grpc 1.32.0 → 1.35.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +1078 -3049
- data/etc/roots.pem +257 -573
- data/include/grpc/compression.h +1 -1
- data/include/grpc/grpc.h +15 -7
- data/include/grpc/grpc_security.h +222 -171
- data/include/grpc/impl/codegen/atm_windows.h +4 -0
- data/include/grpc/impl/codegen/byte_buffer.h +1 -1
- data/include/grpc/impl/codegen/grpc_types.h +10 -8
- data/include/grpc/impl/codegen/log.h +0 -2
- data/include/grpc/impl/codegen/port_platform.h +22 -55
- data/include/grpc/impl/codegen/sync_windows.h +4 -0
- data/include/grpc/slice_buffer.h +3 -3
- data/include/grpc/support/sync.h +3 -3
- data/include/grpc/support/time.h +7 -7
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +2776 -1529
- data/src/core/ext/filters/client_channel/client_channel.h +0 -4
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
- data/src/core/ext/filters/client_channel/config_selector.cc +0 -4
- data/src/core/ext/filters/client_channel/config_selector.h +40 -8
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +186 -0
- data/src/core/ext/filters/client_channel/dynamic_filters.h +99 -0
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +10 -7
- data/src/core/ext/filters/client_channel/health/health_check_client.h +4 -4
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +5 -6
- data/src/core/ext/filters/client_channel/http_proxy.cc +21 -20
- data/src/core/ext/filters/client_channel/lb_policy.cc +6 -2
- data/src/core/ext/filters/client_channel/lb_policy.h +6 -7
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +48 -35
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +7 -5
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +201 -190
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +3 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +50 -20
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +5 -5
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +14 -34
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +6 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +341 -127
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +52 -24
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +24 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +812 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +722 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +1262 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +8 -1
- data/src/core/ext/filters/client_channel/resolver.cc +3 -1
- data/src/core/ext/filters/client_channel/resolver.h +4 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +9 -16
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -32
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +454 -16
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -0
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +7 -10
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +34 -27
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +618 -366
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +28 -0
- data/src/core/ext/filters/client_channel/resolver_factory.h +6 -6
- data/src/core/ext/filters/client_channel/resolver_registry.cc +40 -39
- data/src/core/ext/filters/client_channel/resolver_registry.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +29 -74
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +12 -10
- data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -3
- data/src/core/ext/filters/client_channel/retry_throttle.h +4 -2
- data/src/core/ext/filters/client_channel/server_address.cc +80 -0
- data/src/core/ext/filters/client_channel/server_address.h +21 -36
- data/src/core/ext/filters/client_channel/service_config.cc +18 -13
- data/src/core/ext/filters/client_channel/service_config.h +8 -5
- data/src/core/ext/filters/client_channel/service_config_call_data.h +19 -1
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
- data/src/core/ext/filters/client_channel/service_config_parser.cc +8 -6
- data/src/core/ext/filters/client_channel/service_config_parser.h +8 -5
- data/src/core/ext/filters/client_channel/subchannel.cc +51 -64
- data/src/core/ext/filters/client_channel/subchannel.h +14 -20
- data/src/core/ext/filters/client_channel/subchannel_interface.h +41 -5
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +6 -2
- data/src/core/ext/filters/deadline/deadline_filter.cc +87 -79
- data/src/core/ext/filters/deadline/deadline_filter.h +7 -11
- data/src/core/ext/filters/http/client/http_client_filter.cc +1 -1
- data/src/core/ext/filters/http/client_authority_filter.cc +6 -6
- data/src/core/ext/filters/http/http_filters_plugin.cc +6 -3
- data/src/core/ext/filters/http/server/http_server_filter.cc +3 -3
- data/src/core/ext/filters/max_age/max_age_filter.cc +1 -1
- data/src/core/ext/filters/message_size/message_size_filter.cc +3 -2
- data/src/core/ext/filters/message_size/message_size_filter.h +2 -1
- data/src/core/ext/filters/workarounds/workaround_utils.cc +1 -1
- data/src/core/ext/transport/chttp2/client/authority.cc +3 -3
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +20 -8
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +21 -10
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +26 -14
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +185 -79
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +12 -5
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +28 -42
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +10 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +13 -3
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +6 -6
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +12 -8
- data/src/core/ext/transport/chttp2/transport/internal.h +5 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +18 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +2 -3
- data/src/core/ext/transport/inproc/inproc_transport.cc +42 -8
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +52 -32
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +199 -34
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +13 -13
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +44 -17
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +177 -99
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +642 -202
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +13 -5
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +22 -22
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +47 -21
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +36 -24
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +133 -39
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +15 -6
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +45 -44
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +200 -78
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +31 -24
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +107 -47
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +149 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +74 -28
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +248 -43
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +39 -39
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +157 -89
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +17 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +63 -39
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +254 -60
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +9 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +92 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +13 -13
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +59 -36
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +16 -16
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +61 -29
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +26 -26
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +101 -66
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +11 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +46 -26
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +179 -68
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +39 -22
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +149 -48
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +13 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +21 -17
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +96 -33
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +38 -22
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +321 -194
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +1228 -443
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +8 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +34 -10
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +17 -3
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +132 -80
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +516 -166
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +24 -25
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +96 -71
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +12 -8
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +46 -8
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +71 -29
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +296 -63
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +41 -31
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +165 -64
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +31 -16
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +25 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +29 -8
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +4 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +22 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +19 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +46 -3
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +41 -8
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +19 -0
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +7 -0
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +1 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +242 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +830 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +34 -34
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +142 -59
- data/src/core/ext/upb-generated/google/api/http.upb.c +3 -3
- data/src/core/ext/upb-generated/google/api/http.upb.h +25 -6
- data/src/core/ext/upb-generated/google/protobuf/any.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +90 -90
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +455 -292
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +4 -4
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +22 -3
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +9 -9
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +55 -0
- data/src/core/ext/upb-generated/google/rpc/status.upb.c +1 -1
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +10 -3
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +11 -3
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +41 -41
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +149 -76
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +5 -5
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +21 -6
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +2 -2
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +13 -0
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +17 -17
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +82 -25
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +19 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +31 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +64 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +1 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +2 -2
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +9 -2
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +1 -1
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +36 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +173 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +92 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +7 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +64 -64
- data/src/core/ext/upb-generated/validate/validate.upb.h +296 -157
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +38 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +41 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +254 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +105 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +558 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +145 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +133 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +127 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +266 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +125 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +143 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +263 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +233 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +228 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +80 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +110 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +113 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +146 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +190 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +185 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +97 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +915 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +280 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +71 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +511 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +48 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +166 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +105 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +249 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +152 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +83 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +82 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +83 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +86 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.c +74 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +73 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +81 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +92 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +95 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +34 -0
