grpc 1.32.0 → 1.35.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (938) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +1078 -3049
  3. data/etc/roots.pem +257 -573
  4. data/include/grpc/compression.h +1 -1
  5. data/include/grpc/grpc.h +15 -7
  6. data/include/grpc/grpc_security.h +222 -171
  7. data/include/grpc/impl/codegen/atm_windows.h +4 -0
  8. data/include/grpc/impl/codegen/byte_buffer.h +1 -1
  9. data/include/grpc/impl/codegen/grpc_types.h +10 -8
  10. data/include/grpc/impl/codegen/log.h +0 -2
  11. data/include/grpc/impl/codegen/port_platform.h +22 -55
  12. data/include/grpc/impl/codegen/sync_windows.h +4 -0
  13. data/include/grpc/slice_buffer.h +3 -3
  14. data/include/grpc/support/sync.h +3 -3
  15. data/include/grpc/support/time.h +7 -7
  16. data/src/core/ext/filters/client_channel/backend_metric.cc +2 -4
  17. data/src/core/ext/filters/client_channel/client_channel.cc +2776 -1529
  18. data/src/core/ext/filters/client_channel/client_channel.h +0 -4
  19. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
  20. data/src/core/ext/filters/client_channel/config_selector.cc +0 -4
  21. data/src/core/ext/filters/client_channel/config_selector.h +40 -8
  22. data/src/core/ext/filters/client_channel/dynamic_filters.cc +186 -0
  23. data/src/core/ext/filters/client_channel/dynamic_filters.h +99 -0
  24. data/src/core/ext/filters/client_channel/health/health_check_client.cc +10 -7
  25. data/src/core/ext/filters/client_channel/health/health_check_client.h +4 -4
  26. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +5 -6
  27. data/src/core/ext/filters/client_channel/http_proxy.cc +21 -20
  28. data/src/core/ext/filters/client_channel/lb_policy.cc +6 -2
  29. data/src/core/ext/filters/client_channel/lb_policy.h +6 -7
  30. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +48 -35
  31. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +7 -5
  32. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +4 -3
  33. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +1 -1
  34. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +201 -190
  35. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +3 -1
  36. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +3 -3
  37. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
  38. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +4 -4
  39. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +50 -20
  40. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +5 -5
  41. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +14 -34
  42. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +6 -6
  43. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +341 -127
  44. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +52 -24
  45. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +24 -0
  46. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +812 -0
  47. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +722 -0
  48. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +1262 -0
  49. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +8 -1
  50. data/src/core/ext/filters/client_channel/resolver.cc +3 -1
  51. data/src/core/ext/filters/client_channel/resolver.h +4 -1
  52. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +9 -16
  53. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -32
  54. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +3 -3
  55. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +454 -16
  56. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -0
  57. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +7 -10
  58. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +3 -3
  59. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +1 -1
  60. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +34 -27
  61. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +618 -366
  62. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +28 -0
  63. data/src/core/ext/filters/client_channel/resolver_factory.h +6 -6
  64. data/src/core/ext/filters/client_channel/resolver_registry.cc +40 -39
  65. data/src/core/ext/filters/client_channel/resolver_registry.h +2 -2
  66. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +29 -74
  67. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +12 -10
  68. data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -3
  69. data/src/core/ext/filters/client_channel/retry_throttle.h +4 -2
  70. data/src/core/ext/filters/client_channel/server_address.cc +80 -0
  71. data/src/core/ext/filters/client_channel/server_address.h +21 -36
  72. data/src/core/ext/filters/client_channel/service_config.cc +18 -13
  73. data/src/core/ext/filters/client_channel/service_config.h +8 -5
  74. data/src/core/ext/filters/client_channel/service_config_call_data.h +19 -1
  75. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
  76. data/src/core/ext/filters/client_channel/service_config_parser.cc +8 -6
  77. data/src/core/ext/filters/client_channel/service_config_parser.h +8 -5
  78. data/src/core/ext/filters/client_channel/subchannel.cc +51 -64
  79. data/src/core/ext/filters/client_channel/subchannel.h +14 -20
  80. data/src/core/ext/filters/client_channel/subchannel_interface.h +41 -5
  81. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +6 -2
  82. data/src/core/ext/filters/deadline/deadline_filter.cc +87 -79
  83. data/src/core/ext/filters/deadline/deadline_filter.h +7 -11
  84. data/src/core/ext/filters/http/client/http_client_filter.cc +1 -1
  85. data/src/core/ext/filters/http/client_authority_filter.cc +6 -6
  86. data/src/core/ext/filters/http/http_filters_plugin.cc +6 -3
  87. data/src/core/ext/filters/http/server/http_server_filter.cc +3 -3
  88. data/src/core/ext/filters/max_age/max_age_filter.cc +1 -1
  89. data/src/core/ext/filters/message_size/message_size_filter.cc +3 -2
  90. data/src/core/ext/filters/message_size/message_size_filter.h +2 -1
  91. data/src/core/ext/filters/workarounds/workaround_utils.cc +1 -1
  92. data/src/core/ext/transport/chttp2/client/authority.cc +3 -3
  93. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
  94. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +20 -8
  95. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +21 -10
  96. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +26 -14
  97. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +185 -79
  98. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +12 -5
  99. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +7 -7
  100. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +28 -42
  101. data/src/core/ext/transport/chttp2/transport/flow_control.cc +10 -2
  102. data/src/core/ext/transport/chttp2/transport/flow_control.h +13 -3
  103. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -1
  104. data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -1
  105. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +6 -6
  106. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +12 -8
  107. data/src/core/ext/transport/chttp2/transport/internal.h +5 -1
  108. data/src/core/ext/transport/chttp2/transport/parsing.cc +18 -3
  109. data/src/core/ext/transport/chttp2/transport/writing.cc +2 -3
  110. data/src/core/ext/transport/inproc/inproc_transport.cc +42 -8
  111. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +1 -0
  112. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +1 -1
  113. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +7 -0
  114. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +52 -32
  115. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +199 -34
  116. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +13 -13
  117. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +44 -17
  118. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +177 -99
  119. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +642 -202
  120. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +3 -3
  121. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +13 -5
  122. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +22 -22
  123. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +47 -21
  124. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +36 -24
  125. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +133 -39
  126. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +4 -4
  127. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +15 -6
  128. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +45 -44
  129. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +200 -78
  130. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +31 -24
  131. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +107 -47
  132. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +1 -1
  133. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +7 -0
  134. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +53 -0
  135. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +149 -0
  136. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +74 -28
  137. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +248 -43
  138. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +39 -39
  139. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +157 -89
  140. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +4 -4
  141. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +17 -9
  142. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +63 -39
  143. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +254 -60
  144. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +1 -1
  145. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +7 -0
  146. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +2 -2
  147. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +9 -2
  148. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +36 -0
  149. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +92 -0
  150. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +13 -13
  151. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +59 -36
  152. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +16 -16
  153. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +61 -29
  154. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +26 -26
  155. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +101 -66
  156. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +2 -2
  157. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +11 -3
  158. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +46 -26
  159. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +179 -68
  160. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +39 -22
  161. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +149 -48
  162. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +2 -2
  163. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +13 -0
  164. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +21 -17
  165. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +96 -33
  166. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +7 -7
  167. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +38 -22
  168. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +321 -194
  169. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +1228 -443
  170. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +8 -7
  171. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +34 -10
  172. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +3 -3
  173. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +17 -3
  174. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +132 -80
  175. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +516 -166
  176. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +1 -0
  177. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +24 -25
  178. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +96 -71
  179. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +12 -8
  180. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +46 -8
  181. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +71 -29
  182. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +296 -63
  183. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +1 -1
  184. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +7 -0
  185. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +1 -1
  186. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +7 -0
  187. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +41 -31
  188. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +165 -64
  189. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +1 -1
  190. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +7 -0
  191. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +1 -1
  192. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +7 -0
  193. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +7 -7
  194. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +31 -16
  195. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +1 -1
  196. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +7 -0
  197. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +1 -1
  198. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +7 -0
  199. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +5 -5
  200. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +25 -11
  201. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +1 -1
  202. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +7 -0
  203. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +1 -1
  204. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +7 -0
  205. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +6 -6
  206. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +29 -8
  207. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +4 -3
  208. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +22 -3
  209. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +3 -3
  210. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +19 -0
  211. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +7 -7
  212. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +46 -3
  213. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +8 -8
  214. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +41 -8
  215. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +1 -0
  216. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +3 -3
  217. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +15 -2
  218. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +3 -3
  219. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +19 -0
  220. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +1 -1
  221. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +7 -0
  222. data/src/core/ext/upb-generated/google/api/annotations.upb.h +1 -0
  223. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +242 -0
  224. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +830 -0
  225. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +34 -34
  226. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +142 -59
  227. data/src/core/ext/upb-generated/google/api/http.upb.c +3 -3
  228. data/src/core/ext/upb-generated/google/api/http.upb.h +25 -6
  229. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +1 -1
  230. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +7 -0
  231. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +90 -90
  232. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +455 -292
  233. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +1 -1
  234. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +7 -0
  235. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +1 -1
  236. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +7 -0
  237. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +4 -4
  238. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +22 -3
  239. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +1 -1
  240. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +7 -0
  241. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +9 -9
  242. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +55 -0
  243. data/src/core/ext/upb-generated/google/rpc/status.upb.c +1 -1
  244. data/src/core/ext/upb-generated/google/rpc/status.upb.h +10 -3
  245. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +4 -4
  246. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +11 -3
  247. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +41 -41
  248. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +149 -76
  249. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +5 -5
  250. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +21 -6
  251. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +2 -2
  252. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +13 -0
  253. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +17 -17
  254. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +82 -25
  255. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +3 -3
  256. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +19 -0
  257. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +31 -0
  258. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +64 -0
  259. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +1 -0
  260. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +2 -2
  261. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +9 -2
  262. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +1 -1
  263. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +7 -0
  264. data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.c +28 -0
  265. data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +60 -0
  266. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +52 -0
  267. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +143 -0
  268. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +42 -0
  269. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +84 -0
  270. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +36 -0
  271. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +94 -0
  272. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +54 -0
  273. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +173 -0
  274. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +36 -0
  275. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +92 -0
  276. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +3 -3
  277. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +7 -0
  278. data/src/core/ext/upb-generated/validate/validate.upb.c +64 -64
  279. data/src/core/ext/upb-generated/validate/validate.upb.h +296 -157
  280. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +38 -0
  281. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +30 -0
  282. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +41 -0
  283. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +35 -0
  284. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +254 -0
  285. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +105 -0
  286. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +100 -0
  287. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +45 -0
  288. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +558 -0
  289. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +145 -0
  290. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +53 -0
  291. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +35 -0
  292. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +133 -0
  293. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +35 -0
  294. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +127 -0
  295. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +65 -0
  296. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +56 -0
  297. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +35 -0
  298. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +266 -0
  299. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +125 -0
  300. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +143 -0
  301. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +55 -0
  302. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +56 -0
  303. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +35 -0
