grpc 1.55.0 → 1.56.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +102 -68
- data/include/grpc/event_engine/event_engine.h +4 -3
- data/include/grpc/grpc_audit_logging.h +96 -0
- data/include/grpc/grpc_security.h +19 -0
- data/include/grpc/module.modulemap +2 -0
- data/include/grpc/support/json.h +218 -0
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +5 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -0
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +4 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +86 -104
- data/src/core/ext/filters/client_channel/client_channel.h +6 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +19 -18
- data/src/core/ext/filters/client_channel/client_channel_internal.h +16 -21
- data/src/core/ext/filters/client_channel/config_selector.h +9 -24
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +3 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +5 -4
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +2 -7
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +53 -21
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +23 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -6
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +16 -7
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +18 -1
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +12 -9
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +36 -13
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +76 -6
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +42 -40
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +4 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +52 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +14 -16
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -43
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +7 -12
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +12 -19
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +35 -33
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +29 -4
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +28 -27
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +163 -46
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +16 -1
- data/src/core/ext/filters/client_channel/retry_service_config.cc +1 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +10 -40
- data/src/core/ext/filters/client_channel/subchannel.cc +10 -196
- data/src/core/ext/filters/client_channel/subchannel.h +3 -43
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +5 -5
- data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +100 -6
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -8
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +3 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +16 -1
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +46 -95
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.cc +176 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +325 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +567 -543
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +150 -9
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +46 -32
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +18 -5
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -15
- data/src/core/ext/transport/chttp2/transport/parsing.cc +12 -12
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +11 -2
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +15 -0
- data/src/core/ext/xds/certificate_provider_store.cc +4 -9
- data/src/core/ext/xds/certificate_provider_store.h +1 -1
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +30 -42
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +14 -9
- data/src/core/ext/xds/xds_api.cc +9 -6
- data/src/core/ext/xds/xds_api.h +3 -2
- data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
- data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +21 -9
- data/src/core/ext/xds/xds_bootstrap_grpc.h +5 -0
- data/src/core/ext/xds/xds_client.cc +5 -4
- data/src/core/ext/xds/xds_client_stats.h +1 -1
- data/src/core/ext/xds/xds_cluster.cc +20 -19
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +11 -8
- data/src/core/ext/xds/xds_common_types.cc +3 -1
- data/src/core/ext/xds/xds_http_fault_filter.cc +16 -13
- data/src/core/ext/xds/xds_http_fault_filter.h +2 -1
- data/src/core/ext/xds/xds_http_filters.h +4 -2
- data/src/core/ext/xds/xds_http_rbac_filter.cc +154 -67
- data/src/core/ext/xds/xds_http_rbac_filter.h +2 -1
- data/src/core/ext/xds/xds_http_stateful_session_filter.cc +15 -11
- data/src/core/ext/xds/xds_http_stateful_session_filter.h +2 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +22 -16
- data/src/core/ext/xds/xds_listener.cc +1 -0
- data/src/core/ext/xds/xds_route_config.cc +40 -3
- data/src/core/ext/xds/xds_routing.cc +2 -2
- data/src/core/ext/xds/xds_transport_grpc.cc +3 -1
- data/src/core/lib/avl/avl.h +5 -0
- data/src/core/lib/backoff/random_early_detection.h +5 -0
- data/src/core/lib/channel/channel_args.cc +80 -22
- data/src/core/lib/channel/channel_args.h +34 -1
- data/src/core/lib/channel/channel_trace.cc +16 -12
- data/src/core/lib/channel/channelz.cc +159 -132
- data/src/core/lib/channel/channelz.h +42 -35
- data/src/core/lib/channel/channelz_registry.cc +23 -20
- data/src/core/lib/channel/connected_channel.cc +17 -6
- data/src/core/lib/channel/promise_based_filter.cc +0 -4
- data/src/core/lib/channel/promise_based_filter.h +2 -0
- data/src/core/lib/compression/compression_internal.cc +2 -5
- data/src/core/lib/config/config_vars.cc +20 -18
- data/src/core/lib/config/config_vars.h +4 -4
- data/src/core/lib/config/load_config.cc +13 -0
- data/src/core/lib/config/load_config.h +6 -0
- data/src/core/lib/debug/event_log.h +1 -1
- data/src/core/lib/debug/stats_data.h +1 -1
- data/src/core/lib/debug/trace.cc +24 -55
- data/src/core/lib/debug/trace.h +3 -1
- data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
- data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
- data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
- data/src/core/lib/event_engine/default_event_engine.cc +13 -1
- data/src/core/lib/event_engine/default_event_engine_factory.cc +14 -2
- data/src/core/lib/event_engine/poller.h +2 -2
- data/src/core/lib/event_engine/posix.h +4 -0
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +7 -18
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +9 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +33 -19
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +2 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +33 -4
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +10 -8
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +1 -1
- data/src/core/lib/event_engine/shim.cc +7 -1
- data/src/core/lib/event_engine/{thread_pool.cc → thread_pool/original_thread_pool.cc} +28 -25
- data/src/core/lib/event_engine/{thread_pool.h → thread_pool/original_thread_pool.h} +11 -15
- data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
- data/src/core/lib/event_engine/{executor/executor.h → thread_pool/thread_pool_factory.cc} +17 -15
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +108 -0
- data/src/core/lib/event_engine/windows/iocp.cc +4 -3
- data/src/core/lib/event_engine/windows/iocp.h +3 -3
- data/src/core/lib/event_engine/windows/win_socket.cc +6 -6
- data/src/core/lib/event_engine/windows/win_socket.h +4 -4
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +11 -10
- data/src/core/lib/event_engine/windows/windows_endpoint.h +3 -2
- data/src/core/lib/event_engine/windows/windows_engine.cc +19 -17
- data/src/core/lib/event_engine/windows/windows_engine.h +6 -6
- data/src/core/lib/event_engine/windows/windows_listener.cc +3 -3
- data/src/core/lib/event_engine/windows/windows_listener.h +3 -2
- data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
- data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
- data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
- data/src/core/lib/experiments/config.cc +38 -7
- data/src/core/lib/experiments/config.h +16 -0
- data/src/core/lib/experiments/experiments.cc +67 -20
- data/src/core/lib/experiments/experiments.h +27 -21
- data/src/core/lib/gpr/log_internal.h +55 -0
- data/src/core/lib/gprpp/crash.cc +10 -0
- data/src/core/lib/gprpp/crash.h +3 -0
- data/src/core/lib/gprpp/per_cpu.cc +33 -0
- data/src/core/lib/gprpp/per_cpu.h +29 -6
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +10 -8
- data/src/core/lib/iomgr/ev_apple.cc +12 -12
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +10 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +15 -1
- data/src/core/lib/iomgr/iocp_windows.cc +24 -3
- data/src/core/lib/iomgr/iocp_windows.h +11 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -2
- data/src/core/lib/iomgr/socket_windows.cc +61 -7
- data/src/core/lib/iomgr/socket_windows.h +9 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -3
- data/src/core/lib/iomgr/tcp_server_posix.cc +182 -119
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +21 -0
- data/src/core/lib/iomgr/tcp_server_windows.cc +1 -1
- data/src/core/lib/json/json.h +2 -166
- data/src/core/lib/json/json_object_loader.cc +8 -9
- data/src/core/lib/json/json_object_loader.h +25 -18
- data/src/core/lib/json/json_reader.cc +13 -6
- data/src/core/lib/json/json_util.cc +6 -11
- data/src/core/lib/json/json_writer.cc +7 -8
- data/src/core/lib/load_balancing/lb_policy.h +13 -0
- data/src/core/lib/load_balancing/lb_policy_registry.cc +2 -1
- data/src/core/lib/matchers/matchers.cc +3 -4
- data/src/core/lib/matchers/matchers.h +2 -1
- data/src/core/lib/promise/activity.cc +5 -0
- data/src/core/lib/promise/activity.h +10 -0
- data/src/core/lib/promise/detail/promise_factory.h +1 -1
- data/src/core/lib/promise/party.cc +31 -13
- data/src/core/lib/promise/party.h +11 -2
- data/src/core/lib/promise/pipe.h +9 -2
- data/src/core/lib/promise/prioritized_race.h +95 -0
- data/src/core/lib/promise/sleep.cc +2 -1
- data/src/core/lib/resolver/server_address.cc +0 -8
- data/src/core/lib/resolver/server_address.h +0 -6
- data/src/core/lib/resource_quota/memory_quota.cc +7 -7
