grpc 1.33.0.pre1 → 1.34.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +342 -134
- data/include/grpc/grpc.h +1 -2
- data/include/grpc/grpc_security.h +149 -172
- data/include/grpc/impl/codegen/grpc_types.h +9 -2
- data/include/grpc/impl/codegen/port_platform.h +22 -55
- data/src/core/ext/filters/client_channel/client_channel.cc +11 -34
- data/src/core/ext/filters/client_channel/config_selector.h +2 -3
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +4 -1
- data/src/core/ext/filters/client_channel/health/health_check_client.h +2 -2
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.cc +5 -1
- data/src/core/ext/filters/client_channel/lb_policy.h +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +80 -71
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +3 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +47 -17
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +8 -5
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +16 -243
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +53 -17
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +809 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +20 -25
- data/src/core/ext/filters/client_channel/resolver.cc +3 -1
- data/src/core/ext/filters/client_channel/resolver.h +4 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +20 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +66 -7
- data/src/core/ext/filters/client_channel/resolver_registry.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +13 -25
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +1 -1
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +2 -2
- data/src/core/ext/filters/client_channel/retry_throttle.h +1 -1
- data/src/core/ext/filters/client_channel/server_address.h +0 -4
- data/src/core/ext/filters/client_channel/service_config.cc +3 -1
- data/src/core/ext/filters/client_channel/service_config.h +1 -1
- data/src/core/ext/filters/client_channel/subchannel.cc +18 -15
- data/src/core/ext/filters/client_channel/subchannel.h +2 -2
- data/src/core/ext/filters/client_channel/subchannel_interface.h +7 -15
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +6 -2
- data/src/core/ext/filters/deadline/deadline_filter.cc +83 -77
- data/src/core/ext/filters/deadline/deadline_filter.h +7 -11
- data/src/core/ext/filters/http/client/http_client_filter.cc +1 -1
- data/src/core/ext/filters/http/server/http_server_filter.cc +3 -3
- data/src/core/ext/filters/max_age/max_age_filter.cc +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +17 -3
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +4 -24
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -2
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +12 -8
- data/src/core/ext/transport/chttp2/transport/internal.h +0 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/writing.cc +1 -2
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +38 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +41 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +254 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +105 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +558 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +145 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +133 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +127 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +266 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +125 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +143 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +263 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +233 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +228 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +80 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +110 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +113 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +146 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +190 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +185 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +97 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +915 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +280 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +71 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +511 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +48 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +166 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +105 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +249 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +152 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +83 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +82 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +83 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +86 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.c +74 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +73 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +81 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +92 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +95 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +34 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +47 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +61 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +38 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +386 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +165 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +39 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +37 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +65 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +39 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +75 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +70 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +33 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +43 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +68 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +307 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +145 -0
- data/src/core/ext/xds/certificate_provider_factory.h +7 -5
- data/src/core/ext/xds/certificate_provider_store.cc +84 -0
- data/src/core/ext/xds/certificate_provider_store.h +65 -8
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +119 -0
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +72 -0
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +28 -140
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +6 -4
- data/src/core/ext/xds/xds_api.cc +241 -718
- data/src/core/ext/xds/xds_api.h +50 -9
- data/src/core/ext/xds/xds_bootstrap.cc +172 -25
- data/src/core/ext/xds/xds_bootstrap.h +23 -7
- data/src/core/ext/xds/xds_certificate_provider.cc +240 -0
- data/src/core/ext/xds/xds_certificate_provider.h +74 -0
- data/src/core/ext/xds/xds_client.cc +161 -128
- data/src/core/ext/xds/xds_client.h +12 -11
- data/src/core/ext/xds/xds_client_stats.cc +41 -4
- data/src/core/ext/xds/xds_client_stats.h +2 -2
- data/src/core/lib/channel/channel_args.cc +2 -1
- data/src/core/lib/channel/channel_trace.cc +4 -2
- data/src/core/lib/channel/channelz.h +2 -2
- data/src/core/lib/channel/handshaker.h +2 -2
- data/src/core/lib/compression/compression.cc +8 -4
- data/src/core/lib/compression/compression_internal.cc +10 -5
- data/src/core/lib/compression/compression_internal.h +2 -1
- data/src/core/lib/compression/stream_compression_identity.cc +1 -3
- data/src/core/lib/debug/stats_data.cc +1 -0
- data/src/core/lib/gpr/cpu_iphone.cc +10 -2
- data/src/core/lib/gpr/log_linux.cc +17 -3
- data/src/core/lib/gpr/log_posix.cc +13 -1
- data/src/core/lib/gpr/log_windows.cc +16 -4
- data/src/core/lib/gpr/murmur_hash.cc +1 -1
- data/src/core/lib/gpr/string.cc +1 -1
- data/src/core/lib/gpr/time_precise.cc +3 -2
- data/src/core/lib/gpr/tls.h +4 -0
- data/src/core/lib/gpr/tls_msvc.h +2 -0
- data/src/core/lib/gpr/tls_stdcpp.h +48 -0
- data/src/core/lib/gpr/useful.h +5 -4
- data/src/core/lib/gprpp/dual_ref_counted.h +44 -49
- data/src/core/lib/gprpp/examine_stack.cc +43 -0
- data/src/core/lib/gprpp/examine_stack.h +46 -0
- data/src/core/lib/gprpp/fork.cc +2 -2
- data/src/core/lib/gprpp/manual_constructor.h +1 -1
- data/src/core/lib/gprpp/orphanable.h +4 -8
- data/src/core/lib/gprpp/ref_counted.h +40 -46
- data/src/core/lib/gprpp/ref_counted_ptr.h +9 -11
- data/src/core/lib/{security/authorization/mock_cel/statusor.h → gprpp/stat.h} +13 -25
- data/src/core/lib/gprpp/stat_posix.cc +49 -0
- data/src/core/lib/gprpp/stat_windows.cc +48 -0
- data/src/core/lib/gprpp/thd.h +2 -2
- data/src/core/lib/gprpp/thd_posix.cc +36 -36
- data/src/core/lib/http/parser.cc +46 -25
- data/src/core/lib/iomgr/error.cc +2 -1
