grpc 1.26.0 → 1.30.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (1240) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +7860 -11139
  3. data/etc/roots.pem +44 -0
  4. data/include/grpc/grpc.h +2 -2
  5. data/include/grpc/grpc_security.h +59 -24
  6. data/include/grpc/grpc_security_constants.h +28 -0
  7. data/include/grpc/impl/codegen/grpc_types.h +38 -21
  8. data/include/grpc/impl/codegen/port_platform.h +14 -3
  9. data/include/grpc/impl/codegen/sync.h +5 -3
  10. data/include/grpc/impl/codegen/sync_abseil.h +36 -0
  11. data/include/grpc/module.modulemap +25 -37
  12. data/include/grpc/support/sync_abseil.h +26 -0
  13. data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
  14. data/src/core/ext/filters/client_channel/client_channel.cc +273 -264
  15. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +31 -47
  16. data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -3
  17. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
  18. data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
  19. data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
  20. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
  21. data/src/core/ext/filters/client_channel/http_proxy.cc +25 -15
  22. data/src/core/ext/filters/client_channel/lb_policy.cc +20 -18
  23. data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
  24. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
  25. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
  26. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
  27. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
  28. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +423 -627
  29. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
  30. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
  31. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
  32. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
  33. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +88 -121
  34. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +28 -57
  35. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +18 -21
  36. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
  37. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +10 -14
  38. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -11
  39. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
  40. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +150 -101
  41. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
  42. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
  43. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
  44. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
  45. data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -3
  46. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +49 -77
  47. data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
  48. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
  49. data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
  50. data/src/core/ext/filters/client_channel/resolver.cc +5 -8
  51. data/src/core/ext/filters/client_channel/resolver.h +12 -14
  52. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +129 -128
  53. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
  54. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
  55. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +17 -21
  56. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +5 -5
  57. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
  58. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +186 -135
  59. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
  60. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
  61. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +42 -45
  62. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +94 -103
  63. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
  64. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +5 -5
  65. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +61 -10
  66. data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
  67. data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
  68. data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
  69. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +242 -300
  70. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +21 -18
  71. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +56 -206
  72. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +11 -14
  73. data/src/core/ext/filters/client_channel/server_address.cc +6 -9
  74. data/src/core/ext/filters/client_channel/server_address.h +6 -12
  75. data/src/core/ext/filters/client_channel/service_config.cc +144 -253
  76. data/src/core/ext/filters/client_channel/service_config.h +32 -109
  77. data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
  78. data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
  79. data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
  80. data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
  81. data/src/core/ext/filters/client_channel/subchannel.h +35 -11
  82. data/src/core/ext/filters/client_channel/xds/xds_api.cc +1556 -232
  83. data/src/core/ext/filters/client_channel/xds/xds_api.h +213 -114
  84. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +237 -345
  85. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +34 -46
  86. data/src/core/ext/filters/client_channel/xds/xds_channel.h +3 -1
  87. data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +18 -11
  88. data/src/core/ext/filters/client_channel/xds/xds_client.cc +1326 -399
  89. data/src/core/ext/filters/client_channel/xds/xds_client.h +124 -41
  90. data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +59 -138
  91. data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +133 -154
  92. data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
  93. data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
  94. data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
  95. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
  96. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
  97. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
  98. data/src/core/ext/filters/message_size/message_size_filter.cc +38 -44
  99. data/src/core/ext/filters/message_size/message_size_filter.h +5 -5
  100. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +7 -10
  101. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
  102. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +28 -29
  103. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
  104. data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
  105. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
  106. data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
  107. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
  108. data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
  109. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
  110. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
  111. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
  112. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
  113. data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
  114. data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
  115. data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
  116. data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
  117. data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
  118. data/src/core/ext/transport/chttp2/transport/writing.cc +16 -9
  119. data/src/core/ext/transport/inproc/inproc_transport.cc +41 -42
  120. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +17 -0
  121. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +30 -0
  122. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +27 -0
  123. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +54 -0
  124. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +5 -205
  125. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -788
  126. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
  127. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
  128. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
  129. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
  130. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
  131. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
  132. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +5 -362
  133. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +14 -1337
  134. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +403 -0
  135. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +1447 -0
  136. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +30 -8
  137. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +60 -0
  138. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +2 -0
  139. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +2 -0
  140. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +7 -4
  141. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +6 -2
  142. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
  143. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
  144. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +87 -23
  145. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +262 -62
  146. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +20 -15
  147. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +46 -32
  148. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
  149. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
  150. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +27 -4
  151. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +70 -0
  152. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +46 -25
  153. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +98 -25
  154. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +2 -0
  155. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +77 -21
  156. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +201 -4
  157. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
  158. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
  159. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -0
  160. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +8 -68
  161. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +14 -201
  162. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +92 -0
  163. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +240 -0
  164. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +2 -71
  165. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +3 -228
  166. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +91 -0
  167. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +266 -0
  168. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +2 -0
  169. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +31 -0
  170. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +53 -0
  171. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +109 -0
  172. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +399 -0
  173. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +18 -0
  174. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +33 -0
  175. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +145 -0
  176. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +527 -0
  177. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +43 -0
  178. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +112 -0
  179. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +30 -0
  180. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +53 -0
  181. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +63 -0
  182. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +199 -0
  183. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +18 -0
  184. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +33 -0
  185. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +815 -0
  186. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +3032 -0
  187. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +59 -0
  188. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +134 -0
  189. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +28 -0
  190. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +53 -0
  191. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +228 -0
  192. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +725 -0
  193. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +316 -0
  194. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +1132 -0
  195. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +33 -0
  196. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +65 -0
  197. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
  198. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
  199. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
  200. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
  201. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
  202. data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
  203. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +63 -0
  204. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +144 -0
  205. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +53 -0
  206. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +133 -0
  207. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +88 -0
  208. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +258 -0
  209. data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
  210. data/src/core/ext/upb-generated/envoy/type/range.upb.c +12 -0
  211. data/src/core/ext/upb-generated/envoy/type/range.upb.h +27 -0
  212. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +29 -0
  213. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +62 -0
  214. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +89 -0
  215. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +249 -0
  216. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
  217. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
  218. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +30 -27
  219. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +64 -52
  220. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +13 -5
  221. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +34 -0
  222. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +48 -0
  223. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +104 -0
  224. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +17 -0
  225. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +30 -0
  226. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
  227. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
  228. data/src/core/ext/upb-generated/validate/validate.upb.c +44 -39
  229. data/src/core/ext/upb-generated/validate/validate.upb.h +155 -119
  230. data/src/core/lib/channel/channel_args.cc +15 -14
  231. data/src/core/lib/channel/channel_args.h +3 -1
  232. data/src/core/lib/channel/channel_stack.h +20 -13
  233. data/src/core/lib/channel/channel_trace.cc +32 -41
  234. data/src/core/lib/channel/channel_trace.h +3 -3
  235. data/src/core/lib/channel/channelz.cc +163 -254
  236. data/src/core/lib/channel/channelz.h +20 -12
  237. data/src/core/lib/channel/channelz_registry.cc +52 -77
  238. data/src/core/lib/channel/channelz_registry.h +4 -4
  239. data/src/core/lib/channel/connected_channel.cc +7 -5
  240. data/src/core/lib/channel/context.h +1 -1
  241. data/src/core/lib/channel/handshaker.cc +11 -13
  242. data/src/core/lib/channel/handshaker.h +4 -2
  243. data/src/core/lib/channel/handshaker_registry.cc +5 -17
  244. data/src/core/lib/channel/status_util.cc +2 -3
  245. data/src/core/lib/compression/message_compress.cc +5 -1
  246. data/src/core/lib/debug/stats.cc +21 -27
  247. data/src/core/lib/debug/stats.h +3 -1
  248. data/src/core/lib/gpr/spinlock.h +2 -3
  249. data/src/core/lib/gpr/string.cc +2 -26
  250. data/src/core/lib/gpr/string.h +0 -16
  251. data/src/core/lib/gpr/sync_abseil.cc +116 -0
  252. data/src/core/lib/gpr/sync_posix.cc +8 -5
  253. data/src/core/lib/gpr/sync_windows.cc +4 -2
  254. data/src/core/lib/gpr/time.cc +4 -0
  255. data/src/core/lib/gpr/time_posix.cc +1 -1
  256. data/src/core/lib/gpr/time_precise.cc +1 -1
  257. data/src/core/lib/gprpp/atomic.h +6 -6
  258. data/src/core/lib/gprpp/fork.cc +1 -1
  259. data/src/core/lib/gprpp/host_port.cc +30 -36
  260. data/src/core/lib/gprpp/host_port.h +14 -17
  261. data/src/core/lib/gprpp/map.h +5 -11
  262. data/src/core/lib/gprpp/memory.h +2 -6
  263. data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
  264. data/src/core/lib/gprpp/sync.h +9 -0
  265. data/src/core/lib/http/format_request.cc +46 -65
  266. data/src/core/lib/http/httpcli.cc +2 -3
  267. data/src/core/lib/http/httpcli.h +2 -3
  268. data/src/core/lib/http/httpcli_security_connector.cc +5 -5
  269. data/src/core/lib/http/parser.h +2 -3
  270. data/src/core/lib/iomgr/buffer_list.cc +36 -35
  271. data/src/core/lib/iomgr/buffer_list.h +22 -21
  272. data/src/core/lib/iomgr/call_combiner.h +3 -2
  273. data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
  274. data/src/core/lib/iomgr/closure.h +2 -3
  275. data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
  276. data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
  277. data/src/core/lib/iomgr/endpoint_pair.h +2 -3
  278. data/src/core/lib/iomgr/error.cc +6 -9
  279. data/src/core/lib/iomgr/error.h +4 -5
  280. data/src/core/lib/iomgr/ev_apple.cc +356 -0
  281. data/src/core/lib/iomgr/ev_apple.h +43 -0
  282. data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
  283. data/src/core/lib/iomgr/ev_epollex_linux.cc +14 -7
  284. data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
  285. data/src/core/lib/iomgr/ev_posix.cc +2 -3
  286. data/src/core/lib/iomgr/exec_ctx.h +14 -2
  287. data/src/core/lib/iomgr/executor.cc +1 -1
  288. data/src/core/lib/iomgr/fork_posix.cc +4 -0
  289. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
  290. data/src/core/lib/iomgr/load_file.cc +1 -0
  291. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +87 -0
  292. data/src/core/lib/iomgr/poller/eventmanager_libuv.h +88 -0
  293. data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
  294. data/src/core/lib/iomgr/pollset_uv.h +32 -0
  295. data/src/core/lib/iomgr/port.h +1 -0
  296. data/src/core/lib/iomgr/python_util.h +46 -0
  297. data/src/core/lib/iomgr/resolve_address.h +4 -6
  298. data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
  299. data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
  300. data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
  301. data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
  302. data/src/core/lib/iomgr/resource_quota.cc +4 -6
  303. data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
  304. data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
  305. data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
  306. data/src/core/lib/iomgr/socket_mutator.h +2 -3
  307. data/src/core/lib/iomgr/socket_utils_common_posix.cc +21 -26
  308. data/src/core/lib/iomgr/socket_utils_posix.h +15 -0
  309. data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
  310. data/src/core/lib/iomgr/tcp_client_posix.cc +25 -22
  311. data/src/core/lib/iomgr/tcp_client_posix.h +6 -6
  312. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
  313. data/src/core/lib/iomgr/tcp_custom.cc +2 -3
  314. data/src/core/lib/iomgr/tcp_custom.h +3 -0
  315. data/src/core/lib/iomgr/tcp_posix.cc +608 -56
  316. data/src/core/lib/iomgr/tcp_server_custom.cc +20 -11
  317. data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
  318. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +13 -4
  319. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
  320. data/src/core/lib/iomgr/tcp_uv.cc +3 -2
  321. data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
  322. data/src/core/lib/iomgr/timer_generic.cc +2 -3
  323. data/src/core/lib/iomgr/timer_generic.h +39 -0
  324. data/src/core/lib/iomgr/timer_heap.h +2 -3
  325. data/src/core/lib/iomgr/udp_server.cc +9 -14
  326. data/src/core/lib/iomgr/work_serializer.cc +155 -0
  327. data/src/core/lib/iomgr/work_serializer.h +65 -0
  328. data/src/core/lib/json/json.h +209 -68
  329. data/src/core/lib/json/json_reader.cc +511 -319
  330. data/src/core/lib/json/json_writer.cc +202 -110
  331. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
  332. data/src/core/lib/security/credentials/composite/composite_credentials.cc +19 -0
  333. data/src/core/lib/security/credentials/composite/composite_credentials.h +11 -4
  334. data/src/core/lib/security/credentials/credentials.cc +0 -84
  335. data/src/core/lib/security/credentials/credentials.h +18 -60
  336. data/src/core/lib/security/credentials/fake/fake_credentials.h +6 -1
  337. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +9 -12
  338. data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
  339. data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
  340. data/src/core/lib/security/credentials/jwt/json_token.cc +26 -56
  341. data/src/core/lib/security/credentials/jwt/json_token.h +4 -6
  342. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +8 -18
  343. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
  344. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +151 -168
  345. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +4 -6
  346. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +92 -61
  347. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +10 -4
  348. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +19 -4
  349. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +4 -1
  350. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +43 -13
  351. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +47 -11
  352. data/src/core/lib/security/credentials/tls/tls_credentials.cc +128 -0
  353. data/src/core/lib/security/credentials/tls/tls_credentials.h +62 -0
  354. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +34 -6
  355. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +29 -9
  356. data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +2 -2
  357. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +5 -4
  358. data/src/core/lib/security/security_connector/local/local_security_connector.cc +32 -7
  359. data/src/core/lib/security/security_connector/security_connector.h +1 -1
  360. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -37
  361. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
  362. data/src/core/lib/security/security_connector/ssl_utils.cc +107 -16
  363. data/src/core/lib/security/security_connector/ssl_utils.h +24 -11
  364. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +603 -0
  365. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +183 -0
  366. data/src/core/lib/security/transport/client_auth_filter.cc +34 -2
  367. data/src/core/lib/security/transport/security_handshaker.cc +2 -2
  368. data/src/core/lib/security/util/json_util.cc +22 -15
  369. data/src/core/lib/security/util/json_util.h +2 -2
  370. data/src/core/lib/slice/slice_intern.cc +2 -3
  371. data/src/core/lib/slice/slice_internal.h +14 -0
  372. data/src/core/lib/slice/slice_utils.h +9 -0
  373. data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
  374. data/src/core/lib/surface/call.cc +2 -3
  375. data/src/core/lib/surface/call_log_batch.cc +50 -58
  376. data/src/core/lib/surface/channel.cc +53 -31
  377. data/src/core/lib/surface/channel.h +35 -4
  378. data/src/core/lib/surface/channel_ping.cc +2 -3
  379. data/src/core/lib/surface/completion_queue.cc +55 -34
  380. data/src/core/lib/surface/event_string.cc +18 -25
  381. data/src/core/lib/surface/event_string.h +3 -1
  382. data/src/core/lib/surface/init_secure.cc +1 -4
  383. data/src/core/lib/surface/server.cc +570 -369
  384. data/src/core/lib/surface/server.h +32 -0
  385. data/src/core/lib/surface/version.cc +2 -2
  386. data/src/core/lib/transport/byte_stream.h +7 -2
  387. data/src/core/lib/transport/connectivity_state.cc +7 -6
  388. data/src/core/lib/transport/connectivity_state.h +5 -3
  389. data/src/core/lib/transport/metadata.cc +3 -3
  390. data/src/core/lib/transport/metadata_batch.h +2 -3
  391. data/src/core/lib/transport/static_metadata.h +1 -1
  392. data/src/core/lib/transport/status_conversion.cc +6 -14
  393. data/src/core/lib/transport/transport.cc +2 -3
  394. data/src/core/lib/transport/transport.h +3 -2
  395. data/src/core/lib/transport/transport_op_string.cc +61 -102
  396. data/src/core/lib/uri/uri_parser.h +2 -3
  397. data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
  398. data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
  399. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +9 -2
  400. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
  401. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +44 -4
  402. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +10 -2
  403. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
  404. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +3 -3
  405. data/src/core/tsi/fake_transport_security.cc +17 -18
  406. data/src/core/tsi/fake_transport_security.h +2 -0
  407. data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
  408. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
  409. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
  410. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -1
  411. data/src/core/tsi/ssl_transport_security.cc +197 -47
  412. data/src/core/tsi/ssl_transport_security.h +23 -9
  413. data/src/core/tsi/ssl_types.h +0 -2
  414. data/src/core/tsi/transport_security.cc +13 -0
  415. data/src/core/tsi/transport_security.h +6 -9
  416. data/src/core/tsi/transport_security_grpc.cc +2 -2
  417. data/src/core/tsi/transport_security_grpc.h +4 -5
  418. data/src/core/tsi/transport_security_interface.h +15 -3
  419. data/src/ruby/bin/math_pb.rb +5 -5
  420. data/src/ruby/ext/grpc/rb_call.c +9 -1
  421. data/src/ruby/ext/grpc/rb_call_credentials.c +4 -1
  422. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
  423. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -1
  424. data/src/ruby/lib/grpc/errors.rb +103 -42
  425. data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
  426. data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
  427. data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
  428. data/src/ruby/lib/grpc/generic/service.rb +5 -4
  429. data/src/ruby/lib/grpc/structs.rb +1 -1
  430. data/src/ruby/lib/grpc/version.rb +1 -1
  431. data/src/ruby/pb/generate_proto_ruby.sh +5 -3
  432. data/src/ruby/pb/grpc/health/v1/health_pb.rb +3 -3
  433. data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +1 -1
  434. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +34 -13
  435. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
  436. data/src/ruby/spec/debug_message_spec.rb +134 -0
  437. data/src/ruby/spec/generic/service_spec.rb +2 -0
  438. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +5 -0
  439. data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -0
  440. data/src/ruby/spec/testdata/ca.pem +18 -13
  441. data/src/ruby/spec/testdata/client.key +26 -14
  442. data/src/ruby/spec/testdata/client.pem +18 -12
  443. data/src/ruby/spec/testdata/server1.key +26 -14
  444. data/src/ruby/spec/testdata/server1.pem +20 -14
  445. data/third_party/abseil-cpp/absl/algorithm/algorithm.h +159 -0
  446. data/third_party/abseil-cpp/absl/base/attributes.h +621 -0
  447. data/third_party/abseil-cpp/absl/base/call_once.h +226 -0
  448. data/third_party/abseil-cpp/absl/base/casts.h +184 -0
