grpc 1.30.2 → 1.32.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +723 -15910
- data/include/grpc/grpc_security.h +31 -14
- data/include/grpc/grpc_security_constants.h +3 -0
- data/include/grpc/impl/codegen/README.md +22 -0
- data/include/grpc/impl/codegen/grpc_types.h +7 -5
- data/include/grpc/impl/codegen/port_platform.h +6 -33
- data/src/core/ext/filters/client_channel/backend_metric.cc +12 -9
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -2
- data/src/core/ext/filters/client_channel/client_channel.cc +470 -285
- data/src/core/ext/filters/client_channel/client_channel.h +1 -1
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +0 -3
- data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
- data/src/core/ext/filters/client_channel/config_selector.h +93 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +8 -1
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +8 -8
- data/src/core/ext/filters/client_channel/http_proxy.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy.h +4 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +59 -36
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -13
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +0 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -37
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -13
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +29 -10
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +5 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +4 -6
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +23 -13
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +18 -12
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +22 -14
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +18 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +385 -78
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +5 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +6 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +8 -6
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +9 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +7 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +36 -51
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +6 -2
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +383 -31
- data/src/core/ext/filters/client_channel/resolver_registry.cc +13 -14
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +6 -7
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +0 -1
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +38 -32
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +39 -20
- data/src/core/ext/filters/client_channel/server_address.cc +40 -7
- data/src/core/ext/filters/client_channel/server_address.h +42 -4
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +65 -24
- data/src/core/ext/filters/client_channel/subchannel.h +16 -4
- data/src/core/ext/filters/http/client/http_client_filter.cc +5 -5
- data/src/core/ext/filters/http/http_filters_plugin.cc +2 -1
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +74 -33
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +3 -1
- data/src/core/ext/filters/max_age/max_age_filter.cc +2 -1
- data/src/core/ext/filters/message_size/message_size_filter.cc +56 -80
- data/src/core/ext/filters/message_size/message_size_filter.h +6 -0
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +87 -31
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +18 -1
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +10 -35
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +378 -348
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +7 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +3 -3
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +10 -16
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +9 -9
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +256 -279
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +23 -28
- data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +8 -9
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
- data/src/core/ext/transport/chttp2/transport/internal.h +18 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +34 -71
- data/src/core/ext/transport/chttp2/transport/writing.cc +15 -19
- data/src/core/ext/transport/inproc/inproc_transport.cc +47 -27
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +224 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +700 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +74 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +226 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +380 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +1378 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/cluster → config/cluster/v3}/filter.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +69 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/cluster → config/cluster/v3}/outlier_detection.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +323 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +112 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +334 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/backoff.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +79 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +309 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +869 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +96 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +328 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +195 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +634 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +170 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +684 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/http_uri.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +80 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +152 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +536 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +28 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +58 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/socket_option.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +88 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +91 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +220 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +91 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +273 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +112 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +332 -0
- data/src/core/ext/upb-generated/envoy/config/listener/{v2 → v3}/api_listener.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +65 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +108 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +401 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +138 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +490 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +41 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +94 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +174 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +599 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +204 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +773 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +2855 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +59 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +135 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +50 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +108 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +312 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +1125 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +20 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +34 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +111 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +401 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +198 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +388 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/cluster/v3}/cds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/{v2 → v3}/ads.upb.c +5 -4
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +129 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +386 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/endpoint/v3}/eds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/listener/v3}/lds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +55 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +136 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/rds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/srds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +47 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +114 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +77 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +64 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +145 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +127 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +188 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +88 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +258 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +90 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +250 -0
- data/src/core/ext/upb-generated/envoy/type/{http.upb.c → v3/http.upb.c} +2 -2
- data/src/core/ext/upb-generated/envoy/type/{http.upb.h → v3/http.upb.h} +8 -9
- data/src/core/ext/upb-generated/envoy/type/{percent.upb.c → v3/percent.upb.c} +9 -8
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +86 -0
- data/src/core/ext/upb-generated/envoy/type/{range.upb.c → v3/range.upb.c} +12 -11
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +111 -0
- data/src/core/ext/upb-generated/envoy/type/{semantic_version.upb.c → v3/semantic_version.upb.c} +6 -5
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +61 -0
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +234 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +759 -0
- data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +39 -39
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +412 -386
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +34 -55
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +5 -6
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +27 -0
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +53 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
- data/src/core/ext/upb-generated/validate/validate.upb.c +11 -11
- data/src/core/ext/upb-generated/validate/validate.upb.h +537 -536
- data/src/core/ext/xds/xds_api.cc +2388 -0
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_api.h +120 -40
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.cc +56 -25
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.h +8 -3
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel.h +4 -4
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel_args.h +3 -3
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel_secure.cc +2 -5
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.cc +94 -347
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.h +12 -45
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.cc +2 -2
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.h +13 -13
- data/src/core/lib/channel/channel_trace.cc +2 -6
- data/src/core/lib/channel/channelz.cc +19 -30
- data/src/core/lib/channel/channelz.h +1 -1
- data/src/core/lib/channel/channelz_registry.cc +3 -1
- data/src/core/lib/gpr/log_linux.cc +6 -8
- data/src/core/lib/gpr/log_posix.cc +6 -8
- data/src/core/lib/gpr/string.cc +10 -9
- data/src/core/lib/gpr/string.h +4 -2
- data/src/core/lib/gpr/sync_posix.cc +2 -8
- data/src/core/lib/gprpp/global_config_env.cc +8 -6
- data/src/core/lib/http/httpcli.cc +13 -10
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/iomgr/cfstream_handle.cc +1 -0
- data/src/core/lib/iomgr/endpoint.cc +5 -1
- data/src/core/lib/iomgr/endpoint.h +7 -3
- data/src/core/lib/iomgr/endpoint_cfstream.cc +32 -11
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
- data/src/core/lib/iomgr/error_cfstream.cc +9 -8
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +5 -6
- data/src/core/lib/iomgr/ev_epollex_linux.cc +15 -21
- data/src/core/lib/iomgr/ev_poll_posix.cc +6 -5
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
- data/src/core/{ext/filters/client_channel → lib/iomgr}/parse_address.cc +1 -1
- data/src/core/{ext/filters/client_channel → lib/iomgr}/parse_address.h +3 -3
- data/src/core/lib/iomgr/port.h +1 -21
- data/src/core/lib/iomgr/resolve_address_custom.cc +13 -18
- data/src/core/lib/iomgr/resolve_address_windows.cc +8 -8
- data/src/core/lib/iomgr/resource_quota.cc +34 -31
- data/src/core/lib/iomgr/sockaddr_utils.cc +9 -6
- data/src/core/lib/iomgr/sockaddr_utils.h +3 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +95 -55
- data/src/core/lib/iomgr/socket_windows.cc +4 -5
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +9 -11
- data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
- data/src/core/lib/iomgr/tcp_client_posix.cc +27 -36
- data/src/core/lib/iomgr/tcp_client_windows.cc +9 -9
- data/src/core/lib/iomgr/tcp_custom.cc +33 -17
- data/src/core/lib/iomgr/tcp_custom.h +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +31 -13
- data/src/core/lib/iomgr/tcp_server.cc +3 -4
- data/src/core/lib/iomgr/tcp_server.h +7 -5
- data/src/core/lib/iomgr/tcp_server_custom.cc +6 -14
- data/src/core/lib/iomgr/tcp_server_posix.cc +34 -41
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -7
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +4 -9
- data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
- data/src/core/lib/iomgr/tcp_windows.cc +26 -10
- data/src/core/lib/iomgr/timer_generic.cc +13 -12
- data/src/core/lib/iomgr/udp_server.cc +24 -23
- data/src/core/lib/iomgr/udp_server.h +5 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
- data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
- data/src/core/lib/json/json_reader.cc +20 -21
- data/src/core/lib/security/authorization/authorization_engine.cc +177 -0
- data/src/core/lib/security/authorization/authorization_engine.h +84 -0
- data/src/core/lib/security/authorization/evaluate_args.cc +153 -0
- data/src/core/lib/security/authorization/evaluate_args.h +59 -0
- data/src/core/lib/security/authorization/mock_cel/activation.h +57 -0
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +42 -0
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +68 -0
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +93 -0
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +67 -0
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +56 -0
- data/src/core/lib/security/authorization/mock_cel/statusor.h +50 -0
- data/src/core/lib/security/credentials/credentials.h +5 -3
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +64 -43
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +19 -28
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +6 -6
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +10 -0
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +11 -12
- data/src/core/lib/security/security_connector/security_connector.cc +2 -0
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +18 -11
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +5 -0
- data/src/core/lib/security/security_connector/ssl_utils.cc +44 -23
- data/src/core/lib/security/security_connector/ssl_utils.h +6 -2
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +27 -24
- data/src/core/lib/security/transport/client_auth_filter.cc +10 -9
- data/src/core/lib/security/transport/secure_endpoint.cc +7 -1
- data/src/core/lib/security/util/json_util.cc +12 -13
- data/src/core/lib/slice/slice.cc +38 -1
- data/src/core/lib/slice/slice_internal.h +1 -0
- data/src/core/lib/surface/call.cc +52 -53
- data/src/core/lib/surface/call.h +2 -1
- data/src/core/lib/surface/channel.cc +28 -20
- data/src/core/lib/surface/channel.h +12 -2
- data/src/core/lib/surface/completion_queue.cc +0 -5
- data/src/core/lib/surface/init.cc +1 -1
- data/src/core/lib/surface/server.cc +1102 -1347
- data/src/core/lib/surface/server.h +369 -71
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/authority_override.cc +38 -0
- data/src/core/lib/transport/authority_override.h +32 -0
- data/src/core/lib/transport/connectivity_state.cc +18 -13
- data/src/core/lib/transport/connectivity_state.h +18 -6
- data/src/core/lib/transport/error_utils.cc +13 -0
- data/src/core/lib/transport/error_utils.h +6 -0
- data/src/core/lib/transport/static_metadata.cc +295 -276
- data/src/core/lib/transport/static_metadata.h +80 -73
- data/src/core/lib/transport/transport.h +13 -0
