├── BUILD.bazel ├── .bazelversion ├── .bazelignore ├── examples ├── .bazelversion ├── util │ ├── CMakeLists.txt │ └── BUILD.bazel ├── aead │ ├── aead_test_keyset.json │ ├── CMakeLists.txt │ └── BUILD.bazel ├── mac │ ├── mac_test_keyset.json │ ├── CMakeLists.txt │ └── BUILD.bazel ├── hybrid_encryption │ ├── testdata │ │ ├── hpke_test_public_keyset.json │ │ ├── BUILD.bazel │ │ ├── hpke_test_private_keyset.json │ │ ├── hybrid_test_public_keyset.json │ │ └── hybrid_test_private_keyset.json │ ├── CMakeLists.txt │ └── BUILD.bazel ├── daead │ ├── deterministic_aead_test_keyset.json │ ├── CMakeLists.txt │ └── BUILD.bazel ├── digital_signatures │ ├── digital_signature_public_keyset.json │ ├── digital_signature_private_keyset.json │ ├── CMakeLists.txt │ └── BUILD.bazel ├── MODULE.bazel ├── key_derivation │ ├── CMakeLists.txt │ ├── keyset.json │ └── BUILD.bazel ├── .bazelrc ├── jwt │ └── jwt_signature_public_keyset.json └── walkthrough │ └── create_keyset.h ├── tink ├── aead │ ├── subtle │ │ ├── CMakeLists.txt │ │ └── BUILD.bazel │ ├── config_v0.h │ ├── aead_parameters.h │ ├── key_gen_config_v0.h │ ├── config_v0.cc │ ├── internal │ │ ├── config_v0.h │ │ ├── key_gen_config_v0.h │ │ └── cord_x_aes_gcm_boringssl.h │ ├── failing_aead.h │ └── key_gen_config_v0.cc ├── hybrid │ ├── subtle │ │ ├── CMakeLists.txt │ │ └── BUILD.bazel │ ├── config_v0.h │ ├── hpke_config.h │ ├── key_gen_config_v0.h │ ├── hybrid_parameters.h │ ├── config_v0.cc │ ├── internal │ │ ├── config_v0.h │ │ ├── hpke_public_key_manager.cc │ │ ├── testing │ │ │ ├── ecies_aead_hkdf_test_vectors.h │ │ │ └── hpke_test_vectors.h │ │ └── key_gen_config_v0.h │ └── key_gen_config_v0.cc ├── mac │ ├── subtle │ │ ├── CMakeLists.txt │ │ └── BUILD.bazel │ ├── config_v0.h │ ├── mac_parameters.h │ ├── key_gen_config_v0.h │ ├── config_v0.cc │ ├── internal │ │ ├── config_v0.h │ │ └── key_gen_config_v0.h │ ├── failing_mac.h │ └── key_gen_config_v0.cc ├── prf │ ├── subtle │ │ ├── CMakeLists.txt │ │ └── BUILD.bazel │ ├── config_v0.h │ ├── key_gen_config_v0.h │ ├── prf_parameters.h │ ├── config_v0.cc │ ├── internal │ │ ├── config_v0.h │ │ └── key_gen_config_v0.h │ └── key_gen_config_v0.cc ├── signature │ ├── subtle │ │ ├── CMakeLists.txt │ │ └── BUILD.bazel │ ├── config_v0.h │ ├── sig_util.h │ ├── key_gen_config_v0.h │ ├── signature_parameters.h │ ├── config_v0.cc │ ├── internal │ │ ├── config_v0.h │ │ ├── key_gen_config_v0.h │ │ └── config_fips_140_2.h │ ├── key_gen_config_v0.cc │ └── sig_util.cc ├── keyderivation │ ├── subtle │ │ ├── CMakeLists.txt │ │ └── BUILD.bazel │ └── key_derivation_key.h ├── streamingaead │ ├── subtle │ │ ├── CMakeLists.txt │ │ └── BUILD.bazel │ ├── config_v0.h │ ├── key_gen_config_v0.h │ ├── config_v0.cc │ ├── internal │ │ ├── config_v0.h │ │ └── key_gen_config_v0.h │ ├── streaming_aead_parameters.h │ └── key_gen_config_v0.cc ├── exported_symbols.lds ├── config │ ├── internal │ │ ├── CMakeLists.txt │ │ └── BUILD.bazel │ ├── v0.h │ ├── key_gen_v0.h │ ├── tink_fips.cc │ ├── config_util.h │ ├── global_registry.h │ ├── key_gen_fips_140_2.h │ └── fips_140_2.h ├── version_script.lds ├── experimental │ ├── pqcrypto │ │ ├── README.md │ │ ├── kem │ │ │ ├── subtle │ │ │ │ └── BUILD.bazel │ │ │ ├── util │ │ │ │ └── BUILD.bazel │ │ │ └── ml_kem_proto_serialization.h │ │ └── proto │ │ │ └── BUILD.bazel │ └── kem │ │ ├── CMakeLists.txt │ │ ├── BUILD.bazel │ │ └── kem_parameters.h ├── kem │ ├── CMakeLists.txt │ └── BUILD.bazel ├── json │ └── internal │ │ ├── CMakeLists.txt │ │ ├── BUILD.bazel │ │ └── tink_type_resolver.h ├── daead │ ├── subtle │ │ ├── CMakeLists.txt │ │ └── BUILD.bazel │ ├── config_v0.h │ ├── key_gen_config_v0.h │ ├── deterministic_aead_parameters.h │ ├── config_v0.cc │ ├── internal │ │ ├── config_v0.h │ │ ├── key_gen_config_v0.h │ │ └── key_gen_config_v0.cc │ └── key_gen_config_v0.cc ├── mac_config.h ├── mac_factory.h ├── aead_config.h ├── tink_config.h ├── aead_factory.h ├── hybrid_config.h ├── json_keyset_reader.h ├── json_keyset_writer.h ├── keyset_handle_builder.h ├── core │ ├── version.cc │ ├── restricted_data.cc │ └── key_access_test.cc ├── mac_key_templates.h ├── signature_config.h ├── aead_key_templates.h ├── hybrid_key_templates.h ├── hybrid_decrypt_factory.h ├── hybrid_encrypt_factory.h ├── signature_key_templates.h ├── public_key_sign_factory.h ├── public_key_verify_factory.h ├── streaming_aead_config.h ├── util │ ├── constants.cc │ ├── constants.h │ ├── protobuf_helper.h │ ├── keyset_util.h │ └── statusor.h ├── deterministic_aead_config.h ├── deterministic_aead_factory.h ├── streaming_aead_key_templates.h ├── deterministic_aead_key_templates.h ├── version.h.templ ├── secret_key_access.h ├── jwt │ ├── jwt_mac_config_v0.h │ ├── jwt_signature_config_v0.h │ ├── jwt_mac_config.h │ ├── jwt_mac_key_gen_config_v0.h │ ├── jwt_signature_key_gen_config_v0.h │ ├── jwt_mac_parameters.h │ ├── jwt_mac_config_v0.cc │ ├── jwt_signature_config.h │ ├── internal │ │ ├── jwt_mac_config_v0.h │ │ ├── jwt_mac_key_gen_config_v0.h │ │ ├── jwt_signature_config_v0.h │ │ └── jwt_signature_key_gen_config_v0.h │ ├── jwt_signature_parameters.h │ ├── jwt_signature_config_v0.cc │ └── jwt_mac_key_gen_config_v0.cc ├── internal │ ├── test_file_util_cmake.cc │ ├── err_util.h │ ├── internal_insecure_secret_key_access.cc │ ├── key_info.h │ ├── global_serialization_registry.h │ └── err_util.cc └── private_key.h ├── version.bzl ├── third_party ├── BUILD.bazel └── boringssl_fips │ ├── MODULE.bazel │ └── README.md ├── docs ├── CONTRIBUTING.md └── SECURITY.md ├── .bcr ├── source.template.json ├── README.md ├── presubmit.yml └── metadata.template.json ├── testvectors ├── wycheproof.BUILD.bazel └── build_defs.bzl ├── proto ├── experimental │ └── pqcrypto │ │ ├── CMakeLists.txt │ │ └── BUILD.bazel ├── empty.proto ├── test_proto.proto ├── aes_cmac_prf.proto ├── xchacha20_poly1305.proto ├── aes_ctr.proto ├── aes_cmac.proto ├── aes_gcm_siv.proto └── chacha20_poly1305.proto ├── .bazelrc ├── tools └── BUILD.bazel ├── kokoro └── testutils │ └── BUILD.bazel └── extensions.bzl /BUILD.bazel: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.bazelversion: -------------------------------------------------------------------------------- 1 | 8.4.2 2 | -------------------------------------------------------------------------------- /.bazelignore: -------------------------------------------------------------------------------- 1 | examples 2 | -------------------------------------------------------------------------------- /examples/.bazelversion: -------------------------------------------------------------------------------- 1 | 8.4.2 2 | -------------------------------------------------------------------------------- /tink/aead/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tink/hybrid/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tink/mac/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tink/prf/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tink/signature/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tink/keyderivation/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tink/streamingaead/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tink/exported_symbols.lds: -------------------------------------------------------------------------------- 1 | *tink* 2 | *absl* 3 | -------------------------------------------------------------------------------- /tink/aead/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | licenses(["notice"]) 2 | -------------------------------------------------------------------------------- /tink/mac/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | licenses(["notice"]) 2 | -------------------------------------------------------------------------------- /tink/prf/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | licenses(["notice"]) 2 | -------------------------------------------------------------------------------- /tink/hybrid/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | licenses(["notice"]) 2 | -------------------------------------------------------------------------------- /tink/signature/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | licenses(["notice"]) 2 | -------------------------------------------------------------------------------- /tink/keyderivation/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | licenses(["notice"]) 2 | -------------------------------------------------------------------------------- /tink/streamingaead/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | licenses(["notice"]) 2 | -------------------------------------------------------------------------------- /tink/config/internal/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | tink_module(config::internal) 2 | -------------------------------------------------------------------------------- /version.bzl: -------------------------------------------------------------------------------- 1 | """Version of the current release of Tink C++.""" 2 | TINK_VERSION_LABEL = "2.5.0" 3 | -------------------------------------------------------------------------------- /third_party/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | -------------------------------------------------------------------------------- /third_party/boringssl_fips/MODULE.bazel: -------------------------------------------------------------------------------- 1 | # MODULE.bazel for boringssl FIPS. 2 | module(name = "boringssl") 3 | -------------------------------------------------------------------------------- /tink/version_script.lds: -------------------------------------------------------------------------------- 1 | VERS_2.5.0 { 2 | global: 3 | *tink*; 4 | *absl*; 5 | local: 6 | *; 7 | }; 8 | -------------------------------------------------------------------------------- /tink/config/internal/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//:__subpackages__"]) 2 | 3 | licenses(["notice"]) 4 | -------------------------------------------------------------------------------- /tink/experimental/pqcrypto/README.md: -------------------------------------------------------------------------------- 1 | This folder contains experimental implementations of post-quantum cryptographic 2 | primitives. 3 | -------------------------------------------------------------------------------- /docs/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # How to contribute 2 | 3 | Please see the 4 | [developer documentation](https://developers.google.com/tink/contributing) on 5 | how to contribute to Tink. 6 | -------------------------------------------------------------------------------- /tink/experimental/pqcrypto/kem/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # package containing subtle implementations of PQC primitives 2 | 3 | package(default_visibility = ["//:__subpackages__"]) 4 | 5 | licenses(["notice"]) 6 | -------------------------------------------------------------------------------- /.bcr/source.template.json: -------------------------------------------------------------------------------- 1 | { 2 | "integrity": "**leave this alone**", 3 | "strip_prefix": "{REPO}-{VERSION}", 4 | "url": "https://github.com/{OWNER}/{REPO}/releases/download/{TAG}/{REPO}-{VERSION}.zip" 5 | } 6 | -------------------------------------------------------------------------------- /tink/experimental/pqcrypto/kem/util/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # package containing useful functions for hybrid encryption PQC primitives 2 | 3 | package(default_visibility = ["//:__subpackages__"]) 4 | 5 | licenses(["notice"]) 6 | -------------------------------------------------------------------------------- /examples/util/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_library(util util.cc util.h) 2 | target_include_directories(util PUBLIC 3 | "${CMAKE_CURRENT_SOURCE_DIR}" 4 | "${TINK_EXAMPLES_INCLUDE_PATH}") 5 | target_link_libraries(util tink::static) 6 | -------------------------------------------------------------------------------- /docs/SECURITY.md: -------------------------------------------------------------------------------- 1 | To report a security issue, please use http://g.co/vulnz. We use 2 | http://g.co/vulnz for our intake and coordination, and disclose vulnerabilities 3 | using GitHub Security Advisory. The Google Security Team will 4 | respond within 5 working days of your report on g.co/vulnz. 5 | -------------------------------------------------------------------------------- /testvectors/wycheproof.BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | filegroup( 4 | name = "testvectors", 5 | srcs = glob(["testvectors/*.json"]), 6 | ) 7 | 8 | filegroup( 9 | name = "testvectors_v1", 10 | srcs = glob(["testvectors_v1/*.json"]), 11 | ) 12 | -------------------------------------------------------------------------------- /proto/experimental/pqcrypto/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | tink_cc_proto( 2 | NAME cecpq2_aead_hkdf_cc_proto 3 | SRCS cecpq2_aead_hkdf.proto 4 | DEPS 5 | tink::proto::common_cc_proto 6 | tink::proto::tink_cc_proto 7 | ) 8 | 9 | tink_cc_proto( 10 | NAME ml_kem_cc_proto 11 | SRCS ml_kem.proto 12 | DEPS 13 | tink::proto::common_cc_proto 14 | tink::proto::tink_cc_proto 15 | ) 16 | -------------------------------------------------------------------------------- /tink/kem/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | tink_cc_library( 2 | NAME kem_decapsulate 3 | SRCS 4 | kem_decapsulate.h 5 | DEPS 6 | absl::strings 7 | tink::core::keyset_handle 8 | tink::util::statusor 9 | ) 10 | 11 | tink_cc_library( 12 | NAME kem_encapsulate 13 | SRCS 14 | kem_encapsulate.h 15 | DEPS 16 | tink::core::keyset_handle 17 | tink::util::statusor 18 | ) 19 | -------------------------------------------------------------------------------- /.bcr/README.md: -------------------------------------------------------------------------------- 1 | # Bazel Central Registry 2 | 3 | When tink-cc is released, we want it to be published to the Bazel Central 4 | Registry automatically: 5 | 6 | This folder contains configuration files to automate the publish step. See 7 | 8 | for authoritative documentation about these files. 