trust_token.c
Go to the documentation of this file.
1 /* Copyright (c) 2019, Google Inc.
2  *
3  * Permission to use, copy, modify, and/or distribute this software for any
4  * purpose with or without fee is hereby granted, provided that the above
5  * copyright notice and this permission notice appear in all copies.
6  *
7  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14 
15 #include <openssl/bytestring.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/mem.h>
19 #include <openssl/sha.h>
20 #include <openssl/trust_token.h>
21 
22 #include "internal.h"
23 
24 
25 // The Trust Token API is described in
26 // https://github.com/WICG/trust-token-api/blob/master/README.md and provides a
27 // protocol for issuing and redeeming tokens built on top of the PMBTokens
28 // construction.
29 
30 const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void) {
31  static const TRUST_TOKEN_METHOD kMethod = {
32  pmbtoken_exp1_generate_key,
33  pmbtoken_exp1_client_key_from_bytes,
34  pmbtoken_exp1_issuer_key_from_bytes,
35  pmbtoken_exp1_blind,
36  pmbtoken_exp1_sign,
37  pmbtoken_exp1_unblind,
38  pmbtoken_exp1_read,
39  1, /* has_private_metadata */
40  3, /* max_keys */
41  1, /* has_srr */
42  };
43  return &kMethod;
44 }
45 
46 const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_voprf(void) {
47  static const TRUST_TOKEN_METHOD kMethod = {
48  voprf_exp2_generate_key,
49  voprf_exp2_client_key_from_bytes,
50  voprf_exp2_issuer_key_from_bytes,
51  voprf_exp2_blind,
52  voprf_exp2_sign,
53  voprf_exp2_unblind,
54  voprf_exp2_read,
55  0, /* has_private_metadata */
56  6, /* max_keys */
57  0, /* has_srr */
58  };
59  return &kMethod;
60 }
61 
62 const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pmb(void) {
63  static const TRUST_TOKEN_METHOD kMethod = {
64  pmbtoken_exp2_generate_key,
65  pmbtoken_exp2_client_key_from_bytes,
66  pmbtoken_exp2_issuer_key_from_bytes,
67  pmbtoken_exp2_blind,
68  pmbtoken_exp2_sign,
69  pmbtoken_exp2_unblind,
70  pmbtoken_exp2_read,
71  1, /* has_private_metadata */
72  3, /* max_keys */
73  0, /* has_srr */
74  };
75  return &kMethod;
76 }
77 
78 void TRUST_TOKEN_PRETOKEN_free(TRUST_TOKEN_PRETOKEN *pretoken) {
79  OPENSSL_free(pretoken);
80 }
81 
82 TRUST_TOKEN *TRUST_TOKEN_new(const uint8_t *data, size_t len) {
83  TRUST_TOKEN *ret = OPENSSL_malloc(sizeof(TRUST_TOKEN));
84  if (ret == NULL) {
85  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
86  return NULL;
87  }
88  OPENSSL_memset(ret, 0, sizeof(TRUST_TOKEN));
89  ret->data = OPENSSL_memdup(data, len);
90  if (len != 0 && ret->data == NULL) {
91  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
92  OPENSSL_free(ret);
93  return NULL;
94  }
95  ret->len = len;
96  return ret;
97 }
98 
99 void TRUST_TOKEN_free(TRUST_TOKEN *token) {
100  if (token == NULL) {
101  return;
102  }
103  OPENSSL_free(token->data);
104  OPENSSL_free(token);
105 }
106 
107 int TRUST_TOKEN_generate_key(const TRUST_TOKEN_METHOD *method,
108  uint8_t *out_priv_key, size_t *out_priv_key_len,
109  size_t max_priv_key_len, uint8_t *out_pub_key,
110  size_t *out_pub_key_len, size_t max_pub_key_len,
111  uint32_t id) {
112  // Prepend the key ID in front of the PMBTokens format.
113  int ret = 0;
114  CBB priv_cbb, pub_cbb;
115  CBB_zero(&priv_cbb);
116  CBB_zero(&pub_cbb);
117  if (!CBB_init_fixed(&priv_cbb, out_priv_key, max_priv_key_len) ||
118  !CBB_init_fixed(&pub_cbb, out_pub_key, max_pub_key_len) ||
119  !CBB_add_u32(&priv_cbb, id) ||
120  !CBB_add_u32(&pub_cbb, id)) {
121  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BUFFER_TOO_SMALL);
122  goto err;
123  }
124 
125  if (!method->generate_key(&priv_cbb, &pub_cbb)) {
126  goto err;
127  }
128 
129  if (!CBB_finish(&priv_cbb, NULL, out_priv_key_len) ||
130  !CBB_finish(&pub_cbb, NULL, out_pub_key_len)) {
131  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BUFFER_TOO_SMALL);
132  goto err;
133  }
134 
135  ret = 1;
136 
137 err:
138  CBB_cleanup(&priv_cbb);
139  CBB_cleanup(&pub_cbb);
140  return ret;
141 }
142 
143 TRUST_TOKEN_CLIENT *TRUST_TOKEN_CLIENT_new(const TRUST_TOKEN_METHOD *method,
144  size_t max_batchsize) {
145  if (max_batchsize > 0xffff) {
146  // The protocol supports only two-byte token counts.
