0xb2, 0x24, 0x83, 0x15, 0xd0, 0x46, 0xe1, 0x77, 0x76, 0xe0, 0x47, 0xd1, 0x14, 0x82, 0x25, 0xb3, 0x27, 0xb1, 0x16, 0x80, 0x45, 0xd3, 0x74, 0xe2, 0xe3, 0x75, 0xd2, 0x44, 0x81, 0x17, 0xb0, 0x26, 0x85, 0x13, 0xb4, 0x22, 0xe7, 0x71, 0xd6, 0x40, 0x41, 0xd7, 0x70, 0xe6, 0x23, 0xb5, 0x12, 0x84, 0x10, 0x86, 0x21, 0xb7, 0x72, 0xe4, 0x43, 0xd5, 0xd4, 0x42, 0xe5, 0x73, 0xb6, 0x20, 0x87, 0x11},
+ {0x0, 0x97, 0x33, 0xa4, 0x66, 0xf1, 0x55, 0xc2, 0xcc, 0x5b, 0xff, 0x68, 0xaa, 0x3d, 0x99, 0xe, 0x85, 0x12, 0xb6, 0x21, 0xe3, 0x74, 0xd0, 0x47, 0x49, 0xde, 0x7a, 0xed, 0x2f, 0xb8, 0x1c, 0x8b, 0x17, 0x80, 0x24, 0xb3, 0x71, 0xe6, 0x42, 0xd5, 0xdb, 0x4c, 0xe8, 0x7f, 0xbd, 0x2a, 0x8e, 0x19, 0x92, 0x5, 0xa1, 0x36, 0xf4, 0x63, 0xc7, 0x50, 0x5e, 0xc9, 0x6d, 0xfa, 0x38, 0xaf, 0xb, 0x9c, 0x2e, 0xb9, 0x1d, 0x8a, 0x48, 0xdf, 0x7b, 0xec, 0xe2, 0x75, 0xd1, 0x46, 0x84, 0x13, 0xb7, 0x20, 0xab, 0x3c, 0x98, 0xf, 0xcd, 0x5a, 0xfe, 0x69, 0x67, 0xf0, 0x54, 0xc3, 0x1, 0x96, 0x32, 0xa5, 0x39, 0xae, 0xa, 0x9d, 0x5f, 0xc8, 0x6c, 0xfb, 0xf5, 0x62, 0xc6, 0x51, 0x93, 0x4, 0xa0, 0x37, 0xbc, 0x2b, 0x8f, 0x18, 0xda, 0x4d, 0xe9, 0x7e, 0x70, 0xe7, 0x43, 0xd4, 0x16, 0x81, 0x25, 0xb2, 0x5c, 0xcb, 0x6f, 0xf8, 0x3a, 0xad, 0x9, 0x9e, 0x90, 0x7, 0xa3, 0x34, 0xf6, 0x61, 0xc5, 0x52, 0xd9, 0x4e, 0xea, 0x7d, 0xbf, 0x28, 0x8c, 0x1b, 0x15, 0x82, 0x26, 0xb1, 0x73, 0xe4, 0x40, 0xd7, 0x4b, 0xdc, 0x78, 0xef, 0x2d, 0xba, 0x1e, 0x89, 0x87, 0x10, 0xb4, 0x23, 0xe1, 0x76, 0xd2, 0x45, 0xce, 0x59, 0xfd, 0x6a, 0xa8, 0x3f, 0x9b, 0xc, 0x2, 0x95, 0x31, 0xa6, 0x64, 0xf3, 0x57, 0xc0, 0x72, 0xe5, 0x41, 0xd6, 0x14, 0x83, 0x27, 0xb0, 0xbe, 0x29, 0x8d, 0x1a, 0xd8, 0x4f, 0xeb, 0x7c, 0xf7, 0x60, 0xc4, 0x53, 0x91, 0x6, 0xa2, 0x35, 0x3b, 0xac, 0x8, 0x9f, 0x5d, 0xca, 0x6e, 0xf9, 0x65, 0xf2, 0x56, 0xc1, 0x3, 0x94, 0x30, 0xa7, 0xa9, 0x3e, 0x9a, 0xd, 0xcf, 0x58, 0xfc, 0x6b, 0xe0, 0x77, 0xd3, 0x44, 0x86, 0x11, 0xb5, 0x22, 0x2c, 0xbb, 0x1f, 0x88, 0x4a, 0xdd, 0x79, 0xee},
+ {0x0, 0x98, 0x2d, 0xb5, 0x5a, 0xc2, 0x77, 0xef, 0xb4, 0x2c, 0x99, 0x1, 0xee, 0x76, 0xc3, 0x5b, 0x75, 0xed, 0x58, 0xc0, 0x2f, 0xb7, 0x2, 0x9a, 0xc1, 0x59, 0xec, 0x74, 0x9b, 0x3, 0xb6, 0x2e, 0xea, 0x72, 0xc7, 0x5f, 0xb0, 0x28, 0x9d, 0x5, 0x5e, 0xc6, 0x73, 0xeb, 0x4, 0x9c, 0x29, 0xb1, 0x9f, 0x7, 0xb2, 0x2a, 0xc5, 0x5d, 0xe8, 0x70, 0x2b, 0xb3, 0x6, 0x9e, 0x71, 0xe9, 0x5c, 0xc4, 0xc9, 0x51, 0xe4, 0x7c, 0x93, 0xb, 0xbe, 0x26, 0x7d, 0xe5, 0x50, 0xc8, 0x27, 0xbf, 0xa, 0x92, 0xbc, 0x24, 0x91, 0x9, 0xe6, 0x7e, 0xcb, 0x53, 0x8, 0x90, 0x25, 0xbd, 0x52, 0xca, 0x7f, 0xe7, 0x23, 0xbb, 0xe, 0x96, 0x79, 0xe1, 0x54, 0xcc, 0x97, 0xf, 0xba, 0x22, 0xcd, 0x55, 0xe0, 0x78, 0x56, 0xce, 0x7b, 0xe3, 0xc, 0x94, 0x21, 0xb9, 0xe2, 0x7a, 0xcf, 0x57, 0xb8, 0x20, 0x95, 0xd, 0x8f, 0x17, 0xa2, 0x3a, 0xd5, 0x4d, 0xf8, 0x60, 0x3b, 0xa3, 0x16, 0x8e, 0x61, 0xf9, 0x4c, 0xd4, 0xfa, 0x62, 0xd7, 0x4f, 0xa0, 0x38, 0x8d, 0x15, 0x4e, 0xd6, 0x63, 0xfb, 0x14, 0x8c, 0x39, 0xa1, 0x65, 0xfd, 0x48, 0xd0, 0x3f, 0xa7, 0x12, 0x8a, 0xd1, 0x49, 0xfc, 0x64, 0x8b, 0x13, 0xa6, 0x3e, 0x10, 0x88, 0x3d, 0xa5, 0x4a, 0xd2, 0x67, 0xff, 0xa4, 0x3c, 0x89, 0x11, 0xfe, 0x66, 0xd3, 0x4b, 0x46, 0xde, 0x6b, 0xf3, 0x1c, 0x84, 0x31, 0xa9, 0xf2, 0x6a, 0xdf, 0x47, 0xa8, 0x30, 0x85, 0x1d, 0x33, 0xab, 0x1e, 0x86, 0x69, 0xf1, 0x44, 0xdc, 0x87, 0x1f, 0xaa, 0x32, 0xdd, 0x45, 0xf0, 0x68, 0xac, 0x34, 0x81, 0x19, 0xf6, 0x6e, 0xdb, 0x43, 0x18, 0x80, 0x35, 0xad, 0x42, 0xda, 0x6f, 0xf7, 0xd9, 0x41, 0xf4, 0x6c, 0x83, 0x1b, 0xae, 0x36, 0x6d, 0xf5, 0x40, 0xd8, 0x37, 0xaf, 0x1a, 0x82},
+ {0x0, 0x99, 0x2f, 0xb6, 0x5e, 0xc7, 0x71, 0xe8, 0xbc, 0x25, 0x93, 0xa, 0xe2, 0x7b, 0xcd, 0x54, 0x65, 0xfc, 0x4a, 0xd3, 0x3b, 0xa2, 0x14, 0x8d, 0xd9, 0x40, 0xf6, 0x6f, 0x87, 0x1e, 0xa8, 0x31, 0xca, 0x53, 0xe5, 0x7c, 0x94, 0xd, 0xbb, 0x22, 0x76, 0xef, 0x59, 0xc0, 0x28, 0xb1, 0x7, 0x9e, 0xaf, 0x36, 0x80, 0x19, 0xf1, 0x68, 0xde, 0x47, 0x13, 0x8a, 0x3c, 0xa5, 0x4d, 0xd4, 0x62, 0xfb, 0x89, 0x10, 0xa6, 0x3f, 0xd7, 0x4e, 0xf8, 0x61, 0x35, 0xac, 0x1a, 0x83, 0x6b, 0xf2, 0x44, 0xdd, 0xec, 0x75, 0xc3, 0x5a, 0xb2, 0x2b, 0x9d, 0x4, 0x50, 0xc9, 0x7f, 0xe6, 0xe, 0x97, 0x21, 0xb8, 0x43, 0xda, 0x6c, 0xf5, 0x1d, 0x84, 0x32, 0xab, 0xff, 0x66, 0xd0, 0x49, 0xa1, 0x38, 0x8e, 0x17, 0x26, 0xbf, 0x9, 0x90, 0x78, 0xe1, 0x57, 0xce, 0x9a, 0x3, 0xb5, 0x2c, 0xc4, 0x5d, 0xeb, 0x72, 0xf, 0x96, 0x20, 0xb9, 0x51, 0xc8, 0x7e, 0xe7, 0xb3, 0x2a, 0x9c, 0x5, 0xed, 0x74, 0xc2, 0x5b, 0x6a, 0xf3, 0x45, 0xdc, 0x34, 0xad, 0x1b, 0x82, 0xd6, 0x4f, 0xf9, 0x60, 0x88, 0x11, 0xa7, 0x3e, 0xc5, 0x5c, 0xea, 0x73, 0x9b, 0x2, 0xb4, 0x2d, 0x79, 0xe0, 0x56, 0xcf, 0x27, 0xbe, 0x8, 0x91, 0xa0, 0x39, 0x8f, 0x16, 0xfe, 0x67, 0xd1, 0x48, 0x1c, 0x85, 0x33, 0xaa, 0x42, 0xdb, 0x6d, 0xf4, 0x86, 0x1f, 0xa9, 0x30, 0xd8, 0x41, 0xf7, 0x6e, 0x3a, 0xa3, 0x15, 0x8c, 0x64, 0xfd, 0x4b, 0xd2, 0xe3, 0x7a, 0xcc, 0x55, 0xbd, 0x24, 0x92, 0xb, 0x5f, 0xc6, 0x70, 0xe9, 0x1, 0x98, 0x2e, 0xb7, 0x4c, 0xd5, 0x63, 0xfa, 0x12, 0x8b, 0x3d, 0xa4, 0xf0, 0x69, 0xdf, 0x46, 0xae, 0x37, 0x81, 0x18, 0x29, 0xb0, 0x6, 0x9f, 0x77, 0xee, 0x58, 0xc1, 0x95, 0xc, 0xba, 0x23, 0xcb, 0x52, 0xe4, 0x7d},
+ {0x0, 0x9a, 0x29, 0xb3, 0x52, 0xc8, 0x7b, 0xe1, 0xa4, 0x3e, 0x8d, 0x17, 0xf6, 0x6c, 0xdf, 0x45, 0x55, 0xcf, 0x7c, 0xe6, 0x7, 0x9d, 0x2e, 0xb4, 0xf1, 0x6b, 0xd8, 0x42, 0xa3, 0x39, 0x8a, 0x10, 0xaa, 0x30, 0x83, 0x19, 0xf8, 0x62, 0xd1, 0x4b, 0xe, 0x94, 0x27, 0xbd, 0x5c, 0xc6, 0x75, 0xef, 0xff, 0x65, 0xd6, 0x4c, 0xad, 0x37, 0x84, 0x1e, 0x5b, 0xc1, 0x72, 0xe8, 0x9, 0x93, 0x20, 0xba, 0x49, 0xd3, 0x60, 0xfa, 0x1b, 0x81, 0x32, 0xa8, 0xed, 0x77, 0xc4, 0x5e, 0xbf, 0x25, 0x96, 0xc, 0x1c, 0x86, 0x35, 0xaf, 0x4e, 0xd4, 0x67, 0xfd, 0xb8, 0x22, 0x91, 0xb, 0xea, 0x70, 0xc3, 0x59, 0xe3, 0x79, 0xca, 0x50, 0xb1, 0x2b, 0x98, 0x2, 0x47, 0xdd, 0x6e, 0xf4, 0x15, 0x8f, 0x3c, 0xa6, 0xb6, 0x2c, 0x9f, 0x5, 0xe4, 0x7e, 0xcd, 0x57, 0x12, 0x88, 0x3b, 0xa1, 0x40, 0xda, 0x69, 0xf3, 0x92, 0x8, 0xbb, 0x21, 0xc0, 0x5a, 0xe9, 0x73, 0x36, 0xac, 0x1f, 0x85, 0x64, 0xfe, 0x4d, 0xd7, 0xc7, 0x5d, 0xee, 0x74, 0x95, 0xf, 0xbc, 0x26, 0x63, 0xf9, 0x4a, 0xd0, 0x31, 0xab, 0x18, 0x82, 0x38, 0xa2, 0x11, 0x8b, 0x6a, 0xf0, 0x43, 0xd9, 0x9c, 0x6, 0xb5, 0x2f, 0xce, 0x54, 0xe7, 0x7d, 0x6d, 0xf7, 0x44, 0xde, 0x3f, 0xa5, 0x16, 0x8c, 0xc9, 0x53, 0xe0, 0x7a, 0x9b, 0x1, 0xb2, 0x28, 0xdb, 0x41, 0xf2, 0x68, 0x89, 0x13, 0xa0, 0x3a, 0x7f, 0xe5, 0x56, 0xcc, 0x2d, 0xb7, 0x4, 0x9e, 0x8e, 0x14, 0xa7, 0x3d, 0xdc, 0x46, 0xf5, 0x6f, 0x2a, 0xb0, 0x3, 0x99, 0x78, 0xe2, 0x51, 0xcb, 0x71, 0xeb, 0x58, 0xc2, 0x23, 0xb9, 0xa, 0x90, 0xd5, 0x4f, 0xfc, 0x66, 0x87, 0x1d, 0xae, 0x34, 0x24, 0xbe, 0xd, 0x97, 0x76, 0xec, 0x5f, 0xc5, 0x80, 0x1a, 0xa9, 0x33, 0xd2, 0x48, 0xfb, 0x61},
+ {0x0, 0x9b, 0x2b, 0xb0, 0x56, 0xcd, 0x7d, 0xe6, 0xac, 0x37, 0x87, 0x1c, 0xfa, 0x61, 0xd1, 0x4a, 0x45, 0xde, 0x6e, 0xf5, 0x13, 0x88, 0x38, 0xa3, 0xe9, 0x72, 0xc2, 0x59, 0xbf, 0x24, 0x94, 0xf, 0x8a, 0x11, 0xa1, 0x3a, 0xdc, 0x47, 0xf7, 0x6c, 0x26, 0xbd, 0xd, 0x96, 0x70, 0xeb, 0x5b, 0xc0, 0xcf, 0x54, 0xe4, 0x7f, 0x99, 0x2, 0xb2, 0x29, 0x63, 0xf8, 0x48, 0xd3, 0x35, 0xae, 0x1e, 0x85, 0x9, 0x92, 0x22, 0xb9, 0x5f, 0xc4, 0x74, 0xef, 0xa5, 0x3e, 0x8e, 0x15, 0xf3, 0x68, 0xd8, 0x43, 0x4c, 0xd7, 0x67, 0xfc, 0x1a, 0x81, 0x31, 0xaa, 0xe0, 0x7b, 0xcb, 0x50, 0xb6, 0x2d, 0x9d, 0x6, 0x83, 0x18, 0xa8, 0x33, 0xd5, 0x4e, 0xfe, 0x65, 0x2f, 0xb4, 0x4, 0x9f, 0x79, 0xe2, 0x52, 0xc9, 0xc6, 0x5d, 0xed, 0x76, 0x90, 0xb, 0xbb, 0x20, 0x6a, 0xf1, 0x41, 0xda, 0x3c, 0xa7, 0x17, 0x8c, 0x12, 0x89, 0x39, 0xa2, 0x44, 0xdf, 0x6f, 0xf4, 0xbe, 0x25, 0x95, 0xe, 0xe8, 0x73, 0xc3, 0x58, 0x57, 0xcc, 0x7c, 0xe7, 0x1, 0x9a, 0x2a, 0xb1, 0xfb, 0x60, 0xd0, 0x4b, 0xad, 0x36, 0x86, 0x1d, 0x98, 0x3, 0xb3, 0x28, 0xce, 0x55, 0xe5, 0x7e, 0x34, 0xaf, 0x1f, 0x84, 0x62, 0xf9, 0x49, 0xd2, 0xdd, 0x46, 0xf6, 0x6d, 0x8b, 0x10, 0xa0, 0x3b, 0x71, 0xea, 0x5a, 0xc1, 0x27, 0xbc, 0xc, 0x97, 0x1b, 0x80, 0x30, 0xab, 0x4d, 0xd6, 0x66, 0xfd, 0xb7, 0x2c, 0x9c, 0x7, 0xe1, 0x7a, 0xca, 0x51, 0x5e, 0xc5, 0x75, 0xee, 0x8, 0x93, 0x23, 0xb8, 0xf2, 0x69, 0xd9, 0x42, 0xa4, 0x3f, 0x8f, 0x14, 0x91, 0xa, 0xba, 0x21, 0xc7, 0x5c, 0xec, 0x77, 0x3d, 0xa6, 0x16, 0x8d, 0x6b, 0xf0, 0x40, 0xdb, 0xd4, 0x4f, 0xff, 0x64, 0x82, 0x19, 0xa9, 0x32, 0x78, 0xe3, 0x53, 0xc8, 0x2e, 0xb5, 0x5, 0x9e},
+ {0x0, 0x9c, 0x25, 0xb9, 0x4a, 0xd6, 0x6f, 0xf3, 0x94, 0x8, 0xb1, 0x2d, 0xde, 0x42, 0xfb, 0x67, 0x35, 0xa9, 0x10, 0x8c, 0x7f, 0xe3, 0x5a, 0xc6, 0xa1, 0x3d, 0x84, 0x18, 0xeb, 0x77, 0xce, 0x52, 0x6a, 0xf6, 0x4f, 0xd3, 0x20, 0xbc, 0x5, 0x99, 0xfe, 0x62, 0xdb, 0x47, 0xb4, 0x28, 0x91, 0xd, 0x5f, 0xc3, 0x7a, 0xe6, 0x15, 0x89, 0x30, 0xac, 0xcb, 0x57, 0xee, 0x72, 0x81, 0x1d, 0xa4, 0x38, 0xd4, 0x48, 0xf1, 0x6d, 0x9e, 0x2, 0xbb, 0x27, 0x40, 0xdc, 0x65, 0xf9, 0xa, 0x96, 0x2f, 0xb3, 0xe1, 0x7d, 0xc4, 0x58, 0xab, 0x37, 0x8e, 0x12, 0x75, 0xe9, 0x50, 0xcc, 0x3f, 0xa3, 0x1a, 0x86, 0xbe, 0x22, 0x9b, 0x7, 0xf4, 0x68, 0xd1, 0x4d, 0x2a, 0xb6, 0xf, 0x93, 0x60, 0xfc, 0x45, 0xd9, 0x8b, 0x17, 0xae, 0x32, 0xc1, 0x5d, 0xe4, 0x78, 0x1f, 0x83, 0x3a, 0xa6, 0x55, 0xc9, 0x70, 0xec, 0xb5, 0x29, 0x90, 0xc, 0xff, 0x63, 0xda, 0x46, 0x21, 0xbd, 0x4, 0x98, 0x6b, 0xf7, 0x4e, 0xd2, 0x80, 0x1c, 0xa5, 0x39, 0xca, 0x56, 0xef, 0x73, 0x14, 0x88, 0x31, 0xad, 0x5e, 0xc2, 0x7b, 0xe7, 0xdf, 0x43, 0xfa, 0x66, 0x95, 0x9, 0xb0, 0x2c, 0x4b, 0xd7, 0x6e, 0xf2, 0x1, 0x9d, 0x24, 0xb8, 0xea, 0x76, 0xcf, 0x53, 0xa0, 0x3c, 0x85, 0x19, 0x7e, 0xe2, 0x5b, 0xc7, 0x34, 0xa8, 0x11, 0x8d, 0x61, 0xfd, 0x44, 0xd8, 0x2b, 0xb7, 0xe, 0x92, 0xf5, 0x69, 0xd0, 0x4c, 0xbf, 0x23, 0x9a, 0x6, 0x54, 0xc8, 0x71, 0xed, 0x1e, 0x82, 0x3b, 0xa7, 0xc0, 0x5c, 0xe5, 0x79, 0x8a, 0x16, 0xaf, 0x33, 0xb, 0x97, 0x2e, 0xb2, 0x41, 0xdd, 0x64, 0xf8, 0x9f, 0x3, 0xba, 0x26, 0xd5, 0x49, 0xf0, 0x6c, 0x3e, 0xa2, 0x1b, 0x87, 0x74, 0xe8, 0x51, 0xcd, 0xaa, 0x36, 0x8f, 0x13, 0xe0, 0x7c, 0xc5, 0x59},
+ {0x0, 0x9d, 0x27, 0xba, 0x4e, 0xd3, 0x69, 0xf4, 0x9c, 0x1, 0xbb, 0x26, 0xd2, 0x4f, 0xf5, 0x68, 0x25, 0xb8, 0x2, 0x9f, 0x6b, 0xf6, 0x4c, 0xd1, 0xb9, 0x24, 0x9e, 0x3, 0xf7, 0x6a, 0xd0, 0x4d, 0x4a, 0xd7, 0x6d, 0xf0, 0x4, 0x99, 0x23, 0xbe, 0xd6, 0x4b, 0xf1, 0x6c, 0x98, 0x5, 0xbf, 0x22, 0x6f, 0xf2, 0x48, 0xd5, 0x21, 0xbc, 0x6, 0x9b, 0xf3, 0x6e, 0xd4, 0x49, 0xbd, 0x20, 0x9a, 0x7, 0x94, 0x9, 0xb3, 0x2e, 0xda, 0x47, 0xfd, 0x60, 0x8, 0x95, 0x2f, 0xb2, 0x46, 0xdb, 0x61, 0xfc, 0xb1, 0x2c, 0x96, 0xb, 0xff, 0x62, 0xd8, 0x45, 0x2d, 0xb0, 0xa, 0x97, 0x63, 0xfe, 0x44, 0xd9, 0xde, 0x43, 0xf9, 0x64, 0x90, 0xd, 0xb7, 0x2a, 0x42, 0xdf, 0x65, 0xf8, 0xc, 0x91, 0x2b, 0xb6, 0xfb, 0x66, 0xdc, 0x41, 0xb5, 0x28, 0x92, 0xf, 0x67, 0xfa, 0x40, 0xdd, 0x29, 0xb4, 0xe, 0x93, 0x35, 0xa8, 0x12, 0x8f, 0x7b, 0xe6, 0x5c, 0xc1, 0xa9, 0x34, 0x8e, 0x13, 0xe7, 0x7a, 0xc0, 0x5d, 0x10, 0x8d, 0x37, 0xaa, 0x5e, 0xc3, 0x79, 0xe4, 0x8c, 0x11, 0xab, 0x36, 0xc2, 0x5f, 0xe5, 0x78, 0x7f, 0xe2, 0x58, 0xc5, 0x31, 0xac, 0x16, 0x8b, 0xe3, 0x7e, 0xc4, 0x59, 0xad, 0x30, 0x8a, 0x17, 0x5a, 0xc7, 0x7d, 0xe0, 0x14, 0x89, 0x33, 0xae, 0xc6, 0x5b, 0xe1, 0x7c, 0x88, 0x15, 0xaf, 0x32, 0xa1, 0x3c, 0x86, 0x1b, 0xef, 0x72, 0xc8, 0x55, 0x3d, 0xa0, 0x1a, 0x87, 0x73, 0xee, 0x54, 0xc9, 0x84, 0x19, 0xa3, 0x3e, 0xca, 0x57, 0xed, 0x70, 0x18, 0x85, 0x3f, 0xa2, 0x56, 0xcb, 0x71, 0xec, 0xeb, 0x76, 0xcc, 0x51, 0xa5, 0x38, 0x82, 0x1f, 0x77, 0xea, 0x50, 0xcd, 0x39, 0xa4, 0x1e, 0x83, 0xce, 0x53, 0xe9, 0x74, 0x80, 0x1d, 0xa7, 0x3a, 0x52, 0xcf, 0x75, 0xe8, 0x1c, 0x81, 0x3b, 0xa6},
+ {0x0, 0x9e, 0x21, 0xbf, 0x42, 0xdc, 0x63, 0xfd, 0x84, 0x1a, 0xa5, 0x3b, 0xc6, 0x58, 0xe7, 0x79, 0x15, 0x8b, 0x34, 0xaa, 0x57, 0xc9, 0x76, 0xe8, 0x91, 0xf, 0xb0, 0x2e, 0xd3, 0x4d, 0xf2, 0x6c, 0x2a, 0xb4, 0xb, 0x95, 0x68, 0xf6, 0x49, 0xd7, 0xae, 0x30, 0x8f, 0x11, 0xec, 0x72, 0xcd, 0x53, 0x3f, 0xa1, 0x1e, 0x80, 0x7d, 0xe3, 0x5c, 0xc2, 0xbb, 0x25, 0x9a, 0x4, 0xf9, 0x67, 0xd8, 0x46, 0x54, 0xca, 0x75, 0xeb, 0x16, 0x88, 0x37, 0xa9, 0xd0, 0x4e, 0xf1, 0x6f, 0x92, 0xc, 0xb3, 0x2d, 0x41, 0xdf, 0x60, 0xfe, 0x3, 0x9d, 0x22, 0xbc, 0xc5, 0x5b, 0xe4, 0x7a, 0x87, 0x19, 0xa6, 0x38, 0x7e, 0xe0, 0x5f, 0xc1, 0x3c, 0xa2, 0x1d, 0x83, 0xfa, 0x64, 0xdb, 0x45, 0xb8, 0x26, 0x99, 0x7, 0x6b, 0xf5, 0x4a, 0xd4, 0x29, 0xb7, 0x8, 0x96, 0xef, 0x71, 0xce, 0x50, 0xad, 0x33, 0x8c, 0x12, 0xa8, 0x36, 0x89, 0x17, 0xea, 0x74, 0xcb, 0x55, 0x2c, 0xb2, 0xd, 0x93, 0x6e, 0xf0, 0x4f, 0xd1, 0xbd, 0x23, 0x9c, 0x2, 0xff, 0x61, 0xde, 0x40, 0x39, 0xa7, 0x18, 0x86, 0x7b, 0xe5, 0x5a, 0xc4, 0x82, 0x1c, 0xa3, 0x3d, 0xc0, 0x5e, 0xe1, 0x7f, 0x6, 0x98, 0x27, 0xb9, 0x44, 0xda, 0x65, 0xfb, 0x97, 0x9, 0xb6, 0x28, 0xd5, 0x4b, 0xf4, 0x6a, 0x13, 0x8d, 0x32, 0xac, 0x51, 0xcf, 0x70, 0xee, 0xfc, 0x62, 0xdd, 0x43, 0xbe, 0x20, 0x9f, 0x1, 0x78, 0xe6, 0x59, 0xc7, 0x3a, 0xa4, 0x1b, 0x85, 0xe9, 0x77, 0xc8, 0x56, 0xab, 0x35, 0x8a, 0x14, 0x6d, 0xf3, 0x4c, 0xd2, 0x2f, 0xb1, 0xe, 0x90, 0xd6, 0x48, 0xf7, 0x69, 0x94, 0xa, 0xb5, 0x2b, 0x52, 0xcc, 0x73, 0xed, 0x10, 0x8e, 0x31, 0xaf, 0xc3, 0x5d, 0xe2, 0x7c, 0x81, 0x1f, 0xa0, 0x3e, 0x47, 0xd9, 0x66, 0xf8, 0x5, 0x9b, 0x24, 0xba},
+ {0x0, 0x9f, 0x23, 0xbc, 0x46, 0xd9, 0x65, 0xfa, 0x8c, 0x13, 0xaf, 0x30, 0xca, 0x55, 0xe9, 0x76, 0x5, 0x9a, 0x26, 0xb9, 0x43, 0xdc, 0x60, 0xff, 0x89, 0x16, 0xaa, 0x35, 0xcf, 0x50, 0xec, 0x73, 0xa, 0x95, 0x29, 0xb6, 0x4c, 0xd3, 0x6f, 0xf0, 0x86, 0x19, 0xa5, 0x3a, 0xc0, 0x5f, 0xe3, 0x7c, 0xf, 0x90, 0x2c, 0xb3, 0x49, 0xd6, 0x6a, 0xf5, 0x83, 0x1c, 0xa0, 0x3f, 0xc5, 0x5a, 0xe6, 0x79, 0x14, 0x8b, 0x37, 0xa8, 0x52, 0xcd, 0x71, 0xee, 0x98, 0x7, 0xbb, 0x24, 0xde, 0x41, 0xfd, 0x62, 0x11, 0x8e, 0x32, 0xad, 0x57, 0xc8, 0x74, 0xeb, 0x9d, 0x2, 0xbe, 0x21, 0xdb, 0x44, 0xf8, 0x67, 0x1e, 0x81, 0x3d, 0xa2, 0x58, 0xc7, 0x7b, 0xe4, 0x92, 0xd, 0xb1, 0x2e, 0xd4, 0x4b, 0xf7, 0x68, 0x1b, 0x84, 0x38, 0xa7, 0x5d, 0xc2, 0x7e, 0xe1, 0x97, 0x8, 0xb4, 0x2b, 0xd1, 0x4e, 0xf2, 0x6d, 0x28, 0xb7, 0xb, 0x94, 0x6e, 0xf1, 0x4d, 0xd2, 0xa4, 0x3b, 0x87, 0x18, 0xe2, 0x7d, 0xc1, 0x5e, 0x2d, 0xb2, 0xe, 0x91, 0x6b, 0xf4, 0x48, 0xd7, 0xa1, 0x3e, 0x82, 0x1d, 0xe7, 0x78, 0xc4, 0x5b, 0x22, 0xbd, 0x1, 0x9e, 0x64, 0xfb, 0x47, 0xd8, 0xae, 0x31, 0x8d, 0x12, 0xe8, 0x77, 0xcb, 0x54, 0x27, 0xb8, 0x4, 0x9b, 0x61, 0xfe, 0x42, 0xdd, 0xab, 0x34, 0x88, 0x17, 0xed, 0x72, 0xce, 0x51, 0x3c, 0xa3, 0x1f, 0x80, 0x7a, 0xe5, 0x59, 0xc6, 0xb0, 0x2f, 0x93, 0xc, 0xf6, 0x69, 0xd5, 0x4a, 0x39, 0xa6, 0x1a, 0x85, 0x7f, 0xe0, 0x5c, 0xc3, 0xb5, 0x2a, 0x96, 0x9, 0xf3, 0x6c, 0xd0, 0x4f, 0x36, 0xa9, 0x15, 0x8a, 0x70, 0xef, 0x53, 0xcc, 0xba, 0x25, 0x99, 0x6, 0xfc, 0x63, 0xdf, 0x40, 0x33, 0xac, 0x10, 0x8f, 0x75, 0xea, 0x56, 0xc9, 0xbf, 0x20, 0x9c, 0x3, 0xf9, 0x66, 0xda, 0x45},
+ {0x0, 0xa0, 0x5d, 0xfd, 0xba, 0x1a, 0xe7, 0x47, 0x69, 0xc9, 0x34, 0x94, 0xd3, 0x73, 0x8e, 0x2e, 0xd2, 0x72, 0x8f, 0x2f, 0x68, 0xc8, 0x35, 0x95, 0xbb, 0x1b, 0xe6, 0x46, 0x1, 0xa1, 0x5c, 0xfc, 0xb9, 0x19, 0xe4, 0x44, 0x3, 0xa3, 0x5e, 0xfe, 0xd0, 0x70, 0x8d, 0x2d, 0x6a, 0xca, 0x37, 0x97, 0x6b, 0xcb, 0x36, 0x96, 0xd1, 0x71, 0x8c, 0x2c, 0x2, 0xa2, 0x5f, 0xff, 0xb8, 0x18, 0xe5, 0x45, 0x6f, 0xcf, 0x32, 0x92, 0xd5, 0x75, 0x88, 0x28, 0x6, 0xa6, 0x5b, 0xfb, 0xbc, 0x1c, 0xe1, 0x41, 0xbd, 0x1d, 0xe0, 0x40, 0x7, 0xa7, 0x5a, 0xfa, 0xd4, 0x74, 0x89, 0x29, 0x6e, 0xce, 0x33, 0x93, 0xd6, 0x76, 0x8b, 0x2b, 0x6c, 0xcc, 0x31, 0x91, 0xbf, 0x1f, 0xe2, 0x42, 0x5, 0xa5, 0x58, 0xf8, 0x4, 0xa4, 0x59, 0xf9, 0xbe, 0x1e, 0xe3, 0x43, 0x6d, 0xcd, 0x30, 0x90, 0xd7, 0x77, 0x8a, 0x2a, 0xde, 0x7e, 0x83, 0x23, 0x64, 0xc4, 0x39, 0x99, 0xb7, 0x17, 0xea, 0x4a, 0xd, 0xad, 0x50, 0xf0, 0xc, 0xac, 0x51, 0xf1, 0xb6, 0x16, 0xeb, 0x4b, 0x65, 0xc5, 0x38, 0x98, 0xdf, 0x7f, 0x82, 0x22, 0x67, 0xc7, 0x3a, 0x9a, 0xdd, 0x7d, 0x80, 0x20, 0xe, 0xae, 0x53, 0xf3, 0xb4, 0x14, 0xe9, 0x49, 0xb5, 0x15, 0xe8, 0x48, 0xf, 0xaf, 0x52, 0xf2, 0xdc, 0x7c, 0x81, 0x21, 0x66, 0xc6, 0x3b, 0x9b, 0xb1, 0x11, 0xec, 0x4c, 0xb, 0xab, 0x56, 0xf6, 0xd8, 0x78, 0x85, 0x25, 0x62, 0xc2, 0x3f, 0x9f, 0x63, 0xc3, 0x3e, 0x9e, 0xd9, 0x79, 0x84, 0x24, 0xa, 0xaa, 0x57, 0xf7, 0xb0, 0x10, 0xed, 0x4d, 0x8, 0xa8, 0x55, 0xf5, 0xb2, 0x12, 0xef, 0x4f, 0x61, 0xc1, 0x3c, 0x9c, 0xdb, 0x7b, 0x86, 0x26, 0xda, 0x7a, 0x87, 0x27, 0x60, 0xc0, 0x3d, 0x9d, 0xb3, 0x13, 0xee, 0x4e, 0x9, 0xa9, 0x54, 0xf4},
+ {0x0, 0xa1, 0x5f, 0xfe, 0xbe, 0x1f, 0xe1, 0x40, 0x61, 0xc0, 0x3e, 0x9f, 0xdf, 0x7e, 0x80, 0x21, 0xc2, 0x63, 0x9d, 0x3c, 0x7c, 0xdd, 0x23, 0x82, 0xa3, 0x2, 0xfc, 0x5d, 0x1d, 0xbc, 0x42, 0xe3, 0x99, 0x38, 0xc6, 0x67, 0x27, 0x86, 0x78, 0xd9, 0xf8, 0x59, 0xa7, 0x6, 0x46, 0xe7, 0x19, 0xb8, 0x5b, 0xfa, 0x4, 0xa5, 0xe5, 0x44, 0xba, 0x1b, 0x3a, 0x9b, 0x65, 0xc4, 0x84, 0x25, 0xdb, 0x7a, 0x2f, 0x8e, 0x70, 0xd1, 0x91, 0x30, 0xce, 0x6f, 0x4e, 0xef, 0x11, 0xb0, 0xf0, 0x51, 0xaf, 0xe, 0xed, 0x4c, 0xb2, 0x13, 0x53, 0xf2, 0xc, 0xad, 0x8c, 0x2d, 0xd3, 0x72, 0x32, 0x93, 0x6d, 0xcc, 0xb6, 0x17, 0xe9, 0x48, 0x8, 0xa9, 0x57, 0xf6, 0xd7, 0x76, 0x88, 0x29, 0x69, 0xc8, 0x36, 0x97, 0x74, 0xd5, 0x2b, 0x8a, 0xca, 0x6b, 0x95, 0x34, 0x15, 0xb4, 0x4a, 0xeb, 0xab, 0xa, 0xf4, 0x55, 0x5e, 0xff, 0x1, 0xa0, 0xe0, 0x41, 0xbf, 0x1e, 0x3f, 0x9e, 0x60, 0xc1, 0x81, 0x20, 0xde, 0x7f, 0x9c, 0x3d, 0xc3, 0x62, 0x22, 0x83, 0x7d, 0xdc, 0xfd, 0x5c, 0xa2, 0x3, 0x43, 0xe2, 0x1c, 0xbd, 0xc7, 0x66, 0x98, 0x39, 0x79, 0xd8, 0x26, 0x87, 0xa6, 0x7, 0xf9, 0x58, 0x18, 0xb9, 0x47, 0xe6, 0x5, 0xa4, 0x5a, 0xfb, 0xbb, 0x1a, 0xe4, 0x45, 0x64, 0xc5, 0x3b, 0x9a, 0xda, 0x7b, 0x85, 0x24, 0x71, 0xd0, 0x2e, 0x8f, 0xcf, 0x6e, 0x90, 0x31, 0x10, 0xb1, 0x4f, 0xee, 0xae, 0xf, 0xf1, 0x50, 0xb3, 0x12, 0xec, 0x4d, 0xd, 0xac, 0x52, 0xf3, 0xd2, 0x73, 0x8d, 0x2c, 0x6c, 0xcd, 0x33, 0x92, 0xe8, 0x49, 0xb7, 0x16, 0x56, 0xf7, 0x9, 0xa8, 0x89, 0x28, 0xd6, 0x77, 0x37, 0x96, 0x68, 0xc9, 0x2a, 0x8b, 0x75, 0xd4, 0x94, 0x35, 0xcb, 0x6a, 0x4b, 0xea, 0x14, 0xb5, 0xf5, 0x54, 0xaa, 0xb},
+ {0x0, 0xa2, 0x59, 0xfb, 0xb2, 0x10, 0xeb, 0x49, 0x79, 0xdb, 0x20, 0x82, 0xcb, 0x69, 0x92, 0x30, 0xf2, 0x50, 0xab, 0x9, 0x40, 0xe2, 0x19, 0xbb, 0x8b, 0x29, 0xd2, 0x70, 0x39, 0x9b, 0x60, 0xc2, 0xf9, 0x5b, 0xa0, 0x2, 0x4b, 0xe9, 0x12, 0xb0, 0x80, 0x22, 0xd9, 0x7b, 0x32, 0x90, 0x6b, 0xc9, 0xb, 0xa9, 0x52, 0xf0, 0xb9, 0x1b, 0xe0, 0x42, 0x72, 0xd0, 0x2b, 0x89, 0xc0, 0x62, 0x99, 0x3b, 0xef, 0x4d, 0xb6, 0x14, 0x5d, 0xff, 0x4, 0xa6, 0x96, 0x34, 0xcf, 0x6d, 0x24, 0x86, 0x7d, 0xdf, 0x1d, 0xbf, 0x44, 0xe6, 0xaf, 0xd, 0xf6, 0x54, 0x64, 0xc6, 0x3d, 0x9f, 0xd6, 0x74, 0x8f, 0x2d, 0x16, 0xb4, 0x4f, 0xed, 0xa4, 0x6, 0xfd, 0x5f, 0x6f, 0xcd, 0x36, 0x94, 0xdd, 0x7f, 0x84, 0x26, 0xe4, 0x46, 0xbd, 0x1f, 0x56, 0xf4, 0xf, 0xad, 0x9d, 0x3f, 0xc4, 0x66, 0x2f, 0x8d, 0x76, 0xd4, 0xc3, 0x61, 0x9a, 0x38, 0x71, 0xd3, 0x28, 0x8a, 0xba, 0x18, 0xe3, 0x41, 0x8, 0xaa, 0x51, 0xf3, 0x31, 0x93, 0x68, 0xca, 0x83, 0x21, 0xda, 0x78, 0x48, 0xea, 0x11, 0xb3, 0xfa, 0x58, 0xa3, 0x1, 0x3a, 0x98, 0x63, 0xc1, 0x88, 0x2a, 0xd1, 0x73, 0x43, 0xe1, 0x1a, 0xb8, 0xf1, 0x53, 0xa8, 0xa, 0xc8, 0x6a, 0x91, 0x33, 0x7a, 0xd8, 0x23, 0x81, 0xb1, 0x13, 0xe8, 0x4a, 0x3, 0xa1, 0x5a, 0xf8, 0x2c, 0x8e, 0x75, 0xd7, 0x9e, 0x3c, 0xc7, 0x65, 0x55, 0xf7, 0xc, 0xae, 0xe7, 0x45, 0xbe, 0x1c, 0xde, 0x7c, 0x87, 0x25, 0x6c, 0xce, 0x35, 0x97, 0xa7, 0x5, 0xfe, 0x5c, 0x15, 0xb7, 0x4c, 0xee, 0xd5, 0x77, 0x8c, 0x2e, 0x67, 0xc5, 0x3e, 0x9c, 0xac, 0xe, 0xf5, 0x57, 0x1e, 0xbc, 0x47, 0xe5, 0x27, 0x85, 0x7e, 0xdc, 0x95, 0x37, 0xcc, 0x6e, 0x5e, 0xfc, 0x7, 0xa5, 0xec, 0x4e, 0xb5, 0x17},
+ {0x0, 0xa3, 0x5b, 0xf8, 0xb6, 0x15, 0xed, 0x4e, 0x71, 0xd2, 0x2a, 0x89, 0xc7, 0x64, 0x9c, 0x3f, 0xe2, 0x41, 0xb9, 0x1a, 0x54, 0xf7, 0xf, 0xac, 0x93, 0x30, 0xc8, 0x6b, 0x25, 0x86, 0x7e, 0xdd, 0xd9, 0x7a, 0x82, 0x21, 0x6f, 0xcc, 0x34, 0x97, 0xa8, 0xb, 0xf3, 0x50, 0x1e, 0xbd, 0x45, 0xe6, 0x3b, 0x98, 0x60, 0xc3, 0x8d, 0x2e, 0xd6, 0x75, 0x4a, 0xe9, 0x11, 0xb2, 0xfc, 0x5f, 0xa7, 0x4, 0xaf, 0xc, 0xf4, 0x57, 0x19, 0xba, 0x42, 0xe1, 0xde, 0x7d, 0x85, 0x26, 0x68, 0xcb, 0x33, 0x90, 0x4d, 0xee, 0x16, 0xb5, 0xfb, 0x58, 0xa0, 0x3, 0x3c, 0x9f, 0x67, 0xc4, 0x8a, 0x29, 0xd1, 0x72, 0x76, 0xd5, 0x2d, 0x8e, 0xc0, 0x63, 0x9b, 0x38, 0x7, 0xa4, 0x5c, 0xff, 0xb1, 0x12, 0xea, 0x49, 0x94, 0x37, 0xcf, 0x6c, 0x22, 0x81, 0x79, 0xda, 0xe5, 0x46, 0xbe, 0x1d, 0x53, 0xf0, 0x8, 0xab, 0x43, 0xe0, 0x18, 0xbb, 0xf5, 0x56, 0xae, 0xd, 0x32, 0x91, 0x69, 0xca, 0x84, 0x27, 0xdf, 0x7c, 0xa1, 0x2, 0xfa, 0x59, 0x17, 0xb4, 0x4c, 0xef, 0xd0, 0x73, 0x8b, 0x28, 0x66, 0xc5, 0x3d, 0x9e, 0x9a, 0x39, 0xc1, 0x62, 0x2c, 0x8f, 0x77, 0xd4, 0xeb, 0x48, 0xb0, 0x13, 0x5d, 0xfe, 0x6, 0xa5, 0x78, 0xdb, 0x23, 0x80, 0xce, 0x6d, 0x95, 0x36, 0x9, 0xaa, 0x52, 0xf1, 0xbf, 0x1c, 0xe4, 0x47, 0xec, 0x4f, 0xb7, 0x14, 0x5a, 0xf9, 0x1, 0xa2, 0x9d, 0x3e, 0xc6, 0x65, 0x2b, 0x88, 0x70, 0xd3, 0xe, 0xad, 0x55, 0xf6, 0xb8, 0x1b, 0xe3, 0x40, 0x7f, 0xdc, 0x24, 0x87, 0xc9, 0x6a, 0x92, 0x31, 0x35, 0x96, 0x6e, 0xcd, 0x83, 0x20, 0xd8, 0x7b, 0x44, 0xe7, 0x1f, 0xbc, 0xf2, 0x51, 0xa9, 0xa, 0xd7, 0x74, 0x8c, 0x2f, 0x61, 0xc2, 0x3a, 0x99, 0xa6, 0x5, 0xfd, 0x5e, 0x10, 0xb3, 0x4b, 0xe8},
+ {0x0, 0xa4, 0x55, 0xf1, 0xaa, 0xe, 0xff, 0x5b, 0x49, 0xed, 0x1c, 0xb8, 0xe3, 0x47, 0xb6, 0x12, 0x92, 0x36, 0xc7, 0x63, 0x38, 0x9c, 0x6d, 0xc9, 0xdb, 0x7f, 0x8e, 0x2a, 0x71, 0xd5, 0x24, 0x80, 0x39, 0x9d, 0x6c, 0xc8, 0x93, 0x37, 0xc6, 0x62, 0x70, 0xd4, 0x25, 0x81, 0xda, 0x7e, 0x8f, 0x2b, 0xab, 0xf, 0xfe, 0x5a, 0x1, 0xa5, 0x54, 0xf0, 0xe2, 0x46, 0xb7, 0x13, 0x48, 0xec, 0x1d, 0xb9, 0x72, 0xd6, 0x27, 0x83, 0xd8, 0x7c, 0x8d, 0x29, 0x3b, 0x9f, 0x6e, 0xca, 0x91, 0x35, 0xc4, 0x60, 0xe0, 0x44, 0xb5, 0x11, 0x4a, 0xee, 0x1f, 0xbb, 0xa9, 0xd, 0xfc, 0x58, 0x3, 0xa7, 0x56, 0xf2, 0x4b, 0xef, 0x1e, 0xba, 0xe1, 0x45, 0xb4, 0x10, 0x2, 0xa6, 0x57, 0xf3, 0xa8, 0xc, 0xfd, 0x59, 0xd9, 0x7d, 0x8c, 0x28, 0x73, 0xd7, 0x26, 0x82, 0x90, 0x34, 0xc5, 0x61, 0x3a, 0x9e, 0x6f, 0xcb, 0xe4, 0x40, 0xb1, 0x15, 0x4e, 0xea, 0x1b, 0xbf, 0xad, 0x9, 0xf8, 0x5c, 0x7, 0xa3, 0x52, 0xf6, 0x76, 0xd2, 0x23, 0x87, 0xdc, 0x78, 0x89, 0x2d, 0x3f, 0x9b, 0x6a, 0xce, 0x95, 0x31, 0xc0, 0x64, 0xdd, 0x79, 0x88, 0x2c, 0x77, 0xd3, 0x22, 0x86, 0x94, 0x30, 0xc1, 0x65, 0x3e, 0x9a, 0x6b, 0xcf, 0x4f, 0xeb, 0x1a, 0xbe, 0xe5, 0x41, 0xb0, 0x14, 0x6, 0xa2, 0x53, 0xf7, 0xac, 0x8, 0xf9, 0x5d, 0x96, 0x32, 0xc3, 0x67, 0x3c, 0x98, 0x69, 0xcd, 0xdf, 0x7b, 0x8a, 0x2e, 0x75, 0xd1, 0x20, 0x84, 0x4, 0xa0, 0x51, 0xf5, 0xae, 0xa, 0xfb, 0x5f, 0x4d, 0xe9, 0x18, 0xbc, 0xe7, 0x43, 0xb2, 0x16, 0xaf, 0xb, 0xfa, 0x5e, 0x5, 0xa1, 0x50, 0xf4, 0xe6, 0x42, 0xb3, 0x17, 0x4c, 0xe8, 0x19, 0xbd, 0x3d, 0x99, 0x68, 0xcc, 0x97, 0x33, 0xc2, 0x66, 0x74, 0xd0, 0x21, 0x85, 0xde, 0x7a, 0x8b, 0x2f},
+ {0x0, 0xa5, 0x57, 0xf2, 0xae, 0xb, 0xf9, 0x5c, 0x41, 0xe4, 0x16, 0xb3, 0xef, 0x4a, 0xb8, 0x1d, 0x82, 0x27, 0xd5, 0x70, 0x2c, 0x89, 0x7b, 0xde, 0xc3, 0x66, 0x94, 0x31, 0x6d, 0xc8, 0x3a, 0x9f, 0x19, 0xbc, 0x4e, 0xeb, 0xb7, 0x12, 0xe0, 0x45, 0x58, 0xfd, 0xf, 0xaa, 0xf6, 0x53, 0xa1, 0x4, 0x9b, 0x3e, 0xcc, 0x69, 0x35, 0x90, 0x62, 0xc7, 0xda, 0x7f, 0x8d, 0x28, 0x74, 0xd1, 0x23, 0x86, 0x32, 0x97, 0x65, 0xc0, 0x9c, 0x39, 0xcb, 0x6e, 0x73, 0xd6, 0x24, 0x81, 0xdd, 0x78, 0x8a, 0x2f, 0xb0, 0x15, 0xe7, 0x42, 0x1e, 0xbb, 0x49, 0xec, 0xf1, 0x54, 0xa6, 0x3, 0x5f, 0xfa, 0x8, 0xad, 0x2b, 0x8e, 0x7c, 0xd9, 0x85, 0x20, 0xd2, 0x77, 0x6a, 0xcf, 0x3d, 0x98, 0xc4, 0x61, 0x93, 0x36, 0xa9, 0xc, 0xfe, 0x5b, 0x7, 0xa2, 0x50, 0xf5, 0xe8, 0x4d, 0xbf, 0x1a, 0x46, 0xe3, 0x11, 0xb4, 0x64, 0xc1, 0x33, 0x96, 0xca, 0x6f, 0x9d, 0x38, 0x25, 0x80, 0x72, 0xd7, 0x8b, 0x2e, 0xdc, 0x79, 0xe6, 0x43, 0xb1, 0x14, 0x48, 0xed, 0x1f, 0xba, 0xa7, 0x2, 0xf0, 0x55, 0x9, 0xac, 0x5e, 0xfb, 0x7d, 0xd8, 0x2a, 0x8f, 0xd3, 0x76, 0x84, 0x21, 0x3c, 0x99, 0x6b, 0xce, 0x92, 0x37, 0xc5, 0x60, 0xff, 0x5a, 0xa8, 0xd, 0x51, 0xf4, 0x6, 0xa3, 0xbe, 0x1b, 0xe9, 0x4c, 0x10, 0xb5, 0x47, 0xe2, 0x56, 0xf3, 0x1, 0xa4, 0xf8, 0x5d, 0xaf, 0xa, 0x17, 0xb2, 0x40, 0xe5, 0xb9, 0x1c, 0xee, 0x4b, 0xd4, 0x71, 0x83, 0x26, 0x7a, 0xdf, 0x2d, 0x88, 0x95, 0x30, 0xc2, 0x67, 0x3b, 0x9e, 0x6c, 0xc9, 0x4f, 0xea, 0x18, 0xbd, 0xe1, 0x44, 0xb6, 0x13, 0xe, 0xab, 0x59, 0xfc, 0xa0, 0x5, 0xf7, 0x52, 0xcd, 0x68, 0x9a, 0x3f, 0x63, 0xc6, 0x34, 0x91, 0x8c, 0x29, 0xdb, 0x7e, 0x22, 0x87, 0x75, 0xd0},
+ {0x0, 0xa6, 0x51, 0xf7, 0xa2, 0x4, 0xf3, 0x55, 0x59, 0xff, 0x8, 0xae, 0xfb, 0x5d, 0xaa, 0xc, 0xb2, 0x14, 0xe3, 0x45, 0x10, 0xb6, 0x41, 0xe7, 0xeb, 0x4d, 0xba, 0x1c, 0x49, 0xef, 0x18, 0xbe, 0x79, 0xdf, 0x28, 0x8e, 0xdb, 0x7d, 0x8a, 0x2c, 0x20, 0x86, 0x71, 0xd7, 0x82, 0x24, 0xd3, 0x75, 0xcb, 0x6d, 0x9a, 0x3c, 0x69, 0xcf, 0x38, 0x9e, 0x92, 0x34, 0xc3, 0x65, 0x30, 0x96, 0x61, 0xc7, 0xf2, 0x54, 0xa3, 0x5, 0x50, 0xf6, 0x1, 0xa7, 0xab, 0xd, 0xfa, 0x5c, 0x9, 0xaf, 0x58, 0xfe, 0x40, 0xe6, 0x11, 0xb7, 0xe2, 0x44, 0xb3, 0x15, 0x19, 0xbf, 0x48, 0xee, 0xbb, 0x1d, 0xea, 0x4c, 0x8b, 0x2d, 0xda, 0x7c, 0x29, 0x8f, 0x78, 0xde, 0xd2, 0x74, 0x83, 0x25, 0x70, 0xd6, 0x21, 0x87, 0x39, 0x9f, 0x68, 0xce, 0x9b, 0x3d, 0xca, 0x6c, 0x60, 0xc6, 0x31, 0x97, 0xc2, 0x64, 0x93, 0x35, 0xf9, 0x5f, 0xa8, 0xe, 0x5b, 0xfd, 0xa, 0xac, 0xa0, 0x6, 0xf1, 0x57, 0x2, 0xa4, 0x53, 0xf5, 0x4b, 0xed, 0x1a, 0xbc, 0xe9, 0x4f, 0xb8, 0x1e, 0x12, 0xb4, 0x43, 0xe5, 0xb0, 0x16, 0xe1, 0x47, 0x80, 0x26, 0xd1, 0x77, 0x22, 0x84, 0x73, 0xd5, 0xd9, 0x7f, 0x88, 0x2e, 0x7b, 0xdd, 0x2a, 0x8c, 0x32, 0x94, 0x63, 0xc5, 0x90, 0x36, 0xc1, 0x67, 0x6b, 0xcd, 0x3a, 0x9c, 0xc9, 0x6f, 0x98, 0x3e, 0xb, 0xad, 0x5a, 0xfc, 0xa9, 0xf, 0xf8, 0x5e, 0x52, 0xf4, 0x3, 0xa5, 0xf0, 0x56, 0xa1, 0x7, 0xb9, 0x1f, 0xe8, 0x4e, 0x1b, 0xbd, 0x4a, 0xec, 0xe0, 0x46, 0xb1, 0x17, 0x42, 0xe4, 0x13, 0xb5, 0x72, 0xd4, 0x23, 0x85, 0xd0, 0x76, 0x81, 0x27, 0x2b, 0x8d, 0x7a, 0xdc, 0x89, 0x2f, 0xd8, 0x7e, 0xc0, 0x66, 0x91, 0x37, 0x62, 0xc4, 0x33, 0x95, 0x99, 0x3f, 0xc8, 0x6e, 0x3b, 0x9d, 0x6a, 0xcc},
+ {0x0, 0xa7, 0x53, 0xf4, 0xa6, 0x1, 0xf5, 0x52, 0x51, 0xf6, 0x2, 0xa5, 0xf7, 0x50, 0xa4, 0x3, 0xa2, 0x5, 0xf1, 0x56, 0x4, 0xa3, 0x57, 0xf0, 0xf3, 0x54, 0xa0, 0x7, 0x55, 0xf2, 0x6, 0xa1, 0x59, 0xfe, 0xa, 0xad, 0xff, 0x58, 0xac, 0xb, 0x8, 0xaf, 0x5b, 0xfc, 0xae, 0x9, 0xfd, 0x5a, 0xfb, 0x5c, 0xa8, 0xf, 0x5d, 0xfa, 0xe, 0xa9, 0xaa, 0xd, 0xf9, 0x5e, 0xc, 0xab, 0x5f, 0xf8, 0xb2, 0x15, 0xe1, 0x46, 0x14, 0xb3, 0x47, 0xe0, 0xe3, 0x44, 0xb0, 0x17, 0x45, 0xe2, 0x16, 0xb1, 0x10, 0xb7, 0x43, 0xe4, 0xb6, 0x11, 0xe5, 0x42, 0x41, 0xe6, 0x12, 0xb5, 0xe7, 0x40, 0xb4, 0x13, 0xeb, 0x4c, 0xb8, 0x1f, 0x4d, 0xea, 0x1e, 0xb9, 0xba, 0x1d, 0xe9, 0x4e, 0x1c, 0xbb, 0x4f, 0xe8, 0x49, 0xee, 0x1a, 0xbd, 0xef, 0x48, 0xbc, 0x1b, 0x18, 0xbf, 0x4b, 0xec, 0xbe, 0x19, 0xed, 0x4a, 0x79, 0xde, 0x2a, 0x8d, 0xdf, 0x78, 0x8c, 0x2b, 0x28, 0x8f, 0x7b, 0xdc, 0x8e, 0x29, 0xdd, 0x7a, 0xdb, 0x7c, 0x88, 0x2f, 0x7d, 0xda, 0x2e, 0x89, 0x8a, 0x2d, 0xd9, 0x7e, 0x2c, 0x8b, 0x7f, 0xd8, 0x20, 0x87, 0x73, 0xd4, 0x86, 0x21, 0xd5, 0x72, 0x71, 0xd6, 0x22, 0x85, 0xd7, 0x70, 0x84, 0x23, 0x82, 0x25, 0xd1, 0x76, 0x24, 0x83, 0x77, 0xd0, 0xd3, 0x74, 0x80, 0x27, 0x75, 0xd2, 0x26, 0x81, 0xcb, 0x6c, 0x98, 0x3f, 0x6d, 0xca, 0x3e, 0x99, 0x9a, 0x3d, 0xc9, 0x6e, 0x3c, 0x9b, 0x6f, 0xc8, 0x69, 0xce, 0x3a, 0x9d, 0xcf, 0x68, 0x9c, 0x3b, 0x38, 0x9f, 0x6b, 0xcc, 0x9e, 0x39, 0xcd, 0x6a, 0x92, 0x35, 0xc1, 0x66, 0x34, 0x93, 0x67, 0xc0, 0xc3, 0x64, 0x90, 0x37, 0x65, 0xc2, 0x36, 0x91, 0x30, 0x97, 0x63, 0xc4, 0x96, 0x31, 0xc5, 0x62, 0x61, 0xc6, 0x32, 0x95, 0xc7, 0x60, 0x94, 0x33},
+ {0x0, 0xa8, 0x4d, 0xe5, 0x9a, 0x32, 0xd7, 0x7f, 0x29, 0x81, 0x64, 0xcc, 0xb3, 0x1b, 0xfe, 0x56, 0x52, 0xfa, 0x1f, 0xb7, 0xc8, 0x60, 0x85, 0x2d, 0x7b, 0xd3, 0x36, 0x9e, 0xe1, 0x49, 0xac, 0x4, 0xa4, 0xc, 0xe9, 0x41, 0x3e, 0x96, 0x73, 0xdb, 0x8d, 0x25, 0xc0, 0x68, 0x17, 0xbf, 0x5a, 0xf2, 0xf6, 0x5e, 0xbb, 0x13, 0x6c, 0xc4, 0x21, 0x89, 0xdf, 0x77, 0x92, 0x3a, 0x45, 0xed, 0x8, 0xa0, 0x55, 0xfd, 0x18, 0xb0, 0xcf, 0x67, 0x82, 0x2a, 0x7c, 0xd4, 0x31, 0x99, 0xe6, 0x4e, 0xab, 0x3, 0x7, 0xaf, 0x4a, 0xe2, 0x9d, 0x35, 0xd0, 0x78, 0x2e, 0x86, 0x63, 0xcb, 0xb4, 0x1c, 0xf9, 0x51, 0xf1, 0x59, 0xbc, 0x14, 0x6b, 0xc3, 0x26, 0x8e, 0xd8, 0x70, 0x95, 0x3d, 0x42, 0xea, 0xf, 0xa7, 0xa3, 0xb, 0xee, 0x46, 0x39, 0x91, 0x74, 0xdc, 0x8a, 0x22, 0xc7, 0x6f, 0x10, 0xb8, 0x5d, 0xf5, 0xaa, 0x2, 0xe7, 0x4f, 0x30, 0x98, 0x7d, 0xd5, 0x83, 0x2b, 0xce, 0x66, 0x19, 0xb1, 0x54, 0xfc, 0xf8, 0x50, 0xb5, 0x1d, 0x62, 0xca, 0x2f, 0x87, 0xd1, 0x79, 0x9c, 0x34, 0x4b, 0xe3, 0x6, 0xae, 0xe, 0xa6, 0x43, 0xeb, 0x94, 0x3c, 0xd9, 0x71, 0x27, 0x8f, 0x6a, 0xc2, 0xbd, 0x15, 0xf0, 0x58, 0x5c, 0xf4, 0x11, 0xb9, 0xc6, 0x6e, 0x8b, 0x23, 0x75, 0xdd, 0x38, 0x90, 0xef, 0x47, 0xa2, 0xa, 0xff, 0x57, 0xb2, 0x1a, 0x65, 0xcd, 0x28, 0x80, 0xd6, 0x7e, 0x9b, 0x33, 0x4c, 0xe4, 0x1, 0xa9, 0xad, 0x5, 0xe0, 0x48, 0x37, 0x9f, 0x7a, 0xd2, 0x84, 0x2c, 0xc9, 0x61, 0x1e, 0xb6, 0x53, 0xfb, 0x5b, 0xf3, 0x16, 0xbe, 0xc1, 0x69, 0x8c, 0x24, 0x72, 0xda, 0x3f, 0x97, 0xe8, 0x40, 0xa5, 0xd, 0x9, 0xa1, 0x44, 0xec, 0x93, 0x3b, 0xde, 0x76, 0x20, 0x88, 0x6d, 0xc5, 0xba, 0x12, 0xf7, 0x5f},
+ {0x0, 0xa9, 0x4f, 0xe6, 0x9e, 0x37, 0xd1, 0x78, 0x21, 0x88, 0x6e, 0xc7, 0xbf, 0x16, 0xf0, 0x59, 0x42, 0xeb, 0xd, 0xa4, 0xdc, 0x75, 0x93, 0x3a, 0x63, 0xca, 0x2c, 0x85, 0xfd, 0x54, 0xb2, 0x1b, 0x84, 0x2d, 0xcb, 0x62, 0x1a, 0xb3, 0x55, 0xfc, 0xa5, 0xc, 0xea, 0x43, 0x3b, 0x92, 0x74, 0xdd, 0xc6, 0x6f, 0x89, 0x20, 0x58, 0xf1, 0x17, 0xbe, 0xe7, 0x4e, 0xa8, 0x1, 0x79, 0xd0, 0x36, 0x9f, 0x15, 0xbc, 0x5a, 0xf3, 0x8b, 0x22, 0xc4, 0x6d, 0x34, 0x9d, 0x7b, 0xd2, 0xaa, 0x3, 0xe5, 0x4c, 0x57, 0xfe, 0x18, 0xb1, 0xc9, 0x60, 0x86, 0x2f, 0x76, 0xdf, 0x39, 0x90, 0xe8, 0x41, 0xa7, 0xe, 0x91, 0x38, 0xde, 0x77, 0xf, 0xa6, 0x40, 0xe9, 0xb0, 0x19, 0xff, 0x56, 0x2e, 0x87, 0x61, 0xc8, 0xd3, 0x7a, 0x9c, 0x35, 0x4d, 0xe4, 0x2, 0xab, 0xf2, 0x5b, 0xbd, 0x14, 0x6c, 0xc5, 0x23, 0x8a, 0x2a, 0x83, 0x65, 0xcc, 0xb4, 0x1d, 0xfb, 0x52, 0xb, 0xa2, 0x44, 0xed, 0x95, 0x3c, 0xda, 0x73, 0x68, 0xc1, 0x27, 0x8e, 0xf6, 0x5f, 0xb9, 0x10, 0x49, 0xe0, 0x6, 0xaf, 0xd7, 0x7e, 0x98, 0x31, 0xae, 0x7, 0xe1, 0x48, 0x30, 0x99, 0x7f, 0xd6, 0x8f, 0x26, 0xc0, 0x69, 0x11, 0xb8, 0x5e, 0xf7, 0xec, 0x45, 0xa3, 0xa, 0x72, 0xdb, 0x3d, 0x94, 0xcd, 0x64, 0x82, 0x2b, 0x53, 0xfa, 0x1c, 0xb5, 0x3f, 0x96, 0x70, 0xd9, 0xa1, 0x8, 0xee, 0x47, 0x1e, 0xb7, 0x51, 0xf8, 0x80, 0x29, 0xcf, 0x66, 0x7d, 0xd4, 0x32, 0x9b, 0xe3, 0x4a, 0xac, 0x5, 0x5c, 0xf5, 0x13, 0xba, 0xc2, 0x6b, 0x8d, 0x24, 0xbb, 0x12, 0xf4, 0x5d, 0x25, 0x8c, 0x6a, 0xc3, 0x9a, 0x33, 0xd5, 0x7c, 0x4, 0xad, 0x4b, 0xe2, 0xf9, 0x50, 0xb6, 0x1f, 0x67, 0xce, 0x28, 0x81, 0xd8, 0x71, 0x97, 0x3e, 0x46, 0xef, 0x9, 0xa0},
+ {0x0, 0xaa, 0x49, 0xe3, 0x92, 0x38, 0xdb, 0x71, 0x39, 0x93, 0x70, 0xda, 0xab, 0x1, 0xe2, 0x48, 0x72, 0xd8, 0x3b, 0x91, 0xe0, 0x4a, 0xa9, 0x3, 0x4b, 0xe1, 0x2, 0xa8, 0xd9, 0x73, 0x90, 0x3a, 0xe4, 0x4e, 0xad, 0x7, 0x76, 0xdc, 0x3f, 0x95, 0xdd, 0x77, 0x94, 0x3e, 0x4f, 0xe5, 0x6, 0xac, 0x96, 0x3c, 0xdf, 0x75, 0x4, 0xae, 0x4d, 0xe7, 0xaf, 0x5, 0xe6, 0x4c, 0x3d, 0x97, 0x74, 0xde, 0xd5, 0x7f, 0x9c, 0x36, 0x47, 0xed, 0xe, 0xa4, 0xec, 0x46, 0xa5, 0xf, 0x7e, 0xd4, 0x37, 0x9d, 0xa7, 0xd, 0xee, 0x44, 0x35, 0x9f, 0x7c, 0xd6, 0x9e, 0x34, 0xd7, 0x7d, 0xc, 0xa6, 0x45, 0xef, 0x31, 0x9b, 0x78, 0xd2, 0xa3, 0x9, 0xea, 0x40, 0x8, 0xa2, 0x41, 0xeb, 0x9a, 0x30, 0xd3, 0x79, 0x43, 0xe9, 0xa, 0xa0, 0xd1, 0x7b, 0x98, 0x32, 0x7a, 0xd0, 0x33, 0x99, 0xe8, 0x42, 0xa1, 0xb, 0xb7, 0x1d, 0xfe, 0x54, 0x25, 0x8f, 0x6c, 0xc6, 0x8e, 0x24, 0xc7, 0x6d, 0x1c, 0xb6, 0x55, 0xff, 0xc5, 0x6f, 0x8c, 0x26, 0x57, 0xfd, 0x1e, 0xb4, 0xfc, 0x56, 0xb5, 0x1f, 0x6e, 0xc4, 0x27, 0x8d, 0x53, 0xf9, 0x1a, 0xb0, 0xc1, 0x6b, 0x88, 0x22, 0x6a, 0xc0, 0x23, 0x89, 0xf8, 0x52, 0xb1, 0x1b, 0x21, 0x8b, 0x68, 0xc2, 0xb3, 0x19, 0xfa, 0x50, 0x18, 0xb2, 0x51, 0xfb, 0x8a, 0x20, 0xc3, 0x69, 0x62, 0xc8, 0x2b, 0x81, 0xf0, 0x5a, 0xb9, 0x13, 0x5b, 0xf1, 0x12, 0xb8, 0xc9, 0x63, 0x80, 0x2a, 0x10, 0xba, 0x59, 0xf3, 0x82, 0x28, 0xcb, 0x61, 0x29, 0x83, 0x60, 0xca, 0xbb, 0x11, 0xf2, 0x58, 0x86, 0x2c, 0xcf, 0x65, 0x14, 0xbe, 0x5d, 0xf7, 0xbf, 0x15, 0xf6, 0x5c, 0x2d, 0x87, 0x64, 0xce, 0xf4, 0x5e, 0xbd, 0x17, 0x66, 0xcc, 0x2f, 0x85, 0xcd, 0x67, 0x84, 0x2e, 0x5f, 0xf5, 0x16, 0xbc},
+ {0x0, 0xab, 0x4b, 0xe0, 0x96, 0x3d, 0xdd, 0x76, 0x31, 0x9a, 0x7a, 0xd1, 0xa7, 0xc, 0xec, 0x47, 0x62, 0xc9, 0x29, 0x82, 0xf4, 0x5f, 0xbf, 0x14, 0x53, 0xf8, 0x18, 0xb3, 0xc5, 0x6e, 0x8e, 0x25, 0xc4, 0x6f, 0x8f, 0x24, 0x52, 0xf9, 0x19, 0xb2, 0xf5, 0x5e, 0xbe, 0x15, 0x63, 0xc8, 0x28, 0x83, 0xa6, 0xd, 0xed, 0x46, 0x30, 0x9b, 0x7b, 0xd0, 0x97, 0x3c, 0xdc, 0x77, 0x1, 0xaa, 0x4a, 0xe1, 0x95, 0x3e, 0xde, 0x75, 0x3, 0xa8, 0x48, 0xe3, 0xa4, 0xf, 0xef, 0x44, 0x32, 0x99, 0x79, 0xd2, 0xf7, 0x5c, 0xbc, 0x17, 0x61, 0xca, 0x2a, 0x81, 0xc6, 0x6d, 0x8d, 0x26, 0x50, 0xfb, 0x1b, 0xb0, 0x51, 0xfa, 0x1a, 0xb1, 0xc7, 0x6c, 0x8c, 0x27, 0x60, 0xcb, 0x2b, 0x80, 0xf6, 0x5d, 0xbd, 0x16, 0x33, 0x98, 0x78, 0xd3, 0xa5, 0xe, 0xee, 0x45, 0x2, 0xa9, 0x49, 0xe2, 0x94, 0x3f, 0xdf, 0x74, 0x37, 0x9c, 0x7c, 0xd7, 0xa1, 0xa, 0xea, 0x41, 0x6, 0xad, 0x4d, 0xe6, 0x90, 0x3b, 0xdb, 0x70, 0x55, 0xfe, 0x1e, 0xb5, 0xc3, 0x68, 0x88, 0x23, 0x64, 0xcf, 0x2f, 0x84, 0xf2, 0x59, 0xb9, 0x12, 0xf3, 0x58, 0xb8, 0x13, 0x65, 0xce, 0x2e, 0x85, 0xc2, 0x69, 0x89, 0x22, 0x54, 0xff, 0x1f, 0xb4, 0x91, 0x3a, 0xda, 0x71, 0x7, 0xac, 0x4c, 0xe7, 0xa0, 0xb, 0xeb, 0x40, 0x36, 0x9d, 0x7d, 0xd6, 0xa2, 0x9, 0xe9, 0x42, 0x34, 0x9f, 0x7f, 0xd4, 0x93, 0x38, 0xd8, 0x73, 0x5, 0xae, 0x4e, 0xe5, 0xc0, 0x6b, 0x8b, 0x20, 0x56, 0xfd, 0x1d, 0xb6, 0xf1, 0x5a, 0xba, 0x11, 0x67, 0xcc, 0x2c, 0x87, 0x66, 0xcd, 0x2d, 0x86, 0xf0, 0x5b, 0xbb, 0x10, 0x57, 0xfc, 0x1c, 0xb7, 0xc1, 0x6a, 0x8a, 0x21, 0x4, 0xaf, 0x4f, 0xe4, 0x92, 0x39, 0xd9, 0x72, 0x35, 0x9e, 0x7e, 0xd5, 0xa3, 0x8, 0xe8, 0x43},
+ {0x0, 0xac, 0x45, 0xe9, 0x8a, 0x26, 0xcf, 0x63, 0x9, 0xa5, 0x4c, 0xe0, 0x83, 0x2f, 0xc6, 0x6a, 0x12, 0xbe, 0x57, 0xfb, 0x98, 0x34, 0xdd, 0x71, 0x1b, 0xb7, 0x5e, 0xf2, 0x91, 0x3d, 0xd4, 0x78, 0x24, 0x88, 0x61, 0xcd, 0xae, 0x2, 0xeb, 0x47, 0x2d, 0x81, 0x68, 0xc4, 0xa7, 0xb, 0xe2, 0x4e, 0x36, 0x9a, 0x73, 0xdf, 0xbc, 0x10, 0xf9, 0x55, 0x3f, 0x93, 0x7a, 0xd6, 0xb5, 0x19, 0xf0, 0x5c, 0x48, 0xe4, 0xd, 0xa1, 0xc2, 0x6e, 0x87, 0x2b, 0x41, 0xed, 0x4, 0xa8, 0xcb, 0x67, 0x8e, 0x22, 0x5a, 0xf6, 0x1f, 0xb3, 0xd0, 0x7c, 0x95, 0x39, 0x53, 0xff, 0x16, 0xba, 0xd9, 0x75, 0x9c, 0x30, 0x6c, 0xc0, 0x29, 0x85, 0xe6, 0x4a, 0xa3, 0xf, 0x65, 0xc9, 0x20, 0x8c, 0xef, 0x43, 0xaa, 0x6, 0x7e, 0xd2, 0x3b, 0x97, 0xf4, 0x58, 0xb1, 0x1d, 0x77, 0xdb, 0x32, 0x9e, 0xfd, 0x51, 0xb8, 0x14, 0x90, 0x3c, 0xd5, 0x79, 0x1a, 0xb6, 0x5f, 0xf3, 0x99, 0x35, 0xdc, 0x70, 0x13, 0xbf, 0x56, 0xfa, 0x82, 0x2e, 0xc7, 0x6b, 0x8, 0xa4, 0x4d, 0xe1, 0x8b, 0x27, 0xce, 0x62, 0x1, 0xad, 0x44, 0xe8, 0xb4, 0x18, 0xf1, 0x5d, 0x3e, 0x92, 0x7b, 0xd7, 0xbd, 0x11, 0xf8, 0x54, 0x37, 0x9b, 0x72, 0xde, 0xa6, 0xa, 0xe3, 0x4f, 0x2c, 0x80, 0x69, 0xc5, 0xaf, 0x3, 0xea, 0x46, 0x25, 0x89, 0x60, 0xcc, 0xd8, 0x74, 0x9d, 0x31, 0x52, 0xfe, 0x17, 0xbb, 0xd1, 0x7d, 0x94, 0x38, 0x5b, 0xf7, 0x1e, 0xb2, 0xca, 0x66, 0x8f, 0x23, 0x40, 0xec, 0x5, 0xa9, 0xc3, 0x6f, 0x86, 0x2a, 0x49, 0xe5, 0xc, 0xa0, 0xfc, 0x50, 0xb9, 0x15, 0x76, 0xda, 0x33, 0x9f, 0xf5, 0x59, 0xb0, 0x1c, 0x7f, 0xd3, 0x3a, 0x96, 0xee, 0x42, 0xab, 0x7, 0x64, 0xc8, 0x21, 0x8d, 0xe7, 0x4b, 0xa2, 0xe, 0x6d, 0xc1, 0x28, 0x84},
+ {0x0, 0xad, 0x47, 0xea, 0x8e, 0x23, 0xc9, 0x64, 0x1, 0xac, 0x46, 0xeb, 0x8f, 0x22, 0xc8, 0x65, 0x2, 0xaf, 0x45, 0xe8, 0x8c, 0x21, 0xcb, 0x66, 0x3, 0xae, 0x44, 0xe9, 0x8d, 0x20, 0xca, 0x67, 0x4, 0xa9, 0x43, 0xee, 0x8a, 0x27, 0xcd, 0x60, 0x5, 0xa8, 0x42, 0xef, 0x8b, 0x26, 0xcc, 0x61, 0x6, 0xab, 0x41, 0xec, 0x88, 0x25, 0xcf, 0x62, 0x7, 0xaa, 0x40, 0xed, 0x89, 0x24, 0xce, 0x63, 0x8, 0xa5, 0x4f, 0xe2, 0x86, 0x2b, 0xc1, 0x6c, 0x9, 0xa4, 0x4e, 0xe3, 0x87, 0x2a, 0xc0, 0x6d, 0xa, 0xa7, 0x4d, 0xe0, 0x84, 0x29, 0xc3, 0x6e, 0xb, 0xa6, 0x4c, 0xe1, 0x85, 0x28, 0xc2, 0x6f, 0xc, 0xa1, 0x4b, 0xe6, 0x82, 0x2f, 0xc5, 0x68, 0xd, 0xa0, 0x4a, 0xe7, 0x83, 0x2e, 0xc4, 0x69, 0xe, 0xa3, 0x49, 0xe4, 0x80, 0x2d, 0xc7, 0x6a, 0xf, 0xa2, 0x48, 0xe5, 0x81, 0x2c, 0xc6, 0x6b, 0x10, 0xbd, 0x57, 0xfa, 0x9e, 0x33, 0xd9, 0x74, 0x11, 0xbc, 0x56, 0xfb, 0x9f, 0x32, 0xd8, 0x75, 0x12, 0xbf, 0x55, 0xf8, 0x9c, 0x31, 0xdb, 0x76, 0x13, 0xbe, 0x54, 0xf9, 0x9d, 0x30, 0xda, 0x77, 0x14, 0xb9, 0x53, 0xfe, 0x9a, 0x37, 0xdd, 0x70, 0x15, 0xb8, 0x52, 0xff, 0x9b, 0x36, 0xdc, 0x71, 0x16, 0xbb, 0x51, 0xfc, 0x98, 0x35, 0xdf, 0x72, 0x17, 0xba, 0x50, 0xfd, 0x99, 0x34, 0xde, 0x73, 0x18, 0xb5, 0x5f, 0xf2, 0x96, 0x3b, 0xd1, 0x7c, 0x19, 0xb4, 0x5e, 0xf3, 0x97, 0x3a, 0xd0, 0x7d, 0x1a, 0xb7, 0x5d, 0xf0, 0x94, 0x39, 0xd3, 0x7e, 0x1b, 0xb6, 0x5c, 0xf1, 0x95, 0x38, 0xd2, 0x7f, 0x1c, 0xb1, 0x5b, 0xf6, 0x92, 0x3f, 0xd5, 0x78, 0x1d, 0xb0, 0x5a, 0xf7, 0x93, 0x3e, 0xd4, 0x79, 0x1e, 0xb3, 0x59, 0xf4, 0x90, 0x3d, 0xd7, 0x7a, 0x1f, 0xb2, 0x58, 0xf5, 0x91, 0x3c, 0xd6, 0x7b},
+ {0x0, 0xae, 0x41, 0xef, 0x82, 0x2c, 0xc3, 0x6d, 0x19, 0xb7, 0x58, 0xf6, 0x9b, 0x35, 0xda, 0x74, 0x32, 0x9c, 0x73, 0xdd, 0xb0, 0x1e, 0xf1, 0x5f, 0x2b, 0x85, 0x6a, 0xc4, 0xa9, 0x7, 0xe8, 0x46, 0x64, 0xca, 0x25, 0x8b, 0xe6, 0x48, 0xa7, 0x9, 0x7d, 0xd3, 0x3c, 0x92, 0xff, 0x51, 0xbe, 0x10, 0x56, 0xf8, 0x17, 0xb9, 0xd4, 0x7a, 0x95, 0x3b, 0x4f, 0xe1, 0xe, 0xa0, 0xcd, 0x63, 0x8c, 0x22, 0xc8, 0x66, 0x89, 0x27, 0x4a, 0xe4, 0xb, 0xa5, 0xd1, 0x7f, 0x90, 0x3e, 0x53, 0xfd, 0x12, 0xbc, 0xfa, 0x54, 0xbb, 0x15, 0x78, 0xd6, 0x39, 0x97, 0xe3, 0x4d, 0xa2, 0xc, 0x61, 0xcf, 0x20, 0x8e, 0xac, 0x2, 0xed, 0x43, 0x2e, 0x80, 0x6f, 0xc1, 0xb5, 0x1b, 0xf4, 0x5a, 0x37, 0x99, 0x76, 0xd8, 0x9e, 0x30, 0xdf, 0x71, 0x1c, 0xb2, 0x5d, 0xf3, 0x87, 0x29, 0xc6, 0x68, 0x5, 0xab, 0x44, 0xea, 0x8d, 0x23, 0xcc, 0x62, 0xf, 0xa1, 0x4e, 0xe0, 0x94, 0x3a, 0xd5, 0x7b, 0x16, 0xb8, 0x57, 0xf9, 0xbf, 0x11, 0xfe, 0x50, 0x3d, 0x93, 0x7c, 0xd2, 0xa6, 0x8, 0xe7, 0x49, 0x24, 0x8a, 0x65, 0xcb, 0xe9, 0x47, 0xa8, 0x6, 0x6b, 0xc5, 0x2a, 0x84, 0xf0, 0x5e, 0xb1, 0x1f, 0x72, 0xdc, 0x33, 0x9d, 0xdb, 0x75, 0x9a, 0x34, 0x59, 0xf7, 0x18, 0xb6, 0xc2, 0x6c, 0x83, 0x2d, 0x40, 0xee, 0x1, 0xaf, 0x45, 0xeb, 0x4, 0xaa, 0xc7, 0x69, 0x86, 0x28, 0x5c, 0xf2, 0x1d, 0xb3, 0xde, 0x70, 0x9f, 0x31, 0x77, 0xd9, 0x36, 0x98, 0xf5, 0x5b, 0xb4, 0x1a, 0x6e, 0xc0, 0x2f, 0x81, 0xec, 0x42, 0xad, 0x3, 0x21, 0x8f, 0x60, 0xce, 0xa3, 0xd, 0xe2, 0x4c, 0x38, 0x96, 0x79, 0xd7, 0xba, 0x14, 0xfb, 0x55, 0x13, 0xbd, 0x52, 0xfc, 0x91, 0x3f, 0xd0, 0x7e, 0xa, 0xa4, 0x4b, 0xe5, 0x88, 0x26, 0xc9, 0x67},
+ {0x0, 0xaf, 0x43, 0xec, 0x86, 0x29, 0xc5, 0x6a, 0x11, 0xbe, 0x52, 0xfd, 0x97, 0x38, 0xd4, 0x7b, 0x22, 0x8d, 0x61, 0xce, 0xa4, 0xb, 0xe7, 0x48, 0x33, 0x9c, 0x70, 0xdf, 0xb5, 0x1a, 0xf6, 0x59, 0x44, 0xeb, 0x7, 0xa8, 0xc2, 0x6d, 0x81, 0x2e, 0x55, 0xfa, 0x16, 0xb9, 0xd3, 0x7c, 0x90, 0x3f, 0x66, 0xc9, 0x25, 0x8a, 0xe0, 0x4f, 0xa3, 0xc, 0x77, 0xd8, 0x34, 0x9b, 0xf1, 0x5e, 0xb2, 0x1d, 0x88, 0x27, 0xcb, 0x64, 0xe, 0xa1, 0x4d, 0xe2, 0x99, 0x36, 0xda, 0x75, 0x1f, 0xb0, 0x5c, 0xf3, 0xaa, 0x5, 0xe9, 0x46, 0x2c, 0x83, 0x6f, 0xc0, 0xbb, 0x14, 0xf8, 0x57, 0x3d, 0x92, 0x7e, 0xd1, 0xcc, 0x63, 0x8f, 0x20, 0x4a, 0xe5, 0x9, 0xa6, 0xdd, 0x72, 0x9e, 0x31, 0x5b, 0xf4, 0x18, 0xb7, 0xee, 0x41, 0xad, 0x2, 0x68, 0xc7, 0x2b, 0x84, 0xff, 0x50, 0xbc, 0x13, 0x79, 0xd6, 0x3a, 0x95, 0xd, 0xa2, 0x4e, 0xe1, 0x8b, 0x24, 0xc8, 0x67, 0x1c, 0xb3, 0x5f, 0xf0, 0x9a, 0x35, 0xd9, 0x76, 0x2f, 0x80, 0x6c, 0xc3, 0xa9, 0x6, 0xea, 0x45, 0x3e, 0x91, 0x7d, 0xd2, 0xb8, 0x17, 0xfb, 0x54, 0x49, 0xe6, 0xa, 0xa5, 0xcf, 0x60, 0x8c, 0x23, 0x58, 0xf7, 0x1b, 0xb4, 0xde, 0x71, 0x9d, 0x32, 0x6b, 0xc4, 0x28, 0x87, 0xed, 0x42, 0xae, 0x1, 0x7a, 0xd5, 0x39, 0x96, 0xfc, 0x53, 0xbf, 0x10, 0x85, 0x2a, 0xc6, 0x69, 0x3, 0xac, 0x40, 0xef, 0x94, 0x3b, 0xd7, 0x78, 0x12, 0xbd, 0x51, 0xfe, 0xa7, 0x8, 0xe4, 0x4b, 0x21, 0x8e, 0x62, 0xcd, 0xb6, 0x19, 0xf5, 0x5a, 0x30, 0x9f, 0x73, 0xdc, 0xc1, 0x6e, 0x82, 0x2d, 0x47, 0xe8, 0x4, 0xab, 0xd0, 0x7f, 0x93, 0x3c, 0x56, 0xf9, 0x15, 0xba, 0xe3, 0x4c, 0xa0, 0xf, 0x65, 0xca, 0x26, 0x89, 0xf2, 0x5d, 0xb1, 0x1e, 0x74, 0xdb, 0x37, 0x98},
+ {0x0, 0xb0, 0x7d, 0xcd, 0xfa, 0x4a, 0x87, 0x37, 0xe9, 0x59, 0x94, 0x24, 0x13, 0xa3, 0x6e, 0xde, 0xcf, 0x7f, 0xb2, 0x2, 0x35, 0x85, 0x48, 0xf8, 0x26, 0x96, 0x5b, 0xeb, 0xdc, 0x6c, 0xa1, 0x11, 0x83, 0x33, 0xfe, 0x4e, 0x79, 0xc9, 0x4, 0xb4, 0x6a, 0xda, 0x17, 0xa7, 0x90, 0x20, 0xed, 0x5d, 0x4c, 0xfc, 0x31, 0x81, 0xb6, 0x6, 0xcb, 0x7b, 0xa5, 0x15, 0xd8, 0x68, 0x5f, 0xef, 0x22, 0x92, 0x1b, 0xab, 0x66, 0xd6, 0xe1, 0x51, 0x9c, 0x2c, 0xf2, 0x42, 0x8f, 0x3f, 0x8, 0xb8, 0x75, 0xc5, 0xd4, 0x64, 0xa9, 0x19, 0x2e, 0x9e, 0x53, 0xe3, 0x3d, 0x8d, 0x40, 0xf0, 0xc7, 0x77, 0xba, 0xa, 0x98, 0x28, 0xe5, 0x55, 0x62, 0xd2, 0x1f, 0xaf, 0x71, 0xc1, 0xc, 0xbc, 0x8b, 0x3b, 0xf6, 0x46, 0x57, 0xe7, 0x2a, 0x9a, 0xad, 0x1d, 0xd0, 0x60, 0xbe, 0xe, 0xc3, 0x73, 0x44, 0xf4, 0x39, 0x89, 0x36, 0x86, 0x4b, 0xfb, 0xcc, 0x7c, 0xb1, 0x1, 0xdf, 0x6f, 0xa2, 0x12, 0x25, 0x95, 0x58, 0xe8, 0xf9, 0x49, 0x84, 0x34, 0x3, 0xb3, 0x7e, 0xce, 0x10, 0xa0, 0x6d, 0xdd, 0xea, 0x5a, 0x97, 0x27, 0xb5, 0x5, 0xc8, 0x78, 0x4f, 0xff, 0x32, 0x82, 0x5c, 0xec, 0x21, 0x91, 0xa6, 0x16, 0xdb, 0x6b, 0x7a, 0xca, 0x7, 0xb7, 0x80, 0x30, 0xfd, 0x4d, 0x93, 0x23, 0xee, 0x5e, 0x69, 0xd9, 0x14, 0xa4, 0x2d, 0x9d, 0x50, 0xe0, 0xd7, 0x67, 0xaa, 0x1a, 0xc4, 0x74, 0xb9, 0x9, 0x3e, 0x8e, 0x43, 0xf3, 0xe2, 0x52, 0x9f, 0x2f, 0x18, 0xa8, 0x65, 0xd5, 0xb, 0xbb, 0x76, 0xc6, 0xf1, 0x41, 0x8c, 0x3c, 0xae, 0x1e, 0xd3, 0x63, 0x54, 0xe4, 0x29, 0x99, 0x47, 0xf7, 0x3a, 0x8a, 0xbd, 0xd, 0xc0, 0x70, 0x61, 0xd1, 0x1c, 0xac, 0x9b, 0x2b, 0xe6, 0x56, 0x88, 0x38, 0xf5, 0x45, 0x72, 0xc2, 0xf, 0xbf},
+ {0x0, 0xb1, 0x7f, 0xce, 0xfe, 0x4f, 0x81, 0x30, 0xe1, 0x50, 0x9e, 0x2f, 0x1f, 0xae, 0x60, 0xd1, 0xdf, 0x6e, 0xa0, 0x11, 0x21, 0x90, 0x5e, 0xef, 0x3e, 0x8f, 0x41, 0xf0, 0xc0, 0x71, 0xbf, 0xe, 0xa3, 0x12, 0xdc, 0x6d, 0x5d, 0xec, 0x22, 0x93, 0x42, 0xf3, 0x3d, 0x8c, 0xbc, 0xd, 0xc3, 0x72, 0x7c, 0xcd, 0x3, 0xb2, 0x82, 0x33, 0xfd, 0x4c, 0x9d, 0x2c, 0xe2, 0x53, 0x63, 0xd2, 0x1c, 0xad, 0x5b, 0xea, 0x24, 0x95, 0xa5, 0x14, 0xda, 0x6b, 0xba, 0xb, 0xc5, 0x74, 0x44, 0xf5, 0x3b, 0x8a, 0x84, 0x35, 0xfb, 0x4a, 0x7a, 0xcb, 0x5, 0xb4, 0x65, 0xd4, 0x1a, 0xab, 0x9b, 0x2a, 0xe4, 0x55, 0xf8, 0x49, 0x87, 0x36, 0x6, 0xb7, 0x79, 0xc8, 0x19, 0xa8, 0x66, 0xd7, 0xe7, 0x56, 0x98, 0x29, 0x27, 0x96, 0x58, 0xe9, 0xd9, 0x68, 0xa6, 0x17, 0xc6, 0x77, 0xb9, 0x8, 0x38, 0x89, 0x47, 0xf6, 0xb6, 0x7, 0xc9, 0x78, 0x48, 0xf9, 0x37, 0x86, 0x57, 0xe6, 0x28, 0x99, 0xa9, 0x18, 0xd6, 0x67, 0x69, 0xd8, 0x16, 0xa7, 0x97, 0x26, 0xe8, 0x59, 0x88, 0x39, 0xf7, 0x46, 0x76, 0xc7, 0x9, 0xb8, 0x15, 0xa4, 0x6a, 0xdb, 0xeb, 0x5a, 0x94, 0x25, 0xf4, 0x45, 0x8b, 0x3a, 0xa, 0xbb, 0x75, 0xc4, 0xca, 0x7b, 0xb5, 0x4, 0x34, 0x85, 0x4b, 0xfa, 0x2b, 0x9a, 0x54, 0xe5, 0xd5, 0x64, 0xaa, 0x1b, 0xed, 0x5c, 0x92, 0x23, 0x13, 0xa2, 0x6c, 0xdd, 0xc, 0xbd, 0x73, 0xc2, 0xf2, 0x43, 0x8d, 0x3c, 0x32, 0x83, 0x4d, 0xfc, 0xcc, 0x7d, 0xb3, 0x2, 0xd3, 0x62, 0xac, 0x1d, 0x2d, 0x9c, 0x52, 0xe3, 0x4e, 0xff, 0x31, 0x80, 0xb0, 0x1, 0xcf, 0x7e, 0xaf, 0x1e, 0xd0, 0x61, 0x51, 0xe0, 0x2e, 0x9f, 0x91, 0x20, 0xee, 0x5f, 0x6f, 0xde, 0x10, 0xa1, 0x70, 0xc1, 0xf, 0xbe, 0x8e, 0x3f, 0xf1, 0x40},
+ {0x0, 0xb2, 0x79, 0xcb, 0xf2, 0x40, 0x8b, 0x39, 0xf9, 0x4b, 0x80, 0x32, 0xb, 0xb9, 0x72, 0xc0, 0xef, 0x5d, 0x96, 0x24, 0x1d, 0xaf, 0x64, 0xd6, 0x16, 0xa4, 0x6f, 0xdd, 0xe4, 0x56, 0x9d, 0x2f, 0xc3, 0x71, 0xba, 0x8, 0x31, 0x83, 0x48, 0xfa, 0x3a, 0x88, 0x43, 0xf1, 0xc8, 0x7a, 0xb1, 0x3, 0x2c, 0x9e, 0x55, 0xe7, 0xde, 0x6c, 0xa7, 0x15, 0xd5, 0x67, 0xac, 0x1e, 0x27, 0x95, 0x5e, 0xec, 0x9b, 0x29, 0xe2, 0x50, 0x69, 0xdb, 0x10, 0xa2, 0x62, 0xd0, 0x1b, 0xa9, 0x90, 0x22, 0xe9, 0x5b, 0x74, 0xc6, 0xd, 0xbf, 0x86, 0x34, 0xff, 0x4d, 0x8d, 0x3f, 0xf4, 0x46, 0x7f, 0xcd, 0x6, 0xb4, 0x58, 0xea, 0x21, 0x93, 0xaa, 0x18, 0xd3, 0x61, 0xa1, 0x13, 0xd8, 0x6a, 0x53, 0xe1, 0x2a, 0x98, 0xb7, 0x5, 0xce, 0x7c, 0x45, 0xf7, 0x3c, 0x8e, 0x4e, 0xfc, 0x37, 0x85, 0xbc, 0xe, 0xc5, 0x77, 0x2b, 0x99, 0x52, 0xe0, 0xd9, 0x6b, 0xa0, 0x12, 0xd2, 0x60, 0xab, 0x19, 0x20, 0x92, 0x59, 0xeb, 0xc4, 0x76, 0xbd, 0xf, 0x36, 0x84, 0x4f, 0xfd, 0x3d, 0x8f, 0x44, 0xf6, 0xcf, 0x7d, 0xb6, 0x4, 0xe8, 0x5a, 0x91, 0x23, 0x1a, 0xa8, 0x63, 0xd1, 0x11, 0xa3, 0x68, 0xda, 0xe3, 0x51, 0x9a, 0x28, 0x7, 0xb5, 0x7e, 0xcc, 0xf5, 0x47, 0x8c, 0x3e, 0xfe, 0x4c, 0x87, 0x35, 0xc, 0xbe, 0x75, 0xc7, 0xb0, 0x2, 0xc9, 0x7b, 0x42, 0xf0, 0x3b, 0x89, 0x49, 0xfb, 0x30, 0x82, 0xbb, 0x9, 0xc2, 0x70, 0x5f, 0xed, 0x26, 0x94, 0xad, 0x1f, 0xd4, 0x66, 0xa6, 0x14, 0xdf, 0x6d, 0x54, 0xe6, 0x2d, 0x9f, 0x73, 0xc1, 0xa, 0xb8, 0x81, 0x33, 0xf8, 0x4a, 0x8a, 0x38, 0xf3, 0x41, 0x78, 0xca, 0x1, 0xb3, 0x9c, 0x2e, 0xe5, 0x57, 0x6e, 0xdc, 0x17, 0xa5, 0x65, 0xd7, 0x1c, 0xae, 0x97, 0x25, 0xee, 0x5c},
+ {0x0, 0xb3, 0x7b, 0xc8, 0xf6, 0x45, 0x8d, 0x3e, 0xf1, 0x42, 0x8a, 0x39, 0x7, 0xb4, 0x7c, 0xcf, 0xff, 0x4c, 0x84, 0x37, 0x9, 0xba, 0x72, 0xc1, 0xe, 0xbd, 0x75, 0xc6, 0xf8, 0x4b, 0x83, 0x30, 0xe3, 0x50, 0x98, 0x2b, 0x15, 0xa6, 0x6e, 0xdd, 0x12, 0xa1, 0x69, 0xda, 0xe4, 0x57, 0x9f, 0x2c, 0x1c, 0xaf, 0x67, 0xd4, 0xea, 0x59, 0x91, 0x22, 0xed, 0x5e, 0x96, 0x25, 0x1b, 0xa8, 0x60, 0xd3, 0xdb, 0x68, 0xa0, 0x13, 0x2d, 0x9e, 0x56, 0xe5, 0x2a, 0x99, 0x51, 0xe2, 0xdc, 0x6f, 0xa7, 0x14, 0x24, 0x97, 0x5f, 0xec, 0xd2, 0x61, 0xa9, 0x1a, 0xd5, 0x66, 0xae, 0x1d, 0x23, 0x90, 0x58, 0xeb, 0x38, 0x8b, 0x43, 0xf0, 0xce, 0x7d, 0xb5, 0x6, 0xc9, 0x7a, 0xb2, 0x1, 0x3f, 0x8c, 0x44, 0xf7, 0xc7, 0x74, 0xbc, 0xf, 0x31, 0x82, 0x4a, 0xf9, 0x36, 0x85, 0x4d, 0xfe, 0xc0, 0x73, 0xbb, 0x8, 0xab, 0x18, 0xd0, 0x63, 0x5d, 0xee, 0x26, 0x95, 0x5a, 0xe9, 0x21, 0x92, 0xac, 0x1f, 0xd7, 0x64, 0x54, 0xe7, 0x2f, 0x9c, 0xa2, 0x11, 0xd9, 0x6a, 0xa5, 0x16, 0xde, 0x6d, 0x53, 0xe0, 0x28, 0x9b, 0x48, 0xfb, 0x33, 0x80, 0xbe, 0xd, 0xc5, 0x76, 0xb9, 0xa, 0xc2, 0x71, 0x4f, 0xfc, 0x34, 0x87, 0xb7, 0x4, 0xcc, 0x7f, 0x41, 0xf2, 0x3a, 0x89, 0x46, 0xf5, 0x3d, 0x8e, 0xb0, 0x3, 0xcb, 0x78, 0x70, 0xc3, 0xb, 0xb8, 0x86, 0x35, 0xfd, 0x4e, 0x81, 0x32, 0xfa, 0x49, 0x77, 0xc4, 0xc, 0xbf, 0x8f, 0x3c, 0xf4, 0x47, 0x79, 0xca, 0x2, 0xb1, 0x7e, 0xcd, 0x5, 0xb6, 0x88, 0x3b, 0xf3, 0x40, 0x93, 0x20, 0xe8, 0x5b, 0x65, 0xd6, 0x1e, 0xad, 0x62, 0xd1, 0x19, 0xaa, 0x94, 0x27, 0xef, 0x5c, 0x6c, 0xdf, 0x17, 0xa4, 0x9a, 0x29, 0xe1, 0x52, 0x9d, 0x2e, 0xe6, 0x55, 0x6b, 0xd8, 0x10, 0xa3},
