grpc 1.69.0 → 1.70.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Makefile +251 -249
- data/include/grpc/support/atm.h +0 -13
- data/src/core/call/request_buffer.cc +224 -0
- data/src/core/call/request_buffer.h +192 -0
- data/src/core/client_channel/client_channel.cc +2 -3
- data/src/core/client_channel/client_channel_args.h +21 -0
- data/src/core/client_channel/client_channel_filter.h +1 -3
- data/src/core/client_channel/retry_interceptor.cc +406 -0
- data/src/core/client_channel/retry_interceptor.h +157 -0
- data/src/core/client_channel/retry_service_config.h +13 -0
- data/src/core/client_channel/retry_throttle.cc +33 -18
- data/src/core/client_channel/retry_throttle.h +3 -3
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +596 -94
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +189 -13
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +1 -0
- data/src/core/ext/transport/chttp2/transport/frame_security.cc +1 -3
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +40 -1
- data/src/core/ext/upb-gen/envoy/admin/v3/config_dump_shared.upb.h +3 -1
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +66 -36
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +19 -17
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +116 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +31 -5
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +67 -6
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +12 -8
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb.h +151 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.c +60 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.h +32 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb.h +228 -21
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.c +65 -17
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.h +6 -0
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb.h +7 -106
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.c +7 -28
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.h +0 -2
- data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb.h +85 -0
- data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb_minitable.c +25 -3
- data/src/core/ext/upb-gen/envoy/config/overload/v3/overload.upb.h +2 -1
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb.h +152 -0
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.c +40 -10
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +135 -4
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +41 -9
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb.h +0 -2
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.c +0 -1
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.h +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +16 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +3 -2
- data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +60 -0
- data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb_minitable.c +13 -2
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb.h +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb_minitable.c +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +102 -24
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +28 -19
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb.h +251 -18
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.c +41 -16
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +2 -1
- data/src/core/ext/upbdefs-gen/envoy/admin/v3/config_dump_shared.upbdefs.c +11 -10
- data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +418 -413
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +161 -153
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +267 -261
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.h +33 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.c +29 -19
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.c +58 -65
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.h +0 -5
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/quic_config.upbdefs.c +73 -63
- data/src/core/ext/upbdefs-gen/envoy/config/overload/v3/overload.upbdefs.c +49 -48
- data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.c +117 -100
- data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +905 -897
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/trace.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +460 -457
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upbdefs.c +16 -19
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +95 -95
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +202 -191
- data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.c +148 -135
- data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +23 -22
- data/src/core/filter/filter_args.h +112 -0
- data/src/core/handshaker/http_connect/http_connect_handshaker.cc +1 -1
- data/src/core/lib/channel/promise_based_filter.h +5 -79
- data/src/core/lib/debug/trace_flags.cc +2 -0
- data/src/core/lib/debug/trace_flags.h +1 -0
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +14 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +7 -2
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +0 -2
- data/src/core/lib/event_engine/windows/windows_engine.cc +1 -0
- data/src/core/lib/experiments/experiments.cc +90 -39
- data/src/core/lib/experiments/experiments.h +43 -24
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +1 -1
- data/src/core/lib/promise/activity.cc +2 -0
- data/src/core/lib/promise/activity.h +29 -8
- data/src/core/lib/promise/map.h +42 -0
- data/src/core/lib/promise/party.cc +36 -1
- data/src/core/lib/promise/party.h +13 -5
- data/src/core/lib/promise/sleep.h +1 -0
- data/src/core/lib/promise/status_flag.h +10 -0
- data/src/core/lib/resource_quota/arena.h +8 -0
- data/src/core/lib/resource_quota/connection_quota.h +4 -0
- data/src/core/lib/surface/call_utils.h +2 -0
- data/src/core/lib/surface/client_call.cc +43 -35
- data/src/core/lib/surface/client_call.h +5 -0
- data/src/core/lib/surface/event_string.cc +7 -1
- data/src/core/lib/surface/init_internally.h +13 -2
- data/src/core/lib/surface/server_call.cc +100 -85
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/call_filters.cc +10 -4
- data/src/core/lib/transport/call_filters.h +8 -0
- data/src/core/lib/transport/call_spine.cc +36 -71
- data/src/core/lib/transport/call_spine.h +131 -7
- data/src/core/lib/transport/call_state.h +132 -39
- data/src/core/lib/transport/interception_chain.cc +8 -0
- data/src/core/lib/transport/interception_chain.h +9 -0
- data/src/core/load_balancing/endpoint_list.cc +10 -0
- data/src/core/load_balancing/endpoint_list.h +13 -6
- data/src/core/load_balancing/lb_policy.h +0 -8
- data/src/core/load_balancing/pick_first/pick_first.cc +89 -56
- data/src/core/load_balancing/ring_hash/ring_hash.cc +158 -70
- data/src/core/load_balancing/ring_hash/ring_hash.h +4 -11
- data/src/core/load_balancing/round_robin/round_robin.cc +9 -14
- data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +12 -15
- data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +4 -4
- data/src/core/resolver/xds/xds_dependency_manager.cc +139 -135
- data/src/core/resolver/xds/xds_dependency_manager.h +24 -18
- data/src/core/resolver/xds/xds_resolver.cc +28 -47
- data/src/core/server/server.cc +290 -24
- data/src/core/server/server.h +199 -61
- data/src/core/server/xds_server_config_fetcher.cc +78 -142
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/util/backoff.cc +15 -4
- data/src/core/util/http_client/httpcli.cc +66 -18
- data/src/core/util/http_client/httpcli.h +14 -4
- data/src/core/util/matchers.h +5 -10
- data/src/core/util/ref_counted.h +1 -0
- data/src/core/util/ref_counted_ptr.h +1 -1
- data/src/core/util/useful.h +9 -11
- data/src/core/xds/grpc/xds_endpoint_parser.cc +54 -23
- data/src/core/xds/grpc/xds_metadata.h +8 -0
- data/src/core/xds/xds_client/xds_api.cc +0 -223
- data/src/core/xds/xds_client/xds_api.h +1 -133
- data/src/core/xds/xds_client/xds_client.cc +599 -466
- data/src/core/xds/xds_client/xds_client.h +107 -26
- data/src/core/xds/xds_client/xds_resource_type_impl.h +10 -5
- data/src/ruby/ext/grpc/extconf.rb +1 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bitstr.c → a_bitstr.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_d2i_fp.c → a_d2i_fp.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_dup.c → a_dup.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_i2d_fp.c → a_i2d_fp.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_int.c → a_int.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_mbstr.c → a_mbstr.cc} +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_object.c → a_object.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strnid.c → a_strnid.cc} +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_type.c → a_type.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_lib.c → asn1_lib.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn_pack.c → asn_pack.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{posix_time.c → posix_time.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_dec.c → tasn_dec.cc} +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_enc.c → tasn_enc.cc} +9 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_fre.c → tasn_fre.cc} +14 -20
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_new.c → tasn_new.cc} +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_utl.c → tasn_utl.cc} +13 -10
- data/third_party/boringssl-with-bazel/src/crypto/base64/{base64.c → base64.cc} +9 -12
- data/third_party/boringssl-with-bazel/src/crypto/bcm_support.h +7 -1
- data/third_party/boringssl-with-bazel/src/crypto/bio/{bio.c → bio.cc} +32 -58
- data/third_party/boringssl-with-bazel/src/crypto/bio/{bio_mem.c → bio_mem.cc} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/{connect.c → connect.cc} +24 -16
- data/third_party/boringssl-with-bazel/src/crypto/bio/{file.c → file.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/{pair.c → pair.cc} +22 -20
- data/third_party/boringssl-with-bazel/src/crypto/bio/{printf.c → printf.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/{socket_helper.c → socket_helper.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/blake2/{blake2.c → blake2.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{bn_asn1.c → bn_asn1.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{convert.c → convert.cc} +21 -21
- data/third_party/boringssl-with-bazel/src/crypto/buf/{buf.c → buf.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{asn1_compat.c → asn1_compat.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{ber.c → ber.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbb.c → cbb.cc} +33 -49
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbs.c → cbs.cc} +20 -27
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{unicode.c → unicode.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/{chacha.c → chacha.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesctrhmac.c → e_aesctrhmac.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesgcmsiv.c → e_aesgcmsiv.cc} +23 -26
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_chacha20poly1305.c → e_chacha20poly1305.cc} +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_des.c → e_des.cc} +61 -49
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_null.c → e_null.cc} +12 -9
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc2.c → e_rc2.cc} +23 -19
