initial import

vendor/github.com/magical/argon2/README.md

@@ -0,0 +1,21 @@
+Go implementation of the Argon2 password hashing scheme
+designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich.
+
+Documentation
+-------------
+
+See <https://godoc.org/github.com/magical/argon2>.
+
+License
+-------
+
+Copyright © 2015 Andrew Ekstedt
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

vendor/github.com/magical/argon2/api.go

@@ -0,0 +1,67 @@
+// Package argon2 implements version 1.3 of the Argon2 password hashing scheme
+// designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich,
+// as specified in the document
+//
+//     https://github.com/P-H-C/phc-winner-argon2/raw/54617af02de0055b90e39c4204058bb9a84c2b78/argon2-specs.pdf
+//
+// Warning: This package is currently unstable; Argon2 has not yet been
+// finalized and is still undergoing design tweaks.
+package argon2
+
+import "errors"
+
+const (
+	maxPar = 255
+
+	maxIter = 1<<32 - 1
+
+	minMemory = 8
+	maxMemory = 1<<32 - 1
+
+	minSalt     = 8
+	maxSalt     = 1<<32 - 1
+	maxPassword = 1<<32 - 1
+)
+
+// Key derives a key from the password, salt, and cost parameters.
+//
+// The salt must be at least 8 bytes long.
+//
+// Mem is the amount of memory to use in kibibytes.
+// Mem must be at least 8*p, and will be rounded to a multiple of 4*p.
+func Key(password, salt []byte, n, par int, mem int64, keyLen int) ([]byte, error) {
+	if int64(len(password)) > maxPassword {
+		return nil, errors.New("argon: password too long")
+	}
+
+	if len(salt) < minSalt {
+		return nil, errors.New("argon: salt too short")
+	} else if int64(len(salt)) > maxSalt {
+		return nil, errors.New("argon: salt too long")
+	}
+
+	if n < 1 || int64(n) > maxIter {
+		return nil, errors.New("argon: invalid n")
+	}
+
+	if par < 1 || par > maxPar {
+		return nil, errors.New("argon: invalid par")
+	}
+
+	if mem < minMemory || mem > maxMemory {
+		return nil, errors.New("argon: invalid mem")
+	}
+
+	// Round down to a multiple of 4 * par
+	mem = mem / (4 * int64(par)) * (4 * int64(par))
+
+	if mem < 8*int64(par) {
+		mem = 8 * int64(par)
+	}
+
+	// TODO: test keyLen
+
+	output := make([]byte, keyLen)
+	argon2(output, password, salt, nil, nil, uint32(par), uint32(mem), uint32(n), nil)
+	return output, nil
+}

vendor/github.com/magical/argon2/api_test.go

@@ -0,0 +1,50 @@
+package argon2
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+)
+
+var zeros [16]byte
+var ones = [8]byte{1, 1, 1, 1, 1, 1, 1, 1}
+
+// Fake salt function for the example
+func randomSalt() []byte {
+	return ones[:8]
+}
+
+func ExampleKey() {
+	pw := []byte("hunter2")
+	salt := randomSalt()
+
+	key, err := Key(pw, salt, 3, 1, 8, 32)
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	fmt.Printf("%x", key)
+	// Output: c5dd631f4e715853e0354326c56f7c3aac983e5d86f7fb02f935899c38690f9e
+}
+
+func TestKeyErr(t *testing.T) {
+	pw := zeros[:]
+	salt := ones[:]
+
+	want := "salt too short"
+	_, err := Key(pw, salt[:1], 3, 1, 8, 8)
+	if err == nil {
+		t.Errorf("got nil error, expected %q", want)
+	} else if !strings.Contains(err.Error(), want) {
+		t.Errorf("got %q, expected %q", err, want)
+	}
+
+	want = "invalid par"
+	_, err = Key(pw, salt, 3, 256, 8, 8)
+	if err == nil {
+		t.Errorf("got nil error, expected %q", want)
+	} else if !strings.Contains(err.Error(), want) {
+		t.Errorf("got %q, expected %q", err, want)
+	}
+}

vendor/github.com/magical/argon2/argon2.go

@@ -0,0 +1,302 @@
+package argon2
+
+import (
+	"hash"
+	"testing"
+
+	"github.com/dchest/blake2b"
+)
+
+const version uint32 = 0x13
+const mode = 0 // Argon2d
+
+/*
+
+inputs:
+
+ P message
+ S nonce
+ K secret key (optional)
+ X associated data (optional)
+
+ p parallelism
+ m memory size
+ n iterations
+
+*/
+
+func argon2(output, P, S, K, X []byte, p, m, n uint32, t *testing.T) {
+	if p == 0 || m == 0 || n == 0 {
+		panic("argon: internal error: invalid params")
+	}
+	if m%(p*4) != 0 {
+		panic("argon: internal error: invalid m")
+	}
+
+	m0 := m
+	if m < 8*p {
+		m = 8 * p
+	}
+
+	// Argon2 operates over a matrix of 1024-byte blocks
+	b := make([][128]uint64, m)
+	q := m / p // length of each lane
+	g := q / 4 // length of each segment
+
+	var scratch [72]byte
+	var btmp [1024]byte
+	var btmp2 [128]uint64
+
+	// Compute a hash of all the input parameters
+	h := blake2b.New512()
+	lh := newLongHash(h)
+
+	put32(scratch[0:4], p)
+	put32(scratch[4:8], uint32(len(output)))
+	put32(scratch[8:12], m0)
+	put32(scratch[12:16], n)
+	put32(scratch[16:20], version)
+	put32(scratch[20:24], mode)
+	h.Write(scratch[:24])
+
+	put32(scratch[0:4], uint32(len(P)))
+	h.Write(scratch[0:4])
+	h.Write(P)
+
+	put32(scratch[0:4], uint32(len(S)))
+	h.Write(scratch[0:4])
+	h.Write(S)
+
+	put32(scratch[0:4], uint32(len(K)))
+	h.Write(scratch[0:4])
+	h.Write(K)
+
+	put32(scratch[0:4], uint32(len(X)))
+	h.Write(scratch[0:4])
+	h.Write(X)
+
+	h.Sum(scratch[:0])
+	h.Reset()
+
+	// Use the hash to initialize the first two columns of the matrix
+	for lane := uint32(0); lane < p; lane++ {
