grpc 1.55.3 → 1.56.0.pre3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +100 -70
- data/include/grpc/event_engine/event_engine.h +4 -3
- data/include/grpc/grpc_audit_logging.h +96 -0
- data/include/grpc/module.modulemap +2 -0
- data/include/grpc/support/json.h +218 -0
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +5 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -0
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +4 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +82 -98
- data/src/core/ext/filters/client_channel/client_channel.h +4 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +19 -18
- data/src/core/ext/filters/client_channel/client_channel_internal.h +16 -21
- data/src/core/ext/filters/client_channel/config_selector.h +9 -24
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +3 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +5 -4
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +2 -7
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +52 -20
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +23 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -6
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +16 -7
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +18 -1
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +12 -9
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +36 -13
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +76 -6
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +32 -39
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +4 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +52 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +14 -16
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -43
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +7 -12
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +12 -19
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +35 -33
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +29 -4
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +28 -27
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +163 -46
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +16 -1
- data/src/core/ext/filters/client_channel/retry_service_config.cc +1 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +10 -40
- data/src/core/ext/filters/client_channel/subchannel.cc +10 -196
- data/src/core/ext/filters/client_channel/subchannel.h +3 -43
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +5 -5
- data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +100 -6
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -8
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +3 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +16 -1
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +46 -95
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +543 -567
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +9 -150
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +32 -46
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +5 -18
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -15
- data/src/core/ext/transport/chttp2/transport/parsing.cc +12 -12
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +11 -2
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +15 -0
- data/src/core/ext/xds/certificate_provider_store.cc +4 -9
- data/src/core/ext/xds/certificate_provider_store.h +1 -1
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +30 -42
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +14 -9
- data/src/core/ext/xds/xds_api.cc +9 -6
- data/src/core/ext/xds/xds_api.h +3 -2
- data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
- data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +21 -9
- data/src/core/ext/xds/xds_bootstrap_grpc.h +5 -0
- data/src/core/ext/xds/xds_client.cc +5 -4
- data/src/core/ext/xds/xds_client_stats.h +1 -1
- data/src/core/ext/xds/xds_cluster.cc +20 -19
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +11 -8
- data/src/core/ext/xds/xds_common_types.cc +3 -1
- data/src/core/ext/xds/xds_http_fault_filter.cc +16 -13
- data/src/core/ext/xds/xds_http_fault_filter.h +2 -1
- data/src/core/ext/xds/xds_http_filters.h +4 -2
- data/src/core/ext/xds/xds_http_rbac_filter.cc +154 -67
- data/src/core/ext/xds/xds_http_rbac_filter.h +2 -1
- data/src/core/ext/xds/xds_http_stateful_session_filter.cc +15 -11
- data/src/core/ext/xds/xds_http_stateful_session_filter.h +2 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +22 -16
- data/src/core/ext/xds/xds_listener.cc +1 -0
- data/src/core/ext/xds/xds_route_config.cc +40 -3
- data/src/core/ext/xds/xds_routing.cc +2 -2
- data/src/core/ext/xds/xds_transport_grpc.cc +3 -1
- data/src/core/lib/avl/avl.h +5 -0
- data/src/core/lib/backoff/random_early_detection.h +0 -5
- data/src/core/lib/channel/channel_args.cc +80 -22
- data/src/core/lib/channel/channel_args.h +34 -1
- data/src/core/lib/channel/channel_trace.cc +16 -12
- data/src/core/lib/channel/channelz.cc +159 -132
- data/src/core/lib/channel/channelz.h +42 -35
- data/src/core/lib/channel/channelz_registry.cc +23 -20
- data/src/core/lib/channel/connected_channel.cc +17 -6
- data/src/core/lib/channel/promise_based_filter.cc +0 -4
- data/src/core/lib/channel/promise_based_filter.h +2 -0
- data/src/core/lib/compression/compression_internal.cc +2 -5
- data/src/core/lib/config/config_vars.cc +20 -18
- data/src/core/lib/config/config_vars.h +4 -4
- data/src/core/lib/config/load_config.cc +13 -0
- data/src/core/lib/config/load_config.h +6 -0
- data/src/core/lib/debug/event_log.h +1 -1
- data/src/core/lib/debug/stats_data.h +1 -1
- data/src/core/lib/debug/trace.cc +24 -55
- data/src/core/lib/debug/trace.h +3 -1
- data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
- data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
- data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
- data/src/core/lib/event_engine/default_event_engine.cc +13 -1
- data/src/core/lib/event_engine/default_event_engine_factory.cc +14 -2
- data/src/core/lib/event_engine/poller.h +2 -2
- data/src/core/lib/event_engine/posix.h +4 -0
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +7 -18
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +9 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +3 -2
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +1 -2
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +4 -33
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +7 -11
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +1 -1
- data/src/core/lib/event_engine/shim.cc +7 -1
- data/src/core/lib/event_engine/{thread_pool.cc → thread_pool/original_thread_pool.cc} +28 -25
- data/src/core/lib/event_engine/{thread_pool.h → thread_pool/original_thread_pool.h} +11 -15
- data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
- data/src/core/lib/event_engine/{executor/executor.h → thread_pool/thread_pool_factory.cc} +17 -15
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +108 -0
- data/src/core/lib/event_engine/windows/iocp.cc +4 -3
- data/src/core/lib/event_engine/windows/iocp.h +3 -3
- data/src/core/lib/event_engine/windows/win_socket.cc +6 -6
- data/src/core/lib/event_engine/windows/win_socket.h +4 -4
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +11 -10
- data/src/core/lib/event_engine/windows/windows_endpoint.h +3 -2
- data/src/core/lib/event_engine/windows/windows_engine.cc +19 -17
- data/src/core/lib/event_engine/windows/windows_engine.h +6 -6
- data/src/core/lib/event_engine/windows/windows_listener.cc +3 -3
- data/src/core/lib/event_engine/windows/windows_listener.h +3 -2
- data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
- data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
- data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
- data/src/core/lib/experiments/config.cc +38 -7
- data/src/core/lib/experiments/config.h +16 -0
- data/src/core/lib/experiments/experiments.cc +67 -20
- data/src/core/lib/experiments/experiments.h +27 -21
- data/src/core/lib/gpr/log_internal.h +55 -0
- data/src/core/lib/gprpp/crash.cc +10 -0
- data/src/core/lib/gprpp/crash.h +3 -0
- data/src/core/lib/gprpp/per_cpu.cc +33 -0
- data/src/core/lib/gprpp/per_cpu.h +29 -6
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +10 -8
- data/src/core/lib/iomgr/ev_apple.cc +12 -12
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +10 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +15 -1
- data/src/core/lib/iomgr/iocp_windows.cc +24 -3
- data/src/core/lib/iomgr/iocp_windows.h +11 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -2
- data/src/core/lib/iomgr/socket_windows.cc +61 -7
- data/src/core/lib/iomgr/socket_windows.h +9 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -3
- data/src/core/lib/iomgr/tcp_server_posix.cc +156 -140
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -13
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +0 -21
- data/src/core/lib/iomgr/tcp_server_windows.cc +1 -1
- data/src/core/lib/json/json.h +2 -166
- data/src/core/lib/json/json_object_loader.cc +8 -9
- data/src/core/lib/json/json_object_loader.h +25 -18
- data/src/core/lib/json/json_reader.cc +13 -6
- data/src/core/lib/json/json_util.cc +6 -11
- data/src/core/lib/json/json_writer.cc +7 -8
- data/src/core/lib/load_balancing/lb_policy.h +13 -0
- data/src/core/lib/load_balancing/lb_policy_registry.cc +2 -1
- data/src/core/lib/matchers/matchers.cc +3 -4
- data/src/core/lib/matchers/matchers.h +2 -1
- data/src/core/lib/promise/activity.cc +5 -0
- data/src/core/lib/promise/activity.h +10 -0
- data/src/core/lib/promise/detail/promise_factory.h +1 -1
- data/src/core/lib/promise/party.cc +31 -13
- data/src/core/lib/promise/party.h +11 -2
- data/src/core/lib/promise/pipe.h +9 -2
- data/src/core/lib/promise/prioritized_race.h +95 -0
- data/src/core/lib/promise/sleep.cc +2 -1
- data/src/core/lib/resolver/server_address.cc +0 -8
- data/src/core/lib/resolver/server_address.h +0 -6
