grpc 1.27.0.pre1 → 1.30.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +8023 -11437
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +30 -9
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/grpc_types.h +24 -21
- data/include/grpc/impl/codegen/port_platform.h +13 -2
- data/include/grpc/impl/codegen/sync.h +5 -3
- data/include/grpc/impl/codegen/sync_abseil.h +36 -0
- data/include/grpc/module.modulemap +25 -37
- data/include/grpc/support/sync_abseil.h +26 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +282 -249
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +31 -47
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -3
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/http_proxy.cc +21 -11
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +271 -465
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +8 -7
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +18 -21
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +10 -14
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -4
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +148 -98
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -3
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +49 -77
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +120 -132
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +17 -21
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +167 -121
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +3 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +3 -2
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +42 -45
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +94 -103
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +61 -10
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +242 -300
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +21 -18
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +56 -206
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +11 -14
- data/src/core/ext/filters/client_channel/server_address.h +3 -2
- data/src/core/ext/filters/client_channel/service_config.cc +144 -253
- data/src/core/ext/filters/client_channel/service_config.h +32 -109
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +1381 -301
- data/src/core/ext/filters/client_channel/xds/xds_api.h +211 -152
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +214 -359
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +28 -44
- data/src/core/ext/filters/client_channel/xds/xds_channel.h +3 -1
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +16 -11
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +1118 -472
- data/src/core/ext/filters/client_channel/xds/xds_client.h +116 -45
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +59 -135
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +122 -137
- data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +38 -44
- data/src/core/ext/filters/message_size/message_size_filter.h +5 -5
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +7 -10
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +26 -27
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +16 -9
- data/src/core/ext/transport/inproc/inproc_transport.cc +41 -42
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +17 -0
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +30 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +27 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +54 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +5 -205
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -788
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +5 -362
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +14 -1337
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +403 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +1447 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +30 -8
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +60 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +7 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +6 -2
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +87 -23
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +262 -62
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +20 -15
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +46 -32
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +27 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +70 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +46 -25
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +98 -25
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +77 -21
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +201 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +8 -68
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +14 -201
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +92 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +240 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +2 -71
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +3 -228
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +91 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +266 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +31 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +109 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +399 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +18 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +33 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +145 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +527 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +43 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +112 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +30 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +199 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +18 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +33 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +815 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +3032 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +59 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +134 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +28 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +228 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +725 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +316 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +1132 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +33 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +65 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +144 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +133 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +88 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +258 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +12 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +27 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +62 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +89 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +249 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +30 -27
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +64 -52
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +48 -0
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +104 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +17 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +30 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +44 -39
- data/src/core/ext/upb-generated/validate/validate.upb.h +155 -119
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channel_trace.cc +32 -41
- data/src/core/lib/channel/channel_trace.h +3 -3
- data/src/core/lib/channel/channelz.cc +163 -254
- data/src/core/lib/channel/channelz.h +15 -17
- data/src/core/lib/channel/channelz_registry.cc +52 -77
- data/src/core/lib/channel/channelz_registry.h +4 -4
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +2 -26
- data/src/core/lib/gpr/string.h +0 -16
- data/src/core/lib/gpr/sync_abseil.cc +116 -0
- data/src/core/lib/gpr/sync_posix.cc +8 -5
- data/src/core/lib/gpr/sync_windows.cc +4 -2
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/host_port.cc +30 -36
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/memory.h +2 -6
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/gprpp/sync.h +9 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +2 -3
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.cc +36 -35
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +4 -5
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
- data/src/core/lib/iomgr/ev_epollex_linux.cc +14 -7
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
- data/src/core/lib/iomgr/ev_posix.cc +2 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/load_file.cc +1 -0
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/iomgr/pollset_uv.h +32 -0
- data/src/core/lib/iomgr/port.h +1 -0
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
- data/src/core/lib/iomgr/resource_quota.cc +4 -6
- data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
- data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +7 -26
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
- data/src/core/lib/iomgr/tcp_client_posix.cc +25 -22
- data/src/core/lib/iomgr/tcp_client_posix.h +6 -6
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
- data/src/core/lib/iomgr/tcp_custom.cc +2 -3
- data/src/core/lib/iomgr/tcp_posix.cc +2 -1
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -9
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +2 -3
- data/src/core/lib/iomgr/timer_generic.h +39 -0
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +9 -14
- data/src/core/lib/iomgr/work_serializer.cc +155 -0
- data/src/core/lib/iomgr/work_serializer.h +65 -0
- data/src/core/lib/json/json.h +210 -79
- data/src/core/lib/json/json_reader.cc +469 -455
- data/src/core/lib/json/json_writer.cc +174 -169
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +8 -59
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +9 -12
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +26 -56
- data/src/core/lib/security/credentials/jwt/json_token.h +4 -6
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +8 -18
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +151 -168
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +4 -6
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +91 -60
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +10 -4
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +13 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +40 -12
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +7 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +6 -8
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -37
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +62 -13
- data/src/core/lib/security/security_connector/ssl_utils.h +12 -11
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +101 -52
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +32 -6
- data/src/core/lib/security/transport/auth_filters.h +0 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +1 -2
- data/src/core/lib/security/transport/security_handshaker.cc +2 -2
- data/src/core/lib/security/util/json_util.cc +22 -15
- data/src/core/lib/security/util/json_util.h +2 -2
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +14 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +2 -3
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +33 -33
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +570 -369
- data/src/core/lib/surface/server.h +32 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +3 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +9 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +33 -3
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +54 -40
- data/src/core/tsi/ssl_transport_security.h +8 -8
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +3 -3
- data/src/ruby/ext/grpc/rb_call.c +9 -1
- data/src/ruby/ext/grpc/rb_call_credentials.c +3 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +5 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -0
- data/src/ruby/spec/support/services.rb +10 -4
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/base/attributes.h +13 -1
- data/third_party/abseil-cpp/absl/base/config.h +55 -6
- data/third_party/abseil-cpp/absl/base/internal/atomic_hook.h +30 -9
- data/third_party/abseil-cpp/absl/base/internal/errno_saver.h +43 -0
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +9 -6
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +5 -1
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +2 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +15 -13
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +12 -0
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +9 -0
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +37 -0
- data/third_party/abseil-cpp/absl/base/options.h +9 -12
- data/third_party/abseil-cpp/absl/numeric/int128.cc +2 -2
- data/third_party/abseil-cpp/absl/numeric/int128.h +1 -1
- data/third_party/abseil-cpp/absl/strings/ascii.cc +3 -3
- data/third_party/abseil-cpp/absl/strings/ascii.h +4 -3
- data/third_party/abseil-cpp/absl/strings/charconv.cc +0 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +4 -2
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +388 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +432 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +245 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +209 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +326 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +51 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +415 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +493 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +23 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.cc +72 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +104 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +334 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +333 -0
- data/third_party/abseil-cpp/absl/strings/numbers.cc +54 -5
- data/third_party/abseil-cpp/absl/strings/numbers.h +6 -3
- data/third_party/abseil-cpp/absl/strings/str_format.h +537 -0
- data/third_party/abseil-cpp/absl/strings/string_view.h +31 -24
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/{src/boringssl → third_party/boringssl-with-bazel}/err_data.c +329 -297
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bitstr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bool.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_d2i_fp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_dup.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_enum.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_gentm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_i2d_fp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_mbstr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_object.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_octet.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_strnid.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_time.c +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_type.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utctm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utf8.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_locl.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_par.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn_pack.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_enum.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_string.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_dec.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_enc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_fre.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_new.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_typ.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_utl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/time_support.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/base64/base64.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio_mem.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/connect.c +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/fd.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/file.c +5 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/hexdump.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/pair.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/printf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket_helper.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/bn_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/convert.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/buf/buf.c +10 -69
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/asn1_compat.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/ber.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/cbb.c +41 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/cbs.c +60 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/unicode.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/chacha.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/cipher_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesccm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesctrhmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesgcmsiv.c +8 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_chacha20poly1305.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_null.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_tls.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/tls_cbc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cmac/cmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf_def.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-fuchsia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-linux.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm-linux.c +7 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm-linux.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-intel.c +13 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-ppc64le.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/crypto.c +11 -0
- data/third_party/{boringssl/third_party/fiat → boringssl-with-bazel/src/crypto/curve25519}/curve25519.c +18 -26
- data/third_party/{boringssl/third_party/fiat → boringssl-with-bazel/src/crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/{boringssl/third_party/fiat → boringssl-with-bazel/src/crypto/curve25519}/internal.h +14 -22
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/curve25519/spake25519.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/check.c +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh.c +16 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/params.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/digest_extra/digest_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa.c +10 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ec_extra/ec_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ec_extra/ec_derive.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ecdsa_extra/ecdsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/engine/engine.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/err/err.c +39 -38
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/err/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/digestsign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_ctx.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_dsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ec.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ec_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_rsa.c +14 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_rsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_x25519.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_x25519_asn1.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/pbkdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/scrypt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/sign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ex_data.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +108 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1282 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/internal.h +5 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/key_wrap.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/mode_wrappers.c +0 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bcm.c +4 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/add.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/asm/x86_64-gcc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bytes.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/cmp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/ctx.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/generic.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/internal.h +14 -11
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/jacobi.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/montgomery_inv.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/prime.c +11 -12
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/random.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/shift.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/sqrt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/aead.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/cipher.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/e_aes.c +3 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/e_des.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/delocate.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/des.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/digest.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/md32_common.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/ec_key.c +14 -28
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/internal.h +432 -160
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p224-64.c +5 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9497 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p256-x86_64.c +80 -99
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p256-x86_64.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +175 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +270 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/util.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/fips_shared_support.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/hmac/hmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/is_fips.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md4/md4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/md5.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cbc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cfb.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ctr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/gcm.c +45 -193
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +304 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/internal.h +8 -18
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ofb.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/polyval.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/ctrdrbg.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/padding.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/rsa.c +58 -39
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/rsa_impl.c +72 -49
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/self_check/self_check.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1-altivec.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha256.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/kdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hkdf/hkdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hrss/hrss.c +210 -311
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hrss/internal.h +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/internal.h +21 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/lhash/lhash.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/mem.c +99 -12
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj.c +16 -21
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_dat.h +41 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_xref.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_all.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_info.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_lib.c +7 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_oth.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_pk8.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_pkey.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_xaux.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/pkcs7.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/pkcs7_x509.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/p5_pbev2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/poly1305.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/poly1305_arm.c +21 -20
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/poly1305_vec.c +34 -17
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pool/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pool/pool.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/forkunsafe.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/fuchsia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/rand_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/windows.c +16 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rc4/rc4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_c11.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_lock.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/siphash/siphash.c +3 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/stack/stack.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_none.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_pthread.c +4 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_digest.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_sign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_strex.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_verify.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/algorithm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/asn1_gen.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/by_dir.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/by_file.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/charmap.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/i2d_pr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/rsa_pss.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_crl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_req.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509a.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/vpm_int.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_att.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_cmp.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_d2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_def.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_ext.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_lu.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_obj.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_r2x.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_req.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_set.c +16 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_trs.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_txt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_v3.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_vfy.c +5 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_vpm.c +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509cset.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509name.c +4 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509rset.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509spki.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_algor.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_all.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_attrib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_crl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_exten.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_info.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_name.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pkey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pubkey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_req.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_sig.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_spki.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_val.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509a.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/ext_dat.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_cache.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_data.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_int.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_map.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_node.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_tree.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akeya.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_alt.c +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bcons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bitst.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_conf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_cpols.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_crld.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_enum.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_extku.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_genn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ia5.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_info.c +4 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ncons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ocsp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pci.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pku.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pmaps.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_prn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_purp.c +2 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_skey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_sxnet.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_utl.c +11 -12
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aead.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aes.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/arm_arch.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1_mac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1t.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/base.h +5 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/base64.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bio.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/blowfish.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bn.h +32 -20
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buf.h +9 -9
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buffer.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bytestring.h +34 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cast.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/chacha.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cipher.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cmac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/conf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cpu.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/crypto.h +9 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/curve25519.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/des.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dh.h +20 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/digest.h +1 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dsa.h +16 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dtls1.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/e_os2.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ec.h +11 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ec_key.h +4 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ecdh.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ecdsa.h +6 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/engine.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/err.h +13 -9
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/evp.h +20 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ex_data.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hkdf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hmac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hrss.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/is_boringssl.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/lhash.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md4.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md5.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/mem.h +17 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/nid.h +14 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj_mac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/objects.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslconf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslv.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ossl_typ.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pem.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs12.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs7.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs8.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/poly1305.h +5 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pool.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rand.h +3 -17
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rc4.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ripemd.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rsa.h +31 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/safestack.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/sha.h +26 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/siphash.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/span.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/srtp.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ssl.h +182 -97
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ssl3.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/stack.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/thread.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/tls1.h +1 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/type_check.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509.h +5 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509_vfy.h +1 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509v3.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/bio_ssl.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_both.cc +0 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_lib.cc +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_pkt.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_srtp.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/dtls_method.cc +13 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/dtls_record.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handoff.cc +237 -51
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handshake.cc +19 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handshake_client.cc +51 -32
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handshake_server.cc +12 -8
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/internal.h +94 -71
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/s3_both.cc +10 -10
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/s3_lib.cc +4 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/s3_pkt.cc +21 -22
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_aead_ctx.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_asn1.cc +30 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_buffer.cc +34 -15
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_cert.cc +4 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_cipher.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_file.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_key_share.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_lib.cc +19 -15
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_privkey.cc +13 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_session.cc +66 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_stat.cc +6 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_transcript.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_versions.cc +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_x509.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/t1_enc.cc +6 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/t1_lib.cc +53 -219
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_both.cc +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_client.cc +101 -31
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_enc.cc +28 -76
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_server.cc +111 -104
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls_method.cc +64 -26
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls_record.cc +7 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3147 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/p256_64.h +512 -503
- metadata +648 -503
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1917
- data/src/core/lib/gprpp/inlined_vector.h +0 -246
- data/src/core/lib/gprpp/optional.h +0 -74
- data/src/core/lib/gprpp/string_view.h +0 -169
- data/src/core/lib/iomgr/logical_thread.cc +0 -103
- data/src/core/lib/iomgr/logical_thread.h +0 -52
- data/src/core/lib/json/json.cc +0 -94
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3297
- data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +0 -860
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +0 -9501
- data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +0 -96
- data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +0 -84
- data/third_party/boringssl/third_party/fiat/p256.c +0 -1063
- data/third_party/boringssl/third_party/fiat/p256_32.h +0 -3226
@@ -0,0 +1,1474 @@
|
|
1
|
+
/* Copyright (c) 2020, Google Inc.
