Commits · e68edc7bddb2034aff2454ce04dd3b5e5096fe3b · fuchsia-mirror / fuchsia.googlesource.com-third_party-tink

Jul 13, 2018

Update version references to 1.2.0-rc2. · e68edc7b

Charles Lee authored 6 years ago

Also, remove stale references to v1.1.0 in TinkConfig.register() documentation.

PiperOrigin-RevId: 204529434
GitOrigin-RevId: a99dbe6bb14b02c1411e7baa6ef017ec72d89baf

e68edc7b

Fixing Wycheproof ECDH tests. There's no bug, the tests are incorrect. · d9d164a2

Thai Duong authored 6 years ago

First, background and history:

In Java, an ECDH public key can be encoded as a SubjectPublicKeyInfo spec [1]. This spec contains the public point, and a named curve or curve parameters [2]. To test ECDH libraries, Wycheproof generates public key specs with modified curve parameters, and checks that the libraries must reject them [3].

Android M and N (and possibly other versions) do not reject said public keys specs. Given a spec Android just takes the field ID, and derives the rest of the parameters. This leads to a somewhat interesting situation: not only Android accepts Wycheproof's modified public key specs, but it also computes the shared secrets correctly and securely. So we changed Wycheproof to accept Android's behavior, and added to each test case the expected shared secret, had the public key spec not been modified.

What went wrong:

The expected shared secrets for "modified prime" and "public key of order 3" test are incorrect. I found that the public key specs (the "public" field in the ecdh_test.json) don't contain the same public point as in other tests. I'm not sure this is intentional, but because the public point is different the expected shared secret must be different too.

Let's look at test case #336. Its expected shared secret is the same as test case #335. Yet two test cases contain two different public points, as shown below (
the public point is the last BIT STRING, it starts with 04):

# Test case 335

  0 304: SEQUENCE {
  4 233:   SEQUENCE {
  7   7:     OBJECT IDENTIFIER '1 2 840 10045 2 1'
 16 221:     SEQUENCE {
 19   1:       INTEGER 1
 22  44:       SEQUENCE {
 24   7:         OBJECT IDENTIFIER '1 2 840 10045 1 1'
 33  33:         INTEGER
       :           00 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00
       :           00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF
       :           FF
       :         }
 68  68:       SEQUENCE {
 70  32:         OCTET STRING
       :           FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00
       :           00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FC
104  32:         OCTET STRING
       :           5A C6 35 D8 AA 3A 93 E7 B3 EB BD 55 76 98 86 BC
       :           65 1D 06 B0 CC 53 B0 F6 3B CE 3C 3E 27 D2 60 4B
       :         }
138  65:       OCTET STRING
       :         04 6B 17 D1 F2 E1 2C 42 47 F8 BC E6 E5 63 A4 40
       :         F2 77 03 7D 81 2D EB 33 A0 F4 A1 39 45 D8 98 C2
       :         96 4F E3 42 E2 FE 1A 7F 9B 8E E7 EB 4A 7C 0F 9E
       :         16 2B CE 33 57 6B 31 5E CE CB B6 40 68 37 BF 51
       :         F5
205  33:       INTEGER
       :         00 FF FF FF FF 00 00 00 00 FF FF FF FF FF FF FF
       :         FF BC E6 FA AD A7 17 9E 84 F3 B9 CA C2 FC 63 25
       :         51
       :       }
       :     }
240  66:   BIT STRING
       :     04 15 10 26 4C 18 9C 3D 52 3F F9 91 6A BD 70 69
       :     EF A6 96 8D 8D C7 DD B6 45 7D 78 69 B5 3E A6 0C
       :     DC FA FB 7E D4 78 6D A1 5D 29 EE 59 25 6F 53 6D
       :     A3 57 5A 48 88 C1 BB 0A 95 B2 56 F4 A7 E9 FD 76
       :     4A
       :   }