+ {0x0, 0xb4, 0x75, 0xc1, 0xea, 0x5e, 0x9f, 0x2b, 0xc9, 0x7d, 0xbc, 0x8, 0x23, 0x97, 0x56, 0xe2, 0x8f, 0x3b, 0xfa, 0x4e, 0x65, 0xd1, 0x10, 0xa4, 0x46, 0xf2, 0x33, 0x87, 0xac, 0x18, 0xd9, 0x6d, 0x3, 0xb7, 0x76, 0xc2, 0xe9, 0x5d, 0x9c, 0x28, 0xca, 0x7e, 0xbf, 0xb, 0x20, 0x94, 0x55, 0xe1, 0x8c, 0x38, 0xf9, 0x4d, 0x66, 0xd2, 0x13, 0xa7, 0x45, 0xf1, 0x30, 0x84, 0xaf, 0x1b, 0xda, 0x6e, 0x6, 0xb2, 0x73, 0xc7, 0xec, 0x58, 0x99, 0x2d, 0xcf, 0x7b, 0xba, 0xe, 0x25, 0x91, 0x50, 0xe4, 0x89, 0x3d, 0xfc, 0x48, 0x63, 0xd7, 0x16, 0xa2, 0x40, 0xf4, 0x35, 0x81, 0xaa, 0x1e, 0xdf, 0x6b, 0x5, 0xb1, 0x70, 0xc4, 0xef, 0x5b, 0x9a, 0x2e, 0xcc, 0x78, 0xb9, 0xd, 0x26, 0x92, 0x53, 0xe7, 0x8a, 0x3e, 0xff, 0x4b, 0x60, 0xd4, 0x15, 0xa1, 0x43, 0xf7, 0x36, 0x82, 0xa9, 0x1d, 0xdc, 0x68, 0xc, 0xb8, 0x79, 0xcd, 0xe6, 0x52, 0x93, 0x27, 0xc5, 0x71, 0xb0, 0x4, 0x2f, 0x9b, 0x5a, 0xee, 0x83, 0x37, 0xf6, 0x42, 0x69, 0xdd, 0x1c, 0xa8, 0x4a, 0xfe, 0x3f, 0x8b, 0xa0, 0x14, 0xd5, 0x61, 0xf, 0xbb, 0x7a, 0xce, 0xe5, 0x51, 0x90, 0x24, 0xc6, 0x72, 0xb3, 0x7, 0x2c, 0x98, 0x59, 0xed, 0x80, 0x34, 0xf5, 0x41, 0x6a, 0xde, 0x1f, 0xab, 0x49, 0xfd, 0x3c, 0x88, 0xa3, 0x17, 0xd6, 0x62, 0xa, 0xbe, 0x7f, 0xcb, 0xe0, 0x54, 0x95, 0x21, 0xc3, 0x77, 0xb6, 0x2, 0x29, 0x9d, 0x5c, 0xe8, 0x85, 0x31, 0xf0, 0x44, 0x6f, 0xdb, 0x1a, 0xae, 0x4c, 0xf8, 0x39, 0x8d, 0xa6, 0x12, 0xd3, 0x67, 0x9, 0xbd, 0x7c, 0xc8, 0xe3, 0x57, 0x96, 0x22, 0xc0, 0x74, 0xb5, 0x1, 0x2a, 0x9e, 0x5f, 0xeb, 0x86, 0x32, 0xf3, 0x47, 0x6c, 0xd8, 0x19, 0xad, 0x4f, 0xfb, 0x3a, 0x8e, 0xa5, 0x11, 0xd0, 0x64},
+ {0x0, 0xb5, 0x77, 0xc2, 0xee, 0x5b, 0x99, 0x2c, 0xc1, 0x74, 0xb6, 0x3, 0x2f, 0x9a, 0x58, 0xed, 0x9f, 0x2a, 0xe8, 0x5d, 0x71, 0xc4, 0x6, 0xb3, 0x5e, 0xeb, 0x29, 0x9c, 0xb0, 0x5, 0xc7, 0x72, 0x23, 0x96, 0x54, 0xe1, 0xcd, 0x78, 0xba, 0xf, 0xe2, 0x57, 0x95, 0x20, 0xc, 0xb9, 0x7b, 0xce, 0xbc, 0x9, 0xcb, 0x7e, 0x52, 0xe7, 0x25, 0x90, 0x7d, 0xc8, 0xa, 0xbf, 0x93, 0x26, 0xe4, 0x51, 0x46, 0xf3, 0x31, 0x84, 0xa8, 0x1d, 0xdf, 0x6a, 0x87, 0x32, 0xf0, 0x45, 0x69, 0xdc, 0x1e, 0xab, 0xd9, 0x6c, 0xae, 0x1b, 0x37, 0x82, 0x40, 0xf5, 0x18, 0xad, 0x6f, 0xda, 0xf6, 0x43, 0x81, 0x34, 0x65, 0xd0, 0x12, 0xa7, 0x8b, 0x3e, 0xfc, 0x49, 0xa4, 0x11, 0xd3, 0x66, 0x4a, 0xff, 0x3d, 0x88, 0xfa, 0x4f, 0x8d, 0x38, 0x14, 0xa1, 0x63, 0xd6, 0x3b, 0x8e, 0x4c, 0xf9, 0xd5, 0x60, 0xa2, 0x17, 0x8c, 0x39, 0xfb, 0x4e, 0x62, 0xd7, 0x15, 0xa0, 0x4d, 0xf8, 0x3a, 0x8f, 0xa3, 0x16, 0xd4, 0x61, 0x13, 0xa6, 0x64, 0xd1, 0xfd, 0x48, 0x8a, 0x3f, 0xd2, 0x67, 0xa5, 0x10, 0x3c, 0x89, 0x4b, 0xfe, 0xaf, 0x1a, 0xd8, 0x6d, 0x41, 0xf4, 0x36, 0x83, 0x6e, 0xdb, 0x19, 0xac, 0x80, 0x35, 0xf7, 0x42, 0x30, 0x85, 0x47, 0xf2, 0xde, 0x6b, 0xa9, 0x1c, 0xf1, 0x44, 0x86, 0x33, 0x1f, 0xaa, 0x68, 0xdd, 0xca, 0x7f, 0xbd, 0x8, 0x24, 0x91, 0x53, 0xe6, 0xb, 0xbe, 0x7c, 0xc9, 0xe5, 0x50, 0x92, 0x27, 0x55, 0xe0, 0x22, 0x97, 0xbb, 0xe, 0xcc, 0x79, 0x94, 0x21, 0xe3, 0x56, 0x7a, 0xcf, 0xd, 0xb8, 0xe9, 0x5c, 0x9e, 0x2b, 0x7, 0xb2, 0x70, 0xc5, 0x28, 0x9d, 0x5f, 0xea, 0xc6, 0x73, 0xb1, 0x4, 0x76, 0xc3, 0x1, 0xb4, 0x98, 0x2d, 0xef, 0x5a, 0xb7, 0x2, 0xc0, 0x75, 0x59, 0xec, 0x2e, 0x9b},
+ {0x0, 0xb6, 0x71, 0xc7, 0xe2, 0x54, 0x93, 0x25, 0xd9, 0x6f, 0xa8, 0x1e, 0x3b, 0x8d, 0x4a, 0xfc, 0xaf, 0x19, 0xde, 0x68, 0x4d, 0xfb, 0x3c, 0x8a, 0x76, 0xc0, 0x7, 0xb1, 0x94, 0x22, 0xe5, 0x53, 0x43, 0xf5, 0x32, 0x84, 0xa1, 0x17, 0xd0, 0x66, 0x9a, 0x2c, 0xeb, 0x5d, 0x78, 0xce, 0x9, 0xbf, 0xec, 0x5a, 0x9d, 0x2b, 0xe, 0xb8, 0x7f, 0xc9, 0x35, 0x83, 0x44, 0xf2, 0xd7, 0x61, 0xa6, 0x10, 0x86, 0x30, 0xf7, 0x41, 0x64, 0xd2, 0x15, 0xa3, 0x5f, 0xe9, 0x2e, 0x98, 0xbd, 0xb, 0xcc, 0x7a, 0x29, 0x9f, 0x58, 0xee, 0xcb, 0x7d, 0xba, 0xc, 0xf0, 0x46, 0x81, 0x37, 0x12, 0xa4, 0x63, 0xd5, 0xc5, 0x73, 0xb4, 0x2, 0x27, 0x91, 0x56, 0xe0, 0x1c, 0xaa, 0x6d, 0xdb, 0xfe, 0x48, 0x8f, 0x39, 0x6a, 0xdc, 0x1b, 0xad, 0x88, 0x3e, 0xf9, 0x4f, 0xb3, 0x5, 0xc2, 0x74, 0x51, 0xe7, 0x20, 0x96, 0x11, 0xa7, 0x60, 0xd6, 0xf3, 0x45, 0x82, 0x34, 0xc8, 0x7e, 0xb9, 0xf, 0x2a, 0x9c, 0x5b, 0xed, 0xbe, 0x8, 0xcf, 0x79, 0x5c, 0xea, 0x2d, 0x9b, 0x67, 0xd1, 0x16, 0xa0, 0x85, 0x33, 0xf4, 0x42, 0x52, 0xe4, 0x23, 0x95, 0xb0, 0x6, 0xc1, 0x77, 0x8b, 0x3d, 0xfa, 0x4c, 0x69, 0xdf, 0x18, 0xae, 0xfd, 0x4b, 0x8c, 0x3a, 0x1f, 0xa9, 0x6e, 0xd8, 0x24, 0x92, 0x55, 0xe3, 0xc6, 0x70, 0xb7, 0x1, 0x97, 0x21, 0xe6, 0x50, 0x75, 0xc3, 0x4, 0xb2, 0x4e, 0xf8, 0x3f, 0x89, 0xac, 0x1a, 0xdd, 0x6b, 0x38, 0x8e, 0x49, 0xff, 0xda, 0x6c, 0xab, 0x1d, 0xe1, 0x57, 0x90, 0x26, 0x3, 0xb5, 0x72, 0xc4, 0xd4, 0x62, 0xa5, 0x13, 0x36, 0x80, 0x47, 0xf1, 0xd, 0xbb, 0x7c, 0xca, 0xef, 0x59, 0x9e, 0x28, 0x7b, 0xcd, 0xa, 0xbc, 0x99, 0x2f, 0xe8, 0x5e, 0xa2, 0x14, 0xd3, 0x65, 0x40, 0xf6, 0x31, 0x87},
+ {0x0, 0xb7, 0x73, 0xc4, 0xe6, 0x51, 0x95, 0x22, 0xd1, 0x66, 0xa2, 0x15, 0x37, 0x80, 0x44, 0xf3, 0xbf, 0x8, 0xcc, 0x7b, 0x59, 0xee, 0x2a, 0x9d, 0x6e, 0xd9, 0x1d, 0xaa, 0x88, 0x3f, 0xfb, 0x4c, 0x63, 0xd4, 0x10, 0xa7, 0x85, 0x32, 0xf6, 0x41, 0xb2, 0x5, 0xc1, 0x76, 0x54, 0xe3, 0x27, 0x90, 0xdc, 0x6b, 0xaf, 0x18, 0x3a, 0x8d, 0x49, 0xfe, 0xd, 0xba, 0x7e, 0xc9, 0xeb, 0x5c, 0x98, 0x2f, 0xc6, 0x71, 0xb5, 0x2, 0x20, 0x97, 0x53, 0xe4, 0x17, 0xa0, 0x64, 0xd3, 0xf1, 0x46, 0x82, 0x35, 0x79, 0xce, 0xa, 0xbd, 0x9f, 0x28, 0xec, 0x5b, 0xa8, 0x1f, 0xdb, 0x6c, 0x4e, 0xf9, 0x3d, 0x8a, 0xa5, 0x12, 0xd6, 0x61, 0x43, 0xf4, 0x30, 0x87, 0x74, 0xc3, 0x7, 0xb0, 0x92, 0x25, 0xe1, 0x56, 0x1a, 0xad, 0x69, 0xde, 0xfc, 0x4b, 0x8f, 0x38, 0xcb, 0x7c, 0xb8, 0xf, 0x2d, 0x9a, 0x5e, 0xe9, 0x91, 0x26, 0xe2, 0x55, 0x77, 0xc0, 0x4, 0xb3, 0x40, 0xf7, 0x33, 0x84, 0xa6, 0x11, 0xd5, 0x62, 0x2e, 0x99, 0x5d, 0xea, 0xc8, 0x7f, 0xbb, 0xc, 0xff, 0x48, 0x8c, 0x3b, 0x19, 0xae, 0x6a, 0xdd, 0xf2, 0x45, 0x81, 0x36, 0x14, 0xa3, 0x67, 0xd0, 0x23, 0x94, 0x50, 0xe7, 0xc5, 0x72, 0xb6, 0x1, 0x4d, 0xfa, 0x3e, 0x89, 0xab, 0x1c, 0xd8, 0x6f, 0x9c, 0x2b, 0xef, 0x58, 0x7a, 0xcd, 0x9, 0xbe, 0x57, 0xe0, 0x24, 0x93, 0xb1, 0x6, 0xc2, 0x75, 0x86, 0x31, 0xf5, 0x42, 0x60, 0xd7, 0x13, 0xa4, 0xe8, 0x5f, 0x9b, 0x2c, 0xe, 0xb9, 0x7d, 0xca, 0x39, 0x8e, 0x4a, 0xfd, 0xdf, 0x68, 0xac, 0x1b, 0x34, 0x83, 0x47, 0xf0, 0xd2, 0x65, 0xa1, 0x16, 0xe5, 0x52, 0x96, 0x21, 0x3, 0xb4, 0x70, 0xc7, 0x8b, 0x3c, 0xf8, 0x4f, 0x6d, 0xda, 0x1e, 0xa9, 0x5a, 0xed, 0x29, 0x9e, 0xbc, 0xb, 0xcf, 0x78},
+ {0x0, 0xb8, 0x6d, 0xd5, 0xda, 0x62, 0xb7, 0xf, 0xa9, 0x11, 0xc4, 0x7c, 0x73, 0xcb, 0x1e, 0xa6, 0x4f, 0xf7, 0x22, 0x9a, 0x95, 0x2d, 0xf8, 0x40, 0xe6, 0x5e, 0x8b, 0x33, 0x3c, 0x84, 0x51, 0xe9, 0x9e, 0x26, 0xf3, 0x4b, 0x44, 0xfc, 0x29, 0x91, 0x37, 0x8f, 0x5a, 0xe2, 0xed, 0x55, 0x80, 0x38, 0xd1, 0x69, 0xbc, 0x4, 0xb, 0xb3, 0x66, 0xde, 0x78, 0xc0, 0x15, 0xad, 0xa2, 0x1a, 0xcf, 0x77, 0x21, 0x99, 0x4c, 0xf4, 0xfb, 0x43, 0x96, 0x2e, 0x88, 0x30, 0xe5, 0x5d, 0x52, 0xea, 0x3f, 0x87, 0x6e, 0xd6, 0x3, 0xbb, 0xb4, 0xc, 0xd9, 0x61, 0xc7, 0x7f, 0xaa, 0x12, 0x1d, 0xa5, 0x70, 0xc8, 0xbf, 0x7, 0xd2, 0x6a, 0x65, 0xdd, 0x8, 0xb0, 0x16, 0xae, 0x7b, 0xc3, 0xcc, 0x74, 0xa1, 0x19, 0xf0, 0x48, 0x9d, 0x25, 0x2a, 0x92, 0x47, 0xff, 0x59, 0xe1, 0x34, 0x8c, 0x83, 0x3b, 0xee, 0x56, 0x42, 0xfa, 0x2f, 0x97, 0x98, 0x20, 0xf5, 0x4d, 0xeb, 0x53, 0x86, 0x3e, 0x31, 0x89, 0x5c, 0xe4, 0xd, 0xb5, 0x60, 0xd8, 0xd7, 0x6f, 0xba, 0x2, 0xa4, 0x1c, 0xc9, 0x71, 0x7e, 0xc6, 0x13, 0xab, 0xdc, 0x64, 0xb1, 0x9, 0x6, 0xbe, 0x6b, 0xd3, 0x75, 0xcd, 0x18, 0xa0, 0xaf, 0x17, 0xc2, 0x7a, 0x93, 0x2b, 0xfe, 0x46, 0x49, 0xf1, 0x24, 0x9c, 0x3a, 0x82, 0x57, 0xef, 0xe0, 0x58, 0x8d, 0x35, 0x63, 0xdb, 0xe, 0xb6, 0xb9, 0x1, 0xd4, 0x6c, 0xca, 0x72, 0xa7, 0x1f, 0x10, 0xa8, 0x7d, 0xc5, 0x2c, 0x94, 0x41, 0xf9, 0xf6, 0x4e, 0x9b, 0x23, 0x85, 0x3d, 0xe8, 0x50, 0x5f, 0xe7, 0x32, 0x8a, 0xfd, 0x45, 0x90, 0x28, 0x27, 0x9f, 0x4a, 0xf2, 0x54, 0xec, 0x39, 0x81, 0x8e, 0x36, 0xe3, 0x5b, 0xb2, 0xa, 0xdf, 0x67, 0x68, 0xd0, 0x5, 0xbd, 0x1b, 0xa3, 0x76, 0xce, 0xc1, 0x79, 0xac, 0x14},
+ {0x0, 0xb9, 0x6f, 0xd6, 0xde, 0x67, 0xb1, 0x8, 0xa1, 0x18, 0xce, 0x77, 0x7f, 0xc6, 0x10, 0xa9, 0x5f, 0xe6, 0x30, 0x89, 0x81, 0x38, 0xee, 0x57, 0xfe, 0x47, 0x91, 0x28, 0x20, 0x99, 0x4f, 0xf6, 0xbe, 0x7, 0xd1, 0x68, 0x60, 0xd9, 0xf, 0xb6, 0x1f, 0xa6, 0x70, 0xc9, 0xc1, 0x78, 0xae, 0x17, 0xe1, 0x58, 0x8e, 0x37, 0x3f, 0x86, 0x50, 0xe9, 0x40, 0xf9, 0x2f, 0x96, 0x9e, 0x27, 0xf1, 0x48, 0x61, 0xd8, 0xe, 0xb7, 0xbf, 0x6, 0xd0, 0x69, 0xc0, 0x79, 0xaf, 0x16, 0x1e, 0xa7, 0x71, 0xc8, 0x3e, 0x87, 0x51, 0xe8, 0xe0, 0x59, 0x8f, 0x36, 0x9f, 0x26, 0xf0, 0x49, 0x41, 0xf8, 0x2e, 0x97, 0xdf, 0x66, 0xb0, 0x9, 0x1, 0xb8, 0x6e, 0xd7, 0x7e, 0xc7, 0x11, 0xa8, 0xa0, 0x19, 0xcf, 0x76, 0x80, 0x39, 0xef, 0x56, 0x5e, 0xe7, 0x31, 0x88, 0x21, 0x98, 0x4e, 0xf7, 0xff, 0x46, 0x90, 0x29, 0xc2, 0x7b, 0xad, 0x14, 0x1c, 0xa5, 0x73, 0xca, 0x63, 0xda, 0xc, 0xb5, 0xbd, 0x4, 0xd2, 0x6b, 0x9d, 0x24, 0xf2, 0x4b, 0x43, 0xfa, 0x2c, 0x95, 0x3c, 0x85, 0x53, 0xea, 0xe2, 0x5b, 0x8d, 0x34, 0x7c, 0xc5, 0x13, 0xaa, 0xa2, 0x1b, 0xcd, 0x74, 0xdd, 0x64, 0xb2, 0xb, 0x3, 0xba, 0x6c, 0xd5, 0x23, 0x9a, 0x4c, 0xf5, 0xfd, 0x44, 0x92, 0x2b, 0x82, 0x3b, 0xed, 0x54, 0x5c, 0xe5, 0x33, 0x8a, 0xa3, 0x1a, 0xcc, 0x75, 0x7d, 0xc4, 0x12, 0xab, 0x2, 0xbb, 0x6d, 0xd4, 0xdc, 0x65, 0xb3, 0xa, 0xfc, 0x45, 0x93, 0x2a, 0x22, 0x9b, 0x4d, 0xf4, 0x5d, 0xe4, 0x32, 0x8b, 0x83, 0x3a, 0xec, 0x55, 0x1d, 0xa4, 0x72, 0xcb, 0xc3, 0x7a, 0xac, 0x15, 0xbc, 0x5, 0xd3, 0x6a, 0x62, 0xdb, 0xd, 0xb4, 0x42, 0xfb, 0x2d, 0x94, 0x9c, 0x25, 0xf3, 0x4a, 0xe3, 0x5a, 0x8c, 0x35, 0x3d, 0x84, 0x52, 0xeb},
+ {0x0, 0xba, 0x69, 0xd3, 0xd2, 0x68, 0xbb, 0x1, 0xb9, 0x3, 0xd0, 0x6a, 0x6b, 0xd1, 0x2, 0xb8, 0x6f, 0xd5, 0x6, 0xbc, 0xbd, 0x7, 0xd4, 0x6e, 0xd6, 0x6c, 0xbf, 0x5, 0x4, 0xbe, 0x6d, 0xd7, 0xde, 0x64, 0xb7, 0xd, 0xc, 0xb6, 0x65, 0xdf, 0x67, 0xdd, 0xe, 0xb4, 0xb5, 0xf, 0xdc, 0x66, 0xb1, 0xb, 0xd8, 0x62, 0x63, 0xd9, 0xa, 0xb0, 0x8, 0xb2, 0x61, 0xdb, 0xda, 0x60, 0xb3, 0x9, 0xa1, 0x1b, 0xc8, 0x72, 0x73, 0xc9, 0x1a, 0xa0, 0x18, 0xa2, 0x71, 0xcb, 0xca, 0x70, 0xa3, 0x19, 0xce, 0x74, 0xa7, 0x1d, 0x1c, 0xa6, 0x75, 0xcf, 0x77, 0xcd, 0x1e, 0xa4, 0xa5, 0x1f, 0xcc, 0x76, 0x7f, 0xc5, 0x16, 0xac, 0xad, 0x17, 0xc4, 0x7e, 0xc6, 0x7c, 0xaf, 0x15, 0x14, 0xae, 0x7d, 0xc7, 0x10, 0xaa, 0x79, 0xc3, 0xc2, 0x78, 0xab, 0x11, 0xa9, 0x13, 0xc0, 0x7a, 0x7b, 0xc1, 0x12, 0xa8, 0x5f, 0xe5, 0x36, 0x8c, 0x8d, 0x37, 0xe4, 0x5e, 0xe6, 0x5c, 0x8f, 0x35, 0x34, 0x8e, 0x5d, 0xe7, 0x30, 0x8a, 0x59, 0xe3, 0xe2, 0x58, 0x8b, 0x31, 0x89, 0x33, 0xe0, 0x5a, 0x5b, 0xe1, 0x32, 0x88, 0x81, 0x3b, 0xe8, 0x52, 0x53, 0xe9, 0x3a, 0x80, 0x38, 0x82, 0x51, 0xeb, 0xea, 0x50, 0x83, 0x39, 0xee, 0x54, 0x87, 0x3d, 0x3c, 0x86, 0x55, 0xef, 0x57, 0xed, 0x3e, 0x84, 0x85, 0x3f, 0xec, 0x56, 0xfe, 0x44, 0x97, 0x2d, 0x2c, 0x96, 0x45, 0xff, 0x47, 0xfd, 0x2e, 0x94, 0x95, 0x2f, 0xfc, 0x46, 0x91, 0x2b, 0xf8, 0x42, 0x43, 0xf9, 0x2a, 0x90, 0x28, 0x92, 0x41, 0xfb, 0xfa, 0x40, 0x93, 0x29, 0x20, 0x9a, 0x49, 0xf3, 0xf2, 0x48, 0x9b, 0x21, 0x99, 0x23, 0xf0, 0x4a, 0x4b, 0xf1, 0x22, 0x98, 0x4f, 0xf5, 0x26, 0x9c, 0x9d, 0x27, 0xf4, 0x4e, 0xf6, 0x4c, 0x9f, 0x25, 0x24, 0x9e, 0x4d, 0xf7},
+ {0x0, 0xbb, 0x6b, 0xd0, 0xd6, 0x6d, 0xbd, 0x6, 0xb1, 0xa, 0xda, 0x61, 0x67, 0xdc, 0xc, 0xb7, 0x7f, 0xc4, 0x14, 0xaf, 0xa9, 0x12, 0xc2, 0x79, 0xce, 0x75, 0xa5, 0x1e, 0x18, 0xa3, 0x73, 0xc8, 0xfe, 0x45, 0x95, 0x2e, 0x28, 0x93, 0x43, 0xf8, 0x4f, 0xf4, 0x24, 0x9f, 0x99, 0x22, 0xf2, 0x49, 0x81, 0x3a, 0xea, 0x51, 0x57, 0xec, 0x3c, 0x87, 0x30, 0x8b, 0x5b, 0xe0, 0xe6, 0x5d, 0x8d, 0x36, 0xe1, 0x5a, 0x8a, 0x31, 0x37, 0x8c, 0x5c, 0xe7, 0x50, 0xeb, 0x3b, 0x80, 0x86, 0x3d, 0xed, 0x56, 0x9e, 0x25, 0xf5, 0x4e, 0x48, 0xf3, 0x23, 0x98, 0x2f, 0x94, 0x44, 0xff, 0xf9, 0x42, 0x92, 0x29, 0x1f, 0xa4, 0x74, 0xcf, 0xc9, 0x72, 0xa2, 0x19, 0xae, 0x15, 0xc5, 0x7e, 0x78, 0xc3, 0x13, 0xa8, 0x60, 0xdb, 0xb, 0xb0, 0xb6, 0xd, 0xdd, 0x66, 0xd1, 0x6a, 0xba, 0x1, 0x7, 0xbc, 0x6c, 0xd7, 0xdf, 0x64, 0xb4, 0xf, 0x9, 0xb2, 0x62, 0xd9, 0x6e, 0xd5, 0x5, 0xbe, 0xb8, 0x3, 0xd3, 0x68, 0xa0, 0x1b, 0xcb, 0x70, 0x76, 0xcd, 0x1d, 0xa6, 0x11, 0xaa, 0x7a, 0xc1, 0xc7, 0x7c, 0xac, 0x17, 0x21, 0x9a, 0x4a, 0xf1, 0xf7, 0x4c, 0x9c, 0x27, 0x90, 0x2b, 0xfb, 0x40, 0x46, 0xfd, 0x2d, 0x96, 0x5e, 0xe5, 0x35, 0x8e, 0x88, 0x33, 0xe3, 0x58, 0xef, 0x54, 0x84, 0x3f, 0x39, 0x82, 0x52, 0xe9, 0x3e, 0x85, 0x55, 0xee, 0xe8, 0x53, 0x83, 0x38, 0x8f, 0x34, 0xe4, 0x5f, 0x59, 0xe2, 0x32, 0x89, 0x41, 0xfa, 0x2a, 0x91, 0x97, 0x2c, 0xfc, 0x47, 0xf0, 0x4b, 0x9b, 0x20, 0x26, 0x9d, 0x4d, 0xf6, 0xc0, 0x7b, 0xab, 0x10, 0x16, 0xad, 0x7d, 0xc6, 0x71, 0xca, 0x1a, 0xa1, 0xa7, 0x1c, 0xcc, 0x77, 0xbf, 0x4, 0xd4, 0x6f, 0x69, 0xd2, 0x2, 0xb9, 0xe, 0xb5, 0x65, 0xde, 0xd8, 0x63, 0xb3, 0x8},
+ {0x0, 0xbc, 0x65, 0xd9, 0xca, 0x76, 0xaf, 0x13, 0x89, 0x35, 0xec, 0x50, 0x43, 0xff, 0x26, 0x9a, 0xf, 0xb3, 0x6a, 0xd6, 0xc5, 0x79, 0xa0, 0x1c, 0x86, 0x3a, 0xe3, 0x5f, 0x4c, 0xf0, 0x29, 0x95, 0x1e, 0xa2, 0x7b, 0xc7, 0xd4, 0x68, 0xb1, 0xd, 0x97, 0x2b, 0xf2, 0x4e, 0x5d, 0xe1, 0x38, 0x84, 0x11, 0xad, 0x74, 0xc8, 0xdb, 0x67, 0xbe, 0x2, 0x98, 0x24, 0xfd, 0x41, 0x52, 0xee, 0x37, 0x8b, 0x3c, 0x80, 0x59, 0xe5, 0xf6, 0x4a, 0x93, 0x2f, 0xb5, 0x9, 0xd0, 0x6c, 0x7f, 0xc3, 0x1a, 0xa6, 0x33, 0x8f, 0x56, 0xea, 0xf9, 0x45, 0x9c, 0x20, 0xba, 0x6, 0xdf, 0x63, 0x70, 0xcc, 0x15, 0xa9, 0x22, 0x9e, 0x47, 0xfb, 0xe8, 0x54, 0x8d, 0x31, 0xab, 0x17, 0xce, 0x72, 0x61, 0xdd, 0x4, 0xb8, 0x2d, 0x91, 0x48, 0xf4, 0xe7, 0x5b, 0x82, 0x3e, 0xa4, 0x18, 0xc1, 0x7d, 0x6e, 0xd2, 0xb, 0xb7, 0x78, 0xc4, 0x1d, 0xa1, 0xb2, 0xe, 0xd7, 0x6b, 0xf1, 0x4d, 0x94, 0x28, 0x3b, 0x87, 0x5e, 0xe2, 0x77, 0xcb, 0x12, 0xae, 0xbd, 0x1, 0xd8, 0x64, 0xfe, 0x42, 0x9b, 0x27, 0x34, 0x88, 0x51, 0xed, 0x66, 0xda, 0x3, 0xbf, 0xac, 0x10, 0xc9, 0x75, 0xef, 0x53, 0x8a, 0x36, 0x25, 0x99, 0x40, 0xfc, 0x69, 0xd5, 0xc, 0xb0, 0xa3, 0x1f, 0xc6, 0x7a, 0xe0, 0x5c, 0x85, 0x39, 0x2a, 0x96, 0x4f, 0xf3, 0x44, 0xf8, 0x21, 0x9d, 0x8e, 0x32, 0xeb, 0x57, 0xcd, 0x71, 0xa8, 0x14, 0x7, 0xbb, 0x62, 0xde, 0x4b, 0xf7, 0x2e, 0x92, 0x81, 0x3d, 0xe4, 0x58, 0xc2, 0x7e, 0xa7, 0x1b, 0x8, 0xb4, 0x6d, 0xd1, 0x5a, 0xe6, 0x3f, 0x83, 0x90, 0x2c, 0xf5, 0x49, 0xd3, 0x6f, 0xb6, 0xa, 0x19, 0xa5, 0x7c, 0xc0, 0x55, 0xe9, 0x30, 0x8c, 0x9f, 0x23, 0xfa, 0x46, 0xdc, 0x60, 0xb9, 0x5, 0x16, 0xaa, 0x73, 0xcf},
+ {0x0, 0xbd, 0x67, 0xda, 0xce, 0x73, 0xa9, 0x14, 0x81, 0x3c, 0xe6, 0x5b, 0x4f, 0xf2, 0x28, 0x95, 0x1f, 0xa2, 0x78, 0xc5, 0xd1, 0x6c, 0xb6, 0xb, 0x9e, 0x23, 0xf9, 0x44, 0x50, 0xed, 0x37, 0x8a, 0x3e, 0x83, 0x59, 0xe4, 0xf0, 0x4d, 0x97, 0x2a, 0xbf, 0x2, 0xd8, 0x65, 0x71, 0xcc, 0x16, 0xab, 0x21, 0x9c, 0x46, 0xfb, 0xef, 0x52, 0x88, 0x35, 0xa0, 0x1d, 0xc7, 0x7a, 0x6e, 0xd3, 0x9, 0xb4, 0x7c, 0xc1, 0x1b, 0xa6, 0xb2, 0xf, 0xd5, 0x68, 0xfd, 0x40, 0x9a, 0x27, 0x33, 0x8e, 0x54, 0xe9, 0x63, 0xde, 0x4, 0xb9, 0xad, 0x10, 0xca, 0x77, 0xe2, 0x5f, 0x85, 0x38, 0x2c, 0x91, 0x4b, 0xf6, 0x42, 0xff, 0x25, 0x98, 0x8c, 0x31, 0xeb, 0x56, 0xc3, 0x7e, 0xa4, 0x19, 0xd, 0xb0, 0x6a, 0xd7, 0x5d, 0xe0, 0x3a, 0x87, 0x93, 0x2e, 0xf4, 0x49, 0xdc, 0x61, 0xbb, 0x6, 0x12, 0xaf, 0x75, 0xc8, 0xf8, 0x45, 0x9f, 0x22, 0x36, 0x8b, 0x51, 0xec, 0x79, 0xc4, 0x1e, 0xa3, 0xb7, 0xa, 0xd0, 0x6d, 0xe7, 0x5a, 0x80, 0x3d, 0x29, 0x94, 0x4e, 0xf3, 0x66, 0xdb, 0x1, 0xbc, 0xa8, 0x15, 0xcf, 0x72, 0xc6, 0x7b, 0xa1, 0x1c, 0x8, 0xb5, 0x6f, 0xd2, 0x47, 0xfa, 0x20, 0x9d, 0x89, 0x34, 0xee, 0x53, 0xd9, 0x64, 0xbe, 0x3, 0x17, 0xaa, 0x70, 0xcd, 0x58, 0xe5, 0x3f, 0x82, 0x96, 0x2b, 0xf1, 0x4c, 0x84, 0x39, 0xe3, 0x5e, 0x4a, 0xf7, 0x2d, 0x90, 0x5, 0xb8, 0x62, 0xdf, 0xcb, 0x76, 0xac, 0x11, 0x9b, 0x26, 0xfc, 0x41, 0x55, 0xe8, 0x32, 0x8f, 0x1a, 0xa7, 0x7d, 0xc0, 0xd4, 0x69, 0xb3, 0xe, 0xba, 0x7, 0xdd, 0x60, 0x74, 0xc9, 0x13, 0xae, 0x3b, 0x86, 0x5c, 0xe1, 0xf5, 0x48, 0x92, 0x2f, 0xa5, 0x18, 0xc2, 0x7f, 0x6b, 0xd6, 0xc, 0xb1, 0x24, 0x99, 0x43, 0xfe, 0xea, 0x57, 0x8d, 0x30},
+ {0x0, 0xbe, 0x61, 0xdf, 0xc2, 0x7c, 0xa3, 0x1d, 0x99, 0x27, 0xf8, 0x46, 0x5b, 0xe5, 0x3a, 0x84, 0x2f, 0x91, 0x4e, 0xf0, 0xed, 0x53, 0x8c, 0x32, 0xb6, 0x8, 0xd7, 0x69, 0x74, 0xca, 0x15, 0xab, 0x5e, 0xe0, 0x3f, 0x81, 0x9c, 0x22, 0xfd, 0x43, 0xc7, 0x79, 0xa6, 0x18, 0x5, 0xbb, 0x64, 0xda, 0x71, 0xcf, 0x10, 0xae, 0xb3, 0xd, 0xd2, 0x6c, 0xe8, 0x56, 0x89, 0x37, 0x2a, 0x94, 0x4b, 0xf5, 0xbc, 0x2, 0xdd, 0x63, 0x7e, 0xc0, 0x1f, 0xa1, 0x25, 0x9b, 0x44, 0xfa, 0xe7, 0x59, 0x86, 0x38, 0x93, 0x2d, 0xf2, 0x4c, 0x51, 0xef, 0x30, 0x8e, 0xa, 0xb4, 0x6b, 0xd5, 0xc8, 0x76, 0xa9, 0x17, 0xe2, 0x5c, 0x83, 0x3d, 0x20, 0x9e, 0x41, 0xff, 0x7b, 0xc5, 0x1a, 0xa4, 0xb9, 0x7, 0xd8, 0x66, 0xcd, 0x73, 0xac, 0x12, 0xf, 0xb1, 0x6e, 0xd0, 0x54, 0xea, 0x35, 0x8b, 0x96, 0x28, 0xf7, 0x49, 0x65, 0xdb, 0x4, 0xba, 0xa7, 0x19, 0xc6, 0x78, 0xfc, 0x42, 0x9d, 0x23, 0x3e, 0x80, 0x5f, 0xe1, 0x4a, 0xf4, 0x2b, 0x95, 0x88, 0x36, 0xe9, 0x57, 0xd3, 0x6d, 0xb2, 0xc, 0x11, 0xaf, 0x70, 0xce, 0x3b, 0x85, 0x5a, 0xe4, 0xf9, 0x47, 0x98, 0x26, 0xa2, 0x1c, 0xc3, 0x7d, 0x60, 0xde, 0x1, 0xbf, 0x14, 0xaa, 0x75, 0xcb, 0xd6, 0x68, 0xb7, 0x9, 0x8d, 0x33, 0xec, 0x52, 0x4f, 0xf1, 0x2e, 0x90, 0xd9, 0x67, 0xb8, 0x6, 0x1b, 0xa5, 0x7a, 0xc4, 0x40, 0xfe, 0x21, 0x9f, 0x82, 0x3c, 0xe3, 0x5d, 0xf6, 0x48, 0x97, 0x29, 0x34, 0x8a, 0x55, 0xeb, 0x6f, 0xd1, 0xe, 0xb0, 0xad, 0x13, 0xcc, 0x72, 0x87, 0x39, 0xe6, 0x58, 0x45, 0xfb, 0x24, 0x9a, 0x1e, 0xa0, 0x7f, 0xc1, 0xdc, 0x62, 0xbd, 0x3, 0xa8, 0x16, 0xc9, 0x77, 0x6a, 0xd4, 0xb, 0xb5, 0x31, 0x8f, 0x50, 0xee, 0xf3, 0x4d, 0x92, 0x2c},
+ {0x0, 0xbf, 0x63, 0xdc, 0xc6, 0x79, 0xa5, 0x1a, 0x91, 0x2e, 0xf2, 0x4d, 0x57, 0xe8, 0x34, 0x8b, 0x3f, 0x80, 0x5c, 0xe3, 0xf9, 0x46, 0x9a, 0x25, 0xae, 0x11, 0xcd, 0x72, 0x68, 0xd7, 0xb, 0xb4, 0x7e, 0xc1, 0x1d, 0xa2, 0xb8, 0x7, 0xdb, 0x64, 0xef, 0x50, 0x8c, 0x33, 0x29, 0x96, 0x4a, 0xf5, 0x41, 0xfe, 0x22, 0x9d, 0x87, 0x38, 0xe4, 0x5b, 0xd0, 0x6f, 0xb3, 0xc, 0x16, 0xa9, 0x75, 0xca, 0xfc, 0x43, 0x9f, 0x20, 0x3a, 0x85, 0x59, 0xe6, 0x6d, 0xd2, 0xe, 0xb1, 0xab, 0x14, 0xc8, 0x77, 0xc3, 0x7c, 0xa0, 0x1f, 0x5, 0xba, 0x66, 0xd9, 0x52, 0xed, 0x31, 0x8e, 0x94, 0x2b, 0xf7, 0x48, 0x82, 0x3d, 0xe1, 0x5e, 0x44, 0xfb, 0x27, 0x98, 0x13, 0xac, 0x70, 0xcf, 0xd5, 0x6a, 0xb6, 0x9, 0xbd, 0x2, 0xde, 0x61, 0x7b, 0xc4, 0x18, 0xa7, 0x2c, 0x93, 0x4f, 0xf0, 0xea, 0x55, 0x89, 0x36, 0xe5, 0x5a, 0x86, 0x39, 0x23, 0x9c, 0x40, 0xff, 0x74, 0xcb, 0x17, 0xa8, 0xb2, 0xd, 0xd1, 0x6e, 0xda, 0x65, 0xb9, 0x6, 0x1c, 0xa3, 0x7f, 0xc0, 0x4b, 0xf4, 0x28, 0x97, 0x8d, 0x32, 0xee, 0x51, 0x9b, 0x24, 0xf8, 0x47, 0x5d, 0xe2, 0x3e, 0x81, 0xa, 0xb5, 0x69, 0xd6, 0xcc, 0x73, 0xaf, 0x10, 0xa4, 0x1b, 0xc7, 0x78, 0x62, 0xdd, 0x1, 0xbe, 0x35, 0x8a, 0x56, 0xe9, 0xf3, 0x4c, 0x90, 0x2f, 0x19, 0xa6, 0x7a, 0xc5, 0xdf, 0x60, 0xbc, 0x3, 0x88, 0x37, 0xeb, 0x54, 0x4e, 0xf1, 0x2d, 0x92, 0x26, 0x99, 0x45, 0xfa, 0xe0, 0x5f, 0x83, 0x3c, 0xb7, 0x8, 0xd4, 0x6b, 0x71, 0xce, 0x12, 0xad, 0x67, 0xd8, 0x4, 0xbb, 0xa1, 0x1e, 0xc2, 0x7d, 0xf6, 0x49, 0x95, 0x2a, 0x30, 0x8f, 0x53, 0xec, 0x58, 0xe7, 0x3b, 0x84, 0x9e, 0x21, 0xfd, 0x42, 0xc9, 0x76, 0xaa, 0x15, 0xf, 0xb0, 0x6c, 0xd3},
+ {0x0, 0xc0, 0x9d, 0x5d, 0x27, 0xe7, 0xba, 0x7a, 0x4e, 0x8e, 0xd3, 0x13, 0x69, 0xa9, 0xf4, 0x34, 0x9c, 0x5c, 0x1, 0xc1, 0xbb, 0x7b, 0x26, 0xe6, 0xd2, 0x12, 0x4f, 0x8f, 0xf5, 0x35, 0x68, 0xa8, 0x25, 0xe5, 0xb8, 0x78, 0x2, 0xc2, 0x9f, 0x5f, 0x6b, 0xab, 0xf6, 0x36, 0x4c, 0x8c, 0xd1, 0x11, 0xb9, 0x79, 0x24, 0xe4, 0x9e, 0x5e, 0x3, 0xc3, 0xf7, 0x37, 0x6a, 0xaa, 0xd0, 0x10, 0x4d, 0x8d, 0x4a, 0x8a, 0xd7, 0x17, 0x6d, 0xad, 0xf0, 0x30, 0x4, 0xc4, 0x99, 0x59, 0x23, 0xe3, 0xbe, 0x7e, 0xd6, 0x16, 0x4b, 0x8b, 0xf1, 0x31, 0x6c, 0xac, 0x98, 0x58, 0x5, 0xc5, 0xbf, 0x7f, 0x22, 0xe2, 0x6f, 0xaf, 0xf2, 0x32, 0x48, 0x88, 0xd5, 0x15, 0x21, 0xe1, 0xbc, 0x7c, 0x6, 0xc6, 0x9b, 0x5b, 0xf3, 0x33, 0x6e, 0xae, 0xd4, 0x14, 0x49, 0x89, 0xbd, 0x7d, 0x20, 0xe0, 0x9a, 0x5a, 0x7, 0xc7, 0x94, 0x54, 0x9, 0xc9, 0xb3, 0x73, 0x2e, 0xee, 0xda, 0x1a, 0x47, 0x87, 0xfd, 0x3d, 0x60, 0xa0, 0x8, 0xc8, 0x95, 0x55, 0x2f, 0xef, 0xb2, 0x72, 0x46, 0x86, 0xdb, 0x1b, 0x61, 0xa1, 0xfc, 0x3c, 0xb1, 0x71, 0x2c, 0xec, 0x96, 0x56, 0xb, 0xcb, 0xff, 0x3f, 0x62, 0xa2, 0xd8, 0x18, 0x45, 0x85, 0x2d, 0xed, 0xb0, 0x70, 0xa, 0xca, 0x97, 0x57, 0x63, 0xa3, 0xfe, 0x3e, 0x44, 0x84, 0xd9, 0x19, 0xde, 0x1e, 0x43, 0x83, 0xf9, 0x39, 0x64, 0xa4, 0x90, 0x50, 0xd, 0xcd, 0xb7, 0x77, 0x2a, 0xea, 0x42, 0x82, 0xdf, 0x1f, 0x65, 0xa5, 0xf8, 0x38, 0xc, 0xcc, 0x91, 0x51, 0x2b, 0xeb, 0xb6, 0x76, 0xfb, 0x3b, 0x66, 0xa6, 0xdc, 0x1c, 0x41, 0x81, 0xb5, 0x75, 0x28, 0xe8, 0x92, 0x52, 0xf, 0xcf, 0x67, 0xa7, 0xfa, 0x3a, 0x40, 0x80, 0xdd, 0x1d, 0x29, 0xe9, 0xb4, 0x74, 0xe, 0xce, 0x93, 0x53},
+ {0x0, 0xc1, 0x9f, 0x5e, 0x23, 0xe2, 0xbc, 0x7d, 0x46, 0x87, 0xd9, 0x18, 0x65, 0xa4, 0xfa, 0x3b, 0x8c, 0x4d, 0x13, 0xd2, 0xaf, 0x6e, 0x30, 0xf1, 0xca, 0xb, 0x55, 0x94, 0xe9, 0x28, 0x76, 0xb7, 0x5, 0xc4, 0x9a, 0x5b, 0x26, 0xe7, 0xb9, 0x78, 0x43, 0x82, 0xdc, 0x1d, 0x60, 0xa1, 0xff, 0x3e, 0x89, 0x48, 0x16, 0xd7, 0xaa, 0x6b, 0x35, 0xf4, 0xcf, 0xe, 0x50, 0x91, 0xec, 0x2d, 0x73, 0xb2, 0xa, 0xcb, 0x95, 0x54, 0x29, 0xe8, 0xb6, 0x77, 0x4c, 0x8d, 0xd3, 0x12, 0x6f, 0xae, 0xf0, 0x31, 0x86, 0x47, 0x19, 0xd8, 0xa5, 0x64, 0x3a, 0xfb, 0xc0, 0x1, 0x5f, 0x9e, 0xe3, 0x22, 0x7c, 0xbd, 0xf, 0xce, 0x90, 0x51, 0x2c, 0xed, 0xb3, 0x72, 0x49, 0x88, 0xd6, 0x17, 0x6a, 0xab, 0xf5, 0x34, 0x83, 0x42, 0x1c, 0xdd, 0xa0, 0x61, 0x3f, 0xfe, 0xc5, 0x4, 0x5a, 0x9b, 0xe6, 0x27, 0x79, 0xb8, 0x14, 0xd5, 0x8b, 0x4a, 0x37, 0xf6, 0xa8, 0x69, 0x52, 0x93, 0xcd, 0xc, 0x71, 0xb0, 0xee, 0x2f, 0x98, 0x59, 0x7, 0xc6, 0xbb, 0x7a, 0x24, 0xe5, 0xde, 0x1f, 0x41, 0x80, 0xfd, 0x3c, 0x62, 0xa3, 0x11, 0xd0, 0x8e, 0x4f, 0x32, 0xf3, 0xad, 0x6c, 0x57, 0x96, 0xc8, 0x9, 0x74, 0xb5, 0xeb, 0x2a, 0x9d, 0x5c, 0x2, 0xc3, 0xbe, 0x7f, 0x21, 0xe0, 0xdb, 0x1a, 0x44, 0x85, 0xf8, 0x39, 0x67, 0xa6, 0x1e, 0xdf, 0x81, 0x40, 0x3d, 0xfc, 0xa2, 0x63, 0x58, 0x99, 0xc7, 0x6, 0x7b, 0xba, 0xe4, 0x25, 0x92, 0x53, 0xd, 0xcc, 0xb1, 0x70, 0x2e, 0xef, 0xd4, 0x15, 0x4b, 0x8a, 0xf7, 0x36, 0x68, 0xa9, 0x1b, 0xda, 0x84, 0x45, 0x38, 0xf9, 0xa7, 0x66, 0x5d, 0x9c, 0xc2, 0x3, 0x7e, 0xbf, 0xe1, 0x20, 0x97, 0x56, 0x8, 0xc9, 0xb4, 0x75, 0x2b, 0xea, 0xd1, 0x10, 0x4e, 0x8f, 0xf2, 0x33, 0x6d, 0xac},
+ {0x0, 0xc2, 0x99, 0x5b, 0x2f, 0xed, 0xb6, 0x74, 0x5e, 0x9c, 0xc7, 0x5, 0x71, 0xb3, 0xe8, 0x2a, 0xbc, 0x7e, 0x25, 0xe7, 0x93, 0x51, 0xa, 0xc8, 0xe2, 0x20, 0x7b, 0xb9, 0xcd, 0xf, 0x54, 0x96, 0x65, 0xa7, 0xfc, 0x3e, 0x4a, 0x88, 0xd3, 0x11, 0x3b, 0xf9, 0xa2, 0x60, 0x14, 0xd6, 0x8d, 0x4f, 0xd9, 0x1b, 0x40, 0x82, 0xf6, 0x34, 0x6f, 0xad, 0x87, 0x45, 0x1e, 0xdc, 0xa8, 0x6a, 0x31, 0xf3, 0xca, 0x8, 0x53, 0x91, 0xe5, 0x27, 0x7c, 0xbe, 0x94, 0x56, 0xd, 0xcf, 0xbb, 0x79, 0x22, 0xe0, 0x76, 0xb4, 0xef, 0x2d, 0x59, 0x9b, 0xc0, 0x2, 0x28, 0xea, 0xb1, 0x73, 0x7, 0xc5, 0x9e, 0x5c, 0xaf, 0x6d, 0x36, 0xf4, 0x80, 0x42, 0x19, 0xdb, 0xf1, 0x33, 0x68, 0xaa, 0xde, 0x1c, 0x47, 0x85, 0x13, 0xd1, 0x8a, 0x48, 0x3c, 0xfe, 0xa5, 0x67, 0x4d, 0x8f, 0xd4, 0x16, 0x62, 0xa0, 0xfb, 0x39, 0x89, 0x4b, 0x10, 0xd2, 0xa6, 0x64, 0x3f, 0xfd, 0xd7, 0x15, 0x4e, 0x8c, 0xf8, 0x3a, 0x61, 0xa3, 0x35, 0xf7, 0xac, 0x6e, 0x1a, 0xd8, 0x83, 0x41, 0x6b, 0xa9, 0xf2, 0x30, 0x44, 0x86, 0xdd, 0x1f, 0xec, 0x2e, 0x75, 0xb7, 0xc3, 0x1, 0x5a, 0x98, 0xb2, 0x70, 0x2b, 0xe9, 0x9d, 0x5f, 0x4, 0xc6, 0x50, 0x92, 0xc9, 0xb, 0x7f, 0xbd, 0xe6, 0x24, 0xe, 0xcc, 0x97, 0x55, 0x21, 0xe3, 0xb8, 0x7a, 0x43, 0x81, 0xda, 0x18, 0x6c, 0xae, 0xf5, 0x37, 0x1d, 0xdf, 0x84, 0x46, 0x32, 0xf0, 0xab, 0x69, 0xff, 0x3d, 0x66, 0xa4, 0xd0, 0x12, 0x49, 0x8b, 0xa1, 0x63, 0x38, 0xfa, 0x8e, 0x4c, 0x17, 0xd5, 0x26, 0xe4, 0xbf, 0x7d, 0x9, 0xcb, 0x90, 0x52, 0x78, 0xba, 0xe1, 0x23, 0x57, 0x95, 0xce, 0xc, 0x9a, 0x58, 0x3, 0xc1, 0xb5, 0x77, 0x2c, 0xee, 0xc4, 0x6, 0x5d, 0x9f, 0xeb, 0x29, 0x72, 0xb0},
+ {0x0, 0xc3, 0x9b, 0x58, 0x2b, 0xe8, 0xb0, 0x73, 0x56, 0x95, 0xcd, 0xe, 0x7d, 0xbe, 0xe6, 0x25, 0xac, 0x6f, 0x37, 0xf4, 0x87, 0x44, 0x1c, 0xdf, 0xfa, 0x39, 0x61, 0xa2, 0xd1, 0x12, 0x4a, 0x89, 0x45, 0x86, 0xde, 0x1d, 0x6e, 0xad, 0xf5, 0x36, 0x13, 0xd0, 0x88, 0x4b, 0x38, 0xfb, 0xa3, 0x60, 0xe9, 0x2a, 0x72, 0xb1, 0xc2, 0x1, 0x59, 0x9a, 0xbf, 0x7c, 0x24, 0xe7, 0x94, 0x57, 0xf, 0xcc, 0x8a, 0x49, 0x11, 0xd2, 0xa1, 0x62, 0x3a, 0xf9, 0xdc, 0x1f, 0x47, 0x84, 0xf7, 0x34, 0x6c, 0xaf, 0x26, 0xe5, 0xbd, 0x7e, 0xd, 0xce, 0x96, 0x55, 0x70, 0xb3, 0xeb, 0x28, 0x5b, 0x98, 0xc0, 0x3, 0xcf, 0xc, 0x54, 0x97, 0xe4, 0x27, 0x7f, 0xbc, 0x99, 0x5a, 0x2, 0xc1, 0xb2, 0x71, 0x29, 0xea, 0x63, 0xa0, 0xf8, 0x3b, 0x48, 0x8b, 0xd3, 0x10, 0x35, 0xf6, 0xae, 0x6d, 0x1e, 0xdd, 0x85, 0x46, 0x9, 0xca, 0x92, 0x51, 0x22, 0xe1, 0xb9, 0x7a, 0x5f, 0x9c, 0xc4, 0x7, 0x74, 0xb7, 0xef, 0x2c, 0xa5, 0x66, 0x3e, 0xfd, 0x8e, 0x4d, 0x15, 0xd6, 0xf3, 0x30, 0x68, 0xab, 0xd8, 0x1b, 0x43, 0x80, 0x4c, 0x8f, 0xd7, 0x14, 0x67, 0xa4, 0xfc, 0x3f, 0x1a, 0xd9, 0x81, 0x42, 0x31, 0xf2, 0xaa, 0x69, 0xe0, 0x23, 0x7b, 0xb8, 0xcb, 0x8, 0x50, 0x93, 0xb6, 0x75, 0x2d, 0xee, 0x9d, 0x5e, 0x6, 0xc5, 0x83, 0x40, 0x18, 0xdb, 0xa8, 0x6b, 0x33, 0xf0, 0xd5, 0x16, 0x4e, 0x8d, 0xfe, 0x3d, 0x65, 0xa6, 0x2f, 0xec, 0xb4, 0x77, 0x4, 0xc7, 0x9f, 0x5c, 0x79, 0xba, 0xe2, 0x21, 0x52, 0x91, 0xc9, 0xa, 0xc6, 0x5, 0x5d, 0x9e, 0xed, 0x2e, 0x76, 0xb5, 0x90, 0x53, 0xb, 0xc8, 0xbb, 0x78, 0x20, 0xe3, 0x6a, 0xa9, 0xf1, 0x32, 0x41, 0x82, 0xda, 0x19, 0x3c, 0xff, 0xa7, 0x64, 0x17, 0xd4, 0x8c, 0x4f},
+ {0x0, 0xc4, 0x95, 0x51, 0x37, 0xf3, 0xa2, 0x66, 0x6e, 0xaa, 0xfb, 0x3f, 0x59, 0x9d, 0xcc, 0x8, 0xdc, 0x18, 0x49, 0x8d, 0xeb, 0x2f, 0x7e, 0xba, 0xb2, 0x76, 0x27, 0xe3, 0x85, 0x41, 0x10, 0xd4, 0xa5, 0x61, 0x30, 0xf4, 0x92, 0x56, 0x7, 0xc3, 0xcb, 0xf, 0x5e, 0x9a, 0xfc, 0x38, 0x69, 0xad, 0x79, 0xbd, 0xec, 0x28, 0x4e, 0x8a, 0xdb, 0x1f, 0x17, 0xd3, 0x82, 0x46, 0x20, 0xe4, 0xb5, 0x71, 0x57, 0x93, 0xc2, 0x6, 0x60, 0xa4, 0xf5, 0x31, 0x39, 0xfd, 0xac, 0x68, 0xe, 0xca, 0x9b, 0x5f, 0x8b, 0x4f, 0x1e, 0xda, 0xbc, 0x78, 0x29, 0xed, 0xe5, 0x21, 0x70, 0xb4, 0xd2, 0x16, 0x47, 0x83, 0xf2, 0x36, 0x67, 0xa3, 0xc5, 0x1, 0x50, 0x94, 0x9c, 0x58, 0x9, 0xcd, 0xab, 0x6f, 0x3e, 0xfa, 0x2e, 0xea, 0xbb, 0x7f, 0x19, 0xdd, 0x8c, 0x48, 0x40, 0x84, 0xd5, 0x11, 0x77, 0xb3, 0xe2, 0x26, 0xae, 0x6a, 0x3b, 0xff, 0x99, 0x5d, 0xc, 0xc8, 0xc0, 0x4, 0x55, 0x91, 0xf7, 0x33, 0x62, 0xa6, 0x72, 0xb6, 0xe7, 0x23, 0x45, 0x81, 0xd0, 0x14, 0x1c, 0xd8, 0x89, 0x4d, 0x2b, 0xef, 0xbe, 0x7a, 0xb, 0xcf, 0x9e, 0x5a, 0x3c, 0xf8, 0xa9, 0x6d, 0x65, 0xa1, 0xf0, 0x34, 0x52, 0x96, 0xc7, 0x3, 0xd7, 0x13, 0x42, 0x86, 0xe0, 0x24, 0x75, 0xb1, 0xb9, 0x7d, 0x2c, 0xe8, 0x8e, 0x4a, 0x1b, 0xdf, 0xf9, 0x3d, 0x6c, 0xa8, 0xce, 0xa, 0x5b, 0x9f, 0x97, 0x53, 0x2, 0xc6, 0xa0, 0x64, 0x35, 0xf1, 0x25, 0xe1, 0xb0, 0x74, 0x12, 0xd6, 0x87, 0x43, 0x4b, 0x8f, 0xde, 0x1a, 0x7c, 0xb8, 0xe9, 0x2d, 0x5c, 0x98, 0xc9, 0xd, 0x6b, 0xaf, 0xfe, 0x3a, 0x32, 0xf6, 0xa7, 0x63, 0x5, 0xc1, 0x90, 0x54, 0x80, 0x44, 0x15, 0xd1, 0xb7, 0x73, 0x22, 0xe6, 0xee, 0x2a, 0x7b, 0xbf, 0xd9, 0x1d, 0x4c, 0x88},
+ {0x0, 0xc5, 0x97, 0x52, 0x33, 0xf6, 0xa4, 0x61, 0x66, 0xa3, 0xf1, 0x34, 0x55, 0x90, 0xc2, 0x7, 0xcc, 0x9, 0x5b, 0x9e, 0xff, 0x3a, 0x68, 0xad, 0xaa, 0x6f, 0x3d, 0xf8, 0x99, 0x5c, 0xe, 0xcb, 0x85, 0x40, 0x12, 0xd7, 0xb6, 0x73, 0x21, 0xe4, 0xe3, 0x26, 0x74, 0xb1, 0xd0, 0x15, 0x47, 0x82, 0x49, 0x8c, 0xde, 0x1b, 0x7a, 0xbf, 0xed, 0x28, 0x2f, 0xea, 0xb8, 0x7d, 0x1c, 0xd9, 0x8b, 0x4e, 0x17, 0xd2, 0x80, 0x45, 0x24, 0xe1, 0xb3, 0x76, 0x71, 0xb4, 0xe6, 0x23, 0x42, 0x87, 0xd5, 0x10, 0xdb, 0x1e, 0x4c, 0x89, 0xe8, 0x2d, 0x7f, 0xba, 0xbd, 0x78, 0x2a, 0xef, 0x8e, 0x4b, 0x19, 0xdc, 0x92, 0x57, 0x5, 0xc0, 0xa1, 0x64, 0x36, 0xf3, 0xf4, 0x31, 0x63, 0xa6, 0xc7, 0x2, 0x50, 0x95, 0x5e, 0x9b, 0xc9, 0xc, 0x6d, 0xa8, 0xfa, 0x3f, 0x38, 0xfd, 0xaf, 0x6a, 0xb, 0xce, 0x9c, 0x59, 0x2e, 0xeb, 0xb9, 0x7c, 0x1d, 0xd8, 0x8a, 0x4f, 0x48, 0x8d, 0xdf, 0x1a, 0x7b, 0xbe, 0xec, 0x29, 0xe2, 0x27, 0x75, 0xb0, 0xd1, 0x14, 0x46, 0x83, 0x84, 0x41, 0x13, 0xd6, 0xb7, 0x72, 0x20, 0xe5, 0xab, 0x6e, 0x3c, 0xf9, 0x98, 0x5d, 0xf, 0xca, 0xcd, 0x8, 0x5a, 0x9f, 0xfe, 0x3b, 0x69, 0xac, 0x67, 0xa2, 0xf0, 0x35, 0x54, 0x91, 0xc3, 0x6, 0x1, 0xc4, 0x96, 0x53, 0x32, 0xf7, 0xa5, 0x60, 0x39, 0xfc, 0xae, 0x6b, 0xa, 0xcf, 0x9d, 0x58, 0x5f, 0x9a, 0xc8, 0xd, 0x6c, 0xa9, 0xfb, 0x3e, 0xf5, 0x30, 0x62, 0xa7, 0xc6, 0x3, 0x51, 0x94, 0x93, 0x56, 0x4, 0xc1, 0xa0, 0x65, 0x37, 0xf2, 0xbc, 0x79, 0x2b, 0xee, 0x8f, 0x4a, 0x18, 0xdd, 0xda, 0x1f, 0x4d, 0x88, 0xe9, 0x2c, 0x7e, 0xbb, 0x70, 0xb5, 0xe7, 0x22, 0x43, 0x86, 0xd4, 0x11, 0x16, 0xd3, 0x81, 0x44, 0x25, 0xe0, 0xb2, 0x77},
+ {0x0, 0xc6, 0x91, 0x57, 0x3f, 0xf9, 0xae, 0x68, 0x7e, 0xb8, 0xef, 0x29, 0x41, 0x87, 0xd0, 0x16, 0xfc, 0x3a, 0x6d, 0xab, 0xc3, 0x5, 0x52, 0x94, 0x82, 0x44, 0x13, 0xd5, 0xbd, 0x7b, 0x2c, 0xea, 0xe5, 0x23, 0x74, 0xb2, 0xda, 0x1c, 0x4b, 0x8d, 0x9b, 0x5d, 0xa, 0xcc, 0xa4, 0x62, 0x35, 0xf3, 0x19, 0xdf, 0x88, 0x4e, 0x26, 0xe0, 0xb7, 0x71, 0x67, 0xa1, 0xf6, 0x30, 0x58, 0x9e, 0xc9, 0xf, 0xd7, 0x11, 0x46, 0x80, 0xe8, 0x2e, 0x79, 0xbf, 0xa9, 0x6f, 0x38, 0xfe, 0x96, 0x50, 0x7, 0xc1, 0x2b, 0xed, 0xba, 0x7c, 0x14, 0xd2, 0x85, 0x43, 0x55, 0x93, 0xc4, 0x2, 0x6a, 0xac, 0xfb, 0x3d, 0x32, 0xf4, 0xa3, 0x65, 0xd, 0xcb, 0x9c, 0x5a, 0x4c, 0x8a, 0xdd, 0x1b, 0x73, 0xb5, 0xe2, 0x24, 0xce, 0x8, 0x5f, 0x99, 0xf1, 0x37, 0x60, 0xa6, 0xb0, 0x76, 0x21, 0xe7, 0x8f, 0x49, 0x1e, 0xd8, 0xb3, 0x75, 0x22, 0xe4, 0x8c, 0x4a, 0x1d, 0xdb, 0xcd, 0xb, 0x5c, 0x9a, 0xf2, 0x34, 0x63, 0xa5, 0x4f, 0x89, 0xde, 0x18, 0x70, 0xb6, 0xe1, 0x27, 0x31, 0xf7, 0xa0, 0x66, 0xe, 0xc8, 0x9f, 0x59, 0x56, 0x90, 0xc7, 0x1, 0x69, 0xaf, 0xf8, 0x3e, 0x28, 0xee, 0xb9, 0x7f, 0x17, 0xd1, 0x86, 0x40, 0xaa, 0x6c, 0x3b, 0xfd, 0x95, 0x53, 0x4, 0xc2, 0xd4, 0x12, 0x45, 0x83, 0xeb, 0x2d, 0x7a, 0xbc, 0x64, 0xa2, 0xf5, 0x33, 0x5b, 0x9d, 0xca, 0xc, 0x1a, 0xdc, 0x8b, 0x4d, 0x25, 0xe3, 0xb4, 0x72, 0x98, 0x5e, 0x9, 0xcf, 0xa7, 0x61, 0x36, 0xf0, 0xe6, 0x20, 0x77, 0xb1, 0xd9, 0x1f, 0x48, 0x8e, 0x81, 0x47, 0x10, 0xd6, 0xbe, 0x78, 0x2f, 0xe9, 0xff, 0x39, 0x6e, 0xa8, 0xc0, 0x6, 0x51, 0x97, 0x7d, 0xbb, 0xec, 0x2a, 0x42, 0x84, 0xd3, 0x15, 0x3, 0xc5, 0x92, 0x54, 0x3c, 0xfa, 0xad, 0x6b},
+ {0x0, 0xc7, 0x93, 0x54, 0x3b, 0xfc, 0xa8, 0x6f, 0x76, 0xb1, 0xe5, 0x22, 0x4d, 0x8a, 0xde, 0x19, 0xec, 0x2b, 0x7f, 0xb8, 0xd7, 0x10, 0x44, 0x83, 0x9a, 0x5d, 0x9, 0xce, 0xa1, 0x66, 0x32, 0xf5, 0xc5, 0x2, 0x56, 0x91, 0xfe, 0x39, 0x6d, 0xaa, 0xb3, 0x74, 0x20, 0xe7, 0x88, 0x4f, 0x1b, 0xdc, 0x29, 0xee, 0xba, 0x7d, 0x12, 0xd5, 0x81, 0x46, 0x5f, 0x98, 0xcc, 0xb, 0x64, 0xa3, 0xf7, 0x30, 0x97, 0x50, 0x4, 0xc3, 0xac, 0x6b, 0x3f, 0xf8, 0xe1, 0x26, 0x72, 0xb5, 0xda, 0x1d, 0x49, 0x8e, 0x7b, 0xbc, 0xe8, 0x2f, 0x40, 0x87, 0xd3, 0x14, 0xd, 0xca, 0x9e, 0x59, 0x36, 0xf1, 0xa5, 0x62, 0x52, 0x95, 0xc1, 0x6, 0x69, 0xae, 0xfa, 0x3d, 0x24, 0xe3, 0xb7, 0x70, 0x1f, 0xd8, 0x8c, 0x4b, 0xbe, 0x79, 0x2d, 0xea, 0x85, 0x42, 0x16, 0xd1, 0xc8, 0xf, 0x5b, 0x9c, 0xf3, 0x34, 0x60, 0xa7, 0x33, 0xf4, 0xa0, 0x67, 0x8, 0xcf, 0x9b, 0x5c, 0x45, 0x82, 0xd6, 0x11, 0x7e, 0xb9, 0xed, 0x2a, 0xdf, 0x18, 0x4c, 0x8b, 0xe4, 0x23, 0x77, 0xb0, 0xa9, 0x6e, 0x3a, 0xfd, 0x92, 0x55, 0x1, 0xc6, 0xf6, 0x31, 0x65, 0xa2, 0xcd, 0xa, 0x5e, 0x99, 0x80, 0x47, 0x13, 0xd4, 0xbb, 0x7c, 0x28, 0xef, 0x1a, 0xdd, 0x89, 0x4e, 0x21, 0xe6, 0xb2, 0x75, 0x6c, 0xab, 0xff, 0x38, 0x57, 0x90, 0xc4, 0x3, 0xa4, 0x63, 0x37, 0xf0, 0x9f, 0x58, 0xc, 0xcb, 0xd2, 0x15, 0x41, 0x86, 0xe9, 0x2e, 0x7a, 0xbd, 0x48, 0x8f, 0xdb, 0x1c, 0x73, 0xb4, 0xe0, 0x27, 0x3e, 0xf9, 0xad, 0x6a, 0x5, 0xc2, 0x96, 0x51, 0x61, 0xa6, 0xf2, 0x35, 0x5a, 0x9d, 0xc9, 0xe, 0x17, 0xd0, 0x84, 0x43, 0x2c, 0xeb, 0xbf, 0x78, 0x8d, 0x4a, 0x1e, 0xd9, 0xb6, 0x71, 0x25, 0xe2, 0xfb, 0x3c, 0x68, 0xaf, 0xc0, 0x7, 0x53, 0x94},
+ {0x0, 0xc8, 0x8d, 0x45, 0x7, 0xcf, 0x8a, 0x42, 0xe, 0xc6, 0x83, 0x4b, 0x9, 0xc1, 0x84, 0x4c, 0x1c, 0xd4, 0x91, 0x59, 0x1b, 0xd3, 0x96, 0x5e, 0x12, 0xda, 0x9f, 0x57, 0x15, 0xdd, 0x98, 0x50, 0x38, 0xf0, 0xb5, 0x7d, 0x3f, 0xf7, 0xb2, 0x7a, 0x36, 0xfe, 0xbb, 0x73, 0x31, 0xf9, 0xbc, 0x74, 0x24, 0xec, 0xa9, 0x61, 0x23, 0xeb, 0xae, 0x66, 0x2a, 0xe2, 0xa7, 0x6f, 0x2d, 0xe5, 0xa0, 0x68, 0x70, 0xb8, 0xfd, 0x35, 0x77, 0xbf, 0xfa, 0x32, 0x7e, 0xb6, 0xf3, 0x3b, 0x79, 0xb1, 0xf4, 0x3c, 0x6c, 0xa4, 0xe1, 0x29, 0x6b, 0xa3, 0xe6, 0x2e, 0x62, 0xaa, 0xef, 0x27, 0x65, 0xad, 0xe8, 0x20, 0x48, 0x80, 0xc5, 0xd, 0x4f, 0x87, 0xc2, 0xa, 0x46, 0x8e, 0xcb, 0x3, 0x41, 0x89, 0xcc, 0x4, 0x54, 0x9c, 0xd9, 0x11, 0x53, 0x9b, 0xde, 0x16, 0x5a, 0x92, 0xd7, 0x1f, 0x5d, 0x95, 0xd0, 0x18, 0xe0, 0x28, 0x6d, 0xa5, 0xe7, 0x2f, 0x6a, 0xa2, 0xee, 0x26, 0x63, 0xab, 0xe9, 0x21, 0x64, 0xac, 0xfc, 0x34, 0x71, 0xb9, 0xfb, 0x33, 0x76, 0xbe, 0xf2, 0x3a, 0x7f, 0xb7, 0xf5, 0x3d, 0x78, 0xb0, 0xd8, 0x10, 0x55, 0x9d, 0xdf, 0x17, 0x52, 0x9a, 0xd6, 0x1e, 0x5b, 0x93, 0xd1, 0x19, 0x5c, 0x94, 0xc4, 0xc, 0x49, 0x81, 0xc3, 0xb, 0x4e, 0x86, 0xca, 0x2, 0x47, 0x8f, 0xcd, 0x5, 0x40, 0x88, 0x90, 0x58, 0x1d, 0xd5, 0x97, 0x5f, 0x1a, 0xd2, 0x9e, 0x56, 0x13, 0xdb, 0x99, 0x51, 0x14, 0xdc, 0x8c, 0x44, 0x1, 0xc9, 0x8b, 0x43, 0x6, 0xce, 0x82, 0x4a, 0xf, 0xc7, 0x85, 0x4d, 0x8, 0xc0, 0xa8, 0x60, 0x25, 0xed, 0xaf, 0x67, 0x22, 0xea, 0xa6, 0x6e, 0x2b, 0xe3, 0xa1, 0x69, 0x2c, 0xe4, 0xb4, 0x7c, 0x39, 0xf1, 0xb3, 0x7b, 0x3e, 0xf6, 0xba, 0x72, 0x37, 0xff, 0xbd, 0x75, 0x30, 0xf8},
+ {0x0, 0xc9, 0x8f, 0x46, 0x3, 0xca, 0x8c, 0x45, 0x6, 0xcf, 0x89, 0x40, 0x5, 0xcc, 0x8a, 0x43, 0xc, 0xc5, 0x83, 0x4a, 0xf, 0xc6, 0x80, 0x49, 0xa, 0xc3, 0x85, 0x4c, 0x9, 0xc0, 0x86, 0x4f, 0x18, 0xd1, 0x97, 0x5e, 0x1b, 0xd2, 0x94, 0x5d, 0x1e, 0xd7, 0x91, 0x58, 0x1d, 0xd4, 0x92, 0x5b, 0x14, 0xdd, 0x9b, 0x52, 0x17, 0xde, 0x98, 0x51, 0x12, 0xdb, 0x9d, 0x54, 0x11, 0xd8, 0x9e, 0x57, 0x30, 0xf9, 0xbf, 0x76, 0x33, 0xfa, 0xbc, 0x75, 0x36, 0xff, 0xb9, 0x70, 0x35, 0xfc, 0xba, 0x73, 0x3c, 0xf5, 0xb3, 0x7a, 0x3f, 0xf6, 0xb0, 0x79, 0x3a, 0xf3, 0xb5, 0x7c, 0x39, 0xf0, 0xb6, 0x7f, 0x28, 0xe1, 0xa7, 0x6e, 0x2b, 0xe2, 0xa4, 0x6d, 0x2e, 0xe7, 0xa1, 0x68, 0x2d, 0xe4, 0xa2, 0x6b, 0x24, 0xed, 0xab, 0x62, 0x27, 0xee, 0xa8, 0x61, 0x22, 0xeb, 0xad, 0x64, 0x21, 0xe8, 0xae, 0x67, 0x60, 0xa9, 0xef, 0x26, 0x63, 0xaa, 0xec, 0x25, 0x66, 0xaf, 0xe9, 0x20, 0x65, 0xac, 0xea, 0x23, 0x6c, 0xa5, 0xe3, 0x2a, 0x6f, 0xa6, 0xe0, 0x29, 0x6a, 0xa3, 0xe5, 0x2c, 0x69, 0xa0, 0xe6, 0x2f, 0x78, 0xb1, 0xf7, 0x3e, 0x7b, 0xb2, 0xf4, 0x3d, 0x7e, 0xb7, 0xf1, 0x38, 0x7d, 0xb4, 0xf2, 0x3b, 0x74, 0xbd, 0xfb, 0x32, 0x77, 0xbe, 0xf8, 0x31, 0x72, 0xbb, 0xfd, 0x34, 0x71, 0xb8, 0xfe, 0x37, 0x50, 0x99, 0xdf, 0x16, 0x53, 0x9a, 0xdc, 0x15, 0x56, 0x9f, 0xd9, 0x10, 0x55, 0x9c, 0xda, 0x13, 0x5c, 0x95, 0xd3, 0x1a, 0x5f, 0x96, 0xd0, 0x19, 0x5a, 0x93, 0xd5, 0x1c, 0x59, 0x90, 0xd6, 0x1f, 0x48, 0x81, 0xc7, 0xe, 0x4b, 0x82, 0xc4, 0xd, 0x4e, 0x87, 0xc1, 0x8, 0x4d, 0x84, 0xc2, 0xb, 0x44, 0x8d, 0xcb, 0x2, 0x47, 0x8e, 0xc8, 0x1, 0x42, 0x8b, 0xcd, 0x4, 0x41, 0x88, 0xce, 0x7},
+ {0x0, 0xca, 0x89, 0x43, 0xf, 0xc5, 0x86, 0x4c, 0x1e, 0xd4, 0x97, 0x5d, 0x11, 0xdb, 0x98, 0x52, 0x3c, 0xf6, 0xb5, 0x7f, 0x33, 0xf9, 0xba, 0x70, 0x22, 0xe8, 0xab, 0x61, 0x2d, 0xe7, 0xa4, 0x6e, 0x78, 0xb2, 0xf1, 0x3b, 0x77, 0xbd, 0xfe, 0x34, 0x66, 0xac, 0xef, 0x25, 0x69, 0xa3, 0xe0, 0x2a, 0x44, 0x8e, 0xcd, 0x7, 0x4b, 0x81, 0xc2, 0x8, 0x5a, 0x90, 0xd3, 0x19, 0x55, 0x9f, 0xdc, 0x16, 0xf0, 0x3a, 0x79, 0xb3, 0xff, 0x35, 0x76, 0xbc, 0xee, 0x24, 0x67, 0xad, 0xe1, 0x2b, 0x68, 0xa2, 0xcc, 0x6, 0x45, 0x8f, 0xc3, 0x9, 0x4a, 0x80, 0xd2, 0x18, 0x5b, 0x91, 0xdd, 0x17, 0x54, 0x9e, 0x88, 0x42, 0x1, 0xcb, 0x87, 0x4d, 0xe, 0xc4, 0x96, 0x5c, 0x1f, 0xd5, 0x99, 0x53, 0x10, 0xda, 0xb4, 0x7e, 0x3d, 0xf7, 0xbb, 0x71, 0x32, 0xf8, 0xaa, 0x60, 0x23, 0xe9, 0xa5, 0x6f, 0x2c, 0xe6, 0xfd, 0x37, 0x74, 0xbe, 0xf2, 0x38, 0x7b, 0xb1, 0xe3, 0x29, 0x6a, 0xa0, 0xec, 0x26, 0x65, 0xaf, 0xc1, 0xb, 0x48, 0x82, 0xce, 0x4, 0x47, 0x8d, 0xdf, 0x15, 0x56, 0x9c, 0xd0, 0x1a, 0x59, 0x93, 0x85, 0x4f, 0xc, 0xc6, 0x8a, 0x40, 0x3, 0xc9, 0x9b, 0x51, 0x12, 0xd8, 0x94, 0x5e, 0x1d, 0xd7, 0xb9, 0x73, 0x30, 0xfa, 0xb6, 0x7c, 0x3f, 0xf5, 0xa7, 0x6d, 0x2e, 0xe4, 0xa8, 0x62, 0x21, 0xeb, 0xd, 0xc7, 0x84, 0x4e, 0x2, 0xc8, 0x8b, 0x41, 0x13, 0xd9, 0x9a, 0x50, 0x1c, 0xd6, 0x95, 0x5f, 0x31, 0xfb, 0xb8, 0x72, 0x3e, 0xf4, 0xb7, 0x7d, 0x2f, 0xe5, 0xa6, 0x6c, 0x20, 0xea, 0xa9, 0x63, 0x75, 0xbf, 0xfc, 0x36, 0x7a, 0xb0, 0xf3, 0x39, 0x6b, 0xa1, 0xe2, 0x28, 0x64, 0xae, 0xed, 0x27, 0x49, 0x83, 0xc0, 0xa, 0x46, 0x8c, 0xcf, 0x5, 0x57, 0x9d, 0xde, 0x14, 0x58, 0x92, 0xd1, 0x1b},
+ {0x0, 0xcb, 0x8b, 0x40, 0xb, 0xc0, 0x80, 0x4b, 0x16, 0xdd, 0x9d, 0x56, 0x1d, 0xd6, 0x96, 0x5d, 0x2c, 0xe7, 0xa7, 0x6c, 0x27, 0xec, 0xac, 0x67, 0x3a, 0xf1, 0xb1, 0x7a, 0x31, 0xfa, 0xba, 0x71, 0x58, 0x93, 0xd3, 0x18, 0x53, 0x98, 0xd8, 0x13, 0x4e, 0x85, 0xc5, 0xe, 0x45, 0x8e, 0xce, 0x5, 0x74, 0xbf, 0xff, 0x34, 0x7f, 0xb4, 0xf4, 0x3f, 0x62, 0xa9, 0xe9, 0x22, 0x69, 0xa2, 0xe2, 0x29, 0xb0, 0x7b, 0x3b, 0xf0, 0xbb, 0x70, 0x30, 0xfb, 0xa6, 0x6d, 0x2d, 0xe6, 0xad, 0x66, 0x26, 0xed, 0x9c, 0x57, 0x17, 0xdc, 0x97, 0x5c, 0x1c, 0xd7, 0x8a, 0x41, 0x1, 0xca, 0x81, 0x4a, 0xa, 0xc1, 0xe8, 0x23, 0x63, 0xa8, 0xe3, 0x28, 0x68, 0xa3, 0xfe, 0x35, 0x75, 0xbe, 0xf5, 0x3e, 0x7e, 0xb5, 0xc4, 0xf, 0x4f, 0x84, 0xcf, 0x4, 0x44, 0x8f, 0xd2, 0x19, 0x59, 0x92, 0xd9, 0x12, 0x52, 0x99, 0x7d, 0xb6, 0xf6, 0x3d, 0x76, 0xbd, 0xfd, 0x36, 0x6b, 0xa0, 0xe0, 0x2b, 0x60, 0xab, 0xeb, 0x20, 0x51, 0x9a, 0xda, 0x11, 0x5a, 0x91, 0xd1, 0x1a, 0x47, 0x8c, 0xcc, 0x7, 0x4c, 0x87, 0xc7, 0xc, 0x25, 0xee, 0xae, 0x65, 0x2e, 0xe5, 0xa5, 0x6e, 0x33, 0xf8, 0xb8, 0x73, 0x38, 0xf3, 0xb3, 0x78, 0x9, 0xc2, 0x82, 0x49, 0x2, 0xc9, 0x89, 0x42, 0x1f, 0xd4, 0x94, 0x5f, 0x14, 0xdf, 0x9f, 0x54, 0xcd, 0x6, 0x46, 0x8d, 0xc6, 0xd, 0x4d, 0x86, 0xdb, 0x10, 0x50, 0x9b, 0xd0, 0x1b, 0x5b, 0x90, 0xe1, 0x2a, 0x6a, 0xa1, 0xea, 0x21, 0x61, 0xaa, 0xf7, 0x3c, 0x7c, 0xb7, 0xfc, 0x37, 0x77, 0xbc, 0x95, 0x5e, 0x1e, 0xd5, 0x9e, 0x55, 0x15, 0xde, 0x83, 0x48, 0x8, 0xc3, 0x88, 0x43, 0x3, 0xc8, 0xb9, 0x72, 0x32, 0xf9, 0xb2, 0x79, 0x39, 0xf2, 0xaf, 0x64, 0x24, 0xef, 0xa4, 0x6f, 0x2f, 0xe4},
+ {0x0, 0xcc, 0x85, 0x49, 0x17, 0xdb, 0x92, 0x5e, 0x2e, 0xe2, 0xab, 0x67, 0x39, 0xf5, 0xbc, 0x70, 0x5c, 0x90, 0xd9, 0x15, 0x4b, 0x87, 0xce, 0x2, 0x72, 0xbe, 0xf7, 0x3b, 0x65, 0xa9, 0xe0, 0x2c, 0xb8, 0x74, 0x3d, 0xf1, 0xaf, 0x63, 0x2a, 0xe6, 0x96, 0x5a, 0x13, 0xdf, 0x81, 0x4d, 0x4, 0xc8, 0xe4, 0x28, 0x61, 0xad, 0xf3, 0x3f, 0x76, 0xba, 0xca, 0x6, 0x4f, 0x83, 0xdd, 0x11, 0x58, 0x94, 0x6d, 0xa1, 0xe8, 0x24, 0x7a, 0xb6, 0xff, 0x33, 0x43, 0x8f, 0xc6, 0xa, 0x54, 0x98, 0xd1, 0x1d, 0x31, 0xfd, 0xb4, 0x78, 0x26, 0xea, 0xa3, 0x6f, 0x1f, 0xd3, 0x9a, 0x56, 0x8, 0xc4, 0x8d, 0x41, 0xd5, 0x19, 0x50, 0x9c, 0xc2, 0xe, 0x47, 0x8b, 0xfb, 0x37, 0x7e, 0xb2, 0xec, 0x20, 0x69, 0xa5, 0x89, 0x45, 0xc, 0xc0, 0x9e, 0x52, 0x1b, 0xd7, 0xa7, 0x6b, 0x22, 0xee, 0xb0, 0x7c, 0x35, 0xf9, 0xda, 0x16, 0x5f, 0x93, 0xcd, 0x1, 0x48, 0x84, 0xf4, 0x38, 0x71, 0xbd, 0xe3, 0x2f, 0x66, 0xaa, 0x86, 0x4a, 0x3, 0xcf, 0x91, 0x5d, 0x14, 0xd8, 0xa8, 0x64, 0x2d, 0xe1, 0xbf, 0x73, 0x3a, 0xf6, 0x62, 0xae, 0xe7, 0x2b, 0x75, 0xb9, 0xf0, 0x3c, 0x4c, 0x80, 0xc9, 0x5, 0x5b, 0x97, 0xde, 0x12, 0x3e, 0xf2, 0xbb, 0x77, 0x29, 0xe5, 0xac, 0x60, 0x10, 0xdc, 0x95, 0x59, 0x7, 0xcb, 0x82, 0x4e, 0xb7, 0x7b, 0x32, 0xfe, 0xa0, 0x6c, 0x25, 0xe9, 0x99, 0x55, 0x1c, 0xd0, 0x8e, 0x42, 0xb, 0xc7, 0xeb, 0x27, 0x6e, 0xa2, 0xfc, 0x30, 0x79, 0xb5, 0xc5, 0x9, 0x40, 0x8c, 0xd2, 0x1e, 0x57, 0x9b, 0xf, 0xc3, 0x8a, 0x46, 0x18, 0xd4, 0x9d, 0x51, 0x21, 0xed, 0xa4, 0x68, 0x36, 0xfa, 0xb3, 0x7f, 0x53, 0x9f, 0xd6, 0x1a, 0x44, 0x88, 0xc1, 0xd, 0x7d, 0xb1, 0xf8, 0x34, 0x6a, 0xa6, 0xef, 0x23},
+ {0x0, 0xcd, 0x87, 0x4a, 0x13, 0xde, 0x94, 0x59, 0x26, 0xeb, 0xa1, 0x6c, 0x35, 0xf8, 0xb2, 0x7f, 0x4c, 0x81, 0xcb, 0x6, 0x5f, 0x92, 0xd8, 0x15, 0x6a, 0xa7, 0xed, 0x20, 0x79, 0xb4, 0xfe, 0x33, 0x98, 0x55, 0x1f, 0xd2, 0x8b, 0x46, 0xc, 0xc1, 0xbe, 0x73, 0x39, 0xf4, 0xad, 0x60, 0x2a, 0xe7, 0xd4, 0x19, 0x53, 0x9e, 0xc7, 0xa, 0x40, 0x8d, 0xf2, 0x3f, 0x75, 0xb8, 0xe1, 0x2c, 0x66, 0xab, 0x2d, 0xe0, 0xaa, 0x67, 0x3e, 0xf3, 0xb9, 0x74, 0xb, 0xc6, 0x8c, 0x41, 0x18, 0xd5, 0x9f, 0x52, 0x61, 0xac, 0xe6, 0x2b, 0x72, 0xbf, 0xf5, 0x38, 0x47, 0x8a, 0xc0, 0xd, 0x54, 0x99, 0xd3, 0x1e, 0xb5, 0x78, 0x32, 0xff, 0xa6, 0x6b, 0x21, 0xec, 0x93, 0x5e, 0x14, 0xd9, 0x80, 0x4d, 0x7, 0xca, 0xf9, 0x34, 0x7e, 0xb3, 0xea, 0x27, 0x6d, 0xa0, 0xdf, 0x12, 0x58, 0x95, 0xcc, 0x1, 0x4b, 0x86, 0x5a, 0x97, 0xdd, 0x10, 0x49, 0x84, 0xce, 0x3, 0x7c, 0xb1, 0xfb, 0x36, 0x6f, 0xa2, 0xe8, 0x25, 0x16, 0xdb, 0x91, 0x5c, 0x5, 0xc8, 0x82, 0x4f, 0x30, 0xfd, 0xb7, 0x7a, 0x23, 0xee, 0xa4, 0x69, 0xc2, 0xf, 0x45, 0x88, 0xd1, 0x1c, 0x56, 0x9b, 0xe4, 0x29, 0x63, 0xae, 0xf7, 0x3a, 0x70, 0xbd, 0x8e, 0x43, 0x9, 0xc4, 0x9d, 0x50, 0x1a, 0xd7, 0xa8, 0x65, 0x2f, 0xe2, 0xbb, 0x76, 0x3c, 0xf1, 0x77, 0xba, 0xf0, 0x3d, 0x64, 0xa9, 0xe3, 0x2e, 0x51, 0x9c, 0xd6, 0x1b, 0x42, 0x8f, 0xc5, 0x8, 0x3b, 0xf6, 0xbc, 0x71, 0x28, 0xe5, 0xaf, 0x62, 0x1d, 0xd0, 0x9a, 0x57, 0xe, 0xc3, 0x89, 0x44, 0xef, 0x22, 0x68, 0xa5, 0xfc, 0x31, 0x7b, 0xb6, 0xc9, 0x4, 0x4e, 0x83, 0xda, 0x17, 0x5d, 0x90, 0xa3, 0x6e, 0x24, 0xe9, 0xb0, 0x7d, 0x37, 0xfa, 0x85, 0x48, 0x2, 0xcf, 0x96, 0x5b, 0x11, 0xdc},
+ {0x0, 0xce, 0x81, 0x4f, 0x1f, 0xd1, 0x9e, 0x50, 0x3e, 0xf0, 0xbf, 0x71, 0x21, 0xef, 0xa0, 0x6e, 0x7c, 0xb2, 0xfd, 0x33, 0x63, 0xad, 0xe2, 0x2c, 0x42, 0x8c, 0xc3, 0xd, 0x5d, 0x93, 0xdc, 0x12, 0xf8, 0x36, 0x79, 0xb7, 0xe7, 0x29, 0x66, 0xa8, 0xc6, 0x8, 0x47, 0x89, 0xd9, 0x17, 0x58, 0x96, 0x84, 0x4a, 0x5, 0xcb, 0x9b, 0x55, 0x1a, 0xd4, 0xba, 0x74, 0x3b, 0xf5, 0xa5, 0x6b, 0x24, 0xea, 0xed, 0x23, 0x6c, 0xa2, 0xf2, 0x3c, 0x73, 0xbd, 0xd3, 0x1d, 0x52, 0x9c, 0xcc, 0x2, 0x4d, 0x83, 0x91, 0x5f, 0x10, 0xde, 0x8e, 0x40, 0xf, 0xc1, 0xaf, 0x61, 0x2e, 0xe0, 0xb0, 0x7e, 0x31, 0xff, 0x15, 0xdb, 0x94, 0x5a, 0xa, 0xc4, 0x8b, 0x45, 0x2b, 0xe5, 0xaa, 0x64, 0x34, 0xfa, 0xb5, 0x7b, 0x69, 0xa7, 0xe8, 0x26, 0x76, 0xb8, 0xf7, 0x39, 0x57, 0x99, 0xd6, 0x18, 0x48, 0x86, 0xc9, 0x7, 0xc7, 0x9, 0x46, 0x88, 0xd8, 0x16, 0x59, 0x97, 0xf9, 0x37, 0x78, 0xb6, 0xe6, 0x28, 0x67, 0xa9, 0xbb, 0x75, 0x3a, 0xf4, 0xa4, 0x6a, 0x25, 0xeb, 0x85, 0x4b, 0x4, 0xca, 0x9a, 0x54, 0x1b, 0xd5, 0x3f, 0xf1, 0xbe, 0x70, 0x20, 0xee, 0xa1, 0x6f, 0x1, 0xcf, 0x80, 0x4e, 0x1e, 0xd0, 0x9f, 0x51, 0x43, 0x8d, 0xc2, 0xc, 0x5c, 0x92, 0xdd, 0x13, 0x7d, 0xb3, 0xfc, 0x32, 0x62, 0xac, 0xe3, 0x2d, 0x2a, 0xe4, 0xab, 0x65, 0x35, 0xfb, 0xb4, 0x7a, 0x14, 0xda, 0x95, 0x5b, 0xb, 0xc5, 0x8a, 0x44, 0x56, 0x98, 0xd7, 0x19, 0x49, 0x87, 0xc8, 0x6, 0x68, 0xa6, 0xe9, 0x27, 0x77, 0xb9, 0xf6, 0x38, 0xd2, 0x1c, 0x53, 0x9d, 0xcd, 0x3, 0x4c, 0x82, 0xec, 0x22, 0x6d, 0xa3, 0xf3, 0x3d, 0x72, 0xbc, 0xae, 0x60, 0x2f, 0xe1, 0xb1, 0x7f, 0x30, 0xfe, 0x90, 0x5e, 0x11, 0xdf, 0x8f, 0x41, 0xe, 0xc0},
+ {0x0, 0xcf, 0x83, 0x4c, 0x1b, 0xd4, 0x98, 0x57, 0x36, 0xf9, 0xb5, 0x7a, 0x2d, 0xe2, 0xae, 0x61, 0x6c, 0xa3, 0xef, 0x20, 0x77, 0xb8, 0xf4, 0x3b, 0x5a, 0x95, 0xd9, 0x16, 0x41, 0x8e, 0xc2, 0xd, 0xd8, 0x17, 0x5b, 0x94, 0xc3, 0xc, 0x40, 0x8f, 0xee, 0x21, 0x6d, 0xa2, 0xf5, 0x3a, 0x76, 0xb9, 0xb4, 0x7b, 0x37, 0xf8, 0xaf, 0x60, 0x2c, 0xe3, 0x82, 0x4d, 0x1, 0xce, 0x99, 0x56, 0x1a, 0xd5, 0xad, 0x62, 0x2e, 0xe1, 0xb6, 0x79, 0x35, 0xfa, 0x9b, 0x54, 0x18, 0xd7, 0x80, 0x4f, 0x3, 0xcc, 0xc1, 0xe, 0x42, 0x8d, 0xda, 0x15, 0x59, 0x96, 0xf7, 0x38, 0x74, 0xbb, 0xec, 0x23, 0x6f, 0xa0, 0x75, 0xba, 0xf6, 0x39, 0x6e, 0xa1, 0xed, 0x22, 0x43, 0x8c, 0xc0, 0xf, 0x58, 0x97, 0xdb, 0x14, 0x19, 0xd6, 0x9a, 0x55, 0x2, 0xcd, 0x81, 0x4e, 0x2f, 0xe0, 0xac, 0x63, 0x34, 0xfb, 0xb7, 0x78, 0x47, 0x88, 0xc4, 0xb, 0x5c, 0x93, 0xdf, 0x10, 0x71, 0xbe, 0xf2, 0x3d, 0x6a, 0xa5, 0xe9, 0x26, 0x2b, 0xe4, 0xa8, 0x67, 0x30, 0xff, 0xb3, 0x7c, 0x1d, 0xd2, 0x9e, 0x51, 0x6, 0xc9, 0x85, 0x4a, 0x9f, 0x50, 0x1c, 0xd3, 0x84, 0x4b, 0x7, 0xc8, 0xa9, 0x66, 0x2a, 0xe5, 0xb2, 0x7d, 0x31, 0xfe, 0xf3, 0x3c, 0x70, 0xbf, 0xe8, 0x27, 0x6b, 0xa4, 0xc5, 0xa, 0x46, 0x89, 0xde, 0x11, 0x5d, 0x92, 0xea, 0x25, 0x69, 0xa6, 0xf1, 0x3e, 0x72, 0xbd, 0xdc, 0x13, 0x5f, 0x90, 0xc7, 0x8, 0x44, 0x8b, 0x86, 0x49, 0x5, 0xca, 0x9d, 0x52, 0x1e, 0xd1, 0xb0, 0x7f, 0x33, 0xfc, 0xab, 0x64, 0x28, 0xe7, 0x32, 0xfd, 0xb1, 0x7e, 0x29, 0xe6, 0xaa, 0x65, 0x4, 0xcb, 0x87, 0x48, 0x1f, 0xd0, 0x9c, 0x53, 0x5e, 0x91, 0xdd, 0x12, 0x45, 0x8a, 0xc6, 0x9, 0x68, 0xa7, 0xeb, 0x24, 0x73, 0xbc, 0xf0, 0x3f},
+ {0x0, 0xd0, 0xbd, 0x6d, 0x67, 0xb7, 0xda, 0xa, 0xce, 0x1e, 0x73, 0xa3, 0xa9, 0x79, 0x14, 0xc4, 0x81, 0x51, 0x3c, 0xec, 0xe6, 0x36, 0x5b, 0x8b, 0x4f, 0x9f, 0xf2, 0x22, 0x28, 0xf8, 0x95, 0x45, 0x1f, 0xcf, 0xa2, 0x72, 0x78, 0xa8, 0xc5, 0x15, 0xd1, 0x1, 0x6c, 0xbc, 0xb6, 0x66, 0xb, 0xdb, 0x9e, 0x4e, 0x23, 0xf3, 0xf9, 0x29, 0x44, 0x94, 0x50, 0x80, 0xed, 0x3d, 0x37, 0xe7, 0x8a, 0x5a, 0x3e, 0xee, 0x83, 0x53, 0x59, 0x89, 0xe4, 0x34, 0xf0, 0x20, 0x4d, 0x9d, 0x97, 0x47, 0x2a, 0xfa, 0xbf, 0x6f, 0x2, 0xd2, 0xd8, 0x8, 0x65, 0xb5, 0x71, 0xa1, 0xcc, 0x1c, 0x16, 0xc6, 0xab, 0x7b, 0x21, 0xf1, 0x9c, 0x4c, 0x46, 0x96, 0xfb, 0x2b, 0xef, 0x3f, 0x52, 0x82, 0x88, 0x58, 0x35, 0xe5, 0xa0, 0x70, 0x1d, 0xcd, 0xc7, 0x17, 0x7a, 0xaa, 0x6e, 0xbe, 0xd3, 0x3, 0x9, 0xd9, 0xb4, 0x64, 0x7c, 0xac, 0xc1, 0x11, 0x1b, 0xcb, 0xa6, 0x76, 0xb2, 0x62, 0xf, 0xdf, 0xd5, 0x5, 0x68, 0xb8, 0xfd, 0x2d, 0x40, 0x90, 0x9a, 0x4a, 0x27, 0xf7, 0x33, 0xe3, 0x8e, 0x5e, 0x54, 0x84, 0xe9, 0x39, 0x63, 0xb3, 0xde, 0xe, 0x4, 0xd4, 0xb9, 0x69, 0xad, 0x7d, 0x10, 0xc0, 0xca, 0x1a, 0x77, 0xa7, 0xe2, 0x32, 0x5f, 0x8f, 0x85, 0x55, 0x38, 0xe8, 0x2c, 0xfc, 0x91, 0x41, 0x4b, 0x9b, 0xf6, 0x26, 0x42, 0x92, 0xff, 0x2f, 0x25, 0xf5, 0x98, 0x48, 0x8c, 0x5c, 0x31, 0xe1, 0xeb, 0x3b, 0x56, 0x86, 0xc3, 0x13, 0x7e, 0xae, 0xa4, 0x74, 0x19, 0xc9, 0xd, 0xdd, 0xb0, 0x60, 0x6a, 0xba, 0xd7, 0x7, 0x5d, 0x8d, 0xe0, 0x30, 0x3a, 0xea, 0x87, 0x57, 0x93, 0x43, 0x2e, 0xfe, 0xf4, 0x24, 0x49, 0x99, 0xdc, 0xc, 0x61, 0xb1, 0xbb, 0x6b, 0x6, 0xd6, 0x12, 0xc2, 0xaf, 0x7f, 0x75, 0xa5, 0xc8, 0x18},
