grpc 1.37.1 → 1.40.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +112 -59
- data/include/grpc/event_engine/README.md +38 -0
- data/include/grpc/event_engine/endpoint_config.h +48 -0
- data/include/grpc/event_engine/event_engine.h +330 -0
- data/include/grpc/event_engine/port.h +41 -0
- data/include/grpc/event_engine/slice_allocator.h +66 -0
- data/include/grpc/grpc.h +11 -4
- data/include/grpc/grpc_security.h +32 -0
- data/include/grpc/grpc_security_constants.h +15 -0
- data/include/grpc/impl/codegen/grpc_types.h +44 -19
- data/include/grpc/impl/codegen/port_platform.h +46 -0
- data/include/grpc/module.modulemap +14 -14
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +177 -202
- data/src/core/ext/filters/client_channel/client_channel.cc +975 -3282
- data/src/core/ext/filters/client_channel/client_channel.h +513 -55
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +4 -1
- data/src/core/ext/filters/client_channel/config_selector.h +20 -7
- data/src/core/ext/filters/client_channel/connector.h +1 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +9 -10
- data/src/core/ext/filters/client_channel/dynamic_filters.h +3 -3
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +28 -27
- data/src/core/ext/filters/client_channel/health/health_check_client.h +30 -29
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +24 -21
- data/src/core/ext/filters/client_channel/http_proxy.cc +16 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +6 -6
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +53 -51
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -23
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +16 -16
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +10 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +10 -17
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +17 -20
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +53 -65
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +36 -44
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +33 -55
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +151 -163
- data/src/core/ext/filters/client_channel/lb_policy.cc +2 -16
- data/src/core/ext/filters/client_channel/lb_policy.h +70 -46
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +24 -18
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_event_engine.cc +31 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +14 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +33 -24
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_event_engine.cc +28 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +18 -12
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +20 -28
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -5
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +20 -13
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +158 -102
- data/src/core/ext/filters/client_channel/resolver.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +32 -239
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +20 -49
- data/src/core/ext/filters/client_channel/retry_filter.cc +2598 -0
- data/src/core/ext/filters/client_channel/retry_filter.h +30 -0
- data/src/core/ext/filters/client_channel/retry_service_config.cc +316 -0
- data/src/core/ext/filters/client_channel/retry_service_config.h +96 -0
- data/src/core/ext/filters/client_channel/server_address.cc +1 -1
- data/src/core/ext/filters/client_channel/service_config.cc +15 -14
- data/src/core/ext/filters/client_channel/service_config.h +7 -6
- data/src/core/ext/filters/client_channel/service_config_call_data.h +45 -5
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +5 -4
- data/src/core/ext/filters/client_channel/service_config_parser.cc +6 -6
- data/src/core/ext/filters/client_channel/service_config_parser.h +7 -4
- data/src/core/ext/filters/client_channel/subchannel.cc +17 -16
- data/src/core/ext/filters/client_channel/subchannel.h +7 -6
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +17 -16
- data/src/core/ext/filters/deadline/deadline_filter.cc +10 -10
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +19 -18
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +5 -5
- data/src/core/ext/filters/fault_injection/service_config_parser.h +1 -1
- data/src/core/ext/filters/http/client/http_client_filter.cc +33 -23
- data/src/core/ext/filters/http/client_authority_filter.cc +3 -3
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +23 -22
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +21 -21
- data/src/core/ext/filters/http/server/http_server_filter.cc +27 -23
- data/src/core/ext/filters/max_age/max_age_filter.cc +12 -10
- data/src/core/ext/filters/message_size/message_size_filter.cc +14 -11
- data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +4 -3
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +7 -7
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +7 -7
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +2 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +3 -2
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +3 -3
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +49 -46
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +2 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +3 -4
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +5 -4
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.cc +66 -0
- data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.h +74 -0
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +141 -126
- data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -5
- data/src/core/ext/transport/chttp2/transport/context_list.h +4 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/flow_control.h +9 -9
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +12 -12
- data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -10
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +15 -16
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +11 -10
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +4 -6
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +652 -736
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +195 -74
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +4 -4
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +2 -2
- data/src/core/ext/transport/chttp2/transport/internal.h +33 -28
- data/src/core/ext/transport/chttp2/transport/parsing.cc +129 -106
- data/src/core/ext/transport/chttp2/transport/varint.cc +6 -4
- data/src/core/ext/transport/chttp2/transport/writing.cc +7 -3
- data/src/core/ext/transport/inproc/inproc_transport.cc +72 -60
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +56 -35
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +180 -76
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +35 -27
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +97 -48
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +45 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +67 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +66 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +227 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +121 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +90 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +32 -24
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -73
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +48 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +171 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +8 -6
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +27 -19
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +24 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +57 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +29 -17
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +72 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +4 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +6 -5
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +15 -11
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +85 -43
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +274 -91
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +11 -8
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +30 -13
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +33 -5
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +115 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +60 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +181 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +1 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +82 -66
- data/src/core/ext/upb-generated/validate/validate.upb.h +220 -124
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +15 -7
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +53 -52
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +318 -277
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +437 -410
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +198 -170
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +219 -163
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +29 -25
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +52 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +135 -125
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +131 -123
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +90 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +32 -24
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +69 -55
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +684 -664
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +13 -10
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +13 -10
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +441 -375
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +122 -114
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +112 -79
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +35 -32
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +4 -4
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +182 -160
- data/src/core/ext/xds/certificate_provider_factory.h +1 -1
- data/src/core/ext/xds/certificate_provider_store.h +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +2 -2
- data/src/core/ext/xds/xds_api.cc +665 -317
- data/src/core/ext/xds/xds_api.h +52 -14
- data/src/core/ext/xds/xds_bootstrap.cc +101 -160
- data/src/core/ext/xds/xds_bootstrap.h +19 -24
- data/src/core/ext/xds/xds_certificate_provider.cc +4 -4
- data/src/core/ext/xds/xds_certificate_provider.h +4 -4
- data/src/core/ext/xds/xds_channel_args.h +5 -2
- data/src/core/ext/xds/xds_client.cc +370 -215
- data/src/core/ext/xds/xds_client.h +38 -28
- data/src/core/ext/xds/xds_client_stats.h +3 -2
- data/src/core/ext/xds/xds_http_filters.cc +3 -2
- data/src/core/ext/xds/xds_http_filters.h +3 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +34 -20
- data/src/core/lib/{iomgr → address_utils}/parse_address.cc +17 -17
- data/src/core/lib/{iomgr → address_utils}/parse_address.h +7 -7
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +16 -20
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +16 -11
- data/src/core/lib/channel/call_tracer.h +85 -0
- data/src/core/lib/channel/channel_stack.cc +10 -9
- data/src/core/lib/channel/channel_stack.h +11 -10
- data/src/core/lib/channel/channel_stack_builder.cc +2 -2
- data/src/core/lib/channel/channel_stack_builder.h +1 -1
- data/src/core/lib/channel/channelz.cc +21 -13
- data/src/core/lib/channel/channelz.h +3 -0
- data/src/core/lib/channel/connected_channel.cc +4 -4
- data/src/core/lib/channel/context.h +3 -0
- data/src/core/lib/channel/handshaker.cc +7 -6
- data/src/core/lib/channel/handshaker.h +5 -5
- data/src/core/lib/channel/status_util.h +4 -0
- data/src/core/lib/compression/stream_compression.h +1 -1
- data/src/core/lib/compression/stream_compression_gzip.h +1 -1
- data/src/core/lib/compression/stream_compression_identity.h +1 -1
- data/src/core/lib/debug/stats.h +1 -1
- data/src/core/lib/event_engine/endpoint_config.cc +46 -0
- data/src/core/lib/event_engine/endpoint_config_internal.h +42 -0
- data/src/core/lib/event_engine/event_engine.cc +50 -0
- data/src/core/lib/event_engine/sockaddr.cc +40 -0
- data/src/core/lib/event_engine/sockaddr.h +44 -0
- data/src/core/lib/gpr/murmur_hash.cc +4 -2
- data/src/core/lib/gpr/wrap_memcpy.cc +2 -1
- data/src/core/lib/gprpp/manual_constructor.h +1 -1
- data/src/core/lib/gprpp/orphanable.h +3 -3
- data/src/core/lib/gprpp/ref_counted.h +28 -14
- data/src/core/lib/gprpp/status_helper.cc +407 -0
- data/src/core/lib/gprpp/status_helper.h +183 -0
- data/src/core/lib/gprpp/sync.h +2 -30
- data/src/core/lib/http/httpcli.cc +11 -11
- data/src/core/lib/http/httpcli_security_connector.cc +11 -7
- data/src/core/lib/http/parser.cc +16 -16
- data/src/core/lib/http/parser.h +4 -4
- data/src/core/lib/iomgr/buffer_list.cc +8 -10
- data/src/core/lib/iomgr/buffer_list.h +4 -5
- data/src/core/lib/iomgr/call_combiner.cc +15 -12
- data/src/core/lib/iomgr/call_combiner.h +12 -14
- data/src/core/lib/iomgr/cfstream_handle.cc +3 -3
- data/src/core/lib/iomgr/cfstream_handle.h +1 -1
- data/src/core/lib/iomgr/closure.h +7 -6
- data/src/core/lib/iomgr/combiner.cc +14 -12
- data/src/core/lib/iomgr/combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint.cc +1 -1
- data/src/core/lib/iomgr/endpoint.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +11 -13
- data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +33 -0
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
- data/src/core/lib/iomgr/error.cc +168 -61
- data/src/core/lib/iomgr/error.h +217 -106
- data/src/core/lib/iomgr/error_cfstream.cc +3 -2
- data/src/core/lib/iomgr/error_cfstream.h +2 -2
- data/src/core/lib/iomgr/error_internal.h +5 -1
- data/src/core/lib/iomgr/ev_apple.cc +5 -5
- data/src/core/lib/iomgr/ev_apple.h +1 -1
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -19
- data/src/core/lib/iomgr/ev_epollex_linux.cc +48 -45
- data/src/core/lib/iomgr/ev_poll_posix.cc +26 -23
- data/src/core/lib/iomgr/ev_posix.cc +9 -8
- data/src/core/lib/iomgr/ev_posix.h +9 -9
- data/src/core/lib/iomgr/event_engine/closure.cc +54 -0
- data/src/core/lib/iomgr/event_engine/closure.h +33 -0
- data/src/core/lib/iomgr/event_engine/endpoint.cc +192 -0
- data/src/core/lib/iomgr/event_engine/endpoint.h +53 -0
- data/src/core/lib/iomgr/event_engine/iomgr.cc +105 -0
- data/src/core/lib/iomgr/event_engine/iomgr.h +24 -0
- data/src/core/lib/iomgr/event_engine/pollset.cc +87 -0
- data/src/core/lib/iomgr/event_engine/pollset.h +25 -0
- data/src/core/lib/iomgr/event_engine/promise.h +51 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.cc +41 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.h +35 -0
- data/src/core/lib/iomgr/event_engine/resolver.cc +110 -0
- data/src/core/lib/iomgr/event_engine/tcp.cc +263 -0
- data/src/core/lib/iomgr/event_engine/timer.cc +57 -0
- data/src/core/lib/iomgr/exec_ctx.cc +12 -4
- data/src/core/lib/iomgr/exec_ctx.h +4 -5
- data/src/core/lib/iomgr/executor/threadpool.cc +2 -3
- data/src/core/lib/iomgr/executor/threadpool.h +2 -2
- data/src/core/lib/iomgr/executor.cc +8 -8
- data/src/core/lib/iomgr/executor.h +2 -2
- data/src/core/lib/iomgr/iomgr.cc +2 -2
- data/src/core/lib/iomgr/iomgr.h +1 -1
- data/src/core/lib/iomgr/iomgr_custom.cc +1 -1
- data/src/core/lib/iomgr/iomgr_internal.cc +2 -2
- data/src/core/lib/iomgr/iomgr_internal.h +3 -3
- data/src/core/lib/iomgr/iomgr_posix.cc +3 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +42 -12
- data/src/core/lib/iomgr/iomgr_windows.cc +1 -1
- data/src/core/lib/iomgr/load_file.cc +4 -4
- data/src/core/lib/iomgr/load_file.h +2 -2
- data/src/core/lib/iomgr/lockfree_event.cc +5 -5
- data/src/core/lib/iomgr/lockfree_event.h +1 -1
- data/src/core/lib/iomgr/pollset.cc +5 -5
- data/src/core/lib/iomgr/pollset.h +9 -9
- data/src/core/lib/iomgr/pollset_custom.cc +7 -7
- data/src/core/lib/iomgr/pollset_custom.h +3 -1
- data/src/core/lib/iomgr/pollset_uv.cc +3 -1
- data/src/core/lib/iomgr/pollset_uv.h +5 -1
- data/src/core/lib/iomgr/pollset_windows.cc +5 -5
- data/src/core/lib/iomgr/port.h +7 -5
- data/src/core/lib/iomgr/python_util.h +2 -2
- data/src/core/lib/iomgr/resolve_address.cc +8 -4
- data/src/core/lib/iomgr/resolve_address.h +12 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +10 -9
