From 7ecac5c2ee50828dc3a1b98a7311a0cabd6a3a82 Mon Sep 17 00:00:00 2001
From: Russ Magee <rmagee@gmail.com>
Date: Wed, 5 Feb 2020 21:26:03 -0800
Subject: [PATCH] Resync w/cryptmt, wanderer repos

Signed-off-by: Russ Magee <rmagee@gmail.com>
---
 go.mod                                     |  24 ++---
 go.sum                                     |   4 +
 vendor/blitter.com/go/cryptmt/cryptmt.go   |  10 +-
 vendor/blitter.com/go/goutmp/README.md     |   4 +-
 vendor/blitter.com/go/wanderer/wanderer.go | 113 +++++++++++----------
 vendor/modules.txt                         |  18 ++--
 xsnet/chan.go                              |   4 +-
 7 files changed, 92 insertions(+), 85 deletions(-)

diff --git a/go.mod b/go.mod
index 9860336..dab7a12 100644
--- a/go.mod
+++ b/go.mod
@@ -3,28 +3,28 @@ module blitter.com/go/xs
 go 1.12
 
 require (
-	blitter.com/go/cryptmt v1.0.0
+	blitter.com/go/cryptmt v1.0.1
 	blitter.com/go/goutmp v1.0.2
 	blitter.com/go/herradurakex v1.0.0
 	blitter.com/go/kyber v0.0.0-20200130200857-6f2021cb88d9
-	blitter.com/go/mtwist v1.0.1 // indirect
+	blitter.com/go/mtwist v1.0.1
 	blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae
-	blitter.com/go/wanderer v0.8.1
+	blitter.com/go/wanderer v0.8.2
 	github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f
-	github.com/klauspost/cpuid v1.2.2 // indirect
-	github.com/klauspost/reedsolomon v1.9.3 // indirect
+	github.com/klauspost/cpuid v1.2.2
+	github.com/klauspost/reedsolomon v1.9.3
 	github.com/kr/pty v1.1.4
 	github.com/mattn/go-isatty v0.0.7
-	github.com/pkg/errors v0.8.1 // indirect
-	github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161 // indirect
-	github.com/templexxx/xor v0.0.0-20181023030647-4e92f724b73b // indirect
-	github.com/tjfoc/gmsm v1.0.1 // indirect
+	github.com/pkg/errors v0.8.1
+	github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161
+	github.com/templexxx/xor v0.0.0-20181023030647-4e92f724b73b
+	github.com/tjfoc/gmsm v1.0.1
 	github.com/xtaci/kcp-go v5.4.19+incompatible
 	github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae // indirect
 	golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d
-	golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 // indirect
+	golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553
 	golang.org/x/sys v0.0.0-20190902133755-9109b7679e13
-	gopkg.in/hlandau/easymetric.v1 v1.0.0 // indirect
-	gopkg.in/hlandau/measurable.v1 v1.0.1 // indirect
+	gopkg.in/hlandau/easymetric.v1 v1.0.0
+	gopkg.in/hlandau/measurable.v1 v1.0.1
 	gopkg.in/hlandau/passlib.v1 v1.0.10
 )
diff --git a/go.sum b/go.sum
index 23bb532..ce9ef5f 100644
--- a/go.sum
+++ b/go.sum
@@ -2,6 +2,8 @@ blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c h1:LcnFFg6MCIJHf26P7e
 blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c/go.mod h1:EMJtRcf22WCtHGiXCw+NB/Sb/PYcXtUgUql6LDEwyXo=
 blitter.com/go/cryptmt v1.0.0 h1:n+cNP/ReZrNe/w5FbD8DSfv0Wpj48nxhmMoLEk4hPXs=
 blitter.com/go/cryptmt v1.0.0/go.mod h1:tdME2J3O4agaDAYIYNQzzuB28yVGnPSMmV3a/ucSU84=
+blitter.com/go/cryptmt v1.0.1 h1:NAi4FrZqo52bhPJopYw1jbausj1NnHEWELaINC60Nk0=
+blitter.com/go/cryptmt v1.0.1/go.mod h1:tdME2J3O4agaDAYIYNQzzuB28yVGnPSMmV3a/ucSU84=
 blitter.com/go/goutmp v1.0.1 h1:jBqtp6pDwSbF4QEC3DjNfyaS8Nv5dFCOyaTfSbbb7TU=
 blitter.com/go/goutmp v1.0.1/go.mod h1:gtlbjC8xGzMk/Cf0BpnVltSa3awOqJ+B5WAxVptTMxk=
 blitter.com/go/goutmp v1.0.2 h1:oCc/dt9TlTOP2kvmX1Y7J/wSQUhywjcyF101jXuLxZ8=
@@ -16,6 +18,8 @@ blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae h1:YBBaCcdYRrI1btsmcMT
 blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae/go.mod h1:ywoxfDBqInPsqtnxYsmS4SYMJ5D/kNcrFgpvI+Xcun0=
 blitter.com/go/wanderer v0.8.1 h1:oQw8yASM7iI+S8GIgf3cUFdkJ8Sy/UQxRDJqhTswgwM=
 blitter.com/go/wanderer v0.8.1/go.mod h1:FX1pAnZ5woEavy5CUIZco0/Gc2Msb3U0zsmi+6Hs4Rw=
+blitter.com/go/wanderer v0.8.2 h1:fzwRn60RDDxy4GEYxSyfA4gXkkZb33WQRk/Fv5ugPAI=
+blitter.com/go/wanderer v0.8.2/go.mod h1:FX1pAnZ5woEavy5CUIZco0/Gc2Msb3U0zsmi+6Hs4Rw=
 git.schwanenlied.me/yawning/chacha20.git v0.0.0-20170904085104-e3b1f968fc63 h1:bwZNsbw3qFbg6ox55HrA37nPmh+/wtJxZ7uWeiAdUUc=
 git.schwanenlied.me/yawning/chacha20.git v0.0.0-20170904085104-e3b1f968fc63/go.mod h1:NYi4Ifd1g/YbhIDgDfw6t7QdsW4tofQWMX/+FiDtJWs=
 git.schwanenlied.me/yawning/kyber.git v0.0.0-20180530164001-a270899bd22c h1:SGOx1s56QSOmuCegRcG3yvOG7W8PvRS9ZVnFQl5K2aQ=
diff --git a/vendor/blitter.com/go/cryptmt/cryptmt.go b/vendor/blitter.com/go/cryptmt/cryptmt.go
index 6b3960f..6888667 100644
--- a/vendor/blitter.com/go/cryptmt/cryptmt.go
+++ b/vendor/blitter.com/go/cryptmt/cryptmt.go
@@ -20,21 +20,21 @@ type Cipher struct {
 	m     *mtwist.MT19937_64
 }
 