  304. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +66 -0
  305. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +40 -0
  306. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +263 -0
  307. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +100 -0
  308. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +233 -0
  309. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +70 -0
  310. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +56 -0
  311. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +35 -0
  312. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +228 -0
  313. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +80 -0
  314. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +46 -0
  315. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +35 -0
  316. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +59 -0
  317. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +35 -0
  318. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +55 -0
  319. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +35 -0
  320. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +110 -0
  321. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +50 -0
  322. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +113 -0
  323. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +50 -0
  324. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +146 -0
  325. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +55 -0
  326. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +50 -0
  327. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +35 -0
  328. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +190 -0
  329. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +55 -0
  330. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +185 -0
  331. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +65 -0
  332. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +62 -0
  333. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +40 -0
  334. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +97 -0
  335. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +40 -0
  336. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +915 -0
  337. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +280 -0
  338. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +71 -0
  339. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +45 -0
  340. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +64 -0
  341. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +40 -0
  342. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +511 -0
  343. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +115 -0
  344. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +48 -0
  345. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +30 -0
  346. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +166 -0
  347. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +55 -0
  348. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +105 -0
  349. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +45 -0
  350. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +249 -0
  351. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +60 -0
  352. data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.c +72 -0
  353. data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.h +35 -0
  354. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +60 -0
  355. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +35 -0
  356. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +152 -0
  357. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +60 -0
  358. data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +83 -0
  359. data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.h +35 -0
  360. data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +82 -0
  361. data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.h +35 -0
  362. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +83 -0
  363. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +40 -0
  364. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +86 -0
  365. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.h +35 -0
  366. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.c +74 -0
  367. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.h +35 -0
  368. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +64 -0
  369. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +40 -0
  370. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +54 -0
  371. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +35 -0
  372. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +53 -0
  373. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +35 -0
  374. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +73 -0
  375. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +45 -0
  376. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +72 -0
  377. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +40 -0
  378. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +81 -0
  379. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +45 -0
  380. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +92 -0
  381. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +65 -0
  382. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +95 -0
  383. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +55 -0
  384. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +34 -0
  385. data/src/core/ext/{upb-generated/gogoproto/gogo.upb.h → upbdefs-generated/envoy/type/v3/http.upbdefs.h} +10 -9
  386. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +59 -0
  387. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +40 -0
  388. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +54 -0
  389. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +45 -0
  390. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +47 -0
  391. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +35 -0
  392. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +40 -0
  393. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +30 -0
  394. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +61 -0
  395. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +45 -0
  396. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +39 -0
  397. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +35 -0
  398. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +386 -0
  399. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +165 -0
  400. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +40 -0
  401. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +35 -0
  402. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +37 -0
  403. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +35 -0
  404. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +65 -0
  405. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +50 -0
  406. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +40 -0
  407. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +35 -0
  408. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +66 -0
  409. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +75 -0
  410. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +42 -0
  411. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +35 -0
  412. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +70 -0
  413. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +45 -0
  414. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +56 -0
  415. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +35 -0
  416. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +33 -0
  417. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +30 -0
  418. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +49 -0
  419. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +35 -0
  420. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +43 -0
  421. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +35 -0
  422. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +42 -0
  423. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +35 -0
  424. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +62 -0
  425. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +40 -0
  426. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +45 -0
  427. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +40 -0
  428. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +49 -0
  429. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +35 -0
  430. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +68 -0
  431. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +40 -0
  432. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +51 -0
  433. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +35 -0
  434. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +307 -0
  435. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +145 -0
  436. data/src/core/ext/xds/certificate_provider_factory.h +61 -0
  437. data/src/core/ext/xds/certificate_provider_registry.cc +103 -0
  438. data/src/core/ext/xds/certificate_provider_registry.h +57 -0
  439. data/src/core/ext/xds/certificate_provider_store.cc +87 -0
  440. data/src/core/ext/xds/certificate_provider_store.h +112 -0
  441. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +144 -0
  442. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +69 -0
  443. data/src/core/ext/xds/xds_api.cc +687 -767
  444. data/src/core/ext/xds/xds_api.h +207 -98
  445. data/src/core/ext/xds/xds_bootstrap.cc +172 -25
  446. data/src/core/ext/xds/xds_bootstrap.h +23 -8
  447. data/src/core/ext/xds/xds_certificate_provider.cc +299 -0
  448. data/src/core/ext/xds/xds_certificate_provider.h +112 -0
  449. data/src/core/ext/xds/xds_channel_args.h +6 -3
  450. data/src/core/ext/xds/xds_client.cc +617 -494
  451. data/src/core/ext/xds/xds_client.h +118 -58
  452. data/src/core/ext/xds/xds_client_stats.cc +59 -16
  453. data/src/core/ext/xds/xds_client_stats.h +35 -7
  454. data/src/core/ext/xds/xds_server_config_fetcher.cc +131 -0
  455. data/src/core/lib/channel/channel_args.cc +9 -8
  456. data/src/core/lib/channel/channel_args.h +0 -1
  457. data/src/core/lib/channel/channel_trace.cc +4 -2
  458. data/src/core/lib/channel/channel_trace.h +1 -1
  459. data/src/core/lib/channel/channelz.cc +23 -59
  460. data/src/core/lib/channel/channelz.h +13 -22
  461. data/src/core/lib/channel/channelz_registry.cc +12 -11
  462. data/src/core/lib/channel/channelz_registry.h +3 -1
  463. data/src/core/lib/channel/handshaker.cc +2 -2
  464. data/src/core/lib/channel/handshaker.h +2 -2
  465. data/src/core/lib/compression/compression.cc +8 -4
  466. data/src/core/lib/compression/compression_args.cc +3 -2
  467. data/src/core/lib/compression/compression_internal.cc +10 -5
  468. data/src/core/lib/compression/compression_internal.h +2 -1
  469. data/src/core/lib/compression/stream_compression_identity.cc +1 -3
  470. data/src/core/lib/debug/stats.h +2 -2
  471. data/src/core/lib/debug/stats_data.cc +1 -0
  472. data/src/core/lib/debug/stats_data.h +13 -13
  473. data/src/core/lib/gpr/alloc.cc +3 -2
  474. data/src/core/lib/gpr/cpu_iphone.cc +10 -2
  475. data/src/core/lib/gpr/log.cc +53 -16
  476. data/src/core/lib/gpr/log_linux.cc +19 -3
  477. data/src/core/lib/gpr/log_posix.cc +15 -1
  478. data/src/core/lib/gpr/log_windows.cc +18 -4
  479. data/src/core/lib/gpr/murmur_hash.cc +1 -1
  480. data/src/core/lib/gpr/spinlock.h +10 -2
  481. data/src/core/lib/gpr/string.cc +23 -22
  482. data/src/core/lib/gpr/string.h +5 -6
  483. data/src/core/lib/gpr/sync.cc +4 -4
  484. data/src/core/lib/gpr/time.cc +12 -12
  485. data/src/core/lib/gpr/time_precise.cc +5 -2
  486. data/src/core/lib/gpr/time_precise.h +6 -2
  487. data/src/core/lib/gpr/tls.h +4 -0
  488. data/src/core/lib/gpr/tls_msvc.h +2 -0
  489. data/src/core/lib/gpr/tls_stdcpp.h +48 -0
  490. data/src/core/lib/gpr/useful.h +5 -4
  491. data/src/core/lib/gprpp/arena.h +3 -2
  492. data/src/core/lib/gprpp/dual_ref_counted.h +331 -0
  493. data/src/core/lib/gprpp/examine_stack.cc +43 -0
  494. data/src/core/lib/gprpp/examine_stack.h +46 -0
  495. data/src/core/lib/gprpp/fork.cc +2 -2
  496. data/src/core/lib/gprpp/manual_constructor.h +1 -1
  497. data/src/core/lib/gprpp/orphanable.h +4 -8
  498. data/src/core/lib/gprpp/ref_counted.h +91 -68
  499. data/src/core/lib/gprpp/ref_counted_ptr.h +166 -7
  500. data/src/core/lib/{security/authorization/mock_cel/statusor.h → gprpp/stat.h} +13 -25
  501. data/src/core/lib/gprpp/stat_posix.cc +49 -0
  502. data/src/core/lib/gprpp/stat_windows.cc +48 -0
  503. data/src/core/lib/gprpp/thd.h +2 -2
  504. data/src/core/lib/gprpp/thd_posix.cc +42 -37
  505. data/src/core/lib/gprpp/thd_windows.cc +3 -1
  506. data/src/core/lib/http/httpcli.cc +1 -1
  507. data/src/core/lib/http/httpcli.h +2 -3
  508. data/src/core/lib/http/httpcli_security_connector.cc +1 -1
  509. data/src/core/lib/http/parser.cc +47 -27
  510. data/src/core/lib/iomgr/call_combiner.cc +8 -5
  511. data/src/core/lib/iomgr/combiner.cc +2 -1
  512. data/src/core/lib/iomgr/endpoint.h +1 -1
  513. data/src/core/lib/iomgr/endpoint_cfstream.cc +9 -5
  514. data/src/core/lib/iomgr/error.cc +17 -12
  515. data/src/core/lib/iomgr/error_internal.h +1 -1
  516. data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -13
  517. data/src/core/lib/iomgr/ev_epollex_linux.cc +25 -17
  518. data/src/core/lib/iomgr/ev_poll_posix.cc +9 -7
  519. data/src/core/lib/iomgr/exec_ctx.cc +1 -1
  520. data/src/core/lib/iomgr/exec_ctx.h +16 -12
  521. data/src/core/lib/iomgr/executor.cc +2 -1
  522. data/src/core/lib/iomgr/executor.h +1 -1
  523. data/src/core/lib/iomgr/executor/mpmcqueue.h +5 -5
  524. data/src/core/lib/iomgr/executor/threadpool.h +4 -4
  525. data/src/core/lib/iomgr/iomgr.cc +1 -1
  526. data/src/core/lib/iomgr/load_file.h +1 -1
  527. data/src/core/lib/iomgr/lockfree_event.cc +19 -14
  528. data/src/core/lib/iomgr/lockfree_event.h +2 -2
  529. data/src/core/lib/iomgr/parse_address.cc +127 -43
  530. data/src/core/lib/iomgr/parse_address.h +32 -8
  531. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +2 -1
  532. data/src/core/lib/iomgr/poller/eventmanager_libuv.h +1 -1
  533. data/src/core/lib/iomgr/pollset_set_custom.cc +1 -1
  534. data/src/core/lib/iomgr/python_util.h +4 -4
  535. data/src/core/lib/iomgr/resolve_address.cc +4 -4
  536. data/src/core/lib/iomgr/resolve_address_posix.cc +1 -5
  537. data/src/core/lib/iomgr/resource_quota.cc +4 -4
  538. data/src/core/lib/iomgr/sockaddr_utils.cc +10 -10
  539. data/src/core/lib/iomgr/sockaddr_utils.h +1 -1
  540. data/src/core/lib/iomgr/socket_factory_posix.cc +3 -2
  541. data/src/core/lib/iomgr/socket_mutator.cc +3 -2
  542. data/src/core/lib/iomgr/tcp_client.cc +3 -3
  543. data/src/core/lib/iomgr/tcp_client_custom.cc +7 -6
  544. data/src/core/lib/iomgr/tcp_custom.cc +22 -17
  545. data/src/core/lib/iomgr/tcp_posix.cc +12 -8
  546. data/src/core/lib/iomgr/tcp_server_custom.cc +28 -22
  547. data/src/core/lib/iomgr/timer_custom.cc +5 -5
  548. data/src/core/lib/iomgr/timer_generic.cc +3 -3
  549. data/src/core/lib/iomgr/timer_manager.cc +2 -2
  550. data/src/core/lib/iomgr/udp_server.cc +1 -2
  551. data/src/core/lib/iomgr/udp_server.h +1 -2
  552. data/src/core/lib/iomgr/unix_sockets_posix.cc +32 -21
  553. data/src/core/lib/iomgr/unix_sockets_posix.h +5 -0
  554. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +7 -0
  555. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -2
  556. data/src/core/lib/json/json.h +12 -2
  557. data/src/core/lib/json/json_reader.cc +8 -4
  558. data/src/core/lib/json/json_util.cc +58 -0
  559. data/src/core/lib/json/json_util.h +204 -0
  560. data/src/core/lib/json/json_writer.cc +2 -1
  561. data/src/core/lib/security/authorization/evaluate_args.cc +5 -10
  562. data/src/core/lib/security/authorization/evaluate_args.h +1 -1
  563. data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +3 -1
  564. data/src/core/lib/security/authorization/mock_cel/cel_expression.h +5 -4
  565. data/src/core/lib/security/authorization/mock_cel/cel_value.h +4 -0
  566. data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +6 -6
  567. data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +10 -9
  568. data/src/core/lib/security/context/security_context.cc +4 -3
  569. data/src/core/lib/security/context/security_context.h +3 -1
  570. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
  571. data/src/core/lib/security/credentials/credentials.cc +7 -7
  572. data/src/core/lib/security/credentials/credentials.h +3 -3
  573. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +413 -0
  574. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +80 -0
  575. data/src/core/lib/security/credentials/external/aws_request_signer.cc +213 -0
  576. data/src/core/lib/security/credentials/external/aws_request_signer.h +72 -0
  577. data/src/core/lib/security/credentials/external/external_account_credentials.cc +497 -0
  578. data/src/core/lib/security/credentials/external/external_account_credentials.h +120 -0
  579. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +135 -0
  580. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +48 -0
  581. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +213 -0
  582. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +58 -0
  583. data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -1
  584. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +18 -12
  585. data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +64 -0
  586. data/src/core/lib/security/credentials/jwt/json_token.cc +6 -3
  587. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +4 -3
  588. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -4
  589. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +39 -46
  590. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -4
  591. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +1 -1
  592. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +5 -5
  593. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
  594. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +346 -0
  595. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +213 -0
  596. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +399 -0
  597. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +138 -0
  598. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +78 -150
  599. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +57 -187
  600. data/src/core/lib/security/credentials/tls/tls_credentials.cc +16 -12
  601. data/src/core/lib/security/credentials/tls/tls_credentials.h +2 -2
  602. data/src/core/lib/security/credentials/tls/tls_utils.cc +91 -0
  603. data/src/core/lib/security/credentials/tls/tls_utils.h +38 -0
  604. data/src/core/lib/security/credentials/xds/xds_credentials.cc +175 -0
  605. data/src/core/lib/security/credentials/xds/xds_credentials.h +69 -0
  606. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -1
  607. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -13
  608. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +121 -0
  609. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +87 -0
  610. data/src/core/lib/security/security_connector/load_system_roots.h +4 -0
  611. data/src/core/lib/security/security_connector/load_system_roots_linux.h +2 -0
  612. data/src/core/lib/security/security_connector/local/local_security_connector.cc +3 -3
  613. data/src/core/lib/security/security_connector/security_connector.cc +4 -3
  614. data/src/core/lib/security/security_connector/security_connector.h +4 -2
  615. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +4 -4
  616. data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
  617. data/src/core/lib/security/security_connector/ssl_utils.h +19 -19
  618. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +342 -279
  619. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +105 -61
  620. data/src/core/lib/security/transport/secure_endpoint.cc +2 -2
  621. data/src/core/lib/security/transport/security_handshaker.cc +3 -3