- data/src/core/lib/iomgr/ev_epollex_linux.cc +8 -4
- data/src/core/lib/iomgr/exec_ctx.cc +1 -1
- data/src/core/lib/iomgr/executor/mpmcqueue.h +5 -5
- data/src/core/lib/iomgr/executor/threadpool.h +3 -3
- data/src/core/lib/iomgr/parse_address.cc +84 -6
- data/src/core/lib/iomgr/parse_address.h +20 -0
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +2 -1
- data/src/core/lib/iomgr/python_util.h +3 -3
- data/src/core/lib/iomgr/resolve_address_posix.cc +1 -5
- data/src/core/lib/iomgr/tcp_posix.cc +3 -2
- data/src/core/lib/iomgr/timer_custom.cc +2 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +27 -15
- data/src/core/lib/iomgr/unix_sockets_posix.h +5 -0
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +7 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -2
- data/src/core/lib/json/json.h +2 -2
- data/src/core/lib/json/json_reader.cc +8 -4
- data/src/core/lib/json/json_util.h +167 -0
- data/src/core/lib/json/json_writer.cc +2 -1
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +3 -1
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +5 -4
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +4 -0
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +6 -6
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +10 -9
- data/src/core/lib/security/context/security_context.h +3 -1
- data/src/core/lib/security/credentials/credentials.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +3 -3
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +208 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.h +73 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +311 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.h +118 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +136 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +49 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +211 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +59 -0
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +51 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +5 -2
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +4 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -1
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +35 -5
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +12 -8
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +78 -0
- data/src/core/lib/security/{certificate_provider.h → credentials/tls/grpc_tls_certificate_provider.h} +32 -18
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +77 -149
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +58 -187
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +16 -12
- data/src/core/lib/security/credentials/tls/tls_credentials.h +2 -2
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +88 -0
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +70 -0
- data/src/core/lib/security/security_connector/load_system_roots.h +4 -0
- data/src/core/lib/security/security_connector/load_system_roots_linux.h +2 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.h +4 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +4 -2
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +293 -275
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +106 -61
- data/src/core/lib/security/transport/security_handshaker.cc +1 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +2 -1
- data/src/core/lib/security/util/json_util.h +1 -0
- data/src/core/lib/slice/slice.cc +7 -4
- data/src/core/lib/slice/slice_buffer.cc +2 -1
- data/src/core/lib/slice/slice_intern.cc +2 -2
- data/src/core/lib/surface/call.cc +9 -8
- data/src/core/lib/surface/completion_queue.cc +7 -6
- data/src/core/lib/surface/server.cc +4 -2
- data/src/core/lib/surface/server.h +2 -2
- data/src/core/lib/surface/validate_metadata.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/authority_override.h +2 -0
- data/src/core/lib/transport/bdp_estimator.cc +1 -1
- data/src/core/lib/transport/byte_stream.h +3 -3
- data/src/core/lib/transport/connectivity_state.h +3 -3
- data/src/core/lib/transport/metadata.h +2 -2
- data/src/core/lib/transport/timeout_encoding.cc +4 -4
- data/src/core/lib/transport/transport.cc +5 -3
- data/src/core/lib/transport/transport.h +1 -1
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +4 -3
- data/src/core/tsi/fake_transport_security.cc +1 -0
- data/src/core/tsi/local_transport_security.cc +5 -1
- data/src/core/tsi/local_transport_security.h +6 -7
- data/src/core/tsi/ssl/session_cache/ssl_session.h +3 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -1
- data/src/core/tsi/ssl_transport_security.cc +14 -7
- data/src/core/tsi/ssl_transport_security.h +3 -0
- data/src/core/tsi/transport_security.cc +4 -2
- data/src/ruby/ext/grpc/extconf.rb +1 -1
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +22 -14
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +36 -24
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/algorithm/container.h +59 -22
- data/third_party/abseil-cpp/absl/base/attributes.h +99 -38
- data/third_party/abseil-cpp/absl/base/call_once.h +1 -1
- data/third_party/abseil-cpp/absl/base/casts.h +9 -6
- data/third_party/abseil-cpp/absl/base/config.h +60 -17
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +428 -335
- data/third_party/abseil-cpp/absl/base/internal/bits.h +17 -16
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +5 -0
- data/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h +398 -0
- data/third_party/abseil-cpp/absl/base/internal/invoke.h +4 -4
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +29 -1
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +7 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +25 -38
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +19 -25
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +8 -0
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +28 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +8 -0
- data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +3 -1
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +2 -2
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -3
- data/third_party/abseil-cpp/absl/base/macros.h +36 -109
- data/third_party/abseil-cpp/absl/base/optimization.h +61 -1
- data/third_party/abseil-cpp/absl/base/options.h +31 -4
- data/third_party/abseil-cpp/absl/base/policy_checks.h +1 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +94 -39
- data/third_party/abseil-cpp/absl/container/fixed_array.h +42 -25
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +2 -1
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +33 -36
- data/third_party/abseil-cpp/absl/container/internal/common.h +6 -2
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +33 -8
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +49 -29
- data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +15 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +24 -7
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +35 -11
- data/third_party/abseil-cpp/absl/container/internal/have_sse.h +10 -9
- data/third_party/abseil-cpp/absl/container/internal/layout.h +7 -5
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +55 -34
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +5 -4
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +66 -16
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +4 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +13 -4
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +43 -24
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +12 -3
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +10 -2
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +22 -1
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +0 -21
- data/third_party/abseil-cpp/absl/debugging/symbolize.cc +12 -1
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +101 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +100 -20
- data/third_party/abseil-cpp/absl/functional/bind_front.h +184 -0
- data/third_party/abseil-cpp/absl/functional/function_ref.h +1 -1
- data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +95 -0
- data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +2 -2
- data/third_party/abseil-cpp/absl/hash/hash.h +6 -5
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +73 -65
- data/third_party/abseil-cpp/absl/memory/memory.h +4 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +2 -8
- data/third_party/abseil-cpp/absl/numeric/int128.cc +13 -27
- data/third_party/abseil-cpp/absl/numeric/int128.h +16 -15
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +51 -0
- data/third_party/abseil-cpp/absl/status/status.cc +4 -6
- data/third_party/abseil-cpp/absl/status/status.h +502 -113
- data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +5 -10