- data/src/core/lib/uri/uri_parser.cc +30 -35
- data/src/core/lib/uri/uri_parser.h +3 -1
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +23 -13
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +24 -0
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
- data/src/core/tsi/ssl_transport_security.cc +102 -11
- data/src/core/tsi/ssl_transport_security.h +14 -2
- data/src/core/tsi/transport_security_interface.h +5 -0
- data/src/ruby/bin/math_services_pb.rb +4 -4
- data/src/ruby/ext/grpc/extconf.rb +5 -2
- data/src/ruby/ext/grpc/rb_call.c +3 -2
- data/src/ruby/ext/grpc/rb_call.h +4 -0
- data/src/ruby/ext/grpc/rb_call_credentials.c +54 -10
- data/src/ruby/ext/grpc/rb_channel_credentials.c +9 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -4
- data/src/ruby/lib/grpc/generic/client_stub.rb +1 -1
- data/src/ruby/lib/grpc/generic/interceptors.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +2 -2
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +5 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +28 -12
- data/src/ruby/spec/channel_credentials_spec.rb +10 -0
- data/src/ruby/spec/generic/active_call_spec.rb +19 -8
- data/src/ruby/spec/pb/codegen/grpc/testing/same_package_service_name.proto +27 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/same_ruby_package_service_name.proto +29 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +20 -0
- data/src/ruby/spec/user_agent_spec.rb +74 -0
- data/third_party/abseil-cpp/absl/algorithm/container.h +1727 -0
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +161 -0
- data/third_party/abseil-cpp/absl/base/internal/exponential_biased.cc +93 -0
- data/third_party/abseil-cpp/absl/base/internal/exponential_biased.h +130 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +620 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h +126 -0
- data/third_party/abseil-cpp/absl/container/fixed_array.h +515 -0
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +503 -0
- data/third_party/abseil-cpp/absl/container/internal/common.h +202 -0
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +440 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +146 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +191 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtable_debug_hooks.h +85 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +269 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +297 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +30 -0
- data/third_party/abseil-cpp/absl/container/internal/have_sse.h +49 -0
- data/third_party/abseil-cpp/absl/container/internal/layout.h +741 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +48 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +1882 -0
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +138 -0
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.h +32 -0
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +1895 -0
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +71 -0
- data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +382 -0
- data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.h +134 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +192 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +125 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +70 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +99 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +248 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_unimplemented-inl.inc +24 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +85 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +346 -0
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +128 -0
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +194 -0
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.h +158 -0
- data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +140 -0
- data/third_party/abseil-cpp/absl/debugging/stacktrace.h +231 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize.cc +25 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize.h +99 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +1480 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_unimplemented.inc +40 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +81 -0
- data/third_party/abseil-cpp/absl/functional/function_ref.h +139 -0
- data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +106 -0
- data/third_party/abseil-cpp/absl/hash/hash.h +324 -0
- data/third_party/abseil-cpp/absl/hash/internal/city.cc +346 -0
- data/third_party/abseil-cpp/absl/hash/internal/city.h +96 -0
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +55 -0
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +988 -0
- data/third_party/abseil-cpp/absl/status/status.cc +447 -0
- data/third_party/abseil-cpp/absl/status/status.h +428 -0
- data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +43 -0
- data/third_party/abseil-cpp/absl/status/status_payload_printer.h +51 -0
- data/third_party/abseil-cpp/absl/strings/cord.cc +2019 -0
- data/third_party/abseil-cpp/absl/strings/cord.h +1121 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +151 -0
- data/third_party/abseil-cpp/absl/synchronization/barrier.cc +52 -0
- data/third_party/abseil-cpp/absl/synchronization/barrier.h +79 -0
- data/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc +57 -0
- data/third_party/abseil-cpp/absl/synchronization/blocking_counter.h +99 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +140 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.h +60 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +697 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.h +141 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +155 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +261 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +106 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +115 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +484 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +159 -0
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +2728 -0
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +1056 -0
- data/third_party/abseil-cpp/absl/synchronization/notification.cc +78 -0
- data/third_party/abseil-cpp/absl/synchronization/notification.h +123 -0
- data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +64 -0
- data/third_party/abseil-cpp/absl/types/bad_variant_access.h +82 -0
- data/third_party/abseil-cpp/absl/types/internal/variant.h +1646 -0
- data/third_party/abseil-cpp/absl/types/variant.h +861 -0
- data/third_party/boringssl-with-bazel/err_data.c +266 -254
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +12 -52
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +0 -22
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +159 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +11 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +24 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +20 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +456 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +192 -0
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +116 -363
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +7 -45
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +28 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +20 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
- data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +52 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +72 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +2 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +1 -10
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +800 -715
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +9 -2
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +9 -0
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +21 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -7
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +3 -6
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +38 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +4 -24
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +45 -24
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +34 -9
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +31 -21
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +17 -9
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +5 -3
- data/third_party/re2/re2/bitmap256.h +117 -0
- data/third_party/re2/re2/bitstate.cc +385 -0
- data/third_party/re2/re2/compile.cc +1279 -0
- data/third_party/re2/re2/dfa.cc +2130 -0
- data/third_party/re2/re2/filtered_re2.cc +121 -0
- data/third_party/re2/re2/filtered_re2.h +109 -0
- data/third_party/re2/re2/mimics_pcre.cc +197 -0
- data/third_party/re2/re2/nfa.cc +713 -0
- data/third_party/re2/re2/onepass.cc +623 -0
- data/third_party/re2/re2/parse.cc +2464 -0
- data/third_party/re2/re2/perl_groups.cc +119 -0
- data/third_party/re2/re2/pod_array.h +55 -0
- data/third_party/re2/re2/prefilter.cc +710 -0
- data/third_party/re2/re2/prefilter.h +108 -0
- data/third_party/re2/re2/prefilter_tree.cc +407 -0
- data/third_party/re2/re2/prefilter_tree.h +139 -0
- data/third_party/re2/re2/prog.cc +988 -0
- data/third_party/re2/re2/prog.h +436 -0
- data/third_party/re2/re2/re2.cc +1362 -0
- data/third_party/re2/re2/re2.h +1002 -0
- data/third_party/re2/re2/regexp.cc +980 -0
- data/third_party/re2/re2/regexp.h +659 -0
- data/third_party/re2/re2/set.cc +154 -0
- data/third_party/re2/re2/set.h +80 -0
- data/third_party/re2/re2/simplify.cc +657 -0
- data/third_party/re2/re2/sparse_array.h +392 -0
- data/third_party/re2/re2/sparse_set.h +264 -0
- data/third_party/re2/re2/stringpiece.cc +65 -0
- data/third_party/re2/re2/stringpiece.h +210 -0
- data/third_party/re2/re2/tostring.cc +351 -0
- data/third_party/re2/re2/unicode_casefold.cc +582 -0
- data/third_party/re2/re2/unicode_casefold.h +78 -0
- data/third_party/re2/re2/unicode_groups.cc +6269 -0
- data/third_party/re2/re2/unicode_groups.h +67 -0
- data/third_party/re2/re2/walker-inl.h +246 -0
- data/third_party/re2/util/benchmark.h +156 -0
- data/third_party/re2/util/flags.h +26 -0
- data/third_party/re2/util/logging.h +109 -0
- data/third_party/re2/util/malloc_counter.h +19 -0
- data/third_party/re2/util/mix.h +41 -0
- data/third_party/re2/util/mutex.h +148 -0
- data/third_party/re2/util/pcre.cc +1025 -0
- data/third_party/re2/util/pcre.h +681 -0
- data/third_party/re2/util/rune.cc +260 -0
- data/third_party/re2/util/strutil.cc +149 -0
- data/third_party/re2/util/strutil.h +21 -0
- data/third_party/re2/util/test.h +50 -0
- data/third_party/re2/util/utf.h +44 -0
- data/third_party/re2/util/util.h +42 -0
- data/third_party/upb/upb/decode.c +517 -505
- data/third_party/upb/upb/encode.c +165 -123
- data/third_party/upb/upb/msg.c +130 -64
- data/third_party/upb/upb/msg.h +418 -14
- data/third_party/upb/upb/port_def.inc +35 -6
- data/third_party/upb/upb/port_undef.inc +8 -1
- data/third_party/upb/upb/table.c +53 -86
- data/third_party/upb/upb/table.int.h +11 -52
- data/third_party/upb/upb/upb.c +151 -125
- data/third_party/upb/upb/upb.h +91 -147
- data/third_party/upb/upb/upb.hpp +88 -0
- metadata +308 -148
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +0 -1906
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +0 -21
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +0 -35
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +0 -114
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +0 -418
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +0 -72
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +0 -197
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +0 -105
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +0 -378
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +0 -53
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +0 -403
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +0 -1447
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +0 -74
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +0 -218
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +0 -69
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +0 -305
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +0 -112
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +0 -328
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +0 -78
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +0 -313
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +0 -897
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +0 -96
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +0 -322
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +0 -34
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +0 -72
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +0 -197
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +0 -642
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +0 -172
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +0 -673
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +0 -80
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +0 -152
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +0 -518
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +0 -89
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +0 -129
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +0 -392
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +0 -53
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +0 -92
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +0 -240
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +0 -18
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -33
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +0 -91
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +0 -266
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +0 -112
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +0 -324
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +0 -53
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +0 -109
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +0 -399
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +0 -18
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -33
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +0 -145
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +0 -527
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +0 -43
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +0 -112
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +0 -53
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +0 -63
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +0 -199
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +0 -18
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -33
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +0 -815
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +0 -3032
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +0 -59
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +0 -134
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +0 -53
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +0 -228
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +0 -725
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +0 -316
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +0 -1132
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +0 -65
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +0 -51
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +0 -125
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +0 -50
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +0 -54
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +0 -134
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +0 -63
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +0 -144
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +0 -53
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +0 -133
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +0 -88
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +0 -258
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +0 -87
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +0 -112
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +0 -62
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +0 -89
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +0 -249
- data/src/core/lib/security/transport/target_authority_table.cc +0 -75
- data/src/core/lib/security/transport/target_authority_table.h +0 -40
- data/src/core/lib/slice/slice_hash_table.h +0 -199
- data/src/core/lib/slice/slice_weak_hash_table.h +0 -102
- data/third_party/upb/upb/generated_util.h +0 -105
@@ -0,0 +1,192 @@
|
|
1
|
+
/* Copyright (c) 2020, Google Inc.