- data/src/core/lib/iomgr/resolve_address_custom.h +3 -3
- data/src/core/lib/iomgr/resolve_address_posix.cc +3 -3
- data/src/core/lib/iomgr/resolve_address_windows.cc +4 -4
- data/src/core/lib/iomgr/resource_quota.cc +13 -10
- data/src/core/lib/iomgr/sockaddr.h +1 -0
- data/src/core/lib/iomgr/socket_mutator.cc +15 -2
- data/src/core/lib/iomgr/socket_mutator.h +26 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +24 -22
- data/src/core/lib/iomgr/socket_utils_posix.h +20 -20
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +4 -4
- data/src/core/lib/iomgr/tcp_client_custom.cc +5 -6
- data/src/core/lib/iomgr/tcp_client_posix.cc +22 -19
- data/src/core/lib/iomgr/tcp_client_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_client_windows.cc +7 -5
- data/src/core/lib/iomgr/tcp_custom.cc +14 -16
- data/src/core/lib/iomgr/tcp_custom.h +13 -12
- data/src/core/lib/iomgr/tcp_posix.cc +78 -73
- data/src/core/lib/iomgr/tcp_posix.h +8 -0
- data/src/core/lib/iomgr/tcp_server.cc +6 -6
- data/src/core/lib/iomgr/tcp_server.h +12 -11
- data/src/core/lib/iomgr/tcp_server_custom.cc +26 -25
- data/src/core/lib/iomgr/tcp_server_posix.cc +29 -21
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +21 -18
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +9 -9
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
- data/src/core/lib/iomgr/tcp_server_windows.cc +26 -25
- data/src/core/lib/iomgr/tcp_uv.cc +25 -23
- data/src/core/lib/iomgr/tcp_windows.cc +13 -13
- data/src/core/lib/iomgr/tcp_windows.h +2 -2
- data/src/core/lib/iomgr/timer.h +6 -1
- data/src/core/lib/iomgr/timer_custom.cc +2 -1
- data/src/core/lib/iomgr/timer_custom.h +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +6 -6
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/iomgr/udp_server.cc +21 -20
- data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -3
- data/src/core/lib/iomgr/unix_sockets_posix.h +2 -2
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +10 -7
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +4 -4
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
- data/src/core/lib/iomgr/work_serializer.h +17 -1
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_reader.cc +5 -6
- data/src/core/lib/matchers/matchers.cc +46 -58
- data/src/core/lib/matchers/matchers.h +30 -29
- data/src/core/lib/security/authorization/authorization_engine.h +44 -0
- data/src/core/lib/security/authorization/authorization_policy_provider.h +32 -0
- data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +46 -0
- data/src/core/lib/security/authorization/evaluate_args.cc +209 -0
- data/src/core/lib/security/authorization/evaluate_args.h +91 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +4 -4
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
- data/src/core/lib/security/credentials/credentials.h +2 -2
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +17 -13
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +13 -11
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +2 -1
- data/src/core/lib/security/credentials/external/aws_request_signer.h +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +15 -12
- data/src/core/lib/security/credentials/external/external_account_credentials.h +9 -8
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -4
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -3
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +8 -8
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +9 -7
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -2
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +12 -10
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -2
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +2 -2
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +3 -3
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +7 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +21 -19
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +8 -7
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +9 -9
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +68 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +7 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +4 -0
- data/src/core/lib/security/credentials/tls/tls_utils.cc +32 -0
- data/src/core/lib/security/credentials/tls/tls_utils.h +13 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +3 -3
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +12 -2
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +1 -1
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +22 -9
- data/src/core/lib/security/security_connector/security_connector.h +9 -4
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +16 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +27 -4
- data/src/core/lib/security/security_connector/ssl_utils.h +4 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +60 -76
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +66 -48
- data/src/core/lib/security/transport/client_auth_filter.cc +18 -10
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -4
- data/src/core/lib/security/transport/security_handshaker.cc +45 -36
- data/src/core/lib/security/transport/server_auth_filter.cc +17 -18
- data/src/core/lib/security/transport/tsi_error.cc +2 -1
- data/src/core/lib/security/transport/tsi_error.h +2 -1
- data/src/core/lib/security/util/json_util.cc +2 -2
- data/src/core/lib/security/util/json_util.h +1 -1
- data/src/core/lib/slice/slice_internal.h +1 -0
- data/src/core/lib/surface/call.cc +72 -52
- data/src/core/lib/surface/call.h +13 -2
- data/src/core/lib/surface/channel.cc +6 -6
- data/src/core/lib/surface/channel.h +3 -2
- data/src/core/lib/surface/channel_ping.cc +1 -1
- data/src/core/lib/surface/completion_queue.cc +68 -69
- data/src/core/lib/surface/completion_queue.h +3 -2
- data/src/core/lib/surface/completion_queue_factory.cc +1 -2
- data/src/core/lib/surface/init.cc +1 -3
- data/src/core/lib/surface/init.h +10 -1
- data/src/core/lib/surface/lame_client.cc +11 -11
- data/src/core/lib/surface/lame_client.h +1 -1
- data/src/core/lib/surface/server.cc +31 -23
- data/src/core/lib/surface/server.h +19 -18
- data/src/core/lib/surface/validate_metadata.cc +7 -7
- data/src/core/lib/surface/validate_metadata.h +3 -2
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.cc +5 -5
- data/src/core/lib/transport/byte_stream.h +8 -8
- data/src/core/lib/transport/connectivity_state.cc +1 -1
- data/src/core/lib/transport/error_utils.cc +21 -10
- data/src/core/lib/transport/error_utils.h +11 -5
- data/src/core/lib/transport/metadata_batch.cc +37 -37
- data/src/core/lib/transport/metadata_batch.h +19 -18
- data/src/core/lib/transport/transport.cc +4 -3
- data/src/core/lib/transport/transport.h +6 -4
- data/src/core/lib/transport/transport_op_string.cc +6 -6
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -0
- data/src/core/tsi/alts/crypt/gsec.h +6 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +5 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +7 -6
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
- data/src/core/tsi/ssl_transport_security.cc +32 -14
- data/src/core/tsi/ssl_transport_security.h +3 -4
- data/src/ruby/bin/math_services_pb.rb +1 -1
- data/src/ruby/ext/grpc/extconf.rb +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +11 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +6 -6
- data/third_party/abseil-cpp/absl/algorithm/container.h +3 -3
- data/third_party/abseil-cpp/absl/base/attributes.h +24 -4
- data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
- data/third_party/abseil-cpp/absl/base/config.h +37 -9
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +24 -10
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
- data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +14 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +11 -11
- data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +5 -2
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +43 -42
- data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +1 -3
- data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
- data/third_party/abseil-cpp/absl/base/macros.h +11 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
- data/third_party/abseil-cpp/absl/base/options.h +1 -1
- data/third_party/abseil-cpp/absl/base/port.h +0 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
- data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -2
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +5 -3
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +5 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +141 -66
- data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -1
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +136 -136
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +16 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +3 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +3 -5
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +2 -2
- data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
- data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +25 -10
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -37
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.cc +111 -0
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.h +48 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +16 -2
- data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
- data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -3
- data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
- data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +4 -7
- data/third_party/abseil-cpp/absl/status/status.cc +29 -22
- data/third_party/abseil-cpp/absl/status/status.h +81 -20
- data/third_party/abseil-cpp/absl/status/statusor.h +3 -3
- data/third_party/abseil-cpp/absl/strings/charconv.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/cord.cc +326 -371
- data/third_party/abseil-cpp/absl/strings/cord.h +182 -64
- data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +6 -6
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +83 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +387 -17
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +897 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +589 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +114 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +15 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +19 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +15 -40
- data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
- data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
- data/third_party/abseil-cpp/absl/strings/match.h +16 -6
- data/third_party/abseil-cpp/absl/strings/numbers.cc +132 -4
- data/third_party/abseil-cpp/absl/strings/numbers.h +10 -10
- data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -65
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +79 -62
- data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
- data/third_party/abseil-cpp/absl/time/clock.h +2 -2
- data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +4 -4
- data/third_party/abseil-cpp/absl/time/time.cc +4 -3
- data/third_party/abseil-cpp/absl/time/time.h +26 -24
- data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
- data/third_party/abseil-cpp/absl/types/variant.h +9 -4
- data/third_party/boringssl-with-bazel/err_data.c +483 -461
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +18 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -3
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +11 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +25 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +87 -160
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +104 -93
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +52 -65
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +52 -66
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +26 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +26 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +14 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +61 -75
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +80 -103
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +40 -49
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +367 -315
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +65 -0
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +14 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +95 -48
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +120 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +42 -89
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +9 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +14 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +53 -73
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -17
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +7 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +5 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +5 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +66 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +120 -41
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +47 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +0 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +5 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +33 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +20 -49
- data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +325 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +24 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +25 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +9 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +99 -63
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +283 -85
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +13 -19
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +445 -152
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +451 -435
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +2 -1
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +7 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +1133 -0
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +298 -22
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +66 -30
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +189 -86
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +154 -24
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +414 -135
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +9 -3
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +14 -19
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +23 -26
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +51 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +8 -31
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +7 -3
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +664 -702
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +65 -7
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -39
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +141 -94
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +213 -118
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
- data/third_party/xxhash/xxhash.h +77 -195
- metadata +116 -51
- data/src/core/lib/gpr/arena.h +0 -47
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
- data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/is_fips.c +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +0 -246
- data/third_party/boringssl-with-bazel/src/crypto/x509/vpm_int.h +0 -71
@@ -60,8 +60,9 @@
|
|
60
60
|
|
61
61
|
#include <openssl/mem.h>
|
62
62
|
|
63
|
-
#include "internal.h"
|
64
63
|
#include "../../internal.h"
|
64
|
+
#include "../digest/md32_common.h"
|
65
|
+
#include "internal.h"
|
65
66
|
|
66
67
|
|
67
68
|
int SHA224_Init(SHA256_CTX *sha) {
|
@@ -112,71 +113,60 @@ uint8_t *SHA256(const uint8_t *data, size_t len,
|
|
112
113
|
return out;
|
113
114
|
}
|
114
115
|
|
115
|
-
|
116
|
-
|
117
|
-
|
116
|
+
#ifndef SHA256_ASM
|
117
|
+
static void sha256_block_data_order(uint32_t *state, const uint8_t *in,
|
118
|
+
size_t num);
|
119
|
+
#endif
|
118
120
|
|
119
|
-
|
120
|
-
|
121
|
-
// smaller output.
