Release v0.1.0

vendor/github.com/aead/siphash/.gitignore

@@ -0,0 +1,25 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+.vscode
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof

vendor/github.com/aead/siphash/.travis.yml

@@ -0,0 +1,15 @@
+language: go
+
+go:
+  - "1.6.x"
+  - "1.7.x"
+  - "1.8.x"
+  - "1.9.x"
+  - "1.10.x"
+
+env:
+  - TRAVIS_GOARCH=amd64
+  - TRAVIS_GOARCH=386 
+
+before_install:
+  - export GOARCH=$TRAVIS_GOARCH

vendor/github.com/aead/siphash/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Andreas Auernhammer
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

vendor/github.com/aead/siphash/README.md

@@ -0,0 +1,55 @@
+[![Godoc Reference](https://godoc.org/github.com/aead/siphash?status.svg)](https://godoc.org/github.com/aead/siphash)
+[![Build Status](https://travis-ci.org/aead/siphash.svg?branch=master)](https://travis-ci.org/aead/siphash)
+
+## The SipHash pseudo-random function
+
+SipHash is a family of pseudo-random functions (a.k.a. keyed hash functions) optimized for speed on short messages.  
+SipHash computes a 64-bit or 128 bit message authentication code from a variable-length message and 128-bit secret key.
+This implementation uses the recommended parameters c=2 and d=4.
+
+### Installation
+Install in your GOPATH: `go get -u github.com/aead/siphash`  
+
+### Performance
+**AMD64**  
+Hardware: Intel i7-6500U 2.50GHz x 2  
+System: Linux Ubuntu 16.04 - kernel: 4.4.0-67-generic  
+Go version: 1.8.0  
+```
+name         speed           cpb
+Write_8-4     688MB/s ± 0%   3.47
+Write_1K-4   2.09GB/s ± 5%   1.11
+Sum64_8-4     244MB/s ± 1%   9.77
+Sum64_1K-4   2.06GB/s ± 0%   1.13
+Sum128_8-4    189MB/s ± 0%  12.62
+Sum128_1K-4  2.03GB/s ± 0%   1.15
+```
+
+**386**  
+Hardware: Intel i7-6500U 2.50GHz x 2 - SSE2 SIMD  
+System: Linux Ubuntu 16.04 - kernel: 4.4.0-67-generic  
+Go version: 1.8.0  
+```
+name         speed           cpb
+Write_8-4     434MB/s ± 2%   5.44
+Write_1K-4   1.24GB/s ± 1%   1.88
+Sum64_8-4    92.6MB/s ± 4%  25.92
+Sum64_1K-4   1.15GB/s ± 1%   2.03
+Sum128_8-4   61.5MB/s ± 5%  39.09
+Sum128_1K-4  1.10GB/s ± 0%   2.12
+```
+
+**ARM**  
+Hardware: ARM-Cortex-A7 (ARMv7) 1GHz (912MHz) x 2  
+System:  Linux Ubuntu 14.04.1 - kernel: 3.4.112-sun7i  
+Go version: 1.7.4  
+
+```
+name         speed           cpb
+Write_8-2    43.4MB/s ± 2%  21.97
+Write_1K-2    125MB/s ± 1%   7.63
+Sum64_8-2    6.51MB/s ± 1% 146.49
+Sum64_1K-2    111MB/s ± 1%   8.59 
+Sum128_8-2   3.82MB/s ± 2% 249.65
+Sum128_1K-2   101MB/s ± 1%   9.44
+```

