grpc 1.31.0.pre1 → 1.33.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +693 -16022
- data/include/grpc/grpc.h +0 -5
- data/include/grpc/grpc_security.h +47 -14
- data/include/grpc/impl/codegen/README.md +22 -0
- data/include/grpc/impl/codegen/grpc_types.h +0 -5
- data/include/grpc/impl/codegen/port_platform.h +6 -1
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -2
- data/src/core/ext/filters/client_channel/client_channel.cc +264 -186
- data/src/core/ext/filters/client_channel/client_channel.h +1 -1
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +0 -3
- data/src/core/ext/filters/client_channel/config_selector.cc +0 -4
- data/src/core/ext/filters/client_channel/config_selector.h +34 -5
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +6 -1
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -3
- data/src/core/ext/filters/client_channel/lb_policy.h +3 -1
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +48 -35
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +7 -5
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +9 -6
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +126 -119
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -13
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +0 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -37
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +21 -15
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +32 -13
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +8 -7
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +9 -32
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +26 -16
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +207 -129
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +453 -255
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds_drop.cc +571 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +727 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +8 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +602 -58
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +28 -0
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +8 -39
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +4 -3
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +49 -47
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +5 -9
- data/src/core/ext/filters/client_channel/server_address.cc +120 -7
- data/src/core/ext/filters/client_channel/server_address.h +48 -21
- data/src/core/ext/filters/client_channel/service_config.cc +16 -13
- data/src/core/ext/filters/client_channel/service_config.h +7 -4
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
- data/src/core/ext/filters/client_channel/service_config_parser.cc +8 -6
- data/src/core/ext/filters/client_channel/service_config_parser.h +8 -5
- data/src/core/ext/filters/client_channel/subchannel.cc +64 -23
- data/src/core/ext/filters/client_channel/subchannel.h +16 -4
- data/src/core/ext/filters/client_channel/subchannel_interface.h +44 -0
- data/src/core/ext/filters/max_age/max_age_filter.cc +2 -1
- data/src/core/ext/filters/message_size/message_size_filter.cc +2 -1
- data/src/core/ext/filters/message_size/message_size_filter.h +2 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +87 -31
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +18 -1
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +10 -35
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +19 -25
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +2 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +2 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +6 -6
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +256 -287
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +11 -3
- data/src/core/ext/transport/chttp2/transport/flow_control.h +10 -0
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/internal.h +10 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +17 -30
- data/src/core/ext/transport/chttp2/transport/writing.cc +6 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +12 -12
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +244 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +766 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +74 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +226 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +458 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +1635 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/cluster → config/cluster/v3}/filter.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +69 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/cluster → config/cluster/v3}/outlier_detection.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +323 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +124 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +379 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/backoff.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +79 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +310 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +869 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +103 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +351 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +133 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +241 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +752 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +170 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +684 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/http_uri.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +80 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +176 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +645 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +28 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +58 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/socket_option.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +88 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +85 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +91 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +220 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +91 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +273 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +112 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +332 -0
- data/src/core/ext/upb-generated/envoy/config/listener/{v2 → v3}/api_listener.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +65 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +128 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +467 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +155 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +539 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +41 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +94 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +178 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +616 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +204 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +900 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +3290 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +60 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +139 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +50 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +108 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +364 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +1336 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +20 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +34 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +110 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +387 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +76 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +214 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +147 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +570 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/cluster/v3}/cds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/{v2 → v3}/ads.upb.c +5 -4
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +139 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +449 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/endpoint/v3}/eds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/listener/v3}/lds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +55 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +136 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/rds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/srds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +47 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +114 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +77 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +64 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +145 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +54 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +133 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +188 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +88 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +258 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +90 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +250 -0
- data/src/core/ext/upb-generated/envoy/type/{http.upb.c → v3/http.upb.c} +2 -2
- data/src/core/ext/upb-generated/envoy/type/{http.upb.h → v3/http.upb.h} +8 -8
- data/src/core/ext/upb-generated/envoy/type/{percent.upb.c → v3/percent.upb.c} +9 -8
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +86 -0
- data/src/core/ext/upb-generated/envoy/type/{range.upb.c → v3/range.upb.c} +12 -11
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +111 -0
- data/src/core/ext/upb-generated/envoy/type/{semantic_version.upb.c → v3/semantic_version.upb.c} +6 -5
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +61 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +242 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +753 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +234 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +759 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +36 -36
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +1 -1
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +31 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +57 -0
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +27 -0
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +53 -0
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +53 -0
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +129 -0
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +77 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +36 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +85 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +160 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +84 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +11 -11
- data/src/core/ext/upb-generated/validate/validate.upb.h +1 -1
- data/src/core/ext/xds/certificate_provider_factory.h +59 -0
- data/src/core/ext/xds/certificate_provider_registry.cc +103 -0
- data/src/core/ext/xds/certificate_provider_registry.h +57 -0
- data/src/core/ext/xds/certificate_provider_store.h +50 -0
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +377 -0
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +102 -0
- data/src/core/ext/xds/xds_api.cc +2596 -0
- data/src/core/ext/xds/xds_api.h +397 -0
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.cc +44 -2
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.h +8 -3
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel_args.h +9 -6
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.cc +541 -785
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.h +114 -93
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.cc +20 -14
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.h +36 -8
- data/src/core/lib/channel/channel_args.h +0 -1
- data/src/core/lib/channel/channelz.cc +24 -60
