grpc 1.31.0.pre1 → 1.33.0.pre1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (614) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +693 -16022
  3. data/include/grpc/grpc.h +0 -5
  4. data/include/grpc/grpc_security.h +47 -14
  5. data/include/grpc/impl/codegen/README.md +22 -0
  6. data/include/grpc/impl/codegen/grpc_types.h +0 -5
  7. data/include/grpc/impl/codegen/port_platform.h +6 -1
  8. data/src/core/ext/filters/client_channel/backup_poller.cc +3 -2
  9. data/src/core/ext/filters/client_channel/client_channel.cc +264 -186
  10. data/src/core/ext/filters/client_channel/client_channel.h +1 -1
  11. data/src/core/ext/filters/client_channel/client_channel_channelz.h +0 -3
  12. data/src/core/ext/filters/client_channel/config_selector.cc +0 -4
  13. data/src/core/ext/filters/client_channel/config_selector.h +34 -5
  14. data/src/core/ext/filters/client_channel/health/health_check_client.cc +6 -1
  15. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -3
  16. data/src/core/ext/filters/client_channel/lb_policy.h +3 -1
  17. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +48 -35
  18. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +7 -5
  19. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +9 -6
  20. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +126 -119
  21. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -13
  22. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +0 -3
  23. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -37
  24. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +21 -15
  25. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +32 -13
  26. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +8 -7
  27. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +9 -32
  28. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +26 -16
  29. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +207 -129
  30. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +453 -255
  31. data/src/core/ext/filters/client_channel/lb_policy/xds/eds_drop.cc +571 -0
  32. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +727 -0
  33. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +8 -1
  34. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +1 -1
  35. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +3 -3
  36. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
  37. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
  38. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -1
  39. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +1 -1
  40. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +602 -58
  41. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +28 -0
  42. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +8 -39
  43. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +4 -3
  44. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +49 -47
  45. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +5 -9
  46. data/src/core/ext/filters/client_channel/server_address.cc +120 -7
  47. data/src/core/ext/filters/client_channel/server_address.h +48 -21
  48. data/src/core/ext/filters/client_channel/service_config.cc +16 -13
  49. data/src/core/ext/filters/client_channel/service_config.h +7 -4
  50. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
  51. data/src/core/ext/filters/client_channel/service_config_parser.cc +8 -6
  52. data/src/core/ext/filters/client_channel/service_config_parser.h +8 -5
  53. data/src/core/ext/filters/client_channel/subchannel.cc +64 -23
  54. data/src/core/ext/filters/client_channel/subchannel.h +16 -4
  55. data/src/core/ext/filters/client_channel/subchannel_interface.h +44 -0
  56. data/src/core/ext/filters/max_age/max_age_filter.cc +2 -1
  57. data/src/core/ext/filters/message_size/message_size_filter.cc +2 -1
  58. data/src/core/ext/filters/message_size/message_size_filter.h +2 -1
  59. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +87 -31
  60. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +18 -1
  61. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +10 -35
  62. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +19 -25
  63. data/src/core/ext/transport/chttp2/server/chttp2_server.h +2 -1
  64. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +2 -2
  65. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +6 -6
  66. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +3 -2
  67. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +256 -287
  68. data/src/core/ext/transport/chttp2/transport/flow_control.cc +11 -3
  69. data/src/core/ext/transport/chttp2/transport/flow_control.h +10 -0
  70. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +2 -2
  71. data/src/core/ext/transport/chttp2/transport/internal.h +10 -1
  72. data/src/core/ext/transport/chttp2/transport/parsing.cc +17 -30
  73. data/src/core/ext/transport/chttp2/transport/writing.cc +6 -5
  74. data/src/core/ext/transport/inproc/inproc_transport.cc +12 -12
  75. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +244 -0
  76. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +766 -0
  77. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +74 -0
  78. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +226 -0
  79. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +458 -0
  80. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +1635 -0
  81. data/src/core/ext/upb-generated/envoy/{api/v2/cluster → config/cluster/v3}/filter.upb.c +8 -8
  82. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +69 -0
  83. data/src/core/ext/upb-generated/envoy/{api/v2/cluster → config/cluster/v3}/outlier_detection.upb.c +8 -8
  84. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +323 -0
  85. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +124 -0
  86. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +379 -0
  87. data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/backoff.upb.c +8 -8
  88. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +79 -0
  89. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +310 -0
  90. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +869 -0
  91. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +103 -0
  92. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +351 -0
  93. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +34 -0
  94. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +71 -0
  95. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +53 -0
  96. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +133 -0
  97. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +241 -0
  98. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +752 -0
  99. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +170 -0
  100. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +684 -0
  101. data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/http_uri.upb.c +8 -8
  102. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +80 -0
  103. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +176 -0
  104. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +645 -0
  105. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +28 -0
  106. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +58 -0
  107. data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/socket_option.upb.c +6 -6
  108. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +88 -0
  109. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +36 -0
  110. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +85 -0
  111. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +91 -0
  112. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +220 -0
  113. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +91 -0
  114. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +273 -0
  115. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +112 -0
  116. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +332 -0
  117. data/src/core/ext/upb-generated/envoy/config/listener/{v2 → v3}/api_listener.upb.c +8 -8
  118. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +65 -0
  119. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +128 -0
  120. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +467 -0
  121. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +155 -0
  122. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +539 -0
  123. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +41 -0
  124. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +94 -0
  125. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +178 -0
  126. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +616 -0
  127. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +63 -0
  128. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +204 -0
  129. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +900 -0
  130. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +3290 -0
  131. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +60 -0
  132. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +139 -0
  133. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +50 -0
  134. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +108 -0
  135. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +364 -0
  136. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +1336 -0
  137. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +20 -0
  138. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +34 -0
  139. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +110 -0
  140. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +387 -0
  141. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +76 -0
  142. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +214 -0
  143. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +147 -0
  144. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +570 -0
  145. data/src/core/ext/upb-generated/envoy/{api/v2 → service/cluster/v3}/cds.upb.c +5 -6
  146. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +49 -0
  147. data/src/core/ext/upb-generated/envoy/service/discovery/{v2 → v3}/ads.upb.c +5 -4
  148. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +49 -0
  149. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +139 -0
  150. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +449 -0
  151. data/src/core/ext/upb-generated/envoy/{api/v2 → service/endpoint/v3}/eds.upb.c +5 -6
  152. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +49 -0
  153. data/src/core/ext/upb-generated/envoy/{api/v2 → service/listener/v3}/lds.upb.c +5 -6
  154. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +49 -0
  155. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +55 -0
  156. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +136 -0
  157. data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/rds.upb.c +5 -6
  158. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +49 -0
  159. data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/srds.upb.c +5 -6
  160. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +49 -0
  161. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +47 -0
  162. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +114 -0
  163. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +35 -0
  164. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +77 -0
  165. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +34 -0
  166. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +71 -0
  167. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +64 -0
  168. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +145 -0
  169. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +54 -0
  170. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +133 -0
  171. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +63 -0
  172. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +188 -0
  173. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +88 -0
  174. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +258 -0
  175. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +90 -0
  176. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +250 -0
  177. data/src/core/ext/upb-generated/envoy/type/{http.upb.c → v3/http.upb.c} +2 -2
  178. data/src/core/ext/upb-generated/envoy/type/{http.upb.h → v3/http.upb.h} +8 -8
  179. data/src/core/ext/upb-generated/envoy/type/{percent.upb.c → v3/percent.upb.c} +9 -8
  180. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +86 -0
  181. data/src/core/ext/upb-generated/envoy/type/{range.upb.c → v3/range.upb.c} +12 -11
  182. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +111 -0
  183. data/src/core/ext/upb-generated/envoy/type/{semantic_version.upb.c → v3/semantic_version.upb.c} +6 -5
  184. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +61 -0
  185. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +242 -0
  186. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +753 -0