  622. data/src/core/lib/security/transport/server_auth_filter.cc +2 -1
  623. data/src/core/lib/security/util/json_util.h +1 -0
  624. data/src/core/lib/slice/slice.cc +7 -4
  625. data/src/core/lib/slice/slice_buffer.cc +2 -1
  626. data/src/core/lib/slice/slice_intern.cc +6 -7
  627. data/src/core/lib/slice/slice_internal.h +2 -2
  628. data/src/core/lib/surface/call.cc +41 -32
  629. data/src/core/lib/surface/call_details.cc +8 -8
  630. data/src/core/lib/surface/channel.cc +25 -41
  631. data/src/core/lib/surface/channel.h +9 -3
  632. data/src/core/lib/surface/channel_init.cc +1 -1
  633. data/src/core/lib/surface/completion_queue.cc +30 -24
  634. data/src/core/lib/surface/completion_queue.h +16 -16
  635. data/src/core/lib/surface/init.cc +32 -14
  636. data/src/core/lib/surface/lame_client.cc +20 -46
  637. data/src/core/lib/surface/lame_client.h +4 -0
  638. data/src/core/lib/surface/server.cc +63 -17
  639. data/src/core/lib/surface/server.h +39 -7
  640. data/src/core/lib/surface/validate_metadata.h +3 -0
  641. data/src/core/lib/surface/version.cc +2 -2
  642. data/src/core/lib/transport/authority_override.cc +6 -4
  643. data/src/core/lib/transport/authority_override.h +7 -2
  644. data/src/core/lib/transport/bdp_estimator.cc +1 -1
  645. data/src/core/lib/transport/bdp_estimator.h +2 -1
  646. data/src/core/lib/transport/byte_stream.h +3 -3
  647. data/src/core/lib/transport/connectivity_state.h +11 -9
  648. data/src/core/lib/transport/error_utils.h +1 -1
  649. data/src/core/lib/transport/metadata.cc +11 -1
  650. data/src/core/lib/transport/metadata.h +2 -2
  651. data/src/core/lib/transport/metadata_batch.h +4 -4
  652. data/src/core/lib/transport/static_metadata.cc +1 -1
  653. data/src/core/lib/transport/status_metadata.cc +4 -3
  654. data/src/core/lib/transport/timeout_encoding.cc +4 -4
  655. data/src/core/lib/transport/transport.cc +5 -3
  656. data/src/core/lib/transport/transport.h +8 -8
  657. data/src/core/lib/uri/uri_parser.cc +131 -249
  658. data/src/core/lib/uri/uri_parser.h +57 -21
  659. data/src/core/plugin_registry/grpc_plugin_registry.cc +41 -20
  660. data/src/core/tsi/alts/crypt/gsec.cc +5 -4
  661. data/src/core/tsi/alts/frame_protector/frame_handler.cc +8 -6
  662. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
  663. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +27 -26
  664. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +8 -6
  665. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +4 -4
  666. data/src/core/tsi/fake_transport_security.cc +6 -3
  667. data/src/core/tsi/local_transport_security.cc +5 -1
  668. data/src/core/tsi/local_transport_security.h +6 -7
  669. data/src/core/tsi/ssl/session_cache/ssl_session.h +3 -0
  670. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
  671. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -1
  672. data/src/core/tsi/ssl_transport_security.cc +78 -58
  673. data/src/core/tsi/ssl_transport_security.h +9 -6
  674. data/src/core/tsi/transport_security.cc +10 -8
  675. data/src/core/tsi/transport_security_interface.h +1 -1
  676. data/src/ruby/ext/grpc/extconf.rb +1 -1
  677. data/src/ruby/ext/grpc/rb_event_thread.c +2 -0
  678. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +36 -16
  679. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +70 -40
  680. data/src/ruby/lib/grpc/version.rb +1 -1
  681. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +28 -0
  682. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +18 -0
  683. data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -6
  684. data/third_party/abseil-cpp/absl/algorithm/container.h +59 -22
  685. data/third_party/abseil-cpp/absl/base/attributes.h +99 -38
  686. data/third_party/abseil-cpp/absl/base/call_once.h +1 -1
  687. data/third_party/abseil-cpp/absl/base/casts.h +9 -6
  688. data/third_party/abseil-cpp/absl/base/config.h +60 -17
  689. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +428 -335
  690. data/third_party/abseil-cpp/absl/base/internal/bits.h +17 -16
  691. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +5 -0
  692. data/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h +398 -0
  693. data/third_party/abseil-cpp/absl/base/internal/invoke.h +4 -4
  694. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
  695. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +29 -1
  696. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +2 -2
  697. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +7 -5
  698. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +25 -38
  699. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +19 -25
  700. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +8 -0
  701. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +28 -5
  702. data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +8 -0
  703. data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +3 -1
  704. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +2 -2
  705. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -3
  706. data/third_party/abseil-cpp/absl/base/macros.h +36 -109
  707. data/third_party/abseil-cpp/absl/base/optimization.h +61 -1
  708. data/third_party/abseil-cpp/absl/base/options.h +31 -4
  709. data/third_party/abseil-cpp/absl/base/policy_checks.h +1 -1
  710. data/third_party/abseil-cpp/absl/base/thread_annotations.h +94 -39
  711. data/third_party/abseil-cpp/absl/container/fixed_array.h +42 -25
  712. data/third_party/abseil-cpp/absl/container/flat_hash_map.h +606 -0
  713. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +2 -1
  714. data/third_party/abseil-cpp/absl/container/inlined_vector.h +33 -36
  715. data/third_party/abseil-cpp/absl/container/internal/common.h +6 -2
  716. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +33 -8
  717. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +49 -29
  718. data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +15 -0
  719. data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +24 -7
  720. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +2 -1
  721. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +35 -11
  722. data/third_party/abseil-cpp/absl/container/internal/have_sse.h +10 -9
  723. data/third_party/abseil-cpp/absl/container/internal/layout.h +7 -5
  724. data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +197 -0
  725. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +55 -34
  726. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +5 -4
  727. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +66 -16
  728. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +4 -0
  729. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +13 -4
  730. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +43 -24
  731. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +12 -3
  732. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +10 -2
  733. data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +22 -1
  734. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +0 -21
  735. data/third_party/abseil-cpp/absl/debugging/symbolize.cc +12 -1
  736. data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +101 -0
  737. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +100 -20
  738. data/third_party/abseil-cpp/absl/functional/bind_front.h +184 -0
  739. data/third_party/abseil-cpp/absl/functional/function_ref.h +1 -1
  740. data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +95 -0
  741. data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +2 -2
  742. data/third_party/abseil-cpp/absl/hash/hash.h +6 -5
  743. data/third_party/abseil-cpp/absl/hash/internal/hash.h +73 -65
  744. data/third_party/abseil-cpp/absl/memory/memory.h +4 -0
  745. data/third_party/abseil-cpp/absl/meta/type_traits.h +2 -8
  746. data/third_party/abseil-cpp/absl/numeric/int128.cc +13 -27
  747. data/third_party/abseil-cpp/absl/numeric/int128.h +16 -15
  748. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +51 -0
  749. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +399 -0
  750. data/third_party/abseil-cpp/absl/status/status.cc +4 -6
  751. data/third_party/abseil-cpp/absl/status/status.h +502 -113
  752. data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +5 -10
  753. data/third_party/abseil-cpp/absl/status/statusor.cc +71 -0
  754. data/third_party/abseil-cpp/absl/status/statusor.h +760 -0
  755. data/third_party/abseil-cpp/absl/strings/charconv.cc +2 -2
  756. data/third_party/abseil-cpp/absl/strings/cord.cc +91 -112
  757. data/third_party/abseil-cpp/absl/strings/cord.h +360 -205
  758. data/third_party/abseil-cpp/absl/strings/escaping.cc +9 -9
  759. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +1 -1
  760. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
  761. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +2 -2
  762. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
  763. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +45 -23
  764. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +222 -136
  765. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +136 -64
  766. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +1 -1
  767. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +14 -21
  768. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +7 -14
  769. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +31 -7
  770. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +147 -135
  771. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +999 -87
  772. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +3 -3
  773. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +4 -12
  774. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +8 -6
  775. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +13 -11
  776. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -2
  777. data/third_party/abseil-cpp/absl/strings/str_cat.cc +4 -4
  778. data/third_party/abseil-cpp/absl/strings/str_cat.h +1 -1
  779. data/third_party/abseil-cpp/absl/strings/str_format.h +289 -13
  780. data/third_party/abseil-cpp/absl/strings/str_split.cc +2 -2
  781. data/third_party/abseil-cpp/absl/strings/str_split.h +1 -0
  782. data/third_party/abseil-cpp/absl/strings/string_view.h +26 -19
  783. data/third_party/abseil-cpp/absl/strings/substitute.cc +5 -5
  784. data/third_party/abseil-cpp/absl/strings/substitute.h +32 -29
  785. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +3 -3
  786. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +3 -3
  787. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +28 -28
  788. data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +4 -16
  789. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +1 -1
  790. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +8 -0
  791. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -2
  792. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +75 -64
  793. data/third_party/abseil-cpp/absl/synchronization/mutex.h +15 -6
  794. data/third_party/abseil-cpp/absl/time/civil_time.cc +9 -9
  795. data/third_party/abseil-cpp/absl/time/clock.cc +3 -3
  796. data/third_party/abseil-cpp/absl/time/duration.cc +90 -59
  797. data/third_party/abseil-cpp/absl/time/format.cc +43 -36
  798. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +26 -16
  799. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +4 -2
  800. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +1 -1
  801. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +136 -29
  802. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +13 -21
  803. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +1 -1
  804. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +136 -129
  805. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +4 -5
  806. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +8 -7
  807. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +6 -6
  808. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +2 -1
  809. data/third_party/abseil-cpp/absl/time/time.h +15 -16
  810. data/third_party/abseil-cpp/absl/types/internal/variant.h +4 -4
  811. data/third_party/abseil-cpp/absl/types/optional.h +9 -9
  812. data/third_party/abseil-cpp/absl/types/span.h +49 -36
  813. data/third_party/abseil-cpp/absl/utility/utility.h +2 -2
  814. data/third_party/address_sorting/include/address_sorting/address_sorting.h +2 -0
  815. data/third_party/boringssl-with-bazel/err_data.c +469 -463
  816. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +0 -6
  817. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +2 -0
  818. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +9 -43
  819. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +55 -4
  820. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +34 -0
  821. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +4 -0
  822. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +6 -2
  823. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +173 -35
  824. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
  825. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +4 -0
  826. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +30 -10
  827. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +56 -22
  828. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +8 -2
  829. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +98 -11
  830. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +51 -6
  831. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +118 -49
  832. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +267 -95
  833. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +210 -34
  834. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +766 -0
  835. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +3 -3
  836. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +6 -4
  837. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +3 -3
  838. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -1
  839. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +7 -2
  840. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +21 -18
  841. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -1
  842. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +24 -3
  843. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +3 -3
  844. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +67 -67
  845. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +3 -3
  846. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +29 -35
  847. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +13 -2
  848. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +9 -8
  849. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +10 -10
  850. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +2 -2
  851. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +28 -40
  852. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +3 -1
  853. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +1 -4
  854. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +5 -3
  855. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +14 -14
  856. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +7 -3
  857. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +2 -2
  858. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +1 -1
  859. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
  860. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +55 -8
  861. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -1
  862. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +24 -0
  863. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +7 -5
  864. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +0 -1
  865. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +6 -3
  866. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +4 -0
  867. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +6 -0
  868. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +1 -1
  869. data/third_party/boringssl-with-bazel/src/include/openssl/des.h +6 -0
  870. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +12 -0
  871. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +9 -0
  872. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +4 -1
  873. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +3 -0
  874. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +202 -134
  875. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +64 -3
  876. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
  877. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +42 -14
  878. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +188 -78
  879. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +482 -432
  880. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +18 -5
  881. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +35 -0
  882. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +18 -18
  883. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -3
  884. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1 -1
  885. data/third_party/boringssl-with-bazel/src/ssl/internal.h +45 -10
  886. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +42 -1
  887. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +8 -9
  888. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +67 -0
  889. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +11 -14
  890. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +216 -11
  891. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -2
  892. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +57 -19
  893. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +135 -41
  894. data/third_party/upb/third_party/wyhash/wyhash.h +145 -0
  895. data/third_party/upb/upb/decode.c +248 -167
  896. data/third_party/upb/upb/decode.h +20 -1
  897. data/third_party/upb/upb/decode.int.h +163 -0
  898. data/third_party/upb/upb/decode_fast.c +1040 -0
  899. data/third_party/upb/upb/decode_fast.h +126 -0
  900. data/third_party/upb/upb/def.c +2178 -0
  901. data/third_party/upb/upb/def.h +315 -0
  902. data/third_party/upb/upb/def.hpp +439 -0
  903. data/third_party/upb/upb/encode.c +227 -169
  904. data/third_party/upb/upb/encode.h +27 -2
  905. data/third_party/upb/upb/json_decode.c +1443 -0
  906. data/third_party/upb/upb/json_decode.h +23 -0
  907. data/third_party/upb/upb/json_encode.c +713 -0
  908. data/third_party/upb/upb/json_encode.h +36 -0
  909. data/third_party/upb/upb/msg.c +167 -88
  910. data/third_party/upb/upb/msg.h +174 -34
  911. data/third_party/upb/upb/port_def.inc +74 -61
  912. data/third_party/upb/upb/port_undef.inc +3 -7
  913. data/third_party/upb/upb/reflection.c +408 -0
  914. data/third_party/upb/upb/reflection.h +168 -0
  915. data/third_party/upb/upb/table.c +34 -197
  916. data/third_party/upb/upb/table.int.h +14 -5
  917. data/third_party/upb/upb/text_encode.c +421 -0
  918. data/third_party/upb/upb/text_encode.h +38 -0
  919. data/third_party/upb/upb/upb.c +18 -41
  920. data/third_party/upb/upb/upb.h +36 -7
  921. data/third_party/upb/upb/upb.hpp +4 -4
  922. data/third_party/upb/upb/upb.int.h +29 -0
  923. metadata +288 -54
  924. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +0 -946
  925. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +0 -537
  926. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +0 -1141
  927. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +0 -485
  928. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +0 -68
  929. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +0 -354
  930. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +0 -142
  931. data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +0 -17
  932. data/src/core/ext/xds/xds_channel.h +0 -46
  933. data/src/core/ext/xds/xds_channel_secure.cc +0 -103
  934. data/src/core/lib/gprpp/map.h +0 -53
  935. data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +0 -129
  936. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pku.c +0 -110
  937. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_sxnet.c +0 -274
  938. data/third_party/upb/upb/port.c +0 -26
@@ -30,16 +30,20 @@ extern "C" {
30
30
  #endif
31
31
 
