Repository: tink-crypto/tink
Branch: master
Commit: 1f4cd38874ec
Files: 3712
Total size: 39.5 MB
Directory structure:
gitextract_6vi1w9d7/
├── .bazelversion
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug_report.md
│ │ ├── config.yml
│ │ └── feature_request.md
│ └── workflows/
│ └── codeql-analysis.yml
├── .gitignore
├── BUILD.bazel
├── CMakeLists.txt
├── LICENSE
├── README.md
├── cc/
│ ├── .bazelignore
│ ├── .bazelrc
│ ├── .bazelversion
│ ├── BUILD.bazel
│ ├── CMakeLists.txt
│ ├── WORKSPACE
│ ├── aead/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── aead_config.cc
│ │ ├── aead_config.h
│ │ ├── aead_config_test.cc
│ │ ├── aead_factory.cc
│ │ ├── aead_factory.h
│ │ ├── aead_factory_test.cc
│ │ ├── aead_key.h
│ │ ├── aead_key_templates.cc
│ │ ├── aead_key_templates.h
│ │ ├── aead_key_templates_test.cc
│ │ ├── aead_parameters.h
│ │ ├── aead_wrapper.cc
│ │ ├── aead_wrapper.h
│ │ ├── aead_wrapper_test.cc
│ │ ├── aes_ctr_hmac_aead_key.cc
│ │ ├── aes_ctr_hmac_aead_key.h
│ │ ├── aes_ctr_hmac_aead_key_manager.cc
│ │ ├── aes_ctr_hmac_aead_key_manager.h
│ │ ├── aes_ctr_hmac_aead_key_manager_test.cc
│ │ ├── aes_ctr_hmac_aead_key_test.cc
│ │ ├── aes_ctr_hmac_aead_parameters.cc
│ │ ├── aes_ctr_hmac_aead_parameters.h
│ │ ├── aes_ctr_hmac_aead_parameters_test.cc
│ │ ├── aes_ctr_hmac_aead_proto_serialization.cc
│ │ ├── aes_ctr_hmac_aead_proto_serialization.h
│ │ ├── aes_ctr_hmac_aead_proto_serialization_test.cc
│ │ ├── aes_eax_key.cc
│ │ ├── aes_eax_key.h
│ │ ├── aes_eax_key_manager.h
│ │ ├── aes_eax_key_manager_test.cc
│ │ ├── aes_eax_key_test.cc
│ │ ├── aes_eax_parameters.cc
│ │ ├── aes_eax_parameters.h
│ │ ├── aes_eax_parameters_test.cc
│ │ ├── aes_eax_proto_serialization.cc
│ │ ├── aes_eax_proto_serialization.h
│ │ ├── aes_eax_proto_serialization_test.cc
│ │ ├── aes_gcm_key.cc
│ │ ├── aes_gcm_key.h
│ │ ├── aes_gcm_key_manager.h
│ │ ├── aes_gcm_key_manager_test.cc
│ │ ├── aes_gcm_key_test.cc
│ │ ├── aes_gcm_parameters.cc
│ │ ├── aes_gcm_parameters.h
│ │ ├── aes_gcm_parameters_test.cc
│ │ ├── aes_gcm_proto_serialization.cc
│ │ ├── aes_gcm_proto_serialization.h
│ │ ├── aes_gcm_proto_serialization_test.cc
│ │ ├── aes_gcm_siv_key.cc
│ │ ├── aes_gcm_siv_key.h
│ │ ├── aes_gcm_siv_key_manager.h
│ │ ├── aes_gcm_siv_key_manager_test.cc
│ │ ├── aes_gcm_siv_key_test.cc
│ │ ├── aes_gcm_siv_parameters.cc
│ │ ├── aes_gcm_siv_parameters.h
│ │ ├── aes_gcm_siv_parameters_test.cc
│ │ ├── aes_gcm_siv_proto_serialization.cc
│ │ ├── aes_gcm_siv_proto_serialization.h
│ │ ├── aes_gcm_siv_proto_serialization_test.cc
│ │ ├── chacha20_poly1305_key.cc
│ │ ├── chacha20_poly1305_key.h
│ │ ├── chacha20_poly1305_key_test.cc
│ │ ├── chacha20_poly1305_parameters.cc
│ │ ├── chacha20_poly1305_parameters.h
│ │ ├── chacha20_poly1305_parameters_test.cc
│ │ ├── chacha20_poly1305_proto_serialization.cc
│ │ ├── chacha20_poly1305_proto_serialization.h
│ │ ├── chacha20_poly1305_proto_serialization_test.cc
│ │ ├── config_v0.cc
│ │ ├── config_v0.h
│ │ ├── config_v0_test.cc
│ │ ├── cord_aead.h
│ │ ├── cord_aead_wrapper.cc
│ │ ├── cord_aead_wrapper.h
│ │ ├── cord_aead_wrapper_test.cc
│ │ ├── failing_aead.cc
│ │ ├── failing_aead.h
│ │ ├── failing_aead_test.cc
│ │ ├── internal/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── aead_from_zero_copy.cc
│ │ │ ├── aead_from_zero_copy.h
│ │ │ ├── aead_from_zero_copy_test.cc
│ │ │ ├── aead_util.cc
│ │ │ ├── aead_util.h
│ │ │ ├── aead_util_test.cc
│ │ │ ├── config_v0.cc
│ │ │ ├── config_v0.h
│ │ │ ├── config_v0_test.cc
│ │ │ ├── cord_aes_gcm_boringssl.cc
│ │ │ ├── cord_aes_gcm_boringssl.h
│ │ │ ├── cord_aes_gcm_boringssl_test.cc
│ │ │ ├── key_gen_config_v0.cc
│ │ │ ├── key_gen_config_v0.h
│ │ │ ├── mock_zero_copy_aead.h
│ │ │ ├── ssl_aead.cc
│ │ │ ├── ssl_aead.h
│ │ │ ├── ssl_aead_large_inputs_test.cc
│ │ │ ├── ssl_aead_test.cc
│ │ │ ├── wycheproof_aead.cc
│ │ │ ├── wycheproof_aead.h
│ │ │ ├── zero_copy_aead.h
│ │ │ ├── zero_copy_aead_wrapper.cc
│ │ │ ├── zero_copy_aead_wrapper.h
│ │ │ ├── zero_copy_aead_wrapper_test.cc
│ │ │ ├── zero_copy_aes_gcm_boringssl.cc
│ │ │ ├── zero_copy_aes_gcm_boringssl.h
│ │ │ └── zero_copy_aes_gcm_boringssl_test.cc
│ │ ├── key_gen_config_v0.cc
│ │ ├── key_gen_config_v0.h
│ │ ├── kms_aead_key_manager.h
│ │ ├── kms_aead_key_manager_test.cc
│ │ ├── kms_envelope_aead.cc
│ │ ├── kms_envelope_aead.h
│ │ ├── kms_envelope_aead_key_manager.cc
│ │ ├── kms_envelope_aead_key_manager.h
│ │ ├── kms_envelope_aead_key_manager_test.cc
│ │ ├── kms_envelope_aead_test.cc
│ │ ├── mock_aead.h
│ │ ├── subtle/
│ │ │ ├── BUILD.bazel
│ │ │ └── CMakeLists.txt
│ │ ├── xchacha20_poly1305_key.cc
│ │ ├── xchacha20_poly1305_key.h
│ │ ├── xchacha20_poly1305_key_manager.h
│ │ ├── xchacha20_poly1305_key_manager_test.cc
│ │ ├── xchacha20_poly1305_key_test.cc
│ │ ├── xchacha20_poly1305_parameters.cc
│ │ ├── xchacha20_poly1305_parameters.h
│ │ ├── xchacha20_poly1305_parameters_test.cc
│ │ ├── xchacha20_poly1305_proto_serialization.cc
│ │ ├── xchacha20_poly1305_proto_serialization.h
│ │ └── xchacha20_poly1305_proto_serialization_test.cc
│ ├── aead.h
│ ├── aead_config.h
│ ├── aead_factory.h
│ ├── aead_key_templates.h
│ ├── big_integer.h
│ ├── binary_keyset_reader.h
│ ├── binary_keyset_writer.h
│ ├── chunked_mac.h
│ ├── cleartext_keyset_handle.h
│ ├── config/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── config_util.cc
│ │ ├── config_util.h
│ │ ├── config_util_test.cc
│ │ ├── fips_140_2.cc
│ │ ├── fips_140_2.h
│ │ ├── fips_140_2_test.cc
│ │ ├── global_registry.cc
│ │ ├── global_registry.h
│ │ ├── global_registry_test.cc
│ │ ├── internal/
│ │ │ ├── BUILD.bazel
│ │ │ └── CMakeLists.txt
│ │ ├── key_gen_fips_140_2.cc
│ │ ├── key_gen_fips_140_2.h
│ │ ├── key_gen_fips_140_2_test.cc
│ │ ├── key_gen_v0.cc
│ │ ├── key_gen_v0.h
│ │ ├── tink_config.cc
│ │ ├── tink_config.h
│ │ ├── tink_config_test.cc
│ │ ├── tink_fips.cc
│ │ ├── tink_fips.h
│ │ ├── tink_fips_test.cc
│ │ ├── v0.cc
│ │ ├── v0.h
│ │ └── v0_test.cc
│ ├── configuration.h
│ ├── core/
│ │ ├── big_integer.cc
│ │ ├── big_integer_test.cc
│ │ ├── binary_keyset_reader.cc
│ │ ├── binary_keyset_reader_test.cc
│ │ ├── binary_keyset_writer.cc
│ │ ├── binary_keyset_writer_test.cc
│ │ ├── cleartext_keyset_handle.cc
│ │ ├── cleartext_keyset_handle_test.cc
│ │ ├── crypto_format.cc
│ │ ├── crypto_format_test.cc
│ │ ├── ec_point_test.cc
│ │ ├── json_keyset_reader.cc
│ │ ├── json_keyset_reader_test.cc
│ │ ├── json_keyset_writer.cc
│ │ ├── json_keyset_writer_test.cc
│ │ ├── key_access_test.cc
│ │ ├── key_manager.cc
│ │ ├── key_manager_impl.h
│ │ ├── key_manager_impl_test.cc
│ │ ├── key_manager_test.cc
│ │ ├── key_type_manager.h
│ │ ├── key_type_manager_test.cc
│ │ ├── keyset_handle.cc
│ │ ├── keyset_handle_builder.cc
│ │ ├── keyset_handle_builder_test.cc
│ │ ├── keyset_handle_test.cc
│ │ ├── keyset_manager.cc
│ │ ├── keyset_manager_test.cc
│ │ ├── kms_clients.cc
│ │ ├── kms_clients_test.cc
│ │ ├── partial_key_access_token_test.cc
│ │ ├── primitive_set_test.cc
│ │ ├── private_key_manager_impl.h
│ │ ├── private_key_manager_impl_test.cc
│ │ ├── private_key_type_manager.h
│ │ ├── restricted_big_integer.cc
│ │ ├── restricted_big_integer_test.cc
│ │ ├── restricted_data.cc
│ │ ├── restricted_data_test.cc
│ │ ├── template_util.h
│ │ ├── template_util_test.cc
│ │ ├── version.cc
│ │ └── version_test.cc
│ ├── crypto_format.h
│ ├── daead/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── aes_siv_key.cc
│ │ ├── aes_siv_key.h
│ │ ├── aes_siv_key_manager.h
│ │ ├── aes_siv_key_manager_test.cc
│ │ ├── aes_siv_key_test.cc
│ │ ├── aes_siv_parameters.cc
│ │ ├── aes_siv_parameters.h
│ │ ├── aes_siv_parameters_test.cc
│ │ ├── aes_siv_proto_serialization.cc
│ │ ├── aes_siv_proto_serialization.h
│ │ ├── aes_siv_proto_serialization_test.cc
│ │ ├── config_v0.cc
│ │ ├── config_v0.h
│ │ ├── config_v0_test.cc
│ │ ├── deterministic_aead_config.cc
│ │ ├── deterministic_aead_config.h
│ │ ├── deterministic_aead_config_test.cc
│ │ ├── deterministic_aead_factory.cc
│ │ ├── deterministic_aead_factory.h
│ │ ├── deterministic_aead_factory_test.cc
│ │ ├── deterministic_aead_key.h
│ │ ├── deterministic_aead_key_templates.cc
│ │ ├── deterministic_aead_key_templates.h
│ │ ├── deterministic_aead_key_templates_test.cc
│ │ ├── deterministic_aead_parameters.h
│ │ ├── deterministic_aead_wrapper.cc
│ │ ├── deterministic_aead_wrapper.h
│ │ ├── deterministic_aead_wrapper_test.cc
│ │ ├── failing_daead.cc
│ │ ├── failing_daead.h
│ │ ├── failing_daead_test.cc
│ │ ├── internal/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── config_v0.cc
│ │ │ ├── config_v0.h
│ │ │ ├── config_v0_test.cc
│ │ │ ├── key_gen_config_v0.cc
│ │ │ └── key_gen_config_v0.h
│ │ ├── key_gen_config_v0.cc
│ │ ├── key_gen_config_v0.h
│ │ └── subtle/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── aead_or_daead.cc
│ │ ├── aead_or_daead.h
│ │ └── aead_or_daead_test.cc
│ ├── deterministic_aead.h
│ ├── deterministic_aead_config.h
│ ├── deterministic_aead_factory.h
│ ├── deterministic_aead_key_templates.h
│ ├── ec_point.h
│ ├── examples/
│ │ ├── .bazelrc
│ │ ├── .bazelversion
│ │ ├── CMakeLists.txt
│ │ ├── WORKSPACE
│ │ ├── aead/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── aead_cli.cc
│ │ │ ├── aead_cli_test.sh
│ │ │ └── aead_test_keyset.json
│ │ ├── daead/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── deterministic_aead_cli.cc
│ │ │ ├── deterministic_aead_cli_test.sh
│ │ │ └── deterministic_aead_test_keyset.json
│ │ ├── digital_signatures/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── digital_signature_private_keyset.json
│ │ │ ├── digital_signature_public_keyset.json
│ │ │ ├── digital_signatures_cli.cc
│ │ │ └── digital_signatures_cli_test.sh
│ │ ├── hybrid_encryption/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── hybrid_cli.cc
│ │ │ ├── hybrid_cli_test.sh
│ │ │ └── testdata/
│ │ │ ├── BUILD.bazel
│ │ │ ├── hpke_test_private_keyset.json
│ │ │ ├── hpke_test_public_keyset.json
│ │ │ ├── hybrid_test_private_keyset.json
│ │ │ └── hybrid_test_public_keyset.json
│ │ ├── jwt/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── jwt_generate_public_jwk_set.cc
│ │ │ ├── jwt_sign.cc
│ │ │ ├── jwt_signature_cli_test.sh
│ │ │ ├── jwt_signature_private_keyset.json
│ │ │ ├── jwt_signature_public_keyset.json
│ │ │ └── jwt_verify.cc
│ │ ├── key_derivation/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── key_derivation_cli.cc
│ │ │ ├── key_derivation_cli_test.sh
│ │ │ └── keyset.json
│ │ ├── mac/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── mac_cli.cc
│ │ │ ├── mac_cli_test.sh
│ │ │ └── mac_test_keyset.json
│ │ ├── util/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── util.cc
│ │ │ └── util.h
│ │ └── walkthrough/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── create_keyset.cc
│ │ ├── create_keyset.h
│ │ ├── create_keyset_test.cc
│ │ ├── load_cleartext_keyset.cc
│ │ ├── load_cleartext_keyset.h
│ │ ├── load_cleartext_keyset_test.cc
│ │ ├── load_encrypted_keyset.cc
│ │ ├── load_encrypted_keyset.h
│ │ ├── load_encrypted_keyset_test.cc
│ │ ├── obtain_and_use_a_primitive.cc
│ │ ├── obtain_and_use_a_primitive.h
│ │ ├── obtain_and_use_a_primitive_test.cc
│ │ ├── test_util.cc
│ │ ├── test_util.h
│ │ ├── write_cleartext_keyset.cc
│ │ ├── write_cleartext_keyset.h
│ │ ├── write_cleartext_keyset_test.cc
│ │ ├── write_keyset.cc
│ │ ├── write_keyset.h
│ │ └── write_keyset_test.cc
│ ├── experimental/
│ │ └── pqcrypto/
│ │ ├── README.md
│ │ ├── kem/
│ │ │ ├── BUILD.bazel
│ │ │ ├── cecpq2_aead_hkdf_dem_helper.cc
│ │ │ ├── cecpq2_aead_hkdf_dem_helper.h
│ │ │ ├── cecpq2_aead_hkdf_dem_helper_test.cc
│ │ │ ├── cecpq2_aead_hkdf_private_key_manager.cc
│ │ │ ├── cecpq2_aead_hkdf_private_key_manager.h
│ │ │ ├── cecpq2_aead_hkdf_private_key_manager_test.cc
│ │ │ ├── cecpq2_aead_hkdf_public_key_manager.cc
│ │ │ ├── cecpq2_aead_hkdf_public_key_manager.h
│ │ │ ├── cecpq2_aead_hkdf_public_key_manager_test.cc
│ │ │ ├── cecpq2_hybrid_config.cc
│ │ │ ├── cecpq2_hybrid_config.h
│ │ │ ├── cecpq2_hybrid_config_test.cc
│ │ │ ├── cecpq2_hybrid_key_templates.cc
│ │ │ ├── cecpq2_hybrid_key_templates.h
│ │ │ ├── cecpq2_hybrid_key_templates_test.cc
│ │ │ ├── subtle/
│ │ │ │ ├── BUILD.bazel
│ │ │ │ ├── cecpq2_aead_hkdf_hybrid_decrypt.cc
│ │ │ │ ├── cecpq2_aead_hkdf_hybrid_decrypt.h
│ │ │ │ ├── cecpq2_aead_hkdf_hybrid_decrypt_test.cc
│ │ │ │ ├── cecpq2_aead_hkdf_hybrid_encrypt.cc
│ │ │ │ ├── cecpq2_aead_hkdf_hybrid_encrypt.h
│ │ │ │ ├── cecpq2_aead_hkdf_hybrid_encrypt_test.cc
│ │ │ │ ├── cecpq2_hkdf_recipient_kem_boringssl.cc
│ │ │ │ ├── cecpq2_hkdf_recipient_kem_boringssl.h
│ │ │ │ ├── cecpq2_hkdf_recipient_kem_boringssl_test.cc
│ │ │ │ ├── cecpq2_hkdf_sender_kem_boringssl.cc
│ │ │ │ ├── cecpq2_hkdf_sender_kem_boringssl.h
│ │ │ │ ├── cecpq2_hkdf_sender_kem_boringssl_test.cc
│ │ │ │ ├── cecpq2_subtle_boringssl_util.cc
│ │ │ │ ├── cecpq2_subtle_boringssl_util.h
│ │ │ │ └── cecpq2_subtle_boringssl_util_test.cc
│ │ │ └── util/
│ │ │ ├── BUILD.bazel
│ │ │ ├── test_util.cc
│ │ │ ├── test_util.h
│ │ │ └── test_util_test.cc
│ │ ├── proto/
│ │ │ └── BUILD.bazel
│ │ └── signature/
│ │ ├── dilithium_key_template.cc
│ │ ├── dilithium_key_template.h
│ │ ├── dilithium_key_template_test.cc
│ │ ├── dilithium_sign_key_manager.cc
│ │ ├── dilithium_sign_key_manager.h
│ │ ├── dilithium_sign_key_manager_test.cc
│ │ ├── dilithium_verify_key_manager.cc
│ │ ├── dilithium_verify_key_manager.h
│ │ ├── dilithium_verify_key_manager_test.cc
│ │ ├── falcon_key_template.cc
│ │ ├── falcon_key_template.h
│ │ ├── falcon_key_template_test.cc
│ │ ├── falcon_sign_key_manager.cc
│ │ ├── falcon_sign_key_manager.h
│ │ ├── falcon_sign_key_manager_test.cc
│ │ ├── falcon_verify_key_manager.cc
│ │ ├── falcon_verify_key_manager.h
│ │ ├── falcon_verify_key_manager_test.cc
│ │ ├── signature_config.cc
│ │ ├── signature_config.h
│ │ ├── signature_config_test.cc
│ │ ├── signature_config_util_test.cc
│ │ ├── slh_dsa_parameters.cc
│ │ ├── slh_dsa_parameters.h
│ │ ├── slh_dsa_parameters_test.cc
│ │ ├── slh_dsa_private_key.cc
│ │ ├── slh_dsa_private_key.h
│ │ ├── slh_dsa_private_key_test.cc
│ │ ├── slh_dsa_proto_serialization.cc
│ │ ├── slh_dsa_proto_serialization.h
│ │ ├── slh_dsa_proto_serialization_test.cc
│ │ ├── slh_dsa_public_key.cc
│ │ ├── slh_dsa_public_key.h
│ │ ├── slh_dsa_public_key_test.cc
│ │ ├── sphincs_key_template.cc
│ │ ├── sphincs_key_template.h
│ │ ├── sphincs_key_template_test.cc
│ │ ├── sphincs_sign_key_manager.cc
│ │ ├── sphincs_sign_key_manager.h
│ │ ├── sphincs_sign_key_manager_test.cc
│ │ ├── sphincs_verify_key_manager.cc
│ │ ├── sphincs_verify_key_manager.h
│ │ ├── sphincs_verify_key_manager_test.cc
│ │ ├── subtle/
│ │ │ ├── dilithium_avx2_sign.cc
│ │ │ ├── dilithium_avx2_sign.h
│ │ │ ├── dilithium_avx2_sign_test.cc
│ │ │ ├── dilithium_avx2_verify.cc
│ │ │ ├── dilithium_avx2_verify.h
│ │ │ ├── dilithium_avx2_verify_test.cc
│ │ │ ├── dilithium_key.cc
│ │ │ ├── dilithium_key.h
│ │ │ ├── dilithium_key_test.cc
│ │ │ ├── falcon_sign.cc
│ │ │ ├── falcon_sign.h
│ │ │ ├── falcon_sign_test.cc
│ │ │ ├── falcon_subtle_utils.cc
│ │ │ ├── falcon_subtle_utils.h
│ │ │ ├── falcon_subtle_utils_test.cc
│ │ │ ├── falcon_verify.cc
│ │ │ ├── falcon_verify.h
│ │ │ ├── falcon_verify_test.cc
│ │ │ ├── sphincs_helper_pqclean.cc
│ │ │ ├── sphincs_helper_pqclean.h
│ │ │ ├── sphincs_sign.cc
│ │ │ ├── sphincs_sign.h
│ │ │ ├── sphincs_sign_test.cc
│ │ │ ├── sphincs_subtle_utils.cc
│ │ │ ├── sphincs_subtle_utils.h
│ │ │ ├── sphincs_subtle_utils_test.cc
│ │ │ ├── sphincs_verify.cc
│ │ │ ├── sphincs_verify.h
│ │ │ └── sphincs_verify_test.cc
│ │ └── util/
│ │ ├── enums.cc
│ │ ├── enums.h
│ │ └── enums_test.cc
│ ├── exported_symbols.lds
│ ├── hybrid/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── config_v0.cc
│ │ ├── config_v0.h
│ │ ├── config_v0_test.cc
│ │ ├── ecies_aead_hkdf_dem_helper.cc
│ │ ├── ecies_aead_hkdf_dem_helper.h
│ │ ├── ecies_aead_hkdf_dem_helper_test.cc
│ │ ├── ecies_aead_hkdf_hybrid_decrypt.cc
│ │ ├── ecies_aead_hkdf_hybrid_decrypt.h
│ │ ├── ecies_aead_hkdf_hybrid_decrypt_test.cc
│ │ ├── ecies_aead_hkdf_hybrid_encrypt.cc
│ │ ├── ecies_aead_hkdf_hybrid_encrypt.h
│ │ ├── ecies_aead_hkdf_hybrid_encrypt_test.cc
│ │ ├── ecies_aead_hkdf_private_key_manager.cc
│ │ ├── ecies_aead_hkdf_private_key_manager.h
│ │ ├── ecies_aead_hkdf_private_key_manager_test.cc
│ │ ├── ecies_aead_hkdf_public_key_manager.cc
│ │ ├── ecies_aead_hkdf_public_key_manager.h
│ │ ├── ecies_aead_hkdf_public_key_manager_test.cc
│ │ ├── ecies_parameters.cc
│ │ ├── ecies_parameters.h
│ │ ├── ecies_parameters_test.cc
│ │ ├── ecies_private_key.cc
│ │ ├── ecies_private_key.h
│ │ ├── ecies_private_key_test.cc
│ │ ├── ecies_proto_serialization.cc
│ │ ├── ecies_proto_serialization.h
│ │ ├── ecies_proto_serialization_test.cc
│ │ ├── ecies_public_key.cc
│ │ ├── ecies_public_key.h
│ │ ├── ecies_public_key_test.cc
│ │ ├── failing_hybrid.cc
│ │ ├── failing_hybrid.h
│ │ ├── failing_hybrid_test.cc
│ │ ├── hpke_config.cc
│ │ ├── hpke_config.h
│ │ ├── hpke_config_test.cc
│ │ ├── hpke_parameters.cc
│ │ ├── hpke_parameters.h
│ │ ├── hpke_parameters_test.cc
│ │ ├── hpke_private_key.cc
│ │ ├── hpke_private_key.h
│ │ ├── hpke_private_key_test.cc
│ │ ├── hpke_proto_serialization.cc
│ │ ├── hpke_proto_serialization.h
│ │ ├── hpke_proto_serialization_test.cc
│ │ ├── hpke_public_key.cc
│ │ ├── hpke_public_key.h
│ │ ├── hpke_public_key_test.cc
│ │ ├── hybrid_config.cc
│ │ ├── hybrid_config.h
│ │ ├── hybrid_config_test.cc
│ │ ├── hybrid_decrypt_factory.cc
│ │ ├── hybrid_decrypt_factory.h
│ │ ├── hybrid_decrypt_factory_test.cc
│ │ ├── hybrid_decrypt_wrapper.cc
│ │ ├── hybrid_decrypt_wrapper.h
│ │ ├── hybrid_decrypt_wrapper_test.cc
│ │ ├── hybrid_encrypt_factory.cc
│ │ ├── hybrid_encrypt_factory.h
│ │ ├── hybrid_encrypt_factory_test.cc
│ │ ├── hybrid_encrypt_wrapper.cc
│ │ ├── hybrid_encrypt_wrapper.h
│ │ ├── hybrid_encrypt_wrapper_test.cc
│ │ ├── hybrid_key_templates.cc
│ │ ├── hybrid_key_templates.h
│ │ ├── hybrid_key_templates_test.cc
│ │ ├── hybrid_parameters.h
│ │ ├── hybrid_private_key.h
│ │ ├── hybrid_public_key.h
│ │ ├── internal/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── config_v0.cc
│ │ │ ├── config_v0.h
│ │ │ ├── config_v0_test.cc
│ │ │ ├── hpke_context.cc
│ │ │ ├── hpke_context.h
│ │ │ ├── hpke_context_boringssl.cc
│ │ │ ├── hpke_context_boringssl.h
│ │ │ ├── hpke_context_boringssl_test.cc
│ │ │ ├── hpke_context_test.cc
│ │ │ ├── hpke_decrypt.cc
│ │ │ ├── hpke_decrypt.h
│ │ │ ├── hpke_decrypt_boringssl.cc
│ │ │ ├── hpke_decrypt_boringssl.h
│ │ │ ├── hpke_decrypt_boringssl_test.cc
│ │ │ ├── hpke_decrypt_test.cc
│ │ │ ├── hpke_encrypt.cc
│ │ │ ├── hpke_encrypt.h
│ │ │ ├── hpke_encrypt_boringssl.cc
│ │ │ ├── hpke_encrypt_boringssl.h
│ │ │ ├── hpke_encrypt_boringssl_test.cc
│ │ │ ├── hpke_encrypt_test.cc
│ │ │ ├── hpke_key_boringssl.cc
│ │ │ ├── hpke_key_boringssl.h
│ │ │ ├── hpke_key_boringssl_test.cc
│ │ │ ├── hpke_key_manager_util.cc
│ │ │ ├── hpke_key_manager_util.h
│ │ │ ├── hpke_key_manager_util_test.cc
│ │ │ ├── hpke_private_key_manager.cc
│ │ │ ├── hpke_private_key_manager.h
│ │ │ ├── hpke_private_key_manager_test.cc
│ │ │ ├── hpke_public_key_manager.cc
│ │ │ ├── hpke_public_key_manager.h
│ │ │ ├── hpke_public_key_manager_test.cc
│ │ │ ├── hpke_test_util.cc
│ │ │ ├── hpke_test_util.h
│ │ │ ├── hpke_util.cc
│ │ │ ├── hpke_util.h
│ │ │ ├── hpke_util_boringssl.cc
│ │ │ ├── hpke_util_boringssl.h
│ │ │ ├── hpke_util_boringssl_test.cc
│ │ │ ├── hpke_util_test.cc
│ │ │ ├── key_gen_config_v0.cc
│ │ │ ├── key_gen_config_v0.h
│ │ │ ├── test_hpke_context_boringssl.cc
│ │ │ └── test_hpke_context_boringssl.h
│ │ ├── key_gen_config_v0.cc
│ │ ├── key_gen_config_v0.h
│ │ └── subtle/
│ │ ├── BUILD.bazel
│ │ └── CMakeLists.txt
│ ├── hybrid_config.h
│ ├── hybrid_decrypt.h
│ ├── hybrid_decrypt_factory.h
│ ├── hybrid_encrypt.h
│ ├── hybrid_encrypt_factory.h
│ ├── hybrid_key_templates.h
│ ├── input_stream.h
│ ├── insecure_secret_key_access.h
│ ├── integration/
│ │ ├── awskms/
│ │ │ ├── .bazelrc
│ │ │ ├── .bazelversion
│ │ │ ├── BUILD.bazel
│ │ │ ├── WORKSPACE
│ │ │ ├── aws_kms_aead.cc
│ │ │ ├── aws_kms_aead.h
│ │ │ ├── aws_kms_aead_integration_test.cc
│ │ │ ├── aws_kms_client.cc
│ │ │ ├── aws_kms_client.h
│ │ │ ├── aws_kms_client_test.cc
│ │ │ ├── internal/
│ │ │ │ ├── BUILD.bazel
│ │ │ │ ├── test_file_util.h
│ │ │ │ └── test_file_util_bazel.cc
│ │ │ ├── template_rule.bzl
│ │ │ ├── testdata/
│ │ │ │ └── aws/
│ │ │ │ ├── BUILD.bazel
│ │ │ │ ├── README.md
│ │ │ │ ├── access_keys_bad.csv
│ │ │ │ ├── credentials.cred
│ │ │ │ ├── credentials.csv
│ │ │ │ ├── credentials.ini
│ │ │ │ ├── credentials_bad.csv
│ │ │ │ ├── credentials_bad.ini
│ │ │ │ ├── key_arn.txt
│ │ │ │ └── key_arn_bad.txt
│ │ │ ├── third_party/
│ │ │ │ ├── aws_c_common.BUILD.bazel
│ │ │ │ ├── aws_c_event_stream.BUILD.bazel
│ │ │ │ ├── aws_checksums.BUILD.bazel
│ │ │ │ ├── aws_sdk_cpp.BUILD.bazel
│ │ │ │ ├── curl.BUILD.bazel
│ │ │ │ └── zlib.BUILD.bazel
│ │ │ └── tink_cc_awskms_deps.bzl
│ │ └── gcpkms/
│ │ ├── .bazelrc
│ │ ├── .bazelversion
│ │ ├── BUILD.bazel
│ │ ├── WORKSPACE
│ │ ├── gcp_kms_aead.cc
│ │ ├── gcp_kms_aead.h
│ │ ├── gcp_kms_aead_integration_test.cc
│ │ ├── gcp_kms_aead_test.cc
│ │ ├── gcp_kms_client.cc
│ │ ├── gcp_kms_client.h
│ │ ├── gcp_kms_client_test.cc
│ │ ├── gcp_kms_public_key_sign.cc
│ │ ├── gcp_kms_public_key_sign.h
│ │ ├── gcp_kms_public_key_sign_test.cc
│ │ ├── testdata/
│ │ │ └── gcp/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── credential.json
│ │ │ ├── credential_bad.json
│ │ │ ├── key_name.txt
│ │ │ └── key_name_bad.txt
│ │ ├── tink_cc_gcpkms_deps.bzl
│ │ └── tink_cc_gcpkms_deps_init.bzl
│ ├── internal/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── aes_util.cc
│ │ ├── aes_util.h
│ │ ├── aes_util_test.cc
│ │ ├── bn_encoding_util.cc
│ │ ├── bn_encoding_util.h
│ │ ├── bn_encoding_util_test.cc
│ │ ├── bn_util.cc
│ │ ├── bn_util.h
│ │ ├── bn_util_test.cc
│ │ ├── call_with_core_dump_protection.h
│ │ ├── call_with_core_dump_protection_test.cc
│ │ ├── configuration_impl.h
│ │ ├── configuration_impl_test.cc
│ │ ├── ec_util.cc
│ │ ├── ec_util.h
│ │ ├── ec_util_test.cc
│ │ ├── err_util.cc
│ │ ├── err_util.h
│ │ ├── err_util_test.cc
│ │ ├── fips_utils.cc
│ │ ├── fips_utils.h
│ │ ├── fips_utils_test.cc
│ │ ├── key_gen_configuration_impl.h
│ │ ├── key_gen_configuration_impl_test.cc
│ │ ├── key_info.cc
│ │ ├── key_info.h
│ │ ├── key_info_test.cc
│ │ ├── key_parser.h
│ │ ├── key_parser_test.cc
│ │ ├── key_serializer.h
│ │ ├── key_serializer_test.cc
│ │ ├── key_status_util.cc
│ │ ├── key_status_util.h
│ │ ├── key_status_util_test.cc
│ │ ├── key_type_info_store.cc
│ │ ├── key_type_info_store.h
│ │ ├── key_type_info_store_test.cc
│ │ ├── keyset_handle_builder_entry.cc
│ │ ├── keyset_handle_builder_entry.h
│ │ ├── keyset_handle_builder_entry_test.cc
│ │ ├── keyset_wrapper.h
│ │ ├── keyset_wrapper_impl.h
│ │ ├── keyset_wrapper_impl_test.cc
│ │ ├── keyset_wrapper_store.h
│ │ ├── keyset_wrapper_store_test.cc
│ │ ├── legacy_proto_key.cc
│ │ ├── legacy_proto_key.h
│ │ ├── legacy_proto_key_test.cc
│ │ ├── legacy_proto_parameters.cc
│ │ ├── legacy_proto_parameters.h
│ │ ├── legacy_proto_parameters_test.cc
│ │ ├── md_util.cc
│ │ ├── md_util.h
│ │ ├── md_util_test.cc
│ │ ├── monitoring_util.h
│ │ ├── monitoring_util_test.cc
│ │ ├── mutable_serialization_registry.cc
│ │ ├── mutable_serialization_registry.h
│ │ ├── mutable_serialization_registry_test.cc
│ │ ├── parameters_parser.h
│ │ ├── parameters_parser_test.cc
│ │ ├── parameters_serializer.h
│ │ ├── parameters_serializer_test.cc
│ │ ├── parser_index.h
│ │ ├── parser_index_test.cc
│ │ ├── proto_key_serialization.cc
│ │ ├── proto_key_serialization.h
│ │ ├── proto_key_serialization_test.cc
│ │ ├── proto_parameters_serialization.cc
│ │ ├── proto_parameters_serialization.h
│ │ ├── proto_parameters_serialization_test.cc
│ │ ├── registry_impl.cc
│ │ ├── registry_impl.h
│ │ ├── registry_impl_test.cc
│ │ ├── rsa_util.cc
│ │ ├── rsa_util.h
│ │ ├── rsa_util_test.cc
│ │ ├── safe_stringops.h
│ │ ├── safe_stringops_test.cc
│ │ ├── serialization.h
│ │ ├── serialization_registry.cc
│ │ ├── serialization_registry.h
│ │ ├── serialization_registry_test.cc
│ │ ├── serialization_test_util.h
│ │ ├── serialization_test_util_test.cc
│ │ ├── serializer_index.h
│ │ ├── serializer_index_test.cc
│ │ ├── ssl_unique_ptr.h
│ │ ├── ssl_util.h
│ │ ├── test_file_util.cc
│ │ ├── test_file_util.h
│ │ ├── test_file_util_bazel.cc
│ │ ├── test_file_util_cmake.cc
│ │ ├── test_random_access_stream.cc
│ │ ├── test_random_access_stream.h
│ │ ├── test_random_access_stream_test.cc
│ │ ├── util.cc
│ │ ├── util.h
│ │ └── util_test.cc
│ ├── json_keyset_reader.h
│ ├── json_keyset_writer.h
│ ├── jwt/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── internal/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── json_util.cc
│ │ │ ├── json_util.h
│ │ │ ├── json_util_test.cc
│ │ │ ├── jwt_ecdsa_sign_key_manager.cc
│ │ │ ├── jwt_ecdsa_sign_key_manager.h
│ │ │ ├── jwt_ecdsa_sign_verify_key_manager_test.cc
│ │ │ ├── jwt_ecdsa_verify_key_manager.cc
│ │ │ ├── jwt_ecdsa_verify_key_manager.h
│ │ │ ├── jwt_format.cc
│ │ │ ├── jwt_format.h
│ │ │ ├── jwt_format_test.cc
│ │ │ ├── jwt_hmac_key_manager.cc
│ │ │ ├── jwt_hmac_key_manager.h
│ │ │ ├── jwt_hmac_key_manager_test.cc
│ │ │ ├── jwt_mac_impl.cc
│ │ │ ├── jwt_mac_impl.h
│ │ │ ├── jwt_mac_impl_test.cc
│ │ │ ├── jwt_mac_internal.h
│ │ │ ├── jwt_mac_wrapper.cc
│ │ │ ├── jwt_mac_wrapper.h
│ │ │ ├── jwt_mac_wrapper_test.cc
│ │ │ ├── jwt_public_key_sign_impl.cc
│ │ │ ├── jwt_public_key_sign_impl.h
│ │ │ ├── jwt_public_key_sign_internal.h
│ │ │ ├── jwt_public_key_sign_verify_impl_test.cc
│ │ │ ├── jwt_public_key_sign_wrapper.cc
│ │ │ ├── jwt_public_key_sign_wrapper.h
│ │ │ ├── jwt_public_key_verify_impl.cc
│ │ │ ├── jwt_public_key_verify_impl.h
│ │ │ ├── jwt_public_key_verify_internal.h
│ │ │ ├── jwt_public_key_verify_wrapper.cc
│ │ │ ├── jwt_public_key_verify_wrapper.h
│ │ │ ├── jwt_public_key_wrappers_test.cc
│ │ │ ├── jwt_rsa_ssa_pkcs1_sign_key_manager.cc
│ │ │ ├── jwt_rsa_ssa_pkcs1_sign_key_manager.h
│ │ │ ├── jwt_rsa_ssa_pkcs1_sign_verify_key_manager_test.cc
│ │ │ ├── jwt_rsa_ssa_pkcs1_verify_key_manager.cc
│ │ │ ├── jwt_rsa_ssa_pkcs1_verify_key_manager.h
│ │ │ ├── jwt_rsa_ssa_pss_sign_key_manager.cc
│ │ │ ├── jwt_rsa_ssa_pss_sign_key_manager.h
│ │ │ ├── jwt_rsa_ssa_pss_sign_verify_key_manager_test.cc
│ │ │ ├── jwt_rsa_ssa_pss_verify_key_manager.cc
│ │ │ ├── jwt_rsa_ssa_pss_verify_key_manager.h
│ │ │ ├── raw_jwt_ecdsa_sign_key_manager.cc
│ │ │ ├── raw_jwt_ecdsa_sign_key_manager.h
│ │ │ ├── raw_jwt_ecdsa_sign_key_manager_test.cc
│ │ │ ├── raw_jwt_ecdsa_verify_key_manager.cc
│ │ │ ├── raw_jwt_ecdsa_verify_key_manager.h
│ │ │ ├── raw_jwt_ecdsa_verify_key_manager_test.cc
│ │ │ ├── raw_jwt_hmac_key_manager.cc
│ │ │ ├── raw_jwt_hmac_key_manager.h
│ │ │ ├── raw_jwt_hmac_key_manager_test.cc
│ │ │ ├── raw_jwt_rsa_ssa_pkcs1_sign_key_manager.cc
│ │ │ ├── raw_jwt_rsa_ssa_pkcs1_sign_key_manager.h
│ │ │ ├── raw_jwt_rsa_ssa_pkcs1_sign_key_manager_test.cc
│ │ │ ├── raw_jwt_rsa_ssa_pkcs1_verify_key_manager.cc
│ │ │ ├── raw_jwt_rsa_ssa_pkcs1_verify_key_manager.h
│ │ │ ├── raw_jwt_rsa_ssa_pkcs1_verify_key_manager_test.cc
│ │ │ ├── raw_jwt_rsa_ssa_pss_sign_key_manager.cc
│ │ │ ├── raw_jwt_rsa_ssa_pss_sign_key_manager.h
│ │ │ ├── raw_jwt_rsa_ssa_pss_sign_key_manager_test.cc
│ │ │ ├── raw_jwt_rsa_ssa_pss_verify_key_manager.cc
│ │ │ ├── raw_jwt_rsa_ssa_pss_verify_key_manager.h
│ │ │ └── raw_jwt_rsa_ssa_pss_verify_key_manager_test.cc
│ │ ├── jwk_set_converter.cc
│ │ ├── jwk_set_converter.h
│ │ ├── jwk_set_converter_test.cc
│ │ ├── jwt_hmac_key.cc
│ │ ├── jwt_hmac_key.h
│ │ ├── jwt_hmac_key_test.cc
│ │ ├── jwt_hmac_parameters.cc
│ │ ├── jwt_hmac_parameters.h
│ │ ├── jwt_hmac_parameters_test.cc
│ │ ├── jwt_hmac_proto_serialization.cc
│ │ ├── jwt_hmac_proto_serialization.h
│ │ ├── jwt_hmac_proto_serialization_test.cc
│ │ ├── jwt_key_templates.cc
│ │ ├── jwt_key_templates.h
│ │ ├── jwt_key_templates_test.cc
│ │ ├── jwt_mac.h
│ │ ├── jwt_mac_config.cc
│ │ ├── jwt_mac_config.h
│ │ ├── jwt_mac_config_test.cc
│ │ ├── jwt_mac_key.h
│ │ ├── jwt_mac_parameters.h
│ │ ├── jwt_public_key_sign.h
│ │ ├── jwt_public_key_verify.h
│ │ ├── jwt_signature_config.cc
│ │ ├── jwt_signature_config.h
│ │ ├── jwt_signature_config_test.cc
│ │ ├── jwt_signature_parameters.h
│ │ ├── jwt_signature_private_key.h
│ │ ├── jwt_signature_public_key.h
│ │ ├── jwt_validator.cc
│ │ ├── jwt_validator.h
│ │ ├── jwt_validator_test.cc
│ │ ├── raw_jwt.cc
│ │ ├── raw_jwt.h
│ │ ├── raw_jwt_test.cc
│ │ ├── verified_jwt.cc
│ │ ├── verified_jwt.h
│ │ └── verified_jwt_test.cc
│ ├── kem/
│ │ └── internal/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── raw_kem_decapsulate.h
│ │ └── raw_kem_encapsulate.h
│ ├── key.h
│ ├── key_access.h
│ ├── key_gen_configuration.h
│ ├── key_manager.h
│ ├── key_status.h
│ ├── keyderivation/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── internal/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── config_prf_for_deriver.h
│ │ │ ├── config_prf_for_deriver_test.cc
│ │ │ ├── key_derivers.cc
│ │ │ ├── key_derivers.h
│ │ │ ├── key_derivers_test.cc
│ │ │ ├── prf_based_deriver.cc
│ │ │ ├── prf_based_deriver.h
│ │ │ ├── prf_based_deriver_key_manager.h
│ │ │ ├── prf_based_deriver_key_manager_test.cc
│ │ │ └── prf_based_deriver_test.cc
│ │ ├── key_derivation_config.cc
│ │ ├── key_derivation_config.h
│ │ ├── key_derivation_config_test.cc
│ │ ├── key_derivation_key_templates.cc
│ │ ├── key_derivation_key_templates.h
│ │ ├── key_derivation_key_templates_test.cc
│ │ ├── keyset_deriver.h
│ │ ├── keyset_deriver_test.cc
│ │ ├── keyset_deriver_wrapper.cc
│ │ ├── keyset_deriver_wrapper.h
│ │ ├── keyset_deriver_wrapper_test.cc
│ │ └── subtle/
│ │ ├── BUILD.bazel
│ │ └── CMakeLists.txt
│ ├── keyset_handle.h
│ ├── keyset_handle_builder.h
│ ├── keyset_manager.h
│ ├── keyset_reader.h
│ ├── keyset_writer.h
│ ├── kms_client.h
│ ├── kms_clients.h
│ ├── mac/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── aes_cmac_key.cc
│ │ ├── aes_cmac_key.h
│ │ ├── aes_cmac_key_manager.h
│ │ ├── aes_cmac_key_manager_test.cc
│ │ ├── aes_cmac_key_test.cc
│ │ ├── aes_cmac_parameters.cc
│ │ ├── aes_cmac_parameters.h
│ │ ├── aes_cmac_parameters_test.cc
│ │ ├── aes_cmac_proto_serialization.cc
│ │ ├── aes_cmac_proto_serialization.h
│ │ ├── aes_cmac_proto_serialization_test.cc
│ │ ├── config_v0.cc
│ │ ├── config_v0.h
│ │ ├── config_v0_test.cc
│ │ ├── failing_mac.cc
│ │ ├── failing_mac.h
│ │ ├── failing_mac_test.cc
│ │ ├── hmac_key.cc
│ │ ├── hmac_key.h
│ │ ├── hmac_key_manager.cc
│ │ ├── hmac_key_manager.h
│ │ ├── hmac_key_manager_test.cc
│ │ ├── hmac_key_test.cc
│ │ ├── hmac_parameters.cc
│ │ ├── hmac_parameters.h
│ │ ├── hmac_parameters_test.cc
│ │ ├── hmac_proto_serialization.cc
│ │ ├── hmac_proto_serialization.h
│ │ ├── hmac_proto_serialization_test.cc
│ │ ├── internal/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── chunked_mac_impl.cc
│ │ │ ├── chunked_mac_impl.h
│ │ │ ├── chunked_mac_impl_test.cc
│ │ │ ├── chunked_mac_test.cc
│ │ │ ├── chunked_mac_wrapper.cc
│ │ │ ├── chunked_mac_wrapper.h
│ │ │ ├── chunked_mac_wrapper_test.cc
│ │ │ ├── config_v0.cc
│ │ │ ├── config_v0.h
│ │ │ ├── config_v0_test.cc
│ │ │ ├── key_gen_config_v0.cc
│ │ │ └── key_gen_config_v0.h
│ │ ├── key_gen_config_v0.cc
│ │ ├── key_gen_config_v0.h
│ │ ├── mac_config.cc
│ │ ├── mac_config.h
│ │ ├── mac_config_test.cc
│ │ ├── mac_factory.cc
│ │ ├── mac_factory.h
│ │ ├── mac_factory_test.cc
│ │ ├── mac_key.h
│ │ ├── mac_key_templates.cc
│ │ ├── mac_key_templates.h
│ │ ├── mac_key_templates_test.cc
│ │ ├── mac_parameters.h
│ │ ├── mac_wrapper.cc
│ │ ├── mac_wrapper.h
│ │ ├── mac_wrapper_test.cc
│ │ └── subtle/
│ │ ├── BUILD.bazel
│ │ └── CMakeLists.txt
│ ├── mac.h
│ ├── mac_config.h
│ ├── mac_factory.h
│ ├── mac_key_templates.h
│ ├── monitoring/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── monitoring.h
│ │ └── monitoring_client_mocks.h
│ ├── output_stream.h
│ ├── output_stream_with_result.h
│ ├── parameters.h
│ ├── partial_key_access.h
│ ├── partial_key_access_token.h
│ ├── prf/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── aes_cmac_prf_key_manager.h
│ │ ├── aes_cmac_prf_key_manager_test.cc
│ │ ├── config_v0.cc
│ │ ├── config_v0.h
│ │ ├── config_v0_test.cc
│ │ ├── failing_prfset.cc
│ │ ├── failing_prfset.h
│ │ ├── failing_prfset_test.cc
│ │ ├── hkdf_prf_key_manager.h
│ │ ├── hkdf_prf_key_manager_test.cc
│ │ ├── hmac_prf_key_manager.cc
│ │ ├── hmac_prf_key_manager.h
│ │ ├── hmac_prf_key_manager_test.cc
│ │ ├── internal/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── config_v0.cc
│ │ │ ├── config_v0.h
│ │ │ ├── config_v0_test.cc
│ │ │ ├── key_gen_config_v0.cc
│ │ │ └── key_gen_config_v0.h
│ │ ├── key_gen_config_v0.cc
│ │ ├── key_gen_config_v0.h
│ │ ├── prf_config.cc
│ │ ├── prf_config.h
│ │ ├── prf_config_test.cc
│ │ ├── prf_key_templates.cc
│ │ ├── prf_key_templates.h
│ │ ├── prf_key_templates_test.cc
│ │ ├── prf_set.cc
│ │ ├── prf_set.h
│ │ ├── prf_set_test.cc
│ │ ├── prf_set_wrapper.cc
│ │ ├── prf_set_wrapper.h
│ │ ├── prf_set_wrapper_test.cc
│ │ └── subtle/
│ │ ├── BUILD.bazel
│ │ └── CMakeLists.txt
│ ├── primitive_set.h
│ ├── primitive_wrapper.h
│ ├── private_key.h
│ ├── proto/
│ │ ├── BUILD.bazel
│ │ ├── aes_cmac.proto
│ │ ├── aes_cmac_prf.proto
│ │ ├── aes_ctr.proto
│ │ ├── aes_ctr_hmac_aead.proto
│ │ ├── aes_ctr_hmac_streaming.proto
│ │ ├── aes_eax.proto
│ │ ├── aes_gcm.proto
│ │ ├── aes_gcm_hkdf_streaming.proto
│ │ ├── aes_gcm_siv.proto
│ │ ├── aes_siv.proto
│ │ ├── chacha20_poly1305.proto
│ │ ├── common.proto
│ │ ├── config.proto
│ │ ├── ecdsa.proto
│ │ ├── ecies_aead_hkdf.proto
│ │ ├── ed25519.proto
│ │ ├── empty.proto
│ │ ├── experimental/
│ │ │ └── pqcrypto/
│ │ │ ├── BUILD.bazel
│ │ │ ├── cecpq2_aead_hkdf.proto
│ │ │ ├── dilithium.proto
│ │ │ ├── falcon.proto
│ │ │ ├── slh_dsa.proto
│ │ │ └── sphincs.proto
│ │ ├── hkdf_prf.proto
│ │ ├── hmac.proto
│ │ ├── hmac_prf.proto
│ │ ├── hpke.proto
│ │ ├── jwt_ecdsa.proto
│ │ ├── jwt_hmac.proto
│ │ ├── jwt_rsa_ssa_pkcs1.proto
│ │ ├── jwt_rsa_ssa_pss.proto
│ │ ├── kms_aead.proto
│ │ ├── kms_envelope.proto
│ │ ├── prf_based_deriver.proto
│ │ ├── rsa_ssa_pkcs1.proto
│ │ ├── rsa_ssa_pss.proto
│ │ ├── test_proto.proto
│ │ ├── tink.proto
│ │ └── xchacha20_poly1305.proto
│ ├── proto_keyset_format.cc
│ ├── proto_keyset_format.h
│ ├── proto_keyset_format_test.cc
│ ├── public_key_sign.h
│ ├── public_key_sign_factory.h
│ ├── public_key_verify.h
│ ├── public_key_verify_factory.h
│ ├── random_access_stream.h
│ ├── registry.h
│ ├── restricted_big_integer.h
│ ├── restricted_data.h
│ ├── secret_key_access.h
│ ├── secret_key_access_token.h
│ ├── signature/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── config_v0.cc
│ │ ├── config_v0.h
│ │ ├── config_v0_test.cc
│ │ ├── ecdsa_parameters.cc
│ │ ├── ecdsa_parameters.h
│ │ ├── ecdsa_parameters_test.cc
│ │ ├── ecdsa_private_key.cc
│ │ ├── ecdsa_private_key.h
│ │ ├── ecdsa_private_key_test.cc
│ │ ├── ecdsa_proto_serialization.cc
│ │ ├── ecdsa_proto_serialization.h
│ │ ├── ecdsa_proto_serialization_test.cc
