Also adding a roadmap, a hacking guide for Java, and updating docs.

PiperOrigin-RevId: 193400792
GitOrigin-RevId: d78fbf17c2bd90240a411ed196cf430904347847

PiperOrigin-RevId: 193369732
GitOrigin-RevId: 25f4f629da47398feb31cb0c76cf9bffe6c4e024

PiperOrigin-RevId: 193368740
GitOrigin-RevId: 4779818fadc24653c6e7f05fd7fc555bffec83af

It seems that Java 7 doesn't allow converting from List<<anonymous SenderVerifyingKeysProvider>> to List<SenderVerifyingKeysProvider>.

PiperOrigin-RevId: 193312049
GitOrigin-RevId: 8d1f7068ce34f0ed638cede52ba7e258d3f3bfb4

PiperOrigin-RevId: 193307775
GitOrigin-RevId: 6487e1b655081da5031a828f97ec98d166852c05

PiperOrigin-RevId: 193259480
GitOrigin-RevId: e312eea2405c747e630040bfa29a0935e8982aef

Java rules should depend on java_proto_library rules instead.

The Blaze team is migrating Java users of proto_library to the new
java_proto_library rule.

Remove attribute in BUILD.bazel incorrectly added by migration script.

PiperOrigin-RevId: 193255568
GitOrigin-RevId: bf8ea1d7a0e114f7bb1802dbb96ef6342c43a126

PiperOrigin-RevId: 193252341
GitOrigin-RevId: a67ebc47a8eac8ebb61f1359b8dd4fd1c1667057

PiperOrigin-RevId: 193219796
GitOrigin-RevId: d1944bd1a2d691cde2f653ae4f0cbfbc5ebc22c7

Changes:
- Renamed all references of something_cc_proto to something_portable_proto.
- Added //cc/util/protobuf_helper which creates a namespace portable_port that maps to the correct namespace.
- Replaced all deps to //net/proto2/ with //cc/util:protobuf_helper.
- Replaced all instances of the proto2:: namespace with portable_proto::
- Deleted the line 'namespace util = crypto::tink::util' because it was conflicting with //util/task/status.h (a dependency of portable_proto_lib). Also, it wasn't really used in any of the files.

Notes:
- When adding a new proto you will need to whitelist it in proto/portable_tink_filter.asciipb
- For google3 (BUILD) we should use portable_proto_lib, for opensource (BUILD.bazel) we should use cc_proto_lib.
PiperOrigin-RevId: 193084414
GitOrigin-RevId: 266a0dbb7f66549655e521350b70b10d4a872286

Learn more at go/new-proto-library.

Created by:
$ blaze run java/com/google/devtools/build/newprotolibrary/migration/java:Main -- --addLangProtoLibraryForProtoLibraryCreatedByMacros=serving_proto_library --rpc_deadline=90 third_party/...

BEGIN_PUBLIC
Internal change
END_PUBLIC

PiperOrigin-RevId: 192981122
GitOrigin-RevId: eaab7225f05b9367e0d9f18c3b4bf4652627f826

PiperOrigin-RevId: 192841538
GitOrigin-RevId: fc764bfd75fad54812d2598b6edade53490e874a

Having to remove the MyPaymentMethodTokenRecipientKem class example because Javadoc refuses to process curly braces, see https://google.github.io/tink/javadoc/apps-paymentmethodtoken/HEAD-SNAPSHOT/.

PiperOrigin-RevId: 192699427
GitOrigin-RevId: 63bf2ea58f8258d93efe9d69d65e10fb7a9451f7

While I'm here, use the correct link for the Google Payment Method Token standard.

PiperOrigin-RevId: 192651210
GitOrigin-RevId: 404e51455339f629f1307a8e57383e824b134f71

This is needed to facilitate KEYS.KEYSET_LENGTH from go/googlesql_encryption.

PiperOrigin-RevId: 192582377
GitOrigin-RevId: 6fa9c27f603f64c77c8e80b29d2743fc4c1dc916

Also merging https://github.com/google/tink/pull/90.

PiperOrigin-RevId: 192578285
GitOrigin-RevId: 5a077676ee74a7169ad8d9a9f9ee71194d42a126

PiperOrigin-RevId: 192489159
GitOrigin-RevId: 6042f957432348f19bf18d1d9b9a91979b26118b

PiperOrigin-RevId: 192352507
GitOrigin-RevId: 952c79d482e63fed750e4f0d23805913af4214d1

Also, enabled the iOS tests.

