Commits · a0a8f5309397033b20645a2714309f867651dbf2 · fuchsia-mirror / fuchsia.googlesource.com-third_party-tink

Jul 20, 2018

Add support for Crunchy's x || y point encoding. · a0a8f530

Thai Duong authored 6 years ago

Crunchy uses this format for ephemeral points in hybrid encryption.

PiperOrigin-RevId: 205294945
GitOrigin-RevId: 8e670c4bef2084717a8d149a646b4e4a3c790a0b

a0a8f530

Add transformation between IEEE_P1363 encoding and DER encoding to EllipticCurves · 46b0cddc
Quan Nguyen authored 6 years ago
```
PiperOrigin-RevId: 205230447
GitOrigin-RevId: 1dbfa6a5013fd35f356bd6f795801713de0dce61
```
46b0cddc
Adding support for InputStream and OutputStream to streaming encryption. · 8a48e968
Daniel Bleichenbacher authored 6 years ago
```
PiperOrigin-RevId: 205223825
GitOrigin-RevId: 5f0cda50bf3291e9ccef132729bb3e7a5400557b
```
8a48e968
Removing a check that causes a deadlock in Registry. · 6c8e4170
Bartosz Przydatek authored 6 years ago
```
PiperOrigin-RevId: 205110275
GitOrigin-RevId: ea401a11f7712928b5b997e160ca37c47e640995
```
6c8e4170

Adding generation of new keys to C++ EciesAeadHkdf hybrid encryption. · 13c08293

Bartosz Przydatek authored 6 years ago

Extending validation of key/format parameters.

PiperOrigin-RevId: 205088914
GitOrigin-RevId: 4d5e1e82a4b4bd7045b8c1de8798273d91c53934

13c08293

Protocol buffer for Rsa Signature with PSS encoding · 691490f1
Quan Nguyen authored 6 years ago
```
PiperOrigin-RevId: 205080507
GitOrigin-RevId: 350da8300cba50deca4f3e326a92ff6a12c42430
```
691490f1

Automated g4 rollback of changelist 205012951. · 86a7a2e9

Thai Duong authored 6 years ago

*** Reason for rollback ***

I fixed the broken builds in AdSpam.

*** Original change description ***

Automated g4 rollback of changelist 205009482.

*** Reason for rollback ***

TAP has detected that 10 or more targets failed to build at cl/205009482.
If this is an error, please file a bug at go/autorollback-bug.
TAP checked that the following target built at cl/205009481 but failed to build at cl/205009482.
 To see all broken targets, please visit http://test/205009482.
 You can also see the results on sponge for the broken targets:
  https://sponge.corp.google.com/invocations?searchFor=label%...

***

PiperOrigin-RevId: 205080258
GitOrigin-RevId: d6c88086f1e28f0b959954330f9301da0e048d93

86a7a2e9

Automated g4 rollback of changelist 205009482. · 3e50c2dc

Tink Team authored 6 years ago

*** Reason for rollback ***

TAP has detected that 10 or more targets failed to build at cl/205009482.
If this is an error, please file a bug at go/autorollback-bug.
TAP checked that the following target built at cl/205009481 but failed to build at cl/205009482.
 To see all broken targets, please visit http://test/205009482.
 You can also see the results on sponge for the broken targets:
  https://sponge.corp.google.com/invocations?searchFor=label%3Atap+label%3Apostsubmit+cl%3A205009482+target%3A%2F%2Fwireless%2Fandroid%2Fapps%2Fafma%2Fsignals%2Frestricted%2Ftesting%2Fsignalchecker%3AProtoCheckerTest+TAP_BUILD_FLAGS_SUFFIX%3ACAMQBVhe
and for for previously passing target:
  https://sponge.corp.google.com/invocations?searchFor=label%3Atap+label%3Apostsubmit+cl%3A205009481+target%3A%2F%2Fwireless%2Fandroid%2Fapps%2Fafma%2Fsignals%2Frestricted%2Ftesting%2Fsignalchecker%3AProtoCheckerTest+TAP_BUILD_FLAGS_SUFFIX%3ACAMQBVhe
Questions? Comments? See the URL: go/autorollback

*** Original change description ***

Implementations of KeysetReader should always return new KeysetReader instances.