|
2
|
+
*
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
6
|
+
*
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
|
+
|
15
|
+
#include <openssl/trust_token.h>
|
16
|
+
|
17
|
+
#include <openssl/bn.h>
|
18
|
+
#include <openssl/bytestring.h>
|
19
|
+
#include <openssl/ec.h>
|
20
|
+
#include <openssl/err.h>
|
21
|
+
#include <openssl/mem.h>
|
22
|
+
#include <openssl/nid.h>
|
23
|
+
#include <openssl/rand.h>
|
24
|
+
#include <openssl/sha.h>
|
25
|
+
|
26
|
+
#include "../ec_extra/internal.h"
|
27
|
+
#include "../fipsmodule/bn/internal.h"
|
28
|
+
#include "../fipsmodule/ec/internal.h"
|
29
|
+
|
30
|
+
#include "internal.h"
|
31
|
+
|
32
|
+
|
33
|
+
typedef int (*hash_t_func_t)(const EC_GROUP *group, EC_RAW_POINT *out,
|
34
|
+
const uint8_t t[PMBTOKEN_NONCE_SIZE]);
|
35
|
+
typedef int (*hash_s_func_t)(const EC_GROUP *group, EC_RAW_POINT *out,
|
36
|
+
const EC_AFFINE *t,
|
37
|
+
const uint8_t s[PMBTOKEN_NONCE_SIZE]);
|
38
|
+
typedef int (*hash_c_func_t)(const EC_GROUP *group, EC_SCALAR *out,
|
39
|
+
uint8_t *buf, size_t len);
|
40
|
+
|
41
|
+
typedef struct {
|
42
|
+
const EC_GROUP *group;
|
43
|
+
EC_PRECOMP g_precomp;
|
44
|
+
EC_PRECOMP h_precomp;
|
45
|
+
EC_RAW_POINT h;
|
46
|
+
// hash_t implements the H_t operation in PMBTokens. It returns one on success
|
47
|
+
// and zero on error.
|
48
|
+
hash_t_func_t hash_t;
|
49
|
+
// hash_s implements the H_s operation in PMBTokens. It returns one on success
|
50
|
+
// and zero on error.
|
51
|
+
hash_s_func_t hash_s;
|
52
|
+
// hash_c implements the H_c operation in PMBTokens. It returns one on success
|
53
|
+
// and zero on error.
|
54
|
+
hash_c_func_t hash_c;
|
55
|
+
// batched_proof determines whether PMBToken uses a batched DLEQOR proof when
|
56
|
+
// signing tokens.
|
57
|
+
int batched_proof : 1;
|
58
|
+
} PMBTOKEN_METHOD;
|
59
|
+
|
60
|
+
static const uint8_t kDefaultAdditionalData[32] = {0};
|
61
|
+
|
62
|
+
static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
|
63
|
+
const uint8_t *h_bytes, size_t h_len,
|
64
|
+
hash_t_func_t hash_t, hash_s_func_t hash_s,
|
65
|
+
hash_c_func_t hash_c, int batched_proof) {
|
66
|
+
method->group = EC_GROUP_new_by_curve_name(curve_nid);
|
67
|
+
if (method->group == NULL) {
|
68
|
+
return 0;
|
69
|
+
}
|
70
|
+
|
71
|
+
method->hash_t = hash_t;
|
72
|
+
method->hash_s = hash_s;
|
73
|
+
method->hash_c = hash_c;
|
74
|
+
method->batched_proof = batched_proof;
|
75
|
+
|
76
|
+
EC_AFFINE h;
|
77
|
+
if (!ec_point_from_uncompressed(method->group, &h, h_bytes, h_len)) {
|
78
|
+
return 0;
|
79
|
+
}
|
80
|
+
ec_affine_to_jacobian(method->group, &method->h, &h);
|
81
|
+
|
82
|
+
if (!ec_init_precomp(method->group, &method->g_precomp,
|
83
|
+
&method->group->generator->raw) ||
|
84
|
+
!ec_init_precomp(method->group, &method->h_precomp, &method->h)) {
|
85
|
+
return 0;
|
86
|
+
}
|
87
|
+
return 1;
|
88
|
+
}
|
89
|
+
|
90
|
+
// generate_keypair generates a keypair for the PMBTokens construction.
|
91
|
+
// |out_x| and |out_y| are set to the secret half of the keypair, while
|
92
|
+
// |*out_pub| is set to the public half of the keypair. It returns one on
|
93
|
+
// success and zero on failure.
|
94
|
+
static int generate_keypair(const PMBTOKEN_METHOD *method, EC_SCALAR *out_x,
|
95
|
+
EC_SCALAR *out_y, EC_RAW_POINT *out_pub) {
|
96
|
+
if (!ec_random_nonzero_scalar(method->group, out_x, kDefaultAdditionalData) ||
|
97
|
+
!ec_random_nonzero_scalar(method->group, out_y, kDefaultAdditionalData) ||
|
98
|
+
!ec_point_mul_scalar_precomp(method->group, out_pub, &method->g_precomp,
|
99
|
+
out_x, &method->h_precomp, out_y, NULL,
|
100
|
+
NULL)) {
|
101
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
102
|
+
return 0;
|
103
|
+
}
|
104
|
+
return 1;
|
105
|
+
}
|
106
|
+
|
107
|
+
static int point_to_cbb(CBB *out, const EC_GROUP *group,
|
108
|
+
const EC_AFFINE *point) {
|
109
|
+
size_t len =
|
110
|
+
ec_point_to_bytes(group, point, POINT_CONVERSION_UNCOMPRESSED, NULL, 0);
|
111
|
+
if (len == 0) {
|
112
|
+
return 0;
|
113
|
+
}
|
114
|
+
uint8_t *p;
|
115
|
+
return CBB_add_space(out, &p, len) &&
|
116
|
+
ec_point_to_bytes(group, point, POINT_CONVERSION_UNCOMPRESSED, p,
|
117
|
+
len) == len;
|
118
|
+
}
|
119
|
+
|
120
|
+
static int cbs_get_prefixed_point(CBS *cbs, const EC_GROUP *group,
|
121
|
+
EC_AFFINE *out) {
|
122
|
+
CBS child;
|
123
|
+
if (!CBS_get_u16_length_prefixed(cbs, &child) ||
|
124
|
+
!ec_point_from_uncompressed(group, out, CBS_data(&child),
|
125
|
+
CBS_len(&child))) {
|
126
|
+
return 0;
|
127
|
+
}
|
128
|
+
return 1;
|
129
|
+
}
|
130
|
+
|
131
|
+
static int mul_public_3(const EC_GROUP *group, EC_RAW_POINT *out,
|
132
|
+
const EC_RAW_POINT *p0, const EC_SCALAR *scalar0,
|
133
|
+
const EC_RAW_POINT *p1, const EC_SCALAR *scalar1,
|
134
|
+
const EC_RAW_POINT *p2, const EC_SCALAR *scalar2) {
|
135
|
+
EC_RAW_POINT points[3] = {*p0, *p1, *p2};
|
136
|
+
EC_SCALAR scalars[3] = {*scalar0, *scalar1, *scalar2};
|
137
|
+
return ec_point_mul_scalar_public_batch(group, out, /*g_scalar=*/NULL, points,
|
138
|
+
scalars, 3);
|
139
|
+
}
|
140
|
+
|
141
|
+
void PMBTOKEN_PRETOKEN_free(PMBTOKEN_PRETOKEN *pretoken) {
|
142
|
+
OPENSSL_free(pretoken);
|
143
|
+
}
|
144
|
+
|
145
|
+
static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
|
146
|
+
CBB *out_private, CBB *out_public) {
|
147
|
+
const EC_GROUP *group = method->group;
|
148
|
+
EC_RAW_POINT pub[3];
|
149
|
+
EC_SCALAR x0, y0, x1, y1, xs, ys;
|
150
|
+
if (!generate_keypair(method, &x0, &y0, &pub[0]) ||
|
151
|
+
!generate_keypair(method, &x1, &y1, &pub[1]) ||
|
152
|
+
!generate_keypair(method, &xs, &ys, &pub[2])) {
|
153
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_KEYGEN_FAILURE);
|
154
|
+
return 0;
|
155
|
+
}
|
156
|
+
|
157
|
+
const EC_SCALAR *scalars[] = {&x0, &y0, &x1, &y1, &xs, &ys};
|
158
|
+
size_t scalar_len = BN_num_bytes(&group->order);
|
159
|
+
for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(scalars); i++) {
|
160
|
+
uint8_t *buf;
|
161
|
+
if (!CBB_add_space(out_private, &buf, scalar_len)) {
|
162
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BUFFER_TOO_SMALL);
|
163
|
+
return 0;
|
164
|
+
}
|
165
|
+
ec_scalar_to_bytes(group, buf, &scalar_len, scalars[i]);
|
166
|
+
}
|
167
|
+
|
168
|
+
EC_AFFINE pub_affine[3];
|
169
|
+
if (!ec_jacobian_to_affine_batch(group, pub_affine, pub, 3)) {
|
170
|
+
return 0;
|
171
|
+
}
|
172
|
+
|
173
|
+
// TODO(https://crbug.com/boringssl/331): When updating the key format, remove
|
174
|
+
// the redundant length prefixes.
|
175
|
+
CBB child;
|
176
|
+
if (!CBB_add_u16_length_prefixed(out_public, &child) ||
|
177
|
+
!point_to_cbb(&child, group, &pub_affine[0]) ||
|
178
|
+
!CBB_add_u16_length_prefixed(out_public, &child) ||
|
179
|
+
!point_to_cbb(&child, group, &pub_affine[1]) ||
|
180
|
+
!CBB_add_u16_length_prefixed(out_public, &child) ||
|
181
|
+
!point_to_cbb(&child, group, &pub_affine[2]) ||
|
182
|
+
!CBB_flush(out_public)) {
|
183
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BUFFER_TOO_SMALL);
|
184
|
+
return 0;
|
185
|
+
}
|
186
|
+
|
187
|
+
return 1;
|
188
|
+
}
|
189
|
+
|
190
|
+
static int pmbtoken_client_key_from_bytes(const PMBTOKEN_METHOD *method,
|
191
|
+
PMBTOKEN_CLIENT_KEY *key,
|
192
|
+
const uint8_t *in, size_t len) {
|
193
|
+
// TODO(https://crbug.com/boringssl/331): When updating the key format, remove
|
194
|
+
// the redundant length prefixes.