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc4.c → e_rc4.cc} +10 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_tls.c → e_tls.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/{conf.c → conf.cc} +17 -14
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_apple.c → cpu_aarch64_apple.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_fuchsia.c → cpu_aarch64_fuchsia.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_linux.c → cpu_aarch64_linux.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_openbsd.c → cpu_aarch64_openbsd.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_sysreg.c → cpu_aarch64_sysreg.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_win.c → cpu_aarch64_win.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_freebsd.c → cpu_arm_freebsd.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_linux.c → cpu_arm_linux.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_linux.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_intel.c → cpu_intel.cc} +47 -32
- data/third_party/boringssl-with-bazel/src/crypto/{crypto.c → crypto.cc} +6 -11
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519.c → curve25519.cc} +28 -31
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519_64_adx.c → curve25519_64_adx.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{spake25519.c → spake25519.cc} +20 -16
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{dh_asn1.c → dh_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/{digest_extra.c → digest_extra.cc} +113 -31
- data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa.c → dsa.cc} +153 -154
- data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa_asn1.c → dsa_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_asn1.c → ec_asn1.cc} +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_derive.c → ec_derive.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{hash_to_curve.c → hash_to_curve.cc} +66 -64
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/{ecdsa_asn1.c → ecdsa_asn1.cc} +15 -25
- data/third_party/boringssl-with-bazel/src/crypto/engine/{engine.c → engine.cc} +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/err/{err.c → err.cc} +24 -27
- data/third_party/boringssl-with-bazel/src/crypto/err/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/{evp.c → evp.cc} +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_ctx.c → evp_ctx.cc} +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh.c → p_dh.cc} +23 -14
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh_asn1.c → p_dh_asn1.cc} +38 -21
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dsa_asn1.c → p_dsa_asn1.cc} +19 -24
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec.c → p_ec.cc} +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec_asn1.c → p_ec_asn1.cc} +20 -20
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519.c → p_ed25519.cc} +22 -19
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519_asn1.c → p_ed25519_asn1.cc} +14 -13
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_hkdf.c → p_hkdf.cc} +18 -14
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa.c → p_rsa.cc} +38 -37
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa_asn1.c → p_rsa_asn1.cc} +16 -18
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519.c → p_x25519.cc} +22 -19
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519_asn1.c → p_x25519_asn1.cc} +18 -17
- data/third_party/boringssl-with-bazel/src/crypto/evp/{pbkdf.c → pbkdf.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/evp/{print.c → print.cc} +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/{scrypt.c → scrypt.cc} +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/{ex_data.c → ex_data.cc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c.inc → aes_nohw.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c.inc → key_wrap.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{bcm.c → bcm.cc} +96 -101
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +165 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c.inc → add.cc.inc} +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c.inc → x86_64-gcc.cc.inc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c.inc → bn.cc.inc} +12 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c.inc → ctx.cc.inc} +5 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c.inc → div.cc.inc} +29 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c.inc → div_extra.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c.inc → exponentiation.cc.inc} +22 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c.inc → gcd.cc.inc} +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c.inc → gcd_extra.cc.inc} +33 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c.inc → montgomery.cc.inc} +10 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c.inc → mul.cc.inc} +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c.inc → prime.cc.inc} +31 -34
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c.inc → shift.cc.inc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c.inc → aead.cc.inc} +18 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c.inc → cipher.cc.inc} +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c.inc → e_aes.cc.inc} +46 -54
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c.inc → cmac.cc.inc} +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +14 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c.inc → dh.cc.inc} +15 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c.inc → digest.cc.inc} +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c.inc → digests.cc.inc} +29 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c.inc → digestsign.cc.inc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/builtin_curves.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c.inc → ec.cc.inc} +10 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c.inc → ec_key.cc.inc} +12 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c.inc → felem.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c.inc → oct.cc.inc} +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c.inc → p224-64.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz-table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c.inc → p256-nistz.cc.inc} +15 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c.inc → p256.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c.inc → scalar.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c.inc → simple_mul.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c.inc → util.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c.inc → wnaf.cc.inc} +24 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c.inc → ecdh.cc.inc} +14 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c.inc → ecdsa.cc.inc} +6 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{fips_shared_support.c → fips_shared_support.cc} +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c.inc → hkdf.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c.inc → hmac.cc.inc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c.inc → gcm.cc.inc} +69 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c.inc → gcm_nohw.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +53 -33
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c.inc → polyval.cc.inc} +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c.inc → ctrdrbg.cc.inc} +5 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c.inc → rand.cc.inc} +20 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c.inc → blinding.cc.inc} +5 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c.inc → padding.cc.inc} +21 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c.inc → rsa.cc.inc} +77 -73
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c.inc → rsa_impl.cc.inc} +50 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c.inc → fips.cc.inc} +14 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c.inc → self_check.cc.inc} +56 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c.inc → service_indicator.cc.inc} +10 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c.inc → sha1.cc.inc} +26 -33
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c.inc → sha256.cc.inc} +37 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c.inc → sha512.cc.inc} +48 -76
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/hpke/{hpke.c → hpke.cc} +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/hrss/{hrss.c → hrss.cc} +53 -110
- data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +191 -248
- data/third_party/boringssl-with-bazel/src/crypto/keccak/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/keccak/{keccak.c → keccak.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/kyber/{kyber.c → kyber.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/lhash/{lhash.c → lhash.cc} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md4/md4.c.inc → md4/md4.cc} +8 -12
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5 → md5}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5/md5.c.inc → md5/md5.cc} +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/{mem.c → mem.cc} +34 -22
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/{mldsa.c → mldsa.cc} +646 -543
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/obj/{obj.c → obj.cc} +27 -30
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_info.c → pem_info.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_lib.c → pem_lib.cc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_oth.c → pem_oth.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7.c → pkcs7.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7_x509.c → pkcs7_x509.cc} +26 -25
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{p5_pbev2.c → p5_pbev2.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8.c → pkcs8.cc} +159 -158
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8_x509.c → pkcs8_x509.cc} +90 -97
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305.c → poly1305.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_arm.c → poly1305_arm.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_vec.c → poly1305_vec.cc} +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pool/{pool.c → pool.cc} +12 -11
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{deterministic.c → deterministic.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{fork_detect.c → fork_detect.cc} +11 -12
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{forkunsafe.c → forkunsafe.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{getentropy.c → getentropy.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getrandom_fillin.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{ios.c → ios.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{passive.c → passive.cc} +22 -18
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{rand_extra.c → rand_extra.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{trusty.c → trusty.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{urandom.c → urandom.cc} +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{windows.c → windows.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{refcount.c → refcount.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_asn1.c → rsa_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_crypt.c → rsa_crypt.cc} +81 -78
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_extra.cc +17 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha1.cc +52 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha256.cc +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha512.cc +104 -0
