grpc 1.30.2 → 1.31.0.pre1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (317) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +560 -619
  3. data/include/grpc/grpc_security_constants.h +3 -0
  4. data/include/grpc/impl/codegen/grpc_types.h +7 -5
  5. data/include/grpc/impl/codegen/port_platform.h +0 -32
  6. data/src/core/ext/filters/client_channel/backend_metric.cc +12 -9
  7. data/src/core/ext/filters/client_channel/client_channel.cc +406 -265
  8. data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
  9. data/src/core/ext/filters/client_channel/config_selector.h +93 -0
  10. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
  11. data/src/core/ext/filters/client_channel/health/health_check_client.cc +2 -0
  12. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +6 -5
  13. data/src/core/ext/filters/client_channel/http_proxy.cc +6 -4
  14. data/src/core/ext/filters/client_channel/lb_policy.h +2 -0
  15. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +39 -23
  16. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +4 -6
  17. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +376 -68
  18. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -5
  19. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +5 -2
  20. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +6 -5
  21. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +8 -6
  22. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +9 -7
  23. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +7 -5
  24. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +33 -48
  25. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +6 -2
  26. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +21 -18
  27. data/src/core/ext/filters/client_channel/resolver_registry.cc +13 -14
  28. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +6 -7
  29. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +33 -28
  30. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +39 -20
  31. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
  32. data/src/core/ext/filters/client_channel/subchannel.cc +1 -1
  33. data/src/core/ext/filters/client_channel/xds/xds_api.cc +327 -123
  34. data/src/core/ext/filters/client_channel/xds/xds_api.h +72 -7
  35. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +12 -23
  36. data/src/core/ext/filters/client_channel/xds/xds_client.cc +112 -33
  37. data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +10 -10
  38. data/src/core/ext/filters/http/client/http_client_filter.cc +5 -5
  39. data/src/core/ext/filters/http/http_filters_plugin.cc +2 -1
  40. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +74 -33
  41. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +3 -1
  42. data/src/core/ext/filters/message_size/message_size_filter.cc +56 -80
  43. data/src/core/ext/filters/message_size/message_size_filter.h +6 -0
  44. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +383 -347
  45. data/src/core/ext/transport/chttp2/server/chttp2_server.h +6 -2
  46. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +1 -1
  47. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +7 -13
  48. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +7 -8
  49. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +19 -4
  50. data/src/core/ext/transport/chttp2/transport/flow_control.cc +22 -27
  51. data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
  52. data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
  53. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
  54. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
  55. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
  56. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -7
  57. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
  58. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
  59. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
  60. data/src/core/ext/transport/chttp2/transport/internal.h +13 -0
  61. data/src/core/ext/transport/chttp2/transport/parsing.cc +33 -43
  62. data/src/core/ext/transport/chttp2/transport/writing.cc +9 -14
  63. data/src/core/ext/transport/inproc/inproc_transport.cc +35 -15
  64. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
  65. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
  66. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +0 -1
  67. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +80 -69
  68. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +24 -23
  69. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +66 -56
  70. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +1 -2
  71. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +2 -2
  72. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +317 -311
  73. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +42 -34
  74. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +7 -7
  75. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +79 -61
  76. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +55 -49
  77. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +9 -8
  78. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +1 -1
  79. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +163 -169
  80. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +51 -45
  81. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +4 -5
  82. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +107 -100
  83. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +137 -117
  84. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +9 -9
  85. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +105 -87
  86. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +12 -13
  87. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -1
  88. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +95 -101
  89. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +1 -2
  90. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +1 -1
  91. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +49 -65
  92. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -1
  93. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +49 -42
  94. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +70 -62
  95. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +1 -2
  96. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +81 -65
  97. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -1
  98. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +1 -1
  99. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +91 -80
  100. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +9 -10
  101. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +1 -2
  102. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +36 -31
  103. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -1
  104. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +7 -7
  105. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +648 -696
  106. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +16 -15
  107. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +1 -2
  108. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +1 -1
  109. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +95 -88
  110. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +234 -199
  111. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +5 -5
  112. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +13 -13
  113. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +1 -2
  114. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +20 -18
  115. data/src/core/ext/upb-generated/envoy/type/http.upb.h +0 -1
  116. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +18 -17
  117. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +14 -14
  118. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +23 -23
  119. data/src/core/ext/upb-generated/envoy/type/percent.upb.h +8 -9
  120. data/src/core/ext/upb-generated/envoy/type/range.upb.h +15 -16
  121. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +7 -8
  122. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +36 -35
  123. data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
  124. data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
  125. data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
  126. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
  127. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +3 -3
  128. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +412 -386
  129. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
  130. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
  131. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
  132. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +33 -54
  133. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
  134. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
  135. data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
  136. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
  137. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
  138. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
  139. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
  140. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
  141. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
  142. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
  143. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
  144. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
  145. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +5 -6
  146. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
  147. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
  148. data/src/core/ext/upb-generated/validate/validate.upb.h +536 -535
  149. data/src/core/lib/channel/channel_trace.cc +2 -6
  150. data/src/core/lib/channel/channelz.cc +5 -15
  151. data/src/core/lib/gpr/log_linux.cc +6 -8
  152. data/src/core/lib/gpr/log_posix.cc +6 -8