+		// scratch[0:64] is the parameter hash
+		put32(scratch[64:], 0)
+		put32(scratch[68:], lane)
+
+		lh.Init(len(btmp))
+		lh.Write(scratch[:72])
+		lh.Hash(btmp[:])
+		for i := range b[0] {
+			b[lane*q+0][i] = read64(btmp[i*8:])
+		}
+
+		scratch[64] = 1
+		lh.Init(len(btmp))
+		lh.Write(scratch[:72])
+		lh.Hash(btmp[:])
+		for i := range b[0] {
+			b[lane*q+1][i] = read64(btmp[i*8:])
+		}
+	}
+
+	if t != nil {
+		t.Logf("Iterations: %d, Memory: %d KiB, Parallelism: %d lanes, Tag length: %d bytes", n, m, p, len(output))
+		t.Logf("Password[%d]: % x", len(P), P)
+		t.Logf("Nonce[%d]: % x", len(S), S)
+		t.Logf("Secret[%d]: % x", len(K), K)
+		t.Logf("Associated data[%d]: % x", len(X), X)
+		t.Logf("Input hash: % x", scratch[:64])
+	}
+
+	for i := range scratch {
+		scratch[i] = 0
+	}
+	for i := range btmp {
+		btmp[i] = 0
+	}
+
+	// Get down to business
+	for k := uint32(0); k < n; k++ {
+		if t != nil {
+			t.Log()
+			t.Logf(" After pass %d:", k)
+		}
+		for slice := uint32(0); slice < 4; slice++ {
+			for lane := uint32(0); lane < p; lane++ {
+				i := uint32(0)
+				if k == 0 && slice == 0 {
+					i = 2
+				}
+				j := lane*q + slice*g + i
+				for ; i < g; i, j = i+1, j+1 {
+					prev := j - 1
+					if i == 0 && slice == 0 {
+						prev = lane*q + q - 1
+					}
+
+					rand := b[prev][0]
+					rslice, rlane, ri := index(rand, q, g, p, k, slice, lane, i, t)
+					j0 := rlane*q + rslice*g + ri
+
+					block(&b[j], &btmp2, &b[prev], &b[j0])
+				}
+			}
+		}
+		if t != nil {
+			for i := range b {
+				t.Logf("  Block %.4d [0]: %x", i, b[i][0])
+			}
+		}
+	}
+
+	// XOR the blocks in the last column together
+	for lane := uint32(0); lane < p-1; lane++ {
+		for i, v := range b[lane*q+q-1] {
+			b[m-1][i] ^= v
+		}
+	}
+
+	// Output
+	for i, v := range b[m-1] {
+		btmp[i*8] = uint8(v)
+		btmp[i*8+1] = uint8(v >> 8)
+		btmp[i*8+2] = uint8(v >> 16)
+		btmp[i*8+3] = uint8(v >> 24)
+		btmp[i*8+4] = uint8(v >> 32)
+		btmp[i*8+5] = uint8(v >> 40)
+		btmp[i*8+6] = uint8(v >> 48)
+		btmp[i*8+7] = uint8(v >> 56)
+	}
+	if t != nil {
+		t.Logf("Final block: %x", btmp[:])
+	}
+	lh.Init(len(output))
+	lh.Write(btmp[:])
+	lh.Hash(output)
+	if t != nil {
+		t.Logf("Output: % X", output)
+	}
+}
+
+func index(rand uint64, q, g, p, k, slice, lane, i uint32, t *testing.T) (rslice, rlane, ri uint32) {
+	rlane = uint32(rand>>32) % p
+
+	var start, max uint32
+	if k == 0 {
+		start = 0
+		if slice == 0 || lane == rlane {
+			// All blocks in this lane so far
+			max = slice*g + i
+		} else {
+			// All blocks in another lane
+			// in slices prior to the current slice
+			max = slice * g
+		}
+	} else {
+		start = (slice + 1) % 4 * g
+		if lane == rlane {
+			// All blocks in this lane
+			max = 3*g + i
+		} else {
+			// All blocks in another lane
+			// except the current slice
+			max = 3 * g
+		}
+	}
+	if i == 0 || lane == rlane {
+		max -= 1
+	}
+
+	phi := rand & 0xFFFFFFFF
+	phi = phi * phi >> 32
+	phi = phi * uint64(max) >> 32
+	ri = uint32((uint64(start) + uint64(max) - 1 - phi) % uint64(q))
+
+	if t != nil {
+		i0 := lane*q + slice*g + i
+		j0 := rlane*q + ri
+		t.Logf("  i = %d(%d,%d,%d), rand = %d, max = %d, start = %d, phi = %d, j = %d(%d,%d,%d)", i0, lane, slice, i, rand, max, start, phi, j0, rlane, rslice, ri)
+	}
+
+	return rslice, rlane, ri
+}
+
+type longHash struct {
+	buf [64]uint8
+	h   hash.Hash
+	h0  hash.Hash // large hash
+	h1  hash.Hash // small hash
+	n   int
+}
+
+func newLongHash(h hash.Hash) *longHash {
+	return &longHash{h: h}
+}
+
+// Init readies longHash for an output of length n.
+func (lh *longHash) Init(n int) {
+	lh.n = n
+	lh.h.Reset()
+	lh.h0 = lh.h
+	lh.h1 = lh.h
+	var err error
+	if n < 64 {
+		lh.h0, err = blake2b.New(&blake2b.Config{Size: uint8(n)})
+	} else if n%64 != 0 {
+		n := 33 + (n+31)%32
+		lh.h1, err = blake2b.New(&blake2b.Config{Size: uint8(n)})
+	}
+	if err != nil {
+		panic(err)
+	}
+	put32(lh.buf[:4], uint32(n))
+	lh.Write(lh.buf[:4])
+}
+
+func (lh *longHash) Write(b []byte) {
+	lh.h0.Write(b)
+}
+
+func (lh *longHash) Hash(out []byte) {
+	if len(out) != lh.n {
+		panic("argon2: wrong output length in longHash")
+	}
+
+	if len(out) <= 64 {
+		lh.h0.Sum(out[:0])
+		return
+	}
+
+	lh.h0.Sum(lh.buf[:0])
+	copy(out, lh.buf[:32])
+	for out = out[32:]; len(out) > 64; out = out[32:] {
+		lh.h0.Reset()
+		lh.h0.Write(lh.buf[:])
+		lh.h0.Sum(lh.buf[:0])
+		copy(out, lh.buf[:32])
+	}
+	if lh.h0 == lh.h1 {
+		lh.h1.Reset()
+	}
+	lh.h1.Write(lh.buf[:])
+	lh.h1.Sum(out[:0])
+}
+
+func put32(b []uint8, v uint32) {
+	b[0] = uint8(v)
+	b[1] = uint8(v >> 8)
+	b[2] = uint8(v >> 16)
+	b[3] = uint8(v >> 24)
+}
+
+func read64(b []uint8) uint64 {
+	return uint64(b[0]) |
+		uint64(b[1])<<8 |
+		uint64(b[2])<<16 |
+		uint64(b[3])<<24 |
+		uint64(b[4])<<32 |
+		uint64(b[5])<<40 |
+		uint64(b[6])<<48 |
+		uint64(b[7])<<56
+}

vendor/github.com/magical/argon2/argon2_test.go

@@ -0,0 +1,137 @@
+package argon2
+
+import (
+	"bytes"
+	"testing"
+)
+
+// Repeat returns a slice containing n copies of v.
