hpke.c
Go to the documentation of this file.
1 /* Copyright (c) 2020, Google Inc.
2  *
3  * Permission to use, copy, modify, and/or distribute this software for any
4  * purpose with or without fee is hereby granted, provided that the above
5  * copyright notice and this permission notice appear in all copies.
6  *
7  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14 
15 #include <openssl/hpke.h>
16 
17 #include <assert.h>
18 #include <string.h>
19 
20 #include <openssl/aead.h>
21 #include <openssl/bytestring.h>
22 #include <openssl/curve25519.h>
23 #include <openssl/digest.h>
24 #include <openssl/err.h>
25 #include <openssl/evp_errors.h>
26 #include <openssl/hkdf.h>
27 #include <openssl/rand.h>
28 #include <openssl/sha.h>
29 
30 #include "../internal.h"
31 
32 
33 // This file implements draft-irtf-cfrg-hpke-12.
34 
35 #define MAX_SEED_LEN X25519_PRIVATE_KEY_LEN
36 #define MAX_SHARED_SECRET_LEN SHA256_DIGEST_LENGTH
37 
38 struct evp_hpke_kem_st {
39  uint16_t id;
40  size_t public_key_len;
41  size_t private_key_len;
42  size_t seed_len;
43  int (*init_key)(EVP_HPKE_KEY *key, const uint8_t *priv_key,
44  size_t priv_key_len);
45  int (*generate_key)(EVP_HPKE_KEY *key);
46  int (*encap_with_seed)(const EVP_HPKE_KEM *kem, uint8_t *out_shared_secret,
47  size_t *out_shared_secret_len, uint8_t *out_enc,
48  size_t *out_enc_len, size_t max_enc,
49  const uint8_t *peer_public_key,
50  size_t peer_public_key_len, const uint8_t *seed,
51  size_t seed_len);
52  int (*decap)(const EVP_HPKE_KEY *key, uint8_t *out_shared_secret,
53  size_t *out_shared_secret_len, const uint8_t *enc,
54  size_t enc_len);
55 };
56 
57 struct evp_hpke_kdf_st {
58  uint16_t id;
59  // We only support HKDF-based KDFs.
60  const EVP_MD *(*hkdf_md_func)(void);
61 };
62 
63 struct evp_hpke_aead_st {
64  uint16_t id;
65  const EVP_AEAD *(*aead_func)(void);
66 };
67 
68 
69 // Low-level labeled KDF functions.
70 
71 static const char kHpkeVersionId[] = "HPKE-v1";
72 
73 static int add_label_string(CBB *cbb, const char *label) {
74  return CBB_add_bytes(cbb, (const uint8_t *)label, strlen(label));
75 }
76 
77 static int hpke_labeled_extract(const EVP_MD *hkdf_md, uint8_t *out_key,
78  size_t *out_len, const uint8_t *salt,
79  size_t salt_len, const uint8_t *suite_id,
80  size_t suite_id_len, const char *label,
81  const uint8_t *ikm, size_t ikm_len) {
82  // labeledIKM = concat("HPKE-v1", suite_id, label, IKM)
83  CBB labeled_ikm;
84  int ok = CBB_init(&labeled_ikm, 0) &&
85  add_label_string(&labeled_ikm, kHpkeVersionId) &&
86  CBB_add_bytes(&labeled_ikm, suite_id, suite_id_len) &&
87  add_label_string(&labeled_ikm, label) &&
88  CBB_add_bytes(&labeled_ikm, ikm, ikm_len) &&
89  HKDF_extract(out_key, out_len, hkdf_md, CBB_data(&labeled_ikm),
90  CBB_len(&labeled_ikm), salt, salt_len);
91  CBB_cleanup(&labeled_ikm);
92  return ok;
93 }
94 
95 static int hpke_labeled_expand(const EVP_MD *hkdf_md, uint8_t *out_key,
96  size_t out_len, const uint8_t *prk,
97  size_t prk_len, const uint8_t *suite_id,
98  size_t suite_id_len, const char *label,
99  const uint8_t *info, size_t info_len) {
100  // labeledInfo = concat(I2OSP(L, 2), "HPKE-v1", suite_id, label, info)
101  CBB labeled_info;
102  int ok = CBB_init(&labeled_info, 0) &&
103  CBB_add_u16(&labeled_info, out_len) &&
104  add_label_string(&labeled_info, kHpkeVersionId) &&
105  CBB_add_bytes(&labeled_info, suite_id, suite_id_len) &&
106  add_label_string(&labeled_info, label) &&
107  CBB_add_bytes(&labeled_info, info, info_len) &&
108  HKDF_expand(out_key, out_len, hkdf_md, prk, prk_len,
109  CBB_data(&labeled_info), CBB_len(&labeled_info));
110  CBB_cleanup(&labeled_info);
111  return ok;
112 }
113 
114 
115 // KEM implementations.
116 
117 // dhkem_extract_and_expand implements the ExtractAndExpand operation in the
118 // DHKEM construction. See section 4.1 of draft-irtf-cfrg-hpke-12.