# Test case 336:

  0 307: SEQUENCE {
  4 236:   SEQUENCE {
  7   7:     OBJECT IDENTIFIER '1 2 840 10045 2 1'
 16 224:     SEQUENCE {
 19   1:       INTEGER 1
 22  44:       SEQUENCE {
 24   7:         OBJECT IDENTIFIER '1 2 840 10045 1 1'
 33  33:         INTEGER
       :           00 FD 09 10 59 A6 89 36 35 F9 00 E9 44 9D 63 F5
       :           72 B2 AE BC 4C FF 7B 4E 5E 33 F1 B2 00 E8 BB C1
       :           45
       :         }
 68  68:       SEQUENCE {
 70  32:         OCTET STRING
       :           02 F6 EF A5 59 76 C9 CB 06 FF 16 BB 62 9C 0A 8D
       :           4D 51 43 B4 00 84 B1 A1 CC 0E 4D FF 17 44 3E B7
104  32:         OCTET STRING
       :           5A C6 35 D8 AA 3A 93 E7 B3 EB BD 55 76 98 86 BC
       :           65 1D 06 B0 CC 53 B0 F6 3B CE 3C 3E 27 D2 60 4B
       :         }
138  65:       OCTET STRING
       :         04 00 00 00 00 00 00 00 00 00 00 06 59 7F A9 4B
       :         1F D9 00 00 00 00 00 00 00 00 00 00 00 00 00 00
       :         02 1B 8C 7D D7 7F 9A 95 62 79 22 EC EE FE A7 3F
       :         02 8F 1E C9 5B A9 B8 FA 95 A3 AD 24 BD F9 FF F4
       :         14
205  33:       INTEGER
       :         00 FF FF FF FF 00 00 00 00 FF FF FF FF FF FF FF
       :         FF BC E6 FA AD A7 17 9E 84 F3 B9 CA C2 FC 63 25
       :         51
240   1:       INTEGER 1
       :       }
       :     }
243  66:   BIT STRING
       :     04 00 00 00 00 00 00 00 00 00 00 06 59 7F A9 4B
       :     1F D9 00 00 00 00 00 00 00 00 00 00 00 00 00 00
       :     02 1B 8C 7D D7 7F 9A 95 62 79 22 EC EE FE A7 3F
       :     02 8F 1E C9 5B A9 B8 FA 95 A3 AD 24 BD F9 FF F4
       :     14
       :   }

[1] https://tools.ietf.org/html/rfc5280#section-4.1.2.7.
[2] https://tools.ietf.org/html/rfc3279#section-2.3.5
[3] Many libraries don't, and usually that leads to vulnerabilities that leak the private key.

PiperOrigin-RevId: 204515375
GitOrigin-RevId: 6a5a122b80d9664fa19f5497a2a5260f02c7ee5a

d9d164a2

Fixing a merge error in BUILD-file. · c0f8be5c
Bartosz Przydatek authored 6 years ago
```
PiperOrigin-RevId: 204478709
GitOrigin-RevId: 945a523d16fbe1b784174e2aedb488d7a89ba643
```
c0f8be5c
Reducing size of libtink.so by removing dead code. · 3fc5742b
Bartosz Przydatek authored 6 years ago
```
PiperOrigin-RevId: 204477406
GitOrigin-RevId: 46569424ee4847c93bd6f82c28611bc0b00a1834
```
3fc5742b

Update boringssl version to the latest on the master-with-bazel branch. · 0c0f60f4

Rafael Lerm authored 6 years ago

This is necessary to use some newer functions in the upcoming RsaSignBoringSsl class.

