grpc 1.32.0 → 1.33.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +175 -376
- data/include/grpc/grpc.h +0 -5
- data/include/grpc/grpc_security.h +16 -0
- data/include/grpc/impl/codegen/grpc_types.h +0 -5
- data/src/core/ext/filters/client_channel/client_channel.cc +204 -170
- data/src/core/ext/filters/client_channel/config_selector.cc +0 -4
- data/src/core/ext/filters/client_channel/config_selector.h +34 -5
- data/src/core/ext/filters/client_channel/lb_policy.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +48 -35
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +7 -5
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +106 -106
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +9 -32
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +198 -126
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +439 -249
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds_drop.cc +571 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +727 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +8 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +553 -358
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +28 -0
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +8 -39
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +4 -2
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +44 -43
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +5 -9
- data/src/core/ext/filters/client_channel/server_address.cc +80 -0
- data/src/core/ext/filters/client_channel/server_address.h +25 -36
- data/src/core/ext/filters/client_channel/service_config.cc +16 -13
- data/src/core/ext/filters/client_channel/service_config.h +7 -4
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
- data/src/core/ext/filters/client_channel/service_config_parser.cc +8 -6
- data/src/core/ext/filters/client_channel/service_config_parser.h +8 -5
- data/src/core/ext/filters/client_channel/subchannel_interface.h +44 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +2 -1
- data/src/core/ext/filters/message_size/message_size_filter.h +2 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +17 -10
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +10 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +10 -0
- data/src/core/ext/transport/chttp2/transport/internal.h +5 -0
- data/src/core/ext/transport/chttp2/transport/parsing.cc +16 -2
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +29 -9
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +66 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +123 -45
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +310 -53
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +17 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +45 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +16 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +38 -15
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +133 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +54 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +123 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +40 -16
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +114 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +85 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +36 -16
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +86 -20
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +23 -6
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +54 -5
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +10 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +28 -11
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +184 -57
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +504 -69
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +6 -5
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +78 -26
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +236 -25
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +8 -9
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +19 -33
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +7 -3
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +16 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +65 -23
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +229 -47
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +20 -10
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +67 -4
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +6 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +242 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +753 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +31 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +57 -0
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +53 -0
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +129 -0
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +77 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +36 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +85 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +160 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +84 -0
- data/src/core/ext/xds/certificate_provider_factory.h +59 -0
- data/src/core/ext/xds/certificate_provider_registry.cc +103 -0
- data/src/core/ext/xds/certificate_provider_registry.h +57 -0
- data/src/core/ext/xds/certificate_provider_store.h +50 -0
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +377 -0
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +102 -0
- data/src/core/ext/xds/xds_api.cc +301 -93
- data/src/core/ext/xds/xds_api.h +129 -92
- data/src/core/ext/xds/xds_channel_args.h +6 -3
- data/src/core/ext/xds/xds_client.cc +498 -410
- data/src/core/ext/xds/xds_client.h +105 -51
- data/src/core/ext/xds/xds_client_stats.cc +18 -12
- data/src/core/ext/xds/xds_client_stats.h +33 -5
- data/src/core/lib/channel/channel_args.h +0 -1
- data/src/core/lib/channel/channelz.cc +10 -45
- data/src/core/lib/channel/channelz.h +11 -19
- data/src/core/lib/channel/channelz_registry.cc +12 -11
- data/src/core/lib/channel/channelz_registry.h +3 -0
- data/src/core/lib/gpr/time_precise.cc +2 -0
- data/src/core/lib/gpr/time_precise.h +6 -2
- data/src/core/lib/gprpp/dual_ref_counted.h +336 -0
- data/src/core/lib/gprpp/ref_counted.h +51 -22
- data/src/core/lib/gprpp/ref_counted_ptr.h +153 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +9 -5
- data/src/core/lib/iomgr/exec_ctx.h +10 -8
- data/src/core/lib/json/json_util.cc +58 -0
- data/src/core/lib/json/json_util.h +37 -0
- data/src/core/lib/security/certificate_provider.h +60 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +321 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +214 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +45 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.h +51 -0
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +6 -10
- data/src/core/lib/security/security_connector/ssl_utils.h +5 -0
- data/src/core/lib/surface/channel.cc +9 -31
- data/src/core/lib/surface/channel.h +6 -1
- data/src/core/lib/surface/init.cc +26 -9
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/bdp_estimator.h +2 -1
- data/src/core/lib/transport/connectivity_state.h +2 -2
- data/src/core/lib/transport/metadata.cc +11 -1
- data/src/core/plugin_registry/grpc_plugin_registry.cc +35 -20
- data/src/core/tsi/ssl_transport_security.cc +2 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +3 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/err_data.c +465 -463
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +0 -6
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +9 -43
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +55 -4
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +6 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +30 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +10 -15
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +98 -11
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +51 -6
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +44 -2
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +221 -49
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +64 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +0 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +7 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +21 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +24 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +67 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +29 -35
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +13 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +28 -40
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +7 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +55 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +0 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +12 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +9 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +4 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +9 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +26 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +188 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +52 -43
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +18 -18
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +9 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +8 -9
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +4 -8
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +2 -2
- metadata +72 -42
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +0 -537
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +0 -1141
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +0 -17
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -29
- data/src/core/ext/xds/xds_channel.h +0 -46
- data/src/core/ext/xds/xds_channel_secure.cc +0 -103
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pku.c +0 -110
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_sxnet.c +0 -274
|
@@ -27,9 +27,10 @@ extern "C" {
|
|
|
27
27
|
// Hybrid Public Key Encryption.