- data/src/core/lib/resource_quota/memory_quota.cc +7 -7
- data/src/core/lib/resource_quota/memory_quota.h +1 -2
- data/src/core/lib/security/authorization/audit_logging.cc +98 -0
- data/src/core/lib/security/authorization/audit_logging.h +73 -0
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -2
- data/src/core/lib/security/authorization/grpc_authorization_engine.h +18 -1
- data/src/core/lib/security/authorization/rbac_policy.cc +36 -4
- data/src/core/lib/security/authorization/rbac_policy.h +19 -2
- data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
- data/src/core/lib/security/authorization/stdout_logger.h +61 -0
- data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +8 -4
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +8 -18
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +14 -8
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +19 -12
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +4 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +1 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +15 -14
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +4 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +1 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +1 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -5
- data/src/core/lib/security/util/json_util.cc +1 -0
- data/src/core/lib/service_config/service_config_call_data.h +49 -20
- data/src/core/lib/service_config/service_config_impl.cc +2 -1
- data/src/core/lib/surface/call.cc +38 -23
- data/src/core/lib/surface/completion_queue.cc +6 -2
- data/src/core/lib/surface/validate_metadata.cc +22 -37
- data/src/core/lib/surface/validate_metadata.h +3 -13
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +15 -12
- data/src/core/lib/transport/batch_builder.h +39 -35
- data/src/core/plugin_registry/grpc_plugin_registry.cc +0 -2
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -0
- data/src/ruby/ext/grpc/extconf.rb +8 -9
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +5 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +31 -22
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_openbsd.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +18 -6
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +15 -7
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +24 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +74 -74
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +11 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +12 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +14 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +23 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +2 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +115 -133
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +57 -47
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +21 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +5 -288
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +143 -83
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +95 -183
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +71 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +33 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +162 -6
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +18 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +18 -11
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +6 -13
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +18 -14
- data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +77 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +218 -44
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +588 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +27 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +17 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +39 -48
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +0 -140
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +72 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +11 -14
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +33 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +3 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +14 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +5 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +6 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +32 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +0 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +28 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +2 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +91 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +149 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +774 -615
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +42 -10
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +11 -6
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -4
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +24 -16
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +65 -18
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +37 -18
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +187 -193
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +13 -129
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +85 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +17 -4
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +5 -21
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -2
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
- data/third_party/cares/cares/include/ares.h +23 -1
- data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
- data/third_party/cares/cares/include/ares_rules.h +2 -2
- data/third_party/cares/cares/include/ares_version.h +3 -3
- data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
- data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
- data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
- data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
- data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
- data/third_party/cares/cares/src/lib/ares_data.c +16 -0
- data/third_party/cares/cares/src/lib/ares_data.h +7 -0
- data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
- data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
- data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
- data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
- data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
- data/third_party/cares/cares/src/lib/ares_init.c +97 -485
- data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
- data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
- data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
- data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
- data/third_party/cares/cares/src/lib/ares_private.h +30 -16
- data/third_party/cares/cares/src/lib/ares_process.c +55 -16
- data/third_party/cares/cares/src/lib/ares_query.c +1 -35
- data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
- data/third_party/cares/cares/src/lib/ares_send.c +5 -7
- data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
- data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
- data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
- data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
- data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
- metadata +50 -16
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -175
- data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.cc +0 -176
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +0 -325
- data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
|
@@ -29,7 +29,7 @@
|
|
|
29
29
|
#include "internal.h"
|
|
30
30
|
|
|
31
31
|
|
|
32
|
-
typedef int (*hash_to_group_func_t)(const EC_GROUP *group,
|
|
32
|
+
typedef int (*hash_to_group_func_t)(const EC_GROUP *group, EC_JACOBIAN *out,
|
|
33
33
|
const uint8_t t[TRUST_TOKEN_NONCE_SIZE]);
|
|
34
34
|
typedef int (*hash_to_scalar_func_t)(const EC_GROUP *group, EC_SCALAR *out,
|
|
35
35
|
uint8_t *buf, size_t len);
|
|
@@ -63,18 +63,24 @@ static int voprf_init_method(VOPRF_METHOD *method, int curve_nid,
|
|
|
63
63
|
|
|
64
64
|
static int cbb_add_point(CBB *out, const EC_GROUP *group,
|
|
65
65
|
const EC_AFFINE *point) {
|
|
66
|
-
size_t len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
|
|
67
|
-
if (len == 0) {
|
|
68
|
-
return 0;
|
|
69
|
-
}
|
|
70
|
-
|
|
71
66
|
uint8_t *p;
|
|
67
|
+
size_t len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
|
|
72
68
|
return CBB_add_space(out, &p, len) &&
|
|
73
69
|
ec_point_to_bytes(group, point, POINT_CONVERSION_UNCOMPRESSED, p,
|
|
74
70
|
len) == len &&
|
|
75
71
|
CBB_flush(out);
|
|
76
72
|
}
|
|
77
73
|
|
|
74
|
+
static int cbb_serialize_point(CBB *out, const EC_GROUP *group,
|
|
75
|
+
const EC_AFFINE *point) {
|
|
76
|
+
uint8_t *p;
|
|
77
|
+
size_t len = ec_point_byte_len(group, POINT_CONVERSION_COMPRESSED);
|
|
78
|
+
return CBB_add_u16(out, len) && CBB_add_space(out, &p, len) &&
|
|
79
|
+
ec_point_to_bytes(group, point, POINT_CONVERSION_COMPRESSED, p, len) ==
|
|
80
|
+
len &&
|
|
81
|
+
CBB_flush(out);
|
|
82
|
+
}
|
|
83
|
+
|
|
78
84
|
static int cbs_get_point(CBS *cbs, const EC_GROUP *group, EC_AFFINE *out) {
|
|
79
85
|
CBS child;
|
|
80
86
|
size_t plen = 1 + 2 * BN_num_bytes(&group->field);
|
|
@@ -112,7 +118,7 @@ static int scalar_from_cbs(CBS *cbs, const EC_GROUP *group, EC_SCALAR *out) {
|
|
|
112
118
|
static int voprf_calculate_key(const VOPRF_METHOD *method, CBB *out_private,
|
|
113
119
|
CBB *out_public, const EC_SCALAR *priv) {
|
|
114
120
|
const EC_GROUP *group = method->group;
|
|
115
|
-
|
|
121
|
+
EC_JACOBIAN pub;
|
|
116
122
|
EC_AFFINE pub_affine;
|
|
117
123
|
if (!ec_point_mul_scalar_base(group, &pub, priv) ||
|
|
118
124
|
!ec_jacobian_to_affine(group, &pub_affine, &pub)) {
|
|
@@ -191,7 +197,7 @@ static int voprf_issuer_key_from_bytes(const VOPRF_METHOD *method,
|
|
|
191
197
|
}
|
|
192
198
|
|
|
193
199
|
// Recompute the public key.