|
122
|
-
return SHA256_Final(out, ctx);
|
121
|
+
void SHA256_Transform(SHA256_CTX *c, const uint8_t data[SHA256_CBLOCK]) {
|
122
|
+
sha256_block_data_order(c->h, data, 1);
|
123
123
|
}
|
124
124
|
|
125
|
-
|
125
|
+
int SHA256_Update(SHA256_CTX *c, const void *data, size_t len) {
|
126
|
+
crypto_md32_update(&sha256_block_data_order, c->h, c->data, SHA256_CBLOCK,
|
127
|
+
&c->num, &c->Nh, &c->Nl, data, len);
|
128
|
+
return 1;
|
129
|
+
}
|
126
130
|
|
127
|
-
|
128
|
-
|
129
|
-
|
131
|
+
int SHA224_Update(SHA256_CTX *ctx, const void *data, size_t len) {
|
132
|
+
return SHA256_Update(ctx, data, len);
|
133
|
+
}
|
130
134
|
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
// then default: case shall be extended. For reference. Idea behind separate
|
135
|
-
// cases for pre-defined lenghts is to let the compiler decide if it's
|
136
|
-
// appropriate to unroll small loops.
|
137
|
-
//
|
138
|
-
// TODO(davidben): The small |md_len| case is one of the few places a low-level
|
139
|
-
// hash 'final' function can fail. This should never happen.
|
140
|
-
#define HASH_MAKE_STRING(c, s) \
|
141
|
-
do { \
|
142
|
-
uint32_t ll; \
|
143
|
-
unsigned int nn; \
|
144
|
-
switch ((c)->md_len) { \
|
145
|
-
case SHA224_DIGEST_LENGTH: \
|
146
|
-
for (nn = 0; nn < SHA224_DIGEST_LENGTH / 4; nn++) { \
|
147
|
-
ll = (c)->h[nn]; \
|
148
|
-
HOST_l2c(ll, (s)); \
|
149
|
-
} \
|
150
|
-
break; \
|
151
|
-
case SHA256_DIGEST_LENGTH: \
|
152
|
-
for (nn = 0; nn < SHA256_DIGEST_LENGTH / 4; nn++) { \
|
153
|
-
ll = (c)->h[nn]; \
|
154
|
-
HOST_l2c(ll, (s)); \
|
155
|
-
} \
|
156
|
-
break; \
|
157
|
-
default: \
|
158
|
-
if ((c)->md_len > SHA256_DIGEST_LENGTH) { \
|
159
|
-
return 0; \
|
160
|
-
} \
|
161
|
-
for (nn = 0; nn < (c)->md_len / 4; nn++) { \
|
162
|
-
ll = (c)->h[nn]; \
|
163
|
-
HOST_l2c(ll, (s)); \
|
164
|
-
} \
|
165
|
-
break; \
|
166
|
-
} \
|
167
|
-
} while (0)
|
135
|
+
static int sha256_final_impl(uint8_t *out, SHA256_CTX *c) {
|
136
|
+
crypto_md32_final(&sha256_block_data_order, c->h, c->data, SHA256_CBLOCK,
|
137
|
+
&c->num, c->Nh, c->Nl, /*is_big_endian=*/1);
|
168
138
|
|
139
|
+
// TODO(davidben): This overflow check one of the few places a low-level hash
|
140
|
+
// 'final' function can fail. SHA-512 does not have a corresponding check.
|
141
|
+
// These functions already misbehave if the caller arbitrarily mutates |c|, so
|
142
|
+
// can we assume one of |SHA256_Init| or |SHA224_Init| was used?
|
143
|
+
if (c->md_len > SHA256_DIGEST_LENGTH) {
|
144
|
+
return 0;
|
145
|
+
}
|
169
146
|
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
147
|
+
assert(c->md_len % 4 == 0);
|
148
|
+
const size_t out_words = c->md_len / 4;
|
149
|
+
for (size_t i = 0; i < out_words; i++) {
|
150
|
+
CRYPTO_store_u32_be(out, c->h[i]);
|
151
|
+
out += 4;
|
152
|
+
}
|
153
|
+
return 1;
|
154
|
+
}
|
178
155
|
|
179
|
-
|
156
|
+
int SHA256_Final(uint8_t out[SHA256_DIGEST_LENGTH], SHA256_CTX *c) {
|
157
|
+
// Ideally we would assert |sha->md_len| is |SHA256_DIGEST_LENGTH| to match
|
158
|
+
// the size hint, but calling code often pairs |SHA224_Init| with
|
159
|
+
// |SHA256_Final| and expects |sha->md_len| to carry the size over.
|
160
|
+
//
|
161
|
+
// TODO(davidben): Add an assert and fix code to match them up.
|
162
|
+
return sha256_final_impl(out, c);
|
163
|
+
}
|
164
|
+
int SHA224_Final(uint8_t out[SHA224_DIGEST_LENGTH], SHA256_CTX *ctx) {
|
165
|
+
// SHA224_Init sets |ctx->md_len| to |SHA224_DIGEST_LENGTH|, so this has a
|
166
|
+
// smaller output.
|
167
|
+
assert(ctx->md_len == SHA224_DIGEST_LENGTH);
|
168
|
+
return sha256_final_impl(out, ctx);
|
169
|
+
}
|
180
170
|
|
181
171
|
#ifndef SHA256_ASM
|
182
172
|
static const uint32_t K256[64] = {
|
@@ -241,55 +231,53 @@ static void sha256_block_data_order(uint32_t *state, const uint8_t *data,
|
|
241
231
|
g = state[6];
|
242
232
|
h = state[7];
|
243
233
|
|
244
|
-
|
245
|
-
|
246
|
-
HOST_c2l(data, l);
|
247
|
-
T1 = X[0] = l;
|
234
|
+
T1 = X[0] = CRYPTO_load_u32_be(data);
|
235
|
+
data += 4;
|
248
236
|
ROUND_00_15(0, a, b, c, d, e, f, g, h);
|
249
|
-
|
250
|
-
|
237
|
+
T1 = X[1] = CRYPTO_load_u32_be(data);
|
238
|
+
data += 4;
|
251
239
|
ROUND_00_15(1, h, a, b, c, d, e, f, g);
|
252
|
-
|
253
|
-
|
240
|
+
T1 = X[2] = CRYPTO_load_u32_be(data);
|
241
|
+
data += 4;
|
254
242
|
ROUND_00_15(2, g, h, a, b, c, d, e, f);
|
255
|
-
|
256
|
-
|
243
|
+
T1 = X[3] = CRYPTO_load_u32_be(data);
|
244
|
+
data += 4;
|
257
245
|
ROUND_00_15(3, f, g, h, a, b, c, d, e);
|
258
|
-
|
259
|
-
|
246
|
+
T1 = X[4] = CRYPTO_load_u32_be(data);
|
247
|
+
data += 4;
|
260
248
|
ROUND_00_15(4, e, f, g, h, a, b, c, d);
|
261
|
-
|
262
|
-
|
249
|
+
T1 = X[5] = CRYPTO_load_u32_be(data);
|
250
|
+
data += 4;
|
263
251
|
ROUND_00_15(5, d, e, f, g, h, a, b, c);
|
264
|
-
|
265
|
-
|
252
|
+
T1 = X[6] = CRYPTO_load_u32_be(data);
|
253
|
+
data += 4;
|
266
254
|
ROUND_00_15(6, c, d, e, f, g, h, a, b);
|
267
|
-
|
268
|
-
|
255
|
+
T1 = X[7] = CRYPTO_load_u32_be(data);
|
256
|
+
data += 4;
|
269
257
|
ROUND_00_15(7, b, c, d, e, f, g, h, a);
|
270
|
-
|
271
|
-
|
258
|
+
T1 = X[8] = CRYPTO_load_u32_be(data);
|
259
|
+
data += 4;
|
272
260
|
ROUND_00_15(8, a, b, c, d, e, f, g, h);
|
273
|
-
|
274
|
-
|
261
|
+
T1 = X[9] = CRYPTO_load_u32_be(data);
|
262
|
+
data += 4;
|
275
263
|
ROUND_00_15(9, h, a, b, c, d, e, f, g);
|
276
|
-
|
277
|
-
|
264
|
+
T1 = X[10] = CRYPTO_load_u32_be(data);
|
265
|
+
data += 4;
|
278
266
|
ROUND_00_15(10, g, h, a, b, c, d, e, f);
|
279
|
-
|
280
|
-
|
267
|
+
T1 = X[11] = CRYPTO_load_u32_be(data);
|
268
|
+
data += 4;
|
281
269
|
ROUND_00_15(11, f, g, h, a, b, c, d, e);
|
282
|
-
|
283
|
-
|
270
|
+
T1 = X[12] = CRYPTO_load_u32_be(data);
|
271
|
+
data += 4;
|
284
272
|
ROUND_00_15(12, e, f, g, h, a, b, c, d);
|
285
|
-
|
286
|
-
|
273
|
+
T1 = X[13] = CRYPTO_load_u32_be(data);
|
274
|
+
data += 4;
|
287
275
|
ROUND_00_15(13, d, e, f, g, h, a, b, c);
|
288
|
-
|
289
|
-
|
276
|
+
T1 = X[14] = CRYPTO_load_u32_be(data);
|
277
|
+
data += 4;
|
290
278
|
ROUND_00_15(14, c, d, e, f, g, h, a, b);
|
291
|
-
|
292
|
-
|
279
|
+
T1 = X[15] = CRYPTO_load_u32_be(data);
|
280
|
+
data += 4;
|
293
281
|
ROUND_00_15(15, b, c, d, e, f, g, h, a);
|
294
282
|
|
295
283
|
for (i = 16; i < 64; i += 8) {
|
@@ -321,15 +309,6 @@ void SHA256_TransformBlocks(uint32_t state[8], const uint8_t *data,
|
|
321
309
|
sha256_block_data_order(state, data, num_blocks);
|
322
310
|
}
|
323
311
|
|
324
|
-
#undef DATA_ORDER_IS_BIG_ENDIAN
|
325
|
-
#undef HASH_CTX
|
326
|
-
#undef HASH_CBLOCK
|
327
|
-
#undef HASH_DIGEST_LENGTH
|
328
|
-
#undef HASH_MAKE_STRING
|
329
|
-
#undef HASH_UPDATE
|
330
|
-
#undef HASH_TRANSFORM
|
331
|
-
#undef HASH_FINAL
|
332
|
-
#undef HASH_BLOCK_DATA_ORDER
|
333
312
|
#undef ROTATE
|
334
313
|
#undef Sigma0
|
335
314
|
#undef Sigma1
|
@@ -339,5 +318,3 @@ void SHA256_TransformBlocks(uint32_t state[8], const uint8_t *data,
|
|
339
318
|
#undef Maj
|
340
319
|
#undef ROUND_00_15
|
341
320
|
#undef ROUND_16_63
|
342
|
-
#undef HOST_c2l
|
343
|
-
#undef HOST_l2c
|
@@ -70,6 +70,8 @@
|
|
70
70
|
// this writing, so there is no need for a common collector/padding
|
71
71
|
// implementation yet.