+func repeat(v uint8, n int) []byte {
+	b := make([]byte, n)
+	for i := range b {
+		b[i] = v
+	}
+	return b
+}
+
+// Runs argon2 with logging enabled, for debugging purposes
+func TestDebug(t *testing.T) {
+	var out [8]uint8
+	argon2(out[:], repeat(0, 16), repeat(1, 8), nil, nil, 1, 8, 3, t)
+}
+
+// Runs the test vector from the official repository
+func TestArgon_Vector(t *testing.T) {
+	msg := repeat(0x1, 32)
+	salt := repeat(0x2, 16)
+	key := repeat(0x3, 8)
+	data := repeat(0x4, 12)
+	want := []byte{0x51, 0x2b, 0x39, 0x1b, 0x6f, 0x11, 0x62, 0x97, 0x53, 0x71, 0xd3, 0x09, 0x19, 0x73, 0x42, 0x94, 0xf8, 0x68, 0xe3, 0xbe, 0x39, 0x84, 0xf3, 0xc1, 0xa1, 0x3a, 0x4d, 0xb9, 0xfa, 0xbe, 0x4a, 0xcb}
+	out := make([]byte, len(want))
+	argon2(out, msg, salt, key, data, 4, 32, 3, t)
+	if !bytes.Equal(want, out) {
+		t.Errorf("got % x, want % x\n", out, want)
+	}
+}
+
+func TestArgon(t *testing.T) {
+	var tests = []struct {
+		n    uint32
+		mem  uint32
+		par  uint32
+		want []byte
+	}{
+		{n: 3, mem: 8, par: 1, want: []byte{0x87, 0x22, 0x4f, 0xd2, 0x26, 0xbb, 0xf0, 0x76}},
+		{n: 4, mem: 8, par: 1, want: []byte{0x65, 0x5f, 0x33, 0x24, 0xe7, 0x29, 0xa9, 0x3a}},
+		{n: 5, mem: 8, par: 1, want: []byte{0x56, 0x61, 0x52, 0xd4, 0x5a, 0xd2, 0x5a, 0x47}},
+		{n: 6, mem: 8, par: 1, want: []byte{0x80, 0x99, 0x38, 0x39, 0xd9, 0x19, 0x20, 0x5a}},
+		{n: 7, mem: 8, par: 1, want: []byte{0x57, 0x33, 0x09, 0x7e, 0xf4, 0x9b, 0x19, 0xa0}},
+		{n: 8, mem: 8, par: 1, want: []byte{0xff, 0x7d, 0x02, 0x0a, 0x8d, 0x25, 0xfa, 0x87}},
+		{n: 9, mem: 8, par: 1, want: []byte{0x95, 0xae, 0xef, 0x81, 0xd9, 0x15, 0x61, 0x06}},
+		{n: 10, mem: 8, par: 1, want: []byte{0x40, 0xfb, 0xe9, 0xd3, 0xa6, 0x50, 0xb7, 0xcb}},
+
+		{n: 3, mem: 16, par: 1, want: []byte{0x44, 0x82, 0x67, 0x1c, 0x29, 0x5e, 0x5b, 0x84}},
+		{n: 3, mem: 32, par: 1, want: []byte{0xc3, 0xb2, 0x0a, 0xdb, 0x9f, 0x6b, 0xc0, 0xed}},
+		{n: 3, mem: 64, par: 1, want: []byte{0x6b, 0x49, 0x39, 0xf5, 0x15, 0x42, 0x5d, 0xe3}},
+		{n: 3, mem: 128, par: 1, want: []byte{0x1e, 0x50, 0xad, 0x31, 0x02, 0x7d, 0xa5, 0xbc}},
+		{n: 3, mem: 256, par: 1, want: []byte{0x49, 0x83, 0x61, 0xdb, 0x18, 0xab, 0xaf, 0xb8}},
+		{n: 3, mem: 512, par: 1, want: []byte{0xd0, 0x48, 0x7d, 0x84, 0xcb, 0xd3, 0x9f, 0x10}},
+		{n: 3, mem: 1024, par: 1, want: []byte{0x51, 0xf7, 0xb0, 0xdb, 0x3b, 0xdb, 0xef, 0xb8}},
+
+		{n: 3, mem: 16, par: 2, want: []byte{0x73, 0x16, 0xaf, 0x5d, 0x31, 0xe9, 0xed, 0xea}},
+		{n: 3, mem: 32, par: 4, want: []byte{0x16, 0xb7, 0x3b, 0xb9, 0x69, 0xcd, 0x6c, 0x63}},
+		{n: 3, mem: 64, par: 8, want: []byte{0x25, 0xf3, 0x85, 0x08, 0x60, 0x5d, 0x35, 0x45}},
+		{n: 3, mem: 128, par: 16, want: []byte{0xe3, 0xd3, 0xe3, 0x72, 0xdf, 0x0a, 0x22, 0x7b}},
+		{n: 3, mem: 256, par: 32, want: []byte{0x5c, 0xf9, 0x79, 0x0a, 0x9c, 0xc1, 0x05, 0x6b}},
+		{n: 3, mem: 512, par: 64, want: []byte{0xa6, 0xc9, 0x71, 0xcc, 0x99, 0x4d, 0xcf, 0x8f}},
+
+		{n: 3, mem: 8, par: 1, want: []byte{0x3c, 0x9a, 0x65, 0x86}},
+		{n: 3, mem: 8, par: 1, want: []byte{0x20, 0x4d, 0x2e, 0x37, 0x4a}},
+		{n: 3, mem: 8, par: 1, want: []byte{0xc9, 0xd5, 0xd9, 0x75, 0x36, 0x89}},
+		{n: 3, mem: 8, par: 1, want: []byte{0x8b, 0x32, 0x11, 0x8e, 0xf6, 0xf6, 0x3d}},
+		{n: 3, mem: 8, par: 1, want: []byte{0x87, 0x22, 0x4f, 0xd2, 0x26, 0xbb, 0xf0, 0x76}},
+		{n: 3, mem: 8, par: 1, want: []byte{0x05, 0xe6, 0xbe, 0x6c, 0x27, 0x1e, 0x93, 0xac, 0x74}},
+		{n: 3, mem: 8, par: 1, want: []byte{0xee, 0xb4, 0x11, 0xb4, 0xfa, 0x1a, 0x6c, 0xe8, 0x14, 0x2b}},
+		{n: 3, mem: 8, par: 1, want: []byte{0x1e, 0x23, 0xa3, 0x87, 0x53, 0x8e, 0x21, 0xbf, 0x07, 0x0c, 0x59}},
+		{n: 3, mem: 8, par: 1, want: []byte{0x7a, 0x0c, 0x41, 0x54, 0x5e, 0x20, 0x38, 0x23, 0x57, 0x16, 0x61, 0xcf}},
+		{n: 3, mem: 8, par: 1, want: []byte{0x1c, 0xe5, 0xcf, 0xee, 0x7f, 0x6f, 0x43, 0x55, 0x67, 0x14, 0xaa, 0x5b, 0x8e}},
+		{n: 3, mem: 8, par: 1, want: []byte{0xef, 0x92, 0x6c, 0xa6, 0x6c, 0x25, 0x74, 0x3c, 0xa3, 0x32, 0xfa, 0x0a, 0xdd, 0x2b}},
+		{n: 3, mem: 8, par: 1, want: []byte{0x47, 0xcd, 0xb0, 0xd0, 0x10, 0x88, 0x54, 0x76, 0xb0, 0x0c, 0x30, 0x1d, 0x05, 0x59, 0xc3}},