- data/src/core/lib/resource_quota/memory_quota.h +1 -2
- data/src/core/lib/security/authorization/audit_logging.cc +98 -0
- data/src/core/lib/security/authorization/audit_logging.h +73 -0
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -2
- data/src/core/lib/security/authorization/grpc_authorization_engine.h +18 -1
- data/src/core/lib/security/authorization/rbac_policy.cc +36 -4
- data/src/core/lib/security/authorization/rbac_policy.h +19 -2
- data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
- data/src/core/lib/security/authorization/stdout_logger.h +61 -0
- data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +8 -4
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +8 -18
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +14 -8
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +19 -12
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +4 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +1 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +15 -14
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +4 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +1 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +1 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +8 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +5 -1
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +2 -1
- data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +1 -1
- data/src/core/lib/security/util/json_util.cc +1 -0
- data/src/core/lib/service_config/service_config_call_data.h +49 -20
- data/src/core/lib/service_config/service_config_impl.cc +2 -1
- data/src/core/lib/surface/call.cc +38 -23
- data/src/core/lib/surface/completion_queue.cc +6 -2
- data/src/core/lib/surface/validate_metadata.cc +37 -22
- data/src/core/lib/surface/validate_metadata.h +13 -3
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +15 -12
- data/src/core/lib/transport/batch_builder.h +39 -35
- data/src/core/plugin_registry/grpc_plugin_registry.cc +0 -2
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -0
- data/src/core/tsi/ssl_transport_security.cc +5 -2
- data/src/core/tsi/ssl_transport_security.h +13 -1
- data/src/ruby/ext/grpc/extconf.rb +8 -9
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +3 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +5 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +31 -22
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_openbsd.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +18 -6
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +15 -7
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +24 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +74 -74
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +11 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +12 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +14 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +23 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +2 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +115 -133
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +57 -47
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +21 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +5 -288
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +143 -83
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +95 -183
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +71 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +33 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +162 -6
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +18 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +18 -11
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +6 -13
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +18 -14
- data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +77 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +218 -44
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +588 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +27 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +17 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +39 -48
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +0 -140
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +72 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +11 -14
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +33 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +3 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +14 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +5 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +6 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +32 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +0 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +28 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +2 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +91 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +149 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +774 -615
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +42 -10
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +11 -6
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -4
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +24 -16
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +65 -18
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +37 -18
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +187 -193
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +13 -129
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +85 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +17 -4
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +5 -21
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -2
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
- data/third_party/cares/cares/include/ares.h +23 -1
- data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
- data/third_party/cares/cares/include/ares_rules.h +2 -2
- data/third_party/cares/cares/include/ares_version.h +3 -3
- data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
- data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
- data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
- data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
- data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
- data/third_party/cares/cares/src/lib/ares_data.c +16 -0
- data/third_party/cares/cares/src/lib/ares_data.h +7 -0
- data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
- data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
- data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
- data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
- data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
- data/third_party/cares/cares/src/lib/ares_init.c +97 -485
- data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
- data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
- data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
- data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
- data/third_party/cares/cares/src/lib/ares_private.h +30 -16
- data/third_party/cares/cares/src/lib/ares_process.c +55 -16
- data/third_party/cares/cares/src/lib/ares_query.c +1 -35
- data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
- data/third_party/cares/cares/src/lib/ares_send.c +5 -7
- data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
- data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
- data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
- data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
- data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
- metadata +50 -12
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -175
- data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
- data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
@@ -29,7 +29,7 @@
|
|
29
29
|
#include "internal.h"
|
30
30
|
|
31
31
|
|
32
|
-
typedef int (*hash_to_group_func_t)(const EC_GROUP *group,
|
32
|
+
typedef int (*hash_to_group_func_t)(const EC_GROUP *group, EC_JACOBIAN *out,
|
33
33
|
const uint8_t t[TRUST_TOKEN_NONCE_SIZE]);
|
34
34
|
typedef int (*hash_to_scalar_func_t)(const EC_GROUP *group, EC_SCALAR *out,
|
35
35
|
uint8_t *buf, size_t len);
|
@@ -63,18 +63,24 @@ static int voprf_init_method(VOPRF_METHOD *method, int curve_nid,
|
|
63
63
|
|
64
64
|
static int cbb_add_point(CBB *out, const EC_GROUP *group,
|
65
65
|
const EC_AFFINE *point) {
|
66
|
-
size_t len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
|
67
|
-
if (len == 0) {
|
68
|
-
return 0;
|
69
|
-
}
|
70
|
-
|
71
66
|
uint8_t *p;
|
67
|
+
size_t len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
|
72
68
|
return CBB_add_space(out, &p, len) &&
|
73
69
|
ec_point_to_bytes(group, point, POINT_CONVERSION_UNCOMPRESSED, p,
|
74
70
|
len) == len &&
|
75
71
|
CBB_flush(out);
|
76
72
|
}
|
77
73
|
|
74
|
+
static int cbb_serialize_point(CBB *out, const EC_GROUP *group,
|
75
|
+
const EC_AFFINE *point) {
|
76
|
+
uint8_t *p;
|
77
|
+
size_t len = ec_point_byte_len(group, POINT_CONVERSION_COMPRESSED);
|
78
|
+
return CBB_add_u16(out, len) && CBB_add_space(out, &p, len) &&
|
79
|
+
ec_point_to_bytes(group, point, POINT_CONVERSION_COMPRESSED, p, len) ==
|
80
|
+
len &&
|
81
|
+
CBB_flush(out);
|
82
|
+
}
|
83
|
+
|
78
84
|
static int cbs_get_point(CBS *cbs, const EC_GROUP *group, EC_AFFINE *out) {
|
79
85
|
CBS child;
|
80
86
|
size_t plen = 1 + 2 * BN_num_bytes(&group->field);
|
@@ -112,7 +118,7 @@ static int scalar_from_cbs(CBS *cbs, const EC_GROUP *group, EC_SCALAR *out) {
|
|
112
118
|
static int voprf_calculate_key(const VOPRF_METHOD *method, CBB *out_private,
|
113
119
|
CBB *out_public, const EC_SCALAR *priv) {
|
114
120
|
const EC_GROUP *group = method->group;
|
115
|
-
|
121
|
+
EC_JACOBIAN pub;
|
116
122
|
EC_AFFINE pub_affine;
|
117
123
|
if (!ec_point_mul_scalar_base(group, &pub, priv) ||
|
118
124
|
!ec_jacobian_to_affine(group, &pub_affine, &pub)) {
|
@@ -191,7 +197,7 @@ static int voprf_issuer_key_from_bytes(const VOPRF_METHOD *method,
|
|
191
197
|
}
|
192
198
|
|
193
199
|
// Recompute the public key.