  449. data/third_party/abseil-cpp/absl/base/config.h +671 -0
  450. data/third_party/abseil-cpp/absl/base/const_init.h +76 -0
  451. data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +129 -0
  452. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +389 -0
  453. data/third_party/abseil-cpp/absl/base/internal/atomic_hook.h +200 -0
  454. data/third_party/abseil-cpp/absl/base/internal/bits.h +218 -0
  455. data/third_party/abseil-cpp/absl/base/internal/cycleclock.cc +107 -0
  456. data/third_party/abseil-cpp/absl/base/internal/cycleclock.h +94 -0
  457. data/third_party/abseil-cpp/absl/base/internal/endian.h +266 -0
  458. data/third_party/abseil-cpp/absl/base/internal/errno_saver.h +43 -0
  459. data/third_party/abseil-cpp/absl/base/internal/hide_ptr.h +51 -0
  460. data/third_party/abseil-cpp/absl/base/internal/identity.h +37 -0
  461. data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +107 -0
  462. data/third_party/abseil-cpp/absl/base/internal/invoke.h +187 -0
  463. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +107 -0
  464. data/third_party/abseil-cpp/absl/base/internal/per_thread_tls.h +52 -0
  465. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +240 -0
  466. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +183 -0
  467. data/third_party/abseil-cpp/absl/base/internal/scheduling_mode.h +58 -0
  468. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +233 -0
  469. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +243 -0
  470. data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +35 -0
  471. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +66 -0
  472. data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +46 -0
  473. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.cc +81 -0
  474. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +93 -0
  475. data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +37 -0
  476. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +416 -0
  477. data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +66 -0
  478. data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +271 -0
  479. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +152 -0
  480. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +259 -0
  481. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +108 -0
  482. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.h +75 -0
  483. data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +66 -0
  484. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +158 -0
  485. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +140 -0
  486. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +124 -0
  487. data/third_party/abseil-cpp/absl/base/log_severity.cc +27 -0
  488. data/third_party/abseil-cpp/absl/base/log_severity.h +121 -0
  489. data/third_party/abseil-cpp/absl/base/macros.h +220 -0
  490. data/third_party/abseil-cpp/absl/base/optimization.h +181 -0
  491. data/third_party/abseil-cpp/absl/base/options.h +211 -0
  492. data/third_party/abseil-cpp/absl/base/policy_checks.h +111 -0
  493. data/third_party/abseil-cpp/absl/base/port.h +26 -0
  494. data/third_party/abseil-cpp/absl/base/thread_annotations.h +280 -0
  495. data/third_party/abseil-cpp/absl/container/inlined_vector.h +848 -0
  496. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +265 -0
  497. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +892 -0
  498. data/third_party/abseil-cpp/absl/memory/memory.h +695 -0
  499. data/third_party/abseil-cpp/absl/meta/type_traits.h +759 -0
  500. data/third_party/abseil-cpp/absl/numeric/int128.cc +404 -0
  501. data/third_party/abseil-cpp/absl/numeric/int128.h +1091 -0
  502. data/third_party/abseil-cpp/absl/numeric/int128_have_intrinsic.inc +302 -0
  503. data/third_party/abseil-cpp/absl/numeric/int128_no_intrinsic.inc +308 -0
  504. data/third_party/abseil-cpp/absl/strings/ascii.cc +200 -0
  505. data/third_party/abseil-cpp/absl/strings/ascii.h +242 -0
  506. data/third_party/abseil-cpp/absl/strings/charconv.cc +984 -0
  507. data/third_party/abseil-cpp/absl/strings/charconv.h +119 -0
  508. data/third_party/abseil-cpp/absl/strings/escaping.cc +949 -0
  509. data/third_party/abseil-cpp/absl/strings/escaping.h +164 -0
  510. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +156 -0
  511. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +359 -0
  512. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +423 -0
  513. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +504 -0
  514. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.h +99 -0
  515. data/third_party/abseil-cpp/absl/strings/internal/escaping.cc +180 -0
  516. data/third_party/abseil-cpp/absl/strings/internal/escaping.h +58 -0
  517. data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +112 -0
  518. data/third_party/abseil-cpp/absl/strings/internal/memutil.h +148 -0
  519. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.cc +36 -0
  520. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.h +89 -0
  521. data/third_party/abseil-cpp/absl/strings/internal/resize_uninitialized.h +73 -0
  522. data/third_party/abseil-cpp/absl/strings/internal/stl_type_traits.h +248 -0
  523. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +388 -0
  524. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +432 -0
  525. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +245 -0
  526. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +209 -0
  527. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +326 -0
  528. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +51 -0
  529. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +415 -0
  530. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +493 -0
  531. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +23 -0
  532. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.cc +72 -0
  533. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +104 -0
  534. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +334 -0
  535. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +333 -0
  536. data/third_party/abseil-cpp/absl/strings/internal/str_join_internal.h +314 -0
  537. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +455 -0
  538. data/third_party/abseil-cpp/absl/strings/internal/utf8.cc +53 -0
  539. data/third_party/abseil-cpp/absl/strings/internal/utf8.h +50 -0
  540. data/third_party/abseil-cpp/absl/strings/match.cc +40 -0
  541. data/third_party/abseil-cpp/absl/strings/match.h +90 -0
  542. data/third_party/abseil-cpp/absl/strings/numbers.cc +965 -0
  543. data/third_party/abseil-cpp/absl/strings/numbers.h +266 -0
  544. data/third_party/abseil-cpp/absl/strings/str_cat.cc +246 -0
  545. data/third_party/abseil-cpp/absl/strings/str_cat.h +408 -0
  546. data/third_party/abseil-cpp/absl/strings/str_format.h +537 -0
  547. data/third_party/abseil-cpp/absl/strings/str_join.h +293 -0
  548. data/third_party/abseil-cpp/absl/strings/str_replace.cc +82 -0
  549. data/third_party/abseil-cpp/absl/strings/str_replace.h +219 -0
  550. data/third_party/abseil-cpp/absl/strings/str_split.cc +139 -0
  551. data/third_party/abseil-cpp/absl/strings/str_split.h +513 -0
  552. data/third_party/abseil-cpp/absl/strings/string_view.cc +235 -0
  553. data/third_party/abseil-cpp/absl/strings/string_view.h +622 -0
  554. data/third_party/abseil-cpp/absl/strings/strip.h +91 -0
  555. data/third_party/abseil-cpp/absl/strings/substitute.cc +171 -0
  556. data/third_party/abseil-cpp/absl/strings/substitute.h +693 -0
  557. data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
  558. data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
  559. data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
  560. data/third_party/abseil-cpp/absl/time/clock.h +74 -0
  561. data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
  562. data/third_party/abseil-cpp/absl/time/format.cc +153 -0
  563. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
  564. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
  565. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
  566. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
  567. data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
  568. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
  569. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
  570. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
  571. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
  572. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
  573. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
  574. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
  575. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
  576. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
  577. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
  578. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
  579. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
  580. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
  581. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
  582. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
  583. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
  584. data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
  585. data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
  586. data/third_party/abseil-cpp/absl/time/time.cc +499 -0
  587. data/third_party/abseil-cpp/absl/time/time.h +1584 -0
  588. data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +48 -0
  589. data/third_party/abseil-cpp/absl/types/bad_optional_access.h +78 -0
  590. data/third_party/abseil-cpp/absl/types/internal/optional.h +396 -0
  591. data/third_party/abseil-cpp/absl/types/internal/span.h +128 -0
  592. data/third_party/abseil-cpp/absl/types/optional.h +776 -0
  593. data/third_party/abseil-cpp/absl/types/span.h +713 -0
  594. data/third_party/abseil-cpp/absl/utility/utility.h +350 -0
  595. data/third_party/boringssl-with-bazel/err_data.c +1439 -0
  596. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bitstr.c +0 -0
  597. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bool.c +0 -0
  598. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_d2i_fp.c +0 -0
  599. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_dup.c +0 -0
  600. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_enum.c +0 -0
  601. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_gentm.c +0 -0
  602. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_i2d_fp.c +0 -0
  603. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_int.c +0 -0
  604. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_mbstr.c +0 -0
  605. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_object.c +0 -0
  606. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_octet.c +0 -0
  607. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_print.c +0 -0
  608. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_strnid.c +0 -0
  609. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +212 -0
  610. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_type.c +0 -0
  611. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utctm.c +0 -0
  612. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utf8.c +0 -0
  613. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_lib.c +0 -0
  614. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_locl.h +0 -0
  615. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_par.c +0 -0
  616. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn_pack.c +0 -0
  617. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_enum.c +0 -0
  618. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_int.c +0 -0
  619. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_string.c +0 -0
  620. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_dec.c +0 -0
  621. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_enc.c +0 -0
  622. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_fre.c +0 -0
  623. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_new.c +0 -0
  624. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_typ.c +0 -0
  625. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_utl.c +0 -0
  626. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/time_support.c +0 -0
  627. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/base64/base64.c +0 -0
  628. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio.c +0 -0
  629. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio_mem.c +0 -0
  630. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +545 -0
  631. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +279 -0
  632. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +317 -0
  633. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/hexdump.c +0 -0
  634. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/internal.h +0 -0
  635. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +488 -0
  636. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/printf.c +0 -0
  637. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket.c +0 -0
  638. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket_helper.c +0 -0
  639. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/bn_asn1.c +0 -0
  640. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/convert.c +0 -0
  641. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +172 -0
  642. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/asn1_compat.c +0 -0
  643. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/ber.c +0 -0
  644. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +719 -0
  645. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +688 -0
  646. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/internal.h +0 -0
  647. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/unicode.c +0 -0
  648. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/chacha.c +0 -0
  649. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/internal.h +0 -0
  650. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/cipher_extra.c +0 -0
  651. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +152 -0
  652. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesccm.c +0 -0
  653. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesctrhmac.c +0 -0
  654. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +891 -0
  655. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_chacha20poly1305.c +0 -0
  656. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_null.c +0 -0
  657. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc2.c +0 -0
  658. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc4.c +0 -0
  659. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_tls.c +0 -0
  660. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/internal.h +0 -0
  661. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/tls_cbc.c +0 -0
  662. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cmac/cmac.c +0 -0
  663. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf.c +0 -0
  664. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf_def.h +0 -0
  665. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/internal.h +0 -0
  666. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-fuchsia.c +0 -0
  667. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-linux.c +0 -0
  668. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +220 -0
  669. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm-linux.h +0 -0
  670. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm.c +0 -0
  671. data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +291 -0
  672. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-ppc64le.c +0 -0
  673. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +226 -0
  674. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +2159 -0
  675. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +7872 -0
  676. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +146 -0
  677. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +539 -0
  678. data/third_party/boringssl-with-bazel/src/crypto/dh/check.c +217 -0
  679. data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +533 -0
  680. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh_asn1.c +0 -0
  681. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/params.c +0 -0
  682. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/digest_extra/digest_extra.c +0 -0
  683. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +980 -0
  684. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa_asn1.c +0 -0
  685. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ec_extra/ec_asn1.c +0 -0
  686. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_derive.c +95 -0
  687. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
  688. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
  689. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +124 -0
  690. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ecdsa_extra/ecdsa_asn1.c +0 -0
  691. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/engine/engine.c +0 -0
  692. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +850 -0
  693. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/err/internal.h +0 -0
  694. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/digestsign.c +0 -0
  695. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp.c +0 -0
  696. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_asn1.c +0 -0
  697. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_ctx.c +0 -0
  698. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/internal.h +0 -0
  699. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_dsa_asn1.c +0 -0
  700. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +286 -0
  701. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ec_asn1.c +0 -0
  702. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519.c +0 -0
  703. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519_asn1.c +0 -0
  704. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +648 -0
  705. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_rsa_asn1.c +0 -0
  706. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_x25519.c +0 -0
  707. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +248 -0
  708. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/pbkdf.c +0 -0
  709. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/print.c +0 -0
  710. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/scrypt.c +0 -0
  711. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/sign.c +0 -0
  712. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ex_data.c +0 -0
  713. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +108 -0
  714. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1282 -0
  715. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +238 -0
  716. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/key_wrap.c +0 -0
  717. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +106 -0
  718. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +263 -0
  719. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/add.c +0 -0
  720. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/asm/x86_64-gcc.c +0 -0
  721. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bn.c +0 -0
  722. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bytes.c +0 -0
  723. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/cmp.c +0 -0
  724. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/ctx.c +0 -0
  725. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div.c +0 -0
  726. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div_extra.c +0 -0
  727. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +1288 -0
  728. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd.c +0 -0
  729. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd_extra.c +0 -0
  730. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/generic.c +0 -0
  731. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +694 -0
  732. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/jacobi.c +0 -0
  733. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +502 -0
  734. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/montgomery_inv.c +0 -0
  735. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +749 -0
  736. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +1068 -0
  737. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/random.c +0 -0
  738. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.c +0 -0
  739. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.h +0 -0
  740. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/shift.c +0 -0
  741. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/sqrt.c +0 -0
  742. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/aead.c +0 -0
  743. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/cipher.c +0 -0
  744. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +1302 -0
  745. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/e_des.c +0 -0
  746. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/internal.h +0 -0
  747. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/delocate.h +0 -0
  748. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/des.c +0 -0
  749. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/internal.h +0 -0
  750. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/digest.c +0 -0
  751. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +296 -0
  752. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/internal.h +0 -0
  753. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/md32_common.h +0 -0
  754. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +1252 -0
  755. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +465 -0
  756. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +524 -0
  757. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +100 -0
  758. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +775 -0
  759. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +328 -0
  760. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +1178 -0
  761. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9497 -0
  762. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +632 -0
  763. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p256-x86_64.h +0 -0
  764. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
  765. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
  766. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +175 -0
  767. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +357 -0
  768. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +270 -0
  769. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/util.c +0 -0
  770. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +270 -0
  771. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +122 -0
  772. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +328 -0
  773. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/fips_shared_support.c +0 -0
  774. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/hmac/hmac.c +0 -0
  775. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/is_fips.c +0 -0
  776. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md4/md4.c +0 -0
  777. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/internal.h +0 -0
  778. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/md5.c +0 -0
  779. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cbc.c +0 -0
  780. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cfb.c +0 -0
  781. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ctr.c +0 -0
  782. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +729 -0
  783. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +304 -0
  784. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +441 -0
  785. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ofb.c +0 -0
  786. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/polyval.c +0 -0
  787. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/ctrdrbg.c +0 -0
  788. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
  789. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
  790. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
  791. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +163 -0
  792. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +378 -0
  793. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +391 -0
  794. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +243 -0
  795. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +127 -0
  796. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/padding.c +0 -0
  797. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +898 -0
  798. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +1358 -0
  799. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/self_check/self_check.c +0 -0
  800. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/internal.h +0 -0
  801. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1-altivec.c +0 -0
  802. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1.c +0 -0
  803. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha256.c +0 -0
  804. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +544 -0
  805. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/internal.h +0 -0
  806. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/kdf.c +0 -0
  807. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hkdf/hkdf.c +0 -0
  808. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +2100 -0
  809. data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +61 -0
  810. data/third_party/boringssl-with-bazel/src/crypto/internal.h +834 -0
  811. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/lhash/lhash.c +0 -0
  812. data/third_party/boringssl-with-bazel/src/crypto/mem.c +359 -0
  813. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +549 -0
  814. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +11585 -0
  815. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_xref.c +0 -0
  816. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_all.c +0 -0
  817. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +360 -0
  818. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +777 -0
  819. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +87 -0
  820. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +257 -0
  821. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +218 -0
  822. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_x509.c +0 -0
  823. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_xaux.c +0 -0
  824. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/internal.h +0 -0
  825. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/pkcs7.c +0 -0
  826. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +385 -0
  827. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/internal.h +0 -0
  828. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/p5_pbev2.c +0 -0
  829. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8.c +0 -0
  830. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8_x509.c +0 -0
  831. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/internal.h +0 -0
  832. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +318 -0
  833. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +305 -0
  834. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +856 -0
  835. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pool/internal.h +0 -0
  836. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +220 -0
  837. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +52 -0
  838. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/forkunsafe.c +0 -0
  839. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/fuchsia.c +0 -0
