4738fc3 | ambrosin | 05 April 2024, 13:06:30 UTC | Upgrade default tink-cc dep to 2.1.2 PiperOrigin-RevId: 622157786 | 05 April 2024, 13:07:47 UTC |
965edf9 | ioannanedelcu | 05 April 2024, 10:56:21 UTC | Avoid unnecessary copies of RestrictedData in proto serialization (since it's less performant) and use const references instead. PiperOrigin-RevId: 622133044 | 05 April 2024, 10:57:38 UTC |
17b1ce9 | ambrosin | 05 April 2024, 08:55:14 UTC | Bump version to 2.1.2 PiperOrigin-RevId: 622108863 | 05 April 2024, 08:56:40 UTC |
a954cf0 | ckl | 04 April 2024, 08:10:12 UTC | Use the EntriesInKeysetOrder field instead of building a local slice of all entries. PiperOrigin-RevId: 621771983 | 04 April 2024, 08:11:50 UTC |
e16626b | ambrosin | 04 April 2024, 05:20:06 UTC | Use Python 3.8 in macOS continuous tests PiperOrigin-RevId: 621735359 | 04 April 2024, 05:21:28 UTC |
da751cb | juerg | 03 April 2024, 19:31:59 UTC | Add more unit tests for Util.java. Also, fix some lint warnings. PiperOrigin-RevId: 621605961 | 03 April 2024, 19:33:27 UTC |
29fc855 | juerg | 03 April 2024, 15:59:52 UTC | Use OutputPrefixUtil in Legacy Primitives. PiperOrigin-RevId: 621539371 | 03 April 2024, 16:01:25 UTC |
5613f57 | ioannanedelcu | 03 April 2024, 13:56:04 UTC | Remove redundant comments regarding OSS string conversion. PiperOrigin-RevId: 621508890 | 03 April 2024, 13:57:29 UTC |
c0c1296 | juerg | 03 April 2024, 13:28:59 UTC | Resolve old TODO for Bytes.intToByteArray and Bytes.byteArrayToInt. Add validation for capacity and length: - Reject capacity/length larger than 4 or smaller than 0. Such inputs give weird outputs that were not intended. - Reject negative values. - Reject if the value is too large for capacity. Also, add tests. PiperOrigin-RevId: 621503672 | 03 April 2024, 13:30:12 UTC |
7bd546a | ambrosin | 03 April 2024, 13:03:33 UTC | Rollback protobuf upgrade PiperOrigin-RevId: 621497993 | 03 April 2024, 13:04:41 UTC |
775a9e6 | Tink Team | 03 April 2024, 12:19:25 UTC | Add `load()` statements for the builtin Bazel java rules Loads are being added in preparation for moving the rules out of Bazel and into `rules_java`. PiperOrigin-RevId: 621489359 | 03 April 2024, 12:21:11 UTC |
c7e4795 | juerg | 03 April 2024, 12:17:56 UTC | Validate that parsed string is a JSON Object. Without this, parsing may crash if the input is a valid JSON value, but not a JSON Object. PiperOrigin-RevId: 621489078 | 03 April 2024, 12:19:38 UTC |
6e5d0ea | Tink Team | 03 April 2024, 08:56:38 UTC | Automated Code Change PiperOrigin-RevId: 621446837 | 03 April 2024, 08:57:58 UTC |
d7460c2 | ckl | 02 April 2024, 16:00:10 UTC | Remove trailing ASCII art from license headers. PiperOrigin-RevId: 621195332 | 02 April 2024, 16:01:24 UTC |
5fcc6a9 | ambrosin | 02 April 2024, 15:01:51 UTC | Bump urllib3 from 1.26.16 to 1.26.18 in /python COPYBARA_INTEGRATE_REVIEW=https://github.com/google/tink/pull/732 from tink-crypto:dependabot/pip/python/urllib3-1.26.18 c8dab7dd0f27f72cfa41d375b42afc0378981df5 PiperOrigin-RevId: 621174584 | 02 April 2024, 15:04:30 UTC |
f28d315 | ambrosin | 02 April 2024, 15:01:38 UTC | Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 in /go COPYBARA_INTEGRATE_REVIEW=https://github.com/google/tink/pull/733 from tink-crypto:dependabot/go_modules/go/google.golang.org/protobuf-1.33.0 556d865bfd4d063047380dc675efeac5c939382e PiperOrigin-RevId: 621174536 | 02 April 2024, 15:02:57 UTC |