***

PiperOrigin-RevId: 205012951
GitOrigin-RevId: 99e91f1bd905d93ab76a11e9e5e178dc8873d12c

3e50c2dc

C++: add support for Crunchy output prefix type. · 4bdcad3d

Thai Duong authored 6 years ago

It's similar to LEGACY, but it uses a randomly generated key id.

PiperOrigin-RevId: 205010378
GitOrigin-RevId: d2fa6b16b2e2fe7dd67aedef9adbb97819c24537

4bdcad3d

Implementations of KeysetReader should always return new KeysetReader instances. · 44ef5221
Thai Duong authored 6 years ago
```
PiperOrigin-RevId: 205009482
GitOrigin-RevId: cf0148128e3da07d9e0870475277383980ae0076
```
44ef5221

Jul 16, 2018
- Merge pull request #98 from vietlq:scratch/spelling-001 · cd6f4b09
  Charles Lee authored 6 years ago
```
GitOrigin-RevId: db4c55dc6c9a7daeb59b8decb8ee997e8781e6e0
```
  cd6f4b09
- Removing deprecated Obj-C Tink APIs. · 627d6212
  Haris Andrianakis authored 6 years ago
```
NoExternal

PiperOrigin-RevId: 204765216
GitOrigin-RevId: 7f20929c10b907bd272219a27d6ee55487654283
```
  627d6212
Jul 14, 2018
- fix spelling · f08ded79
  Viet Le authored 6 years ago
  
  f08ded79
Jul 13, 2018

Note that C++ and Obj-C are also ready for production, also adding Haris and... · e76fa741

Thai Duong authored 6 years ago

Note that C++ and Obj-C are also ready for production, also adding Haris and Charles to list of maintainers.

PiperOrigin-RevId: 204533189
GitOrigin-RevId: 9ae90e72ca30baa3e6efa9783ab8f3b7d14ec690

e76fa741

Update version references to 1.2.0-rc2. · e68edc7b

Charles Lee authored 6 years ago

Also, remove stale references to v1.1.0 in TinkConfig.register() documentation.

PiperOrigin-RevId: 204529434
GitOrigin-RevId: a99dbe6bb14b02c1411e7baa6ef017ec72d89baf

e68edc7b

Fixing Wycheproof ECDH tests. There's no bug, the tests are incorrect. · d9d164a2

Thai Duong authored 6 years ago

First, background and history:

In Java, an ECDH public key can be encoded as a SubjectPublicKeyInfo spec [1]. This spec contains the public point, and a named curve or curve parameters [2]. To test ECDH libraries, Wycheproof generates public key specs with modified curve parameters, and checks that the libraries must reject them [3].

Android M and N (and possibly other versions) do not reject said public keys specs. Given a spec Android just takes the field ID, and derives the rest of the parameters. This leads to a somewhat interesting situation: not only Android accepts Wycheproof's modified public key specs, but it also computes the shared secrets correctly and securely. So we changed Wycheproof to accept Android's behavior, and added to each test case the expected shared secret, had the public key spec not been modified.

What went wrong:

The expected shared secrets for "modified prime" and "public key of order 3" test are incorrect. I found that the public key specs (the "public" field in the ecdh_test.json) don't contain the same public point as in other tests. I'm not sure this is intentional, but because the public point is different the expected shared secret must be different too.