|
195
|
+
CBS cbs;
|
196
|
+
CBS_init(&cbs, in, len);
|
197
|
+
if (!cbs_get_prefixed_point(&cbs, method->group, &key->pub0) ||
|
198
|
+
!cbs_get_prefixed_point(&cbs, method->group, &key->pub1) ||
|
199
|
+
!cbs_get_prefixed_point(&cbs, method->group, &key->pubs) ||
|
200
|
+
CBS_len(&cbs) != 0) {
|
201
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
202
|
+
return 0;
|
203
|
+
}
|
204
|
+
|
205
|
+
return 1;
|
206
|
+
}
|
207
|
+
|
208
|
+
static int pmbtoken_issuer_key_from_bytes(const PMBTOKEN_METHOD *method,
|
209
|
+
PMBTOKEN_ISSUER_KEY *key,
|
210
|
+
const uint8_t *in, size_t len) {
|
211
|
+
const EC_GROUP *group = method->group;
|
212
|
+
CBS cbs, tmp;
|
213
|
+
CBS_init(&cbs, in, len);
|
214
|
+
size_t scalar_len = BN_num_bytes(&group->order);
|
215
|
+
EC_SCALAR *scalars[] = {&key->x0, &key->y0, &key->x1,
|
216
|
+
&key->y1, &key->xs, &key->ys};
|
217
|
+
for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(scalars); i++) {
|
218
|
+
if (!CBS_get_bytes(&cbs, &tmp, scalar_len) ||
|
219
|
+
!ec_scalar_from_bytes(group, scalars[i], CBS_data(&tmp),
|
220
|
+
CBS_len(&tmp))) {
|
221
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
222
|
+
return 0;
|
223
|
+
}
|
224
|
+
}
|
225
|
+
|
226
|
+
// Recompute the public key.
|
227
|
+
EC_RAW_POINT pub[3];
|
228
|
+
EC_AFFINE pub_affine[3];
|
229
|
+
if (!ec_point_mul_scalar_precomp(group, &pub[0], &method->g_precomp, &key->x0,
|
230
|
+
&method->h_precomp, &key->y0, NULL, NULL) ||
|
231
|
+
!ec_init_precomp(group, &key->pub0_precomp, &pub[0]) ||
|
232
|
+
!ec_point_mul_scalar_precomp(group, &pub[1], &method->g_precomp, &key->x1,
|
233
|
+
&method->h_precomp, &key->y1, NULL, NULL) ||
|
234
|
+
!ec_init_precomp(group, &key->pub1_precomp, &pub[1]) ||
|
235
|
+
!ec_point_mul_scalar_precomp(group, &pub[2], &method->g_precomp, &key->xs,
|
236
|
+
&method->h_precomp, &key->ys, NULL, NULL) ||
|
237
|
+
!ec_init_precomp(group, &key->pubs_precomp, &pub[2]) ||
|
238
|
+
!ec_jacobian_to_affine_batch(group, pub_affine, pub, 3)) {
|
239
|
+
return 0;
|
240
|
+
}
|
241
|
+
|
242
|
+
key->pub0 = pub_affine[0];
|
243
|
+
key->pub1 = pub_affine[1];
|
244
|
+
key->pubs = pub_affine[2];
|
245
|
+
return 1;
|
246
|
+
}
|
247
|
+
|
248
|
+
static STACK_OF(PMBTOKEN_PRETOKEN) *
|
249
|
+
pmbtoken_blind(const PMBTOKEN_METHOD *method, CBB *cbb, size_t count) {
|
250
|
+
const EC_GROUP *group = method->group;
|
251
|
+
STACK_OF(PMBTOKEN_PRETOKEN) *pretokens = sk_PMBTOKEN_PRETOKEN_new_null();
|
252
|
+
if (pretokens == NULL) {
|
253
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
254
|
+
goto err;
|
255
|
+
}
|
256
|
+
|
257
|
+
for (size_t i = 0; i < count; i++) {
|
258
|
+
// Insert |pretoken| into |pretokens| early to simplify error-handling.
|
259
|
+
PMBTOKEN_PRETOKEN *pretoken = OPENSSL_malloc(sizeof(PMBTOKEN_PRETOKEN));
|
260
|
+
if (pretoken == NULL ||
|
261
|
+
!sk_PMBTOKEN_PRETOKEN_push(pretokens, pretoken)) {
|
262
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
263
|
+
PMBTOKEN_PRETOKEN_free(pretoken);
|
264
|
+
goto err;
|
265
|
+
}
|
266
|
+
|
267
|
+
RAND_bytes(pretoken->t, sizeof(pretoken->t));
|
268
|
+
|
269
|
+
// We sample |pretoken->r| in Montgomery form to simplify inverting.
|
270
|
+
if (!ec_random_nonzero_scalar(group, &pretoken->r,
|
271
|
+
kDefaultAdditionalData)) {
|
272
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
273
|
+
goto err;
|
274
|
+
}
|
275
|
+
|
276
|
+
EC_SCALAR rinv;
|
277
|
+
ec_scalar_inv0_montgomery(group, &rinv, &pretoken->r);
|
278
|
+
// Convert both out of Montgomery form.
|
279
|
+
ec_scalar_from_montgomery(group, &pretoken->r, &pretoken->r);
|
280
|
+
ec_scalar_from_montgomery(group, &rinv, &rinv);
|
281
|
+
|
282
|
+
EC_RAW_POINT T, Tp;
|
283
|
+
if (!method->hash_t(group, &T, pretoken->t) ||
|
284
|
+
!ec_point_mul_scalar(group, &Tp, &T, &rinv) ||
|
285
|
+
!ec_jacobian_to_affine(group, &pretoken->Tp, &Tp)) {
|
286
|
+
goto err;
|
287
|
+
}
|
288
|
+
|
289
|
+
// TODO(https://crbug.com/boringssl/331): When updating the key format,
|
290
|
+
// remove the redundant length prefixes.
|
291
|
+
CBB child;
|
292
|
+
if (!CBB_add_u16_length_prefixed(cbb, &child) ||
|
293
|
+
!point_to_cbb(&child, group, &pretoken->Tp) ||
|
294
|
+
!CBB_flush(cbb)) {
|
295
|
+
goto err;
|
296
|
+
}
|
297
|
+
}
|
298
|
+
|
299
|
+
return pretokens;
|
300
|
+
|
301
|
+
err:
|
302
|
+
sk_PMBTOKEN_PRETOKEN_pop_free(pretokens, PMBTOKEN_PRETOKEN_free);
|
303
|
+
return NULL;
|
304
|
+
}
|
305
|
+
|
306
|
+
static int scalar_to_cbb(CBB *out, const EC_GROUP *group,
|
307
|
+
const EC_SCALAR *scalar) {
|
308
|
+
uint8_t *buf;
|
309
|
+
size_t scalar_len = BN_num_bytes(&group->order);
|
310
|
+
if (!CBB_add_space(out, &buf, scalar_len)) {
|
311
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
312
|
+
return 0;
|
313
|
+
}
|
314
|
+
ec_scalar_to_bytes(group, buf, &scalar_len, scalar);
|
315
|
+
return 1;
|
316
|
+
}
|
317
|
+
|
318
|
+
static int scalar_from_cbs(CBS *cbs, const EC_GROUP *group, EC_SCALAR *out) {
|
319
|
+
size_t scalar_len = BN_num_bytes(&group->order);
|
320
|
+
CBS tmp;
|
321
|
+
if (!CBS_get_bytes(cbs, &tmp, scalar_len)) {
|
322
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
323
|
+
return 0;
|
324
|
+
}
|
325
|
+
|
326
|
+
ec_scalar_from_bytes(group, out, CBS_data(&tmp), CBS_len(&tmp));
|
327
|
+
return 1;
|
328
|
+
}
|
329
|
+
|
330
|
+
static int hash_c_dleq(const PMBTOKEN_METHOD *method, EC_SCALAR *out,
|
331
|
+
const EC_AFFINE *X, const EC_AFFINE *T,
|
332
|
+
const EC_AFFINE *S, const EC_AFFINE *W,
|
333
|
+
const EC_AFFINE *K0, const EC_AFFINE *K1) {
|
334
|
+
static const uint8_t kDLEQ2Label[] = "DLEQ2";
|
335
|
+
|
336
|
+
int ok = 0;
|
337
|
+
CBB cbb;
|
338
|
+
CBB_zero(&cbb);
|
339
|
+
uint8_t *buf = NULL;
|
340
|
+
size_t len;
|
341
|
+
if (!CBB_init(&cbb, 0) ||
|
342
|
+
!CBB_add_bytes(&cbb, kDLEQ2Label, sizeof(kDLEQ2Label)) ||
|
343
|
+
!point_to_cbb(&cbb, method->group, X) ||
|
344
|
+
!point_to_cbb(&cbb, method->group, T) ||
|
345
|
+
!point_to_cbb(&cbb, method->group, S) ||
|
346
|
+
!point_to_cbb(&cbb, method->group, W) ||
|
347
|
+
!point_to_cbb(&cbb, method->group, K0) ||
|
348
|
+
!point_to_cbb(&cbb, method->group, K1) ||
|
349
|
+
!CBB_finish(&cbb, &buf, &len) ||
|
350
|
+
!method->hash_c(method->group, out, buf, len)) {
|
351
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
352
|
+
goto err;
|
353
|
+
}
|
354
|
+
|
355
|
+
ok = 1;
|
356
|
+
|
357
|
+
err:
|
358
|
+
CBB_cleanup(&cbb);
|
359
|
+
OPENSSL_free(buf);
|
360
|
+
return ok;
|
361
|
+
}
|
362
|
+
|
363
|
+
static int hash_c_dleqor(const PMBTOKEN_METHOD *method, EC_SCALAR *out,
|
364
|
+
const EC_AFFINE *X0, const EC_AFFINE *X1,
|
365
|
+
const EC_AFFINE *T, const EC_AFFINE *S,
|
366
|
+
const EC_AFFINE *W, const EC_AFFINE *K00,
|
367
|
+
const EC_AFFINE *K01, const EC_AFFINE *K10,
|
368
|
+
const EC_AFFINE *K11) {
|
369
|
+
static const uint8_t kDLEQOR2Label[] = "DLEQOR2";
|
370
|
+
|
371
|
+
int ok = 0;
|
372
|
+
CBB cbb;
|
373
|
+
CBB_zero(&cbb);
|
374
|
+
uint8_t *buf = NULL;
|
375
|
+
size_t len;
|
376
|
+
if (!CBB_init(&cbb, 0) ||
|
377
|
+
!CBB_add_bytes(&cbb, kDLEQOR2Label, sizeof(kDLEQOR2Label)) ||
|
378
|
+
!point_to_cbb(&cbb, method->group, X0) ||
|
379
|
+
!point_to_cbb(&cbb, method->group, X1) ||
|
380
|
+
!point_to_cbb(&cbb, method->group, T) ||
|
381
|
+
!point_to_cbb(&cbb, method->group, S) ||
|
382
|
+
!point_to_cbb(&cbb, method->group, W) ||
|
383
|
+
!point_to_cbb(&cbb, method->group, K00) ||
|
384
|
+
!point_to_cbb(&cbb, method->group, K01) ||
|
385
|
+
!point_to_cbb(&cbb, method->group, K10) ||
|
386
|
+
!point_to_cbb(&cbb, method->group, K11) ||
|
387
|
+
!CBB_finish(&cbb, &buf, &len) ||
|
388
|
+
!method->hash_c(method->group, out, buf, len)) {
|
389
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
390
|
+
goto err;
|
391
|
+
}
|
392
|
+
|
393
|
+
ok = 1;
|
394
|
+
|
395
|
+
err:
|
396
|
+
CBB_cleanup(&cbb);
|
397
|
+
OPENSSL_free(buf);
|
398
|
+
return ok;
|
399
|
+
}
|
400
|
+
|
401
|
+
static int hash_c_batch(const PMBTOKEN_METHOD *method, EC_SCALAR *out,
|
402
|
+
const CBB *points, size_t index) {
|
403
|
+
static const uint8_t kDLEQBatchLabel[] = "DLEQ BATCH";
|
404
|
+
if (index > 0xffff) {
|
405
|
+
// The protocol supports only two-byte batches.