|
2
|
+
*
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
6
|
+
*
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
|
+
|
15
|
+
#ifndef OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
|
16
|
+
#define OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
|
17
|
+
|
18
|
+
#include <openssl/aead.h>
|
19
|
+
#include <openssl/base.h>
|
20
|
+
#include <openssl/curve25519.h>
|
21
|
+
|
22
|
+
#if defined(__cplusplus)
|
23
|
+
extern "C" {
|
24
|
+
#endif
|
25
|
+
|
26
|
+
|
27
|
+
// Hybrid Public Key Encryption.
|
28
|
+
//
|
29
|
+
// Hybrid Public Key Encryption (HPKE) enables a sender to encrypt messages to a
|
30
|
+
// receiver with a public key.
|
31
|
+
//
|
32
|
+
// See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-04.
|
33
|
+
|
34
|
+
// EVP_HPKE_AEAD_* are AEAD identifiers.
|
35
|
+
#define EVP_HPKE_AEAD_AES_GCM_128 0x0001
|
36
|
+
#define EVP_HPKE_AEAD_AES_GCM_256 0x0002
|
37
|
+
#define EVP_HPKE_AEAD_CHACHA20POLY1305 0x0003
|
38
|
+
|
39
|
+
// EVP_HPKE_HKDF_* are HKDF identifiers.
|
40
|
+
#define EVP_HPKE_HKDF_SHA256 0x0001
|
41
|
+
#define EVP_HPKE_HKDF_SHA384 0x0002
|
42
|
+
#define EVP_HPKE_HKDF_SHA512 0x0003
|
43
|
+
|
44
|
+
// EVP_HPKE_MAX_OVERHEAD contains the largest value that
|
45
|
+
// |EVP_HPKE_CTX_max_overhead| would ever return for any context.
|
46
|
+
#define EVP_HPKE_MAX_OVERHEAD EVP_AEAD_MAX_OVERHEAD
|
47
|
+
|
48
|
+
|
49
|
+
// Encryption contexts.
|
50
|
+
|
51
|
+
// An |EVP_HPKE_CTX| is an HPKE encryption context.
|
52
|
+
typedef struct evp_hpke_ctx_st {
|
53
|
+
const EVP_MD *hkdf_md;
|
54
|
+
EVP_AEAD_CTX aead_ctx;
|
55
|
+
uint16_t kdf_id;
|
56
|
+
uint16_t aead_id;
|
57
|
+
uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
|
58
|
+
uint8_t exporter_secret[EVP_MAX_MD_SIZE];
|
59
|
+
uint64_t seq;
|
60
|
+
int is_sender;
|
61
|
+
} EVP_HPKE_CTX;
|
62
|
+
|
63
|
+
// EVP_HPKE_CTX_init initializes an already-allocated |EVP_HPKE_CTX|. The caller
|
64
|
+
// should then use one of the |EVP_HPKE_CTX_setup_*| functions.
|
65
|
+
//
|
66
|
+
// It is safe, but not necessary to call |EVP_HPKE_CTX_cleanup| in this state.
|
67
|
+
OPENSSL_EXPORT void EVP_HPKE_CTX_init(EVP_HPKE_CTX *ctx);
|
68
|
+
|
69
|
+
// EVP_HPKE_CTX_cleanup releases memory referenced by |ctx|. |ctx| must have
|
70
|
+
// been initialized with |EVP_HPKE_CTX_init|.
|
71
|
+
OPENSSL_EXPORT void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx);
|
72
|
+
|
73
|
+
|
74
|
+
// Setting up HPKE contexts.
|
75
|
+
//
|
76
|
+
// In each of the following functions, |hpke| must have been initialized with
|
77
|
+
// |EVP_HPKE_CTX_init|. |kdf_id| selects the KDF for non-KEM HPKE operations and
|
78
|
+
// must be one of the |EVP_HPKE_HKDF_*| constants. |aead_id| selects the AEAD
|
79
|
+
// for the "open" and "seal" operations and must be one of the |EVP_HPKE_AEAD_*"
|
80
|
+
// constants."
|
81
|
+
//
|
82
|
+
// See https://www.ietf.org/id/draft-irtf-cfrg-hpke-04.html#section-5.1.1.
|
83
|
+
|
84
|
+
// EVP_HPKE_CTX_setup_base_s_x25519 sets up |hpke| as a sender context that can
|
85
|
+
// encrypt for the private key corresponding to |peer_public_value| (the
|
86
|
+
// recipient's public key). It returns one on success, and zero otherwise. Note
|
87
|
+
// that this function may fail if |peer_public_value| is invalid.
|
88
|
+
//
|
89
|
+
// This function writes the encapsulated shared secret to |out_enc|.
|
90
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519(
|
91
|
+
EVP_HPKE_CTX *hpke, uint8_t out_enc[X25519_PUBLIC_VALUE_LEN],
|
92
|
+
uint16_t kdf_id, uint16_t aead_id,
|
93
|
+
const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
|
94
|
+
const uint8_t *info, size_t info_len);
|
95
|
+
|
96
|
+
// EVP_HPKE_CTX_setup_base_s_x25519_for_test behaves like
|
97
|
+
// |EVP_HPKE_CTX_setup_base_s_x25519|, but takes a pre-generated ephemeral
|
98
|
+
// sender key.
|
99
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519_for_test(
|
100
|
+
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
101
|
+
const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
|
102
|
+
const uint8_t *info, size_t info_len,
|
103
|
+
const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN],
|
104
|
+
const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]);
|
105
|
+
|
106
|
+
// EVP_HPKE_CTX_setup_base_r_x25519 sets up |hpke| as a recipient context that
|
107
|
+
// can decrypt messages. |private_key| is the recipient's private key, and |enc|
|
108
|
+
// is the encapsulated shared secret from the sender. Note that this function
|
109
|
+
// may fail if |enc| is invalid.
|
110
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_r_x25519(
|
111
|
+
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
112
|
+
const uint8_t enc[X25519_PUBLIC_VALUE_LEN],
|
113
|
+
const uint8_t public_key[X25519_PUBLIC_VALUE_LEN],
|
114
|
+
const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info,
|
115
|
+
size_t info_len);
|
116
|
+
|
117
|
+
|
118
|
+
// Using an HPKE context.
|
119
|
+
|
120
|
+
// EVP_HPKE_CTX_open uses the HPKE context |hpke| to authenticate |in_len| bytes
|
121
|
+
// from |in| and |ad_len| bytes from |ad| and to decrypt at most |in_len| bytes
|
122
|
+
// into |out|. It returns one on success, and zero otherwise.
|
123
|
+
//
|
124
|
+
// This operation will fail if the |hpke| context is not set up as a receiver.
|
125
|
+
//
|
126
|
+
// Note that HPKE encryption is stateful and ordered. The sender's first call to
|
127
|
+
// |EVP_HPKE_CTX_seal| must correspond to the recipient's first call to
|
128
|
+
// |EVP_HPKE_CTX_open|, etc.
|
129
|
+
//
|
130
|
+
// At most |in_len| bytes are written to |out|. In order to ensure success,
|
131
|
+
// |max_out_len| should be at least |in_len|. On successful return, |*out_len|
|
132
|
+
// is set to the actual number of bytes written.