|
194
|
-
|
200
|
+
EC_JACOBIAN pub;
|
195
201
|
if (!ec_point_mul_scalar_base(group, &pub, &key->xs) ||
|
196
202
|
!ec_jacobian_to_affine(group, &key->pubs, &pub)) {
|
197
203
|
return 0;
|
@@ -249,7 +255,7 @@ static STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_blind(const VOPRF_METHOD *method,
|
|
249
255
|
ec_scalar_from_montgomery(group, &pretoken->r, &pretoken->r);
|
250
256
|
|
251
257
|
// Tp is the blinded token in the VOPRF protocol.
|
252
|
-
|
258
|
+
EC_JACOBIAN P, Tp;
|
253
259
|
if (!method->hash_to_group(group, &P, pretoken->t) ||
|
254
260
|
!ec_point_mul_scalar(group, &Tp, &P, &r) ||
|
255
261
|
!ec_jacobian_to_affine(group, &pretoken->Tp, &Tp)) {
|
@@ -299,6 +305,30 @@ err:
|
|
299
305
|
return ok;
|
300
306
|
}
|
301
307
|
|
308
|
+
static int hash_to_scalar_challenge(const VOPRF_METHOD *method, EC_SCALAR *out,
|
309
|
+
const EC_AFFINE *Bm, const EC_AFFINE *a0,
|
310
|
+
const EC_AFFINE *a1, const EC_AFFINE *a2,
|
311
|
+
const EC_AFFINE *a3) {
|
312
|
+
static const uint8_t kChallengeLabel[] = "Challenge";
|
313
|
+
|
314
|
+
CBB cbb;
|
315
|
+
uint8_t transcript[5 * EC_MAX_COMPRESSED + 2 + sizeof(kChallengeLabel) - 1];
|
316
|
+
size_t len;
|
317
|
+
if (!CBB_init_fixed(&cbb, transcript, sizeof(transcript)) ||
|
318
|
+
!cbb_serialize_point(&cbb, method->group, Bm) ||
|
319
|
+
!cbb_serialize_point(&cbb, method->group, a0) ||
|
320
|
+
!cbb_serialize_point(&cbb, method->group, a1) ||
|
321
|
+
!cbb_serialize_point(&cbb, method->group, a2) ||
|
322
|
+
!cbb_serialize_point(&cbb, method->group, a3) ||
|
323
|
+
!CBB_add_bytes(&cbb, kChallengeLabel, sizeof(kChallengeLabel) - 1) ||
|
324
|
+
!CBB_finish(&cbb, NULL, &len) ||
|
325
|
+
!method->hash_to_scalar(method->group, out, transcript, len)) {
|
326
|
+
return 0;
|
327
|
+
}
|
328
|
+
|
329
|
+
return 1;
|
330
|
+
}
|
331
|
+
|
302
332
|
static int hash_to_scalar_batch(const VOPRF_METHOD *method, EC_SCALAR *out,
|
303
333
|
const CBB *points, size_t index) {
|
304
334
|
static const uint8_t kDLEQBatchLabel[] = "DLEQ BATCH";
|
@@ -332,7 +362,7 @@ err:
|
|
332
362
|
|
333
363
|
static int dleq_generate(const VOPRF_METHOD *method, CBB *cbb,
|
334
364
|
const TRUST_TOKEN_ISSUER_KEY *priv,
|
335
|
-
const
|
365
|
+
const EC_JACOBIAN *T, const EC_JACOBIAN *W) {
|
336
366
|
const EC_GROUP *group = method->group;
|
337
367
|
|
338
368
|
enum {
|
@@ -342,7 +372,7 @@ static int dleq_generate(const VOPRF_METHOD *method, CBB *cbb,
|
|
342
372
|
idx_k1,
|
343
373
|
num_idx,
|
344
374
|
};
|
345
|
-
|
375
|
+
EC_JACOBIAN jacobians[num_idx];
|
346
376
|
|
347
377
|
// Setup the DLEQ proof.
|
348
378
|
EC_SCALAR r;
|
@@ -387,18 +417,18 @@ static int dleq_generate(const VOPRF_METHOD *method, CBB *cbb,
|
|
387
417
|
return 1;
|
388
418
|
}
|
389
419
|
|
390
|
-
static int mul_public_2(const EC_GROUP *group,
|
391
|
-
const
|
392
|
-
const
|
393
|
-
|
420
|
+
static int mul_public_2(const EC_GROUP *group, EC_JACOBIAN *out,
|
421
|
+
const EC_JACOBIAN *p0, const EC_SCALAR *scalar0,
|
422
|
+
const EC_JACOBIAN *p1, const EC_SCALAR *scalar1) {
|
423
|
+
EC_JACOBIAN points[2] = {*p0, *p1};
|
394
424
|
EC_SCALAR scalars[2] = {*scalar0, *scalar1};
|
395
425
|
return ec_point_mul_scalar_public_batch(group, out, /*g_scalar=*/NULL, points,
|
396
426
|
scalars, 2);
|
397
427
|
}
|
398
428
|
|
399
429
|
static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs,
|
400
|
-
const TRUST_TOKEN_CLIENT_KEY *pub, const
|
401
|
-
const
|
430
|
+
const TRUST_TOKEN_CLIENT_KEY *pub, const EC_JACOBIAN *T,
|
431
|
+
const EC_JACOBIAN *W) {
|
402
432
|
const EC_GROUP *group = method->group;
|
403
433
|
|
404
434
|
|
@@ -409,7 +439,7 @@ static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs,
|
|
409
439
|
idx_k1,
|
410
440
|
num_idx,
|
411
441
|
};
|
412
|
-
|
442
|
+
EC_JACOBIAN jacobians[num_idx];
|
413
443
|
|
414
444
|
// Decode the DLEQ proof.