|
406
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
|
407
|
+
return 0;
|
408
|
+
}
|
409
|
+
|
410
|
+
int ok = 0;
|
411
|
+
CBB cbb;
|
412
|
+
CBB_zero(&cbb);
|
413
|
+
uint8_t *buf = NULL;
|
414
|
+
size_t len;
|
415
|
+
if (!CBB_init(&cbb, 0) ||
|
416
|
+
!CBB_add_bytes(&cbb, kDLEQBatchLabel, sizeof(kDLEQBatchLabel)) ||
|
417
|
+
!CBB_add_bytes(&cbb, CBB_data(points), CBB_len(points)) ||
|
418
|
+
!CBB_add_u16(&cbb, (uint16_t)index) ||
|
419
|
+
!CBB_finish(&cbb, &buf, &len) ||
|
420
|
+
!method->hash_c(method->group, out, buf, len)) {
|
421
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
422
|
+
goto err;
|
423
|
+
}
|
424
|
+
|
425
|
+
ok = 1;
|
426
|
+
|
427
|
+
err:
|
428
|
+
CBB_cleanup(&cbb);
|
429
|
+
OPENSSL_free(buf);
|
430
|
+
return ok;
|
431
|
+
}
|
432
|
+
|
433
|
+
// The DLEQ2 and DLEQOR2 constructions are described in appendix B of
|
434
|
+
// https://eprint.iacr.org/2020/072/20200324:214215. DLEQ2 is an instance of
|
435
|
+
// DLEQOR2 with only one value (n=1).
|
436
|
+
|
437
|
+
static int dleq_generate(const PMBTOKEN_METHOD *method, CBB *cbb,
|
438
|
+
const PMBTOKEN_ISSUER_KEY *priv, const EC_RAW_POINT *T,
|
439
|
+
const EC_RAW_POINT *S, const EC_RAW_POINT *W,
|
440
|
+
const EC_RAW_POINT *Ws, uint8_t private_metadata) {
|
441
|
+
const EC_GROUP *group = method->group;
|
442
|
+
|
443
|
+
// We generate a DLEQ proof for the validity token and a DLEQOR2 proof for the
|
444
|
+
// private metadata token. To allow amortizing Jacobian-to-affine conversions,
|
445
|
+
// we compute Ki for both proofs first.
|
446
|
+
enum {
|
447
|
+
idx_T,
|
448
|
+
idx_S,
|
449
|
+
idx_W,
|
450
|
+
idx_Ws,
|
451
|
+
idx_Ks0,
|
452
|
+
idx_Ks1,
|
453
|
+
idx_Kb0,
|
454
|
+
idx_Kb1,
|
455
|
+
idx_Ko0,
|
456
|
+
idx_Ko1,
|
457
|
+
num_idx,
|
458
|
+
};
|
459
|
+
EC_RAW_POINT jacobians[num_idx];
|
460
|
+
|
461
|
+
// Setup the DLEQ proof.
|
462
|
+
EC_SCALAR ks0, ks1;
|
463
|
+
if (// ks0, ks1 <- Zp
|
464
|
+
!ec_random_nonzero_scalar(group, &ks0, kDefaultAdditionalData) ||
|
465
|
+
!ec_random_nonzero_scalar(group, &ks1, kDefaultAdditionalData) ||
|
466
|
+
// Ks = ks0*(G;T) + ks1*(H;S)
|
467
|
+
!ec_point_mul_scalar_precomp(group, &jacobians[idx_Ks0],
|
468
|
+
&method->g_precomp, &ks0, &method->h_precomp,
|
469
|
+
&ks1, NULL, NULL) ||
|
470
|
+
!ec_point_mul_scalar_batch(group, &jacobians[idx_Ks1], T, &ks0, S, &ks1,
|
471
|
+
NULL, NULL)) {
|
472
|
+
return 0;
|
473
|
+
}
|
474
|
+
|
475
|
+
// Setup the DLEQOR proof. First, select values of xb, yb (keys corresponding
|
476
|
+
// to the private metadata value) and pubo (public key corresponding to the
|
477
|
+
// other value) in constant time.
|
478
|
+
BN_ULONG mask = ((BN_ULONG)0) - (private_metadata & 1);
|
479
|
+
EC_PRECOMP pubo_precomp;
|
480
|
+
EC_SCALAR xb, yb;
|
481
|
+
ec_scalar_select(group, &xb, mask, &priv->x1, &priv->x0);
|
482
|
+
ec_scalar_select(group, &yb, mask, &priv->y1, &priv->y0);
|
483
|
+
ec_precomp_select(group, &pubo_precomp, mask, &priv->pub0_precomp,
|
484
|
+
&priv->pub1_precomp);
|
485
|
+
|
486
|
+
EC_SCALAR k0, k1, minus_co, uo, vo;
|
487
|
+
if (// k0, k1 <- Zp
|
488
|
+
!ec_random_nonzero_scalar(group, &k0, kDefaultAdditionalData) ||
|
489
|
+
!ec_random_nonzero_scalar(group, &k1, kDefaultAdditionalData) ||
|
490
|
+
// Kb = k0*(G;T) + k1*(H;S)
|
491
|
+
!ec_point_mul_scalar_precomp(group, &jacobians[idx_Kb0],
|
492
|
+
&method->g_precomp, &k0, &method->h_precomp,
|
493
|
+
&k1, NULL, NULL) ||
|
494
|
+
!ec_point_mul_scalar_batch(group, &jacobians[idx_Kb1], T, &k0, S, &k1,
|
495
|
+
NULL, NULL) ||
|
496
|
+
// co, uo, vo <- Zp
|
497
|
+
!ec_random_nonzero_scalar(group, &minus_co, kDefaultAdditionalData) ||
|
498
|
+
!ec_random_nonzero_scalar(group, &uo, kDefaultAdditionalData) ||
|
499
|
+
!ec_random_nonzero_scalar(group, &vo, kDefaultAdditionalData) ||
|
500
|
+
// Ko = uo*(G;T) + vo*(H;S) - co*(pubo;W)
|
501
|
+
!ec_point_mul_scalar_precomp(group, &jacobians[idx_Ko0],
|
502
|
+
&method->g_precomp, &uo, &method->h_precomp,
|
503
|
+
&vo, &pubo_precomp, &minus_co) ||
|
504
|
+
!ec_point_mul_scalar_batch(group, &jacobians[idx_Ko1], T, &uo, S, &vo, W,
|
505
|
+
&minus_co)) {
|
506
|
+
return 0;
|
507
|
+
}
|
508
|
+
|
509
|
+
EC_AFFINE affines[num_idx];
|
510
|
+
jacobians[idx_T] = *T;
|
511
|
+
jacobians[idx_S] = *S;
|
512
|
+
jacobians[idx_W] = *W;
|
513
|
+
jacobians[idx_Ws] = *Ws;
|
514
|
+
if (!ec_jacobian_to_affine_batch(group, affines, jacobians, num_idx)) {
|
515
|
+
return 0;
|
516
|
+
}
|
517
|
+
|
518
|
+
// Select the K corresponding to K0 and K1 in constant-time.
|
519
|
+
EC_AFFINE K00, K01, K10, K11;
|
520
|
+
ec_affine_select(group, &K00, mask, &affines[idx_Ko0], &affines[idx_Kb0]);
|
521
|
+
ec_affine_select(group, &K01, mask, &affines[idx_Ko1], &affines[idx_Kb1]);
|
522
|
+
ec_affine_select(group, &K10, mask, &affines[idx_Kb0], &affines[idx_Ko0]);
|
523
|
+
ec_affine_select(group, &K11, mask, &affines[idx_Kb1], &affines[idx_Ko1]);
|
524
|
+
|
525
|
+
// Compute c = Hc(...) for the two proofs.
|
526
|
+
EC_SCALAR cs, c;
|
527
|
+
if (!hash_c_dleq(method, &cs, &priv->pubs, &affines[idx_T], &affines[idx_S],
|
528
|
+
&affines[idx_Ws], &affines[idx_Ks0], &affines[idx_Ks1]) ||
|
529
|
+
!hash_c_dleqor(method, &c, &priv->pub0, &priv->pub1, &affines[idx_T],
|
530
|
+
&affines[idx_S], &affines[idx_W], &K00, &K01, &K10,
|
531
|
+
&K11)) {
|
532
|
+
return 0;
|
533
|
+
}
|
534
|
+
|
535
|
+
// Compute cb, ub, and ub for the two proofs. In each of these products, only
|
536
|
+
// one operand is in Montgomery form, so the product does not need to be
|
537
|
+
// converted.
|
538
|
+
|
539
|
+
EC_SCALAR cs_mont;
|
540
|
+
ec_scalar_to_montgomery(group, &cs_mont, &cs);
|
541
|
+
|
542
|
+
// us = ks0 + cs*xs
|
543
|
+
EC_SCALAR us, vs;
|
544
|
+
ec_scalar_mul_montgomery(group, &us, &priv->xs, &cs_mont);
|
545
|
+
ec_scalar_add(group, &us, &ks0, &us);
|
546
|
+
|
547
|
+
// vs = ks1 + cs*ys
|
548
|
+
ec_scalar_mul_montgomery(group, &vs, &priv->ys, &cs_mont);
|
549
|
+
ec_scalar_add(group, &vs, &ks1, &vs);
|
550
|
+
|
551
|
+
// Store DLEQ2 proof in transcript.
|
552
|
+
if (!scalar_to_cbb(cbb, group, &cs) ||
|
553
|
+
!scalar_to_cbb(cbb, group, &us) ||
|
554
|
+
!scalar_to_cbb(cbb, group, &vs)) {
|
555
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
556
|
+
return 0;
|
557
|
+
}
|
558
|
+
|
559
|
+
// cb = c - co
|
560
|
+
EC_SCALAR cb, ub, vb;
|
561
|
+
ec_scalar_add(group, &cb, &c, &minus_co);
|
562
|
+
|
563
|
+
EC_SCALAR cb_mont;
|
564
|
+
ec_scalar_to_montgomery(group, &cb_mont, &cb);
|
565
|
+
|
566
|
+
// ub = k0 + cb*xb
|
567
|
+
ec_scalar_mul_montgomery(group, &ub, &xb, &cb_mont);
|
568
|
+
ec_scalar_add(group, &ub, &k0, &ub);
|
569
|
+
|
570
|
+
// vb = k1 + cb*yb
|
571
|
+
ec_scalar_mul_montgomery(group, &vb, &yb, &cb_mont);
|
572
|
+
ec_scalar_add(group, &vb, &k1, &vb);
|
573
|
+
|
574
|
+
// Select c, u, v in constant-time.
|
575
|
+
EC_SCALAR co, c0, c1, u0, u1, v0, v1;
|
576
|
+
ec_scalar_neg(group, &co, &minus_co);
|
577
|
+
ec_scalar_select(group, &c0, mask, &co, &cb);
|
578
|
+
ec_scalar_select(group, &u0, mask, &uo, &ub);
|
579
|
+
ec_scalar_select(group, &v0, mask, &vo, &vb);
|
580
|
+
ec_scalar_select(group, &c1, mask, &cb, &co);
|
581
|
+
ec_scalar_select(group, &u1, mask, &ub, &uo);
|
582
|
+
ec_scalar_select(group, &v1, mask, &vb, &vo);
|
583
|
+
|
584
|
+
// Store DLEQOR2 proof in transcript.
|
585
|
+
if (!scalar_to_cbb(cbb, group, &c0) ||
|
586
|
+
!scalar_to_cbb(cbb, group, &c1) ||
|
587
|
+
!scalar_to_cbb(cbb, group, &u0) ||
|
588
|
+
!scalar_to_cbb(cbb, group, &u1) ||
|
589
|
+
!scalar_to_cbb(cbb, group, &v0) ||
|
590
|
+
!scalar_to_cbb(cbb, group, &v1)) {
|
591
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
592
|
+
return 0;
|
593
|
+
}
|
594
|
+
|
595
|
+
return 1;
|
596
|
+
}
|
597
|
+
|
598
|
+
static int dleq_verify(const PMBTOKEN_METHOD *method, CBS *cbs,
|
599
|
+
const PMBTOKEN_CLIENT_KEY *pub, const EC_RAW_POINT *T,
|
600
|
+
const EC_RAW_POINT *S, const EC_RAW_POINT *W,
|
601
|
+
const EC_RAW_POINT *Ws) {
|
602
|
+
const EC_GROUP *group = method->group;
|
603
|
+
const EC_RAW_POINT *g = &group->generator->raw;
|
604
|
+
|
605
|
+
// We verify a DLEQ proof for the validity token and a DLEQOR2 proof for the
|
606
|
+
// private metadata token. To allow amortizing Jacobian-to-affine conversions,
|
607
|
+
// we compute Ki for both proofs first. Additionally, all inputs to this
|
608
|
+
// function are public, so we can use the faster variable-time
|
609
|
+
// multiplications.