  153. data/src/core/lib/gpr/string.cc +10 -9
  154. data/src/core/lib/gpr/string.h +4 -2
  155. data/src/core/lib/gprpp/global_config_env.cc +8 -6
  156. data/src/core/lib/http/httpcli.cc +13 -10
  157. data/src/core/lib/http/httpcli_security_connector.cc +5 -5
  158. data/src/core/lib/iomgr/cfstream_handle.cc +1 -0
  159. data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
  160. data/src/core/lib/iomgr/error_cfstream.cc +9 -8
  161. data/src/core/lib/iomgr/ev_epoll1_linux.cc +5 -6
  162. data/src/core/lib/iomgr/ev_epollex_linux.cc +15 -21
  163. data/src/core/lib/iomgr/ev_poll_posix.cc +6 -5
  164. data/src/core/lib/iomgr/ev_posix.cc +2 -0
  165. data/src/core/lib/iomgr/iomgr.cc +10 -0
  166. data/src/core/lib/iomgr/iomgr.h +10 -0
  167. data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
  168. data/src/core/lib/iomgr/port.h +1 -21
  169. data/src/core/lib/iomgr/resolve_address_custom.cc +13 -18
  170. data/src/core/lib/iomgr/resolve_address_windows.cc +8 -8
  171. data/src/core/lib/iomgr/resource_quota.cc +34 -31
  172. data/src/core/lib/iomgr/sockaddr_utils.cc +7 -5
  173. data/src/core/lib/iomgr/sockaddr_utils.h +1 -1
  174. data/src/core/lib/iomgr/socket_utils_common_posix.cc +95 -55
  175. data/src/core/lib/iomgr/socket_windows.cc +4 -5
  176. data/src/core/lib/iomgr/tcp_client_cfstream.cc +9 -11
  177. data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
  178. data/src/core/lib/iomgr/tcp_client_posix.cc +27 -36
  179. data/src/core/lib/iomgr/tcp_client_windows.cc +9 -9
  180. data/src/core/lib/iomgr/tcp_custom.cc +1 -1
  181. data/src/core/lib/iomgr/tcp_custom.h +1 -1
  182. data/src/core/lib/iomgr/tcp_server.cc +3 -4
  183. data/src/core/lib/iomgr/tcp_server.h +7 -5
  184. data/src/core/lib/iomgr/tcp_server_custom.cc +6 -14
  185. data/src/core/lib/iomgr/tcp_server_posix.cc +34 -41
  186. data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
  187. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -7
  188. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +4 -9
  189. data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
  190. data/src/core/lib/iomgr/timer_generic.cc +13 -12
  191. data/src/core/lib/iomgr/udp_server.cc +24 -23
  192. data/src/core/lib/iomgr/udp_server.h +5 -2
  193. data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
  194. data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
  195. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
  196. data/src/core/lib/json/json_reader.cc +20 -21
  197. data/src/core/lib/security/credentials/credentials.h +5 -3
  198. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
  199. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +12 -9
  200. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
  201. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +19 -28
  202. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +6 -6
  203. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
  204. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
  205. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +10 -0
  206. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +10 -10
  207. data/src/core/lib/security/security_connector/security_connector.cc +2 -0
  208. data/src/core/lib/security/security_connector/security_connector.h +1 -1
  209. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +18 -11
  210. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +5 -0
  211. data/src/core/lib/security/security_connector/ssl_utils.cc +44 -23
  212. data/src/core/lib/security/security_connector/ssl_utils.h +6 -2
  213. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +27 -24
  214. data/src/core/lib/security/transport/client_auth_filter.cc +10 -9
  215. data/src/core/lib/security/util/json_util.cc +12 -13
  216. data/src/core/lib/slice/slice.cc +38 -1
  217. data/src/core/lib/slice/slice_internal.h +1 -0
  218. data/src/core/lib/surface/call.cc +40 -41
  219. data/src/core/lib/surface/completion_queue.cc +271 -14
  220. data/src/core/lib/surface/completion_queue.h +8 -0
  221. data/src/core/lib/surface/init.cc +2 -0
  222. data/src/core/lib/surface/server.cc +565 -632
  223. data/src/core/lib/surface/server.h +34 -12
  224. data/src/core/lib/surface/version.cc +2 -2
  225. data/src/core/lib/transport/transport.h +6 -0
  226. data/src/core/lib/uri/uri_parser.cc +8 -15
  227. data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -0
  228. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +23 -13
  229. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +2 -0
  230. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
  231. data/src/core/tsi/ssl_transport_security.cc +102 -11
  232. data/src/core/tsi/ssl_transport_security.h +14 -2
  233. data/src/core/tsi/transport_security_interface.h +5 -0
  234. data/src/ruby/ext/grpc/extconf.rb +5 -2
  235. data/src/ruby/ext/grpc/rb_call.c +3 -2
  236. data/src/ruby/ext/grpc/rb_call.h +4 -0
  237. data/src/ruby/ext/grpc/rb_call_credentials.c +54 -10
  238. data/src/ruby/lib/grpc/generic/interceptors.rb +1 -1
  239. data/src/ruby/lib/grpc/version.rb +1 -1
  240. data/third_party/boringssl-with-bazel/err_data.c +89 -83
  241. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
  242. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
  243. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
  244. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
  245. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
  246. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
  247. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
  248. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
  249. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
  250. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
  251. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
  252. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
  253. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +12 -52
  254. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +0 -22
  255. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +143 -0
  256. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
  257. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +11 -1
  258. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +2 -1
  259. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +13 -11
  260. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +24 -23
  261. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +20 -16
  262. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -2
  263. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
  264. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
  265. data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -15
  266. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
  267. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
  268. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +0 -29
  269. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +116 -363
  270. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +7 -45
  271. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
  272. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
  273. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
  274. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
  275. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
  276. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
  277. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +41 -0
  278. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
  279. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +28 -9
  280. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
  281. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
  282. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
  283. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
  284. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
  285. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
  286. data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
  287. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
  288. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +1 -1
  289. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
  290. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +33 -16
  291. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +1 -10
  292. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +789 -715
  293. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +3 -3
  294. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +9 -2
  295. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -2
  296. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +9 -0
  297. data/third_party/boringssl-with-bazel/src/ssl/internal.h +17 -14
  298. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -7
  299. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +28 -0
  300. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +4 -24
  301. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
  302. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +45 -24
  303. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +31 -21
  304. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +12 -9
  305. data/third_party/upb/upb/decode.c +467 -504
  306. data/third_party/upb/upb/encode.c +163 -121
  307. data/third_party/upb/upb/msg.c +130 -64
  308. data/third_party/upb/upb/msg.h +418 -14
  309. data/third_party/upb/upb/port_def.inc +35 -6
  310. data/third_party/upb/upb/port_undef.inc +8 -1
  311. data/third_party/upb/upb/table.c +53 -75
  312. data/third_party/upb/upb/table.int.h +11 -43
  313. data/third_party/upb/upb/upb.c +148 -124
  314. data/third_party/upb/upb/upb.h +65 -147
  315. data/third_party/upb/upb/upb.hpp +86 -0
  316. metadata +40 -37
  317. data/third_party/upb/upb/generated_util.h +0 -105
@@ -63,6 +63,13 @@ extern "C" {
63
63
  #endif
64
64
 