|
|
28
28
|
//
|
|
29
29
|
// Hybrid Public Key Encryption (HPKE) enables a sender to encrypt messages to a
|
|
30
|
-
// receiver with a public key.
|
|
30
|
+
// receiver with a public key. Optionally, the sender may authenticate its
|
|
31
|
+
// possession of a pre-shared key to the recipient.
|
|
31
32
|
//
|
|
32
|
-
// See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-
|
|
33
|
+
// See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-05.
|
|
33
34
|
|
|
34
35
|
// EVP_HPKE_AEAD_* are AEAD identifiers.
|
|
35
36
|
#define EVP_HPKE_AEAD_AES_GCM_128 0x0001
|
|
@@ -78,13 +79,11 @@ OPENSSL_EXPORT void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx);
|
|
|
78
79
|
// must be one of the |EVP_HPKE_HKDF_*| constants. |aead_id| selects the AEAD
|
|
79
80
|
// for the "open" and "seal" operations and must be one of the |EVP_HPKE_AEAD_*"
|
|
80
81
|
// constants."
|
|
81
|
-
//
|
|
82
|
-
// See https://www.ietf.org/id/draft-irtf-cfrg-hpke-04.html#section-5.1.1.
|
|
83
82
|
|
|
84
83
|
// EVP_HPKE_CTX_setup_base_s_x25519 sets up |hpke| as a sender context that can
|
|
85
84
|
// encrypt for the private key corresponding to |peer_public_value| (the
|
|
86
85
|
// recipient's public key). It returns one on success, and zero otherwise. Note
|
|
87
|
-
// that this function
|
|
86
|
+
// that this function will fail if |peer_public_value| is invalid.
|
|
88
87
|
//
|
|
89
88
|
// This function writes the encapsulated shared secret to |out_enc|.
|
|
90
89
|
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519(
|
|
@@ -106,7 +105,7 @@ OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519_for_test(
|
|
|
106
105
|
// EVP_HPKE_CTX_setup_base_r_x25519 sets up |hpke| as a recipient context that
|
|
107
106
|
// can decrypt messages. |private_key| is the recipient's private key, and |enc|
|
|
108
107
|
// is the encapsulated shared secret from the sender. Note that this function
|
|
109
|
-
//
|
|
108
|
+
// will fail if |enc| is invalid.
|
|
110
109
|
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_r_x25519(
|
|
111
110
|
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
|
112
111
|
const uint8_t enc[X25519_PUBLIC_VALUE_LEN],
|
|
@@ -114,6 +113,52 @@ OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_r_x25519(
|
|
|
114
113
|
const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info,
|
|
115
114
|
size_t info_len);
|
|
116
115
|
|
|
116
|
+
// EVP_HPKE_CTX_setup_psk_s_x25519 sets up |hpke| as a sender context that can
|
|
117
|
+
// encrypt for the private key corresponding to |peer_public_value| (the
|
|
118
|
+
// recipient's public key) and authenticate its possession of a PSK. It returns
|
|
119
|
+
// one on success, and zero otherwise. Note that this function will fail if
|
|
120
|
+
// |peer_public_value| is invalid.
|
|
121
|
+
//
|
|
122
|
+
// The PSK and its ID must be provided in |psk| and |psk_id|, respectively. Both
|
|
123
|
+
// must be nonempty (|psk_len| and |psk_id_len| must be non-zero), or this
|
|
124
|
+
// function will fail.
|
|
125
|
+
//
|
|
126
|
+
// This function writes the encapsulated shared secret to |out_enc|.
|
|
127
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_psk_s_x25519(
|
|
128
|
+
EVP_HPKE_CTX *hpke, uint8_t out_enc[X25519_PUBLIC_VALUE_LEN],
|
|
129
|
+
uint16_t kdf_id, uint16_t aead_id,
|
|
130
|
+
const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
|
|
131
|
+
const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len,
|
|
132
|
+
const uint8_t *psk_id, size_t psk_id_len);
|
|
133
|
+
|
|
134
|
+
// EVP_HPKE_CTX_setup_psk_s_x25519_for_test behaves like
|
|
135
|
+
// |EVP_HPKE_CTX_setup_psk_s_x25519|, but takes a pre-generated ephemeral sender
|
|
136
|
+
// key.
|
|
137
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_psk_s_x25519_for_test(
|
|
138
|
+
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
|
139
|
+
const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
|
|
140
|
+
const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len,
|
|
141
|
+
const uint8_t *psk_id, size_t psk_id_len,
|
|
142
|
+
const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN],
|
|
143
|
+
const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]);
|
|
144
|
+
|
|
145
|
+
// EVP_HPKE_CTX_setup_psk_r_x25519 sets up |hpke| as a recipient context that
|
|
146
|
+
// can decrypt messages. Future open (decrypt) operations will fail if the
|
|
147
|
+
// sender does not possess the PSK indicated by |psk| and |psk_id|.