  840. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/rand_extra.c +0 -0
  841. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +69 -0
  842. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rc4/rc4.c +0 -0
  843. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_c11.c +0 -0
  844. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_lock.c +0 -0
  845. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_asn1.c +0 -0
  846. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_print.c +0 -0
  847. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +82 -0
  848. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/stack/stack.c +0 -0
  849. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread.c +0 -0
  850. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_none.c +0 -0
  851. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +210 -0
  852. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +260 -0
  853. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
  854. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
  855. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
  856. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_digest.c +0 -0
  857. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_sign.c +0 -0
  858. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_strex.c +0 -0
  859. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +114 -0
  860. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/algorithm.c +0 -0
  861. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/asn1_gen.c +0 -0
  862. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +458 -0
  863. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +275 -0
  864. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/charmap.h +0 -0
  865. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/i2d_pr.c +0 -0
  866. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/internal.h +0 -0
  867. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/rsa_pss.c +0 -0
  868. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_crl.c +0 -0
  869. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_req.c +0 -0
  870. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509.c +0 -0
  871. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509a.c +0 -0
  872. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/vpm_int.h +0 -0
  873. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509.c +0 -0
  874. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_att.c +0 -0
  875. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +476 -0
  876. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_d2.c +0 -0
  877. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_def.c +0 -0
  878. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_ext.c +0 -0
  879. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_lu.c +0 -0
  880. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +198 -0
  881. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +116 -0
  882. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +341 -0
  883. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +185 -0
  884. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +326 -0
  885. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_txt.c +0 -0
  886. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_v3.c +0 -0
  887. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +2487 -0
  888. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +671 -0
  889. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509cset.c +0 -0
  890. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +389 -0
  891. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509rset.c +0 -0
  892. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509spki.c +0 -0
  893. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_algor.c +0 -0
  894. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +399 -0
  895. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_attrib.c +0 -0
  896. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_crl.c +0 -0
  897. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_exten.c +0 -0
  898. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_info.c +0 -0
  899. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_name.c +0 -0
  900. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pkey.c +0 -0
  901. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pubkey.c +0 -0
  902. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_req.c +0 -0
  903. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_sig.c +0 -0
  904. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_spki.c +0 -0
  905. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_val.c +0 -0
  906. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509.c +0 -0
  907. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509a.c +0 -0
  908. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/ext_dat.h +0 -0
  909. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/internal.h +0 -0
  910. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_cache.c +0 -0
  911. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_data.c +0 -0
  912. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_int.h +0 -0
  913. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_lib.c +0 -0
  914. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_map.c +0 -0
  915. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_node.c +0 -0
  916. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_tree.c +0 -0
  917. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akey.c +0 -0
  918. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akeya.c +0 -0
  919. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +629 -0
  920. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bcons.c +0 -0
  921. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bitst.c +0 -0
  922. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_conf.c +0 -0
  923. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_cpols.c +0 -0
  924. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_crld.c +0 -0
  925. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +100 -0
  926. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_extku.c +0 -0
  927. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_genn.c +0 -0
  928. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ia5.c +0 -0
  929. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +218 -0
  930. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_int.c +0 -0
  931. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_lib.c +0 -0
  932. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ncons.c +0 -0
  933. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ocsp.c +0 -0
  934. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pci.c +0 -0
  935. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcia.c +0 -0
  936. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcons.c +0 -0
  937. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pku.c +0 -0
  938. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pmaps.c +0 -0
  939. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_prn.c +0 -0
  940. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +843 -0
  941. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_skey.c +0 -0
  942. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_sxnet.c +0 -0
  943. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1395 -0
  944. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aead.h +0 -0
  945. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aes.h +0 -0
  946. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/arm_arch.h +0 -0
  947. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1.h +0 -0
  948. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1_mac.h +0 -0
  949. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1t.h +0 -0
  950. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +575 -0
  951. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/base64.h +0 -0
  952. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bio.h +0 -0
  953. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/blowfish.h +0 -0
  954. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +1057 -0
  955. data/third_party/boringssl-with-bazel/src/include/openssl/buf.h +137 -0
  956. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buffer.h +0 -0
  957. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +561 -0
  958. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cast.h +0 -0
  959. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/chacha.h +0 -0
  960. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cipher.h +0 -0
  961. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cmac.h +0 -0
  962. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/conf.h +0 -0
  963. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cpu.h +0 -0
  964. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +149 -0
  965. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/curve25519.h +0 -0
  966. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/des.h +0 -0
  967. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +319 -0
  968. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +331 -0
  969. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +457 -0
  970. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dtls1.h +0 -0
  971. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/e_os2.h +0 -0
  972. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +424 -0
  973. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +372 -0
  974. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ecdh.h +0 -0
  975. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +205 -0
  976. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/engine.h +0 -0
  977. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +465 -0
  978. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1050 -0
  979. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ex_data.h +0 -0
  980. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hkdf.h +0 -0
  981. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hmac.h +0 -0
  982. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hrss.h +0 -0
  983. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/is_boringssl.h +0 -0
  984. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/lhash.h +0 -0
  985. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md4.h +0 -0
  986. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md5.h +0 -0
  987. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +175 -0
  988. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +4259 -0
  989. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj.h +0 -0
  990. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj_mac.h +0 -0
  991. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/objects.h +0 -0
  992. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslconf.h +0 -0
  993. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslv.h +0 -0
  994. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ossl_typ.h +0 -0
  995. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pem.h +0 -0
  996. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs12.h +0 -0
  997. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs7.h +0 -0
  998. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs8.h +0 -0
  999. data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +49 -0
  1000. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pool.h +0 -0
  1001. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +111 -0
  1002. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rc4.h +0 -0
  1003. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ripemd.h +0 -0
  1004. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +818 -0
  1005. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/safestack.h +0 -0
  1006. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +294 -0
  1007. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/siphash.h +0 -0
  1008. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/span.h +0 -0
  1009. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/srtp.h +0 -0
  1010. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +5198 -0
  1011. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ssl3.h +0 -0
  1012. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/stack.h +0 -0
  1013. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/thread.h +0 -0
  1014. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +632 -0
  1015. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
  1016. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/type_check.h +0 -0
  1017. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1207 -0
  1018. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +681 -0
  1019. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509v3.h +0 -0
  1020. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/bio_ssl.cc +0 -0
  1021. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +837 -0
  1022. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +268 -0
  1023. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +273 -0
  1024. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_srtp.cc +0 -0
  1025. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +200 -0
  1026. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/dtls_record.cc +0 -0
  1027. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +675 -0
  1028. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +703 -0
  1029. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +1890 -0
  1030. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1805 -0
  1031. data/third_party/boringssl-with-bazel/src/ssl/internal.h +3572 -0
  1032. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +724 -0
  1033. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +221 -0
  1034. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +458 -0
  1035. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_aead_ctx.cc +0 -0
  1036. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +856 -0
  1037. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +306 -0
  1038. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +1019 -0
  1039. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +1718 -0
  1040. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_file.cc +0 -0
  1041. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_key_share.cc +0 -0
  1042. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +3015 -0
  1043. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +835 -0
  1044. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +1333 -0
  1045. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +230 -0
  1046. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_transcript.cc +0 -0
  1047. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +394 -0
  1048. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_x509.cc +0 -0
  1049. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +365 -0
  1050. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +3870 -0
  1051. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +689 -0
  1052. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1017 -0
  1053. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +513 -0
  1054. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +1096 -0
  1055. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +317 -0
  1056. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +703 -0
  1057. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +981 -0
  1058. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +619 -0
  1059. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3147 -0
  1060. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1226 -0
  1061. data/third_party/upb/upb/decode.c +4 -0
  1062. data/third_party/upb/upb/port.c +0 -1
  1063. data/third_party/upb/upb/port_def.inc +1 -3
  1064. data/third_party/upb/upb/table.c +2 -1
  1065. metadata +758 -509
  1066. data/src/boringssl/err_data.c +0 -1407
  1067. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1898
  1068. data/src/core/lib/gprpp/inlined_vector.h +0 -246
  1069. data/src/core/lib/gprpp/optional.h +0 -48
  1070. data/src/core/lib/gprpp/string_view.h +0 -165
  1071. data/src/core/lib/iomgr/logical_thread.cc +0 -103
  1072. data/src/core/lib/iomgr/logical_thread.h +0 -52
  1073. data/src/core/lib/json/json.cc +0 -94
  1074. data/src/core/lib/json/json_common.h +0 -34
  1075. data/src/core/lib/json/json_reader.h +0 -146
  1076. data/src/core/lib/json/json_string.cc +0 -367
  1077. data/src/core/lib/json/json_writer.h +0 -84
  1078. data/src/core/lib/security/credentials/tls/spiffe_credentials.cc +0 -129
  1079. data/src/core/lib/security/credentials/tls/spiffe_credentials.h +0 -62
  1080. data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +0 -541
  1081. data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +0 -158
  1082. data/src/core/tsi/grpc_shadow_boringssl.h +0 -3297
  1083. data/third_party/boringssl/crypto/asn1/a_time.c +0 -213
  1084. data/third_party/boringssl/crypto/bio/connect.c +0 -546
  1085. data/third_party/boringssl/crypto/bio/fd.c +0 -280
  1086. data/third_party/boringssl/crypto/bio/file.c +0 -318
  1087. data/third_party/boringssl/crypto/bio/pair.c +0 -489
  1088. data/third_party/boringssl/crypto/buf/buf.c +0 -231
  1089. data/third_party/boringssl/crypto/bytestring/cbb.c +0 -680
  1090. data/third_party/boringssl/crypto/bytestring/cbs.c +0 -631
  1091. data/third_party/boringssl/crypto/cipher_extra/derive_key.c +0 -152
  1092. data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +0 -883
  1093. data/third_party/boringssl/crypto/cpu-arm-linux.c +0 -219
  1094. data/third_party/boringssl/crypto/cpu-intel.c +0 -282
  1095. data/third_party/boringssl/crypto/crypto.c +0 -215
  1096. data/third_party/boringssl/crypto/curve25519/spake25519.c +0 -539
  1097. data/third_party/boringssl/crypto/dh/check.c +0 -217
  1098. data/third_party/boringssl/crypto/dh/dh.c +0 -519
  1099. data/third_party/boringssl/crypto/dsa/dsa.c +0 -970
  1100. data/third_party/boringssl/crypto/ec_extra/ec_derive.c +0 -96
  1101. data/third_party/boringssl/crypto/ecdh_extra/ecdh_extra.c +0 -124
  1102. data/third_party/boringssl/crypto/err/err.c +0 -849
  1103. data/third_party/boringssl/crypto/evp/p_ec.c +0 -287
  1104. data/third_party/boringssl/crypto/evp/p_rsa.c +0 -636
  1105. data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +0 -249
  1106. data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +0 -860
  1107. data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +0 -240
  1108. data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +0 -108
  1109. data/third_party/boringssl/crypto/fipsmodule/bcm.c +0 -260
  1110. data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +0 -1288
  1111. data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +0 -691
  1112. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +0 -502
  1113. data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +0 -873
  1114. data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +0 -1069
  1115. data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +0 -1304
  1116. data/third_party/boringssl/crypto/fipsmodule/digest/digests.c +0 -280
  1117. data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +0 -1080
  1118. data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +0 -479
  1119. data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +0 -483
  1120. data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +0 -82
  1121. data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +0 -503
  1122. data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +0 -336
  1123. data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +0 -1187
  1124. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +0 -9501
  1125. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +0 -651
  1126. data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +0 -96
  1127. data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +0 -380
  1128. data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +0 -84
  1129. data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +0 -227
  1130. data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +0 -122
  1131. data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +0 -313
  1132. data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +0 -877
  1133. data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +0 -451
  1134. data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +0 -127
  1135. data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +0 -363
  1136. data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +0 -481
  1137. data/third_party/boringssl/crypto/fipsmodule/rsa/blinding.c +0 -239
  1138. data/third_party/boringssl/crypto/fipsmodule/rsa/internal.h +0 -126
  1139. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +0 -879
  1140. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +0 -1335
  1141. data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +0 -535
  1142. data/third_party/boringssl/crypto/hrss/hrss.c +0 -2201
  1143. data/third_party/boringssl/crypto/hrss/internal.h +0 -62
  1144. data/third_party/boringssl/crypto/internal.h +0 -814
  1145. data/third_party/boringssl/crypto/mem.c +0 -272
  1146. data/third_party/boringssl/crypto/obj/obj.c +0 -554
  1147. data/third_party/boringssl/crypto/obj/obj_dat.h +0 -11550
  1148. data/third_party/boringssl/crypto/pem/pem_info.c +0 -361
  1149. data/third_party/boringssl/crypto/pem/pem_lib.c +0 -777
  1150. data/third_party/boringssl/crypto/pem/pem_oth.c +0 -88
  1151. data/third_party/boringssl/crypto/pem/pem_pk8.c +0 -258
  1152. data/third_party/boringssl/crypto/pem/pem_pkey.c +0 -219
  1153. data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +0 -385
  1154. data/third_party/boringssl/crypto/poly1305/poly1305.c +0 -318
  1155. data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +0 -304
  1156. data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +0 -839
  1157. data/third_party/boringssl/crypto/pool/pool.c +0 -221
  1158. data/third_party/boringssl/crypto/rand_extra/deterministic.c +0 -56
  1159. data/third_party/boringssl/crypto/rand_extra/windows.c +0 -53
  1160. data/third_party/boringssl/crypto/siphash/siphash.c +0 -80
  1161. data/third_party/boringssl/crypto/thread_pthread.c +0 -206
  1162. data/third_party/boringssl/crypto/thread_win.c +0 -256
  1163. data/third_party/boringssl/crypto/x509/a_verify.c +0 -115
  1164. data/third_party/boringssl/crypto/x509/by_dir.c +0 -458
  1165. data/third_party/boringssl/crypto/x509/by_file.c +0 -276
  1166. data/third_party/boringssl/crypto/x509/x509_cmp.c +0 -477
  1167. data/third_party/boringssl/crypto/x509/x509_obj.c +0 -198
  1168. data/third_party/boringssl/crypto/x509/x509_r2x.c +0 -117
  1169. data/third_party/boringssl/crypto/x509/x509_req.c +0 -342
  1170. data/third_party/boringssl/crypto/x509/x509_set.c +0 -169
  1171. data/third_party/boringssl/crypto/x509/x509_trs.c +0 -327
  1172. data/third_party/boringssl/crypto/x509/x509_vfy.c +0 -2483
  1173. data/third_party/boringssl/crypto/x509/x509_vpm.c +0 -672
  1174. data/third_party/boringssl/crypto/x509/x509name.c +0 -388
  1175. data/third_party/boringssl/crypto/x509/x_all.c +0 -400
  1176. data/third_party/boringssl/crypto/x509v3/v3_alt.c +0 -629
  1177. data/third_party/boringssl/crypto/x509v3/v3_enum.c +0 -100
  1178. data/third_party/boringssl/crypto/x509v3/v3_info.c +0 -219
  1179. data/third_party/boringssl/crypto/x509v3/v3_purp.c +0 -844
  1180. data/third_party/boringssl/crypto/x509v3/v3_utl.c +0 -1396
  1181. data/third_party/boringssl/include/openssl/base.h +0 -571
  1182. data/third_party/boringssl/include/openssl/bn.h +0 -1045
  1183. data/third_party/boringssl/include/openssl/buf.h +0 -137
  1184. data/third_party/boringssl/include/openssl/bytestring.h +0 -527
  1185. data/third_party/boringssl/include/openssl/crypto.h +0 -144
  1186. data/third_party/boringssl/include/openssl/dh.h +0 -299
  1187. data/third_party/boringssl/include/openssl/digest.h +0 -330
  1188. data/third_party/boringssl/include/openssl/dsa.h +0 -441
  1189. data/third_party/boringssl/include/openssl/ec.h +0 -417
  1190. data/third_party/boringssl/include/openssl/ec_key.h +0 -370
  1191. data/third_party/boringssl/include/openssl/ecdsa.h +0 -199
  1192. data/third_party/boringssl/include/openssl/err.h +0 -461
  1193. data/third_party/boringssl/include/openssl/evp.h +0 -1030
  1194. data/third_party/boringssl/include/openssl/mem.h +0 -160
  1195. data/third_party/boringssl/include/openssl/nid.h +0 -4245
  1196. data/third_party/boringssl/include/openssl/poly1305.h +0 -51
  1197. data/third_party/boringssl/include/openssl/rand.h +0 -125
  1198. data/third_party/boringssl/include/openssl/rsa.h +0 -787
  1199. data/third_party/boringssl/include/openssl/sha.h +0 -268
  1200. data/third_party/boringssl/include/openssl/ssl.h +0 -5113
  1201. data/third_party/boringssl/include/openssl/tls1.h +0 -634
  1202. data/third_party/boringssl/include/openssl/x509.h +0 -1205
  1203. data/third_party/boringssl/include/openssl/x509_vfy.h +0 -680
  1204. data/third_party/boringssl/ssl/d1_both.cc +0 -842
  1205. data/third_party/boringssl/ssl/d1_lib.cc +0 -268
  1206. data/third_party/boringssl/ssl/d1_pkt.cc +0 -274
  1207. data/third_party/boringssl/ssl/dtls_method.cc +0 -192
  1208. data/third_party/boringssl/ssl/handoff.cc +0 -489
  1209. data/third_party/boringssl/ssl/handshake.cc +0 -691
  1210. data/third_party/boringssl/ssl/handshake_client.cc +0 -1871
  1211. data/third_party/boringssl/ssl/handshake_server.cc +0 -1801
  1212. data/third_party/boringssl/ssl/internal.h +0 -3549
  1213. data/third_party/boringssl/ssl/s3_both.cc +0 -724
  1214. data/third_party/boringssl/ssl/s3_lib.cc +0 -222
  1215. data/third_party/boringssl/ssl/s3_pkt.cc +0 -459
  1216. data/third_party/boringssl/ssl/ssl_asn1.cc +0 -828
  1217. data/third_party/boringssl/ssl/ssl_buffer.cc +0 -287
  1218. data/third_party/boringssl/ssl/ssl_cert.cc +0 -1016
  1219. data/third_party/boringssl/ssl/ssl_cipher.cc +0 -1719
  1220. data/third_party/boringssl/ssl/ssl_lib.cc +0 -3011
  1221. data/third_party/boringssl/ssl/ssl_privkey.cc +0 -824
  1222. data/third_party/boringssl/ssl/ssl_session.cc +0 -1273
  1223. data/third_party/boringssl/ssl/ssl_stat.cc +0 -224
  1224. data/third_party/boringssl/ssl/ssl_versions.cc +0 -394
  1225. data/third_party/boringssl/ssl/t1_enc.cc +0 -361
  1226. data/third_party/boringssl/ssl/t1_lib.cc +0 -4036
  1227. data/third_party/boringssl/ssl/tls13_both.cc +0 -689
  1228. data/third_party/boringssl/ssl/tls13_client.cc +0 -947
  1229. data/third_party/boringssl/ssl/tls13_enc.cc +0 -561
  1230. data/third_party/boringssl/ssl/tls13_server.cc +0 -1089
  1231. data/third_party/boringssl/ssl/tls_method.cc +0 -279
  1232. data/third_party/boringssl/ssl/tls_record.cc +0 -698
  1233. data/third_party/boringssl/third_party/fiat/curve25519.c +0 -2167
  1234. data/third_party/boringssl/third_party/fiat/curve25519_32.h +0 -911
  1235. data/third_party/boringssl/third_party/fiat/curve25519_64.h +0 -559
  1236. data/third_party/boringssl/third_party/fiat/curve25519_tables.h +0 -7880
  1237. data/third_party/boringssl/third_party/fiat/internal.h +0 -154
  1238. data/third_party/boringssl/third_party/fiat/p256.c +0 -1063
  1239. data/third_party/boringssl/third_party/fiat/p256_32.h +0 -3226
  1240. data/third_party/boringssl/third_party/fiat/p256_64.h +0 -1217
@@ -0,0 +1,278 @@
1
+ /* Copyright (c) 2019, Google Inc.