- data/src/core/ext/{upb-generated/gogoproto/gogo.upb.h → upbdefs-generated/envoy/type/v3/http.upbdefs.h} +10 -9
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +47 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +61 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +39 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +386 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +165 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +37 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +65 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +75 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +70 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +33 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +43 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +68 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +307 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +145 -0
- data/src/core/ext/xds/certificate_provider_factory.h +61 -0
- data/src/core/ext/xds/certificate_provider_registry.cc +103 -0
- data/src/core/ext/xds/certificate_provider_registry.h +57 -0
- data/src/core/ext/xds/certificate_provider_store.cc +87 -0
- data/src/core/ext/xds/certificate_provider_store.h +112 -0
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +144 -0
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +69 -0
- data/src/core/ext/xds/xds_api.cc +687 -767
- data/src/core/ext/xds/xds_api.h +207 -98
- data/src/core/ext/xds/xds_bootstrap.cc +172 -25
- data/src/core/ext/xds/xds_bootstrap.h +23 -8
- data/src/core/ext/xds/xds_certificate_provider.cc +299 -0
- data/src/core/ext/xds/xds_certificate_provider.h +112 -0
- data/src/core/ext/xds/xds_channel_args.h +6 -3
- data/src/core/ext/xds/xds_client.cc +617 -494
- data/src/core/ext/xds/xds_client.h +118 -58
- data/src/core/ext/xds/xds_client_stats.cc +59 -16
- data/src/core/ext/xds/xds_client_stats.h +35 -7
- data/src/core/ext/xds/xds_server_config_fetcher.cc +131 -0
- data/src/core/lib/channel/channel_args.cc +9 -8
- data/src/core/lib/channel/channel_args.h +0 -1
- data/src/core/lib/channel/channel_trace.cc +4 -2
- data/src/core/lib/channel/channel_trace.h +1 -1
- data/src/core/lib/channel/channelz.cc +23 -59
- data/src/core/lib/channel/channelz.h +13 -22
- data/src/core/lib/channel/channelz_registry.cc +12 -11
- data/src/core/lib/channel/channelz_registry.h +3 -1
- data/src/core/lib/channel/handshaker.cc +2 -2
- data/src/core/lib/channel/handshaker.h +2 -2
- data/src/core/lib/compression/compression.cc +8 -4
- data/src/core/lib/compression/compression_args.cc +3 -2
- data/src/core/lib/compression/compression_internal.cc +10 -5
- data/src/core/lib/compression/compression_internal.h +2 -1
- data/src/core/lib/compression/stream_compression_identity.cc +1 -3
- data/src/core/lib/debug/stats.h +2 -2
- data/src/core/lib/debug/stats_data.cc +1 -0
- data/src/core/lib/debug/stats_data.h +13 -13
- data/src/core/lib/gpr/alloc.cc +3 -2
- data/src/core/lib/gpr/cpu_iphone.cc +10 -2
- data/src/core/lib/gpr/log.cc +53 -16
- data/src/core/lib/gpr/log_linux.cc +19 -3
- data/src/core/lib/gpr/log_posix.cc +15 -1
- data/src/core/lib/gpr/log_windows.cc +18 -4
- data/src/core/lib/gpr/murmur_hash.cc +1 -1
- data/src/core/lib/gpr/spinlock.h +10 -2
- data/src/core/lib/gpr/string.cc +23 -22
- data/src/core/lib/gpr/string.h +5 -6
- data/src/core/lib/gpr/sync.cc +4 -4
- data/src/core/lib/gpr/time.cc +12 -12
- data/src/core/lib/gpr/time_precise.cc +5 -2
- data/src/core/lib/gpr/time_precise.h +6 -2
- data/src/core/lib/gpr/tls.h +4 -0
- data/src/core/lib/gpr/tls_msvc.h +2 -0
- data/src/core/lib/gpr/tls_stdcpp.h +48 -0
- data/src/core/lib/gpr/useful.h +5 -4
- data/src/core/lib/gprpp/arena.h +3 -2
- data/src/core/lib/gprpp/dual_ref_counted.h +331 -0
- data/src/core/lib/gprpp/examine_stack.cc +43 -0
- data/src/core/lib/gprpp/examine_stack.h +46 -0
- data/src/core/lib/gprpp/fork.cc +2 -2
- data/src/core/lib/gprpp/manual_constructor.h +1 -1
- data/src/core/lib/gprpp/orphanable.h +4 -8
- data/src/core/lib/gprpp/ref_counted.h +91 -68
- data/src/core/lib/gprpp/ref_counted_ptr.h +166 -7
- data/src/core/lib/{security/authorization/mock_cel/statusor.h → gprpp/stat.h} +13 -25
- data/src/core/lib/gprpp/stat_posix.cc +49 -0
- data/src/core/lib/gprpp/stat_windows.cc +48 -0
- data/src/core/lib/gprpp/thd.h +2 -2
- data/src/core/lib/gprpp/thd_posix.cc +42 -37
- data/src/core/lib/gprpp/thd_windows.cc +3 -1
- data/src/core/lib/http/httpcli.cc +1 -1
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +1 -1
- data/src/core/lib/http/parser.cc +47 -27
- data/src/core/lib/iomgr/call_combiner.cc +8 -5
- data/src/core/lib/iomgr/combiner.cc +2 -1
- data/src/core/lib/iomgr/endpoint.h +1 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +9 -5
- data/src/core/lib/iomgr/error.cc +17 -12
- data/src/core/lib/iomgr/error_internal.h +1 -1
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -13
- data/src/core/lib/iomgr/ev_epollex_linux.cc +25 -17
- data/src/core/lib/iomgr/ev_poll_posix.cc +9 -7
- data/src/core/lib/iomgr/exec_ctx.cc +1 -1
- data/src/core/lib/iomgr/exec_ctx.h +16 -12
- data/src/core/lib/iomgr/executor.cc +2 -1
- data/src/core/lib/iomgr/executor.h +1 -1
- data/src/core/lib/iomgr/executor/mpmcqueue.h +5 -5
- data/src/core/lib/iomgr/executor/threadpool.h +4 -4
- data/src/core/lib/iomgr/iomgr.cc +1 -1
- data/src/core/lib/iomgr/load_file.h +1 -1
- data/src/core/lib/iomgr/lockfree_event.cc +19 -14
- data/src/core/lib/iomgr/lockfree_event.h +2 -2
- data/src/core/lib/iomgr/parse_address.cc +127 -43
- data/src/core/lib/iomgr/parse_address.h +32 -8
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +2 -1
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +1 -1
- data/src/core/lib/iomgr/pollset_set_custom.cc +1 -1
- data/src/core/lib/iomgr/python_util.h +4 -4
- data/src/core/lib/iomgr/resolve_address.cc +4 -4
- data/src/core/lib/iomgr/resolve_address_posix.cc +1 -5
- data/src/core/lib/iomgr/resource_quota.cc +4 -4
- data/src/core/lib/iomgr/sockaddr_utils.cc +10 -10
- data/src/core/lib/iomgr/sockaddr_utils.h +1 -1
- data/src/core/lib/iomgr/socket_factory_posix.cc +3 -2
- data/src/core/lib/iomgr/socket_mutator.cc +3 -2
- data/src/core/lib/iomgr/tcp_client.cc +3 -3
- data/src/core/lib/iomgr/tcp_client_custom.cc +7 -6
- data/src/core/lib/iomgr/tcp_custom.cc +22 -17
- data/src/core/lib/iomgr/tcp_posix.cc +12 -8
- data/src/core/lib/iomgr/tcp_server_custom.cc +28 -22
- data/src/core/lib/iomgr/timer_custom.cc +5 -5
- data/src/core/lib/iomgr/timer_generic.cc +3 -3
- data/src/core/lib/iomgr/timer_manager.cc +2 -2
- data/src/core/lib/iomgr/udp_server.cc +1 -2
- data/src/core/lib/iomgr/udp_server.h +1 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +32 -21
- data/src/core/lib/iomgr/unix_sockets_posix.h +5 -0
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +7 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -2
- data/src/core/lib/json/json.h +12 -2
- data/src/core/lib/json/json_reader.cc +8 -4
- data/src/core/lib/json/json_util.cc +58 -0
- data/src/core/lib/json/json_util.h +204 -0
- data/src/core/lib/json/json_writer.cc +2 -1
- data/src/core/lib/security/authorization/evaluate_args.cc +5 -10
- data/src/core/lib/security/authorization/evaluate_args.h +1 -1
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +3 -1
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +5 -4
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +4 -0
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +6 -6
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +10 -9
- data/src/core/lib/security/context/security_context.cc +4 -3
- data/src/core/lib/security/context/security_context.h +3 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
- data/src/core/lib/security/credentials/credentials.cc +7 -7
- data/src/core/lib/security/credentials/credentials.h +3 -3
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +413 -0
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +80 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +213 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.h +72 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +497 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.h +120 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +135 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +48 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +213 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +58 -0
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +18 -12
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +64 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +6 -3
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +4 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -4
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +39 -46
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -4
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +5 -5
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +346 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +213 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +399 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +138 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +78 -150
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +57 -187
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +16 -12
- data/src/core/lib/security/credentials/tls/tls_credentials.h +2 -2
- data/src/core/lib/security/credentials/tls/tls_utils.cc +91 -0
- data/src/core/lib/security/credentials/tls/tls_utils.h +38 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +175 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.h +69 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -13
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +121 -0
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +87 -0
- data/src/core/lib/security/security_connector/load_system_roots.h +4 -0
- data/src/core/lib/security/security_connector/load_system_roots_linux.h +2 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +3 -3
- data/src/core/lib/security/security_connector/security_connector.cc +4 -3
- data/src/core/lib/security/security_connector/security_connector.h +4 -2
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +19 -19
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +342 -279
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +105 -61
- data/src/core/lib/security/transport/secure_endpoint.cc +2 -2
- data/src/core/lib/security/transport/security_handshaker.cc +3 -3
- data/src/core/lib/security/transport/server_auth_filter.cc +2 -1
- data/src/core/lib/security/util/json_util.h +1 -0
- data/src/core/lib/slice/slice.cc +7 -4
- data/src/core/lib/slice/slice_buffer.cc +2 -1
- data/src/core/lib/slice/slice_intern.cc +6 -7
- data/src/core/lib/slice/slice_internal.h +2 -2
- data/src/core/lib/surface/call.cc +41 -32
- data/src/core/lib/surface/call_details.cc +8 -8
- data/src/core/lib/surface/channel.cc +25 -41
- data/src/core/lib/surface/channel.h +9 -3
- data/src/core/lib/surface/channel_init.cc +1 -1
- data/src/core/lib/surface/completion_queue.cc +30 -24
- data/src/core/lib/surface/completion_queue.h +16 -16
- data/src/core/lib/surface/init.cc +32 -14
- data/src/core/lib/surface/lame_client.cc +20 -46
- data/src/core/lib/surface/lame_client.h +4 -0
- data/src/core/lib/surface/server.cc +63 -17
- data/src/core/lib/surface/server.h +39 -7
- data/src/core/lib/surface/validate_metadata.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/authority_override.cc +6 -4
- data/src/core/lib/transport/authority_override.h +7 -2
- data/src/core/lib/transport/bdp_estimator.cc +1 -1
- data/src/core/lib/transport/bdp_estimator.h +2 -1
- data/src/core/lib/transport/byte_stream.h +3 -3
- data/src/core/lib/transport/connectivity_state.h +11 -9
- data/src/core/lib/transport/error_utils.h +1 -1
- data/src/core/lib/transport/metadata.cc +11 -1
- data/src/core/lib/transport/metadata.h +2 -2
- data/src/core/lib/transport/metadata_batch.h +4 -4
- data/src/core/lib/transport/static_metadata.cc +1 -1
- data/src/core/lib/transport/status_metadata.cc +4 -3
- data/src/core/lib/transport/timeout_encoding.cc +4 -4
- data/src/core/lib/transport/transport.cc +5 -3
- data/src/core/lib/transport/transport.h +8 -8
- data/src/core/lib/uri/uri_parser.cc +131 -249
- data/src/core/lib/uri/uri_parser.h +57 -21
- data/src/core/plugin_registry/grpc_plugin_registry.cc +41 -20
- data/src/core/tsi/alts/crypt/gsec.cc +5 -4
- data/src/core/tsi/alts/frame_protector/frame_handler.cc +8 -6
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +27 -26
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +8 -6
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +4 -4
- data/src/core/tsi/fake_transport_security.cc +6 -3
- data/src/core/tsi/local_transport_security.cc +5 -1
- data/src/core/tsi/local_transport_security.h +6 -7
- data/src/core/tsi/ssl/session_cache/ssl_session.h +3 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -1
- data/src/core/tsi/ssl_transport_security.cc +78 -58
- data/src/core/tsi/ssl_transport_security.h +9 -6
- data/src/core/tsi/transport_security.cc +10 -8
- data/src/core/tsi/transport_security_interface.h +1 -1
- data/src/ruby/ext/grpc/extconf.rb +1 -1
- data/src/ruby/ext/grpc/rb_event_thread.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +36 -16
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +70 -40
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +28 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +18 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -6
- data/third_party/abseil-cpp/absl/algorithm/container.h +59 -22
- data/third_party/abseil-cpp/absl/base/attributes.h +99 -38
- data/third_party/abseil-cpp/absl/base/call_once.h +1 -1