9fa6df7 | juerg | 02 April 2024, 11:46:12 UTC | Remove EcdsaProtoTest.java. This test is not really needed. That this proto works is tested implicitly by other tests. PiperOrigin-RevId: 621133610 | 02 April 2024, 11:47:37 UTC |
86b6a21 | Tink Team | 02 April 2024, 07:27:39 UTC | Automated Code Change PiperOrigin-RevId: 621077529 | 02 April 2024, 07:28:49 UTC |
40510c4 | juerg | 28 March 2024, 20:49:44 UTC | Use parametrized tests in JwkSetConverterTest.java. Also, remove debugging output. PiperOrigin-RevId: 620046474 | 28 March 2024, 20:51:35 UTC |
0fdbac7 | juerg | 28 March 2024, 20:30:17 UTC | Add validation to HpkeUtil.intToByteArray. - The algorithm implementation used here doesn't work for capacity larger than 4, so we shouldn't allow this. - The algorithm definition, see https://www.rfc-editor.org/rfc/rfc3447.html#section-4.1, requires that 0 <= value < 256^capacity. And add unit tests. PiperOrigin-RevId: 620041132 | 28 March 2024, 20:32:08 UTC |
6f0527e | juerg | 26 March 2024, 17:03:58 UTC | Add TINK output prefix to LegacyKmsEnvelopeAeadKey. PiperOrigin-RevId: 619226820 | 26 March 2024, 17:05:26 UTC |
50bd2bc | juerg | 26 March 2024, 09:34:34 UTC | Simplify KmsEnvelopeAeadKeyManager.create. PiperOrigin-RevId: 619119161 | 26 March 2024, 09:35:50 UTC |
323eb28 | Tink Team | 26 March 2024, 08:18:45 UTC | Remove unused build dependency PiperOrigin-RevId: 619101876 | 26 March 2024, 08:20:04 UTC |
67ac23e | juerg | 26 March 2024, 08:01:23 UTC | Test error message from the release notes. PiperOrigin-RevId: 619097736 | 26 March 2024, 08:02:56 UTC |
2c7867a | juerg | 25 March 2024, 16:10:31 UTC | Also test signatures and JWT signatures in LateRegistrationTest. PiperOrigin-RevId: 618861360 | 25 March 2024, 16:12:00 UTC |
3e72fd7 | Tink Team | 25 March 2024, 11:54:38 UTC | Avoid copying `RestrictedData` objects during parsing. PiperOrigin-RevId: 618803899 | 25 March 2024, 11:55:52 UTC |
36f24af | juerg | 25 March 2024, 11:09:32 UTC | Use OutputPrefixUtil in keys to create the prefix. PiperOrigin-RevId: 618795733 | 25 March 2024, 11:10:34 UTC |
b4ade8c | juerg | 25 March 2024, 09:33:14 UTC | Add TINK output prefix to KmsAeadKey. PiperOrigin-RevId: 618775859 | 25 March 2024, 09:34:39 UTC |
d8c6c64 | juerg | 25 March 2024, 08:29:55 UTC | Remove TODO in ConfigurationV0. We've decided that Configurations in different languages may support slightly different set of algorithms. So there is no need for this Todo anymore. PiperOrigin-RevId: 618762732 | 25 March 2024, 08:31:24 UTC |
3eb497d | juerg | 25 March 2024, 07:52:11 UTC | Inline getFullPrimitiveOrNull, and pass exception. PiperOrigin-RevId: 618754808 | 25 March 2024, 07:53:30 UTC |
25cdeb9 | wconner | 22 March 2024, 15:36:02 UTC | Register ECIES proto serialization. PiperOrigin-RevId: 618187936 | 22 March 2024, 15:37:26 UTC |
cce2bed | Tink Team | 21 March 2024, 16:52:25 UTC | Remove obsolete `output_to_genfiles = True`. PiperOrigin-RevId: 617875936 | 21 March 2024, 16:54:10 UTC |
d0cbee5 | juerg | 21 March 2024, 16:32:39 UTC | Add tests where "register" is called late. This should work for non-JWT primitives. But it doesn't work for JWT. We check that the error message has a link to the relevant URL. PiperOrigin-RevId: 617869598 | 21 March 2024, 16:34:05 UTC |
a833677 | juerg | 21 March 2024, 16:02:05 UTC | Add internal OutputPrefixUtil class. This will help us to remove some code duplication. PiperOrigin-RevId: 617860031 | 21 March 2024, 16:03:46 UTC |