65
65
 
66
+ struct pkcs8_priv_key_info_st {
67
+ ASN1_INTEGER *version;
68
+ X509_ALGOR *pkeyalg;
69
+ ASN1_OCTET_STRING *pkey;
70
+ STACK_OF(X509_ATTRIBUTE) *attributes;
71
+ };
72
+
66
73
  // pkcs8_pbe_decrypt decrypts |in| using the PBE scheme described by
67
74
  // |algorithm|, which should be a serialized AlgorithmIdentifier structure. On
68
75
  // success, it sets |*out| to a newly-allocated buffer containing the decrypted
@@ -96,10 +96,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
96
96
  // Since the structure must still be valid use ASN1_OP_FREE_PRE
97
97
  if (operation == ASN1_OP_FREE_PRE) {
98
98
  PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
99
- if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING &&
100
- key->pkey->value.octet_string) {
101
- OPENSSL_cleanse(key->pkey->value.octet_string->data,
102
- key->pkey->value.octet_string->length);
99
+ if (key->pkey) {
100
+ OPENSSL_cleanse(key->pkey->data, key->pkey->length);
103
101
  }
104
102
  }
105
103
  return 1;
@@ -108,12 +106,45 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
108
106
  ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
109
107
  ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
110
108
  ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
111
- ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
109
+ ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_OCTET_STRING),
112
110
  ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
113
111
  } ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
114
112
 
115
113
  IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
116
114
 
115
+ int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
116
+ int ptype, void *pval, uint8_t *penc, int penclen) {
117
+ if (version >= 0 &&
118
+ !ASN1_INTEGER_set(priv->version, version)) {
119
+ return 0;
120
+ }
121
+
122
+ if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) {
123
+ return 0;
124
+ }
125
+
126
+ if (penc != NULL) {
127
+ ASN1_STRING_set0(priv->pkey, penc, penclen);
128
+ }
129
+
130
+ return 1;
131
+ }
132
+
133
+ int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const uint8_t **pk, int *ppklen,
134
+ X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8) {
135
+ if (ppkalg) {
136
+ *ppkalg = p8->pkeyalg->algorithm;
137
+ }
138
+ if (pk) {
139
+ *pk = ASN1_STRING_data(p8->pkey);
140
+ *ppklen = ASN1_STRING_length(p8->pkey);
141
+ }
142
+ if (pa) {
143
+ *pa = p8->pkeyalg;
144
+ }
145
+ return 1;
146
+ }
147
+
117
148
  EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) {
118
149
  uint8_t *der = NULL;
119
150
  int der_len = i2d_PKCS8_PRIV_KEY_INFO(p8, &der);
@@ -77,27 +77,6 @@ OPENSSL_EXPORT void PMBTOKEN_PRETOKEN_free(PMBTOKEN_PRETOKEN *token);
77
77
 
78
78
  DEFINE_STACK_OF(PMBTOKEN_PRETOKEN)
79
79
 
80
- // The following functions implement the corresponding |TRUST_TOKENS_METHOD|
81
- // functions for |TRUST_TOKENS_experiment_v0|'s PMBTokens construction which
82
- // uses P-521.
83
- int pmbtoken_exp0_generate_key(CBB *out_private, CBB *out_public);
84
- int pmbtoken_exp0_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
85
- const uint8_t *in, size_t len);
86
- int pmbtoken_exp0_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
87
- const uint8_t *in, size_t len);
88
- STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp0_blind(CBB *cbb, size_t count);
89
- int pmbtoken_exp0_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
90
- size_t num_requested, size_t num_to_issue,
91
- uint8_t private_metadata);
92
- STACK_OF(TRUST_TOKEN) *
93
- pmbtoken_exp0_unblind(const PMBTOKEN_CLIENT_KEY *key,
94
- const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
95
- CBS *cbs, size_t count, uint32_t key_id);
96
- int pmbtoken_exp0_read(const PMBTOKEN_ISSUER_KEY *key,
97
- uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
98
- uint8_t *out_private_metadata, const uint8_t *token,
99
- size_t token_len);
100
-
101
80
  // The following functions implement the corresponding |TRUST_TOKENS_METHOD|
102
81
  // functions for |TRUST_TOKENS_experiment_v1|'s PMBTokens construction which
103
82
  // uses P-384.
@@ -193,14 +172,6 @@ struct trust_token_method_st {
193
172
  uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
194
173
  uint8_t *out_private_metadata, const uint8_t *token,
195
174
  size_t token_len);
196
-
197
- // use_token_hash determines whether to include the token hash in the SRR and
198
- // private metadata encryption.
199
- int use_token_hash : 1;
200
-
201
- // batched_proof determines whether PMBToken uses a batched DLEQOR proof when
202
- // signing tokens.
203
- int batched_proof : 1;
204
175
  };
205
176
 