147  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
148  return NULL;
149  }
150 
151  TRUST_TOKEN_CLIENT *ret = OPENSSL_malloc(sizeof(TRUST_TOKEN_CLIENT));
152  if (ret == NULL) {
153  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
154  return NULL;
155  }
156  OPENSSL_memset(ret, 0, sizeof(TRUST_TOKEN_CLIENT));
157  ret->method = method;
158  ret->max_batchsize = (uint16_t)max_batchsize;
159  return ret;
160 }
161 
162 void TRUST_TOKEN_CLIENT_free(TRUST_TOKEN_CLIENT *ctx) {
163  if (ctx == NULL) {
164  return;
165  }
166  EVP_PKEY_free(ctx->srr_key);
167  sk_TRUST_TOKEN_PRETOKEN_pop_free(ctx->pretokens, TRUST_TOKEN_PRETOKEN_free);
168  OPENSSL_free(ctx);
169 }
170 
171 int TRUST_TOKEN_CLIENT_add_key(TRUST_TOKEN_CLIENT *ctx, size_t *out_key_index,
172  const uint8_t *key, size_t key_len) {
173  if (ctx->num_keys == OPENSSL_ARRAY_SIZE(ctx->keys) ||
174  ctx->num_keys >= ctx->method->max_keys) {
175  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_TOO_MANY_KEYS);
176  return 0;
177  }
178 
179  struct trust_token_client_key_st *key_s = &ctx->keys[ctx->num_keys];
180  CBS cbs;
181  CBS_init(&cbs, key, key_len);
182  uint32_t key_id;
183  if (!CBS_get_u32(&cbs, &key_id) ||
184  !ctx->method->client_key_from_bytes(&key_s->key, CBS_data(&cbs),
185  CBS_len(&cbs))) {
186  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
187  return 0;
188  }
189  key_s->id = key_id;
190  *out_key_index = ctx->num_keys;
191  ctx->num_keys += 1;
192  return 1;
193 }
194 
195 int TRUST_TOKEN_CLIENT_set_srr_key(TRUST_TOKEN_CLIENT *ctx, EVP_PKEY *key) {
196  if (!ctx->method->has_srr) {
197  return 1;
198  }
199  EVP_PKEY_free(ctx->srr_key);
200  EVP_PKEY_up_ref(key);
201  ctx->srr_key = key;
202  return 1;
203 }
204 
205 int TRUST_TOKEN_CLIENT_begin_issuance(TRUST_TOKEN_CLIENT *ctx, uint8_t **out,
206  size_t *out_len, size_t count) {
207  if (count > ctx->max_batchsize) {
208  count = ctx->max_batchsize;
209  }
210 
211  int ret = 0;
212  CBB request;
213  STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens = NULL;
214  if (!CBB_init(&request, 0) ||
215  !CBB_add_u16(&request, count)) {
216  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
217  goto err;
218  }
219 
220  pretokens = ctx->method->blind(&request, count);
221  if (pretokens == NULL) {
222  goto err;
223  }
224 
225  if (!CBB_finish(&request, out, out_len)) {
226  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
227  goto err;
228  }
229 
230  sk_TRUST_TOKEN_PRETOKEN_pop_free(ctx->pretokens, TRUST_TOKEN_PRETOKEN_free);
231  ctx->pretokens = pretokens;
232  pretokens = NULL;
233  ret = 1;
234 
235 err:
236  CBB_cleanup(&request);
237  sk_TRUST_TOKEN_PRETOKEN_pop_free(pretokens, TRUST_TOKEN_PRETOKEN_free);
238  return ret;
239 }
240 
241 STACK_OF(TRUST_TOKEN) *
242  TRUST_TOKEN_CLIENT_finish_issuance(TRUST_TOKEN_CLIENT *ctx,
243  size_t *out_key_index,
244  const uint8_t *response,
245  size_t response_len) {
246  CBS in;
247  CBS_init(&in, response, response_len);
248  uint16_t count;
249  uint32_t key_id;
250  if (!CBS_get_u16(&in, &count) ||
251  !CBS_get_u32(&in, &key_id)) {
252  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
253  return NULL;
254  }
255 
256  size_t key_index = 0;
257  const struct trust_token_client_key_st *key = NULL;
258  for (size_t i = 0; i < ctx->num_keys; i++) {
259  if (ctx->keys[i].id == key_id) {
260  key_index = i;
261  key = &ctx->keys[i];
262  break;
263  }
264  }
265 
266  if (key == NULL) {
267  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_KEY_ID);
268  return NULL;
269  }
270 
271  if (count > sk_TRUST_TOKEN_PRETOKEN_num(ctx->pretokens)) {
272  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
273  return NULL;
274  }
275 
276  STACK_OF(TRUST_TOKEN) *tokens =
277  ctx->method->unblind(&key->key, ctx->pretokens, &in, count, key_id);
278  if (tokens == NULL) {
279  return NULL;
280  }
281 
282  if (CBS_len(&in) != 0) {
283  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
284  sk_TRUST_TOKEN_pop_free(tokens, TRUST_TOKEN_free);
285  return NULL;
286  }
287 
288  sk_TRUST_TOKEN_PRETOKEN_pop_free(ctx->pretokens, TRUST_TOKEN_PRETOKEN_free);
289  ctx->pretokens = NULL;
290 
291  *out_key_index = key_index;
292  return tokens;
293 }
294 
295 int TRUST_TOKEN_CLIENT_begin_redemption(TRUST_TOKEN_CLIENT *ctx, uint8_t **out,
296  size_t *out_len,
297  const TRUST_TOKEN *token,
298  const uint8_t *data, size_t data_len,
299  uint64_t time) {
300  CBB request, token_inner, inner;
301  if (!CBB_init(&request, 0) ||
302  !CBB_add_u16_length_prefixed(&request, &token_inner) ||
303  !CBB_add_bytes(&token_inner, token->data, token->len) ||
304  !CBB_add_u16_length_prefixed(&request, &inner) ||
305  !CBB_add_bytes(&inner, data, data_len) ||
306  (ctx->method->has_srr && !CBB_add_u64(&request, time)) ||
307  !CBB_finish(&request, out, out_len)) {
308  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
309  CBB_cleanup(&request);
310  return 0;
311  }
312  return 1;
313 }
314 
315 int TRUST_TOKEN_CLIENT_finish_redemption(TRUST_TOKEN_CLIENT *ctx,
316  uint8_t **out_rr, size_t *out_rr_len,
317  uint8_t **out_sig, size_t *out_sig_len,
318  const uint8_t *response,
319  size_t response_len) {
320  CBS in, srr, sig;
321  CBS_init(&in, response, response_len);
322  if (!ctx->method->has_srr) {
323  if (!CBS_stow(&in, out_rr, out_rr_len)) {
324  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
325  return 0;
326  }
327 
328  *out_sig = NULL;
329  *out_sig_len = 0;
330  return 1;
331  }
332 
333  if (!CBS_get_u16_length_prefixed(&in, &srr) ||
334  !CBS_get_u16_length_prefixed(&in, &sig) ||
335  CBS_len(&in) != 0) {
336  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_ERROR);
337  return 0;
338  }
339 
340  if (ctx->srr_key == NULL) {
341  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_NO_SRR_KEY_CONFIGURED);
342  return 0;
343  }
344 
345  EVP_MD_CTX md_ctx;
346  EVP_MD_CTX_init(&md_ctx);
347  int sig_ok = EVP_DigestVerifyInit(&md_ctx, NULL, NULL, NULL, ctx->srr_key) &&
348  EVP_DigestVerify(&md_ctx, CBS_data(&sig), CBS_len(&sig),
349  CBS_data(&srr), CBS_len(&srr));
350  EVP_MD_CTX_cleanup(&md_ctx);
351 
352  if (!sig_ok) {
353  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_SRR_SIGNATURE_ERROR);
354  return 0;
355  }
356 
357  uint8_t *srr_buf = NULL, *sig_buf = NULL;
358  size_t srr_len, sig_len;
359  if (!CBS_stow(&srr, &srr_buf, &srr_len) ||
360  !CBS_stow(&sig, &sig_buf, &sig_len)) {
361  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
362  OPENSSL_free(srr_buf);
363  OPENSSL_free(sig_buf);
364  return 0;
365  }
366 
367  *out_rr = srr_buf;
368  *out_rr_len = srr_len;
369  *out_sig = sig_buf;
370  *out_sig_len = sig_len;
371  return 1;
372 }
373 
374 TRUST_TOKEN_ISSUER *TRUST_TOKEN_ISSUER_new(const TRUST_TOKEN_METHOD *method,
375  size_t max_batchsize) {
376  if (max_batchsize > 0xffff) {
377  // The protocol supports only two-byte token counts.
