crypto: replace encoding/binary in favour of internal/byteorder

Updates #54097

Change-Id: I827a5efd1736ce057b76f079466f2d9ead225898
GitHub-Last-Rev: 40af104
GitHub-Pull-Request: #67321
Reviewed-on: https://go-review.googlesource.com/c/go/+/585017
Reviewed-by: Keith Randall <[email protected]>
Reviewed-by: Keith Randall <[email protected]>
Auto-Submit: Keith Randall <[email protected]>
Commit-Queue: Ian Lance Taylor <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Auto-Submit: Ian Lance Taylor <[email protected]>
Reviewed-by: Ian Lance Taylor <[email protected]>

Author: mateusz834

src/crypto/aes/block.go

@@ -36,17 +36,15 @@
 
 package aes
 
-import (
-	"encoding/binary"
-)
+import "internal/byteorder"
 
 // Encrypt one block from src into dst, using the expanded key xk.
 func encryptBlockGo(xk []uint32, dst, src []byte) {
 	_ = src[15] // early bounds check
-	s0 := binary.BigEndian.Uint32(src[0:4])
-	s1 := binary.BigEndian.Uint32(src[4:8])
-	s2 := binary.BigEndian.Uint32(src[8:12])
-	s3 := binary.BigEndian.Uint32(src[12:16])
+	s0 := byteorder.BeUint32(src[0:4])
+	s1 := byteorder.BeUint32(src[4:8])
+	s2 := byteorder.BeUint32(src[8:12])
+	s3 := byteorder.BeUint32(src[12:16])
 
 	// First round just XORs input with key.
 	s0 ^= xk[0]
@@ -80,19 +78,19 @@ func encryptBlockGo(xk []uint32, dst, src []byte) {
 	s3 ^= xk[k+3]
 
 	_ = dst[15] // early bounds check
-	binary.BigEndian.PutUint32(dst[0:4], s0)
-	binary.BigEndian.PutUint32(dst[4:8], s1)
-	binary.BigEndian.PutUint32(dst[8:12], s2)
-	binary.BigEndian.PutUint32(dst[12:16], s3)
+	byteorder.BePutUint32(dst[0:4], s0)
+	byteorder.BePutUint32(dst[4:8], s1)
+	byteorder.BePutUint32(dst[8:12], s2)
+	byteorder.BePutUint32(dst[12:16], s3)
 }
 
 // Decrypt one block from src into dst, using the expanded key xk.
 func decryptBlockGo(xk []uint32, dst, src []byte) {
 	_ = src[15] // early bounds check
-	s0 := binary.BigEndian.Uint32(src[0:4])
-	s1 := binary.BigEndian.Uint32(src[4:8])
-	s2 := binary.BigEndian.Uint32(src[8:12])
-	s3 := binary.BigEndian.Uint32(src[12:16])
+	s0 := byteorder.BeUint32(src[0:4])
+	s1 := byteorder.BeUint32(src[4:8])
+	s2 := byteorder.BeUint32(src[8:12])
+	s3 := byteorder.BeUint32(src[12:16])
 
 	// First round just XORs input with key.
 	s0 ^= xk[0]
@@ -126,10 +124,10 @@ func decryptBlockGo(xk []uint32, dst, src []byte) {
 	s3 ^= xk[k+3]
 
 	_ = dst[15] // early bounds check
-	binary.BigEndian.PutUint32(dst[0:4], s0)
-	binary.BigEndian.PutUint32(dst[4:8], s1)
-	binary.BigEndian.PutUint32(dst[8:12], s2)
-	binary.BigEndian.PutUint32(dst[12:16], s3)
+	byteorder.BePutUint32(dst[0:4], s0)
+	byteorder.BePutUint32(dst[4:8], s1)
+	byteorder.BePutUint32(dst[8:12], s2)
+	byteorder.BePutUint32(dst[12:16], s3)
 }
 
 // Apply sbox0 to each byte in w.
@@ -150,7 +148,7 @@ func expandKeyGo(key []byte, enc, dec []uint32) {
 	var i int
 	nk := len(key) / 4
 	for i = 0; i < nk; i++ {
-		enc[i] = binary.BigEndian.Uint32(key[4*i:])
+		enc[i] = byteorder.BeUint32(key[4*i:])
 	}
 	for ; i < len(enc); i++ {
 		t := enc[i-1]

src/crypto/aes/ctr_s390x.go

@@ -9,7 +9,7 @@ package aes
 import (
 	"crypto/cipher"
 	"crypto/internal/alias"
-	"encoding/binary"
+	"internal/byteorder"
 )
 