- data/third_party/abseil-cpp/absl/strings/charconv.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/cord.cc +91 -112
- data/third_party/abseil-cpp/absl/strings/cord.h +360 -205
- data/third_party/abseil-cpp/absl/strings/escaping.cc +9 -9
- data/third_party/abseil-cpp/absl/strings/internal/char_map.h +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +45 -23
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +222 -136
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +136 -64
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +14 -21
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +7 -14
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +31 -7
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +147 -135
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +999 -87
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +3 -3
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +4 -12
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +8 -6
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +13 -11
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -2
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/str_cat.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_format.h +289 -13
- data/third_party/abseil-cpp/absl/strings/str_split.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/str_split.h +1 -0
- data/third_party/abseil-cpp/absl/strings/string_view.h +26 -19
- data/third_party/abseil-cpp/absl/strings/substitute.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/substitute.h +32 -29
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +3 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +3 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +28 -28
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +4 -16
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +1 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +8 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -2
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +75 -64
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +15 -6
- data/third_party/abseil-cpp/absl/time/civil_time.cc +9 -9
- data/third_party/abseil-cpp/absl/time/clock.cc +3 -3
- data/third_party/abseil-cpp/absl/time/duration.cc +90 -59
- data/third_party/abseil-cpp/absl/time/format.cc +43 -36
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +26 -16
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +4 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +136 -29
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +13 -21
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +136 -129
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +4 -5
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +8 -7
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +6 -6
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +2 -1
- data/third_party/abseil-cpp/absl/time/time.h +15 -16
- data/third_party/abseil-cpp/absl/types/internal/variant.h +4 -4
- data/third_party/abseil-cpp/absl/types/optional.h +9 -9
- data/third_party/abseil-cpp/absl/types/span.h +49 -36
- data/third_party/abseil-cpp/absl/utility/utility.h +2 -2
- data/third_party/address_sorting/include/address_sorting/address_sorting.h +2 -0
- data/third_party/boringssl-with-bazel/err_data.c +340 -336
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +173 -35
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +46 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +8 -2
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +90 -63
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +60 -60
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +179 -47
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +766 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +14 -14
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +24 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +7 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +5 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/des.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +202 -134
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +55 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +31 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +435 -394
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +18 -5
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +35 -0
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +36 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +42 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +67 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +11 -14
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +216 -11
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +53 -11
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +133 -39
- data/third_party/upb/upb/def.c +2169 -0
- data/third_party/upb/upb/def.h +330 -0
- data/third_party/upb/upb/def.hpp +525 -0
- data/third_party/upb/upb/reflection.c +391 -0
- data/third_party/upb/upb/reflection.h +168 -0
- data/third_party/upb/upb/text_encode.c +398 -0
- data/third_party/upb/upb/text_encode.h +35 -0
- metadata +227 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds_drop.cc +0 -571
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +0 -129
@@ -30,16 +30,20 @@ extern "C" {
|
|
30
30
|
#endif
|
31
31
|
|
32
32
|
|
33
|
-
//
|
34
|
-
//
|
35
|
-
//
|
36
|
-
//
|
37
|
-
//
|
38
|
-
//
|
33
|
+
// For the following cryptographic schemes, we use P-384 instead of our usual
|
34
|
+
// choice of P-256. See Appendix I of
|
35
|
+
// https://eprint.iacr.org/2020/072/20200324:214215 which describes two attacks
|
36
|
+
// which may affect smaller curves. In particular, p-1 for P-256 is smooth,
|
37
|
+
// giving a low complexity for the p-1 attack. P-384's p-1 has a 281-bit prime
|
38
|
+
// factor,
|
39
|
+
// 3055465788140352002733946906144561090641249606160407884365391979704929268480326390471.
|
40
|
+
// This lower-bounds the p-1 attack at O(2^140). The p+1 attack is lower-bounded
|
41
|
+
// by O(p^(1/3)) or O(2^128), so we do not need to check the smoothness of p+1.
|
42
|
+
|
39
43
|
|
40
|
-
//
|
44
|
+
// TRUST_TOKEN_NONCE_SIZE is the size of nonces used as part of the Trust_Token
|
41
45
|
// protocol.
|
42
|
-
#define
|
46
|
+
#define TRUST_TOKEN_NONCE_SIZE 64
|
43
47
|
|
44
48
|
typedef struct {
|
45
49
|
// TODO(https://crbug.com/boringssl/334): These should store |EC_PRECOMP| so
|
@@ -47,7 +51,7 @@ typedef struct {
|
|
47
51
|
EC_AFFINE pub0;
|
48
52
|
EC_AFFINE pub1;
|
49
53
|
EC_AFFINE pubs;
|
50
|
-
}
|
54
|
+
} TRUST_TOKEN_CLIENT_KEY;
|
51
55
|
|
52
56
|
typedef struct {
|
53
57
|
EC_SCALAR x0;
|
@@ -62,47 +66,47 @@ typedef struct {
|
|
62
66
|
EC_PRECOMP pub1_precomp;
|
63
67
|
EC_AFFINE pubs;
|
64
68
|
EC_PRECOMP pubs_precomp;
|
65
|
-
}
|
69
|
+
} TRUST_TOKEN_ISSUER_KEY;
|
66
70
|
|
67
|
-
//
|
68
|
-
//
|
71
|
+
// TRUST_TOKEN_PRETOKEN represents the intermediate state a client keeps during
|
72
|
+
// a Trust_Token issuance operation.
|
69
73
|
typedef struct pmb_pretoken_st {
|
70
|
-
uint8_t t[
|
74
|
+
uint8_t t[TRUST_TOKEN_NONCE_SIZE];
|
71
75
|
EC_SCALAR r;
|
72
76
|
EC_AFFINE Tp;
|
73
|
-
}
|
77
|
+
} TRUST_TOKEN_PRETOKEN;
|
78
|
+
|
79
|
+
// TRUST_TOKEN_PRETOKEN_free releases the memory associated with |token|.
|
80
|
+
OPENSSL_EXPORT void TRUST_TOKEN_PRETOKEN_free(TRUST_TOKEN_PRETOKEN *token);
|
81
|
+
|
82
|
+
DEFINE_STACK_OF(TRUST_TOKEN_PRETOKEN)
|
74
83
|
|
75
|
-
// PMBTOKEN_PRETOKEN_free releases the memory associated with |token|.
|
76
|
-
OPENSSL_EXPORT void PMBTOKEN_PRETOKEN_free(PMBTOKEN_PRETOKEN *token);
|
77
84
|
|
78
|
-
|
85
|
+
// PMBTokens.
|
86
|
+
//
|
87
|
+
// PMBTokens is described in https://eprint.iacr.org/2020/072/20200324:214215
|
88
|
+
// and provides anonymous tokens with private metadata. We implement the
|
89
|
+
// construction with validity verification, described in appendix H,
|
90
|
+
// construction 6.
|
79
91
|
|
80
92
|
// The following functions implement the corresponding |TRUST_TOKENS_METHOD|
|
81
93
|
// functions for |TRUST_TOKENS_experiment_v1|'s PMBTokens construction which
|
82
94
|
// uses P-384.
|
83
|
-
//
|
84
|
-
// We use P-384 instead of our usual choice of P-256. See Appendix I which
|
85
|
-
// describes two attacks which may affect smaller curves. In particular, p-1 for
|
86
|
-
// P-256 is smooth, giving a low complexity for the p-1 attack. P-384's p-1 has
|
87
|
-
// a 281-bit prime factor,
|
88
|
-
// 3055465788140352002733946906144561090641249606160407884365391979704929268480326390471.
|
89
|
-
// This lower-bounds the p-1 attack at O(2^140). The p+1 attack is lower-bounded
|
90
|
-
// by O(p^(1/3)) or O(2^128), so we do not need to check the smoothness of p+1.