378  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
379  return NULL;
380  }
381 
382  TRUST_TOKEN_ISSUER *ret = OPENSSL_malloc(sizeof(TRUST_TOKEN_ISSUER));
383  if (ret == NULL) {
384  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
385  return NULL;
386  }
387  OPENSSL_memset(ret, 0, sizeof(TRUST_TOKEN_ISSUER));
388  ret->method = method;
389  ret->max_batchsize = (uint16_t)max_batchsize;
390  return ret;
391 }
392 
393 void TRUST_TOKEN_ISSUER_free(TRUST_TOKEN_ISSUER *ctx) {
394  if (ctx == NULL) {
395  return;
396  }
397  EVP_PKEY_free(ctx->srr_key);
398  OPENSSL_free(ctx->metadata_key);
399  OPENSSL_free(ctx);
400 }
401 
402 int TRUST_TOKEN_ISSUER_add_key(TRUST_TOKEN_ISSUER *ctx, const uint8_t *key,
403  size_t key_len) {
404  if (ctx->num_keys == OPENSSL_ARRAY_SIZE(ctx->keys) ||
405  ctx->num_keys >= ctx->method->max_keys) {
406  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_TOO_MANY_KEYS);
407  return 0;
408  }
409 
410  struct trust_token_issuer_key_st *key_s = &ctx->keys[ctx->num_keys];
411  CBS cbs;
412  CBS_init(&cbs, key, key_len);
413  uint32_t key_id;
414  if (!CBS_get_u32(&cbs, &key_id) ||
415  !ctx->method->issuer_key_from_bytes(&key_s->key, CBS_data(&cbs),
416  CBS_len(&cbs))) {
417  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
418  return 0;
419  }
420 
421  key_s->id = key_id;
422  ctx->num_keys += 1;
423  return 1;
424 }
425 
426 int TRUST_TOKEN_ISSUER_set_srr_key(TRUST_TOKEN_ISSUER *ctx, EVP_PKEY *key) {
427  EVP_PKEY_free(ctx->srr_key);
428  EVP_PKEY_up_ref(key);
429  ctx->srr_key = key;
430  return 1;
431 }
432 
433 int TRUST_TOKEN_ISSUER_set_metadata_key(TRUST_TOKEN_ISSUER *ctx,
434  const uint8_t *key, size_t len) {
435  if (len < 32) {
436  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_METADATA_KEY);
437  }
438  OPENSSL_free(ctx->metadata_key);
439  ctx->metadata_key_len = 0;
440  ctx->metadata_key = OPENSSL_memdup(key, len);
441  if (ctx->metadata_key == NULL) {
442  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
443  return 0;
444  }
445  ctx->metadata_key_len = len;
446  return 1;
447 }
448 
449 static const struct trust_token_issuer_key_st *trust_token_issuer_get_key(
450  const TRUST_TOKEN_ISSUER *ctx, uint32_t key_id) {
451  for (size_t i = 0; i < ctx->num_keys; i++) {
452  if (ctx->keys[i].id == key_id) {
453  return &ctx->keys[i];
454  }
455  }
456  return NULL;
457 }
458 
459 int TRUST_TOKEN_ISSUER_issue(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out,
460  size_t *out_len, size_t *out_tokens_issued,
461  const uint8_t *request, size_t request_len,
462  uint32_t public_metadata, uint8_t private_metadata,
463  size_t max_issuance) {
464  if (max_issuance > ctx->max_batchsize) {
465  max_issuance = ctx->max_batchsize;
466  }
467 
468  const struct trust_token_issuer_key_st *key =
469  trust_token_issuer_get_key(ctx, public_metadata);
470  if (key == NULL || private_metadata > 1 ||
471  (!ctx->method->has_private_metadata && private_metadata != 0)) {
472  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_METADATA);
473  return 0;
474  }
475 
476  CBS in;
477  uint16_t num_requested;
478  CBS_init(&in, request, request_len);
479  if (!CBS_get_u16(&in, &num_requested)) {
480  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
481  return 0;
482  }
483 
484  size_t num_to_issue = num_requested;
485  if (num_to_issue > max_issuance) {
486  num_to_issue = max_issuance;
487  }
488 
489  int ret = 0;
490  CBB response;
491  if (!CBB_init(&response, 0) ||
492  !CBB_add_u16(&response, num_to_issue) ||
493  !CBB_add_u32(&response, public_metadata)) {
494  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
495  goto err;
496  }
497 
498  if (!ctx->method->sign(&key->key, &response, &in, num_requested, num_to_issue,
499  private_metadata)) {
500  goto err;
501  }
502 
503  if (CBS_len(&in) != 0) {
504  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
505  goto err;
506  }
507 
508  if (!CBB_finish(&response, out, out_len)) {
509  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
510  goto err;
511  }
512 
513  *out_tokens_issued = num_to_issue;
514  ret = 1;
515 
516 err:
517  CBB_cleanup(&response);
518  return ret;
519 }
520 
521 
522 int TRUST_TOKEN_ISSUER_redeem_raw(const TRUST_TOKEN_ISSUER *ctx,
523  uint32_t *out_public, uint8_t *out_private,
524  TRUST_TOKEN **out_token,
525  uint8_t **out_client_data,
526  size_t *out_client_data_len,
527  const uint8_t *request, size_t request_len) {
528  CBS request_cbs, token_cbs;
529  CBS_init(&request_cbs, request, request_len);
530  if (!CBS_get_u16_length_prefixed(&request_cbs, &token_cbs)) {
531  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_ERROR);
532  return 0;
533  }
534 
535  uint32_t public_metadata = 0;
536  uint8_t private_metadata = 0;
537 
538  // Parse the token. If there is an error, treat it as an invalid token.