|
|
194
|
-
|
|
200
|
+
EC_JACOBIAN pub;
|
|
195
201
|
if (!ec_point_mul_scalar_base(group, &pub, &key->xs) ||
|
|
196
202
|
!ec_jacobian_to_affine(group, &key->pubs, &pub)) {
|
|
197
203
|
return 0;
|
|
@@ -249,7 +255,7 @@ static STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_blind(const VOPRF_METHOD *method,
|
|
|
249
255
|
ec_scalar_from_montgomery(group, &pretoken->r, &pretoken->r);
|
|
250
256
|
|
|
251
257
|
// Tp is the blinded token in the VOPRF protocol.
|
|
252
|
-
|
|
258
|
+
EC_JACOBIAN P, Tp;
|
|
253
259
|
if (!method->hash_to_group(group, &P, pretoken->t) ||
|
|
254
260
|
!ec_point_mul_scalar(group, &Tp, &P, &r) ||
|
|
255
261
|
!ec_jacobian_to_affine(group, &pretoken->Tp, &Tp)) {
|
|
@@ -299,6 +305,30 @@ err:
|
|
|
299
305
|
return ok;
|
|
300
306
|
}
|
|
301
307
|
|
|
308
|
+
static int hash_to_scalar_challenge(const VOPRF_METHOD *method, EC_SCALAR *out,
|
|
309
|
+
const EC_AFFINE *Bm, const EC_AFFINE *a0,
|
|
310
|
+
const EC_AFFINE *a1, const EC_AFFINE *a2,
|
|
311
|
+
const EC_AFFINE *a3) {
|
|
312
|
+
static const uint8_t kChallengeLabel[] = "Challenge";
|
|
313
|
+
|
|
314
|
+
CBB cbb;
|
|
315
|
+
uint8_t transcript[5 * EC_MAX_COMPRESSED + 2 + sizeof(kChallengeLabel) - 1];
|
|
316
|
+
size_t len;
|
|
317
|
+
if (!CBB_init_fixed(&cbb, transcript, sizeof(transcript)) ||
|
|
318
|
+
!cbb_serialize_point(&cbb, method->group, Bm) ||
|
|
319
|
+
!cbb_serialize_point(&cbb, method->group, a0) ||
|
|
320
|
+
!cbb_serialize_point(&cbb, method->group, a1) ||
|
|
321
|
+
!cbb_serialize_point(&cbb, method->group, a2) ||
|
|
322
|
+
!cbb_serialize_point(&cbb, method->group, a3) ||
|
|
323
|
+
!CBB_add_bytes(&cbb, kChallengeLabel, sizeof(kChallengeLabel) - 1) ||
|
|
324
|
+
!CBB_finish(&cbb, NULL, &len) ||
|
|
325
|
+
!method->hash_to_scalar(method->group, out, transcript, len)) {
|
|
326
|
+
return 0;
|
|
327
|
+
}
|
|
328
|
+
|
|
329
|
+
return 1;
|
|
330
|
+
}
|
|
331
|
+
|
|
302
332
|
static int hash_to_scalar_batch(const VOPRF_METHOD *method, EC_SCALAR *out,
|
|
303
333
|
const CBB *points, size_t index) {
|
|
304
334
|
static const uint8_t kDLEQBatchLabel[] = "DLEQ BATCH";
|
|
@@ -332,7 +362,7 @@ err:
|
|
|
332
362
|
|
|
333
363
|
static int dleq_generate(const VOPRF_METHOD *method, CBB *cbb,
|
|
334
364
|
const TRUST_TOKEN_ISSUER_KEY *priv,
|
|
335
|
-
const
|
|
365
|
+
const EC_JACOBIAN *T, const EC_JACOBIAN *W) {
|
|
336
366
|
const EC_GROUP *group = method->group;
|
|
337
367
|
|
|
338
368
|
enum {
|
|
@@ -342,7 +372,7 @@ static int dleq_generate(const VOPRF_METHOD *method, CBB *cbb,
|
|
|
342
372
|
idx_k1,
|
|
343
373
|
num_idx,
|
|
344
374
|
};
|
|
345
|
-
|
|
375
|
+
EC_JACOBIAN jacobians[num_idx];
|
|
346
376
|
|
|
347
377
|
// Setup the DLEQ proof.
|
|
348
378
|
EC_SCALAR r;
|
|
@@ -387,18 +417,18 @@ static int dleq_generate(const VOPRF_METHOD *method, CBB *cbb,
|
|
|
387
417
|
return 1;
|
|
388
418
|
}
|
|
389
419
|
|
|
390
|
-
static int mul_public_2(const EC_GROUP *group,
|
|
391
|
-
const
|
|
392
|
-
const
|
|
393
|
-
|
|
420
|
+
static int mul_public_2(const EC_GROUP *group, EC_JACOBIAN *out,
|
|
421
|
+
const EC_JACOBIAN *p0, const EC_SCALAR *scalar0,
|
|
422
|
+
const EC_JACOBIAN *p1, const EC_SCALAR *scalar1) {
|
|
423
|
+
EC_JACOBIAN points[2] = {*p0, *p1};
|
|
394
424
|
EC_SCALAR scalars[2] = {*scalar0, *scalar1};
|
|
395
425
|
return ec_point_mul_scalar_public_batch(group, out, /*g_scalar=*/NULL, points,
|
|
396
426
|
scalars, 2);
|
|
397
427
|
}
|
|
398
428
|
|
|
399
429
|
static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs,
|
|
400
|
-
const TRUST_TOKEN_CLIENT_KEY *pub, const
|
|
401
|
-
const
|
|
430
|
+
const TRUST_TOKEN_CLIENT_KEY *pub, const EC_JACOBIAN *T,
|
|
431
|
+
const EC_JACOBIAN *W) {
|
|
402
432
|
const EC_GROUP *group = method->group;
|
|
403
433
|
|
|
404
434
|
|
|
@@ -409,7 +439,7 @@ static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs,
|
|
|
409
439
|
idx_k1,
|
|
410
440
|
num_idx,
|
|
411
441
|
};
|
|
412
|
-
|
|
442
|
+
EC_JACOBIAN jacobians[num_idx];
|
|
413
443
|
|
|
414
444
|
// Decode the DLEQ proof.