vendor/github.com/aead/siphash/siphash.go

@@ -0,0 +1,157 @@
+// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// Package siphash implements the SipHash-64 and SipHash-128
+// pseudo-random-functions - with the recommended parameters:
+// c = 2 and d = 4.
+// SipHash computes a message authentication code (MAC) from a
+// variable-length message and a 128 bit secret key. SipHash
+// was designed to be efficient, even for short inputs, with
+// performance comparable to non-cryptographic hash functions.
+//
+//
+// Security
+//
+// SipHash cannot be used as a cryptographic hash function.
+// Neither SipHash-64 nor SipHash-128 are strong collision
+// resistant.
+//
+//
+// Recommendations
+//
+// SipHash was designed to defend hash flooding DoS attacks.
+// SipHash-64 can be used as hashing scheme within hash maps
+// or other key-value data structures.
+// SipHash-128 can be used to compute a 128 bit authentication
+// tag for messages.
+package siphash // import "github.com/aead/siphash"
+
+import (
+	"encoding/binary"
+	"hash"
+	"strconv"
+)
+
+const (
+	// KeySize is the size of the SipHash secret key in bytes.
+	KeySize = 16
+	// BlockSize is the block size of SipHash in bytes.
+	BlockSize = 8
+)
+
+const (
+	c0 = 0x736f6d6570736575
+	c1 = 0x646f72616e646f6d
+	c2 = 0x6c7967656e657261
+	c3 = 0x7465646279746573
+)
+
+type KeySizeError uint
+
+func (k KeySizeError) Error() string {
+	return "siphash: invalid key size " + strconv.Itoa(int(k))
+}
+
+// Sum64 returns the 64 bit authenticator for msg using a 128 bit secret key.
+func Sum64(msg []byte, key *[KeySize]byte) uint64 {
+	k0 := binary.LittleEndian.Uint64(key[0:])
+	k1 := binary.LittleEndian.Uint64(key[8:])
+
+	var hVal [4]uint64
+	hVal[0] = k0 ^ c0
+	hVal[1] = k1 ^ c1
+	hVal[2] = k0 ^ c2
+	hVal[3] = k1 ^ c3
+
+	n := len(msg)
+	ctr := byte(n)
+
+	if n >= BlockSize {
+		n &= (^(BlockSize - 1))
+		core(&hVal, msg[:n])
+		msg = msg[n:]
+	}
+
+	var block [BlockSize]byte
+	copy(block[:], msg)
+	block[7] = ctr
+
+	return finalize64(&hVal, &block)
+}
+
+// New64 returns a hash.Hash64 computing the SipHash-64 checksum.
+// This function returns a non-nil error if len(key) != 16.
+func New64(key []byte) (hash.Hash64, error) {
+	if k := len(key); k != KeySize {
+		return nil, KeySizeError(k)
+	}
+	h := new(digest64)
+	h.key[0] = binary.LittleEndian.Uint64(key)
+	h.key[1] = binary.LittleEndian.Uint64(key[8:])
+	h.Reset()
+	return h, nil
+}
+
+type digest64 struct {
+	hVal  [4]uint64
+	key   [2]uint64
+	block [BlockSize]byte
+	off   int
+	ctr   byte
+}
+
+func (d *digest64) BlockSize() int { return BlockSize }
+
+func (d *digest64) Size() int { return 8 }
+
+func (d *digest64) Reset() {
+	d.hVal[0] = d.key[0] ^ c0
+	d.hVal[1] = d.key[1] ^ c1
+	d.hVal[2] = d.key[0] ^ c2
+	d.hVal[3] = d.key[1] ^ c3
+
+	d.off = 0
+	d.ctr = 0
+}
+
+func (d *digest64) Write(p []byte) (n int, err error) {
+	n = len(p)
+	d.ctr += byte(n)
+
+	if d.off > 0 {
+		dif := BlockSize - d.off
+		if n < dif {
+			d.off += copy(d.block[d.off:], p)
+			return
+		}
+		copy(d.block[d.off:], p[:dif])
+		core(&(d.hVal), d.block[:])
+		p = p[dif:]
+		d.off = 0
+	}
+	if nn := len(p) &^ (BlockSize - 1); nn >= BlockSize {
+		core(&(d.hVal), p[:nn])
+		p = p[nn:]
+	}
+	if len(p) > 0 {
+		d.off = copy(d.block[:], p)
+	}
+	return n, nil
+}
+
+func (d *digest64) Sum64() uint64 {
+	hVal := d.hVal
+	block := d.block
+	for i := d.off; i < BlockSize-1; i++ {
+		block[i] = 0
+	}
+	block[7] = d.ctr
+	return finalize64(&hVal, &block)
+}
+
+func (d *digest64) Sum(sum []byte) []byte {
+	var out [8]byte
+	binary.LittleEndian.PutUint64(out[:], d.Sum64())
+	return append(sum, out[:]...)
+}