32
32
 
33
- // PMBTokens.
34
- //
35
- // PMBTokens is described in https://eprint.iacr.org/2020/072/20200324:214215
36
- // and provides anonymous tokens with private metadata. We implement the
37
- // construction with validity verification, described in appendix H,
38
- // construction 6.
33
+ // For the following cryptographic schemes, we use P-384 instead of our usual
34
+ // choice of P-256. See Appendix I of
35
+ // https://eprint.iacr.org/2020/072/20200324:214215 which describes two attacks
36
+ // which may affect smaller curves. In particular, p-1 for P-256 is smooth,
37
+ // giving a low complexity for the p-1 attack. P-384's p-1 has a 281-bit prime
38
+ // factor,
39
+ // 3055465788140352002733946906144561090641249606160407884365391979704929268480326390471.
40
+ // This lower-bounds the p-1 attack at O(2^140). The p+1 attack is lower-bounded
41
+ // by O(p^(1/3)) or O(2^128), so we do not need to check the smoothness of p+1.
39
42
 
40
- // PMBTOKEN_NONCE_SIZE is the size of nonces used as part of the PMBToken
43
+
44
+ // TRUST_TOKEN_NONCE_SIZE is the size of nonces used as part of the Trust_Token
41
45
  // protocol.
42
- #define PMBTOKEN_NONCE_SIZE 64
46
+ #define TRUST_TOKEN_NONCE_SIZE 64
43
47
 
44
48
  typedef struct {
45
49
  // TODO(https://crbug.com/boringssl/334): These should store |EC_PRECOMP| so
@@ -47,7 +51,7 @@ typedef struct {
47
51
  EC_AFFINE pub0;
48
52
  EC_AFFINE pub1;
49
53
  EC_AFFINE pubs;
50
- } PMBTOKEN_CLIENT_KEY;
54
+ } TRUST_TOKEN_CLIENT_KEY;
51
55
 
52
56
  typedef struct {
53
57
  EC_SCALAR x0;
@@ -62,47 +66,47 @@ typedef struct {
62
66
  EC_PRECOMP pub1_precomp;
63
67
  EC_AFFINE pubs;
64
68
  EC_PRECOMP pubs_precomp;
65
- } PMBTOKEN_ISSUER_KEY;
69
+ } TRUST_TOKEN_ISSUER_KEY;
66
70
 
67
- // PMBTOKEN_PRETOKEN represents the intermediate state a client keeps during a
68
- // PMBToken issuance operation.
71
+ // TRUST_TOKEN_PRETOKEN represents the intermediate state a client keeps during
72
+ // a Trust_Token issuance operation.
69
73
  typedef struct pmb_pretoken_st {
70
- uint8_t t[PMBTOKEN_NONCE_SIZE];
74
+ uint8_t t[TRUST_TOKEN_NONCE_SIZE];
71
75
  EC_SCALAR r;
72
76
  EC_AFFINE Tp;
73
- } PMBTOKEN_PRETOKEN;
77
+ } TRUST_TOKEN_PRETOKEN;
78
+
79
+ // TRUST_TOKEN_PRETOKEN_free releases the memory associated with |token|.
80
+ OPENSSL_EXPORT void TRUST_TOKEN_PRETOKEN_free(TRUST_TOKEN_PRETOKEN *token);
74
81
 
75
- // PMBTOKEN_PRETOKEN_free releases the memory associated with |token|.
76
- OPENSSL_EXPORT void PMBTOKEN_PRETOKEN_free(PMBTOKEN_PRETOKEN *token);
82
+ DEFINE_STACK_OF(TRUST_TOKEN_PRETOKEN)
77
83
 
78
- DEFINE_STACK_OF(PMBTOKEN_PRETOKEN)
84
+
85
+ // PMBTokens.
86
+ //
87
+ // PMBTokens is described in https://eprint.iacr.org/2020/072/20200324:214215
88
+ // and provides anonymous tokens with private metadata. We implement the
89
+ // construction with validity verification, described in appendix H,
90
+ // construction 6.
79
91
 