|
415
445
|
EC_SCALAR c, u;
|
@@ -420,7 +450,7 @@ static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs,
|
|
420
450
|
}
|
421
451
|
|
422
452
|
// k0;k1 = u*(G;T) - c*(pub;W)
|
423
|
-
|
453
|
+
EC_JACOBIAN pubs;
|
424
454
|
ec_affine_to_jacobian(group, &pubs, &pub->pubs);
|
425
455
|
EC_SCALAR minus_c;
|
426
456
|
ec_scalar_neg(group, &minus_c, &c);
|
@@ -455,24 +485,24 @@ static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs,
|
|
455
485
|
return 1;
|
456
486
|
}
|
457
487
|
|
458
|
-
static int
|
459
|
-
|
460
|
-
|
488
|
+
static int voprf_sign_tt(const VOPRF_METHOD *method,
|
489
|
+
const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
490
|
+
size_t num_requested, size_t num_to_issue) {
|
461
491
|
const EC_GROUP *group = method->group;
|
462
492
|
if (num_requested < num_to_issue) {
|
463
493
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
|
464
494
|
return 0;
|
465
495
|
}
|
466
496
|
|
467
|
-
if (num_to_issue > ((size_t)-1) / sizeof(
|
497
|
+
if (num_to_issue > ((size_t)-1) / sizeof(EC_JACOBIAN) ||
|
468
498
|
num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) {
|
469
499
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
|
470
500
|
return 0;
|
471
501
|
}
|
472
502
|
|
473
503
|
int ret = 0;
|
474
|
-
|
475
|
-
|
504
|
+
EC_JACOBIAN *BTs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN));
|
505
|
+
EC_JACOBIAN *Zs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN));
|
476
506
|
EC_SCALAR *es = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR));
|
477
507
|
CBB batch_cbb;
|
478
508
|
CBB_zero(&batch_cbb);
|
@@ -486,7 +516,7 @@ static int voprf_sign(const VOPRF_METHOD *method,
|
|
486
516
|
|
487
517
|
for (size_t i = 0; i < num_to_issue; i++) {
|
488
518
|
EC_AFFINE BT_affine, Z_affine;
|
489
|
-
|
519
|
+
EC_JACOBIAN BT, Z;
|
490
520
|
if (!cbs_get_point(cbs, group, &BT_affine)) {
|
491
521
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
492
522
|
goto err;
|
@@ -519,7 +549,7 @@ static int voprf_sign(const VOPRF_METHOD *method,
|
|
519
549
|
}
|
520
550
|
}
|
521
551
|
|
522
|
-
|
552
|
+
EC_JACOBIAN BT_batch, Z_batch;
|
523
553
|
if (!ec_point_mul_scalar_public_batch(group, &BT_batch,
|
524
554
|
/*g_scalar=*/NULL, BTs, es,
|
525
555
|
num_to_issue) ||
|
@@ -553,7 +583,7 @@ err:
|
|
553
583
|
return ret;
|
554
584
|
}
|
555
585
|
|
556
|
-
static STACK_OF(TRUST_TOKEN) *
|
586
|
+
static STACK_OF(TRUST_TOKEN) *voprf_unblind_tt(
|
557
587
|
const VOPRF_METHOD *method, const TRUST_TOKEN_CLIENT_KEY *key,
|
558
588
|
const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
|
559
589
|
uint32_t key_id) {
|
@@ -563,7 +593,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind(
|
|
563
593
|
return NULL;
|
564
594
|
}
|
565
595
|
|
566
|
-
if (count > ((size_t)-1) / sizeof(
|
596
|
+
if (count > ((size_t)-1) / sizeof(EC_JACOBIAN) ||
|
567
597
|
count > ((size_t)-1) / sizeof(EC_SCALAR)) {
|
568
598
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
|
569
599
|
return NULL;
|
@@ -571,8 +601,8 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind(
|
|
571
601
|
|
572
602
|
int ok = 0;
|
573
603
|
STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null();
|
574
|
-
|
575
|
-
|
604
|
+
EC_JACOBIAN *BTs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN));
|
605
|
+
EC_JACOBIAN *Zs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN));
|
576
606
|
EC_SCALAR *es = OPENSSL_malloc(count * sizeof(EC_SCALAR));
|
577
607
|
CBB batch_cbb;
|
578
608
|
CBB_zero(&batch_cbb);
|
@@ -605,7 +635,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind(
|
|
605
635
|
|
606
636
|
// Unblind the token.
|
607
637
|
// pretoken->r is rinv.
|
608
|
-
|
638
|
+
EC_JACOBIAN N;
|
609
639
|
EC_AFFINE N_affine;
|
610
640
|
if (!ec_point_mul_scalar(group, &N, &Zs[i], &pretoken->r) ||
|
611
641
|
!ec_jacobian_to_affine(group, &N_affine, &N)) {
|
@@ -644,7 +674,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind(
|
|
644
674
|
}
|
645
675
|
}
|
646
676
|
|
647
|
-
|
677
|
+
EC_JACOBIAN BT_batch, Z_batch;
|
648
678
|
if (!ec_point_mul_scalar_public_batch(group, &BT_batch,
|
649
679
|
/*g_scalar=*/NULL, BTs, es, count) ||
|
650
680
|
!ec_point_mul_scalar_public_batch(group, &Z_batch,
|
@@ -673,6 +703,397 @@ err:
|
|
673
703
|
return ret;
|
674
704
|
}
|
675
705
|
|
706
|
+
static void sha384_update_u16(SHA512_CTX *ctx, uint16_t v) {
|
707
|
+
uint8_t buf[2] = {v >> 8, v & 0xff};
|
708
|
+
SHA384_Update(ctx, buf, 2);
|
709
|
+
}
|
710
|
+
|
711
|
+
static void sha384_update_point_with_length(
|
712
|
+
SHA512_CTX *ctx, const EC_GROUP *group, const EC_AFFINE *point) {
|
713
|
+
uint8_t buf[EC_MAX_COMPRESSED];
|
714
|
+
size_t len = ec_point_to_bytes(group, point, POINT_CONVERSION_COMPRESSED,
|
715
|
+
buf, sizeof(buf));
|
716
|
+
assert(len > 0);
|
717
|
+
sha384_update_u16(ctx, (uint16_t)len);
|
718
|
+
SHA384_Update(ctx, buf, len);
|
719
|
+
}
|
720
|
+
|
721
|
+
static int compute_composite_seed(const VOPRF_METHOD *method,
|
722
|
+
uint8_t out[SHA384_DIGEST_LENGTH],
|
723
|
+
const EC_AFFINE *pub) {
|
724
|
+
const EC_GROUP *group = method->group;
|
725
|
+
static const uint8_t kSeedDST[] = "Seed-OPRFV1-\x01-P384-SHA384";
|
726
|
+
|
727
|
+
SHA512_CTX hash_ctx;
|
728
|
+
SHA384_Init(&hash_ctx);
|
729
|
+
sha384_update_point_with_length(&hash_ctx, group, pub);
|
730
|
+
sha384_update_u16(&hash_ctx, sizeof(kSeedDST) - 1);
|
731
|
+
SHA384_Update(&hash_ctx, kSeedDST, sizeof(kSeedDST) - 1);
|
732
|
+
SHA384_Final(out, &hash_ctx);
|
733
|
+
|
734
|
+
return 1;
|
735
|
+
}
|
736
|
+
|
737
|
+
static int compute_composite_element(const VOPRF_METHOD *method,
|
738
|
+
uint8_t seed[SHA384_DIGEST_LENGTH],
|
739
|
+
EC_SCALAR *di, size_t index,
|
740
|
+
const EC_AFFINE *C, const EC_AFFINE *D) {