9 | -------------------------------------------------------------------------------- /examples/aead/aead_test_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "key": [ 3 | { 4 | "keyData": { 5 | "keyMaterialType": "SYMMETRIC", 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.AesGcmKey", 7 | "value": "GiBWyUfGgYk3RTRhj/LIUzSudIWlyjCftCOypTr0jCNSLg==" 8 | }, 9 | "keyId": 294406504, 10 | "outputPrefixType": "TINK", 11 | "status": "ENABLED" 12 | } 13 | ], 14 | "primaryKeyId": 294406504 15 | } 16 | -------------------------------------------------------------------------------- /examples/mac/mac_test_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 691856985, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.HmacKey", 7 | "keyMaterialType": "SYMMETRIC", 8 | "value": "EgQIAxAgGiDZsmkTufMG/XlKlk9m7bqxustjUPT2YULEVm8mOp2mSA==" 9 | }, 10 | "outputPrefixType": "TINK", 11 | "keyId": 691856985, 12 | "status": "ENABLED" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/hybrid_encryption/testdata/hpke_test_public_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 958452012, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.HpkePublicKey", 7 | "value": "EgYIARABGAIaIFVkKZkKM++I3AKeVjg9+iogUO9TFQqZ9olnzs1i7Sle", 8 | "keyMaterialType": "ASYMMETRIC_PUBLIC" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 958452012, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/hybrid_encryption/testdata/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | filegroup( 6 | name = "hpke_test_keyset", 7 | srcs = [ 8 | "hpke_test_private_keyset.json", 9 | "hpke_test_public_keyset.json", 10 | ], 11 | ) 12 | 13 | filegroup( 14 | name = "hybrid_test_keyset", 15 | srcs = [ 16 | "hybrid_test_private_keyset.json", 17 | "hybrid_test_public_keyset.json", 18 | ], 19 | ) 20 | -------------------------------------------------------------------------------- /examples/daead/deterministic_aead_test_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 1184417862, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.AesSivKey", 7 | "value": "EkAbqs8wuMAXvuqU9FVOW9VvG9kE9P3aI5qjnkGvNTeRh/Cxoh06kosU5R9jRCHCkdMgnOSHMtfIKkQj5exuhesH", 8 | "keyMaterialType": "SYMMETRIC" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 1184417862, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/mac/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_executable(mac_cli mac_cli.cc) 2 | target_include_directories(mac_cli PUBLIC 3 | "${CMAKE_CURRENT_SOURCE_DIR}" 4 | "${TINK_EXAMPLES_INCLUDE_PATH}") 5 | target_link_libraries(mac_cli 6 | tink::static 7 | absl::absl_check 8 | absl::flags_parse 9 | util) 10 | 11 | add_test( 12 | NAME mac_cli_test 13 | COMMAND "${BASH_PROGRAM}" 14 | "${CMAKE_CURRENT_SOURCE_DIR}/mac_cli_test.sh" 15 | "${CMAKE_CURRENT_BINARY_DIR}/mac_cli" 16 | "${CMAKE_CURRENT_SOURCE_DIR}/mac_test_keyset.json") 17 | -------------------------------------------------------------------------------- /examples/aead/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_executable(aead_cli aead_cli.cc) 2 | target_include_directories(aead_cli PUBLIC 3 | "${CMAKE_CURRENT_SOURCE_DIR}" 4 | "${TINK_EXAMPLES_INCLUDE_PATH}") 5 | target_link_libraries(aead_cli 6 | tink::static 7 | absl::absl_check 8 | absl::flags_parse 9 | util) 10 | 11 | add_test( 12 | NAME aead_cli_test 13 | COMMAND "${BASH_PROGRAM}" 14 | "${CMAKE_CURRENT_SOURCE_DIR}/aead_cli_test.sh" 15 | "${CMAKE_CURRENT_BINARY_DIR}/aead_cli" 16 | "${CMAKE_CURRENT_SOURCE_DIR}/aead_test_keyset.json") 17 | -------------------------------------------------------------------------------- /examples/digital_signatures/digital_signature_public_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 1487078030, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.EcdsaPublicKey", 7 | "value": "EgYIAxACGAIaIQDVCrkV2RwQ/Kz3AeTOvqZoFUo5N4C0g/4bXVb26325zyIgF3qVnpED0Uu+KlEzBMDep13os17nAcQ5NEqCqHqkoTg=", 8 | "keyMaterialType": "ASYMMETRIC_PUBLIC" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 1487078030, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/hybrid_encryption/testdata/hpke_test_private_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 958452012, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.HpkePrivateKey", 7 | "value": "EioSBggBEAEYAhogVWQpmQoz74jcAp5WOD36KiBQ71MVCpn2iWfOzWLtKV4aINfn8qlMbyijNJcCzrafjsgJ493ZZGN256KTfKw0WN+p", 8 | "keyMaterialType": "ASYMMETRIC_PRIVATE" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 958452012, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/MODULE.bazel: -------------------------------------------------------------------------------- 1 | """Module definition for Tink C++ Examples.""" 2 | 3 | # Omitting `version` because this is not meant to be depended on by other modules. 4 | module(name = "tink_cc_examples") 5 | 6 | # Use local tink_cc. 7 | bazel_dep( 8 | name = "tink_cc", 9 | version = "", 10 | ) 11 | local_path_override( 12 | module_name = "tink_cc", 13 | path = "../", 14 | ) 15 | 16 | bazel_dep( 17 | name = "googletest", 18 | version = "1.17.0", 19 | ) 20 | bazel_dep( 21 | name = "abseil-cpp", 22 | version = "20250814.1", 23 | ) 24 | -------------------------------------------------------------------------------- /examples/digital_signatures/digital_signature_private_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 1487078030, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.EcdsaPrivateKey", 7 | "value": "Ek0SBggDEAIYAhohANUKuRXZHBD8rPcB5M6+pmgVSjk3gLSD/htdVvbrfbnPIiAXepWekQPRS74qUTMEwN6nXeizXucBxDk0SoKoeqShOBogbJEwIZASdx42tIitAe8UoBxWyi11Mq+HnWNtcQWkG18=", 8 | "keyMaterialType": "ASYMMETRIC_PRIVATE" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 1487078030, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /tink/json/internal/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | tink_module(json::internal) 2 | 3 | tink_cc_library( 4 | NAME tink_type_resolver 5 | SRCS 6 | tink_type_resolver.cc 7 | tink_type_resolver.h 8 | DEPS 9 | protobuf::libprotobuf 10 | absl::absl_check 11 | absl::strings 12 | absl::string_view 13 | ) 14 | 15 | tink_cc_test( 16 | NAME tink_type_resolver_test 17 | SRCS 18 | tink_type_resolver_test.cc 19 | DEPS 20 | tink::json::internal::tink_type_resolver 21 | gmock 22 | protobuf::libprotobuf 23 | tink::util::test_matchers 24 | tink::proto::tink_cc_proto 25 | ) 26 | -------------------------------------------------------------------------------- /examples/key_derivation/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_executable(key_derivation_cli key_derivation_cli.cc) 2 | target_include_directories(key_derivation_cli PUBLIC 3 | "${CMAKE_CURRENT_SOURCE_DIR}" 4 | "${TINK_EXAMPLES_INCLUDE_PATH}") 5 | target_link_libraries(key_derivation_cli 6 | tink::static 7 | absl::absl_check 8 | absl::flags_parse 9 | util) 10 | 11 | add_test( 12 | NAME key_derivation_cli_test 13 | COMMAND "${BASH_PROGRAM}" 14 | "${CMAKE_CURRENT_SOURCE_DIR}/key_derivation_cli_test.sh" 15 | "${CMAKE_CURRENT_BINARY_DIR}/key_derivation_cli" 16 | "${CMAKE_CURRENT_SOURCE_DIR}/keyset.json" 17 | -------------------------------------------------------------------------------- /examples/key_derivation/keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 1746379508, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.PrfBasedDeriverKey", 7 | "value": "El0KMXR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmNyeXB0by50aW5rLkhrZGZQcmZLZXkSJhICCAMaIHq3492RGOyzGsJTQh6Xi6noTDSrPQxULHuBqB10zMUCGAEaOgo4CjB0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5jcnlwdG8udGluay5BZXNHY21LZXkSAhAQGAE=", 8 | "keyMaterialType": "SYMMETRIC" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 1746379508, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/hybrid_encryption/testdata/hybrid_test_public_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 548859458, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey", 7 | "value": "EkQKBAgCEAMSOhI4CjB0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5jcnlwdG8udGluay5BZXNHY21LZXkSAhAQGAEYARohAKjjAxgGmD9j90UyzNunoC04kWqaWiXGFRhOYfLS7Z2tIiEAhqqb+D0Din92zHwGQefzui0hma5khIZQCWyWHHVgNps=", 8 | "keyMaterialType": "ASYMMETRIC_PUBLIC" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 548859458, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/daead/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_executable(deterministic_aead_cli deterministic_aead_cli.cc) 2 | target_include_directories(deterministic_aead_cli PUBLIC 3 | "${CMAKE_CURRENT_SOURCE_DIR}" 4 | "${TINK_EXAMPLES_INCLUDE_PATH}") 5 | target_link_libraries(deterministic_aead_cli 6 | tink::static 7 | absl::absl_check 8 | absl::flags_parse 9 | util) 10 | 11 | add_test( 12 | NAME deterministic_aead_cli_test 13 | COMMAND "${BASH_PROGRAM}" 14 | "${CMAKE_CURRENT_SOURCE_DIR}/deterministic_aead_cli_test.sh" 15 | "${CMAKE_CURRENT_BINARY_DIR}/deterministic_aead_cli" 16 | "${CMAKE_CURRENT_SOURCE_DIR}/deterministic_aead_test_keyset.json") 17 | -------------------------------------------------------------------------------- /examples/util/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | cc_library( 6 | name = "util", 7 | srcs = ["util.cc"], 8 | hdrs = ["util.h"], 9 | deps = [ 10 | "@abseil-cpp//absl/memory", 11 | "@abseil-cpp//absl/status", 12 | "@abseil-cpp//absl/status:statusor", 13 | "@tink_cc//tink:cleartext_keyset_handle", 14 | "@tink_cc//tink:json_keyset_reader", 15 | "@tink_cc//tink:json_keyset_writer", 16 | "@tink_cc//tink:keyset_handle", 17 | "@tink_cc//tink:keyset_reader", 18 | "@tink_cc//tink:keyset_writer", 19 | ], 20 | ) 21 | -------------------------------------------------------------------------------- /examples/hybrid_encryption/testdata/hybrid_test_private_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 548859458, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey", 7 | "value": "EowBEkQKBAgCEAMSOhI4CjB0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5jcnlwdG8udGluay5BZXNHY21LZXkSAhAQGAEYARohAKjjAxgGmD9j90UyzNunoC04kWqaWiXGFRhOYfLS7Z2tIiEAhqqb+D0Din92zHwGQefzui0hma5khIZQCWyWHHVgNpsaIBQrEEuEn3hClVKM+4bsvmaUOqFYMbl7E6lNFJzbr+lp", 8 | "keyMaterialType": "ASYMMETRIC_PRIVATE" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 548859458, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /tink/experimental/kem/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | tink_cc_library( 2 | NAME kem_parameters 3 | SRCS 4 | kem_parameters.h 5 | DEPS 6 | tink::core::parameters 7 | ) 8 | 9 | tink_cc_library( 10 | NAME kem_private_key 11 | SRCS 12 | kem_private_key.h 13 | DEPS 14 | tink::experimental::kem::kem_parameters 15 | tink::experimental::kem::kem_public_key 16 | absl::string_view 17 | absl::optional 18 | tink::core::key 19 | tink::core::private_key 20 | ) 21 | 22 | tink_cc_library( 23 | NAME kem_public_key 24 | SRCS 25 | kem_public_key.h 26 | DEPS 27 | tink::experimental::kem::kem_parameters 28 | absl::string_view 29 | tink::core::key 30 | ) 31 | -------------------------------------------------------------------------------- /tink/experimental/pqcrypto/proto/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # Package containing C++ protos for experimental PQC primitives. 2 | package(default_visibility = ["//:__subpackages__"]) 3 | 4 | licenses(["notice"]) 5 | 6 | # ---------------------------------------- 7 | # cc_proto_library rules. 8 | # ---------------------------------------- 9 | 10 | cc_proto_library( 11 | name = "cecpq2_aead_hkdf_cc_proto", 12 | visibility = ["//visibility:public"], 13 | deps = ["//proto/experimental/pqcrypto:cecpq2_aead_hkdf_proto"], 14 | ) 15 | 16 | cc_proto_library( 17 | name = "ml_kem_cc_proto", 18 | visibility = ["//visibility:public"], 19 | deps = ["//proto/experimental/pqcrypto:ml_kem_proto"], 20 | ) 21 | -------------------------------------------------------------------------------- /tink/kem/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//:__subpackages__"]) 2 | 3 | licenses(["notice"]) 4 | 5 | cc_library( 6 | name = "kem_decapsulate", 7 | hdrs = ["kem_decapsulate.h"], 8 | include_prefix = "tink/kem", 9 | visibility = ["//visibility:public"], 10 | deps = [ 11 | "//tink:keyset_handle", 12 | "//tink/util:statusor", 13 | "@abseil-cpp//absl/strings", 14 | ], 15 | ) 16 | 17 | cc_library( 18 | name = "kem_encapsulate", 19 | hdrs = ["kem_encapsulate.h"], 20 | include_prefix = "tink/kem", 21 | visibility = ["//visibility:public"], 22 | deps = [ 23 | "//tink:keyset_handle", 24 | "//tink/util:statusor", 25 | ], 26 | ) 27 | -------------------------------------------------------------------------------- /examples/digital_signatures/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_executable(digital_signatures_cli digital_signatures_cli.cc) 2 | target_include_directories(digital_signatures_cli PUBLIC 3 | "${CMAKE_CURRENT_SOURCE_DIR}" 4 | "${TINK_EXAMPLES_INCLUDE_PATH}") 5 | target_link_libraries(digital_signatures_cli 6 | tink::static 7 | absl::absl_check 8 | absl::flags_parse 9 | util) 10 | 11 | add_test( 12 | NAME digital_signatures_cli_test 13 | COMMAND "${BASH_PROGRAM}" 14 | "${CMAKE_CURRENT_SOURCE_DIR}/digital_signatures_cli_test.sh" 15 | "${CMAKE_CURRENT_BINARY_DIR}/digital_signatures_cli" 16 | "${CMAKE_CURRENT_SOURCE_DIR}/digital_signature_private_keyset.json" 17 | "${CMAKE_CURRENT_SOURCE_DIR}/digital_signature_public_keyset.json") 18 | -------------------------------------------------------------------------------- /tink/daead/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | tink_module(daead::subtle) 2 | 3 | tink_cc_library( 4 | NAME aead_or_daead 5 | SRCS 6 | aead_or_daead.cc 7 | aead_or_daead.h 8 | DEPS 9 | absl::bind_front 10 | absl::string_view 11 | absl::variant 12 | tink::core::aead 13 | tink::core::deterministic_aead 14 | tink::util::statusor 15 | ) 16 | 17 | tink_cc_test( 18 | NAME aead_or_daead_test 19 | SRCS 20 | aead_or_daead_test.cc 21 | DEPS 22 | tink::daead::subtle::aead_or_daead 23 | gmock 24 | absl::memory 25 | absl::status 26 | absl::statusor 27 | absl::string_view 28 | tink::core::aead 29 | tink::core::deterministic_aead 30 | tink::util::test_matchers 31 | tink::util::test_util 32 | ) 33 | -------------------------------------------------------------------------------- /.bazelrc: -------------------------------------------------------------------------------- 1 | # Enables automatic per-platform configs. 2 | common --enable_platform_specific_config 3 | 4 | # Minumum C++ version. Override it building this project with 5 | # `bazel build --cxxopt='-std=c++' --host_cxxopt='c++' ...` 6 | # (Both -std and --host_cxxopt must be set to force the desired version.) 7 | build:linux --cxxopt='-std=c++17' --host_cxxopt='-std=c++17' 8 | build:macos --cxxopt='-std=c++17' --host_cxxopt='-std=c++17' 9 | 10 | build:windows --cxxopt='/std:c++17' --host_cxxopt='/std:c++17' 11 | 12 | # Silence all C/C++ warnings in external code. 13 | # 14 | # Note that this will not silence warnings from external headers included 15 | # in project code. 16 | build --per_file_copt=external/.*@-w 17 | build --host_per_file_copt=external/.*@-w 18 | -------------------------------------------------------------------------------- /examples/.bazelrc: -------------------------------------------------------------------------------- 1 | # Enables automatic per-platform configs. 2 | common --enable_platform_specific_config 3 | 4 | # Minumum C++ version. Override it building this project with 5 | # `bazel build --cxxopt='-std=c++' --host_cxxopt='c++' ...` 6 | # (Both -std and --host_cxxopt must be set to force the desired version.) 