│ │ ├── ecdsa_public_key.cc
│ │ ├── ecdsa_public_key.h
│ │ ├── ecdsa_public_key_test.cc
│ │ ├── ecdsa_sign_key_manager.cc
│ │ ├── ecdsa_sign_key_manager.h
│ │ ├── ecdsa_sign_key_manager_test.cc
│ │ ├── ecdsa_verify_key_manager.cc
│ │ ├── ecdsa_verify_key_manager.h
│ │ ├── ecdsa_verify_key_manager_test.cc
│ │ ├── ed25519_parameters.cc
│ │ ├── ed25519_parameters.h
│ │ ├── ed25519_parameters_test.cc
│ │ ├── ed25519_private_key.cc
│ │ ├── ed25519_private_key.h
│ │ ├── ed25519_private_key_test.cc
│ │ ├── ed25519_proto_serialization.cc
│ │ ├── ed25519_proto_serialization.h
│ │ ├── ed25519_proto_serialization_test.cc
│ │ ├── ed25519_public_key.cc
│ │ ├── ed25519_public_key.h
│ │ ├── ed25519_public_key_test.cc
│ │ ├── ed25519_sign_key_manager.cc
│ │ ├── ed25519_sign_key_manager.h
│ │ ├── ed25519_sign_key_manager_test.cc
│ │ ├── ed25519_verify_key_manager.cc
│ │ ├── ed25519_verify_key_manager.h
│ │ ├── ed25519_verify_key_manager_test.cc
│ │ ├── failing_signature.cc
│ │ ├── failing_signature.h
│ │ ├── failing_signature_test.cc
│ │ ├── internal/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── config_fips_140_2.cc
│ │ │ ├── config_fips_140_2.h
│ │ │ ├── config_fips_140_2_test.cc
│ │ │ ├── config_v0.cc
│ │ │ ├── config_v0.h
│ │ │ ├── config_v0_test.cc
│ │ │ ├── ecdsa_raw_sign_boringssl.cc
│ │ │ ├── ecdsa_raw_sign_boringssl.h
│ │ │ ├── ecdsa_raw_sign_boringssl_test.cc
│ │ │ ├── key_gen_config_v0.cc
│ │ │ └── key_gen_config_v0.h
│ │ ├── key_gen_config_v0.cc
│ │ ├── key_gen_config_v0.h
│ │ ├── public_key_sign_factory.cc
│ │ ├── public_key_sign_factory.h
│ │ ├── public_key_sign_factory_test.cc
│ │ ├── public_key_sign_wrapper.cc
│ │ ├── public_key_sign_wrapper.h
│ │ ├── public_key_sign_wrapper_test.cc
│ │ ├── public_key_verify_factory.cc
│ │ ├── public_key_verify_factory.h
│ │ ├── public_key_verify_factory_test.cc
│ │ ├── public_key_verify_wrapper.cc
│ │ ├── public_key_verify_wrapper.h
│ │ ├── public_key_verify_wrapper_test.cc
│ │ ├── rsa_ssa_pkcs1_parameters.cc
│ │ ├── rsa_ssa_pkcs1_parameters.h
│ │ ├── rsa_ssa_pkcs1_parameters_test.cc
│ │ ├── rsa_ssa_pkcs1_private_key.cc
│ │ ├── rsa_ssa_pkcs1_private_key.h
│ │ ├── rsa_ssa_pkcs1_private_key_test.cc
│ │ ├── rsa_ssa_pkcs1_proto_serialization.cc
│ │ ├── rsa_ssa_pkcs1_proto_serialization.h
│ │ ├── rsa_ssa_pkcs1_proto_serialization_test.cc
│ │ ├── rsa_ssa_pkcs1_public_key.cc
│ │ ├── rsa_ssa_pkcs1_public_key.h
│ │ ├── rsa_ssa_pkcs1_public_key_test.cc
│ │ ├── rsa_ssa_pkcs1_sign_key_manager.cc
│ │ ├── rsa_ssa_pkcs1_sign_key_manager.h
│ │ ├── rsa_ssa_pkcs1_sign_key_manager_test.cc
│ │ ├── rsa_ssa_pkcs1_verify_key_manager.cc
│ │ ├── rsa_ssa_pkcs1_verify_key_manager.h
│ │ ├── rsa_ssa_pkcs1_verify_key_manager_test.cc
│ │ ├── rsa_ssa_pss_parameters.cc
│ │ ├── rsa_ssa_pss_parameters.h
│ │ ├── rsa_ssa_pss_parameters_test.cc
│ │ ├── rsa_ssa_pss_private_key.cc
│ │ ├── rsa_ssa_pss_private_key.h
│ │ ├── rsa_ssa_pss_private_key_test.cc
│ │ ├── rsa_ssa_pss_proto_serialization.cc
│ │ ├── rsa_ssa_pss_proto_serialization.h
│ │ ├── rsa_ssa_pss_proto_serialization_test.cc
│ │ ├── rsa_ssa_pss_public_key.cc
│ │ ├── rsa_ssa_pss_public_key.h
│ │ ├── rsa_ssa_pss_public_key_test.cc
│ │ ├── rsa_ssa_pss_sign_key_manager.cc
│ │ ├── rsa_ssa_pss_sign_key_manager.h
│ │ ├── rsa_ssa_pss_sign_key_manager_test.cc
│ │ ├── rsa_ssa_pss_verify_key_manager.cc
│ │ ├── rsa_ssa_pss_verify_key_manager.h
│ │ ├── rsa_ssa_pss_verify_key_manager_test.cc
│ │ ├── sig_util.cc
│ │ ├── sig_util.h
│ │ ├── signature_config.cc
│ │ ├── signature_config.h
│ │ ├── signature_config_test.cc
│ │ ├── signature_key_templates.cc
│ │ ├── signature_key_templates.h
│ │ ├── signature_key_templates_test.cc
│ │ ├── signature_parameters.h
│ │ ├── signature_pem_keyset_reader.cc
│ │ ├── signature_pem_keyset_reader.h
│ │ ├── signature_pem_keyset_reader_test.cc
│ │ ├── signature_private_key.h
│ │ ├── signature_public_key.h
│ │ └── subtle/
│ │ ├── BUILD.bazel
│ │ └── CMakeLists.txt
│ ├── signature_config.h
│ ├── signature_key_templates.h
│ ├── streaming_aead.h
│ ├── streaming_aead_config.h
│ ├── streaming_aead_key_templates.h
│ ├── streaming_mac.h
│ ├── streamingaead/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── aes_ctr_hmac_streaming_key_manager.cc
│ │ ├── aes_ctr_hmac_streaming_key_manager.h
│ │ ├── aes_ctr_hmac_streaming_key_manager_test.cc
│ │ ├── aes_gcm_hkdf_streaming_key_manager.cc
│ │ ├── aes_gcm_hkdf_streaming_key_manager.h
│ │ ├── aes_gcm_hkdf_streaming_key_manager_test.cc
│ │ ├── buffered_input_stream.cc
│ │ ├── buffered_input_stream.h
│ │ ├── buffered_input_stream_test.cc
│ │ ├── config_v0.cc
│ │ ├── config_v0.h
│ │ ├── config_v0_test.cc
│ │ ├── decrypting_input_stream.cc
│ │ ├── decrypting_input_stream.h
│ │ ├── decrypting_input_stream_test.cc
│ │ ├── decrypting_random_access_stream.cc
│ │ ├── decrypting_random_access_stream.h
│ │ ├── decrypting_random_access_stream_test.cc
│ │ ├── internal/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── config_v0.cc
│ │ │ ├── config_v0.h
│ │ │ ├── config_v0_test.cc
│ │ │ ├── key_gen_config_v0.cc
│ │ │ └── key_gen_config_v0.h
│ │ ├── key_gen_config_v0.cc
│ │ ├── key_gen_config_v0.h
│ │ ├── shared_input_stream.h
│ │ ├── shared_input_stream_test.cc
│ │ ├── shared_random_access_stream.h
│ │ ├── shared_random_access_stream_test.cc
│ │ ├── streaming_aead_config.cc
│ │ ├── streaming_aead_config.h
│ │ ├── streaming_aead_config_test.cc
│ │ ├── streaming_aead_key_templates.cc
│ │ ├── streaming_aead_key_templates.h
│ │ ├── streaming_aead_key_templates_test.cc
│ │ ├── streaming_aead_wrapper.cc
│ │ ├── streaming_aead_wrapper.h
│ │ ├── streaming_aead_wrapper_test.cc
│ │ └── subtle/
│ │ ├── BUILD.bazel
│ │ └── CMakeLists.txt
│ ├── subtle/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── aead_test_util.cc
│ │ ├── aead_test_util.h
│ │ ├── aead_test_util_test.cc
│ │ ├── aes_cmac_boringssl.cc
│ │ ├── aes_cmac_boringssl.h
│ │ ├── aes_cmac_boringssl_test.cc
│ │ ├── aes_ctr_boringssl.cc
│ │ ├── aes_ctr_boringssl.h
│ │ ├── aes_ctr_boringssl_test.cc
│ │ ├── aes_ctr_hmac_streaming.cc
│ │ ├── aes_ctr_hmac_streaming.h
│ │ ├── aes_ctr_hmac_streaming_test.cc
│ │ ├── aes_eax_boringssl.cc
│ │ ├── aes_eax_boringssl.h
│ │ ├── aes_eax_boringssl_test.cc
│ │ ├── aes_gcm_boringssl.cc
│ │ ├── aes_gcm_boringssl.h
│ │ ├── aes_gcm_boringssl_test.cc
│ │ ├── aes_gcm_hkdf_stream_segment_decrypter.cc
│ │ ├── aes_gcm_hkdf_stream_segment_decrypter.h
│ │ ├── aes_gcm_hkdf_stream_segment_decrypter_test.cc
│ │ ├── aes_gcm_hkdf_stream_segment_encrypter.cc
│ │ ├── aes_gcm_hkdf_stream_segment_encrypter.h
│ │ ├── aes_gcm_hkdf_stream_segment_encrypter_test.cc
│ │ ├── aes_gcm_hkdf_streaming.cc
│ │ ├── aes_gcm_hkdf_streaming.h
│ │ ├── aes_gcm_hkdf_streaming_test.cc
│ │ ├── aes_gcm_siv_boringssl.cc
│ │ ├── aes_gcm_siv_boringssl.h
│ │ ├── aes_gcm_siv_boringssl_test.cc
│ │ ├── aes_siv_boringssl.cc
│ │ ├── aes_siv_boringssl.h
│ │ ├── aes_siv_boringssl_test.cc
│ │ ├── common_enums.cc
│ │ ├── common_enums.h
│ │ ├── common_enums_test.cc
│ │ ├── decrypting_random_access_stream.cc
│ │ ├── decrypting_random_access_stream.h
│ │ ├── decrypting_random_access_stream_test.cc
│ │ ├── ec_util.h
│ │ ├── ecdsa_sign_boringssl.cc
│ │ ├── ecdsa_sign_boringssl.h
│ │ ├── ecdsa_sign_boringssl_test.cc
│ │ ├── ecdsa_verify_boringssl.cc
│ │ ├── ecdsa_verify_boringssl.h
│ │ ├── ecdsa_verify_boringssl_test.cc
│ │ ├── ecies_hkdf_recipient_kem_boringssl.cc
│ │ ├── ecies_hkdf_recipient_kem_boringssl.h
│ │ ├── ecies_hkdf_recipient_kem_boringssl_test.cc
│ │ ├── ecies_hkdf_sender_kem_boringssl.cc
│ │ ├── ecies_hkdf_sender_kem_boringssl.h
│ │ ├── ecies_hkdf_sender_kem_boringssl_test.cc
│ │ ├── ed25519_sign_boringssl.cc
│ │ ├── ed25519_sign_boringssl.h
│ │ ├── ed25519_sign_boringssl_test.cc
│ │ ├── ed25519_verify_boringssl.cc
│ │ ├── ed25519_verify_boringssl.h
│ │ ├── ed25519_verify_boringssl_test.cc
│ │ ├── encrypt_then_authenticate.cc
│ │ ├── encrypt_then_authenticate.h
│ │ ├── encrypt_then_authenticate_test.cc
│ │ ├── hkdf.cc
│ │ ├── hkdf.h
│ │ ├── hkdf_test.cc
│ │ ├── hmac_boringssl.cc
│ │ ├── hmac_boringssl.h
│ │ ├── hmac_boringssl_test.cc
│ │ ├── hybrid_test_util.cc
│ │ ├── hybrid_test_util.h
│ │ ├── hybrid_test_util_test.cc
│ │ ├── ind_cpa_cipher.h
│ │ ├── mac/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ └── stateful_mac.h
│ │ ├── nonce_based_streaming_aead.cc
│ │ ├── nonce_based_streaming_aead.h
│ │ ├── pem_parser_boringssl.cc
│ │ ├── pem_parser_boringssl.h
│ │ ├── pem_parser_boringssl_test.cc
│ │ ├── prf/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CMakeLists.txt
│ │ │ ├── hkdf_streaming_prf.cc
│ │ │ ├── hkdf_streaming_prf.h
│ │ │ ├── hkdf_streaming_prf_test.cc
│ │ │ ├── prf_set_util.cc
│ │ │ ├── prf_set_util.h
│ │ │ ├── prf_set_util_test.cc
│ │ │ ├── streaming_prf.h
│ │ │ ├── streaming_prf_wrapper.cc
│ │ │ ├── streaming_prf_wrapper.h
│ │ │ └── streaming_prf_wrapper_test.cc
│ │ ├── random.cc
│ │ ├── random.h
│ │ ├── random_test.cc
│ │ ├── rsa_ssa_pkcs1_sign_boringssl.cc
│ │ ├── rsa_ssa_pkcs1_sign_boringssl.h
│ │ ├── rsa_ssa_pkcs1_sign_boringssl_test.cc
│ │ ├── rsa_ssa_pkcs1_verify_boringssl.cc
│ │ ├── rsa_ssa_pkcs1_verify_boringssl.h
│ │ ├── rsa_ssa_pkcs1_verify_boringssl_test.cc
│ │ ├── rsa_ssa_pss_sign_boringssl.cc
│ │ ├── rsa_ssa_pss_sign_boringssl.h
│ │ ├── rsa_ssa_pss_sign_boringssl_test.cc
│ │ ├── rsa_ssa_pss_verify_boringssl.cc
│ │ ├── rsa_ssa_pss_verify_boringssl.h
│ │ ├── rsa_ssa_pss_verify_boringssl_test.cc
│ │ ├── stateful_cmac_boringssl.cc
│ │ ├── stateful_cmac_boringssl.h
│ │ ├── stateful_cmac_boringssl_test.cc
│ │ ├── stateful_hmac_boringssl.cc
│ │ ├── stateful_hmac_boringssl.h
│ │ ├── stateful_hmac_boringssl_test.cc
│ │ ├── stream_segment_decrypter.h
│ │ ├── stream_segment_encrypter.h
│ │ ├── streaming_aead_decrypting_stream.cc
│ │ ├── streaming_aead_decrypting_stream.h
│ │ ├── streaming_aead_decrypting_stream_test.cc
│ │ ├── streaming_aead_encrypting_stream.cc
│ │ ├── streaming_aead_encrypting_stream.h
│ │ ├── streaming_aead_encrypting_stream_test.cc
│ │ ├── streaming_aead_test_util.cc
│ │ ├── streaming_aead_test_util.h
│ │ ├── streaming_aead_test_util_test.cc
│ │ ├── streaming_mac_impl.cc
│ │ ├── streaming_mac_impl.h
│ │ ├── streaming_mac_impl_test.cc
│ │ ├── subtle_util.cc
│ │ ├── subtle_util.h
│ │ ├── subtle_util_boringssl.h
│ │ ├── subtle_util_test.cc
│ │ ├── test_util.cc
│ │ ├── test_util.h
│ │ ├── wycheproof_util.cc
│ │ ├── wycheproof_util.h
│ │ ├── xchacha20_poly1305_boringssl.cc
│ │ ├── xchacha20_poly1305_boringssl.h
│ │ └── xchacha20_poly1305_boringssl_test.cc
│ ├── template_rule.bzl
│ ├── testvectors/
│ │ └── BUILD.bazel
│ ├── third_party/
│ │ ├── BUILD.bazel
│ │ ├── boringssl_fips/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── WORKSPACE
│ │ │ └── boringssl_fips.sh
│ │ └── rapidjson.BUILD.bazel
│ ├── tink_cc_deps.bzl
│ ├── tink_cc_deps_init.bzl
│ ├── tink_config.h
│ ├── tink_version.bzl
│ ├── util/
│ │ ├── BUILD.bazel
│ │ ├── CMakeLists.txt
│ │ ├── buffer.cc
│ │ ├── buffer.h
│ │ ├── buffer_test.cc
│ │ ├── constants.cc
│ │ ├── constants.h
│ │ ├── enums.cc
│ │ ├── enums.h
│ │ ├── enums_test.cc
│ │ ├── errors.h
│ │ ├── errors_test.cc
│ │ ├── fake_kms_client.cc
│ │ ├── fake_kms_client.h
│ │ ├── fake_kms_client_test.cc
│ │ ├── file_input_stream.cc
│ │ ├── file_input_stream.h
│ │ ├── file_input_stream_test.cc
│ │ ├── file_output_stream.cc
│ │ ├── file_output_stream.h
│ │ ├── file_output_stream_test.cc
│ │ ├── file_random_access_stream.cc
│ │ ├── file_random_access_stream.h
│ │ ├── file_random_access_stream_test.cc
│ │ ├── input_stream_util.cc
│ │ ├── input_stream_util.h
│ │ ├── input_stream_util_test.cc
│ │ ├── istream_input_stream.cc
│ │ ├── istream_input_stream.h
│ │ ├── istream_input_stream_test.cc
│ │ ├── keyset_util.cc
│ │ ├── keyset_util.h
│ │ ├── ostream_output_stream.cc
│ │ ├── ostream_output_stream.h
│ │ ├── ostream_output_stream_test.cc
│ │ ├── protobuf_helper.h
│ │ ├── secret_data.h
│ │ ├── secret_data_internal.h
│ │ ├── secret_data_test.cc
│ │ ├── secret_proto.h
│ │ ├── secret_proto_test.cc
│ │ ├── status.h
│ │ ├── statusor.h
│ │ ├── test_keyset_handle.cc
│ │ ├── test_keyset_handle.h
│ │ ├── test_matchers.h
│ │ ├── test_util.cc
│ │ ├── test_util.h
│ │ ├── test_util_test.cc
│ │ ├── validation.cc
│ │ ├── validation.h
│ │ └── validation_test.cc
│ ├── version.h.templ
│ └── version_script.lds
├── cmake/
│ ├── HttpArchive.cmake
│ ├── TinkBuildRules.cmake
│ ├── TinkUtil.cmake
│ └── TinkWorkspace.cmake
├── docs/
│ ├── CMAKE-HOWTO.md
│ ├── CONTRIBUTING.md
│ ├── CPP-HOWTO.md
│ ├── FIPS.md
│ ├── GOLANG-HOWTO.md
│ ├── JAVA-HOWTO.md
│ ├── JWT-HOWTO.md
│ ├── KEY-MANAGEMENT.md
│ ├── KNOWN-ISSUES.md
│ ├── OBJC-HOWTO.md
│ ├── PRIMITIVES.md
│ ├── PYTHON-HOWTO.md
│ ├── SECURITY-USABILITY.md
│ ├── SECURITY.md
│ ├── TINKEY.md
│ └── WIRE-FORMAT.md
├── go/
│ ├── .bazelversion
│ ├── BUILD.bazel
│ ├── README.md
│ ├── WORKSPACE
│ ├── aead/
│ │ ├── BUILD.bazel
│ │ ├── aead.go
│ │ ├── aead_benchmark_test.go
│ │ ├── aead_factory.go
│ │ ├── aead_factory_test.go
│ │ ├── aead_init_test.go
│ │ ├── aead_key_templates.go
│ │ ├── aead_key_templates_test.go
│ │ ├── aead_test.go
│ │ ├── aes_ctr_hmac_aead_key_manager.go
│ │ ├── aes_ctr_hmac_aead_key_manager_test.go
│ │ ├── aes_gcm_key_manager.go
│ │ ├── aes_gcm_key_manager_test.go
│ │ ├── aes_gcm_siv_key_manager.go
│ │ ├── aes_gcm_siv_key_manager_test.go
│ │ ├── chacha20poly1305_key_manager.go
│ │ ├── chacha20poly1305_key_manager_test.go
│ │ ├── internal/
│ │ │ ├── BUILD.bazel
│ │ │ └── testing/
│ │ │ ├── BUILD.bazel
│ │ │ └── kmsaead/
│ │ │ ├── BUILD.bazel
│ │ │ ├── key_manager.go
│ │ │ └── key_manager_test.go
│ │ ├── kms_envelope_aead.go
│ │ ├── kms_envelope_aead_example_test.go
│ │ ├── kms_envelope_aead_key_manager.go
│ │ ├── kms_envelope_aead_key_manager_test.go
│ │ ├── kms_envelope_aead_test.go
│ │ ├── subtle/
│ │ │ ├── BUILD.bazel
│ │ │ ├── aes_ctr.go
│ │ │ ├── aes_ctr_test.go
│ │ │ ├── aes_gcm.go
│ │ │ ├── aes_gcm_siv.go
│ │ │ ├── aes_gcm_siv_test.go
│ │ │ ├── aes_gcm_test.go
│ │ │ ├── chacha20poly1305.go
│ │ │ ├── chacha20poly1305_test.go
│ │ │ ├── chacha20poly1305_vectors_test.go
│ │ │ ├── encrypt_then_authenticate.go
│ │ │ ├── encrypt_then_authenticate_test.go
│ │ │ ├── ind_cpa.go
│ │ │ ├── polyval.go
│ │ │ ├── polyval_test.go
│ │ │ ├── subtle.go
│ │ │ ├── subtle_test.go
│ │ │ ├── xchacha20poly1305.go
│ │ │ ├── xchacha20poly1305_test.go
│ │ │ └── xchacha20poly1305_vectors_test.go
│ │ ├── xchacha20poly1305_key_manager.go
│ │ └── xchacha20poly1305_key_manager_test.go
│ ├── core/
│ │ ├── cryptofmt/
│ │ │ ├── BUILD.bazel
│ │ │ ├── cryptofmt.go
│ │ │ └── cryptofmt_test.go
│ │ ├── primitiveset/
│ │ │ ├── BUILD.bazel
│ │ │ ├── primitiveset.go
│ │ │ └── primitiveset_test.go
│ │ └── registry/
│ │ ├── BUILD.bazel
│ │ ├── custom_key_manager_test.go
│ │ ├── key_manager.go
│ │ ├── kms_client.go
│ │ ├── private_key_manager.go
│ │ ├── registry.go
│ │ └── registry_test.go
│ ├── daead/
│ │ ├── BUILD.bazel
│ │ ├── aes_siv_key_manager.go
│ │ ├── aes_siv_key_manager_test.go
│ │ ├── daead.go
│ │ ├── daead_benchmark_test.go
│ │ ├── daead_factory.go
│ │ ├── daead_factory_test.go
│ │ ├── daead_init_test.go
│ │ ├── daead_key_templates.go
│ │ ├── daead_key_templates_test.go
│ │ ├── daead_test.go
│ │ └── subtle/
│ │ ├── BUILD.bazel
│ │ ├── aes_siv.go
│ │ └── aes_siv_test.go
│ ├── deps.bzl
│ ├── go.mod
│ ├── go.sum
│ ├── hybrid/
│ │ ├── BUILD.bazel
│ │ ├── ecies_aead_hkdf_dem_helper.go
│ │ ├── ecies_aead_hkdf_dem_helper_test.go
│ │ ├── ecies_aead_hkdf_hybrid_decrypt_test.go
│ │ ├── ecies_aead_hkdf_hybrid_encrypt_test.go
│ │ ├── ecies_aead_hkdf_private_key_manager.go
│ │ ├── ecies_aead_hkdf_private_key_manager_test.go
│ │ ├── ecies_aead_hkdf_public_key_manager.go
│ │ ├── ecies_aead_hkdf_public_key_manager_test.go
│ │ ├── ecies_aead_hkdf_test.go
│ │ ├── hpke_private_key_manager.go
│ │ ├── hpke_private_key_manager_test.go
│ │ ├── hpke_public_key_manager.go
│ │ ├── hpke_public_key_manager_test.go
│ │ ├── hybrid.go
│ │ ├── hybrid_benchmark_test.go
│ │ ├── hybrid_decrypt_factory.go
│ │ ├── hybrid_encrypt_factory.go
│ │ ├── hybrid_factory_test.go
│ │ ├── hybrid_key_templates.go
│ │ ├── hybrid_key_templates_test.go
│ │ ├── hybrid_test.go
│ │ ├── internal/
│ │ │ └── hpke/
│ │ │ ├── BUILD.bazel
│ │ │ ├── aead.go
│ │ │ ├── aes_gcm_aead.go
│ │ │ ├── aes_gcm_aead_test.go
│ │ │ ├── chacha20poly1305_aead.go
│ │ │ ├── chacha20poly1305_aead_test.go
│ │ │ ├── context.go
│ │ │ ├── context_test.go
│ │ │ ├── decrypt.go
│ │ │ ├── encrypt.go
│ │ │ ├── encrypt_decrypt_test.go
│ │ │ ├── hkdf_kdf.go
│ │ │ ├── hkdf_kdf_test.go
│ │ │ ├── hpke.go
│ │ │ ├── hpke_test.go
│ │ │ ├── kdf.go
│ │ │ ├── kem.go
│ │ │ ├── primitive_factory.go
│ │ │ ├── primitive_factory_test.go
│ │ │ ├── x25519_kem.go
│ │ │ └── x25519_kem_test.go
│ │ └── subtle/
│ │ ├── BUILD.bazel
│ │ ├── ecies_aead_hkdf_dem_helper.go
│ │ ├── ecies_aead_hkdf_hybrid_decrypt.go
│ │ ├── ecies_aead_hkdf_hybrid_encrypt.go
│ │ ├── ecies_hkdf_recipient_kem.go
│ │ ├── ecies_hkdf_sender_kem.go
│ │ ├── elliptic_curves.go
│ │ ├── elliptic_curves_test.go
│ │ ├── public_key.go
│ │ ├── public_key_test.go
│ │ ├── subtle.go
│ │ └── subtle_test.go
│ ├── insecurecleartextkeyset/
│ │ ├── BUILD.bazel
│ │ ├── example_test.go
│ │ ├── insecurecleartextkeyset.go
│ │ └── insecurecleartextkeyset_test.go
│ ├── integration/
│ │ ├── awskms/
│ │ │ ├── BUILD.bazel
│ │ │ ├── aws_kms_aead.go
│ │ │ ├── aws_kms_client.go
│ │ │ ├── aws_kms_client_test.go
│ │ │ ├── aws_kms_integration_test.go
│ │ │ └── internal/
│ │ │ └── fakeawskms/
│ │ │ ├── BUILD.bazel
│ │ │ ├── fakeawskms.go
│ │ │ └── fakeawskms_test.go
│ │ ├── gcpkms/
│ │ │ ├── BUILD.bazel
│ │ │ ├── gcp_kms_aead.go
│ │ │ ├── gcp_kms_aead_test.go
│ │ │ ├── gcp_kms_client.go
│ │ │ ├── gcp_kms_client_test.go
│ │ │ └── gcp_kms_integration_test.go
│ │ └── hcvault/
│ │ ├── BUILD.bazel
│ │ ├── hcvault_aead.go
│ │ ├── hcvault_aead_internal_test.go
│ │ ├── hcvault_aead_test.go
│ │ ├── hcvault_client.go
│ │ └── hcvault_client_test.go
│ ├── internal/
│ │ ├── BUILD.bazel
│ │ ├── aead/
│ │ │ ├── BUILD.bazel
│ │ │ ├── aead.go
│ │ │ ├── aead_test.go
│ │ │ ├── aes_gcm_insecure_iv.go
│ │ │ ├── aes_gcm_insecure_iv_test.go
│ │ │ ├── chacha20poly1305_insecure_nonce.go
│ │ │ ├── chacha20poly1305_insecure_nonce_test.go
│ │ │ └── chacha20poly1305_insecure_nonce_vectors_test.go
│ │ ├── internal.go
│ │ ├── internalapi/
│ │ │ ├── BUILD.bazel
│ │ │ └── token.go
│ │ ├── internalregistry/
│ │ │ ├── BUILD.bazel
│ │ │ ├── derivable_key_manager.go
│ │ │ ├── internal_registry.go
│ │ │ ├── internal_registry_test.go
│ │ │ ├── key_derivation.go
│ │ │ └── key_derivation_test.go
│ │ ├── monitoringutil/
│ │ │ ├── BUILD.bazel
│ │ │ ├── monitoring_util.go
│ │ │ └── monitoring_util_test.go
│ │ ├── registryconfig/
│ │ │ ├── BUILD.bazel
│ │ │ ├── registry_config.go
│ │ │ └── registry_config_test.go
│ │ ├── signature/
│ │ │ ├── BUILD.bazel
│ │ │ ├── rsa.go
│ │ │ ├── rsa_test.go
│ │ │ ├── rsassapkcs1_signer.go
│ │ │ ├── rsassapkcs1_signer_verifier_test.go
│ │ │ ├── rsassapkcs1_verifier.go
│ │ │ ├── rsassapss_signer.go
│ │ │ ├── rsassapss_signer_verifier_test.go
│ │ │ ├── rsassapss_verifier.go
│ │ │ └── signature.go
│ │ ├── testing/
│ │ │ └── stubkeymanager/
│ │ │ ├── BUILD.bazel
│ │ │ ├── stubkeymanager.go
│ │ │ └── stubkeymanager_test.go
│ │ └── tinkerror/
│ │ ├── BUILD.bazel
│ │ ├── doc.go
│ │ ├── tinkerror.go
│ │ ├── tinkerror_test.go
│ │ └── tinkerrortest/
│ │ ├── BUILD.bazel
│ │ ├── doc.go
│ │ └── tinkerrortest.go
│ ├── jwt/
│ │ ├── BUILD.bazel
│ │ ├── jwk_converter.go
│ │ ├── jwk_converter_test.go
│ │ ├── jwt.go
│ │ ├── jwt_ecdsa_signer_key_manager.go
│ │ ├── jwt_ecdsa_signer_key_manager_test.go
│ │ ├── jwt_ecdsa_verifier_key_manager.go
│ │ ├── jwt_ecdsa_verifier_key_manager_test.go
│ │ ├── jwt_encoding.go
│ │ ├── jwt_encoding_test.go
│ │ ├── jwt_hmac_key_manager.go
│ │ ├── jwt_hmac_key_manager_test.go
│ │ ├── jwt_key_templates.go
│ │ ├── jwt_key_templates_test.go
│ │ ├── jwt_mac.go
│ │ ├── jwt_mac_factory.go
│ │ ├── jwt_mac_factory_test.go
│ │ ├── jwt_mac_kid.go
│ │ ├── jwt_mac_kid_test.go
│ │ ├── jwt_rsa_ssa_pkcs1_signer_key_manager.go
│ │ ├── jwt_rsa_ssa_pkcs1_signer_key_manager_test.go
│ │ ├── jwt_rsa_ssa_pkcs1_verifier_key_manager.go
│ │ ├── jwt_rsa_ssa_pkcs1_verifier_key_manager_test.go
│ │ ├── jwt_rsa_ssa_pss_signer_key_manager.go
│ │ ├── jwt_rsa_ssa_pss_signer_key_manager_test.go
│ │ ├── jwt_rsa_ssa_pss_verify_key_manager.go
│ │ ├── jwt_rsa_ssa_pss_verify_key_manager_test.go
│ │ ├── jwt_signer.go
│ │ ├── jwt_signer_factory.go
│ │ ├── jwt_signer_kid.go
│ │ ├── jwt_signer_verifier_factory_test.go
│ │ ├── jwt_signer_verifier_kid_test.go
│ │ ├── jwt_test.go
│ │ ├── jwt_validator.go
│ │ ├── jwt_validator_test.go
│ │ ├── jwt_verifier.go
│ │ ├── jwt_verifier_factory.go
│ │ ├── jwt_verifier_kid.go
│ │ ├── raw_jwt.go
│ │ ├── raw_jwt_test.go
│ │ ├── verified_jwt.go
│ │ └── verified_jwt_test.go
│ ├── keyderivation/
│ │ ├── BUILD.bazel
│ │ ├── internal/
│ │ │ └── streamingprf/
│ │ │ ├── BUILD.bazel
│ │ │ ├── hkdf_streaming_prf.go
│ │ │ ├── hkdf_streaming_prf_key_manager.go
│ │ │ ├── hkdf_streaming_prf_key_manager_test.go
│ │ │ ├── hkdf_streaming_prf_test.go
│ │ │ ├── streaming_prf.go
│ │ │ ├── streaming_prf_factory.go
│ │ │ ├── streaming_prf_factory_test.go
│ │ │ └── streaming_prf_test.go
│ │ ├── keyderivation.go
│ │ ├── keyderivation_key_templates.go
│ │ ├── keyderivation_key_templates_test.go
│ │ ├── keyderivation_test.go
│ │ ├── keyset_deriver.go
│ │ ├── keyset_deriver_factory.go
│ │ ├── keyset_deriver_factory_test.go
│ │ ├── keyset_deriver_factory_x_test.go
│ │ ├── prf_based_deriver.go
│ │ ├── prf_based_deriver_key_manager.go
│ │ ├── prf_based_deriver_key_manager_test.go
│ │ └── prf_based_deriver_test.go
│ ├── keyset/
│ │ ├── BUILD.bazel
│ │ ├── binary_io.go
│ │ ├── binary_io_test.go
│ │ ├── handle.go
│ │ ├── handle_test.go
│ │ ├── json_io.go
│ │ ├── json_io_test.go
│ │ ├── keyset.go
│ │ ├── keyset_test.go
│ │ ├── manager.go
│ │ ├── manager_test.go
│ │ ├── mem_io.go
│ │ ├── mem_io_test.go
│ │ ├── option.go
│ │ ├── reader.go
│ │ ├── validation.go
│ │ ├── validation_test.go
│ │ └── writer.go
│ ├── kwp/
│ │ └── subtle/
│ │ ├── BUILD.bazel
│ │ ├── kwp.go
│ │ └── kwp_test.go
│ ├── mac/
│ │ ├── BUILD.bazel
│ │ ├── aes_cmac_key_manager.go
│ │ ├── aes_cmac_key_manager_test.go
│ │ ├── hmac_key_manager.go
│ │ ├── hmac_key_manager_test.go
│ │ ├── internal/
│ │ │ └── mactest/
│ │ │ ├── BUILD.bazel
│ │ │ ├── mactest.go
│ │ │ └── mactest_test.go
│ │ ├── mac.go
│ │ ├── mac_benchmark_test.go
│ │ ├── mac_factory.go
│ │ ├── mac_factory_test.go
│ │ ├── mac_init_test.go
│ │ ├── mac_key_templates.go
│ │ ├── mac_key_templates_test.go
│ │ ├── mac_test.go
│ │ └── subtle/
│ │ ├── BUILD.bazel
│ │ ├── cmac.go
│ │ ├── cmac_test.go
│ │ ├── hmac.go
│ │ └── hmac_test.go
│ ├── monitoring/
│ │ ├── BUILD.bazel
│ │ └── monitoring.go
│ ├── prf/
│ │ ├── BUILD.bazel
│ │ ├── aes_cmac_prf_key_manager.go
│ │ ├── aes_cmac_prf_key_manager_test.go
│ │ ├── hkdf_prf_key_manager.go
│ │ ├── hkdf_prf_key_manager_test.go
│ │ ├── hmac_prf_key_manager.go
│ │ ├── hmac_prf_key_manager_test.go
│ │ ├── prf_benchmark_test.go
│ │ ├── prf_key_templates.go
│ │ ├── prf_key_templates_test.go
│ │ ├── prf_set.go
│ │ ├── prf_set_factory.go
│ │ ├── prf_set_factory_test.go
│ │ ├── prf_test.go
│ │ └── subtle/
│ │ ├── BUILD.bazel
│ │ ├── aes_cmac.go
│ │ ├── aes_cmac_test.go
│ │ ├── hkdf.go
│ │ ├── hkdf_test.go
│ │ ├── hmac.go
│ │ ├── hmac_test.go
│ │ ├── subtle.go
│ │ └── subtle_test.go
│ ├── proto/
│ │ ├── aes_cmac_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── aes_cmac.pb.go
│ │ ├── aes_cmac_prf_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── aes_cmac_prf.pb.go
│ │ ├── aes_ctr_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── aes_ctr.pb.go
│ │ ├── aes_ctr_hmac_aead_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── aes_ctr_hmac_aead.pb.go
│ │ ├── aes_ctr_hmac_streaming_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── aes_ctr_hmac_streaming.pb.go
│ │ ├── aes_gcm_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── aes_gcm.pb.go
│ │ ├── aes_gcm_hkdf_streaming_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── aes_gcm_hkdf_streaming.pb.go
│ │ ├── aes_gcm_siv_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── aes_gcm_siv.pb.go
│ │ ├── aes_siv_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── aes_siv.pb.go
│ │ ├── chacha20_poly1305_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── chacha20_poly1305.pb.go
│ │ ├── common_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── common.pb.go
│ │ ├── ecdsa_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── ecdsa.pb.go
│ │ ├── ecies_aead_hkdf_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── ecies_aead_hkdf.pb.go
│ │ ├── ed25519_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── ed25519.pb.go
│ │ ├── hkdf_prf_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── hkdf_prf.pb.go
│ │ ├── hmac_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── hmac.pb.go
│ │ ├── hmac_prf_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── hmac_prf.pb.go
│ │ ├── hpke_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── hpke.pb.go
│ │ ├── jwt_ecdsa_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── jwt_ecdsa.pb.go
│ │ ├── jwt_hmac_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── jwt_hmac.pb.go
│ │ ├── jwt_rsa_ssa_pkcs1_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── jwt_rsa_ssa_pkcs1.pb.go
│ │ ├── jwt_rsa_ssa_pss_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── jwt_rsa_ssa_pss.pb.go
│ │ ├── kms_aead_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── kms_aead.pb.go
│ │ ├── kms_envelope_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── kms_envelope.pb.go
│ │ ├── prf_based_deriver_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── prf_based_deriver.pb.go
│ │ ├── rsa_ssa_pkcs1_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── rsa_ssa_pkcs1.pb.go
│ │ ├── rsa_ssa_pss_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── rsa_ssa_pss.pb.go
│ │ ├── tink_go_proto/
│ │ │ ├── BUILD.bazel
│ │ │ └── tink.pb.go
│ │ └── xchacha20_poly1305_go_proto/
│ │ ├── BUILD.bazel
│ │ └── xchacha20_poly1305.pb.go
│ ├── signature/
│ │ ├── BUILD.bazel
│ │ ├── ecdsa_signer_key_manager.go
│ │ ├── ecdsa_signer_key_manager_test.go
│ │ ├── ecdsa_verifier_key_manager.go
│ │ ├── ecdsa_verifier_key_manager_test.go
│ │ ├── ed25519_signer_key_manager.go
│ │ ├── ed25519_signer_key_manager_test.go
│ │ ├── ed25519_verifier_key_manager.go
│ │ ├── ed25519_verifier_key_manager_test.go
│ │ ├── proto.go
│ │ ├── rsa.go
│ │ ├── rsassapkcs1_signer_key_manager.go
│ │ ├── rsassapkcs1_signer_key_manager_test.go
│ │ ├── rsassapkcs1_verifier_key_manager.go
│ │ ├── rsassapkcs1_verifier_key_manager_test.go
│ │ ├── rsassapss_signer_key_manager.go
│ │ ├── rsassapss_signer_key_manager_test.go
│ │ ├── rsassapss_verifier_key_manager.go
│ │ ├── rsassapss_verifier_key_manager_test.go
│ │ ├── signature.go
│ │ ├── signature_benchmark_test.go
│ │ ├── signature_factory_test.go
│ │ ├── signature_init_test.go
│ │ ├── signature_key_templates.go
│ │ ├── signature_key_templates_test.go
│ │ ├── signature_test.go
│ │ ├── signer_factory.go
│ │ ├── subtle/
│ │ │ ├── BUILD.bazel
│ │ │ ├── ecdsa.go
│ │ │ ├── ecdsa_signer.go
│ │ │ ├── ecdsa_signer_verifier_test.go
│ │ │ ├── ecdsa_test.go
│ │ │ ├── ecdsa_verifier.go
│ │ │ ├── ed25519_signer.go
│ │ │ ├── ed25519_signer_verifier_test.go
│ │ │ ├── ed25519_verifier.go
│ │ │ ├── encoding.go
│ │ │ ├── subtle.go
│ │ │ └── subtle_test.go
│ │ └── verifier_factory.go
│ ├── streamingaead/
│ │ ├── BUILD.bazel
│ │ ├── aes_ctr_hmac_key_manager.go
│ │ ├── aes_ctr_hmac_key_manager_test.go
│ │ ├── aes_gcm_hkdf_key_manager.go
│ │ ├── aes_gcm_hkdf_key_manager_test.go
│ │ ├── decrypt_reader.go
│ │ ├── decrypt_reader_test.go
│ │ ├── streamingaead.go
│ │ ├── streamingaead_factory.go
│ │ ├── streamingaead_factory_test.go
│ │ ├── streamingaead_key_templates.go
│ │ ├── streamingaead_key_templates_test.go
│ │ ├── streamingaead_test.go
│ │ └── subtle/
│ │ ├── BUILD.bazel
│ │ ├── aes_ctr_hmac.go
│ │ ├── aes_ctr_hmac_test.go
│ │ ├── aes_gcm_hkdf.go
│ │ ├── aes_gcm_hkdf_test.go
│ │ ├── noncebased/
│ │ │ ├── BUILD.bazel
│ │ │ ├── noncebased.go
│ │ │ └── noncebased_test.go
│ │ ├── subtle.go
│ │ └── subtle_test.go
│ ├── subtle/
│ │ ├── BUILD.bazel
│ │ ├── hkdf.go
│ │ ├── hkdf_test.go
│ │ ├── random/
│ │ │ ├── BUILD.bazel
│ │ │ ├── random.go
│ │ │ └── random_test.go
│ │ ├── subtle.go
│ │ ├── subtle_test.go
│ │ ├── x25519.go
│ │ └── x25519_test.go
│ ├── testdata/
│ │ ├── BUILD.bazel
│ │ ├── aws/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── access_keys_bad.csv
│ │ │ ├── credentials.cred
│ │ │ ├── credentials.csv
│ │ │ ├── credentials.ini
│ │ │ ├── credentials_bad.csv
│ │ │ ├── credentials_bad.ini
│ │ │ ├── key_arn.txt
│ │ │ └── key_arn_bad.txt
│ │ ├── gcp/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── credential.json
│ │ │ ├── credential_bad.json
│ │ │ ├── key_name.txt
│ │ │ └── key_name_bad.txt
│ │ ├── keysets/
│ │ │ └── BUILD.bazel
│ │ └── testvectors/
│ │ ├── BUILD.bazel
│ │ └── hpke_boringssl.json
│ ├── testing/
│ │ ├── fakekms/
│ │ │ ├── BUILD.bazel
│ │ │ ├── fakekms.go
│ │ │ └── fakekms_test.go
│ │ └── fakemonitoring/
│ │ ├── BUILD.bazel
│ │ ├── fakemonitoring.go
│ │ └── fakemonitoring_test.go
│ ├── testkeyset/
│ │ ├── BUILD.bazel
│ │ ├── testkeyset.go
│ │ └── testkeyset_test.go
│ ├── testutil/
│ │ ├── BUILD.bazel
│ │ ├── constant.go
│ │ ├── hybrid/
│ │ │ ├── BUILD.bazel
│ │ │ ├── private_key.go
│ │ │ └── private_key_test.go
│ │ ├── testutil.go
│ │ ├── testutil_test.go
│ │ ├── wycheproofutil.go
│ │ └── wycheproofutil_test.go
│ ├── tink/
│ │ ├── BUILD.bazel
│ │ ├── aead.go
│ │ ├── deterministic_aead.go
│ │ ├── hybrid_decrypt.go
│ │ ├── hybrid_encrypt.go
│ │ ├── mac.go
│ │ ├── signer.go
│ │ ├── streamingaead.go
│ │ ├── tink.go
│ │ ├── verifier.go
│ │ └── version.go
│ └── tink_version.bzl
├── java_src/
│ ├── .bazelignore
│ ├── .bazelrc
│ ├── .bazelversion
│ ├── BUILD.bazel
│ ├── WORKSPACE
│ ├── examples/
│ │ ├── .bazelignore
│ │ ├── .bazelrc
│ │ ├── .bazelversion
│ │ ├── BUILD.bazel
│ │ ├── WORKSPACE
│ │ ├── aead/
│ │ │ ├── AeadExample.java
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── aead_example_test.sh
│ │ │ └── aead_test_keyset.json
│ │ ├── android/
│ │ │ └── helloworld/
│ │ │ ├── README.md
│ │ │ ├── app/
│ │ │ │ ├── build.gradle
│ │ │ │ ├── maven_local.gradle
│ │ │ │ ├── maven_snapshot.gradle
│ │ │ │ └── src/
│ │ │ │ └── main/
│ │ │ │ ├── AndroidManifest.xml
│ │ │ │ ├── java/
│ │ │ │ │ └── com/
│ │ │ │ │ └── helloworld/
│ │ │ │ │ ├── MainActivity.java
│ │ │ │ │ └── TinkApplication.java
│ │ │ │ └── res/
│ │ │ │ ├── layout/
│ │ │ │ │ └── activity_main.xml
│ │ │ │ └── values/
│ │ │ │ ├── colors.xml
│ │ │ │ ├── dimens.xml
│ │ │ │ ├── strings.xml
│ │ │ │ └── styles.xml
│ │ │ ├── build.gradle
│ │ │ ├── gradle/
│ │ │ │ └── wrapper/
│ │ │ │ ├── gradle-wrapper.jar
│ │ │ │ └── gradle-wrapper.properties
│ │ │ ├── gradle.properties
│ │ │ ├── gradlew
│ │ │ ├── gradlew.bat
│ │ │ └── settings.gradle
│ │ ├── cleartextkeyset/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CleartextKeysetExample.java
│ │ │ ├── README.md
│ │ │ └── cleartext_keyset_example_test.sh
│ │ ├── deterministicaead/
│ │ │ ├── BUILD.bazel
│ │ │ ├── DeterministicAeadExample.java
│ │ │ ├── README.md
│ │ │ ├── deterministic_aead_test.sh
│ │ │ └── deterministic_aead_test_keyset.json
│ │ ├── encryptedkeyset/
│ │ │ ├── BUILD.bazel
│ │ │ ├── EncryptedKeysetExample.java
│ │ │ ├── README.md
│ │ │ └── encrypted_keyset_example_test.sh
│ │ ├── envelopeaead/
│ │ │ ├── BUILD.bazel
│ │ │ ├── EnvelopeAeadExample.java
│ │ │ ├── README.md
│ │ │ └── envelope_aead_example_test.sh
│ │ ├── gcs/
│ │ │ ├── BUILD.bazel
│ │ │ ├── GcsEnvelopeAeadExample.java
│ │ │ ├── README.md
│ │ │ └── gcs_envelope_aead_example_test.sh
│ │ ├── hybrid/
│ │ │ ├── BUILD.bazel
│ │ │ ├── HybridExample.java
│ │ │ ├── README.md
│ │ │ ├── hybrid_example_test.sh
│ │ │ ├── hybrid_test_private_keyset.json
│ │ │ └── hybrid_test_public_keyset.json
│ │ ├── jwt/
│ │ │ ├── BUILD.bazel
│ │ │ ├── JwtGeneratePublicJwkSet.java
│ │ │ ├── JwtSign.java
│ │ │ ├── JwtVerify.java
│ │ │ ├── README.md
│ │ │ ├── jwt_signature_example_test.sh
│ │ │ └── jwt_signature_test_private_keyset.json
│ │ ├── mac/
│ │ │ ├── BUILD.bazel
│ │ │ ├── MacExample.java
│ │ │ ├── README.md
│ │ │ ├── mac_example_test.sh
│ │ │ └── mac_test_keyset.json
│ │ ├── signature/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── SignatureExample.java
│ │ │ ├── signature_example_test.sh
│ │ │ ├── signature_test_private_keyset.json
│ │ │ └── signature_test_public_keyset.json
│ │ ├── streamingaead/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── StreamingAeadExample.java
│ │ │ ├── streaming_aead_example_test.sh
│ │ │ └── streaming_aead_test_keyset.json
│ │ ├── testdata/
│ │ │ └── gcp/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── credential.json
│ │ │ ├── credential_bad.json
│ │ │ ├── key_name.txt
│ │ │ └── key_name_bad.txt
│ │ └── walkthrough/
│ │ └── src/
│ │ ├── main/
│ │ │ └── java/
│ │ │ └── walkthrough/
│ │ │ ├── BUILD.bazel
│ │ │ ├── CreateKeysetExample.java
│ │ │ ├── ObtainAndUseAeadPrimitiveExample.java
│ │ │ ├── ReadCleartextKeysetExample.java
│ │ │ ├── ReadKeysetExample.java
│ │ │ ├── WriteCleartextKeysetExample.java
│ │ │ └── WriteKeysetExample.java
│ │ └── test/
│ │ └── java/
│ │ └── walkthrough/
│ │ ├── BUILD.bazel
│ │ ├── CreateKesetExampleTest.java
│ │ ├── ObtainAndUseAeadPrimitiveExampleTest.java
│ │ ├── ReadCleartextKeysetExampleTest.java
│ │ ├── ReadKeysetExampleTest.java
│ │ ├── WriteCleartextKeysetExampleTest.java
│ │ └── WriteKeysetExampleTest.java
│ ├── jar_jar_rules.txt
│ ├── proto/
│ │ ├── BUILD.bazel
│ │ ├── aes_cmac.proto
│ │ ├── aes_cmac_prf.proto
│ │ ├── aes_ctr.proto
│ │ ├── aes_ctr_hmac_aead.proto
│ │ ├── aes_ctr_hmac_streaming.proto
│ │ ├── aes_eax.proto
│ │ ├── aes_gcm.proto
│ │ ├── aes_gcm_hkdf_streaming.proto
│ │ ├── aes_gcm_siv.proto
│ │ ├── aes_siv.proto
│ │ ├── chacha20_poly1305.proto
│ │ ├── common.proto
│ │ ├── config.proto
│ │ ├── ecdsa.proto
│ │ ├── ecies_aead_hkdf.proto
│ │ ├── ed25519.proto
│ │ ├── empty.proto
│ │ ├── hkdf_prf.proto
│ │ ├── hmac.proto
│ │ ├── hmac_prf.proto
│ │ ├── hpke.proto
│ │ ├── jwt_ecdsa.proto
│ │ ├── jwt_hmac.proto
│ │ ├── jwt_rsa_ssa_pkcs1.proto
│ │ ├── jwt_rsa_ssa_pss.proto
│ │ ├── kms_aead.proto
│ │ ├── kms_envelope.proto
│ │ ├── prf_based_deriver.proto
│ │ ├── rsa_ssa_pkcs1.proto
│ │ ├── rsa_ssa_pss.proto
│ │ ├── test_proto.proto
│ │ ├── tink.proto
│ │ └── xchacha20_poly1305.proto
│ ├── src/
│ │ ├── main/
│ │ │ ├── java/
│ │ │ │ └── com/
│ │ │ │ └── google/
│ │ │ │ └── crypto/
│ │ │ │ └── tink/
│ │ │ │ ├── AccessesPartialKey.java
│ │ │ │ ├── Aead.java
│ │ │ │ ├── BUILD.bazel
│ │ │ │ ├── BinaryKeysetReader.java
│ │ │ │ ├── BinaryKeysetWriter.java
│ │ │ │ ├── Catalogue.java
│ │ │ │ ├── CleartextKeysetHandle.java
│ │ │ │ ├── Config.java
│ │ │ │ ├── Configuration.java
│ │ │ │ ├── ConfigurationFips140v2.java
│ │ │ │ ├── ConfigurationV0.java
│ │ │ │ ├── CryptoFormat.java
│ │ │ │ ├── DeterministicAead.java