-func (c *Cipher) yield8() (r byte) {
+func (c *Cipher) yield() (r byte) {
 	c.accum = c.accum * (c.m.Int63() | 1)
 	r = byte(c.accum>>56) & 0xFF
 	return
 }
 
-// NewCipher creates and returns a Cipher. The key argument should be the
+// New creates and returns a Cipher. The key argument should be the
 // CryptMT key, 64 bytes.
-func NewCipher(key []byte) (c *Cipher) {
+func New(key []byte) (c *Cipher) {
 	c = &Cipher{m: mtwist.New()}
 	c.m.SeedFullState(key)
 	c.accum = 1
 	// from paper, discard first 64 bytes of output
 	for idx := 0; idx < 64; idx++ {
-		_ = c.yield8()
+		_ = c.yield()
 	}
 	return c
 }
@@ -55,6 +55,6 @@ func (c *Cipher) XORKeyStream(dst, src []byte) {
 	}
 
 	for i, b := range src {
-		dst[i] = b ^ c.yield8()
+		dst[i] = b ^ c.yield()
 	}
 }
diff --git a/vendor/blitter.com/go/goutmp/README.md b/vendor/blitter.com/go/goutmp/README.md
index ec6fe95..cb956fc 100644
--- a/vendor/blitter.com/go/goutmp/README.md
+++ b/vendor/blitter.com/go/goutmp/README.md
@@ -10,8 +10,8 @@ Golang bindings for basic login/utmp accounting
 