|
72
72
|
|
73
|
+
static int sha512_final_impl(uint8_t *out, SHA512_CTX *sha);
|
74
|
+
|
73
75
|
int SHA384_Init(SHA512_CTX *sha) {
|
74
76
|
sha->h[0] = UINT64_C(0xcbbb9d5dc1059ed8);
|
75
77
|
sha->h[1] = UINT64_C(0x629a292a367cd507);
|
@@ -146,8 +148,8 @@ uint8_t *SHA512_256(const uint8_t *data, size_t len,
|
|
146
148
|
uint8_t out[SHA512_256_DIGEST_LENGTH]) {
|
147
149
|
SHA512_CTX ctx;
|
148
150
|
SHA512_256_Init(&ctx);
|
149
|
-
|
150
|
-
|
151
|
+
SHA512_256_Update(&ctx, data, len);
|
152
|
+
SHA512_256_Final(out, &ctx);
|
151
153
|
OPENSSL_cleanse(&ctx, sizeof(ctx));
|
152
154
|
return out;
|
153
155
|
}
|
@@ -160,8 +162,9 @@ static void sha512_block_data_order(uint64_t *state, const uint8_t *in,
|
|
160
162
|
|
161
163
|
int SHA384_Final(uint8_t out[SHA384_DIGEST_LENGTH], SHA512_CTX *sha) {
|
162
164
|
// |SHA384_Init| sets |sha->md_len| to |SHA384_DIGEST_LENGTH|, so this has a
|
163
|
-
//
|
164
|
-
|
165
|
+
// smaller output.
|
166
|
+
assert(sha->md_len == SHA384_DIGEST_LENGTH);
|
167
|
+
return sha512_final_impl(out, sha);
|
165
168
|
}
|
166
169
|
|
167
170
|
int SHA384_Update(SHA512_CTX *sha, const void *data, size_t len) {
|
@@ -172,11 +175,11 @@ int SHA512_256_Update(SHA512_CTX *sha, const void *data, size_t len) {
|
|
172
175
|
return SHA512_Update(sha, data, len);
|
173
176
|
}
|
174
177
|
|
175
|
-
int SHA512_256_Final(uint8_t out[SHA512_256_DIGEST_LENGTH],
|
176
|
-
SHA512_CTX *sha) {
|
178
|
+
int SHA512_256_Final(uint8_t out[SHA512_256_DIGEST_LENGTH], SHA512_CTX *sha) {
|
177
179
|
// |SHA512_256_Init| sets |sha->md_len| to |SHA512_256_DIGEST_LENGTH|, so this
|
178
180
|
// has a |smaller output.
|
179
|
-
|
181
|
+
assert(sha->md_len == SHA512_256_DIGEST_LENGTH);
|
182
|
+
return sha512_final_impl(out, sha);
|
180
183
|
}
|
181
184
|
|
182
185
|
void SHA512_Transform(SHA512_CTX *c, const uint8_t block[SHA512_CBLOCK]) {
|
@@ -232,6 +235,15 @@ int SHA512_Update(SHA512_CTX *c, const void *in_data, size_t len) {
|
|
232
235
|
}
|
233
236
|
|
234
237
|
int SHA512_Final(uint8_t out[SHA512_DIGEST_LENGTH], SHA512_CTX *sha) {
|
238
|
+
// Ideally we would assert |sha->md_len| is |SHA512_DIGEST_LENGTH| to match
|
239
|
+
// the size hint, but calling code often pairs |SHA384_Init| with
|
240
|
+
// |SHA512_Final| and expects |sha->md_len| to carry the size over.
|
241
|
+
//
|
242
|
+
// TODO(davidben): Add an assert and fix code to match them up.
|
243
|
+
return sha512_final_impl(out, sha);
|
244
|
+
}
|
245
|
+
|
246
|
+
static int sha512_final_impl(uint8_t *out, SHA512_CTX *sha) {
|
235
247
|
uint8_t *p = sha->p;
|
236
248
|
size_t n = sha->num;
|
237
249
|
|
@@ -244,22 +256,8 @@ int SHA512_Final(uint8_t out[SHA512_DIGEST_LENGTH], SHA512_CTX *sha) {
|
|
244
256
|
}
|
245
257
|
|
246
258
|
OPENSSL_memset(p + n, 0, sizeof(sha->p) - 16 - n);
|
247
|
-
p
|
248
|
-
p
|
249
|
-
p[sizeof(sha->p) - 3] = (uint8_t)(sha->Nl >> 16);
|
250
|
-
p[sizeof(sha->p) - 4] = (uint8_t)(sha->Nl >> 24);
|
251
|
-
p[sizeof(sha->p) - 5] = (uint8_t)(sha->Nl >> 32);
|
252
|
-
p[sizeof(sha->p) - 6] = (uint8_t)(sha->Nl >> 40);
|
253
|
-
p[sizeof(sha->p) - 7] = (uint8_t)(sha->Nl >> 48);
|
254
|
-
p[sizeof(sha->p) - 8] = (uint8_t)(sha->Nl >> 56);
|
255
|
-
p[sizeof(sha->p) - 9] = (uint8_t)(sha->Nh);
|
256
|
-
p[sizeof(sha->p) - 10] = (uint8_t)(sha->Nh >> 8);
|
257
|
-
p[sizeof(sha->p) - 11] = (uint8_t)(sha->Nh >> 16);
|
258
|
-
p[sizeof(sha->p) - 12] = (uint8_t)(sha->Nh >> 24);
|
259
|
-
p[sizeof(sha->p) - 13] = (uint8_t)(sha->Nh >> 32);
|
260
|
-
p[sizeof(sha->p) - 14] = (uint8_t)(sha->Nh >> 40);
|
261
|
-
p[sizeof(sha->p) - 15] = (uint8_t)(sha->Nh >> 48);
|
262
|
-
p[sizeof(sha->p) - 16] = (uint8_t)(sha->Nh >> 56);
|
259
|
+
CRYPTO_store_u64_be(p + sizeof(sha->p) - 16, sha->Nh);
|
260
|
+
CRYPTO_store_u64_be(p + sizeof(sha->p) - 8, sha->Nl);
|
263
261
|
|
264
262
|
sha512_block_data_order(sha->h, p, 1);
|
265
263
|
|
@@ -272,9 +270,8 @@ int SHA512_Final(uint8_t out[SHA512_DIGEST_LENGTH], SHA512_CTX *sha) {
|
|
272
270
|
assert(sha->md_len % 8 == 0);
|
273
271
|
const size_t out_words = sha->md_len / 8;
|
274
272
|
for (size_t i = 0; i < out_words; i++) {
|
275
|
-
|
276
|
-
|
277
|
-
out += sizeof(t);
|
273
|
+
CRYPTO_store_u64_be(out, sha->h[i]);
|
274
|
+
out += 8;
|
278
275
|
}
|
279
276
|
|
280
277
|
return 1;
|
@@ -356,12 +353,6 @@ static const uint64_t K512[80] = {
|
|
356
353
|
#define ROTR(x, s) (((x) >> s) | (x) << (64 - s))
|
357
354
|
#endif
|
358
355
|
|
359
|
-
static inline uint64_t load_u64_be(const void *ptr) {
|
360
|
-
uint64_t ret;
|
361
|
-
OPENSSL_memcpy(&ret, ptr, sizeof(ret));
|
362
|
-
return CRYPTO_bswap8(ret);
|
363
|
-
}
|
364
|
-
|
365
356
|
#define Sigma0(x) (ROTR((x), 28) ^ ROTR((x), 34) ^ ROTR((x), 39))
|
366
357
|
#define Sigma1(x) (ROTR((x), 14) ^ ROTR((x), 18) ^ ROTR((x), 41))
|
367
358
|
#define sigma0(x) (ROTR((x), 1) ^ ROTR((x), 8) ^ ((x) >> 7))
|
@@ -392,7 +383,7 @@ static void sha512_block_data_order(uint64_t *state, const uint8_t *in,
|
|
392
383
|
F[7] = state[7];
|
393
384
|
|
394
385
|
for (i = 0; i < 16; i++, F--) {
|
395
|
-
T =
|
386
|
+
T = CRYPTO_load_u64_be(in + i * 8);
|
396
387
|
F[0] = A;
|
397
388
|
F[4] = E;
|
398
389
|
F[8] = T;
|
@@ -464,37 +455,37 @@ static void sha512_block_data_order(uint64_t *state, const uint8_t *in,
|
|
464
455
|
g = state[6];
|
465
456
|
h = state[7];
|
466
457
|
|
467
|
-
T1 = X[0] =
|
458
|
+
T1 = X[0] = CRYPTO_load_u64_be(in);
|
468
459
|
ROUND_00_15(0, a, b, c, d, e, f, g, h);
|
469
|
-
T1 = X[1] =
|
460
|
+
T1 = X[1] = CRYPTO_load_u64_be(in + 8);
|
470
461
|
ROUND_00_15(1, h, a, b, c, d, e, f, g);
|
471
|
-
T1 = X[2] =
|
462
|
+
T1 = X[2] = CRYPTO_load_u64_be(in + 2 * 8);
|
472
463
|
ROUND_00_15(2, g, h, a, b, c, d, e, f);
|
473
|
-
T1 = X[3] =
|
464
|
+
T1 = X[3] = CRYPTO_load_u64_be(in + 3 * 8);
|
474
465
|
ROUND_00_15(3, f, g, h, a, b, c, d, e);
|
475
|
-
T1 = X[4] =
|
466
|
+
T1 = X[4] = CRYPTO_load_u64_be(in + 4 * 8);
|
476
467
|
ROUND_00_15(4, e, f, g, h, a, b, c, d);
|
477
|
-
T1 = X[5] =
|
468
|
+
T1 = X[5] = CRYPTO_load_u64_be(in + 5 * 8);
|
478
469
|
ROUND_00_15(5, d, e, f, g, h, a, b, c);
|
479
|
-
T1 = X[6] =
|
470
|
+
T1 = X[6] = CRYPTO_load_u64_be(in + 6 * 8);
|
480
471
|
ROUND_00_15(6, c, d, e, f, g, h, a, b);
|
481
|
-
T1 = X[7] =
|
472
|
+
T1 = X[7] = CRYPTO_load_u64_be(in + 7 * 8);
|
482
473
|
ROUND_00_15(7, b, c, d, e, f, g, h, a);
|
483
|
-
T1 = X[8] =
|
474
|
+
T1 = X[8] = CRYPTO_load_u64_be(in + 8 * 8);
|
484
475
|
ROUND_00_15(8, a, b, c, d, e, f, g, h);
|
485
|
-
T1 = X[9] =
|
476
|
+
T1 = X[9] = CRYPTO_load_u64_be(in + 9 * 8);
|
486
477
|
ROUND_00_15(9, h, a, b, c, d, e, f, g);
|
487
|
-
T1 = X[10] =
|
478
|
+
T1 = X[10] = CRYPTO_load_u64_be(in + 10 * 8);
|
488
479
|
ROUND_00_15(10, g, h, a, b, c, d, e, f);
|
489
|
-
T1 = X[11] =
|
480
|
+
T1 = X[11] = CRYPTO_load_u64_be(in + 11 * 8);
|
490
481
|
ROUND_00_15(11, f, g, h, a, b, c, d, e);
|
491
|
-
T1 = X[12] =
|
482
|
+
T1 = X[12] = CRYPTO_load_u64_be(in + 12 * 8);
|
492
483
|
ROUND_00_15(12, e, f, g, h, a, b, c, d);
|
493
|
-
T1 = X[13] =
|
484
|
+
T1 = X[13] = CRYPTO_load_u64_be(in + 13 * 8);
|
494
485
|
ROUND_00_15(13, d, e, f, g, h, a, b, c);
|
495
|
-
T1 = X[14] =
|
486
|
+
T1 = X[14] = CRYPTO_load_u64_be(in + 14 * 8);
|
496
487
|
ROUND_00_15(14, c, d, e, f, g, h, a, b);
|
497
|
-
T1 = X[15] =
|
488
|
+
T1 = X[15] = CRYPTO_load_u64_be(in + 15 * 8);
|
498
489
|
ROUND_00_15(15, b, c, d, e, f, g, h, a);
|
499
490
|
|
500
491
|
for (i = 16; i < 80; i += 16) {
|
@@ -12,59 +12,66 @@
|
|
12
12
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
13
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
14
|
|
15
|
+
#include <openssl/hpke.h>
|
16
|
+
|
15
17
|
#include <assert.h>
|
16
18
|
#include <string.h>
|
17
19
|
|
18
20
|
#include <openssl/aead.h>
|
19
21
|
#include <openssl/bytestring.h>
|
22
|
+
#include <openssl/curve25519.h>
|
20
23
|
#include <openssl/digest.h>
|
21
24
|
#include <openssl/err.h>
|
22
|
-
#include <openssl/
|
25
|
+
#include <openssl/evp_errors.h>
|
23
26
|
#include <openssl/hkdf.h>
|
27
|
+
#include <openssl/rand.h>
|
24
28
|
#include <openssl/sha.h>
|
25
29
|
|
26
30
|
#include "../internal.h"
|
27
|
-
#include "internal.h"
|
28
31
|
|
29
32
|
|
30
|
-
// This file implements draft-irtf-cfrg-hpke-
|
33
|
+
// This file implements draft-irtf-cfrg-hpke-08.