7 | build:linux --cxxopt='-std=c++17' --host_cxxopt='-std=c++17' 8 | build:macos --cxxopt='-std=c++17' --host_cxxopt='-std=c++17' 9 | 10 | build:windows --cxxopt='/std:c++17' --host_cxxopt='/std:c++17' 11 | 12 | # Silence all C/C++ warnings in external code. 13 | # 14 | # Note that this will not silence warnings from external headers included 15 | # in project code. 16 | build --per_file_copt=external/.*@-w 17 | build --host_per_file_copt=external/.*@-w 18 | -------------------------------------------------------------------------------- /examples/jwt/jwt_signature_public_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 185188009, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.JwtRsaSsaPkcs1PublicKey", 7 | "value": "EAEagQIAs9iifvWObNLbP+x7zupVIYTdHKba4VFgJEnnGtIII21R+KGddTdvNGAokd4GPrFk1GDPitHrAAoW1+NWrafsEUi2J9Sy3uwEyarsKDggewoBCNg2fcWAiZXplPjUyTlhrLvTuyrcL/mGPy+ib7bdmov+D2EP+rKUH6/ydtQGiyHRR3uurTUWfrMD1/6WaBVfngpy5Pxs2nuHXRmBHQKWmPfvErgr4abdjhKDaWIuxzSise1CSAbiWTNcxpIuFYZgPjgQzpqeh93LUXIX9YJds/bhHtXqRdxk6yTisloHOZETItK/rHCCE25dLkkaJ2Li7AtnJdBc6tEUNiuFj2JCjSIDAQAB", 8 | "keyMaterialType": "ASYMMETRIC_PUBLIC" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 185188009, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /.bcr/presubmit.yml: -------------------------------------------------------------------------------- 1 | tasks: 2 | verify_targets_ubuntu: 3 | name: Verify tink-cc build targets (ubuntu2004) 4 | platform: ubuntu2004 5 | bazel: 7.x 6 | build_flags: 7 | - '--cxxopt=-std=c++14' 8 | build_targets: 9 | - '@tink_cc//tink:tink_cc' 10 | verify_targets_windows: 11 | name: Verify tink-cc build targets (windows) 12 | platform: windows 13 | bazel: 7.x 14 | build_flags: 15 | - '--cxxopt=/std:c++14' 16 | - '--features=compiler_param_file' 17 | build_targets: 18 | - '@tink_cc//tink:tink_cc' 19 | verify_targets_macos: 20 | name: Verify tink-cc build targets (macOS) 21 | platform: macos_arm64 22 | bazel: 7.x 23 | build_flags: 24 | - '--cxxopt=-std=c++14' 25 | build_targets: 26 | - '@tink_cc//tink:tink_cc' 27 | -------------------------------------------------------------------------------- /tools/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # Bazel rules for tools. 2 | 3 | sh_binary( 4 | name = "update_build_files_for_tink_2_0_bazel", 5 | srcs = ["update_build_files_for_tink_2_0_bazel.sh"], 6 | ) 7 | 8 | sh_test( 9 | name = "update_build_files_for_tink_2_0_bazel_test", 10 | size = "small", 11 | srcs = ["update_build_files_for_tink_2_0_bazel_test.sh"], 12 | args = [ 13 | "$(rlocationpath :update_build_files_for_tink_2_0_bazel.sh)", 14 | "$(rlocationpath //kokoro/testutils:test_utils)", 15 | ], 16 | data = [ 17 | ":update_build_files_for_tink_2_0_bazel.sh", 18 | "//kokoro/testutils:test_utils", 19 | ], 20 | target_compatible_with = select({ 21 | "@platforms//os:windows": ["@platforms//:incompatible"], 22 | "//conditions:default": [], 23 | }), 24 | ) 25 | -------------------------------------------------------------------------------- /kokoro/testutils/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//:__subpackages__"]) 2 | 3 | licenses(["notice"]) 4 | 5 | sh_binary( 6 | name = "test_utils", 7 | srcs = ["test_utils.sh"], 8 | ) 9 | 10 | sh_binary( 11 | name = "github_release_util", 12 | srcs = ["github_release_util.sh"], 13 | ) 14 | 15 | sh_test( 16 | name = "github_release_util_test", 17 | size = "small", 18 | srcs = ["github_release_util_test.sh"], 19 | args = [ 20 | "$(rlocationpath :github_release_util.sh)", 21 | "$(rlocationpath :test_utils)", 22 | ], 23 | data = [ 24 | ":github_release_util.sh", 25 | ":test_utils", 26 | ], 27 | target_compatible_with = select({ 28 | "@platforms//os:windows": ["@platforms//:incompatible"], 29 | "//conditions:default": [], 30 | }), 31 | ) 32 | -------------------------------------------------------------------------------- /examples/hybrid_encryption/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_executable(hybrid_cli hybrid_cli.cc) 2 | target_include_directories(hybrid_cli PUBLIC 3 | "${CMAKE_CURRENT_SOURCE_DIR}" 4 | "${TINK_EXAMPLES_INCLUDE_PATH}") 5 | target_link_libraries(hybrid_cli 6 | tink::static 7 | absl::absl_check 8 | absl::flags_parse 9 | util) 10 | # Tink CMake's configuration doesn't expose tink::core::hpke_config. Remove 11 | # HPKE from this example when building with CMake. 12 | target_compile_definitions(hybrid_cli PRIVATE TINK_EXAMPLES_EXCLUDE_HPKE) 13 | 14 | add_test( 15 | NAME hybrid_cli_test 16 | COMMAND "${BASH_PROGRAM}" 17 | "${CMAKE_CURRENT_SOURCE_DIR}/hybrid_cli_test.sh" 18 | "${CMAKE_CURRENT_BINARY_DIR}/hybrid_cli" 19 | "${CMAKE_CURRENT_SOURCE_DIR}/testdata/hybrid_test_private_keyset.json" 20 | "${CMAKE_CURRENT_SOURCE_DIR}/testdata/hybrid_test_public_keyset.json") 21 | -------------------------------------------------------------------------------- /tink/json/internal/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//:__subpackages__"]) 2 | 3 | licenses(["notice"]) 4 | 5 | cc_library( 6 | name = "tink_type_resolver", 7 | srcs = ["tink_type_resolver.cc"], 8 | hdrs = ["tink_type_resolver.h"], 9 | include_prefix = "tink/json/internal", 10 | deps = [ 11 | "@abseil-cpp//absl/log:absl_check", 12 | "@abseil-cpp//absl/strings", 13 | "@abseil-cpp//absl/strings:string_view", 14 | "@protobuf//:cc_wkt_protos", 15 | "@protobuf//:protobuf", 16 | ], 17 | ) 18 | 19 | cc_test( 20 | name = "tink_type_resolver_test", 21 | srcs = ["tink_type_resolver_test.cc"], 22 | deps = [ 23 | ":tink_type_resolver", 24 | "//proto:tink_cc_proto", 25 | "//tink/util:test_matchers", 26 | "@googletest//:gtest_main", 27 | "@protobuf//:protobuf", 28 | ], 29 | ) 30 | -------------------------------------------------------------------------------- /.bcr/metadata.template.json: -------------------------------------------------------------------------------- 1 | { 2 | "homepage": "https://github.com/tink-crypto/tink-cc", 3 | "maintainers": [ 4 | { 5 | "email": "ambrosin@google.com", 6 | "github": "morambro", 7 | "name": "Moreno Ambrosin", 8 | "github_user_id": 1968379 9 | }, 10 | { 11 | "email": "wconner@google.com", 12 | "github": "willinois", 13 | "name": "William Conner", 14 | "github_user_id": 22015340 15 | }, 16 | { 17 | "email": "tholenst@google.com", 18 | "github": "tholenst", 19 | "name": "Thomas Holenstein", 20 | "github_user_id": 4568264 21 | }, 22 | { 23 | "email": "juerg@google.com", 24 | "github": "juergw", 25 | "name": "Juerg Wullschleger", 26 | "github_user_id": 52660988 27 | } 28 | ], 29 | "repository": ["github:tink-crypto/tink-cc"], 30 | "versions": [], 31 | "yanked_versions": {} 32 | } 33 | -------------------------------------------------------------------------------- /tink/mac_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_CONFIG_H_ 18 | #define TINK_MAC_CONFIG_H_ 19 | 20 | #include "tink/mac/mac_config.h" // IWYU pragma: export 21 | 22 | #endif // TINK_MAC_CONFIG_H_ 23 | -------------------------------------------------------------------------------- /tink/mac_factory.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_FACTORY_H_ 18 | #define TINK_MAC_FACTORY_H_ 19 | 20 | #include "tink/mac/mac_factory.h" // IWYU pragma: export 21 | 22 | #endif // TINK_MAC_FACTORY_H_ 23 | -------------------------------------------------------------------------------- /tink/aead_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_CONFIG_H_ 18 | #define TINK_AEAD_CONFIG_H_ 19 | 20 | #include "tink/aead/aead_config.h" // IWYU pragma: export 21 | 22 | #endif // TINK_AEAD_CONFIG_H_ 23 | -------------------------------------------------------------------------------- /tink/tink_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_TINK_CONFIG_H_ 18 | #define TINK_TINK_CONFIG_H_ 19 | 20 | #include "tink/config/tink_config.h" // IWYU pragma: export 21 | 22 | #endif // TINK_TINK_CONFIG_H_ 23 | -------------------------------------------------------------------------------- /tink/aead_factory.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_FACTORY_H_ 18 | #define TINK_AEAD_FACTORY_H_ 19 | 20 | #include "tink/aead/aead_factory.h" // IWYU pragma: export 21 | 22 | #endif // TINK_AEAD_FACTORY_H_ 23 | -------------------------------------------------------------------------------- /tink/hybrid_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_CONFIG_H_ 18 | #define TINK_HYBRID_CONFIG_H_ 19 | 20 | #include "tink/hybrid/hybrid_config.h" // IWYU pragma: export 21 | 22 | #endif // TINK_HYBRID_CONFIG_H_ 23 | -------------------------------------------------------------------------------- /tink/json_keyset_reader.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JSON_KEYSET_READER_H_ 18 | #define TINK_JSON_KEYSET_READER_H_ 19 | 20 | #include "tink/json/json_keyset_reader.h" 21 | 22 | #endif // TINK_JSON_KEYSET_READER_H_ 23 | -------------------------------------------------------------------------------- /tink/json_keyset_writer.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JSON_KEYSET_WRITER_H_ 18 | #define TINK_JSON_KEYSET_WRITER_H_ 19 | 20 | #include "tink/json/json_keyset_writer.h" 21 | 22 | #endif // TINK_JSON_KEYSET_WRITER_H_ 23 | -------------------------------------------------------------------------------- /tink/keyset_handle_builder.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_KEYSET_HANDLE_BUILDER_H_ 18 | #define TINK_KEYSET_HANDLE_BUILDER_H_ 19 | 20 | #include "tink/keyset_handle.h" 21 | 22 | #endif // TINK_KEYSET_HANDLE_BUILDER_H_ 23 | -------------------------------------------------------------------------------- /tink/core/version.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/version.h" 18 | 19 | namespace crypto { 20 | namespace tink { 21 | 22 | constexpr char Version::kTinkVersion[]; 23 | 24 | } // namespace tink 25 | } // namespace crypto 26 | -------------------------------------------------------------------------------- /tink/mac_key_templates.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_KEY_TEMPLATES_H_ 18 | #define TINK_MAC_KEY_TEMPLATES_H_ 19 | 20 | #include "tink/mac/mac_key_templates.h" // IWYU pragma: export 21 | 22 | #endif // TINK_MAC_KEY_TEMPLATES_H_ 23 | -------------------------------------------------------------------------------- /tink/signature_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_CONFIG_H_ 18 | #define TINK_SIGNATURE_CONFIG_H_ 19 | 20 | #include "tink/signature/signature_config.h" // IWYU pragma: export 21 | 22 | #endif // TINK_SIGNATURE_CONFIG_H_ 23 | -------------------------------------------------------------------------------- /tink/aead_key_templates.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_KEY_TEMPLATES_H_ 18 | #define TINK_AEAD_KEY_TEMPLATES_H_ 19 | 20 | #include "tink/aead/aead_key_templates.h" // IWYU pragma: export 21 | 22 | #endif // TINK_AEAD_KEY_TEMPLATES_H_ 23 | -------------------------------------------------------------------------------- /tink/hybrid_key_templates.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_KEY_TEMPLATES_H_ 18 | #define TINK_HYBRID_KEY_TEMPLATES_H_ 19 | 20 | #include "tink/hybrid/hybrid_key_templates.h" // IWYU pragma: export 21 | 22 | #endif // TINK_HYBRID_KEY_TEMPLATES_H_ 23 | -------------------------------------------------------------------------------- /tink/hybrid_decrypt_factory.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_DECRYPT_FACTORY_H_ 18 | #define TINK_HYBRID_DECRYPT_FACTORY_H_ 19 | 20 | #include "tink/hybrid/hybrid_decrypt_factory.h" // IWYU pragma: export 21 | 22 | #endif // TINK_HYBRID_DECRYPT_FACTORY_H_ 23 | -------------------------------------------------------------------------------- /tink/hybrid_encrypt_factory.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_ENCRYPT_FACTORY_H_ 18 | #define TINK_HYBRID_ENCRYPT_FACTORY_H_ 19 | 20 | #include "tink/hybrid/hybrid_encrypt_factory.h" // IWYU pragma: export 21 | 22 | #endif // TINK_HYBRID_ENCRYPT_FACTORY_H_ 23 | -------------------------------------------------------------------------------- /tink/signature_key_templates.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_KEY_TEMPLATES_H_ 18 | #define TINK_SIGNATURE_KEY_TEMPLATES_H_ 19 | 20 | #include "tink/signature/signature_key_templates.h" // IWYU pragma: export 21 | 22 | #endif // TINK_SIGNATURE_KEY_TEMPLATES_H_ 23 | -------------------------------------------------------------------------------- /tink/public_key_sign_factory.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PUBLIC_KEY_SIGN_FACTORY_H_ 18 | #define TINK_PUBLIC_KEY_SIGN_FACTORY_H_ 19 | 20 | #include "tink/signature/public_key_sign_factory.h" // IWYU pragma: export 21 | 22 | #endif // TINK_PUBLIC_KEY_SIGN_FACTORY_H_ 23 | -------------------------------------------------------------------------------- /tink/experimental/kem/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//:__subpackages__"]) 2 | 3 | licenses(["notice"]) 4 | 5 | cc_library( 6 | name = "kem_parameters", 7 | hdrs = ["kem_parameters.h"], 8 | include_prefix = "tink/experimental/kem", 9 | deps = ["//tink:parameters"], 10 | ) 11 | 12 | cc_library( 13 | name = "kem_private_key", 14 | hdrs = ["kem_private_key.h"], 15 | include_prefix = "tink/experimental/kem", 16 | deps = [ 17 | ":kem_parameters", 18 | ":kem_public_key", 19 | "//tink:key", 20 | "//tink:private_key", 21 | "@abseil-cpp//absl/strings:string_view", 22 | "@abseil-cpp//absl/types:optional", 23 | ], 24 | ) 25 | 26 | cc_library( 27 | name = "kem_public_key", 28 | hdrs = ["kem_public_key.h"], 29 | include_prefix = "tink/experimental/kem", 30 | deps = [ 31 | ":kem_parameters", 32 | "//tink:key", 33 | "@abseil-cpp//absl/strings:string_view", 34 | ], 35 | ) 36 | -------------------------------------------------------------------------------- /tink/public_key_verify_factory.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PUBLIC_KEY_VERIFY_FACTORY_H_ 18 | #define TINK_PUBLIC_KEY_VERIFY_FACTORY_H_ 19 | 20 | #include "tink/signature/public_key_verify_factory.h" // IWYU pragma: export 21 | 22 | #endif // TINK_PUBLIC_KEY_VERIFY_FACTORY_H_ 23 | -------------------------------------------------------------------------------- /third_party/boringssl_fips/README.md: -------------------------------------------------------------------------------- 1 | # BoringSSL FIPS 2 | 3 | This Bazel repository facilitates building BoringSSL with the FIPS validated 4 | module 5 | [BoringCrypto](https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/3678), 6 | which can then be used in Tink. Note that this gives no guarantee that you use 7 | BoringSSL in a FIPS compliant manner when used. It is strongly recommended to 8 | read the official 9 | [security policy](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3678.pdf) 10 | for BoringCrypto. 