206
177
  // Structure representing a single Trust Token public key with the specified ID.
@@ -52,9 +52,6 @@ typedef struct {
52
52
  // hash_c implements the H_c operation in PMBTokens. It returns one on success
53
53
  // and zero on error.
54
54
  hash_c_func_t hash_c;
55
- // batched_proof determines whether PMBToken uses a batched DLEQOR proof when
56
- // signing tokens.
57
- int batched_proof : 1;
58
55
  } PMBTOKEN_METHOD;
59
56
 
60
57
  static const uint8_t kDefaultAdditionalData[32] = {0};
@@ -62,7 +59,7 @@ static const uint8_t kDefaultAdditionalData[32] = {0};
62
59
  static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
63
60
  const uint8_t *h_bytes, size_t h_len,
64
61
  hash_t_func_t hash_t, hash_s_func_t hash_s,
65
- hash_c_func_t hash_c, int batched_proof) {
62
+ hash_c_func_t hash_c) {
66
63
  method->group = EC_GROUP_new_by_curve_name(curve_nid);
67
64
  if (method->group == NULL) {
68
65
  return 0;
@@ -71,7 +68,6 @@ static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
71
68
  method->hash_t = hash_t;
72
69
  method->hash_s = hash_s;
73
70
  method->hash_c = hash_c;
74
- method->batched_proof = batched_proof;
75
71
 
76
72
  EC_AFFINE h;
77
73
  if (!ec_point_from_uncompressed(method->group, &h, h_bytes, h_len)) {
@@ -724,37 +720,31 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
724
720
  return 0;
725
721
  }
726
722
 
723
+ if (num_to_issue > ((size_t)-1) / sizeof(EC_RAW_POINT) ||
724
+ num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) {
725
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
726
+ return 0;
727
+ }
728
+
727
729
  int ret = 0;
728
- EC_RAW_POINT *Tps = NULL;
729
- EC_RAW_POINT *Sps = NULL;
730
- EC_RAW_POINT *Wps = NULL;
731
- EC_RAW_POINT *Wsps = NULL;
732
- EC_SCALAR *es = NULL;
730
+ EC_RAW_POINT *Tps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
731
+ EC_RAW_POINT *Sps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
732
+ EC_RAW_POINT *Wps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
733
+ EC_RAW_POINT *Wsps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
734
+ EC_SCALAR *es = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR));
733
735
  CBB batch_cbb;
734
736
  CBB_zero(&batch_cbb);
735
- if (method->batched_proof) {
736
- if (num_to_issue > ((size_t)-1) / sizeof(EC_RAW_POINT) ||
737
- num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) {
738
- OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
739
- goto err;
740
- }
741
- Tps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
742
- Sps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
743
- Wps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
744
- Wsps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
745
- es = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR));
746
- if (!Tps ||
747
- !Sps ||
748
- !Wps ||
749
- !Wsps ||
750
- !es ||
751
- !CBB_init(&batch_cbb, 0) ||
752
- !point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
753
- !point_to_cbb(&batch_cbb, method->group, &key->pub0) ||
754
- !point_to_cbb(&batch_cbb, method->group, &key->pub1)) {
755
- OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
756
- goto err;
757
- }
737
+ if (!Tps ||
738
+ !Sps ||
739
+ !Wps ||
740
+ !Wsps ||
741
+ !es ||
742
+ !CBB_init(&batch_cbb, 0) ||
743
+ !point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
744
+ !point_to_cbb(&batch_cbb, method->group, &key->pub0) ||
745
+ !point_to_cbb(&batch_cbb, method->group, &key->pub1)) {
746
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
747
+ goto err;
758
748
  }
759
749
 
760
750
  for (size_t i = 0; i < num_to_issue; i++) {
@@ -793,25 +783,17 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
793
783
  goto err;
794
784
  }
795
785
 
796
- if (!method->batched_proof) {
797
- if (!CBB_add_u16_length_prefixed(cbb, &child) ||
798
- !dleq_generate(method, &child, key, &Tp, &jacobians[0], &jacobians[1],
799
- &jacobians[2], private_metadata)) {
800
- goto err;
801
- }
802
- } else {
803
- if (!point_to_cbb(&batch_cbb, group, &Tp_affine) ||
804
- !point_to_cbb(&batch_cbb, group, &affines[0]) ||
805
- !point_to_cbb(&batch_cbb, group, &affines[1]) ||
806
- !point_to_cbb(&batch_cbb, group, &affines[2])) {
807
- OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
808
- goto err;
809
- }
810
- Tps[i] = Tp;
811
- Sps[i] = jacobians[0];
812
- Wps[i] = jacobians[1];
813
- Wsps[i] = jacobians[2];
786
+ if (!point_to_cbb(&batch_cbb, group, &Tp_affine) ||
787
+ !point_to_cbb(&batch_cbb, group, &affines[0]) ||
788
+ !point_to_cbb(&batch_cbb, group, &affines[1]) ||
789
+ !point_to_cbb(&batch_cbb, group, &affines[2])) {
790
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
791
+ goto err;
814
792
  }
793
+ Tps[i] = Tp;
794
+ Sps[i] = jacobians[0];
795
+ Wps[i] = jacobians[1];
796
+ Wsps[i] = jacobians[2];
815
797
 