|
31
34
|
|
32
|
-
#define
|
35
|
+
#define MAX_SEED_LEN X25519_PRIVATE_KEY_LEN
|
36
|
+
#define MAX_SHARED_SECRET_LEN SHA256_DIGEST_LENGTH
|
33
37
|
|
34
|
-
|
35
|
-
|
38
|
+
struct evp_hpke_kem_st {
|
39
|
+
uint16_t id;
|
40
|
+
size_t public_key_len;
|
41
|
+
size_t private_key_len;
|
42
|
+
size_t seed_len;
|
43
|
+
int (*init_key)(EVP_HPKE_KEY *key, const uint8_t *priv_key,
|
44
|
+
size_t priv_key_len);
|
45
|
+
int (*generate_key)(EVP_HPKE_KEY *key);
|
46
|
+
int (*encap_with_seed)(const EVP_HPKE_KEM *kem, uint8_t *out_shared_secret,
|
47
|
+
size_t *out_shared_secret_len, uint8_t *out_enc,
|
48
|
+
size_t *out_enc_len, size_t max_enc,
|
49
|
+
const uint8_t *peer_public_key,
|
50
|
+
size_t peer_public_key_len, const uint8_t *seed,
|
51
|
+
size_t seed_len);
|
52
|
+
int (*decap)(const EVP_HPKE_KEY *key, uint8_t *out_shared_secret,
|
53
|
+
size_t *out_shared_secret_len, const uint8_t *enc,
|
54
|
+
size_t enc_len);
|
55
|
+
};
|
36
56
|
|
37
|
-
|
38
|
-
|
57
|
+
struct evp_hpke_kdf_st {
|
58
|
+
uint16_t id;
|
59
|
+
// We only support HKDF-based KDFs.
|
60
|
+
const EVP_MD *(*hkdf_md_func)(void);
|
61
|
+
};
|
39
62
|
|
40
|
-
|
41
|
-
|
63
|
+
struct evp_hpke_aead_st {
|
64
|
+
uint16_t id;
|
65
|
+
const EVP_AEAD *(*aead_func)(void);
|
66
|
+
};
|
42
67
|
|
43
|
-
static const char kHpkeRfcId[] = "HPKE-07";
|
44
68
|
|
45
|
-
|
46
|
-
return CBB_add_bytes(cbb, (const uint8_t *)label, strlen(label));
|
47
|
-
}
|
69
|
+
// Low-level labeled KDF functions.
|
48
70
|
|
49
|
-
|
50
|
-
// that the suite_id used outside of the KEM also includes the kdf_id and
|
51
|
-
// aead_id.
|
52
|
-
static const uint8_t kX25519SuiteID[] = {
|
53
|
-
'K', 'E', 'M', HPKE_DHKEM_X25519_HKDF_SHA256 >> 8,
|
54
|
-
HPKE_DHKEM_X25519_HKDF_SHA256 & 0x00ff};
|
71
|
+
static const char kHpkeVersionId[] = "HPKE-v1";
|
55
72
|
|
56
|
-
|
57
|
-
|
58
|
-
static int hpke_build_suite_id(uint8_t out[HPKE_SUITE_ID_LEN], uint16_t kdf_id,
|
59
|
-
uint16_t aead_id) {
|
60
|
-
CBB cbb;
|
61
|
-
int ret = CBB_init_fixed(&cbb, out, HPKE_SUITE_ID_LEN) &&
|
62
|
-
add_label_string(&cbb, "HPKE") &&
|
63
|
-
CBB_add_u16(&cbb, HPKE_DHKEM_X25519_HKDF_SHA256) &&
|
64
|
-
CBB_add_u16(&cbb, kdf_id) &&
|
65
|
-
CBB_add_u16(&cbb, aead_id);
|
66
|
-
CBB_cleanup(&cbb);
|
67
|
-
return ret;
|
73
|
+
static int add_label_string(CBB *cbb, const char *label) {
|
74
|
+
return CBB_add_bytes(cbb, (const uint8_t *)label, strlen(label));
|
68
75
|
}
|
69
76
|
|
70
77
|
static int hpke_labeled_extract(const EVP_MD *hkdf_md, uint8_t *out_key,
|
@@ -72,10 +79,10 @@ static int hpke_labeled_extract(const EVP_MD *hkdf_md, uint8_t *out_key,
|
|
72
79
|
size_t salt_len, const uint8_t *suite_id,
|
73
80
|
size_t suite_id_len, const char *label,
|
74
81
|
const uint8_t *ikm, size_t ikm_len) {
|
75
|
-
// labeledIKM = concat("
|
82
|
+
// labeledIKM = concat("HPKE-v1", suite_id, label, IKM)
|
76
83
|
CBB labeled_ikm;
|
77
84
|
int ok = CBB_init(&labeled_ikm, 0) &&
|
78
|
-
add_label_string(&labeled_ikm,
|
85
|
+
add_label_string(&labeled_ikm, kHpkeVersionId) &&
|
79
86
|
CBB_add_bytes(&labeled_ikm, suite_id, suite_id_len) &&
|
80
87
|
add_label_string(&labeled_ikm, label) &&
|
81
88
|
CBB_add_bytes(&labeled_ikm, ikm, ikm_len) &&
|
@@ -90,11 +97,11 @@ static int hpke_labeled_expand(const EVP_MD *hkdf_md, uint8_t *out_key,
|
|
90
97
|
size_t prk_len, const uint8_t *suite_id,
|
91
98
|
size_t suite_id_len, const char *label,
|
92
99
|
const uint8_t *info, size_t info_len) {
|
93
|
-
// labeledInfo = concat(I2OSP(L, 2), "
|
100
|
+
// labeledInfo = concat(I2OSP(L, 2), "HPKE-v1", suite_id, label, info)
|
94
101
|
CBB labeled_info;
|
95
102
|
int ok = CBB_init(&labeled_info, 0) &&
|
96
103
|
CBB_add_u16(&labeled_info, out_len) &&
|
97
|
-
add_label_string(&labeled_info,
|
104
|
+
add_label_string(&labeled_info, kHpkeVersionId) &&
|
98
105
|
CBB_add_bytes(&labeled_info, suite_id, suite_id_len) &&
|
99
106
|
add_label_string(&labeled_info, label) &&
|
100
107
|
CBB_add_bytes(&labeled_info, info, info_len) &&
|
@@ -104,102 +111,263 @@ static int hpke_labeled_expand(const EVP_MD *hkdf_md, uint8_t *out_key,
|
|
104
111
|
return ok;
|
105
112
|
}
|
106
113
|
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
114
|
+
|
115
|
+
// KEM implementations.
|
116
|
+
|
117
|
+
// dhkem_extract_and_expand implements the ExtractAndExpand operation in the
|
118
|
+
// DHKEM construction. See section 4.1 of draft-irtf-cfrg-hpke-08.
|
119
|
+
static int dhkem_extract_and_expand(uint16_t kem_id, const EVP_MD *hkdf_md,
|
120
|
+
uint8_t *out_key, size_t out_len,
|
121
|
+
const uint8_t *dh, size_t dh_len,
|
122
|
+
const uint8_t *kem_context,
|
123
|
+
size_t kem_context_len) {
|
124
|
+
// concat("KEM", I2OSP(kem_id, 2))
|
125
|
+
uint8_t suite_id[5] = {'K', 'E', 'M', kem_id >> 8, kem_id & 0xff};
|
111
126
|
uint8_t prk[EVP_MAX_MD_SIZE];
|
112
127
|
size_t prk_len;
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
128
|
+
return hpke_labeled_extract(hkdf_md, prk, &prk_len, NULL, 0, suite_id,
|
129
|
+
sizeof(suite_id), "eae_prk", dh, dh_len) &&
|
130
|
+
hpke_labeled_expand(hkdf_md, out_key, out_len, prk, prk_len, suite_id,
|
131
|
+
sizeof(suite_id), "shared_secret", kem_context,
|
132
|
+
kem_context_len);
|
133
|
+
}
|
134
|
+
|
135
|
+
static int x25519_init_key(EVP_HPKE_KEY *key, const uint8_t *priv_key,
|
136
|
+
size_t priv_key_len) {
|
137
|
+
if (priv_key_len != X25519_PRIVATE_KEY_LEN) {
|
138
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
|
117
139
|
return 0;
|
118
140
|
}
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
141
|
+
|
142
|
+
OPENSSL_memcpy(key->private_key, priv_key, priv_key_len);
|
143
|
+
X25519_public_from_private(key->public_key, priv_key);
|
144
|
+
return 1;
|
145
|
+
}
|
146
|
+
|
147
|
+
static int x25519_generate_key(EVP_HPKE_KEY *key) {
|
148
|
+
X25519_keypair(key->public_key, key->private_key);
|
149
|
+
return 1;
|
150
|
+
}
|
151
|
+
|
152
|
+
static int x25519_encap_with_seed(
|
153
|
+
const EVP_HPKE_KEM *kem, uint8_t *out_shared_secret,
|
154
|
+
size_t *out_shared_secret_len, uint8_t *out_enc, size_t *out_enc_len,
|
155
|
+
size_t max_enc, const uint8_t *peer_public_key, size_t peer_public_key_len,
|
156
|
+
const uint8_t *seed, size_t seed_len) {
|
157
|
+
if (max_enc < X25519_PUBLIC_VALUE_LEN) {
|
158
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
|
123
159
|
return 0;
|
124
160
|
}
|
161
|
+
if (seed_len != X25519_PRIVATE_KEY_LEN) {
|
162
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
|
163
|
+
return 0;
|
164
|
+
}
|
165
|
+
X25519_public_from_private(out_enc, seed);
|
166
|
+
|
167
|
+
uint8_t dh[X25519_SHARED_KEY_LEN];
|
168
|
+
if (peer_public_key_len != X25519_PUBLIC_VALUE_LEN ||
|
169
|
+
!X25519(dh, seed, peer_public_key)) {
|
170
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY);
|
171
|
+
return 0;
|
172
|
+
}
|
173
|
+
|
174
|
+
uint8_t kem_context[2 * X25519_PUBLIC_VALUE_LEN];
|
175
|
+
OPENSSL_memcpy(kem_context, out_enc, X25519_PUBLIC_VALUE_LEN);
|
176
|
+
OPENSSL_memcpy(kem_context + X25519_PUBLIC_VALUE_LEN, peer_public_key,
|
177
|
+
X25519_PUBLIC_VALUE_LEN);
|
178
|
+
if (!dhkem_extract_and_expand(kem->id, EVP_sha256(), out_shared_secret,
|
179
|
+
SHA256_DIGEST_LENGTH, dh, sizeof(dh),
|
180
|
+
kem_context, sizeof(kem_context))) {
|
181
|
+
return 0;
|
182
|
+
}
|
183
|
+
|
184
|
+
*out_enc_len = X25519_PUBLIC_VALUE_LEN;
|
185
|
+
*out_shared_secret_len = SHA256_DIGEST_LENGTH;
|
125
186
|
return 1;
|
126
187
|
}
|
127
188
|
|
128
|
-
const
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
189
|
+
static int x25519_decap(const EVP_HPKE_KEY *key, uint8_t *out_shared_secret,
|
190
|
+
size_t *out_shared_secret_len, const uint8_t *enc,
|
191
|
+
size_t enc_len) {
|
192
|
+
uint8_t dh[X25519_SHARED_KEY_LEN];
|
193
|
+
if (enc_len != X25519_PUBLIC_VALUE_LEN ||
|
194
|
+
!X25519(dh, key->private_key, enc)) {
|
195
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY);
|
196
|
+
return 0;
|
136
197
|
}
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
return EVP_sha384();
|
147
|
-
case EVP_HPKE_HKDF_SHA512:
|
148
|
-
return EVP_sha512();
|
198
|
+
|
199
|
+
uint8_t kem_context[2 * X25519_PUBLIC_VALUE_LEN];
|
200
|
+
OPENSSL_memcpy(kem_context, enc, X25519_PUBLIC_VALUE_LEN);
|
201
|
+
OPENSSL_memcpy(kem_context + X25519_PUBLIC_VALUE_LEN, key->public_key,
|
202
|
+
X25519_PUBLIC_VALUE_LEN);
|
203
|
+
if (!dhkem_extract_and_expand(key->kem->id, EVP_sha256(), out_shared_secret,
|
204
|
+
SHA256_DIGEST_LENGTH, dh, sizeof(dh),
|
205
|
+
kem_context, sizeof(kem_context))) {
|
206
|
+
return 0;
|
149
207
|
}
|
150
|
-
|
151
|
-
|
208
|
+
|
209
|
+
*out_shared_secret_len = SHA256_DIGEST_LENGTH;
|
210
|
+
return 1;
|
152
211
|
}
|
153
212
|
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
213
|
+
const EVP_HPKE_KEM *EVP_hpke_x25519_hkdf_sha256(void) {
|
214
|
+
static const EVP_HPKE_KEM kKEM = {
|
215
|
+
/*id=*/EVP_HPKE_DHKEM_X25519_HKDF_SHA256,
|
216
|
+
/*public_key_len=*/X25519_PUBLIC_VALUE_LEN,
|
217
|
+
/*private_key_len=*/X25519_PRIVATE_KEY_LEN,
|
218
|
+
/*seed_len=*/X25519_PRIVATE_KEY_LEN,
|
219
|
+
x25519_init_key,
|
220
|
+
x25519_generate_key,
|
221
|
+
x25519_encap_with_seed,
|
222
|
+
x25519_decap,
|
223
|
+
};
|
224
|
+
return &kKEM;
|
225
|
+
}
|
226
|
+
|
227
|
+
uint16_t EVP_HPKE_KEM_id(const EVP_HPKE_KEM *kem) { return kem->id; }
|
228
|
+
|
229
|
+
void EVP_HPKE_KEY_zero(EVP_HPKE_KEY *key) {
|
230
|
+
OPENSSL_memset(key, 0, sizeof(EVP_HPKE_KEY));
|
231
|
+
}
|
232
|
+
|
233
|
+
void EVP_HPKE_KEY_cleanup(EVP_HPKE_KEY *key) {
|
234
|
+
// Nothing to clean up for now, but we may introduce a cleanup process in the
|
235
|
+
// future.