80
92
  // The following functions implement the corresponding |TRUST_TOKENS_METHOD|
81
93
  // functions for |TRUST_TOKENS_experiment_v1|'s PMBTokens construction which
82
94
  // uses P-384.
83
- //
84
- // We use P-384 instead of our usual choice of P-256. See Appendix I which
85
- // describes two attacks which may affect smaller curves. In particular, p-1 for
86
- // P-256 is smooth, giving a low complexity for the p-1 attack. P-384's p-1 has
87
- // a 281-bit prime factor,
88
- // 3055465788140352002733946906144561090641249606160407884365391979704929268480326390471.
89
- // This lower-bounds the p-1 attack at O(2^140). The p+1 attack is lower-bounded
90
- // by O(p^(1/3)) or O(2^128), so we do not need to check the smoothness of p+1.
91
95
  int pmbtoken_exp1_generate_key(CBB *out_private, CBB *out_public);
92
- int pmbtoken_exp1_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
96
+ int pmbtoken_exp1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
93
97
  const uint8_t *in, size_t len);
94
- int pmbtoken_exp1_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
98
+ int pmbtoken_exp1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
95
99
  const uint8_t *in, size_t len);
96
- STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp1_blind(CBB *cbb, size_t count);
97
- int pmbtoken_exp1_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
100
+ STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp1_blind(CBB *cbb, size_t count);
101
+ int pmbtoken_exp1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
98
102
  size_t num_requested, size_t num_to_issue,
99
103
  uint8_t private_metadata);
100
104
  STACK_OF(TRUST_TOKEN) *
101
- pmbtoken_exp1_unblind(const PMBTOKEN_CLIENT_KEY *key,
102
- const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
105
+ pmbtoken_exp1_unblind(const TRUST_TOKEN_CLIENT_KEY *key,
106
+ const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens,
103
107
  CBS *cbs, size_t count, uint32_t key_id);
104
- int pmbtoken_exp1_read(const PMBTOKEN_ISSUER_KEY *key,
105
- uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
108
+ int pmbtoken_exp1_read(const TRUST_TOKEN_ISSUER_KEY *key,
109
+ uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
106
110
  uint8_t *out_private_metadata, const uint8_t *token,
107
111
  size_t token_len);
108
112
 
@@ -110,6 +114,62 @@ int pmbtoken_exp1_read(const PMBTOKEN_ISSUER_KEY *key,
110
114
  // function is used to confirm H was computed as expected.
111
115
  OPENSSL_EXPORT int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]);
112
116
 
117
+ // The following functions implement the corresponding |TRUST_TOKENS_METHOD|
118
+ // functions for |TRUST_TOKENS_experiment_v2|'s PMBTokens construction which
119
+ // uses P-384.
120
+ int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public);
121
+ int pmbtoken_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
122
+ const uint8_t *in, size_t len);
123
+ int pmbtoken_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
124
+ const uint8_t *in, size_t len);
125
+ STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count);
126
+ int pmbtoken_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
127
+ size_t num_requested, size_t num_to_issue,
128
+ uint8_t private_metadata);
129
+ STACK_OF(TRUST_TOKEN) *
130
+ pmbtoken_exp2_unblind(const TRUST_TOKEN_CLIENT_KEY *key,
131
+ const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens,
132
+ CBS *cbs, size_t count, uint32_t key_id);
133
+ int pmbtoken_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
134
+ uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
135
+ uint8_t *out_private_metadata, const uint8_t *token,
136
+ size_t token_len);
137
+
138
+ // pmbtoken_exp2_get_h_for_testing returns H in uncompressed coordinates. This
139
+ // function is used to confirm H was computed as expected.
140
+ OPENSSL_EXPORT int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]);
141
+
142
+
143
+ // VOPRF.
144
+ //
145
+ // VOPRFs are described in https://tools.ietf.org/html/draft-irtf-cfrg-voprf-04
146
+ // and provide anonymous tokens. This implementation uses TrustToken DSTs and
147
+ // the DLEQ batching primitive from
148
+ // https://eprint.iacr.org/2020/072/20200324:214215.
149
+ // VOPRF only uses the |pub|' field of the TRUST_TOKEN_CLIENT_KEY and
150
+ // |xs|/|pubs| fields of the TRUST_TOKEN_ISSUER_KEY.
151
+
152
+ // The following functions implement the corresponding |TRUST_TOKENS_METHOD|
153
+ // functions for |TRUST_TOKENS_experiment_v2|'s VOPRF construction which uses
154
+ // P-384.
155
+ int voprf_exp2_generate_key(CBB *out_private, CBB *out_public);
156
+ int voprf_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
157
+ const uint8_t *in, size_t len);
158
+ int voprf_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
159
+ const uint8_t *in, size_t len);
160
+ STACK_OF(TRUST_TOKEN_PRETOKEN) * voprf_exp2_blind(CBB *cbb, size_t count);
161
+ int voprf_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
162
+ size_t num_requested, size_t num_to_issue,
163
+ uint8_t private_metadata);
164
+ STACK_OF(TRUST_TOKEN) *
165
+ voprf_exp2_unblind(const TRUST_TOKEN_CLIENT_KEY *key,
166
+ const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens,
167
+ CBS *cbs, size_t count, uint32_t key_id);
168
+ int voprf_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
169
+ uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
170
+ uint8_t *out_private_metadata, const uint8_t *token,
171
+ size_t token_len);
172
+
113
173
 
114
174
  // Trust Tokens internals.
115
175
 
@@ -122,23 +182,23 @@ struct trust_token_method_st {
122
182
  // client_key_from_bytes decodes a client key from |in| and sets |key|
123
183
  // to the resulting key. It returns one on success and zero
124
184
  // on failure.
125
- int (*client_key_from_bytes)(PMBTOKEN_CLIENT_KEY *key, const uint8_t *in,
185
+ int (*client_key_from_bytes)(TRUST_TOKEN_CLIENT_KEY *key, const uint8_t *in,
126
186
  size_t len);
127
187
 
128
188
  // issuer_key_from_bytes decodes a issuer key from |in| and sets |key|
129
189
  // to the resulting key. It returns one on success and zero
130
190
  // on failure.
131
- int (*issuer_key_from_bytes)(PMBTOKEN_ISSUER_KEY *key, const uint8_t *in,
191
+ int (*issuer_key_from_bytes)(TRUST_TOKEN_ISSUER_KEY *key, const uint8_t *in,
132
192
  size_t len);
133
193
 
134
194
  // blind generates a new issuance request for |count| tokens. On
135
- // success, it returns a newly-allocated |STACK_OF(PMBTOKEN_PRETOKEN)| and
195
+ // success, it returns a newly-allocated |STACK_OF(TRUST_TOKEN_PRETOKEN)| and
136
196
  // writes a request to the issuer to |cbb|. On failure, it returns NULL. The
137
- // |STACK_OF(PMBTOKEN_PRETOKEN)|s should be passed to |pmbtoken_unblind| when
197
+ // |STACK_OF(TRUST_TOKEN_PRETOKEN)|s should be passed to |pmbtoken_unblind| when
138
198
  // the server responds.
139
199
  //
140
200
  // This function implements the AT.Usr0 operation.
141
- STACK_OF(PMBTOKEN_PRETOKEN) *(*blind)(CBB *cbb, size_t count);
201
+ STACK_OF(TRUST_TOKEN_PRETOKEN) * (*blind)(CBB *cbb, size_t count);
142
202
 
143
203
  // sign parses a request for |num_requested| tokens from |cbs| and
144
204
  // issues |num_to_issue| tokens with |key| and a private metadata value of
@@ -146,7 +206,7 @@ struct trust_token_method_st {
146
206
  // success and zero on failure.
147
207
  //
148
208
  // This function implements the AT.Sig operation.
149
- int (*sign)(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
209
+ int (*sign)(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
150
210
  size_t num_requested, size_t num_to_issue,
151
211
  uint8_t private_metadata);
152
212
 
@@ -159,8 +219,8 @@ struct trust_token_method_st {
159
219
  //
160
220
  // This function implements the AT.Usr1 operation.
161
221
  STACK_OF(TRUST_TOKEN) *
162
- (*unblind)(const PMBTOKEN_CLIENT_KEY *key,
163
- const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens, CBS *cbs,
222
+ (*unblind)(const TRUST_TOKEN_CLIENT_KEY *key,
223
+ const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens, CBS *cbs,
164
224
  size_t count, uint32_t key_id);
165
225
 
166
226
  // read parses a PMBToken from |token| and verifies it using |key|. On
@@ -168,23 +228,32 @@ struct trust_token_method_st {
168
228
  // |out_nonce| and |*out_private_metadata|. Otherwise, it returns zero. Note
169
229
  // that, unlike the output of |unblind|, |token| does not have a
170
230
  // four-byte key ID prepended.
171
- int (*read)(const PMBTOKEN_ISSUER_KEY *key,
172
- uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
231
+ int (*read)(const TRUST_TOKEN_ISSUER_KEY *key,
232
+ uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
173
233
  uint8_t *out_private_metadata, const uint8_t *token,
174
234
  size_t token_len);
235
+
236
+ // whether the construction supports private metadata.
237
+ int has_private_metadata;
238
+
239
+ // max keys that can be configured.
240
+ size_t max_keys;
241
+
242
+ // whether the SRR is part of the protocol.
243
+ int has_srr;
175
244
  };
176
245
 
177
246
  // Structure representing a single Trust Token public key with the specified ID.
178
247
  struct trust_token_client_key_st {
179
248
  uint32_t id;
180
- PMBTOKEN_CLIENT_KEY key;
249
+ TRUST_TOKEN_CLIENT_KEY key;
181
250
  };
182
251
 
183
252
  // Structure representing a single Trust Token private key with the specified
184
253
  // ID.
185
254
  struct trust_token_issuer_key_st {
186
255
  uint32_t id;
187
- PMBTOKEN_ISSUER_KEY key;
256
+ TRUST_TOKEN_ISSUER_KEY key;
188
257
  };
189
258
 
190
259
  struct trust_token_client_st {
@@ -195,13 +264,13 @@ struct trust_token_client_st {
195
264
 
196
265
  // keys is the set of public keys that are supported by the client for
197
266
  // issuance/redemptions.
198
- struct trust_token_client_key_st keys[3];
267
+ struct trust_token_client_key_st keys[6];
199
268
 
200
269
  // num_keys is the number of keys currently configured.
201
270
  size_t num_keys;
202
271
 
203
272
  // pretokens is the intermediate state during an active issuance.
204
- STACK_OF(PMBTOKEN_PRETOKEN)* pretokens;
273
+ STACK_OF(TRUST_TOKEN_PRETOKEN)* pretokens;
205
274
 
206
275
  // srr_key is the public key used to verify the signature of the SRR.
207
276
  EVP_PKEY *srr_key;
@@ -217,7 +286,7 @@ struct trust_token_issuer_st {
217
286
  // keys is the set of private keys that are supported by the issuer for
218
287
  // issuance/redemptions. The public metadata is an index into this list of
219
288
  // keys.
220
- struct trust_token_issuer_key_st keys[3];
289
+ struct trust_token_issuer_key_st keys[6];
221
290
 
222
291
  // num_keys is the number of keys currently configured.
223
292
  size_t num_keys;
@@ -239,7 +308,7 @@ extern "C++" {
239
308
 
240
309
  BSSL_NAMESPACE_BEGIN
241
310
 
242
- BORINGSSL_MAKE_DELETER(PMBTOKEN_PRETOKEN, PMBTOKEN_PRETOKEN_free)
311
+ BORINGSSL_MAKE_DELETER(TRUST_TOKEN_PRETOKEN, TRUST_TOKEN_PRETOKEN_free)
243
312
 