a812208 | wconner | 21 March 2024, 12:32:16 UTC | Update ECIES proto serialization. PiperOrigin-RevId: 617811982 | 21 March 2024, 12:33:27 UTC |
176159b | juerg | 20 March 2024, 20:17:54 UTC | Add another create function to LegacyFullAead. Also, simplify the implementation a bit, and add an additional check for the size of the output prefix. This will be needed to support TINK output prefix in LegacyKmsaAeadKey. PiperOrigin-RevId: 617606175 | 20 March 2024, 20:19:26 UTC |
d297256 | tholenst | 20 March 2024, 16:29:17 UTC | Update the link to registration_errors. PiperOrigin-RevId: 617538189 | 20 March 2024, 16:30:52 UTC |
9af7e53 | lizatretyakova | 20 March 2024, 14:59:18 UTC | Introduce ConfigurationsV0. PiperOrigin-RevId: 617513667 | 20 March 2024, 15:00:49 UTC |
761677c | lizatretyakova | 20 March 2024, 14:07:26 UTC | Move ChaCha20Poly1305ProtoSerialization into internal/ and make it public for the use in test for future ConfigurationV0. PiperOrigin-RevId: 617501847 | 20 March 2024, 14:08:26 UTC |
f6df6e0 | tholenst | 20 March 2024, 12:56:46 UTC | Change the JwtMac key manager to not work for creating primitives. This disables getPrimitive(JwtMac.class) for this key manager. This cannot work properly since the key manager doesn't have the ID when this is called. I *think* this should not change any behavior but it seems safer for sure. PiperOrigin-RevId: 617486683 | 20 March 2024, 12:58:25 UTC |
bf518d1 | ambrosin | 19 March 2024, 14:01:14 UTC | Use Go 1.21 Go 1.22 was released, so 1.21 is now the oldest supported version. PiperOrigin-RevId: 617159143 | 19 March 2024, 14:02:35 UTC |
8d51f22 | juerg | 19 March 2024, 09:16:20 UTC | Don't export key from subtle primitives. Some primitives in tink-go subtle export a field "Key". This is not intentional, and should not be used. Using this might be a bug. So it is better to remove it directly. PiperOrigin-RevId: 617098822 | 19 March 2024, 09:17:19 UTC |
cf800b6 | juerg | 19 March 2024, 07:53:20 UTC | Replace interface{} with any. "any" was introduced in go version 1.18. It is an alias of "interface{}": https://tip.golang.org/doc/go1.18 PiperOrigin-RevId: 617082326 | 19 March 2024, 07:55:06 UTC |
ea6f5f9 | juerg | 18 March 2024, 15:23:08 UTC | Update golang github link for protos. PiperOrigin-RevId: 616834349 | 18 March 2024, 15:24:10 UTC |
95e12f9 | juerg | 18 March 2024, 13:55:20 UTC | Test that NewKeyData returns an object for which registry.PrimitiveFromKeyData returns the expected primitive. PiperOrigin-RevId: 616813710 | 18 March 2024, 13:56:36 UTC |
1e5f815 | juerg | 18 March 2024, 09:30:15 UTC | Remove deprecation annotation for KMS client registration. There are some valid use-cases for which we currently don't have a replacement. So it is better to wait with deprecation until we have a replacement. Also, update the documentation for these functions. PiperOrigin-RevId: 616759308 | 18 March 2024, 09:32:22 UTC |
b1b47fa | metemad | 15 March 2024, 16:45:35 UTC | feat: Support the Cloud KMS AsymmetricSign feature. PiperOrigin-RevId: 616158966 | 15 March 2024, 16:46:57 UTC |
01b6a0c | Tink Team | 15 March 2024, 09:45:12 UTC | Automated Code Change PiperOrigin-RevId: 616063986 | 15 March 2024, 09:46:24 UTC |
4aed36b | ckl | 15 March 2024, 09:24:39 UTC | Remove key material from error messages. PiperOrigin-RevId: 616060223 | 15 March 2024, 09:25:48 UTC |