- data/src/core/lib/channel/channelz.h +12 -20
- data/src/core/lib/channel/channelz_registry.cc +15 -12
- data/src/core/lib/channel/channelz_registry.h +3 -0
- data/src/core/lib/gpr/sync_posix.cc +2 -8
- data/src/core/lib/gpr/time_precise.cc +2 -0
- data/src/core/lib/gpr/time_precise.h +6 -2
- data/src/core/lib/gprpp/dual_ref_counted.h +336 -0
- data/src/core/lib/gprpp/ref_counted.h +51 -22
- data/src/core/lib/gprpp/ref_counted_ptr.h +153 -0
- data/src/core/lib/iomgr/endpoint.cc +5 -1
- data/src/core/lib/iomgr/endpoint.h +7 -3
- data/src/core/lib/iomgr/endpoint_cfstream.cc +36 -11
- data/src/core/lib/iomgr/ev_posix.cc +0 -2
- data/src/core/lib/iomgr/exec_ctx.h +10 -8
- data/src/core/lib/iomgr/iomgr.cc +0 -10
- data/src/core/lib/iomgr/iomgr.h +0 -10
- data/src/core/{ext/filters/client_channel → lib/iomgr}/parse_address.cc +1 -1
- data/src/core/{ext/filters/client_channel → lib/iomgr}/parse_address.h +3 -3
- data/src/core/lib/iomgr/sockaddr_utils.cc +2 -1
- data/src/core/lib/iomgr/sockaddr_utils.h +2 -1
- data/src/core/lib/iomgr/tcp_custom.cc +32 -16
- data/src/core/lib/iomgr/tcp_posix.cc +31 -13
- data/src/core/lib/iomgr/tcp_windows.cc +26 -10
- data/src/core/lib/json/json_util.cc +58 -0
- data/src/core/lib/json/json_util.h +37 -0
- data/src/core/lib/security/authorization/authorization_engine.cc +177 -0
- data/src/core/lib/security/authorization/authorization_engine.h +84 -0
- data/src/core/lib/security/authorization/evaluate_args.cc +153 -0
- data/src/core/lib/security/authorization/evaluate_args.h +59 -0
- data/src/core/lib/security/authorization/mock_cel/activation.h +57 -0
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +42 -0
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +68 -0
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +93 -0
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +67 -0
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +56 -0
- data/src/core/lib/security/authorization/mock_cel/statusor.h +50 -0
- data/src/core/lib/security/certificate_provider.h +60 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +56 -38
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +321 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +214 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +45 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.h +51 -0
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +7 -12
- data/src/core/lib/security/security_connector/ssl_utils.h +5 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +7 -1
- data/src/core/lib/surface/call.cc +12 -12
- data/src/core/lib/surface/call.h +2 -1
- data/src/core/lib/surface/channel.cc +37 -51
- data/src/core/lib/surface/channel.h +18 -3
- data/src/core/lib/surface/completion_queue.cc +10 -272
- data/src/core/lib/surface/completion_queue.h +0 -8
- data/src/core/lib/surface/init.cc +27 -12
- data/src/core/lib/surface/server.cc +1066 -1244
- data/src/core/lib/surface/server.h +363 -87
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/authority_override.cc +38 -0
- data/src/core/lib/transport/authority_override.h +32 -0
- data/src/core/lib/transport/bdp_estimator.h +2 -1
- data/src/core/lib/transport/connectivity_state.cc +18 -13
- data/src/core/lib/transport/connectivity_state.h +20 -8
- data/src/core/lib/transport/error_utils.cc +13 -0
- data/src/core/lib/transport/error_utils.h +6 -0
- data/src/core/lib/transport/metadata.cc +11 -1
- data/src/core/lib/transport/static_metadata.cc +295 -276
- data/src/core/lib/transport/static_metadata.h +80 -73
- data/src/core/lib/transport/transport.h +7 -0
- data/src/core/lib/uri/uri_parser.cc +23 -21
- data/src/core/lib/uri/uri_parser.h +3 -1
- data/src/core/plugin_registry/grpc_plugin_registry.cc +35 -20
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +22 -0
- data/src/core/tsi/ssl_transport_security.cc +2 -2
- data/src/ruby/bin/math_services_pb.rb +4 -4
- data/src/ruby/ext/grpc/rb_channel_credentials.c +9 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -4
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +7 -7
- data/src/ruby/lib/grpc/generic/client_stub.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +2 -2
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +5 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +28 -12
- data/src/ruby/spec/channel_credentials_spec.rb +10 -0
- data/src/ruby/spec/generic/active_call_spec.rb +19 -8
- data/src/ruby/spec/pb/codegen/grpc/testing/same_package_service_name.proto +27 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/same_ruby_package_service_name.proto +29 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +20 -0
- data/src/ruby/spec/user_agent_spec.rb +74 -0
- data/third_party/abseil-cpp/absl/algorithm/container.h +1727 -0
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +161 -0
- data/third_party/abseil-cpp/absl/base/internal/exponential_biased.cc +93 -0
- data/third_party/abseil-cpp/absl/base/internal/exponential_biased.h +130 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +620 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h +126 -0
- data/third_party/abseil-cpp/absl/container/fixed_array.h +515 -0
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +503 -0
- data/third_party/abseil-cpp/absl/container/internal/common.h +202 -0
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +440 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +146 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +191 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtable_debug_hooks.h +85 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +269 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +297 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +30 -0
- data/third_party/abseil-cpp/absl/container/internal/have_sse.h +49 -0
- data/third_party/abseil-cpp/absl/container/internal/layout.h +741 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +48 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +1882 -0
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +138 -0
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.h +32 -0
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +1895 -0
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +71 -0
- data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +382 -0
- data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.h +134 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +192 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +125 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +70 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +99 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +248 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_unimplemented-inl.inc +24 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +85 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +346 -0
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +128 -0
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +194 -0
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.h +158 -0
- data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +140 -0
- data/third_party/abseil-cpp/absl/debugging/stacktrace.h +231 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize.cc +25 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize.h +99 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +1480 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_unimplemented.inc +40 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +81 -0
- data/third_party/abseil-cpp/absl/functional/function_ref.h +139 -0
- data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +106 -0
- data/third_party/abseil-cpp/absl/hash/hash.h +324 -0
- data/third_party/abseil-cpp/absl/hash/internal/city.cc +346 -0
- data/third_party/abseil-cpp/absl/hash/internal/city.h +96 -0
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +55 -0
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +988 -0
- data/third_party/abseil-cpp/absl/status/status.cc +447 -0
- data/third_party/abseil-cpp/absl/status/status.h +428 -0
- data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +43 -0
- data/third_party/abseil-cpp/absl/status/status_payload_printer.h +51 -0
- data/third_party/abseil-cpp/absl/strings/cord.cc +2019 -0
- data/third_party/abseil-cpp/absl/strings/cord.h +1121 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +151 -0
- data/third_party/abseil-cpp/absl/synchronization/barrier.cc +52 -0
- data/third_party/abseil-cpp/absl/synchronization/barrier.h +79 -0
- data/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc +57 -0
- data/third_party/abseil-cpp/absl/synchronization/blocking_counter.h +99 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +140 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.h +60 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +697 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.h +141 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +155 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +261 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +106 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +115 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +484 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +159 -0
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +2728 -0
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +1056 -0
- data/third_party/abseil-cpp/absl/synchronization/notification.cc +78 -0
- data/third_party/abseil-cpp/absl/synchronization/notification.h +123 -0
- data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +64 -0
- data/third_party/abseil-cpp/absl/types/bad_variant_access.h +82 -0
- data/third_party/abseil-cpp/absl/types/internal/variant.h +1646 -0
- data/third_party/abseil-cpp/absl/types/variant.h +861 -0
- data/third_party/boringssl-with-bazel/err_data.c +475 -467
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +0 -6
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +9 -43
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +55 -4
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +6 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +30 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +10 -15
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +543 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +237 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +44 -2
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +221 -49
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +64 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +0 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +7 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +21 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +24 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +67 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +29 -35
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +13 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +28 -40
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +20 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +7 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +55 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +52 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +0 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +12 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +9 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +4 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +48 -9
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +2 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +26 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +199 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +52 -43
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +18 -18
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +13 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +3 -6
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +8 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +10 -0
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +34 -9