+ {0x0, 0xd1, 0xbf, 0x6e, 0x63, 0xb2, 0xdc, 0xd, 0xc6, 0x17, 0x79, 0xa8, 0xa5, 0x74, 0x1a, 0xcb, 0x91, 0x40, 0x2e, 0xff, 0xf2, 0x23, 0x4d, 0x9c, 0x57, 0x86, 0xe8, 0x39, 0x34, 0xe5, 0x8b, 0x5a, 0x3f, 0xee, 0x80, 0x51, 0x5c, 0x8d, 0xe3, 0x32, 0xf9, 0x28, 0x46, 0x97, 0x9a, 0x4b, 0x25, 0xf4, 0xae, 0x7f, 0x11, 0xc0, 0xcd, 0x1c, 0x72, 0xa3, 0x68, 0xb9, 0xd7, 0x6, 0xb, 0xda, 0xb4, 0x65, 0x7e, 0xaf, 0xc1, 0x10, 0x1d, 0xcc, 0xa2, 0x73, 0xb8, 0x69, 0x7, 0xd6, 0xdb, 0xa, 0x64, 0xb5, 0xef, 0x3e, 0x50, 0x81, 0x8c, 0x5d, 0x33, 0xe2, 0x29, 0xf8, 0x96, 0x47, 0x4a, 0x9b, 0xf5, 0x24, 0x41, 0x90, 0xfe, 0x2f, 0x22, 0xf3, 0x9d, 0x4c, 0x87, 0x56, 0x38, 0xe9, 0xe4, 0x35, 0x5b, 0x8a, 0xd0, 0x1, 0x6f, 0xbe, 0xb3, 0x62, 0xc, 0xdd, 0x16, 0xc7, 0xa9, 0x78, 0x75, 0xa4, 0xca, 0x1b, 0xfc, 0x2d, 0x43, 0x92, 0x9f, 0x4e, 0x20, 0xf1, 0x3a, 0xeb, 0x85, 0x54, 0x59, 0x88, 0xe6, 0x37, 0x6d, 0xbc, 0xd2, 0x3, 0xe, 0xdf, 0xb1, 0x60, 0xab, 0x7a, 0x14, 0xc5, 0xc8, 0x19, 0x77, 0xa6, 0xc3, 0x12, 0x7c, 0xad, 0xa0, 0x71, 0x1f, 0xce, 0x5, 0xd4, 0xba, 0x6b, 0x66, 0xb7, 0xd9, 0x8, 0x52, 0x83, 0xed, 0x3c, 0x31, 0xe0, 0x8e, 0x5f, 0x94, 0x45, 0x2b, 0xfa, 0xf7, 0x26, 0x48, 0x99, 0x82, 0x53, 0x3d, 0xec, 0xe1, 0x30, 0x5e, 0x8f, 0x44, 0x95, 0xfb, 0x2a, 0x27, 0xf6, 0x98, 0x49, 0x13, 0xc2, 0xac, 0x7d, 0x70, 0xa1, 0xcf, 0x1e, 0xd5, 0x4, 0x6a, 0xbb, 0xb6, 0x67, 0x9, 0xd8, 0xbd, 0x6c, 0x2, 0xd3, 0xde, 0xf, 0x61, 0xb0, 0x7b, 0xaa, 0xc4, 0x15, 0x18, 0xc9, 0xa7, 0x76, 0x2c, 0xfd, 0x93, 0x42, 0x4f, 0x9e, 0xf0, 0x21, 0xea, 0x3b, 0x55, 0x84, 0x89, 0x58, 0x36, 0xe7},
+ {0x0, 0xd2, 0xb9, 0x6b, 0x6f, 0xbd, 0xd6, 0x4, 0xde, 0xc, 0x67, 0xb5, 0xb1, 0x63, 0x8, 0xda, 0xa1, 0x73, 0x18, 0xca, 0xce, 0x1c, 0x77, 0xa5, 0x7f, 0xad, 0xc6, 0x14, 0x10, 0xc2, 0xa9, 0x7b, 0x5f, 0x8d, 0xe6, 0x34, 0x30, 0xe2, 0x89, 0x5b, 0x81, 0x53, 0x38, 0xea, 0xee, 0x3c, 0x57, 0x85, 0xfe, 0x2c, 0x47, 0x95, 0x91, 0x43, 0x28, 0xfa, 0x20, 0xf2, 0x99, 0x4b, 0x4f, 0x9d, 0xf6, 0x24, 0xbe, 0x6c, 0x7, 0xd5, 0xd1, 0x3, 0x68, 0xba, 0x60, 0xb2, 0xd9, 0xb, 0xf, 0xdd, 0xb6, 0x64, 0x1f, 0xcd, 0xa6, 0x74, 0x70, 0xa2, 0xc9, 0x1b, 0xc1, 0x13, 0x78, 0xaa, 0xae, 0x7c, 0x17, 0xc5, 0xe1, 0x33, 0x58, 0x8a, 0x8e, 0x5c, 0x37, 0xe5, 0x3f, 0xed, 0x86, 0x54, 0x50, 0x82, 0xe9, 0x3b, 0x40, 0x92, 0xf9, 0x2b, 0x2f, 0xfd, 0x96, 0x44, 0x9e, 0x4c, 0x27, 0xf5, 0xf1, 0x23, 0x48, 0x9a, 0x61, 0xb3, 0xd8, 0xa, 0xe, 0xdc, 0xb7, 0x65, 0xbf, 0x6d, 0x6, 0xd4, 0xd0, 0x2, 0x69, 0xbb, 0xc0, 0x12, 0x79, 0xab, 0xaf, 0x7d, 0x16, 0xc4, 0x1e, 0xcc, 0xa7, 0x75, 0x71, 0xa3, 0xc8, 0x1a, 0x3e, 0xec, 0x87, 0x55, 0x51, 0x83, 0xe8, 0x3a, 0xe0, 0x32, 0x59, 0x8b, 0x8f, 0x5d, 0x36, 0xe4, 0x9f, 0x4d, 0x26, 0xf4, 0xf0, 0x22, 0x49, 0x9b, 0x41, 0x93, 0xf8, 0x2a, 0x2e, 0xfc, 0x97, 0x45, 0xdf, 0xd, 0x66, 0xb4, 0xb0, 0x62, 0x9, 0xdb, 0x1, 0xd3, 0xb8, 0x6a, 0x6e, 0xbc, 0xd7, 0x5, 0x7e, 0xac, 0xc7, 0x15, 0x11, 0xc3, 0xa8, 0x7a, 0xa0, 0x72, 0x19, 0xcb, 0xcf, 0x1d, 0x76, 0xa4, 0x80, 0x52, 0x39, 0xeb, 0xef, 0x3d, 0x56, 0x84, 0x5e, 0x8c, 0xe7, 0x35, 0x31, 0xe3, 0x88, 0x5a, 0x21, 0xf3, 0x98, 0x4a, 0x4e, 0x9c, 0xf7, 0x25, 0xff, 0x2d, 0x46, 0x94, 0x90, 0x42, 0x29, 0xfb},
+ {0x0, 0xd3, 0xbb, 0x68, 0x6b, 0xb8, 0xd0, 0x3, 0xd6, 0x5, 0x6d, 0xbe, 0xbd, 0x6e, 0x6, 0xd5, 0xb1, 0x62, 0xa, 0xd9, 0xda, 0x9, 0x61, 0xb2, 0x67, 0xb4, 0xdc, 0xf, 0xc, 0xdf, 0xb7, 0x64, 0x7f, 0xac, 0xc4, 0x17, 0x14, 0xc7, 0xaf, 0x7c, 0xa9, 0x7a, 0x12, 0xc1, 0xc2, 0x11, 0x79, 0xaa, 0xce, 0x1d, 0x75, 0xa6, 0xa5, 0x76, 0x1e, 0xcd, 0x18, 0xcb, 0xa3, 0x70, 0x73, 0xa0, 0xc8, 0x1b, 0xfe, 0x2d, 0x45, 0x96, 0x95, 0x46, 0x2e, 0xfd, 0x28, 0xfb, 0x93, 0x40, 0x43, 0x90, 0xf8, 0x2b, 0x4f, 0x9c, 0xf4, 0x27, 0x24, 0xf7, 0x9f, 0x4c, 0x99, 0x4a, 0x22, 0xf1, 0xf2, 0x21, 0x49, 0x9a, 0x81, 0x52, 0x3a, 0xe9, 0xea, 0x39, 0x51, 0x82, 0x57, 0x84, 0xec, 0x3f, 0x3c, 0xef, 0x87, 0x54, 0x30, 0xe3, 0x8b, 0x58, 0x5b, 0x88, 0xe0, 0x33, 0xe6, 0x35, 0x5d, 0x8e, 0x8d, 0x5e, 0x36, 0xe5, 0xe1, 0x32, 0x5a, 0x89, 0x8a, 0x59, 0x31, 0xe2, 0x37, 0xe4, 0x8c, 0x5f, 0x5c, 0x8f, 0xe7, 0x34, 0x50, 0x83, 0xeb, 0x38, 0x3b, 0xe8, 0x80, 0x53, 0x86, 0x55, 0x3d, 0xee, 0xed, 0x3e, 0x56, 0x85, 0x9e, 0x4d, 0x25, 0xf6, 0xf5, 0x26, 0x4e, 0x9d, 0x48, 0x9b, 0xf3, 0x20, 0x23, 0xf0, 0x98, 0x4b, 0x2f, 0xfc, 0x94, 0x47, 0x44, 0x97, 0xff, 0x2c, 0xf9, 0x2a, 0x42, 0x91, 0x92, 0x41, 0x29, 0xfa, 0x1f, 0xcc, 0xa4, 0x77, 0x74, 0xa7, 0xcf, 0x1c, 0xc9, 0x1a, 0x72, 0xa1, 0xa2, 0x71, 0x19, 0xca, 0xae, 0x7d, 0x15, 0xc6, 0xc5, 0x16, 0x7e, 0xad, 0x78, 0xab, 0xc3, 0x10, 0x13, 0xc0, 0xa8, 0x7b, 0x60, 0xb3, 0xdb, 0x8, 0xb, 0xd8, 0xb0, 0x63, 0xb6, 0x65, 0xd, 0xde, 0xdd, 0xe, 0x66, 0xb5, 0xd1, 0x2, 0x6a, 0xb9, 0xba, 0x69, 0x1, 0xd2, 0x7, 0xd4, 0xbc, 0x6f, 0x6c, 0xbf, 0xd7, 0x4},
+ {0x0, 0xd4, 0xb5, 0x61, 0x77, 0xa3, 0xc2, 0x16, 0xee, 0x3a, 0x5b, 0x8f, 0x99, 0x4d, 0x2c, 0xf8, 0xc1, 0x15, 0x74, 0xa0, 0xb6, 0x62, 0x3, 0xd7, 0x2f, 0xfb, 0x9a, 0x4e, 0x58, 0x8c, 0xed, 0x39, 0x9f, 0x4b, 0x2a, 0xfe, 0xe8, 0x3c, 0x5d, 0x89, 0x71, 0xa5, 0xc4, 0x10, 0x6, 0xd2, 0xb3, 0x67, 0x5e, 0x8a, 0xeb, 0x3f, 0x29, 0xfd, 0x9c, 0x48, 0xb0, 0x64, 0x5, 0xd1, 0xc7, 0x13, 0x72, 0xa6, 0x23, 0xf7, 0x96, 0x42, 0x54, 0x80, 0xe1, 0x35, 0xcd, 0x19, 0x78, 0xac, 0xba, 0x6e, 0xf, 0xdb, 0xe2, 0x36, 0x57, 0x83, 0x95, 0x41, 0x20, 0xf4, 0xc, 0xd8, 0xb9, 0x6d, 0x7b, 0xaf, 0xce, 0x1a, 0xbc, 0x68, 0x9, 0xdd, 0xcb, 0x1f, 0x7e, 0xaa, 0x52, 0x86, 0xe7, 0x33, 0x25, 0xf1, 0x90, 0x44, 0x7d, 0xa9, 0xc8, 0x1c, 0xa, 0xde, 0xbf, 0x6b, 0x93, 0x47, 0x26, 0xf2, 0xe4, 0x30, 0x51, 0x85, 0x46, 0x92, 0xf3, 0x27, 0x31, 0xe5, 0x84, 0x50, 0xa8, 0x7c, 0x1d, 0xc9, 0xdf, 0xb, 0x6a, 0xbe, 0x87, 0x53, 0x32, 0xe6, 0xf0, 0x24, 0x45, 0x91, 0x69, 0xbd, 0xdc, 0x8, 0x1e, 0xca, 0xab, 0x7f, 0xd9, 0xd, 0x6c, 0xb8, 0xae, 0x7a, 0x1b, 0xcf, 0x37, 0xe3, 0x82, 0x56, 0x40, 0x94, 0xf5, 0x21, 0x18, 0xcc, 0xad, 0x79, 0x6f, 0xbb, 0xda, 0xe, 0xf6, 0x22, 0x43, 0x97, 0x81, 0x55, 0x34, 0xe0, 0x65, 0xb1, 0xd0, 0x4, 0x12, 0xc6, 0xa7, 0x73, 0x8b, 0x5f, 0x3e, 0xea, 0xfc, 0x28, 0x49, 0x9d, 0xa4, 0x70, 0x11, 0xc5, 0xd3, 0x7, 0x66, 0xb2, 0x4a, 0x9e, 0xff, 0x2b, 0x3d, 0xe9, 0x88, 0x5c, 0xfa, 0x2e, 0x4f, 0x9b, 0x8d, 0x59, 0x38, 0xec, 0x14, 0xc0, 0xa1, 0x75, 0x63, 0xb7, 0xd6, 0x2, 0x3b, 0xef, 0x8e, 0x5a, 0x4c, 0x98, 0xf9, 0x2d, 0xd5, 0x1, 0x60, 0xb4, 0xa2, 0x76, 0x17, 0xc3},
+ {0x0, 0xd5, 0xb7, 0x62, 0x73, 0xa6, 0xc4, 0x11, 0xe6, 0x33, 0x51, 0x84, 0x95, 0x40, 0x22, 0xf7, 0xd1, 0x4, 0x66, 0xb3, 0xa2, 0x77, 0x15, 0xc0, 0x37, 0xe2, 0x80, 0x55, 0x44, 0x91, 0xf3, 0x26, 0xbf, 0x6a, 0x8, 0xdd, 0xcc, 0x19, 0x7b, 0xae, 0x59, 0x8c, 0xee, 0x3b, 0x2a, 0xff, 0x9d, 0x48, 0x6e, 0xbb, 0xd9, 0xc, 0x1d, 0xc8, 0xaa, 0x7f, 0x88, 0x5d, 0x3f, 0xea, 0xfb, 0x2e, 0x4c, 0x99, 0x63, 0xb6, 0xd4, 0x1, 0x10, 0xc5, 0xa7, 0x72, 0x85, 0x50, 0x32, 0xe7, 0xf6, 0x23, 0x41, 0x94, 0xb2, 0x67, 0x5, 0xd0, 0xc1, 0x14, 0x76, 0xa3, 0x54, 0x81, 0xe3, 0x36, 0x27, 0xf2, 0x90, 0x45, 0xdc, 0x9, 0x6b, 0xbe, 0xaf, 0x7a, 0x18, 0xcd, 0x3a, 0xef, 0x8d, 0x58, 0x49, 0x9c, 0xfe, 0x2b, 0xd, 0xd8, 0xba, 0x6f, 0x7e, 0xab, 0xc9, 0x1c, 0xeb, 0x3e, 0x5c, 0x89, 0x98, 0x4d, 0x2f, 0xfa, 0xc6, 0x13, 0x71, 0xa4, 0xb5, 0x60, 0x2, 0xd7, 0x20, 0xf5, 0x97, 0x42, 0x53, 0x86, 0xe4, 0x31, 0x17, 0xc2, 0xa0, 0x75, 0x64, 0xb1, 0xd3, 0x6, 0xf1, 0x24, 0x46, 0x93, 0x82, 0x57, 0x35, 0xe0, 0x79, 0xac, 0xce, 0x1b, 0xa, 0xdf, 0xbd, 0x68, 0x9f, 0x4a, 0x28, 0xfd, 0xec, 0x39, 0x5b, 0x8e, 0xa8, 0x7d, 0x1f, 0xca, 0xdb, 0xe, 0x6c, 0xb9, 0x4e, 0x9b, 0xf9, 0x2c, 0x3d, 0xe8, 0x8a, 0x5f, 0xa5, 0x70, 0x12, 0xc7, 0xd6, 0x3, 0x61, 0xb4, 0x43, 0x96, 0xf4, 0x21, 0x30, 0xe5, 0x87, 0x52, 0x74, 0xa1, 0xc3, 0x16, 0x7, 0xd2, 0xb0, 0x65, 0x92, 0x47, 0x25, 0xf0, 0xe1, 0x34, 0x56, 0x83, 0x1a, 0xcf, 0xad, 0x78, 0x69, 0xbc, 0xde, 0xb, 0xfc, 0x29, 0x4b, 0x9e, 0x8f, 0x5a, 0x38, 0xed, 0xcb, 0x1e, 0x7c, 0xa9, 0xb8, 0x6d, 0xf, 0xda, 0x2d, 0xf8, 0x9a, 0x4f, 0x5e, 0x8b, 0xe9, 0x3c},
+ {0x0, 0xd6, 0xb1, 0x67, 0x7f, 0xa9, 0xce, 0x18, 0xfe, 0x28, 0x4f, 0x99, 0x81, 0x57, 0x30, 0xe6, 0xe1, 0x37, 0x50, 0x86, 0x9e, 0x48, 0x2f, 0xf9, 0x1f, 0xc9, 0xae, 0x78, 0x60, 0xb6, 0xd1, 0x7, 0xdf, 0x9, 0x6e, 0xb8, 0xa0, 0x76, 0x11, 0xc7, 0x21, 0xf7, 0x90, 0x46, 0x5e, 0x88, 0xef, 0x39, 0x3e, 0xe8, 0x8f, 0x59, 0x41, 0x97, 0xf0, 0x26, 0xc0, 0x16, 0x71, 0xa7, 0xbf, 0x69, 0xe, 0xd8, 0xa3, 0x75, 0x12, 0xc4, 0xdc, 0xa, 0x6d, 0xbb, 0x5d, 0x8b, 0xec, 0x3a, 0x22, 0xf4, 0x93, 0x45, 0x42, 0x94, 0xf3, 0x25, 0x3d, 0xeb, 0x8c, 0x5a, 0xbc, 0x6a, 0xd, 0xdb, 0xc3, 0x15, 0x72, 0xa4, 0x7c, 0xaa, 0xcd, 0x1b, 0x3, 0xd5, 0xb2, 0x64, 0x82, 0x54, 0x33, 0xe5, 0xfd, 0x2b, 0x4c, 0x9a, 0x9d, 0x4b, 0x2c, 0xfa, 0xe2, 0x34, 0x53, 0x85, 0x63, 0xb5, 0xd2, 0x4, 0x1c, 0xca, 0xad, 0x7b, 0x5b, 0x8d, 0xea, 0x3c, 0x24, 0xf2, 0x95, 0x43, 0xa5, 0x73, 0x14, 0xc2, 0xda, 0xc, 0x6b, 0xbd, 0xba, 0x6c, 0xb, 0xdd, 0xc5, 0x13, 0x74, 0xa2, 0x44, 0x92, 0xf5, 0x23, 0x3b, 0xed, 0x8a, 0x5c, 0x84, 0x52, 0x35, 0xe3, 0xfb, 0x2d, 0x4a, 0x9c, 0x7a, 0xac, 0xcb, 0x1d, 0x5, 0xd3, 0xb4, 0x62, 0x65, 0xb3, 0xd4, 0x2, 0x1a, 0xcc, 0xab, 0x7d, 0x9b, 0x4d, 0x2a, 0xfc, 0xe4, 0x32, 0x55, 0x83, 0xf8, 0x2e, 0x49, 0x9f, 0x87, 0x51, 0x36, 0xe0, 0x6, 0xd0, 0xb7, 0x61, 0x79, 0xaf, 0xc8, 0x1e, 0x19, 0xcf, 0xa8, 0x7e, 0x66, 0xb0, 0xd7, 0x1, 0xe7, 0x31, 0x56, 0x80, 0x98, 0x4e, 0x29, 0xff, 0x27, 0xf1, 0x96, 0x40, 0x58, 0x8e, 0xe9, 0x3f, 0xd9, 0xf, 0x68, 0xbe, 0xa6, 0x70, 0x17, 0xc1, 0xc6, 0x10, 0x77, 0xa1, 0xb9, 0x6f, 0x8, 0xde, 0x38, 0xee, 0x89, 0x5f, 0x47, 0x91, 0xf6, 0x20},
+ {0x0, 0xd7, 0xb3, 0x64, 0x7b, 0xac, 0xc8, 0x1f, 0xf6, 0x21, 0x45, 0x92, 0x8d, 0x5a, 0x3e, 0xe9, 0xf1, 0x26, 0x42, 0x95, 0x8a, 0x5d, 0x39, 0xee, 0x7, 0xd0, 0xb4, 0x63, 0x7c, 0xab, 0xcf, 0x18, 0xff, 0x28, 0x4c, 0x9b, 0x84, 0x53, 0x37, 0xe0, 0x9, 0xde, 0xba, 0x6d, 0x72, 0xa5, 0xc1, 0x16, 0xe, 0xd9, 0xbd, 0x6a, 0x75, 0xa2, 0xc6, 0x11, 0xf8, 0x2f, 0x4b, 0x9c, 0x83, 0x54, 0x30, 0xe7, 0xe3, 0x34, 0x50, 0x87, 0x98, 0x4f, 0x2b, 0xfc, 0x15, 0xc2, 0xa6, 0x71, 0x6e, 0xb9, 0xdd, 0xa, 0x12, 0xc5, 0xa1, 0x76, 0x69, 0xbe, 0xda, 0xd, 0xe4, 0x33, 0x57, 0x80, 0x9f, 0x48, 0x2c, 0xfb, 0x1c, 0xcb, 0xaf, 0x78, 0x67, 0xb0, 0xd4, 0x3, 0xea, 0x3d, 0x59, 0x8e, 0x91, 0x46, 0x22, 0xf5, 0xed, 0x3a, 0x5e, 0x89, 0x96, 0x41, 0x25, 0xf2, 0x1b, 0xcc, 0xa8, 0x7f, 0x60, 0xb7, 0xd3, 0x4, 0xdb, 0xc, 0x68, 0xbf, 0xa0, 0x77, 0x13, 0xc4, 0x2d, 0xfa, 0x9e, 0x49, 0x56, 0x81, 0xe5, 0x32, 0x2a, 0xfd, 0x99, 0x4e, 0x51, 0x86, 0xe2, 0x35, 0xdc, 0xb, 0x6f, 0xb8, 0xa7, 0x70, 0x14, 0xc3, 0x24, 0xf3, 0x97, 0x40, 0x5f, 0x88, 0xec, 0x3b, 0xd2, 0x5, 0x61, 0xb6, 0xa9, 0x7e, 0x1a, 0xcd, 0xd5, 0x2, 0x66, 0xb1, 0xae, 0x79, 0x1d, 0xca, 0x23, 0xf4, 0x90, 0x47, 0x58, 0x8f, 0xeb, 0x3c, 0x38, 0xef, 0x8b, 0x5c, 0x43, 0x94, 0xf0, 0x27, 0xce, 0x19, 0x7d, 0xaa, 0xb5, 0x62, 0x6, 0xd1, 0xc9, 0x1e, 0x7a, 0xad, 0xb2, 0x65, 0x1, 0xd6, 0x3f, 0xe8, 0x8c, 0x5b, 0x44, 0x93, 0xf7, 0x20, 0xc7, 0x10, 0x74, 0xa3, 0xbc, 0x6b, 0xf, 0xd8, 0x31, 0xe6, 0x82, 0x55, 0x4a, 0x9d, 0xf9, 0x2e, 0x36, 0xe1, 0x85, 0x52, 0x4d, 0x9a, 0xfe, 0x29, 0xc0, 0x17, 0x73, 0xa4, 0xbb, 0x6c, 0x8, 0xdf},
+ {0x0, 0xd8, 0xad, 0x75, 0x47, 0x9f, 0xea, 0x32, 0x8e, 0x56, 0x23, 0xfb, 0xc9, 0x11, 0x64, 0xbc, 0x1, 0xd9, 0xac, 0x74, 0x46, 0x9e, 0xeb, 0x33, 0x8f, 0x57, 0x22, 0xfa, 0xc8, 0x10, 0x65, 0xbd, 0x2, 0xda, 0xaf, 0x77, 0x45, 0x9d, 0xe8, 0x30, 0x8c, 0x54, 0x21, 0xf9, 0xcb, 0x13, 0x66, 0xbe, 0x3, 0xdb, 0xae, 0x76, 0x44, 0x9c, 0xe9, 0x31, 0x8d, 0x55, 0x20, 0xf8, 0xca, 0x12, 0x67, 0xbf, 0x4, 0xdc, 0xa9, 0x71, 0x43, 0x9b, 0xee, 0x36, 0x8a, 0x52, 0x27, 0xff, 0xcd, 0x15, 0x60, 0xb8, 0x5, 0xdd, 0xa8, 0x70, 0x42, 0x9a, 0xef, 0x37, 0x8b, 0x53, 0x26, 0xfe, 0xcc, 0x14, 0x61, 0xb9, 0x6, 0xde, 0xab, 0x73, 0x41, 0x99, 0xec, 0x34, 0x88, 0x50, 0x25, 0xfd, 0xcf, 0x17, 0x62, 0xba, 0x7, 0xdf, 0xaa, 0x72, 0x40, 0x98, 0xed, 0x35, 0x89, 0x51, 0x24, 0xfc, 0xce, 0x16, 0x63, 0xbb, 0x8, 0xd0, 0xa5, 0x7d, 0x4f, 0x97, 0xe2, 0x3a, 0x86, 0x5e, 0x2b, 0xf3, 0xc1, 0x19, 0x6c, 0xb4, 0x9, 0xd1, 0xa4, 0x7c, 0x4e, 0x96, 0xe3, 0x3b, 0x87, 0x5f, 0x2a, 0xf2, 0xc0, 0x18, 0x6d, 0xb5, 0xa, 0xd2, 0xa7, 0x7f, 0x4d, 0x95, 0xe0, 0x38, 0x84, 0x5c, 0x29, 0xf1, 0xc3, 0x1b, 0x6e, 0xb6, 0xb, 0xd3, 0xa6, 0x7e, 0x4c, 0x94, 0xe1, 0x39, 0x85, 0x5d, 0x28, 0xf0, 0xc2, 0x1a, 0x6f, 0xb7, 0xc, 0xd4, 0xa1, 0x79, 0x4b, 0x93, 0xe6, 0x3e, 0x82, 0x5a, 0x2f, 0xf7, 0xc5, 0x1d, 0x68, 0xb0, 0xd, 0xd5, 0xa0, 0x78, 0x4a, 0x92, 0xe7, 0x3f, 0x83, 0x5b, 0x2e, 0xf6, 0xc4, 0x1c, 0x69, 0xb1, 0xe, 0xd6, 0xa3, 0x7b, 0x49, 0x91, 0xe4, 0x3c, 0x80, 0x58, 0x2d, 0xf5, 0xc7, 0x1f, 0x6a, 0xb2, 0xf, 0xd7, 0xa2, 0x7a, 0x48, 0x90, 0xe5, 0x3d, 0x81, 0x59, 0x2c, 0xf4, 0xc6, 0x1e, 0x6b, 0xb3},
+ {0x0, 0xd9, 0xaf, 0x76, 0x43, 0x9a, 0xec, 0x35, 0x86, 0x5f, 0x29, 0xf0, 0xc5, 0x1c, 0x6a, 0xb3, 0x11, 0xc8, 0xbe, 0x67, 0x52, 0x8b, 0xfd, 0x24, 0x97, 0x4e, 0x38, 0xe1, 0xd4, 0xd, 0x7b, 0xa2, 0x22, 0xfb, 0x8d, 0x54, 0x61, 0xb8, 0xce, 0x17, 0xa4, 0x7d, 0xb, 0xd2, 0xe7, 0x3e, 0x48, 0x91, 0x33, 0xea, 0x9c, 0x45, 0x70, 0xa9, 0xdf, 0x6, 0xb5, 0x6c, 0x1a, 0xc3, 0xf6, 0x2f, 0x59, 0x80, 0x44, 0x9d, 0xeb, 0x32, 0x7, 0xde, 0xa8, 0x71, 0xc2, 0x1b, 0x6d, 0xb4, 0x81, 0x58, 0x2e, 0xf7, 0x55, 0x8c, 0xfa, 0x23, 0x16, 0xcf, 0xb9, 0x60, 0xd3, 0xa, 0x7c, 0xa5, 0x90, 0x49, 0x3f, 0xe6, 0x66, 0xbf, 0xc9, 0x10, 0x25, 0xfc, 0x8a, 0x53, 0xe0, 0x39, 0x4f, 0x96, 0xa3, 0x7a, 0xc, 0xd5, 0x77, 0xae, 0xd8, 0x1, 0x34, 0xed, 0x9b, 0x42, 0xf1, 0x28, 0x5e, 0x87, 0xb2, 0x6b, 0x1d, 0xc4, 0x88, 0x51, 0x27, 0xfe, 0xcb, 0x12, 0x64, 0xbd, 0xe, 0xd7, 0xa1, 0x78, 0x4d, 0x94, 0xe2, 0x3b, 0x99, 0x40, 0x36, 0xef, 0xda, 0x3, 0x75, 0xac, 0x1f, 0xc6, 0xb0, 0x69, 0x5c, 0x85, 0xf3, 0x2a, 0xaa, 0x73, 0x5, 0xdc, 0xe9, 0x30, 0x46, 0x9f, 0x2c, 0xf5, 0x83, 0x5a, 0x6f, 0xb6, 0xc0, 0x19, 0xbb, 0x62, 0x14, 0xcd, 0xf8, 0x21, 0x57, 0x8e, 0x3d, 0xe4, 0x92, 0x4b, 0x7e, 0xa7, 0xd1, 0x8, 0xcc, 0x15, 0x63, 0xba, 0x8f, 0x56, 0x20, 0xf9, 0x4a, 0x93, 0xe5, 0x3c, 0x9, 0xd0, 0xa6, 0x7f, 0xdd, 0x4, 0x72, 0xab, 0x9e, 0x47, 0x31, 0xe8, 0x5b, 0x82, 0xf4, 0x2d, 0x18, 0xc1, 0xb7, 0x6e, 0xee, 0x37, 0x41, 0x98, 0xad, 0x74, 0x2, 0xdb, 0x68, 0xb1, 0xc7, 0x1e, 0x2b, 0xf2, 0x84, 0x5d, 0xff, 0x26, 0x50, 0x89, 0xbc, 0x65, 0x13, 0xca, 0x79, 0xa0, 0xd6, 0xf, 0x3a, 0xe3, 0x95, 0x4c},
+ {0x0, 0xda, 0xa9, 0x73, 0x4f, 0x95, 0xe6, 0x3c, 0x9e, 0x44, 0x37, 0xed, 0xd1, 0xb, 0x78, 0xa2, 0x21, 0xfb, 0x88, 0x52, 0x6e, 0xb4, 0xc7, 0x1d, 0xbf, 0x65, 0x16, 0xcc, 0xf0, 0x2a, 0x59, 0x83, 0x42, 0x98, 0xeb, 0x31, 0xd, 0xd7, 0xa4, 0x7e, 0xdc, 0x6, 0x75, 0xaf, 0x93, 0x49, 0x3a, 0xe0, 0x63, 0xb9, 0xca, 0x10, 0x2c, 0xf6, 0x85, 0x5f, 0xfd, 0x27, 0x54, 0x8e, 0xb2, 0x68, 0x1b, 0xc1, 0x84, 0x5e, 0x2d, 0xf7, 0xcb, 0x11, 0x62, 0xb8, 0x1a, 0xc0, 0xb3, 0x69, 0x55, 0x8f, 0xfc, 0x26, 0xa5, 0x7f, 0xc, 0xd6, 0xea, 0x30, 0x43, 0x99, 0x3b, 0xe1, 0x92, 0x48, 0x74, 0xae, 0xdd, 0x7, 0xc6, 0x1c, 0x6f, 0xb5, 0x89, 0x53, 0x20, 0xfa, 0x58, 0x82, 0xf1, 0x2b, 0x17, 0xcd, 0xbe, 0x64, 0xe7, 0x3d, 0x4e, 0x94, 0xa8, 0x72, 0x1, 0xdb, 0x79, 0xa3, 0xd0, 0xa, 0x36, 0xec, 0x9f, 0x45, 0x15, 0xcf, 0xbc, 0x66, 0x5a, 0x80, 0xf3, 0x29, 0x8b, 0x51, 0x22, 0xf8, 0xc4, 0x1e, 0x6d, 0xb7, 0x34, 0xee, 0x9d, 0x47, 0x7b, 0xa1, 0xd2, 0x8, 0xaa, 0x70, 0x3, 0xd9, 0xe5, 0x3f, 0x4c, 0x96, 0x57, 0x8d, 0xfe, 0x24, 0x18, 0xc2, 0xb1, 0x6b, 0xc9, 0x13, 0x60, 0xba, 0x86, 0x5c, 0x2f, 0xf5, 0x76, 0xac, 0xdf, 0x5, 0x39, 0xe3, 0x90, 0x4a, 0xe8, 0x32, 0x41, 0x9b, 0xa7, 0x7d, 0xe, 0xd4, 0x91, 0x4b, 0x38, 0xe2, 0xde, 0x4, 0x77, 0xad, 0xf, 0xd5, 0xa6, 0x7c, 0x40, 0x9a, 0xe9, 0x33, 0xb0, 0x6a, 0x19, 0xc3, 0xff, 0x25, 0x56, 0x8c, 0x2e, 0xf4, 0x87, 0x5d, 0x61, 0xbb, 0xc8, 0x12, 0xd3, 0x9, 0x7a, 0xa0, 0x9c, 0x46, 0x35, 0xef, 0x4d, 0x97, 0xe4, 0x3e, 0x2, 0xd8, 0xab, 0x71, 0xf2, 0x28, 0x5b, 0x81, 0xbd, 0x67, 0x14, 0xce, 0x6c, 0xb6, 0xc5, 0x1f, 0x23, 0xf9, 0x8a, 0x50},
+ {0x0, 0xdb, 0xab, 0x70, 0x4b, 0x90, 0xe0, 0x3b, 0x96, 0x4d, 0x3d, 0xe6, 0xdd, 0x6, 0x76, 0xad, 0x31, 0xea, 0x9a, 0x41, 0x7a, 0xa1, 0xd1, 0xa, 0xa7, 0x7c, 0xc, 0xd7, 0xec, 0x37, 0x47, 0x9c, 0x62, 0xb9, 0xc9, 0x12, 0x29, 0xf2, 0x82, 0x59, 0xf4, 0x2f, 0x5f, 0x84, 0xbf, 0x64, 0x14, 0xcf, 0x53, 0x88, 0xf8, 0x23, 0x18, 0xc3, 0xb3, 0x68, 0xc5, 0x1e, 0x6e, 0xb5, 0x8e, 0x55, 0x25, 0xfe, 0xc4, 0x1f, 0x6f, 0xb4, 0x8f, 0x54, 0x24, 0xff, 0x52, 0x89, 0xf9, 0x22, 0x19, 0xc2, 0xb2, 0x69, 0xf5, 0x2e, 0x5e, 0x85, 0xbe, 0x65, 0x15, 0xce, 0x63, 0xb8, 0xc8, 0x13, 0x28, 0xf3, 0x83, 0x58, 0xa6, 0x7d, 0xd, 0xd6, 0xed, 0x36, 0x46, 0x9d, 0x30, 0xeb, 0x9b, 0x40, 0x7b, 0xa0, 0xd0, 0xb, 0x97, 0x4c, 0x3c, 0xe7, 0xdc, 0x7, 0x77, 0xac, 0x1, 0xda, 0xaa, 0x71, 0x4a, 0x91, 0xe1, 0x3a, 0x95, 0x4e, 0x3e, 0xe5, 0xde, 0x5, 0x75, 0xae, 0x3, 0xd8, 0xa8, 0x73, 0x48, 0x93, 0xe3, 0x38, 0xa4, 0x7f, 0xf, 0xd4, 0xef, 0x34, 0x44, 0x9f, 0x32, 0xe9, 0x99, 0x42, 0x79, 0xa2, 0xd2, 0x9, 0xf7, 0x2c, 0x5c, 0x87, 0xbc, 0x67, 0x17, 0xcc, 0x61, 0xba, 0xca, 0x11, 0x2a, 0xf1, 0x81, 0x5a, 0xc6, 0x1d, 0x6d, 0xb6, 0x8d, 0x56, 0x26, 0xfd, 0x50, 0x8b, 0xfb, 0x20, 0x1b, 0xc0, 0xb0, 0x6b, 0x51, 0x8a, 0xfa, 0x21, 0x1a, 0xc1, 0xb1, 0x6a, 0xc7, 0x1c, 0x6c, 0xb7, 0x8c, 0x57, 0x27, 0xfc, 0x60, 0xbb, 0xcb, 0x10, 0x2b, 0xf0, 0x80, 0x5b, 0xf6, 0x2d, 0x5d, 0x86, 0xbd, 0x66, 0x16, 0xcd, 0x33, 0xe8, 0x98, 0x43, 0x78, 0xa3, 0xd3, 0x8, 0xa5, 0x7e, 0xe, 0xd5, 0xee, 0x35, 0x45, 0x9e, 0x2, 0xd9, 0xa9, 0x72, 0x49, 0x92, 0xe2, 0x39, 0x94, 0x4f, 0x3f, 0xe4, 0xdf, 0x4, 0x74, 0xaf},
+ {0x0, 0xdc, 0xa5, 0x79, 0x57, 0x8b, 0xf2, 0x2e, 0xae, 0x72, 0xb, 0xd7, 0xf9, 0x25, 0x5c, 0x80, 0x41, 0x9d, 0xe4, 0x38, 0x16, 0xca, 0xb3, 0x6f, 0xef, 0x33, 0x4a, 0x96, 0xb8, 0x64, 0x1d, 0xc1, 0x82, 0x5e, 0x27, 0xfb, 0xd5, 0x9, 0x70, 0xac, 0x2c, 0xf0, 0x89, 0x55, 0x7b, 0xa7, 0xde, 0x2, 0xc3, 0x1f, 0x66, 0xba, 0x94, 0x48, 0x31, 0xed, 0x6d, 0xb1, 0xc8, 0x14, 0x3a, 0xe6, 0x9f, 0x43, 0x19, 0xc5, 0xbc, 0x60, 0x4e, 0x92, 0xeb, 0x37, 0xb7, 0x6b, 0x12, 0xce, 0xe0, 0x3c, 0x45, 0x99, 0x58, 0x84, 0xfd, 0x21, 0xf, 0xd3, 0xaa, 0x76, 0xf6, 0x2a, 0x53, 0x8f, 0xa1, 0x7d, 0x4, 0xd8, 0x9b, 0x47, 0x3e, 0xe2, 0xcc, 0x10, 0x69, 0xb5, 0x35, 0xe9, 0x90, 0x4c, 0x62, 0xbe, 0xc7, 0x1b, 0xda, 0x6, 0x7f, 0xa3, 0x8d, 0x51, 0x28, 0xf4, 0x74, 0xa8, 0xd1, 0xd, 0x23, 0xff, 0x86, 0x5a, 0x32, 0xee, 0x97, 0x4b, 0x65, 0xb9, 0xc0, 0x1c, 0x9c, 0x40, 0x39, 0xe5, 0xcb, 0x17, 0x6e, 0xb2, 0x73, 0xaf, 0xd6, 0xa, 0x24, 0xf8, 0x81, 0x5d, 0xdd, 0x1, 0x78, 0xa4, 0x8a, 0x56, 0x2f, 0xf3, 0xb0, 0x6c, 0x15, 0xc9, 0xe7, 0x3b, 0x42, 0x9e, 0x1e, 0xc2, 0xbb, 0x67, 0x49, 0x95, 0xec, 0x30, 0xf1, 0x2d, 0x54, 0x88, 0xa6, 0x7a, 0x3, 0xdf, 0x5f, 0x83, 0xfa, 0x26, 0x8, 0xd4, 0xad, 0x71, 0x2b, 0xf7, 0x8e, 0x52, 0x7c, 0xa0, 0xd9, 0x5, 0x85, 0x59, 0x20, 0xfc, 0xd2, 0xe, 0x77, 0xab, 0x6a, 0xb6, 0xcf, 0x13, 0x3d, 0xe1, 0x98, 0x44, 0xc4, 0x18, 0x61, 0xbd, 0x93, 0x4f, 0x36, 0xea, 0xa9, 0x75, 0xc, 0xd0, 0xfe, 0x22, 0x5b, 0x87, 0x7, 0xdb, 0xa2, 0x7e, 0x50, 0x8c, 0xf5, 0x29, 0xe8, 0x34, 0x4d, 0x91, 0xbf, 0x63, 0x1a, 0xc6, 0x46, 0x9a, 0xe3, 0x3f, 0x11, 0xcd, 0xb4, 0x68},
+ {0x0, 0xdd, 0xa7, 0x7a, 0x53, 0x8e, 0xf4, 0x29, 0xa6, 0x7b, 0x1, 0xdc, 0xf5, 0x28, 0x52, 0x8f, 0x51, 0x8c, 0xf6, 0x2b, 0x2, 0xdf, 0xa5, 0x78, 0xf7, 0x2a, 0x50, 0x8d, 0xa4, 0x79, 0x3, 0xde, 0xa2, 0x7f, 0x5, 0xd8, 0xf1, 0x2c, 0x56, 0x8b, 0x4, 0xd9, 0xa3, 0x7e, 0x57, 0x8a, 0xf0, 0x2d, 0xf3, 0x2e, 0x54, 0x89, 0xa0, 0x7d, 0x7, 0xda, 0x55, 0x88, 0xf2, 0x2f, 0x6, 0xdb, 0xa1, 0x7c, 0x59, 0x84, 0xfe, 0x23, 0xa, 0xd7, 0xad, 0x70, 0xff, 0x22, 0x58, 0x85, 0xac, 0x71, 0xb, 0xd6, 0x8, 0xd5, 0xaf, 0x72, 0x5b, 0x86, 0xfc, 0x21, 0xae, 0x73, 0x9, 0xd4, 0xfd, 0x20, 0x5a, 0x87, 0xfb, 0x26, 0x5c, 0x81, 0xa8, 0x75, 0xf, 0xd2, 0x5d, 0x80, 0xfa, 0x27, 0xe, 0xd3, 0xa9, 0x74, 0xaa, 0x77, 0xd, 0xd0, 0xf9, 0x24, 0x5e, 0x83, 0xc, 0xd1, 0xab, 0x76, 0x5f, 0x82, 0xf8, 0x25, 0xb2, 0x6f, 0x15, 0xc8, 0xe1, 0x3c, 0x46, 0x9b, 0x14, 0xc9, 0xb3, 0x6e, 0x47, 0x9a, 0xe0, 0x3d, 0xe3, 0x3e, 0x44, 0x99, 0xb0, 0x6d, 0x17, 0xca, 0x45, 0x98, 0xe2, 0x3f, 0x16, 0xcb, 0xb1, 0x6c, 0x10, 0xcd, 0xb7, 0x6a, 0x43, 0x9e, 0xe4, 0x39, 0xb6, 0x6b, 0x11, 0xcc, 0xe5, 0x38, 0x42, 0x9f, 0x41, 0x9c, 0xe6, 0x3b, 0x12, 0xcf, 0xb5, 0x68, 0xe7, 0x3a, 0x40, 0x9d, 0xb4, 0x69, 0x13, 0xce, 0xeb, 0x36, 0x4c, 0x91, 0xb8, 0x65, 0x1f, 0xc2, 0x4d, 0x90, 0xea, 0x37, 0x1e, 0xc3, 0xb9, 0x64, 0xba, 0x67, 0x1d, 0xc0, 0xe9, 0x34, 0x4e, 0x93, 0x1c, 0xc1, 0xbb, 0x66, 0x4f, 0x92, 0xe8, 0x35, 0x49, 0x94, 0xee, 0x33, 0x1a, 0xc7, 0xbd, 0x60, 0xef, 0x32, 0x48, 0x95, 0xbc, 0x61, 0x1b, 0xc6, 0x18, 0xc5, 0xbf, 0x62, 0x4b, 0x96, 0xec, 0x31, 0xbe, 0x63, 0x19, 0xc4, 0xed, 0x30, 0x4a, 0x97},
+ {0x0, 0xde, 0xa1, 0x7f, 0x5f, 0x81, 0xfe, 0x20, 0xbe, 0x60, 0x1f, 0xc1, 0xe1, 0x3f, 0x40, 0x9e, 0x61, 0xbf, 0xc0, 0x1e, 0x3e, 0xe0, 0x9f, 0x41, 0xdf, 0x1, 0x7e, 0xa0, 0x80, 0x5e, 0x21, 0xff, 0xc2, 0x1c, 0x63, 0xbd, 0x9d, 0x43, 0x3c, 0xe2, 0x7c, 0xa2, 0xdd, 0x3, 0x23, 0xfd, 0x82, 0x5c, 0xa3, 0x7d, 0x2, 0xdc, 0xfc, 0x22, 0x5d, 0x83, 0x1d, 0xc3, 0xbc, 0x62, 0x42, 0x9c, 0xe3, 0x3d, 0x99, 0x47, 0x38, 0xe6, 0xc6, 0x18, 0x67, 0xb9, 0x27, 0xf9, 0x86, 0x58, 0x78, 0xa6, 0xd9, 0x7, 0xf8, 0x26, 0x59, 0x87, 0xa7, 0x79, 0x6, 0xd8, 0x46, 0x98, 0xe7, 0x39, 0x19, 0xc7, 0xb8, 0x66, 0x5b, 0x85, 0xfa, 0x24, 0x4, 0xda, 0xa5, 0x7b, 0xe5, 0x3b, 0x44, 0x9a, 0xba, 0x64, 0x1b, 0xc5, 0x3a, 0xe4, 0x9b, 0x45, 0x65, 0xbb, 0xc4, 0x1a, 0x84, 0x5a, 0x25, 0xfb, 0xdb, 0x5, 0x7a, 0xa4, 0x2f, 0xf1, 0x8e, 0x50, 0x70, 0xae, 0xd1, 0xf, 0x91, 0x4f, 0x30, 0xee, 0xce, 0x10, 0x6f, 0xb1, 0x4e, 0x90, 0xef, 0x31, 0x11, 0xcf, 0xb0, 0x6e, 0xf0, 0x2e, 0x51, 0x8f, 0xaf, 0x71, 0xe, 0xd0, 0xed, 0x33, 0x4c, 0x92, 0xb2, 0x6c, 0x13, 0xcd, 0x53, 0x8d, 0xf2, 0x2c, 0xc, 0xd2, 0xad, 0x73, 0x8c, 0x52, 0x2d, 0xf3, 0xd3, 0xd, 0x72, 0xac, 0x32, 0xec, 0x93, 0x4d, 0x6d, 0xb3, 0xcc, 0x12, 0xb6, 0x68, 0x17, 0xc9, 0xe9, 0x37, 0x48, 0x96, 0x8, 0xd6, 0xa9, 0x77, 0x57, 0x89, 0xf6, 0x28, 0xd7, 0x9, 0x76, 0xa8, 0x88, 0x56, 0x29, 0xf7, 0x69, 0xb7, 0xc8, 0x16, 0x36, 0xe8, 0x97, 0x49, 0x74, 0xaa, 0xd5, 0xb, 0x2b, 0xf5, 0x8a, 0x54, 0xca, 0x14, 0x6b, 0xb5, 0x95, 0x4b, 0x34, 0xea, 0x15, 0xcb, 0xb4, 0x6a, 0x4a, 0x94, 0xeb, 0x35, 0xab, 0x75, 0xa, 0xd4, 0xf4, 0x2a, 0x55, 0x8b},
+ {0x0, 0xdf, 0xa3, 0x7c, 0x5b, 0x84, 0xf8, 0x27, 0xb6, 0x69, 0x15, 0xca, 0xed, 0x32, 0x4e, 0x91, 0x71, 0xae, 0xd2, 0xd, 0x2a, 0xf5, 0x89, 0x56, 0xc7, 0x18, 0x64, 0xbb, 0x9c, 0x43, 0x3f, 0xe0, 0xe2, 0x3d, 0x41, 0x9e, 0xb9, 0x66, 0x1a, 0xc5, 0x54, 0x8b, 0xf7, 0x28, 0xf, 0xd0, 0xac, 0x73, 0x93, 0x4c, 0x30, 0xef, 0xc8, 0x17, 0x6b, 0xb4, 0x25, 0xfa, 0x86, 0x59, 0x7e, 0xa1, 0xdd, 0x2, 0xd9, 0x6, 0x7a, 0xa5, 0x82, 0x5d, 0x21, 0xfe, 0x6f, 0xb0, 0xcc, 0x13, 0x34, 0xeb, 0x97, 0x48, 0xa8, 0x77, 0xb, 0xd4, 0xf3, 0x2c, 0x50, 0x8f, 0x1e, 0xc1, 0xbd, 0x62, 0x45, 0x9a, 0xe6, 0x39, 0x3b, 0xe4, 0x98, 0x47, 0x60, 0xbf, 0xc3, 0x1c, 0x8d, 0x52, 0x2e, 0xf1, 0xd6, 0x9, 0x75, 0xaa, 0x4a, 0x95, 0xe9, 0x36, 0x11, 0xce, 0xb2, 0x6d, 0xfc, 0x23, 0x5f, 0x80, 0xa7, 0x78, 0x4, 0xdb, 0xaf, 0x70, 0xc, 0xd3, 0xf4, 0x2b, 0x57, 0x88, 0x19, 0xc6, 0xba, 0x65, 0x42, 0x9d, 0xe1, 0x3e, 0xde, 0x1, 0x7d, 0xa2, 0x85, 0x5a, 0x26, 0xf9, 0x68, 0xb7, 0xcb, 0x14, 0x33, 0xec, 0x90, 0x4f, 0x4d, 0x92, 0xee, 0x31, 0x16, 0xc9, 0xb5, 0x6a, 0xfb, 0x24, 0x58, 0x87, 0xa0, 0x7f, 0x3, 0xdc, 0x3c, 0xe3, 0x9f, 0x40, 0x67, 0xb8, 0xc4, 0x1b, 0x8a, 0x55, 0x29, 0xf6, 0xd1, 0xe, 0x72, 0xad, 0x76, 0xa9, 0xd5, 0xa, 0x2d, 0xf2, 0x8e, 0x51, 0xc0, 0x1f, 0x63, 0xbc, 0x9b, 0x44, 0x38, 0xe7, 0x7, 0xd8, 0xa4, 0x7b, 0x5c, 0x83, 0xff, 0x20, 0xb1, 0x6e, 0x12, 0xcd, 0xea, 0x35, 0x49, 0x96, 0x94, 0x4b, 0x37, 0xe8, 0xcf, 0x10, 0x6c, 0xb3, 0x22, 0xfd, 0x81, 0x5e, 0x79, 0xa6, 0xda, 0x5, 0xe5, 0x3a, 0x46, 0x99, 0xbe, 0x61, 0x1d, 0xc2, 0x53, 0x8c, 0xf0, 0x2f, 0x8, 0xd7, 0xab, 0x74},
+ {0x0, 0xe0, 0xdd, 0x3d, 0xa7, 0x47, 0x7a, 0x9a, 0x53, 0xb3, 0x8e, 0x6e, 0xf4, 0x14, 0x29, 0xc9, 0xa6, 0x46, 0x7b, 0x9b, 0x1, 0xe1, 0xdc, 0x3c, 0xf5, 0x15, 0x28, 0xc8, 0x52, 0xb2, 0x8f, 0x6f, 0x51, 0xb1, 0x8c, 0x6c, 0xf6, 0x16, 0x2b, 0xcb, 0x2, 0xe2, 0xdf, 0x3f, 0xa5, 0x45, 0x78, 0x98, 0xf7, 0x17, 0x2a, 0xca, 0x50, 0xb0, 0x8d, 0x6d, 0xa4, 0x44, 0x79, 0x99, 0x3, 0xe3, 0xde, 0x3e, 0xa2, 0x42, 0x7f, 0x9f, 0x5, 0xe5, 0xd8, 0x38, 0xf1, 0x11, 0x2c, 0xcc, 0x56, 0xb6, 0x8b, 0x6b, 0x4, 0xe4, 0xd9, 0x39, 0xa3, 0x43, 0x7e, 0x9e, 0x57, 0xb7, 0x8a, 0x6a, 0xf0, 0x10, 0x2d, 0xcd, 0xf3, 0x13, 0x2e, 0xce, 0x54, 0xb4, 0x89, 0x69, 0xa0, 0x40, 0x7d, 0x9d, 0x7, 0xe7, 0xda, 0x3a, 0x55, 0xb5, 0x88, 0x68, 0xf2, 0x12, 0x2f, 0xcf, 0x6, 0xe6, 0xdb, 0x3b, 0xa1, 0x41, 0x7c, 0x9c, 0x59, 0xb9, 0x84, 0x64, 0xfe, 0x1e, 0x23, 0xc3, 0xa, 0xea, 0xd7, 0x37, 0xad, 0x4d, 0x70, 0x90, 0xff, 0x1f, 0x22, 0xc2, 0x58, 0xb8, 0x85, 0x65, 0xac, 0x4c, 0x71, 0x91, 0xb, 0xeb, 0xd6, 0x36, 0x8, 0xe8, 0xd5, 0x35, 0xaf, 0x4f, 0x72, 0x92, 0x5b, 0xbb, 0x86, 0x66, 0xfc, 0x1c, 0x21, 0xc1, 0xae, 0x4e, 0x73, 0x93, 0x9, 0xe9, 0xd4, 0x34, 0xfd, 0x1d, 0x20, 0xc0, 0x5a, 0xba, 0x87, 0x67, 0xfb, 0x1b, 0x26, 0xc6, 0x5c, 0xbc, 0x81, 0x61, 0xa8, 0x48, 0x75, 0x95, 0xf, 0xef, 0xd2, 0x32, 0x5d, 0xbd, 0x80, 0x60, 0xfa, 0x1a, 0x27, 0xc7, 0xe, 0xee, 0xd3, 0x33, 0xa9, 0x49, 0x74, 0x94, 0xaa, 0x4a, 0x77, 0x97, 0xd, 0xed, 0xd0, 0x30, 0xf9, 0x19, 0x24, 0xc4, 0x5e, 0xbe, 0x83, 0x63, 0xc, 0xec, 0xd1, 0x31, 0xab, 0x4b, 0x76, 0x96, 0x5f, 0xbf, 0x82, 0x62, 0xf8, 0x18, 0x25, 0xc5},
+ {0x0, 0xe1, 0xdf, 0x3e, 0xa3, 0x42, 0x7c, 0x9d, 0x5b, 0xba, 0x84, 0x65, 0xf8, 0x19, 0x27, 0xc6, 0xb6, 0x57, 0x69, 0x88, 0x15, 0xf4, 0xca, 0x2b, 0xed, 0xc, 0x32, 0xd3, 0x4e, 0xaf, 0x91, 0x70, 0x71, 0x90, 0xae, 0x4f, 0xd2, 0x33, 0xd, 0xec, 0x2a, 0xcb, 0xf5, 0x14, 0x89, 0x68, 0x56, 0xb7, 0xc7, 0x26, 0x18, 0xf9, 0x64, 0x85, 0xbb, 0x5a, 0x9c, 0x7d, 0x43, 0xa2, 0x3f, 0xde, 0xe0, 0x1, 0xe2, 0x3, 0x3d, 0xdc, 0x41, 0xa0, 0x9e, 0x7f, 0xb9, 0x58, 0x66, 0x87, 0x1a, 0xfb, 0xc5, 0x24, 0x54, 0xb5, 0x8b, 0x6a, 0xf7, 0x16, 0x28, 0xc9, 0xf, 0xee, 0xd0, 0x31, 0xac, 0x4d, 0x73, 0x92, 0x93, 0x72, 0x4c, 0xad, 0x30, 0xd1, 0xef, 0xe, 0xc8, 0x29, 0x17, 0xf6, 0x6b, 0x8a, 0xb4, 0x55, 0x25, 0xc4, 0xfa, 0x1b, 0x86, 0x67, 0x59, 0xb8, 0x7e, 0x9f, 0xa1, 0x40, 0xdd, 0x3c, 0x2, 0xe3, 0xd9, 0x38, 0x6, 0xe7, 0x7a, 0x9b, 0xa5, 0x44, 0x82, 0x63, 0x5d, 0xbc, 0x21, 0xc0, 0xfe, 0x1f, 0x6f, 0x8e, 0xb0, 0x51, 0xcc, 0x2d, 0x13, 0xf2, 0x34, 0xd5, 0xeb, 0xa, 0x97, 0x76, 0x48, 0xa9, 0xa8, 0x49, 0x77, 0x96, 0xb, 0xea, 0xd4, 0x35, 0xf3, 0x12, 0x2c, 0xcd, 0x50, 0xb1, 0x8f, 0x6e, 0x1e, 0xff, 0xc1, 0x20, 0xbd, 0x5c, 0x62, 0x83, 0x45, 0xa4, 0x9a, 0x7b, 0xe6, 0x7, 0x39, 0xd8, 0x3b, 0xda, 0xe4, 0x5, 0x98, 0x79, 0x47, 0xa6, 0x60, 0x81, 0xbf, 0x5e, 0xc3, 0x22, 0x1c, 0xfd, 0x8d, 0x6c, 0x52, 0xb3, 0x2e, 0xcf, 0xf1, 0x10, 0xd6, 0x37, 0x9, 0xe8, 0x75, 0x94, 0xaa, 0x4b, 0x4a, 0xab, 0x95, 0x74, 0xe9, 0x8, 0x36, 0xd7, 0x11, 0xf0, 0xce, 0x2f, 0xb2, 0x53, 0x6d, 0x8c, 0xfc, 0x1d, 0x23, 0xc2, 0x5f, 0xbe, 0x80, 0x61, 0xa7, 0x46, 0x78, 0x99, 0x4, 0xe5, 0xdb, 0x3a},
+ {0x0, 0xe2, 0xd9, 0x3b, 0xaf, 0x4d, 0x76, 0x94, 0x43, 0xa1, 0x9a, 0x78, 0xec, 0xe, 0x35, 0xd7, 0x86, 0x64, 0x5f, 0xbd, 0x29, 0xcb, 0xf0, 0x12, 0xc5, 0x27, 0x1c, 0xfe, 0x6a, 0x88, 0xb3, 0x51, 0x11, 0xf3, 0xc8, 0x2a, 0xbe, 0x5c, 0x67, 0x85, 0x52, 0xb0, 0x8b, 0x69, 0xfd, 0x1f, 0x24, 0xc6, 0x97, 0x75, 0x4e, 0xac, 0x38, 0xda, 0xe1, 0x3, 0xd4, 0x36, 0xd, 0xef, 0x7b, 0x99, 0xa2, 0x40, 0x22, 0xc0, 0xfb, 0x19, 0x8d, 0x6f, 0x54, 0xb6, 0x61, 0x83, 0xb8, 0x5a, 0xce, 0x2c, 0x17, 0xf5, 0xa4, 0x46, 0x7d, 0x9f, 0xb, 0xe9, 0xd2, 0x30, 0xe7, 0x5, 0x3e, 0xdc, 0x48, 0xaa, 0x91, 0x73, 0x33, 0xd1, 0xea, 0x8, 0x9c, 0x7e, 0x45, 0xa7, 0x70, 0x92, 0xa9, 0x4b, 0xdf, 0x3d, 0x6, 0xe4, 0xb5, 0x57, 0x6c, 0x8e, 0x1a, 0xf8, 0xc3, 0x21, 0xf6, 0x14, 0x2f, 0xcd, 0x59, 0xbb, 0x80, 0x62, 0x44, 0xa6, 0x9d, 0x7f, 0xeb, 0x9, 0x32, 0xd0, 0x7, 0xe5, 0xde, 0x3c, 0xa8, 0x4a, 0x71, 0x93, 0xc2, 0x20, 0x1b, 0xf9, 0x6d, 0x8f, 0xb4, 0x56, 0x81, 0x63, 0x58, 0xba, 0x2e, 0xcc, 0xf7, 0x15, 0x55, 0xb7, 0x8c, 0x6e, 0xfa, 0x18, 0x23, 0xc1, 0x16, 0xf4, 0xcf, 0x2d, 0xb9, 0x5b, 0x60, 0x82, 0xd3, 0x31, 0xa, 0xe8, 0x7c, 0x9e, 0xa5, 0x47, 0x90, 0x72, 0x49, 0xab, 0x3f, 0xdd, 0xe6, 0x4, 0x66, 0x84, 0xbf, 0x5d, 0xc9, 0x2b, 0x10, 0xf2, 0x25, 0xc7, 0xfc, 0x1e, 0x8a, 0x68, 0x53, 0xb1, 0xe0, 0x2, 0x39, 0xdb, 0x4f, 0xad, 0x96, 0x74, 0xa3, 0x41, 0x7a, 0x98, 0xc, 0xee, 0xd5, 0x37, 0x77, 0x95, 0xae, 0x4c, 0xd8, 0x3a, 0x1, 0xe3, 0x34, 0xd6, 0xed, 0xf, 0x9b, 0x79, 0x42, 0xa0, 0xf1, 0x13, 0x28, 0xca, 0x5e, 0xbc, 0x87, 0x65, 0xb2, 0x50, 0x6b, 0x89, 0x1d, 0xff, 0xc4, 0x26},
+ {0x0, 0xe3, 0xdb, 0x38, 0xab, 0x48, 0x70, 0x93, 0x4b, 0xa8, 0x90, 0x73, 0xe0, 0x3, 0x3b, 0xd8, 0x96, 0x75, 0x4d, 0xae, 0x3d, 0xde, 0xe6, 0x5, 0xdd, 0x3e, 0x6, 0xe5, 0x76, 0x95, 0xad, 0x4e, 0x31, 0xd2, 0xea, 0x9, 0x9a, 0x79, 0x41, 0xa2, 0x7a, 0x99, 0xa1, 0x42, 0xd1, 0x32, 0xa, 0xe9, 0xa7, 0x44, 0x7c, 0x9f, 0xc, 0xef, 0xd7, 0x34, 0xec, 0xf, 0x37, 0xd4, 0x47, 0xa4, 0x9c, 0x7f, 0x62, 0x81, 0xb9, 0x5a, 0xc9, 0x2a, 0x12, 0xf1, 0x29, 0xca, 0xf2, 0x11, 0x82, 0x61, 0x59, 0xba, 0xf4, 0x17, 0x2f, 0xcc, 0x5f, 0xbc, 0x84, 0x67, 0xbf, 0x5c, 0x64, 0x87, 0x14, 0xf7, 0xcf, 0x2c, 0x53, 0xb0, 0x88, 0x6b, 0xf8, 0x1b, 0x23, 0xc0, 0x18, 0xfb, 0xc3, 0x20, 0xb3, 0x50, 0x68, 0x8b, 0xc5, 0x26, 0x1e, 0xfd, 0x6e, 0x8d, 0xb5, 0x56, 0x8e, 0x6d, 0x55, 0xb6, 0x25, 0xc6, 0xfe, 0x1d, 0xc4, 0x27, 0x1f, 0xfc, 0x6f, 0x8c, 0xb4, 0x57, 0x8f, 0x6c, 0x54, 0xb7, 0x24, 0xc7, 0xff, 0x1c, 0x52, 0xb1, 0x89, 0x6a, 0xf9, 0x1a, 0x22, 0xc1, 0x19, 0xfa, 0xc2, 0x21, 0xb2, 0x51, 0x69, 0x8a, 0xf5, 0x16, 0x2e, 0xcd, 0x5e, 0xbd, 0x85, 0x66, 0xbe, 0x5d, 0x65, 0x86, 0x15, 0xf6, 0xce, 0x2d, 0x63, 0x80, 0xb8, 0x5b, 0xc8, 0x2b, 0x13, 0xf0, 0x28, 0xcb, 0xf3, 0x10, 0x83, 0x60, 0x58, 0xbb, 0xa6, 0x45, 0x7d, 0x9e, 0xd, 0xee, 0xd6, 0x35, 0xed, 0xe, 0x36, 0xd5, 0x46, 0xa5, 0x9d, 0x7e, 0x30, 0xd3, 0xeb, 0x8, 0x9b, 0x78, 0x40, 0xa3, 0x7b, 0x98, 0xa0, 0x43, 0xd0, 0x33, 0xb, 0xe8, 0x97, 0x74, 0x4c, 0xaf, 0x3c, 0xdf, 0xe7, 0x4, 0xdc, 0x3f, 0x7, 0xe4, 0x77, 0x94, 0xac, 0x4f, 0x1, 0xe2, 0xda, 0x39, 0xaa, 0x49, 0x71, 0x92, 0x4a, 0xa9, 0x91, 0x72, 0xe1, 0x2, 0x3a, 0xd9},
+ {0x0, 0xe4, 0xd5, 0x31, 0xb7, 0x53, 0x62, 0x86, 0x73, 0x97, 0xa6, 0x42, 0xc4, 0x20, 0x11, 0xf5, 0xe6, 0x2, 0x33, 0xd7, 0x51, 0xb5, 0x84, 0x60, 0x95, 0x71, 0x40, 0xa4, 0x22, 0xc6, 0xf7, 0x13, 0xd1, 0x35, 0x4, 0xe0, 0x66, 0x82, 0xb3, 0x57, 0xa2, 0x46, 0x77, 0x93, 0x15, 0xf1, 0xc0, 0x24, 0x37, 0xd3, 0xe2, 0x6, 0x80, 0x64, 0x55, 0xb1, 0x44, 0xa0, 0x91, 0x75, 0xf3, 0x17, 0x26, 0xc2, 0xbf, 0x5b, 0x6a, 0x8e, 0x8, 0xec, 0xdd, 0x39, 0xcc, 0x28, 0x19, 0xfd, 0x7b, 0x9f, 0xae, 0x4a, 0x59, 0xbd, 0x8c, 0x68, 0xee, 0xa, 0x3b, 0xdf, 0x2a, 0xce, 0xff, 0x1b, 0x9d, 0x79, 0x48, 0xac, 0x6e, 0x8a, 0xbb, 0x5f, 0xd9, 0x3d, 0xc, 0xe8, 0x1d, 0xf9, 0xc8, 0x2c, 0xaa, 0x4e, 0x7f, 0x9b, 0x88, 0x6c, 0x5d, 0xb9, 0x3f, 0xdb, 0xea, 0xe, 0xfb, 0x1f, 0x2e, 0xca, 0x4c, 0xa8, 0x99, 0x7d, 0x63, 0x87, 0xb6, 0x52, 0xd4, 0x30, 0x1, 0xe5, 0x10, 0xf4, 0xc5, 0x21, 0xa7, 0x43, 0x72, 0x96, 0x85, 0x61, 0x50, 0xb4, 0x32, 0xd6, 0xe7, 0x3, 0xf6, 0x12, 0x23, 0xc7, 0x41, 0xa5, 0x94, 0x70, 0xb2, 0x56, 0x67, 0x83, 0x5, 0xe1, 0xd0, 0x34, 0xc1, 0x25, 0x14, 0xf0, 0x76, 0x92, 0xa3, 0x47, 0x54, 0xb0, 0x81, 0x65, 0xe3, 0x7, 0x36, 0xd2, 0x27, 0xc3, 0xf2, 0x16, 0x90, 0x74, 0x45, 0xa1, 0xdc, 0x38, 0x9, 0xed, 0x6b, 0x8f, 0xbe, 0x5a, 0xaf, 0x4b, 0x7a, 0x9e, 0x18, 0xfc, 0xcd, 0x29, 0x3a, 0xde, 0xef, 0xb, 0x8d, 0x69, 0x58, 0xbc, 0x49, 0xad, 0x9c, 0x78, 0xfe, 0x1a, 0x2b, 0xcf, 0xd, 0xe9, 0xd8, 0x3c, 0xba, 0x5e, 0x6f, 0x8b, 0x7e, 0x9a, 0xab, 0x4f, 0xc9, 0x2d, 0x1c, 0xf8, 0xeb, 0xf, 0x3e, 0xda, 0x5c, 0xb8, 0x89, 0x6d, 0x98, 0x7c, 0x4d, 0xa9, 0x2f, 0xcb, 0xfa, 0x1e},
+ {0x0, 0xe5, 0xd7, 0x32, 0xb3, 0x56, 0x64, 0x81, 0x7b, 0x9e, 0xac, 0x49, 0xc8, 0x2d, 0x1f, 0xfa, 0xf6, 0x13, 0x21, 0xc4, 0x45, 0xa0, 0x92, 0x77, 0x8d, 0x68, 0x5a, 0xbf, 0x3e, 0xdb, 0xe9, 0xc, 0xf1, 0x14, 0x26, 0xc3, 0x42, 0xa7, 0x95, 0x70, 0x8a, 0x6f, 0x5d, 0xb8, 0x39, 0xdc, 0xee, 0xb, 0x7, 0xe2, 0xd0, 0x35, 0xb4, 0x51, 0x63, 0x86, 0x7c, 0x99, 0xab, 0x4e, 0xcf, 0x2a, 0x18, 0xfd, 0xff, 0x1a, 0x28, 0xcd, 0x4c, 0xa9, 0x9b, 0x7e, 0x84, 0x61, 0x53, 0xb6, 0x37, 0xd2, 0xe0, 0x5, 0x9, 0xec, 0xde, 0x3b, 0xba, 0x5f, 0x6d, 0x88, 0x72, 0x97, 0xa5, 0x40, 0xc1, 0x24, 0x16, 0xf3, 0xe, 0xeb, 0xd9, 0x3c, 0xbd, 0x58, 0x6a, 0x8f, 0x75, 0x90, 0xa2, 0x47, 0xc6, 0x23, 0x11, 0xf4, 0xf8, 0x1d, 0x2f, 0xca, 0x4b, 0xae, 0x9c, 0x79, 0x83, 0x66, 0x54, 0xb1, 0x30, 0xd5, 0xe7, 0x2, 0xe3, 0x6, 0x34, 0xd1, 0x50, 0xb5, 0x87, 0x62, 0x98, 0x7d, 0x4f, 0xaa, 0x2b, 0xce, 0xfc, 0x19, 0x15, 0xf0, 0xc2, 0x27, 0xa6, 0x43, 0x71, 0x94, 0x6e, 0x8b, 0xb9, 0x5c, 0xdd, 0x38, 0xa, 0xef, 0x12, 0xf7, 0xc5, 0x20, 0xa1, 0x44, 0x76, 0x93, 0x69, 0x8c, 0xbe, 0x5b, 0xda, 0x3f, 0xd, 0xe8, 0xe4, 0x1, 0x33, 0xd6, 0x57, 0xb2, 0x80, 0x65, 0x9f, 0x7a, 0x48, 0xad, 0x2c, 0xc9, 0xfb, 0x1e, 0x1c, 0xf9, 0xcb, 0x2e, 0xaf, 0x4a, 0x78, 0x9d, 0x67, 0x82, 0xb0, 0x55, 0xd4, 0x31, 0x3, 0xe6, 0xea, 0xf, 0x3d, 0xd8, 0x59, 0xbc, 0x8e, 0x6b, 0x91, 0x74, 0x46, 0xa3, 0x22, 0xc7, 0xf5, 0x10, 0xed, 0x8, 0x3a, 0xdf, 0x5e, 0xbb, 0x89, 0x6c, 0x96, 0x73, 0x41, 0xa4, 0x25, 0xc0, 0xf2, 0x17, 0x1b, 0xfe, 0xcc, 0x29, 0xa8, 0x4d, 0x7f, 0x9a, 0x60, 0x85, 0xb7, 0x52, 0xd3, 0x36, 0x4, 0xe1},
+ {0x0, 0xe6, 0xd1, 0x37, 0xbf, 0x59, 0x6e, 0x88, 0x63, 0x85, 0xb2, 0x54, 0xdc, 0x3a, 0xd, 0xeb, 0xc6, 0x20, 0x17, 0xf1, 0x79, 0x9f, 0xa8, 0x4e, 0xa5, 0x43, 0x74, 0x92, 0x1a, 0xfc, 0xcb, 0x2d, 0x91, 0x77, 0x40, 0xa6, 0x2e, 0xc8, 0xff, 0x19, 0xf2, 0x14, 0x23, 0xc5, 0x4d, 0xab, 0x9c, 0x7a, 0x57, 0xb1, 0x86, 0x60, 0xe8, 0xe, 0x39, 0xdf, 0x34, 0xd2, 0xe5, 0x3, 0x8b, 0x6d, 0x5a, 0xbc, 0x3f, 0xd9, 0xee, 0x8, 0x80, 0x66, 0x51, 0xb7, 0x5c, 0xba, 0x8d, 0x6b, 0xe3, 0x5, 0x32, 0xd4, 0xf9, 0x1f, 0x28, 0xce, 0x46, 0xa0, 0x97, 0x71, 0x9a, 0x7c, 0x4b, 0xad, 0x25, 0xc3, 0xf4, 0x12, 0xae, 0x48, 0x7f, 0x99, 0x11, 0xf7, 0xc0, 0x26, 0xcd, 0x2b, 0x1c, 0xfa, 0x72, 0x94, 0xa3, 0x45, 0x68, 0x8e, 0xb9, 0x5f, 0xd7, 0x31, 0x6, 0xe0, 0xb, 0xed, 0xda, 0x3c, 0xb4, 0x52, 0x65, 0x83, 0x7e, 0x98, 0xaf, 0x49, 0xc1, 0x27, 0x10, 0xf6, 0x1d, 0xfb, 0xcc, 0x2a, 0xa2, 0x44, 0x73, 0x95, 0xb8, 0x5e, 0x69, 0x8f, 0x7, 0xe1, 0xd6, 0x30, 0xdb, 0x3d, 0xa, 0xec, 0x64, 0x82, 0xb5, 0x53, 0xef, 0x9, 0x3e, 0xd8, 0x50, 0xb6, 0x81, 0x67, 0x8c, 0x6a, 0x5d, 0xbb, 0x33, 0xd5, 0xe2, 0x4, 0x29, 0xcf, 0xf8, 0x1e, 0x96, 0x70, 0x47, 0xa1, 0x4a, 0xac, 0x9b, 0x7d, 0xf5, 0x13, 0x24, 0xc2, 0x41, 0xa7, 0x90, 0x76, 0xfe, 0x18, 0x2f, 0xc9, 0x22, 0xc4, 0xf3, 0x15, 0x9d, 0x7b, 0x4c, 0xaa, 0x87, 0x61, 0x56, 0xb0, 0x38, 0xde, 0xe9, 0xf, 0xe4, 0x2, 0x35, 0xd3, 0x5b, 0xbd, 0x8a, 0x6c, 0xd0, 0x36, 0x1, 0xe7, 0x6f, 0x89, 0xbe, 0x58, 0xb3, 0x55, 0x62, 0x84, 0xc, 0xea, 0xdd, 0x3b, 0x16, 0xf0, 0xc7, 0x21, 0xa9, 0x4f, 0x78, 0x9e, 0x75, 0x93, 0xa4, 0x42, 0xca, 0x2c, 0x1b, 0xfd},
+ {0x0, 0xe7, 0xd3, 0x34, 0xbb, 0x5c, 0x68, 0x8f, 0x6b, 0x8c, 0xb8, 0x5f, 0xd0, 0x37, 0x3, 0xe4, 0xd6, 0x31, 0x5, 0xe2, 0x6d, 0x8a, 0xbe, 0x59, 0xbd, 0x5a, 0x6e, 0x89, 0x6, 0xe1, 0xd5, 0x32, 0xb1, 0x56, 0x62, 0x85, 0xa, 0xed, 0xd9, 0x3e, 0xda, 0x3d, 0x9, 0xee, 0x61, 0x86, 0xb2, 0x55, 0x67, 0x80, 0xb4, 0x53, 0xdc, 0x3b, 0xf, 0xe8, 0xc, 0xeb, 0xdf, 0x38, 0xb7, 0x50, 0x64, 0x83, 0x7f, 0x98, 0xac, 0x4b, 0xc4, 0x23, 0x17, 0xf0, 0x14, 0xf3, 0xc7, 0x20, 0xaf, 0x48, 0x7c, 0x9b, 0xa9, 0x4e, 0x7a, 0x9d, 0x12, 0xf5, 0xc1, 0x26, 0xc2, 0x25, 0x11, 0xf6, 0x79, 0x9e, 0xaa, 0x4d, 0xce, 0x29, 0x1d, 0xfa, 0x75, 0x92, 0xa6, 0x41, 0xa5, 0x42, 0x76, 0x91, 0x1e, 0xf9, 0xcd, 0x2a, 0x18, 0xff, 0xcb, 0x2c, 0xa3, 0x44, 0x70, 0x97, 0x73, 0x94, 0xa0, 0x47, 0xc8, 0x2f, 0x1b, 0xfc, 0xfe, 0x19, 0x2d, 0xca, 0x45, 0xa2, 0x96, 0x71, 0x95, 0x72, 0x46, 0xa1, 0x2e, 0xc9, 0xfd, 0x1a, 0x28, 0xcf, 0xfb, 0x1c, 0x93, 0x74, 0x40, 0xa7, 0x43, 0xa4, 0x90, 0x77, 0xf8, 0x1f, 0x2b, 0xcc, 0x4f, 0xa8, 0x9c, 0x7b, 0xf4, 0x13, 0x27, 0xc0, 0x24, 0xc3, 0xf7, 0x10, 0x9f, 0x78, 0x4c, 0xab, 0x99, 0x7e, 0x4a, 0xad, 0x22, 0xc5, 0xf1, 0x16, 0xf2, 0x15, 0x21, 0xc6, 0x49, 0xae, 0x9a, 0x7d, 0x81, 0x66, 0x52, 0xb5, 0x3a, 0xdd, 0xe9, 0xe, 0xea, 0xd, 0x39, 0xde, 0x51, 0xb6, 0x82, 0x65, 0x57, 0xb0, 0x84, 0x63, 0xec, 0xb, 0x3f, 0xd8, 0x3c, 0xdb, 0xef, 0x8, 0x87, 0x60, 0x54, 0xb3, 0x30, 0xd7, 0xe3, 0x4, 0x8b, 0x6c, 0x58, 0xbf, 0x5b, 0xbc, 0x88, 0x6f, 0xe0, 0x7, 0x33, 0xd4, 0xe6, 0x1, 0x35, 0xd2, 0x5d, 0xba, 0x8e, 0x69, 0x8d, 0x6a, 0x5e, 0xb9, 0x36, 0xd1, 0xe5, 0x2},
+ {0x0, 0xe8, 0xcd, 0x25, 0x87, 0x6f, 0x4a, 0xa2, 0x13, 0xfb, 0xde, 0x36, 0x94, 0x7c, 0x59, 0xb1, 0x26, 0xce, 0xeb, 0x3, 0xa1, 0x49, 0x6c, 0x84, 0x35, 0xdd, 0xf8, 0x10, 0xb2, 0x5a, 0x7f, 0x97, 0x4c, 0xa4, 0x81, 0x69, 0xcb, 0x23, 0x6, 0xee, 0x5f, 0xb7, 0x92, 0x7a, 0xd8, 0x30, 0x15, 0xfd, 0x6a, 0x82, 0xa7, 0x4f, 0xed, 0x5, 0x20, 0xc8, 0x79, 0x91, 0xb4, 0x5c, 0xfe, 0x16, 0x33, 0xdb, 0x98, 0x70, 0x55, 0xbd, 0x1f, 0xf7, 0xd2, 0x3a, 0x8b, 0x63, 0x46, 0xae, 0xc, 0xe4, 0xc1, 0x29, 0xbe, 0x56, 0x73, 0x9b, 0x39, 0xd1, 0xf4, 0x1c, 0xad, 0x45, 0x60, 0x88, 0x2a, 0xc2, 0xe7, 0xf, 0xd4, 0x3c, 0x19, 0xf1, 0x53, 0xbb, 0x9e, 0x76, 0xc7, 0x2f, 0xa, 0xe2, 0x40, 0xa8, 0x8d, 0x65, 0xf2, 0x1a, 0x3f, 0xd7, 0x75, 0x9d, 0xb8, 0x50, 0xe1, 0x9, 0x2c, 0xc4, 0x66, 0x8e, 0xab, 0x43, 0x2d, 0xc5, 0xe0, 0x8, 0xaa, 0x42, 0x67, 0x8f, 0x3e, 0xd6, 0xf3, 0x1b, 0xb9, 0x51, 0x74, 0x9c, 0xb, 0xe3, 0xc6, 0x2e, 0x8c, 0x64, 0x41, 0xa9, 0x18, 0xf0, 0xd5, 0x3d, 0x9f, 0x77, 0x52, 0xba, 0x61, 0x89, 0xac, 0x44, 0xe6, 0xe, 0x2b, 0xc3, 0x72, 0x9a, 0xbf, 0x57, 0xf5, 0x1d, 0x38, 0xd0, 0x47, 0xaf, 0x8a, 0x62, 0xc0, 0x28, 0xd, 0xe5, 0x54, 0xbc, 0x99, 0x71, 0xd3, 0x3b, 0x1e, 0xf6, 0xb5, 0x5d, 0x78, 0x90, 0x32, 0xda, 0xff, 0x17, 0xa6, 0x4e, 0x6b, 0x83, 0x21, 0xc9, 0xec, 0x4, 0x93, 0x7b, 0x5e, 0xb6, 0x14, 0xfc, 0xd9, 0x31, 0x80, 0x68, 0x4d, 0xa5, 0x7, 0xef, 0xca, 0x22, 0xf9, 0x11, 0x34, 0xdc, 0x7e, 0x96, 0xb3, 0x5b, 0xea, 0x2, 0x27, 0xcf, 0x6d, 0x85, 0xa0, 0x48, 0xdf, 0x37, 0x12, 0xfa, 0x58, 0xb0, 0x95, 0x7d, 0xcc, 0x24, 0x1, 0xe9, 0x4b, 0xa3, 0x86, 0x6e},
+ {0x0, 0xe9, 0xcf, 0x26, 0x83, 0x6a, 0x4c, 0xa5, 0x1b, 0xf2, 0xd4, 0x3d, 0x98, 0x71, 0x57, 0xbe, 0x36, 0xdf, 0xf9, 0x10, 0xb5, 0x5c, 0x7a, 0x93, 0x2d, 0xc4, 0xe2, 0xb, 0xae, 0x47, 0x61, 0x88, 0x6c, 0x85, 0xa3, 0x4a, 0xef, 0x6, 0x20, 0xc9, 0x77, 0x9e, 0xb8, 0x51, 0xf4, 0x1d, 0x3b, 0xd2, 0x5a, 0xb3, 0x95, 0x7c, 0xd9, 0x30, 0x16, 0xff, 0x41, 0xa8, 0x8e, 0x67, 0xc2, 0x2b, 0xd, 0xe4, 0xd8, 0x31, 0x17, 0xfe, 0x5b, 0xb2, 0x94, 0x7d, 0xc3, 0x2a, 0xc, 0xe5, 0x40, 0xa9, 0x8f, 0x66, 0xee, 0x7, 0x21, 0xc8, 0x6d, 0x84, 0xa2, 0x4b, 0xf5, 0x1c, 0x3a, 0xd3, 0x76, 0x9f, 0xb9, 0x50, 0xb4, 0x5d, 0x7b, 0x92, 0x37, 0xde, 0xf8, 0x11, 0xaf, 0x46, 0x60, 0x89, 0x2c, 0xc5, 0xe3, 0xa, 0x82, 0x6b, 0x4d, 0xa4, 0x1, 0xe8, 0xce, 0x27, 0x99, 0x70, 0x56, 0xbf, 0x1a, 0xf3, 0xd5, 0x3c, 0xad, 0x44, 0x62, 0x8b, 0x2e, 0xc7, 0xe1, 0x8, 0xb6, 0x5f, 0x79, 0x90, 0x35, 0xdc, 0xfa, 0x13, 0x9b, 0x72, 0x54, 0xbd, 0x18, 0xf1, 0xd7, 0x3e, 0x80, 0x69, 0x4f, 0xa6, 0x3, 0xea, 0xcc, 0x25, 0xc1, 0x28, 0xe, 0xe7, 0x42, 0xab, 0x8d, 0x64, 0xda, 0x33, 0x15, 0xfc, 0x59, 0xb0, 0x96, 0x7f, 0xf7, 0x1e, 0x38, 0xd1, 0x74, 0x9d, 0xbb, 0x52, 0xec, 0x5, 0x23, 0xca, 0x6f, 0x86, 0xa0, 0x49, 0x75, 0x9c, 0xba, 0x53, 0xf6, 0x1f, 0x39, 0xd0, 0x6e, 0x87, 0xa1, 0x48, 0xed, 0x4, 0x22, 0xcb, 0x43, 0xaa, 0x8c, 0x65, 0xc0, 0x29, 0xf, 0xe6, 0x58, 0xb1, 0x97, 0x7e, 0xdb, 0x32, 0x14, 0xfd, 0x19, 0xf0, 0xd6, 0x3f, 0x9a, 0x73, 0x55, 0xbc, 0x2, 0xeb, 0xcd, 0x24, 0x81, 0x68, 0x4e, 0xa7, 0x2f, 0xc6, 0xe0, 0x9, 0xac, 0x45, 0x63, 0x8a, 0x34, 0xdd, 0xfb, 0x12, 0xb7, 0x5e, 0x78, 0x91},
+ {0x0, 0xea, 0xc9, 0x23, 0x8f, 0x65, 0x46, 0xac, 0x3, 0xe9, 0xca, 0x20, 0x8c, 0x66, 0x45, 0xaf, 0x6, 0xec, 0xcf, 0x25, 0x89, 0x63, 0x40, 0xaa, 0x5, 0xef, 0xcc, 0x26, 0x8a, 0x60, 0x43, 0xa9, 0xc, 0xe6, 0xc5, 0x2f, 0x83, 0x69, 0x4a, 0xa0, 0xf, 0xe5, 0xc6, 0x2c, 0x80, 0x6a, 0x49, 0xa3, 0xa, 0xe0, 0xc3, 0x29, 0x85, 0x6f, 0x4c, 0xa6, 0x9, 0xe3, 0xc0, 0x2a, 0x86, 0x6c, 0x4f, 0xa5, 0x18, 0xf2, 0xd1, 0x3b, 0x97, 0x7d, 0x5e, 0xb4, 0x1b, 0xf1, 0xd2, 0x38, 0x94, 0x7e, 0x5d, 0xb7, 0x1e, 0xf4, 0xd7, 0x3d, 0x91, 0x7b, 0x58, 0xb2, 0x1d, 0xf7, 0xd4, 0x3e, 0x92, 0x78, 0x5b, 0xb1, 0x14, 0xfe, 0xdd, 0x37, 0x9b, 0x71, 0x52, 0xb8, 0x17, 0xfd, 0xde, 0x34, 0x98, 0x72, 0x51, 0xbb, 0x12, 0xf8, 0xdb, 0x31, 0x9d, 0x77, 0x54, 0xbe, 0x11, 0xfb, 0xd8, 0x32, 0x9e, 0x74, 0x57, 0xbd, 0x30, 0xda, 0xf9, 0x13, 0xbf, 0x55, 0x76, 0x9c, 0x33, 0xd9, 0xfa, 0x10, 0xbc, 0x56, 0x75, 0x9f, 0x36, 0xdc, 0xff, 0x15, 0xb9, 0x53, 0x70, 0x9a, 0x35, 0xdf, 0xfc, 0x16, 0xba, 0x50, 0x73, 0x99, 0x3c, 0xd6, 0xf5, 0x1f, 0xb3, 0x59, 0x7a, 0x90, 0x3f, 0xd5, 0xf6, 0x1c, 0xb0, 0x5a, 0x79, 0x93, 0x3a, 0xd0, 0xf3, 0x19, 0xb5, 0x5f, 0x7c, 0x96, 0x39, 0xd3, 0xf0, 0x1a, 0xb6, 0x5c, 0x7f, 0x95, 0x28, 0xc2, 0xe1, 0xb, 0xa7, 0x4d, 0x6e, 0x84, 0x2b, 0xc1, 0xe2, 0x8, 0xa4, 0x4e, 0x6d, 0x87, 0x2e, 0xc4, 0xe7, 0xd, 0xa1, 0x4b, 0x68, 0x82, 0x2d, 0xc7, 0xe4, 0xe, 0xa2, 0x48, 0x6b, 0x81, 0x24, 0xce, 0xed, 0x7, 0xab, 0x41, 0x62, 0x88, 0x27, 0xcd, 0xee, 0x4, 0xa8, 0x42, 0x61, 0x8b, 0x22, 0xc8, 0xeb, 0x1, 0xad, 0x47, 0x64, 0x8e, 0x21, 0xcb, 0xe8, 0x2, 0xae, 0x44, 0x67, 0x8d},
+ {0x0, 0xeb, 0xcb, 0x20, 0x8b, 0x60, 0x40, 0xab, 0xb, 0xe0, 0xc0, 0x2b, 0x80, 0x6b, 0x4b, 0xa0, 0x16, 0xfd, 0xdd, 0x36, 0x9d, 0x76, 0x56, 0xbd, 0x1d, 0xf6, 0xd6, 0x3d, 0x96, 0x7d, 0x5d, 0xb6, 0x2c, 0xc7, 0xe7, 0xc, 0xa7, 0x4c, 0x6c, 0x87, 0x27, 0xcc, 0xec, 0x7, 0xac, 0x47, 0x67, 0x8c, 0x3a, 0xd1, 0xf1, 0x1a, 0xb1, 0x5a, 0x7a, 0x91, 0x31, 0xda, 0xfa, 0x11, 0xba, 0x51, 0x71, 0x9a, 0x58, 0xb3, 0x93, 0x78, 0xd3, 0x38, 0x18, 0xf3, 0x53, 0xb8, 0x98, 0x73, 0xd8, 0x33, 0x13, 0xf8, 0x4e, 0xa5, 0x85, 0x6e, 0xc5, 0x2e, 0xe, 0xe5, 0x45, 0xae, 0x8e, 0x65, 0xce, 0x25, 0x5, 0xee, 0x74, 0x9f, 0xbf, 0x54, 0xff, 0x14, 0x34, 0xdf, 0x7f, 0x94, 0xb4, 0x5f, 0xf4, 0x1f, 0x3f, 0xd4, 0x62, 0x89, 0xa9, 0x42, 0xe9, 0x2, 0x22, 0xc9, 0x69, 0x82, 0xa2, 0x49, 0xe2, 0x9, 0x29, 0xc2, 0xb0, 0x5b, 0x7b, 0x90, 0x3b, 0xd0, 0xf0, 0x1b, 0xbb, 0x50, 0x70, 0x9b, 0x30, 0xdb, 0xfb, 0x10, 0xa6, 0x4d, 0x6d, 0x86, 0x2d, 0xc6, 0xe6, 0xd, 0xad, 0x46, 0x66, 0x8d, 0x26, 0xcd, 0xed, 0x6, 0x9c, 0x77, 0x57, 0xbc, 0x17, 0xfc, 0xdc, 0x37, 0x97, 0x7c, 0x5c, 0xb7, 0x1c, 0xf7, 0xd7, 0x3c, 0x8a, 0x61, 0x41, 0xaa, 0x1, 0xea, 0xca, 0x21, 0x81, 0x6a, 0x4a, 0xa1, 0xa, 0xe1, 0xc1, 0x2a, 0xe8, 0x3, 0x23, 0xc8, 0x63, 0x88, 0xa8, 0x43, 0xe3, 0x8, 0x28, 0xc3, 0x68, 0x83, 0xa3, 0x48, 0xfe, 0x15, 0x35, 0xde, 0x75, 0x9e, 0xbe, 0x55, 0xf5, 0x1e, 0x3e, 0xd5, 0x7e, 0x95, 0xb5, 0x5e, 0xc4, 0x2f, 0xf, 0xe4, 0x4f, 0xa4, 0x84, 0x6f, 0xcf, 0x24, 0x4, 0xef, 0x44, 0xaf, 0x8f, 0x64, 0xd2, 0x39, 0x19, 0xf2, 0x59, 0xb2, 0x92, 0x79, 0xd9, 0x32, 0x12, 0xf9, 0x52, 0xb9, 0x99, 0x72},
+ {0x0, 0xec, 0xc5, 0x29, 0x97, 0x7b, 0x52, 0xbe, 0x33, 0xdf, 0xf6, 0x1a, 0xa4, 0x48, 0x61, 0x8d, 0x66, 0x8a, 0xa3, 0x4f, 0xf1, 0x1d, 0x34, 0xd8, 0x55, 0xb9, 0x90, 0x7c, 0xc2, 0x2e, 0x7, 0xeb, 0xcc, 0x20, 0x9, 0xe5, 0x5b, 0xb7, 0x9e, 0x72, 0xff, 0x13, 0x3a, 0xd6, 0x68, 0x84, 0xad, 0x41, 0xaa, 0x46, 0x6f, 0x83, 0x3d, 0xd1, 0xf8, 0x14, 0x99, 0x75, 0x5c, 0xb0, 0xe, 0xe2, 0xcb, 0x27, 0x85, 0x69, 0x40, 0xac, 0x12, 0xfe, 0xd7, 0x3b, 0xb6, 0x5a, 0x73, 0x9f, 0x21, 0xcd, 0xe4, 0x8, 0xe3, 0xf, 0x26, 0xca, 0x74, 0x98, 0xb1, 0x5d, 0xd0, 0x3c, 0x15, 0xf9, 0x47, 0xab, 0x82, 0x6e, 0x49, 0xa5, 0x8c, 0x60, 0xde, 0x32, 0x1b, 0xf7, 0x7a, 0x96, 0xbf, 0x53, 0xed, 0x1, 0x28, 0xc4, 0x2f, 0xc3, 0xea, 0x6, 0xb8, 0x54, 0x7d, 0x91, 0x1c, 0xf0, 0xd9, 0x35, 0x8b, 0x67, 0x4e, 0xa2, 0x17, 0xfb, 0xd2, 0x3e, 0x80, 0x6c, 0x45, 0xa9, 0x24, 0xc8, 0xe1, 0xd, 0xb3, 0x5f, 0x76, 0x9a, 0x71, 0x9d, 0xb4, 0x58, 0xe6, 0xa, 0x23, 0xcf, 0x42, 0xae, 0x87, 0x6b, 0xd5, 0x39, 0x10, 0xfc, 0xdb, 0x37, 0x1e, 0xf2, 0x4c, 0xa0, 0x89, 0x65, 0xe8, 0x4, 0x2d, 0xc1, 0x7f, 0x93, 0xba, 0x56, 0xbd, 0x51, 0x78, 0x94, 0x2a, 0xc6, 0xef, 0x3, 0x8e, 0x62, 0x4b, 0xa7, 0x19, 0xf5, 0xdc, 0x30, 0x92, 0x7e, 0x57, 0xbb, 0x5, 0xe9, 0xc0, 0x2c, 0xa1, 0x4d, 0x64, 0x88, 0x36, 0xda, 0xf3, 0x1f, 0xf4, 0x18, 0x31, 0xdd, 0x63, 0x8f, 0xa6, 0x4a, 0xc7, 0x2b, 0x2, 0xee, 0x50, 0xbc, 0x95, 0x79, 0x5e, 0xb2, 0x9b, 0x77, 0xc9, 0x25, 0xc, 0xe0, 0x6d, 0x81, 0xa8, 0x44, 0xfa, 0x16, 0x3f, 0xd3, 0x38, 0xd4, 0xfd, 0x11, 0xaf, 0x43, 0x6a, 0x86, 0xb, 0xe7, 0xce, 0x22, 0x9c, 0x70, 0x59, 0xb5},
