grpc 1.55.0 → 1.56.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (374) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +100 -68
  3. data/include/grpc/event_engine/event_engine.h +4 -3
  4. data/include/grpc/grpc_audit_logging.h +96 -0
  5. data/include/grpc/module.modulemap +2 -0
  6. data/include/grpc/support/json.h +218 -0
  7. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +5 -0
  8. data/src/core/ext/filters/client_channel/backend_metric.cc +2 -0
  9. data/src/core/ext/filters/client_channel/channel_connectivity.cc +4 -4
  10. data/src/core/ext/filters/client_channel/client_channel.cc +86 -104
  11. data/src/core/ext/filters/client_channel/client_channel.h +6 -0
  12. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +19 -18
  13. data/src/core/ext/filters/client_channel/client_channel_internal.h +16 -21
  14. data/src/core/ext/filters/client_channel/config_selector.h +9 -24
  15. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +3 -0
  16. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +5 -4
  17. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
  18. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
  19. data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
  20. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +2 -7
  21. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +52 -20
  22. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +23 -2
  23. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -6
  24. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +1 -9
  25. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +16 -7
  26. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +18 -1
  27. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +12 -9
  28. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +6 -4
  29. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +36 -13
  30. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +76 -6
  31. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +32 -39
  32. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +4 -10
  33. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +52 -47
  34. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -9
  35. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +14 -16
  36. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -43
  37. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +7 -12
  38. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +12 -19
  39. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +35 -33
  40. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +29 -4
  41. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +1 -1
  42. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +28 -27
  43. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +163 -46
  44. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +16 -1
  45. data/src/core/ext/filters/client_channel/retry_service_config.cc +1 -0
  46. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +10 -40
  47. data/src/core/ext/filters/client_channel/subchannel.cc +10 -196
  48. data/src/core/ext/filters/client_channel/subchannel.h +3 -43
  49. data/src/core/ext/filters/http/message_compress/compression_filter.cc +5 -5
  50. data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +100 -6
  51. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -8
  52. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +3 -3
  53. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +16 -1
  54. data/src/core/ext/transport/chttp2/transport/flow_control.cc +46 -95
  55. data/src/core/ext/transport/chttp2/transport/internal.h +1 -15
  56. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +11 -2
  57. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +15 -0
  58. data/src/core/ext/xds/certificate_provider_store.cc +4 -9
  59. data/src/core/ext/xds/certificate_provider_store.h +1 -1
  60. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +30 -42
  61. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +14 -9
  62. data/src/core/ext/xds/xds_api.cc +9 -6
  63. data/src/core/ext/xds/xds_api.h +3 -2
  64. data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
  65. data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
  66. data/src/core/ext/xds/xds_bootstrap_grpc.cc +21 -9
  67. data/src/core/ext/xds/xds_bootstrap_grpc.h +5 -0
  68. data/src/core/ext/xds/xds_client.cc +5 -4
  69. data/src/core/ext/xds/xds_client_stats.h +1 -1
  70. data/src/core/ext/xds/xds_cluster.cc +20 -19
  71. data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +11 -8
  72. data/src/core/ext/xds/xds_common_types.cc +3 -1
  73. data/src/core/ext/xds/xds_http_fault_filter.cc +16 -13
  74. data/src/core/ext/xds/xds_http_fault_filter.h +2 -1
  75. data/src/core/ext/xds/xds_http_filters.h +4 -2
  76. data/src/core/ext/xds/xds_http_rbac_filter.cc +154 -67
  77. data/src/core/ext/xds/xds_http_rbac_filter.h +2 -1
  78. data/src/core/ext/xds/xds_http_stateful_session_filter.cc +15 -11
  79. data/src/core/ext/xds/xds_http_stateful_session_filter.h +2 -1
  80. data/src/core/ext/xds/xds_lb_policy_registry.cc +22 -16
  81. data/src/core/ext/xds/xds_listener.cc +1 -0
  82. data/src/core/ext/xds/xds_route_config.cc +40 -3
  83. data/src/core/ext/xds/xds_routing.cc +2 -2
  84. data/src/core/ext/xds/xds_transport_grpc.cc +3 -1
  85. data/src/core/lib/avl/avl.h +5 -0
  86. data/src/core/lib/channel/channel_args.cc +80 -22
  87. data/src/core/lib/channel/channel_args.h +34 -1
  88. data/src/core/lib/channel/channel_trace.cc +16 -12
  89. data/src/core/lib/channel/channelz.cc +159 -132
  90. data/src/core/lib/channel/channelz.h +42 -35
  91. data/src/core/lib/channel/channelz_registry.cc +23 -20
  92. data/src/core/lib/channel/connected_channel.cc +17 -6
  93. data/src/core/lib/channel/promise_based_filter.cc +0 -4
  94. data/src/core/lib/channel/promise_based_filter.h +2 -0
  95. data/src/core/lib/compression/compression_internal.cc +2 -5
  96. data/src/core/lib/config/config_vars.cc +20 -18
  97. data/src/core/lib/config/config_vars.h +4 -4
  98. data/src/core/lib/config/load_config.cc +13 -0
  99. data/src/core/lib/config/load_config.h +6 -0
  100. data/src/core/lib/debug/event_log.h +1 -1
  101. data/src/core/lib/debug/stats_data.h +1 -1
  102. data/src/core/lib/debug/trace.cc +24 -55
  103. data/src/core/lib/debug/trace.h +3 -1
  104. data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
  105. data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
  106. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
  107. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
  108. data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
  109. data/src/core/lib/event_engine/default_event_engine.cc +13 -1
  110. data/src/core/lib/event_engine/default_event_engine_factory.cc +14 -2
  111. data/src/core/lib/event_engine/poller.h +2 -2
  112. data/src/core/lib/event_engine/posix.h +4 -0
  113. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
  114. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +7 -18
  115. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +9 -0
  116. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +33 -19
  117. data/src/core/lib/event_engine/posix_engine/posix_engine.h +1 -1
  118. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +4 -4
  119. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +7 -8
  120. data/src/core/lib/event_engine/posix_engine/timer_manager.h +1 -1
  121. data/src/core/lib/event_engine/shim.cc +7 -1
  122. data/src/core/lib/event_engine/{thread_pool.cc → thread_pool/original_thread_pool.cc} +28 -25
  123. data/src/core/lib/event_engine/{thread_pool.h → thread_pool/original_thread_pool.h} +11 -15
  124. data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
  125. data/src/core/lib/event_engine/{executor/executor.h → thread_pool/thread_pool_factory.cc} +17 -15
  126. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
  127. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
  128. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
  129. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +108 -0
  130. data/src/core/lib/event_engine/windows/iocp.cc +4 -3
  131. data/src/core/lib/event_engine/windows/iocp.h +3 -3
  132. data/src/core/lib/event_engine/windows/win_socket.cc +6 -6
  133. data/src/core/lib/event_engine/windows/win_socket.h +4 -4
  134. data/src/core/lib/event_engine/windows/windows_endpoint.cc +11 -10
  135. data/src/core/lib/event_engine/windows/windows_endpoint.h +3 -2
  136. data/src/core/lib/event_engine/windows/windows_engine.cc +19 -17
  137. data/src/core/lib/event_engine/windows/windows_engine.h +6 -6
  138. data/src/core/lib/event_engine/windows/windows_listener.cc +3 -3
  139. data/src/core/lib/event_engine/windows/windows_listener.h +3 -2
  140. data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
  141. data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
  142. data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
  143. data/src/core/lib/experiments/config.cc +38 -7
  144. data/src/core/lib/experiments/config.h +16 -0
  145. data/src/core/lib/experiments/experiments.cc +67 -20
  146. data/src/core/lib/experiments/experiments.h +27 -21
  147. data/src/core/lib/gpr/log_internal.h +55 -0
  148. data/src/core/lib/gprpp/crash.cc +10 -0
  149. data/src/core/lib/gprpp/crash.h +3 -0
  150. data/src/core/lib/gprpp/per_cpu.cc +33 -0
  151. data/src/core/lib/gprpp/per_cpu.h +29 -6
  152. data/src/core/lib/gprpp/time.cc +1 -0
  153. data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
  154. data/src/core/lib/iomgr/endpoint_cfstream.cc +10 -8
  155. data/src/core/lib/iomgr/ev_apple.cc +12 -12
  156. data/src/core/lib/iomgr/ev_epoll1_linux.cc +10 -3
  157. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +15 -1
  158. data/src/core/lib/iomgr/iocp_windows.cc +24 -3
  159. data/src/core/lib/iomgr/iocp_windows.h +11 -0
  160. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +1 -1
  161. data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -2
  162. data/src/core/lib/iomgr/socket_windows.cc +61 -7
  163. data/src/core/lib/iomgr/socket_windows.h +9 -2
  164. data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -3
  165. data/src/core/lib/iomgr/tcp_server_posix.cc +148 -107
  166. data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
  167. data/src/core/lib/iomgr/tcp_server_windows.cc +1 -1
  168. data/src/core/lib/json/json.h +2 -166
  169. data/src/core/lib/json/json_object_loader.cc +8 -9
  170. data/src/core/lib/json/json_object_loader.h +25 -18
  171. data/src/core/lib/json/json_reader.cc +13 -6
  172. data/src/core/lib/json/json_util.cc +6 -11
  173. data/src/core/lib/json/json_writer.cc +7 -8
  174. data/src/core/lib/load_balancing/lb_policy.h +13 -0
  175. data/src/core/lib/load_balancing/lb_policy_registry.cc +2 -1
  176. data/src/core/lib/matchers/matchers.cc +3 -4
  177. data/src/core/lib/matchers/matchers.h +2 -1
  178. data/src/core/lib/promise/activity.cc +5 -0
  179. data/src/core/lib/promise/activity.h +10 -0
  180. data/src/core/lib/promise/detail/promise_factory.h +1 -1
  181. data/src/core/lib/promise/party.cc +31 -13
  182. data/src/core/lib/promise/party.h +11 -2
  183. data/src/core/lib/promise/pipe.h +9 -2
  184. data/src/core/lib/promise/prioritized_race.h +95 -0
  185. data/src/core/lib/promise/sleep.cc +2 -1
  186. data/src/core/lib/resolver/server_address.cc +0 -8
  187. data/src/core/lib/resolver/server_address.h +0 -6
  188. data/src/core/lib/resource_quota/memory_quota.cc +7 -7
  189. data/src/core/lib/resource_quota/memory_quota.h +1 -2
  190. data/src/core/lib/security/authorization/audit_logging.cc +98 -0
  191. data/src/core/lib/security/authorization/audit_logging.h +73 -0
  192. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -2
  193. data/src/core/lib/security/authorization/grpc_authorization_engine.h +18 -1
  194. data/src/core/lib/security/authorization/rbac_policy.cc +36 -4
  195. data/src/core/lib/security/authorization/rbac_policy.h +19 -2
  196. data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
  197. data/src/core/lib/security/authorization/stdout_logger.h +61 -0
  198. data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +8 -4
  199. data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +8 -18
  200. data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +14 -8
  201. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +19 -12
  202. data/src/core/lib/security/credentials/external/external_account_credentials.cc +4 -2
  203. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -0
  204. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -0
  205. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +1 -0
  206. data/src/core/lib/security/credentials/jwt/json_token.cc +15 -14
  207. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +4 -2
  208. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +1 -0
  209. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +1 -0
  210. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -5
  211. data/src/core/lib/security/util/json_util.cc +1 -0
  212. data/src/core/lib/service_config/service_config_call_data.h +49 -20
  213. data/src/core/lib/service_config/service_config_impl.cc +2 -1
  214. data/src/core/lib/surface/call.cc +38 -23
  215. data/src/core/lib/surface/completion_queue.cc +6 -2
  216. data/src/core/lib/surface/version.cc +2 -2
  217. data/src/core/lib/transport/batch_builder.cc +15 -12
  218. data/src/core/lib/transport/batch_builder.h +39 -35
  219. data/src/core/plugin_registry/grpc_plugin_registry.cc +0 -2
  220. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -0
  221. data/src/ruby/ext/grpc/extconf.rb +8 -9
  222. data/src/ruby/lib/grpc/version.rb +1 -1
  223. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -8
  224. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +1 -1
  225. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +3 -3
  226. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +10 -6
  227. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +7 -4
  228. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +6 -4
  229. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +2 -1
  230. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +5 -9
  231. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +4 -2
  232. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +31 -22
  233. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +29 -26
  234. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +8 -0
  235. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
  236. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
  237. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_openbsd.c +31 -0
  238. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +6 -4
  239. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
  240. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
  241. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +4 -0
  242. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +18 -6
  243. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +15 -7
  244. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
  245. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -1
  246. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
  247. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +3 -0
  248. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +24 -24
  249. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +1 -1
  250. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +7 -7
  251. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +74 -74
  252. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +1 -2
  253. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +11 -11
  254. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +12 -12
  255. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +14 -15
  256. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
  257. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +10 -10
  258. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +23 -23
  259. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -13
  260. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +1 -1
  261. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +2 -2
  262. data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
  263. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +2 -10
  264. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +1 -4
  265. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +115 -133
  266. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
  267. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +57 -47
  268. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -8
  269. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
  270. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -23
  271. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +21 -16
  272. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +5 -288
  273. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +143 -83
  274. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +95 -183
  275. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +71 -0
  276. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
  277. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +33 -0
  278. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +162 -6
  279. data/third_party/boringssl-with-bazel/src/crypto/internal.h +18 -0
  280. data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +18 -11
  281. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +6 -13
  282. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +18 -14
  283. data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +3 -13
  284. data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
  285. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +77 -0
  286. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
  287. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +62 -0
  288. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +218 -44
  289. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +35 -0
  290. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +588 -39
  291. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +27 -18
  292. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +1 -1
  293. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +17 -39
  294. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +39 -48
  295. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +0 -140
  296. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +72 -23
  297. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +11 -14
  298. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
  299. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
  300. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +1 -1
  301. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +33 -46
  302. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +1 -0
  303. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +3 -5
  304. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +14 -46
  305. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -26
  306. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +17 -10
  307. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1 -1
  308. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +5 -7
  309. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +6 -4
  310. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +32 -1
  311. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +0 -4
  312. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
  313. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +3 -3
  314. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +28 -0
  315. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +2 -11
  316. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -3
  317. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +91 -1
  318. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +5 -0
  319. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +149 -20
  320. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +4 -0
  321. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
  322. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +8 -0
  323. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +774 -615
  324. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +42 -10
  325. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +11 -6
  326. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -4
  327. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +24 -16
  328. data/third_party/boringssl-with-bazel/src/ssl/internal.h +65 -18
  329. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +37 -18
  330. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +187 -193
  331. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +13 -129
  332. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +85 -10
  333. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +17 -4
  334. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
  335. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1 -1
  336. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +5 -21
  337. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -2
  338. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
  339. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
  340. data/third_party/cares/cares/include/ares.h +23 -1
  341. data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
  342. data/third_party/cares/cares/include/ares_rules.h +2 -2
  343. data/third_party/cares/cares/include/ares_version.h +3 -3
  344. data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
  345. data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
  346. data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
  347. data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
  348. data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
  349. data/third_party/cares/cares/src/lib/ares_data.c +16 -0
  350. data/third_party/cares/cares/src/lib/ares_data.h +7 -0
  351. data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
  352. data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
  353. data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
  354. data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
  355. data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
  356. data/third_party/cares/cares/src/lib/ares_init.c +97 -485
  357. data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
  358. data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
  359. data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
  360. data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
  361. data/third_party/cares/cares/src/lib/ares_private.h +30 -16
  362. data/third_party/cares/cares/src/lib/ares_process.c +55 -16
  363. data/third_party/cares/cares/src/lib/ares_query.c +1 -35
  364. data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
  365. data/third_party/cares/cares/src/lib/ares_send.c +5 -7
  366. data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
  367. data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
  368. data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
  369. data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
  370. data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
  371. metadata +48 -12
  372. data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -175
  373. data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
  374. data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
@@ -29,7 +29,7 @@
29
29
  #include "internal.h"
30
30
 