|
91
95
|
int pmbtoken_exp1_generate_key(CBB *out_private, CBB *out_public);
|
92
|
-
int pmbtoken_exp1_client_key_from_bytes(
|
96
|
+
int pmbtoken_exp1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
|
93
97
|
const uint8_t *in, size_t len);
|
94
|
-
int pmbtoken_exp1_issuer_key_from_bytes(
|
98
|
+
int pmbtoken_exp1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
|
95
99
|
const uint8_t *in, size_t len);
|
96
|
-
STACK_OF(
|
97
|
-
int pmbtoken_exp1_sign(const
|
100
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp1_blind(CBB *cbb, size_t count);
|
101
|
+
int pmbtoken_exp1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
98
102
|
size_t num_requested, size_t num_to_issue,
|
99
103
|
uint8_t private_metadata);
|
100
104
|
STACK_OF(TRUST_TOKEN) *
|
101
|
-
pmbtoken_exp1_unblind(const
|
102
|
-
const STACK_OF(
|
105
|
+
pmbtoken_exp1_unblind(const TRUST_TOKEN_CLIENT_KEY *key,
|
106
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens,
|
103
107
|
CBS *cbs, size_t count, uint32_t key_id);
|
104
|
-
int pmbtoken_exp1_read(const
|
105
|
-
uint8_t out_nonce[
|
108
|
+
int pmbtoken_exp1_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
109
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
106
110
|
uint8_t *out_private_metadata, const uint8_t *token,
|
107
111
|
size_t token_len);
|
108
112
|
|
@@ -113,29 +117,21 @@ OPENSSL_EXPORT int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]);
|
|
113
117
|
// The following functions implement the corresponding |TRUST_TOKENS_METHOD|
|
114
118
|
// functions for |TRUST_TOKENS_experiment_v2|'s PMBTokens construction which
|
115
119
|
// uses P-384.
|
116
|
-
//
|
117
|
-
// We use P-384 instead of our usual choice of P-256. See Appendix I which
|
118
|
-
// describes two attacks which may affect smaller curves. In particular, p-1 for
|
119
|
-
// P-256 is smooth, giving a low complexity for the p-1 attack. P-384's p-1 has
|
120
|
-
// a 281-bit prime factor,
|
121
|
-
// 3055465788140352002733946906144561090641249606160407884365391979704929268480326390471.
|
122
|
-
// This lower-bounds the p-1 attack at O(2^140). The p+1 attack is lower-bounded
|
123
|
-
// by O(p^(1/3)) or O(2^128), so we do not need to check the smoothness of p+1.
|
124
120
|
int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public);
|
125
|
-
int pmbtoken_exp2_client_key_from_bytes(
|
121
|
+
int pmbtoken_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
|
126
122
|
const uint8_t *in, size_t len);
|
127
|
-
int pmbtoken_exp2_issuer_key_from_bytes(
|
123
|
+
int pmbtoken_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
|
128
124
|
const uint8_t *in, size_t len);
|
129
|
-
STACK_OF(
|
130
|
-
int pmbtoken_exp2_sign(const
|
125
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count);
|
126
|
+
int pmbtoken_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
131
127
|
size_t num_requested, size_t num_to_issue,
|
132
128
|
uint8_t private_metadata);
|
133
129
|
STACK_OF(TRUST_TOKEN) *
|
134
|
-
pmbtoken_exp2_unblind(const
|
135
|
-
const STACK_OF(
|
130
|
+
pmbtoken_exp2_unblind(const TRUST_TOKEN_CLIENT_KEY *key,
|
131
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens,
|
136
132
|
CBS *cbs, size_t count, uint32_t key_id);
|
137
|
-
int pmbtoken_exp2_read(const
|
138
|
-
uint8_t out_nonce[
|
133
|
+
int pmbtoken_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
134
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
139
135
|
uint8_t *out_private_metadata, const uint8_t *token,
|
140
136
|
size_t token_len);
|
141
137
|
|
@@ -144,6 +140,37 @@ int pmbtoken_exp2_read(const PMBTOKEN_ISSUER_KEY *key,
|
|
144
140
|
OPENSSL_EXPORT int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]);
|
145
141
|
|
146
142
|
|
143
|
+
// VOPRF.
|
144
|
+
//
|
145
|
+
// VOPRFs are described in https://tools.ietf.org/html/draft-irtf-cfrg-voprf-04
|
146
|
+
// and provide anonymous tokens. This implementation uses TrustToken DSTs and
|
147
|
+
// the DLEQ batching primitive from
|
148
|
+
// https://eprint.iacr.org/2020/072/20200324:214215.
|
149
|
+
// VOPRF only uses the |pub|' field of the TRUST_TOKEN_CLIENT_KEY and
|
150
|
+
// |xs|/|pubs| fields of the TRUST_TOKEN_ISSUER_KEY.
|
151
|
+
|
152
|
+
// The following functions implement the corresponding |TRUST_TOKENS_METHOD|
|
153
|
+
// functions for |TRUST_TOKENS_experiment_v2|'s VOPRF construction which uses
|
154
|
+
// P-384.
|
155
|
+
int voprf_exp2_generate_key(CBB *out_private, CBB *out_public);
|
156
|
+
int voprf_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
|
157
|
+
const uint8_t *in, size_t len);
|
158
|
+
int voprf_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
|
159
|
+
const uint8_t *in, size_t len);
|
160
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) * voprf_exp2_blind(CBB *cbb, size_t count);
|
161
|
+
int voprf_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
162
|
+
size_t num_requested, size_t num_to_issue,
|
163
|
+
uint8_t private_metadata);
|
164
|
+
STACK_OF(TRUST_TOKEN) *
|
165
|
+
voprf_exp2_unblind(const TRUST_TOKEN_CLIENT_KEY *key,
|
166
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens,
|
167
|
+
CBS *cbs, size_t count, uint32_t key_id);
|
168
|
+
int voprf_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
169
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
170
|
+
uint8_t *out_private_metadata, const uint8_t *token,
|
171
|
+
size_t token_len);
|
172
|
+
|
173
|
+
|
147
174
|
// Trust Tokens internals.
|
148
175
|
|
149
176
|
struct trust_token_method_st {
|
@@ -155,23 +182,23 @@ struct trust_token_method_st {
|
|
155
182
|
// client_key_from_bytes decodes a client key from |in| and sets |key|
|
156
183
|
// to the resulting key. It returns one on success and zero
|
157
184
|
// on failure.
|
158
|
-
int (*client_key_from_bytes)(
|
185
|
+
int (*client_key_from_bytes)(TRUST_TOKEN_CLIENT_KEY *key, const uint8_t *in,
|
159
186
|
size_t len);
|
160
187
|
|
161
188
|
// issuer_key_from_bytes decodes a issuer key from |in| and sets |key|
|
162
189
|
// to the resulting key. It returns one on success and zero
|
163
190
|
// on failure.