|
|
148
|
+
// |private_key| is the recipient's private key, and |enc| is the encapsulated
|
|
149
|
+
// shared secret from the sender. If |enc| is invalid, this function will fail.
|
|
150
|
+
//
|
|
151
|
+
// The PSK and its ID must be provided in |psk| and |psk_id|, respectively. Both
|
|
152
|
+
// must be nonempty (|psk_len| and |psk_id_len| must be non-zero), or this
|
|
153
|
+
// function will fail.
|
|
154
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_psk_r_x25519(
|
|
155
|
+
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
|
156
|
+
const uint8_t enc[X25519_PUBLIC_VALUE_LEN],
|
|
157
|
+
const uint8_t public_key[X25519_PUBLIC_VALUE_LEN],
|
|
158
|
+
const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info,
|
|
159
|
+
size_t info_len, const uint8_t *psk, size_t psk_len, const uint8_t *psk_id,
|
|
160
|
+
size_t psk_id_len);
|
|
161
|
+
|
|
117
162
|
|
|
118
163
|
// Using an HPKE context.
|
|
119
164
|
|
|
@@ -110,6 +110,39 @@ int pmbtoken_exp1_read(const PMBTOKEN_ISSUER_KEY *key,
|
|
|
110
110
|
// function is used to confirm H was computed as expected.
|
|
111
111
|
OPENSSL_EXPORT int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]);
|
|
112
112
|
|
|
113
|
+
// The following functions implement the corresponding |TRUST_TOKENS_METHOD|
|
|
114
|
+
// functions for |TRUST_TOKENS_experiment_v2|'s PMBTokens construction which
|
|
115
|
+
// uses P-384.
|
|
116
|
+
//
|
|
117
|
+
// We use P-384 instead of our usual choice of P-256. See Appendix I which
|
|
118
|
+
// describes two attacks which may affect smaller curves. In particular, p-1 for
|
|
119
|
+
// P-256 is smooth, giving a low complexity for the p-1 attack. P-384's p-1 has
|
|
120
|
+
// a 281-bit prime factor,
|
|
121
|
+
// 3055465788140352002733946906144561090641249606160407884365391979704929268480326390471.
|
|
122
|
+
// This lower-bounds the p-1 attack at O(2^140). The p+1 attack is lower-bounded
|
|
123
|
+
// by O(p^(1/3)) or O(2^128), so we do not need to check the smoothness of p+1.
|
|
124
|
+
int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public);
|
|
125
|
+
int pmbtoken_exp2_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
|
|
126
|
+
const uint8_t *in, size_t len);
|
|
127
|
+
int pmbtoken_exp2_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
|
|
128
|
+
const uint8_t *in, size_t len);
|
|
129
|
+
STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count);
|
|
130
|
+
int pmbtoken_exp2_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
|
131
|
+
size_t num_requested, size_t num_to_issue,
|
|
132
|
+
uint8_t private_metadata);
|
|
133
|
+
STACK_OF(TRUST_TOKEN) *
|
|
134
|
+
pmbtoken_exp2_unblind(const PMBTOKEN_CLIENT_KEY *key,
|
|
135
|
+
const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
|
|
136
|
+
CBS *cbs, size_t count, uint32_t key_id);
|
|
137
|
+
int pmbtoken_exp2_read(const PMBTOKEN_ISSUER_KEY *key,
|
|
138
|
+
uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
|
|
139
|
+
uint8_t *out_private_metadata, const uint8_t *token,
|
|
140
|
+
size_t token_len);
|
|
141
|
+
|
|
142
|
+
// pmbtoken_exp2_get_h_for_testing returns H in uncompressed coordinates. This
|
|
143
|
+
// function is used to confirm H was computed as expected.
|
|
144
|
+
OPENSSL_EXPORT int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]);
|
|
145
|
+
|
|
113
146
|
|
|
114
147
|
// Trust Tokens internals.
|
|
115
148
|
|
|
@@ -172,6 +205,15 @@ struct trust_token_method_st {
|
|
|
172
205
|
uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
|
|
173
206
|
uint8_t *out_private_metadata, const uint8_t *token,
|
|
174
207
|
size_t token_len);
|
|
208
|
+
|
|
209
|
+
// whether the construction supports private metadata.
|
|
210
|
+
int has_private_metadata;
|
|
211
|
+
|
|
212
|
+
// max keys that can be configured.
|
|
213
|
+
size_t max_keys;
|
|
214
|
+
|
|
215
|
+
// whether the SRR is part of the protocol.
|
|
216
|
+
int has_srr;
|
|
175
217
|
};
|
|
176
218
|
|
|
177
219
|
// Structure representing a single Trust Token public key with the specified ID.
|
|
@@ -195,7 +237,7 @@ struct trust_token_client_st {
|
|
|
195
237
|
|
|
196
238
|
// keys is the set of public keys that are supported by the client for
|
|
197
239
|
// issuance/redemptions.