539  if (!CBS_get_u32(&token_cbs, &public_metadata)) {
540  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN);
541  return 0;
542  }
543 
544  const struct trust_token_issuer_key_st *key =
545  trust_token_issuer_get_key(ctx, public_metadata);
546  uint8_t nonce[TRUST_TOKEN_NONCE_SIZE];
547  if (key == NULL ||
548  !ctx->method->read(&key->key, nonce, &private_metadata,
549  CBS_data(&token_cbs), CBS_len(&token_cbs))) {
550  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN);
551  return 0;
552  }
553 
554  CBS client_data;
555  if (!CBS_get_u16_length_prefixed(&request_cbs, &client_data) ||
556  (ctx->method->has_srr && !CBS_skip(&request_cbs, 8)) ||
557  CBS_len(&request_cbs) != 0) {
558  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_ERROR);
559  return 0;
560  }
561 
562  uint8_t *client_data_buf = NULL;
563  size_t client_data_len = 0;
564  if (!CBS_stow(&client_data, &client_data_buf, &client_data_len)) {
565  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
566  goto err;
567  }
568 
569  TRUST_TOKEN *token = TRUST_TOKEN_new(nonce, TRUST_TOKEN_NONCE_SIZE);
570  if (token == NULL) {
571  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
572  goto err;
573  }
574  *out_public = public_metadata;
575  *out_private = private_metadata;
576  *out_token = token;
577  *out_client_data = client_data_buf;
578  *out_client_data_len = client_data_len;
579 
580  return 1;
581 
582 err:
583  OPENSSL_free(client_data_buf);
584  return 0;
585 }
586 
587 // https://tools.ietf.org/html/rfc7049#section-2.1
588 static int add_cbor_int_with_type(CBB *cbb, uint8_t major_type,
589  uint64_t value) {
590  if (value <= 23) {
591  return CBB_add_u8(cbb, value | major_type);
592  }
593  if (value <= 0xff) {
594  return CBB_add_u8(cbb, 0x18 | major_type) && CBB_add_u8(cbb, value);
595  }
596  if (value <= 0xffff) {
597  return CBB_add_u8(cbb, 0x19 | major_type) && CBB_add_u16(cbb, value);
598  }
599  if (value <= 0xffffffff) {
600  return CBB_add_u8(cbb, 0x1a | major_type) && CBB_add_u32(cbb, value);
601  }
602  if (value <= 0xffffffffffffffff) {
603  return CBB_add_u8(cbb, 0x1b | major_type) && CBB_add_u64(cbb, value);
604  }
605 
606  return 0;
607 }
608 
609 // https://tools.ietf.org/html/rfc7049#section-2.1
610 static int add_cbor_int(CBB *cbb, uint64_t value) {
611  return add_cbor_int_with_type(cbb, 0, value);
612 }
613 
614 // https://tools.ietf.org/html/rfc7049#section-2.1
615 static int add_cbor_bytes(CBB *cbb, const uint8_t *data, size_t len) {
616  return add_cbor_int_with_type(cbb, 0x40, len) &&
617  CBB_add_bytes(cbb, data, len);
618 }
619 
620 // https://tools.ietf.org/html/rfc7049#section-2.1
621 static int add_cbor_text(CBB *cbb, const char *data, size_t len) {
622  return add_cbor_int_with_type(cbb, 0x60, len) &&
623  CBB_add_bytes(cbb, (const uint8_t *)data, len);
624 }
625 
626 // https://tools.ietf.org/html/rfc7049#section-2.1
627 static int add_cbor_map(CBB *cbb, uint8_t size) {
628  return add_cbor_int_with_type(cbb, 0xa0, size);
629 }
630 
631 static uint8_t get_metadata_obfuscator(const uint8_t *key, size_t key_len,
632  const uint8_t *client_data,
633  size_t client_data_len) {
634  uint8_t metadata_obfuscator[SHA256_DIGEST_LENGTH];
635  SHA256_CTX sha_ctx;
636  SHA256_Init(&sha_ctx);
637  SHA256_Update(&sha_ctx, key, key_len);
638  SHA256_Update(&sha_ctx, client_data, client_data_len);
639  SHA256_Final(metadata_obfuscator, &sha_ctx);
640  return metadata_obfuscator[0] >> 7;
641 }
642 
643 int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out,
644  size_t *out_len, TRUST_TOKEN **out_token,
645  uint8_t **out_client_data,
646  size_t *out_client_data_len,
647  uint64_t *out_redemption_time,
648  const uint8_t *request, size_t request_len,
649  uint64_t lifetime) {
650  CBS request_cbs, token_cbs;
651  CBS_init(&request_cbs, request, request_len);
652  if (!CBS_get_u16_length_prefixed(&request_cbs, &token_cbs)) {
653  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_ERROR);
654  return 0;
655  }
656 
657  uint32_t public_metadata = 0;
658  uint8_t private_metadata = 0;
659 
660  CBS token_copy = token_cbs;
661 
662  // Parse the token. If there is an error, treat it as an invalid token.
663  if (!CBS_get_u32(&token_cbs, &public_metadata)) {
664  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN);
665  return 0;
666  }
667 
668  const struct trust_token_issuer_key_st *key =
669  trust_token_issuer_get_key(ctx, public_metadata);
670  uint8_t nonce[TRUST_TOKEN_NONCE_SIZE];
671  if (key == NULL ||
672  !ctx->method->read(&key->key, nonce, &private_metadata,
673  CBS_data(&token_cbs), CBS_len(&token_cbs))) {
674  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN);
675  return 0;
676  }
677 
678  int ok = 0;
679  CBB response, srr;
680  uint8_t *srr_buf = NULL, *sig_buf = NULL, *client_data_buf = NULL;
681  size_t srr_len = 0, sig_len = 0, client_data_len = 0;
682  EVP_MD_CTX md_ctx;
683  EVP_MD_CTX_init(&md_ctx);
684  CBB_zero(&srr);
685  if (!CBB_init(&response, 0)) {
686  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
687  goto err;
688  }
689 
690  CBS client_data;
691  uint64_t redemption_time = 0;
692  if (!CBS_get_u16_length_prefixed(&request_cbs, &client_data) ||
693  (ctx->method->has_srr && !CBS_get_u64(&request_cbs, &redemption_time))) {
694  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_ERROR);
695  goto err;
696  }
697 
698  const uint8_t kTokenHashDSTLabel[] = "TrustTokenV0 TokenHash";
699  uint8_t token_hash[SHA256_DIGEST_LENGTH];
700  SHA256_CTX sha_ctx;
701  SHA256_Init(&sha_ctx);
702  SHA256_Update(&sha_ctx, kTokenHashDSTLabel, sizeof(kTokenHashDSTLabel));
703  SHA256_Update(&sha_ctx, CBS_data(&token_copy), CBS_len(&token_copy));
704  SHA256_Final(token_hash, &sha_ctx);
705 
706  uint8_t metadata_obfuscator = get_metadata_obfuscator(
707  ctx->metadata_key, ctx->metadata_key_len, token_hash, sizeof(token_hash));
708 
709  // The SRR is constructed as per the format described in
710  // https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit#heading=h.7mkzvhpqb8l5
711 
712  // The V2 protocol is intended to be used with
713  // |TRUST_TOKEN_ISSUER_redeem_raw|. However, we temporarily support it with
714  // |TRUST_TOKEN_ISSUER_redeem| to ease the transition for existing issuer
715  // callers. Those callers' consumers currently expect an expiry-timestamp
716  // field, so we fill in a placeholder value.