 // Assert that aesCipherAsm implements the ctrAble interface.
@@ -41,8 +41,8 @@ func (c *aesCipherAsm) NewCTR(iv []byte) cipher.Stream {
 	}
 	var ac aesctr
 	ac.block = c
-	ac.ctr[0] = binary.BigEndian.Uint64(iv[0:]) // high bits
-	ac.ctr[1] = binary.BigEndian.Uint64(iv[8:]) // low bits
+	ac.ctr[0] = byteorder.BeUint64(iv[0:]) // high bits
+	ac.ctr[1] = byteorder.BeUint64(iv[8:]) // low bits
 	ac.buffer = ac.storage[:0]
 	return &ac
 }
@@ -52,8 +52,8 @@ func (c *aesctr) refill() {
 	c.buffer = c.storage[:streamBufferSize]
 	c0, c1 := c.ctr[0], c.ctr[1]
 	for i := 0; i < streamBufferSize; i += 16 {
-		binary.BigEndian.PutUint64(c.buffer[i+0:], c0)
-		binary.BigEndian.PutUint64(c.buffer[i+8:], c1)
+		byteorder.BePutUint64(c.buffer[i+0:], c0)
+		byteorder.BePutUint64(c.buffer[i+8:], c1)
 
 		// Increment in big endian: c0 is high, c1 is low.
 		c1++

src/crypto/aes/gcm_ppc64x.go

@@ -9,8 +9,8 @@ package aes
 import (
 	"crypto/cipher"
 	"crypto/subtle"
-	"encoding/binary"
 	"errors"
+	"internal/byteorder"
 	"runtime"
 )
 
@@ -66,14 +66,14 @@ func (c *aesCipherAsm) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) {
 	// Reverse the bytes in each 8 byte chunk
 	// Load little endian, store big endian
 	if runtime.GOARCH == "ppc64le" {
-		h1 = binary.LittleEndian.Uint64(hle[:8])
-		h2 = binary.LittleEndian.Uint64(hle[8:])
+		h1 = byteorder.LeUint64(hle[:8])
+		h2 = byteorder.LeUint64(hle[8:])
 	} else {
-		h1 = binary.BigEndian.Uint64(hle[:8])
-		h2 = binary.BigEndian.Uint64(hle[8:])
+		h1 = byteorder.BeUint64(hle[:8])
+		h2 = byteorder.BeUint64(hle[8:])
 	}
-	binary.BigEndian.PutUint64(hle[:8], h1)
-	binary.BigEndian.PutUint64(hle[8:], h2)
+	byteorder.BePutUint64(hle[:8], h1)
+	byteorder.BePutUint64(hle[8:], h2)
 	gcmInit(&g.productTable, hle)
 
 	return g, nil
@@ -126,8 +126,8 @@ func (g *gcmAsm) counterCrypt(out, in []byte, counter *[gcmBlockSize]byte) {
 // increments the rightmost 32-bits of the count value by 1.
 func gcmInc32(counterBlock *[16]byte) {
 	c := counterBlock[len(counterBlock)-4:]
-	x := binary.BigEndian.Uint32(c) + 1
-	binary.BigEndian.PutUint32(c, x)
+	x := byteorder.BeUint32(c) + 1
+	byteorder.BePutUint32(c, x)
 }
 
 // paddedGHASH pads data with zeroes until its length is a multiple of

src/crypto/aes/gcm_s390x.go

@@ -10,8 +10,8 @@ import (
 	"crypto/cipher"
 	"crypto/internal/alias"
 	"crypto/subtle"
-	"encoding/binary"
 	"errors"
+	"internal/byteorder"
 	"internal/cpu"
 )
 
@@ -25,14 +25,14 @@ type gcmCount [16]byte
 
 // inc increments the rightmost 32-bits of the count value by 1.
 func (x *gcmCount) inc() {
-	binary.BigEndian.PutUint32(x[len(x)-4:], binary.BigEndian.Uint32(x[len(x)-4:])+1)
+	byteorder.BePutUint32(x[len(x)-4:], byteorder.BeUint32(x[len(x)-4:])+1)
 }
 