119 static int dhkem_extract_and_expand(uint16_t kem_id, const EVP_MD *hkdf_md,
120  uint8_t *out_key, size_t out_len,
121  const uint8_t *dh, size_t dh_len,
122  const uint8_t *kem_context,
123  size_t kem_context_len) {
124  // concat("KEM", I2OSP(kem_id, 2))
125  uint8_t suite_id[5] = {'K', 'E', 'M', kem_id >> 8, kem_id & 0xff};
126  uint8_t prk[EVP_MAX_MD_SIZE];
127  size_t prk_len;
128  return hpke_labeled_extract(hkdf_md, prk, &prk_len, NULL, 0, suite_id,
129  sizeof(suite_id), "eae_prk", dh, dh_len) &&
130  hpke_labeled_expand(hkdf_md, out_key, out_len, prk, prk_len, suite_id,
131  sizeof(suite_id), "shared_secret", kem_context,
132  kem_context_len);
133 }
134 
135 static int x25519_init_key(EVP_HPKE_KEY *key, const uint8_t *priv_key,
136  size_t priv_key_len) {
137  if (priv_key_len != X25519_PRIVATE_KEY_LEN) {
138  OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
139  return 0;
140  }
141 
142  OPENSSL_memcpy(key->private_key, priv_key, priv_key_len);
143  X25519_public_from_private(key->public_key, priv_key);
144  return 1;
145 }
146 
147 static int x25519_generate_key(EVP_HPKE_KEY *key) {
148  X25519_keypair(key->public_key, key->private_key);
149  return 1;
150 }
151 
152 static int x25519_encap_with_seed(
153  const EVP_HPKE_KEM *kem, uint8_t *out_shared_secret,
154  size_t *out_shared_secret_len, uint8_t *out_enc, size_t *out_enc_len,
155  size_t max_enc, const uint8_t *peer_public_key, size_t peer_public_key_len,
156  const uint8_t *seed, size_t seed_len) {
157  if (max_enc < X25519_PUBLIC_VALUE_LEN) {
158  OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
159  return 0;
160  }
161  if (seed_len != X25519_PRIVATE_KEY_LEN) {
162  OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
163  return 0;
164  }
165  X25519_public_from_private(out_enc, seed);
166 
167  uint8_t dh[X25519_SHARED_KEY_LEN];
168  if (peer_public_key_len != X25519_PUBLIC_VALUE_LEN ||
169  !X25519(dh, seed, peer_public_key)) {
170  OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY);
171  return 0;
172  }
173 
174  uint8_t kem_context[2 * X25519_PUBLIC_VALUE_LEN];
175  OPENSSL_memcpy(kem_context, out_enc, X25519_PUBLIC_VALUE_LEN);
176  OPENSSL_memcpy(kem_context + X25519_PUBLIC_VALUE_LEN, peer_public_key,
177  X25519_PUBLIC_VALUE_LEN);
178  if (!dhkem_extract_and_expand(kem->id, EVP_sha256(), out_shared_secret,
179  SHA256_DIGEST_LENGTH, dh, sizeof(dh),
180  kem_context, sizeof(kem_context))) {
181  return 0;
182  }
183 
184  *out_enc_len = X25519_PUBLIC_VALUE_LEN;
185  *out_shared_secret_len = SHA256_DIGEST_LENGTH;
186  return 1;
187 }
188 
189 static int x25519_decap(const EVP_HPKE_KEY *key, uint8_t *out_shared_secret,
190  size_t *out_shared_secret_len, const uint8_t *enc,
191  size_t enc_len) {
192  uint8_t dh[X25519_SHARED_KEY_LEN];
193  if (enc_len != X25519_PUBLIC_VALUE_LEN ||
194  !X25519(dh, key->private_key, enc)) {
195  OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY);
196  return 0;
197  }
198 
199  uint8_t kem_context[2 * X25519_PUBLIC_VALUE_LEN];
200  OPENSSL_memcpy(kem_context, enc, X25519_PUBLIC_VALUE_LEN);
201  OPENSSL_memcpy(kem_context + X25519_PUBLIC_VALUE_LEN, key->public_key,
202  X25519_PUBLIC_VALUE_LEN);
203  if (!dhkem_extract_and_expand(key->kem->id, EVP_sha256(), out_shared_secret,
204  SHA256_DIGEST_LENGTH, dh, sizeof(dh),
205  kem_context, sizeof(kem_context))) {
206  return 0;
207  }
208 
209  *out_shared_secret_len = SHA256_DIGEST_LENGTH;
210  return 1;
211 }
212 
213 const EVP_HPKE_KEM *EVP_hpke_x25519_hkdf_sha256(void) {
214  static const EVP_HPKE_KEM kKEM = {
215  /*id=*/EVP_HPKE_DHKEM_X25519_HKDF_SHA256,
216  /*public_key_len=*/X25519_PUBLIC_VALUE_LEN,
217  /*private_key_len=*/X25519_PRIVATE_KEY_LEN,
218  /*seed_len=*/X25519_PRIVATE_KEY_LEN,
219  x25519_init_key,
220  x25519_generate_key,
221  x25519_encap_with_seed,
222  x25519_decap,
223  };
224  return &kKEM;
225 }
226 
227 uint16_t EVP_HPKE_KEM_id(const EVP_HPKE_KEM *kem) { return kem->id; }
228 
229 void EVP_HPKE_KEY_zero(EVP_HPKE_KEY *key) {
230  OPENSSL_memset(key, 0, sizeof(EVP_HPKE_KEY));
231 }
232 
233 void EVP_HPKE_KEY_cleanup(EVP_HPKE_KEY *key) {
234  // Nothing to clean up for now, but we may introduce a cleanup process in the
235  // future.
236 }
237 
238 EVP_HPKE_KEY *EVP_HPKE_KEY_new(void) {
239  EVP_HPKE_KEY *key = OPENSSL_malloc(sizeof(EVP_HPKE_KEY));
240  if (key == NULL) {
241  OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
242  return NULL;
243  }
244  EVP_HPKE_KEY_zero(key);
245  return key;
246 }
247 
248 void EVP_HPKE_KEY_free(EVP_HPKE_KEY *key) {
249  if (key != NULL) {
250  EVP_HPKE_KEY_cleanup(key);
251  OPENSSL_free(key);
252  }
253 }
254 
255 int EVP_HPKE_KEY_copy(EVP_HPKE_KEY *dst, const EVP_HPKE_KEY *src) {
256  // For now, |EVP_HPKE_KEY| is trivially copyable.