+		{n: 3, mem: 8, par: 1, want: []byte{0x91, 0x69, 0xdb, 0x87, 0xc4, 0xd1, 0xc7, 0x80, 0xa1, 0xdb, 0x8a, 0x47, 0x5d, 0xc0, 0xac, 0xcd}},
+
+		{n: 3, mem: 8, par: 1, want: []byte{0x06, 0x4f, 0xc0, 0x84, 0x30, 0x11, 0xab, 0x42, 0xe8, 0x74, 0xd2, 0xba, 0x3c, 0xeb, 0x26, 0x41, 0xb0, 0x50, 0x88, 0xc1, 0x3a, 0x13, 0xdf, 0x5c, 0x6f, 0xf1, 0xf3, 0xf3, 0xc2, 0x61, 0xf6, 0xd1}},
+		{n: 3, mem: 8, par: 1, want: []byte{0x4b, 0x63, 0xb4, 0x2a, 0x51, 0x2b, 0x81, 0x5e, 0x75, 0x0d, 0xed, 0x7a, 0x87, 0x14, 0x42, 0x1c, 0xcd, 0x59, 0x85, 0x66, 0xe4, 0xbb, 0x5a, 0xf5, 0xaf, 0xc8, 0xb3, 0x7c, 0x58, 0x42, 0xfc, 0x14, 0x0e}},
+		{n: 3, mem: 8, par: 1, want: []byte{0xaf, 0xed, 0xcf, 0x2d, 0xbf, 0x00, 0xf0, 0xad, 0x5c, 0x18, 0x4e, 0x82, 0xbc, 0xc3, 0x10, 0x85, 0xed, 0x9c, 0x63, 0x54, 0x43, 0xe9, 0xc9, 0x88, 0x71, 0xe4, 0xfa, 0x9a, 0x6a, 0x54, 0x15, 0xb5, 0xc0, 0x07, 0xdd, 0xaf, 0xac, 0x48, 0x71, 0xf0, 0xab, 0xe0, 0xa6, 0xdb, 0x35, 0x52, 0xbf, 0x3a, 0x07, 0x80, 0x78, 0xd2, 0x7d, 0xa2, 0x41, 0x52, 0x00, 0x6f, 0xfe, 0xd0, 0x8b, 0x17, 0xe8, 0xe9}},
+		{n: 3, mem: 8, par: 1, want: []byte{0x7a, 0xf9, 0x5b, 0x8e, 0x44, 0x63, 0x48, 0x67, 0x15, 0x87, 0x4c, 0x35, 0xf6, 0x7f, 0x52, 0xd1, 0xe7, 0x97, 0x95, 0x12, 0xce, 0x49, 0x5c, 0x06, 0xf9, 0xd4, 0xf8, 0xda, 0xc2, 0xc4, 0x61, 0xa1, 0xfe, 0x0a, 0x1f, 0xd5, 0x26, 0x89, 0x21, 0xd9, 0xdb, 0x03, 0x15, 0x6f, 0xa2, 0xf6, 0x83, 0x7d, 0x7a, 0xf6, 0xde, 0x3d, 0xd7, 0x8b, 0x9d, 0x03, 0x7f, 0x6c, 0xd9, 0xe0, 0x99, 0x1e, 0x52, 0x82, 0xbb}},
+
+		{n: 3, mem: 8, par: 1, want: []byte{0x7a, 0x3a, 0x97, 0xa3, 0x65, 0xcd, 0x6e, 0xb3, 0x64, 0x32, 0xbc, 0xee, 0x38, 0xa5, 0x32, 0xef, 0x85, 0x2d, 0x30, 0x7f, 0x65, 0x56, 0x0b, 0xb3, 0xfb, 0x8c, 0x94, 0x60, 0x7b, 0xbc, 0xc4, 0x52, 0xb0, 0x4a, 0x26, 0x99, 0xaf, 0x40, 0x7f, 0x25, 0x62, 0x09, 0xc3, 0xe6, 0xd9, 0x8a, 0xcd, 0xac, 0xdc, 0x9c, 0xc2, 0x25, 0xd2, 0x2a, 0x96, 0x9f, 0x80, 0xb6, 0x5a, 0x3d, 0xc5, 0x10, 0xa0, 0x03, 0xe5, 0x32, 0xae, 0x17, 0x3b, 0x76, 0x8b, 0x91, 0x4d, 0x48, 0xc8, 0x42, 0x43, 0xee, 0x23, 0x65, 0xb7, 0xd9, 0xae, 0x4e, 0x29, 0xf4, 0x6a, 0xcd, 0x19, 0x4e, 0x5b, 0x13, 0xa4, 0x38, 0xf3, 0x57}},
+		{n: 3, mem: 8, par: 1, want: []byte{0x0a, 0x25, 0xa1, 0x50, 0x63, 0xfe, 0x10, 0x36, 0x7c, 0x46, 0x4d, 0xab, 0x8d, 0xb7, 0x30, 0xfd, 0x46, 0x31, 0xee, 0x3b, 0x6d, 0xf3, 0xdb, 0xef, 0x8a, 0xcd, 0xbf, 0x9d, 0x9a, 0x4f, 0x61, 0x74, 0x26, 0x35, 0xae, 0x39, 0x70, 0xdb, 0xe9, 0x73, 0xf7, 0xb6, 0x62, 0x04, 0x83, 0x6e, 0x90, 0x9d, 0x5d, 0x91, 0x07, 0x15, 0x7b, 0xa4, 0x60, 0x23, 0x16, 0x06, 0x15, 0x7c, 0xd2, 0x5d, 0x45, 0x0b, 0x89, 0xf7, 0xd1, 0x8c, 0xdc, 0x48, 0xe2, 0x9e, 0x54, 0xe0, 0x65, 0x99, 0xc4, 0xf7, 0x5b, 0xed, 0x9b, 0x9f, 0x2e, 0xd9, 0x78, 0x23, 0x5e, 0xc0, 0x8d, 0x4f, 0x91, 0x29, 0x0c, 0xcb, 0x1d, 0x8f, 0x85, 0x43, 0xd3, 0x3b, 0xbe, 0x5b, 0x85, 0x33, 0x3e, 0xaa, 0xca, 0xc3, 0x83, 0x23, 0x6e, 0x4f, 0x26, 0x28, 0x77, 0xf3, 0xf4, 0xb4, 0x87, 0x66, 0xc4, 0x84, 0xd8, 0xbe, 0xba, 0x5a, 0x5f, 0xba}},
+	}
+
+	msg := repeat(0x0, 16)
+	salt := repeat(0x1, 8)
+
+	for _, tt := range tests {
+		out := make([]byte, len(tt.want))
+		argon2(out, msg, salt, nil, nil, tt.par, tt.mem, tt.n, nil)
+		if !bytes.Equal(out, tt.want) {
+			t.Errorf("n=%d, mem=%d, par=%d, len=%d: got % x, want % x\n", tt.n, tt.mem, tt.par, len(tt.want), out, tt.want)
+		}
+	}
+}
+
+func TestAllocs(t *testing.T) {
+	pw := repeat(0x0, 16)
+	salt := repeat(0x1, 8)
+	out := make([]byte, 32)
+	allocs := testing.AllocsPerRun(100, func() {
+		argon2(out, pw, salt, nil, nil, 4, 32, 3, nil)
+	})
+	if allocs > 6 {
+		t.Errorf("%v allocs, want <=6", allocs)
+	}
+}
+
+func benchArgon(b *testing.B, par uint8, mem, n uint32) {
+	msg := repeat(0x0, 16)
+	salt := repeat(0x1, 8)
+	out := make([]byte, 8)
+	b.SetBytes(int64(mem) << 10)
+	for i := 0; i < b.N; i++ {
+		argon2(out, msg, salt, nil, nil, uint32(par), mem, n, nil)
+	}
+}
+
+func BenchmarkArgon8KiB(b *testing.B)   { benchArgon(b, 1, 8, 3) }
+func BenchmarkArgon80KiB(b *testing.B)  { benchArgon(b, 1, 80, 3) }
+func BenchmarkArgon800KiB(b *testing.B) { benchArgon(b, 1, 800, 3) }