|
|
415
445
|
EC_SCALAR c, u;
|
|
@@ -420,7 +450,7 @@ static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs,
|
|
|
420
450
|
}
|
|
421
451
|
|
|
422
452
|
// k0;k1 = u*(G;T) - c*(pub;W)
|
|
423
|
-
|
|
453
|
+
EC_JACOBIAN pubs;
|
|
424
454
|
ec_affine_to_jacobian(group, &pubs, &pub->pubs);
|
|
425
455
|
EC_SCALAR minus_c;
|
|
426
456
|
ec_scalar_neg(group, &minus_c, &c);
|
|
@@ -455,24 +485,24 @@ static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs,
|
|
|
455
485
|
return 1;
|
|
456
486
|
}
|
|
457
487
|
|
|
458
|
-
static int
|
|
459
|
-
|
|
460
|
-
|
|
488
|
+
static int voprf_sign_tt(const VOPRF_METHOD *method,
|
|
489
|
+
const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
|
490
|
+
size_t num_requested, size_t num_to_issue) {
|
|
461
491
|
const EC_GROUP *group = method->group;
|
|
462
492
|
if (num_requested < num_to_issue) {
|
|
463
493
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
|
|
464
494
|
return 0;
|
|
465
495
|
}
|
|
466
496
|
|
|
467
|
-
if (num_to_issue > ((size_t)-1) / sizeof(
|
|
497
|
+
if (num_to_issue > ((size_t)-1) / sizeof(EC_JACOBIAN) ||
|
|
468
498
|
num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) {
|
|
469
499
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
|
|
470
500
|
return 0;
|
|
471
501
|
}
|
|
472
502
|
|
|
473
503
|
int ret = 0;
|
|
474
|
-
|
|
475
|
-
|
|
504
|
+
EC_JACOBIAN *BTs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN));
|
|
505
|
+
EC_JACOBIAN *Zs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN));
|
|
476
506
|
EC_SCALAR *es = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR));
|
|
477
507
|
CBB batch_cbb;
|
|
478
508
|
CBB_zero(&batch_cbb);
|
|
@@ -486,7 +516,7 @@ static int voprf_sign(const VOPRF_METHOD *method,
|
|
|
486
516
|
|
|
487
517
|
for (size_t i = 0; i < num_to_issue; i++) {
|
|
488
518
|
EC_AFFINE BT_affine, Z_affine;
|
|
489
|
-
|
|
519
|
+
EC_JACOBIAN BT, Z;
|
|
490
520
|
if (!cbs_get_point(cbs, group, &BT_affine)) {
|
|
491
521
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
|
492
522
|
goto err;
|
|
@@ -519,7 +549,7 @@ static int voprf_sign(const VOPRF_METHOD *method,
|
|
|
519
549
|
}
|
|
520
550
|
}
|
|
521
551
|
|
|
522
|
-
|
|
552
|
+
EC_JACOBIAN BT_batch, Z_batch;
|
|
523
553
|
if (!ec_point_mul_scalar_public_batch(group, &BT_batch,
|
|
524
554
|
/*g_scalar=*/NULL, BTs, es,
|
|
525
555
|
num_to_issue) ||
|
|
@@ -553,7 +583,7 @@ err:
|
|
|
553
583
|
return ret;
|
|
554
584
|
}
|
|
555
585
|
|
|
556
|
-
static STACK_OF(TRUST_TOKEN) *
|
|
586
|
+
static STACK_OF(TRUST_TOKEN) *voprf_unblind_tt(
|
|
557
587
|
const VOPRF_METHOD *method, const TRUST_TOKEN_CLIENT_KEY *key,
|
|
558
588
|
const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
|
|
559
589
|
uint32_t key_id) {
|
|
@@ -563,7 +593,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind(
|
|
|
563
593
|
return NULL;
|
|
564
594
|
}
|
|
565
595
|
|
|
566
|
-
if (count > ((size_t)-1) / sizeof(
|
|
596
|
+
if (count > ((size_t)-1) / sizeof(EC_JACOBIAN) ||
|
|
567
597
|
count > ((size_t)-1) / sizeof(EC_SCALAR)) {
|
|
568
598
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
|
|
569
599
|
return NULL;
|
|
@@ -571,8 +601,8 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind(
|
|
|
571
601
|
|
|
572
602
|
int ok = 0;
|
|
573
603
|
STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null();
|
|
574
|
-
|
|
575
|
-
|
|
604
|
+
EC_JACOBIAN *BTs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN));
|
|
605
|
+
EC_JACOBIAN *Zs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN));
|
|
576
606
|
EC_SCALAR *es = OPENSSL_malloc(count * sizeof(EC_SCALAR));
|
|
577
607
|
CBB batch_cbb;
|
|
578
608
|
CBB_zero(&batch_cbb);
|
|
@@ -605,7 +635,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind(
|
|
|
605
635
|
|
|
606
636
|
// Unblind the token.
|
|
607
637
|
// pretoken->r is rinv.
|
|
608
|
-
|
|
638
|
+
EC_JACOBIAN N;
|
|
609
639
|
EC_AFFINE N_affine;
|
|
610
640
|
if (!ec_point_mul_scalar(group, &N, &Zs[i], &pretoken->r) ||
|
|
611
641
|
!ec_jacobian_to_affine(group, &N_affine, &N)) {
|
|
@@ -644,7 +674,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind(
|
|
|
644
674
|
}
|
|
645
675
|
}
|
|
646
676
|
|
|
647
|
-
|
|
677
|
+
EC_JACOBIAN BT_batch, Z_batch;
|
|
648
678
|
if (!ec_point_mul_scalar_public_batch(group, &BT_batch,
|
|
649
679
|
/*g_scalar=*/NULL, BTs, es, count) ||
|
|
650
680
|
!ec_point_mul_scalar_public_batch(group, &Z_batch,
|
|
@@ -673,6 +703,397 @@ err:
|
|
|
673
703
|
return ret;
|
|
674
704
|
}
|
|
675
705
|
|
|
706
|
+
static void sha384_update_u16(SHA512_CTX *ctx, uint16_t v) {
|
|
707
|
+
uint8_t buf[2] = {v >> 8, v & 0xff};
|
|
708
|
+
SHA384_Update(ctx, buf, 2);
|
|
709
|
+
}
|
|
710
|
+
|
|
711
|
+
static void sha384_update_point_with_length(
|
|
712
|
+
SHA512_CTX *ctx, const EC_GROUP *group, const EC_AFFINE *point) {
|
|
713
|
+
uint8_t buf[EC_MAX_COMPRESSED];
|
|
714
|
+
size_t len = ec_point_to_bytes(group, point, POINT_CONVERSION_COMPRESSED,
|
|
715
|
+
buf, sizeof(buf));
|
|
716
|
+
assert(len > 0);
|
|
717
|
+
sha384_update_u16(ctx, (uint16_t)len);
|
|
718
|
+
SHA384_Update(ctx, buf, len);
|
|
719
|
+
}
|
|
720
|
+
|
|
721
|
+
static int compute_composite_seed(const VOPRF_METHOD *method,
|
|
722
|
+
uint8_t out[SHA384_DIGEST_LENGTH],
|
|
723
|
+
const EC_AFFINE *pub) {
|
|
724
|
+
const EC_GROUP *group = method->group;
|
|
725
|
+
static const uint8_t kSeedDST[] = "Seed-OPRFV1-\x01-P384-SHA384";
|
|
726
|
+
|
|
727
|
+
SHA512_CTX hash_ctx;
|
|
728
|
+
SHA384_Init(&hash_ctx);
|
|
729
|
+
sha384_update_point_with_length(&hash_ctx, group, pub);
|
|
730
|
+
sha384_update_u16(&hash_ctx, sizeof(kSeedDST) - 1);
|
|
731
|
+
SHA384_Update(&hash_ctx, kSeedDST, sizeof(kSeedDST) - 1);
|
|
732
|
+
SHA384_Final(out, &hash_ctx);
|
|
733
|
+
|
|
734
|
+
return 1;
|
|
735
|
+
}
|
|
736
|
+
|
|
737
|
+
static int compute_composite_element(const VOPRF_METHOD *method,
|
|
738
|
+
uint8_t seed[SHA384_DIGEST_LENGTH],
|
|
739
|
+
EC_SCALAR *di, size_t index,
|
|
740
|
+
const EC_AFFINE *C, const EC_AFFINE *D) {
|
|
741
|
+