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +4 -8
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +7 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +5 -3
- data/third_party/re2/re2/bitmap256.h +117 -0
- data/third_party/re2/re2/bitstate.cc +385 -0
- data/third_party/re2/re2/compile.cc +1279 -0
- data/third_party/re2/re2/dfa.cc +2130 -0
- data/third_party/re2/re2/filtered_re2.cc +121 -0
- data/third_party/re2/re2/filtered_re2.h +109 -0
- data/third_party/re2/re2/mimics_pcre.cc +197 -0
- data/third_party/re2/re2/nfa.cc +713 -0
- data/third_party/re2/re2/onepass.cc +623 -0
- data/third_party/re2/re2/parse.cc +2464 -0
- data/third_party/re2/re2/perl_groups.cc +119 -0
- data/third_party/re2/re2/pod_array.h +55 -0
- data/third_party/re2/re2/prefilter.cc +710 -0
- data/third_party/re2/re2/prefilter.h +108 -0
- data/third_party/re2/re2/prefilter_tree.cc +407 -0
- data/third_party/re2/re2/prefilter_tree.h +139 -0
- data/third_party/re2/re2/prog.cc +988 -0
- data/third_party/re2/re2/prog.h +436 -0
- data/third_party/re2/re2/re2.cc +1362 -0
- data/third_party/re2/re2/re2.h +1002 -0
- data/third_party/re2/re2/regexp.cc +980 -0
- data/third_party/re2/re2/regexp.h +659 -0
- data/third_party/re2/re2/set.cc +154 -0
- data/third_party/re2/re2/set.h +80 -0
- data/third_party/re2/re2/simplify.cc +657 -0
- data/third_party/re2/re2/sparse_array.h +392 -0
- data/third_party/re2/re2/sparse_set.h +264 -0
- data/third_party/re2/re2/stringpiece.cc +65 -0
- data/third_party/re2/re2/stringpiece.h +210 -0
- data/third_party/re2/re2/tostring.cc +351 -0
- data/third_party/re2/re2/unicode_casefold.cc +582 -0
- data/third_party/re2/re2/unicode_casefold.h +78 -0
- data/third_party/re2/re2/unicode_groups.cc +6269 -0
- data/third_party/re2/re2/unicode_groups.h +67 -0
- data/third_party/re2/re2/walker-inl.h +246 -0
- data/third_party/re2/util/benchmark.h +156 -0
- data/third_party/re2/util/flags.h +26 -0
- data/third_party/re2/util/logging.h +109 -0
- data/third_party/re2/util/malloc_counter.h +19 -0
- data/third_party/re2/util/mix.h +41 -0
- data/third_party/re2/util/mutex.h +148 -0
- data/third_party/re2/util/pcre.cc +1025 -0
- data/third_party/re2/util/pcre.h +681 -0
- data/third_party/re2/util/rune.cc +260 -0
- data/third_party/re2/util/strutil.cc +149 -0
- data/third_party/re2/util/strutil.h +21 -0
- data/third_party/re2/util/test.h +50 -0
- data/third_party/re2/util/utf.h +44 -0
- data/third_party/re2/util/util.h +42 -0
- data/third_party/upb/upb/decode.c +64 -15
- data/third_party/upb/upb/encode.c +2 -2
- data/third_party/upb/upb/msg.h +2 -2
- data/third_party/upb/upb/port_def.inc +1 -1
- data/third_party/upb/upb/table.c +0 -11
- data/third_party/upb/upb/table.int.h +0 -9
- data/third_party/upb/upb/upb.c +16 -14
- data/third_party/upb/upb/upb.h +26 -0
- data/third_party/upb/upb/upb.hpp +2 -0
- metadata +340 -153
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +0 -528
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +0 -1142
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +0 -2110
- data/src/core/ext/filters/client_channel/xds/xds_api.h +0 -345
- data/src/core/ext/filters/client_channel/xds/xds_channel.h +0 -46
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +0 -106
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +0 -21
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +0 -34
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +0 -114
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +0 -429
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +0 -72
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +0 -198
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +0 -105
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +0 -388
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +0 -52
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +0 -403
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +0 -1453
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +0 -74
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +0 -226
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +0 -69
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +0 -323
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +0 -112
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +0 -334
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +0 -79
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +0 -313
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +0 -891
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +0 -96
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +0 -328
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +0 -34
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +0 -71
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +0 -197
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +0 -649
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +0 -172
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +0 -693
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +0 -80
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +0 -152
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +0 -536
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +0 -88
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +0 -129
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +0 -386
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +0 -52
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +0 -92
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +0 -224
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +0 -18
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -32
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +0 -91
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +0 -273
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +0 -112
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +0 -332
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +0 -52
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +0 -109
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +0 -415
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +0 -18
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -32
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +0 -145
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +0 -538
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +0 -43
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +0 -111
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +0 -52
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +0 -63
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +0 -204
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +0 -18
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -32
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +0 -815
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +0 -2984
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +0 -59
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +0 -135
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +0 -52
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +0 -228
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +0 -732
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +0 -316
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +0 -1167
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +0 -65
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +0 -51
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +0 -125
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +0 -49
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +0 -54
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +0 -136
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +0 -63
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +0 -145
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +0 -53
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +0 -133
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +0 -88
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +0 -258
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +0 -86
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +0 -111
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +0 -61
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +0 -89
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +0 -250
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +0 -17
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -29
- data/src/core/lib/security/transport/target_authority_table.cc +0 -75
- data/src/core/lib/security/transport/target_authority_table.h +0 -40
- data/src/core/lib/slice/slice_hash_table.h +0 -199
- data/src/core/lib/slice/slice_weak_hash_table.h +0 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pku.c +0 -110
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_sxnet.c +0 -274
|
@@ -0,0 +1,237 @@
|
|
|
1
|
+
/* Copyright (c) 2020, Google Inc.
|
|
2
|
+
*
|
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
|
6
|
+
*
|
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
14
|
+
|
|
15
|
+
#ifndef OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
|
|
16
|
+
#define OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
|
|
17
|
+
|
|
18
|
+
#include <openssl/aead.h>
|
|
19
|
+
#include <openssl/base.h>
|
|
20
|
+
#include <openssl/curve25519.h>
|
|
21
|
+
|
|
22
|
+
#if defined(__cplusplus)
|
|
23
|
+
extern "C" {
|
|
24
|
+
#endif
|
|
25
|
+
|
|
26
|
+
|
|
27
|
+
// Hybrid Public Key Encryption.
|
|
28
|
+
//
|
|
29
|
+
// Hybrid Public Key Encryption (HPKE) enables a sender to encrypt messages to a
|
|
30
|
+
// receiver with a public key. Optionally, the sender may authenticate its
|
|
31
|
+
// possession of a pre-shared key to the recipient.
|
|
32
|
+
//
|
|
33
|
+
// See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-05.
|
|
34
|
+
|
|
35
|
+
// EVP_HPKE_AEAD_* are AEAD identifiers.
|
|
36
|
+
#define EVP_HPKE_AEAD_AES_GCM_128 0x0001
|
|
37
|
+
#define EVP_HPKE_AEAD_AES_GCM_256 0x0002
|
|
38
|
+
#define EVP_HPKE_AEAD_CHACHA20POLY1305 0x0003
|
|
39
|
+
|
|
40
|
+
// EVP_HPKE_HKDF_* are HKDF identifiers.
|
|
41
|
+
#define EVP_HPKE_HKDF_SHA256 0x0001
|
|
42
|
+
#define EVP_HPKE_HKDF_SHA384 0x0002
|
|
43
|
+
#define EVP_HPKE_HKDF_SHA512 0x0003
|
|
44
|
+
|
|
45
|
+
// EVP_HPKE_MAX_OVERHEAD contains the largest value that
|
|
46
|
+
// |EVP_HPKE_CTX_max_overhead| would ever return for any context.
|
|
47
|
+
#define EVP_HPKE_MAX_OVERHEAD EVP_AEAD_MAX_OVERHEAD
|
|
48
|
+
|
|
49
|
+
|
|
50
|
+
// Encryption contexts.
|
|
51
|
+
|
|
52
|
+
// An |EVP_HPKE_CTX| is an HPKE encryption context.
|
|
53
|
+
typedef struct evp_hpke_ctx_st {
|
|
54
|
+
const EVP_MD *hkdf_md;
|
|
55
|
+
EVP_AEAD_CTX aead_ctx;
|
|
56
|
+
uint16_t kdf_id;
|
|
57
|
+
uint16_t aead_id;
|
|
58
|
+
uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
|
|
59
|
+
uint8_t exporter_secret[EVP_MAX_MD_SIZE];
|
|
60
|
+
uint64_t seq;
|
|
61
|
+
int is_sender;
|
|
62
|
+
} EVP_HPKE_CTX;
|
|
63
|
+
|
|
64
|
+
// EVP_HPKE_CTX_init initializes an already-allocated |EVP_HPKE_CTX|. The caller
|
|
65
|
+
// should then use one of the |EVP_HPKE_CTX_setup_*| functions.
|
|
66
|
+
//
|
|
67
|
+
// It is safe, but not necessary to call |EVP_HPKE_CTX_cleanup| in this state.
|
|
68
|
+
OPENSSL_EXPORT void EVP_HPKE_CTX_init(EVP_HPKE_CTX *ctx);
|
|
69
|
+
|
|
70
|
+
// EVP_HPKE_CTX_cleanup releases memory referenced by |ctx|. |ctx| must have
|
|
71
|
+
// been initialized with |EVP_HPKE_CTX_init|.
|
|
72
|
+
OPENSSL_EXPORT void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx);
|
|
73
|
+
|
|
74
|
+
|
|
75
|
+
// Setting up HPKE contexts.
|
|
76
|
+
//
|
|
77
|
+
// In each of the following functions, |hpke| must have been initialized with
|
|
78
|
+
// |EVP_HPKE_CTX_init|. |kdf_id| selects the KDF for non-KEM HPKE operations and
|
|
79
|
+
// must be one of the |EVP_HPKE_HKDF_*| constants. |aead_id| selects the AEAD
|
|
80
|
+
// for the "open" and "seal" operations and must be one of the |EVP_HPKE_AEAD_*"
|
|
81
|
+
// constants."