+
+func BenchmarkArgon3N(b *testing.B)   { benchArgon(b, 1, 8, 3) }
+func BenchmarkArgon10N(b *testing.B)  { benchArgon(b, 1, 8, 10) }
+func BenchmarkArgon100N(b *testing.B) { benchArgon(b, 1, 8, 100) }
+
+func BenchmarkArgon1P(b *testing.B) { benchArgon(b, 1, 64, 3) }
+func BenchmarkArgon2P(b *testing.B) { benchArgon(b, 2, 64, 3) }
+func BenchmarkArgon4P(b *testing.B) { benchArgon(b, 4, 64, 3) }
+
+//func BenchmarkArgon_4MiB(b *testing.B) { benchArgon(b, 1, 4096, 3) }

vendor/github.com/magical/argon2/round.go

@@ -0,0 +1,443 @@
+package argon2
+
+func block(z, t, a, b *[128]uint64) {
+	// t = a ^ b
+	// t = P(t)
+	// z = z ^ t
+	t[0] = a[0] ^ b[0]
+	t[1] = a[1] ^ b[1]
+	t[2] = a[2] ^ b[2]
+	t[3] = a[3] ^ b[3]
+	t[4] = a[4] ^ b[4]
+	t[5] = a[5] ^ b[5]
+	t[6] = a[6] ^ b[6]
+	t[7] = a[7] ^ b[7]
+	t[8] = a[8] ^ b[8]
+	t[9] = a[9] ^ b[9]
+	t[10] = a[10] ^ b[10]
+	t[11] = a[11] ^ b[11]
+	t[12] = a[12] ^ b[12]
+	t[13] = a[13] ^ b[13]
+	t[14] = a[14] ^ b[14]
+	t[15] = a[15] ^ b[15]
+	t[16] = a[16] ^ b[16]
+	t[17] = a[17] ^ b[17]
+	t[18] = a[18] ^ b[18]
+	t[19] = a[19] ^ b[19]
+	t[20] = a[20] ^ b[20]
+	t[21] = a[21] ^ b[21]
+	t[22] = a[22] ^ b[22]
+	t[23] = a[23] ^ b[23]
+	t[24] = a[24] ^ b[24]
+	t[25] = a[25] ^ b[25]
+	t[26] = a[26] ^ b[26]
+	t[27] = a[27] ^ b[27]
+	t[28] = a[28] ^ b[28]
+	t[29] = a[29] ^ b[29]
+	t[30] = a[30] ^ b[30]
+	t[31] = a[31] ^ b[31]
+	t[32] = a[32] ^ b[32]
+	t[33] = a[33] ^ b[33]
+	t[34] = a[34] ^ b[34]
+	t[35] = a[35] ^ b[35]
+	t[36] = a[36] ^ b[36]
+	t[37] = a[37] ^ b[37]
+	t[38] = a[38] ^ b[38]
+	t[39] = a[39] ^ b[39]
+	t[40] = a[40] ^ b[40]
+	t[41] = a[41] ^ b[41]
+	t[42] = a[42] ^ b[42]
+	t[43] = a[43] ^ b[43]
+	t[44] = a[44] ^ b[44]
+	t[45] = a[45] ^ b[45]
+	t[46] = a[46] ^ b[46]
+	t[47] = a[47] ^ b[47]
+	t[48] = a[48] ^ b[48]
+	t[49] = a[49] ^ b[49]
+	t[50] = a[50] ^ b[50]
+	t[51] = a[51] ^ b[51]
+	t[52] = a[52] ^ b[52]
+	t[53] = a[53] ^ b[53]
+	t[54] = a[54] ^ b[54]
+	t[55] = a[55] ^ b[55]
+	t[56] = a[56] ^ b[56]
+	t[57] = a[57] ^ b[57]
+	t[58] = a[58] ^ b[58]
+	t[59] = a[59] ^ b[59]
+	t[60] = a[60] ^ b[60]
+	t[61] = a[61] ^ b[61]
+	t[62] = a[62] ^ b[62]
+	t[63] = a[63] ^ b[63]
+	t[64] = a[64] ^ b[64]
+	t[65] = a[65] ^ b[65]
+	t[66] = a[66] ^ b[66]
+	t[67] = a[67] ^ b[67]
+	t[68] = a[68] ^ b[68]
+	t[69] = a[69] ^ b[69]
+	t[70] = a[70] ^ b[70]
+	t[71] = a[71] ^ b[71]
+	t[72] = a[72] ^ b[72]
+	t[73] = a[73] ^ b[73]
+	t[74] = a[74] ^ b[74]
+	t[75] = a[75] ^ b[75]
+	t[76] = a[76] ^ b[76]
+	t[77] = a[77] ^ b[77]
+	t[78] = a[78] ^ b[78]
+	t[79] = a[79] ^ b[79]
+	t[80] = a[80] ^ b[80]
+	t[81] = a[81] ^ b[81]
+	t[82] = a[82] ^ b[82]
+	t[83] = a[83] ^ b[83]
+	t[84] = a[84] ^ b[84]
+	t[85] = a[85] ^ b[85]
+	t[86] = a[86] ^ b[86]
+	t[87] = a[87] ^ b[87]
+	t[88] = a[88] ^ b[88]
+	t[89] = a[89] ^ b[89]
+	t[90] = a[90] ^ b[90]
+	t[91] = a[91] ^ b[91]
+	t[92] = a[92] ^ b[92]
+	t[93] = a[93] ^ b[93]
+	t[94] = a[94] ^ b[94]
+	t[95] = a[95] ^ b[95]
+	t[96] = a[96] ^ b[96]
+	t[97] = a[97] ^ b[97]
+	t[98] = a[98] ^ b[98]
+	t[99] = a[99] ^ b[99]
+	t[100] = a[100] ^ b[100]
+	t[101] = a[101] ^ b[101]
+	t[102] = a[102] ^ b[102]
+	t[103] = a[103] ^ b[103]
+	t[104] = a[104] ^ b[104]
+	t[105] = a[105] ^ b[105]
+	t[106] = a[106] ^ b[106]
+	t[107] = a[107] ^ b[107]
+	t[108] = a[108] ^ b[108]
+	t[109] = a[109] ^ b[109]
+	t[110] = a[110] ^ b[110]
+	t[111] = a[111] ^ b[111]
+	t[112] = a[112] ^ b[112]
+	t[113] = a[113] ^ b[113]
+	t[114] = a[114] ^ b[114]
+	t[115] = a[115] ^ b[115]
+	t[116] = a[116] ^ b[116]
+	t[117] = a[117] ^ b[117]
+	t[118] = a[118] ^ b[118]
+	t[119] = a[119] ^ b[119]
+	t[120] = a[120] ^ b[120]
+	t[121] = a[121] ^ b[121]
+	t[122] = a[122] ^ b[122]
+	t[123] = a[123] ^ b[123]
+	t[124] = a[124] ^ b[124]
+	t[125] = a[125] ^ b[125]
+	t[126] = a[126] ^ b[126]
+	t[127] = a[127] ^ b[127]
+	_P(&t[0], &t[1], &t[2], &t[3], &t[4], &t[5], &t[6], &t[7], &t[8], &t[9], &t[10], &t[11], &t[12], &t[13], &t[14], &t[15])
+	_P(&t[16], &t[17], &t[18], &t[19], &t[20], &t[21], &t[22], &t[23], &t[24], &t[25], &t[26], &t[27], &t[28], &t[29], &t[30], &t[31])