- data/third_party/abseil-cpp/absl/base/casts.h +9 -6
- data/third_party/abseil-cpp/absl/base/config.h +60 -17
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +428 -335
- data/third_party/abseil-cpp/absl/base/internal/bits.h +17 -16
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +5 -0
- data/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h +398 -0
- data/third_party/abseil-cpp/absl/base/internal/invoke.h +4 -4
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +29 -1
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +7 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +25 -38
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +19 -25
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +8 -0
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +28 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +8 -0
- data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +3 -1
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +2 -2
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -3
- data/third_party/abseil-cpp/absl/base/macros.h +36 -109
- data/third_party/abseil-cpp/absl/base/optimization.h +61 -1
- data/third_party/abseil-cpp/absl/base/options.h +31 -4
- data/third_party/abseil-cpp/absl/base/policy_checks.h +1 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +94 -39
- data/third_party/abseil-cpp/absl/container/fixed_array.h +42 -25
- data/third_party/abseil-cpp/absl/container/flat_hash_map.h +606 -0
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +2 -1
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +33 -36
- data/third_party/abseil-cpp/absl/container/internal/common.h +6 -2
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +33 -8
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +49 -29
- data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +15 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +24 -7
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +35 -11
- data/third_party/abseil-cpp/absl/container/internal/have_sse.h +10 -9
- data/third_party/abseil-cpp/absl/container/internal/layout.h +7 -5
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +197 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +55 -34
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +5 -4
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +66 -16
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +4 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +13 -4
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +43 -24
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +12 -3
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +10 -2
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +22 -1
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +0 -21
- data/third_party/abseil-cpp/absl/debugging/symbolize.cc +12 -1
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +101 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +100 -20
- data/third_party/abseil-cpp/absl/functional/bind_front.h +184 -0
- data/third_party/abseil-cpp/absl/functional/function_ref.h +1 -1
- data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +95 -0
- data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +2 -2
- data/third_party/abseil-cpp/absl/hash/hash.h +6 -5
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +73 -65
- data/third_party/abseil-cpp/absl/memory/memory.h +4 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +2 -8
- data/third_party/abseil-cpp/absl/numeric/int128.cc +13 -27
- data/third_party/abseil-cpp/absl/numeric/int128.h +16 -15
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +51 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +399 -0
- data/third_party/abseil-cpp/absl/status/status.cc +4 -6
- data/third_party/abseil-cpp/absl/status/status.h +502 -113
- data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +5 -10
- data/third_party/abseil-cpp/absl/status/statusor.cc +71 -0
- data/third_party/abseil-cpp/absl/status/statusor.h +760 -0
- data/third_party/abseil-cpp/absl/strings/charconv.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/cord.cc +91 -112
- data/third_party/abseil-cpp/absl/strings/cord.h +360 -205
- data/third_party/abseil-cpp/absl/strings/escaping.cc +9 -9
- data/third_party/abseil-cpp/absl/strings/internal/char_map.h +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +45 -23
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +222 -136
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +136 -64
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +14 -21
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +7 -14
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +31 -7
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +147 -135
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +999 -87
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +3 -3
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +4 -12
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +8 -6
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +13 -11
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -2
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/str_cat.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_format.h +289 -13
- data/third_party/abseil-cpp/absl/strings/str_split.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/str_split.h +1 -0
- data/third_party/abseil-cpp/absl/strings/string_view.h +26 -19
- data/third_party/abseil-cpp/absl/strings/substitute.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/substitute.h +32 -29
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +3 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +3 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +28 -28
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +4 -16
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +1 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +8 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -2
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +75 -64
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +15 -6
- data/third_party/abseil-cpp/absl/time/civil_time.cc +9 -9
- data/third_party/abseil-cpp/absl/time/clock.cc +3 -3
- data/third_party/abseil-cpp/absl/time/duration.cc +90 -59
- data/third_party/abseil-cpp/absl/time/format.cc +43 -36
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +26 -16
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +4 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +136 -29
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +13 -21
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +136 -129
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +4 -5
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +8 -7
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +6 -6
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +2 -1
- data/third_party/abseil-cpp/absl/time/time.h +15 -16
- data/third_party/abseil-cpp/absl/types/internal/variant.h +4 -4
- data/third_party/abseil-cpp/absl/types/optional.h +9 -9
- data/third_party/abseil-cpp/absl/types/span.h +49 -36
- data/third_party/abseil-cpp/absl/utility/utility.h +2 -2
- data/third_party/address_sorting/include/address_sorting/address_sorting.h +2 -0
- data/third_party/boringssl-with-bazel/err_data.c +469 -463
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +0 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +9 -43
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +55 -4
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +6 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +173 -35
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +30 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +56 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +8 -2
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +98 -11
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +51 -6
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +118 -49
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +267 -95
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +210 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +766 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +7 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +21 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +24 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +67 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +29 -35
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +13 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +28 -40
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +14 -14
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +7 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +55 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +24 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +7 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +0 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +6 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/des.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +12 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +9 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +4 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +202 -134
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +64 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +42 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +188 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +482 -432
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +18 -5
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +35 -0
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +18 -18
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +45 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +42 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +8 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +67 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +11 -14
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +216 -11
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +57 -19
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +135 -41
- data/third_party/upb/third_party/wyhash/wyhash.h +145 -0
- data/third_party/upb/upb/decode.c +248 -167
- data/third_party/upb/upb/decode.h +20 -1
- data/third_party/upb/upb/decode.int.h +163 -0
- data/third_party/upb/upb/decode_fast.c +1040 -0
- data/third_party/upb/upb/decode_fast.h +126 -0
- data/third_party/upb/upb/def.c +2178 -0
- data/third_party/upb/upb/def.h +315 -0
- data/third_party/upb/upb/def.hpp +439 -0
- data/third_party/upb/upb/encode.c +227 -169
- data/third_party/upb/upb/encode.h +27 -2
- data/third_party/upb/upb/json_decode.c +1443 -0
- data/third_party/upb/upb/json_decode.h +23 -0
- data/third_party/upb/upb/json_encode.c +713 -0
- data/third_party/upb/upb/json_encode.h +36 -0
- data/third_party/upb/upb/msg.c +167 -88
- data/third_party/upb/upb/msg.h +174 -34
- data/third_party/upb/upb/port_def.inc +74 -61
- data/third_party/upb/upb/port_undef.inc +3 -7
- data/third_party/upb/upb/reflection.c +408 -0
- data/third_party/upb/upb/reflection.h +168 -0
- data/third_party/upb/upb/table.c +34 -197
- data/third_party/upb/upb/table.int.h +14 -5
- data/third_party/upb/upb/text_encode.c +421 -0
- data/third_party/upb/upb/text_encode.h +38 -0
- data/third_party/upb/upb/upb.c +18 -41
- data/third_party/upb/upb/upb.h +36 -7
- data/third_party/upb/upb/upb.hpp +4 -4
- data/third_party/upb/upb/upb.int.h +29 -0
- metadata +288 -54
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +0 -946
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +0 -537
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +0 -1141
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +0 -485
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +0 -68
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +0 -354
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +0 -142
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +0 -17
- data/src/core/ext/xds/xds_channel.h +0 -46
- data/src/core/ext/xds/xds_channel_secure.cc +0 -103
- data/src/core/lib/gprpp/map.h +0 -53
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +0 -129
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pku.c +0 -110
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_sxnet.c +0 -274
- data/third_party/upb/upb/port.c +0 -26
@@ -30,16 +30,20 @@ extern "C" {
|
|
30
30
|
#endif
|
31
31
|
|
32
32
|
|
33
|
-
//
|
34
|
-
//
|
35
|
-
//
|
36
|
-
//
|
37
|
-
//
|
38
|
-
//
|
33
|
+
// For the following cryptographic schemes, we use P-384 instead of our usual
|
34
|
+
// choice of P-256. See Appendix I of
|
35
|
+
// https://eprint.iacr.org/2020/072/20200324:214215 which describes two attacks
|
36
|
+
// which may affect smaller curves. In particular, p-1 for P-256 is smooth,
|
37
|
+
// giving a low complexity for the p-1 attack. P-384's p-1 has a 281-bit prime
|
38
|
+
// factor,
|
39
|
+
// 3055465788140352002733946906144561090641249606160407884365391979704929268480326390471.
|
40
|
+
// This lower-bounds the p-1 attack at O(2^140). The p+1 attack is lower-bounded
|
41
|
+
// by O(p^(1/3)) or O(2^128), so we do not need to check the smoothness of p+1.
|
39
42
|
|
40
|
-
|
43
|
+
|
44
|
+
// TRUST_TOKEN_NONCE_SIZE is the size of nonces used as part of the Trust_Token
|
41
45
|
// protocol.
|
42
|
-
#define
|
46
|
+
#define TRUST_TOKEN_NONCE_SIZE 64
|
43
47
|
|
44
48
|
typedef struct {
|
45
49
|
// TODO(https://crbug.com/boringssl/334): These should store |EC_PRECOMP| so
|
@@ -47,7 +51,7 @@ typedef struct {
|
|
47
51
|
EC_AFFINE pub0;
|
48
52
|
EC_AFFINE pub1;
|
49
53
|
EC_AFFINE pubs;
|
50
|
-
}
|
54
|
+
} TRUST_TOKEN_CLIENT_KEY;
|
51
55
|
|
52
56
|
typedef struct {
|
53
57
|
EC_SCALAR x0;
|
@@ -62,47 +66,47 @@ typedef struct {
|
|
62
66
|
EC_PRECOMP pub1_precomp;
|
63
67
|
EC_AFFINE pubs;
|
64
68
|
EC_PRECOMP pubs_precomp;
|
65
|
-
}
|
69
|
+
} TRUST_TOKEN_ISSUER_KEY;
|
66
70
|
|
67
|
-
//
|
68
|
-
//
|
71
|
+
// TRUST_TOKEN_PRETOKEN represents the intermediate state a client keeps during
|
72
|
+
// a Trust_Token issuance operation.