+ {0x0, 0xed, 0xc7, 0x2a, 0x93, 0x7e, 0x54, 0xb9, 0x3b, 0xd6, 0xfc, 0x11, 0xa8, 0x45, 0x6f, 0x82, 0x76, 0x9b, 0xb1, 0x5c, 0xe5, 0x8, 0x22, 0xcf, 0x4d, 0xa0, 0x8a, 0x67, 0xde, 0x33, 0x19, 0xf4, 0xec, 0x1, 0x2b, 0xc6, 0x7f, 0x92, 0xb8, 0x55, 0xd7, 0x3a, 0x10, 0xfd, 0x44, 0xa9, 0x83, 0x6e, 0x9a, 0x77, 0x5d, 0xb0, 0x9, 0xe4, 0xce, 0x23, 0xa1, 0x4c, 0x66, 0x8b, 0x32, 0xdf, 0xf5, 0x18, 0xc5, 0x28, 0x2, 0xef, 0x56, 0xbb, 0x91, 0x7c, 0xfe, 0x13, 0x39, 0xd4, 0x6d, 0x80, 0xaa, 0x47, 0xb3, 0x5e, 0x74, 0x99, 0x20, 0xcd, 0xe7, 0xa, 0x88, 0x65, 0x4f, 0xa2, 0x1b, 0xf6, 0xdc, 0x31, 0x29, 0xc4, 0xee, 0x3, 0xba, 0x57, 0x7d, 0x90, 0x12, 0xff, 0xd5, 0x38, 0x81, 0x6c, 0x46, 0xab, 0x5f, 0xb2, 0x98, 0x75, 0xcc, 0x21, 0xb, 0xe6, 0x64, 0x89, 0xa3, 0x4e, 0xf7, 0x1a, 0x30, 0xdd, 0x97, 0x7a, 0x50, 0xbd, 0x4, 0xe9, 0xc3, 0x2e, 0xac, 0x41, 0x6b, 0x86, 0x3f, 0xd2, 0xf8, 0x15, 0xe1, 0xc, 0x26, 0xcb, 0x72, 0x9f, 0xb5, 0x58, 0xda, 0x37, 0x1d, 0xf0, 0x49, 0xa4, 0x8e, 0x63, 0x7b, 0x96, 0xbc, 0x51, 0xe8, 0x5, 0x2f, 0xc2, 0x40, 0xad, 0x87, 0x6a, 0xd3, 0x3e, 0x14, 0xf9, 0xd, 0xe0, 0xca, 0x27, 0x9e, 0x73, 0x59, 0xb4, 0x36, 0xdb, 0xf1, 0x1c, 0xa5, 0x48, 0x62, 0x8f, 0x52, 0xbf, 0x95, 0x78, 0xc1, 0x2c, 0x6, 0xeb, 0x69, 0x84, 0xae, 0x43, 0xfa, 0x17, 0x3d, 0xd0, 0x24, 0xc9, 0xe3, 0xe, 0xb7, 0x5a, 0x70, 0x9d, 0x1f, 0xf2, 0xd8, 0x35, 0x8c, 0x61, 0x4b, 0xa6, 0xbe, 0x53, 0x79, 0x94, 0x2d, 0xc0, 0xea, 0x7, 0x85, 0x68, 0x42, 0xaf, 0x16, 0xfb, 0xd1, 0x3c, 0xc8, 0x25, 0xf, 0xe2, 0x5b, 0xb6, 0x9c, 0x71, 0xf3, 0x1e, 0x34, 0xd9, 0x60, 0x8d, 0xa7, 0x4a},
+ {0x0, 0xee, 0xc1, 0x2f, 0x9f, 0x71, 0x5e, 0xb0, 0x23, 0xcd, 0xe2, 0xc, 0xbc, 0x52, 0x7d, 0x93, 0x46, 0xa8, 0x87, 0x69, 0xd9, 0x37, 0x18, 0xf6, 0x65, 0x8b, 0xa4, 0x4a, 0xfa, 0x14, 0x3b, 0xd5, 0x8c, 0x62, 0x4d, 0xa3, 0x13, 0xfd, 0xd2, 0x3c, 0xaf, 0x41, 0x6e, 0x80, 0x30, 0xde, 0xf1, 0x1f, 0xca, 0x24, 0xb, 0xe5, 0x55, 0xbb, 0x94, 0x7a, 0xe9, 0x7, 0x28, 0xc6, 0x76, 0x98, 0xb7, 0x59, 0x5, 0xeb, 0xc4, 0x2a, 0x9a, 0x74, 0x5b, 0xb5, 0x26, 0xc8, 0xe7, 0x9, 0xb9, 0x57, 0x78, 0x96, 0x43, 0xad, 0x82, 0x6c, 0xdc, 0x32, 0x1d, 0xf3, 0x60, 0x8e, 0xa1, 0x4f, 0xff, 0x11, 0x3e, 0xd0, 0x89, 0x67, 0x48, 0xa6, 0x16, 0xf8, 0xd7, 0x39, 0xaa, 0x44, 0x6b, 0x85, 0x35, 0xdb, 0xf4, 0x1a, 0xcf, 0x21, 0xe, 0xe0, 0x50, 0xbe, 0x91, 0x7f, 0xec, 0x2, 0x2d, 0xc3, 0x73, 0x9d, 0xb2, 0x5c, 0xa, 0xe4, 0xcb, 0x25, 0x95, 0x7b, 0x54, 0xba, 0x29, 0xc7, 0xe8, 0x6, 0xb6, 0x58, 0x77, 0x99, 0x4c, 0xa2, 0x8d, 0x63, 0xd3, 0x3d, 0x12, 0xfc, 0x6f, 0x81, 0xae, 0x40, 0xf0, 0x1e, 0x31, 0xdf, 0x86, 0x68, 0x47, 0xa9, 0x19, 0xf7, 0xd8, 0x36, 0xa5, 0x4b, 0x64, 0x8a, 0x3a, 0xd4, 0xfb, 0x15, 0xc0, 0x2e, 0x1, 0xef, 0x5f, 0xb1, 0x9e, 0x70, 0xe3, 0xd, 0x22, 0xcc, 0x7c, 0x92, 0xbd, 0x53, 0xf, 0xe1, 0xce, 0x20, 0x90, 0x7e, 0x51, 0xbf, 0x2c, 0xc2, 0xed, 0x3, 0xb3, 0x5d, 0x72, 0x9c, 0x49, 0xa7, 0x88, 0x66, 0xd6, 0x38, 0x17, 0xf9, 0x6a, 0x84, 0xab, 0x45, 0xf5, 0x1b, 0x34, 0xda, 0x83, 0x6d, 0x42, 0xac, 0x1c, 0xf2, 0xdd, 0x33, 0xa0, 0x4e, 0x61, 0x8f, 0x3f, 0xd1, 0xfe, 0x10, 0xc5, 0x2b, 0x4, 0xea, 0x5a, 0xb4, 0x9b, 0x75, 0xe6, 0x8, 0x27, 0xc9, 0x79, 0x97, 0xb8, 0x56},
+ {0x0, 0xef, 0xc3, 0x2c, 0x9b, 0x74, 0x58, 0xb7, 0x2b, 0xc4, 0xe8, 0x7, 0xb0, 0x5f, 0x73, 0x9c, 0x56, 0xb9, 0x95, 0x7a, 0xcd, 0x22, 0xe, 0xe1, 0x7d, 0x92, 0xbe, 0x51, 0xe6, 0x9, 0x25, 0xca, 0xac, 0x43, 0x6f, 0x80, 0x37, 0xd8, 0xf4, 0x1b, 0x87, 0x68, 0x44, 0xab, 0x1c, 0xf3, 0xdf, 0x30, 0xfa, 0x15, 0x39, 0xd6, 0x61, 0x8e, 0xa2, 0x4d, 0xd1, 0x3e, 0x12, 0xfd, 0x4a, 0xa5, 0x89, 0x66, 0x45, 0xaa, 0x86, 0x69, 0xde, 0x31, 0x1d, 0xf2, 0x6e, 0x81, 0xad, 0x42, 0xf5, 0x1a, 0x36, 0xd9, 0x13, 0xfc, 0xd0, 0x3f, 0x88, 0x67, 0x4b, 0xa4, 0x38, 0xd7, 0xfb, 0x14, 0xa3, 0x4c, 0x60, 0x8f, 0xe9, 0x6, 0x2a, 0xc5, 0x72, 0x9d, 0xb1, 0x5e, 0xc2, 0x2d, 0x1, 0xee, 0x59, 0xb6, 0x9a, 0x75, 0xbf, 0x50, 0x7c, 0x93, 0x24, 0xcb, 0xe7, 0x8, 0x94, 0x7b, 0x57, 0xb8, 0xf, 0xe0, 0xcc, 0x23, 0x8a, 0x65, 0x49, 0xa6, 0x11, 0xfe, 0xd2, 0x3d, 0xa1, 0x4e, 0x62, 0x8d, 0x3a, 0xd5, 0xf9, 0x16, 0xdc, 0x33, 0x1f, 0xf0, 0x47, 0xa8, 0x84, 0x6b, 0xf7, 0x18, 0x34, 0xdb, 0x6c, 0x83, 0xaf, 0x40, 0x26, 0xc9, 0xe5, 0xa, 0xbd, 0x52, 0x7e, 0x91, 0xd, 0xe2, 0xce, 0x21, 0x96, 0x79, 0x55, 0xba, 0x70, 0x9f, 0xb3, 0x5c, 0xeb, 0x4, 0x28, 0xc7, 0x5b, 0xb4, 0x98, 0x77, 0xc0, 0x2f, 0x3, 0xec, 0xcf, 0x20, 0xc, 0xe3, 0x54, 0xbb, 0x97, 0x78, 0xe4, 0xb, 0x27, 0xc8, 0x7f, 0x90, 0xbc, 0x53, 0x99, 0x76, 0x5a, 0xb5, 0x2, 0xed, 0xc1, 0x2e, 0xb2, 0x5d, 0x71, 0x9e, 0x29, 0xc6, 0xea, 0x5, 0x63, 0x8c, 0xa0, 0x4f, 0xf8, 0x17, 0x3b, 0xd4, 0x48, 0xa7, 0x8b, 0x64, 0xd3, 0x3c, 0x10, 0xff, 0x35, 0xda, 0xf6, 0x19, 0xae, 0x41, 0x6d, 0x82, 0x1e, 0xf1, 0xdd, 0x32, 0x85, 0x6a, 0x46, 0xa9},
+ {0x0, 0xf0, 0xfd, 0xd, 0xe7, 0x17, 0x1a, 0xea, 0xd3, 0x23, 0x2e, 0xde, 0x34, 0xc4, 0xc9, 0x39, 0xbb, 0x4b, 0x46, 0xb6, 0x5c, 0xac, 0xa1, 0x51, 0x68, 0x98, 0x95, 0x65, 0x8f, 0x7f, 0x72, 0x82, 0x6b, 0x9b, 0x96, 0x66, 0x8c, 0x7c, 0x71, 0x81, 0xb8, 0x48, 0x45, 0xb5, 0x5f, 0xaf, 0xa2, 0x52, 0xd0, 0x20, 0x2d, 0xdd, 0x37, 0xc7, 0xca, 0x3a, 0x3, 0xf3, 0xfe, 0xe, 0xe4, 0x14, 0x19, 0xe9, 0xd6, 0x26, 0x2b, 0xdb, 0x31, 0xc1, 0xcc, 0x3c, 0x5, 0xf5, 0xf8, 0x8, 0xe2, 0x12, 0x1f, 0xef, 0x6d, 0x9d, 0x90, 0x60, 0x8a, 0x7a, 0x77, 0x87, 0xbe, 0x4e, 0x43, 0xb3, 0x59, 0xa9, 0xa4, 0x54, 0xbd, 0x4d, 0x40, 0xb0, 0x5a, 0xaa, 0xa7, 0x57, 0x6e, 0x9e, 0x93, 0x63, 0x89, 0x79, 0x74, 0x84, 0x6, 0xf6, 0xfb, 0xb, 0xe1, 0x11, 0x1c, 0xec, 0xd5, 0x25, 0x28, 0xd8, 0x32, 0xc2, 0xcf, 0x3f, 0xb1, 0x41, 0x4c, 0xbc, 0x56, 0xa6, 0xab, 0x5b, 0x62, 0x92, 0x9f, 0x6f, 0x85, 0x75, 0x78, 0x88, 0xa, 0xfa, 0xf7, 0x7, 0xed, 0x1d, 0x10, 0xe0, 0xd9, 0x29, 0x24, 0xd4, 0x3e, 0xce, 0xc3, 0x33, 0xda, 0x2a, 0x27, 0xd7, 0x3d, 0xcd, 0xc0, 0x30, 0x9, 0xf9, 0xf4, 0x4, 0xee, 0x1e, 0x13, 0xe3, 0x61, 0x91, 0x9c, 0x6c, 0x86, 0x76, 0x7b, 0x8b, 0xb2, 0x42, 0x4f, 0xbf, 0x55, 0xa5, 0xa8, 0x58, 0x67, 0x97, 0x9a, 0x6a, 0x80, 0x70, 0x7d, 0x8d, 0xb4, 0x44, 0x49, 0xb9, 0x53, 0xa3, 0xae, 0x5e, 0xdc, 0x2c, 0x21, 0xd1, 0x3b, 0xcb, 0xc6, 0x36, 0xf, 0xff, 0xf2, 0x2, 0xe8, 0x18, 0x15, 0xe5, 0xc, 0xfc, 0xf1, 0x1, 0xeb, 0x1b, 0x16, 0xe6, 0xdf, 0x2f, 0x22, 0xd2, 0x38, 0xc8, 0xc5, 0x35, 0xb7, 0x47, 0x4a, 0xba, 0x50, 0xa0, 0xad, 0x5d, 0x64, 0x94, 0x99, 0x69, 0x83, 0x73, 0x7e, 0x8e},
+ {0x0, 0xf1, 0xff, 0xe, 0xe3, 0x12, 0x1c, 0xed, 0xdb, 0x2a, 0x24, 0xd5, 0x38, 0xc9, 0xc7, 0x36, 0xab, 0x5a, 0x54, 0xa5, 0x48, 0xb9, 0xb7, 0x46, 0x70, 0x81, 0x8f, 0x7e, 0x93, 0x62, 0x6c, 0x9d, 0x4b, 0xba, 0xb4, 0x45, 0xa8, 0x59, 0x57, 0xa6, 0x90, 0x61, 0x6f, 0x9e, 0x73, 0x82, 0x8c, 0x7d, 0xe0, 0x11, 0x1f, 0xee, 0x3, 0xf2, 0xfc, 0xd, 0x3b, 0xca, 0xc4, 0x35, 0xd8, 0x29, 0x27, 0xd6, 0x96, 0x67, 0x69, 0x98, 0x75, 0x84, 0x8a, 0x7b, 0x4d, 0xbc, 0xb2, 0x43, 0xae, 0x5f, 0x51, 0xa0, 0x3d, 0xcc, 0xc2, 0x33, 0xde, 0x2f, 0x21, 0xd0, 0xe6, 0x17, 0x19, 0xe8, 0x5, 0xf4, 0xfa, 0xb, 0xdd, 0x2c, 0x22, 0xd3, 0x3e, 0xcf, 0xc1, 0x30, 0x6, 0xf7, 0xf9, 0x8, 0xe5, 0x14, 0x1a, 0xeb, 0x76, 0x87, 0x89, 0x78, 0x95, 0x64, 0x6a, 0x9b, 0xad, 0x5c, 0x52, 0xa3, 0x4e, 0xbf, 0xb1, 0x40, 0x31, 0xc0, 0xce, 0x3f, 0xd2, 0x23, 0x2d, 0xdc, 0xea, 0x1b, 0x15, 0xe4, 0x9, 0xf8, 0xf6, 0x7, 0x9a, 0x6b, 0x65, 0x94, 0x79, 0x88, 0x86, 0x77, 0x41, 0xb0, 0xbe, 0x4f, 0xa2, 0x53, 0x5d, 0xac, 0x7a, 0x8b, 0x85, 0x74, 0x99, 0x68, 0x66, 0x97, 0xa1, 0x50, 0x5e, 0xaf, 0x42, 0xb3, 0xbd, 0x4c, 0xd1, 0x20, 0x2e, 0xdf, 0x32, 0xc3, 0xcd, 0x3c, 0xa, 0xfb, 0xf5, 0x4, 0xe9, 0x18, 0x16, 0xe7, 0xa7, 0x56, 0x58, 0xa9, 0x44, 0xb5, 0xbb, 0x4a, 0x7c, 0x8d, 0x83, 0x72, 0x9f, 0x6e, 0x60, 0x91, 0xc, 0xfd, 0xf3, 0x2, 0xef, 0x1e, 0x10, 0xe1, 0xd7, 0x26, 0x28, 0xd9, 0x34, 0xc5, 0xcb, 0x3a, 0xec, 0x1d, 0x13, 0xe2, 0xf, 0xfe, 0xf0, 0x1, 0x37, 0xc6, 0xc8, 0x39, 0xd4, 0x25, 0x2b, 0xda, 0x47, 0xb6, 0xb8, 0x49, 0xa4, 0x55, 0x5b, 0xaa, 0x9c, 0x6d, 0x63, 0x92, 0x7f, 0x8e, 0x80, 0x71},
+ {0x0, 0xf2, 0xf9, 0xb, 0xef, 0x1d, 0x16, 0xe4, 0xc3, 0x31, 0x3a, 0xc8, 0x2c, 0xde, 0xd5, 0x27, 0x9b, 0x69, 0x62, 0x90, 0x74, 0x86, 0x8d, 0x7f, 0x58, 0xaa, 0xa1, 0x53, 0xb7, 0x45, 0x4e, 0xbc, 0x2b, 0xd9, 0xd2, 0x20, 0xc4, 0x36, 0x3d, 0xcf, 0xe8, 0x1a, 0x11, 0xe3, 0x7, 0xf5, 0xfe, 0xc, 0xb0, 0x42, 0x49, 0xbb, 0x5f, 0xad, 0xa6, 0x54, 0x73, 0x81, 0x8a, 0x78, 0x9c, 0x6e, 0x65, 0x97, 0x56, 0xa4, 0xaf, 0x5d, 0xb9, 0x4b, 0x40, 0xb2, 0x95, 0x67, 0x6c, 0x9e, 0x7a, 0x88, 0x83, 0x71, 0xcd, 0x3f, 0x34, 0xc6, 0x22, 0xd0, 0xdb, 0x29, 0xe, 0xfc, 0xf7, 0x5, 0xe1, 0x13, 0x18, 0xea, 0x7d, 0x8f, 0x84, 0x76, 0x92, 0x60, 0x6b, 0x99, 0xbe, 0x4c, 0x47, 0xb5, 0x51, 0xa3, 0xa8, 0x5a, 0xe6, 0x14, 0x1f, 0xed, 0x9, 0xfb, 0xf0, 0x2, 0x25, 0xd7, 0xdc, 0x2e, 0xca, 0x38, 0x33, 0xc1, 0xac, 0x5e, 0x55, 0xa7, 0x43, 0xb1, 0xba, 0x48, 0x6f, 0x9d, 0x96, 0x64, 0x80, 0x72, 0x79, 0x8b, 0x37, 0xc5, 0xce, 0x3c, 0xd8, 0x2a, 0x21, 0xd3, 0xf4, 0x6, 0xd, 0xff, 0x1b, 0xe9, 0xe2, 0x10, 0x87, 0x75, 0x7e, 0x8c, 0x68, 0x9a, 0x91, 0x63, 0x44, 0xb6, 0xbd, 0x4f, 0xab, 0x59, 0x52, 0xa0, 0x1c, 0xee, 0xe5, 0x17, 0xf3, 0x1, 0xa, 0xf8, 0xdf, 0x2d, 0x26, 0xd4, 0x30, 0xc2, 0xc9, 0x3b, 0xfa, 0x8, 0x3, 0xf1, 0x15, 0xe7, 0xec, 0x1e, 0x39, 0xcb, 0xc0, 0x32, 0xd6, 0x24, 0x2f, 0xdd, 0x61, 0x93, 0x98, 0x6a, 0x8e, 0x7c, 0x77, 0x85, 0xa2, 0x50, 0x5b, 0xa9, 0x4d, 0xbf, 0xb4, 0x46, 0xd1, 0x23, 0x28, 0xda, 0x3e, 0xcc, 0xc7, 0x35, 0x12, 0xe0, 0xeb, 0x19, 0xfd, 0xf, 0x4, 0xf6, 0x4a, 0xb8, 0xb3, 0x41, 0xa5, 0x57, 0x5c, 0xae, 0x89, 0x7b, 0x70, 0x82, 0x66, 0x94, 0x9f, 0x6d},
+ {0x0, 0xf3, 0xfb, 0x8, 0xeb, 0x18, 0x10, 0xe3, 0xcb, 0x38, 0x30, 0xc3, 0x20, 0xd3, 0xdb, 0x28, 0x8b, 0x78, 0x70, 0x83, 0x60, 0x93, 0x9b, 0x68, 0x40, 0xb3, 0xbb, 0x48, 0xab, 0x58, 0x50, 0xa3, 0xb, 0xf8, 0xf0, 0x3, 0xe0, 0x13, 0x1b, 0xe8, 0xc0, 0x33, 0x3b, 0xc8, 0x2b, 0xd8, 0xd0, 0x23, 0x80, 0x73, 0x7b, 0x88, 0x6b, 0x98, 0x90, 0x63, 0x4b, 0xb8, 0xb0, 0x43, 0xa0, 0x53, 0x5b, 0xa8, 0x16, 0xe5, 0xed, 0x1e, 0xfd, 0xe, 0x6, 0xf5, 0xdd, 0x2e, 0x26, 0xd5, 0x36, 0xc5, 0xcd, 0x3e, 0x9d, 0x6e, 0x66, 0x95, 0x76, 0x85, 0x8d, 0x7e, 0x56, 0xa5, 0xad, 0x5e, 0xbd, 0x4e, 0x46, 0xb5, 0x1d, 0xee, 0xe6, 0x15, 0xf6, 0x5, 0xd, 0xfe, 0xd6, 0x25, 0x2d, 0xde, 0x3d, 0xce, 0xc6, 0x35, 0x96, 0x65, 0x6d, 0x9e, 0x7d, 0x8e, 0x86, 0x75, 0x5d, 0xae, 0xa6, 0x55, 0xb6, 0x45, 0x4d, 0xbe, 0x2c, 0xdf, 0xd7, 0x24, 0xc7, 0x34, 0x3c, 0xcf, 0xe7, 0x14, 0x1c, 0xef, 0xc, 0xff, 0xf7, 0x4, 0xa7, 0x54, 0x5c, 0xaf, 0x4c, 0xbf, 0xb7, 0x44, 0x6c, 0x9f, 0x97, 0x64, 0x87, 0x74, 0x7c, 0x8f, 0x27, 0xd4, 0xdc, 0x2f, 0xcc, 0x3f, 0x37, 0xc4, 0xec, 0x1f, 0x17, 0xe4, 0x7, 0xf4, 0xfc, 0xf, 0xac, 0x5f, 0x57, 0xa4, 0x47, 0xb4, 0xbc, 0x4f, 0x67, 0x94, 0x9c, 0x6f, 0x8c, 0x7f, 0x77, 0x84, 0x3a, 0xc9, 0xc1, 0x32, 0xd1, 0x22, 0x2a, 0xd9, 0xf1, 0x2, 0xa, 0xf9, 0x1a, 0xe9, 0xe1, 0x12, 0xb1, 0x42, 0x4a, 0xb9, 0x5a, 0xa9, 0xa1, 0x52, 0x7a, 0x89, 0x81, 0x72, 0x91, 0x62, 0x6a, 0x99, 0x31, 0xc2, 0xca, 0x39, 0xda, 0x29, 0x21, 0xd2, 0xfa, 0x9, 0x1, 0xf2, 0x11, 0xe2, 0xea, 0x19, 0xba, 0x49, 0x41, 0xb2, 0x51, 0xa2, 0xaa, 0x59, 0x71, 0x82, 0x8a, 0x79, 0x9a, 0x69, 0x61, 0x92},
+ {0x0, 0xf4, 0xf5, 0x1, 0xf7, 0x3, 0x2, 0xf6, 0xf3, 0x7, 0x6, 0xf2, 0x4, 0xf0, 0xf1, 0x5, 0xfb, 0xf, 0xe, 0xfa, 0xc, 0xf8, 0xf9, 0xd, 0x8, 0xfc, 0xfd, 0x9, 0xff, 0xb, 0xa, 0xfe, 0xeb, 0x1f, 0x1e, 0xea, 0x1c, 0xe8, 0xe9, 0x1d, 0x18, 0xec, 0xed, 0x19, 0xef, 0x1b, 0x1a, 0xee, 0x10, 0xe4, 0xe5, 0x11, 0xe7, 0x13, 0x12, 0xe6, 0xe3, 0x17, 0x16, 0xe2, 0x14, 0xe0, 0xe1, 0x15, 0xcb, 0x3f, 0x3e, 0xca, 0x3c, 0xc8, 0xc9, 0x3d, 0x38, 0xcc, 0xcd, 0x39, 0xcf, 0x3b, 0x3a, 0xce, 0x30, 0xc4, 0xc5, 0x31, 0xc7, 0x33, 0x32, 0xc6, 0xc3, 0x37, 0x36, 0xc2, 0x34, 0xc0, 0xc1, 0x35, 0x20, 0xd4, 0xd5, 0x21, 0xd7, 0x23, 0x22, 0xd6, 0xd3, 0x27, 0x26, 0xd2, 0x24, 0xd0, 0xd1, 0x25, 0xdb, 0x2f, 0x2e, 0xda, 0x2c, 0xd8, 0xd9, 0x2d, 0x28, 0xdc, 0xdd, 0x29, 0xdf, 0x2b, 0x2a, 0xde, 0x8b, 0x7f, 0x7e, 0x8a, 0x7c, 0x88, 0x89, 0x7d, 0x78, 0x8c, 0x8d, 0x79, 0x8f, 0x7b, 0x7a, 0x8e, 0x70, 0x84, 0x85, 0x71, 0x87, 0x73, 0x72, 0x86, 0x83, 0x77, 0x76, 0x82, 0x74, 0x80, 0x81, 0x75, 0x60, 0x94, 0x95, 0x61, 0x97, 0x63, 0x62, 0x96, 0x93, 0x67, 0x66, 0x92, 0x64, 0x90, 0x91, 0x65, 0x9b, 0x6f, 0x6e, 0x9a, 0x6c, 0x98, 0x99, 0x6d, 0x68, 0x9c, 0x9d, 0x69, 0x9f, 0x6b, 0x6a, 0x9e, 0x40, 0xb4, 0xb5, 0x41, 0xb7, 0x43, 0x42, 0xb6, 0xb3, 0x47, 0x46, 0xb2, 0x44, 0xb0, 0xb1, 0x45, 0xbb, 0x4f, 0x4e, 0xba, 0x4c, 0xb8, 0xb9, 0x4d, 0x48, 0xbc, 0xbd, 0x49, 0xbf, 0x4b, 0x4a, 0xbe, 0xab, 0x5f, 0x5e, 0xaa, 0x5c, 0xa8, 0xa9, 0x5d, 0x58, 0xac, 0xad, 0x59, 0xaf, 0x5b, 0x5a, 0xae, 0x50, 0xa4, 0xa5, 0x51, 0xa7, 0x53, 0x52, 0xa6, 0xa3, 0x57, 0x56, 0xa2, 0x54, 0xa0, 0xa1, 0x55},
+ {0x0, 0xf5, 0xf7, 0x2, 0xf3, 0x6, 0x4, 0xf1, 0xfb, 0xe, 0xc, 0xf9, 0x8, 0xfd, 0xff, 0xa, 0xeb, 0x1e, 0x1c, 0xe9, 0x18, 0xed, 0xef, 0x1a, 0x10, 0xe5, 0xe7, 0x12, 0xe3, 0x16, 0x14, 0xe1, 0xcb, 0x3e, 0x3c, 0xc9, 0x38, 0xcd, 0xcf, 0x3a, 0x30, 0xc5, 0xc7, 0x32, 0xc3, 0x36, 0x34, 0xc1, 0x20, 0xd5, 0xd7, 0x22, 0xd3, 0x26, 0x24, 0xd1, 0xdb, 0x2e, 0x2c, 0xd9, 0x28, 0xdd, 0xdf, 0x2a, 0x8b, 0x7e, 0x7c, 0x89, 0x78, 0x8d, 0x8f, 0x7a, 0x70, 0x85, 0x87, 0x72, 0x83, 0x76, 0x74, 0x81, 0x60, 0x95, 0x97, 0x62, 0x93, 0x66, 0x64, 0x91, 0x9b, 0x6e, 0x6c, 0x99, 0x68, 0x9d, 0x9f, 0x6a, 0x40, 0xb5, 0xb7, 0x42, 0xb3, 0x46, 0x44, 0xb1, 0xbb, 0x4e, 0x4c, 0xb9, 0x48, 0xbd, 0xbf, 0x4a, 0xab, 0x5e, 0x5c, 0xa9, 0x58, 0xad, 0xaf, 0x5a, 0x50, 0xa5, 0xa7, 0x52, 0xa3, 0x56, 0x54, 0xa1, 0xb, 0xfe, 0xfc, 0x9, 0xf8, 0xd, 0xf, 0xfa, 0xf0, 0x5, 0x7, 0xf2, 0x3, 0xf6, 0xf4, 0x1, 0xe0, 0x15, 0x17, 0xe2, 0x13, 0xe6, 0xe4, 0x11, 0x1b, 0xee, 0xec, 0x19, 0xe8, 0x1d, 0x1f, 0xea, 0xc0, 0x35, 0x37, 0xc2, 0x33, 0xc6, 0xc4, 0x31, 0x3b, 0xce, 0xcc, 0x39, 0xc8, 0x3d, 0x3f, 0xca, 0x2b, 0xde, 0xdc, 0x29, 0xd8, 0x2d, 0x2f, 0xda, 0xd0, 0x25, 0x27, 0xd2, 0x23, 0xd6, 0xd4, 0x21, 0x80, 0x75, 0x77, 0x82, 0x73, 0x86, 0x84, 0x71, 0x7b, 0x8e, 0x8c, 0x79, 0x88, 0x7d, 0x7f, 0x8a, 0x6b, 0x9e, 0x9c, 0x69, 0x98, 0x6d, 0x6f, 0x9a, 0x90, 0x65, 0x67, 0x92, 0x63, 0x96, 0x94, 0x61, 0x4b, 0xbe, 0xbc, 0x49, 0xb8, 0x4d, 0x4f, 0xba, 0xb0, 0x45, 0x47, 0xb2, 0x43, 0xb6, 0xb4, 0x41, 0xa0, 0x55, 0x57, 0xa2, 0x53, 0xa6, 0xa4, 0x51, 0x5b, 0xae, 0xac, 0x59, 0xa8, 0x5d, 0x5f, 0xaa},
+ {0x0, 0xf6, 0xf1, 0x7, 0xff, 0x9, 0xe, 0xf8, 0xe3, 0x15, 0x12, 0xe4, 0x1c, 0xea, 0xed, 0x1b, 0xdb, 0x2d, 0x2a, 0xdc, 0x24, 0xd2, 0xd5, 0x23, 0x38, 0xce, 0xc9, 0x3f, 0xc7, 0x31, 0x36, 0xc0, 0xab, 0x5d, 0x5a, 0xac, 0x54, 0xa2, 0xa5, 0x53, 0x48, 0xbe, 0xb9, 0x4f, 0xb7, 0x41, 0x46, 0xb0, 0x70, 0x86, 0x81, 0x77, 0x8f, 0x79, 0x7e, 0x88, 0x93, 0x65, 0x62, 0x94, 0x6c, 0x9a, 0x9d, 0x6b, 0x4b, 0xbd, 0xba, 0x4c, 0xb4, 0x42, 0x45, 0xb3, 0xa8, 0x5e, 0x59, 0xaf, 0x57, 0xa1, 0xa6, 0x50, 0x90, 0x66, 0x61, 0x97, 0x6f, 0x99, 0x9e, 0x68, 0x73, 0x85, 0x82, 0x74, 0x8c, 0x7a, 0x7d, 0x8b, 0xe0, 0x16, 0x11, 0xe7, 0x1f, 0xe9, 0xee, 0x18, 0x3, 0xf5, 0xf2, 0x4, 0xfc, 0xa, 0xd, 0xfb, 0x3b, 0xcd, 0xca, 0x3c, 0xc4, 0x32, 0x35, 0xc3, 0xd8, 0x2e, 0x29, 0xdf, 0x27, 0xd1, 0xd6, 0x20, 0x96, 0x60, 0x67, 0x91, 0x69, 0x9f, 0x98, 0x6e, 0x75, 0x83, 0x84, 0x72, 0x8a, 0x7c, 0x7b, 0x8d, 0x4d, 0xbb, 0xbc, 0x4a, 0xb2, 0x44, 0x43, 0xb5, 0xae, 0x58, 0x5f, 0xa9, 0x51, 0xa7, 0xa0, 0x56, 0x3d, 0xcb, 0xcc, 0x3a, 0xc2, 0x34, 0x33, 0xc5, 0xde, 0x28, 0x2f, 0xd9, 0x21, 0xd7, 0xd0, 0x26, 0xe6, 0x10, 0x17, 0xe1, 0x19, 0xef, 0xe8, 0x1e, 0x5, 0xf3, 0xf4, 0x2, 0xfa, 0xc, 0xb, 0xfd, 0xdd, 0x2b, 0x2c, 0xda, 0x22, 0xd4, 0xd3, 0x25, 0x3e, 0xc8, 0xcf, 0x39, 0xc1, 0x37, 0x30, 0xc6, 0x6, 0xf0, 0xf7, 0x1, 0xf9, 0xf, 0x8, 0xfe, 0xe5, 0x13, 0x14, 0xe2, 0x1a, 0xec, 0xeb, 0x1d, 0x76, 0x80, 0x87, 0x71, 0x89, 0x7f, 0x78, 0x8e, 0x95, 0x63, 0x64, 0x92, 0x6a, 0x9c, 0x9b, 0x6d, 0xad, 0x5b, 0x5c, 0xaa, 0x52, 0xa4, 0xa3, 0x55, 0x4e, 0xb8, 0xbf, 0x49, 0xb1, 0x47, 0x40, 0xb6},
+ {0x0, 0xf7, 0xf3, 0x4, 0xfb, 0xc, 0x8, 0xff, 0xeb, 0x1c, 0x18, 0xef, 0x10, 0xe7, 0xe3, 0x14, 0xcb, 0x3c, 0x38, 0xcf, 0x30, 0xc7, 0xc3, 0x34, 0x20, 0xd7, 0xd3, 0x24, 0xdb, 0x2c, 0x28, 0xdf, 0x8b, 0x7c, 0x78, 0x8f, 0x70, 0x87, 0x83, 0x74, 0x60, 0x97, 0x93, 0x64, 0x9b, 0x6c, 0x68, 0x9f, 0x40, 0xb7, 0xb3, 0x44, 0xbb, 0x4c, 0x48, 0xbf, 0xab, 0x5c, 0x58, 0xaf, 0x50, 0xa7, 0xa3, 0x54, 0xb, 0xfc, 0xf8, 0xf, 0xf0, 0x7, 0x3, 0xf4, 0xe0, 0x17, 0x13, 0xe4, 0x1b, 0xec, 0xe8, 0x1f, 0xc0, 0x37, 0x33, 0xc4, 0x3b, 0xcc, 0xc8, 0x3f, 0x2b, 0xdc, 0xd8, 0x2f, 0xd0, 0x27, 0x23, 0xd4, 0x80, 0x77, 0x73, 0x84, 0x7b, 0x8c, 0x88, 0x7f, 0x6b, 0x9c, 0x98, 0x6f, 0x90, 0x67, 0x63, 0x94, 0x4b, 0xbc, 0xb8, 0x4f, 0xb0, 0x47, 0x43, 0xb4, 0xa0, 0x57, 0x53, 0xa4, 0x5b, 0xac, 0xa8, 0x5f, 0x16, 0xe1, 0xe5, 0x12, 0xed, 0x1a, 0x1e, 0xe9, 0xfd, 0xa, 0xe, 0xf9, 0x6, 0xf1, 0xf5, 0x2, 0xdd, 0x2a, 0x2e, 0xd9, 0x26, 0xd1, 0xd5, 0x22, 0x36, 0xc1, 0xc5, 0x32, 0xcd, 0x3a, 0x3e, 0xc9, 0x9d, 0x6a, 0x6e, 0x99, 0x66, 0x91, 0x95, 0x62, 0x76, 0x81, 0x85, 0x72, 0x8d, 0x7a, 0x7e, 0x89, 0x56, 0xa1, 0xa5, 0x52, 0xad, 0x5a, 0x5e, 0xa9, 0xbd, 0x4a, 0x4e, 0xb9, 0x46, 0xb1, 0xb5, 0x42, 0x1d, 0xea, 0xee, 0x19, 0xe6, 0x11, 0x15, 0xe2, 0xf6, 0x1, 0x5, 0xf2, 0xd, 0xfa, 0xfe, 0x9, 0xd6, 0x21, 0x25, 0xd2, 0x2d, 0xda, 0xde, 0x29, 0x3d, 0xca, 0xce, 0x39, 0xc6, 0x31, 0x35, 0xc2, 0x96, 0x61, 0x65, 0x92, 0x6d, 0x9a, 0x9e, 0x69, 0x7d, 0x8a, 0x8e, 0x79, 0x86, 0x71, 0x75, 0x82, 0x5d, 0xaa, 0xae, 0x59, 0xa6, 0x51, 0x55, 0xa2, 0xb6, 0x41, 0x45, 0xb2, 0x4d, 0xba, 0xbe, 0x49},
+ {0x0, 0xf8, 0xed, 0x15, 0xc7, 0x3f, 0x2a, 0xd2, 0x93, 0x6b, 0x7e, 0x86, 0x54, 0xac, 0xb9, 0x41, 0x3b, 0xc3, 0xd6, 0x2e, 0xfc, 0x4, 0x11, 0xe9, 0xa8, 0x50, 0x45, 0xbd, 0x6f, 0x97, 0x82, 0x7a, 0x76, 0x8e, 0x9b, 0x63, 0xb1, 0x49, 0x5c, 0xa4, 0xe5, 0x1d, 0x8, 0xf0, 0x22, 0xda, 0xcf, 0x37, 0x4d, 0xb5, 0xa0, 0x58, 0x8a, 0x72, 0x67, 0x9f, 0xde, 0x26, 0x33, 0xcb, 0x19, 0xe1, 0xf4, 0xc, 0xec, 0x14, 0x1, 0xf9, 0x2b, 0xd3, 0xc6, 0x3e, 0x7f, 0x87, 0x92, 0x6a, 0xb8, 0x40, 0x55, 0xad, 0xd7, 0x2f, 0x3a, 0xc2, 0x10, 0xe8, 0xfd, 0x5, 0x44, 0xbc, 0xa9, 0x51, 0x83, 0x7b, 0x6e, 0x96, 0x9a, 0x62, 0x77, 0x8f, 0x5d, 0xa5, 0xb0, 0x48, 0x9, 0xf1, 0xe4, 0x1c, 0xce, 0x36, 0x23, 0xdb, 0xa1, 0x59, 0x4c, 0xb4, 0x66, 0x9e, 0x8b, 0x73, 0x32, 0xca, 0xdf, 0x27, 0xf5, 0xd, 0x18, 0xe0, 0xc5, 0x3d, 0x28, 0xd0, 0x2, 0xfa, 0xef, 0x17, 0x56, 0xae, 0xbb, 0x43, 0x91, 0x69, 0x7c, 0x84, 0xfe, 0x6, 0x13, 0xeb, 0x39, 0xc1, 0xd4, 0x2c, 0x6d, 0x95, 0x80, 0x78, 0xaa, 0x52, 0x47, 0xbf, 0xb3, 0x4b, 0x5e, 0xa6, 0x74, 0x8c, 0x99, 0x61, 0x20, 0xd8, 0xcd, 0x35, 0xe7, 0x1f, 0xa, 0xf2, 0x88, 0x70, 0x65, 0x9d, 0x4f, 0xb7, 0xa2, 0x5a, 0x1b, 0xe3, 0xf6, 0xe, 0xdc, 0x24, 0x31, 0xc9, 0x29, 0xd1, 0xc4, 0x3c, 0xee, 0x16, 0x3, 0xfb, 0xba, 0x42, 0x57, 0xaf, 0x7d, 0x85, 0x90, 0x68, 0x12, 0xea, 0xff, 0x7, 0xd5, 0x2d, 0x38, 0xc0, 0x81, 0x79, 0x6c, 0x94, 0x46, 0xbe, 0xab, 0x53, 0x5f, 0xa7, 0xb2, 0x4a, 0x98, 0x60, 0x75, 0x8d, 0xcc, 0x34, 0x21, 0xd9, 0xb, 0xf3, 0xe6, 0x1e, 0x64, 0x9c, 0x89, 0x71, 0xa3, 0x5b, 0x4e, 0xb6, 0xf7, 0xf, 0x1a, 0xe2, 0x30, 0xc8, 0xdd, 0x25},
+ {0x0, 0xf9, 0xef, 0x16, 0xc3, 0x3a, 0x2c, 0xd5, 0x9b, 0x62, 0x74, 0x8d, 0x58, 0xa1, 0xb7, 0x4e, 0x2b, 0xd2, 0xc4, 0x3d, 0xe8, 0x11, 0x7, 0xfe, 0xb0, 0x49, 0x5f, 0xa6, 0x73, 0x8a, 0x9c, 0x65, 0x56, 0xaf, 0xb9, 0x40, 0x95, 0x6c, 0x7a, 0x83, 0xcd, 0x34, 0x22, 0xdb, 0xe, 0xf7, 0xe1, 0x18, 0x7d, 0x84, 0x92, 0x6b, 0xbe, 0x47, 0x51, 0xa8, 0xe6, 0x1f, 0x9, 0xf0, 0x25, 0xdc, 0xca, 0x33, 0xac, 0x55, 0x43, 0xba, 0x6f, 0x96, 0x80, 0x79, 0x37, 0xce, 0xd8, 0x21, 0xf4, 0xd, 0x1b, 0xe2, 0x87, 0x7e, 0x68, 0x91, 0x44, 0xbd, 0xab, 0x52, 0x1c, 0xe5, 0xf3, 0xa, 0xdf, 0x26, 0x30, 0xc9, 0xfa, 0x3, 0x15, 0xec, 0x39, 0xc0, 0xd6, 0x2f, 0x61, 0x98, 0x8e, 0x77, 0xa2, 0x5b, 0x4d, 0xb4, 0xd1, 0x28, 0x3e, 0xc7, 0x12, 0xeb, 0xfd, 0x4, 0x4a, 0xb3, 0xa5, 0x5c, 0x89, 0x70, 0x66, 0x9f, 0x45, 0xbc, 0xaa, 0x53, 0x86, 0x7f, 0x69, 0x90, 0xde, 0x27, 0x31, 0xc8, 0x1d, 0xe4, 0xf2, 0xb, 0x6e, 0x97, 0x81, 0x78, 0xad, 0x54, 0x42, 0xbb, 0xf5, 0xc, 0x1a, 0xe3, 0x36, 0xcf, 0xd9, 0x20, 0x13, 0xea, 0xfc, 0x5, 0xd0, 0x29, 0x3f, 0xc6, 0x88, 0x71, 0x67, 0x9e, 0x4b, 0xb2, 0xa4, 0x5d, 0x38, 0xc1, 0xd7, 0x2e, 0xfb, 0x2, 0x14, 0xed, 0xa3, 0x5a, 0x4c, 0xb5, 0x60, 0x99, 0x8f, 0x76, 0xe9, 0x10, 0x6, 0xff, 0x2a, 0xd3, 0xc5, 0x3c, 0x72, 0x8b, 0x9d, 0x64, 0xb1, 0x48, 0x5e, 0xa7, 0xc2, 0x3b, 0x2d, 0xd4, 0x1, 0xf8, 0xee, 0x17, 0x59, 0xa0, 0xb6, 0x4f, 0x9a, 0x63, 0x75, 0x8c, 0xbf, 0x46, 0x50, 0xa9, 0x7c, 0x85, 0x93, 0x6a, 0x24, 0xdd, 0xcb, 0x32, 0xe7, 0x1e, 0x8, 0xf1, 0x94, 0x6d, 0x7b, 0x82, 0x57, 0xae, 0xb8, 0x41, 0xf, 0xf6, 0xe0, 0x19, 0xcc, 0x35, 0x23, 0xda},
+ {0x0, 0xfa, 0xe9, 0x13, 0xcf, 0x35, 0x26, 0xdc, 0x83, 0x79, 0x6a, 0x90, 0x4c, 0xb6, 0xa5, 0x5f, 0x1b, 0xe1, 0xf2, 0x8, 0xd4, 0x2e, 0x3d, 0xc7, 0x98, 0x62, 0x71, 0x8b, 0x57, 0xad, 0xbe, 0x44, 0x36, 0xcc, 0xdf, 0x25, 0xf9, 0x3, 0x10, 0xea, 0xb5, 0x4f, 0x5c, 0xa6, 0x7a, 0x80, 0x93, 0x69, 0x2d, 0xd7, 0xc4, 0x3e, 0xe2, 0x18, 0xb, 0xf1, 0xae, 0x54, 0x47, 0xbd, 0x61, 0x9b, 0x88, 0x72, 0x6c, 0x96, 0x85, 0x7f, 0xa3, 0x59, 0x4a, 0xb0, 0xef, 0x15, 0x6, 0xfc, 0x20, 0xda, 0xc9, 0x33, 0x77, 0x8d, 0x9e, 0x64, 0xb8, 0x42, 0x51, 0xab, 0xf4, 0xe, 0x1d, 0xe7, 0x3b, 0xc1, 0xd2, 0x28, 0x5a, 0xa0, 0xb3, 0x49, 0x95, 0x6f, 0x7c, 0x86, 0xd9, 0x23, 0x30, 0xca, 0x16, 0xec, 0xff, 0x5, 0x41, 0xbb, 0xa8, 0x52, 0x8e, 0x74, 0x67, 0x9d, 0xc2, 0x38, 0x2b, 0xd1, 0xd, 0xf7, 0xe4, 0x1e, 0xd8, 0x22, 0x31, 0xcb, 0x17, 0xed, 0xfe, 0x4, 0x5b, 0xa1, 0xb2, 0x48, 0x94, 0x6e, 0x7d, 0x87, 0xc3, 0x39, 0x2a, 0xd0, 0xc, 0xf6, 0xe5, 0x1f, 0x40, 0xba, 0xa9, 0x53, 0x8f, 0x75, 0x66, 0x9c, 0xee, 0x14, 0x7, 0xfd, 0x21, 0xdb, 0xc8, 0x32, 0x6d, 0x97, 0x84, 0x7e, 0xa2, 0x58, 0x4b, 0xb1, 0xf5, 0xf, 0x1c, 0xe6, 0x3a, 0xc0, 0xd3, 0x29, 0x76, 0x8c, 0x9f, 0x65, 0xb9, 0x43, 0x50, 0xaa, 0xb4, 0x4e, 0x5d, 0xa7, 0x7b, 0x81, 0x92, 0x68, 0x37, 0xcd, 0xde, 0x24, 0xf8, 0x2, 0x11, 0xeb, 0xaf, 0x55, 0x46, 0xbc, 0x60, 0x9a, 0x89, 0x73, 0x2c, 0xd6, 0xc5, 0x3f, 0xe3, 0x19, 0xa, 0xf0, 0x82, 0x78, 0x6b, 0x91, 0x4d, 0xb7, 0xa4, 0x5e, 0x1, 0xfb, 0xe8, 0x12, 0xce, 0x34, 0x27, 0xdd, 0x99, 0x63, 0x70, 0x8a, 0x56, 0xac, 0xbf, 0x45, 0x1a, 0xe0, 0xf3, 0x9, 0xd5, 0x2f, 0x3c, 0xc6},
+ {0x0, 0xfb, 0xeb, 0x10, 0xcb, 0x30, 0x20, 0xdb, 0x8b, 0x70, 0x60, 0x9b, 0x40, 0xbb, 0xab, 0x50, 0xb, 0xf0, 0xe0, 0x1b, 0xc0, 0x3b, 0x2b, 0xd0, 0x80, 0x7b, 0x6b, 0x90, 0x4b, 0xb0, 0xa0, 0x5b, 0x16, 0xed, 0xfd, 0x6, 0xdd, 0x26, 0x36, 0xcd, 0x9d, 0x66, 0x76, 0x8d, 0x56, 0xad, 0xbd, 0x46, 0x1d, 0xe6, 0xf6, 0xd, 0xd6, 0x2d, 0x3d, 0xc6, 0x96, 0x6d, 0x7d, 0x86, 0x5d, 0xa6, 0xb6, 0x4d, 0x2c, 0xd7, 0xc7, 0x3c, 0xe7, 0x1c, 0xc, 0xf7, 0xa7, 0x5c, 0x4c, 0xb7, 0x6c, 0x97, 0x87, 0x7c, 0x27, 0xdc, 0xcc, 0x37, 0xec, 0x17, 0x7, 0xfc, 0xac, 0x57, 0x47, 0xbc, 0x67, 0x9c, 0x8c, 0x77, 0x3a, 0xc1, 0xd1, 0x2a, 0xf1, 0xa, 0x1a, 0xe1, 0xb1, 0x4a, 0x5a, 0xa1, 0x7a, 0x81, 0x91, 0x6a, 0x31, 0xca, 0xda, 0x21, 0xfa, 0x1, 0x11, 0xea, 0xba, 0x41, 0x51, 0xaa, 0x71, 0x8a, 0x9a, 0x61, 0x58, 0xa3, 0xb3, 0x48, 0x93, 0x68, 0x78, 0x83, 0xd3, 0x28, 0x38, 0xc3, 0x18, 0xe3, 0xf3, 0x8, 0x53, 0xa8, 0xb8, 0x43, 0x98, 0x63, 0x73, 0x88, 0xd8, 0x23, 0x33, 0xc8, 0x13, 0xe8, 0xf8, 0x3, 0x4e, 0xb5, 0xa5, 0x5e, 0x85, 0x7e, 0x6e, 0x95, 0xc5, 0x3e, 0x2e, 0xd5, 0xe, 0xf5, 0xe5, 0x1e, 0x45, 0xbe, 0xae, 0x55, 0x8e, 0x75, 0x65, 0x9e, 0xce, 0x35, 0x25, 0xde, 0x5, 0xfe, 0xee, 0x15, 0x74, 0x8f, 0x9f, 0x64, 0xbf, 0x44, 0x54, 0xaf, 0xff, 0x4, 0x14, 0xef, 0x34, 0xcf, 0xdf, 0x24, 0x7f, 0x84, 0x94, 0x6f, 0xb4, 0x4f, 0x5f, 0xa4, 0xf4, 0xf, 0x1f, 0xe4, 0x3f, 0xc4, 0xd4, 0x2f, 0x62, 0x99, 0x89, 0x72, 0xa9, 0x52, 0x42, 0xb9, 0xe9, 0x12, 0x2, 0xf9, 0x22, 0xd9, 0xc9, 0x32, 0x69, 0x92, 0x82, 0x79, 0xa2, 0x59, 0x49, 0xb2, 0xe2, 0x19, 0x9, 0xf2, 0x29, 0xd2, 0xc2, 0x39},
+ {0x0, 0xfc, 0xe5, 0x19, 0xd7, 0x2b, 0x32, 0xce, 0xb3, 0x4f, 0x56, 0xaa, 0x64, 0x98, 0x81, 0x7d, 0x7b, 0x87, 0x9e, 0x62, 0xac, 0x50, 0x49, 0xb5, 0xc8, 0x34, 0x2d, 0xd1, 0x1f, 0xe3, 0xfa, 0x6, 0xf6, 0xa, 0x13, 0xef, 0x21, 0xdd, 0xc4, 0x38, 0x45, 0xb9, 0xa0, 0x5c, 0x92, 0x6e, 0x77, 0x8b, 0x8d, 0x71, 0x68, 0x94, 0x5a, 0xa6, 0xbf, 0x43, 0x3e, 0xc2, 0xdb, 0x27, 0xe9, 0x15, 0xc, 0xf0, 0xf1, 0xd, 0x14, 0xe8, 0x26, 0xda, 0xc3, 0x3f, 0x42, 0xbe, 0xa7, 0x5b, 0x95, 0x69, 0x70, 0x8c, 0x8a, 0x76, 0x6f, 0x93, 0x5d, 0xa1, 0xb8, 0x44, 0x39, 0xc5, 0xdc, 0x20, 0xee, 0x12, 0xb, 0xf7, 0x7, 0xfb, 0xe2, 0x1e, 0xd0, 0x2c, 0x35, 0xc9, 0xb4, 0x48, 0x51, 0xad, 0x63, 0x9f, 0x86, 0x7a, 0x7c, 0x80, 0x99, 0x65, 0xab, 0x57, 0x4e, 0xb2, 0xcf, 0x33, 0x2a, 0xd6, 0x18, 0xe4, 0xfd, 0x1, 0xff, 0x3, 0x1a, 0xe6, 0x28, 0xd4, 0xcd, 0x31, 0x4c, 0xb0, 0xa9, 0x55, 0x9b, 0x67, 0x7e, 0x82, 0x84, 0x78, 0x61, 0x9d, 0x53, 0xaf, 0xb6, 0x4a, 0x37, 0xcb, 0xd2, 0x2e, 0xe0, 0x1c, 0x5, 0xf9, 0x9, 0xf5, 0xec, 0x10, 0xde, 0x22, 0x3b, 0xc7, 0xba, 0x46, 0x5f, 0xa3, 0x6d, 0x91, 0x88, 0x74, 0x72, 0x8e, 0x97, 0x6b, 0xa5, 0x59, 0x40, 0xbc, 0xc1, 0x3d, 0x24, 0xd8, 0x16, 0xea, 0xf3, 0xf, 0xe, 0xf2, 0xeb, 0x17, 0xd9, 0x25, 0x3c, 0xc0, 0xbd, 0x41, 0x58, 0xa4, 0x6a, 0x96, 0x8f, 0x73, 0x75, 0x89, 0x90, 0x6c, 0xa2, 0x5e, 0x47, 0xbb, 0xc6, 0x3a, 0x23, 0xdf, 0x11, 0xed, 0xf4, 0x8, 0xf8, 0x4, 0x1d, 0xe1, 0x2f, 0xd3, 0xca, 0x36, 0x4b, 0xb7, 0xae, 0x52, 0x9c, 0x60, 0x79, 0x85, 0x83, 0x7f, 0x66, 0x9a, 0x54, 0xa8, 0xb1, 0x4d, 0x30, 0xcc, 0xd5, 0x29, 0xe7, 0x1b, 0x2, 0xfe},
+ {0x0, 0xfd, 0xe7, 0x1a, 0xd3, 0x2e, 0x34, 0xc9, 0xbb, 0x46, 0x5c, 0xa1, 0x68, 0x95, 0x8f, 0x72, 0x6b, 0x96, 0x8c, 0x71, 0xb8, 0x45, 0x5f, 0xa2, 0xd0, 0x2d, 0x37, 0xca, 0x3, 0xfe, 0xe4, 0x19, 0xd6, 0x2b, 0x31, 0xcc, 0x5, 0xf8, 0xe2, 0x1f, 0x6d, 0x90, 0x8a, 0x77, 0xbe, 0x43, 0x59, 0xa4, 0xbd, 0x40, 0x5a, 0xa7, 0x6e, 0x93, 0x89, 0x74, 0x6, 0xfb, 0xe1, 0x1c, 0xd5, 0x28, 0x32, 0xcf, 0xb1, 0x4c, 0x56, 0xab, 0x62, 0x9f, 0x85, 0x78, 0xa, 0xf7, 0xed, 0x10, 0xd9, 0x24, 0x3e, 0xc3, 0xda, 0x27, 0x3d, 0xc0, 0x9, 0xf4, 0xee, 0x13, 0x61, 0x9c, 0x86, 0x7b, 0xb2, 0x4f, 0x55, 0xa8, 0x67, 0x9a, 0x80, 0x7d, 0xb4, 0x49, 0x53, 0xae, 0xdc, 0x21, 0x3b, 0xc6, 0xf, 0xf2, 0xe8, 0x15, 0xc, 0xf1, 0xeb, 0x16, 0xdf, 0x22, 0x38, 0xc5, 0xb7, 0x4a, 0x50, 0xad, 0x64, 0x99, 0x83, 0x7e, 0x7f, 0x82, 0x98, 0x65, 0xac, 0x51, 0x4b, 0xb6, 0xc4, 0x39, 0x23, 0xde, 0x17, 0xea, 0xf0, 0xd, 0x14, 0xe9, 0xf3, 0xe, 0xc7, 0x3a, 0x20, 0xdd, 0xaf, 0x52, 0x48, 0xb5, 0x7c, 0x81, 0x9b, 0x66, 0xa9, 0x54, 0x4e, 0xb3, 0x7a, 0x87, 0x9d, 0x60, 0x12, 0xef, 0xf5, 0x8, 0xc1, 0x3c, 0x26, 0xdb, 0xc2, 0x3f, 0x25, 0xd8, 0x11, 0xec, 0xf6, 0xb, 0x79, 0x84, 0x9e, 0x63, 0xaa, 0x57, 0x4d, 0xb0, 0xce, 0x33, 0x29, 0xd4, 0x1d, 0xe0, 0xfa, 0x7, 0x75, 0x88, 0x92, 0x6f, 0xa6, 0x5b, 0x41, 0xbc, 0xa5, 0x58, 0x42, 0xbf, 0x76, 0x8b, 0x91, 0x6c, 0x1e, 0xe3, 0xf9, 0x4, 0xcd, 0x30, 0x2a, 0xd7, 0x18, 0xe5, 0xff, 0x2, 0xcb, 0x36, 0x2c, 0xd1, 0xa3, 0x5e, 0x44, 0xb9, 0x70, 0x8d, 0x97, 0x6a, 0x73, 0x8e, 0x94, 0x69, 0xa0, 0x5d, 0x47, 0xba, 0xc8, 0x35, 0x2f, 0xd2, 0x1b, 0xe6, 0xfc, 0x1},
+ {0x0, 0xfe, 0xe1, 0x1f, 0xdf, 0x21, 0x3e, 0xc0, 0xa3, 0x5d, 0x42, 0xbc, 0x7c, 0x82, 0x9d, 0x63, 0x5b, 0xa5, 0xba, 0x44, 0x84, 0x7a, 0x65, 0x9b, 0xf8, 0x6, 0x19, 0xe7, 0x27, 0xd9, 0xc6, 0x38, 0xb6, 0x48, 0x57, 0xa9, 0x69, 0x97, 0x88, 0x76, 0x15, 0xeb, 0xf4, 0xa, 0xca, 0x34, 0x2b, 0xd5, 0xed, 0x13, 0xc, 0xf2, 0x32, 0xcc, 0xd3, 0x2d, 0x4e, 0xb0, 0xaf, 0x51, 0x91, 0x6f, 0x70, 0x8e, 0x71, 0x8f, 0x90, 0x6e, 0xae, 0x50, 0x4f, 0xb1, 0xd2, 0x2c, 0x33, 0xcd, 0xd, 0xf3, 0xec, 0x12, 0x2a, 0xd4, 0xcb, 0x35, 0xf5, 0xb, 0x14, 0xea, 0x89, 0x77, 0x68, 0x96, 0x56, 0xa8, 0xb7, 0x49, 0xc7, 0x39, 0x26, 0xd8, 0x18, 0xe6, 0xf9, 0x7, 0x64, 0x9a, 0x85, 0x7b, 0xbb, 0x45, 0x5a, 0xa4, 0x9c, 0x62, 0x7d, 0x83, 0x43, 0xbd, 0xa2, 0x5c, 0x3f, 0xc1, 0xde, 0x20, 0xe0, 0x1e, 0x1, 0xff, 0xe2, 0x1c, 0x3, 0xfd, 0x3d, 0xc3, 0xdc, 0x22, 0x41, 0xbf, 0xa0, 0x5e, 0x9e, 0x60, 0x7f, 0x81, 0xb9, 0x47, 0x58, 0xa6, 0x66, 0x98, 0x87, 0x79, 0x1a, 0xe4, 0xfb, 0x5, 0xc5, 0x3b, 0x24, 0xda, 0x54, 0xaa, 0xb5, 0x4b, 0x8b, 0x75, 0x6a, 0x94, 0xf7, 0x9, 0x16, 0xe8, 0x28, 0xd6, 0xc9, 0x37, 0xf, 0xf1, 0xee, 0x10, 0xd0, 0x2e, 0x31, 0xcf, 0xac, 0x52, 0x4d, 0xb3, 0x73, 0x8d, 0x92, 0x6c, 0x93, 0x6d, 0x72, 0x8c, 0x4c, 0xb2, 0xad, 0x53, 0x30, 0xce, 0xd1, 0x2f, 0xef, 0x11, 0xe, 0xf0, 0xc8, 0x36, 0x29, 0xd7, 0x17, 0xe9, 0xf6, 0x8, 0x6b, 0x95, 0x8a, 0x74, 0xb4, 0x4a, 0x55, 0xab, 0x25, 0xdb, 0xc4, 0x3a, 0xfa, 0x4, 0x1b, 0xe5, 0x86, 0x78, 0x67, 0x99, 0x59, 0xa7, 0xb8, 0x46, 0x7e, 0x80, 0x9f, 0x61, 0xa1, 0x5f, 0x40, 0xbe, 0xdd, 0x23, 0x3c, 0xc2, 0x2, 0xfc, 0xe3, 0x1d},
+ {0x0, 0xff, 0xe3, 0x1c, 0xdb, 0x24, 0x38, 0xc7, 0xab, 0x54, 0x48, 0xb7, 0x70, 0x8f, 0x93, 0x6c, 0x4b, 0xb4, 0xa8, 0x57, 0x90, 0x6f, 0x73, 0x8c, 0xe0, 0x1f, 0x3, 0xfc, 0x3b, 0xc4, 0xd8, 0x27, 0x96, 0x69, 0x75, 0x8a, 0x4d, 0xb2, 0xae, 0x51, 0x3d, 0xc2, 0xde, 0x21, 0xe6, 0x19, 0x5, 0xfa, 0xdd, 0x22, 0x3e, 0xc1, 0x6, 0xf9, 0xe5, 0x1a, 0x76, 0x89, 0x95, 0x6a, 0xad, 0x52, 0x4e, 0xb1, 0x31, 0xce, 0xd2, 0x2d, 0xea, 0x15, 0x9, 0xf6, 0x9a, 0x65, 0x79, 0x86, 0x41, 0xbe, 0xa2, 0x5d, 0x7a, 0x85, 0x99, 0x66, 0xa1, 0x5e, 0x42, 0xbd, 0xd1, 0x2e, 0x32, 0xcd, 0xa, 0xf5, 0xe9, 0x16, 0xa7, 0x58, 0x44, 0xbb, 0x7c, 0x83, 0x9f, 0x60, 0xc, 0xf3, 0xef, 0x10, 0xd7, 0x28, 0x34, 0xcb, 0xec, 0x13, 0xf, 0xf0, 0x37, 0xc8, 0xd4, 0x2b, 0x47, 0xb8, 0xa4, 0x5b, 0x9c, 0x63, 0x7f, 0x80, 0x62, 0x9d, 0x81, 0x7e, 0xb9, 0x46, 0x5a, 0xa5, 0xc9, 0x36, 0x2a, 0xd5, 0x12, 0xed, 0xf1, 0xe, 0x29, 0xd6, 0xca, 0x35, 0xf2, 0xd, 0x11, 0xee, 0x82, 0x7d, 0x61, 0x9e, 0x59, 0xa6, 0xba, 0x45, 0xf4, 0xb, 0x17, 0xe8, 0x2f, 0xd0, 0xcc, 0x33, 0x5f, 0xa0, 0xbc, 0x43, 0x84, 0x7b, 0x67, 0x98, 0xbf, 0x40, 0x5c, 0xa3, 0x64, 0x9b, 0x87, 0x78, 0x14, 0xeb, 0xf7, 0x8, 0xcf, 0x30, 0x2c, 0xd3, 0x53, 0xac, 0xb0, 0x4f, 0x88, 0x77, 0x6b, 0x94, 0xf8, 0x7, 0x1b, 0xe4, 0x23, 0xdc, 0xc0, 0x3f, 0x18, 0xe7, 0xfb, 0x4, 0xc3, 0x3c, 0x20, 0xdf, 0xb3, 0x4c, 0x50, 0xaf, 0x68, 0x97, 0x8b, 0x74, 0xc5, 0x3a, 0x26, 0xd9, 0x1e, 0xe1, 0xfd, 0x2, 0x6e, 0x91, 0x8d, 0x72, 0xb5, 0x4a, 0x56, 0xa9, 0x8e, 0x71, 0x6d, 0x92, 0x55, 0xaa, 0xb6, 0x49, 0x25, 0xda, 0xc6, 0x39, 0xfe, 0x1, 0x1d, 0xe2}}
+
+var mulTableLow = [256][16]uint8{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
+ {0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf},
+ {0x0, 0x2, 0x4, 0x6, 0x8, 0xa, 0xc, 0xe, 0x10, 0x12, 0x14, 0x16, 0x18, 0x1a, 0x1c, 0x1e},
+ {0x0, 0x3, 0x6, 0x5, 0xc, 0xf, 0xa, 0x9, 0x18, 0x1b, 0x1e, 0x1d, 0x14, 0x17, 0x12, 0x11},
+ {0x0, 0x4, 0x8, 0xc, 0x10, 0x14, 0x18, 0x1c, 0x20, 0x24, 0x28, 0x2c, 0x30, 0x34, 0x38, 0x3c},
+ {0x0, 0x5, 0xa, 0xf, 0x14, 0x11, 0x1e, 0x1b, 0x28, 0x2d, 0x22, 0x27, 0x3c, 0x39, 0x36, 0x33},
+ {0x0, 0x6, 0xc, 0xa, 0x18, 0x1e, 0x14, 0x12, 0x30, 0x36, 0x3c, 0x3a, 0x28, 0x2e, 0x24, 0x22},
+ {0x0, 0x7, 0xe, 0x9, 0x1c, 0x1b, 0x12, 0x15, 0x38, 0x3f, 0x36, 0x31, 0x24, 0x23, 0x2a, 0x2d},
+ {0x0, 0x8, 0x10, 0x18, 0x20, 0x28, 0x30, 0x38, 0x40, 0x48, 0x50, 0x58, 0x60, 0x68, 0x70, 0x78},
+ {0x0, 0x9, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53, 0x6c, 0x65, 0x7e, 0x77},
+ {0x0, 0xa, 0x14, 0x1e, 0x28, 0x22, 0x3c, 0x36, 0x50, 0x5a, 0x44, 0x4e, 0x78, 0x72, 0x6c, 0x66},
+ {0x0, 0xb, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45, 0x74, 0x7f, 0x62, 0x69},
+ {0x0, 0xc, 0x18, 0x14, 0x30, 0x3c, 0x28, 0x24, 0x60, 0x6c, 0x78, 0x74, 0x50, 0x5c, 0x48, 0x44},
+ {0x0, 0xd, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f, 0x5c, 0x51, 0x46, 0x4b},
+ {0x0, 0xe, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62, 0x48, 0x46, 0x54, 0x5a},
+ {0x0, 0xf, 0x1e, 0x11, 0x3c, 0x33, 0x22, 0x2d, 0x78, 0x77, 0x66, 0x69, 0x44, 0x4b, 0x5a, 0x55},
+ {0x0, 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80, 0x90, 0xa0, 0xb0, 0xc0, 0xd0, 0xe0, 0xf0},
+ {0x0, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x0, 0x12, 0x24, 0x36, 0x48, 0x5a, 0x6c, 0x7e, 0x90, 0x82, 0xb4, 0xa6, 0xd8, 0xca, 0xfc, 0xee},
+ {0x0, 0x13, 0x26, 0x35, 0x4c, 0x5f, 0x6a, 0x79, 0x98, 0x8b, 0xbe, 0xad, 0xd4, 0xc7, 0xf2, 0xe1},
+ {0x0, 0x14, 0x28, 0x3c, 0x50, 0x44, 0x78, 0x6c, 0xa0, 0xb4, 0x88, 0x9c, 0xf0, 0xe4, 0xd8, 0xcc},
+ {0x0, 0x15, 0x2a, 0x3f, 0x54, 0x41, 0x7e, 0x6b, 0xa8, 0xbd, 0x82, 0x97, 0xfc, 0xe9, 0xd6, 0xc3},
+ {0x0, 0x16, 0x2c, 0x3a, 0x58, 0x4e, 0x74, 0x62, 0xb0, 0xa6, 0x9c, 0x8a, 0xe8, 0xfe, 0xc4, 0xd2},
+ {0x0, 0x17, 0x2e, 0x39, 0x5c, 0x4b, 0x72, 0x65, 0xb8, 0xaf, 0x96, 0x81, 0xe4, 0xf3, 0xca, 0xdd},
+ {0x0, 0x18, 0x30, 0x28, 0x60, 0x78, 0x50, 0x48, 0xc0, 0xd8, 0xf0, 0xe8, 0xa0, 0xb8, 0x90, 0x88},
+ {0x0, 0x19, 0x32, 0x2b, 0x64, 0x7d, 0x56, 0x4f, 0xc8, 0xd1, 0xfa, 0xe3, 0xac, 0xb5, 0x9e, 0x87},
+ {0x0, 0x1a, 0x34, 0x2e, 0x68, 0x72, 0x5c, 0x46, 0xd0, 0xca, 0xe4, 0xfe, 0xb8, 0xa2, 0x8c, 0x96},
+ {0x0, 0x1b, 0x36, 0x2d, 0x6c, 0x77, 0x5a, 0x41, 0xd8, 0xc3, 0xee, 0xf5, 0xb4, 0xaf, 0x82, 0x99},
+ {0x0, 0x1c, 0x38, 0x24, 0x70, 0x6c, 0x48, 0x54, 0xe0, 0xfc, 0xd8, 0xc4, 0x90, 0x8c, 0xa8, 0xb4},
+ {0x0, 0x1d, 0x3a, 0x27, 0x74, 0x69, 0x4e, 0x53, 0xe8, 0xf5, 0xd2, 0xcf, 0x9c, 0x81, 0xa6, 0xbb},
+ {0x0, 0x1e, 0x3c, 0x22, 0x78, 0x66, 0x44, 0x5a, 0xf0, 0xee, 0xcc, 0xd2, 0x88, 0x96, 0xb4, 0xaa},
+ {0x0, 0x1f, 0x3e, 0x21, 0x7c, 0x63, 0x42, 0x5d, 0xf8, 0xe7, 0xc6, 0xd9, 0x84, 0x9b, 0xba, 0xa5},
+ {0x0, 0x20, 0x40, 0x60, 0x80, 0xa0, 0xc0, 0xe0, 0x1d, 0x3d, 0x5d, 0x7d, 0x9d, 0xbd, 0xdd, 0xfd},
+ {0x0, 0x21, 0x42, 0x63, 0x84, 0xa5, 0xc6, 0xe7, 0x15, 0x34, 0x57, 0x76, 0x91, 0xb0, 0xd3, 0xf2},
+ {0x0, 0x22, 0x44, 0x66, 0x88, 0xaa, 0xcc, 0xee, 0xd, 0x2f, 0x49, 0x6b, 0x85, 0xa7, 0xc1, 0xe3},
+ {0x0, 0x23, 0x46, 0x65, 0x8c, 0xaf, 0xca, 0xe9, 0x5, 0x26, 0x43, 0x60, 0x89, 0xaa, 0xcf, 0xec},
+ {0x0, 0x24, 0x48, 0x6c, 0x90, 0xb4, 0xd8, 0xfc, 0x3d, 0x19, 0x75, 0x51, 0xad, 0x89, 0xe5, 0xc1},
+ {0x0, 0x25, 0x4a, 0x6f, 0x94, 0xb1, 0xde, 0xfb, 0x35, 0x10, 0x7f, 0x5a, 0xa1, 0x84, 0xeb, 0xce},
+ {0x0, 0x26, 0x4c, 0x6a, 0x98, 0xbe, 0xd4, 0xf2, 0x2d, 0xb, 0x61, 0x47, 0xb5, 0x93, 0xf9, 0xdf},
+ {0x0, 0x27, 0x4e, 0x69, 0x9c, 0xbb, 0xd2, 0xf5, 0x25, 0x2, 0x6b, 0x4c, 0xb9, 0x9e, 0xf7, 0xd0},
+ {0x0, 0x28, 0x50, 0x78, 0xa0, 0x88, 0xf0, 0xd8, 0x5d, 0x75, 0xd, 0x25, 0xfd, 0xd5, 0xad, 0x85},
+ {0x0, 0x29, 0x52, 0x7b, 0xa4, 0x8d, 0xf6, 0xdf, 0x55, 0x7c, 0x7, 0x2e, 0xf1, 0xd8, 0xa3, 0x8a},
+ {0x0, 0x2a, 0x54, 0x7e, 0xa8, 0x82, 0xfc, 0xd6, 0x4d, 0x67, 0x19, 0x33, 0xe5, 0xcf, 0xb1, 0x9b},
+ {0x0, 0x2b, 0x56, 0x7d, 0xac, 0x87, 0xfa, 0xd1, 0x45, 0x6e, 0x13, 0x38, 0xe9, 0xc2, 0xbf, 0x94},
+ {0x0, 0x2c, 0x58, 0x74, 0xb0, 0x9c, 0xe8, 0xc4, 0x7d, 0x51, 0x25, 0x9, 0xcd, 0xe1, 0x95, 0xb9},
+ {0x0, 0x2d, 0x5a, 0x77, 0xb4, 0x99, 0xee, 0xc3, 0x75, 0x58, 0x2f, 0x2, 0xc1, 0xec, 0x9b, 0xb6},
+ {0x0, 0x2e, 0x5c, 0x72, 0xb8, 0x96, 0xe4, 0xca, 0x6d, 0x43, 0x31, 0x1f, 0xd5, 0xfb, 0x89, 0xa7},
+ {0x0, 0x2f, 0x5e, 0x71, 0xbc, 0x93, 0xe2, 0xcd, 0x65, 0x4a, 0x3b, 0x14, 0xd9, 0xf6, 0x87, 0xa8},
+ {0x0, 0x30, 0x60, 0x50, 0xc0, 0xf0, 0xa0, 0x90, 0x9d, 0xad, 0xfd, 0xcd, 0x5d, 0x6d, 0x3d, 0xd},
+ {0x0, 0x31, 0x62, 0x53, 0xc4, 0xf5, 0xa6, 0x97, 0x95, 0xa4, 0xf7, 0xc6, 0x51, 0x60, 0x33, 0x2},
+ {0x0, 0x32, 0x64, 0x56, 0xc8, 0xfa, 0xac, 0x9e, 0x8d, 0xbf, 0xe9, 0xdb, 0x45, 0x77, 0x21, 0x13},
+ {0x0, 0x33, 0x66, 0x55, 0xcc, 0xff, 0xaa, 0x99, 0x85, 0xb6, 0xe3, 0xd0, 0x49, 0x7a, 0x2f, 0x1c},
+ {0x0, 0x34, 0x68, 0x5c, 0xd0, 0xe4, 0xb8, 0x8c, 0xbd, 0x89, 0xd5, 0xe1, 0x6d, 0x59, 0x5, 0x31},
+ {0x0, 0x35, 0x6a, 0x5f, 0xd4, 0xe1, 0xbe, 0x8b, 0xb5, 0x80, 0xdf, 0xea, 0x61, 0x54, 0xb, 0x3e},
+ {0x0, 0x36, 0x6c, 0x5a, 0xd8, 0xee, 0xb4, 0x82, 0xad, 0x9b, 0xc1, 0xf7, 0x75, 0x43, 0x19, 0x2f},
+ {0x0, 0x37, 0x6e, 0x59, 0xdc, 0xeb, 0xb2, 0x85, 0xa5, 0x92, 0xcb, 0xfc, 0x79, 0x4e, 0x17, 0x20},
+ {0x0, 0x38, 0x70, 0x48, 0xe0, 0xd8, 0x90, 0xa8, 0xdd, 0xe5, 0xad, 0x95, 0x3d, 0x5, 0x4d, 0x75},
+ {0x0, 0x39, 0x72, 0x4b, 0xe4, 0xdd, 0x96, 0xaf, 0xd5, 0xec, 0xa7, 0x9e, 0x31, 0x8, 0x43, 0x7a},
+ {0x0, 0x3a, 0x74, 0x4e, 0xe8, 0xd2, 0x9c, 0xa6, 0xcd, 0xf7, 0xb9, 0x83, 0x25, 0x1f, 0x51, 0x6b},
+ {0x0, 0x3b, 0x76, 0x4d, 0xec, 0xd7, 0x9a, 0xa1, 0xc5, 0xfe, 0xb3, 0x88, 0x29, 0x12, 0x5f, 0x64},
+ {0x0, 0x3c, 0x78, 0x44, 0xf0, 0xcc, 0x88, 0xb4, 0xfd, 0xc1, 0x85, 0xb9, 0xd, 0x31, 0x75, 0x49},
+ {0x0, 0x3d, 0x7a, 0x47, 0xf4, 0xc9, 0x8e, 0xb3, 0xf5, 0xc8, 0x8f, 0xb2, 0x1, 0x3c, 0x7b, 0x46},
+ {0x0, 0x3e, 0x7c, 0x42, 0xf8, 0xc6, 0x84, 0xba, 0xed, 0xd3, 0x91, 0xaf, 0x15, 0x2b, 0x69, 0x57},
+ {0x0, 0x3f, 0x7e, 0x41, 0xfc, 0xc3, 0x82, 0xbd, 0xe5, 0xda, 0x9b, 0xa4, 0x19, 0x26, 0x67, 0x58},
+ {0x0, 0x40, 0x80, 0xc0, 0x1d, 0x5d, 0x9d, 0xdd, 0x3a, 0x7a, 0xba, 0xfa, 0x27, 0x67, 0xa7, 0xe7},
+ {0x0, 0x41, 0x82, 0xc3, 0x19, 0x58, 0x9b, 0xda, 0x32, 0x73, 0xb0, 0xf1, 0x2b, 0x6a, 0xa9, 0xe8},
+ {0x0, 0x42, 0x84, 0xc6, 0x15, 0x57, 0x91, 0xd3, 0x2a, 0x68, 0xae, 0xec, 0x3f, 0x7d, 0xbb, 0xf9},
+ {0x0, 0x43, 0x86, 0xc5, 0x11, 0x52, 0x97, 0xd4, 0x22, 0x61, 0xa4, 0xe7, 0x33, 0x70, 0xb5, 0xf6},
+ {0x0, 0x44, 0x88, 0xcc, 0xd, 0x49, 0x85, 0xc1, 0x1a, 0x5e, 0x92, 0xd6, 0x17, 0x53, 0x9f, 0xdb},
+ {0x0, 0x45, 0x8a, 0xcf, 0x9, 0x4c, 0x83, 0xc6, 0x12, 0x57, 0x98, 0xdd, 0x1b, 0x5e, 0x91, 0xd4},
+ {0x0, 0x46, 0x8c, 0xca, 0x5, 0x43, 0x89, 0xcf, 0xa, 0x4c, 0x86, 0xc0, 0xf, 0x49, 0x83, 0xc5},
+ {0x0, 0x47, 0x8e, 0xc9, 0x1, 0x46, 0x8f, 0xc8, 0x2, 0x45, 0x8c, 0xcb, 0x3, 0x44, 0x8d, 0xca},
+ {0x0, 0x48, 0x90, 0xd8, 0x3d, 0x75, 0xad, 0xe5, 0x7a, 0x32, 0xea, 0xa2, 0x47, 0xf, 0xd7, 0x9f},
+ {0x0, 0x49, 0x92, 0xdb, 0x39, 0x70, 0xab, 0xe2, 0x72, 0x3b, 0xe0, 0xa9, 0x4b, 0x2, 0xd9, 0x90},
+ {0x0, 0x4a, 0x94, 0xde, 0x35, 0x7f, 0xa1, 0xeb, 0x6a, 0x20, 0xfe, 0xb4, 0x5f, 0x15, 0xcb, 0x81},
+ {0x0, 0x4b, 0x96, 0xdd, 0x31, 0x7a, 0xa7, 0xec, 0x62, 0x29, 0xf4, 0xbf, 0x53, 0x18, 0xc5, 0x8e},
+ {0x0, 0x4c, 0x98, 0xd4, 0x2d, 0x61, 0xb5, 0xf9, 0x5a, 0x16, 0xc2, 0x8e, 0x77, 0x3b, 0xef, 0xa3},
+ {0x0, 0x4d, 0x9a, 0xd7, 0x29, 0x64, 0xb3, 0xfe, 0x52, 0x1f, 0xc8, 0x85, 0x7b, 0x36, 0xe1, 0xac},
+ {0x0, 0x4e, 0x9c, 0xd2, 0x25, 0x6b, 0xb9, 0xf7, 0x4a, 0x4, 0xd6, 0x98, 0x6f, 0x21, 0xf3, 0xbd},
+ {0x0, 0x4f, 0x9e, 0xd1, 0x21, 0x6e, 0xbf, 0xf0, 0x42, 0xd, 0xdc, 0x93, 0x63, 0x2c, 0xfd, 0xb2},
+ {0x0, 0x50, 0xa0, 0xf0, 0x5d, 0xd, 0xfd, 0xad, 0xba, 0xea, 0x1a, 0x4a, 0xe7, 0xb7, 0x47, 0x17},
+ {0x0, 0x51, 0xa2, 0xf3, 0x59, 0x8, 0xfb, 0xaa, 0xb2, 0xe3, 0x10, 0x41, 0xeb, 0xba, 0x49, 0x18},
+ {0x0, 0x52, 0xa4, 0xf6, 0x55, 0x7, 0xf1, 0xa3, 0xaa, 0xf8, 0xe, 0x5c, 0xff, 0xad, 0x5b, 0x9},
+ {0x0, 0x53, 0xa6, 0xf5, 0x51, 0x2, 0xf7, 0xa4, 0xa2, 0xf1, 0x4, 0x57, 0xf3, 0xa0, 0x55, 0x6},
+ {0x0, 0x54, 0xa8, 0xfc, 0x4d, 0x19, 0xe5, 0xb1, 0x9a, 0xce, 0x32, 0x66, 0xd7, 0x83, 0x7f, 0x2b},
+ {0x0, 0x55, 0xaa, 0xff, 0x49, 0x1c, 0xe3, 0xb6, 0x92, 0xc7, 0x38, 0x6d, 0xdb, 0x8e, 0x71, 0x24},
+ {0x0, 0x56, 0xac, 0xfa, 0x45, 0x13, 0xe9, 0xbf, 0x8a, 0xdc, 0x26, 0x70, 0xcf, 0x99, 0x63, 0x35},
+ {0x0, 0x57, 0xae, 0xf9, 0x41, 0x16, 0xef, 0xb8, 0x82, 0xd5, 0x2c, 0x7b, 0xc3, 0x94, 0x6d, 0x3a},
+ {0x0, 0x58, 0xb0, 0xe8, 0x7d, 0x25, 0xcd, 0x95, 0xfa, 0xa2, 0x4a, 0x12, 0x87, 0xdf, 0x37, 0x6f},
+ {0x0, 0x59, 0xb2, 0xeb, 0x79, 0x20, 0xcb, 0x92, 0xf2, 0xab, 0x40, 0x19, 0x8b, 0xd2, 0x39, 0x60},
+ {0x0, 0x5a, 0xb4, 0xee, 0x75, 0x2f, 0xc1, 0x9b, 0xea, 0xb0, 0x5e, 0x4, 0x9f, 0xc5, 0x2b, 0x71},
+ {0x0, 0x5b, 0xb6, 0xed, 0x71, 0x2a, 0xc7, 0x9c, 0xe2, 0xb9, 0x54, 0xf, 0x93, 0xc8, 0x25, 0x7e},
+ {0x0, 0x5c, 0xb8, 0xe4, 0x6d, 0x31, 0xd5, 0x89, 0xda, 0x86, 0x62, 0x3e, 0xb7, 0xeb, 0xf, 0x53},
+ {0x0, 0x5d, 0xba, 0xe7, 0x69, 0x34, 0xd3, 0x8e, 0xd2, 0x8f, 0x68, 0x35, 0xbb, 0xe6, 0x1, 0x5c},
+ {0x0, 0x5e, 0xbc, 0xe2, 0x65, 0x3b, 0xd9, 0x87, 0xca, 0x94, 0x76, 0x28, 0xaf, 0xf1, 0x13, 0x4d},
+ {0x0, 0x5f, 0xbe, 0xe1, 0x61, 0x3e, 0xdf, 0x80, 0xc2, 0x9d, 0x7c, 0x23, 0xa3, 0xfc, 0x1d, 0x42},
+ {0x0, 0x60, 0xc0, 0xa0, 0x9d, 0xfd, 0x5d, 0x3d, 0x27, 0x47, 0xe7, 0x87, 0xba, 0xda, 0x7a, 0x1a},
+ {0x0, 0x61, 0xc2, 0xa3, 0x99, 0xf8, 0x5b, 0x3a, 0x2f, 0x4e, 0xed, 0x8c, 0xb6, 0xd7, 0x74, 0x15},
+ {0x0, 0x62, 0xc4, 0xa6, 0x95, 0xf7, 0x51, 0x33, 0x37, 0x55, 0xf3, 0x91, 0xa2, 0xc0, 0x66, 0x4},
+ {0x0, 0x63, 0xc6, 0xa5, 0x91, 0xf2, 0x57, 0x34, 0x3f, 0x5c, 0xf9, 0x9a, 0xae, 0xcd, 0x68, 0xb},
+ {0x0, 0x64, 0xc8, 0xac, 0x8d, 0xe9, 0x45, 0x21, 0x7, 0x63, 0xcf, 0xab, 0x8a, 0xee, 0x42, 0x26},
+ {0x0, 0x65, 0xca, 0xaf, 0x89, 0xec, 0x43, 0x26, 0xf, 0x6a, 0xc5, 0xa0, 0x86, 0xe3, 0x4c, 0x29},
+ {0x0, 0x66, 0xcc, 0xaa, 0x85, 0xe3, 0x49, 0x2f, 0x17, 0x71, 0xdb, 0xbd, 0x92, 0xf4, 0x5e, 0x38},
+ {0x0, 0x67, 0xce, 0xa9, 0x81, 0xe6, 0x4f, 0x28, 0x1f, 0x78, 0xd1, 0xb6, 0x9e, 0xf9, 0x50, 0x37},
+ {0x0, 0x68, 0xd0, 0xb8, 0xbd, 0xd5, 0x6d, 0x5, 0x67, 0xf, 0xb7, 0xdf, 0xda, 0xb2, 0xa, 0x62},
+ {0x0, 0x69, 0xd2, 0xbb, 0xb9, 0xd0, 0x6b, 0x2, 0x6f, 0x6, 0xbd, 0xd4, 0xd6, 0xbf, 0x4, 0x6d},
+ {0x0, 0x6a, 0xd4, 0xbe, 0xb5, 0xdf, 0x61, 0xb, 0x77, 0x1d, 0xa3, 0xc9, 0xc2, 0xa8, 0x16, 0x7c},
+ {0x0, 0x6b, 0xd6, 0xbd, 0xb1, 0xda, 0x67, 0xc, 0x7f, 0x14, 0xa9, 0xc2, 0xce, 0xa5, 0x18, 0x73},
+ {0x0, 0x6c, 0xd8, 0xb4, 0xad, 0xc1, 0x75, 0x19, 0x47, 0x2b, 0x9f, 0xf3, 0xea, 0x86, 0x32, 0x5e},
+ {0x0, 0x6d, 0xda, 0xb7, 0xa9, 0xc4, 0x73, 0x1e, 0x4f, 0x22, 0x95, 0xf8, 0xe6, 0x8b, 0x3c, 0x51},
+ {0x0, 0x6e, 0xdc, 0xb2, 0xa5, 0xcb, 0x79, 0x17, 0x57, 0x39, 0x8b, 0xe5, 0xf2, 0x9c, 0x2e, 0x40},
+ {0x0, 0x6f, 0xde, 0xb1, 0xa1, 0xce, 0x7f, 0x10, 0x5f, 0x30, 0x81, 0xee, 0xfe, 0x91, 0x20, 0x4f},
+ {0x0, 0x70, 0xe0, 0x90, 0xdd, 0xad, 0x3d, 0x4d, 0xa7, 0xd7, 0x47, 0x37, 0x7a, 0xa, 0x9a, 0xea},
+ {0x0, 0x71, 0xe2, 0x93, 0xd9, 0xa8, 0x3b, 0x4a, 0xaf, 0xde, 0x4d, 0x3c, 0x76, 0x7, 0x94, 0xe5},
+ {0x0, 0x72, 0xe4, 0x96, 0xd5, 0xa7, 0x31, 0x43, 0xb7, 0xc5, 0x53, 0x21, 0x62, 0x10, 0x86, 0xf4},
+ {0x0, 0x73, 0xe6, 0x95, 0xd1, 0xa2, 0x37, 0x44, 0xbf, 0xcc, 0x59, 0x2a, 0x6e, 0x1d, 0x88, 0xfb},
+ {0x0, 0x74, 0xe8, 0x9c, 0xcd, 0xb9, 0x25, 0x51, 0x87, 0xf3, 0x6f, 0x1b, 0x4a, 0x3e, 0xa2, 0xd6},
+ {0x0, 0x75, 0xea, 0x9f, 0xc9, 0xbc, 0x23, 0x56, 0x8f, 0xfa, 0x65, 0x10, 0x46, 0x33, 0xac, 0xd9},
+ {0x0, 0x76, 0xec, 0x9a, 0xc5, 0xb3, 0x29, 0x5f, 0x97, 0xe1, 0x7b, 0xd, 0x52, 0x24, 0xbe, 0xc8},
+ {0x0, 0x77, 0xee, 0x99, 0xc1, 0xb6, 0x2f, 0x58, 0x9f, 0xe8, 0x71, 0x6, 0x5e, 0x29, 0xb0, 0xc7},
+ {0x0, 0x78, 0xf0, 0x88, 0xfd, 0x85, 0xd, 0x75, 0xe7, 0x9f, 0x17, 0x6f, 0x1a, 0x62, 0xea, 0x92},
+ {0x0, 0x79, 0xf2, 0x8b, 0xf9, 0x80, 0xb, 0x72, 0xef, 0x96, 0x1d, 0x64, 0x16, 0x6f, 0xe4, 0x9d},
+ {0x0, 0x7a, 0xf4, 0x8e, 0xf5, 0x8f, 0x1, 0x7b, 0xf7, 0x8d, 0x3, 0x79, 0x2, 0x78, 0xf6, 0x8c},
+ {0x0, 0x7b, 0xf6, 0x8d, 0xf1, 0x8a, 0x7, 0x7c, 0xff, 0x84, 0x9, 0x72, 0xe, 0x75, 0xf8, 0x83},
+ {0x0, 0x7c, 0xf8, 0x84, 0xed, 0x91, 0x15, 0x69, 0xc7, 0xbb, 0x3f, 0x43, 0x2a, 0x56, 0xd2, 0xae},
+ {0x0, 0x7d, 0xfa, 0x87, 0xe9, 0x94, 0x13, 0x6e, 0xcf, 0xb2, 0x35, 0x48, 0x26, 0x5b, 0xdc, 0xa1},
+ {0x0, 0x7e, 0xfc, 0x82, 0xe5, 0x9b, 0x19, 0x67, 0xd7, 0xa9, 0x2b, 0x55, 0x32, 0x4c, 0xce, 0xb0},
+ {0x0, 0x7f, 0xfe, 0x81, 0xe1, 0x9e, 0x1f, 0x60, 0xdf, 0xa0, 0x21, 0x5e, 0x3e, 0x41, 0xc0, 0xbf},
+ {0x0, 0x80, 0x1d, 0x9d, 0x3a, 0xba, 0x27, 0xa7, 0x74, 0xf4, 0x69, 0xe9, 0x4e, 0xce, 0x53, 0xd3},
+ {0x0, 0x81, 0x1f, 0x9e, 0x3e, 0xbf, 0x21, 0xa0, 0x7c, 0xfd, 0x63, 0xe2, 0x42, 0xc3, 0x5d, 0xdc},
+ {0x0, 0x82, 0x19, 0x9b, 0x32, 0xb0, 0x2b, 0xa9, 0x64, 0xe6, 0x7d, 0xff, 0x56, 0xd4, 0x4f, 0xcd},
+ {0x0, 0x83, 0x1b, 0x98, 0x36, 0xb5, 0x2d, 0xae, 0x6c, 0xef, 0x77, 0xf4, 0x5a, 0xd9, 0x41, 0xc2},
+ {0x0, 0x84, 0x15, 0x91, 0x2a, 0xae, 0x3f, 0xbb, 0x54, 0xd0, 0x41, 0xc5, 0x7e, 0xfa, 0x6b, 0xef},
+ {0x0, 0x85, 0x17, 0x92, 0x2e, 0xab, 0x39, 0xbc, 0x5c, 0xd9, 0x4b, 0xce, 0x72, 0xf7, 0x65, 0xe0},
+ {0x0, 0x86, 0x11, 0x97, 0x22, 0xa4, 0x33, 0xb5, 0x44, 0xc2, 0x55, 0xd3, 0x66, 0xe0, 0x77, 0xf1},
+ {0x0, 0x87, 0x13, 0x94, 0x26, 0xa1, 0x35, 0xb2, 0x4c, 0xcb, 0x5f, 0xd8, 0x6a, 0xed, 0x79, 0xfe},
+ {0x0, 0x88, 0xd, 0x85, 0x1a, 0x92, 0x17, 0x9f, 0x34, 0xbc, 0x39, 0xb1, 0x2e, 0xa6, 0x23, 0xab},
+ {0x0, 0x89, 0xf, 0x86, 0x1e, 0x97, 0x11, 0x98, 0x3c, 0xb5, 0x33, 0xba, 0x22, 0xab, 0x2d, 0xa4},
+ {0x0, 0x8a, 0x9, 0x83, 0x12, 0x98, 0x1b, 0x91, 0x24, 0xae, 0x2d, 0xa7, 0x36, 0xbc, 0x3f, 0xb5},
+ {0x0, 0x8b, 0xb, 0x80, 0x16, 0x9d, 0x1d, 0x96, 0x2c, 0xa7, 0x27, 0xac, 0x3a, 0xb1, 0x31, 0xba},
+ {0x0, 0x8c, 0x5, 0x89, 0xa, 0x86, 0xf, 0x83, 0x14, 0x98, 0x11, 0x9d, 0x1e, 0x92, 0x1b, 0x97},
+ {0x0, 0x8d, 0x7, 0x8a, 0xe, 0x83, 0x9, 0x84, 0x1c, 0x91, 0x1b, 0x96, 0x12, 0x9f, 0x15, 0x98},
+ {0x0, 0x8e, 0x1, 0x8f, 0x2, 0x8c, 0x3, 0x8d, 0x4, 0x8a, 0x5, 0x8b, 0x6, 0x88, 0x7, 0x89},
+ {0x0, 0x8f, 0x3, 0x8c, 0x6, 0x89, 0x5, 0x8a, 0xc, 0x83, 0xf, 0x80, 0xa, 0x85, 0x9, 0x86},
+ {0x0, 0x90, 0x3d, 0xad, 0x7a, 0xea, 0x47, 0xd7, 0xf4, 0x64, 0xc9, 0x59, 0x8e, 0x1e, 0xb3, 0x23},
+ {0x0, 0x91, 0x3f, 0xae, 0x7e, 0xef, 0x41, 0xd0, 0xfc, 0x6d, 0xc3, 0x52, 0x82, 0x13, 0xbd, 0x2c},
+ {0x0, 0x92, 0x39, 0xab, 0x72, 0xe0, 0x4b, 0xd9, 0xe4, 0x76, 0xdd, 0x4f, 0x96, 0x4, 0xaf, 0x3d},
+ {0x0, 0x93, 0x3b, 0xa8, 0x76, 0xe5, 0x4d, 0xde, 0xec, 0x7f, 0xd7, 0x44, 0x9a, 0x9, 0xa1, 0x32},
+ {0x0, 0x94, 0x35, 0xa1, 0x6a, 0xfe, 0x5f, 0xcb, 0xd4, 0x40, 0xe1, 0x75, 0xbe, 0x2a, 0x8b, 0x1f},
+ {0x0, 0x95, 0x37, 0xa2, 0x6e, 0xfb, 0x59, 0xcc, 0xdc, 0x49, 0xeb, 0x7e, 0xb2, 0x27, 0x85, 0x10},
+ {0x0, 0x96, 0x31, 0xa7, 0x62, 0xf4, 0x53, 0xc5, 0xc4, 0x52, 0xf5, 0x63, 0xa6, 0x30, 0x97, 0x1},
+ {0x0, 0x97, 0x33, 0xa4, 0x66, 0xf1, 0x55, 0xc2, 0xcc, 0x5b, 0xff, 0x68, 0xaa, 0x3d, 0x99, 0xe},
+ {0x0, 0x98, 0x2d, 0xb5, 0x5a, 0xc2, 0x77, 0xef, 0xb4, 0x2c, 0x99, 0x1, 0xee, 0x76, 0xc3, 0x5b},
+ {0x0, 0x99, 0x2f, 0xb6, 0x5e, 0xc7, 0x71, 0xe8, 0xbc, 0x25, 0x93, 0xa, 0xe2, 0x7b, 0xcd, 0x54},
+ {0x0, 0x9a, 0x29, 0xb3, 0x52, 0xc8, 0x7b, 0xe1, 0xa4, 0x3e, 0x8d, 0x17, 0xf6, 0x6c, 0xdf, 0x45},
+ {0x0, 0x9b, 0x2b, 0xb0, 0x56, 0xcd, 0x7d, 0xe6, 0xac, 0x37, 0x87, 0x1c, 0xfa, 0x61, 0xd1, 0x4a},
+ {0x0, 0x9c, 0x25, 0xb9, 0x4a, 0xd6, 0x6f, 0xf3, 0x94, 0x8, 0xb1, 0x2d, 0xde, 0x42, 0xfb, 0x67},
+ {0x0, 0x9d, 0x27, 0xba, 0x4e, 0xd3, 0x69, 0xf4, 0x9c, 0x1, 0xbb, 0x26, 0xd2, 0x4f, 0xf5, 0x68},
+ {0x0, 0x9e, 0x21, 0xbf, 0x42, 0xdc, 0x63, 0xfd, 0x84, 0x1a, 0xa5, 0x3b, 0xc6, 0x58, 0xe7, 0x79},
+ {0x0, 0x9f, 0x23, 0xbc, 0x46, 0xd9, 0x65, 0xfa, 0x8c, 0x13, 0xaf, 0x30, 0xca, 0x55, 0xe9, 0x76},
+ {0x0, 0xa0, 0x5d, 0xfd, 0xba, 0x1a, 0xe7, 0x47, 0x69, 0xc9, 0x34, 0x94, 0xd3, 0x73, 0x8e, 0x2e},