Let's look at test case #336. Its expected shared secret is the same as test case #335. Yet two test cases contain two different public points, as shown below (
the public point is the last BIT STRING, it starts with 04):

# Test case 335

  0 304: SEQUENCE {
  4 233:   SEQUENCE {
  7   7:     OBJECT IDENTIFIER '1 2 840 10045 2 1'
 16 221:     SEQUENCE {
 19   1:       INTEGER 1
 22  44:       SEQUENCE {
 24   7:         OBJECT IDENTIFIER '1 2 840 10045 1 1'
 33  33:         INTEGER
       :           00 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00
       :           00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF
       :           FF
       :         }
 68  68:       SEQUENCE {
 70  32:         OCTET STRING
       :           FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00
       :           00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FC
104  32:         OCTET STRING
       :           5A C6 35 D8 AA 3A 93 E7 B3 EB BD 55 76 98 86 BC
       :           65 1D 06 B0 CC 53 B0 F6 3B CE 3C 3E 27 D2 60 4B
       :         }
138  65:       OCTET STRING
       :         04 6B 17 D1 F2 E1 2C 42 47 F8 BC E6 E5 63 A4 40
       :         F2 77 03 7D 81 2D EB 33 A0 F4 A1 39 45 D8 98 C2
       :         96 4F E3 42 E2 FE 1A 7F 9B 8E E7 EB 4A 7C 0F 9E
       :         16 2B CE 33 57 6B 31 5E CE CB B6 40 68 37 BF 51
       :         F5
205  33:       INTEGER
       :         00 FF FF FF FF 00 00 00 00 FF FF FF FF FF FF FF
       :         FF BC E6 FA AD A7 17 9E 84 F3 B9 CA C2 FC 63 25
       :         51
       :       }
       :     }
240  66:   BIT STRING
       :     04 15 10 26 4C 18 9C 3D 52 3F F9 91 6A BD 70 69
       :     EF A6 96 8D 8D C7 DD B6 45 7D 78 69 B5 3E A6 0C
       :     DC FA FB 7E D4 78 6D A1 5D 29 EE 59 25 6F 53 6D
       :     A3 57 5A 48 88 C1 BB 0A 95 B2 56 F4 A7 E9 FD 76
       :     4A
       :   }

# Test case 336:

  0 307: SEQUENCE {
  4 236:   SEQUENCE {
  7   7:     OBJECT IDENTIFIER '1 2 840 10045 2 1'
 16 224:     SEQUENCE {
 19   1:       INTEGER 1
 22  44:       SEQUENCE {
 24   7:         OBJECT IDENTIFIER '1 2 840 10045 1 1'
 33  33:         INTEGER
       :           00 FD 09 10 59 A6 89 36 35 F9 00 E9 44 9D 63 F5
       :           72 B2 AE BC 4C FF 7B 4E 5E 33 F1 B2 00 E8 BB C1
       :           45
       :         }
 68  68:       SEQUENCE {
 70  32:         OCTET STRING
       :           02 F6 EF A5 59 76 C9 CB 06 FF 16 BB 62 9C 0A 8D
       :           4D 51 43 B4 00 84 B1 A1 CC 0E 4D FF 17 44 3E B7
104  32:         OCTET STRING
       :           5A C6 35 D8 AA 3A 93 E7 B3 EB BD 55 76 98 86 BC
       :           65 1D 06 B0 CC 53 B0 F6 3B CE 3C 3E 27 D2 60 4B
       :         }
138  65:       OCTET STRING
       :         04 00 00 00 00 00 00 00 00 00 00 06 59 7F A9 4B
       :         1F D9 00 00 00 00 00 00 00 00 00 00 00 00 00 00
       :         02 1B 8C 7D D7 7F 9A 95 62 79 22 EC EE FE A7 3F
       :         02 8F 1E C9 5B A9 B8 FA 95 A3 AD 24 BD F9 FF F4
       :         14
205  33:       INTEGER
       :         00 FF FF FF FF 00 00 00 00 FF FF FF FF FF FF FF
       :         FF BC E6 FA AD A7 17 9E 84 F3 B9 CA C2 FC 63 25
       :         51
240   1:       INTEGER 1
       :       }
       :     }
243  66:   BIT STRING
       :     04 00 00 00 00 00 00 00 00 00 00 06 59 7F A9 4B
       :     1F D9 00 00 00 00 00 00 00 00 00 00 00 00 00 00
       :     02 1B 8C 7D D7 7F 9A 95 62 79 22 EC EE FE A7 3F
       :     02 8F 1E C9 5B A9 B8 FA 95 A3 AD 24 BD F9 FF F4
       :     14
       :   }

[1] https://tools.ietf.org/html/rfc5280#section-4.1.2.7.
[2] https://tools.ietf.org/html/rfc3279#section-2.3.5
[3] Many libraries don't, and usually that leads to vulnerabilities that leak the private key.

