Javadoc of library X version Y is published to https://google.github.com/tink/javadoc/X/Y. For example, Javadoc of the Android flavor HEAD-SNAPSHOT is https://google.github.com/tink/javadoc/tink-android/HEAD-SNAPSHOT.

To do this automatically, I had to change a few things:

* Adding gen_maven_jar_rules, replacing jarjar with java_single_jar.

* Moving RewardedAds to apps/rewardedads/src. Somehow if it's in apps/rewardedads/java, Bazel/Blaze would include src/main/java in the package name and break our Maven rules.

PiperOrigin-RevId: 190494835
GitOrigin-RevId: ec42c3cdca9742526afb077ef8cedcc8da38f46a

PiperOrigin-RevId: 190494125
GitOrigin-RevId: 4e767c8dbc7927ee7f143d42c5eb7db6dc45ebae

PiperOrigin-RevId: 190491984
GitOrigin-RevId: b6d8e93340294224aedb03b1b9b7b8efce7cf31f

Cipher.updateAAD doesn't work on Android KitKat, so this is a workaround for users that don't need aad.

PiperOrigin-RevId: 190485577
GitOrigin-RevId: 06bc667c953acb3f48d953939ac6c422c4b23d74

This CL adds an utility called SenderIntermediateSigningKeySigner to
sign intermediateSigningKeys using a trusted long lived sender key.

PiperOrigin-RevId: 190280644
GitOrigin-RevId: b22215eb4c6c0aca04b45ea312a891647e7cd697

PiperOrigin-RevId: 190277149
GitOrigin-RevId: f098896cbbba5d1caf64c88b3edc2f38883d7b4d

Change-Id: If31098141acfe4de059bbea13de8e5d8410d7bd9
GitOrigin-RevId: 32e110659317b8d63f5dc4c080da419845b04498

Change-Id: I2969dd4daaa5d9aa97cb220321d92ac30f9cba52
GitOrigin-RevId: c653e1fcd9e830a717a19b903c6a438ffc458f28

Latest results: https://sponge.corp.google.com/invocation?id=70c9810c-aa56-4b4a-af1e-e4b3f57e49d0&searchFor=.

* All tests pass on Android Nugat (API level 24) and newer.

* All 49 failures on Android Marshall (API level 23) are because SeekableByteChannel is missing. This class is only present on 24 and newer.

* On Lollipop (API 21), there are 4 more failures in com.google.crypto.tink.integration.android because Android Keystore doesn't support AES-GCM.

* On KitKat (API 19), AES-GCM doesn't work because KitKat uses Bouncy Castle 1.48 which doesn't support updateAAD T_T.

PiperOrigin-RevId: 190222140
GitOrigin-RevId: 80e684ac3e8fc71203aae0fc30013202419900ab

These versions are known to work well with each other.

PiperOrigin-RevId: 190175841
GitOrigin-RevId: 93684984c4f26263c658c3bf47a578b17123dcfd

PiperOrigin-RevId: 190145488
GitOrigin-RevId: c7fa32c67bfd64cb0ab0d5aebe41ba31102cd4f4

PiperOrigin-RevId: 190145333
GitOrigin-RevId: c19eff90e84224eed7e0338cd86868aa59c58e14

PiperOrigin-RevId: 190137127
GitOrigin-RevId: cecaa3b03ef39d8d48b5d64c16826ca1bb9b3a6c

Removing XChaCha20 and XSalsa20 because the former is too new and the latter is unlikely to be useful.

PiperOrigin-RevId: 190090084
GitOrigin-RevId: f25d42fd99e1bc7c4aaeb3cdeae90ca06ae21a43

Instead of reading key templates from disk, Tinkey now accepts key templates whose name is declared in Tink.

To create a keyset containing an AES128_GCM key, run

tinkey create-keyset --key-template AES128_GCM

Also removing the CreateKeyTemplate command and adding ListKeyTemplates.

PiperOrigin-RevId: 190088937
GitOrigin-RevId: 199694ecd4af61e512ea86249e5f5c9ba6684411

There are some format changes:
- The field notes in the header is now a dictionary.
- Test vectors have a new field flags, that should document the
  test vectors better. Additionally it can be used to change
  tests easier (e.g. a test can define if it cares about signature
  malleability or not).
- There are more special cases (e.g. implementations for brainpool curves
  can use the group isomorphisms defined in the standard).

Bug fixes:
- Some ECDH test vectors were missing a shared value.
- Some ECDH test vectors where the public key has modifications in unused
  parameters are now acceptable, as long as the change does not modify the
  shared secret.