|
69
73
|
typedef struct pmb_pretoken_st {
|
70
|
-
uint8_t t[
|
74
|
+
uint8_t t[TRUST_TOKEN_NONCE_SIZE];
|
71
75
|
EC_SCALAR r;
|
72
76
|
EC_AFFINE Tp;
|
73
|
-
}
|
77
|
+
} TRUST_TOKEN_PRETOKEN;
|
78
|
+
|
79
|
+
// TRUST_TOKEN_PRETOKEN_free releases the memory associated with |token|.
|
80
|
+
OPENSSL_EXPORT void TRUST_TOKEN_PRETOKEN_free(TRUST_TOKEN_PRETOKEN *token);
|
74
81
|
|
75
|
-
|
76
|
-
OPENSSL_EXPORT void PMBTOKEN_PRETOKEN_free(PMBTOKEN_PRETOKEN *token);
|
82
|
+
DEFINE_STACK_OF(TRUST_TOKEN_PRETOKEN)
|
77
83
|
|
78
|
-
|
84
|
+
|
85
|
+
// PMBTokens.
|
86
|
+
//
|
87
|
+
// PMBTokens is described in https://eprint.iacr.org/2020/072/20200324:214215
|
88
|
+
// and provides anonymous tokens with private metadata. We implement the
|
89
|
+
// construction with validity verification, described in appendix H,
|
90
|
+
// construction 6.
|
79
91
|
|
80
92
|
// The following functions implement the corresponding |TRUST_TOKENS_METHOD|
|
81
93
|
// functions for |TRUST_TOKENS_experiment_v1|'s PMBTokens construction which
|
82
94
|
// uses P-384.
|
83
|
-
//
|
84
|
-
// We use P-384 instead of our usual choice of P-256. See Appendix I which
|
85
|
-
// describes two attacks which may affect smaller curves. In particular, p-1 for
|
86
|
-
// P-256 is smooth, giving a low complexity for the p-1 attack. P-384's p-1 has
|
87
|
-
// a 281-bit prime factor,
|
88
|
-
// 3055465788140352002733946906144561090641249606160407884365391979704929268480326390471.
|
89
|
-
// This lower-bounds the p-1 attack at O(2^140). The p+1 attack is lower-bounded
|
90
|
-
// by O(p^(1/3)) or O(2^128), so we do not need to check the smoothness of p+1.
|
91
95
|
int pmbtoken_exp1_generate_key(CBB *out_private, CBB *out_public);
|
92
|
-
int pmbtoken_exp1_client_key_from_bytes(
|
96
|
+
int pmbtoken_exp1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
|
93
97
|
const uint8_t *in, size_t len);
|
94
|
-
int pmbtoken_exp1_issuer_key_from_bytes(
|
98
|
+
int pmbtoken_exp1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
|
95
99
|
const uint8_t *in, size_t len);
|
96
|
-
STACK_OF(
|
97
|
-
int pmbtoken_exp1_sign(const
|
100
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp1_blind(CBB *cbb, size_t count);
|
101
|
+
int pmbtoken_exp1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
98
102
|
size_t num_requested, size_t num_to_issue,
|
99
103
|
uint8_t private_metadata);
|
100
104
|
STACK_OF(TRUST_TOKEN) *
|
101
|
-
pmbtoken_exp1_unblind(const
|
102
|
-
const STACK_OF(
|
105
|
+
pmbtoken_exp1_unblind(const TRUST_TOKEN_CLIENT_KEY *key,
|
106
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens,
|
103
107
|
CBS *cbs, size_t count, uint32_t key_id);
|
104
|
-
int pmbtoken_exp1_read(const
|
105
|
-
uint8_t out_nonce[
|
108
|
+
int pmbtoken_exp1_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
109
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
106
110
|
uint8_t *out_private_metadata, const uint8_t *token,
|
107
111
|
size_t token_len);
|
108
112
|
|
@@ -110,6 +114,62 @@ int pmbtoken_exp1_read(const PMBTOKEN_ISSUER_KEY *key,
|
|
110
114
|
// function is used to confirm H was computed as expected.
|
111
115
|
OPENSSL_EXPORT int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]);
|
112
116
|
|
117
|
+
// The following functions implement the corresponding |TRUST_TOKENS_METHOD|
|
118
|
+
// functions for |TRUST_TOKENS_experiment_v2|'s PMBTokens construction which
|
119
|
+
// uses P-384.
|
120
|
+
int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public);
|
121
|
+
int pmbtoken_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
|
122
|
+
const uint8_t *in, size_t len);
|
123
|
+
int pmbtoken_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
|
124
|
+
const uint8_t *in, size_t len);
|
125
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count);
|
126
|
+
int pmbtoken_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
127
|
+
size_t num_requested, size_t num_to_issue,
|
128
|
+
uint8_t private_metadata);
|
129
|
+
STACK_OF(TRUST_TOKEN) *
|
130
|
+
pmbtoken_exp2_unblind(const TRUST_TOKEN_CLIENT_KEY *key,
|
131
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens,
|
132
|
+
CBS *cbs, size_t count, uint32_t key_id);
|
133
|
+
int pmbtoken_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
134
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
135
|
+
uint8_t *out_private_metadata, const uint8_t *token,
|
136
|
+
size_t token_len);
|
137
|
+
|
138
|
+
// pmbtoken_exp2_get_h_for_testing returns H in uncompressed coordinates. This
|
139
|
+
// function is used to confirm H was computed as expected.
|
140
|
+
OPENSSL_EXPORT int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]);
|
141
|
+
|
142
|
+
|
143
|
+
// VOPRF.
|
144
|
+
//
|
145
|
+
// VOPRFs are described in https://tools.ietf.org/html/draft-irtf-cfrg-voprf-04
|
146
|
+
// and provide anonymous tokens. This implementation uses TrustToken DSTs and
|
147
|
+
// the DLEQ batching primitive from
|
148
|
+
// https://eprint.iacr.org/2020/072/20200324:214215.
|
149
|
+
// VOPRF only uses the |pub|' field of the TRUST_TOKEN_CLIENT_KEY and
|
150
|
+
// |xs|/|pubs| fields of the TRUST_TOKEN_ISSUER_KEY.
|
151
|
+
|
152
|
+
// The following functions implement the corresponding |TRUST_TOKENS_METHOD|
|
153
|
+
// functions for |TRUST_TOKENS_experiment_v2|'s VOPRF construction which uses
|
154
|
+
// P-384.
|
155
|
+
int voprf_exp2_generate_key(CBB *out_private, CBB *out_public);
|
156
|
+
int voprf_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
|
157
|
+
const uint8_t *in, size_t len);
|
158
|
+
int voprf_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
|
159
|
+
const uint8_t *in, size_t len);
|
160
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) * voprf_exp2_blind(CBB *cbb, size_t count);
|
161
|
+
int voprf_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
162
|
+
size_t num_requested, size_t num_to_issue,
|
163
|
+
uint8_t private_metadata);
|
164
|
+
STACK_OF(TRUST_TOKEN) *
|
165
|
+
voprf_exp2_unblind(const TRUST_TOKEN_CLIENT_KEY *key,
|
166
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens,
|
167
|
+
CBS *cbs, size_t count, uint32_t key_id);
|
168
|
+
int voprf_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
169
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
170
|
+
uint8_t *out_private_metadata, const uint8_t *token,
|
171
|
+
size_t token_len);
|
172
|
+
|
113
173
|
|
114
174
|
// Trust Tokens internals.
|
115
175
|
|
@@ -122,23 +182,23 @@ struct trust_token_method_st {
|
|
122
182
|
// client_key_from_bytes decodes a client key from |in| and sets |key|
|
123
183
|
// to the resulting key. It returns one on success and zero
|
124
184
|
// on failure.
|
125
|
-
int (*client_key_from_bytes)(
|
185
|
+
int (*client_key_from_bytes)(TRUST_TOKEN_CLIENT_KEY *key, const uint8_t *in,
|
126
186
|
size_t len);
|
127
187
|
|
128
188
|
// issuer_key_from_bytes decodes a issuer key from |in| and sets |key|
|
129
189
|
// to the resulting key. It returns one on success and zero
|
130
190
|
// on failure.
|
131
|
-
int (*issuer_key_from_bytes)(
|
191
|
+
int (*issuer_key_from_bytes)(TRUST_TOKEN_ISSUER_KEY *key, const uint8_t *in,
|
132
192
|
size_t len);
|
133
193
|
|
134
194
|
// blind generates a new issuance request for |count| tokens. On
|
135
|
-
// success, it returns a newly-allocated |STACK_OF(
|
195
|
+
// success, it returns a newly-allocated |STACK_OF(TRUST_TOKEN_PRETOKEN)| and
|
136
196
|
// writes a request to the issuer to |cbb|. On failure, it returns NULL. The
|
137
|
-
// |STACK_OF(
|
197
|
+
// |STACK_OF(TRUST_TOKEN_PRETOKEN)|s should be passed to |pmbtoken_unblind| when
|
138
198
|
// the server responds.
|
139
199
|
//
|
140
200
|
// This function implements the AT.Usr0 operation.
|
141
|
-
STACK_OF(
|
201
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) * (*blind)(CBB *cbb, size_t count);
|
142
202
|
|
143
203
|
// sign parses a request for |num_requested| tokens from |cbs| and
|
144
204
|
// issues |num_to_issue| tokens with |key| and a private metadata value of
|
@@ -146,7 +206,7 @@ struct trust_token_method_st {
|
|
146
206
|
// success and zero on failure.
|
147
207
|
//
|
148
208
|
// This function implements the AT.Sig operation.
|
149
|
-
int (*sign)(const
|
209
|
+
int (*sign)(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
150
210
|
size_t num_requested, size_t num_to_issue,
|
151
211
|
uint8_t private_metadata);
|
152
212
|
|
@@ -159,8 +219,8 @@ struct trust_token_method_st {
|
|
159
219
|
//
|
160
220
|
// This function implements the AT.Usr1 operation.