static const uint8_t kCompositeLabel[] = "Composite";
|
|
742
|
+
const EC_GROUP *group = method->group;
|
|
743
|
+
|
|
744
|
+
if (index > UINT16_MAX) {
|
|
745
|
+
return 0;
|
|
746
|
+
}
|
|
747
|
+
|
|
748
|
+
CBB cbb;
|
|
749
|
+
uint8_t transcript[2 + SHA384_DIGEST_LENGTH + 2 + 2 * EC_MAX_COMPRESSED +
|
|
750
|
+
sizeof(kCompositeLabel) - 1];
|
|
751
|
+
size_t len;
|
|
752
|
+
if (!CBB_init_fixed(&cbb, transcript, sizeof(transcript)) ||
|
|
753
|
+
!CBB_add_u16(&cbb, SHA384_DIGEST_LENGTH) ||
|
|
754
|
+
!CBB_add_bytes(&cbb, seed, SHA384_DIGEST_LENGTH) ||
|
|
755
|
+
!CBB_add_u16(&cbb, index) ||
|
|
756
|
+
!cbb_serialize_point(&cbb, group, C) ||
|
|
757
|
+
!cbb_serialize_point(&cbb, group, D) ||
|
|
758
|
+
!CBB_add_bytes(&cbb, kCompositeLabel,
|
|
759
|
+
sizeof(kCompositeLabel) - 1) ||
|
|
760
|
+
!CBB_finish(&cbb, NULL, &len) ||
|
|
761
|
+
!method->hash_to_scalar(method->group, di, transcript, len)) {
|
|
762
|
+
return 0;
|
|
763
|
+
}
|
|
764
|
+
|
|
765
|
+
return 1;
|
|
766
|
+
}
|
|
767
|
+
|
|
768
|
+
static int generate_proof(const VOPRF_METHOD *method, CBB *cbb,
|
|
769
|
+
const TRUST_TOKEN_ISSUER_KEY *priv,
|
|
770
|
+
const EC_SCALAR *r, const EC_JACOBIAN *M,
|
|
771
|
+
const EC_JACOBIAN *Z) {
|
|
772
|
+
const EC_GROUP *group = method->group;
|
|
773
|
+
|
|
774
|
+
enum {
|
|
775
|
+
idx_M,
|
|
776
|
+
idx_Z,
|
|
777
|
+
idx_t2,
|
|
778
|
+
idx_t3,
|
|
779
|
+
num_idx,
|
|
780
|
+
};
|
|
781
|
+
EC_JACOBIAN jacobians[num_idx];
|
|
782
|
+
|
|
783
|
+
if (!ec_point_mul_scalar_base(group, &jacobians[idx_t2], r) ||
|
|
784
|
+
!ec_point_mul_scalar(group, &jacobians[idx_t3], M, r)) {
|
|
785
|
+
return 0;
|
|
786
|
+
}
|
|
787
|
+
|
|
788
|
+
|
|
789
|
+
EC_AFFINE affines[num_idx];
|
|
790
|
+
jacobians[idx_M] = *M;
|
|
791
|
+
jacobians[idx_Z] = *Z;
|
|
792
|
+
if (!ec_jacobian_to_affine_batch(group, affines, jacobians, num_idx)) {
|
|
793
|
+
return 0;
|
|
794
|
+
}
|
|
795
|
+
|
|
796
|
+
EC_SCALAR c;
|
|
797
|
+
if (!hash_to_scalar_challenge(method, &c, &priv->pubs, &affines[idx_M],
|
|
798
|
+
&affines[idx_Z], &affines[idx_t2],
|
|
799
|
+
&affines[idx_t3])) {
|
|
800
|
+
return 0;
|
|
801
|
+
}
|
|
802
|
+
|
|
803
|
+
EC_SCALAR c_mont;
|
|
804
|
+
ec_scalar_to_montgomery(group, &c_mont, &c);
|
|
805
|
+
|
|
806
|
+
// s = r - c*xs
|
|
807
|
+
EC_SCALAR s;
|
|
808
|
+
ec_scalar_mul_montgomery(group, &s, &priv->xs, &c_mont);
|
|
809
|
+
ec_scalar_sub(group, &s, r, &s);
|
|
810
|
+
|
|
811
|
+
// Store DLEQ proof in transcript.
|
|
812
|
+
if (!scalar_to_cbb(cbb, group, &c) ||
|
|
813
|
+
!scalar_to_cbb(cbb, group, &s)) {
|
|
814
|
+
return 0;
|
|
815
|
+
}
|
|
816
|
+
|
|
817
|
+
return 1;
|
|
818
|
+
}
|
|
819
|
+
|
|
820
|
+
static int verify_proof(const VOPRF_METHOD *method, CBS *cbs,
|
|
821
|
+
const TRUST_TOKEN_CLIENT_KEY *pub,
|
|
822
|
+
const EC_JACOBIAN *M, const EC_JACOBIAN *Z) {
|
|
823
|
+
const EC_GROUP *group = method->group;
|
|
824
|
+
|
|
825
|
+
enum {
|
|
826
|
+
idx_M,
|
|
827
|
+
idx_Z,
|
|
828
|
+
idx_t2,
|
|
829
|
+
idx_t3,
|
|
830
|
+
num_idx,
|
|
831
|
+
};
|
|
832
|
+
EC_JACOBIAN jacobians[num_idx];
|
|
833
|
+
|
|
834
|
+
EC_SCALAR c, s;
|
|
835
|
+
if (!scalar_from_cbs(cbs, group, &c) ||
|
|
836
|
+
!scalar_from_cbs(cbs, group, &s)) {
|
|
837
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
|
838
|
+
return 0;
|
|
839
|
+
}
|
|
840
|
+
|
|
841
|
+
EC_JACOBIAN pubs;
|
|
842
|
+
ec_affine_to_jacobian(group, &pubs, &pub->pubs);
|
|
843
|
+
if (!ec_point_mul_scalar_public(group, &jacobians[idx_t2], &s, &pubs,
|
|
844
|
+
&c) ||
|
|
845
|
+
!mul_public_2(group, &jacobians[idx_t3], M, &s, Z, &c)) {
|
|
846
|
+
return 0;
|
|
847
|
+
}
|
|
848
|
+
|
|
849
|
+
EC_AFFINE affines[num_idx];
|
|
850
|
+
jacobians[idx_M] = *M;
|
|
851
|
+
jacobians[idx_Z] = *Z;
|
|
852
|
+
if (!ec_jacobian_to_affine_batch(group, affines, jacobians, num_idx)) {
|
|
853
|
+
return 0;
|
|
854
|
+
}
|
|
855
|
+
|
|
856
|
+
EC_SCALAR expected_c;
|
|
857
|
+
if (!hash_to_scalar_challenge(method, &expected_c, &pub->pubs,
|
|
858
|
+
&affines[idx_M], &affines[idx_Z],
|
|
859
|
+
&affines[idx_t2], &affines[idx_t3])) {
|
|
860
|
+
return 0;
|
|
861
|
+
}
|
|
862
|
+
|
|
863
|
+
// c == expected_c
|
|
864
|
+
if (!ec_scalar_equal_vartime(group, &c, &expected_c)) {
|
|
865
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_PROOF);
|
|
866
|
+
return 0;
|
|
867
|
+
}
|
|
868
|
+
|
|
869
|
+
return 1;
|
|
870
|
+
}
|
|
871
|
+
|
|
872
|
+
static int voprf_sign_impl(const VOPRF_METHOD *method,
|
|
873
|
+
const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb,
|
|
874
|
+
CBS *cbs, size_t num_requested, size_t num_to_issue,
|
|
875
|
+
const EC_SCALAR *proof_scalar) {
|
|
876
|
+
const EC_GROUP *group = method->group;
|
|
877
|
+
if (num_requested < num_to_issue) {
|
|
878
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
|
|
879
|
+
return 0;
|
|
880
|
+
}
|
|
881
|
+
|
|
882
|
+
if (num_to_issue > ((size_t)-1) / sizeof(EC_JACOBIAN) ||
|
|
883
|
+
num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) {
|
|
884
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
|
|
885
|
+
return 0;
|
|
886
|
+
}
|
|
887
|
+
|
|
888
|
+
int ret = 0;
|
|
889
|
+
EC_JACOBIAN *BTs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN));
|
|
890
|
+
EC_JACOBIAN *Zs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN));
|
|
891
|
+
EC_SCALAR *dis = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR));
|
|
892
|
+
if (!BTs || !Zs || !dis) {
|
|
893
|
+
goto err;
|
|
894
|
+
}
|
|
895
|
+
|
|
896
|
+
uint8_t seed[SHA384_DIGEST_LENGTH];
|
|
897
|
+
if (!compute_composite_seed(method, seed, &key->pubs)) {
|
|
898
|
+
goto err;
|
|
899
|
+
}
|
|
900
|
+
|
|
901
|
+
// This implements the BlindEvaluateBatch as defined in section 4 of
|
|
902
|
+
// draft-robert-privacypass-batched-tokens-01, based on the constructions
|
|
903
|
+
// in draft-irtf-cfrg-voprf-21. To optimize the computation of the proof,
|
|
904
|
+
// the computation of di is done during the token signing and passed into
|
|
905
|
+
// the proof generation.