vendor/github.com/aead/siphash/siphash128.go

@@ -0,0 +1,106 @@
+// Copyright (c) 2017 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+package siphash
+
+import (
+	"encoding/binary"
+	"hash"
+)
+
+// Sum128 returns the 128 bit authenticator for msg using a 128 bit secret key.
+func Sum128(msg []byte, key *[KeySize]byte) [16]byte {
+	k0 := binary.LittleEndian.Uint64(key[0:])
+	k1 := binary.LittleEndian.Uint64(key[8:])
+
+	var hVal [4]uint64
+	hVal[0] = k0 ^ c0
+	hVal[1] = k1 ^ c1 ^ 0xee
+	hVal[2] = k0 ^ c2
+	hVal[3] = k1 ^ c3
+
+	n := len(msg)
+	ctr := byte(n)
+
+	if n >= BlockSize {
+		n &= (^(BlockSize - 1))
+		core(&hVal, msg[:n])
+		msg = msg[n:]
+	}
+
+	var block [BlockSize]byte
+	copy(block[:], msg)
+	block[7] = ctr
+
+	var out [16]byte
+	finalize128(&out, &hVal, &block)
+	return out
+}
+
+// New128 returns a hash.Hash computing the SipHash-128 checksum.
+// This function returns a non-nil error if len(key) != 16.
+func New128(key []byte) (hash.Hash, error) {
+	if k := len(key); k != KeySize {
+		return nil, KeySizeError(k)
+	}
+	h := new(digest128)
+	h.key[0] = binary.LittleEndian.Uint64(key)
+	h.key[1] = binary.LittleEndian.Uint64(key[8:])
+	h.Reset()
+	return h, nil
+}
+
+type digest128 digest64
+
+func (d *digest128) BlockSize() int { return BlockSize }
+
+func (d *digest128) Size() int { return 16 }
+
+func (d *digest128) Reset() {
+	d.hVal[0] = d.key[0] ^ c0
+	d.hVal[1] = d.key[1] ^ c1 ^ 0xee
+	d.hVal[2] = d.key[0] ^ c2
+	d.hVal[3] = d.key[1] ^ c3
+
+	d.off = 0
+	d.ctr = 0
+}
+
+func (d *digest128) Write(p []byte) (n int, err error) {
+	n = len(p)
+	d.ctr += byte(n)
+
+	if d.off > 0 {
+		dif := BlockSize - d.off
+		if n < dif {
+			d.off += copy(d.block[d.off:], p)
+			return
+		}
+		copy(d.block[d.off:], p[:dif])
+		core(&(d.hVal), d.block[:])
+		p = p[dif:]
+		d.off = 0
+	}
+	if nn := len(p) &^ (BlockSize - 1); nn >= BlockSize {
+		core(&(d.hVal), p[:nn])
+		p = p[nn:]
+	}
+	if len(p) > 0 {
+		d.off = copy(d.block[:], p)
+	}
+	return n, nil
+}
+
+func (d *digest128) Sum(sum []byte) []byte {
+	hVal := d.hVal
+	block := d.block
+	for i := d.off; i < BlockSize-1; i++ {
+		block[i] = 0
+	}
+	block[7] = d.ctr
+
+	var out [16]byte
+	finalize128(&out, &hVal, &block)
+	return append(sum, out[:]...)
+}

vendor/github.com/aead/siphash/siphash_386.go

@@ -0,0 +1,31 @@
+// Copyright (c) 2017 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// +build 386, !gccgo, !appengine
+
+package siphash
+
+var useSSE2 = supportsSSE2()
+
+//go:noescape
+func supportsSSE2() bool
+
+//go:noescape
+func coreSSE2(hVal *[4]uint64, msg []byte)
+
+func core(hVal *[4]uint64, msg []byte) {
+	if useSSE2 {
+		coreSSE2(hVal, msg)
+	} else {
+		genericCore(hVal, msg)
+	}
+}
+
+func finalize64(hVal *[4]uint64, block *[BlockSize]byte) uint64 {
+	return genericFinalize64(hVal, block)
+}
+
+func finalize128(tag *[16]byte, hVal *[4]uint64, block *[BlockSize]byte) {
+	genericFinalize128(tag, hVal, block)
+}