- data/third_party/boringssl-with-bazel/src/crypto/siphash/{siphash.c → siphash.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/address.h +123 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.cc +169 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.h +58 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/internal.h +63 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.cc +161 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.h +70 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/params.h +83 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/slhdsa.cc +307 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.cc +173 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.h +85 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.cc +171 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.h +50 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/{stack.c → stack.cc} +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/{thread_none.c → thread_none.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{thread_pthread.c → thread_pthread.cc} +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/{thread_win.c → thread_win.cc} +21 -17
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{pmbtoken.c → pmbtoken.cc} +146 -158
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{trust_token.c → trust_token.cc} +19 -21
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{voprf.c → voprf.cc} +165 -169
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_digest.c → a_digest.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_sign.c → a_sign.cc} +37 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_verify.c → a_verify.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{algorithm.c → algorithm.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{asn1_gen.c → asn1_gen.cc} +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{by_dir.c → by_dir.cc} +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{policy.c → policy.cc} +188 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/{rsa_pss.c → rsa_pss.cc} +48 -44
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akey.c → v3_akey.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_alt.c → v3_alt.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bcons.c → v3_bcons.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bitst.c → v3_bitst.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_conf.c → v3_conf.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_cpols.c → v3_cpols.cc} +47 -41
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_crld.c → v3_crld.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_enum.c → v3_enum.cc} +5 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_extku.c → v3_extku.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_genn.c → v3_genn.cc} +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ia5.c → v3_ia5.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_info.c → v3_info.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_int.c → v3_int.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_lib.c → v3_lib.cc} +9 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ncons.c → v3_ncons.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ocsp.c → v3_ocsp.cc} +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pcons.c → v3_pcons.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pmaps.c → v3_pmaps.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_prn.c → v3_prn.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_purp.c → v3_purp.cc} +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_skey.c → v3_skey.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_utl.c → v3_utl.cc} +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_att.c → x509_att.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_lu.c → x509_lu.cc} +6 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_v3.c → x509_v3.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vfy.c → x509_vfy.cc} +216 -212
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vpm.c → x509_vpm.cc} +55 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509spki.c → x509spki.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_all.c → x_all.cc} +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_crl.c → x_crl.cc} +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_name.c → x_name.cc} +39 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_pubkey.c → x_pubkey.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509.c → x_x509.cc} +48 -44
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509a.c → x_x509a.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/gen/crypto/{err_data.c → err_data.cc} +359 -358
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1_mac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +237 -275
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +12 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/bcm_public.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/buffer.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cmac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +13 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dtls1.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/e_os2.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +17 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/engine.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/kyber.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/is_boringssl.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +8 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/obj_mac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/objects.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslv.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ossl_typ.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs12.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/safestack.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +2 -40
- data/third_party/boringssl-with-bazel/src/include/openssl/siphash.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/slhdsa.h +133 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +6 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/srtp.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +160 -116
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/target.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -6
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +667 -322
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +116 -119
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +163 -21
- data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +4 -12
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +94 -49
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +296 -198
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +23 -14
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +363 -343
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +48 -58
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +44 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +145 -159
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +65 -58
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +910 -356
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +29 -41
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +13 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +90 -183
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +38 -64
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +103 -44
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +210 -220
- data/third_party/boringssl-with-bazel/src/ssl/ssl_credential.cc +70 -12
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +20 -17
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +146 -169
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +15 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +79 -95
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +91 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +30 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +51 -56
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +22 -25
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +43 -27
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +63 -59
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +204 -121
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +86 -59
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +51 -62
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +37 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +6 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +6 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -1
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1 -1
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +3 -0
- metadata +339 -339
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb.h +0 -426
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.c +0 -87
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.h +0 -32
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb.h +0 -408
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.c +0 -124
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.h +0 -38
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +0 -108
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.h +0 -33
- data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.c +0 -67
- data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.h +0 -48
- data/src/core/util/atm.cc +0 -34
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/dilithium.c +0 -1539
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/internal.h +0 -58
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +0 -101
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +0 -50
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +0 -133
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +0 -54
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +0 -150
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +0 -61
- data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +0 -71
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +0 -140
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +0 -53
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +0 -44
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +0 -136
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +0 -70
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +0 -135
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +0 -45
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +0 -129
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/spx.h +0 -90