|
741
|
+
static const uint8_t kCompositeLabel[] = "Composite";
|
742
|
+
const EC_GROUP *group = method->group;
|
743
|
+
|
744
|
+
if (index > UINT16_MAX) {
|
745
|
+
return 0;
|
746
|
+
}
|
747
|
+
|
748
|
+
CBB cbb;
|
749
|
+
uint8_t transcript[2 + SHA384_DIGEST_LENGTH + 2 + 2 * EC_MAX_COMPRESSED +
|
750
|
+
sizeof(kCompositeLabel) - 1];
|
751
|
+
size_t len;
|
752
|
+
if (!CBB_init_fixed(&cbb, transcript, sizeof(transcript)) ||
|
753
|
+
!CBB_add_u16(&cbb, SHA384_DIGEST_LENGTH) ||
|
754
|
+
!CBB_add_bytes(&cbb, seed, SHA384_DIGEST_LENGTH) ||
|
755
|
+
!CBB_add_u16(&cbb, index) ||
|
756
|
+
!cbb_serialize_point(&cbb, group, C) ||
|
757
|
+
!cbb_serialize_point(&cbb, group, D) ||
|
758
|
+
!CBB_add_bytes(&cbb, kCompositeLabel,
|
759
|
+
sizeof(kCompositeLabel) - 1) ||
|
760
|
+
!CBB_finish(&cbb, NULL, &len) ||
|
761
|
+
!method->hash_to_scalar(method->group, di, transcript, len)) {
|
762
|
+
return 0;
|
763
|
+
}
|
764
|
+
|
765
|
+
return 1;
|
766
|
+
}
|
767
|
+
|
768
|
+
static int generate_proof(const VOPRF_METHOD *method, CBB *cbb,
|
769
|
+
const TRUST_TOKEN_ISSUER_KEY *priv,
|
770
|
+
const EC_SCALAR *r, const EC_JACOBIAN *M,
|
771
|
+
const EC_JACOBIAN *Z) {
|
772
|
+
const EC_GROUP *group = method->group;
|
773
|
+
|
774
|
+
enum {
|
775
|
+
idx_M,
|
776
|
+
idx_Z,
|
777
|
+
idx_t2,
|
778
|
+
idx_t3,
|
779
|
+
num_idx,
|
780
|
+
};
|
781
|
+
EC_JACOBIAN jacobians[num_idx];
|
782
|
+
|
783
|
+
if (!ec_point_mul_scalar_base(group, &jacobians[idx_t2], r) ||
|
784
|
+
!ec_point_mul_scalar(group, &jacobians[idx_t3], M, r)) {
|
785
|
+
return 0;
|
786
|
+
}
|
787
|
+
|
788
|
+
|
789
|
+
EC_AFFINE affines[num_idx];
|
790
|
+
jacobians[idx_M] = *M;
|
791
|
+
jacobians[idx_Z] = *Z;
|
792
|
+
if (!ec_jacobian_to_affine_batch(group, affines, jacobians, num_idx)) {
|
793
|
+
return 0;
|
794
|
+
}
|
795
|
+
|
796
|
+
EC_SCALAR c;
|
797
|
+
if (!hash_to_scalar_challenge(method, &c, &priv->pubs, &affines[idx_M],
|
798
|
+
&affines[idx_Z], &affines[idx_t2],
|
799
|
+
&affines[idx_t3])) {
|
800
|
+
return 0;
|
801
|
+
}
|
802
|
+
|
803
|
+
EC_SCALAR c_mont;
|
804
|
+
ec_scalar_to_montgomery(group, &c_mont, &c);
|
805
|
+
|
806
|
+
// s = r - c*xs
|
807
|
+
EC_SCALAR s;
|
808
|
+
ec_scalar_mul_montgomery(group, &s, &priv->xs, &c_mont);
|
809
|
+
ec_scalar_sub(group, &s, r, &s);
|
810
|
+
|
811
|
+
// Store DLEQ proof in transcript.
|
812
|
+
if (!scalar_to_cbb(cbb, group, &c) ||
|
813
|
+
!scalar_to_cbb(cbb, group, &s)) {
|
814
|
+
return 0;
|
815
|
+
}
|
816
|
+
|
817
|
+
return 1;
|
818
|
+
}
|
819
|
+
|
820
|
+
static int verify_proof(const VOPRF_METHOD *method, CBS *cbs,
|
821
|
+
const TRUST_TOKEN_CLIENT_KEY *pub,
|
822
|
+
const EC_JACOBIAN *M, const EC_JACOBIAN *Z) {
|
823
|
+
const EC_GROUP *group = method->group;
|
824
|
+
|
825
|
+
enum {
|
826
|
+
idx_M,
|
827
|
+
idx_Z,
|
828
|
+
idx_t2,
|
829
|
+
idx_t3,
|
830
|
+
num_idx,
|
831
|
+
};
|
832
|
+
EC_JACOBIAN jacobians[num_idx];
|
833
|
+
|
834
|
+
EC_SCALAR c, s;
|
835
|
+
if (!scalar_from_cbs(cbs, group, &c) ||
|
836
|
+
!scalar_from_cbs(cbs, group, &s)) {
|
837
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
838
|
+
return 0;
|
839
|
+
}
|
840
|
+
|
841
|
+
EC_JACOBIAN pubs;
|
842
|
+
ec_affine_to_jacobian(group, &pubs, &pub->pubs);
|
843
|
+
if (!ec_point_mul_scalar_public(group, &jacobians[idx_t2], &s, &pubs,
|
844
|
+
&c) ||
|
845
|
+
!mul_public_2(group, &jacobians[idx_t3], M, &s, Z, &c)) {
|
846
|
+
return 0;
|
847
|
+
}
|
848
|
+
|
849
|
+
EC_AFFINE affines[num_idx];
|
850
|
+
jacobians[idx_M] = *M;
|
851
|
+
jacobians[idx_Z] = *Z;
|
852
|
+
if (!ec_jacobian_to_affine_batch(group, affines, jacobians, num_idx)) {
|
853
|
+
return 0;
|
854
|
+
}
|
855
|
+
|
856
|
+
EC_SCALAR expected_c;
|
857
|
+
if (!hash_to_scalar_challenge(method, &expected_c, &pub->pubs,
|
858
|
+
&affines[idx_M], &affines[idx_Z],
|
859
|
+
&affines[idx_t2], &affines[idx_t3])) {
|
860
|
+
return 0;
|
861
|
+
}
|
862
|
+
|
863
|
+
// c == expected_c
|
864
|
+
if (!ec_scalar_equal_vartime(group, &c, &expected_c)) {
|
865
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_PROOF);
|
866
|
+
return 0;
|
867
|
+
}
|
868
|
+
|
869
|
+
return 1;
|
870
|
+
}
|
871
|
+
|
872
|
+
static int voprf_sign_impl(const VOPRF_METHOD *method,
|
873
|
+
const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb,
|
874
|
+
CBS *cbs, size_t num_requested, size_t num_to_issue,
|
875
|
+
const EC_SCALAR *proof_scalar) {
|
876
|
+
const EC_GROUP *group = method->group;
|
877
|
+
if (num_requested < num_to_issue) {
|
878
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
|
879
|
+
return 0;
|
880
|
+
}
|
881
|
+
|
882
|
+
if (num_to_issue > ((size_t)-1) / sizeof(EC_JACOBIAN) ||
|
883
|
+
num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) {
|
884
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
|
885
|
+
return 0;
|
886
|
+
}
|
887
|
+
|
888
|
+
int ret = 0;
|
889
|
+
EC_JACOBIAN *BTs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN));
|
890
|
+
EC_JACOBIAN *Zs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN));
|
891
|
+
EC_SCALAR *dis = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR));
|
892
|
+
if (!BTs || !Zs || !dis) {
|
893
|
+
goto err;
|
894
|
+
}
|
895
|
+
|
896
|
+
uint8_t seed[SHA384_DIGEST_LENGTH];
|
897
|
+
if (!compute_composite_seed(method, seed, &key->pubs)) {
|
898
|
+
goto err;
|
899
|
+
}
|
900
|
+
|
901
|
+
// This implements the BlindEvaluateBatch as defined in section 4 of
|
902
|
+
// draft-robert-privacypass-batched-tokens-01, based on the constructions
|
903
|
+
// in draft-irtf-cfrg-voprf-21. To optimize the computation of the proof,
|
904
|
+
// the computation of di is done during the token signing and passed into
|
905
|
+
// the proof generation.