  187. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +234 -0
  188. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +759 -0
  189. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +36 -36
  190. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +1 -1
  191. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +31 -0
  192. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +57 -0
  193. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +27 -0
  194. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +53 -0
  195. data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.c +28 -0
  196. data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +53 -0
  197. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +52 -0
  198. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +129 -0
  199. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +42 -0
  200. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +77 -0
  201. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +36 -0
  202. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +85 -0
  203. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +54 -0
  204. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +160 -0
  205. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +36 -0
  206. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +84 -0
  207. data/src/core/ext/upb-generated/validate/validate.upb.c +11 -11
  208. data/src/core/ext/upb-generated/validate/validate.upb.h +1 -1
  209. data/src/core/ext/xds/certificate_provider_factory.h +59 -0
  210. data/src/core/ext/xds/certificate_provider_registry.cc +103 -0
  211. data/src/core/ext/xds/certificate_provider_registry.h +57 -0
  212. data/src/core/ext/xds/certificate_provider_store.h +50 -0
  213. data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +377 -0
  214. data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +102 -0
  215. data/src/core/ext/xds/xds_api.cc +2596 -0
  216. data/src/core/ext/xds/xds_api.h +397 -0
  217. data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.cc +44 -2
  218. data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.h +8 -3
  219. data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel_args.h +9 -6
  220. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.cc +541 -785
  221. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.h +114 -93
  222. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.cc +20 -14
  223. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.h +36 -8
  224. data/src/core/lib/channel/channel_args.h +0 -1
  225. data/src/core/lib/channel/channelz.cc +24 -60
  226. data/src/core/lib/channel/channelz.h +12 -20
  227. data/src/core/lib/channel/channelz_registry.cc +15 -12
  228. data/src/core/lib/channel/channelz_registry.h +3 -0
  229. data/src/core/lib/gpr/sync_posix.cc +2 -8
  230. data/src/core/lib/gpr/time_precise.cc +2 -0
  231. data/src/core/lib/gpr/time_precise.h +6 -2
  232. data/src/core/lib/gprpp/dual_ref_counted.h +336 -0
  233. data/src/core/lib/gprpp/ref_counted.h +51 -22
  234. data/src/core/lib/gprpp/ref_counted_ptr.h +153 -0
  235. data/src/core/lib/iomgr/endpoint.cc +5 -1
  236. data/src/core/lib/iomgr/endpoint.h +7 -3
  237. data/src/core/lib/iomgr/endpoint_cfstream.cc +36 -11
  238. data/src/core/lib/iomgr/ev_posix.cc +0 -2
  239. data/src/core/lib/iomgr/exec_ctx.h +10 -8
  240. data/src/core/lib/iomgr/iomgr.cc +0 -10
  241. data/src/core/lib/iomgr/iomgr.h +0 -10
  242. data/src/core/{ext/filters/client_channel → lib/iomgr}/parse_address.cc +1 -1
  243. data/src/core/{ext/filters/client_channel → lib/iomgr}/parse_address.h +3 -3
  244. data/src/core/lib/iomgr/sockaddr_utils.cc +2 -1
  245. data/src/core/lib/iomgr/sockaddr_utils.h +2 -1
  246. data/src/core/lib/iomgr/tcp_custom.cc +32 -16
  247. data/src/core/lib/iomgr/tcp_posix.cc +31 -13
  248. data/src/core/lib/iomgr/tcp_windows.cc +26 -10
  249. data/src/core/lib/json/json_util.cc +58 -0
  250. data/src/core/lib/json/json_util.h +37 -0
  251. data/src/core/lib/security/authorization/authorization_engine.cc +177 -0
  252. data/src/core/lib/security/authorization/authorization_engine.h +84 -0
  253. data/src/core/lib/security/authorization/evaluate_args.cc +153 -0
  254. data/src/core/lib/security/authorization/evaluate_args.h +59 -0
  255. data/src/core/lib/security/authorization/mock_cel/activation.h +57 -0
  256. data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +42 -0
  257. data/src/core/lib/security/authorization/mock_cel/cel_expression.h +68 -0
  258. data/src/core/lib/security/authorization/mock_cel/cel_value.h +93 -0
  259. data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +67 -0
  260. data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +56 -0
  261. data/src/core/lib/security/authorization/mock_cel/statusor.h +50 -0
  262. data/src/core/lib/security/certificate_provider.h +60 -0
  263. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +56 -38
  264. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +321 -0
  265. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +214 -0
  266. data/src/core/lib/security/credentials/xds/xds_credentials.cc +45 -0
  267. data/src/core/lib/security/credentials/xds/xds_credentials.h +51 -0
  268. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +7 -12
  269. data/src/core/lib/security/security_connector/ssl_utils.h +5 -0
  270. data/src/core/lib/security/transport/secure_endpoint.cc +7 -1
  271. data/src/core/lib/surface/call.cc +12 -12
  272. data/src/core/lib/surface/call.h +2 -1
  273. data/src/core/lib/surface/channel.cc +37 -51
  274. data/src/core/lib/surface/channel.h +18 -3
  275. data/src/core/lib/surface/completion_queue.cc +10 -272
  276. data/src/core/lib/surface/completion_queue.h +0 -8
  277. data/src/core/lib/surface/init.cc +27 -12
  278. data/src/core/lib/surface/server.cc +1066 -1244
  279. data/src/core/lib/surface/server.h +363 -87
  280. data/src/core/lib/surface/version.cc +2 -2
  281. data/src/core/lib/transport/authority_override.cc +38 -0
  282. data/src/core/lib/transport/authority_override.h +32 -0
  283. data/src/core/lib/transport/bdp_estimator.h +2 -1
  284. data/src/core/lib/transport/connectivity_state.cc +18 -13
  285. data/src/core/lib/transport/connectivity_state.h +20 -8
  286. data/src/core/lib/transport/error_utils.cc +13 -0
  287. data/src/core/lib/transport/error_utils.h +6 -0
  288. data/src/core/lib/transport/metadata.cc +11 -1
  289. data/src/core/lib/transport/static_metadata.cc +295 -276
  290. data/src/core/lib/transport/static_metadata.h +80 -73
  291. data/src/core/lib/transport/transport.h +7 -0
  292. data/src/core/lib/uri/uri_parser.cc +23 -21
  293. data/src/core/lib/uri/uri_parser.h +3 -1
  294. data/src/core/plugin_registry/grpc_plugin_registry.cc +35 -20
  295. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +22 -0
  296. data/src/core/tsi/ssl_transport_security.cc +2 -2
  297. data/src/ruby/bin/math_services_pb.rb +4 -4
  298. data/src/ruby/ext/grpc/rb_channel_credentials.c +9 -0
  299. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -4
  300. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +7 -7
  301. data/src/ruby/lib/grpc/generic/client_stub.rb +1 -1
  302. data/src/ruby/lib/grpc/version.rb +1 -1
  303. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +2 -2
  304. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +5 -0
  305. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +28 -12
  306. data/src/ruby/spec/channel_credentials_spec.rb +10 -0
  307. data/src/ruby/spec/generic/active_call_spec.rb +19 -8
  308. data/src/ruby/spec/pb/codegen/grpc/testing/same_package_service_name.proto +27 -0
  309. data/src/ruby/spec/pb/codegen/grpc/testing/same_ruby_package_service_name.proto +29 -0
  310. data/src/ruby/spec/pb/codegen/package_option_spec.rb +20 -0
  311. data/src/ruby/spec/user_agent_spec.rb +74 -0
  312. data/third_party/abseil-cpp/absl/algorithm/container.h +1727 -0
  313. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +161 -0
  314. data/third_party/abseil-cpp/absl/base/internal/exponential_biased.cc +93 -0
  315. data/third_party/abseil-cpp/absl/base/internal/exponential_biased.h +130 -0
  316. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +620 -0
  317. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h +126 -0
  318. data/third_party/abseil-cpp/absl/container/fixed_array.h +515 -0
  319. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +503 -0
  320. data/third_party/abseil-cpp/absl/container/internal/common.h +202 -0
  321. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +440 -0
  322. data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +146 -0
  323. data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +191 -0
  324. data/third_party/abseil-cpp/absl/container/internal/hashtable_debug_hooks.h +85 -0
  325. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +269 -0
  326. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +297 -0
  327. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +30 -0
  328. data/third_party/abseil-cpp/absl/container/internal/have_sse.h +49 -0
  329. data/third_party/abseil-cpp/absl/container/internal/layout.h +741 -0
  330. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +48 -0
  331. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +1882 -0
  332. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +138 -0
  333. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.h +32 -0
  334. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +1895 -0
  335. data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +71 -0
  336. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +382 -0
  337. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.h +134 -0
  338. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +192 -0
  339. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +125 -0
  340. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +70 -0
  341. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +99 -0
  342. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +248 -0
  343. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_unimplemented-inl.inc +24 -0
  344. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +85 -0
  345. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +346 -0
  346. data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +128 -0
  347. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +194 -0
  348. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.h +158 -0
  349. data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +140 -0
  350. data/third_party/abseil-cpp/absl/debugging/stacktrace.h +231 -0
  351. data/third_party/abseil-cpp/absl/debugging/symbolize.cc +25 -0
  352. data/third_party/abseil-cpp/absl/debugging/symbolize.h +99 -0
  353. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +1480 -0
  354. data/third_party/abseil-cpp/absl/debugging/symbolize_unimplemented.inc +40 -0
  355. data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +81 -0
  356. data/third_party/abseil-cpp/absl/functional/function_ref.h +139 -0
  357. data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +106 -0
  358. data/third_party/abseil-cpp/absl/hash/hash.h +324 -0
  359. data/third_party/abseil-cpp/absl/hash/internal/city.cc +346 -0
  360. data/third_party/abseil-cpp/absl/hash/internal/city.h +96 -0
  361. data/third_party/abseil-cpp/absl/hash/internal/hash.cc +55 -0
  362. data/third_party/abseil-cpp/absl/hash/internal/hash.h +988 -0
  363. data/third_party/abseil-cpp/absl/status/status.cc +447 -0
  364. data/third_party/abseil-cpp/absl/status/status.h +428 -0
  365. data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +43 -0
  366. data/third_party/abseil-cpp/absl/status/status_payload_printer.h +51 -0
  367. data/third_party/abseil-cpp/absl/strings/cord.cc +2019 -0
  368. data/third_party/abseil-cpp/absl/strings/cord.h +1121 -0
  369. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +151 -0
  370. data/third_party/abseil-cpp/absl/synchronization/barrier.cc +52 -0
  371. data/third_party/abseil-cpp/absl/synchronization/barrier.h +79 -0
  372. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc +57 -0
  373. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.h +99 -0
  374. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +140 -0
  375. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.h +60 -0
  376. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +697 -0
  377. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.h +141 -0
  378. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +155 -0
  379. data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +261 -0
  380. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +106 -0
  381. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +115 -0
  382. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +484 -0