|
|
82
|
+
|
|
83
|
+
// EVP_HPKE_CTX_setup_base_s_x25519 sets up |hpke| as a sender context that can
|
|
84
|
+
// encrypt for the private key corresponding to |peer_public_value| (the
|
|
85
|
+
// recipient's public key). It returns one on success, and zero otherwise. Note
|
|
86
|
+
// that this function will fail if |peer_public_value| is invalid.
|
|
87
|
+
//
|
|
88
|
+
// This function writes the encapsulated shared secret to |out_enc|.
|
|
89
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519(
|
|
90
|
+
EVP_HPKE_CTX *hpke, uint8_t out_enc[X25519_PUBLIC_VALUE_LEN],
|
|
91
|
+
uint16_t kdf_id, uint16_t aead_id,
|
|
92
|
+
const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
|
|
93
|
+
const uint8_t *info, size_t info_len);
|
|
94
|
+
|
|
95
|
+
// EVP_HPKE_CTX_setup_base_s_x25519_for_test behaves like
|
|
96
|
+
// |EVP_HPKE_CTX_setup_base_s_x25519|, but takes a pre-generated ephemeral
|
|
97
|
+
// sender key.
|
|
98
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519_for_test(
|
|
99
|
+
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
|
100
|
+
const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
|
|
101
|
+
const uint8_t *info, size_t info_len,
|
|
102
|
+
const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN],
|
|
103
|
+
const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]);
|
|
104
|
+
|
|
105
|
+
// EVP_HPKE_CTX_setup_base_r_x25519 sets up |hpke| as a recipient context that
|
|
106
|
+
// can decrypt messages. |private_key| is the recipient's private key, and |enc|
|
|
107
|
+
// is the encapsulated shared secret from the sender. Note that this function
|
|
108
|
+
// will fail if |enc| is invalid.
|
|
109
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_r_x25519(
|
|
110
|
+
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
|
111
|
+
const uint8_t enc[X25519_PUBLIC_VALUE_LEN],
|
|
112
|
+
const uint8_t public_key[X25519_PUBLIC_VALUE_LEN],
|
|
113
|
+
const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info,
|
|
114
|
+
size_t info_len);
|
|
115
|
+
|
|
116
|
+
// EVP_HPKE_CTX_setup_psk_s_x25519 sets up |hpke| as a sender context that can
|
|
117
|
+
// encrypt for the private key corresponding to |peer_public_value| (the
|
|
118
|
+
// recipient's public key) and authenticate its possession of a PSK. It returns
|
|
119
|
+
// one on success, and zero otherwise. Note that this function will fail if
|
|
120
|
+
// |peer_public_value| is invalid.
|
|
121
|
+
//
|
|
122
|
+
// The PSK and its ID must be provided in |psk| and |psk_id|, respectively. Both
|
|
123
|
+
// must be nonempty (|psk_len| and |psk_id_len| must be non-zero), or this
|
|
124
|
+
// function will fail.
|
|
125
|
+
//
|
|
126
|
+
// This function writes the encapsulated shared secret to |out_enc|.
|
|
127
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_psk_s_x25519(
|
|
128
|
+
EVP_HPKE_CTX *hpke, uint8_t out_enc[X25519_PUBLIC_VALUE_LEN],
|
|
129
|
+
uint16_t kdf_id, uint16_t aead_id,
|
|
130
|
+
const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
|
|
131
|
+
const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len,
|
|
132
|
+
const uint8_t *psk_id, size_t psk_id_len);
|
|
133
|
+
|
|
134
|
+
// EVP_HPKE_CTX_setup_psk_s_x25519_for_test behaves like
|
|
135
|
+
// |EVP_HPKE_CTX_setup_psk_s_x25519|, but takes a pre-generated ephemeral sender
|
|
136
|
+
// key.
|
|
137
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_psk_s_x25519_for_test(
|
|
138
|
+
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
|
139
|
+
const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
|
|
140
|
+
const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len,
|
|
141
|
+
const uint8_t *psk_id, size_t psk_id_len,
|
|
142
|
+
const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN],
|
|
143
|
+
const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]);
|
|
144
|
+
|
|
145
|
+
// EVP_HPKE_CTX_setup_psk_r_x25519 sets up |hpke| as a recipient context that
|
|
146
|
+
// can decrypt messages. Future open (decrypt) operations will fail if the
|
|
147
|
+
// sender does not possess the PSK indicated by |psk| and |psk_id|.
|
|
148
|
+
// |private_key| is the recipient's private key, and |enc| is the encapsulated
|
|
149
|
+
// shared secret from the sender. If |enc| is invalid, this function will fail.
|
|
150
|
+
//
|
|
151
|
+
// The PSK and its ID must be provided in |psk| and |psk_id|, respectively. Both
|
|
152
|
+
// must be nonempty (|psk_len| and |psk_id_len| must be non-zero), or this
|
|
153
|
+
// function will fail.
|
|
154
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_psk_r_x25519(
|
|
155
|
+
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
|
156
|
+
const uint8_t enc[X25519_PUBLIC_VALUE_LEN],
|
|
157
|
+
const uint8_t public_key[X25519_PUBLIC_VALUE_LEN],
|
|
158
|
+
const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info,
|
|
159
|
+
size_t info_len, const uint8_t *psk, size_t psk_len, const uint8_t *psk_id,
|
|
160
|
+
size_t psk_id_len);
|
|
161
|
+
|
|
162
|
+
|
|
163
|
+
// Using an HPKE context.
|
|
164
|
+
|
|
165
|
+
// EVP_HPKE_CTX_open uses the HPKE context |hpke| to authenticate |in_len| bytes
|
|
166
|
+
// from |in| and |ad_len| bytes from |ad| and to decrypt at most |in_len| bytes
|
|
167
|
+
// into |out|. It returns one on success, and zero otherwise.
|
|
168
|
+
//
|
|
169
|
+
// This operation will fail if the |hpke| context is not set up as a receiver.
|
|
170
|
+
//
|
|
171
|
+
// Note that HPKE encryption is stateful and ordered. The sender's first call to
|
|
172
|
+
// |EVP_HPKE_CTX_seal| must correspond to the recipient's first call to
|
|
173
|
+
// |EVP_HPKE_CTX_open|, etc.
|
|
174
|
+
//
|
|
175
|
+
// At most |in_len| bytes are written to |out|. In order to ensure success,
|
|
176
|
+
// |max_out_len| should be at least |in_len|. On successful return, |*out_len|
|
|
177
|
+
// is set to the actual number of bytes written.
|
|
178
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_open(EVP_HPKE_CTX *hpke, uint8_t *out,
|
|
179
|
+
size_t *out_len, size_t max_out_len,
|
|
180
|
+
const uint8_t *in, size_t in_len,
|
|
181
|
+
const uint8_t *ad, size_t ad_len);
|
|
182
|
+
|
|
183
|
+
// EVP_HPKE_CTX_seal uses the HPKE context |hpke| to encrypt and authenticate
|
|
184
|
+
// |in_len| bytes of ciphertext |in| and authenticate |ad_len| bytes from |ad|,
|
|
185
|
+
// writing the result to |out|. It returns one on success and zero otherwise.
|
|
186
|
+
//
|
|
187
|
+
// This operation will fail if the |hpke| context is not set up as a sender.
|
|
188
|
+
//
|
|
189
|
+
// Note that HPKE encryption is stateful and ordered. The sender's first call to
|
|
190
|
+
// |EVP_HPKE_CTX_seal| must correspond to the recipient's first call to
|
|
191
|
+
// |EVP_HPKE_CTX_open|, etc.
|
|
192
|
+
//
|
|
193
|
+
// At most, |max_out_len| encrypted bytes are written to |out|. On successful
|
|
194
|
+
// return, |*out_len| is set to the actual number of bytes written.