257  OPENSSL_memcpy(dst, src, sizeof(EVP_HPKE_KEY));
258  return 1;
259 }
260 
261 int EVP_HPKE_KEY_init(EVP_HPKE_KEY *key, const EVP_HPKE_KEM *kem,
262  const uint8_t *priv_key, size_t priv_key_len) {
263  EVP_HPKE_KEY_zero(key);
264  key->kem = kem;
265  if (!kem->init_key(key, priv_key, priv_key_len)) {
266  key->kem = NULL;
267  return 0;
268  }
269  return 1;
270 }
271 
272 int EVP_HPKE_KEY_generate(EVP_HPKE_KEY *key, const EVP_HPKE_KEM *kem) {
273  EVP_HPKE_KEY_zero(key);
274  key->kem = kem;
275  if (!kem->generate_key(key)) {
276  key->kem = NULL;
277  return 0;
278  }
279  return 1;
280 }
281 
282 const EVP_HPKE_KEM *EVP_HPKE_KEY_kem(const EVP_HPKE_KEY *key) {
283  return key->kem;
284 }
285 
286 int EVP_HPKE_KEY_public_key(const EVP_HPKE_KEY *key, uint8_t *out,
287  size_t *out_len, size_t max_out) {
288  if (max_out < key->kem->public_key_len) {
289  OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
290  return 0;
291  }
292  OPENSSL_memcpy(out, key->public_key, key->kem->public_key_len);
293  *out_len = key->kem->public_key_len;
294  return 1;
295 }
296 
297 int EVP_HPKE_KEY_private_key(const EVP_HPKE_KEY *key, uint8_t *out,
298  size_t *out_len, size_t max_out) {
299  if (max_out < key->kem->private_key_len) {
300  OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
301  return 0;
302  }
303  OPENSSL_memcpy(out, key->private_key, key->kem->private_key_len);
304  *out_len = key->kem->private_key_len;
305  return 1;
306 }
307 
308 
309 // Supported KDFs and AEADs.
310 
311 const EVP_HPKE_KDF *EVP_hpke_hkdf_sha256(void) {
312  static const EVP_HPKE_KDF kKDF = {EVP_HPKE_HKDF_SHA256, &EVP_sha256};
313  return &kKDF;
314 }
315 
316 uint16_t EVP_HPKE_KDF_id(const EVP_HPKE_KDF *kdf) { return kdf->id; }
317 
318 const EVP_HPKE_AEAD *EVP_hpke_aes_128_gcm(void) {
319  static const EVP_HPKE_AEAD kAEAD = {EVP_HPKE_AES_128_GCM,
320  &EVP_aead_aes_128_gcm};
321  return &kAEAD;
322 }
323 
324 const EVP_HPKE_AEAD *EVP_hpke_aes_256_gcm(void) {
325  static const EVP_HPKE_AEAD kAEAD = {EVP_HPKE_AES_256_GCM,
326  &EVP_aead_aes_256_gcm};
327  return &kAEAD;
328 }
329 
330 const EVP_HPKE_AEAD *EVP_hpke_chacha20_poly1305(void) {
331  static const EVP_HPKE_AEAD kAEAD = {EVP_HPKE_CHACHA20_POLY1305,
332  &EVP_aead_chacha20_poly1305};
333  return &kAEAD;
334 }
335 
336 uint16_t EVP_HPKE_AEAD_id(const EVP_HPKE_AEAD *aead) { return aead->id; }
337 
338 const EVP_AEAD *EVP_HPKE_AEAD_aead(const EVP_HPKE_AEAD *aead) {
339  return aead->aead_func();
340 }
341 
342 
343 // HPKE implementation.
344 
345 // This is strlen("HPKE") + 3 * sizeof(uint16_t).
346 #define HPKE_SUITE_ID_LEN 10
347 
348 // The suite_id for non-KEM pieces of HPKE is defined as concat("HPKE",
349 // I2OSP(kem_id, 2), I2OSP(kdf_id, 2), I2OSP(aead_id, 2)).
350 static int hpke_build_suite_id(const EVP_HPKE_CTX *ctx,
351  uint8_t out[HPKE_SUITE_ID_LEN]) {
352  CBB cbb;
353  int ret = CBB_init_fixed(&cbb, out, HPKE_SUITE_ID_LEN) &&
354  add_label_string(&cbb, "HPKE") &&
355  CBB_add_u16(&cbb, EVP_HPKE_DHKEM_X25519_HKDF_SHA256) &&
356  CBB_add_u16(&cbb, ctx->kdf->id) &&
357  CBB_add_u16(&cbb, ctx->aead->id);
358  CBB_cleanup(&cbb);
359  return ret;
360 }
361 
362 #define HPKE_MODE_BASE 0
363 
364 static int hpke_key_schedule(EVP_HPKE_CTX *ctx, const uint8_t *shared_secret,
365  size_t shared_secret_len, const uint8_t *info,
366  size_t info_len) {
367  uint8_t suite_id[HPKE_SUITE_ID_LEN];
368  if (!hpke_build_suite_id(ctx, suite_id)) {
369  return 0;
370  }
371 
372  // psk_id_hash = LabeledExtract("", "psk_id_hash", psk_id)
373  // TODO(davidben): Precompute this value and store it with the EVP_HPKE_KDF.