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bool.c → a_bool.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_gentm.c → a_gentm.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_octet.c → a_octet.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strex.c → a_strex.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_time.c → a_time.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_utctm.c → a_utctm.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_par.c → asn1_par.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_int.c → f_int.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_string.c → f_string.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_typ.c → tasn_typ.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{errno.c → errno.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{fd.c → fd.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{hexdump.c → hexdump.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{socket.c → socket.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{cipher_extra.c → cipher_extra.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{derive_key.c → derive_key.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{tls_cbc.c → tls_cbc.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/des/{des.c → des.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{params.c → params.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/{ecdh_extra.c → ecdh_extra.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_asn1.c → evp_asn1.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/evp/{sign.c → sign.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c.inc → aes.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c.inc → mode_wrappers.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c.inc → bytes.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c.inc → cmp.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c.inc → generic.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c.inc → jacobi.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c.inc → montgomery_inv.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c.inc → random.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c.inc → rsaz_exp.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c.inc → sqrt.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c.inc → e_aesccm.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c.inc → check.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c.inc → ec_montgomery.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c.inc → simple.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c.inc → cbc.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c.inc → cfb.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c.inc → ctr.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c.inc → ofb.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c.inc → kdf.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/obj/{obj_xref.c → obj_xref.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_all.c → pem_all.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pk8.c → pem_pk8.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pkey.c → pem_pkey.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_x509.c → pem_x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_xaux.c → pem_xaux.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/rc4/{rc4.c → rc4.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_print.c → rsa_print.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/{thread.c → thread.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{by_file.c → by_file.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{i2d_pr.c → i2d_pr.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{name_print.c → name_print.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_crl.c → t_crl.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_req.c → t_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509.c → t_x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509a.c → t_x509a.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akeya.c → v3_akeya.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509.c → x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_cmp.c → x509_cmp.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_d2.c → x509_d2.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_def.c → x509_def.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_ext.c → x509_ext.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_obj.c → x509_obj.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_req.c → x509_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_set.c → x509_set.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_trs.c → x509_trs.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_txt.c → x509_txt.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509cset.c → x509cset.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509name.c → x509name.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509rset.c → x509rset.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_algor.c → x_algor.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_attrib.c → x_attrib.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_exten.c → x_exten.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_req.c → x_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_sig.c → x_sig.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_spki.c → x_spki.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_val.c → x_val.cc} +0 -0
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
/* Copyright 2024 The BoringSSL Authors
|
|
2
|
+
*
|
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
|
6
|
+
*
|
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
14
|
+
|
|
15
|
+
#ifndef OPENSSL_HEADER_CRYPTO_SLHDSA_MERKLE_H
|
|
16
|
+
#define OPENSSL_HEADER_CRYPTO_SLHDSA_MERKLE_H
|
|
17
|
+
|
|
18
|
+
#include <openssl/base.h>
|
|
19
|
+
|
|
20
|
+
#include <sys/types.h>
|
|
21
|
+
|
|
22
|
+
#include "./params.h"
|
|
23
|
+
|
|
24
|
+
#if defined(__cplusplus)
|
|
25
|
+
extern "C" {
|
|
26
|
+
#endif
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
// Implements Algorithm 9: xmss_node function (page 23)
|
|
30
|
+
void slhdsa_treehash(uint8_t out_pk[SLHDSA_SHA2_128S_N],
|
|
31
|
+
const uint8_t sk_seed[SLHDSA_SHA2_128S_N],
|
|
32
|
+
uint32_t i /*target node index*/,
|
|
33
|
+
uint32_t z /*target node height*/,
|
|
34
|
+
const uint8_t pk_seed[SLHDSA_SHA2_128S_N],
|
|
35
|
+
uint8_t addr[32]);
|
|
36
|
+
|
|
37
|
+
// Implements Algorithm 10: xmss_sign function (page 24)
|
|
38
|
+
void slhdsa_xmss_sign(uint8_t sig[SLHDSA_SHA2_128S_XMSS_BYTES],
|
|
39
|
+
const uint8_t msg[SLHDSA_SHA2_128S_N], unsigned int idx,
|
|
40
|
+
const uint8_t sk_seed[SLHDSA_SHA2_128S_N],
|
|
41
|
+
const uint8_t pk_seed[SLHDSA_SHA2_128S_N],
|
|
42
|
+
uint8_t addr[32]);
|
|
43
|
+
|
|
44
|
+
// Implements Algorithm 11: xmss_pkFromSig function (page 25)
|
|
45
|
+
void slhdsa_xmss_pk_from_sig(
|
|
46
|
+
uint8_t root[SLHDSA_SHA2_128S_N],
|
|
47
|
+
const uint8_t xmss_sig[SLHDSA_SHA2_128S_XMSS_BYTES], unsigned int idx,
|
|
48
|
+
const uint8_t msg[SLHDSA_SHA2_128S_N],
|
|
49
|
+
const uint8_t pk_seed[SLHDSA_SHA2_128S_N], uint8_t addr[32]);
|
|
50
|
+
|
|
51
|
+
// Implements Algorithm 12: ht_sign function (page 27)
|
|
52
|
+
void slhdsa_ht_sign(
|
|
53
|
+
uint8_t sig[SLHDSA_SHA2_128S_D * SLHDSA_SHA2_128S_XMSS_BYTES],
|
|
54
|
+
const uint8_t message[SLHDSA_SHA2_128S_N], uint64_t idx_tree,
|
|
55
|
+
uint32_t idx_leaf, const uint8_t sk_seed[SLHDSA_SHA2_128S_N],
|
|
56
|
+
const uint8_t pk_seed[SLHDSA_SHA2_128S_N]);
|
|
57
|
+
|
|
58
|
+
// Implements Algorithm 13: ht_verify function (page 28)
|
|
59
|
+
int slhdsa_ht_verify(
|
|
60
|
+
const uint8_t sig[SLHDSA_SHA2_128S_D * SLHDSA_SHA2_128S_XMSS_BYTES],
|
|
61
|
+
const uint8_t message[SLHDSA_SHA2_128S_N], uint64_t idx_tree,
|
|
62
|
+
uint32_t idx_leaf, const uint8_t pk_root[SLHDSA_SHA2_128S_N],
|
|
63
|
+
const uint8_t pk_seed[SLHDSA_SHA2_128S_N]);
|
|
64
|
+
|
|
65
|
+
|
|
66
|
+
#if defined(__cplusplus)
|
|
67
|
+
} // extern C
|
|
68
|
+
#endif
|
|
69
|
+
|
|
70
|
+
#endif // OPENSSL_HEADER_CRYPTO_SLHDSA_MERKLE_H
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
/* Copyright 2024 The BoringSSL Authors
|
|
2
|
+
*
|
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
|
6
|
+
*
|
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
14
|
+
|
|
15
|
+
#ifndef OPENSSL_HEADER_CRYPTO_SLHDSA_PARAMS_H
|
|
16
|
+
#define OPENSSL_HEADER_CRYPTO_SLHDSA_PARAMS_H
|
|
17
|
+
|
|
18
|
+
#include <openssl/base.h>
|
|
19
|
+
|
|
20
|
+
#if defined(__cplusplus)
|
|
21
|
+
extern "C" {
|
|
22
|
+
#endif
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
// Output length of the hash function.
|
|
26
|
+
#define SLHDSA_SHA2_128S_N 16
|
|
27
|
+
// Total height of the tree structure.
|
|
28
|
+
#define SLHDSA_SHA2_128S_FULL_HEIGHT 63
|
|
29
|
+
// Number of subtree layers.
|
|
30
|
+
#define SLHDSA_SHA2_128S_D 7
|
|
31
|
+
// Height of the trees on each layer
|
|
32
|
+
#define SLHDSA_SHA2_128S_TREE_HEIGHT 9
|
|
33
|
+
// Height of each individual FORS tree.
|
|
34
|
+
#define SLHDSA_SHA2_128S_FORS_HEIGHT 12
|
|
35
|
+
// Total number of FORS tree used.
|
|
36
|
+
#define SLHDSA_SHA2_128S_FORS_TREES 14
|
|
37
|
+
// Size of a FORS signature
|
|
38
|
+
#define SLHDSA_SHA2_128S_FORS_BYTES \
|
|
39
|
+
((SLHDSA_SHA2_128S_FORS_HEIGHT + 1) * SLHDSA_SHA2_128S_FORS_TREES * \
|
|
40
|
+
SLHDSA_SHA2_128S_N)
|
|
41
|
+
// The number of bytes at the beginning of M', the augmented message, before the
|
|
42
|
+
// context.
|
|
43
|
+
#define SLHDSA_M_PRIME_HEADER_LEN 2
|
|
44
|
+
|
|
45
|
+
// Winternitz parameter and derived values
|
|
46
|
+
#define SLHDSA_SHA2_128S_WOTS_W 16
|
|
47
|
+
#define SLHDSA_SHA2_128S_WOTS_LOG_W 4
|
|
48
|
+
#define SLHDSA_SHA2_128S_WOTS_LEN1 32
|
|
49
|
+
#define SLHDSA_SHA2_128S_WOTS_LEN2 3
|
|
50
|
+
#define SLHDSA_SHA2_128S_WOTS_LEN 35
|
|
51
|
+
#define SLHDSA_SHA2_128S_WOTS_BYTES \
|
|
52
|
+
(SLHDSA_SHA2_128S_N * SLHDSA_SHA2_128S_WOTS_LEN)
|
|
53
|
+
|
|
54
|
+
// XMSS sizes
|
|
55
|
+
#define SLHDSA_SHA2_128S_XMSS_BYTES \
|
|
56
|
+
(SLHDSA_SHA2_128S_WOTS_BYTES + \
|
|
57
|
+
(SLHDSA_SHA2_128S_N * SLHDSA_SHA2_128S_TREE_HEIGHT))
|
|
58
|
+
|
|
59
|
+
// Size of the message digest (NOTE: This is only correct for the SHA-256 params
|
|
60
|
+
// here)
|
|
61
|
+
#define SLHDSA_SHA2_128S_DIGEST_SIZE \
|
|
62
|
+
(((SLHDSA_SHA2_128S_FORS_TREES * SLHDSA_SHA2_128S_FORS_HEIGHT) / 8) + \
|
|
63
|
+
(((SLHDSA_SHA2_128S_FULL_HEIGHT - SLHDSA_SHA2_128S_TREE_HEIGHT) / 8) + 1) + \
|
|
64
|
+
(SLHDSA_SHA2_128S_TREE_HEIGHT / 8) + 1)
|
|
65
|
+
|
|
66
|
+
// Compressed address size when using SHA-256
|
|
67
|
+
#define SLHDSA_SHA2_128S_SHA256_ADDR_BYTES 22
|
|
68
|
+
|
|
69
|
+
// Size of the FORS message hash
|
|
70
|
+
#define SLHDSA_SHA2_128S_FORS_MSG_BYTES \
|
|
71
|
+
((SLHDSA_SHA2_128S_FORS_HEIGHT * SLHDSA_SHA2_128S_FORS_TREES + 7) / 8)
|
|
72
|
+
#define SLHDSA_SHA2_128S_TREE_BITS \
|
|
73
|
+
(SLHDSA_SHA2_128S_TREE_HEIGHT * (SLHDSA_SHA2_128S_D - 1))
|
|
74
|
+
#define SLHDSA_SHA2_128S_TREE_BYTES ((SLHDSA_SHA2_128S_TREE_BITS + 7) / 8)
|
|
75
|
+
#define SLHDSA_SHA2_128S_LEAF_BITS SLHDSA_SHA2_128S_TREE_HEIGHT
|
|
76
|
+
#define SLHDSA_SHA2_128S_LEAF_BYTES ((SLHDSA_SHA2_128S_LEAF_BITS + 7) / 8)
|
|
77
|
+
|
|
78
|
+
|
|
79
|
+
#if defined(__cplusplus)
|
|
80
|
+
} // extern C
|
|
81
|
+
#endif
|
|
82
|
+
|
|
83
|
+
#endif // OPENSSL_HEADER_CRYPTO_SLHDSA_PARAMS_H
|
|
@@ -0,0 +1,307 @@
|
|
|
1
|
+
/* Copyright 2024 The BoringSSL Authors
|
|
2
|
+
*
|
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
|
6
|
+
*
|
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
14
|
+
|
|
15
|
+
#include <openssl/slhdsa.h>
|
|
16
|
+
|
|
17
|
+
#include <string.h>
|
|
18
|
+
|
|
19
|
+
#include <openssl/bytestring.h>
|
|
20
|
+
#include <openssl/obj.h>
|
|
21
|
+
#include <openssl/rand.h>
|
|
22
|
+
|
|
23
|
+
#include "../internal.h"
|
|
24
|
+
#include "address.h"
|
|
25
|
+
#include "fors.h"
|
|
26
|
+
#include "internal.h"
|
|
27
|
+
#include "merkle.h"
|
|
28
|
+
#include "params.h"
|
|
29
|
+
#include "thash.h"
|
|
30
|
+
|
|
31
|
+
|
|
32
|
+
// The OBJECT IDENTIFIER header is also included in these values, per the spec.