+	_P(&t[32], &t[33], &t[34], &t[35], &t[36], &t[37], &t[38], &t[39], &t[40], &t[41], &t[42], &t[43], &t[44], &t[45], &t[46], &t[47])
+	_P(&t[48], &t[49], &t[50], &t[51], &t[52], &t[53], &t[54], &t[55], &t[56], &t[57], &t[58], &t[59], &t[60], &t[61], &t[62], &t[63])
+	_P(&t[64], &t[65], &t[66], &t[67], &t[68], &t[69], &t[70], &t[71], &t[72], &t[73], &t[74], &t[75], &t[76], &t[77], &t[78], &t[79])
+	_P(&t[80], &t[81], &t[82], &t[83], &t[84], &t[85], &t[86], &t[87], &t[88], &t[89], &t[90], &t[91], &t[92], &t[93], &t[94], &t[95])
+	_P(&t[96], &t[97], &t[98], &t[99], &t[100], &t[101], &t[102], &t[103], &t[104], &t[105], &t[106], &t[107], &t[108], &t[109], &t[110], &t[111])
+	_P(&t[112], &t[113], &t[114], &t[115], &t[116], &t[117], &t[118], &t[119], &t[120], &t[121], &t[122], &t[123], &t[124], &t[125], &t[126], &t[127])
+	_P(&t[0], &t[1], &t[16], &t[17], &t[32], &t[33], &t[48], &t[49], &t[64], &t[65], &t[80], &t[81], &t[96], &t[97], &t[112], &t[113])
+	_P(&t[2], &t[3], &t[18], &t[19], &t[34], &t[35], &t[50], &t[51], &t[66], &t[67], &t[82], &t[83], &t[98], &t[99], &t[114], &t[115])
+	_P(&t[4], &t[5], &t[20], &t[21], &t[36], &t[37], &t[52], &t[53], &t[68], &t[69], &t[84], &t[85], &t[100], &t[101], &t[116], &t[117])
+	_P(&t[6], &t[7], &t[22], &t[23], &t[38], &t[39], &t[54], &t[55], &t[70], &t[71], &t[86], &t[87], &t[102], &t[103], &t[118], &t[119])
+	_P(&t[8], &t[9], &t[24], &t[25], &t[40], &t[41], &t[56], &t[57], &t[72], &t[73], &t[88], &t[89], &t[104], &t[105], &t[120], &t[121])
+	_P(&t[10], &t[11], &t[26], &t[27], &t[42], &t[43], &t[58], &t[59], &t[74], &t[75], &t[90], &t[91], &t[106], &t[107], &t[122], &t[123])
+	_P(&t[12], &t[13], &t[28], &t[29], &t[44], &t[45], &t[60], &t[61], &t[76], &t[77], &t[92], &t[93], &t[108], &t[109], &t[124], &t[125])
+	_P(&t[14], &t[15], &t[30], &t[31], &t[46], &t[47], &t[62], &t[63], &t[78], &t[79], &t[94], &t[95], &t[110], &t[111], &t[126], &t[127])
+	z[0] ^= a[0] ^ b[0] ^ t[0]
+	z[1] ^= a[1] ^ b[1] ^ t[1]
+	z[2] ^= a[2] ^ b[2] ^ t[2]
+	z[3] ^= a[3] ^ b[3] ^ t[3]
+	z[4] ^= a[4] ^ b[4] ^ t[4]
+	z[5] ^= a[5] ^ b[5] ^ t[5]
+	z[6] ^= a[6] ^ b[6] ^ t[6]
+	z[7] ^= a[7] ^ b[7] ^ t[7]
+	z[8] ^= a[8] ^ b[8] ^ t[8]
+	z[9] ^= a[9] ^ b[9] ^ t[9]
+	z[10] ^= a[10] ^ b[10] ^ t[10]
+	z[11] ^= a[11] ^ b[11] ^ t[11]
+	z[12] ^= a[12] ^ b[12] ^ t[12]
+	z[13] ^= a[13] ^ b[13] ^ t[13]
+	z[14] ^= a[14] ^ b[14] ^ t[14]
+	z[15] ^= a[15] ^ b[15] ^ t[15]
+	z[16] ^= a[16] ^ b[16] ^ t[16]
+	z[17] ^= a[17] ^ b[17] ^ t[17]
+	z[18] ^= a[18] ^ b[18] ^ t[18]
+	z[19] ^= a[19] ^ b[19] ^ t[19]
+	z[20] ^= a[20] ^ b[20] ^ t[20]
+	z[21] ^= a[21] ^ b[21] ^ t[21]
+	z[22] ^= a[22] ^ b[22] ^ t[22]
+	z[23] ^= a[23] ^ b[23] ^ t[23]
+	z[24] ^= a[24] ^ b[24] ^ t[24]
+	z[25] ^= a[25] ^ b[25] ^ t[25]
+	z[26] ^= a[26] ^ b[26] ^ t[26]
+	z[27] ^= a[27] ^ b[27] ^ t[27]
+	z[28] ^= a[28] ^ b[28] ^ t[28]
+	z[29] ^= a[29] ^ b[29] ^ t[29]
+	z[30] ^= a[30] ^ b[30] ^ t[30]
+	z[31] ^= a[31] ^ b[31] ^ t[31]
+	z[32] ^= a[32] ^ b[32] ^ t[32]
+	z[33] ^= a[33] ^ b[33] ^ t[33]
+	z[34] ^= a[34] ^ b[34] ^ t[34]
+	z[35] ^= a[35] ^ b[35] ^ t[35]
+	z[36] ^= a[36] ^ b[36] ^ t[36]
+	z[37] ^= a[37] ^ b[37] ^ t[37]
+	z[38] ^= a[38] ^ b[38] ^ t[38]
+	z[39] ^= a[39] ^ b[39] ^ t[39]
+	z[40] ^= a[40] ^ b[40] ^ t[40]
+	z[41] ^= a[41] ^ b[41] ^ t[41]
+	z[42] ^= a[42] ^ b[42] ^ t[42]
+	z[43] ^= a[43] ^ b[43] ^ t[43]
+	z[44] ^= a[44] ^ b[44] ^ t[44]
+	z[45] ^= a[45] ^ b[45] ^ t[45]
+	z[46] ^= a[46] ^ b[46] ^ t[46]
+	z[47] ^= a[47] ^ b[47] ^ t[47]
+	z[48] ^= a[48] ^ b[48] ^ t[48]
+	z[49] ^= a[49] ^ b[49] ^ t[49]
+	z[50] ^= a[50] ^ b[50] ^ t[50]
+	z[51] ^= a[51] ^ b[51] ^ t[51]
+	z[52] ^= a[52] ^ b[52] ^ t[52]
+	z[53] ^= a[53] ^ b[53] ^ t[53]
+	z[54] ^= a[54] ^ b[54] ^ t[54]
+	z[55] ^= a[55] ^ b[55] ^ t[55]
+	z[56] ^= a[56] ^ b[56] ^ t[56]
+	z[57] ^= a[57] ^ b[57] ^ t[57]
+	z[58] ^= a[58] ^ b[58] ^ t[58]
+	z[59] ^= a[59] ^ b[59] ^ t[59]
+	z[60] ^= a[60] ^ b[60] ^ t[60]
+	z[61] ^= a[61] ^ b[61] ^ t[61]
+	z[62] ^= a[62] ^ b[62] ^ t[62]
+	z[63] ^= a[63] ^ b[63] ^ t[63]
+	z[64] ^= a[64] ^ b[64] ^ t[64]