|
610
|
+
enum {
|
611
|
+
idx_T,
|
612
|
+
idx_S,
|
613
|
+
idx_W,
|
614
|
+
idx_Ws,
|
615
|
+
idx_Ks0,
|
616
|
+
idx_Ks1,
|
617
|
+
idx_K00,
|
618
|
+
idx_K01,
|
619
|
+
idx_K10,
|
620
|
+
idx_K11,
|
621
|
+
num_idx,
|
622
|
+
};
|
623
|
+
EC_RAW_POINT jacobians[num_idx];
|
624
|
+
|
625
|
+
// Decode the DLEQ proof.
|
626
|
+
EC_SCALAR cs, us, vs;
|
627
|
+
if (!scalar_from_cbs(cbs, group, &cs) ||
|
628
|
+
!scalar_from_cbs(cbs, group, &us) ||
|
629
|
+
!scalar_from_cbs(cbs, group, &vs)) {
|
630
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
631
|
+
return 0;
|
632
|
+
}
|
633
|
+
|
634
|
+
// Ks = us*(G;T) + vs*(H;S) - cs*(pubs;Ws)
|
635
|
+
EC_RAW_POINT pubs;
|
636
|
+
ec_affine_to_jacobian(group, &pubs, &pub->pubs);
|
637
|
+
EC_SCALAR minus_cs;
|
638
|
+
ec_scalar_neg(group, &minus_cs, &cs);
|
639
|
+
if (!mul_public_3(group, &jacobians[idx_Ks0], g, &us, &method->h, &vs, &pubs,
|
640
|
+
&minus_cs) ||
|
641
|
+
!mul_public_3(group, &jacobians[idx_Ks1], T, &us, S, &vs, Ws,
|
642
|
+
&minus_cs)) {
|
643
|
+
return 0;
|
644
|
+
}
|
645
|
+
|
646
|
+
// Decode the DLEQOR proof.
|
647
|
+
EC_SCALAR c0, c1, u0, u1, v0, v1;
|
648
|
+
if (!scalar_from_cbs(cbs, group, &c0) ||
|
649
|
+
!scalar_from_cbs(cbs, group, &c1) ||
|
650
|
+
!scalar_from_cbs(cbs, group, &u0) ||
|
651
|
+
!scalar_from_cbs(cbs, group, &u1) ||
|
652
|
+
!scalar_from_cbs(cbs, group, &v0) ||
|
653
|
+
!scalar_from_cbs(cbs, group, &v1)) {
|
654
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
655
|
+
return 0;
|
656
|
+
}
|
657
|
+
|
658
|
+
EC_RAW_POINT pub0, pub1;
|
659
|
+
ec_affine_to_jacobian(group, &pub0, &pub->pub0);
|
660
|
+
ec_affine_to_jacobian(group, &pub1, &pub->pub1);
|
661
|
+
EC_SCALAR minus_c0, minus_c1;
|
662
|
+
ec_scalar_neg(group, &minus_c0, &c0);
|
663
|
+
ec_scalar_neg(group, &minus_c1, &c1);
|
664
|
+
if (// K0 = u0*(G;T) + v0*(H;S) - c0*(pub0;W)
|
665
|
+
!mul_public_3(group, &jacobians[idx_K00], g, &u0, &method->h, &v0, &pub0,
|
666
|
+
&minus_c0) ||
|
667
|
+
!mul_public_3(group, &jacobians[idx_K01], T, &u0, S, &v0, W, &minus_c0) ||
|
668
|
+
// K1 = u1*(G;T) + v1*(H;S) - c1*(pub1;W)
|
669
|
+
!mul_public_3(group, &jacobians[idx_K10], g, &u1, &method->h, &v1, &pub1,
|
670
|
+
&minus_c1) ||
|
671
|
+
!mul_public_3(group, &jacobians[idx_K11], T, &u1, S, &v1, W, &minus_c1)) {
|
672
|
+
return 0;
|
673
|
+
}
|
674
|
+
|
675
|
+
EC_AFFINE affines[num_idx];
|
676
|
+
jacobians[idx_T] = *T;
|
677
|
+
jacobians[idx_S] = *S;
|
678
|
+
jacobians[idx_W] = *W;
|
679
|
+
jacobians[idx_Ws] = *Ws;
|
680
|
+
if (!ec_jacobian_to_affine_batch(group, affines, jacobians, num_idx)) {
|
681
|
+
return 0;
|
682
|
+
}
|
683
|
+
|
684
|
+
// Check the DLEQ proof.
|
685
|
+
EC_SCALAR calculated;
|
686
|
+
if (!hash_c_dleq(method, &calculated, &pub->pubs, &affines[idx_T],
|
687
|
+
&affines[idx_S], &affines[idx_Ws], &affines[idx_Ks0],
|
688
|
+
&affines[idx_Ks1])) {
|
689
|
+
return 0;
|
690
|
+
}
|
691
|
+
|
692
|
+
// cs == calculated
|
693
|
+
if (!ec_scalar_equal_vartime(group, &cs, &calculated)) {
|
694
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_PROOF);
|
695
|
+
return 0;
|
696
|
+
}
|
697
|
+
|
698
|
+
// Check the DLEQOR proof.
|
699
|
+
if (!hash_c_dleqor(method, &calculated, &pub->pub0, &pub->pub1,
|
700
|
+
&affines[idx_T], &affines[idx_S], &affines[idx_W],
|
701
|
+
&affines[idx_K00], &affines[idx_K01], &affines[idx_K10],
|
702
|
+
&affines[idx_K11])) {
|
703
|
+
return 0;
|
704
|
+
}
|
705
|
+
|
706
|
+
// c0 + c1 == calculated
|
707
|
+
EC_SCALAR c;
|
708
|
+
ec_scalar_add(group, &c, &c0, &c1);
|
709
|
+
if (!ec_scalar_equal_vartime(group, &c, &calculated)) {
|
710
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_PROOF);
|
711
|
+
return 0;
|
712
|
+
}
|
713
|
+
|
714
|
+
return 1;
|
715
|
+
}
|
716
|
+
|
717
|
+
static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
718
|
+
const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
719
|
+
size_t num_requested, size_t num_to_issue,
|
720
|
+
uint8_t private_metadata) {
|
721
|
+
const EC_GROUP *group = method->group;
|
722
|
+
if (num_requested < num_to_issue) {
|
723
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
|
724
|
+
return 0;
|
725
|
+
}
|
726
|
+
|
727
|
+
int ret = 0;
|
728
|
+
EC_RAW_POINT *Tps = NULL;
|
729
|
+
EC_RAW_POINT *Sps = NULL;
|
730
|
+
EC_RAW_POINT *Wps = NULL;
|
731
|
+
EC_RAW_POINT *Wsps = NULL;
|
732
|
+
EC_SCALAR *es = NULL;
|
733
|
+
CBB batch_cbb;
|
734
|
+
CBB_zero(&batch_cbb);
|
735
|
+
if (method->batched_proof) {
|
736
|
+
if (num_to_issue > ((size_t)-1) / sizeof(EC_RAW_POINT) ||
|
737
|
+
num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) {
|
738
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
|
739
|
+
goto err;
|
740
|
+
}
|
741
|
+
Tps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
|
742
|
+
Sps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
|
743
|
+
Wps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
|
744
|
+
Wsps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
|
745
|
+
es = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR));
|
746
|
+
if (!Tps ||
|
747
|
+
!Sps ||
|
748
|
+
!Wps ||
|
749
|
+
!Wsps ||
|
750
|
+
!es ||
|
751
|
+
!CBB_init(&batch_cbb, 0) ||
|
752
|
+
!point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
|
753
|
+
!point_to_cbb(&batch_cbb, method->group, &key->pub0) ||
|
754
|
+
!point_to_cbb(&batch_cbb, method->group, &key->pub1)) {
|
755
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
756
|
+
goto err;
|
757
|
+
}
|
758
|
+
}
|
759
|
+
|
760
|
+
for (size_t i = 0; i < num_to_issue; i++) {
|
761
|
+
EC_AFFINE Tp_affine;
|
762
|
+
EC_RAW_POINT Tp;
|
763
|
+
if (!cbs_get_prefixed_point(cbs, group, &Tp_affine)) {
|
764
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
765
|
+
goto err;
|
766
|
+
}
|
767
|
+
ec_affine_to_jacobian(group, &Tp, &Tp_affine);
|
768
|
+
|
769
|
+
EC_SCALAR xb, yb;
|
770
|
+
BN_ULONG mask = ((BN_ULONG)0) - (private_metadata & 1);
|
771
|
+
ec_scalar_select(group, &xb, mask, &key->x1, &key->x0);
|
772
|
+
ec_scalar_select(group, &yb, mask, &key->y1, &key->y0);
|
773
|
+
|
774
|
+
uint8_t s[PMBTOKEN_NONCE_SIZE];
|
775
|
+
RAND_bytes(s, PMBTOKEN_NONCE_SIZE);
|
776
|
+
// The |jacobians| and |affines| contain Sp, Wp, and Wsp.
|
777
|
+
EC_RAW_POINT jacobians[3];
|
778
|
+
EC_AFFINE affines[3];
|
779
|
+
CBB child;
|
780
|
+
if (!method->hash_s(group, &jacobians[0], &Tp_affine, s) ||
|
781
|
+
!ec_point_mul_scalar_batch(group, &jacobians[1], &Tp, &xb,
|
782
|
+
&jacobians[0], &yb, NULL, NULL) ||
|
783
|
+
!ec_point_mul_scalar_batch(group, &jacobians[2], &Tp, &key->xs,
|
784
|
+
&jacobians[0], &key->ys, NULL, NULL) ||
|
785
|
+
!ec_jacobian_to_affine_batch(group, affines, jacobians, 3) ||
|
786
|
+
!CBB_add_bytes(cbb, s, PMBTOKEN_NONCE_SIZE) ||
|
787
|
+
// TODO(https://crbug.com/boringssl/331): When updating the key format,
|
788
|
+
// remove the redundant length prefixes.
|
789
|
+
!CBB_add_u16_length_prefixed(cbb, &child) ||
|
790
|
+
!point_to_cbb(&child, group, &affines[1]) ||
|
791
|
+
!CBB_add_u16_length_prefixed(cbb, &child) ||
|
792
|
+
!point_to_cbb(&child, group, &affines[2])) {
|
793
|
+
goto err;
|
794
|
+
}
|
795
|
+
|
796
|
+
if (!method->batched_proof) {
|
797
|
+
if (!CBB_add_u16_length_prefixed(cbb, &child) ||
|
798
|
+
!dleq_generate(method, &child, key, &Tp, &jacobians[0], &jacobians[1],
|
799
|
+
&jacobians[2], private_metadata)) {
|
800
|
+
goto err;
|
801
|
+
}
|
802
|
+
} else {
|
803
|
+
if (!point_to_cbb(&batch_cbb, group, &Tp_affine) ||
|
804
|
+
!point_to_cbb(&batch_cbb, group, &affines[0]) ||
|
805
|
+
!point_to_cbb(&batch_cbb, group, &affines[1]) ||
|
806
|
+
!point_to_cbb(&batch_cbb, group, &affines[2])) {
|
807
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
808
|
+
goto err;
|
809
|
+
}
|
810
|
+
Tps[i] = Tp;
|
811
|
+
Sps[i] = jacobians[0];
|
812
|
+
Wps[i] = jacobians[1];
|
813
|
+
Wsps[i] = jacobians[2];
|
814
|
+
}
|
815
|
+
|
816
|
+
if (!CBB_flush(cbb)) {
|
817
|
+
goto err;
|
818
|
+
}
|
819
|
+
}
|
820
|
+
|
821
|
+
// The DLEQ batching construction is described in appendix B of
|
822
|
+
// https://eprint.iacr.org/2020/072/20200324:214215. Note the additional
|
823
|
+
// computations all act on public inputs.