374  const EVP_MD *hkdf_md = ctx->kdf->hkdf_md_func();
375  uint8_t psk_id_hash[EVP_MAX_MD_SIZE];
376  size_t psk_id_hash_len;
377  if (!hpke_labeled_extract(hkdf_md, psk_id_hash, &psk_id_hash_len, NULL, 0,
378  suite_id, sizeof(suite_id), "psk_id_hash", NULL,
379  0)) {
380  return 0;
381  }
382 
383  // info_hash = LabeledExtract("", "info_hash", info)
384  uint8_t info_hash[EVP_MAX_MD_SIZE];
385  size_t info_hash_len;
386  if (!hpke_labeled_extract(hkdf_md, info_hash, &info_hash_len, NULL, 0,
387  suite_id, sizeof(suite_id), "info_hash", info,
388  info_len)) {
389  return 0;
390  }
391 
392  // key_schedule_context = concat(mode, psk_id_hash, info_hash)
393  uint8_t context[sizeof(uint8_t) + 2 * EVP_MAX_MD_SIZE];
394  size_t context_len;
395  CBB context_cbb;
396  if (!CBB_init_fixed(&context_cbb, context, sizeof(context)) ||
397  !CBB_add_u8(&context_cbb, HPKE_MODE_BASE) ||
398  !CBB_add_bytes(&context_cbb, psk_id_hash, psk_id_hash_len) ||
399  !CBB_add_bytes(&context_cbb, info_hash, info_hash_len) ||
400  !CBB_finish(&context_cbb, NULL, &context_len)) {
401  return 0;
402  }
403 
404  // secret = LabeledExtract(shared_secret, "secret", psk)
405  uint8_t secret[EVP_MAX_MD_SIZE];
406  size_t secret_len;
407  if (!hpke_labeled_extract(hkdf_md, secret, &secret_len, shared_secret,
408  shared_secret_len, suite_id, sizeof(suite_id),
409  "secret", NULL, 0)) {
410  return 0;
411  }
412 
413  // key = LabeledExpand(secret, "key", key_schedule_context, Nk)
414  const EVP_AEAD *aead = EVP_HPKE_AEAD_aead(ctx->aead);
415  uint8_t key[EVP_AEAD_MAX_KEY_LENGTH];
416  const size_t kKeyLen = EVP_AEAD_key_length(aead);
417  if (!hpke_labeled_expand(hkdf_md, key, kKeyLen, secret, secret_len, suite_id,
418  sizeof(suite_id), "key", context, context_len) ||
419  !EVP_AEAD_CTX_init(&ctx->aead_ctx, aead, key, kKeyLen,
420  EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) {
421  return 0;
422  }
423 
424  // base_nonce = LabeledExpand(secret, "base_nonce", key_schedule_context, Nn)
425  if (!hpke_labeled_expand(hkdf_md, ctx->base_nonce,
426  EVP_AEAD_nonce_length(aead), secret, secret_len,
427  suite_id, sizeof(suite_id), "base_nonce", context,
428  context_len)) {
429  return 0;
430  }
431 
432  // exporter_secret = LabeledExpand(secret, "exp", key_schedule_context, Nh)
433  if (!hpke_labeled_expand(hkdf_md, ctx->exporter_secret, EVP_MD_size(hkdf_md),
434  secret, secret_len, suite_id, sizeof(suite_id),
435  "exp", context, context_len)) {
436  return 0;
437  }
438 
439  return 1;
440 }
441 
442 void EVP_HPKE_CTX_zero(EVP_HPKE_CTX *ctx) {
443  OPENSSL_memset(ctx, 0, sizeof(EVP_HPKE_CTX));
444  EVP_AEAD_CTX_zero(&ctx->aead_ctx);
445 }
446 
447 void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx) {
448  EVP_AEAD_CTX_cleanup(&ctx->aead_ctx);
449 }
450 
451 EVP_HPKE_CTX *EVP_HPKE_CTX_new(void) {
452  EVP_HPKE_CTX *ctx = OPENSSL_malloc(sizeof(EVP_HPKE_CTX));
453  if (ctx == NULL) {
454  OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
455  return NULL;
456  }
457  EVP_HPKE_CTX_zero(ctx);
458  return ctx;
459 }
460 
461 void EVP_HPKE_CTX_free(EVP_HPKE_CTX *ctx) {
462  if (ctx != NULL) {
463  EVP_HPKE_CTX_cleanup(ctx);
464  OPENSSL_free(ctx);
465  }
466 }
467 
468 int EVP_HPKE_CTX_setup_sender(EVP_HPKE_CTX *ctx, uint8_t *out_enc,
469  size_t *out_enc_len, size_t max_enc,
470  const EVP_HPKE_KEM *kem, const EVP_HPKE_KDF *kdf,
471  const EVP_HPKE_AEAD *aead,
472  const uint8_t *peer_public_key,
473  size_t peer_public_key_len, const uint8_t *info,
474  size_t info_len) {
475  uint8_t seed[MAX_SEED_LEN];
476  RAND_bytes(seed, kem->seed_len);
477  return EVP_HPKE_CTX_setup_sender_with_seed_for_testing(
478  ctx, out_enc, out_enc_len, max_enc, kem, kdf, aead, peer_public_key,
479  peer_public_key_len, info, info_len, seed, kem->seed_len);
480 }
481 
482 int EVP_HPKE_CTX_setup_sender_with_seed_for_testing(
483  EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
484  const EVP_HPKE_KEM *kem, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
485  const uint8_t *peer_public_key, size_t peer_public_key_len,
486  const uint8_t *info, size_t info_len, const uint8_t *seed,
487  size_t seed_len) {
488  EVP_HPKE_CTX_zero(ctx);
489  ctx->is_sender = 1;
490  ctx->kdf = kdf;
491  ctx->aead = aead;
492  uint8_t shared_secret[MAX_SHARED_SECRET_LEN];
493  size_t shared_secret_len;
494  if (!kem->encap_with_seed(kem, shared_secret, &shared_secret_len, out_enc,
495  out_enc_len, max_enc, peer_public_key,
496  peer_public_key_len, seed, seed_len) ||
497  !hpke_key_schedule(ctx, shared_secret, shared_secret_len, info,
498  info_len)) {
499  EVP_HPKE_CTX_cleanup(ctx);
500  return 0;
501  }
502  return 1;
503 }
504 
505 int EVP_HPKE_CTX_setup_recipient(EVP_HPKE_CTX *ctx, const EVP_HPKE_KEY *key,
506  const EVP_HPKE_KDF *kdf,
507  const EVP_HPKE_AEAD *aead, const uint8_t *enc,
508  size_t enc_len, const uint8_t *info,
509  size_t info_len) {
510  EVP_HPKE_CTX_zero(ctx);
511  ctx->is_sender = 0;
512  ctx->kdf = kdf;
513  ctx->aead = aead;
514  uint8_t shared_secret[MAX_SHARED_SECRET_LEN];
515  size_t shared_secret_len;
516  if (!key->kem->decap(key, shared_secret, &shared_secret_len, enc, enc_len) ||
517  !hpke_key_schedule(ctx, shared_secret, sizeof(shared_secret), info,
518  info_len)) {
519  EVP_HPKE_CTX_cleanup(ctx);
520  return 0;
521  }
522  return 1;
523 }
524 
525 static void hpke_nonce(const EVP_HPKE_CTX *ctx, uint8_t *out_nonce,
526  size_t nonce_len) {
527  assert(nonce_len >= 8);
528 
529  // Write padded big-endian bytes of |ctx->seq| to |out_nonce|.