|
133
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_open(EVP_HPKE_CTX *hpke, uint8_t *out,
|
134
|
+
size_t *out_len, size_t max_out_len,
|
135
|
+
const uint8_t *in, size_t in_len,
|
136
|
+
const uint8_t *ad, size_t ad_len);
|
137
|
+
|
138
|
+
// EVP_HPKE_CTX_seal uses the HPKE context |hpke| to encrypt and authenticate
|
139
|
+
// |in_len| bytes of ciphertext |in| and authenticate |ad_len| bytes from |ad|,
|
140
|
+
// writing the result to |out|. It returns one on success and zero otherwise.
|
141
|
+
//
|
142
|
+
// This operation will fail if the |hpke| context is not set up as a sender.
|
143
|
+
//
|
144
|
+
// Note that HPKE encryption is stateful and ordered. The sender's first call to
|
145
|
+
// |EVP_HPKE_CTX_seal| must correspond to the recipient's first call to
|
146
|
+
// |EVP_HPKE_CTX_open|, etc.
|
147
|
+
//
|
148
|
+
// At most, |max_out_len| encrypted bytes are written to |out|. On successful
|
149
|
+
// return, |*out_len| is set to the actual number of bytes written.
|
150
|
+
//
|
151
|
+
// To ensure success, |max_out_len| should be |in_len| plus the result of
|
152
|
+
// |EVP_HPKE_CTX_max_overhead| or |EVP_HPKE_MAX_OVERHEAD|.
|
153
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_seal(EVP_HPKE_CTX *hpke, uint8_t *out,
|
154
|
+
size_t *out_len, size_t max_out_len,
|
155
|
+
const uint8_t *in, size_t in_len,
|
156
|
+
const uint8_t *ad, size_t ad_len);
|
157
|
+
|
158
|
+
// EVP_HPKE_CTX_export uses the HPKE context |hpke| to export a secret of
|
159
|
+
// |secret_len| bytes into |out|. This function uses |context_len| bytes from
|
160
|
+
// |context| as a context string for the secret. This is necessary to separate
|
161
|
+
// different uses of exported secrets and bind relevant caller-specific context
|
162
|
+
// into the output. It returns one on success and zero otherwise.
|
163
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *hpke, uint8_t *out,
|
164
|
+
size_t secret_len,
|
165
|
+
const uint8_t *context,
|
166
|
+
size_t context_len);
|
167
|
+
|
168
|
+
// EVP_HPKE_CTX_max_overhead returns the maximum number of additional bytes
|
169
|
+
// added by sealing data with |EVP_HPKE_CTX_seal|. The |hpke| context must be
|
170
|
+
// set up as a sender.
|
171
|
+
OPENSSL_EXPORT size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *hpke);
|
172
|
+
|
173
|
+
|
174
|
+
#if defined(__cplusplus)
|
175
|
+
} // extern C
|
176
|
+
#endif
|
177
|
+
|
178
|
+
#if !defined(BORINGSSL_NO_CXX)
|
179
|
+
extern "C++" {
|
180
|
+
|
181
|
+
BSSL_NAMESPACE_BEGIN
|
182
|
+
|
183
|
+
using ScopedEVP_HPKE_CTX =
|
184
|
+
internal::StackAllocated<EVP_HPKE_CTX, void, EVP_HPKE_CTX_init,
|
185
|
+
EVP_HPKE_CTX_cleanup>;
|
186
|
+
|
187
|
+
BSSL_NAMESPACE_END
|
188
|
+
|
189
|
+
} // extern C++
|
190
|
+
#endif
|
191
|
+
|
192
|
+
#endif // OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
|
@@ -72,6 +72,8 @@ OPENSSL_MSVC_PRAGMA(warning(pop))
|
|
72
72
|
|
73
73
|
|
74
74
|
#define OPENSSL_MALLOC_PREFIX 8
|
75
|
+
OPENSSL_STATIC_ASSERT(OPENSSL_MALLOC_PREFIX >= sizeof(size_t),
|
76
|
+
"size_t too large");
|
75
77
|
|
76
78
|
#if defined(OPENSSL_ASAN)
|
77
79
|
void __asan_poison_memory_region(const volatile void *addr, size_t size);
|
@@ -101,13 +103,21 @@ static void __asan_unpoison_memory_region(const void *addr, size_t size) {}
|
|
101
103
|
// linked. This isn't an ideal result, but its helps in some cases.
|
102
104
|
WEAK_SYMBOL_FUNC(void, sdallocx, (void *ptr, size_t size, int flags));
|
103
105
|
|
104
|
-
// The following
|
105
|
-
//
|
106
|
-
//
|
107
|
-
|
108
|
-
WEAK_SYMBOL_FUNC(void
|
106
|
+
// The following three functions can be defined to override default heap
|
107
|
+
// allocation and freeing. If defined, it is the responsibility of
|
108
|
+
// |OPENSSL_memory_free| to zero out the memory before returning it to the
|
109
|
+
// system. |OPENSSL_memory_free| will not be passed NULL pointers.
|
110
|
+
WEAK_SYMBOL_FUNC(void*, OPENSSL_memory_alloc, (size_t size));
|
111
|
+
WEAK_SYMBOL_FUNC(void, OPENSSL_memory_free, (void *ptr));
|
112
|
+
WEAK_SYMBOL_FUNC(size_t, OPENSSL_memory_get_size, (void *ptr));
|
109
113
|
|
110
114
|
void *OPENSSL_malloc(size_t size) {
|
115
|
+
if (OPENSSL_memory_alloc != NULL) {
|
116
|
+
assert(OPENSSL_memory_free != NULL);
|
117
|
+
assert(OPENSSL_memory_get_size != NULL);
|
118
|
+
return OPENSSL_memory_alloc(size);
|
119
|
+
}
|
120
|
+
|
111
121
|
if (size + OPENSSL_MALLOC_PREFIX < size) {
|
112
122
|
return NULL;
|
113
123
|
}
|
@@ -120,9 +130,6 @@ void *OPENSSL_malloc(size_t size) {
|
|
120
130
|
*(size_t *)ptr = size;
|
121
131
|
|
122
132
|
__asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
|
123
|
-
if (OPENSSL_track_memory_alloc) {
|
124
|
-
OPENSSL_track_memory_alloc(ptr, size + OPENSSL_MALLOC_PREFIX);
|
125
|
-
}
|
126
133
|
return ((uint8_t *)ptr) + OPENSSL_MALLOC_PREFIX;
|
127
134
|
}
|
128
135
|
|
@@ -131,13 +138,15 @@ void OPENSSL_free(void *orig_ptr) {
|
|
131
138
|
return;
|
132
139
|
}
|
133
140
|
|
141
|
+
if (OPENSSL_memory_free != NULL) {
|
142
|
+
OPENSSL_memory_free(orig_ptr);
|
143
|
+
return;
|
144
|
+
}
|
145
|
+
|
134
146
|
void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX;
|
135
147
|
__asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
|
136
148
|
|
137
149
|
size_t size = *(size_t *)ptr;
|
138
|
-
if (OPENSSL_track_memory_free) {
|
139
|
-
OPENSSL_track_memory_free(ptr, size + OPENSSL_MALLOC_PREFIX);
|
140
|
-
}
|
141
150
|
OPENSSL_cleanse(ptr, size + OPENSSL_MALLOC_PREFIX);
|
142
151
|
if (sdallocx) {
|
143
152
|
sdallocx(ptr, size + OPENSSL_MALLOC_PREFIX, 0 /* flags */);
|
@@ -151,10 +160,15 @@ void *OPENSSL_realloc(void *orig_ptr, size_t new_size) {
|
|
151
160
|
return OPENSSL_malloc(new_size);
|
152
161
|
}
|
153
162
|
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
163
|
+
size_t old_size;
|
164
|
+
if (OPENSSL_memory_get_size != NULL) {
|
165
|
+
old_size = OPENSSL_memory_get_size(orig_ptr);
|
166
|
+
} else {
|
167
|
+
void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX;
|
168
|
+
__asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
|
169
|
+
old_size = *(size_t *)ptr;
|
170
|
+
__asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
|
171
|
+
}
|
158
172
|
|
159
173
|
void *ret = OPENSSL_malloc(new_size);
|
160
174
|
if (ret == NULL) {
|
@@ -63,6 +63,13 @@ extern "C" {
|
|
63
63
|
#endif
|
64
64
|
|
65
65
|
|
66
|
+
struct pkcs8_priv_key_info_st {
|
67
|
+
ASN1_INTEGER *version;
|
68
|
+
X509_ALGOR *pkeyalg;
|
69
|
+
ASN1_OCTET_STRING *pkey;
|
70
|
+
STACK_OF(X509_ATTRIBUTE) *attributes;
|
71
|
+
};
|
72
|
+
|
66
73
|
// pkcs8_pbe_decrypt decrypts |in| using the PBE scheme described by
|
67
74
|
// |algorithm|, which should be a serialized AlgorithmIdentifier structure. On
|
68
75
|
// success, it sets |*out| to a newly-allocated buffer containing the decrypted
|
@@ -96,10 +96,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
|
|
96
96
|
// Since the structure must still be valid use ASN1_OP_FREE_PRE
|
97
97
|
if (operation == ASN1_OP_FREE_PRE) {
|
98
98
|
PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
|
99
|
-
if (key->pkey
|
100
|
-
|
101
|
-
OPENSSL_cleanse(key->pkey->value.octet_string->data,
|
102
|
-
key->pkey->value.octet_string->length);
|
99
|
+
if (key->pkey) {
|
100
|
+
OPENSSL_cleanse(key->pkey->data, key->pkey->length);
|
103
101
|
}
|
104
102
|
}
|
105
103
|
return 1;
|