PiperOrigin-RevId: 204515375
GitOrigin-RevId: 6a5a122b80d9664fa19f5497a2a5260f02c7ee5a

d9d164a2

Fixing a merge error in BUILD-file. · c0f8be5c
Bartosz Przydatek authored 6 years ago
```
PiperOrigin-RevId: 204478709
GitOrigin-RevId: 945a523d16fbe1b784174e2aedb488d7a89ba643
```
c0f8be5c
Reducing size of libtink.so by removing dead code. · 3fc5742b
Bartosz Przydatek authored 6 years ago
```
PiperOrigin-RevId: 204477406
GitOrigin-RevId: 46569424ee4847c93bd6f82c28611bc0b00a1834
```
3fc5742b

Update boringssl version to the latest on the master-with-bazel branch. · 0c0f60f4

Rafael Lerm authored 6 years ago

This is necessary to use some newer functions in the upcoming RsaSignBoringSsl class.

PiperOrigin-RevId: 204469656
GitOrigin-RevId: ad1183ca8adc93ce12d15e9eb655aeba5fa4b700

0c0f60f4

Removing deprecated C++ Tink APIs. · 809f78fa
Bartosz Przydatek authored 6 years ago
```
PiperOrigin-RevId: 204468964
GitOrigin-RevId: 0a4a28740dbdfd6b20872792de5adb78a2fbe676
```
809f78fa
objc: Upgrade protobuf, add ios_static_framework rule for Bazel, update docs. · e3521eaa
Haris Andrianakis authored 6 years ago
```
PiperOrigin-RevId: 204394015
GitOrigin-RevId: d0fa0c36798ffbed7b3381909d88631ef1743318
```
e3521eaa

Fixing typo. · 34b3c074

Thai Duong authored 6 years ago

PiperOrigin-RevId: 204391980
GitOrigin-RevId: ba9666fbf61c6a39d68c6fa323fed282d2a5a60f

34b3c074

Update installation instructions. · 687fbd55

Thai Duong authored 6 years ago

PiperOrigin-RevId: 204390951
GitOrigin-RevId: a7c70b188581a9983f20b290fffd33835b6349c2

687fbd55

objc: Set version to 1.2.0-rc2. · b3f143a8

Haris Andrianakis authored 6 years ago

PiperOrigin-RevId: 204385896
GitOrigin-RevId: 9db2e408d0142df477fb2afbfbf55fd6b5d7ee46

b3f143a8

Jul 12, 2018
- Cleaning up discrepancies between Java and C++, preparing for 1.2.0 release. · 0eabd5c3
  Thai Duong authored 6 years ago
```
PiperOrigin-RevId: 204372552
GitOrigin-RevId: d2fdca75407b5694f6c94463697ce277e13997c4
```
  0eabd5c3
- objc: Update documentation with new config API. · 0ee8fee6
  Haris Andrianakis authored 6 years ago
```
PiperOrigin-RevId: 204329983
GitOrigin-RevId: a859145a0d30c28729ab0476af994869d727a841
```
  0ee8fee6
- Adding Obj-C default config registration. · 1dafd52b
  Haris Andrianakis authored 6 years ago
```
PiperOrigin-RevId: 204327044
GitOrigin-RevId: 770ada770bb494b8abb9184b7c5f48d89bb0484a
```
  1dafd52b
- Adding C++ default config registration. · 53a9f826
  Bartosz Przydatek authored 6 years ago
```
PiperOrigin-RevId: 204257158
GitOrigin-RevId: 641a21a941f733511ef7d31ab39e53959d34bac4
```
  53a9f826
- Add enum RsaSignatureEncoding · 0d03d040
  Quan Nguyen authored 6 years ago
```
PiperOrigin-RevId: 204232671
GitOrigin-RevId: 33ca66ee5ff8124dd3951ea390c5c8572b058d6c
```
  0d03d040
- Rsa signature protocol buffer · 1f31da9f
  Quan Nguyen authored 6 years ago
```
PiperOrigin-RevId: 204222206
GitOrigin-RevId: 64222a64dd73ee8d87634c2ab2a4accd8afc5d62
```
  1f31da9f
Jul 11, 2018