11 | 12 | To build Tink with BoringCrypto use 13 | `--override_module=boringssl=third_party/boringssl_fips`, with Bazel module, and 14 | `--override_repository=boringssl=third_party/boringssl_fips`. Tink then offers a 15 | [FIPS-only mode](https://developers.google.com/tink/FIPS) which will restrict 16 | the usage to algorithms which are FIPS approved *and* utilize the BoringCrypto 17 | module. 18 | -------------------------------------------------------------------------------- /proto/empty.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | syntax = "proto3"; 18 | 19 | package google.crypto.tink; 20 | 21 | option java_package = "com.google.crypto.tink.proto"; 22 | option java_multiple_files = true; 23 | option go_package = "github.com/tink-crypto/tink-go/v2/proto/empty_go_proto"; 24 | 25 | message Empty {} 26 | -------------------------------------------------------------------------------- /tink/streaming_aead_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_STREAMING_AEAD_CONFIG_H_ 18 | #define TINK_STREAMING_AEAD_CONFIG_H_ 19 | 20 | // IWYU pragma: begin_exports 21 | #include "tink/streamingaead/streaming_aead_config.h" 22 | // IWYU pragma: end_exports 23 | 24 | #endif // TINK_STREAMING_AEAD_CONFIG_H_ 25 | -------------------------------------------------------------------------------- /tink/util/constants.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #include "tink/util/constants.h" 17 | 18 | #include "absl/base/attributes.h" 19 | 20 | namespace crypto { 21 | namespace tink { 22 | 23 | ABSL_CONST_INIT const char kTypeGoogleapisCom[] = "type.googleapis.com/"; 24 | 25 | } // namespace tink 26 | } // namespace crypto 27 | -------------------------------------------------------------------------------- /tink/util/constants.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #ifndef TINK_UTIL_CONSTANTS_H_ 17 | #define TINK_UTIL_CONSTANTS_H_ 18 | 19 | namespace crypto { 20 | namespace tink { 21 | 22 | extern const char kTypeGoogleapisCom[]; 23 | 24 | } // namespace tink 25 | } // namespace crypto 26 | 27 | 28 | #endif // TINK_UTIL_CONSTANTS_H_ 29 | -------------------------------------------------------------------------------- /tink/deterministic_aead_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DETERMINISTIC_AEAD_CONFIG_H_ 18 | #define TINK_DETERMINISTIC_AEAD_CONFIG_H_ 19 | 20 | // IWYU pragma: begin_exports 21 | #include "tink/daead/deterministic_aead_config.h" 22 | // IWYU pragma: end_exports 23 | 24 | #endif // TINK_DETERMINISTIC_AEAD_CONFIG_H_ 25 | -------------------------------------------------------------------------------- /tink/deterministic_aead_factory.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DETERMINISTIC_AEAD_FACTORY_H_ 18 | #define TINK_DETERMINISTIC_AEAD_FACTORY_H_ 19 | 20 | // IWYU pragma: begin_exports 21 | #include "tink/daead/deterministic_aead_factory.h" 22 | // IWYU pragma: end_exports 23 | 24 | #endif // TINK_DETERMINISTIC_AEAD_FACTORY_H_ 25 | -------------------------------------------------------------------------------- /tink/streaming_aead_key_templates.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_STREAMING_AEAD_KEY_TEMPLATES_H_ 18 | #define TINK_STREAMING_AEAD_KEY_TEMPLATES_H_ 19 | 20 | // IWYU pragma: begin_exports 21 | #include "tink/streamingaead/streaming_aead_key_templates.h" 22 | // IWYU pragma: end_exports 23 | 24 | #endif // TINK_STREAMING_AEAD_KEY_TEMPLATES_H_ 25 | -------------------------------------------------------------------------------- /tink/util/protobuf_helper.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_UTIL_PROTOBUF_HELPER_H_ 18 | #define TINK_UTIL_PROTOBUF_HELPER_H_ 19 | 20 | #include "google/protobuf/message_lite.h" // IWYU pragma: export 21 | 22 | // NOLINTNEXTLINE(misc-unused-alias-decls) 23 | namespace portable_proto = ::google::protobuf; 24 | 25 | #endif // TINK_UTIL_PROTOBUF_HELPER_H_ 26 | -------------------------------------------------------------------------------- /tink/deterministic_aead_key_templates.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DETERMINISTIC_AEAD_KEY_TEMPLATES_H_ 18 | #define TINK_DETERMINISTIC_AEAD_KEY_TEMPLATES_H_ 19 | 20 | // IWYU pragma: begin_exports 21 | #include "tink/daead/deterministic_aead_key_templates.h" 22 | // IWYU pragma: end_exports 23 | 24 | #endif // TINK_DETERMINISTIC_AEAD_KEY_TEMPLATES_H_ 25 | -------------------------------------------------------------------------------- /tink/version.h.templ: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_VERSION_H_ 18 | #define TINK_VERSION_H_ 19 | 20 | namespace crypto { 21 | namespace tink { 22 | 23 | class Version { 24 | public: 25 | static constexpr char kTinkVersion[] = "@TINK_VERSION_LABEL@"; 26 | }; 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_VERSION_H_ 32 | -------------------------------------------------------------------------------- /examples/aead/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | filegroup( 6 | name = "aead_test_keyset", 7 | srcs = ["aead_test_keyset.json"], 8 | ) 9 | 10 | cc_binary( 11 | name = "aead_cli", 12 | srcs = ["aead_cli.cc"], 13 | data = [":aead_test_keyset"], 14 | deps = [ 15 | "//util", 16 | "@abseil-cpp//absl/flags:flag", 17 | "@abseil-cpp//absl/flags:parse", 18 | "@abseil-cpp//absl/log:absl_check", 19 | "@abseil-cpp//absl/status", 20 | "@abseil-cpp//absl/status:statusor", 21 | "@abseil-cpp//absl/strings", 22 | "@tink_cc//tink:aead", 23 | "@tink_cc//tink:keyset_handle", 24 | "@tink_cc//tink/aead:config_v0", 25 | ], 26 | ) 27 | 28 | sh_test( 29 | name = "aead_cli_test", 30 | size = "small", 31 | srcs = ["aead_cli_test.sh"], 32 | args = [ 33 | "$(rootpath :aead_cli)", 34 | "$(rootpath :aead_test_keyset)", 35 | ], 36 | data = [ 37 | ":aead_cli", 38 | ":aead_test_keyset", 39 | ], 40 | ) 41 | -------------------------------------------------------------------------------- /examples/key_derivation/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | cc_binary( 6 | name = "key_derivation_cli", 7 | srcs = ["key_derivation_cli.cc"], 8 | deps = [ 9 | "//util", 10 | "@abseil-cpp//absl/flags:flag", 11 | "@abseil-cpp//absl/flags:parse", 12 | "@abseil-cpp//absl/log:absl_check", 13 | "@abseil-cpp//absl/status", 14 | "@abseil-cpp//absl/status:statusor", 15 | "@tink_cc//tink:aead", 16 | "@tink_cc//tink:keyset_handle", 17 | "@tink_cc//tink/aead:aead_config", 18 | "@tink_cc//tink/keyderivation:key_derivation_config", 19 | "@tink_cc//tink/keyderivation:keyset_deriver", 20 | ], 21 | ) 22 | 23 | sh_test( 24 | name = "key_derivation_cli_test", 25 | size = "small", 26 | srcs = ["key_derivation_cli_test.sh"], 27 | args = [ 28 | "$(rootpath :key_derivation_cli)", 29 | "$(rootpaths :keyset.json)", 30 | ], 31 | data = [ 32 | ":key_derivation_cli", 33 | ":keyset.json", 34 | ], 35 | ) 36 | -------------------------------------------------------------------------------- /examples/mac/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | filegroup( 6 | name = "mac_test_keyset", 7 | srcs = ["mac_test_keyset.json"], 8 | ) 9 | 10 | cc_binary( 11 | name = "mac_cli", 12 | srcs = ["mac_cli.cc"], 13 | deps = [ 14 | "//util", 15 | "@abseil-cpp//absl/flags:flag", 16 | "@abseil-cpp//absl/flags:parse", 17 | "@abseil-cpp//absl/log:absl_check", 18 | "@abseil-cpp//absl/status", 19 | "@abseil-cpp//absl/status:statusor", 20 | "@abseil-cpp//absl/strings", 21 | "@tink_cc//tink:cleartext_keyset_handle", 22 | "@tink_cc//tink:keyset_handle", 23 | "@tink_cc//tink:mac", 24 | "@tink_cc//tink/mac:mac_config", 25 | ], 26 | ) 27 | 28 | sh_test( 29 | name = "mac_cli_test", 30 | size = "small", 31 | srcs = ["mac_cli_test.sh"], 32 | args = [ 33 | "$(rootpath :mac_cli)", 34 | "$(rootpath :mac_test_keyset)", 35 | ], 36 | data = [ 37 | ":mac_cli", 38 | ":mac_test_keyset", 39 | ], 40 | ) 41 | -------------------------------------------------------------------------------- /tink/config/v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_CONFIG_V0_H_ 18 | #define TINK_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate recommended primitives with recommended key 26 | // managers. 27 | const Configuration& ConfigV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/mac/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_CONFIG_V0_H_ 18 | #define TINK_MAC_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate MAC primitives with recommended key managers. 26 | const Configuration& ConfigMacV0(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_MAC_CONFIG_V0_H_ 32 | -------------------------------------------------------------------------------- /tink/prf/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PRF_CONFIG_V0_H_ 18 | #define TINK_PRF_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate PRF primitives with recommended key managers. 26 | const Configuration& ConfigPrfV0(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_PRF_CONFIG_V0_H_ 32 | -------------------------------------------------------------------------------- /examples/hybrid_encryption/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | cc_binary( 6 | name = "hybrid_cli", 7 | srcs = ["hybrid_cli.cc"], 8 | deps = [ 9 | "//util", 10 | "@abseil-cpp//absl/flags:flag", 11 | "@abseil-cpp//absl/flags:parse", 12 | "@abseil-cpp//absl/log:absl_check", 13 | "@abseil-cpp//absl/status", 14 | "@abseil-cpp//absl/status:statusor", 15 | "@abseil-cpp//absl/strings", 16 | "@tink_cc//tink:hybrid_decrypt", 17 | "@tink_cc//tink:hybrid_encrypt", 18 | "@tink_cc//tink:keyset_handle", 19 | "@tink_cc//tink/hybrid:hpke_config", 20 | "@tink_cc//tink/hybrid:hybrid_config", 21 | ], 22 | ) 23 | 24 | sh_test( 25 | name = "hybrid_cli_test", 26 | size = "small", 27 | srcs = ["hybrid_cli_test.sh"], 28 | args = [ 29 | "$(rootpath :hybrid_cli)", 30 | "$(rootpaths //hybrid_encryption/testdata:hpke_test_keyset)", 31 | ], 32 | data = [ 33 | ":hybrid_cli", 34 | "//hybrid_encryption/testdata:hpke_test_keyset", 35 | ], 36 | ) 37 | -------------------------------------------------------------------------------- /tink/aead/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_CONFIG_V0_H_ 18 | #define TINK_AEAD_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate AEAD primitives with recommended key managers. 26 | const Configuration& ConfigAeadV0(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_AEAD_CONFIG_V0_H_ 32 | -------------------------------------------------------------------------------- /tink/secret_key_access.h: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SECRET_KEY_ACCESS_H_ 18 | #define TINK_SECRET_KEY_ACCESS_H_ 19 | 20 | #include "tink/key_access.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | class SecretKeyAccess { 26 | public: 27 | static KeyAccess SecretAccess() { return KeyAccess(true); } 28 | }; 29 | 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_SECRET_KEY_ACCESS_H_ 34 | -------------------------------------------------------------------------------- /tink/mac/mac_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_MAC_PARAMETERS_H_ 18 | #define TINK_MAC_MAC_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // `MacKey` description without the randomly chosen key material. 26 | class MacParameters : public Parameters {}; 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_MAC_MAC_PARAMETERS_H_ 32 | -------------------------------------------------------------------------------- /tink/config/key_gen_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_CONFIG_KEY_GEN_V0_H_ 18 | #define TINK_CONFIG_KEY_GEN_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate keys with recommended key managers. 26 | const KeyGenConfiguration& KeyGenConfigV0(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_CONFIG_KEY_GEN_V0_H_ 32 | -------------------------------------------------------------------------------- /tink/hybrid/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_CONFIG_V0_H_ 18 | #define TINK_HYBRID_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate Hybrid Encryption primitives with recommended 26 | // key managers. 27 | const Configuration& ConfigHybridV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_HYBRID_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/daead/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//:__subpackages__"]) 2 | 3 | licenses(["notice"]) 4 | 5 | cc_library( 6 | name = "aead_or_daead", 7 | srcs = ["aead_or_daead.cc"], 8 | hdrs = ["aead_or_daead.h"], 9 | include_prefix = "tink/daead/subtle", 10 | visibility = ["//visibility:public"], 11 | deps = [ 12 | "//tink:aead", 13 | "//tink:deterministic_aead", 14 | "//tink/util:statusor", 15 | "@abseil-cpp//absl/functional:bind_front", 16 | "@abseil-cpp//absl/strings:string_view", 17 | "@abseil-cpp//absl/types:variant", 18 | ], 19 | ) 20 | 21 | cc_test( 22 | name = "aead_or_daead_test", 23 | size = "small", 24 | srcs = ["aead_or_daead_test.cc"], 25 | deps = [ 26 | ":aead_or_daead", 27 | "//tink:aead", 28 | "//tink:deterministic_aead", 29 | "//tink/util:test_matchers", 30 | "//tink/util:test_util", 31 | "@abseil-cpp//absl/memory", 32 | "@abseil-cpp//absl/status", 33 | "@abseil-cpp//absl/status:statusor", 34 | "@abseil-cpp//absl/strings:string_view", 35 | "@googletest//:gtest_main", 36 | ], 37 | ) 38 | -------------------------------------------------------------------------------- /tink/signature/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_CONFIG_V0_H_ 18 | #define TINK_SIGNATURE_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate Signature primitives with recommended key 26 | // managers. 27 | const Configuration& ConfigSignatureV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_SIGNATURE_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/daead/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DAEAD_CONFIG_V0_H_ 18 | #define TINK_DAEAD_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate Deterministic AEAD primitives with recommended 26 | // key managers. 27 | const Configuration& ConfigDeterministicAeadV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_DAEAD_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/jwt/jwt_mac_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_MAC_CONFIG_V0_H_ 18 | #define TINK_JWT_JWT_MAC_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate JWT MAC primitives with recommended key 26 | // managers. 27 | const Configuration& ConfigJwtMacV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_JWT_JWT_MAC_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /testvectors/build_defs.bzl: -------------------------------------------------------------------------------- 1 | """Macro for working with Wycheproof test vectors.""" 2 | 3 | def _filter_vectors_impl(ctx): 4 | filtered_srcs = [f for f in ctx.files.srcs if f.basename in ctx.attr.outs] 5 | return [DefaultInfo(files = depset(filtered_srcs))] 6 | 7 | _filter_vectors = rule( 8 | implementation = _filter_vectors_impl, 9 | attrs = { 10 | "srcs": attr.label_list(allow_files = True), 11 | "outs": attr.string_list(), 12 | }, 13 | ) 14 | 15 | def wycheproof_vectors(name, srcs, outs, **kwargs): 16 | """Wraps genrule and filters srcs based on outs. 17 | 18 | Args: 19 | name: A unique name for this target. 