@@ -108,12 +106,45 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
|
|
108
106
|
ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
|
109
107
|
ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
|
110
108
|
ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
|
111
|
-
ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey,
|
109
|
+
ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_OCTET_STRING),
|
112
110
|
ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
|
113
111
|
} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
|
114
112
|
|
115
113
|
IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
|
116
114
|
|
115
|
+
int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
|
116
|
+
int ptype, void *pval, uint8_t *penc, int penclen) {
|
117
|
+
if (version >= 0 &&
|
118
|
+
!ASN1_INTEGER_set(priv->version, version)) {
|
119
|
+
return 0;
|
120
|
+
}
|
121
|
+
|
122
|
+
if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) {
|
123
|
+
return 0;
|
124
|
+
}
|
125
|
+
|
126
|
+
if (penc != NULL) {
|
127
|
+
ASN1_STRING_set0(priv->pkey, penc, penclen);
|
128
|
+
}
|
129
|
+
|
130
|
+
return 1;
|
131
|
+
}
|
132
|
+
|
133
|
+
int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const uint8_t **pk, int *ppklen,
|
134
|
+
X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8) {
|
135
|
+
if (ppkalg) {
|
136
|
+
*ppkalg = p8->pkeyalg->algorithm;
|
137
|
+
}
|
138
|
+
if (pk) {
|
139
|
+
*pk = ASN1_STRING_data(p8->pkey);
|
140
|
+
*ppklen = ASN1_STRING_length(p8->pkey);
|
141
|
+
}
|
142
|
+
if (pa) {
|
143
|
+
*pa = p8->pkeyalg;
|
144
|
+
}
|
145
|
+
return 1;
|
146
|
+
}
|
147
|
+
|
117
148
|
EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) {
|
118
149
|
uint8_t *der = NULL;
|
119
150
|
int der_len = i2d_PKCS8_PRIV_KEY_INFO(p8, &der);
|
@@ -77,27 +77,6 @@ OPENSSL_EXPORT void PMBTOKEN_PRETOKEN_free(PMBTOKEN_PRETOKEN *token);
|
|
77
77
|
|
78
78
|
DEFINE_STACK_OF(PMBTOKEN_PRETOKEN)
|
79
79
|
|
80
|
-
// The following functions implement the corresponding |TRUST_TOKENS_METHOD|
|
81
|
-
// functions for |TRUST_TOKENS_experiment_v0|'s PMBTokens construction which
|
82
|
-
// uses P-521.
|
83
|
-
int pmbtoken_exp0_generate_key(CBB *out_private, CBB *out_public);
|
84
|
-
int pmbtoken_exp0_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
|
85
|
-
const uint8_t *in, size_t len);
|
86
|
-
int pmbtoken_exp0_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
|
87
|
-
const uint8_t *in, size_t len);
|
88
|
-
STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp0_blind(CBB *cbb, size_t count);
|
89
|
-
int pmbtoken_exp0_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
90
|
-
size_t num_requested, size_t num_to_issue,
|
91
|
-
uint8_t private_metadata);
|
92
|
-
STACK_OF(TRUST_TOKEN) *
|
93
|
-
pmbtoken_exp0_unblind(const PMBTOKEN_CLIENT_KEY *key,
|
94
|
-
const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
|
95
|
-
CBS *cbs, size_t count, uint32_t key_id);
|
96
|
-
int pmbtoken_exp0_read(const PMBTOKEN_ISSUER_KEY *key,
|
97
|
-
uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
|
98
|
-
uint8_t *out_private_metadata, const uint8_t *token,
|
99
|
-
size_t token_len);
|
100
|
-
|
101
80
|
// The following functions implement the corresponding |TRUST_TOKENS_METHOD|
|
102
81
|
// functions for |TRUST_TOKENS_experiment_v1|'s PMBTokens construction which
|
103
82
|
// uses P-384.
|
@@ -193,14 +172,6 @@ struct trust_token_method_st {
|
|
193
172
|
uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
|
194
173
|
uint8_t *out_private_metadata, const uint8_t *token,
|
195
174
|
size_t token_len);
|
196
|
-
|
197
|
-
// use_token_hash determines whether to include the token hash in the SRR and
|
198
|
-
// private metadata encryption.
|
199
|
-
int use_token_hash : 1;
|
200
|
-
|
201
|
-
// batched_proof determines whether PMBToken uses a batched DLEQOR proof when
|
202
|
-
// signing tokens.
|
203
|
-
int batched_proof : 1;
|
204
175
|
};
|
205
176
|
|
206
177
|
// Structure representing a single Trust Token public key with the specified ID.
|
@@ -52,9 +52,6 @@ typedef struct {
|
|
52
52
|
// hash_c implements the H_c operation in PMBTokens. It returns one on success
|
53
53
|
// and zero on error.
|
54
54
|
hash_c_func_t hash_c;
|
55
|
-
// batched_proof determines whether PMBToken uses a batched DLEQOR proof when
|
56
|
-
// signing tokens.
|
57
|
-
int batched_proof : 1;
|
58
55
|
} PMBTOKEN_METHOD;
|
59
56
|
|
60
57
|
static const uint8_t kDefaultAdditionalData[32] = {0};
|
@@ -62,7 +59,7 @@ static const uint8_t kDefaultAdditionalData[32] = {0};
|
|
62
59
|
static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
|
63
60
|
const uint8_t *h_bytes, size_t h_len,
|
64
61
|
hash_t_func_t hash_t, hash_s_func_t hash_s,
|
65
|
-
hash_c_func_t hash_c
|
62
|
+
hash_c_func_t hash_c) {
|
66
63
|
method->group = EC_GROUP_new_by_curve_name(curve_nid);
|
67
64
|
if (method->group == NULL) {
|
68
65
|
return 0;
|
@@ -71,7 +68,6 @@ static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
|
|
71
68
|
method->hash_t = hash_t;
|
72
69
|
method->hash_s = hash_s;
|
73
70
|
method->hash_c = hash_c;
|
74
|
-
method->batched_proof = batched_proof;
|
75
71
|
|
76
72
|
EC_AFFINE h;
|
77
73
|
if (!ec_point_from_uncompressed(method->group, &h, h_bytes, h_len)) {
|
@@ -724,37 +720,31 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
724
720
|
return 0;
|
725
721
|
}
|
726
722
|
|
723
|
+
if (num_to_issue > ((size_t)-1) / sizeof(EC_RAW_POINT) ||
|
724
|
+
num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) {
|
725
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
|
726
|
+
return 0;
|
727
|
+
}
|
728
|
+
|
727
729
|
int ret = 0;
|
728
|
-
EC_RAW_POINT *Tps =
|
729
|
-
EC_RAW_POINT *Sps =
|
730
|
-
EC_RAW_POINT *Wps =
|
731
|
-
EC_RAW_POINT *Wsps =
|
732
|
-
EC_SCALAR *es =
|
730
|
+
EC_RAW_POINT *Tps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
|
731
|
+
EC_RAW_POINT *Sps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
|
732
|
+
EC_RAW_POINT *Wps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
|
733
|
+
EC_RAW_POINT *Wsps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
|
734
|
+
EC_SCALAR *es = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR));
|
733
735
|
CBB batch_cbb;
|
734
736
|
CBB_zero(&batch_cbb);
|
735
|
-
if (
|
736
|
-
|
737
|
-
|
738
|
-
|
739
|
-
|
740
|
-
|
741
|
-
|
742
|
-
|
743
|
-
|
744
|
-
|
745
|
-
|
746
|
-
if (!Tps ||
|
747
|
-
!Sps ||
|
748
|
-
!Wps ||
|
749
|
-
!Wsps ||
|
750
|
-
!es ||
|
751
|
-
!CBB_init(&batch_cbb, 0) ||
|
752
|
-
!point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
|
753
|
-
!point_to_cbb(&batch_cbb, method->group, &key->pub0) ||
|
754
|
-
!point_to_cbb(&batch_cbb, method->group, &key->pub1)) {
|
755
|
-
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
756
|
-
goto err;
|
757
|
-
}
|
737
|
+
if (!Tps ||
|
738
|
+
!Sps ||
|
739
|
+
!Wps ||
|
740
|
+
!Wsps ||
|
741
|
+
!es ||
|
742
|
+
!CBB_init(&batch_cbb, 0) ||
|
743
|
+
!point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
|
744
|
+
!point_to_cbb(&batch_cbb, method->group, &key->pub0) ||
|
745
|
+
!point_to_cbb(&batch_cbb, method->group, &key->pub1)) {
|
746
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
747
|
+
goto err;
|
758
748
|
}
|
759
749
|
|
760
750
|
for (size_t i = 0; i < num_to_issue; i++) {
|
@@ -793,25 +783,17 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
793
783
|
goto err;
|
794
784
|
}
|
795
785
|
|
796
|
-
if (!