816
798
  if (!CBB_flush(cbb)) {
817
799
  goto err;
@@ -821,36 +803,34 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
821
803
  // The DLEQ batching construction is described in appendix B of
822
804
  // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional
823
805
  // computations all act on public inputs.
824
- if (method->batched_proof) {
825
- for (size_t i = 0; i < num_to_issue; i++) {
826
- if (!hash_c_batch(method, &es[i], &batch_cbb, i)) {
827
- goto err;
828
- }
829
- }
830
-
831
- EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch;
832
- if (!ec_point_mul_scalar_public_batch(group, &Tp_batch,
833
- /*g_scalar=*/NULL, Tps, es,
834
- num_to_issue) ||
835
- !ec_point_mul_scalar_public_batch(group, &Sp_batch,
836
- /*g_scalar=*/NULL, Sps, es,
837
- num_to_issue) ||
838
- !ec_point_mul_scalar_public_batch(group, &Wp_batch,
839
- /*g_scalar=*/NULL, Wps, es,
840
- num_to_issue) ||
841
- !ec_point_mul_scalar_public_batch(group, &Wsp_batch,
842
- /*g_scalar=*/NULL, Wsps, es,
843
- num_to_issue)) {
806
+ for (size_t i = 0; i < num_to_issue; i++) {
807
+ if (!hash_c_batch(method, &es[i], &batch_cbb, i)) {
844
808
  goto err;
845
809
  }
810
+ }
846
811
 
847
- CBB proof;
848
- if (!CBB_add_u16_length_prefixed(cbb, &proof) ||
849
- !dleq_generate(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch,
850
- &Wsp_batch, private_metadata) ||
851
- !CBB_flush(cbb)) {
852
- goto err;
853
- }
812
+ EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch;
813
+ if (!ec_point_mul_scalar_public_batch(group, &Tp_batch,
814
+ /*g_scalar=*/NULL, Tps, es,
815
+ num_to_issue) ||
816
+ !ec_point_mul_scalar_public_batch(group, &Sp_batch,
817
+ /*g_scalar=*/NULL, Sps, es,
818
+ num_to_issue) ||
819
+ !ec_point_mul_scalar_public_batch(group, &Wp_batch,
820
+ /*g_scalar=*/NULL, Wps, es,
821
+ num_to_issue) ||
822
+ !ec_point_mul_scalar_public_batch(group, &Wsp_batch,
823
+ /*g_scalar=*/NULL, Wsps, es,
824
+ num_to_issue)) {
825
+ goto err;
826
+ }
827
+
828
+ CBB proof;
829
+ if (!CBB_add_u16_length_prefixed(cbb, &proof) ||
830
+ !dleq_generate(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch,
831
+ &Wsp_batch, private_metadata) ||
832
+ !CBB_flush(cbb)) {
833
+ goto err;
854
834
  }
855
835
 
856
836
  // Skip over any unused requests.
@@ -890,36 +870,29 @@ static STACK_OF(TRUST_TOKEN) *
890
870
  return NULL;
891
871
  }
892
872
 
893
- EC_RAW_POINT *Tps = NULL;
894
- EC_RAW_POINT *Sps = NULL;
895
- EC_RAW_POINT *Wps = NULL;
896
- EC_RAW_POINT *Wsps = NULL;
897
- EC_SCALAR *es = NULL;
873
+ if (count > ((size_t)-1) / sizeof(EC_RAW_POINT) ||
874
+ count > ((size_t)-1) / sizeof(EC_SCALAR)) {
875
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
876
+ return 0;
877
+ }
878
+ EC_RAW_POINT *Tps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
879
+ EC_RAW_POINT *Sps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
880
+ EC_RAW_POINT *Wps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
881
+ EC_RAW_POINT *Wsps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
882
+ EC_SCALAR *es = OPENSSL_malloc(count * sizeof(EC_SCALAR));
898
883
  CBB batch_cbb;
899
884
  CBB_zero(&batch_cbb);
900
- if (method->batched_proof) {
901
- if (count > ((size_t)-1) / sizeof(EC_RAW_POINT) ||
902
- count > ((size_t)-1) / sizeof(EC_SCALAR)) {
903
- OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
904
- goto err;
905
- }
906
- Tps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
907
- Sps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
908
- Wps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
909
- Wsps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
910
- es = OPENSSL_malloc(count * sizeof(EC_SCALAR));
911
- if (!Tps ||
912
- !Sps ||
913
- !Wps ||
914
- !Wsps ||
915
- !es ||
916
- !CBB_init(&batch_cbb, 0) ||
917
- !point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
918
- !point_to_cbb(&batch_cbb, method->group, &key->pub0) ||
919
- !point_to_cbb(&batch_cbb, method->group, &key->pub1)) {
920
- OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
921
- goto err;
922
- }
885
+ if (!Tps ||
886
+ !Sps ||
887
+ !Wps ||
888
+ !Wsps ||
889
+ !es ||
890
+ !CBB_init(&batch_cbb, 0) ||
891
+ !point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
892
+ !point_to_cbb(&batch_cbb, method->group, &key->pub0) ||
893
+ !point_to_cbb(&batch_cbb, method->group, &key->pub1)) {
894
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
895
+ goto err;
923
896
  }
924
897
 
925
898
  for (size_t i = 0; i < count; i++) {
@@ -928,7 +901,6 @@ static STACK_OF(TRUST_TOKEN) *
928
901
 
929
902
  uint8_t s[PMBTOKEN_NONCE_SIZE];
930
903
  EC_AFFINE Wp_affine, Wsp_affine;
931
- CBS proof;
932
904
  if (!CBS_copy_bytes(cbs, s, PMBTOKEN_NONCE_SIZE) ||
933
905
  !cbs_get_prefixed_point(cbs, group, &Wp_affine) ||
934
906
  !cbs_get_prefixed_point(cbs, group, &Wsp_affine)) {
@@ -936,50 +908,29 @@ static STACK_OF(TRUST_TOKEN) *
936
908
  goto err;
937
909
  }
938
910
 