│ │ │ │ ├── HybridDecrypt.java
│ │ │ │ ├── HybridEncrypt.java
│ │ │ │ ├── InsecureSecretKeyAccess.java
│ │ │ │ ├── JsonKeysetReader.java
│ │ │ │ ├── JsonKeysetWriter.java
│ │ │ │ ├── Key.java
│ │ │ │ ├── KeyManager.java
│ │ │ │ ├── KeyStatus.java
│ │ │ │ ├── KeyTemplate.java
│ │ │ │ ├── KeyTemplates.java
│ │ │ │ ├── KeyWrap.java
│ │ │ │ ├── KeysetHandle.java
│ │ │ │ ├── KeysetManager.java
│ │ │ │ ├── KeysetReader.java
│ │ │ │ ├── KeysetWriter.java
│ │ │ │ ├── KmsClient.java
│ │ │ │ ├── KmsClients.java
│ │ │ │ ├── KmsClientsTestUtil.java
│ │ │ │ ├── LegacyKeysetSerialization.java
│ │ │ │ ├── Mac.java
│ │ │ │ ├── NoSecretKeysetHandle.java
│ │ │ │ ├── Parameters.java
│ │ │ │ ├── PemKeyType.java
│ │ │ │ ├── PrimitiveWrapper.java
│ │ │ │ ├── PrivateKey.java
│ │ │ │ ├── PrivateKeyManager.java
│ │ │ │ ├── PublicKeySign.java
│ │ │ │ ├── PublicKeyVerify.java
│ │ │ │ ├── Registry.java
│ │ │ │ ├── RegistryConfiguration.java
│ │ │ │ ├── SecretKeyAccess.java
│ │ │ │ ├── StreamingAead.java
│ │ │ │ ├── TinkJsonProtoKeysetFormat.java
│ │ │ │ ├── TinkProtoKeysetFormat.java
│ │ │ │ ├── TinkProtoParametersFormat.java
│ │ │ │ ├── Util.java
│ │ │ │ ├── Version.java.templ
│ │ │ │ ├── aead/
│ │ │ │ │ ├── AeadConfig.java
│ │ │ │ │ ├── AeadFactory.java
│ │ │ │ │ ├── AeadKey.java
│ │ │ │ │ ├── AeadKeyTemplates.java
│ │ │ │ │ ├── AeadParameters.java
│ │ │ │ │ ├── AeadWrapper.java
│ │ │ │ │ ├── AesCtrHmacAeadKey.java
│ │ │ │ │ ├── AesCtrHmacAeadKeyManager.java
│ │ │ │ │ ├── AesCtrHmacAeadParameters.java
│ │ │ │ │ ├── AesEaxKey.java
│ │ │ │ │ ├── AesEaxKeyManager.java
│ │ │ │ │ ├── AesEaxParameters.java
│ │ │ │ │ ├── AesGcmKey.java
│ │ │ │ │ ├── AesGcmKeyManager.java
│ │ │ │ │ ├── AesGcmParameters.java
│ │ │ │ │ ├── AesGcmSivKey.java
│ │ │ │ │ ├── AesGcmSivKeyManager.java
│ │ │ │ │ ├── AesGcmSivParameters.java
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── ChaCha20Poly1305Key.java
│ │ │ │ │ ├── ChaCha20Poly1305KeyManager.java
│ │ │ │ │ ├── ChaCha20Poly1305Parameters.java
│ │ │ │ │ ├── KmsAeadKeyManager.java
│ │ │ │ │ ├── KmsEnvelopeAead.java
│ │ │ │ │ ├── KmsEnvelopeAeadKeyManager.java
│ │ │ │ │ ├── LegacyKmsAeadKey.java
│ │ │ │ │ ├── LegacyKmsAeadParameters.java
│ │ │ │ │ ├── LegacyKmsAeadProtoSerialization.java
│ │ │ │ │ ├── LegacyKmsEnvelopeAeadKey.java
│ │ │ │ │ ├── LegacyKmsEnvelopeAeadParameters.java
│ │ │ │ │ ├── LegacyKmsEnvelopeAeadProtoSerialization.java
│ │ │ │ │ ├── PredefinedAeadParameters.java
│ │ │ │ │ ├── XChaCha20Poly1305Key.java
│ │ │ │ │ ├── XChaCha20Poly1305KeyManager.java
│ │ │ │ │ ├── XChaCha20Poly1305Parameters.java
│ │ │ │ │ ├── internal/
│ │ │ │ │ │ ├── AesCtrHmacAeadProtoSerialization.java
│ │ │ │ │ │ ├── AesEaxProtoSerialization.java
│ │ │ │ │ │ ├── AesGcmProtoSerialization.java
│ │ │ │ │ │ ├── AesGcmSivProtoSerialization.java
│ │ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ │ ├── ChaCha20Poly1305Jce.java
│ │ │ │ │ │ ├── ChaCha20Poly1305ProtoSerialization.java
│ │ │ │ │ │ ├── ChaCha20Util.java
│ │ │ │ │ │ ├── InsecureNonceAesGcmJce.java
│ │ │ │ │ │ ├── InsecureNonceChaCha20.java
│ │ │ │ │ │ ├── InsecureNonceChaCha20Base.java
│ │ │ │ │ │ ├── InsecureNonceChaCha20Poly1305.java
│ │ │ │ │ │ ├── InsecureNonceChaCha20Poly1305Base.java
│ │ │ │ │ │ ├── InsecureNonceChaCha20Poly1305Jce.java
│ │ │ │ │ │ ├── InsecureNonceXChaCha20.java
│ │ │ │ │ │ ├── InsecureNonceXChaCha20Poly1305.java
│ │ │ │ │ │ ├── LegacyAesCtrHmacTestKeyManager.java
│ │ │ │ │ │ ├── LegacyFullAead.java
│ │ │ │ │ │ ├── Poly1305.java
│ │ │ │ │ │ ├── XChaCha20Poly1305Jce.java
│ │ │ │ │ │ └── XChaCha20Poly1305ProtoSerialization.java
│ │ │ │ │ └── subtle/
│ │ │ │ │ ├── AeadFactory.java
│ │ │ │ │ ├── AesGcmFactory.java
│ │ │ │ │ ├── AesGcmSiv.java
│ │ │ │ │ └── BUILD.bazel
│ │ │ │ ├── annotations/
│ │ │ │ │ ├── Alpha.java
│ │ │ │ │ └── BUILD.bazel
│ │ │ │ ├── config/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── TinkConfig.java
│ │ │ │ │ ├── TinkFips.java
│ │ │ │ │ └── internal/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── TinkFipsDisabled.java
│ │ │ │ │ ├── TinkFipsEnabled.java
│ │ │ │ │ └── TinkFipsUtil.java
│ │ │ │ ├── daead/
│ │ │ │ │ ├── AesSivKey.java
│ │ │ │ │ ├── AesSivKeyManager.java
│ │ │ │ │ ├── AesSivParameters.java
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── DeterministicAeadConfig.java
│ │ │ │ │ ├── DeterministicAeadFactory.java
│ │ │ │ │ ├── DeterministicAeadKey.java
│ │ │ │ │ ├── DeterministicAeadKeyTemplates.java
│ │ │ │ │ ├── DeterministicAeadParameters.java
│ │ │ │ │ ├── DeterministicAeadWrapper.java
│ │ │ │ │ ├── PredefinedDeterministicAeadParameters.java
│ │ │ │ │ └── internal/
│ │ │ │ │ ├── AesSivProtoSerialization.java
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── LegacyFullDeterministicAead.java
│ │ │ │ │ └── testing/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ └── LegacyAesSivTestKeyManager.java
│ │ │ │ ├── hybrid/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── EciesAeadHkdfPrivateKeyManager.java
│ │ │ │ │ ├── EciesAeadHkdfPublicKeyManager.java
│ │ │ │ │ ├── EciesParameters.java
│ │ │ │ │ ├── EciesPrivateKey.java
│ │ │ │ │ ├── EciesPublicKey.java
│ │ │ │ │ ├── HpkeParameters.java
│ │ │ │ │ ├── HpkePrivateKey.java
│ │ │ │ │ ├── HpkeProtoSerialization.java
│ │ │ │ │ ├── HpkePublicKey.java
│ │ │ │ │ ├── HybridConfig.java
│ │ │ │ │ ├── HybridDecryptConfig.java
│ │ │ │ │ ├── HybridDecryptFactory.java
│ │ │ │ │ ├── HybridDecryptWrapper.java
│ │ │ │ │ ├── HybridEncryptConfig.java
│ │ │ │ │ ├── HybridEncryptFactory.java
│ │ │ │ │ ├── HybridEncryptWrapper.java
│ │ │ │ │ ├── HybridKeyTemplates.java
│ │ │ │ │ ├── HybridParameters.java
│ │ │ │ │ ├── HybridPrivateKey.java
│ │ │ │ │ ├── HybridPublicKey.java
│ │ │ │ │ ├── HybridUtil.java
│ │ │ │ │ ├── PredefinedHybridParameters.java
│ │ │ │ │ ├── internal/
│ │ │ │ │ │ ├── AesGcmHpkeAead.java
│ │ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ │ ├── ChaCha20Poly1305HpkeAead.java
│ │ │ │ │ │ ├── EciesProtoSerialization.java
│ │ │ │ │ │ ├── HkdfHpkeKdf.java
│ │ │ │ │ │ ├── HpkeAead.java
│ │ │ │ │ │ ├── HpkeContext.java
│ │ │ │ │ │ ├── HpkeDecrypt.java
│ │ │ │ │ │ ├── HpkeEncrypt.java
│ │ │ │ │ │ ├── HpkeKdf.java
│ │ │ │ │ │ ├── HpkeKem.java
│ │ │ │ │ │ ├── HpkeKemEncapOutput.java
│ │ │ │ │ │ ├── HpkeKemKeyFactory.java
│ │ │ │ │ │ ├── HpkeKemPrivateKey.java
│ │ │ │ │ │ ├── HpkePrimitiveFactory.java
│ │ │ │ │ │ ├── HpkePrivateKeyManager.java
│ │ │ │ │ │ ├── HpkePublicKeyManager.java
│ │ │ │ │ │ ├── HpkeUtil.java
│ │ │ │ │ │ ├── LegacyFullHybridDecrypt.java
│ │ │ │ │ │ ├── LegacyFullHybridEncrypt.java
│ │ │ │ │ │ ├── NistCurvesHpkeKem.java
│ │ │ │ │ │ ├── NistCurvesHpkeKemPrivateKey.java
│ │ │ │ │ │ ├── X25519HpkeKem.java
│ │ │ │ │ │ ├── X25519HpkeKemPrivateKey.java
│ │ │ │ │ │ └── testing/
│ │ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ │ ├── EciesAeadHkdfTestUtil.java
│ │ │ │ │ │ ├── HpkeTestUtil.java
│ │ │ │ │ │ ├── HybridTestVector.java
│ │ │ │ │ │ ├── LegacyHybridDecryptKeyManager.java
│ │ │ │ │ │ └── LegacyHybridEncryptKeyManager.java
│ │ │ │ │ └── subtle/
│ │ │ │ │ ├── AeadOrDaead.java
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── RsaKem.java
│ │ │ │ │ ├── RsaKemHybridDecrypt.java
│ │ │ │ │ └── RsaKemHybridEncrypt.java
│ │ │ │ ├── integration/
│ │ │ │ │ ├── android/
│ │ │ │ │ │ ├── AndroidKeysetManager.java
│ │ │ │ │ │ ├── AndroidKeystoreAesGcm.java
│ │ │ │ │ │ ├── AndroidKeystoreKmsClient.java
│ │ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ │ ├── SharedPrefKeysetReader.java
│ │ │ │ │ │ ├── SharedPrefKeysetWriter.java
│ │ │ │ │ │ └── internal/
│ │ │ │ │ │ └── FakeAndroidKeystoreProvider.java
│ │ │ │ │ ├── awskms/
│ │ │ │ │ │ ├── AwsKmsAead.java
│ │ │ │ │ │ ├── AwsKmsClient.java
│ │ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ │ └── FakeAwsKms.java
│ │ │ │ │ ├── gcpkms/
│ │ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ │ ├── FakeCloudKms.java
│ │ │ │ │ │ ├── FakeKeyManagementServiceClient.java
│ │ │ │ │ │ ├── GcpKmsAead.java
│ │ │ │ │ │ └── GcpKmsClient.java
│ │ │ │ │ └── hcvault/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── FakeHcVault.java
│ │ │ │ │ └── HcVaultAead.java
│ │ │ │ ├── internal/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── BigIntegerEncoding.java
│ │ │ │ │ ├── BuildDispatchedCode.java
│ │ │ │ │ ├── Curve25519.java
│ │ │ │ │ ├── Ed25519.java
│ │ │ │ │ ├── Ed25519Constants.java
│ │ │ │ │ ├── EllipticCurvesUtil.java
│ │ │ │ │ ├── EnumTypeProtoConverter.java
│ │ │ │ │ ├── Field25519.java
│ │ │ │ │ ├── InternalConfiguration.java
│ │ │ │ │ ├── JsonParser.java
│ │ │ │ │ ├── KeyManagerRegistry.java
│ │ │ │ │ ├── KeyParser.java
│ │ │ │ │ ├── KeySerializer.java
│ │ │ │ │ ├── KeyStatusTypeProtoConverter.java
│ │ │ │ │ ├── KeyTemplateProtoConverter.java
│ │ │ │ │ ├── KeyTester.java
│ │ │ │ │ ├── LegacyKeyManagerImpl.java
│ │ │ │ │ ├── LegacyProtoKey.java
│ │ │ │ │ ├── LegacyProtoParameters.java
│ │ │ │ │ ├── MonitoringUtil.java
│ │ │ │ │ ├── MutableKeyCreationRegistry.java
│ │ │ │ │ ├── MutableKeyDerivationRegistry.java
│ │ │ │ │ ├── MutableMonitoringRegistry.java
│ │ │ │ │ ├── MutableParametersRegistry.java
│ │ │ │ │ ├── MutablePrimitiveRegistry.java
│ │ │ │ │ ├── MutableSerializationRegistry.java
│ │ │ │ │ ├── OutputPrefixUtil.java
│ │ │ │ │ ├── ParametersParser.java
│ │ │ │ │ ├── ParametersSerializer.java
│ │ │ │ │ ├── PrimitiveConstructor.java
│ │ │ │ │ ├── PrimitiveFactory.java
│ │ │ │ │ ├── PrimitiveRegistry.java
│ │ │ │ │ ├── PrimitiveSet.java
│ │ │ │ │ ├── ProtoKeySerialization.java
│ │ │ │ │ ├── ProtoParametersSerialization.java
│ │ │ │ │ ├── Random.java
│ │ │ │ │ ├── RegistryConfiguration.java
│ │ │ │ │ ├── Serialization.java
│ │ │ │ │ ├── SerializationRegistry.java
│ │ │ │ │ ├── SlowInputStream.java
│ │ │ │ │ ├── TinkBugException.java
│ │ │ │ │ ├── Util.java
│ │ │ │ │ └── testing/
│ │ │ │ │ ├── Asserts.java
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── BigIntegerTestUtil.java
│ │ │ │ │ ├── FakeMonitoringClient.java
│ │ │ │ │ ├── KeyWithSerialization.java
│ │ │ │ │ └── ParametersWithSerialization.java
│ │ │ │ ├── jwt/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── JsonUtil.java
│ │ │ │ │ ├── JwkSetConverter.java
│ │ │ │ │ ├── JwtEcdsaParameters.java
│ │ │ │ │ ├── JwtEcdsaPrivateKey.java
│ │ │ │ │ ├── JwtEcdsaProtoSerialization.java
│ │ │ │ │ ├── JwtEcdsaPublicKey.java
│ │ │ │ │ ├── JwtEcdsaSignKeyManager.java
│ │ │ │ │ ├── JwtEcdsaVerifyKeyManager.java
│ │ │ │ │ ├── JwtFormat.java
│ │ │ │ │ ├── JwtHmacKey.java
│ │ │ │ │ ├── JwtHmacKeyManager.java
│ │ │ │ │ ├── JwtHmacParameters.java
│ │ │ │ │ ├── JwtHmacProtoSerialization.java
│ │ │ │ │ ├── JwtInvalidException.java
│ │ │ │ │ ├── JwtMac.java
│ │ │ │ │ ├── JwtMacConfig.java
│ │ │ │ │ ├── JwtMacKey.java
│ │ │ │ │ ├── JwtMacParameters.java
│ │ │ │ │ ├── JwtMacWrapper.java
│ │ │ │ │ ├── JwtNames.java
│ │ │ │ │ ├── JwtPublicKeySign.java
│ │ │ │ │ ├── JwtPublicKeySignInternal.java
│ │ │ │ │ ├── JwtPublicKeySignWrapper.java
│ │ │ │ │ ├── JwtPublicKeyVerify.java
│ │ │ │ │ ├── JwtPublicKeyVerifyInternal.java
│ │ │ │ │ ├── JwtPublicKeyVerifyWrapper.java
│ │ │ │ │ ├── JwtRsaSsaPkcs1Parameters.java
│ │ │ │ │ ├── JwtRsaSsaPkcs1PrivateKey.java
│ │ │ │ │ ├── JwtRsaSsaPkcs1ProtoSerialization.java
│ │ │ │ │ ├── JwtRsaSsaPkcs1PublicKey.java
│ │ │ │ │ ├── JwtRsaSsaPkcs1SignKeyManager.java
│ │ │ │ │ ├── JwtRsaSsaPkcs1VerifyKeyManager.java
│ │ │ │ │ ├── JwtRsaSsaPssParameters.java
│ │ │ │ │ ├── JwtRsaSsaPssPrivateKey.java
│ │ │ │ │ ├── JwtRsaSsaPssProtoSerialization.java
│ │ │ │ │ ├── JwtRsaSsaPssPublicKey.java
│ │ │ │ │ ├── JwtRsaSsaPssSignKeyManager.java
│ │ │ │ │ ├── JwtRsaSsaPssVerifyKeyManager.java
│ │ │ │ │ ├── JwtSignatureConfig.java
│ │ │ │ │ ├── JwtSignatureParameters.java
│ │ │ │ │ ├── JwtSignaturePrivateKey.java
│ │ │ │ │ ├── JwtSignaturePublicKey.java
│ │ │ │ │ ├── JwtValidator.java
│ │ │ │ │ ├── RawJwt.java
│ │ │ │ │ └── VerifiedJwt.java
│ │ │ │ ├── keyderivation/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── KeyDerivationConfig.java
│ │ │ │ │ ├── KeyDerivationKey.java
│ │ │ │ │ ├── KeyDerivationParameters.java
│ │ │ │ │ ├── KeysetDeriver.java
│ │ │ │ │ ├── KeysetDeriverWrapper.java
│ │ │ │ │ ├── PrfBasedKeyDerivationKey.java
│ │ │ │ │ ├── PrfBasedKeyDerivationParameters.java
│ │ │ │ │ └── internal/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── KeyDeriver.java
│ │ │ │ │ ├── KeysetDeriverWrapper.java
│ │ │ │ │ ├── PrfBasedDeriverKeyManager.java
│ │ │ │ │ ├── PrfBasedKeyDerivationKeyProtoSerialization.java
│ │ │ │ │ └── PrfBasedKeyDeriver.java
│ │ │ │ ├── mac/
│ │ │ │ │ ├── AesCmacKey.java
│ │ │ │ │ ├── AesCmacKeyManager.java
│ │ │ │ │ ├── AesCmacParameters.java
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── ChunkedMac.java
│ │ │ │ │ ├── ChunkedMacComputation.java
│ │ │ │ │ ├── ChunkedMacVerification.java
│ │ │ │ │ ├── ChunkedMacWrapper.java
│ │ │ │ │ ├── HmacKey.java
│ │ │ │ │ ├── HmacKeyManager.java
│ │ │ │ │ ├── HmacParameters.java
│ │ │ │ │ ├── MacConfig.java
│ │ │ │ │ ├── MacFactory.java
│ │ │ │ │ ├── MacKey.java
│ │ │ │ │ ├── MacKeyTemplates.java
│ │ │ │ │ ├── MacParameters.java
│ │ │ │ │ ├── MacWrapper.java
│ │ │ │ │ ├── PredefinedMacParameters.java
│ │ │ │ │ └── internal/
│ │ │ │ │ ├── AesCmacProtoSerialization.java
│ │ │ │ │ ├── AesCmacTestUtil.java
│ │ │ │ │ ├── AesUtil.java
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── ChunkedAesCmacComputation.java
│ │ │ │ │ ├── ChunkedAesCmacImpl.java
│ │ │ │ │ ├── ChunkedAesCmacVerification.java
│ │ │ │ │ ├── ChunkedHmacComputation.java
│ │ │ │ │ ├── ChunkedHmacImpl.java
│ │ │ │ │ ├── ChunkedHmacVerification.java
│ │ │ │ │ ├── HmacProtoSerialization.java
│ │ │ │ │ ├── HmacTestUtil.java
│ │ │ │ │ ├── LegacyFullMac.java
│ │ │ │ │ └── LegacyHmacTestKeyManager.java
│ │ │ │ ├── monitoring/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── MonitoringAnnotations.java
│ │ │ │ │ ├── MonitoringClient.java
│ │ │ │ │ └── MonitoringKeysetInfo.java
│ │ │ │ ├── prf/
│ │ │ │ │ ├── AesCmacPrfKey.java
│ │ │ │ │ ├── AesCmacPrfKeyManager.java
│ │ │ │ │ ├── AesCmacPrfParameters.java
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── HkdfPrfKey.java
│ │ │ │ │ ├── HkdfPrfKeyManager.java
│ │ │ │ │ ├── HkdfPrfParameters.java
│ │ │ │ │ ├── HmacPrfKey.java
│ │ │ │ │ ├── HmacPrfKeyManager.java
│ │ │ │ │ ├── HmacPrfParameters.java
│ │ │ │ │ ├── PredefinedPrfParameters.java
│ │ │ │ │ ├── Prf.java
│ │ │ │ │ ├── PrfConfig.java
│ │ │ │ │ ├── PrfKey.java
│ │ │ │ │ ├── PrfKeyTemplates.java
│ │ │ │ │ ├── PrfParameters.java
│ │ │ │ │ ├── PrfSet.java
│ │ │ │ │ ├── PrfSetWrapper.java
│ │ │ │ │ └── internal/
│ │ │ │ │ ├── AesCmacPrfProtoSerialization.java
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── HkdfPrfProtoSerialization.java
│ │ │ │ │ ├── HmacPrfProtoSerialization.java
│ │ │ │ │ ├── LegacyFullPrf.java
│ │ │ │ │ ├── LegacyHmacPrfTestKeyManager.java
│ │ │ │ │ └── LegacyHmacPrfTestUtil.java
│ │ │ │ ├── signature/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── EcdsaParameters.java
│ │ │ │ │ ├── EcdsaPrivateKey.java
│ │ │ │ │ ├── EcdsaPublicKey.java
│ │ │ │ │ ├── EcdsaSignKeyManager.java
│ │ │ │ │ ├── EcdsaVerifyKeyManager.java
│ │ │ │ │ ├── Ed25519Parameters.java
│ │ │ │ │ ├── Ed25519PrivateKey.java
│ │ │ │ │ ├── Ed25519PrivateKeyManager.java
│ │ │ │ │ ├── Ed25519PublicKey.java
│ │ │ │ │ ├── Ed25519PublicKeyManager.java
│ │ │ │ │ ├── PredefinedSignatureParameters.java
│ │ │ │ │ ├── PublicKeySignConfig.java
│ │ │ │ │ ├── PublicKeySignFactory.java
│ │ │ │ │ ├── PublicKeySignWrapper.java
│ │ │ │ │ ├── PublicKeyVerifyConfig.java
│ │ │ │ │ ├── PublicKeyVerifyFactory.java
│ │ │ │ │ ├── PublicKeyVerifyWrapper.java
│ │ │ │ │ ├── RsaSsaPkcs1Parameters.java
│ │ │ │ │ ├── RsaSsaPkcs1PrivateKey.java
│ │ │ │ │ ├── RsaSsaPkcs1PublicKey.java
│ │ │ │ │ ├── RsaSsaPkcs1SignKeyManager.java
│ │ │ │ │ ├── RsaSsaPkcs1VerifyKeyManager.java
│ │ │ │ │ ├── RsaSsaPssParameters.java
│ │ │ │ │ ├── RsaSsaPssPrivateKey.java
│ │ │ │ │ ├── RsaSsaPssPublicKey.java
│ │ │ │ │ ├── RsaSsaPssSignKeyManager.java
│ │ │ │ │ ├── RsaSsaPssVerifyKeyManager.java
│ │ │ │ │ ├── SignatureConfig.java
│ │ │ │ │ ├── SignatureKeyTemplates.java
│ │ │ │ │ ├── SignatureParameters.java
│ │ │ │ │ ├── SignaturePemKeysetReader.java
│ │ │ │ │ ├── SignaturePrivateKey.java
│ │ │ │ │ ├── SignaturePublicKey.java
│ │ │ │ │ └── internal/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── EcdsaProtoSerialization.java
│ │ │ │ │ ├── Ed25519ProtoSerialization.java
│ │ │ │ │ ├── LegacyFullSign.java
│ │ │ │ │ ├── LegacyFullVerify.java
│ │ │ │ │ ├── RsaSsaPkcs1ProtoSerialization.java
│ │ │ │ │ ├── RsaSsaPssProtoSerialization.java
│ │ │ │ │ ├── SigUtil.java
│ │ │ │ │ └── testing/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── EcdsaTestUtil.java
│ │ │ │ │ ├── Ed25519TestUtil.java
│ │ │ │ │ ├── LegacyPublicKeySignKeyManager.java
│ │ │ │ │ ├── LegacyPublicKeyVerifyKeyManager.java
│ │ │ │ │ ├── RsaSsaPkcs1TestUtil.java
│ │ │ │ │ ├── RsaSsaPssTestUtil.java
│ │ │ │ │ └── SignatureTestVector.java
│ │ │ │ ├── streamingaead/
│ │ │ │ │ ├── AesCtrHmacStreamingKey.java
│ │ │ │ │ ├── AesCtrHmacStreamingKeyManager.java
│ │ │ │ │ ├── AesCtrHmacStreamingParameters.java
│ │ │ │ │ ├── AesGcmHkdfStreamingKey.java
│ │ │ │ │ ├── AesGcmHkdfStreamingKeyManager.java
│ │ │ │ │ ├── AesGcmHkdfStreamingParameters.java
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── InputStreamDecrypter.java
│ │ │ │ │ ├── PredefinedStreamingAeadParameters.java
│ │ │ │ │ ├── ReadableByteChannelDecrypter.java
│ │ │ │ │ ├── SeekableByteChannelDecrypter.java
│ │ │ │ │ ├── StreamingAeadConfig.java
│ │ │ │ │ ├── StreamingAeadFactory.java
│ │ │ │ │ ├── StreamingAeadHelper.java
│ │ │ │ │ ├── StreamingAeadKey.java
│ │ │ │ │ ├── StreamingAeadKeyTemplates.java
│ │ │ │ │ ├── StreamingAeadParameters.java
│ │ │ │ │ ├── StreamingAeadUtil.java
│ │ │ │ │ ├── StreamingAeadWrapper.java
│ │ │ │ │ └── internal/
│ │ │ │ │ ├── AesCtrHmacStreamingProtoSerialization.java
│ │ │ │ │ ├── AesGcmHkdfStreamingProtoSerialization.java
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── LegacyAesGcmHkdfStreamingTestKeyManager.java
│ │ │ │ │ └── LegacyFullStreamingAead.java
│ │ │ │ ├── subtle/
│ │ │ │ │ ├── AesCtrHmacStreaming.java
│ │ │ │ │ ├── AesCtrJceCipher.java
│ │ │ │ │ ├── AesEaxJce.java
│ │ │ │ │ ├── AesGcmHkdfStreaming.java
│ │ │ │ │ ├── AesGcmJce.java
│ │ │ │ │ ├── AesSiv.java
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── Base64.java
│ │ │ │ │ ├── Bytes.java
│ │ │ │ │ ├── ChaCha20.java
│ │ │ │ │ ├── ChaCha20Poly1305.java
│ │ │ │ │ ├── EcdsaSignJce.java
│ │ │ │ │ ├── EcdsaVerifyJce.java
│ │ │ │ │ ├── EciesAeadHkdfDemHelper.java
│ │ │ │ │ ├── EciesAeadHkdfHybridDecrypt.java
│ │ │ │ │ ├── EciesAeadHkdfHybridEncrypt.java
│ │ │ │ │ ├── EciesHkdfRecipientKem.java
│ │ │ │ │ ├── EciesHkdfSenderKem.java
│ │ │ │ │ ├── Ed25519Sign.java
│ │ │ │ │ ├── Ed25519Verify.java
│ │ │ │ │ ├── EllipticCurves.java
│ │ │ │ │ ├── EncryptThenAuthenticate.java
│ │ │ │ │ ├── EngineFactory.java
│ │ │ │ │ ├── EngineWrapper.java
│ │ │ │ │ ├── Enums.java
│ │ │ │ │ ├── Hex.java
│ │ │ │ │ ├── Hkdf.java
│ │ │ │ │ ├── IndCpaCipher.java
│ │ │ │ │ ├── Kwp.java
│ │ │ │ │ ├── NonceBasedStreamingAead.java
│ │ │ │ │ ├── PemKeyType.java
│ │ │ │ │ ├── PrfAesCmac.java
│ │ │ │ │ ├── PrfHmacJce.java
│ │ │ │ │ ├── PrfMac.java
│ │ │ │ │ ├── Random.java
│ │ │ │ │ ├── RewindableReadableByteChannel.java
│ │ │ │ │ ├── RsaSsaPkcs1SignJce.java
│ │ │ │ │ ├── RsaSsaPkcs1VerifyJce.java
│ │ │ │ │ ├── RsaSsaPssSignJce.java
│ │ │ │ │ ├── RsaSsaPssVerifyJce.java
│ │ │ │ │ ├── SelfKeyTestValidators.java
│ │ │ │ │ ├── StreamSegmentDecrypter.java
│ │ │ │ │ ├── StreamSegmentEncrypter.java
│ │ │ │ │ ├── StreamingAeadDecryptingChannel.java
│ │ │ │ │ ├── StreamingAeadDecryptingStream.java
│ │ │ │ │ ├── StreamingAeadEncryptingChannel.java
│ │ │ │ │ ├── StreamingAeadEncryptingStream.java
│ │ │ │ │ ├── StreamingAeadSeekableDecryptingChannel.java
│ │ │ │ │ ├── SubtleUtil.java
│ │ │ │ │ ├── Validators.java
│ │ │ │ │ ├── X25519.java
│ │ │ │ │ ├── XChaCha20.java
│ │ │ │ │ ├── XChaCha20Poly1305.java
│ │ │ │ │ └── prf/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── HkdfStreamingPrf.java
│ │ │ │ │ ├── PrfImpl.java
│ │ │ │ │ └── StreamingPrf.java
│ │ │ │ ├── testing/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── FakeKmsClient.java
│ │ │ │ │ ├── HpkeTestEncryption.java
│ │ │ │ │ ├── HpkeTestId.java
│ │ │ │ │ ├── HpkeTestSetup.java
│ │ │ │ │ ├── HpkeTestUtil.java
│ │ │ │ │ ├── HpkeTestVector.java
│ │ │ │ │ ├── StreamingTestUtil.java
│ │ │ │ │ ├── TestUtil.java
│ │ │ │ │ └── WycheproofTestUtil.java
│ │ │ │ ├── tinkkey/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── KeyAccess.java
│ │ │ │ │ ├── KeyHandle.java
│ │ │ │ │ ├── SecretKeyAccess.java
│ │ │ │ │ ├── TinkKey.java
│ │ │ │ │ └── internal/
│ │ │ │ │ ├── BUILD.bazel
│ │ │ │ │ ├── InternalKeyHandle.java
│ │ │ │ │ └── ProtoKey.java
│ │ │ │ └── util/
│ │ │ │ ├── BUILD.bazel
│ │ │ │ ├── Bytes.java
│ │ │ │ ├── KeysDownloader.java
│ │ │ │ ├── SecretBigInteger.java
│ │ │ │ └── SecretBytes.java
│ │ │ └── resources/
│ │ │ └── META-INF/
│ │ │ └── proguard/
│ │ │ └── protobuf.pro
│ │ └── test/
│ │ ├── BUILD.bazel
│ │ └── java/
│ │ └── com/
│ │ └── google/
│ │ └── crypto/
│ │ └── tink/
│ │ ├── BUILD.bazel
│ │ ├── BinaryKeysetReaderTest.java
│ │ ├── CleartextKeysetHandleTest.java
│ │ ├── ConfigTest.java
│ │ ├── ConfigurationFips140v2Test.java
│ │ ├── ConfigurationFips140v2WithoutConscryptTest.java
│ │ ├── ConfigurationV0Test.java
│ │ ├── CryptoFormatTest.java
│ │ ├── IntegrationTest.java
│ │ ├── JsonKeysetReaderTest.java
│ │ ├── JsonKeysetWriterTest.java
│ │ ├── KeyTemplateTest.java
│ │ ├── KeyTemplatesAsParametersTest.java
│ │ ├── KeyTemplatesTest.java
│ │ ├── KeysetHandleFullPrimitiveTest.java
│ │ ├── KeysetHandleTest.java
│ │ ├── KeysetManagerTest.java
│ │ ├── LateRegistrationTest.java
│ │ ├── LegacyKeysetSerializationTest.java
│ │ ├── MonitoringUtilTest.java
│ │ ├── NoSecretKeysetHandleTest.java
│ │ ├── PemKeyTypeTest.java
│ │ ├── RegistryConfigurationTest.java
│ │ ├── RegistryMultithreadTest.java
│ │ ├── RegistryTest.java
│ │ ├── SecretKeyAccessTest.java
│ │ ├── TinkJsonProtoKeysetFormatTest.java
│ │ ├── TinkProtoKeysetFormatTest.java
│ │ ├── TinkProtoParametersFormatTest.java
│ │ ├── TinkProtoTest.java
│ │ ├── UtilTest.java
│ │ ├── VersionTest.java
│ │ ├── aead/
│ │ │ ├── AeadConfigTest.java
│ │ │ ├── AeadFactoryTest.java
│ │ │ ├── AeadFactoryWithoutWrapperRegisteredTest.java
│ │ │ ├── AeadKeyTemplatesTest.java
│ │ │ ├── AeadTest.java
│ │ │ ├── AeadWrapperTest.java
│ │ │ ├── AesCtrHmacAeadKeyManagerTest.java
│ │ │ ├── AesCtrHmacAeadKeyTest.java
│ │ │ ├── AesCtrHmacAeadParametersTest.java
│ │ │ ├── AesEaxKeyManagerTest.java
│ │ │ ├── AesEaxKeyTest.java
│ │ │ ├── AesEaxParametersTest.java
│ │ │ ├── AesGcmKeyManagerTest.java
│ │ │ ├── AesGcmKeyTest.java
│ │ │ ├── AesGcmParametersTest.java
│ │ │ ├── AesGcmSivKeyManagerTest.java
│ │ │ ├── AesGcmSivKeyTest.java
│ │ │ ├── AesGcmSivParametersTest.java
│ │ │ ├── BUILD.bazel
│ │ │ ├── ChaCha20Poly1305KeyManagerTest.java
│ │ │ ├── ChaCha20Poly1305KeyTest.java
│ │ │ ├── ChaCha20Poly1305ParametersTest.java
│ │ │ ├── KmsAeadKeyManagerTest.java
│ │ │ ├── KmsEnvelopeAeadKeyManagerTest.java
│ │ │ ├── KmsEnvelopeAeadTest.java
│ │ │ ├── LegacyKmsAeadKeyTest.java
│ │ │ ├── LegacyKmsAeadParametersTest.java
│ │ │ ├── LegacyKmsAeadProtoSerializationTest.java
│ │ │ ├── LegacyKmsEnvelopeAeadKeyTest.java
│ │ │ ├── LegacyKmsEnvelopeAeadParametersTest.java
│ │ │ ├── LegacyKmsEnvelopeAeadProtoSerializationTest.java
│ │ │ ├── PredefinedAeadParametersTest.java
│ │ │ ├── XChaCha20Poly1305KeyManagerTest.java
│ │ │ ├── XChaCha20Poly1305KeyTest.java
│ │ │ ├── XChaCha20Poly1305ParametersTest.java
│ │ │ ├── internal/
│ │ │ │ ├── AesCtrHmacAeadProtoSerializationTest.java
│ │ │ │ ├── AesEaxProtoSerializationTest.java
│ │ │ │ ├── AesGcmProtoSerializationTest.java
│ │ │ │ ├── AesGcmSivProtoSerializationTest.java
│ │ │ │ ├── BUILD.bazel
│ │ │ │ ├── ChaCha20Poly1305JceTest.java
│ │ │ │ ├── ChaCha20Poly1305ProtoSerializationTest.java
│ │ │ │ ├── ChaCha20UtilTest.java
│ │ │ │ ├── InsecureNonceAesGcmJceTest.java
│ │ │ │ ├── InsecureNonceChaCha20Poly1305JceTest.java
│ │ │ │ ├── InsecureNonceChaCha20Poly1305Test.java
│ │ │ │ ├── InsecureNonceChaCha20Test.java
│ │ │ │ ├── InsecureNonceXChaCha20Poly1305Test.java
│ │ │ │ ├── InsecureNonceXChaCha20Test.java
│ │ │ │ ├── LegacyAesCtrHmacTestKeyManagerTest.java
│ │ │ │ ├── LegacyFullAeadIntegrationTest.java
│ │ │ │ ├── LegacyFullAeadTest.java
│ │ │ │ ├── Poly1305Test.java
│ │ │ │ ├── XChaCha20Poly1305JceTest.java
│ │ │ │ └── XChaCha20Poly1305ProtoSerializationTest.java
│ │ │ └── subtle/
│ │ │ ├── AesGcmSivTest.java
│ │ │ └── BUILD.bazel
│ │ ├── config/
│ │ │ ├── BUILD.bazel
│ │ │ ├── TinkConfigTest.java
│ │ │ ├── TinkFipsTest.java
│ │ │ └── internal/
│ │ │ ├── BUILD.bazel
│ │ │ └── TinkFipsUtilTest.java
│ │ ├── custom/
│ │ │ ├── BUILD.bazel
│ │ │ └── CustomAeadKeyManagerTest.java
│ │ ├── daead/
│ │ │ ├── AesSivKeyManagerTest.java
│ │ │ ├── AesSivKeyTest.java
│ │ │ ├── AesSivParametersTest.java
│ │ │ ├── BUILD.bazel
│ │ │ ├── DaeadTest.java
│ │ │ ├── DeterministicAeadConfigTest.java
│ │ │ ├── DeterministicAeadFactoryTest.java
│ │ │ ├── DeterministicAeadFactoryWithoutWrapperRegisteredTest.java
│ │ │ ├── DeterministicAeadKeyTemplatesTest.java
│ │ │ ├── DeterministicAeadWrapperTest.java
│ │ │ ├── KeyManagerIntegrationTest.java
│ │ │ ├── PredefinedDeterministicAeadParametersTest.java
│ │ │ └── internal/
│ │ │ ├── AesSivProtoSerializationTest.java
│ │ │ ├── BUILD.bazel
│ │ │ ├── LegacyFullDeterministicAeadTest.java
│ │ │ └── testing/
│ │ │ ├── BUILD.bazel
│ │ │ └── LegacyAesSivTestKeyManagerTest.java
│ │ ├── hybrid/
│ │ │ ├── BUILD.bazel
│ │ │ ├── EciesAeadHkdfHybridDecryptTest.java
│ │ │ ├── EciesAeadHkdfHybridEncryptTest.java
│ │ │ ├── EciesAeadHkdfPrivateKeyManagerTest.java
│ │ │ ├── EciesParametersTest.java
│ │ │ ├── EciesPrivateKeyTest.java
│ │ │ ├── EciesPublicKeyTest.java
│ │ │ ├── HpkeParametersTest.java
│ │ │ ├── HpkePrivateKeyTest.java
│ │ │ ├── HpkeProtoSerializationTest.java
│ │ │ ├── HpkePublicKeyTest.java
│ │ │ ├── HybridConfigTest.java
│ │ │ ├── HybridDecryptFactoryTest.java
│ │ │ ├── HybridDecryptWrapperTest.java
│ │ │ ├── HybridEncryptDecryptFactoryWithoutWrapperRegisteredTest.java
│ │ │ ├── HybridEncryptFactoryTest.java
│ │ │ ├── HybridEncryptWrapperTest.java
│ │ │ ├── HybridKeyTemplatesTest.java
│ │ │ ├── HybridTest.java
│ │ │ ├── KeyManagerIntegrationTest.java
│ │ │ ├── PredefinedHybridParametersTest.java
│ │ │ ├── internal/
│ │ │ │ ├── AesGcmHpkeAeadTest.java
│ │ │ │ ├── BUILD.bazel
│ │ │ │ ├── ChaCha20Poly1305HpkeAeadTest.java
│ │ │ │ ├── EciesProtoSerializationTest.java
│ │ │ │ ├── HkdfHpkeKdfTest.java
│ │ │ │ ├── HpkeContextTest.java
│ │ │ │ ├── HpkeEncryptDecryptTest.java
│ │ │ │ ├── HpkeKemKeyFactoryTest.java
│ │ │ │ ├── HpkePrimitiveFactoryTest.java
│ │ │ │ ├── HpkePrivateKeyManagerTest.java
│ │ │ │ ├── HpkeUtilTest.java
│ │ │ │ ├── LegacyFullHybridDecryptTest.java
│ │ │ │ ├── LegacyFullHybridEncryptTest.java
│ │ │ │ ├── NistCurvesHpkeKemTest.java
│ │ │ │ ├── X25519HpkeKemPrivateKeyTest.java
│ │ │ │ ├── X25519HpkeKemTest.java
│ │ │ │ └── testing/
│ │ │ │ ├── BUILD.bazel
│ │ │ │ ├── LegacyHybridDecryptKeyManagerTest.java
│ │ │ │ └── LegacyHybridEncryptKeyManagerTest.java
│ │ │ └── subtle/
│ │ │ ├── AeadOrDaeadTest.java
│ │ │ ├── BUILD.bazel
│ │ │ ├── RsaKemHybridDecryptTest.java
│ │ │ ├── RsaKemHybridEncryptTest.java
│ │ │ └── RsaKemTest.java
│ │ ├── integration/
│ │ │ ├── awskms/
│ │ │ │ ├── AwsKmsAeadTest.java
│ │ │ │ ├── AwsKmsClientTest.java
│ │ │ │ ├── BUILD.bazel
│ │ │ │ └── FakeAwsKmsTest.java
│ │ │ ├── gcpkms/
│ │ │ │ ├── BUILD.bazel
│ │ │ │ ├── FakeCloudKmsTest.java
│ │ │ │ ├── GcpKmsAeadTest.java
│ │ │ │ ├── GcpKmsClientTest.java
│ │ │ │ └── GcpKmsIntegrationTest.java
│ │ │ └── hcvault/
│ │ │ ├── BUILD.bazel
│ │ │ ├── FakeHcVaultTest.java
│ │ │ └── HcVaultAeadTest.java
│ │ ├── internal/
│ │ │ ├── BUILD.bazel
│ │ │ ├── BigIntegerEncodingTest.java
│ │ │ ├── Curve25519Test.java
│ │ │ ├── Ed25519Test.java
│ │ │ ├── EllipticCurvesUtilTest.java
│ │ │ ├── EnumTypeProtoConverterTest.java
│ │ │ ├── Field25519Test.java
│ │ │ ├── InternalConfigurationTest.java
│ │ │ ├── JsonParserTest.java
│ │ │ ├── KeyManagerRegistryTest.java
│ │ │ ├── KeyParserTest.java
│ │ │ ├── KeySerializerTest.java
│ │ │ ├── KeyTemplateProtoConverterTest.java
│ │ │ ├── KeyTesterTest.java
│ │ │ ├── LegacyKeyManagerImplTest.java
│ │ │ ├── LegacyProtoKeyTest.java
│ │ │ ├── LegacyProtoParametersTest.java
│ │ │ ├── MutableKeyCreationRegistryTest.java
│ │ │ ├── MutableKeyDerivationRegistryTest.java
│ │ │ ├── MutableMonitoringRegistryTest.java
│ │ │ ├── MutableParametersRegistryTest.java
│ │ │ ├── MutablePrimitiveRegistryMultithreadTest.java
│ │ │ ├── MutablePrimitiveRegistryTest.java
│ │ │ ├── MutableSerializationRegistryMultithreadTest.java
│ │ │ ├── MutableSerializationRegistryTest.java
│ │ │ ├── OutputPrefixUtilTest.java
│ │ │ ├── ParametersParserTest.java
│ │ │ ├── ParametersSerializerTest.java
│ │ │ ├── PrimitiveConstructorTest.java
│ │ │ ├── PrimitiveRegistryTest.java
│ │ │ ├── PrimitiveSetTest.java
│ │ │ ├── ProtoKeySerializationTest.java
│ │ │ ├── ProtoParametersSerializationTest.java
│ │ │ ├── RandomTest.java
│ │ │ ├── RandomWithoutConscryptTest.java
│ │ │ ├── RandomWithoutInstallingConscryptTest.java
│ │ │ ├── RegistryConfigurationTest.java
│ │ │ ├── SerializationRegistryTest.java
│ │ │ ├── SlowInputStreamTest.java
│ │ │ ├── TinkBugExceptionTest.java
│ │ │ ├── UtilTest.java
│ │ │ └── testing/
│ │ │ ├── AssertsTest.java
│ │ │ ├── BUILD.bazel
│ │ │ ├── BigIntegerTestUtilTest.java
│ │ │ ├── FakeMonitoringClientTest.java
│ │ │ ├── KeyWithSerializationTest.java
│ │ │ └── ParametersWithSerializationTest.java
│ │ ├── jwt/
│ │ │ ├── BUILD.bazel
│ │ │ ├── JsonUtilTest.java
│ │ │ ├── JwkSetConverterTest.java
│ │ │ ├── JwtEcdsaParametersTest.java
│ │ │ ├── JwtEcdsaPrivateKeyTest.java
│ │ │ ├── JwtEcdsaProtoSerializationTest.java
│ │ │ ├── JwtEcdsaPublicKeyTest.java
│ │ │ ├── JwtEcdsaSignKeyManagerTest.java
│ │ │ ├── JwtEcdsaVerifyKeyManagerTest.java
│ │ │ ├── JwtFormatTest.java
│ │ │ ├── JwtHmacKeyManagerTest.java
│ │ │ ├── JwtHmacKeyTest.java
│ │ │ ├── JwtHmacParametersTest.java
│ │ │ ├── JwtHmacProtoSerializationTest.java
│ │ │ ├── JwtMacConfigTest.java
│ │ │ ├── JwtMacWrapperTest.java
│ │ │ ├── JwtPublicKeySignVerifyWrappersTest.java
│ │ │ ├── JwtRsaSsaPkcs1ParametersTest.java
│ │ │ ├── JwtRsaSsaPkcs1PrivateKeyTest.java
│ │ │ ├── JwtRsaSsaPkcs1ProtoSerializationTest.java
│ │ │ ├── JwtRsaSsaPkcs1PublicKeyTest.java
│ │ │ ├── JwtRsaSsaPkcs1SignKeyManagerTest.java
│ │ │ ├── JwtRsaSsaPssParametersTest.java
│ │ │ ├── JwtRsaSsaPssPrivateKeyTest.java
│ │ │ ├── JwtRsaSsaPssProtoSerializationTest.java
│ │ │ ├── JwtRsaSsaPssPublicKeyTest.java
│ │ │ ├── JwtRsaSsaPssSignKeyManagerTest.java
│ │ │ ├── JwtRsaSsaPssVerifyKeyManagerTest.java
│ │ │ ├── JwtSignatureConfigTest.java
│ │ │ ├── JwtSignatureTest.java
│ │ │ ├── JwtTest.java
│ │ │ ├── JwtValidatorTest.java
│ │ │ ├── RawJwtTest.java
│ │ │ └── VerifiedJwtTest.java
│ │ ├── keyderivation/
│ │ │ ├── BUILD.bazel
│ │ │ ├── KeyDerivationConfigTest.java
│ │ │ ├── KeyDerivationTest.java
│ │ │ ├── KeysetDeriverWrapperTest.java
│ │ │ ├── PrfBasedKeyDerivationKeyTest.java
│ │ │ ├── PrfBasedKeyDerivationParametersTest.java
│ │ │ └── internal/
│ │ │ ├── BUILD.bazel
│ │ │ ├── KeysetDeriverWrapperTest.java
│ │ │ ├── PrfBasedDeriverKeyManagerTest.java
│ │ │ ├── PrfBasedDeriverSecondTest.java
│ │ │ ├── PrfBasedKeyDerivationKeyProtoSerializationTest.java
│ │ │ └── PrfBasedKeyDeriverTest.java
│ │ ├── mac/
│ │ │ ├── AesCmacKeyManagerTest.java
│ │ │ ├── AesCmacKeyTest.java
│ │ │ ├── AesCmacParametersTest.java
│ │ │ ├── BUILD.bazel
│ │ │ ├── ChunkedMacTest.java
│ │ │ ├── ChunkedMacWrapperTest.java
│ │ │ ├── HmacKeyManagerTest.java
│ │ │ ├── HmacKeyTest.java
│ │ │ ├── HmacParametersTest.java
│ │ │ ├── MacConfigTest.java
│ │ │ ├── MacFactoryTest.java
│ │ │ ├── MacFactoryWithoutWrapperRegisteredTest.java
│ │ │ ├── MacKeyTemplatesTest.java
│ │ │ ├── MacTest.java
│ │ │ ├── MacWrapperTest.java
│ │ │ ├── PredefinedMacParametersTest.java
│ │ │ └── internal/
│ │ │ ├── AesCmacProtoSerializationTest.java
│ │ │ ├── AesUtilTest.java
│ │ │ ├── BUILD.bazel
│ │ │ ├── ChunkedAesCmacTest.java
│ │ │ ├── ChunkedHmacTest.java
│ │ │ ├── HmacProtoSerializationTest.java
│ │ │ ├── LegacyFullMacIntegrationTest.java
│ │ │ └── LegacyFullMacTest.java
│ │ ├── monitoring/
│ │ │ ├── BUILD.bazel
│ │ │ ├── MonitoringAnnotationsTest.java
│ │ │ └── MonitoringKeysetInfoTest.java
│ │ ├── prf/
│ │ │ ├── AesCmacPrfKeyManagerTest.java
│ │ │ ├── AesCmacPrfKeyTest.java
│ │ │ ├── AesCmacPrfParametersTest.java
│ │ │ ├── BUILD.bazel
│ │ │ ├── HkdfPrfKeyManagerTest.java
│ │ │ ├── HkdfPrfKeyTest.java
│ │ │ ├── HkdfPrfParametersTest.java
│ │ │ ├── HmacPrfKeyManagerTest.java
│ │ │ ├── HmacPrfKeyTest.java
│ │ │ ├── HmacPrfParametersTest.java
│ │ │ ├── PredefinedPrfParametersTest.java
│ │ │ ├── PrfConfigTest.java
│ │ │ ├── PrfKeyTemplatesTest.java
│ │ │ ├── PrfSetWrapperTest.java
│ │ │ ├── PrfTest.java
│ │ │ └── internal/
│ │ │ ├── AesCmacPrfProtoSerializationTest.java
│ │ │ ├── BUILD.bazel
│ │ │ ├── HkdfPrfProtoSerializationTest.java
│ │ │ ├── HmacPrfProtoSerializationTest.java
│ │ │ ├── LegacyFullPrfIntegrationTest.java
│ │ │ ├── LegacyFullPrfTest.java
│ │ │ └── LegacyHmacPrfTestKeyManagerTest.java
│ │ ├── signature/
│ │ │ ├── BUILD.bazel
│ │ │ ├── EcdsaParametersTest.java
│ │ │ ├── EcdsaPrivateKeyTest.java
│ │ │ ├── EcdsaPublicKeyTest.java
│ │ │ ├── EcdsaSignKeyManagerTest.java
│ │ │ ├── EcdsaVerifyKeyManagerTest.java
│ │ │ ├── Ed25519ParametersTest.java
│ │ │ ├── Ed25519PrivateKeyManagerTest.java
│ │ │ ├── Ed25519PrivateKeyTest.java
│ │ │ ├── Ed25519PublicKeyManagerTest.java
│ │ │ ├── Ed25519PublicKeyTest.java
│ │ │ ├── KeyConversionTest.java
│ │ │ ├── KeyManagerIntegrationTest.java
│ │ │ ├── PredefinedSignatureParametersTest.java
│ │ │ ├── PublicKeySignFactoryTest.java
│ │ │ ├── PublicKeySignVerifyFactoryWithoutWrapperRegisteredTest.java
│ │ │ ├── PublicKeySignWrapperTest.java
│ │ │ ├── PublicKeyVerifyFactoryTest.java
│ │ │ ├── PublicKeyVerifyWrapperTest.java
│ │ │ ├── RsaSsaPkcs1ParametersTest.java
│ │ │ ├── RsaSsaPkcs1PrivateKeyTest.java
│ │ │ ├── RsaSsaPkcs1PublicKeyTest.java
│ │ │ ├── RsaSsaPkcs1SignKeyManagerTest.java
│ │ │ ├── RsaSsaPkcs1VerifyKeyManagerTest.java
│ │ │ ├── RsaSsaPssParametersTest.java
│ │ │ ├── RsaSsaPssPrivateKeyTest.java
│ │ │ ├── RsaSsaPssPublicKeyTest.java
│ │ │ ├── RsaSsaPssSignKeyManagerTest.java
│ │ │ ├── RsaSsaPssVerifyKeyManagerTest.java
│ │ │ ├── SignatureConfigTest.java
│ │ │ ├── SignatureKeyTemplatesTest.java
│ │ │ ├── SignaturePemKeysetReaderTest.java
│ │ │ ├── SignatureTest.java
│ │ │ └── internal/
│ │ │ ├── BUILD.bazel
│ │ │ ├── EcdsaProtoSerializationTest.java
│ │ │ ├── Ed25519ProtoSerializationTest.java
│ │ │ ├── LegacyFullSignTest.java
│ │ │ ├── LegacyFullVerifyTest.java
│ │ │ ├── RsaSsaPkcs1ProtoSerializationTest.java
│ │ │ ├── RsaSsaPssProtoSerializationTest.java
│ │ │ ├── SigUtilTest.java