+	z[65] ^= a[65] ^ b[65] ^ t[65]
+	z[66] ^= a[66] ^ b[66] ^ t[66]
+	z[67] ^= a[67] ^ b[67] ^ t[67]
+	z[68] ^= a[68] ^ b[68] ^ t[68]
+	z[69] ^= a[69] ^ b[69] ^ t[69]
+	z[70] ^= a[70] ^ b[70] ^ t[70]
+	z[71] ^= a[71] ^ b[71] ^ t[71]
+	z[72] ^= a[72] ^ b[72] ^ t[72]
+	z[73] ^= a[73] ^ b[73] ^ t[73]
+	z[74] ^= a[74] ^ b[74] ^ t[74]
+	z[75] ^= a[75] ^ b[75] ^ t[75]
+	z[76] ^= a[76] ^ b[76] ^ t[76]
+	z[77] ^= a[77] ^ b[77] ^ t[77]
+	z[78] ^= a[78] ^ b[78] ^ t[78]
+	z[79] ^= a[79] ^ b[79] ^ t[79]
+	z[80] ^= a[80] ^ b[80] ^ t[80]
+	z[81] ^= a[81] ^ b[81] ^ t[81]
+	z[82] ^= a[82] ^ b[82] ^ t[82]
+	z[83] ^= a[83] ^ b[83] ^ t[83]
+	z[84] ^= a[84] ^ b[84] ^ t[84]
+	z[85] ^= a[85] ^ b[85] ^ t[85]
+	z[86] ^= a[86] ^ b[86] ^ t[86]
+	z[87] ^= a[87] ^ b[87] ^ t[87]
+	z[88] ^= a[88] ^ b[88] ^ t[88]
+	z[89] ^= a[89] ^ b[89] ^ t[89]
+	z[90] ^= a[90] ^ b[90] ^ t[90]
+	z[91] ^= a[91] ^ b[91] ^ t[91]
+	z[92] ^= a[92] ^ b[92] ^ t[92]
+	z[93] ^= a[93] ^ b[93] ^ t[93]
+	z[94] ^= a[94] ^ b[94] ^ t[94]
+	z[95] ^= a[95] ^ b[95] ^ t[95]
+	z[96] ^= a[96] ^ b[96] ^ t[96]
+	z[97] ^= a[97] ^ b[97] ^ t[97]
+	z[98] ^= a[98] ^ b[98] ^ t[98]
+	z[99] ^= a[99] ^ b[99] ^ t[99]
+	z[100] ^= a[100] ^ b[100] ^ t[100]
+	z[101] ^= a[101] ^ b[101] ^ t[101]
+	z[102] ^= a[102] ^ b[102] ^ t[102]
+	z[103] ^= a[103] ^ b[103] ^ t[103]
+	z[104] ^= a[104] ^ b[104] ^ t[104]
+	z[105] ^= a[105] ^ b[105] ^ t[105]
+	z[106] ^= a[106] ^ b[106] ^ t[106]
+	z[107] ^= a[107] ^ b[107] ^ t[107]
+	z[108] ^= a[108] ^ b[108] ^ t[108]
+	z[109] ^= a[109] ^ b[109] ^ t[109]
+	z[110] ^= a[110] ^ b[110] ^ t[110]
+	z[111] ^= a[111] ^ b[111] ^ t[111]
+	z[112] ^= a[112] ^ b[112] ^ t[112]
+	z[113] ^= a[113] ^ b[113] ^ t[113]
+	z[114] ^= a[114] ^ b[114] ^ t[114]
+	z[115] ^= a[115] ^ b[115] ^ t[115]
+	z[116] ^= a[116] ^ b[116] ^ t[116]
+	z[117] ^= a[117] ^ b[117] ^ t[117]
+	z[118] ^= a[118] ^ b[118] ^ t[118]
+	z[119] ^= a[119] ^ b[119] ^ t[119]
+	z[120] ^= a[120] ^ b[120] ^ t[120]
+	z[121] ^= a[121] ^ b[121] ^ t[121]
+	z[122] ^= a[122] ^ b[122] ^ t[122]
+	z[123] ^= a[123] ^ b[123] ^ t[123]
+	z[124] ^= a[124] ^ b[124] ^ t[124]
+	z[125] ^= a[125] ^ b[125] ^ t[125]
+	z[126] ^= a[126] ^ b[126] ^ t[126]
+	z[127] ^= a[127] ^ b[127] ^ t[127]
+}
+
+func _P(p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 *uint64) {
+	var v0 = *p0
+	var v1 = *p1
+	var v2 = *p2
+	var v3 = *p3
+	var v4 = *p4
+	var v5 = *p5
+	var v6 = *p6
+	var v7 = *p7
+	var v8 = *p8
+	var v9 = *p9
+	var v10 = *p10
+	var v11 = *p11
+	var v12 = *p12
+	var v13 = *p13
+	var v14 = *p14
+	var v15 = *p15
+	var t uint64
+	t = uint64(uint32(v0)) * uint64(uint32(v4))
+	v0 = v0 + v4 + t*2
+	v12 = v12 ^ v0
+	v12 = v12>>32 | v12<<32
+	t = uint64(uint32(v8)) * uint64(uint32(v12))
+	v8 = v8 + v12 + t*2
+	v4 = v4 ^ v8
+	v4 = v4>>24 | v4<<40
+	t = uint64(uint32(v0)) * uint64(uint32(v4))
+	v0 = v0 + v4 + t*2
+	v12 = v12 ^ v0
+	v12 = v12>>16 | v12<<48
+	t = uint64(uint32(v8)) * uint64(uint32(v12))
+	v8 = v8 + v12 + t*2
+	v4 = v4 ^ v8
+	v4 = v4>>63 | v4<<1
+	t = uint64(uint32(v1)) * uint64(uint32(v5))
+	v1 = v1 + v5 + t*2
+	v13 = v13 ^ v1
+	v13 = v13>>32 | v13<<32
+	t = uint64(uint32(v9)) * uint64(uint32(v13))
+	v9 = v9 + v13 + t*2
+	v5 = v5 ^ v9
+	v5 = v5>>24 | v5<<40
+	t = uint64(uint32(v1)) * uint64(uint32(v5))
+	v1 = v1 + v5 + t*2
+	v13 = v13 ^ v1
+	v13 = v13>>16 | v13<<48
+	t = uint64(uint32(v9)) * uint64(uint32(v13))
+	v9 = v9 + v13 + t*2
+	v5 = v5 ^ v9
+	v5 = v5>>63 | v5<<1
+	t = uint64(uint32(v2)) * uint64(uint32(v6))
+	v2 = v2 + v6 + t*2
+	v14 = v14 ^ v2
+	v14 = v14>>32 | v14<<32
+	t = uint64(uint32(v10)) * uint64(uint32(v14))
+	v10 = v10 + v14 + t*2
+	v6 = v6 ^ v10
+	v6 = v6>>24 | v6<<40
+	t = uint64(uint32(v2)) * uint64(uint32(v6))
+	v2 = v2 + v6 + t*2
+	v14 = v14 ^ v2
+	v14 = v14>>16 | v14<<48
+	t = uint64(uint32(v10)) * uint64(uint32(v14))
+	v10 = v10 + v14 + t*2
+	v6 = v6 ^ v10
+	v6 = v6>>63 | v6<<1
+	t = uint64(uint32(v3)) * uint64(uint32(v7))
+	v3 = v3 + v7 + t*2
+	v15 = v15 ^ v3
+	v15 = v15>>32 | v15<<32
+	t = uint64(uint32(v11)) * uint64(uint32(v15))
+	v11 = v11 + v15 + t*2
+	v7 = v7 ^ v11