31
31
 
32
- typedef int (*hash_to_group_func_t)(const EC_GROUP *group, EC_RAW_POINT *out,
32
+ typedef int (*hash_to_group_func_t)(const EC_GROUP *group, EC_JACOBIAN *out,
33
33
  const uint8_t t[TRUST_TOKEN_NONCE_SIZE]);
34
34
  typedef int (*hash_to_scalar_func_t)(const EC_GROUP *group, EC_SCALAR *out,
35
35
  uint8_t *buf, size_t len);
@@ -63,18 +63,24 @@ static int voprf_init_method(VOPRF_METHOD *method, int curve_nid,
63
63
 
64
64
  static int cbb_add_point(CBB *out, const EC_GROUP *group,
65
65
  const EC_AFFINE *point) {
66
- size_t len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
67
- if (len == 0) {
68
- return 0;
69
- }
70
-
71
66
  uint8_t *p;
67
+ size_t len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
72
68
  return CBB_add_space(out, &p, len) &&
73
69
  ec_point_to_bytes(group, point, POINT_CONVERSION_UNCOMPRESSED, p,
74
70
  len) == len &&
75
71
  CBB_flush(out);
76
72
  }
77
73
 
74
+ static int cbb_serialize_point(CBB *out, const EC_GROUP *group,
75
+ const EC_AFFINE *point) {
76
+ uint8_t *p;
77
+ size_t len = ec_point_byte_len(group, POINT_CONVERSION_COMPRESSED);
78
+ return CBB_add_u16(out, len) && CBB_add_space(out, &p, len) &&
79
+ ec_point_to_bytes(group, point, POINT_CONVERSION_COMPRESSED, p, len) ==
80
+ len &&
81
+ CBB_flush(out);
82
+ }
83
+
78
84
  static int cbs_get_point(CBS *cbs, const EC_GROUP *group, EC_AFFINE *out) {
79
85
  CBS child;
80
86
  size_t plen = 1 + 2 * BN_num_bytes(&group->field);
@@ -112,7 +118,7 @@ static int scalar_from_cbs(CBS *cbs, const EC_GROUP *group, EC_SCALAR *out) {
112
118
  static int voprf_calculate_key(const VOPRF_METHOD *method, CBB *out_private,
113
119
  CBB *out_public, const EC_SCALAR *priv) {
114
120
  const EC_GROUP *group = method->group;
115
- EC_RAW_POINT pub;
121
+ EC_JACOBIAN pub;
116
122
  EC_AFFINE pub_affine;
117
123
  if (!ec_point_mul_scalar_base(group, &pub, priv) ||
118
124
  !ec_jacobian_to_affine(group, &pub_affine, &pub)) {
@@ -191,7 +197,7 @@ static int voprf_issuer_key_from_bytes(const VOPRF_METHOD *method,
191
197
  }
192
198
 
193
199
  // Recompute the public key.
194
- EC_RAW_POINT pub;
200
+ EC_JACOBIAN pub;
195
201
  if (!ec_point_mul_scalar_base(group, &pub, &key->xs) ||
196
202
  !ec_jacobian_to_affine(group, &key->pubs, &pub)) {
197
203
  return 0;
@@ -249,7 +255,7 @@ static STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_blind(const VOPRF_METHOD *method,
249
255
  ec_scalar_from_montgomery(group, &pretoken->r, &pretoken->r);
250
256
 
251
257
  // Tp is the blinded token in the VOPRF protocol.
252
- EC_RAW_POINT P, Tp;
258
+ EC_JACOBIAN P, Tp;
253
259
  if (!method->hash_to_group(group, &P, pretoken->t) ||
254
260
  !ec_point_mul_scalar(group, &Tp, &P, &r) ||
255
261
  !ec_jacobian_to_affine(group, &pretoken->Tp, &Tp)) {
@@ -299,6 +305,30 @@ err:
299
305
  return ok;
300
306
  }
301
307
 