939
- EC_RAW_POINT Tp, Wp, Wsp, Sp;
940
- ec_affine_to_jacobian(group, &Tp, &pretoken->Tp);
941
- ec_affine_to_jacobian(group, &Wp, &Wp_affine);
942
- ec_affine_to_jacobian(group, &Wsp, &Wsp_affine);
943
- if (!method->hash_s(group, &Sp, &pretoken->Tp, s)) {
911
+ ec_affine_to_jacobian(group, &Tps[i], &pretoken->Tp);
912
+ ec_affine_to_jacobian(group, &Wps[i], &Wp_affine);
913
+ ec_affine_to_jacobian(group, &Wsps[i], &Wsp_affine);
914
+ if (!method->hash_s(group, &Sps[i], &pretoken->Tp, s)) {
944
915
  goto err;
945
916
  }
946
917
 
947
- if (!method->batched_proof) {
948
- if(!CBS_get_u16_length_prefixed(cbs, &proof)) {
949
- OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
950
- goto err;
951
- }
952
-
953
- if (!dleq_verify(method, &proof, key, &Tp, &Sp, &Wp, &Wsp)) {
954
- goto err;
955
- }
956
-
957
- if (CBS_len(&proof) != 0) {
958
- OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
959
- goto err;
960
- }
961
- } else {
962
- EC_AFFINE Sp_affine;
963
- if (!point_to_cbb(&batch_cbb, group, &pretoken->Tp) ||
964
- !ec_jacobian_to_affine(group, &Sp_affine, &Sp) ||
965
- !point_to_cbb(&batch_cbb, group, &Sp_affine) ||
966
- !point_to_cbb(&batch_cbb, group, &Wp_affine) ||
967
- !point_to_cbb(&batch_cbb, group, &Wsp_affine)) {
968
- OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
969
- goto err;
970
- }
971
- Tps[i] = Tp;
972
- Sps[i] = Sp;
973
- Wps[i] = Wp;
974
- Wsps[i] = Wsp;
918
+ EC_AFFINE Sp_affine;
919
+ if (!point_to_cbb(&batch_cbb, group, &pretoken->Tp) ||
920
+ !ec_jacobian_to_affine(group, &Sp_affine, &Sps[i]) ||
921
+ !point_to_cbb(&batch_cbb, group, &Sp_affine) ||
922
+ !point_to_cbb(&batch_cbb, group, &Wp_affine) ||
923
+ !point_to_cbb(&batch_cbb, group, &Wsp_affine)) {
924
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
925
+ goto err;
975
926
  }
976
927
 
977
928
  // Unblind the token.
978
929
  EC_RAW_POINT jacobians[3];
979
930
  EC_AFFINE affines[3];
980
- if (!ec_point_mul_scalar(group, &jacobians[0], &Sp, &pretoken->r) ||
981
- !ec_point_mul_scalar(group, &jacobians[1], &Wp, &pretoken->r) ||
982
- !ec_point_mul_scalar(group, &jacobians[2], &Wsp, &pretoken->r) ||
931
+ if (!ec_point_mul_scalar(group, &jacobians[0], &Sps[i], &pretoken->r) ||
932
+ !ec_point_mul_scalar(group, &jacobians[1], &Wps[i], &pretoken->r) ||
933
+ !ec_point_mul_scalar(group, &jacobians[2], &Wsps[i], &pretoken->r) ||
983
934
  !ec_jacobian_to_affine_batch(group, affines, jacobians, 3)) {
984
935
  goto err;
985
936
  }
@@ -1018,32 +969,30 @@ static STACK_OF(TRUST_TOKEN) *
1018
969
  // The DLEQ batching construction is described in appendix B of
1019
970
  // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional
1020
971
  // computations all act on public inputs.
1021
- if (method->batched_proof) {
1022
- for (size_t i = 0; i < count; i++) {
1023
- if (!hash_c_batch(method, &es[i], &batch_cbb, i)) {
1024
- goto err;
1025
- }
1026
- }
1027
-
1028
- EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch;
1029
- if (!ec_point_mul_scalar_public_batch(group, &Tp_batch,
1030
- /*g_scalar=*/NULL, Tps, es, count) ||
1031
- !ec_point_mul_scalar_public_batch(group, &Sp_batch,
1032
- /*g_scalar=*/NULL, Sps, es, count) ||
1033
- !ec_point_mul_scalar_public_batch(group, &Wp_batch,
1034
- /*g_scalar=*/NULL, Wps, es, count) ||
1035
- !ec_point_mul_scalar_public_batch(group, &Wsp_batch,
1036
- /*g_scalar=*/NULL, Wsps, es, count)) {
972
+ for (size_t i = 0; i < count; i++) {
973
+ if (!hash_c_batch(method, &es[i], &batch_cbb, i)) {
1037
974
  goto err;
1038
975
  }
976
+ }
1039
977
 