|
164
|
-
int (*issuer_key_from_bytes)(
|
191
|
+
int (*issuer_key_from_bytes)(TRUST_TOKEN_ISSUER_KEY *key, const uint8_t *in,
|
165
192
|
size_t len);
|
166
193
|
|
167
194
|
// blind generates a new issuance request for |count| tokens. On
|
168
|
-
// success, it returns a newly-allocated |STACK_OF(
|
195
|
+
// success, it returns a newly-allocated |STACK_OF(TRUST_TOKEN_PRETOKEN)| and
|
169
196
|
// writes a request to the issuer to |cbb|. On failure, it returns NULL. The
|
170
|
-
// |STACK_OF(
|
197
|
+
// |STACK_OF(TRUST_TOKEN_PRETOKEN)|s should be passed to |pmbtoken_unblind| when
|
171
198
|
// the server responds.
|
172
199
|
//
|
173
200
|
// This function implements the AT.Usr0 operation.
|
174
|
-
STACK_OF(
|
201
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) * (*blind)(CBB *cbb, size_t count);
|
175
202
|
|
176
203
|
// sign parses a request for |num_requested| tokens from |cbs| and
|
177
204
|
// issues |num_to_issue| tokens with |key| and a private metadata value of
|
@@ -179,7 +206,7 @@ struct trust_token_method_st {
|
|
179
206
|
// success and zero on failure.
|
180
207
|
//
|
181
208
|
// This function implements the AT.Sig operation.
|
182
|
-
int (*sign)(const
|
209
|
+
int (*sign)(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
183
210
|
size_t num_requested, size_t num_to_issue,
|
184
211
|
uint8_t private_metadata);
|
185
212
|
|
@@ -192,8 +219,8 @@ struct trust_token_method_st {
|
|
192
219
|
//
|
193
220
|
// This function implements the AT.Usr1 operation.
|
194
221
|
STACK_OF(TRUST_TOKEN) *
|
195
|
-
(*unblind)(const
|
196
|
-
const STACK_OF(
|
222
|
+
(*unblind)(const TRUST_TOKEN_CLIENT_KEY *key,
|
223
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens, CBS *cbs,
|
197
224
|
size_t count, uint32_t key_id);
|
198
225
|
|
199
226
|
// read parses a PMBToken from |token| and verifies it using |key|. On
|
@@ -201,8 +228,8 @@ struct trust_token_method_st {
|
|
201
228
|
// |out_nonce| and |*out_private_metadata|. Otherwise, it returns zero. Note
|
202
229
|
// that, unlike the output of |unblind|, |token| does not have a
|
203
230
|
// four-byte key ID prepended.
|
204
|
-
int (*read)(const
|
205
|
-
uint8_t out_nonce[
|
231
|
+
int (*read)(const TRUST_TOKEN_ISSUER_KEY *key,
|
232
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
206
233
|
uint8_t *out_private_metadata, const uint8_t *token,
|
207
234
|
size_t token_len);
|
208
235
|
|
@@ -219,14 +246,14 @@ struct trust_token_method_st {
|
|
219
246
|
// Structure representing a single Trust Token public key with the specified ID.
|
220
247
|
struct trust_token_client_key_st {
|
221
248
|
uint32_t id;
|
222
|
-
|
249
|
+
TRUST_TOKEN_CLIENT_KEY key;
|
223
250
|
};
|
224
251
|
|
225
252
|
// Structure representing a single Trust Token private key with the specified
|
226
253
|
// ID.
|
227
254
|
struct trust_token_issuer_key_st {
|
228
255
|
uint32_t id;
|
229
|
-
|
256
|
+
TRUST_TOKEN_ISSUER_KEY key;
|
230
257
|
};
|
231
258
|
|
232
259
|
struct trust_token_client_st {
|
@@ -243,7 +270,7 @@ struct trust_token_client_st {
|
|
243
270
|
size_t num_keys;
|
244
271
|
|
245
272
|
// pretokens is the intermediate state during an active issuance.
|
246
|
-
STACK_OF(
|
273
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN)* pretokens;
|
247
274
|
|
248
275
|
// srr_key is the public key used to verify the signature of the SRR.
|
249
276
|
EVP_PKEY *srr_key;
|
@@ -281,7 +308,7 @@ extern "C++" {
|
|
281
308
|
|
282
309
|
BSSL_NAMESPACE_BEGIN
|
283
310
|
|
284
|
-
BORINGSSL_MAKE_DELETER(
|
311
|
+
BORINGSSL_MAKE_DELETER(TRUST_TOKEN_PRETOKEN, TRUST_TOKEN_PRETOKEN_free)
|
285
312
|
|
286
313
|
BSSL_NAMESPACE_END
|
287
314
|
|
@@ -31,10 +31,10 @@
|
|
31
31
|
|
32
32
|
|
33
33
|
typedef int (*hash_t_func_t)(const EC_GROUP *group, EC_RAW_POINT *out,
|
34
|
-
const uint8_t t[
|
34
|
+
const uint8_t t[TRUST_TOKEN_NONCE_SIZE]);
|
35
35
|
typedef int (*hash_s_func_t)(const EC_GROUP *group, EC_RAW_POINT *out,
|
36
36
|
const EC_AFFINE *t,
|
37
|
-
const uint8_t s[
|
37
|
+
const uint8_t s[TRUST_TOKEN_NONCE_SIZE]);
|
38
38
|
typedef int (*hash_c_func_t)(const EC_GROUP *group, EC_SCALAR *out,
|
39
39
|
uint8_t *buf, size_t len);
|
40
40
|
|
@@ -165,10 +165,6 @@ static int mul_public_3(const EC_GROUP *group, EC_RAW_POINT *out,
|
|
165
165
|
scalars, 3);
|
166
166
|
}
|
167
167
|
|
168
|
-
void PMBTOKEN_PRETOKEN_free(PMBTOKEN_PRETOKEN *pretoken) {
|
169
|
-
OPENSSL_free(pretoken);
|
170
|
-
}
|
171
|
-
|
172
168
|
static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
|
173
169
|
CBB *out_private, CBB *out_public) {
|
174
170
|
const EC_GROUP *group = method->group;
|
@@ -211,7 +207,7 @@ static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
|
|
211
207
|
}
|
212
208
|
|
213
209
|
static int pmbtoken_client_key_from_bytes(const PMBTOKEN_METHOD *method,
|
214
|
-
|
210
|
+
TRUST_TOKEN_CLIENT_KEY *key,
|
215
211
|
const uint8_t *in, size_t len) {
|
216
212
|
CBS cbs;
|
217
213
|
CBS_init(&cbs, in, len);
|
@@ -230,7 +226,7 @@ static int pmbtoken_client_key_from_bytes(const PMBTOKEN_METHOD *method,
|
|
230
226
|
}
|
231
227
|
|
232
228
|
static int pmbtoken_issuer_key_from_bytes(const PMBTOKEN_METHOD *method,
|
233
|
-
|
229
|
+
TRUST_TOKEN_ISSUER_KEY *key,
|
234
230
|
const uint8_t *in, size_t len) {
|
235
231
|
const EC_GROUP *group = method->group;
|
236
232
|
CBS cbs, tmp;
|
@@ -269,10 +265,10 @@ static int pmbtoken_issuer_key_from_bytes(const PMBTOKEN_METHOD *method,
|
|
269
265
|
return 1;
|
270
266
|
}
|
271
267
|
|
272
|
-
static STACK_OF(
|
268
|
+
static STACK_OF(TRUST_TOKEN_PRETOKEN) *
|
273
269
|
pmbtoken_blind(const PMBTOKEN_METHOD *method, CBB *cbb, size_t count) {
|
274
270
|
const EC_GROUP *group = method->group;
|
275
|
-
STACK_OF(
|
271
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens = sk_TRUST_TOKEN_PRETOKEN_new_null();
|
276
272
|
if (pretokens == NULL) {
|
277
273
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
278
274
|
goto err;
|
@@ -280,11 +276,11 @@ static STACK_OF(PMBTOKEN_PRETOKEN) *
|
|
280
276
|
|
281
277
|
for (size_t i = 0; i < count; i++) {
|
282
278
|
// Insert |pretoken| into |pretokens| early to simplify error-handling.