|
236
|
+
}
|
237
|
+
|
238
|
+
int EVP_HPKE_KEY_copy(EVP_HPKE_KEY *dst, const EVP_HPKE_KEY *src) {
|
239
|
+
// For now, |EVP_HPKE_KEY| is trivially copyable.
|
240
|
+
OPENSSL_memcpy(dst, src, sizeof(EVP_HPKE_KEY));
|
241
|
+
return 1;
|
242
|
+
}
|
243
|
+
|
244
|
+
int EVP_HPKE_KEY_init(EVP_HPKE_KEY *key, const EVP_HPKE_KEM *kem,
|
245
|
+
const uint8_t *priv_key, size_t priv_key_len) {
|
246
|
+
EVP_HPKE_KEY_zero(key);
|
247
|
+
key->kem = kem;
|
248
|
+
if (!kem->init_key(key, priv_key, priv_key_len)) {
|
249
|
+
key->kem = NULL;
|
250
|
+
return 0;
|
174
251
|
}
|
252
|
+
return 1;
|
253
|
+
}
|
254
|
+
|
255
|
+
int EVP_HPKE_KEY_generate(EVP_HPKE_KEY *key, const EVP_HPKE_KEM *kem) {
|
256
|
+
EVP_HPKE_KEY_zero(key);
|
257
|
+
key->kem = kem;
|
258
|
+
if (!kem->generate_key(key)) {
|
259
|
+
key->kem = NULL;
|
260
|
+
return 0;
|
261
|
+
}
|
262
|
+
return 1;
|
263
|
+
}
|
175
264
|
|
176
|
-
|
177
|
-
|
178
|
-
|
265
|
+
const EVP_HPKE_KEM *EVP_HPKE_KEY_kem(const EVP_HPKE_KEY *key) {
|
266
|
+
return key->kem;
|
267
|
+
}
|
268
|
+
|
269
|
+
int EVP_HPKE_KEY_public_key(const EVP_HPKE_KEY *key, uint8_t *out,
|
270
|
+
size_t *out_len, size_t max_out) {
|
271
|
+
if (max_out < key->kem->public_key_len) {
|
272
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
|
179
273
|
return 0;
|
180
274
|
}
|
275
|
+
OPENSSL_memcpy(out, key->public_key, key->kem->public_key_len);
|
276
|
+
*out_len = key->kem->public_key_len;
|
277
|
+
return 1;
|
278
|
+
}
|
279
|
+
|
280
|
+
int EVP_HPKE_KEY_private_key(const EVP_HPKE_KEY *key, uint8_t *out,
|
281
|
+
size_t *out_len, size_t max_out) {
|
282
|
+
if (max_out < key->kem->private_key_len) {
|
283
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
|
284
|
+
return 0;
|
285
|
+
}
|
286
|
+
OPENSSL_memcpy(out, key->private_key, key->kem->private_key_len);
|
287
|
+
*out_len = key->kem->private_key_len;
|
288
|
+
return 1;
|
289
|
+
}
|
290
|
+
|
291
|
+
|
292
|
+
// Supported KDFs and AEADs.
|
293
|
+
|
294
|
+
const EVP_HPKE_KDF *EVP_hpke_hkdf_sha256(void) {
|
295
|
+
static const EVP_HPKE_KDF kKDF = {EVP_HPKE_HKDF_SHA256, &EVP_sha256};
|
296
|
+
return &kKDF;
|
297
|
+
}
|
298
|
+
|
299
|
+
uint16_t EVP_HPKE_KDF_id(const EVP_HPKE_KDF *kdf) { return kdf->id; }
|
300
|
+
|
301
|
+
const EVP_HPKE_AEAD *EVP_hpke_aes_128_gcm(void) {
|
302
|
+
static const EVP_HPKE_AEAD kAEAD = {EVP_HPKE_AES_128_GCM,
|
303
|
+
&EVP_aead_aes_128_gcm};
|
304
|
+
return &kAEAD;
|
305
|
+
}
|
306
|
+
|
307
|
+
const EVP_HPKE_AEAD *EVP_hpke_aes_256_gcm(void) {
|
308
|
+
static const EVP_HPKE_AEAD kAEAD = {EVP_HPKE_AES_256_GCM,
|
309
|
+
&EVP_aead_aes_256_gcm};
|
310
|
+
return &kAEAD;
|
311
|
+
}
|
312
|
+
|
313
|
+
const EVP_HPKE_AEAD *EVP_hpke_chacha20_poly1305(void) {
|
314
|
+
static const EVP_HPKE_AEAD kAEAD = {EVP_HPKE_CHACHA20_POLY1305,
|
315
|
+
&EVP_aead_chacha20_poly1305};
|
316
|
+
return &kAEAD;
|
317
|
+
}
|
318
|
+
|
319
|
+
uint16_t EVP_HPKE_AEAD_id(const EVP_HPKE_AEAD *aead) { return aead->id; }
|
320
|
+
|
321
|
+
const EVP_AEAD *EVP_HPKE_AEAD_aead(const EVP_HPKE_AEAD *aead) {
|
322
|
+
return aead->aead_func();
|
323
|
+
}
|
324
|
+
|
325
|
+
|
326
|
+
// HPKE implementation.
|
327
|
+
|
328
|
+
// This is strlen("HPKE") + 3 * sizeof(uint16_t).
|
329
|
+
#define HPKE_SUITE_ID_LEN 10
|
181
330
|
|
331
|
+
// The suite_id for non-KEM pieces of HPKE is defined as concat("HPKE",
|
332
|
+
// I2OSP(kem_id, 2), I2OSP(kdf_id, 2), I2OSP(aead_id, 2)).
|
333
|
+
static int hpke_build_suite_id(const EVP_HPKE_CTX *ctx,
|
334
|
+
uint8_t out[HPKE_SUITE_ID_LEN]) {
|
335
|
+
CBB cbb;
|
336
|
+
int ret = CBB_init_fixed(&cbb, out, HPKE_SUITE_ID_LEN) &&
|
337
|
+
add_label_string(&cbb, "HPKE") &&
|
338
|
+
CBB_add_u16(&cbb, EVP_HPKE_DHKEM_X25519_HKDF_SHA256) &&
|
339
|
+
CBB_add_u16(&cbb, ctx->kdf->id) &&
|
340
|
+
CBB_add_u16(&cbb, ctx->aead->id);
|
341
|
+
CBB_cleanup(&cbb);
|
342
|
+
return ret;
|
343
|
+
}
|
344
|
+
|
345
|
+
#define HPKE_MODE_BASE 0
|
346
|
+
|
347
|
+
static int hpke_key_schedule(EVP_HPKE_CTX *ctx, const uint8_t *shared_secret,
|
348
|
+
size_t shared_secret_len, const uint8_t *info,
|
349
|
+
size_t info_len) {
|
182
350
|
uint8_t suite_id[HPKE_SUITE_ID_LEN];
|
183
|
-
if (!hpke_build_suite_id(
|
351
|
+
if (!hpke_build_suite_id(ctx, suite_id)) {
|
184
352
|
return 0;
|
185
353
|
}
|
186
354
|
|
187
355
|
// psk_id_hash = LabeledExtract("", "psk_id_hash", psk_id)
|
188
|
-
|
356
|
+
// TODO(davidben): Precompute this value and store it with the EVP_HPKE_KDF.