308
+ static int hash_to_scalar_challenge(const VOPRF_METHOD *method, EC_SCALAR *out,
309
+ const EC_AFFINE *Bm, const EC_AFFINE *a0,
310
+ const EC_AFFINE *a1, const EC_AFFINE *a2,
311
+ const EC_AFFINE *a3) {
312
+ static const uint8_t kChallengeLabel[] = "Challenge";
313
+
314
+ CBB cbb;
315
+ uint8_t transcript[5 * EC_MAX_COMPRESSED + 2 + sizeof(kChallengeLabel) - 1];
316
+ size_t len;
317
+ if (!CBB_init_fixed(&cbb, transcript, sizeof(transcript)) ||
318
+ !cbb_serialize_point(&cbb, method->group, Bm) ||
319
+ !cbb_serialize_point(&cbb, method->group, a0) ||
320
+ !cbb_serialize_point(&cbb, method->group, a1) ||
321
+ !cbb_serialize_point(&cbb, method->group, a2) ||
322
+ !cbb_serialize_point(&cbb, method->group, a3) ||
323
+ !CBB_add_bytes(&cbb, kChallengeLabel, sizeof(kChallengeLabel) - 1) ||
324
+ !CBB_finish(&cbb, NULL, &len) ||
325
+ !method->hash_to_scalar(method->group, out, transcript, len)) {
326
+ return 0;
327
+ }
328
+
329
+ return 1;
330
+ }
331
+
302
332
  static int hash_to_scalar_batch(const VOPRF_METHOD *method, EC_SCALAR *out,
303
333
  const CBB *points, size_t index) {
304
334
  static const uint8_t kDLEQBatchLabel[] = "DLEQ BATCH";
@@ -332,7 +362,7 @@ err:
332
362
 
333
363
  static int dleq_generate(const VOPRF_METHOD *method, CBB *cbb,
334
364
  const TRUST_TOKEN_ISSUER_KEY *priv,
335
- const EC_RAW_POINT *T, const EC_RAW_POINT *W) {
365
+ const EC_JACOBIAN *T, const EC_JACOBIAN *W) {
336
366
  const EC_GROUP *group = method->group;
337
367
 
338
368
  enum {
@@ -342,7 +372,7 @@ static int dleq_generate(const VOPRF_METHOD *method, CBB *cbb,
342
372
  idx_k1,
343
373
  num_idx,
344
374
  };
345
- EC_RAW_POINT jacobians[num_idx];
375
+ EC_JACOBIAN jacobians[num_idx];
346
376
 
347
377
  // Setup the DLEQ proof.
348
378
  EC_SCALAR r;
@@ -387,18 +417,18 @@ static int dleq_generate(const VOPRF_METHOD *method, CBB *cbb,
387
417
  return 1;
388
418
  }
389
419
 
390
- static int mul_public_2(const EC_GROUP *group, EC_RAW_POINT *out,
391
- const EC_RAW_POINT *p0, const EC_SCALAR *scalar0,
392
- const EC_RAW_POINT *p1, const EC_SCALAR *scalar1) {
393
- EC_RAW_POINT points[2] = {*p0, *p1};
420
+ static int mul_public_2(const EC_GROUP *group, EC_JACOBIAN *out,
421
+ const EC_JACOBIAN *p0, const EC_SCALAR *scalar0,
422
+ const EC_JACOBIAN *p1, const EC_SCALAR *scalar1) {
423
+ EC_JACOBIAN points[2] = {*p0, *p1};
394
424
  EC_SCALAR scalars[2] = {*scalar0, *scalar1};
395
425
  return ec_point_mul_scalar_public_batch(group, out, /*g_scalar=*/NULL, points,
396
426
  scalars, 2);
397
427
  }
398
428
 
399
429
  static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs,
400
- const TRUST_TOKEN_CLIENT_KEY *pub, const EC_RAW_POINT *T,
401
- const EC_RAW_POINT *W) {
430
+ const TRUST_TOKEN_CLIENT_KEY *pub, const EC_JACOBIAN *T,
431
+ const EC_JACOBIAN *W) {
402
432
  const EC_GROUP *group = method->group;
403
433
 
404
434
 
@@ -409,7 +439,7 @@ static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs,
409
439
  idx_k1,
410
440
  num_idx,
411
441
  };
412
- EC_RAW_POINT jacobians[num_idx];
442
+ EC_JACOBIAN jacobians[num_idx];
413
443
 
414
444
  // Decode the DLEQ proof.
415
445
  EC_SCALAR c, u;
@@ -420,7 +450,7 @@ static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs,
420
450
  }
421
451
 
422
452
  // k0;k1 = u*(G;T) - c*(pub;W)
423
- EC_RAW_POINT pubs;
453
+ EC_JACOBIAN pubs;
424
454
  ec_affine_to_jacobian(group, &pubs, &pub->pubs);
425
455
  EC_SCALAR minus_c;
426
456
  ec_scalar_neg(group, &minus_c, &c);
@@ -455,24 +485,24 @@ static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs,
455
485
  return 1;
456
486
  }
457
487
 
458
- static int voprf_sign(const VOPRF_METHOD *method,
459
- const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
460
- size_t num_requested, size_t num_to_issue) {
488
+ static int voprf_sign_tt(const VOPRF_METHOD *method,
489
+ const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
490
+ size_t num_requested, size_t num_to_issue) {
461
491
  const EC_GROUP *group = method->group;
462
492
  if (num_requested < num_to_issue) {
463
493
  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
464
494
  return 0;
465
495
  }
466
496
 
467
- if (num_to_issue > ((size_t)-1) / sizeof(EC_RAW_POINT) ||
497
+ if (num_to_issue > ((size_t)-1) / sizeof(EC_JACOBIAN) ||
468
498
  num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) {
469
499
  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
470
500
  return 0;
471
501
  }
472
502
 
473
503
  int ret = 0;
474
- EC_RAW_POINT *BTs = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
475
- EC_RAW_POINT *Zs = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT));
504
+ EC_JACOBIAN *BTs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN));
505
+ EC_JACOBIAN *Zs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN));
476
506
  EC_SCALAR *es = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR));
477
507
  CBB batch_cbb;
478
508
  CBB_zero(&batch_cbb);
@@ -486,7 +516,7 @@ static int voprf_sign(const VOPRF_METHOD *method,
486
516
 
487
517
  for (size_t i = 0; i < num_to_issue; i++) {
488
518
  EC_AFFINE BT_affine, Z_affine;
489
- EC_RAW_POINT BT, Z;
519
+ EC_JACOBIAN BT, Z;
490
520
  if (!cbs_get_point(cbs, group, &BT_affine)) {
491
521
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
492
522
  goto err;
@@ -519,7 +549,7 @@ static int voprf_sign(const VOPRF_METHOD *method,
519
549
  }
520
550
  }
521
551
 
522
- EC_RAW_POINT BT_batch, Z_batch;
552
+ EC_JACOBIAN BT_batch, Z_batch;
523
553
  if (!ec_point_mul_scalar_public_batch(group, &BT_batch,
524
554
  /*g_scalar=*/NULL, BTs, es,
525
555
  num_to_issue) ||
@@ -553,7 +583,7 @@ err:
553
583
  return ret;
554
584
  }
555
585
 
556
- static STACK_OF(TRUST_TOKEN) *voprf_unblind(
586
+ static STACK_OF(TRUST_TOKEN) *voprf_unblind_tt(
557
587
  const VOPRF_METHOD *method, const TRUST_TOKEN_CLIENT_KEY *key,
558
588
  const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
559
589
  uint32_t key_id) {
@@ -563,7 +593,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind(
563
593
  return NULL;
564
594
  }
565
595
 