530  OPENSSL_memset(out_nonce, 0, nonce_len);
531  uint64_t seq_copy = ctx->seq;
532  for (size_t i = 0; i < 8; i++) {
533  out_nonce[nonce_len - i - 1] = seq_copy & 0xff;
534  seq_copy >>= 8;
535  }
536 
537  // XOR the encoded sequence with the |ctx->base_nonce|.
538  for (size_t i = 0; i < nonce_len; i++) {
539  out_nonce[i] ^= ctx->base_nonce[i];
540  }
541 }
542 
543 int EVP_HPKE_CTX_open(EVP_HPKE_CTX *ctx, uint8_t *out, size_t *out_len,
544  size_t max_out_len, const uint8_t *in, size_t in_len,
545  const uint8_t *ad, size_t ad_len) {
546  if (ctx->is_sender) {
547  OPENSSL_PUT_ERROR(EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
548  return 0;
549  }
550  if (ctx->seq == UINT64_MAX) {
551  OPENSSL_PUT_ERROR(EVP, ERR_R_OVERFLOW);
552  return 0;
553  }
554 
555  uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
556  const size_t nonce_len = EVP_AEAD_nonce_length(ctx->aead_ctx.aead);
557  hpke_nonce(ctx, nonce, nonce_len);
558 
559  if (!EVP_AEAD_CTX_open(&ctx->aead_ctx, out, out_len, max_out_len, nonce,
560  nonce_len, in, in_len, ad, ad_len)) {
561  return 0;
562  }
563  ctx->seq++;
564  return 1;
565 }
566 
567 int EVP_HPKE_CTX_seal(EVP_HPKE_CTX *ctx, uint8_t *out, size_t *out_len,
568  size_t max_out_len, const uint8_t *in, size_t in_len,
569  const uint8_t *ad, size_t ad_len) {
570  if (!ctx->is_sender) {
571  OPENSSL_PUT_ERROR(EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
572  return 0;
573  }
574  if (ctx->seq == UINT64_MAX) {
575  OPENSSL_PUT_ERROR(EVP, ERR_R_OVERFLOW);
576  return 0;
577  }
578 
579  uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
580  const size_t nonce_len = EVP_AEAD_nonce_length(ctx->aead_ctx.aead);
581  hpke_nonce(ctx, nonce, nonce_len);
582 
583  if (!EVP_AEAD_CTX_seal(&ctx->aead_ctx, out, out_len, max_out_len, nonce,
584  nonce_len, in, in_len, ad, ad_len)) {
585  return 0;
586  }
587  ctx->seq++;
588  return 1;
589 }
590 
591 int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *ctx, uint8_t *out,
592  size_t secret_len, const uint8_t *context,
593  size_t context_len) {
594  uint8_t suite_id[HPKE_SUITE_ID_LEN];
595  if (!hpke_build_suite_id(ctx, suite_id)) {
596  return 0;
597  }
598  const EVP_MD *hkdf_md = ctx->kdf->hkdf_md_func();
599  if (!hpke_labeled_expand(hkdf_md, out, secret_len, ctx->exporter_secret,
600  EVP_MD_size(hkdf_md), suite_id, sizeof(suite_id),
601  "sec", context, context_len)) {
602  return 0;
603  }
604  return 1;
605 }
606 
607 size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *ctx) {
608  assert(ctx->is_sender);
609  return EVP_AEAD_max_overhead(EVP_AEAD_CTX_aead(&ctx->aead_ctx));
610 }
611 
612 const EVP_HPKE_AEAD *EVP_HPKE_CTX_aead(const EVP_HPKE_CTX *ctx) {
613  return ctx->aead;
614 }
615 
616 const EVP_HPKE_KDF *EVP_HPKE_CTX_kdf(const EVP_HPKE_CTX *ctx) {
617  return ctx->kdf;
618 }
CBB_data
#define CBB_data
Definition: boringssl_prefix_symbols.h:1040
dst
static const char dst[]
Definition: test-fs-copyfile.c:37
CBB_init
#define CBB_init
Definition: boringssl_prefix_symbols.h:1047
gen_build_yaml.out
dictionary out
Definition: src/benchmark/gen_build_yaml.py:24
RAND_bytes
#define RAND_bytes
Definition: boringssl_prefix_symbols.h:2060
ctx
Definition: benchmark-async.c:30
CBB_cleanup
#define CBB_cleanup
Definition: boringssl_prefix_symbols.h:1039
evp_hpke_kem_st::private_key_len
size_t private_key_len
Definition: hpke.c:41
EVP_hpke_x25519_hkdf_sha256
const EVP_HPKE_KEM * EVP_hpke_x25519_hkdf_sha256(void)
Definition: hpke.c:213
EVP_HPKE_DHKEM_X25519_HKDF_SHA256
#define EVP_HPKE_DHKEM_X25519_HKDF_SHA256
Definition: hpke.h:43
env_md_st
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/internal.h:67
X25519_PRIVATE_KEY_LEN
#define X25519_PRIVATE_KEY_LEN
Definition: curve25519.h:36
uint16_t
unsigned short uint16_t
Definition: stdint-msvc2008.h:79
EVP_AEAD_MAX_NONCE_LENGTH
#define EVP_AEAD_MAX_NONCE_LENGTH
Definition: aead.h:231
hpke_key_schedule
static int hpke_key_schedule(EVP_HPKE_CTX *ctx, const uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *info, size_t info_len)
Definition: hpke.c:364
EVP_HPKE_CTX_cleanup
void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx)