 type UtmpEntry struct{ ... }
 
-func Put_lastlog_entry(app string, usr string, host string)
+func Put_lastlog_entry(app, usr, ptsname, host string)
 func Unput_utmp(entry UtmpEntry)
-func Put_utmp(user string, host string) UtmpEntry
+func Put_utmp(user, ptsname, host string) UtmpEntry
 ```
 
diff --git a/vendor/blitter.com/go/wanderer/wanderer.go b/vendor/blitter.com/go/wanderer/wanderer.go
index fe24277..efc0ca9 100644
--- a/vendor/blitter.com/go/wanderer/wanderer.go
+++ b/vendor/blitter.com/go/wanderer/wanderer.go
@@ -1,4 +1,4 @@
-// WANDERER - a crypto doodle that appears to give adequate
+// Package wanderer - a crypto doodle that appears to give adequate
 // protection to data in a stream cipher context
 //
 // Properties visualized using https://github.com/circulosmeos/circle
@@ -23,6 +23,20 @@ const (
 	sboxCount = keylen / 8
 )
 
+type Cipher struct {
+	prng   *mtwist.MT19937_64
+	r      io.Reader
+	w      io.Writer
+	k      []byte
+	kidx   uint
+	sboxen [][]byte
+	sw     int
+	sh     int
+	sctr   int // TODO: used to count down to re-keying & sbox regen
+	mode   int
+	n      byte
+}
+
 // Given input byte x (treated as 2-bit dirs),
 // 'walk' box applying XOR of each position (E/S/W/N) given box
 // dimensions w,h
@@ -74,53 +88,7 @@ func (c *Cipher) genSBoxen(n uint) {
 	//fmt.Fprintf(os.Stderr, "sboxen[0]:%v\n", c.sboxen[0])
 }
 
-// Mutate the session key (intended to be called as encryption
-// proceeds), so that the 'walk path' through sboxes also does so.
-func (c *Cipher) keyUpdate(perturb byte) {
-	c.k[c.kidx] = c.k[c.kidx] ^ c.k[(c.kidx+1)%uint(len(c.k))]
-	c.k[c.kidx] = c.k[c.kidx] ^ byte((c.prng.Int63()>>4)%256)
-	c.kidx = (c.kidx + uint(perturb)) % uint(len(c.k))
-}
-
-// slow - perturb a single octet of a single sbox for each octet
-// (CV = ~8.725% over 700 MiB of 0-byte pt)
-func (c *Cipher) sboxUpdateA(perturb byte) {
-	c.sboxen[perturb%sboxCount][int(perturb)%(c.sw+c.sh)] ^=
-		perturb
-}
-
-// slower - perturb a single sbox for each octet
-// (CV = ~?% over 700 MiB of 0-byte pt)
-func (c *Cipher) sboxUpdateB(perturb byte) {
-	lim := c.sw * c.sh
-	for idx := 0; idx < lim; idx++ {
-		c.sboxen[perturb%sboxCount][idx] ^= perturb
-	}
-}
-
-// slowest -- full sbox re-gen after each octet
-// (but lowest CV, ~0.05% over 700MiB of 0-byte pt)
-func (c *Cipher) sboxUpdateC(perturb byte) {
-	c.genSBoxen(sboxCount)
-	//c.sboxen[perturb%sboxCount][int(perturb)%(c.sw+c.sh)] ^=
-	//	perturb
-}
-
-type Cipher struct {
-	prng   *mtwist.MT19937_64
-	r      io.Reader
-	w      io.Writer
-	k      []byte
-	kidx   uint
-	sboxen [][]byte
-	sw     int
-	sh     int
-	sctr   int // TODO: used to count down to re-keying & sbox regen
-	mode   int
-	n      byte
-}
-
-func NewCodec(r io.Reader, w io.Writer, mode int, key []byte, width, height int) (c *Cipher) {
+func New(r io.Reader, w io.Writer, mode int, key []byte, width, height int) (c *Cipher) {
 	c = &Cipher{}
 	c.prng = mtwist.New()
 	if len(key) == 0 {
@@ -163,20 +131,55 @@ func (c *Cipher) Write(p []byte) (n int, err error) {
 	return n, err
 }
 
-func (c *Cipher) yield(pt byte) (ct byte) {
-	ct = walkingXOR(c.k, c.sboxen[c.n], c.sw, c.sh, pt)
+// Mutate the session key (intended to be called as encryption
+// proceeds), so that the 'walk path' through sboxes also does so.
+func (c *Cipher) keyUpdate(perturb byte) {
+	c.k[c.kidx] = c.k[c.kidx] ^ c.k[(c.kidx+1)%uint(len(c.k))]
+	c.k[c.kidx] = c.k[c.kidx] ^ byte((c.prng.Int63()>>4)%256)
+	c.kidx = (c.kidx + uint(perturb)) % uint(len(c.k))
+	//for idx := 0; idx < len(c.k); idx++ {
+	//	c.k[idx] = c.k[idx] ^ byte(c.prng.Int63() % 256)
+	//}
+}
+
+// slow - perturb a single octet of a single sbox for each octet
+// (CV = ~8.725% over 700 MiB of 0-byte pt)