│ │ │ └── testing/
│ │ │ ├── BUILD.bazel
│ │ │ ├── LegacyPublicKeySignKeyManagerTest.java
│ │ │ └── LegacyPublicKeyVerifyKeyManagerTest.java
│ │ ├── streamingaead/
│ │ │ ├── AesCtrHmacStreamingKeyManagerTest.java
│ │ │ ├── AesCtrHmacStreamingKeyTest.java
│ │ │ ├── AesCtrHmacStreamingParametersTest.java
│ │ │ ├── AesGcmHkdfStreamingKeyManagerTest.java
│ │ │ ├── AesGcmHkdfStreamingKeyTest.java
│ │ │ ├── AesGcmHkdfStreamingParametersTest.java
│ │ │ ├── BUILD.bazel
│ │ │ ├── PredefinedStreamingAeadParametersTest.java
│ │ │ ├── StreamingAeadConfigTest.java
│ │ │ ├── StreamingAeadFactoryTest.java
│ │ │ ├── StreamingAeadFactoryWithoutWrapperRegisteredTest.java
│ │ │ ├── StreamingAeadKeyTemplatesTest.java
│ │ │ ├── StreamingAeadTest.java
│ │ │ ├── StreamingAeadUtilTest.java
│ │ │ ├── StreamingAeadWrapperLegacyTest.java
│ │ │ ├── StreamingAeadWrapperTest.java
│ │ │ └── internal/
│ │ │ ├── AesCtrHmacStreamingProtoSerializationTest.java
│ │ │ ├── AesGcmHkdfStreamingProtoSerializationTest.java
│ │ │ ├── BUILD.bazel
│ │ │ ├── LegacyAesGcmHkdfStreamingTestKeyManagerTest.java
│ │ │ ├── LegacyFullStreamingAeadIntegrationTest.java
│ │ │ └── LegacyFullStreamingAeadTest.java
│ │ ├── subtle/
│ │ │ ├── AeadThreadSafetyTest.java
│ │ │ ├── AesCtrHmacStreamingTest.java
│ │ │ ├── AesCtrJceCipherTest.java
│ │ │ ├── AesEaxJceTest.java
│ │ │ ├── AesGcmHkdfStreamingTest.java
│ │ │ ├── AesGcmJceTest.java
│ │ │ ├── AesSivTest.java
│ │ │ ├── BUILD.bazel
│ │ │ ├── Base64Test.java
│ │ │ ├── BytesTest.java
│ │ │ ├── ChaCha20Poly1305Test.java
│ │ │ ├── ChaCha20Test.java
│ │ │ ├── DaeadThreadSafetyTest.java
│ │ │ ├── EcdsaSignJceTest.java
│ │ │ ├── EcdsaVerifyJceTest.java
│ │ │ ├── Ed25519SignTest.java
│ │ │ ├── Ed25519VerifyTest.java
│ │ │ ├── EllipticCurvesTest.java
│ │ │ ├── EncryptThenAuthenticateTest.java
│ │ │ ├── EngineFactoryFipsTest.java
│ │ │ ├── EngineFactoryTest.java
│ │ │ ├── HkdfTest.java
│ │ │ ├── KwpTest.java
│ │ │ ├── PemKeyTypeTest.java
│ │ │ ├── PrfAesCmacTest.java
│ │ │ ├── PrfHmacJceTest.java
│ │ │ ├── PrfMacTest.java
│ │ │ ├── RandomTest.java
│ │ │ ├── RewindableReadableByteChannelTest.java
│ │ │ ├── RsaSsaPkcs1SignJceTest.java
│ │ │ ├── RsaSsaPkcs1VerifyJceTest.java
│ │ │ ├── RsaSsaPssSignJceTest.java
│ │ │ ├── RsaSsaPssVerifyJceTest.java
│ │ │ ├── SelfKeyTestValidatorsTest.java
│ │ │ ├── SignatureThreadSafetyTest.java
│ │ │ ├── StreamingAeadThreadSafetyTest.java
│ │ │ ├── SubtleUtilTest.java
│ │ │ ├── ValidatorsTest.java
│ │ │ ├── X25519Test.java
│ │ │ ├── XChaCha20Poly1305Test.java
│ │ │ ├── XChaCha20Test.java
│ │ │ └── prf/
│ │ │ ├── BUILD.bazel
│ │ │ ├── HkdfStreamingPrfTest.java
│ │ │ └── PrfImplTest.java
│ │ ├── testing/
│ │ │ ├── BUILD.bazel
│ │ │ ├── FakeKmsClientTest.java
│ │ │ ├── HpkeTestUtilTest.java
│ │ │ └── TestUtilTest.java
│ │ ├── tinkkey/
│ │ │ ├── BUILD.bazel
│ │ │ ├── KeyAccessTest.java
│ │ │ ├── KeyHandleTest.java
│ │ │ ├── SecretKeyAccessTest.java
│ │ │ └── internal/
│ │ │ ├── BUILD.bazel
│ │ │ └── ProtoKeyTest.java
│ │ └── util/
│ │ ├── BUILD.bazel
│ │ ├── BytesTest.java
│ │ ├── KeysDownloaderTest.java
│ │ ├── SecretBigIntegerTest.java
│ │ └── SecretBytesTest.java
│ ├── src_android/
│ │ └── main/
│ │ └── java/
│ │ └── com/
│ │ └── google/
│ │ └── crypto/
│ │ └── tink/
│ │ └── internal/
│ │ ├── BUILD.bazel
│ │ └── BuildDispatchedCode.java
│ ├── template_rule.bzl
│ ├── testdata/
│ │ ├── BUILD.bazel
│ │ ├── aws/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── access_keys_bad.csv
│ │ │ ├── credentials.cred
│ │ │ ├── credentials.csv
│ │ │ ├── credentials.ini
│ │ │ ├── credentials_bad.csv
│ │ │ ├── credentials_bad.ini
│ │ │ ├── key_arn.txt
│ │ │ └── key_arn_bad.txt
│ │ ├── gcp/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── credential.json
│ │ │ ├── credential_bad.json
│ │ │ ├── key_name.txt
│ │ │ └── key_name_bad.txt
│ │ ├── keysets/
│ │ │ └── BUILD.bazel
│ │ └── testvectors/
│ │ ├── BUILD.bazel
│ │ └── hpke_boringssl.json
│ ├── tink_java_deps.bzl
│ ├── tink_java_deps_init.bzl
│ ├── tink_version.bzl
│ └── tools/
│ ├── BUILD.bazel
│ ├── check_deps.bzl
│ ├── gen_java_test_rules.bzl
│ ├── gen_maven_jar_rules.bzl
│ ├── jar_jar.bzl
│ ├── java_single_jar.bzl
│ ├── javadoc.bzl
│ └── refaster/
│ ├── README.md
│ └── java/
│ └── com/
│ └── google/
│ ├── tink1_templates/
│ │ └── AllChanges.java
│ └── tinkuser/
│ ├── TinkUser.java
│ └── TinkUser.java_expected
├── kokoro/
│ ├── README.md
│ ├── gcp_ubuntu_per_language/
│ │ ├── cc/
│ │ │ ├── bazel/
│ │ │ │ └── run_tests.sh
│ │ │ ├── bazel_fips/
│ │ │ │ └── run_tests.sh
│ │ │ ├── cmake/
│ │ │ │ └── run_tests.sh
│ │ │ ├── cmake_openssl/
│ │ │ │ └── run_tests.sh
│ │ │ └── examples/
│ │ │ ├── cmake/
│ │ │ │ └── run_tests.sh
│ │ │ └── cmake_openssl/
│ │ │ └── run_tests.sh
│ │ ├── go/
│ │ │ ├── bazel/
│ │ │ │ └── run_tests.sh
│ │ │ └── gomod/
│ │ │ └── run_tests.sh
│ │ ├── java_src/
│ │ │ └── run_tests.sh
│ │ └── python/
│ │ └── pip/
│ │ └── run_tests.sh
│ ├── macos_external/
│ │ ├── cc/
│ │ │ ├── bazel/
│ │ │ │ └── run_tests.sh
│ │ │ ├── cmake/
│ │ │ │ └── run_tests.sh
│ │ │ └── examples/
│ │ │ └── cmake/
│ │ │ └── run_tests.sh
│ │ ├── go/
│ │ │ ├── bazel/
│ │ │ │ └── run_tests.sh
│ │ │ └── gomod/
│ │ │ └── run_tests.sh
│ │ ├── java_src/
│ │ │ └── run_tests.sh
│ │ ├── python/
│ │ │ └── pip/
│ │ │ └── run_tests.sh
│ │ └── tools/
│ │ └── run_tests.sh
│ ├── run_tests.sh
│ └── testutils/
│ ├── check_go_generated_files_up_to_date.sh
│ ├── copy_credentials.sh
│ ├── create_main_build_file.py
│ ├── install_cmake.sh
│ ├── install_go.sh
│ ├── install_openssl.sh
│ ├── install_protoc.sh
│ ├── install_python3.sh
│ ├── install_tink_via_pip.sh
│ ├── install_vault.sh
│ ├── run_bazel_tests.sh
│ ├── run_cmake_tests.sh
│ ├── run_go_mod_tests.sh
│ ├── run_hcvault_test_server.sh
│ ├── test_utils.sh
│ ├── update_android_sdk.sh
│ └── upgrade_gcc.sh
├── passing_test.sh
├── proto/
│ ├── BUILD.bazel
│ ├── CMakeLists.txt
│ ├── aes_cmac.proto
│ ├── aes_cmac_prf.proto
│ ├── aes_ctr.proto
│ ├── aes_ctr_hmac_aead.proto
│ ├── aes_ctr_hmac_streaming.proto
│ ├── aes_eax.proto
│ ├── aes_gcm.proto
│ ├── aes_gcm_hkdf_streaming.proto
│ ├── aes_gcm_siv.proto
│ ├── aes_siv.proto
│ ├── chacha20_poly1305.proto
│ ├── common.proto
│ ├── config.proto
│ ├── ecdsa.proto
│ ├── ecies_aead_hkdf.proto
│ ├── ed25519.proto
│ ├── empty.proto
│ ├── experimental/
│ │ └── pqcrypto/
│ │ ├── BUILD.bazel
│ │ ├── cecpq2_aead_hkdf.proto
│ │ ├── dilithium.proto
│ │ ├── falcon.proto
│ │ ├── slh_dsa.proto
│ │ └── sphincs.proto
│ ├── hkdf_prf.proto
│ ├── hmac.proto
│ ├── hmac_prf.proto
│ ├── hpke.proto
│ ├── jwt_ecdsa.proto
│ ├── jwt_hmac.proto
│ ├── jwt_rsa_ssa_pkcs1.proto
│ ├── jwt_rsa_ssa_pss.proto
│ ├── kms_aead.proto
│ ├── kms_envelope.proto
│ ├── prf_based_deriver.proto
│ ├── rsa_ssa_pkcs1.proto
│ ├── rsa_ssa_pss.proto
│ ├── test_proto.proto
│ ├── tink.proto
│ └── xchacha20_poly1305.proto
├── python/
│ ├── .bazelignore
│ ├── .bazelrc
│ ├── .bazelversion
│ ├── BUILD.bazel
│ ├── MANIFEST.in
│ ├── README.md
│ ├── VERSION
│ ├── WORKSPACE
│ ├── examples/
│ │ ├── .bazelrc
│ │ ├── .bazelversion
│ │ ├── BUILD.bazel
│ │ ├── WORKSPACE
│ │ ├── aead/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── aead_basic.py
│ │ │ ├── aead_basic_test.py
│ │ │ ├── aead_cli.py
│ │ │ ├── aead_cli_test.sh
│ │ │ └── aead_test_keyset.json
│ │ ├── cleartext_keyset/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── cleartext_keyset_cli.py
│ │ │ └── cleartext_keyset_cli_test.sh
│ │ ├── deterministic_aead/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── deterministic_aead_basic.py
│ │ │ ├── deterministic_aead_basic_test.py
│ │ │ ├── deterministic_aead_cli.py
│ │ │ ├── deterministic_aead_cli_test.sh
│ │ │ └── deterministic_aead_test_keyset.json
│ │ ├── encrypted_keyset/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── encrypted_keyset_cli.py
│ │ │ └── encrypted_keyset_cli_test.sh
│ │ ├── envelope_aead/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── envelope_cli.py
│ │ │ └── envelope_cli_test.sh
│ │ ├── gcs/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── gcs_envelope_aead_cli.py
│ │ │ └── gcs_envelope_aead_cli_test.sh
│ │ ├── hybrid/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── hybrid_basic.py
│ │ │ ├── hybrid_basic_test.py
│ │ │ ├── hybrid_cli.py
│ │ │ ├── hybrid_cli_test.sh
│ │ │ ├── hybrid_test_private_keyset.json
│ │ │ └── hybrid_test_public_keyset.json
│ │ ├── jwt/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── jwt_generate_public_jwk_set.py
│ │ │ ├── jwt_sign_cli.py
│ │ │ ├── jwt_signature_test.sh
│ │ │ ├── jwt_test_private_keyset.json
│ │ │ ├── jwt_test_public_keyset.json
│ │ │ └── jwt_verify_cli.py
│ │ ├── mac/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── mac_basic.py
│ │ │ ├── mac_basic_test.py
│ │ │ ├── mac_cli.py
│ │ │ ├── mac_cli_test.sh
│ │ │ └── mac_test_keyset.json
│ │ ├── requirements.in
│ │ ├── requirements.txt
│ │ ├── signature/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── signature_basic.py
│ │ │ ├── signature_basic_test.py
│ │ │ ├── signature_cli.py
│ │ │ ├── signature_cli_test.sh
│ │ │ ├── signature_test_private_keyset.json
│ │ │ └── signature_test_public_keyset.json
│ │ ├── streaming_aead/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── streaming_aead_cli.py
│ │ │ ├── streaming_aead_cli_test.sh
│ │ │ └── streaming_aead_keyset.json
│ │ ├── testdata/
│ │ │ └── gcp/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── credential.json
│ │ │ ├── credential_bad.json
│ │ │ ├── key_name.txt
│ │ │ └── key_name_bad.txt
│ │ └── walkthrough/
│ │ ├── BUILD.bazel
│ │ ├── create_keyset.py
│ │ ├── create_keyset_test.py
│ │ ├── load_cleartext_keyset.py
│ │ ├── load_cleartext_keyset_test.py
│ │ ├── load_encrypted_keyset.py
│ │ ├── load_encrypted_keyset_test.py
│ │ ├── obtain_and_use_a_primitive.py
│ │ ├── obtain_and_use_a_primitive_test.py
│ │ ├── write_cleartext_keyset.py
│ │ ├── write_cleartext_keyset_test.py
│ │ ├── write_keyset.py
│ │ └── write_keyset_test.py
│ ├── requirements.in
│ ├── requirements.txt
│ ├── requirements_all.txt
│ ├── requirements_awskms.in
│ ├── requirements_gcpkms.in
│ ├── requirements_hcvault.in
│ ├── setup.py
│ ├── testdata/
│ │ ├── aws/
│ │ │ ├── BUILD.bazel
│ │ │ ├── README.md
│ │ │ ├── access_keys_bad.csv
│ │ │ ├── credentials.cred
│ │ │ ├── credentials.csv
│ │ │ ├── credentials.ini
│ │ │ ├── credentials_bad.csv
│ │ │ ├── credentials_bad.ini
│ │ │ ├── key_arn.txt
│ │ │ └── key_arn_bad.txt
│ │ └── gcp/
│ │ ├── BUILD.bazel
│ │ ├── README.md
│ │ ├── credential.json
│ │ ├── credential_bad.json
│ │ ├── key_name.txt
│ │ └── key_name_bad.txt
│ ├── tink/
│ │ ├── BUILD.bazel
│ │ ├── __init__.py
│ │ ├── _insecure_keyset_handle.py
│ │ ├── _insecure_keyset_handle_test.py
│ │ ├── _json_proto_keyset_format.py
│ │ ├── _json_proto_keyset_format_test.py
│ │ ├── _keyset_handle.py
│ │ ├── _keyset_handle_test.py
│ │ ├── _keyset_reader.py
│ │ ├── _keyset_reader_test.py
│ │ ├── _keyset_writer.py
│ │ ├── _keyset_writer_test.py
│ │ ├── _kms_clients.py
│ │ ├── _kms_clients_test.py
│ │ ├── _proto_keyset_format.py
│ │ ├── _proto_keyset_format_test.py
│ │ ├── _secret_key_access.py
│ │ ├── aead/
│ │ │ ├── BUILD.bazel
│ │ │ ├── __init__.py
│ │ │ ├── _aead.py
│ │ │ ├── _aead_key_manager.py
│ │ │ ├── _aead_key_manager_test.py
│ │ │ ├── _aead_key_templates.py
│ │ │ ├── _aead_key_templates_test.py
│ │ │ ├── _aead_wrapper.py
│ │ │ ├── _aead_wrapper_test.py
│ │ │ ├── _kms_aead_key_manager.py
│ │ │ ├── _kms_aead_key_manager_test.py
│ │ │ ├── _kms_envelope_aead.py
│ │ │ └── _kms_envelope_aead_test.py
│ │ ├── cc/
│ │ │ ├── BUILD.bazel
│ │ │ ├── cc_hpke_config.cc
│ │ │ ├── cc_hpke_config.h
│ │ │ ├── cc_jwt_config.cc
│ │ │ ├── cc_jwt_config.h
│ │ │ ├── cc_key_manager.h
│ │ │ ├── cc_streaming_aead_wrappers.cc
│ │ │ ├── cc_streaming_aead_wrappers.h
│ │ │ ├── cc_streaming_aead_wrappers_test.cc
│ │ │ ├── cc_tink_config.cc
│ │ │ ├── cc_tink_config.h
│ │ │ ├── input_stream_adapter.cc
│ │ │ ├── input_stream_adapter.h
│ │ │ ├── input_stream_adapter_test.cc
│ │ │ ├── output_stream_adapter.cc
│ │ │ ├── output_stream_adapter.h
│ │ │ ├── output_stream_adapter_test.cc
│ │ │ ├── pybind/
│ │ │ │ ├── BUILD.bazel
│ │ │ │ ├── aead.cc
│ │ │ │ ├── aead.h
│ │ │ │ ├── cc_hpke_config.cc
│ │ │ │ ├── cc_hpke_config.h
│ │ │ │ ├── cc_jwt_config.cc
│ │ │ │ ├── cc_jwt_config.h
│ │ │ │ ├── cc_key_manager.cc
│ │ │ │ ├── cc_key_manager.h
│ │ │ │ ├── cc_key_manager_test.py
│ │ │ │ ├── cc_streaming_aead_wrappers.cc
│ │ │ │ ├── cc_streaming_aead_wrappers.h
│ │ │ │ ├── cc_tink_config.cc
│ │ │ │ ├── cc_tink_config.h
│ │ │ │ ├── cc_tink_config_test.py
│ │ │ │ ├── deterministic_aead.cc
│ │ │ │ ├── deterministic_aead.h
│ │ │ │ ├── hybrid_decrypt.cc
│ │ │ │ ├── hybrid_decrypt.h
│ │ │ │ ├── hybrid_encrypt.cc
│ │ │ │ ├── hybrid_encrypt.h
│ │ │ │ ├── import_helper.cc
│ │ │ │ ├── import_helper.h
│ │ │ │ ├── input_stream_adapter.cc
│ │ │ │ ├── input_stream_adapter.h
│ │ │ │ ├── mac.cc
│ │ │ │ ├── mac.h
│ │ │ │ ├── output_stream_adapter.cc
│ │ │ │ ├── output_stream_adapter.h
│ │ │ │ ├── prf.cc
│ │ │ │ ├── prf.h
│ │ │ │ ├── public_key_sign.cc
│ │ │ │ ├── public_key_sign.h
│ │ │ │ ├── public_key_verify.cc
│ │ │ │ ├── public_key_verify.h
│ │ │ │ ├── python_file_object_adapter.cc
│ │ │ │ ├── python_file_object_adapter.h
│ │ │ │ ├── streaming_aead.cc
│ │ │ │ ├── streaming_aead.h
│ │ │ │ ├── tink_bindings.cc
│ │ │ │ └── tink_exception.h
│ │ │ ├── python_file_object_adapter.h
│ │ │ ├── python_input_stream.cc
│ │ │ ├── python_input_stream.h
│ │ │ ├── python_input_stream_test.cc
│ │ │ ├── python_output_stream.cc
│ │ │ ├── python_output_stream.h
│ │ │ ├── python_output_stream_test.cc
│ │ │ └── test_util.h
│ │ ├── cleartext_keyset_handle.py
│ │ ├── cleartext_keyset_handle_test.py
│ │ ├── core/
│ │ │ ├── BUILD.bazel
│ │ │ ├── __init__.py
│ │ │ ├── _crypto_format.py
│ │ │ ├── _crypto_format_test.py
│ │ │ ├── _key_manager.py
│ │ │ ├── _primitive_set.py
│ │ │ ├── _primitive_set_test.py
│ │ │ ├── _primitive_wrapper.py
│ │ │ ├── _registry.py
│ │ │ ├── _registry_test.py
│ │ │ └── _tink_error.py
│ │ ├── daead/
│ │ │ ├── BUILD.bazel
│ │ │ ├── __init__.py
│ │ │ ├── _deterministic_aead.py
│ │ │ ├── _deterministic_aead_key_manager.py
│ │ │ ├── _deterministic_aead_key_manager_test.py
│ │ │ ├── _deterministic_aead_key_templates.py
│ │ │ ├── _deterministic_aead_key_templates_test.py
│ │ │ ├── _deterministic_aead_wrapper.py
│ │ │ └── _deterministic_aead_wrapper_test.py
│ │ ├── hybrid/
│ │ │ ├── BUILD.bazel
│ │ │ ├── __init__.py
│ │ │ ├── _hybrid_decrypt.py
│ │ │ ├── _hybrid_encrypt.py
│ │ │ ├── _hybrid_key_manager.py
│ │ │ ├── _hybrid_key_manager_test.py
│ │ │ ├── _hybrid_key_templates.py
│ │ │ ├── _hybrid_key_templates_test.py
│ │ │ ├── _hybrid_wrapper.py
│ │ │ └── _hybrid_wrapper_test.py
│ │ ├── integration/
│ │ │ ├── __init__.py
│ │ │ ├── awskms/
│ │ │ │ ├── BUILD.bazel
│ │ │ │ ├── __init__.py
│ │ │ │ ├── _aws_kms_client.py
│ │ │ │ ├── _aws_kms_client_test.py
│ │ │ │ └── _aws_kms_integration_test.py
│ │ │ ├── gcpkms/
│ │ │ │ ├── BUILD.bazel
│ │ │ │ ├── __init__.py
│ │ │ │ ├── _gcp_kms_aead_test.py
│ │ │ │ ├── _gcp_kms_client.py
│ │ │ │ ├── _gcp_kms_client_integration_test.py
│ │ │ │ ├── _gcp_kms_client_test.py
│ │ │ │ └── _gcp_kms_integration_test.py
│ │ │ └── hcvault/
│ │ │ ├── BUILD.bazel
│ │ │ ├── __init__.py
│ │ │ ├── _hcvault_kms_aead.py
│ │ │ ├── _hcvault_kms_aead_test.py
│ │ │ └── _hcvault_kms_integration_test.py
│ │ ├── internal/
│ │ │ ├── BUILD.bazel
│ │ │ ├── __init__.py
│ │ │ ├── big_integer_util.py
│ │ │ └── big_integer_util_test.py
│ │ ├── jwt/
│ │ │ ├── BUILD.bazel
│ │ │ ├── __init__.py
│ │ │ ├── _json_util.py
│ │ │ ├── _json_util_test.py
│ │ │ ├── _jwk_set_converter.py
│ │ │ ├── _jwk_set_converter_test.py
│ │ │ ├── _jwt_error.py
│ │ │ ├── _jwt_format.py
│ │ │ ├── _jwt_format_test.py
│ │ │ ├── _jwt_hmac_key_manager.py
│ │ │ ├── _jwt_hmac_key_manager_test.py
│ │ │ ├── _jwt_key_templates.py
│ │ │ ├── _jwt_key_templates_test.py
│ │ │ ├── _jwt_mac.py
│ │ │ ├── _jwt_mac_wrapper.py
│ │ │ ├── _jwt_mac_wrapper_test.py
│ │ │ ├── _jwt_public_key_sign.py
│ │ │ ├── _jwt_public_key_verify.py
│ │ │ ├── _jwt_signature_key_manager.py
│ │ │ ├── _jwt_signature_key_manager_test.py
│ │ │ ├── _jwt_signature_wrappers.py
│ │ │ ├── _jwt_signature_wrappers_test.py
│ │ │ ├── _jwt_validator.py
│ │ │ ├── _jwt_validator_test.py
│ │ │ ├── _raw_jwt.py
│ │ │ ├── _raw_jwt_test.py
│ │ │ ├── _verified_jwt.py
│ │ │ └── _verified_jwt_test.py
│ │ ├── mac/
│ │ │ ├── BUILD.bazel
│ │ │ ├── __init__.py
│ │ │ ├── _mac.py
│ │ │ ├── _mac_key_manager.py
│ │ │ ├── _mac_key_manager_test.py
│ │ │ ├── _mac_key_templates.py
│ │ │ ├── _mac_key_templates_test.py
│ │ │ ├── _mac_wrapper.py
│ │ │ └── _mac_wrapper_test.py
│ │ ├── prf/
│ │ │ ├── BUILD.bazel
│ │ │ ├── __init__.py
│ │ │ ├── _prf_key_manager.py
│ │ │ ├── _prf_key_manager_test.py
│ │ │ ├── _prf_key_templates.py
│ │ │ ├── _prf_set.py
│ │ │ ├── _prf_set_wrapper.py
│ │ │ └── _prf_set_wrapper_test.py
│ │ ├── proto/
│ │ │ ├── BUILD.bazel
│ │ │ ├── __init__.py
│ │ │ ├── aes_cmac.proto
│ │ │ ├── aes_cmac_prf.proto
│ │ │ ├── aes_ctr.proto
│ │ │ ├── aes_ctr_hmac_aead.proto
│ │ │ ├── aes_ctr_hmac_streaming.proto
│ │ │ ├── aes_eax.proto
│ │ │ ├── aes_gcm.proto
│ │ │ ├── aes_gcm_hkdf_streaming.proto
│ │ │ ├── aes_gcm_siv.proto
│ │ │ ├── aes_siv.proto
│ │ │ ├── chacha20_poly1305.proto
│ │ │ ├── common.proto
│ │ │ ├── config.proto
│ │ │ ├── ecdsa.proto
│ │ │ ├── ecies_aead_hkdf.proto
│ │ │ ├── ed25519.proto
│ │ │ ├── empty.proto
│ │ │ ├── hkdf_prf.proto
│ │ │ ├── hmac.proto
│ │ │ ├── hmac_prf.proto
│ │ │ ├── hpke.proto
│ │ │ ├── jwt_ecdsa.proto
│ │ │ ├── jwt_hmac.proto
│ │ │ ├── jwt_rsa_ssa_pkcs1.proto
│ │ │ ├── jwt_rsa_ssa_pss.proto
│ │ │ ├── kms_aead.proto
│ │ │ ├── kms_envelope.proto
│ │ │ ├── prf_based_deriver.proto
│ │ │ ├── rsa_ssa_pkcs1.proto
│ │ │ ├── rsa_ssa_pss.proto
│ │ │ ├── test_proto.proto
│ │ │ ├── tink.proto
│ │ │ └── xchacha20_poly1305.proto
│ │ ├── secret_key_access.py
│ │ ├── secret_key_access_import_test.py
│ │ ├── secret_key_access_test.py
│ │ ├── signature/
│ │ │ ├── BUILD.bazel
│ │ │ ├── __init__.py
│ │ │ ├── _public_key_sign.py
│ │ │ ├── _public_key_verify.py
│ │ │ ├── _signature_key_manager.py
│ │ │ ├── _signature_key_manager_test.py
│ │ │ ├── _signature_key_templates.py
│ │ │ ├── _signature_wrapper.py
│ │ │ └── _signature_wrapper_test.py
│ │ ├── streaming_aead/
│ │ │ ├── BUILD.bazel
│ │ │ ├── __init__.py
│ │ │ ├── _decrypting_stream.py
│ │ │ ├── _decrypting_stream_test.py
│ │ │ ├── _encrypting_stream.py
│ │ │ ├── _encrypting_stream_test.py
│ │ │ ├── _file_object_adapter.py
│ │ │ ├── _file_object_adapter_test.py
│ │ │ ├── _pybind11_python_file_object_adapter_test.py
│ │ │ ├── _raw_streaming_aead.py
│ │ │ ├── _rewindable_input_stream.py
│ │ │ ├── _rewindable_input_stream_test.py
│ │ │ ├── _streaming_aead.py
│ │ │ ├── _streaming_aead_key_manager.py
│ │ │ ├── _streaming_aead_key_manager_test.py
│ │ │ ├── _streaming_aead_key_templates.py
│ │ │ ├── _streaming_aead_key_templates_test.py
│ │ │ ├── _streaming_aead_test.py
│ │ │ ├── _streaming_aead_wrapper.py
│ │ │ └── _streaming_aead_wrapper_test.py
│ │ ├── testing/
│ │ │ ├── BUILD.bazel
│ │ │ ├── __init__.py
│ │ │ ├── bytes_io.py
│ │ │ ├── bytes_io_test.py
│ │ │ ├── fake_kms.py
│ │ │ ├── fake_kms_test.py
│ │ │ ├── helper.py
│ │ │ ├── helper_test.py
│ │ │ ├── keyset_builder.py
│ │ │ └── keyset_builder_test.py
│ │ ├── tink_config.py
│ │ └── tink_config_test.py
│ ├── tink_py_deps.bzl
│ ├── tink_py_deps_init.bzl
│ └── tools/
│ ├── BUILD.bazel
│ └── distribution/
│ ├── README.md
│ ├── build_linux_binary_wheels.sh
│ ├── create_release.sh
│ ├── requirements.in
│ ├── requirements.txt
│ └── test_linux_binary_wheels.sh
├── testdata/
│ ├── BUILD.bazel
│ ├── aws/
│ │ ├── BUILD.bazel
│ │ ├── README.md
│ │ ├── access_keys_bad.csv
│ │ ├── credentials.cred
│ │ ├── credentials.csv
│ │ ├── credentials.ini
│ │ ├── credentials_bad.csv
│ │ ├── credentials_bad.ini
│ │ ├── key_arn.txt
│ │ └── key_arn_bad.txt
│ ├── gcp/
│ │ ├── BUILD.bazel
│ │ ├── README.md
│ │ ├── credential.json
│ │ ├── credential_bad.json
│ │ ├── key_name.txt
│ │ └── key_name_bad.txt
│ ├── keysets/
│ │ └── BUILD.bazel
│ └── testvectors/
│ ├── BUILD.bazel
│ └── hpke_boringssl.json
├── testing/
│ └── cross_language/
│ └── testdata/
│ ├── aws/
│ │ ├── BUILD.bazel
│ │ ├── README.md
│ │ ├── access_keys_bad.csv
│ │ ├── credentials.cred
│ │ ├── credentials.csv
│ │ ├── credentials.ini
│ │ ├── credentials_bad.csv
│ │ ├── credentials_bad.ini
│ │ ├── key_arn.txt
│ │ └── key_arn_bad.txt
│ └── gcp/
│ ├── BUILD.bazel
│ ├── README.md
│ ├── credential.json
│ ├── credential_bad.json
│ ├── key_name.txt
│ └── key_name_bad.txt
├── tinkey.rb
└── tools/
├── .bazelrc
├── .bazelversion
├── BUILD.bazel
├── WORKSPACE
├── build_defs/
│ └── BUILD.bazel
├── coverage.sh
├── release_tinkey.sh
├── requirements.txt
└── tinkey/
├── BUILD.bazel
├── README.md
└── src/
├── main/
│ └── java/
│ └── com/
│ └── google/
│ └── crypto/
│ └── tink/
│ └── tinkey/
│ ├── AddKeyCommand.java
│ ├── AddRotateOptions.java
│ ├── BUILD.bazel
│ ├── Command.java
│ ├── ConvertKeysetCommand.java
│ ├── ConvertKeysetOptions.java
│ ├── CreateKeysetCommand.java
│ ├── CreateKeysetOptions.java
│ ├── CreatePublicKeysetCommand.java
│ ├── DeleteKeyCommand.java
│ ├── DestroyKeyCommand.java
│ ├── DisableKeyCommand.java
│ ├── EnableKeyCommand.java
│ ├── HelpCommand.java
│ ├── InOptions.java
│ ├── InputStreamHandler.java
│ ├── KeyIdHandler.java
│ ├── KeyIdOptions.java
│ ├── KeyTemplateHandler.java
│ ├── KmsClientsFactory.java
│ ├── ListKeyTemplatesCommand.java
│ ├── ListKeysetCommand.java
│ ├── OutOptions.java
│ ├── OutputStreamHandler.java
│ ├── PromoteKeyCommand.java
│ ├── RotateKeysetCommand.java
│ ├── Tinkey.java
│ ├── TinkeyCommands.java
│ ├── TinkeyKeyTemplates.java
│ ├── TinkeyTestKmsClient.java
│ └── TinkeyUtil.java
└── test/
└── java/
└── com/
└── google/
└── crypto/
└── tink/
└── tinkey/
├── AddKeyCommandTest.java
├── BUILD.bazel
├── ConvertKeysetCommandTest.java
├── CreateKeysetCommandTest.java
├── CreatePublicKeysetCommandTest.java
├── KmsClientsFactoryTest.java
├── RotateKeysetCommandTest.java
└── TinkeyTestKmsClientTest.java
================================================
FILE CONTENTS
================================================
================================================
FILE: .bazelversion
================================================
6.4.0
================================================
FILE: .github/ISSUE_TEMPLATE/bug_report.md
================================================
---
name: Bug report
about: Create a report to help us improve Tink
---
> **NOTE**: **Tink moved to github.com/tink-crypto!**
>
> We split Tink into multiple focused repositories.
> Please create this issue in the appropriate repository in
> github.com/tink-crypto instead:
>
> * [Tink Java](https://github.com/tink-crypto/tink-java/issues/new?template=bug_report.md)
> * [Tink Java AWS KMS extension](https://github.com/tink-crypto/tink-java-awskms/issues/new?template=bug_report.md)
> * [Tink Java Google Cloud KMS extension](https://github.com/tink-crypto/tink-java-gcpkms/issues/new?template=bug_report.md)
> * [Tink Java apps extension](https://github.com/tink-crypto/tink-java-apps/issues/new?template=bug_report.md)
> * [Tink C++](https://github.com/tink-crypto/tink-cc/issues/new?template=bug_report.md)
> * [Tink C++ AWS KMS extension](https://github.com/tink-crypto/tink-cc-awskms/issues/new?template=bug_report.md)
> * [Tink C++ Google Cloud KMS extension](https://github.com/tink-crypto/tink-cc-gcpkms/issues/new?template=bug_report.md)
> * [Tink Go](https://github.com/tink-crypto/tink-go/issues/new?template=bug_report.md)
> * [Tink Go AWS KMS extension](https://github.com/tink-crypto/tink-go-awskms/issues/new?template=bug_report.md)
> * [Tink Go Google Cloud KMS extension](https://github.com/tink-crypto/tink-go-gcpkms/issues/new?template=bug_report.md)
> * [Tink Go HashiCorp Vault KMS extension](https://github.com/tink-crypto/tink-go-hcvault/issues/new?template=bug_report.md)
> * [Tink Objc](https://github.com/tink-crypto/tink-objc/issues/new?template=bug_report.md)
> * [Tink Python](https://github.com/tink-crypto/tink-py/issues/new?template=bug_report.md)
> * [Tink Tinkey](https://github.com/tink-crypto/tink-tinkey/issues/new?template=bug_report.md)
================================================
FILE: .github/ISSUE_TEMPLATE/config.yml
================================================
blank_issues_enabled: false
================================================
FILE: .github/ISSUE_TEMPLATE/feature_request.md
================================================
---
name: Feature request
about: Suggest an idea for Tink
---
> **NOTE**: **Tink moved to github.com/tink-crypto!**
>
> We split Tink into multiple focused repositories.
> Please create this issue in the appropriate repository in
> github.com/tink-crypto instead:
>
> * [Tink Java](https://github.com/tink-crypto/tink-java/issues/new?template=feature_request.md)
> * [Tink Java AWS KMS extension](https://github.com/tink-crypto/tink-java-awskms/issues/new?template=feature_request.md)
> * [Tink Java Google Cloud KMS extension](https://github.com/tink-crypto/tink-java-gcpkms/issues/new?template=feature_request.md)
> * [Tink Java apps extension](https://github.com/tink-crypto/tink-java-apps/issues/new?template=feature_request.md)
> * [Tink C++](https://github.com/tink-crypto/tink-cc/issues/new?template=feature_request.md)
> * [Tink C++ AWS KMS extension](https://github.com/tink-crypto/tink-cc-awskms/issues/new?template=feature_request.md)
> * [Tink C++ Google Cloud KMS extension](https://github.com/tink-crypto/tink-cc-gcpkms/issues/new?template=feature_request.md)
> * [Tink Go](https://github.com/tink-crypto/tink-go/issues/new?template=feature_request.md)
> * [Tink Go AWS KMS extension](https://github.com/tink-crypto/tink-go-awskms/issues/new?template=feature_request.md)
> * [Tink Go Google Cloud KMS extension](https://github.com/tink-crypto/tink-go-gcpkms/issues/new?template=feature_request.md)
> * [Tink Go HashiCorp Vault KMS extension](https://github.com/tink-crypto/tink-go-hcvault/issues/new?template=feature_request.md)
> * [Tink Objc](https://github.com/tink-crypto/tink-objc/issues/new?template=feature_request.md)
> * [Tink Python](https://github.com/tink-crypto/tink-py/issues/new?template=feature_request.md)
> * [Tink Tinkey](https://github.com/tink-crypto/tink-tinkey/issues/new?template=feature_request.md)
================================================
FILE: .github/workflows/codeql-analysis.yml
================================================
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
name: "CodeQL"
on:
push:
branches: [master, 1.5]
pull_request:
# The branches below must be a subset of the branches above
branches: [master, 1.5]
schedule:
- cron: '0 13 * * 0'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# Override automatic language detection by changing the below list
# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
#
# TODO: Re-enable Java with a Bazel build solution.
language: ['cpp', 'go', 'python', 'javascript']
# Learn more...
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
================================================
FILE: .gitignore
================================================
.DS_Store
bazel-*
*.swp
*~
**/target
.idea
*.iml
*.tulsiconf-user
tulsi-*
tulsigen-*
*.iml
.gradle
**/local.properties
**/build/**
.externalNativeBuild
node_modules
================================================
FILE: BUILD.bazel
================================================
# Description:
# Tink (https://github.com/google/tink) is a small crypto library that
# provides a safe, simple, agile and fast way to accomplish some common
# crypto tasks.
package(default_visibility = ["//:__subpackages__"])
licenses(["notice"])
exports_files([
"LICENSE",
"README.md",
"__init__.py",
])
filegroup(
name = "tink_version",
srcs = ["tink_version.bzl"],
visibility = ["//visibility:public"],
)
================================================
FILE: CMakeLists.txt
================================================
cmake_minimum_required(VERSION 3.13)
project(Tink VERSION 2.1.2 LANGUAGES CXX)
list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
option(TINK_BUILD_TESTS "Build Tink tests" OFF)
option(TINK_USE_SYSTEM_OPENSSL "Build Tink linking to OpenSSL installed in the system" OFF)
option(TINK_USE_INSTALLED_ABSEIL "Build Tink linking to Abseil installed in the system" OFF)
option(TINK_USE_INSTALLED_GOOGLETEST "Build Tink linking to GTest installed in the system" OFF)
option(TINK_USE_INSTALLED_PROTOBUF "Build Tink linking to Protobuf installed in the system" OFF)
option(USE_ONLY_FIPS "Enables the FIPS only mode in Tink" OFF)
set(CPACK_GENERATOR TGZ)
set(CPACK_PACKAGE_VERSION ${PROJECT_VERSION})
include(CPack)
include(TinkWorkspace)
include(TinkBuildRules)
include(TinkUtil)
# Bazel rewrites import paths so that "cc/example/foo.h" can be included as
# "tink/example/foo.h". The following lines simulate this behaviour by creating
# a symlink to cc/ called tink/, and placing it in a separate subdirectory,
# which is then specified as a global include path.
#
# It's important to create a separate directory and not just drop the link in
# CMAKE_CURRENT_BINARY_DIR, since adding that to the include paths will
# make the whole contents of that directory visible to the compiled files,
# which may result in undeclared dependencies that nevertheless happen to work.
#
set(TINK_INCLUDE_ALIAS_DIR "${CMAKE_CURRENT_BINARY_DIR}/__include_alias")
add_directory_alias(
"${CMAKE_CURRENT_SOURCE_DIR}/cc" "${TINK_INCLUDE_ALIAS_DIR}/tink")
list(APPEND TINK_INCLUDE_DIRS "${TINK_INCLUDE_ALIAS_DIR}")
add_subdirectory(cc)
add_subdirectory(proto)
================================================
FILE: LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: README.md
================================================
# Tink
> **NOTE**: **Tink moved to github.com/tink-crypto and this repo is no longer
> active!**
>
> As planned, we have split Tink into
> [multiple GitHub repositories][split_repo_roadmap_url] that are hosted at
> [github.com/tink-crypto](https://github.com/tink-crypto). As a consequence, we
> made this repository read-only and it is not going to be maintained moving
> forward.
>
*A multi-language, cross-platform library that provides cryptographic APIs that
are secure, easy to use correctly, and hard(er) to misuse. See also:
https://developers.google.com/tink*.
[split_repo_roadmap_url]: https://developers.google.com/tink/roadmap#splitting_tink_into_multiple_github_repositories
[tink_mailing_list_url]: https://groups.google.com/forum/#!forum/tink-users
## Index
1. [Introduction](#introduction)
2. [Current status](#current-status)
3. [Getting started](#getting-started)
4. [Learn more](#learn-more)
5. [Contact and mailing list](#contact-and-mailing-list)
6. [Maintainers](#maintainers)
## Introduction
Using crypto in your application [shouldn't have to][devs_are_users_too_slides]
feel like juggling chainsaws in the dark. Tink is a crypto library written by a
group of cryptographers and security engineers at Google. It was born out of our
extensive experience working with Google's product teams,
[fixing weaknesses in implementations](https://github.com/google/wycheproof),
and providing simple APIs that can be used safely without needing a crypto
background.
Tink provides secure APIs that are easy to use correctly and hard(er) to misuse.
It reduces common crypto pitfalls with user-centered design, careful
implementation and code reviews, and extensive testing. At Google, Tink is one
of the standard crypto libraries, and has been deployed in hundreds of products
and systems.
To get a quick overview of Tink design please take a look at
[slides][tink_talk_slides] from [a talk about Tink][tink_talk_recording]
presented at [Real World Crypto 2019](https://rwc.iacr.org/2019/).
[devs_are_users_too_slides]: https://www.usenix.org/sites/default/files/conference/protected-files/hotsec15_slides_green.pdf
[tink_talk_slides]: docs/Tink-a_cryptographic_library--RealWorldCrypto2019.pdf
[tink_talk_recording]: https://www.youtube.com/watch?v=pqev9r3rUJs&t=9665
## Current status
[Java/Android](docs/JAVA-HOWTO.md), [C++](docs/CPP-HOWTO.md),
[Obj-C](docs/OBJC-HOWTO.md), [Go](docs/GOLANG-HOWTO.md), and
[Python](docs/PYTHON-HOWTO.md) are field tested and ready for production. The
latest version is [1.7.0](https://github.com/google/tink/releases/tag/v1.7.0),
released on 2022-08-09.
Javascript/Typescript is in an alpha state and should only be used for testing.
Please see the intent to remove statement
[here](https://github.com/google/tink/issues/689).
**`Ubuntu`** | **`macOS`**
----------------------------------- | ---------------------------------
[![Kokoro Ubuntu][ubuntu_badge]](#) | [![Kokoro macOS][macos_badge]](#)
[ubuntu_badge]: https://storage.googleapis.com/tink-kokoro-build-badges/tink-ubuntu.png
[macos_badge]: https://storage.googleapis.com/tink-kokoro-build-badges/tink-macos.png
## Getting started
Documentation for the project is located at https://developers.google.com/tink.
Currently, it details a variety of common usage scenarios and covers the Java
and Python implementations. The site will be populated with more content over
time.
Alternatively, you can look at all of the [`examples`] which demonstrate
performing simple tasks using Tink in a variety of languages.
[`examples`]: https://github.com/google/tink/tree/master/examples
* Python
```sh
pip3 install tink
```
* Golang
```sh
go get github.com/google/tink/go/...
```
* Java
```xml
com.google.crypto.tink
tink
1.7.0
```
* Android
```
dependencies {
implementation 'com.google.crypto.tink:tink-android:1.7.0'
}
```
* Objective-C/iOS
```sh
cd /path/to/your/Xcode project/
pod init
pod 'Tink', '1.7.0'
pod install
```
## Learn more
* [Java HOW-TO](docs/JAVA-HOWTO.md)
* [C++ HOW-TO](docs/CPP-HOWTO.md)
* [Obj-C HOW-TO](docs/OBJC-HOWTO.md)
* [Go HOW-TO](docs/GOLANG-HOWTO.md)
* [Python HOW-TO](docs/PYTHON-HOWTO.md)
* [Security and Usability Design Goals](docs/SECURITY-USABILITY.md)
* [Supported Crypto Primitives](docs/PRIMITIVES.md)
* [Key Management](docs/KEY-MANAGEMENT.md)
* [Managing keys with Tinkey](docs/TINKEY.md)
* [Known Issues](docs/KNOWN-ISSUES.md)
## Community-driven ports
Out of the box Tink supports a wide range of languages, but it still doesn't
support every language. Fortunately, some users like Tink so much that they've
ported it to their favorite languages! Below you can find notable ports.
**WARNING** While we usually review these ports, until further notice, we do not
maintain them and have no plan to support them in the foreseeable future.
* [Clojure](https://github.com/perkss/tinklj)
## Contact and mailing list
If you want to contribute, please read [CONTRIBUTING](docs/CONTRIBUTING.md) and
send us pull requests. You can also report bugs or file feature requests.
If you'd like to talk to the developers or get notified about major product
updates, you may want to subscribe to our [mailing list][tink_mailing_list_url].