|
824
|
+
if (method->batched_proof) {
|
825
|
+
for (size_t i = 0; i < num_to_issue; i++) {
|
826
|
+
if (!hash_c_batch(method, &es[i], &batch_cbb, i)) {
|
827
|
+
goto err;
|
828
|
+
}
|
829
|
+
}
|
830
|
+
|
831
|
+
EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch;
|
832
|
+
if (!ec_point_mul_scalar_public_batch(group, &Tp_batch,
|
833
|
+
/*g_scalar=*/NULL, Tps, es,
|
834
|
+
num_to_issue) ||
|
835
|
+
!ec_point_mul_scalar_public_batch(group, &Sp_batch,
|
836
|
+
/*g_scalar=*/NULL, Sps, es,
|
837
|
+
num_to_issue) ||
|
838
|
+
!ec_point_mul_scalar_public_batch(group, &Wp_batch,
|
839
|
+
/*g_scalar=*/NULL, Wps, es,
|
840
|
+
num_to_issue) ||
|
841
|
+
!ec_point_mul_scalar_public_batch(group, &Wsp_batch,
|
842
|
+
/*g_scalar=*/NULL, Wsps, es,
|
843
|
+
num_to_issue)) {
|
844
|
+
goto err;
|
845
|
+
}
|
846
|
+
|
847
|
+
CBB proof;
|
848
|
+
if (!CBB_add_u16_length_prefixed(cbb, &proof) ||
|
849
|
+
!dleq_generate(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch,
|
850
|
+
&Wsp_batch, private_metadata) ||
|
851
|
+
!CBB_flush(cbb)) {
|
852
|
+
goto err;
|
853
|
+
}
|
854
|
+
}
|
855
|
+
|
856
|
+
// Skip over any unused requests.
|
857
|
+
size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
|
858
|
+
if (!CBS_skip(cbs, (2 + point_len) * (num_requested - num_to_issue))) {
|
859
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
860
|
+
goto err;
|
861
|
+
}
|
862
|
+
|
863
|
+
ret = 1;
|
864
|
+
|
865
|
+
err:
|
866
|
+
OPENSSL_free(Tps);
|
867
|
+
OPENSSL_free(Sps);
|
868
|
+
OPENSSL_free(Wps);
|
869
|
+
OPENSSL_free(Wsps);
|
870
|
+
OPENSSL_free(es);
|
871
|
+
CBB_cleanup(&batch_cbb);
|
872
|
+
return ret;
|
873
|
+
}
|
874
|
+
|
875
|
+
static STACK_OF(TRUST_TOKEN) *
|
876
|
+
pmbtoken_unblind(const PMBTOKEN_METHOD *method,
|
877
|
+
const PMBTOKEN_CLIENT_KEY *key,
|
878
|
+
const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens, CBS *cbs,
|
879
|
+
size_t count, uint32_t key_id) {
|
880
|
+
const EC_GROUP *group = method->group;
|
881
|
+
if (count > sk_PMBTOKEN_PRETOKEN_num(pretokens)) {
|
882
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
883
|
+
return NULL;
|
884
|
+
}
|
885
|
+
|
886
|
+
int ok = 0;
|
887
|
+
STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null();
|
888
|
+
if (ret == NULL) {
|
889
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
890
|
+
return NULL;
|
891
|
+
}
|
892
|
+
|
893
|
+
EC_RAW_POINT *Tps = NULL;
|
894
|
+
EC_RAW_POINT *Sps = NULL;
|
895
|
+
EC_RAW_POINT *Wps = NULL;
|
896
|
+
EC_RAW_POINT *Wsps = NULL;
|
897
|
+
EC_SCALAR *es = NULL;
|
898
|
+
CBB batch_cbb;
|
899
|
+
CBB_zero(&batch_cbb);
|
900
|
+
if (method->batched_proof) {
|
901
|
+
if (count > ((size_t)-1) / sizeof(EC_RAW_POINT) ||
|
902
|
+
count > ((size_t)-1) / sizeof(EC_SCALAR)) {
|
903
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
|
904
|
+
goto err;
|
905
|
+
}
|
906
|
+
Tps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
|
907
|
+
Sps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
|
908
|
+
Wps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
|
909
|
+
Wsps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
|
910
|
+
es = OPENSSL_malloc(count * sizeof(EC_SCALAR));
|
911
|
+
if (!Tps ||
|
912
|
+
!Sps ||
|
913
|
+
!Wps ||
|
914
|
+
!Wsps ||
|
915
|
+
!es ||
|
916
|
+
!CBB_init(&batch_cbb, 0) ||
|
917
|
+
!point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
|
918
|
+
!point_to_cbb(&batch_cbb, method->group, &key->pub0) ||
|
919
|
+
!point_to_cbb(&batch_cbb, method->group, &key->pub1)) {
|
920
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
921
|
+
goto err;
|
922
|
+
}
|
923
|
+
}
|
924
|
+
|
925
|
+
for (size_t i = 0; i < count; i++) {
|
926
|
+
const PMBTOKEN_PRETOKEN *pretoken =
|
927
|
+
sk_PMBTOKEN_PRETOKEN_value(pretokens, i);
|
928
|
+
|
929
|
+
uint8_t s[PMBTOKEN_NONCE_SIZE];
|
930
|
+
EC_AFFINE Wp_affine, Wsp_affine;
|
931
|
+
CBS proof;
|
932
|
+
if (!CBS_copy_bytes(cbs, s, PMBTOKEN_NONCE_SIZE) ||
|
933
|
+
!cbs_get_prefixed_point(cbs, group, &Wp_affine) ||
|
934
|
+
!cbs_get_prefixed_point(cbs, group, &Wsp_affine)) {
|
935
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
936
|
+
goto err;
|
937
|
+
}
|
938
|
+
|
939
|
+
EC_RAW_POINT Tp, Wp, Wsp, Sp;
|
940
|
+
ec_affine_to_jacobian(group, &Tp, &pretoken->Tp);
|
941
|
+
ec_affine_to_jacobian(group, &Wp, &Wp_affine);
|
942
|
+
ec_affine_to_jacobian(group, &Wsp, &Wsp_affine);
|
943
|
+
if (!method->hash_s(group, &Sp, &pretoken->Tp, s)) {
|
944
|
+
goto err;
|
945
|
+
}
|
946
|
+
|
947
|
+
if (!method->batched_proof) {
|
948
|
+
if(!CBS_get_u16_length_prefixed(cbs, &proof)) {
|
949
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
950
|
+
goto err;
|
951
|
+
}
|
952
|
+
|
953
|
+
if (!dleq_verify(method, &proof, key, &Tp, &Sp, &Wp, &Wsp)) {
|
954
|
+
goto err;
|
955
|
+
}
|
956
|
+
|
957
|
+
if (CBS_len(&proof) != 0) {
|
958
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
959
|
+
goto err;
|
960
|
+
}
|
961
|
+
} else {
|
962
|
+
EC_AFFINE Sp_affine;
|
963
|
+
if (!point_to_cbb(&batch_cbb, group, &pretoken->Tp) ||
|
964
|
+
!ec_jacobian_to_affine(group, &Sp_affine, &Sp) ||
|
965
|
+
!point_to_cbb(&batch_cbb, group, &Sp_affine) ||
|
966
|
+
!point_to_cbb(&batch_cbb, group, &Wp_affine) ||
|
967
|
+
!point_to_cbb(&batch_cbb, group, &Wsp_affine)) {
|
968
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
969
|
+
goto err;
|
970
|
+
}
|
971
|
+
Tps[i] = Tp;
|
972
|
+
Sps[i] = Sp;
|
973
|
+
Wps[i] = Wp;
|
974
|
+
Wsps[i] = Wsp;
|
975
|
+
}
|
976
|
+
|
977
|
+
// Unblind the token.
|
978
|
+
EC_RAW_POINT jacobians[3];
|
979
|
+
EC_AFFINE affines[3];
|
980
|
+
if (!ec_point_mul_scalar(group, &jacobians[0], &Sp, &pretoken->r) ||
|
981
|
+
!ec_point_mul_scalar(group, &jacobians[1], &Wp, &pretoken->r) ||
|
982
|
+
!ec_point_mul_scalar(group, &jacobians[2], &Wsp, &pretoken->r) ||
|
983
|
+
!ec_jacobian_to_affine_batch(group, affines, jacobians, 3)) {
|
984
|
+
goto err;
|
985
|
+
}
|
986
|
+
|
987
|
+
// Serialize the token. Include |key_id| to avoid an extra copy in the layer
|
988
|
+
// above.
|
989
|
+
CBB token_cbb, child;
|
990
|
+
size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
|
991
|
+
if (!CBB_init(&token_cbb, 4 + PMBTOKEN_NONCE_SIZE + 3 * (2 + point_len)) ||
|
992
|
+
!CBB_add_u32(&token_cbb, key_id) ||
|
993
|
+
!CBB_add_bytes(&token_cbb, pretoken->t, PMBTOKEN_NONCE_SIZE) ||
|
994
|
+
// TODO(https://crbug.com/boringssl/331): When updating the key format,
|
995
|
+
// remove the redundant length prefixes.
|
996
|
+
!CBB_add_u16_length_prefixed(&token_cbb, &child) ||
|
997
|
+
!point_to_cbb(&child, group, &affines[0]) ||
|
998
|
+
!CBB_add_u16_length_prefixed(&token_cbb, &child) ||
|
999
|
+
!point_to_cbb(&child, group, &affines[1]) ||
|
1000
|
+
!CBB_add_u16_length_prefixed(&token_cbb, &child) ||
|
1001
|
+
!point_to_cbb(&child, group, &affines[2]) ||
|
1002
|
+
!CBB_flush(&token_cbb)) {
|
1003
|
+
CBB_cleanup(&token_cbb);
|
1004
|
+
goto err;
|
1005
|
+
}
|
1006
|
+
|
1007
|
+
TRUST_TOKEN *token =
|
1008
|
+
TRUST_TOKEN_new(CBB_data(&token_cbb), CBB_len(&token_cbb));
|
1009
|
+
CBB_cleanup(&token_cbb);
|
1010
|
+
if (token == NULL ||
|
1011
|
+
!sk_TRUST_TOKEN_push(ret, token)) {
|
1012
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
1013
|
+
TRUST_TOKEN_free(token);
|
1014
|
+
goto err;
|
1015
|
+
}
|
1016
|
+
}
|
1017
|
+
|
1018
|
+
// The DLEQ batching construction is described in appendix B of
|
1019
|
+
// https://eprint.iacr.org/2020/072/20200324:214215. Note the additional
|
1020
|
+
// computations all act on public inputs.
|
1021
|
+
if (method->batched_proof) {
|
1022
|
+
for (size_t i = 0; i < count; i++) {
|
1023
|
+
if (!hash_c_batch(method, &es[i], &batch_cbb, i)) {
|
1024
|
+
goto err;
|
1025
|
+
}
|
1026
|
+
}
|
1027
|
+
|
1028
|
+
EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch;
|
1029
|
+
if (!ec_point_mul_scalar_public_batch(group, &Tp_batch,
|
1030
|
+
/*g_scalar=*/NULL, Tps, es, count) ||
|
1031
|
+
!ec_point_mul_scalar_public_batch(group, &Sp_batch,
|
1032
|
+
/*g_scalar=*/NULL, Sps, es, count) ||
|
1033
|
+
!ec_point_mul_scalar_public_batch(group, &Wp_batch,
|
1034
|
+
/*g_scalar=*/NULL, Wps, es, count) ||
|
1035
|
+
!ec_point_mul_scalar_public_batch(group, &Wsp_batch,
|
1036
|
+
/*g_scalar=*/NULL, Wsps, es, count)) {
|
1037
|
+
goto err;
|
1038
|
+
}
|
1039
|
+
|
1040
|
+
CBS proof;
|
1041
|
+
if (!CBS_get_u16_length_prefixed(cbs, &proof) ||
|
1042
|
+
!dleq_verify(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch,
|
1043
|
+
&Wsp_batch) ||
|
1044
|
+
CBS_len(&proof) != 0) {
|
1045
|
+
goto err;
|
1046
|
+
}
|
1047
|
+
}
|
1048
|
+
|
1049
|
+
ok = 1;
|
1050
|
+
|
1051
|
+
err:
|
1052
|
+
OPENSSL_free(Tps);
|
1053
|
+
OPENSSL_free(Sps);
|
1054
|
+
OPENSSL_free(Wps);
|
1055
|
+
OPENSSL_free(Wsps);
|
1056
|
+
OPENSSL_free(es);
|
1057
|
+
CBB_cleanup(&batch_cbb);
|
1058
|
+
if (!ok) {
|
1059
|
+
sk_TRUST_TOKEN_pop_free(ret, TRUST_TOKEN_free);
|
1060
|
+
ret = NULL;
|
1061
|
+
}
|
1062
|
+
return ret;
|
1063
|
+
}
|
1064
|
+
|
1065
|
+
static int pmbtoken_read(const PMBTOKEN_METHOD *method,
|
1066
|
+
const PMBTOKEN_ISSUER_KEY *key,
|
1067
|
+
uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
|
1068
|
+
uint8_t *out_private_metadata, const uint8_t *token,
|
1069
|
+
size_t token_len) {
|
1070
|
+
const EC_GROUP *group = method->group;
|
1071
|
+
CBS cbs;
|
1072
|
+
CBS_init(&cbs, token, token_len);
|
1073
|
+
EC_AFFINE S, W, Ws;
|
1074
|
+
if (!CBS_copy_bytes(&cbs, out_nonce, PMBTOKEN_NONCE_SIZE) ||
|
1075
|
+
!cbs_get_prefixed_point(&cbs, group, &S) ||
|
1076
|
+
!cbs_get_prefixed_point(&cbs, group, &W) ||
|
1077
|
+
!cbs_get_prefixed_point(&cbs, group, &Ws) ||
|
1078
|
+
CBS_len(&cbs) != 0) {
|
1079
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN);
|
1080
|
+
return 0;
|
1081
|
+
}
|
1082
|
+
|
1083
|
+
|
1084
|
+
EC_RAW_POINT T;
|
1085
|
+
if (!method->hash_t(group, &T, out_nonce)) {
|
1086
|
+
return 0;
|
1087
|
+
}
|
1088
|
+
|
1089
|
+
// We perform three multiplications with S and T. This is enough that it is
|
1090
|
+
// worth using |ec_point_mul_scalar_precomp|.