|
|
195
|
+
//
|
|
196
|
+
// To ensure success, |max_out_len| should be |in_len| plus the result of
|
|
197
|
+
// |EVP_HPKE_CTX_max_overhead| or |EVP_HPKE_MAX_OVERHEAD|.
|
|
198
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_seal(EVP_HPKE_CTX *hpke, uint8_t *out,
|
|
199
|
+
size_t *out_len, size_t max_out_len,
|
|
200
|
+
const uint8_t *in, size_t in_len,
|
|
201
|
+
const uint8_t *ad, size_t ad_len);
|
|
202
|
+
|
|
203
|
+
// EVP_HPKE_CTX_export uses the HPKE context |hpke| to export a secret of
|
|
204
|
+
// |secret_len| bytes into |out|. This function uses |context_len| bytes from
|
|
205
|
+
// |context| as a context string for the secret. This is necessary to separate
|
|
206
|
+
// different uses of exported secrets and bind relevant caller-specific context
|
|
207
|
+
// into the output. It returns one on success and zero otherwise.
|
|
208
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *hpke, uint8_t *out,
|
|
209
|
+
size_t secret_len,
|
|
210
|
+
const uint8_t *context,
|
|
211
|
+
size_t context_len);
|
|
212
|
+
|
|
213
|
+
// EVP_HPKE_CTX_max_overhead returns the maximum number of additional bytes
|
|
214
|
+
// added by sealing data with |EVP_HPKE_CTX_seal|. The |hpke| context must be
|
|
215
|
+
// set up as a sender.
|
|
216
|
+
OPENSSL_EXPORT size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *hpke);
|
|
217
|
+
|
|
218
|
+
|
|
219
|
+
#if defined(__cplusplus)
|
|
220
|
+
} // extern C
|
|
221
|
+
#endif
|
|
222
|
+
|
|
223
|
+
#if !defined(BORINGSSL_NO_CXX)
|
|
224
|
+
extern "C++" {
|
|
225
|
+
|
|
226
|
+
BSSL_NAMESPACE_BEGIN
|
|
227
|
+
|
|
228
|
+
using ScopedEVP_HPKE_CTX =
|
|
229
|
+
internal::StackAllocated<EVP_HPKE_CTX, void, EVP_HPKE_CTX_init,
|
|
230
|
+
EVP_HPKE_CTX_cleanup>;
|
|
231
|
+
|
|
232
|
+
BSSL_NAMESPACE_END
|
|
233
|
+
|
|
234
|
+
} // extern C++
|
|
235
|
+
#endif
|
|
236
|
+
|
|
237
|
+
#endif // OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
|
|
@@ -110,6 +110,39 @@ int pmbtoken_exp1_read(const PMBTOKEN_ISSUER_KEY *key,
|
|
|
110
110
|
// function is used to confirm H was computed as expected.
|
|
111
111
|
OPENSSL_EXPORT int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]);
|
|
112
112
|
|
|
113
|
+
// The following functions implement the corresponding |TRUST_TOKENS_METHOD|
|
|
114
|
+
// functions for |TRUST_TOKENS_experiment_v2|'s PMBTokens construction which
|
|
115
|
+
// uses P-384.
|
|
116
|
+
//
|
|
117
|
+
// We use P-384 instead of our usual choice of P-256. See Appendix I which
|
|
118
|
+
// describes two attacks which may affect smaller curves. In particular, p-1 for
|
|
119
|
+
// P-256 is smooth, giving a low complexity for the p-1 attack. P-384's p-1 has
|
|
120
|
+
// a 281-bit prime factor,
|
|
121
|
+
// 3055465788140352002733946906144561090641249606160407884365391979704929268480326390471.
|
|
122
|
+
// This lower-bounds the p-1 attack at O(2^140). The p+1 attack is lower-bounded
|
|
123
|
+
// by O(p^(1/3)) or O(2^128), so we do not need to check the smoothness of p+1.
|
|
124
|
+
int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public);
|
|
125
|
+
int pmbtoken_exp2_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
|
|
126
|
+
const uint8_t *in, size_t len);
|
|
127
|
+
int pmbtoken_exp2_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
|
|
128
|
+
const uint8_t *in, size_t len);
|
|
129
|
+
STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count);
|
|
130
|
+
int pmbtoken_exp2_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
|
131
|
+
size_t num_requested, size_t num_to_issue,
|
|
132
|
+
uint8_t private_metadata);
|
|
133
|
+
STACK_OF(TRUST_TOKEN) *
|
|
134
|
+
pmbtoken_exp2_unblind(const PMBTOKEN_CLIENT_KEY *key,
|
|
135
|
+
const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
|
|
136
|
+
CBS *cbs, size_t count, uint32_t key_id);
|
|
137
|
+
int pmbtoken_exp2_read(const PMBTOKEN_ISSUER_KEY *key,
|
|
138
|
+
uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
|
|
139
|
+
uint8_t *out_private_metadata, const uint8_t *token,
|
|
140
|
+
size_t token_len);
|
|
141
|
+
|
|
142
|
+
// pmbtoken_exp2_get_h_for_testing returns H in uncompressed coordinates. This
|
|
143
|
+
// function is used to confirm H was computed as expected.
|
|
144
|
+
OPENSSL_EXPORT int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]);
|
|
145
|
+
|
|
113
146
|
|
|
114
147
|
// Trust Tokens internals.
|
|
115
148
|
|
|
@@ -172,6 +205,15 @@ struct trust_token_method_st {
|
|
|
172
205
|
uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
|
|
173
206
|
uint8_t *out_private_metadata, const uint8_t *token,
|
|
174
207
|
size_t token_len);
|
|
208
|
+
|
|
209
|
+
// whether the construction supports private metadata.
|
|
210
|
+
int has_private_metadata;
|
|
211
|
+
|
|
212
|
+
// max keys that can be configured.
|
|
213
|
+
size_t max_keys;
|
|
214
|
+
|
|
215
|
+
// whether the SRR is part of the protocol.
|
|
216
|
+
int has_srr;
|
|
175
217
|
};
|
|
176
218
|
|
|
177
219
|
// Structure representing a single Trust Token public key with the specified ID.
|
|
@@ -195,7 +237,7 @@ struct trust_token_client_st {
|
|
|
195
237
|
|
|
196
238
|
// keys is the set of public keys that are supported by the client for
|
|
197
239
|
// issuance/redemptions.
|
|
198
|
-
struct trust_token_client_key_st keys[
|
|
240
|
+
struct trust_token_client_key_st keys[6];
|
|
199
241
|
|
|
200
242
|
// num_keys is the number of keys currently configured.
|
|
201
243
|
size_t num_keys;
|
|
@@ -217,7 +259,7 @@ struct trust_token_issuer_st {
|
|
|
217
259
|
// keys is the set of private keys that are supported by the issuer for
|
|
218
260
|
// issuance/redemptions. The public metadata is an index into this list of
|
|
219
261
|
// keys.
|
|
220
|
-
struct trust_token_issuer_key_st keys[
|
|
262
|
+
struct trust_token_issuer_key_st keys[6];
|
|
221
263
|
|
|
222
264
|
// num_keys is the number of keys currently configured.
|
|
223
265
|
size_t num_keys;
|
|
@@ -52,6 +52,7 @@ typedef struct {
|
|
|
52
52
|
// hash_c implements the H_c operation in PMBTokens. It returns one on success
|
|
53
53
|
// and zero on error.