+ {0x0, 0xa1, 0x5f, 0xfe, 0xbe, 0x1f, 0xe1, 0x40, 0x61, 0xc0, 0x3e, 0x9f, 0xdf, 0x7e, 0x80, 0x21},
+ {0x0, 0xa2, 0x59, 0xfb, 0xb2, 0x10, 0xeb, 0x49, 0x79, 0xdb, 0x20, 0x82, 0xcb, 0x69, 0x92, 0x30},
+ {0x0, 0xa3, 0x5b, 0xf8, 0xb6, 0x15, 0xed, 0x4e, 0x71, 0xd2, 0x2a, 0x89, 0xc7, 0x64, 0x9c, 0x3f},
+ {0x0, 0xa4, 0x55, 0xf1, 0xaa, 0xe, 0xff, 0x5b, 0x49, 0xed, 0x1c, 0xb8, 0xe3, 0x47, 0xb6, 0x12},
+ {0x0, 0xa5, 0x57, 0xf2, 0xae, 0xb, 0xf9, 0x5c, 0x41, 0xe4, 0x16, 0xb3, 0xef, 0x4a, 0xb8, 0x1d},
+ {0x0, 0xa6, 0x51, 0xf7, 0xa2, 0x4, 0xf3, 0x55, 0x59, 0xff, 0x8, 0xae, 0xfb, 0x5d, 0xaa, 0xc},
+ {0x0, 0xa7, 0x53, 0xf4, 0xa6, 0x1, 0xf5, 0x52, 0x51, 0xf6, 0x2, 0xa5, 0xf7, 0x50, 0xa4, 0x3},
+ {0x0, 0xa8, 0x4d, 0xe5, 0x9a, 0x32, 0xd7, 0x7f, 0x29, 0x81, 0x64, 0xcc, 0xb3, 0x1b, 0xfe, 0x56},
+ {0x0, 0xa9, 0x4f, 0xe6, 0x9e, 0x37, 0xd1, 0x78, 0x21, 0x88, 0x6e, 0xc7, 0xbf, 0x16, 0xf0, 0x59},
+ {0x0, 0xaa, 0x49, 0xe3, 0x92, 0x38, 0xdb, 0x71, 0x39, 0x93, 0x70, 0xda, 0xab, 0x1, 0xe2, 0x48},
+ {0x0, 0xab, 0x4b, 0xe0, 0x96, 0x3d, 0xdd, 0x76, 0x31, 0x9a, 0x7a, 0xd1, 0xa7, 0xc, 0xec, 0x47},
+ {0x0, 0xac, 0x45, 0xe9, 0x8a, 0x26, 0xcf, 0x63, 0x9, 0xa5, 0x4c, 0xe0, 0x83, 0x2f, 0xc6, 0x6a},
+ {0x0, 0xad, 0x47, 0xea, 0x8e, 0x23, 0xc9, 0x64, 0x1, 0xac, 0x46, 0xeb, 0x8f, 0x22, 0xc8, 0x65},
+ {0x0, 0xae, 0x41, 0xef, 0x82, 0x2c, 0xc3, 0x6d, 0x19, 0xb7, 0x58, 0xf6, 0x9b, 0x35, 0xda, 0x74},
+ {0x0, 0xaf, 0x43, 0xec, 0x86, 0x29, 0xc5, 0x6a, 0x11, 0xbe, 0x52, 0xfd, 0x97, 0x38, 0xd4, 0x7b},
+ {0x0, 0xb0, 0x7d, 0xcd, 0xfa, 0x4a, 0x87, 0x37, 0xe9, 0x59, 0x94, 0x24, 0x13, 0xa3, 0x6e, 0xde},
+ {0x0, 0xb1, 0x7f, 0xce, 0xfe, 0x4f, 0x81, 0x30, 0xe1, 0x50, 0x9e, 0x2f, 0x1f, 0xae, 0x60, 0xd1},
+ {0x0, 0xb2, 0x79, 0xcb, 0xf2, 0x40, 0x8b, 0x39, 0xf9, 0x4b, 0x80, 0x32, 0xb, 0xb9, 0x72, 0xc0},
+ {0x0, 0xb3, 0x7b, 0xc8, 0xf6, 0x45, 0x8d, 0x3e, 0xf1, 0x42, 0x8a, 0x39, 0x7, 0xb4, 0x7c, 0xcf},
+ {0x0, 0xb4, 0x75, 0xc1, 0xea, 0x5e, 0x9f, 0x2b, 0xc9, 0x7d, 0xbc, 0x8, 0x23, 0x97, 0x56, 0xe2},
+ {0x0, 0xb5, 0x77, 0xc2, 0xee, 0x5b, 0x99, 0x2c, 0xc1, 0x74, 0xb6, 0x3, 0x2f, 0x9a, 0x58, 0xed},
+ {0x0, 0xb6, 0x71, 0xc7, 0xe2, 0x54, 0x93, 0x25, 0xd9, 0x6f, 0xa8, 0x1e, 0x3b, 0x8d, 0x4a, 0xfc},
+ {0x0, 0xb7, 0x73, 0xc4, 0xe6, 0x51, 0x95, 0x22, 0xd1, 0x66, 0xa2, 0x15, 0x37, 0x80, 0x44, 0xf3},
+ {0x0, 0xb8, 0x6d, 0xd5, 0xda, 0x62, 0xb7, 0xf, 0xa9, 0x11, 0xc4, 0x7c, 0x73, 0xcb, 0x1e, 0xa6},
+ {0x0, 0xb9, 0x6f, 0xd6, 0xde, 0x67, 0xb1, 0x8, 0xa1, 0x18, 0xce, 0x77, 0x7f, 0xc6, 0x10, 0xa9},
+ {0x0, 0xba, 0x69, 0xd3, 0xd2, 0x68, 0xbb, 0x1, 0xb9, 0x3, 0xd0, 0x6a, 0x6b, 0xd1, 0x2, 0xb8},
+ {0x0, 0xbb, 0x6b, 0xd0, 0xd6, 0x6d, 0xbd, 0x6, 0xb1, 0xa, 0xda, 0x61, 0x67, 0xdc, 0xc, 0xb7},
+ {0x0, 0xbc, 0x65, 0xd9, 0xca, 0x76, 0xaf, 0x13, 0x89, 0x35, 0xec, 0x50, 0x43, 0xff, 0x26, 0x9a},
+ {0x0, 0xbd, 0x67, 0xda, 0xce, 0x73, 0xa9, 0x14, 0x81, 0x3c, 0xe6, 0x5b, 0x4f, 0xf2, 0x28, 0x95},
+ {0x0, 0xbe, 0x61, 0xdf, 0xc2, 0x7c, 0xa3, 0x1d, 0x99, 0x27, 0xf8, 0x46, 0x5b, 0xe5, 0x3a, 0x84},
+ {0x0, 0xbf, 0x63, 0xdc, 0xc6, 0x79, 0xa5, 0x1a, 0x91, 0x2e, 0xf2, 0x4d, 0x57, 0xe8, 0x34, 0x8b},
+ {0x0, 0xc0, 0x9d, 0x5d, 0x27, 0xe7, 0xba, 0x7a, 0x4e, 0x8e, 0xd3, 0x13, 0x69, 0xa9, 0xf4, 0x34},
+ {0x0, 0xc1, 0x9f, 0x5e, 0x23, 0xe2, 0xbc, 0x7d, 0x46, 0x87, 0xd9, 0x18, 0x65, 0xa4, 0xfa, 0x3b},
+ {0x0, 0xc2, 0x99, 0x5b, 0x2f, 0xed, 0xb6, 0x74, 0x5e, 0x9c, 0xc7, 0x5, 0x71, 0xb3, 0xe8, 0x2a},
+ {0x0, 0xc3, 0x9b, 0x58, 0x2b, 0xe8, 0xb0, 0x73, 0x56, 0x95, 0xcd, 0xe, 0x7d, 0xbe, 0xe6, 0x25},
+ {0x0, 0xc4, 0x95, 0x51, 0x37, 0xf3, 0xa2, 0x66, 0x6e, 0xaa, 0xfb, 0x3f, 0x59, 0x9d, 0xcc, 0x8},
+ {0x0, 0xc5, 0x97, 0x52, 0x33, 0xf6, 0xa4, 0x61, 0x66, 0xa3, 0xf1, 0x34, 0x55, 0x90, 0xc2, 0x7},
+ {0x0, 0xc6, 0x91, 0x57, 0x3f, 0xf9, 0xae, 0x68, 0x7e, 0xb8, 0xef, 0x29, 0x41, 0x87, 0xd0, 0x16},
+ {0x0, 0xc7, 0x93, 0x54, 0x3b, 0xfc, 0xa8, 0x6f, 0x76, 0xb1, 0xe5, 0x22, 0x4d, 0x8a, 0xde, 0x19},
+ {0x0, 0xc8, 0x8d, 0x45, 0x7, 0xcf, 0x8a, 0x42, 0xe, 0xc6, 0x83, 0x4b, 0x9, 0xc1, 0x84, 0x4c},
+ {0x0, 0xc9, 0x8f, 0x46, 0x3, 0xca, 0x8c, 0x45, 0x6, 0xcf, 0x89, 0x40, 0x5, 0xcc, 0x8a, 0x43},
+ {0x0, 0xca, 0x89, 0x43, 0xf, 0xc5, 0x86, 0x4c, 0x1e, 0xd4, 0x97, 0x5d, 0x11, 0xdb, 0x98, 0x52},
+ {0x0, 0xcb, 0x8b, 0x40, 0xb, 0xc0, 0x80, 0x4b, 0x16, 0xdd, 0x9d, 0x56, 0x1d, 0xd6, 0x96, 0x5d},
+ {0x0, 0xcc, 0x85, 0x49, 0x17, 0xdb, 0x92, 0x5e, 0x2e, 0xe2, 0xab, 0x67, 0x39, 0xf5, 0xbc, 0x70},
+ {0x0, 0xcd, 0x87, 0x4a, 0x13, 0xde, 0x94, 0x59, 0x26, 0xeb, 0xa1, 0x6c, 0x35, 0xf8, 0xb2, 0x7f},
+ {0x0, 0xce, 0x81, 0x4f, 0x1f, 0xd1, 0x9e, 0x50, 0x3e, 0xf0, 0xbf, 0x71, 0x21, 0xef, 0xa0, 0x6e},
+ {0x0, 0xcf, 0x83, 0x4c, 0x1b, 0xd4, 0x98, 0x57, 0x36, 0xf9, 0xb5, 0x7a, 0x2d, 0xe2, 0xae, 0x61},
+ {0x0, 0xd0, 0xbd, 0x6d, 0x67, 0xb7, 0xda, 0xa, 0xce, 0x1e, 0x73, 0xa3, 0xa9, 0x79, 0x14, 0xc4},
+ {0x0, 0xd1, 0xbf, 0x6e, 0x63, 0xb2, 0xdc, 0xd, 0xc6, 0x17, 0x79, 0xa8, 0xa5, 0x74, 0x1a, 0xcb},
+ {0x0, 0xd2, 0xb9, 0x6b, 0x6f, 0xbd, 0xd6, 0x4, 0xde, 0xc, 0x67, 0xb5, 0xb1, 0x63, 0x8, 0xda},
+ {0x0, 0xd3, 0xbb, 0x68, 0x6b, 0xb8, 0xd0, 0x3, 0xd6, 0x5, 0x6d, 0xbe, 0xbd, 0x6e, 0x6, 0xd5},
+ {0x0, 0xd4, 0xb5, 0x61, 0x77, 0xa3, 0xc2, 0x16, 0xee, 0x3a, 0x5b, 0x8f, 0x99, 0x4d, 0x2c, 0xf8},
+ {0x0, 0xd5, 0xb7, 0x62, 0x73, 0xa6, 0xc4, 0x11, 0xe6, 0x33, 0x51, 0x84, 0x95, 0x40, 0x22, 0xf7},
+ {0x0, 0xd6, 0xb1, 0x67, 0x7f, 0xa9, 0xce, 0x18, 0xfe, 0x28, 0x4f, 0x99, 0x81, 0x57, 0x30, 0xe6},
+ {0x0, 0xd7, 0xb3, 0x64, 0x7b, 0xac, 0xc8, 0x1f, 0xf6, 0x21, 0x45, 0x92, 0x8d, 0x5a, 0x3e, 0xe9},
+ {0x0, 0xd8, 0xad, 0x75, 0x47, 0x9f, 0xea, 0x32, 0x8e, 0x56, 0x23, 0xfb, 0xc9, 0x11, 0x64, 0xbc},
+ {0x0, 0xd9, 0xaf, 0x76, 0x43, 0x9a, 0xec, 0x35, 0x86, 0x5f, 0x29, 0xf0, 0xc5, 0x1c, 0x6a, 0xb3},
+ {0x0, 0xda, 0xa9, 0x73, 0x4f, 0x95, 0xe6, 0x3c, 0x9e, 0x44, 0x37, 0xed, 0xd1, 0xb, 0x78, 0xa2},
+ {0x0, 0xdb, 0xab, 0x70, 0x4b, 0x90, 0xe0, 0x3b, 0x96, 0x4d, 0x3d, 0xe6, 0xdd, 0x6, 0x76, 0xad},
+ {0x0, 0xdc, 0xa5, 0x79, 0x57, 0x8b, 0xf2, 0x2e, 0xae, 0x72, 0xb, 0xd7, 0xf9, 0x25, 0x5c, 0x80},
+ {0x0, 0xdd, 0xa7, 0x7a, 0x53, 0x8e, 0xf4, 0x29, 0xa6, 0x7b, 0x1, 0xdc, 0xf5, 0x28, 0x52, 0x8f},
+ {0x0, 0xde, 0xa1, 0x7f, 0x5f, 0x81, 0xfe, 0x20, 0xbe, 0x60, 0x1f, 0xc1, 0xe1, 0x3f, 0x40, 0x9e},
+ {0x0, 0xdf, 0xa3, 0x7c, 0x5b, 0x84, 0xf8, 0x27, 0xb6, 0x69, 0x15, 0xca, 0xed, 0x32, 0x4e, 0x91},
+ {0x0, 0xe0, 0xdd, 0x3d, 0xa7, 0x47, 0x7a, 0x9a, 0x53, 0xb3, 0x8e, 0x6e, 0xf4, 0x14, 0x29, 0xc9},
+ {0x0, 0xe1, 0xdf, 0x3e, 0xa3, 0x42, 0x7c, 0x9d, 0x5b, 0xba, 0x84, 0x65, 0xf8, 0x19, 0x27, 0xc6},
+ {0x0, 0xe2, 0xd9, 0x3b, 0xaf, 0x4d, 0x76, 0x94, 0x43, 0xa1, 0x9a, 0x78, 0xec, 0xe, 0x35, 0xd7},
+ {0x0, 0xe3, 0xdb, 0x38, 0xab, 0x48, 0x70, 0x93, 0x4b, 0xa8, 0x90, 0x73, 0xe0, 0x3, 0x3b, 0xd8},
+ {0x0, 0xe4, 0xd5, 0x31, 0xb7, 0x53, 0x62, 0x86, 0x73, 0x97, 0xa6, 0x42, 0xc4, 0x20, 0x11, 0xf5},
+ {0x0, 0xe5, 0xd7, 0x32, 0xb3, 0x56, 0x64, 0x81, 0x7b, 0x9e, 0xac, 0x49, 0xc8, 0x2d, 0x1f, 0xfa},
+ {0x0, 0xe6, 0xd1, 0x37, 0xbf, 0x59, 0x6e, 0x88, 0x63, 0x85, 0xb2, 0x54, 0xdc, 0x3a, 0xd, 0xeb},
+ {0x0, 0xe7, 0xd3, 0x34, 0xbb, 0x5c, 0x68, 0x8f, 0x6b, 0x8c, 0xb8, 0x5f, 0xd0, 0x37, 0x3, 0xe4},
+ {0x0, 0xe8, 0xcd, 0x25, 0x87, 0x6f, 0x4a, 0xa2, 0x13, 0xfb, 0xde, 0x36, 0x94, 0x7c, 0x59, 0xb1},
+ {0x0, 0xe9, 0xcf, 0x26, 0x83, 0x6a, 0x4c, 0xa5, 0x1b, 0xf2, 0xd4, 0x3d, 0x98, 0x71, 0x57, 0xbe},
+ {0x0, 0xea, 0xc9, 0x23, 0x8f, 0x65, 0x46, 0xac, 0x3, 0xe9, 0xca, 0x20, 0x8c, 0x66, 0x45, 0xaf},
+ {0x0, 0xeb, 0xcb, 0x20, 0x8b, 0x60, 0x40, 0xab, 0xb, 0xe0, 0xc0, 0x2b, 0x80, 0x6b, 0x4b, 0xa0},
+ {0x0, 0xec, 0xc5, 0x29, 0x97, 0x7b, 0x52, 0xbe, 0x33, 0xdf, 0xf6, 0x1a, 0xa4, 0x48, 0x61, 0x8d},
+ {0x0, 0xed, 0xc7, 0x2a, 0x93, 0x7e, 0x54, 0xb9, 0x3b, 0xd6, 0xfc, 0x11, 0xa8, 0x45, 0x6f, 0x82},
+ {0x0, 0xee, 0xc1, 0x2f, 0x9f, 0x71, 0x5e, 0xb0, 0x23, 0xcd, 0xe2, 0xc, 0xbc, 0x52, 0x7d, 0x93},
+ {0x0, 0xef, 0xc3, 0x2c, 0x9b, 0x74, 0x58, 0xb7, 0x2b, 0xc4, 0xe8, 0x7, 0xb0, 0x5f, 0x73, 0x9c},
+ {0x0, 0xf0, 0xfd, 0xd, 0xe7, 0x17, 0x1a, 0xea, 0xd3, 0x23, 0x2e, 0xde, 0x34, 0xc4, 0xc9, 0x39},
+ {0x0, 0xf1, 0xff, 0xe, 0xe3, 0x12, 0x1c, 0xed, 0xdb, 0x2a, 0x24, 0xd5, 0x38, 0xc9, 0xc7, 0x36},
+ {0x0, 0xf2, 0xf9, 0xb, 0xef, 0x1d, 0x16, 0xe4, 0xc3, 0x31, 0x3a, 0xc8, 0x2c, 0xde, 0xd5, 0x27},
+ {0x0, 0xf3, 0xfb, 0x8, 0xeb, 0x18, 0x10, 0xe3, 0xcb, 0x38, 0x30, 0xc3, 0x20, 0xd3, 0xdb, 0x28},
+ {0x0, 0xf4, 0xf5, 0x1, 0xf7, 0x3, 0x2, 0xf6, 0xf3, 0x7, 0x6, 0xf2, 0x4, 0xf0, 0xf1, 0x5},
+ {0x0, 0xf5, 0xf7, 0x2, 0xf3, 0x6, 0x4, 0xf1, 0xfb, 0xe, 0xc, 0xf9, 0x8, 0xfd, 0xff, 0xa},
+ {0x0, 0xf6, 0xf1, 0x7, 0xff, 0x9, 0xe, 0xf8, 0xe3, 0x15, 0x12, 0xe4, 0x1c, 0xea, 0xed, 0x1b},
+ {0x0, 0xf7, 0xf3, 0x4, 0xfb, 0xc, 0x8, 0xff, 0xeb, 0x1c, 0x18, 0xef, 0x10, 0xe7, 0xe3, 0x14},
+ {0x0, 0xf8, 0xed, 0x15, 0xc7, 0x3f, 0x2a, 0xd2, 0x93, 0x6b, 0x7e, 0x86, 0x54, 0xac, 0xb9, 0x41},
+ {0x0, 0xf9, 0xef, 0x16, 0xc3, 0x3a, 0x2c, 0xd5, 0x9b, 0x62, 0x74, 0x8d, 0x58, 0xa1, 0xb7, 0x4e},
+ {0x0, 0xfa, 0xe9, 0x13, 0xcf, 0x35, 0x26, 0xdc, 0x83, 0x79, 0x6a, 0x90, 0x4c, 0xb6, 0xa5, 0x5f},
+ {0x0, 0xfb, 0xeb, 0x10, 0xcb, 0x30, 0x20, 0xdb, 0x8b, 0x70, 0x60, 0x9b, 0x40, 0xbb, 0xab, 0x50},
+ {0x0, 0xfc, 0xe5, 0x19, 0xd7, 0x2b, 0x32, 0xce, 0xb3, 0x4f, 0x56, 0xaa, 0x64, 0x98, 0x81, 0x7d},
+ {0x0, 0xfd, 0xe7, 0x1a, 0xd3, 0x2e, 0x34, 0xc9, 0xbb, 0x46, 0x5c, 0xa1, 0x68, 0x95, 0x8f, 0x72},
+ {0x0, 0xfe, 0xe1, 0x1f, 0xdf, 0x21, 0x3e, 0xc0, 0xa3, 0x5d, 0x42, 0xbc, 0x7c, 0x82, 0x9d, 0x63},
+ {0x0, 0xff, 0xe3, 0x1c, 0xdb, 0x24, 0x38, 0xc7, 0xab, 0x54, 0x48, 0xb7, 0x70, 0x8f, 0x93, 0x6c}}
+var mulTableHigh = [256][16]uint8{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
+ {0x0, 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80, 0x90, 0xa0, 0xb0, 0xc0, 0xd0, 0xe0, 0xf0},
+ {0x0, 0x20, 0x40, 0x60, 0x80, 0xa0, 0xc0, 0xe0, 0x1d, 0x3d, 0x5d, 0x7d, 0x9d, 0xbd, 0xdd, 0xfd},
+ {0x0, 0x30, 0x60, 0x50, 0xc0, 0xf0, 0xa0, 0x90, 0x9d, 0xad, 0xfd, 0xcd, 0x5d, 0x6d, 0x3d, 0xd},
+ {0x0, 0x40, 0x80, 0xc0, 0x1d, 0x5d, 0x9d, 0xdd, 0x3a, 0x7a, 0xba, 0xfa, 0x27, 0x67, 0xa7, 0xe7},
+ {0x0, 0x50, 0xa0, 0xf0, 0x5d, 0xd, 0xfd, 0xad, 0xba, 0xea, 0x1a, 0x4a, 0xe7, 0xb7, 0x47, 0x17},
+ {0x0, 0x60, 0xc0, 0xa0, 0x9d, 0xfd, 0x5d, 0x3d, 0x27, 0x47, 0xe7, 0x87, 0xba, 0xda, 0x7a, 0x1a},
+ {0x0, 0x70, 0xe0, 0x90, 0xdd, 0xad, 0x3d, 0x4d, 0xa7, 0xd7, 0x47, 0x37, 0x7a, 0xa, 0x9a, 0xea},
+ {0x0, 0x80, 0x1d, 0x9d, 0x3a, 0xba, 0x27, 0xa7, 0x74, 0xf4, 0x69, 0xe9, 0x4e, 0xce, 0x53, 0xd3},
+ {0x0, 0x90, 0x3d, 0xad, 0x7a, 0xea, 0x47, 0xd7, 0xf4, 0x64, 0xc9, 0x59, 0x8e, 0x1e, 0xb3, 0x23},
+ {0x0, 0xa0, 0x5d, 0xfd, 0xba, 0x1a, 0xe7, 0x47, 0x69, 0xc9, 0x34, 0x94, 0xd3, 0x73, 0x8e, 0x2e},
+ {0x0, 0xb0, 0x7d, 0xcd, 0xfa, 0x4a, 0x87, 0x37, 0xe9, 0x59, 0x94, 0x24, 0x13, 0xa3, 0x6e, 0xde},
+ {0x0, 0xc0, 0x9d, 0x5d, 0x27, 0xe7, 0xba, 0x7a, 0x4e, 0x8e, 0xd3, 0x13, 0x69, 0xa9, 0xf4, 0x34},
+ {0x0, 0xd0, 0xbd, 0x6d, 0x67, 0xb7, 0xda, 0xa, 0xce, 0x1e, 0x73, 0xa3, 0xa9, 0x79, 0x14, 0xc4},
+ {0x0, 0xe0, 0xdd, 0x3d, 0xa7, 0x47, 0x7a, 0x9a, 0x53, 0xb3, 0x8e, 0x6e, 0xf4, 0x14, 0x29, 0xc9},
+ {0x0, 0xf0, 0xfd, 0xd, 0xe7, 0x17, 0x1a, 0xea, 0xd3, 0x23, 0x2e, 0xde, 0x34, 0xc4, 0xc9, 0x39},
+ {0x0, 0x1d, 0x3a, 0x27, 0x74, 0x69, 0x4e, 0x53, 0xe8, 0xf5, 0xd2, 0xcf, 0x9c, 0x81, 0xa6, 0xbb},
+ {0x0, 0xd, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f, 0x5c, 0x51, 0x46, 0x4b},
+ {0x0, 0x3d, 0x7a, 0x47, 0xf4, 0xc9, 0x8e, 0xb3, 0xf5, 0xc8, 0x8f, 0xb2, 0x1, 0x3c, 0x7b, 0x46},
+ {0x0, 0x2d, 0x5a, 0x77, 0xb4, 0x99, 0xee, 0xc3, 0x75, 0x58, 0x2f, 0x2, 0xc1, 0xec, 0x9b, 0xb6},
+ {0x0, 0x5d, 0xba, 0xe7, 0x69, 0x34, 0xd3, 0x8e, 0xd2, 0x8f, 0x68, 0x35, 0xbb, 0xe6, 0x1, 0x5c},
+ {0x0, 0x4d, 0x9a, 0xd7, 0x29, 0x64, 0xb3, 0xfe, 0x52, 0x1f, 0xc8, 0x85, 0x7b, 0x36, 0xe1, 0xac},
+ {0x0, 0x7d, 0xfa, 0x87, 0xe9, 0x94, 0x13, 0x6e, 0xcf, 0xb2, 0x35, 0x48, 0x26, 0x5b, 0xdc, 0xa1},
+ {0x0, 0x6d, 0xda, 0xb7, 0xa9, 0xc4, 0x73, 0x1e, 0x4f, 0x22, 0x95, 0xf8, 0xe6, 0x8b, 0x3c, 0x51},
+ {0x0, 0x9d, 0x27, 0xba, 0x4e, 0xd3, 0x69, 0xf4, 0x9c, 0x1, 0xbb, 0x26, 0xd2, 0x4f, 0xf5, 0x68},
+ {0x0, 0x8d, 0x7, 0x8a, 0xe, 0x83, 0x9, 0x84, 0x1c, 0x91, 0x1b, 0x96, 0x12, 0x9f, 0x15, 0x98},
+ {0x0, 0xbd, 0x67, 0xda, 0xce, 0x73, 0xa9, 0x14, 0x81, 0x3c, 0xe6, 0x5b, 0x4f, 0xf2, 0x28, 0x95},
+ {0x0, 0xad, 0x47, 0xea, 0x8e, 0x23, 0xc9, 0x64, 0x1, 0xac, 0x46, 0xeb, 0x8f, 0x22, 0xc8, 0x65},
+ {0x0, 0xdd, 0xa7, 0x7a, 0x53, 0x8e, 0xf4, 0x29, 0xa6, 0x7b, 0x1, 0xdc, 0xf5, 0x28, 0x52, 0x8f},
+ {0x0, 0xcd, 0x87, 0x4a, 0x13, 0xde, 0x94, 0x59, 0x26, 0xeb, 0xa1, 0x6c, 0x35, 0xf8, 0xb2, 0x7f},
+ {0x0, 0xfd, 0xe7, 0x1a, 0xd3, 0x2e, 0x34, 0xc9, 0xbb, 0x46, 0x5c, 0xa1, 0x68, 0x95, 0x8f, 0x72},
+ {0x0, 0xed, 0xc7, 0x2a, 0x93, 0x7e, 0x54, 0xb9, 0x3b, 0xd6, 0xfc, 0x11, 0xa8, 0x45, 0x6f, 0x82},
+ {0x0, 0x3a, 0x74, 0x4e, 0xe8, 0xd2, 0x9c, 0xa6, 0xcd, 0xf7, 0xb9, 0x83, 0x25, 0x1f, 0x51, 0x6b},
+ {0x0, 0x2a, 0x54, 0x7e, 0xa8, 0x82, 0xfc, 0xd6, 0x4d, 0x67, 0x19, 0x33, 0xe5, 0xcf, 0xb1, 0x9b},
+ {0x0, 0x1a, 0x34, 0x2e, 0x68, 0x72, 0x5c, 0x46, 0xd0, 0xca, 0xe4, 0xfe, 0xb8, 0xa2, 0x8c, 0x96},
+ {0x0, 0xa, 0x14, 0x1e, 0x28, 0x22, 0x3c, 0x36, 0x50, 0x5a, 0x44, 0x4e, 0x78, 0x72, 0x6c, 0x66},
+ {0x0, 0x7a, 0xf4, 0x8e, 0xf5, 0x8f, 0x1, 0x7b, 0xf7, 0x8d, 0x3, 0x79, 0x2, 0x78, 0xf6, 0x8c},
+ {0x0, 0x6a, 0xd4, 0xbe, 0xb5, 0xdf, 0x61, 0xb, 0x77, 0x1d, 0xa3, 0xc9, 0xc2, 0xa8, 0x16, 0x7c},
+ {0x0, 0x5a, 0xb4, 0xee, 0x75, 0x2f, 0xc1, 0x9b, 0xea, 0xb0, 0x5e, 0x4, 0x9f, 0xc5, 0x2b, 0x71},
+ {0x0, 0x4a, 0x94, 0xde, 0x35, 0x7f, 0xa1, 0xeb, 0x6a, 0x20, 0xfe, 0xb4, 0x5f, 0x15, 0xcb, 0x81},
+ {0x0, 0xba, 0x69, 0xd3, 0xd2, 0x68, 0xbb, 0x1, 0xb9, 0x3, 0xd0, 0x6a, 0x6b, 0xd1, 0x2, 0xb8},
+ {0x0, 0xaa, 0x49, 0xe3, 0x92, 0x38, 0xdb, 0x71, 0x39, 0x93, 0x70, 0xda, 0xab, 0x1, 0xe2, 0x48},
+ {0x0, 0x9a, 0x29, 0xb3, 0x52, 0xc8, 0x7b, 0xe1, 0xa4, 0x3e, 0x8d, 0x17, 0xf6, 0x6c, 0xdf, 0x45},
+ {0x0, 0x8a, 0x9, 0x83, 0x12, 0x98, 0x1b, 0x91, 0x24, 0xae, 0x2d, 0xa7, 0x36, 0xbc, 0x3f, 0xb5},
+ {0x0, 0xfa, 0xe9, 0x13, 0xcf, 0x35, 0x26, 0xdc, 0x83, 0x79, 0x6a, 0x90, 0x4c, 0xb6, 0xa5, 0x5f},
+ {0x0, 0xea, 0xc9, 0x23, 0x8f, 0x65, 0x46, 0xac, 0x3, 0xe9, 0xca, 0x20, 0x8c, 0x66, 0x45, 0xaf},
+ {0x0, 0xda, 0xa9, 0x73, 0x4f, 0x95, 0xe6, 0x3c, 0x9e, 0x44, 0x37, 0xed, 0xd1, 0xb, 0x78, 0xa2},
+ {0x0, 0xca, 0x89, 0x43, 0xf, 0xc5, 0x86, 0x4c, 0x1e, 0xd4, 0x97, 0x5d, 0x11, 0xdb, 0x98, 0x52},
+ {0x0, 0x27, 0x4e, 0x69, 0x9c, 0xbb, 0xd2, 0xf5, 0x25, 0x2, 0x6b, 0x4c, 0xb9, 0x9e, 0xf7, 0xd0},
+ {0x0, 0x37, 0x6e, 0x59, 0xdc, 0xeb, 0xb2, 0x85, 0xa5, 0x92, 0xcb, 0xfc, 0x79, 0x4e, 0x17, 0x20},
+ {0x0, 0x7, 0xe, 0x9, 0x1c, 0x1b, 0x12, 0x15, 0x38, 0x3f, 0x36, 0x31, 0x24, 0x23, 0x2a, 0x2d},
+ {0x0, 0x17, 0x2e, 0x39, 0x5c, 0x4b, 0x72, 0x65, 0xb8, 0xaf, 0x96, 0x81, 0xe4, 0xf3, 0xca, 0xdd},
+ {0x0, 0x67, 0xce, 0xa9, 0x81, 0xe6, 0x4f, 0x28, 0x1f, 0x78, 0xd1, 0xb6, 0x9e, 0xf9, 0x50, 0x37},
+ {0x0, 0x77, 0xee, 0x99, 0xc1, 0xb6, 0x2f, 0x58, 0x9f, 0xe8, 0x71, 0x6, 0x5e, 0x29, 0xb0, 0xc7},
+ {0x0, 0x47, 0x8e, 0xc9, 0x1, 0x46, 0x8f, 0xc8, 0x2, 0x45, 0x8c, 0xcb, 0x3, 0x44, 0x8d, 0xca},
+ {0x0, 0x57, 0xae, 0xf9, 0x41, 0x16, 0xef, 0xb8, 0x82, 0xd5, 0x2c, 0x7b, 0xc3, 0x94, 0x6d, 0x3a},
+ {0x0, 0xa7, 0x53, 0xf4, 0xa6, 0x1, 0xf5, 0x52, 0x51, 0xf6, 0x2, 0xa5, 0xf7, 0x50, 0xa4, 0x3},
+ {0x0, 0xb7, 0x73, 0xc4, 0xe6, 0x51, 0x95, 0x22, 0xd1, 0x66, 0xa2, 0x15, 0x37, 0x80, 0x44, 0xf3},
+ {0x0, 0x87, 0x13, 0x94, 0x26, 0xa1, 0x35, 0xb2, 0x4c, 0xcb, 0x5f, 0xd8, 0x6a, 0xed, 0x79, 0xfe},
+ {0x0, 0x97, 0x33, 0xa4, 0x66, 0xf1, 0x55, 0xc2, 0xcc, 0x5b, 0xff, 0x68, 0xaa, 0x3d, 0x99, 0xe},
+ {0x0, 0xe7, 0xd3, 0x34, 0xbb, 0x5c, 0x68, 0x8f, 0x6b, 0x8c, 0xb8, 0x5f, 0xd0, 0x37, 0x3, 0xe4},
+ {0x0, 0xf7, 0xf3, 0x4, 0xfb, 0xc, 0x8, 0xff, 0xeb, 0x1c, 0x18, 0xef, 0x10, 0xe7, 0xe3, 0x14},
+ {0x0, 0xc7, 0x93, 0x54, 0x3b, 0xfc, 0xa8, 0x6f, 0x76, 0xb1, 0xe5, 0x22, 0x4d, 0x8a, 0xde, 0x19},
+ {0x0, 0xd7, 0xb3, 0x64, 0x7b, 0xac, 0xc8, 0x1f, 0xf6, 0x21, 0x45, 0x92, 0x8d, 0x5a, 0x3e, 0xe9},
+ {0x0, 0x74, 0xe8, 0x9c, 0xcd, 0xb9, 0x25, 0x51, 0x87, 0xf3, 0x6f, 0x1b, 0x4a, 0x3e, 0xa2, 0xd6},
+ {0x0, 0x64, 0xc8, 0xac, 0x8d, 0xe9, 0x45, 0x21, 0x7, 0x63, 0xcf, 0xab, 0x8a, 0xee, 0x42, 0x26},
+ {0x0, 0x54, 0xa8, 0xfc, 0x4d, 0x19, 0xe5, 0xb1, 0x9a, 0xce, 0x32, 0x66, 0xd7, 0x83, 0x7f, 0x2b},
+ {0x0, 0x44, 0x88, 0xcc, 0xd, 0x49, 0x85, 0xc1, 0x1a, 0x5e, 0x92, 0xd6, 0x17, 0x53, 0x9f, 0xdb},
+ {0x0, 0x34, 0x68, 0x5c, 0xd0, 0xe4, 0xb8, 0x8c, 0xbd, 0x89, 0xd5, 0xe1, 0x6d, 0x59, 0x5, 0x31},
+ {0x0, 0x24, 0x48, 0x6c, 0x90, 0xb4, 0xd8, 0xfc, 0x3d, 0x19, 0x75, 0x51, 0xad, 0x89, 0xe5, 0xc1},
+ {0x0, 0x14, 0x28, 0x3c, 0x50, 0x44, 0x78, 0x6c, 0xa0, 0xb4, 0x88, 0x9c, 0xf0, 0xe4, 0xd8, 0xcc},
+ {0x0, 0x4, 0x8, 0xc, 0x10, 0x14, 0x18, 0x1c, 0x20, 0x24, 0x28, 0x2c, 0x30, 0x34, 0x38, 0x3c},
+ {0x0, 0xf4, 0xf5, 0x1, 0xf7, 0x3, 0x2, 0xf6, 0xf3, 0x7, 0x6, 0xf2, 0x4, 0xf0, 0xf1, 0x5},
+ {0x0, 0xe4, 0xd5, 0x31, 0xb7, 0x53, 0x62, 0x86, 0x73, 0x97, 0xa6, 0x42, 0xc4, 0x20, 0x11, 0xf5},
+ {0x0, 0xd4, 0xb5, 0x61, 0x77, 0xa3, 0xc2, 0x16, 0xee, 0x3a, 0x5b, 0x8f, 0x99, 0x4d, 0x2c, 0xf8},
+ {0x0, 0xc4, 0x95, 0x51, 0x37, 0xf3, 0xa2, 0x66, 0x6e, 0xaa, 0xfb, 0x3f, 0x59, 0x9d, 0xcc, 0x8},
+ {0x0, 0xb4, 0x75, 0xc1, 0xea, 0x5e, 0x9f, 0x2b, 0xc9, 0x7d, 0xbc, 0x8, 0x23, 0x97, 0x56, 0xe2},
+ {0x0, 0xa4, 0x55, 0xf1, 0xaa, 0xe, 0xff, 0x5b, 0x49, 0xed, 0x1c, 0xb8, 0xe3, 0x47, 0xb6, 0x12},
+ {0x0, 0x94, 0x35, 0xa1, 0x6a, 0xfe, 0x5f, 0xcb, 0xd4, 0x40, 0xe1, 0x75, 0xbe, 0x2a, 0x8b, 0x1f},
+ {0x0, 0x84, 0x15, 0x91, 0x2a, 0xae, 0x3f, 0xbb, 0x54, 0xd0, 0x41, 0xc5, 0x7e, 0xfa, 0x6b, 0xef},
+ {0x0, 0x69, 0xd2, 0xbb, 0xb9, 0xd0, 0x6b, 0x2, 0x6f, 0x6, 0xbd, 0xd4, 0xd6, 0xbf, 0x4, 0x6d},
+ {0x0, 0x79, 0xf2, 0x8b, 0xf9, 0x80, 0xb, 0x72, 0xef, 0x96, 0x1d, 0x64, 0x16, 0x6f, 0xe4, 0x9d},
+ {0x0, 0x49, 0x92, 0xdb, 0x39, 0x70, 0xab, 0xe2, 0x72, 0x3b, 0xe0, 0xa9, 0x4b, 0x2, 0xd9, 0x90},
+ {0x0, 0x59, 0xb2, 0xeb, 0x79, 0x20, 0xcb, 0x92, 0xf2, 0xab, 0x40, 0x19, 0x8b, 0xd2, 0x39, 0x60},
+ {0x0, 0x29, 0x52, 0x7b, 0xa4, 0x8d, 0xf6, 0xdf, 0x55, 0x7c, 0x7, 0x2e, 0xf1, 0xd8, 0xa3, 0x8a},
+ {0x0, 0x39, 0x72, 0x4b, 0xe4, 0xdd, 0x96, 0xaf, 0xd5, 0xec, 0xa7, 0x9e, 0x31, 0x8, 0x43, 0x7a},
+ {0x0, 0x9, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53, 0x6c, 0x65, 0x7e, 0x77},
+ {0x0, 0x19, 0x32, 0x2b, 0x64, 0x7d, 0x56, 0x4f, 0xc8, 0xd1, 0xfa, 0xe3, 0xac, 0xb5, 0x9e, 0x87},
+ {0x0, 0xe9, 0xcf, 0x26, 0x83, 0x6a, 0x4c, 0xa5, 0x1b, 0xf2, 0xd4, 0x3d, 0x98, 0x71, 0x57, 0xbe},
+ {0x0, 0xf9, 0xef, 0x16, 0xc3, 0x3a, 0x2c, 0xd5, 0x9b, 0x62, 0x74, 0x8d, 0x58, 0xa1, 0xb7, 0x4e},
+ {0x0, 0xc9, 0x8f, 0x46, 0x3, 0xca, 0x8c, 0x45, 0x6, 0xcf, 0x89, 0x40, 0x5, 0xcc, 0x8a, 0x43},
+ {0x0, 0xd9, 0xaf, 0x76, 0x43, 0x9a, 0xec, 0x35, 0x86, 0x5f, 0x29, 0xf0, 0xc5, 0x1c, 0x6a, 0xb3},
+ {0x0, 0xa9, 0x4f, 0xe6, 0x9e, 0x37, 0xd1, 0x78, 0x21, 0x88, 0x6e, 0xc7, 0xbf, 0x16, 0xf0, 0x59},
+ {0x0, 0xb9, 0x6f, 0xd6, 0xde, 0x67, 0xb1, 0x8, 0xa1, 0x18, 0xce, 0x77, 0x7f, 0xc6, 0x10, 0xa9},
+ {0x0, 0x89, 0xf, 0x86, 0x1e, 0x97, 0x11, 0x98, 0x3c, 0xb5, 0x33, 0xba, 0x22, 0xab, 0x2d, 0xa4},
+ {0x0, 0x99, 0x2f, 0xb6, 0x5e, 0xc7, 0x71, 0xe8, 0xbc, 0x25, 0x93, 0xa, 0xe2, 0x7b, 0xcd, 0x54},
+ {0x0, 0x4e, 0x9c, 0xd2, 0x25, 0x6b, 0xb9, 0xf7, 0x4a, 0x4, 0xd6, 0x98, 0x6f, 0x21, 0xf3, 0xbd},
+ {0x0, 0x5e, 0xbc, 0xe2, 0x65, 0x3b, 0xd9, 0x87, 0xca, 0x94, 0x76, 0x28, 0xaf, 0xf1, 0x13, 0x4d},
+ {0x0, 0x6e, 0xdc, 0xb2, 0xa5, 0xcb, 0x79, 0x17, 0x57, 0x39, 0x8b, 0xe5, 0xf2, 0x9c, 0x2e, 0x40},
+ {0x0, 0x7e, 0xfc, 0x82, 0xe5, 0x9b, 0x19, 0x67, 0xd7, 0xa9, 0x2b, 0x55, 0x32, 0x4c, 0xce, 0xb0},
+ {0x0, 0xe, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62, 0x48, 0x46, 0x54, 0x5a},
+ {0x0, 0x1e, 0x3c, 0x22, 0x78, 0x66, 0x44, 0x5a, 0xf0, 0xee, 0xcc, 0xd2, 0x88, 0x96, 0xb4, 0xaa},
+ {0x0, 0x2e, 0x5c, 0x72, 0xb8, 0x96, 0xe4, 0xca, 0x6d, 0x43, 0x31, 0x1f, 0xd5, 0xfb, 0x89, 0xa7},
+ {0x0, 0x3e, 0x7c, 0x42, 0xf8, 0xc6, 0x84, 0xba, 0xed, 0xd3, 0x91, 0xaf, 0x15, 0x2b, 0x69, 0x57},
+ {0x0, 0xce, 0x81, 0x4f, 0x1f, 0xd1, 0x9e, 0x50, 0x3e, 0xf0, 0xbf, 0x71, 0x21, 0xef, 0xa0, 0x6e},
+ {0x0, 0xde, 0xa1, 0x7f, 0x5f, 0x81, 0xfe, 0x20, 0xbe, 0x60, 0x1f, 0xc1, 0xe1, 0x3f, 0x40, 0x9e},
+ {0x0, 0xee, 0xc1, 0x2f, 0x9f, 0x71, 0x5e, 0xb0, 0x23, 0xcd, 0xe2, 0xc, 0xbc, 0x52, 0x7d, 0x93},
+ {0x0, 0xfe, 0xe1, 0x1f, 0xdf, 0x21, 0x3e, 0xc0, 0xa3, 0x5d, 0x42, 0xbc, 0x7c, 0x82, 0x9d, 0x63},
+ {0x0, 0x8e, 0x1, 0x8f, 0x2, 0x8c, 0x3, 0x8d, 0x4, 0x8a, 0x5, 0x8b, 0x6, 0x88, 0x7, 0x89},
+ {0x0, 0x9e, 0x21, 0xbf, 0x42, 0xdc, 0x63, 0xfd, 0x84, 0x1a, 0xa5, 0x3b, 0xc6, 0x58, 0xe7, 0x79},
+ {0x0, 0xae, 0x41, 0xef, 0x82, 0x2c, 0xc3, 0x6d, 0x19, 0xb7, 0x58, 0xf6, 0x9b, 0x35, 0xda, 0x74},
+ {0x0, 0xbe, 0x61, 0xdf, 0xc2, 0x7c, 0xa3, 0x1d, 0x99, 0x27, 0xf8, 0x46, 0x5b, 0xe5, 0x3a, 0x84},
+ {0x0, 0x53, 0xa6, 0xf5, 0x51, 0x2, 0xf7, 0xa4, 0xa2, 0xf1, 0x4, 0x57, 0xf3, 0xa0, 0x55, 0x6},
+ {0x0, 0x43, 0x86, 0xc5, 0x11, 0x52, 0x97, 0xd4, 0x22, 0x61, 0xa4, 0xe7, 0x33, 0x70, 0xb5, 0xf6},
+ {0x0, 0x73, 0xe6, 0x95, 0xd1, 0xa2, 0x37, 0x44, 0xbf, 0xcc, 0x59, 0x2a, 0x6e, 0x1d, 0x88, 0xfb},
+ {0x0, 0x63, 0xc6, 0xa5, 0x91, 0xf2, 0x57, 0x34, 0x3f, 0x5c, 0xf9, 0x9a, 0xae, 0xcd, 0x68, 0xb},
+ {0x0, 0x13, 0x26, 0x35, 0x4c, 0x5f, 0x6a, 0x79, 0x98, 0x8b, 0xbe, 0xad, 0xd4, 0xc7, 0xf2, 0xe1},
+ {0x0, 0x3, 0x6, 0x5, 0xc, 0xf, 0xa, 0x9, 0x18, 0x1b, 0x1e, 0x1d, 0x14, 0x17, 0x12, 0x11},
+ {0x0, 0x33, 0x66, 0x55, 0xcc, 0xff, 0xaa, 0x99, 0x85, 0xb6, 0xe3, 0xd0, 0x49, 0x7a, 0x2f, 0x1c},
+ {0x0, 0x23, 0x46, 0x65, 0x8c, 0xaf, 0xca, 0xe9, 0x5, 0x26, 0x43, 0x60, 0x89, 0xaa, 0xcf, 0xec},
+ {0x0, 0xd3, 0xbb, 0x68, 0x6b, 0xb8, 0xd0, 0x3, 0xd6, 0x5, 0x6d, 0xbe, 0xbd, 0x6e, 0x6, 0xd5},
+ {0x0, 0xc3, 0x9b, 0x58, 0x2b, 0xe8, 0xb0, 0x73, 0x56, 0x95, 0xcd, 0xe, 0x7d, 0xbe, 0xe6, 0x25},
+ {0x0, 0xf3, 0xfb, 0x8, 0xeb, 0x18, 0x10, 0xe3, 0xcb, 0x38, 0x30, 0xc3, 0x20, 0xd3, 0xdb, 0x28},
+ {0x0, 0xe3, 0xdb, 0x38, 0xab, 0x48, 0x70, 0x93, 0x4b, 0xa8, 0x90, 0x73, 0xe0, 0x3, 0x3b, 0xd8},
+ {0x0, 0x93, 0x3b, 0xa8, 0x76, 0xe5, 0x4d, 0xde, 0xec, 0x7f, 0xd7, 0x44, 0x9a, 0x9, 0xa1, 0x32},
+ {0x0, 0x83, 0x1b, 0x98, 0x36, 0xb5, 0x2d, 0xae, 0x6c, 0xef, 0x77, 0xf4, 0x5a, 0xd9, 0x41, 0xc2},
+ {0x0, 0xb3, 0x7b, 0xc8, 0xf6, 0x45, 0x8d, 0x3e, 0xf1, 0x42, 0x8a, 0x39, 0x7, 0xb4, 0x7c, 0xcf},
+ {0x0, 0xa3, 0x5b, 0xf8, 0xb6, 0x15, 0xed, 0x4e, 0x71, 0xd2, 0x2a, 0x89, 0xc7, 0x64, 0x9c, 0x3f},
+ {0x0, 0xe8, 0xcd, 0x25, 0x87, 0x6f, 0x4a, 0xa2, 0x13, 0xfb, 0xde, 0x36, 0x94, 0x7c, 0x59, 0xb1},
+ {0x0, 0xf8, 0xed, 0x15, 0xc7, 0x3f, 0x2a, 0xd2, 0x93, 0x6b, 0x7e, 0x86, 0x54, 0xac, 0xb9, 0x41},
+ {0x0, 0xc8, 0x8d, 0x45, 0x7, 0xcf, 0x8a, 0x42, 0xe, 0xc6, 0x83, 0x4b, 0x9, 0xc1, 0x84, 0x4c},
+ {0x0, 0xd8, 0xad, 0x75, 0x47, 0x9f, 0xea, 0x32, 0x8e, 0x56, 0x23, 0xfb, 0xc9, 0x11, 0x64, 0xbc},
+ {0x0, 0xa8, 0x4d, 0xe5, 0x9a, 0x32, 0xd7, 0x7f, 0x29, 0x81, 0x64, 0xcc, 0xb3, 0x1b, 0xfe, 0x56},
+ {0x0, 0xb8, 0x6d, 0xd5, 0xda, 0x62, 0xb7, 0xf, 0xa9, 0x11, 0xc4, 0x7c, 0x73, 0xcb, 0x1e, 0xa6},
+ {0x0, 0x88, 0xd, 0x85, 0x1a, 0x92, 0x17, 0x9f, 0x34, 0xbc, 0x39, 0xb1, 0x2e, 0xa6, 0x23, 0xab},
+ {0x0, 0x98, 0x2d, 0xb5, 0x5a, 0xc2, 0x77, 0xef, 0xb4, 0x2c, 0x99, 0x1, 0xee, 0x76, 0xc3, 0x5b},
+ {0x0, 0x68, 0xd0, 0xb8, 0xbd, 0xd5, 0x6d, 0x5, 0x67, 0xf, 0xb7, 0xdf, 0xda, 0xb2, 0xa, 0x62},
+ {0x0, 0x78, 0xf0, 0x88, 0xfd, 0x85, 0xd, 0x75, 0xe7, 0x9f, 0x17, 0x6f, 0x1a, 0x62, 0xea, 0x92},
+ {0x0, 0x48, 0x90, 0xd8, 0x3d, 0x75, 0xad, 0xe5, 0x7a, 0x32, 0xea, 0xa2, 0x47, 0xf, 0xd7, 0x9f},
+ {0x0, 0x58, 0xb0, 0xe8, 0x7d, 0x25, 0xcd, 0x95, 0xfa, 0xa2, 0x4a, 0x12, 0x87, 0xdf, 0x37, 0x6f},
+ {0x0, 0x28, 0x50, 0x78, 0xa0, 0x88, 0xf0, 0xd8, 0x5d, 0x75, 0xd, 0x25, 0xfd, 0xd5, 0xad, 0x85},
+ {0x0, 0x38, 0x70, 0x48, 0xe0, 0xd8, 0x90, 0xa8, 0xdd, 0xe5, 0xad, 0x95, 0x3d, 0x5, 0x4d, 0x75},
+ {0x0, 0x8, 0x10, 0x18, 0x20, 0x28, 0x30, 0x38, 0x40, 0x48, 0x50, 0x58, 0x60, 0x68, 0x70, 0x78},
+ {0x0, 0x18, 0x30, 0x28, 0x60, 0x78, 0x50, 0x48, 0xc0, 0xd8, 0xf0, 0xe8, 0xa0, 0xb8, 0x90, 0x88},
+ {0x0, 0xf5, 0xf7, 0x2, 0xf3, 0x6, 0x4, 0xf1, 0xfb, 0xe, 0xc, 0xf9, 0x8, 0xfd, 0xff, 0xa},
+ {0x0, 0xe5, 0xd7, 0x32, 0xb3, 0x56, 0x64, 0x81, 0x7b, 0x9e, 0xac, 0x49, 0xc8, 0x2d, 0x1f, 0xfa},
+ {0x0, 0xd5, 0xb7, 0x62, 0x73, 0xa6, 0xc4, 0x11, 0xe6, 0x33, 0x51, 0x84, 0x95, 0x40, 0x22, 0xf7},
+ {0x0, 0xc5, 0x97, 0x52, 0x33, 0xf6, 0xa4, 0x61, 0x66, 0xa3, 0xf1, 0x34, 0x55, 0x90, 0xc2, 0x7},
+ {0x0, 0xb5, 0x77, 0xc2, 0xee, 0x5b, 0x99, 0x2c, 0xc1, 0x74, 0xb6, 0x3, 0x2f, 0x9a, 0x58, 0xed},
+ {0x0, 0xa5, 0x57, 0xf2, 0xae, 0xb, 0xf9, 0x5c, 0x41, 0xe4, 0x16, 0xb3, 0xef, 0x4a, 0xb8, 0x1d},
+ {0x0, 0x95, 0x37, 0xa2, 0x6e, 0xfb, 0x59, 0xcc, 0xdc, 0x49, 0xeb, 0x7e, 0xb2, 0x27, 0x85, 0x10},
+ {0x0, 0x85, 0x17, 0x92, 0x2e, 0xab, 0x39, 0xbc, 0x5c, 0xd9, 0x4b, 0xce, 0x72, 0xf7, 0x65, 0xe0},
+ {0x0, 0x75, 0xea, 0x9f, 0xc9, 0xbc, 0x23, 0x56, 0x8f, 0xfa, 0x65, 0x10, 0x46, 0x33, 0xac, 0xd9},
+ {0x0, 0x65, 0xca, 0xaf, 0x89, 0xec, 0x43, 0x26, 0xf, 0x6a, 0xc5, 0xa0, 0x86, 0xe3, 0x4c, 0x29},
+ {0x0, 0x55, 0xaa, 0xff, 0x49, 0x1c, 0xe3, 0xb6, 0x92, 0xc7, 0x38, 0x6d, 0xdb, 0x8e, 0x71, 0x24},
+ {0x0, 0x45, 0x8a, 0xcf, 0x9, 0x4c, 0x83, 0xc6, 0x12, 0x57, 0x98, 0xdd, 0x1b, 0x5e, 0x91, 0xd4},
+ {0x0, 0x35, 0x6a, 0x5f, 0xd4, 0xe1, 0xbe, 0x8b, 0xb5, 0x80, 0xdf, 0xea, 0x61, 0x54, 0xb, 0x3e},
+ {0x0, 0x25, 0x4a, 0x6f, 0x94, 0xb1, 0xde, 0xfb, 0x35, 0x10, 0x7f, 0x5a, 0xa1, 0x84, 0xeb, 0xce},
+ {0x0, 0x15, 0x2a, 0x3f, 0x54, 0x41, 0x7e, 0x6b, 0xa8, 0xbd, 0x82, 0x97, 0xfc, 0xe9, 0xd6, 0xc3},
+ {0x0, 0x5, 0xa, 0xf, 0x14, 0x11, 0x1e, 0x1b, 0x28, 0x2d, 0x22, 0x27, 0x3c, 0x39, 0x36, 0x33},
+ {0x0, 0xd2, 0xb9, 0x6b, 0x6f, 0xbd, 0xd6, 0x4, 0xde, 0xc, 0x67, 0xb5, 0xb1, 0x63, 0x8, 0xda},
+ {0x0, 0xc2, 0x99, 0x5b, 0x2f, 0xed, 0xb6, 0x74, 0x5e, 0x9c, 0xc7, 0x5, 0x71, 0xb3, 0xe8, 0x2a},
+ {0x0, 0xf2, 0xf9, 0xb, 0xef, 0x1d, 0x16, 0xe4, 0xc3, 0x31, 0x3a, 0xc8, 0x2c, 0xde, 0xd5, 0x27},
+ {0x0, 0xe2, 0xd9, 0x3b, 0xaf, 0x4d, 0x76, 0x94, 0x43, 0xa1, 0x9a, 0x78, 0xec, 0xe, 0x35, 0xd7},
+ {0x0, 0x92, 0x39, 0xab, 0x72, 0xe0, 0x4b, 0xd9, 0xe4, 0x76, 0xdd, 0x4f, 0x96, 0x4, 0xaf, 0x3d},
+ {0x0, 0x82, 0x19, 0x9b, 0x32, 0xb0, 0x2b, 0xa9, 0x64, 0xe6, 0x7d, 0xff, 0x56, 0xd4, 0x4f, 0xcd},
+ {0x0, 0xb2, 0x79, 0xcb, 0xf2, 0x40, 0x8b, 0x39, 0xf9, 0x4b, 0x80, 0x32, 0xb, 0xb9, 0x72, 0xc0},
+ {0x0, 0xa2, 0x59, 0xfb, 0xb2, 0x10, 0xeb, 0x49, 0x79, 0xdb, 0x20, 0x82, 0xcb, 0x69, 0x92, 0x30},
+ {0x0, 0x52, 0xa4, 0xf6, 0x55, 0x7, 0xf1, 0xa3, 0xaa, 0xf8, 0xe, 0x5c, 0xff, 0xad, 0x5b, 0x9},
+ {0x0, 0x42, 0x84, 0xc6, 0x15, 0x57, 0x91, 0xd3, 0x2a, 0x68, 0xae, 0xec, 0x3f, 0x7d, 0xbb, 0xf9},
+ {0x0, 0x72, 0xe4, 0x96, 0xd5, 0xa7, 0x31, 0x43, 0xb7, 0xc5, 0x53, 0x21, 0x62, 0x10, 0x86, 0xf4},
+ {0x0, 0x62, 0xc4, 0xa6, 0x95, 0xf7, 0x51, 0x33, 0x37, 0x55, 0xf3, 0x91, 0xa2, 0xc0, 0x66, 0x4},
+ {0x0, 0x12, 0x24, 0x36, 0x48, 0x5a, 0x6c, 0x7e, 0x90, 0x82, 0xb4, 0xa6, 0xd8, 0xca, 0xfc, 0xee},
+ {0x0, 0x2, 0x4, 0x6, 0x8, 0xa, 0xc, 0xe, 0x10, 0x12, 0x14, 0x16, 0x18, 0x1a, 0x1c, 0x1e},
+ {0x0, 0x32, 0x64, 0x56, 0xc8, 0xfa, 0xac, 0x9e, 0x8d, 0xbf, 0xe9, 0xdb, 0x45, 0x77, 0x21, 0x13},
+ {0x0, 0x22, 0x44, 0x66, 0x88, 0xaa, 0xcc, 0xee, 0xd, 0x2f, 0x49, 0x6b, 0x85, 0xa7, 0xc1, 0xe3},
+ {0x0, 0xcf, 0x83, 0x4c, 0x1b, 0xd4, 0x98, 0x57, 0x36, 0xf9, 0xb5, 0x7a, 0x2d, 0xe2, 0xae, 0x61},
+ {0x0, 0xdf, 0xa3, 0x7c, 0x5b, 0x84, 0xf8, 0x27, 0xb6, 0x69, 0x15, 0xca, 0xed, 0x32, 0x4e, 0x91},
+ {0x0, 0xef, 0xc3, 0x2c, 0x9b, 0x74, 0x58, 0xb7, 0x2b, 0xc4, 0xe8, 0x7, 0xb0, 0x5f, 0x73, 0x9c},
+ {0x0, 0xff, 0xe3, 0x1c, 0xdb, 0x24, 0x38, 0xc7, 0xab, 0x54, 0x48, 0xb7, 0x70, 0x8f, 0x93, 0x6c},
+ {0x0, 0x8f, 0x3, 0x8c, 0x6, 0x89, 0x5, 0x8a, 0xc, 0x83, 0xf, 0x80, 0xa, 0x85, 0x9, 0x86},
+ {0x0, 0x9f, 0x23, 0xbc, 0x46, 0xd9, 0x65, 0xfa, 0x8c, 0x13, 0xaf, 0x30, 0xca, 0x55, 0xe9, 0x76},
+ {0x0, 0xaf, 0x43, 0xec, 0x86, 0x29, 0xc5, 0x6a, 0x11, 0xbe, 0x52, 0xfd, 0x97, 0x38, 0xd4, 0x7b},
+ {0x0, 0xbf, 0x63, 0xdc, 0xc6, 0x79, 0xa5, 0x1a, 0x91, 0x2e, 0xf2, 0x4d, 0x57, 0xe8, 0x34, 0x8b},
+ {0x0, 0x4f, 0x9e, 0xd1, 0x21, 0x6e, 0xbf, 0xf0, 0x42, 0xd, 0xdc, 0x93, 0x63, 0x2c, 0xfd, 0xb2},
+ {0x0, 0x5f, 0xbe, 0xe1, 0x61, 0x3e, 0xdf, 0x80, 0xc2, 0x9d, 0x7c, 0x23, 0xa3, 0xfc, 0x1d, 0x42},
+ {0x0, 0x6f, 0xde, 0xb1, 0xa1, 0xce, 0x7f, 0x10, 0x5f, 0x30, 0x81, 0xee, 0xfe, 0x91, 0x20, 0x4f},
+ {0x0, 0x7f, 0xfe, 0x81, 0xe1, 0x9e, 0x1f, 0x60, 0xdf, 0xa0, 0x21, 0x5e, 0x3e, 0x41, 0xc0, 0xbf},
+ {0x0, 0xf, 0x1e, 0x11, 0x3c, 0x33, 0x22, 0x2d, 0x78, 0x77, 0x66, 0x69, 0x44, 0x4b, 0x5a, 0x55},
+ {0x0, 0x1f, 0x3e, 0x21, 0x7c, 0x63, 0x42, 0x5d, 0xf8, 0xe7, 0xc6, 0xd9, 0x84, 0x9b, 0xba, 0xa5},
+ {0x0, 0x2f, 0x5e, 0x71, 0xbc, 0x93, 0xe2, 0xcd, 0x65, 0x4a, 0x3b, 0x14, 0xd9, 0xf6, 0x87, 0xa8},
+ {0x0, 0x3f, 0x7e, 0x41, 0xfc, 0xc3, 0x82, 0xbd, 0xe5, 0xda, 0x9b, 0xa4, 0x19, 0x26, 0x67, 0x58},
+ {0x0, 0x9c, 0x25, 0xb9, 0x4a, 0xd6, 0x6f, 0xf3, 0x94, 0x8, 0xb1, 0x2d, 0xde, 0x42, 0xfb, 0x67},
+ {0x0, 0x8c, 0x5, 0x89, 0xa, 0x86, 0xf, 0x83, 0x14, 0x98, 0x11, 0x9d, 0x1e, 0x92, 0x1b, 0x97},
+ {0x0, 0xbc, 0x65, 0xd9, 0xca, 0x76, 0xaf, 0x13, 0x89, 0x35, 0xec, 0x50, 0x43, 0xff, 0x26, 0x9a},
+ {0x0, 0xac, 0x45, 0xe9, 0x8a, 0x26, 0xcf, 0x63, 0x9, 0xa5, 0x4c, 0xe0, 0x83, 0x2f, 0xc6, 0x6a},
+ {0x0, 0xdc, 0xa5, 0x79, 0x57, 0x8b, 0xf2, 0x2e, 0xae, 0x72, 0xb, 0xd7, 0xf9, 0x25, 0x5c, 0x80},
+ {0x0, 0xcc, 0x85, 0x49, 0x17, 0xdb, 0x92, 0x5e, 0x2e, 0xe2, 0xab, 0x67, 0x39, 0xf5, 0xbc, 0x70},
+ {0x0, 0xfc, 0xe5, 0x19, 0xd7, 0x2b, 0x32, 0xce, 0xb3, 0x4f, 0x56, 0xaa, 0x64, 0x98, 0x81, 0x7d},
+ {0x0, 0xec, 0xc5, 0x29, 0x97, 0x7b, 0x52, 0xbe, 0x33, 0xdf, 0xf6, 0x1a, 0xa4, 0x48, 0x61, 0x8d},
+ {0x0, 0x1c, 0x38, 0x24, 0x70, 0x6c, 0x48, 0x54, 0xe0, 0xfc, 0xd8, 0xc4, 0x90, 0x8c, 0xa8, 0xb4},
+ {0x0, 0xc, 0x18, 0x14, 0x30, 0x3c, 0x28, 0x24, 0x60, 0x6c, 0x78, 0x74, 0x50, 0x5c, 0x48, 0x44},
+ {0x0, 0x3c, 0x78, 0x44, 0xf0, 0xcc, 0x88, 0xb4, 0xfd, 0xc1, 0x85, 0xb9, 0xd, 0x31, 0x75, 0x49},
+ {0x0, 0x2c, 0x58, 0x74, 0xb0, 0x9c, 0xe8, 0xc4, 0x7d, 0x51, 0x25, 0x9, 0xcd, 0xe1, 0x95, 0xb9},
+ {0x0, 0x5c, 0xb8, 0xe4, 0x6d, 0x31, 0xd5, 0x89, 0xda, 0x86, 0x62, 0x3e, 0xb7, 0xeb, 0xf, 0x53},
+ {0x0, 0x4c, 0x98, 0xd4, 0x2d, 0x61, 0xb5, 0xf9, 0x5a, 0x16, 0xc2, 0x8e, 0x77, 0x3b, 0xef, 0xa3},
+ {0x0, 0x7c, 0xf8, 0x84, 0xed, 0x91, 0x15, 0x69, 0xc7, 0xbb, 0x3f, 0x43, 0x2a, 0x56, 0xd2, 0xae},
+ {0x0, 0x6c, 0xd8, 0xb4, 0xad, 0xc1, 0x75, 0x19, 0x47, 0x2b, 0x9f, 0xf3, 0xea, 0x86, 0x32, 0x5e},
+ {0x0, 0x81, 0x1f, 0x9e, 0x3e, 0xbf, 0x21, 0xa0, 0x7c, 0xfd, 0x63, 0xe2, 0x42, 0xc3, 0x5d, 0xdc},
+ {0x0, 0x91, 0x3f, 0xae, 0x7e, 0xef, 0x41, 0xd0, 0xfc, 0x6d, 0xc3, 0x52, 0x82, 0x13, 0xbd, 0x2c},
+ {0x0, 0xa1, 0x5f, 0xfe, 0xbe, 0x1f, 0xe1, 0x40, 0x61, 0xc0, 0x3e, 0x9f, 0xdf, 0x7e, 0x80, 0x21},
+ {0x0, 0xb1, 0x7f, 0xce, 0xfe, 0x4f, 0x81, 0x30, 0xe1, 0x50, 0x9e, 0x2f, 0x1f, 0xae, 0x60, 0xd1},
+ {0x0, 0xc1, 0x9f, 0x5e, 0x23, 0xe2, 0xbc, 0x7d, 0x46, 0x87, 0xd9, 0x18, 0x65, 0xa4, 0xfa, 0x3b},
+ {0x0, 0xd1, 0xbf, 0x6e, 0x63, 0xb2, 0xdc, 0xd, 0xc6, 0x17, 0x79, 0xa8, 0xa5, 0x74, 0x1a, 0xcb},
+ {0x0, 0xe1, 0xdf, 0x3e, 0xa3, 0x42, 0x7c, 0x9d, 0x5b, 0xba, 0x84, 0x65, 0xf8, 0x19, 0x27, 0xc6},
+ {0x0, 0xf1, 0xff, 0xe, 0xe3, 0x12, 0x1c, 0xed, 0xdb, 0x2a, 0x24, 0xd5, 0x38, 0xc9, 0xc7, 0x36},
+ {0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf},
+ {0x0, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x0, 0x21, 0x42, 0x63, 0x84, 0xa5, 0xc6, 0xe7, 0x15, 0x34, 0x57, 0x76, 0x91, 0xb0, 0xd3, 0xf2},
+ {0x0, 0x31, 0x62, 0x53, 0xc4, 0xf5, 0xa6, 0x97, 0x95, 0xa4, 0xf7, 0xc6, 0x51, 0x60, 0x33, 0x2},
+ {0x0, 0x41, 0x82, 0xc3, 0x19, 0x58, 0x9b, 0xda, 0x32, 0x73, 0xb0, 0xf1, 0x2b, 0x6a, 0xa9, 0xe8},
+ {0x0, 0x51, 0xa2, 0xf3, 0x59, 0x8, 0xfb, 0xaa, 0xb2, 0xe3, 0x10, 0x41, 0xeb, 0xba, 0x49, 0x18},
+ {0x0, 0x61, 0xc2, 0xa3, 0x99, 0xf8, 0x5b, 0x3a, 0x2f, 0x4e, 0xed, 0x8c, 0xb6, 0xd7, 0x74, 0x15},
+ {0x0, 0x71, 0xe2, 0x93, 0xd9, 0xa8, 0x3b, 0x4a, 0xaf, 0xde, 0x4d, 0x3c, 0x76, 0x7, 0x94, 0xe5},
+ {0x0, 0xa6, 0x51, 0xf7, 0xa2, 0x4, 0xf3, 0x55, 0x59, 0xff, 0x8, 0xae, 0xfb, 0x5d, 0xaa, 0xc},
+ {0x0, 0xb6, 0x71, 0xc7, 0xe2, 0x54, 0x93, 0x25, 0xd9, 0x6f, 0xa8, 0x1e, 0x3b, 0x8d, 0x4a, 0xfc},
+ {0x0, 0x86, 0x11, 0x97, 0x22, 0xa4, 0x33, 0xb5, 0x44, 0xc2, 0x55, 0xd3, 0x66, 0xe0, 0x77, 0xf1},
+ {0x0, 0x96, 0x31, 0xa7, 0x62, 0xf4, 0x53, 0xc5, 0xc4, 0x52, 0xf5, 0x63, 0xa6, 0x30, 0x97, 0x1},
+ {0x0, 0xe6, 0xd1, 0x37, 0xbf, 0x59, 0x6e, 0x88, 0x63, 0x85, 0xb2, 0x54, 0xdc, 0x3a, 0xd, 0xeb},
+ {0x0, 0xf6, 0xf1, 0x7, 0xff, 0x9, 0xe, 0xf8, 0xe3, 0x15, 0x12, 0xe4, 0x1c, 0xea, 0xed, 0x1b},
+ {0x0, 0xc6, 0x91, 0x57, 0x3f, 0xf9, 0xae, 0x68, 0x7e, 0xb8, 0xef, 0x29, 0x41, 0x87, 0xd0, 0x16},
+ {0x0, 0xd6, 0xb1, 0x67, 0x7f, 0xa9, 0xce, 0x18, 0xfe, 0x28, 0x4f, 0x99, 0x81, 0x57, 0x30, 0xe6},
+ {0x0, 0x26, 0x4c, 0x6a, 0x98, 0xbe, 0xd4, 0xf2, 0x2d, 0xb, 0x61, 0x47, 0xb5, 0x93, 0xf9, 0xdf},
+ {0x0, 0x36, 0x6c, 0x5a, 0xd8, 0xee, 0xb4, 0x82, 0xad, 0x9b, 0xc1, 0xf7, 0x75, 0x43, 0x19, 0x2f},
+ {0x0, 0x6, 0xc, 0xa, 0x18, 0x1e, 0x14, 0x12, 0x30, 0x36, 0x3c, 0x3a, 0x28, 0x2e, 0x24, 0x22},
+ {0x0, 0x16, 0x2c, 0x3a, 0x58, 0x4e, 0x74, 0x62, 0xb0, 0xa6, 0x9c, 0x8a, 0xe8, 0xfe, 0xc4, 0xd2},
+ {0x0, 0x66, 0xcc, 0xaa, 0x85, 0xe3, 0x49, 0x2f, 0x17, 0x71, 0xdb, 0xbd, 0x92, 0xf4, 0x5e, 0x38},
+ {0x0, 0x76, 0xec, 0x9a, 0xc5, 0xb3, 0x29, 0x5f, 0x97, 0xe1, 0x7b, 0xd, 0x52, 0x24, 0xbe, 0xc8},
+ {0x0, 0x46, 0x8c, 0xca, 0x5, 0x43, 0x89, 0xcf, 0xa, 0x4c, 0x86, 0xc0, 0xf, 0x49, 0x83, 0xc5},
+ {0x0, 0x56, 0xac, 0xfa, 0x45, 0x13, 0xe9, 0xbf, 0x8a, 0xdc, 0x26, 0x70, 0xcf, 0x99, 0x63, 0x35},
+ {0x0, 0xbb, 0x6b, 0xd0, 0xd6, 0x6d, 0xbd, 0x6, 0xb1, 0xa, 0xda, 0x61, 0x67, 0xdc, 0xc, 0xb7},
+ {0x0, 0xab, 0x4b, 0xe0, 0x96, 0x3d, 0xdd, 0x76, 0x31, 0x9a, 0x7a, 0xd1, 0xa7, 0xc, 0xec, 0x47},
+ {0x0, 0x9b, 0x2b, 0xb0, 0x56, 0xcd, 0x7d, 0xe6, 0xac, 0x37, 0x87, 0x1c, 0xfa, 0x61, 0xd1, 0x4a},
+ {0x0, 0x8b, 0xb, 0x80, 0x16, 0x9d, 0x1d, 0x96, 0x2c, 0xa7, 0x27, 0xac, 0x3a, 0xb1, 0x31, 0xba},
+ {0x0, 0xfb, 0xeb, 0x10, 0xcb, 0x30, 0x20, 0xdb, 0x8b, 0x70, 0x60, 0x9b, 0x40, 0xbb, 0xab, 0x50},
+ {0x0, 0xeb, 0xcb, 0x20, 0x8b, 0x60, 0x40, 0xab, 0xb, 0xe0, 0xc0, 0x2b, 0x80, 0x6b, 0x4b, 0xa0},
+ {0x0, 0xdb, 0xab, 0x70, 0x4b, 0x90, 0xe0, 0x3b, 0x96, 0x4d, 0x3d, 0xe6, 0xdd, 0x6, 0x76, 0xad},
+ {0x0, 0xcb, 0x8b, 0x40, 0xb, 0xc0, 0x80, 0x4b, 0x16, 0xdd, 0x9d, 0x56, 0x1d, 0xd6, 0x96, 0x5d},
+ {0x0, 0x3b, 0x76, 0x4d, 0xec, 0xd7, 0x9a, 0xa1, 0xc5, 0xfe, 0xb3, 0x88, 0x29, 0x12, 0x5f, 0x64},
+ {0x0, 0x2b, 0x56, 0x7d, 0xac, 0x87, 0xfa, 0xd1, 0x45, 0x6e, 0x13, 0x38, 0xe9, 0xc2, 0xbf, 0x94},
+ {0x0, 0x1b, 0x36, 0x2d, 0x6c, 0x77, 0x5a, 0x41, 0xd8, 0xc3, 0xee, 0xf5, 0xb4, 0xaf, 0x82, 0x99},
+ {0x0, 0xb, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45, 0x74, 0x7f, 0x62, 0x69},
+ {0x0, 0x7b, 0xf6, 0x8d, 0xf1, 0x8a, 0x7, 0x7c, 0xff, 0x84, 0x9, 0x72, 0xe, 0x75, 0xf8, 0x83},
+ {0x0, 0x6b, 0xd6, 0xbd, 0xb1, 0xda, 0x67, 0xc, 0x7f, 0x14, 0xa9, 0xc2, 0xce, 0xa5, 0x18, 0x73},
+ {0x0, 0x5b, 0xb6, 0xed, 0x71, 0x2a, 0xc7, 0x9c, 0xe2, 0xb9, 0x54, 0xf, 0x93, 0xc8, 0x25, 0x7e},
+ {0x0, 0x4b, 0x96, 0xdd, 0x31, 0x7a, 0xa7, 0xec, 0x62, 0x29, 0xf4, 0xbf, 0x53, 0x18, 0xc5, 0x8e}}
+
+// galMultiply multiplies to elements of the field.
+// Uses lookup table ~40% faster
+func galMultiply(a, b byte) byte {
+ return mulTable[a][b]
+}
+
+// Original function:
+/*
+// galMultiply multiplies to elements of the field.
+func galMultiply(a, b byte) byte {
+ if a == 0 || b == 0 {
+ return 0
+ }
+ logA := int(logTable[a])
+ logB := int(logTable[b])
+ return expTable[logA+logB]
+}
+*/
+
+// galDivide is inverse of galMultiply.
+func galDivide(a, b byte) byte {
+ if a == 0 {
+ return 0
+ }
+ if b == 0 {
+ panic("Argument 'divisor' is 0")
+ }
+ logA := int(logTable[a])
+ logB := int(logTable[b])
+ logResult := logA - logB
+ if logResult < 0 {
+ logResult += 255
+ }
+ return expTable[logResult]
+}
+
+// Computes a**n.
+//
+// The result will be the same as multiplying a times itself n times.
+func galExp(a byte, n int) byte {
+ if n == 0 {
+ return 1
+ }
+ if a == 0 {
+ return 0
+ }
+
+ logA := logTable[a]
+ logResult := int(logA) * n
+ for logResult >= 255 {
+ logResult -= 255
+ }
+ return byte(expTable[logResult])
+}
diff --git a/vendor/github.com/klauspost/reedsolomon/galois_amd64.go b/vendor/github.com/klauspost/reedsolomon/galois_amd64.go
new file mode 100644
index 0000000..2c719f5
--- /dev/null
+++ b/vendor/github.com/klauspost/reedsolomon/galois_amd64.go
@@ -0,0 +1,92 @@
+//+build !noasm
+//+build !appengine
+//+build !gccgo
+
+// Copyright 2015, Klaus Post, see LICENSE for details.
+
+package reedsolomon
+
+//go:noescape
+func galMulSSSE3(low, high, in, out []byte)
+
+//go:noescape
+func galMulSSSE3Xor(low, high, in, out []byte)
+
+//go:noescape
+func galMulAVX2Xor(low, high, in, out []byte)
+
+//go:noescape
+func galMulAVX2(low, high, in, out []byte)
+
+//go:noescape
+func sSE2XorSlice(in, out []byte)
+
+// This is what the assembler routines do in blocks of 16 bytes:
+/*
+func galMulSSSE3(low, high, in, out []byte) {
+ for n, input := range in {
+ l := input & 0xf
+ h := input >> 4
+ out[n] = low[l] ^ high[h]
+ }
+}
+
+func galMulSSSE3Xor(low, high, in, out []byte) {
+ for n, input := range in {
+ l := input & 0xf
+ h := input >> 4
+ out[n] ^= low[l] ^ high[h]
+ }
+}
+*/
+
+func galMulSlice(c byte, in, out []byte, ssse3, avx2 bool) {
+ var done int
+ if avx2 {
+ galMulAVX2(mulTableLow[c][:], mulTableHigh[c][:], in, out)
+ done = (len(in) >> 5) << 5
+ } else if ssse3 {
+ galMulSSSE3(mulTableLow[c][:], mulTableHigh[c][:], in, out)
+ done = (len(in) >> 4) << 4
+ }
+ remain := len(in) - done
+ if remain > 0 {
+ mt := mulTable[c]
+ for i := done; i < len(in); i++ {
+ out[i] = mt[in[i]]
+ }
+ }
+}
+
+func galMulSliceXor(c byte, in, out []byte, ssse3, avx2 bool) {
+ var done int
+ if avx2 {
+ galMulAVX2Xor(mulTableLow[c][:], mulTableHigh[c][:], in, out)
+ done = (len(in) >> 5) << 5
+ } else if ssse3 {
+ galMulSSSE3Xor(mulTableLow[c][:], mulTableHigh[c][:], in, out)
+ done = (len(in) >> 4) << 4
+ }
+ remain := len(in) - done
+ if remain > 0 {
+ mt := mulTable[c]
+ for i := done; i < len(in); i++ {
+ out[i] ^= mt[in[i]]
+ }
+ }
+}
+
+// slice galois add
+func sliceXor(in, out []byte, sse2 bool) {
+ var done int
+ if sse2 {
+ sSE2XorSlice(in, out)
+ done = (len(in) >> 4) << 4
+ }
+ remain := len(in) - done
+ if remain > 0 {
+ for i := done; i < len(in); i++ {
+ out[i] ^= in[i]
+ }
+ }
+}
diff --git a/vendor/github.com/klauspost/reedsolomon/galois_amd64.s b/vendor/github.com/klauspost/reedsolomon/galois_amd64.s
new file mode 100644
index 0000000..b768028
--- /dev/null
+++ b/vendor/github.com/klauspost/reedsolomon/galois_amd64.s
@@ -0,0 +1,236 @@
+//+build !noasm !appengine !gccgo
+
+// Copyright 2015, Klaus Post, see LICENSE for details.
+
+// Based on http://www.snia.org/sites/default/files2/SDC2013/presentations/NewThinking/EthanMiller_Screaming_Fast_Galois_Field%20Arithmetic_SIMD%20Instructions.pdf
+// and http://jerasure.org/jerasure/gf-complete/tree/master
+
+// func galMulSSSE3Xor(low, high, in, out []byte)
+TEXT ·galMulSSSE3Xor(SB), 7, $0
+ MOVQ low+0(FP), SI // SI: &low
+ MOVQ high+24(FP), DX // DX: &high
+ MOVOU (SI), X6 // X6 low
+ MOVOU (DX), X7 // X7: high
+ MOVQ $15, BX // BX: low mask
+ MOVQ BX, X8
+ PXOR X5, X5
+ MOVQ in+48(FP), SI // R11: &in
+ MOVQ in_len+56(FP), R9 // R9: len(in)
+ MOVQ out+72(FP), DX // DX: &out
+ PSHUFB X5, X8 // X8: lomask (unpacked)
+ SHRQ $4, R9 // len(in) / 16
+ MOVQ SI, AX
+ MOVQ DX, BX
+ ANDQ $15, AX
+ ANDQ $15, BX
+ CMPQ R9, $0
+ JEQ done_xor
+ ORQ AX, BX
+ CMPQ BX, $0
+ JNZ loopback_xor
+
+loopback_xor_aligned:
+ MOVOA (SI), X0 // in[x]
+ MOVOA (DX), X4 // out[x]
+ MOVOA X0, X1 // in[x]
+ MOVOA X6, X2 // low copy
+ MOVOA X7, X3 // high copy
+ PSRLQ $4, X1 // X1: high input
+ PAND X8, X0 // X0: low input
+ PAND X8, X1 // X0: high input
+ PSHUFB X0, X2 // X2: mul low part
+ PSHUFB X1, X3 // X3: mul high part
+ PXOR X2, X3 // X3: Result
+ PXOR X4, X3 // X3: Result xor existing out
+ MOVOA X3, (DX) // Store
+ ADDQ $16, SI // in+=16
+ ADDQ $16, DX // out+=16
+ SUBQ $1, R9
+ JNZ loopback_xor_aligned
+ JMP done_xor
+
+loopback_xor:
+ MOVOU (SI), X0 // in[x]
+ MOVOU (DX), X4 // out[x]
+ MOVOU X0, X1 // in[x]
+ MOVOU X6, X2 // low copy
+ MOVOU X7, X3 // high copy
+ PSRLQ $4, X1 // X1: high input
+ PAND X8, X0 // X0: low input
+ PAND X8, X1 // X0: high input
+ PSHUFB X0, X2 // X2: mul low part
+ PSHUFB X1, X3 // X3: mul high part
+ PXOR X2, X3 // X3: Result
+ PXOR X4, X3 // X3: Result xor existing out
+ MOVOU X3, (DX) // Store
+ ADDQ $16, SI // in+=16
+ ADDQ $16, DX // out+=16
+ SUBQ $1, R9
+ JNZ loopback_xor
+
+done_xor:
+ RET
+
+// func galMulSSSE3(low, high, in, out []byte)
+TEXT ·galMulSSSE3(SB), 7, $0
+ MOVQ low+0(FP), SI // SI: &low
+ MOVQ high+24(FP), DX // DX: &high
+ MOVOU (SI), X6 // X6 low
+ MOVOU (DX), X7 // X7: high
+ MOVQ $15, BX // BX: low mask
+ MOVQ BX, X8
+ PXOR X5, X5
+ MOVQ in+48(FP), SI // R11: &in
+ MOVQ in_len+56(FP), R9 // R9: len(in)
+ MOVQ out+72(FP), DX // DX: &out
+ PSHUFB X5, X8 // X8: lomask (unpacked)
+ MOVQ SI, AX
+ MOVQ DX, BX
+ SHRQ $4, R9 // len(in) / 16
+ ANDQ $15, AX
+ ANDQ $15, BX
+ CMPQ R9, $0
+ JEQ done
+ ORQ AX, BX
+ CMPQ BX, $0
+ JNZ loopback
+
+loopback_aligned:
+ MOVOA (SI), X0 // in[x]
+ MOVOA X0, X1 // in[x]
+ MOVOA X6, X2 // low copy
+ MOVOA X7, X3 // high copy
+ PSRLQ $4, X1 // X1: high input
+ PAND X8, X0 // X0: low input
+ PAND X8, X1 // X0: high input
+ PSHUFB X0, X2 // X2: mul low part
+ PSHUFB X1, X3 // X3: mul high part
+ PXOR X2, X3 // X3: Result
+ MOVOA X3, (DX) // Store
+ ADDQ $16, SI // in+=16
+ ADDQ $16, DX // out+=16
+ SUBQ $1, R9
+ JNZ loopback_aligned
+ JMP done
+
+loopback:
+ MOVOU (SI), X0 // in[x]
+ MOVOU X0, X1 // in[x]
+ MOVOA X6, X2 // low copy
+ MOVOA X7, X3 // high copy
+ PSRLQ $4, X1 // X1: high input
+ PAND X8, X0 // X0: low input
+ PAND X8, X1 // X0: high input
+ PSHUFB X0, X2 // X2: mul low part
+ PSHUFB X1, X3 // X3: mul high part
+ PXOR X2, X3 // X3: Result
+ MOVOU X3, (DX) // Store
+ ADDQ $16, SI // in+=16
+ ADDQ $16, DX // out+=16
+ SUBQ $1, R9
+ JNZ loopback
+
+done:
+ RET
+
+// func galMulAVX2Xor(low, high, in, out []byte)
+TEXT ·galMulAVX2Xor(SB), 7, $0
+ MOVQ low+0(FP), SI // SI: &low
+ MOVQ high+24(FP), DX // DX: &high
+ MOVQ $15, BX // BX: low mask
+ MOVQ BX, X5
+ MOVOU (SI), X6 // X6: low
+ MOVOU (DX), X7 // X7: high
+ MOVQ in_len+56(FP), R9 // R9: len(in)
+
+ VINSERTI128 $1, X6, Y6, Y6 // low
+ VINSERTI128 $1, X7, Y7, Y7 // high
+ VPBROADCASTB X5, Y8 // Y8: lomask (unpacked)
+
+ SHRQ $5, R9 // len(in) / 32
+ MOVQ out+72(FP), DX // DX: &out
+ MOVQ in+48(FP), SI // SI: &in
+ TESTQ R9, R9
+ JZ done_xor_avx2
+
+loopback_xor_avx2:
+ VMOVDQU (SI), Y0
+ VMOVDQU (DX), Y4
+ VPSRLQ $4, Y0, Y1 // Y1: high input
+ VPAND Y8, Y0, Y0 // Y0: low input
+ VPAND Y8, Y1, Y1 // Y1: high input
+ VPSHUFB Y0, Y6, Y2 // Y2: mul low part
+ VPSHUFB Y1, Y7, Y3 // Y3: mul high part
+ VPXOR Y3, Y2, Y3 // Y3: Result
+ VPXOR Y4, Y3, Y4 // Y4: Result
+ VMOVDQU Y4, (DX)
+
+ ADDQ $32, SI // in+=32
+ ADDQ $32, DX // out+=32
+ SUBQ $1, R9
+ JNZ loopback_xor_avx2
+
+done_xor_avx2:
+ VZEROUPPER
+ RET
+
+// func galMulAVX2(low, high, in, out []byte)
+TEXT ·galMulAVX2(SB), 7, $0
+ MOVQ low+0(FP), SI // SI: &low
+ MOVQ high+24(FP), DX // DX: &high
+ MOVQ $15, BX // BX: low mask
+ MOVQ BX, X5
+ MOVOU (SI), X6 // X6: low
+ MOVOU (DX), X7 // X7: high
+ MOVQ in_len+56(FP), R9 // R9: len(in)
+
+ VINSERTI128 $1, X6, Y6, Y6 // low
+ VINSERTI128 $1, X7, Y7, Y7 // high
+ VPBROADCASTB X5, Y8 // Y8: lomask (unpacked)
+
+ SHRQ $5, R9 // len(in) / 32
+ MOVQ out+72(FP), DX // DX: &out
+ MOVQ in+48(FP), SI // SI: &in
+ TESTQ R9, R9
+ JZ done_avx2
+
+loopback_avx2:
+ VMOVDQU (SI), Y0
+ VPSRLQ $4, Y0, Y1 // Y1: high input
+ VPAND Y8, Y0, Y0 // Y0: low input
+ VPAND Y8, Y1, Y1 // Y1: high input
+ VPSHUFB Y0, Y6, Y2 // Y2: mul low part
+ VPSHUFB Y1, Y7, Y3 // Y3: mul high part
+ VPXOR Y3, Y2, Y4 // Y4: Result
+ VMOVDQU Y4, (DX)
+
+ ADDQ $32, SI // in+=32
+ ADDQ $32, DX // out+=32
+ SUBQ $1, R9
+ JNZ loopback_avx2
+
+done_avx2:
+ VZEROUPPER
+ RET
+
+// func sSE2XorSlice(in, out []byte)
+TEXT ·sSE2XorSlice(SB), 7, $0
+ MOVQ in+0(FP), SI // SI: &in
+ MOVQ in_len+8(FP), R9 // R9: len(in)
+ MOVQ out+24(FP), DX // DX: &out
+ SHRQ $4, R9 // len(in) / 16
+ CMPQ R9, $0
+ JEQ done_xor_sse2
+
+loopback_xor_sse2:
+ MOVOU (SI), X0 // in[x]
+ MOVOU (DX), X1 // out[x]
+ PXOR X0, X1
+ MOVOU X1, (DX)
+ ADDQ $16, SI // in+=16
+ ADDQ $16, DX // out+=16
+ SUBQ $1, R9
+ JNZ loopback_xor_sse2
+
+done_xor_sse2:
+ RET
diff --git a/vendor/github.com/klauspost/reedsolomon/galois_arm64.go b/vendor/github.com/klauspost/reedsolomon/galois_arm64.go
new file mode 100644
index 0000000..7af56fa
--- /dev/null
+++ b/vendor/github.com/klauspost/reedsolomon/galois_arm64.go
@@ -0,0 +1,49 @@
+//+build !noasm
+//+build !appengine
+//+build !gccgo
+
+// Copyright 2015, Klaus Post, see LICENSE for details.