566
- if (count > ((size_t)-1) / sizeof(EC_RAW_POINT) ||
596
+ if (count > ((size_t)-1) / sizeof(EC_JACOBIAN) ||
567
597
  count > ((size_t)-1) / sizeof(EC_SCALAR)) {
568
598
  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
569
599
  return NULL;
@@ -571,8 +601,8 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind(
571
601
 
572
602
  int ok = 0;
573
603
  STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null();
574
- EC_RAW_POINT *BTs = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
575
- EC_RAW_POINT *Zs = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
604
+ EC_JACOBIAN *BTs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN));
605
+ EC_JACOBIAN *Zs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN));
576
606
  EC_SCALAR *es = OPENSSL_malloc(count * sizeof(EC_SCALAR));
577
607
  CBB batch_cbb;
578
608
  CBB_zero(&batch_cbb);
@@ -605,7 +635,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind(
605
635
 
606
636
  // Unblind the token.
607
637
  // pretoken->r is rinv.
608
- EC_RAW_POINT N;
638
+ EC_JACOBIAN N;
609
639
  EC_AFFINE N_affine;
610
640
  if (!ec_point_mul_scalar(group, &N, &Zs[i], &pretoken->r) ||
611
641
  !ec_jacobian_to_affine(group, &N_affine, &N)) {
@@ -644,7 +674,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind(
644
674
  }
645
675
  }
646
676
 
647
- EC_RAW_POINT BT_batch, Z_batch;
677
+ EC_JACOBIAN BT_batch, Z_batch;
648
678
  if (!ec_point_mul_scalar_public_batch(group, &BT_batch,
649
679
  /*g_scalar=*/NULL, BTs, es, count) ||
650
680
  !ec_point_mul_scalar_public_batch(group, &Z_batch,
@@ -673,6 +703,397 @@ err:
673
703
  return ret;
674
704
  }
675
705
 