03b6a6f | juerg | 15 March 2024, 08:27:02 UTC | Refactor hmac_key_manager_test. - inline validateHMACPrimitive and validateHMACKey. - The test for getPrimitive should not test that the primitive is a subtleMac.HMAC. - instead of creating a subtle MAC primitive in validateHMACKey, it is better to use the registry to get the primitive from keyData. - in NewKey, we can remove the test for creating a primitive, because it is indirectly tested with NewKeyData. PiperOrigin-RevId: 616048412 | 15 March 2024, 08:29:06 UTC |
3619fe8 | juerg | 14 March 2024, 15:33:43 UTC | Don't use randbytes. This is not supported in older Python version. PiperOrigin-RevId: 615789200 | 14 March 2024, 15:35:14 UTC |
ac63fc7 | juerg | 14 March 2024, 14:35:15 UTC | Let hcvault integration tests in Python use correct base64 encoding. PiperOrigin-RevId: 615772708 | 14 March 2024, 14:37:14 UTC |
8cc6d59 | juerg | 14 March 2024, 09:34:07 UTC | Use normal base64 encoding, and not URL safe. Also, use a random plaintext, that will also test this. PiperOrigin-RevId: 615705456 | 14 March 2024, 09:35:22 UTC |
9436b62 | juerg | 14 March 2024, 07:30:27 UTC | Remove leading zero in RSA public keys in JWK set conversion. The "n" value is currently encoded as minimal two's complement encoding, which may have a leading zero. But the standard doesn't allow this, it should always use the unsigned minimal encoding: https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.1.1 PiperOrigin-RevId: 615679568 | 14 March 2024, 07:31:52 UTC |
43c17d4 | juerg | 13 March 2024, 14:54:11 UTC | Add Benchmark tests for PRFs in Golang. BenchmarkComputePRF/HMAC_SHA256_PRF_16-8 285105 3884 ns/op 528 B/op 5 allocs/op BenchmarkComputePRF/HMAC_SHA256_PRF_16k-8 19966 59463 ns/op 528 B/op 5 allocs/op BenchmarkComputePRF/HMAC_SHA512_PRF_16-8 256862 4397 ns/op 768 B/op 5 allocs/op BenchmarkComputePRF/HMAC_SHA512_PRF_16k-8 28039 42464 ns/op 768 B/op 5 allocs/op BenchmarkComputePRF/HKDF_SHA256_16-8 133785 8502 ns/op 1361 B/op 15 allocs/op BenchmarkComputePRF/HKDF_SHA256_16k-8 18424 65048 ns/op 1361 B/op 15 allocs/op BenchmarkComputePRF/AES_CMAC_PRF_16-8 3682260 323.0 ns/op 48 B/op 3 allocs/op BenchmarkComputePRF/AES_CMAC_PRF_16k-8 10000 114050 ns/op 48 B/op 3 allocs/op PiperOrigin-RevId: 615416650 | 13 March 2024, 14:55:35 UTC |
cebe5e7 | ambrosin | 13 March 2024, 11:22:19 UTC | Add missing gRPC deps Also upgrade protobuf to 25.3 in java_src/ PiperOrigin-RevId: 615364375 | 13 March 2024, 11:23:36 UTC |
be58924 | lizatretyakova | 12 March 2024, 13:18:54 UTC | Move Ed25519ProtoSerialization and AesCtrHmacStreamingProtoSerialization into internal/ and make it public for the use in test for future ConfigurationV0. PiperOrigin-RevId: 615017125 | 12 March 2024, 13:20:04 UTC |
64453ab | lizatretyakova | 12 March 2024, 12:21:59 UTC | Move EciesProtoSerialization, AesCmacPrfSerialization, and HkdfPrfProtoSerialization into internal/ and make it public for the use in test for future ConfigurationV0. PiperOrigin-RevId: 615002990 | 12 March 2024, 12:23:00 UTC |
07f5f10 | lizatretyakova | 12 March 2024, 11:05:42 UTC | Move AesCmacProtoSerialization, AesAexProtoSerialization, and AesGcmSivProtoSerialization into internal/ and make it public for the use in test for future ConfigurationV0. PiperOrigin-RevId: 614986566 | 12 March 2024, 11:06:52 UTC |
ceb21e3 | wiktorg | 12 March 2024, 10:38:11 UTC | Add CallWithCoreDumpProtection to AES EAX PiperOrigin-RevId: 614980255 | 12 March 2024, 10:39:19 UTC |