vendor/github.com/aead/siphash/siphash_386.s

@@ -0,0 +1,65 @@
+// Copyright (c) 2017 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// +build 386, !gccgo, !appengine
+
+#define ROTL(n, t, v) \
+ 	MOVO v, t; \
+	PSLLQ $n, t; \
+	PSRLQ $(64-n), v; \
+	PXOR t, v
+
+#define ROUND(v0, v1, v2, v3, t0, t1) \
+    PADDQ v1, v0; \
+    PADDQ v3, v2;  \
+    ROTL(13, t0, v1); \
+    ROTL(16, t1, v3); \
+    PXOR v0, v1; \
+    PXOR v2, v3; \
+    PSHUFD $0xE1, v0, v0; \
+    PADDQ v1, v2; \
+    PADDQ v3, v0;  \
+    ROTL(17, t0, v1); \
+    ROTL(21, t1, v3); \
+    PXOR v2, v1; \
+    PXOR v0, v3; \
+    PSHUFD $0xE1, v2, v2
+
+// coreSSE2(hVal *[4]uint64, msg []byte)
+TEXT ·coreSSE2(SB), 4, $0-16
+	MOVL hVal+0(FP), AX
+	MOVL msg_base+4(FP), SI
+	MOVL msg_len+8(FP), BX
+	MOVQ 0(AX), X0
+	MOVQ 8(AX), X1
+	MOVQ 16(AX), X2
+	MOVQ 24(AX), X3
+    PXOR X6, X6
+	ANDL $-8, BX
+
+loop:
+	MOVQ 0(SI), X6
+	PXOR X6, X3
+	ROUND(X0, X1, X2, X3, X4, X5)
+	ROUND(X0, X1, X2, X3, X4, X5)
+	PXOR X6, X0
+
+	LEAL 8(SI), SI
+	SUBL $8, BX
+	JNZ  loop
+
+	MOVQ X0, 0(AX)
+	MOVQ X1, 8(AX)
+	MOVQ X2, 16(AX)
+	MOVQ X3, 24(AX)
+	RET
+
+// func supportsSSE2() bool
+TEXT ·supportsSSE2(SB), 4, $0-1
+	MOVL $1, AX
+	CPUID
+	SHRL $26, DX
+	ANDL $1, DX        // DX != 0 if support SSE2
+	MOVB DX, ret+0(FP)
+	RET

vendor/github.com/aead/siphash/siphash_amd64.go

@@ -0,0 +1,18 @@
+// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// +build amd64, !gccgo, !appengine
+
+package siphash
+
+//go:noescape
+func core(hVal *[4]uint64, msg []byte)
+
+func finalize64(hVal *[4]uint64, block *[BlockSize]byte) uint64 {
+	return genericFinalize64(hVal, block)
+}
+
+func finalize128(tag *[16]byte, hVal *[4]uint64, block *[BlockSize]byte) {
+	genericFinalize128(tag, hVal, block)
+}

vendor/github.com/aead/siphash/siphash_amd64.s

@@ -0,0 +1,49 @@
+// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// +build amd64, !gccgo, !appengine
+
+#define ROUND(v0, v1, v2, v3) \
+	ADDQ v1, v0;  \
+	ADDQ v3, v2;  \
+	ROLQ $13, v1; \
+	ROLQ $16, v3; \
+	XORQ v0, v1;  \
+	XORQ v2, v3;  \
+	ROLQ $32, v0; \
+	ADDQ v1, v2;  \
+	ADDQ v3, v0;  \
+	ROLQ $17, v1; \
+	ROLQ $21, v3; \
+	XORQ v2, v1;  \
+	XORQ v0, v3;  \
+	ROLQ $32, v2
+
+// core(hVal *[4]uint64, msg []byte)
+TEXT ·core(SB), 4, $0-32
+	MOVQ hVal+0(FP), AX
+	MOVQ msg_base+8(FP), SI
+	MOVQ msg_len+16(FP), BX
+	MOVQ 0(AX), R9
+	MOVQ 8(AX), R10
+	MOVQ 16(AX), R11
+	MOVQ 24(AX), R12
+	ANDQ $-8, BX
+
+loop:
+	MOVQ 0(SI), DX
+	XORQ DX, R12
+	ROUND(R9, R10, R11, R12)
+	ROUND(R9, R10, R11, R12)
+	XORQ DX, R9
+
+	LEAQ 8(SI), SI
+	SUBQ $8, BX
+	JNZ  loop
+
+	MOVQ R9, 0(AX)
+	MOVQ R10, 8(AX)
+	MOVQ R11, 16(AX)
+	MOVQ R12, 24(AX)
+	RET

