grpc 1.28.0.pre2 → 1.31.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +8313 -11862
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +30 -9
- data/include/grpc/grpc_security_constants.h +4 -0
- data/include/grpc/impl/codegen/grpc_types.h +23 -23
- data/include/grpc/impl/codegen/port_platform.h +6 -34
- data/include/grpc/module.modulemap +24 -39
- data/src/core/ext/filters/client_channel/backend_metric.cc +18 -12
- data/src/core/ext/filters/client_channel/client_channel.cc +618 -482
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
- data/src/core/ext/filters/client_channel/config_selector.h +93 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +9 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +6 -5
- data/src/core/ext/filters/client_channel/http_proxy.cc +23 -14
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +44 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +311 -497
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +9 -17
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +117 -41
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +1142 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +10 -7
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +78 -61
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +41 -40
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +22 -24
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +12 -10
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +79 -122
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +199 -163
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +46 -45
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +64 -12
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +19 -17
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +21 -22
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +73 -217
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +45 -27
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +104 -144
- data/src/core/ext/filters/client_channel/service_config.h +28 -98
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +55 -25
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +1200 -246
- data/src/core/ext/filters/client_channel/xds/xds_api.h +130 -44
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +90 -29
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +9 -4
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +839 -431
- data/src/core/ext/filters/client_channel/xds/xds_client.h +84 -33
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +40 -28
- data/src/core/ext/filters/http/client/http_client_filter.cc +28 -33
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +28 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +399 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +31 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +61 -88
- data/src/core/ext/filters/message_size/message_size_filter.h +10 -4
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +386 -350
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +6 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +1 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +7 -13
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +42 -26
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +25 -30
- data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -7
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +27 -21
- data/src/core/ext/transport/chttp2/transport/parsing.cc +33 -43
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +24 -22
- data/src/core/ext/transport/inproc/inproc_transport.cc +54 -15
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -876
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +429 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +198 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +388 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +23 -10
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +352 -310
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +42 -34
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +7 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +79 -61
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +55 -49
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +79 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +48 -27
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +258 -214
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +51 -45
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +107 -100
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +157 -122
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +173 -73
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +88 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +95 -101
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +49 -65
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +53 -38
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +70 -62
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +95 -63
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +91 -80
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +9 -10
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +36 -31
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +68 -46
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +770 -722
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +16 -15
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +95 -88
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +305 -210
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +5 -5
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +22 -16
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +48 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +14 -14
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +23 -23
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +8 -9
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +15 -16
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +7 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +36 -35
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +12 -11
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +421 -389
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +33 -54
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +64 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
- data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
- data/src/core/ext/upb-generated/validate/validate.upb.h +569 -562
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channel_trace.cc +2 -6
- data/src/core/lib/channel/channelz.cc +10 -21
- data/src/core/lib/channel/channelz.h +3 -2
- data/src/core/lib/channel/channelz_registry.cc +5 -3
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/log_linux.cc +6 -8
- data/src/core/lib/gpr/log_posix.cc +6 -8
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +10 -33
- data/src/core/lib/gpr/string.h +4 -18
- data/src/core/lib/gpr/sync_abseil.cc +2 -0
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/global_config_env.cc +8 -6
- data/src/core/lib/gprpp/host_port.cc +29 -35
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/gprpp/sync.h +9 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +15 -13
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +10 -10
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +4 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/error_cfstream.cc +9 -8
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +25 -29
- data/src/core/lib/iomgr/ev_epollex_linux.cc +17 -24
- data/src/core/lib/iomgr/ev_poll_posix.cc +9 -8
- data/src/core/lib/iomgr/ev_posix.cc +4 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr.cc +10 -0
- data/src/core/lib/iomgr/iomgr.h +10 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
- data/src/core/lib/iomgr/port.h +2 -21
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +42 -57
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +16 -25
- data/src/core/lib/iomgr/resource_quota.cc +38 -37
- data/src/core/lib/iomgr/sockaddr_utils.cc +29 -33
- data/src/core/lib/iomgr/sockaddr_utils.h +10 -15
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +102 -81
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/socket_windows.cc +4 -5
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -18
- data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
- data/src/core/lib/iomgr/tcp_client_posix.cc +30 -36
- data/src/core/lib/iomgr/tcp_client_windows.cc +10 -11
- data/src/core/lib/iomgr/tcp_custom.cc +3 -4
- data/src/core/lib/iomgr/tcp_custom.h +1 -1
- data/src/core/lib/iomgr/tcp_server.cc +3 -4
- data/src/core/lib/iomgr/tcp_server.h +7 -5
- data/src/core/lib/iomgr/tcp_server_custom.cc +11 -23
- data/src/core/lib/iomgr/tcp_server_posix.cc +38 -44
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -8
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +10 -18
- data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +15 -15
- data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +32 -36
- data/src/core/lib/iomgr/udp_server.h +5 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
- data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
- data/src/core/lib/json/json.h +3 -2
- data/src/core/lib/json/json_reader.cc +25 -26
- data/src/core/lib/json/json_writer.cc +13 -12
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +13 -62
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +15 -17
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +73 -54
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +19 -6
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +48 -11
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +17 -17
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.cc +2 -0
- data/src/core/lib/security/security_connector/security_connector.h +2 -2
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +38 -36
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +8 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +89 -21
- data/src/core/lib/security/security_connector/ssl_utils.h +18 -12
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +101 -72
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
- data/src/core/lib/security/transport/auth_filters.h +0 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +11 -11
- data/src/core/lib/security/util/json_util.cc +12 -13
- data/src/core/lib/slice/slice.cc +38 -1
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +15 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +42 -44
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +304 -47
- data/src/core/lib/surface/completion_queue.h +8 -0
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init.cc +2 -0
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +971 -837
- data/src/core/lib/surface/server.h +66 -12
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +9 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.cc +8 -15
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +24 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +31 -14
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +34 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl_transport_security.cc +154 -50
- data/src/core/tsi/ssl_transport_security.h +22 -10
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +8 -3
- data/src/ruby/ext/grpc/extconf.rb +5 -2
- data/src/ruby/ext/grpc/rb_call.c +12 -3
- data/src/ruby/ext/grpc/rb_call.h +4 -0
- data/src/ruby/ext/grpc/rb_call_credentials.c +57 -12
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +5 -5
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +7 -1
- data/src/ruby/spec/support/services.rb +10 -4
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/boringssl-with-bazel/err_data.c +335 -297
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +385 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +143 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +25 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +434 -161
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +18 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +104 -122
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +740 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +47 -16
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +249 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1227 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +682 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +57 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +33 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
- data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +6 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +191 -79
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +282 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +791 -715
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +23 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +30 -22
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +21 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +74 -54
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +34 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +44 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +51 -26
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +129 -48
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +55 -22
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
- data/third_party/upb/upb/decode.c +467 -504
- data/third_party/upb/upb/encode.c +163 -121
- data/third_party/upb/upb/msg.c +130 -64
- data/third_party/upb/upb/msg.h +418 -14
- data/third_party/upb/upb/port_def.inc +35 -6
- data/third_party/upb/upb/port_undef.inc +8 -1
- data/third_party/upb/upb/table.c +53 -75
- data/third_party/upb/upb/table.int.h +11 -43
- data/third_party/upb/upb/upb.c +148 -124
- data/third_party/upb/upb/upb.h +65 -147
- data/third_party/upb/upb/upb.hpp +86 -0
- metadata +122 -41
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1908
- data/src/core/lib/gprpp/string_view.h +0 -60
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
- data/third_party/upb/upb/generated_util.h +0 -105
@@ -50,8 +50,8 @@ static const BN_ULONG ONE[P256_LIMBS] = {
|
|
50
50
|
|
51
51
|
// Recode window to a signed digit, see |ec_GFp_nistp_recode_scalar_bits| in
|
52
52
|
// util.c for details
|
53
|
-
static
|
54
|
-
|
53
|
+
static crypto_word_t booth_recode_w5(crypto_word_t in) {
|
54
|
+
crypto_word_t s, d;
|
55
55
|
|
56
56
|
s = ~((in >> 5) - 1);
|
57
57
|
d = (1 << 6) - in - 1;
|
@@ -61,8 +61,8 @@ static unsigned booth_recode_w5(unsigned in) {
|
|
61
61
|
return (d << 1) + (s & 1);
|
62
62
|
}
|
63
63
|
|
64
|
-
static
|
65
|
-
|
64
|
+
static crypto_word_t booth_recode_w7(crypto_word_t in) {
|
65
|
+
crypto_word_t s, d;
|
66
66
|
|
67
67
|
s = ~((in >> 7) - 1);
|
68
68
|
d = (1 << 8) - in - 1;
|
@@ -117,86 +117,73 @@ static BN_ULONG is_not_zero(BN_ULONG in) {
|
|
117
117
|
return in;
|
118
118
|
}
|
119
119
|
|
120
|
-
//
|
121
|
-
// That is, |r| is the modular inverse of |in| for input and output in
|
122
|
-
// Montgomery domain.