|
|
198
|
-
struct trust_token_client_key_st keys[
|
|
240
|
+
struct trust_token_client_key_st keys[6];
|
|
199
241
|
|
|
200
242
|
// num_keys is the number of keys currently configured.
|
|
201
243
|
size_t num_keys;
|
|
@@ -217,7 +259,7 @@ struct trust_token_issuer_st {
|
|
|
217
259
|
// keys is the set of private keys that are supported by the issuer for
|
|
218
260
|
// issuance/redemptions. The public metadata is an index into this list of
|
|
219
261
|
// keys.
|
|
220
|
-
struct trust_token_issuer_key_st keys[
|
|
262
|
+
struct trust_token_issuer_key_st keys[6];
|
|
221
263
|
|
|
222
264
|
// num_keys is the number of keys currently configured.
|
|
223
265
|
size_t num_keys;
|
|
@@ -52,6 +52,7 @@ typedef struct {
|
|
|
52
52
|
// hash_c implements the H_c operation in PMBTokens. It returns one on success
|
|
53
53
|
// and zero on error.
|
|
54
54
|
hash_c_func_t hash_c;
|
|
55
|
+
int prefix_point : 1;
|
|
55
56
|
} PMBTOKEN_METHOD;
|
|
56
57
|
|
|
57
58
|
static const uint8_t kDefaultAdditionalData[32] = {0};
|
|
@@ -59,7 +60,7 @@ static const uint8_t kDefaultAdditionalData[32] = {0};
|
|
|
59
60
|
static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
|
|
60
61
|
const uint8_t *h_bytes, size_t h_len,
|
|
61
62
|
hash_t_func_t hash_t, hash_s_func_t hash_s,
|
|
62
|
-
hash_c_func_t hash_c) {
|
|
63
|
+
hash_c_func_t hash_c, int prefix_point) {
|
|
63
64
|
method->group = EC_GROUP_new_by_curve_name(curve_nid);
|
|
64
65
|
if (method->group == NULL) {
|
|
65
66
|
return 0;
|
|
@@ -68,6 +69,7 @@ static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
|
|
|
68
69
|
method->hash_t = hash_t;
|
|
69
70
|
method->hash_s = hash_s;
|
|
70
71
|
method->hash_c = hash_c;
|
|
72
|
+
method->prefix_point = prefix_point;
|
|
71
73
|
|
|
72
74
|
EC_AFFINE h;
|
|
73
75
|
if (!ec_point_from_uncompressed(method->group, &h, h_bytes, h_len)) {
|
|
@@ -113,11 +115,40 @@ static int point_to_cbb(CBB *out, const EC_GROUP *group,
|
|
|
113
115
|
len) == len;
|
|
114
116
|
}
|
|
115
117
|
|
|
118
|
+
static int cbb_add_prefixed_point(CBB *out, const EC_GROUP *group,
|
|
119
|
+
const EC_AFFINE *point, int prefix_point) {
|
|
120
|
+
if (prefix_point) {
|
|
121
|
+
CBB child;
|
|
122
|
+
if (!CBB_add_u16_length_prefixed(out, &child) ||
|
|
123
|
+
!point_to_cbb(&child, group, point) ||
|
|
124
|
+
!CBB_flush(out)) {
|
|
125
|
+
return 0;
|
|
126
|
+
}
|
|
127
|
+
} else {
|
|
128
|
+
if (!point_to_cbb(out, group, point) ||
|
|
129
|
+
!CBB_flush(out)) {
|
|
130
|
+
return 0;
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
return 1;
|
|
135
|
+
}
|
|
136
|
+
|
|
116
137
|
static int cbs_get_prefixed_point(CBS *cbs, const EC_GROUP *group,
|
|
117
|
-
EC_AFFINE *out) {
|
|
138
|
+
EC_AFFINE *out, int prefix_point) {
|
|
118
139
|
CBS child;
|
|
119
|
-
if (
|
|
120
|
-
|
|
140
|
+
if (prefix_point) {
|
|
141
|
+
if (!CBS_get_u16_length_prefixed(cbs, &child)) {
|
|
142
|
+
return 0;
|
|
143
|
+
}
|
|
144
|
+
} else {
|
|
145
|
+
size_t plen = 1 + 2 * BN_num_bytes(&group->field);
|
|
146
|
+
if (!CBS_get_bytes(cbs, &child, plen)) {
|
|
147
|
+
return 0;
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
|
|
151
|
+
if (!ec_point_from_uncompressed(group, out, CBS_data(&child),
|
|
121
152
|
CBS_len(&child))) {
|
|
122
153
|
return 0;
|
|
123
154
|
}
|
|
@@ -166,16 +197,12 @@ static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
|
|
|
166
197
|
return 0;
|
|
167
198
|
}
|
|
168
199
|
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
!