706
+ static void sha384_update_u16(SHA512_CTX *ctx, uint16_t v) {
707
+ uint8_t buf[2] = {v >> 8, v & 0xff};
708
+ SHA384_Update(ctx, buf, 2);
709
+ }
710
+
711
+ static void sha384_update_point_with_length(
712
+ SHA512_CTX *ctx, const EC_GROUP *group, const EC_AFFINE *point) {
713
+ uint8_t buf[EC_MAX_COMPRESSED];
714
+ size_t len = ec_point_to_bytes(group, point, POINT_CONVERSION_COMPRESSED,
715
+ buf, sizeof(buf));
716
+ assert(len > 0);
717
+ sha384_update_u16(ctx, (uint16_t)len);
718
+ SHA384_Update(ctx, buf, len);
719
+ }
720
+
721
+ static int compute_composite_seed(const VOPRF_METHOD *method,
722
+ uint8_t out[SHA384_DIGEST_LENGTH],
723
+ const EC_AFFINE *pub) {
724
+ const EC_GROUP *group = method->group;
725
+ static const uint8_t kSeedDST[] = "Seed-OPRFV1-\x01-P384-SHA384";
726
+
727
+ SHA512_CTX hash_ctx;
728
+ SHA384_Init(&hash_ctx);
729
+ sha384_update_point_with_length(&hash_ctx, group, pub);
730
+ sha384_update_u16(&hash_ctx, sizeof(kSeedDST) - 1);
731
+ SHA384_Update(&hash_ctx, kSeedDST, sizeof(kSeedDST) - 1);
732
+ SHA384_Final(out, &hash_ctx);
733
+
734
+ return 1;
735
+ }
736
+
737
+ static int compute_composite_element(const VOPRF_METHOD *method,
738
+ uint8_t seed[SHA384_DIGEST_LENGTH],
739
+ EC_SCALAR *di, size_t index,
740
+ const EC_AFFINE *C, const EC_AFFINE *D) {
741
+ static const uint8_t kCompositeLabel[] = "Composite";
742
+ const EC_GROUP *group = method->group;
743
+
744
+ if (index > UINT16_MAX) {
745
+ return 0;
746
+ }
747
+
748
+ CBB cbb;
749
+ uint8_t transcript[2 + SHA384_DIGEST_LENGTH + 2 + 2 * EC_MAX_COMPRESSED +
750
+ sizeof(kCompositeLabel) - 1];
751
+ size_t len;
752
+ if (!CBB_init_fixed(&cbb, transcript, sizeof(transcript)) ||
753
+ !CBB_add_u16(&cbb, SHA384_DIGEST_LENGTH) ||
754
+ !CBB_add_bytes(&cbb, seed, SHA384_DIGEST_LENGTH) ||
755
+ !CBB_add_u16(&cbb, index) ||
756
+ !cbb_serialize_point(&cbb, group, C) ||
757
+ !cbb_serialize_point(&cbb, group, D) ||
758
+ !CBB_add_bytes(&cbb, kCompositeLabel,
759
+ sizeof(kCompositeLabel) - 1) ||
760
+ !CBB_finish(&cbb, NULL, &len) ||
761
+ !method->hash_to_scalar(method->group, di, transcript, len)) {
762
+ return 0;
763
+ }
764
+
765
+ return 1;
766
+ }
767
+
768
+ static int generate_proof(const VOPRF_METHOD *method, CBB *cbb,
769
+ const TRUST_TOKEN_ISSUER_KEY *priv,
770
+ const EC_SCALAR *r, const EC_JACOBIAN *M,
771
+ const EC_JACOBIAN *Z) {
772
+ const EC_GROUP *group = method->group;
773
+
774
+ enum {
775
+ idx_M,
776
+ idx_Z,
777
+ idx_t2,
778
+ idx_t3,
779
+ num_idx,
780
+ };
781
+ EC_JACOBIAN jacobians[num_idx];
782
+
783
+ if (!ec_point_mul_scalar_base(group, &jacobians[idx_t2], r) ||
784
+ !ec_point_mul_scalar(group, &jacobians[idx_t3], M, r)) {
785
+ return 0;
786
+ }
787
+
788
+
789
+ EC_AFFINE affines[num_idx];
790
+ jacobians[idx_M] = *M;
791
+ jacobians[idx_Z] = *Z;
792
+ if (!ec_jacobian_to_affine_batch(group, affines, jacobians, num_idx)) {
793
+ return 0;
794
+ }
795
+
796
+ EC_SCALAR c;
797
+ if (!hash_to_scalar_challenge(method, &c, &priv->pubs, &affines[idx_M],
798
+ &affines[idx_Z], &affines[idx_t2],
799
+ &affines[idx_t3])) {
800
+ return 0;
801
+ }
802
+
803
+ EC_SCALAR c_mont;
804
+ ec_scalar_to_montgomery(group, &c_mont, &c);
805
+
806
+ // s = r - c*xs
807
+ EC_SCALAR s;
808
+ ec_scalar_mul_montgomery(group, &s, &priv->xs, &c_mont);
809
+ ec_scalar_sub(group, &s, r, &s);
810
+
811
+ // Store DLEQ proof in transcript.
812
+ if (!scalar_to_cbb(cbb, group, &c) ||
813
+ !scalar_to_cbb(cbb, group, &s)) {
814
+ return 0;
815
+ }
816
+
817
+ return 1;
818
+ }
819
+
820
+ static int verify_proof(const VOPRF_METHOD *method, CBS *cbs,
821
+ const TRUST_TOKEN_CLIENT_KEY *pub,
822
+ const EC_JACOBIAN *M, const EC_JACOBIAN *Z) {
823
+ const EC_GROUP *group = method->group;
824
+
825
+ enum {
826
+ idx_M,
827
+ idx_Z,
828
+ idx_t2,
829
+ idx_t3,
830
+ num_idx,
831
+ };
832
+ EC_JACOBIAN jacobians[num_idx];
833
+
834
+ EC_SCALAR c, s;
835
+ if (!scalar_from_cbs(cbs, group, &c) ||
836
+ !scalar_from_cbs(cbs, group, &s)) {
837
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
838
+ return 0;
839
+ }
840
+
841
+ EC_JACOBIAN pubs;
842
+ ec_affine_to_jacobian(group, &pubs, &pub->pubs);
843
+ if (!ec_point_mul_scalar_public(group, &jacobians[idx_t2], &s, &pubs,
844
+ &c) ||
845
+ !mul_public_2(group, &jacobians[idx_t3], M, &s, Z, &c)) {
846
+ return 0;
847
+ }
848
+
849
+ EC_AFFINE affines[num_idx];
850
+ jacobians[idx_M] = *M;
851
+ jacobians[idx_Z] = *Z;
852
+ if (!ec_jacobian_to_affine_batch(group, affines, jacobians, num_idx)) {
853
+ return 0;
854
+ }
855
+
856
+ EC_SCALAR expected_c;
857
+ if (!hash_to_scalar_challenge(method, &expected_c, &pub->pubs,
858
+ &affines[idx_M], &affines[idx_Z],
859
+ &affines[idx_t2], &affines[idx_t3])) {
860
+ return 0;
861
+ }
862
+
863
+ // c == expected_c
864
+ if (!ec_scalar_equal_vartime(group, &c, &expected_c)) {
865
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_PROOF);
866
+ return 0;
867
+ }
868
+
869
+ return 1;
870
+ }
871
+
872
+ static int voprf_sign_impl(const VOPRF_METHOD *method,
873
+ const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb,
874
+ CBS *cbs, size_t num_requested, size_t num_to_issue,
875
+ const EC_SCALAR *proof_scalar) {
876
+ const EC_GROUP *group = method->group;
877
+ if (num_requested < num_to_issue) {
878
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
879
+ return 0;
880
+ }
881
+
882
+ if (num_to_issue > ((size_t)-1) / sizeof(EC_JACOBIAN) ||
883
+ num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) {
884
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
885
+ return 0;
886
+ }
887
+
888
+ int ret = 0;
889
+ EC_JACOBIAN *BTs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN));
890
+ EC_JACOBIAN *Zs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN));
891
+ EC_SCALAR *dis = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR));
892
+ if (!BTs || !Zs || !dis) {
893
+ goto err;
894
+ }
895
+
896
+ uint8_t seed[SHA384_DIGEST_LENGTH];
897
+ if (!compute_composite_seed(method, seed, &key->pubs)) {
898
+ goto err;
899
+ }
900
+
901
+ // This implements the BlindEvaluateBatch as defined in section 4 of
902
+ // draft-robert-privacypass-batched-tokens-01, based on the constructions
903
+ // in draft-irtf-cfrg-voprf-21. To optimize the computation of the proof,
904
+ // the computation of di is done during the token signing and passed into