389172e | lizatretyakova | 12 March 2024, 10:10:46 UTC | Add a method for registering HybridEncrypt/DecryptWrapper to a PrimitiveRegistry. The added method is not public (despite the access modifier) because it takes an argument of an internal type. PiperOrigin-RevId: 614973770 | 12 March 2024, 10:11:50 UTC |
1532e6b | lizatretyakova | 12 March 2024, 08:48:31 UTC | Add a method for registering DeterministicWrapper to a PrimitiveRegistry. The added method is not public (despite the access modifier) because it takes an argument of an internal type. PiperOrigin-RevId: 614955204 | 12 March 2024, 08:49:32 UTC |
92fe79a | juerg | 12 March 2024, 08:43:49 UTC | Internal change. PiperOrigin-RevId: 614954203 | 12 March 2024, 08:45:19 UTC |
d0fc5d3 | juerg | 11 March 2024, 19:51:28 UTC | Add Benchmark tests for Hybrid Encryption in Golang. It tests encrypting and decrypting 1k data with different algorithms. It also adds tests for algorithms that are supported but don't have templates: - curve P-384 and curve P-521. - AES-SIV as DEK. Output on a Xeon CPU: BenchmarkEncrypt/HPKE_X25519_AES128GCM-8 6207 195023 ns/op 12713 B/op 89 allocs/op BenchmarkEncrypt/HPKE_X25519_Chacha20Poly1305-8 6316 190371 ns/op 9384 B/op 78 allocs/op BenchmarkEncrypt/ECIES_P256_AES128GCM-8 9159 128020 ns/op 8368 B/op 63 allocs/op BenchmarkEncrypt/ECIES_P256_AES128CTRHMAC-8 8188 143934 ns/op 11744 B/op 83 allocs/op BenchmarkEncrypt/ECIES_P384_AES128GCM-8 1159 1035242 ns/op 9896 B/op 78 allocs/op BenchmarkEncrypt/ECIES_P521_AES128GCM-8 379 3344359 ns/op 11410 B/op 79 allocs/op BenchmarkEncrypt/ECIES_P256_AESSIV-8 8876 140409 ns/op 8784 B/op 75 allocs/op BenchmarkDecrypt/HPKE_X25519_AES128GCM-8 6236 193576 ns/op 10376 B/op 86 allocs/op BenchmarkDecrypt/HPKE_X25519_Chacha20Poly1305-8 6615 188628 ns/op 6920 B/op 75 allocs/op BenchmarkDecrypt/ECIES_P256_AES128GCM-8 10000 109699 ns/op 8848 B/op 61 allocs/op BenchmarkDecrypt/ECIES_P256_AES128CTRHMAC-8 10000 118861 ns/op 8392 B/op 72 allocs/op BenchmarkDecrypt/ECIES_P384_AES128GCM-8 1494 802661 ns/op 10048 B/op 73 allocs/op BenchmarkDecrypt/ECIES_P521_AES128GCM-8 478 2513675 ns/op 11040 B/op 73 allocs/op BenchmarkDecrypt/ECIES_P256_AESSIV-8 10000 116103 ns/op 6984 B/op 66 allocs/op PiperOrigin-RevId: 614762423 | 11 March 2024, 19:53:06 UTC |
239cf37 | juerg | 11 March 2024, 10:37:41 UTC | Add test for non-standard use-case of KMS Envelope Keys. In https://github.com/tink-crypto/tink-go/issues/10 it was mentioned that KMS Envelope Keys can and are used with a TINK prefix. Add this test to make sure that we don't accidentally break this. PiperOrigin-RevId: 614604104 | 11 March 2024, 10:39:04 UTC |
64ea420 | juerg | 11 March 2024, 09:27:11 UTC | Add Benchmark tests for signatures in Golang. Because the performance of signing and verifying can differ a lot, we keep the separate. Output on a Xeon CPU: BenchmarkSign/RSA_SSA_PKCS1_3072-8 484 2423003 ns/op 980 B/op 5 allocs/op BenchmarkSign/RSA_SSA_PSS_3072-8 500 2758965 ns/op 984 B/op 5 allocs/op BenchmarkSign/RSA_SSA_PKCS1_4096-8 223 5363075 ns/op 1444 B/op 5 allocs/op BenchmarkSign/RSA_SSA_PSS_4096-8 224 5276641 ns/op 1448 B/op 5 allocs/op BenchmarkSign/ECDSA_P256-8 13022 92094 ns/op 1131 B/op 30 allocs/op BenchmarkSign/ECDSA_P384-8 1501 812957 ns/op 1456 B/op 30 allocs/op BenchmarkSign/ECDSA_P521-8 579 1953952 ns/op 1657 B/op 29 allocs/op