Definition: hpke.c:447
evp_hpke_kem_st
Definition: hpke.c:38
OPENSSL_PUT_ERROR
#define OPENSSL_PUT_ERROR(library, reason)
Definition: err.h:423
evp_hpke_kem_st::seed_len
size_t seed_len
Definition: hpke.c:42
string.h
evp_hpke_ctx_st
Definition: hpke.h:309
CBB_add_u8
#define CBB_add_u8
Definition: boringssl_prefix_symbols.h:1036
seed
static const uint8_t seed[20]
Definition: dsa_test.cc:79
EVP_HPKE_KEY_init
int EVP_HPKE_KEY_init(EVP_HPKE_KEY *key, const EVP_HPKE_KEM *kem, const uint8_t *priv_key, size_t priv_key_len)
Definition: hpke.c:261
hpke.h
UINT64_MAX
#define UINT64_MAX
Definition: stdint-msvc2008.h:143
evp_hpke_key_st
Definition: hpke.h:319
HPKE_MODE_BASE
#define HPKE_MODE_BASE
Definition: hpke.c:362
ctx
static struct test_ctx ctx
Definition: test-ipc-send-recv.c:65
hpke_build_suite_id
static int hpke_build_suite_id(const EVP_HPKE_CTX *ctx, uint8_t out[HPKE_SUITE_ID_LEN])
Definition: hpke.c:350
EVP_HPKE_KEY_copy
int EVP_HPKE_KEY_copy(EVP_HPKE_KEY *dst, const EVP_HPKE_KEY *src)
Definition: hpke.c:255
EVP_HPKE_KEM_id
uint16_t EVP_HPKE_KEM_id(const EVP_HPKE_KEM *kem)
Definition: hpke.c:227
EVP_AEAD_CTX_aead
#define EVP_AEAD_CTX_aead
Definition: boringssl_prefix_symbols.h:1445
evp_hpke_kdf_st::id
uint16_t id
Definition: hpke.c:58
EVP_sha256
const OPENSSL_EXPORT EVP_MD * EVP_sha256(void)
EVP_HPKE_CTX_export
int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *ctx, uint8_t *out, size_t secret_len, const uint8_t *context, size_t context_len)
Definition: hpke.c:591
uint8_t
unsigned char uint8_t
Definition: stdint-msvc2008.h:78
EVP_R_INVALID_PEER_KEY
#define EVP_R_INVALID_PEER_KEY
Definition: evp_errors.h:94
EVP_AEAD_CTX_cleanup
#define EVP_AEAD_CTX_cleanup
Definition: boringssl_prefix_symbols.h:1446
evp_hpke_kdf_st
Definition: hpke.c:57
OPENSSL_memset
static void * OPENSSL_memset(void *dst, int c, size_t n)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:835
EVP_AEAD_CTX_zero
#define EVP_AEAD_CTX_zero
Definition: boringssl_prefix_symbols.h:1457
x25519_decap
static int x25519_decap(const EVP_HPKE_KEY *key, uint8_t *out_shared_secret, size_t *out_shared_secret_len, const uint8_t *enc, size_t enc_len)
Definition: hpke.c:189
HKDF_extract
#define HKDF_extract
Definition: boringssl_prefix_symbols.h:1782
EVP_AEAD_nonce_length
#define EVP_AEAD_nonce_length
Definition: boringssl_prefix_symbols.h:1461
EVP_HPKE_CTX_seal
int EVP_HPKE_CTX_seal(EVP_HPKE_CTX *ctx, uint8_t *out, size_t *out_len, size_t max_out_len, const uint8_t *in, size_t in_len, const uint8_t *ad, size_t ad_len)
Definition: hpke.c:567
EVP_AEAD_DEFAULT_TAG_LENGTH
#define EVP_AEAD_DEFAULT_TAG_LENGTH
Definition: aead.h:240
OPENSSL_malloc
#define OPENSSL_malloc
Definition: boringssl_prefix_symbols.h:1885
EVP_aead_aes_256_gcm
const OPENSSL_EXPORT EVP_AEAD * EVP_aead_aes_256_gcm(void)
EVP_HPKE_CTX_free
void EVP_HPKE_CTX_free(EVP_HPKE_CTX *ctx)
Definition: hpke.c:461
EVP_HPKE_KEY_new
EVP_HPKE_KEY * EVP_HPKE_KEY_new(void)
Definition: hpke.c:238
EVP_R_DECODE_ERROR
#define EVP_R_DECODE_ERROR
Definition: evp_errors.h:62
bytestring.h
EVP_hpke_hkdf_sha256
const EVP_HPKE_KDF * EVP_hpke_hkdf_sha256(void)
Definition: hpke.c:311
in
const char * in
Definition: third_party/abseil-cpp/absl/strings/internal/str_format/parser_test.cc:391
CBB_add_u16
#define CBB_add_u16
Definition: boringssl_prefix_symbols.h:1027
xds_interop_client.int
int
Definition: xds_interop_client.py:113
EVP_hpke_chacha20_poly1305
const EVP_HPKE_AEAD * EVP_hpke_chacha20_poly1305(void)
Definition: hpke.c:330
gen_synthetic_protos.label
label
Definition: gen_synthetic_protos.py:102
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
Definition: err.h:372
CBB_finish
#define CBB_finish
Definition: boringssl_prefix_symbols.h:1043
EVP_MD_size
#define EVP_MD_size
Definition: boringssl_prefix_symbols.h:1579
EVP_HPKE_HKDF_SHA256
#define EVP_HPKE_HKDF_SHA256
Definition: hpke.h:55
MAX_SEED_LEN
#define MAX_SEED_LEN
Definition: hpke.c:35
sha.h
EVP_HPKE_KEY_generate
int EVP_HPKE_KEY_generate(EVP_HPKE_KEY *key, const EVP_HPKE_KEM *kem)
Definition: hpke.c:272
EVP_HPKE_AES_256_GCM
#define EVP_HPKE_AES_256_GCM
Definition: hpke.h:65
uint64_t
unsigned __int64 uint64_t