vendor/github.com/aead/siphash/siphash_generic.go

@@ -0,0 +1,188 @@
+// Copyright (c) 2017 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+package siphash
+
+import "encoding/binary"
+
+func genericCore(hVal *[4]uint64, msg []byte) {
+	v0, v1, v2, v3 := hVal[0], hVal[1], hVal[2], hVal[3]
+
+	for len(msg) > 0 {
+		m := binary.LittleEndian.Uint64(msg)
+		msg = msg[BlockSize:]
+
+		v3 ^= m
+
+		v0 += v1
+		v1 = v1<<13 | v1>>(64-13)
+		v1 ^= v0
+		v0 = v0<<32 | v0>>(64-32)
+		v2 += v3
+		v3 = v3<<16 | v3>>(64-16)
+		v3 ^= v2
+		v0 += v3
+		v3 = v3<<21 | v3>>(64-21)
+		v3 ^= v0
+		v2 += v1
+		v1 = v1<<17 | v1>>(64-17)
+		v1 ^= v2
+		v2 = v2<<32 | v2>>(64-32)
+
+		v0 += v1
+		v1 = v1<<13 | v1>>(64-13)
+		v1 ^= v0
+		v0 = v0<<32 | v0>>(64-32)
+		v2 += v3
+		v3 = v3<<16 | v3>>(64-16)
+		v3 ^= v2
+		v0 += v3
+		v3 = v3<<21 | v3>>(64-21)
+		v3 ^= v0
+		v2 += v1
+		v1 = v1<<17 | v1>>(64-17)
+		v1 ^= v2
+		v2 = v2<<32 | v2>>(64-32)
+
+		v0 ^= m
+	}
+
+	hVal[0], hVal[1], hVal[2], hVal[3] = v0, v1, v2, v3
+}
+
+func genericFinalize64(hVal *[4]uint64, block *[BlockSize]byte) uint64 {
+	v0, v1, v2, v3 := hVal[0], hVal[1], hVal[2], hVal[3]
+
+	m := binary.LittleEndian.Uint64(block[:])
+	v3 ^= m
+
+	v0 += v1
+	v1 = v1<<13 | v1>>(64-13)
+	v1 ^= v0
+	v0 = v0<<32 | v0>>(64-32)
+	v2 += v3
+	v3 = v3<<16 | v3>>(64-16)
+	v3 ^= v2
+	v0 += v3
+	v3 = v3<<21 | v3>>(64-21)
+	v3 ^= v0
+	v2 += v1
+	v1 = v1<<17 | v1>>(64-17)
+	v1 ^= v2
+	v2 = v2<<32 | v2>>(64-32)
+
+	v0 += v1
+	v1 = v1<<13 | v1>>(64-13)
+	v1 ^= v0
+	v0 = v0<<32 | v0>>(64-32)
+	v2 += v3
+	v3 = v3<<16 | v3>>(64-16)
+	v3 ^= v2
+	v0 += v3
+	v3 = v3<<21 | v3>>(64-21)
+	v3 ^= v0
+	v2 += v1
+	v1 = v1<<17 | v1>>(64-17)
+	v1 ^= v2
+	v2 = v2<<32 | v2>>(64-32)
+
+	v0 ^= m
+
+	v2 ^= 0xff
+	for i := 0; i < 4; i++ {
+		v0 += v1
+		v1 = v1<<13 | v1>>(64-13)
+		v1 ^= v0
+		v0 = v0<<32 | v0>>(64-32)
+		v2 += v3
+		v3 = v3<<16 | v3>>(64-16)
+		v3 ^= v2
+		v0 += v3
+		v3 = v3<<21 | v3>>(64-21)
+		v3 ^= v0
+		v2 += v1
+		v1 = v1<<17 | v1>>(64-17)
+		v1 ^= v2