PiperOrigin-RevId: 192352304
GitOrigin-RevId: e8ea4a22cac9b90861e6561c8c5f657253a85bb7

PiperOrigin-RevId: 192164449
GitOrigin-RevId: 8b8b91404d7190a1fa6a72c0cd830ac2537ca675

(please use HybridConfig instead)

PiperOrigin-RevId: 192157684
GitOrigin-RevId: cc40b033b7322381550d15fa32891a79ca3c94c1

PiperOrigin-RevId: 192095233
GitOrigin-RevId: ed6dad4588344e513cb2b122d71ddf5f5b34e2d4

Enforcing trusted keys have expiration in every protocol except ECv1.
Also removing @Alpha from ECv2

PiperOrigin-RevId: 191939383
GitOrigin-RevId: 6b5e05ee449115ba467338fb36f902b4fa225079

PiperOrigin-RevId: 191916150
GitOrigin-RevId: 2383d6305d0d4ca73c312c284bb9ea6d1c153e6f

This prevents accidentally leaking unpublished test vectors.

PiperOrigin-RevId: 191730673
GitOrigin-RevId: 25ef0af66bb4b2e7de1e6f31195d30f251e911e6

- Moved the hybrid tests into objc/Tests/.
- Will remove HybridEncryptConfig and HybridDecryptConfig in following CL.

PiperOrigin-RevId: 191649721
GitOrigin-RevId: cb5366b1b9265dce8b10e8ec506e56e53dd48081

PiperOrigin-RevId: 191628409
GitOrigin-RevId: 133207901a7eeea3973c966dd79cbc98a4c5348a

PiperOrigin-RevId: 191626448
GitOrigin-RevId: c23f095013755c09eae995b279db516d2f9020df

PiperOrigin-RevId: 191601554
GitOrigin-RevId: 5324666427957bae3092cd6a40de026cd9648131

PiperOrigin-RevId: 191599483
GitOrigin-RevId: 39ec450040e9804d27047f90cc8ddbb635ad8f57

1. As primitives are added to the set, the vector that holds
   primitives of a given prefix can be re-allocated, which
   invalidates references to Entry<P>-objects held by the vector and
   potentially results in invalid primary_ pointer.
   Changing vector<Entry<P>> to vector<std::unique_ptr<Entry<P>>>
   avoids this problem.

2. PrimitiveSet::AddPrimitive() should reject nullptr-primitives.

PiperOrigin-RevId: 191560158
GitOrigin-RevId: 3d3c135ca84d239a577dfb7497a0bc72a0a92478

- Added public APIs and dependencies to the ":objc" target.
- Removed redundant dependencies from existing rules.
- Marked all rules as private.

PiperOrigin-RevId: 191442665
GitOrigin-RevId: 6b4366394fe9f4f99c2b9c01c1814073fff16d96

Also making Ed25519Constants package-private.

PiperOrigin-RevId: 191311774
GitOrigin-RevId: 6491e2b52b690e8847215dc69d275bb134b126ad

The excluded tests are documented at https://github.com/google/tink/blob/master/doc/KNOWN-ISSUES.md.

Also reducing the iterations of some tests to make them run faster.

PiperOrigin-RevId: 191134067
GitOrigin-RevId: c87ec893094991ff8217bafe8a1c64b16cdb394f

PiperOrigin-RevId: 191120531
GitOrigin-RevId: 2d724585b1ee28ccae0fdb51241bfa1a0b4fc069

1/ Catching unchecked exceptions to not crash the JVM.

Wycheproof found that some Java security providers would throw unchecked exceptions when processing attacker-controlled input. To prevent DoS attacks, we'd catch these exceptions in Tink.

2/ Do not report errors if the shared secret is correct.

Android M and N ignore the public key parameters, thus we'd stop reporting errors in tests that modify parameters if the shared secret is still correct.

3/ Skipping CVE-2017-10176 test because it's not a severe issue.

PiperOrigin-RevId: 191113399
GitOrigin-RevId: b069f3af3f515b30b5cc1e2af791b226fb0635c5

If Keystore was disabled in the past and cleartext keyset written to storage, then Keystore is enabled, trying to decrypt the cleartext keyset immediately throws a security exception. The existing code assumes that decryption will succeed and generate "junk data", throwing an InvalidProtocolBufferException.

The fix, proposed by pkorth@, is to catch the exception that is actually thrown in this edge case, and fall back to reading the cleartext keyset as intended.

While I'm here, reformatting the code and ensuring that we don't throw unchecked exception when reading keysets from private preferences.

PiperOrigin-RevId: 191108969
GitOrigin-RevId: b3b53ef357ff326689dd92e906e931adc3ddd409

- Hybrid now holds an std::unique_ptr with the C++ object and frees it in the destructor. This is consistent with the other Obj-C classes.
- Removed the deprecated registerStandardKeyTypes and replaced it with the new Config model.
- Updated the tests and build files. In a following CL I will move the tests to the main BUILD file.

PiperOrigin-RevId: 191105535
GitOrigin-RevId: c52e1dfd6a9189bbc2b48aa6f17be82f74f16783

PiperOrigin-RevId: 191011474
GitOrigin-RevId: 2225b676b9bb680ae5dc6c7b6051636ab27b95e3