905
+ // the proof generation.
906
+ for (size_t i = 0; i < num_to_issue; i++) {
907
+ EC_AFFINE BT_affine, Z_affine;
908
+ EC_JACOBIAN BT, Z;
909
+ if (!cbs_get_point(cbs, group, &BT_affine)) {
910
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
911
+ goto err;
912
+ }
913
+ ec_affine_to_jacobian(group, &BT, &BT_affine);
914
+ if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) ||
915
+ !ec_jacobian_to_affine(group, &Z_affine, &Z) ||
916
+ !cbb_add_point(cbb, group, &Z_affine)) {
917
+ goto err;
918
+ }
919
+ BTs[i] = BT;
920
+ Zs[i] = Z;
921
+ if (!compute_composite_element(method, seed, &dis[i], i, &BT_affine,
922
+ &Z_affine)) {
923
+ goto err;
924
+ }
925
+
926
+ if (!CBB_flush(cbb)) {
927
+ goto err;
928
+ }
929
+ }
930
+
931
+ EC_JACOBIAN M, Z;
932
+ if (!ec_point_mul_scalar_public_batch(group, &M,
933
+ /*g_scalar=*/NULL, BTs, dis,
934
+ num_to_issue) ||
935
+ !ec_point_mul_scalar(group, &Z, &M, &key->xs)) {
936
+ goto err;
937
+ }
938
+
939
+ CBB proof;
940
+ if (!CBB_add_u16_length_prefixed(cbb, &proof) ||
941
+ !generate_proof(method, &proof, key, proof_scalar, &M, &Z) ||
942
+ !CBB_flush(cbb)) {
943
+ goto err;
944
+ }
945
+
946
+ // Skip over any unused requests.
947
+ size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
948
+ if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) {
949
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
950
+ goto err;
951
+ }
952
+
953
+ ret = 1;
954
+
955
+ err:
956
+ OPENSSL_free(BTs);
957
+ OPENSSL_free(Zs);
958
+ OPENSSL_free(dis);
959
+ return ret;
960
+ }
961
+
962
+ static int voprf_sign(const VOPRF_METHOD *method,
963
+ const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
964
+ size_t num_requested, size_t num_to_issue) {
965
+ EC_SCALAR proof_scalar;
966
+ if (!ec_random_nonzero_scalar(method->group, &proof_scalar,
967
+ kDefaultAdditionalData)) {
968
+ return 0;
969
+ }
970
+
971
+ return voprf_sign_impl(method, key, cbb, cbs, num_requested, num_to_issue,
972
+ &proof_scalar);
973
+ }
974
+
975
+ static int voprf_sign_with_proof_scalar_for_testing(
976
+ const VOPRF_METHOD *method, const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb,
977
+ CBS *cbs, size_t num_requested, size_t num_to_issue,
978
+ const uint8_t *proof_scalar_buf, size_t proof_scalar_len) {
979
+ EC_SCALAR proof_scalar;
980
+ if (!ec_scalar_from_bytes(method->group, &proof_scalar, proof_scalar_buf,
981
+ proof_scalar_len)) {
982
+ return 0;
983
+ }
984
+ return voprf_sign_impl(method, key, cbb, cbs, num_requested, num_to_issue,
985
+ &proof_scalar);
986
+ }
987
+
988
+ static STACK_OF(TRUST_TOKEN) *voprf_unblind(
989
+ const VOPRF_METHOD *method, const TRUST_TOKEN_CLIENT_KEY *key,
990
+ const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
991
+ uint32_t key_id) {
992
+ const EC_GROUP *group = method->group;
993
+ if (count > sk_TRUST_TOKEN_PRETOKEN_num(pretokens)) {
994
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
995
+ return NULL;
996
+ }
997
+
998
+ if (count > ((size_t)-1) / sizeof(EC_JACOBIAN) ||
999
+ count > ((size_t)-1) / sizeof(EC_SCALAR)) {
1000
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
1001
+ return NULL;
1002
+ }
1003
+
1004
+ int ok = 0;
1005
+ STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null();
1006
+ EC_JACOBIAN *BTs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN));
1007
+ EC_JACOBIAN *Zs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN));
1008
+ EC_SCALAR *dis = OPENSSL_malloc(count * sizeof(EC_SCALAR));
1009
+ if (ret == NULL || !BTs || !Zs || !dis) {
1010
+ goto err;
1011
+ }
1012
+
1013
+ uint8_t seed[SHA384_DIGEST_LENGTH];
1014
+ if (!compute_composite_seed(method, seed, &key->pubs)) {
1015
+ goto err;
1016
+ }
1017
+
1018
+ for (size_t i = 0; i < count; i++) {
1019
+ const TRUST_TOKEN_PRETOKEN *pretoken =
1020
+ sk_TRUST_TOKEN_PRETOKEN_value(pretokens, i);
1021
+
1022
+ EC_AFFINE Z_affine;
1023
+ if (!cbs_get_point(cbs, group, &Z_affine)) {
1024
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
1025
+ goto err;
1026
+ }
1027
+
1028
+ ec_affine_to_jacobian(group, &BTs[i], &pretoken->Tp);
1029
+ ec_affine_to_jacobian(group, &Zs[i], &Z_affine);
1030
+ if (!compute_composite_element(method, seed, &dis[i], i, &pretoken->Tp,
1031
+ &Z_affine)) {
1032
+ goto err;
1033
+ }
1034
+
1035
+ // Unblind the token.
1036
+ // pretoken->r is rinv.
1037
+ EC_JACOBIAN N;
1038
+ EC_AFFINE N_affine;
1039
+ if (!ec_point_mul_scalar(group, &N, &Zs[i], &pretoken->r) ||
1040
+ !ec_jacobian_to_affine(group, &N_affine, &N)) {
1041
+ goto err;
1042
+ }
1043
+
1044
+ // Serialize the token. Include |key_id| to avoid an extra copy in the layer
1045
+ // above.
1046
+ CBB token_cbb;
1047
+ size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
1048
+ if (!CBB_init(&token_cbb, 4 + TRUST_TOKEN_NONCE_SIZE + (2 + point_len)) ||
1049
+ !CBB_add_u32(&token_cbb, key_id) ||
1050
+ !CBB_add_bytes(&token_cbb, pretoken->salt, TRUST_TOKEN_NONCE_SIZE) ||
1051
+ !cbb_add_point(&token_cbb, group, &N_affine) ||
1052
+ !CBB_flush(&token_cbb)) {
1053
+ CBB_cleanup(&token_cbb);
1054
+ goto err;
1055
+ }
1056
+
1057
+ TRUST_TOKEN *token =
1058
+ TRUST_TOKEN_new(CBB_data(&token_cbb), CBB_len(&token_cbb));
1059
+ CBB_cleanup(&token_cbb);
1060
+ if (token == NULL ||
1061
+ !sk_TRUST_TOKEN_push(ret, token)) {
1062
+ TRUST_TOKEN_free(token);
1063
+ goto err;
1064
+ }
1065
+ }
1066
+
1067
+ EC_JACOBIAN M, Z;
1068
+ if (!ec_point_mul_scalar_public_batch(group, &M,
1069
+ /*g_scalar=*/NULL, BTs, dis,
1070
+ count) ||
1071
+ !ec_point_mul_scalar_public_batch(group, &Z,
1072
+ /*g_scalar=*/NULL, Zs, dis,
1073
+ count)) {
1074
+ goto err;
1075
+ }
1076
+
1077
+ CBS proof;
1078
+ if (!CBS_get_u16_length_prefixed(cbs, &proof) ||
1079
+ !verify_proof(method, &proof, key, &M, &Z) ||
1080
+ CBS_len(&proof) != 0) {
1081
+ goto err;
1082
+ }
1083
+
1084
+ ok = 1;
1085
+
1086
+ err:
1087
+ OPENSSL_free(BTs);
1088
+ OPENSSL_free(Zs);
1089
+ OPENSSL_free(dis);
1090
+ if (!ok) {
1091
+ sk_TRUST_TOKEN_pop_free(ret, TRUST_TOKEN_free);
1092
+ ret = NULL;
1093
+ }
1094
+ return ret;
1095
+ }
1096
+
676
1097
  static int voprf_read(const VOPRF_METHOD *method,
677
1098
  const TRUST_TOKEN_ISSUER_KEY *key,
678
1099
  uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
@@ -701,12 +1122,12 @@ static int voprf_read(const VOPRF_METHOD *method,
701
1122
  }
702
1123
 