20 | srcs: The full vector files available to copy. 21 | outs: The specific vector files to copy. 22 | **kwargs: Arguments passed through to the genrule. 23 | """ 24 | 25 | _filter_vectors( 26 | name = name + "_filtered_srcs", 27 | srcs = srcs, 28 | outs = outs, 29 | ) 30 | 31 | native.genrule( 32 | name = name, 33 | srcs = [":" + name + "_filtered_srcs"], 34 | outs = outs, 35 | cmd = "cp $(SRCS) $(@D)/", 36 | **kwargs 37 | ) 38 | -------------------------------------------------------------------------------- /tink/mac/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_MAC_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate MAC keys with recommended key managers. 26 | const KeyGenConfiguration& KeyGenConfigMacV0(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_MAC_KEY_GEN_CONFIG_V0_H_ 32 | -------------------------------------------------------------------------------- /tink/prf/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PRF_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_PRF_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate PRF keys with recommended key managers. 26 | const KeyGenConfiguration& KeyGenConfigPrfV0(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_PRF_KEY_GEN_CONFIG_V0_H_ 32 | -------------------------------------------------------------------------------- /tink/aead/aead_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_AEAD_PARAMETERS_H_ 18 | #define TINK_AEAD_AEAD_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes an `AeadKey` (e.g., key attributes), excluding the randomly chosen 26 | // key material. 27 | class AeadParameters : public Parameters {}; 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_AEAD_AEAD_PARAMETERS_H_ 33 | -------------------------------------------------------------------------------- /tink/aead/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_AEAD_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate AEAD keys with recommended key managers. 26 | const KeyGenConfiguration& KeyGenConfigAeadV0(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_AEAD_KEY_GEN_CONFIG_V0_H_ 32 | -------------------------------------------------------------------------------- /tink/internal/test_file_util_cmake.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/internal/test_file_util.h" 18 | 19 | #include 20 | 21 | #include "absl/strings/str_cat.h" 22 | #include "absl/strings/string_view.h" 23 | 24 | namespace crypto { 25 | namespace tink { 26 | namespace internal { 27 | 28 | std::string RunfilesPath(absl::string_view path) { 29 | return absl::StrCat("./", path); 30 | } 31 | 32 | } // namespace internal 33 | } // namespace tink 34 | } // namespace crypto 35 | -------------------------------------------------------------------------------- /tink/internal/err_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #ifndef TINK_INTERNAL_ERR_UTIL_H_ 17 | #define TINK_INTERNAL_ERR_UTIL_H_ 18 | 19 | #include 20 | 21 | namespace crypto { 22 | namespace tink { 23 | namespace internal { 24 | 25 | // Returns OpenSSL error strings accumulated in the error queue, thus emptying 26 | // the queue. 27 | std::string GetSslErrors(); 28 | 29 | } // namespace internal 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_INTERNAL_ERR_UTIL_H_ 34 | -------------------------------------------------------------------------------- /tink/util/keyset_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_UTIL_KEYSET_UTIL_H_ 18 | #define TINK_UTIL_KEYSET_UTIL_H_ 19 | 20 | #include 21 | 22 | #include "proto/tink.pb.h" 23 | 24 | namespace crypto { 25 | namespace tink { 26 | 27 | // Generate a new random key ID not previously used in `keyset`. 28 | uint32_t GenerateUnusedKeyId(const google::crypto::tink::Keyset& keyset); 29 | 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_UTIL_KEYSET_UTIL_H_ 34 | -------------------------------------------------------------------------------- /tink/streamingaead/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_STREAMINGAEAD_CONFIG_V0_H_ 18 | #define TINK_STREAMINGAEAD_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate Streaming AEAD primitives with recommended key 26 | // managers. 27 | const Configuration& ConfigStreamingAeadV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_STREAMINGAEAD_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/jwt/jwt_signature_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_SIGNATURE_CONFIG_V0_H_ 18 | #define TINK_JWT_JWT_SIGNATURE_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate JWT Signature primitives with recommended key 26 | // managers. 27 | const Configuration& ConfigJwtSignatureV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_JWT_JWT_SIGNATURE_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/hybrid/hpke_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_HPKE_CONFIG_H_ 18 | #define TINK_HYBRID_HPKE_CONFIG_H_ 19 | 20 | #include "tink/util/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Registers HybridEncrypt and HybridDecrypt primitive wrappers, and key 26 | // managers for HPKE Encrypt and HPKE Decrypt from the current Tink release. 27 | absl::Status RegisterHpke(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_HYBRID_HPKE_CONFIG_H_ 33 | -------------------------------------------------------------------------------- /tink/hybrid/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_HYBRID_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate Hybrid Encryption keys with recommended 26 | // key managers. 27 | const KeyGenConfiguration& KeyGenConfigHybridV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_HYBRID_KEY_GEN_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/jwt/jwt_mac_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_MAC_CONFIG_H_ 18 | #define TINK_JWT_JWT_MAC_CONFIG_H_ 19 | 20 | #include "absl/status/status.h" 21 | #include "proto/config.pb.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | // Registers JwtMac primitive wrapper and key managers for all JwtMac key 27 | // types from the current Tink release. 28 | absl::Status JwtMacRegister(); 29 | 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_JWT_JWT_MAC_CONFIG_H_ 34 | -------------------------------------------------------------------------------- /tink/private_key.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PRIVATE_KEY_H_ 18 | #define TINK_PRIVATE_KEY_H_ 19 | 20 | #include "tink/key.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Represents a private key. Note that private keys in Tink always include the 26 | // corresponding public key. 27 | class PrivateKey : public Key { 28 | public: 29 | virtual const Key& GetPublicKey() const = 0; 30 | }; 31 | 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_PRIVATE_KEY_H_ 36 | -------------------------------------------------------------------------------- /tink/hybrid/hybrid_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_HYBRID_PARAMETERS_H_ 18 | #define TINK_HYBRID_HYBRID_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes a hybrid encryption key pair (e.g., key attributes), excluding the 26 | // randomly chosen key material. 27 | class HybridParameters : public Parameters {}; 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_HYBRID_HYBRID_PARAMETERS_H_ 33 | -------------------------------------------------------------------------------- /tink/signature/sig_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #ifndef TINK_SIGNATURE_SIG_UTIL_H_ 17 | #define TINK_SIGNATURE_SIG_UTIL_H_ 18 | 19 | #include "tink/public_key_sign.h" 20 | #include "tink/public_key_verify.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | absl::Status SignAndVerify(const PublicKeySign* signer, 27 | const PublicKeyVerify* verifier); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_SIGNATURE_SIG_UTIL_H_ 33 | -------------------------------------------------------------------------------- /tink/daead/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DAEAD_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_DAEAD_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate Deterministic AEAD keys with recommended 26 | // key managers. 27 | const KeyGenConfiguration& KeyGenConfigDeterministicAeadV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_DAEAD_KEY_GEN_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/jwt/jwt_mac_key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_MAC_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_JWT_JWT_MAC_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate JWT MAC keys with recommended key 26 | // managers. 27 | const KeyGenConfiguration& KeyGenConfigJwtMacV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_JWT_JWT_MAC_KEY_GEN_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/signature/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_SIGNATURE_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate Signature keys with recommended key 26 | // managers. 27 | const KeyGenConfiguration& KeyGenConfigSignatureV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_SIGNATURE_KEY_GEN_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/config/tink_fips.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #include "tink/config/tink_fips.h" 17 | 18 | #include "tink/internal/fips_utils.h" 19 | #include "tink/internal/registry_impl.h" 20 | #include "tink/util/status.h" 21 | 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | bool IsFipsModeEnabled() { 27 | return internal::IsFipsModeEnabled(); 28 | } 29 | 30 | absl::Status RestrictToFips() { 31 | return internal::RegistryImpl::GlobalInstance().RestrictToFipsIfEmpty(); 32 | } 33 | 34 | } // namespace tink 35 | } // namespace crypto 36 | -------------------------------------------------------------------------------- /tink/internal/internal_insecure_secret_key_access.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/internal/internal_insecure_secret_key_access.h" 18 | #include "tink/insecure_secret_key_access.h" 19 | #include "tink/secret_key_access_token.h" 20 | 21 | namespace crypto { 22 | namespace tink { 23 | namespace internal { 24 | 25 | SecretKeyAccessToken GetInsecureSecretKeyAccessInternal() { 26 | return crypto::tink::InsecureSecretKeyAccess::Get(); 27 | } 28 | 29 | } // namespace internal 30 | } // namespace tink 31 | } // namespace crypto 32 | -------------------------------------------------------------------------------- /proto/experimental/pqcrypto/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//:__subpackages__"]) 2 | 3 | licenses(["notice"]) 4 | 5 | # ---------------------------------------- 6 | # proto_library rules. 7 | # ---------------------------------------- 8 | 9 | proto_library( 10 | name = "cecpq2_aead_hkdf_proto", 11 | srcs = [ 12 | "cecpq2_aead_hkdf.proto", 13 | ], 14 | visibility = ["//visibility:public"], 15 | deps = [ 16 | "//proto:common_proto", 17 | "//proto:tink_proto", 18 | ], 19 | ) 20 | 21 | proto_library( 22 | name = "ml_kem_proto", 23 | srcs = [ 24 | "ml_kem.proto", 25 | ], 26 | visibility = ["//visibility:public"], 27 | deps = [ 28 | "//proto:common_proto", 29 | "//proto:tink_proto", 30 | ], 31 | ) 32 | 33 | # ---------------------------------------- 34 | # cc_proto_library rules. 35 | # ---------------------------------------- 36 | 37 | cc_proto_library( 38 | name = "cecpq2_aead_hkdf_cc_proto", 39 | visibility = ["//visibility:public"], 40 | deps = [":cecpq2_aead_hkdf_proto"], 41 | ) 42 | 43 | cc_proto_library( 44 | name = "ml_kem_cc_proto", 45 | visibility = ["//visibility:public"], 46 | deps = [":ml_kem_proto"], 47 | ) 48 | -------------------------------------------------------------------------------- /proto/test_proto.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | syntax = "proto3"; 17 | 18 | package google.crypto.tink; 19 | 20 | option java_package = "com.google.crypto.tink.proto"; 21 | option java_multiple_files = true; 22 | 23 | message TestProto { 24 | uint64 num = 1; 25 | bytes str = 2; // Placeholder for ctype. 26 | } 27 | 28 | message NestedTestProto { 29 | TestProto a = 1; 30 | TestProto b = 2; 31 | uint64 num = 3; 32 | bytes str = 4; // Placeholder for ctype. 33 | } 34 | 35 | message TestProtoWithoutCtype { 36 | bytes str = 1; 37 | } 38 | -------------------------------------------------------------------------------- /tink/internal/key_info.h: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #ifndef TINK_INTERNAL_KEY_INFO_H_ 17 | #define TINK_INTERNAL_KEY_INFO_H_ 18 | 19 | #include "proto/tink.pb.h" 20 | 21 | namespace crypto { 22 | namespace tink { 23 | 24 | google::crypto::tink::KeysetInfo::KeyInfo KeyInfoFromKey( 25 | const google::crypto::tink::Keyset::Key& key); 26 | 27 | google::crypto::tink::KeysetInfo KeysetInfoFromKeyset( 28 | const google::crypto::tink::Keyset& keyset); 29 | 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_INTERNAL_KEY_INFO_H_ 34 | -------------------------------------------------------------------------------- /tink/signature/signature_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_SIGNATURE_PARAMETERS_H_ 18 | #define TINK_SIGNATURE_SIGNATURE_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes a digital signature key pair (e.g., key attributes), excluding the 26 | // randomly chosen key material. 27 | class SignatureParameters : public Parameters {}; 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_SIGNATURE_SIGNATURE_PARAMETERS_H_ 33 | -------------------------------------------------------------------------------- /tink/streamingaead/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_STREAMINGAEAD_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_STREAMINGAEAD_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate Streaming AEAD keys with recommended key 26 | // managers. 27 | const KeyGenConfiguration& KeyGenConfigStreamingAeadV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_STREAMINGAEAD_KEY_GEN_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/core/restricted_data.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/restricted_data.h" 18 | 19 | #include 20 | 21 | #include "absl/log/absl_check.h" 22 | #include "tink/subtle/random.h" 23 | 24 | namespace crypto { 25 | namespace tink { 26 | 27 | RestrictedData::RestrictedData(int64_t num_random_bytes) { 28 | ABSL_CHECK_GE(num_random_bytes, 0) 29 | << "Cannot generate a negative number of random bytes.\n"; 30 | secret_ = subtle::Random::GetRandomKeyBytes(num_random_bytes); 31 | } 32 | 33 | } // namespace tink 34 | } // namespace crypto 35 | -------------------------------------------------------------------------------- /tink/experimental/kem/kem_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_EXPERIMENTAL_KEM_KEM_PARAMETERS_H_ 18 | #define TINK_EXPERIMENTAL_KEM_KEM_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes a key encapsulation mechanism key pair (e.g. key attributes), 26 | // excluding the randomly chosen key material. 