244
313
  BSSL_NAMESPACE_END
245
314
 
@@ -31,10 +31,10 @@
31
31
 
32
32
 
33
33
  typedef int (*hash_t_func_t)(const EC_GROUP *group, EC_RAW_POINT *out,
34
- const uint8_t t[PMBTOKEN_NONCE_SIZE]);
34
+ const uint8_t t[TRUST_TOKEN_NONCE_SIZE]);
35
35
  typedef int (*hash_s_func_t)(const EC_GROUP *group, EC_RAW_POINT *out,
36
36
  const EC_AFFINE *t,
37
- const uint8_t s[PMBTOKEN_NONCE_SIZE]);
37
+ const uint8_t s[TRUST_TOKEN_NONCE_SIZE]);
38
38
  typedef int (*hash_c_func_t)(const EC_GROUP *group, EC_SCALAR *out,
39
39
  uint8_t *buf, size_t len);
40
40
 
@@ -52,6 +52,7 @@ typedef struct {
52
52
  // hash_c implements the H_c operation in PMBTokens. It returns one on success
53
53
  // and zero on error.
54
54
  hash_c_func_t hash_c;
55
+ int prefix_point : 1;
55
56
  } PMBTOKEN_METHOD;
56
57
 
57
58
  static const uint8_t kDefaultAdditionalData[32] = {0};
@@ -59,7 +60,7 @@ static const uint8_t kDefaultAdditionalData[32] = {0};
59
60
  static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
60
61
  const uint8_t *h_bytes, size_t h_len,
61
62
  hash_t_func_t hash_t, hash_s_func_t hash_s,
62
- hash_c_func_t hash_c) {
63
+ hash_c_func_t hash_c, int prefix_point) {
63
64
  method->group = EC_GROUP_new_by_curve_name(curve_nid);
64
65
  if (method->group == NULL) {
65
66
  return 0;
@@ -68,6 +69,7 @@ static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
68
69
  method->hash_t = hash_t;
69
70
  method->hash_s = hash_s;
70
71
  method->hash_c = hash_c;
72
+ method->prefix_point = prefix_point;
71
73
 
72
74
  EC_AFFINE h;
73
75
  if (!ec_point_from_uncompressed(method->group, &h, h_bytes, h_len)) {
@@ -113,11 +115,40 @@ static int point_to_cbb(CBB *out, const EC_GROUP *group,
113
115
  len) == len;
114
116
  }
115
117
 
118
+ static int cbb_add_prefixed_point(CBB *out, const EC_GROUP *group,
119
+ const EC_AFFINE *point, int prefix_point) {
120
+ if (prefix_point) {
121
+ CBB child;
122
+ if (!CBB_add_u16_length_prefixed(out, &child) ||
123
+ !point_to_cbb(&child, group, point) ||
124
+ !CBB_flush(out)) {
125
+ return 0;
126
+ }
127
+ } else {
128
+ if (!point_to_cbb(out, group, point) ||
129
+ !CBB_flush(out)) {
130
+ return 0;
131
+ }
132
+ }
133
+
134
+ return 1;
135
+ }
136
+
116
137
  static int cbs_get_prefixed_point(CBS *cbs, const EC_GROUP *group,
117
- EC_AFFINE *out) {
138
+ EC_AFFINE *out, int prefix_point) {
118
139
  CBS child;
119
- if (!CBS_get_u16_length_prefixed(cbs, &child) ||
120
- !ec_point_from_uncompressed(group, out, CBS_data(&child),
140
+ if (prefix_point) {
141
+ if (!CBS_get_u16_length_prefixed(cbs, &child)) {
142
+ return 0;
143
+ }
144
+ } else {
145
+ size_t plen = 1 + 2 * BN_num_bytes(&group->field);
146
+ if (!CBS_get_bytes(cbs, &child, plen)) {
147
+ return 0;
148
+ }
149
+ }
150
+
151
+ if (!ec_point_from_uncompressed(group, out, CBS_data(&child),
121
152
  CBS_len(&child))) {
122
153
  return 0;
123
154
  }
@@ -134,10 +165,6 @@ static int mul_public_3(const EC_GROUP *group, EC_RAW_POINT *out,
134
165
  scalars, 3);
135
166
  }
136
167
 
137
- void PMBTOKEN_PRETOKEN_free(PMBTOKEN_PRETOKEN *pretoken) {
138
- OPENSSL_free(pretoken);
139
- }
140
-
141
168
  static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
142
169
  CBB *out_private, CBB *out_public) {
143
170
  const EC_GROUP *group = method->group;
@@ -166,16 +193,12 @@ static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
166
193
  return 0;
167
194
  }
168
195
 
169
- // TODO(https://crbug.com/boringssl/331): When updating the key format, remove
170
- // the redundant length prefixes.
171
- CBB child;
172
- if (!CBB_add_u16_length_prefixed(out_public, &child) ||
173
- !point_to_cbb(&child, group, &pub_affine[0]) ||
174
- !CBB_add_u16_length_prefixed(out_public, &child) ||
175
- !point_to_cbb(&child, group, &pub_affine[1]) ||
176
- !CBB_add_u16_length_prefixed(out_public, &child) ||
177
- !point_to_cbb(&child, group, &pub_affine[2]) ||
178
- !CBB_flush(out_public)) {
196
+ if (!cbb_add_prefixed_point(out_public, group, &pub_affine[0],
197
+ method->prefix_point) ||
198
+ !cbb_add_prefixed_point(out_public, group, &pub_affine[1],
199
+ method->prefix_point) ||
200
+ !cbb_add_prefixed_point(out_public, group, &pub_affine[2],
201
+ method->prefix_point)) {
179
202
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BUFFER_TOO_SMALL);
180
203
  return 0;
181
204
  }
@@ -184,15 +207,16 @@ static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
184
207
  }
185
208
 
186
209
  static int pmbtoken_client_key_from_bytes(const PMBTOKEN_METHOD *method,
187
- PMBTOKEN_CLIENT_KEY *key,
210
+ TRUST_TOKEN_CLIENT_KEY *key,
188
211
  const uint8_t *in, size_t len) {
189
- // TODO(https://crbug.com/boringssl/331): When updating the key format, remove
190
- // the redundant length prefixes.
191
212
  CBS cbs;
192
213
  CBS_init(&cbs, in, len);
193
- if (!cbs_get_prefixed_point(&cbs, method->group, &key->pub0) ||
194
- !cbs_get_prefixed_point(&cbs, method->group, &key->pub1) ||
195
- !cbs_get_prefixed_point(&cbs, method->group, &key->pubs) ||
214
+ if (!cbs_get_prefixed_point(&cbs, method->group, &key->pub0,
215
+ method->prefix_point) ||
216
+ !cbs_get_prefixed_point(&cbs, method->group, &key->pub1,
217
+ method->prefix_point) ||
218
+ !cbs_get_prefixed_point(&cbs, method->group, &key->pubs,
219
+ method->prefix_point) ||
196
220
  CBS_len(&cbs) != 0) {
197
221
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
198
222
  return 0;
@@ -202,7 +226,7 @@ static int pmbtoken_client_key_from_bytes(const PMBTOKEN_METHOD *method,
202
226
  }
203
227
 
204
228
  static int pmbtoken_issuer_key_from_bytes(const PMBTOKEN_METHOD *method,
205
- PMBTOKEN_ISSUER_KEY *key,
229
+ TRUST_TOKEN_ISSUER_KEY *key,
206
230
  const uint8_t *in, size_t len) {
207
231
  const EC_GROUP *group = method->group;
208
232
  CBS cbs, tmp;
@@ -241,10 +265,10 @@ static int pmbtoken_issuer_key_from_bytes(const PMBTOKEN_METHOD *method,
241
265
  return 1;
242
266
  }
243
267
 
244
- static STACK_OF(PMBTOKEN_PRETOKEN) *
268
+ static STACK_OF(TRUST_TOKEN_PRETOKEN) *
245
269
  pmbtoken_blind(const PMBTOKEN_METHOD *method, CBB *cbb, size_t count) {
246
270
  const EC_GROUP *group = method->group;
247
- STACK_OF(PMBTOKEN_PRETOKEN) *pretokens = sk_PMBTOKEN_PRETOKEN_new_null();
271
+ STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens = sk_TRUST_TOKEN_PRETOKEN_new_null();
248
272
  if (pretokens == NULL) {
249
273
  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
250
274
  goto err;
@@ -252,11 +276,11 @@ static STACK_OF(PMBTOKEN_PRETOKEN) *
252
276
 
253
277
  for (size_t i = 0; i < count; i++) {
254
278
  // Insert |pretoken| into |pretokens| early to simplify error-handling.
255
- PMBTOKEN_PRETOKEN *pretoken = OPENSSL_malloc(sizeof(PMBTOKEN_PRETOKEN));
279
+ TRUST_TOKEN_PRETOKEN *pretoken = OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN));
256
280
  if (pretoken == NULL ||
257
- !sk_PMBTOKEN_PRETOKEN_push(pretokens, pretoken)) {
281
+ !sk_TRUST_TOKEN_PRETOKEN_push(pretokens, pretoken)) {
258
282
  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
259
- PMBTOKEN_PRETOKEN_free(pretoken);
283
+ TRUST_TOKEN_PRETOKEN_free(pretoken);
260
284
  goto err;
261
285
  }
262
286
 
@@ -282,12 +306,8 @@ static STACK_OF(PMBTOKEN_PRETOKEN) *
282
306
  goto err;
283
307
  }
284
308
 
285
- // TODO(https://crbug.com/boringssl/331): When updating the key format,
286
- // remove the redundant length prefixes.
287
- CBB child;
288
- if (!CBB_add_u16_length_prefixed(cbb, &child) ||
289
- !point_to_cbb(&child, group, &pretoken->Tp) ||
290
- !CBB_flush(cbb)) {
309
+ if (!cbb_add_prefixed_point(cbb, group, &pretoken->Tp,
310
+ method->prefix_point)) {
291
311
  goto err;
292
312
  }
293
313
  }
@@ -295,7 +315,7 @@ static STACK_OF(PMBTOKEN_PRETOKEN) *
295
315
  return pretokens;
296
316
 
297
317
  err:
298
- sk_PMBTOKEN_PRETOKEN_pop_free(pretokens, PMBTOKEN_PRETOKEN_free);
318
+ sk_TRUST_TOKEN_PRETOKEN_pop_free(pretokens, TRUST_TOKEN_PRETOKEN_free);
299
319
  return NULL;
300
320
  }
301
321
 
@@ -431,9 +451,10 @@ err:
431
451
  // DLEQOR2 with only one value (n=1).
432
452
 
433
453
  static int dleq_generate(const PMBTOKEN_METHOD *method, CBB *cbb,
434
- const PMBTOKEN_ISSUER_KEY *priv, const EC_RAW_POINT *T,
435
- const EC_RAW_POINT *S, const EC_RAW_POINT *W,
436
- const EC_RAW_POINT *Ws, uint8_t private_metadata) {
454
+ const TRUST_TOKEN_ISSUER_KEY *priv,
455
+ const EC_RAW_POINT *T, const EC_RAW_POINT *S,
456
+ const EC_RAW_POINT *W, const EC_RAW_POINT *Ws,
457
+ uint8_t private_metadata) {
437
458
  const EC_GROUP *group = method->group;
438
459
 
439
460
  // We generate a DLEQ proof for the validity token and a DLEQOR2 proof for the
@@ -592,7 +613,7 @@ static int dleq_generate(const PMBTOKEN_METHOD *method, CBB *cbb,
592
613
  }
593
614
 
594
615
  static int dleq_verify(const PMBTOKEN_METHOD *method, CBS *cbs,
595
- const PMBTOKEN_CLIENT_KEY *pub, const EC_RAW_POINT *T,
616
+ const TRUST_TOKEN_CLIENT_KEY *pub, const EC_RAW_POINT *T,
596
617
  const EC_RAW_POINT *S, const EC_RAW_POINT *W,
597
618
  const EC_RAW_POINT *Ws) {
598
619
  const EC_GROUP *group = method->group;
@@ -711,7 +732,7 @@ static int dleq_verify(const PMBTOKEN_METHOD *method, CBS *cbs,
711
732
  }
712
733
 