703
1124
 
704
- EC_RAW_POINT T;
1125
+ EC_JACOBIAN T;
705
1126
  if (!method->hash_to_group(group, &T, out_nonce)) {
706
1127
  return 0;
707
1128
  }
708
1129
 
709
- EC_RAW_POINT Ws_calculated;
1130
+ EC_JACOBIAN Ws_calculated;
710
1131
  if (!ec_point_mul_scalar(group, &Ws_calculated, &T, &key->xs) ||
711
1132
  !ec_affine_jacobian_equal(group, &Ws, &Ws_calculated)) {
712
1133
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BAD_VALIDITY_CHECK);
@@ -719,7 +1140,7 @@ static int voprf_read(const VOPRF_METHOD *method,
719
1140
 
720
1141
  // VOPRF experiment v2.
721
1142
 
722
- static int voprf_exp2_hash_to_group(const EC_GROUP *group, EC_RAW_POINT *out,
1143
+ static int voprf_exp2_hash_to_group(const EC_GROUP *group, EC_JACOBIAN *out,
723
1144
  const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) {
724
1145
  const uint8_t kHashTLabel[] = "TrustToken VOPRF Experiment V2 HashToGroup";
725
1146
  return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
@@ -804,8 +1225,8 @@ int voprf_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
804
1225
  if (!voprf_exp2_init_method() || private_metadata != 0) {
805
1226
  return 0;
806
1227
  }
807
- return voprf_sign(&voprf_exp2_method, key, cbb, cbs, num_requested,
808
- num_to_issue);
1228
+ return voprf_sign_tt(&voprf_exp2_method, key, cbb, cbs, num_requested,
1229
+ num_to_issue);
809
1230
  }
810
1231
 