2
+ *
3
+ * Permission to use, copy, modify, and/or distribute this software for any
4
+ * purpose with or without fee is hereby granted, provided that the above
5
+ * copyright notice and this permission notice appear in all copies.
6
+ *
7
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
+
15
+ #ifndef OPENSSL_HEADER_TRUST_TOKEN_INTERNAL_H
16
+ #define OPENSSL_HEADER_TRUST_TOKEN_INTERNAL_H
17
+
18
+ #include <openssl/base.h>
19
+ #include <openssl/ec.h>
20
+ #include <openssl/ec_key.h>
21
+ #include <openssl/nid.h>
22
+
23
+ #include "../fipsmodule/ec/internal.h"
24
+
25
+ #include <openssl/trust_token.h>
26
+
27
+
28
+ #if defined(__cplusplus)
29
+ extern "C" {
30
+ #endif
31
+
32
+
33
+ // PMBTokens.
34
+ //
35
+ // PMBTokens is described in https://eprint.iacr.org/2020/072/20200324:214215
36
+ // and provides anonymous tokens with private metadata. We implement the
37
+ // construction with validity verification, described in appendix H,
38
+ // construction 6.
39
+
40
+ // PMBTOKEN_NONCE_SIZE is the size of nonces used as part of the PMBToken
41
+ // protocol.
42
+ #define PMBTOKEN_NONCE_SIZE 64
43
+
44
+ typedef struct {
45
+ // TODO(https://crbug.com/boringssl/334): These should store |EC_PRECOMP| so
46
+ // that |TRUST_TOKEN_finish_issuance| can use |ec_point_mul_scalar_precomp|.
47
+ EC_AFFINE pub0;
48
+ EC_AFFINE pub1;
49
+ EC_AFFINE pubs;
50
+ } PMBTOKEN_CLIENT_KEY;
51
+
52
+ typedef struct {
53
+ EC_SCALAR x0;
54
+ EC_SCALAR y0;
55
+ EC_SCALAR x1;
56
+ EC_SCALAR y1;
57
+ EC_SCALAR xs;
58
+ EC_SCALAR ys;
59
+ EC_AFFINE pub0;
60
+ EC_PRECOMP pub0_precomp;
61
+ EC_AFFINE pub1;
62
+ EC_PRECOMP pub1_precomp;
63
+ EC_AFFINE pubs;
64
+ EC_PRECOMP pubs_precomp;
65
+ } PMBTOKEN_ISSUER_KEY;
66
+
67
+ // PMBTOKEN_PRETOKEN represents the intermediate state a client keeps during a
68
+ // PMBToken issuance operation.
69
+ typedef struct pmb_pretoken_st {
70
+ uint8_t t[PMBTOKEN_NONCE_SIZE];
71
+ EC_SCALAR r;
72
+ EC_AFFINE Tp;
73
+ } PMBTOKEN_PRETOKEN;
74
+
75
+ // PMBTOKEN_PRETOKEN_free releases the memory associated with |token|.
76
+ OPENSSL_EXPORT void PMBTOKEN_PRETOKEN_free(PMBTOKEN_PRETOKEN *token);
77
+
78
+ DEFINE_STACK_OF(PMBTOKEN_PRETOKEN)
79
+
80
+ // The following functions implement the corresponding |TRUST_TOKENS_METHOD|
81
+ // functions for |TRUST_TOKENS_experiment_v0|'s PMBTokens construction which
82
+ // uses P-521.
83
+ int pmbtoken_exp0_generate_key(CBB *out_private, CBB *out_public);
84
+ int pmbtoken_exp0_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
85
+ const uint8_t *in, size_t len);
86
+ int pmbtoken_exp0_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
87
+ const uint8_t *in, size_t len);
88
+ STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp0_blind(CBB *cbb, size_t count);
89
+ int pmbtoken_exp0_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
90
+ size_t num_requested, size_t num_to_issue,
91
+ uint8_t private_metadata);
92
+ STACK_OF(TRUST_TOKEN) *
93
+ pmbtoken_exp0_unblind(const PMBTOKEN_CLIENT_KEY *key,
94
+ const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
95
+ CBS *cbs, size_t count, uint32_t key_id);
96
+ int pmbtoken_exp0_read(const PMBTOKEN_ISSUER_KEY *key,
97
+ uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
98
+ uint8_t *out_private_metadata, const uint8_t *token,
99
+ size_t token_len);
100
+
101
+ // The following functions implement the corresponding |TRUST_TOKENS_METHOD|
102
+ // functions for |TRUST_TOKENS_experiment_v1|'s PMBTokens construction which
103
+ // uses P-384.
104
+ //
105
+ // We use P-384 instead of our usual choice of P-256. See Appendix I which
106
+ // describes two attacks which may affect smaller curves. In particular, p-1 for
107
+ // P-256 is smooth, giving a low complexity for the p-1 attack. P-384's p-1 has
108
+ // a 281-bit prime factor,
109
+ // 3055465788140352002733946906144561090641249606160407884365391979704929268480326390471.
110
+ // This lower-bounds the p-1 attack at O(2^140). The p+1 attack is lower-bounded
111
+ // by O(p^(1/3)) or O(2^128), so we do not need to check the smoothness of p+1.
112
+ int pmbtoken_exp1_generate_key(CBB *out_private, CBB *out_public);
113
+ int pmbtoken_exp1_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
114
+ const uint8_t *in, size_t len);
115
+ int pmbtoken_exp1_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
116
+ const uint8_t *in, size_t len);
117
+ STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp1_blind(CBB *cbb, size_t count);
118
+ int pmbtoken_exp1_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
119
+ size_t num_requested, size_t num_to_issue,
120
+ uint8_t private_metadata);
121
+ STACK_OF(TRUST_TOKEN) *
122
+ pmbtoken_exp1_unblind(const PMBTOKEN_CLIENT_KEY *key,
123
+ const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
124
+ CBS *cbs, size_t count, uint32_t key_id);
125
+ int pmbtoken_exp1_read(const PMBTOKEN_ISSUER_KEY *key,
126
+ uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
127
+ uint8_t *out_private_metadata, const uint8_t *token,
128
+ size_t token_len);
129
+
130
+ // pmbtoken_exp1_get_h_for_testing returns H in uncompressed coordinates. This
131
+ // function is used to confirm H was computed as expected.
132
+ OPENSSL_EXPORT int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]);
133
+
134
+
135
+ // Trust Tokens internals.
136
+
137
+ struct trust_token_method_st {
138
+ // generate_key generates a fresh keypair and writes their serialized
139
+ // forms into |out_private| and |out_public|. It returns one on success and
140
+ // zero on failure.
141
+ int (*generate_key)(CBB *out_private, CBB *out_public);
142
+
143
+ // client_key_from_bytes decodes a client key from |in| and sets |key|
144
+ // to the resulting key. It returns one on success and zero
145
+ // on failure.
146
+ int (*client_key_from_bytes)(PMBTOKEN_CLIENT_KEY *key, const uint8_t *in,
147
+ size_t len);
148
+
149
+ // issuer_key_from_bytes decodes a issuer key from |in| and sets |key|
150
+ // to the resulting key. It returns one on success and zero
151
+ // on failure.
152
+ int (*issuer_key_from_bytes)(PMBTOKEN_ISSUER_KEY *key, const uint8_t *in,
153
+ size_t len);
154
+
155
+ // blind generates a new issuance request for |count| tokens. On
156
+ // success, it returns a newly-allocated |STACK_OF(PMBTOKEN_PRETOKEN)| and
157
+ // writes a request to the issuer to |cbb|. On failure, it returns NULL. The
158
+ // |STACK_OF(PMBTOKEN_PRETOKEN)|s should be passed to |pmbtoken_unblind| when
159
+ // the server responds.
160
+ //
161
+ // This function implements the AT.Usr0 operation.
162
+ STACK_OF(PMBTOKEN_PRETOKEN) *(*blind)(CBB *cbb, size_t count);
163
+
164
+ // sign parses a request for |num_requested| tokens from |cbs| and
165
+ // issues |num_to_issue| tokens with |key| and a private metadata value of
166
+ // |private_metadata|. It then writes the response to |cbb|. It returns one on
167
+ // success and zero on failure.
168
+ //
169
+ // This function implements the AT.Sig operation.
170
+ int (*sign)(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
171
+ size_t num_requested, size_t num_to_issue,
172
+ uint8_t private_metadata);
173
+
174
+ // unblind processes an issuance response for |count| tokens from |cbs|
175
+ // and unblinds the signed tokens. |pretokens| are the pre-tokens returned
176
+ // from the corresponding |blind| call. On success, the function returns a
177
+ // newly-allocated |STACK_OF(TRUST_TOKEN)| containing the resulting tokens.
178
+ // Each token's serialization will have |key_id| prepended. Otherwise, it
179
+ // returns NULL.
180
+ //
181
+ // This function implements the AT.Usr1 operation.
182
+ STACK_OF(TRUST_TOKEN) *
183
+ (*unblind)(const PMBTOKEN_CLIENT_KEY *key,
184
+ const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens, CBS *cbs,
185
+ size_t count, uint32_t key_id);
186
+
187
+ // read parses a PMBToken from |token| and verifies it using |key|. On
188
+ // success, it returns one and stores the nonce and private metadata bit in
189
+ // |out_nonce| and |*out_private_metadata|. Otherwise, it returns zero. Note
190
+ // that, unlike the output of |unblind|, |token| does not have a
191
+ // four-byte key ID prepended.
192
+ int (*read)(const PMBTOKEN_ISSUER_KEY *key,
193
+ uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
194
+ uint8_t *out_private_metadata, const uint8_t *token,
195
+ size_t token_len);
196
+
197
+ // use_token_hash determines whether to include the token hash in the SRR and
198
+ // private metadata encryption.
199
+ int use_token_hash : 1;
200
+
201
+ // batched_proof determines whether PMBToken uses a batched DLEQOR proof when
202
+ // signing tokens.
203
+ int batched_proof : 1;
204
+ };
205
+
206
+ // Structure representing a single Trust Token public key with the specified ID.
207
+ struct trust_token_client_key_st {
208
+ uint32_t id;
209
+ PMBTOKEN_CLIENT_KEY key;
210
+ };
211
+
212
+ // Structure representing a single Trust Token private key with the specified
213
+ // ID.
214
+ struct trust_token_issuer_key_st {
215
+ uint32_t id;
216
+ PMBTOKEN_ISSUER_KEY key;
217
+ };
218
+
219
+ struct trust_token_client_st {
220
+ const TRUST_TOKEN_METHOD *method;
221
+
222
+ // max_batchsize is the maximum supported batchsize.
223
+ uint16_t max_batchsize;
224
+
225
+ // keys is the set of public keys that are supported by the client for
226
+ // issuance/redemptions.
227
+ struct trust_token_client_key_st keys[3];
228
+
229
+ // num_keys is the number of keys currently configured.
230
+ size_t num_keys;
231
+
232
+ // pretokens is the intermediate state during an active issuance.
233
+ STACK_OF(PMBTOKEN_PRETOKEN)* pretokens;
234
+
235
+ // srr_key is the public key used to verify the signature of the SRR.
236
+ EVP_PKEY *srr_key;
237
+ };
238
+
239
+
240
+ struct trust_token_issuer_st {
241
+ const TRUST_TOKEN_METHOD *method;
242
+
243
+ // max_batchsize is the maximum supported batchsize.
244
+ uint16_t max_batchsize;
245
+
246
+ // keys is the set of private keys that are supported by the issuer for
247
+ // issuance/redemptions. The public metadata is an index into this list of
248
+ // keys.
249
+ struct trust_token_issuer_key_st keys[3];
250
+
251
+ // num_keys is the number of keys currently configured.
252
+ size_t num_keys;
253
+
254
+ // srr_key is the private key used to sign the SRR.
255
+ EVP_PKEY *srr_key;
256
+
257
+ // metadata_key is the secret material used to encode the private metadata bit
258
+ // in the SRR.
259
+ uint8_t *metadata_key;
260
+ size_t metadata_key_len;
261
+ };
262
+
263
+
264
+ #if defined(__cplusplus)
265
+ } // extern C
266
+
267
+ extern "C++" {
268
+
269
+ BSSL_NAMESPACE_BEGIN
270
+
271
+ BORINGSSL_MAKE_DELETER(PMBTOKEN_PRETOKEN, PMBTOKEN_PRETOKEN_free)
272
+
273
+ BSSL_NAMESPACE_END
274
+
275
+ } // extern C++
276
+ #endif
277
+
278
+ #endif // OPENSSL_HEADER_TRUST_TOKEN_INTERNAL_H
@@ -0,0 +1,1474 @@
1
+ /* Copyright (c) 2020, Google Inc.
2
+ *
3
+ * Permission to use, copy, modify, and/or distribute this software for any
4
+ * purpose with or without fee is hereby granted, provided that the above
5
+ * copyright notice and this permission notice appear in all copies.
6
+ *
7
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
+
15
+ #include <openssl/trust_token.h>
16
+
17
+ #include <openssl/bn.h>
18
+ #include <openssl/bytestring.h>
19
+ #include <openssl/ec.h>
20
+ #include <openssl/err.h>
21
+ #include <openssl/mem.h>
22
+ #include <openssl/nid.h>
23
+ #include <openssl/rand.h>
24
+ #include <openssl/sha.h>
25
+
26
+ #include "../ec_extra/internal.h"
27
+ #include "../fipsmodule/bn/internal.h"
28
+ #include "../fipsmodule/ec/internal.h"
29
+
30
+ #include "internal.h"
31
+
32
+
33
+ typedef int (*hash_t_func_t)(const EC_GROUP *group, EC_RAW_POINT *out,
34
+ const uint8_t t[PMBTOKEN_NONCE_SIZE]);
35
+ typedef int (*hash_s_func_t)(const EC_GROUP *group, EC_RAW_POINT *out,
36
+ const EC_AFFINE *t,
37
+ const uint8_t s[PMBTOKEN_NONCE_SIZE]);
38
+ typedef int (*hash_c_func_t)(const EC_GROUP *group, EC_SCALAR *out,
39
+ uint8_t *buf, size_t len);
40
+
41
+ typedef struct {
42
+ const EC_GROUP *group;
43
+ EC_PRECOMP g_precomp;
44
+ EC_PRECOMP h_precomp;
45
+ EC_RAW_POINT h;
46
+ // hash_t implements the H_t operation in PMBTokens. It returns one on success
47
+ // and zero on error.