## Maintainers
Tink is maintained by (A-Z):
- Moreno Ambrosin
- Taymon Beal
- Daniel Bleichenbacher
- William Conner
- Thai Duong
- Thomas Holenstein
- Stefan Kölbl
- Charles Lee
- Cindy Lin
- Fernando Lobato Meeser
- Atul Luykx
- Rafael Misoczki
- Sophie Schmieg
- Laurent Simon
- Elizaveta Tretiakova
- Jürg Wullschleger
Alumni:
- Haris Andrianakis
- Tanuj Dhir
- Quan Nguyen
- Bartosz Przydatek
- Enzo Puig
- Veronika Slívová
- Paula Vidas
- Cathie Yun
- Federico Zalcberg
================================================
FILE: cc/.bazelignore
================================================
# Ignore AWS-KMS and Cloud KMS integrations which are in thier own WORKSPACEs.
integration/awskms
integration/gcpkms
# Ignore examples.
examples
================================================
FILE: cc/.bazelrc
================================================
# Enables automatic per-platform configs.
common --enable_platform_specific_config
# Minumum C++ version. Override it building this project with
# `bazel build --cxxopt='-std=c++' --host_cxxopt='c++' ...`
# (Both -std and --host_cxxopt must be set to force the desired version.)
build:linux --cxxopt='-std=c++14' --host_cxxopt='-std=c++14'
build:macos --cxxopt='-std=c++14' --host_cxxopt='-std=c++14'
build:windows --cxxopt='/std:c++14' --host_cxxopt='/std:c++14'
================================================
FILE: cc/.bazelversion
================================================
6.4.0
================================================
FILE: cc/BUILD.bazel
================================================
load("//:template_rule.bzl", "template_rule")
load("//:tink_version.bzl", "TINK_VERSION_LABEL")
package(default_visibility = ["//:__subpackages__"])
licenses(["notice"])
# public libraries
alias(
name = "secret_key_access_testonly",
testonly = 1,
actual = ":secret_key_access",
visibility = ["//visibility:public"],
)
cc_library(
name = "tink_cc",
hdrs = [
"aead.h",
"aead_config.h",
"aead_factory.h",
"aead_key_templates.h",
"binary_keyset_reader.h",
"binary_keyset_writer.h",
"deterministic_aead.h",
"deterministic_aead_config.h",
"deterministic_aead_factory.h",
"deterministic_aead_key_templates.h",
"hybrid_config.h",
"hybrid_decrypt.h",
"hybrid_decrypt_factory.h",
"hybrid_encrypt.h",
"hybrid_encrypt_factory.h",
"hybrid_key_templates.h",
"input_stream.h",
"json_keyset_reader.h",
"json_keyset_writer.h",
"key_manager.h",
"keyset_handle.h",
"keyset_manager.h",
"keyset_reader.h",
"keyset_writer.h",
"kms_client.h",
"mac.h",
"mac_config.h",
"mac_factory.h",
"mac_key_templates.h",
"output_stream.h",
"output_stream_with_result.h",
"public_key_sign.h",
"public_key_sign_factory.h",
"public_key_verify.h",
"public_key_verify_factory.h",
"random_access_stream.h",
"registry.h",
"signature_config.h",
"signature_key_templates.h",
"streaming_aead.h",
"streaming_aead_config.h",
"streaming_aead_key_templates.h",
"streaming_mac.h",
"tink_config.h",
"version.h",
],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
":aead",
":binary_keyset_reader",
":binary_keyset_writer",
":deterministic_aead",
":hybrid_decrypt",
":hybrid_encrypt",
":input_stream",
":json_keyset_reader",
":json_keyset_writer",
":key",
":key_manager",
":keyset_handle",
":keyset_manager",
":keyset_reader",
":keyset_writer",
":kms_client",
":mac",
":output_stream",
":output_stream_with_result",
":primitive_set",
":public_key_sign",
":public_key_verify",
":random_access_stream",
":registry",
":streaming_aead",
":streaming_mac",
":version",
"//aead:aead_config",
"//aead:aead_factory",
"//aead:aead_key_templates",
"//config:tink_config",
"//daead:deterministic_aead_config",
"//daead:deterministic_aead_factory",
"//daead:deterministic_aead_key_templates",
"//hybrid:hybrid_config",
"//hybrid:hybrid_decrypt_factory",
"//hybrid:hybrid_encrypt_factory",
"//hybrid:hybrid_key_templates",
"//internal:key_info",
"//internal:registry_impl",
"//mac:mac_config",
"//mac:mac_factory",
"//mac:mac_key_templates",
"//proto:config_cc_proto",
"//proto:tink_cc_proto",
"//signature:public_key_sign_factory",
"//signature:public_key_verify_factory",
"//signature:signature_config",
"//signature:signature_key_templates",
"//streamingaead:streaming_aead_config",
"//streamingaead:streaming_aead_key_templates",
"//util:buffer",
"//util:errors",
"//util:protobuf_helper",
"//util:secret_proto",
"//util:status",
"//util:statusor",
"//util:validation",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/container:flat_hash_map",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/synchronization",
],
)
cc_library(
name = "input_stream",
hdrs = ["input_stream.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
"//util:status",
"//util:statusor",
],
)
cc_library(
name = "output_stream",
hdrs = ["output_stream.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
"//util:status",
"//util:statusor",
],
)
cc_library(
name = "random_access_stream",
hdrs = ["random_access_stream.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
"//util:buffer",
"//util:status",
"//util:statusor",
],
)
cc_library(
name = "output_stream_with_result",
hdrs = ["output_stream_with_result.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
":output_stream",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
],
)
cc_library(
name = "aead",
hdrs = ["aead.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
"//util:statusor",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "deterministic_aead",
hdrs = ["deterministic_aead.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
"//util:statusor",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "streaming_aead",
hdrs = ["streaming_aead.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
":input_stream",
":output_stream",
":random_access_stream",
"//util:statusor",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "streaming_mac",
hdrs = ["streaming_mac.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
":output_stream_with_result",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "chunked_mac",
hdrs = ["chunked_mac.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
"//util:status",
"//util:statusor",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "hybrid_decrypt",
hdrs = ["hybrid_decrypt.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
"//util:statusor",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "hybrid_encrypt",
hdrs = ["hybrid_encrypt.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
"//util:statusor",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "mac",
hdrs = ["mac.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
"//util:status",
"//util:statusor",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "public_key_sign",
hdrs = ["public_key_sign.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
"//util:statusor",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "public_key_verify",
hdrs = ["public_key_verify.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
"//util:status",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "keyset_reader",
hdrs = ["keyset_reader.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
"//proto:tink_cc_proto",
"//util:statusor",
],
)
cc_library(
name = "keyset_writer",
hdrs = ["keyset_writer.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
"//proto:tink_cc_proto",
"//util:status",
],
)
cc_library(
name = "binary_keyset_reader",
srcs = ["core/binary_keyset_reader.cc"],
hdrs = ["binary_keyset_reader.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
":keyset_reader",
"//proto:tink_cc_proto",
"//util:errors",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "binary_keyset_writer",
srcs = ["core/binary_keyset_writer.cc"],
hdrs = ["binary_keyset_writer.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
":keyset_writer",
"//proto:tink_cc_proto",
"//util:protobuf_helper",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "json_keyset_reader",
srcs = ["core/json_keyset_reader.cc"],
hdrs = ["json_keyset_reader.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
":keyset_reader",
"//proto:tink_cc_proto",
"//util:enums",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@rapidjson",
],
)
cc_library(
name = "json_keyset_writer",
srcs = ["core/json_keyset_writer.cc"],
hdrs = ["json_keyset_writer.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
":keyset_writer",
"//proto:tink_cc_proto",
"//util:enums",
"//util:errors",
"//util:protobuf_helper",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@rapidjson",
],
)
cc_library(
name = "crypto_format",
srcs = ["core/crypto_format.cc"],
hdrs = ["crypto_format.h"],
include_prefix = "tink",
deps = [
"//proto:tink_cc_proto",
"//util:errors",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings:string_view",
],
)
cc_library(
name = "primitive_set",
srcs = ["primitive_set.h"],
hdrs = ["primitive_set.h"],
include_prefix = "tink",
deps = [
":crypto_format",
"//proto:tink_cc_proto",
"//util:errors",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/container:flat_hash_map",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings:string_view",
"@com_google_absl//absl/synchronization",
],
)
cc_library(
name = "primitive_wrapper",
hdrs = ["primitive_wrapper.h"],
include_prefix = "tink",
deps = [
":primitive_set",
"//util:statusor",
],
)
cc_library(
name = "registry",
hdrs = ["registry.h"],
include_prefix = "tink",
deps = [
":key_manager",
":primitive_set",
"//internal:registry_impl",
"//proto:tink_cc_proto",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/strings",
],
)
template_rule(
name = "version_h",
src = "version.h.templ",
out = "version.h",
substitutions = {
"@TINK_VERSION_LABEL@": "%s" % TINK_VERSION_LABEL,
},
)
cc_library(
name = "version",
srcs = ["core/version.cc"],
hdrs = [":version_h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
)
cc_library(
name = "keyset_handle",
srcs = ["core/keyset_handle.cc"],
hdrs = ["keyset_handle.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
":aead",
":configuration",
":insecure_secret_key_access",
":key",
":key_gen_configuration",
":key_manager",
":key_status",
":keyset_reader",
":keyset_writer",
":primitive_set",
":registry",
":restricted_data",
":secret_key_access_token",
"//config:global_registry",
"//internal:configuration_impl",
"//internal:key_gen_configuration_impl",
"//internal:key_info",
"//internal:key_status_util",
"//internal:key_type_info_store",
"//internal:keyset_wrapper",
"//internal:keyset_wrapper_store",
"//internal:mutable_serialization_registry",
"//internal:proto_key_serialization",
"//internal:registry_impl",
"//internal:util",
"//proto:tink_cc_proto",
"//util:errors",
"//util:keyset_util",
"//util:secret_data",
"//util:secret_proto",
"//util:status",
"//util:statusor",
"//util:validation",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/container:flat_hash_map",
"@com_google_absl//absl/log:check",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "keyset_handle_builder",
srcs = ["core/keyset_handle_builder.cc"],
hdrs = ["keyset_handle_builder.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
":key",
":key_status",
":keyset_handle",
":parameters",
"//internal:keyset_handle_builder_entry",
"//proto:tink_cc_proto",
"//subtle:random",
"//util:secret_proto",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/container:flat_hash_map",
"@com_google_absl//absl/log:check",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/strings:str_format",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "cleartext_keyset_handle",
srcs = ["core/cleartext_keyset_handle.cc"],
hdrs = ["cleartext_keyset_handle.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
":keyset_handle",
":keyset_reader",
":keyset_writer",
"//proto:tink_cc_proto",
"//util:errors",
"//util:secret_proto",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/container:flat_hash_map",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
],
)
cc_library(
name = "key_manager",
srcs = ["core/key_manager.cc"],
hdrs = ["key_manager.h"],
include_prefix = "tink",
deps = [
"//proto:tink_cc_proto",
"//util:errors",
"//util:protobuf_helper",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "keyset_manager",
srcs = ["core/keyset_manager.cc"],
hdrs = ["keyset_manager.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
":key_gen_configuration",
":keyset_handle",
"//internal:key_gen_configuration_impl",
"//proto:tink_cc_proto",
"//util:enums",
"//util:errors",
"//util:secret_proto",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/synchronization",
],
)
cc_library(
name = "kms_client",
hdrs = ["kms_client.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
":aead",
"//util:statusor",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "kms_clients",
srcs = ["core/kms_clients.cc"],
hdrs = ["kms_clients.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
":kms_client",
"//util:errors",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/synchronization",
],
)
cc_library(
name = "core/template_util",
hdrs = ["core/template_util.h"],
include_prefix = "tink",
deps = ["@com_google_absl//absl/meta:type_traits"],
)
cc_library(
name = "core/key_type_manager",
hdrs = ["core/key_type_manager.h"],
include_prefix = "tink",
deps = [
":core/template_util",
":input_stream",
"//internal:fips_utils",
"//proto:tink_cc_proto",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "core/key_manager_impl",
hdrs = ["core/key_manager_impl.h"],
include_prefix = "tink",
deps = [
":core/key_type_manager",
":core/template_util",
":input_stream",
":key_manager",
"//proto:tink_cc_proto",
"//util:constants",
"//util:errors",
"//util:secret_proto",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/base",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "core/private_key_type_manager",
hdrs = ["core/private_key_type_manager.h"],
include_prefix = "tink",
deps = [
":core/key_type_manager",
":core/template_util",
"//util:statusor",
],
)
cc_library(
name = "core/private_key_manager_impl",
hdrs = ["core/private_key_manager_impl.h"],
include_prefix = "tink",
deps = [
":core/key_manager_impl",
":core/key_type_manager",
":core/private_key_type_manager",
":key_manager",
"//util:status",
"//util:statusor",
"//util:validation",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings:string_view",
],
)
cc_library(
name = "key_access",
hdrs = ["key_access.h"],
include_prefix = "tink",
)
cc_library(
name = "secret_key_access",
hdrs = ["secret_key_access.h"],
include_prefix = "tink",
deps = [":key_access"],
)
cc_library(
name = "parameters",
hdrs = ["parameters.h"],
include_prefix = "tink",
)
cc_library(
name = "key",
hdrs = ["key.h"],
include_prefix = "tink",
deps = [
":parameters",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "private_key",
hdrs = ["private_key.h"],
include_prefix = "tink",
deps = [":key"],
)
cc_library(
name = "partial_key_access_token",
hdrs = ["partial_key_access_token.h"],
include_prefix = "tink",
)
cc_library(
name = "partial_key_access",
hdrs = ["partial_key_access.h"],
include_prefix = "tink",
deps = [":partial_key_access_token"],
)
cc_library(
name = "secret_key_access_token",
hdrs = ["secret_key_access_token.h"],
include_prefix = "tink",
)
cc_library(
name = "insecure_secret_key_access",
hdrs = ["insecure_secret_key_access.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [":secret_key_access_token"],
)
cc_library(
name = "restricted_data",
srcs = ["core/restricted_data.cc"],
hdrs = ["restricted_data.h"],
include_prefix = "tink",
deps = [
":secret_key_access_token",
"//subtle:random",
"//util:secret_data",
"@boringssl//:crypto",
"@com_google_absl//absl/log:check",
"@com_google_absl//absl/strings:string_view",
],
)
cc_library(
name = "key_status",
hdrs = ["key_status.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
)
cc_library(
name = "configuration",
hdrs = ["configuration.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
"//internal:key_type_info_store",
"//internal:keyset_wrapper_store",
],
)
cc_library(
name = "key_gen_configuration",
hdrs = ["key_gen_configuration.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = ["//internal:key_type_info_store"],
)
cc_library(
name = "big_integer",
srcs = ["core/big_integer.cc"],
hdrs = ["big_integer.h"],
include_prefix = "tink",
deps = [
"@boringssl//:crypto",
"@com_google_absl//absl/strings:string_view",
],
)
cc_library(
name = "restricted_big_integer",
srcs = ["core/restricted_big_integer.cc"],
hdrs = ["restricted_big_integer.h"],
include_prefix = "tink",
deps = [
":secret_key_access_token",
"//util:secret_data",
"@boringssl//:crypto",
"@com_google_absl//absl/strings:string_view",
],
)
cc_library(
name = "ec_point",
hdrs = ["ec_point.h"],
include_prefix = "tink",
deps = [":big_integer"],
)
# tests
cc_test(
name = "version_test",
size = "small",
srcs = ["core/version_test.cc"],
deps = [
":version",
"//internal:util",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "binary_keyset_reader_test",
size = "small",
srcs = ["core/binary_keyset_reader_test.cc"],
deps = [
":binary_keyset_reader",
"//proto:tink_cc_proto",
"//util:test_util",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "binary_keyset_writer_test",
size = "small",
srcs = ["core/binary_keyset_writer_test.cc"],
deps = [
":binary_keyset_writer",
":insecure_secret_key_access",
":proto_keyset_format",
":tink_cc",
"//aead:aead_config",
"//config:global_registry",
"//proto:tink_cc_proto",
"//util:secret_data",
"//util:statusor",
"//util:test_matchers",
"//util:test_util",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "json_keyset_reader_test",
size = "small",
srcs = ["core/json_keyset_reader_test.cc"],
deps = [
":json_keyset_reader",
":keyset_reader",
"//proto:aes_eax_cc_proto",
"//proto:aes_gcm_cc_proto",
"//proto:tink_cc_proto",
"//util:statusor",
"//util:test_matchers",
"//util:test_util",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "json_keyset_writer_test",
size = "small",
srcs = ["core/json_keyset_writer_test.cc"],
deps = [
":json_keyset_reader",
":json_keyset_writer",
"//proto:aes_eax_cc_proto",
"//proto:aes_gcm_cc_proto",
"//proto:tink_cc_proto",
"//util:protobuf_helper",
"//util:test_matchers",
"//util:test_util",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_googletest//:gtest_main",
"@rapidjson",
],
)
cc_test(
name = "crypto_format_test",
size = "small",
srcs = ["core/crypto_format_test.cc"],
deps = [
":crypto_format",
"//proto:tink_cc_proto",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "keyset_handle_test",
size = "small",
srcs = ["core/keyset_handle_test.cc"],
deps = [
":binary_keyset_reader",
":cleartext_keyset_handle",
":configuration",
":core/key_manager_impl",
":core/key_type_manager",
":core/template_util",
":json_keyset_reader",
":json_keyset_writer",
":key_gen_configuration",
":key_status",
":keyset_handle",
":primitive_set",
":primitive_wrapper",
":tink_cc",
"//aead:aead_key_templates",
"//aead:aead_wrapper",
"//aead:aes_gcm_key_manager",
"//config:fips_140_2",
"//config:global_registry",
"//config:key_gen_fips_140_2",
"//config:tink_config",
"//internal:configuration_impl",
"//internal:fips_utils",
"//internal:key_gen_configuration_impl",
"//proto:aes_gcm_cc_proto",
"//proto:aes_gcm_siv_cc_proto",
"//proto:ecdsa_cc_proto",
"//proto:tink_cc_proto",
"//signature:ecdsa_sign_key_manager",
"//signature:ecdsa_verify_key_manager",
"//signature:signature_key_templates",
"//subtle:random",
"//util:status",
"//util:statusor",
"//util:test_keyset_handle",
"//util:test_matchers",
"//util:test_util",
"@com_google_absl//absl/container:flat_hash_map",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/types:optional",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "keyset_handle_builder_test",
srcs = ["core/keyset_handle_builder_test.cc"],
deps = [
":aead",
":core/key_type_manager",
":core/template_util",
":input_stream",
":insecure_secret_key_access",
":key_status",
":keyset_handle",
":keyset_handle_builder",
":mac",
":partial_key_access",
":primitive_set",
":primitive_wrapper",
":registry",
":restricted_data",
"//aead:aes_gcm_parameters",
"//config:global_registry",
"//config:tink_config",
"//internal:legacy_proto_key",
"//internal:legacy_proto_parameters",
"//internal:proto_key_serialization",
"//internal:proto_parameters_serialization",
"//mac:aes_cmac_key",
"//mac:aes_cmac_parameters",
"//mac:mac_key_templates",
"//proto:aes_cmac_cc_proto",
"//proto:aes_gcm_cc_proto",
"//proto:tink_cc_proto",
"//subtle:random",
"//util:status",
"//util:statusor",
"//util:test_matchers",
"//util:test_util",
"@com_google_absl//absl/container:flat_hash_map",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "key_manager_test",
size = "small",
srcs = ["core/key_manager_test.cc"],
deps = [
":key_manager",
"//proto:empty_cc_proto",
"//util:status",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "keyset_manager_test",
size = "small",
srcs = ["core/keyset_manager_test.cc"],
deps = [
":keyset_handle",
":keyset_manager",
"//aead:aead_config",
"//aead:aes_gcm_key_manager",
"//proto:aes_gcm_cc_proto",
"//proto:tink_cc_proto",
"//util:test_keyset_handle",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "cleartext_keyset_handle_test",
size = "small",
srcs = ["core/cleartext_keyset_handle_test.cc"],
deps = [
":binary_keyset_reader",
":cleartext_keyset_handle",
":keyset_handle",
"//proto:tink_cc_proto",
"//util:status",
"//util:test_keyset_handle",
"//util:test_util",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "primitive_set_test",
size = "small",
srcs = ["core/primitive_set_test.cc"],
deps = [
":crypto_format",
":mac",
":primitive_set",
"//keyderivation:keyset_deriver",
"//proto:tink_cc_proto",
"//util:test_matchers",
"//util:test_util",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/strings:string_view",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "kms_clients_test",
size = "small",
srcs = ["core/kms_clients_test.cc"],
deps = [
":aead",
":kms_client",
":kms_clients",
"//util:status",
"//util:statusor",
"//util:test_matchers",
"//util:test_util",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "core/template_util_test",
srcs = ["core/template_util_test.cc"],
deps = [
":core/template_util",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "core/key_type_manager_test",
srcs = ["core/key_type_manager_test.cc"],
deps = [
":aead",
":core/key_type_manager",
":core/template_util",
"//proto:aes_gcm_cc_proto",
"//subtle",
"//util:secret_data",
"//util:status",
"//util:statusor",
"//util:test_matchers",
"//util:validation",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "core/key_manager_impl_test",
srcs = ["core/key_manager_impl_test.cc"],
deps = [
":aead",
":core/key_manager_impl",
"//proto:aes_gcm_cc_proto",
"//subtle",
"//util:input_stream_util",
"//util:istream_input_stream",
"//util:secret_data",
"//util:status",
"//util:statusor",
"//util:test_matchers",
"//util:test_util",
"//util:validation",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "core/private_key_manager_impl_test",
srcs = ["core/private_key_manager_impl_test.cc"],
deps = [
":core/key_manager_impl",
":core/key_type_manager",
":core/private_key_manager_impl",
":core/private_key_type_manager",
":core/template_util",
":key_manager",
":registry",
"//proto:ecdsa_cc_proto",
"//subtle:aes_gcm_boringssl",
"//subtle:random",
"//util:status",
"//util:statusor",
"//util:test_matchers",
"//util:test_util",
"//util:validation",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "core/key_access_test",
srcs = ["core/key_access_test.cc"],
deps = [
":key_access",
":secret_key_access_testonly",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "core/partial_key_access_token_test",
srcs = ["core/partial_key_access_token_test.cc"],
deps = [
":partial_key_access",
":partial_key_access_token",
"@com_google_absl//absl/base:core_headers",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "core/restricted_data_test",
srcs = ["core/restricted_data_test.cc"],
deps = [
":insecure_secret_key_access",
":restricted_data",
"//subtle:random",
"//util:secret_data",
"@com_google_googletest//:gtest_main",
],
)
cc_library(
name = "proto_keyset_format",
srcs = ["proto_keyset_format.cc"],
hdrs = ["proto_keyset_format.h"],
include_prefix = "tink",
visibility = ["//visibility:public"],
deps = [
":binary_keyset_reader",
":binary_keyset_writer",
":cleartext_keyset_handle",
":keyset_handle",
":secret_key_access_token",
"//proto:tink_cc_proto",
"//util:secret_data",
"//util:secret_proto",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
],
)
cc_test(
name = "proto_keyset_format_test",
srcs = ["proto_keyset_format_test.cc"],
deps = [
":insecure_secret_key_access",
":key_status",
":keyset_handle",
":keyset_handle_builder",
":mac",
":proto_keyset_format",
"//config:global_registry",
"//config:tink_config",
"//internal:legacy_proto_parameters",
"//internal:proto_parameters_serialization",
"//mac:mac_key_templates",
"//signature:signature_key_templates",
"//util:secret_data",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/strings",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "core/big_integer_test",
srcs = ["core/big_integer_test.cc"],
deps = [
":big_integer",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/strings:string_view",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "core/restricted_big_integer_test",
srcs = ["core/restricted_big_integer_test.cc"],
deps = [
":insecure_secret_key_access",
":restricted_big_integer",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/strings:string_view",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "core/ec_point_test",
srcs = ["core/ec_point_test.cc"],
deps = [
":big_integer",
":ec_point",
"//subtle:random",
"@com_google_googletest//:gtest_main",
],
)
================================================
FILE: cc/CMakeLists.txt
================================================
add_subdirectory(aead)
add_subdirectory(config)
add_subdirectory(daead)
add_subdirectory(hybrid)
add_subdirectory(internal)
add_subdirectory(mac)
add_subdirectory(monitoring)
add_subdirectory(jwt)
add_subdirectory(keyderivation)
add_subdirectory(prf)
add_subdirectory(signature)
add_subdirectory(streamingaead)
add_subdirectory(subtle)
add_subdirectory(util)
tink_module(core)
# Configuration settings for the build.
if(USE_ONLY_FIPS)
target_compile_definitions(tink_internal_fips_utils PUBLIC TINK_USE_ONLY_FIPS)
endif()
# Public libraries.
set(TINK_VERSION_H "${TINK_GENFILE_DIR}/tink/version.h")
tink_cc_library(
NAME cc
SRCS
aead.h
aead_config.h
aead_factory.h
aead_key_templates.h
binary_keyset_reader.h
binary_keyset_writer.h
cleartext_keyset_handle.h
deterministic_aead.h
deterministic_aead_config.h
deterministic_aead_factory.h
deterministic_aead_key_templates.h
hybrid_config.h
hybrid_decrypt.h
hybrid_decrypt_factory.h
hybrid_encrypt.h
hybrid_encrypt_factory.h
hybrid_key_templates.h
input_stream.h
json_keyset_reader.h
json_keyset_writer.h
key_manager.h
keyset_handle.h
keyset_manager.h
keyset_reader.h
keyset_writer.h
kms_client.h
mac.h
mac_config.h
mac_factory.h
mac_key_templates.h
output_stream.h
output_stream_with_result.h
public_key_sign.h
public_key_sign_factory.h
public_key_verify.h
public_key_verify_factory.h
random_access_stream.h
registry.h
signature_config.h
signature_key_templates.h
streaming_aead.h
streaming_aead_config.h
streaming_aead_key_templates.h
streaming_mac.h
tink_config.h
"${TINK_VERSION_H}"
DEPS
tink::core::aead
tink::core::binary_keyset_reader
tink::core::binary_keyset_writer
tink::core::cleartext_keyset_handle
tink::core::deterministic_aead
tink::core::hybrid_decrypt
tink::core::hybrid_encrypt
tink::core::input_stream
tink::core::json_keyset_reader
tink::core::json_keyset_writer
tink::core::key
tink::core::key_manager
tink::core::keyset_handle
tink::core::keyset_manager
tink::core::keyset_reader
tink::core::keyset_writer
tink::core::kms_client
tink::core::mac
tink::core::output_stream
tink::core::output_stream_with_result
tink::core::primitive_set
tink::core::public_key_sign
tink::core::public_key_verify
tink::core::random_access_stream
tink::core::registry
tink::core::streaming_aead
tink::core::streaming_mac
tink::core::version
absl::core_headers
absl::flat_hash_map
absl::memory
absl::status
absl::strings
absl::synchronization
tink::aead::aead_config
tink::aead::aead_factory
tink::aead::aead_key_templates
tink::config::tink_config
tink::daead::deterministic_aead_config
tink::daead::deterministic_aead_factory
tink::daead::deterministic_aead_key_templates
tink::hybrid::hybrid_config
tink::hybrid::hybrid_decrypt_factory
tink::hybrid::hybrid_encrypt_factory
tink::hybrid::hybrid_key_templates
tink::internal::key_info
tink::internal::registry_impl
tink::mac::mac_config
tink::mac::mac_factory
tink::mac::mac_key_templates
tink::signature::public_key_sign_factory
tink::signature::public_key_verify_factory
tink::signature::signature_config
tink::signature::signature_key_templates
tink::streamingaead::streaming_aead_config
tink::streamingaead::streaming_aead_key_templates
tink::util::buffer
tink::util::errors
tink::util::protobuf_helper
tink::util::secret_proto
tink::util::status
tink::util::statusor
tink::util::validation
tink::proto::config_cc_proto
tink::proto::tink_cc_proto
PUBLIC
)
add_library(tink::static ALIAS tink_core_cc)
tink_cc_library(
NAME input_stream
SRCS
input_stream.h
DEPS
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME output_stream
SRCS
output_stream.h
DEPS
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME random_access_stream
SRCS
random_access_stream.h
DEPS
tink::util::buffer
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME output_stream_with_result
SRCS
output_stream_with_result.h
DEPS
tink::core::output_stream
absl::status
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME aead
SRCS
aead.h
DEPS
absl::strings
tink::util::statusor
)
tink_cc_library(
NAME deterministic_aead
SRCS
deterministic_aead.h
DEPS
absl::strings
tink::util::statusor
)
tink_cc_library(
NAME streaming_aead
SRCS
streaming_aead.h
DEPS
tink::core::input_stream
tink::core::output_stream
tink::core::random_access_stream
absl::strings
tink::util::statusor
)
tink_cc_library(
NAME streaming_mac
SRCS
streaming_mac.h
DEPS
tink::core::output_stream_with_result
absl::strings
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME chunked_mac
SRCS
chunked_mac.h
DEPS
absl::strings
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME hybrid_decrypt
SRCS
hybrid_decrypt.h
DEPS
absl::strings
tink::util::statusor
)
tink_cc_library(
NAME hybrid_encrypt
SRCS
hybrid_encrypt.h
DEPS
absl::strings
tink::util::statusor
)
tink_cc_library(
NAME mac
SRCS
mac.h
DEPS
absl::strings
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME public_key_sign
SRCS
public_key_sign.h
DEPS
absl::strings
tink::util::statusor
)
tink_cc_library(
NAME public_key_verify
SRCS
public_key_verify.h
DEPS
absl::strings
tink::util::status
)
tink_cc_library(
NAME keyset_reader
SRCS
keyset_reader.h
DEPS
tink::util::statusor
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME keyset_writer
SRCS
keyset_writer.h
DEPS
tink::util::status
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME binary_keyset_reader
SRCS
core/binary_keyset_reader.cc
binary_keyset_reader.h
DEPS
tink::core::keyset_reader
absl::memory
absl::status
absl::strings
tink::util::errors
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME binary_keyset_writer
SRCS
core/binary_keyset_writer.cc
binary_keyset_writer.h
DEPS
tink::core::keyset_writer
absl::memory
absl::status
absl::strings
tink::util::protobuf_helper
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME json_keyset_reader
SRCS
core/json_keyset_reader.cc
json_keyset_reader.h
DEPS
tink::core::keyset_reader
absl::memory
absl::status
absl::strings
rapidjson
tink::util::enums
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME json_keyset_writer
SRCS
core/json_keyset_writer.cc
json_keyset_writer.h
DEPS
tink::core::keyset_writer
absl::status
absl::strings
rapidjson
tink::util::enums
tink::util::errors
tink::util::protobuf_helper
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME crypto_format
SRCS
core/crypto_format.cc
crypto_format.h
DEPS
absl::status
absl::string_view
tink::util::errors
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME primitive_set
SRCS
primitive_set.h
primitive_set.h
DEPS
tink::core::crypto_format
absl::core_headers
absl::flat_hash_map
absl::memory
absl::status
absl::string_view
absl::synchronization
tink::util::errors
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME primitive_wrapper
SRCS
primitive_wrapper.h
DEPS
tink::core::primitive_set
tink::util::statusor
)
tink_cc_library(
NAME registry
SRCS
registry.h
DEPS
tink::core::key_manager
tink::core::primitive_set
absl::strings
tink::internal::registry_impl
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
)
# Generate TINK_VERSION_H from version.h.templ. TINK_VERSION_LABEL is
# substituted in version.h.templ with the value of PROJECT_VERSION.
set(TINK_VERSION_LABEL "${PROJECT_VERSION}")
configure_file(version.h.templ "${TINK_VERSION_H}")
tink_cc_library(
NAME version
SRCS
core/version.cc
"${TINK_VERSION_H}"
)
tink_cc_library(
NAME keyset_handle
SRCS
core/keyset_handle.cc
keyset_handle.h
DEPS
tink::core::aead
tink::core::configuration
tink::core::insecure_secret_key_access
tink::core::key
tink::core::key_gen_configuration
tink::core::key_manager
tink::core::key_status
tink::core::keyset_reader
tink::core::keyset_writer
tink::core::primitive_set
tink::core::registry
tink::core::restricted_data
tink::core::secret_key_access_token
absl::core_headers
absl::flat_hash_map
absl::check
absl::memory
absl::status
absl::strings
absl::optional
tink::config::global_registry
tink::internal::configuration_impl
tink::internal::key_gen_configuration_impl
tink::internal::key_info
tink::internal::key_status_util
tink::internal::key_type_info_store
tink::internal::keyset_wrapper
tink::internal::keyset_wrapper_store
tink::internal::mutable_serialization_registry
tink::internal::proto_key_serialization
tink::internal::registry_impl
tink::internal::util
tink::util::errors
tink::util::keyset_util
tink::util::secret_data
tink::util::secret_proto
tink::util::status
tink::util::statusor
tink::util::validation
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME keyset_handle_builder
SRCS
core/keyset_handle_builder.cc
keyset_handle_builder.h
DEPS
tink::core::key
tink::core::key_status
tink::core::keyset_handle
tink::core::parameters
absl::flat_hash_map
absl::check
absl::memory
absl::status
absl::strings
absl::str_format
absl::optional
tink::internal::keyset_handle_builder_entry
tink::subtle::random
tink::util::secret_proto
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME cleartext_keyset_handle
SRCS
core/cleartext_keyset_handle.cc
cleartext_keyset_handle.h
DEPS
tink::core::keyset_handle
tink::core::keyset_reader
tink::core::keyset_writer
absl::flat_hash_map
absl::memory
absl::status
tink::util::errors
tink::util::secret_proto
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME key_manager
SRCS
core/key_manager.cc
key_manager.h
DEPS
absl::memory
absl::strings
tink::util::errors
tink::util::protobuf_helper
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME keyset_manager
SRCS
core/keyset_manager.cc
keyset_manager.h
DEPS
tink::core::key_gen_configuration
tink::core::keyset_handle
absl::core_headers
absl::memory
absl::status
absl::synchronization
tink::internal::key_gen_configuration_impl
tink::util::enums
tink::util::errors
tink::util::secret_proto
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
PUBLIC
)
tink_cc_library(
NAME kms_client
SRCS
kms_client.h
DEPS
tink::core::aead
absl::strings
tink::util::statusor
)
tink_cc_library(
NAME kms_clients
SRCS
core/kms_clients.cc
kms_clients.h
DEPS
tink::core::kms_client
absl::core_headers
absl::status
absl::strings
absl::synchronization
tink::util::errors
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME template_util
SRCS
core/template_util.h
DEPS
absl::type_traits
)
tink_cc_library(
NAME key_type_manager
SRCS
core/key_type_manager.h
DEPS
tink::core::template_util
tink::core::input_stream
absl::status
absl::strings
tink::internal::fips_utils
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME key_manager_impl
SRCS
core/key_manager_impl.h
DEPS
tink::core::key_type_manager
tink::core::template_util
tink::core::input_stream
tink::core::key_manager
absl::base
absl::memory
absl::status
absl::strings
tink::util::constants
tink::util::errors
tink::util::secret_proto
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME private_key_type_manager
SRCS
core/private_key_type_manager.h
DEPS
tink::core::key_type_manager
tink::core::template_util
tink::util::statusor
)
tink_cc_library(
NAME private_key_manager_impl
SRCS
core/private_key_manager_impl.h
DEPS
tink::core::key_manager_impl
tink::core::key_type_manager
tink::core::private_key_type_manager
tink::core::key_manager
absl::memory
absl::status
absl::string_view
tink::util::status
tink::util::statusor
tink::util::validation
)
tink_cc_library(
NAME key_access
SRCS
key_access.h
)
tink_cc_library(
NAME secret_key_access
SRCS
secret_key_access.h
DEPS
tink::core::key_access
)
add_library(tink::core::secret_key_access_testonly ALIAS tink_internal_core_secret_key_access)
tink_cc_library(
NAME parameters
SRCS
parameters.h
)
tink_cc_library(
NAME key
SRCS
key.h
DEPS
tink::core::parameters
absl::optional
)
tink_cc_library(
NAME private_key
SRCS
private_key.h
DEPS
tink::core::key
)
tink_cc_library(
NAME partial_key_access_token
SRCS
partial_key_access_token.h
)
tink_cc_library(
NAME partial_key_access
SRCS
partial_key_access.h
DEPS
tink::core::partial_key_access_token
)
tink_cc_library(
NAME secret_key_access_token
SRCS
secret_key_access_token.h
)
tink_cc_library(
NAME insecure_secret_key_access
SRCS
insecure_secret_key_access.h
DEPS
tink::core::secret_key_access_token
)
tink_cc_library(
NAME restricted_data
SRCS
core/restricted_data.cc
restricted_data.h
DEPS
tink::core::secret_key_access_token
absl::check
absl::string_view
crypto
tink::subtle::random
tink::util::secret_data
)
tink_cc_library(
NAME key_status
SRCS
key_status.h
)
tink_cc_library(
NAME configuration
SRCS
configuration.h
DEPS
tink::internal::key_type_info_store
tink::internal::keyset_wrapper_store
)
tink_cc_library(
NAME key_gen_configuration
SRCS
key_gen_configuration.h
DEPS
tink::internal::key_type_info_store
)
tink_cc_library(
NAME big_integer
SRCS
core/big_integer.cc
big_integer.h
DEPS
absl::string_view
crypto
)
tink_cc_library(
NAME restricted_big_integer
SRCS
core/restricted_big_integer.cc
restricted_big_integer.h
DEPS
tink::core::secret_key_access_token
absl::string_view
crypto
tink::util::secret_data
)
tink_cc_library(
NAME ec_point
SRCS
ec_point.h
DEPS
tink::core::big_integer
)
# tests
tink_cc_test(
NAME version_test
SRCS
core/version_test.cc
DEPS
tink::core::version
gmock
tink::internal::util
)
tink_cc_test(
NAME binary_keyset_reader_test
SRCS
core/binary_keyset_reader_test.cc
DEPS
tink::core::binary_keyset_reader
gmock
absl::status
tink::util::test_util
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME binary_keyset_writer_test
SRCS
core/binary_keyset_writer_test.cc
DEPS
tink::core::binary_keyset_writer
tink::core::cc
tink::core::insecure_secret_key_access
tink::core::proto_keyset_format
gmock
absl::memory
absl::status
tink::aead::aead_config
tink::config::global_registry
tink::util::secret_data
tink::util::statusor
tink::util::test_matchers
tink::util::test_util
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME json_keyset_reader_test
SRCS
core/json_keyset_reader_test.cc
DEPS
tink::core::json_keyset_reader
tink::core::keyset_reader
gmock
absl::status
absl::strings
tink::util::statusor
tink::util::test_matchers
tink::util::test_util
tink::proto::aes_eax_cc_proto
tink::proto::aes_gcm_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME json_keyset_writer_test
SRCS
core/json_keyset_writer_test.cc
DEPS
tink::core::json_keyset_reader
tink::core::json_keyset_writer
gmock
absl::status
absl::strings
rapidjson
tink::util::protobuf_helper
tink::util::test_matchers
tink::util::test_util
tink::proto::aes_eax_cc_proto
tink::proto::aes_gcm_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME crypto_format_test
SRCS
core/crypto_format_test.cc
DEPS
tink::core::crypto_format
gmock
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME keyset_handle_test
SRCS
core/keyset_handle_test.cc
DEPS
tink::core::binary_keyset_reader
tink::core::cc
tink::core::cleartext_keyset_handle
tink::core::configuration
tink::core::key_manager_impl
tink::core::key_type_manager
tink::core::template_util
tink::core::json_keyset_reader
tink::core::json_keyset_writer
tink::core::key_gen_configuration
tink::core::key_status
tink::core::keyset_handle
tink::core::primitive_set
tink::core::primitive_wrapper
gmock
absl::flat_hash_map
absl::memory
absl::status
absl::strings
absl::optional
tink::aead::aead_key_templates
tink::aead::aead_wrapper
tink::aead::aes_gcm_key_manager
tink::config::fips_140_2
tink::config::global_registry
tink::config::key_gen_fips_140_2
tink::config::tink_config
tink::internal::configuration_impl
tink::internal::fips_utils
tink::internal::key_gen_configuration_impl
tink::signature::ecdsa_sign_key_manager
tink::signature::ecdsa_verify_key_manager
tink::signature::signature_key_templates
tink::subtle::random
tink::util::status
tink::util::statusor
tink::util::test_keyset_handle
tink::util::test_matchers
tink::util::test_util
tink::proto::aes_gcm_cc_proto
tink::proto::aes_gcm_siv_cc_proto
tink::proto::ecdsa_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME keyset_handle_builder_test
SRCS
core/keyset_handle_builder_test.cc
DEPS
tink::core::aead
tink::core::key_type_manager
tink::core::template_util
tink::core::input_stream
tink::core::insecure_secret_key_access
tink::core::key_status
tink::core::keyset_handle
tink::core::keyset_handle_builder
tink::core::mac
tink::core::partial_key_access
tink::core::primitive_set
tink::core::primitive_wrapper
tink::core::registry
tink::core::restricted_data
gmock
absl::flat_hash_map
absl::memory
absl::status
absl::strings
tink::aead::aes_gcm_parameters
tink::config::global_registry
tink::config::tink_config
tink::internal::legacy_proto_key
tink::internal::legacy_proto_parameters
tink::internal::proto_key_serialization
tink::internal::proto_parameters_serialization
tink::mac::aes_cmac_key
tink::mac::aes_cmac_parameters
tink::mac::mac_key_templates
tink::subtle::random
tink::util::status
tink::util::statusor
tink::util::test_matchers
tink::util::test_util
tink::proto::aes_cmac_cc_proto
tink::proto::aes_gcm_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME key_manager_test
SRCS
core/key_manager_test.cc
DEPS
tink::core::key_manager
gmock
absl::status
tink::util::status
tink::util::test_matchers
tink::proto::empty_cc_proto
)
tink_cc_test(
NAME keyset_manager_test
SRCS
core/keyset_manager_test.cc
DEPS
tink::core::keyset_handle
tink::core::keyset_manager
gmock
absl::status
tink::aead::aead_config
tink::aead::aes_gcm_key_manager
tink::util::test_keyset_handle
tink::proto::aes_gcm_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME cleartext_keyset_handle_test
SRCS
core/cleartext_keyset_handle_test.cc
DEPS
tink::core::binary_keyset_reader
tink::core::cleartext_keyset_handle
tink::core::keyset_handle
gmock
absl::status
tink::util::status
tink::util::test_keyset_handle
tink::util::test_util
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME primitive_set_test
SRCS
core/primitive_set_test.cc
DEPS
tink::core::crypto_format
tink::core::mac
tink::core::primitive_set
gmock
absl::memory
absl::status
absl::strings
absl::string_view
tink::keyderivation::keyset_deriver
tink::util::test_matchers
tink::util::test_util
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME kms_clients_test
SRCS
core/kms_clients_test.cc
DEPS
tink::core::aead
tink::core::kms_client
tink::core::kms_clients
gmock
absl::status
absl::strings
tink::util::status
tink::util::statusor
tink::util::test_matchers
tink::util::test_util
)
tink_cc_test(
NAME template_util_test
SRCS
core/template_util_test.cc
DEPS
tink::core::template_util
gmock
)
tink_cc_test(
NAME key_type_manager_test
SRCS
core/key_type_manager_test.cc
DEPS
tink::core::aead
tink::core::key_type_manager
tink::core::template_util
gmock
absl::memory
absl::status
tink::subtle::subtle
tink::util::secret_data
tink::util::status
tink::util::statusor
tink::util::test_matchers
tink::util::validation
tink::proto::aes_gcm_cc_proto
)
tink_cc_test(
NAME key_manager_impl_test
SRCS
core/key_manager_impl_test.cc
DEPS
tink::core::aead
tink::core::key_manager_impl
gmock
absl::status
tink::subtle::subtle
tink::util::input_stream_util
tink::util::istream_input_stream
tink::util::secret_data
tink::util::status
tink::util::statusor
tink::util::test_matchers
tink::util::test_util
tink::util::validation
tink::proto::aes_gcm_cc_proto
)
tink_cc_test(
NAME private_key_manager_impl_test
SRCS
core/private_key_manager_impl_test.cc
DEPS
tink::core::key_manager_impl
tink::core::key_type_manager
tink::core::private_key_manager_impl
tink::core::private_key_type_manager
tink::core::template_util
tink::core::key_manager
tink::core::registry
gmock
absl::memory
absl::status
tink::subtle::aes_gcm_boringssl
tink::subtle::random
tink::util::status
tink::util::statusor
tink::util::test_matchers
tink::util::test_util
tink::util::validation
tink::proto::ecdsa_cc_proto
)
tink_cc_test(
NAME key_access_test
SRCS
core/key_access_test.cc
DEPS
tink::core::key_access
tink::core::secret_key_access_testonly
gmock
)
tink_cc_test(
NAME partial_key_access_token_test
SRCS
core/partial_key_access_token_test.cc
DEPS
tink::core::partial_key_access
tink::core::partial_key_access_token
gmock
absl::core_headers
)
tink_cc_test(
NAME restricted_data_test
SRCS
core/restricted_data_test.cc
DEPS
tink::core::insecure_secret_key_access
tink::core::restricted_data
gmock
tink::subtle::random
tink::util::secret_data
)
tink_cc_library(
NAME proto_keyset_format
SRCS
proto_keyset_format.cc
proto_keyset_format.h
DEPS
tink::core::binary_keyset_reader
tink::core::binary_keyset_writer
tink::core::cleartext_keyset_handle
tink::core::keyset_handle
tink::core::secret_key_access_token
absl::status
absl::strings
tink::util::secret_data
tink::util::secret_proto
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME proto_keyset_format_test
SRCS
proto_keyset_format_test.cc
DEPS
tink::core::insecure_secret_key_access
tink::core::key_status
tink::core::keyset_handle
tink::core::keyset_handle_builder
tink::core::mac
tink::core::proto_keyset_format
gmock
absl::strings
tink::config::global_registry
tink::config::tink_config
tink::internal::legacy_proto_parameters
tink::internal::proto_parameters_serialization
tink::mac::mac_key_templates
tink::signature::signature_key_templates
tink::util::secret_data
tink::util::statusor
tink::util::test_matchers
)
tink_cc_test(
NAME big_integer_test
SRCS
core/big_integer_test.cc
DEPS
tink::core::big_integer
gmock
absl::strings
absl::string_view
)
tink_cc_test(
NAME restricted_big_integer_test
SRCS
core/restricted_big_integer_test.cc
DEPS
tink::core::insecure_secret_key_access
tink::core::restricted_big_integer
gmock
absl::strings
absl::string_view
)
tink_cc_test(
NAME ec_point_test
SRCS
core/ec_point_test.cc
DEPS
tink::core::big_integer
tink::core::ec_point
gmock
tink::subtle::random
)
================================================
FILE: cc/WORKSPACE
================================================
workspace(name = "tink_cc")
# Use this repository if you want to build the FIPS module for BoringSSL
# local_repository(
# name = "boringssl",
# path = "third_party/boringssl_fips/",
# )
load("@tink_cc//:tink_cc_deps.bzl", "tink_cc_deps", "tink_cc_testonly_deps")
tink_cc_deps()
tink_cc_testonly_deps()
load("@tink_cc//:tink_cc_deps_init.bzl", "tink_cc_deps_init")
tink_cc_deps_init()
================================================
FILE: cc/aead/BUILD.bazel
================================================
package(default_visibility = ["//:__subpackages__"])
licenses(["notice"])
cc_library(
name = "aead_wrapper",
srcs = ["aead_wrapper.cc"],
hdrs = ["aead_wrapper.h"],
include_prefix = "tink/aead",
deps = [
"//:aead",
"//:crypto_format",
"//:primitive_set",
"//:primitive_wrapper",
"//internal:monitoring_util",
"//internal:registry_impl",
"//internal:util",
"//monitoring",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "cord_aead_wrapper",
srcs = ["cord_aead_wrapper.cc"],
hdrs = ["cord_aead_wrapper.h"],
include_prefix = "tink/aead",
deps = [
":cord_aead",
"//:crypto_format",
"//:primitive_set",
"//:primitive_wrapper",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings:cord",
],
)
cc_library(
name = "cord_aead",
hdrs = ["cord_aead.h"],
include_prefix = "tink/aead",
visibility = ["//visibility:public"],
deps = [
"//util:statusor",
"@com_google_absl//absl/strings:cord",
],
)
cc_library(
name = "aead_config",
srcs = ["aead_config.cc"],
hdrs = ["aead_config.h"],
include_prefix = "tink/aead",
visibility = ["//visibility:public"],
deps = [
":aead_wrapper",
":aes_ctr_hmac_aead_key_manager",
":aes_ctr_hmac_aead_proto_serialization",
":aes_eax_key_manager",
":aes_eax_proto_serialization",
":aes_gcm_key_manager",
":aes_gcm_proto_serialization",
":aes_gcm_siv_key_manager",
":aes_gcm_siv_proto_serialization",
":kms_aead_key_manager",
":kms_envelope_aead_key_manager",
":xchacha20_poly1305_key_manager",
":xchacha20_poly1305_proto_serialization",
"//:registry",
"//config:tink_fips",
"//mac:mac_config",
"//proto:config_cc_proto",
"//util:status",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
],
)
cc_library(
name = "aead_factory",
srcs = ["aead_factory.cc"],
hdrs = ["aead_factory.h"],
include_prefix = "tink/aead",
deps = [
":aead_wrapper",
"//:aead",
"//:key_manager",
"//:keyset_handle",
"//:registry",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/memory",
],
)
cc_library(
name = "aead_key_templates",
srcs = ["aead_key_templates.cc"],
hdrs = ["aead_key_templates.h"],
include_prefix = "tink/aead",
visibility = ["//visibility:public"],
deps = [
"//proto:aes_ctr_cc_proto",
"//proto:aes_ctr_hmac_aead_cc_proto",
"//proto:aes_eax_cc_proto",
"//proto:aes_gcm_cc_proto",
"//proto:aes_gcm_siv_cc_proto",
"//proto:common_cc_proto",
"//proto:hmac_cc_proto",
"//proto:kms_envelope_cc_proto",
"//proto:tink_cc_proto",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "aes_eax_key_manager",
hdrs = ["aes_eax_key_manager.h"],
include_prefix = "tink/aead",
deps = [
"//:aead",
"//:core/key_type_manager",
"//:core/template_util",
"//proto:aes_eax_cc_proto",
"//proto:tink_cc_proto",
"//subtle:aes_eax_boringssl",
"//subtle:random",
"//util:constants",
"//util:secret_data",
"//util:status",
"//util:statusor",
"//util:validation",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "aes_gcm_key_manager",
hdrs = ["aes_gcm_key_manager.h"],
include_prefix = "tink/aead",
visibility = ["//visibility:public"],
deps = [
":cord_aead",
"//:aead",
"//:core/key_type_manager",
"//:core/template_util",
"//:input_stream",
"//aead/internal:cord_aes_gcm_boringssl",
"//internal:fips_utils",
"//proto:aes_gcm_cc_proto",
"//proto:tink_cc_proto",
"//subtle:aes_gcm_boringssl",
"//subtle:random",
"//util:constants",
"//util:input_stream_util",
"//util:secret_data",
"//util:status",
"//util:statusor",
"//util:validation",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "aes_gcm_siv_key_manager",
hdrs = ["aes_gcm_siv_key_manager.h"],
include_prefix = "tink/aead",
deps = [
"//:aead",
"//:core/key_type_manager",
"//:core/template_util",
"//proto:aes_gcm_siv_cc_proto",
"//proto:tink_cc_proto",
"//subtle:aes_gcm_siv_boringssl",
"//subtle:random",
"//util:constants",
"//util:secret_data",
"//util:status",
"//util:statusor",
"//util:validation",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "aes_ctr_hmac_aead_key_manager",
srcs = ["aes_ctr_hmac_aead_key_manager.cc"],
hdrs = ["aes_ctr_hmac_aead_key_manager.h"],
include_prefix = "tink/aead",
visibility = ["//visibility:public"],
deps = [
"//:aead",
"//:core/key_type_manager",
"//:core/template_util",
"//:input_stream",
"//:mac",
"//internal:fips_utils",
"//mac:hmac_key_manager",
"//proto:aes_ctr_cc_proto",
"//proto:aes_ctr_hmac_aead_cc_proto",
"//proto:common_cc_proto",
"//proto:hmac_cc_proto",
"//proto:tink_cc_proto",
"//subtle:aes_ctr_boringssl",
"//subtle:encrypt_then_authenticate",
"//subtle:ind_cpa_cipher",
"//subtle:random",
"//util:constants",
"//util:enums",
"//util:input_stream_util",
"//util:secret_data",
"//util:status",
"//util:statusor",
"//util:validation",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/status:statusor",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "xchacha20_poly1305_key_manager",
hdrs = ["xchacha20_poly1305_key_manager.h"],
include_prefix = "tink/aead",
visibility = ["//visibility:public"],
deps = [
"//:aead",
"//:core/key_type_manager",
"//:core/template_util",
"//:input_stream",
"//proto:tink_cc_proto",
"//proto:xchacha20_poly1305_cc_proto",
"//subtle",
"//subtle:xchacha20_poly1305_boringssl",
"//util:constants",
"//util:input_stream_util",
"//util:secret_data",
"//util:status",
"//util:statusor",
"//util:validation",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "kms_aead_key_manager",
hdrs = ["kms_aead_key_manager.h"],
include_prefix = "tink/aead",
deps = [
"//:aead",
"//:core/key_type_manager",
"//:core/template_util",
"//:kms_client",
"//:kms_clients",
"//proto:kms_aead_cc_proto",
"//proto:tink_cc_proto",
"//util:constants",
"//util:status",
"//util:statusor",
"//util:validation",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "kms_envelope_aead",
srcs = ["kms_envelope_aead.cc"],
hdrs = ["kms_envelope_aead.h"],
include_prefix = "tink/aead",
visibility = ["//visibility:public"],
deps = [
"//:aead",
"//:registry",
"//aead/internal:aead_util",
"//proto:tink_cc_proto",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/base:endian",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "kms_envelope_aead_key_manager",
srcs = ["kms_envelope_aead_key_manager.cc"],
hdrs = ["kms_envelope_aead_key_manager.h"],
include_prefix = "tink/aead",
deps = [
":kms_envelope_aead",
"//:aead",
"//:core/key_type_manager",
"//:core/template_util",
"//:kms_client",
"//:kms_clients",
"//aead/internal:aead_util",
"//internal:fips_utils",
"//proto:kms_envelope_cc_proto",
"//proto:tink_cc_proto",
"//util:constants",
"//util:status",
"//util:statusor",
"//util:validation",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "mock_aead",
testonly = 1,
hdrs = ["mock_aead.h"],
include_prefix = "tink/aead",
visibility = ["//visibility:public"],
deps = [
"//:aead",
"//util:statusor",
"@com_google_absl//absl/strings",
"@com_google_googletest//:gtest",
],
)
cc_library(
name = "failing_aead",
testonly = 1,
srcs = ["failing_aead.cc"],
hdrs = ["failing_aead.h"],
include_prefix = "tink/aead",
visibility = ["//visibility:public"],
deps = [
"//:aead",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "aead_parameters",
hdrs = ["aead_parameters.h"],