|
123
|
-
static void
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
ecp_nistz256_sqr_mont(res, res);
|
188
|
-
ecp_nistz256_sqr_mont(res, res);
|
189
|
-
ecp_nistz256_sqr_mont(res, res);
|
190
|
-
ecp_nistz256_sqr_mont(res, res);
|
191
|
-
ecp_nistz256_mul_mont(res, res, p4);
|
192
|
-
|
193
|
-
ecp_nistz256_sqr_mont(res, res);
|
194
|
-
ecp_nistz256_sqr_mont(res, res);
|
195
|
-
ecp_nistz256_mul_mont(res, res, p2);
|
196
|
-
|
197
|
-
ecp_nistz256_sqr_mont(res, res);
|
198
|
-
ecp_nistz256_sqr_mont(res, res);
|
199
|
-
ecp_nistz256_mul_mont(r, res, in);
|
120
|
+
// ecp_nistz256_mod_inverse_sqr_mont sets |r| to (|in| * 2^-256)^-2 * 2^256 mod
|
121
|
+
// p. That is, |r| is the modular inverse square of |in| for input and output in
|
122
|
+
// the Montgomery domain.
|
123
|
+
static void ecp_nistz256_mod_inverse_sqr_mont(BN_ULONG r[P256_LIMBS],
|
124
|
+
const BN_ULONG in[P256_LIMBS]) {
|
125
|
+
// This implements the addition chain described in
|
126
|
+
// https://briansmith.org/ecc-inversion-addition-chains-01#p256_field_inversion
|
127
|
+
BN_ULONG x2[P256_LIMBS], x3[P256_LIMBS], x6[P256_LIMBS], x12[P256_LIMBS],
|
128
|
+
x15[P256_LIMBS], x30[P256_LIMBS], x32[P256_LIMBS];
|
129
|
+
ecp_nistz256_sqr_mont(x2, in); // 2^2 - 2^1
|
130
|
+
ecp_nistz256_mul_mont(x2, x2, in); // 2^2 - 2^0
|
131
|
+
|
132
|
+
ecp_nistz256_sqr_mont(x3, x2); // 2^3 - 2^1
|
133
|
+
ecp_nistz256_mul_mont(x3, x3, in); // 2^3 - 2^0
|
134
|
+
|
135
|
+
ecp_nistz256_sqr_mont(x6, x3);
|
136
|
+
for (int i = 1; i < 3; i++) {
|
137
|
+
ecp_nistz256_sqr_mont(x6, x6);
|
138
|
+
} // 2^6 - 2^3
|
139
|
+
ecp_nistz256_mul_mont(x6, x6, x3); // 2^6 - 2^0
|
140
|
+
|
141
|
+
ecp_nistz256_sqr_mont(x12, x6);
|
142
|
+
for (int i = 1; i < 6; i++) {
|
143
|
+
ecp_nistz256_sqr_mont(x12, x12);
|
144
|
+
} // 2^12 - 2^6
|
145
|
+
ecp_nistz256_mul_mont(x12, x12, x6); // 2^12 - 2^0
|
146
|
+
|
147
|
+
ecp_nistz256_sqr_mont(x15, x12);
|
148
|
+
for (int i = 1; i < 3; i++) {
|
149
|
+
ecp_nistz256_sqr_mont(x15, x15);
|
150
|
+
} // 2^15 - 2^3
|
151
|
+
ecp_nistz256_mul_mont(x15, x15, x3); // 2^15 - 2^0
|
152
|
+
|
153
|
+
ecp_nistz256_sqr_mont(x30, x15);
|
154
|
+
for (int i = 1; i < 15; i++) {
|
155
|
+
ecp_nistz256_sqr_mont(x30, x30);
|
156
|
+
} // 2^30 - 2^15
|
157
|
+
ecp_nistz256_mul_mont(x30, x30, x15); // 2^30 - 2^0
|
158
|
+
|
159
|
+
ecp_nistz256_sqr_mont(x32, x30);
|
160
|
+
ecp_nistz256_sqr_mont(x32, x32); // 2^32 - 2^2
|
161
|
+
ecp_nistz256_mul_mont(x32, x32, x2); // 2^32 - 2^0
|
162
|
+
|
163
|
+
BN_ULONG ret[P256_LIMBS];
|
164
|
+
ecp_nistz256_sqr_mont(ret, x32);
|
165
|
+
for (int i = 1; i < 31 + 1; i++) {
|
166
|
+
ecp_nistz256_sqr_mont(ret, ret);
|
167
|
+
} // 2^64 - 2^32
|
168
|
+
ecp_nistz256_mul_mont(ret, ret, in); // 2^64 - 2^32 + 2^0
|
169
|
+
|
170
|
+
for (int i = 0; i < 96 + 32; i++) {
|
171
|
+
ecp_nistz256_sqr_mont(ret, ret);
|
172
|
+
} // 2^192 - 2^160 + 2^128
|
173
|
+
ecp_nistz256_mul_mont(ret, ret, x32); // 2^192 - 2^160 + 2^128 + 2^32 - 2^0
|
174
|
+
|
175
|
+
for (int i = 0; i < 32; i++) {
|
176
|
+
ecp_nistz256_sqr_mont(ret, ret);
|
177
|
+
} // 2^224 - 2^192 + 2^160 + 2^64 - 2^32
|
178
|
+
ecp_nistz256_mul_mont(ret, ret, x32); // 2^224 - 2^192 + 2^160 + 2^64 - 2^0
|
179
|
+
|
180
|
+
for (int i = 0; i < 30; i++) {
|
181
|
+
ecp_nistz256_sqr_mont(ret, ret);
|
182
|
+
} // 2^254 - 2^222 + 2^190 + 2^94 - 2^30
|
183
|
+
ecp_nistz256_mul_mont(ret, ret, x30); // 2^254 - 2^222 + 2^190 + 2^94 - 2^0
|
184
|
+
|
185
|
+
ecp_nistz256_sqr_mont(ret, ret);
|
186
|
+
ecp_nistz256_sqr_mont(r, ret); // 2^256 - 2^224 + 2^192 + 2^96 - 2^2
|
200
187
|
}
|
201
188
|
|
202
189
|
// r = p * p_scalar
|
@@ -207,8 +194,8 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
|
|
207
194
|
assert(p_scalar != NULL);
|
208
195
|
assert(group->field.width == P256_LIMBS);
|
209
196
|
|
210
|
-
static const
|
211
|
-
static const
|
197
|
+
static const size_t kWindowSize = 5;
|
198
|
+
static const crypto_word_t kMask = (1 << (5 /* kWindowSize */ + 1)) - 1;
|
212
199
|
|
213
200
|
// A |P256_POINT| is (3 * 32) = 96 bytes, and the 64-byte alignment should
|
214
201
|
// add no more than 63 bytes of overhead. Thus, |table| should require
|
@@ -245,17 +232,17 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
|
|
245
232
|
|
246
233
|
BN_ULONG tmp[P256_LIMBS];
|
247
234
|
alignas(32) P256_POINT h;
|
248
|
-
|
249
|
-
|
235
|
+
size_t index = 255;
|
236
|
+
crypto_word_t wvalue = p_str[(index - 1) / 8];
|
250
237
|
wvalue = (wvalue >> ((index - 1) % 8)) & kMask;
|
251
238
|
|
252
239
|
ecp_nistz256_select_w5(r, table, booth_recode_w5(wvalue) >> 1);
|
253
240
|
|
254
241
|
while (index >= 5) {
|
255
242
|
if (index != 255) {
|
256
|
-
|
243
|
+
size_t off = (index - 1) / 8;
|
257
244
|
|
258
|
-
wvalue = p_str[off] | p_str[off + 1] << 8;
|
245
|
+
wvalue = (crypto_word_t)p_str[off] | (crypto_word_t)p_str[off + 1] << 8;
|
259
246
|
wvalue = (wvalue >> ((index - 1) % 8)) & kMask;
|
260
247
|
|
261
248
|
wvalue = booth_recode_w5(wvalue);
|
@@ -296,21 +283,22 @@ typedef union {
|
|
296
283
|
P256_POINT_AFFINE a;
|
297
284
|
} p256_point_union_t;
|
298
285
|
|
299
|
-
static
|
300
|
-
static const
|
301
|
-
static const
|
286
|
+
static crypto_word_t calc_first_wvalue(size_t *index, const uint8_t p_str[33]) {