713
734
  static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
714
- const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
735
+ const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
715
736
  size_t num_requested, size_t num_to_issue,
716
737
  uint8_t private_metadata) {
717
738
  const EC_GROUP *group = method->group;
@@ -750,7 +771,7 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
750
771
  for (size_t i = 0; i < num_to_issue; i++) {
751
772
  EC_AFFINE Tp_affine;
752
773
  EC_RAW_POINT Tp;
753
- if (!cbs_get_prefixed_point(cbs, group, &Tp_affine)) {
774
+ if (!cbs_get_prefixed_point(cbs, group, &Tp_affine, method->prefix_point)) {
754
775
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
755
776
  goto err;
756
777
  }
@@ -761,25 +782,22 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
761
782
  ec_scalar_select(group, &xb, mask, &key->x1, &key->x0);
762
783
  ec_scalar_select(group, &yb, mask, &key->y1, &key->y0);
763
784
 
764
- uint8_t s[PMBTOKEN_NONCE_SIZE];
765
- RAND_bytes(s, PMBTOKEN_NONCE_SIZE);
785
+ uint8_t s[TRUST_TOKEN_NONCE_SIZE];
786
+ RAND_bytes(s, TRUST_TOKEN_NONCE_SIZE);
766
787
  // The |jacobians| and |affines| contain Sp, Wp, and Wsp.
767
788
  EC_RAW_POINT jacobians[3];
768
789
  EC_AFFINE affines[3];
769
- CBB child;
770
790
  if (!method->hash_s(group, &jacobians[0], &Tp_affine, s) ||
771
791
  !ec_point_mul_scalar_batch(group, &jacobians[1], &Tp, &xb,
772
792
  &jacobians[0], &yb, NULL, NULL) ||
773
793
  !ec_point_mul_scalar_batch(group, &jacobians[2], &Tp, &key->xs,
774
794
  &jacobians[0], &key->ys, NULL, NULL) ||
775
795
  !ec_jacobian_to_affine_batch(group, affines, jacobians, 3) ||
776
- !CBB_add_bytes(cbb, s, PMBTOKEN_NONCE_SIZE) ||
777
- // TODO(https://crbug.com/boringssl/331): When updating the key format,
778
- // remove the redundant length prefixes.
779
- !CBB_add_u16_length_prefixed(cbb, &child) ||
780
- !point_to_cbb(&child, group, &affines[1]) ||
781
- !CBB_add_u16_length_prefixed(cbb, &child) ||
782
- !point_to_cbb(&child, group, &affines[2])) {
796
+ !CBB_add_bytes(cbb, s, TRUST_TOKEN_NONCE_SIZE) ||
797
+ !cbb_add_prefixed_point(cbb, group, &affines[1],
798
+ method->prefix_point) ||
799
+ !cbb_add_prefixed_point(cbb, group, &affines[2],
800
+ method->prefix_point)) {
783
801
  goto err;
784
802
  }
785
803
 
@@ -835,7 +853,11 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
835
853
 
836
854
  // Skip over any unused requests.
837
855
  size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
838
- if (!CBS_skip(cbs, (2 + point_len) * (num_requested - num_to_issue))) {
856
+ size_t token_len = point_len;
857
+ if (method->prefix_point) {
858
+ token_len += 2;
859
+ }
860
+ if (!CBS_skip(cbs, token_len * (num_requested - num_to_issue))) {
839
861
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
840
862
  goto err;
841
863
  }
@@ -854,11 +876,11 @@ err:
854
876
 
855
877
  static STACK_OF(TRUST_TOKEN) *
856
878
  pmbtoken_unblind(const PMBTOKEN_METHOD *method,
857
- const PMBTOKEN_CLIENT_KEY *key,
858
- const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens, CBS *cbs,
879
+ const TRUST_TOKEN_CLIENT_KEY *key,
880
+ const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens, CBS *cbs,
859
881
  size_t count, uint32_t key_id) {
860
882
  const EC_GROUP *group = method->group;
861
- if (count > sk_PMBTOKEN_PRETOKEN_num(pretokens)) {
883
+ if (count > sk_TRUST_TOKEN_PRETOKEN_num(pretokens)) {
862
884
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
863
885
  return NULL;
864
886
  }
@@ -896,14 +918,15 @@ static STACK_OF(TRUST_TOKEN) *
896
918
  }
897
919
 
898
920
  for (size_t i = 0; i < count; i++) {
899
- const PMBTOKEN_PRETOKEN *pretoken =
900
- sk_PMBTOKEN_PRETOKEN_value(pretokens, i);
921
+ const TRUST_TOKEN_PRETOKEN *pretoken =
922
+ sk_TRUST_TOKEN_PRETOKEN_value(pretokens, i);
901
923
 
902
- uint8_t s[PMBTOKEN_NONCE_SIZE];
924
+ uint8_t s[TRUST_TOKEN_NONCE_SIZE];
903
925
  EC_AFFINE Wp_affine, Wsp_affine;
904
- if (!CBS_copy_bytes(cbs, s, PMBTOKEN_NONCE_SIZE) ||
905
- !cbs_get_prefixed_point(cbs, group, &Wp_affine) ||
906
- !cbs_get_prefixed_point(cbs, group, &Wsp_affine)) {
926
+ if (!CBS_copy_bytes(cbs, s, TRUST_TOKEN_NONCE_SIZE) ||
927
+ !cbs_get_prefixed_point(cbs, group, &Wp_affine, method->prefix_point) ||
928
+ !cbs_get_prefixed_point(cbs, group, &Wsp_affine,
929
+ method->prefix_point)) {
907
930
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
908
931
  goto err;
909
932
  }
@@ -937,19 +960,18 @@ static STACK_OF(TRUST_TOKEN) *
937
960
 
938
961
  // Serialize the token. Include |key_id| to avoid an extra copy in the layer
939
962
  // above.
940
- CBB token_cbb, child;
963
+ CBB token_cbb;
941
964
  size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
942
- if (!CBB_init(&token_cbb, 4 + PMBTOKEN_NONCE_SIZE + 3 * (2 + point_len)) ||
965
+ if (!CBB_init(&token_cbb,
966
+ 4 + TRUST_TOKEN_NONCE_SIZE + 3 * (2 + point_len)) ||
943
967
  !CBB_add_u32(&token_cbb, key_id) ||
944
- !CBB_add_bytes(&token_cbb, pretoken->t, PMBTOKEN_NONCE_SIZE) ||
945
- // TODO(https://crbug.com/boringssl/331): When updating the key format,
946
- // remove the redundant length prefixes.
947
- !CBB_add_u16_length_prefixed(&token_cbb, &child) ||
948
- !point_to_cbb(&child, group, &affines[0]) ||
949
- !CBB_add_u16_length_prefixed(&token_cbb, &child) ||
950
- !point_to_cbb(&child, group, &affines[1]) ||
951
- !CBB_add_u16_length_prefixed(&token_cbb, &child) ||
952
- !point_to_cbb(&child, group, &affines[2]) ||
968
+ !CBB_add_bytes(&token_cbb, pretoken->t, TRUST_TOKEN_NONCE_SIZE) ||
969
+ !cbb_add_prefixed_point(&token_cbb, group, &affines[0],
970
+ method->prefix_point) ||
971
+ !cbb_add_prefixed_point(&token_cbb, group, &affines[1],
972
+ method->prefix_point) ||
973
+ !cbb_add_prefixed_point(&token_cbb, group, &affines[2],
974
+ method->prefix_point) ||
953
975
  !CBB_flush(&token_cbb)) {
954
976
  CBB_cleanup(&token_cbb);
955
977
  goto err;
@@ -1012,18 +1034,18 @@ err:
1012
1034
  }
1013
1035
 
1014
1036
  static int pmbtoken_read(const PMBTOKEN_METHOD *method,
1015
- const PMBTOKEN_ISSUER_KEY *key,
1016
- uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
1037
+ const TRUST_TOKEN_ISSUER_KEY *key,
1038
+ uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
1017
1039
  uint8_t *out_private_metadata, const uint8_t *token,
1018
1040
  size_t token_len) {
1019
1041
  const EC_GROUP *group = method->group;
1020
1042
  CBS cbs;
1021
1043
  CBS_init(&cbs, token, token_len);
1022
1044
  EC_AFFINE S, W, Ws;
1023
- if (!CBS_copy_bytes(&cbs, out_nonce, PMBTOKEN_NONCE_SIZE) ||
1024
- !cbs_get_prefixed_point(&cbs, group, &S) ||
1025
- !cbs_get_prefixed_point(&cbs, group, &W) ||
1026
- !cbs_get_prefixed_point(&cbs, group, &Ws) ||
1045
+ if (!CBS_copy_bytes(&cbs, out_nonce, TRUST_TOKEN_NONCE_SIZE) ||
1046
+ !cbs_get_prefixed_point(&cbs, group, &S, method->prefix_point) ||
1047
+ !cbs_get_prefixed_point(&cbs, group, &W, method->prefix_point) ||
1048
+ !cbs_get_prefixed_point(&cbs, group, &Ws, method->prefix_point) ||
1027
1049
  CBS_len(&cbs) != 0) {
1028
1050
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN);
1029
1051
  return 0;
@@ -1079,15 +1101,15 @@ static int pmbtoken_read(const PMBTOKEN_METHOD *method,
1079
1101
  // PMBTokens experiment v1.
1080
1102
 
1081
1103
  static int pmbtoken_exp1_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
1082
- const uint8_t t[PMBTOKEN_NONCE_SIZE]) {
1104
+ const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) {
1083
1105
  const uint8_t kHashTLabel[] = "PMBTokens Experiment V1 HashT";
1084
1106
  return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
1085
- group, out, kHashTLabel, sizeof(kHashTLabel), t, PMBTOKEN_NONCE_SIZE);
1107
+ group, out, kHashTLabel, sizeof(kHashTLabel), t, TRUST_TOKEN_NONCE_SIZE);
1086
1108
  }
1087
1109
 
1088
1110
  static int pmbtoken_exp1_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
1089
1111
  const EC_AFFINE *t,
1090
- const uint8_t s[PMBTOKEN_NONCE_SIZE]) {
1112
+ const uint8_t s[TRUST_TOKEN_NONCE_SIZE]) {
1091
1113
  const uint8_t kHashSLabel[] = "PMBTokens Experiment V1 HashS";
1092
1114
  int ret = 0;
1093
1115
  CBB cbb;
@@ -1095,7 +1117,7 @@ static int pmbtoken_exp1_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
1095
1117
  size_t len;
1096
1118
  if (!CBB_init(&cbb, 0) ||
1097
1119
  !point_to_cbb(&cbb, group, t) ||
1098
- !CBB_add_bytes(&cbb, s, PMBTOKEN_NONCE_SIZE) ||
1120
+ !CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) ||
1099
1121
  !CBB_finish(&cbb, &buf, &len) ||
1100
1122
  !ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
1101
1123
  group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
@@ -1140,7 +1162,7 @@ static void pmbtoken_exp1_init_method_impl(void) {
1140
1162
  pmbtoken_exp1_ok =
1141
1163
  pmbtoken_init_method(&pmbtoken_exp1_method, NID_secp384r1, kH, sizeof(kH),
1142
1164
  pmbtoken_exp1_hash_t, pmbtoken_exp1_hash_s,
1143
- pmbtoken_exp1_hash_c);
1165
+ pmbtoken_exp1_hash_c, 1);
1144
1166
  }
1145
1167
 