Definition: stdint-msvc2008.h:90
EVP_AEAD_CTX_seal
#define EVP_AEAD_CTX_seal
Definition: boringssl_prefix_symbols.h:1454
hpke_labeled_expand
static int hpke_labeled_expand(const EVP_MD *hkdf_md, uint8_t *out_key, size_t out_len, const uint8_t *prk, size_t prk_len, const uint8_t *suite_id, size_t suite_id_len, const char *label, const uint8_t *info, size_t info_len)
Definition: hpke.c:95
OPENSSL_memcpy
static void * OPENSSL_memcpy(void *dst, const void *src, size_t n)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:819
err.h
MAX_SHARED_SECRET_LEN
#define MAX_SHARED_SECRET_LEN
Definition: hpke.c:36
EVP_AEAD_CTX_init
#define EVP_AEAD_CTX_init
Definition: boringssl_prefix_symbols.h:1449
evp_hpke_aead_st::aead_func
const EVP_AEAD *(* aead_func)(void)
Definition: hpke.c:65
x25519_encap_with_seed
static int x25519_encap_with_seed(const EVP_HPKE_KEM *kem, uint8_t *out_shared_secret, size_t *out_shared_secret_len, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc, const uint8_t *peer_public_key, size_t peer_public_key_len, const uint8_t *seed, size_t seed_len)
Definition: hpke.c:152
EVP_HPKE_KEY_cleanup
void EVP_HPKE_KEY_cleanup(EVP_HPKE_KEY *key)
Definition: hpke.c:233
EVP_HPKE_KDF_id
uint16_t EVP_HPKE_KDF_id(const EVP_HPKE_KDF *kdf)
Definition: hpke.c:316
dhkem_extract_and_expand
static int dhkem_extract_and_expand(uint16_t kem_id, const EVP_MD *hkdf_md, uint8_t *out_key, size_t out_len, const uint8_t *dh, size_t dh_len, const uint8_t *kem_context, size_t kem_context_len)
Definition: hpke.c:119
aead.h
EVP_HPKE_KEY_private_key
int EVP_HPKE_KEY_private_key(const EVP_HPKE_KEY *key, uint8_t *out, size_t *out_len, size_t max_out)
Definition: hpke.c:297
evp_hpke_kem_st::public_key_len
size_t public_key_len
Definition: hpke.c:40
ERR_R_OVERFLOW
#define ERR_R_OVERFLOW
Definition: err.h:375
EVP_HPKE_CTX_setup_recipient
int EVP_HPKE_CTX_setup_recipient(EVP_HPKE_CTX *ctx, const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead, const uint8_t *enc, size_t enc_len, const uint8_t *info, size_t info_len)
Definition: hpke.c:505
kHpkeVersionId
static const char kHpkeVersionId[]
Definition: hpke.c:71
EVP_HPKE_KEY_public_key
int EVP_HPKE_KEY_public_key(const EVP_HPKE_KEY *key, uint8_t *out, size_t *out_len, size_t max_out)
Definition: hpke.c:286
evp_errors.h
EVP_AEAD_CTX_open
#define EVP_AEAD_CTX_open
Definition: boringssl_prefix_symbols.h:1452
X25519_keypair
#define X25519_keypair
Definition: boringssl_prefix_symbols.h:2210
evp_aead_st
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h:77
evp_hpke_kem_st::id
uint16_t id
Definition: hpke.c:39
EVP_HPKE_KEY_kem
const EVP_HPKE_KEM * EVP_HPKE_KEY_kem(const EVP_HPKE_KEY *key)
Definition: hpke.c:282
EVP_HPKE_KEY_free
void EVP_HPKE_KEY_free(EVP_HPKE_KEY *key)
Definition: hpke.c:248
EVP_AEAD_MAX_KEY_LENGTH
#define EVP_AEAD_MAX_KEY_LENGTH
Definition: aead.h:227
CBB_add_bytes
#define CBB_add_bytes
Definition: boringssl_prefix_symbols.h:1025
rand.h
digest.h
key
const char * key
Definition: hpack_parser_table.cc:164
EVP_HPKE_CTX_setup_sender
int EVP_HPKE_CTX_setup_sender(EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc, const EVP_HPKE_KEM *kem, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead, const uint8_t *peer_public_key, size_t peer_public_key_len, const uint8_t *info, size_t info_len)
Definition: hpke.c:468
x25519_init_key
static int x25519_init_key(EVP_HPKE_KEY *key, const uint8_t *priv_key, size_t priv_key_len)
Definition: hpke.c:135
EVP_HPKE_AES_128_GCM
#define EVP_HPKE_AES_128_GCM
Definition: hpke.h:64
EVP_HPKE_CTX_setup_sender_with_seed_for_testing
int EVP_HPKE_CTX_setup_sender_with_seed_for_testing(EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc, const EVP_HPKE_KEM *kem, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead, const uint8_t *peer_public_key, size_t peer_public_key_len, const uint8_t *info, size_t info_len, const uint8_t *seed, size_t seed_len)
Definition: hpke.c:482
X25519_public_from_private
#define X25519_public_from_private
Definition: boringssl_prefix_symbols.h:2211
hkdf.h
EVP_HPKE_CTX_open
int EVP_HPKE_CTX_open(EVP_HPKE_CTX *ctx, uint8_t *out, size_t *out_len, size_t max_out_len, const uint8_t *in, size_t in_len, const uint8_t *ad, size_t ad_len)