|
|
54
54
|
hash_c_func_t hash_c;
|
|
55
|
+
int prefix_point : 1;
|
|
55
56
|
} PMBTOKEN_METHOD;
|
|
56
57
|
|
|
57
58
|
static const uint8_t kDefaultAdditionalData[32] = {0};
|
|
@@ -59,7 +60,7 @@ static const uint8_t kDefaultAdditionalData[32] = {0};
|
|
|
59
60
|
static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
|
|
60
61
|
const uint8_t *h_bytes, size_t h_len,
|
|
61
62
|
hash_t_func_t hash_t, hash_s_func_t hash_s,
|
|
62
|
-
hash_c_func_t hash_c) {
|
|
63
|
+
hash_c_func_t hash_c, int prefix_point) {
|
|
63
64
|
method->group = EC_GROUP_new_by_curve_name(curve_nid);
|
|
64
65
|
if (method->group == NULL) {
|
|
65
66
|
return 0;
|
|
@@ -68,6 +69,7 @@ static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
|
|
|
68
69
|
method->hash_t = hash_t;
|
|
69
70
|
method->hash_s = hash_s;
|
|
70
71
|
method->hash_c = hash_c;
|
|
72
|
+
method->prefix_point = prefix_point;
|
|
71
73
|
|
|
72
74
|
EC_AFFINE h;
|
|
73
75
|
if (!ec_point_from_uncompressed(method->group, &h, h_bytes, h_len)) {
|
|
@@ -113,11 +115,40 @@ static int point_to_cbb(CBB *out, const EC_GROUP *group,
|
|
|
113
115
|
len) == len;
|
|
114
116
|
}
|
|
115
117
|
|
|
118
|
+
static int cbb_add_prefixed_point(CBB *out, const EC_GROUP *group,
|
|
119
|
+
const EC_AFFINE *point, int prefix_point) {
|
|
120
|
+
if (prefix_point) {
|
|
121
|
+
CBB child;
|
|
122
|
+
if (!CBB_add_u16_length_prefixed(out, &child) ||
|
|
123
|
+
!point_to_cbb(&child, group, point) ||
|
|
124
|
+
!CBB_flush(out)) {
|
|
125
|
+
return 0;
|
|
126
|
+
}
|
|
127
|
+
} else {
|
|
128
|
+
if (!point_to_cbb(out, group, point) ||
|
|
129
|
+
!CBB_flush(out)) {
|
|
130
|
+
return 0;
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
return 1;
|
|
135
|
+
}
|
|
136
|
+
|
|
116
137
|
static int cbs_get_prefixed_point(CBS *cbs, const EC_GROUP *group,
|
|
117
|
-
EC_AFFINE *out) {
|
|
138
|
+
EC_AFFINE *out, int prefix_point) {
|
|
118
139
|
CBS child;
|
|
119
|
-
if (
|
|
120
|
-
|
|
140
|
+
if (prefix_point) {
|
|
141
|
+
if (!CBS_get_u16_length_prefixed(cbs, &child)) {
|
|
142
|
+
return 0;
|
|
143
|
+
}
|
|
144
|
+
} else {
|
|
145
|
+
size_t plen = 1 + 2 * BN_num_bytes(&group->field);
|
|
146
|
+
if (!CBS_get_bytes(cbs, &child, plen)) {
|
|
147
|
+
return 0;
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
|
|
151
|
+
if (!ec_point_from_uncompressed(group, out, CBS_data(&child),
|
|
121
152
|
CBS_len(&child))) {
|
|
122
153
|
return 0;
|
|
123
154
|
}
|
|
@@ -166,16 +197,12 @@ static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
|
|
|
166
197
|
return 0;
|
|
167
198
|
}
|
|
168
199
|
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
!
|
|
174
|
-
|
|
175
|
-
!point_to_cbb(&child, group, &pub_affine[1]) ||
|
|
176
|
-
!CBB_add_u16_length_prefixed(out_public, &child) ||
|
|
177
|
-
!point_to_cbb(&child, group, &pub_affine[2]) ||
|
|
178
|
-
!CBB_flush(out_public)) {
|
|
200
|
+
if (!cbb_add_prefixed_point(out_public, group, &pub_affine[0],
|
|
201
|
+
method->prefix_point) ||
|
|
202
|
+
!cbb_add_prefixed_point(out_public, group, &pub_affine[1],
|
|
203
|
+
method->prefix_point) ||
|
|
204
|
+
!cbb_add_prefixed_point(out_public, group, &pub_affine[2],
|
|
205
|
+
method->prefix_point)) {
|
|
179
206
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BUFFER_TOO_SMALL);
|
|
180
207
|
return 0;
|
|
181
208
|
}
|
|
@@ -186,13 +213,14 @@ static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
|
|
|
186
213
|
static int pmbtoken_client_key_from_bytes(const PMBTOKEN_METHOD *method,
|
|
187
214
|
PMBTOKEN_CLIENT_KEY *key,
|
|
188
215
|
const uint8_t *in, size_t len) {
|
|
189
|
-
// TODO(https://crbug.com/boringssl/331): When updating the key format, remove
|
|
190
|
-
// the redundant length prefixes.
|
|
191
216
|
CBS cbs;
|
|
192
217
|
CBS_init(&cbs, in, len);
|
|
193
|
-
if (!cbs_get_prefixed_point(&cbs, method->group, &key->pub0
|
|
194
|
-
|
|
195
|
-
!cbs_get_prefixed_point(&cbs, method->group, &key->
|
|
218
|
+
if (!cbs_get_prefixed_point(&cbs, method->group, &key->pub0,
|
|
219
|
+
method->prefix_point) ||
|
|
220
|
+
!cbs_get_prefixed_point(&cbs, method->group, &key->pub1,
|
|
221
|
+
method->prefix_point) ||
|
|
222
|
+
!cbs_get_prefixed_point(&cbs, method->group, &key->pubs,
|
|
223
|
+
method->prefix_point) ||
|
|
196
224
|
CBS_len(&cbs) != 0) {
|
|
197
225
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
|
198
226
|
return 0;
|
|
@@ -282,12 +310,8 @@ static STACK_OF(PMBTOKEN_PRETOKEN) *
|
|
|
282
310
|
goto err;
|
|
283
311
|
}
|
|
284
312
|
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
CBB child;
|
|
288
|
-
if (!CBB_add_u16_length_prefixed(cbb, &child) ||
|
|
289
|
-
!point_to_cbb(&child, group, &pretoken->Tp) ||
|
|
290
|
-
!CBB_flush(cbb)) {
|
|
313
|
+
if (!cbb_add_prefixed_point(cbb, group, &pretoken->Tp,
|
|
314
|
+
method->prefix_point)) {
|
|
291
315
|
goto err;
|
|
292
316
|
}
|
|
293
317
|
}
|
|
@@ -750,7 +774,7 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
|
750
774
|
for (size_t i = 0; i < num_to_issue; i++) {
|
|
751
775
|
EC_AFFINE Tp_affine;
|
|
752
776
|
EC_RAW_POINT Tp;
|
|
753
|
-
if (!cbs_get_prefixed_point(cbs, group, &Tp_affine)) {
|
|
777
|
+
if (!cbs_get_prefixed_point(cbs, group, &Tp_affine, method->prefix_point)) {
|
|
754
778
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
|
755
779
|
goto err;
|
|
756
780
|
}
|
|
@@ -766,7 +790,6 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
|
766
790
|
// The |jacobians| and |affines| contain Sp, Wp, and Wsp.
|
|
767
791
|
EC_RAW_POINT jacobians[3];
|
|
768
792
|
EC_AFFINE affines[3];
|
|
769
|
-
CBB child;
|
|
770
793
|
if (!method->hash_s(group, &jacobians[0], &Tp_affine, s) ||
|
|
771
794
|
!ec_point_mul_scalar_batch(group, &jacobians[1], &Tp, &xb,
|
|
772
795
|
&jacobians[0], &yb, NULL, NULL) ||
|
|
@@ -774,12 +797,8 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
|
774
797
|
&jacobians[0], &key->ys, NULL, NULL) ||
|
|
775
798
|
!ec_jacobian_to_affine_batch(group, affines, jacobians, 3) ||
|
|
776
799
|
!CBB_add_bytes(cbb, s, PMBTOKEN_NONCE_SIZE) ||
|
|
777
|
-
|
|
778
|
-
|
|
779
|
-
!CBB_add_u16_length_prefixed(cbb, &child) ||
|
|
780
|
-
!point_to_cbb(&child, group, &affines[1]) ||
|
|
781
|
-
!CBB_add_u16_length_prefixed(cbb, &child) ||
|
|
782
|
-
!point_to_cbb(&child, group, &affines[2])) {
|
|
800
|
+
!cbb_add_prefixed_point(cbb, group, &affines[1], method->prefix_point) ||
|
|
801
|
+
!cbb_add_prefixed_point(cbb, group, &affines[2], method->prefix_point)) {
|
|
783
802
|
goto err;
|
|
784
803
|
}
|
|
785
804
|
|
|
@@ -835,7 +854,11 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
|
835
854
|
|
|
836
855
|
// Skip over any unused requests.