  383. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +159 -0
  384. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +2728 -0
  385. data/third_party/abseil-cpp/absl/synchronization/mutex.h +1056 -0
  386. data/third_party/abseil-cpp/absl/synchronization/notification.cc +78 -0
  387. data/third_party/abseil-cpp/absl/synchronization/notification.h +123 -0
  388. data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +64 -0
  389. data/third_party/abseil-cpp/absl/types/bad_variant_access.h +82 -0
  390. data/third_party/abseil-cpp/absl/types/internal/variant.h +1646 -0
  391. data/third_party/abseil-cpp/absl/types/variant.h +861 -0
  392. data/third_party/boringssl-with-bazel/err_data.c +475 -467
  393. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +0 -6
  394. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +9 -43
  395. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +55 -4
  396. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +34 -0
  397. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +4 -0
  398. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +16 -0
  399. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +6 -2
  400. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
  401. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +4 -0
  402. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +30 -10
  403. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +10 -15
  404. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +543 -0
  405. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +237 -0
  406. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +44 -2
  407. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +221 -49
  408. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +64 -20
  409. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +3 -3
  410. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +0 -8
  411. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +3 -3
  412. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -1
  413. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +7 -2
  414. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +21 -18
  415. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -1
  416. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +24 -3
  417. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +3 -3
  418. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +67 -67
  419. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +3 -3
  420. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +29 -35
  421. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +13 -2
  422. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +9 -8
  423. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +10 -10
  424. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +2 -2
  425. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +28 -40
  426. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +20 -0
  427. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +3 -1
  428. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +1 -4
  429. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +7 -3
  430. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +2 -2
  431. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +1 -1
  432. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +55 -8
  433. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -1
  434. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +52 -0
  435. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +0 -1
  436. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +2 -2
  437. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +6 -0
  438. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +1 -1
  439. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +12 -0
  440. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +9 -0
  441. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +4 -1
  442. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +48 -9
  443. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +2 -3
  444. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +26 -6
  445. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +199 -78
  446. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +52 -43
  447. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +18 -18
  448. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -3
  449. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1 -1
  450. data/third_party/boringssl-with-bazel/src/ssl/internal.h +13 -9
  451. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +3 -6
  452. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +8 -9
  453. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +10 -0
  454. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +34 -9
  455. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -2
  456. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +4 -8
  457. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +7 -2
  458. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +5 -3
  459. data/third_party/re2/re2/bitmap256.h +117 -0
  460. data/third_party/re2/re2/bitstate.cc +385 -0
  461. data/third_party/re2/re2/compile.cc +1279 -0
  462. data/third_party/re2/re2/dfa.cc +2130 -0
  463. data/third_party/re2/re2/filtered_re2.cc +121 -0
  464. data/third_party/re2/re2/filtered_re2.h +109 -0
  465. data/third_party/re2/re2/mimics_pcre.cc +197 -0
  466. data/third_party/re2/re2/nfa.cc +713 -0
  467. data/third_party/re2/re2/onepass.cc +623 -0
  468. data/third_party/re2/re2/parse.cc +2464 -0
  469. data/third_party/re2/re2/perl_groups.cc +119 -0
  470. data/third_party/re2/re2/pod_array.h +55 -0
  471. data/third_party/re2/re2/prefilter.cc +710 -0
  472. data/third_party/re2/re2/prefilter.h +108 -0
  473. data/third_party/re2/re2/prefilter_tree.cc +407 -0
  474. data/third_party/re2/re2/prefilter_tree.h +139 -0
  475. data/third_party/re2/re2/prog.cc +988 -0
  476. data/third_party/re2/re2/prog.h +436 -0
  477. data/third_party/re2/re2/re2.cc +1362 -0
  478. data/third_party/re2/re2/re2.h +1002 -0
  479. data/third_party/re2/re2/regexp.cc +980 -0
  480. data/third_party/re2/re2/regexp.h +659 -0
  481. data/third_party/re2/re2/set.cc +154 -0
  482. data/third_party/re2/re2/set.h +80 -0
  483. data/third_party/re2/re2/simplify.cc +657 -0
  484. data/third_party/re2/re2/sparse_array.h +392 -0
  485. data/third_party/re2/re2/sparse_set.h +264 -0
  486. data/third_party/re2/re2/stringpiece.cc +65 -0
  487. data/third_party/re2/re2/stringpiece.h +210 -0
  488. data/third_party/re2/re2/tostring.cc +351 -0
  489. data/third_party/re2/re2/unicode_casefold.cc +582 -0
  490. data/third_party/re2/re2/unicode_casefold.h +78 -0
  491. data/third_party/re2/re2/unicode_groups.cc +6269 -0
  492. data/third_party/re2/re2/unicode_groups.h +67 -0
  493. data/third_party/re2/re2/walker-inl.h +246 -0
  494. data/third_party/re2/util/benchmark.h +156 -0
  495. data/third_party/re2/util/flags.h +26 -0
  496. data/third_party/re2/util/logging.h +109 -0
  497. data/third_party/re2/util/malloc_counter.h +19 -0
  498. data/third_party/re2/util/mix.h +41 -0
  499. data/third_party/re2/util/mutex.h +148 -0
  500. data/third_party/re2/util/pcre.cc +1025 -0
  501. data/third_party/re2/util/pcre.h +681 -0
  502. data/third_party/re2/util/rune.cc +260 -0
  503. data/third_party/re2/util/strutil.cc +149 -0
  504. data/third_party/re2/util/strutil.h +21 -0
  505. data/third_party/re2/util/test.h +50 -0
  506. data/third_party/re2/util/utf.h +44 -0
  507. data/third_party/re2/util/util.h +42 -0
  508. data/third_party/upb/upb/decode.c +64 -15
  509. data/third_party/upb/upb/encode.c +2 -2
  510. data/third_party/upb/upb/msg.h +2 -2
  511. data/third_party/upb/upb/port_def.inc +1 -1
  512. data/third_party/upb/upb/table.c +0 -11
  513. data/third_party/upb/upb/table.int.h +0 -9
  514. data/third_party/upb/upb/upb.c +16 -14
  515. data/third_party/upb/upb/upb.h +26 -0
  516. data/third_party/upb/upb/upb.hpp +2 -0
  517. metadata +340 -153
  518. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +0 -528
  519. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +0 -1142
  520. data/src/core/ext/filters/client_channel/xds/xds_api.cc +0 -2110
  521. data/src/core/ext/filters/client_channel/xds/xds_api.h +0 -345
  522. data/src/core/ext/filters/client_channel/xds/xds_channel.h +0 -46
  523. data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +0 -106
  524. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +0 -21
  525. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +0 -34
  526. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +0 -114
  527. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +0 -429
  528. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +0 -72
  529. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +0 -198
  530. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +0 -105
  531. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +0 -388
  532. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +0 -52
  533. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +0 -403
  534. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +0 -1453
  535. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +0 -74
  536. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +0 -226
  537. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +0 -69
  538. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +0 -323
  539. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +0 -112
  540. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +0 -334
  541. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +0 -79
  542. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +0 -313
  543. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +0 -891
  544. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +0 -96
  545. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +0 -328
  546. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +0 -34
  547. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +0 -71
  548. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +0 -197
  549. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +0 -649
  550. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +0 -172
  551. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +0 -693
  552. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +0 -80
  553. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +0 -152
  554. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +0 -536
  555. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +0 -88
  556. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +0 -129
  557. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +0 -386
  558. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +0 -52
  559. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +0 -92
  560. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +0 -224
  561. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +0 -18
  562. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -32
  563. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +0 -91
  564. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +0 -273
  565. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +0 -112
  566. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +0 -332
  567. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +0 -52
  568. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +0 -109
  569. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +0 -415
  570. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +0 -18
  571. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -32
  572. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +0 -145
  573. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +0 -538
  574. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +0 -43
  575. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +0 -111
  576. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +0 -52
  577. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +0 -63
  578. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +0 -204
  579. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +0 -18
  580. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -32
  581. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +0 -815
  582. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +0 -2984
  583. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +0 -59
  584. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +0 -135
  585. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +0 -52
  586. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +0 -228
  587. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +0 -732
  588. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +0 -316
  589. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +0 -1167