|
|
174
|
-
|
|
175
|
-
!point_to_cbb(&child, group, &pub_affine[1]) ||
|
|
176
|
-
!CBB_add_u16_length_prefixed(out_public, &child) ||
|
|
177
|
-
!point_to_cbb(&child, group, &pub_affine[2]) ||
|
|
178
|
-
!CBB_flush(out_public)) {
|
|
200
|
+
if (!cbb_add_prefixed_point(out_public, group, &pub_affine[0],
|
|
201
|
+
method->prefix_point) ||
|
|
202
|
+
!cbb_add_prefixed_point(out_public, group, &pub_affine[1],
|
|
203
|
+
method->prefix_point) ||
|
|
204
|
+
!cbb_add_prefixed_point(out_public, group, &pub_affine[2],
|
|
205
|
+
method->prefix_point)) {
|
|
179
206
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BUFFER_TOO_SMALL);
|
|
180
207
|
return 0;
|
|
181
208
|
}
|
|
@@ -186,13 +213,14 @@ static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
|
|
|
186
213
|
static int pmbtoken_client_key_from_bytes(const PMBTOKEN_METHOD *method,
|
|
187
214
|
PMBTOKEN_CLIENT_KEY *key,
|
|
188
215
|
const uint8_t *in, size_t len) {
|
|
189
|
-
// TODO(https://crbug.com/boringssl/331): When updating the key format, remove
|
|
190
|
-
// the redundant length prefixes.
|
|
191
216
|
CBS cbs;
|
|
192
217
|
CBS_init(&cbs, in, len);
|
|
193
|
-
if (!cbs_get_prefixed_point(&cbs, method->group, &key->pub0
|
|
194
|
-
|
|
195
|
-
!cbs_get_prefixed_point(&cbs, method->group, &key->
|
|
218
|
+
if (!cbs_get_prefixed_point(&cbs, method->group, &key->pub0,
|
|
219
|
+
method->prefix_point) ||
|
|
220
|
+
!cbs_get_prefixed_point(&cbs, method->group, &key->pub1,
|
|
221
|
+
method->prefix_point) ||
|
|
222
|
+
!cbs_get_prefixed_point(&cbs, method->group, &key->pubs,
|
|
223
|
+
method->prefix_point) ||
|
|
196
224
|
CBS_len(&cbs) != 0) {
|
|
197
225
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
|
198
226
|
return 0;
|
|
@@ -282,12 +310,8 @@ static STACK_OF(PMBTOKEN_PRETOKEN) *
|
|
|
282
310
|
goto err;
|
|
283
311
|
}
|
|
284
312
|
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
CBB child;
|
|
288
|
-
if (!CBB_add_u16_length_prefixed(cbb, &child) ||
|
|
289
|
-
!point_to_cbb(&child, group, &pretoken->Tp) ||
|
|
290
|
-
!CBB_flush(cbb)) {
|
|
313
|
+
if (!cbb_add_prefixed_point(cbb, group, &pretoken->Tp,
|
|
314
|
+
method->prefix_point)) {
|
|
291
315
|
goto err;
|
|
292
316
|
}
|
|
293
317
|
}
|
|
@@ -750,7 +774,7 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
|
750
774
|
for (size_t i = 0; i < num_to_issue; i++) {
|
|
751
775
|
EC_AFFINE Tp_affine;
|
|
752
776
|
EC_RAW_POINT Tp;
|
|
753
|
-
if (!cbs_get_prefixed_point(cbs, group, &Tp_affine)) {
|
|
777
|
+
if (!cbs_get_prefixed_point(cbs, group, &Tp_affine, method->prefix_point)) {
|
|
754
778
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
|
755
779
|
goto err;
|
|
756
780
|
}
|
|
@@ -766,7 +790,6 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
|
766
790
|
// The |jacobians| and |affines| contain Sp, Wp, and Wsp.
|
|
767
791
|
EC_RAW_POINT jacobians[3];
|
|
768
792
|
EC_AFFINE affines[3];
|
|
769
|
-
CBB child;
|
|
770
793
|
if (!method->hash_s(group, &jacobians[0], &Tp_affine, s) ||
|
|
771
794
|
!ec_point_mul_scalar_batch(group, &jacobians[1], &Tp, &xb,
|
|
772
795
|
&jacobians[0], &yb, NULL, NULL) ||
|
|
@@ -774,12 +797,8 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
|
774
797
|
&jacobians[0], &key->ys, NULL, NULL) ||
|
|
775
798
|
!ec_jacobian_to_affine_batch(group, affines, jacobians, 3) ||
|
|
776
799
|
!CBB_add_bytes(cbb, s, PMBTOKEN_NONCE_SIZE) ||
|
|
777
|
-
|
|
778
|
-
|
|
779
|
-
!CBB_add_u16_length_prefixed(cbb, &child) ||
|
|
780
|
-
!point_to_cbb(&child, group, &affines[1]) ||
|
|
781
|
-
!CBB_add_u16_length_prefixed(cbb, &child) ||
|
|
782
|
-
!point_to_cbb(&child, group, &affines[2])) {
|
|
800
|
+
!cbb_add_prefixed_point(cbb, group, &affines[1], method->prefix_point) ||
|
|
801
|
+
!cbb_add_prefixed_point(cbb, group, &affines[2], method->prefix_point)) {
|
|
783
802
|
goto err;
|
|
784
803
|
}
|
|
785
804
|
|
|
@@ -835,7 +854,11 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
|
835
854
|
|
|
836
855
|
// Skip over any unused requests.