|
|
837
856
|
size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
|
|
838
|
-
|
|
857
|
+
size_t token_len = point_len;
|
|
858
|
+
if (method->prefix_point) {
|
|
859
|
+
token_len += 2;
|
|
860
|
+
}
|
|
861
|
+
if (!CBS_skip(cbs, token_len * (num_requested - num_to_issue))) {
|
|
839
862
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
|
840
863
|
goto err;
|
|
841
864
|
}
|
|
@@ -902,8 +925,9 @@ static STACK_OF(TRUST_TOKEN) *
|
|
|
902
925
|
uint8_t s[PMBTOKEN_NONCE_SIZE];
|
|
903
926
|
EC_AFFINE Wp_affine, Wsp_affine;
|
|
904
927
|
if (!CBS_copy_bytes(cbs, s, PMBTOKEN_NONCE_SIZE) ||
|
|
905
|
-
!cbs_get_prefixed_point(cbs, group, &Wp_affine) ||
|
|
906
|
-
!cbs_get_prefixed_point(cbs, group, &Wsp_affine
|
|
928
|
+
!cbs_get_prefixed_point(cbs, group, &Wp_affine, method->prefix_point) ||
|
|
929
|
+
!cbs_get_prefixed_point(cbs, group, &Wsp_affine,
|
|
930
|
+
method->prefix_point)) {
|
|
907
931
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
|
908
932
|
goto err;
|
|
909
933
|
}
|
|
@@ -937,19 +961,17 @@ static STACK_OF(TRUST_TOKEN) *
|
|
|
937
961
|
|
|
938
962
|
// Serialize the token. Include |key_id| to avoid an extra copy in the layer
|
|
939
963
|
// above.
|
|
940
|
-
CBB token_cbb
|
|
964
|
+
CBB token_cbb;
|
|
941
965
|
size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
|
|
942
966
|
if (!CBB_init(&token_cbb, 4 + PMBTOKEN_NONCE_SIZE + 3 * (2 + point_len)) ||
|
|
943
967
|
!CBB_add_u32(&token_cbb, key_id) ||
|
|
944
968
|
!CBB_add_bytes(&token_cbb, pretoken->t, PMBTOKEN_NONCE_SIZE) ||
|
|
945
|
-
|
|
946
|
-
|
|
947
|
-
!
|
|
948
|
-
|
|
949
|
-
!
|
|
950
|
-
|
|
951
|
-
!CBB_add_u16_length_prefixed(&token_cbb, &child) ||
|
|
952
|
-
!point_to_cbb(&child, group, &affines[2]) ||
|
|
969
|
+
!cbb_add_prefixed_point(&token_cbb, group, &affines[0],
|
|
970
|
+
method->prefix_point) ||
|
|
971
|
+
!cbb_add_prefixed_point(&token_cbb, group, &affines[1],
|
|
972
|
+
method->prefix_point) ||
|
|
973
|
+
!cbb_add_prefixed_point(&token_cbb, group, &affines[2],
|
|
974
|
+
method->prefix_point) ||
|
|
953
975
|
!CBB_flush(&token_cbb)) {
|
|
954
976
|
CBB_cleanup(&token_cbb);
|
|
955
977
|
goto err;
|
|
@@ -1021,9 +1043,9 @@ static int pmbtoken_read(const PMBTOKEN_METHOD *method,
|
|
|
1021
1043
|
CBS_init(&cbs, token, token_len);
|
|
1022
1044
|
EC_AFFINE S, W, Ws;
|
|
1023
1045
|
if (!CBS_copy_bytes(&cbs, out_nonce, PMBTOKEN_NONCE_SIZE) ||
|
|
1024
|
-
!cbs_get_prefixed_point(&cbs, group, &S) ||
|
|
1025
|
-
!cbs_get_prefixed_point(&cbs, group, &W) ||
|
|
1026
|
-
!cbs_get_prefixed_point(&cbs, group, &Ws) ||
|
|
1046
|
+
!cbs_get_prefixed_point(&cbs, group, &S, method->prefix_point) ||
|
|
1047
|
+
!cbs_get_prefixed_point(&cbs, group, &W, method->prefix_point) ||
|
|
1048
|
+
!cbs_get_prefixed_point(&cbs, group, &Ws, method->prefix_point) ||
|
|
1027
1049
|
CBS_len(&cbs) != 0) {
|
|
1028
1050
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN);
|
|
1029
1051
|
return 0;
|
|
@@ -1140,7 +1162,7 @@ static void pmbtoken_exp1_init_method_impl(void) {
|
|
|
1140
1162
|
pmbtoken_exp1_ok =
|
|
1141
1163
|
pmbtoken_init_method(&pmbtoken_exp1_method, NID_secp384r1, kH, sizeof(kH),
|
|
1142
1164
|
pmbtoken_exp1_hash_t, pmbtoken_exp1_hash_s,
|
|
1143
|
-
pmbtoken_exp1_hash_c);
|
|
1165
|
+
pmbtoken_exp1_hash_c, 1);
|
|
1144
1166
|
}
|
|
1145
1167
|
|
|
1146
1168
|
static int pmbtoken_exp1_init_method(void) {
|
|
@@ -1225,3 +1247,153 @@ int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]) {
|
|
|
1225
1247
|
ec_point_to_bytes(pmbtoken_exp1_method.group, &h,
|
|
1226
1248
|
POINT_CONVERSION_UNCOMPRESSED, out, 97) == 97;
|
|
1227
1249
|
}
|
|
1250
|
+
|
|
1251
|
+
// PMBTokens experiment v2.
|
|
1252
|
+
|
|
1253
|
+
static int pmbtoken_exp2_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
|
|
1254
|
+
const uint8_t t[PMBTOKEN_NONCE_SIZE]) {
|
|
1255
|
+
const uint8_t kHashTLabel[] = "PMBTokens Experiment V2 HashT";
|
|
1256
|
+
return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
|
1257
|
+
group, out, kHashTLabel, sizeof(kHashTLabel), t, PMBTOKEN_NONCE_SIZE);
|
|
1258
|
+
}
|
|
1259
|
+
|
|
1260
|
+
static int pmbtoken_exp2_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
|
|
1261
|
+
const EC_AFFINE *t,
|
|
1262
|
+
const uint8_t s[PMBTOKEN_NONCE_SIZE]) {
|
|
1263
|
+
const uint8_t kHashSLabel[] = "PMBTokens Experiment V2 HashS";
|
|
1264
|
+
int ret = 0;
|
|
1265
|
+
CBB cbb;
|
|
1266
|
+
uint8_t *buf = NULL;
|
|
1267
|
+
size_t len;
|
|
1268
|
+
if (!CBB_init(&cbb, 0) ||
|
|
1269
|
+
!point_to_cbb(&cbb, group, t) ||
|
|
1270
|
+
!CBB_add_bytes(&cbb, s, PMBTOKEN_NONCE_SIZE) ||
|
|
1271
|
+
!CBB_finish(&cbb, &buf, &len) ||
|
|
1272
|
+
!ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
|
1273
|
+
group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
|
|
1274
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
|
1275
|
+
goto err;
|
|
1276
|
+
}
|
|
1277
|
+
|
|
1278
|
+
ret = 1;
|
|
1279
|
+
|
|
1280
|
+
err:
|
|
1281
|
+
OPENSSL_free(buf);
|
|
1282
|
+
CBB_cleanup(&cbb);
|
|
1283
|
+
return ret;
|
|
1284
|
+
}
|
|
1285
|
+
|
|
1286
|
+
static int pmbtoken_exp2_hash_c(const EC_GROUP *group, EC_SCALAR *out,
|
|
1287
|
+
uint8_t *buf, size_t len) {
|
|
1288
|
+
const uint8_t kHashCLabel[] = "PMBTokens Experiment V2 HashC";
|
|
1289
|
+
return ec_hash_to_scalar_p384_xmd_sha512_draft07(
|
|
1290
|
+
group, out, kHashCLabel, sizeof(kHashCLabel), buf, len);
|
|
1291
|
+
}
|
|
1292
|
+
|
|
1293
|
+
static int pmbtoken_exp2_ok = 0;
|
|
1294
|
+
static PMBTOKEN_METHOD pmbtoken_exp2_method;
|
|
1295
|
+
static CRYPTO_once_t pmbtoken_exp2_method_once = CRYPTO_ONCE_INIT;
|
|
1296
|
+
|
|
1297
|
+
static void pmbtoken_exp2_init_method_impl(void) {
|
|
1298
|
+
// This is the output of |ec_hash_to_scalar_p384_xmd_sha512_draft07| with DST
|
|
1299
|
+
// "PMBTokens Experiment V2 HashH" and message "generator".