  590. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +0 -65
  591. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +0 -51
  592. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +0 -125
  593. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +0 -49
  594. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +0 -54
  595. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +0 -136
  596. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +0 -63
  597. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +0 -145
  598. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +0 -53
  599. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +0 -133
  600. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +0 -88
  601. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +0 -258
  602. data/src/core/ext/upb-generated/envoy/type/percent.upb.h +0 -86
  603. data/src/core/ext/upb-generated/envoy/type/range.upb.h +0 -111
  604. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +0 -61
  605. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +0 -89
  606. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +0 -250
  607. data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +0 -17
  608. data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -29
  609. data/src/core/lib/security/transport/target_authority_table.cc +0 -75
  610. data/src/core/lib/security/transport/target_authority_table.h +0 -40
  611. data/src/core/lib/slice/slice_hash_table.h +0 -199
  612. data/src/core/lib/slice/slice_weak_hash_table.h +0 -102
  613. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pku.c +0 -110
  614. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_sxnet.c +0 -274
@@ -0,0 +1,237 @@
1
+ /* Copyright (c) 2020, Google Inc.
2
+ *
3
+ * Permission to use, copy, modify, and/or distribute this software for any
4
+ * purpose with or without fee is hereby granted, provided that the above
5
+ * copyright notice and this permission notice appear in all copies.
6
+ *
7
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
+
15
+ #ifndef OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
16
+ #define OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
17
+
18
+ #include <openssl/aead.h>
19
+ #include <openssl/base.h>
20
+ #include <openssl/curve25519.h>
21
+
22
+ #if defined(__cplusplus)
23
+ extern "C" {
24
+ #endif
25
+
26
+
27
+ // Hybrid Public Key Encryption.
28
+ //
29
+ // Hybrid Public Key Encryption (HPKE) enables a sender to encrypt messages to a
30
+ // receiver with a public key. Optionally, the sender may authenticate its
31
+ // possession of a pre-shared key to the recipient.
32
+ //
33
+ // See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-05.
34
+
35
+ // EVP_HPKE_AEAD_* are AEAD identifiers.
36
+ #define EVP_HPKE_AEAD_AES_GCM_128 0x0001
37
+ #define EVP_HPKE_AEAD_AES_GCM_256 0x0002
38
+ #define EVP_HPKE_AEAD_CHACHA20POLY1305 0x0003
39
+
40
+ // EVP_HPKE_HKDF_* are HKDF identifiers.
41
+ #define EVP_HPKE_HKDF_SHA256 0x0001
42
+ #define EVP_HPKE_HKDF_SHA384 0x0002
43
+ #define EVP_HPKE_HKDF_SHA512 0x0003
44
+
45
+ // EVP_HPKE_MAX_OVERHEAD contains the largest value that
46
+ // |EVP_HPKE_CTX_max_overhead| would ever return for any context.
47
+ #define EVP_HPKE_MAX_OVERHEAD EVP_AEAD_MAX_OVERHEAD
48
+
49
+
50
+ // Encryption contexts.
51
+
52
+ // An |EVP_HPKE_CTX| is an HPKE encryption context.
53
+ typedef struct evp_hpke_ctx_st {
54
+ const EVP_MD *hkdf_md;
55
+ EVP_AEAD_CTX aead_ctx;
56
+ uint16_t kdf_id;
57
+ uint16_t aead_id;
58
+ uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
59
+ uint8_t exporter_secret[EVP_MAX_MD_SIZE];
60
+ uint64_t seq;
61
+ int is_sender;
62
+ } EVP_HPKE_CTX;
63
+
64
+ // EVP_HPKE_CTX_init initializes an already-allocated |EVP_HPKE_CTX|. The caller
65
+ // should then use one of the |EVP_HPKE_CTX_setup_*| functions.
66
+ //
67
+ // It is safe, but not necessary to call |EVP_HPKE_CTX_cleanup| in this state.
68
+ OPENSSL_EXPORT void EVP_HPKE_CTX_init(EVP_HPKE_CTX *ctx);
69
+
70
+ // EVP_HPKE_CTX_cleanup releases memory referenced by |ctx|. |ctx| must have
71
+ // been initialized with |EVP_HPKE_CTX_init|.
72
+ OPENSSL_EXPORT void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx);
73
+
74
+
75
+ // Setting up HPKE contexts.
76
+ //
77
+ // In each of the following functions, |hpke| must have been initialized with
78
+ // |EVP_HPKE_CTX_init|. |kdf_id| selects the KDF for non-KEM HPKE operations and
79
+ // must be one of the |EVP_HPKE_HKDF_*| constants. |aead_id| selects the AEAD
80
+ // for the "open" and "seal" operations and must be one of the |EVP_HPKE_AEAD_*"
81
+ // constants."
82
+
83
+ // EVP_HPKE_CTX_setup_base_s_x25519 sets up |hpke| as a sender context that can
84
+ // encrypt for the private key corresponding to |peer_public_value| (the
85
+ // recipient's public key). It returns one on success, and zero otherwise. Note
86
+ // that this function will fail if |peer_public_value| is invalid.
87
+ //
88
+ // This function writes the encapsulated shared secret to |out_enc|.
89
+ OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519(
90
+ EVP_HPKE_CTX *hpke, uint8_t out_enc[X25519_PUBLIC_VALUE_LEN],
91
+ uint16_t kdf_id, uint16_t aead_id,
92
+ const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
93
+ const uint8_t *info, size_t info_len);
94
+
95
+ // EVP_HPKE_CTX_setup_base_s_x25519_for_test behaves like
96
+ // |EVP_HPKE_CTX_setup_base_s_x25519|, but takes a pre-generated ephemeral
97
+ // sender key.
98
+ OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519_for_test(
99
+ EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
100
+ const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
101
+ const uint8_t *info, size_t info_len,
102
+ const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN],
103
+ const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]);
104
+
105
+ // EVP_HPKE_CTX_setup_base_r_x25519 sets up |hpke| as a recipient context that
106
+ // can decrypt messages. |private_key| is the recipient's private key, and |enc|
107
+ // is the encapsulated shared secret from the sender. Note that this function
108
+ // will fail if |enc| is invalid.
109
+ OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_r_x25519(
110
+ EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
111
+ const uint8_t enc[X25519_PUBLIC_VALUE_LEN],
112
+ const uint8_t public_key[X25519_PUBLIC_VALUE_LEN],
113
+ const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info,
114
+ size_t info_len);
115
+
116
+ // EVP_HPKE_CTX_setup_psk_s_x25519 sets up |hpke| as a sender context that can
117
+ // encrypt for the private key corresponding to |peer_public_value| (the
118
+ // recipient's public key) and authenticate its possession of a PSK. It returns
119
+ // one on success, and zero otherwise. Note that this function will fail if
120
+ // |peer_public_value| is invalid.
121
+ //
122
+ // The PSK and its ID must be provided in |psk| and |psk_id|, respectively. Both
123
+ // must be nonempty (|psk_len| and |psk_id_len| must be non-zero), or this
124
+ // function will fail.
125
+ //
126
+ // This function writes the encapsulated shared secret to |out_enc|.
127
+ OPENSSL_EXPORT int EVP_HPKE_CTX_setup_psk_s_x25519(
128
+ EVP_HPKE_CTX *hpke, uint8_t out_enc[X25519_PUBLIC_VALUE_LEN],
129
+ uint16_t kdf_id, uint16_t aead_id,
130
+ const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
131
+ const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len,
132
+ const uint8_t *psk_id, size_t psk_id_len);
133
+
134
+ // EVP_HPKE_CTX_setup_psk_s_x25519_for_test behaves like
135
+ // |EVP_HPKE_CTX_setup_psk_s_x25519|, but takes a pre-generated ephemeral sender
136
+ // key.
137
+ OPENSSL_EXPORT int EVP_HPKE_CTX_setup_psk_s_x25519_for_test(
138
+ EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
139
+ const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
140
+ const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len,
141
+ const uint8_t *psk_id, size_t psk_id_len,
142
+ const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN],
143
+ const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]);
144
+
145
+ // EVP_HPKE_CTX_setup_psk_r_x25519 sets up |hpke| as a recipient context that
146
+ // can decrypt messages. Future open (decrypt) operations will fail if the
147
+ // sender does not possess the PSK indicated by |psk| and |psk_id|.
148
+ // |private_key| is the recipient's private key, and |enc| is the encapsulated
149
+ // shared secret from the sender. If |enc| is invalid, this function will fail.
150
+ //
151
+ // The PSK and its ID must be provided in |psk| and |psk_id|, respectively. Both
152
+ // must be nonempty (|psk_len| and |psk_id_len| must be non-zero), or this
153
+ // function will fail.
154
+ OPENSSL_EXPORT int EVP_HPKE_CTX_setup_psk_r_x25519(
155
+ EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
156
+ const uint8_t enc[X25519_PUBLIC_VALUE_LEN],
157
+ const uint8_t public_key[X25519_PUBLIC_VALUE_LEN],
158
+ const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info,
159
+ size_t info_len, const uint8_t *psk, size_t psk_len, const uint8_t *psk_id,
160
+ size_t psk_id_len);
161
+
162
+
163
+ // Using an HPKE context.
164
+
165
+ // EVP_HPKE_CTX_open uses the HPKE context |hpke| to authenticate |in_len| bytes
166
+ // from |in| and |ad_len| bytes from |ad| and to decrypt at most |in_len| bytes
167
+ // into |out|. It returns one on success, and zero otherwise.
168
+ //
169
+ // This operation will fail if the |hpke| context is not set up as a receiver.
170
+ //
171
+ // Note that HPKE encryption is stateful and ordered. The sender's first call to
172
+ // |EVP_HPKE_CTX_seal| must correspond to the recipient's first call to
173
+ // |EVP_HPKE_CTX_open|, etc.
174
+ //
175
+ // At most |in_len| bytes are written to |out|. In order to ensure success,
176
+ // |max_out_len| should be at least |in_len|. On successful return, |*out_len|
177
+ // is set to the actual number of bytes written.
178
+ OPENSSL_EXPORT int EVP_HPKE_CTX_open(EVP_HPKE_CTX *hpke, uint8_t *out,
179
+ size_t *out_len, size_t max_out_len,
180
+ const uint8_t *in, size_t in_len,
181
+ const uint8_t *ad, size_t ad_len);
182
+
183
+ // EVP_HPKE_CTX_seal uses the HPKE context |hpke| to encrypt and authenticate
184
+ // |in_len| bytes of ciphertext |in| and authenticate |ad_len| bytes from |ad|,
185
+ // writing the result to |out|. It returns one on success and zero otherwise.
186
+ //
187
+ // This operation will fail if the |hpke| context is not set up as a sender.
188
+ //
189
+ // Note that HPKE encryption is stateful and ordered. The sender's first call to
190
+ // |EVP_HPKE_CTX_seal| must correspond to the recipient's first call to
191
+ // |EVP_HPKE_CTX_open|, etc.
192
+ //
193
+ // At most, |max_out_len| encrypted bytes are written to |out|. On successful
194
+ // return, |*out_len| is set to the actual number of bytes written.
195
+ //
196
+ // To ensure success, |max_out_len| should be |in_len| plus the result of
197
+ // |EVP_HPKE_CTX_max_overhead| or |EVP_HPKE_MAX_OVERHEAD|.
198
+ OPENSSL_EXPORT int EVP_HPKE_CTX_seal(EVP_HPKE_CTX *hpke, uint8_t *out,
199
+ size_t *out_len, size_t max_out_len,
200
+ const uint8_t *in, size_t in_len,
201
+ const uint8_t *ad, size_t ad_len);
202
+
203
+ // EVP_HPKE_CTX_export uses the HPKE context |hpke| to export a secret of
204
+ // |secret_len| bytes into |out|. This function uses |context_len| bytes from
205
+ // |context| as a context string for the secret. This is necessary to separate
206
+ // different uses of exported secrets and bind relevant caller-specific context
207
+ // into the output. It returns one on success and zero otherwise.
208
+ OPENSSL_EXPORT int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *hpke, uint8_t *out,
209
+ size_t secret_len,
210
+ const uint8_t *context,
211
+ size_t context_len);
212
+
213
+ // EVP_HPKE_CTX_max_overhead returns the maximum number of additional bytes
214
+ // added by sealing data with |EVP_HPKE_CTX_seal|. The |hpke| context must be
215
+ // set up as a sender.
216
+ OPENSSL_EXPORT size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *hpke);
217
+
218
+
219
+ #if defined(__cplusplus)
220
+ } // extern C
221
+ #endif
222
+
223
+ #if !defined(BORINGSSL_NO_CXX)
224
+ extern "C++" {
225
+
226
+ BSSL_NAMESPACE_BEGIN
227
+
228
+ using ScopedEVP_HPKE_CTX =
229
+ internal::StackAllocated<EVP_HPKE_CTX, void, EVP_HPKE_CTX_init,
230
+ EVP_HPKE_CTX_cleanup>;
231
+
232
+ BSSL_NAMESPACE_END
233
+
234
+ } // extern C++
235
+ #endif
236
+
237
+ #endif // OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
@@ -110,6 +110,39 @@ int pmbtoken_exp1_read(const PMBTOKEN_ISSUER_KEY *key,
110
110
  // function is used to confirm H was computed as expected.
111
111
  OPENSSL_EXPORT int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]);
112
112
 