+func (c *Cipher) sboxUpdateA(perturb byte) {
+	c.sboxen[perturb%sboxCount][int(perturb)%(c.sw+c.sh)] ^=
+		perturb
+}
+
+// slower - perturb a single sbox for each octet
+// (CV = ~5.6369% over 700 MiB of 0-byte pt)
+func (c *Cipher) sboxUpdateB(perturb byte) {
+	lim := c.sw * c.sh
+	for idx := 0; idx < lim; idx++ {
+		c.sboxen[perturb%sboxCount][idx] ^= perturb
+	}
+}
+
+// slowest -- full sbox re-gen after each octet
+// (but lowest CV, ~0.0554% over 700MiB of 0-byte pt)
+func (c *Cipher) sboxUpdateC(perturb byte) {
+	c.genSBoxen(sboxCount)
+	//c.sboxen[perturb%sboxCount][int(perturb)%(c.sw+c.sh)] ^=
+	//	perturb
+}
+
+func (c *Cipher) yield(ib byte) (ob byte) {
+	ob = walkingXOR(c.k, c.sboxen[c.n], c.sw, c.sh, ib)
 	c.n = (c.n + 1) % byte(len(c.sboxen))
-	c.keyUpdate(ct ^ pt) // must be equal in either encrypt/decrypt dirs
+	c.keyUpdate(ob ^ ib) // must be equal in either encrypt/decrypt dirs
 	switch c.mode {
 	case 0:
 		// [nothing - varA]
 		break
 	case 1:
-		c.sboxUpdateA(ct ^ pt) // varA
+		c.sboxUpdateA(ob ^ ib) // varA
 	case 2:
-		c.sboxUpdateB(ct ^ pt) // varB
+		c.sboxUpdateB(ob ^ ib) // varB
 	case 3:
-		c.sboxUpdateC(ct ^ pt) // varC
+		c.sboxUpdateC(ob ^ ib) // varC
 	default:
 		// [nothing]
 	}
@@ -185,7 +188,7 @@ func (c *Cipher) yield(pt byte) (ct byte) {
 	//		c.genSBoxen(sboxCount)
 	//		c.sctr = c.sw
 	//	}
-	return ct
+	return ob
 }
 
 // XORKeyStream XORs each byte in the given slice with a byte from the
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 35598c6..ce9a3c6 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -3,9 +3,9 @@ blitter.com/go/chacha20
 blitter.com/go/chacha20/internal/api
 blitter.com/go/chacha20/internal/hardware
 blitter.com/go/chacha20/internal/ref
-# blitter.com/go/cryptmt v1.0.0
+# blitter.com/go/cryptmt v1.0.1
 blitter.com/go/cryptmt
-# blitter.com/go/goutmp v1.0.1
+# blitter.com/go/goutmp v1.0.2
 blitter.com/go/goutmp
 # blitter.com/go/herradurakex v1.0.0
 blitter.com/go/herradurakex
@@ -15,7 +15,7 @@ blitter.com/go/kyber
 blitter.com/go/mtwist
 # blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae
 blitter.com/go/newhope
-# blitter.com/go/wanderer v0.8.1
+# blitter.com/go/wanderer v0.8.2
 blitter.com/go/wanderer
 # github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f
 github.com/jameskeane/bcrypt
@@ -39,19 +39,19 @@ github.com/tjfoc/gmsm/sm4
 github.com/xtaci/kcp-go
 # golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d
 golang.org/x/crypto/blowfish
-golang.org/x/crypto/pbkdf2
-golang.org/x/crypto/twofish
-golang.org/x/crypto/sha3
 golang.org/x/crypto/cast5
+golang.org/x/crypto/pbkdf2
 golang.org/x/crypto/salsa20
 golang.org/x/crypto/tea
+golang.org/x/crypto/twofish
 golang.org/x/crypto/xtea
-golang.org/x/crypto/argon2
-golang.org/x/crypto/bcrypt
+golang.org/x/crypto/blake2b
 golang.org/x/crypto/internal/subtle
 golang.org/x/crypto/salsa20/salsa
-golang.org/x/crypto/blake2b
+golang.org/x/crypto/argon2
+golang.org/x/crypto/bcrypt
 golang.org/x/crypto/scrypt
+golang.org/x/crypto/sha3
 # golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553
 golang.org/x/net/ipv4
 golang.org/x/net/ipv6
diff --git a/xsnet/chan.go b/xsnet/chan.go
index cfc3722..a9758a9 100644
--- a/xsnet/chan.go
+++ b/xsnet/chan.go
@@ -103,10 +103,10 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err
 		rc = cipher.NewOFB(block, iv)
 		log.Printf("[cipher BLOWFISH_64 (%d)]\n", copts)
 	case CAlgCryptMT1:
-		rc = cryptmt.NewCipher(keymat)
+		rc = cryptmt.New(keymat)
 		log.Printf("[cipher CRYPTMT1 (%d)]\n", copts)
 	case CAlgWanderer:
-		rc = wanderer.NewCodec(nil, nil, 1, keymat, 3, 3)
+		rc = wanderer.New(nil, nil, 1, keymat, 3, 3)
 		log.Printf("[cipher WANDERER mode 1 (%d)]\n", copts)
 	default:
 		log.Printf("[invalid cipher (%d)]\n", copts)