 // gcmLengths writes len0 || len1 as big-endian values to a 16-byte array.
 func gcmLengths(len0, len1 uint64) [16]byte {
 	v := [16]byte{}
-	binary.BigEndian.PutUint64(v[0:], len0)
-	binary.BigEndian.PutUint64(v[8:], len1)
+	byteorder.BePutUint64(v[0:], len0)
+	byteorder.BePutUint64(v[8:], len1)
 	return v
 }
 

src/crypto/cipher/gcm.go

@@ -7,8 +7,8 @@ package cipher
 import (
 	"crypto/internal/alias"
 	"crypto/subtle"
-	"encoding/binary"
 	"errors"
+	"internal/byteorder"
 )
 
 // AEAD is a cipher mode providing authenticated encryption with associated
@@ -137,8 +137,8 @@ func newGCMWithNonceAndTagSize(cipher Block, nonceSize, tagSize int) (AEAD, erro
 	// would expect, say, 4*key to be in index 4 of the table but due to
 	// this bit ordering it will actually be in index 0010 (base 2) = 2.
 	x := gcmFieldElement{
-		binary.BigEndian.Uint64(key[:8]),
-		binary.BigEndian.Uint64(key[8:]),
+		byteorder.BeUint64(key[:8]),
+		byteorder.BeUint64(key[8:]),
 	}
 	g.productTable[reverseBits(1)] = x
 
@@ -321,8 +321,8 @@ func (g *gcm) mul(y *gcmFieldElement) {
 // Horner's rule. There must be a multiple of gcmBlockSize bytes in blocks.
 func (g *gcm) updateBlocks(y *gcmFieldElement, blocks []byte) {
 	for len(blocks) > 0 {
-		y.low ^= binary.BigEndian.Uint64(blocks)
-		y.high ^= binary.BigEndian.Uint64(blocks[8:])
+		y.low ^= byteorder.BeUint64(blocks)
+		y.high ^= byteorder.BeUint64(blocks[8:])
 		g.mul(y)
 		blocks = blocks[gcmBlockSize:]
 	}
@@ -345,7 +345,7 @@ func (g *gcm) update(y *gcmFieldElement, data []byte) {
 // and increments it.
 func gcmInc32(counterBlock *[16]byte) {
 	ctr := counterBlock[len(counterBlock)-4:]
-	binary.BigEndian.PutUint32(ctr, binary.BigEndian.Uint32(ctr)+1)
+	byteorder.BePutUint32(ctr, byteorder.BeUint32(ctr)+1)
 }
 
 // sliceForAppend takes a slice and a requested number of bytes. It returns a
@@ -401,8 +401,8 @@ func (g *gcm) deriveCounter(counter *[gcmBlockSize]byte, nonce []byte) {
 		g.update(&y, nonce)
 		y.high ^= uint64(len(nonce)) * 8
 		g.mul(&y)
-		binary.BigEndian.PutUint64(counter[:8], y.low)
-		binary.BigEndian.PutUint64(counter[8:], y.high)
+		byteorder.BePutUint64(counter[:8], y.low)
+		byteorder.BePutUint64(counter[8:], y.high)
 	}
 }
 
@@ -418,8 +418,8 @@ func (g *gcm) auth(out, ciphertext, additionalData []byte, tagMask *[gcmTagSize]
 
 	g.mul(&y)
 
-	binary.BigEndian.PutUint64(out, y.low)
-	binary.BigEndian.PutUint64(out[8:], y.high)
+	byteorder.BePutUint64(out, y.low)
+	byteorder.BePutUint64(out[8:], y.high)
 
 	subtle.XORBytes(out, out, tagMask[:])
 }

src/crypto/des/block.go

@@ -5,12 +5,12 @@
 package des
 
 import (
-	"encoding/binary"
+	"internal/byteorder"
 	"sync"
 )
 
 func cryptBlock(subkeys []uint64, dst, src []byte, decrypt bool) {
-	b := binary.BigEndian.Uint64(src)
+	b := byteorder.BeUint64(src)
 	b = permuteInitialBlock(b)
 	left, right := uint32(b>>32), uint32(b)
 
@@ -32,7 +32,7 @@ func cryptBlock(subkeys []uint64, dst, src []byte, decrypt bool) {
 