+// Copyright 2017, Minio, Inc.
+
+package reedsolomon
+
+//go:noescape
+func galMulNEON(c uint64, in, out []byte)
+
+//go:noescape
+func galMulXorNEON(c uint64, in, out []byte)
+
+func galMulSlice(c byte, in, out []byte, ssse3, avx2 bool) {
+ var done int
+ galMulNEON(uint64(c), in, out)
+ done = (len(in) >> 5) << 5
+
+ remain := len(in) - done
+ if remain > 0 {
+ mt := mulTable[c]
+ for i := done; i < len(in); i++ {
+ out[i] = mt[in[i]]
+ }
+ }
+}
+
+func galMulSliceXor(c byte, in, out []byte, ssse3, avx2 bool) {
+ var done int
+ galMulXorNEON(uint64(c), in, out)
+ done = (len(in) >> 5) << 5
+
+ remain := len(in) - done
+ if remain > 0 {
+ mt := mulTable[c]
+ for i := done; i < len(in); i++ {
+ out[i] ^= mt[in[i]]
+ }
+ }
+}
+
+// slice galois add
+func sliceXor(in, out []byte, sse2 bool) {
+ for n, input := range in {
+ out[n] ^= input
+ }
+}
diff --git a/vendor/github.com/klauspost/reedsolomon/galois_arm64.s b/vendor/github.com/klauspost/reedsolomon/galois_arm64.s
new file mode 100644
index 0000000..0c43f6d
--- /dev/null
+++ b/vendor/github.com/klauspost/reedsolomon/galois_arm64.s
@@ -0,0 +1,141 @@
+//+build !noasm !appengine !gccgo
+
+// Copyright 2015, Klaus Post, see LICENSE for details.
+// Copyright 2017, Minio, Inc.
+
+// Use github.com/minio/asm2plan9s on this file to assemble ARM instructions to
+// the opcodes of their Plan9 equivalents
+
+// polynomial multiplication
+#define POLYNOMIAL_MULTIPLICATION \
+ WORD $0x0e3ce340 \ // pmull v0.8h,v26.8b,v28.8b
+ WORD $0x4e3ce346 \ // pmull2 v6.8h,v26.16b,v28.16b
+ WORD $0x0e3ce36c \ // pmull v12.8h,v27.8b,v28.8b
+ WORD $0x4e3ce372 // pmull2 v18.8h,v27.16b,v28.16b
+
+// first reduction
+#define FIRST_REDUCTION \
+ WORD $0x0f088402 \ // shrn v2.8b, v0.8h, #8
+ WORD $0x0f0884c8 \ // shrn v8.8b, v6.8h, #8
+ WORD $0x0f08858e \ // shrn v14.8b, v12.8h, #8
+ WORD $0x0f088654 \ // shrn v20.8b, v18.8h, #8
+ WORD $0x0e22e3c3 \ // pmull v3.8h,v30.8b,v2.8b
+ WORD $0x0e28e3c9 \ // pmull v9.8h,v30.8b,v8.8b
+ WORD $0x0e2ee3cf \ // pmull v15.8h,v30.8b,v14.8b
+ WORD $0x0e34e3d5 \ // pmull v21.8h,v30.8b,v20.8b
+ WORD $0x6e201c60 \ // eor v0.16b,v3.16b,v0.16b
+ WORD $0x6e261d26 \ // eor v6.16b,v9.16b,v6.16b
+ WORD $0x6e2c1dec \ // eor v12.16b,v15.16b,v12.16b
+ WORD $0x6e321eb2 // eor v18.16b,v21.16b,v18.16b
+
+// second reduction
+#define SECOND_REDUCTION \
+ WORD $0x0f088404 \ // shrn v4.8b, v0.8h, #8
+ WORD $0x0f0884ca \ // shrn v10.8b, v6.8h, #8
+ WORD $0x0f088590 \ // shrn v16.8b, v12.8h, #8
+ WORD $0x0f088656 \ // shrn v22.8b, v18.8h, #8
+ WORD $0x6e241c44 \ // eor v4.16b,v2.16b,v4.16b
+ WORD $0x6e2a1d0a \ // eor v10.16b,v8.16b,v10.16b
+ WORD $0x6e301dd0 \ // eor v16.16b,v14.16b,v16.16b
+ WORD $0x6e361e96 \ // eor v22.16b,v20.16b,v22.16b
+ WORD $0x0e24e3c5 \ // pmull v5.8h,v30.8b,v4.8b
+ WORD $0x0e2ae3cb \ // pmull v11.8h,v30.8b,v10.8b
+ WORD $0x0e30e3d1 \ // pmull v17.8h,v30.8b,v16.8b
+ WORD $0x0e36e3d7 \ // pmull v23.8h,v30.8b,v22.8b
+ WORD $0x6e201ca0 \ // eor v0.16b,v5.16b,v0.16b
+ WORD $0x6e261d61 \ // eor v1.16b,v11.16b,v6.16b
+ WORD $0x6e2c1e22 \ // eor v2.16b,v17.16b,v12.16b
+ WORD $0x6e321ee3 // eor v3.16b,v23.16b,v18.16b
+
+// func galMulNEON(c uint64, in, out []byte)
+TEXT ·galMulNEON(SB), 7, $0
+ MOVD c+0(FP), R0
+ MOVD in_base+8(FP), R1
+ MOVD in_len+16(FP), R2 // length of message
+ MOVD out_base+32(FP), R5
+ SUBS $32, R2
+ BMI complete
+
+ // Load constants table pointer
+ MOVD $·constants(SB), R3
+
+ // and load constants into v30 & v31
+ WORD $0x4c40a07e // ld1 {v30.16b-v31.16b}, [x3]
+
+ WORD $0x4e010c1c // dup v28.16b, w0
+
+loop:
+ // Main loop
+ WORD $0x4cdfa83a // ld1 {v26.4s-v27.4s}, [x1], #32
+
+ POLYNOMIAL_MULTIPLICATION
+
+ FIRST_REDUCTION
+
+ SECOND_REDUCTION
+
+ // combine results
+ WORD $0x4e1f2000 // tbl v0.16b,{v0.16b,v1.16b},v31.16b
+ WORD $0x4e1f2041 // tbl v1.16b,{v2.16b,v3.16b},v31.16b
+
+ // Store result
+ WORD $0x4c9faca0 // st1 {v0.2d-v1.2d}, [x5], #32
+
+ SUBS $32, R2
+ BPL loop
+
+complete:
+ RET
+
+// func galMulXorNEON(c uint64, in, out []byte)
+TEXT ·galMulXorNEON(SB), 7, $0
+ MOVD c+0(FP), R0
+ MOVD in_base+8(FP), R1
+ MOVD in_len+16(FP), R2 // length of message
+ MOVD out_base+32(FP), R5
+ SUBS $32, R2
+ BMI completeXor
+
+ // Load constants table pointer
+ MOVD $·constants(SB), R3
+
+ // and load constants into v30 & v31
+ WORD $0x4c40a07e // ld1 {v30.16b-v31.16b}, [x3]
+
+ WORD $0x4e010c1c // dup v28.16b, w0
+
+loopXor:
+ // Main loop
+ WORD $0x4cdfa83a // ld1 {v26.4s-v27.4s}, [x1], #32
+ WORD $0x4c40a8b8 // ld1 {v24.4s-v25.4s}, [x5]
+
+ POLYNOMIAL_MULTIPLICATION
+
+ FIRST_REDUCTION
+
+ SECOND_REDUCTION
+
+ // combine results
+ WORD $0x4e1f2000 // tbl v0.16b,{v0.16b,v1.16b},v31.16b
+ WORD $0x4e1f2041 // tbl v1.16b,{v2.16b,v3.16b},v31.16b
+
+ // Xor result and store
+ WORD $0x6e381c00 // eor v0.16b,v0.16b,v24.16b
+ WORD $0x6e391c21 // eor v1.16b,v1.16b,v25.16b
+ WORD $0x4c9faca0 // st1 {v0.2d-v1.2d}, [x5], #32
+
+ SUBS $32, R2
+ BPL loopXor
+
+completeXor:
+ RET
+
+// Constants table
+// generating polynomial is 29 (= 0x1d)
+DATA ·constants+0x0(SB)/8, $0x1d1d1d1d1d1d1d1d
+DATA ·constants+0x8(SB)/8, $0x1d1d1d1d1d1d1d1d
+// constant for TBL instruction
+DATA ·constants+0x10(SB)/8, $0x0e0c0a0806040200
+DATA ·constants+0x18(SB)/8, $0x1e1c1a1816141210
+
+GLOBL ·constants(SB), 8, $32
diff --git a/vendor/github.com/klauspost/reedsolomon/galois_noasm.go b/vendor/github.com/klauspost/reedsolomon/galois_noasm.go
new file mode 100644
index 0000000..7577d72
--- /dev/null
+++ b/vendor/github.com/klauspost/reedsolomon/galois_noasm.go
@@ -0,0 +1,27 @@
+//+build !amd64 noasm appengine gccgo
+//+build !arm64 noasm appengine gccgo
+
+// Copyright 2015, Klaus Post, see LICENSE for details.
+
+package reedsolomon
+
+func galMulSlice(c byte, in, out []byte, ssse3, avx2 bool) {
+ mt := mulTable[c]
+ for n, input := range in {
+ out[n] = mt[input]
+ }
+}
+
+func galMulSliceXor(c byte, in, out []byte, ssse3, avx2 bool) {
+ mt := mulTable[c]
+ for n, input := range in {
+ out[n] ^= mt[input]
+ }
+}
+
+// slice galois add
+func sliceXor(in, out []byte, sse2 bool) {
+ for n, input := range in {
+ out[n] ^= input
+ }
+}
diff --git a/vendor/github.com/klauspost/reedsolomon/gentables.go b/vendor/github.com/klauspost/reedsolomon/gentables.go
new file mode 100644
index 0000000..843aade
--- /dev/null
+++ b/vendor/github.com/klauspost/reedsolomon/gentables.go
@@ -0,0 +1,132 @@
+//+build ignore
+
+package main
+
+import (
+ "fmt"
+)
+
+var logTable = [fieldSize]int16{
+ -1, 0, 1, 25, 2, 50, 26, 198,
+ 3, 223, 51, 238, 27, 104, 199, 75,
+ 4, 100, 224, 14, 52, 141, 239, 129,
+ 28, 193, 105, 248, 200, 8, 76, 113,
+ 5, 138, 101, 47, 225, 36, 15, 33,
+ 53, 147, 142, 218, 240, 18, 130, 69,
+ 29, 181, 194, 125, 106, 39, 249, 185,
+ 201, 154, 9, 120, 77, 228, 114, 166,
+ 6, 191, 139, 98, 102, 221, 48, 253,
+ 226, 152, 37, 179, 16, 145, 34, 136,
+ 54, 208, 148, 206, 143, 150, 219, 189,
+ 241, 210, 19, 92, 131, 56, 70, 64,
+ 30, 66, 182, 163, 195, 72, 126, 110,
+ 107, 58, 40, 84, 250, 133, 186, 61,
+ 202, 94, 155, 159, 10, 21, 121, 43,
+ 78, 212, 229, 172, 115, 243, 167, 87,
+ 7, 112, 192, 247, 140, 128, 99, 13,
+ 103, 74, 222, 237, 49, 197, 254, 24,
+ 227, 165, 153, 119, 38, 184, 180, 124,
+ 17, 68, 146, 217, 35, 32, 137, 46,
+ 55, 63, 209, 91, 149, 188, 207, 205,
+ 144, 135, 151, 178, 220, 252, 190, 97,
+ 242, 86, 211, 171, 20, 42, 93, 158,
+ 132, 60, 57, 83, 71, 109, 65, 162,
+ 31, 45, 67, 216, 183, 123, 164, 118,
+ 196, 23, 73, 236, 127, 12, 111, 246,
+ 108, 161, 59, 82, 41, 157, 85, 170,
+ 251, 96, 134, 177, 187, 204, 62, 90,
+ 203, 89, 95, 176, 156, 169, 160, 81,
+ 11, 245, 22, 235, 122, 117, 44, 215,
+ 79, 174, 213, 233, 230, 231, 173, 232,
+ 116, 214, 244, 234, 168, 80, 88, 175,
+}
+
+const (
+ // The number of elements in the field.
+ fieldSize = 256
+
+ // The polynomial used to generate the logarithm table.
+ //
+ // There are a number of polynomials that work to generate
+ // a Galois field of 256 elements. The choice is arbitrary,
+ // and we just use the first one.
+ //
+ // The possibilities are: 29, 43, 45, 77, 95, 99, 101, 105,
+ //* 113, 135, 141, 169, 195, 207, 231, and 245.
+ generatingPolynomial = 29
+)
+
+func main() {
+ t := generateExpTable()
+ fmt.Printf("var expTable = %#v\n", t)
+ //t2 := generateMulTableSplit(t)
+ //fmt.Printf("var mulTable = %#v\n", t2)
+ low, high := generateMulTableHalf(t)
+ fmt.Printf("var mulTableLow = %#v\n", low)
+ fmt.Printf("var mulTableHigh = %#v\n", high)
+}
+
+/**
+ * Generates the inverse log table.
+ */
+func generateExpTable() []byte {
+ result := make([]byte, fieldSize*2-2)
+ for i := 1; i < fieldSize; i++ {
+ log := logTable[i]
+ result[log] = byte(i)
+ result[log+fieldSize-1] = byte(i)
+ }
+ return result
+}
+
+func generateMulTable(expTable []byte) []byte {
+ result := make([]byte, 256*256)
+ for v := range result {
+ a := byte(v & 0xff)
+ b := byte(v >> 8)
+ if a == 0 || b == 0 {
+ result[v] = 0
+ continue
+ }
+ logA := int(logTable[a])
+ logB := int(logTable[b])
+ result[v] = expTable[logA+logB]
+ }
+ return result
+}
+
+func generateMulTableSplit(expTable []byte) [256][256]byte {
+ var result [256][256]byte
+ for a := range result {
+ for b := range result[a] {
+ if a == 0 || b == 0 {
+ result[a][b] = 0
+ continue
+ }
+ logA := int(logTable[a])
+ logB := int(logTable[b])
+ result[a][b] = expTable[logA+logB]
+ }
+ }
+ return result
+}
+
+func generateMulTableHalf(expTable []byte) (low [256][16]byte, high [256][16]byte) {
+ for a := range low {
+ for b := range low {
+ result := 0
+ if !(a == 0 || b == 0) {
+ logA := int(logTable[a])
+ logB := int(logTable[b])
+ result = int(expTable[logA+logB])
+ }
+ if (b & 0xf) == b {
+ low[a][b] = byte(result)
+ }
+ if (b & 0xf0) == b {
+ high[a][b>>4] = byte(result)
+ }
+ }
+ }
+ return
+}
diff --git a/vendor/github.com/klauspost/reedsolomon/inversion_tree.go b/vendor/github.com/klauspost/reedsolomon/inversion_tree.go
new file mode 100644
index 0000000..c9d8ab2
--- /dev/null
+++ b/vendor/github.com/klauspost/reedsolomon/inversion_tree.go
@@ -0,0 +1,160 @@
+/**
+ * A thread-safe tree which caches inverted matrices.
+ *
+ * Copyright 2016, Peter Collins
+ */
+
+package reedsolomon
+
+import (
+ "errors"
+ "sync"
+)
+
+// The tree uses a Reader-Writer mutex to make it thread-safe
+// when accessing cached matrices and inserting new ones.
+type inversionTree struct {
+ mutex *sync.RWMutex
+ root inversionNode
+}
+
+type inversionNode struct {
+ matrix matrix
+ children []*inversionNode
+}
+
+// newInversionTree initializes a tree for storing inverted matrices.
+// Note that the root node is the identity matrix as it implies
+// there were no errors with the original data.
+func newInversionTree(dataShards, parityShards int) inversionTree {
+ identity, _ := identityMatrix(dataShards)
+ root := inversionNode{
+ matrix: identity,
+ children: make([]*inversionNode, dataShards+parityShards),
+ }
+ return inversionTree{
+ mutex: &sync.RWMutex{},
+ root: root,
+ }
+}
+
+// GetInvertedMatrix returns the cached inverted matrix or nil if it
+// is not found in the tree keyed on the indices of invalid rows.
+func (t inversionTree) GetInvertedMatrix(invalidIndices []int) matrix {
+ // Lock the tree for reading before accessing the tree.
+ t.mutex.RLock()
+ defer t.mutex.RUnlock()
+
+ // If no invalid indices were give we should return the root
+ // identity matrix.
+ if len(invalidIndices) == 0 {
+ return t.root.matrix
+ }
+
+ // Recursively search for the inverted matrix in the tree, passing in
+ // 0 as the parent index as we start at the root of the tree.
+ return t.root.getInvertedMatrix(invalidIndices, 0)
+}
+
+// errAlreadySet is returned if the root node matrix is overwritten
+var errAlreadySet = errors.New("the root node identity matrix is already set")
+
+// InsertInvertedMatrix inserts a new inverted matrix into the tree
+// keyed by the indices of invalid rows. The total number of shards
+// is required for creating the proper length lists of child nodes for
+// each node.
+func (t inversionTree) InsertInvertedMatrix(invalidIndices []int, matrix matrix, shards int) error {
+ // If no invalid indices were given then we are done because the
+ // root node is already set with the identity matrix.
+ if len(invalidIndices) == 0 {
+ return errAlreadySet
+ }
+
+ if !matrix.IsSquare() {
+ return errNotSquare
+ }
+
+ // Lock the tree for writing and reading before accessing the tree.
+ t.mutex.Lock()
+ defer t.mutex.Unlock()
+
+ // Recursively create nodes for the inverted matrix in the tree until
+ // we reach the node to insert the matrix to. We start by passing in
+ // 0 as the parent index as we start at the root of the tree.
+ t.root.insertInvertedMatrix(invalidIndices, matrix, shards, 0)
+
+ return nil
+}
+
+func (n inversionNode) getInvertedMatrix(invalidIndices []int, parent int) matrix {
+ // Get the child node to search next from the list of children. The
+ // list of children starts relative to the parent index passed in
+ // because the indices of invalid rows is sorted (by default). As we
+ // search recursively, the first invalid index gets popped off the list,
+ // so when searching through the list of children, use that first invalid
+ // index to find the child node.
+ firstIndex := invalidIndices[0]
+ node := n.children[firstIndex-parent]
+
+ // If the child node doesn't exist in the list yet, fail fast by
+ // returning, so we can construct and insert the proper inverted matrix.
+ if node == nil {
+ return nil
+ }
+
+ // If there's more than one invalid index left in the list we should
+ // keep searching recursively.
+ if len(invalidIndices) > 1 {
+ // Search recursively on the child node by passing in the invalid indices
+ // with the first index popped off the front. Also the parent index to
+ // pass down is the first index plus one.
+ return node.getInvertedMatrix(invalidIndices[1:], firstIndex+1)
+ }
+ // If there aren't any more invalid indices to search, we've found our
+ // node. Return it, however keep in mind that the matrix could still be
+ // nil because intermediary nodes in the tree are created sometimes with
+ // their inversion matrices uninitialized.
+ return node.matrix
+}
+
+func (n inversionNode) insertInvertedMatrix(invalidIndices []int, matrix matrix, shards, parent int) {
+ // As above, get the child node to search next from the list of children.
+ // The list of children starts relative to the parent index passed in
+ // because the indices of invalid rows is sorted (by default). As we
+ // search recursively, the first invalid index gets popped off the list,
+ // so when searching through the list of children, use that first invalid
+ // index to find the child node.
+ firstIndex := invalidIndices[0]
+ node := n.children[firstIndex-parent]
+
+ // If the child node doesn't exist in the list yet, create a new
+ // node because we have the writer lock and add it to the list
+ // of children.
+ if node == nil {
+ // Make the length of the list of children equal to the number
+ // of shards minus the first invalid index because the list of
+ // invalid indices is sorted, so only this length of errors
+ // are possible in the tree.
+ node = &inversionNode{
+ children: make([]*inversionNode, shards-firstIndex),
+ }
+ // Insert the new node into the tree at the first index relative
+ // to the parent index that was given in this recursive call.
+ n.children[firstIndex-parent] = node
+ }
+
+ // If there's more than one invalid index left in the list we should
+ // keep searching recursively in order to find the node to add our
+ // matrix.
+ if len(invalidIndices) > 1 {
+ // As above, search recursively on the child node by passing in
+ // the invalid indices with the first index popped off the front.
+ // Also the total number of shards and parent index are passed down
+ // which is equal to the first index plus one.
+ node.insertInvertedMatrix(invalidIndices[1:], matrix, shards, firstIndex+1)
+ } else {
+ // If there aren't any more invalid indices to search, we've found our
+ // node. Cache the inverted matrix in this node.
+ node.matrix = matrix
+ }
+}
diff --git a/vendor/github.com/klauspost/reedsolomon/matrix.go b/vendor/github.com/klauspost/reedsolomon/matrix.go
new file mode 100644
index 0000000..339913a
--- /dev/null
+++ b/vendor/github.com/klauspost/reedsolomon/matrix.go
@@ -0,0 +1,279 @@
+/**
+ * Matrix Algebra over an 8-bit Galois Field
+ *
+ * Copyright 2015, Klaus Post
+ * Copyright 2015, Backblaze, Inc.
+ */
+
+package reedsolomon
+
+import (
+ "errors"
+ "fmt"
+ "strconv"
+ "strings"
+)
+
+// byte[row][col]
+type matrix [][]byte
+
+// newMatrix returns a matrix of zeros.
+func newMatrix(rows, cols int) (matrix, error) {
+ if rows <= 0 {
+ return nil, errInvalidRowSize
+ }
+ if cols <= 0 {
+ return nil, errInvalidColSize
+ }
+
+ m := matrix(make([][]byte, rows))
+ for i := range m {
+ m[i] = make([]byte, cols)
+ }
+ return m, nil
+}
+
+// NewMatrixData initializes a matrix with the given row-major data.
+// Note that data is not copied from input.
+func newMatrixData(data [][]byte) (matrix, error) {
+ m := matrix(data)
+ err := m.Check()
+ if err != nil {
+ return nil, err
+ }
+ return m, nil
+}
+
+// IdentityMatrix returns an identity matrix of the given size.
+func identityMatrix(size int) (matrix, error) {
+ m, err := newMatrix(size, size)
+ if err != nil {
+ return nil, err
+ }
+ for i := range m {
+ m[i][i] = 1
+ }
+ return m, nil
+}
+
+// errInvalidRowSize will be returned if attempting to create a matrix with negative or zero row number.
+var errInvalidRowSize = errors.New("invalid row size")
+
+// errInvalidColSize will be returned if attempting to create a matrix with negative or zero column number.
+var errInvalidColSize = errors.New("invalid column size")
+
+// errColSizeMismatch is returned if the size of matrix columns mismatch.
+var errColSizeMismatch = errors.New("column size is not the same for all rows")
+
+func (m matrix) Check() error {
+ rows := len(m)
+ if rows <= 0 {
+ return errInvalidRowSize
+ }
+ cols := len(m[0])
+ if cols <= 0 {
+ return errInvalidColSize
+ }
+
+ for _, col := range m {
+ if len(col) != cols {
+ return errColSizeMismatch
+ }
+ }
+ return nil
+}
+
+// String returns a human-readable string of the matrix contents.
+//
+// Example: [[1, 2], [3, 4]]
+func (m matrix) String() string {
+ rowOut := make([]string, 0, len(m))
+ for _, row := range m {
+ colOut := make([]string, 0, len(row))
+ for _, col := range row {
+ colOut = append(colOut, strconv.Itoa(int(col)))
+ }
+ rowOut = append(rowOut, "["+strings.Join(colOut, ", ")+"]")
+ }
+ return "[" + strings.Join(rowOut, ", ") + "]"
+}
+
+// Multiply multiplies this matrix (the one on the left) by another
+// matrix (the one on the right) and returns a new matrix with the result.
+func (m matrix) Multiply(right matrix) (matrix, error) {
+ if len(m[0]) != len(right) {
+ return nil, fmt.Errorf("columns on left (%d) is different than rows on right (%d)", len(m[0]), len(right))
+ }
+ result, _ := newMatrix(len(m), len(right[0]))
+ for r, row := range result {
+ for c := range row {
+ var value byte
+ for i := range m[0] {
+ value ^= galMultiply(m[r][i], right[i][c])
+ }
+ result[r][c] = value
+ }
+ }
+ return result, nil
+}
+
+// Augment returns the concatenation of this matrix and the matrix on the right.
+func (m matrix) Augment(right matrix) (matrix, error) {
+ if len(m) != len(right) {
+ return nil, errMatrixSize
+ }
+
+ result, _ := newMatrix(len(m), len(m[0])+len(right[0]))
+ for r, row := range m {
+ for c := range row {
+ result[r][c] = m[r][c]
+ }
+ cols := len(m[0])
+ for c := range right[0] {
+ result[r][cols+c] = right[r][c]
+ }
+ }
+ return result, nil
+}
+
+// errMatrixSize is returned if matrix dimensions are doesn't match.
+var errMatrixSize = errors.New("matrix sizes do not match")
+
+func (m matrix) SameSize(n matrix) error {
+ if len(m) != len(n) {
+ return errMatrixSize
+ }
+ for i := range m {
+ if len(m[i]) != len(n[i]) {
+ return errMatrixSize
+ }
+ }
+ return nil
+}
+
+// Returns a part of this matrix. Data is copied.
+func (m matrix) SubMatrix(rmin, cmin, rmax, cmax int) (matrix, error) {
+ result, err := newMatrix(rmax-rmin, cmax-cmin)
+ if err != nil {
+ return nil, err
+ }
+ // OPTME: If used heavily, use copy function to copy slice
+ for r := rmin; r < rmax; r++ {
+ for c := cmin; c < cmax; c++ {
+ result[r-rmin][c-cmin] = m[r][c]
+ }
+ }
+ return result, nil
+}
+
+// SwapRows Exchanges two rows in the matrix.
+func (m matrix) SwapRows(r1, r2 int) error {
+ if r1 < 0 || len(m) <= r1 || r2 < 0 || len(m) <= r2 {
+ return errInvalidRowSize
+ }
+ m[r2], m[r1] = m[r1], m[r2]
+ return nil
+}
+
+// IsSquare will return true if the matrix is square
+// and nil if the matrix is square
+func (m matrix) IsSquare() bool {
+ return len(m) == len(m[0])
+}
+
+// errSingular is returned if the matrix is singular and cannot be inversed
+var errSingular = errors.New("matrix is singular")
+
+// errNotSquare is returned if attempting to inverse a non-square matrix.
+var errNotSquare = errors.New("only square matrices can be inverted")
+
+// Invert returns the inverse of this matrix.
+// Returns ErrSingular when the matrix is singular and doesn't have an inverse.
+// The matrix must be square, otherwise ErrNotSquare is returned.
+func (m matrix) Invert() (matrix, error) {
+ if !m.IsSquare() {
+ return nil, errNotSquare
+ }
+
+ size := len(m)
+ work, _ := identityMatrix(size)
+ work, _ = m.Augment(work)
+
+ err := work.gaussianElimination()
+ if err != nil {
+ return nil, err
+ }
+
+ return work.SubMatrix(0, size, size, size*2)
+}
+
+func (m matrix) gaussianElimination() error {
+ rows := len(m)
+ columns := len(m[0])
+ // Clear out the part below the main diagonal and scale the main
+ // diagonal to be 1.
+ for r := 0; r < rows; r++ {
+ // If the element on the diagonal is 0, find a row below
+ // that has a non-zero and swap them.
+ if m[r][r] == 0 {
+ for rowBelow := r + 1; rowBelow < rows; rowBelow++ {
+ if m[rowBelow][r] != 0 {
+ m.SwapRows(r, rowBelow)
+ break
+ }
+ }
+ }
+ // If we couldn't find one, the matrix is singular.
+ if m[r][r] == 0 {
+ return errSingular
+ }
+ // Scale to 1.
+ if m[r][r] != 1 {
+ scale := galDivide(1, m[r][r])
+ for c := 0; c < columns; c++ {
+ m[r][c] = galMultiply(m[r][c], scale)
+ }
+ }
+ // Make everything below the 1 be a 0 by subtracting
+ // a multiple of it. (Subtraction and addition are
+ // both exclusive or in the Galois field.)
+ for rowBelow := r + 1; rowBelow < rows; rowBelow++ {
+ if m[rowBelow][r] != 0 {
+ scale := m[rowBelow][r]
+ for c := 0; c < columns; c++ {
+ m[rowBelow][c] ^= galMultiply(scale, m[r][c])
+ }
+ }
+ }
+ }
+
+ // Now clear the part above the main diagonal.
+ for d := 0; d < rows; d++ {
+ for rowAbove := 0; rowAbove < d; rowAbove++ {
+ if m[rowAbove][d] != 0 {
+ scale := m[rowAbove][d]
+ for c := 0; c < columns; c++ {
+ m[rowAbove][c] ^= galMultiply(scale, m[d][c])
+ }
+
+ }
+ }
+ }
+ return nil
+}
+
+// Create a Vandermonde matrix, which is guaranteed to have the
+// property that any subset of rows that forms a square matrix
+// is invertible.
+func vandermonde(rows, cols int) (matrix, error) {
+ result, err := newMatrix(rows, cols)
+ if err != nil {
+ return nil, err
+ }
+ for r, row := range result {
+ for c := range row {
+ result[r][c] = galExp(byte(r), c)
+ }
+ }
+ return result, nil
+}
diff --git a/vendor/github.com/klauspost/reedsolomon/options.go b/vendor/github.com/klauspost/reedsolomon/options.go
new file mode 100644
index 0000000..e8e3c46
--- /dev/null
+++ b/vendor/github.com/klauspost/reedsolomon/options.go
@@ -0,0 +1,111 @@
+package reedsolomon
+
+import (
+ "runtime"
+
+ "github.com/klauspost/cpuid"
+)
+
+// Option allows to override processing parameters.
+type Option func(*options)
+
+type options struct {
+ maxGoroutines int
+ minSplitSize int
+ useAVX2, useSSSE3, useSSE2 bool
+ usePAR1Matrix bool
+ useCauchy bool
+ shardSize int
+}
+
+var defaultOptions = options{
+ maxGoroutines: 384,
+ minSplitSize: 1024,
+}
+
+func init() {
+ if runtime.GOMAXPROCS(0) <= 1 {
+ defaultOptions.maxGoroutines = 1
+ }
+ // Detect CPU capabilities.
+ defaultOptions.useSSSE3 = cpuid.CPU.SSSE3()
+ defaultOptions.useAVX2 = cpuid.CPU.AVX2()
+ defaultOptions.useSSE2 = cpuid.CPU.SSE2()
+}
+
+// WithMaxGoroutines is the maximum number of goroutines number for encoding & decoding.
+// Jobs will be split into this many parts, unless each goroutine would have to process
+// less than minSplitSize bytes (set with WithMinSplitSize).
+// For the best speed, keep this well above the GOMAXPROCS number for more fine grained
+// scheduling.
+// If n <= 0, it is ignored.
+func WithMaxGoroutines(n int) Option {
+ return func(o *options) {
+ if n > 0 {
+ o.maxGoroutines = n
+ }
+ }
+}
+
+// WithAutoGoroutines will adjust the number of goroutines for optimal speed with a
+// specific shard size.
+// Send in the shard size you expect to send. Other shard sizes will work, but may not
+// run at the optimal speed.
+// Overwrites WithMaxGoroutines.
+// If shardSize <= 0, it is ignored.
+func WithAutoGoroutines(shardSize int) Option {
+ return func(o *options) {
+ o.shardSize = shardSize
+ }
+}
+
+// WithMinSplitSize is the minimum encoding size in bytes per goroutine.
+// See WithMaxGoroutines on how jobs are split.
+// If n <= 0, it is ignored.
+func WithMinSplitSize(n int) Option {
+ return func(o *options) {
+ if n > 0 {
+ o.minSplitSize = n
+ }
+ }
+}
+
+func withSSE3(enabled bool) Option {
+ return func(o *options) {
+ o.useSSSE3 = enabled
+ }
+}
+
+func withAVX2(enabled bool) Option {
+ return func(o *options) {
+ o.useAVX2 = enabled
+ }
+}
+
+func withSSE2(enabled bool) Option {
+ return func(o *options) {
+ o.useSSE2 = enabled
+ }
+}
+
+// WithPAR1Matrix causes the encoder to build the matrix how PARv1
+// does. Note that the method they use is buggy, and may lead to cases
+// where recovery is impossible, even if there are enough parity
+// shards.
+func WithPAR1Matrix() Option {
+ return func(o *options) {
+ o.usePAR1Matrix = true
+ o.useCauchy = false
+ }
+}
+
+// WithCauchyMatrix will make the encoder build a Cauchy style matrix.
+// The output of this is not compatible with the standard output.
+// A Cauchy matrix is faster to generate. This does not affect data throughput,
+// but will result in slightly faster start-up time.
+func WithCauchyMatrix() Option {
+ return func(o *options) {
+ o.useCauchy = true
+ o.usePAR1Matrix = false
+ }
+}
diff --git a/vendor/github.com/klauspost/reedsolomon/reedsolomon.go b/vendor/github.com/klauspost/reedsolomon/reedsolomon.go
new file mode 100644
index 0000000..706c437
--- /dev/null
+++ b/vendor/github.com/klauspost/reedsolomon/reedsolomon.go
@@ -0,0 +1,884 @@
+/**
+ * Reed-Solomon Coding over 8-bit values.
+ *
+ * Copyright 2015, Klaus Post
+ * Copyright 2015, Backblaze, Inc.
+ */
+
+// Package reedsolomon enables Erasure Coding in Go
+//
+// For usage and examples, see https://github.com/klauspost/reedsolomon
+//
+package reedsolomon
+
+import (
+ "bytes"
+ "errors"
+ "io"
+ "runtime"
+ "sync"
+
+ "github.com/klauspost/cpuid"
+)
+
+// Encoder is an interface to encode Reed-Salomon parity sets for your data.
+type Encoder interface {
+ // Encodes parity for a set of data shards.
+ // Input is 'shards' containing data shards followed by parity shards.
+ // The number of shards must match the number given to New().
+ // Each shard is a byte array, and they must all be the same size.
+ // The parity shards will always be overwritten and the data shards
+ // will remain the same, so it is safe for you to read from the
+ // data shards while this is running.
+ Encode(shards [][]byte) error
+
+ // Verify returns true if the parity shards contain correct data.
+ // The data is the same format as Encode. No data is modified, so
+ // you are allowed to read from data while this is running.
+ Verify(shards [][]byte) (bool, error)
+
+ // Reconstruct will recreate the missing shards if possible.
+ //
+ // Given a list of shards, some of which contain data, fills in the
+ // ones that don't have data.
+ //
+ // The length of the array must be equal to the total number of shards.
+ // You indicate that a shard is missing by setting it to nil or zero-length.
+ // If a shard is zero-length but has sufficient capacity, that memory will
+ // be used, otherwise a new []byte will be allocated.
+ //
+ // If there are too few shards to reconstruct the missing
+ // ones, ErrTooFewShards will be returned.
+ //
+ // The reconstructed shard set is complete, but integrity is not verified.
+ // Use the Verify function to check if data set is ok.
+ Reconstruct(shards [][]byte) error
+
+ // ReconstructData will recreate any missing data shards, if possible.
+ //
+ // Given a list of shards, some of which contain data, fills in the
+ // data shards that don't have data.
+ //
+ // The length of the array must be equal to Shards.
+ // You indicate that a shard is missing by setting it to nil or zero-length.
+ // If a shard is zero-length but has sufficient capacity, that memory will
+ // be used, otherwise a new []byte will be allocated.
+ //
+ // If there are too few shards to reconstruct the missing
+ // ones, ErrTooFewShards will be returned.
+ //
+ // As the reconstructed shard set may contain missing parity shards,
+ // calling the Verify function is likely to fail.
+ ReconstructData(shards [][]byte) error
+
+ // Update parity is use for change a few data shards and update it's parity.
+ // Input 'newDatashards' containing data shards changed.
+ // Input 'shards' containing old data shards (if data shard not changed, it can be nil) and old parity shards.
+ // new parity shards will in shards[DataShards:]
+ // Update is very useful if DataShards much larger than ParityShards and changed data shards is few. It will
+ // faster than Encode and not need read all data shards to encode.
+ Update(shards [][]byte, newDatashards [][]byte) error
+
+ // Split a data slice into the number of shards given to the encoder,
+ // and create empty parity shards.
+ //
+ // The data will be split into equally sized shards.
+ // If the data size isn't dividable by the number of shards,
+ // the last shard will contain extra zeros.
+ //
+ // There must be at least 1 byte otherwise ErrShortData will be
+ // returned.
+ //
+ // The data will not be copied, except for the last shard, so you
+ // should not modify the data of the input slice afterwards.
+ Split(data []byte) ([][]byte, error)
+
+ // Join the shards and write the data segment to dst.
+ //
+ // Only the data shards are considered.
+ // You must supply the exact output size you want.
+ // If there are to few shards given, ErrTooFewShards will be returned.
+ // If the total data size is less than outSize, ErrShortData will be returned.
+ Join(dst io.Writer, shards [][]byte, outSize int) error
+}
+
+// reedSolomon contains a matrix for a specific
+// distribution of datashards and parity shards.
+// Construct if using New()
+type reedSolomon struct {
+ DataShards int // Number of data shards, should not be modified.
+ ParityShards int // Number of parity shards, should not be modified.
+ Shards int // Total number of shards. Calculated, and should not be modified.
+ m matrix
+ tree inversionTree
+ parity [][]byte
+ o options
+}
+
+// ErrInvShardNum will be returned by New, if you attempt to create
+// an Encoder where either data or parity shards is zero or less.
+var ErrInvShardNum = errors.New("cannot create Encoder with zero or less data/parity shards")
+
+// ErrMaxShardNum will be returned by New, if you attempt to create an
+// Encoder where data and parity shards are bigger than the order of
+// GF(2^8).
+var ErrMaxShardNum = errors.New("cannot create Encoder with more than 256 data+parity shards")
+
+// buildMatrix creates the matrix to use for encoding, given the
+// number of data shards and the number of total shards.
+//
+// The top square of the matrix is guaranteed to be an identity
+// matrix, which means that the data shards are unchanged after
+// encoding.
+func buildMatrix(dataShards, totalShards int) (matrix, error) {
+ // Start with a Vandermonde matrix. This matrix would work,
+ // in theory, but doesn't have the property that the data
+ // shards are unchanged after encoding.
+ vm, err := vandermonde(totalShards, dataShards)
+ if err != nil {
+ return nil, err
+ }
+
+ // Multiply by the inverse of the top square of the matrix.
+ // This will make the top square be the identity matrix, but
+ // preserve the property that any square subset of rows is
+ // invertible.
+ top, err := vm.SubMatrix(0, 0, dataShards, dataShards)
+ if err != nil {
+ return nil, err
+ }
+
+ topInv, err := top.Invert()
+ if err != nil {
+ return nil, err
+ }
+
+ return vm.Multiply(topInv)
+}
+
+// buildMatrixPAR1 creates the matrix to use for encoding according to
+// the PARv1 spec, given the number of data shards and the number of
+// total shards. Note that the method they use is buggy, and may lead
+// to cases where recovery is impossible, even if there are enough
+// parity shards.
+//
+// The top square of the matrix is guaranteed to be an identity
+// matrix, which means that the data shards are unchanged after
+// encoding.
+func buildMatrixPAR1(dataShards, totalShards int) (matrix, error) {
+ result, err := newMatrix(totalShards, dataShards)
+ if err != nil {
+ return nil, err
+ }
+
+ for r, row := range result {
+ // The top portion of the matrix is the identity
+ // matrix, and the bottom is a transposed Vandermonde
+ // matrix starting at 1 instead of 0.
+ if r < dataShards {
+ result[r][r] = 1
+ } else {
+ for c := range row {
+ result[r][c] = galExp(byte(c+1), r-dataShards)
+ }
+ }
+ }
+ return result, nil
+}
+
+func buildMatrixCauchy(dataShards, totalShards int) (matrix, error) {
+ result, err := newMatrix(totalShards, dataShards)
+ if err != nil {
+ return nil, err
+ }
+
+ for r, row := range result {
+ // The top portion of the matrix is the identity
+ // matrix, and the bottom is a transposed Cauchy matrix.
+ if r < dataShards {
+ result[r][r] = 1
+ } else {
+ for c := range row {
+ result[r][c] = invTable[(byte(r ^ c))]
+ }
+ }
+ }
+ return result, nil
+}
+
+// New creates a new encoder and initializes it to
+// the number of data shards and parity shards that
+// you want to use. You can reuse this encoder.
+// Note that the maximum number of total shards is 256.
+// If no options are supplied, default options are used.
+func New(dataShards, parityShards int, opts ...Option) (Encoder, error) {
+ r := reedSolomon{
+ DataShards: dataShards,
+ ParityShards: parityShards,
+ Shards: dataShards + parityShards,
+ o: defaultOptions,
+ }
+
+ for _, opt := range opts {
+ opt(&r.o)
+ }
+ if dataShards <= 0 || parityShards <= 0 {
+ return nil, ErrInvShardNum
+ }
+
+ if dataShards+parityShards > 256 {
+ return nil, ErrMaxShardNum
+ }
+
+ var err error
+ switch {
+ case r.o.useCauchy:
+ r.m, err = buildMatrixCauchy(dataShards, r.Shards)
+ case r.o.usePAR1Matrix:
+ r.m, err = buildMatrixPAR1(dataShards, r.Shards)
+ default:
+ r.m, err = buildMatrix(dataShards, r.Shards)
+ }
+ if err != nil {
+ return nil, err
+ }
+ if r.o.shardSize > 0 {
+ cacheSize := cpuid.CPU.Cache.L2
+ if cacheSize <= 0 {
+ // Set to 128K if undetectable.
+ cacheSize = 128 << 10
+ }
+ p := runtime.NumCPU()
+
+ // 1 input + parity must fit in cache, and we add one more to be safer.
+ shards := 1 + parityShards
+ g := (r.o.shardSize * shards) / (cacheSize - (cacheSize >> 4))
+
+ if cpuid.CPU.ThreadsPerCore > 1 {
+ // If multiple threads per core, make sure they don't contend for cache.
+ g *= cpuid.CPU.ThreadsPerCore
+ }
+ g *= 2
+ if g < p {
+ g = p
+ }
+
+ // Have g be multiple of p
+ g += p - 1
+ g -= g % p
+
+ r.o.maxGoroutines = g
+ }
+
+ // Inverted matrices are cached in a tree keyed by the indices
+ // of the invalid rows of the data to reconstruct.
+ // The inversion root node will have the identity matrix as
+ // its inversion matrix because it implies there are no errors
+ // with the original data.
+ r.tree = newInversionTree(dataShards, parityShards)
+
+ r.parity = make([][]byte, parityShards)
+ for i := range r.parity {
+ r.parity[i] = r.m[dataShards+i]
+ }
+
+ return &r, err
+}
+
+// ErrTooFewShards is returned if too few shards where given to
+// Encode/Verify/Reconstruct/Update. It will also be returned from Reconstruct
+// if there were too few shards to reconstruct the missing data.
+var ErrTooFewShards = errors.New("too few shards given")
+
+// Encodes parity for a set of data shards.
+// An array 'shards' containing data shards followed by parity shards.
+// The number of shards must match the number given to New.
+// Each shard is a byte array, and they must all be the same size.
+// The parity shards will always be overwritten and the data shards
+// will remain the same.
+func (r reedSolomon) Encode(shards [][]byte) error {
+ if len(shards) != r.Shards {
+ return ErrTooFewShards
+ }
+
+ err := checkShards(shards, false)
+ if err != nil {
+ return err
+ }
+
+ // Get the slice of output buffers.
+ output := shards[r.DataShards:]
+
+ // Do the coding.
+ r.codeSomeShards(r.parity, shards[0:r.DataShards], output, r.ParityShards, len(shards[0]))
+ return nil
+}
+
+// ErrInvalidInput is returned if invalid input parameter of Update.
+var ErrInvalidInput = errors.New("invalid input")
+
+func (r reedSolomon) Update(shards [][]byte, newDatashards [][]byte) error {
+ if len(shards) != r.Shards {
+ return ErrTooFewShards
+ }
+
+ if len(newDatashards) != r.DataShards {
+ return ErrTooFewShards
+ }
+
+ err := checkShards(shards, true)
+ if err != nil {
+ return err
+ }
+
+ err = checkShards(newDatashards, true)
+ if err != nil {
+ return err
+ }
+
+ for i := range newDatashards {
+ if newDatashards[i] != nil && shards[i] == nil {
+ return ErrInvalidInput
+ }
+ }
+ for _, p := range shards[r.DataShards:] {
+ if p == nil {
+ return ErrInvalidInput
+ }
+ }
+
+ shardSize := shardSize(shards)
+
+ // Get the slice of output buffers.
+ output := shards[r.DataShards:]
+
+ // Do the coding.
+ r.updateParityShards(r.parity, shards[0:r.DataShards], newDatashards[0:r.DataShards], output, r.ParityShards, shardSize)
+ return nil
+}
+
+func (r reedSolomon) updateParityShards(matrixRows, oldinputs, newinputs, outputs [][]byte, outputCount, byteCount int) {
+ if r.o.maxGoroutines > 1 && byteCount > r.o.minSplitSize {
+ r.updateParityShardsP(matrixRows, oldinputs, newinputs, outputs, outputCount, byteCount)
+ return
+ }
+
+ for c := 0; c < r.DataShards; c++ {
+ in := newinputs[c]
+ if in == nil {
+ continue
+ }
+ oldin := oldinputs[c]
+ // oldinputs data will be change
+ sliceXor(in, oldin, r.o.useSSE2)
+ for iRow := 0; iRow < outputCount; iRow++ {
+ galMulSliceXor(matrixRows[iRow][c], oldin, outputs[iRow], r.o.useSSSE3, r.o.useAVX2)
+ }
+ }
+}
+
+func (r reedSolomon) updateParityShardsP(matrixRows, oldinputs, newinputs, outputs [][]byte, outputCount, byteCount int) {
+ var wg sync.WaitGroup
+ do := byteCount / r.o.maxGoroutines
+ if do < r.o.minSplitSize {
+ do = r.o.minSplitSize
+ }
+ start := 0
+ for start < byteCount {
+ if start+do > byteCount {
+ do = byteCount - start
+ }
+ wg.Add(1)
+ go func(start, stop int) {
+ for c := 0; c < r.DataShards; c++ {
+ in := newinputs[c]
+ if in == nil {
+ continue
+ }
+ oldin := oldinputs[c]
+ // oldinputs data will be change
+ sliceXor(in[start:stop], oldin[start:stop], r.o.useSSE2)
+ for iRow := 0; iRow < outputCount; iRow++ {
+ galMulSliceXor(matrixRows[iRow][c], oldin[start:stop], outputs[iRow][start:stop], r.o.useSSSE3, r.o.useAVX2)
+ }
+ }
+ wg.Done()
+ }(start, start+do)
+ start += do
+ }
+ wg.Wait()
+}
+
+// Verify returns true if the parity shards contain the right data.
+// The data is the same format as Encode. No data is modified.
+func (r reedSolomon) Verify(shards [][]byte) (bool, error) {
+ if len(shards) != r.Shards {
+ return false, ErrTooFewShards
+ }
+ err := checkShards(shards, false)
+ if err != nil {
+ return false, err
+ }
+
+ // Slice of buffers being checked.
+ toCheck := shards[r.DataShards:]
+
+ // Do the checking.
+ return r.checkSomeShards(r.parity, shards[0:r.DataShards], toCheck, r.ParityShards, len(shards[0])), nil
+}
+
+// Multiplies a subset of rows from a coding matrix by a full set of
+// input shards to produce some output shards.
+// 'matrixRows' is The rows from the matrix to use.
+// 'inputs' An array of byte arrays, each of which is one input shard.
+// The number of inputs used is determined by the length of each matrix row.
+// outputs Byte arrays where the computed shards are stored.
+// The number of outputs computed, and the
+// number of matrix rows used, is determined by
+// outputCount, which is the number of outputs to compute.
+func (r reedSolomon) codeSomeShards(matrixRows, inputs, outputs [][]byte, outputCount, byteCount int) {
+ if r.o.maxGoroutines > 1 && byteCount > r.o.minSplitSize {
+ r.codeSomeShardsP(matrixRows, inputs, outputs, outputCount, byteCount)
+ return
+ }
+ for c := 0; c < r.DataShards; c++ {
+ in := inputs[c]
+ for iRow := 0; iRow < outputCount; iRow++ {
+ if c == 0 {
+ galMulSlice(matrixRows[iRow][c], in, outputs[iRow], r.o.useSSSE3, r.o.useAVX2)
+ } else {
+ galMulSliceXor(matrixRows[iRow][c], in, outputs[iRow], r.o.useSSSE3, r.o.useAVX2)
+ }
+ }
+ }
+}
+
+// Perform the same as codeSomeShards, but split the workload into
+// several goroutines.
+func (r reedSolomon) codeSomeShardsP(matrixRows, inputs, outputs [][]byte, outputCount, byteCount int) {
+ var wg sync.WaitGroup
+ do := byteCount / r.o.maxGoroutines
+ if do < r.o.minSplitSize {
+ do = r.o.minSplitSize
+ }
+ // Make sizes divisible by 16
+ do = (do + 15) & (^15)
+ start := 0
+ for start < byteCount {
+ if start+do > byteCount {
+ do = byteCount - start
+ }
+ wg.Add(1)
+ go func(start, stop int) {
+ for c := 0; c < r.DataShards; c++ {
+ in := inputs[c][start:stop]
+ for iRow := 0; iRow < outputCount; iRow++ {
+ if c == 0 {
+ galMulSlice(matrixRows[iRow][c], in, outputs[iRow][start:stop], r.o.useSSSE3, r.o.useAVX2)
+ } else {
+ galMulSliceXor(matrixRows[iRow][c], in, outputs[iRow][start:stop], r.o.useSSSE3, r.o.useAVX2)
+ }
+ }
+ }
+ wg.Done()
+ }(start, start+do)
+ start += do
+ }
+ wg.Wait()
+}
+
+// checkSomeShards is mostly the same as codeSomeShards,
+// except this will check values and return
+// as soon as a difference is found.
+func (r reedSolomon) checkSomeShards(matrixRows, inputs, toCheck [][]byte, outputCount, byteCount int) bool {
+ if r.o.maxGoroutines > 1 && byteCount > r.o.minSplitSize {
+ return r.checkSomeShardsP(matrixRows, inputs, toCheck, outputCount, byteCount)
+ }
+ outputs := make([][]byte, len(toCheck))
+ for i := range outputs {
+ outputs[i] = make([]byte, byteCount)
+ }
+ for c := 0; c < r.DataShards; c++ {
+ in := inputs[c]
+ for iRow := 0; iRow < outputCount; iRow++ {
+ galMulSliceXor(matrixRows[iRow][c], in, outputs[iRow], r.o.useSSSE3, r.o.useAVX2)
+ }
+ }
+
+ for i, calc := range outputs {
+ if !bytes.Equal(calc, toCheck[i]) {
+ return false
+ }
+ }
+ return true
+}
+
+func (r reedSolomon) checkSomeShardsP(matrixRows, inputs, toCheck [][]byte, outputCount, byteCount int) bool {
+ same := true
+ var mu sync.RWMutex // For above
+
+ var wg sync.WaitGroup
+ do := byteCount / r.o.maxGoroutines
+ if do < r.o.minSplitSize {
+ do = r.o.minSplitSize
+ }
+ // Make sizes divisible by 16
+ do = (do + 15) & (^15)
+ start := 0
+ for start < byteCount {
+ if start+do > byteCount {
+ do = byteCount - start
+ }
+ wg.Add(1)
+ go func(start, do int) {
+ defer wg.Done()
+ outputs := make([][]byte, len(toCheck))
+ for i := range outputs {
+ outputs[i] = make([]byte, do)
+ }
+ for c := 0; c < r.DataShards; c++ {
+ mu.RLock()
+ if !same {
+ mu.RUnlock()
+ return
+ }
+ mu.RUnlock()
+ in := inputs[c][start : start+do]
+ for iRow := 0; iRow < outputCount; iRow++ {
+ galMulSliceXor(matrixRows[iRow][c], in, outputs[iRow], r.o.useSSSE3, r.o.useAVX2)
+ }
+ }
+
+ for i, calc := range outputs {
+ if !bytes.Equal(calc, toCheck[i][start:start+do]) {
+ mu.Lock()
+ same = false
+ mu.Unlock()
+ return
+ }
+ }
+ }(start, do)
+ start += do
+ }
+ wg.Wait()
+ return same
+}
+
+// ErrShardNoData will be returned if there are no shards,
+// or if the length of all shards is zero.
+var ErrShardNoData = errors.New("no shard data")
+
+// ErrShardSize is returned if shard length isn't the same for all
+// shards.
+var ErrShardSize = errors.New("shard sizes do not match")
+
+// checkShards will check if shards are the same size
+// or 0, if allowed. An error is returned if this fails.
+// An error is also returned if all shards are size 0.
+func checkShards(shards [][]byte, nilok bool) error {
+ size := shardSize(shards)
+ if size == 0 {
+ return ErrShardNoData
+ }
+ for _, shard := range shards {
+ if len(shard) != size {
+ if len(shard) != 0 || !nilok {
+ return ErrShardSize
+ }
+ }
+ }
+ return nil
+}
+
+// shardSize return the size of a single shard.
+// The first non-zero size is returned,
+// or 0 if all shards are size 0.
+func shardSize(shards [][]byte) int {
+ for _, shard := range shards {
+ if len(shard) != 0 {
+ return len(shard)
+ }
+ }
+ return 0
+}
+
+// Reconstruct will recreate the missing shards, if possible.
+//
+// Given a list of shards, some of which contain data, fills in the
+// ones that don't have data.
+//
+// The length of the array must be equal to Shards.
+// You indicate that a shard is missing by setting it to nil or zero-length.
+// If a shard is zero-length but has sufficient capacity, that memory will
+// be used, otherwise a new []byte will be allocated.
+//
+// If there are too few shards to reconstruct the missing
+// ones, ErrTooFewShards will be returned.
+//
+// The reconstructed shard set is complete, but integrity is not verified.
+// Use the Verify function to check if data set is ok.
+func (r reedSolomon) Reconstruct(shards [][]byte) error {
+ return r.reconstruct(shards, false)
+}
+
+// ReconstructData will recreate any missing data shards, if possible.
+//
+// Given a list of shards, some of which contain data, fills in the
+// data shards that don't have data.
+//
+// The length of the array must be equal to Shards.
+// You indicate that a shard is missing by setting it to nil or zero-length.
+// If a shard is zero-length but has sufficient capacity, that memory will
+// be used, otherwise a new []byte will be allocated.
+//
+// If there are too few shards to reconstruct the missing
+// ones, ErrTooFewShards will be returned.
+//
+// As the reconstructed shard set may contain missing parity shards,
+// calling the Verify function is likely to fail.
+func (r reedSolomon) ReconstructData(shards [][]byte) error {
+ return r.reconstruct(shards, true)
+}
+
+// reconstruct will recreate the missing data shards, and unless
+// dataOnly is true, also the missing parity shards
+//
+// The length of the array must be equal to Shards.
+// You indicate that a shard is missing by setting it to nil.
+//
+// If there are too few shards to reconstruct the missing
+// ones, ErrTooFewShards will be returned.
+func (r reedSolomon) reconstruct(shards [][]byte, dataOnly bool) error {
+ if len(shards) != r.Shards {
+ return ErrTooFewShards
+ }
+ // Check arguments.
+ err := checkShards(shards, true)
+ if err != nil {
+ return err
+ }
+
+ shardSize := shardSize(shards)
+
+ // Quick check: are all of the shards present? If so, there's
+ // nothing to do.
+ numberPresent := 0
+ for i := 0; i < r.Shards; i++ {
+ if len(shards[i]) != 0 {
+ numberPresent++
+ }
+ }
+ if numberPresent == r.Shards {
+ // Cool. All of the shards data data. We don't
+ // need to do anything.
+ return nil
+ }
+
+ // More complete sanity check
+ if numberPresent < r.DataShards {
+ return ErrTooFewShards
+ }
+
+ // Pull out an array holding just the shards that
+ // correspond to the rows of the submatrix. These shards
+ // will be the input to the decoding process that re-creates
+ // the missing data shards.
+ //
+ // Also, create an array of indices of the valid rows we do have
+ // and the invalid rows we don't have up until we have enough valid rows.
+ subShards := make([][]byte, r.DataShards)
+ validIndices := make([]int, r.DataShards)
+ invalidIndices := make([]int, 0)
+ subMatrixRow := 0
+ for matrixRow := 0; matrixRow < r.Shards && subMatrixRow < r.DataShards; matrixRow++ {
+ if len(shards[matrixRow]) != 0 {
+ subShards[subMatrixRow] = shards[matrixRow]
+ validIndices[subMatrixRow] = matrixRow
+ subMatrixRow++
+ } else {
+ invalidIndices = append(invalidIndices, matrixRow)
+ }
+ }
+
+ // Attempt to get the cached inverted matrix out of the tree
+ // based on the indices of the invalid rows.
+ dataDecodeMatrix := r.tree.GetInvertedMatrix(invalidIndices)
+
+ // If the inverted matrix isn't cached in the tree yet we must
+ // construct it ourselves and insert it into the tree for the
+ // future. In this way the inversion tree is lazily loaded.
+ if dataDecodeMatrix == nil {
+ // Pull out the rows of the matrix that correspond to the
+ // shards that we have and build a square matrix. This
+ // matrix could be used to generate the shards that we have
+ // from the original data.
+ subMatrix, _ := newMatrix(r.DataShards, r.DataShards)
+ for subMatrixRow, validIndex := range validIndices {
+ for c := 0; c < r.DataShards; c++ {
+ subMatrix[subMatrixRow][c] = r.m[validIndex][c]
+ }
+ }
+ // Invert the matrix, so we can go from the encoded shards
+ // back to the original data. Then pull out the row that
+ // generates the shard that we want to decode. Note that
+ // since this matrix maps back to the original data, it can
+ // be used to create a data shard, but not a parity shard.
+ dataDecodeMatrix, err = subMatrix.Invert()
+ if err != nil {
+ return err
+ }
+
+ // Cache the inverted matrix in the tree for future use keyed on the
+ // indices of the invalid rows.
+ err = r.tree.InsertInvertedMatrix(invalidIndices, dataDecodeMatrix, r.Shards)
+ if err != nil {
+ return err
+ }
+ }
+
+ // Re-create any data shards that were missing.
+ //
+ // The input to the coding is all of the shards we actually
+ // have, and the output is the missing data shards. The computation
+ // is done using the special decode matrix we just built.
+ outputs := make([][]byte, r.ParityShards)
+ matrixRows := make([][]byte, r.ParityShards)
+ outputCount := 0
+
+ for iShard := 0; iShard < r.DataShards; iShard++ {
+ if len(shards[iShard]) == 0 {
+ if cap(shards[iShard]) >= shardSize {
+ shards[iShard] = shards[iShard][0:shardSize]
+ } else {
+ shards[iShard] = make([]byte, shardSize)
+ }
+ outputs[outputCount] = shards[iShard]
+ matrixRows[outputCount] = dataDecodeMatrix[iShard]
+ outputCount++
+ }
+ }
+ r.codeSomeShards(matrixRows, subShards, outputs[:outputCount], outputCount, shardSize)
+
+ if dataOnly {
+ // Exit out early if we are only interested in the data shards
+ return nil
+ }
+
+ // Now that we have all of the data shards intact, we can
+ // compute any of the parity that is missing.
+ //
+ // The input to the coding is ALL of the data shards, including
+ // any that we just calculated. The output is whichever of the
+ // data shards were missing.
+ outputCount = 0
+ for iShard := r.DataShards; iShard < r.Shards; iShard++ {
+ if len(shards[iShard]) == 0 {
+ if cap(shards[iShard]) >= shardSize {
+ shards[iShard] = shards[iShard][0:shardSize]
+ } else {
+ shards[iShard] = make([]byte, shardSize)
+ }
+ outputs[outputCount] = shards[iShard]
+ matrixRows[outputCount] = r.parity[iShard-r.DataShards]
+ outputCount++
+ }
+ }
+ r.codeSomeShards(matrixRows, shards[:r.DataShards], outputs[:outputCount], outputCount, shardSize)
+ return nil
+}
+
+// ErrShortData will be returned by Split(), if there isn't enough data
+// to fill the number of shards.
+var ErrShortData = errors.New("not enough data to fill the number of requested shards")
+
+// Split a data slice into the number of shards given to the encoder,
+// and create empty parity shards if necessary.
+//
+// The data will be split into equally sized shards.
+// If the data size isn't divisible by the number of shards,
+// the last shard will contain extra zeros.
+//
+// There must be at least 1 byte otherwise ErrShortData will be
+// returned.
+//
+// The data will not be copied, except for the last shard, so you
+// should not modify the data of the input slice afterwards.
+func (r reedSolomon) Split(data []byte) ([][]byte, error) {
+ if len(data) == 0 {
+ return nil, ErrShortData
+ }
+ // Calculate number of bytes per data shard.
+ perShard := (len(data) + r.DataShards - 1) / r.DataShards
+
+ if cap(data) > len(data) {
+ data = data[:cap(data)]
+ }
+
+ // Only allocate memory if necessary
+ if len(data) < (r.Shards * perShard) {
+ // Pad data to r.Shards*perShard.
+ padding := make([]byte, (r.Shards*perShard)-len(data))
+ data = append(data, padding...)
+ }
+
+ // Split into equal-length shards.
+ dst := make([][]byte, r.Shards)
+ for i := range dst {
+ dst[i] = data[:perShard]
+ data = data[perShard:]
+ }
+
+ return dst, nil
+}
+
+// ErrReconstructRequired is returned if too few data shards are intact and a
+// reconstruction is required before you can successfully join the shards.
+var ErrReconstructRequired = errors.New("reconstruction required as one or more required data shards are nil")
+
+// Join the shards and write the data segment to dst.
+//
+// Only the data shards are considered.
+// You must supply the exact output size you want.
+//
+// If there are to few shards given, ErrTooFewShards will be returned.
+// If the total data size is less than outSize, ErrShortData will be returned.
+// If one or more required data shards are nil, ErrReconstructRequired will be returned.
+func (r reedSolomon) Join(dst io.Writer, shards [][]byte, outSize int) error {
+ // Do we have enough shards?
+ if len(shards) < r.DataShards {
+ return ErrTooFewShards
+ }
+ shards = shards[:r.DataShards]
+
+ // Do we have enough data?
+ size := 0
+ for _, shard := range shards {
+ if shard == nil {
+ return ErrReconstructRequired
+ }
+ size += len(shard)
+
+ // Do we have enough data already?
+ if size >= outSize {
+ break
+ }
+ }
+ if size < outSize {
+ return ErrShortData
+ }
+
+ // Copy data to dst
+ write := outSize
+ for _, shard := range shards {
+ if write < len(shard) {
+ _, err := dst.Write(shard[:write])
+ return err
+ }
+ n, err := dst.Write(shard)
+ if err != nil {
+ return err
+ }
+ write -= n
+ }
+ return nil
+}
diff --git a/vendor/github.com/klauspost/reedsolomon/streaming.go b/vendor/github.com/klauspost/reedsolomon/streaming.go
new file mode 100644
index 0000000..9e55d73
--- /dev/null
+++ b/vendor/github.com/klauspost/reedsolomon/streaming.go
@@ -0,0 +1,584 @@
+/**
+ * Reed-Solomon Coding over 8-bit values.
+ *
+ * Copyright 2015, Klaus Post
+ * Copyright 2015, Backblaze, Inc.
+ */
+
+package reedsolomon
+
+import (
+ "bytes"
+ "errors"
+ "fmt"
+ "io"
+ "sync"
+)
+
+// StreamEncoder is an interface to encode Reed-Salomon parity sets for your data.
+// It provides a fully streaming interface, and processes data in blocks of up to 4MB.
+//
+// For small shard sizes, 10MB and below, it is recommended to use the in-memory interface,
+// since the streaming interface has a start up overhead.
+//
+// For all operations, no readers and writers should not assume any order/size of
+// individual reads/writes.
+//
+// For usage examples, see "stream-encoder.go" and "streamdecoder.go" in the examples
+// folder.
+type StreamEncoder interface {
+ // Encodes parity shards for a set of data shards.
+ //
+ // Input is 'shards' containing readers for data shards followed by parity shards
+ // io.Writer.
+ //
+ // The number of shards must match the number given to NewStream().
+ //
+ // Each reader must supply the same number of bytes.
+ //
+ // The parity shards will be written to the writer.
+ // The number of bytes written will match the input size.
+ //
+ // If a data stream returns an error, a StreamReadError type error
+ // will be returned. If a parity writer returns an error, a
+ // StreamWriteError will be returned.
+ Encode(data []io.Reader, parity []io.Writer) error
+
+ // Verify returns true if the parity shards contain correct data.
+ //
+ // The number of shards must match the number total data+parity shards
+ // given to NewStream().
+ //
+ // Each reader must supply the same number of bytes.
+ // If a shard stream returns an error, a StreamReadError type error
+ // will be returned.
+ Verify(shards []io.Reader) (bool, error)
+
+ // Reconstruct will recreate the missing shards if possible.
+ //
+ // Given a list of valid shards (to read) and invalid shards (to write)
+ //
+ // You indicate that a shard is missing by setting it to nil in the 'valid'
+ // slice and at the same time setting a non-nil writer in "fill".
+ // An index cannot contain both non-nil 'valid' and 'fill' entry.
+ // If both are provided 'ErrReconstructMismatch' is returned.
+ //
+ // If there are too few shards to reconstruct the missing
+ // ones, ErrTooFewShards will be returned.
+ //
+ // The reconstructed shard set is complete, but integrity is not verified.
+ // Use the Verify function to check if data set is ok.
+ Reconstruct(valid []io.Reader, fill []io.Writer) error
+
+ // Split a an input stream into the number of shards given to the encoder.
+ //
+ // The data will be split into equally sized shards.
+ // If the data size isn't dividable by the number of shards,
+ // the last shard will contain extra zeros.
+ //
+ // You must supply the total size of your input.
+ // 'ErrShortData' will be returned if it is unable to retrieve the
+ // number of bytes indicated.
+ Split(data io.Reader, dst []io.Writer, size int64) (err error)
+
+ // Join the shards and write the data segment to dst.
+ //
+ // Only the data shards are considered.
+ //
+ // You must supply the exact output size you want.
+ // If there are to few shards given, ErrTooFewShards will be returned.
+ // If the total data size is less than outSize, ErrShortData will be returned.
+ Join(dst io.Writer, shards []io.Reader, outSize int64) error
+}
+
+// StreamReadError is returned when a read error is encountered
+// that relates to a supplied stream.
+// This will allow you to find out which reader has failed.
+type StreamReadError struct {
+ Err error // The error
+ Stream int // The stream number on which the error occurred
+}
+
+// Error returns the error as a string
+func (s StreamReadError) Error() string {
+ return fmt.Sprintf("error reading stream %d: %s", s.Stream, s.Err)
+}
+
+// String returns the error as a string
+func (s StreamReadError) String() string {
+ return s.Error()
+}
+
+// StreamWriteError is returned when a write error is encountered
+// that relates to a supplied stream. This will allow you to
+// find out which reader has failed.
+type StreamWriteError struct {
+ Err error // The error
+ Stream int // The stream number on which the error occurred
+}
+
+// Error returns the error as a string
+func (s StreamWriteError) Error() string {
+ return fmt.Sprintf("error writing stream %d: %s", s.Stream, s.Err)
+}
+
+// String returns the error as a string
+func (s StreamWriteError) String() string {
+ return s.Error()
+}
+
+// rsStream contains a matrix for a specific
+// distribution of datashards and parity shards.
+// Construct if using NewStream()
+type rsStream struct {
+ r *reedSolomon
+ bs int // Block size
+ // Shard reader
+ readShards func(dst [][]byte, in []io.Reader) error
+ // Shard writer
+ writeShards func(out []io.Writer, in [][]byte) error
+ creads bool
+ cwrites bool
+}
+
+// NewStream creates a new encoder and initializes it to
+// the number of data shards and parity shards that
+// you want to use. You can reuse this encoder.
+// Note that the maximum number of data shards is 256.
+func NewStream(dataShards, parityShards int, o ...Option) (StreamEncoder, error) {
+ enc, err := New(dataShards, parityShards, o...)
+ if err != nil {
+ return nil, err
+ }
+ rs := enc.(*reedSolomon)
+ r := rsStream{r: rs, bs: 4 << 20}
+ r.readShards = readShards
+ r.writeShards = writeShards
+ return &r, err
+}
+
+// NewStreamC creates a new encoder and initializes it to
+// the number of data shards and parity shards given.
+//
+// This functions as 'NewStream', but allows you to enable CONCURRENT reads and writes.
+func NewStreamC(dataShards, parityShards int, conReads, conWrites bool, o ...Option) (StreamEncoder, error) {
+ enc, err := New(dataShards, parityShards, o...)
+ if err != nil {
+ return nil, err
+ }
+ rs := enc.(*reedSolomon)
+ r := rsStream{r: rs, bs: 4 << 20}
+ r.readShards = readShards
+ r.writeShards = writeShards
+ if conReads {
+ r.readShards = cReadShards
+ }
+ if conWrites {
+ r.writeShards = cWriteShards
+ }
+ return &r, err
+}
+
+func createSlice(n, length int) [][]byte {
+ out := make([][]byte, n)
+ for i := range out {
+ out[i] = make([]byte, length)
+ }
+ return out
+}
+
+// Encodes parity shards for a set of data shards.
+//
+// Input is 'shards' containing readers for data shards followed by parity shards
+// io.Writer.
+//
+// The number of shards must match the number given to NewStream().
+//
+// Each reader must supply the same number of bytes.
+//
+// The parity shards will be written to the writer.
+// The number of bytes written will match the input size.
+//
+// If a data stream returns an error, a StreamReadError type error
+// will be returned. If a parity writer returns an error, a
+// StreamWriteError will be returned.
+func (r rsStream) Encode(data []io.Reader, parity []io.Writer) error {
+ if len(data) != r.r.DataShards {
+ return ErrTooFewShards
+ }
+
+ if len(parity) != r.r.ParityShards {
+ return ErrTooFewShards
+ }
+
+ all := createSlice(r.r.Shards, r.bs)
+ in := all[:r.r.DataShards]
+ out := all[r.r.DataShards:]
+ read := 0
+
+ for {
+ err := r.readShards(in, data)
+ switch err {
+ case nil:
+ case io.EOF:
+ if read == 0 {
+ return ErrShardNoData
+ }
+ return nil
+ default:
+ return err
+ }
+ out = trimShards(out, shardSize(in))
+ read += shardSize(in)
+ err = r.r.Encode(all)
+ if err != nil {
+ return err
+ }
+ err = r.writeShards(parity, out)
+ if err != nil {
+ return err
+ }
+ }
+}
+
+// Trim the shards so they are all the same size
+func trimShards(in [][]byte, size int) [][]byte {
+ for i := range in {
+ if in[i] != nil {
+ in[i] = in[i][0:size]
+ }
+ if len(in[i]) < size {
+ in[i] = nil
+ }
+ }
+ return in
+}
+
+func readShards(dst [][]byte, in []io.Reader) error {
+ if len(in) != len(dst) {
+ panic("internal error: in and dst size do not match")
+ }
+ size := -1
+ for i := range in {
+ if in[i] == nil {
+ dst[i] = nil
+ continue
+ }
+ n, err := io.ReadFull(in[i], dst[i])
+ // The error is EOF only if no bytes were read.
+ // If an EOF happens after reading some but not all the bytes,
+ // ReadFull returns ErrUnexpectedEOF.
+ switch err {
+ case io.ErrUnexpectedEOF, io.EOF:
+ if size < 0 {
+ size = n
+ } else if n != size {
+ // Shard sizes must match.
+ return ErrShardSize
+ }
+ dst[i] = dst[i][0:n]
+ case nil:
+ continue
+ default:
+ return StreamReadError{Err: err, Stream: i}
+ }
+ }
+ if size == 0 {
+ return io.EOF
+ }
+ return nil
+}
+
+func writeShards(out []io.Writer, in [][]byte) error {
+ if len(out) != len(in) {
+ panic("internal error: in and out size do not match")
+ }
+ for i := range in {
+ if out[i] == nil {
+ continue
+ }
+ n, err := out[i].Write(in[i])
+ if err != nil {
+ return StreamWriteError{Err: err, Stream: i}
+ }
+ //
+ if n != len(in[i]) {
+ return StreamWriteError{Err: io.ErrShortWrite, Stream: i}
+ }
+ }
+ return nil
+}
+
+type readResult struct {
+ n int
+ size int
+ err error
+}
+
+// cReadShards reads shards concurrently
+func cReadShards(dst [][]byte, in []io.Reader) error {
+ if len(in) != len(dst) {
+ panic("internal error: in and dst size do not match")
+ }
+ var wg sync.WaitGroup
+ wg.Add(len(in))
+ res := make(chan readResult, len(in))
+ for i := range in {
+ if in[i] == nil {
+ dst[i] = nil
+ wg.Done()
+ continue
+ }
+ go func(i int) {
+ defer wg.Done()
+ n, err := io.ReadFull(in[i], dst[i])
+ // The error is EOF only if no bytes were read.
+ // If an EOF happens after reading some but not all the bytes,
+ // ReadFull returns ErrUnexpectedEOF.
+ res <- readResult{size: n, err: err, n: i}
+
+ }(i)
+ }
+ wg.Wait()
+ close(res)
+ size := -1
+ for r := range res {
+ switch r.err {
+ case io.ErrUnexpectedEOF, io.EOF:
+ if size < 0 {
+ size = r.size
+ } else if r.size != size {
+ // Shard sizes must match.
+ return ErrShardSize
+ }
+ dst[r.n] = dst[r.n][0:r.size]
+ case nil:
+ default:
+ return StreamReadError{Err: r.err, Stream: r.n}
+ }
+ }
+ if size == 0 {
+ return io.EOF
+ }
+ return nil
+}
+
+// cWriteShards writes shards concurrently
+func cWriteShards(out []io.Writer, in [][]byte) error {
+ if len(out) != len(in) {
+ panic("internal error: in and out size do not match")
+ }
+ var errs = make(chan error, len(out))
+ var wg sync.WaitGroup
+ wg.Add(len(out))
+ for i := range in {
+ go func(i int) {
+ defer wg.Done()
+ if out[i] == nil {
+ errs <- nil
+ return
+ }
+ n, err := out[i].Write(in[i])
+ if err != nil {
+ errs <- StreamWriteError{Err: err, Stream: i}
+ return
+ }
+ if n != len(in[i]) {
+ errs <- StreamWriteError{Err: io.ErrShortWrite, Stream: i}
+ }
+ }(i)
+ }
+ wg.Wait()
+ close(errs)
+ for err := range errs {
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+// Verify returns true if the parity shards contain correct data.
+//
+// The number of shards must match the number total data+parity shards
+// given to NewStream().
+//
+// Each reader must supply the same number of bytes.
+// If a shard stream returns an error, a StreamReadError type error
+// will be returned.
+func (r rsStream) Verify(shards []io.Reader) (bool, error) {
+ if len(shards) != r.r.Shards {
+ return false, ErrTooFewShards
+ }
+
+ read := 0
+ all := createSlice(r.r.Shards, r.bs)
+ for {
+ err := r.readShards(all, shards)
+ if err == io.EOF {
+ if read == 0 {
+ return false, ErrShardNoData
+ }
+ return true, nil
+ }
+ if err != nil {
+ return false, err
+ }
+ read += shardSize(all)
+ ok, err := r.r.Verify(all)
+ if !ok || err != nil {
+ return ok, err
+ }
+ }
+}
+
+// ErrReconstructMismatch is returned by the StreamEncoder, if you supply
+// "valid" and "fill" streams on the same index.
+// Therefore it is impossible to see if you consider the shard valid
+// or would like to have it reconstructed.
+var ErrReconstructMismatch = errors.New("valid shards and fill shards are mutually exclusive")
+
+// Reconstruct will recreate the missing shards if possible.
+//
+// Given a list of valid shards (to read) and invalid shards (to write)
+//
+// You indicate that a shard is missing by setting it to nil in the 'valid'
+// slice and at the same time setting a non-nil writer in "fill".
+// An index cannot contain both non-nil 'valid' and 'fill' entry.
+//
+// If there are too few shards to reconstruct the missing
+// ones, ErrTooFewShards will be returned.
+//
+// The reconstructed shard set is complete when explicitly asked for all missing shards.
+// However its integrity is not automatically verified.
+// Use the Verify function to check in case the data set is complete.
+func (r rsStream) Reconstruct(valid []io.Reader, fill []io.Writer) error {
+ if len(valid) != r.r.Shards {
+ return ErrTooFewShards
+ }
+ if len(fill) != r.r.Shards {
+ return ErrTooFewShards
+ }
+
+ all := createSlice(r.r.Shards, r.bs)
+ reconDataOnly := true
+ for i := range valid {
+ if valid[i] != nil && fill[i] != nil {
+ return ErrReconstructMismatch
+ }
+ if i >= r.r.DataShards && fill[i] != nil {
+ reconDataOnly = false
+ }
+ }
+
+ read := 0
+ for {
+ err := r.readShards(all, valid)
+ if err == io.EOF {
+ if read == 0 {
+ return ErrShardNoData
+ }
+ return nil
+ }
+ if err != nil {
+ return err
+ }
+ read += shardSize(all)
+ all = trimShards(all, shardSize(all))
+
+ if reconDataOnly {
+ err = r.r.ReconstructData(all) // just reconstruct missing data shards
+ } else {
+ err = r.r.Reconstruct(all) // reconstruct all missing shards
+ }
+ if err != nil {
+ return err
+ }
+ err = r.writeShards(fill, all)
+ if err != nil {
+ return err
+ }
+ }
+}
+
+// Join the shards and write the data segment to dst.
+//
+// Only the data shards are considered.
+//
+// You must supply the exact output size you want.
+// If there are to few shards given, ErrTooFewShards will be returned.
+// If the total data size is less than outSize, ErrShortData will be returned.
+func (r rsStream) Join(dst io.Writer, shards []io.Reader, outSize int64) error {
+ // Do we have enough shards?
+ if len(shards) < r.r.DataShards {
+ return ErrTooFewShards
+ }
+
+ // Trim off parity shards if any
+ shards = shards[:r.r.DataShards]
+ for i := range shards {
+ if shards[i] == nil {
+ return StreamReadError{Err: ErrShardNoData, Stream: i}
+ }
+ }
+ // Join all shards
+ src := io.MultiReader(shards...)
+
+ // Copy data to dst
+ n, err := io.CopyN(dst, src, outSize)
+ if err == io.EOF {
+ return ErrShortData
+ }
+ if err != nil {
+ return err
+ }
+ if n != outSize {
+ return ErrShortData
+ }
+ return nil
+}
+
+// Split a an input stream into the number of shards given to the encoder.
+//
+// The data will be split into equally sized shards.
+// If the data size isn't dividable by the number of shards,
+// the last shard will contain extra zeros.
+//
+// You must supply the total size of your input.
+// 'ErrShortData' will be returned if it is unable to retrieve the
+// number of bytes indicated.
+func (r rsStream) Split(data io.Reader, dst []io.Writer, size int64) error {
+ if size == 0 {
+ return ErrShortData
+ }
+ if len(dst) != r.r.DataShards {
+ return ErrInvShardNum
+ }
+
+ for i := range dst {
+ if dst[i] == nil {
+ return StreamWriteError{Err: ErrShardNoData, Stream: i}
+ }
+ }
+
+ // Calculate number of bytes per shard.
+ perShard := (size + int64(r.r.DataShards) - 1) / int64(r.r.DataShards)
+
+ // Pad data to r.Shards*perShard.
+ padding := make([]byte, (int64(r.r.Shards)*perShard)-size)
+ data = io.MultiReader(data, bytes.NewBuffer(padding))
+
+ // Split into equal-length shards and copy.
+ for i := range dst {
+ n, err := io.CopyN(dst[i], data, perShard)
+ if err != io.EOF && err != nil {
+ return err
+ }
+ if n != perShard {
+ return ErrShortData
+ }
+ }
+
+ return nil
+}
diff --git a/vendor/github.com/nadoo/go-shadowsocks2/core/cipher.go b/vendor/github.com/nadoo/go-shadowsocks2/core/cipher.go
index 960c1e5..fd8be83 100644
--- a/vendor/github.com/nadoo/go-shadowsocks2/core/cipher.go
+++ b/vendor/github.com/nadoo/go-shadowsocks2/core/cipher.go
@@ -88,8 +88,8 @@ func PickCipher(name string, key []byte, password string) (Cipher, error) {
name = "AEAD_XCHACHA20_POLY1305"
case "AES-128-GCM":
name = "AEAD_AES_128_GCM"
- case "AES-196-GCM":
- name = "AEAD_AES_196_GCM"
+ case "AES-192-GCM":
+ name = "AEAD_AES_192_GCM"
case "AES-256-GCM":
name = "AEAD_AES_256_GCM"
}
diff --git a/vendor/github.com/pkg/errors/LICENSE b/vendor/github.com/pkg/errors/LICENSE
new file mode 100644
index 0000000..835ba3e
--- /dev/null
+++ b/vendor/github.com/pkg/errors/LICENSE
@@ -0,0 +1,23 @@
+Copyright (c) 2015, Dave Cheney
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/pkg/errors/README.md b/vendor/github.com/pkg/errors/README.md
new file mode 100644
index 0000000..6483ba2
--- /dev/null
+++ b/vendor/github.com/pkg/errors/README.md
@@ -0,0 +1,52 @@
+# errors [](https://travis-ci.org/pkg/errors) [](https://ci.appveyor.com/project/davecheney/errors/branch/master) [](http://godoc.org/github.com/pkg/errors) [](https://goreportcard.com/report/github.com/pkg/errors) [](https://sourcegraph.com/github.com/pkg/errors?badge)
+
+Package errors provides simple error handling primitives.
+
+`go get github.com/pkg/errors`
+
+The traditional error handling idiom in Go is roughly akin to
+```go
+if err != nil {
+ return err
+}
+```
+which applied recursively up the call stack results in error reports without context or debugging information. The errors package allows programmers to add context to the failure path in their code in a way that does not destroy the original value of the error.
+
+## Adding context to an error
+
+The errors.Wrap function returns a new error that adds context to the original error. For example
+```go
+_, err := ioutil.ReadAll(r)
+if err != nil {
+ return errors.Wrap(err, "read failed")
+}
+```
+## Retrieving the cause of an error
+
+Using `errors.Wrap` constructs a stack of errors, adding context to the preceding error. Depending on the nature of the error it may be necessary to reverse the operation of errors.Wrap to retrieve the original error for inspection. Any error value which implements this interface can be inspected by `errors.Cause`.
+```go
+type causer interface {
+ Cause() error
+}
+```
+`errors.Cause` will recursively retrieve the topmost error which does not implement `causer`, which is assumed to be the original cause. For example:
+```go
+switch err := errors.Cause(err).(type) {
+case *MyError:
+ // handle specifically
+default:
+ // unknown error
+}
+```
+
+[Read the package documentation for more information](https://godoc.org/github.com/pkg/errors).
+
+## Contributing
+
+We welcome pull requests, bug fixes and issue reports. With that said, the bar for adding new symbols to this package is intentionally set high.
+
+Before proposing a change, please discuss your change by raising an issue.
+
+## License
+
+BSD-2-Clause
diff --git a/vendor/github.com/pkg/errors/appveyor.yml b/vendor/github.com/pkg/errors/appveyor.yml
new file mode 100644
index 0000000..a932ead
--- /dev/null
+++ b/vendor/github.com/pkg/errors/appveyor.yml
@@ -0,0 +1,32 @@
+version: build-{build}.{branch}
+
+clone_folder: C:\gopath\src\github.com\pkg\errors
+shallow_clone: true # for startup speed
+
+environment:
+ GOPATH: C:\gopath
+
+platform:
+ - x64
+
+# http://www.appveyor.com/docs/installed-software
+install:
+ # some helpful output for debugging builds
+ - go version
+ - go env
+ # pre-installed MinGW at C:\MinGW is 32bit only
+ # but MSYS2 at C:\msys64 has mingw64
+ - set PATH=C:\msys64\mingw64\bin;%PATH%
+ - gcc --version
+ - g++ --version
+
+build_script:
+ - go install -v ./...
+
+test_script:
+ - set PATH=C:\gopath\bin;%PATH%
+ - go test -v ./...
+
+#artifacts:
+# - path: '%GOPATH%\bin\*.exe'
+deploy: off
diff --git a/vendor/github.com/pkg/errors/errors.go b/vendor/github.com/pkg/errors/errors.go
new file mode 100644
index 0000000..1963d86
--- /dev/null
+++ b/vendor/github.com/pkg/errors/errors.go
@@ -0,0 +1,282 @@
+// Package errors provides simple error handling primitives.
+//
+// The traditional error handling idiom in Go is roughly akin to
+//
+// if err != nil {
+// return err
+// }
+//
+// which when applied recursively up the call stack results in error reports
+// without context or debugging information. The errors package allows
+// programmers to add context to the failure path in their code in a way
+// that does not destroy the original value of the error.
+//
+// Adding context to an error
+//
+// The errors.Wrap function returns a new error that adds context to the
+// original error by recording a stack trace at the point Wrap is called,
+// together with the supplied message. For example
+//
+// _, err := ioutil.ReadAll(r)
+// if err != nil {
+// return errors.Wrap(err, "read failed")
+// }
+//
+// If additional control is required, the errors.WithStack and
+// errors.WithMessage functions destructure errors.Wrap into its component
+// operations: annotating an error with a stack trace and with a message,
+// respectively.
+//
+// Retrieving the cause of an error
+//
+// Using errors.Wrap constructs a stack of errors, adding context to the
+// preceding error. Depending on the nature of the error it may be necessary
+// to reverse the operation of errors.Wrap to retrieve the original error
+// for inspection. Any error value which implements this interface
+//
+// type causer interface {
+// Cause() error
+// }
+//
+// can be inspected by errors.Cause. errors.Cause will recursively retrieve
+// the topmost error that does not implement causer, which is assumed to be
+// the original cause. For example:
+//
+// switch err := errors.Cause(err).(type) {
+// case *MyError:
+// // handle specifically
+// default:
+// // unknown error
+// }
+//
+// Although the causer interface is not exported by this package, it is
+// considered a part of its stable public interface.
+//
+// Formatted printing of errors
+//
+// All error values returned from this package implement fmt.Formatter and can
+// be formatted by the fmt package. The following verbs are supported:
+//
+// %s print the error. If the error has a Cause it will be
+// printed recursively.
+// %v see %s
+// %+v extended format. Each Frame of the error's StackTrace will
+// be printed in detail.
+//
+// Retrieving the stack trace of an error or wrapper
+//
+// New, Errorf, Wrap, and Wrapf record a stack trace at the point they are
+// invoked. This information can be retrieved with the following interface:
+//
+// type stackTracer interface {
+// StackTrace() errors.StackTrace
+// }
+//
+// The returned errors.StackTrace type is defined as
+//
+// type StackTrace []Frame
+//
+// The Frame type represents a call site in the stack trace. Frame supports
+// the fmt.Formatter interface that can be used for printing information about
+// the stack trace of this error. For example:
+//
+// if err, ok := err.(stackTracer); ok {
+// for _, f := range err.StackTrace() {
+// fmt.Printf("%+s:%d", f)
+// }
+// }
+//
+// Although the stackTracer interface is not exported by this package, it is
+// considered a part of its stable public interface.
+//
+// See the documentation for Frame.Format for more details.
+package errors
+
+import (
+ "fmt"
+ "io"
+)
+
+// New returns an error with the supplied message.
+// New also records the stack trace at the point it was called.
+func New(message string) error {
+ return &fundamental{
+ msg: message,
+ stack: callers(),
+ }
+}
+
+// Errorf formats according to a format specifier and returns the string
+// as a value that satisfies error.
+// Errorf also records the stack trace at the point it was called.
+func Errorf(format string, args ...interface{}) error {
+ return &fundamental{
+ msg: fmt.Sprintf(format, args...),
+ stack: callers(),
+ }
+}
+
+// fundamental is an error that has a message and a stack, but no caller.
+type fundamental struct {
+ msg string
+ *stack
+}
+
+func (f *fundamental) Error() string { return f.msg }
+
+func (f *fundamental) Format(s fmt.State, verb rune) {
+ switch verb {
+ case 'v':
+ if s.Flag('+') {
+ io.WriteString(s, f.msg)
+ f.stack.Format(s, verb)
+ return
+ }
+ fallthrough
+ case 's':
+ io.WriteString(s, f.msg)
+ case 'q':
+ fmt.Fprintf(s, "%q", f.msg)
+ }
+}
+
+// WithStack annotates err with a stack trace at the point WithStack was called.
+// If err is nil, WithStack returns nil.
+func WithStack(err error) error {
+ if err == nil {
+ return nil
+ }
+ return &withStack{
+ err,
+ callers(),
+ }
+}
+
+type withStack struct {
+ error
+ *stack
+}
+
+func (w *withStack) Cause() error { return w.error }
+
+func (w *withStack) Format(s fmt.State, verb rune) {
+ switch verb {
+ case 'v':
+ if s.Flag('+') {
+ fmt.Fprintf(s, "%+v", w.Cause())
+ w.stack.Format(s, verb)
+ return
+ }
+ fallthrough
+ case 's':
+ io.WriteString(s, w.Error())
+ case 'q':
+ fmt.Fprintf(s, "%q", w.Error())
+ }
+}
+
+// Wrap returns an error annotating err with a stack trace
+// at the point Wrap is called, and the supplied message.
+// If err is nil, Wrap returns nil.
+func Wrap(err error, message string) error {
+ if err == nil {
+ return nil
+ }
+ err = &withMessage{
+ cause: err,
+ msg: message,
+ }
+ return &withStack{
+ err,
+ callers(),
+ }
+}
+
+// Wrapf returns an error annotating err with a stack trace
+// at the point Wrapf is called, and the format specifier.
+// If err is nil, Wrapf returns nil.
+func Wrapf(err error, format string, args ...interface{}) error {
+ if err == nil {
+ return nil
+ }
+ err = &withMessage{
+ cause: err,
+ msg: fmt.Sprintf(format, args...),
+ }
+ return &withStack{
+ err,
+ callers(),
+ }
+}
+
+// WithMessage annotates err with a new message.
+// If err is nil, WithMessage returns nil.
+func WithMessage(err error, message string) error {
+ if err == nil {
+ return nil
+ }
+ return &withMessage{
+ cause: err,
+ msg: message,
+ }
+}
+
+// WithMessagef annotates err with the format specifier.
+// If err is nil, WithMessagef returns nil.
+func WithMessagef(err error, format string, args ...interface{}) error {
+ if err == nil {
+ return nil
+ }
+ return &withMessage{
+ cause: err,
+ msg: fmt.Sprintf(format, args...),
+ }
+}
+
+type withMessage struct {
+ cause error
+ msg string
+}
+
+func (w *withMessage) Error() string { return w.msg + ": " + w.cause.Error() }
+func (w *withMessage) Cause() error { return w.cause }
+
+func (w *withMessage) Format(s fmt.State, verb rune) {
+ switch verb {
+ case 'v':
+ if s.Flag('+') {
+ fmt.Fprintf(s, "%+v\n", w.Cause())
+ io.WriteString(s, w.msg)
+ return
+ }
+ fallthrough
+ case 's', 'q':
+ io.WriteString(s, w.Error())
+ }
+}
+
+// Cause returns the underlying cause of the error, if possible.
+// An error value has a cause if it implements the following
+// interface:
+//
+// type causer interface {
+// Cause() error
+// }
+//
+// If the error does not implement Cause, the original error will
+// be returned. If the error is nil, nil will be returned without further
+// investigation.
+func Cause(err error) error {
+ type causer interface {
+ Cause() error
+ }
+
+ for err != nil {
+ cause, ok := err.(causer)
+ if !ok {
+ break
+ }
+ err = cause.Cause()
+ }
+ return err
+}
diff --git a/vendor/github.com/pkg/errors/stack.go b/vendor/github.com/pkg/errors/stack.go
new file mode 100644
index 0000000..2874a04
--- /dev/null
+++ b/vendor/github.com/pkg/errors/stack.go
@@ -0,0 +1,147 @@
+package errors
+
+import (
+ "fmt"
+ "io"
+ "path"
+ "runtime"
+ "strings"
+)
+
+// Frame represents a program counter inside a stack frame.
+type Frame uintptr
+
+// pc returns the program counter for this frame;
+// multiple frames may have the same PC value.
+func (f Frame) pc() uintptr { return uintptr(f) - 1 }
+
+// file returns the full path to the file that contains the
+// function for this Frame's pc.
+func (f Frame) file() string {
+ fn := runtime.FuncForPC(f.pc())
+ if fn == nil {
+ return "unknown"
+ }
+ file, _ := fn.FileLine(f.pc())
+ return file
+}
+
+// line returns the line number of source code of the
+// function for this Frame's pc.
+func (f Frame) line() int {
+ fn := runtime.FuncForPC(f.pc())
+ if fn == nil {
+ return 0
+ }
+ _, line := fn.FileLine(f.pc())
+ return line
+}
+
+// Format formats the frame according to the fmt.Formatter interface.
+//
+// %s source file
+// %d source line
+// %n function name
+// %v equivalent to %s:%d
+//
+// Format accepts flags that alter the printing of some verbs, as follows:
+//
+// %+s function name and path of source file relative to the compile time
+// GOPATH separated by \n\t (\n\t)
+// %+v equivalent to %+s:%d
+func (f Frame) Format(s fmt.State, verb rune) {
+ switch verb {
+ case 's':
+ switch {
+ case s.Flag('+'):
+ pc := f.pc()
+ fn := runtime.FuncForPC(pc)
+ if fn == nil {
+ io.WriteString(s, "unknown")
+ } else {
+ file, _ := fn.FileLine(pc)
+ fmt.Fprintf(s, "%s\n\t%s", fn.Name(), file)
+ }
+ default:
+ io.WriteString(s, path.Base(f.file()))
+ }
+ case 'd':
+ fmt.Fprintf(s, "%d", f.line())
+ case 'n':
+ name := runtime.FuncForPC(f.pc()).Name()
+ io.WriteString(s, funcname(name))
+ case 'v':
+ f.Format(s, 's')
+ io.WriteString(s, ":")
+ f.Format(s, 'd')
+ }
+}
+
+// StackTrace is stack of Frames from innermost (newest) to outermost (oldest).