BenchmarkSign/ED25519-8 10000 114443 ns/op 944 B/op 8 allocs/op BenchmarkVerify/RSA_SSA_PKCS1_3072-8 10000 100497 ns/op 176 B/op 2 allocs/op BenchmarkVerify/RSA_SSA_PSS_3072-8 10000 105632 ns/op 176 B/op 2 allocs/op BenchmarkVerify/RSA_SSA_PKCS1_4096-8 10000 117100 ns/op 352 B/op 2 allocs/op BenchmarkVerify/RSA_SSA_PSS_4096-8 8594 117292 ns/op 353 B/op 2 allocs/op BenchmarkVerify/ECDSA_P256-8 8449 145441 ns/op 1606 B/op 47 allocs/op BenchmarkVerify/ECDSA_P384-8 1322 832999 ns/op 1876 B/op 45 allocs/op BenchmarkVerify/ECDSA_P521-8 594 2046539 ns/op 2150 B/op 46 allocs/op BenchmarkVerify/ED25519-8 9547 127274 ns/op 352 B/op 2 allocs/op PiperOrigin-RevId: 614587834 | 11 March 2024, 09:29:15 UTC |
7b250e0 | lizatretyakova | 11 March 2024, 08:21:52 UTC | Add a method for registering StreamingAeadWrapper to a PrimitiveRegistry. The added method is not public (despite the access modifier) because it takes an argument of an internal type. PiperOrigin-RevId: 614572918 | 11 March 2024, 08:23:11 UTC |
69dc909 | ckl | 11 March 2024, 07:38:20 UTC | Collect memory stats during AEAD benchmarks. PiperOrigin-RevId: 614563652 | 11 March 2024, 07:39:40 UTC |
018ea5d | wconner | 08 March 2024, 17:10:11 UTC | Remove obsolete comments about string conversions. PiperOrigin-RevId: 613953534 | 08 March 2024, 17:11:31 UTC |
54ed6c9 | juerg | 08 March 2024, 17:00:16 UTC | Add Benchmark tests for AEAD in Golang. It tests encrypting and decrypting 16k data with different AEAD primitives. Output on a Xeon CPU: BenchmarkEncryptDecrypt/AES128_GCM-8 23367 53415 ns/op BenchmarkEncryptDecrypt/AES256_GCM-8 21590 53626 ns/op BenchmarkEncryptDecrypt/CHACHA20_POLY1305-8 27309 43254 ns/op BenchmarkEncryptDecrypt/XCHACHA20_POLY1305-8 27746 47047 ns/op BenchmarkEncryptDecrypt/AES128_CTR_HMAC-8 6621 188172 ns/op BenchmarkEncryptDecrypt/AES256_CTR_HMAC-8 6144 180011 ns/op BenchmarkEncryptDecrypt/AES128_GCM_SIV-8 2434 484267 ns/op BenchmarkEncryptDecrypt/AES256_GCM_SIV-8 2368 494740 ns/op PiperOrigin-RevId: 613950607 | 08 March 2024, 17:01:38 UTC |
997c03e | Tink Team | 08 March 2024, 08:23:19 UTC | Automated Code Change PiperOrigin-RevId: 613839541 | 08 March 2024, 08:24:24 UTC |
4d71215 | Tink Team | 08 March 2024, 08:19:57 UTC | Automated Code Change PiperOrigin-RevId: 613838910 | 08 March 2024, 08:21:21 UTC |
b6c2f2c | Tink Team | 08 March 2024, 08:17:27 UTC | Automated Code Change PiperOrigin-RevId: 613838468 | 08 March 2024, 08:18:35 UTC |
a03e4e6 | Tink Team | 08 March 2024, 08:16:01 UTC | Automated Code Change PiperOrigin-RevId: 613838177 | 08 March 2024, 08:17:20 UTC |
a33e171 | wconner | 07 March 2024, 18:12:53 UTC | Revert tink-cc abseil dependency to 20230802.1. PiperOrigin-RevId: 613623684 | 07 March 2024, 18:14:13 UTC |
cb1fef3 | lizatretyakova | 07 March 2024, 16:37:13 UTC | Add @InlineMe annotation to `KeysetHandle::getPrimitive(targetClassObject)` switching it onto using Configurations (defaulting to RegistryConfiguration). PiperOrigin-RevId: 613595364 | 07 March 2024, 16:38:33 UTC |
2dac9d4 | ioannanedelcu | 07 March 2024, 15:23:49 UTC | Remove redundant comments. PiperOrigin-RevId: 613576368 | 07 March 2024, 15:25:07 UTC |
e2953c5 | wconner | 07 March 2024, 14:58:54 UTC | Remove usage of absl::NoDestructor. PiperOrigin-RevId: 613570473 | 07 March 2024, 15:00:20 UTC |
cd699f0 | Tink Team | 07 March 2024, 12:54:09 UTC | Automated Code Change PiperOrigin-RevId: 613543730 | 07 March 2024, 12:55:12 UTC |