|
161
221
|
STACK_OF(TRUST_TOKEN) *
|
162
|
-
(*unblind)(const
|
163
|
-
const STACK_OF(
|
222
|
+
(*unblind)(const TRUST_TOKEN_CLIENT_KEY *key,
|
223
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens, CBS *cbs,
|
164
224
|
size_t count, uint32_t key_id);
|
165
225
|
|
166
226
|
// read parses a PMBToken from |token| and verifies it using |key|. On
|
@@ -168,23 +228,32 @@ struct trust_token_method_st {
|
|
168
228
|
// |out_nonce| and |*out_private_metadata|. Otherwise, it returns zero. Note
|
169
229
|
// that, unlike the output of |unblind|, |token| does not have a
|
170
230
|
// four-byte key ID prepended.
|
171
|
-
int (*read)(const
|
172
|
-
uint8_t out_nonce[
|
231
|
+
int (*read)(const TRUST_TOKEN_ISSUER_KEY *key,
|
232
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
173
233
|
uint8_t *out_private_metadata, const uint8_t *token,
|
174
234
|
size_t token_len);
|
235
|
+
|
236
|
+
// whether the construction supports private metadata.
|
237
|
+
int has_private_metadata;
|
238
|
+
|
239
|
+
// max keys that can be configured.
|
240
|
+
size_t max_keys;
|
241
|
+
|
242
|
+
// whether the SRR is part of the protocol.
|
243
|
+
int has_srr;
|
175
244
|
};
|
176
245
|
|
177
246
|
// Structure representing a single Trust Token public key with the specified ID.
|
178
247
|
struct trust_token_client_key_st {
|
179
248
|
uint32_t id;
|
180
|
-
|
249
|
+
TRUST_TOKEN_CLIENT_KEY key;
|
181
250
|
};
|
182
251
|
|
183
252
|
// Structure representing a single Trust Token private key with the specified
|
184
253
|
// ID.
|
185
254
|
struct trust_token_issuer_key_st {
|
186
255
|
uint32_t id;
|
187
|
-
|
256
|
+
TRUST_TOKEN_ISSUER_KEY key;
|
188
257
|
};
|
189
258
|
|
190
259
|
struct trust_token_client_st {
|
@@ -195,13 +264,13 @@ struct trust_token_client_st {
|
|
195
264
|
|
196
265
|
// keys is the set of public keys that are supported by the client for
|
197
266
|
// issuance/redemptions.
|
198
|
-
struct trust_token_client_key_st keys[
|
267
|
+
struct trust_token_client_key_st keys[6];
|
199
268
|
|
200
269
|
// num_keys is the number of keys currently configured.
|
201
270
|
size_t num_keys;
|
202
271
|
|
203
272
|
// pretokens is the intermediate state during an active issuance.
|
204
|
-
STACK_OF(
|
273
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN)* pretokens;
|
205
274
|
|
206
275
|
// srr_key is the public key used to verify the signature of the SRR.
|
207
276
|
EVP_PKEY *srr_key;
|
@@ -217,7 +286,7 @@ struct trust_token_issuer_st {
|
|
217
286
|
// keys is the set of private keys that are supported by the issuer for
|
218
287
|
// issuance/redemptions. The public metadata is an index into this list of
|
219
288
|
// keys.
|
220
|
-
struct trust_token_issuer_key_st keys[
|
289
|
+
struct trust_token_issuer_key_st keys[6];
|
221
290
|
|
222
291
|
// num_keys is the number of keys currently configured.
|
223
292
|
size_t num_keys;
|
@@ -239,7 +308,7 @@ extern "C++" {
|
|
239
308
|
|
240
309
|
BSSL_NAMESPACE_BEGIN
|
241
310
|
|
242
|
-
BORINGSSL_MAKE_DELETER(
|
311
|
+
BORINGSSL_MAKE_DELETER(TRUST_TOKEN_PRETOKEN, TRUST_TOKEN_PRETOKEN_free)
|
243
312
|
|
244
313
|
BSSL_NAMESPACE_END
|
245
314
|
|
@@ -31,10 +31,10 @@
|
|
31
31
|
|
32
32
|
|
33
33
|
typedef int (*hash_t_func_t)(const EC_GROUP *group, EC_RAW_POINT *out,
|
34
|
-
const uint8_t t[
|
34
|
+
const uint8_t t[TRUST_TOKEN_NONCE_SIZE]);
|
35
35
|
typedef int (*hash_s_func_t)(const EC_GROUP *group, EC_RAW_POINT *out,
|
36
36
|
const EC_AFFINE *t,
|
37
|
-
const uint8_t s[
|
37
|
+
const uint8_t s[TRUST_TOKEN_NONCE_SIZE]);
|
38
38
|
typedef int (*hash_c_func_t)(const EC_GROUP *group, EC_SCALAR *out,
|
39
39
|
uint8_t *buf, size_t len);
|
40
40
|
|
@@ -52,6 +52,7 @@ typedef struct {
|
|
52
52
|
// hash_c implements the H_c operation in PMBTokens. It returns one on success
|
53
53
|
// and zero on error.
|
54
54
|
hash_c_func_t hash_c;
|
55
|
+
int prefix_point : 1;
|
55
56
|
} PMBTOKEN_METHOD;
|
56
57
|
|
57
58
|
static const uint8_t kDefaultAdditionalData[32] = {0};
|
@@ -59,7 +60,7 @@ static const uint8_t kDefaultAdditionalData[32] = {0};
|
|
59
60
|
static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
|
60
61
|
const uint8_t *h_bytes, size_t h_len,
|
61
62
|
hash_t_func_t hash_t, hash_s_func_t hash_s,
|
62
|
-
hash_c_func_t hash_c) {
|
63
|
+
hash_c_func_t hash_c, int prefix_point) {
|
63
64
|
method->group = EC_GROUP_new_by_curve_name(curve_nid);
|
64
65
|
if (method->group == NULL) {
|
65
66
|
return 0;
|
@@ -68,6 +69,7 @@ static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
|
|
68
69
|
method->hash_t = hash_t;
|
69
70
|
method->hash_s = hash_s;
|
70
71
|
method->hash_c = hash_c;
|
72
|
+
method->prefix_point = prefix_point;
|
71
73
|
|
72
74
|
EC_AFFINE h;
|
73
75
|
if (!ec_point_from_uncompressed(method->group, &h, h_bytes, h_len)) {
|
@@ -113,11 +115,40 @@ static int point_to_cbb(CBB *out, const EC_GROUP *group,
|
|
113
115
|
len) == len;
|
114
116
|
}
|
115
117
|
|
118
|
+
static int cbb_add_prefixed_point(CBB *out, const EC_GROUP *group,
|
119
|
+
const EC_AFFINE *point, int prefix_point) {
|
120
|
+
if (prefix_point) {
|
121
|
+
CBB child;
|
122
|
+
if (!CBB_add_u16_length_prefixed(out, &child) ||
|
123
|
+
!point_to_cbb(&child, group, point) ||
|
124
|
+
!CBB_flush(out)) {
|
125
|
+
return 0;
|
126
|
+
}
|
127
|
+
} else {
|
128
|
+
if (!point_to_cbb(out, group, point) ||
|
129
|
+
!CBB_flush(out)) {
|
130
|
+
return 0;
|
131
|
+
}
|
132
|
+
}
|
133
|
+
|
134
|
+
return 1;
|
135
|
+
}
|
136
|
+
|
116
137
|
static int cbs_get_prefixed_point(CBS *cbs, const EC_GROUP *group,
|
117
|
-
EC_AFFINE *out) {
|
138
|
+
EC_AFFINE *out, int prefix_point) {
|
118
139
|
CBS child;
|
119
|
-
if (
|
120
|
-
|
140
|
+
if (prefix_point) {
|
141
|
+
if (!CBS_get_u16_length_prefixed(cbs, &child)) {
|
142
|
+
return 0;
|
143
|
+
}
|
144
|
+
} else {
|
145
|
+
size_t plen = 1 + 2 * BN_num_bytes(&group->field);
|
146
|
+
if (!CBS_get_bytes(cbs, &child, plen)) {
|
147
|
+
return 0;
|
148
|
+
}
|
149
|
+
}
|
150
|
+
|
151
|
+
if (!ec_point_from_uncompressed(group, out, CBS_data(&child),
|
121
152
|
CBS_len(&child))) {
|
122
153
|
return 0;
|
123
154
|
}
|
@@ -134,10 +165,6 @@ static int mul_public_3(const EC_GROUP *group, EC_RAW_POINT *out,
|
|
134
165
|
scalars, 3);
|
135
166
|
}
|
136
167
|
|
137
|
-
void PMBTOKEN_PRETOKEN_free(PMBTOKEN_PRETOKEN *pretoken) {
|
138
|
-
OPENSSL_free(pretoken);
|
139
|
-
}
|
140
|
-
|
141
168
|
static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
|
142
169
|
CBB *out_private, CBB *out_public) {
|
143
170
|
const EC_GROUP *group = method->group;
|
@@ -166,16 +193,12 @@ static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
|
|
166
193
|
return 0;
|
167
194
|
}
|
168
195
|
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
!
|
174
|
-
|
175
|
-
!point_to_cbb(&child, group, &pub_affine[1]) ||
|
176
|
-
!CBB_add_u16_length_prefixed(out_public, &child) ||
|
177
|
-
!point_to_cbb(&child, group, &pub_affine[2]) ||
|
178
|
-
!CBB_flush(out_public)) {
|
196
|
+
if (!cbb_add_prefixed_point(out_public, group, &pub_affine[0],
|
197
|
+
method->prefix_point) ||
|
198
|
+
!cbb_add_prefixed_point(out_public, group, &pub_affine[1],
|
199
|
+
method->prefix_point) ||
|
200
|
+
!cbb_add_prefixed_point(out_public, group, &pub_affine[2],
|
201
|
+
method->prefix_point)) {
|
179
202
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BUFFER_TOO_SMALL);
|
180
203
|
return 0;
|
181
204
|
}
|
@@ -184,15 +207,16 @@ static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
|
|
184
207
|
}
|
185
208
|
|
186
209
|
static int pmbtoken_client_key_from_bytes(const PMBTOKEN_METHOD *method,
|
187
|
-
|
210
|
+
TRUST_TOKEN_CLIENT_KEY *key,
|
188
211
|
const uint8_t *in, size_t len) {
|
189
|
-
// TODO(https://crbug.com/boringssl/331): When updating the key format, remove
|
190
|
-
// the redundant length prefixes.