include_prefix = "tink/aead",
deps = ["//:parameters"],
)
cc_library(
name = "aead_key",
hdrs = ["aead_key.h"],
include_prefix = "tink/aead",
deps = [
":aead_parameters",
"//:key",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "aes_gcm_parameters",
srcs = ["aes_gcm_parameters.cc"],
hdrs = ["aes_gcm_parameters.h"],
include_prefix = "tink/aead",
deps = [
":aead_parameters",
"//:parameters",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "aes_gcm_key",
srcs = ["aes_gcm_key.cc"],
hdrs = ["aes_gcm_key.h"],
include_prefix = "tink/aead",
deps = [
":aead_key",
":aes_gcm_parameters",
"//:key",
"//:partial_key_access_token",
"//:restricted_data",
"//subtle:subtle_util",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "aes_gcm_proto_serialization",
srcs = ["aes_gcm_proto_serialization.cc"],
hdrs = ["aes_gcm_proto_serialization.h"],
include_prefix = "tink/aead",
deps = [
":aes_gcm_key",
":aes_gcm_parameters",
"//:partial_key_access",
"//:restricted_data",
"//:secret_key_access_token",
"//internal:key_parser",
"//internal:key_serializer",
"//internal:mutable_serialization_registry",
"//internal:parameters_parser",
"//internal:parameters_serializer",
"//internal:proto_key_serialization",
"//internal:proto_parameters_serialization",
"//proto:aes_gcm_cc_proto",
"//proto:tink_cc_proto",
"//util:secret_data",
"//util:secret_proto",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings:string_view",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "aes_gcm_siv_parameters",
srcs = ["aes_gcm_siv_parameters.cc"],
hdrs = ["aes_gcm_siv_parameters.h"],
include_prefix = "tink/aead",
deps = [
":aead_parameters",
"//:parameters",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
],
)
cc_library(
name = "aes_gcm_siv_key",
srcs = ["aes_gcm_siv_key.cc"],
hdrs = ["aes_gcm_siv_key.h"],
include_prefix = "tink/aead",
deps = [
":aead_key",
":aes_gcm_siv_parameters",
"//:key",
"//:partial_key_access_token",
"//:restricted_data",
"//subtle:subtle_util",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "aes_gcm_siv_proto_serialization",
srcs = ["aes_gcm_siv_proto_serialization.cc"],
hdrs = ["aes_gcm_siv_proto_serialization.h"],
include_prefix = "tink/aead",
deps = [
":aes_gcm_siv_key",
":aes_gcm_siv_parameters",
"//:partial_key_access",
"//:restricted_data",
"//:secret_key_access_token",
"//internal:key_parser",
"//internal:key_serializer",
"//internal:mutable_serialization_registry",
"//internal:parameters_parser",
"//internal:parameters_serializer",
"//internal:proto_key_serialization",
"//internal:proto_parameters_serialization",
"//proto:aes_gcm_siv_cc_proto",
"//proto:tink_cc_proto",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings:string_view",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "config_v0",
srcs = ["config_v0.cc"],
hdrs = ["config_v0.h"],
include_prefix = "tink/aead",
deps = [
"//:configuration",
"//aead/internal:config_v0",
"@com_google_absl//absl/log:check",
],
)
cc_library(
name = "key_gen_config_v0",
srcs = ["key_gen_config_v0.cc"],
hdrs = ["key_gen_config_v0.h"],
include_prefix = "tink/aead",
deps = [
"//:key_gen_configuration",
"//aead/internal:key_gen_config_v0",
"@com_google_absl//absl/log:check",
],
)
cc_library(
name = "aes_eax_parameters",
srcs = ["aes_eax_parameters.cc"],
hdrs = ["aes_eax_parameters.h"],
include_prefix = "tink/aead",
deps = [
":aead_parameters",
"//:parameters",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/container:flat_hash_set",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "aes_eax_key",
srcs = ["aes_eax_key.cc"],
hdrs = ["aes_eax_key.h"],
include_prefix = "tink/aead",
deps = [
":aead_key",
":aes_eax_parameters",
"//:key",
"//:partial_key_access_token",
"//:restricted_data",
"//subtle:subtle_util",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/strings:string_view",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "aes_eax_proto_serialization",
srcs = ["aes_eax_proto_serialization.cc"],
hdrs = ["aes_eax_proto_serialization.h"],
include_prefix = "tink/aead",
deps = [
":aes_eax_key",
":aes_eax_parameters",
"//:partial_key_access",
"//:restricted_data",
"//:secret_key_access_token",
"//internal:key_parser",
"//internal:key_serializer",
"//internal:mutable_serialization_registry",
"//internal:parameters_parser",
"//internal:parameters_serializer",
"//internal:proto_key_serialization",
"//internal:proto_parameters_serialization",
"//proto:aes_eax_cc_proto",
"//proto:tink_cc_proto",
"//util:secret_data",
"//util:secret_proto",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/strings:string_view",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "xchacha20_poly1305_parameters",
srcs = ["xchacha20_poly1305_parameters.cc"],
hdrs = ["xchacha20_poly1305_parameters.h"],
include_prefix = "tink/aead",
deps = [
":aead_parameters",
"//:parameters",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
],
)
cc_library(
name = "xchacha20_poly1305_key",
srcs = ["xchacha20_poly1305_key.cc"],
hdrs = ["xchacha20_poly1305_key.h"],
include_prefix = "tink/aead",
deps = [
":aead_key",
":xchacha20_poly1305_parameters",
"//:key",
"//:partial_key_access_token",
"//:restricted_data",
"//subtle:subtle_util",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "xchacha20_poly1305_proto_serialization",
srcs = ["xchacha20_poly1305_proto_serialization.cc"],
hdrs = ["xchacha20_poly1305_proto_serialization.h"],
include_prefix = "tink/aead",
deps = [
":xchacha20_poly1305_key",
":xchacha20_poly1305_parameters",
"//:partial_key_access",
"//:restricted_data",
"//:secret_key_access_token",
"//internal:key_parser",
"//internal:key_serializer",
"//internal:mutable_serialization_registry",
"//internal:parameters_parser",
"//internal:parameters_serializer",
"//internal:proto_key_serialization",
"//internal:proto_parameters_serialization",
"//proto:tink_cc_proto",
"//proto:xchacha20_poly1305_cc_proto",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings:string_view",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "chacha20_poly1305_parameters",
srcs = ["chacha20_poly1305_parameters.cc"],
hdrs = ["chacha20_poly1305_parameters.h"],
include_prefix = "tink/aead",
deps = [
":aead_parameters",
"//:parameters",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
],
)
cc_library(
name = "chacha20_poly1305_key",
srcs = ["chacha20_poly1305_key.cc"],
hdrs = ["chacha20_poly1305_key.h"],
include_prefix = "tink/aead",
deps = [
":aead_key",
":chacha20_poly1305_parameters",
"//:key",
"//:partial_key_access_token",
"//:restricted_data",
"//subtle:subtle_util",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "chacha20_poly1305_proto_serialization",
srcs = ["chacha20_poly1305_proto_serialization.cc"],
hdrs = ["chacha20_poly1305_proto_serialization.h"],
include_prefix = "tink/aead",
deps = [
":chacha20_poly1305_key",
":chacha20_poly1305_parameters",
"//:partial_key_access",
"//:restricted_data",
"//:secret_key_access_token",
"//internal:key_parser",
"//internal:key_serializer",
"//internal:mutable_serialization_registry",
"//internal:parameters_parser",
"//internal:parameters_serializer",
"//internal:proto_key_serialization",
"//internal:proto_parameters_serialization",
"//proto:chacha20_poly1305_cc_proto",
"//proto:tink_cc_proto",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings:string_view",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "aes_ctr_hmac_aead_parameters",
srcs = ["aes_ctr_hmac_aead_parameters.cc"],
hdrs = ["aes_ctr_hmac_aead_parameters.h"],
include_prefix = "tink/aead",
deps = [
":aead_parameters",
"//:parameters",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/algorithm:container",
"@com_google_absl//absl/container:flat_hash_map",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "aes_ctr_hmac_aead_key",
srcs = ["aes_ctr_hmac_aead_key.cc"],
hdrs = ["aes_ctr_hmac_aead_key.h"],
include_prefix = "tink/aead",
deps = [
":aead_key",
":aes_ctr_hmac_aead_parameters",
"//:key",
"//:partial_key_access_token",
"//:restricted_data",
"//subtle:subtle_util",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/strings:string_view",
"@com_google_absl//absl/types:optional",
],
)
cc_library(
name = "aes_ctr_hmac_aead_proto_serialization",
srcs = ["aes_ctr_hmac_aead_proto_serialization.cc"],
hdrs = ["aes_ctr_hmac_aead_proto_serialization.h"],
include_prefix = "tink/aead",
deps = [
":aes_ctr_hmac_aead_key",
":aes_ctr_hmac_aead_parameters",
"//:partial_key_access",
"//:restricted_data",
"//:secret_key_access_token",
"//internal:key_parser",
"//internal:key_serializer",
"//internal:mutable_serialization_registry",
"//internal:parameters_parser",
"//internal:parameters_serializer",
"//internal:proto_key_serialization",
"//internal:proto_parameters_serialization",
"//proto:aes_ctr_cc_proto",
"//proto:aes_ctr_hmac_aead_cc_proto",
"//proto:common_cc_proto",
"//proto:hmac_cc_proto",
"//proto:tink_cc_proto",
"//util:secret_data",
"//util:secret_proto",
"//util:status",
"//util:statusor",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/strings:string_view",
"@com_google_absl//absl/types:optional",
],
)
# tests
cc_test(
name = "aead_wrapper_test",
size = "small",
srcs = ["aead_wrapper_test.cc"],
deps = [
":aead_wrapper",
":mock_aead",
"//:aead",
"//:crypto_format",
"//:primitive_set",
"//:registry",
"//internal:registry_impl",
"//monitoring",
"//monitoring:monitoring_client_mocks",
"//proto:tink_cc_proto",
"//util:status",
"//util:statusor",
"//util:test_matchers",
"//util:test_util",
"@com_google_absl//absl/container:flat_hash_map",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/status:statusor",
"@com_google_absl//absl/strings",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aead_config_test",
size = "small",
srcs = ["aead_config_test.cc"],
tags = ["fips"],
deps = [
":aead_config",
":aead_key_templates",
":aes_ctr_hmac_aead_key",
":aes_ctr_hmac_aead_parameters",
":aes_eax_key",
":aes_eax_parameters",
":aes_gcm_key",
":aes_gcm_key_manager",
":aes_gcm_parameters",
":aes_gcm_siv_key",
":aes_gcm_siv_parameters",
":key_gen_config_v0",
":xchacha20_poly1305_key",
":xchacha20_poly1305_parameters",
"//:aead",
"//:insecure_secret_key_access",
"//:key",
"//:key_status",
"//:keyset_handle",
"//:keyset_handle_builder",
"//:parameters",
"//:partial_key_access",
"//:registry",
"//:restricted_data",
"//config:global_registry",
"//config:tink_fips",
"//internal:fips_utils",
"//internal:legacy_proto_key",
"//internal:mutable_serialization_registry",
"//internal:proto_key_serialization",
"//internal:proto_parameters_serialization",
"//internal:serialization",
"//proto:aes_eax_cc_proto",
"//proto:aes_gcm_cc_proto",
"//proto:aes_gcm_siv_cc_proto",
"//proto:tink_cc_proto",
"//proto:xchacha20_poly1305_cc_proto",
"//subtle:random",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aead_factory_test",
size = "small",
srcs = ["aead_factory_test.cc"],
deps = [
":aead_config",
":aead_factory",
":aes_gcm_key_manager",
"//:aead",
"//:crypto_format",
"//:keyset_handle",
"//internal:key_info",
"//proto:aes_gcm_cc_proto",
"//proto:tink_cc_proto",
"//util:status",
"//util:statusor",
"//util:test_keyset_handle",
"//util:test_util",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aead_key_templates_test",
size = "small",
srcs = ["aead_key_templates_test.cc"],
deps = [
":aead_config",
":aead_key_templates",
":aes_ctr_hmac_aead_key_manager",
":aes_eax_key_manager",
":aes_gcm_key_manager",
":aes_gcm_siv_key_manager",
":kms_envelope_aead_key_manager",
":xchacha20_poly1305_key_manager",
"//:aead",
"//:core/key_manager_impl",
"//:key_manager",
"//:keyset_handle",
"//config:global_registry",
"//proto:aes_ctr_cc_proto",
"//proto:aes_ctr_hmac_aead_cc_proto",
"//proto:aes_eax_cc_proto",
"//proto:aes_gcm_cc_proto",
"//proto:aes_gcm_siv_cc_proto",
"//proto:common_cc_proto",
"//proto:hmac_cc_proto",
"//proto:kms_envelope_cc_proto",
"//proto:tink_cc_proto",
"//proto:xchacha20_poly1305_cc_proto",
"//subtle:aead_test_util",
"//util:fake_kms_client",
"//util:status",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/status:statusor",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_eax_key_manager_test",
size = "small",
srcs = ["aes_eax_key_manager_test.cc"],
deps = [
":aes_eax_key_manager",
"//:aead",
"//proto:aes_eax_cc_proto",
"//proto:tink_cc_proto",
"//subtle:aead_test_util",
"//subtle:aes_eax_boringssl",
"//util:secret_data",
"//util:status",
"//util:statusor",
"//util:test_matchers",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_gcm_key_manager_test",
size = "small",
srcs = ["aes_gcm_key_manager_test.cc"],
deps = [
":aes_gcm_key_manager",
":cord_aead",
"//:aead",
"//aead/internal:cord_aes_gcm_boringssl",
"//proto:aes_gcm_cc_proto",
"//proto:tink_cc_proto",
"//subtle:aead_test_util",
"//subtle:aes_gcm_boringssl",
"//util:istream_input_stream",
"//util:secret_data",
"//util:status",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_gcm_siv_key_manager_test",
size = "small",
srcs = ["aes_gcm_siv_key_manager_test.cc"],
deps = [
":aes_gcm_siv_key_manager",
"//:aead",
"//internal:ssl_util",
"//proto:aes_gcm_siv_cc_proto",
"//proto:tink_cc_proto",
"//subtle:aead_test_util",
"//subtle:aes_gcm_siv_boringssl",
"//util:secret_data",
"//util:status",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_ctr_hmac_aead_key_manager_test",
size = "small",
srcs = ["aes_ctr_hmac_aead_key_manager_test.cc"],
deps = [
":aes_ctr_hmac_aead_key_manager",
"//:aead",
"//proto:aes_ctr_cc_proto",
"//proto:aes_ctr_hmac_aead_cc_proto",
"//proto:common_cc_proto",
"//proto:hmac_cc_proto",
"//proto:tink_cc_proto",
"//subtle",
"//subtle:aead_test_util",
"//subtle:aes_ctr_boringssl",
"//util:enums",
"//util:istream_input_stream",
"//util:secret_data",
"//util:status",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "xchacha20_poly1305_key_manager_test",
size = "small",
srcs = ["xchacha20_poly1305_key_manager_test.cc"],
deps = [
":xchacha20_poly1305_key_manager",
"//:aead",
"//internal:ssl_util",
"//proto:tink_cc_proto",
"//proto:xchacha20_poly1305_cc_proto",
"//subtle:aead_test_util",
"//subtle:xchacha20_poly1305_boringssl",
"//util:istream_input_stream",
"//util:secret_data",
"//util:status",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "kms_aead_key_manager_test",
size = "small",
srcs = ["kms_aead_key_manager_test.cc"],
deps = [
":kms_aead_key_manager",
"//:aead",
"//:kms_client",
"//:kms_clients",
"//proto:kms_aead_cc_proto",
"//proto:tink_cc_proto",
"//subtle:aead_test_util",
"//util:status",
"//util:statusor",
"//util:test_matchers",
"//util:test_util",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "kms_envelope_aead_test",
size = "small",
srcs = ["kms_envelope_aead_test.cc"],
deps = [
":aead_config",
":aead_key_templates",
":kms_envelope_aead",
"//:aead",
"//:keyset_handle",
"//:registry",
"//config:global_registry",
"//internal:ssl_util",
"//mac:mac_key_templates",
"//proto:aes_gcm_cc_proto",
"//proto:tink_cc_proto",
"//util:fake_kms_client",
"//util:status",
"//util:statusor",
"//util:test_matchers",
"//util:test_util",
"@com_google_absl//absl/base:endian",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "kms_envelope_aead_key_manager_test",
size = "small",
srcs = ["kms_envelope_aead_key_manager_test.cc"],
deps = [
":aead_config",
":aead_key_templates",
":aes_eax_key_manager",
":kms_envelope_aead",
":kms_envelope_aead_key_manager",
"//:aead",
"//:keyset_handle",
"//:kms_client",
"//:kms_clients",
"//:registry",
"//config:global_registry",
"//mac:mac_key_templates",
"//proto:kms_envelope_cc_proto",
"//proto:tink_cc_proto",
"//subtle:aead_test_util",
"//util:fake_kms_client",
"//util:status",
"//util:statusor",
"//util:test_matchers",
"//util:test_util",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "cord_aead_wrapper_test",
size = "small",
srcs = ["cord_aead_wrapper_test.cc"],
deps = [
":cord_aead",
":cord_aead_wrapper",
"//:primitive_set",
"//proto:tink_cc_proto",
"//util:status",
"//util:test_matchers",
"//util:test_util",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/strings:cord",
"@com_google_absl//absl/strings:cord_test_helpers",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "failing_aead_test",
srcs = ["failing_aead_test.cc"],
deps = [
":failing_aead",
"//:aead",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_gcm_parameters_test",
srcs = ["aes_gcm_parameters_test.cc"],
deps = [
":aes_gcm_parameters",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_gcm_key_test",
srcs = ["aes_gcm_key_test.cc"],
deps = [
":aes_gcm_key",
":aes_gcm_parameters",
"//:partial_key_access",
"//:restricted_data",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/types:optional",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_gcm_proto_serialization_test",
size = "small",
srcs = ["aes_gcm_proto_serialization_test.cc"],
deps = [
":aes_gcm_key",
":aes_gcm_parameters",
":aes_gcm_proto_serialization",
"//:insecure_secret_key_access",
"//:key",
"//:parameters",
"//:partial_key_access",
"//:restricted_data",
"//internal:mutable_serialization_registry",
"//internal:proto_key_serialization",
"//internal:proto_parameters_serialization",
"//internal:serialization",
"//proto:aes_gcm_cc_proto",
"//proto:tink_cc_proto",
"//subtle:random",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/types:optional",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_gcm_siv_parameters_test",
srcs = ["aes_gcm_siv_parameters_test.cc"],
deps = [
":aes_gcm_siv_parameters",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_gcm_siv_key_test",
srcs = ["aes_gcm_siv_key_test.cc"],
deps = [
":aes_gcm_siv_key",
":aes_gcm_siv_parameters",
"//:partial_key_access",
"//:restricted_data",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/types:optional",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_gcm_siv_proto_serialization_test",
size = "small",
srcs = ["aes_gcm_siv_proto_serialization_test.cc"],
deps = [
":aes_gcm_siv_key",
":aes_gcm_siv_parameters",
":aes_gcm_siv_proto_serialization",
"//:insecure_secret_key_access",
"//:key",
"//:parameters",
"//:partial_key_access",
"//:restricted_data",
"//internal:mutable_serialization_registry",
"//internal:proto_key_serialization",
"//internal:proto_parameters_serialization",
"//internal:serialization",
"//proto:aes_gcm_siv_cc_proto",
"//proto:tink_cc_proto",
"//subtle:random",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/types:optional",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "config_v0_test",
srcs = ["config_v0_test.cc"],
deps = [
":aead_key_templates",
":config_v0",
":key_gen_config_v0",
"//:aead",
"//:keyset_handle",
"//internal:ssl_util",
"//proto:tink_cc_proto",
"//util:statusor",
"//util:test_matchers",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_eax_parameters_test",
srcs = ["aes_eax_parameters_test.cc"],
deps = [
":aes_eax_parameters",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_eax_key_test",
srcs = ["aes_eax_key_test.cc"],
deps = [
":aes_eax_key",
":aes_eax_parameters",
"//:partial_key_access",
"//:restricted_data",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/types:optional",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_eax_proto_serialization_test",
srcs = ["aes_eax_proto_serialization_test.cc"],
deps = [
":aes_eax_key",
":aes_eax_parameters",
":aes_eax_proto_serialization",
"//:insecure_secret_key_access",
"//:key",
"//:parameters",
"//:partial_key_access",
"//:restricted_data",
"//internal:mutable_serialization_registry",
"//internal:proto_key_serialization",
"//internal:proto_parameters_serialization",
"//internal:serialization",
"//proto:aes_eax_cc_proto",
"//proto:tink_cc_proto",
"//subtle:random",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings:string_view",
"@com_google_absl//absl/types:optional",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "xchacha20_poly1305_parameters_test",
srcs = ["xchacha20_poly1305_parameters_test.cc"],
deps = [
":xchacha20_poly1305_parameters",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "xchacha20_poly1305_key_test",
srcs = ["xchacha20_poly1305_key_test.cc"],
deps = [
":xchacha20_poly1305_key",
":xchacha20_poly1305_parameters",
"//:partial_key_access",
"//:restricted_data",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/types:optional",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "xchacha20_poly1305_proto_serialization_test",
srcs = ["xchacha20_poly1305_proto_serialization_test.cc"],
deps = [
":xchacha20_poly1305_key",
":xchacha20_poly1305_parameters",
":xchacha20_poly1305_proto_serialization",
"//:insecure_secret_key_access",
"//:key",
"//:parameters",
"//:partial_key_access",
"//:restricted_data",
"//internal:mutable_serialization_registry",
"//internal:proto_key_serialization",
"//internal:proto_parameters_serialization",
"//internal:serialization",
"//proto:tink_cc_proto",
"//proto:xchacha20_poly1305_cc_proto",
"//subtle:random",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings:string_view",
"@com_google_absl//absl/types:optional",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "chacha20_poly1305_parameters_test",
srcs = ["chacha20_poly1305_parameters_test.cc"],
deps = [
":chacha20_poly1305_parameters",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "chacha20_poly1305_key_test",
srcs = ["chacha20_poly1305_key_test.cc"],
deps = [
":chacha20_poly1305_key",
":chacha20_poly1305_parameters",
"//:partial_key_access",
"//:restricted_data",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/types:optional",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "chacha20_poly1305_proto_serialization_test",
srcs = ["chacha20_poly1305_proto_serialization_test.cc"],
deps = [
":chacha20_poly1305_key",
":chacha20_poly1305_parameters",
":chacha20_poly1305_proto_serialization",
"//:insecure_secret_key_access",
"//:key",
"//:parameters",
"//:partial_key_access",
"//:restricted_data",
"//internal:mutable_serialization_registry",
"//internal:proto_key_serialization",
"//internal:proto_parameters_serialization",
"//internal:serialization",
"//proto:chacha20_poly1305_cc_proto",
"//proto:tink_cc_proto",
"//subtle:random",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings:string_view",
"@com_google_absl//absl/types:optional",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_ctr_hmac_aead_parameters_test",
srcs = ["aes_ctr_hmac_aead_parameters_test.cc"],
deps = [
":aes_ctr_hmac_aead_parameters",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_ctr_hmac_aead_key_test",
srcs = ["aes_ctr_hmac_aead_key_test.cc"],
deps = [
":aes_ctr_hmac_aead_key",
":aes_ctr_hmac_aead_parameters",
"//:partial_key_access",
"//:restricted_data",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/types:optional",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "aes_ctr_hmac_aead_proto_serialization_test",
srcs = ["aes_ctr_hmac_aead_proto_serialization_test.cc"],
deps = [
":aes_ctr_hmac_aead_key",
":aes_ctr_hmac_aead_parameters",
":aes_ctr_hmac_aead_proto_serialization",
"//:insecure_secret_key_access",
"//:key",
"//:parameters",
"//:partial_key_access",
"//:restricted_data",
"//internal:mutable_serialization_registry",
"//internal:proto_key_serialization",
"//internal:proto_parameters_serialization",
"//internal:serialization",
"//proto:aes_ctr_cc_proto",
"//proto:aes_ctr_hmac_aead_cc_proto",
"//proto:common_cc_proto",
"//proto:hmac_cc_proto",
"//proto:tink_cc_proto",
"//subtle:random",
"//util:statusor",
"//util:test_matchers",
"@com_google_absl//absl/status",
"@com_google_absl//absl/strings:string_view",
"@com_google_absl//absl/types:optional",
"@com_google_googletest//:gtest_main",
],
)
================================================
FILE: cc/aead/CMakeLists.txt
================================================
tink_module(aead)
add_subdirectory(internal)
tink_cc_library(
NAME aead_wrapper
SRCS
aead_wrapper.cc
aead_wrapper.h
DEPS
absl::memory
absl::status
absl::strings
tink::core::aead
tink::core::crypto_format
tink::core::primitive_set
tink::core::primitive_wrapper
tink::internal::monitoring_util
tink::internal::registry_impl
tink::internal::util
tink::monitoring::monitoring
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME cord_aead
SRCS
cord_aead.h
DEPS
absl::cord
tink::util::statusor
)
tink_cc_library(
NAME cord_aead_wrapper
SRCS
cord_aead_wrapper.cc
cord_aead_wrapper.h
DEPS
tink::aead::cord_aead
absl::status
absl::cord
tink::core::crypto_format
tink::core::primitive_set
tink::core::primitive_wrapper
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME aead_config
SRCS
aead_config.cc
aead_config.h
DEPS
tink::aead::aead_wrapper
tink::aead::aes_ctr_hmac_aead_key_manager
tink::aead::aes_ctr_hmac_aead_proto_serialization
tink::aead::aes_eax_key_manager
tink::aead::aes_eax_proto_serialization
tink::aead::aes_gcm_key_manager
tink::aead::aes_gcm_proto_serialization
tink::aead::aes_gcm_siv_key_manager
tink::aead::aes_gcm_siv_proto_serialization
tink::aead::kms_aead_key_manager
tink::aead::kms_envelope_aead_key_manager
tink::aead::xchacha20_poly1305_key_manager
tink::aead::xchacha20_poly1305_proto_serialization
absl::core_headers
absl::memory
absl::status
tink::core::registry
tink::config::tink_fips
tink::mac::mac_config
tink::util::status
tink::proto::config_cc_proto
)
tink_cc_library(
NAME aead_factory
SRCS
aead_factory.cc
aead_factory.h
DEPS
tink::aead::aead_wrapper
absl::core_headers
absl::memory
tink::core::aead
tink::core::key_manager
tink::core::keyset_handle
tink::core::registry
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME aead_key_templates
SRCS
aead_key_templates.cc
aead_key_templates.h
DEPS
absl::core_headers
absl::strings
tink::proto::aes_ctr_cc_proto
tink::proto::aes_ctr_hmac_aead_cc_proto
tink::proto::aes_eax_cc_proto
tink::proto::aes_gcm_cc_proto
tink::proto::aes_gcm_siv_cc_proto
tink::proto::common_cc_proto
tink::proto::hmac_cc_proto
tink::proto::kms_envelope_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME aes_eax_key_manager
SRCS
aes_eax_key_manager.h
DEPS
absl::memory
absl::status
absl::strings
tink::core::aead
tink::core::key_type_manager
tink::core::template_util
tink::subtle::aes_eax_boringssl
tink::subtle::random
tink::util::constants
tink::util::secret_data
tink::util::status
tink::util::statusor
tink::util::validation
tink::proto::aes_eax_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME aes_gcm_key_manager
SRCS
aes_gcm_key_manager.h
DEPS
tink::aead::cord_aead
absl::memory
absl::status
absl::strings
tink::core::aead
tink::core::key_type_manager
tink::core::template_util
tink::core::input_stream
tink::aead::internal::cord_aes_gcm_boringssl
tink::internal::fips_utils
tink::subtle::aes_gcm_boringssl
tink::subtle::random
tink::util::constants
tink::util::input_stream_util
tink::util::secret_data
tink::util::status
tink::util::statusor
tink::util::validation
tink::proto::aes_gcm_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME aes_gcm_siv_key_manager
SRCS
aes_gcm_siv_key_manager.h
DEPS
absl::memory
absl::strings
tink::core::aead
tink::core::key_type_manager
tink::core::template_util
tink::subtle::aes_gcm_siv_boringssl
tink::subtle::random
tink::util::constants
tink::util::secret_data
tink::util::status
tink::util::statusor
tink::util::validation
tink::proto::aes_gcm_siv_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME aes_ctr_hmac_aead_key_manager
SRCS
aes_ctr_hmac_aead_key_manager.cc
aes_ctr_hmac_aead_key_manager.h
DEPS
absl::memory
absl::status
absl::statusor
absl::strings
tink::core::aead
tink::core::key_type_manager
tink::core::template_util
tink::core::input_stream
tink::core::mac
tink::internal::fips_utils
tink::mac::hmac_key_manager
tink::subtle::aes_ctr_boringssl
tink::subtle::encrypt_then_authenticate
tink::subtle::ind_cpa_cipher
tink::subtle::random
tink::util::constants
tink::util::enums
tink::util::input_stream_util
tink::util::secret_data
tink::util::status
tink::util::statusor
tink::util::validation
tink::proto::aes_ctr_cc_proto
tink::proto::aes_ctr_hmac_aead_cc_proto
tink::proto::common_cc_proto
tink::proto::hmac_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME xchacha20_poly1305_key_manager
SRCS
xchacha20_poly1305_key_manager.h
DEPS
absl::memory
absl::status
absl::strings
tink::core::aead
tink::core::key_type_manager
tink::core::template_util
tink::core::input_stream
tink::subtle::subtle
tink::subtle::xchacha20_poly1305_boringssl
tink::util::constants
tink::util::input_stream_util
tink::util::secret_data
tink::util::status
tink::util::statusor
tink::util::validation
tink::proto::tink_cc_proto
tink::proto::xchacha20_poly1305_cc_proto
)
tink_cc_library(
NAME kms_aead_key_manager
SRCS
kms_aead_key_manager.h
DEPS
absl::memory
absl::status
absl::strings
tink::core::aead
tink::core::key_type_manager
tink::core::template_util
tink::core::kms_client
tink::core::kms_clients
tink::util::constants
tink::util::status
tink::util::statusor
tink::util::validation
tink::proto::kms_aead_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME kms_envelope_aead
SRCS
kms_envelope_aead.cc
kms_envelope_aead.h
DEPS
absl::endian
absl::memory
absl::status
absl::strings
tink::core::aead
tink::core::registry
tink::aead::internal::aead_util
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME kms_envelope_aead_key_manager
SRCS
kms_envelope_aead_key_manager.cc
kms_envelope_aead_key_manager.h
DEPS
tink::aead::kms_envelope_aead
absl::memory
absl::status
absl::strings
tink::core::aead
tink::core::key_type_manager
tink::core::template_util
tink::core::kms_client
tink::core::kms_clients
tink::aead::internal::aead_util
tink::internal::fips_utils
tink::util::constants
tink::util::status
tink::util::statusor
tink::util::validation
tink::proto::kms_envelope_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME mock_aead
SRCS
mock_aead.h
DEPS
gmock
absl::strings
tink::core::aead
tink::util::statusor
TESTONLY
)
tink_cc_library(
NAME failing_aead
SRCS
failing_aead.cc
failing_aead.h
DEPS
absl::memory
absl::status
absl::strings
tink::core::aead
tink::util::status
tink::util::statusor
TESTONLY
)
tink_cc_library(
NAME aead_parameters
SRCS
aead_parameters.h
DEPS
tink::core::parameters
)
tink_cc_library(
NAME aead_key
SRCS
aead_key.h
DEPS
tink::aead::aead_parameters
absl::strings
tink::core::key
)
tink_cc_library(
NAME aes_gcm_parameters
SRCS
aes_gcm_parameters.cc
aes_gcm_parameters.h
DEPS
tink::aead::aead_parameters
absl::status
absl::strings
tink::core::parameters
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME aes_gcm_key
SRCS
aes_gcm_key.cc
aes_gcm_key.h
DEPS
tink::aead::aead_key
tink::aead::aes_gcm_parameters
absl::status
absl::strings
absl::optional
tink::core::key
tink::core::partial_key_access_token
tink::core::restricted_data
tink::subtle::subtle_util
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME aes_gcm_proto_serialization
SRCS
aes_gcm_proto_serialization.cc
aes_gcm_proto_serialization.h
DEPS
tink::aead::aes_gcm_key
tink::aead::aes_gcm_parameters
absl::core_headers
absl::status
absl::string_view
absl::optional
tink::core::partial_key_access
tink::core::restricted_data
tink::core::secret_key_access_token
tink::internal::key_parser
tink::internal::key_serializer
tink::internal::mutable_serialization_registry
tink::internal::parameters_parser
tink::internal::parameters_serializer
tink::internal::proto_key_serialization
tink::internal::proto_parameters_serialization
tink::util::secret_data
tink::util::secret_proto
tink::util::status
tink::util::statusor
tink::proto::aes_gcm_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME aes_gcm_siv_parameters
SRCS
aes_gcm_siv_parameters.cc
aes_gcm_siv_parameters.h
DEPS
tink::aead::aead_parameters
absl::status
absl::strings
tink::core::parameters
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME aes_gcm_siv_key
SRCS
aes_gcm_siv_key.cc
aes_gcm_siv_key.h
DEPS
tink::aead::aead_key
tink::aead::aes_gcm_siv_parameters
absl::status
absl::strings
absl::optional
tink::core::key
tink::core::partial_key_access_token
tink::core::restricted_data
tink::subtle::subtle_util
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME aes_gcm_siv_proto_serialization
SRCS
aes_gcm_siv_proto_serialization.cc
aes_gcm_siv_proto_serialization.h
DEPS
tink::aead::aes_gcm_siv_key
tink::aead::aes_gcm_siv_parameters
absl::core_headers
absl::status
absl::string_view
absl::optional
tink::core::partial_key_access
tink::core::restricted_data
tink::core::secret_key_access_token
tink::internal::key_parser
tink::internal::key_serializer
tink::internal::mutable_serialization_registry
tink::internal::parameters_parser
tink::internal::parameters_serializer
tink::internal::proto_key_serialization
tink::internal::proto_parameters_serialization
tink::util::status
tink::util::statusor
tink::proto::aes_gcm_siv_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME config_v0
SRCS
config_v0.cc
config_v0.h
DEPS
absl::check
tink::core::configuration
tink::aead::internal::config_v0
)
tink_cc_library(
NAME key_gen_config_v0
SRCS
key_gen_config_v0.cc
key_gen_config_v0.h
DEPS
absl::check
tink::core::key_gen_configuration
tink::aead::internal::key_gen_config_v0
)
tink_cc_library(
NAME aes_eax_parameters
SRCS
aes_eax_parameters.cc
aes_eax_parameters.h
DEPS
tink::aead::aead_parameters
absl::flat_hash_set
absl::status
absl::strings
absl::optional
tink::core::parameters
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME aes_eax_key
SRCS
aes_eax_key.cc
aes_eax_key.h
DEPS
tink::aead::aead_key
tink::aead::aes_eax_parameters
absl::status
absl::strings
absl::string_view
absl::optional
tink::core::key
tink::core::partial_key_access_token
tink::core::restricted_data
tink::subtle::subtle_util
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME aes_eax_proto_serialization
SRCS
aes_eax_proto_serialization.cc
aes_eax_proto_serialization.h
DEPS
tink::aead::aes_eax_key
tink::aead::aes_eax_parameters
absl::core_headers
absl::status
absl::strings
absl::string_view
absl::optional
tink::core::partial_key_access
tink::core::restricted_data
tink::core::secret_key_access_token
tink::internal::key_parser
tink::internal::key_serializer
tink::internal::mutable_serialization_registry
tink::internal::parameters_parser
tink::internal::parameters_serializer
tink::internal::proto_key_serialization
tink::internal::proto_parameters_serialization
tink::util::secret_data
tink::util::secret_proto
tink::util::status
tink::util::statusor
tink::proto::aes_eax_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME xchacha20_poly1305_parameters
SRCS
xchacha20_poly1305_parameters.cc
xchacha20_poly1305_parameters.h
DEPS
tink::aead::aead_parameters
absl::status
tink::core::parameters
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME xchacha20_poly1305_key
SRCS
xchacha20_poly1305_key.cc
xchacha20_poly1305_key.h
DEPS
tink::aead::aead_key
tink::aead::xchacha20_poly1305_parameters
absl::status
absl::strings
absl::optional
tink::core::key
tink::core::partial_key_access_token
tink::core::restricted_data
tink::subtle::subtle_util
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME xchacha20_poly1305_proto_serialization
SRCS
xchacha20_poly1305_proto_serialization.cc
xchacha20_poly1305_proto_serialization.h
DEPS
tink::aead::xchacha20_poly1305_key
tink::aead::xchacha20_poly1305_parameters
absl::core_headers
absl::status
absl::string_view
absl::optional
tink::core::partial_key_access
tink::core::restricted_data
tink::core::secret_key_access_token
tink::internal::key_parser
tink::internal::key_serializer
tink::internal::mutable_serialization_registry
tink::internal::parameters_parser
tink::internal::parameters_serializer
tink::internal::proto_key_serialization
tink::internal::proto_parameters_serialization
tink::util::status
tink::util::statusor
tink::proto::tink_cc_proto
tink::proto::xchacha20_poly1305_cc_proto
)
tink_cc_library(
NAME chacha20_poly1305_parameters
SRCS
chacha20_poly1305_parameters.cc
chacha20_poly1305_parameters.h
DEPS
tink::aead::aead_parameters
absl::status
tink::core::parameters
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME chacha20_poly1305_key
SRCS
chacha20_poly1305_key.cc
chacha20_poly1305_key.h
DEPS
tink::aead::aead_key
tink::aead::chacha20_poly1305_parameters
absl::status
absl::strings
absl::optional
tink::core::key
tink::core::partial_key_access_token
tink::core::restricted_data
tink::subtle::subtle_util
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME chacha20_poly1305_proto_serialization
SRCS
chacha20_poly1305_proto_serialization.cc
chacha20_poly1305_proto_serialization.h
DEPS
tink::aead::chacha20_poly1305_key
tink::aead::chacha20_poly1305_parameters
absl::core_headers
absl::status
absl::string_view
absl::optional
tink::core::partial_key_access
tink::core::restricted_data
tink::core::secret_key_access_token
tink::internal::key_parser
tink::internal::key_serializer
tink::internal::mutable_serialization_registry
tink::internal::parameters_parser
tink::internal::parameters_serializer
tink::internal::proto_key_serialization
tink::internal::proto_parameters_serialization
tink::util::status
tink::util::statusor
tink::proto::chacha20_poly1305_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_library(
NAME aes_ctr_hmac_aead_parameters
SRCS
aes_ctr_hmac_aead_parameters.cc
aes_ctr_hmac_aead_parameters.h
DEPS
tink::aead::aead_parameters
absl::algorithm_container
absl::flat_hash_map
absl::status
absl::strings
absl::optional
tink::core::parameters
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME aes_ctr_hmac_aead_key
SRCS
aes_ctr_hmac_aead_key.cc
aes_ctr_hmac_aead_key.h
DEPS
tink::aead::aead_key
tink::aead::aes_ctr_hmac_aead_parameters
absl::status
absl::strings
absl::string_view
absl::optional
tink::core::key
tink::core::partial_key_access_token
tink::core::restricted_data
tink::subtle::subtle_util
tink::util::status
tink::util::statusor
)
tink_cc_library(
NAME aes_ctr_hmac_aead_proto_serialization
SRCS
aes_ctr_hmac_aead_proto_serialization.cc
aes_ctr_hmac_aead_proto_serialization.h
DEPS
tink::aead::aes_ctr_hmac_aead_key
tink::aead::aes_ctr_hmac_aead_parameters
absl::core_headers
absl::status
absl::strings
absl::string_view
absl::optional
tink::core::partial_key_access
tink::core::restricted_data
tink::core::secret_key_access_token
tink::internal::key_parser
tink::internal::key_serializer
tink::internal::mutable_serialization_registry
tink::internal::parameters_parser
tink::internal::parameters_serializer
tink::internal::proto_key_serialization
tink::internal::proto_parameters_serialization
tink::util::secret_data
tink::util::secret_proto
tink::util::status
tink::util::statusor
tink::proto::aes_ctr_cc_proto
tink::proto::aes_ctr_hmac_aead_cc_proto
tink::proto::common_cc_proto
tink::proto::hmac_cc_proto
tink::proto::tink_cc_proto
)
# tests
tink_cc_test(
NAME aead_wrapper_test
SRCS
aead_wrapper_test.cc
DEPS
tink::aead::aead_wrapper
tink::aead::mock_aead
gmock
absl::flat_hash_map
absl::memory
absl::status
absl::statusor
absl::strings
tink::core::aead
tink::core::crypto_format
tink::core::primitive_set
tink::core::registry
tink::internal::registry_impl
tink::monitoring::monitoring
tink::monitoring::monitoring_client_mocks
tink::util::status
tink::util::statusor
tink::util::test_matchers
tink::util::test_util
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME aead_config_test
SRCS
aead_config_test.cc
DEPS
tink::aead::aead_config
tink::aead::aead_key_templates
tink::aead::aes_ctr_hmac_aead_key
tink::aead::aes_ctr_hmac_aead_parameters
tink::aead::aes_eax_key
tink::aead::aes_eax_parameters
tink::aead::aes_gcm_key
tink::aead::aes_gcm_key_manager
tink::aead::aes_gcm_parameters
tink::aead::aes_gcm_siv_key
tink::aead::aes_gcm_siv_parameters
tink::aead::key_gen_config_v0
tink::aead::xchacha20_poly1305_key
tink::aead::xchacha20_poly1305_parameters
gmock
absl::status
tink::core::aead
tink::core::insecure_secret_key_access
tink::core::key
tink::core::key_status
tink::core::keyset_handle
tink::core::keyset_handle_builder
tink::core::parameters
tink::core::partial_key_access
tink::core::registry
tink::core::restricted_data
tink::config::global_registry
tink::config::tink_fips
tink::internal::fips_utils
tink::internal::legacy_proto_key
tink::internal::mutable_serialization_registry
tink::internal::proto_key_serialization
tink::internal::proto_parameters_serialization
tink::internal::serialization
tink::subtle::random
tink::util::statusor
tink::util::test_matchers
tink::proto::aes_eax_cc_proto
tink::proto::aes_gcm_cc_proto
tink::proto::aes_gcm_siv_cc_proto
tink::proto::tink_cc_proto
tink::proto::xchacha20_poly1305_cc_proto
)
tink_cc_test(
NAME aead_factory_test
SRCS
aead_factory_test.cc
DEPS
tink::aead::aead_config
tink::aead::aead_factory
tink::aead::aes_gcm_key_manager
gmock
absl::status
absl::strings
tink::core::aead
tink::core::crypto_format
tink::core::keyset_handle
tink::internal::key_info
tink::util::status
tink::util::statusor
tink::util::test_keyset_handle
tink::util::test_util
tink::proto::aes_gcm_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME aead_key_templates_test
SRCS
aead_key_templates_test.cc
DEPS
tink::aead::aead_config
tink::aead::aead_key_templates
tink::aead::aes_ctr_hmac_aead_key_manager
tink::aead::aes_eax_key_manager
tink::aead::aes_gcm_key_manager
tink::aead::aes_gcm_siv_key_manager
tink::aead::kms_envelope_aead_key_manager
tink::aead::xchacha20_poly1305_key_manager
gmock
absl::status
absl::statusor
tink::core::aead
tink::core::key_manager_impl
tink::core::key_manager
tink::core::keyset_handle
tink::config::global_registry
tink::subtle::aead_test_util
tink::util::fake_kms_client
tink::util::status
tink::util::test_matchers
tink::proto::aes_ctr_cc_proto
tink::proto::aes_ctr_hmac_aead_cc_proto
tink::proto::aes_eax_cc_proto
tink::proto::aes_gcm_cc_proto
tink::proto::aes_gcm_siv_cc_proto
tink::proto::common_cc_proto
tink::proto::hmac_cc_proto
tink::proto::kms_envelope_cc_proto
tink::proto::tink_cc_proto
tink::proto::xchacha20_poly1305_cc_proto
)
tink_cc_test(
NAME aes_eax_key_manager_test
SRCS
aes_eax_key_manager_test.cc
DEPS
tink::aead::aes_eax_key_manager
gmock
tink::core::aead
tink::subtle::aead_test_util
tink::subtle::aes_eax_boringssl
tink::util::secret_data
tink::util::status
tink::util::statusor
tink::util::test_matchers
tink::proto::aes_eax_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME aes_gcm_key_manager_test
SRCS
aes_gcm_key_manager_test.cc
DEPS
tink::aead::aes_gcm_key_manager
tink::aead::cord_aead
gmock
absl::memory
absl::status
tink::core::aead
tink::aead::internal::cord_aes_gcm_boringssl
tink::subtle::aead_test_util
tink::subtle::aes_gcm_boringssl
tink::util::istream_input_stream
tink::util::secret_data
tink::util::status
tink::util::statusor
tink::util::test_matchers
tink::proto::aes_gcm_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME aes_gcm_siv_key_manager_test
SRCS
aes_gcm_siv_key_manager_test.cc
DEPS
tink::aead::aes_gcm_siv_key_manager
gmock
absl::status
tink::core::aead
tink::internal::ssl_util
tink::subtle::aead_test_util
tink::subtle::aes_gcm_siv_boringssl
tink::util::secret_data
tink::util::status
tink::util::statusor
tink::util::test_matchers
tink::proto::aes_gcm_siv_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME aes_ctr_hmac_aead_key_manager_test
SRCS
aes_ctr_hmac_aead_key_manager_test.cc
DEPS
tink::aead::aes_ctr_hmac_aead_key_manager
gmock
absl::memory
absl::status
tink::core::aead
tink::subtle::subtle
tink::subtle::aead_test_util
tink::subtle::aes_ctr_boringssl
tink::util::enums
tink::util::istream_input_stream
tink::util::secret_data
tink::util::status
tink::util::statusor
tink::util::test_matchers
tink::proto::aes_ctr_cc_proto
tink::proto::aes_ctr_hmac_aead_cc_proto
tink::proto::common_cc_proto
tink::proto::hmac_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME xchacha20_poly1305_key_manager_test
SRCS
xchacha20_poly1305_key_manager_test.cc
DEPS
tink::aead::xchacha20_poly1305_key_manager
gmock
absl::memory
absl::status
tink::core::aead
tink::internal::ssl_util
tink::subtle::aead_test_util
tink::subtle::xchacha20_poly1305_boringssl
tink::util::istream_input_stream
tink::util::secret_data
tink::util::status
tink::util::statusor
tink::util::test_matchers
tink::proto::tink_cc_proto
tink::proto::xchacha20_poly1305_cc_proto
)
tink_cc_test(
NAME kms_aead_key_manager_test
SRCS
kms_aead_key_manager_test.cc
DEPS
tink::aead::kms_aead_key_manager
gmock
absl::memory
absl::status
tink::core::aead
tink::core::kms_client
tink::core::kms_clients
tink::subtle::aead_test_util
tink::util::status
tink::util::statusor
tink::util::test_matchers
tink::util::test_util
tink::proto::kms_aead_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME kms_envelope_aead_test
SRCS
kms_envelope_aead_test.cc
DEPS
tink::aead::aead_config
tink::aead::aead_key_templates
tink::aead::kms_envelope_aead
gmock
absl::endian
absl::memory
absl::status
absl::strings
tink::core::aead
tink::core::keyset_handle
tink::core::registry
tink::config::global_registry
tink::internal::ssl_util
tink::mac::mac_key_templates
tink::util::fake_kms_client
tink::util::status
tink::util::statusor
tink::util::test_matchers
tink::util::test_util
tink::proto::aes_gcm_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME kms_envelope_aead_key_manager_test
SRCS
kms_envelope_aead_key_manager_test.cc
DEPS
tink::aead::aead_config
tink::aead::aead_key_templates
tink::aead::aes_eax_key_manager
tink::aead::kms_envelope_aead
tink::aead::kms_envelope_aead_key_manager
gmock
absl::memory
absl::status
tink::core::aead
tink::core::keyset_handle
tink::core::kms_client
tink::core::kms_clients
tink::core::registry
tink::config::global_registry
tink::mac::mac_key_templates
tink::subtle::aead_test_util
tink::util::fake_kms_client
tink::util::status
tink::util::statusor
tink::util::test_matchers
tink::util::test_util
tink::proto::kms_envelope_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME cord_aead_wrapper_test
SRCS
cord_aead_wrapper_test.cc
DEPS
tink::aead::cord_aead
tink::aead::cord_aead_wrapper
gmock
absl::memory
absl::status
absl::strings
absl::cord
tink::core::primitive_set
tink::util::status
tink::util::test_matchers
tink::util::test_util
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME failing_aead_test
SRCS
failing_aead_test.cc
DEPS
tink::aead::failing_aead
gmock
absl::status
tink::core::aead
tink::util::test_matchers
)
tink_cc_test(
NAME aes_gcm_parameters_test
SRCS
aes_gcm_parameters_test.cc
DEPS
tink::aead::aes_gcm_parameters
gmock
absl::status
tink::util::statusor
tink::util::test_matchers
)
tink_cc_test(
NAME aes_gcm_key_test
SRCS
aes_gcm_key_test.cc
DEPS
tink::aead::aes_gcm_key
tink::aead::aes_gcm_parameters
gmock
absl::status
absl::optional
tink::core::partial_key_access
tink::core::restricted_data
tink::util::statusor
tink::util::test_matchers
)
tink_cc_test(
NAME aes_gcm_proto_serialization_test
SRCS
aes_gcm_proto_serialization_test.cc
DEPS
tink::aead::aes_gcm_key
tink::aead::aes_gcm_parameters
tink::aead::aes_gcm_proto_serialization
gmock
absl::status
absl::optional
tink::core::insecure_secret_key_access
tink::core::key
tink::core::parameters
tink::core::partial_key_access
tink::core::restricted_data
tink::internal::mutable_serialization_registry
tink::internal::proto_key_serialization
tink::internal::proto_parameters_serialization
tink::internal::serialization
tink::subtle::random
tink::util::statusor
tink::util::test_matchers
tink::proto::aes_gcm_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME aes_gcm_siv_parameters_test
SRCS
aes_gcm_siv_parameters_test.cc
DEPS
tink::aead::aes_gcm_siv_parameters
gmock
absl::status
tink::util::statusor
tink::util::test_matchers
)
tink_cc_test(
NAME aes_gcm_siv_key_test
SRCS
aes_gcm_siv_key_test.cc
DEPS
tink::aead::aes_gcm_siv_key
tink::aead::aes_gcm_siv_parameters
gmock
absl::status
absl::optional
tink::core::partial_key_access
tink::core::restricted_data
tink::util::statusor
tink::util::test_matchers
)
tink_cc_test(
NAME aes_gcm_siv_proto_serialization_test
SRCS
aes_gcm_siv_proto_serialization_test.cc
DEPS
tink::aead::aes_gcm_siv_key
tink::aead::aes_gcm_siv_parameters
tink::aead::aes_gcm_siv_proto_serialization
gmock
absl::status
absl::optional
tink::core::insecure_secret_key_access
tink::core::key
tink::core::parameters
tink::core::partial_key_access
tink::core::restricted_data
tink::internal::mutable_serialization_registry
tink::internal::proto_key_serialization
tink::internal::proto_parameters_serialization
tink::internal::serialization
tink::subtle::random
tink::util::statusor
tink::util::test_matchers
tink::proto::aes_gcm_siv_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME config_v0_test
SRCS
config_v0_test.cc
DEPS
tink::aead::aead_key_templates
tink::aead::config_v0
tink::aead::key_gen_config_v0
gmock
tink::core::aead
tink::core::keyset_handle
tink::internal::ssl_util
tink::util::statusor
tink::util::test_matchers
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME aes_eax_parameters_test
SRCS
aes_eax_parameters_test.cc
DEPS
tink::aead::aes_eax_parameters
gmock
absl::status
tink::util::statusor
tink::util::test_matchers
)
tink_cc_test(
NAME aes_eax_key_test
SRCS
aes_eax_key_test.cc
DEPS
tink::aead::aes_eax_key
tink::aead::aes_eax_parameters
gmock
absl::status
absl::optional
tink::core::partial_key_access
tink::core::restricted_data
tink::util::statusor
tink::util::test_matchers
)
tink_cc_test(
NAME aes_eax_proto_serialization_test
SRCS
aes_eax_proto_serialization_test.cc
DEPS
tink::aead::aes_eax_key
tink::aead::aes_eax_parameters
tink::aead::aes_eax_proto_serialization
gmock
absl::status
absl::string_view
absl::optional
tink::core::insecure_secret_key_access
tink::core::key
tink::core::parameters
tink::core::partial_key_access
tink::core::restricted_data
tink::internal::mutable_serialization_registry
tink::internal::proto_key_serialization
tink::internal::proto_parameters_serialization
tink::internal::serialization
tink::subtle::random
tink::util::statusor
tink::util::test_matchers
tink::proto::aes_eax_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME xchacha20_poly1305_parameters_test
SRCS
xchacha20_poly1305_parameters_test.cc
DEPS
tink::aead::xchacha20_poly1305_parameters
gmock
absl::status
tink::util::statusor
tink::util::test_matchers
)
tink_cc_test(
NAME xchacha20_poly1305_key_test
SRCS
xchacha20_poly1305_key_test.cc
DEPS
tink::aead::xchacha20_poly1305_key
tink::aead::xchacha20_poly1305_parameters
gmock
absl::status
absl::optional
tink::core::partial_key_access
tink::core::restricted_data
tink::util::statusor
tink::util::test_matchers
)
tink_cc_test(
NAME xchacha20_poly1305_proto_serialization_test
SRCS
xchacha20_poly1305_proto_serialization_test.cc
DEPS
tink::aead::xchacha20_poly1305_key
tink::aead::xchacha20_poly1305_parameters
tink::aead::xchacha20_poly1305_proto_serialization
gmock
absl::status
absl::string_view
absl::optional
tink::core::insecure_secret_key_access
tink::core::key
tink::core::parameters
tink::core::partial_key_access
tink::core::restricted_data
tink::internal::mutable_serialization_registry
tink::internal::proto_key_serialization
tink::internal::proto_parameters_serialization
tink::internal::serialization
tink::subtle::random
tink::util::statusor
tink::util::test_matchers
tink::proto::tink_cc_proto
tink::proto::xchacha20_poly1305_cc_proto
)
tink_cc_test(
NAME chacha20_poly1305_parameters_test
SRCS
chacha20_poly1305_parameters_test.cc
DEPS
tink::aead::chacha20_poly1305_parameters
gmock
absl::status
tink::util::statusor
tink::util::test_matchers
)
tink_cc_test(
NAME chacha20_poly1305_key_test
SRCS
chacha20_poly1305_key_test.cc
DEPS
tink::aead::chacha20_poly1305_key
tink::aead::chacha20_poly1305_parameters
gmock
absl::status
absl::optional
tink::core::partial_key_access
tink::core::restricted_data
tink::util::statusor
tink::util::test_matchers
)
tink_cc_test(
NAME chacha20_poly1305_proto_serialization_test
SRCS
chacha20_poly1305_proto_serialization_test.cc
DEPS
tink::aead::chacha20_poly1305_key
tink::aead::chacha20_poly1305_parameters
tink::aead::chacha20_poly1305_proto_serialization
gmock
absl::status
absl::string_view
absl::optional
tink::core::insecure_secret_key_access
tink::core::key
tink::core::parameters
tink::core::partial_key_access
tink::core::restricted_data
tink::internal::mutable_serialization_registry
tink::internal::proto_key_serialization
tink::internal::proto_parameters_serialization
tink::internal::serialization
tink::subtle::random
tink::util::statusor
tink::util::test_matchers
tink::proto::chacha20_poly1305_cc_proto
tink::proto::tink_cc_proto
)
tink_cc_test(
NAME aes_ctr_hmac_aead_parameters_test
SRCS
aes_ctr_hmac_aead_parameters_test.cc
DEPS
tink::aead::aes_ctr_hmac_aead_parameters
gmock
absl::status
tink::util::statusor
tink::util::test_matchers
)
tink_cc_test(
NAME aes_ctr_hmac_aead_key_test
SRCS
aes_ctr_hmac_aead_key_test.cc
DEPS
tink::aead::aes_ctr_hmac_aead_key
tink::aead::aes_ctr_hmac_aead_parameters
gmock
absl::status
absl::optional
tink::core::partial_key_access
tink::core::restricted_data
tink::util::statusor
tink::util::test_matchers
)
tink_cc_test(
NAME aes_ctr_hmac_aead_proto_serialization_test
SRCS
aes_ctr_hmac_aead_proto_serialization_test.cc
DEPS
tink::aead::aes_ctr_hmac_aead_key
tink::aead::aes_ctr_hmac_aead_parameters
tink::aead::aes_ctr_hmac_aead_proto_serialization
gmock
absl::status
absl::string_view
absl::optional
tink::core::insecure_secret_key_access
tink::core::key
tink::core::parameters
tink::core::partial_key_access
tink::core::restricted_data
tink::internal::mutable_serialization_registry
tink::internal::proto_key_serialization
tink::internal::proto_parameters_serialization
tink::internal::serialization
tink::subtle::random
tink::util::statusor
tink::util::test_matchers
tink::proto::aes_ctr_cc_proto
tink::proto::aes_ctr_hmac_aead_cc_proto
tink::proto::common_cc_proto
tink::proto::hmac_cc_proto
tink::proto::tink_cc_proto
)
================================================
FILE: cc/aead/aead_config.cc
================================================
// Copyright 2017 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////
#include "tink/aead/aead_config.h"
#include "absl/memory/memory.h"
#include "absl/status/status.h"
#include "tink/aead/aead_wrapper.h"
#include "tink/aead/aes_ctr_hmac_aead_key_manager.h"
#include "tink/aead/aes_ctr_hmac_aead_proto_serialization.h"
#include "tink/aead/aes_eax_key_manager.h"
#include "tink/aead/aes_eax_proto_serialization.h"
#include "tink/aead/aes_gcm_key_manager.h"
#include "tink/aead/aes_gcm_proto_serialization.h"
#include "tink/aead/aes_gcm_siv_key_manager.h"
#include "tink/aead/aes_gcm_siv_proto_serialization.h"
#include "tink/aead/kms_aead_key_manager.h"
#include "tink/aead/kms_envelope_aead_key_manager.h"
#include "tink/aead/xchacha20_poly1305_key_manager.h"
#include "tink/aead/xchacha20_poly1305_proto_serialization.h"
#include "tink/config/tink_fips.h"
#include "tink/mac/mac_config.h"
#include "tink/registry.h"
#include "tink/util/status.h"
#include "proto/config.pb.h"
namespace crypto {
namespace tink {
// static
util::Status AeadConfig::Register() {
auto status = MacConfig::Register();
if (!status.ok()) {
return status;
}
// Register primitive wrapper.