|
|
33
|
+
static const uint8_t kSHA384OID[] = {0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
|
|
34
|
+
0x65, 0x03, 0x04, 0x02, 0x02};
|
|
35
|
+
#define MAX_OID_LENGTH 11
|
|
36
|
+
#define MAX_CONTEXT_LENGTH 255
|
|
37
|
+
|
|
38
|
+
void SLHDSA_SHA2_128S_generate_key_from_seed(
|
|
39
|
+
uint8_t out_public_key[SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],
|
|
40
|
+
uint8_t out_secret_key[SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES],
|
|
41
|
+
const uint8_t seed[3 * SLHDSA_SHA2_128S_N]) {
|
|
42
|
+
// Initialize SK.seed || SK.prf || PK.seed from seed.
|
|
43
|
+
OPENSSL_memcpy(out_secret_key, seed, 3 * SLHDSA_SHA2_128S_N);
|
|
44
|
+
|
|
45
|
+
// Initialize PK.seed from seed.
|
|
46
|
+
OPENSSL_memcpy(out_public_key, seed + 2 * SLHDSA_SHA2_128S_N,
|
|
47
|
+
SLHDSA_SHA2_128S_N);
|
|
48
|
+
|
|
49
|
+
uint8_t addr[32] = {0};
|
|
50
|
+
slhdsa_set_layer_addr(addr, SLHDSA_SHA2_128S_D - 1);
|
|
51
|
+
|
|
52
|
+
// Set PK.root
|
|
53
|
+
slhdsa_treehash(out_public_key + SLHDSA_SHA2_128S_N, out_secret_key, 0,
|
|
54
|
+
SLHDSA_SHA2_128S_TREE_HEIGHT, out_public_key, addr);
|
|
55
|
+
OPENSSL_memcpy(out_secret_key + 3 * SLHDSA_SHA2_128S_N,
|
|
56
|
+
out_public_key + SLHDSA_SHA2_128S_N, SLHDSA_SHA2_128S_N);
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
void SLHDSA_SHA2_128S_generate_key(
|
|
60
|
+
uint8_t out_public_key[SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],
|
|
61
|
+
uint8_t out_private_key[SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES]) {
|
|
62
|
+
uint8_t seed[3 * SLHDSA_SHA2_128S_N];
|
|
63
|
+
RAND_bytes(seed, 3 * SLHDSA_SHA2_128S_N);
|
|
64
|
+
SLHDSA_SHA2_128S_generate_key_from_seed(out_public_key, out_private_key,
|
|
65
|
+
seed);
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
OPENSSL_EXPORT void SLHDSA_SHA2_128S_public_from_private(
|
|
69
|
+
uint8_t out_public_key[SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],
|
|
70
|
+
const uint8_t private_key[SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES]) {
|
|
71
|
+
OPENSSL_memcpy(out_public_key, private_key + 2 * SLHDSA_SHA2_128S_N,
|
|
72
|
+
SLHDSA_SHA2_128S_N * 2);
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
// Note that this overreads by a byte. This is fine in the context that it's
|
|
76
|
+
// used.
|
|
77
|
+
static uint64_t load_tree_index(const uint8_t in[8]) {
|
|
78
|
+
static_assert(SLHDSA_SHA2_128S_TREE_BYTES == 7,
|
|
79
|
+
"This code needs to be updated");
|
|
80
|
+
uint64_t index = CRYPTO_load_u64_be(in);
|
|
81
|
+
index >>= 8;
|
|
82
|
+
index &= (~(uint64_t)0) >> (64 - SLHDSA_SHA2_128S_TREE_BITS);
|
|
83
|
+
return index;
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
// Implements Algorithm 22: slh_sign function (Section 10.2.1, page 39)
|
|
87
|
+
void SLHDSA_SHA2_128S_sign_internal(
|
|
88
|
+
uint8_t out_signature[SLHDSA_SHA2_128S_SIGNATURE_BYTES],
|
|
89
|
+
const uint8_t secret_key[SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES],
|
|
90
|
+
const uint8_t header[SLHDSA_M_PRIME_HEADER_LEN], const uint8_t *context,
|
|
91
|
+
size_t context_len, const uint8_t *msg, size_t msg_len,
|
|
92
|
+
const uint8_t entropy[SLHDSA_SHA2_128S_N]) {
|
|
93
|
+
const uint8_t *sk_seed = secret_key;
|
|
94
|
+
const uint8_t *sk_prf = secret_key + SLHDSA_SHA2_128S_N;
|
|
95
|
+
const uint8_t *pk_seed = secret_key + 2 * SLHDSA_SHA2_128S_N;
|
|
96
|
+
const uint8_t *pk_root = secret_key + 3 * SLHDSA_SHA2_128S_N;
|
|
97
|
+
|
|
98
|
+
// Derive randomizer R and copy it to signature
|
|
99
|
+
uint8_t R[SLHDSA_SHA2_128S_N];
|
|
100
|
+
slhdsa_thash_prfmsg(R, sk_prf, entropy, header, context, context_len, msg,
|
|
101
|
+
msg_len);
|
|
102
|
+
OPENSSL_memcpy(out_signature, R, SLHDSA_SHA2_128S_N);
|
|
103
|
+
|
|
104
|
+
// Compute message digest
|
|
105
|
+
uint8_t digest[SLHDSA_SHA2_128S_DIGEST_SIZE];
|
|
106
|
+
slhdsa_thash_hmsg(digest, R, pk_seed, pk_root, header, context, context_len,
|
|
107
|
+
msg, msg_len);
|
|
108
|
+
|
|
109
|
+
uint8_t fors_digest[SLHDSA_SHA2_128S_FORS_MSG_BYTES];
|
|
110
|
+
OPENSSL_memcpy(fors_digest, digest, SLHDSA_SHA2_128S_FORS_MSG_BYTES);
|
|
111
|
+
|
|
112
|
+
const uint64_t idx_tree =
|
|
113
|
+
load_tree_index(digest + SLHDSA_SHA2_128S_FORS_MSG_BYTES);
|
|
114
|
+
uint32_t idx_leaf = CRYPTO_load_u16_be(
|
|
115
|
+
digest + SLHDSA_SHA2_128S_FORS_MSG_BYTES + SLHDSA_SHA2_128S_TREE_BYTES);
|
|
116
|
+
idx_leaf &= (~(uint32_t)0) >> (32 - SLHDSA_SHA2_128S_LEAF_BITS);
|
|
117
|
+
|
|
118
|
+
uint8_t addr[32] = {0};
|
|
119
|
+
slhdsa_set_tree_addr(addr, idx_tree);
|
|
120
|
+
slhdsa_set_type(addr, SLHDSA_SHA2_128S_ADDR_TYPE_FORSTREE);
|
|
121
|
+
slhdsa_set_keypair_addr(addr, idx_leaf);
|
|
122
|
+
|
|
123
|
+
slhdsa_fors_sign(out_signature + SLHDSA_SHA2_128S_N, fors_digest, sk_seed,
|
|
124
|
+
pk_seed, addr);
|
|
125
|
+
|
|
126
|
+
uint8_t pk_fors[SLHDSA_SHA2_128S_N];
|
|
127
|
+
slhdsa_fors_pk_from_sig(pk_fors, out_signature + SLHDSA_SHA2_128S_N,
|
|
128
|
+
fors_digest, pk_seed, addr);
|
|
129
|
+
|
|
130
|
+
slhdsa_ht_sign(
|
|
131
|
+
out_signature + SLHDSA_SHA2_128S_N + SLHDSA_SHA2_128S_FORS_BYTES, pk_fors,
|
|
132
|
+
idx_tree, idx_leaf, sk_seed, pk_seed);
|
|
133
|
+
}
|
|
134
|
+
|
|
135
|
+
int SLHDSA_SHA2_128S_sign(
|
|
136
|
+
uint8_t out_signature[SLHDSA_SHA2_128S_SIGNATURE_BYTES],
|
|
137
|
+
const uint8_t private_key[SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES],
|
|
138
|
+
const uint8_t *msg, size_t msg_len, const uint8_t *context,
|
|
139
|
+
size_t context_len) {
|
|
140
|
+
if (context_len > MAX_CONTEXT_LENGTH) {
|
|
141
|
+
return 0;
|
|
142
|
+
}
|
|
143
|
+
|
|
144
|
+
// Construct header for M' as specified in Algorithm 22
|
|
145
|
+
uint8_t M_prime_header[2];
|
|
146
|
+
M_prime_header[0] = 0; // domain separator for pure signing
|
|
147
|
+
M_prime_header[1] = (uint8_t)context_len;
|
|
148
|
+
|
|
149
|
+
uint8_t entropy[SLHDSA_SHA2_128S_N];
|
|
150
|
+
RAND_bytes(entropy, sizeof(entropy));
|
|
151
|
+
SLHDSA_SHA2_128S_sign_internal(out_signature, private_key, M_prime_header,
|
|
152
|
+
context, context_len, msg, msg_len, entropy);
|
|
153
|
+
return 1;
|
|
154
|
+
}
|
|
155
|
+
|
|
156
|
+
static int slhdsa_get_nonstandard_context_and_oid(
|
|
157
|
+
uint8_t *out_context_and_oid, size_t *out_context_and_oid_len,
|
|
158
|
+
size_t max_out_context_and_oid, const uint8_t *context, size_t context_len,
|
|
159
|
+
int hash_nid, size_t hashed_msg_len) {
|
|
160
|
+
const uint8_t *oid;
|
|
161
|
+
size_t oid_len;
|
|
162
|
+
size_t expected_hash_len;
|
|
163
|
+
switch (hash_nid) {
|
|
164
|
+
// The SLH-DSA spec only lists SHA-256 and SHA-512. This function supports
|
|
165
|
+
// SHA-384, which is non-standard.