|
287
|
+
static const size_t kWindowSize = 7;
|
288
|
+
static const crypto_word_t kMask = (1 << (7 /* kWindowSize */ + 1)) - 1;
|
302
289
|
*index = kWindowSize;
|
303
290
|
|
304
|
-
|
291
|
+
crypto_word_t wvalue = (p_str[0] << 1) & kMask;
|
305
292
|
return booth_recode_w7(wvalue);
|
306
293
|
}
|
307
294
|
|
308
|
-
static
|
309
|
-
static const
|
310
|
-
static const
|
295
|
+
static crypto_word_t calc_wvalue(size_t *index, const uint8_t p_str[33]) {
|
296
|
+
static const size_t kWindowSize = 7;
|
297
|
+
static const crypto_word_t kMask = (1 << (7 /* kWindowSize */ + 1)) - 1;
|
311
298
|
|
312
|
-
const
|
313
|
-
|
299
|
+
const size_t off = (*index - 1) / 8;
|
300
|
+
crypto_word_t wvalue =
|
301
|
+
(crypto_word_t)p_str[off] | (crypto_word_t)p_str[off + 1] << 8;
|
314
302
|
wvalue = (wvalue >> ((*index - 1) % 8)) & kMask;
|
315
303
|
*index += kWindowSize;
|
316
304
|
|
@@ -338,8 +326,8 @@ static void ecp_nistz256_point_mul_base(const EC_GROUP *group, EC_RAW_POINT *r,
|
|
338
326
|
p_str[32] = 0;
|
339
327
|
|
340
328
|
// First window
|
341
|
-
|
342
|
-
|
329
|
+
size_t index = 0;
|
330
|
+
crypto_word_t wvalue = calc_first_wvalue(&index, p_str);
|
343
331
|
|
344
332
|
ecp_nistz256_select_w7(&p.a, ecp_nistz256_precomputed[0], wvalue >> 1);
|
345
333
|
ecp_nistz256_neg(p.p.Z, p.p.Y);
|
@@ -383,8 +371,8 @@ static void ecp_nistz256_points_mul_public(const EC_GROUP *group,
|
|
383
371
|
p_str[32] = 0;
|
384
372
|
|
385
373
|
// First window
|
386
|
-
|
387
|
-
|
374
|
+
size_t index = 0;
|
375
|
+
size_t wvalue = calc_first_wvalue(&index, p_str);
|
388
376
|
|
389
377
|
// Convert |p| from affine to Jacobian coordinates. We set Z to zero if |p|
|
390
378
|
// is infinity and |ONE| otherwise. |p| was computed from the table, so it
|
@@ -440,24 +428,17 @@ static int ecp_nistz256_get_affine(const EC_GROUP *group,
|
|
440
428
|
}
|
441
429
|
|
442
430
|
BN_ULONG z_inv2[P256_LIMBS];
|
443
|
-
BN_ULONG z_inv3[P256_LIMBS];
|
444
431
|
assert(group->field.width == P256_LIMBS);
|
445
|
-
|
446
|
-
ecp_nistz256_sqr_mont(z_inv2, z_inv3);
|
447
|
-
|
448
|
-
// Instead of using |ecp_nistz256_from_mont| to convert the |x| coordinate
|
449
|
-
// and then calling |ecp_nistz256_from_mont| again to convert the |y|
|
450
|
-
// coordinate below, convert the common factor |z_inv2| once now, saving one
|
451
|
-
// reduction.
|
452
|
-
ecp_nistz256_from_mont(z_inv2, z_inv2);
|
432
|
+
ecp_nistz256_mod_inverse_sqr_mont(z_inv2, point->Z.words);
|
453
433
|
|
454
434
|
if (x != NULL) {
|
455
435
|
ecp_nistz256_mul_mont(x->words, z_inv2, point->X.words);
|
456
436
|
}
|
457
437
|
|
458
438
|
if (y != NULL) {
|
459
|
-
|
460
|
-
ecp_nistz256_mul_mont(y->words,
|
439
|
+
ecp_nistz256_sqr_mont(z_inv2, z_inv2); // z^-4
|
440
|
+
ecp_nistz256_mul_mont(y->words, point->Y.words, point->Z.words); // y * z
|
441
|
+
ecp_nistz256_mul_mont(y->words, y->words, z_inv2); // y * z^-3
|
461
442
|
}
|
462
443
|
|
463
444
|
return 1;
|
@@ -490,8 +471,8 @@ static void ecp_nistz256_dbl(const EC_GROUP *group, EC_RAW_POINT *r,
|
|
490
471
|
OPENSSL_memcpy(r->Z.words, a.Z, P256_LIMBS * sizeof(BN_ULONG));
|
491
472
|
}
|
492
473
|
|
493
|
-
static void
|
494
|
-
|
474
|
+
static void ecp_nistz256_inv0_mod_ord(const EC_GROUP *group, EC_SCALAR *out,
|
475
|
+
const EC_SCALAR *in) {
|
495
476
|
// table[i] stores a power of |in| corresponding to the matching enum value.
|
496
477
|
enum {
|
497
478
|
// The following indices specify the power in binary.
|
@@ -571,12 +552,12 @@ static void ecp_nistz256_inv_mod_ord(const EC_GROUP *group, EC_SCALAR *out,
|
|
571
552
|
}
|
572
553
|
}
|
573
554
|
|
574
|
-
static int
|
555
|
+
static int ecp_nistz256_scalar_to_montgomery_inv_vartime(const EC_GROUP *group,
|
575
556
|
EC_SCALAR *out,
|
576
557
|
const EC_SCALAR *in) {
|
577
558
|
if ((OPENSSL_ia32cap_get()[1] & (1 << 28)) == 0) {
|
578
559
|
// No AVX support; fallback to generic code.
|
579
|
-
return
|
560
|
+
return ec_simple_scalar_to_montgomery_inv_vartime(group, out, in);
|
580
561
|
}
|
581
562
|
|
582
563
|
assert(group->order.width == P256_LIMBS);
|
@@ -640,10 +621,11 @@ DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistz256_method) {
|
|
640
621
|
out->mul_public = ecp_nistz256_points_mul_public;
|
641
622
|
out->felem_mul = ec_GFp_mont_felem_mul;
|
642
623
|
out->felem_sqr = ec_GFp_mont_felem_sqr;
|
643
|
-
out->
|
644
|
-
out->
|
645
|
-
out->
|
646
|
-
out->
|
624
|
+
out->felem_to_bytes = ec_GFp_mont_felem_to_bytes;
|
625
|
+
out->felem_from_bytes = ec_GFp_mont_felem_from_bytes;
|
626
|
+
out->scalar_inv0_montgomery = ecp_nistz256_inv0_mod_ord;
|
627
|
+
out->scalar_to_montgomery_inv_vartime =
|
628
|
+
ecp_nistz256_scalar_to_montgomery_inv_vartime;
|
647
629
|
out->cmp_x_coordinate = ecp_nistz256_cmp_x_coordinate;
|
648
630
|
}
|
649
631
|
|
@@ -0,0 +1,740 @@
|
|
1
|
+
/* Copyright (c) 2020, Google Inc.
|
2
|
+
*
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
6
|
+
*
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
|
+
|
15
|
+
// An implementation of the NIST P-256 elliptic curve point multiplication.
|
16
|
+
// 256-bit Montgomery form for 64 and 32-bit. Field operations are generated by
|
17
|
+
// Fiat, which lives in //third_party/fiat.