717  //
718  // TODO(svaldez): After the existing issues have migrated to
719  // |TRUST_TOKEN_ISSUER_redeem_raw| remove this logic.
720  uint64_t expiry_time = 0;
721  if (ctx->method->has_srr) {
722  expiry_time = redemption_time + lifetime;
723  }
724 
725  static const char kClientDataLabel[] = "client-data";
726  static const char kExpiryTimestampLabel[] = "expiry-timestamp";
727  static const char kMetadataLabel[] = "metadata";
728  static const char kPrivateLabel[] = "private";
729  static const char kPublicLabel[] = "public";
730  static const char kTokenHashLabel[] = "token-hash";
731 
732  // CBOR requires map keys to be sorted by length then sorted lexically.
733  // https://tools.ietf.org/html/rfc7049#section-3.9
734  assert(strlen(kMetadataLabel) < strlen(kTokenHashLabel));
735  assert(strlen(kTokenHashLabel) < strlen(kClientDataLabel));
736  assert(strlen(kClientDataLabel) < strlen(kExpiryTimestampLabel));
737  assert(strlen(kPublicLabel) < strlen(kPrivateLabel));
738 
739  size_t map_entries = 4;
740 
741  if (!CBB_init(&srr, 0) ||
742  !add_cbor_map(&srr, map_entries) || // SRR map
743  !add_cbor_text(&srr, kMetadataLabel, strlen(kMetadataLabel)) ||
744  !add_cbor_map(&srr, 2) || // Metadata map
745  !add_cbor_text(&srr, kPublicLabel, strlen(kPublicLabel)) ||
746  !add_cbor_int(&srr, public_metadata) ||
747  !add_cbor_text(&srr, kPrivateLabel, strlen(kPrivateLabel)) ||
748  !add_cbor_int(&srr, private_metadata ^ metadata_obfuscator) ||
749  !add_cbor_text(&srr, kTokenHashLabel, strlen(kTokenHashLabel)) ||
750  !add_cbor_bytes(&srr, token_hash, sizeof(token_hash)) ||
751  !add_cbor_text(&srr, kClientDataLabel, strlen(kClientDataLabel)) ||
752  !CBB_add_bytes(&srr, CBS_data(&client_data), CBS_len(&client_data)) ||
753  !add_cbor_text(&srr, kExpiryTimestampLabel,
754  strlen(kExpiryTimestampLabel)) ||
755  !add_cbor_int(&srr, expiry_time) ||
756  !CBB_finish(&srr, &srr_buf, &srr_len)) {
757  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
758  goto err;
759  }
760 
761  if (!EVP_DigestSignInit(&md_ctx, NULL, NULL, NULL, ctx->srr_key) ||
762  !EVP_DigestSign(&md_ctx, NULL, &sig_len, srr_buf, srr_len)) {
763  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_SRR_SIGNATURE_ERROR);
764  goto err;
765  }
766 
767  // Merge SRR and Signature into single string.
768  // TODO(svaldez): Expose API to construct this from the caller.
769  if (!ctx->method->has_srr) {
770  static const char kSRRHeader[] = "body=:";
771  static const char kSRRSplit[] = ":, signature=:";
772  static const char kSRREnd[] = ":";
773 
774  size_t srr_b64_len, sig_b64_len;
775  if (!EVP_EncodedLength(&srr_b64_len, srr_len) ||
776  !EVP_EncodedLength(&sig_b64_len, sig_len)) {
777  goto err;
778  }
779 
780  sig_buf = OPENSSL_malloc(sig_len);
781  uint8_t *srr_b64_buf = OPENSSL_malloc(srr_b64_len);
782  uint8_t *sig_b64_buf = OPENSSL_malloc(sig_b64_len);
783  if (!sig_buf ||
784  !srr_b64_buf ||
785  !sig_b64_buf ||
786  !EVP_DigestSign(&md_ctx, sig_buf, &sig_len, srr_buf, srr_len) ||
787  !CBB_add_bytes(&response, (const uint8_t *)kSRRHeader,
788  strlen(kSRRHeader)) ||
789  !CBB_add_bytes(&response, srr_b64_buf,
790  EVP_EncodeBlock(srr_b64_buf, srr_buf, srr_len)) ||
791  !CBB_add_bytes(&response, (const uint8_t *)kSRRSplit,
792  strlen(kSRRSplit)) ||
793  !CBB_add_bytes(&response, sig_b64_buf,
794  EVP_EncodeBlock(sig_b64_buf, sig_buf, sig_len)) ||
795  !CBB_add_bytes(&response, (const uint8_t *)kSRREnd, strlen(kSRREnd))) {
796  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
797  OPENSSL_free(srr_b64_buf);
798  OPENSSL_free(sig_b64_buf);
799  goto err;
800  }
801 
802  OPENSSL_free(srr_b64_buf);
803  OPENSSL_free(sig_b64_buf);
804  } else {
805  CBB child;
806  uint8_t *ptr;
807  if (!CBB_add_u16_length_prefixed(&response, &child) ||
808  !CBB_add_bytes(&child, srr_buf, srr_len) ||
809  !CBB_add_u16_length_prefixed(&response, &child) ||
810  !CBB_reserve(&child, &ptr, sig_len) ||
811  !EVP_DigestSign(&md_ctx, ptr, &sig_len, srr_buf, srr_len) ||
812  !CBB_did_write(&child, sig_len) ||
813  !CBB_flush(&response)) {
814  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
815  goto err;
816  }
817  }
818 
819  if (!CBS_stow(&client_data, &client_data_buf, &client_data_len) ||
820  !CBB_finish(&response, out, out_len)) {
821  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
822  goto err;
823  }
824 
825  TRUST_TOKEN *token = TRUST_TOKEN_new(nonce, TRUST_TOKEN_NONCE_SIZE);
826  if (token == NULL) {
827  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
828  goto err;
829  }
830  *out_token = token;
831  *out_client_data = client_data_buf;
832  *out_client_data_len = client_data_len;
833  *out_redemption_time = redemption_time;
834 
835  ok = 1;
836 
837 err:
838  CBB_cleanup(&response);
839  CBB_cleanup(&srr);
840  OPENSSL_free(srr_buf);
841  OPENSSL_free(sig_buf);
842  EVP_MD_CTX_cleanup(&md_ctx);
843  if (!ok) {
844  OPENSSL_free(client_data_buf);
845  }
846  return ok;
847 }
848 
849 int TRUST_TOKEN_decode_private_metadata(const TRUST_TOKEN_METHOD *method,
850  uint8_t *out_value, const uint8_t *key,
851  size_t key_len, const uint8_t *nonce,
852  size_t nonce_len,
853  uint8_t encrypted_bit) {