|
|
166
|
+
case NID_sha384:
|
|
167
|
+
oid = kSHA384OID;
|
|
168
|
+
oid_len = sizeof(kSHA384OID);
|
|
169
|
+
static_assert(sizeof(kSHA384OID) <= MAX_OID_LENGTH, "");
|
|
170
|
+
expected_hash_len = 48;
|
|
171
|
+
break;
|
|
172
|
+
// If adding a hash function with a larger `oid_len`, update the size of
|
|
173
|
+
// `context_and_oid` in the callers.
|
|
174
|
+
default:
|
|
175
|
+
return 0;
|
|
176
|
+
}
|
|
177
|
+
|
|
178
|
+
if (hashed_msg_len != expected_hash_len) {
|
|
179
|
+
return 0;
|
|
180
|
+
}
|
|
181
|
+
|
|
182
|
+
*out_context_and_oid_len = context_len + oid_len;
|
|
183
|
+
if (*out_context_and_oid_len > max_out_context_and_oid) {
|
|
184
|
+
return 0;
|
|
185
|
+
}
|
|
186
|
+
|
|
187
|
+
OPENSSL_memcpy(out_context_and_oid, context, context_len);
|
|
188
|
+
OPENSSL_memcpy(out_context_and_oid + context_len, oid, oid_len);
|
|
189
|
+
|
|
190
|
+
return 1;
|
|
191
|
+
}
|
|
192
|
+
|
|
193
|
+
|
|
194
|
+
int SLHDSA_SHA2_128S_prehash_warning_nonstandard_sign(
|
|
195
|
+
uint8_t out_signature[SLHDSA_SHA2_128S_SIGNATURE_BYTES],
|
|
196
|
+
const uint8_t private_key[SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES],
|
|
197
|
+
const uint8_t *hashed_msg, size_t hashed_msg_len, int hash_nid,
|
|
198
|
+
const uint8_t *context, size_t context_len) {
|
|
199
|
+
if (context_len > MAX_CONTEXT_LENGTH) {
|
|
200
|
+
return 0;
|
|
201
|
+
}
|
|
202
|
+
|
|
203
|
+
uint8_t M_prime_header[2];
|
|
204
|
+
M_prime_header[0] = 1; // domain separator for prehashed signing
|
|
205
|
+
M_prime_header[1] = (uint8_t)context_len;
|
|
206
|
+
|
|
207
|
+
uint8_t context_and_oid[MAX_CONTEXT_LENGTH + MAX_OID_LENGTH];
|
|
208
|
+
size_t context_and_oid_len;
|
|
209
|
+
if (!slhdsa_get_nonstandard_context_and_oid(
|
|
210
|
+
context_and_oid, &context_and_oid_len, sizeof(context_and_oid),
|
|
211
|
+
context, context_len, hash_nid, hashed_msg_len)) {
|
|
212
|
+
return 0;
|
|
213
|
+
}
|
|
214
|
+
|
|
215
|
+
uint8_t entropy[SLHDSA_SHA2_128S_N];
|
|
216
|
+
RAND_bytes(entropy, sizeof(entropy));
|
|
217
|
+
SLHDSA_SHA2_128S_sign_internal(out_signature, private_key, M_prime_header,
|
|
218
|
+
context_and_oid, context_and_oid_len,
|
|
219
|
+
hashed_msg, hashed_msg_len, entropy);
|
|
220
|
+
return 1;
|
|
221
|
+
}
|
|
222
|
+
|
|
223
|
+
// Implements Algorithm 24: slh_verify function (Section 10.3, page 41)
|
|
224
|
+
int SLHDSA_SHA2_128S_verify(
|
|
225
|
+
const uint8_t *signature, size_t signature_len,
|
|
226
|
+
const uint8_t public_key[SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],
|
|
227
|
+
const uint8_t *msg, size_t msg_len, const uint8_t *context,
|
|
228
|
+
size_t context_len) {
|
|
229
|
+
if (context_len > MAX_CONTEXT_LENGTH) {
|
|
230
|
+
return 0;
|
|
231
|
+
}
|
|
232
|
+
|
|
233
|
+
// Construct header for M' as specified in Algorithm 24
|
|
234
|
+
uint8_t M_prime_header[2];
|
|
235
|
+
M_prime_header[0] = 0; // domain separator for pure verification
|
|
236
|
+
M_prime_header[1] = (uint8_t)context_len;
|
|
237
|
+
|
|
238
|
+
return SLHDSA_SHA2_128S_verify_internal(signature, signature_len, public_key,
|
|
239
|
+
M_prime_header, context, context_len,
|
|
240
|
+
msg, msg_len);
|
|
241
|
+
}
|
|
242
|
+
|
|
243
|
+
int SLHDSA_SHA2_128S_prehash_warning_nonstandard_verify(
|
|
244
|
+
const uint8_t *signature, size_t signature_len,
|
|
245
|
+
const uint8_t public_key[SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],
|
|
246
|
+
const uint8_t *hashed_msg, size_t hashed_msg_len, int hash_nid,
|
|
247
|
+
const uint8_t *context, size_t context_len) {
|
|
248
|
+
if (context_len > MAX_CONTEXT_LENGTH) {
|
|
249
|
+
return 0;
|
|
250
|
+
}
|
|
251
|
+
|
|
252
|
+
uint8_t M_prime_header[2];
|
|
253
|
+
M_prime_header[0] = 1; // domain separator for prehashed verification
|
|
254
|
+
M_prime_header[1] = (uint8_t)context_len;
|
|
255
|
+
|
|
256
|
+
uint8_t context_and_oid[MAX_CONTEXT_LENGTH + MAX_OID_LENGTH];
|
|
257
|
+
size_t context_and_oid_len;
|
|
258
|
+
if (!slhdsa_get_nonstandard_context_and_oid(
|
|
259
|
+
context_and_oid, &context_and_oid_len, sizeof(context_and_oid),
|
|
260
|
+
context, context_len, hash_nid, hashed_msg_len)) {
|
|
261
|
+
return 0;
|
|
262
|
+
}
|
|
263
|
+
|
|
264
|
+