113
+ // The following functions implement the corresponding |TRUST_TOKENS_METHOD|
114
+ // functions for |TRUST_TOKENS_experiment_v2|'s PMBTokens construction which
115
+ // uses P-384.
116
+ //
117
+ // We use P-384 instead of our usual choice of P-256. See Appendix I which
118
+ // describes two attacks which may affect smaller curves. In particular, p-1 for
119
+ // P-256 is smooth, giving a low complexity for the p-1 attack. P-384's p-1 has
120
+ // a 281-bit prime factor,
121
+ // 3055465788140352002733946906144561090641249606160407884365391979704929268480326390471.
122
+ // This lower-bounds the p-1 attack at O(2^140). The p+1 attack is lower-bounded
123
+ // by O(p^(1/3)) or O(2^128), so we do not need to check the smoothness of p+1.
124
+ int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public);
125
+ int pmbtoken_exp2_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
126
+ const uint8_t *in, size_t len);
127
+ int pmbtoken_exp2_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
128
+ const uint8_t *in, size_t len);
129
+ STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count);
130
+ int pmbtoken_exp2_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
131
+ size_t num_requested, size_t num_to_issue,
132
+ uint8_t private_metadata);
133
+ STACK_OF(TRUST_TOKEN) *
134
+ pmbtoken_exp2_unblind(const PMBTOKEN_CLIENT_KEY *key,
135
+ const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
136
+ CBS *cbs, size_t count, uint32_t key_id);
137
+ int pmbtoken_exp2_read(const PMBTOKEN_ISSUER_KEY *key,
138
+ uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
139
+ uint8_t *out_private_metadata, const uint8_t *token,
140
+ size_t token_len);
141
+
142
+ // pmbtoken_exp2_get_h_for_testing returns H in uncompressed coordinates. This
143
+ // function is used to confirm H was computed as expected.
144
+ OPENSSL_EXPORT int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]);
145
+
113
146
 