|
18
|
+
|
19
|
+
#include <openssl/base.h>
|
20
|
+
|
21
|
+
#include <openssl/bn.h>
|
22
|
+
#include <openssl/ec.h>
|
23
|
+
#include <openssl/err.h>
|
24
|
+
#include <openssl/mem.h>
|
25
|
+
#include <openssl/type_check.h>
|
26
|
+
|
27
|
+
#include <assert.h>
|
28
|
+
#include <string.h>
|
29
|
+
|
30
|
+
#include "../../internal.h"
|
31
|
+
#include "../delocate.h"
|
32
|
+
#include "./internal.h"
|
33
|
+
|
34
|
+
|
35
|
+
// MSVC does not implement uint128_t, and crashes with intrinsics
|
36
|
+
#if defined(BORINGSSL_HAS_UINT128)
|
37
|
+
#define BORINGSSL_NISTP256_64BIT 1
|
38
|
+
#include "../../../third_party/fiat/p256_64.h"
|
39
|
+
#else
|
40
|
+
#include "../../../third_party/fiat/p256_32.h"
|
41
|
+
#endif
|
42
|
+
|
43
|
+
|
44
|
+
// utility functions, handwritten
|
45
|
+
|
46
|
+
#if defined(BORINGSSL_NISTP256_64BIT)
|
47
|
+
#define FIAT_P256_NLIMBS 4
|
48
|
+
typedef uint64_t fiat_p256_limb_t;
|
49
|
+
typedef uint64_t fiat_p256_felem[FIAT_P256_NLIMBS];
|
50
|
+
static const fiat_p256_felem fiat_p256_one = {0x1, 0xffffffff00000000,
|
51
|
+
0xffffffffffffffff, 0xfffffffe};
|
52
|
+
#else // 64BIT; else 32BIT
|
53
|
+
#define FIAT_P256_NLIMBS 8
|
54
|
+
typedef uint32_t fiat_p256_limb_t;
|
55
|
+
typedef uint32_t fiat_p256_felem[FIAT_P256_NLIMBS];
|
56
|
+
static const fiat_p256_felem fiat_p256_one = {
|
57
|
+
0x1, 0x0, 0x0, 0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0x0};
|
58
|
+
#endif // 64BIT
|
59
|
+
|
60
|
+
|
61
|
+
static fiat_p256_limb_t fiat_p256_nz(
|
62
|
+
const fiat_p256_limb_t in1[FIAT_P256_NLIMBS]) {
|
63
|
+
fiat_p256_limb_t ret;
|
64
|
+
fiat_p256_nonzero(&ret, in1);
|
65
|
+
return ret;
|
66
|
+
}
|
67
|
+
|
68
|
+
static void fiat_p256_copy(fiat_p256_limb_t out[FIAT_P256_NLIMBS],
|
69
|
+
const fiat_p256_limb_t in1[FIAT_P256_NLIMBS]) {
|
70
|
+
for (size_t i = 0; i < FIAT_P256_NLIMBS; i++) {
|
71
|
+
out[i] = in1[i];
|
72
|
+
}
|
73
|
+
}
|
74
|
+
|
75
|
+
static void fiat_p256_cmovznz(fiat_p256_limb_t out[FIAT_P256_NLIMBS],
|
76
|
+
fiat_p256_limb_t t,
|
77
|
+
const fiat_p256_limb_t z[FIAT_P256_NLIMBS],
|
78
|
+
const fiat_p256_limb_t nz[FIAT_P256_NLIMBS]) {
|
79
|
+
fiat_p256_selectznz(out, !!t, z, nz);
|
80
|
+
}
|
81
|
+
|
82
|
+
static void fiat_p256_from_generic(fiat_p256_felem out, const EC_FELEM *in) {
|
83
|
+
fiat_p256_from_bytes(out, in->bytes);
|
84
|
+
}
|
85
|
+
|
86
|
+
static void fiat_p256_to_generic(EC_FELEM *out, const fiat_p256_felem in) {
|
87
|
+
// This works because 256 is a multiple of 64, so there are no excess bytes to
|
88
|
+
// zero when rounding up to |BN_ULONG|s.
|
89
|
+
OPENSSL_STATIC_ASSERT(
|
90
|
+
256 / 8 == sizeof(BN_ULONG) * ((256 + BN_BITS2 - 1) / BN_BITS2),
|
91
|
+
"fiat_p256_to_bytes leaves bytes uninitialized");
|
92
|
+
fiat_p256_to_bytes(out->bytes, in);
|
93
|
+
}
|
94
|
+
|
95
|
+
// fiat_p256_inv_square calculates |out| = |in|^{-2}
|
96
|
+
//
|
97
|
+
// Based on Fermat's Little Theorem:
|
98
|
+
// a^p = a (mod p)
|
99
|
+
// a^{p-1} = 1 (mod p)
|
100
|
+
// a^{p-3} = a^{-2} (mod p)
|
101
|
+
static void fiat_p256_inv_square(fiat_p256_felem out,
|
102
|
+
const fiat_p256_felem in) {
|
103
|
+
// This implements the addition chain described in
|
104
|
+
// https://briansmith.org/ecc-inversion-addition-chains-01#p256_field_inversion
|
105
|
+
fiat_p256_felem x2, x3, x6, x12, x15, x30, x32;
|
106
|
+
fiat_p256_square(x2, in); // 2^2 - 2^1
|
107
|
+
fiat_p256_mul(x2, x2, in); // 2^2 - 2^0
|
108
|
+
|
109
|
+
fiat_p256_square(x3, x2); // 2^3 - 2^1
|
110
|
+
fiat_p256_mul(x3, x3, in); // 2^3 - 2^0
|
111
|
+
|
112
|
+
fiat_p256_square(x6, x3);
|
113
|
+
for (int i = 1; i < 3; i++) {
|
114
|
+
fiat_p256_square(x6, x6);
|
115
|
+
} // 2^6 - 2^3
|
116
|
+
fiat_p256_mul(x6, x6, x3); // 2^6 - 2^0
|
117
|
+
|
118
|
+
fiat_p256_square(x12, x6);
|
119
|
+
for (int i = 1; i < 6; i++) {
|
120
|
+
fiat_p256_square(x12, x12);
|
121
|
+
} // 2^12 - 2^6
|
122
|
+
fiat_p256_mul(x12, x12, x6); // 2^12 - 2^0
|
123
|
+
|
124
|
+
fiat_p256_square(x15, x12);
|
125
|
+
for (int i = 1; i < 3; i++) {
|
126
|
+
fiat_p256_square(x15, x15);
|
127
|
+
} // 2^15 - 2^3
|
128
|
+
fiat_p256_mul(x15, x15, x3); // 2^15 - 2^0
|
129
|
+
|
130
|
+
fiat_p256_square(x30, x15);
|
131
|
+
for (int i = 1; i < 15; i++) {
|
132
|
+
fiat_p256_square(x30, x30);
|
133
|
+
} // 2^30 - 2^15
|
134
|
+
fiat_p256_mul(x30, x30, x15); // 2^30 - 2^0
|
135
|
+
|
136
|
+
fiat_p256_square(x32, x30);
|
137
|
+
fiat_p256_square(x32, x32); // 2^32 - 2^2
|
138
|
+
fiat_p256_mul(x32, x32, x2); // 2^32 - 2^0
|
139
|
+
|
140
|
+
fiat_p256_felem ret;
|
141
|
+
fiat_p256_square(ret, x32);
|
142
|
+
for (int i = 1; i < 31 + 1; i++) {
|
143
|
+
fiat_p256_square(ret, ret);
|
144
|
+
} // 2^64 - 2^32
|
145
|
+
fiat_p256_mul(ret, ret, in); // 2^64 - 2^32 + 2^0
|
146
|
+
|
147
|
+
for (int i = 0; i < 96 + 32; i++) {
|
148
|
+
fiat_p256_square(ret, ret);
|
149
|
+
} // 2^192 - 2^160 + 2^128
|
150
|
+
fiat_p256_mul(ret, ret, x32); // 2^192 - 2^160 + 2^128 + 2^32 - 2^0
|
151
|
+
|
152
|
+
for (int i = 0; i < 32; i++) {
|
153
|
+
fiat_p256_square(ret, ret);
|
154
|
+
} // 2^224 - 2^192 + 2^160 + 2^64 - 2^32
|
155
|
+
fiat_p256_mul(ret, ret, x32); // 2^224 - 2^192 + 2^160 + 2^64 - 2^0
|
156
|
+
|
157
|
+
for (int i = 0; i < 30; i++) {
|
158
|
+
fiat_p256_square(ret, ret);
|
159
|
+
} // 2^254 - 2^222 + 2^190 + 2^94 - 2^30
|
160
|
+
fiat_p256_mul(ret, ret, x30); // 2^254 - 2^222 + 2^190 + 2^94 - 2^0
|
161
|
+
|
162
|
+
fiat_p256_square(ret, ret);
|
163
|
+
fiat_p256_square(out, ret); // 2^256 - 2^224 + 2^192 + 2^96 - 2^2
|
164
|
+
}
|
165
|
+
|
166
|
+
// Group operations
|
167
|
+
// ----------------
|
168
|
+
//
|
169
|
+
// Building on top of the field operations we have the operations on the
|
170
|
+
// elliptic curve group itself. Points on the curve are represented in Jacobian
|
171
|
+
// coordinates.
|
172
|
+
//
|
173
|
+
// Both operations were transcribed to Coq and proven to correspond to naive
|
174
|
+
// implementations using Affine coordinates, for all suitable fields. In the
|
175
|
+
// Coq proofs, issues of constant-time execution and memory layout (aliasing)
|
176
|
+
// conventions were not considered. Specification of affine coordinates:
|
177
|
+
// <https://github.com/mit-plv/fiat-crypto/blob/79f8b5f39ed609339f0233098dee1a3c4e6b3080/src/Spec/WeierstrassCurve.v#L28>
|
178
|
+
// As a sanity check, a proof that these points form a commutative group:
|
179
|
+
// <https://github.com/mit-plv/fiat-crypto/blob/79f8b5f39ed609339f0233098dee1a3c4e6b3080/src/Curves/Weierstrass/AffineProofs.v#L33>
|
180
|
+
|
181
|
+
// fiat_p256_point_double calculates 2*(x_in, y_in, z_in)
|
182
|
+
//
|
183
|
+
// The method is taken from:
|
184
|
+
// http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
|
185
|
+
//
|
186
|
+
// Coq transcription and correctness proof:
|
187
|
+
// <https://github.com/mit-plv/fiat-crypto/blob/79f8b5f39ed609339f0233098dee1a3c4e6b3080/src/Curves/Weierstrass/Jacobian.v#L93>
|
188
|
+
// <https://github.com/mit-plv/fiat-crypto/blob/79f8b5f39ed609339f0233098dee1a3c4e6b3080/src/Curves/Weierstrass/Jacobian.v#L201>
|
189
|
+
//
|
190
|
+
// Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed.