|
357
|
+
const EVP_MD *hkdf_md = ctx->kdf->hkdf_md_func();
|
189
358
|
uint8_t psk_id_hash[EVP_MAX_MD_SIZE];
|
190
359
|
size_t psk_id_hash_len;
|
191
|
-
if (!hpke_labeled_extract(
|
192
|
-
|
193
|
-
|
360
|
+
if (!hpke_labeled_extract(hkdf_md, psk_id_hash, &psk_id_hash_len, NULL, 0,
|
361
|
+
suite_id, sizeof(suite_id), "psk_id_hash", NULL,
|
362
|
+
0)) {
|
194
363
|
return 0;
|
195
364
|
}
|
196
365
|
|
197
366
|
// info_hash = LabeledExtract("", "info_hash", info)
|
198
|
-
static const char kInfoHashLabel[] = "info_hash";
|
199
367
|
uint8_t info_hash[EVP_MAX_MD_SIZE];
|
200
368
|
size_t info_hash_len;
|
201
|
-
if (!hpke_labeled_extract(
|
202
|
-
suite_id, sizeof(suite_id),
|
369
|
+
if (!hpke_labeled_extract(hkdf_md, info_hash, &info_hash_len, NULL, 0,
|
370
|
+
suite_id, sizeof(suite_id), "info_hash", info,
|
203
371
|
info_len)) {
|
204
372
|
return 0;
|
205
373
|
}
|
@@ -209,7 +377,7 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, uint8_t mode,
|
|
209
377
|
size_t context_len;
|
210
378
|
CBB context_cbb;
|
211
379
|
if (!CBB_init_fixed(&context_cbb, context, sizeof(context)) ||
|
212
|
-
!CBB_add_u8(&context_cbb,
|
380
|
+
!CBB_add_u8(&context_cbb, HPKE_MODE_BASE) ||
|
213
381
|
!CBB_add_bytes(&context_cbb, psk_id_hash, psk_id_hash_len) ||
|
214
382
|
!CBB_add_bytes(&context_cbb, info_hash, info_hash_len) ||
|
215
383
|
!CBB_finish(&context_cbb, NULL, &context_len)) {
|
@@ -217,97 +385,44 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, uint8_t mode,
|
|
217
385
|
}
|
218
386
|
|
219
387
|
// secret = LabeledExtract(shared_secret, "secret", psk)
|
220
|
-
static const char kSecretExtractLabel[] = "secret";
|
221
388
|
uint8_t secret[EVP_MAX_MD_SIZE];
|
222
389
|
size_t secret_len;
|
223
|
-
if (!hpke_labeled_extract(
|
390
|
+
if (!hpke_labeled_extract(hkdf_md, secret, &secret_len, shared_secret,
|
224
391
|
shared_secret_len, suite_id, sizeof(suite_id),
|
225
|
-
|
392
|
+
"secret", NULL, 0)) {
|
226
393
|
return 0;
|
227
394
|
}
|
228
395
|
|
229
396
|
// key = LabeledExpand(secret, "key", key_schedule_context, Nk)
|
230
|
-
|
397
|
+
const EVP_AEAD *aead = EVP_HPKE_AEAD_aead(ctx->aead);
|
231
398
|
uint8_t key[EVP_AEAD_MAX_KEY_LENGTH];
|
232
399
|
const size_t kKeyLen = EVP_AEAD_key_length(aead);
|
233
|
-
if (!hpke_labeled_expand(
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
}
|
238
|
-
|
239
|
-
// Initialize the HPKE context's AEAD context, storing a copy of |key|.
|
240
|
-
if (!EVP_AEAD_CTX_init(&hpke->aead_ctx, aead, key, kKeyLen, 0, NULL)) {
|
400
|
+
if (!hpke_labeled_expand(hkdf_md, key, kKeyLen, secret, secret_len, suite_id,
|
401
|
+
sizeof(suite_id), "key", context, context_len) ||
|
402
|
+
!EVP_AEAD_CTX_init(&ctx->aead_ctx, aead, key, kKeyLen,
|
403
|
+
EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) {
|
241
404
|
return 0;
|
242
405
|
}
|
243
406
|
|
244
407
|
// base_nonce = LabeledExpand(secret, "base_nonce", key_schedule_context, Nn)
|
245
|
-
|
246
|
-
if (!hpke_labeled_expand(hpke->hkdf_md, hpke->base_nonce,
|
408
|
+
if (!hpke_labeled_expand(hkdf_md, ctx->base_nonce,
|
247
409
|
EVP_AEAD_nonce_length(aead), secret, secret_len,
|
248
|
-
suite_id, sizeof(suite_id),
|
249
|
-
|
410
|
+
suite_id, sizeof(suite_id), "base_nonce", context,
|
411
|
+
context_len)) {
|
250
412
|
return 0;
|
251
413
|
}
|
252
414
|
|
253
415
|
// exporter_secret = LabeledExpand(secret, "exp", key_schedule_context, Nh)
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
suite_id, sizeof(suite_id),
|
258
|
-
kExporterSecretExpandLabel, context, context_len)) {
|
416
|
+
if (!hpke_labeled_expand(hkdf_md, ctx->exporter_secret, EVP_MD_size(hkdf_md),
|
417
|
+
secret, secret_len, suite_id, sizeof(suite_id),
|
418
|
+
"exp", context, context_len)) {
|
259
419
|
return 0;
|
260
420
|
}
|
261
421
|
|
262
422
|
return 1;
|
263
423
|
}
|
264
424
|
|
265
|
-
|
266
|
-
// KDF (currently we only support SHA256).
|
267
|
-
static int hpke_encap(EVP_HPKE_CTX *hpke,
|
268
|
-
uint8_t out_shared_secret[SHA256_DIGEST_LENGTH],
|
269
|
-
const uint8_t public_key_r[X25519_PUBLIC_VALUE_LEN],
|
270
|
-
const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN],
|
271
|
-
const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]) {
|
272
|
-
uint8_t dh[X25519_PUBLIC_VALUE_LEN];
|
273
|
-
if (!X25519(dh, ephemeral_private, public_key_r)) {
|
274
|
-
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY);
|
275
|
-
return 0;
|
276
|
-
}
|
277
|
-
|
278
|
-
uint8_t kem_context[KEM_CONTEXT_LEN];
|
279
|
-
OPENSSL_memcpy(kem_context, ephemeral_public, X25519_PUBLIC_VALUE_LEN);
|
280
|
-
OPENSSL_memcpy(kem_context + X25519_PUBLIC_VALUE_LEN, public_key_r,
|
281
|
-
X25519_PUBLIC_VALUE_LEN);
|
282
|
-
if (!hpke_extract_and_expand(EVP_sha256(), out_shared_secret,
|
283
|
-
SHA256_DIGEST_LENGTH, dh, kem_context)) {
|
284
|
-
return 0;
|
285
|
-
}
|
286
|
-
return 1;
|
287
|
-
}
|
288
|
-
|
289
|
-
static int hpke_decap(const EVP_HPKE_CTX *hpke,
|
290
|
-
uint8_t out_shared_secret[SHA256_DIGEST_LENGTH],
|
291
|
-
const uint8_t enc[X25519_PUBLIC_VALUE_LEN],
|
292
|
-
const uint8_t public_key_r[X25519_PUBLIC_VALUE_LEN],
|
293
|
-
const uint8_t secret_key_r[X25519_PRIVATE_KEY_LEN]) {
|
294
|
-
uint8_t dh[X25519_PUBLIC_VALUE_LEN];
|
295
|
-
if (!X25519(dh, secret_key_r, enc)) {
|
296
|
-
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY);
|
297
|
-
return 0;
|
298
|
-
}
|
299
|
-
uint8_t kem_context[KEM_CONTEXT_LEN];
|
300
|
-
OPENSSL_memcpy(kem_context, enc, X25519_PUBLIC_VALUE_LEN);
|
301
|
-
OPENSSL_memcpy(kem_context + X25519_PUBLIC_VALUE_LEN, public_key_r,
|
302
|
-
X25519_PUBLIC_VALUE_LEN);
|
303
|
-
if (!hpke_extract_and_expand(EVP_sha256(), out_shared_secret,
|
304
|
-
SHA256_DIGEST_LENGTH, dh, kem_context)) {
|
305
|
-
return 0;
|
306
|
-
}
|
307
|
-
return 1;
|
308
|
-
}
|
309
|
-
|
310
|
-
void EVP_HPKE_CTX_init(EVP_HPKE_CTX *ctx) {
|
425
|
+
void EVP_HPKE_CTX_zero(EVP_HPKE_CTX *ctx) {
|
311
426
|
OPENSSL_memset(ctx, 0, sizeof(EVP_HPKE_CTX));
|
312
427
|
EVP_AEAD_CTX_zero(&ctx->aead_ctx);
|
313
428
|
}
|
@@ -316,217 +431,154 @@ void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx) {
|
|
316
431
|
EVP_AEAD_CTX_cleanup(&ctx->aead_ctx);
|
317
432
|
}
|
318
433
|
|
319
|
-
int
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
|
324
|
-
|
325
|
-
|
326
|
-
|
327
|
-
|
328
|
-
|
329
|
-
|
330
|
-
|
331
|
-
ephemeral_private, out_enc);
|
332
|
-
}
|
333
|
-
|
334
|
-
int EVP_HPKE_CTX_setup_base_s_x25519_for_test(
|
335
|
-
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
336
|
-
const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
|
337
|
-
const uint8_t *info, size_t info_len,
|
338
|
-
const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN],
|
339
|
-
const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]) {
|
340
|
-
hpke->is_sender = 1;
|
341
|
-
hpke->kdf_id = kdf_id;
|
342
|
-
hpke->aead_id = aead_id;
|
343
|
-
hpke->hkdf_md = EVP_HPKE_get_hkdf_md(kdf_id);
|
344
|
-
if (hpke->hkdf_md == NULL) {
|
345
|
-
return 0;
|
346
|
-
}
|
347
|
-
uint8_t shared_secret[SHA256_DIGEST_LENGTH];
|
348
|
-
if (!hpke_encap(hpke, shared_secret, peer_public_value, ephemeral_private,
|
349
|
-
ephemeral_public) ||
|
350
|
-
!hpke_key_schedule(hpke, HPKE_MODE_BASE, shared_secret,
|
351
|
-
sizeof(shared_secret), info, info_len, NULL, 0, NULL,
|
352
|
-
0)) {
|
353
|
-
return 0;
|
354
|
-
}
|
355
|
-
return 1;
|
356
|
-
}
|
357
|
-
|
358
|
-
int EVP_HPKE_CTX_setup_base_r_x25519(
|
359
|
-
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
360
|
-
const uint8_t enc[X25519_PUBLIC_VALUE_LEN],
|
361
|
-
const uint8_t public_key[X25519_PUBLIC_VALUE_LEN],
|
362
|
-
const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info,
|
363
|
-
size_t info_len) {
|
364
|
-
hpke->is_sender = 0;
|
365
|
-
hpke->kdf_id = kdf_id;
|
366
|
-
hpke->aead_id = aead_id;
|
367
|
-
hpke->hkdf_md = EVP_HPKE_get_hkdf_md(kdf_id);
|
368
|
-
if (hpke->hkdf_md == NULL) {
|
369
|
-
return 0;
|
370
|
-
}
|
371
|
-
uint8_t shared_secret[SHA256_DIGEST_LENGTH];
|
372
|
-
if (!hpke_decap(hpke, shared_secret, enc, public_key, private_key) ||
|
373
|
-
!hpke_key_schedule(hpke, HPKE_MODE_BASE, shared_secret,
|
374
|
-
sizeof(shared_secret), info, info_len, NULL, 0, NULL,
|
375
|
-
0)) {
|
376
|
-
return 0;
|
377
|
-
}
|
378
|
-
return 1;
|
434
|
+
int EVP_HPKE_CTX_setup_sender(EVP_HPKE_CTX *ctx, uint8_t *out_enc,
|
435
|
+
size_t *out_enc_len, size_t max_enc,
|
436
|
+
const EVP_HPKE_KEM *kem, const EVP_HPKE_KDF *kdf,