|
283
|
-
|
279
|
+
TRUST_TOKEN_PRETOKEN *pretoken = OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN));
|
284
280
|
if (pretoken == NULL ||
|
285
|
-
!
|
281
|
+
!sk_TRUST_TOKEN_PRETOKEN_push(pretokens, pretoken)) {
|
286
282
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
287
|
-
|
283
|
+
TRUST_TOKEN_PRETOKEN_free(pretoken);
|
288
284
|
goto err;
|
289
285
|
}
|
290
286
|
|
@@ -319,7 +315,7 @@ static STACK_OF(PMBTOKEN_PRETOKEN) *
|
|
319
315
|
return pretokens;
|
320
316
|
|
321
317
|
err:
|
322
|
-
|
318
|
+
sk_TRUST_TOKEN_PRETOKEN_pop_free(pretokens, TRUST_TOKEN_PRETOKEN_free);
|
323
319
|
return NULL;
|
324
320
|
}
|
325
321
|
|
@@ -455,9 +451,10 @@ err:
|
|
455
451
|
// DLEQOR2 with only one value (n=1).
|
456
452
|
|
457
453
|
static int dleq_generate(const PMBTOKEN_METHOD *method, CBB *cbb,
|
458
|
-
const
|
459
|
-
const EC_RAW_POINT *
|
460
|
-
const EC_RAW_POINT *
|
454
|
+
const TRUST_TOKEN_ISSUER_KEY *priv,
|
455
|
+
const EC_RAW_POINT *T, const EC_RAW_POINT *S,
|
456
|
+
const EC_RAW_POINT *W, const EC_RAW_POINT *Ws,
|
457
|
+
uint8_t private_metadata) {
|
461
458
|
const EC_GROUP *group = method->group;
|
462
459
|
|
463
460
|
// We generate a DLEQ proof for the validity token and a DLEQOR2 proof for the
|
@@ -616,7 +613,7 @@ static int dleq_generate(const PMBTOKEN_METHOD *method, CBB *cbb,
|
|
616
613
|
}
|
617
614
|
|
618
615
|
static int dleq_verify(const PMBTOKEN_METHOD *method, CBS *cbs,
|
619
|
-
const
|
616
|
+
const TRUST_TOKEN_CLIENT_KEY *pub, const EC_RAW_POINT *T,
|
620
617
|
const EC_RAW_POINT *S, const EC_RAW_POINT *W,
|
621
618
|
const EC_RAW_POINT *Ws) {
|
622
619
|
const EC_GROUP *group = method->group;
|
@@ -735,7 +732,7 @@ static int dleq_verify(const PMBTOKEN_METHOD *method, CBS *cbs,
|
|
735
732
|
}
|
736
733
|
|
737
734
|
static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
738
|
-
const
|
735
|
+
const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
739
736
|
size_t num_requested, size_t num_to_issue,
|
740
737
|
uint8_t private_metadata) {
|
741
738
|
const EC_GROUP *group = method->group;
|
@@ -785,8 +782,8 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
785
782
|
ec_scalar_select(group, &xb, mask, &key->x1, &key->x0);
|
786
783
|
ec_scalar_select(group, &yb, mask, &key->y1, &key->y0);
|
787
784
|
|
788
|
-
uint8_t s[
|
789
|
-
RAND_bytes(s,
|
785
|
+
uint8_t s[TRUST_TOKEN_NONCE_SIZE];
|
786
|
+
RAND_bytes(s, TRUST_TOKEN_NONCE_SIZE);
|
790
787
|
// The |jacobians| and |affines| contain Sp, Wp, and Wsp.
|
791
788
|
EC_RAW_POINT jacobians[3];
|
792
789
|
EC_AFFINE affines[3];
|
@@ -796,9 +793,11 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
|
|
796
793
|
!ec_point_mul_scalar_batch(group, &jacobians[2], &Tp, &key->xs,
|
797
794
|
&jacobians[0], &key->ys, NULL, NULL) ||
|
798
795
|
!ec_jacobian_to_affine_batch(group, affines, jacobians, 3) ||
|
799
|
-
!CBB_add_bytes(cbb, s,
|
800
|
-
!cbb_add_prefixed_point(cbb, group, &affines[1],
|
801
|
-
|
796
|
+
!CBB_add_bytes(cbb, s, TRUST_TOKEN_NONCE_SIZE) ||
|
797
|
+
!cbb_add_prefixed_point(cbb, group, &affines[1],
|
798
|
+
method->prefix_point) ||
|
799
|
+
!cbb_add_prefixed_point(cbb, group, &affines[2],
|
800
|
+
method->prefix_point)) {
|
802
801
|
goto err;
|
803
802
|
}
|
804
803
|
|
@@ -877,11 +876,11 @@ err:
|
|
877
876
|
|
878
877
|
static STACK_OF(TRUST_TOKEN) *
|
879
878
|
pmbtoken_unblind(const PMBTOKEN_METHOD *method,
|
880
|
-
const
|
881
|
-
const STACK_OF(
|
879
|
+
const TRUST_TOKEN_CLIENT_KEY *key,
|
880
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens, CBS *cbs,
|
882
881
|
size_t count, uint32_t key_id) {
|
883
882
|
const EC_GROUP *group = method->group;
|
884
|
-
if (count >
|
883
|
+
if (count > sk_TRUST_TOKEN_PRETOKEN_num(pretokens)) {
|
885
884
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
886
885
|
return NULL;
|
887
886
|
}
|
@@ -919,12 +918,12 @@ static STACK_OF(TRUST_TOKEN) *
|
|
919
918
|
}
|
920
919
|
|
921
920
|
for (size_t i = 0; i < count; i++) {
|
922
|
-
const
|
923
|
-
|
921
|
+
const TRUST_TOKEN_PRETOKEN *pretoken =
|
922
|
+
sk_TRUST_TOKEN_PRETOKEN_value(pretokens, i);
|
924
923
|
|
925
|
-
uint8_t s[
|
924
|
+
uint8_t s[TRUST_TOKEN_NONCE_SIZE];
|
926
925
|
EC_AFFINE Wp_affine, Wsp_affine;
|
927
|
-
if (!CBS_copy_bytes(cbs, s,
|
926
|
+
if (!CBS_copy_bytes(cbs, s, TRUST_TOKEN_NONCE_SIZE) ||
|
928
927
|
!cbs_get_prefixed_point(cbs, group, &Wp_affine, method->prefix_point) ||
|
929
928
|
!cbs_get_prefixed_point(cbs, group, &Wsp_affine,
|
930
929
|
method->prefix_point)) {
|
@@ -963,9 +962,10 @@ static STACK_OF(TRUST_TOKEN) *
|
|
963
962
|
// above.