+type StackTrace []Frame
+
+// Format formats the stack of Frames according to the fmt.Formatter interface.
+//
+// %s lists source files for each Frame in the stack
+// %v lists the source file and line number for each Frame in the stack
+//
+// Format accepts flags that alter the printing of some verbs, as follows:
+//
+// %+v Prints filename, function, and line number for each Frame in the stack.
+func (st StackTrace) Format(s fmt.State, verb rune) {
+ switch verb {
+ case 'v':
+ switch {
+ case s.Flag('+'):
+ for _, f := range st {
+ fmt.Fprintf(s, "\n%+v", f)
+ }
+ case s.Flag('#'):
+ fmt.Fprintf(s, "%#v", []Frame(st))
+ default:
+ fmt.Fprintf(s, "%v", []Frame(st))
+ }
+ case 's':
+ fmt.Fprintf(s, "%s", []Frame(st))
+ }
+}
+
+// stack represents a stack of program counters.
+type stack []uintptr
+
+func (s *stack) Format(st fmt.State, verb rune) {
+ switch verb {
+ case 'v':
+ switch {
+ case st.Flag('+'):
+ for _, pc := range *s {
+ f := Frame(pc)
+ fmt.Fprintf(st, "\n%+v", f)
+ }
+ }
+ }
+}
+
+func (s *stack) StackTrace() StackTrace {
+ f := make([]Frame, len(*s))
+ for i := 0; i < len(f); i++ {
+ f[i] = Frame((*s)[i])
+ }
+ return f
+}
+
+func callers() *stack {
+ const depth = 32
+ var pcs [depth]uintptr
+ n := runtime.Callers(3, pcs[:])
+ var st stack = pcs[0:n]
+ return &st
+}
+
+// funcname removes the path prefix component of a function's name reported by func.Name().
+func funcname(name string) string {
+ i := strings.LastIndex(name, "/")
+ name = name[i+1:]
+ i = strings.Index(name, ".")
+ return name[i+1:]
+}
diff --git a/vendor/github.com/templexxx/cpufeat/LICENSE b/vendor/github.com/templexxx/cpufeat/LICENSE
new file mode 100644
index 0000000..ea5ea89
--- /dev/null
+++ b/vendor/github.com/templexxx/cpufeat/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+ * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/vendor/github.com/templexxx/cpufeat/README.md b/vendor/github.com/templexxx/cpufeat/README.md
new file mode 100644
index 0000000..16afe53
--- /dev/null
+++ b/vendor/github.com/templexxx/cpufeat/README.md
@@ -0,0 +1 @@
+see: https://github.com/templexxx/cpu
diff --git a/vendor/github.com/templexxx/cpufeat/cpu.go b/vendor/github.com/templexxx/cpufeat/cpu.go
new file mode 100644
index 0000000..dd5a949
--- /dev/null
+++ b/vendor/github.com/templexxx/cpufeat/cpu.go
@@ -0,0 +1,33 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cpu implements processor feature detection
+// used by the Go standard libary.
+package cpufeat
+
+var X86 x86
+
+// The booleans in x86 contain the correspondingly named cpuid feature bit.
+// HasAVX and HasAVX2 are only set if the OS does support XMM and YMM registers
+// in addition to the cpuid feature bit being set.
+// The struct is padded to avoid false sharing.
+type x86 struct {
+ _ [CacheLineSize]byte
+ HasAES bool
+ HasAVX bool
+ HasAVX2 bool
+ HasAVX512 bool
+ HasBMI1 bool
+ HasBMI2 bool
+ HasERMS bool
+ HasOSXSAVE bool
+ HasPCLMULQDQ bool
+ HasPOPCNT bool
+ HasSSE2 bool
+ HasSSE3 bool
+ HasSSSE3 bool
+ HasSSE41 bool
+ HasSSE42 bool
+ _ [CacheLineSize]byte
+}
diff --git a/vendor/github.com/templexxx/cpufeat/cpu_arm.go b/vendor/github.com/templexxx/cpufeat/cpu_arm.go
new file mode 100644
index 0000000..b3eb5a9
--- /dev/null
+++ b/vendor/github.com/templexxx/cpufeat/cpu_arm.go
@@ -0,0 +1,7 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpufeat
+
+const CacheLineSize = 32
diff --git a/vendor/github.com/templexxx/cpufeat/cpu_arm64.go b/vendor/github.com/templexxx/cpufeat/cpu_arm64.go
new file mode 100644
index 0000000..b3eb5a9
--- /dev/null
+++ b/vendor/github.com/templexxx/cpufeat/cpu_arm64.go
@@ -0,0 +1,7 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpufeat
+
+const CacheLineSize = 32
diff --git a/vendor/github.com/templexxx/cpufeat/cpu_mips.go b/vendor/github.com/templexxx/cpufeat/cpu_mips.go
new file mode 100644
index 0000000..b3eb5a9
--- /dev/null
+++ b/vendor/github.com/templexxx/cpufeat/cpu_mips.go
@@ -0,0 +1,7 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpufeat
+
+const CacheLineSize = 32
diff --git a/vendor/github.com/templexxx/cpufeat/cpu_mips64.go b/vendor/github.com/templexxx/cpufeat/cpu_mips64.go
new file mode 100644
index 0000000..b3eb5a9
--- /dev/null
+++ b/vendor/github.com/templexxx/cpufeat/cpu_mips64.go
@@ -0,0 +1,7 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpufeat
+
+const CacheLineSize = 32
diff --git a/vendor/github.com/templexxx/cpufeat/cpu_mips64le.go b/vendor/github.com/templexxx/cpufeat/cpu_mips64le.go
new file mode 100644
index 0000000..b3eb5a9
--- /dev/null
+++ b/vendor/github.com/templexxx/cpufeat/cpu_mips64le.go
@@ -0,0 +1,7 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpufeat
+
+const CacheLineSize = 32
diff --git a/vendor/github.com/templexxx/cpufeat/cpu_mipsle.go b/vendor/github.com/templexxx/cpufeat/cpu_mipsle.go
new file mode 100644
index 0000000..b3eb5a9
--- /dev/null
+++ b/vendor/github.com/templexxx/cpufeat/cpu_mipsle.go
@@ -0,0 +1,7 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpufeat
+
+const CacheLineSize = 32
diff --git a/vendor/github.com/templexxx/cpufeat/cpu_ppc64.go b/vendor/github.com/templexxx/cpufeat/cpu_ppc64.go
new file mode 100644
index 0000000..1e738e3
--- /dev/null
+++ b/vendor/github.com/templexxx/cpufeat/cpu_ppc64.go
@@ -0,0 +1,7 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpufeat
+
+const CacheLineSize = 128
diff --git a/vendor/github.com/templexxx/cpufeat/cpu_ppc64le.go b/vendor/github.com/templexxx/cpufeat/cpu_ppc64le.go
new file mode 100644
index 0000000..1e738e3
--- /dev/null
+++ b/vendor/github.com/templexxx/cpufeat/cpu_ppc64le.go
@@ -0,0 +1,7 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpufeat
+
+const CacheLineSize = 128
diff --git a/vendor/github.com/templexxx/cpufeat/cpu_s390x.go b/vendor/github.com/templexxx/cpufeat/cpu_s390x.go
new file mode 100644
index 0000000..17be8fe
--- /dev/null
+++ b/vendor/github.com/templexxx/cpufeat/cpu_s390x.go
@@ -0,0 +1,7 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpufeat
+
+const CacheLineSize = 256
diff --git a/vendor/github.com/templexxx/cpufeat/cpu_x86.go b/vendor/github.com/templexxx/cpufeat/cpu_x86.go
new file mode 100644
index 0000000..19d6d22
--- /dev/null
+++ b/vendor/github.com/templexxx/cpufeat/cpu_x86.go
@@ -0,0 +1,70 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+
+package cpufeat
+
+const CacheLineSize = 64
+
+// cpuid is implemented in cpu_x86.s.
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
+
+// xgetbv with ecx = 0 is implemented in cpu_x86.s.
+func xgetbv() (eax, edx uint32)
+
+func init() {
+ maxId, _, _, _ := cpuid(0, 0)
+
+ if maxId < 1 {
+ return
+ }
+
+ _, _, ecx1, edx1 := cpuid(1, 0)
+ X86.HasSSE2 = isSet(26, edx1)
+
+ X86.HasSSE3 = isSet(0, ecx1)
+ X86.HasPCLMULQDQ = isSet(1, ecx1)
+ X86.HasSSSE3 = isSet(9, ecx1)
+ X86.HasSSE41 = isSet(19, ecx1)
+ X86.HasSSE42 = isSet(20, ecx1)
+ X86.HasPOPCNT = isSet(23, ecx1)
+ X86.HasAES = isSet(25, ecx1)
+ X86.HasOSXSAVE = isSet(27, ecx1)
+
+ osSupportsAVX := false
+ osSupportAVX512 := false
+ // For XGETBV, OSXSAVE bit is required and sufficient.
+ if X86.HasOSXSAVE {
+ eax, _ := xgetbv()
+ // Check if XMM and YMM registers have OS support.
+ osSupportsAVX = isSet(1, eax) && isSet(2, eax)
+ // Check is ZMM registers have OS support.
+ osSupportAVX512 = (eax>>5)&7 == 7 && (eax>>1)&3 == 3
+ }
+
+ X86.HasAVX = isSet(28, ecx1) && osSupportsAVX
+
+ if maxId < 7 {
+ return
+ }
+
+ _, ebx7, _, _ := cpuid(7, 0)
+ X86.HasBMI1 = isSet(3, ebx7)
+ X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX
+ X86.HasBMI2 = isSet(8, ebx7)
+ X86.HasERMS = isSet(9, ebx7)
+ X86.HasAVX512 = hasAVX512(ebx7) && osSupportAVX512
+}
+
+func isSet(bitpos uint, value uint32) bool {
+ return value&(1< 0 {
+ wordBytes := w * wordSize
+ fastXORWords(dst[:wordBytes], a[:wordBytes], b[:wordBytes])
+ }
+ for i := n - n%wordSize; i < n; i++ {
+ dst[i] = a[i] ^ b[i]
+ }
+}
+
+func safeXORBytes(dst, a, b []byte, n int) {
+ ex := n % 8
+ for i := 0; i < ex; i++ {
+ dst[i] = a[i] ^ b[i]
+ }
+
+ for i := ex; i < n; i += 8 {
+ _dst := dst[i : i+8]
+ _a := a[i : i+8]
+ _b := b[i : i+8]
+ _dst[0] = _a[0] ^ _b[0]
+ _dst[1] = _a[1] ^ _b[1]
+ _dst[2] = _a[2] ^ _b[2]
+ _dst[3] = _a[3] ^ _b[3]
+
+ _dst[4] = _a[4] ^ _b[4]
+ _dst[5] = _a[5] ^ _b[5]
+ _dst[6] = _a[6] ^ _b[6]
+ _dst[7] = _a[7] ^ _b[7]
+ }
+}
+
+// fastXORWords XORs multiples of 4 or 8 bytes (depending on architecture.)
+// The arguments are assumed to be of equal length.
+func fastXORWords(dst, a, b []byte) {
+ dw := *(*[]uintptr)(unsafe.Pointer(&dst))
+ aw := *(*[]uintptr)(unsafe.Pointer(&a))
+ bw := *(*[]uintptr)(unsafe.Pointer(&b))
+ n := len(b) / wordSize
+ ex := n % 8
+ for i := 0; i < ex; i++ {
+ dw[i] = aw[i] ^ bw[i]
+ }
+
+ for i := ex; i < n; i += 8 {
+ _dw := dw[i : i+8]
+ _aw := aw[i : i+8]
+ _bw := bw[i : i+8]
+ _dw[0] = _aw[0] ^ _bw[0]
+ _dw[1] = _aw[1] ^ _bw[1]
+ _dw[2] = _aw[2] ^ _bw[2]
+ _dw[3] = _aw[3] ^ _bw[3]
+ _dw[4] = _aw[4] ^ _bw[4]
+ _dw[5] = _aw[5] ^ _bw[5]
+ _dw[6] = _aw[6] ^ _bw[6]
+ _dw[7] = _aw[7] ^ _bw[7]
+ }
+}
diff --git a/vendor/github.com/templexxx/xor/sse2_amd64.s b/vendor/github.com/templexxx/xor/sse2_amd64.s
new file mode 100644
index 0000000..d7f702b
--- /dev/null
+++ b/vendor/github.com/templexxx/xor/sse2_amd64.s
@@ -0,0 +1,574 @@
+#include "textflag.h"
+
+// addr of mem
+#define DST BX
+#define SRC SI
+#define SRC0 TMP4
+#define SRC1 TMP5
+
+// loop args
+// num of vect
+#define VECT CX
+#define LEN DX
+// pos of matrix
+#define POS R8
+
+// tmp store
+// num of vect or ...
+#define TMP1 R9
+// pos of matrix or ...
+#define TMP2 R10
+// store addr of data/parity or ...
+#define TMP3 R11
+#define TMP4 R12
+#define TMP5 R13
+#define TMP6 R14
+
+// func bytesSrc0(dst, src0, src1 []byte)
+TEXT ·xorSrc0(SB), NOSPLIT, $0
+ MOVQ len+32(FP), LEN
+ CMPQ LEN, $0
+ JE ret
+ MOVQ dst+0(FP), DST
+ MOVQ src0+24(FP), SRC0
+ MOVQ src1+48(FP), SRC1
+ TESTQ $15, LEN
+ JNZ not_aligned
+
+aligned:
+ MOVQ $0, POS
+
+loop16b:
+ MOVOU (SRC0)(POS*1), X0
+ XORPD (SRC1)(POS*1), X0
+ MOVOU X0, (DST)(POS*1)
+ ADDQ $16, POS
+ CMPQ LEN, POS
+ JNE loop16b
+ RET
+
+loop_1b:
+ MOVB -1(SRC0)(LEN*1), TMP1
+ MOVB -1(SRC1)(LEN*1), TMP2
+ XORB TMP1, TMP2
+ MOVB TMP2, -1(DST)(LEN*1)
+ SUBQ $1, LEN
+ TESTQ $7, LEN
+ JNZ loop_1b
+ CMPQ LEN, $0
+ JE ret
+ TESTQ $15, LEN
+ JZ aligned
+
+not_aligned:
+ TESTQ $7, LEN
+ JNE loop_1b
+ MOVQ LEN, TMP1
+ ANDQ $15, TMP1
+
+loop_8b:
+ MOVQ -8(SRC0)(LEN*1), TMP2
+ MOVQ -8(SRC1)(LEN*1), TMP3
+ XORQ TMP2, TMP3
+ MOVQ TMP3, -8(DST)(LEN*1)
+ SUBQ $8, LEN
+ SUBQ $8, TMP1
+ JG loop_8b
+
+ CMPQ LEN, $16
+ JGE aligned
+ RET
+
+ret:
+ RET
+
+// func bytesSrc1(dst, src0, src1 []byte)
+TEXT ·xorSrc1(SB), NOSPLIT, $0
+ MOVQ len+56(FP), LEN
+ CMPQ LEN, $0
+ JE ret
+ MOVQ dst+0(FP), DST
+ MOVQ src0+24(FP), SRC0
+ MOVQ src1+48(FP), SRC1
+ TESTQ $15, LEN
+ JNZ not_aligned
+
+aligned:
+ MOVQ $0, POS
+
+loop16b:
+ MOVOU (SRC0)(POS*1), X0
+ XORPD (SRC1)(POS*1), X0
+ MOVOU X0, (DST)(POS*1)
+ ADDQ $16, POS
+ CMPQ LEN, POS
+ JNE loop16b
+ RET
+
+loop_1b:
+ MOVB -1(SRC0)(LEN*1), TMP1
+ MOVB -1(SRC1)(LEN*1), TMP2
+ XORB TMP1, TMP2
+ MOVB TMP2, -1(DST)(LEN*1)
+ SUBQ $1, LEN
+ TESTQ $7, LEN
+ JNZ loop_1b
+ CMPQ LEN, $0
+ JE ret
+ TESTQ $15, LEN
+ JZ aligned
+
+not_aligned:
+ TESTQ $7, LEN
+ JNE loop_1b
+ MOVQ LEN, TMP1
+ ANDQ $15, TMP1
+
+loop_8b:
+ MOVQ -8(SRC0)(LEN*1), TMP2
+ MOVQ -8(SRC1)(LEN*1), TMP3
+ XORQ TMP2, TMP3
+ MOVQ TMP3, -8(DST)(LEN*1)
+ SUBQ $8, LEN
+ SUBQ $8, TMP1
+ JG loop_8b
+
+ CMPQ LEN, $16
+ JGE aligned
+ RET
+
+ret:
+ RET
+
+// func bytesSSE2mini(dst, src0, src1 []byte, size int)
+TEXT ·bytesSSE2mini(SB), NOSPLIT, $0
+ MOVQ len+72(FP), LEN
+ CMPQ LEN, $0
+ JE ret
+ MOVQ dst+0(FP), DST
+ MOVQ src0+24(FP), SRC0
+ MOVQ src1+48(FP), SRC1
+ TESTQ $15, LEN
+ JNZ not_aligned
+
+aligned:
+ MOVQ $0, POS
+
+loop16b:
+ MOVOU (SRC0)(POS*1), X0
+ XORPD (SRC1)(POS*1), X0
+
+ // MOVOU (SRC1)(POS*1), X4
+ // PXOR X4, X0
+ MOVOU X0, (DST)(POS*1)
+ ADDQ $16, POS
+ CMPQ LEN, POS
+ JNE loop16b
+ RET
+
+loop_1b:
+ MOVB -1(SRC0)(LEN*1), TMP1
+ MOVB -1(SRC1)(LEN*1), TMP2
+ XORB TMP1, TMP2
+ MOVB TMP2, -1(DST)(LEN*1)
+ SUBQ $1, LEN
+ TESTQ $7, LEN
+ JNZ loop_1b
+ CMPQ LEN, $0
+ JE ret
+ TESTQ $15, LEN
+ JZ aligned
+
+not_aligned:
+ TESTQ $7, LEN
+ JNE loop_1b
+ MOVQ LEN, TMP1
+ ANDQ $15, TMP1
+
+loop_8b:
+ MOVQ -8(SRC0)(LEN*1), TMP2
+ MOVQ -8(SRC1)(LEN*1), TMP3
+ XORQ TMP2, TMP3
+ MOVQ TMP3, -8(DST)(LEN*1)
+ SUBQ $8, LEN
+ SUBQ $8, TMP1
+ JG loop_8b
+
+ CMPQ LEN, $16
+ JGE aligned
+ RET
+
+ret:
+ RET
+
+// func bytesSSE2small(dst, src0, src1 []byte, size int)
+TEXT ·bytesSSE2small(SB), NOSPLIT, $0
+ MOVQ len+72(FP), LEN
+ CMPQ LEN, $0
+ JE ret
+ MOVQ dst+0(FP), DST
+ MOVQ src0+24(FP), SRC0
+ MOVQ src1+48(FP), SRC1
+ TESTQ $63, LEN
+ JNZ not_aligned
+
+aligned:
+ MOVQ $0, POS
+
+loop64b:
+ MOVOU (SRC0)(POS*1), X0
+ MOVOU 16(SRC0)(POS*1), X1
+ MOVOU 32(SRC0)(POS*1), X2
+ MOVOU 48(SRC0)(POS*1), X3
+
+ MOVOU (SRC1)(POS*1), X4
+ MOVOU 16(SRC1)(POS*1), X5
+ MOVOU 32(SRC1)(POS*1), X6
+ MOVOU 48(SRC1)(POS*1), X7
+
+ PXOR X4, X0
+ PXOR X5, X1
+ PXOR X6, X2
+ PXOR X7, X3
+
+ MOVOU X0, (DST)(POS*1)
+ MOVOU X1, 16(DST)(POS*1)
+ MOVOU X2, 32(DST)(POS*1)
+ MOVOU X3, 48(DST)(POS*1)
+
+ ADDQ $64, POS
+ CMPQ LEN, POS
+ JNE loop64b
+ RET
+
+loop_1b:
+ MOVB -1(SRC0)(LEN*1), TMP1
+ MOVB -1(SRC1)(LEN*1), TMP2
+ XORB TMP1, TMP2
+ MOVB TMP2, -1(DST)(LEN*1)
+ SUBQ $1, LEN
+ TESTQ $7, LEN
+ JNZ loop_1b
+ CMPQ LEN, $0
+ JE ret
+ TESTQ $63, LEN
+ JZ aligned
+
+not_aligned:
+ TESTQ $7, LEN
+ JNE loop_1b
+ MOVQ LEN, TMP1
+ ANDQ $63, TMP1
+
+loop_8b:
+ MOVQ -8(SRC0)(LEN*1), TMP2
+ MOVQ -8(SRC1)(LEN*1), TMP3
+ XORQ TMP2, TMP3
+ MOVQ TMP3, -8(DST)(LEN*1)
+ SUBQ $8, LEN
+ SUBQ $8, TMP1
+ JG loop_8b
+
+ CMPQ LEN, $64
+ JGE aligned
+ RET
+
+ret:
+ RET
+
+// func bytesSSE2big(dst, src0, src1 []byte, size int)
+TEXT ·bytesSSE2big(SB), NOSPLIT, $0
+ MOVQ len+72(FP), LEN
+ CMPQ LEN, $0
+ JE ret
+ MOVQ dst+0(FP), DST
+ MOVQ src0+24(FP), SRC0
+ MOVQ src1+48(FP), SRC1
+ TESTQ $63, LEN
+ JNZ not_aligned
+
+aligned:
+ MOVQ $0, POS
+
+loop64b:
+ MOVOU (SRC0)(POS*1), X0
+ MOVOU 16(SRC0)(POS*1), X1
+ MOVOU 32(SRC0)(POS*1), X2
+ MOVOU 48(SRC0)(POS*1), X3
+
+ MOVOU (SRC1)(POS*1), X4
+ MOVOU 16(SRC1)(POS*1), X5
+ MOVOU 32(SRC1)(POS*1), X6
+ MOVOU 48(SRC1)(POS*1), X7
+
+ PXOR X4, X0
+ PXOR X5, X1
+ PXOR X6, X2
+ PXOR X7, X3
+
+ LONG $0xe70f4266; WORD $0x0304 // MOVNTDQ
+ LONG $0xe70f4266; WORD $0x034c; BYTE $0x10
+ LONG $0xe70f4266; WORD $0x0354; BYTE $0x20
+ LONG $0xe70f4266; WORD $0x035c; BYTE $0x30
+
+ ADDQ $64, POS
+ CMPQ LEN, POS
+ JNE loop64b
+ RET
+
+loop_1b:
+ MOVB -1(SRC0)(LEN*1), TMP1
+ MOVB -1(SRC1)(LEN*1), TMP2
+ XORB TMP1, TMP2
+ MOVB TMP2, -1(DST)(LEN*1)
+ SUBQ $1, LEN
+ TESTQ $7, LEN
+ JNZ loop_1b
+ CMPQ LEN, $0
+ JE ret
+ TESTQ $63, LEN
+ JZ aligned
+
+not_aligned:
+ TESTQ $7, LEN
+ JNE loop_1b
+ MOVQ LEN, TMP1
+ ANDQ $63, TMP1
+
+loop_8b:
+ MOVQ -8(SRC0)(LEN*1), TMP2
+ MOVQ -8(SRC1)(LEN*1), TMP3
+ XORQ TMP2, TMP3
+ MOVQ TMP3, -8(DST)(LEN*1)
+ SUBQ $8, LEN
+ SUBQ $8, TMP1
+ JG loop_8b
+
+ CMPQ LEN, $64
+ JGE aligned
+ RET
+
+ret:
+ RET
+
+// func matrixSSE2small(dst []byte, src [][]byte)
+TEXT ·matrixSSE2small(SB), NOSPLIT, $0
+ MOVQ dst+0(FP), DST
+ MOVQ src+24(FP), SRC
+ MOVQ vec+32(FP), VECT
+ MOVQ len+8(FP), LEN
+ TESTQ $63, LEN
+ JNZ not_aligned
+
+aligned:
+ MOVQ $0, POS
+
+loop64b:
+ MOVQ VECT, TMP1
+ SUBQ $2, TMP1
+ MOVQ $0, TMP2
+ MOVQ (SRC)(TMP2*1), TMP3
+ MOVQ TMP3, TMP4
+ MOVOU (TMP3)(POS*1), X0
+ MOVOU 16(TMP4)(POS*1), X1
+ MOVOU 32(TMP3)(POS*1), X2
+ MOVOU 48(TMP4)(POS*1), X3
+
+next_vect:
+ ADDQ $24, TMP2
+ MOVQ (SRC)(TMP2*1), TMP3
+ MOVQ TMP3, TMP4
+ MOVOU (TMP3)(POS*1), X4
+ MOVOU 16(TMP4)(POS*1), X5
+ MOVOU 32(TMP3)(POS*1), X6
+ MOVOU 48(TMP4)(POS*1), X7
+ PXOR X4, X0
+ PXOR X5, X1
+ PXOR X6, X2
+ PXOR X7, X3
+ SUBQ $1, TMP1
+ JGE next_vect
+
+ MOVOU X0, (DST)(POS*1)
+ MOVOU X1, 16(DST)(POS*1)
+ MOVOU X2, 32(DST)(POS*1)
+ MOVOU X3, 48(DST)(POS*1)
+
+ ADDQ $64, POS
+ CMPQ LEN, POS
+ JNE loop64b
+ RET
+
+loop_1b:
+ MOVQ VECT, TMP1
+ MOVQ $0, TMP2
+ MOVQ (SRC)(TMP2*1), TMP3
+ SUBQ $2, TMP1
+ MOVB -1(TMP3)(LEN*1), TMP5
+
+next_vect_1b:
+ ADDQ $24, TMP2
+ MOVQ (SRC)(TMP2*1), TMP3
+ MOVB -1(TMP3)(LEN*1), TMP6
+ XORB TMP6, TMP5
+ SUBQ $1, TMP1
+ JGE next_vect_1b
+
+ MOVB TMP5, -1(DST)(LEN*1)
+ SUBQ $1, LEN
+ TESTQ $7, LEN
+ JNZ loop_1b
+
+ CMPQ LEN, $0
+ JE ret
+ TESTQ $63, LEN
+ JZ aligned
+
+not_aligned:
+ TESTQ $7, LEN
+ JNE loop_1b
+ MOVQ LEN, TMP4
+ ANDQ $63, TMP4
+
+loop_8b:
+ MOVQ VECT, TMP1
+ MOVQ $0, TMP2
+ MOVQ (SRC)(TMP2*1), TMP3
+ SUBQ $2, TMP1
+ MOVQ -8(TMP3)(LEN*1), TMP5
+
+next_vect_8b:
+ ADDQ $24, TMP2
+ MOVQ (SRC)(TMP2*1), TMP3
+ MOVQ -8(TMP3)(LEN*1), TMP6
+ XORQ TMP6, TMP5
+ SUBQ $1, TMP1
+ JGE next_vect_8b
+
+ MOVQ TMP5, -8(DST)(LEN*1)
+ SUBQ $8, LEN
+ SUBQ $8, TMP4
+ JG loop_8b
+
+ CMPQ LEN, $64
+ JGE aligned
+ RET
+
+ret:
+ RET
+
+// func matrixSSE2big(dst []byte, src [][]byte)
+TEXT ·matrixSSE2big(SB), NOSPLIT, $0
+ MOVQ dst+0(FP), DST
+ MOVQ src+24(FP), SRC
+ MOVQ vec+32(FP), VECT
+ MOVQ len+8(FP), LEN
+ TESTQ $63, LEN
+ JNZ not_aligned
+
+aligned:
+ MOVQ $0, POS
+
+loop64b:
+ MOVQ VECT, TMP1
+ SUBQ $2, TMP1
+ MOVQ $0, TMP2
+ MOVQ (SRC)(TMP2*1), TMP3
+ MOVQ TMP3, TMP4
+ MOVOU (TMP3)(POS*1), X0
+ MOVOU 16(TMP4)(POS*1), X1
+ MOVOU 32(TMP3)(POS*1), X2
+ MOVOU 48(TMP4)(POS*1), X3
+
+next_vect:
+ ADDQ $24, TMP2
+ MOVQ (SRC)(TMP2*1), TMP3
+ MOVQ TMP3, TMP4
+ MOVOU (TMP3)(POS*1), X4
+ MOVOU 16(TMP4)(POS*1), X5
+ MOVOU 32(TMP3)(POS*1), X6
+ MOVOU 48(TMP4)(POS*1), X7
+ PXOR X4, X0
+ PXOR X5, X1
+ PXOR X6, X2
+ PXOR X7, X3
+ SUBQ $1, TMP1
+ JGE next_vect
+
+ LONG $0xe70f4266; WORD $0x0304
+ LONG $0xe70f4266; WORD $0x034c; BYTE $0x10
+ LONG $0xe70f4266; WORD $0x0354; BYTE $0x20
+ LONG $0xe70f4266; WORD $0x035c; BYTE $0x30
+
+ ADDQ $64, POS
+ CMPQ LEN, POS
+ JNE loop64b
+ RET
+
+loop_1b:
+ MOVQ VECT, TMP1
+ MOVQ $0, TMP2
+ MOVQ (SRC)(TMP2*1), TMP3
+ SUBQ $2, TMP1
+ MOVB -1(TMP3)(LEN*1), TMP5
+
+next_vect_1b:
+ ADDQ $24, TMP2
+ MOVQ (SRC)(TMP2*1), TMP3
+ MOVB -1(TMP3)(LEN*1), TMP6
+ XORB TMP6, TMP5
+ SUBQ $1, TMP1
+ JGE next_vect_1b
+
+ MOVB TMP5, -1(DST)(LEN*1)
+ SUBQ $1, LEN
+ TESTQ $7, LEN
+ JNZ loop_1b
+
+ CMPQ LEN, $0
+ JE ret
+ TESTQ $63, LEN
+ JZ aligned
+
+not_aligned:
+ TESTQ $7, LEN
+ JNE loop_1b
+ MOVQ LEN, TMP4
+ ANDQ $63, TMP4
+
+loop_8b:
+ MOVQ VECT, TMP1
+ MOVQ $0, TMP2
+ MOVQ (SRC)(TMP2*1), TMP3
+ SUBQ $2, TMP1
+ MOVQ -8(TMP3)(LEN*1), TMP5
+
+next_vect_8b:
+ ADDQ $24, TMP2
+ MOVQ (SRC)(TMP2*1), TMP3
+ MOVQ -8(TMP3)(LEN*1), TMP6
+ XORQ TMP6, TMP5
+ SUBQ $1, TMP1
+ JGE next_vect_8b
+
+ MOVQ TMP5, -8(DST)(LEN*1)
+ SUBQ $8, LEN
+ SUBQ $8, TMP4
+ JG loop_8b
+
+ CMPQ LEN, $64
+ JGE aligned
+ RET
+
+ret:
+ RET
+
+TEXT ·hasSSE2(SB), NOSPLIT, $0
+ XORQ AX, AX
+ INCL AX
+ CPUID
+ SHRQ $26, DX
+ ANDQ $1, DX
+ MOVB DX, ret+0(FP)
+ RET
+
diff --git a/vendor/github.com/templexxx/xor/xor.go b/vendor/github.com/templexxx/xor/xor.go
new file mode 100644
index 0000000..2fa5616
--- /dev/null
+++ b/vendor/github.com/templexxx/xor/xor.go
@@ -0,0 +1,49 @@
+package xor
+
+// SIMD Extensions
+const (
+ none = iota
+ avx2
+ // first introduced by Intel with the initial version of the Pentium 4 in 2001
+ // so I think we can assume all amd64 has sse2
+ sse2
+)
+
+var extension = none
+
+// Bytes : chose the shortest one as xor size
+// it's better to use it for big data ( > 64bytes )
+func Bytes(dst, src0, src1 []byte) {
+ size := len(dst)
+ if size > len(src0) {
+ size = len(src0)
+ }
+ if size > len(src1) {
+ size = len(src1)
+ }
+ xorBytes(dst, src0, src1, size)
+}
+
+// BytesSameLen : all slice's length must be equal
+// cut size branch, save time for small data
+func BytesSameLen(dst, src0, src1 []byte) {
+ xorSrc1(dst, src0, src1)
+}
+
+// BytesSrc0 : src1 >= src0, dst >= src0
+// xor src0's len bytes
+func BytesSrc0(dst, src0, src1 []byte) {
+ xorSrc0(dst, src0, src1)
+}
+
+// BytesSrc1 : src0 >= src1, dst >= src1
+// xor src1's len bytes
+func BytesSrc1(dst, src0, src1 []byte) {
+ xorSrc1(dst, src0, src1)
+}
+
+// Matrix : all slice's length must be equal && != 0
+// len(src) must >= 2
+func Matrix(dst []byte, src [][]byte) {
+ xorMatrix(dst, src)
+}
diff --git a/vendor/github.com/templexxx/xor/xor_amd64.go b/vendor/github.com/templexxx/xor/xor_amd64.go
new file mode 100644
index 0000000..b449bc0
--- /dev/null
+++ b/vendor/github.com/templexxx/xor/xor_amd64.go
@@ -0,0 +1,120 @@
+package xor
+
+import "github.com/templexxx/cpufeat"
+
+func init() {
+ getEXT()
+}
+
+func getEXT() {
+ if cpufeat.X86.HasAVX2 {
+ extension = avx2
+ } else {
+ extension = sse2
+ }
+ return
+}
+
+func xorBytes(dst, src0, src1 []byte, size int) {
+ switch extension {
+ case avx2:
+ bytesAVX2(dst, src0, src1, size)
+ default:
+ bytesSSE2(dst, src0, src1, size)
+ }
+}
+
+// non-temporal hint store
+const nontmp = 8 * 1024
+const avx2loopsize = 128
+
+func bytesAVX2(dst, src0, src1 []byte, size int) {
+ if size < avx2loopsize {
+ bytesAVX2mini(dst, src0, src1, size)
+ } else if size >= avx2loopsize && size <= nontmp {
+ bytesAVX2small(dst, src0, src1, size)
+ } else {
+ bytesAVX2big(dst, src0, src1, size)
+ }
+}
+
+const sse2loopsize = 64
+
+func bytesSSE2(dst, src0, src1 []byte, size int) {
+ if size < sse2loopsize {
+ bytesSSE2mini(dst, src0, src1, size)
+ } else if size >= sse2loopsize && size <= nontmp {
+ bytesSSE2small(dst, src0, src1, size)
+ } else {
+ bytesSSE2big(dst, src0, src1, size)
+ }
+}
+
+func xorMatrix(dst []byte, src [][]byte) {
+ switch extension {
+ case avx2:
+ matrixAVX2(dst, src)
+ default:
+ matrixSSE2(dst, src)
+ }
+}
+
+func matrixAVX2(dst []byte, src [][]byte) {
+ size := len(dst)
+ if size > nontmp {
+ matrixAVX2big(dst, src)
+ } else {
+ matrixAVX2small(dst, src)
+ }
+}
+
+func matrixSSE2(dst []byte, src [][]byte) {
+ size := len(dst)
+ if size > nontmp {
+ matrixSSE2big(dst, src)
+ } else {
+ matrixSSE2small(dst, src)
+ }
+}
+
+//go:noescape
+func xorSrc0(dst, src0, src1 []byte)
+
+//go:noescape
+func xorSrc1(dst, src0, src1 []byte)
+
+//go:noescape
+func bytesAVX2mini(dst, src0, src1 []byte, size int)
+
+//go:noescape
+func bytesAVX2big(dst, src0, src1 []byte, size int)
+
+//go:noescape
+func bytesAVX2small(dst, src0, src1 []byte, size int)
+
+//go:noescape
+func bytesSSE2mini(dst, src0, src1 []byte, size int)
+
+//go:noescape
+func bytesSSE2small(dst, src0, src1 []byte, size int)
+
+//go:noescape
+func bytesSSE2big(dst, src0, src1 []byte, size int)
+
+//go:noescape
+func matrixAVX2small(dst []byte, src [][]byte)
+
+//go:noescape
+func matrixAVX2big(dst []byte, src [][]byte)
+
+//go:noescape
+func matrixSSE2small(dst []byte, src [][]byte)
+
+//go:noescape
+func matrixSSE2big(dst []byte, src [][]byte)
+
+//go:noescape
+func hasAVX2() bool
+
+//go:noescape
+func hasSSE2() bool
diff --git a/vendor/github.com/templexxx/xor/xor_other.go b/vendor/github.com/templexxx/xor/xor_other.go
new file mode 100644
index 0000000..4aa2967
--- /dev/null
+++ b/vendor/github.com/templexxx/xor/xor_other.go
@@ -0,0 +1,19 @@
+// +build !amd64 noasm
+
+package xor
+
+func xorBytes(dst, src0, src1 []byte, size int) {
+ bytesNoSIMD(dst, src0, src1, size)
+}
+
+func xorMatrix(dst []byte, src [][]byte) {
+ matrixNoSIMD(dst, src)
+}
+
+func xorSrc0(dst, src0, src1 []byte) {
+ bytesNoSIMD(dst, src0, src1, len(src0))
+}
+
+func xorSrc1(dst, src0, src1 []byte) {
+ bytesNoSIMD(dst, src0, src1, len(src1))
+}
diff --git a/vendor/github.com/tjfoc/gmsm/LICENSE b/vendor/github.com/tjfoc/gmsm/LICENSE
new file mode 100644
index 0000000..8dada3e
--- /dev/null
+++ b/vendor/github.com/tjfoc/gmsm/LICENSE
@@ -0,0 +1,201 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "{}"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright {yyyy} {name of copyright owner}
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/tjfoc/gmsm/sm4/sm4.go b/vendor/github.com/tjfoc/gmsm/sm4/sm4.go
new file mode 100644
index 0000000..1742933
--- /dev/null
+++ b/vendor/github.com/tjfoc/gmsm/sm4/sm4.go
@@ -0,0 +1,342 @@
+/*
+Copyright Suzhou Tongji Fintech Research Institute 2017 All Rights Reserved.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+sm4 acceration
+modified by Jack, 2017 Oct
+*/
+
+package sm4
+
+import (
+ "crypto/cipher"
+ "crypto/rand"
+ "crypto/x509"
+ "encoding/pem"
+ "errors"
+ "io/ioutil"
+ "os"
+ "strconv"
+)
+
+const BlockSize = 16
+
+type SM4Key []byte
+
+type KeySizeError int
+
+// Cipher is an instance of SM4 encryption.
+type Sm4Cipher struct {
+ subkeys []uint32
+ block1 []uint32
+ block2 []byte
+}
+
+// sm4密钥参量
+var fk = [4]uint32{
+ 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc,
+}
+
+// sm4密钥参量
+var ck = [32]uint32{
+ 0x00070e15, 0x1c232a31, 0x383f464d, 0x545b6269,
+ 0x70777e85, 0x8c939aa1, 0xa8afb6bd, 0xc4cbd2d9,
+ 0xe0e7eef5, 0xfc030a11, 0x181f262d, 0x343b4249,
+ 0x50575e65, 0x6c737a81, 0x888f969d, 0xa4abb2b9,
+ 0xc0c7ced5, 0xdce3eaf1, 0xf8ff060d, 0x141b2229,
+ 0x30373e45, 0x4c535a61, 0x686f767d, 0x848b9299,
+ 0xa0a7aeb5, 0xbcc3cad1, 0xd8dfe6ed, 0xf4fb0209,
+ 0x10171e25, 0x2c333a41, 0x484f565d, 0x646b7279,
+}
+
+// sm4密钥参量
+var sbox = [256]uint8{
+ 0xd6, 0x90, 0xe9, 0xfe, 0xcc, 0xe1, 0x3d, 0xb7, 0x16, 0xb6, 0x14, 0xc2, 0x28, 0xfb, 0x2c, 0x05,
+ 0x2b, 0x67, 0x9a, 0x76, 0x2a, 0xbe, 0x04, 0xc3, 0xaa, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99,
+ 0x9c, 0x42, 0x50, 0xf4, 0x91, 0xef, 0x98, 0x7a, 0x33, 0x54, 0x0b, 0x43, 0xed, 0xcf, 0xac, 0x62,
+ 0xe4, 0xb3, 0x1c, 0xa9, 0xc9, 0x08, 0xe8, 0x95, 0x80, 0xdf, 0x94, 0xfa, 0x75, 0x8f, 0x3f, 0xa6,
+ 0x47, 0x07, 0xa7, 0xfc, 0xf3, 0x73, 0x17, 0xba, 0x83, 0x59, 0x3c, 0x19, 0xe6, 0x85, 0x4f, 0xa8,
+ 0x68, 0x6b, 0x81, 0xb2, 0x71, 0x64, 0xda, 0x8b, 0xf8, 0xeb, 0x0f, 0x4b, 0x70, 0x56, 0x9d, 0x35,
+ 0x1e, 0x24, 0x0e, 0x5e, 0x63, 0x58, 0xd1, 0xa2, 0x25, 0x22, 0x7c, 0x3b, 0x01, 0x21, 0x78, 0x87,
+ 0xd4, 0x00, 0x46, 0x57, 0x9f, 0xd3, 0x27, 0x52, 0x4c, 0x36, 0x02, 0xe7, 0xa0, 0xc4, 0xc8, 0x9e,
+ 0xea, 0xbf, 0x8a, 0xd2, 0x40, 0xc7, 0x38, 0xb5, 0xa3, 0xf7, 0xf2, 0xce, 0xf9, 0x61, 0x15, 0xa1,
+ 0xe0, 0xae, 0x5d, 0xa4, 0x9b, 0x34, 0x1a, 0x55, 0xad, 0x93, 0x32, 0x30, 0xf5, 0x8c, 0xb1, 0xe3,
+ 0x1d, 0xf6, 0xe2, 0x2e, 0x82, 0x66, 0xca, 0x60, 0xc0, 0x29, 0x23, 0xab, 0x0d, 0x53, 0x4e, 0x6f,
+ 0xd5, 0xdb, 0x37, 0x45, 0xde, 0xfd, 0x8e, 0x2f, 0x03, 0xff, 0x6a, 0x72, 0x6d, 0x6c, 0x5b, 0x51,
+ 0x8d, 0x1b, 0xaf, 0x92, 0xbb, 0xdd, 0xbc, 0x7f, 0x11, 0xd9, 0x5c, 0x41, 0x1f, 0x10, 0x5a, 0xd8,
+ 0x0a, 0xc1, 0x31, 0x88, 0xa5, 0xcd, 0x7b, 0xbd, 0x2d, 0x74, 0xd0, 0x12, 0xb8, 0xe5, 0xb4, 0xb0,
+ 0x89, 0x69, 0x97, 0x4a, 0x0c, 0x96, 0x77, 0x7e, 0x65, 0xb9, 0xf1, 0x09, 0xc5, 0x6e, 0xc6, 0x84,
+ 0x18, 0xf0, 0x7d, 0xec, 0x3a, 0xdc, 0x4d, 0x20, 0x79, 0xee, 0x5f, 0x3e, 0xd7, 0xcb, 0x39, 0x48,
+}
+
+var sbox0 = [256]uint32{
+ 0xd55b5b8e, 0x924242d0, 0xeaa7a74d, 0xfdfbfb06, 0xcf3333fc, 0xe2878765, 0x3df4f4c9, 0xb5dede6b, 0x1658584e, 0xb4dada6e, 0x14505044, 0xc10b0bca, 0x28a0a088, 0xf8efef17, 0x2cb0b09c, 0x05141411,
+ 0x2bacac87, 0x669d9dfb, 0x986a6af2, 0x77d9d9ae, 0x2aa8a882, 0xbcfafa46, 0x04101014, 0xc00f0fcf, 0xa8aaaa02, 0x45111154, 0x134c4c5f, 0x269898be, 0x4825256d, 0x841a1a9e, 0x0618181e, 0x9b6666fd,
+ 0x9e7272ec, 0x4309094a, 0x51414110, 0xf7d3d324, 0x934646d5, 0xecbfbf53, 0x9a6262f8, 0x7be9e992, 0x33ccccff, 0x55515104, 0x0b2c2c27, 0x420d0d4f, 0xeeb7b759, 0xcc3f3ff3, 0xaeb2b21c, 0x638989ea,
+ 0xe7939374, 0xb1cece7f, 0x1c70706c, 0xaba6a60d, 0xca2727ed, 0x08202028, 0xeba3a348, 0x975656c1, 0x82020280, 0xdc7f7fa3, 0x965252c4, 0xf9ebeb12, 0x74d5d5a1, 0x8d3e3eb3, 0x3ffcfcc3, 0xa49a9a3e,
+ 0x461d1d5b, 0x071c1c1b, 0xa59e9e3b, 0xfff3f30c, 0xf0cfcf3f, 0x72cdcdbf, 0x175c5c4b, 0xb8eaea52, 0x810e0e8f, 0x5865653d, 0x3cf0f0cc, 0x1964647d, 0xe59b9b7e, 0x87161691, 0x4e3d3d73, 0xaaa2a208,
+ 0x69a1a1c8, 0x6aadadc7, 0x83060685, 0xb0caca7a, 0x70c5c5b5, 0x659191f4, 0xd96b6bb2, 0x892e2ea7, 0xfbe3e318, 0xe8afaf47, 0x0f3c3c33, 0x4a2d2d67, 0x71c1c1b0, 0x5759590e, 0x9f7676e9, 0x35d4d4e1,
+ 0x1e787866, 0x249090b4, 0x0e383836, 0x5f797926, 0x628d8def, 0x59616138, 0xd2474795, 0xa08a8a2a, 0x259494b1, 0x228888aa, 0x7df1f18c, 0x3bececd7, 0x01040405, 0x218484a5, 0x79e1e198, 0x851e1e9b,
+ 0xd7535384, 0x00000000, 0x4719195e, 0x565d5d0b, 0x9d7e7ee3, 0xd04f4f9f, 0x279c9cbb, 0x5349491a, 0x4d31317c, 0x36d8d8ee, 0x0208080a, 0xe49f9f7b, 0xa2828220, 0xc71313d4, 0xcb2323e8, 0x9c7a7ae6,
+ 0xe9abab42, 0xbdfefe43, 0x882a2aa2, 0xd14b4b9a, 0x41010140, 0xc41f1fdb, 0x38e0e0d8, 0xb7d6d661, 0xa18e8e2f, 0xf4dfdf2b, 0xf1cbcb3a, 0xcd3b3bf6, 0xfae7e71d, 0x608585e5, 0x15545441, 0xa3868625,
+ 0xe3838360, 0xacbaba16, 0x5c757529, 0xa6929234, 0x996e6ef7, 0x34d0d0e4, 0x1a686872, 0x54555501, 0xafb6b619, 0x914e4edf, 0x32c8c8fa, 0x30c0c0f0, 0xf6d7d721, 0x8e3232bc, 0xb3c6c675, 0xe08f8f6f,
+ 0x1d747469, 0xf5dbdb2e, 0xe18b8b6a, 0x2eb8b896, 0x800a0a8a, 0x679999fe, 0xc92b2be2, 0x618181e0, 0xc30303c0, 0x29a4a48d, 0x238c8caf, 0xa9aeae07, 0x0d343439, 0x524d4d1f, 0x4f393976, 0x6ebdbdd3,
+ 0xd6575781, 0xd86f6fb7, 0x37dcdceb, 0x44151551, 0xdd7b7ba6, 0xfef7f709, 0x8c3a3ab6, 0x2fbcbc93, 0x030c0c0f, 0xfcffff03, 0x6ba9a9c2, 0x73c9c9ba, 0x6cb5b5d9, 0x6db1b1dc, 0x5a6d6d37, 0x50454515,
+ 0x8f3636b9, 0x1b6c6c77, 0xadbebe13, 0x904a4ada, 0xb9eeee57, 0xde7777a9, 0xbef2f24c, 0x7efdfd83, 0x11444455, 0xda6767bd, 0x5d71712c, 0x40050545, 0x1f7c7c63, 0x10404050, 0x5b696932, 0xdb6363b8,
+ 0x0a282822, 0xc20707c5, 0x31c4c4f5, 0x8a2222a8, 0xa7969631, 0xce3737f9, 0x7aeded97, 0xbff6f649, 0x2db4b499, 0x75d1d1a4, 0xd3434390, 0x1248485a, 0xbae2e258, 0xe6979771, 0xb6d2d264, 0xb2c2c270,
+ 0x8b2626ad, 0x68a5a5cd, 0x955e5ecb, 0x4b292962, 0x0c30303c, 0x945a5ace, 0x76ddddab, 0x7ff9f986, 0x649595f1, 0xbbe6e65d, 0xf2c7c735, 0x0924242d, 0xc61717d1, 0x6fb9b9d6, 0xc51b1bde, 0x86121294,
+ 0x18606078, 0xf3c3c330, 0x7cf5f589, 0xefb3b35c, 0x3ae8e8d2, 0xdf7373ac, 0x4c353579, 0x208080a0, 0x78e5e59d, 0xedbbbb56, 0x5e7d7d23, 0x3ef8f8c6, 0xd45f5f8b, 0xc82f2fe7, 0x39e4e4dd, 0x49212168,
+}
+
+var sbox1 = [256]uint32{
+ 0x5b5b8ed5, 0x4242d092, 0xa7a74dea, 0xfbfb06fd, 0x3333fccf, 0x878765e2, 0xf4f4c93d, 0xdede6bb5, 0x58584e16, 0xdada6eb4, 0x50504414, 0x0b0bcac1, 0xa0a08828, 0xefef17f8, 0xb0b09c2c, 0x14141105,
+ 0xacac872b, 0x9d9dfb66, 0x6a6af298, 0xd9d9ae77, 0xa8a8822a, 0xfafa46bc, 0x10101404, 0x0f0fcfc0, 0xaaaa02a8, 0x11115445, 0x4c4c5f13, 0x9898be26, 0x25256d48, 0x1a1a9e84, 0x18181e06, 0x6666fd9b,
+ 0x7272ec9e, 0x09094a43, 0x41411051, 0xd3d324f7, 0x4646d593, 0xbfbf53ec, 0x6262f89a, 0xe9e9927b, 0xccccff33, 0x51510455, 0x2c2c270b, 0x0d0d4f42, 0xb7b759ee, 0x3f3ff3cc, 0xb2b21cae, 0x8989ea63,
+ 0x939374e7, 0xcece7fb1, 0x70706c1c, 0xa6a60dab, 0x2727edca, 0x20202808, 0xa3a348eb, 0x5656c197, 0x02028082, 0x7f7fa3dc, 0x5252c496, 0xebeb12f9, 0xd5d5a174, 0x3e3eb38d, 0xfcfcc33f, 0x9a9a3ea4,
+ 0x1d1d5b46, 0x1c1c1b07, 0x9e9e3ba5, 0xf3f30cff, 0xcfcf3ff0, 0xcdcdbf72, 0x5c5c4b17, 0xeaea52b8, 0x0e0e8f81, 0x65653d58, 0xf0f0cc3c, 0x64647d19, 0x9b9b7ee5, 0x16169187, 0x3d3d734e, 0xa2a208aa,
+ 0xa1a1c869, 0xadadc76a, 0x06068583, 0xcaca7ab0, 0xc5c5b570, 0x9191f465, 0x6b6bb2d9, 0x2e2ea789, 0xe3e318fb, 0xafaf47e8, 0x3c3c330f, 0x2d2d674a, 0xc1c1b071, 0x59590e57, 0x7676e99f, 0xd4d4e135,
+ 0x7878661e, 0x9090b424, 0x3838360e, 0x7979265f, 0x8d8def62, 0x61613859, 0x474795d2, 0x8a8a2aa0, 0x9494b125, 0x8888aa22, 0xf1f18c7d, 0xececd73b, 0x04040501, 0x8484a521, 0xe1e19879, 0x1e1e9b85,
+ 0x535384d7, 0x00000000, 0x19195e47, 0x5d5d0b56, 0x7e7ee39d, 0x4f4f9fd0, 0x9c9cbb27, 0x49491a53, 0x31317c4d, 0xd8d8ee36, 0x08080a02, 0x9f9f7be4, 0x828220a2, 0x1313d4c7, 0x2323e8cb, 0x7a7ae69c,
+ 0xabab42e9, 0xfefe43bd, 0x2a2aa288, 0x4b4b9ad1, 0x01014041, 0x1f1fdbc4, 0xe0e0d838, 0xd6d661b7, 0x8e8e2fa1, 0xdfdf2bf4, 0xcbcb3af1, 0x3b3bf6cd, 0xe7e71dfa, 0x8585e560, 0x54544115, 0x868625a3,
+ 0x838360e3, 0xbaba16ac, 0x7575295c, 0x929234a6, 0x6e6ef799, 0xd0d0e434, 0x6868721a, 0x55550154, 0xb6b619af, 0x4e4edf91, 0xc8c8fa32, 0xc0c0f030, 0xd7d721f6, 0x3232bc8e, 0xc6c675b3, 0x8f8f6fe0,
+ 0x7474691d, 0xdbdb2ef5, 0x8b8b6ae1, 0xb8b8962e, 0x0a0a8a80, 0x9999fe67, 0x2b2be2c9, 0x8181e061, 0x0303c0c3, 0xa4a48d29, 0x8c8caf23, 0xaeae07a9, 0x3434390d, 0x4d4d1f52, 0x3939764f, 0xbdbdd36e,
+ 0x575781d6, 0x6f6fb7d8, 0xdcdceb37, 0x15155144, 0x7b7ba6dd, 0xf7f709fe, 0x3a3ab68c, 0xbcbc932f, 0x0c0c0f03, 0xffff03fc, 0xa9a9c26b, 0xc9c9ba73, 0xb5b5d96c, 0xb1b1dc6d, 0x6d6d375a, 0x45451550,
+ 0x3636b98f, 0x6c6c771b, 0xbebe13ad, 0x4a4ada90, 0xeeee57b9, 0x7777a9de, 0xf2f24cbe, 0xfdfd837e, 0x44445511, 0x6767bdda, 0x71712c5d, 0x05054540, 0x7c7c631f, 0x40405010, 0x6969325b, 0x6363b8db,
+ 0x2828220a, 0x0707c5c2, 0xc4c4f531, 0x2222a88a, 0x969631a7, 0x3737f9ce, 0xeded977a, 0xf6f649bf, 0xb4b4992d, 0xd1d1a475, 0x434390d3, 0x48485a12, 0xe2e258ba, 0x979771e6, 0xd2d264b6, 0xc2c270b2,
+ 0x2626ad8b, 0xa5a5cd68, 0x5e5ecb95, 0x2929624b, 0x30303c0c, 0x5a5ace94, 0xddddab76, 0xf9f9867f, 0x9595f164, 0xe6e65dbb, 0xc7c735f2, 0x24242d09, 0x1717d1c6, 0xb9b9d66f, 0x1b1bdec5, 0x12129486,
+ 0x60607818, 0xc3c330f3, 0xf5f5897c, 0xb3b35cef, 0xe8e8d23a, 0x7373acdf, 0x3535794c, 0x8080a020, 0xe5e59d78, 0xbbbb56ed, 0x7d7d235e, 0xf8f8c63e, 0x5f5f8bd4, 0x2f2fe7c8, 0xe4e4dd39, 0x21216849,
+}
+
+var sbox2 = [256]uint32{
+ 0x5b8ed55b, 0x42d09242, 0xa74deaa7, 0xfb06fdfb, 0x33fccf33, 0x8765e287, 0xf4c93df4, 0xde6bb5de, 0x584e1658, 0xda6eb4da, 0x50441450, 0x0bcac10b, 0xa08828a0, 0xef17f8ef, 0xb09c2cb0, 0x14110514,
+ 0xac872bac, 0x9dfb669d, 0x6af2986a, 0xd9ae77d9, 0xa8822aa8, 0xfa46bcfa, 0x10140410, 0x0fcfc00f, 0xaa02a8aa, 0x11544511, 0x4c5f134c, 0x98be2698, 0x256d4825, 0x1a9e841a, 0x181e0618, 0x66fd9b66,
+ 0x72ec9e72, 0x094a4309, 0x41105141, 0xd324f7d3, 0x46d59346, 0xbf53ecbf, 0x62f89a62, 0xe9927be9, 0xccff33cc, 0x51045551, 0x2c270b2c, 0x0d4f420d, 0xb759eeb7, 0x3ff3cc3f, 0xb21caeb2, 0x89ea6389,
+ 0x9374e793, 0xce7fb1ce, 0x706c1c70, 0xa60daba6, 0x27edca27, 0x20280820, 0xa348eba3, 0x56c19756, 0x02808202, 0x7fa3dc7f, 0x52c49652, 0xeb12f9eb, 0xd5a174d5, 0x3eb38d3e, 0xfcc33ffc, 0x9a3ea49a,
+ 0x1d5b461d, 0x1c1b071c, 0x9e3ba59e, 0xf30cfff3, 0xcf3ff0cf, 0xcdbf72cd, 0x5c4b175c, 0xea52b8ea, 0x0e8f810e, 0x653d5865, 0xf0cc3cf0, 0x647d1964, 0x9b7ee59b, 0x16918716, 0x3d734e3d, 0xa208aaa2,
+ 0xa1c869a1, 0xadc76aad, 0x06858306, 0xca7ab0ca, 0xc5b570c5, 0x91f46591, 0x6bb2d96b, 0x2ea7892e, 0xe318fbe3, 0xaf47e8af, 0x3c330f3c, 0x2d674a2d, 0xc1b071c1, 0x590e5759, 0x76e99f76, 0xd4e135d4,
+ 0x78661e78, 0x90b42490, 0x38360e38, 0x79265f79, 0x8def628d, 0x61385961, 0x4795d247, 0x8a2aa08a, 0x94b12594, 0x88aa2288, 0xf18c7df1, 0xecd73bec, 0x04050104, 0x84a52184, 0xe19879e1, 0x1e9b851e,
+ 0x5384d753, 0x00000000, 0x195e4719, 0x5d0b565d, 0x7ee39d7e, 0x4f9fd04f, 0x9cbb279c, 0x491a5349, 0x317c4d31, 0xd8ee36d8, 0x080a0208, 0x9f7be49f, 0x8220a282, 0x13d4c713, 0x23e8cb23, 0x7ae69c7a,
+ 0xab42e9ab, 0xfe43bdfe, 0x2aa2882a, 0x4b9ad14b, 0x01404101, 0x1fdbc41f, 0xe0d838e0, 0xd661b7d6, 0x8e2fa18e, 0xdf2bf4df, 0xcb3af1cb, 0x3bf6cd3b, 0xe71dfae7, 0x85e56085, 0x54411554, 0x8625a386,
+ 0x8360e383, 0xba16acba, 0x75295c75, 0x9234a692, 0x6ef7996e, 0xd0e434d0, 0x68721a68, 0x55015455, 0xb619afb6, 0x4edf914e, 0xc8fa32c8, 0xc0f030c0, 0xd721f6d7, 0x32bc8e32, 0xc675b3c6, 0x8f6fe08f,
+ 0x74691d74, 0xdb2ef5db, 0x8b6ae18b, 0xb8962eb8, 0x0a8a800a, 0x99fe6799, 0x2be2c92b, 0x81e06181, 0x03c0c303, 0xa48d29a4, 0x8caf238c, 0xae07a9ae, 0x34390d34, 0x4d1f524d, 0x39764f39, 0xbdd36ebd,
+ 0x5781d657, 0x6fb7d86f, 0xdceb37dc, 0x15514415, 0x7ba6dd7b, 0xf709fef7, 0x3ab68c3a, 0xbc932fbc, 0x0c0f030c, 0xff03fcff, 0xa9c26ba9, 0xc9ba73c9, 0xb5d96cb5, 0xb1dc6db1, 0x6d375a6d, 0x45155045,
+ 0x36b98f36, 0x6c771b6c, 0xbe13adbe, 0x4ada904a, 0xee57b9ee, 0x77a9de77, 0xf24cbef2, 0xfd837efd, 0x44551144, 0x67bdda67, 0x712c5d71, 0x05454005, 0x7c631f7c, 0x40501040, 0x69325b69, 0x63b8db63,
+ 0x28220a28, 0x07c5c207, 0xc4f531c4, 0x22a88a22, 0x9631a796, 0x37f9ce37, 0xed977aed, 0xf649bff6, 0xb4992db4, 0xd1a475d1, 0x4390d343, 0x485a1248, 0xe258bae2, 0x9771e697, 0xd264b6d2, 0xc270b2c2,
+ 0x26ad8b26, 0xa5cd68a5, 0x5ecb955e, 0x29624b29, 0x303c0c30, 0x5ace945a, 0xddab76dd, 0xf9867ff9, 0x95f16495, 0xe65dbbe6, 0xc735f2c7, 0x242d0924, 0x17d1c617, 0xb9d66fb9, 0x1bdec51b, 0x12948612,
+ 0x60781860, 0xc330f3c3, 0xf5897cf5, 0xb35cefb3, 0xe8d23ae8, 0x73acdf73, 0x35794c35, 0x80a02080, 0xe59d78e5, 0xbb56edbb, 0x7d235e7d, 0xf8c63ef8, 0x5f8bd45f, 0x2fe7c82f, 0xe4dd39e4, 0x21684921,
+}
+
+var sbox3 = [256]uint32{
+ 0x8ed55b5b, 0xd0924242, 0x4deaa7a7, 0x06fdfbfb, 0xfccf3333, 0x65e28787, 0xc93df4f4, 0x6bb5dede, 0x4e165858, 0x6eb4dada, 0x44145050, 0xcac10b0b, 0x8828a0a0, 0x17f8efef, 0x9c2cb0b0, 0x11051414,
+ 0x872bacac, 0xfb669d9d, 0xf2986a6a, 0xae77d9d9, 0x822aa8a8, 0x46bcfafa, 0x14041010, 0xcfc00f0f, 0x02a8aaaa, 0x54451111, 0x5f134c4c, 0xbe269898, 0x6d482525, 0x9e841a1a, 0x1e061818, 0xfd9b6666,
+ 0xec9e7272, 0x4a430909, 0x10514141, 0x24f7d3d3, 0xd5934646, 0x53ecbfbf, 0xf89a6262, 0x927be9e9, 0xff33cccc, 0x04555151, 0x270b2c2c, 0x4f420d0d, 0x59eeb7b7, 0xf3cc3f3f, 0x1caeb2b2, 0xea638989,
+ 0x74e79393, 0x7fb1cece, 0x6c1c7070, 0x0daba6a6, 0xedca2727, 0x28082020, 0x48eba3a3, 0xc1975656, 0x80820202, 0xa3dc7f7f, 0xc4965252, 0x12f9ebeb, 0xa174d5d5, 0xb38d3e3e, 0xc33ffcfc, 0x3ea49a9a,
+ 0x5b461d1d, 0x1b071c1c, 0x3ba59e9e, 0x0cfff3f3, 0x3ff0cfcf, 0xbf72cdcd, 0x4b175c5c, 0x52b8eaea, 0x8f810e0e, 0x3d586565, 0xcc3cf0f0, 0x7d196464, 0x7ee59b9b, 0x91871616, 0x734e3d3d, 0x08aaa2a2,
+ 0xc869a1a1, 0xc76aadad, 0x85830606, 0x7ab0caca, 0xb570c5c5, 0xf4659191, 0xb2d96b6b, 0xa7892e2e, 0x18fbe3e3, 0x47e8afaf, 0x330f3c3c, 0x674a2d2d, 0xb071c1c1, 0x0e575959, 0xe99f7676, 0xe135d4d4,
+ 0x661e7878, 0xb4249090, 0x360e3838, 0x265f7979, 0xef628d8d, 0x38596161, 0x95d24747, 0x2aa08a8a, 0xb1259494, 0xaa228888, 0x8c7df1f1, 0xd73becec, 0x05010404, 0xa5218484, 0x9879e1e1, 0x9b851e1e,
+ 0x84d75353, 0x00000000, 0x5e471919, 0x0b565d5d, 0xe39d7e7e, 0x9fd04f4f, 0xbb279c9c, 0x1a534949, 0x7c4d3131, 0xee36d8d8, 0x0a020808, 0x7be49f9f, 0x20a28282, 0xd4c71313, 0xe8cb2323, 0xe69c7a7a,
+ 0x42e9abab, 0x43bdfefe, 0xa2882a2a, 0x9ad14b4b, 0x40410101, 0xdbc41f1f, 0xd838e0e0, 0x61b7d6d6, 0x2fa18e8e, 0x2bf4dfdf, 0x3af1cbcb, 0xf6cd3b3b, 0x1dfae7e7, 0xe5608585, 0x41155454, 0x25a38686,
+ 0x60e38383, 0x16acbaba, 0x295c7575, 0x34a69292, 0xf7996e6e, 0xe434d0d0, 0x721a6868, 0x01545555, 0x19afb6b6, 0xdf914e4e, 0xfa32c8c8, 0xf030c0c0, 0x21f6d7d7, 0xbc8e3232, 0x75b3c6c6, 0x6fe08f8f,
+ 0x691d7474, 0x2ef5dbdb, 0x6ae18b8b, 0x962eb8b8, 0x8a800a0a, 0xfe679999, 0xe2c92b2b, 0xe0618181, 0xc0c30303, 0x8d29a4a4, 0xaf238c8c, 0x07a9aeae, 0x390d3434, 0x1f524d4d, 0x764f3939, 0xd36ebdbd,
+ 0x81d65757, 0xb7d86f6f, 0xeb37dcdc, 0x51441515, 0xa6dd7b7b, 0x09fef7f7, 0xb68c3a3a, 0x932fbcbc, 0x0f030c0c, 0x03fcffff, 0xc26ba9a9, 0xba73c9c9, 0xd96cb5b5, 0xdc6db1b1, 0x375a6d6d, 0x15504545,
+ 0xb98f3636, 0x771b6c6c, 0x13adbebe, 0xda904a4a, 0x57b9eeee, 0xa9de7777, 0x4cbef2f2, 0x837efdfd, 0x55114444, 0xbdda6767, 0x2c5d7171, 0x45400505, 0x631f7c7c, 0x50104040, 0x325b6969, 0xb8db6363,
+ 0x220a2828, 0xc5c20707, 0xf531c4c4, 0xa88a2222, 0x31a79696, 0xf9ce3737, 0x977aeded, 0x49bff6f6, 0x992db4b4, 0xa475d1d1, 0x90d34343, 0x5a124848, 0x58bae2e2, 0x71e69797, 0x64b6d2d2, 0x70b2c2c2,
+ 0xad8b2626, 0xcd68a5a5, 0xcb955e5e, 0x624b2929, 0x3c0c3030, 0xce945a5a, 0xab76dddd, 0x867ff9f9, 0xf1649595, 0x5dbbe6e6, 0x35f2c7c7, 0x2d092424, 0xd1c61717, 0xd66fb9b9, 0xdec51b1b, 0x94861212,
+ 0x78186060, 0x30f3c3c3, 0x897cf5f5, 0x5cefb3b3, 0xd23ae8e8, 0xacdf7373, 0x794c3535, 0xa0208080, 0x9d78e5e5, 0x56edbbbb, 0x235e7d7d, 0xc63ef8f8, 0x8bd45f5f, 0xe7c82f2f, 0xdd39e4e4, 0x68492121,
+}
+
+func rl(x uint32, i uint8) uint32 { return (x << (i % 32)) | (x >> (32 - (i % 32))) }
+
+func l0(b uint32) uint32 { return b ^ rl(b, 13) ^ rl(b, 23) }
+
+func feistel0(x0, x1, x2, x3, rk uint32) uint32 { return x0 ^ l0(p(x1^x2^x3^rk)) }
+
+//非线性变换τ(.)
+func p(a uint32) uint32 {
+ return (uint32(sbox[a>>24]) << 24) ^ (uint32(sbox[(a>>16)&0xff]) << 16) ^ (uint32(sbox[(a>>8)&0xff]) << 8) ^ uint32(sbox[(a)&0xff])
+}
+
+func permuteInitialBlock(b []uint32, block []byte) {
+ for i := 0; i < 4; i++ {
+ b[i] = (uint32(block[i*4]) << 24) | (uint32(block[i*4+1]) << 16) |
+ (uint32(block[i*4+2]) << 8) | (uint32(block[i*4+3]))
+ }
+}
+
+func permuteFinalBlock(b []byte, block []uint32) {
+ for i := 0; i < 4; i++ {
+ b[i*4] = uint8(block[i] >> 24)
+ b[i*4+1] = uint8(block[i] >> 16)
+ b[i*4+2] = uint8(block[i] >> 8)
+ b[i*4+3] = uint8(block[i])
+ }
+}
+
+//修改后的加密核心函数
+func cryptBlock(subkeys []uint32, b []uint32, r []byte, dst, src []byte, decrypt bool) {
+ var x uint32
+ permuteInitialBlock(b, src)
+ if decrypt {
+ for i := 0; i < 8; i++ {
+ x = b[1] ^ b[2] ^ b[3] ^ subkeys[31-4*i]
+ b[0] = b[0] ^ sbox0[x&0xff] ^ sbox1[(x>>8)&0xff] ^ sbox2[(x>>16)&0xff] ^ sbox3[(x>>24)&0xff]
+ x = b[0] ^ b[2] ^ b[3] ^ subkeys[31-4*i-1]
+ b[1] = b[1] ^ sbox0[x&0xff] ^ sbox1[(x>>8)&0xff] ^ sbox2[(x>>16)&0xff] ^ sbox3[(x>>24)&0xff]
+ x = b[0] ^ b[1] ^ b[3] ^ subkeys[31-4*i-2]
+ b[2] = b[2] ^ sbox0[x&0xff] ^ sbox1[(x>>8)&0xff] ^ sbox2[(x>>16)&0xff] ^ sbox3[(x>>24)&0xff]
+ x = b[1] ^ b[2] ^ b[0] ^ subkeys[31-4*i-3]
+ b[3] = b[3] ^ sbox0[x&0xff] ^ sbox1[(x>>8)&0xff] ^ sbox2[(x>>16)&0xff] ^ sbox3[(x>>24)&0xff]
+ }
+ } else {
+ for i := 0; i < 8; i++ {
+ x = b[1] ^ b[2] ^ b[3] ^ subkeys[4*i]
+ b[0] = b[0] ^ sbox0[x&0xff] ^ sbox1[(x>>8)&0xff] ^ sbox2[(x>>16)&0xff] ^ sbox3[(x>>24)&0xff]
+ x = b[0] ^ b[2] ^ b[3] ^ subkeys[4*i+1]
+ b[1] = b[1] ^ sbox0[x&0xff] ^ sbox1[(x>>8)&0xff] ^ sbox2[(x>>16)&0xff] ^ sbox3[(x>>24)&0xff]
+ x = b[0] ^ b[1] ^ b[3] ^ subkeys[4*i+2]
+ b[2] = b[2] ^ sbox0[x&0xff] ^ sbox1[(x>>8)&0xff] ^ sbox2[(x>>16)&0xff] ^ sbox3[(x>>24)&0xff]
+ x = b[1] ^ b[2] ^ b[0] ^ subkeys[4*i+3]
+ b[3] = b[3] ^ sbox0[x&0xff] ^ sbox1[(x>>8)&0xff] ^ sbox2[(x>>16)&0xff] ^ sbox3[(x>>24)&0xff]
+ }
+ }
+ b[0], b[1], b[2], b[3] = b[3], b[2], b[1], b[0]
+ permuteFinalBlock(r, b)
+ copy(dst, r)
+}
+
+func generateSubKeys(key []byte) []uint32 {
+ subkeys := make([]uint32, 32)
+ b := make([]uint32, 4)
+ permuteInitialBlock(b, key)
+ b[0] ^= fk[0]
+ b[1] ^= fk[1]
+ b[2] ^= fk[2]
+ b[3] ^= fk[3]
+ for i := 0; i < 32; i++ {
+ subkeys[i] = feistel0(b[0], b[1], b[2], b[3], ck[i])
+ b[0], b[1], b[2], b[3] = b[1], b[2], b[3], subkeys[i]
+ }
+ return subkeys
+}
+
+func EncryptBlock(key SM4Key, dst, src []byte) {
+ subkeys := generateSubKeys(key)
+ cryptBlock(subkeys, make([]uint32, 4), make([]byte, 16), dst, src, false)
+}
+
+func DecryptBlock(key SM4Key, dst, src []byte) {
+ subkeys := generateSubKeys(key)
+ cryptBlock(subkeys, make([]uint32, 4), make([]byte, 16), dst, src, true)
+}
+
+func ReadKeyFromMem(data []byte, pwd []byte) (SM4Key, error) {
+ block, _ := pem.Decode(data)
+ if x509.IsEncryptedPEMBlock(block) {
+ if block.Type != "SM4 ENCRYPTED KEY" {
+ return nil, errors.New("SM4: unknown type")
+ }
+ if pwd == nil {
+ return nil, errors.New("SM4: need passwd")
+ }
+ data, err := x509.DecryptPEMBlock(block, pwd)
+ if err != nil {
+ return nil, err
+ }
+ return data, nil
+ }
+ if block.Type != "SM4 KEY" {
+ return nil, errors.New("SM4: unknown type")
+ }
+ return block.Bytes, nil
+}
+
+func ReadKeyFromPem(FileName string, pwd []byte) (SM4Key, error) {
+ data, err := ioutil.ReadFile(FileName)
+ if err != nil {
+ return nil, err
+ }
+ return ReadKeyFromMem(data, pwd)
+}
+
+func WriteKeytoMem(key SM4Key, pwd []byte) ([]byte, error) {
+ if pwd != nil {
+ block, err := x509.EncryptPEMBlock(rand.Reader,
+ "SM4 ENCRYPTED KEY", key, pwd, x509.PEMCipherAES256)
+ if err != nil {
+ return nil, err
+ }
+ return pem.EncodeToMemory(block), nil
+ } else {
+ block := &pem.Block{
+ Type: "SM4 KEY",
+ Bytes: key,
+ }
+ return pem.EncodeToMemory(block), nil
+ }
+}
+
+func WriteKeyToPem(FileName string, key SM4Key, pwd []byte) (bool, error) {
+ var block *pem.Block
+
+ if pwd != nil {
+ var err error
+ block, err = x509.EncryptPEMBlock(rand.Reader,
+ "SM4 ENCRYPTED KEY", key, pwd, x509.PEMCipherAES256)
+ if err != nil {
+ return false, err
+ }
+ } else {
+ block = &pem.Block{
+ Type: "SM4 KEY",
+ Bytes: key,
+ }
+ }
+ file, err := os.Create(FileName)
+ if err != nil {
+ return false, err
+ }
+ defer file.Close()
+ err = pem.Encode(file, block)
+ if err != nil {
+ return false, nil
+ }
+ return true, nil
+}
+
+func (k KeySizeError) Error() string {
+ return "SM4: invalid key size " + strconv.Itoa(int(k))
+}
+
+// NewCipher creates and returns a new cipher.Block.
+func NewCipher(key []byte) (cipher.Block, error) {
+ if len(key) != BlockSize {
+ return nil, KeySizeError(len(key))
+ }
+ c := new(Sm4Cipher)
+ c.subkeys = generateSubKeys(key)
+ c.block1 = make([]uint32, 4)
+ c.block2 = make([]byte, 16)
+ return c, nil
+}
+
+func (c *Sm4Cipher) BlockSize() int {
+ return BlockSize
+}
+
+func (c *Sm4Cipher) Encrypt(dst, src []byte) {
+ cryptBlock(c.subkeys, c.block1, c.block2, dst, src, false)
+}
+
+func (c *Sm4Cipher) Decrypt(dst, src []byte) {
+ cryptBlock(c.subkeys, c.block1, c.block2, dst, src, true)
+}
diff --git a/vendor/github.com/xtaci/kcp-go/LICENSE b/vendor/github.com/xtaci/kcp-go/LICENSE
new file mode 100644
index 0000000..8294d13
--- /dev/null
+++ b/vendor/github.com/xtaci/kcp-go/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Daniel Fu
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/vendor/github.com/xtaci/kcp-go/README.md b/vendor/github.com/xtaci/kcp-go/README.md
new file mode 100644
index 0000000..9fe0d75
--- /dev/null
+++ b/vendor/github.com/xtaci/kcp-go/README.md
@@ -0,0 +1,185 @@
+
+
+
+[![GoDoc][1]][2] [![Powered][9]][10] [![MIT licensed][11]][12] [![Build Status][3]][4] [![Go Report Card][5]][6] [![Coverage Statusd][7]][8]
+
+[1]: https://godoc.org/github.com/xtaci/kcp-go?status.svg
+[2]: https://godoc.org/github.com/xtaci/kcp-go
+[3]: https://travis-ci.org/xtaci/kcp-go.svg?branch=master
+[4]: https://travis-ci.org/xtaci/kcp-go
+[5]: https://goreportcard.com/badge/github.com/xtaci/kcp-go
+[6]: https://goreportcard.com/report/github.com/xtaci/kcp-go
+[7]: https://codecov.io/gh/xtaci/kcp-go/branch/master/graph/badge.svg
+[8]: https://codecov.io/gh/xtaci/kcp-go
+[9]: https://img.shields.io/badge/KCP-Powered-blue.svg
+[10]: https://github.com/skywind3000/kcp
+[11]: https://img.shields.io/badge/license-MIT-blue.svg
+[12]: LICENSE
+
+## Introduction
+
+**kcp-go** is a **Production-Grade Reliable-UDP** library for [golang](https://golang.org/).
+
+This library intents to provide a **smooth, resilient, ordered, error-checked and anonymous** delivery of streams over **UDP** packets, it has been battle-tested with opensource project [kcptun](https://github.com/xtaci/kcptun). Millions of devices(from low-end MIPS routers to high-end servers) have deployed **kcp-go** powered program in a variety of forms like **online games, live broadcasting, file synchronization and network acceleration**.
+
+[Lastest Release](https://github.com/xtaci/kcp-go/releases)
+
+## Features
+
+1. Designed for **Latency-sensitive** scenarios.
+1. **Cache friendly** and **Memory optimized** design, offers extremely **High Performance** core.
+1. Handles **>5K concurrent connections** on a single commodity server.
+1. Compatible with [net.Conn](https://golang.org/pkg/net/#Conn) and [net.Listener](https://golang.org/pkg/net/#Listener), a drop-in replacement for [net.TCPConn](https://golang.org/pkg/net/#TCPConn).
+1. [FEC(Forward Error Correction)](https://en.wikipedia.org/wiki/Forward_error_correction) Support with [Reed-Solomon Codes](https://en.wikipedia.org/wiki/Reed%E2%80%93Solomon_error_correction)
+1. Packet level encryption support with [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard), [TEA](https://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm), [3DES](https://en.wikipedia.org/wiki/Triple_DES), [Blowfish](https://en.wikipedia.org/wiki/Blowfish_(cipher)), [Cast5](https://en.wikipedia.org/wiki/CAST-128), [Salsa20]( https://en.wikipedia.org/wiki/Salsa20), etc. in [CFB](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_Feedback_.28CFB.29) mode, which generates completely anonymous packet.
+1. Only **A fixed number of goroutines** will be created for the entire server application, costs in **context switch** between goroutines have been taken into consideration.
+1. Compatible with [skywind3000's](https://github.com/skywind3000) C version with various improvements.
+
+## Documentation
+
+For complete documentation, see the associated [Godoc](https://godoc.org/github.com/xtaci/kcp-go).
+
+## Specification
+
+
+
+```
++-----------------+
+| SESSION |
++-----------------+
+| KCP(ARQ) |
++-----------------+
+| FEC(OPTIONAL) |
++-----------------+
+| CRYPTO(OPTIONAL)|
++-----------------+
+| UDP(PACKET) |
++-----------------+
+| IP |
++-----------------+
+| LINK |
++-----------------+
+| PHY |
++-----------------+
+(LAYER MODEL OF KCP-GO)
+```
+
+
+## Usage
+
+Client: [full demo](https://github.com/xtaci/kcptun/blob/master/client/main.go)
+```go
+kcpconn, err := kcp.DialWithOptions("192.168.0.1:10000", nil, 10, 3)
+```
+Server: [full demo](https://github.com/xtaci/kcptun/blob/master/server/main.go)
+```go
+lis, err := kcp.ListenWithOptions(":10000", nil, 10, 3)
+```
+
+## Benchmark
+```
+ Model Name: MacBook Pro
+ Model Identifier: MacBookPro14,1
+ Processor Name: Intel Core i5
+ Processor Speed: 3.1 GHz
+ Number of Processors: 1
+ Total Number of Cores: 2
+ L2 Cache (per Core): 256 KB
+ L3 Cache: 4 MB
+ Memory: 8 GB
+```
+```
+$ go test -v -run=^$ -bench .
+beginning tests, encryption:salsa20, fec:10/3
+goos: darwin
+goarch: amd64
+pkg: github.com/xtaci/kcp-go
+BenchmarkSM4-4 50000 32180 ns/op 93.23 MB/s 0 B/op 0 allocs/op
+BenchmarkAES128-4 500000 3285 ns/op 913.21 MB/s 0 B/op 0 allocs/op
+BenchmarkAES192-4 300000 3623 ns/op 827.85 MB/s 0 B/op 0 allocs/op
+BenchmarkAES256-4 300000 3874 ns/op 774.20 MB/s 0 B/op 0 allocs/op
+BenchmarkTEA-4 100000 15384 ns/op 195.00 MB/s 0 B/op 0 allocs/op
+BenchmarkXOR-4 20000000 89.9 ns/op 33372.00 MB/s 0 B/op 0 allocs/op
+BenchmarkBlowfish-4 50000 26927 ns/op 111.41 MB/s 0 B/op 0 allocs/op
+BenchmarkNone-4 30000000 45.7 ns/op 65597.94 MB/s 0 B/op 0 allocs/op
+BenchmarkCast5-4 50000 34258 ns/op 87.57 MB/s 0 B/op 0 allocs/op
+Benchmark3DES-4 10000 117149 ns/op 25.61 MB/s 0 B/op 0 allocs/op
+BenchmarkTwofish-4 50000 33538 ns/op 89.45 MB/s 0 B/op 0 allocs/op
+BenchmarkXTEA-4 30000 45666 ns/op 65.69 MB/s 0 B/op 0 allocs/op
+BenchmarkSalsa20-4 500000 3308 ns/op 906.76 MB/s 0 B/op 0 allocs/op
+BenchmarkCRC32-4 20000000 65.2 ns/op 15712.43 MB/s
+BenchmarkCsprngSystem-4 1000000 1150 ns/op 13.91 MB/s
+BenchmarkCsprngMD5-4 10000000 145 ns/op 110.26 MB/s
+BenchmarkCsprngSHA1-4 10000000 158 ns/op 126.54 MB/s
+BenchmarkCsprngNonceMD5-4 10000000 153 ns/op 104.22 MB/s
+BenchmarkCsprngNonceAES128-4 100000000 19.1 ns/op 837.81 MB/s
+BenchmarkFECDecode-4 1000000 1119 ns/op 1339.61 MB/s 1606 B/op 2 allocs/op
+BenchmarkFECEncode-4 2000000 832 ns/op 1801.83 MB/s 17 B/op 0 allocs/op
+BenchmarkFlush-4 5000000 272 ns/op 0 B/op 0 allocs/op
+BenchmarkEchoSpeed4K-4 5000 259617 ns/op 15.78 MB/s 5451 B/op 149 allocs/op
+BenchmarkEchoSpeed64K-4 1000 1706084 ns/op 38.41 MB/s 56002 B/op 1604 allocs/op
+BenchmarkEchoSpeed512K-4 100 14345505 ns/op 36.55 MB/s 482597 B/op 13045 allocs/op
+BenchmarkEchoSpeed1M-4 30 34859104 ns/op 30.08 MB/s 1143773 B/op 27186 allocs/op
+BenchmarkSinkSpeed4K-4 50000 31369 ns/op 130.57 MB/s 1566 B/op 30 allocs/op
+BenchmarkSinkSpeed64K-4 5000 329065 ns/op 199.16 MB/s 21529 B/op 453 allocs/op
+BenchmarkSinkSpeed256K-4 500 2373354 ns/op 220.91 MB/s 166332 B/op 3554 allocs/op
+BenchmarkSinkSpeed1M-4 300 5117927 ns/op 204.88 MB/s 310378 B/op 6988 allocs/op
+PASS
+ok github.com/xtaci/kcp-go 50.349s
+```
+
+## Key Design Considerations
+
+1. slice vs. container/list
+
+`kcp.flush()` loops through the send queue for retransmission checking for every 20ms(interval).
+
+I've wrote a benchmark for comparing sequential loop through *slice* and *container/list* here:
+
+https://github.com/xtaci/notes/blob/master/golang/benchmark2/cachemiss_test.go
+
+```
+BenchmarkLoopSlice-4 2000000000 0.39 ns/op
+BenchmarkLoopList-4 100000000 54.6 ns/op
+```
+
+List structure introduces **heavy cache misses** compared to slice which owns better **locality**, 5000 connections with 32 window size and 20ms interval will cost 6us/0.03%(cpu) using slice, and 8.7ms/43.5%(cpu) for list for each `kcp.flush()`.
+
+2. Timing accuracy vs. syscall clock_gettime
+
+Timing is **critical** to **RTT estimator**, inaccurate timing leads to false retransmissions in KCP, but calling `time.Now()` costs 42 cycles(10.5ns on 4GHz CPU, 15.6ns on my MacBook Pro 2.7GHz).
+
+The benchmark for time.Now() lies here:
+
+https://github.com/xtaci/notes/blob/master/golang/benchmark2/syscall_test.go
+
+```
+BenchmarkNow-4 100000000 15.6 ns/op
+```
+
+In kcp-go, after each `kcp.output()` function call, current clock time will be updated upon return, and for a single `kcp.flush()` operation, current time will be queried from system once. For most of the time, 5000 connections costs 5000 * 15.6ns = 78us(a fixed cost while no packet needs to be sent), as for 10MB/s data transfering with 1400 MTU, `kcp.output()` will be called around 7500 times and costs 117us for `time.Now()` in **every second**.
+
+## Connection Termination
+
+Control messages like **SYN/FIN/RST** in TCP **are not defined** in KCP, you need some **keepalive/heartbeat mechanism** in the application-level. A real world example is to use some **multiplexing** protocol over session, such as [smux](https://github.com/xtaci/smux)(with embedded keepalive mechanism), see [kcptun](https://github.com/xtaci/kcptun) for example.
+
+## FAQ
+
+Q: I'm handling >5K connections on my server, the CPU utilization is so high.
+
+A: A standalone `agent` or `gate` server for running kcp-go is suggested, not only for CPU utilization, but also important to the **precision** of RTT measurements(timing) which indirectly affects retransmission. By increasing update `interval` with `SetNoDelay` like `conn.SetNoDelay(1, 40, 1, 1)` will dramatically reduce system load, but lower the performance.
+
+## Who is using this?
+
+1. https://github.com/xtaci/kcptun -- A Secure Tunnel Based On KCP over UDP.
+2. https://github.com/getlantern/lantern -- Lantern delivers fast access to the open Internet.
+3. https://github.com/smallnest/rpcx -- A RPC service framework based on net/rpc like alibaba Dubbo and weibo Motan.
+4. https://github.com/gonet2/agent -- A gateway for games with stream multiplexing.
+5. https://github.com/syncthing/syncthing -- Open Source Continuous File Synchronization.
+6. https://play.google.com/store/apps/details?id=com.k17game.k3 -- Battle Zone - Earth 2048, a world-wide strategy game.
+
+## Links
+
+1. https://github.com/xtaci/libkcp -- FEC enhanced KCP session library for iOS/Android in C++
+2. https://github.com/skywind3000/kcp -- A Fast and Reliable ARQ Protocol
+3. https://github.com/klauspost/reedsolomon -- Reed-Solomon Erasure Coding in Go
diff --git a/vendor/github.com/xtaci/kcp-go/crypt.go b/vendor/github.com/xtaci/kcp-go/crypt.go
new file mode 100644
index 0000000..958fdea
--- /dev/null
+++ b/vendor/github.com/xtaci/kcp-go/crypt.go
@@ -0,0 +1,785 @@
+package kcp
+
+import (
+ "crypto/aes"
+ "crypto/cipher"
+ "crypto/des"
+ "crypto/sha1"
+
+ "github.com/templexxx/xor"
+ "github.com/tjfoc/gmsm/sm4"
+
+ "golang.org/x/crypto/blowfish"
+ "golang.org/x/crypto/cast5"
+ "golang.org/x/crypto/pbkdf2"
+ "golang.org/x/crypto/salsa20"
+ "golang.org/x/crypto/tea"
+ "golang.org/x/crypto/twofish"
+ "golang.org/x/crypto/xtea"
+)
+
+var (
+ initialVector = []byte{167, 115, 79, 156, 18, 172, 27, 1, 164, 21, 242, 193, 252, 120, 230, 107}
+ saltxor = `sH3CIVoF#rWLtJo6`
+)
+
+// BlockCrypt defines encryption/decryption methods for a given byte slice.
+// Notes on implementing: the data to be encrypted contains a builtin
+// nonce at the first 16 bytes
+type BlockCrypt interface {
+ // Encrypt encrypts the whole block in src into dst.
+ // Dst and src may point at the same memory.
+ Encrypt(dst, src []byte)
+
+ // Decrypt decrypts the whole block in src into dst.
+ // Dst and src may point at the same memory.