+		v2 = v2<<32 | v2>>(64-32)
+	}
+	return v0 ^ v1 ^ v2 ^ v3
+}
+
+func genericFinalize128(tag *[16]byte, hVal *[4]uint64, block *[BlockSize]byte) {
+	v0, v1, v2, v3 := hVal[0], hVal[1], hVal[2], hVal[3]
+
+	m := binary.LittleEndian.Uint64(block[:])
+
+	v3 ^= m
+
+	v0 += v1
+	v1 = v1<<13 | v1>>(64-13)
+	v1 ^= v0
+	v0 = v0<<32 | v0>>(64-32)
+	v2 += v3
+	v3 = v3<<16 | v3>>(64-16)
+	v3 ^= v2
+	v0 += v3
+	v3 = v3<<21 | v3>>(64-21)
+	v3 ^= v0
+	v2 += v1
+	v1 = v1<<17 | v1>>(64-17)
+	v1 ^= v2
+	v2 = v2<<32 | v2>>(64-32)
+
+	v0 += v1
+	v1 = v1<<13 | v1>>(64-13)
+	v1 ^= v0
+	v0 = v0<<32 | v0>>(64-32)
+	v2 += v3
+	v3 = v3<<16 | v3>>(64-16)
+	v3 ^= v2
+	v0 += v3
+	v3 = v3<<21 | v3>>(64-21)
+	v3 ^= v0
+	v2 += v1
+	v1 = v1<<17 | v1>>(64-17)
+	v1 ^= v2
+	v2 = v2<<32 | v2>>(64-32)
+
+	v0 ^= m
+
+	v2 ^= 0xee
+	for i := 0; i < 4; i++ {
+		v0 += v1
+		v1 = v1<<13 | v1>>(64-13)
+		v1 ^= v0
+		v0 = v0<<32 | v0>>(64-32)
+		v2 += v3
+		v3 = v3<<16 | v3>>(64-16)
+		v3 ^= v2
+		v0 += v3
+		v3 = v3<<21 | v3>>(64-21)
+		v3 ^= v0
+		v2 += v1
+		v1 = v1<<17 | v1>>(64-17)
+		v1 ^= v2
+		v2 = v2<<32 | v2>>(64-32)
+	}
+	binary.LittleEndian.PutUint64(tag[:], v0^v1^v2^v3)
+
+	v1 ^= 0xdd
+	for i := 0; i < 4; i++ {
+		v0 += v1
+		v1 = v1<<13 | v1>>(64-13)
+		v1 ^= v0
+		v0 = v0<<32 | v0>>(64-32)
+		v2 += v3
+		v3 = v3<<16 | v3>>(64-16)
+		v3 ^= v2
+		v0 += v3
+		v3 = v3<<21 | v3>>(64-21)
+		v3 ^= v0
+		v2 += v1
+		v1 = v1<<17 | v1>>(64-17)
+		v1 ^= v2
+		v2 = v2<<32 | v2>>(64-32)
+	}
+	binary.LittleEndian.PutUint64(tag[8:], v0^v1^v2^v3)
+}

vendor/github.com/aead/siphash/siphash_ref.go

@@ -0,0 +1,19 @@
+// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// +build !amd64,!386 gccgo appengine nacl
+
+package siphash
+
+func core(hVal *[4]uint64, msg []byte) {
+	genericCore(hVal, msg)
+}
+
+func finalize64(hVal *[4]uint64, block *[BlockSize]byte) uint64 {
+	return genericFinalize64(hVal, block)
+}
+
+func finalize128(tag *[16]byte, hVal *[4]uint64, block *[BlockSize]byte) {
+	genericFinalize128(tag, hVal, block)
+}