PiperOrigin-RevId: 189929126
GitOrigin-RevId: b3e2b1caee4ba33c3dc4fcc223402527479e7140

PiperOrigin-RevId: 189588058
GitOrigin-RevId: 6d4389461fe9c341236eb2e8f3a7b87b8daf1d8b

PiperOrigin-RevId: 189384278
GitOrigin-RevId: ac7742b291f7da5af39739f03be43a41d554e5aa

PiperOrigin-RevId: 189379168
GitOrigin-RevId: 2524f3b25fbaa08011b512a2730265435f48db37

This reverts commit e3fdeda0b53175cca97d0b99a2c3811f6bf90310.

This feature adds a lot of code, but it's unused and it's not very
flexible because it supports only one JSON format, but I found that users
might store their keys in many different formats (e.g., PEM, JWK, etc.).

Instead of using a single, universal reader that, by delegating to key
managers, can parse arbitrary key types, we should add a series of small
readers, each can parse a specific key type, only when there's a clear
demand for them.

Change-Id: I64171ab08ab3d90515227137ebc8bdce13d09032
PiperOrigin-RevId: 189351693
GitOrigin-RevId: 4663a01d8b0cce2e4ee736e8621070eb571e1ba5

More information: go/java-maxpermsize-lsc

Tested:
    tap_presubmit
    Some tests failed; test failures are believed to be unrelated to this CL
PiperOrigin-RevId: 189284097
GitOrigin-RevId: b3b190888f663eda9492087f23f9e716ec33dd8d

PiperOrigin-RevId: 188924105
GitOrigin-RevId: 8dd7b38c0319064bc7c15bcb5d4dabc20fa733d9

Apparently we forgot to include the Ed25519Constants class. Wonder if there's a test to make sure this won't happen again.

PiperOrigin-RevId: 188899185
GitOrigin-RevId: 7d9e8ab87479535cc2a9ad790f203b643c25685e

PiperOrigin-RevId: 188897046
GitOrigin-RevId: 3a11d6ae9f32a5be7883403d988b04d5d9265725

PiperOrigin-RevId: 188896063
GitOrigin-RevId: b22b69140fcbd623a84384680f8aa1085dceb9e2

PiperOrigin-RevId: 188894007
GitOrigin-RevId: 1becb954afa7968c1ee73c107a120f07d87a30c3

Copying all Wycheproof test vectors to testdata/wycheproof and adding a few C++ transformation rules.

This is to prepare for cr/188575891.

PiperOrigin-RevId: 188892942
GitOrigin-RevId: 136568e214b16060e5e9750800533e50ed6eebe4

PiperOrigin-RevId: 188804612
GitOrigin-RevId: f74c008ce89de81d4aaa167b653e3043a6e19375

GitOrigin-RevId: 48a60f8a0fe15972da91802eec0b622925424024

GitOrigin-RevId: e71672b99e3072128702ac0fa4b26e258bcf2d75

PiperOrigin-RevId: 188493600
GitOrigin-RevId: 8ba4c6070e54951199c8d32150f1dd990875ce31

PiperOrigin-RevId: 188463467
GitOrigin-RevId: 0fd2ab773808de613c52e8143092ced7de7b5b26

CL 187175172 did add test vectors sorted by hash function and EC group.
This allows to limit the tests to the parameters supported by tink.

PiperOrigin-RevId: 188457817
GitOrigin-RevId: d51c93c849ff67253f8ae98bdb1d6ce8d829d683

PiperOrigin-RevId: 188447637
GitOrigin-RevId: 81c40d3546f63ffc8e996da0b44e1141ab3daba9

PiperOrigin-RevId: 188377796
GitOrigin-RevId: 673bd60bff3312c7d9911a36a9438ba3bb4a9240

PiperOrigin-RevId: 187930665
Change-Id: I140a9e3de957540cd0c6b40cc6a0c93dd0123575
GitOrigin-RevId: 39ca3a385405482e7c942728584e6c1c057aa9d4

Next I'll add some test to detect these errors early.

Also using rules_go 0.10.1 instead of master.

Change-Id: Ib79cd5c1ff7a6bb65cf588ee705183746c2cb417
ORIGINAL_AUTHOR=Thai Duong <thaidn@google.com>
GitOrigin-RevId: b4ebcfbb4c99b01f21c330d1099ca230e4d4a46f

This makes migrating changes between GitHub and GoB easier.

The copybara script is being moved to Piper, and nobody is actually
using the other script.

Change-Id: I876e0ff90995e7d49fa97d57b86aee5d2e66b14a
ORIGINAL_AUTHOR=Thai Duong <thaidn@google.com>
GitOrigin-RevId: e8463a41307fa0e81a8334cad4708dcc5316ed80

This is neater than x.y.z-SNAPSHOT because we don't have to update
the POM files when we release new snapshots which are always built
from HEAD of the master branch.

Change-Id: I07ded75e3e837b03db077787791599291ca6d478
ORIGINAL_AUTHOR=Thai Duong <thaidn@google.com>
GitOrigin-RevId: 95e2fc58566c73d633eb180191b63b868d1c6804