27 | class KemParameters : public Parameters {}; 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_EXPERIMENTAL_KEM_KEM_PARAMETERS_H_ 33 | -------------------------------------------------------------------------------- /tink/prf/prf_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PRF_PRF_PARAMETERS_H_ 18 | #define TINK_PRF_PRF_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes a PRF key (e.g., key attributes), excluding the randomly chosen key 26 | // material. 27 | class PrfParameters : public Parameters { 28 | public: 29 | bool HasIdRequirement() const final { return false; } 30 | }; 31 | 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_PRF_PRF_PARAMETERS_H_ 36 | -------------------------------------------------------------------------------- /tink/jwt/jwt_signature_key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_SIGNATURE_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_JWT_JWT_SIGNATURE_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate JWT Signature keys with recommended key 26 | // managers. 27 | const KeyGenConfiguration& KeyGenConfigJwtSignatureV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_JWT_JWT_SIGNATURE_KEY_GEN_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/daead/deterministic_aead_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DAEAD_DETERMINISTIC_AEAD_PARAMETERS_H_ 18 | #define TINK_DAEAD_DETERMINISTIC_AEAD_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes a `DeterministicAeadKey` (e.g., key attributes), excluding the 26 | // randomly chosen key material. 27 | class DeterministicAeadParameters : public Parameters {}; 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_DAEAD_DETERMINISTIC_AEAD_PARAMETERS_H_ 33 | -------------------------------------------------------------------------------- /tink/mac/config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/mac/config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/mac/internal/config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigMacV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | ABSL_CHECK_OK(internal::AddMacV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/prf/config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/prf/config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/prf/internal/config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigPrfV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | ABSL_CHECK_OK(internal::AddPrfV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /examples/walkthrough/create_keyset.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #ifndef TINK_EXAMPLES_WALKTHROUGH_CREATE_KEYSET_H_ 17 | #define TINK_EXAMPLES_WALKTHROUGH_CREATE_KEYSET_H_ 18 | 19 | #include 20 | 21 | #include "tink/keyset_handle.h" 22 | #include "tink/util/statusor.h" 23 | 24 | namespace tink_walkthrough { 25 | 26 | // Creates a keyset with a single AES128-GCM key and return a handle to it. 27 | absl::StatusOr> 28 | CreateAead128GcmKeyset(); 29 | 30 | } // namespace tink_walkthrough 31 | 32 | #endif // TINK_EXAMPLES_WALKTHROUGH_CREATE_KEYSET_H_ 33 | -------------------------------------------------------------------------------- /tink/aead/config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/aead/config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/aead/internal/config_v0.h" 21 | #include "tink/configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigAeadV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | ABSL_CHECK_OK(internal::AddAeadV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/experimental/pqcrypto/kem/ml_kem_proto_serialization.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_EXPERIMENTAL_PQCRYPTO_KEM_ML_KEM_PROTO_SERIALIZATION_H_ 18 | #define TINK_EXPERIMENTAL_PQCRYPTO_KEM_ML_KEM_PROTO_SERIALIZATION_H_ 19 | 20 | #include "tink/util/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Registers proto parsers and serializers for ML-KEM parameters and keys. 26 | absl::Status RegisterMlKemProtoSerialization(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_EXPERIMENTAL_PQCRYPTO_KEM_ML_KEM_PROTO_SERIALIZATION_H_ 32 | -------------------------------------------------------------------------------- /examples/digital_signatures/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | filegroup( 6 | name = "digital_signature_keyset", 7 | srcs = [ 8 | "digital_signature_private_keyset.json", 9 | "digital_signature_public_keyset.json", 10 | ], 11 | ) 12 | 13 | cc_binary( 14 | name = "digital_signatures_cli", 15 | srcs = ["digital_signatures_cli.cc"], 16 | deps = [ 17 | "//util", 18 | "@abseil-cpp//absl/flags:flag", 19 | "@abseil-cpp//absl/flags:parse", 20 | "@abseil-cpp//absl/log:absl_check", 21 | "@abseil-cpp//absl/status", 22 | "@abseil-cpp//absl/status:statusor", 23 | "@tink_cc//tink:keyset_handle", 24 | "@tink_cc//tink:public_key_sign", 25 | "@tink_cc//tink:public_key_verify", 26 | "@tink_cc//tink/signature:signature_config", 27 | ], 28 | ) 29 | 30 | sh_test( 31 | name = "digital_signatures_cli_test", 32 | size = "small", 33 | srcs = ["digital_signatures_cli_test.sh"], 34 | args = [ 35 | "$(rootpath :digital_signatures_cli)", 36 | "$(rootpaths :digital_signature_keyset)", 37 | ], 38 | data = [ 39 | ":digital_signature_keyset", 40 | ":digital_signatures_cli", 41 | ], 42 | ) 43 | -------------------------------------------------------------------------------- /tink/config/config_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_CONFIG_CONFIG_UTIL_H_ 18 | #define TINK_CONFIG_CONFIG_UTIL_H_ 19 | 20 | #include 21 | 22 | #include "proto/config.pb.h" 23 | 24 | namespace crypto { 25 | namespace tink { 26 | 27 | google::crypto::tink::KeyTypeEntry CreateTinkKeyTypeEntry( 28 | const std::string& catalogue_name, const std::string& primitive_name, 29 | const std::string& key_proto_name, int key_manager_version, 30 | bool new_key_allowed); 31 | 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_CONFIG_CONFIG_UTIL_H_ 36 | -------------------------------------------------------------------------------- /tink/mac/internal/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_INTERNAL_CONFIG_V0_H_ 18 | #define TINK_MAC_INTERNAL_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended MAC primitive wrappers and key managers to `config`, used to 28 | // generate primitives. 29 | absl::Status AddMacV0(Configuration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_MAC_INTERNAL_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/prf/internal/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PRF_INTERNAL_CONFIG_V0_H_ 18 | #define TINK_PRF_INTERNAL_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended PRF primitive wrappers and key managers to `config`, used to 28 | // generate primitives. 29 | absl::Status AddPrfV0(Configuration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_PRF_INTERNAL_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /examples/daead/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | filegroup( 6 | name = "deterministic_aead_test_keyset", 7 | srcs = ["deterministic_aead_test_keyset.json"], 8 | ) 9 | 10 | cc_binary( 11 | name = "deterministic_aead_cli", 12 | srcs = ["deterministic_aead_cli.cc"], 13 | data = [":deterministic_aead_test_keyset"], 14 | deps = [ 15 | "//util", 16 | "@abseil-cpp//absl/flags:flag", 17 | "@abseil-cpp//absl/flags:parse", 18 | "@abseil-cpp//absl/log:absl_check", 19 | "@abseil-cpp//absl/status", 20 | "@abseil-cpp//absl/status:statusor", 21 | "@abseil-cpp//absl/strings", 22 | "@tink_cc//tink:deterministic_aead", 23 | "@tink_cc//tink:keyset_handle", 24 | "@tink_cc//tink/daead:config_v0", 25 | "@tink_cc//tink/util:status", 26 | ], 27 | ) 28 | 29 | sh_test( 30 | name = "deterministic_aead_cli_test", 31 | size = "small", 32 | srcs = ["deterministic_aead_cli_test.sh"], 33 | args = [ 34 | "$(rootpath :deterministic_aead_cli)", 35 | "$(rootpath :deterministic_aead_test_keyset)", 36 | ], 37 | data = [ 38 | ":deterministic_aead_cli", 39 | ":deterministic_aead_test_keyset", 40 | ], 41 | ) 42 | -------------------------------------------------------------------------------- /tink/aead/internal/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_INTERNAL_CONFIG_V0_H_ 18 | #define TINK_AEAD_INTERNAL_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended AEAD primitive wrappers and key managers to `config`, used to 28 | // generate primitives. 29 | absl::Status AddAeadV0(Configuration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_AEAD_INTERNAL_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/hybrid/config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/hybrid/config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/hybrid/internal/config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigHybridV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | ABSL_CHECK_OK(internal::AddHybridV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/jwt/jwt_mac_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_MAC_PARAMETERS_H_ 18 | #define TINK_JWT_JWT_MAC_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // `JwtMacKey` description without the randomly chosen key material. 26 | class JwtMacParameters : public Parameters { 27 | // Returns true if verification is allowed for tokens without a `kid` header. 28 | virtual bool AllowKidAbsent() const = 0; 29 | }; 30 | 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_JWT_JWT_MAC_PARAMETERS_H_ 35 | -------------------------------------------------------------------------------- /proto/aes_cmac_prf.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | syntax = "proto3"; 18 | 19 | package google.crypto.tink; 20 | 21 | option java_package = "com.google.crypto.tink.proto"; 22 | option java_multiple_files = true; 23 | option go_package = "github.com/tink-crypto/tink-go/v2/proto/aes_cmac_prf_go_proto"; 24 | 25 | // key_type: type.googleapis.com/google.crypto.tink.AesCmacPrfKey 26 | message AesCmacPrfKey { 27 | uint32 version = 1; 28 | bytes key_value = 2; // Placeholder for ctype and debug_redact. 29 | } 30 | 31 | message AesCmacPrfKeyFormat { 32 | uint32 version = 2; 33 | uint32 key_size = 1; 34 | } 35 | -------------------------------------------------------------------------------- /tink/internal/global_serialization_registry.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_INTERNAL_GLOBAL_SERIALIZATION_REGISTRY_H_ 18 | #define TINK_INTERNAL_GLOBAL_SERIALIZATION_REGISTRY_H_ 19 | 20 | #include "tink/internal/serialization_registry.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | namespace internal { 25 | 26 | // Returns the global immutable serialization registry. 27 | const SerializationRegistry& GlobalSerializationRegistry(); 28 | 29 | } // namespace internal 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_INTERNAL_GLOBAL_SERIALIZATION_REGISTRY_H_ 34 | -------------------------------------------------------------------------------- /tink/mac/failing_mac.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #ifndef TINK_MAC_FAILING_MAC_H_ 17 | #define TINK_MAC_FAILING_MAC_H_ 18 | 19 | #include 20 | #include 21 | 22 | #include "absl/strings/string_view.h" 23 | #include "tink/mac.h" 24 | 25 | namespace crypto { 26 | namespace tink { 27 | 28 | // Returns a MAC that always returns an error when calling ComputeMac or 29 | // VerifyMac. The error message will contain `message`. 30 | std::unique_ptr CreateAlwaysFailingMac(std::string message = ""); 31 | 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_MAC_FAILING_MAC_H_ 36 | -------------------------------------------------------------------------------- /proto/xchacha20_poly1305.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | syntax = "proto3"; 18 | 19 | package google.crypto.tink; 20 | 21 | option java_package = "com.google.crypto.tink.proto"; 22 | option java_multiple_files = true; 23 | option go_package = "github.com/tink-crypto/tink-go/v2/proto/xchacha20_poly1305_go_proto"; 24 | 25 | message XChaCha20Poly1305KeyFormat { 26 | uint32 version = 1; 27 | } 28 | 29 | // key_type: type.googleapis.com/google.crypto.tink.XChaCha20Poly1305Key 30 | message XChaCha20Poly1305Key { 31 | uint32 version = 1; 32 | bytes key_value = 3; // Placeholder for ctype and debug_redact. 33 | } 34 | -------------------------------------------------------------------------------- /tink/config/global_registry.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_CONFIG_GLOBAL_REGISTRY_H_ 18 | #define TINK_CONFIG_GLOBAL_REGISTRY_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/key_gen_configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | // Used to generate primitives and keys using the global crypto::tink::Registry. 27 | const crypto::tink::Configuration& ConfigGlobalRegistry(); 28 | const crypto::tink::KeyGenConfiguration& KeyGenConfigGlobalRegistry(); 29 | 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_CONFIG_GLOBAL_REGISTRY_H_ 34 | -------------------------------------------------------------------------------- /tink/mac/internal/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_INTERNAL_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_MAC_INTERNAL_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended MAC key managers to `config`, used to generate keys. 28 | absl::Status AddMacKeyGenV0(KeyGenConfiguration& config); 29 | 30 | } // namespace internal 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_MAC_INTERNAL_KEY_GEN_CONFIG_V0_H_ 35 | -------------------------------------------------------------------------------- /tink/prf/internal/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PRF_INTERNAL_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_PRF_INTERNAL_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended PRF key managers to `config`, used to generate keys. 28 | absl::Status AddPrfKeyGenV0(KeyGenConfiguration& config); 29 | 30 | } // namespace internal 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_PRF_INTERNAL_KEY_GEN_CONFIG_V0_H_ 35 | -------------------------------------------------------------------------------- /tink/aead/failing_aead.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #ifndef TINK_AEAD_FAILING_AEAD_H_ 17 | #define TINK_AEAD_FAILING_AEAD_H_ 18 | 19 | #include 20 | #include 21 | 22 | #include "absl/strings/string_view.h" 23 | #include "tink/aead.h" 24 | 25 | namespace crypto { 26 | namespace tink { 27 | 28 | // Returns an AEAD that always returns an error when calling Encrypt or Decrypt. 29 | // The error message will contain `message`. 