60e5e33 | wiktorg | 06 March 2024, 15:03:07 UTC | Add a default ctor and explicitly mark `KeysetHandle` as copyable and movable PiperOrigin-RevId: 613202083 | 06 March 2024, 15:04:13 UTC |
3b28c12 | juerg | 06 March 2024, 12:59:06 UTC | Add link to FIPS 140-2. PiperOrigin-RevId: 613172804 | 06 March 2024, 13:00:39 UTC |
fbf7d04 | lizatretyakova | 06 March 2024, 12:55:17 UTC | Switch `KeysetHandle::getPrimitive(class)` onto using the public API `RegistryConfiguration.get()`. PiperOrigin-RevId: 613171989 | 06 March 2024, 12:56:28 UTC |
6b9ac32 | lizatretyakova | 06 March 2024, 12:15:42 UTC | Create a publicly accessible RegistryConfiguration.get(). PiperOrigin-RevId: 613163976 | 06 March 2024, 12:16:56 UTC |
f4cb0ff | juerg | 06 March 2024, 08:23:31 UTC | Always use the same global lock in AndroidKeystoreKmsClient when android keystore is used. This fixes a race-condition in AndroidKeystoreKmsClient. But we don't expect there to be many users affected by this, because there is no good reason to call "deleteKey" concurrently with "getOrGenerateNewAeadKey". PiperOrigin-RevId: 613110068 | 06 March 2024, 08:24:50 UTC |
c5b8934 | juerg | 05 March 2024, 17:14:02 UTC | Remove KeyStore variable from AndroidKeystoreKmsClient objects. Instead, we simply create it when needed. Also, remove now unused test-only constructor from AndroidKeystoreAesGcm. PiperOrigin-RevId: 612864780 | 05 March 2024, 17:15:30 UTC |
1f70e8b | wconner | 05 March 2024, 16:01:07 UTC | Add support for AES-CTR-HMAC DEMs to Tink ECIES parameters. PiperOrigin-RevId: 612843157 | 05 March 2024, 16:02:30 UTC |
0ef1834 | juerg | 05 March 2024, 15:59:42 UTC | Make generateNewAesGcmKeyWithoutExistenceCheck private. And remove it from tests. PiperOrigin-RevId: 612842627 | 05 March 2024, 16:01:01 UTC |
17a4fdc | juerg | 05 March 2024, 13:55:37 UTC | Remove AndroidKeystoreKmsClient.setKeyStore from public API. This function is marked for testing only, and was used to inject a fake KeyStore instance. But it doesn't work as expected, because AndroidKeystoreKmsClient.hasKey may overwrite this with a real KeyStore instance. And the static functions always use the real KeyStore. I think this is confusing and it's better to completely remove this method. If you need to test your code with a fake KeyStore instance, it is preferable to inject fake security provider using Security.addProvider, see FakeAndroidKeystoreProvider.java as an example for such a fake security provider. PiperOrigin-RevId: 612810146 | 05 March 2024, 13:57:02 UTC |
100d3c5 | Tink Team | 05 March 2024, 09:19:17 UTC | Automated Code Change PiperOrigin-RevId: 612745098 | 05 March 2024, 09:20:17 UTC |
57b0980 | wconner | 04 March 2024, 14:09:26 UTC | Add support for XChaCha20-Poly1305 DEM to Tink ECIES parameters. PiperOrigin-RevId: 612423050 | 04 March 2024, 14:10:41 UTC |
dc1d658 | juerg | 04 March 2024, 11:30:12 UTC | Use MutableKeyCreationRegistry instead of deprecated Registry.newKeyData to create keys. This avoids an unnecessary conversion to and from proto keys. Key created using the KeyManager interface are stored in the KeysetHandle with LegacyProtoKey objects, and their parameters are handled by LegacyProtoParameters. To make key creation work for them, we need to add a key creator for LegacyProtoParameters and LegacyProtoKey. PiperOrigin-RevId: 612386967 | 04 March 2024, 11:31:31 UTC |