|
|
837
856
|
size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
|
|
838
|
-
|
|
857
|
+
size_t token_len = point_len;
|
|
858
|
+
if (method->prefix_point) {
|
|
859
|
+
token_len += 2;
|
|
860
|
+
}
|
|
861
|
+
if (!CBS_skip(cbs, token_len * (num_requested - num_to_issue))) {
|
|
839
862
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
|
840
863
|
goto err;
|
|
841
864
|
}
|
|
@@ -902,8 +925,9 @@ static STACK_OF(TRUST_TOKEN) *
|
|
|
902
925
|
uint8_t s[PMBTOKEN_NONCE_SIZE];
|
|
903
926
|
EC_AFFINE Wp_affine, Wsp_affine;
|
|
904
927
|
if (!CBS_copy_bytes(cbs, s, PMBTOKEN_NONCE_SIZE) ||
|
|
905
|
-
!cbs_get_prefixed_point(cbs, group, &Wp_affine) ||
|
|
906
|
-
!cbs_get_prefixed_point(cbs, group, &Wsp_affine
|
|
928
|
+
!cbs_get_prefixed_point(cbs, group, &Wp_affine, method->prefix_point) ||
|
|
929
|
+
!cbs_get_prefixed_point(cbs, group, &Wsp_affine,
|
|
930
|
+
method->prefix_point)) {
|
|
907
931
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
|
908
932
|
goto err;
|
|
909
933
|
}
|
|
@@ -937,19 +961,17 @@ static STACK_OF(TRUST_TOKEN) *
|
|
|
937
961
|
|
|
938
962
|
// Serialize the token. Include |key_id| to avoid an extra copy in the layer
|
|
939
963
|
// above.
|
|
940
|
-
CBB token_cbb
|
|
964
|
+
CBB token_cbb;
|
|
941
965
|
size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
|
|
942
966
|
if (!CBB_init(&token_cbb, 4 + PMBTOKEN_NONCE_SIZE + 3 * (2 + point_len)) ||
|
|
943
967
|
!CBB_add_u32(&token_cbb, key_id) ||
|
|
944
968
|
!CBB_add_bytes(&token_cbb, pretoken->t, PMBTOKEN_NONCE_SIZE) ||
|
|
945
|
-
|
|
946
|
-
|
|
947
|
-
!
|
|
948
|
-
|
|
949
|
-
!
|
|
950
|
-
|
|
951
|
-
!CBB_add_u16_length_prefixed(&token_cbb, &child) ||
|
|
952
|
-
!point_to_cbb(&child, group, &affines[2]) ||
|
|
969
|
+
!cbb_add_prefixed_point(&token_cbb, group, &affines[0],
|
|
970
|
+
method->prefix_point) ||
|
|
971
|
+
!cbb_add_prefixed_point(&token_cbb, group, &affines[1],
|
|
972
|
+
method->prefix_point) ||
|
|
973
|
+
!cbb_add_prefixed_point(&token_cbb, group, &affines[2],
|
|
974
|
+
method->prefix_point) ||
|
|
953
975
|
!CBB_flush(&token_cbb)) {
|
|
954
976
|
CBB_cleanup(&token_cbb);
|
|
955
977
|
goto err;
|
|
@@ -1021,9 +1043,9 @@ static int pmbtoken_read(const PMBTOKEN_METHOD *method,
|
|
|
1021
1043
|
CBS_init(&cbs, token, token_len);
|
|
1022
1044
|
EC_AFFINE S, W, Ws;
|
|
1023
1045
|
if (!CBS_copy_bytes(&cbs, out_nonce, PMBTOKEN_NONCE_SIZE) ||
|
|
1024
|
-
!cbs_get_prefixed_point(&cbs, group, &S) ||
|
|
1025
|
-
!cbs_get_prefixed_point(&cbs, group, &W) ||
|
|
1026
|
-
!cbs_get_prefixed_point(&cbs, group, &Ws) ||
|
|
1046
|
+
!cbs_get_prefixed_point(&cbs, group, &S, method->prefix_point) ||
|
|
1047
|
+
!cbs_get_prefixed_point(&cbs, group, &W, method->prefix_point) ||
|
|
1048
|
+
!cbs_get_prefixed_point(&cbs, group, &Ws, method->prefix_point) ||
|
|
1027
1049
|
CBS_len(&cbs) != 0) {
|
|
1028
1050
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN);
|
|
1029
1051
|
return 0;
|
|
@@ -1140,7 +1162,7 @@ static void pmbtoken_exp1_init_method_impl(void) {
|
|
|
1140
1162
|
pmbtoken_exp1_ok =
|
|
1141
1163
|
pmbtoken_init_method(&pmbtoken_exp1_method, NID_secp384r1, kH, sizeof(kH),
|
|
1142
1164
|
pmbtoken_exp1_hash_t, pmbtoken_exp1_hash_s,
|
|
1143
|
-
pmbtoken_exp1_hash_c);
|
|
1165
|
+
pmbtoken_exp1_hash_c, 1);
|
|
1144
1166
|
}
|
|
1145
1167
|
|
|
1146
1168
|
static int pmbtoken_exp1_init_method(void) {
|
|
@@ -1225,3 +1247,153 @@ int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]) {
|
|
|
1225
1247
|
ec_point_to_bytes(pmbtoken_exp1_method.group, &h,
|
|
1226
1248
|
POINT_CONVERSION_UNCOMPRESSED, out, 97) == 97;
|
|
1227
1249
|
}
|
|
1250
|
+
|
|
1251
|
+
// PMBTokens experiment v2.