return SLHDSA_SHA2_128S_verify_internal(
|
|
265
|
+
signature, signature_len, public_key, M_prime_header, context_and_oid,
|
|
266
|
+
context_and_oid_len, hashed_msg, hashed_msg_len);
|
|
267
|
+
}
|
|
268
|
+
|
|
269
|
+
int SLHDSA_SHA2_128S_verify_internal(
|
|
270
|
+
const uint8_t *signature, size_t signature_len,
|
|
271
|
+
const uint8_t public_key[SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],
|
|
272
|
+
const uint8_t header[SLHDSA_M_PRIME_HEADER_LEN], const uint8_t *context,
|
|
273
|
+
size_t context_len, const uint8_t *msg, size_t msg_len) {
|
|
274
|
+
if (signature_len != SLHDSA_SHA2_128S_SIGNATURE_BYTES) {
|
|
275
|
+
return 0;
|
|
276
|
+
}
|
|
277
|
+
const uint8_t *pk_seed = public_key;
|
|
278
|
+
const uint8_t *pk_root = public_key + SLHDSA_SHA2_128S_N;
|
|
279
|
+
|
|
280
|
+
const uint8_t *r = signature;
|
|
281
|
+
const uint8_t *sig_fors = signature + SLHDSA_SHA2_128S_N;
|
|
282
|
+
const uint8_t *sig_ht = sig_fors + SLHDSA_SHA2_128S_FORS_BYTES;
|
|
283
|
+
|
|
284
|
+
uint8_t digest[SLHDSA_SHA2_128S_DIGEST_SIZE];
|
|
285
|
+
slhdsa_thash_hmsg(digest, r, pk_seed, pk_root, header, context, context_len,
|
|
286
|
+
msg, msg_len);
|
|
287
|
+
|
|
288
|
+
uint8_t fors_digest[SLHDSA_SHA2_128S_FORS_MSG_BYTES];
|
|
289
|
+
OPENSSL_memcpy(fors_digest, digest, SLHDSA_SHA2_128S_FORS_MSG_BYTES);
|
|
290
|
+
|
|
291
|
+
const uint64_t idx_tree =
|
|
292
|
+
load_tree_index(digest + SLHDSA_SHA2_128S_FORS_MSG_BYTES);
|
|
293
|
+
uint32_t idx_leaf = CRYPTO_load_u16_be(
|
|
294
|
+
digest + SLHDSA_SHA2_128S_FORS_MSG_BYTES + SLHDSA_SHA2_128S_TREE_BYTES);
|
|
295
|
+
idx_leaf &= (~(uint32_t)0) >> (32 - SLHDSA_SHA2_128S_LEAF_BITS);
|
|
296
|
+
|
|
297
|
+
uint8_t addr[32] = {0};
|
|
298
|
+
slhdsa_set_tree_addr(addr, idx_tree);
|
|
299
|
+
slhdsa_set_type(addr, SLHDSA_SHA2_128S_ADDR_TYPE_FORSTREE);
|
|
300
|
+
slhdsa_set_keypair_addr(addr, idx_leaf);
|
|
301
|
+
|
|
302
|
+
uint8_t pk_fors[SLHDSA_SHA2_128S_N];
|
|
303
|
+
slhdsa_fors_pk_from_sig(pk_fors, sig_fors, fors_digest, pk_seed, addr);
|
|
304
|
+
|
|
305
|
+
return slhdsa_ht_verify(sig_ht, pk_fors, idx_tree, idx_leaf, pk_root,
|
|
306
|
+
pk_seed);
|
|
307
|
+
}
|
|
@@ -0,0 +1,173 @@
|
|
|
1
|
+
/* Copyright 2024 The BoringSSL Authors
|
|
2
|
+
*
|
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
|
6
|
+
*
|
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
14
|
+
|
|
15
|
+
#include <openssl/base.h>
|
|
16
|
+
|
|
17
|
+
#include <assert.h>
|
|
18
|
+
#include <string.h>
|
|
19
|
+
|
|
20
|
+
#include <openssl/sha.h>
|
|
21
|
+
|
|
22
|
+
#include "../internal.h"
|
|
23
|
+
#include "./params.h"
|
|
24
|
+
#include "./thash.h"
|
|
25
|
+
|
|
26
|
+
|
|
27
|
+
// Internal thash function used by F, H, and T_l (Section 11.2, pages 44-46)
|
|
28
|
+
static void slhdsa_thash(uint8_t output[SLHDSA_SHA2_128S_N],
|
|
29
|
+
const uint8_t *input, size_t input_blocks,
|
|
30
|
+
const uint8_t pk_seed[SLHDSA_SHA2_128S_N],
|
|
31
|
+
uint8_t addr[32]) {
|
|
32
|
+
SHA256_CTX sha256;
|
|
33
|
+
SHA256_Init(&sha256);
|
|
34
|
+
|
|
35
|
+
// Process pubseed with padding to full block.
|
|
36
|
+
static const uint8_t kZeros[64 - SLHDSA_SHA2_128S_N] = {0};
|
|
37
|
+
SHA256_Update(&sha256, pk_seed, SLHDSA_SHA2_128S_N);
|
|
38
|
+
SHA256_Update(&sha256, kZeros, sizeof(kZeros));
|
|
39
|
+
SHA256_Update(&sha256, addr, SLHDSA_SHA2_128S_SHA256_ADDR_BYTES);
|
|
40
|
+
SHA256_Update(&sha256, input, input_blocks * SLHDSA_SHA2_128S_N);
|
|
41
|
+
|
|
42
|
+
uint8_t hash[32];
|
|
43
|
+
SHA256_Final(hash, &sha256);
|
|
44
|
+
OPENSSL_memcpy(output, hash, SLHDSA_SHA2_128S_N);
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
// Implements PRF_msg function (Section 4.1, page 11 and Section 11.2, pages
|
|
48
|
+
// 44-46)
|
|
49
|
+
void slhdsa_thash_prfmsg(uint8_t output[SLHDSA_SHA2_128S_N],
|
|
50
|
+
const uint8_t sk_prf[SLHDSA_SHA2_128S_N],
|
|
51
|
+
const uint8_t entropy[SLHDSA_SHA2_128S_N],
|
|
52
|
+
const uint8_t header[SLHDSA_M_PRIME_HEADER_LEN],
|
|
53
|
+
const uint8_t *ctx, size_t ctx_len, const uint8_t *msg,
|
|
54
|
+
size_t msg_len) {
|
|
55
|
+
// Compute HMAC-SHA256(sk_prf, entropy || header || ctx || msg). We inline
|
|
56
|
+
// HMAC to avoid an allocation.