|
191
212
|
CBS cbs;
|
192
213
|
CBS_init(&cbs, in, len);
|
193
|
-
if (!cbs_get_prefixed_point(&cbs, method->group, &key->pub0
|
194
|
-
|
195
|
-
!cbs_get_prefixed_point(&cbs, method->group, &key->
|
214
|
+
if (!cbs_get_prefixed_point(&cbs, method->group, &key->pub0,
|
215
|
+
method->prefix_point) ||
|
216
|
+
!cbs_get_prefixed_point(&cbs, method->group, &key->pub1,
|
217
|
+
method->prefix_point) ||
|
218
|
+
!cbs_get_prefixed_point(&cbs, method->group, &key->pubs,
|
219
|
+
method->prefix_point) ||
|
196
220
|
CBS_len(&cbs) != 0) {
|
197
221
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
198
222
|
return 0;
|
@@ -202,7 +226,7 @@ static int pmbtoken_client_key_from_bytes(const PMBTOKEN_METHOD *method,
|
|
202
226
|
}
|
203
227
|
|
204
228
|
static int pmbtoken_issuer_key_from_bytes(const PMBTOKEN_METHOD *method,
|
205
|
-
|
229
|
+
TRUST_TOKEN_ISSUER_KEY *key,
|
206
230
|
const uint8_t *in, size_t len) {
|
207
231
|
const EC_GROUP *group = method->group;
|
208
232
|
CBS cbs, tmp;
|
@@ -241,10 +265,10 @@ static int pmbtoken_issuer_key_from_bytes(const PMBTOKEN_METHOD *method,
|
|
241
265
|
return 1;
|
242
266
|
}
|
243
267
|
|
244
|
-
static STACK_OF(
|
268
|
+
static STACK_OF(TRUST_TOKEN_PRETOKEN) *
|
245
269
|
pmbtoken_blind(const PMBTOKEN_METHOD *method, CBB *cbb, size_t count) {
|
246
270
|
const EC_GROUP *group = method->group;
|
247
|
-
STACK_OF(
|
271
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens = sk_TRUST_TOKEN_PRETOKEN_new_null();
|
248
272
|
if (pretokens == NULL) {
|
249
273
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
250
274
|
goto err;
|
@@ -252,11 +276,11 @@ static STACK_OF(PMBTOKEN_PRETOKEN) *
|
|
252
276
|
|
253
277
|
for (size_t i = 0; i < count; i++) {
|
254
278
|
// Insert |pretoken| into |pretokens| early to simplify error-handling.
|
255
|
-
|
279
|
+
TRUST_TOKEN_PRETOKEN *pretoken = OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN));
|
256
280
|
if (pretoken == NULL ||
|
257
|
-
!
|
281
|
+
!sk_TRUST_TOKEN_PRETOKEN_push(pretokens, pretoken)) {
|
258
282
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
259
|
-
|
283
|
+
TRUST_TOKEN_PRETOKEN_free(pretoken);
|
260
284
|
goto err;
|
261
285
|
}
|
262
286
|
|
@@ -282,12 +306,8 @@ static STACK_OF(PMBTOKEN_PRETOKEN) *
|
|
282
306
|
goto err;
|
283
307
|
}
|
284
308
|
|
285
|
-
|
286
|
-
|
287
|
-
CBB child;
|
288
|
-
if (!CBB_add_u16_length_prefixed(cbb, &child) ||
|
289
|
-
!point_to_cbb(&child, group, &pretoken->Tp) ||
|
290
|
-
!CBB_flush(cbb)) {
|
309
|
+
if (!cbb_add_prefixed_point(cbb, group, &pretoken->Tp,
|
310
|
+
method->prefix_point)) {
|
291
311
|
goto err;
|
292
312
|
}
|
293
313
|
}
|
@@ -295,7 +315,7 @@ static STACK_OF(PMBTOKEN_PRETOKEN) *
|
|
295
315
|
return pretokens;
|
296
316
|
|
297
317
|
err:
|
298
|
-
|
318
|
+
sk_TRUST_TOKEN_PRETOKEN_pop_free(pretokens, TRUST_TOKEN_PRETOKEN_free);
|
299
319
|
return NULL;
|
300
320
|
}
|
301
321
|
|
@@ -431,9 +451,10 @@ err:
|
|
431
451
|
// DLEQOR2 with only one value (n=1).
|
432
452
|
|
433
453
|
static int dleq_generate(const PMBTOKEN_METHOD *method, CBB *cbb,
|
434
|
-
const
|
435
|
-
const EC_RAW_POINT *
|
436
|
-
const EC_RAW_POINT *
|
454
|
+
const TRUST_TOKEN_ISSUER_KEY *priv,
|
455
|
+
const EC_RAW_POINT *T, const EC_RAW_POINT *S,
|
456
|
+
const EC_RAW_POINT *W, const EC_RAW_POINT *Ws,
|
457
|
+
uint8_t private_metadata) {
|
437
458
|
const EC_GROUP *group = method->group;
|
438
459
|
|
439
460
|
// We generate a DLEQ proof for the validity token and a DLEQOR2 proof for the
|
@@ -592,7 +613,7 @@ static int dleq_generate(const PMBTOKEN_METHOD *method, CBB *cbb,
|
|
592
613
|
}
|
593
614
|
|
594
615
|
static int dleq_verify(const PMBTOKEN_METHOD *method, CBS *cbs,
|
595
|
-
const
|
616
|
+
const TRUST_TOKEN_CLIENT_KEY *pub, const EC_RAW_POINT *T,
|
596
617
|
const EC_RAW_POINT *S, const EC_RAW_POINT *W,
|
597
618
|
const EC_RAW_POINT *Ws) {
|
598
619
|
const EC_GROUP *group = method->group;
|
@@ -711,7 +732,7 @@ static int dleq_verify(const PMBTOKEN_METHOD *method, CBS *cbs,
|
|
711
732
|
}
|
712
733
|
|
713
734
|
static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
714
|
-
const
|
735
|
+
const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
715
736
|
size_t num_requested, size_t num_to_issue,
|
716
737
|
uint8_t private_metadata) {
|
717
738
|
const EC_GROUP *group = method->group;
|
@@ -750,7 +771,7 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
750
771
|
for (size_t i = 0; i < num_to_issue; i++) {
|
751
772
|
EC_AFFINE Tp_affine;
|
752
773
|
EC_RAW_POINT Tp;
|
753
|
-
if (!cbs_get_prefixed_point(cbs, group, &Tp_affine)) {
|
774
|
+
if (!cbs_get_prefixed_point(cbs, group, &Tp_affine, method->prefix_point)) {
|
754
775
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
755
776
|
goto err;
|
756
777
|
}
|
@@ -761,25 +782,22 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
761
782
|
ec_scalar_select(group, &xb, mask, &key->x1, &key->x0);
|
762
783
|
ec_scalar_select(group, &yb, mask, &key->y1, &key->y0);
|
763
784
|
|
764
|
-
uint8_t s[
|
765
|
-
RAND_bytes(s,
|
785
|
+
uint8_t s[TRUST_TOKEN_NONCE_SIZE];
|
786
|
+
RAND_bytes(s, TRUST_TOKEN_NONCE_SIZE);
|
766
787
|
// The |jacobians| and |affines| contain Sp, Wp, and Wsp.
|
767
788
|
EC_RAW_POINT jacobians[3];
|
768
789
|
EC_AFFINE affines[3];
|
769
|
-
CBB child;
|
770
790
|
if (!method->hash_s(group, &jacobians[0], &Tp_affine, s) ||
|
771
791
|
!ec_point_mul_scalar_batch(group, &jacobians[1], &Tp, &xb,
|
772
792
|
&jacobians[0], &yb, NULL, NULL) ||
|
773
793
|
!ec_point_mul_scalar_batch(group, &jacobians[2], &Tp, &key->xs,
|
774
794
|
&jacobians[0], &key->ys, NULL, NULL) ||
|
775
795
|
!ec_jacobian_to_affine_batch(group, affines, jacobians, 3) ||
|
776
|
-
!CBB_add_bytes(cbb, s,
|
777
|
-
|
778
|
-
|
779
|
-
!
|
780
|
-
|
781
|
-
!CBB_add_u16_length_prefixed(cbb, &child) ||
|
782
|
-
!point_to_cbb(&child, group, &affines[2])) {
|
796
|
+
!CBB_add_bytes(cbb, s, TRUST_TOKEN_NONCE_SIZE) ||
|
797
|
+
!cbb_add_prefixed_point(cbb, group, &affines[1],
|
798
|
+
method->prefix_point) ||
|
799
|
+
!cbb_add_prefixed_point(cbb, group, &affines[2],
|
800
|
+
method->prefix_point)) {
|
783
801
|
goto err;
|
784
802
|
}
|
785
803
|
|
@@ -835,7 +853,11 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
835
853
|
|
836
854
|
// Skip over any unused requests.