status = Registry::RegisterPrimitiveWrapper(absl::make_unique());
if (!status.ok()) {
return status;
}
// Register key managers which utilize the FIPS validated BoringCrypto
// implementations.
status = Registry::RegisterKeyTypeManager(
absl::make_unique(), true);
if (!status.ok()) {
return status;
}
status = Registry::RegisterKeyTypeManager(
absl::make_unique(), true);
if (!status.ok()) {
return status;
}
status = RegisterAesCtrHmacAeadProtoSerialization();
if (!status.ok()) {
return status;
}
status = RegisterAesGcmProtoSerialization();
if (!status.ok()) {
return status;
}
if (IsFipsModeEnabled()) {
return util::OkStatus();
}
// Register all the other key managers.
status = Registry::RegisterKeyTypeManager(
absl::make_unique(), true);
if (!status.ok()) {
return status;
}
status = Registry::RegisterKeyTypeManager(
absl::make_unique(), true);
if (!status.ok()) {
return status;
}
status = Registry::RegisterKeyTypeManager(
absl::make_unique(), true);
if (!status.ok()) {
return status;
}
status = Registry::RegisterKeyTypeManager(
absl::make_unique(), true);
if (!status.ok()) {
return status;
}
status = Registry::RegisterKeyTypeManager(
absl::make_unique(), true);
if (!status.ok()) {
return status;
}
status = RegisterAesGcmSivProtoSerialization();
if (!status.ok()) {
return status;
}
status = RegisterAesEaxProtoSerialization();
if (!status.ok()) {
return status;
}
status = RegisterXChaCha20Poly1305ProtoSerialization();
if (!status.ok()) {
return status;
}
return util::OkStatus();
}
} // namespace tink
} // namespace crypto
================================================
FILE: cc/aead/aead_config.h
================================================
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////
#ifndef TINK_AEAD_AEAD_CONFIG_H_
#define TINK_AEAD_AEAD_CONFIG_H_
#include "absl/base/attributes.h"
#include "tink/util/status.h"
#include "proto/config.pb.h"
namespace crypto {
namespace tink {
///////////////////////////////////////////////////////////////////////////////
// Static methods and constants for registering with the Registry
// all instances of Aead key types supported in a particular release of Tink.
//
// To register all Aead key types from the current Tink release one can do:
//
// auto status = AeadConfig::Register();
//
class AeadConfig {
public:
// Registers Aead primitive wrapper and key managers for all Aead key types
// from the current Tink release.
static crypto::tink::util::Status Register();
private:
AeadConfig() {}
};
} // namespace tink
} // namespace crypto
#endif // TINK_AEAD_AEAD_CONFIG_H_
================================================
FILE: cc/aead/aead_config_test.cc
================================================
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#include "tink/aead/aead_config.h"
#include
#include
#include "gmock/gmock.h"
#include "gtest/gtest.h"
#include "absl/status/status.h"
#include "tink/aead.h"
#include "tink/aead/aead_key_templates.h"
#include "tink/aead/aes_ctr_hmac_aead_key.h"
#include "tink/aead/aes_ctr_hmac_aead_parameters.h"
#include "tink/aead/aes_eax_key.h"
#include "tink/aead/aes_eax_parameters.h"
#include "tink/aead/aes_gcm_key.h"
#include "tink/aead/aes_gcm_key_manager.h"
#include "tink/aead/aes_gcm_parameters.h"
#include "tink/aead/aes_gcm_siv_key.h"
#include "tink/aead/aes_gcm_siv_parameters.h"
#include "tink/aead/key_gen_config_v0.h"
#include "tink/aead/xchacha20_poly1305_key.h"
#include "tink/aead/xchacha20_poly1305_parameters.h"
#include "tink/config/global_registry.h"
#include "tink/config/tink_fips.h"
#include "tink/insecure_secret_key_access.h"
#include "tink/internal/fips_utils.h"
#include "tink/internal/legacy_proto_key.h"
#include "tink/internal/mutable_serialization_registry.h"
#include "tink/internal/proto_key_serialization.h"
#include "tink/internal/proto_parameters_serialization.h"
#include "tink/internal/serialization.h"
#include "tink/key.h"
#include "tink/key_status.h"
#include "tink/keyset_handle.h"
#include "tink/keyset_handle_builder.h"
#include "tink/parameters.h"
#include "tink/partial_key_access.h"
#include "tink/registry.h"
#include "tink/restricted_data.h"
#include "tink/subtle/random.h"
#include "tink/util/statusor.h"
#include "tink/util/test_matchers.h"
#include "proto/aes_eax.pb.h"
#include "proto/aes_gcm.pb.h"
#include "proto/aes_gcm_siv.pb.h"
#include "proto/tink.pb.h"
#include "proto/xchacha20_poly1305.pb.h"
namespace crypto {
namespace tink {
namespace {
using ::crypto::tink::test::IsOk;
using ::crypto::tink::test::StatusIs;
using ::crypto::tink::util::StatusOr;
using ::google::crypto::tink::KeyData;
using ::google::crypto::tink::KeyTemplate;
using ::google::crypto::tink::OutputPrefixType;
using ::testing::HasSubstr;
using ::testing::IsNull;
using ::testing::Not;
using ::testing::Test;
class AeadConfigTest : public Test {
protected:
void SetUp() override {
Registry::Reset();
internal::MutableSerializationRegistry::GlobalInstance().Reset();
}
};
TEST_F(AeadConfigTest, RegisterWorks) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Not supported in FIPS-only mode";
}
EXPECT_THAT(Registry::get_key_manager(AesGcmKeyManager().get_key_type())
.status(),
StatusIs(absl::StatusCode::kNotFound));
EXPECT_THAT(AeadConfig::Register(), IsOk());
EXPECT_THAT(Registry::get_key_manager(AesGcmKeyManager().get_key_type())
.status(),
IsOk());
}
// Tests that the AeadWrapper has been properly registered and we can wrap
// primitives.
TEST_F(AeadConfigTest, WrappersRegistered) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Not supported in FIPS-only mode";
}
ASSERT_THAT(AeadConfig::Register(), IsOk());
StatusOr> keyset_handle =
KeysetHandle::GenerateNew(AeadKeyTemplates::Aes128Gcm(),
KeyGenConfigGlobalRegistry());
ASSERT_THAT(keyset_handle.status(), IsOk());
StatusOr> aead =
(*keyset_handle)
->GetPrimitive(ConfigGlobalRegistry());
ASSERT_THAT(aead.status(), IsOk());
ASSERT_THAT(*aead, Not(IsNull()));
}
// FIPS-only mode tests
TEST_F(AeadConfigTest, RegisterNonFipsTemplates) {
if (!IsFipsModeEnabled() || !internal::IsFipsEnabledInSsl()) {
GTEST_SKIP() << "Only supported in FIPS-only mode with BoringCrypto.";
}
ASSERT_THAT(AeadConfig::Register(), IsOk());
std::list non_fips_key_templates = {
AeadKeyTemplates::Aes128Eax(), AeadKeyTemplates::Aes256Eax(),
AeadKeyTemplates::Aes128GcmSiv(), AeadKeyTemplates::Aes256GcmSiv(),
AeadKeyTemplates::XChaCha20Poly1305(),
};
for (auto key_template : non_fips_key_templates) {
auto new_keyset_handle_result =
KeysetHandle::GenerateNew(key_template, KeyGenConfigGlobalRegistry());
EXPECT_THAT(new_keyset_handle_result.status(),
StatusIs(absl::StatusCode::kNotFound));
}
}
TEST_F(AeadConfigTest, RegisterFipsValidTemplates) {
if (!IsFipsModeEnabled() || !internal::IsFipsEnabledInSsl()) {
GTEST_SKIP() << "Only supported in FIPS-only mode with BoringCrypto.";
}
EXPECT_THAT(AeadConfig::Register(), IsOk());
std::list fips_key_templates = {
AeadKeyTemplates::Aes128Gcm(),
AeadKeyTemplates::Aes256Gcm(),
AeadKeyTemplates::Aes128CtrHmacSha256(),
AeadKeyTemplates::Aes256CtrHmacSha256(),
};
for (auto key_template : fips_key_templates) {
auto new_keyset_handle_result =
KeysetHandle::GenerateNew(key_template, KeyGenConfigGlobalRegistry());
EXPECT_THAT(new_keyset_handle_result, IsOk());
}
}
TEST_F(AeadConfigTest, RegisterFailsIfBoringCryptoNotAvailable) {
if (!IsFipsModeEnabled() || internal::IsFipsEnabledInSsl()) {
GTEST_SKIP()
<< "Only supported in FIPS-only mode with BoringCrypto not available.";
}
EXPECT_THAT(Registry::get_key_manager(AesGcmKeyManager().get_key_type())
.status(),
StatusIs(absl::StatusCode::kNotFound));
EXPECT_THAT(AeadConfig::Register(), StatusIs(absl::StatusCode::kInternal));
}
TEST_F(AeadConfigTest, AesGcmProtoParamsSerializationRegistered) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Not supported in FIPS-only mode";
}
util::StatusOr
proto_params_serialization =
internal::ProtoParametersSerialization::Create(
AeadKeyTemplates::Aes256Gcm());
ASSERT_THAT(proto_params_serialization, IsOk());
util::StatusOr> parsed_params =
internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
*proto_params_serialization);
ASSERT_THAT(parsed_params.status(), StatusIs(absl::StatusCode::kNotFound));
util::StatusOr params =
AesGcmParameters::Builder()
.SetVariant(AesGcmParameters::Variant::kTink)
.SetKeySizeInBytes(32)
.SetIvSizeInBytes(12)
.SetTagSizeInBytes(16)
.Build();
ASSERT_THAT(params, IsOk());
util::StatusOr> serialized_params =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeParameters(*params);
ASSERT_THAT(serialized_params.status(),
StatusIs(absl::StatusCode::kNotFound));
ASSERT_THAT(AeadConfig::Register(), IsOk());
util::StatusOr> parsed_params2 =
internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
*proto_params_serialization);
ASSERT_THAT(parsed_params2, IsOk());
util::StatusOr> serialized_params2 =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeParameters(*params);
ASSERT_THAT(serialized_params2, IsOk());
}
TEST_F(AeadConfigTest, AesGcmProtoKeySerializationRegistered) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Not supported in FIPS-only mode";
}
google::crypto::tink::AesGcmKey key_proto;
key_proto.set_version(0);
key_proto.set_key_value(subtle::Random::GetRandomBytes(32));
util::StatusOr proto_key_serialization =
internal::ProtoKeySerialization::Create(
"type.googleapis.com/google.crypto.tink.AesGcmKey",
RestrictedData(key_proto.SerializeAsString(),
InsecureSecretKeyAccess::Get()),
KeyData::SYMMETRIC, OutputPrefixType::TINK, /*id_requirement=*/123);
ASSERT_THAT(proto_key_serialization, IsOk());
util::StatusOr> parsed_key =
internal::MutableSerializationRegistry::GlobalInstance().ParseKey(
*proto_key_serialization, InsecureSecretKeyAccess::Get());
ASSERT_THAT(parsed_key.status(), StatusIs(absl::StatusCode::kNotFound));
util::StatusOr params =
AesGcmParameters::Builder()
.SetVariant(AesGcmParameters::Variant::kTink)
.SetKeySizeInBytes(32)
.SetIvSizeInBytes(12)
.SetTagSizeInBytes(16)
.Build();
ASSERT_THAT(params, IsOk());
util::StatusOr key =
AesGcmKey::Create(*params,
RestrictedData(subtle::Random::GetRandomBytes(32),
InsecureSecretKeyAccess::Get()),
/*id_requirement=*/123, GetPartialKeyAccess());
ASSERT_THAT(key, IsOk());
util::StatusOr> serialized_key =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeKey(
*key, InsecureSecretKeyAccess::Get());
ASSERT_THAT(serialized_key.status(), StatusIs(absl::StatusCode::kNotFound));
ASSERT_THAT(AeadConfig::Register(), IsOk());
util::StatusOr> parsed_key2 =
internal::MutableSerializationRegistry::GlobalInstance().ParseKey(
*proto_key_serialization, InsecureSecretKeyAccess::Get());
ASSERT_THAT(parsed_key2, IsOk());
util::StatusOr> serialized_key2 =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeKey(
*key, InsecureSecretKeyAccess::Get());
ASSERT_THAT(serialized_key2, IsOk());
}
TEST_F(AeadConfigTest, AesGcmSivProtoParamsSerializationRegistered) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Not supported in FIPS-only mode";
}
util::StatusOr
proto_params_serialization =
internal::ProtoParametersSerialization::Create(
AeadKeyTemplates::Aes256GcmSiv());
ASSERT_THAT(proto_params_serialization, IsOk());
util::StatusOr> parsed_params =
internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
*proto_params_serialization);
ASSERT_THAT(parsed_params.status(), StatusIs(absl::StatusCode::kNotFound));
util::StatusOr params = AesGcmSivParameters::Create(
/*key_size_in_bytes=*/32, AesGcmSivParameters::Variant::kTink);
ASSERT_THAT(params, IsOk());
util::StatusOr> serialized_params =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeParameters(*params);
ASSERT_THAT(serialized_params.status(),
StatusIs(absl::StatusCode::kNotFound));
ASSERT_THAT(AeadConfig::Register(), IsOk());
util::StatusOr> parsed_params2 =
internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
*proto_params_serialization);
ASSERT_THAT(parsed_params2, IsOk());
util::StatusOr> serialized_params2 =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeParameters(*params);
ASSERT_THAT(serialized_params2, IsOk());
}
TEST_F(AeadConfigTest, AesGcmSivProtoKeySerializationRegistered) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Not supported in FIPS-only mode";
}
google::crypto::tink::AesGcmSivKey key_proto;
key_proto.set_version(0);
key_proto.set_key_value(subtle::Random::GetRandomBytes(32));
util::StatusOr proto_key_serialization =
internal::ProtoKeySerialization::Create(
"type.googleapis.com/google.crypto.tink.AesGcmSivKey",
RestrictedData(key_proto.SerializeAsString(),
InsecureSecretKeyAccess::Get()),
KeyData::SYMMETRIC, OutputPrefixType::TINK, /*id_requirement=*/123);
ASSERT_THAT(proto_key_serialization, IsOk());
util::StatusOr> parsed_key =
internal::MutableSerializationRegistry::GlobalInstance().ParseKey(
*proto_key_serialization, InsecureSecretKeyAccess::Get());
ASSERT_THAT(parsed_key.status(), StatusIs(absl::StatusCode::kNotFound));
util::StatusOr params = AesGcmSivParameters::Create(
/*key_size_in_bytes=*/32, AesGcmSivParameters::Variant::kTink);
ASSERT_THAT(params, IsOk());
util::StatusOr key =
AesGcmSivKey::Create(*params,
RestrictedData(subtle::Random::GetRandomBytes(32),
InsecureSecretKeyAccess::Get()),
/*id_requirement=*/123, GetPartialKeyAccess());
ASSERT_THAT(key, IsOk());
util::StatusOr> serialized_key =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeKey(
*key, InsecureSecretKeyAccess::Get());
ASSERT_THAT(serialized_key.status(), StatusIs(absl::StatusCode::kNotFound));
ASSERT_THAT(AeadConfig::Register(), IsOk());
util::StatusOr> parsed_key2 =
internal::MutableSerializationRegistry::GlobalInstance().ParseKey(
*proto_key_serialization, InsecureSecretKeyAccess::Get());
ASSERT_THAT(parsed_key2, IsOk());
util::StatusOr> serialized_key2 =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeKey(
*key, InsecureSecretKeyAccess::Get());
ASSERT_THAT(serialized_key2, IsOk());
}
TEST_F(AeadConfigTest, AesEaxProtoParamsSerializationRegistered) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Not supported in FIPS-only mode";
}
util::StatusOr
proto_params_serialization =
internal::ProtoParametersSerialization::Create(
AeadKeyTemplates::Aes256Eax());
ASSERT_THAT(proto_params_serialization, IsOk());
util::StatusOr> parsed_params =
internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
*proto_params_serialization);
ASSERT_THAT(parsed_params.status(), StatusIs(absl::StatusCode::kNotFound));
util::StatusOr params =
AesEaxParameters::Builder()
.SetVariant(AesEaxParameters::Variant::kTink)
.SetKeySizeInBytes(32)
.SetIvSizeInBytes(16)
.SetTagSizeInBytes(16)
.Build();
ASSERT_THAT(params, IsOk());
util::StatusOr> serialized_params =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeParameters(*params);
ASSERT_THAT(serialized_params.status(),
StatusIs(absl::StatusCode::kNotFound));
ASSERT_THAT(AeadConfig::Register(), IsOk());
util::StatusOr> parsed_params2 =
internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
*proto_params_serialization);
ASSERT_THAT(parsed_params2, IsOk());
util::StatusOr> serialized_params2 =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeParameters(*params);
ASSERT_THAT(serialized_params2, IsOk());
}
TEST_F(AeadConfigTest, AesEaxProtoKeySerializationRegistered) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Not supported in FIPS-only mode";
}
google::crypto::tink::AesEaxKey key_proto;
key_proto.set_version(0);
key_proto.mutable_params()->set_iv_size(16);
key_proto.set_key_value(subtle::Random::GetRandomBytes(32));
util::StatusOr proto_key_serialization =
internal::ProtoKeySerialization::Create(
"type.googleapis.com/google.crypto.tink.AesEaxKey",
RestrictedData(key_proto.SerializeAsString(),
InsecureSecretKeyAccess::Get()),
KeyData::SYMMETRIC, OutputPrefixType::TINK, /*id_requirement=*/123);
ASSERT_THAT(proto_key_serialization, IsOk());
util::StatusOr> parsed_key =
internal::MutableSerializationRegistry::GlobalInstance().ParseKey(
*proto_key_serialization, InsecureSecretKeyAccess::Get());
ASSERT_THAT(parsed_key.status(), StatusIs(absl::StatusCode::kNotFound));
util::StatusOr params =
AesEaxParameters::Builder()
.SetVariant(AesEaxParameters::Variant::kTink)
.SetKeySizeInBytes(32)
.SetIvSizeInBytes(16)
.SetTagSizeInBytes(16)
.Build();
ASSERT_THAT(params, IsOk());
util::StatusOr key =
AesEaxKey::Create(*params,
RestrictedData(subtle::Random::GetRandomBytes(32),
InsecureSecretKeyAccess::Get()),
/*id_requirement=*/123, GetPartialKeyAccess());
ASSERT_THAT(key, IsOk());
util::StatusOr> serialized_key =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeKey(
*key, InsecureSecretKeyAccess::Get());
ASSERT_THAT(serialized_key.status(), StatusIs(absl::StatusCode::kNotFound));
ASSERT_THAT(AeadConfig::Register(), IsOk());
util::StatusOr> parsed_key2 =
internal::MutableSerializationRegistry::GlobalInstance().ParseKey(
*proto_key_serialization, InsecureSecretKeyAccess::Get());
ASSERT_THAT(parsed_key2, IsOk());
util::StatusOr> serialized_key2 =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeKey(
*key, InsecureSecretKeyAccess::Get());
ASSERT_THAT(serialized_key2, IsOk());
}
TEST_F(AeadConfigTest, XChaCha20Poly1305ProtoParamsSerializationRegistered) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Not supported in FIPS-only mode";
}
// TODO: b/325507124 - Rewrite tests using parameters proto format API.
util::StatusOr
proto_params_serialization =
internal::ProtoParametersSerialization::Create(
AeadKeyTemplates::XChaCha20Poly1305());
ASSERT_THAT(proto_params_serialization, IsOk());
util::StatusOr> parsed_params =
internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
*proto_params_serialization);
ASSERT_THAT(parsed_params.status(), StatusIs(absl::StatusCode::kNotFound));
util::StatusOr params =
XChaCha20Poly1305Parameters::Create(
XChaCha20Poly1305Parameters::Variant::kTink);
ASSERT_THAT(params, IsOk());
util::StatusOr> serialized_params =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeParameters(*params);
ASSERT_THAT(serialized_params.status(),
StatusIs(absl::StatusCode::kNotFound));
ASSERT_THAT(AeadConfig::Register(), IsOk());
util::StatusOr> parsed_params2 =
internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
*proto_params_serialization);
ASSERT_THAT(parsed_params2, IsOk());
util::StatusOr> serialized_params2 =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeParameters(*params);
ASSERT_THAT(serialized_params2, IsOk());
}
TEST_F(AeadConfigTest, XChaCha20Poly1305ProtoKeySerializationRegistered) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Not supported in FIPS-only mode";
}
util::StatusOr> handle =
KeysetHandle::GenerateNew(AeadKeyTemplates::XChaCha20Poly1305(),
KeyGenConfigAeadV0());
ASSERT_THAT(handle, IsOk());
// Fails to parse this key type, so falls back to legacy proto key.
const internal::LegacyProtoKey* legacy_proto_key_from_handle =
reinterpret_cast(
(*handle)->GetPrimary().GetKey().get());
EXPECT_THAT(legacy_proto_key_from_handle, Not(IsNull()));
util::StatusOr key = XChaCha20Poly1305Key::Create(
XChaCha20Poly1305Parameters::Variant::kTink,
RestrictedData(subtle::Random::GetRandomBytes(32),
InsecureSecretKeyAccess::Get()),
/*id_requirement=*/123, GetPartialKeyAccess());
ASSERT_THAT(key, IsOk());
// Fails to serialize this key type.
EXPECT_THAT(KeysetHandleBuilder()
.AddEntry(KeysetHandleBuilder::Entry::CreateFromCopyableKey(
*key, KeyStatus::kEnabled, /*is_primary=*/true))
.Build()
.status(),
StatusIs(absl::StatusCode::kInvalidArgument,
HasSubstr("Failed to serialize")));
ASSERT_THAT(AeadConfig::Register(), IsOk());
const XChaCha20Poly1305Key* key_from_handle =
reinterpret_cast(
(*handle)->GetPrimary().GetKey().get());
EXPECT_THAT(key_from_handle, Not(IsNull()));
EXPECT_THAT(KeysetHandleBuilder()
.AddEntry(KeysetHandleBuilder::Entry::CreateFromCopyableKey(
*key, KeyStatus::kEnabled, /*is_primary=*/true))
.Build(),
IsOk());
}
TEST_F(AeadConfigTest, AesCtrHmacAeadProtoParamsSerializationRegistered) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Not supported in FIPS-only mode";
}
// TODO: b/325507124 - Rewrite tests using parameters proto format API.
util::StatusOr
proto_params_serialization =
internal::ProtoParametersSerialization::Create(
AeadKeyTemplates::Aes256CtrHmacSha256());
ASSERT_THAT(proto_params_serialization, IsOk());
util::StatusOr> parsed_params =
internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
*proto_params_serialization);
ASSERT_THAT(parsed_params.status(), StatusIs(absl::StatusCode::kNotFound));
util::StatusOr params =
AesCtrHmacAeadParameters::Builder()
.SetAesKeySizeInBytes(32)
.SetHmacKeySizeInBytes(32)
.SetIvSizeInBytes(16)
.SetTagSizeInBytes(16)
.SetVariant(AesCtrHmacAeadParameters::Variant::kTink)
.SetHashType(AesCtrHmacAeadParameters::HashType::kSha256)
.Build();
ASSERT_THAT(params, IsOk());
util::StatusOr> serialized_params =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeParameters(*params);
ASSERT_THAT(serialized_params.status(),
StatusIs(absl::StatusCode::kNotFound));
ASSERT_THAT(AeadConfig::Register(), IsOk());
util::StatusOr> parsed_params2 =
internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
*proto_params_serialization);
ASSERT_THAT(parsed_params2, IsOk());
util::StatusOr> serialized_params2 =
internal::MutableSerializationRegistry::GlobalInstance()
.SerializeParameters(*params);
ASSERT_THAT(serialized_params2, IsOk());
}
TEST_F(AeadConfigTest, AesCtrHmacAeadProtoKeySerializationRegistered) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Not supported in FIPS-only mode";
}
util::StatusOr> handle =
KeysetHandle::GenerateNew(AeadKeyTemplates::Aes256CtrHmacSha256(),
KeyGenConfigAeadV0());
ASSERT_THAT(handle, IsOk());
// Failed to parse this key type, so fell back to legacy proto key.
EXPECT_THAT(dynamic_cast(
(*handle)->GetPrimary().GetKey().get()),
Not(IsNull()));
util::StatusOr params =
AesCtrHmacAeadParameters::Builder()
.SetAesKeySizeInBytes(32)
.SetHmacKeySizeInBytes(32)
.SetIvSizeInBytes(16)
.SetTagSizeInBytes(16)
.SetVariant(AesCtrHmacAeadParameters::Variant::kTink)
.SetHashType(AesCtrHmacAeadParameters::HashType::kSha256)
.Build();
ASSERT_THAT(params, IsOk());
util::StatusOr key =
AesCtrHmacAeadKey::Builder()
.SetParameters(*params)
.SetAesKeyBytes(RestrictedData(subtle::Random::GetRandomBytes(32),
InsecureSecretKeyAccess::Get()))
.SetHmacKeyBytes(RestrictedData(subtle::Random::GetRandomBytes(32),
InsecureSecretKeyAccess::Get()))
.SetIdRequirement(123)
.Build(GetPartialKeyAccess());
ASSERT_THAT(key, IsOk());
// Fails to serialize this key type.
EXPECT_THAT(KeysetHandleBuilder()
.AddEntry(KeysetHandleBuilder::Entry::CreateFromCopyableKey(
*key, KeyStatus::kEnabled, /*is_primary=*/true))
.Build()
.status(),
StatusIs(absl::StatusCode::kInvalidArgument,
HasSubstr("Failed to serialize")));
ASSERT_THAT(AeadConfig::Register(), IsOk());
util::StatusOr> handle2 =
KeysetHandle::GenerateNew(AeadKeyTemplates::Aes256CtrHmacSha256(),
KeyGenConfigAeadV0());
ASSERT_THAT(handle2, IsOk());
// Parsing now creates the right key type.
EXPECT_THAT(dynamic_cast(
(*handle2)->GetPrimary().GetKey().get()),
Not(IsNull()));
EXPECT_THAT(KeysetHandleBuilder()
.AddEntry(KeysetHandleBuilder::Entry::CreateFromCopyableKey(
*key, KeyStatus::kEnabled, /*is_primary=*/true))
.Build(),
IsOk());
}
} // namespace
} // namespace tink
} // namespace crypto
================================================
FILE: cc/aead/aead_factory.cc
================================================
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////
#include "tink/aead/aead_factory.h"
#include
#include "absl/memory/memory.h"
#include "tink/aead.h"
#include "tink/aead/aead_wrapper.h"
#include "tink/key_manager.h"
#include "tink/keyset_handle.h"
#include "tink/registry.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
namespace crypto {
namespace tink {
// NOLINTBEGIN(whitespace/line_length) (Formatted when commented in)
// TINK-PENDING-REMOVAL-IN-3.0.0-START
// static
util::StatusOr> AeadFactory::GetPrimitive(
const KeysetHandle& keyset_handle) {
util::Status status =
Registry::RegisterPrimitiveWrapper(absl::make_unique());
if (!status.ok()) {
return status;
}
return keyset_handle.GetPrimitive(ConfigGlobalRegistry());
}
// static
util::StatusOr> AeadFactory::GetPrimitive(
const KeysetHandle& keyset_handle,
const KeyManager* custom_key_manager) {
util::Status status =
Registry::RegisterPrimitiveWrapper(absl::make_unique());
if (!status.ok()) {
return status;
}
return keyset_handle.GetPrimitive(custom_key_manager);
}
// TINK-PENDING-REMOVAL-IN-3.0.0-END
// NOLINTEND(whitespace/line_length)
} // namespace tink
} // namespace crypto
================================================
FILE: cc/aead/aead_factory.h
================================================
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////
#ifndef TINK_AEAD_AEAD_FACTORY_H_
#define TINK_AEAD_AEAD_FACTORY_H_
#include
#include "absl/base/attributes.h"
#include "tink/aead.h"
#include "tink/key_manager.h"
#include "tink/keyset_handle.h"
#include "tink/util/statusor.h"
namespace crypto {
namespace tink {
///////////////////////////////////////////////////////////////////////////////
// This class is deprecated. Call keyset_handle->GetPrimitive() instead.
//
// Note that in order to for this change to be safe, the AeadSetWrapper has to
// be registered in your binary before this call. This happens automatically if
// you call one of
// * AeadConfig::Register()
// * HybridConfig::Register()
// * TinkConfig::Register()
// NOLINTBEGIN(whitespace/line_length) (Formatted when commented in)
// TINK-PENDING-REMOVAL-IN-3.0.0-START
class ABSL_DEPRECATED(
"Call GetPrimitive() on the keyset_handle after registering the "
"AeadWrapper instead.") AeadFactory {
public:
// Returns an Aead-primitive that uses key material from the keyset
// specified via 'keyset_handle'.
static crypto::tink::util::StatusOr> GetPrimitive(
const KeysetHandle& keyset_handle);
// Returns an Aead-primitive that uses key material from the keyset
// specified via 'keyset_handle' and is instantiated by the given
// 'custom_key_manager' (instead of the key manager from the Registry).
static crypto::tink::util::StatusOr> GetPrimitive(
const KeysetHandle& keyset_handle,
const KeyManager* custom_key_manager);
private:
AeadFactory() {}
};
// TINK-PENDING-REMOVAL-IN-3.0.0-END
// NOLINTEND(whitespace/line_length)
} // namespace tink
} // namespace crypto
#endif // TINK_AEAD_AEAD_FACTORY_H_
================================================
FILE: cc/aead/aead_factory_test.cc
================================================
// Copyright 2017 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#include "tink/aead/aead_factory.h"
#include
#include
#include
#include
#include "gtest/gtest.h"
#include "absl/status/status.h"
#include "absl/strings/string_view.h"
#include "tink/aead.h"
#include "tink/aead/aead_config.h"
#include "tink/aead/aes_gcm_key_manager.h"
#include "tink/crypto_format.h"
#include "tink/internal/key_info.h"
#include "tink/keyset_handle.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
#include "tink/util/test_keyset_handle.h"
#include "tink/util/test_util.h"
#include "proto/aes_gcm.pb.h"
#include "proto/tink.pb.h"
namespace crypto {
namespace tink {
namespace {
// NOLINTBEGIN(whitespace/line_length) (Formatted when commented in)
// TINK-PENDING-REMOVAL-IN-3.0.0-START
using crypto::tink::test::AddRawKey;
using crypto::tink::test::AddTinkKey;
using google::crypto::tink::AesGcmKey;
using google::crypto::tink::AesGcmKeyFormat;
using google::crypto::tink::KeyData;
using google::crypto::tink::Keyset;
using google::crypto::tink::KeyStatusType;
class AeadFactoryTest : public ::testing::Test {
};
TEST_F(AeadFactoryTest, testBasic) {
Keyset keyset;
auto aead_result =
AeadFactory::GetPrimitive(*TestKeysetHandle::GetKeysetHandle(keyset));
EXPECT_FALSE(aead_result.ok());
EXPECT_EQ(absl::StatusCode::kInvalidArgument, aead_result.status().code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "at least one key",
std::string(aead_result.status().message()));
}
TEST_F(AeadFactoryTest, testPrimitive) {
// Prepare a template for generating keys for a Keyset.
std::string key_type = AesGcmKeyManager().get_key_type();
AesGcmKeyFormat key_format;
key_format.set_key_size(16);
// Prepare a Keyset.
Keyset keyset;
uint32_t key_id_1 = 1234543;
AesGcmKey new_key = AesGcmKeyManager().CreateKey(key_format).value();
AddTinkKey(key_type, key_id_1, new_key, KeyStatusType::ENABLED,
KeyData::SYMMETRIC, &keyset);
uint32_t key_id_2 = 726329;
new_key = AesGcmKeyManager().CreateKey(key_format).value();
AddRawKey(key_type, key_id_2, new_key, KeyStatusType::ENABLED,
KeyData::SYMMETRIC, &keyset);
uint32_t key_id_3 = 7213743;
new_key = AesGcmKeyManager().CreateKey(key_format).value();
AddTinkKey(key_type, key_id_3, new_key, KeyStatusType::ENABLED,
KeyData::SYMMETRIC, &keyset);
keyset.set_primary_key_id(key_id_3);
// Initialize the registry.
ASSERT_TRUE(AeadConfig::Register().ok());;
// Create a KeysetHandle and use it with the factory.
auto aead_result =
AeadFactory::GetPrimitive(*TestKeysetHandle::GetKeysetHandle(keyset));
EXPECT_TRUE(aead_result.ok()) << aead_result.status();
auto aead = std::move(aead_result.value());
// Test the resulting Aead-instance.
std::string plaintext = "some_plaintext";
std::string aad = "some_aad";
auto encrypt_result = aead->Encrypt(plaintext, aad);
EXPECT_TRUE(encrypt_result.ok()) << encrypt_result.status();
std::string ciphertext = encrypt_result.value();
std::string prefix =
CryptoFormat::GetOutputPrefix(KeyInfoFromKey(keyset.key(2))).value();
EXPECT_PRED_FORMAT2(testing::IsSubstring, prefix, ciphertext);
auto decrypt_result = aead->Decrypt(ciphertext, aad);
EXPECT_TRUE(decrypt_result.ok()) << decrypt_result.status();
EXPECT_EQ(plaintext, decrypt_result.value());
decrypt_result = aead->Decrypt("some bad ciphertext", aad);
EXPECT_FALSE(decrypt_result.ok());
EXPECT_EQ(absl::StatusCode::kInvalidArgument,
decrypt_result.status().code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "decryption failed",
std::string(decrypt_result.status().message()));
// Create raw ciphertext with 2nd key, and decrypt with Aead-instance.
AesGcmKey raw_key;
EXPECT_TRUE(raw_key.ParseFromString(keyset.key(1).key_data().value()));
auto raw_aead =
std::move(AesGcmKeyManager().GetPrimitive(raw_key).value());
std::string raw_ciphertext = raw_aead->Encrypt(plaintext, aad).value();
decrypt_result = aead->Decrypt(ciphertext, aad);
EXPECT_TRUE(decrypt_result.ok()) << decrypt_result.status();
EXPECT_EQ(plaintext, decrypt_result.value());
}
// TINK-PENDING-REMOVAL-IN-3.0.0-END
// NOLINTEND(whitespace/line_length)
} // namespace
} // namespace tink
} // namespace crypto
================================================
FILE: cc/aead/aead_key.h
================================================
// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#ifndef TINK_AEAD_AEAD_KEY_H_
#define TINK_AEAD_AEAD_KEY_H_
#include "absl/strings/string_view.h"
#include "tink/aead/aead_parameters.h"
#include "tink/key.h"
namespace crypto {
namespace tink {
// Represents a function to encrypt and decrypt data using authenticated
// encryption with associated data (AEAD).
class AeadKey : public Key {
public:
// Returns the bytes prefixed to every ciphertext generated by this key.
//
// In order to make key rotation more efficient, Tink allows every AEAD key to
// have an associated ciphertext output prefix. When decrypting a ciphertext,
// only keys with a matching prefix have to be tried.
//
// See https://developers.google.com/tink/wire-format#tink_output_prefix for
// more background information on Tink output prefixes.
virtual absl::string_view GetOutputPrefix() const = 0;
const AeadParameters& GetParameters() const override = 0;
bool operator==(const Key& other) const override = 0;
};
} // namespace tink
} // namespace crypto
#endif // TINK_AEAD_AEAD_KEY_H_
================================================
FILE: cc/aead/aead_key_templates.cc
================================================
// Copyright 2018 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////
#include "tink/aead/aead_key_templates.h"
#include
#include "absl/strings/string_view.h"
#include "proto/aes_ctr.pb.h"
#include "proto/aes_ctr_hmac_aead.pb.h"
#include "proto/aes_eax.pb.h"
#include "proto/aes_gcm.pb.h"
#include "proto/aes_gcm_siv.pb.h"
#include "proto/common.pb.h"
#include "proto/hmac.pb.h"
#include "proto/kms_envelope.pb.h"
#include "proto/tink.pb.h"
using google::crypto::tink::AesCtrHmacAeadKeyFormat;
using google::crypto::tink::AesEaxKeyFormat;
using google::crypto::tink::AesGcmKeyFormat;
using google::crypto::tink::AesGcmSivKeyFormat;
using google::crypto::tink::HashType;
using google::crypto::tink::KeyTemplate;
using google::crypto::tink::KmsEnvelopeAeadKeyFormat;
using google::crypto::tink::OutputPrefixType;
namespace crypto {
namespace tink {
namespace {
KeyTemplate* NewAesEaxKeyTemplate(int key_size_in_bytes, int iv_size_in_bytes) {
KeyTemplate* key_template = new KeyTemplate;
key_template->set_type_url(
"type.googleapis.com/google.crypto.tink.AesEaxKey");
key_template->set_output_prefix_type(OutputPrefixType::TINK);
AesEaxKeyFormat key_format;
key_format.set_key_size(key_size_in_bytes);
key_format.mutable_params()->set_iv_size(iv_size_in_bytes);
key_format.SerializeToString(key_template->mutable_value());
return key_template;
}
KeyTemplate* NewAesGcmKeyTemplate(int key_size_in_bytes,
OutputPrefixType output_prefix_type) {
KeyTemplate* key_template = new KeyTemplate;
key_template->set_type_url(
"type.googleapis.com/google.crypto.tink.AesGcmKey");
key_template->set_output_prefix_type(output_prefix_type);
AesGcmKeyFormat key_format;
key_format.set_key_size(key_size_in_bytes);
key_format.SerializeToString(key_template->mutable_value());
return key_template;
}
KeyTemplate* NewAesGcmSivKeyTemplate(int key_size_in_bytes) {
KeyTemplate* key_template = new KeyTemplate;
key_template->set_type_url(
"type.googleapis.com/google.crypto.tink.AesGcmSivKey");
key_template->set_output_prefix_type(OutputPrefixType::TINK);
AesGcmSivKeyFormat key_format;
key_format.set_key_size(key_size_in_bytes);
key_format.SerializeToString(key_template->mutable_value());
return key_template;
}
KeyTemplate* NewAesCtrHmacAeadKeyTemplate(int aes_key_size_in_bytes,
int iv_size_in_bytes,
int hmac_key_size_in_bytes,
int tag_size_in_bytes,
HashType hash_type) {
KeyTemplate* key_template = new KeyTemplate;
key_template->set_type_url(
"type.googleapis.com/google.crypto.tink.AesCtrHmacAeadKey");
key_template->set_output_prefix_type(OutputPrefixType::TINK);
AesCtrHmacAeadKeyFormat key_format;
auto aes_ctr_key_format = key_format.mutable_aes_ctr_key_format();
aes_ctr_key_format->set_key_size(aes_key_size_in_bytes);
aes_ctr_key_format->mutable_params()->set_iv_size(iv_size_in_bytes);
auto hmac_key_format = key_format.mutable_hmac_key_format();
hmac_key_format->set_key_size(hmac_key_size_in_bytes);
hmac_key_format->mutable_params()->set_hash(hash_type);
hmac_key_format->mutable_params()->set_tag_size(tag_size_in_bytes);
key_format.SerializeToString(key_template->mutable_value());
return key_template;
}
KeyTemplate* NewXChaCha20Poly1305KeyTemplate() {
KeyTemplate* key_template = new KeyTemplate;
key_template->set_type_url(
"type.googleapis.com/google.crypto.tink.XChaCha20Poly1305Key");
key_template->set_output_prefix_type(OutputPrefixType::TINK);
return key_template;
}
} // anonymous namespace
// static
const KeyTemplate& AeadKeyTemplates::Aes128Eax() {
static const KeyTemplate* key_template =
NewAesEaxKeyTemplate(/* key_size_in_bytes= */ 16,
/* iv_size_in_bytes= */ 16);
return *key_template;
}
// static
const KeyTemplate& AeadKeyTemplates::Aes256Eax() {
static const KeyTemplate* key_template =
NewAesEaxKeyTemplate(/* key_size_in_bytes= */ 32,
/* iv_size_in_bytes= */ 16);
return *key_template;
}
// static
const KeyTemplate& AeadKeyTemplates::Aes128Gcm() {
static const KeyTemplate* key_template =
NewAesGcmKeyTemplate(/* key_size_in_bytes= */ 16, OutputPrefixType::TINK);
return *key_template;
}
// static
const KeyTemplate& AeadKeyTemplates::Aes128GcmNoPrefix() {
static const KeyTemplate* key_template =
NewAesGcmKeyTemplate(/* key_size_in_bytes= */ 16, OutputPrefixType::RAW);
return *key_template;
}
// static
const KeyTemplate& AeadKeyTemplates::Aes256Gcm() {
static const KeyTemplate* key_template =
NewAesGcmKeyTemplate(/* key_size_in_bytes= */ 32, OutputPrefixType::TINK);
return *key_template;
}
// static
const KeyTemplate& AeadKeyTemplates::Aes256GcmNoPrefix() {
static const KeyTemplate* key_template =
NewAesGcmKeyTemplate(/* key_size_in_bytes= */ 32, OutputPrefixType::RAW);
return *key_template;
}
// static
const KeyTemplate& AeadKeyTemplates::Aes128GcmSiv() {
static const KeyTemplate* key_template =
NewAesGcmSivKeyTemplate(/* key_size_in_bytes= */ 16);
return *key_template;
}
// static
const KeyTemplate& AeadKeyTemplates::Aes256GcmSiv() {
static const KeyTemplate* key_template =
NewAesGcmSivKeyTemplate(/* key_size_in_bytes= */ 32);
return *key_template;
}
// static
const KeyTemplate& AeadKeyTemplates::Aes128CtrHmacSha256() {
static const KeyTemplate* key_template = NewAesCtrHmacAeadKeyTemplate(
/* aes_key_size_in_bytes= */ 16,
/* iv_size_in_bytes= */ 16,
/* hmac_key_size_in_bytes= */ 32,
/* tag_size_in_bytes= */ 16, HashType::SHA256);
return *key_template;
}
// static
const KeyTemplate& AeadKeyTemplates::Aes256CtrHmacSha256() {
static const KeyTemplate* key_template = NewAesCtrHmacAeadKeyTemplate(
/* aes_key_size_in_bytes= */ 32,
/* iv_size_in_bytes= */ 16,
/* hmac_key_size_in_bytes= */ 32,
/* tag_size_in_bytes= */ 32, HashType::SHA256);
return *key_template;
}
// static
const KeyTemplate& AeadKeyTemplates::XChaCha20Poly1305() {
static const KeyTemplate* key_template = NewXChaCha20Poly1305KeyTemplate();
return *key_template;
}
// static
KeyTemplate AeadKeyTemplates::KmsEnvelopeAead(absl::string_view kek_uri,
const KeyTemplate& dek_template) {
KeyTemplate key_template;
key_template.set_type_url(
"type.googleapis.com/google.crypto.tink.KmsEnvelopeAeadKey");
key_template.set_output_prefix_type(OutputPrefixType::RAW);
KmsEnvelopeAeadKeyFormat key_format;
key_format.set_kek_uri(std::string(kek_uri));
key_format.mutable_dek_template()->MergeFrom(dek_template);
key_format.SerializeToString(key_template.mutable_value());
return key_template;
}
} // namespace tink
} // namespace crypto
================================================
FILE: cc/aead/aead_key_templates.h
================================================
// Copyright 2018 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////
#ifndef TINK_AEAD_AEAD_KEY_TEMPLATES_H_
#define TINK_AEAD_AEAD_KEY_TEMPLATES_H_
#include "absl/base/attributes.h"
#include "absl/strings/string_view.h"
#include "proto/tink.pb.h"
namespace crypto {
namespace tink {
///////////////////////////////////////////////////////////////////////////////
// Pre-generated KeyTemplate for Aead key types. One can use these templates
// to generate new KeysetHandle object with fresh keys.