|
906
|
+
for (size_t i = 0; i < num_to_issue; i++) {
|
907
|
+
EC_AFFINE BT_affine, Z_affine;
|
908
|
+
EC_JACOBIAN BT, Z;
|
909
|
+
if (!cbs_get_point(cbs, group, &BT_affine)) {
|
910
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
911
|
+
goto err;
|
912
|
+
}
|
913
|
+
ec_affine_to_jacobian(group, &BT, &BT_affine);
|
914
|
+
if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) ||
|
915
|
+
!ec_jacobian_to_affine(group, &Z_affine, &Z) ||
|
916
|
+
!cbb_add_point(cbb, group, &Z_affine)) {
|
917
|
+
goto err;
|
918
|
+
}
|
919
|
+
BTs[i] = BT;
|
920
|
+
Zs[i] = Z;
|
921
|
+
if (!compute_composite_element(method, seed, &dis[i], i, &BT_affine,
|
922
|
+
&Z_affine)) {
|
923
|
+
goto err;
|
924
|
+
}
|
925
|
+
|
926
|
+
if (!CBB_flush(cbb)) {
|
927
|
+
goto err;
|
928
|
+
}
|
929
|
+
}
|
930
|
+
|
931
|
+
EC_JACOBIAN M, Z;
|
932
|
+
if (!ec_point_mul_scalar_public_batch(group, &M,
|
933
|
+
/*g_scalar=*/NULL, BTs, dis,
|
934
|
+
num_to_issue) ||
|
935
|
+
!ec_point_mul_scalar(group, &Z, &M, &key->xs)) {
|
936
|
+
goto err;
|
937
|
+
}
|
938
|
+
|
939
|
+
CBB proof;
|
940
|
+
if (!CBB_add_u16_length_prefixed(cbb, &proof) ||
|
941
|
+
!generate_proof(method, &proof, key, proof_scalar, &M, &Z) ||
|
942
|
+
!CBB_flush(cbb)) {
|
943
|
+
goto err;
|
944
|
+
}
|
945
|
+
|
946
|
+
// Skip over any unused requests.
|
947
|
+
size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
|
948
|
+
if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) {
|
949
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
950
|
+
goto err;
|
951
|
+
}
|
952
|
+
|
953
|
+
ret = 1;
|
954
|
+
|
955
|
+
err:
|
956
|
+
OPENSSL_free(BTs);
|
957
|
+
OPENSSL_free(Zs);
|
958
|
+
OPENSSL_free(dis);
|
959
|
+
return ret;
|
960
|
+
}
|
961
|
+
|
962
|
+
static int voprf_sign(const VOPRF_METHOD *method,
|
963
|
+
const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
964
|
+
size_t num_requested, size_t num_to_issue) {
|
965
|
+
EC_SCALAR proof_scalar;
|
966
|
+
if (!ec_random_nonzero_scalar(method->group, &proof_scalar,
|
967
|
+
kDefaultAdditionalData)) {
|
968
|
+
return 0;
|
969
|
+
}
|
970
|
+
|
971
|
+
return voprf_sign_impl(method, key, cbb, cbs, num_requested, num_to_issue,
|
972
|
+
&proof_scalar);
|
973
|
+
}
|
974
|
+
|
975
|
+
static int voprf_sign_with_proof_scalar_for_testing(
|
976
|
+
const VOPRF_METHOD *method, const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb,
|
977
|
+
CBS *cbs, size_t num_requested, size_t num_to_issue,
|
978
|
+
const uint8_t *proof_scalar_buf, size_t proof_scalar_len) {
|
979
|
+
EC_SCALAR proof_scalar;
|
980
|
+
if (!ec_scalar_from_bytes(method->group, &proof_scalar, proof_scalar_buf,
|
981
|
+
proof_scalar_len)) {
|
982
|
+
return 0;
|
983
|
+
}
|
984
|
+
return voprf_sign_impl(method, key, cbb, cbs, num_requested, num_to_issue,
|
985
|
+
&proof_scalar);
|
986
|
+
}
|
987
|
+
|
988
|
+
static STACK_OF(TRUST_TOKEN) *voprf_unblind(
|
989
|
+
const VOPRF_METHOD *method, const TRUST_TOKEN_CLIENT_KEY *key,
|
990
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
|
991
|
+
uint32_t key_id) {
|
992
|
+
const EC_GROUP *group = method->group;
|
993
|
+
if (count > sk_TRUST_TOKEN_PRETOKEN_num(pretokens)) {
|
994
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
995
|
+
return NULL;
|
996
|
+
}
|
997
|
+
|
998
|
+
if (count > ((size_t)-1) / sizeof(EC_JACOBIAN) ||
|
999
|
+
count > ((size_t)-1) / sizeof(EC_SCALAR)) {
|
1000
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
|
1001
|
+
return NULL;
|
1002
|
+
}
|
1003
|
+
|
1004
|
+
int ok = 0;
|
1005
|
+
STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null();
|
1006
|
+
EC_JACOBIAN *BTs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN));
|
1007
|
+
EC_JACOBIAN *Zs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN));
|
1008
|
+
EC_SCALAR *dis = OPENSSL_malloc(count * sizeof(EC_SCALAR));
|
1009
|
+
if (ret == NULL || !BTs || !Zs || !dis) {
|
1010
|
+
goto err;
|
1011
|
+
}
|
1012
|
+
|
1013
|
+
uint8_t seed[SHA384_DIGEST_LENGTH];
|
1014
|
+
if (!compute_composite_seed(method, seed, &key->pubs)) {
|
1015
|
+
goto err;
|
1016
|
+
}
|
1017
|
+
|
1018
|
+
for (size_t i = 0; i < count; i++) {
|
1019
|
+
const TRUST_TOKEN_PRETOKEN *pretoken =
|
1020
|
+
sk_TRUST_TOKEN_PRETOKEN_value(pretokens, i);
|
1021
|
+
|
1022
|
+
EC_AFFINE Z_affine;
|
1023
|
+
if (!cbs_get_point(cbs, group, &Z_affine)) {
|
1024
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
1025
|
+
goto err;
|
1026
|
+
}
|
1027
|
+
|
1028
|
+
ec_affine_to_jacobian(group, &BTs[i], &pretoken->Tp);
|
1029
|
+
ec_affine_to_jacobian(group, &Zs[i], &Z_affine);
|
1030
|
+
if (!compute_composite_element(method, seed, &dis[i], i, &pretoken->Tp,
|
1031
|
+
&Z_affine)) {
|
1032
|
+
goto err;
|
1033
|
+
}
|
1034
|
+
|
1035
|
+
// Unblind the token.