|
191
|
+
// while x_out == y_in is not (maybe this works, but it's not tested).
|
192
|
+
static void fiat_p256_point_double(fiat_p256_felem x_out, fiat_p256_felem y_out,
|
193
|
+
fiat_p256_felem z_out,
|
194
|
+
const fiat_p256_felem x_in,
|
195
|
+
const fiat_p256_felem y_in,
|
196
|
+
const fiat_p256_felem z_in) {
|
197
|
+
fiat_p256_felem delta, gamma, beta, ftmp, ftmp2, tmptmp, alpha, fourbeta;
|
198
|
+
// delta = z^2
|
199
|
+
fiat_p256_square(delta, z_in);
|
200
|
+
// gamma = y^2
|
201
|
+
fiat_p256_square(gamma, y_in);
|
202
|
+
// beta = x*gamma
|
203
|
+
fiat_p256_mul(beta, x_in, gamma);
|
204
|
+
|
205
|
+
// alpha = 3*(x-delta)*(x+delta)
|
206
|
+
fiat_p256_sub(ftmp, x_in, delta);
|
207
|
+
fiat_p256_add(ftmp2, x_in, delta);
|
208
|
+
|
209
|
+
fiat_p256_add(tmptmp, ftmp2, ftmp2);
|
210
|
+
fiat_p256_add(ftmp2, ftmp2, tmptmp);
|
211
|
+
fiat_p256_mul(alpha, ftmp, ftmp2);
|
212
|
+
|
213
|
+
// x' = alpha^2 - 8*beta
|
214
|
+
fiat_p256_square(x_out, alpha);
|
215
|
+
fiat_p256_add(fourbeta, beta, beta);
|
216
|
+
fiat_p256_add(fourbeta, fourbeta, fourbeta);
|
217
|
+
fiat_p256_add(tmptmp, fourbeta, fourbeta);
|
218
|
+
fiat_p256_sub(x_out, x_out, tmptmp);
|
219
|
+
|
220
|
+
// z' = (y + z)^2 - gamma - delta
|
221
|
+
fiat_p256_add(delta, gamma, delta);
|
222
|
+
fiat_p256_add(ftmp, y_in, z_in);
|
223
|
+
fiat_p256_square(z_out, ftmp);
|
224
|
+
fiat_p256_sub(z_out, z_out, delta);
|
225
|
+
|
226
|
+
// y' = alpha*(4*beta - x') - 8*gamma^2
|
227
|
+
fiat_p256_sub(y_out, fourbeta, x_out);
|
228
|
+
fiat_p256_add(gamma, gamma, gamma);
|
229
|
+
fiat_p256_square(gamma, gamma);
|
230
|
+
fiat_p256_mul(y_out, alpha, y_out);
|
231
|
+
fiat_p256_add(gamma, gamma, gamma);
|
232
|
+
fiat_p256_sub(y_out, y_out, gamma);
|
233
|
+
}
|
234
|
+
|
235
|
+
// fiat_p256_point_add calculates (x1, y1, z1) + (x2, y2, z2)
|
236
|
+
//
|
237
|
+
// The method is taken from:
|
238
|
+
// http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
|
239
|
+
// adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity).
|
240
|
+
//
|
241
|
+
// Coq transcription and correctness proof:
|
242
|
+
// <https://github.com/mit-plv/fiat-crypto/blob/79f8b5f39ed609339f0233098dee1a3c4e6b3080/src/Curves/Weierstrass/Jacobian.v#L135>
|
243
|
+
// <https://github.com/mit-plv/fiat-crypto/blob/79f8b5f39ed609339f0233098dee1a3c4e6b3080/src/Curves/Weierstrass/Jacobian.v#L205>
|
244
|
+
//
|
245
|
+
// This function includes a branch for checking whether the two input points
|
246
|
+
// are equal, (while not equal to the point at infinity). This case never
|
247
|
+
// happens during single point multiplication, so there is no timing leak for
|
248
|
+
// ECDH or ECDSA signing.
|
249
|
+
static void fiat_p256_point_add(fiat_p256_felem x3, fiat_p256_felem y3,
|
250
|
+
fiat_p256_felem z3, const fiat_p256_felem x1,
|
251
|
+
const fiat_p256_felem y1,
|
252
|
+
const fiat_p256_felem z1, const int mixed,
|
253
|
+
const fiat_p256_felem x2,
|
254
|
+
const fiat_p256_felem y2,
|
255
|
+
const fiat_p256_felem z2) {
|
256
|
+
fiat_p256_felem x_out, y_out, z_out;
|
257
|
+
fiat_p256_limb_t z1nz = fiat_p256_nz(z1);
|
258
|
+
fiat_p256_limb_t z2nz = fiat_p256_nz(z2);
|
259
|
+
|
260
|
+
// z1z1 = z1z1 = z1**2
|
261
|
+
fiat_p256_felem z1z1;
|
262
|
+
fiat_p256_square(z1z1, z1);
|
263
|
+
|
264
|
+
fiat_p256_felem u1, s1, two_z1z2;
|
265
|
+
if (!mixed) {
|
266
|
+
// z2z2 = z2**2
|
267
|
+
fiat_p256_felem z2z2;
|
268
|
+
fiat_p256_square(z2z2, z2);
|
269
|
+
|
270
|
+
// u1 = x1*z2z2
|
271
|
+
fiat_p256_mul(u1, x1, z2z2);
|
272
|
+
|
273
|
+
// two_z1z2 = (z1 + z2)**2 - (z1z1 + z2z2) = 2z1z2
|
274
|
+
fiat_p256_add(two_z1z2, z1, z2);
|
275
|
+
fiat_p256_square(two_z1z2, two_z1z2);
|
276
|
+
fiat_p256_sub(two_z1z2, two_z1z2, z1z1);
|
277
|
+
fiat_p256_sub(two_z1z2, two_z1z2, z2z2);
|
278
|
+
|
279
|
+
// s1 = y1 * z2**3
|
280
|
+
fiat_p256_mul(s1, z2, z2z2);
|
281
|
+
fiat_p256_mul(s1, s1, y1);
|
282
|
+
} else {
|
283
|
+
// We'll assume z2 = 1 (special case z2 = 0 is handled later).
|
284
|
+
|
285
|
+
// u1 = x1*z2z2
|
286
|
+
fiat_p256_copy(u1, x1);
|
287
|
+
// two_z1z2 = 2z1z2
|
288
|
+
fiat_p256_add(two_z1z2, z1, z1);
|
289
|
+
// s1 = y1 * z2**3
|
290
|
+
fiat_p256_copy(s1, y1);
|
291
|
+
}
|
292
|
+
|
293
|
+
// u2 = x2*z1z1
|
294
|
+
fiat_p256_felem u2;
|
295
|
+
fiat_p256_mul(u2, x2, z1z1);
|
296
|
+
|
297
|
+
// h = u2 - u1
|
298
|
+
fiat_p256_felem h;
|
299
|
+
fiat_p256_sub(h, u2, u1);
|
300
|
+
|
301
|
+
fiat_p256_limb_t xneq = fiat_p256_nz(h);
|
302
|
+
|
303
|
+
// z_out = two_z1z2 * h
|
304
|
+
fiat_p256_mul(z_out, h, two_z1z2);
|
305
|
+
|
306
|
+
// z1z1z1 = z1 * z1z1
|
307
|
+
fiat_p256_felem z1z1z1;
|
308
|
+
fiat_p256_mul(z1z1z1, z1, z1z1);
|
309
|
+
|
310
|
+
// s2 = y2 * z1**3
|
311
|
+
fiat_p256_felem s2;
|
312
|
+
fiat_p256_mul(s2, y2, z1z1z1);
|
313
|
+
|
314
|
+
// r = (s2 - s1)*2
|
315
|
+
fiat_p256_felem r;
|
316
|
+
fiat_p256_sub(r, s2, s1);
|
317
|
+
fiat_p256_add(r, r, r);
|
318
|
+
|
319
|
+
fiat_p256_limb_t yneq = fiat_p256_nz(r);
|
320
|
+
|
321
|
+
fiat_p256_limb_t is_nontrivial_double = constant_time_is_zero_w(xneq | yneq) &
|
322
|
+
~constant_time_is_zero_w(z1nz) &
|
323
|
+
~constant_time_is_zero_w(z2nz);
|
324
|
+
if (is_nontrivial_double) {
|
325
|
+
fiat_p256_point_double(x3, y3, z3, x1, y1, z1);
|
326
|
+
return;
|
327
|
+
}
|
328
|
+
|
329
|
+
// I = (2h)**2
|
330
|
+
fiat_p256_felem i;
|
331
|
+
fiat_p256_add(i, h, h);
|
332
|
+
fiat_p256_square(i, i);
|
333
|
+
|
334
|
+
// J = h * I
|
335
|
+
fiat_p256_felem j;
|
336
|
+
fiat_p256_mul(j, h, i);
|
337
|
+
|
338
|
+
// V = U1 * I
|
339
|
+
fiat_p256_felem v;
|
340
|
+
fiat_p256_mul(v, u1, i);
|
341
|
+
|
342
|
+
// x_out = r**2 - J - 2V
|
343
|
+
fiat_p256_square(x_out, r);
|
344
|
+
fiat_p256_sub(x_out, x_out, j);
|
345
|
+
fiat_p256_sub(x_out, x_out, v);
|
346
|
+
fiat_p256_sub(x_out, x_out, v);
|
347
|
+
|
348
|
+
// y_out = r(V-x_out) - 2 * s1 * J
|
349
|
+
fiat_p256_sub(y_out, v, x_out);
|
350
|
+
fiat_p256_mul(y_out, y_out, r);
|
351
|
+
fiat_p256_felem s1j;
|
352
|
+
fiat_p256_mul(s1j, s1, j);
|
353
|
+
fiat_p256_sub(y_out, y_out, s1j);
|
354
|
+
fiat_p256_sub(y_out, y_out, s1j);
|
355
|
+
|
356
|
+
fiat_p256_cmovznz(x_out, z1nz, x2, x_out);
|
357
|
+
fiat_p256_cmovznz(x3, z2nz, x1, x_out);
|
358
|
+
fiat_p256_cmovznz(y_out, z1nz, y2, y_out);
|
359
|
+
fiat_p256_cmovznz(y3, z2nz, y1, y_out);
|
360
|
+
fiat_p256_cmovznz(z_out, z1nz, z2, z_out);
|
361
|
+
fiat_p256_cmovznz(z3, z2nz, z1, z_out);
|
362
|
+
}
|
363
|
+
|
364
|
+
#include "./p256_table.h"
|
365
|
+
|
366
|
+
// fiat_p256_select_point_affine selects the |idx-1|th point from a
|
367
|
+
// precomputation table and copies it to out. If |idx| is zero, the output is
|
368
|
+
// the point at infinity.