114
147
  // Trust Tokens internals.
115
148
 
@@ -172,6 +205,15 @@ struct trust_token_method_st {
172
205
  uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
173
206
  uint8_t *out_private_metadata, const uint8_t *token,
174
207
  size_t token_len);
208
+
209
+ // whether the construction supports private metadata.
210
+ int has_private_metadata;
211
+
212
+ // max keys that can be configured.
213
+ size_t max_keys;
214
+
215
+ // whether the SRR is part of the protocol.
216
+ int has_srr;
175
217
  };
176
218
 
177
219
  // Structure representing a single Trust Token public key with the specified ID.
@@ -195,7 +237,7 @@ struct trust_token_client_st {
195
237
 
196
238
  // keys is the set of public keys that are supported by the client for
197
239
  // issuance/redemptions.
198
- struct trust_token_client_key_st keys[3];
240
+ struct trust_token_client_key_st keys[6];
199
241
 
200
242
  // num_keys is the number of keys currently configured.
201
243
  size_t num_keys;
@@ -217,7 +259,7 @@ struct trust_token_issuer_st {
217
259
  // keys is the set of private keys that are supported by the issuer for
218
260
  // issuance/redemptions. The public metadata is an index into this list of
219
261
  // keys.
220
- struct trust_token_issuer_key_st keys[3];
262
+ struct trust_token_issuer_key_st keys[6];
221
263
 
222
264
  // num_keys is the number of keys currently configured.
223
265
  size_t num_keys;
@@ -52,6 +52,7 @@ typedef struct {
52
52
  // hash_c implements the H_c operation in PMBTokens. It returns one on success
53
53
  // and zero on error.
54
54
  hash_c_func_t hash_c;
55
+ int prefix_point : 1;
55
56
  } PMBTOKEN_METHOD;
56
57
 
57
58
  static const uint8_t kDefaultAdditionalData[32] = {0};
@@ -59,7 +60,7 @@ static const uint8_t kDefaultAdditionalData[32] = {0};
59
60
  static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
60
61
  const uint8_t *h_bytes, size_t h_len,
61
62
  hash_t_func_t hash_t, hash_s_func_t hash_s,
62
- hash_c_func_t hash_c) {
63
+ hash_c_func_t hash_c, int prefix_point) {
63
64
  method->group = EC_GROUP_new_by_curve_name(curve_nid);
64
65
  if (method->group == NULL) {
65
66
  return 0;
@@ -68,6 +69,7 @@ static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
68
69
  method->hash_t = hash_t;
69
70
  method->hash_s = hash_s;
70
71
  method->hash_c = hash_c;
72
+ method->prefix_point = prefix_point;
71
73
 
72
74
  EC_AFFINE h;
73
75
  if (!ec_point_from_uncompressed(method->group, &h, h_bytes, h_len)) {
@@ -113,11 +115,40 @@ static int point_to_cbb(CBB *out, const EC_GROUP *group,
113
115
  len) == len;
114
116
  }
115
117
 
118
+ static int cbb_add_prefixed_point(CBB *out, const EC_GROUP *group,
119
+ const EC_AFFINE *point, int prefix_point) {
120
+ if (prefix_point) {
121
+ CBB child;
122
+ if (!CBB_add_u16_length_prefixed(out, &child) ||
123
+ !point_to_cbb(&child, group, point) ||
124
+ !CBB_flush(out)) {
125
+ return 0;
126
+ }
127
+ } else {
128
+ if (!point_to_cbb(out, group, point) ||
129
+ !CBB_flush(out)) {
130
+ return 0;
131
+ }
132
+ }
133
+
134
+ return 1;
135
+ }
136
+
116
137
  static int cbs_get_prefixed_point(CBS *cbs, const EC_GROUP *group,
117
- EC_AFFINE *out) {
138
+ EC_AFFINE *out, int prefix_point) {
118
139
  CBS child;
119
- if (!CBS_get_u16_length_prefixed(cbs, &child) ||
120
- !ec_point_from_uncompressed(group, out, CBS_data(&child),
140
+ if (prefix_point) {
141
+ if (!CBS_get_u16_length_prefixed(cbs, &child)) {
142
+ return 0;
143
+ }
144
+ } else {
145
+ size_t plen = 1 + 2 * BN_num_bytes(&group->field);
146
+ if (!CBS_get_bytes(cbs, &child, plen)) {
147
+ return 0;
148
+ }
149
+ }
150
+
151
+ if (!ec_point_from_uncompressed(group, out, CBS_data(&child),
121
152
  CBS_len(&child))) {
122
153
  return 0;
123
154
  }
@@ -166,16 +197,12 @@ static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
166
197
  return 0;
167
198
  }
168
199
 
169
- // TODO(https://crbug.com/boringssl/331): When updating the key format, remove
170
- // the redundant length prefixes.
171
- CBB child;
172
- if (!CBB_add_u16_length_prefixed(out_public, &child) ||
173
- !point_to_cbb(&child, group, &pub_affine[0]) ||
174
- !CBB_add_u16_length_prefixed(out_public, &child) ||
175
- !point_to_cbb(&child, group, &pub_affine[1]) ||
176
- !CBB_add_u16_length_prefixed(out_public, &child) ||
177
- !point_to_cbb(&child, group, &pub_affine[2]) ||
178
- !CBB_flush(out_public)) {
200
+ if (!cbb_add_prefixed_point(out_public, group, &pub_affine[0],
201
+ method->prefix_point) ||
202
+ !cbb_add_prefixed_point(out_public, group, &pub_affine[1],
203
+ method->prefix_point) ||
204
+ !cbb_add_prefixed_point(out_public, group, &pub_affine[2],
205
+ method->prefix_point)) {
179
206
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BUFFER_TOO_SMALL);
180
207
  return 0;
181
208
  }
@@ -186,13 +213,14 @@ static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
186
213
  static int pmbtoken_client_key_from_bytes(const PMBTOKEN_METHOD *method,
187
214
  PMBTOKEN_CLIENT_KEY *key,
188
215
  const uint8_t *in, size_t len) {
189
- // TODO(https://crbug.com/boringssl/331): When updating the key format, remove
190
- // the redundant length prefixes.
191
216
  CBS cbs;
192
217
  CBS_init(&cbs, in, len);
193
- if (!cbs_get_prefixed_point(&cbs, method->group, &key->pub0) ||
194
- !cbs_get_prefixed_point(&cbs, method->group, &key->pub1) ||
195
- !cbs_get_prefixed_point(&cbs, method->group, &key->pubs) ||
218
+ if (!cbs_get_prefixed_point(&cbs, method->group, &key->pub0,
219
+ method->prefix_point) ||
220
+ !cbs_get_prefixed_point(&cbs, method->group, &key->pub1,
221
+ method->prefix_point) ||
222
+ !cbs_get_prefixed_point(&cbs, method->group, &key->pubs,
223
+ method->prefix_point) ||
196
224
  CBS_len(&cbs) != 0) {
197
225
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
198
226
  return 0;
@@ -282,12 +310,8 @@ static STACK_OF(PMBTOKEN_PRETOKEN) *
282
310
  goto err;
283
311
  }
284
312
 