|
|
1252
|
+
|
|
1253
|
+
static int pmbtoken_exp2_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
|
|
1254
|
+
const uint8_t t[PMBTOKEN_NONCE_SIZE]) {
|
|
1255
|
+
const uint8_t kHashTLabel[] = "PMBTokens Experiment V2 HashT";
|
|
1256
|
+
return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
|
1257
|
+
group, out, kHashTLabel, sizeof(kHashTLabel), t, PMBTOKEN_NONCE_SIZE);
|
|
1258
|
+
}
|
|
1259
|
+
|
|
1260
|
+
static int pmbtoken_exp2_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
|
|
1261
|
+
const EC_AFFINE *t,
|
|
1262
|
+
const uint8_t s[PMBTOKEN_NONCE_SIZE]) {
|
|
1263
|
+
const uint8_t kHashSLabel[] = "PMBTokens Experiment V2 HashS";
|
|
1264
|
+
int ret = 0;
|
|
1265
|
+
CBB cbb;
|
|
1266
|
+
uint8_t *buf = NULL;
|
|
1267
|
+
size_t len;
|
|
1268
|
+
if (!CBB_init(&cbb, 0) ||
|
|
1269
|
+
!point_to_cbb(&cbb, group, t) ||
|
|
1270
|
+
!CBB_add_bytes(&cbb, s, PMBTOKEN_NONCE_SIZE) ||
|
|
1271
|
+
!CBB_finish(&cbb, &buf, &len) ||
|
|
1272
|
+
!ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
|
1273
|
+
group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
|
|
1274
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
|
1275
|
+
goto err;
|
|
1276
|
+
}
|
|
1277
|
+
|
|
1278
|
+
ret = 1;
|
|
1279
|
+
|
|
1280
|
+
err:
|
|
1281
|
+
OPENSSL_free(buf);
|
|
1282
|
+
CBB_cleanup(&cbb);
|
|
1283
|
+
return ret;
|
|
1284
|
+
}
|
|
1285
|
+
|
|
1286
|
+
static int pmbtoken_exp2_hash_c(const EC_GROUP *group, EC_SCALAR *out,
|
|
1287
|
+
uint8_t *buf, size_t len) {
|
|
1288
|
+
const uint8_t kHashCLabel[] = "PMBTokens Experiment V2 HashC";
|
|
1289
|
+
return ec_hash_to_scalar_p384_xmd_sha512_draft07(
|
|
1290
|
+
group, out, kHashCLabel, sizeof(kHashCLabel), buf, len);
|
|
1291
|
+
}
|
|
1292
|
+
|
|
1293
|
+
static int pmbtoken_exp2_ok = 0;
|
|
1294
|
+
static PMBTOKEN_METHOD pmbtoken_exp2_method;
|
|
1295
|
+
static CRYPTO_once_t pmbtoken_exp2_method_once = CRYPTO_ONCE_INIT;
|
|
1296
|
+
|
|
1297
|
+
static void pmbtoken_exp2_init_method_impl(void) {
|
|
1298
|
+
// This is the output of |ec_hash_to_scalar_p384_xmd_sha512_draft07| with DST
|
|
1299
|
+
// "PMBTokens Experiment V2 HashH" and message "generator".