|
369
|
+
static void fiat_p256_select_point_affine(
|
370
|
+
const fiat_p256_limb_t idx, size_t size,
|
371
|
+
const fiat_p256_felem pre_comp[/*size*/][2], fiat_p256_felem out[3]) {
|
372
|
+
OPENSSL_memset(out, 0, sizeof(fiat_p256_felem) * 3);
|
373
|
+
for (size_t i = 0; i < size; i++) {
|
374
|
+
fiat_p256_limb_t mismatch = i ^ (idx - 1);
|
375
|
+
fiat_p256_cmovznz(out[0], mismatch, pre_comp[i][0], out[0]);
|
376
|
+
fiat_p256_cmovznz(out[1], mismatch, pre_comp[i][1], out[1]);
|
377
|
+
}
|
378
|
+
fiat_p256_cmovznz(out[2], idx, out[2], fiat_p256_one);
|
379
|
+
}
|
380
|
+
|
381
|
+
// fiat_p256_select_point selects the |idx|th point from a precomputation table
|
382
|
+
// and copies it to out.
|
383
|
+
static void fiat_p256_select_point(const fiat_p256_limb_t idx, size_t size,
|
384
|
+
const fiat_p256_felem pre_comp[/*size*/][3],
|
385
|
+
fiat_p256_felem out[3]) {
|
386
|
+
OPENSSL_memset(out, 0, sizeof(fiat_p256_felem) * 3);
|
387
|
+
for (size_t i = 0; i < size; i++) {
|
388
|
+
fiat_p256_limb_t mismatch = i ^ idx;
|
389
|
+
fiat_p256_cmovznz(out[0], mismatch, pre_comp[i][0], out[0]);
|
390
|
+
fiat_p256_cmovznz(out[1], mismatch, pre_comp[i][1], out[1]);
|
391
|
+
fiat_p256_cmovznz(out[2], mismatch, pre_comp[i][2], out[2]);
|
392
|
+
}
|
393
|
+
}
|
394
|
+
|
395
|
+
// fiat_p256_get_bit returns the |i|th bit in |in|
|
396
|
+
static crypto_word_t fiat_p256_get_bit(const uint8_t *in, int i) {
|
397
|
+
if (i < 0 || i >= 256) {
|
398
|
+
return 0;
|
399
|
+
}
|
400
|
+
return (in[i >> 3] >> (i & 7)) & 1;
|
401
|
+
}
|
402
|
+
|
403
|
+
// OPENSSL EC_METHOD FUNCTIONS
|
404
|
+
|
405
|
+
// Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') =
|
406
|
+
// (X/Z^2, Y/Z^3).
|
407
|
+
static int ec_GFp_nistp256_point_get_affine_coordinates(
|
408
|
+
const EC_GROUP *group, const EC_RAW_POINT *point, EC_FELEM *x_out,
|
409
|
+
EC_FELEM *y_out) {
|
410
|
+
if (ec_GFp_simple_is_at_infinity(group, point)) {
|
411
|
+
OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
|
412
|
+
return 0;
|
413
|
+
}
|
414
|
+
|
415
|
+
fiat_p256_felem z1, z2;
|
416
|
+
fiat_p256_from_generic(z1, &point->Z);
|
417
|
+
fiat_p256_inv_square(z2, z1);
|
418
|
+
|
419
|
+
if (x_out != NULL) {
|
420
|
+
fiat_p256_felem x;
|
421
|
+
fiat_p256_from_generic(x, &point->X);
|
422
|
+
fiat_p256_mul(x, x, z2);
|
423
|
+
fiat_p256_to_generic(x_out, x);
|
424
|
+
}
|
425
|
+
|
426
|
+
if (y_out != NULL) {
|
427
|
+
fiat_p256_felem y;
|
428
|
+
fiat_p256_from_generic(y, &point->Y);
|
429
|
+
fiat_p256_square(z2, z2); // z^-4
|
430
|
+
fiat_p256_mul(y, y, z1); // y * z
|
431
|
+
fiat_p256_mul(y, y, z2); // y * z^-3
|
432
|
+
fiat_p256_to_generic(y_out, y);
|
433
|
+
}
|
434
|
+
|
435
|
+
return 1;
|
436
|
+
}
|
437
|
+
|
438
|
+
static void ec_GFp_nistp256_add(const EC_GROUP *group, EC_RAW_POINT *r,
|
439
|
+
const EC_RAW_POINT *a, const EC_RAW_POINT *b) {
|
440
|
+
fiat_p256_felem x1, y1, z1, x2, y2, z2;
|
441
|
+
fiat_p256_from_generic(x1, &a->X);
|
442
|
+
fiat_p256_from_generic(y1, &a->Y);
|
443
|
+
fiat_p256_from_generic(z1, &a->Z);
|
444
|
+
fiat_p256_from_generic(x2, &b->X);
|
445
|
+
fiat_p256_from_generic(y2, &b->Y);
|
446
|
+
fiat_p256_from_generic(z2, &b->Z);
|
447
|
+
fiat_p256_point_add(x1, y1, z1, x1, y1, z1, 0 /* both Jacobian */, x2, y2,
|
448
|
+
z2);
|
449
|
+
fiat_p256_to_generic(&r->X, x1);
|
450
|
+
fiat_p256_to_generic(&r->Y, y1);
|
451
|
+
fiat_p256_to_generic(&r->Z, z1);
|
452
|
+
}
|
453
|
+
|
454
|
+
static void ec_GFp_nistp256_dbl(const EC_GROUP *group, EC_RAW_POINT *r,
|
455
|
+
const EC_RAW_POINT *a) {
|
456
|
+
fiat_p256_felem x, y, z;
|
457
|
+
fiat_p256_from_generic(x, &a->X);
|
458
|
+
fiat_p256_from_generic(y, &a->Y);
|
459
|
+
fiat_p256_from_generic(z, &a->Z);
|
460
|
+
fiat_p256_point_double(x, y, z, x, y, z);
|
461
|
+
fiat_p256_to_generic(&r->X, x);
|
462
|
+
fiat_p256_to_generic(&r->Y, y);
|
463
|
+
fiat_p256_to_generic(&r->Z, z);
|
464
|
+
}
|
465
|
+
|
466
|
+
static void ec_GFp_nistp256_point_mul(const EC_GROUP *group, EC_RAW_POINT *r,
|
467
|
+
const EC_RAW_POINT *p,
|
468
|
+
const EC_SCALAR *scalar) {
|
469
|
+
fiat_p256_felem p_pre_comp[17][3];
|
470
|
+
OPENSSL_memset(&p_pre_comp, 0, sizeof(p_pre_comp));
|
471
|
+
// Precompute multiples.