|
|
1300
|
+
static const uint8_t kH[] = {
|
|
1301
|
+
0x04, 0xbc, 0x27, 0x24, 0x99, 0xfa, 0xc9, 0xa4, 0x74, 0x6f, 0xf9,
|
|
1302
|
+
0x07, 0x81, 0x55, 0xf8, 0x1f, 0x6f, 0xda, 0x09, 0xe7, 0x8c, 0x5d,
|
|
1303
|
+
0x9e, 0x4e, 0x14, 0x7c, 0x53, 0x14, 0xbc, 0x7e, 0x29, 0x57, 0x92,
|
|
1304
|
+
0x17, 0x94, 0x6e, 0xd2, 0xdf, 0xa5, 0x31, 0x1b, 0x4e, 0xb7, 0xfc,
|
|
1305
|
+
0x93, 0xe3, 0x6e, 0x14, 0x1f, 0x4f, 0x14, 0xf3, 0xe5, 0x47, 0x61,
|
|
1306
|
+
0x1c, 0x2c, 0x72, 0x25, 0xf0, 0x4a, 0x45, 0x23, 0x2d, 0x57, 0x93,
|
|
1307
|
+
0x0e, 0xb2, 0x55, 0xb8, 0x57, 0x25, 0x4c, 0x1e, 0xdb, 0xfd, 0x58,
|
|
1308
|
+
0x70, 0x17, 0x9a, 0xbb, 0x9e, 0x5e, 0x93, 0x9e, 0x92, 0xd3, 0xe8,
|
|
1309
|
+
0x25, 0x62, 0xbf, 0x59, 0xb2, 0xd2, 0x3d, 0x71, 0xff
|
|
1310
|
+
};
|
|
1311
|
+
|
|
1312
|
+
pmbtoken_exp2_ok =
|
|
1313
|
+
pmbtoken_init_method(&pmbtoken_exp2_method, NID_secp384r1, kH, sizeof(kH),
|
|
1314
|
+
pmbtoken_exp2_hash_t, pmbtoken_exp2_hash_s,
|
|
1315
|
+
pmbtoken_exp2_hash_c, 0);
|
|
1316
|
+
}
|
|
1317
|
+
|
|
1318
|
+
static int pmbtoken_exp2_init_method(void) {
|
|
1319
|
+
CRYPTO_once(&pmbtoken_exp2_method_once, pmbtoken_exp2_init_method_impl);
|
|
1320
|
+
if (!pmbtoken_exp2_ok) {
|
|
1321
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
|
|
1322
|
+
return 0;
|
|
1323
|
+
}
|
|
1324
|
+
return 1;
|
|
1325
|
+
}
|
|
1326
|
+
|
|
1327
|
+
int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public) {
|
|
1328
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1329
|
+
return 0;
|
|
1330
|
+
}
|
|
1331
|
+
|
|
1332
|
+
return pmbtoken_generate_key(&pmbtoken_exp2_method, out_private, out_public);
|
|
1333
|
+
}
|
|
1334
|
+
|
|
1335
|
+
int pmbtoken_exp2_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
|
|
1336
|
+
const uint8_t *in, size_t len) {
|
|
1337
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1338
|
+
return 0;
|
|
1339
|
+
}
|
|
1340
|
+
return pmbtoken_client_key_from_bytes(&pmbtoken_exp2_method, key, in, len);
|
|
1341
|
+
}
|
|
1342
|
+
|
|
1343
|
+
int pmbtoken_exp2_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
|
|
1344
|
+
const uint8_t *in, size_t len) {
|
|
1345
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1346
|
+
return 0;
|
|
1347
|
+
}
|
|
1348
|
+
return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp2_method, key, in, len);
|
|
1349
|
+
}
|
|
1350
|
+
|
|
1351
|
+
STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count) {
|
|
1352
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1353
|
+
return NULL;
|
|
1354
|
+
}
|
|
1355
|
+
return pmbtoken_blind(&pmbtoken_exp2_method, cbb, count);
|
|
1356
|
+
}
|
|
1357
|
+
|
|
1358
|
+
int pmbtoken_exp2_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
|
1359
|
+
size_t num_requested, size_t num_to_issue,
|
|
1360
|
+
uint8_t private_metadata) {
|
|
1361
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1362
|
+
return 0;
|
|
1363
|
+
}
|
|
1364
|
+
return pmbtoken_sign(&pmbtoken_exp2_method, key, cbb, cbs, num_requested,
|
|
1365
|
+
num_to_issue, private_metadata);
|
|
1366
|
+
}
|
|
1367
|
+
|
|
1368
|
+
STACK_OF(TRUST_TOKEN) *
|
|
1369
|
+
pmbtoken_exp2_unblind(const PMBTOKEN_CLIENT_KEY *key,
|
|
1370
|
+
const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
|
|
1371
|
+
CBS *cbs, size_t count, uint32_t key_id) {
|
|
1372
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1373
|
+
return NULL;
|
|
1374
|
+
}
|
|
1375
|
+
return pmbtoken_unblind(&pmbtoken_exp2_method, key, pretokens, cbs, count,
|
|
1376
|
+
key_id);
|
|
1377
|
+
}
|
|
1378
|
+
|
|
1379
|
+
int pmbtoken_exp2_read(const PMBTOKEN_ISSUER_KEY *key,
|
|
1380
|
+
uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
|
|
1381
|
+
uint8_t *out_private_metadata, const uint8_t *token,
|
|
1382
|
+
size_t token_len) {
|
|
1383
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1384
|
+
return 0;
|
|
1385
|
+
}
|
|
1386
|
+
return pmbtoken_read(&pmbtoken_exp2_method, key, out_nonce,
|
|
1387
|
+
out_private_metadata, token, token_len);
|
|
1388
|
+
}
|
|
1389
|
+
|
|
1390
|
+
int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]) {
|
|
1391
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1392
|
+
return 0;
|
|
1393
|
+
}
|
|
1394
|
+
EC_AFFINE h;
|
|
1395
|
+
return ec_jacobian_to_affine(pmbtoken_exp2_method.group, &h,
|
|
1396
|
+
&pmbtoken_exp2_method.h) &&
|
|
1397
|
+
ec_point_to_bytes(pmbtoken_exp2_method.group, &h,
|
|
1398
|
+
POINT_CONVERSION_UNCOMPRESSED, out, 97) == 97;
|
|
1399
|
+
}
|