|
|
906
|
+
for (size_t i = 0; i < num_to_issue; i++) {
|
|
907
|
+
EC_AFFINE BT_affine, Z_affine;
|
|
908
|
+
EC_JACOBIAN BT, Z;
|
|
909
|
+
if (!cbs_get_point(cbs, group, &BT_affine)) {
|
|
910
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
|
911
|
+
goto err;
|
|
912
|
+
}
|
|
913
|
+
ec_affine_to_jacobian(group, &BT, &BT_affine);
|
|
914
|
+
if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) ||
|
|
915
|
+
!ec_jacobian_to_affine(group, &Z_affine, &Z) ||
|
|
916
|
+
!cbb_add_point(cbb, group, &Z_affine)) {
|
|
917
|
+
goto err;
|
|
918
|
+
}
|
|
919
|
+
BTs[i] = BT;
|
|
920
|
+
Zs[i] = Z;
|
|
921
|
+
if (!compute_composite_element(method, seed, &dis[i], i, &BT_affine,
|
|
922
|
+
&Z_affine)) {
|
|
923
|
+
goto err;
|
|
924
|
+
}
|
|
925
|
+
|
|
926
|
+
if (!CBB_flush(cbb)) {
|
|
927
|
+
goto err;
|
|
928
|
+
}
|
|
929
|
+
}
|
|
930
|
+
|
|
931
|
+
EC_JACOBIAN M, Z;
|
|
932
|
+
if (!ec_point_mul_scalar_public_batch(group, &M,
|
|
933
|
+
/*g_scalar=*/NULL, BTs, dis,
|
|
934
|
+
num_to_issue) ||
|
|
935
|
+
!ec_point_mul_scalar(group, &Z, &M, &key->xs)) {
|
|
936
|
+
goto err;
|
|
937
|
+
}
|
|
938
|
+
|
|
939
|
+
CBB proof;
|
|
940
|
+
if (!CBB_add_u16_length_prefixed(cbb, &proof) ||
|
|
941
|
+
!generate_proof(method, &proof, key, proof_scalar, &M, &Z) ||
|
|
942
|
+
!CBB_flush(cbb)) {
|
|
943
|
+
goto err;
|
|
944
|
+
}
|
|
945
|
+
|
|
946
|
+
// Skip over any unused requests.
|
|
947
|
+
size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
|
|
948
|
+
if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) {
|
|
949
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
|
950
|
+
goto err;
|
|
951
|
+
}
|
|
952
|
+
|
|
953
|
+
ret = 1;
|
|
954
|
+
|
|
955
|
+
err:
|
|
956
|
+
OPENSSL_free(BTs);
|
|
957
|
+
OPENSSL_free(Zs);
|
|
958
|
+
OPENSSL_free(dis);
|
|
959
|
+
return ret;
|
|
960
|
+
}
|
|
961
|
+
|
|
962
|
+
static int voprf_sign(const VOPRF_METHOD *method,
|
|
963
|
+
const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
|
964
|
+
size_t num_requested, size_t num_to_issue) {
|
|
965
|
+
EC_SCALAR proof_scalar;
|
|
966
|
+
if (!ec_random_nonzero_scalar(method->group, &proof_scalar,
|
|
967
|
+
kDefaultAdditionalData)) {
|
|
968
|
+
return 0;
|
|
969
|
+
}
|
|
970
|
+
|
|
971
|
+
return voprf_sign_impl(method, key, cbb, cbs, num_requested, num_to_issue,
|
|
972
|
+
&proof_scalar);
|
|
973
|
+
}
|
|
974
|
+
|
|
975
|
+
static int voprf_sign_with_proof_scalar_for_testing(
|
|
976
|
+
const VOPRF_METHOD *method, const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb,
|
|
977
|
+
CBS *cbs, size_t num_requested, size_t num_to_issue,
|
|
978
|
+
const uint8_t *proof_scalar_buf, size_t proof_scalar_len) {
|
|
979
|
+
EC_SCALAR proof_scalar;
|
|
980
|
+
if (!ec_scalar_from_bytes(method->group, &proof_scalar, proof_scalar_buf,
|
|
981
|
+
proof_scalar_len)) {
|
|
982
|
+
return 0;
|
|
983
|
+
}
|
|
984
|
+
return voprf_sign_impl(method, key, cbb, cbs, num_requested, num_to_issue,
|
|
985
|
+
&proof_scalar);
|
|
986
|
+
}
|
|
987
|
+
|
|
988
|
+
static STACK_OF(TRUST_TOKEN) *voprf_unblind(
|
|
989
|
+
const VOPRF_METHOD *method, const TRUST_TOKEN_CLIENT_KEY *key,
|
|
990
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
|
|
991
|
+
uint32_t key_id) {
|
|
992
|
+
const EC_GROUP *group = method->group;
|
|
993
|
+
if (count > sk_TRUST_TOKEN_PRETOKEN_num(pretokens)) {
|
|
994
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
|
995
|
+
return NULL;
|
|
996
|
+
}
|
|
997
|
+
|
|
998
|
+
if (count > ((size_t)-1) / sizeof(EC_JACOBIAN) ||
|
|
999
|
+
count > ((size_t)-1) / sizeof(EC_SCALAR)) {
|
|
1000
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
|
|
1001
|
+
return NULL;
|
|
1002
|
+
}
|
|
1003
|
+
|
|
1004
|
+
int ok = 0;
|
|
1005
|
+
STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null();
|
|
1006
|
+
EC_JACOBIAN *BTs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN));
|
|
1007
|
+
EC_JACOBIAN *Zs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN));
|
|
1008
|
+
EC_SCALAR *dis = OPENSSL_malloc(count * sizeof(EC_SCALAR));
|
|
1009
|
+
if (ret == NULL || !BTs || !Zs || !dis) {
|
|
1010
|
+
goto err;
|
|
1011
|
+
}
|
|
1012
|
+
|
|
1013
|
+
uint8_t seed[SHA384_DIGEST_LENGTH];
|
|
1014
|
+
if (!compute_composite_seed(method, seed, &key->pubs)) {
|
|
1015
|
+
goto err;
|
|
1016
|
+
}
|
|
1017
|
+
|
|
1018
|
+
for (size_t i = 0; i < count; i++) {
|
|
1019
|
+
const TRUST_TOKEN_PRETOKEN *pretoken =
|
|
1020
|
+
sk_TRUST_TOKEN_PRETOKEN_value(pretokens, i);
|
|
1021
|
+
|
|
1022
|
+
EC_AFFINE Z_affine;
|
|
1023
|
+
if (!cbs_get_point(cbs, group, &Z_affine)) {
|
|
1024
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
|
|
1025
|
+
goto err;
|
|
1026
|
+
}
|
|
1027
|
+
|
|
1028
|
+
ec_affine_to_jacobian(group, &BTs[i], &pretoken->Tp);
|
|
1029
|
+
ec_affine_to_jacobian(group, &Zs[i], &Z_affine);
|
|
1030
|
+
if (!compute_composite_element(method, seed, &dis[i], i, &pretoken->Tp,
|
|
1031
|
+
&Z_affine)) {
|
|
1032
|
+
goto err;
|
|
1033
|
+
}
|
|
1034
|
+
|
|
1035
|
+
// Unblind the token.