|
472
|
+
fiat_p256_from_generic(p_pre_comp[1][0], &p->X);
|
473
|
+
fiat_p256_from_generic(p_pre_comp[1][1], &p->Y);
|
474
|
+
fiat_p256_from_generic(p_pre_comp[1][2], &p->Z);
|
475
|
+
for (size_t j = 2; j <= 16; ++j) {
|
476
|
+
if (j & 1) {
|
477
|
+
fiat_p256_point_add(p_pre_comp[j][0], p_pre_comp[j][1], p_pre_comp[j][2],
|
478
|
+
p_pre_comp[1][0], p_pre_comp[1][1], p_pre_comp[1][2],
|
479
|
+
0, p_pre_comp[j - 1][0], p_pre_comp[j - 1][1],
|
480
|
+
p_pre_comp[j - 1][2]);
|
481
|
+
} else {
|
482
|
+
fiat_p256_point_double(p_pre_comp[j][0], p_pre_comp[j][1],
|
483
|
+
p_pre_comp[j][2], p_pre_comp[j / 2][0],
|
484
|
+
p_pre_comp[j / 2][1], p_pre_comp[j / 2][2]);
|
485
|
+
}
|
486
|
+
}
|
487
|
+
|
488
|
+
// Set nq to the point at infinity.
|
489
|
+
fiat_p256_felem nq[3] = {{0}, {0}, {0}}, ftmp, tmp[3];
|
490
|
+
|
491
|
+
// Loop over |scalar| msb-to-lsb, incorporating |p_pre_comp| every 5th round.
|
492
|
+
int skip = 1; // Save two point operations in the first round.
|
493
|
+
for (size_t i = 255; i < 256; i--) {
|
494
|
+
// double
|
495
|
+
if (!skip) {
|
496
|
+
fiat_p256_point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
|
497
|
+
}
|
498
|
+
|
499
|
+
// do other additions every 5 doublings
|
500
|
+
if (i % 5 == 0) {
|
501
|
+
crypto_word_t bits = fiat_p256_get_bit(scalar->bytes, i + 4) << 5;
|
502
|
+
bits |= fiat_p256_get_bit(scalar->bytes, i + 3) << 4;
|
503
|
+
bits |= fiat_p256_get_bit(scalar->bytes, i + 2) << 3;
|
504
|
+
bits |= fiat_p256_get_bit(scalar->bytes, i + 1) << 2;
|
505
|
+
bits |= fiat_p256_get_bit(scalar->bytes, i) << 1;
|
506
|
+
bits |= fiat_p256_get_bit(scalar->bytes, i - 1);
|
507
|
+
crypto_word_t sign, digit;
|
508
|
+
ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);
|
509
|
+
|
510
|
+
// select the point to add or subtract, in constant time.
|
511
|
+
fiat_p256_select_point((fiat_p256_limb_t)digit, 17,
|
512
|
+
(const fiat_p256_felem(*)[3])p_pre_comp, tmp);
|
513
|
+
fiat_p256_opp(ftmp, tmp[1]); // (X, -Y, Z) is the negative point.
|
514
|
+
fiat_p256_cmovznz(tmp[1], (fiat_p256_limb_t)sign, tmp[1], ftmp);
|
515
|
+
|
516
|
+
if (!skip) {
|
517
|
+
fiat_p256_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2],
|
518
|
+
0 /* mixed */, tmp[0], tmp[1], tmp[2]);
|
519
|
+
} else {
|
520
|
+
fiat_p256_copy(nq[0], tmp[0]);
|
521
|
+
fiat_p256_copy(nq[1], tmp[1]);
|
522
|
+
fiat_p256_copy(nq[2], tmp[2]);
|
523
|
+
skip = 0;
|
524
|
+
}
|
525
|
+
}
|
526
|
+
}
|
527
|
+
|
528
|
+
fiat_p256_to_generic(&r->X, nq[0]);
|
529
|
+
fiat_p256_to_generic(&r->Y, nq[1]);
|
530
|
+
fiat_p256_to_generic(&r->Z, nq[2]);
|
531
|
+
}
|
532
|
+
|
533
|
+
static void ec_GFp_nistp256_point_mul_base(const EC_GROUP *group,
|
534
|
+
EC_RAW_POINT *r,
|
535
|
+
const EC_SCALAR *scalar) {
|
536
|
+
// Set nq to the point at infinity.
|
537
|
+
fiat_p256_felem nq[3] = {{0}, {0}, {0}}, tmp[3];
|
538
|
+
|
539
|
+
int skip = 1; // Save two point operations in the first round.
|
540
|
+
for (size_t i = 31; i < 32; i--) {
|
541
|
+
if (!skip) {
|
542
|
+
fiat_p256_point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
|
543
|
+
}
|
544
|
+
|
545
|
+
// First, look 32 bits upwards.
|
546
|
+
crypto_word_t bits = fiat_p256_get_bit(scalar->bytes, i + 224) << 3;
|
547
|
+
bits |= fiat_p256_get_bit(scalar->bytes, i + 160) << 2;
|
548
|
+
bits |= fiat_p256_get_bit(scalar->bytes, i + 96) << 1;
|
549
|
+
bits |= fiat_p256_get_bit(scalar->bytes, i + 32);
|
550
|
+
// Select the point to add, in constant time.
|
551
|
+
fiat_p256_select_point_affine((fiat_p256_limb_t)bits, 15,
|
552
|
+
fiat_p256_g_pre_comp[1], tmp);
|
553
|
+
|
554
|
+
if (!skip) {
|
555
|
+
fiat_p256_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2],
|
556
|
+
1 /* mixed */, tmp[0], tmp[1], tmp[2]);
|
557
|
+
} else {
|
558
|
+
fiat_p256_copy(nq[0], tmp[0]);
|
559
|
+
fiat_p256_copy(nq[1], tmp[1]);
|
560
|
+
fiat_p256_copy(nq[2], tmp[2]);
|
561
|
+
skip = 0;
|
562
|
+
}
|
563
|
+
|
564
|
+
// Second, look at the current position.
|
565
|
+
bits = fiat_p256_get_bit(scalar->bytes, i + 192) << 3;
|
566
|
+
bits |= fiat_p256_get_bit(scalar->bytes, i + 128) << 2;
|
567
|
+
bits |= fiat_p256_get_bit(scalar->bytes, i + 64) << 1;
|
568
|
+
bits |= fiat_p256_get_bit(scalar->bytes, i);
|
569
|
+
// Select the point to add, in constant time.
|
570
|
+
fiat_p256_select_point_affine((fiat_p256_limb_t)bits, 15,
|
571
|
+
fiat_p256_g_pre_comp[0], tmp);
|
572
|
+
fiat_p256_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */,
|
573
|
+
tmp[0], tmp[1], tmp[2]);
|
574
|
+
}
|
575
|
+
|
576
|
+
fiat_p256_to_generic(&r->X, nq[0]);
|
577
|
+
fiat_p256_to_generic(&r->Y, nq[1]);
|
578
|
+
fiat_p256_to_generic(&r->Z, nq[2]);
|
579
|
+
}
|
580
|
+
|
581
|
+
static void ec_GFp_nistp256_point_mul_public(const EC_GROUP *group,
|
582
|
+
EC_RAW_POINT *r,
|
583
|
+
const EC_SCALAR *g_scalar,
|
584
|
+
const EC_RAW_POINT *p,
|
585
|
+
const EC_SCALAR *p_scalar) {
|
586
|
+
#define P256_WSIZE_PUBLIC 4
|
587
|
+
// Precompute multiples of |p|. p_pre_comp[i] is (2*i+1) * |p|.
|
588
|
+
fiat_p256_felem p_pre_comp[1 << (P256_WSIZE_PUBLIC - 1)][3];
|
589
|
+
fiat_p256_from_generic(p_pre_comp[0][0], &p->X);
|
590
|
+
fiat_p256_from_generic(p_pre_comp[0][1], &p->Y);
|
591
|
+
fiat_p256_from_generic(p_pre_comp[0][2], &p->Z);
|
592
|
+
fiat_p256_felem p2[3];
|
593
|
+
fiat_p256_point_double(p2[0], p2[1], p2[2], p_pre_comp[0][0],
|
594
|
+
p_pre_comp[0][1], p_pre_comp[0][2]);
|
595
|
+
for (size_t i = 1; i < OPENSSL_ARRAY_SIZE(p_pre_comp); i++) {
|
596
|
+
fiat_p256_point_add(p_pre_comp[i][0], p_pre_comp[i][1], p_pre_comp[i][2],
|
597
|
+
p_pre_comp[i - 1][0], p_pre_comp[i - 1][1],
|
598
|
+
p_pre_comp[i - 1][2], 0 /* not mixed */, p2[0], p2[1],
|
599
|
+
p2[2]);
|
600
|
+
}
|
601
|
+
|
602
|
+
// Set up the coefficients for |p_scalar|.