|
1036
|
+
// pretoken->r is rinv.
|
1037
|
+
EC_JACOBIAN N;
|
1038
|
+
EC_AFFINE N_affine;
|
1039
|
+
if (!ec_point_mul_scalar(group, &N, &Zs[i], &pretoken->r) ||
|
1040
|
+
!ec_jacobian_to_affine(group, &N_affine, &N)) {
|
1041
|
+
goto err;
|
1042
|
+
}
|
1043
|
+
|
1044
|
+
// Serialize the token. Include |key_id| to avoid an extra copy in the layer
|
1045
|
+
// above.
|
1046
|
+
CBB token_cbb;
|
1047
|
+
size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
|
1048
|
+
if (!CBB_init(&token_cbb, 4 + TRUST_TOKEN_NONCE_SIZE + (2 + point_len)) ||
|
1049
|
+
!CBB_add_u32(&token_cbb, key_id) ||
|
1050
|
+
!CBB_add_bytes(&token_cbb, pretoken->salt, TRUST_TOKEN_NONCE_SIZE) ||
|
1051
|
+
!cbb_add_point(&token_cbb, group, &N_affine) ||
|
1052
|
+
!CBB_flush(&token_cbb)) {
|
1053
|
+
CBB_cleanup(&token_cbb);
|
1054
|
+
goto err;
|
1055
|
+
}
|
1056
|
+
|
1057
|
+
TRUST_TOKEN *token =
|
1058
|
+
TRUST_TOKEN_new(CBB_data(&token_cbb), CBB_len(&token_cbb));
|
1059
|
+
CBB_cleanup(&token_cbb);
|
1060
|
+
if (token == NULL ||
|
1061
|
+
!sk_TRUST_TOKEN_push(ret, token)) {
|
1062
|
+
TRUST_TOKEN_free(token);
|
1063
|
+
goto err;
|
1064
|
+
}
|
1065
|
+
}
|
1066
|
+
|
1067
|
+
EC_JACOBIAN M, Z;
|
1068
|
+
if (!ec_point_mul_scalar_public_batch(group, &M,
|
1069
|
+
/*g_scalar=*/NULL, BTs, dis,
|
1070
|
+
count) ||
|
1071
|
+
!ec_point_mul_scalar_public_batch(group, &Z,
|
1072
|
+
/*g_scalar=*/NULL, Zs, dis,
|
1073
|
+
count)) {
|
1074
|
+
goto err;
|
1075
|
+
}
|
1076
|
+
|
1077
|
+
CBS proof;
|
1078
|
+
if (!CBS_get_u16_length_prefixed(cbs, &proof) ||
|
1079
|
+
!verify_proof(method, &proof, key, &M, &Z) ||
|
1080
|
+
CBS_len(&proof) != 0) {
|
1081
|
+
goto err;
|
1082
|
+
}
|
1083
|
+
|
1084
|
+
ok = 1;
|
1085
|
+
|
1086
|
+
err:
|
1087
|
+
OPENSSL_free(BTs);
|
1088
|
+
OPENSSL_free(Zs);
|
1089
|
+
OPENSSL_free(dis);
|
1090
|
+
if (!ok) {
|
1091
|
+
sk_TRUST_TOKEN_pop_free(ret, TRUST_TOKEN_free);
|
1092
|
+
ret = NULL;
|
1093
|
+
}
|
1094
|
+
return ret;
|
1095
|
+
}
|
1096
|
+
|
676
1097
|
static int voprf_read(const VOPRF_METHOD *method,
|
677
1098
|
const TRUST_TOKEN_ISSUER_KEY *key,
|
678
1099
|
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
@@ -701,12 +1122,12 @@ static int voprf_read(const VOPRF_METHOD *method,
|
|
701
1122
|
}
|
702
1123
|
|
703
1124
|
|
704
|
-
|
1125
|
+
EC_JACOBIAN T;
|
705
1126
|
if (!method->hash_to_group(group, &T, out_nonce)) {
|
706
1127
|
return 0;
|
707
1128
|
}
|
708
1129
|
|
709
|
-
|
1130
|
+
EC_JACOBIAN Ws_calculated;
|
710
1131
|
if (!ec_point_mul_scalar(group, &Ws_calculated, &T, &key->xs) ||
|
711
1132
|
!ec_affine_jacobian_equal(group, &Ws, &Ws_calculated)) {
|
712
1133
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BAD_VALIDITY_CHECK);
|
@@ -719,7 +1140,7 @@ static int voprf_read(const VOPRF_METHOD *method,
|
|
719
1140
|
|
720
1141
|
// VOPRF experiment v2.
|
721
1142
|
|
722
|
-
static int voprf_exp2_hash_to_group(const EC_GROUP *group,
|
1143
|
+
static int voprf_exp2_hash_to_group(const EC_GROUP *group, EC_JACOBIAN *out,
|
723
1144
|
const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) {
|
724
1145
|
const uint8_t kHashTLabel[] = "TrustToken VOPRF Experiment V2 HashToGroup";
|
725
1146
|
return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
@@ -804,8 +1225,8 @@ int voprf_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
|
804
1225
|
if (!voprf_exp2_init_method() || private_metadata != 0) {
|
805
1226
|
return 0;
|
806
1227
|
}
|
807
|
-
return
|
808
|
-
|
1228
|
+
return voprf_sign_tt(&voprf_exp2_method, key, cbb, cbs, num_requested,
|
1229
|
+
num_to_issue);
|
809
1230
|
}
|
810
1231
|
|
811
1232
|
STACK_OF(TRUST_TOKEN) *voprf_exp2_unblind(
|
@@ -815,7 +1236,8 @@ STACK_OF(TRUST_TOKEN) *voprf_exp2_unblind(
|
|
815
1236
|
if (!voprf_exp2_init_method()) {
|
816
1237
|
return NULL;
|
817
1238
|
}
|
818
|
-
return
|
1239
|
+
return voprf_unblind_tt(&voprf_exp2_method, key, pretokens, cbs, count,
|
1240
|
+
key_id);
|
819
1241
|
}
|
820
1242
|
|
821
1243
|
int voprf_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
@@ -829,3 +1251,130 @@ int voprf_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
|
829
1251
|
return voprf_read(&voprf_exp2_method, key, out_nonce, token, token_len,
|
830
1252
|
include_message, msg, msg_len);
|
831
1253
|
}
|
1254
|
+
|
1255
|
+
// VOPRF PST v1.