|
797
|
-
|
798
|
-
|
799
|
-
|
800
|
-
|
801
|
-
|
802
|
-
} else {
|
803
|
-
if (!point_to_cbb(&batch_cbb, group, &Tp_affine) ||
|
804
|
-
!point_to_cbb(&batch_cbb, group, &affines[0]) ||
|
805
|
-
!point_to_cbb(&batch_cbb, group, &affines[1]) ||
|
806
|
-
!point_to_cbb(&batch_cbb, group, &affines[2])) {
|
807
|
-
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
808
|
-
goto err;
|
809
|
-
}
|
810
|
-
Tps[i] = Tp;
|
811
|
-
Sps[i] = jacobians[0];
|
812
|
-
Wps[i] = jacobians[1];
|
813
|
-
Wsps[i] = jacobians[2];
|
786
|
+
if (!point_to_cbb(&batch_cbb, group, &Tp_affine) ||
|
787
|
+
!point_to_cbb(&batch_cbb, group, &affines[0]) ||
|
788
|
+
!point_to_cbb(&batch_cbb, group, &affines[1]) ||
|
789
|
+
!point_to_cbb(&batch_cbb, group, &affines[2])) {
|
790
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
791
|
+
goto err;
|
814
792
|
}
|
793
|
+
Tps[i] = Tp;
|
794
|
+
Sps[i] = jacobians[0];
|
795
|
+
Wps[i] = jacobians[1];
|
796
|
+
Wsps[i] = jacobians[2];
|
815
797
|
|
816
798
|
if (!CBB_flush(cbb)) {
|
817
799
|
goto err;
|
@@ -821,36 +803,34 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
821
803
|
// The DLEQ batching construction is described in appendix B of
|
822
804
|
// https://eprint.iacr.org/2020/072/20200324:214215. Note the additional
|
823
805
|
// computations all act on public inputs.
|
824
|
-
|
825
|
-
|
826
|
-
if (!hash_c_batch(method, &es[i], &batch_cbb, i)) {
|
827
|
-
goto err;
|
828
|
-
}
|
829
|
-
}
|
830
|
-
|
831
|
-
EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch;
|
832
|
-
if (!ec_point_mul_scalar_public_batch(group, &Tp_batch,
|
833
|
-
/*g_scalar=*/NULL, Tps, es,
|
834
|
-
num_to_issue) ||
|
835
|
-
!ec_point_mul_scalar_public_batch(group, &Sp_batch,
|
836
|
-
/*g_scalar=*/NULL, Sps, es,
|
837
|
-
num_to_issue) ||
|
838
|
-
!ec_point_mul_scalar_public_batch(group, &Wp_batch,
|
839
|
-
/*g_scalar=*/NULL, Wps, es,
|
840
|
-
num_to_issue) ||
|
841
|
-
!ec_point_mul_scalar_public_batch(group, &Wsp_batch,
|
842
|
-
/*g_scalar=*/NULL, Wsps, es,
|
843
|
-
num_to_issue)) {
|
806
|
+
for (size_t i = 0; i < num_to_issue; i++) {
|
807
|
+
if (!hash_c_batch(method, &es[i], &batch_cbb, i)) {
|
844
808
|
goto err;
|
845
809
|
}
|
810
|
+
}
|
846
811
|
|
847
|
-
|
848
|
-
|
849
|
-
|
850
|
-
|
851
|
-
|
852
|
-
|
853
|
-
|
812
|
+
EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch;
|
813
|
+
if (!ec_point_mul_scalar_public_batch(group, &Tp_batch,
|
814
|
+
/*g_scalar=*/NULL, Tps, es,
|
815
|
+
num_to_issue) ||
|
816
|
+
!ec_point_mul_scalar_public_batch(group, &Sp_batch,
|
817
|
+
/*g_scalar=*/NULL, Sps, es,
|
818
|
+
num_to_issue) ||
|
819
|
+
!ec_point_mul_scalar_public_batch(group, &Wp_batch,
|
820
|
+
/*g_scalar=*/NULL, Wps, es,
|
821
|
+
num_to_issue) ||
|
822
|
+
!ec_point_mul_scalar_public_batch(group, &Wsp_batch,
|
823
|
+
/*g_scalar=*/NULL, Wsps, es,
|
824
|
+
num_to_issue)) {
|
825
|
+
goto err;
|
826
|
+
}
|
827
|
+
|
828
|
+
CBB proof;
|
829
|
+
if (!CBB_add_u16_length_prefixed(cbb, &proof) ||
|
830
|
+
!dleq_generate(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch,
|
831
|
+
&Wsp_batch, private_metadata) ||
|
832
|
+
!CBB_flush(cbb)) {
|
833
|
+
goto err;
|
854
834
|
}
|
855
835
|
|
856
836
|
// Skip over any unused requests.
|
@@ -890,36 +870,29 @@ static STACK_OF(TRUST_TOKEN) *
|
|
890
870
|
return NULL;
|
891
871
|
}
|
892
872
|
|
893
|
-
|
894
|
-
|
895
|
-
|
896
|
-
|
897
|
-
|
873
|
+
if (count > ((size_t)-1) / sizeof(EC_RAW_POINT) ||
|
874
|
+
count > ((size_t)-1) / sizeof(EC_SCALAR)) {
|
875
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
|
876
|
+
return 0;
|
877
|
+
}
|
878
|
+
EC_RAW_POINT *Tps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
|
879
|
+
EC_RAW_POINT *Sps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
|
880
|
+
EC_RAW_POINT *Wps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
|
881
|
+
EC_RAW_POINT *Wsps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
|
882
|
+
EC_SCALAR *es = OPENSSL_malloc(count * sizeof(EC_SCALAR));
|
898
883
|
CBB batch_cbb;
|
899
884
|
CBB_zero(&batch_cbb);
|
900
|
-
if (
|
901
|
-
|
902
|
-
|
903
|
-
|
904
|
-
|
905
|
-
|
906
|
-
|
907
|
-
|
908
|
-
|
909
|
-
|
910
|
-
|
911
|
-
if (!Tps ||
|
912
|
-
!Sps ||
|
913
|
-
!Wps ||
|
914
|
-
!Wsps ||
|
915
|
-
!es ||
|
916
|
-
!CBB_init(&batch_cbb, 0) ||
|
917
|
-
!point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
|
918
|
-
!point_to_cbb(&batch_cbb, method->group, &key->pub0) ||
|
919
|
-
!point_to_cbb(&batch_cbb, method->group, &key->pub1)) {
|
920
|
-
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
921
|
-
goto err;
|
922
|
-
}
|
885
|
+
if (!Tps ||
|
886
|
+
!Sps ||
|
887
|
+
!Wps ||
|
888
|
+
!Wsps ||
|
889
|
+
!es ||
|
890
|
+
!CBB_init(&batch_cbb, 0) ||
|
891
|
+
!point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
|
892
|
+
!point_to_cbb(&batch_cbb, method->group, &key->pub0) ||
|
893
|
+
!point_to_cbb(&batch_cbb, method->group, &key->pub1)) {
|
894
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
895
|
+
goto err;
|
923
896
|
}
|
924
897
|
|
925
898
|
for (size_t i = 0; i < count; i++) {
|
@@ -928,7 +901,6 @@ static STACK_OF(TRUST_TOKEN) *
|
|
928
901
|
|
929
902
|
uint8_t s[PMBTOKEN_NONCE_SIZE];
|
930
903
|
EC_AFFINE Wp_affine, Wsp_affine;
|
931
|
-
CBS proof;
|
932
904
|
if (!CBS_copy_bytes(cbs, s, PMBTOKEN_NONCE_SIZE) ||
|
933
905
|
!cbs_get_prefixed_point(cbs, group, &Wp_affine) ||
|
934
906
|
!cbs_get_prefixed_point(cbs, group, &Wsp_affine)) {
|
@@ -936,50 +908,29 @@ static STACK_OF(TRUST_TOKEN) *
|
|
936
908
|
goto err;
|
937
909
|
}
|
938
910
|
|
939
|
-
|
940
|
-
ec_affine_to_jacobian(group, &
|
941
|
-
ec_affine_to_jacobian(group, &
|
942
|
-
|
943
|
-
if (!method->hash_s(group, &Sp, &pretoken->Tp, s)) {
|
911
|
+
ec_affine_to_jacobian(group, &Tps[i], &pretoken->Tp);
|
912
|
+
ec_affine_to_jacobian(group, &Wps[i], &Wp_affine);
|
913
|
+
ec_affine_to_jacobian(group, &Wsps[i], &Wsp_affine);
|
914
|
+
if (!method->hash_s(group, &Sps[i], &pretoken->Tp, s)) {
|
944
915
|
goto err;
|
945
916
|
}
|
946
917
|
|
947
|
-
|
948
|
-
|
949
|
-
|
950
|
-
|
951
|
-
|
952
|
-
|
953
|
-
|
954
|
-
|
955
|
-
}
|
956
|
-
|
957
|
-
if (CBS_len(&proof) != 0) {
|
958
|
-
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
959
|
-
goto err;
|
960
|
-
}
|
961
|
-
} else {
|
962
|
-
EC_AFFINE Sp_affine;
|
963
|
-
if (!point_to_cbb(&batch_cbb, group, &pretoken->Tp) ||
|
964
|
-
!ec_jacobian_to_affine(group, &Sp_affine, &Sp) ||
|
965
|
-
!point_to_cbb(&batch_cbb, group, &Sp_affine) ||
|
966
|
-
!point_to_cbb(&batch_cbb, group, &Wp_affine) ||
|
967
|
-
!point_to_cbb(&batch_cbb, group, &Wsp_affine)) {
|
968
|
-
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
969
|
-
goto err;
|
970
|
-
}
|
971
|
-
Tps[i] = Tp;
|
972
|
-
Sps[i] = Sp;
|
973
|
-
Wps[i] = Wp;
|
974
|
-
Wsps[i] = Wsp;
|
918
|
+
EC_AFFINE Sp_affine;
|
919
|
+
if (!point_to_cbb(&batch_cbb, group, &pretoken->Tp) ||
|
920
|
+
!ec_jacobian_to_affine(group, &Sp_affine, &Sps[i]) ||
|
921
|
+
!point_to_cbb(&batch_cbb, group, &Sp_affine) ||
|
922
|
+
!point_to_cbb(&batch_cbb, group, &Wp_affine) ||
|
923
|
+
!point_to_cbb(&batch_cbb, group, &Wsp_affine)) {
|
924
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
925
|
+
goto err;
|
975
926
|
}
|
976
927
|
|
977
928
|
// Unblind the token.