30 | std::unique_ptr CreateAlwaysFailingAead(absl::string_view message = ""); 31 | 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_AEAD_FAILING_AEAD_H_ 36 | -------------------------------------------------------------------------------- /tink/aead/internal/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_INTERNAL_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_AEAD_INTERNAL_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended AEAD key managers to `config`, used to generate keys. 28 | absl::Status AddAeadKeyGenV0(KeyGenConfiguration& config); 29 | 30 | } // namespace internal 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_AEAD_INTERNAL_KEY_GEN_CONFIG_V0_H_ 35 | -------------------------------------------------------------------------------- /tink/signature/config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/signature/config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/signature/internal/config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigSignatureV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | ABSL_CHECK_OK(internal::AddSignatureV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/daead/config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/daead/config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/daead/internal/config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigDeterministicAeadV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | ABSL_CHECK_OK(internal::AddDeterministicAeadV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/jwt/jwt_mac_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/jwt/jwt_mac_config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/jwt/internal/jwt_mac_config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigJwtMacV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | ABSL_CHECK_OK(jwt_internal::AddJwtMacV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/jwt/jwt_signature_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_SIGNATURE_CONFIG_H_ 18 | #define TINK_JWT_JWT_SIGNATURE_CONFIG_H_ 19 | 20 | #include "absl/status/status.h" 21 | #include "proto/config.pb.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | // Registers JwtPublicKeySign and JwtPublicKeyVerify primitive wrapper and key 27 | // managers for all JwtPublicKeySign and JwtPublicKeyVerify key types from the 28 | // current Tink release. 29 | absl::Status JwtSignatureRegister(); 30 | 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_JWT_JWT_SIGNATURE_CONFIG_H_ 35 | -------------------------------------------------------------------------------- /tink/hybrid/internal/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_INTERNAL_CONFIG_V0_H_ 18 | #define TINK_HYBRID_INTERNAL_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended Hybrid Encryption primitive wrappers and key managers to 28 | // `config`, used to generate primitives. 29 | absl::Status AddHybridV0(Configuration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_HYBRID_INTERNAL_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/daead/internal/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DAEAD_INTERNAL_CONFIG_V0_H_ 18 | #define TINK_DAEAD_INTERNAL_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended Deterministic AEAD primitive wrappers and key managers to 28 | // `config`, used to generate primitives. 29 | absl::Status AddDeterministicAeadV0(Configuration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_DAEAD_INTERNAL_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/internal/err_util.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #include "tink/internal/err_util.h" 17 | 18 | #include 19 | 20 | #include 21 | 22 | #include "openssl/err.h" 23 | 24 | namespace crypto { 25 | namespace tink { 26 | namespace internal { 27 | 28 | std::string GetSslErrors() { 29 | std::string ret; 30 | ERR_print_errors_cb( 31 | [](const char *str, size_t len, void *ctx) -> int { 32 | static_cast(ctx)->append(str, len); 33 | return 1; 34 | }, 35 | &ret); 36 | return ret; 37 | } 38 | 39 | } // namespace internal 40 | } // namespace tink 41 | } // namespace crypto 42 | -------------------------------------------------------------------------------- /tink/signature/internal/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_INTERNAL_CONFIG_V0_H_ 18 | #define TINK_SIGNATURE_INTERNAL_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended Signature primitive wrappers and key managers to `config`, 28 | // used to generate primitives. 29 | absl::Status AddSignatureV0(Configuration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_SIGNATURE_INTERNAL_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/hybrid/internal/hpke_public_key_manager.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/hybrid/internal/hpke_public_key_manager.h" 18 | 19 | #include "tink/hybrid/internal/hpke_key_manager_util.h" 20 | #include "tink/util/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | namespace internal { 25 | 26 | using HpkePublicKeyProto = ::google::crypto::tink::HpkePublicKey; 27 | 28 | absl::Status HpkePublicKeyManager::ValidateKey( 29 | const HpkePublicKeyProto& key) const { 30 | return ValidateKeyAndVersion(key, get_version()); 31 | } 32 | 33 | } // namespace internal 34 | } // namespace tink 35 | } // namespace crypto 36 | -------------------------------------------------------------------------------- /tink/hybrid/internal/testing/ecies_aead_hkdf_test_vectors.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_INTERNAL_TESTING_ECIES_AEAD_HKDF_TEST_VECTORS_H_ 18 | #define TINK_HYBRID_INTERNAL_TESTING_ECIES_AEAD_HKDF_TEST_VECTORS_H_ 19 | 20 | #include 21 | 22 | #include "tink/hybrid/internal/testing/hybrid_test_vectors.h" 23 | 24 | namespace crypto { 25 | namespace tink { 26 | namespace internal { 27 | 28 | std::vector CreateEciesTestVectors(); 29 | 30 | } // namespace internal 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_HYBRID_INTERNAL_TESTING_ECIES_AEAD_HKDF_TEST_VECTORS_H_ 35 | -------------------------------------------------------------------------------- /tink/streamingaead/config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/streamingaead/config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/streamingaead/internal/config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigStreamingAeadV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | ABSL_CHECK_OK(internal::AddStreamingAeadV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/hybrid/internal/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_INTERNAL_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_HYBRID_INTERNAL_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended Hybrid Encryption key managers to `config`, used to generate 28 | // keys. 29 | absl::Status AddHybridKeyGenV0(KeyGenConfiguration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_HYBRID_INTERNAL_KEY_GEN_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/jwt/internal/jwt_mac_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_INTERNAL_JWT_MAC_CONFIG_V0_H_ 18 | #define TINK_JWT_INTERNAL_JWT_MAC_CONFIG_V0_H_ 19 | 20 | #include "absl/status/status.h" 21 | #include "tink/configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace jwt_internal { 26 | 27 | // Add recommended JWT MAC primitive wrappers and key managers to `config`, used 28 | // to generate primitives. 29 | absl::Status AddJwtMacV0(Configuration& config); 30 | 31 | } // namespace jwt_internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_JWT_INTERNAL_JWT_MAC_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/jwt/jwt_signature_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_SIGNATURE_PARAMETERS_H_ 18 | #define TINK_JWT_JWT_SIGNATURE_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes a JWT signature key pair without the randomly chosen key material. 26 | class JwtSignatureParameters : public Parameters { 27 | // Returns true if verification is allowed for tokens without a `kid` header. 28 | virtual bool AllowKidAbsent() const = 0; 29 | }; 30 | 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | 35 | #endif // TINK_JWT_JWT_SIGNATURE_PARAMETERS_H_ 36 | -------------------------------------------------------------------------------- /tink/signature/internal/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_INTERNAL_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_SIGNATURE_INTERNAL_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended Signature key managers to `config`, used to generate keys. 28 | absl::Status AddSignatureKeyGenV0(KeyGenConfiguration& config); 29 | 30 | } // namespace internal 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_SIGNATURE_INTERNAL_KEY_GEN_CONFIG_V0_H_ 35 | -------------------------------------------------------------------------------- /tink/config/key_gen_fips_140_2.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_CONFIG_KEY_GEN_FIPS_140_2_H_ 18 | #define TINK_CONFIG_KEY_GEN_FIPS_140_2_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate keys using FIPS 140-2-compliant key 26 | // types. Importing this KeyGenConfiguration restricts Tink to FIPS globally and 27 | // requires BoringSSL to be built with the BoringCrypto module. 28 | const KeyGenConfiguration& KeyGenConfigFips140_2(); 29 | 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_CONFIG_KEY_GEN_FIPS_140_2_H_ 34 | -------------------------------------------------------------------------------- /tink/jwt/jwt_signature_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/jwt/jwt_signature_config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/jwt/internal/jwt_signature_config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigJwtSignatureV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | ABSL_CHECK_OK(jwt_internal::AddJwtSignatureV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/daead/internal/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DAEAD_INTERNAL_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_DAEAD_INTERNAL_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended Deterministic AEAD key managers to `config`, used to generate 28 | // keys. 29 | absl::Status AddDeterministicAeadKeyGenV0(KeyGenConfiguration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_DAEAD_INTERNAL_KEY_GEN_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/mac/key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/mac/key_gen_config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/mac/internal/key_gen_config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const KeyGenConfiguration& KeyGenConfigMacV0() { 27 | static const KeyGenConfiguration* instance = [] { 28 | static KeyGenConfiguration* config = new KeyGenConfiguration(); 29 | ABSL_CHECK_OK(internal::AddMacKeyGenV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/prf/key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/prf/key_gen_config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/prf/internal/key_gen_config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const KeyGenConfiguration& KeyGenConfigPrfV0() { 27 | static const KeyGenConfiguration* instance = [] { 28 | static KeyGenConfiguration* config = new KeyGenConfiguration(); 29 | ABSL_CHECK_OK(internal::AddPrfKeyGenV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/streamingaead/internal/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_STREAMINGAEAD_INTERNAL_CONFIG_V0_H_ 18 | #define TINK_STREAMINGAEAD_INTERNAL_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended Streaming AEAD primitive wrappers and key managers to 28 | // `config`, used to generate primitives. 29 | absl::Status AddStreamingAeadV0(Configuration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_STREAMINGAEAD_INTERNAL_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/aead/key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/aead/key_gen_config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/aead/internal/key_gen_config_v0.h" 21 | #include "tink/key_gen_configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const KeyGenConfiguration& KeyGenConfigAeadV0() { 27 | static const KeyGenConfiguration* instance = [] { 28 | static KeyGenConfiguration* config = new KeyGenConfiguration(); 29 | ABSL_CHECK_OK(internal::AddAeadKeyGenV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/jwt/internal/jwt_mac_key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_INTERNAL_JWT_MAC_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_JWT_INTERNAL_JWT_MAC_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "absl/status/status.h" 21 | #include "tink/key_gen_configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace jwt_internal { 26 | 27 | // Add recommended JWT MAC key managers to `config`, used to generate keys. 28 | absl::Status AddJwtMacKeyGenV0(KeyGenConfiguration& config); 29 | 30 | } // namespace jwt_internal 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_JWT_INTERNAL_JWT_MAC_KEY_GEN_CONFIG_V0_H_ 35 | -------------------------------------------------------------------------------- /tink/streamingaead/streaming_aead_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_STREAMINGAEAD_STREAMING_AEAD_PARAMETERS_H_ 18 | #define TINK_STREAMINGAEAD_STREAMING_AEAD_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes a Streaming AEAD key (e.g., key attributes), excluding the randomly 26 | // chosen key material. 27 | class StreamingAeadParameters : public Parameters { 28 | public: 29 | bool HasIdRequirement() const override { return false; } 30 | }; 31 | 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_STREAMINGAEAD_STREAMING_AEAD_PARAMETERS_H_ 36 | -------------------------------------------------------------------------------- /tink/util/statusor.h: -------------------------------------------------------------------------------- 1 | // Copyright 2013 Google LLC. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_UTIL_STATUSOR_H_ 18 | #define TINK_UTIL_STATUSOR_H_ 19 | 20 | #include "absl/status/statusor.h" 21 | #include "tink/util/status.h" 22 | 23 | #define TINK_USE_ABSL_STATUSOR 24 | 25 | namespace crypto { 26 | namespace tink { 27 | namespace util { 28 | 29 | // A legacy alias for absl::StatusOr. StatusOr can be inlined to make user 30 | // code cleaner. We currently do not plan to remove it. 31 | template 32 | using StatusOr = absl::StatusOr; 33 | 34 | } // namespace util 35 | } // namespace tink 36 | } // namespace crypto 37 | 38 | #endif // TINK_UTIL_STATUSOR_H_ 39 | -------------------------------------------------------------------------------- /tink/config/fips_140_2.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_CONFIG_FIPS_140_2_H_ 18 | #define TINK_CONFIG_FIPS_140_2_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate primitives for key types that are compliant 26 | // with FIPS 140-2, https://csrc.nist.gov/pubs/fips/140-2/upd2/final. 27 | // Importing this Configuration restricts Tink to FIPS globally and 28 | // requires BoringSSL to be built with the BoringCrypto module. 