48
+ hash_t_func_t hash_t;
49
+ // hash_s implements the H_s operation in PMBTokens. It returns one on success
50
+ // and zero on error.
51
+ hash_s_func_t hash_s;
52
+ // hash_c implements the H_c operation in PMBTokens. It returns one on success
53
+ // and zero on error.
54
+ hash_c_func_t hash_c;
55
+ // batched_proof determines whether PMBToken uses a batched DLEQOR proof when
56
+ // signing tokens.
57
+ int batched_proof : 1;
58
+ } PMBTOKEN_METHOD;
59
+
60
+ static const uint8_t kDefaultAdditionalData[32] = {0};
61
+
62
+ static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
63
+ const uint8_t *h_bytes, size_t h_len,
64
+ hash_t_func_t hash_t, hash_s_func_t hash_s,
65
+ hash_c_func_t hash_c, int batched_proof) {
66
+ method->group = EC_GROUP_new_by_curve_name(curve_nid);
67
+ if (method->group == NULL) {
68
+ return 0;
69
+ }
70
+
71
+ method->hash_t = hash_t;
72
+ method->hash_s = hash_s;
73
+ method->hash_c = hash_c;
74
+ method->batched_proof = batched_proof;
75
+
76
+ EC_AFFINE h;
77
+ if (!ec_point_from_uncompressed(method->group, &h, h_bytes, h_len)) {
78
+ return 0;
79
+ }
80
+ ec_affine_to_jacobian(method->group, &method->h, &h);
81
+
82
+ if (!ec_init_precomp(method->group, &method->g_precomp,
83
+ &method->group->generator->raw) ||
84
+ !ec_init_precomp(method->group, &method->h_precomp, &method->h)) {
85
+ return 0;
86
+ }
87
+ return 1;
88
+ }
89
+
90
+ // generate_keypair generates a keypair for the PMBTokens construction.
91
+ // |out_x| and |out_y| are set to the secret half of the keypair, while
92
+ // |*out_pub| is set to the public half of the keypair. It returns one on
93
+ // success and zero on failure.
94
+ static int generate_keypair(const PMBTOKEN_METHOD *method, EC_SCALAR *out_x,
95
+ EC_SCALAR *out_y, EC_RAW_POINT *out_pub) {
96
+ if (!ec_random_nonzero_scalar(method->group, out_x, kDefaultAdditionalData) ||
97
+ !ec_random_nonzero_scalar(method->group, out_y, kDefaultAdditionalData) ||
98
+ !ec_point_mul_scalar_precomp(method->group, out_pub, &method->g_precomp,
99
+ out_x, &method->h_precomp, out_y, NULL,
100
+ NULL)) {
101
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
102
+ return 0;
103
+ }
104
+ return 1;
105
+ }
106
+
107
+ static int point_to_cbb(CBB *out, const EC_GROUP *group,
108
+ const EC_AFFINE *point) {
109
+ size_t len =
110
+ ec_point_to_bytes(group, point, POINT_CONVERSION_UNCOMPRESSED, NULL, 0);
111
+ if (len == 0) {
112
+ return 0;
113
+ }
114
+ uint8_t *p;
115
+ return CBB_add_space(out, &p, len) &&
116
+ ec_point_to_bytes(group, point, POINT_CONVERSION_UNCOMPRESSED, p,
117
+ len) == len;
118
+ }
119
+
120
+ static int cbs_get_prefixed_point(CBS *cbs, const EC_GROUP *group,
121
+ EC_AFFINE *out) {
122
+ CBS child;
123
+ if (!CBS_get_u16_length_prefixed(cbs, &child) ||
124
+ !ec_point_from_uncompressed(group, out, CBS_data(&child),
125
+ CBS_len(&child))) {
126
+ return 0;
127
+ }
128
+ return 1;
129
+ }
130
+
131
+ static int mul_public_3(const EC_GROUP *group, EC_RAW_POINT *out,
132
+ const EC_RAW_POINT *p0, const EC_SCALAR *scalar0,
133
+ const EC_RAW_POINT *p1, const EC_SCALAR *scalar1,
134
+ const EC_RAW_POINT *p2, const EC_SCALAR *scalar2) {
135
+ EC_RAW_POINT points[3] = {*p0, *p1, *p2};
136
+ EC_SCALAR scalars[3] = {*scalar0, *scalar1, *scalar2};
137
+ return ec_point_mul_scalar_public_batch(group, out, /*g_scalar=*/NULL, points,
138
+ scalars, 3);
139
+ }
140
+
141
+ void PMBTOKEN_PRETOKEN_free(PMBTOKEN_PRETOKEN *pretoken) {
142
+ OPENSSL_free(pretoken);
143
+ }
144
+
145
+ static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
146
+ CBB *out_private, CBB *out_public) {
147
+ const EC_GROUP *group = method->group;
148
+ EC_RAW_POINT pub[3];
149
+ EC_SCALAR x0, y0, x1, y1, xs, ys;
150
+ if (!generate_keypair(method, &x0, &y0, &pub[0]) ||
151
+ !generate_keypair(method, &x1, &y1, &pub[1]) ||
152
+ !generate_keypair(method, &xs, &ys, &pub[2])) {
153
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_KEYGEN_FAILURE);
154
+ return 0;
155
+ }
156
+
157
+ const EC_SCALAR *scalars[] = {&x0, &y0, &x1, &y1, &xs, &ys};
158
+ size_t scalar_len = BN_num_bytes(&group->order);
159
+ for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(scalars); i++) {
160
+ uint8_t *buf;
161
+ if (!CBB_add_space(out_private, &buf, scalar_len)) {
162
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BUFFER_TOO_SMALL);
163
+ return 0;
164
+ }
165
+ ec_scalar_to_bytes(group, buf, &scalar_len, scalars[i]);
166
+ }
167
+
168
+ EC_AFFINE pub_affine[3];
169
+ if (!ec_jacobian_to_affine_batch(group, pub_affine, pub, 3)) {
170
+ return 0;
171
+ }
172
+
173
+ // TODO(https://crbug.com/boringssl/331): When updating the key format, remove
174
+ // the redundant length prefixes.
175
+ CBB child;
176
+ if (!CBB_add_u16_length_prefixed(out_public, &child) ||
177
+ !point_to_cbb(&child, group, &pub_affine[0]) ||
178
+ !CBB_add_u16_length_prefixed(out_public, &child) ||
179
+ !point_to_cbb(&child, group, &pub_affine[1]) ||
180
+ !CBB_add_u16_length_prefixed(out_public, &child) ||
181
+ !point_to_cbb(&child, group, &pub_affine[2]) ||
182
+ !CBB_flush(out_public)) {
183
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BUFFER_TOO_SMALL);
184
+ return 0;
185
+ }
186
+
187
+ return 1;
188
+ }
189
+
190
+ static int pmbtoken_client_key_from_bytes(const PMBTOKEN_METHOD *method,
191
+ PMBTOKEN_CLIENT_KEY *key,
192
+ const uint8_t *in, size_t len) {
193
+ // TODO(https://crbug.com/boringssl/331): When updating the key format, remove
194
+ // the redundant length prefixes.
195
+ CBS cbs;
196
+ CBS_init(&cbs, in, len);
197
+ if (!cbs_get_prefixed_point(&cbs, method->group, &key->pub0) ||
198
+ !cbs_get_prefixed_point(&cbs, method->group, &key->pub1) ||
199
+ !cbs_get_prefixed_point(&cbs, method->group, &key->pubs) ||
200
+ CBS_len(&cbs) != 0) {
201
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
202
+ return 0;
203
+ }
204
+
205
+ return 1;
206
+ }
207
+
208
+ static int pmbtoken_issuer_key_from_bytes(const PMBTOKEN_METHOD *method,
209
+ PMBTOKEN_ISSUER_KEY *key,
210
+ const uint8_t *in, size_t len) {
211
+ const EC_GROUP *group = method->group;
212
+ CBS cbs, tmp;
213
+ CBS_init(&cbs, in, len);
214
+ size_t scalar_len = BN_num_bytes(&group->order);
215
+ EC_SCALAR *scalars[] = {&key->x0, &key->y0, &key->x1,
216
+ &key->y1, &key->xs, &key->ys};
217
+ for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(scalars); i++) {
218
+ if (!CBS_get_bytes(&cbs, &tmp, scalar_len) ||
219
+ !ec_scalar_from_bytes(group, scalars[i], CBS_data(&tmp),
220
+ CBS_len(&tmp))) {
221
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
222
+ return 0;
223
+ }
224
+ }
225
+
226
+ // Recompute the public key.
227
+ EC_RAW_POINT pub[3];
228
+ EC_AFFINE pub_affine[3];
229
+ if (!ec_point_mul_scalar_precomp(group, &pub[0], &method->g_precomp, &key->x0,
230
+ &method->h_precomp, &key->y0, NULL, NULL) ||
231
+ !ec_init_precomp(group, &key->pub0_precomp, &pub[0]) ||
232
+ !ec_point_mul_scalar_precomp(group, &pub[1], &method->g_precomp, &key->x1,
233
+ &method->h_precomp, &key->y1, NULL, NULL) ||
234
+ !ec_init_precomp(group, &key->pub1_precomp, &pub[1]) ||
235
+ !ec_point_mul_scalar_precomp(group, &pub[2], &method->g_precomp, &key->xs,
236
+ &method->h_precomp, &key->ys, NULL, NULL) ||
237
+ !ec_init_precomp(group, &key->pubs_precomp, &pub[2]) ||
238
+ !ec_jacobian_to_affine_batch(group, pub_affine, pub, 3)) {
239
+ return 0;
240
+ }
241
+
242
+ key->pub0 = pub_affine[0];
243
+ key->pub1 = pub_affine[1];
244
+ key->pubs = pub_affine[2];
245
+ return 1;
246
+ }
247
+
248
+ static STACK_OF(PMBTOKEN_PRETOKEN) *
249
+ pmbtoken_blind(const PMBTOKEN_METHOD *method, CBB *cbb, size_t count) {
250
+ const EC_GROUP *group = method->group;
251
+ STACK_OF(PMBTOKEN_PRETOKEN) *pretokens = sk_PMBTOKEN_PRETOKEN_new_null();
252
+ if (pretokens == NULL) {
253
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
254
+ goto err;
255
+ }
256
+
257
+ for (size_t i = 0; i < count; i++) {
258
+ // Insert |pretoken| into |pretokens| early to simplify error-handling.
259
+ PMBTOKEN_PRETOKEN *pretoken = OPENSSL_malloc(sizeof(PMBTOKEN_PRETOKEN));
260
+ if (pretoken == NULL ||
261
+ !sk_PMBTOKEN_PRETOKEN_push(pretokens, pretoken)) {
262
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
263
+ PMBTOKEN_PRETOKEN_free(pretoken);
264
+ goto err;
265
+ }
266
+
267
+ RAND_bytes(pretoken->t, sizeof(pretoken->t));
268
+
269
+ // We sample |pretoken->r| in Montgomery form to simplify inverting.
270
+ if (!ec_random_nonzero_scalar(group, &pretoken->r,
271
+ kDefaultAdditionalData)) {
272
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
273
+ goto err;
274
+ }
275
+
276
+ EC_SCALAR rinv;
277
+ ec_scalar_inv0_montgomery(group, &rinv, &pretoken->r);
278
+ // Convert both out of Montgomery form.
279
+ ec_scalar_from_montgomery(group, &pretoken->r, &pretoken->r);
280
+ ec_scalar_from_montgomery(group, &rinv, &rinv);
281
+
282
+ EC_RAW_POINT T, Tp;
283
+ if (!method->hash_t(group, &T, pretoken->t) ||
284
+ !ec_point_mul_scalar(group, &Tp, &T, &rinv) ||
285
+ !ec_jacobian_to_affine(group, &pretoken->Tp, &Tp)) {
286
+ goto err;
287
+ }
288
+
289
+ // TODO(https://crbug.com/boringssl/331): When updating the key format,
290
+ // remove the redundant length prefixes.
291
+ CBB child;
292
+ if (!CBB_add_u16_length_prefixed(cbb, &child) ||
293
+ !point_to_cbb(&child, group, &pretoken->Tp) ||
294
+ !CBB_flush(cbb)) {
295
+ goto err;
296
+ }
297
+ }
298
+
299
+ return pretokens;
300
+
301
+ err:
302
+ sk_PMBTOKEN_PRETOKEN_pop_free(pretokens, PMBTOKEN_PRETOKEN_free);
303
+ return NULL;
304
+ }
305
+
306
+ static int scalar_to_cbb(CBB *out, const EC_GROUP *group,
307
+ const EC_SCALAR *scalar) {
308
+ uint8_t *buf;
309
+ size_t scalar_len = BN_num_bytes(&group->order);
310
+ if (!CBB_add_space(out, &buf, scalar_len)) {
311
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
312
+ return 0;
313
+ }
314
+ ec_scalar_to_bytes(group, buf, &scalar_len, scalar);
315
+ return 1;
316
+ }
317
+
318
+ static int scalar_from_cbs(CBS *cbs, const EC_GROUP *group, EC_SCALAR *out) {
319
+ size_t scalar_len = BN_num_bytes(&group->order);
320
+ CBS tmp;
321
+ if (!CBS_get_bytes(cbs, &tmp, scalar_len)) {
322
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
323
+ return 0;
324
+ }
325
+
326
+ ec_scalar_from_bytes(group, out, CBS_data(&tmp), CBS_len(&tmp));
327
+ return 1;
328
+ }
329
+
330
+ static int hash_c_dleq(const PMBTOKEN_METHOD *method, EC_SCALAR *out,
331
+ const EC_AFFINE *X, const EC_AFFINE *T,
332
+ const EC_AFFINE *S, const EC_AFFINE *W,
333
+ const EC_AFFINE *K0, const EC_AFFINE *K1) {
334
+ static const uint8_t kDLEQ2Label[] = "DLEQ2";
335
+
336
+ int ok = 0;
337
+ CBB cbb;
338
+ CBB_zero(&cbb);
339
+ uint8_t *buf = NULL;
340
+ size_t len;
341
+ if (!CBB_init(&cbb, 0) ||
342
+ !CBB_add_bytes(&cbb, kDLEQ2Label, sizeof(kDLEQ2Label)) ||
343
+ !point_to_cbb(&cbb, method->group, X) ||
344
+ !point_to_cbb(&cbb, method->group, T) ||
345
+ !point_to_cbb(&cbb, method->group, S) ||
346
+ !point_to_cbb(&cbb, method->group, W) ||
347
+ !point_to_cbb(&cbb, method->group, K0) ||
348
+ !point_to_cbb(&cbb, method->group, K1) ||
349
+ !CBB_finish(&cbb, &buf, &len) ||
350
+ !method->hash_c(method->group, out, buf, len)) {
351
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
352
+ goto err;
353
+ }
354
+
355
+ ok = 1;
356
+
357
+ err:
358
+ CBB_cleanup(&cbb);
359
+ OPENSSL_free(buf);
360
+ return ok;
361
+ }
362
+
363
+ static int hash_c_dleqor(const PMBTOKEN_METHOD *method, EC_SCALAR *out,
364
+ const EC_AFFINE *X0, const EC_AFFINE *X1,
365
+ const EC_AFFINE *T, const EC_AFFINE *S,
366
+ const EC_AFFINE *W, const EC_AFFINE *K00,
367
+ const EC_AFFINE *K01, const EC_AFFINE *K10,
368
+ const EC_AFFINE *K11) {
369
+ static const uint8_t kDLEQOR2Label[] = "DLEQOR2";
370
+
371
+ int ok = 0;
372
+ CBB cbb;
373
+ CBB_zero(&cbb);
374
+ uint8_t *buf = NULL;
375
+ size_t len;
376
+ if (!CBB_init(&cbb, 0) ||
377
+ !CBB_add_bytes(&cbb, kDLEQOR2Label, sizeof(kDLEQOR2Label)) ||
378
+ !point_to_cbb(&cbb, method->group, X0) ||
379
+ !point_to_cbb(&cbb, method->group, X1) ||
380
+ !point_to_cbb(&cbb, method->group, T) ||
381
+ !point_to_cbb(&cbb, method->group, S) ||
382
+ !point_to_cbb(&cbb, method->group, W) ||
383
+ !point_to_cbb(&cbb, method->group, K00) ||
384
+ !point_to_cbb(&cbb, method->group, K01) ||
385
+ !point_to_cbb(&cbb, method->group, K10) ||
386
+ !point_to_cbb(&cbb, method->group, K11) ||
387
+ !CBB_finish(&cbb, &buf, &len) ||
388
+ !method->hash_c(method->group, out, buf, len)) {
389
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
390
+ goto err;
391
+ }
392
+
393
+ ok = 1;
394
+
395
+ err:
396
+ CBB_cleanup(&cbb);
397
+ OPENSSL_free(buf);
398
+ return ok;
399
+ }
400
+
401
+ static int hash_c_batch(const PMBTOKEN_METHOD *method, EC_SCALAR *out,
402
+ const CBB *points, size_t index) {
403
+ static const uint8_t kDLEQBatchLabel[] = "DLEQ BATCH";
404
+ if (index > 0xffff) {
405
+ // The protocol supports only two-byte batches.