1040
- CBS proof;
1041
- if (!CBS_get_u16_length_prefixed(cbs, &proof) ||
1042
- !dleq_verify(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch,
1043
- &Wsp_batch) ||
1044
- CBS_len(&proof) != 0) {
1045
- goto err;
1046
- }
978
+ EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch;
979
+ if (!ec_point_mul_scalar_public_batch(group, &Tp_batch,
980
+ /*g_scalar=*/NULL, Tps, es, count) ||
981
+ !ec_point_mul_scalar_public_batch(group, &Sp_batch,
982
+ /*g_scalar=*/NULL, Sps, es, count) ||
983
+ !ec_point_mul_scalar_public_batch(group, &Wp_batch,
984
+ /*g_scalar=*/NULL, Wps, es, count) ||
985
+ !ec_point_mul_scalar_public_batch(group, &Wsp_batch,
986
+ /*g_scalar=*/NULL, Wsps, es, count)) {
987
+ goto err;
988
+ }
989
+
990
+ CBS proof;
991
+ if (!CBS_get_u16_length_prefixed(cbs, &proof) ||
992
+ !dleq_verify(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch,
993
+ &Wsp_batch) ||
994
+ CBS_len(&proof) != 0) {
995
+ goto err;
1047
996
  }
1048
997
 
1049
998
  ok = 1;
@@ -1127,202 +1076,6 @@ static int pmbtoken_read(const PMBTOKEN_METHOD *method,
1127
1076
  }
1128
1077
 