+ Decrypt(dst, src []byte)
+}
+
+type salsa20BlockCrypt struct {
+ key [32]byte
+}
+
+// NewSalsa20BlockCrypt https://en.wikipedia.org/wiki/Salsa20
+func NewSalsa20BlockCrypt(key []byte) (BlockCrypt, error) {
+ c := new(salsa20BlockCrypt)
+ copy(c.key[:], key)
+ return c, nil
+}
+
+func (c *salsa20BlockCrypt) Encrypt(dst, src []byte) {
+ salsa20.XORKeyStream(dst[8:], src[8:], src[:8], &c.key)
+ copy(dst[:8], src[:8])
+}
+func (c *salsa20BlockCrypt) Decrypt(dst, src []byte) {
+ salsa20.XORKeyStream(dst[8:], src[8:], src[:8], &c.key)
+ copy(dst[:8], src[:8])
+}
+
+type sm4BlockCrypt struct {
+ encbuf [sm4.BlockSize]byte
+ decbuf [2 * sm4.BlockSize]byte
+ block cipher.Block
+}
+
+// NewSM4BlockCrypt https://github.com/tjfoc/gmsm/tree/master/sm4
+func NewSM4BlockCrypt(key []byte) (BlockCrypt, error) {
+ c := new(sm4BlockCrypt)
+ block, err := sm4.NewCipher(key)
+ if err != nil {
+ return nil, err
+ }
+ c.block = block
+ return c, nil
+}
+
+func (c *sm4BlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) }
+func (c *sm4BlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) }
+
+type twofishBlockCrypt struct {
+ encbuf [twofish.BlockSize]byte
+ decbuf [2 * twofish.BlockSize]byte
+ block cipher.Block
+}
+
+// NewTwofishBlockCrypt https://en.wikipedia.org/wiki/Twofish
+func NewTwofishBlockCrypt(key []byte) (BlockCrypt, error) {
+ c := new(twofishBlockCrypt)
+ block, err := twofish.NewCipher(key)
+ if err != nil {
+ return nil, err
+ }
+ c.block = block
+ return c, nil
+}
+
+func (c *twofishBlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) }
+func (c *twofishBlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) }
+
+type tripleDESBlockCrypt struct {
+ encbuf [des.BlockSize]byte
+ decbuf [2 * des.BlockSize]byte
+ block cipher.Block
+}
+
+// NewTripleDESBlockCrypt https://en.wikipedia.org/wiki/Triple_DES
+func NewTripleDESBlockCrypt(key []byte) (BlockCrypt, error) {
+ c := new(tripleDESBlockCrypt)
+ block, err := des.NewTripleDESCipher(key)
+ if err != nil {
+ return nil, err
+ }
+ c.block = block
+ return c, nil
+}
+
+func (c *tripleDESBlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) }
+func (c *tripleDESBlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) }
+
+type cast5BlockCrypt struct {
+ encbuf [cast5.BlockSize]byte
+ decbuf [2 * cast5.BlockSize]byte
+ block cipher.Block
+}
+
+// NewCast5BlockCrypt https://en.wikipedia.org/wiki/CAST-128
+func NewCast5BlockCrypt(key []byte) (BlockCrypt, error) {
+ c := new(cast5BlockCrypt)
+ block, err := cast5.NewCipher(key)
+ if err != nil {
+ return nil, err
+ }
+ c.block = block
+ return c, nil
+}
+
+func (c *cast5BlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) }
+func (c *cast5BlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) }
+
+type blowfishBlockCrypt struct {
+ encbuf [blowfish.BlockSize]byte
+ decbuf [2 * blowfish.BlockSize]byte
+ block cipher.Block
+}
+
+// NewBlowfishBlockCrypt https://en.wikipedia.org/wiki/Blowfish_(cipher)
+func NewBlowfishBlockCrypt(key []byte) (BlockCrypt, error) {
+ c := new(blowfishBlockCrypt)
+ block, err := blowfish.NewCipher(key)
+ if err != nil {
+ return nil, err
+ }
+ c.block = block
+ return c, nil
+}
+
+func (c *blowfishBlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) }
+func (c *blowfishBlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) }
+
+type aesBlockCrypt struct {
+ encbuf [aes.BlockSize]byte
+ decbuf [2 * aes.BlockSize]byte
+ block cipher.Block
+}
+
+// NewAESBlockCrypt https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
+func NewAESBlockCrypt(key []byte) (BlockCrypt, error) {
+ c := new(aesBlockCrypt)
+ block, err := aes.NewCipher(key)
+ if err != nil {
+ return nil, err
+ }
+ c.block = block
+ return c, nil
+}
+
+func (c *aesBlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) }
+func (c *aesBlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) }
+
+type teaBlockCrypt struct {
+ encbuf [tea.BlockSize]byte
+ decbuf [2 * tea.BlockSize]byte
+ block cipher.Block
+}
+
+// NewTEABlockCrypt https://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm
+func NewTEABlockCrypt(key []byte) (BlockCrypt, error) {
+ c := new(teaBlockCrypt)
+ block, err := tea.NewCipherWithRounds(key, 16)
+ if err != nil {
+ return nil, err
+ }
+ c.block = block
+ return c, nil
+}
+
+func (c *teaBlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) }
+func (c *teaBlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) }
+
+type xteaBlockCrypt struct {
+ encbuf [xtea.BlockSize]byte
+ decbuf [2 * xtea.BlockSize]byte
+ block cipher.Block
+}
+
+// NewXTEABlockCrypt https://en.wikipedia.org/wiki/XTEA
+func NewXTEABlockCrypt(key []byte) (BlockCrypt, error) {
+ c := new(xteaBlockCrypt)
+ block, err := xtea.NewCipher(key)
+ if err != nil {
+ return nil, err
+ }
+ c.block = block
+ return c, nil
+}
+
+func (c *xteaBlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) }
+func (c *xteaBlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) }
+
+type simpleXORBlockCrypt struct {
+ xortbl []byte
+}
+
+// NewSimpleXORBlockCrypt simple xor with key expanding
+func NewSimpleXORBlockCrypt(key []byte) (BlockCrypt, error) {
+ c := new(simpleXORBlockCrypt)
+ c.xortbl = pbkdf2.Key(key, []byte(saltxor), 32, mtuLimit, sha1.New)
+ return c, nil
+}
+
+func (c *simpleXORBlockCrypt) Encrypt(dst, src []byte) { xor.Bytes(dst, src, c.xortbl) }
+func (c *simpleXORBlockCrypt) Decrypt(dst, src []byte) { xor.Bytes(dst, src, c.xortbl) }
+
+type noneBlockCrypt struct{}
+
+// NewNoneBlockCrypt does nothing but copying
+func NewNoneBlockCrypt(key []byte) (BlockCrypt, error) {
+ return new(noneBlockCrypt), nil
+}
+
+func (c *noneBlockCrypt) Encrypt(dst, src []byte) { copy(dst, src) }
+func (c *noneBlockCrypt) Decrypt(dst, src []byte) { copy(dst, src) }
+
+// packet encryption with local CFB mode
+func encrypt(block cipher.Block, dst, src, buf []byte) {
+ switch block.BlockSize() {
+ case 8:
+ encrypt8(block, dst, src, buf)
+ case 16:
+ encrypt16(block, dst, src, buf)
+ default:
+ encryptVariant(block, dst, src, buf)
+ }
+}
+
+// optimized encryption for the ciphers which works in 8-bytes
+func encrypt8(block cipher.Block, dst, src, buf []byte) {
+ tbl := buf[:8]
+ block.Encrypt(tbl, initialVector)
+ n := len(src) / 8
+ base := 0
+ repeat := n / 8
+ left := n % 8
+ for i := 0; i < repeat; i++ {
+ s := src[base:][0:64]
+ d := dst[base:][0:64]
+ // 1
+ xor.BytesSrc1(d[0:8], s[0:8], tbl)
+ block.Encrypt(tbl, d[0:8])
+ // 2
+ xor.BytesSrc1(d[8:16], s[8:16], tbl)
+ block.Encrypt(tbl, d[8:16])
+ // 3
+ xor.BytesSrc1(d[16:24], s[16:24], tbl)
+ block.Encrypt(tbl, d[16:24])
+ // 4
+ xor.BytesSrc1(d[24:32], s[24:32], tbl)
+ block.Encrypt(tbl, d[24:32])
+ // 5
+ xor.BytesSrc1(d[32:40], s[32:40], tbl)
+ block.Encrypt(tbl, d[32:40])
+ // 6
+ xor.BytesSrc1(d[40:48], s[40:48], tbl)
+ block.Encrypt(tbl, d[40:48])
+ // 7
+ xor.BytesSrc1(d[48:56], s[48:56], tbl)
+ block.Encrypt(tbl, d[48:56])
+ // 8
+ xor.BytesSrc1(d[56:64], s[56:64], tbl)
+ block.Encrypt(tbl, d[56:64])
+ base += 64
+ }
+
+ switch left {
+ case 7:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += 8
+ fallthrough
+ case 6:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += 8
+ fallthrough
+ case 5:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += 8
+ fallthrough
+ case 4:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += 8
+ fallthrough
+ case 3:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += 8
+ fallthrough
+ case 2:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += 8
+ fallthrough
+ case 1:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += 8
+ fallthrough
+ case 0:
+ xor.BytesSrc0(dst[base:], src[base:], tbl)
+ }
+}
+
+// optimized encryption for the ciphers which works in 16-bytes
+func encrypt16(block cipher.Block, dst, src, buf []byte) {
+ tbl := buf[:16]
+ block.Encrypt(tbl, initialVector)
+ n := len(src) / 16
+ base := 0
+ repeat := n / 8
+ left := n % 8
+ for i := 0; i < repeat; i++ {
+ s := src[base:][0:128]
+ d := dst[base:][0:128]
+ // 1
+ xor.BytesSrc1(d[0:16], s[0:16], tbl)
+ block.Encrypt(tbl, d[0:16])
+ // 2
+ xor.BytesSrc1(d[16:32], s[16:32], tbl)
+ block.Encrypt(tbl, d[16:32])
+ // 3
+ xor.BytesSrc1(d[32:48], s[32:48], tbl)
+ block.Encrypt(tbl, d[32:48])
+ // 4
+ xor.BytesSrc1(d[48:64], s[48:64], tbl)
+ block.Encrypt(tbl, d[48:64])
+ // 5
+ xor.BytesSrc1(d[64:80], s[64:80], tbl)
+ block.Encrypt(tbl, d[64:80])
+ // 6
+ xor.BytesSrc1(d[80:96], s[80:96], tbl)
+ block.Encrypt(tbl, d[80:96])
+ // 7
+ xor.BytesSrc1(d[96:112], s[96:112], tbl)
+ block.Encrypt(tbl, d[96:112])
+ // 8
+ xor.BytesSrc1(d[112:128], s[112:128], tbl)
+ block.Encrypt(tbl, d[112:128])
+ base += 128
+ }
+
+ switch left {
+ case 7:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += 16
+ fallthrough
+ case 6:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += 16
+ fallthrough
+ case 5:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += 16
+ fallthrough
+ case 4:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += 16
+ fallthrough
+ case 3:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += 16
+ fallthrough
+ case 2:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += 16
+ fallthrough
+ case 1:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += 16
+ fallthrough
+ case 0:
+ xor.BytesSrc0(dst[base:], src[base:], tbl)
+ }
+}
+
+func encryptVariant(block cipher.Block, dst, src, buf []byte) {
+ blocksize := block.BlockSize()
+ tbl := buf[:blocksize]
+ block.Encrypt(tbl, initialVector)
+ n := len(src) / blocksize
+ base := 0
+ repeat := n / 8
+ left := n % 8
+ for i := 0; i < repeat; i++ {
+ // 1
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += blocksize
+
+ // 2
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += blocksize
+
+ // 3
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += blocksize
+
+ // 4
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += blocksize
+
+ // 5
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += blocksize
+
+ // 6
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += blocksize
+
+ // 7
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += blocksize
+
+ // 8
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += blocksize
+ }
+
+ switch left {
+ case 7:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += blocksize
+ fallthrough
+ case 6:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += blocksize
+ fallthrough
+ case 5:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += blocksize
+ fallthrough
+ case 4:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += blocksize
+ fallthrough
+ case 3:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += blocksize
+ fallthrough
+ case 2:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += blocksize
+ fallthrough
+ case 1:
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ block.Encrypt(tbl, dst[base:])
+ base += blocksize
+ fallthrough
+ case 0:
+ xor.BytesSrc0(dst[base:], src[base:], tbl)
+ }
+}
+
+// decryption
+func decrypt(block cipher.Block, dst, src, buf []byte) {
+ switch block.BlockSize() {
+ case 8:
+ decrypt8(block, dst, src, buf)
+ case 16:
+ decrypt16(block, dst, src, buf)
+ default:
+ decryptVariant(block, dst, src, buf)
+ }
+}
+
+func decrypt8(block cipher.Block, dst, src, buf []byte) {
+ tbl := buf[0:8]
+ next := buf[8:16]
+ block.Encrypt(tbl, initialVector)
+ n := len(src) / 8
+ base := 0
+ repeat := n / 8
+ left := n % 8
+ for i := 0; i < repeat; i++ {
+ s := src[base:][0:64]
+ d := dst[base:][0:64]
+ // 1
+ block.Encrypt(next, s[0:8])
+ xor.BytesSrc1(d[0:8], s[0:8], tbl)
+ // 2
+ block.Encrypt(tbl, s[8:16])
+ xor.BytesSrc1(d[8:16], s[8:16], next)
+ // 3
+ block.Encrypt(next, s[16:24])
+ xor.BytesSrc1(d[16:24], s[16:24], tbl)
+ // 4
+ block.Encrypt(tbl, s[24:32])
+ xor.BytesSrc1(d[24:32], s[24:32], next)
+ // 5
+ block.Encrypt(next, s[32:40])
+ xor.BytesSrc1(d[32:40], s[32:40], tbl)
+ // 6
+ block.Encrypt(tbl, s[40:48])
+ xor.BytesSrc1(d[40:48], s[40:48], next)
+ // 7
+ block.Encrypt(next, s[48:56])
+ xor.BytesSrc1(d[48:56], s[48:56], tbl)
+ // 8
+ block.Encrypt(tbl, s[56:64])
+ xor.BytesSrc1(d[56:64], s[56:64], next)
+ base += 64
+ }
+
+ switch left {
+ case 7:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += 8
+ fallthrough
+ case 6:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += 8
+ fallthrough
+ case 5:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += 8
+ fallthrough
+ case 4:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += 8
+ fallthrough
+ case 3:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += 8
+ fallthrough
+ case 2:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += 8
+ fallthrough
+ case 1:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += 8
+ fallthrough
+ case 0:
+ xor.BytesSrc0(dst[base:], src[base:], tbl)
+ }
+}
+
+func decrypt16(block cipher.Block, dst, src, buf []byte) {
+ tbl := buf[0:16]
+ next := buf[16:32]
+ block.Encrypt(tbl, initialVector)
+ n := len(src) / 16
+ base := 0
+ repeat := n / 8
+ left := n % 8
+ for i := 0; i < repeat; i++ {
+ s := src[base:][0:128]
+ d := dst[base:][0:128]
+ // 1
+ block.Encrypt(next, s[0:16])
+ xor.BytesSrc1(d[0:16], s[0:16], tbl)
+ // 2
+ block.Encrypt(tbl, s[16:32])
+ xor.BytesSrc1(d[16:32], s[16:32], next)
+ // 3
+ block.Encrypt(next, s[32:48])
+ xor.BytesSrc1(d[32:48], s[32:48], tbl)
+ // 4
+ block.Encrypt(tbl, s[48:64])
+ xor.BytesSrc1(d[48:64], s[48:64], next)
+ // 5
+ block.Encrypt(next, s[64:80])
+ xor.BytesSrc1(d[64:80], s[64:80], tbl)
+ // 6
+ block.Encrypt(tbl, s[80:96])
+ xor.BytesSrc1(d[80:96], s[80:96], next)
+ // 7
+ block.Encrypt(next, s[96:112])
+ xor.BytesSrc1(d[96:112], s[96:112], tbl)
+ // 8
+ block.Encrypt(tbl, s[112:128])
+ xor.BytesSrc1(d[112:128], s[112:128], next)
+ base += 128
+ }
+
+ switch left {
+ case 7:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += 16
+ fallthrough
+ case 6:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += 16
+ fallthrough
+ case 5:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += 16
+ fallthrough
+ case 4:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += 16
+ fallthrough
+ case 3:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += 16
+ fallthrough
+ case 2:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += 16
+ fallthrough
+ case 1:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += 16
+ fallthrough
+ case 0:
+ xor.BytesSrc0(dst[base:], src[base:], tbl)
+ }
+}
+
+func decryptVariant(block cipher.Block, dst, src, buf []byte) {
+ blocksize := block.BlockSize()
+ tbl := buf[:blocksize]
+ next := buf[blocksize:]
+ block.Encrypt(tbl, initialVector)
+ n := len(src) / blocksize
+ base := 0
+ repeat := n / 8
+ left := n % 8
+ for i := 0; i < repeat; i++ {
+ // 1
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ base += blocksize
+
+ // 2
+ block.Encrypt(tbl, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], next)
+ base += blocksize
+
+ // 3
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ base += blocksize
+
+ // 4
+ block.Encrypt(tbl, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], next)
+ base += blocksize
+
+ // 5
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ base += blocksize
+
+ // 6
+ block.Encrypt(tbl, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], next)
+ base += blocksize
+
+ // 7
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ base += blocksize
+
+ // 8
+ block.Encrypt(tbl, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], next)
+ base += blocksize
+ }
+
+ switch left {
+ case 7:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += blocksize
+ fallthrough
+ case 6:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += blocksize
+ fallthrough
+ case 5:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += blocksize
+ fallthrough
+ case 4:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += blocksize
+ fallthrough
+ case 3:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += blocksize
+ fallthrough
+ case 2:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += blocksize
+ fallthrough
+ case 1:
+ block.Encrypt(next, src[base:])
+ xor.BytesSrc1(dst[base:], src[base:], tbl)
+ tbl, next = next, tbl
+ base += blocksize
+ fallthrough
+ case 0:
+ xor.BytesSrc0(dst[base:], src[base:], tbl)
+ }
+}
diff --git a/vendor/github.com/xtaci/kcp-go/donate.png b/vendor/github.com/xtaci/kcp-go/donate.png
new file mode 100644
index 0000000000000000000000000000000000000000..0f353d96e902936aed15a7312a6e8b4b332fe960
GIT binary patch
literal 4420
zcmaJ_dpy&9`~QrjyVB^S(~Wo{Bt@vOsT-AJrJ3YZj@g`V$ziNiL?=p;GVwHrvN_Ii
zo9>EOHDcy8Q)n@3j2WB5GtX1MU-#?vyq-V4uYJF-eO}k~`CQlae!s8lbMvIbF@@FJ
zRs#SOP8_#94FE*?3IVHDN`KtK3;h64T64nk$eGJecq|NB>lmhalHdI?ER*(h=ryWl
z)f?@dEhFzXKxM9V!qv>K%Nv!%Ttu|D#wO#JHa=L{p0wf>IF9TIiP?^4vI0sYa%(uDd7
zZycw>w4$QI+Z6>-EGWb4g4{zZfZ~1`kh}!~EN=mzZY|xX2EZmO0gE@QfZ7G=-(^iQ
zUcs&`d`7>XdU4TVpqE>f4z>I6&Cxh)!c|rcp0{|kGS1C1V5V{9^UD6G1!Lbo5JMad
z7AEV~dDwy{W_jVyear87L$1^tIx?QRw)A)2a)?uXj{?ITWBGZ*>l|jVTc7(HIA(0#
z6{Tq?Ugz07xfx_<$b0=k<3$$-I~wqw8y$jT=R}1lByuE)K$E-hu)v0^R2x5L+k3Gu
zd>e=^{=OlN9dT9@s}SfOf3ILHB;C#w<^54c&5;qNRQm}L4a8!W8G@;m1^bq_PYbfo
zq(o)CFJt!Zt}IHAl{=PX8kSlYindy`vLp~)-ehPw37;0(QQJv-yC9)Dh>%Y?9Ayz~@CSgYQK7RwL94Gz}Nx
zvWFn<4}HYHt7liY*|y^DRlT|35i|ncIUyD=T}y{&J!!|4#OzViJb`Dp6+2u^yJ^rT
zwRq`jZ`eCiNr&w4*isnr-$Dj6wWpY7=+JeVPqJH9LBv_Nto
zKKF6UR?KckMqcu`UazrZ2EpK58@mFys${>P#tgK|tKaj9>G!c~d=LhPi(GXo+znpn
zn-JGwJx<^eS&HwRglE!6Q|(#_;c}$~0f|0IUiw%k9CBogmj($m#_mWzUfM-#B7wpz~O2L(Mp;VY}l01cR5Xg?0k>pTd0Mgq*TH*XfK$+Q5+Tp}(Y-H<|Kiao%dA
zudDeXZ^_^3ssaErKQZ)i1(pkQVPRbRV0FAnw}=HvX-P;&f@%;W3jnV>Kaj^ogF^2q
zKg{gw4IYv=Rv2sP>L6Sv2^wsAw^6j^9Z6g{&d=9=Dz*Ifhvoe;YKo+YNq2Up35#7-
z$1(bI)8C-16V7TDvW``g=^>J--iMAjHuM*`clCe?^QgWVSi?nJbzwu^f;+v+#GEoZ
z*+4|Lwbw4-4{rw`2~9;YP0#vHXb=R$|#|V*t8;a*Nb1f%8duasiFy@={??9*oRoAKUXccdu4T
zWA-En#}IDA5SSAcm;vf&6qFRCVBII^RqvL@?e34btuY3VDfFOo6mIPVg}ug0GW9sz
zT*RIcDF>=jkC#d}r}ATS(gPR9vSOM18C2|oee()CE=LR_Uz{s5({1Yk;N(vZuqsVq`wTn9{Lf+mxhqR7zH?+FMd%^AC19W%@g!3
zeupvnCsrYTUALzj?Bf~s!q_3_aCOYj)th2eYraP*-O%~ZK?2}<>Ul!ahSU75goiN?
z1};~?Y~&(8EB-EZ<5CJaDZ)gsQG!TDm(<7Yw?~?_>oI9Ai}1vM7a0~?
z3XA3k=6^6Fl>u*Ac%(s}&5`gWF!EHb;D$HEst-v%y5#^gH;8`}9iz~M|5FoyM;hR8
zE8dYEYcz4a8CO=a&NT&CJcGx~{@H=RYDsHmw4OD#m;HH*WeMg(2NhG68E!9Wi=@`m
zMQo>Ya@)Z-em;_)Zc6Cw5mjWyMVyKci@|(bthc6z9NXaO8R~3O35B#N`C2b5ad<-<
z3}&ucd8Di$XU#P@yvF?C<{aMeO=$KiY~yXuT%XVQz)ao}W+>vyM28l0IK@1lgIR2z
zUN9wAK-#7;BkF{)YQ}6rd8H;2UV0|3AA(#>zU^r_tdf+!M50pbaE!uOmE%s*c<;X)
z6VVtvwkX$v(`KrWf}!z)txv<5RrNQ5UqBt--Bo4|_sXXx%AHpSGNg!zMgn>W&eT#d
z*T7w#zSV!}t;5`KWMbmrO*XX}UA0u&#O8itY52b$
zge!LqZ-R#TD%N?)Hj3O5oa{^FCnn|tN4)3xrcKqDkns?XuP`cwzq?`n3x}|_Yq}|Z
z;Q>Y;J1SPN!evuXrMj3Hr&lY1@%(tuPzHWsk$Fzkx~ty$qhz3-LfwNB*M?m!hi<&B
z;{n~QBctY3;rR01^p)S6Btq27sNdllo^x+oquGWEGS`y8Di<-IW`OZZ`u2K5_-E$k
z;nAwkEV*6kT+FtqR|ziZ$8bC5>&i;hW-Ag+M~DP%xF2>#igz^UOCKdBDC~T^b%BoI)JjJGlCYBL3qti^aDu
z;>W(d?qbZo2wm87of`$8`NG12!%6=puoc#-IRQLdvu{gDTHPSjyt-i&)}M}KaY_Nt2HLI}L_6e_4
zsaYx0?H(JdSJ4P%C85X2AZSF~bIV0CPyWHNJf`S<$8^U%d-zj%lVvfHLWeI|#QR$?
zBWS5(Lz1;2t-`}%JSMKg|4>X1rG8)M{;OWH0Bin}_$nZS5=tp=GLEPp0d~1{T<$EF$ty~=_s^v|<|`3Kb$}Fah31IsDR)(SW7Z?2cm(4=^<|mx
zYv(A;EMly^X&(&D60tB$>i6iK&sP1a9a3Rsi`?DWNE1D3K&%r57ZPQz-x!HA@03ha
z{$}v$Z-7Z3>YK@OC+4AI8$3u{x$cJ{t~uQO*Yk#&4IFcS)vc~9sWg13uEU9<+;h0m
z3KZO3Vk|i^k5_L%{M$mQz;$9&Nu#iGu8~Y?O-{2{{a4Qpu10q-+gS<<5c~7w{xXe`
zs_#W^vv|n_sZSKx*S~~sMjvheFOn}Rf;x8gHcyc?bGiHF`=Tc2zKUnvc~hb>GyuE*
zzboHVRYFI_vInLwlSZ;0hQyi;7`CbYP4ELRNCrShBsU0WwQoeK&*V5btuY3Gygz=l
z_L0UQj?NRYnh&t3Jk&pW@BB7P(N_&r9dP!S1s2OGTOJ0averhbog=%km8SsIT7jBpCcS~$&t)xi=kTAxOIFJkcf?t(x#S`$JcT@
zz&R;6o%!~V0?-S8=Nk>?4ORoa@;u8+v&Cz%ufCoZ3fE_wqfX;b0XyGvLr32LRXEO>
zu2~_LxgQSM*r856TWO!(GG*6#U|c3Z&q_lvrNs)1iYO8vuhpw+zfgkM#;r@fwYE>q
zF~gz!pz|5XSgsY!CD_og2_o&F4>+b~UV|Mfff*USSn8~d103Cs0ZYqtJE-}7(GV}(
zUAtB|d9JhFmfxOAxuc{;NJ%jg$0w0moFb`ofv%i|fv(2f^u#L*r8INhay6UV$;RAF
zpxELhgegV)X9e9qyEX0o{1yfQRCb*{pd0E0)8o>L9v{3n`U$!llx5p8I99{v&!Y-2
zrls@b@3@zTj9ff~2=v~?
z|KKF__`dEz)R!*Xk6b_A()7~p2MclBiW0tpxDMGvmuEzFFDA~sy-^$WLRVO~!=#53
zoiB*X_I8zPoaIc%#am*Kl?{|}ST<4tbpoHIzt4ht10%K8<=7w75<^|t#h)r)83f;b
z(2h$*RG08K$n-53AmpvB;)CmOrv)ssXXl7RqpXX`Uq05cetdGit^hPR^Kck(iI@+gOf>P2=9CWUA;WE^1{~phGGShFf@F#@mA=!Auq}~
zXWBX)(rssfypy4L;PBnE&-XKWR&mW}=jK^PfiDAJu!oCvdE*BC1}jeH2Ilt$&RSta
z#m(9sR)wE#H+t=DZhtcK+T@Qxh*ER~E!^9$&my&LccS2A`o)4E+MI=3`e^lgc3u+_
z*{W}s{3^wIgeC}^qxVo@G-OAk!5^~*P3&_uj^gFeDFUizF@YImtrSfxjs`nADJPzf64B@9-}Xjw=W)Di0d|A
zID%Y@Xxh?h9I7dc$fLs;$n(L}B3G@UCz6^kEoaPM3og9gWc2Vn4qB(>Ng6-j*VDPC
z?_yd;k=^!^;UOFEipiLS!DGSBrs-=&UaJcnP8l%lO5SUy8QL>J^ZNraRc84B?BxL{%~r7%
literal 0
HcmV?d00001
diff --git a/vendor/github.com/xtaci/kcp-go/entropy.go b/vendor/github.com/xtaci/kcp-go/entropy.go
new file mode 100644
index 0000000..eec960f
--- /dev/null
+++ b/vendor/github.com/xtaci/kcp-go/entropy.go
@@ -0,0 +1,51 @@
+package kcp
+
+import (
+ "crypto/aes"
+ "crypto/cipher"
+ "crypto/md5"
+ "crypto/rand"
+ "io"
+)
+
+type Entropy interface {
+ Init()
+ Fill(nonce []byte)
+}
+
+// nonceMD5 nonce generator for packet header
+type nonceMD5 struct {
+ seed [md5.Size]byte
+}
+
+func (n *nonceMD5) Init() { /*nothing required*/ }
+
+func (n *nonceMD5) Fill(nonce []byte) {
+ if n.seed[0] == 0 { // entropy update
+ io.ReadFull(rand.Reader, n.seed[:])
+ }
+ n.seed = md5.Sum(n.seed[:])
+ copy(nonce, n.seed[:])
+}
+
+// nonceAES128 nonce generator for packet headers
+type nonceAES128 struct {
+ seed [aes.BlockSize]byte
+ block cipher.Block
+}
+
+func (n *nonceAES128) Init() {
+ var key [16]byte //aes-128
+ io.ReadFull(rand.Reader, key[:])
+ io.ReadFull(rand.Reader, n.seed[:])
+ block, _ := aes.NewCipher(key[:])
+ n.block = block
+}
+
+func (n *nonceAES128) Fill(nonce []byte) {
+ if n.seed[0] == 0 { // entropy update
+ io.ReadFull(rand.Reader, n.seed[:])
+ }
+ n.block.Encrypt(n.seed[:], n.seed[:])
+ copy(nonce, n.seed[:])
+}
diff --git a/vendor/github.com/xtaci/kcp-go/fec.go b/vendor/github.com/xtaci/kcp-go/fec.go
new file mode 100644
index 0000000..366637b
--- /dev/null
+++ b/vendor/github.com/xtaci/kcp-go/fec.go
@@ -0,0 +1,311 @@
+package kcp
+
+import (
+ "encoding/binary"
+ "sync/atomic"
+
+ "github.com/klauspost/reedsolomon"
+)
+
+const (
+ fecHeaderSize = 6
+ fecHeaderSizePlus2 = fecHeaderSize + 2 // plus 2B data size
+ typeData = 0xf1
+ typeFEC = 0xf2
+)
+
+type (
+ // fecPacket is a decoded FEC packet
+ fecPacket struct {
+ seqid uint32
+ flag uint16
+ data []byte
+ }
+
+ // fecDecoder for decoding incoming packets
+ fecDecoder struct {
+ rxlimit int // queue size limit
+ dataShards int
+ parityShards int
+ shardSize int
+ rx []fecPacket // ordered receive queue
+
+ // caches
+ decodeCache [][]byte
+ flagCache []bool
+
+ // zeros
+ zeros []byte
+
+ // RS decoder
+ codec reedsolomon.Encoder
+ }
+)
+
+func newFECDecoder(rxlimit, dataShards, parityShards int) *fecDecoder {
+ if dataShards <= 0 || parityShards <= 0 {
+ return nil
+ }
+ if rxlimit < dataShards+parityShards {
+ return nil
+ }
+
+ dec := new(fecDecoder)
+ dec.rxlimit = rxlimit
+ dec.dataShards = dataShards
+ dec.parityShards = parityShards
+ dec.shardSize = dataShards + parityShards
+ codec, err := reedsolomon.New(dataShards, parityShards)
+ if err != nil {
+ return nil
+ }
+ dec.codec = codec
+ dec.decodeCache = make([][]byte, dec.shardSize)
+ dec.flagCache = make([]bool, dec.shardSize)
+ dec.zeros = make([]byte, mtuLimit)
+ return dec
+}
+
+// decodeBytes a fec packet
+func (dec *fecDecoder) decodeBytes(data []byte) fecPacket {
+ var pkt fecPacket
+ pkt.seqid = binary.LittleEndian.Uint32(data)
+ pkt.flag = binary.LittleEndian.Uint16(data[4:])
+ // allocate memory & copy
+ buf := xmitBuf.Get().([]byte)[:len(data)-6]
+ copy(buf, data[6:])
+ pkt.data = buf
+ return pkt
+}
+
+// decode a fec packet
+func (dec *fecDecoder) decode(pkt fecPacket) (recovered [][]byte) {
+ // insertion
+ n := len(dec.rx) - 1
+ insertIdx := 0
+ for i := n; i >= 0; i-- {
+ if pkt.seqid == dec.rx[i].seqid { // de-duplicate
+ xmitBuf.Put(pkt.data)
+ return nil
+ } else if _itimediff(pkt.seqid, dec.rx[i].seqid) > 0 { // insertion
+ insertIdx = i + 1
+ break
+ }
+ }
+
+ // insert into ordered rx queue
+ if insertIdx == n+1 {
+ dec.rx = append(dec.rx, pkt)
+ } else {
+ dec.rx = append(dec.rx, fecPacket{})
+ copy(dec.rx[insertIdx+1:], dec.rx[insertIdx:]) // shift right
+ dec.rx[insertIdx] = pkt
+ }
+
+ // shard range for current packet
+ shardBegin := pkt.seqid - pkt.seqid%uint32(dec.shardSize)
+ shardEnd := shardBegin + uint32(dec.shardSize) - 1
+
+ // max search range in ordered queue for current shard
+ searchBegin := insertIdx - int(pkt.seqid%uint32(dec.shardSize))
+ if searchBegin < 0 {
+ searchBegin = 0
+ }
+ searchEnd := searchBegin + dec.shardSize - 1
+ if searchEnd >= len(dec.rx) {
+ searchEnd = len(dec.rx) - 1
+ }
+
+ // re-construct datashards
+ if searchEnd-searchBegin+1 >= dec.dataShards {
+ var numshard, numDataShard, first, maxlen int
+
+ // zero caches
+ shards := dec.decodeCache
+ shardsflag := dec.flagCache
+ for k := range dec.decodeCache {
+ shards[k] = nil
+ shardsflag[k] = false
+ }
+
+ // shard assembly
+ for i := searchBegin; i <= searchEnd; i++ {
+ seqid := dec.rx[i].seqid
+ if _itimediff(seqid, shardEnd) > 0 {
+ break
+ } else if _itimediff(seqid, shardBegin) >= 0 {
+ shards[seqid%uint32(dec.shardSize)] = dec.rx[i].data
+ shardsflag[seqid%uint32(dec.shardSize)] = true
+ numshard++
+ if dec.rx[i].flag == typeData {
+ numDataShard++
+ }
+ if numshard == 1 {
+ first = i
+ }
+ if len(dec.rx[i].data) > maxlen {
+ maxlen = len(dec.rx[i].data)
+ }
+ }
+ }
+
+ if numDataShard == dec.dataShards {
+ // case 1: no loss on data shards
+ dec.rx = dec.freeRange(first, numshard, dec.rx)
+ } else if numshard >= dec.dataShards {
+ // case 2: loss on data shards, but it's recoverable from parity shards
+ for k := range shards {
+ if shards[k] != nil {
+ dlen := len(shards[k])
+ shards[k] = shards[k][:maxlen]
+ copy(shards[k][dlen:], dec.zeros)
+ }
+ }
+ if err := dec.codec.ReconstructData(shards); err == nil {
+ for k := range shards[:dec.dataShards] {
+ if !shardsflag[k] {
+ recovered = append(recovered, shards[k])
+ }
+ }
+ }
+ dec.rx = dec.freeRange(first, numshard, dec.rx)
+ }
+ }
+
+ // keep rxlimit
+ if len(dec.rx) > dec.rxlimit {
+ if dec.rx[0].flag == typeData { // track the unrecoverable data
+ atomic.AddUint64(&DefaultSnmp.FECShortShards, 1)
+ }
+ dec.rx = dec.freeRange(0, 1, dec.rx)
+ }
+ return
+}
+
+// free a range of fecPacket, and zero for GC recycling
+func (dec *fecDecoder) freeRange(first, n int, q []fecPacket) []fecPacket {
+ for i := first; i < first+n; i++ { // recycle buffer
+ xmitBuf.Put(q[i].data)
+ }
+ copy(q[first:], q[first+n:])
+ for i := 0; i < n; i++ { // dereference data
+ q[len(q)-1-i].data = nil
+ }
+ return q[:len(q)-n]
+}
+
+type (
+ // fecEncoder for encoding outgoing packets
+ fecEncoder struct {
+ dataShards int
+ parityShards int
+ shardSize int
+ paws uint32 // Protect Against Wrapped Sequence numbers
+ next uint32 // next seqid
+
+ shardCount int // count the number of datashards collected
+ maxSize int // track maximum data length in datashard
+
+ headerOffset int // FEC header offset
+ payloadOffset int // FEC payload offset
+
+ // caches
+ shardCache [][]byte
+ encodeCache [][]byte
+
+ // zeros
+ zeros []byte
+
+ // RS encoder
+ codec reedsolomon.Encoder
+ }
+)
+
+func newFECEncoder(dataShards, parityShards, offset int) *fecEncoder {
+ if dataShards <= 0 || parityShards <= 0 {
+ return nil
+ }
+ enc := new(fecEncoder)
+ enc.dataShards = dataShards
+ enc.parityShards = parityShards
+ enc.shardSize = dataShards + parityShards
+ enc.paws = (0xffffffff/uint32(enc.shardSize) - 1) * uint32(enc.shardSize)
+ enc.headerOffset = offset
+ enc.payloadOffset = enc.headerOffset + fecHeaderSize
+
+ codec, err := reedsolomon.New(dataShards, parityShards)
+ if err != nil {
+ return nil
+ }
+ enc.codec = codec
+
+ // caches
+ enc.encodeCache = make([][]byte, enc.shardSize)
+ enc.shardCache = make([][]byte, enc.shardSize)
+ for k := range enc.shardCache {
+ enc.shardCache[k] = make([]byte, mtuLimit)
+ }
+ enc.zeros = make([]byte, mtuLimit)
+ return enc
+}
+
+// encodes the packet, outputs parity shards if we have collected quorum datashards
+// notice: the contents of 'ps' will be re-written in successive calling
+func (enc *fecEncoder) encode(b []byte) (ps [][]byte) {
+ enc.markData(b[enc.headerOffset:])
+ binary.LittleEndian.PutUint16(b[enc.payloadOffset:], uint16(len(b[enc.payloadOffset:])))
+
+ // copy data to fec datashards
+ sz := len(b)
+ enc.shardCache[enc.shardCount] = enc.shardCache[enc.shardCount][:sz]
+ copy(enc.shardCache[enc.shardCount], b)
+ enc.shardCount++
+
+ // track max datashard length
+ if sz > enc.maxSize {
+ enc.maxSize = sz
+ }
+
+ // Generation of Reed-Solomon Erasure Code
+ if enc.shardCount == enc.dataShards {
+ // fill '0' into the tail of each datashard
+ for i := 0; i < enc.dataShards; i++ {
+ shard := enc.shardCache[i]
+ slen := len(shard)
+ copy(shard[slen:enc.maxSize], enc.zeros)
+ }
+
+ // construct equal-sized slice with stripped header
+ cache := enc.encodeCache
+ for k := range cache {
+ cache[k] = enc.shardCache[k][enc.payloadOffset:enc.maxSize]
+ }
+
+ // encoding
+ if err := enc.codec.Encode(cache); err == nil {
+ ps = enc.shardCache[enc.dataShards:]
+ for k := range ps {
+ enc.markFEC(ps[k][enc.headerOffset:])
+ ps[k] = ps[k][:enc.maxSize]
+ }
+ }
+
+ // counters resetting
+ enc.shardCount = 0
+ enc.maxSize = 0
+ }
+
+ return
+}
+
+func (enc *fecEncoder) markData(data []byte) {
+ binary.LittleEndian.PutUint32(data, enc.next)
+ binary.LittleEndian.PutUint16(data[4:], typeData)
+ enc.next++
+}
+
+func (enc *fecEncoder) markFEC(data []byte) {
+ binary.LittleEndian.PutUint32(data, enc.next)
+ binary.LittleEndian.PutUint16(data[4:], typeFEC)
+ enc.next = (enc.next + 1) % enc.paws
+}
diff --git a/vendor/github.com/xtaci/kcp-go/frame.png b/vendor/github.com/xtaci/kcp-go/frame.png
new file mode 100644
index 0000000000000000000000000000000000000000..0b0aefd4bb8ee90eebc068e507bd78329ab3d867
GIT binary patch
literal 36006
zcmd42XH-+&*Dnf)2uM+?fK-tVp%>{Oy-Du`q;~=75IQJbdau%ZmzDquC`D>OKtMVq
z^coV%iT`ol5AQk8b3fcO#<}-HGBWneT6@p6eslijnse@tZ#0z%@u~4KFfa&Jlwa#$
zU|`Roe=p+Vpue3E6Z04t1eA{Q@^4h++vt+V%3cfdwc9VBz6LDc~y7Rt+#ByY^u49D0mdhI;_h@F6BEqQu@#E<>
zri?>WK&hC&7>NW%Q`Zv`?9dNt?{Wy7Ro}%Dn5wzHExBQ^!;~p+UKkL>NMr8FzRnYT
zrlc}3rP;Ujm|+E{iIO#cJPN`1ZEj(qh0%aT-lgEwJg*fps7@94!>%I1%9uxo5p|{@
zX1wozZ!dP&VPpSMX`VMSB8P_{F=dkg?!(~aQ;Dt1=tlB6Qc0#3=fqaZ&KrRQx)vgtp9ir3QyIFZSDCj=Lw}=UIMKTIX_7(mc=KzWlJHkUdrGxjOuC542V)
zEa#CH*~0hjNGB>xo1aEqz*I1Y(r(mBZ9cp=wCQx(I@}g)gr$}CM0g}@^o%&!qwkA^
zY;7J5PWPyY>Y-^~Dmi<{u+MRGc!`boP~wNvQl((=Gs}n{uu#b#mRgBv4MJ(DlvFP^
zqDvVF5SSr-*l$I3`dpGR5w5ovx5t?-EKeH4o_xlnYy9M_D7juHfQ5+1dH6@`gP)Ax
z_6}$MR#;HwJ%4$+q^nHzdto5#6JCLAUV`(6#g|8PIE7rI&)*sTcAZVClIY^#3*FTs
zV8J2b9`bv~0Ot~o483=MUwk|sv7qt=SJ4YWk#rnCDeEWqMPZle_XCeVRf4g<%D+%53jm6i%UsyMZJ2wc-Xny@6wPKO_A~H6P=LE55quaQw
z%aE>TwYm+K^6X71OG(XB82Kf=A!2u7O$Iq~`WAIGNzdIx{)?~np?HjWe@N7)8Xv
zGgQ4{2Vja&-Gk>%yuk8Qm*G$hHW?}qxrq$%Gfc0nqzCVC=t3W2_1QeZd@IA0g~wSy
z)XcaeW{GKpA1ljl^jJ8&&XV=l1ESEcf7mJ?Y5aNq1-m}X=iOt8(BP@Z7U7t@*wIh1
z85sp56CD_lAMoBri89oGpd<;6WYkt>N{Ro>i1j+2OD2P{Oqr^gd?7)P5yHg!$?H4$
z=LelJ?_UIer`aTpE!NYcg(_%F;Z<_NBBD$9b_oOt#}yt=GQAh-qN;mMT{p
z&Zs?OBKb&ALN)ael=<-+!Ftd-$GXp3?h~%2h+p#0nLjC;FmtA`vWI_T+4>Z#VyYaY
zY_FXE*<$)pGm~-Qz6=pF>!*jCa-L$>4A+94sW*8NwM8YCC4cIl6!+<8RWvGEHOQ3?
zct=@8S;cY;#;>baCiu
z+K@(`rjZt$X3s&%mdQ!43$Fj&P*U`^dc9)6!1%LHv8T>f;z$vPIn+W(PRP_d9VQFq
ztOm>~JC!?OI+?XGwMjbdKm&H4Eq^#v+L_Fpx|#+|2SPu>>|l&ADp(mT2D&u+NN`q=
z#p#>l7_@Ryv}|gy?^${L6GaMZ!VR_!;f)#5We=$hzYT-L8mf7*!`^K_jSLp8me(x?
zXBpe9+~o$L2IX_F>H_MN7QeKYUFsc(EsD1SoUW1#>5upd1i&^oQzuv6Z)nx>+48Sn
z1->`&#__&*AMxJneaCLW{K35SZqqscx$tiO9DJq%9=LaQA+lRIbstgHe{N;RCn5mg
zeMIn{Ae`_UPB-BqK{Vkwfi>Y{LT5sHD(!f)1f2xoXF@cD&)_s#d={2wu0gA>`@cb%
zmu*s2;(i3`3e5P;Y?WV>1I7f$<;L*Gs>kVaX2yEQy~a7m-A$fwn{o4Vx0|+_mSkvV
z>}8N=%-6l)wC4mveQJoD!`pJ(`nsl(iGolh=!oT-7{kv9`Cc7B*DnLv8M<^IhYqN2M`ugRJMiNqi7WA|DnWW*^o_s)-Gx
zKcWXxtfuoaT3HRWy*_vidMi)D&d%cqoc_}q>PS;@q3N4rA#r<2&_d;9Z7hODkJTFzkau{^qS+%e1ceaRo
z)_TTzb$Kp(iEI<$%15DIe{hJdWYnUi^D-ISUN8K%d~I<}eoepqZCp&)(7WE!4K6Y2
z&$%NBz~w^NN=X$8K>Wk{!^<9bQ6jm1_u?9-HCOsKO|6#<_Ns+vJU3D`&gneAlItF5
z9`GGq&lIBAqu^$TU9<02z}}XfKFZqmQF1n-%rWz*&6WP=+^+XgS=Y)7XM9trScv^0x7QEt)zvXSpqYar(ud4~Xyd5SIG@l*8`SwsrlmQ)2G(RiAKB$!DUfTtksJ
zg%+#Oo~J*y6_bWYAq#iykRL@=>uEz(LKW;4ahgea?4kmG!aFYaovmJy<1IP#
zd0L_&X9Kg3T`A=O7GN^Jy`VU)(d^NJ%-s4fKrw&lh10Fjjbi+sl%Xu}-CZKIZi_3XKW69$$p4~R%VR2_4R1q?T0
zz;;E2Hbd3=A0zmDjR*ewh3Dk9+78
z{O@;|S(BgetQ9aggok2l;}((Y%`%vj=n)PY=$H!0xoSJnoCCr|2u!$@+luO9>nI!3
zNdU8xCD`20T4lmZurcu%QrI%FRsJOBZQks39Qj{L9D%!!x={tAfjq0%n>IW7D3Gt6
z&-Q}7T^F(h@1Y&)65QCYsih<35fr%@F@!x*3F@;*z
zeIPje7qNpJM!yNEsGsbAAN5~z6@9=6Z)4*BBL6R9JWOn7jX!@L{%^Pa&jeviSh#bs
z-~SN(i5kBPdi!m31>f>eo
zv2#-HVEF&bi$l)y(S!r3?kpOx$IHt?M=LA!jlrlt%+4c@s7n)z)ROw&mJhwt0Qa5g
z-cdkfo$IwfnGI|x@$p!{E*=D~IdhPmUz%%`{D5#8=948#en4?2?%o$b1`{V|HD(y5B$gUn0
z_Q&u;dD^2JRVxkxY>1p-nZzGMd|fLB1bGSj7A8a|3;#iX!xIg5Vnq6Y-ZNZKl!K~&
zU&Axqt2Fk(0+aSmA^fj4%-A!hY&vh!?E&s;+v5-97GQwZ-s4x{uoB<
zcsxUpx3F)ZFR02haBylqr~hB^`9F~sZ-|D<5Il7Y{0|sL|0g;f4MeL!we^2q$Bn<@
z6QoTi;2-A?vw9h7>1uS6BKl7z658kYSKK3IeE9gk+0K7ifu#{1gAt8E5A#0*nb+d4
zxIrre75acJ&9>3Q4#VHi!bUd_Xt~oy
zf1`()CnuVqXX!1C^2|o@`*%N{)~-R%;@kR$#|u5oSN4_Dh3)BOBE^X9A$k~(^8eMF
zNB>xqYZO-ROyT-RKww}GiH02>ETKHzidmLZfk22acb>}a>G~#fs)vqADpJ9}*?qMD
z?+uc5D+0JTl7jR3ZVEIrGC3=EFLyuP8on7Y4Vi>&8pPu$At{lW(W+C^VRun?WwtL>
zuqM%xv>J9PvfIbEaSgC&JB
z>8AzmsC_b0&~c4i=v@PT-B9DPvyIN+Ly*3MP;?aVMJfjmT2#Zwbwi!4=Me@ZH%YKs
zoB#ef_VG>iq!Ynoh$4%=*&o9w1M6QLH(fNPF~{FXwIVOz^MmkmM#|cY3+F0th4HrH
zC$oEYw$ZA`O4m*jOV_{&ED)p1Li0;U`L2MLuSDXJ<~|EAcXRCjWGa>Q(A%_QIlU09C2mm
z?t$RgK18dK@Z#_!Cmk=y&HN}z+23|0|Tp4}&
z{VRm<{%m#hD_PeBLNmLRDyv4QOTVxK|vF33*Zwbo%3Xw=^lbq9C9;aiP_5
zW}qPOkjiJ#vEr343RC*U)CxK1z@x>;_By?8RaGm5U;bh(;;w9{CI5a@YPH!h>1rpp
zZl??A3M>W%9ra!j%v9`LZ5)rX%G~~S^4_f{rNPG_PE+5rfrP6orON^(Q&d?{>#7TF
zkmv!>i9K3E^$yxrMmC%NL`KPSCojrzdD9bBgyX^LIf(
z0h>duN(!rz%IR#CZmv`9Rz)-?wjw1a>}ofFF3rvlSFmOWK1c3MN37+jOpa9=hjC#2
zUNY&UPR_vzJbDNkoU&cvou
z6-bId2O-vec$YMOmZQylRDit+b51Eg_;6E~
z(H%D)h~-~1ma}~D*{%TbFX0&m);0E%+AXhs@_*zl3@i;aGdagT()veM#Khesm1)eF
zcxd=9VnH-5*0Iw`{Ke7#5?21D#$+vY>?lQP_AlbeG&Cod`yEIABPoW;NTFlLYqNJz
z|032!lV;9(Kk2_{_J6AQ?n+nNRB4AuBp9sdYxd7U2LrD*uFDdIT*3a>Atdn3u7$`f
zFhK6jYl43v4HhO$_I%d`lD`A|8p&pr|5dq%Sj#gNBGCn}gd%^W(ky#~{qrL9y=It%
zk`JK$ZZfNQ3+kwVf3Wt!{NdpfGO7pvxFr~2A5~>y?fshtHu`nmy!cmKkmE8K)nLRG
z{c|++gcrT`@!0u3(SGEg#`mG;79jaIRJ;j8qXNGX7yqB1AM-`1<@o>8
zy5Y`o^f9sh%Lc?_gbV%uSm`01NkSUoNZ>8Z&=M=4sNgnjXWnQ_pb=>|w_{4A!_tzvwmFq341iTV$?ks0$XqZ!Qs%@fMu8t?Z-ze|547bQk<0O2-Eq%ME^);59bKn87#FKLp
zgKV_7|8ks?*~7fwJj&zvrqBSk%hlW4yY@L%6F=~<(|)}gC3@6zHefGxmc4m(f4h1g
zMcMP`;m767?n*Oh)WSqcAnKwagqHce-?l&@6$OvkGa~VQ-b`oQf{Lpwso(&=xt0QQ
zBC*Y6UT@g!tXlr08W1^MlnFV!cqEOG%@X%@gC&&-U<)SCw|u#nGbNQxf}MF4oaMc{
zIT@apqzC%eey%%MKuO>_H9P3
z;_hy7Dxl-@vi6E5<2km32x2MGz1(2>m1>Cvk2ftRsi$0LiR@0O5odH{N946Vrm|QJ
ziQ#PM;lEiZyft1wKS>Ia=(*}W8V{zt7A2jk_oy1eh9Cw3DNBaZKKo6>EVsaR>8WRC
z^q%^V!mFO0vW-xe)wE&l+nf~v>cS->DL~%z<%atO1bDMf`IX8(?-MrUc;NBZl$UDL
zm9UM!pp~ozLZm!&3u~_<7Av7kB~oS^+{>k~3E4-qdLlcP>YteCL?~91Y~a~$r;E-F
zgh`T@MxKz<`J0oz2gK?j&RiZd8X_-UWrCAdx~b=#Z=Ad}!s3w13EY?HXp7lgnpK1U
z!+jf!Q%Dgp*8xtS^G;YzhrqfQ%r0Df&_^VU_T&
z4_e8*?Y`bNMXtvcAE7;w=A8{>E5r0{h;+bsj*#OAd88Yn
zwp4$5HYTC)niH~X{BSG)FK>8on_+m9M%_Oqe*
z@-Di`)h=i}n)T-Ix1kF65;b!WiQip22#?}o9;1~7-`AH^rlKLYvlUY5Hf3ND5COZo
zsRtMdZI~nHTq-n?F7&>-&Xy!fL6!8C@JQZ%Fmdv>{SJP?6%K>Np`p~(SkN($?(eR!
zCObXHy}aK7IqZUu)x4NrtKE_JmN&M$j6bNhf5yt{Juz}~1BI20Yz^Z{#V?e~bTlH+
zR^zx!9fj@K2|i745d7?ay_H#UXS)ua9{Fi=|e|Jbo+TK@vsRXMr8~AS{8r@&PX`PAhdpUK>*KkvV%fSU7!y2TUm8`sU
z2*ztn67);naB+LqNa<`uA!J_=0@P~2(;dAoV*0+N14`xrQax={4;}P{%UrFKs$HR!
zMXL7&+`1LR>~~U)#FCglz&#TCuI}QcN5j(KPFc6@Er-fC{>65{TZ%<;ltVH&+jPdi!^EKj-EZbuC
zPoLV*9ucC_`XYA=`6(%gIcS4sRXN-S9%RuIf~*L^M+4TTdc2fZ|Lo)PTSPYm)&2S_
z6M(ogcux(8Pigi}7Iq81>IGcm=e@GwLVNrBCwjsHNKfy>&Yi`H*E2hLUO#_8cPA-3
zYEN>qPHPq^K4%wqxo=0)xZzG4^`%)Gm-EDyAraLVfFmkpdBsKkX<;`0%fv>|5+o^h
z{gf1eBeqFIHEnjZkE$&FhAE?}GH
z8_T!i`iHhFriC|~tfbs*)+`!gsP%fm^+%PjO;vr=rNa1wljb$QYrXtTjXnL{MOgDq
zkmD&?TNMAr%199u!!82=wCHe+T6r+7DR4F<0_L0gaJj*Ac4p|vrcmsj+@7mWB}D;o
zxM9BMILhKD`211CeWm9$IyIvf_j+;E?p%uFt&0`Q^u=FZ_$t17{j{q&G={X`E}ZugD3vm(F}L}w5^}jnPqvQjn+Je2IyX(UH&ci#wj_GP9D1F_4!<=try<>cxltH;Zebq@gtZ6;l5o(yT
z-5GUd2sL+PQ(Cixnavus5KQC#d|M+~-KtM1*<`S{N>yRAr%}7=Ve;wwaI>eteV}FV
zhNv}Z*}UWMr(PkN@1y2wv9puoL4O|5<1Ri{=lElv@0}s`2oElZ`BOl9pa6g1^k!TG
zV4-0!rW|$CzU21!YS|Z<-<_f66q+jp!)S}t3lvaEHw&RwRvaJLw9vpU@uQA(5UZSZ
z7y5YL5rXP)@!UJAC@sPOebAJ3;MMTM$J7{QHv+)L7nBdkU4W?!VICH6CWG@j7AI(#xvp3;IuO4g*LH
zBtK9SJ5E+#D?eEWjyS!jjx&K-M(Dldv5H(wz3Z7&SL-9Ua5`S8OmGTiC=I9%3yWV&
zo1IM8no}+!fuz{y=ic$mQ1~o+&%gdtdug)`2i^xPf1Cczda6JAP@n$10<3Ast=|!r
z)}(D7pOfMpT#}*Ugr(nhXPk3K4N+#f&dFVjTzM+88sufZJTESHy-lS-(3Vtq)N!#U
z>phlnz-e)llY9ON`KQ!3RiqH{jWs2##n;(ZM7a7)ihgkB5gmaX(JStcLR3%s?H+d^!KImW$ZD7`9Llq`Q9R&v?AgNxk2BPosSiIaJx`lb<6r8;i!G~TSR~0DD^*Uw^
z)!vnqd*;LpJp>cadv?|~`6grcI;q(S7Mxi#dI8o;x4f(8r4kbgTi>_j`^Ilo)gXN?
z%uQb1Cfy^FsxnuUsNFf-xviljveG`&1`o56Bh
zzEgE_j84I+sWJ6d^HdXY^uQ`FlJJiWLoN(|e2L~$h;{yLdQJy5>Wha(;N=U|w>8z>
zK$T#U)!^YI59mBwer=PKj`#RZ@w=QCPS>Cou#O}0!$%3EQL|cG
zjb%k1g{fw~TbbN(8SU(V!i)?thitO~?d%?;d)|3j|GK5f`1~`3r|rV^mj&Bqe9jGj
z6Ju`q^d-PnDn2CJMQkH-v}b5s-)Yh0Qp_YX+$sD0Zvbl@>D~1%qq4>l>|?!l-{PB{
zjn5Ln7A9SPW?C+xno`-lFgh`znxHu*#eb3J9bO{^bKJOme>z
z#ZWKQ_4%kl#=|;#Rp({|%sSAmJ2cMm8FzNxu5fNAs^K27p)xAW_nv6}DA#{(5xau9
zBKc$Nw!)Uhr{ONgRSBH1)!QL4v+s2WhupyhlU%ONwWF6`|ks==jOc`cq~RJkolv`G^lju=h~@y6x>Bi3Jq
zz+c?9On_V9Bp;-k{eOAd-%Fe#`3e({I)Xq8$R}5pYNdlJ!R9n?XdDeD$oXi7k)Z1Y
zC|}fw#az5zFQ;k28h&P-$YtLB>OCsN`(k-s=&0gOKDdbLqC@*n?$GUNCM3`A+9&0}
ztK`osLib>OG$z#)>!b}4Y`87^sZDu>?kL|6fCxyTU~>yXLQv^L_}6b8s;1sQ+Js`>
z1g);L90?anT{dYH)s+>cvUm>yP!}OO-ZXGUAa~oIpFk<$`!?-XD%baJYOl9g5*`6;
zGov+YnJ9V=sc8(<5>kKhm3y4qPKT%%fa55*Rc|+B_}X$`YLcY_a4wgC7y1jcA=WVz
zb`u5p0dU?2j^@9%zf>tf2176>GuwBht~wo)_nSrT^%t;ImilQt;^33Lx=xv0^@q#q
zK0oR^y=bMdkgyGS3DMZGBDI6XWA28ZYNJ!}8F71~SyXMLP^izTwuHbm#T#?s(k(l%
z*+PR}bvJU|PI0uTmv3CW0k3$A+Fwn6_O4Y=0|*{-cyVn|u4+0NeeNTTMUzbw&
z=FS7d5C#f1KYzMd6(R-RuSQK@@|Pxf1_ysqY!vhuSAN0SAYpLDm1lm7Qt}oFEQ%u%
zZG2TC3Jx}+9tK)kwqdA8-M?-Ie2Ab`1opa(S3_88e2p&d=8m~A36%G`sHSG-Q&5SDs?GH&0
zoN~5(RzbhHL=u*IPlBs`-R&|dDzZh_w21Z^SAE9e!(&=8Uj7Mf`&Pmfnj3hliSKu_
zh*10+@b{mV#`Alg}cVrj(;
zyLuuM{?voQt%8FWy&1VT`qH@<>7a|u3?NEAMbK@UUsZtm%&Gp(V5L@4c!yx@kO25L
zOR1&Z$?CLTAL%>9?vKqHYuY=;#VMaFSitAtUbbH}wA%2B7UE{k+GDF>(75@~U8+`d
zIX32*Uj{3e<1iVv_L2IgvH
zv)O9q2DHT)`5Am5t;h5hH$e-hI3!XMm&L44gvO>{3x$o;T%lK+FRaej*)9{-X)$@Q
zxdBhO%s&YP*eunI{9)B1!9{g(cH?0L`IoXp-Df*zHi|h>d>&OIuQX?Dgs>JGUxJ=6
z_`Qng=+M1y?yQDP1%nvU5DI^LYPNGf@oX)6bykPtgYwre>D=o^5Cz
z9iENnB9M)wgFKkEAxX~0xgsQjjw-gZb1E4V@XbXI#o+k%4Bk>noH!{iqpY49dL`7(
z?l29^G?>2j-QCLR^tjjAUSLQks%tQ7V1{bRN759c5qqep7JsnOfPC!AXr*`tu01*9
zKFHoiwY&V&Ir+Q?8`kh4_5D7
zwUeV&bcKsv(GF(vY5{q9E
z>6Ew*Pb{%8;&d;mwVtU(z>2UBgqUSb#mikx9avl(SXV#N*;m3kDQi_6Ztkui(o~Zs
z$Z0yZX@<&Ef@WY`%{OkE_Da`lgu>ROlu=g*Rj_}?pTVPw^%)0S0B15M$!VJ^{eAz_
z?;AV^V}1jk{2ud0a##ud)Ocm%4m~WcxNV#>l^K(=fxCJ_BttgRu?8An2Z%4k6;Thb
zud=pMdyyYa=iHfY=UViZTYNi-*pnGFLihuIT5Pm)^l$o!e8m1JO=9zgk
z-k(#vyLz^g8Np3?GRza^!D^(t(E&&|=_(_|erYrcw~1bFa{N<43D!eh2myiJi|Ix1
zG`3rED#F%SZ0!gtBgBm$x}~K|6JYh(VhrYYW7!vzY3>p9DCnSVey)lWrLoiEAyhfV
zTxV{#aE_4l!wL{{zHSsDY4qQK7qj3|i{?yuM)DtU1L)DIowk!IP2O|0vJ0Jb1`|MQ
z$;Zr9OVa~AHTf1b;UFoyOrP>rb6YYkYEu7-2ot{$T6NPmG*asyUIclPE*97tV}G3=
zEaCM(w1pQ6{^-$`Zm{jn1cLmRJwfy=&W4h-<3oVnQO*iM`d0Q{Dh;Vo&BNv+Zf>#o
zz-l9%wbmI;&i(tBX&H(iSKwLO*dy(k{N8+8UpUsHGlq%F7SQ>}2v`cyX!4XSHaKWH
zZ{{`c1j47`M-CuYxbW&Ob~RoLo%mY;=&$fC5UbvS1cloYhV)tTg}M5*3qB3SU?&K(
zk3SZ8`djdFR{YoFjf;X=1Ar%e{8S81$iUm**42l{EQLPp^k<*|O@#p+$1T6G4@nhe
zhb+8lsHR~$crR&p!!Sn!Q8AxY-jFN^p5bCML}tuneb#{_lpdNh|JI94xi(H0*SVbo
zemV*M49jU3`C5gnSs7r`}J-NvRD
zYc>sw5c>_d$VQq32kE@)Z@fA6%5tUZGE?fj-S-@j&n|5A9lc}+Wq`dPZEJcLa2F-F
zNJ^0!DXj*w?VA@{0vNaQ!Hfs`h$Vj(nB^zU9RaPff_-R&esE^^yHDBsCaC3Hfyn=SH^W0Ct=x(_Z5+Gk5a({9C?=y
z9WQL#@HHK4t9Y)%>PE^z8Wp?S>Fl}Sb@&JWbnOT!jmlBn!j`@FunranpT(>daikGc
z^_jgbG?0^SJB16C%=@Am3Q`MCS}VmNBX0ta_{gq
z$mZf?s8lQ@({)gOSOuwx*w_WP)AXre&!$!b4BU`ZM8@nhUz}CM>Cs8o9nU@mh%RmSAiPbTv*EB0;}lqc8^HqJO-)
zZ?Z+Z;cuGL1@Q}K%gMs|Jg9H2rBN%iq7QN2MyI({q>7yRR}+i+=}n3Pti7kECoE!|
zZtA4;Yp~Sc6a}>cGa_vkl0wis$JwH2-B=>e+iZ0$>4R6fsj7_-wNfp?N0y5i5-uA
zuc=2SKVr^e2^&bt&&~IYr__6Ej>>V`owb6{5G1u+ysyV?PKcc4gTb>zNEkAn@+w!B
zQ{I`bBIjN~%?l|mPn2W;;=TJZI+L6S50@fWVCjoF_bC}K*$MTJ8iI=i9eAuiM{R7V
ze&EgOrK}rkjp9Ggjrmk=NLBi>K;CtB0<`&pzG_Kt`E)Y$WIYbhUbt~s{nc5Wtui;2
z;*+1>I8&!{v(cPGNs-2fm+v^wH2*eF;NYgY0v_^v;z6Y<*po8eSM#@&f$8oE_Sc=5zDB0j{;FARR
z$WOb{=S^nT7?L5YE&6hEN?clX)B!mi9y+UMUC%9Tmde-5*$@Gocyg{wrgO+s!9KAE32D%HkQj*mBFd1w-
z{NBc)Bmb0O{0PU#3#}|j_X(Zbd>mbWMQ`oVhUx;dyi5a5k>IFt8eSN@a@9x#{nEw@
zy5RGv&#MMEO(k{ZsAKxra}aNW3qZzD+TxsNI#BJZ_9{bDA6k%`!}i_5b8pFP{dkL-hc{8(^KYG_sD$*_O^b`*YSH=j+>kJN7bJHI{KB`#$#-9`XKCM_Zt@lF}
z8H3bz4sO%@emeSTaa=x7Y!Bex_)`CBp~apRh}k-kvwH4RdAXh(op{P?jU|6eF^oEb
ztoBUTfVtpz&}*1NL-2Ob6J1m-xpxVgu|bYFMv8f%utMly&)CIK=QHADvU}=9S-pp3LABksRaaOC#>0-t}4G$75hZ^ohEgun)
z5UKH6D%wt2aFO8Jzz;1K!^K$g*2$o?4{HE*@%uh-l(
zN~l&xdeL+(n)W2&RH)S1)(oA2-K^BlSMb^*>%-fRMNam}W^UiM7w+dPDWN6@+Butx
zPJICAT;DRbs}$X((_e<`pH)Z@$myl5PWNMYzhcqE(npJ{@806m;GxuV*Z)>%L)Yg<
zZ=2TodO<&CyYj#pqFIM^Jn*!4_`JXQyP$KXg2zyI_sS0a?XD6{YYg3(QmTr4R@
zs>Gk$+I4qDRlIot(Y^1b18(mc9C<10+d}H2KY>nO(pO8(IagIl&rt|wooHF!-(G25
zia`Ts*%)
zsOw!NM9gbj@VQzoQQhvt6}N%~epUE)Vs&PT6Iy@a9+17bk9Rqe$!fd4`;dd{>RrJv
zr)#e|MH#0>CHmm^CX}~#su?L3s{AAaCd)IM2y_=iD+70f?di!!hadS3aj&XZ;$gKJ
z>Hhs$i@H92)$;1Ck6su2a4Khy$HDN=Q8tk)2^@FYB`oK5h%g+(2;&;XEDXqn4hGE6
zL8|AZ9UT^99@6kGq7*u-?slN$*MxRrP3y!RKg1J$o{l-`1RXd7Ys6J11{_1UXf0CB
zw?75D@0ssiNq@@txFYU9gpKeAeSwmqt$496ZaV8zdwqg-PX1?OVDlX0oX-Cw4w#3N
zW27TFBE
z0qLvG3FylT;u!_{&fq?D1B5W`e2v!F(#}#$res5%-EiQ7zfbpV_o;Or6aKRoy!Gf!
zSD9ft1N!f8#~`cmx^dJky35#-dbVs}1Y-{ONhM`M6hpwX>9afAg9TeMlGhF!zp96X
z^9&_|KehG05vB#O{Xm`szJGE&!Eegcn|FgVZ6a*Id^0{YerF(sJ`ead0}8RpbiA(Q
zEUxVz+Ga%S4c_iqkl<|7zANf)i5&D-+^TO*d+l^;8^1GO%k4)v%fClr=YWUU+0@Mt
z&WP+n;&aI65Go2;&RR|p3kppMgcK@L1-2h?liF7fRMJvrbHtF5m3=}NZB?G}6l)Yr
z8J=+*_4f$AtI=d=;IVu7x~>(cdb7Iq=9EtIs#c~$H9-Gs29mdE3`>wARut_Bh^U5#U!oK(Xn0HqYevg;9GiWF7*{CI*2K=^|y}d@l$XMD7O$m
z_ZM8=ow2GpUwbXMas&k|@Wo?$D_HXkkrn*@)t-yf08B3ypMJ*dJ~jpGt@1bLwDP2D
zvI{QTUf?KPIYJuk>;#8gXNDLX-sdJnaRYn3-dDy@;q_gu1iGV)_o{_c$T$5le_Q@d
zDy7p6ej%1P@0Lj7w?V!wZ7BR(^rTkJaCI05J8*ceSkAC^p=+uv723hO^7N-atCk@*
zXcO$RnP6CL^6$@yd{5$(E+pmJyIDh^+IuWVaN~Xuw;^=9NTm+nI%L(kD`*C8^w3|f
zu@;3@g0a*d46C=Bw<2Nw19+@PvqiE6(|JP91~3-2g&_3NA;V(Cp|7Svw+^S4WXOM<
z@nEp*E7oZ|teuh!AsfD!3ocRlVt1fp=*V%cOIViD@XlmKw=BO(Vti4~XFbOd^n3Be
zoA$e{viiG;3~mQ$)(hiHo@9eoFqUa>>gC6yxU*?aPujui0T^@P@xL1=u&m%UpCmb&;hKvZhc5+Lc~KoTY8l+JS}FK@XulKzpR_#Sr+
zo`{sWCCqdbqM(5V-S%!J6jt|GS7(enZxh-tHJH>-kyr$m2zHMtlPao>j4MYdExr}j
zbS-Nt4-W6Wj7K)PtlBwd_Ez5^R04hSxDw0&Po^Fr>`>L|K=yyca0p6_GY
z?AgQ88;+2;!Tk>@1syt6li|_^4*PIa=Zi#9CfXf?POn16_J&!+PAq4=a>~pvnZ-2W
zj!AK#sRBY?TyReKzK4HzQnumK&e9tTgq<5TTx~|zw)G@tF=0sj;BPi5XR6>AXv4x<
zBYidG>ez^PW;t`Yc%@E2K=Xx=|{X3$Jh=c*rU;0WCVkqaMVyB(6UH|bTI$Khn
zs;?P$LI65VEo7!mDnp@dfY&88YLK+~Yl1liY7rWba;qJ9VqY)O^7*fLOR_E@?;
zKw0$OyS&?Fy_zmMp_e!>yE$+V30!2Ubwv>F*k-=dJ}4Vwh61SO`{ulkuf)-{=m8aL
z@hh#ow^-nUnibot(R1(NkUfB=$N4n^ypUPHfT)6r4^`ya&lg0269c(jAnt6VaZcy0
zA>|2xO;31T$DGwTetJ(Mgvaup*j3Zbs`ahh;`az4B-;+^4Fpg&J-6b1IhI~A@+WFe
z|8zb^DmY7IV|X*3J$?kyi{wt+=Yd?*xxe({0=%314ZZS37Tv6(8;~f<4rvQtWi$%H
zIqipE-mchOC7t6_I7Rr!tQiNT-;M(Bns3!J)c<;QjS#~&huRm6U6*C3U&B%vH;xU8
z38~UPr|5G!
zs8}|6rYp`{Dr?EPRsoBY{w6cZb)MdtA9RCZ;ynd8x3NJtiR{%2$rv|(_*9XwD=B(+r++%k&C2BxcVHQF~%5Kq}9N)rOsO176dVB>5
zEC=+6zDLu$i>2RLd>1EIMv8q?3;$F+<)@H#aKB*u4(XVc()g;S;>2&cmHcG2@VyVZ
zjnKw(YsV6g461-va7gCBkOTQ!yGDUp!gWCK~0tmAFr#4I$CG`PC90nrzgahl?{aQb?Y&T2n-(TKI
zX&x-S{nf$qaEEH%%u9n~HaU6xY9p4_l}TFaleu-;-+nf!g>Q$bcfr4=?$Yi+w@T7O
zWQ2&JvajfpJhBTlE&F`>F5rinMM{@igc&L|`%|*&k&nOuPl(%`VKw0FLfiVKWBw0^
zo@2D#EH!Hl(To!jeA0=TcMH5ntpcm0xtwYoF_GN=aXigr*9UmYLdL*v$g8f@he_}>;z`DYqk%r^Ye-ee}yJdPbK
zG%E-~j&bwizaLX{!IO^o~J^=+667E?!8F%EiS_kFVg>f-X79J--KbK;u7lv+rJE{vGg2l-8|G8(J4
z&vHk2Me$W;zgBsf=8Zw#=Q975(f2)gHeTnRqEWa-a^I)Q{9@>V_pTy-nFcWHuU@hT
zpCSsL@}z_u+2BQ3gq4_&#N4@7D{UzsM4#OV0G
zh<=7c;3|fQTc+1M4^(l<_C-%Flu&sOlh);oB}dCCJ6I!@P3Kh9Hq;vpZT?`Q3qvWy5FMVlN#o(5V;^H+YuTTzJBH`a_%-KM!rix6N?
zO)$arf!0U*?y6ETx`4$6lO|)bIFsnD_eb$Ue0KwwzBF>hzP~Yuj=vK1^usrFD@@WO
z%%HMYUjZwxDYqB)Zk!To8uB?xI&q;F{$VymQD$bje
zpP$;FcAd4(bsy}b)j4rnZi$_lC9uXE@8{HbUf1Sf2O8Fu3dpz_hItlPMC+xq!GL_l
z4AWT3sa+-G>$=9P>ZZhb!GbA`K^X3mmh*{0wQkQ)&bzF=fwm!#@W$zx0JAWhWc)@%Q;
zsgOxYdwY=n>$%yW0h8KbyUV*Y%)l#KHkT`*M6$!a*-f1ZV|{p9cX`!8Ra?9KxV)<9
ziYABbjAyg)R?Up&2|l8u+kw8l4NTwdeW*YMR#a$_Bc(qZ{hKm)+w4J`O*$MM{h}P@iHgT&APl~Jp}2Y`Pw2?@^~#LzbV0Xa
zv!H7?lcY4)^SAM3UZ)R5mx*fF
z-(`w#?Y?~+5V%W@8X8tiQF+iXx36%pm{KOw0Ha};_VxYT$kU3a)_*7oyK1)y$IXty
z89)4?Vy}bGq|-GR#irCFcAgJ-Wg>_6jGACqGp=)qye?9QikUJCDBGz4u=%fNA4z=$ua>E>RPZ$z8!qzU~a4_DWT^V6-E)G(!`2-#lip7~ktRH;Hy9WxsyX^ocF7n<r@pWv5S-^57aQX4|+{tTz?g{X%KHw%2B2S%?gW`?Y0tZ!!=%0b?@iR7abZ0=8(p&q$QK65t!sM3N%|t={IJI@}
zfYob)jUtm@8cHaGZOq`!z}jRfZh%bGX2VZ{`d9_e{<(Kl*T%DDKix;X5HsJpt|)Tf9l4}rfH!P!kL
za8&N(#&5o;Nw~1SeQiP0shU+hT=pJrJSii3B!O*%A##%_u3r(P$n#y7Y$cbnd(xrl
zq!7sU3kjaeNq9Op^1yfA&?(~fS#%J$jJr$6xz$`6Pwm3<0<$!W%Q&blh9SkR^3cdT
z`AZ@_QEHF+x3oU#8Olco)T2+toH9@{V4-ZA`V}Btqh%DOLU$)hB^Vgwt>O=!8yLXifeT
z4DQ>jqj;odPD))jgH2|CdVE21L1|d_sufsBjl;`j}WcCFrUnjzImHB*YU(Z;~H
zVB-Xq;dkvI=R1+ztkSeQbKV7K?GnO&NzR&nV)n0&Y2X&FoDB*Szv`(DrRA^rSAC=I
zHuhH@VN!@@$YgTs=^&9RFUNB*ZR*eG|4>2lhzVtnn{6-yGS`1F0st-C`s4ewNh=+_
z1#IEn&3{s4V$$5HCY@Bg{v?Z(1TOm{p#4GN)(I#!Rg!Q>|Dd`2h6M;Z)0+O#(tlGG
zdK?03(MV$v@qe`A-(-&&z~xMul7H=rf06j5@BxC&74@fBzcl)v?WYAU)1uPFs(3*8^g?G@%aBld|ObrPUhw^xl#@$zW$qAszRskH)x
zUWm~6I~>3QY27pgNEY_J3$Zt|A~cOt0@CWbzTmKEY9W56KL2mnAx)o5Nv0~nXtILW
zcH?D+Qis{pH2_Y4!X1$L>BsOn9sY2sPCpASoHZpZG^QfwUD}er>ZiefDEhTY?sP58
z&Gbg6H3F+3m%Q#`GhdPPP2^)_G!H*fp&&W1(NbGbYE>0y&GnsBlJ8_(-|zFJ7Z^JT
z?UYvlSq|3TZoAAFhn&wR?zj{XoRKr&Q
za&ml};qL6Cm@OlHTU#e39ZofvPEzX9gIyp|CwC+tlwAc-CL#=5e9-+);@HMA3}e`l
zN6X%wp?e%i=&~KJ)xT~to>?s75f_p|I&M|;WVK`y*H!nR{^CZDl>!NA%@&Q#$4W_3
zr4&8$d#6iZ8N&A_$cqsROR}0uFX+WgvKO0(H9g_j0(t-YmsxA%g~Bf;de{Q=_3n&O
zKUqkAZhGT}Pqic~)2z>_*A{DY>XO|gp768W#fCTmr-kvi=WtJMjmFHOvdW1s5kP?9c~`P!-6
zM&tYm&pLNaSC8AY*7wN*_3~zO(BZP<}*5Qo!St1DF#>5S3E2lh1Rc
zWV9>jP}vCquD77tm%hn#rc9|qLJWcP<=uP%DSv=3{IPf`_1em^W+loBh|y79+I7GI
z3IWR9NZ?wH(f_jg*69(%NvX3A+9ivGYjRjXnL7JEsa`*Z#V~rgA7wQ<={+~^k?k_U
zikT#XQr%7!O-O2tB?
z9ikv{S`JOgmw6C5VcW;wvOQ7WvfxXSq-9RJb?Xb_56Oegt46B1eL5RC%DF&;DEp20
zk`!JQ2!iTVuARWJR{j%{ndGrK?WN*^tGw4gK6ho@r{nm;IwO=q53Ci25>KD}VKNN{
zblgY}{xm6d0*jnV)U$wraEO{P2{O6jBeSxeYpRs_`Z4Z?0*oicr?z{-HQ%m
zLmQOcE%XA4l$TX!;yLjsv70k;`bKB8kLIvI%+3>!+tyddCygjVR_}C3yfz61C^O
z%40oxJ-=qERMqm|6td&R|XJR=YBtxyEv*u^z_-Vs15_C107@lH7hWfmMJ&B%Kqcu$Cc6
z*T8A232dq6TCynPvJ1a%t?h=7faTUP@?@$3%9;Hzbv4VY;B&*&g|KQ7CL;{fsYo)v
zu5L9wqw-|c`_+=@`MhdY(y(vp&B&xQf8-%-9tmax^}dO{snL=?NL>f&l!dHU!NGuEfe
zObt_&?TvLeo?pF8ZNfqN?mEGSktbaW{WkAW{)9;6L6}jjmF6F+!^n}`3XE95b~H!AvYzoouGFvhwMExch}_TO67vkPkpiVIqYU3|*mut+Fto&3sb6Dm$c$`oeM8
zg817R?;ZjJN(E-YIc4(fEX&MO)Omn3M;_tU_0bg|(;5Ew|3$$yO>dUBF8En=LfRiF
zQYoIm#BPr%p#BFwp*BDRYTGSOU;h2XO+*3UfIRm*@PGRXbhq!;B!^@oO5fkED(f$S
zWr4^`cJ%iT*N+BpL8X`5G~BL
zLOATU!`m2vmg%2P$lLsWMSFtvmoItR*ob*d
zJv2oC;Bk6pcW)(Ivd1iVa6=CNhs@J_>!EsssY=XBOOlx6pNxMwZ}Ve14drV4tXMnR
z3uDBb0f=|VJNt^m@*AxcR&tm8o9Sj;?fjp`wValWl2l$2^2vq3bP1zu)IBbH5jfDJ
zj?d5Ui8n0Y_?-_uX-^li^=|URK{$5*KcWswJq4s(j~6zw&4t;#LkB1%Ee`48$Y0;&
zmztfrpFyRHa53&shABC>`C&d7yc%18bB2}iPxtn$^jXDMvOhy>Q(P{NKg_)o9=k;}
z1|~;>0-umZ1PMiHqs`&_;OaOj_$@8S-bmol6<^S%!zM~e^Y42<}gX?
zMdVn}Bla;kJ(35Qzy}CXAdMW#|KWm)(g|+$QOgq36mAz@9C`GgSH3#T-=$SN#174m
z0$T(%Grwps$++NDTLNkI95RMuto+YlsVouxEltI3qP7Im^=z=xbHDAo%J3mVTJ7`y
z6R{dI&mP_=%ca|{emkw~`t|V&0ipQW
zcT1~>qGBK2o;d*wo-o0QZ0UH8MMQ#H9mgL5GCuz{jpSj+5QYQ{ElatVg;0Oju*d&#
z7n5XmKvBDGa5~EBuPfx-7;?K6z;g7_1yj(3BmL4^W;5jNl9nfW0CorYjym;ihRSGA
zgJ28aJpB<1;$3Ks8R6lT!cAj!1jwxxkli1Yg?POw;lPUMc<@WNKWBefTUXc8%e$9w
z)zN6bHM)Pc6hiG@rvI0(tosr3=gA!O#?5&W7V<+IfXSkCF5myfM-RkD2&a;kWP6d(
z^Rn(_WuipyZLL^e4lT`JwYcYz_0ZYbx%mRV)ne&>IrY+|(%ll@=_?<1z3x|`uwQv~
z%pAz?{pu?BfOtzs@^1!RpxQE?d@3psXq@+LM_`8!HKiu{dcd+ax
zV!gg(HkkQF@df&bg6kg}_P^j*I2V}xWTdq&%NQeOf<4aP4
zzhmv9)b~+_0gy=&@NYv(Q~IYf=^TfFPiORlGE>sagXLcRGS}+Hplkz@v4z+^S0gR}
zX4PEme!W#?m;a#>O-+L4i-q-
zvQ#H#1XYq1I2q{Mq_dvH5d=H8UX{$_95p|7XCfH$qASvwad&5J`J%Wsb{XBmwwyYu
z1*0#}nZp*gL}p!MKt94?GOEAWq-&0wG^=4=n*Ri3S>r^x0k*fa$I7rU%csq_*#as5g59Kdn0G#nC(O*)s2QDt20^z+Q8>
z+5Ir1iMyqghtZ?>RS*{Fspgjsfu`XRaO}7Cb`_Zkqp~cstL@h2R+=eSLIg$FdH9sGbqK
z?tfq2M__o+uoTRT#ZdY72{*+ybWG=slt|`+3ah?HGOQ)Eytn~ks%F=AnDwHU_d3jK
z#JKmdZ59W*%6iQr$t*ErgZk`Nv%F;^MS{y=LURcNzw@Y1z|B>Y)k!2bsUTw&;=+`A02TaKMvzXp8DhxJZ&tGIGm0Xa>pac}LpbC8)W#34YK?-v6Fz^P(FQbHI24R3$H1;ZBvK(9LBs;~>?v|NYf
zP%$63lL_hxUuguc_h<-;#!zI;=1r!0R>HIS;r-#mRxmQ%Vuw2?2sa9j*6b`3sG$Ll
zPqGpTm1B^$by9oAUTIVmfRGbAQ0k(wiTz=Nm*JxX+EQMYSCfd*5?CI)%PGlG;aL;B
z$eIyxl&PM-+rPQ+BuV{EoS&_%noEy}o)b)t`J)CVqf^LF(V;196`dM-`mK=0l(jI3
zCRC~~QS}+>2z}-X3Fw&v2J73o_6u+4M&iE1zUdEk^E?_`I!JOfQYa%8TDL$hFzQ`i
zu?<-c5Mf+B(DUWz>`ru1lbaI=%W}DN7!p64ki>eiNR{N4dbgV_S`|oXU0tfEq+{S!
z6Fd3z^=-Tlu$6QkNd-8|T_gB+P-PqTR^K#WyK?|f9hU*H%L-b&{;umFpDOoQ4siB<
zfpO0hB$6w+Pi?Fx7_jRd%WzLLHq*N6lVs}fa`058uX_236x$e;bR6I2npim1i}ExL
zcC6i_X2-Dt;x3`PvMWKcgvY3TxVlR(GZ+>~oKMQxXNs|&L0xQlEI
z(>*QW5U9&M!pr#>AjCqXVYnB6Xp
z&z>5n46E>RZ48Z6Vf>6gG|<^yMJ-UCh0SQX9I@oq(2`zv99wLmY1ar>$GOMeMn;*+
z)8!Ug6Mb^YQlaS_Bj(2rY{q~nBlkltd0SrfYpI=m?^E`rQkk_3#E4T0L14Oj6JPQ|
zt+U)awm?*ld(Tg%&F7e1PRg;Rk#E3py1{%G5Qy1dUJy3;;fmx5R3k5^L{JHom0!9$$XFp_?Cuwx^AJZi)tarR!jqz
z;auxH)3&A5Z*>e{9};W{$8gdmxM{k7W1>eh7pQyLZT-3}f!!=i+xkE#7tht`&F}y!
zY5tMp_;=gIqd5H49zF&w_axMZoFBSfpMdr#CQoA>fR~_@>o>+^%!oWDb1ec%e@2L
zsmVJ2jZ3!GZyR2&>j!g|!7h3Nm=*z-x{%w;F`wj{k33M`-emq|X}$Ll&{6Rc*};tY$O)a6>q|_JvhGNmIW?66(^U>&1cSrn
zjs?GJ_mGp_2~M+j>lNIlZ{Nob5>d$}u^psD)-F{WM@7(ltgN}UUT7w7`CO8xgg+tl
z0-W33_i^0_##wMG_0rh;g}rIdW3;(Ct^~KZjd5+^*kRu5a`^we`E6Rb9HQ;+P{B4K42Le_qm*llX#T`4Bv
zBl^sCf7H3~eNx{Evcn~Q~F
zTzCCEX1d&NF#a?Upz|Ejko1aC{mI3{X^U
z8N6~9jyqUeuA+(Yf+y*2rpHP6YPN}olfm^zSym$>bLi%~IwTxz*c8$Ar`^nsJ{Wjk
zWQZEJ{c-ems3@7qyWPHDm8|#3>vwlKu}}vyx(;1cYaRGoO^m2|!|RxyM7!#~N$Y{$
zRK|>|MyPzv)*!~iO(vdUJs(-qxrExp;^ik2tk${ope3(WUd1V=u4x~I*+l3OI&=Eq
zs4`-7VDAKJSYxFpjE9J%G!`ghsNr-c$sDsNs=sdgq
zgls(tdsXcFLf(rtA6D5ol3*7PVdL&zXv6X7)hBheo5aYDj#Ad-D&~Z1RkTf6ubBz~
z`rC^Yz1AM6qL_Wz_7x|izhS(3^nBc2E4CJi-zhf`6Yj?ouHJn&7Cr
z(A(h(&6{GIfG^h#t6od9)m-#nSJo?H2l;8$QF+1+Qvsr`ceV?M@8#~L^4UO$MIaK+
zH1TLr1LxBcV81Dfgi8o`M+-kx8(9c#yV1fP7*i+_m;xsYpG)ZX*wUR#pkO|3nkuo
z29hr7)$^W~7*a4>OPfRE9i<G}LyfvloH6#t%?%Qq-YS`@$GVkSP>RG_9
zK5V9Dw;Ebzk9g;fjn&fA^MJM0h!DkQwQxBX=SnWRZ?LIcn#)c}@MO-b8M3x9&bIZMAyYdLGAJ+K^VVC=eaQ7w-h5>pQA<_BQ^UQ+Jzm5Pj6gh&n>3wim9HBG*6A-VI<7wQT{xj%|?D#z3IW6!ZQEG^cYj$
z(>(NNNA-d{%!GACOoW{CN+0QBqh!t!ocrsmAIsI688IUJN^4>l)m^4
zlBJ^=`FvDcA{BGn@#)(SmrF!T&Y7pJ%I#DLF#FRQ?_}!47pvk^+vo?hVqi{IJO)1c
zg6n1bg~QWs*~J)_a`OhcLR=d-T;7EVbu_DOt&B}9$7rMQ=FGf#P_+O}N_Klp>*$m&
zbu#qzG8mU>60`>^nvn|7az=*d&2al}%FJjJfSX(5-*GVxyGi{S;y4
z#|bQA_p5{D^tQbvELR3ZFWZSdm|k^)CpF?Tx5(7l;;W|RiItYm=92#
zDsSDMe6}tDaT_pBsX9gHSfGr#;2G3tnEv5a+<@s05^OXu&igZnm8bA}ek@MD9CP1X
zG#g5CrNL^3iva0auQ>4p5vLb%y^W}x2z$Q_NTZwRTUD6D|75Hc)WyE-G`zO
zReEuG57C@Ti;hk$+$Xkz!=NJ1t_1%jRzU+GHIf)4K)W?Ho&Fq)#|U#1QR{CY>vnAR
zmnzo5UTrr_B_I}H)N)wV+YkUB^}-knK1E0E!I{SB;zu{+^>bY;s`sYGq$1
z8ZLOzOxNsBy0nC0Z?R84>g3XmcQgyUE%nx$8Jl~dgDv}nT~X0_3x%#xcT#a+?Wb)E
z(U@3I`c^d0n?B4w}-{xWQVOxV=EmE!bb?v=EsQT5@(Y=AB91
zhhlE2fg9B}#DHWYiEQ9^W6t(Hoc^%Q%G|Px3a$9tioB*lL|R$470P
zMDN7KH&4!fiZgeVrJrhYWBk-A?>9Oh$f^CD@oL%7G*SMdYt}_L#^H!^VK(PAXZCaN
zFH}Yc)WxV$vuxD#yh}M&Nv2~v(@YQRvu|n=>b8TeX8lO%-8S?VzCb)C5b=t?T4b{$
zABJTUw$Oi-GKfA!BU07bNj?m-nu#lKAv7g~7@2-r!`n>ujkL@tqEefhb$9-rF>d@s
zrNrnu`JuTiUn!|N1bDYtIUVBUYHnpwZjvb+=A#8xKS_PP02kC7uW{d7uQ!2P!hL!K
zCp!Nmy4XQ?>1RhVa7rq=`8pKimnhmjk6tY19w?B&%|r+obB71wpno-;Ma(roGbU3H
z%g9U{Oz3~u&qhNGI9moNIZ+-e>Zp0#DLoI^C5X1)LCcTx)*4rR?t{~;mSgo67Fg5n
zk?rc?cr#U+-b}&|B6?|%pdt=}K+nZ;htRbjnRToun`?IKeAxVLnEB0`_uo_B}1Ku5X*OO}0j
zn|-v?Qo1tnid>Dk_B(M3*`LYQ@@X9=d3RuIoMpAjmyEjKUJExt%~h(E@VrE*+xe%-
z=2{Q-1JJhj1MIiLcFr&CM+f&0XnmD2++TN3(eY67jrs;y$TR?1BJ{z+a;bKdMDGd#pSUYU6XTu7Sa?%J;&nG-Ie0LhbD0j1o?5Hoh
zKy(Oj=iRCzdlrM1p%Ufz9Us2o{mv+~7Zqf$cYt`FUb5SX1RKT4tjiu(=#=0zQ2B*Y
zV5_sTkz~O1Qu-lOOX3TMH0J9Sl@
zXFP0lFOZY$GyKL6LR@M`>XHeIO+yL$N1r@{wvH0qg+J#X0T
zk_>gKnTcIXmeHYy6)ocm4f|k=mRo;?ueC#x#)P=IL@%~PhEE2|CZIfzb=xkOUoL83
z2J`-WJ>z7dR?ChmH%EXGR6QPWXol|}Jzc?=aGn;c(tTk*GuY$IbRBmzn4^4>SS_U)
zaSlIzPk{L-&myJWvcf9s0X_s_mc#!vnjZXwV2M~Lgs)y;L~AH46UcF6y@6v6D26UCm968yW;QSg}B
zOQ9GDIQPEqhpD(d?Ond~M-hoB8(IzU>AmTvy^xIp0}{HOP!3xr>Jeg$jZ=`8sEdwdQmG4_ri
zwNKxu2P`dHHL~4B8KA=-1G_ki>&X%veTKFJk|x@7_ic@gQD0E9?$TyU1mkwy$qe3+
zcSmVFSy7OiNxy(?3}sW2uzpOIWVlwkHJ3VGX}lB1yAMMb=34|*+G<@rZwdA9UO1J8NEOY1
zv#IO(pt8GO=~Tq{d*PC&KSm~5ca*l(l+$=AQ+Wj%osn*ICA02YA)`{5z+yP5r!NOfEcWY|gZ7jkjGp>`6Y;AV;ZhH41z2GJ$m@S0;9JSTtLn~>%Uq06?
zPh$F3+rm*Wt24$bN#^?EfkAFwW|d)j@v7;Yq9P}!>I(Z2^Qc+!`W1zb>V<=5dfT!#
zCr?sNRV6t3y`b=qQDv7sfdZtp%Hk@9#;>Cvw=SzQQj|8U8$$EQTlq3?K81#H_SnvL
zhS%EHhojHzPL>{EQ_GZ;RJN+uXdt^%P+DqZ4CBbI?9D+0>SPSEl~K(XUCOI8K#4}~
zj6aYNUf%oVHznNk(}4HW{=EP&)DjWL8x3+HfhIpJg{e*eXCu9WYS3M|#5KD`Z|jjP
zr7B;RjD58P#fx;hgHrkzkduQl4cXy#)Va5LwBM$yos$`j7_^;3|FB&%T
zznH+}tPW9;bJ
z(5>&aGkzG^(b^j(-a%d|K#kJ4TOrWw7uS@jk?hn&iUKty(bh1SaOV%XOgoqQt
zy4(mjMN-F&S>;eQf53xFd(A}(5e3(B04H68I+}ewU~?@KylT38f*#kvt(ZrOUw0HU
zn7lc~LH4FWfHOD;CoU$Bz>Q}fg+Ex^k
zk=_8&D;$8iPo3jr>`DW6MxNOXgZYX+Vh2<0`S7+p>KFqoUS#KID|Sr=QP;C-t?Ju;*B|R1Uv`
z9uLe6)snhLz>FTe3jpWk)K6+Pp{B43c=&^
zJ>*}0O}j63xrNPa6L+Q7vc2I2`S$WSLng*zCPK0tEIxdKbY5hFjbvg4Q;0(o^@e%6
za*Q!0LQe8dgQ{JMyM9hB{Ulfhd>RZ$!@h3^@1F;pnl@-e{=8z*R%c&J<{Gnv!FZw7%_IJHLN?@CvoN`gIfv*{s6|qFOek;3W=|k#R-
z()0|^zrya)KO$C?UI-Z_ReTGhRposHzj}5(W+3Vdjj(rIOExRUo1hmG$Oju+Yp?Mm
z31=^)zbMSTP!|;`+BTUHeZjk}I7zc=qK;KLS|0aVZT_gK08W-b*-~t@4aRTV(;NE+y7;BzhvegIC|8PvFkq4Gl-R`=@
zvKxF4vDrHRjKUBnwr#qOQ#i4d3tdN3*P|!9_=G0Njh&*VOYYDl=8>S};LCPinsyfs
z34Q^4cGQ#oSfi}V?j6NURR4vg!4tV78~E(P&0y>YpM}gu=F0%Zl=OH;3C*X_Ekuo*
zc#1h|D&66r)CIYXA!>cfWJXb(DKcY$jZCg$cu+B=$Bxx7Sum>X_3Ql4&-qzJqm&yH
zGpuyKg=zgvJ^GoVqpB1@dhRi&c>J|i|H0q`gZ1IQvukv(b626l54m>oxl^~PKbwc9
z7Ab?-oBD`SEV{V8eC`Xx``z<`8fl>a_>VElAdy0rZ)ELb)c9Wg2U^-|$v*UGR?jq&
zIN$a<0UK^|I&rr(iiJ1RC2^_V$_y@D$xLbM?W}BchR7(6Xr~I9p1UF-bJyJ|Jfr%y
zoHP1PP(~vMahgZIO=W~ZNZNm>@CDkxI(GYEz=sR_On30xljxRxp<~*+4|k
zT%|Z2OKAmqgF)m*!T09332aE!oCiJlD=JytrLA`7?@N0B+GxuT+vQ^47
zwxc$r=MGEuRnNDvZI9R}6UlK`by4SxDPOa`@g#X?z!?Sk)&~#M%!cQ?<_@2BsR_vT
zLS!_)3Hx?0KCq)Pd3w+H<~W8b(-`}{8Y1QFrqi^61l~n%`@+Za{!+cki`UYMc+1d!
zlAUqP9>&6fD`U5dd+z%aA6Fc5rfrGWy4!Q9kD^YgU*CMzxvHiQ%A~pUB(7Q3D2OaX
zaaYe5giP@tggL6<*m@vt8mTPTOjv&a%VzxA&-PX~A
zdNutsC&)7ypPG|y-l`f%kjcyK4qy?Ls{g}>m-M=37
zytA$DDrO>*S^u0QGpq~ETWJ1@8GRh%xScNA2K_r$DWl(Pw~x=fF{j>riTf(KF4~VVJy-1T*29*?bSWrpr#A1#N2IjMGO=K|
z{fF>#0k3QkQ-171y4+QO1WTNKR
z-if$9z8Y5N{`=-qmHDx-=C}*2CYxgH@!`sw&gY^qNkuZUkd!$S1Yu4y?>SiFU@?AZ
z;N&{Hr{J%P%0Jea5=>;#MK)`vKpmu(VcUw33)vGzwz4H|*Qnzu>z&9Ce6`ijWZ>rW
zs)?b|h-Xd%xe#0acl=vIHfrohr58L&Lo1!7nN_
zg^KF-6Ff21@I)7Tii1<_F}CzqT{3v_tdWUrbMn~qtD~0!IFh>@^J~4LE2w9=ayC`>
z1syqFsW!=aht;8<)s)NEAV6M4OoN;H5`#K%_7zi?EgnF2KPnYfAP7dTeMZ0Y7tTmu
zR>a>~80~f5eTCTMmCp>nx)J~4Rcr(LoKc5%o<&-rdk=s6n|*yB*?jLgSJs1n^y)9`
z_kGN9qK7XFc7pAHDE{KB{L7!z>mz6h-$Vb8=j(D}p3M;y3AGod^Eb7wZRTUXdUe0i
zIa7XP)9l?r4Fh9vmG>E2M&qs9CGM5$+i;6}f+&w_(J4O%LVXs!Sb=v=r|hqD@7_Hk
liFa?5erEz64Z`!cU#7=J+|t}VfgA5hh{(Jv64w3lzW|r@csKw6
literal 0
HcmV?d00001
diff --git a/vendor/github.com/xtaci/kcp-go/kcp-go.png b/vendor/github.com/xtaci/kcp-go/kcp-go.png
new file mode 100644
index 0000000000000000000000000000000000000000..151b7c4f7c49c1a8382552322787a3e7f04ac3c6
GIT binary patch
literal 9153
zcmdUzMOPe5(?HR|H88ll1b5fq65QP-xZB|F?m>dP1P=oQx4~UQa0~9dJiG5Ne2ebe
zrx#VVsB^0OMyo2zpdk|?LqS2I$;nEoeQ@MsnIQr`cHFHzAQTiTj;*Ams+^=GxvHy^
zm92v%6qIaqx;BE2`Y5nKUkwrIGbS`ckyokqks)RhI*$Z4c^VXw_+SDHW4q^9XrfM-
z;%z-BT_#UUtcE27N=Bv=GiVe>CpEF9rC(mZoX%hP-KMhNCxpE?U_r%bOuW1(nlR+K
zg{)D?SC+KYwCr*lAef2xsmCQ}LpkJ2NH^6HjZ
zS=_Ki~j=B@q`W;!B2A}>R%92w1dBq
zzek*7$m!&PWS_UK!y`v`YZMP6;&w<3OvP@plo(mr;LLPv4`=#svb-5oZv3HHS%}Tx
zqXfgUXNowshQp5ncg%TUzNTe0Q~bVAgAe|yMx-dL&zFH`HEAWcAJPi)IVc~7QwV5;
zt7D^Zh=YwhAtV0_a%q3jA>c*T%5+MbXyfB$QnN}t+qQz2mRlkaq-KsHy*?X@gr_w`
zIF$p~%a=OT?X16y;4|!}5%GGzuPT87pe;KEZE?YDdGjqmR}U=`W5
zU1uJsIM}Eg4J{R9#>Spx!!s3%rfc0t3)LM|f)Xx_XGOQ)Pd2`zFVxQ|LAQgn11!pQ
z#`qmvok51dxznmSw4d*dt2y1joKxk27XPT&AC{Bas`T0b7958SH7Lbxju)iYyiq*|sq
zW%h&@4CaQW^(3?(T5U)*6EZ?lp-E@s(N7E0r;QsRYHqA-K5Bb>8CYjtdD*?i-gi6L
zj}-;<=B@j{80qXww$YgHJ)rVVO=98T)$+Xs0dNnAMTot~Xy0K`K@1ba=zP##+h{Og
z98734G0H4>Z6Oj1$tgE5Oal&1s9FQM1K_U--7>5lSlk((EBMnkb30;PFuF5}5XfT&
z!6-zW4fP8q90dheSb`0CXB3uM@G=EU6dg7wjN+>-WlCHrg}+o7vsebjj}bsA@k;zW
zWiRD$a`Omo>8Fm!8}io?qPe5=viAeyvoFzU}lv?nzdxuQ8^2djwpjKn<^sG=aiy!i6ac71fw0J(jzW=`=hn#
zYfMX&UWRol-@=L&*^9hY&FBfzex%i=`HsPlNsj6J`1l0)Xg}Is2|dzW>HozTHO{z5
zewWoO%29u<;H;oLCbZ+eMZG1x{T%;=v&?5M#pbbvyG3u6f7N^y0lqV&RU!&T#<~?6hhp3bc<_z3&_K7D+a`3niXseXn3r7lcIR0J!e%7nV
z=+H`A^sg1xbJUYu6<8Ht?O0uFnYP6^WOMKK;BeMilF7MArips}??7dsQ0y5nKLbudTj7^w`d<>Js`Nz7V9k8ZMD78BiO!ME(WeFK
z0XezUMU_sjqw4q)rHo0VT!f#DKh+ rPWxmb2Fy&lpd?t7ZrM6=*p4DcCmHBREt%LHs&&
z3hq;gWatvY7Sas5Y2;9+1D*Y_*wwtpfgQX7SNXbIH97#_+>XO}r1LJt0$!W4wA?
zE|xaYy~w6$prpT7e`#1a(h@fJC!gp^xzf`1(f~QhIoL9%f=%85moNX~);N`{rt*C(
zGxlq0bm^>_rmQAKQWRwqR5lA=vT^&W%+P*>m1>lsHoY$EFSGJ*<|*X`)**Po-uqO^
z97oLK*^=54%{|Ta%#P0@cn5a7Zl1(#$K?}Ta8hwpbILUDHWN0Du8gh>KQg{3zC9A>
z=XLPscK|yEJ2rg2`Q%;$;EO^6B&7J%m-Fh86Zst})n`O;qB%6ZAUUnDE
z8;`blPD>jb;$1}5an)mYnD;oRK0kTCUHmXM2&~*F@2Gd*%Crmg@KVy4eAGKwU47Mi
zURo^jDDHfN