406
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
407
+ return 0;
408
+ }
409
+
410
+ int ok = 0;
411
+ CBB cbb;
412
+ CBB_zero(&cbb);
413
+ uint8_t *buf = NULL;
414
+ size_t len;
415
+ if (!CBB_init(&cbb, 0) ||
416
+ !CBB_add_bytes(&cbb, kDLEQBatchLabel, sizeof(kDLEQBatchLabel)) ||
417
+ !CBB_add_bytes(&cbb, CBB_data(points), CBB_len(points)) ||
418
+ !CBB_add_u16(&cbb, (uint16_t)index) ||
419
+ !CBB_finish(&cbb, &buf, &len) ||
420
+ !method->hash_c(method->group, out, buf, len)) {
421
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
422
+ goto err;
423
+ }
424
+
425
+ ok = 1;
426
+
427
+ err:
428
+ CBB_cleanup(&cbb);
429
+ OPENSSL_free(buf);
430
+ return ok;
431
+ }
432
+
433
+ // The DLEQ2 and DLEQOR2 constructions are described in appendix B of
434
+ // https://eprint.iacr.org/2020/072/20200324:214215. DLEQ2 is an instance of
435
+ // DLEQOR2 with only one value (n=1).
436
+
437
+ static int dleq_generate(const PMBTOKEN_METHOD *method, CBB *cbb,
438
+ const PMBTOKEN_ISSUER_KEY *priv, const EC_RAW_POINT *T,
439
+ const EC_RAW_POINT *S, const EC_RAW_POINT *W,
440
+ const EC_RAW_POINT *Ws, uint8_t private_metadata) {
441
+ const EC_GROUP *group = method->group;
442
+
443
+ // We generate a DLEQ proof for the validity token and a DLEQOR2 proof for the
444
+ // private metadata token. To allow amortizing Jacobian-to-affine conversions,
445
+ // we compute Ki for both proofs first.
446
+ enum {
447
+ idx_T,
448
+ idx_S,
449
+ idx_W,
450
+ idx_Ws,
451
+ idx_Ks0,
452
+ idx_Ks1,
453
+ idx_Kb0,
454
+ idx_Kb1,
455
+ idx_Ko0,
456
+ idx_Ko1,
457
+ num_idx,
458
+ };
459
+ EC_RAW_POINT jacobians[num_idx];
460
+
461
+ // Setup the DLEQ proof.
462
+ EC_SCALAR ks0, ks1;
463
+ if (// ks0, ks1 <- Zp
464
+ !ec_random_nonzero_scalar(group, &ks0, kDefaultAdditionalData) ||
465
+ !ec_random_nonzero_scalar(group, &ks1, kDefaultAdditionalData) ||
466
+ // Ks = ks0*(G;T) + ks1*(H;S)
467
+ !ec_point_mul_scalar_precomp(group, &jacobians[idx_Ks0],
468
+ &method->g_precomp, &ks0, &method->h_precomp,
469
+ &ks1, NULL, NULL) ||
470
+ !ec_point_mul_scalar_batch(group, &jacobians[idx_Ks1], T, &ks0, S, &ks1,
471
+ NULL, NULL)) {
472
+ return 0;
473
+ }
474
+
475
+ // Setup the DLEQOR proof. First, select values of xb, yb (keys corresponding
476
+ // to the private metadata value) and pubo (public key corresponding to the
477
+ // other value) in constant time.
478
+ BN_ULONG mask = ((BN_ULONG)0) - (private_metadata & 1);
479
+ EC_PRECOMP pubo_precomp;
480
+ EC_SCALAR xb, yb;
481
+ ec_scalar_select(group, &xb, mask, &priv->x1, &priv->x0);
482
+ ec_scalar_select(group, &yb, mask, &priv->y1, &priv->y0);
483
+ ec_precomp_select(group, &pubo_precomp, mask, &priv->pub0_precomp,
484
+ &priv->pub1_precomp);
485
+
486
+ EC_SCALAR k0, k1, minus_co, uo, vo;
487
+ if (// k0, k1 <- Zp
488
+ !ec_random_nonzero_scalar(group, &k0, kDefaultAdditionalData) ||
489
+ !ec_random_nonzero_scalar(group, &k1, kDefaultAdditionalData) ||
490
+ // Kb = k0*(G;T) + k1*(H;S)
491
+ !ec_point_mul_scalar_precomp(group, &jacobians[idx_Kb0],
492
+ &method->g_precomp, &k0, &method->h_precomp,
493
+ &k1, NULL, NULL) ||
494
+ !ec_point_mul_scalar_batch(group, &jacobians[idx_Kb1], T, &k0, S, &k1,
495
+ NULL, NULL) ||
496
+ // co, uo, vo <- Zp
497
+ !ec_random_nonzero_scalar(group, &minus_co, kDefaultAdditionalData) ||
498
+ !ec_random_nonzero_scalar(group, &uo, kDefaultAdditionalData) ||
499
+ !ec_random_nonzero_scalar(group, &vo, kDefaultAdditionalData) ||
500
+ // Ko = uo*(G;T) + vo*(H;S) - co*(pubo;W)
501
+ !ec_point_mul_scalar_precomp(group, &jacobians[idx_Ko0],
502
+ &method->g_precomp, &uo, &method->h_precomp,
503
+ &vo, &pubo_precomp, &minus_co) ||
504
+ !ec_point_mul_scalar_batch(group, &jacobians[idx_Ko1], T, &uo, S, &vo, W,
505
+ &minus_co)) {
506
+ return 0;
507
+ }
508
+
509
+ EC_AFFINE affines[num_idx];
510
+ jacobians[idx_T] = *T;
511
+ jacobians[idx_S] = *S;
512
+ jacobians[idx_W] = *W;
513
+ jacobians[idx_Ws] = *Ws;
514
+ if (!ec_jacobian_to_affine_batch(group, affines, jacobians, num_idx)) {
515
+ return 0;
516
+ }
517
+
518
+ // Select the K corresponding to K0 and K1 in constant-time.
519
+ EC_AFFINE K00, K01, K10, K11;
520
+ ec_affine_select(group, &K00, mask, &affines[idx_Ko0], &affines[idx_Kb0]);
521
+ ec_affine_select(group, &K01, mask, &affines[idx_Ko1], &affines[idx_Kb1]);
522
+ ec_affine_select(group, &K10, mask, &affines[idx_Kb0], &affines[idx_Ko0]);
523
+ ec_affine_select(group, &K11, mask, &affines[idx_Kb1], &affines[idx_Ko1]);
524
+
525
+ // Compute c = Hc(...) for the two proofs.
526
+ EC_SCALAR cs, c;
527
+ if (!hash_c_dleq(method, &cs, &priv->pubs, &affines[idx_T], &affines[idx_S],
528
+ &affines[idx_Ws], &affines[idx_Ks0], &affines[idx_Ks1]) ||
529
+ !hash_c_dleqor(method, &c, &priv->pub0, &priv->pub1, &affines[idx_T],
530
+ &affines[idx_S], &affines[idx_W], &K00, &K01, &K10,
531
+ &K11)) {
532
+ return 0;
533
+ }
534
+
535
+ // Compute cb, ub, and ub for the two proofs. In each of these products, only
536
+ // one operand is in Montgomery form, so the product does not need to be
537
+ // converted.
538
+
539
+ EC_SCALAR cs_mont;
540
+ ec_scalar_to_montgomery(group, &cs_mont, &cs);
541
+
542
+ // us = ks0 + cs*xs
543
+ EC_SCALAR us, vs;
544
+ ec_scalar_mul_montgomery(group, &us, &priv->xs, &cs_mont);
545
+ ec_scalar_add(group, &us, &ks0, &us);
546
+
547
+ // vs = ks1 + cs*ys
548
+ ec_scalar_mul_montgomery(group, &vs, &priv->ys, &cs_mont);
549
+ ec_scalar_add(group, &vs, &ks1, &vs);
550
+
551
+ // Store DLEQ2 proof in transcript.
552
+ if (!scalar_to_cbb(cbb, group, &cs) ||
553
+ !scalar_to_cbb(cbb, group, &us) ||
554
+ !scalar_to_cbb(cbb, group, &vs)) {
555
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
556
+ return 0;
557
+ }
558
+
559
+ // cb = c - co
560
+ EC_SCALAR cb, ub, vb;
561
+ ec_scalar_add(group, &cb, &c, &minus_co);
562
+
563
+ EC_SCALAR cb_mont;
564
+ ec_scalar_to_montgomery(group, &cb_mont, &cb);
565
+
566
+ // ub = k0 + cb*xb
567
+ ec_scalar_mul_montgomery(group, &ub, &xb, &cb_mont);
568
+ ec_scalar_add(group, &ub, &k0, &ub);
569
+
570
+ // vb = k1 + cb*yb
571
+ ec_scalar_mul_montgomery(group, &vb, &yb, &cb_mont);
572
+ ec_scalar_add(group, &vb, &k1, &vb);
573
+
574
+ // Select c, u, v in constant-time.
575
+ EC_SCALAR co, c0, c1, u0, u1, v0, v1;
576
+ ec_scalar_neg(group, &co, &minus_co);
577
+ ec_scalar_select(group, &c0, mask, &co, &cb);
578
+ ec_scalar_select(group, &u0, mask, &uo, &ub);
579
+ ec_scalar_select(group, &v0, mask, &vo, &vb);
580
+ ec_scalar_select(group, &c1, mask, &cb, &co);
581
+ ec_scalar_select(group, &u1, mask, &ub, &uo);
582
+ ec_scalar_select(group, &v1, mask, &vb, &vo);
583
+
584
+ // Store DLEQOR2 proof in transcript.
585
+ if (!scalar_to_cbb(cbb, group, &c0) ||
586
+ !scalar_to_cbb(cbb, group, &c1) ||
587
+ !scalar_to_cbb(cbb, group, &u0) ||
588
+ !scalar_to_cbb(cbb, group, &u1) ||
589
+ !scalar_to_cbb(cbb, group, &v0) ||
590
+ !scalar_to_cbb(cbb, group, &v1)) {
591
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
592
+ return 0;
593
+ }
594
+
595
+ return 1;
596
+ }
597
+
598
+ static int dleq_verify(const PMBTOKEN_METHOD *method, CBS *cbs,
599
+ const PMBTOKEN_CLIENT_KEY *pub, const EC_RAW_POINT *T,
600
+ const EC_RAW_POINT *S, const EC_RAW_POINT *W,
601
+ const EC_RAW_POINT *Ws) {
602
+ const EC_GROUP *group = method->group;
603
+ const EC_RAW_POINT *g = &group->generator->raw;
604
+
605
+ // We verify a DLEQ proof for the validity token and a DLEQOR2 proof for the
606
+ // private metadata token. To allow amortizing Jacobian-to-affine conversions,
607
+ // we compute Ki for both proofs first. Additionally, all inputs to this
608
+ // function are public, so we can use the faster variable-time
609
+ // multiplications.
610
+ enum {
611
+ idx_T,
612
+ idx_S,
613
+ idx_W,
614
+ idx_Ws,
615
+ idx_Ks0,
616
+ idx_Ks1,
617
+ idx_K00,
618
+ idx_K01,
619
+ idx_K10,
620
+ idx_K11,
621
+ num_idx,
622
+ };
623
+ EC_RAW_POINT jacobians[num_idx];
624
+
625
+ // Decode the DLEQ proof.
626
+ EC_SCALAR cs, us, vs;
627
+ if (!scalar_from_cbs(cbs, group, &cs) ||
628
+ !scalar_from_cbs(cbs, group, &us) ||
629
+ !scalar_from_cbs(cbs, group, &vs)) {
630
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
631
+ return 0;
632
+ }
633
+
634
+ // Ks = us*(G;T) + vs*(H;S) - cs*(pubs;Ws)
635
+ EC_RAW_POINT pubs;
636
+ ec_affine_to_jacobian(group, &pubs, &pub->pubs);
637
+ EC_SCALAR minus_cs;
638
+ ec_scalar_neg(group, &minus_cs, &cs);
639
+ if (!mul_public_3(group, &jacobians[idx_Ks0], g, &us, &method->h, &vs, &pubs,
640
+ &minus_cs) ||
641
+ !mul_public_3(group, &jacobians[idx_Ks1], T, &us, S, &vs, Ws,
642
+ &minus_cs)) {
643
+ return 0;
644
+ }
645
+
646
+ // Decode the DLEQOR proof.
647
+ EC_SCALAR c0, c1, u0, u1, v0, v1;
648
+ if (!scalar_from_cbs(cbs, group, &c0) ||
649
+ !scalar_from_cbs(cbs, group, &c1) ||
650
+ !scalar_from_cbs(cbs, group, &u0) ||
651
+ !scalar_from_cbs(cbs, group, &u1) ||
652
+ !scalar_from_cbs(cbs, group, &v0) ||
653
+ !scalar_from_cbs(cbs, group, &v1)) {
654
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
655
+ return 0;
656
+ }
657
+
658
+ EC_RAW_POINT pub0, pub1;
659
+ ec_affine_to_jacobian(group, &pub0, &pub->pub0);
660
+ ec_affine_to_jacobian(group, &pub1, &pub->pub1);
661
+ EC_SCALAR minus_c0, minus_c1;
662
+ ec_scalar_neg(group, &minus_c0, &c0);
663
+ ec_scalar_neg(group, &minus_c1, &c1);
664
+ if (// K0 = u0*(G;T) + v0*(H;S) - c0*(pub0;W)
665
+ !mul_public_3(group, &jacobians[idx_K00], g, &u0, &method->h, &v0, &pub0,
666
+ &minus_c0) ||
667
+ !mul_public_3(group, &jacobians[idx_K01], T, &u0, S, &v0, W, &minus_c0) ||
668
+ // K1 = u1*(G;T) + v1*(H;S) - c1*(pub1;W)
669
+ !mul_public_3(group, &jacobians[idx_K10], g, &u1, &method->h, &v1, &pub1,
670
+ &minus_c1) ||
671
+ !mul_public_3(group, &jacobians[idx_K11], T, &u1, S, &v1, W, &minus_c1)) {
672
+ return 0;
673
+ }
674
+
675
+ EC_AFFINE affines[num_idx];
676
+ jacobians[idx_T] = *T;
677
+ jacobians[idx_S] = *S;
678
+ jacobians[idx_W] = *W;
679
+ jacobians[idx_Ws] = *Ws;
680
+ if (!ec_jacobian_to_affine_batch(group, affines, jacobians, num_idx)) {
681
+ return 0;
682
+ }
683
+
684
+ // Check the DLEQ proof.
685
+ EC_SCALAR calculated;
686
+ if (!hash_c_dleq(method, &calculated, &pub->pubs, &affines[idx_T],
687
+ &affines[idx_S], &affines[idx_Ws], &affines[idx_Ks0],
688
+ &affines[idx_Ks1])) {
689
+ return 0;
690
+ }
691
+
692
+ // cs == calculated
693
+ if (!ec_scalar_equal_vartime(group, &cs, &calculated)) {
694
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_PROOF);
695
+ return 0;
696
+ }
697
+
698
+ // Check the DLEQOR proof.
699
+ if (!hash_c_dleqor(method, &calculated, &pub->pub0, &pub->pub1,
700
+ &affines[idx_T], &affines[idx_S], &affines[idx_W],
701
+ &affines[idx_K00], &affines[idx_K01], &affines[idx_K10],
702
+ &affines[idx_K11])) {
703
+ return 0;
704
+ }
705
+
706
+ // c0 + c1 == calculated
707
+ EC_SCALAR c;
708
+ ec_scalar_add(group, &c, &c0, &c1);
709
+ if (!ec_scalar_equal_vartime(group, &c, &calculated)) {
710
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_PROOF);
711
+ return 0;
712
+ }
713
+
714
+ return 1;
715
+ }
716
+
717
+ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
718
+ const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
719
+ size_t num_requested, size_t num_to_issue,
720
+ uint8_t private_metadata) {
721
+ const EC_GROUP *group = method->group;
722
+ if (num_requested < num_to_issue) {
723
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
724
+ return 0;
725
+ }
726
+
727
+ int ret = 0;
728
+ EC_RAW_POINT *Tps = NULL;
729
+ EC_RAW_POINT *Sps = NULL;
730
+ EC_RAW_POINT *Wps = NULL;
731
+ EC_RAW_POINT *Wsps = NULL;
732
+ EC_SCALAR *es = NULL;
733
+ CBB batch_cbb;
734
+ CBB_zero(&batch_cbb);
735
+ if (method->batched_proof) {
736
+ if (num_to_issue > ((size_t)-1) / sizeof(EC_RAW_POINT) ||
737
+ num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) {
738
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
739
+ goto err;
740
+ }
741
+ Tps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
742
+ Sps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
743
+ Wps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
744
+ Wsps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
745
+ es = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR));
746
+ if (!Tps ||
747
+ !Sps ||
748
+ !Wps ||
749
+ !Wsps ||
750
+ !es ||
751
+ !CBB_init(&batch_cbb, 0) ||
752
+ !point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
753
+ !point_to_cbb(&batch_cbb, method->group, &key->pub0) ||
754
+ !point_to_cbb(&batch_cbb, method->group, &key->pub1)) {
755
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
756
+ goto err;
757
+ }
758
+ }
759
+
760
+ for (size_t i = 0; i < num_to_issue; i++) {
761
+ EC_AFFINE Tp_affine;
762
+ EC_RAW_POINT Tp;
763
+ if (!cbs_get_prefixed_point(cbs, group, &Tp_affine)) {
764
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
765
+ goto err;
766
+ }
767
+ ec_affine_to_jacobian(group, &Tp, &Tp_affine);
768
+
769
+ EC_SCALAR xb, yb;
770
+ BN_ULONG mask = ((BN_ULONG)0) - (private_metadata & 1);
771
+ ec_scalar_select(group, &xb, mask, &key->x1, &key->x0);
772
+ ec_scalar_select(group, &yb, mask, &key->y1, &key->y0);
773
+
774
+ uint8_t s[PMBTOKEN_NONCE_SIZE];
775
+ RAND_bytes(s, PMBTOKEN_NONCE_SIZE);
776
+ // The |jacobians| and |affines| contain Sp, Wp, and Wsp.