|
1091
|
+
EC_RAW_POINT S_jacobian;
|
1092
|
+
EC_PRECOMP S_precomp, T_precomp;
|
1093
|
+
ec_affine_to_jacobian(group, &S_jacobian, &S);
|
1094
|
+
if (!ec_init_precomp(group, &S_precomp, &S_jacobian) ||
|
1095
|
+
!ec_init_precomp(group, &T_precomp, &T)) {
|
1096
|
+
return 0;
|
1097
|
+
}
|
1098
|
+
|
1099
|
+
EC_RAW_POINT Ws_calculated;
|
1100
|
+
// Check the validity of the token.
|
1101
|
+
if (!ec_point_mul_scalar_precomp(group, &Ws_calculated, &T_precomp, &key->xs,
|
1102
|
+
&S_precomp, &key->ys, NULL, NULL) ||
|
1103
|
+
!ec_affine_jacobian_equal(group, &Ws, &Ws_calculated)) {
|
1104
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BAD_VALIDITY_CHECK);
|
1105
|
+
return 0;
|
1106
|
+
}
|
1107
|
+
|
1108
|
+
EC_RAW_POINT W0, W1;
|
1109
|
+
if (!ec_point_mul_scalar_precomp(group, &W0, &T_precomp, &key->x0, &S_precomp,
|
1110
|
+
&key->y0, NULL, NULL) ||
|
1111
|
+
!ec_point_mul_scalar_precomp(group, &W1, &T_precomp, &key->x1, &S_precomp,
|
1112
|
+
&key->y1, NULL, NULL)) {
|
1113
|
+
return 0;
|
1114
|
+
}
|
1115
|
+
|
1116
|
+
const int is_W0 = ec_affine_jacobian_equal(group, &W, &W0);
|
1117
|
+
const int is_W1 = ec_affine_jacobian_equal(group, &W, &W1);
|
1118
|
+
const int is_valid = is_W0 ^ is_W1;
|
1119
|
+
if (!is_valid) {
|
1120
|
+
// Invalid tokens will fail the validity check above.
|
1121
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
|
1122
|
+
return 0;
|
1123
|
+
}
|
1124
|
+
|
1125
|
+
*out_private_metadata = is_W1;
|
1126
|
+
return 1;
|
1127
|
+
}
|
1128
|
+
|
1129
|
+
|
1130
|
+
// PMBTokens experiment v0.
|
1131
|
+
|
1132
|
+
static int pmbtoken_exp0_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
|
1133
|
+
const uint8_t t[PMBTOKEN_NONCE_SIZE]) {
|
1134
|
+
const uint8_t kHashTLabel[] = "PMBTokensV0 HashT";
|
1135
|
+
return ec_hash_to_curve_p521_xmd_sha512_sswu_draft06(
|
1136
|
+
group, out, kHashTLabel, sizeof(kHashTLabel), t, PMBTOKEN_NONCE_SIZE);
|
1137
|
+
}
|
1138
|
+
|
1139
|
+
static int pmbtoken_exp0_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
|
1140
|
+
const EC_AFFINE *t,
|
1141
|
+
const uint8_t s[PMBTOKEN_NONCE_SIZE]) {
|
1142
|
+
const uint8_t kHashSLabel[] = "PMBTokensV0 HashS";
|
1143
|
+
int ret = 0;
|
1144
|
+
CBB cbb;
|
1145
|
+
uint8_t *buf = NULL;
|
1146
|
+
size_t len;
|
1147
|
+
if (!CBB_init(&cbb, 0) ||
|
1148
|
+
!point_to_cbb(&cbb, group, t) ||
|
1149
|
+
!CBB_add_bytes(&cbb, s, PMBTOKEN_NONCE_SIZE) ||
|
1150
|
+
!CBB_finish(&cbb, &buf, &len) ||
|
1151
|
+
!ec_hash_to_curve_p521_xmd_sha512_sswu_draft06(
|
1152
|
+
group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
|
1153
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
1154
|
+
goto err;
|
1155
|
+
}
|
1156
|
+
|
1157
|
+
ret = 1;
|
1158
|
+
|
1159
|
+
err:
|
1160
|
+
OPENSSL_free(buf);
|
1161
|
+
CBB_cleanup(&cbb);
|
1162
|
+
return ret;
|
1163
|
+
}
|
1164
|
+
|
1165
|
+
static int pmbtoken_exp0_hash_c(const EC_GROUP *group, EC_SCALAR *out,
|
1166
|
+
uint8_t *buf, size_t len) {
|
1167
|
+
const uint8_t kHashCLabel[] = "PMBTokensV0 HashC";
|
1168
|
+
return ec_hash_to_scalar_p521_xmd_sha512_draft06(
|
1169
|
+
group, out, kHashCLabel, sizeof(kHashCLabel), buf, len);
|
1170
|
+
}
|
1171
|
+
|
1172
|
+
// H for PMBTokens v0 was generated with the following Python code.
|
1173
|
+
/*
|
1174
|
+
import hashlib
|
1175
|
+
|
1176
|
+
SEED_H = 'PrivacyPass H'
|
1177
|
+
|
1178
|
+
A = -3
|
1179
|
+
B = 0x051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00
|
1180
|
+
P = 2**521 - 1
|
1181
|
+
|
1182
|
+
def get_y(x):
|
1183
|
+
y2 = (x**3 + A*x + B) % P
|
1184
|
+
y = pow(y2, (P+1)/4, P)
|
1185
|
+
if (y*y) % P != y2:
|
1186
|
+
raise ValueError("point not on curve")
|
1187
|
+
return y
|
1188
|
+
|
1189
|
+
def bit(h,i):
|
1190
|
+
return (ord(h[i/8]) >> (i%8)) & 1
|
1191
|
+
|
1192
|
+
b = 521
|
1193
|
+
def decode_point(so):
|
1194
|
+
s = hashlib.sha256(so + '0').digest() + hashlib.sha256(so + '1').digest() + \
|
1195
|
+
hashlib.sha256(so + '2').digest()
|
1196
|
+
|
1197
|
+
x = 0
|
1198
|
+
for i in range(0,b):
|
1199
|
+
x = x + (long(bit(s,i))<<i)
|
1200
|
+
if x >= P:
|
1201
|
+
raise ValueError("x out of range")
|
1202
|
+
y = get_y(x)
|
1203
|
+
if y & 1 != bit(s,b-1): y = P-y
|
1204
|
+
return (x, y)
|
1205
|
+
|
1206
|
+
|
1207
|
+
def gen_point(seed):
|
1208
|
+
v = hashlib.sha256(seed).digest()
|
1209
|
+
it = 1
|
1210
|
+
while True:
|
1211
|
+
try:
|
1212
|
+
x,y = decode_point(v)
|
1213
|
+
except Exception, e:
|
1214
|
+
print e
|
1215
|
+
it += 1
|
1216
|
+
v = hashlib.sha256(v).digest()
|
1217
|
+
continue
|
1218
|
+
print "Found in %d iterations:" % it
|
1219
|
+
print " x = %d" % x
|
1220
|
+
print " y = %d" % y
|
1221
|
+
print " Encoded (hex): (%x, %x)" % (x, y)
|
1222
|
+
return (x, y)
|
1223
|
+
|
1224
|
+
if __name__ == "__main__":
|
1225
|
+
gen_point(SEED_H)
|
1226
|
+
*/
|
1227
|
+
static int pmbtoken_exp0_ok = 0;
|
1228
|
+
static PMBTOKEN_METHOD pmbtoken_exp0_method;
|
1229
|
+
static CRYPTO_once_t pmbtoken_exp0_method_once = CRYPTO_ONCE_INIT;
|
1230
|
+
|
1231
|
+
static void pmbtoken_exp0_init_method_impl(void) {
|
1232
|
+
static const uint8_t kH[] = {
|
1233
|
+
0x04, 0x01, 0xf0, 0xa9, 0xf7, 0x9e, 0xbc, 0x12, 0x6c, 0xef, 0xd1, 0xab,
|
1234
|
+
0x29, 0x10, 0x03, 0x6f, 0x4e, 0xf5, 0xbd, 0xeb, 0x0f, 0x6b, 0xc0, 0x5c,
|
1235
|
+
0x0e, 0xce, 0xfe, 0x59, 0x45, 0xd1, 0x3e, 0x25, 0x33, 0x7e, 0x4c, 0xda,
|
1236
|
+
0x64, 0x53, 0x54, 0x4e, 0xf9, 0x76, 0x0d, 0x6d, 0xc5, 0x39, 0x2a, 0xd4,
|
1237
|
+
0xce, 0x84, 0x6e, 0x31, 0xc2, 0x86, 0x21, 0xf9, 0x5c, 0x98, 0xb9, 0x3d,
|
1238
|
+
0x01, 0x74, 0x9f, 0xc5, 0x1e, 0x47, 0x24, 0x00, 0x5c, 0x17, 0x62, 0x51,
|
1239
|
+
0x7d, 0x32, 0x5e, 0x29, 0xac, 0x52, 0x14, 0x75, 0x6f, 0x36, 0xd9, 0xc7,
|
1240
|
+
0xfa, 0xbb, 0xa9, 0x3b, 0x9d, 0x70, 0x49, 0x1e, 0xb4, 0x53, 0xbc, 0x55,
|
1241
|
+
0xea, 0xad, 0x8f, 0x26, 0x1d, 0xe0, 0xbc, 0xf3, 0x50, 0x5c, 0x7e, 0x66,
|
1242
|
+
0x41, 0xb5, 0x61, 0x70, 0x12, 0x72, 0xac, 0x6a, 0xb0, 0x6e, 0x78, 0x3d,
|
1243
|
+
0x17, 0x08, 0xe3, 0xdf, 0x3c, 0xff, 0xa6, 0xa0, 0xea, 0x96, 0x67, 0x92,
|
1244
|
+
0xcd,
|
1245
|
+
};
|
1246
|
+
|
1247
|
+
pmbtoken_exp0_ok =
|
1248
|
+
pmbtoken_init_method(&pmbtoken_exp0_method, NID_secp521r1, kH, sizeof(kH),
|
1249
|
+
pmbtoken_exp0_hash_t, pmbtoken_exp0_hash_s,
|
1250
|
+
pmbtoken_exp0_hash_c, /*batched_proof=*/0);
|
1251
|
+
}
|
1252
|
+
|
1253
|
+
static int pmbtoken_exp0_init_method(void) {
|
1254
|
+
CRYPTO_once(&pmbtoken_exp0_method_once, pmbtoken_exp0_init_method_impl);
|
1255
|
+
if (!pmbtoken_exp0_ok) {
|
1256
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
|
1257
|
+
return 0;
|
1258
|
+
}
|
1259
|
+
return 1;
|
1260
|
+
}
|
1261
|
+
|
1262
|
+
int pmbtoken_exp0_generate_key(CBB *out_private, CBB *out_public) {
|
1263
|
+
if (!pmbtoken_exp0_init_method()) {
|
1264
|
+
return 0;
|
1265
|
+
}
|
1266
|
+
|
1267
|
+
return pmbtoken_generate_key(&pmbtoken_exp0_method, out_private, out_public);
|
1268
|
+
}
|
1269
|
+
|
1270
|
+
int pmbtoken_exp0_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
|
1271
|
+
const uint8_t *in, size_t len) {
|
1272
|
+
if (!pmbtoken_exp0_init_method()) {
|
1273
|
+
return 0;
|
1274
|
+
}
|
1275
|
+
return pmbtoken_client_key_from_bytes(&pmbtoken_exp0_method, key, in, len);
|
1276
|
+
}
|
1277
|
+
|
1278
|
+
int pmbtoken_exp0_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
|
1279
|
+
const uint8_t *in, size_t len) {
|
1280
|
+
if (!pmbtoken_exp0_init_method()) {
|
1281
|
+
return 0;
|
1282
|
+
}
|
1283
|
+
return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp0_method, key, in, len);
|
1284
|
+
}
|
1285
|
+
|
1286
|
+
STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp0_blind(CBB *cbb, size_t count) {
|
1287
|
+
if (!pmbtoken_exp0_init_method()) {
|
1288
|
+
return NULL;
|
1289
|
+
}
|
1290
|
+
return pmbtoken_blind(&pmbtoken_exp0_method, cbb, count);
|
1291
|
+
}
|
1292
|
+
|
1293
|
+
int pmbtoken_exp0_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
1294
|
+
size_t num_requested, size_t num_to_issue,
|
1295
|
+
uint8_t private_metadata) {
|
1296
|
+
if (!pmbtoken_exp0_init_method()) {
|
1297
|
+
return 0;
|
1298
|
+
}
|
1299
|
+
return pmbtoken_sign(&pmbtoken_exp0_method, key, cbb, cbs, num_requested,
|
1300
|
+
num_to_issue, private_metadata);
|
1301
|
+
}
|
1302
|
+
|
1303
|
+
STACK_OF(TRUST_TOKEN) *
|
1304
|
+
pmbtoken_exp0_unblind(const PMBTOKEN_CLIENT_KEY *key,
|
1305
|
+
const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
|
1306
|
+
CBS *cbs, size_t count, uint32_t key_id) {
|
1307
|
+
if (!pmbtoken_exp0_init_method()) {
|
1308
|
+
return NULL;
|
1309
|
+
}
|
1310
|
+
return pmbtoken_unblind(&pmbtoken_exp0_method, key, pretokens, cbs, count,
|
1311
|
+
key_id);
|
1312
|
+
}
|
1313
|
+
|
1314
|
+
int pmbtoken_exp0_read(const PMBTOKEN_ISSUER_KEY *key,
|
1315
|
+
uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
|
1316
|
+
uint8_t *out_private_metadata, const uint8_t *token,
|
1317
|
+
size_t token_len) {
|
1318
|
+
if (!pmbtoken_exp0_init_method()) {
|
1319
|
+
return 0;
|
1320
|
+
}
|
1321
|
+
return pmbtoken_read(&pmbtoken_exp0_method, key, out_nonce,
|
1322
|
+
out_private_metadata, token, token_len);
|
1323
|
+
}
|
1324
|
+
|
1325
|
+
|
1326
|
+
// PMBTokens experiment v1.