854  uint8_t metadata_obfuscator =
855  get_metadata_obfuscator(key, key_len, nonce, nonce_len);
856  *out_value = encrypted_bit ^ metadata_obfuscator;
857  return 1;
858 }
TRUST_TOKEN_new
TRUST_TOKEN * TRUST_TOKEN_new(const uint8_t *data, size_t len)
Definition: trust_token.c:82
ptr
char * ptr
Definition: abseil-cpp/absl/base/internal/low_level_alloc_test.cc:45
CBB_flush
#define CBB_flush
Definition: boringssl_prefix_symbols.h:1045
TRUST_TOKEN_CLIENT_begin_redemption
int TRUST_TOKEN_CLIENT_begin_redemption(TRUST_TOKEN_CLIENT *ctx, uint8_t **out, size_t *out_len, const TRUST_TOKEN *token, const uint8_t *data, size_t data_len, uint64_t time)
Definition: trust_token.c:295
TRUST_TOKEN_NONCE_SIZE
#define TRUST_TOKEN_NONCE_SIZE
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:46
EVP_DigestSignInit
#define EVP_DigestSignInit
Definition: boringssl_prefix_symbols.h:1514
CBB_init
#define CBB_init
Definition: boringssl_prefix_symbols.h:1047
gen_build_yaml.out
dictionary out
Definition: src/benchmark/gen_build_yaml.py:24
CBS_get_u16
#define CBS_get_u16
Definition: boringssl_prefix_symbols.h:1073
EVP_DigestVerifyInit
#define EVP_DigestVerifyInit
Definition: boringssl_prefix_symbols.h:1519
cbs_st
Definition: bytestring.h:39
ctx
Definition: benchmark-async.c:30
CBB_cleanup
#define CBB_cleanup
Definition: boringssl_prefix_symbols.h:1039
CBS_skip
#define CBS_skip
Definition: boringssl_prefix_symbols.h:1092
TRUST_TOKEN_R_TOO_MANY_KEYS
#define TRUST_TOKEN_R_TOO_MANY_KEYS
Definition: trust_token.h:301
pmbtoken_exp2_blind
#define pmbtoken_exp2_blind
Definition: boringssl_prefix_symbols.h:3337
TRUST_TOKEN_CLIENT_add_key
int TRUST_TOKEN_CLIENT_add_key(TRUST_TOKEN_CLIENT *ctx, size_t *out_key_index, const uint8_t *key, size_t key_len)
Definition: trust_token.c:171
CBB_zero
#define CBB_zero
Definition: boringssl_prefix_symbols.h:1051
evp.h
CBS_data
#define CBS_data
Definition: boringssl_prefix_symbols.h:1057
EVP_EncodedLength
#define EVP_EncodedLength
Definition: boringssl_prefix_symbols.h:1527
uint16_t
unsigned short uint16_t
Definition: stdint-msvc2008.h:79
pmbtoken_exp2_sign
#define pmbtoken_exp2_sign
Definition: boringssl_prefix_symbols.h:3343
voprf_exp2_blind
#define voprf_exp2_blind
Definition: boringssl_prefix_symbols.h:3425
OPENSSL_PUT_ERROR
#define OPENSSL_PUT_ERROR(library, reason)
Definition: err.h:423
pmbtoken_exp2_unblind
#define pmbtoken_exp2_unblind
Definition: boringssl_prefix_symbols.h:3344
OPENSSL_ARRAY_SIZE
#define OPENSSL_ARRAY_SIZE(array)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:179
CBS_get_u32
#define CBS_get_u32
Definition: boringssl_prefix_symbols.h:1078
CBB_add_u16_length_prefixed
#define CBB_add_u16_length_prefixed
Definition: boringssl_prefix_symbols.h:1028
benchmark.request
request
Definition: benchmark.py:77
CBB_add_u8
#define CBB_add_u8
Definition: boringssl_prefix_symbols.h:1036
TRUST_TOKEN_PRETOKEN_free
void TRUST_TOKEN_PRETOKEN_free(TRUST_TOKEN_PRETOKEN *pretoken)
Definition: trust_token.c:78
TRUST_TOKEN_ISSUER_set_metadata_key
int TRUST_TOKEN_ISSUER_set_metadata_key(TRUST_TOKEN_ISSUER *ctx, const uint8_t *key, size_t len)
Definition: trust_token.c:433
trust_token_client_key_st::id
uint32_t id
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:248
error_ref_leak.err
err
Definition: error_ref_leak.py:35
pmbtoken_exp2_generate_key
#define pmbtoken_exp2_generate_key
Definition: boringssl_prefix_symbols.h:3339
CBS_len
#define CBS_len
Definition: boringssl_prefix_symbols.h:1089
TRUST_TOKEN_ISSUER_redeem_raw
int TRUST_TOKEN_ISSUER_redeem_raw(const TRUST_TOKEN_ISSUER *ctx, uint32_t *out_public, uint8_t *out_private, TRUST_TOKEN **out_token, uint8_t **out_client_data, size_t *out_client_data_len, const uint8_t *request, size_t request_len)
Definition: trust_token.c:522
TRUST_TOKEN_R_INVALID_TOKEN
#define TRUST_TOKEN_R_INVALID_TOKEN
Definition: trust_token.h:304
pmbtoken_exp2_client_key_from_bytes
#define pmbtoken_exp2_client_key_from_bytes
Definition: boringssl_prefix_symbols.h:3338
cbs
const CBS * cbs
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:107
TRUST_TOKEN_free
void TRUST_TOKEN_free(TRUST_TOKEN *token)
Definition: trust_token.c:99
voprf_exp2_issuer_key_from_bytes
#define voprf_exp2_issuer_key_from_bytes
Definition: boringssl_prefix_symbols.h:3428
add_cbor_int
static int add_cbor_int(CBB *cbb, uint64_t value)
Definition: trust_token.c:610
CBS_init
#define CBS_init
Definition: boringssl_prefix_symbols.h:1085
uint8_t
unsigned char uint8_t
Definition: stdint-msvc2008.h:78
TRUST_TOKEN_R_INVALID_METADATA
#define TRUST_TOKEN_R_INVALID_METADATA
Definition: trust_token.h:300
OPENSSL_memset
static void * OPENSSL_memset(void *dst, int c, size_t n)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:835
add_cbor_bytes
static int add_cbor_bytes(CBB *cbb, const uint8_t *data, size_t len)
Definition: trust_token.c:615
trust_token_issuer_key_st::id
uint32_t id
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:255
TRUST_TOKEN_generate_key
int TRUST_TOKEN_generate_key(const TRUST_TOKEN_METHOD *method, uint8_t *out_priv_key, size_t *out_priv_key_len, size_t max_priv_key_len, uint8_t *out_pub_key, size_t *out_pub_key_len, size_t max_pub_key_len, uint32_t id)