+	v7 = v7>>24 | v7<<40
+	t = uint64(uint32(v3)) * uint64(uint32(v7))
+	v3 = v3 + v7 + t*2
+	v15 = v15 ^ v3
+	v15 = v15>>16 | v15<<48
+	t = uint64(uint32(v11)) * uint64(uint32(v15))
+	v11 = v11 + v15 + t*2
+	v7 = v7 ^ v11
+	v7 = v7>>63 | v7<<1
+	t = uint64(uint32(v0)) * uint64(uint32(v5))
+	v0 = v0 + v5 + t*2
+	v15 = v15 ^ v0
+	v15 = v15>>32 | v15<<32
+	t = uint64(uint32(v10)) * uint64(uint32(v15))
+	v10 = v10 + v15 + t*2
+	v5 = v5 ^ v10
+	v5 = v5>>24 | v5<<40
+	t = uint64(uint32(v0)) * uint64(uint32(v5))
+	v0 = v0 + v5 + t*2
+	v15 = v15 ^ v0
+	v15 = v15>>16 | v15<<48
+	t = uint64(uint32(v10)) * uint64(uint32(v15))
+	v10 = v10 + v15 + t*2
+	v5 = v5 ^ v10
+	v5 = v5>>63 | v5<<1
+	t = uint64(uint32(v1)) * uint64(uint32(v6))
+	v1 = v1 + v6 + t*2
+	v12 = v12 ^ v1
+	v12 = v12>>32 | v12<<32
+	t = uint64(uint32(v11)) * uint64(uint32(v12))
+	v11 = v11 + v12 + t*2
+	v6 = v6 ^ v11
+	v6 = v6>>24 | v6<<40
+	t = uint64(uint32(v1)) * uint64(uint32(v6))
+	v1 = v1 + v6 + t*2
+	v12 = v12 ^ v1
+	v12 = v12>>16 | v12<<48
+	t = uint64(uint32(v11)) * uint64(uint32(v12))
+	v11 = v11 + v12 + t*2
+	v6 = v6 ^ v11
+	v6 = v6>>63 | v6<<1
+	t = uint64(uint32(v2)) * uint64(uint32(v7))
+	v2 = v2 + v7 + t*2
+	v13 = v13 ^ v2
+	v13 = v13>>32 | v13<<32
+	t = uint64(uint32(v8)) * uint64(uint32(v13))
+	v8 = v8 + v13 + t*2
+	v7 = v7 ^ v8
+	v7 = v7>>24 | v7<<40
+	t = uint64(uint32(v2)) * uint64(uint32(v7))
+	v2 = v2 + v7 + t*2
+	v13 = v13 ^ v2
+	v13 = v13>>16 | v13<<48
+	t = uint64(uint32(v8)) * uint64(uint32(v13))
+	v8 = v8 + v13 + t*2
+	v7 = v7 ^ v8
+	v7 = v7>>63 | v7<<1
+	t = uint64(uint32(v3)) * uint64(uint32(v4))
+	v3 = v3 + v4 + t*2
+	v14 = v14 ^ v3
+	v14 = v14>>32 | v14<<32
+	t = uint64(uint32(v9)) * uint64(uint32(v14))
+	v9 = v9 + v14 + t*2
+	v4 = v4 ^ v9
+	v4 = v4>>24 | v4<<40
+	t = uint64(uint32(v3)) * uint64(uint32(v4))
+	v3 = v3 + v4 + t*2
+	v14 = v14 ^ v3
+	v14 = v14>>16 | v14<<48
+	t = uint64(uint32(v9)) * uint64(uint32(v14))
+	v9 = v9 + v14 + t*2
+	v4 = v4 ^ v9
+	v4 = v4>>63 | v4<<1
+	*p0 = v0
+	*p1 = v1
+	*p2 = v2
+	*p3 = v3
+	*p4 = v4
+	*p5 = v5
+	*p6 = v6
+	*p7 = v7
+	*p8 = v8
+	*p9 = v9
+	*p10 = v10
+	*p11 = v11
+	*p12 = v12
+	*p13 = v13
+	*p14 = v14
+	*p15 = v15
+}

vendor/github.com/magical/argon2/round.py

@@ -0,0 +1,54 @@
+print("package argon2")
+print()
+print("func block(z, a, b *[128]uint64) {")
+
+for i in range(128):
+    print("\tz[%d] = a[%d] ^ b[%d]" % (i, i, i))
+
+for b in range(0, 128, 16):
+    print("\t_P(" + ", ".join("&z[%d]" % i for i in range(b, b+16)) + ")")
+
+for b in range(0, 16, 2):
+    print("\t_P(" + ", ".join("&z[%d], &z[%d]" % (i, i+1) for i in range(b, 128, 16)) + ")")
+
+for i in range(128):
+    print("\tz[%d] ^= a[%d] ^ b[%d]" % (i, i, i))
+
+print("}")
+print()
+print("func _P("+", ".join("p%d" % i for i in range(16))+" *uint64) {")
+for i in range(16):
+    print("\tvar v%d = *p%d" % (i, i))
+print("\tvar t uint64")
+
+def G(a, b, c, d):
+    print("\tt = uint64(uint32(%s)) * uint64(uint32(%s))" % (a, b))
+    print("\t%s = %s + %s + t*2" % (a, a, b))
+    print("\t%s = %s ^ %s" % (d, d, a))
+    print("\t%s = %s>>32 | %s<<32" % (d, d, d))
+    print("\tt = uint64(uint32(%s)) * uint64(uint32(%s))" % (c, d))
+    print("\t%s = %s + %s + t*2" % (c, c, d))
+    print("\t%s = %s ^ %s" % (b, b, c))
+    print("\t%s = %s>>24 | %s<<40" % (b, b, b))
+    print("\tt = uint64(uint32(%s)) * uint64(uint32(%s))" % (a, b))
+    print("\t%s = %s + %s + t*2" % (a, a, b))
+    print("\t%s = %s ^ %s" % (d, d, a))
+    print("\t%s = %s>>16 | %s<<48" % (d, d, d))
+    print("\tt = uint64(uint32(%s)) * uint64(uint32(%s))" % (c, d))
+    print("\t%s = %s + %s + t*2" % (c, c, d))
+    print("\t%s = %s ^ %s" % (b, b, c))
+    print("\t%s = %s>>63 | %s<<1" % (b, b, b))
+
+G("v0", "v4", "v8", "v12")
+G("v1", "v5", "v9", "v13")
+G("v2", "v6", "v10", "v14")
+G("v3", "v7", "v11", "v15")
+G("v0", "v5", "v10", "v15")
+G("v1", "v6", "v11", "v12")
+G("v2", "v7", "v8", "v13")
+G("v3", "v4", "v9", "v14")
+
+for i in range(16):
+    print("\t*p%d = v%d" % (i, i))
+
+print("}")