|
1327
|
+
|
1328
|
+
static int pmbtoken_exp1_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
|
1329
|
+
const uint8_t t[PMBTOKEN_NONCE_SIZE]) {
|
1330
|
+
const uint8_t kHashTLabel[] = "PMBTokens Experiment V1 HashT";
|
1331
|
+
return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
1332
|
+
group, out, kHashTLabel, sizeof(kHashTLabel), t, PMBTOKEN_NONCE_SIZE);
|
1333
|
+
}
|
1334
|
+
|
1335
|
+
static int pmbtoken_exp1_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
|
1336
|
+
const EC_AFFINE *t,
|
1337
|
+
const uint8_t s[PMBTOKEN_NONCE_SIZE]) {
|
1338
|
+
const uint8_t kHashSLabel[] = "PMBTokens Experiment V1 HashS";
|
1339
|
+
int ret = 0;
|
1340
|
+
CBB cbb;
|
1341
|
+
uint8_t *buf = NULL;
|
1342
|
+
size_t len;
|
1343
|
+
if (!CBB_init(&cbb, 0) ||
|
1344
|
+
!point_to_cbb(&cbb, group, t) ||
|
1345
|
+
!CBB_add_bytes(&cbb, s, PMBTOKEN_NONCE_SIZE) ||
|
1346
|
+
!CBB_finish(&cbb, &buf, &len) ||
|
1347
|
+
!ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
1348
|
+
group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
|
1349
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
1350
|
+
goto err;
|
1351
|
+
}
|
1352
|
+
|
1353
|
+
ret = 1;
|
1354
|
+
|
1355
|
+
err:
|
1356
|
+
OPENSSL_free(buf);
|
1357
|
+
CBB_cleanup(&cbb);
|
1358
|
+
return ret;
|
1359
|
+
}
|
1360
|
+
|
1361
|
+
static int pmbtoken_exp1_hash_c(const EC_GROUP *group, EC_SCALAR *out,
|
1362
|
+
uint8_t *buf, size_t len) {
|
1363
|
+
const uint8_t kHashCLabel[] = "PMBTokens Experiment V1 HashC";
|
1364
|
+
return ec_hash_to_scalar_p384_xmd_sha512_draft07(
|
1365
|
+
group, out, kHashCLabel, sizeof(kHashCLabel), buf, len);
|
1366
|
+
}
|
1367
|
+
|
1368
|
+
static int pmbtoken_exp1_ok = 0;
|
1369
|
+
static PMBTOKEN_METHOD pmbtoken_exp1_method;
|
1370
|
+
static CRYPTO_once_t pmbtoken_exp1_method_once = CRYPTO_ONCE_INIT;
|
1371
|
+
|
1372
|
+
static void pmbtoken_exp1_init_method_impl(void) {
|
1373
|
+
// This is the output of |ec_hash_to_scalar_p384_xmd_sha512_draft07| with DST
|
1374
|
+
// "PMBTokens Experiment V1 HashH" and message "generator".
|
1375
|
+
static const uint8_t kH[] = {
|
1376
|
+
0x04, 0x82, 0xd5, 0x68, 0xf5, 0x39, 0xf6, 0x08, 0x19, 0xa1, 0x75,
|
1377
|
+
0x9f, 0x98, 0xb5, 0x10, 0xf5, 0x0b, 0x9d, 0x2b, 0xe1, 0x64, 0x4d,
|
1378
|
+
0x02, 0x76, 0x18, 0x11, 0xf8, 0x2f, 0xd3, 0x33, 0x25, 0x1f, 0x2c,
|
1379
|
+
0xb8, 0xf6, 0xf1, 0x9e, 0x93, 0x85, 0x79, 0xb3, 0xb7, 0x81, 0xa3,
|
1380
|
+
0xe6, 0x23, 0xc3, 0x1c, 0xff, 0x03, 0xd9, 0x40, 0x6c, 0xec, 0xe0,
|
1381
|
+
0x4d, 0xea, 0xdf, 0x9d, 0x94, 0xd1, 0x87, 0xab, 0x27, 0xf7, 0x4f,
|
1382
|
+
0x53, 0xea, 0xa3, 0x18, 0x72, 0xb9, 0xd1, 0x56, 0xa0, 0x4e, 0x81,
|
1383
|
+
0xaa, 0xeb, 0x1c, 0x22, 0x6d, 0x39, 0x1c, 0x5e, 0xb1, 0x27, 0xfc,
|
1384
|
+
0x87, 0xc3, 0x95, 0xd0, 0x13, 0xb7, 0x0b, 0x5c, 0xc7,
|
1385
|
+
};
|
1386
|
+
|
1387
|
+
pmbtoken_exp1_ok =
|
1388
|
+
pmbtoken_init_method(&pmbtoken_exp1_method, NID_secp384r1, kH, sizeof(kH),
|
1389
|
+
pmbtoken_exp1_hash_t, pmbtoken_exp1_hash_s,
|
1390
|
+
pmbtoken_exp1_hash_c, /*batched_proof=*/1);
|
1391
|
+
}
|
1392
|
+
|
1393
|
+
static int pmbtoken_exp1_init_method(void) {
|
1394
|
+
CRYPTO_once(&pmbtoken_exp1_method_once, pmbtoken_exp1_init_method_impl);
|
1395
|
+
if (!pmbtoken_exp1_ok) {
|
1396
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
|
1397
|
+
return 0;
|
1398
|
+
}
|
1399
|
+
return 1;
|
1400
|
+
}
|
1401
|
+
|
1402
|
+
int pmbtoken_exp1_generate_key(CBB *out_private, CBB *out_public) {
|
1403
|
+
if (!pmbtoken_exp1_init_method()) {
|
1404
|
+
return 0;
|
1405
|
+
}
|
1406
|
+
|
1407
|
+
return pmbtoken_generate_key(&pmbtoken_exp1_method, out_private, out_public);
|
1408
|
+
}
|
1409
|
+
|
1410
|
+
int pmbtoken_exp1_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
|
1411
|
+
const uint8_t *in, size_t len) {
|
1412
|
+
if (!pmbtoken_exp1_init_method()) {
|
1413
|
+
return 0;
|
1414
|
+
}
|
1415
|
+
return pmbtoken_client_key_from_bytes(&pmbtoken_exp1_method, key, in, len);
|
1416
|
+
}
|
1417
|
+
|
1418
|
+
int pmbtoken_exp1_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
|
1419
|
+
const uint8_t *in, size_t len) {
|
1420
|
+
if (!pmbtoken_exp1_init_method()) {
|
1421
|
+
return 0;
|
1422
|
+
}
|
1423
|
+
return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp1_method, key, in, len);
|
1424
|
+
}
|
1425
|
+
|
1426
|
+
STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp1_blind(CBB *cbb, size_t count) {
|
1427
|
+
if (!pmbtoken_exp1_init_method()) {
|
1428
|
+
return NULL;
|
1429
|
+
}
|
1430
|
+
return pmbtoken_blind(&pmbtoken_exp1_method, cbb, count);
|
1431
|
+
}
|
1432
|
+
|
1433
|
+
int pmbtoken_exp1_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
1434
|
+
size_t num_requested, size_t num_to_issue,
|
1435
|
+
uint8_t private_metadata) {
|
1436
|
+
if (!pmbtoken_exp1_init_method()) {
|
1437
|
+
return 0;
|
1438
|
+
}
|
1439
|
+
return pmbtoken_sign(&pmbtoken_exp1_method, key, cbb, cbs, num_requested,
|
1440
|
+
num_to_issue, private_metadata);
|
1441
|
+
}
|
1442
|
+
|
1443
|
+
STACK_OF(TRUST_TOKEN) *
|
1444
|
+
pmbtoken_exp1_unblind(const PMBTOKEN_CLIENT_KEY *key,
|
1445
|
+
const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
|
1446
|
+
CBS *cbs, size_t count, uint32_t key_id) {
|
1447
|
+
if (!pmbtoken_exp1_init_method()) {
|
1448
|
+
return NULL;
|
1449
|
+
}
|
1450
|
+
return pmbtoken_unblind(&pmbtoken_exp1_method, key, pretokens, cbs, count,
|
1451
|
+
key_id);
|
1452
|
+
}
|
1453
|
+
|
1454
|
+
int pmbtoken_exp1_read(const PMBTOKEN_ISSUER_KEY *key,
|
1455
|
+
uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
|
1456
|
+
uint8_t *out_private_metadata, const uint8_t *token,
|
1457
|
+
size_t token_len) {
|
1458
|
+
if (!pmbtoken_exp1_init_method()) {
|
1459
|
+
return 0;
|
1460
|
+
}
|
1461
|
+
return pmbtoken_read(&pmbtoken_exp1_method, key, out_nonce,
|
1462
|
+
out_private_metadata, token, token_len);
|
1463
|
+
}
|
1464
|
+
|
1465
|
+
int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]) {
|
1466
|
+
if (!pmbtoken_exp1_init_method()) {
|
1467
|
+
return 0;
|
1468
|
+
}
|
1469
|
+
EC_AFFINE h;
|
1470
|
+
return ec_jacobian_to_affine(pmbtoken_exp1_method.group, &h,
|
1471
|
+
&pmbtoken_exp1_method.h) &&
|
1472
|
+
ec_point_to_bytes(pmbtoken_exp1_method.group, &h,
|
1473
|
+
POINT_CONVERSION_UNCOMPRESSED, out, 97) == 97;
|
1474
|
+
}
|