// To generate a new keyset that contains a single AesGcmKey, one can do:
//
// auto status = AeadConfig::Register();
// if (!status.ok()) { /* fail with error */ }
// auto handle_result =
// KeysetHandle::GenerateNew(AeadKeyTemplates::Aes128Gcm());
// if (!handle_result.ok()) { /* fail with error */ }
// auto keyset_handle = std::move(handle_result.value());
class AeadKeyTemplates {
public:
// Returns a KeyTemplate that generates new instances of AesEaxKey
// with the following parameters:
// - key size: 16 bytes
// - IV size: 16 bytes
// - tag size: 16 bytes
// - OutputPrefixType: TINK
static const google::crypto::tink::KeyTemplate& Aes128Eax();
// Returns a KeyTemplate that generates new instances of AesEaxKey
// with the following parameters:
// - key size: 32 bytes
// - IV size: 16 bytes
// - tag size: 16 bytes
// - OutputPrefixType: TINK
static const google::crypto::tink::KeyTemplate& Aes256Eax();
// Returns a KeyTemplate that generates new instances of AesGcmKey
// with the following parameters:
// - key size: 16 bytes
// - IV size: 12 bytes
// - tag size: 16 bytes
// - OutputPrefixType: TINK
static const google::crypto::tink::KeyTemplate& Aes128Gcm();
// Returns a KeyTemplate that generates new instances of AesGcmKey
// with the following parameters:
// - key size: 16 bytes
// - IV size: 12 bytes
// - tag size: 16 bytes
// - OutputPrefixType: RAW
static const google::crypto::tink::KeyTemplate& Aes128GcmNoPrefix();
// Returns a KeyTemplate that generates new instances of AesGcmKey
// with the following parameters:
// - key size: 32 bytes
// - IV size: 12 bytes
// - tag size: 16 bytes
// - OutputPrefixType: TINK
static const google::crypto::tink::KeyTemplate& Aes256Gcm();
// Returns a KeyTemplate that generates new instances of AesGcmKey
// with the following parameters:
// - key size: 32 bytes
// - IV size: 12 bytes
// - tag size: 16 bytes
// - OutputPrefixType: RAW
static const google::crypto::tink::KeyTemplate& Aes256GcmNoPrefix();
// Returns a KeyTemplate that generates new instances of AesGcmSivKey
// with the following parameters:
// - key size: 16 bytes
// - IV size: 12 bytes
// - tag size: 16 bytes
// - OutputPrefixType: TINK
static const google::crypto::tink::KeyTemplate& Aes128GcmSiv();
// Returns a KeyTemplate that generates new instances of AesGcmSivKey
// with the following parameters:
// - key size: 32 bytes
// - IV size: 12 bytes
// - tag size: 16 bytes
// - OutputPrefixType: TINK
static const google::crypto::tink::KeyTemplate& Aes256GcmSiv();
// Returns a KeyTemplate that generates new instances of AesCtrHmacAeadKey
// with the following parameters:
// - AES key size: 16 bytes
// - AES IV size: 16 bytes
// - HMAC key size: 32 bytes
// - HMAC tag size: 16 bytes
// - HMAC hash function: SHA256
// - OutputPrefixType: TINK
static const google::crypto::tink::KeyTemplate& Aes128CtrHmacSha256();
// Returns a KeyTemplate that generates new instances of AesCtrHmacAeadKey
// with the following parameters:
// - AES key size: 32 bytes
// - AES IV size: 16 bytes
// - HMAC key size: 32 bytes
// - HMAC tag size: 32 bytes
// - HMAC hash function: SHA256
// - OutputPrefixType: TINK
static const google::crypto::tink::KeyTemplate& Aes256CtrHmacSha256();
// Returns a KeyTemplate that generates new instances of XChaCha20Poly1305Key
// with the following parameters:
// - XChacha20 key size: 32 bytes
// - IV size: 24 bytes
// - OutputPrefixType: TINK
static const google::crypto::tink::KeyTemplate& XChaCha20Poly1305();
// Returns a KeyTemplate that generates new instances of KmsEnvelopeAeadKey
// with the following parameters:
// - KEK is pointing to kek_uri
// - DEK template is dek_template
// - OutputPrefixType: RAW. This uses RAW output prefix to make it
// compatible with the remote KMS' encrypt/decrypt operations. Unlike other
// templates, when you generate new keys with this template, Tink does not
// generate new key material, but only creates a reference to the remote
// KEK.
ABSL_DEPRECATED(
"AeadKeyTemplates::KmsEnvelopeAead is deprecated. Instead, get the remote"
"AEAD with KmsClient::GetAead, and then create the envelope AEAD using "
"KmsEnvelopeAead::New without registering the KmsClient object.")
static google::crypto::tink::KeyTemplate KmsEnvelopeAead(
absl::string_view kek_uri,
const google::crypto::tink::KeyTemplate& dek_template);
};
} // namespace tink
} // namespace crypto
#endif // TINK_AEAD_AEAD_KEY_TEMPLATES_H_
================================================
FILE: cc/aead/aead_key_templates_test.cc
================================================
// Copyright 2018 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#include "tink/aead/aead_key_templates.h"
#include
#include
#include
#include "gmock/gmock.h"
#include "gtest/gtest.h"
#include "absl/status/status.h"
#include "absl/status/statusor.h"
#include "tink/aead.h"
#include "tink/aead/aead_config.h"
#include "tink/aead/aes_ctr_hmac_aead_key_manager.h"
#include "tink/aead/aes_eax_key_manager.h"
#include "tink/aead/aes_gcm_key_manager.h"
#include "tink/aead/aes_gcm_siv_key_manager.h"
#include "tink/aead/kms_envelope_aead_key_manager.h"
#include "tink/aead/xchacha20_poly1305_key_manager.h"
#include "tink/config/global_registry.h"
#include "tink/core/key_manager_impl.h"
#include "tink/key_manager.h"
#include "tink/keyset_handle.h"
#include "tink/subtle/aead_test_util.h"
#include "tink/util/fake_kms_client.h"
#include "tink/util/status.h"
#include "tink/util/test_matchers.h"
#include "proto/aes_ctr.pb.h"
#include "proto/aes_ctr_hmac_aead.pb.h"
#include "proto/aes_eax.pb.h"
#include "proto/aes_gcm.pb.h"
#include "proto/aes_gcm_siv.pb.h"
#include "proto/common.pb.h"
#include "proto/hmac.pb.h"
#include "proto/kms_envelope.pb.h"
#include "proto/tink.pb.h"
#include "proto/xchacha20_poly1305.pb.h"
using google::crypto::tink::AesCtrHmacAeadKeyFormat;
using google::crypto::tink::AesEaxKeyFormat;
using google::crypto::tink::AesGcmKeyFormat;
using google::crypto::tink::AesGcmSivKeyFormat;
using google::crypto::tink::HashType;
using google::crypto::tink::KeyTemplate;
using google::crypto::tink::KmsEnvelopeAeadKeyFormat;
using google::crypto::tink::OutputPrefixType;
namespace crypto {
namespace tink {
namespace {
using ::crypto::tink::test::IsOk;
using ::testing::Eq;
using ::testing::Ref;
TEST(AeadKeyTemplatesTest, testAesEaxKeyTemplates) {
std::string type_url = "type.googleapis.com/google.crypto.tink.AesEaxKey";
{ // Test Aes128Eax().
// Check that returned template is correct.
const KeyTemplate& key_template = AeadKeyTemplates::Aes128Eax();
EXPECT_EQ(type_url, key_template.type_url());
EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
AesEaxKeyFormat key_format;
EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
EXPECT_EQ(16, key_format.key_size());
EXPECT_EQ(16, key_format.params().iv_size());
// Check that reference to the same object is returned.
const KeyTemplate& key_template_2 = AeadKeyTemplates::Aes128Eax();
EXPECT_EQ(&key_template, &key_template_2);
// Check that the template works with the key manager.
AesEaxKeyManager key_type_manager;
auto key_manager = internal::MakeKeyManager(&key_type_manager);
EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
auto new_key_result =
key_manager->get_key_factory().NewKey(key_template.value());
EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
}
{ // Test Aes256Eax().
// Check that returned template is correct.
const KeyTemplate& key_template = AeadKeyTemplates::Aes256Eax();
EXPECT_EQ(type_url, key_template.type_url());
EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
AesEaxKeyFormat key_format;
EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
EXPECT_EQ(32, key_format.key_size());
EXPECT_EQ(16, key_format.params().iv_size());
// Check that reference to the same object is returned.
const KeyTemplate& key_template_2 = AeadKeyTemplates::Aes256Eax();
EXPECT_EQ(&key_template, &key_template_2);
// Check that the template works with the key manager.
AesEaxKeyManager key_type_manager;
auto key_manager = internal::MakeKeyManager(&key_type_manager);
EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
auto new_key_result =
key_manager->get_key_factory().NewKey(key_template.value());
EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
}
}
TEST(Aes128GcmNoPrefix, Basics) {
EXPECT_THAT(AeadKeyTemplates::Aes128GcmNoPrefix().type_url(),
Eq("type.googleapis.com/google.crypto.tink.AesGcmKey"));
EXPECT_THAT(AeadKeyTemplates::Aes128GcmNoPrefix().type_url(),
Eq(AesGcmKeyManager().get_key_type()));
}
TEST(Aes128GcmNoPrefix, OutputPrefixType) {
EXPECT_THAT(AeadKeyTemplates::Aes128GcmNoPrefix().output_prefix_type(),
Eq(OutputPrefixType::RAW));
}
TEST(Aes128GcmNoPrefix, MultipleCallsSameReference) {
EXPECT_THAT(AeadKeyTemplates::Aes128GcmNoPrefix(),
Ref(AeadKeyTemplates::Aes128GcmNoPrefix()));
}
TEST(Aes128GcmNoPrefix, WorksWithKeyTypeManager) {
const KeyTemplate& key_template = AeadKeyTemplates::Aes128GcmNoPrefix();
AesGcmKeyFormat key_format;
EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
EXPECT_THAT(AesGcmKeyManager().ValidateKeyFormat(key_format), IsOk());
}
TEST(Aes128GcmNoPrefix, CheckValues) {
const KeyTemplate& key_template = AeadKeyTemplates::Aes128GcmNoPrefix();
AesGcmKeyFormat key_format;
EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
EXPECT_THAT(key_format.key_size(), Eq(16));
}
TEST(Aes256GcmNoPrefix, Basics) {
EXPECT_THAT(AeadKeyTemplates::Aes256GcmNoPrefix().type_url(),
Eq("type.googleapis.com/google.crypto.tink.AesGcmKey"));
EXPECT_THAT(AeadKeyTemplates::Aes256GcmNoPrefix().type_url(),
Eq(AesGcmKeyManager().get_key_type()));
}
TEST(Aes256GcmNoPrefix, OutputPrefixType) {
EXPECT_THAT(AeadKeyTemplates::Aes256GcmNoPrefix().output_prefix_type(),
Eq(OutputPrefixType::RAW));
}
TEST(Aes256GcmNoPrefix, MultipleCallsSameReference) {
EXPECT_THAT(AeadKeyTemplates::Aes256GcmNoPrefix(),
Ref(AeadKeyTemplates::Aes256GcmNoPrefix()));
}
TEST(Aes256GcmNoPrefix, WorksWithKeyTypeManager) {
const KeyTemplate& key_template = AeadKeyTemplates::Aes256GcmNoPrefix();
AesGcmKeyFormat key_format;
EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
EXPECT_THAT(AesGcmKeyManager().ValidateKeyFormat(key_format), IsOk());
}
TEST(Aes256GcmNoPrefix, CheckValues) {
const KeyTemplate& key_template = AeadKeyTemplates::Aes256GcmNoPrefix();
AesGcmKeyFormat key_format;
EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
EXPECT_THAT(key_format.key_size(), Eq(32));
}
TEST(Aes256Gcm, Basics) {
EXPECT_THAT(AeadKeyTemplates::Aes256Gcm().type_url(),
Eq("type.googleapis.com/google.crypto.tink.AesGcmKey"));
EXPECT_THAT(AeadKeyTemplates::Aes256Gcm().type_url(),
Eq(AesGcmKeyManager().get_key_type()));
}
TEST(Aes256Gcm, OutputPrefixType) {
EXPECT_THAT(AeadKeyTemplates::Aes256Gcm().output_prefix_type(),
Eq(OutputPrefixType::TINK));
}
TEST(Aes256Gcm, MultipleCallsSameReference) {
EXPECT_THAT(AeadKeyTemplates::Aes256Gcm(),
Ref(AeadKeyTemplates::Aes256Gcm()));
}
TEST(Aes256Gcm, WorksWithKeyTypeManager) {
const KeyTemplate& key_template = AeadKeyTemplates::Aes256Gcm();
AesGcmKeyFormat key_format;
EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
EXPECT_THAT(AesGcmKeyManager().ValidateKeyFormat(key_format), IsOk());
}
TEST(Aes256Gcm, CheckValues) {
const KeyTemplate& key_template = AeadKeyTemplates::Aes256Gcm();
AesGcmKeyFormat key_format;
EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
EXPECT_THAT(key_format.key_size(), Eq(32));
}
TEST(Aes128Gcm, Basics) {
EXPECT_THAT(AeadKeyTemplates::Aes128Gcm().type_url(),
Eq("type.googleapis.com/google.crypto.tink.AesGcmKey"));
EXPECT_THAT(AeadKeyTemplates::Aes128Gcm().type_url(),
Eq(AesGcmKeyManager().get_key_type()));
}
TEST(Aes128Gcm, OutputPrefixType) {
EXPECT_THAT(AeadKeyTemplates::Aes128Gcm().output_prefix_type(),
Eq(OutputPrefixType::TINK));
}
TEST(Aes128Gcm, MultipleCallsSameReference) {
EXPECT_THAT(AeadKeyTemplates::Aes128Gcm(),
Ref(AeadKeyTemplates::Aes128Gcm()));
}
TEST(Aes128Gcm, WorksWithKeyTypeManager) {
const KeyTemplate& key_template = AeadKeyTemplates::Aes128Gcm();
AesGcmKeyFormat key_format;
EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
EXPECT_THAT(AesGcmKeyManager().ValidateKeyFormat(key_format), IsOk());
}
TEST(Aes128Gcm, CheckValues) {
const KeyTemplate& key_template = AeadKeyTemplates::Aes128Gcm();
AesGcmKeyFormat key_format;
EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
EXPECT_THAT(key_format.key_size(), Eq(16));
}
TEST(AeadKeyTemplatesTest, testAesGcmSivKeyTemplates) {
std::string type_url = "type.googleapis.com/google.crypto.tink.AesGcmSivKey";
{ // Test Aes128GcmSiv().
// Check that returned template is correct.
const KeyTemplate& key_template = AeadKeyTemplates::Aes128GcmSiv();
EXPECT_EQ(type_url, key_template.type_url());
EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
AesGcmSivKeyFormat key_format;
EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
EXPECT_EQ(16, key_format.key_size());
// Check that reference to the same object is returned.
const KeyTemplate& key_template_2 = AeadKeyTemplates::Aes128GcmSiv();
EXPECT_EQ(&key_template, &key_template_2);
// Check that the template works with the key manager.
AesGcmSivKeyManager key_type_manager;
auto key_manager = internal::MakeKeyManager(&key_type_manager);
EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
auto new_key_result =
key_manager->get_key_factory().NewKey(key_template.value());
EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
}
{ // Test Aes256GcmSiv().
// Check that returned template is correct.
const KeyTemplate& key_template = AeadKeyTemplates::Aes256GcmSiv();
EXPECT_EQ(type_url, key_template.type_url());
EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
AesGcmSivKeyFormat key_format;
EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
EXPECT_EQ(32, key_format.key_size());
// Check that reference to the same object is returned.
const KeyTemplate& key_template_2 = AeadKeyTemplates::Aes256GcmSiv();
EXPECT_EQ(&key_template, &key_template_2);
// Check that the template works with the key manager.
AesGcmSivKeyManager key_type_manager;
auto key_manager = internal::MakeKeyManager(&key_type_manager);
EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
auto new_key_result =
key_manager->get_key_factory().NewKey(key_template.value());
EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
}
}
TEST(AeadKeyTemplatesTest, testAesCtrHmacAeadKeyTemplates) {
std::string type_url =
"type.googleapis.com/google.crypto.tink.AesCtrHmacAeadKey";
{ // Test Aes128CtrHmacSha256().
// Check that returned template is correct.
const KeyTemplate& key_template = AeadKeyTemplates::Aes128CtrHmacSha256();
EXPECT_EQ(type_url, key_template.type_url());
EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
AesCtrHmacAeadKeyFormat key_format;
EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
EXPECT_EQ(16, key_format.aes_ctr_key_format().key_size());
EXPECT_EQ(16, key_format.aes_ctr_key_format().params().iv_size());
EXPECT_EQ(32, key_format.hmac_key_format().key_size());
EXPECT_EQ(16, key_format.hmac_key_format().params().tag_size());
EXPECT_EQ(HashType::SHA256, key_format.hmac_key_format().params().hash());
// Check that reference to the same object is returned.
const KeyTemplate& key_template_2 = AeadKeyTemplates::Aes128CtrHmacSha256();
EXPECT_EQ(&key_template, &key_template_2);
// Check that the template works with the key manager.
AesCtrHmacAeadKeyManager key_type_manager;
auto key_manager = internal::MakeKeyManager(&key_type_manager);
EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
auto new_key_result =
key_manager->get_key_factory().NewKey(key_template.value());
EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
}
{ // Test Aes256CtrHmacSha256().
// Check that returned template is correct.
const KeyTemplate& key_template = AeadKeyTemplates::Aes256CtrHmacSha256();
EXPECT_EQ(type_url, key_template.type_url());
EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
AesCtrHmacAeadKeyFormat key_format;
EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
EXPECT_EQ(32, key_format.aes_ctr_key_format().key_size());
EXPECT_EQ(16, key_format.aes_ctr_key_format().params().iv_size());
EXPECT_EQ(32, key_format.hmac_key_format().key_size());
EXPECT_EQ(32, key_format.hmac_key_format().params().tag_size());
EXPECT_EQ(HashType::SHA256, key_format.hmac_key_format().params().hash());
// Check that reference to the same object is returned.
const KeyTemplate& key_template_2 = AeadKeyTemplates::Aes256CtrHmacSha256();
EXPECT_EQ(&key_template, &key_template_2);
// Check that the template works with the key manager.
AesCtrHmacAeadKeyManager key_type_manager;
auto key_manager = internal::MakeKeyManager(&key_type_manager);
EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
auto new_key_result =
key_manager->get_key_factory().NewKey(key_template.value());
EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
}
}
TEST(AeadKeyTemplatesTest, testXChaCha20Poly1305KeyTemplates) {
std::string type_url =
"type.googleapis.com/google.crypto.tink.XChaCha20Poly1305Key";
// Check that returned template is correct.
const KeyTemplate& key_template = AeadKeyTemplates::XChaCha20Poly1305();
EXPECT_EQ(type_url, key_template.type_url());
EXPECT_EQ(OutputPrefixType::TINK, key_template.output_prefix_type());
// Check that reference to the same object is returned.
const KeyTemplate& key_template_2 = AeadKeyTemplates::XChaCha20Poly1305();
EXPECT_EQ(&key_template, &key_template_2);
// Check that the template works with the key manager.
XChaCha20Poly1305KeyManager key_type_manager;
auto key_manager = internal::MakeKeyManager(&key_type_manager);
EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
auto new_key_result =
key_manager->get_key_factory().NewKey(key_template.value());
EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
}
TEST(AeadKeyTemplatesTest, testKmsEnvelopeAead) {
std::string type_url =
"type.googleapis.com/google.crypto.tink.KmsEnvelopeAeadKey";
std::string kek_uri = "foo/bar";
const KeyTemplate& dek_template = AeadKeyTemplates::Aes128Gcm();
// Check that returned template is correct.
const KeyTemplate& key_template =
AeadKeyTemplates::KmsEnvelopeAead(kek_uri, dek_template);
EXPECT_EQ(type_url, key_template.type_url());
EXPECT_EQ(OutputPrefixType::RAW, key_template.output_prefix_type());
KmsEnvelopeAeadKeyFormat key_format;
EXPECT_TRUE(key_format.ParseFromString(key_template.value()));
EXPECT_EQ(kek_uri, key_format.kek_uri());
EXPECT_EQ(dek_template.type_url(), key_format.dek_template().type_url());
EXPECT_EQ(dek_template.value(), key_format.dek_template().value());
// Check that the template works with the key manager.
KmsEnvelopeAeadKeyManager key_type_manager;
auto key_manager = internal::MakeKeyManager(&key_type_manager);
EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
auto new_key_result =
key_manager->get_key_factory().NewKey(key_template.value());
EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
}
TEST(AeadKeyTemplatesTest, testKmsEnvelopeAeadMultipleKeysSameKek) {
// Initialize the registry.
ASSERT_TRUE(AeadConfig::Register().ok());
auto kek_uri_result = test::FakeKmsClient::CreateFakeKeyUri();
EXPECT_TRUE(kek_uri_result.ok()) << kek_uri_result.status();
std::string kek_uri = kek_uri_result.value();
auto register_fake_kms_client_status = test::FakeKmsClient::RegisterNewClient(
kek_uri, /* credentials_path= */ "");
std::string type_url =
"type.googleapis.com/google.crypto.tink.KmsEnvelopeAeadKey";
const KeyTemplate& dek_template = AeadKeyTemplates::Aes128Gcm();
const KeyTemplate& key_template1 =
AeadKeyTemplates::KmsEnvelopeAead(kek_uri, dek_template);
auto handle_result1 =
KeysetHandle::GenerateNew(key_template1, KeyGenConfigGlobalRegistry());
EXPECT_TRUE(handle_result1.ok());
auto handle1 = std::move(handle_result1.value());
auto aead_result1 =
handle1->GetPrimitive(ConfigGlobalRegistry());
EXPECT_TRUE(aead_result1.ok());
auto aead1 = std::move(aead_result1.value());
const KeyTemplate& key_template2 =
AeadKeyTemplates::KmsEnvelopeAead(kek_uri, dek_template);
auto handle_result2 =
KeysetHandle::GenerateNew(key_template2, KeyGenConfigGlobalRegistry());
EXPECT_TRUE(handle_result2.ok());
auto handle2 = std::move(handle_result2.value());
auto aead_result2 =
handle2->GetPrimitive(ConfigGlobalRegistry());
EXPECT_TRUE(aead_result2.ok());
auto aead2 = std::move(aead_result2.value());
EXPECT_THAT(EncryptThenDecrypt(*aead1, *aead2, "message", "aad"), IsOk());
}
} // namespace
} // namespace tink
} // namespace crypto
================================================
FILE: cc/aead/aead_parameters.h
================================================
// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#ifndef TINK_AEAD_AEAD_PARAMETERS_H_
#define TINK_AEAD_AEAD_PARAMETERS_H_
#include "tink/parameters.h"
namespace crypto {
namespace tink {
// Describes an `AeadKey` (e.g., key attributes), excluding the randomly chosen
// key material.
class AeadParameters : public Parameters {};
} // namespace tink
} // namespace crypto
#endif // TINK_AEAD_AEAD_PARAMETERS_H_
================================================
FILE: cc/aead/aead_wrapper.cc
================================================
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////
#include "tink/aead/aead_wrapper.h"
#include
#include
#include
#include "absl/memory/memory.h"
#include "absl/status/status.h"
#include "absl/strings/str_cat.h"
#include "absl/strings/string_view.h"
#include "tink/aead.h"
#include "tink/crypto_format.h"
#include "tink/internal/monitoring_util.h"
#include "tink/internal/registry_impl.h"
#include "tink/internal/util.h"
#include "tink/monitoring/monitoring.h"
#include "tink/primitive_set.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
namespace crypto {
namespace tink {
namespace {
constexpr absl::string_view kPrimitive = "aead";
constexpr absl::string_view kEncryptApi = "encrypt";
constexpr absl::string_view kDecryptApi = "decrypt";
util::Status Validate(PrimitiveSet* aead_set) {
if (aead_set == nullptr) {
return util::Status(absl::StatusCode::kInternal,
"aead_set must be non-NULL");
}
if (aead_set->get_primary() == nullptr) {
return util::Status(absl::StatusCode::kInvalidArgument,
"aead_set has no primary");
}
return util::OkStatus();
}
// The actual wrapper.
class AeadSetWrapper : public Aead {
public:
explicit AeadSetWrapper(
std::unique_ptr> aead_set,
std::unique_ptr monitoring_encryption_client = nullptr,
std::unique_ptr monitoring_decryption_client = nullptr)
: aead_set_(std::move(aead_set)),
monitoring_encryption_client_(std::move(monitoring_encryption_client)),
monitoring_decryption_client_(std::move(monitoring_decryption_client)) {
}
util::StatusOr Encrypt(
absl::string_view plaintext,
absl::string_view associated_data) const override;
util::StatusOr Decrypt(
absl::string_view ciphertext,
absl::string_view associated_data) const override;
private:
std::unique_ptr> aead_set_;
std::unique_ptr monitoring_encryption_client_;
std::unique_ptr monitoring_decryption_client_;
};
util::StatusOr AeadSetWrapper::Encrypt(
absl::string_view plaintext, absl::string_view associated_data) const {
associated_data = internal::EnsureStringNonNull(associated_data);
const Aead& primitive = aead_set_->get_primary()->get_primitive();
util::StatusOr ciphertext =
primitive.Encrypt(plaintext, associated_data);
if (!ciphertext.ok()) {
if (monitoring_encryption_client_ != nullptr) {
monitoring_encryption_client_->LogFailure();
}
return ciphertext.status();
}
if (monitoring_encryption_client_ != nullptr) {
monitoring_encryption_client_->Log(aead_set_->get_primary()->get_key_id(),
plaintext.size());
}
const std::string& key_id = aead_set_->get_primary()->get_identifier();
return absl::StrCat(key_id, *ciphertext);
}
util::StatusOr AeadSetWrapper::Decrypt(
absl::string_view ciphertext, absl::string_view associated_data) const {
// BoringSSL expects a non-null pointer for plaintext and associated_data,
// regardless of whether the size is 0.
associated_data = internal::EnsureStringNonNull(associated_data);
if (ciphertext.length() > CryptoFormat::kNonRawPrefixSize) {
absl::string_view key_id =
ciphertext.substr(0, CryptoFormat::kNonRawPrefixSize);
util::StatusOr::Primitives*> primitives =
aead_set_->get_primitives(key_id);
if (primitives.ok()) {
absl::string_view raw_ciphertext =
ciphertext.substr(CryptoFormat::kNonRawPrefixSize);
for (const std::unique_ptr::Entry>& aead_entry :
**primitives) {
Aead& aead = aead_entry->get_primitive();
util::StatusOr plaintext =
aead.Decrypt(raw_ciphertext, associated_data);
if (plaintext.ok()) {
if (monitoring_decryption_client_ != nullptr) {
monitoring_decryption_client_->Log(aead_entry->get_key_id(),
raw_ciphertext.size());
}
return plaintext;
}
}
}
}
// No matching key succeeded with decryption, try all RAW keys.
util::StatusOr::Primitives*> raw_primitives =
aead_set_->get_raw_primitives();
if (raw_primitives.ok()) {
for (const std::unique_ptr::Entry>& aead_entry :
**raw_primitives) {
Aead& aead = aead_entry->get_primitive();
util::StatusOr plaintext =
aead.Decrypt(ciphertext, associated_data);
if (plaintext.ok()) {
if (monitoring_decryption_client_ != nullptr) {
monitoring_decryption_client_->Log(aead_entry->get_key_id(),
ciphertext.size());
}
return plaintext;
}
}
}
if (monitoring_decryption_client_ != nullptr) {
monitoring_decryption_client_->LogFailure();
}
return util::Status(absl::StatusCode::kInvalidArgument, "decryption failed");
}
} // namespace
util::StatusOr> AeadWrapper::Wrap(
std::unique_ptr> aead_set) const {
util::Status status = Validate(aead_set.get());
if (!status.ok()) {
return status;
}
MonitoringClientFactory* const monitoring_factory =
internal::RegistryImpl::GlobalInstance().GetMonitoringClientFactory();
// Monitoring is not enabled. Create a wrapper without monitoring clients.
if (monitoring_factory == nullptr) {
return {absl::make_unique(std::move(aead_set))};
}
util::StatusOr keyset_info =
internal::MonitoringKeySetInfoFromPrimitiveSet(*aead_set);
if (!keyset_info.ok()) {
return keyset_info.status();
}
util::StatusOr>
monitoring_encryption_client = monitoring_factory->New(
MonitoringContext(kPrimitive, kEncryptApi, *keyset_info));
if (!monitoring_encryption_client.ok()) {
return monitoring_encryption_client.status();
}
util::StatusOr>
monitoring_decryption_client = monitoring_factory->New(
MonitoringContext(kPrimitive, kDecryptApi, *keyset_info));
if (!monitoring_decryption_client.ok()) {
return monitoring_decryption_client.status();
}
return {absl::make_unique(
std::move(aead_set), *std::move(monitoring_encryption_client),
*std::move(monitoring_decryption_client))};
}
} // namespace tink
} // namespace crypto
================================================
FILE: cc/aead/aead_wrapper.h
================================================
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////
#ifndef TINK_AEAD_AEAD_WRAPPER_H_
#define TINK_AEAD_AEAD_WRAPPER_H_
#include
#include "tink/aead.h"
#include "tink/primitive_set.h"
#include "tink/primitive_wrapper.h"
#include "tink/util/statusor.h"
namespace crypto {
namespace tink {
// Wraps a set of Aead-instances that correspond to a keyset,
// and combines them into a single Aead-primitive, that uses the provided
// instances, depending on the context:
// * Aead::Encrypt(...) uses the primary instance from the set
// * Aead::Decrypt(...) uses the instance that matches the ciphertext prefix.
class AeadWrapper : public PrimitiveWrapper {
public:
// Returns an Aead-primitive that uses Aead-instances provided in 'aead_set',
// which must be non-NULL and must contain a primary instance.
util::StatusOr> Wrap(
std::unique_ptr> aead_set) const override;
};
} // namespace tink
} // namespace crypto
#endif // TINK_AEAD_AEAD_WRAPPER_H_
================================================
FILE: cc/aead/aead_wrapper_test.cc
================================================
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#include "tink/aead/aead_wrapper.h"
#include
#include
#include
#include
#include "gmock/gmock.h"
#include "gtest/gtest.h"
#include "absl/container/flat_hash_map.h"
#include "absl/memory/memory.h"
#include "absl/status/status.h"
#include "absl/status/statusor.h"
#include "absl/strings/str_cat.h"
#include "absl/strings/string_view.h"
#include "tink/aead.h"
#include "tink/aead/mock_aead.h"
#include "tink/crypto_format.h"
#include "tink/internal/registry_impl.h"
#include "tink/monitoring/monitoring.h"
#include "tink/monitoring/monitoring_client_mocks.h"
#include "tink/primitive_set.h"
#include "tink/registry.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
#include "tink/util/test_matchers.h"
#include "tink/util/test_util.h"
#include "proto/tink.pb.h"
namespace crypto {
namespace tink {
namespace {
using ::crypto::tink::test::DummyAead;
using ::crypto::tink::test::IsOk;
using ::crypto::tink::test::StatusIs;
using ::google::crypto::tink::KeysetInfo;
using ::google::crypto::tink::KeyStatusType;
using ::google::crypto::tink::OutputPrefixType;
using ::testing::_;
using ::testing::ByMove;
using ::testing::HasSubstr;
using ::testing::IsNull;
using ::testing::IsSubstring;
using ::testing::Not;
using ::testing::Return;
using ::testing::StrictMock;
using ::testing::Test;
void PopulateKeyInfo(KeysetInfo::KeyInfo* key_info, uint32_t key_id,
OutputPrefixType out_prefix_type, KeyStatusType status) {
key_info->set_output_prefix_type(out_prefix_type);
key_info->set_key_id(key_id);
key_info->set_status(status);
}
// Creates a test keyset info object.
KeysetInfo CreateTestKeysetInfo() {
KeysetInfo keyset_info;
PopulateKeyInfo(keyset_info.add_key_info(), /*key_id=*/1234543,
OutputPrefixType::TINK,
/*status=*/KeyStatusType::ENABLED);
PopulateKeyInfo(keyset_info.add_key_info(), /*key_id=*/726329,
OutputPrefixType::LEGACY,
/*status=*/KeyStatusType::ENABLED);
PopulateKeyInfo(keyset_info.add_key_info(), /*key_id=*/7213743,
OutputPrefixType::TINK,
/*status=*/KeyStatusType::ENABLED);
return keyset_info;
}
TEST(AeadSetWrapperTest, WrapNullptr) {
AeadWrapper wrapper;
util::StatusOr> aead = wrapper.Wrap(nullptr);
EXPECT_THAT(aead, Not(IsOk()));
EXPECT_THAT(aead.status(), StatusIs(absl::StatusCode::kInternal));
EXPECT_PRED_FORMAT2(IsSubstring, "non-NULL",
std::string(aead.status().message()));
}
TEST(AeadSetWrapperTest, WrapEmpty) {
AeadWrapper wrapper;
util::StatusOr> aead =
wrapper.Wrap(absl::make_unique>());
EXPECT_THAT(aead, Not(IsOk()));
EXPECT_THAT(aead.status(), StatusIs(absl::StatusCode::kInvalidArgument));
EXPECT_PRED_FORMAT2(IsSubstring, "no primary",
std::string(aead.status().message()));
}
TEST(AeadSetWrapperTest, Basic) {
KeysetInfo keyset_info = CreateTestKeysetInfo();
std::string aead_name_0 = "aead0";
std::string aead_name_1 = "aead1";
std::string aead_name_2 = "aead2";
auto aead_set = absl::make_unique>();
std::unique_ptr aead = absl::make_unique(aead_name_0);
util::StatusOr::Entry*> aead_entry =
aead_set->AddPrimitive(std::move(aead), keyset_info.key_info(0));
EXPECT_THAT(aead_entry, IsOk());
aead = absl::make_unique(aead_name_1);
aead_entry = aead_set->AddPrimitive(std::move(aead), keyset_info.key_info(1));
EXPECT_THAT(aead_entry, IsOk());
aead = absl::make_unique(aead_name_2);
aead_entry = aead_set->AddPrimitive(std::move(aead), keyset_info.key_info(2));
EXPECT_THAT(aead_entry, IsOk());
// The last key is the primary.
EXPECT_THAT(aead_set->set_primary(*aead_entry), IsOk());
// Wrap aead_set and test the resulting Aead.
AeadWrapper wrapper;
util::StatusOr> aead_result =
wrapper.Wrap(std::move(aead_set));
EXPECT_THAT(aead_result, IsOk());
aead = std::move(*aead_result);
std::string plaintext = "some_plaintext";
std::string aad = "some_aad";
util::StatusOr encrypt_result = aead->Encrypt(plaintext, aad);
EXPECT_THAT(encrypt_result, IsOk());
std::string ciphertext = *encrypt_result;
EXPECT_PRED_FORMAT2(testing::IsSubstring, aead_name_2, ciphertext);
util::StatusOr resulting_plaintext =
aead->Decrypt(ciphertext, aad);
EXPECT_THAT(resulting_plaintext, IsOk());
EXPECT_EQ(*resulting_plaintext, plaintext);
resulting_plaintext = aead->Decrypt("some bad ciphertext", aad);
EXPECT_THAT(resulting_plaintext, Not(IsOk()));
EXPECT_THAT(resulting_plaintext.status(),
StatusIs(absl::StatusCode::kInvalidArgument));
EXPECT_PRED_FORMAT2(IsSubstring, "decryption failed",
std::string(resulting_plaintext.status().message()));
}
TEST(AeadSetWrapperTest, DecryptNonPrimary) {
KeysetInfo keyset_info = CreateTestKeysetInfo();
std::string aead_name_0 = "aead0";
std::string aead_name_1 = "aead1";
std::string aead_name_2 = "aead2";
std::unique_ptr> aead_set(new PrimitiveSet());
std::unique_ptr aead = absl::make_unique(aead_name_0);
// Encrypt some message with the first aead.s
std::string plaintext = "some_plaintext";
std::string aad = "some_aad";
util::StatusOr ciphertext = aead->Encrypt(plaintext, aad);
EXPECT_THAT(ciphertext, IsOk());
util::StatusOr::Entry*> aead_entry =
aead_set->AddPrimitive(std::move(aead), keyset_info.key_info(0));
ASSERT_THAT(aead_entry, IsOk());
EXPECT_THAT(aead_set->set_primary(*aead_entry), IsOk());
// The complete ciphertext is of the form: | key_id | ciphertext |.
std::string complete_ciphertext =
absl::StrCat(aead_set->get_primary()->get_identifier(), *ciphertext);
aead = absl::make_unique(aead_name_1);
aead_entry = aead_set->AddPrimitive(std::move(aead), keyset_info.key_info(1));
EXPECT_THAT(aead_entry, IsOk());
aead = absl::make_unique(aead_name_2);
aead_entry = aead_set->AddPrimitive(std::move(aead), keyset_info.key_info(2));
EXPECT_THAT(aead_entry, IsOk());
// The last key is the primary.
EXPECT_THAT(aead_set->set_primary(*aead_entry), IsOk());
// Wrap aead_set and test the resulting Aead.
AeadWrapper wrapper;
util::StatusOr> aead_wrapped =
wrapper.Wrap(std::move(aead_set));
EXPECT_THAT(aead_wrapped, IsOk());
aead = std::move(*aead_wrapped);
EXPECT_THAT(complete_ciphertext, HasSubstr(aead_name_0));
// Primary key is different from the one we used to encrypt. This
// should still be decryptable as we have the correct key in the set.
util::StatusOr decrypted_plaintext =
aead->Decrypt(complete_ciphertext, aad);
EXPECT_THAT(decrypted_plaintext, IsOk());
}
// Tests with monitoring enabled.
class AeadSetWrapperTestWithMonitoring : public Test {
protected:
// Perform some common initialization: reset the global registry, set expected
// calls for the mock monitoring factory and the returned clients.
void SetUp() override {
Registry::Reset();
auto monitoring_client_factory =
absl::make_unique();
auto encryption_monitoring_client =
absl::make_unique>();
encryption_monitoring_client_ptr_ = encryption_monitoring_client.get();
auto decryption_monitoring_client =
absl::make_unique>();
decryption_monitoring_client_ptr_ = decryption_monitoring_client.get();
EXPECT_CALL(*monitoring_client_factory, New(_))
.WillOnce(
Return(ByMove(util::StatusOr>(
std::move(encryption_monitoring_client)))))
.WillOnce(
Return(ByMove(util::StatusOr>(
std::move(decryption_monitoring_client)))));
ASSERT_THAT(internal::RegistryImpl::GlobalInstance()
.RegisterMonitoringClientFactory(
std::move(monitoring_client_factory)),
IsOk());
ASSERT_THAT(
internal::RegistryImpl::GlobalInstance().GetMonitoringClientFactory(),
Not(IsNull()));
}
// Cleanup the registry to avoid mock leaks.
void TearDown() override { Registry::Reset(); }
MockMonitoringClient* encryption_monitoring_client_ptr_;
MockMonitoringClient* decryption_monitoring_client_ptr_;
};
// Test that successful encrypt/decrypt operations are logged.
TEST_F(AeadSetWrapperTestWithMonitoring,
WrapKeysetWithMonitoringEncryptDecryptSuccess) {
// Populate a primitive set.
KeysetInfo keyset_info = CreateTestKeysetInfo();
const absl::flat_hash_map kAnnotations = {
{"key1", "value1"}, {"key2", "value2"}, {"key3", "value3"}};
auto aead_primitive_set = absl::make_unique>(kAnnotations);
ASSERT_THAT(aead_primitive_set
->AddPrimitive(absl::make_unique("aead0"),
keyset_info.key_info(0))
.status(),
IsOk());
ASSERT_THAT(aead_primitive_set
->AddPrimitive(absl::make_unique("aead1"),
keyset_info.key_info(1))
.status(),
IsOk());
// Set the last as primary.
util::StatusOr::Entry*> last =
aead_primitive_set->AddPrimitive(absl::make_unique("aead2"),
keyset_info.key_info(2));
ASSERT_THAT(last, IsOk());
ASSERT_THAT(aead_primitive_set->set_primary(*last), IsOk());
// Record the ID of the primary key.
const uint32_t kPrimaryKeyId = keyset_info.key_info(2).key_id();
util::StatusOr> aead =
AeadWrapper().Wrap(std::move(aead_primitive_set));
ASSERT_THAT(aead, IsOk());
constexpr absl::string_view kPlaintext = "This is some plaintext!";
constexpr absl::string_view kAssociatedData = "Some associated data!";
EXPECT_CALL(*encryption_monitoring_client_ptr_,
Log(kPrimaryKeyId, kPlaintext.size()));
util::StatusOr ciphertext =
(*aead)->Encrypt(kPlaintext, kAssociatedData);
ASSERT_THAT(ciphertext, IsOk());
// In the log expect the size of the ciphertext without the non-raw prefix.
auto raw_ciphertext =
absl::string_view(*ciphertext).substr(CryptoFormat::kNonRawPrefixSize);
EXPECT_CALL(*decryption_monitoring_client_ptr_,
Log(kPrimaryKeyId, raw_ciphertext.size()));
EXPECT_THAT((*aead)->Decrypt(*ciphertext, kAssociatedData), IsOk());
}
// Test that monitoring logs encryption and decryption failures correctly.
TEST_F(AeadSetWrapperTestWithMonitoring,
WrapKeysetWithMonitoringEncryptDecryptFailures) {
// Populate a primitive set.
KeysetInfo keyset_info = CreateTestKeysetInfo();
const absl::flat_hash_map kAnnotations = {
{"key1", "value1"}, {"key2", "value2"}, {"key3", "value3"}};
auto aead_primitive_set = absl::make_unique>(kAnnotations);
// Assume encryption and decryption always fail.
auto mock_aead = absl::make_unique();
constexpr absl::string_view kPlaintext = "A plaintext!!";
constexpr absl::string_view kCiphertext = "A ciphertext!";
constexpr absl::string_view kAssociatedData = "Some associated data!";
ON_CALL(*mock_aead, Encrypt(kPlaintext, kAssociatedData))
.WillByDefault(Return(util::Status(absl::StatusCode::kInternal,
"Oh no encryption failed :(!")));
ON_CALL(*mock_aead, Decrypt(kCiphertext, kAssociatedData))
.WillByDefault(Return(util::Status(absl::StatusCode::kInternal,
"Oh no decryption failed :(!")));
util::StatusOr::Entry*> primary =
aead_primitive_set->AddPrimitive(std::move(mock_aead),
keyset_info.key_info(2));
ASSERT_THAT(primary, IsOk());
// Set the only primitive as primary.
ASSERT_THAT(aead_primitive_set->set_primary(*primary), IsOk());
util::StatusOr> aead =
AeadWrapper().Wrap(std::move(aead_primitive_set));
ASSERT_THAT(aead, IsOk());
// Expect encryption failure gets logged.
EXPECT_CALL(*encryption_monitoring_client_ptr_, LogFailure());
util::StatusOr ciphertext =
(*aead)->Encrypt(kPlaintext, kAssociatedData);
EXPECT_THAT(ciphertext, Not(IsOk()));
// We must prepend the identifier to the ciphertext to make sure our mock gets
// called.
util::StatusOr key_identifier =
CryptoFormat::GetOutputPrefix(keyset_info.key_info(2));
ASSERT_THAT(key_identifier, IsOk());
std::string ciphertext_with_key_id =
absl::StrCat(*key_identifier, kCiphertext);
// Expect decryption failure gets logged.
EXPECT_CALL(*decryption_monitoring_client_ptr_, LogFailure());
EXPECT_THAT(
(*aead)->Decrypt(ciphertext_with_key_id, kAssociatedData).status(),
Not(IsOk()));
}
} // namespace
} // namespace tink
} // namespace crypto
================================================
FILE: cc/aead/aes_ctr_hmac_aead_key.cc
================================================
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#include "tink/aead/aes_ctr_hmac_aead_key.h"
#include
#include
#include "absl/status/status.h"
#include "absl/strings/escaping.h"
#include "absl/strings/str_cat.h"
#include "absl/types/optional.h"
#include "tink/aead/aes_ctr_hmac_aead_parameters.h"
#include "tink/key.h"
#include "tink/partial_key_access_token.h"
#include "tink/restricted_data.h"
#include "tink/subtle/subtle_util.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
namespace crypto {
namespace tink {
namespace {
util::StatusOr ComputeOutputPrefix(
const AesCtrHmacAeadParameters& parameters,
absl::optional id_requirement) {
switch (parameters.GetVariant()) {
case AesCtrHmacAeadParameters::Variant::kNoPrefix:
return std::string(""); // Empty prefix.
case AesCtrHmacAeadParameters::Variant::kCrunchy:
if (!id_requirement.has_value()) {
return util::Status(
absl::StatusCode::kInvalidArgument,
"ID requirement must not be empty with kCrunchy or kLegacy");
}
return absl::StrCat(absl::HexStringToBytes("00"),
subtle::BigEndian32(*id_requirement));
case AesCtrHmacAeadParameters::Variant::kTink:
if (!id_requirement.has_value()) {
return util::Status(absl::StatusCode::kInvalidArgument,
"ID requirement must not be empty with kTink");
}
return absl::StrCat(absl::HexStringToBytes("01"),
subtle::BigEndian32(*id_requirement));
default:
return util::Status(
absl::StatusCode::kInvalidArgument,
absl::StrCat("Invalid variant: ", parameters.GetVariant()));
}
}
} // namespace
AesCtrHmacAeadKey::Builder& AesCtrHmacAeadKey::Builder::SetParameters(
const AesCtrHmacAeadParameters& parameters) {
parameters_ = parameters;
return *this;
}
AesCtrHmacAeadKey::Builder& AesCtrHmacAeadKey::Builder::SetAesKeyBytes(
const RestrictedData& aes_key_bytes) {
aes_key_bytes_ = aes_key_bytes;
return *this;
}
AesCtrHmacAeadKey::Builder& AesCtrHmacAeadKey::Builder::SetHmacKeyBytes(
const RestrictedData& hmac_key_bytes) {
hmac_key_bytes_ = hmac_key_bytes;
return *this;
}
AesCtrHmacAeadKey::Builder& AesCtrHmacAeadKey::Builder::SetIdRequirement(
absl::optional id_requirement) {
id_requirement_ = id_requirement;
return *this;
}
util::StatusOr AesCtrHmacAeadKey::Builder::Build(
PartialKeyAccessToken token) {
if (!parameters_.has_value()) {
return util::Status(absl::StatusCode::kInvalidArgument,
"Cannot build without setting the parameters");
}
if (!aes_key_bytes_.has_value()) {
return util::Status(absl::StatusCode::kInvalidArgument,
"Cannot build without AES key material");
}
if (!hmac_key_bytes_.has_value()) {
return util::Status(absl::StatusCode::kInvalidArgument,
"Cannot build without HMAC key material");
}
if (parameters_->GetAesKeySizeInBytes() != aes_key_bytes_->size()) {
return util::Status(absl::StatusCode::kInvalidArgument,
"AES key size does not match "
"AesCtrHmacAeadParameters::GetAesKeySizeInBytes");
}
if (parameters_->GetHmacKeySizeInBytes() != hmac_key_bytes_->size()) {
return util::Status(absl::StatusCode::kInvalidArgument,
"HMAC key size does not match "
"AesCtrHmacAeadParameters::GetHmacKeySizeInBytes");
}
if (parameters_->HasIdRequirement() && !id_requirement_.has_value()) {
return util::Status(
absl::StatusCode::kInvalidArgument,
"Cannot create key without ID requirement with parameters with ID "
"requirement");
}
if (!parameters_->HasIdRequirement() && id_requirement_.has_value()) {
return util::Status(
absl::StatusCode::kInvalidArgument,
"Cannot create key with ID requirement with parameters without ID "
"requirement");
}
util::StatusOr output_prefix =
ComputeOutputPrefix(*parameters_, id_requirement_);
if (!output_prefix.ok()) {
return output_prefix.status();
}
return AesCtrHmacAeadKey(*parameters_, *aes_key_bytes_, *hmac_key_bytes_,
id_requirement_, *std::move(output_prefix));
}
bool AesCtrHmacAeadKey::operator==(const Key& other) const {
const AesCtrHmacAeadKey* that =
dynamic_cast(&other);
if (that == nullptr) return false;
return GetParameters() == that->GetParameters() &&
aes_key_bytes_ == that->aes_key_bytes_ &&
hmac_key_bytes_ == that->hmac_key_bytes_ &&
id_requirement_ == that->id_requirement_;
}
} // namespace tink
} // namespace crypto
================================================
FILE: cc/aead/aes_ctr_hmac_aead_key.h
================================================
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#ifndef TINK_AEAD_AES_CTR_HMAC_AEAD_KEY_H_
#define TINK_AEAD_AES_CTR_HMAC_AEAD_KEY_H_
#include
#include
#include "absl/strings/string_view.h"
#include "absl/types/optional.h"
#include "tink/aead/aead_key.h"
#include "tink/aead/aes_ctr_hmac_aead_parameters.h"
#include "tink/key.h"
#include "tink/partial_key_access_token.h"
#include "tink/restricted_data.h"
#include "tink/util/statusor.h"
namespace crypto {
namespace tink {
// Represents an AEAD that uses AES-CTR_HMAC.
class AesCtrHmacAeadKey : public AeadKey {
public:
// Copyable and movable.
AesCtrHmacAeadKey(const AesCtrHmacAeadKey& other) = default;
AesCtrHmacAeadKey& operator=(const AesCtrHmacAeadKey& other) = default;
AesCtrHmacAeadKey(AesCtrHmacAeadKey&& other) = default;
AesCtrHmacAeadKey& operator=(AesCtrHmacAeadKey&& other) = default;
// Creates an AES-CTR-HMAC-AEAD key instance.
class Builder {
public:
// Copyable and movable.
Builder(const Builder& other) = default;
Builder& operator=(const Builder& other) = default;
Builder(Builder&& other) = default;
Builder& operator=(Builder&& other) = default;
// Creates initially empty private key builder.
Builder() = default;
Builder& SetParameters(const AesCtrHmacAeadParameters& parameters);
Builder& SetAesKeyBytes(const RestrictedData& aes_key_bytes);
Builder& SetHmacKeyBytes(const RestrictedData& hmac_key_bytes);
Builder& SetIdRequirement(absl::optional id_requirement);
// Creates an AES-CTR-HMAC-AEAD key object from this builder.
util::StatusOr Build(PartialKeyAccessToken token);
private:
absl::optional parameters_;
absl::optional aes_key_bytes_;
absl::optional hmac_key_bytes_;
absl::optional id_requirement_;
};
// Returns the underlying AES key bytes.
const RestrictedData& GetAesKeyBytes(PartialKeyAccessToken token) const {
return aes_key_bytes_;
}
// Returns the underlying HMAC key bytes.
const RestrictedData& GetHmacKeyBytes(PartialKeyAccessToken token) const {
return hmac_key_bytes_;
}
absl::string_view GetOutputPrefix() const override { return output_prefix_; }
const AesCtrHmacAeadParameters& GetParameters() const override {
return parameters_;
}
absl::optional GetIdRequirement() const override {
return id_requirement_;
}
bool operator==(const Key& other) const override;
private:
AesCtrHmacAeadKey(const AesCtrHmacAeadParameters& parameters,
const RestrictedData& aes_key_bytes,
const RestrictedData& hmac_key_bytes,
absl::optional id_requirement,
std::string output_prefix)
: parameters_(parameters),
aes_key_bytes_(aes_key_bytes),
hmac_key_bytes_(hmac_key_bytes),
id_requirement_(id_requirement),
output_prefix_(std::move(output_prefix)) {}
AesCtrHmacAeadParameters parameters_;
RestrictedData aes_key_bytes_;
RestrictedData hmac_key_bytes_;
absl::optional id_requirement_;
std::string output_prefix_;
};
} // namespace tink
} // namespace crypto
#endif // TINK_AEAD_AES_CTR_HMAC_AEAD_KEY_H_
================================================
FILE: cc/aead/aes_ctr_hmac_aead_key_manager.cc
================================================
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////
#include "tink/aead/aes_ctr_hmac_aead_key_manager.h"
#include
#include
#include