cb5b6cc | ioannanedelcu | 01 March 2024, 11:11:14 UTC | Resgster ECDSA proto serialization to signature config. PiperOrigin-RevId: 611758870 | 01 March 2024, 11:12:36 UTC |
4b500c9 | ckl | 01 March 2024, 01:09:03 UTC | Clean up usage of hash.Hash interface. Check for nil value of the exported HMAC.HashFunc field. PiperOrigin-RevId: 611642993 | 01 March 2024, 01:10:14 UTC |
489cf07 | juerg | 29 February 2024, 20:03:10 UTC | Check for FIPS compatibility at beginning of non-FIPS compatible key manager registrations. This makes sure that nothing gets registered if Tink is used in FIPS mode. This change also allows us to use KeyManagerRegistry instead of the Registry, which makes the code more similar to how this is implemented for FIPS-compatible algorithms. PiperOrigin-RevId: 611550940 | 29 February 2024, 20:04:28 UTC |
218131d | juerg | 29 February 2024, 15:53:18 UTC | Remove some outdated TODOs. There is no plan for a version "2.0", and it is also not clear that these would be removed when a major version is increased. So it is better to remove these TODOs. PiperOrigin-RevId: 611470474 | 29 February 2024, 15:54:21 UTC |
3aa47fc | juerg | 29 February 2024, 14:44:19 UTC | Check for FIPS compatibility at beginning of AES EAX key manager registration. This makes sure that nothing of AES EAX gets registered if Tink is used in FIPS mode. This change also allows us to use KeyManagerRegistry instead of the Registry, which makes the code more similar to how this is implemented for FIPS-compatible algorithms. PiperOrigin-RevId: 611453521 | 29 February 2024, 14:45:28 UTC |
4a877a5 | juerg | 29 February 2024, 14:19:06 UTC | Keep GeneralSecurityException if registration goes wrong. This was recently changed to a TinkBugException, but it is better to keep GeneralSecurityException as it is not always a Bug in Tink if this throws an exception: for example, if a user registers their own key manager for a tink type URL, then this may throw an exception. registerKeyManagerWithFipsCompatibility should not change the state of the registry if it throws an error. Also, fix linter error by adding a check that idRequirement is not null. PiperOrigin-RevId: 611448191 | 29 February 2024, 14:19:57 UTC |
505936b | juerg | 29 February 2024, 13:47:15 UTC | Add tests for state of KeyManagerRegistry after failed registration. And remove comment that the state is unspecified. PiperOrigin-RevId: 611441492 | 29 February 2024, 13:48:19 UTC |
8a3ce91 | juerg | 29 February 2024, 10:24:23 UTC | Check for FIPS compatibility at beginning of FIPS-compatible key manager registration. This makes sure that nothing gets registered if Tink is used in FIPS mode but the FIPS module is not available. PiperOrigin-RevId: 611396814 | 29 February 2024, 10:25:47 UTC |
c40c2bc | juerg | 29 February 2024, 08:38:16 UTC | Check for FIPS compatibility at beginning of JWT HMAC key manager registration. This makes sure that nothing gets registered if Tink is used in FIPS mode but the FIPS module is not available. Also, the documentation of registerKeyManagerWithFipsCompatibility says that if it fails, then "the KeyManagerRegistry is in an unspecified state and should be discarded." But since we are calling it on a global instance that can't be discarded, we need to make sure that the call doesn't fail. And if it does fail, we need to throw a runtime exception as this shouldn't happen. PiperOrigin-RevId: 611373559 | 29 February 2024, 08:39:11 UTC |