|
|
1036
|
+
// pretoken->r is rinv.
|
|
1037
|
+
EC_JACOBIAN N;
|
|
1038
|
+
EC_AFFINE N_affine;
|
|
1039
|
+
if (!ec_point_mul_scalar(group, &N, &Zs[i], &pretoken->r) ||
|
|
1040
|
+
!ec_jacobian_to_affine(group, &N_affine, &N)) {
|
|
1041
|
+
goto err;
|
|
1042
|
+
}
|
|
1043
|
+
|
|
1044
|
+
// Serialize the token. Include |key_id| to avoid an extra copy in the layer
|
|
1045
|
+
// above.
|
|
1046
|
+
CBB token_cbb;
|
|
1047
|
+
size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
|
|
1048
|
+
if (!CBB_init(&token_cbb, 4 + TRUST_TOKEN_NONCE_SIZE + (2 + point_len)) ||
|
|
1049
|
+
!CBB_add_u32(&token_cbb, key_id) ||
|
|
1050
|
+
!CBB_add_bytes(&token_cbb, pretoken->salt, TRUST_TOKEN_NONCE_SIZE) ||
|
|
1051
|
+
!cbb_add_point(&token_cbb, group, &N_affine) ||
|
|
1052
|
+
!CBB_flush(&token_cbb)) {
|
|
1053
|
+
CBB_cleanup(&token_cbb);
|
|
1054
|
+
goto err;
|
|
1055
|
+
}
|
|
1056
|
+
|
|
1057
|
+
TRUST_TOKEN *token =
|
|
1058
|
+
TRUST_TOKEN_new(CBB_data(&token_cbb), CBB_len(&token_cbb));
|
|
1059
|
+
CBB_cleanup(&token_cbb);
|
|
1060
|
+
if (token == NULL ||
|
|
1061
|
+
!sk_TRUST_TOKEN_push(ret, token)) {
|
|
1062
|
+
TRUST_TOKEN_free(token);
|
|
1063
|
+
goto err;
|
|
1064
|
+
}
|
|
1065
|
+
}
|
|
1066
|
+
|
|
1067
|
+
EC_JACOBIAN M, Z;
|
|
1068
|
+
if (!ec_point_mul_scalar_public_batch(group, &M,
|
|
1069
|
+
/*g_scalar=*/NULL, BTs, dis,
|
|
1070
|
+
count) ||
|
|
1071
|
+
!ec_point_mul_scalar_public_batch(group, &Z,
|
|
1072
|
+
/*g_scalar=*/NULL, Zs, dis,
|
|
1073
|
+
count)) {
|
|
1074
|
+
goto err;
|
|
1075
|
+
}
|
|
1076
|
+
|
|
1077
|
+
CBS proof;
|
|
1078
|
+
if (!CBS_get_u16_length_prefixed(cbs, &proof) ||
|
|
1079
|
+
!verify_proof(method, &proof, key, &M, &Z) ||
|
|
1080
|
+
CBS_len(&proof) != 0) {
|
|
1081
|
+
goto err;
|
|
1082
|
+
}
|
|
1083
|
+
|
|
1084
|
+
ok = 1;
|
|
1085
|
+
|
|
1086
|
+
err:
|
|
1087
|
+
OPENSSL_free(BTs);
|
|
1088
|
+
OPENSSL_free(Zs);
|
|
1089
|
+
OPENSSL_free(dis);
|
|
1090
|
+
if (!ok) {
|
|
1091
|
+
sk_TRUST_TOKEN_pop_free(ret, TRUST_TOKEN_free);
|
|
1092
|
+
ret = NULL;
|
|
1093
|
+
}
|
|
1094
|
+
return ret;
|
|
1095
|
+
}
|
|
1096
|
+
|
|
676
1097
|
static int voprf_read(const VOPRF_METHOD *method,
|
|
677
1098
|
const TRUST_TOKEN_ISSUER_KEY *key,
|
|
678
1099
|
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
|
@@ -701,12 +1122,12 @@ static int voprf_read(const VOPRF_METHOD *method,
|
|
|
701
1122
|
}
|
|
702
1123
|
|
|
703
1124
|
|
|
704
|
-
|
|
1125
|
+
EC_JACOBIAN T;
|
|
705
1126
|
if (!method->hash_to_group(group, &T, out_nonce)) {
|
|
706
1127
|
return 0;
|
|
707
1128
|
}
|
|
708
1129
|
|
|
709
|
-
|
|
1130
|
+
EC_JACOBIAN Ws_calculated;
|
|
710
1131
|
if (!ec_point_mul_scalar(group, &Ws_calculated, &T, &key->xs) ||
|
|
711
1132
|
!ec_affine_jacobian_equal(group, &Ws, &Ws_calculated)) {
|
|
712
1133
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BAD_VALIDITY_CHECK);
|
|
@@ -719,7 +1140,7 @@ static int voprf_read(const VOPRF_METHOD *method,
|
|
|
719
1140
|
|
|
720
1141
|
// VOPRF experiment v2.
|
|
721
1142
|
|
|
722
|
-
static int voprf_exp2_hash_to_group(const EC_GROUP *group,
|
|
1143
|
+
static int voprf_exp2_hash_to_group(const EC_GROUP *group, EC_JACOBIAN *out,
|
|
723
1144
|
const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) {
|
|
724
1145
|
const uint8_t kHashTLabel[] = "TrustToken VOPRF Experiment V2 HashToGroup";
|
|
725
1146
|
return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
|
|
@@ -804,8 +1225,8 @@ int voprf_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
|
|
804
1225
|
if (!voprf_exp2_init_method() || private_metadata != 0) {
|
|
805
1226
|
return 0;
|
|
806
1227
|
}
|
|
807
|
-
return
|
|
808
|
-
|
|
1228
|
+
return voprf_sign_tt(&voprf_exp2_method, key, cbb, cbs, num_requested,
|
|
1229
|
+
num_to_issue);
|
|
809
1230
|
}
|
|
810
1231
|
|
|
811
1232
|
STACK_OF(TRUST_TOKEN) *voprf_exp2_unblind(
|
|
@@ -815,7 +1236,8 @@ STACK_OF(TRUST_TOKEN) *voprf_exp2_unblind(
|
|
|
815
1236
|
if (!voprf_exp2_init_method()) {
|
|
816
1237
|
return NULL;
|
|
817
1238
|
}
|
|
818
|
-
return
|
|
1239
|
+
return voprf_unblind_tt(&voprf_exp2_method, key, pretokens, cbs, count,
|
|
1240
|
+
key_id);
|
|
819
1241
|
}
|
|
820
1242
|
|
|
821
1243
|
int voprf_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
|
@@ -829,3 +1251,130 @@ int voprf_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
|
|
829
1251
|
return voprf_read(&voprf_exp2_method, key, out_nonce, token, token_len,
|
|
830
1252
|
include_message, msg, msg_len);
|
|
831
1253
|
}
|
|
1254
|
+
|
|
1255
|
+
// VOPRF PST v1.