|
603
|
+
int8_t p_wNAF[257];
|
604
|
+
ec_compute_wNAF(group, p_wNAF, p_scalar, 256, P256_WSIZE_PUBLIC);
|
605
|
+
|
606
|
+
// Set |ret| to the point at infinity.
|
607
|
+
int skip = 1; // Save some point operations.
|
608
|
+
fiat_p256_felem ret[3] = {{0}, {0}, {0}};
|
609
|
+
for (int i = 256; i >= 0; i--) {
|
610
|
+
if (!skip) {
|
611
|
+
fiat_p256_point_double(ret[0], ret[1], ret[2], ret[0], ret[1], ret[2]);
|
612
|
+
}
|
613
|
+
|
614
|
+
// For the |g_scalar|, we use the precomputed table without the
|
615
|
+
// constant-time lookup.
|
616
|
+
if (i <= 31) {
|
617
|
+
// First, look 32 bits upwards.
|
618
|
+
crypto_word_t bits = fiat_p256_get_bit(g_scalar->bytes, i + 224) << 3;
|
619
|
+
bits |= fiat_p256_get_bit(g_scalar->bytes, i + 160) << 2;
|
620
|
+
bits |= fiat_p256_get_bit(g_scalar->bytes, i + 96) << 1;
|
621
|
+
bits |= fiat_p256_get_bit(g_scalar->bytes, i + 32);
|
622
|
+
if (bits != 0) {
|
623
|
+
size_t index = (size_t)(bits - 1);
|
624
|
+
fiat_p256_point_add(ret[0], ret[1], ret[2], ret[0], ret[1], ret[2],
|
625
|
+
1 /* mixed */, fiat_p256_g_pre_comp[1][index][0],
|
626
|
+
fiat_p256_g_pre_comp[1][index][1],
|
627
|
+
fiat_p256_one);
|
628
|
+
skip = 0;
|
629
|
+
}
|
630
|
+
|
631
|
+
// Second, look at the current position.
|
632
|
+
bits = fiat_p256_get_bit(g_scalar->bytes, i + 192) << 3;
|
633
|
+
bits |= fiat_p256_get_bit(g_scalar->bytes, i + 128) << 2;
|
634
|
+
bits |= fiat_p256_get_bit(g_scalar->bytes, i + 64) << 1;
|
635
|
+
bits |= fiat_p256_get_bit(g_scalar->bytes, i);
|
636
|
+
if (bits != 0) {
|
637
|
+
size_t index = (size_t)(bits - 1);
|
638
|
+
fiat_p256_point_add(ret[0], ret[1], ret[2], ret[0], ret[1], ret[2],
|
639
|
+
1 /* mixed */, fiat_p256_g_pre_comp[0][index][0],
|
640
|
+
fiat_p256_g_pre_comp[0][index][1],
|
641
|
+
fiat_p256_one);
|
642
|
+
skip = 0;
|
643
|
+
}
|
644
|
+
}
|
645
|
+
|
646
|
+
int digit = p_wNAF[i];
|
647
|
+
if (digit != 0) {
|
648
|
+
assert(digit & 1);
|
649
|
+
size_t idx = (size_t)(digit < 0 ? (-digit) >> 1 : digit >> 1);
|
650
|
+
fiat_p256_felem *y = &p_pre_comp[idx][1], tmp;
|
651
|
+
if (digit < 0) {
|
652
|
+
fiat_p256_opp(tmp, p_pre_comp[idx][1]);
|
653
|
+
y = &tmp;
|
654
|
+
}
|
655
|
+
if (!skip) {
|
656
|
+
fiat_p256_point_add(ret[0], ret[1], ret[2], ret[0], ret[1], ret[2],
|
657
|
+
0 /* not mixed */, p_pre_comp[idx][0], *y,
|
658
|
+
p_pre_comp[idx][2]);
|
659
|
+
} else {
|
660
|
+
fiat_p256_copy(ret[0], p_pre_comp[idx][0]);
|
661
|
+
fiat_p256_copy(ret[1], *y);
|
662
|
+
fiat_p256_copy(ret[2], p_pre_comp[idx][2]);
|
663
|
+
skip = 0;
|
664
|
+
}
|
665
|
+
}
|
666
|
+
}
|
667
|
+
|
668
|
+
fiat_p256_to_generic(&r->X, ret[0]);
|
669
|
+
fiat_p256_to_generic(&r->Y, ret[1]);
|
670
|
+
fiat_p256_to_generic(&r->Z, ret[2]);
|
671
|
+
}
|
672
|
+
|
673
|
+
static int ec_GFp_nistp256_cmp_x_coordinate(const EC_GROUP *group,
|
674
|
+
const EC_RAW_POINT *p,
|
675
|
+
const EC_SCALAR *r) {
|
676
|
+
if (ec_GFp_simple_is_at_infinity(group, p)) {
|
677
|
+
return 0;
|
678
|
+
}
|
679
|
+
|
680
|
+
// We wish to compare X/Z^2 with r. This is equivalent to comparing X with
|
681
|
+
// r*Z^2. Note that X and Z are represented in Montgomery form, while r is
|
682
|
+
// not.
|
683
|
+
fiat_p256_felem Z2_mont;
|
684
|
+
fiat_p256_from_generic(Z2_mont, &p->Z);
|
685
|
+
fiat_p256_mul(Z2_mont, Z2_mont, Z2_mont);
|
686
|
+
|
687
|
+
fiat_p256_felem r_Z2;
|
688
|
+
fiat_p256_from_bytes(r_Z2, r->bytes); // r < order < p, so this is valid.
|
689
|
+
fiat_p256_mul(r_Z2, r_Z2, Z2_mont);
|
690
|
+
|
691
|
+
fiat_p256_felem X;
|
692
|
+
fiat_p256_from_generic(X, &p->X);
|
693
|
+
fiat_p256_from_montgomery(X, X);
|
694
|
+
|
695
|
+
if (OPENSSL_memcmp(&r_Z2, &X, sizeof(r_Z2)) == 0) {
|
696
|
+
return 1;
|
697
|
+
}
|
698
|
+
|
699
|
+
// During signing the x coefficient is reduced modulo the group order.
|
700
|
+
// Therefore there is a small possibility, less than 1/2^128, that group_order
|
701
|
+
// < p.x < P. in that case we need not only to compare against |r| but also to
|
702
|
+
// compare against r+group_order.
|
703
|
+
assert(group->field.width == group->order.width);
|
704
|
+
if (bn_less_than_words(r->words, group->field_minus_order.words,
|
705
|
+
group->field.width)) {
|
706
|
+
// We can ignore the carry because: r + group_order < p < 2^256.
|
707
|
+
EC_FELEM tmp;
|
708
|
+
bn_add_words(tmp.words, r->words, group->order.d, group->order.width);
|
709
|
+
fiat_p256_from_generic(r_Z2, &tmp);
|
710
|
+
fiat_p256_mul(r_Z2, r_Z2, Z2_mont);
|
711
|
+
if (OPENSSL_memcmp(&r_Z2, &X, sizeof(r_Z2)) == 0) {
|
712
|
+
return 1;
|
713
|
+
}
|
714
|
+
}
|
715
|
+
|
716
|
+
return 0;
|
717
|
+
}
|
718
|
+
|
719
|
+
DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistp256_method) {
|
720
|
+
out->group_init = ec_GFp_mont_group_init;
|
721
|
+
out->group_finish = ec_GFp_mont_group_finish;
|
722
|
+
out->group_set_curve = ec_GFp_mont_group_set_curve;
|
723
|
+
out->point_get_affine_coordinates =
|
724
|
+
ec_GFp_nistp256_point_get_affine_coordinates;
|
725
|
+
out->add = ec_GFp_nistp256_add;
|
726
|
+
out->dbl = ec_GFp_nistp256_dbl;
|
727
|
+
out->mul = ec_GFp_nistp256_point_mul;
|
728
|
+
out->mul_base = ec_GFp_nistp256_point_mul_base;
|
729
|
+
out->mul_public = ec_GFp_nistp256_point_mul_public;
|
730
|
+
out->felem_mul = ec_GFp_mont_felem_mul;
|
731
|
+
out->felem_sqr = ec_GFp_mont_felem_sqr;
|
732
|
+
out->felem_to_bytes = ec_GFp_mont_felem_to_bytes;
|
733
|
+
out->felem_from_bytes = ec_GFp_mont_felem_from_bytes;
|
734
|
+
out->scalar_inv0_montgomery = ec_simple_scalar_inv0_montgomery;
|
735
|
+
out->scalar_to_montgomery_inv_vartime =
|
736
|
+
ec_simple_scalar_to_montgomery_inv_vartime;
|
737
|
+
out->cmp_x_coordinate = ec_GFp_nistp256_cmp_x_coordinate;
|
738
|
+
}
|
739
|
+
|
740
|
+
#undef BORINGSSL_NISTP256_64BIT
|