PiperOrigin-RevId: 204469656
GitOrigin-RevId: ad1183ca8adc93ce12d15e9eb655aeba5fa4b700

0c0f60f4

Removing deprecated C++ Tink APIs. · 809f78fa
Bartosz Przydatek authored 6 years ago
```
PiperOrigin-RevId: 204468964
GitOrigin-RevId: 0a4a28740dbdfd6b20872792de5adb78a2fbe676
```
809f78fa
objc: Upgrade protobuf, add ios_static_framework rule for Bazel, update docs. · e3521eaa
Haris Andrianakis authored 6 years ago
```
PiperOrigin-RevId: 204394015
GitOrigin-RevId: d0fa0c36798ffbed7b3381909d88631ef1743318
```
e3521eaa

Fixing typo. · 34b3c074

Thai Duong authored 6 years ago

PiperOrigin-RevId: 204391980
GitOrigin-RevId: ba9666fbf61c6a39d68c6fa323fed282d2a5a60f

34b3c074

Update installation instructions. · 687fbd55

Thai Duong authored 6 years ago

PiperOrigin-RevId: 204390951
GitOrigin-RevId: a7c70b188581a9983f20b290fffd33835b6349c2

687fbd55

objc: Set version to 1.2.0-rc2. · b3f143a8

Haris Andrianakis authored 6 years ago

PiperOrigin-RevId: 204385896
GitOrigin-RevId: 9db2e408d0142df477fb2afbfbf55fd6b5d7ee46

b3f143a8

Jul 12, 2018
- Cleaning up discrepancies between Java and C++, preparing for 1.2.0 release. · 0eabd5c3
  Thai Duong authored 6 years ago
```
PiperOrigin-RevId: 204372552
GitOrigin-RevId: d2fdca75407b5694f6c94463697ce277e13997c4
```
  0eabd5c3
- objc: Update documentation with new config API. · 0ee8fee6
  Haris Andrianakis authored 6 years ago
```
PiperOrigin-RevId: 204329983
GitOrigin-RevId: a859145a0d30c28729ab0476af994869d727a841
```
  0ee8fee6
- Adding Obj-C default config registration. · 1dafd52b
  Haris Andrianakis authored 6 years ago
```
PiperOrigin-RevId: 204327044
GitOrigin-RevId: 770ada770bb494b8abb9184b7c5f48d89bb0484a
```
  1dafd52b
- Adding C++ default config registration. · 53a9f826
  Bartosz Przydatek authored 6 years ago
```
PiperOrigin-RevId: 204257158
GitOrigin-RevId: 641a21a941f733511ef7d31ab39e53959d34bac4
```
  53a9f826
- Add enum RsaSignatureEncoding · 0d03d040
  Quan Nguyen authored 6 years ago
```
PiperOrigin-RevId: 204232671
GitOrigin-RevId: 33ca66ee5ff8124dd3951ea390c5c8572b058d6c
```
  0d03d040
- Rsa signature protocol buffer · 1f31da9f
  Quan Nguyen authored 6 years ago
```
PiperOrigin-RevId: 204222206
GitOrigin-RevId: 64222a64dd73ee8d87634c2ab2a4accd8afc5d62
```
  1f31da9f
Jul 11, 2018

objc: Implement keychain write support. · fb7ed28f
Haris Andrianakis authored 6 years ago
```
PiperOrigin-RevId: 204198082
GitOrigin-RevId: c5905c66b71934a2de24ec4c41a2c87409ca78a8
```
fb7ed28f
Move TestUtil::GetKeyset, TestUtil::GetKeysetHandle to a separate class so they · a7c0b6f6
Haris Andrianakis authored 6 years ago
```
are usable by Obj-C code (not just tests).

PiperOrigin-RevId: 204124489
GitOrigin-RevId: 5df6f3544e3b7da83dde0a2c08ea0e8e8e4bfe38
```
a7c0b6f6
objc: Add installation instructions in the documentation, update CHANGELOG. · 81cdb2ae
Haris Andrianakis authored 6 years ago
```
PiperOrigin-RevId: 204014431
GitOrigin-RevId: 5a7bc7f10967d27f6bb3c94d559701f6988a80e4
```
81cdb2ae
Fix infinite recursion on Tink Status to google3 conversion. · ac9510c8
Tink Team authored 6 years ago
```
PiperOrigin-RevId: 203997496
GitOrigin-RevId: fe5e319a26c21acf591583e9910ab5c203d562d1
```
ac9510c8
Update cc/util/status to not depend on google3 status for Apple builds. · ab670ffe
Haris Andrianakis authored 6 years ago
```
PiperOrigin-RevId: 203977901
GitOrigin-RevId: 857fff7af8b58c2476bd1c83598d5f3d1c54ba78
```
ab670ffe