|
964
963
|
CBB token_cbb;
|
965
964
|
size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
|
966
|
-
if (!CBB_init(&token_cbb,
|
965
|
+
if (!CBB_init(&token_cbb,
|
966
|
+
4 + TRUST_TOKEN_NONCE_SIZE + 3 * (2 + point_len)) ||
|
967
967
|
!CBB_add_u32(&token_cbb, key_id) ||
|
968
|
-
!CBB_add_bytes(&token_cbb, pretoken->t,
|
968
|
+
!CBB_add_bytes(&token_cbb, pretoken->t, TRUST_TOKEN_NONCE_SIZE) ||
|
969
969
|
!cbb_add_prefixed_point(&token_cbb, group, &affines[0],
|
970
970
|
method->prefix_point) ||
|
971
971
|
!cbb_add_prefixed_point(&token_cbb, group, &affines[1],
|
@@ -1034,15 +1034,15 @@ err:
|
|
1034
1034
|
}
|
1035
1035
|
|
1036
1036
|
static int pmbtoken_read(const PMBTOKEN_METHOD *method,
|
1037
|
-
const
|
1038
|
-
uint8_t out_nonce[
|
1037
|
+
const TRUST_TOKEN_ISSUER_KEY *key,
|
1038
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
1039
1039
|
uint8_t *out_private_metadata, const uint8_t *token,
|
1040
1040
|
size_t token_len) {
|
1041
1041
|
const EC_GROUP *group = method->group;
|
1042
1042
|
CBS cbs;
|
1043
1043
|
CBS_init(&cbs, token, token_len);
|
1044
1044
|
EC_AFFINE S, W, Ws;
|
1045
|
-
if (!CBS_copy_bytes(&cbs, out_nonce,
|
1045
|
+
if (!CBS_copy_bytes(&cbs, out_nonce, TRUST_TOKEN_NONCE_SIZE) ||
|
1046
1046
|
!cbs_get_prefixed_point(&cbs, group, &S, method->prefix_point) ||
|
1047
1047
|
!cbs_get_prefixed_point(&cbs, group, &W, method->prefix_point) ||
|
1048
1048
|
!cbs_get_prefixed_point(&cbs, group, &Ws, method->prefix_point) ||
|
@@ -1101,15 +1101,15 @@ static int pmbtoken_read(const PMBTOKEN_METHOD *method,
|
|
1101
1101
|
// PMBTokens experiment v1.
|
1102
1102
|
|
1103
1103
|
static int pmbtoken_exp1_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
|
1104
|
-
const uint8_t t[
|
1104
|
+
const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) {
|
1105
1105
|
const uint8_t kHashTLabel[] = "PMBTokens Experiment V1 HashT";
|
1106
1106
|
return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
1107
|
-
group, out, kHashTLabel, sizeof(kHashTLabel), t,
|
1107
|
+
group, out, kHashTLabel, sizeof(kHashTLabel), t, TRUST_TOKEN_NONCE_SIZE);
|
1108
1108
|
}
|
1109
1109
|
|
1110
1110
|
static int pmbtoken_exp1_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
|
1111
1111
|
const EC_AFFINE *t,
|
1112
|
-
const uint8_t s[
|
1112
|
+
const uint8_t s[TRUST_TOKEN_NONCE_SIZE]) {
|
1113
1113
|
const uint8_t kHashSLabel[] = "PMBTokens Experiment V1 HashS";
|
1114
1114
|
int ret = 0;
|
1115
1115
|
CBB cbb;
|
@@ -1117,7 +1117,7 @@ static int pmbtoken_exp1_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
|
|
1117
1117
|
size_t len;
|
1118
1118
|
if (!CBB_init(&cbb, 0) ||
|
1119
1119
|
!point_to_cbb(&cbb, group, t) ||
|
1120
|
-
!CBB_add_bytes(&cbb, s,
|
1120
|
+
!CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) ||
|
1121
1121
|
!CBB_finish(&cbb, &buf, &len) ||
|
1122
1122
|
!ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
1123
1123
|
group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
|
@@ -1182,7 +1182,7 @@ int pmbtoken_exp1_generate_key(CBB *out_private, CBB *out_public) {
|
|
1182
1182
|
return pmbtoken_generate_key(&pmbtoken_exp1_method, out_private, out_public);
|
1183
1183
|
}
|
1184
1184
|
|
1185
|
-
int pmbtoken_exp1_client_key_from_bytes(
|
1185
|
+
int pmbtoken_exp1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
|
1186
1186
|
const uint8_t *in, size_t len) {
|
1187
1187
|
if (!pmbtoken_exp1_init_method()) {
|
1188
1188
|
return 0;
|
@@ -1190,7 +1190,7 @@ int pmbtoken_exp1_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
|
|
1190
1190
|
return pmbtoken_client_key_from_bytes(&pmbtoken_exp1_method, key, in, len);
|
1191
1191
|
}
|
1192
1192
|
|
1193
|
-
int pmbtoken_exp1_issuer_key_from_bytes(
|
1193
|
+
int pmbtoken_exp1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
|
1194
1194
|
const uint8_t *in, size_t len) {
|
1195
1195
|
if (!pmbtoken_exp1_init_method()) {
|
1196
1196
|
return 0;
|
@@ -1198,14 +1198,14 @@ int pmbtoken_exp1_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
|
|
1198
1198
|
return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp1_method, key, in, len);
|
1199
1199
|
}
|
1200
1200
|
|
1201
|
-
STACK_OF(
|
1201
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp1_blind(CBB *cbb, size_t count) {
|
1202
1202
|
if (!pmbtoken_exp1_init_method()) {
|
1203
1203
|
return NULL;
|
1204
1204
|
}
|
1205
1205
|
return pmbtoken_blind(&pmbtoken_exp1_method, cbb, count);
|
1206
1206
|
}
|
1207
1207
|
|
1208
|
-
int pmbtoken_exp1_sign(const
|
1208
|
+
int pmbtoken_exp1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
1209
1209
|
size_t num_requested, size_t num_to_issue,
|
1210
1210
|
uint8_t private_metadata) {
|
1211
1211
|
if (!pmbtoken_exp1_init_method()) {
|
@@ -1216,8 +1216,8 @@ int pmbtoken_exp1_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
|
1216
1216
|
}
|
1217
1217
|
|
1218
1218
|
STACK_OF(TRUST_TOKEN) *
|
1219
|
-
pmbtoken_exp1_unblind(const
|
1220
|
-
const STACK_OF(
|
1219
|
+
pmbtoken_exp1_unblind(const TRUST_TOKEN_CLIENT_KEY *key,
|
1220
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens,
|
1221
1221
|
CBS *cbs, size_t count, uint32_t key_id) {
|
1222
1222
|
if (!pmbtoken_exp1_init_method()) {
|
1223
1223
|
return NULL;
|
@@ -1226,8 +1226,8 @@ STACK_OF(TRUST_TOKEN) *
|
|
1226
1226
|
key_id);
|
1227
1227
|
}
|
1228
1228
|
|
1229
|
-
int pmbtoken_exp1_read(const
|
1230
|
-
uint8_t out_nonce[
|
1229
|
+
int pmbtoken_exp1_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
1230
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
1231
1231
|
uint8_t *out_private_metadata, const uint8_t *token,
|
1232
1232
|
size_t token_len) {
|
1233
1233
|
if (!pmbtoken_exp1_init_method()) {
|
@@ -1251,15 +1251,15 @@ int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]) {
|
|
1251
1251
|
// PMBTokens experiment v2.