|
437
|
+
const EVP_HPKE_AEAD *aead,
|
438
|
+
const uint8_t *peer_public_key,
|
439
|
+
size_t peer_public_key_len, const uint8_t *info,
|
440
|
+
size_t info_len) {
|
441
|
+
uint8_t seed[MAX_SEED_LEN];
|
442
|
+
RAND_bytes(seed, kem->seed_len);
|
443
|
+
return EVP_HPKE_CTX_setup_sender_with_seed_for_testing(
|
444
|
+
ctx, out_enc, out_enc_len, max_enc, kem, kdf, aead, peer_public_key,
|
445
|
+
peer_public_key_len, info, info_len, seed, kem->seed_len);
|
379
446
|
}
|
380
447
|
|
381
|
-
int
|
382
|
-
EVP_HPKE_CTX *
|
383
|
-
|
384
|
-
const uint8_t
|
385
|
-
const uint8_t *info, size_t info_len, const uint8_t *
|
386
|
-
|
387
|
-
|
388
|
-
|
389
|
-
|
390
|
-
|
391
|
-
|
392
|
-
|
393
|
-
|
394
|
-
|
395
|
-
|
396
|
-
|
397
|
-
|
398
|
-
|
399
|
-
const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
|
400
|
-
const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len,
|
401
|
-
const uint8_t *psk_id, size_t psk_id_len,
|
402
|
-
const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN],
|
403
|
-
const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]) {
|
404
|
-
hpke->is_sender = 1;
|
405
|
-
hpke->kdf_id = kdf_id;
|
406
|
-
hpke->aead_id = aead_id;
|
407
|
-
hpke->hkdf_md = EVP_HPKE_get_hkdf_md(kdf_id);
|
408
|
-
if (hpke->hkdf_md == NULL) {
|
409
|
-
return 0;
|
410
|
-
}
|
411
|
-
uint8_t shared_secret[SHA256_DIGEST_LENGTH];
|
412
|
-
if (!hpke_encap(hpke, shared_secret, peer_public_value, ephemeral_private,
|
413
|
-
ephemeral_public) ||
|
414
|
-
!hpke_key_schedule(hpke, HPKE_MODE_PSK, shared_secret,
|
415
|
-
sizeof(shared_secret), info, info_len, psk, psk_len,
|
416
|
-
psk_id, psk_id_len)) {
|
448
|
+
int EVP_HPKE_CTX_setup_sender_with_seed_for_testing(
|
449
|
+
EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
|
450
|
+
const EVP_HPKE_KEM *kem, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
|
451
|
+
const uint8_t *peer_public_key, size_t peer_public_key_len,
|
452
|
+
const uint8_t *info, size_t info_len, const uint8_t *seed,
|
453
|
+
size_t seed_len) {
|
454
|
+
EVP_HPKE_CTX_zero(ctx);
|
455
|
+
ctx->is_sender = 1;
|
456
|
+
ctx->kdf = kdf;
|
457
|
+
ctx->aead = aead;
|
458
|
+
uint8_t shared_secret[MAX_SHARED_SECRET_LEN];
|
459
|
+
size_t shared_secret_len;
|
460
|
+
if (!kem->encap_with_seed(kem, shared_secret, &shared_secret_len, out_enc,
|
461
|
+
out_enc_len, max_enc, peer_public_key,
|
462
|
+
peer_public_key_len, seed, seed_len) ||
|
463
|
+
!hpke_key_schedule(ctx, shared_secret, shared_secret_len, info,
|
464
|
+
info_len)) {
|
465
|
+
EVP_HPKE_CTX_cleanup(ctx);
|
417
466
|
return 0;
|
418
467
|
}
|
419
468
|
return 1;
|
420
469
|
}
|
421
470
|
|
422
|
-
int
|
423
|
-
|
424
|
-
|
425
|
-
|
426
|
-
|
427
|
-
|
428
|
-
|
429
|
-
|
430
|
-
|
431
|
-
|
432
|
-
|
433
|
-
if (
|
434
|
-
|
435
|
-
|
436
|
-
|
437
|
-
if (!hpke_decap(hpke, shared_secret, enc, public_key, private_key) ||
|
438
|
-
!hpke_key_schedule(hpke, HPKE_MODE_PSK, shared_secret,
|
439
|
-
sizeof(shared_secret), info, info_len, psk, psk_len,
|
440
|
-
psk_id, psk_id_len)) {
|
471
|
+
int EVP_HPKE_CTX_setup_recipient(EVP_HPKE_CTX *ctx, const EVP_HPKE_KEY *key,
|
472
|
+
const EVP_HPKE_KDF *kdf,
|
473
|
+
const EVP_HPKE_AEAD *aead, const uint8_t *enc,
|
474
|
+
size_t enc_len, const uint8_t *info,
|
475
|
+
size_t info_len) {
|
476
|
+
EVP_HPKE_CTX_zero(ctx);
|
477
|
+
ctx->is_sender = 0;
|
478
|
+
ctx->kdf = kdf;
|
479
|
+
ctx->aead = aead;
|
480
|
+
uint8_t shared_secret[MAX_SHARED_SECRET_LEN];
|
481
|
+
size_t shared_secret_len;
|
482
|
+
if (!key->kem->decap(key, shared_secret, &shared_secret_len, enc, enc_len) ||
|
483
|
+
!hpke_key_schedule(ctx, shared_secret, sizeof(shared_secret), info,
|
484
|
+
info_len)) {
|
485
|
+
EVP_HPKE_CTX_cleanup(ctx);
|
441
486
|
return 0;
|
442
487
|
}
|
443
488
|
return 1;
|
444
489
|
}
|
445
490
|
|
446
|
-
static void hpke_nonce(const EVP_HPKE_CTX *
|
491
|
+
static void hpke_nonce(const EVP_HPKE_CTX *ctx, uint8_t *out_nonce,
|
447
492
|
size_t nonce_len) {
|
448
493
|
assert(nonce_len >= 8);
|
449
494
|
|
450
|
-
// Write padded big-endian bytes of |
|
495
|
+
// Write padded big-endian bytes of |ctx->seq| to |out_nonce|.
|
451
496
|
OPENSSL_memset(out_nonce, 0, nonce_len);
|
452
|
-
uint64_t seq_copy =
|
497
|
+
uint64_t seq_copy = ctx->seq;
|
453
498
|
for (size_t i = 0; i < 8; i++) {
|
454
499
|
out_nonce[nonce_len - i - 1] = seq_copy & 0xff;
|
455
500
|
seq_copy >>= 8;
|
456
501
|
}
|
457
502
|
|
458
|
-
// XOR the encoded sequence with the |
|
503
|
+
// XOR the encoded sequence with the |ctx->base_nonce|.
|
459
504
|
for (size_t i = 0; i < nonce_len; i++) {
|
460
|
-
out_nonce[i] ^=
|
505
|
+
out_nonce[i] ^= ctx->base_nonce[i];
|
461
506
|
}
|
462
507
|
}
|
463
508
|
|
464
|
-
|
465
|
-
assert(hpke->is_sender);
|
466
|
-
return EVP_AEAD_max_overhead(hpke->aead_ctx.aead);
|
467
|
-
}
|
468
|
-
|
469
|
-
int EVP_HPKE_CTX_open(EVP_HPKE_CTX *hpke, uint8_t *out, size_t *out_len,
|
509
|
+
int EVP_HPKE_CTX_open(EVP_HPKE_CTX *ctx, uint8_t *out, size_t *out_len,
|
470
510
|
size_t max_out_len, const uint8_t *in, size_t in_len,
|
471
511
|
const uint8_t *ad, size_t ad_len) {
|
472
|
-
if (
|
512
|
+
if (ctx->is_sender) {
|
473
513
|
OPENSSL_PUT_ERROR(EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
474
514
|
return 0;
|
475
515
|
}
|
476
|
-
if (
|
516
|
+
if (ctx->seq == UINT64_MAX) {
|
477
517
|
OPENSSL_PUT_ERROR(EVP, ERR_R_OVERFLOW);
|
478
518
|
return 0;
|
479
519
|
}
|
480
520
|
|
481
521
|
uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
|
482
|
-
const size_t nonce_len = EVP_AEAD_nonce_length(
|
483
|
-
hpke_nonce(
|
522
|
+
const size_t nonce_len = EVP_AEAD_nonce_length(ctx->aead_ctx.aead);
|
523
|
+
hpke_nonce(ctx, nonce, nonce_len);
|
484
524
|
|
485
|
-
if (!EVP_AEAD_CTX_open(&
|
525
|
+
if (!EVP_AEAD_CTX_open(&ctx->aead_ctx, out, out_len, max_out_len, nonce,
|
486
526
|
nonce_len, in, in_len, ad, ad_len)) {
|
487
527
|
return 0;
|
488
528
|
}
|
489
|
-
|
529
|
+
ctx->seq++;
|
490
530
|
return 1;
|
491
531
|
}
|
492
532
|
|
493
|
-
int EVP_HPKE_CTX_seal(EVP_HPKE_CTX *
|
533
|
+
int EVP_HPKE_CTX_seal(EVP_HPKE_CTX *ctx, uint8_t *out, size_t *out_len,
|
494
534
|
size_t max_out_len, const uint8_t *in, size_t in_len,
|
495
535
|
const uint8_t *ad, size_t ad_len) {
|
496
|
-
if (!
|
536
|
+
if (!ctx->is_sender) {
|
497
537
|
OPENSSL_PUT_ERROR(EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
498
538
|
return 0;
|
499
539
|
}
|
500
|
-
if (
|
540
|
+
if (ctx->seq == UINT64_MAX) {
|
501
541
|
OPENSSL_PUT_ERROR(EVP, ERR_R_OVERFLOW);
|
502
542
|
return 0;
|
503
543
|
}
|
504
544
|
|
505
545
|
uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
|
506
|
-
const size_t nonce_len = EVP_AEAD_nonce_length(
|
507
|
-
hpke_nonce(
|
546
|
+
const size_t nonce_len = EVP_AEAD_nonce_length(ctx->aead_ctx.aead);
|
547
|
+
hpke_nonce(ctx, nonce, nonce_len);
|
508
548
|
|
509
|
-
if (!EVP_AEAD_CTX_seal(&
|
549
|
+
if (!EVP_AEAD_CTX_seal(&ctx->aead_ctx, out, out_len, max_out_len, nonce,
|
510
550
|
nonce_len, in, in_len, ad, ad_len)) {
|
511
551
|
return 0;
|
512
552
|
}
|
513
|
-
|
553
|
+
ctx->seq++;
|
514
554
|
return 1;
|
515
555
|
}
|
516
556
|
|
517
|
-
int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *
|
557
|
+
int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *ctx, uint8_t *out,
|
518
558
|
size_t secret_len, const uint8_t *context,
|
519
559
|
size_t context_len) {
|
520
560
|
uint8_t suite_id[HPKE_SUITE_ID_LEN];
|
521
|
-
if (!hpke_build_suite_id(
|
561
|
+
if (!hpke_build_suite_id(ctx, suite_id)) {
|
522
562
|
return 0;
|
523
563
|
}
|
524
|
-
|
525
|
-
if (!hpke_labeled_expand(
|
526
|
-
|
527
|
-
|
528
|
-
context, context_len)) {
|
564
|
+
const EVP_MD *hkdf_md = ctx->kdf->hkdf_md_func();
|
565
|
+
if (!hpke_labeled_expand(hkdf_md, out, secret_len, ctx->exporter_secret,
|
566
|
+
EVP_MD_size(hkdf_md), suite_id, sizeof(suite_id),
|
567
|
+
"sec", context, context_len)) {
|
529
568
|
return 0;
|
530
569
|
}
|
531
570
|
return 1;
|
532
571
|
}
|
572
|
+
|
573
|
+
size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *ctx) {
|
574
|
+
assert(ctx->is_sender);
|
575
|
+
return EVP_AEAD_max_overhead(EVP_AEAD_CTX_aead(&ctx->aead_ctx));
|
576
|
+
}
|
577
|
+
|
578
|
+
const EVP_HPKE_AEAD *EVP_HPKE_CTX_aead(const EVP_HPKE_CTX *ctx) {
|
579
|
+
return ctx->aead;
|
580
|
+
}
|
581
|
+
|
582
|
+
const EVP_HPKE_KDF *EVP_HPKE_CTX_kdf(const EVP_HPKE_CTX *ctx) {
|
583
|
+
return ctx->kdf;
|
584
|
+
}
|