|
|
57
|
+
uint8_t hmac_key[SHA256_CBLOCK];
|
|
58
|
+
static_assert(SLHDSA_SHA2_128S_N <= SHA256_CBLOCK,
|
|
59
|
+
"HMAC key is larger than block size");
|
|
60
|
+
OPENSSL_memcpy(hmac_key, sk_prf, SLHDSA_SHA2_128S_N);
|
|
61
|
+
for (size_t i = 0; i < SLHDSA_SHA2_128S_N; i++) {
|
|
62
|
+
hmac_key[i] ^= 0x36;
|
|
63
|
+
}
|
|
64
|
+
OPENSSL_memset(hmac_key + SLHDSA_SHA2_128S_N, 0x36,
|
|
65
|
+
sizeof(hmac_key) - SLHDSA_SHA2_128S_N);
|
|
66
|
+
|
|
67
|
+
SHA256_CTX sha_ctx;
|
|
68
|
+
SHA256_Init(&sha_ctx);
|
|
69
|
+
SHA256_Update(&sha_ctx, hmac_key, sizeof(hmac_key));
|
|
70
|
+
SHA256_Update(&sha_ctx, entropy, SLHDSA_SHA2_128S_N);
|
|
71
|
+
if (header) {
|
|
72
|
+
SHA256_Update(&sha_ctx, header, SLHDSA_M_PRIME_HEADER_LEN);
|
|
73
|
+
}
|
|
74
|
+
SHA256_Update(&sha_ctx, ctx, ctx_len);
|
|
75
|
+
SHA256_Update(&sha_ctx, msg, msg_len);
|
|
76
|
+
uint8_t hash[SHA256_DIGEST_LENGTH];
|
|
77
|
+
SHA256_Final(hash, &sha_ctx);
|
|
78
|
+
|
|
79
|
+
for (size_t i = 0; i < SLHDSA_SHA2_128S_N; i++) {
|
|
80
|
+
hmac_key[i] ^= 0x36 ^ 0x5c;
|
|
81
|
+
}
|
|
82
|
+
OPENSSL_memset(hmac_key + SLHDSA_SHA2_128S_N, 0x5c,
|
|
83
|
+
sizeof(hmac_key) - SLHDSA_SHA2_128S_N);
|
|
84
|
+
|
|
85
|
+
SHA256_Init(&sha_ctx);
|
|
86
|
+
SHA256_Update(&sha_ctx, hmac_key, sizeof(hmac_key));
|
|
87
|
+
SHA256_Update(&sha_ctx, hash, sizeof(hash));
|
|
88
|
+
SHA256_Final(hash, &sha_ctx);
|
|
89
|
+
|
|
90
|
+
// Truncate to SLHDSA_SHA2_128S_N bytes
|
|
91
|
+
OPENSSL_memcpy(output, hash, SLHDSA_SHA2_128S_N);
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
// Implements H_msg function (Section 4.1, page 11 and Section 11.2, pages
|
|
95
|
+
// 44-46)
|
|
96
|
+
void slhdsa_thash_hmsg(uint8_t output[SLHDSA_SHA2_128S_DIGEST_SIZE],
|
|
97
|
+
const uint8_t r[SLHDSA_SHA2_128S_N],
|
|
98
|
+
const uint8_t pk_seed[SLHDSA_SHA2_128S_N],
|
|
99
|
+
const uint8_t pk_root[SLHDSA_SHA2_128S_N],
|
|
100
|
+
const uint8_t header[SLHDSA_M_PRIME_HEADER_LEN],
|
|
101
|
+
const uint8_t *ctx, size_t ctx_len, const uint8_t *msg,
|
|
102
|
+
size_t msg_len) {
|
|
103
|
+
// MGF1-SHA-256(R || PK.seed || SHA-256(R || PK.seed || PK.root || header ||
|
|
104
|
+
// ctx || M), m) input_buffer stores R || PK_SEED || SHA256(..) || 4-byte
|
|
105
|
+
// index
|
|
106
|
+
uint8_t input_buffer[2 * SLHDSA_SHA2_128S_N + 32 + 4] = {0};
|
|
107
|
+
OPENSSL_memcpy(input_buffer, r, SLHDSA_SHA2_128S_N);
|
|
108
|
+
OPENSSL_memcpy(input_buffer + SLHDSA_SHA2_128S_N, pk_seed,
|
|
109
|
+
SLHDSA_SHA2_128S_N);
|
|
110
|
+
|
|
111
|
+
// Inner hash
|
|
112
|
+
SHA256_CTX sha_ctx;
|
|
113
|
+
SHA256_Init(&sha_ctx);
|
|
114
|
+
SHA256_Update(&sha_ctx, r, SLHDSA_SHA2_128S_N);
|
|
115
|
+
SHA256_Update(&sha_ctx, pk_seed, SLHDSA_SHA2_128S_N);
|
|
116
|
+
SHA256_Update(&sha_ctx, pk_root, SLHDSA_SHA2_128S_N);
|
|
117
|
+
if (header) {
|
|
118
|
+
SHA256_Update(&sha_ctx, header, SLHDSA_M_PRIME_HEADER_LEN);
|
|
119
|
+
}
|
|
120
|
+
SHA256_Update(&sha_ctx, ctx, ctx_len);
|
|
121
|
+
SHA256_Update(&sha_ctx, msg, msg_len);
|
|
122
|
+
// Write directly into the input buffer
|
|
123
|
+
SHA256_Final(input_buffer + 2 * SLHDSA_SHA2_128S_N, &sha_ctx);
|
|
124
|
+
|
|
125
|
+
// MGF1-SHA-256
|
|
126
|
+
uint8_t hash[32];
|
|
127
|
+
static_assert(SLHDSA_SHA2_128S_DIGEST_SIZE < sizeof(hash),
|
|
128
|
+
"More MGF1 iterations required");
|
|
129
|
+
SHA256(input_buffer, sizeof(input_buffer), hash);
|
|
130
|
+
OPENSSL_memcpy(output, hash, SLHDSA_SHA2_128S_DIGEST_SIZE);
|
|
131
|
+
}
|
|
132
|
+
|
|
133
|
+
// Implements PRF function (Section 4.1, page 11 and Section 11.2, pages 44-46)
|
|
134
|
+
void slhdsa_thash_prf(uint8_t output[SLHDSA_SHA2_128S_N],
|
|
135
|
+
const uint8_t pk_seed[SLHDSA_SHA2_128S_N],
|
|
136
|
+
const uint8_t sk_seed[SLHDSA_SHA2_128S_N],
|
|
137
|
+
uint8_t addr[32]) {
|
|
138
|
+
slhdsa_thash(output, sk_seed, 1, pk_seed, addr);
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
// Implements T_l function for WOTS+ public key compression (Section 4.1, page
|
|
142
|
+
// 11 and Section 11.2, pages 44-46)
|
|
143
|
+
void slhdsa_thash_tl(uint8_t output[SLHDSA_SHA2_128S_N],
|
|
144
|
+
const uint8_t input[SLHDSA_SHA2_128S_WOTS_BYTES],
|
|
145
|
+
const uint8_t pk_seed[SLHDSA_SHA2_128S_N],
|
|
146
|
+
uint8_t addr[32]) {
|
|
147
|
+
slhdsa_thash(output, input, SLHDSA_SHA2_128S_WOTS_LEN, pk_seed, addr);
|
|
148
|
+
}
|
|
149
|
+
|
|
150
|
+
// Implements H function (Section 4.1, page 11 and Section 11.2, pages 44-46)
|
|
151
|
+
void slhdsa_thash_h(uint8_t output[SLHDSA_SHA2_128S_N],
|
|
152
|
+
const uint8_t input[2 * SLHDSA_SHA2_128S_N],
|
|
153
|
+
const uint8_t pk_seed[SLHDSA_SHA2_128S_N],
|
|
154
|
+
uint8_t addr[32]) {
|
|
155
|
+
slhdsa_thash(output, input, 2, pk_seed, addr);
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
// Implements F function (Section 4.1, page 11 and Section 11.2, pages 44-46)
|
|
159
|
+
void slhdsa_thash_f(uint8_t output[SLHDSA_SHA2_128S_N],
|
|
160
|
+
const uint8_t input[SLHDSA_SHA2_128S_N],
|
|
161
|
+
const uint8_t pk_seed[SLHDSA_SHA2_128S_N],
|
|
162
|
+
uint8_t addr[32]) {
|
|
163
|
+
slhdsa_thash(output, input, 1, pk_seed, addr);
|
|
164
|
+
}
|
|
165
|
+
|
|
166
|
+
// Implements T_k function for FORS public key compression (Section 4.1, page 11
|
|
167
|
+
// and Section 11.2, pages 44-46)
|
|
168
|
+
void slhdsa_thash_tk(
|
|
169
|
+
uint8_t output[SLHDSA_SHA2_128S_N],
|
|
170
|
+
const uint8_t input[SLHDSA_SHA2_128S_FORS_TREES * SLHDSA_SHA2_128S_N],
|
|
171
|
+
const uint8_t pk_seed[SLHDSA_SHA2_128S_N], uint8_t addr[32]) {
|
|
172
|
+
slhdsa_thash(output, input, SLHDSA_SHA2_128S_FORS_TREES, pk_seed, addr);
|
|
173
|
+
}
|