|
837
855
|
size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
|
838
|
-
|
856
|
+
size_t token_len = point_len;
|
857
|
+
if (method->prefix_point) {
|
858
|
+
token_len += 2;
|
859
|
+
}
|
860
|
+
if (!CBS_skip(cbs, token_len * (num_requested - num_to_issue))) {
|
839
861
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
840
862
|
goto err;
|
841
863
|
}
|
@@ -854,11 +876,11 @@ err:
|
|
854
876
|
|
855
877
|
static STACK_OF(TRUST_TOKEN) *
|
856
878
|
pmbtoken_unblind(const PMBTOKEN_METHOD *method,
|
857
|
-
const
|
858
|
-
const STACK_OF(
|
879
|
+
const TRUST_TOKEN_CLIENT_KEY *key,
|
880
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens, CBS *cbs,
|
859
881
|
size_t count, uint32_t key_id) {
|
860
882
|
const EC_GROUP *group = method->group;
|
861
|
-
if (count >
|
883
|
+
if (count > sk_TRUST_TOKEN_PRETOKEN_num(pretokens)) {
|
862
884
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
863
885
|
return NULL;
|
864
886
|
}
|
@@ -896,14 +918,15 @@ static STACK_OF(TRUST_TOKEN) *
|
|
896
918
|
}
|
897
919
|
|
898
920
|
for (size_t i = 0; i < count; i++) {
|
899
|
-
const
|
900
|
-
|
921
|
+
const TRUST_TOKEN_PRETOKEN *pretoken =
|
922
|
+
sk_TRUST_TOKEN_PRETOKEN_value(pretokens, i);
|
901
923
|
|
902
|
-
uint8_t s[
|
924
|
+
uint8_t s[TRUST_TOKEN_NONCE_SIZE];
|
903
925
|
EC_AFFINE Wp_affine, Wsp_affine;
|
904
|
-
if (!CBS_copy_bytes(cbs, s,
|
905
|
-
!cbs_get_prefixed_point(cbs, group, &Wp_affine) ||
|
906
|
-
!cbs_get_prefixed_point(cbs, group, &Wsp_affine
|
926
|
+
if (!CBS_copy_bytes(cbs, s, TRUST_TOKEN_NONCE_SIZE) ||
|
927
|
+
!cbs_get_prefixed_point(cbs, group, &Wp_affine, method->prefix_point) ||
|
928
|
+
!cbs_get_prefixed_point(cbs, group, &Wsp_affine,
|
929
|
+
method->prefix_point)) {
|
907
930
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
908
931
|
goto err;
|
909
932
|
}
|
@@ -937,19 +960,18 @@ static STACK_OF(TRUST_TOKEN) *
|
|
937
960
|
|
938
961
|
// Serialize the token. Include |key_id| to avoid an extra copy in the layer
|
939
962
|
// above.
|
940
|
-
CBB token_cbb
|
963
|
+
CBB token_cbb;
|
941
964
|
size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
|
942
|
-
if (!CBB_init(&token_cbb,
|
965
|
+
if (!CBB_init(&token_cbb,
|
966
|
+
4 + TRUST_TOKEN_NONCE_SIZE + 3 * (2 + point_len)) ||
|
943
967
|
!CBB_add_u32(&token_cbb, key_id) ||
|
944
|
-
!CBB_add_bytes(&token_cbb, pretoken->t,
|
945
|
-
|
946
|
-
|
947
|
-
!
|
948
|
-
|
949
|
-
!
|
950
|
-
|
951
|
-
!CBB_add_u16_length_prefixed(&token_cbb, &child) ||
|
952
|
-
!point_to_cbb(&child, group, &affines[2]) ||
|
968
|
+
!CBB_add_bytes(&token_cbb, pretoken->t, TRUST_TOKEN_NONCE_SIZE) ||
|
969
|
+
!cbb_add_prefixed_point(&token_cbb, group, &affines[0],
|
970
|
+
method->prefix_point) ||
|
971
|
+
!cbb_add_prefixed_point(&token_cbb, group, &affines[1],
|
972
|
+
method->prefix_point) ||
|
973
|
+
!cbb_add_prefixed_point(&token_cbb, group, &affines[2],
|
974
|
+
method->prefix_point) ||
|
953
975
|
!CBB_flush(&token_cbb)) {
|
954
976
|
CBB_cleanup(&token_cbb);
|
955
977
|
goto err;
|
@@ -1012,18 +1034,18 @@ err:
|
|
1012
1034
|
}
|
1013
1035
|
|
1014
1036
|
static int pmbtoken_read(const PMBTOKEN_METHOD *method,
|
1015
|
-
const
|
1016
|
-
uint8_t out_nonce[
|
1037
|
+
const TRUST_TOKEN_ISSUER_KEY *key,
|
1038
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
1017
1039
|
uint8_t *out_private_metadata, const uint8_t *token,
|
1018
1040
|
size_t token_len) {
|
1019
1041
|
const EC_GROUP *group = method->group;
|
1020
1042
|
CBS cbs;
|
1021
1043
|
CBS_init(&cbs, token, token_len);
|
1022
1044
|
EC_AFFINE S, W, Ws;
|
1023
|
-
if (!CBS_copy_bytes(&cbs, out_nonce,
|
1024
|
-
!cbs_get_prefixed_point(&cbs, group, &S) ||
|
1025
|
-
!cbs_get_prefixed_point(&cbs, group, &W) ||
|
1026
|
-
!cbs_get_prefixed_point(&cbs, group, &Ws) ||
|
1045
|
+
if (!CBS_copy_bytes(&cbs, out_nonce, TRUST_TOKEN_NONCE_SIZE) ||
|
1046
|
+
!cbs_get_prefixed_point(&cbs, group, &S, method->prefix_point) ||
|
1047
|
+
!cbs_get_prefixed_point(&cbs, group, &W, method->prefix_point) ||
|
1048
|
+
!cbs_get_prefixed_point(&cbs, group, &Ws, method->prefix_point) ||
|
1027
1049
|
CBS_len(&cbs) != 0) {
|
1028
1050
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN);
|
1029
1051
|
return 0;
|
@@ -1079,15 +1101,15 @@ static int pmbtoken_read(const PMBTOKEN_METHOD *method,
|
|
1079
1101
|
// PMBTokens experiment v1.
|
1080
1102
|
|
1081
1103
|
static int pmbtoken_exp1_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
|
1082
|
-
const uint8_t t[
|
1104
|
+
const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) {
|
1083
1105
|
const uint8_t kHashTLabel[] = "PMBTokens Experiment V1 HashT";
|
1084
1106
|
return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
1085
|
-
group, out, kHashTLabel, sizeof(kHashTLabel), t,
|
1107
|
+
group, out, kHashTLabel, sizeof(kHashTLabel), t, TRUST_TOKEN_NONCE_SIZE);
|
1086
1108
|
}
|
1087
1109
|
|
1088
1110
|
static int pmbtoken_exp1_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
|
1089
1111
|
const EC_AFFINE *t,
|
1090
|
-
const uint8_t s[
|
1112
|
+
const uint8_t s[TRUST_TOKEN_NONCE_SIZE]) {
|
1091
1113
|
const uint8_t kHashSLabel[] = "PMBTokens Experiment V1 HashS";
|
1092
1114
|
int ret = 0;
|
1093
1115
|
CBB cbb;
|
@@ -1095,7 +1117,7 @@ static int pmbtoken_exp1_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
|
|
1095
1117
|
size_t len;
|
1096
1118
|
if (!CBB_init(&cbb, 0) ||
|
1097
1119
|
!point_to_cbb(&cbb, group, t) ||
|
1098
|
-
!CBB_add_bytes(&cbb, s,
|
1120
|
+
!CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) ||
|
1099
1121
|
!CBB_finish(&cbb, &buf, &len) ||
|
1100
1122
|
!ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
1101
1123
|
group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
|
@@ -1140,7 +1162,7 @@ static void pmbtoken_exp1_init_method_impl(void) {
|
|
1140
1162
|
pmbtoken_exp1_ok =
|
1141
1163
|
pmbtoken_init_method(&pmbtoken_exp1_method, NID_secp384r1, kH, sizeof(kH),
|
1142
1164
|
pmbtoken_exp1_hash_t, pmbtoken_exp1_hash_s,
|
1143
|
-
pmbtoken_exp1_hash_c);
|
1165
|
+
pmbtoken_exp1_hash_c, 1);
|
1144
1166
|
}
|
1145
1167
|
|
1146
1168
|
static int pmbtoken_exp1_init_method(void) {
|
@@ -1160,7 +1182,7 @@ int pmbtoken_exp1_generate_key(CBB *out_private, CBB *out_public) {
|
|
1160
1182
|
return pmbtoken_generate_key(&pmbtoken_exp1_method, out_private, out_public);
|
1161
1183
|
}
|
1162
1184
|
|
1163
|
-
int pmbtoken_exp1_client_key_from_bytes(
|
1185
|
+
int pmbtoken_exp1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
|
1164
1186
|
const uint8_t *in, size_t len) {
|
1165
1187
|
if (!pmbtoken_exp1_init_method()) {
|
1166
1188
|
return 0;
|
@@ -1168,7 +1190,7 @@ int pmbtoken_exp1_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
|
|
1168
1190
|
return pmbtoken_client_key_from_bytes(&pmbtoken_exp1_method, key, in, len);
|
1169
1191
|
}
|
1170
1192
|
|
1171
|
-
int pmbtoken_exp1_issuer_key_from_bytes(
|
1193
|
+
int pmbtoken_exp1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
|
1172
1194
|
const uint8_t *in, size_t len) {
|
1173
1195
|
if (!pmbtoken_exp1_init_method()) {
|
1174
1196
|
return 0;
|
@@ -1176,14 +1198,14 @@ int pmbtoken_exp1_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
|
|
1176
1198
|
return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp1_method, key, in, len);
|
1177
1199
|
}
|
1178
1200
|
|
1179
|
-
STACK_OF(
|
1201
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp1_blind(CBB *cbb, size_t count) {
|
1180
1202
|
if (!pmbtoken_exp1_init_method()) {
|
1181
1203
|
return NULL;
|
1182
1204
|
}
|
1183
1205
|
return pmbtoken_blind(&pmbtoken_exp1_method, cbb, count);
|
1184
1206
|
}
|
1185
1207
|
|
1186
|
-
int pmbtoken_exp1_sign(const
|
1208
|
+
int pmbtoken_exp1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
1187
1209
|
size_t num_requested, size_t num_to_issue,
|
1188
1210
|
uint8_t private_metadata) {
|
1189
1211
|
if (!pmbtoken_exp1_init_method()) {
|
@@ -1194,8 +1216,8 @@ int pmbtoken_exp1_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
|
1194
1216
|
}
|
1195
1217
|
|
1196
1218
|
STACK_OF(TRUST_TOKEN) *
|
1197
|
-
pmbtoken_exp1_unblind(const
|
1198
|
-
const STACK_OF(
|
1219
|
+
pmbtoken_exp1_unblind(const TRUST_TOKEN_CLIENT_KEY *key,
|
1220
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens,
|
1199
1221
|
CBS *cbs, size_t count, uint32_t key_id) {
|
1200
1222
|
if (!pmbtoken_exp1_init_method()) {
|
1201
1223
|
return NULL;
|
@@ -1204,8 +1226,8 @@ STACK_OF(TRUST_TOKEN) *
|
|
1204
1226
|
key_id);
|
1205
1227
|
}
|
1206
1228
|
|
1207
|
-
int pmbtoken_exp1_read(const
|
1208
|
-
uint8_t out_nonce[
|
1229
|
+
int pmbtoken_exp1_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
1230
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
1209
1231
|
uint8_t *out_private_metadata, const uint8_t *token,
|
1210
1232
|
size_t token_len) {
|
1211
1233
|
if (!pmbtoken_exp1_init_method()) {
|
@@ -1225,3 +1247,153 @@ int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]) {
|
|
1225
1247
|
ec_point_to_bytes(pmbtoken_exp1_method.group, &h,
|
1226
1248
|
POINT_CONVERSION_UNCOMPRESSED, out, 97) == 97;
|
1227
1249
|
}
|
1250
|
+
|
1251
|
+
// PMBTokens experiment v2.