objc: Implement keychain write support. · fb7ed28f
Haris Andrianakis authored 6 years ago
```
PiperOrigin-RevId: 204198082
GitOrigin-RevId: c5905c66b71934a2de24ec4c41a2c87409ca78a8
```
fb7ed28f
Move TestUtil::GetKeyset, TestUtil::GetKeysetHandle to a separate class so they · a7c0b6f6
Haris Andrianakis authored 6 years ago
```
are usable by Obj-C code (not just tests).

PiperOrigin-RevId: 204124489
GitOrigin-RevId: 5df6f3544e3b7da83dde0a2c08ea0e8e8e4bfe38
```
a7c0b6f6
objc: Add installation instructions in the documentation, update CHANGELOG. · 81cdb2ae
Haris Andrianakis authored 6 years ago
```
PiperOrigin-RevId: 204014431
GitOrigin-RevId: 5a7bc7f10967d27f6bb3c94d559701f6988a80e4
```
81cdb2ae
Fix infinite recursion on Tink Status to google3 conversion. · ac9510c8
Tink Team authored 6 years ago
```
PiperOrigin-RevId: 203997496
GitOrigin-RevId: fe5e319a26c21acf591583e9910ab5c203d562d1
```
ac9510c8
Update cc/util/status to not depend on google3 status for Apple builds. · ab670ffe
Haris Andrianakis authored 6 years ago
```
PiperOrigin-RevId: 203977901
GitOrigin-RevId: 857fff7af8b58c2476bd1c83598d5f3d1c54ba78
```
ab670ffe

Update to latest release of bazelbuild/rules_apple. · f17b7ee7

Charles Lee authored 6 years ago

Using the latest rules_apple release fixes the previous continuous integration build failure. This is due to the inclusion of the following commit:
https://github.com/bazelbuild/rules_apple/commit/d24f9791e62ba3edcad69114fe4944e063681b39

Which is required due to a change in bazel 0.15.0. From https://github.com/bazelbuild/bazel/releases/tag/0.15.0:

"non_propagated_deps has been removed from objc_library and apple_binary."

PiperOrigin-RevId: 203977097
GitOrigin-RevId: 791887c15d86d72d8e21fcf3bc82ac14378f8084

f17b7ee7

objc: Remove unit test host from bazel rules, it errs with Bazel 0.15.0 · a0d09b8f
Haris Andrianakis authored 6 years ago
```
PiperOrigin-RevId: 203847430
GitOrigin-RevId: bb0cc72b12bb592df09df8ddf06ddedb85a03a82
```
a0d09b8f

objc: Add iOS Keychain support. · c0091a95

Haris Andrianakis authored 6 years ago

- Adds the ability to load a keyset from the iOS keychain.

Note 1: The part for writing a keyset to the keychain is missing because I need to make some changes to the C++ code.

Note 2: The keychain tests don't work with Bazel. I haven't figured why yet.

PiperOrigin-RevId: 203827136
GitOrigin-RevId: 95172f475455fec991b2c1e90475bc8292085a99

c0091a95

Removing the redundant typeUrl-argument from Registry.registerKeyManager()-methods. · eeadc544
Bartosz Przydatek authored 6 years ago
```
PiperOrigin-RevId: 203816425
GitOrigin-RevId: c9b34b7ee5eeb761d96baa0c8976722f9d2125ba
```
eeadc544

Jul 06, 2018
- Removing an obsolete BUILD-file for JSONCPP. · 46df1b5e
  Bartosz Przydatek authored 6 years ago
```
PiperOrigin-RevId: 203476862
GitOrigin-RevId: a7196177749c98be51eab8641ce4f336b5559ccb
```
  46df1b5e