|
978
929
|
EC_RAW_POINT jacobians[3];
|
979
930
|
EC_AFFINE affines[3];
|
980
|
-
if (!ec_point_mul_scalar(group, &jacobians[0], &
|
981
|
-
!ec_point_mul_scalar(group, &jacobians[1], &
|
982
|
-
!ec_point_mul_scalar(group, &jacobians[2], &
|
931
|
+
if (!ec_point_mul_scalar(group, &jacobians[0], &Sps[i], &pretoken->r) ||
|
932
|
+
!ec_point_mul_scalar(group, &jacobians[1], &Wps[i], &pretoken->r) ||
|
933
|
+
!ec_point_mul_scalar(group, &jacobians[2], &Wsps[i], &pretoken->r) ||
|
983
934
|
!ec_jacobian_to_affine_batch(group, affines, jacobians, 3)) {
|
984
935
|
goto err;
|
985
936
|
}
|
@@ -1018,32 +969,30 @@ static STACK_OF(TRUST_TOKEN) *
|
|
1018
969
|
// The DLEQ batching construction is described in appendix B of
|
1019
970
|
// https://eprint.iacr.org/2020/072/20200324:214215. Note the additional
|
1020
971
|
// computations all act on public inputs.
|
1021
|
-
|
1022
|
-
|
1023
|
-
if (!hash_c_batch(method, &es[i], &batch_cbb, i)) {
|
1024
|
-
goto err;
|
1025
|
-
}
|
1026
|
-
}
|
1027
|
-
|
1028
|
-
EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch;
|
1029
|
-
if (!ec_point_mul_scalar_public_batch(group, &Tp_batch,
|
1030
|
-
/*g_scalar=*/NULL, Tps, es, count) ||
|
1031
|
-
!ec_point_mul_scalar_public_batch(group, &Sp_batch,
|
1032
|
-
/*g_scalar=*/NULL, Sps, es, count) ||
|
1033
|
-
!ec_point_mul_scalar_public_batch(group, &Wp_batch,
|
1034
|
-
/*g_scalar=*/NULL, Wps, es, count) ||
|
1035
|
-
!ec_point_mul_scalar_public_batch(group, &Wsp_batch,
|
1036
|
-
/*g_scalar=*/NULL, Wsps, es, count)) {
|
972
|
+
for (size_t i = 0; i < count; i++) {
|
973
|
+
if (!hash_c_batch(method, &es[i], &batch_cbb, i)) {
|
1037
974
|
goto err;
|
1038
975
|
}
|
976
|
+
}
|
1039
977
|
|
1040
|
-
|
1041
|
-
|
1042
|
-
|
1043
|
-
|
1044
|
-
|
1045
|
-
|
1046
|
-
|
978
|
+
EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch;
|
979
|
+
if (!ec_point_mul_scalar_public_batch(group, &Tp_batch,
|
980
|
+
/*g_scalar=*/NULL, Tps, es, count) ||
|
981
|
+
!ec_point_mul_scalar_public_batch(group, &Sp_batch,
|
982
|
+
/*g_scalar=*/NULL, Sps, es, count) ||
|
983
|
+
!ec_point_mul_scalar_public_batch(group, &Wp_batch,
|
984
|
+
/*g_scalar=*/NULL, Wps, es, count) ||
|
985
|
+
!ec_point_mul_scalar_public_batch(group, &Wsp_batch,
|
986
|
+
/*g_scalar=*/NULL, Wsps, es, count)) {
|
987
|
+
goto err;
|
988
|
+
}
|
989
|
+
|
990
|
+
CBS proof;
|
991
|
+
if (!CBS_get_u16_length_prefixed(cbs, &proof) ||
|
992
|
+
!dleq_verify(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch,
|
993
|
+
&Wsp_batch) ||
|
994
|
+
CBS_len(&proof) != 0) {
|
995
|
+
goto err;
|
1047
996
|
}
|
1048
997
|
|
1049
998
|
ok = 1;
|
@@ -1127,202 +1076,6 @@ static int pmbtoken_read(const PMBTOKEN_METHOD *method,
|
|
1127
1076
|
}
|
1128
1077
|
|
1129
1078
|
|
1130
|
-
// PMBTokens experiment v0.
|
1131
|
-
|
1132
|
-
static int pmbtoken_exp0_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
|
1133
|
-
const uint8_t t[PMBTOKEN_NONCE_SIZE]) {
|
1134
|
-
const uint8_t kHashTLabel[] = "PMBTokensV0 HashT";
|
1135
|
-
return ec_hash_to_curve_p521_xmd_sha512_sswu_draft06(
|
1136
|
-
group, out, kHashTLabel, sizeof(kHashTLabel), t, PMBTOKEN_NONCE_SIZE);
|
1137
|
-
}
|
1138
|
-
|
1139
|
-
static int pmbtoken_exp0_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
|
1140
|
-
const EC_AFFINE *t,
|
1141
|
-
const uint8_t s[PMBTOKEN_NONCE_SIZE]) {
|
1142
|
-
const uint8_t kHashSLabel[] = "PMBTokensV0 HashS";
|
1143
|
-
int ret = 0;
|
1144
|
-
CBB cbb;
|
1145
|
-
uint8_t *buf = NULL;
|
1146
|
-
size_t len;
|
1147
|
-
if (!CBB_init(&cbb, 0) ||
|
1148
|
-
!point_to_cbb(&cbb, group, t) ||
|
1149
|
-
!CBB_add_bytes(&cbb, s, PMBTOKEN_NONCE_SIZE) ||
|
1150
|
-
!CBB_finish(&cbb, &buf, &len) ||
|
1151
|
-
!ec_hash_to_curve_p521_xmd_sha512_sswu_draft06(
|
1152
|
-
group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
|
1153
|
-
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
1154
|
-
goto err;
|
1155
|
-
}
|
1156
|
-
|
1157
|
-
ret = 1;
|
1158
|
-
|
1159
|
-
err:
|
1160
|
-
OPENSSL_free(buf);
|
1161
|
-
CBB_cleanup(&cbb);
|
1162
|
-
return ret;
|
1163
|
-
}
|
1164
|
-
|
1165
|
-
static int pmbtoken_exp0_hash_c(const EC_GROUP *group, EC_SCALAR *out,
|
1166
|
-
uint8_t *buf, size_t len) {
|
1167
|
-
const uint8_t kHashCLabel[] = "PMBTokensV0 HashC";
|
1168
|
-
return ec_hash_to_scalar_p521_xmd_sha512_draft06(
|
1169
|
-
group, out, kHashCLabel, sizeof(kHashCLabel), buf, len);
|
1170
|
-
}
|
1171
|
-
|
1172
|
-
// H for PMBTokens v0 was generated with the following Python code.