Definition: trust_token.c:107
env_md_ctx_st
Definition: digest.h:306
voprf_exp2_read
#define voprf_exp2_read
Definition: boringssl_prefix_symbols.h:3429
CBB_reserve
#define CBB_reserve
Definition: boringssl_prefix_symbols.h:1050
uint32_t
unsigned int uint32_t
Definition: stdint-msvc2008.h:80
OPENSSL_malloc
#define OPENSSL_malloc
Definition: boringssl_prefix_symbols.h:1885
TRUST_TOKEN_CLIENT_finish_redemption
int TRUST_TOKEN_CLIENT_finish_redemption(TRUST_TOKEN_CLIENT *ctx, uint8_t **out_rr, size_t *out_rr_len, uint8_t **out_sig, size_t *out_sig_len, const uint8_t *response, size_t response_len)
Definition: trust_token.c:315
CBB_did_write
#define CBB_did_write
Definition: boringssl_prefix_symbols.h:1041
bytestring.h
trust_token_client_key_st
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:247
trust_token_client_key_st::key
TRUST_TOKEN_CLIENT_KEY key
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:249
in
const char * in
Definition: third_party/abseil-cpp/absl/strings/internal/str_format/parser_test.cc:391
TRUST_TOKEN_CLIENT_free
void TRUST_TOKEN_CLIENT_free(TRUST_TOKEN_CLIENT *ctx)
Definition: trust_token.c:162
CBB_add_u16
#define CBB_add_u16
Definition: boringssl_prefix_symbols.h:1027
voprf_exp2_sign
#define voprf_exp2_sign
Definition: boringssl_prefix_symbols.h:3430
evp_pkey_st
Definition: evp.h:1046
pmbtoken_exp1_blind
#define pmbtoken_exp1_blind
Definition: boringssl_prefix_symbols.h:3329
trust_token.h
pmbtoken_exp1_issuer_key_from_bytes
#define pmbtoken_exp1_issuer_key_from_bytes
Definition: boringssl_prefix_symbols.h:3333
CBB_add_u64
#define CBB_add_u64
Definition: boringssl_prefix_symbols.h:1034
TRUST_TOKEN_R_DECODE_FAILURE
#define TRUST_TOKEN_R_DECODE_FAILURE
Definition: trust_token.h:299
CBB_finish
#define CBB_finish
Definition: boringssl_prefix_symbols.h:1043
trust_token_issuer_key_st::key
TRUST_TOKEN_ISSUER_KEY key
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:256
voprf_exp2_generate_key
#define voprf_exp2_generate_key
Definition: boringssl_prefix_symbols.h:3427
CBS_get_u64
#define CBS_get_u64
Definition: boringssl_prefix_symbols.h:1080
key_id
const CBS size_t uint32_t key_id
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:107
sha.h
voprf_exp2_client_key_from_bytes
#define voprf_exp2_client_key_from_bytes
Definition: boringssl_prefix_symbols.h:3426
TRUST_TOKEN_CLIENT_begin_issuance
int TRUST_TOKEN_CLIENT_begin_issuance(TRUST_TOKEN_CLIENT *ctx, uint8_t **out, size_t *out_len, size_t count)
Definition: trust_token.c:205
uint64_t
unsigned __int64 uint64_t
Definition: stdint-msvc2008.h:90
EVP_PKEY_free
#define EVP_PKEY_free
Definition: boringssl_prefix_symbols.h:1625
trust_token_st::len
size_t len
Definition: trust_token.h:56
pmbtoken_exp2_read
#define pmbtoken_exp2_read
Definition: boringssl_prefix_symbols.h:3342
err.h
pmbtoken_exp1_sign
#define pmbtoken_exp1_sign
Definition: boringssl_prefix_symbols.h:3335
TRUST_TOKEN_R_INVALID_METADATA_KEY
#define TRUST_TOKEN_R_INVALID_METADATA_KEY
Definition: trust_token.h:307
EVP_MD_CTX_init
#define EVP_MD_CTX_init
Definition: boringssl_prefix_symbols.h:1567
get_metadata_obfuscator
static uint8_t get_metadata_obfuscator(const uint8_t *key, size_t key_len, const uint8_t *client_data, size_t client_data_len)
Definition: trust_token.c:631
trust_token_issuer_key_st
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:254
googletest-filter-unittest.child
child
Definition: bloaty/third_party/googletest/googletest/test/googletest-filter-unittest.py:62
TRUST_TOKEN_experiment_v1
const TRUST_TOKEN_METHOD * TRUST_TOKEN_experiment_v1(void)
Definition: trust_token.c:30
CBB_add_u32
#define CBB_add_u32
Definition: boringssl_prefix_symbols.h:1032
TRUST_TOKEN_R_NO_SRR_KEY_CONFIGURED
#define TRUST_TOKEN_R_NO_SRR_KEY_CONFIGURED
Definition: trust_token.h:306
data
char data[kBufferLength]
Definition: abseil-cpp/absl/strings/internal/str_format/float_conversion.cc:1006
response_len
OPENSSL_EXPORT size_t const uint8_t size_t response_len
Definition: trust_token.h:142
trust_token_st
Definition: trust_token.h:54
pmb_pretoken_st
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:73
trust_token_issuer_st
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:280
EVP_DigestSign
#define EVP_DigestSign
Definition: boringssl_prefix_symbols.h:1512
TRUST_TOKEN_CLIENT_new
TRUST_TOKEN_CLIENT * TRUST_TOKEN_CLIENT_new(const TRUST_TOKEN_METHOD *method, size_t max_batchsize)
Definition: trust_token.c:143
pmbtoken_exp1_unblind
#define pmbtoken_exp1_unblind
Definition: boringssl_prefix_symbols.h:3336
TRUST_TOKEN_ISSUER_free
void TRUST_TOKEN_ISSUER_free(TRUST_TOKEN_ISSUER *ctx)
Definition: trust_token.c:393
ERR_R_OVERFLOW
#define ERR_R_OVERFLOW
Definition: err.h:375
trust_token_client_st
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:259
EVP_EncodeBlock
#define EVP_EncodeBlock
Definition: boringssl_prefix_symbols.h:1523
value
const char * value
Definition: hpack_parser_table.cc:165
CBS_stow
#define CBS_stow
Definition: boringssl_prefix_symbols.h:1093
EVP_DigestVerify
#define EVP_DigestVerify
Definition: boringssl_prefix_symbols.h:1517
TRUST_TOKEN_ISSUER_issue