777
+ EC_RAW_POINT jacobians[3];
778
+ EC_AFFINE affines[3];
779
+ CBB child;
780
+ if (!method->hash_s(group, &jacobians[0], &Tp_affine, s) ||
781
+ !ec_point_mul_scalar_batch(group, &jacobians[1], &Tp, &xb,
782
+ &jacobians[0], &yb, NULL, NULL) ||
783
+ !ec_point_mul_scalar_batch(group, &jacobians[2], &Tp, &key->xs,
784
+ &jacobians[0], &key->ys, NULL, NULL) ||
785
+ !ec_jacobian_to_affine_batch(group, affines, jacobians, 3) ||
786
+ !CBB_add_bytes(cbb, s, PMBTOKEN_NONCE_SIZE) ||
787
+ // TODO(https://crbug.com/boringssl/331): When updating the key format,
788
+ // remove the redundant length prefixes.
789
+ !CBB_add_u16_length_prefixed(cbb, &child) ||
790
+ !point_to_cbb(&child, group, &affines[1]) ||
791
+ !CBB_add_u16_length_prefixed(cbb, &child) ||
792
+ !point_to_cbb(&child, group, &affines[2])) {
793
+ goto err;
794
+ }
795
+
796
+ if (!method->batched_proof) {
797
+ if (!CBB_add_u16_length_prefixed(cbb, &child) ||
798
+ !dleq_generate(method, &child, key, &Tp, &jacobians[0], &jacobians[1],
799
+ &jacobians[2], private_metadata)) {
800
+ goto err;
801
+ }
802
+ } else {
803
+ if (!point_to_cbb(&batch_cbb, group, &Tp_affine) ||
804
+ !point_to_cbb(&batch_cbb, group, &affines[0]) ||
805
+ !point_to_cbb(&batch_cbb, group, &affines[1]) ||
806
+ !point_to_cbb(&batch_cbb, group, &affines[2])) {
807
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
808
+ goto err;
809
+ }
810
+ Tps[i] = Tp;
811
+ Sps[i] = jacobians[0];
812
+ Wps[i] = jacobians[1];
813
+ Wsps[i] = jacobians[2];
814
+ }
815
+
816
+ if (!CBB_flush(cbb)) {
817
+ goto err;
818
+ }
819
+ }
820
+
821
+ // The DLEQ batching construction is described in appendix B of
822
+ // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional
823
+ // computations all act on public inputs.
824
+ if (method->batched_proof) {
825
+ for (size_t i = 0; i < num_to_issue; i++) {
826
+ if (!hash_c_batch(method, &es[i], &batch_cbb, i)) {
827
+ goto err;
828
+ }
829
+ }
830
+
831
+ EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch;
832
+ if (!ec_point_mul_scalar_public_batch(group, &Tp_batch,
833
+ /*g_scalar=*/NULL, Tps, es,
834
+ num_to_issue) ||
835
+ !ec_point_mul_scalar_public_batch(group, &Sp_batch,
836
+ /*g_scalar=*/NULL, Sps, es,
837
+ num_to_issue) ||
838
+ !ec_point_mul_scalar_public_batch(group, &Wp_batch,
839
+ /*g_scalar=*/NULL, Wps, es,
840
+ num_to_issue) ||
841
+ !ec_point_mul_scalar_public_batch(group, &Wsp_batch,
842
+ /*g_scalar=*/NULL, Wsps, es,
843
+ num_to_issue)) {
844
+ goto err;
845
+ }
846
+
847
+ CBB proof;
848
+ if (!CBB_add_u16_length_prefixed(cbb, &proof) ||
849
+ !dleq_generate(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch,
850
+ &Wsp_batch, private_metadata) ||
851
+ !CBB_flush(cbb)) {
852
+ goto err;
853
+ }
854
+ }
855
+
856
+ // Skip over any unused requests.
857
+ size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
858
+ if (!CBS_skip(cbs, (2 + point_len) * (num_requested - num_to_issue))) {
859
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
860
+ goto err;
861
+ }
862
+
863
+ ret = 1;
864
+
865
+ err:
866
+ OPENSSL_free(Tps);
867
+ OPENSSL_free(Sps);
868
+ OPENSSL_free(Wps);
869
+ OPENSSL_free(Wsps);
870
+ OPENSSL_free(es);
871
+ CBB_cleanup(&batch_cbb);
872
+ return ret;
873
+ }
874
+
875
+ static STACK_OF(TRUST_TOKEN) *
876
+ pmbtoken_unblind(const PMBTOKEN_METHOD *method,
877
+ const PMBTOKEN_CLIENT_KEY *key,
878
+ const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens, CBS *cbs,
879
+ size_t count, uint32_t key_id) {
880
+ const EC_GROUP *group = method->group;
881
+ if (count > sk_PMBTOKEN_PRETOKEN_num(pretokens)) {
882
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
883
+ return NULL;
884
+ }
885
+
886
+ int ok = 0;
887
+ STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null();
888
+ if (ret == NULL) {
889
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
890
+ return NULL;
891
+ }
892
+
893
+ EC_RAW_POINT *Tps = NULL;
894
+ EC_RAW_POINT *Sps = NULL;
895
+ EC_RAW_POINT *Wps = NULL;
896
+ EC_RAW_POINT *Wsps = NULL;
897
+ EC_SCALAR *es = NULL;
898
+ CBB batch_cbb;
899
+ CBB_zero(&batch_cbb);
900
+ if (method->batched_proof) {
901
+ if (count > ((size_t)-1) / sizeof(EC_RAW_POINT) ||
902
+ count > ((size_t)-1) / sizeof(EC_SCALAR)) {
903
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
904
+ goto err;
905
+ }
906
+ Tps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
907
+ Sps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
908
+ Wps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
909
+ Wsps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
910
+ es = OPENSSL_malloc(count * sizeof(EC_SCALAR));
911
+ if (!Tps ||
912
+ !Sps ||
913
+ !Wps ||
914
+ !Wsps ||
915
+ !es ||
916
+ !CBB_init(&batch_cbb, 0) ||
917
+ !point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
918
+ !point_to_cbb(&batch_cbb, method->group, &key->pub0) ||
919
+ !point_to_cbb(&batch_cbb, method->group, &key->pub1)) {
920
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
921
+ goto err;
922
+ }
923
+ }
924
+
925
+ for (size_t i = 0; i < count; i++) {
926
+ const PMBTOKEN_PRETOKEN *pretoken =
927
+ sk_PMBTOKEN_PRETOKEN_value(pretokens, i);
928
+
929
+ uint8_t s[PMBTOKEN_NONCE_SIZE];
930
+ EC_AFFINE Wp_affine, Wsp_affine;
931
+ CBS proof;
932
+ if (!CBS_copy_bytes(cbs, s, PMBTOKEN_NONCE_SIZE) ||
933
+ !cbs_get_prefixed_point(cbs, group, &Wp_affine) ||
934
+ !cbs_get_prefixed_point(cbs, group, &Wsp_affine)) {
935
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
936
+ goto err;
937
+ }
938
+
939
+ EC_RAW_POINT Tp, Wp, Wsp, Sp;
940
+ ec_affine_to_jacobian(group, &Tp, &pretoken->Tp);
941
+ ec_affine_to_jacobian(group, &Wp, &Wp_affine);
942
+ ec_affine_to_jacobian(group, &Wsp, &Wsp_affine);
943
+ if (!method->hash_s(group, &Sp, &pretoken->Tp, s)) {
944
+ goto err;
945
+ }
946
+
947
+ if (!method->batched_proof) {
948
+ if(!CBS_get_u16_length_prefixed(cbs, &proof)) {
949
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
950
+ goto err;
951
+ }
952
+
953
+ if (!dleq_verify(method, &proof, key, &Tp, &Sp, &Wp, &Wsp)) {
954
+ goto err;
955
+ }
956
+
957
+ if (CBS_len(&proof) != 0) {
958
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
959
+ goto err;
960
+ }
961
+ } else {
962
+ EC_AFFINE Sp_affine;
963
+ if (!point_to_cbb(&batch_cbb, group, &pretoken->Tp) ||
964
+ !ec_jacobian_to_affine(group, &Sp_affine, &Sp) ||
965
+ !point_to_cbb(&batch_cbb, group, &Sp_affine) ||
966
+ !point_to_cbb(&batch_cbb, group, &Wp_affine) ||
967
+ !point_to_cbb(&batch_cbb, group, &Wsp_affine)) {
968
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
969
+ goto err;
970
+ }
971
+ Tps[i] = Tp;
972
+ Sps[i] = Sp;
973
+ Wps[i] = Wp;
974
+ Wsps[i] = Wsp;
975
+ }
976
+
977
+ // Unblind the token.
978
+ EC_RAW_POINT jacobians[3];
979
+ EC_AFFINE affines[3];
980
+ if (!ec_point_mul_scalar(group, &jacobians[0], &Sp, &pretoken->r) ||
981
+ !ec_point_mul_scalar(group, &jacobians[1], &Wp, &pretoken->r) ||
982
+ !ec_point_mul_scalar(group, &jacobians[2], &Wsp, &pretoken->r) ||
983
+ !ec_jacobian_to_affine_batch(group, affines, jacobians, 3)) {
984
+ goto err;
985
+ }
986
+
987
+ // Serialize the token. Include |key_id| to avoid an extra copy in the layer
988
+ // above.
989
+ CBB token_cbb, child;
990
+ size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
991
+ if (!CBB_init(&token_cbb, 4 + PMBTOKEN_NONCE_SIZE + 3 * (2 + point_len)) ||
992
+ !CBB_add_u32(&token_cbb, key_id) ||
993
+ !CBB_add_bytes(&token_cbb, pretoken->t, PMBTOKEN_NONCE_SIZE) ||
994
+ // TODO(https://crbug.com/boringssl/331): When updating the key format,
995
+ // remove the redundant length prefixes.
996
+ !CBB_add_u16_length_prefixed(&token_cbb, &child) ||
997
+ !point_to_cbb(&child, group, &affines[0]) ||
998
+ !CBB_add_u16_length_prefixed(&token_cbb, &child) ||
999
+ !point_to_cbb(&child, group, &affines[1]) ||
1000
+ !CBB_add_u16_length_prefixed(&token_cbb, &child) ||
1001
+ !point_to_cbb(&child, group, &affines[2]) ||
1002
+ !CBB_flush(&token_cbb)) {
1003
+ CBB_cleanup(&token_cbb);
1004
+ goto err;
1005
+ }
1006
+
1007
+ TRUST_TOKEN *token =
1008
+ TRUST_TOKEN_new(CBB_data(&token_cbb), CBB_len(&token_cbb));
1009
+ CBB_cleanup(&token_cbb);
1010
+ if (token == NULL ||
1011
+ !sk_TRUST_TOKEN_push(ret, token)) {
1012
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
1013
+ TRUST_TOKEN_free(token);
1014
+ goto err;
1015
+ }
1016
+ }
1017
+
1018
+ // The DLEQ batching construction is described in appendix B of
1019
+ // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional
1020
+ // computations all act on public inputs.
1021
+ if (method->batched_proof) {
1022
+ for (size_t i = 0; i < count; i++) {
1023
+ if (!hash_c_batch(method, &es[i], &batch_cbb, i)) {
1024
+ goto err;
1025
+ }
1026
+ }
1027
+
1028
+ EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch;
1029
+ if (!ec_point_mul_scalar_public_batch(group, &Tp_batch,
1030
+ /*g_scalar=*/NULL, Tps, es, count) ||
1031
+ !ec_point_mul_scalar_public_batch(group, &Sp_batch,
1032
+ /*g_scalar=*/NULL, Sps, es, count) ||
1033
+ !ec_point_mul_scalar_public_batch(group, &Wp_batch,
1034
+ /*g_scalar=*/NULL, Wps, es, count) ||
1035
+ !ec_point_mul_scalar_public_batch(group, &Wsp_batch,
1036
+ /*g_scalar=*/NULL, Wsps, es, count)) {
1037
+ goto err;
1038
+ }
1039
+
1040
+ CBS proof;
1041
+ if (!CBS_get_u16_length_prefixed(cbs, &proof) ||
1042
+ !dleq_verify(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch,
1043
+ &Wsp_batch) ||
1044
+ CBS_len(&proof) != 0) {
1045
+ goto err;
1046
+ }
1047
+ }
1048
+
1049
+ ok = 1;
1050
+
1051
+ err:
1052
+ OPENSSL_free(Tps);
1053
+ OPENSSL_free(Sps);
1054
+ OPENSSL_free(Wps);
1055
+ OPENSSL_free(Wsps);
1056
+ OPENSSL_free(es);
1057
+ CBB_cleanup(&batch_cbb);
1058
+ if (!ok) {
1059
+ sk_TRUST_TOKEN_pop_free(ret, TRUST_TOKEN_free);
1060
+ ret = NULL;
1061
+ }
1062
+ return ret;
1063
+ }
1064
+
1065
+ static int pmbtoken_read(const PMBTOKEN_METHOD *method,
1066
+ const PMBTOKEN_ISSUER_KEY *key,
1067
+ uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
1068
+ uint8_t *out_private_metadata, const uint8_t *token,
1069
+ size_t token_len) {
1070
+ const EC_GROUP *group = method->group;
1071
+ CBS cbs;
1072
+ CBS_init(&cbs, token, token_len);
1073
+ EC_AFFINE S, W, Ws;
1074
+ if (!CBS_copy_bytes(&cbs, out_nonce, PMBTOKEN_NONCE_SIZE) ||
1075
+ !cbs_get_prefixed_point(&cbs, group, &S) ||
1076
+ !cbs_get_prefixed_point(&cbs, group, &W) ||
1077
+ !cbs_get_prefixed_point(&cbs, group, &Ws) ||
1078
+ CBS_len(&cbs) != 0) {
1079
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN);
1080
+ return 0;
1081
+ }
1082
+
1083
+
1084
+ EC_RAW_POINT T;
1085
+ if (!method->hash_t(group, &T, out_nonce)) {
1086
+ return 0;
1087
+ }
1088
+
1089
+ // We perform three multiplications with S and T. This is enough that it is
1090
+ // worth using |ec_point_mul_scalar_precomp|.
1091
+ EC_RAW_POINT S_jacobian;
1092
+ EC_PRECOMP S_precomp, T_precomp;
1093
+ ec_affine_to_jacobian(group, &S_jacobian, &S);
1094
+ if (!ec_init_precomp(group, &S_precomp, &S_jacobian) ||
1095
+ !ec_init_precomp(group, &T_precomp, &T)) {
1096
+ return 0;
1097
+ }
1098
+
1099
+ EC_RAW_POINT Ws_calculated;
1100
+ // Check the validity of the token.
1101
+ if (!ec_point_mul_scalar_precomp(group, &Ws_calculated, &T_precomp, &key->xs,
1102
+ &S_precomp, &key->ys, NULL, NULL) ||
1103
+ !ec_affine_jacobian_equal(group, &Ws, &Ws_calculated)) {
1104
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BAD_VALIDITY_CHECK);
1105
+ return 0;
1106
+ }
1107
+
1108
+ EC_RAW_POINT W0, W1;
1109
+ if (!ec_point_mul_scalar_precomp(group, &W0, &T_precomp, &key->x0, &S_precomp,
1110
+ &key->y0, NULL, NULL) ||
1111
+ !ec_point_mul_scalar_precomp(group, &W1, &T_precomp, &key->x1, &S_precomp,
1112
+ &key->y1, NULL, NULL)) {
1113
+ return 0;
1114
+ }
1115
+
1116
+ const int is_W0 = ec_affine_jacobian_equal(group, &W, &W0);
1117
+ const int is_W1 = ec_affine_jacobian_equal(group, &W, &W1);
1118
+ const int is_valid = is_W0 ^ is_W1;
1119
+ if (!is_valid) {
1120
+ // Invalid tokens will fail the validity check above.
1121
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
1122
+ return 0;
1123
+ }
1124
+
1125
+ *out_private_metadata = is_W1;
1126
+ return 1;
1127
+ }
1128
+
1129
+
1130
+ // PMBTokens experiment v0.