285
- // TODO(https://crbug.com/boringssl/331): When updating the key format,
286
- // remove the redundant length prefixes.
287
- CBB child;
288
- if (!CBB_add_u16_length_prefixed(cbb, &child) ||
289
- !point_to_cbb(&child, group, &pretoken->Tp) ||
290
- !CBB_flush(cbb)) {
313
+ if (!cbb_add_prefixed_point(cbb, group, &pretoken->Tp,
314
+ method->prefix_point)) {
291
315
  goto err;
292
316
  }
293
317
  }
@@ -750,7 +774,7 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
750
774
  for (size_t i = 0; i < num_to_issue; i++) {
751
775
  EC_AFFINE Tp_affine;
752
776
  EC_RAW_POINT Tp;
753
- if (!cbs_get_prefixed_point(cbs, group, &Tp_affine)) {
777
+ if (!cbs_get_prefixed_point(cbs, group, &Tp_affine, method->prefix_point)) {
754
778
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
755
779
  goto err;
756
780
  }
@@ -766,7 +790,6 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
766
790
  // The |jacobians| and |affines| contain Sp, Wp, and Wsp.
767
791
  EC_RAW_POINT jacobians[3];
768
792
  EC_AFFINE affines[3];
769
- CBB child;
770
793
  if (!method->hash_s(group, &jacobians[0], &Tp_affine, s) ||
771
794
  !ec_point_mul_scalar_batch(group, &jacobians[1], &Tp, &xb,
772
795
  &jacobians[0], &yb, NULL, NULL) ||
@@ -774,12 +797,8 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
774
797
  &jacobians[0], &key->ys, NULL, NULL) ||
775
798
  !ec_jacobian_to_affine_batch(group, affines, jacobians, 3) ||
776
799
  !CBB_add_bytes(cbb, s, PMBTOKEN_NONCE_SIZE) ||
777
- // TODO(https://crbug.com/boringssl/331): When updating the key format,
778
- // remove the redundant length prefixes.
779
- !CBB_add_u16_length_prefixed(cbb, &child) ||
780
- !point_to_cbb(&child, group, &affines[1]) ||
781
- !CBB_add_u16_length_prefixed(cbb, &child) ||
782
- !point_to_cbb(&child, group, &affines[2])) {
800
+ !cbb_add_prefixed_point(cbb, group, &affines[1], method->prefix_point) ||
801
+ !cbb_add_prefixed_point(cbb, group, &affines[2], method->prefix_point)) {
783
802
  goto err;
784
803
  }
785
804
 
@@ -835,7 +854,11 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
835
854
 
836
855
  // Skip over any unused requests.
837
856
  size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
838
- if (!CBS_skip(cbs, (2 + point_len) * (num_requested - num_to_issue))) {
857
+ size_t token_len = point_len;
858
+ if (method->prefix_point) {
859
+ token_len += 2;
860
+ }
861
+ if (!CBS_skip(cbs, token_len * (num_requested - num_to_issue))) {
839
862
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
840
863
  goto err;
841
864
  }
@@ -902,8 +925,9 @@ static STACK_OF(TRUST_TOKEN) *
902
925
  uint8_t s[PMBTOKEN_NONCE_SIZE];
903
926
  EC_AFFINE Wp_affine, Wsp_affine;
904
927
  if (!CBS_copy_bytes(cbs, s, PMBTOKEN_NONCE_SIZE) ||
905
- !cbs_get_prefixed_point(cbs, group, &Wp_affine) ||
906
- !cbs_get_prefixed_point(cbs, group, &Wsp_affine)) {
928
+ !cbs_get_prefixed_point(cbs, group, &Wp_affine, method->prefix_point) ||
929
+ !cbs_get_prefixed_point(cbs, group, &Wsp_affine,
930
+ method->prefix_point)) {
907
931
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
908
932
  goto err;
909
933
  }
@@ -937,19 +961,17 @@ static STACK_OF(TRUST_TOKEN) *
937
961
 
938
962
  // Serialize the token. Include |key_id| to avoid an extra copy in the layer
939
963
  // above.
940
- CBB token_cbb, child;
964
+ CBB token_cbb;
941
965
  size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
942
966
  if (!CBB_init(&token_cbb, 4 + PMBTOKEN_NONCE_SIZE + 3 * (2 + point_len)) ||
943
967
  !CBB_add_u32(&token_cbb, key_id) ||
944
968
  !CBB_add_bytes(&token_cbb, pretoken->t, PMBTOKEN_NONCE_SIZE) ||
945
- // TODO(https://crbug.com/boringssl/331): When updating the key format,
946
- // remove the redundant length prefixes.
947
- !CBB_add_u16_length_prefixed(&token_cbb, &child) ||
948
- !point_to_cbb(&child, group, &affines[0]) ||
949
- !CBB_add_u16_length_prefixed(&token_cbb, &child) ||
950
- !point_to_cbb(&child, group, &affines[1]) ||
951
- !CBB_add_u16_length_prefixed(&token_cbb, &child) ||
952
- !point_to_cbb(&child, group, &affines[2]) ||
969
+ !cbb_add_prefixed_point(&token_cbb, group, &affines[0],
970
+ method->prefix_point) ||
971
+ !cbb_add_prefixed_point(&token_cbb, group, &affines[1],
972
+ method->prefix_point) ||
973
+ !cbb_add_prefixed_point(&token_cbb, group, &affines[2],
974
+ method->prefix_point) ||
953
975
  !CBB_flush(&token_cbb)) {
954
976
  CBB_cleanup(&token_cbb);
955
977
  goto err;
@@ -1021,9 +1043,9 @@ static int pmbtoken_read(const PMBTOKEN_METHOD *method,
1021
1043
  CBS_init(&cbs, token, token_len);
1022
1044
  EC_AFFINE S, W, Ws;
1023
1045
  if (!CBS_copy_bytes(&cbs, out_nonce, PMBTOKEN_NONCE_SIZE) ||
1024
- !cbs_get_prefixed_point(&cbs, group, &S) ||
1025
- !cbs_get_prefixed_point(&cbs, group, &W) ||
1026
- !cbs_get_prefixed_point(&cbs, group, &Ws) ||
1046
+ !cbs_get_prefixed_point(&cbs, group, &S, method->prefix_point) ||
1047
+ !cbs_get_prefixed_point(&cbs, group, &W, method->prefix_point) ||
1048
+ !cbs_get_prefixed_point(&cbs, group, &Ws, method->prefix_point) ||
1027
1049
  CBS_len(&cbs) != 0) {
1028
1050
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN);
1029
1051
  return 0;
@@ -1140,7 +1162,7 @@ static void pmbtoken_exp1_init_method_impl(void) {
1140
1162
  pmbtoken_exp1_ok =
1141
1163
  pmbtoken_init_method(&pmbtoken_exp1_method, NID_secp384r1, kH, sizeof(kH),
1142
1164
  pmbtoken_exp1_hash_t, pmbtoken_exp1_hash_s,
1143
- pmbtoken_exp1_hash_c);
1165
+ pmbtoken_exp1_hash_c, 1);
1144
1166
  }
1145
1167
 