 	// switch left & right and perform final permutation
 	preOutput := (uint64(right) << 32) | uint64(left)
-	binary.BigEndian.PutUint64(dst, permuteFinalBlock(preOutput))
+	byteorder.BePutUint64(dst, permuteFinalBlock(preOutput))
 }
 
 // DES Feistel function. feistelBox must be initialized via
@@ -218,7 +218,7 @@ func (c *desCipher) generateSubkeys(keyBytes []byte) {
 	feistelBoxOnce.Do(initFeistelBox)
 
 	// apply PC1 permutation to key
-	key := binary.BigEndian.Uint64(keyBytes)
+	key := byteorder.BeUint64(keyBytes)
 	permutedKey := permuteBlock(key, permutedChoice1[:])
 
 	// rotate halves of permuted key according to the rotation schedule

src/crypto/des/cipher.go

@@ -7,7 +7,7 @@ package des
 import (
 	"crypto/cipher"
 	"crypto/internal/alias"
-	"encoding/binary"
+	"internal/byteorder"
 	"strconv"
 )
 
@@ -95,7 +95,7 @@ func (c *tripleDESCipher) Encrypt(dst, src []byte) {
 		panic("crypto/des: invalid buffer overlap")
 	}
 
-	b := binary.BigEndian.Uint64(src)
+	b := byteorder.BeUint64(src)
 	b = permuteInitialBlock(b)
 	left, right := uint32(b>>32), uint32(b)
 
@@ -116,7 +116,7 @@ func (c *tripleDESCipher) Encrypt(dst, src []byte) {
 	right = (right << 31) | (right >> 1)
 
 	preOutput := (uint64(right) << 32) | uint64(left)
-	binary.BigEndian.PutUint64(dst, permuteFinalBlock(preOutput))
+	byteorder.BePutUint64(dst, permuteFinalBlock(preOutput))
 }
 
 func (c *tripleDESCipher) Decrypt(dst, src []byte) {
@@ -130,7 +130,7 @@ func (c *tripleDESCipher) Decrypt(dst, src []byte) {
 		panic("crypto/des: invalid buffer overlap")
 	}
 
-	b := binary.BigEndian.Uint64(src)
+	b := byteorder.BeUint64(src)
 	b = permuteInitialBlock(b)
 	left, right := uint32(b>>32), uint32(b)
 
@@ -151,5 +151,5 @@ func (c *tripleDESCipher) Decrypt(dst, src []byte) {
 	right = (right << 31) | (right >> 1)
 
 	preOutput := (uint64(right) << 32) | uint64(left)
-	binary.BigEndian.PutUint64(dst, permuteFinalBlock(preOutput))
+	byteorder.BePutUint64(dst, permuteFinalBlock(preOutput))
 }

src/crypto/ecdh/nist.go

@@ -8,8 +8,8 @@ import (
 	"crypto/internal/boring"
 	"crypto/internal/nistec"
 	"crypto/internal/randutil"
-	"encoding/binary"
 	"errors"
+	"internal/byteorder"
 	"io"
 	"math/bits"
 )
@@ -156,7 +156,7 @@ func isLess(a, b []byte) bool {
 	// Perform a subtraction with borrow.
 	var borrow uint64
 	for i := 0; i < len(bufA); i += 8 {
-		limbA, limbB := binary.LittleEndian.Uint64(bufA[i:]), binary.LittleEndian.Uint64(bufB[i:])
+		limbA, limbB := byteorder.LeUint64(bufA[i:]), byteorder.LeUint64(bufB[i:])
 		_, borrow = bits.Sub64(limbA, limbB, borrow)
 	}
 

src/crypto/internal/bigmod/nat.go

@@ -5,8 +5,8 @@
 package bigmod
 
 import (
-	"encoding/binary"
 	"errors"
+	"internal/byteorder"
 	"math/big"
 	"math/bits"
 )
@@ -170,9 +170,9 @@ func (x *Nat) SetOverflowingBytes(b []byte, m *Modulus) (*Nat, error) {
 // big-endian encoded uint value.
 func bigEndianUint(buf []byte) uint {
 	if _W == 64 {
-		return uint(binary.BigEndian.Uint64(buf))
+		return uint(byteorder.BeUint64(buf))
 	}
-	return uint(binary.BigEndian.Uint32(buf))
+	return uint(byteorder.BeUint32(buf))
 }
 
 func (x *Nat) setBytes(b []byte, m *Modulus) error {