1131
+
1132
+ static int pmbtoken_exp0_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
1133
+ const uint8_t t[PMBTOKEN_NONCE_SIZE]) {
1134
+ const uint8_t kHashTLabel[] = "PMBTokensV0 HashT";
1135
+ return ec_hash_to_curve_p521_xmd_sha512_sswu_draft06(
1136
+ group, out, kHashTLabel, sizeof(kHashTLabel), t, PMBTOKEN_NONCE_SIZE);
1137
+ }
1138
+
1139
+ static int pmbtoken_exp0_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
1140
+ const EC_AFFINE *t,
1141
+ const uint8_t s[PMBTOKEN_NONCE_SIZE]) {
1142
+ const uint8_t kHashSLabel[] = "PMBTokensV0 HashS";
1143
+ int ret = 0;
1144
+ CBB cbb;
1145
+ uint8_t *buf = NULL;
1146
+ size_t len;
1147
+ if (!CBB_init(&cbb, 0) ||
1148
+ !point_to_cbb(&cbb, group, t) ||
1149
+ !CBB_add_bytes(&cbb, s, PMBTOKEN_NONCE_SIZE) ||
1150
+ !CBB_finish(&cbb, &buf, &len) ||
1151
+ !ec_hash_to_curve_p521_xmd_sha512_sswu_draft06(
1152
+ group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
1153
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
1154
+ goto err;
1155
+ }
1156
+
1157
+ ret = 1;
1158
+
1159
+ err:
1160
+ OPENSSL_free(buf);
1161
+ CBB_cleanup(&cbb);
1162
+ return ret;
1163
+ }
1164
+
1165
+ static int pmbtoken_exp0_hash_c(const EC_GROUP *group, EC_SCALAR *out,
1166
+ uint8_t *buf, size_t len) {
1167
+ const uint8_t kHashCLabel[] = "PMBTokensV0 HashC";
1168
+ return ec_hash_to_scalar_p521_xmd_sha512_draft06(
1169
+ group, out, kHashCLabel, sizeof(kHashCLabel), buf, len);
1170
+ }
1171
+
1172
+ // H for PMBTokens v0 was generated with the following Python code.
1173
+ /*
1174
+ import hashlib
1175
+
1176
+ SEED_H = 'PrivacyPass H'
1177
+
1178
+ A = -3
1179
+ B = 0x051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00
1180
+ P = 2**521 - 1
1181
+
1182
+ def get_y(x):
1183
+ y2 = (x**3 + A*x + B) % P
1184
+ y = pow(y2, (P+1)/4, P)
1185
+ if (y*y) % P != y2:
1186
+ raise ValueError("point not on curve")
1187
+ return y
1188
+
1189
+ def bit(h,i):
1190
+ return (ord(h[i/8]) >> (i%8)) & 1
1191
+
1192
+ b = 521
1193
+ def decode_point(so):
1194
+ s = hashlib.sha256(so + '0').digest() + hashlib.sha256(so + '1').digest() + \
1195
+ hashlib.sha256(so + '2').digest()
1196
+
1197
+ x = 0
1198
+ for i in range(0,b):
1199
+ x = x + (long(bit(s,i))<<i)
1200
+ if x >= P:
1201
+ raise ValueError("x out of range")
1202
+ y = get_y(x)
1203
+ if y & 1 != bit(s,b-1): y = P-y
1204
+ return (x, y)
1205
+
1206
+
1207
+ def gen_point(seed):
1208
+ v = hashlib.sha256(seed).digest()
1209
+ it = 1
1210
+ while True:
1211
+ try:
1212
+ x,y = decode_point(v)
1213
+ except Exception, e:
1214
+ print e
1215
+ it += 1
1216
+ v = hashlib.sha256(v).digest()
1217
+ continue
1218
+ print "Found in %d iterations:" % it
1219
+ print " x = %d" % x
1220
+ print " y = %d" % y
1221
+ print " Encoded (hex): (%x, %x)" % (x, y)
1222
+ return (x, y)
1223
+
1224
+ if __name__ == "__main__":
1225
+ gen_point(SEED_H)
1226
+ */
1227
+ static int pmbtoken_exp0_ok = 0;
1228
+ static PMBTOKEN_METHOD pmbtoken_exp0_method;
1229
+ static CRYPTO_once_t pmbtoken_exp0_method_once = CRYPTO_ONCE_INIT;
1230
+
1231
+ static void pmbtoken_exp0_init_method_impl(void) {
1232
+ static const uint8_t kH[] = {
1233
+ 0x04, 0x01, 0xf0, 0xa9, 0xf7, 0x9e, 0xbc, 0x12, 0x6c, 0xef, 0xd1, 0xab,
1234
+ 0x29, 0x10, 0x03, 0x6f, 0x4e, 0xf5, 0xbd, 0xeb, 0x0f, 0x6b, 0xc0, 0x5c,
1235
+ 0x0e, 0xce, 0xfe, 0x59, 0x45, 0xd1, 0x3e, 0x25, 0x33, 0x7e, 0x4c, 0xda,
1236
+ 0x64, 0x53, 0x54, 0x4e, 0xf9, 0x76, 0x0d, 0x6d, 0xc5, 0x39, 0x2a, 0xd4,
1237
+ 0xce, 0x84, 0x6e, 0x31, 0xc2, 0x86, 0x21, 0xf9, 0x5c, 0x98, 0xb9, 0x3d,
1238
+ 0x01, 0x74, 0x9f, 0xc5, 0x1e, 0x47, 0x24, 0x00, 0x5c, 0x17, 0x62, 0x51,
1239
+ 0x7d, 0x32, 0x5e, 0x29, 0xac, 0x52, 0x14, 0x75, 0x6f, 0x36, 0xd9, 0xc7,
1240
+ 0xfa, 0xbb, 0xa9, 0x3b, 0x9d, 0x70, 0x49, 0x1e, 0xb4, 0x53, 0xbc, 0x55,
1241
+ 0xea, 0xad, 0x8f, 0x26, 0x1d, 0xe0, 0xbc, 0xf3, 0x50, 0x5c, 0x7e, 0x66,
1242
+ 0x41, 0xb5, 0x61, 0x70, 0x12, 0x72, 0xac, 0x6a, 0xb0, 0x6e, 0x78, 0x3d,
1243
+ 0x17, 0x08, 0xe3, 0xdf, 0x3c, 0xff, 0xa6, 0xa0, 0xea, 0x96, 0x67, 0x92,
1244
+ 0xcd,
1245
+ };
1246
+
1247
+ pmbtoken_exp0_ok =
1248
+ pmbtoken_init_method(&pmbtoken_exp0_method, NID_secp521r1, kH, sizeof(kH),
1249
+ pmbtoken_exp0_hash_t, pmbtoken_exp0_hash_s,
1250
+ pmbtoken_exp0_hash_c, /*batched_proof=*/0);
1251
+ }
1252
+
1253
+ static int pmbtoken_exp0_init_method(void) {
1254
+ CRYPTO_once(&pmbtoken_exp0_method_once, pmbtoken_exp0_init_method_impl);
1255
+ if (!pmbtoken_exp0_ok) {
1256
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
1257
+ return 0;
1258
+ }
1259
+ return 1;
1260
+ }
1261
+
1262
+ int pmbtoken_exp0_generate_key(CBB *out_private, CBB *out_public) {
1263
+ if (!pmbtoken_exp0_init_method()) {
1264
+ return 0;
1265
+ }
1266
+
1267
+ return pmbtoken_generate_key(&pmbtoken_exp0_method, out_private, out_public);
1268
+ }
1269
+
1270
+ int pmbtoken_exp0_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
1271
+ const uint8_t *in, size_t len) {
1272
+ if (!pmbtoken_exp0_init_method()) {
1273
+ return 0;
1274
+ }
1275
+ return pmbtoken_client_key_from_bytes(&pmbtoken_exp0_method, key, in, len);
1276
+ }
1277
+
1278
+ int pmbtoken_exp0_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
1279
+ const uint8_t *in, size_t len) {
1280
+ if (!pmbtoken_exp0_init_method()) {
1281
+ return 0;
1282
+ }
1283
+ return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp0_method, key, in, len);
1284
+ }
1285
+
1286
+ STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp0_blind(CBB *cbb, size_t count) {
1287
+ if (!pmbtoken_exp0_init_method()) {
1288
+ return NULL;
1289
+ }
1290
+ return pmbtoken_blind(&pmbtoken_exp0_method, cbb, count);
1291
+ }
1292
+
1293
+ int pmbtoken_exp0_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
1294
+ size_t num_requested, size_t num_to_issue,
1295
+ uint8_t private_metadata) {
1296
+ if (!pmbtoken_exp0_init_method()) {
1297
+ return 0;
1298
+ }
1299
+ return pmbtoken_sign(&pmbtoken_exp0_method, key, cbb, cbs, num_requested,
1300
+ num_to_issue, private_metadata);
1301
+ }
1302
+
1303
+ STACK_OF(TRUST_TOKEN) *
1304
+ pmbtoken_exp0_unblind(const PMBTOKEN_CLIENT_KEY *key,
1305
+ const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
1306
+ CBS *cbs, size_t count, uint32_t key_id) {
1307
+ if (!pmbtoken_exp0_init_method()) {
1308
+ return NULL;
1309
+ }
1310
+ return pmbtoken_unblind(&pmbtoken_exp0_method, key, pretokens, cbs, count,
1311
+ key_id);
1312
+ }
1313
+
1314
+ int pmbtoken_exp0_read(const PMBTOKEN_ISSUER_KEY *key,
1315
+ uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
1316
+ uint8_t *out_private_metadata, const uint8_t *token,
1317
+ size_t token_len) {
1318
+ if (!pmbtoken_exp0_init_method()) {
1319
+ return 0;
1320
+ }
1321
+ return pmbtoken_read(&pmbtoken_exp0_method, key, out_nonce,
1322
+ out_private_metadata, token, token_len);
1323
+ }
1324
+
1325
+
1326
+ // PMBTokens experiment v1.
1327
+
1328
+ static int pmbtoken_exp1_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
1329
+ const uint8_t t[PMBTOKEN_NONCE_SIZE]) {
1330
+ const uint8_t kHashTLabel[] = "PMBTokens Experiment V1 HashT";
1331
+ return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
1332
+ group, out, kHashTLabel, sizeof(kHashTLabel), t, PMBTOKEN_NONCE_SIZE);
1333
+ }
1334
+
1335
+ static int pmbtoken_exp1_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
1336
+ const EC_AFFINE *t,
1337
+ const uint8_t s[PMBTOKEN_NONCE_SIZE]) {
1338
+ const uint8_t kHashSLabel[] = "PMBTokens Experiment V1 HashS";
1339
+ int ret = 0;
1340
+ CBB cbb;
1341
+ uint8_t *buf = NULL;
1342
+ size_t len;
1343
+ if (!CBB_init(&cbb, 0) ||
1344
+ !point_to_cbb(&cbb, group, t) ||
1345
+ !CBB_add_bytes(&cbb, s, PMBTOKEN_NONCE_SIZE) ||
1346
+ !CBB_finish(&cbb, &buf, &len) ||
1347
+ !ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
1348
+ group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
1349
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
1350
+ goto err;
1351
+ }
1352
+
1353
+ ret = 1;
1354
+
1355
+ err:
1356
+ OPENSSL_free(buf);
1357
+ CBB_cleanup(&cbb);
1358
+ return ret;
1359
+ }
1360
+
1361
+ static int pmbtoken_exp1_hash_c(const EC_GROUP *group, EC_SCALAR *out,
1362
+ uint8_t *buf, size_t len) {
1363
+ const uint8_t kHashCLabel[] = "PMBTokens Experiment V1 HashC";
1364
+ return ec_hash_to_scalar_p384_xmd_sha512_draft07(
1365
+ group, out, kHashCLabel, sizeof(kHashCLabel), buf, len);
1366
+ }
1367
+
1368
+ static int pmbtoken_exp1_ok = 0;
1369
+ static PMBTOKEN_METHOD pmbtoken_exp1_method;
1370
+ static CRYPTO_once_t pmbtoken_exp1_method_once = CRYPTO_ONCE_INIT;
1371
+
1372
+ static void pmbtoken_exp1_init_method_impl(void) {
1373
+ // This is the output of |ec_hash_to_scalar_p384_xmd_sha512_draft07| with DST
1374
+ // "PMBTokens Experiment V1 HashH" and message "generator".
1375
+ static const uint8_t kH[] = {
1376
+ 0x04, 0x82, 0xd5, 0x68, 0xf5, 0x39, 0xf6, 0x08, 0x19, 0xa1, 0x75,
1377
+ 0x9f, 0x98, 0xb5, 0x10, 0xf5, 0x0b, 0x9d, 0x2b, 0xe1, 0x64, 0x4d,
1378
+ 0x02, 0x76, 0x18, 0x11, 0xf8, 0x2f, 0xd3, 0x33, 0x25, 0x1f, 0x2c,
1379
+ 0xb8, 0xf6, 0xf1, 0x9e, 0x93, 0x85, 0x79, 0xb3, 0xb7, 0x81, 0xa3,
1380
+ 0xe6, 0x23, 0xc3, 0x1c, 0xff, 0x03, 0xd9, 0x40, 0x6c, 0xec, 0xe0,
1381
+ 0x4d, 0xea, 0xdf, 0x9d, 0x94, 0xd1, 0x87, 0xab, 0x27, 0xf7, 0x4f,
1382
+ 0x53, 0xea, 0xa3, 0x18, 0x72, 0xb9, 0xd1, 0x56, 0xa0, 0x4e, 0x81,
1383
+ 0xaa, 0xeb, 0x1c, 0x22, 0x6d, 0x39, 0x1c, 0x5e, 0xb1, 0x27, 0xfc,
1384
+ 0x87, 0xc3, 0x95, 0xd0, 0x13, 0xb7, 0x0b, 0x5c, 0xc7,
1385
+ };
1386
+
1387
+ pmbtoken_exp1_ok =
1388
+ pmbtoken_init_method(&pmbtoken_exp1_method, NID_secp384r1, kH, sizeof(kH),
1389
+ pmbtoken_exp1_hash_t, pmbtoken_exp1_hash_s,
1390
+ pmbtoken_exp1_hash_c, /*batched_proof=*/1);
1391
+ }
1392
+
1393
+ static int pmbtoken_exp1_init_method(void) {
1394
+ CRYPTO_once(&pmbtoken_exp1_method_once, pmbtoken_exp1_init_method_impl);
1395
+ if (!pmbtoken_exp1_ok) {
1396
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
1397
+ return 0;
1398
+ }
1399
+ return 1;
1400
+ }
1401
+
1402
+ int pmbtoken_exp1_generate_key(CBB *out_private, CBB *out_public) {
1403
+ if (!pmbtoken_exp1_init_method()) {
1404
+ return 0;
1405
+ }
1406
+
1407
+ return pmbtoken_generate_key(&pmbtoken_exp1_method, out_private, out_public);
1408
+ }
1409
+
1410
+ int pmbtoken_exp1_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
1411
+ const uint8_t *in, size_t len) {
1412
+ if (!pmbtoken_exp1_init_method()) {
1413
+ return 0;
1414
+ }
1415
+ return pmbtoken_client_key_from_bytes(&pmbtoken_exp1_method, key, in, len);
1416
+ }
1417
+
1418
+ int pmbtoken_exp1_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
1419
+ const uint8_t *in, size_t len) {
1420
+ if (!pmbtoken_exp1_init_method()) {
1421
+ return 0;
1422
+ }
1423
+ return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp1_method, key, in, len);
1424
+ }
1425
+
1426
+ STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp1_blind(CBB *cbb, size_t count) {
1427
+ if (!pmbtoken_exp1_init_method()) {
1428
+ return NULL;
1429
+ }
1430
+ return pmbtoken_blind(&pmbtoken_exp1_method, cbb, count);
1431
+ }
1432
+
1433
+ int pmbtoken_exp1_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
1434
+ size_t num_requested, size_t num_to_issue,
1435
+ uint8_t private_metadata) {
1436
+ if (!pmbtoken_exp1_init_method()) {
1437
+ return 0;
1438
+ }
1439
+ return pmbtoken_sign(&pmbtoken_exp1_method, key, cbb, cbs, num_requested,
1440
+ num_to_issue, private_metadata);
1441
+ }
1442
+
1443
+ STACK_OF(TRUST_TOKEN) *
1444
+ pmbtoken_exp1_unblind(const PMBTOKEN_CLIENT_KEY *key,
1445
+ const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
1446
+ CBS *cbs, size_t count, uint32_t key_id) {
1447
+ if (!pmbtoken_exp1_init_method()) {
1448
+ return NULL;
1449
+ }
1450
+ return pmbtoken_unblind(&pmbtoken_exp1_method, key, pretokens, cbs, count,
1451
+ key_id);
1452
+ }
1453
+
1454
+ int pmbtoken_exp1_read(const PMBTOKEN_ISSUER_KEY *key,
1455
+ uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
1456
+ uint8_t *out_private_metadata, const uint8_t *token,
1457
+ size_t token_len) {
1458
+ if (!pmbtoken_exp1_init_method()) {
1459
+ return 0;
1460
+ }
1461
+ return pmbtoken_read(&pmbtoken_exp1_method, key, out_nonce,
1462
+ out_private_metadata, token, token_len);
1463
+ }
1464
+
1465
+ int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]) {
1466
+ if (!pmbtoken_exp1_init_method()) {
1467
+ return 0;
1468
+ }
1469
+ EC_AFFINE h;
1470
+ return ec_jacobian_to_affine(pmbtoken_exp1_method.group, &h,
1471
+ &pmbtoken_exp1_method.h) &&
1472
+ ec_point_to_bytes(pmbtoken_exp1_method.group, &h,
1473
+ POINT_CONVERSION_UNCOMPRESSED, out, 97) == 97;
1474
+ }