29 | const Configuration& ConfigFips140_2(); 30 | 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_CONFIG_FIPS_140_2_H_ 35 | -------------------------------------------------------------------------------- /tink/hybrid/key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/hybrid/key_gen_config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/hybrid/internal/key_gen_config_v0.h" 21 | #include "tink/key_gen_configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const KeyGenConfiguration& KeyGenConfigHybridV0() { 27 | static const KeyGenConfiguration* instance = [] { 28 | static KeyGenConfiguration* config = new KeyGenConfiguration(); 29 | ABSL_CHECK_OK(internal::AddHybridKeyGenV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/json/internal/tink_type_resolver.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JSON_INTERNAL_TINK_TYPE_RESOLVER_H_ 18 | #define TINK_JSON_INTERNAL_TINK_TYPE_RESOLVER_H_ 19 | 20 | #include "google/protobuf/util/type_resolver.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | namespace internal { 25 | 26 | // Returns a TypeResolver for all protobuf types defined in tink.proto. 27 | // This is needed to be able to use protobuf JSON parser with proto lite. 28 | ::google::protobuf::util::TypeResolver* GetTinkTypeResolver(); 29 | 30 | } // namespace internal 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_JSON_INTERNAL_TINK_TYPE_RESOLVER_H_ 35 | -------------------------------------------------------------------------------- /tink/jwt/internal/jwt_signature_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_INTERNAL_JWT_SIGNATURE_CONFIG_V0_H_ 18 | #define TINK_JWT_INTERNAL_JWT_SIGNATURE_CONFIG_V0_H_ 19 | 20 | #include "absl/status/status.h" 21 | #include "tink/configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace jwt_internal { 26 | 27 | // Add recommended JWT Signature primitive wrappers and key managers to 28 | // `config`, used to generate primitives. 29 | absl::Status AddJwtSignatureV0(Configuration& config); 30 | 31 | } // namespace jwt_internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_JWT_INTERNAL_JWT_SIGNATURE_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/signature/internal/config_fips_140_2.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_INTERNAL_CONFIG_FIPS_140_2_H_ 18 | #define TINK_SIGNATURE_INTERNAL_CONFIG_FIPS_140_2_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add FIPS 140-2-compliant Signature primitive wrappers and key managers to 28 | // `config`, used to generate primitives. 29 | absl::Status AddSignatureFips140_2(Configuration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_SIGNATURE_INTERNAL_CONFIG_FIPS_140_2_H_ 36 | -------------------------------------------------------------------------------- /tink/streamingaead/internal/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_STREAMINGAEAD_INTERNAL_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_STREAMINGAEAD_INTERNAL_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended Streaming AEAD key managers to `config`, used to generate 28 | // keys. 29 | absl::Status AddStreamingAeadKeyGenV0(KeyGenConfiguration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_STREAMINGAEAD_INTERNAL_KEY_GEN_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/aead/internal/cord_x_aes_gcm_boringssl.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_INTERNAL_CORD_X_AES_GCM_BORINGSSL_H_ 18 | #define TINK_AEAD_INTERNAL_CORD_X_AES_GCM_BORINGSSL_H_ 19 | 20 | #include 21 | 22 | #include "tink/aead/cord_aead.h" 23 | #include "tink/aead/x_aes_gcm_key.h" 24 | #include "tink/util/statusor.h" 25 | 26 | namespace crypto { 27 | namespace tink { 28 | namespace internal { 29 | 30 | absl::StatusOr> NewCordXAesGcmBoringSsl( 31 | const crypto::tink::XAesGcmKey& key); 32 | 33 | } // namespace internal 34 | } // namespace tink 35 | } // namespace crypto 36 | 37 | #endif // TINK_AEAD_INTERNAL_CORD_X_AES_GCM_BORINGSSL_H_ 38 | -------------------------------------------------------------------------------- /tink/core/key_access_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/key_access.h" 18 | 19 | #include "gtest/gtest.h" 20 | #include "tink/secret_key_access.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | namespace { 25 | 26 | TEST(KeyAccessTest, PublicHasNoSecretAccess) { 27 | KeyAccess public_access_token = KeyAccess::PublicAccess(); 28 | EXPECT_FALSE(public_access_token.CanAccessSecret()); 29 | } 30 | 31 | TEST(KeyAccessTest, SecretKeyAccessHasSecretAccess) { 32 | KeyAccess secret_access_token = SecretKeyAccess::SecretAccess(); 33 | EXPECT_TRUE(secret_access_token.CanAccessSecret()); 34 | } 35 | } // namespace 36 | } // namespace tink 37 | } // namespace crypto 38 | -------------------------------------------------------------------------------- /tink/daead/key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/daead/key_gen_config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/daead/internal/key_gen_config_v0.h" 21 | #include "tink/key_gen_configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const KeyGenConfiguration& KeyGenConfigDeterministicAeadV0() { 27 | static const KeyGenConfiguration* instance = [] { 28 | static KeyGenConfiguration* config = new KeyGenConfiguration(); 29 | ABSL_CHECK_OK(internal::AddDeterministicAeadKeyGenV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/jwt/jwt_mac_key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/jwt/jwt_mac_key_gen_config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/jwt/internal/jwt_mac_key_gen_config_v0.h" 21 | #include "tink/key_gen_configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const KeyGenConfiguration& KeyGenConfigJwtMacV0() { 27 | static const KeyGenConfiguration* instance = [] { 28 | static KeyGenConfiguration* config = new KeyGenConfiguration(); 29 | ABSL_CHECK_OK(jwt_internal::AddJwtMacKeyGenV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/keyderivation/key_derivation_key.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_KEYDERIVATION_KEY_DERIVATION_KEY_H_ 18 | #define TINK_KEYDERIVATION_KEY_DERIVATION_KEY_H_ 19 | 20 | #include "tink/key.h" 21 | #include "tink/keyderivation/key_derivation_parameters.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | // Represents a key derivation function. 27 | class KeyDerivationKey : public Key { 28 | public: 29 | const KeyDerivationParameters& GetParameters() const override = 0; 30 | 31 | bool operator==(const Key& other) const override = 0; 32 | }; 33 | 34 | } // namespace tink 35 | } // namespace crypto 36 | 37 | #endif // TINK_KEYDERIVATION_KEY_DERIVATION_KEY_H_ 38 | -------------------------------------------------------------------------------- /tink/signature/key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/signature/key_gen_config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/signature/internal/key_gen_config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const KeyGenConfiguration& KeyGenConfigSignatureV0() { 27 | static const KeyGenConfiguration* instance = [] { 28 | static KeyGenConfiguration* config = new KeyGenConfiguration(); 29 | ABSL_CHECK_OK(internal::AddSignatureKeyGenV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /extensions.bzl: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | """Tink C++ Bazel Module extensions.""" 16 | 17 | load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") 18 | 19 | def _wycheproof_impl(_ctx): 20 | # Commit from 2025-09-01. 21 | # Corresponds to wycheproof-v0-vectors tag. 22 | http_archive( 23 | name = "wycheproof", 24 | strip_prefix = "wycheproof-b51abcfb8dafa5316791e57cf48512a2147d9671", 25 | url = "https://github.com/c2sp/wycheproof/archive/b51abcfb8dafa5316791e57cf48512a2147d9671.zip", 26 | sha256 = "56ba9f3deba06b1cc33430a770a9b6bd6ddc8af69188ea0b46d10bda60176978", 27 | build_file = "@//testvectors:wycheproof.BUILD.bazel", 28 | ) 29 | 30 | wycheproof_extension = module_extension( 31 | implementation = _wycheproof_impl, 32 | ) 33 | -------------------------------------------------------------------------------- /proto/aes_ctr.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | syntax = "proto3"; 18 | 19 | package google.crypto.tink; 20 | 21 | option java_package = "com.google.crypto.tink.proto"; 22 | option java_multiple_files = true; 23 | option go_package = "github.com/tink-crypto/tink-go/v2/proto/aes_ctr_go_proto"; 24 | 25 | message AesCtrParams { 26 | uint32 iv_size = 1; 27 | } 28 | 29 | message AesCtrKeyFormat { 30 | AesCtrParams params = 1; 31 | uint32 key_size = 2; 32 | } 33 | 34 | // key_type: type.googleapis.com/google.crypto.tink.AesCtrKey 35 | message AesCtrKey { 36 | uint32 version = 1; 37 | AesCtrParams params = 2; 38 | bytes key_value = 3; // Placeholder for ctype and debug_redact. 39 | } 40 | -------------------------------------------------------------------------------- /proto/aes_cmac.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | syntax = "proto3"; 18 | 19 | package google.crypto.tink; 20 | 21 | option java_package = "com.google.crypto.tink.proto"; 22 | option java_multiple_files = true; 23 | option go_package = "github.com/tink-crypto/tink-go/v2/proto/aes_cmac_go_proto"; 24 | 25 | message AesCmacParams { 26 | uint32 tag_size = 1; 27 | } 28 | 29 | // key_type: type.googleapis.com/google.crypto.tink.AesCmacKey 30 | message AesCmacKey { 31 | uint32 version = 1; 32 | bytes key_value = 2; // Placeholder for ctype and debug_redact. 33 | AesCmacParams params = 3; 34 | } 35 | 36 | message AesCmacKeyFormat { 37 | uint32 key_size = 1; 38 | AesCmacParams params = 2; 39 | } 40 | -------------------------------------------------------------------------------- /tink/jwt/internal/jwt_signature_key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_INTERNAL_JWT_SIGNATURE_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_JWT_INTERNAL_JWT_SIGNATURE_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "absl/status/status.h" 21 | #include "tink/key_gen_configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace jwt_internal { 26 | 27 | // Add recommended JWT Signature key managers to `config`, used to generate 28 | // keys. 29 | absl::Status AddJwtSignatureKeyGenV0(KeyGenConfiguration& config); 30 | 31 | } // namespace jwt_internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_JWT_INTERNAL_JWT_SIGNATURE_KEY_GEN_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/signature/sig_util.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/signature/sig_util.h" 18 | 19 | #include "tink/public_key_sign.h" 20 | #include "tink/public_key_verify.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | absl::Status SignAndVerify(const PublicKeySign* signer, 27 | const PublicKeyVerify* verifier) { 28 | static constexpr char kTestMessage[] = "Wycheproof and Tink."; 29 | auto sign_result = signer->Sign(kTestMessage); 30 | if (!sign_result.ok()) return sign_result.status(); 31 | return verifier->Verify(sign_result.value(), kTestMessage); 32 | } 33 | 34 | } // namespace tink 35 | } // namespace crypto 36 | -------------------------------------------------------------------------------- /proto/aes_gcm_siv.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | syntax = "proto3"; 18 | 19 | package google.crypto.tink; 20 | 21 | option java_package = "com.google.crypto.tink.proto"; 22 | option java_multiple_files = true; 23 | option go_package = "github.com/tink-crypto/tink-go/v2/proto/aes_gcm_siv_go_proto"; 24 | 25 | // The only allowed IV size is 12 bytes and tag size is 16 bytes. 26 | // Thus, accept no params. 27 | message AesGcmSivKeyFormat { 28 | uint32 key_size = 2; 29 | uint32 version = 1; 30 | } 31 | 32 | // key_type: type.googleapis.com/google.crypto.tink.AesGcmSivKey 33 | message AesGcmSivKey { 34 | uint32 version = 1; 35 | bytes key_value = 3; // Placeholder for ctype and debug_redact. 36 | } 37 | -------------------------------------------------------------------------------- /proto/chacha20_poly1305.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | syntax = "proto3"; 18 | 19 | package google.crypto.tink; 20 | 21 | option java_package = "com.google.crypto.tink.proto"; 22 | option java_multiple_files = true; 23 | option go_package = "github.com/tink-crypto/tink-go/v2/proto/chacha20_poly1305_go_proto"; 24 | 25 | message ChaCha20Poly1305KeyFormat {} 26 | 27 | // key_type: type.googleapis.com/google.crypto.tink.ChaCha20Poly1305. 28 | // This key type actually implements ChaCha20Poly1305 as described 29 | // at https://tools.ietf.org/html/rfc7539#section-2.8. 30 | message ChaCha20Poly1305Key { 31 | uint32 version = 1; 32 | bytes key_value = 2; // Placeholder for ctype and debug_redact. 33 | } 34 | -------------------------------------------------------------------------------- /tink/streamingaead/key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/streamingaead/key_gen_config_v0.h" 18 | 19 | #include "absl/log/absl_check.h" 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/streamingaead/internal/key_gen_config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const KeyGenConfiguration& KeyGenConfigStreamingAeadV0() { 27 | static const KeyGenConfiguration* instance = [] { 28 | static KeyGenConfiguration* config = new KeyGenConfiguration(); 29 | ABSL_CHECK_OK(internal::AddStreamingAeadKeyGenV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/daead/internal/key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/daead/internal/key_gen_config_v0.h" 18 | 19 | #include "absl/memory/memory.h" 20 | #include "tink/daead/aes_siv_key_manager.h" 21 | #include "tink/internal/key_gen_configuration_impl.h" 22 | #include "tink/key_gen_configuration.h" 23 | #include "tink/util/status.h" 24 | 25 | namespace crypto { 26 | namespace tink { 27 | namespace internal { 28 | 29 | absl::Status AddDeterministicAeadKeyGenV0(KeyGenConfiguration& config) { 30 | return KeyGenConfigurationImpl::AddKeyTypeManager( 31 | absl::make_unique(), config); 32 | } 33 | 34 | } // namespace internal 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/hybrid/internal/testing/hpke_test_vectors.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_INTERNAL_TESTING_HPKE_TEST_VECTORS_H_ 18 | #define TINK_HYBRID_INTERNAL_TESTING_HPKE_TEST_VECTORS_H_ 19 | 20 | #include 21 | 22 | #include "tink/hybrid/internal/testing/hybrid_test_vectors.h" 23 | 24 | namespace crypto { 25 | namespace tink { 26 | namespace internal { 27 | 28 | // Provides some test vectors for HPKE. These are the same as in Java, 29 | // HpkeTestUtil.createHpkeTestVectors(). 30 | std::vector CreateHpkeTestVectors(); 31 | 32 | } // namespace internal 33 | } // namespace tink 34 | } // namespace crypto 35 | 36 | #endif // TINK_HYBRID_INTERNAL_TESTING_HPKE_TEST_VECTORS_H_ 37 | --------------------------------------------------------------------------------