Definition: hpke.c:543
ret
UniquePtr< SSL_SESSION > ret
Definition: ssl_x509.cc:1029
EVP_hpke_aes_256_gcm
const EVP_HPKE_AEAD * EVP_hpke_aes_256_gcm(void)
Definition: hpke.c:324
evp_hpke_aead_st::id
uint16_t id
Definition: hpke.c:64
SHA256_DIGEST_LENGTH
#define SHA256_DIGEST_LENGTH
Definition: sha.h:155
EVP_HPKE_KEY_zero
void EVP_HPKE_KEY_zero(EVP_HPKE_KEY *key)
Definition: hpke.c:229
EVP_R_INVALID_BUFFER_SIZE
#define EVP_R_INVALID_BUFFER_SIZE
Definition: evp_errors.h:97
hpke_nonce
static void hpke_nonce(const EVP_HPKE_CTX *ctx, uint8_t *out_nonce, size_t nonce_len)
Definition: hpke.c:525
HPKE_SUITE_ID_LEN
#define HPKE_SUITE_ID_LEN
Definition: hpke.c:346
EVP_MAX_MD_SIZE
#define EVP_MAX_MD_SIZE
Definition: digest.h:156
EVP_HPKE_CHACHA20_POLY1305
#define EVP_HPKE_CHACHA20_POLY1305
Definition: hpke.h:66
curve25519.h
evp_hpke_kem_st::encap_with_seed
int(* encap_with_seed)(const EVP_HPKE_KEM *kem, uint8_t *out_shared_secret, size_t *out_shared_secret_len, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc, const uint8_t *peer_public_key, size_t peer_public_key_len, const uint8_t *seed, size_t seed_len)
Definition: hpke.c:46
ok
bool ok
Definition: async_end2end_test.cc:197
EVP_HPKE_AEAD_aead
const EVP_AEAD * EVP_HPKE_AEAD_aead(const EVP_HPKE_AEAD *aead)
Definition: hpke.c:338
evp_hpke_kem_st::decap
int(* decap)(const EVP_HPKE_KEY *key, uint8_t *out_shared_secret, size_t *out_shared_secret_len, const uint8_t *enc, size_t enc_len)
Definition: hpke.c:52
EVP_aead_chacha20_poly1305
#define EVP_aead_chacha20_poly1305
Definition: boringssl_prefix_symbols.h:1694
EVP_HPKE_CTX_zero
void EVP_HPKE_CTX_zero(EVP_HPKE_CTX *ctx)
Definition: hpke.c:442
evp_hpke_kem_st::init_key
int(* init_key)(EVP_HPKE_KEY *key, const uint8_t *priv_key, size_t priv_key_len)
Definition: hpke.c:43
EVP_HPKE_CTX_new
EVP_HPKE_CTX * EVP_HPKE_CTX_new(void)
Definition: hpke.c:451
context
grpc::ClientContext context
Definition: istio_echo_server_lib.cc:61
CBB_len
#define CBB_len
Definition: boringssl_prefix_symbols.h:1049
EVP_HPKE_AEAD_id
uint16_t EVP_HPKE_AEAD_id(const EVP_HPKE_AEAD *aead)
Definition: hpke.c:336
hpke_labeled_extract
static int hpke_labeled_extract(const EVP_MD *hkdf_md, uint8_t *out_key, size_t *out_len, const uint8_t *salt, size_t salt_len, const uint8_t *suite_id, size_t suite_id_len, const char *label, const uint8_t *ikm, size_t ikm_len)
Definition: hpke.c:77
X25519_SHARED_KEY_LEN
#define X25519_SHARED_KEY_LEN
Definition: curve25519.h:38
EVP_HPKE_CTX_kdf
const EVP_HPKE_KDF * EVP_HPKE_CTX_kdf(const EVP_HPKE_CTX *ctx)
Definition: hpke.c:616
EVP_AEAD_key_length
#define EVP_AEAD_key_length
Definition: boringssl_prefix_symbols.h:1458
X25519_PUBLIC_VALUE_LEN
#define X25519_PUBLIC_VALUE_LEN
Definition: curve25519.h:37
add_label_string
static int add_label_string(CBB *cbb, const char *label)
Definition: hpke.c:73
EVP_aead_aes_128_gcm
const OPENSSL_EXPORT EVP_AEAD * EVP_aead_aes_128_gcm(void)
evp_hpke_kem_st::generate_key
int(* generate_key)(EVP_HPKE_KEY *key)
Definition: hpke.c:45
OPENSSL_free
#define OPENSSL_free
Definition: boringssl_prefix_symbols.h:1869
EVP_HPKE_CTX_max_overhead
size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *ctx)
Definition: hpke.c:607
x25519_generate_key
static int x25519_generate_key(EVP_HPKE_KEY *key)
Definition: hpke.c:147
evp_hpke_aead_st
Definition: hpke.c:63
CBB_init_fixed
#define CBB_init_fixed
Definition: boringssl_prefix_symbols.h:1048
EVP_hpke_aes_128_gcm
const EVP_HPKE_AEAD * EVP_hpke_aes_128_gcm(void)
Definition: hpke.c:318
i
uint64_t i
Definition: abseil-cpp/absl/container/btree_benchmark.cc:230
EVP_HPKE_CTX_aead
const EVP_HPKE_AEAD * EVP_HPKE_CTX_aead(const EVP_HPKE_CTX *ctx)
Definition: hpke.c:612
ERR_R_MALLOC_FAILURE
#define ERR_R_MALLOC_FAILURE
Definition: err.h:371
EVP_AEAD_max_overhead
#define EVP_AEAD_max_overhead
Definition: boringssl_prefix_symbols.h:1459
cbb_st
Definition: bytestring.h:375
HKDF_expand
#define HKDF_expand
Definition: boringssl_prefix_symbols.h:1781
X25519
#define X25519
Definition: boringssl_prefix_symbols.h:2209

grpc
Author(s):
autogenerated on Fri May 16 2025 02:59:01