|
1252
|
+
|
1253
|
+
static int pmbtoken_exp2_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
|
1254
|
+
const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) {
|
1255
|
+
const uint8_t kHashTLabel[] = "PMBTokens Experiment V2 HashT";
|
1256
|
+
return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
1257
|
+
group, out, kHashTLabel, sizeof(kHashTLabel), t, TRUST_TOKEN_NONCE_SIZE);
|
1258
|
+
}
|
1259
|
+
|
1260
|
+
static int pmbtoken_exp2_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
|
1261
|
+
const EC_AFFINE *t,
|
1262
|
+
const uint8_t s[TRUST_TOKEN_NONCE_SIZE]) {
|
1263
|
+
const uint8_t kHashSLabel[] = "PMBTokens Experiment V2 HashS";
|
1264
|
+
int ret = 0;
|
1265
|
+
CBB cbb;
|
1266
|
+
uint8_t *buf = NULL;
|
1267
|
+
size_t len;
|
1268
|
+
if (!CBB_init(&cbb, 0) ||
|
1269
|
+
!point_to_cbb(&cbb, group, t) ||
|
1270
|
+
!CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) ||
|
1271
|
+
!CBB_finish(&cbb, &buf, &len) ||
|
1272
|
+
!ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
1273
|
+
group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
|
1274
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
1275
|
+
goto err;
|
1276
|
+
}
|
1277
|
+
|
1278
|
+
ret = 1;
|
1279
|
+
|
1280
|
+
err:
|
1281
|
+
OPENSSL_free(buf);
|
1282
|
+
CBB_cleanup(&cbb);
|
1283
|
+
return ret;
|
1284
|
+
}
|
1285
|
+
|
1286
|
+
static int pmbtoken_exp2_hash_c(const EC_GROUP *group, EC_SCALAR *out,
|
1287
|
+
uint8_t *buf, size_t len) {
|
1288
|
+
const uint8_t kHashCLabel[] = "PMBTokens Experiment V2 HashC";
|
1289
|
+
return ec_hash_to_scalar_p384_xmd_sha512_draft07(
|
1290
|
+
group, out, kHashCLabel, sizeof(kHashCLabel), buf, len);
|
1291
|
+
}
|
1292
|
+
|
1293
|
+
static int pmbtoken_exp2_ok = 0;
|
1294
|
+
static PMBTOKEN_METHOD pmbtoken_exp2_method;
|
1295
|
+
static CRYPTO_once_t pmbtoken_exp2_method_once = CRYPTO_ONCE_INIT;
|
1296
|
+
|
1297
|
+
static void pmbtoken_exp2_init_method_impl(void) {
|
1298
|
+
// This is the output of |ec_hash_to_scalar_p384_xmd_sha512_draft07| with DST
|
1299
|
+
// "PMBTokens Experiment V2 HashH" and message "generator".
|
1300
|
+
static const uint8_t kH[] = {
|
1301
|
+
0x04, 0xbc, 0x27, 0x24, 0x99, 0xfa, 0xc9, 0xa4, 0x74, 0x6f, 0xf9,
|
1302
|
+
0x07, 0x81, 0x55, 0xf8, 0x1f, 0x6f, 0xda, 0x09, 0xe7, 0x8c, 0x5d,
|
1303
|
+
0x9e, 0x4e, 0x14, 0x7c, 0x53, 0x14, 0xbc, 0x7e, 0x29, 0x57, 0x92,
|
1304
|
+
0x17, 0x94, 0x6e, 0xd2, 0xdf, 0xa5, 0x31, 0x1b, 0x4e, 0xb7, 0xfc,
|
1305
|
+
0x93, 0xe3, 0x6e, 0x14, 0x1f, 0x4f, 0x14, 0xf3, 0xe5, 0x47, 0x61,
|
1306
|
+
0x1c, 0x2c, 0x72, 0x25, 0xf0, 0x4a, 0x45, 0x23, 0x2d, 0x57, 0x93,
|
1307
|
+
0x0e, 0xb2, 0x55, 0xb8, 0x57, 0x25, 0x4c, 0x1e, 0xdb, 0xfd, 0x58,
|
1308
|
+
0x70, 0x17, 0x9a, 0xbb, 0x9e, 0x5e, 0x93, 0x9e, 0x92, 0xd3, 0xe8,
|
1309
|
+
0x25, 0x62, 0xbf, 0x59, 0xb2, 0xd2, 0x3d, 0x71, 0xff
|
1310
|
+
};
|
1311
|
+
|
1312
|
+
pmbtoken_exp2_ok =
|
1313
|
+
pmbtoken_init_method(&pmbtoken_exp2_method, NID_secp384r1, kH, sizeof(kH),
|
1314
|
+
pmbtoken_exp2_hash_t, pmbtoken_exp2_hash_s,
|
1315
|
+
pmbtoken_exp2_hash_c, 0);
|
1316
|
+
}
|
1317
|
+
|
1318
|
+
static int pmbtoken_exp2_init_method(void) {
|
1319
|
+
CRYPTO_once(&pmbtoken_exp2_method_once, pmbtoken_exp2_init_method_impl);
|
1320
|
+
if (!pmbtoken_exp2_ok) {
|
1321
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
|
1322
|
+
return 0;
|
1323
|
+
}
|
1324
|
+
return 1;
|
1325
|
+
}
|
1326
|
+
|
1327
|
+
int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public) {
|
1328
|
+
if (!pmbtoken_exp2_init_method()) {
|
1329
|
+
return 0;
|
1330
|
+
}
|
1331
|
+
|
1332
|
+
return pmbtoken_generate_key(&pmbtoken_exp2_method, out_private, out_public);
|
1333
|
+
}
|
1334
|
+
|
1335
|
+
int pmbtoken_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
|
1336
|
+
const uint8_t *in, size_t len) {
|
1337
|
+
if (!pmbtoken_exp2_init_method()) {
|
1338
|
+
return 0;
|
1339
|
+
}
|
1340
|
+
return pmbtoken_client_key_from_bytes(&pmbtoken_exp2_method, key, in, len);
|
1341
|
+
}
|
1342
|
+
|
1343
|
+
int pmbtoken_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
|
1344
|
+
const uint8_t *in, size_t len) {
|
1345
|
+
if (!pmbtoken_exp2_init_method()) {
|
1346
|
+
return 0;
|
1347
|
+
}
|
1348
|
+
return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp2_method, key, in, len);
|
1349
|
+
}
|
1350
|
+
|
1351
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count) {
|
1352
|
+
if (!pmbtoken_exp2_init_method()) {
|
1353
|
+
return NULL;
|
1354
|
+
}
|
1355
|
+
return pmbtoken_blind(&pmbtoken_exp2_method, cbb, count);
|
1356
|
+
}
|
1357
|
+
|
1358
|
+
int pmbtoken_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
1359
|
+
size_t num_requested, size_t num_to_issue,
|
1360
|
+
uint8_t private_metadata) {
|
1361
|
+
if (!pmbtoken_exp2_init_method()) {
|
1362
|
+
return 0;
|
1363
|
+
}
|
1364
|
+
return pmbtoken_sign(&pmbtoken_exp2_method, key, cbb, cbs, num_requested,
|
1365
|
+
num_to_issue, private_metadata);
|
1366
|
+
}
|
1367
|
+
|
1368
|
+
STACK_OF(TRUST_TOKEN) *
|
1369
|
+
pmbtoken_exp2_unblind(const TRUST_TOKEN_CLIENT_KEY *key,
|
1370
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens,
|
1371
|
+
CBS *cbs, size_t count, uint32_t key_id) {
|
1372
|
+
if (!pmbtoken_exp2_init_method()) {
|
1373
|
+
return NULL;
|
1374
|
+
}
|
1375
|
+
return pmbtoken_unblind(&pmbtoken_exp2_method, key, pretokens, cbs, count,
|
1376
|
+
key_id);
|
1377
|
+
}
|
1378
|
+
|
1379
|
+
int pmbtoken_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
1380
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
1381
|
+
uint8_t *out_private_metadata, const uint8_t *token,
|
1382
|
+
size_t token_len) {
|
1383
|
+
if (!pmbtoken_exp2_init_method()) {
|
1384
|
+
return 0;
|
1385
|
+
}
|
1386
|
+
return pmbtoken_read(&pmbtoken_exp2_method, key, out_nonce,
|
1387
|
+
out_private_metadata, token, token_len);
|
1388
|
+
}
|
1389
|
+
|
1390
|
+
int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]) {
|
1391
|
+
if (!pmbtoken_exp2_init_method()) {
|
1392
|
+
return 0;
|
1393
|
+
}
|
1394
|
+
EC_AFFINE h;
|
1395
|
+
return ec_jacobian_to_affine(pmbtoken_exp2_method.group, &h,
|
1396
|
+
&pmbtoken_exp2_method.h) &&
|
1397
|
+
ec_point_to_bytes(pmbtoken_exp2_method.group, &h,
|
1398
|
+
POINT_CONVERSION_UNCOMPRESSED, out, 97) == 97;
|
1399
|
+
}
|