|
|
1300
|
+
static const uint8_t kH[] = {
|
|
1301
|
+
0x04, 0xbc, 0x27, 0x24, 0x99, 0xfa, 0xc9, 0xa4, 0x74, 0x6f, 0xf9,
|
|
1302
|
+
0x07, 0x81, 0x55, 0xf8, 0x1f, 0x6f, 0xda, 0x09, 0xe7, 0x8c, 0x5d,
|
|
1303
|
+
0x9e, 0x4e, 0x14, 0x7c, 0x53, 0x14, 0xbc, 0x7e, 0x29, 0x57, 0x92,
|
|
1304
|
+
0x17, 0x94, 0x6e, 0xd2, 0xdf, 0xa5, 0x31, 0x1b, 0x4e, 0xb7, 0xfc,
|
|
1305
|
+
0x93, 0xe3, 0x6e, 0x14, 0x1f, 0x4f, 0x14, 0xf3, 0xe5, 0x47, 0x61,
|
|
1306
|
+
0x1c, 0x2c, 0x72, 0x25, 0xf0, 0x4a, 0x45, 0x23, 0x2d, 0x57, 0x93,
|
|
1307
|
+
0x0e, 0xb2, 0x55, 0xb8, 0x57, 0x25, 0x4c, 0x1e, 0xdb, 0xfd, 0x58,
|
|
1308
|
+
0x70, 0x17, 0x9a, 0xbb, 0x9e, 0x5e, 0x93, 0x9e, 0x92, 0xd3, 0xe8,
|
|
1309
|
+
0x25, 0x62, 0xbf, 0x59, 0xb2, 0xd2, 0x3d, 0x71, 0xff
|
|
1310
|
+
};
|
|
1311
|
+
|
|
1312
|
+
pmbtoken_exp2_ok =
|
|
1313
|
+
pmbtoken_init_method(&pmbtoken_exp2_method, NID_secp384r1, kH, sizeof(kH),
|
|
1314
|
+
pmbtoken_exp2_hash_t, pmbtoken_exp2_hash_s,
|
|
1315
|
+
pmbtoken_exp2_hash_c, 0);
|
|
1316
|
+
}
|
|
1317
|
+
|
|
1318
|
+
static int pmbtoken_exp2_init_method(void) {
|
|
1319
|
+
CRYPTO_once(&pmbtoken_exp2_method_once, pmbtoken_exp2_init_method_impl);
|
|
1320
|
+
if (!pmbtoken_exp2_ok) {
|
|
1321
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
|
|
1322
|
+
return 0;
|
|
1323
|
+
}
|
|
1324
|
+
return 1;
|
|
1325
|
+
}
|
|
1326
|
+
|
|
1327
|
+
int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public) {
|
|
1328
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1329
|
+
return 0;
|
|
1330
|
+
}
|
|
1331
|
+
|
|
1332
|
+
return pmbtoken_generate_key(&pmbtoken_exp2_method, out_private, out_public);
|
|
1333
|
+
}
|
|
1334
|
+
|
|
1335
|
+
int pmbtoken_exp2_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
|
|
1336
|
+
const uint8_t *in, size_t len) {
|
|
1337
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1338
|
+
return 0;
|
|
1339
|
+
}
|
|
1340
|
+
return pmbtoken_client_key_from_bytes(&pmbtoken_exp2_method, key, in, len);
|
|
1341
|
+
}
|
|
1342
|
+
|
|
1343
|
+
int pmbtoken_exp2_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
|
|
1344
|
+
const uint8_t *in, size_t len) {
|
|
1345
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1346
|
+
return 0;
|
|
1347
|
+
}
|
|
1348
|
+
return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp2_method, key, in, len);
|
|
1349
|
+
}
|
|
1350
|
+
|
|
1351
|
+
STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count) {
|
|
1352
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1353
|
+
return NULL;
|
|
1354
|
+
}
|
|
1355
|
+
return pmbtoken_blind(&pmbtoken_exp2_method, cbb, count);
|
|
1356
|
+
}
|
|
1357
|
+
|
|
1358
|
+
int pmbtoken_exp2_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
|
1359
|
+
size_t num_requested, size_t num_to_issue,
|
|
1360
|
+
uint8_t private_metadata) {
|
|
1361
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1362
|
+
return 0;
|
|
1363
|
+
}
|
|
1364
|
+
return pmbtoken_sign(&pmbtoken_exp2_method, key, cbb, cbs, num_requested,
|
|
1365
|
+
num_to_issue, private_metadata);
|
|
1366
|
+
}
|
|
1367
|
+
|
|
1368
|
+
STACK_OF(TRUST_TOKEN) *
|
|
1369
|
+
pmbtoken_exp2_unblind(const PMBTOKEN_CLIENT_KEY *key,
|
|
1370
|
+
const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
|
|
1371
|
+
CBS *cbs, size_t count, uint32_t key_id) {
|
|
1372
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1373
|
+
return NULL;
|
|
1374
|
+
}
|
|
1375
|
+
return pmbtoken_unblind(&pmbtoken_exp2_method, key, pretokens, cbs, count,
|
|
1376
|
+
key_id);
|
|
1377
|
+
}
|
|
1378
|
+
|
|
1379
|
+
int pmbtoken_exp2_read(const PMBTOKEN_ISSUER_KEY *key,
|
|
1380
|
+
uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
|
|
1381
|
+
uint8_t *out_private_metadata, const uint8_t *token,
|
|
1382
|
+
size_t token_len) {
|
|
1383
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1384
|
+
return 0;
|
|
1385
|
+
}
|
|
1386
|
+
return pmbtoken_read(&pmbtoken_exp2_method, key, out_nonce,
|
|
1387
|
+
out_private_metadata, token, token_len);
|
|
1388
|
+
}
|
|
1389
|
+
|
|
1390
|
+
int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]) {
|
|
1391
|
+
if (!pmbtoken_exp2_init_method()) {
|
|
1392
|
+
return 0;
|
|
1393
|
+
}
|
|
1394
|
+
EC_AFFINE h;
|
|
1395
|
+
return ec_jacobian_to_affine(pmbtoken_exp2_method.group, &h,
|
|
1396
|
+
&pmbtoken_exp2_method.h) &&
|
|
1397
|
+
ec_point_to_bytes(pmbtoken_exp2_method.group, &h,
|
|
1398
|
+
POINT_CONVERSION_UNCOMPRESSED, out, 97) == 97;
|
|
1399
|
+
}
|