1146
1168
  static int pmbtoken_exp1_init_method(void) {
@@ -1160,7 +1182,7 @@ int pmbtoken_exp1_generate_key(CBB *out_private, CBB *out_public) {
1160
1182
  return pmbtoken_generate_key(&pmbtoken_exp1_method, out_private, out_public);
1161
1183
  }
1162
1184
 
1163
- int pmbtoken_exp1_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
1185
+ int pmbtoken_exp1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
1164
1186
  const uint8_t *in, size_t len) {
1165
1187
  if (!pmbtoken_exp1_init_method()) {
1166
1188
  return 0;
@@ -1168,7 +1190,7 @@ int pmbtoken_exp1_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
1168
1190
  return pmbtoken_client_key_from_bytes(&pmbtoken_exp1_method, key, in, len);
1169
1191
  }
1170
1192
 
1171
- int pmbtoken_exp1_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
1193
+ int pmbtoken_exp1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
1172
1194
  const uint8_t *in, size_t len) {
1173
1195
  if (!pmbtoken_exp1_init_method()) {
1174
1196
  return 0;
@@ -1176,14 +1198,14 @@ int pmbtoken_exp1_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
1176
1198
  return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp1_method, key, in, len);
1177
1199
  }
1178
1200
 
1179
- STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp1_blind(CBB *cbb, size_t count) {
1201
+ STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp1_blind(CBB *cbb, size_t count) {
1180
1202
  if (!pmbtoken_exp1_init_method()) {
1181
1203
  return NULL;
1182
1204
  }
1183
1205
  return pmbtoken_blind(&pmbtoken_exp1_method, cbb, count);
1184
1206
  }
1185
1207
 
1186
- int pmbtoken_exp1_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
1208
+ int pmbtoken_exp1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
1187
1209
  size_t num_requested, size_t num_to_issue,
1188
1210
  uint8_t private_metadata) {
1189
1211
  if (!pmbtoken_exp1_init_method()) {
@@ -1194,8 +1216,8 @@ int pmbtoken_exp1_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
1194
1216
  }
1195
1217
 
1196
1218
  STACK_OF(TRUST_TOKEN) *
1197
- pmbtoken_exp1_unblind(const PMBTOKEN_CLIENT_KEY *key,
1198
- const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens,
1219
+ pmbtoken_exp1_unblind(const TRUST_TOKEN_CLIENT_KEY *key,
1220
+ const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens,
1199
1221
  CBS *cbs, size_t count, uint32_t key_id) {
1200
1222
  if (!pmbtoken_exp1_init_method()) {
1201
1223
  return NULL;
@@ -1204,8 +1226,8 @@ STACK_OF(TRUST_TOKEN) *
1204
1226
  key_id);
1205
1227
  }
1206
1228
 
1207
- int pmbtoken_exp1_read(const PMBTOKEN_ISSUER_KEY *key,
1208
- uint8_t out_nonce[PMBTOKEN_NONCE_SIZE],
1229
+ int pmbtoken_exp1_read(const TRUST_TOKEN_ISSUER_KEY *key,
1230
+ uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
1209
1231
  uint8_t *out_private_metadata, const uint8_t *token,
1210
1232
  size_t token_len) {
1211
1233
  if (!pmbtoken_exp1_init_method()) {
@@ -1225,3 +1247,153 @@ int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]) {
1225
1247
  ec_point_to_bytes(pmbtoken_exp1_method.group, &h,
1226
1248
  POINT_CONVERSION_UNCOMPRESSED, out, 97) == 97;
1227
1249
  }
1250
+
1251
+ // PMBTokens experiment v2.
1252
+
1253
+ static int pmbtoken_exp2_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
1254
+ const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) {
1255
+ const uint8_t kHashTLabel[] = "PMBTokens Experiment V2 HashT";
1256
+ return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
1257
+ group, out, kHashTLabel, sizeof(kHashTLabel), t, TRUST_TOKEN_NONCE_SIZE);
1258
+ }
1259
+
1260
+ static int pmbtoken_exp2_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
1261
+ const EC_AFFINE *t,
1262
+ const uint8_t s[TRUST_TOKEN_NONCE_SIZE]) {
1263
+ const uint8_t kHashSLabel[] = "PMBTokens Experiment V2 HashS";
1264
+ int ret = 0;
1265
+ CBB cbb;
1266
+ uint8_t *buf = NULL;
1267
+ size_t len;
1268
+ if (!CBB_init(&cbb, 0) ||
1269
+ !point_to_cbb(&cbb, group, t) ||
1270
+ !CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) ||
1271
+ !CBB_finish(&cbb, &buf, &len) ||
1272
+ !ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
1273
+ group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
1274
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
1275
+ goto err;
1276
+ }
1277
+
1278
+ ret = 1;
1279
+
1280
+ err:
1281
+ OPENSSL_free(buf);
1282
+ CBB_cleanup(&cbb);
1283
+ return ret;
1284
+ }
1285
+
1286
+ static int pmbtoken_exp2_hash_c(const EC_GROUP *group, EC_SCALAR *out,
1287
+ uint8_t *buf, size_t len) {
1288
+ const uint8_t kHashCLabel[] = "PMBTokens Experiment V2 HashC";
1289
+ return ec_hash_to_scalar_p384_xmd_sha512_draft07(
1290
+ group, out, kHashCLabel, sizeof(kHashCLabel), buf, len);
1291
+ }
1292
+
1293
+ static int pmbtoken_exp2_ok = 0;
1294
+ static PMBTOKEN_METHOD pmbtoken_exp2_method;
1295
+ static CRYPTO_once_t pmbtoken_exp2_method_once = CRYPTO_ONCE_INIT;
1296
+
1297
+ static void pmbtoken_exp2_init_method_impl(void) {
1298
+ // This is the output of |ec_hash_to_scalar_p384_xmd_sha512_draft07| with DST
1299
+ // "PMBTokens Experiment V2 HashH" and message "generator".
1300
+ static const uint8_t kH[] = {
1301
+ 0x04, 0xbc, 0x27, 0x24, 0x99, 0xfa, 0xc9, 0xa4, 0x74, 0x6f, 0xf9,
1302
+ 0x07, 0x81, 0x55, 0xf8, 0x1f, 0x6f, 0xda, 0x09, 0xe7, 0x8c, 0x5d,
1303
+ 0x9e, 0x4e, 0x14, 0x7c, 0x53, 0x14, 0xbc, 0x7e, 0x29, 0x57, 0x92,
1304
+ 0x17, 0x94, 0x6e, 0xd2, 0xdf, 0xa5, 0x31, 0x1b, 0x4e, 0xb7, 0xfc,
1305
+ 0x93, 0xe3, 0x6e, 0x14, 0x1f, 0x4f, 0x14, 0xf3, 0xe5, 0x47, 0x61,
1306
+ 0x1c, 0x2c, 0x72, 0x25, 0xf0, 0x4a, 0x45, 0x23, 0x2d, 0x57, 0x93,
1307
+ 0x0e, 0xb2, 0x55, 0xb8, 0x57, 0x25, 0x4c, 0x1e, 0xdb, 0xfd, 0x58,
1308
+ 0x70, 0x17, 0x9a, 0xbb, 0x9e, 0x5e, 0x93, 0x9e, 0x92, 0xd3, 0xe8,
1309
+ 0x25, 0x62, 0xbf, 0x59, 0xb2, 0xd2, 0x3d, 0x71, 0xff
1310
+ };
1311
+
1312
+ pmbtoken_exp2_ok =
1313
+ pmbtoken_init_method(&pmbtoken_exp2_method, NID_secp384r1, kH, sizeof(kH),
1314
+ pmbtoken_exp2_hash_t, pmbtoken_exp2_hash_s,
1315
+ pmbtoken_exp2_hash_c, 0);
1316
+ }
1317
+
1318
+ static int pmbtoken_exp2_init_method(void) {
1319
+ CRYPTO_once(&pmbtoken_exp2_method_once, pmbtoken_exp2_init_method_impl);
1320
+ if (!pmbtoken_exp2_ok) {
1321
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
1322
+ return 0;
1323
+ }
1324
+ return 1;
1325
+ }
1326
+
1327
+ int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public) {
1328
+ if (!pmbtoken_exp2_init_method()) {
1329
+ return 0;
1330
+ }
1331
+
1332
+ return pmbtoken_generate_key(&pmbtoken_exp2_method, out_private, out_public);
1333
+ }
1334
+
1335
+ int pmbtoken_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
1336
+ const uint8_t *in, size_t len) {
1337
+ if (!pmbtoken_exp2_init_method()) {
1338
+ return 0;
1339
+ }
1340
+ return pmbtoken_client_key_from_bytes(&pmbtoken_exp2_method, key, in, len);
1341
+ }
1342
+
1343
+ int pmbtoken_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
1344
+ const uint8_t *in, size_t len) {
1345
+ if (!pmbtoken_exp2_init_method()) {
1346
+ return 0;
1347
+ }
1348
+ return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp2_method, key, in, len);
1349
+ }
1350
+
1351
+ STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count) {
1352
+ if (!pmbtoken_exp2_init_method()) {
1353
+ return NULL;
1354
+ }
1355
+ return pmbtoken_blind(&pmbtoken_exp2_method, cbb, count);
1356
+ }
1357
+
1358
+ int pmbtoken_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
1359
+ size_t num_requested, size_t num_to_issue,
1360
+ uint8_t private_metadata) {
1361
+ if (!pmbtoken_exp2_init_method()) {
1362
+ return 0;
1363
+ }
1364
+ return pmbtoken_sign(&pmbtoken_exp2_method, key, cbb, cbs, num_requested,
1365
+ num_to_issue, private_metadata);
1366
+ }
1367
+
1368
+ STACK_OF(TRUST_TOKEN) *
1369
+ pmbtoken_exp2_unblind(const TRUST_TOKEN_CLIENT_KEY *key,
1370
+ const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens,
1371
+ CBS *cbs, size_t count, uint32_t key_id) {
1372
+ if (!pmbtoken_exp2_init_method()) {
1373
+ return NULL;
1374
+ }
1375
+ return pmbtoken_unblind(&pmbtoken_exp2_method, key, pretokens, cbs, count,
1376
+ key_id);
1377
+ }
1378
+
1379
+ int pmbtoken_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
1380
+ uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
1381
+ uint8_t *out_private_metadata, const uint8_t *token,
1382
+ size_t token_len) {
1383
+ if (!pmbtoken_exp2_init_method()) {
1384
+ return 0;
1385
+ }
1386
+ return pmbtoken_read(&pmbtoken_exp2_method, key, out_nonce,
1387
+ out_private_metadata, token, token_len);
1388
+ }
1389
+
1390
+ int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]) {
1391
+ if (!pmbtoken_exp2_init_method()) {
1392
+ return 0;
1393
+ }
1394
+ EC_AFFINE h;
1395
+ return ec_jacobian_to_affine(pmbtoken_exp2_method.group, &h,
1396
+ &pmbtoken_exp2_method.h) &&
1397
+ ec_point_to_bytes(pmbtoken_exp2_method.group, &h,
1398
+ POINT_CONVERSION_UNCOMPRESSED, out, 97) == 97;
1399
+ }