Update to latest release of bazelbuild/rules_apple. · f17b7ee7

Charles Lee authored 6 years ago

Using the latest rules_apple release fixes the previous continuous integration build failure. This is due to the inclusion of the following commit:
https://github.com/bazelbuild/rules_apple/commit/d24f9791e62ba3edcad69114fe4944e063681b39

Which is required due to a change in bazel 0.15.0. From https://github.com/bazelbuild/bazel/releases/tag/0.15.0:

"non_propagated_deps has been removed from objc_library and apple_binary."

PiperOrigin-RevId: 203977097
GitOrigin-RevId: 791887c15d86d72d8e21fcf3bc82ac14378f8084

f17b7ee7

objc: Remove unit test host from bazel rules, it errs with Bazel 0.15.0 · a0d09b8f
Haris Andrianakis authored 6 years ago
```
PiperOrigin-RevId: 203847430
GitOrigin-RevId: bb0cc72b12bb592df09df8ddf06ddedb85a03a82
```
a0d09b8f

objc: Add iOS Keychain support. · c0091a95

Haris Andrianakis authored 6 years ago

- Adds the ability to load a keyset from the iOS keychain.

Note 1: The part for writing a keyset to the keychain is missing because I need to make some changes to the C++ code.

Note 2: The keychain tests don't work with Bazel. I haven't figured why yet.

PiperOrigin-RevId: 203827136
GitOrigin-RevId: 95172f475455fec991b2c1e90475bc8292085a99

c0091a95

Removing the redundant typeUrl-argument from Registry.registerKeyManager()-methods. · eeadc544
Bartosz Przydatek authored 6 years ago
```
PiperOrigin-RevId: 203816425
GitOrigin-RevId: c9b34b7ee5eeb761d96baa0c8976722f9d2125ba
```
eeadc544

Jul 06, 2018

Removing an obsolete BUILD-file for JSONCPP. · 46df1b5e
Bartosz Przydatek authored 6 years ago
```
PiperOrigin-RevId: 203476862
GitOrigin-RevId: a7196177749c98be51eab8641ce4f336b5559ccb
```
46df1b5e

Format .bzl files with buildifier · 466cac81

Tink Team authored 6 years ago

This is a part of a large-scale change: go/lsc-format-bzl-files . All .bzl files are being formatted with buildifier.

To format a file manually run `buildifier path/to/file.bzl`. Integration with `g4 fix` will be available later, but you can try using `g4 fix --format=bzl`.

Tested:
    tap_presubmit
    Some tests failed; test failures are believed to be unrelated to this CL

BEGIN_PUBLIC
Format .bzl files with buildifier
END_PUBLIC

PiperOrigin-RevId: 203461813
GitOrigin-RevId: e90458471907298780465ab84c5e94add72d7dcd

466cac81

Add shims to convert Tink Status/StatusOr to google3. · 6426e7d7
Thai Duong authored 6 years ago
```
PiperOrigin-RevId: 203384667
GitOrigin-RevId: be4aa4ef88d1b6bba81a4a63a2c40d038b014854
```
6426e7d7
Adding AES-EAX version using the AES-NI instruction set. · 423dfa9b
Daniel Bleichenbacher authored 6 years ago
```
PiperOrigin-RevId: 203378951
GitOrigin-RevId: 62fd8b1b82187a7758e7bbf66de363288305e3d2
```
423dfa9b
Registry::RegisterKeyManager - new key allowed can be changed to more · 44b8960e
Veronika Slivova authored 6 years ago
```
restrictive

PiperOrigin-RevId: 203283070
GitOrigin-RevId: 058f0b9a347ec73ba0ae1ee38679c0739a8eec89
```
44b8960e