|
1252
1252
|
|
1253
1253
|
static int pmbtoken_exp2_hash_t(const EC_GROUP *group, EC_RAW_POINT *out,
|
1254
|
-
const uint8_t t[
|
1254
|
+
const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) {
|
1255
1255
|
const uint8_t kHashTLabel[] = "PMBTokens Experiment V2 HashT";
|
1256
1256
|
return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
1257
|
-
group, out, kHashTLabel, sizeof(kHashTLabel), t,
|
1257
|
+
group, out, kHashTLabel, sizeof(kHashTLabel), t, TRUST_TOKEN_NONCE_SIZE);
|
1258
1258
|
}
|
1259
1259
|
|
1260
1260
|
static int pmbtoken_exp2_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
|
1261
1261
|
const EC_AFFINE *t,
|
1262
|
-
const uint8_t s[
|
1262
|
+
const uint8_t s[TRUST_TOKEN_NONCE_SIZE]) {
|
1263
1263
|
const uint8_t kHashSLabel[] = "PMBTokens Experiment V2 HashS";
|
1264
1264
|
int ret = 0;
|
1265
1265
|
CBB cbb;
|
@@ -1267,7 +1267,7 @@ static int pmbtoken_exp2_hash_s(const EC_GROUP *group, EC_RAW_POINT *out,
|
|
1267
1267
|
size_t len;
|
1268
1268
|
if (!CBB_init(&cbb, 0) ||
|
1269
1269
|
!point_to_cbb(&cbb, group, t) ||
|
1270
|
-
!CBB_add_bytes(&cbb, s,
|
1270
|
+
!CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) ||
|
1271
1271
|
!CBB_finish(&cbb, &buf, &len) ||
|
1272
1272
|
!ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
1273
1273
|
group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
|
@@ -1332,7 +1332,7 @@ int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public) {
|
|
1332
1332
|
return pmbtoken_generate_key(&pmbtoken_exp2_method, out_private, out_public);
|
1333
1333
|
}
|
1334
1334
|
|
1335
|
-
int pmbtoken_exp2_client_key_from_bytes(
|
1335
|
+
int pmbtoken_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
|
1336
1336
|
const uint8_t *in, size_t len) {
|
1337
1337
|
if (!pmbtoken_exp2_init_method()) {
|
1338
1338
|
return 0;
|
@@ -1340,7 +1340,7 @@ int pmbtoken_exp2_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key,
|
|
1340
1340
|
return pmbtoken_client_key_from_bytes(&pmbtoken_exp2_method, key, in, len);
|
1341
1341
|
}
|
1342
1342
|
|
1343
|
-
int pmbtoken_exp2_issuer_key_from_bytes(
|
1343
|
+
int pmbtoken_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
|
1344
1344
|
const uint8_t *in, size_t len) {
|
1345
1345
|
if (!pmbtoken_exp2_init_method()) {
|
1346
1346
|
return 0;
|
@@ -1348,14 +1348,14 @@ int pmbtoken_exp2_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key,
|
|
1348
1348
|
return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp2_method, key, in, len);
|
1349
1349
|
}
|
1350
1350
|
|
1351
|
-
STACK_OF(
|
1351
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count) {
|
1352
1352
|
if (!pmbtoken_exp2_init_method()) {
|
1353
1353
|
return NULL;
|
1354
1354
|
}
|
1355
1355
|
return pmbtoken_blind(&pmbtoken_exp2_method, cbb, count);
|
1356
1356
|
}
|
1357
1357
|
|
1358
|
-
int pmbtoken_exp2_sign(const
|
1358
|
+
int pmbtoken_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
1359
1359
|
size_t num_requested, size_t num_to_issue,
|
1360
1360
|
uint8_t private_metadata) {
|
1361
1361
|
if (!pmbtoken_exp2_init_method()) {
|
@@ -1366,8 +1366,8 @@ int pmbtoken_exp2_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
|
1366
1366
|
}
|
1367
1367
|
|
1368
1368
|
STACK_OF(TRUST_TOKEN) *
|
1369
|
-
pmbtoken_exp2_unblind(const
|
1370
|
-
const STACK_OF(
|
1369
|
+
pmbtoken_exp2_unblind(const TRUST_TOKEN_CLIENT_KEY *key,
|
1370
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens,
|
1371
1371
|
CBS *cbs, size_t count, uint32_t key_id) {
|
1372
1372
|
if (!pmbtoken_exp2_init_method()) {
|
1373
1373
|
return NULL;
|
@@ -1376,8 +1376,8 @@ STACK_OF(TRUST_TOKEN) *
|
|
1376
1376
|
key_id);
|
1377
1377
|
}
|
1378
1378
|
|
1379
|
-
int pmbtoken_exp2_read(const
|
1380
|
-
uint8_t out_nonce[
|
1379
|
+
int pmbtoken_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
1380
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
1381
1381
|
uint8_t *out_private_metadata, const uint8_t *token,
|
1382
1382
|
size_t token_len) {
|
1383
1383
|
if (!pmbtoken_exp2_init_method()) {
|