811
1232
  STACK_OF(TRUST_TOKEN) *voprf_exp2_unblind(
@@ -815,7 +1236,8 @@ STACK_OF(TRUST_TOKEN) *voprf_exp2_unblind(
815
1236
  if (!voprf_exp2_init_method()) {
816
1237
  return NULL;
817
1238
  }
818
- return voprf_unblind(&voprf_exp2_method, key, pretokens, cbs, count, key_id);
1239
+ return voprf_unblind_tt(&voprf_exp2_method, key, pretokens, cbs, count,
1240
+ key_id);
819
1241
  }
820
1242
 
821
1243
  int voprf_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
@@ -829,3 +1251,130 @@ int voprf_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
829
1251
  return voprf_read(&voprf_exp2_method, key, out_nonce, token, token_len,
830
1252
  include_message, msg, msg_len);
831
1253
  }
1254
+
1255
+ // VOPRF PST v1.
1256
+
1257
+ static int voprf_pst1_hash_to_group(const EC_GROUP *group, EC_JACOBIAN *out,
1258
+ const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) {
1259
+ const uint8_t kHashTLabel[] = "HashToGroup-OPRFV1-\x01-P384-SHA384";
1260
+ return ec_hash_to_curve_p384_xmd_sha384_sswu(group, out, kHashTLabel,
1261
+ sizeof(kHashTLabel) - 1, t,
1262
+ TRUST_TOKEN_NONCE_SIZE);
1263
+ }
1264
+
1265
+ static int voprf_pst1_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
1266
+ uint8_t *buf, size_t len) {
1267
+ const uint8_t kHashCLabel[] = "HashToScalar-OPRFV1-\x01-P384-SHA384";
1268
+ return ec_hash_to_scalar_p384_xmd_sha384(group, out, kHashCLabel,
1269
+ sizeof(kHashCLabel) - 1, buf, len);
1270
+ }
1271
+
1272
+ static int voprf_pst1_ok = 0;
1273
+ static VOPRF_METHOD voprf_pst1_method;
1274
+ static CRYPTO_once_t voprf_pst1_method_once = CRYPTO_ONCE_INIT;
1275
+
1276
+ static void voprf_pst1_init_method_impl(void) {
1277
+ voprf_pst1_ok =
1278
+ voprf_init_method(&voprf_pst1_method, NID_secp384r1,
1279
+ voprf_pst1_hash_to_group, voprf_pst1_hash_to_scalar);
1280
+ }
1281
+
1282
+ static int voprf_pst1_init_method(void) {
1283
+ CRYPTO_once(&voprf_pst1_method_once, voprf_pst1_init_method_impl);
1284
+ if (!voprf_pst1_ok) {
1285
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
1286
+ return 0;
1287
+ }
1288
+ return 1;
1289
+ }
1290
+
1291
+ int voprf_pst1_generate_key(CBB *out_private, CBB *out_public) {
1292
+ if (!voprf_pst1_init_method()) {
1293
+ return 0;
1294
+ }
1295
+
1296
+ return voprf_generate_key(&voprf_pst1_method, out_private, out_public);
1297
+ }
1298
+
1299
+ int voprf_pst1_derive_key_from_secret(CBB *out_private, CBB *out_public,
1300
+ const uint8_t *secret,
1301
+ size_t secret_len) {
1302
+ if (!voprf_pst1_init_method()) {
1303
+ return 0;
1304
+ }
1305
+
1306
+ return voprf_derive_key_from_secret(&voprf_pst1_method, out_private,
1307
+ out_public, secret, secret_len);
1308
+ }
1309
+
1310
+ int voprf_pst1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
1311
+ const uint8_t *in, size_t len) {
1312
+ if (!voprf_pst1_init_method()) {
1313
+ return 0;
1314
+ }
1315
+ return voprf_client_key_from_bytes(&voprf_pst1_method, key, in, len);
1316
+ }
1317
+
1318
+ int voprf_pst1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
1319
+ const uint8_t *in, size_t len) {
1320
+ if (!voprf_pst1_init_method()) {
1321
+ return 0;
1322
+ }
1323
+ return voprf_issuer_key_from_bytes(&voprf_pst1_method, key, in, len);
1324
+ }
1325
+
1326
+ STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_pst1_blind(CBB *cbb, size_t count,
1327
+ int include_message,
1328
+ const uint8_t *msg,
1329
+ size_t msg_len) {
1330
+ if (!voprf_pst1_init_method()) {
1331
+ return NULL;
1332
+ }
1333
+ return voprf_blind(&voprf_pst1_method, cbb, count, include_message, msg,
1334
+ msg_len);
1335
+ }
1336
+
1337
+ int voprf_pst1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
1338
+ size_t num_requested, size_t num_to_issue,
1339
+ uint8_t private_metadata) {
1340
+ if (!voprf_pst1_init_method() || private_metadata != 0) {
1341
+ return 0;
1342
+ }
1343
+ return voprf_sign(&voprf_pst1_method, key, cbb, cbs, num_requested,
1344
+ num_to_issue);
1345
+ }
1346
+
1347
+
1348
+ int voprf_pst1_sign_with_proof_scalar_for_testing(
1349
+ const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested,
1350
+ size_t num_to_issue, uint8_t private_metadata,
1351
+ const uint8_t *proof_scalar_buf, size_t proof_scalar_len) {
1352
+ if (!voprf_pst1_init_method() || private_metadata != 0) {
1353
+ return 0;
1354
+ }
1355
+ return voprf_sign_with_proof_scalar_for_testing(
1356
+ &voprf_pst1_method, key, cbb, cbs, num_requested, num_to_issue,
1357
+ proof_scalar_buf, proof_scalar_len);
1358
+ }
1359
+
1360
+ STACK_OF(TRUST_TOKEN) *voprf_pst1_unblind(
1361
+ const TRUST_TOKEN_CLIENT_KEY *key,
1362
+ const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
1363
+ uint32_t key_id) {
1364
+ if (!voprf_pst1_init_method()) {
1365
+ return NULL;
1366
+ }
1367
+ return voprf_unblind(&voprf_pst1_method, key, pretokens, cbs, count, key_id);
1368
+ }
1369
+
1370
+ int voprf_pst1_read(const TRUST_TOKEN_ISSUER_KEY *key,
1371
+ uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
1372
+ uint8_t *out_private_metadata, const uint8_t *token,
1373
+ size_t token_len, int include_message, const uint8_t *msg,
1374
+ size_t msg_len) {
1375
+ if (!voprf_pst1_init_method()) {
1376
+ return 0;
1377
+ }
1378
+ return voprf_read(&voprf_pst1_method, key, out_nonce, token, token_len,
1379
+ include_message, msg, msg_len);
1380
+ }