1146
1168
  static int pmbtoken_exp1_init_method(void) {
@@ -1225,3 +1247,153 @@ int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]) {
1225
1247
  ec_point_to_bytes(pmbtoken_exp1_method.group, &h,
1226
1248
  POINT_CONVERSION_UNCOMPRESSED, out, 97) == 97;
1227
1249
  }
1250
+
1251
+ // PMBTokens experiment v2.
1252
+
1253
+ static int pmbtoken_exp2_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
1254
+ const uint8_t t[PMBTOKEN_NONCE_SIZE]) {
1255
+ const uint8_t kHashTLabel[] = "PMBTokens Experiment V2 HashT";
1256
+ return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
1257
+ group, out, kHashTLabel, sizeof(kHashTLabel), t, PMBTOKEN_NONCE_SIZE);
1258
+ }
1259
+
1260
+ static int pmbtoken_exp2_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
1261
+ const EC_AFFINE *t,
1262
+ const uint8_t s[PMBTOKEN_NONCE_SIZE]) {
1263
+ const uint8_t kHashSLabel[] = "PMBTokens Experiment V2 HashS";
1264
+ int ret = 0;
1265
+ CBB cbb;
1266
+ uint8_t *buf = NULL;
1267
+ size_t len;
1268
+ if (!CBB_init(&cbb, 0) ||
1269
+ !point_to_cbb(&cbb, group, t) ||
1270
+ !CBB_add_bytes(&cbb, s, PMBTOKEN_NONCE_SIZE) ||
1271
+ !CBB_finish(&cbb, &buf, &len) ||
1272
+ !ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
1273
+ group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
1274
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
1275
+ goto err;
1276
+ }
1277
+
1278
+ ret = 1;
1279
+
1280
+ err:
1281
+ OPENSSL_free(buf);
1282
+ CBB_cleanup(&cbb);
1283
+ return ret;
1284
+ }
1285
+
1286
+ static int pmbtoken_exp2_hash_c(const EC_GROUP *group, EC_SCALAR *out,
1287
+ uint8_t *buf, size_t len) {
1288
+ const uint8_t kHashCLabel[] = "PMBTokens Experiment V2 HashC";
1289
+ return ec_hash_to_scalar_p384_xmd_sha512_draft07(
1290
+ group, out, kHashCLabel, sizeof(kHashCLabel), buf, len);
1291
+ }
1292
+
1293
+ static int pmbtoken_exp2_ok = 0;
1294
+ static PMBTOKEN_METHOD pmbtoken_exp2_method;
1295
+ static CRYPTO_once_t pmbtoken_exp2_method_once = CRYPTO_ONCE_INIT;
1296
+
1297
+ static void pmbtoken_exp2_init_method_impl(void) {
1298
+ // This is the output of |ec_hash_to_scalar_p384_xmd_sha512_draft07| with DST
1299
+ // "PMBTokens Experiment V2 HashH" and message "generator".
1300
+ static const uint8_t kH[] = {
1301
+ 0x04, 0xbc, 0x27, 0x24, 0x99, 0xfa, 0xc9, 0xa4, 0x74, 0x6f, 0xf9,
1302
+ 0x07, 0x81, 0x55, 0xf8, 0x1f, 0x6f, 0xda, 0x09, 0xe7, 0x8c, 0x5d,
1303
+ 0x9e, 0x4e, 0x14, 0x7c, 0x53, 0x14, 0xbc, 0x7e, 0x29, 0x57, 0x92,
1304
+ 0x17, 0x94, 0x6e, 0xd2, 0xdf, 0xa5, 0x31, 0x1b, 0x4e, 0xb7, 0xfc,
1305
+ 0x93, 0xe3, 0x6e, 0x14, 0x1f, 0x4f, 0x14, 0xf3, 0xe5, 0x47, 0x61,
1306
+ 0x1c, 0x2c, 0x72, 0x25, 0xf0, 0x4a, 0x45, 0x23, 0x2d, 0x57, 0x93,
1307
+ 0x0e, 0xb2, 0x55, 0xb8, 0x57, 0x25, 0x4c, 0x1e, 0xdb, 0xfd, 0x58,
1308
+ 0x70, 0x17, 0x9a, 0xbb, 0x9e, 0x5e, 0x93, 0x9e, 0x92, 0xd3, 0xe8,
1309
+ 0x25, 0x62, 0xbf, 0x59, 0xb2, 0xd2, 0x3d, 0x71, 0xff
1310
+ };
1311
+
1312
+ pmbtoken_exp2_ok =
1313
+ pmbtoken_init_method(&pmbtoken_exp2_method, NID_secp384r1, kH, sizeof(kH),
1314
+ pmbtoken_exp2_hash_t, pmbtoken_exp2_hash_s,
1315
+ pmbtoken_exp2_hash_c, 0);
1316
+ }
1317
+
1318
+ static int pmbtoken_exp2_init_method(void) {
1319
+ CRYPTO_once(&pmbtoken_exp2_method_once, pmbtoken_exp2_init_method_impl);
1320
+ if (!pmbtoken_exp2_ok) {
1321
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
1322
+ return 0;
1323
+ }
1324
+ return 1;
1325
+ }
1326
+
1327
+ int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public) {
1328
+ if (!pmbtoken_exp2_init_method()) {
1329
+ return 0;
1330
+ }
1331
+
1332
+ return pmbtoken_generate_key(&pmbtoken_exp2_method, out_private, out_public);
1333
+ }
1334
+
1335
+ int pmbtoken_exp2_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
1336
+ const uint8_t *in, size_t len) {
1337
+ if (!pmbtoken_exp2_init_method()) {
1338
+ return 0;
1339
+ }
1340
+ return pmbtoken_client_key_from_bytes(&pmbtoken_exp2_method, key, in, len);
1341
+ }
1342
+
1343
+ int pmbtoken_exp2_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
1344
+ const uint8_t *in, size_t len) {
1345
+ if (!pmbtoken_exp2_init_method()) {
1346
+ return 0;
1347
+ }
1348
+ return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp2_method, key, in, len);
1349
+ }
1350
+
1351
+ STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count) {
1352
+ if (!pmbtoken_exp2_init_method()) {
1353
+ return NULL;
1354
+ }
1355
+ return pmbtoken_blind(&pmbtoken_exp2_method, cbb, count);
1356
+ }
1357
+
1358
+ int pmbtoken_exp2_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
1359
+ size_t num_requested, size_t num_to_issue,
1360
+ uint8_t private_metadata) {
1361
+ if (!pmbtoken_exp2_init_method()) {
1362
+ return 0;
1363
+ }
1364
+ return pmbtoken_sign(&pmbtoken_exp2_method, key, cbb, cbs, num_requested,
1365
+ num_to_issue, private_metadata);
1366
+ }
1367
+
1368
+ STACK_OF(TRUST_TOKEN) *
1369
+ pmbtoken_exp2_unblind(const PMBTOKEN_CLIENT_KEY *key,
1370
+ const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
1371
+ CBS *cbs, size_t count, uint32_t key_id) {
1372
+ if (!pmbtoken_exp2_init_method()) {
1373
+ return NULL;
1374
+ }
1375
+ return pmbtoken_unblind(&pmbtoken_exp2_method, key, pretokens, cbs, count,
1376
+ key_id);
1377
+ }
1378
+
1379
+ int pmbtoken_exp2_read(const PMBTOKEN_ISSUER_KEY *key,
1380
+ uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
1381
+ uint8_t *out_private_metadata, const uint8_t *token,
1382
+ size_t token_len) {
1383
+ if (!pmbtoken_exp2_init_method()) {
1384
+ return 0;
1385
+ }
1386
+ return pmbtoken_read(&pmbtoken_exp2_method, key, out_nonce,
1387
+ out_private_metadata, token, token_len);
1388
+ }
1389
+
1390
+ int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]) {
1391
+ if (!pmbtoken_exp2_init_method()) {
1392
+ return 0;
1393
+ }
1394
+ EC_AFFINE h;
1395
+ return ec_jacobian_to_affine(pmbtoken_exp2_method.group, &h,
1396
+ &pmbtoken_exp2_method.h) &&
1397
+ ec_point_to_bytes(pmbtoken_exp2_method.group, &h,
1398
+ POINT_CONVERSION_UNCOMPRESSED, out, 97) == 97;
1399
+ }