|
|
1256
|
+
|
|
1257
|
+
static int voprf_pst1_hash_to_group(const EC_GROUP *group, EC_JACOBIAN *out,
|
|
1258
|
+
const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) {
|
|
1259
|
+
const uint8_t kHashTLabel[] = "HashToGroup-OPRFV1-\x01-P384-SHA384";
|
|
1260
|
+
return ec_hash_to_curve_p384_xmd_sha384_sswu(group, out, kHashTLabel,
|
|
1261
|
+
sizeof(kHashTLabel) - 1, t,
|
|
1262
|
+
TRUST_TOKEN_NONCE_SIZE);
|
|
1263
|
+
}
|
|
1264
|
+
|
|
1265
|
+
static int voprf_pst1_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
|
|
1266
|
+
uint8_t *buf, size_t len) {
|
|
1267
|
+
const uint8_t kHashCLabel[] = "HashToScalar-OPRFV1-\x01-P384-SHA384";
|
|
1268
|
+
return ec_hash_to_scalar_p384_xmd_sha384(group, out, kHashCLabel,
|
|
1269
|
+
sizeof(kHashCLabel) - 1, buf, len);
|
|
1270
|
+
}
|
|
1271
|
+
|
|
1272
|
+
static int voprf_pst1_ok = 0;
|
|
1273
|
+
static VOPRF_METHOD voprf_pst1_method;
|
|
1274
|
+
static CRYPTO_once_t voprf_pst1_method_once = CRYPTO_ONCE_INIT;
|
|
1275
|
+
|
|
1276
|
+
static void voprf_pst1_init_method_impl(void) {
|
|
1277
|
+
voprf_pst1_ok =
|
|
1278
|
+
voprf_init_method(&voprf_pst1_method, NID_secp384r1,
|
|
1279
|
+
voprf_pst1_hash_to_group, voprf_pst1_hash_to_scalar);
|
|
1280
|
+
}
|
|
1281
|
+
|
|
1282
|
+
static int voprf_pst1_init_method(void) {
|
|
1283
|
+
CRYPTO_once(&voprf_pst1_method_once, voprf_pst1_init_method_impl);
|
|
1284
|
+
if (!voprf_pst1_ok) {
|
|
1285
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
|
|
1286
|
+
return 0;
|
|
1287
|
+
}
|
|
1288
|
+
return 1;
|
|
1289
|
+
}
|
|
1290
|
+
|
|
1291
|
+
int voprf_pst1_generate_key(CBB *out_private, CBB *out_public) {
|
|
1292
|
+
if (!voprf_pst1_init_method()) {
|
|
1293
|
+
return 0;
|
|
1294
|
+
}
|
|
1295
|
+
|
|
1296
|
+
return voprf_generate_key(&voprf_pst1_method, out_private, out_public);
|
|
1297
|
+
}
|
|
1298
|
+
|
|
1299
|
+
int voprf_pst1_derive_key_from_secret(CBB *out_private, CBB *out_public,
|
|
1300
|
+
const uint8_t *secret,
|
|
1301
|
+
size_t secret_len) {
|
|
1302
|
+
if (!voprf_pst1_init_method()) {
|
|
1303
|
+
return 0;
|
|
1304
|
+
}
|
|
1305
|
+
|
|
1306
|
+
return voprf_derive_key_from_secret(&voprf_pst1_method, out_private,
|
|
1307
|
+
out_public, secret, secret_len);
|
|
1308
|
+
}
|
|
1309
|
+
|
|
1310
|
+
int voprf_pst1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
|
|
1311
|
+
const uint8_t *in, size_t len) {
|
|
1312
|
+
if (!voprf_pst1_init_method()) {
|
|
1313
|
+
return 0;
|
|
1314
|
+
}
|
|
1315
|
+
return voprf_client_key_from_bytes(&voprf_pst1_method, key, in, len);
|
|
1316
|
+
}
|
|
1317
|
+
|
|
1318
|
+
int voprf_pst1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
|
|
1319
|
+
const uint8_t *in, size_t len) {
|
|
1320
|
+
if (!voprf_pst1_init_method()) {
|
|
1321
|
+
return 0;
|
|
1322
|
+
}
|
|
1323
|
+
return voprf_issuer_key_from_bytes(&voprf_pst1_method, key, in, len);
|
|
1324
|
+
}
|
|
1325
|
+
|
|
1326
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_pst1_blind(CBB *cbb, size_t count,
|
|
1327
|
+
int include_message,
|
|
1328
|
+
const uint8_t *msg,
|
|
1329
|
+
size_t msg_len) {
|
|
1330
|
+
if (!voprf_pst1_init_method()) {
|
|
1331
|
+
return NULL;
|
|
1332
|
+
}
|
|
1333
|
+
return voprf_blind(&voprf_pst1_method, cbb, count, include_message, msg,
|
|
1334
|
+
msg_len);
|
|
1335
|
+
}
|
|
1336
|
+
|
|
1337
|
+
int voprf_pst1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
|
1338
|
+
size_t num_requested, size_t num_to_issue,
|
|
1339
|
+
uint8_t private_metadata) {
|
|
1340
|
+
if (!voprf_pst1_init_method() || private_metadata != 0) {
|
|
1341
|
+
return 0;
|
|
1342
|
+
}
|
|
1343
|
+
return voprf_sign(&voprf_pst1_method, key, cbb, cbs, num_requested,
|
|
1344
|
+
num_to_issue);
|
|
1345
|
+
}
|
|
1346
|
+
|
|
1347
|
+
|
|
1348
|
+
int voprf_pst1_sign_with_proof_scalar_for_testing(
|
|
1349
|
+
const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested,
|
|
1350
|
+
size_t num_to_issue, uint8_t private_metadata,
|
|
1351
|
+
const uint8_t *proof_scalar_buf, size_t proof_scalar_len) {
|
|
1352
|
+
if (!voprf_pst1_init_method() || private_metadata != 0) {
|
|
1353
|
+
return 0;
|
|
1354
|
+
}
|
|
1355
|
+
return voprf_sign_with_proof_scalar_for_testing(
|
|
1356
|
+
&voprf_pst1_method, key, cbb, cbs, num_requested, num_to_issue,
|
|
1357
|
+
proof_scalar_buf, proof_scalar_len);
|
|
1358
|
+
}
|
|
1359
|
+
|
|
1360
|
+
STACK_OF(TRUST_TOKEN) *voprf_pst1_unblind(
|
|
1361
|
+
const TRUST_TOKEN_CLIENT_KEY *key,
|
|
1362
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
|
|
1363
|
+
uint32_t key_id) {
|
|
1364
|
+
if (!voprf_pst1_init_method()) {
|
|
1365
|
+
return NULL;
|
|
1366
|
+
}
|
|
1367
|
+
return voprf_unblind(&voprf_pst1_method, key, pretokens, cbs, count, key_id);
|
|
1368
|
+
}
|
|
1369
|
+
|
|
1370
|
+
int voprf_pst1_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
|
1371
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
|
1372
|
+
uint8_t *out_private_metadata, const uint8_t *token,
|
|
1373
|
+
size_t token_len, int include_message, const uint8_t *msg,
|
|
1374
|
+
size_t msg_len) {
|
|
1375
|
+
if (!voprf_pst1_init_method()) {
|
|
1376
|
+
return 0;
|
|
1377
|
+
}
|
|
1378
|
+
return voprf_read(&voprf_pst1_method, key, out_nonce, token, token_len,
|
|
1379
|
+
include_message, msg, msg_len);
|
|
1380
|
+
}
|