1129
1078
 
1130
- // PMBTokens experiment v0.
1131
-
1132
- static int pmbtoken_exp0_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
1133
- const uint8_t t[PMBTOKEN_NONCE_SIZE]) {
1134
- const uint8_t kHashTLabel[] = "PMBTokensV0 HashT";
1135
- return ec_hash_to_curve_p521_xmd_sha512_sswu_draft06(
1136
- group, out, kHashTLabel, sizeof(kHashTLabel), t, PMBTOKEN_NONCE_SIZE);
1137
- }
1138
-
1139
- static int pmbtoken_exp0_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
1140
- const EC_AFFINE *t,
1141
- const uint8_t s[PMBTOKEN_NONCE_SIZE]) {
1142
- const uint8_t kHashSLabel[] = "PMBTokensV0 HashS";
1143
- int ret = 0;
1144
- CBB cbb;
1145
- uint8_t *buf = NULL;
1146
- size_t len;
1147
- if (!CBB_init(&cbb, 0) ||
1148
- !point_to_cbb(&cbb, group, t) ||
1149
- !CBB_add_bytes(&cbb, s, PMBTOKEN_NONCE_SIZE) ||
1150
- !CBB_finish(&cbb, &buf, &len) ||
1151
- !ec_hash_to_curve_p521_xmd_sha512_sswu_draft06(
1152
- group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
1153
- OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
1154
- goto err;
1155
- }
1156
-
1157
- ret = 1;
1158
-
1159
- err:
1160
- OPENSSL_free(buf);
1161
- CBB_cleanup(&cbb);
1162
- return ret;
1163
- }
1164
-
1165
- static int pmbtoken_exp0_hash_c(const EC_GROUP *group, EC_SCALAR *out,
1166
- uint8_t *buf, size_t len) {
1167
- const uint8_t kHashCLabel[] = "PMBTokensV0 HashC";
1168
- return ec_hash_to_scalar_p521_xmd_sha512_draft06(
1169
- group, out, kHashCLabel, sizeof(kHashCLabel), buf, len);
1170
- }
1171
-
1172
- // H for PMBTokens v0 was generated with the following Python code.
1173
- /*
1174
- import hashlib
1175
-
1176
- SEED_H = 'PrivacyPass H'
1177
-
1178
- A = -3
1179
- B = 0x051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00
1180
- P = 2**521 - 1
1181
-
1182
- def get_y(x):
1183
- y2 = (x**3 + A*x + B) % P
1184
- y = pow(y2, (P+1)/4, P)
1185
- if (y*y) % P != y2:
1186
- raise ValueError("point not on curve")
1187
- return y
1188
-
1189
- def bit(h,i):
1190
- return (ord(h[i/8]) >> (i%8)) & 1
1191
-
1192
- b = 521
1193
- def decode_point(so):
1194
- s = hashlib.sha256(so + '0').digest() + hashlib.sha256(so + '1').digest() + \
1195
- hashlib.sha256(so + '2').digest()
1196
-
1197
- x = 0
1198
- for i in range(0,b):
1199
- x = x + (long(bit(s,i))<<i)
1200
- if x >= P:
1201
- raise ValueError("x out of range")
1202
- y = get_y(x)
1203
- if y & 1 != bit(s,b-1): y = P-y
1204
- return (x, y)
1205
-
1206
-
1207
- def gen_point(seed):
1208
- v = hashlib.sha256(seed).digest()
1209
- it = 1
1210
- while True:
1211
- try:
1212
- x,y = decode_point(v)
1213
- except Exception, e:
1214
- print e
1215
- it += 1
1216
- v = hashlib.sha256(v).digest()
1217
- continue
1218
- print "Found in %d iterations:" % it
1219
- print " x = %d" % x
1220
- print " y = %d" % y
1221
- print " Encoded (hex): (%x, %x)" % (x, y)
1222
- return (x, y)
1223
-
1224
- if __name__ == "__main__":
1225
- gen_point(SEED_H)
1226
- */
1227
- static int pmbtoken_exp0_ok = 0;
1228
- static PMBTOKEN_METHOD pmbtoken_exp0_method;
1229
- static CRYPTO_once_t pmbtoken_exp0_method_once = CRYPTO_ONCE_INIT;
1230
-
1231
- static void pmbtoken_exp0_init_method_impl(void) {
1232
- static const uint8_t kH[] = {
1233
- 0x04, 0x01, 0xf0, 0xa9, 0xf7, 0x9e, 0xbc, 0x12, 0x6c, 0xef, 0xd1, 0xab,
1234
- 0x29, 0x10, 0x03, 0x6f, 0x4e, 0xf5, 0xbd, 0xeb, 0x0f, 0x6b, 0xc0, 0x5c,
1235
- 0x0e, 0xce, 0xfe, 0x59, 0x45, 0xd1, 0x3e, 0x25, 0x33, 0x7e, 0x4c, 0xda,
1236
- 0x64, 0x53, 0x54, 0x4e, 0xf9, 0x76, 0x0d, 0x6d, 0xc5, 0x39, 0x2a, 0xd4,
1237
- 0xce, 0x84, 0x6e, 0x31, 0xc2, 0x86, 0x21, 0xf9, 0x5c, 0x98, 0xb9, 0x3d,
1238
- 0x01, 0x74, 0x9f, 0xc5, 0x1e, 0x47, 0x24, 0x00, 0x5c, 0x17, 0x62, 0x51,
1239
- 0x7d, 0x32, 0x5e, 0x29, 0xac, 0x52, 0x14, 0x75, 0x6f, 0x36, 0xd9, 0xc7,
1240
- 0xfa, 0xbb, 0xa9, 0x3b, 0x9d, 0x70, 0x49, 0x1e, 0xb4, 0x53, 0xbc, 0x55,
1241
- 0xea, 0xad, 0x8f, 0x26, 0x1d, 0xe0, 0xbc, 0xf3, 0x50, 0x5c, 0x7e, 0x66,
1242
- 0x41, 0xb5, 0x61, 0x70, 0x12, 0x72, 0xac, 0x6a, 0xb0, 0x6e, 0x78, 0x3d,
1243
- 0x17, 0x08, 0xe3, 0xdf, 0x3c, 0xff, 0xa6, 0xa0, 0xea, 0x96, 0x67, 0x92,
1244
- 0xcd,
1245
- };
1246
-
1247
- pmbtoken_exp0_ok =
1248
- pmbtoken_init_method(&pmbtoken_exp0_method, NID_secp521r1, kH, sizeof(kH),
1249
- pmbtoken_exp0_hash_t, pmbtoken_exp0_hash_s,
1250
- pmbtoken_exp0_hash_c, /*batched_proof=*/0);
1251
- }
1252
-
1253
- static int pmbtoken_exp0_init_method(void) {
1254
- CRYPTO_once(&pmbtoken_exp0_method_once, pmbtoken_exp0_init_method_impl);
1255
- if (!pmbtoken_exp0_ok) {
1256
- OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
1257
- return 0;
1258
- }
1259
- return 1;
1260
- }
1261
-
1262
- int pmbtoken_exp0_generate_key(CBB *out_private, CBB *out_public) {
1263
- if (!pmbtoken_exp0_init_method()) {
1264
- return 0;
1265
- }
1266
-
1267
- return pmbtoken_generate_key(&pmbtoken_exp0_method, out_private, out_public);
1268
- }
1269
-
1270
- int pmbtoken_exp0_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
1271
- const uint8_t *in, size_t len) {
1272
- if (!pmbtoken_exp0_init_method()) {
1273
- return 0;
1274
- }
1275
- return pmbtoken_client_key_from_bytes(&pmbtoken_exp0_method, key, in, len);
1276
- }
1277
-
1278
- int pmbtoken_exp0_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
1279
- const uint8_t *in, size_t len) {
1280
- if (!pmbtoken_exp0_init_method()) {
1281
- return 0;
1282
- }
1283
- return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp0_method, key, in, len);
1284
- }
1285
-
1286
- STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp0_blind(CBB *cbb, size_t count) {
1287
- if (!pmbtoken_exp0_init_method()) {
1288
- return NULL;
1289
- }
1290
- return pmbtoken_blind(&pmbtoken_exp0_method, cbb, count);
1291
- }
1292
-
1293
- int pmbtoken_exp0_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
1294
- size_t num_requested, size_t num_to_issue,
1295
- uint8_t private_metadata) {
1296
- if (!pmbtoken_exp0_init_method()) {
1297
- return 0;
1298
- }
1299
- return pmbtoken_sign(&pmbtoken_exp0_method, key, cbb, cbs, num_requested,
1300
- num_to_issue, private_metadata);
1301
- }
1302
-
1303
- STACK_OF(TRUST_TOKEN) *
1304
- pmbtoken_exp0_unblind(const PMBTOKEN_CLIENT_KEY *key,
1305
- const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
1306
- CBS *cbs, size_t count, uint32_t key_id) {
1307
- if (!pmbtoken_exp0_init_method()) {
1308
- return NULL;
1309
- }
1310
- return pmbtoken_unblind(&pmbtoken_exp0_method, key, pretokens, cbs, count,
1311
- key_id);
1312
- }
1313
-
1314
- int pmbtoken_exp0_read(const PMBTOKEN_ISSUER_KEY *key,
1315
- uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
1316
- uint8_t *out_private_metadata, const uint8_t *token,
1317
- size_t token_len) {
1318
- if (!pmbtoken_exp0_init_method()) {
1319
- return 0;
1320
- }
1321
- return pmbtoken_read(&pmbtoken_exp0_method, key, out_nonce,
1322
- out_private_metadata, token, token_len);
1323
- }
1324
-
1325
-
1326
1079
  // PMBTokens experiment v1.
1327
1080
 
1328
1081
  static int pmbtoken_exp1_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
@@ -1387,7 +1140,7 @@ static void pmbtoken_exp1_init_method_impl(void) {
1387
1140
  pmbtoken_exp1_ok =
1388
1141
  pmbtoken_init_method(&pmbtoken_exp1_method, NID_secp384r1, kH, sizeof(kH),
1389
1142
  pmbtoken_exp1_hash_t, pmbtoken_exp1_hash_s,
1390
- pmbtoken_exp1_hash_c, /*batched_proof=*/1);
1143
+ pmbtoken_exp1_hash_c);
1391
1144
  }
1392
1145
 
1393
1146
  static int pmbtoken_exp1_init_method(void) {