Jul 03, 2018

objc: Update the Obj-C documentation. · 57c0a72d

Haris Andrianakis authored 6 years ago

- Added installation instructions
- Fixed typos in examples
- Updated the import paths

PiperOrigin-RevId: 203145324
GitOrigin-RevId: 64de4d74dea83d8d5a3205322a09db3bea90930f

57c0a72d

Always use the latest Tink configs during registration. · 571a7261

Thai Duong authored 6 years ago

Instead of

Config.register(AeadConfig.TINK_1_1_0);

We'd do

AeadConfig.register();

I kept the static init blocks in AeadConfig, but it's only for backward compatibility. We'd always require users calling the init function. This gives us consistency across all languages.

I also deprecated TINK_1_1_0 and introduced LATEST which contains the configs of the latest version.

Advanced users can always do Config.register(myCustomConfig);

PiperOrigin-RevId: 203125864
GitOrigin-RevId: cd138962f88ff693e9c13cef3399f956f6d6513e

571a7261

Registering key manager with not supported key type should not be allowed. · dc91bb34
Veronika Slivova authored 6 years ago
```
PiperOrigin-RevId: 203082603
GitOrigin-RevId: 610b190732a8c98bfbed8f0625a2688d8c748a67
```
dc91bb34

Add 'com.' prefix to espresso. · b353409d

Charles Lee authored 6 years ago

PiperOrigin-RevId: 203055704
GitOrigin-RevId: 5bb1e21274576c66342da888f75f05375fb1e815

b353409d

Removed unused dependencies, converted everything to proto-lite. · 8f77de29

Haris Andrianakis authored 6 years ago

Pruned dependencies that weren't used:
- //util/gtl:node_hash_map
- //util/gtl:singleton

PiperOrigin-RevId: 202981225
GitOrigin-RevId: cbde29fc20fcdc180b4c6262ac9b6dafe67cfef2

8f77de29

Fix typo in package name · 19b36d27

Charles Lee authored 6 years ago

PiperOrigin-RevId: 202967034
GitOrigin-RevId: 3f494fe6e4c18c2209aa46ef5836415ffa1c4628

19b36d27

Switch example Android app back to android.support.test. · 4826f9cc
Charles Lee authored 6 years ago
```
PiperOrigin-RevId: 202962201
GitOrigin-RevId: 0a1f5bab18d33e650dc6d192e622a68acbd743a7
```
4826f9cc
Removing inconsistency between Java and C++. · 87444c4f
Veronika Slivova authored 6 years ago
```
PiperOrigin-RevId: 202909592
GitOrigin-RevId: 957b0b9dbfe3db55df010accf7147ab5a9ebe01d
```
87444c4f

Replace references to android.support.test with androidx.test. · 3d24ad15

Tink Team authored 6 years ago

The Android Test Support Library is being renamed to AndroidX Test, with its root java namespace changing from android.support.test to androidx.test.
And code location changing from tp/android/android_test_support to tp/android/androidx_test.

More information: go/jetpack-test-lsc

TAP global presubmit: https://test.corp.google.com/ui#id=OCL:202779348:BASE:202785125:1530379068287:f0eca0a1

BUG:
79205333
PiperOrigin-RevId: 202796842
GitOrigin-RevId: 47c1bdb517ffda5279d9dcde00b6cd9f950d87f3

3d24ad15

Removing protobuf JSON util dependency. · 128aef89
Thai Duong authored 6 years ago
```
PiperOrigin-RevId: 202532619
GitOrigin-RevId: 3df1d9e5f73bcf81ad5df241ced9b316f03a7956
```
128aef89