|
1256
|
+
|
1257
|
+
static int voprf_pst1_hash_to_group(const EC_GROUP *group, EC_JACOBIAN *out,
|
1258
|
+
const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) {
|
1259
|
+
const uint8_t kHashTLabel[] = "HashToGroup-OPRFV1-\x01-P384-SHA384";
|
1260
|
+
return ec_hash_to_curve_p384_xmd_sha384_sswu(group, out, kHashTLabel,
|
1261
|
+
sizeof(kHashTLabel) - 1, t,
|
1262
|
+
TRUST_TOKEN_NONCE_SIZE);
|
1263
|
+
}
|
1264
|
+
|
1265
|
+
static int voprf_pst1_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
|
1266
|
+
uint8_t *buf, size_t len) {
|
1267
|
+
const uint8_t kHashCLabel[] = "HashToScalar-OPRFV1-\x01-P384-SHA384";
|
1268
|
+
return ec_hash_to_scalar_p384_xmd_sha384(group, out, kHashCLabel,
|
1269
|
+
sizeof(kHashCLabel) - 1, buf, len);
|
1270
|
+
}
|
1271
|
+
|
1272
|
+
static int voprf_pst1_ok = 0;
|
1273
|
+
static VOPRF_METHOD voprf_pst1_method;
|
1274
|
+
static CRYPTO_once_t voprf_pst1_method_once = CRYPTO_ONCE_INIT;
|
1275
|
+
|
1276
|
+
static void voprf_pst1_init_method_impl(void) {
|
1277
|
+
voprf_pst1_ok =
|
1278
|
+
voprf_init_method(&voprf_pst1_method, NID_secp384r1,
|
1279
|
+
voprf_pst1_hash_to_group, voprf_pst1_hash_to_scalar);
|
1280
|
+
}
|
1281
|
+
|
1282
|
+
static int voprf_pst1_init_method(void) {
|
1283
|
+
CRYPTO_once(&voprf_pst1_method_once, voprf_pst1_init_method_impl);
|
1284
|
+
if (!voprf_pst1_ok) {
|
1285
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
|
1286
|
+
return 0;
|
1287
|
+
}
|
1288
|
+
return 1;
|
1289
|
+
}
|
1290
|
+
|
1291
|
+
int voprf_pst1_generate_key(CBB *out_private, CBB *out_public) {
|
1292
|
+
if (!voprf_pst1_init_method()) {
|
1293
|
+
return 0;
|
1294
|
+
}
|
1295
|
+
|
1296
|
+
return voprf_generate_key(&voprf_pst1_method, out_private, out_public);
|
1297
|
+
}
|
1298
|
+
|
1299
|
+
int voprf_pst1_derive_key_from_secret(CBB *out_private, CBB *out_public,
|
1300
|
+
const uint8_t *secret,
|
1301
|
+
size_t secret_len) {
|
1302
|
+
if (!voprf_pst1_init_method()) {
|
1303
|
+
return 0;
|
1304
|
+
}
|
1305
|
+
|
1306
|
+
return voprf_derive_key_from_secret(&voprf_pst1_method, out_private,
|
1307
|
+
out_public, secret, secret_len);
|
1308
|
+
}
|
1309
|
+
|
1310
|
+
int voprf_pst1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
|
1311
|
+
const uint8_t *in, size_t len) {
|
1312
|
+
if (!voprf_pst1_init_method()) {
|
1313
|
+
return 0;
|
1314
|
+
}
|
1315
|
+
return voprf_client_key_from_bytes(&voprf_pst1_method, key, in, len);
|
1316
|
+
}
|
1317
|
+
|
1318
|
+
int voprf_pst1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
|
1319
|
+
const uint8_t *in, size_t len) {
|
1320
|
+
if (!voprf_pst1_init_method()) {
|
1321
|
+
return 0;
|
1322
|
+
}
|
1323
|
+
return voprf_issuer_key_from_bytes(&voprf_pst1_method, key, in, len);
|
1324
|
+
}
|
1325
|
+
|
1326
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_pst1_blind(CBB *cbb, size_t count,
|
1327
|
+
int include_message,
|
1328
|
+
const uint8_t *msg,
|
1329
|
+
size_t msg_len) {
|
1330
|
+
if (!voprf_pst1_init_method()) {
|
1331
|
+
return NULL;
|
1332
|
+
}
|
1333
|
+
return voprf_blind(&voprf_pst1_method, cbb, count, include_message, msg,
|
1334
|
+
msg_len);
|
1335
|
+
}
|
1336
|
+
|
1337
|
+
int voprf_pst1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
1338
|
+
size_t num_requested, size_t num_to_issue,
|
1339
|
+
uint8_t private_metadata) {
|
1340
|
+
if (!voprf_pst1_init_method() || private_metadata != 0) {
|
1341
|
+
return 0;
|
1342
|
+
}
|
1343
|
+
return voprf_sign(&voprf_pst1_method, key, cbb, cbs, num_requested,
|
1344
|
+
num_to_issue);
|
1345
|
+
}
|
1346
|
+
|
1347
|
+
|
1348
|
+
int voprf_pst1_sign_with_proof_scalar_for_testing(
|
1349
|
+
const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested,
|
1350
|
+
size_t num_to_issue, uint8_t private_metadata,
|
1351
|
+
const uint8_t *proof_scalar_buf, size_t proof_scalar_len) {
|
1352
|
+
if (!voprf_pst1_init_method() || private_metadata != 0) {
|
1353
|
+
return 0;
|
1354
|
+
}
|
1355
|
+
return voprf_sign_with_proof_scalar_for_testing(
|
1356
|
+
&voprf_pst1_method, key, cbb, cbs, num_requested, num_to_issue,
|
1357
|
+
proof_scalar_buf, proof_scalar_len);
|
1358
|
+
}
|
1359
|
+
|
1360
|
+
STACK_OF(TRUST_TOKEN) *voprf_pst1_unblind(
|
1361
|
+
const TRUST_TOKEN_CLIENT_KEY *key,
|
1362
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
|
1363
|
+
uint32_t key_id) {
|
1364
|
+
if (!voprf_pst1_init_method()) {
|
1365
|
+
return NULL;
|
1366
|
+
}
|
1367
|
+
return voprf_unblind(&voprf_pst1_method, key, pretokens, cbs, count, key_id);
|
1368
|
+
}
|
1369
|
+
|
1370
|
+
int voprf_pst1_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
1371
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
1372
|
+
uint8_t *out_private_metadata, const uint8_t *token,
|
1373
|
+
size_t token_len, int include_message, const uint8_t *msg,
|
1374
|
+
size_t msg_len) {
|
1375
|
+
if (!voprf_pst1_init_method()) {
|
1376
|
+
return 0;
|
1377
|
+
}
|
1378
|
+
return voprf_read(&voprf_pst1_method, key, out_nonce, token, token_len,
|
1379
|
+
include_message, msg, msg_len);
|
1380
|
+
}
|