int TRUST_TOKEN_ISSUER_issue(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, size_t *out_len, size_t *out_tokens_issued, const uint8_t *request, size_t request_len, uint32_t public_metadata, uint8_t private_metadata, size_t max_issuance)
Definition: trust_token.c:459
CBB_add_bytes
#define CBB_add_bytes
Definition: boringssl_prefix_symbols.h:1025
sha256_state_st
Definition: sha.h:189
key
const char * key
Definition: hpack_parser_table.cc:164
EVP_PKEY_up_ref
#define EVP_PKEY_up_ref
Definition: boringssl_prefix_symbols.h:1660
pmbtoken_exp1_read
#define pmbtoken_exp1_read
Definition: boringssl_prefix_symbols.h:3334
count
int * count
Definition: bloaty/third_party/googletest/googlemock/test/gmock_stress_test.cc:96
pmbtoken_exp2_issuer_key_from_bytes
#define pmbtoken_exp2_issuer_key_from_bytes
Definition: boringssl_prefix_symbols.h:3341
TRUST_TOKEN_R_INVALID_KEY_ID
#define TRUST_TOKEN_R_INVALID_KEY_ID
Definition: trust_token.h:303
SHA256_Init
#define SHA256_Init
Definition: boringssl_prefix_symbols.h:2156
internal.h
add_cbor_text
static int add_cbor_text(CBB *cbb, const char *data, size_t len)
Definition: trust_token.c:621
ret
UniquePtr< SSL_SESSION > ret
Definition: ssl_x509.cc:1029
STACK_OF
STACK_OF(TRUST_TOKEN)
Definition: trust_token.c:241
OPENSSL_memdup
#define OPENSSL_memdup
Definition: boringssl_prefix_symbols.h:1887
CBS_get_u16_length_prefixed
#define CBS_get_u16_length_prefixed
Definition: boringssl_prefix_symbols.h:1074
SHA256_DIGEST_LENGTH
#define SHA256_DIGEST_LENGTH
Definition: sha.h:155
add_cbor_map
static int add_cbor_map(CBB *cbb, uint8_t size)
Definition: trust_token.c:627
asyncio_get_stats.response
response
Definition: asyncio_get_stats.py:28
TRUST_TOKEN_experiment_v2_voprf
const TRUST_TOKEN_METHOD * TRUST_TOKEN_experiment_v2_voprf(void)
Definition: trust_token.c:46
TRUST_TOKEN_ISSUER_add_key
int TRUST_TOKEN_ISSUER_add_key(TRUST_TOKEN_ISSUER *ctx, const uint8_t *key, size_t key_len)
Definition: trust_token.c:402
TRUST_TOKEN_decode_private_metadata
int TRUST_TOKEN_decode_private_metadata(const TRUST_TOKEN_METHOD *method, uint8_t *out_value, const uint8_t *key, size_t key_len, const uint8_t *nonce, size_t nonce_len, uint8_t encrypted_bit)
Definition: trust_token.c:849
ok
bool ok
Definition: async_end2end_test.cc:197
TRUST_TOKEN_R_BUFFER_TOO_SMALL
#define TRUST_TOKEN_R_BUFFER_TOO_SMALL
Definition: trust_token.h:295
TRUST_TOKEN_R_DECODE_ERROR
#define TRUST_TOKEN_R_DECODE_ERROR
Definition: trust_token.h:297
TRUST_TOKEN_experiment_v2_pmb
const TRUST_TOKEN_METHOD * TRUST_TOKEN_experiment_v2_pmb(void)
Definition: trust_token.c:62
mem.h
trust_token_st::data
uint8_t * data
Definition: trust_token.h:55
trust_token_issuer_get_key
static const struct trust_token_issuer_key_st * trust_token_issuer_get_key(const TRUST_TOKEN_ISSUER *ctx, uint32_t key_id)
Definition: trust_token.c:449
TRUST_TOKEN_ISSUER_set_srr_key
int TRUST_TOKEN_ISSUER_set_srr_key(TRUST_TOKEN_ISSUER *ctx, EVP_PKEY *key)
Definition: trust_token.c:426
len
int len
Definition: abseil-cpp/absl/base/internal/low_level_alloc_test.cc:46
TRUST_TOKEN_ISSUER_redeem
int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, size_t *out_len, TRUST_TOKEN **out_token, uint8_t **out_client_data, size_t *out_client_data_len, uint64_t *out_redemption_time, const uint8_t *request, size_t request_len, uint64_t lifetime)
Definition: trust_token.c:643
pmbtoken_exp1_generate_key
#define pmbtoken_exp1_generate_key
Definition: boringssl_prefix_symbols.h:3331
out_key_index
OPENSSL_EXPORT size_t * out_key_index
Definition: trust_token.h:140
size
voidpf void uLong size
Definition: bloaty/third_party/zlib/contrib/minizip/ioapi.h:136
method
NSString * method
Definition: ProtoMethod.h:28
EVP_MD_CTX_cleanup
#define EVP_MD_CTX_cleanup
Definition: boringssl_prefix_symbols.h:1561
TRUST_TOKEN_R_SRR_SIGNATURE_ERROR
#define TRUST_TOKEN_R_SRR_SIGNATURE_ERROR
Definition: trust_token.h:298
voprf_exp2_unblind
#define voprf_exp2_unblind
Definition: boringssl_prefix_symbols.h:3431
TRUST_TOKEN_CLIENT_finish_issuance
#define TRUST_TOKEN_CLIENT_finish_issuance
Definition: boringssl_prefix_symbols.h:2183
SHA256_Final
#define SHA256_Final
Definition: boringssl_prefix_symbols.h:2155
pmbtoken_exp1_client_key_from_bytes
#define pmbtoken_exp1_client_key_from_bytes
Definition: boringssl_prefix_symbols.h:3330
OPENSSL_free
#define OPENSSL_free
Definition: boringssl_prefix_symbols.h:1869
add_cbor_int_with_type
static int add_cbor_int_with_type(CBB *cbb, uint8_t major_type, uint64_t value)
Definition: trust_token.c:588
CBB_init_fixed
#define CBB_init_fixed
Definition: boringssl_prefix_symbols.h:1048
trust_token_method_st
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:176
TRUST_TOKEN_CLIENT_set_srr_key
int TRUST_TOKEN_CLIENT_set_srr_key(TRUST_TOKEN_CLIENT *ctx, EVP_PKEY *key)
Definition: trust_token.c:195
i
uint64_t i
Definition: abseil-cpp/absl/container/btree_benchmark.cc:230
ERR_R_MALLOC_FAILURE
#define ERR_R_MALLOC_FAILURE
Definition: err.h:371
TRUST_TOKEN_ISSUER_new
TRUST_TOKEN_ISSUER * TRUST_TOKEN_ISSUER_new(const TRUST_TOKEN_METHOD *method, size_t max_batchsize)
Definition: trust_token.c:374
cbb_st
Definition: bytestring.h:375
SHA256_Update
#define SHA256_Update
Definition: boringssl_prefix_symbols.h:2159

grpc
Author(s):
autogenerated on Thu Mar 13 2025 03:01:41