|
1173
|
-
/*
|
1174
|
-
import hashlib
|
1175
|
-
|
1176
|
-
SEED_H = 'PrivacyPass H'
|
1177
|
-
|
1178
|
-
A = -3
|
1179
|
-
B = 0x051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00
|
1180
|
-
P = 2**521 - 1
|
1181
|
-
|
1182
|
-
def get_y(x):
|
1183
|
-
y2 = (x**3 + A*x + B) % P
|
1184
|
-
y = pow(y2, (P+1)/4, P)
|
1185
|
-
if (y*y) % P != y2:
|
1186
|
-
raise ValueError("point not on curve")
|
1187
|
-
return y
|
1188
|
-
|
1189
|
-
def bit(h,i):
|
1190
|
-
return (ord(h[i/8]) >> (i%8)) & 1
|
1191
|
-
|
1192
|
-
b = 521
|
1193
|
-
def decode_point(so):
|
1194
|
-
s = hashlib.sha256(so + '0').digest() + hashlib.sha256(so + '1').digest() + \
|
1195
|
-
hashlib.sha256(so + '2').digest()
|
1196
|
-
|
1197
|
-
x = 0
|
1198
|
-
for i in range(0,b):
|
1199
|
-
x = x + (long(bit(s,i))<<i)
|
1200
|
-
if x >= P:
|
1201
|
-
raise ValueError("x out of range")
|
1202
|
-
y = get_y(x)
|
1203
|
-
if y & 1 != bit(s,b-1): y = P-y
|
1204
|
-
return (x, y)
|
1205
|
-
|
1206
|
-
|
1207
|
-
def gen_point(seed):
|
1208
|
-
v = hashlib.sha256(seed).digest()
|
1209
|
-
it = 1
|
1210
|
-
while True:
|
1211
|
-
try:
|
1212
|
-
x,y = decode_point(v)
|
1213
|
-
except Exception, e:
|
1214
|
-
print e
|
1215
|
-
it += 1
|
1216
|
-
v = hashlib.sha256(v).digest()
|
1217
|
-
continue
|
1218
|
-
print "Found in %d iterations:" % it
|
1219
|
-
print " x = %d" % x
|
1220
|
-
print " y = %d" % y
|
1221
|
-
print " Encoded (hex): (%x, %x)" % (x, y)
|
1222
|
-
return (x, y)
|
1223
|
-
|
1224
|
-
if __name__ == "__main__":
|
1225
|
-
gen_point(SEED_H)
|
1226
|
-
*/
|
1227
|
-
static int pmbtoken_exp0_ok = 0;
|
1228
|
-
static PMBTOKEN_METHOD pmbtoken_exp0_method;
|
1229
|
-
static CRYPTO_once_t pmbtoken_exp0_method_once = CRYPTO_ONCE_INIT;
|
1230
|
-
|
1231
|
-
static void pmbtoken_exp0_init_method_impl(void) {
|
1232
|
-
static const uint8_t kH[] = {
|
1233
|
-
0x04, 0x01, 0xf0, 0xa9, 0xf7, 0x9e, 0xbc, 0x12, 0x6c, 0xef, 0xd1, 0xab,
|
1234
|
-
0x29, 0x10, 0x03, 0x6f, 0x4e, 0xf5, 0xbd, 0xeb, 0x0f, 0x6b, 0xc0, 0x5c,
|
1235
|
-
0x0e, 0xce, 0xfe, 0x59, 0x45, 0xd1, 0x3e, 0x25, 0x33, 0x7e, 0x4c, 0xda,
|
1236
|
-
0x64, 0x53, 0x54, 0x4e, 0xf9, 0x76, 0x0d, 0x6d, 0xc5, 0x39, 0x2a, 0xd4,
|
1237
|
-
0xce, 0x84, 0x6e, 0x31, 0xc2, 0x86, 0x21, 0xf9, 0x5c, 0x98, 0xb9, 0x3d,
|
1238
|
-
0x01, 0x74, 0x9f, 0xc5, 0x1e, 0x47, 0x24, 0x00, 0x5c, 0x17, 0x62, 0x51,
|
1239
|
-
0x7d, 0x32, 0x5e, 0x29, 0xac, 0x52, 0x14, 0x75, 0x6f, 0x36, 0xd9, 0xc7,
|
1240
|
-
0xfa, 0xbb, 0xa9, 0x3b, 0x9d, 0x70, 0x49, 0x1e, 0xb4, 0x53, 0xbc, 0x55,
|
1241
|
-
0xea, 0xad, 0x8f, 0x26, 0x1d, 0xe0, 0xbc, 0xf3, 0x50, 0x5c, 0x7e, 0x66,
|
1242
|
-
0x41, 0xb5, 0x61, 0x70, 0x12, 0x72, 0xac, 0x6a, 0xb0, 0x6e, 0x78, 0x3d,
|
1243
|
-
0x17, 0x08, 0xe3, 0xdf, 0x3c, 0xff, 0xa6, 0xa0, 0xea, 0x96, 0x67, 0x92,
|
1244
|
-
0xcd,
|
1245
|
-
};
|
1246
|
-
|
1247
|
-
pmbtoken_exp0_ok =
|
1248
|
-
pmbtoken_init_method(&pmbtoken_exp0_method, NID_secp521r1, kH, sizeof(kH),
|
1249
|
-
pmbtoken_exp0_hash_t, pmbtoken_exp0_hash_s,
|
1250
|
-
pmbtoken_exp0_hash_c, /*batched_proof=*/0);
|
1251
|
-
}
|
1252
|
-
|
1253
|
-
static int pmbtoken_exp0_init_method(void) {
|
1254
|
-
CRYPTO_once(&pmbtoken_exp0_method_once, pmbtoken_exp0_init_method_impl);
|
1255
|
-
if (!pmbtoken_exp0_ok) {
|
1256
|
-
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
|
1257
|
-
return 0;
|
1258
|
-
}
|
1259
|
-
return 1;
|
1260
|
-
}
|
1261
|
-
|
1262
|
-
int pmbtoken_exp0_generate_key(CBB *out_private, CBB *out_public) {
|
1263
|
-
if (!pmbtoken_exp0_init_method()) {
|
1264
|
-
return 0;
|
1265
|
-
}
|
1266
|
-
|
1267
|
-
return pmbtoken_generate_key(&pmbtoken_exp0_method, out_private, out_public);
|
1268
|
-
}
|
1269
|
-
|
1270
|
-
int pmbtoken_exp0_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
|
1271
|
-
const uint8_t *in, size_t len) {
|
1272
|
-
if (!pmbtoken_exp0_init_method()) {
|
1273
|
-
return 0;
|
1274
|
-
}
|
1275
|
-
return pmbtoken_client_key_from_bytes(&pmbtoken_exp0_method, key, in, len);
|
1276
|
-
}
|
1277
|
-
|
1278
|
-
int pmbtoken_exp0_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
|
1279
|
-
const uint8_t *in, size_t len) {
|
1280
|
-
if (!pmbtoken_exp0_init_method()) {
|
1281
|
-
return 0;
|
1282
|
-
}
|
1283
|
-
return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp0_method, key, in, len);
|
1284
|
-
}
|
1285
|
-
|
1286
|
-
STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp0_blind(CBB *cbb, size_t count) {
|
1287
|
-
if (!pmbtoken_exp0_init_method()) {
|
1288
|
-
return NULL;
|
1289
|
-
}
|
1290
|
-
return pmbtoken_blind(&pmbtoken_exp0_method, cbb, count);
|
1291
|
-
}
|
1292
|
-
|
1293
|
-
int pmbtoken_exp0_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
1294
|
-
size_t num_requested, size_t num_to_issue,
|
1295
|
-
uint8_t private_metadata) {
|
1296
|
-
if (!pmbtoken_exp0_init_method()) {
|
1297
|
-
return 0;
|
1298
|
-
}
|
1299
|
-
return pmbtoken_sign(&pmbtoken_exp0_method, key, cbb, cbs, num_requested,
|
1300
|
-
num_to_issue, private_metadata);
|
1301
|
-
}
|
1302
|
-
|
1303
|
-
STACK_OF(TRUST_TOKEN) *
|
1304
|
-
pmbtoken_exp0_unblind(const PMBTOKEN_CLIENT_KEY *key,
|
1305
|
-
const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
|
1306
|
-
CBS *cbs, size_t count, uint32_t key_id) {
|
1307
|
-
if (!pmbtoken_exp0_init_method()) {
|
1308
|
-
return NULL;
|
1309
|
-
}
|
1310
|
-
return pmbtoken_unblind(&pmbtoken_exp0_method, key, pretokens, cbs, count,
|
1311
|
-
key_id);
|
1312
|
-
}
|
1313
|
-
|
1314
|
-
int pmbtoken_exp0_read(const PMBTOKEN_ISSUER_KEY *key,
|
1315
|
-
uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
|
1316
|
-
uint8_t *out_private_metadata, const uint8_t *token,
|
1317
|
-
size_t token_len) {
|
1318
|
-
if (!pmbtoken_exp0_init_method()) {
|
1319
|
-
return 0;
|
1320
|
-
}
|
1321
|
-
return pmbtoken_read(&pmbtoken_exp0_method, key, out_nonce,
|
1322
|
-
out_private_metadata, token, token_len);
|
1323
|
-
}
|
1324
|
-
|
1325
|
-
|
1326
1079
|
// PMBTokens experiment v1.
|
1327
1080
|
|
1328
1081
|
static int pmbtoken_exp1_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
|
@@ -1387,7 +1140,7 @@ static void pmbtoken_exp1_init_method_impl(void) {
|
|
1387
1140
|
pmbtoken_exp1_ok =
|
1388
1141
|
pmbtoken_init_method(&pmbtoken_exp1_method, NID_secp384r1, kH, sizeof(kH),
|
1389
1142
|
pmbtoken_exp1_hash_t, pmbtoken_exp1_hash_s,
|
1390
|
-
pmbtoken_exp1_hash_c
|
1143
|
+
pmbtoken_exp1_hash_c);
|
1391
1144
|
}
|
1392
1145
|
|
1393
1146
|
static int pmbtoken_exp1_init_method(void) {
|